View Full Version : Smitfraud-C.generic--Help w/ removal!
shelbs318
2012-06-20, 00:42
This virus refuses to leave my computer. I run spybot and the program claims the virus is fixed, but I can literally scan it a minute later and the Smitfraud-C.generic is back. Please help me remove this trojan from my pc permanently.
I have Windows 7, 64 on a Dell Inspiron
I also have Mcaffe, if that matters.
.
DDS (Ver_2011-08-26.01) - NTFSAMD64
Internet Explorer: 9.0.8112.16421
Run by Shelby at 18:29:50 on 2012-06-19
Microsoft Windows 7 Home Premium 6.1.7600.0.1252.1.1033.18.4056.2186 [GMT -4:00]
.
AV: McAfee Anti-Virus and Anti-Spyware *Enabled/Updated* {86355677-4064-3EA7-ABB3-1B136EB04637}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
SP: McAfee Anti-Virus and Anti-Spyware *Enabled/Updated* {3D54B793-665E-3129-9103-206115370C8A}
FW: McAfee Firewall *Enabled* {BE0ED752-0A0B-3FFF-80EC-B2269063014C}
.
============== Running Processes ===============
.
C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\svchost.exe -k RPCSS
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe
C:\Windows\system32\mfevtps.exe
C:\Windows\system32\rundll32.exe
C:\Windows\system32\rundll32.exe
C:\Windows\SysWOW64\rundll32.exe
C:\Program Files\Common Files\McAfee\SystemCore\mcshield.exe
C:\Program Files\Common Files\McAfee\SystemCore\mfefire.exe
C:\Program Files (x86)\Spybot - Search & Destroy\SDWinSec.exe
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\Windows\system32\WUDFHost.exe
C:\Windows\system32\taskhost.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Program Files (x86)\Spybot - Search & Destroy\TeaTimer.exe
C:\Program Files (x86)\CyberLink\PowerDVD DX\PDVDDXSrv.exe
C:\Program Files\McAfee.com\Agent\mcagent.exe
-netsvcs
C:\Windows\system32\SearchIndexer.exe
C:\Windows\system32\conhost.exe
C:\Program Files (x86)\Spybot - Search & Destroy\SpybotSD.exe
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\Windows\System32\svchost.exe -k LocalServicePeerNet
C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe
C:\Program Files\McAfee\VirusScan\mcods.exe
C:\Windows\system32\wuauclt.exe
C:\Program Files (x86)\Microsoft Office\Office12\ONENOTEM.EXE
C:\Program Files (x86)\Common Files\Microsoft Shared\Source Engine\OSE.EXE
C:\Program Files (x86)\Internet Explorer\iexplore.exe
C:\Program Files (x86)\Internet Explorer\iexplore.exe
C:\Program Files (x86)\Internet Explorer\iexplore.exe
C:\Windows\system32\taskeng.exe
C:\Program Files (x86)\Internet Explorer\iexplore.exe
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\conhost.exe
C:\Windows\SysWOW64\cscript.exe
C:\Windows\system32\wbem\wmiprvse.exe
.
============== Pseudo HJT Report ===============
.
uURLSearchHooks: McAfee SiteAdvisor Toolbar: {0ebbbe48-bad4-4b4c-8e5a-516abecae064} - c:\progra~2\mcafee\sitead~1\mcieplg.dll
mWinlogon: Userinit=userinit.exe
BHO: Spybot-S&D IE Protection: {53707962-6f74-2d53-2644-206d7942484f} - C:\Program Files (x86)\Spybot - Search & Destroy\SDHelper.dll
BHO: scriptproxy: {7db2d5a0-7241-4e79-b68d-6309f01c5231} - C:\Program Files (x86)\Common Files\McAfee\SystemCore\ScriptSn.20120611170811.dll
BHO: McAfee SiteAdvisor BHO: {b164e929-a1b6-4a06-b104-2cd0e90a88ff} - c:\progra~2\mcafee\sitead~1\mcieplg.dll
TB: McAfee SiteAdvisor Toolbar: {0ebbbe48-bad4-4b4c-8e5a-516abecae064} - c:\progra~2\mcafee\sitead~1\mcieplg.dll
uRun: [SpybotSD TeaTimer] C:\Program Files (x86)\Spybot - Search & Destroy\TeaTimer.exe
mRun: [PDVDDXSrv] "C:\Program Files (x86)\CyberLink\PowerDVD DX\PDVDDXSrv.exe"
mRun: [mcui_exe] "C:\Program Files\McAfee.com\Agent\mcagent.exe" /runkey
StartupFolder: C:\Users\Shelby\AppData\Roaming\MICROS~1\Windows\STARTM~1\Programs\Startup\ONENOT~1.LNK - C:\Program Files (x86)\Microsoft Office\Office12\ONENOTEM.EXE
mPolicies-explorer: NoActiveDesktop = 1 (0x1)
mPolicies-explorer: NoActiveDesktopChanges = 1 (0x1)
mPolicies-system: ConsentPromptBehaviorAdmin = 5 (0x5)
mPolicies-system: ConsentPromptBehaviorUser = 3 (0x3)
mPolicies-system: EnableUIADesktopToggle = 0 (0x0)
IE: E&xport to Microsoft Excel - C:\PROGRA~2\MICROS~1\Office12\EXCEL.EXE/3000
IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - C:\PROGRA~2\MICROS~1\Office12\ONBttnIE.dll
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - C:\PROGRA~2\MICROS~1\Office12\REFIEBAR.DLL
IE: {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files (x86)\Spybot - Search & Destroy\SDHelper.dll
TCP: DhcpNameServer = 192.168.1.1
TCP: Interfaces\{23ABA2C2-32B0-4CD4-A2A1-593D5A68FE43} : DhcpNameServer = 192.168.1.1
Filter: application/x-mfe-ipt - {3EF5086B-5478-4598-A054-786C45D75692} - c:\PROGRA~2\McAfee\MSC\McSnIePl.dll
Handler: dssrequest - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\PROGRA~2\McAfee\SITEAD~1\McIEPlg.dll
Handler: sacore - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\PROGRA~2\McAfee\SITEAD~1\McIEPlg.dll
BHO-X64: Spybot-S&D IE Protection: {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files (x86)\Spybot - Search & Destroy\SDHelper.dll
BHO-X64: scriptproxy: {7DB2D5A0-7241-4E79-B68D-6309F01C5231} - C:\Program Files (x86)\Common Files\McAfee\SystemCore\ScriptSn.20120611170811.dll
BHO-X64: scriptproxy - No File
BHO-X64: McAfee SiteAdvisor BHO: {B164E929-A1B6-4A06-B104-2CD0E90A88FF} - c:\progra~2\mcafee\sitead~1\mcieplg.dll
TB-X64: McAfee SiteAdvisor Toolbar: {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - c:\progra~2\mcafee\sitead~1\mcieplg.dll
mRun-x64: [PDVDDXSrv] "C:\Program Files (x86)\CyberLink\PowerDVD DX\PDVDDXSrv.exe"
mRun-x64: [mcui_exe] "C:\Program Files\McAfee.com\Agent\mcagent.exe" /runkey
.
============= SERVICES / DRIVERS ===============
.
R0 mfehidk;McAfee Inc. mfehidk;C:\Windows\system32\drivers\mfehidk.sys --> C:\Windows\system32\drivers\mfehidk.sys [?]
R0 mfewfpk;McAfee Inc. mfewfpk;C:\Windows\system32\drivers\mfewfpk.sys --> C:\Windows\system32\drivers\mfewfpk.sys [?]
R1 mfenlfk;McAfee NDIS Light Filter;C:\Windows\system32\DRIVERS\mfenlfk.sys --> C:\Windows\system32\DRIVERS\mfenlfk.sys [?]
R1 vwififlt;Virtual WiFi Filter Driver;C:\Windows\system32\DRIVERS\vwififlt.sys --> C:\Windows\system32\DRIVERS\vwififlt.sys [?]
R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-3-18 138576]
R2 McAfee SiteAdvisor Service;McAfee SiteAdvisor Service;C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe [2012-6-9 249936]
R2 McMPFSvc;McAfee Personal Firewall Service;C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe [2012-6-9 249936]
R2 McNaiAnn;McAfee VirusScan Announcer;C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe [2012-6-9 249936]
R3 cfwids;McAfee Inc. cfwids;C:\Windows\system32\drivers\cfwids.sys --> C:\Windows\system32\drivers\cfwids.sys [?]
R3 mfeavfk;McAfee Inc. mfeavfk;C:\Windows\system32\drivers\mfeavfk.sys --> C:\Windows\system32\drivers\mfeavfk.sys [?]
R3 mfefirek;McAfee Inc. mfefirek;C:\Windows\system32\drivers\mfefirek.sys --> C:\Windows\system32\drivers\mfefirek.sys [?]
R3 mferkdet;McAfee Inc. mferkdet;C:\Windows\system32\drivers\mferkdet.sys --> C:\Windows\system32\drivers\mferkdet.sys [?]
R3 yukonw7;NDIS6.2 Miniport Driver for Marvell Yukon Ethernet Controller;C:\Windows\system32\DRIVERS\yk62x64.sys --> C:\Windows\system32\DRIVERS\yk62x64.sys [?]
S3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service;C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-6-9 257224]
.
=============== Created Last 30 ================
.
2012-06-13 21:14:55 -------- d-----w- C:\Users\Shelby\AppData\Local\Adobe
2012-06-11 21:56:51 20480 ----a-w- C:\Windows\svchost.exe
2012-06-11 19:29:29 52224 ----a-w- C:\Windows\System32\drivers\usbehci.sys
2012-06-11 19:29:28 98816 ----a-w- C:\Windows\System32\drivers\usbccgp.sys
2012-06-11 19:29:28 343040 ----a-w- C:\Windows\System32\drivers\usbhub.sys
2012-06-11 19:29:28 324608 ----a-w- C:\Windows\System32\drivers\usbport.sys
2012-06-11 19:29:27 7936 ----a-w- C:\Windows\System32\drivers\usbd.sys
2012-06-11 19:29:27 30720 ----a-w- C:\Windows\System32\drivers\usbuhci.sys
2012-06-11 19:29:27 25600 ----a-w- C:\Windows\System32\drivers\usbohci.sys
2012-06-11 19:25:26 1657216 ----a-w- C:\Windows\System32\drivers\ntfs.sys
2012-06-11 19:25:25 2566144 ----a-w- C:\Windows\System32\esent.dll
2012-06-11 19:25:25 166272 ----a-w- C:\Windows\System32\drivers\nvstor.sys
2012-06-11 19:25:25 148352 ----a-w- C:\Windows\System32\drivers\nvraid.sys
2012-06-11 19:25:25 107904 ----a-w- C:\Windows\System32\drivers\amdsata.sys
2012-06-11 19:25:24 27008 ----a-w- C:\Windows\System32\drivers\amdxata.sys
2012-06-11 19:25:24 187264 ----a-w- C:\Windows\System32\drivers\storport.sys
2012-06-11 19:25:24 1686016 ----a-w- C:\Windows\SysWow64\esent.dll
2012-06-11 19:25:23 96768 ----a-w- C:\Windows\System32\fsutil.exe
2012-06-11 19:25:23 410496 ----a-w- C:\Windows\System32\drivers\iaStorV.sys
2012-06-11 19:25:22 74240 ----a-w- C:\Windows\SysWow64\fsutil.exe
2012-06-11 18:55:04 -------- d-----w- C:\Windows\SysWow64\Wat
2012-06-11 18:55:04 -------- d-----w- C:\Windows\System32\Wat
2012-06-10 20:36:57 367104 ----a-w- C:\Windows\System32\wcncsvc.dll
2012-06-10 20:36:57 276992 ----a-w- C:\Windows\SysWow64\wcncsvc.dll
2012-06-10 20:12:12 311808 ----a-w- C:\Windows\System32\msv1_0.dll
2012-06-10 20:12:12 257024 ----a-w- C:\Windows\SysWow64\msv1_0.dll
2012-06-10 19:52:54 99176 ----a-w- C:\Windows\SysWow64\PresentationHostProxy.dll
2012-06-10 19:52:54 49472 ----a-w- C:\Windows\SysWow64\netfxperf.dll
2012-06-10 19:52:54 48960 ----a-w- C:\Windows\System32\netfxperf.dll
2012-06-10 19:52:54 444752 ----a-w- C:\Windows\System32\mscoree.dll
2012-06-10 19:52:54 320352 ----a-w- C:\Windows\System32\PresentationHost.exe
2012-06-10 19:52:54 297808 ----a-w- C:\Windows\SysWow64\mscoree.dll
2012-06-10 19:52:54 295264 ----a-w- C:\Windows\SysWow64\PresentationHost.exe
2012-06-10 19:52:54 1942856 ----a-w- C:\Windows\System32\dfshim.dll
2012-06-10 19:52:54 1130824 ----a-w- C:\Windows\SysWow64\dfshim.dll
2012-06-10 19:52:54 109912 ----a-w- C:\Windows\System32\PresentationHostProxy.dll
2012-06-10 19:27:45 80896 ----a-w- C:\Windows\System32\imagehlp.dll
2012-06-10 19:27:45 5120 ----a-w- C:\Windows\SysWow64\wmi.dll
2012-06-10 19:27:45 5120 ----a-w- C:\Windows\System32\wmi.dll
2012-06-10 19:27:45 22896 ----a-w- C:\Windows\System32\drivers\fs_rec.sys
2012-06-10 19:27:45 220672 ----a-w- C:\Windows\System32\wintrust.dll
2012-06-10 19:27:45 172544 ----a-w- C:\Windows\SysWow64\wintrust.dll
2012-06-10 19:27:45 158720 ----a-w- C:\Windows\SysWow64\imagehlp.dll
2012-06-10 18:55:20 -------- d-----w- C:\Windows\PCHEALTH
2012-06-10 18:52:02 -------- d-----w- C:\Users\Shelby\AppData\Local\Microsoft Help
2012-06-10 17:48:56 886784 ----a-w- C:\Program Files\Common Files\System\wab32.dll
2012-06-10 17:46:44 1572864 ----a-w- C:\Windows\System32\quartz.dll
2012-06-10 17:46:44 1328640 ----a-w- C:\Windows\SysWow64\quartz.dll
2012-06-10 17:46:43 514560 ----a-w- C:\Windows\SysWow64\qdvd.dll
2012-06-10 17:46:43 366592 ----a-w- C:\Windows\System32\qdvd.dll
2012-06-10 17:46:31 509952 ----a-w- C:\Windows\System32\ntshrui.dll
2012-06-10 17:46:31 442880 ----a-w- C:\Windows\SysWow64\ntshrui.dll
2012-06-10 17:46:26 4582912 ----a-w- C:\Program Files\Windows NT\Accessories\wordpad.exe
2012-06-10 17:46:25 4247040 ----a-w- C:\Program Files (x86)\Windows NT\Accessories\wordpad.exe
2012-06-10 17:46:25 2085376 ----a-w- C:\Windows\System32\ole32.dll
2012-06-10 17:46:24 1413632 ----a-w- C:\Windows\SysWow64\ole32.dll
2012-06-10 17:46:00 2228224 ----a-w- C:\Windows\System32\mssrch.dll
2012-06-10 17:44:39 422912 ----a-w- C:\Windows\System32\secproc_isv.dll
2012-06-10 17:43:54 515584 ----a-w- C:\Windows\System32\timedate.cpl
2012-06-10 17:42:57 52224 ----a-w- C:\Windows\System32\rtutils.dll
2012-06-10 17:41:44 27008 ----a-w- C:\Windows\System32\drivers\Diskdump.sys
2012-06-10 17:40:14 499200 ----a-w- C:\Windows\System32\drivers\afd.sys
2012-06-10 17:40:11 75632 ----a-w- C:\Windows\System32\drivers\partmgr.sys
2012-06-10 17:40:09 236032 ----a-w- C:\Windows\System32\srvsvc.dll
2012-06-10 17:40:08 9728 ----a-w- C:\Windows\SysWow64\sscore.dll
2012-06-10 17:40:06 516096 ----a-w- C:\Program Files\Windows Mail\wab.exe
2012-06-10 17:40:06 516096 ----a-w- C:\Program Files (x86)\Windows Mail\wab.exe
2012-06-10 17:40:06 35328 ----a-w- C:\Program Files\Windows Mail\wabfind.dll
2012-06-10 17:40:01 613888 ----a-w- C:\Windows\System32\psisdecd.dll
2012-06-10 17:40:01 288256 ----a-w- C:\Windows\System32\MSNP.ax
2012-06-10 17:40:00 75776 ----a-w- C:\Windows\SysWow64\psisrndr.ax
2012-06-10 17:40:00 108032 ----a-w- C:\Windows\System32\psisrndr.ax
2012-06-10 17:38:59 4608 ---ha-w- C:\Windows\System32\api-ms-win-core-processthreads-l1-1-0.dll
2012-06-10 17:37:55 404992 ----a-w- C:\Windows\System32\umpnpmgr.dll
2012-06-10 17:37:54 252928 ----a-w- C:\Windows\SysWow64\drvinst.exe
2012-06-10 17:37:54 145920 ----a-w- C:\Windows\SysWow64\cfgmgr32.dll
2012-06-10 17:37:53 64512 ----a-w- C:\Windows\SysWow64\devobj.dll
2012-06-10 17:37:53 44544 ----a-w- C:\Windows\SysWow64\devrtl.dll
2012-06-10 17:37:44 267776 ----a-w- C:\Windows\System32\FXSCOVER.exe
2012-06-10 17:25:41 976896 ----a-w- C:\Windows\System32\inetcomm.dll
2012-06-10 17:25:40 740864 ----a-w- C:\Windows\SysWow64\inetcomm.dll
2012-06-10 17:25:37 634368 ----a-w- C:\Windows\System32\msvcrt.dll
2012-06-10 17:25:36 690688 ----a-w- C:\Windows\SysWow64\msvcrt.dll
2012-06-10 17:25:33 112000 ----a-w- C:\Windows\System32\consent.exe
2012-06-10 17:25:30 90624 ----a-w- C:\Windows\System32\drivers\bowser.sys
2012-06-10 17:25:24 861184 ----a-w- C:\Windows\System32\oleaut32.dll
2012-06-10 17:25:24 331776 ----a-w- C:\Windows\System32\oleacc.dll
2012-06-10 17:25:23 571904 ----a-w- C:\Windows\SysWow64\oleaut32.dll
2012-06-10 17:25:23 233472 ----a-w- C:\Windows\SysWow64\oleacc.dll
2012-06-10 17:25:16 723456 ----a-w- C:\Windows\System32\EncDec.dll
2012-06-10 17:25:15 534528 ----a-w- C:\Windows\SysWow64\EncDec.dll
2012-06-10 17:24:55 2048 ----a-w- C:\Windows\SysWow64\tzres.dll
2012-06-10 17:24:55 2048 ----a-w- C:\Windows\System32\tzres.dll
2012-06-10 17:24:13 1895280 ----a-w- C:\Windows\System32\drivers\tcpip.sys
2012-06-10 17:24:05 1732096 ----a-w- C:\Program Files\Windows Journal\NBDoc.DLL
2012-06-10 17:24:05 1367552 ----a-w- C:\Program Files\Common Files\Microsoft Shared\ink\journal.dll
2012-06-10 17:24:04 936960 ----a-w- C:\Program Files (x86)\Common Files\Microsoft Shared\ink\journal.dll
2012-06-10 17:24:04 1393664 ----a-w- C:\Program Files\Windows Journal\JNTFiltr.dll
2012-06-10 17:24:03 1402880 ----a-w- C:\Program Files\Windows Journal\JNWDRV.dll
2012-06-10 17:23:57 720896 ----a-w- C:\Windows\System32\odbc32.dll
2012-06-10 17:23:56 573440 ----a-w- C:\Windows\SysWow64\odbc32.dll
2012-06-10 17:23:56 1425408 ----a-w- C:\Program Files\Common Files\System\ado\msado15.dll
2012-06-10 17:23:55 495616 ----a-w- C:\Program Files\Common Files\System\ado\msadox.dll
2012-06-10 17:23:55 466944 ----a-w- C:\Program Files\Common Files\System\ado\msadomd.dll
2012-06-10 17:23:55 258048 ----a-w- C:\Program Files\Common Files\System\msadc\msadco.dll
2012-06-10 17:23:54 987136 ----a-w- C:\Program Files (x86)\Common Files\System\ado\msado15.dll
2012-06-10 17:23:53 372736 ----a-w- C:\Program Files (x86)\Common Files\System\ado\msadox.dll
2012-06-10 17:23:53 352256 ----a-w- C:\Program Files (x86)\Common Files\System\ado\msadomd.dll
2012-06-10 17:23:53 208896 ----a-w- C:\Program Files (x86)\Common Files\System\msadc\msadco.dll
2012-06-10 17:23:34 1739160 ----a-w- C:\Windows\System32\ntdll.dll
2012-06-10 17:23:33 1292592 ----a-w- C:\Windows\SysWow64\ntdll.dll
2012-06-10 17:19:56 77312 ----a-w- C:\Windows\System32\packager.dll
2012-06-10 17:19:55 67072 ----a-w- C:\Windows\SysWow64\packager.dll
2012-06-10 13:05:44 243712 ----a-w- C:\Windows\System32\drivers\ks.sys
2012-06-10 13:05:44 184832 ----a-w- C:\Windows\System32\drivers\usbvideo.sys
2012-06-10 07:15:54 -------- d-----w- C:\Windows\Panther
2012-06-10 07:15:25 -------- d-----w- C:\Windows\System32\oem
2012-06-10 06:49:54 -------- d-----w- C:\Windows.old
2012-06-10 03:12:00 -------- d-----w- C:\Users\Shelby\AppData\Local\Microsoft Games
2012-06-10 02:33:09 70344 ----a-w- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl
2012-06-10 02:33:09 426184 ----a-w- C:\Windows\SysWow64\FlashPlayerApp.exe
2012-06-10 01:29:43 -------- d-----w- C:\ProgramData\Spybot - Search & Destroy
2012-06-10 01:29:43 -------- d-----w- C:\Program Files (x86)\Spybot - Search & Destroy
2012-06-10 01:17:50 -------- d-----w- C:\Program Files (x86)\McAfee.com
2012-06-10 01:17:38 10248 ----a-w- C:\Windows\System32\drivers\mfeclnk.sys
2012-06-10 01:17:38 -------- d-----w- C:\Program Files (x86)\Common Files\McAfee
2012-06-10 01:16:44 75936 ----a-w- C:\Windows\System32\drivers\mfenlfk.sys
2012-06-10 01:16:44 65264 ----a-w- C:\Windows\System32\drivers\cfwids.sys
2012-06-10 01:16:44 487296 ----a-w- C:\Windows\System32\drivers\mfefirek.sys
2012-06-10 01:16:44 289664 ----a-w- C:\Windows\System32\drivers\mfewfpk.sys
2012-06-10 01:16:44 229528 ----a-w- C:\Windows\System32\drivers\mfeavfk.sys
2012-06-10 01:16:44 100912 ----a-w- C:\Windows\System32\drivers\mferkdet.sys
2012-06-10 01:16:32 -------- d-----w- C:\Program Files\McAfee.com
2012-06-10 01:16:32 -------- d-----w- C:\Program Files\McAfee
2012-06-10 01:16:32 -------- d-----w- C:\Program Files\Common Files\McAfee
2012-06-10 01:16:29 -------- d-----w- C:\Program Files (x86)\McAfee
2012-06-10 01:07:34 162192 ----a-w- C:\Windows\System32\mfevtps.exe
2012-06-10 00:35:54 -------- d-----w- C:\Users\Shelby\AppData\Local\Diagnostics
2012-06-10 00:27:50 8955792 ----a-w- C:\ProgramData\Microsoft\Windows Defender\Definition Updates\{7250C547-3BEC-4613-AECF-28596846A027}\mpengine.dll
2012-06-10 00:27:49 279656 ------w- C:\Windows\System32\MpSigStub.exe
2012-06-10 00:04:13 45056 ----a-r- C:\Users\Shelby\AppData\Roaming\Microsoft\Installer\{42929F0F-CE14-47AF-9FC7-FF297A603021}\NewShortcut1_42929F0FCE1447AF9FC7FF297A603021_1.exe
2012-06-10 00:04:12 -------- d-----w- C:\Windows\SysWow64\vmm32
2012-06-10 00:04:12 -------- d-----w- C:\Program Files (x86)\Dell
2012-06-10 00:03:44 -------- d-sh--w- C:\Windows\Installer
2012-06-09 23:58:08 89088 ----a-w- C:\Windows\SysWow64\atl71.dll
2012-06-09 23:58:08 499712 ----a-w- C:\Windows\SysWow64\msvcp71.dll
2012-06-09 23:58:08 348160 ----a-w- C:\Windows\SysWow64\msvcr71.dll
2012-06-09 23:58:08 1060864 ----a-w- C:\Windows\SysWow64\MFC71.dll
2012-06-09 23:58:08 1047552 ----a-w- C:\Windows\SysWow64\MFC71u.dll
2012-06-09 23:56:07 139264 ----a-w- C:\Windows\System32\cabview.dll
2012-06-09 23:56:07 132608 ----a-w- C:\Windows\SysWow64\cabview.dll
2012-06-09 23:56:06 9216 ----a-w- C:\Windows\System32\rdrmemptylst.exe
2012-06-09 23:56:06 76288 ----a-w- C:\Windows\System32\rdpwsx.dll
2012-06-09 23:56:06 149504 ----a-w- C:\Windows\System32\rdpcorekmts.dll
2012-06-09 23:56:05 826368 ----a-w- C:\Windows\SysWow64\rdpcore.dll
2012-06-09 23:56:05 23552 ----a-w- C:\Windows\System32\drivers\tdtcp.sys
2012-06-09 23:56:05 204800 ----a-w- C:\Windows\System32\drivers\rdpwd.sys
2012-06-09 23:56:05 1031680 ----a-w- C:\Windows\System32\rdpcore.dll
2012-06-09 23:52:56 -------- d-sh--w- C:\Recovery
.
==================== Find3M ====================
.
2012-04-02 05:34:04 5504880 ----a-w- C:\Windows\System32\ntoskrnl.exe
2012-04-02 04:46:44 3958128 ----a-w- C:\Windows\SysWow64\ntkrnlpa.exe
2012-04-02 04:46:44 3902320 ----a-w- C:\Windows\SysWow64\ntoskrnl.exe
2012-04-02 03:01:19 3143680 ----a-w- C:\Windows\System32\win32k.sys
.
============= FINISH: 18:32:10.84 ===============
.
DDS (Ver_2011-08-26.01) - NTFSAMD64
Internet Explorer: 9.0.8112.16421
Run by Shelby at 18:29:50 on 2012-06-19
Microsoft Windows 7 Home Premium 6.1.7600.0.1252.1.1033.18.4056.2186 [GMT -4:00]
.
AV: McAfee Anti-Virus and Anti-Spyware *Enabled/Updated* {86355677-4064-3EA7-ABB3-1B136EB04637}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
SP: McAfee Anti-Virus and Anti-Spyware *Enabled/Updated* {3D54B793-665E-3129-9103-206115370C8A}
FW: McAfee Firewall *Enabled* {BE0ED752-0A0B-3FFF-80EC-B2269063014C}
.
============== Running Processes ===============
.
C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\svchost.exe -k RPCSS
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe
C:\Windows\system32\mfevtps.exe
C:\Windows\system32\rundll32.exe
C:\Windows\system32\rundll32.exe
C:\Windows\SysWOW64\rundll32.exe
C:\Program Files\Common Files\McAfee\SystemCore\mcshield.exe
C:\Program Files\Common Files\McAfee\SystemCore\mfefire.exe
C:\Program Files (x86)\Spybot - Search & Destroy\SDWinSec.exe
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\Windows\system32\WUDFHost.exe
C:\Windows\system32\taskhost.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Program Files (x86)\Spybot - Search & Destroy\TeaTimer.exe
C:\Program Files (x86)\CyberLink\PowerDVD DX\PDVDDXSrv.exe
C:\Program Files\McAfee.com\Agent\mcagent.exe
-netsvcs
C:\Windows\system32\SearchIndexer.exe
C:\Windows\system32\conhost.exe
C:\Program Files (x86)\Spybot - Search & Destroy\SpybotSD.exe
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\Windows\System32\svchost.exe -k LocalServicePeerNet
C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe
C:\Program Files\McAfee\VirusScan\mcods.exe
C:\Windows\system32\wuauclt.exe
C:\Program Files (x86)\Microsoft Office\Office12\ONENOTEM.EXE
C:\Program Files (x86)\Common Files\Microsoft Shared\Source Engine\OSE.EXE
C:\Program Files (x86)\Internet Explorer\iexplore.exe
C:\Program Files (x86)\Internet Explorer\iexplore.exe
C:\Program Files (x86)\Internet Explorer\iexplore.exe
C:\Windows\system32\taskeng.exe
C:\Program Files (x86)\Internet Explorer\iexplore.exe
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\conhost.exe
C:\Windows\SysWOW64\cscript.exe
C:\Windows\system32\wbem\wmiprvse.exe
.
============== Pseudo HJT Report ===============
.
uURLSearchHooks: McAfee SiteAdvisor Toolbar: {0ebbbe48-bad4-4b4c-8e5a-516abecae064} - c:\progra~2\mcafee\sitead~1\mcieplg.dll
mWinlogon: Userinit=userinit.exe
BHO: Spybot-S&D IE Protection: {53707962-6f74-2d53-2644-206d7942484f} - C:\Program Files (x86)\Spybot - Search & Destroy\SDHelper.dll
BHO: scriptproxy: {7db2d5a0-7241-4e79-b68d-6309f01c5231} - C:\Program Files (x86)\Common Files\McAfee\SystemCore\ScriptSn.20120611170811.dll
BHO: McAfee SiteAdvisor BHO: {b164e929-a1b6-4a06-b104-2cd0e90a88ff} - c:\progra~2\mcafee\sitead~1\mcieplg.dll
TB: McAfee SiteAdvisor Toolbar: {0ebbbe48-bad4-4b4c-8e5a-516abecae064} - c:\progra~2\mcafee\sitead~1\mcieplg.dll
uRun: [SpybotSD TeaTimer] C:\Program Files (x86)\Spybot - Search & Destroy\TeaTimer.exe
mRun: [PDVDDXSrv] "C:\Program Files (x86)\CyberLink\PowerDVD DX\PDVDDXSrv.exe"
mRun: [mcui_exe] "C:\Program Files\McAfee.com\Agent\mcagent.exe" /runkey
StartupFolder: C:\Users\Shelby\AppData\Roaming\MICROS~1\Windows\STARTM~1\Programs\Startup\ONENOT~1.LNK - C:\Program Files (x86)\Microsoft Office\Office12\ONENOTEM.EXE
mPolicies-explorer: NoActiveDesktop = 1 (0x1)
mPolicies-explorer: NoActiveDesktopChanges = 1 (0x1)
mPolicies-system: ConsentPromptBehaviorAdmin = 5 (0x5)
mPolicies-system: ConsentPromptBehaviorUser = 3 (0x3)
mPolicies-system: EnableUIADesktopToggle = 0 (0x0)
IE: E&xport to Microsoft Excel - C:\PROGRA~2\MICROS~1\Office12\EXCEL.EXE/3000
IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - C:\PROGRA~2\MICROS~1\Office12\ONBttnIE.dll
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - C:\PROGRA~2\MICROS~1\Office12\REFIEBAR.DLL
IE: {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files (x86)\Spybot - Search & Destroy\SDHelper.dll
TCP: DhcpNameServer = 192.168.1.1
TCP: Interfaces\{23ABA2C2-32B0-4CD4-A2A1-593D5A68FE43} : DhcpNameServer = 192.168.1.1
Filter: application/x-mfe-ipt - {3EF5086B-5478-4598-A054-786C45D75692} - c:\PROGRA~2\McAfee\MSC\McSnIePl.dll
Handler: dssrequest - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\PROGRA~2\McAfee\SITEAD~1\McIEPlg.dll
Handler: sacore - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\PROGRA~2\McAfee\SITEAD~1\McIEPlg.dll
BHO-X64: Spybot-S&D IE Protection: {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files (x86)\Spybot - Search & Destroy\SDHelper.dll
BHO-X64: scriptproxy: {7DB2D5A0-7241-4E79-B68D-6309F01C5231} - C:\Program Files (x86)\Common Files\McAfee\SystemCore\ScriptSn.20120611170811.dll
BHO-X64: scriptproxy - No File
BHO-X64: McAfee SiteAdvisor BHO: {B164E929-A1B6-4A06-B104-2CD0E90A88FF} - c:\progra~2\mcafee\sitead~1\mcieplg.dll
TB-X64: McAfee SiteAdvisor Toolbar: {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - c:\progra~2\mcafee\sitead~1\mcieplg.dll
mRun-x64: [PDVDDXSrv] "C:\Program Files (x86)\CyberLink\PowerDVD DX\PDVDDXSrv.exe"
mRun-x64: [mcui_exe] "C:\Program Files\McAfee.com\Agent\mcagent.exe" /runkey
.
============= SERVICES / DRIVERS ===============
.
R0 mfehidk;McAfee Inc. mfehidk;C:\Windows\system32\drivers\mfehidk.sys --> C:\Windows\system32\drivers\mfehidk.sys [?]
R0 mfewfpk;McAfee Inc. mfewfpk;C:\Windows\system32\drivers\mfewfpk.sys --> C:\Windows\system32\drivers\mfewfpk.sys [?]
R1 mfenlfk;McAfee NDIS Light Filter;C:\Windows\system32\DRIVERS\mfenlfk.sys --> C:\Windows\system32\DRIVERS\mfenlfk.sys [?]
R1 vwififlt;Virtual WiFi Filter Driver;C:\Windows\system32\DRIVERS\vwififlt.sys --> C:\Windows\system32\DRIVERS\vwififlt.sys [?]
R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-3-18 138576]
R2 McAfee SiteAdvisor Service;McAfee SiteAdvisor Service;C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe [2012-6-9 249936]
R2 McMPFSvc;McAfee Personal Firewall Service;C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe [2012-6-9 249936]
R2 McNaiAnn;McAfee VirusScan Announcer;C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe [2012-6-9 249936]
R3 cfwids;McAfee Inc. cfwids;C:\Windows\system32\drivers\cfwids.sys --> C:\Windows\system32\drivers\cfwids.sys [?]
R3 mfeavfk;McAfee Inc. mfeavfk;C:\Windows\system32\drivers\mfeavfk.sys --> C:\Windows\system32\drivers\mfeavfk.sys [?]
R3 mfefirek;McAfee Inc. mfefirek;C:\Windows\system32\drivers\mfefirek.sys --> C:\Windows\system32\drivers\mfefirek.sys [?]
R3 mferkdet;McAfee Inc. mferkdet;C:\Windows\system32\drivers\mferkdet.sys --> C:\Windows\system32\drivers\mferkdet.sys [?]
R3 yukonw7;NDIS6.2 Miniport Driver for Marvell Yukon Ethernet Controller;C:\Windows\system32\DRIVERS\yk62x64.sys --> C:\Windows\system32\DRIVERS\yk62x64.sys [?]
S3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service;C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-6-9 257224]
.
=============== Created Last 30 ================
.
2012-06-13 21:14:55 -------- d-----w- C:\Users\Shelby\AppData\Local\Adobe
2012-06-11 21:56:51 20480 ----a-w- C:\Windows\svchost.exe
2012-06-11 19:29:29 52224 ----a-w- C:\Windows\System32\drivers\usbehci.sys
2012-06-11 19:29:28 98816 ----a-w- C:\Windows\System32\drivers\usbccgp.sys
2012-06-11 19:29:28 343040 ----a-w- C:\Windows\System32\drivers\usbhub.sys
2012-06-11 19:29:28 324608 ----a-w- C:\Windows\System32\drivers\usbport.sys
2012-06-11 19:29:27 7936 ----a-w- C:\Windows\System32\drivers\usbd.sys
2012-06-11 19:29:27 30720 ----a-w- C:\Windows\System32\drivers\usbuhci.sys
2012-06-11 19:29:27 25600 ----a-w- C:\Windows\System32\drivers\usbohci.sys
2012-06-11 19:25:26 1657216 ----a-w- C:\Windows\System32\drivers\ntfs.sys
2012-06-11 19:25:25 2566144 ----a-w- C:\Windows\System32\esent.dll
2012-06-11 19:25:25 166272 ----a-w- C:\Windows\System32\drivers\nvstor.sys
2012-06-11 19:25:25 148352 ----a-w- C:\Windows\System32\drivers\nvraid.sys
2012-06-11 19:25:25 107904 ----a-w- C:\Windows\System32\drivers\amdsata.sys
2012-06-11 19:25:24 27008 ----a-w- C:\Windows\System32\drivers\amdxata.sys
2012-06-11 19:25:24 187264 ----a-w- C:\Windows\System32\drivers\storport.sys
2012-06-11 19:25:24 1686016 ----a-w- C:\Windows\SysWow64\esent.dll
2012-06-11 19:25:23 96768 ----a-w- C:\Windows\System32\fsutil.exe
2012-06-11 19:25:23 410496 ----a-w- C:\Windows\System32\drivers\iaStorV.sys
2012-06-11 19:25:22 74240 ----a-w- C:\Windows\SysWow64\fsutil.exe
2012-06-11 18:55:04 -------- d-----w- C:\Windows\SysWow64\Wat
2012-06-11 18:55:04 -------- d-----w- C:\Windows\System32\Wat
2012-06-10 20:36:57 367104 ----a-w- C:\Windows\System32\wcncsvc.dll
2012-06-10 20:36:57 276992 ----a-w- C:\Windows\SysWow64\wcncsvc.dll
2012-06-10 20:12:12 311808 ----a-w- C:\Windows\System32\msv1_0.dll
2012-06-10 20:12:12 257024 ----a-w- C:\Windows\SysWow64\msv1_0.dll
2012-06-10 19:52:54 99176 ----a-w- C:\Windows\SysWow64\PresentationHostProxy.dll
2012-06-10 19:52:54 49472 ----a-w- C:\Windows\SysWow64\netfxperf.dll
2012-06-10 19:52:54 48960 ----a-w- C:\Windows\System32\netfxperf.dll
2012-06-10 19:52:54 444752 ----a-w- C:\Windows\System32\mscoree.dll
2012-06-10 19:52:54 320352 ----a-w- C:\Windows\System32\PresentationHost.exe
2012-06-10 19:52:54 297808 ----a-w- C:\Windows\SysWow64\mscoree.dll
2012-06-10 19:52:54 295264 ----a-w- C:\Windows\SysWow64\PresentationHost.exe
2012-06-10 19:52:54 1942856 ----a-w- C:\Windows\System32\dfshim.dll
2012-06-10 19:52:54 1130824 ----a-w- C:\Windows\SysWow64\dfshim.dll
2012-06-10 19:52:54 109912 ----a-w- C:\Windows\System32\PresentationHostProxy.dll
2012-06-10 19:27:45 80896 ----a-w- C:\Windows\System32\imagehlp.dll
2012-06-10 19:27:45 5120 ----a-w- C:\Windows\SysWow64\wmi.dll
2012-06-10 19:27:45 5120 ----a-w- C:\Windows\System32\wmi.dll
2012-06-10 19:27:45 22896 ----a-w- C:\Windows\System32\drivers\fs_rec.sys
2012-06-10 19:27:45 220672 ----a-w- C:\Windows\System32\wintrust.dll
2012-06-10 19:27:45 172544 ----a-w- C:\Windows\SysWow64\wintrust.dll
2012-06-10 19:27:45 158720 ----a-w- C:\Windows\SysWow64\imagehlp.dll
2012-06-10 18:55:20 -------- d-----w- C:\Windows\PCHEALTH
2012-06-10 18:52:02 -------- d-----w- C:\Users\Shelby\AppData\Local\Microsoft Help
2012-06-10 17:48:56 886784 ----a-w- C:\Program Files\Common Files\System\wab32.dll
2012-06-10 17:46:44 1572864 ----a-w- C:\Windows\System32\quartz.dll
2012-06-10 17:46:44 1328640 ----a-w- C:\Windows\SysWow64\quartz.dll
2012-06-10 17:46:43 514560 ----a-w- C:\Windows\SysWow64\qdvd.dll
2012-06-10 17:46:43 366592 ----a-w- C:\Windows\System32\qdvd.dll
2012-06-10 17:46:31 509952 ----a-w- C:\Windows\System32\ntshrui.dll
2012-06-10 17:46:31 442880 ----a-w- C:\Windows\SysWow64\ntshrui.dll
2012-06-10 17:46:26 4582912 ----a-w- C:\Program Files\Windows NT\Accessories\wordpad.exe
2012-06-10 17:46:25 4247040 ----a-w- C:\Program Files (x86)\Windows NT\Accessories\wordpad.exe
2012-06-10 17:46:25 2085376 ----a-w- C:\Windows\System32\ole32.dll
2012-06-10 17:46:24 1413632 ----a-w- C:\Windows\SysWow64\ole32.dll
2012-06-10 17:46:00 2228224 ----a-w- C:\Windows\System32\mssrch.dll
2012-06-10 17:44:39 422912 ----a-w- C:\Windows\System32\secproc_isv.dll
2012-06-10 17:43:54 515584 ----a-w- C:\Windows\System32\timedate.cpl
2012-06-10 17:42:57 52224 ----a-w- C:\Windows\System32\rtutils.dll
2012-06-10 17:41:44 27008 ----a-w- C:\Windows\System32\drivers\Diskdump.sys
2012-06-10 17:40:14 499200 ----a-w- C:\Windows\System32\drivers\afd.sys
2012-06-10 17:40:11 75632 ----a-w- C:\Windows\System32\drivers\partmgr.sys
2012-06-10 17:40:09 236032 ----a-w- C:\Windows\System32\srvsvc.dll
2012-06-10 17:40:08 9728 ----a-w- C:\Windows\SysWow64\sscore.dll
2012-06-10 17:40:06 516096 ----a-w- C:\Program Files\Windows Mail\wab.exe
2012-06-10 17:40:06 516096 ----a-w- C:\Program Files (x86)\Windows Mail\wab.exe
2012-06-10 17:40:06 35328 ----a-w- C:\Program Files\Windows Mail\wabfind.dll
2012-06-10 17:40:01 613888 ----a-w- C:\Windows\System32\psisdecd.dll
2012-06-10 17:40:01 288256 ----a-w- C:\Windows\System32\MSNP.ax
2012-06-10 17:40:00 75776 ----a-w- C:\Windows\SysWow64\psisrndr.ax
2012-06-10 17:40:00 108032 ----a-w- C:\Windows\System32\psisrndr.ax
2012-06-10 17:38:59 4608 ---ha-w- C:\Windows\System32\api-ms-win-core-processthreads-l1-1-0.dll
2012-06-10 17:37:55 404992 ----a-w- C:\Windows\System32\umpnpmgr.dll
2012-06-10 17:37:54 252928 ----a-w- C:\Windows\SysWow64\drvinst.exe
2012-06-10 17:37:54 145920 ----a-w- C:\Windows\SysWow64\cfgmgr32.dll
2012-06-10 17:37:53 64512 ----a-w- C:\Windows\SysWow64\devobj.dll
2012-06-10 17:37:53 44544 ----a-w- C:\Windows\SysWow64\devrtl.dll
2012-06-10 17:37:44 267776 ----a-w- C:\Windows\System32\FXSCOVER.exe
2012-06-10 17:25:41 976896 ----a-w- C:\Windows\System32\inetcomm.dll
2012-06-10 17:25:40 740864 ----a-w- C:\Windows\SysWow64\inetcomm.dll
2012-06-10 17:25:37 634368 ----a-w- C:\Windows\System32\msvcrt.dll
2012-06-10 17:25:36 690688 ----a-w- C:\Windows\SysWow64\msvcrt.dll
2012-06-10 17:25:33 112000 ----a-w- C:\Windows\System32\consent.exe
2012-06-10 17:25:30 90624 ----a-w- C:\Windows\System32\drivers\bowser.sys
2012-06-10 17:25:24 861184 ----a-w- C:\Windows\System32\oleaut32.dll
2012-06-10 17:25:24 331776 ----a-w- C:\Windows\System32\oleacc.dll
2012-06-10 17:25:23 571904 ----a-w- C:\Windows\SysWow64\oleaut32.dll
2012-06-10 17:25:23 233472 ----a-w- C:\Windows\SysWow64\oleacc.dll
2012-06-10 17:25:16 723456 ----a-w- C:\Windows\System32\EncDec.dll
2012-06-10 17:25:15 534528 ----a-w- C:\Windows\SysWow64\EncDec.dll
2012-06-10 17:24:55 2048 ----a-w- C:\Windows\SysWow64\tzres.dll
2012-06-10 17:24:55 2048 ----a-w- C:\Windows\System32\tzres.dll
2012-06-10 17:24:13 1895280 ----a-w- C:\Windows\System32\drivers\tcpip.sys
2012-06-10 17:24:05 1732096 ----a-w- C:\Program Files\Windows Journal\NBDoc.DLL
2012-06-10 17:24:05 1367552 ----a-w- C:\Program Files\Common Files\Microsoft Shared\ink\journal.dll
2012-06-10 17:24:04 936960 ----a-w- C:\Program Files (x86)\Common Files\Microsoft Shared\ink\journal.dll
2012-06-10 17:24:04 1393664 ----a-w- C:\Program Files\Windows Journal\JNTFiltr.dll
2012-06-10 17:24:03 1402880 ----a-w- C:\Program Files\Windows Journal\JNWDRV.dll
2012-06-10 17:23:57 720896 ----a-w- C:\Windows\System32\odbc32.dll
2012-06-10 17:23:56 573440 ----a-w- C:\Windows\SysWow64\odbc32.dll
2012-06-10 17:23:56 1425408 ----a-w- C:\Program Files\Common Files\System\ado\msado15.dll
2012-06-10 17:23:55 495616 ----a-w- C:\Program Files\Common Files\System\ado\msadox.dll
2012-06-10 17:23:55 466944 ----a-w- C:\Program Files\Common Files\System\ado\msadomd.dll
2012-06-10 17:23:55 258048 ----a-w- C:\Program Files\Common Files\System\msadc\msadco.dll
2012-06-10 17:23:54 987136 ----a-w- C:\Program Files (x86)\Common Files\System\ado\msado15.dll
2012-06-10 17:23:53 372736 ----a-w- C:\Program Files (x86)\Common Files\System\ado\msadox.dll
2012-06-10 17:23:53 352256 ----a-w- C:\Program Files (x86)\Common Files\System\ado\msadomd.dll
2012-06-10 17:23:53 208896 ----a-w- C:\Program Files (x86)\Common Files\System\msadc\msadco.dll
2012-06-10 17:23:34 1739160 ----a-w- C:\Windows\System32\ntdll.dll
2012-06-10 17:23:33 1292592 ----a-w- C:\Windows\SysWow64\ntdll.dll
2012-06-10 17:19:56 77312 ----a-w- C:\Windows\System32\packager.dll
2012-06-10 17:19:55 67072 ----a-w- C:\Windows\SysWow64\packager.dll
2012-06-10 13:05:44 243712 ----a-w- C:\Windows\System32\drivers\ks.sys
2012-06-10 13:05:44 184832 ----a-w- C:\Windows\System32\drivers\usbvideo.sys
2012-06-10 07:15:54 -------- d-----w- C:\Windows\Panther
2012-06-10 07:15:25 -------- d-----w- C:\Windows\System32\oem
2012-06-10 06:49:54 -------- d-----w- C:\Windows.old
2012-06-10 03:12:00 -------- d-----w- C:\Users\Shelby\AppData\Local\Microsoft Games
2012-06-10 02:33:09 70344 ----a-w- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl
2012-06-10 02:33:09 426184 ----a-w- C:\Windows\SysWow64\FlashPlayerApp.exe
2012-06-10 01:29:43 -------- d-----w- C:\ProgramData\Spybot - Search & Destroy
2012-06-10 01:29:43 -------- d-----w- C:\Program Files (x86)\Spybot - Search & Destroy
2012-06-10 01:17:50 -------- d-----w- C:\Program Files (x86)\McAfee.com
2012-06-10 01:17:38 10248 ----a-w- C:\Windows\System32\drivers\mfeclnk.sys
2012-06-10 01:17:38 -------- d-----w- C:\Program Files (x86)\Common Files\McAfee
2012-06-10 01:16:44 75936 ----a-w- C:\Windows\System32\drivers\mfenlfk.sys
2012-06-10 01:16:44 65264 ----a-w- C:\Windows\System32\drivers\cfwids.sys
2012-06-10 01:16:44 487296 ----a-w- C:\Windows\System32\drivers\mfefirek.sys
2012-06-10 01:16:44 289664 ----a-w- C:\Windows\System32\drivers\mfewfpk.sys
2012-06-10 01:16:44 229528 ----a-w- C:\Windows\System32\drivers\mfeavfk.sys
2012-06-10 01:16:44 100912 ----a-w- C:\Windows\System32\drivers\mferkdet.sys
2012-06-10 01:16:32 -------- d-----w- C:\Program Files\McAfee.com
2012-06-10 01:16:32 -------- d-----w- C:\Program Files\McAfee
2012-06-10 01:16:32 -------- d-----w- C:\Program Files\Common Files\McAfee
2012-06-10 01:16:29 -------- d-----w- C:\Program Files (x86)\McAfee
2012-06-10 01:07:34 162192 ----a-w- C:\Windows\System32\mfevtps.exe
2012-06-10 00:35:54 -------- d-----w- C:\Users\Shelby\AppData\Local\Diagnostics
2012-06-10 00:27:50 8955792 ----a-w- C:\ProgramData\Microsoft\Windows Defender\Definition Updates\{7250C547-3BEC-4613-AECF-28596846A027}\mpengine.dll
2012-06-10 00:27:49 279656 ------w- C:\Windows\System32\MpSigStub.exe
2012-06-10 00:04:13 45056 ----a-r- C:\Users\Shelby\AppData\Roaming\Microsoft\Installer\{42929F0F-CE14-47AF-9FC7-FF297A603021}\NewShortcut1_42929F0FCE1447AF9FC7FF297A603021_1.exe
2012-06-10 00:04:12 -------- d-----w- C:\Windows\SysWow64\vmm32
2012-06-10 00:04:12 -------- d-----w- C:\Program Files (x86)\Dell
2012-06-10 00:03:44 -------- d-sh--w- C:\Windows\Installer
2012-06-09 23:58:08 89088 ----a-w- C:\Windows\SysWow64\atl71.dll
2012-06-09 23:58:08 499712 ----a-w- C:\Windows\SysWow64\msvcp71.dll
2012-06-09 23:58:08 348160 ----a-w- C:\Windows\SysWow64\msvcr71.dll
2012-06-09 23:58:08 1060864 ----a-w- C:\Windows\SysWow64\MFC71.dll
2012-06-09 23:58:08 1047552 ----a-w- C:\Windows\SysWow64\MFC71u.dll
2012-06-09 23:56:07 139264 ----a-w- C:\Windows\System32\cabview.dll
2012-06-09 23:56:07 132608 ----a-w- C:\Windows\SysWow64\cabview.dll
2012-06-09 23:56:06 9216 ----a-w- C:\Windows\System32\rdrmemptylst.exe
2012-06-09 23:56:06 76288 ----a-w- C:\Windows\System32\rdpwsx.dll
2012-06-09 23:56:06 149504 ----a-w- C:\Windows\System32\rdpcorekmts.dll
2012-06-09 23:56:05 826368 ----a-w- C:\Windows\SysWow64\rdpcore.dll
2012-06-09 23:56:05 23552 ----a-w- C:\Windows\System32\drivers\tdtcp.sys
2012-06-09 23:56:05 204800 ----a-w- C:\Windows\System32\drivers\rdpwd.sys
2012-06-09 23:56:05 1031680 ----a-w- C:\Windows\System32\rdpcore.dll
2012-06-09 23:52:56 -------- d-sh--w- C:\Recovery
.
==================== Find3M ====================
.
2012-04-02 05:34:04 5504880 ----a-w- C:\Windows\System32\ntoskrnl.exe
2012-04-02 04:46:44 3958128 ----a-w- C:\Windows\SysWow64\ntkrnlpa.exe
2012-04-02 04:46:44 3902320 ----a-w- C:\Windows\SysWow64\ntoskrnl.exe
2012-04-02 03:01:19 3143680 ----a-w- C:\Windows\System32\win32k.sys
.
============= FINISH: 18:32:10.84 ===============
I have the other DDS log also; if it is needed.
Thanks for your help in advance!
Hi,
Download aswMBR (http://public.avast.com/~gmerek/aswMBR.exe) to your desktop. Double click the aswMBR.exe to run it
Click the Scan button to start scan
On completion of the scan click save log, save it to your desktop and post in your next reply. Post attach.txt contents of DDS too.
shelbs318
2012-06-20, 18:22
Thanks for the speedy reply!
Here is the AVAST scan:
aswMBR version 0.9.9.1665 Copyright(c) 2011 AVAST Software
Run date: 2012-06-20 12:02:08
-----------------------------
12:02:08.978 OS Version: Windows x64 6.1.7600
12:02:08.978 Number of processors: 2 586 0x170A
12:02:08.978 ComputerName: SHELBY-PC UserName: Shelby
12:02:16.432 Initialize success
12:05:57.992 AVAST engine defs: 12062001
12:13:09.485 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T0L0-0
12:13:09.485 Disk 0 Vendor: SAMSUNG_HM250HI 2AC101C4 Size: 238475MB BusType: 11
12:13:09.495 Device \Driver\atapi -> MajorFunction fffffa80049e55e8
12:13:09.495 Disk 0 MBR read successfully
12:13:09.495 Disk 0 MBR scan
12:13:09.555 Disk 0 Windows 7 default MBR code
12:13:09.555 Disk 0 MBR hidden
12:13:09.575 Disk 0 Partition 1 00 DE Dell Utility Dell 8.0 39 MB offset 63
12:13:09.585 Disk 0 Partition 2 80 (A) 07 HPFS/NTFS NTFS 15000 MB offset 81920
12:13:09.605 Disk 0 Partition 3 00 07 HPFS/NTFS NTFS 223434 MB offset 30801920
12:13:09.645 Disk 0 scanning C:\Windows\system32\drivers
12:13:18.807 Service scanning
12:13:45.525 Modules scanning
12:13:45.535 Disk 0 trace - called modules:
12:13:45.535 ntoskrnl.exe CLASSPNP.SYS disk.sys >>UNKNOWN [0xfffffa80049e55e8]<<
12:13:45.545 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0xfffffa800449c060]
12:13:45.555 3 CLASSPNP.SYS[fffff880019aa43f] -> nt!IofCallDriver -> \Device\Ide\IdeDeviceP0T0L0-0[0xfffffa80040fd1f0]
12:13:45.565 \Driver\atapi[0xfffffa80049e0550] -> IRP_MJ_CREATE -> 0xfffffa80049e55e8
12:13:51.357 AVAST engine scan C:\Windows
12:13:54.169 AVAST engine scan C:\Windows\system32
12:18:05.778 AVAST engine scan C:\Windows\system32\drivers
12:18:18.390 AVAST engine scan C:\Users\Shelby
12:19:18.360 Disk 0 MBR has been saved successfully to "C:\Users\Shelby\Desktop\MBR.dat"
12:19:18.442 The log file has been saved successfully to "C:\Users\Shelby\Desktop\aswMBR.txt"
I am assuming that this is what you need DDS wise, but if not I can do another scan.
DDS (Ver_2011-08-26.01)
.
Microsoft Windows 7 Home Premium
Boot Device: \Device\HarddiskVolume2
Install Date: 6/9/2012 7:53:05 PM
System Uptime: 6/19/2012 5:48:59 PM (1 hours ago)
.
Motherboard: Dell Inc. | | 0G848F
Processor: Pentium(R) Dual-Core CPU T4300 @ 2.10GHz | Microprocessor | 2100/200mhz
.
==== Disk Partitions =========================
.
C: is FIXED (NTFS) - 218 GiB total, 139.151 GiB free.
D: is CDROM ()
E: is Removable
.
==== Disabled Device Manager Items =============
.
==== System Restore Points ===================
.
RP9: 6/11/2012 9:39:41 PM - Windows Update
RP10: 6/13/2012 3:13:23 PM - Windows Update
RP11: 6/14/2012 12:11:30 PM - Windows Update
RP12: 6/15/2012 10:24:29 AM - Windows Update
RP13: 6/17/2012 4:48:41 PM - Windows Update
RP14: 6/17/2012 5:39:52 PM - Windows Update
RP15: 6/17/2012 7:29:00 PM - Windows Update
RP16: 6/17/2012 7:57:02 PM - Windows Update
RP17: 6/17/2012 8:33:52 PM - Windows Update
RP18: 6/17/2012 10:29:34 PM - Windows Update
RP19: 6/19/2012 4:43:23 PM - Windows Update
RP20: 6/19/2012 5:57:08 PM - Windows Update
.
==== Installed Programs ======================
.
Update for Microsoft Office 2007 (KB2508958)
Adobe Flash Player 11 ActiveX
Dell Resource CD
ERUNT 1.1j
McAfee SecurityCenter
Microsoft Office 2007 Service Pack 2 (SP2)
Microsoft Office Excel MUI (English) 2007
Microsoft Office Home and Student 2007
Microsoft Office OneNote MUI (English) 2007
Microsoft Office PowerPoint MUI (English) 2007
Microsoft Office Proof (English) 2007
Microsoft Office Proof (French) 2007
Microsoft Office Proof (Spanish) 2007
Microsoft Office Proofing (English) 2007
Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
Microsoft Office Shared MUI (English) 2007
Microsoft Office Shared Setup Metadata MUI (English) 2007
Microsoft Office Word MUI (English) 2007
PowerDVD DX
Security Update for 2007 Microsoft Office System (KB2288621)
Security Update for 2007 Microsoft Office System (KB2288931)
Security Update for 2007 Microsoft Office System (KB2553089)
Security Update for 2007 Microsoft Office System (KB2553090)
Security Update for 2007 Microsoft Office System (KB2584063)
Security Update for 2007 Microsoft Office System (KB976321)
Security Update for Microsoft Office 2007 suites (KB2596672) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2596785) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2596792) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2596871) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2596880) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2597162) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2597969) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2598041) 32-Bit Edition
Security Update for Microsoft Office Excel 2007 (KB2597161) 32-Bit Edition
Security Update for Microsoft Office InfoPath 2007 (KB979441)
Security Update for Microsoft Office PowerPoint 2007 (KB2596764) 32-Bit Edition
Security Update for Microsoft Office PowerPoint 2007 (KB2596912) 32-Bit Edition
Security Update for Microsoft Office system 2007 (KB974234)
Security Update for Microsoft Office Visio Viewer 2007 (KB973709)
Security Update for Microsoft Office Word 2007 (KB2596917) 32-Bit Edition
Spybot - Search & Destroy
Update for 2007 Microsoft Office System (KB2284654)
Update for 2007 Microsoft Office System (KB967642)
Update for Microsoft Office 2007 Help for Common Features (KB963673)
Update for Microsoft Office 2007 System (KB2539530)
Update for Microsoft Office Excel 2007 Help (KB963678)
Update for Microsoft Office OneNote 2007 (KB980729)
Update for Microsoft Office OneNote 2007 Help (KB963670)
Update for Microsoft Office Powerpoint 2007 Help (KB963669)
Update for Microsoft Office Script Editor Help (KB963671)
Update for Microsoft Office Word 2007 Help (KB963665)
.
==== Event Viewer Messages From Past Week ========
.
6/19/2012 6:16:30 PM, Error: Microsoft-Windows-WindowsUpdateClient [20] - Installation Failure: Windows failed to install the following update with error 0x80070643: Security Update for Windows 7 for x64-based Systems (KB2709715).
6/19/2012 5:51:34 PM, Error: Service Control Manager [7024] - The HomeGroup Listener service terminated with service-specific error %%-2147023143.
6/19/2012 5:51:25 PM, Error: Microsoft-Windows-WMPNSS-Service [14332] - Service 'WMPNetworkSvc' did not start correctly because CoCreateInstance(CLSID_UPnPDeviceFinder) encountered error '0x80004005'. Verify that the UPnPHost service is running and that the UPnPHost component of Windows is installed properly.
6/19/2012 5:49:51 PM, Error: Service Control Manager [7023] - The Function Discovery Resource Publication service terminated with the following error: %%-2147014847
6/19/2012 5:49:46 PM, Error: Service Control Manager [7024] - The Windows Firewall service terminated with service-specific error Access is denied..
6/19/2012 5:35:29 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service wuauserv with arguments "" in order to run the server: {E60687F7-01A1-40AA-86AC-DB1CBF673334}
6/19/2012 5:28:07 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service McNaiAnn with arguments "" in order to run the server: {DC7EF8E1-824F-4110-AB43-1604DA9B4F40}
6/19/2012 5:24:34 PM, Error: Service Control Manager [7001] - The Network List Service service depends on the Network Location Awareness service which failed to start because of the following error: The dependency service or group failed to start.
6/19/2012 5:24:33 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service WSearch with arguments "" in order to run the server: {9E175B6D-F52A-11D8-B9A5-505054503030}
6/19/2012 5:24:32 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service WSearch with arguments "" in order to run the server: {7D096C5F-AC08-4F1F-BEB7-5C22C517CE39}
6/19/2012 5:24:28 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1068" attempting to start the service netprofm with arguments "" in order to run the server: {A47979D2-C419-11D9-A5B4-001185AD2B89}
6/19/2012 5:24:28 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1068" attempting to start the service netman with arguments "" in order to run the server: {BA126AD1-2166-11D1-B1D0-00805FC1270E}
6/19/2012 5:24:27 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service EventSystem with arguments "" in order to run the server: {1BE1F766-5536-11D1-B726-00C04FB926AF}
6/19/2012 5:24:17 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service ShellHWDetection with arguments "" in order to run the server: {DD522ACC-F821-461A-A407-50B198B896DC}
6/19/2012 5:24:05 PM, Error: Service Control Manager [7026] - The following boot-start or system-start driver(s) failed to load: AFD DfsC discache mfehidk mfenlfk NetBIOS NetBT nsiproxy Psched rdbss spldr tdx vwififlt Wanarpv6 WfpLwf
6/19/2012 5:24:05 PM, Error: Service Control Manager [7001] - The McAfee Proxy Service service depends on the McAfee Firewall Core Service service which failed to start because of the following error: The dependency service or group failed to start.
6/19/2012 5:24:04 PM, Error: Service Control Manager [7001] - The Workstation service depends on the Network Store Interface Service service which failed to start because of the following error: The dependency service or group failed to start.
6/19/2012 5:24:04 PM, Error: Service Control Manager [7001] - The TCP/IP NetBIOS Helper service depends on the Ancillary Function Driver for Winsock service which failed to start because of the following error: A device attached to the system is not functioning.
6/19/2012 5:24:04 PM, Error: Service Control Manager [7001] - The SMB MiniRedirector Wrapper and Engine service depends on the Redirected Buffering Sub Sysytem service which failed to start because of the following error: A device attached to the system is not functioning.
6/19/2012 5:24:04 PM, Error: Service Control Manager [7001] - The SMB 2.0 MiniRedirector service depends on the SMB MiniRedirector Wrapper and Engine service which failed to start because of the following error: The dependency service or group failed to start.
6/19/2012 5:24:04 PM, Error: Service Control Manager [7001] - The SMB 1.x MiniRedirector service depends on the SMB MiniRedirector Wrapper and Engine service which failed to start because of the following error: The dependency service or group failed to start.
6/19/2012 5:24:04 PM, Error: Service Control Manager [7001] - The Network Store Interface Service service depends on the NSI proxy service driver. service which failed to start because of the following error: A device attached to the system is not functioning.
6/19/2012 5:24:04 PM, Error: Service Control Manager [7001] - The Network Location Awareness service depends on the Network Store Interface Service service which failed to start because of the following error: The dependency service or group failed to start.
6/19/2012 5:24:04 PM, Error: Service Control Manager [7001] - The McAfee Validation Trust Protection Service service depends on the McAfee Inc. mfehidk service which failed to start because of the following error: A device attached to the system is not functioning.
6/19/2012 5:24:04 PM, Error: Service Control Manager [7001] - The McAfee Personal Firewall Service service depends on the Windows Firewall service which failed to start because of the following error: The dependency service or group failed to start.
6/19/2012 5:24:04 PM, Error: Service Control Manager [7001] - The McAfee McShield service depends on the McAfee Validation Trust Protection Service service which failed to start because of the following error: The dependency service or group failed to start.
6/19/2012 5:24:04 PM, Error: Service Control Manager [7001] - The McAfee Firewall Core Service service depends on the McAfee Validation Trust Protection Service service which failed to start because of the following error: The dependency service or group failed to start.
6/19/2012 5:24:04 PM, Error: Service Control Manager [7001] - The McAfee Anti-Spam Service service depends on the McAfee Firewall Core Service service which failed to start because of the following error: The dependency service or group failed to start.
6/19/2012 5:24:04 PM, Error: Service Control Manager [7001] - The IP Helper service depends on the Network Store Interface Service service which failed to start because of the following error: The dependency service or group failed to start.
6/19/2012 5:24:04 PM, Error: Service Control Manager [7001] - The DNS Client service depends on the NetIO Legacy TDI Support Driver service which failed to start because of the following error: A device attached to the system is not functioning.
6/19/2012 5:24:04 PM, Error: Service Control Manager [7001] - The DHCP Client service depends on the Ancillary Function Driver for Winsock service which failed to start because of the following error: A device attached to the system is not functioning.
6/19/2012 5:24:02 PM, Error: Microsoft-Windows-WER-SystemErrorReporting [1001] - The computer has rebooted from a bugcheck. The bugcheck was: 0x0000000a (0x00000000000044ab, 0x0000000000000002, 0x0000000000000001, 0xfffff80002a53995). A dump was saved in: C:\Windows\MEMORY.DMP. Report Id: 061912-25240-01.
6/19/2012 5:21:02 PM, Error: Microsoft-Windows-WER-SystemErrorReporting [1001] - The computer has rebooted from a bugcheck. The bugcheck was: 0x0000000a (0x000000007fefed85, 0x0000000000000002, 0x0000000000000001, 0xfffff80002a53995). A dump was saved in: C:\Windows\MEMORY.DMP. Report Id: 061912-25740-01.
6/19/2012 4:39:31 PM, Error: Service Control Manager [7009] - A timeout was reached (30000 milliseconds) while waiting for the Microsoft .NET Framework NGEN v4.0.30319_X86 service to connect.
6/17/2012 7:48:59 PM, Error: Service Control Manager [7009] - A timeout was reached (30000 milliseconds) while waiting for the SBSD Security Center Service service to connect.
6/17/2012 7:48:59 PM, Error: Service Control Manager [7000] - The SBSD Security Center Service service failed to start due to the following error: The service did not respond to the start or control request in a timely fashion.
6/17/2012 7:48:24 PM, Error: Microsoft-Windows-WER-SystemErrorReporting [1001] - The computer has rebooted from a bugcheck. The bugcheck was: 0x00000019 (0x0000000000000020, 0xfffffa80036929b0, 0xfffffa8003692a30, 0x0000000004080001). A dump was saved in: C:\Windows\MEMORY.DMP. Report Id: 061712-48937-01.
6/17/2012 4:55:03 PM, Error: Microsoft-Windows-WER-SystemErrorReporting [1001] - The computer has rebooted from a bugcheck. The bugcheck was: 0x0000001e (0xffffffffc0000005, 0xfffff80002dc4fea, 0x0000000000000001, 0x0000000000000018). A dump was saved in: C:\Windows\MEMORY.DMP. Report Id: 061712-57517-01.
6/15/2012 6:36:53 PM, Error: bowser [8003] - The master browser has received a server announcement from the computer CYNTHIA-PC that believes that it is the master browser for the domain on transport NetBT_Tcpip_{23ABA2C2-32B0-4CD4-A2A1-593D5A68FE43}. The master browser is stopping or an election is being forced.
6/15/2012 10:41:43 AM, Error: Service Control Manager [7038] - The WdiServiceHost service was unable to log on as NT AUTHORITY\LocalService with the currently configured password due to the following error: The request is not supported. To ensure that the service is configured properly, use the Services snap-in in Microsoft Management Console (MMC).
6/15/2012 10:41:43 AM, Error: Service Control Manager [7038] - The netprofm service was unable to log on as NT AUTHORITY\LocalService with the currently configured password due to the following error: The request is not supported. To ensure that the service is configured properly, use the Services snap-in in Microsoft Management Console (MMC).
6/15/2012 10:41:43 AM, Error: Service Control Manager [7000] - The Network List Service service failed to start due to the following error: The service did not start due to a logon failure.
6/15/2012 10:41:43 AM, Error: Service Control Manager [7000] - The Diagnostic Service Host service failed to start due to the following error: The service did not start due to a logon failure.
.
==== End Of File ===========================
Thanks again for all of your help!
Yes, that was attach.txt log from DDS. Let's continue :)
Please visit this webpage for download links, and instructions for running ComboFix tool:
http://www.bleepingcomputer.com/combofix/how-to-use-combofix
Please ensure you read this guide carefully first.
Please continue as follows:
Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix, link (http://www.bleepingcomputer.com/forums/topic114351.html)
Remember to re-enable them afterwards.
Click Yes to allow ComboFix to continue scanning for malware.
When the tool is finished, it will produce a report for you.
Please include the following reports for further review, and so we may continue cleansing the system:
C:\ComboFix.txt
New dds log.
A word of warning: Neither I nor sUBs are responsible for any damage you may have caused your machine by running ComboFix. This tool is not a toy and not for everyday use.
shelbs318
2012-06-20, 22:29
Unfortunately, we have run into our first bump in the road. I have ran the combofix 3 times now, once as an administrator. Each time, my computer turns off and reloads, I sign in, and then the program says to wait until the log is produced. However, my computer always crashes (blue screen of death) before I can copy down a log to send to you. Any suggestions?...
Thanks again.
Hi,
1. Download TDSSKiller (http://support.kaspersky.com/downloads/utils/tdsskiller.zip) and extract its contents into a folder in desired location (i.e. c:\tdsskiller).
2. Execute the file TDSSKiller.exe.
3. Click Start Scan. If threats are found, select skip and click Continue (tool may prompt for a reboot).
4. Post back contents of log file in c: drive root (name should be in UtilityName.Version_Date_Time_log.txt format)
shelbs318
2012-06-21, 17:25
11:21:47.0396 3476 TDSS rootkit removing tool 2.7.41.0 Jun 20 2012 20:53:32
11:21:48.0511 3476 ============================================================
11:21:48.0511 3476 Current date / time: 2012/06/21 11:21:48.0511
11:21:48.0511 3476 SystemInfo:
11:21:48.0511 3476
11:21:48.0511 3476 OS Version: 6.1.7600 ServicePack: 0.0
11:21:48.0511 3476 Product type: Workstation
11:21:48.0511 3476 ComputerName: SHELBY-PC
11:21:48.0511 3476 UserName: Shelby
11:21:48.0511 3476 Windows directory: C:\Windows
11:21:48.0511 3476 System windows directory: C:\Windows
11:21:48.0511 3476 Running under WOW64
11:21:48.0511 3476 Processor architecture: Intel x64
11:21:48.0511 3476 Number of processors: 2
11:21:48.0511 3476 Page size: 0x1000
11:21:48.0511 3476 Boot type: Normal boot
11:21:48.0512 3476 ============================================================
11:21:51.0030 3476 Drive \Device\Harddisk0\DR0 - Size: 0x3A38B2E000 (232.89 Gb), SectorSize: 0x200, Cylinders: 0x76C1, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000040
11:21:51.0050 3476 ============================================================
11:21:51.0050 3476 \Device\Harddisk0\DR0:
11:21:51.0050 3476 MBR partitions:
11:21:51.0050 3476 \Device\Harddisk0\DR0\Partition0: MBR, Type 0x7, StartLBA 0x14000, BlocksNum 0x1D4C000
11:21:51.0050 3476 \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x1D60000, BlocksNum 0x1B465170
11:21:51.0050 3476 ============================================================
11:21:51.0410 3476 C: <-> \Device\Harddisk0\DR0\Partition1
11:21:51.0410 3476 ============================================================
11:21:51.0410 3476 Initialize success
11:21:51.0410 3476 ============================================================
11:21:53.0814 3668 ============================================================
11:21:53.0814 3668 Scan started
11:21:53.0814 3668 Mode: Manual;
11:21:53.0814 3668 ============================================================
11:21:58.0240 3668 1394ohci (1b00662092f9f9568b995902f0cc40d5) C:\Windows\system32\DRIVERS\1394ohci.sys
11:21:58.0240 3668 1394ohci - ok
11:21:58.0300 3668 ACPI (6f11e88748cdefd2f76aa215f97ddfe5) C:\Windows\system32\DRIVERS\ACPI.sys
11:21:58.0300 3668 ACPI - ok
11:21:58.0360 3668 AcpiPmi (63b05a0420ce4bf0e4af6dcc7cada254) C:\Windows\system32\DRIVERS\acpipmi.sys
11:21:58.0370 3668 AcpiPmi - ok
11:21:58.0690 3668 AdobeFlashPlayerUpdateSvc (f3cd7b20b27d1772c946df993ff3635c) C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
11:21:58.0757 3668 AdobeFlashPlayerUpdateSvc - ok
11:21:58.0832 3668 adp94xx (2f6b34b83843f0c5118b63ac634f5bf4) C:\Windows\system32\DRIVERS\adp94xx.sys
11:21:58.0842 3668 adp94xx - ok
11:21:58.0902 3668 adpahci (597f78224ee9224ea1a13d6350ced962) C:\Windows\system32\DRIVERS\adpahci.sys
11:21:58.0922 3668 adpahci - ok
11:21:58.0960 3668 adpu320 (e109549c90f62fb570b9540c4b148e54) C:\Windows\system32\DRIVERS\adpu320.sys
11:21:58.0969 3668 adpu320 - ok
11:21:59.0034 3668 AeLookupSvc (4b78b431f225fd8624c5655cb1de7b61) C:\Windows\System32\aelupsvc.dll
11:21:59.0034 3668 AeLookupSvc - ok
11:21:59.0134 3668 AFD (db9d6c6b2cd95a9ca414d045b627422e) C:\Windows\system32\drivers\afd.sys
11:21:59.0144 3668 AFD - ok
11:21:59.0204 3668 agp440 (608c14dba7299d8cb6ed035a68a15799) C:\Windows\system32\DRIVERS\agp440.sys
11:21:59.0204 3668 agp440 - ok
11:21:59.0244 3668 ALG (3290d6946b5e30e70414990574883ddb) C:\Windows\System32\alg.exe
11:21:59.0244 3668 ALG - ok
11:21:59.0274 3668 aliide (5812713a477a3ad7363c7438ca2ee038) C:\Windows\system32\DRIVERS\aliide.sys
11:21:59.0274 3668 aliide - ok
11:21:59.0284 3668 amdide (1ff8b4431c353ce385c875f194924c0c) C:\Windows\system32\DRIVERS\amdide.sys
11:21:59.0294 3668 amdide - ok
11:21:59.0334 3668 AmdK8 (7024f087cff1833a806193ef9d22cda9) C:\Windows\system32\DRIVERS\amdk8.sys
11:21:59.0344 3668 AmdK8 - ok
11:21:59.0344 3668 AmdPPM (1e56388b3fe0d031c44144eb8c4d6217) C:\Windows\system32\DRIVERS\amdppm.sys
11:21:59.0354 3668 AmdPPM - ok
11:21:59.0426 3668 amdsata (ec7ebab00a4d8448bab68d1e49b4beb9) C:\Windows\system32\drivers\amdsata.sys
11:21:59.0488 3668 amdsata - ok
11:21:59.0501 3668 amdsbs (f67f933e79241ed32ff46a4f29b5120b) C:\Windows\system32\DRIVERS\amdsbs.sys
11:21:59.0508 3668 amdsbs - ok
11:21:59.0588 3668 amdxata (db27766102c7bf7e95140a2aa81d042e) C:\Windows\system32\drivers\amdxata.sys
11:21:59.0644 3668 amdxata - ok
11:21:59.0700 3668 AppID (42fd751b27fa0e9c69bb39f39e409594) C:\Windows\system32\drivers\appid.sys
11:21:59.0700 3668 AppID - ok
11:21:59.0740 3668 AppIDSvc (0bc381a15355a3982216f7172f545de1) C:\Windows\System32\appidsvc.dll
11:21:59.0740 3668 AppIDSvc - ok
11:21:59.0750 3668 Appinfo (d065be66822847b7f127d1f90158376e) C:\Windows\System32\appinfo.dll
11:21:59.0760 3668 Appinfo - ok
11:21:59.0780 3668 arc (c484f8ceb1717c540242531db7845c4e) C:\Windows\system32\DRIVERS\arc.sys
11:21:59.0790 3668 arc - ok
11:21:59.0800 3668 arcsas (019af6924aefe7839f61c830227fe79c) C:\Windows\system32\DRIVERS\arcsas.sys
11:21:59.0810 3668 arcsas - ok
11:21:59.0820 3668 AsyncMac (769765ce2cc62867468cea93969b2242) C:\Windows\system32\DRIVERS\asyncmac.sys
11:21:59.0830 3668 AsyncMac - ok
11:21:59.0830 3668 atapi (02062c0b390b7729edc9e69c680a6f3c) C:\Windows\system32\DRIVERS\atapi.sys
11:21:59.0830 3668 atapi - ok
11:21:59.0892 3668 AudioEndpointBuilder (07721a77180edd4d39ccb865bf63c7fd) C:\Windows\System32\Audiosrv.dll
11:21:59.0912 3668 AudioEndpointBuilder - ok
11:21:59.0922 3668 AudioSrv (07721a77180edd4d39ccb865bf63c7fd) C:\Windows\System32\Audiosrv.dll
11:21:59.0932 3668 AudioSrv - ok
11:22:00.0004 3668 AxInstSV (b20b5fa5ca050e9926e4d1db81501b32) C:\Windows\System32\AxInstSV.dll
11:22:00.0014 3668 AxInstSV - ok
11:22:00.0084 3668 b06bdrv (3e5b191307609f7514148c6832bb0842) C:\Windows\system32\DRIVERS\bxvbda.sys
11:22:00.0104 3668 b06bdrv - ok
11:22:00.0166 3668 b57nd60a (b5ace6968304a3900eeb1ebfd9622df2) C:\Windows\system32\DRIVERS\b57nd60a.sys
11:22:00.0176 3668 b57nd60a - ok
11:22:00.0318 3668 BCM43XX (9e84a931dbee0292e38ed672f6293a99) C:\Windows\system32\DRIVERS\bcmwl664.sys
11:22:00.0328 3668 BCM43XX - ok
11:22:00.0380 3668 BDESVC (fde360167101b4e45a96f939f388aeb0) C:\Windows\System32\bdesvc.dll
11:22:00.0390 3668 BDESVC - ok
11:22:00.0600 3668 Beep (16a47ce2decc9b099349a5f840654746) C:\Windows\system32\drivers\Beep.sys
11:22:00.0610 3668 Beep - ok
11:22:00.0712 3668 BFE (4992c609a6315671463e30f6512bc022) C:\Windows\System32\bfe.dll
11:22:00.0722 3668 BFE - ok
11:22:00.0832 3668 BITS (7f0c323fe3da28aa4aa1bda3f575707f) C:\Windows\system32\qmgr.dll
11:22:00.0851 3668 BITS - ok
11:22:01.0024 3668 blbdrive (61583ee3c3a17003c4acd0475646b4d3) C:\Windows\system32\DRIVERS\blbdrive.sys
11:22:01.0034 3668 blbdrive - ok
11:22:01.0114 3668 bowser (19d20159708e152267e53b66677a4995) C:\Windows\system32\DRIVERS\bowser.sys
11:22:01.0168 3668 bowser - ok
11:22:01.0175 3668 BrFiltLo (f09eee9edc320b5e1501f749fde686c8) C:\Windows\system32\DRIVERS\BrFiltLo.sys
11:22:01.0183 3668 BrFiltLo - ok
11:22:01.0197 3668 BrFiltUp (b114d3098e9bdb8bea8b053685831be6) C:\Windows\system32\DRIVERS\BrFiltUp.sys
11:22:01.0204 3668 BrFiltUp - ok
11:22:01.0235 3668 BridgeMP (5c2f352a4e961d72518261257aae204b) C:\Windows\system32\DRIVERS\bridge.sys
11:22:01.0242 3668 BridgeMP - ok
11:22:01.0276 3668 Browser (94fbc06f294d58d02361918418f996e3) C:\Windows\System32\browser.dll
11:22:01.0292 3668 Browser - ok
11:22:01.0314 3668 Brserid (43bea8d483bf1870f018e2d02e06a5bd) C:\Windows\System32\Drivers\Brserid.sys
11:22:01.0325 3668 Brserid - ok
11:22:01.0368 3668 BrSerWdm (a6eca2151b08a09caceca35c07f05b42) C:\Windows\System32\Drivers\BrSerWdm.sys
11:22:01.0378 3668 BrSerWdm - ok
11:22:01.0398 3668 BrUsbMdm (b79968002c277e869cf38bd22cd61524) C:\Windows\System32\Drivers\BrUsbMdm.sys
11:22:01.0398 3668 BrUsbMdm - ok
11:22:01.0408 3668 BrUsbSer (a87528880231c54e75ea7a44943b38bf) C:\Windows\System32\Drivers\BrUsbSer.sys
11:22:01.0408 3668 BrUsbSer - ok
11:22:01.0418 3668 BTHMODEM (9da669f11d1f894ab4eb69bf546a42e8) C:\Windows\system32\DRIVERS\bthmodem.sys
11:22:01.0418 3668 BTHMODEM - ok
11:22:01.0520 3668 bthserv (95f9c2976059462cbbf227f7aab10de9) C:\Windows\system32\bthserv.dll
11:22:01.0520 3668 bthserv - ok
11:22:01.0712 3668 catchme - ok
11:22:01.0782 3668 cdfs (b8bd2bb284668c84865658c77574381a) C:\Windows\system32\DRIVERS\cdfs.sys
11:22:01.0782 3668 cdfs - ok
11:22:01.0822 3668 cdrom (83d2d75e1efb81b3450c18131443f7db) C:\Windows\system32\DRIVERS\cdrom.sys
11:22:01.0832 3668 cdrom - ok
11:22:01.0912 3668 CertPropSvc (312e2f82af11e79906898ac3e3d58a1f) C:\Windows\System32\certprop.dll
11:22:01.0922 3668 CertPropSvc - ok
11:22:01.0972 3668 cfwids (274ce03459896006f7a5069266e0469e) C:\Windows\system32\drivers\cfwids.sys
11:22:02.0022 3668 cfwids - ok
11:22:02.0074 3668 circlass (d7cd5c4e1b71fa62050515314cfb52cf) C:\Windows\system32\DRIVERS\circlass.sys
11:22:02.0084 3668 circlass - ok
11:22:02.0124 3668 CLFS (fe1ec06f2253f691fe36217c592a0206) C:\Windows\system32\CLFS.sys
11:22:02.0124 3668 CLFS - ok
11:22:02.0364 3668 clr_optimization_v2.0.50727_32 (d88040f816fda31c3b466f0fa0918f29) C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
11:22:02.0364 3668 clr_optimization_v2.0.50727_32 - ok
11:22:02.0584 3668 clr_optimization_v2.0.50727_64 (d1ceea2b47cb998321c579651ce3e4f8) C:\Windows\Microsoft.NET\Framework64\v2.0.50727\mscorsvw.exe
11:22:02.0594 3668 clr_optimization_v2.0.50727_64 - ok
11:22:02.0986 3668 clr_optimization_v4.0.30319_32 (c5a75eb48e2344abdc162bda79e16841) C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
11:22:03.0049 3668 clr_optimization_v4.0.30319_32 - ok
11:22:03.0188 3668 clr_optimization_v4.0.30319_64 (c6f9af94dcd58122a4d7e89db6bed29d) C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe
11:22:03.0257 3668 clr_optimization_v4.0.30319_64 - ok
11:22:03.0325 3668 CmBatt (0840155d0bddf1190f84a663c284bd33) C:\Windows\system32\DRIVERS\CmBatt.sys
11:22:03.0335 3668 CmBatt - ok
11:22:03.0335 3668 cmdide (e19d3f095812725d88f9001985b94edd) C:\Windows\system32\DRIVERS\cmdide.sys
11:22:03.0345 3668 cmdide - ok
11:22:03.0415 3668 CNG (937beb186a735aca91d717044a49d17e) C:\Windows\system32\Drivers\cng.sys
11:22:03.0465 3668 CNG - ok
11:22:03.0547 3668 Compbatt (102de219c3f61415f964c88e9085ad14) C:\Windows\system32\DRIVERS\compbatt.sys
11:22:03.0557 3668 Compbatt - ok
11:22:03.0597 3668 CompositeBus (f26b3a86f6fa87ca360b879581ab4123) C:\Windows\system32\DRIVERS\CompositeBus.sys
11:22:03.0597 3668 CompositeBus - ok
11:22:03.0607 3668 COMSysApp - ok
11:22:03.0617 3668 crcdisk (1c827878a998c18847245fe1f34ee597) C:\Windows\system32\DRIVERS\crcdisk.sys
11:22:03.0627 3668 crcdisk - ok
11:22:03.0689 3668 CryptSvc (f02786b66375292e58c8777082d4396d) C:\Windows\system32\cryptsvc.dll
11:22:03.0729 3668 CryptSvc - ok
11:22:03.0811 3668 DcomLaunch (7266972e86890e2b30c0c322e906b027) C:\Windows\system32\rpcss.dll
11:22:03.0811 3668 DcomLaunch - ok
11:22:03.0891 3668 defragsvc (3cec7631a84943677aa8fa8ee5b6b43d) C:\Windows\System32\defragsvc.dll
11:22:03.0901 3668 defragsvc - ok
11:22:03.0981 3668 DfsC (9c253ce7311ca60fc11c774692a13208) C:\Windows\system32\Drivers\dfsc.sys
11:22:04.0043 3668 DfsC - ok
11:22:04.0153 3668 Dhcp (ce3b9562d997f69b330d181a8875960f) C:\Windows\system32\dhcpcore.dll
11:22:04.0163 3668 Dhcp - ok
11:22:04.0223 3668 discache (13096b05847ec78f0977f2c0f79e9ab3) C:\Windows\system32\drivers\discache.sys
11:22:04.0223 3668 discache - ok
11:22:04.0313 3668 Disk (9819eee8b5ea3784ec4af3b137a5244c) C:\Windows\system32\DRIVERS\disk.sys
11:22:04.0323 3668 Disk - ok
11:22:04.0373 3668 Dnscache (85cf424c74a1d5ec33533e1dbff9920a) C:\Windows\System32\dnsrslvr.dll
11:22:04.0425 3668 Dnscache - ok
11:22:04.0503 3668 dot3svc (14452acdb09b70964c8c21bf80a13acb) C:\Windows\System32\dot3svc.dll
11:22:04.0533 3668 dot3svc - ok
11:22:04.0553 3668 DPS (8c2ba6bea949ee6e68385f5692bafb94) C:\Windows\system32\dps.dll
11:22:04.0570 3668 DPS - ok
11:22:04.0645 3668 drmkaud (9b19f34400d24df84c858a421c205754) C:\Windows\system32\drivers\drmkaud.sys
11:22:04.0645 3668 drmkaud - ok
11:22:04.0745 3668 DXGKrnl (1633b9abf52784a1331476397a48cbef) C:\Windows\System32\drivers\dxgkrnl.sys
11:22:04.0828 3668 DXGKrnl - ok
11:22:04.0867 3668 EapHost (e2dda8726da9cb5b2c4000c9018a9633) C:\Windows\System32\eapsvc.dll
11:22:04.0877 3668 EapHost - ok
11:22:05.0927 3668 ebdrv (dc5d737f51be844d8c82c695eb17372f) C:\Windows\system32\DRIVERS\evbda.sys
11:22:06.0097 3668 ebdrv - ok
11:22:06.0497 3668 EFS (156f6159457d0aa7e59b62681b56eb90) C:\Windows\System32\lsass.exe
11:22:06.0561 3668 EFS - ok
11:22:06.0749 3668 ehRecvr (47c071994c3f649f23d9cd075ac9304a) C:\Windows\ehome\ehRecvr.exe
11:22:06.0816 3668 ehRecvr - ok
11:22:06.0851 3668 ehSched (4705e8ef9934482c5bb488ce28afc681) C:\Windows\ehome\ehsched.exe
11:22:06.0851 3668 ehSched - ok
11:22:07.0041 3668 elxstor (0e5da5369a0fcaea12456dd852545184) C:\Windows\system32\DRIVERS\elxstor.sys
11:22:07.0051 3668 elxstor - ok
11:22:07.0051 3668 ErrDev (34a3c54752046e79a126e15c51db409b) C:\Windows\system32\DRIVERS\errdev.sys
11:22:07.0071 3668 ErrDev - ok
11:22:07.0133 3668 EventSystem (4166f82be4d24938977dd1746be9b8a0) C:\Windows\system32\es.dll
11:22:07.0143 3668 EventSystem - ok
11:22:07.0183 3668 exfat (a510c654ec00c1e9bdd91eeb3a59823b) C:\Windows\system32\drivers\exfat.sys
11:22:07.0193 3668 exfat - ok
11:22:07.0203 3668 fastfat (0adc83218b66a6db380c330836f3e36d) C:\Windows\system32\drivers\fastfat.sys
11:22:07.0213 3668 fastfat - ok
11:22:07.0283 3668 Fax (d607b2f1bee3992aa6c2c92c0a2f0855) C:\Windows\system32\fxssvc.exe
11:22:07.0303 3668 Fax - ok
11:22:07.0303 3668 fdc (d765d19cd8ef61f650c384f62fac00ab) C:\Windows\system32\DRIVERS\fdc.sys
11:22:07.0313 3668 fdc - ok
11:22:07.0343 3668 fdPHost (0438cab2e03f4fb61455a7956026fe86) C:\Windows\system32\fdPHost.dll
11:22:07.0353 3668 fdPHost - ok
11:22:07.0353 3668 FDResPub (802496cb59a30349f9a6dd22d6947644) C:\Windows\system32\fdrespub.dll
11:22:07.0363 3668 FDResPub - ok
11:22:07.0373 3668 FileInfo (655661be46b5f5f3fd454e2c3095b930) C:\Windows\system32\drivers\fileinfo.sys
11:22:07.0373 3668 FileInfo - ok
11:22:07.0413 3668 Filetrace (5f671ab5bc87eea04ec38a6cd5962a47) C:\Windows\system32\drivers\filetrace.sys
11:22:07.0423 3668 Filetrace - ok
11:22:07.0433 3668 flpydisk (c172a0f53008eaeb8ea33fe10e177af5) C:\Windows\system32\DRIVERS\flpydisk.sys
11:22:07.0443 3668 flpydisk - ok
11:22:07.0473 3668 FltMgr (f7866af72abbaf84b1fa5aa195378c59) C:\Windows\system32\drivers\fltmgr.sys
11:22:07.0483 3668 FltMgr - ok
11:22:07.0630 3668 FontCache (bc00505cfda789ed3be95d2ff38c4875) C:\Windows\system32\FntCache.dll
11:22:07.0740 3668 FontCache - ok
11:22:07.0863 3668 FontCache3.0.0.0 (8d89e3131c27fdd6932189cb785e1b7a) C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe
11:22:07.0873 3668 FontCache3.0.0.0 - ok
11:22:08.0023 3668 FsDepends (d43703496149971890703b4b1b723eac) C:\Windows\system32\drivers\FsDepends.sys
11:22:08.0033 3668 FsDepends - ok
11:22:08.0183 3668 Fs_Rec (d3e3f93d67821a2db2b3d9fac2dc2064) C:\Windows\system32\drivers\Fs_Rec.sys
11:22:08.0274 3668 Fs_Rec - ok
11:22:08.0445 3668 fvevol (ae87ba80d0ec3b57126ed2cdc15b24ed) C:\Windows\system32\DRIVERS\fvevol.sys
11:22:08.0445 3668 fvevol - ok
11:22:08.0475 3668 gagp30kx (8c778d335c9d272cfd3298ab02abe3b6) C:\Windows\system32\DRIVERS\gagp30kx.sys
11:22:08.0485 3668 gagp30kx - ok
11:22:08.0575 3668 gpsvc (fe5ab4525bc2ec68b9119a6e5d40128b) C:\Windows\System32\gpsvc.dll
11:22:08.0585 3668 gpsvc - ok
11:22:08.0645 3668 hcw85cir (f2523ef6460fc42405b12248338ab2f0) C:\Windows\system32\drivers\hcw85cir.sys
11:22:08.0645 3668 hcw85cir - ok
11:22:08.0725 3668 HdAudAddService (6410f6f415b2a5a9037224c41da8bf12) C:\Windows\system32\drivers\HdAudio.sys
11:22:08.0735 3668 HdAudAddService - ok
11:22:08.0765 3668 HDAudBus (0a49913402747a0b67de940fb42cbdbb) C:\Windows\system32\DRIVERS\HDAudBus.sys
11:22:08.0765 3668 HDAudBus - ok
11:22:08.0775 3668 HidBatt (78e86380454a7b10a5eb255dc44a355f) C:\Windows\system32\DRIVERS\HidBatt.sys
11:22:08.0785 3668 HidBatt - ok
11:22:08.0795 3668 HidBth (7fd2a313f7afe5c4dab14798c48dd104) C:\Windows\system32\DRIVERS\hidbth.sys
11:22:08.0805 3668 HidBth - ok
11:22:08.0855 3668 HidIr (0a77d29f311b88cfae3b13f9c1a73825) C:\Windows\system32\DRIVERS\hidir.sys
11:22:08.0855 3668 HidIr - ok
11:22:08.0905 3668 hidserv (bd9eb3958f213f96b97b1d897dee006d) C:\Windows\System32\hidserv.dll
11:22:08.0905 3668 hidserv - ok
11:22:08.0935 3668 HidUsb (b3bf6b5b50006def50b66306d99fcf6f) C:\Windows\system32\DRIVERS\hidusb.sys
11:22:08.0935 3668 HidUsb - ok
11:22:08.0955 3668 hkmsvc (efa58ede58dd74388ffd04cb32681518) C:\Windows\system32\kmsvc.dll
11:22:08.0965 3668 hkmsvc - ok
11:22:08.0995 3668 HomeGroupListener (046b2673767ca626e2cfb7fdf735e9e8) C:\Windows\system32\ListSvc.dll
11:22:09.0005 3668 HomeGroupListener - ok
11:22:09.0075 3668 HomeGroupProvider (06a7422224d9865a5613710a089987df) C:\Windows\system32\provsvc.dll
11:22:09.0075 3668 HomeGroupProvider - ok
11:22:09.0115 3668 HpSAMD (0886d440058f203eba0e1825e4355914) C:\Windows\system32\DRIVERS\HpSAMD.sys
11:22:09.0125 3668 HpSAMD - ok
11:22:09.0185 3668 HTTP (cee049cac4efa7f4e1e4ad014414a5d4) C:\Windows\system32\drivers\HTTP.sys
11:22:09.0195 3668 HTTP - ok
11:22:09.0205 3668 hwpolicy (f17766a19145f111856378df337a5d79) C:\Windows\system32\drivers\hwpolicy.sys
11:22:09.0205 3668 hwpolicy - ok
11:22:09.0305 3668 i8042prt (fa55c73d4affa7ee23ac4be53b4592d3) C:\Windows\system32\DRIVERS\i8042prt.sys
11:22:09.0315 3668 i8042prt - ok
11:22:09.0385 3668 iaStorV (b75e45c564e944a2657167d197ab29da) C:\Windows\system32\drivers\iaStorV.sys
11:22:09.0450 3668 iaStorV - ok
11:22:09.0727 3668 idsvc (2f2be70d3e02b6fa877921ab9516d43c) C:\Windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\infocard.exe
11:22:09.0747 3668 idsvc - ok
11:22:10.0127 3668 igfx (a87261ef1546325b559374f5689cf5bc) C:\Windows\system32\DRIVERS\igdkmd64.sys
11:22:10.0269 3668 igfx - ok
11:22:10.0841 3668 iirsp (5c18831c61933628f5bb0ea2675b9d21) C:\Windows\system32\DRIVERS\iirsp.sys
11:22:10.0841 3668 iirsp - ok
11:22:10.0933 3668 IKEEXT (c5b4683680df085b57bc53e5ef34861f) C:\Windows\System32\ikeext.dll
11:22:10.0953 3668 IKEEXT - ok
11:22:11.0013 3668 intelide (f00f20e70c6ec3aa366910083a0518aa) C:\Windows\system32\DRIVERS\intelide.sys
11:22:11.0013 3668 intelide - ok
11:22:11.0053 3668 intelppm (ada036632c664caa754079041cf1f8c1) C:\Windows\system32\DRIVERS\intelppm.sys
11:22:11.0053 3668 intelppm - ok
11:22:11.0113 3668 IPBusEnum (098a91c54546a3b878dad6a7e90a455b) C:\Windows\system32\ipbusenum.dll
11:22:11.0123 3668 IPBusEnum - ok
11:22:11.0133 3668 IpFilterDriver (722dd294df62483cecaae6e094b4d695) C:\Windows\system32\DRIVERS\ipfltdrv.sys
11:22:11.0143 3668 IpFilterDriver - ok
11:22:11.0193 3668 iphlpsvc (f8e058d17363ec580e4b7232778b6cb5) C:\Windows\System32\iphlpsvc.dll
11:22:11.0213 3668 iphlpsvc - ok
11:22:11.0223 3668 IPMIDRV (e2b4a4494db7cb9b89b55ca268c337c5) C:\Windows\system32\DRIVERS\IPMIDrv.sys
11:22:11.0233 3668 IPMIDRV - ok
11:22:11.0303 3668 IPNAT (af9b39a7e7b6caa203b3862582e9f2d0) C:\Windows\system32\drivers\ipnat.sys
11:22:11.0313 3668 IPNAT - ok
11:22:11.0353 3668 IRENUM (3abf5e7213eb28966d55d58b515d5ce9) C:\Windows\system32\drivers\irenum.sys
11:22:11.0363 3668 IRENUM - ok
11:22:11.0373 3668 isapnp (2f7b28dc3e1183e5eb418df55c204f38) C:\Windows\system32\DRIVERS\isapnp.sys
11:22:11.0373 3668 isapnp - ok
11:22:11.0403 3668 iScsiPrt (fa4d2557de56d45b0a346f93564be6e1) C:\Windows\system32\DRIVERS\msiscsi.sys
11:22:11.0413 3668 iScsiPrt - ok
11:22:11.0443 3668 kbdclass (bc02336f1cba7dcc7d1213bb588a68a5) C:\Windows\system32\DRIVERS\kbdclass.sys
11:22:11.0453 3668 kbdclass - ok
11:22:11.0463 3668 kbdhid (6def98f8541e1b5dceb2c822a11f7323) C:\Windows\system32\DRIVERS\kbdhid.sys
11:22:11.0463 3668 kbdhid - ok
11:22:11.0513 3668 KeyIso (156f6159457d0aa7e59b62681b56eb90) C:\Windows\system32\lsass.exe
11:22:11.0513 3668 KeyIso - ok
11:22:11.0563 3668 KSecDD (16c1b906fc5ead84769f90b736b6bf0e) C:\Windows\system32\Drivers\ksecdd.sys
11:22:11.0603 3668 KSecDD - ok
11:22:11.0646 3668 KSecPkg (0b711550c56444879d71c7daabda6c83) C:\Windows\system32\Drivers\ksecpkg.sys
11:22:11.0704 3668 KSecPkg - ok
11:22:11.0757 3668 ksthunk (6869281e78cb31a43e969f06b57347c4) C:\Windows\system32\drivers\ksthunk.sys
11:22:11.0767 3668 ksthunk - ok
11:22:11.0847 3668 KtmRm (6ab66e16aa859232f64deb66887a8c9c) C:\Windows\system32\msdtckrm.dll
11:22:11.0857 3668 KtmRm - ok
11:22:11.0927 3668 LanmanServer (81f1d04d4d0e433099365127375fd501) C:\Windows\System32\srvsvc.dll
11:22:11.0977 3668 LanmanServer - ok
11:22:12.0009 3668 LanmanWorkstation (27026eac8818e8a6c00a1cad2f11d29a) C:\Windows\System32\wkssvc.dll
11:22:12.0019 3668 LanmanWorkstation - ok
11:22:12.0089 3668 lltdio (1538831cf8ad2979a04c423779465827) C:\Windows\system32\DRIVERS\lltdio.sys
11:22:12.0089 3668 lltdio - ok
11:22:12.0189 3668 lltdsvc (c1185803384ab3feed115f79f109427f) C:\Windows\System32\lltdsvc.dll
11:22:12.0199 3668 lltdsvc - ok
11:22:12.0219 3668 lmhosts (f993a32249b66c9d622ea5592a8b76b8) C:\Windows\System32\lmhsvc.dll
11:22:12.0219 3668 lmhosts - ok
11:22:12.0269 3668 LSI_FC (1a93e54eb0ece102495a51266dcdb6a6) C:\Windows\system32\DRIVERS\lsi_fc.sys
11:22:12.0279 3668 LSI_FC - ok
11:22:12.0289 3668 LSI_SAS (1047184a9fdc8bdbff857175875ee810) C:\Windows\system32\DRIVERS\lsi_sas.sys
11:22:12.0289 3668 LSI_SAS - ok
11:22:12.0309 3668 LSI_SAS2 (30f5c0de1ee8b5bc9306c1f0e4a75f93) C:\Windows\system32\DRIVERS\lsi_sas2.sys
11:22:12.0309 3668 LSI_SAS2 - ok
11:22:12.0329 3668 LSI_SCSI (0504eacaff0d3c8aed161c4b0d369d4a) C:\Windows\system32\DRIVERS\lsi_scsi.sys
11:22:12.0339 3668 LSI_SCSI - ok
11:22:12.0349 3668 luafv (43d0f98e1d56ccddb0d5254cff7b356e) C:\Windows\system32\drivers\luafv.sys
11:22:12.0359 3668 luafv - ok
11:22:12.0529 3668 McAfee SiteAdvisor Service (acb01bf1a905356ab7f978c7fe852209) C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe
11:22:12.0529 3668 McAfee SiteAdvisor Service - ok
11:22:12.0539 3668 McMPFSvc (acb01bf1a905356ab7f978c7fe852209) C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe
11:22:12.0549 3668 McMPFSvc - ok
11:22:12.0579 3668 mcmscsvc (acb01bf1a905356ab7f978c7fe852209) C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe
11:22:12.0579 3668 mcmscsvc - ok
11:22:12.0599 3668 McNaiAnn (acb01bf1a905356ab7f978c7fe852209) C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe
11:22:12.0599 3668 McNaiAnn - ok
11:22:12.0609 3668 McNASvc (acb01bf1a905356ab7f978c7fe852209) C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe
11:22:12.0619 3668 McNASvc - ok
11:22:12.0811 3668 McODS (dd2321925274f2902929d76ce2b0eb45) C:\Program Files\McAfee\VirusScan\mcods.exe
11:22:12.0882 3668 McODS - ok
11:22:12.0888 3668 McProxy (acb01bf1a905356ab7f978c7fe852209) C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe
11:22:12.0891 3668 McProxy - ok
11:22:12.0983 3668 McShield (e998e3b12101288d716558466cbf6ae1) C:\Program Files\Common Files\McAfee\SystemCore\\mcshield.exe
11:22:13.0037 3668 McShield - ok
11:22:13.0075 3668 Mcx2Svc (f84c8f1000bc11e3b7b23cbd3baff111) C:\Windows\system32\Mcx2Svc.dll
11:22:13.0075 3668 Mcx2Svc - ok
11:22:13.0115 3668 megasas (a55805f747c6edb6a9080d7c633bd0f4) C:\Windows\system32\DRIVERS\megasas.sys
11:22:13.0121 3668 megasas - ok
11:22:13.0137 3668 MegaSR (baf74ce0072480c3b6b7c13b2a94d6b3) C:\Windows\system32\DRIVERS\MegaSR.sys
11:22:13.0147 3668 MegaSR - ok
11:22:13.0207 3668 mfeapfk (01884cb7655c8908b43ff5e364fe6fd2) C:\Windows\system32\drivers\mfeapfk.sys
11:22:13.0262 3668 mfeapfk - ok
11:22:13.0359 3668 mfeavfk (dab9a9cdfb04e4d68924492aa043019d) C:\Windows\system32\drivers\mfeavfk.sys
11:22:13.0415 3668 mfeavfk - ok
11:22:13.0531 3668 mfeavfk01 - ok
11:22:13.0581 3668 mfefire (b26782c3d6045b4464017d7926877560) C:\Program Files\Common Files\McAfee\SystemCore\\mfefire.exe
11:22:13.0645 3668 mfefire - ok
11:22:13.0743 3668 mfefirek (ce9a3680675c0907ade16404ca967b49) C:\Windows\system32\drivers\mfefirek.sys
11:22:13.0810 3668 mfefirek - ok
11:22:13.0895 3668 mfehidk (60cf67458dd29cd17e77f2327b1a9a54) C:\Windows\system32\drivers\mfehidk.sys
11:22:13.0969 3668 mfehidk - ok
11:22:13.0997 3668 mfenlfk (a8129cfb919347f8533c934b365e9202) C:\Windows\system32\DRIVERS\mfenlfk.sys
11:22:14.0054 3668 mfenlfk - ok
11:22:14.0109 3668 mferkdet (5041fa2bd2b3a2693b015771bfbf6dca) C:\Windows\system32\drivers\mferkdet.sys
11:22:14.0166 3668 mferkdet - ok
11:22:14.0211 3668 mfevtp (723a5eb6cef7f408c3d0f15a82a6bff8) C:\Windows\system32\mfevtps.exe
11:22:14.0273 3668 mfevtp - ok
11:22:14.0323 3668 mfewfpk (919c56db14a0e1e2ab6da5d2821dc26e) C:\Windows\system32\drivers\mfewfpk.sys
11:22:14.0391 3668 mfewfpk - ok
11:22:14.0435 3668 MMCSS (e40e80d0304a73e8d269f7141d77250b) C:\Windows\system32\mmcss.dll
11:22:14.0435 3668 MMCSS - ok
11:22:14.0495 3668 Modem (800ba92f7010378b09f9ed9270f07137) C:\Windows\system32\drivers\modem.sys
11:22:14.0495 3668 Modem - ok
11:22:14.0535 3668 monitor (b03d591dc7da45ece20b3b467e6aadaa) C:\Windows\system32\DRIVERS\monitor.sys
11:22:14.0535 3668 monitor - ok
11:22:14.0555 3668 mouclass (7d27ea49f3c1f687d357e77a470aea99) C:\Windows\system32\DRIVERS\mouclass.sys
11:22:14.0565 3668 mouclass - ok
11:22:14.0575 3668 mouhid (d3bf052c40b0c4166d9fd86a4288c1e6) C:\Windows\system32\DRIVERS\mouhid.sys
11:22:14.0585 3668 mouhid - ok
11:22:14.0585 3668 mountmgr (791af66c4d0e7c90a3646066386fb571) C:\Windows\system32\drivers\mountmgr.sys
11:22:14.0595 3668 mountmgr - ok
11:22:14.0636 3668 mpio (609d1d87649ecc19796f4d76d4c15cea) C:\Windows\system32\DRIVERS\mpio.sys
11:22:14.0642 3668 mpio - ok
11:22:14.0647 3668 mpsdrv (6c38c9e45ae0ea2fa5e551f2ed5e978f) C:\Windows\system32\drivers\mpsdrv.sys
11:22:14.0657 3668 mpsdrv - ok
11:22:14.0727 3668 MpsSvc (aecab449567d1846dad63ece49e893e3) C:\Windows\system32\mpssvc.dll
11:22:14.0747 3668 MpsSvc - ok
11:22:14.0777 3668 MRxDAV (30524261bb51d96d6fcbac20c810183c) C:\Windows\system32\drivers\mrxdav.sys
11:22:14.0787 3668 MRxDAV - ok
11:22:14.0827 3668 mrxsmb (040d62a9d8ad28922632137acdd984f2) C:\Windows\system32\DRIVERS\mrxsmb.sys
11:22:14.0884 3668 mrxsmb - ok
11:22:14.0939 3668 mrxsmb10 (f0067552f8f9b33d7c59403ab808a3cb) C:\Windows\system32\DRIVERS\mrxsmb10.sys
11:22:14.0997 3668 mrxsmb10 - ok
11:22:15.0041 3668 mrxsmb20 (3c142d31de9f2f193218a53fe2632051) C:\Windows\system32\DRIVERS\mrxsmb20.sys
11:22:15.0096 3668 mrxsmb20 - ok
11:22:15.0133 3668 msahci (5c37497276e3b3a5488b23a326a754b7) C:\Windows\system32\DRIVERS\msahci.sys
11:22:15.0133 3668 msahci - ok
11:22:15.0143 3668 msdsm (8d27b597229aed79430fb9db3bcbfbd0) C:\Windows\system32\DRIVERS\msdsm.sys
11:22:15.0153 3668 msdsm - ok
11:22:15.0213 3668 MSDTC (de0ece52236cfa3ed2dbfc03f28253a8) C:\Windows\System32\msdtc.exe
11:22:15.0213 3668 MSDTC - ok
11:22:15.0243 3668 Msfs (aa3fb40e17ce1388fa1bedab50ea8f96) C:\Windows\system32\drivers\Msfs.sys
11:22:15.0243 3668 Msfs - ok
11:22:15.0263 3668 mshidkmdf (f9d215a46a8b9753f61767fa72a20326) C:\Windows\System32\drivers\mshidkmdf.sys
11:22:15.0263 3668 mshidkmdf - ok
11:22:15.0273 3668 msisadrv (d916874bbd4f8b07bfb7fa9b3ccae29d) C:\Windows\system32\DRIVERS\msisadrv.sys
11:22:15.0273 3668 msisadrv - ok
11:22:15.0323 3668 MSiSCSI (808e98ff49b155c522e6400953177b08) C:\Windows\system32\iscsiexe.dll
11:22:15.0333 3668 MSiSCSI - ok
11:22:15.0333 3668 msiserver - ok
11:22:15.0485 3668 MSK80Service (acb01bf1a905356ab7f978c7fe852209) C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe
11:22:15.0485 3668 MSK80Service - ok
11:22:15.0545 3668 MSKSSRV (49ccf2c4fea34ffad8b1b59d49439366) C:\Windows\system32\drivers\MSKSSRV.sys
11:22:15.0545 3668 MSKSSRV - ok
11:22:15.0565 3668 MSPCLOCK (bdd71ace35a232104ddd349ee70e1ab3) C:\Windows\system32\drivers\MSPCLOCK.sys
11:22:15.0575 3668 MSPCLOCK - ok
11:22:15.0585 3668 MSPQM (4ed981241db27c3383d72092b618a1d0) C:\Windows\system32\drivers\MSPQM.sys
11:22:15.0585 3668 MSPQM - ok
11:22:15.0635 3668 MsRPC (89cb141aa8616d8c6a4610fa26c60964) C:\Windows\system32\drivers\MsRPC.sys
11:22:15.0645 3668 MsRPC - ok
11:22:15.0655 3668 mssmbios (0eed230e37515a0eaee3c2e1bc97b288) C:\Windows\system32\DRIVERS\mssmbios.sys
11:22:15.0655 3668 mssmbios - ok
11:22:15.0655 3668 MSTEE (2e66f9ecb30b4221a318c92ac2250779) C:\Windows\system32\drivers\MSTEE.sys
11:22:15.0665 3668 MSTEE - ok
11:22:15.0665 3668 MTConfig (7ea404308934e675bffde8edf0757bcd) C:\Windows\system32\DRIVERS\MTConfig.sys
11:22:15.0675 3668 MTConfig - ok
11:22:15.0712 3668 Mup (f9a18612fd3526fe473c1bda678d61c8) C:\Windows\system32\Drivers\mup.sys
11:22:15.0717 3668 Mup - ok
11:22:15.0837 3668 napagent (4987e079a4530fa737a128be54b63b12) C:\Windows\system32\qagentRT.dll
11:22:15.0837 3668 napagent - ok
11:22:15.0927 3668 NativeWifiP (1ea3749c4114db3e3161156ffffa6b33) C:\Windows\system32\DRIVERS\nwifi.sys
11:22:15.0937 3668 NativeWifiP - ok
11:22:16.0037 3668 NDIS (cad515dbd07d082bb317d9928ce8962c) C:\Windows\system32\drivers\ndis.sys
11:22:16.0047 3668 NDIS - ok
11:22:16.0097 3668 NdisCap (9f9a1f53aad7da4d6fef5bb73ab811ac) C:\Windows\system32\DRIVERS\ndiscap.sys
11:22:16.0097 3668 NdisCap - ok
11:22:16.0117 3668 NdisTapi (30639c932d9fef22b31268fe25a1b6e5) C:\Windows\system32\DRIVERS\ndistapi.sys
11:22:16.0127 3668 NdisTapi - ok
11:22:16.0147 3668 Ndisuio (f105ba1e22bf1f2ee8f005d4305e4bec) C:\Windows\system32\DRIVERS\ndisuio.sys
11:22:16.0147 3668 Ndisuio - ok
11:22:16.0167 3668 NdisWan (557dfab9ca1fcb036ac77564c010dad3) C:\Windows\system32\DRIVERS\ndiswan.sys
11:22:16.0167 3668 NdisWan - ok
11:22:16.0187 3668 NDProxy (659b74fb74b86228d6338d643cd3e3cf) C:\Windows\system32\drivers\NDProxy.sys
11:22:16.0187 3668 NDProxy - ok
11:22:16.0197 3668 NetBIOS (86743d9f5d2b1048062b14b1d84501c4) C:\Windows\system32\DRIVERS\netbios.sys
11:22:16.0207 3668 NetBIOS - ok
11:22:16.0217 3668 NetBT (9162b273a44ab9dce5b44362731d062a) C:\Windows\system32\DRIVERS\netbt.sys
11:22:16.0217 3668 NetBT - ok
11:22:16.0267 3668 Netlogon (156f6159457d0aa7e59b62681b56eb90) C:\Windows\system32\lsass.exe
11:22:16.0267 3668 Netlogon - ok
11:22:16.0357 3668 Netman (847d3ae376c0817161a14a82c8922a9e) C:\Windows\System32\netman.dll
11:22:16.0367 3668 Netman - ok
11:22:16.0397 3668 netprofm (5f28111c648f1e24f7dbc87cdeb091b8) C:\Windows\System32\netprofm.dll
11:22:16.0407 3668 netprofm - ok
11:22:16.0587 3668 NetTcpPortSharing (3e5a36127e201ddf663176b66828fafe) C:\Windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\SMSvcHost.exe
11:22:16.0597 3668 NetTcpPortSharing - ok
11:22:16.0637 3668 nfrd960 (77889813be4d166cdab78ddba990da92) C:\Windows\system32\DRIVERS\nfrd960.sys
11:22:16.0647 3668 nfrd960 - ok
11:22:16.0727 3668 NlaSvc (d9a0ce66046d6efa0c61baa885cba0a8) C:\Windows\System32\nlasvc.dll
11:22:16.0727 3668 NlaSvc - ok
11:22:16.0737 3668 Npfs (1e4c4ab5c9b8dd13179bbdc75a2a01f7) C:\Windows\system32\drivers\Npfs.sys
11:22:16.0747 3668 Npfs - ok
11:22:16.0767 3668 nsi (d54bfdf3e0c953f823b3d0bfe4732528) C:\Windows\system32\nsisvc.dll
11:22:16.0777 3668 nsi - ok
11:22:16.0777 3668 nsiproxy (e7f5ae18af4168178a642a9247c63001) C:\Windows\system32\drivers\nsiproxy.sys
11:22:16.0787 3668 nsiproxy - ok
11:22:16.0937 3668 Ntfs (378e0e0dfea67d98ae6ea53adbbd76bc) C:\Windows\system32\drivers\Ntfs.sys
11:22:17.0007 3668 Ntfs - ok
11:22:17.0537 3668 Null (9899284589f75fa8724ff3d16aed75c1) C:\Windows\system32\drivers\Null.sys
11:22:17.0547 3668 Null - ok
11:22:17.0627 3668 nvraid (a4d9c9a608a97f59307c2f2600edc6a4) C:\Windows\system32\drivers\nvraid.sys
11:22:17.0677 3668 nvraid - ok
11:22:17.0737 3668 nvstor (6c1d5f70e7a6a3fd1c90d840edc048b9) C:\Windows\system32\drivers\nvstor.sys
11:22:17.0787 3668 nvstor - ok
11:22:17.0849 3668 nv_agp (270d7cd42d6e3979f6dd0146650f0e05) C:\Windows\system32\DRIVERS\nv_agp.sys
11:22:17.0859 3668 nv_agp - ok
11:22:18.0079 3668 odserv (785f487a64950f3cb8e9f16253ba3b7b) C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE12\ODSERV.EXE
11:22:18.0149 3668 odserv - ok
11:22:18.0181 3668 ohci1394 (3589478e4b22ce21b41fa1bfc0b8b8a0) C:\Windows\system32\DRIVERS\ohci1394.sys
11:22:18.0191 3668 ohci1394 - ok
11:22:18.0321 3668 ose (5a432a042dae460abe7199b758e8606c) C:\Program Files (x86)\Common Files\Microsoft Shared\Source Engine\OSE.EXE
11:22:18.0383 3668 ose - ok
11:22:18.0454 3668 p2pimsvc (3eac4455472cc2c97107b5291e0dcafe) C:\Windows\system32\pnrpsvc.dll
11:22:18.0464 3668 p2pimsvc - ok
11:22:18.0494 3668 p2psvc (927463ecb02179f88e4b9a17568c63c3) C:\Windows\system32\p2psvc.dll
11:22:18.0504 3668 p2psvc - ok
11:22:18.0784 3668 Parport (0086431c29c35be1dbc43f52cc273887) C:\Windows\system32\DRIVERS\parport.sys
11:22:18.0794 3668 Parport - ok
11:22:18.0824 3668 partmgr (90061b1acfe8ccaa5345750ffe08d8b8) C:\Windows\system32\drivers\partmgr.sys
11:22:18.0886 3668 partmgr - ok
11:22:18.0900 3668 PcaSvc (3aeaa8b561e63452c655dc0584922257) C:\Windows\System32\pcasvc.dll
11:22:18.0906 3668 PcaSvc - ok
11:22:18.0926 3668 pci (f36f6504009f2fb0dfd1b17a116ad74b) C:\Windows\system32\DRIVERS\pci.sys
11:22:18.0936 3668 pci - ok
11:22:18.0946 3668 pciide (b5b8b5ef2e5cb34df8dcf8831e3534fa) C:\Windows\system32\DRIVERS\pciide.sys
11:22:18.0956 3668 pciide - ok
11:22:18.0976 3668 pcmcia (b2e81d4e87ce48589f98cb8c05b01f2f) C:\Windows\system32\DRIVERS\pcmcia.sys
11:22:18.0976 3668 pcmcia - ok
11:22:18.0996 3668 pcw (d6b9c2e1a11a3a4b26a182ffef18f603) C:\Windows\system32\drivers\pcw.sys
11:22:18.0996 3668 pcw - ok
11:22:19.0036 3668 PEAUTH (68769c3356b3be5d1c732c97b9a80d6e) C:\Windows\system32\drivers\peauth.sys
11:22:19.0046 3668 PEAUTH - ok
11:22:19.0336 3668 PerfHost (e495e408c93141e8fc72dc0c6046ddfa) C:\Windows\SysWow64\perfhost.exe
11:22:19.0346 3668 PerfHost - ok
11:22:19.0488 3668 pla (557e9a86f65f0de18c9b6751dfe9d3f1) C:\Windows\system32\pla.dll
11:22:19.0518 3668 pla - ok
11:22:19.0598 3668 PlugPlay (98b1721b8718164293b9701b98c52d77) C:\Windows\system32\umpnpmgr.dll
11:22:19.0638 3668 PlugPlay - ok
11:22:19.0690 3668 PNRPAutoReg (7195581cec9bb7d12abe54036acc2e38) C:\Windows\system32\pnrpauto.dll
11:22:19.0700 3668 PNRPAutoReg - ok
11:22:19.0720 3668 PNRPsvc (3eac4455472cc2c97107b5291e0dcafe) C:\Windows\system32\pnrpsvc.dll
11:22:19.0720 3668 PNRPsvc - ok
11:22:19.0790 3668 PolicyAgent (166eb40d1f5b47e615de3d0fffe5f243) C:\Windows\System32\ipsecsvc.dll
11:22:19.0810 3668 PolicyAgent - ok
11:22:19.0880 3668 Power (6ba9d927dded70bd1a9caded45f8b184) C:\Windows\system32\umpo.dll
11:22:19.0890 3668 Power - ok
11:22:20.0060 3668 PptpMiniport (27cc19e81ba5e3403c48302127bda717) C:\Windows\system32\DRIVERS\raspptp.sys
11:22:20.0070 3668 PptpMiniport - ok
11:22:20.0090 3668 Processor (0d922e23c041efb1c3fac2a6f943c9bf) C:\Windows\system32\DRIVERS\processr.sys
11:22:20.0090 3668 Processor - ok
11:22:20.0130 3668 ProfSvc (97293447431311c06703368ad0f6c4be) C:\Windows\system32\profsvc.dll
11:22:20.0170 3668 ProfSvc - ok
11:22:20.0210 3668 ProtectedStorage (156f6159457d0aa7e59b62681b56eb90) C:\Windows\system32\lsass.exe
11:22:20.0210 3668 ProtectedStorage - ok
11:22:20.0290 3668 Psched (ee992183bd8eaefd9973f352e587a299) C:\Windows\system32\DRIVERS\pacer.sys
11:22:20.0290 3668 Psched - ok
11:22:20.0420 3668 ql2300 (a53a15a11ebfd21077463ee2c7afeef0) C:\Windows\system32\DRIVERS\ql2300.sys
11:22:20.0440 3668 ql2300 - ok
11:22:21.0030 3668 ql40xx (4f6d12b51de1aaeff7dc58c4d75423c8) C:\Windows\system32\DRIVERS\ql40xx.sys
11:22:21.0040 3668 ql40xx - ok
11:22:21.0090 3668 QWAVE (906191634e99aea92c4816150bda3732) C:\Windows\system32\qwave.dll
11:22:21.0100 3668 QWAVE - ok
11:22:21.0110 3668 QWAVEdrv (76707bb36430888d9ce9d705398adb6c) C:\Windows\system32\drivers\qwavedrv.sys
11:22:21.0110 3668 QWAVEdrv - ok
11:22:21.0120 3668 RasAcd (5a0da8ad5762fa2d91678a8a01311704) C:\Windows\system32\DRIVERS\rasacd.sys
11:22:21.0130 3668 RasAcd - ok
11:22:21.0230 3668 RasAgileVpn (7ecff9b22276b73f43a99a15a6094e90) C:\Windows\system32\DRIVERS\AgileVpn.sys
11:22:21.0230 3668 RasAgileVpn - ok
11:22:21.0260 3668 RasAuto (8f26510c5383b8dbe976de1cd00fc8c7) C:\Windows\System32\rasauto.dll
11:22:21.0270 3668 RasAuto - ok
11:22:21.0300 3668 Rasl2tp (87a6e852a22991580d6d39adc4790463) C:\Windows\system32\DRIVERS\rasl2tp.sys
11:22:21.0310 3668 Rasl2tp - ok
11:22:21.0350 3668 RasMan (47394ed3d16d053f5906efe5ab51cc83) C:\Windows\System32\rasmans.dll
11:22:21.0360 3668 RasMan - ok
11:22:21.0370 3668 RasPppoe (855c9b1cd4756c5e9a2aa58a15f58c25) C:\Windows\system32\DRIVERS\raspppoe.sys
11:22:21.0380 3668 RasPppoe - ok
11:22:21.0430 3668 RasSstp (e8b1e447b008d07ff47d016c2b0eeecb) C:\Windows\system32\DRIVERS\rassstp.sys
11:22:21.0440 3668 RasSstp - ok
11:22:21.0480 3668 rdbss (3bac8142102c15d59a87757c1d41dce5) C:\Windows\system32\DRIVERS\rdbss.sys
11:22:21.0490 3668 rdbss - ok
11:22:21.0500 3668 rdpbus (302da2a0539f2cf54d7c6cc30c1f2d8d) C:\Windows\system32\DRIVERS\rdpbus.sys
11:22:21.0500 3668 rdpbus - ok
11:22:21.0510 3668 RDPCDD (cea6cc257fc9b7715f1c2b4849286d24) C:\Windows\system32\DRIVERS\RDPCDD.sys
11:22:21.0510 3668 RDPCDD - ok
11:22:21.0540 3668 RDPENCDD (bb5971a4f00659529a5c44831af22365) C:\Windows\system32\drivers\rdpencdd.sys
11:22:21.0540 3668 RDPENCDD - ok
11:22:21.0550 3668 RDPREFMP (216f3fa57533d98e1f74ded70113177a) C:\Windows\system32\drivers\rdprefmp.sys
11:22:21.0550 3668 RDPREFMP - ok
11:22:21.0610 3668 RDPWD (447de7e3dea39d422c1504f245b668b1) C:\Windows\system32\drivers\RDPWD.sys
11:22:21.0660 3668 RDPWD - ok
11:22:21.0712 3668 rdyboost (634b9a2181d98f15941236886164ec8b) C:\Windows\system32\drivers\rdyboost.sys
11:22:21.0722 3668 rdyboost - ok
11:22:21.0792 3668 RemoteAccess (254fb7a22d74e5511c73a3f6d802f192) C:\Windows\System32\mprdim.dll
11:22:21.0802 3668 RemoteAccess - ok
11:22:21.0862 3668 RemoteRegistry (e4d94f24081440b5fc5aa556c7c62702) C:\Windows\system32\regsvc.dll
11:22:21.0862 3668 RemoteRegistry - ok
11:22:21.0922 3668 RpcEptMapper (e4dc58cf7b3ea515ae917ff0d402a7bb) C:\Windows\System32\RpcEpMap.dll
11:22:21.0932 3668 RpcEptMapper - ok
11:22:21.0982 3668 RpcLocator (d5ba242d4cf8e384db90e6a8ed850b8c) C:\Windows\system32\locator.exe
11:22:21.0992 3668 RpcLocator - ok
11:22:22.0032 3668 RpcSs (7266972e86890e2b30c0c322e906b027) C:\Windows\system32\rpcss.dll
11:22:22.0032 3668 RpcSs - ok
11:22:22.0072 3668 rspndr (ddc86e4f8e7456261e637e3552e804ff) C:\Windows\system32\DRIVERS\rspndr.sys
11:22:22.0082 3668 rspndr - ok
11:22:22.0112 3668 SamSs (156f6159457d0aa7e59b62681b56eb90) C:\Windows\system32\lsass.exe
11:22:22.0112 3668 SamSs - ok
11:22:22.0122 3668 sbp2port (e3bbb89983daf5622c1d50cf49f28227) C:\Windows\system32\DRIVERS\sbp2port.sys
11:22:22.0132 3668 sbp2port - ok
11:22:22.0312 3668 SBSDWSCService (794d4b48dfb6e999537c7c3947863463) C:\Program Files (x86)\Spybot - Search & Destroy\SDWinSec.exe
11:22:22.0412 3668 SBSDWSCService - ok
11:22:22.0462 3668 SCardSvr (9b7395789e3791a3b6d000fe6f8b131e) C:\Windows\System32\SCardSvr.dll
11:22:22.0472 3668 SCardSvr - ok
11:22:22.0622 3668 scfilter (c94da20c7e3ba1dca269bc8460d98387) C:\Windows\system32\DRIVERS\scfilter.sys
11:22:22.0622 3668 scfilter - ok
11:22:22.0722 3668 Schedule (624d0f5ff99428bb90a5b8a4123e918e) C:\Windows\system32\schedsvc.dll
11:22:22.0783 3668 Schedule - ok
11:22:22.0824 3668 SCPolicySvc (312e2f82af11e79906898ac3e3d58a1f) C:\Windows\System32\certprop.dll
11:22:22.0824 3668 SCPolicySvc - ok
11:22:22.0884 3668 SDRSVC (765a27c3279ce11d14cb9e4f5869fca5) C:\Windows\System32\SDRSVC.dll
11:22:22.0893 3668 SDRSVC - ok
11:22:23.0096 3668 secdrv (3ea8a16169c26afbeb544e0e48421186) C:\Windows\system32\drivers\secdrv.sys
11:22:23.0096 3668 secdrv - ok
11:22:23.0126 3668 seclogon (463b386ebc70f98da5dff85f7e654346) C:\Windows\system32\seclogon.dll
11:22:23.0136 3668 seclogon - ok
11:22:23.0186 3668 SENS (c32ab8fa018ef34c0f113bd501436d21) C:\Windows\system32\sens.dll
11:22:23.0186 3668 SENS - ok
11:22:23.0216 3668 SensrSvc (0336cffafaab87a11541f1cf1594b2b2) C:\Windows\system32\sensrsvc.dll
11:22:23.0226 3668 SensrSvc - ok
11:22:23.0236 3668 Serenum (cb624c0035412af0debec78c41f5ca1b) C:\Windows\system32\DRIVERS\serenum.sys
11:22:23.0236 3668 Serenum - ok
11:22:23.0286 3668 Serial (c1d8e28b2c2adfaec4ba89e9fda69bd6) C:\Windows\system32\DRIVERS\serial.sys
11:22:23.0296 3668 Serial - ok
11:22:23.0296 3668 sermouse (1c545a7d0691cc4a027396535691c3e3) C:\Windows\system32\DRIVERS\sermouse.sys
11:22:23.0306 3668 sermouse - ok
11:22:23.0352 3668 SessionEnv (c3bc61ce47ff6f4e88ab8a3b429a36af) C:\Windows\system32\sessenv.dll
11:22:23.0358 3668 SessionEnv - ok
11:22:23.0358 3668 sffdisk (a554811bcd09279536440c964ae35bbf) C:\Windows\system32\DRIVERS\sffdisk.sys
11:22:23.0368 3668 sffdisk - ok
11:22:23.0378 3668 sffp_mmc (ff414f0baefeba59bc6c04b3db0b87bf) C:\Windows\system32\DRIVERS\sffp_mmc.sys
11:22:23.0378 3668 sffp_mmc - ok
11:22:23.0388 3668 sffp_sd (5588b8c6193eb1522490c122eb94dffa) C:\Windows\system32\DRIVERS\sffp_sd.sys
11:22:23.0398 3668 sffp_sd - ok
11:22:23.0398 3668 sfloppy (a9d601643a1647211a1ee2ec4e433ff4) C:\Windows\system32\DRIVERS\sfloppy.sys
11:22:23.0408 3668 sfloppy - ok
11:22:23.0508 3668 SharedAccess (b95f6501a2f8b2e78c697fec401970ce) C:\Windows\System32\ipnathlp.dll
11:22:23.0518 3668 SharedAccess - ok
11:22:23.0558 3668 ShellHWDetection (0298ac45d0efffb2db4baa7dd186e7bf) C:\Windows\System32\shsvcs.dll
11:22:23.0568 3668 ShellHWDetection - ok
11:22:23.0598 3668 SiSRaid2 (843caf1e5fde1ffd5ff768f23a51e2e1) C:\Windows\system32\DRIVERS\SiSRaid2.sys
11:22:23.0608 3668 SiSRaid2 - ok
11:22:23.0618 3668 SiSRaid4 (6a6c106d42e9ffff8b9fcb4f754f6da4) C:\Windows\system32\DRIVERS\sisraid4.sys
11:22:23.0618 3668 SiSRaid4 - ok
11:22:23.0628 3668 Smb (548260a7b8654e024dc30bf8a7c5baa4) C:\Windows\system32\DRIVERS\smb.sys
11:22:23.0638 3668 Smb - ok
11:22:23.0708 3668 SNMPTRAP (6313f223e817cc09aa41811daa7f541d) C:\Windows\System32\snmptrap.exe
11:22:23.0718 3668 SNMPTRAP - ok
11:22:23.0718 3668 spldr (b9e31e5cacdfe584f34f730a677803f9) C:\Windows\system32\drivers\spldr.sys
11:22:23.0728 3668 spldr - ok
11:22:24.0008 3668 Spooler (f8e1fa03cb70d54a9892ac88b91d1e7b) C:\Windows\System32\spoolsv.exe
11:22:24.0072 3668 Spooler - ok
11:22:24.0280 3668 sppsvc (913d843498553a1bc8f8dbad6358e49f) C:\Windows\system32\sppsvc.exe
11:22:24.0300 3668 sppsvc - ok
11:22:24.0723 3668 sppuinotify (93d7d61317f3d4bc4f4e9f8a96a7de45) C:\Windows\system32\sppuinotify.dll
11:22:24.0733 3668 sppuinotify - ok
11:22:24.0903 3668 srv (2408c0366d96bcdf63e8f1c78e4a29c5) C:\Windows\system32\DRIVERS\srv.sys
11:22:24.0961 3668 srv - ok
11:22:24.0995 3668 srv2 (76548f7b818881b47d8d1ae1be9c11f8) C:\Windows\system32\DRIVERS\srv2.sys
11:22:25.0057 3668 srv2 - ok
11:22:25.0097 3668 srvnet (0af6e19d39c70844c5caa8fb0183c36e) C:\Windows\system32\DRIVERS\srvnet.sys
11:22:25.0147 3668 srvnet - ok
11:22:25.0217 3668 SSDPSRV (51b52fbd583cde8aa9ba62b8b4298f33) C:\Windows\System32\ssdpsrv.dll
11:22:25.0227 3668 SSDPSRV - ok
11:22:25.0247 3668 SstpSvc (ab7aebf58dad8daab7a6c45e6a8885cb) C:\Windows\system32\sstpsvc.dll
11:22:25.0247 3668 SstpSvc - ok
11:22:25.0297 3668 stexstor (f3817967ed533d08327dc73bc4d5542a) C:\Windows\system32\DRIVERS\stexstor.sys
11:22:25.0297 3668 stexstor - ok
11:22:25.0367 3668 stisvc (52d0e33b681bd0f33fdc08812fee4f7d) C:\Windows\System32\wiaservc.dll
11:22:25.0387 3668 stisvc - ok
11:22:25.0407 3668 swenum (d01ec09b6711a5f8e7e6564a4d0fbc90) C:\Windows\system32\DRIVERS\swenum.sys
11:22:25.0417 3668 swenum - ok
11:22:25.0487 3668 swprv (e08e46fdd841b7184194011ca1955a0b) C:\Windows\System32\swprv.dll
11:22:25.0487 3668 swprv - ok
11:22:25.0617 3668 SysMain (3c1284516a62078fb68f768de4f1a7be) C:\Windows\system32\sysmain.dll
11:22:25.0627 3668 SysMain - ok
11:22:26.0119 3668 TabletInputService (238935c3cf2854886dc7cbb2a0e2cc66) C:\Windows\System32\TabSvc.dll
11:22:26.0119 3668 TabletInputService - ok
11:22:26.0149 3668 TapiSrv (884264ac597b690c5707c89723bb8e7b) C:\Windows\System32\tapisrv.dll
11:22:26.0159 3668 TapiSrv - ok
11:22:26.0189 3668 TBS (1be03ac720f4d302ea01d40f588162f6) C:\Windows\System32\tbssvc.dll
11:22:26.0189 3668 TBS - ok
11:22:26.0469 3668 Tcpip (624c5b3aa4c99b3184bb922d9ece3ff0) C:\Windows\system32\drivers\tcpip.sys
11:22:26.0549 3668 Tcpip - ok
11:22:27.0249 3668 TCPIP6 (624c5b3aa4c99b3184bb922d9ece3ff0) C:\Windows\system32\DRIVERS\tcpip.sys
11:22:27.0259 3668 TCPIP6 - ok
11:22:27.0825 3668 tcpipreg (76d078af6f587b162d50210f761eb9ed) C:\Windows\system32\drivers\tcpipreg.sys
11:22:27.0835 3668 tcpipreg - ok
11:22:27.0865 3668 TDPIPE (3371d21011695b16333a3934340c4e7c) C:\Windows\system32\drivers\tdpipe.sys
11:22:27.0875 3668 TDPIPE - ok
11:22:27.0925 3668 TDTCP (7518f7bcfd4b308abc9192bacaf6c970) C:\Windows\system32\drivers\tdtcp.sys
11:22:27.0982 3668 TDTCP - ok
11:22:28.0007 3668 tdx (079125c4b17b01fcaeebce0bcb290c0f) C:\Windows\system32\DRIVERS\tdx.sys
11:22:28.0017 3668 tdx - ok
11:22:28.0017 3668 TermDD (c448651339196c0e869a355171875522) C:\Windows\system32\DRIVERS\termdd.sys
11:22:28.0027 3668 TermDD - ok
11:22:28.0107 3668 TermService (0f05ec2887bfe197ad82a13287d2f404) C:\Windows\System32\termsrv.dll
11:22:28.0127 3668 TermService - ok
11:22:28.0157 3668 Themes (f0344071948d1a1fa732231785a0664c) C:\Windows\system32\themeservice.dll
11:22:28.0167 3668 Themes - ok
11:22:28.0207 3668 THREADORDER (e40e80d0304a73e8d269f7141d77250b) C:\Windows\system32\mmcss.dll
11:22:28.0207 3668 THREADORDER - ok
11:22:28.0237 3668 TrkWks (7e7afd841694f6ac397e99d75cead49d) C:\Windows\System32\trkwks.dll
11:22:28.0247 3668 TrkWks - ok
11:22:28.0327 3668 TrustedInstaller (840f7fb849f5887a49ba18c13b2da920) C:\Windows\servicing\TrustedInstaller.exe
11:22:28.0327 3668 TrustedInstaller - ok
11:22:28.0367 3668 tssecsrv (61b96c26131e37b24e93327a0bd1fb95) C:\Windows\system32\DRIVERS\tssecsrv.sys
11:22:28.0367 3668 tssecsrv - ok
11:22:28.0407 3668 tunnel (3836171a2cdf3af8ef10856db9835a70) C:\Windows\system32\DRIVERS\tunnel.sys
11:22:28.0407 3668 tunnel - ok
11:22:28.0417 3668 uagp35 (b4dd609bd7e282bfc683cec7eaaaad67) C:\Windows\system32\DRIVERS\uagp35.sys
11:22:28.0427 3668 uagp35 - ok
11:22:28.0477 3668 udfs (d47baead86c65d4f4069d7ce0a4edceb) C:\Windows\system32\DRIVERS\udfs.sys
11:22:28.0487 3668 udfs - ok
11:22:28.0547 3668 UI0Detect (3cbdec8d06b9968aba702eba076364a1) C:\Windows\system32\UI0Detect.exe
11:22:28.0557 3668 UI0Detect - ok
11:22:28.0567 3668 uliagpkx (4bfe1bc28391222894cbf1e7d0e42320) C:\Windows\system32\DRIVERS\uliagpkx.sys
11:22:28.0567 3668 uliagpkx - ok
11:22:28.0577 3668 umbus (eab6c35e62b1b0db0d1b48b671d3a117) C:\Windows\system32\DRIVERS\umbus.sys
11:22:28.0587 3668 umbus - ok
11:22:28.0587 3668 UmPass (b2e8e8cb557b156da5493bbddcc1474d) C:\Windows\system32\DRIVERS\umpass.sys
11:22:28.0587 3668 UmPass - ok
11:22:28.0639 3668 upnphost (d47ec6a8e81633dd18d2436b19baf6de) C:\Windows\System32\upnphost.dll
11:22:28.0649 3668 upnphost - ok
11:22:28.0679 3668 usbccgp (7b6a127c93ee590e4d79a5f2a76fe46f) C:\Windows\system32\DRIVERS\usbccgp.sys
11:22:28.0736 3668 usbccgp - ok
11:22:28.0781 3668 usbcir (af0892a803fdda7492f595368e3b68e7) C:\Windows\system32\DRIVERS\usbcir.sys
11:22:28.0781 3668 usbcir - ok
11:22:28.0801 3668 usbehci (92969ba5ac44e229c55a332864f79677) C:\Windows\system32\DRIVERS\usbehci.sys
11:22:28.0858 3668 usbehci - ok
11:22:28.0933 3668 usbhub (e7df1cfd28ca86b35ef5add0735ceef3) C:\Windows\system32\DRIVERS\usbhub.sys
11:22:28.0989 3668 usbhub - ok
11:22:29.0005 3668 usbohci (f1bb1e55f1e7a65c5839ccc7b36d773e) C:\Windows\system32\drivers\usbohci.sys
11:22:29.0064 3668 usbohci - ok
11:22:29.0297 3668 usbprint (73188f58fb384e75c4063d29413cee3d) C:\Windows\system32\DRIVERS\usbprint.sys
11:22:29.0297 3668 usbprint - ok
11:22:29.0337 3668 USBSTOR (f39983647bc1f3e6100778ddfe9dce29) C:\Windows\system32\DRIVERS\USBSTOR.SYS
11:22:29.0397 3668 USBSTOR - ok
11:22:29.0429 3668 usbuhci (bc3070350a491d84b518d7cca9abd36f) C:\Windows\system32\DRIVERS\usbuhci.sys
11:22:29.0485 3668 usbuhci - ok
11:22:29.0541 3668 usbvideo (7cb8c573c6e4a2714402cc0a36eab4fe) C:\Windows\System32\Drivers\usbvideo.sys
11:22:29.0601 3668 usbvideo - ok
11:22:29.0631 3668 UxSms (edbb23cbcf2cdf727d64ff9b51a6070e) C:\Windows\System32\uxsms.dll
11:22:29.0631 3668 UxSms - ok
11:22:29.0661 3668 VaultSvc (156f6159457d0aa7e59b62681b56eb90) C:\Windows\system32\lsass.exe
11:22:29.0661 3668 VaultSvc - ok
11:22:29.0701 3668 vdrvroot (c5c876ccfc083ff3b128f933823e87bd) C:\Windows\system32\DRIVERS\vdrvroot.sys
11:22:29.0711 3668 vdrvroot - ok
11:22:29.0761 3668 vds (44d73e0bbc1d3c8981304ba15135c2f2) C:\Windows\System32\vds.exe
11:22:29.0771 3668 vds - ok
11:22:29.0801 3668 vga (da4da3f5e02943c2dc8c6ed875de68dd) C:\Windows\system32\DRIVERS\vgapnp.sys
11:22:29.0801 3668 vga - ok
11:22:29.0811 3668 VgaSave (53e92a310193cb3c03bea963de7d9cfc) C:\Windows\System32\drivers\vga.sys
11:22:29.0821 3668 VgaSave - ok
11:22:29.0831 3668 vhdmp (c82e748660f62a242b2dfac1442f22a4) C:\Windows\system32\DRIVERS\vhdmp.sys
11:22:29.0846 3668 vhdmp - ok
11:22:29.0853 3668 viaide (e5689d93ffe4e5d66c0178761240dd54) C:\Windows\system32\DRIVERS\viaide.sys
11:22:29.0859 3668 viaide - ok
11:22:29.0883 3668 volmgr (2b1a3dae2b4e70dbba822b7a03fbd4a3) C:\Windows\system32\DRIVERS\volmgr.sys
11:22:29.0883 3668 volmgr - ok
11:22:29.0913 3668 volmgrx (99b0cbb569ca79acaed8c91461d765fb) C:\Windows\system32\drivers\volmgrx.sys
11:22:29.0913 3668 volmgrx - ok
11:22:29.0963 3668 volsnap (58f82eed8ca24b461441f9c3e4f0bf5c) C:\Windows\system32\DRIVERS\volsnap.sys
11:22:29.0973 3668 volsnap - ok
11:22:29.0993 3668 vsmraid (5e2016ea6ebaca03c04feac5f330d997) C:\Windows\system32\DRIVERS\vsmraid.sys
11:22:29.0993 3668 vsmraid - ok
11:22:30.0153 3668 VSS (787898bf9fb6d7bd87a36e2d95c899ba) C:\Windows\system32\vssvc.exe
11:22:30.0163 3668 VSS - ok
11:22:30.0685 3668 vwifibus (36d4720b72b5c5d9cb2b9c29e9df67a1) C:\Windows\system32\DRIVERS\vwifibus.sys
11:22:30.0695 3668 vwifibus - ok
11:22:30.0725 3668 vwififlt (6a3d66263414ff0d6fa754c646612f3f) C:\Windows\system32\DRIVERS\vwififlt.sys
11:22:30.0725 3668 vwififlt - ok
11:22:30.0785 3668 W32Time (1c9d80cc3849b3788048078c26486e1a) C:\Windows\system32\w32time.dll
11:22:30.0795 3668 W32Time - ok
11:22:30.0805 3668 WacomPen (4e9440f4f152a7b944cb1663d3935a3e) C:\Windows\system32\DRIVERS\wacompen.sys
11:22:30.0815 3668 WacomPen - ok
11:22:30.0845 3668 WANARP (47ca49400643effd3f1c9a27e1d69324) C:\Windows\system32\DRIVERS\wanarp.sys
11:22:30.0845 3668 WANARP - ok
11:22:30.0855 3668 Wanarpv6 (47ca49400643effd3f1c9a27e1d69324) C:\Windows\system32\DRIVERS\wanarp.sys
11:22:30.0855 3668 Wanarpv6 - ok
11:22:30.0985 3668 WatAdminSvc (3cec96de223e49eaae3651fcf8faea6c) C:\Windows\system32\Wat\WatAdminSvc.exe
11:22:31.0095 3668 WatAdminSvc - ok
11:22:31.0205 3668 wbengine (5ab1bb85bd8b5089cc5d64200dedae68) C:\Windows\system32\wbengine.exe
11:22:31.0235 3668 wbengine - ok
11:22:31.0657 3668 WbioSrvc (3aa101e8edab2db4131333f4325c76a3) C:\Windows\System32\wbiosrvc.dll
11:22:31.0667 3668 WbioSrvc - ok
11:22:31.0737 3668 wcncsvc (dd1bae8ebfc653824d29ccf8c9054d68) C:\Windows\System32\wcncsvc.dll
11:22:31.0777 3668 wcncsvc - ok
11:22:31.0817 3668 WcsPlugInService (20f7441334b18cee52027661df4a6129) C:\Windows\System32\WcsPlugInService.dll
11:22:31.0817 3668 WcsPlugInService - ok
11:22:31.0977 3668 Wd (72889e16ff12ba0f235467d6091b17dc) C:\Windows\system32\DRIVERS\wd.sys
11:22:31.0977 3668 Wd - ok
11:22:32.0027 3668 Wdf01000 (441bd2d7b4f98134c3a4f9fa570fd250) C:\Windows\system32\drivers\Wdf01000.sys
11:22:32.0037 3668 Wdf01000 - ok
11:22:32.0087 3668 WdiServiceHost (bf1fc3f79b863c914687a737c2f3d681) C:\Windows\system32\wdi.dll
11:22:32.0097 3668 WdiServiceHost - ok
11:22:32.0107 3668 WdiSystemHost (bf1fc3f79b863c914687a737c2f3d681) C:\Windows\system32\wdi.dll
11:22:32.0107 3668 WdiSystemHost - ok
11:22:32.0199 3668 WebClient (733006127f235be7c35354ebee7b9a7b) C:\Windows\System32\webclnt.dll
11:22:32.0239 3668 WebClient - ok
11:22:32.0301 3668 Wecsvc (c749025a679c5103e575e3b48e092c43) C:\Windows\system32\wecsvc.dll
11:22:32.0311 3668 Wecsvc - ok
11:22:32.0331 3668 wercplsupport (7e591867422dc788b9e5bd337a669a08) C:\Windows\System32\wercplsupport.dll
11:22:32.0341 3668 wercplsupport - ok
11:22:32.0381 3668 WerSvc (6d137963730144698cbd10f202e9f251) C:\Windows\System32\WerSvc.dll
11:22:32.0391 3668 WerSvc - ok
11:22:32.0623 3668 WfpLwf (611b23304bf067451a9fdee01fbdd725) C:\Windows\system32\DRIVERS\wfplwf.sys
11:22:32.0623 3668 WfpLwf - ok
11:22:32.0633 3668 WIMMount (05ecaec3e4529a7153b3136ceb49f0ec) C:\Windows\system32\drivers\wimmount.sys
11:22:32.0637 3668 WIMMount - ok
11:22:32.0715 3668 WinDefend - ok
11:22:32.0725 3668 WinHttpAutoProxySvc - ok
11:22:32.0927 3668 Winmgmt (19b07e7e8915d701225da41cb3877306) C:\Windows\system32\wbem\WMIsvc.dll
11:22:32.0927 3668 Winmgmt - ok
11:22:33.0207 3668 WinRM (41fbb751936b387f9179e7f03a74fe29) C:\Windows\system32\WsmSvc.dll
11:22:33.0237 3668 WinRM - ok
11:22:33.0799 3668 Wlansvc (4fada86e62f18a1b2f42ba18ae24e6aa) C:\Windows\System32\wlansvc.dll
11:22:33.0819 3668 Wlansvc - ok
11:22:34.0029 3668 WmiAcpi (f6ff8944478594d0e414d3f048f0d778) C:\Windows\system32\DRIVERS\wmiacpi.sys
11:22:34.0029 3668 WmiAcpi - ok
11:22:34.0231 3668 wmiApSrv (38b84c94c5a8af291adfea478ae54f93) C:\Windows\system32\wbem\WmiApSrv.exe
11:22:34.0241 3668 wmiApSrv - ok
11:22:34.0661 3668 WMPNetworkSvc - ok
11:22:34.0761 3668 WPCSvc (96c6e7100d724c69fcf9e7bf590d1dca) C:\Windows\System32\wpcsvc.dll
11:22:34.0801 3668 WPCSvc - ok
11:22:34.0961 3668 WPDBusEnum (2e57ddf2880a7e52e76f41c7e96d327b) C:\Windows\system32\wpdbusenum.dll
11:22:34.0961 3668 WPDBusEnum - ok
11:22:35.0071 3668 ws2ifsl (6bcc1d7d2fd2453957c5479a32364e52) C:\Windows\system32\drivers\ws2ifsl.sys
11:22:35.0071 3668 ws2ifsl - ok
11:22:35.0191 3668 wscsvc (8f9f3969933c02da96eb0f84576db43e) C:\Windows\system32\wscsvc.dll
11:22:35.0231 3668 wscsvc - ok
11:22:35.0244 3668 WSearch - ok
11:22:35.0443 3668 wuauserv (d9ef901dca379cfe914e9fa13b73b4c4) C:\Windows\system32\wuaueng.dll
11:22:35.0463 3668 wuauserv - ok
11:22:36.0057 3668 WudfPf (7cadc74271dd6461c452c271b30bd378) C:\Windows\system32\drivers\WudfPf.sys
11:22:36.0067 3668 WudfPf - ok
11:22:36.0117 3668 WUDFRd (3b197af0fff08aa66b6b2241ca538d64) C:\Windows\system32\DRIVERS\WUDFRd.sys
11:22:36.0127 3668 WUDFRd - ok
11:22:36.0229 3668 wudfsvc (b551d6637aa0e132c18ac6e504f7b79b) C:\Windows\System32\WUDFSvc.dll
11:22:36.0238 3668 wudfsvc - ok
11:22:36.0309 3668 WwanSvc (9a3452b3c2a46c073166c5cf49fad1ae) C:\Windows\System32\wwansvc.dll
11:22:36.0329 3668 WwanSvc - ok
11:22:36.0409 3668 yukonw7 (b3eeacf62445e24fbb2cd4b0fb4db026) C:\Windows\system32\DRIVERS\yk62x64.sys
11:22:36.0409 3668 yukonw7 - ok
11:22:36.0473 3668 MBR (0x1B8) (a36c5e4f47e84449ff07ed3517b43a31) \Device\Harddisk0\DR0
11:22:36.0511 3668 \Device\Harddisk0\DR0 ( Rootkit.Boot.Pihar.c ) - infected
11:22:36.0511 3668 \Device\Harddisk0\DR0 - detected Rootkit.Boot.Pihar.c (0)
11:22:36.0551 3668 Boot (0x1200) (e9898696208d9272da9533ade414211f) \Device\Harddisk0\DR0\Partition0
11:22:36.0551 3668 \Device\Harddisk0\DR0\Partition0 - ok
11:22:36.0601 3668 Boot (0x1200) (3f759e083daa0bfc53855744e15a6d5a) \Device\Harddisk0\DR0\Partition1
11:22:36.0611 3668 \Device\Harddisk0\DR0\Partition1 - ok
11:22:36.0621 3668 ============================================================
11:22:36.0621 3668 Scan finished
11:22:36.0621 3668 ============================================================
11:22:36.0631 4936 Detected object count: 1
11:22:36.0631 4936 Actual detected object count: 1
11:22:53.0959 4936 \Device\Harddisk0\DR0 ( Rootkit.Boot.Pihar.c ) - skipped by user
11:22:53.0959 4936 \Device\Harddisk0\DR0 ( Rootkit.Boot.Pihar.c ) - User select action: Skip
The scan itself lasted for less than a minute, so I am not sure if it captured everything you need. Let me know, if you need something else.
Thanks!
Hi,
Please run TDSSKiller again and this time select cure. Post back the log.
shelbs318
2012-06-21, 22:06
After the program cured the error it prompted me to reboot my system. Upon restarting my computer, the program was no longer pulled up so I ran it again. The second scan came up with no errors; here is the log from the second scan.
15:50:09.0272 4452 TDSS rootkit removing tool 2.7.41.0 Jun 20 2012 20:53:32
15:50:09.0818 4452 ============================================================
15:50:09.0818 4452 Current date / time: 2012/06/21 15:50:09.0818
15:50:09.0818 4452 SystemInfo:
15:50:09.0818 4452
15:50:09.0818 4452 OS Version: 6.1.7600 ServicePack: 0.0
15:50:09.0818 4452 Product type: Workstation
15:50:09.0818 4452 ComputerName: SHELBY-PC
15:50:09.0818 4452 UserName: Shelby
15:50:09.0818 4452 Windows directory: C:\Windows
15:50:09.0818 4452 System windows directory: C:\Windows
15:50:09.0818 4452 Running under WOW64
15:50:09.0818 4452 Processor architecture: Intel x64
15:50:09.0818 4452 Number of processors: 2
15:50:09.0818 4452 Page size: 0x1000
15:50:09.0818 4452 Boot type: Normal boot
15:50:09.0818 4452 ============================================================
15:50:11.0424 4452 Drive \Device\Harddisk0\DR0 - Size: 0x3A38B2E000 (232.89 Gb), SectorSize: 0x200, Cylinders: 0x76C1, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000040
15:50:11.0440 4452 ============================================================
15:50:11.0440 4452 \Device\Harddisk0\DR0:
15:50:11.0456 4452 MBR partitions:
15:50:11.0456 4452 \Device\Harddisk0\DR0\Partition0: MBR, Type 0x7, StartLBA 0x14000, BlocksNum 0x1D4C000
15:50:11.0456 4452 \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x1D60000, BlocksNum 0x1B465170
15:50:11.0456 4452 ============================================================
15:50:11.0580 4452 C: <-> \Device\Harddisk0\DR0\Partition1
15:50:11.0580 4452 ============================================================
15:50:11.0580 4452 Initialize success
15:50:11.0580 4452 ============================================================
15:50:13.0265 4748 ============================================================
15:50:13.0265 4748 Scan started
15:50:13.0265 4748 Mode: Manual;
15:50:13.0265 4748 ============================================================
15:50:16.0214 4748 1394ohci (1b00662092f9f9568b995902f0cc40d5) C:\Windows\system32\DRIVERS\1394ohci.sys
15:50:16.0214 4748 1394ohci - ok
15:50:16.0276 4748 ACPI (6f11e88748cdefd2f76aa215f97ddfe5) C:\Windows\system32\DRIVERS\ACPI.sys
15:50:16.0276 4748 ACPI - ok
15:50:16.0292 4748 AcpiPmi (63b05a0420ce4bf0e4af6dcc7cada254) C:\Windows\system32\DRIVERS\acpipmi.sys
15:50:16.0292 4748 AcpiPmi - ok
15:50:16.0541 4748 AdobeARMservice (62b7936f9036dd6ed36e6a7efa805dc0) C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
15:50:16.0541 4748 AdobeARMservice - ok
15:50:16.0916 4748 AdobeFlashPlayerUpdateSvc (f3cd7b20b27d1772c946df993ff3635c) C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
15:50:16.0916 4748 AdobeFlashPlayerUpdateSvc - ok
15:50:17.0009 4748 adp94xx (2f6b34b83843f0c5118b63ac634f5bf4) C:\Windows\system32\DRIVERS\adp94xx.sys
15:50:17.0009 4748 adp94xx - ok
15:50:17.0150 4748 adpahci (597f78224ee9224ea1a13d6350ced962) C:\Windows\system32\DRIVERS\adpahci.sys
15:50:17.0150 4748 adpahci - ok
15:50:17.0165 4748 adpu320 (e109549c90f62fb570b9540c4b148e54) C:\Windows\system32\DRIVERS\adpu320.sys
15:50:17.0181 4748 adpu320 - ok
15:50:17.0243 4748 AeLookupSvc (4b78b431f225fd8624c5655cb1de7b61) C:\Windows\System32\aelupsvc.dll
15:50:17.0243 4748 AeLookupSvc - ok
15:50:17.0477 4748 AFD (db9d6c6b2cd95a9ca414d045b627422e) C:\Windows\system32\drivers\afd.sys
15:50:17.0524 4748 AFD - ok
15:50:17.0664 4748 agp440 (608c14dba7299d8cb6ed035a68a15799) C:\Windows\system32\DRIVERS\agp440.sys
15:50:17.0664 4748 agp440 - ok
15:50:17.0774 4748 ALG (3290d6946b5e30e70414990574883ddb) C:\Windows\System32\alg.exe
15:50:17.0774 4748 ALG - ok
15:50:17.0789 4748 aliide (5812713a477a3ad7363c7438ca2ee038) C:\Windows\system32\DRIVERS\aliide.sys
15:50:17.0789 4748 aliide - ok
15:50:17.0805 4748 amdide (1ff8b4431c353ce385c875f194924c0c) C:\Windows\system32\DRIVERS\amdide.sys
15:50:17.0805 4748 amdide - ok
15:50:17.0836 4748 AmdK8 (7024f087cff1833a806193ef9d22cda9) C:\Windows\system32\DRIVERS\amdk8.sys
15:50:17.0836 4748 AmdK8 - ok
15:50:17.0852 4748 AmdPPM (1e56388b3fe0d031c44144eb8c4d6217) C:\Windows\system32\DRIVERS\amdppm.sys
15:50:17.0852 4748 AmdPPM - ok
15:50:17.0930 4748 amdsata (ec7ebab00a4d8448bab68d1e49b4beb9) C:\Windows\system32\drivers\amdsata.sys
15:50:17.0930 4748 amdsata - ok
15:50:17.0961 4748 amdsbs (f67f933e79241ed32ff46a4f29b5120b) C:\Windows\system32\DRIVERS\amdsbs.sys
15:50:17.0961 4748 amdsbs - ok
15:50:18.0008 4748 amdxata (db27766102c7bf7e95140a2aa81d042e) C:\Windows\system32\drivers\amdxata.sys
15:50:18.0023 4748 amdxata - ok
15:50:18.0054 4748 AppID (42fd751b27fa0e9c69bb39f39e409594) C:\Windows\system32\drivers\appid.sys
15:50:18.0054 4748 AppID - ok
15:50:18.0101 4748 AppIDSvc (0bc381a15355a3982216f7172f545de1) C:\Windows\System32\appidsvc.dll
15:50:18.0101 4748 AppIDSvc - ok
15:50:18.0117 4748 Appinfo (d065be66822847b7f127d1f90158376e) C:\Windows\System32\appinfo.dll
15:50:18.0117 4748 Appinfo - ok
15:50:18.0148 4748 arc (c484f8ceb1717c540242531db7845c4e) C:\Windows\system32\DRIVERS\arc.sys
15:50:18.0148 4748 arc - ok
15:50:18.0164 4748 arcsas (019af6924aefe7839f61c830227fe79c) C:\Windows\system32\DRIVERS\arcsas.sys
15:50:18.0164 4748 arcsas - ok
15:50:18.0179 4748 AsyncMac (769765ce2cc62867468cea93969b2242) C:\Windows\system32\DRIVERS\asyncmac.sys
15:50:18.0179 4748 AsyncMac - ok
15:50:18.0195 4748 atapi (02062c0b390b7729edc9e69c680a6f3c) C:\Windows\system32\DRIVERS\atapi.sys
15:50:18.0195 4748 atapi - ok
15:50:18.0242 4748 AudioEndpointBuilder (07721a77180edd4d39ccb865bf63c7fd) C:\Windows\System32\Audiosrv.dll
15:50:18.0257 4748 AudioEndpointBuilder - ok
15:50:18.0273 4748 AudioSrv (07721a77180edd4d39ccb865bf63c7fd) C:\Windows\System32\Audiosrv.dll
15:50:18.0273 4748 AudioSrv - ok
15:50:18.0382 4748 AxInstSV (b20b5fa5ca050e9926e4d1db81501b32) C:\Windows\System32\AxInstSV.dll
15:50:18.0398 4748 AxInstSV - ok
15:50:18.0741 4748 b06bdrv (3e5b191307609f7514148c6832bb0842) C:\Windows\system32\DRIVERS\bxvbda.sys
15:50:18.0803 4748 b06bdrv - ok
15:50:18.0975 4748 b57nd60a (b5ace6968304a3900eeb1ebfd9622df2) C:\Windows\system32\DRIVERS\b57nd60a.sys
15:50:18.0990 4748 b57nd60a - ok
15:50:19.0162 4748 BCM43XX (9e84a931dbee0292e38ed672f6293a99) C:\Windows\system32\DRIVERS\bcmwl664.sys
15:50:19.0178 4748 BCM43XX - ok
15:50:19.0240 4748 BDESVC (fde360167101b4e45a96f939f388aeb0) C:\Windows\System32\bdesvc.dll
15:50:19.0240 4748 BDESVC - ok
15:50:19.0458 4748 Beep (16a47ce2decc9b099349a5f840654746) C:\Windows\system32\drivers\Beep.sys
15:50:19.0458 4748 Beep - ok
15:50:19.0568 4748 BFE (4992c609a6315671463e30f6512bc022) C:\Windows\System32\bfe.dll
15:50:19.0583 4748 BFE - ok
15:50:19.0708 4748 BITS (7f0c323fe3da28aa4aa1bda3f575707f) C:\Windows\system32\qmgr.dll
15:50:19.0724 4748 BITS - ok
15:50:19.0958 4748 blbdrive (61583ee3c3a17003c4acd0475646b4d3) C:\Windows\system32\DRIVERS\blbdrive.sys
15:50:19.0958 4748 blbdrive - ok
15:50:20.0004 4748 bowser (19d20159708e152267e53b66677a4995) C:\Windows\system32\DRIVERS\bowser.sys
15:50:20.0004 4748 bowser - ok
15:50:20.0020 4748 BrFiltLo (f09eee9edc320b5e1501f749fde686c8) C:\Windows\system32\DRIVERS\BrFiltLo.sys
15:50:20.0020 4748 BrFiltLo - ok
15:50:20.0036 4748 BrFiltUp (b114d3098e9bdb8bea8b053685831be6) C:\Windows\system32\DRIVERS\BrFiltUp.sys
15:50:20.0036 4748 BrFiltUp - ok
15:50:20.0051 4748 BridgeMP (5c2f352a4e961d72518261257aae204b) C:\Windows\system32\DRIVERS\bridge.sys
15:50:20.0051 4748 BridgeMP - ok
15:50:20.0098 4748 Browser (94fbc06f294d58d02361918418f996e3) C:\Windows\System32\browser.dll
15:50:20.0098 4748 Browser - ok
15:50:20.0145 4748 Brserid (43bea8d483bf1870f018e2d02e06a5bd) C:\Windows\System32\Drivers\Brserid.sys
15:50:20.0145 4748 Brserid - ok
15:50:20.0223 4748 BrSerWdm (a6eca2151b08a09caceca35c07f05b42) C:\Windows\System32\Drivers\BrSerWdm.sys
15:50:20.0223 4748 BrSerWdm - ok
15:50:20.0238 4748 BrUsbMdm (b79968002c277e869cf38bd22cd61524) C:\Windows\System32\Drivers\BrUsbMdm.sys
15:50:20.0238 4748 BrUsbMdm - ok
15:50:20.0238 4748 BrUsbSer (a87528880231c54e75ea7a44943b38bf) C:\Windows\System32\Drivers\BrUsbSer.sys
15:50:20.0238 4748 BrUsbSer - ok
15:50:20.0254 4748 BTHMODEM (9da669f11d1f894ab4eb69bf546a42e8) C:\Windows\system32\DRIVERS\bthmodem.sys
15:50:20.0254 4748 BTHMODEM - ok
15:50:20.0285 4748 bthserv (95f9c2976059462cbbf227f7aab10de9) C:\Windows\system32\bthserv.dll
15:50:20.0285 4748 bthserv - ok
15:50:20.0566 4748 catchme - ok
15:50:20.0660 4748 cdfs (b8bd2bb284668c84865658c77574381a) C:\Windows\system32\DRIVERS\cdfs.sys
15:50:20.0660 4748 cdfs - ok
15:50:20.0706 4748 cdrom (83d2d75e1efb81b3450c18131443f7db) C:\Windows\system32\DRIVERS\cdrom.sys
15:50:20.0706 4748 cdrom - ok
15:50:20.0784 4748 CertPropSvc (312e2f82af11e79906898ac3e3d58a1f) C:\Windows\System32\certprop.dll
15:50:20.0800 4748 CertPropSvc - ok
15:50:20.0847 4748 cfwids (274ce03459896006f7a5069266e0469e) C:\Windows\system32\drivers\cfwids.sys
15:50:20.0847 4748 cfwids - ok
15:50:20.0862 4748 circlass (d7cd5c4e1b71fa62050515314cfb52cf) C:\Windows\system32\DRIVERS\circlass.sys
15:50:20.0862 4748 circlass - ok
15:50:20.0925 4748 CLFS (fe1ec06f2253f691fe36217c592a0206) C:\Windows\system32\CLFS.sys
15:50:20.0925 4748 CLFS - ok
15:50:21.0330 4748 clr_optimization_v2.0.50727_32 (d88040f816fda31c3b466f0fa0918f29) C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
15:50:21.0346 4748 clr_optimization_v2.0.50727_32 - ok
15:50:21.0642 4748 clr_optimization_v2.0.50727_64 (d1ceea2b47cb998321c579651ce3e4f8) C:\Windows\Microsoft.NET\Framework64\v2.0.50727\mscorsvw.exe
15:50:21.0658 4748 clr_optimization_v2.0.50727_64 - ok
15:50:22.0017 4748 clr_optimization_v4.0.30319_32 (c5a75eb48e2344abdc162bda79e16841) C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
15:50:22.0032 4748 clr_optimization_v4.0.30319_32 - ok
15:50:22.0204 4748 clr_optimization_v4.0.30319_64 (c6f9af94dcd58122a4d7e89db6bed29d) C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe
15:50:22.0204 4748 clr_optimization_v4.0.30319_64 - ok
15:50:22.0298 4748 CmBatt (0840155d0bddf1190f84a663c284bd33) C:\Windows\system32\DRIVERS\CmBatt.sys
15:50:22.0298 4748 CmBatt - ok
15:50:22.0313 4748 cmdide (e19d3f095812725d88f9001985b94edd) C:\Windows\system32\DRIVERS\cmdide.sys
15:50:22.0313 4748 cmdide - ok
15:50:22.0391 4748 CNG (937beb186a735aca91d717044a49d17e) C:\Windows\system32\Drivers\cng.sys
15:50:22.0391 4748 CNG - ok
15:50:22.0454 4748 Compbatt (102de219c3f61415f964c88e9085ad14) C:\Windows\system32\DRIVERS\compbatt.sys
15:50:22.0454 4748 Compbatt - ok
15:50:22.0469 4748 CompositeBus (f26b3a86f6fa87ca360b879581ab4123) C:\Windows\system32\DRIVERS\CompositeBus.sys
15:50:22.0485 4748 CompositeBus - ok
15:50:22.0500 4748 COMSysApp - ok
15:50:22.0500 4748 crcdisk (1c827878a998c18847245fe1f34ee597) C:\Windows\system32\DRIVERS\crcdisk.sys
15:50:22.0516 4748 crcdisk - ok
15:50:22.0610 4748 CryptSvc (f02786b66375292e58c8777082d4396d) C:\Windows\system32\cryptsvc.dll
15:50:22.0610 4748 CryptSvc - ok
15:50:22.0719 4748 DcomLaunch (7266972e86890e2b30c0c322e906b027) C:\Windows\system32\rpcss.dll
15:50:22.0734 4748 DcomLaunch - ok
15:50:22.0844 4748 defragsvc (3cec7631a84943677aa8fa8ee5b6b43d) C:\Windows\System32\defragsvc.dll
15:50:22.0859 4748 defragsvc - ok
15:50:22.0906 4748 DfsC (9c253ce7311ca60fc11c774692a13208) C:\Windows\system32\Drivers\dfsc.sys
15:50:22.0906 4748 DfsC - ok
15:50:22.0984 4748 Dhcp (ce3b9562d997f69b330d181a8875960f) C:\Windows\system32\dhcpcore.dll
15:50:22.0984 4748 Dhcp - ok
15:50:23.0062 4748 discache (13096b05847ec78f0977f2c0f79e9ab3) C:\Windows\system32\drivers\discache.sys
15:50:23.0062 4748 discache - ok
15:50:23.0140 4748 Disk (9819eee8b5ea3784ec4af3b137a5244c) C:\Windows\system32\DRIVERS\disk.sys
15:50:23.0140 4748 Disk - ok
15:50:23.0187 4748 Dnscache (85cf424c74a1d5ec33533e1dbff9920a) C:\Windows\System32\dnsrslvr.dll
15:50:23.0187 4748 Dnscache - ok
15:50:23.0249 4748 dot3svc (14452acdb09b70964c8c21bf80a13acb) C:\Windows\System32\dot3svc.dll
15:50:23.0249 4748 dot3svc - ok
15:50:23.0312 4748 DPS (8c2ba6bea949ee6e68385f5692bafb94) C:\Windows\system32\dps.dll
15:50:23.0312 4748 DPS - ok
15:50:23.0390 4748 drmkaud (9b19f34400d24df84c858a421c205754) C:\Windows\system32\drivers\drmkaud.sys
15:50:23.0390 4748 drmkaud - ok
15:50:23.0468 4748 DXGKrnl (1633b9abf52784a1331476397a48cbef) C:\Windows\System32\drivers\dxgkrnl.sys
15:50:23.0483 4748 DXGKrnl - ok
15:50:23.0514 4748 EapHost (e2dda8726da9cb5b2c4000c9018a9633) C:\Windows\System32\eapsvc.dll
15:50:23.0514 4748 EapHost - ok
15:50:23.0764 4748 ebdrv (dc5d737f51be844d8c82c695eb17372f) C:\Windows\system32\DRIVERS\evbda.sys
15:50:23.0826 4748 ebdrv - ok
15:50:24.0404 4748 EFS (156f6159457d0aa7e59b62681b56eb90) C:\Windows\System32\lsass.exe
15:50:24.0419 4748 EFS - ok
15:50:24.0653 4748 ehRecvr (47c071994c3f649f23d9cd075ac9304a) C:\Windows\ehome\ehRecvr.exe
15:50:24.0669 4748 ehRecvr - ok
15:50:24.0716 4748 ehSched (4705e8ef9934482c5bb488ce28afc681) C:\Windows\ehome\ehsched.exe
15:50:24.0716 4748 ehSched - ok
15:50:24.0996 4748 elxstor (0e5da5369a0fcaea12456dd852545184) C:\Windows\system32\DRIVERS\elxstor.sys
15:50:24.0996 4748 elxstor - ok
15:50:25.0012 4748 ErrDev (34a3c54752046e79a126e15c51db409b) C:\Windows\system32\DRIVERS\errdev.sys
15:50:25.0012 4748 ErrDev - ok
15:50:25.0121 4748 EventSystem (4166f82be4d24938977dd1746be9b8a0) C:\Windows\system32\es.dll
15:50:25.0137 4748 EventSystem - ok
15:50:25.0168 4748 exfat (a510c654ec00c1e9bdd91eeb3a59823b) C:\Windows\system32\drivers\exfat.sys
15:50:25.0168 4748 exfat - ok
15:50:25.0184 4748 fastfat (0adc83218b66a6db380c330836f3e36d) C:\Windows\system32\drivers\fastfat.sys
15:50:25.0199 4748 fastfat - ok
15:50:25.0293 4748 Fax (d607b2f1bee3992aa6c2c92c0a2f0855) C:\Windows\system32\fxssvc.exe
15:50:25.0308 4748 Fax - ok
15:50:25.0308 4748 fdc (d765d19cd8ef61f650c384f62fac00ab) C:\Windows\system32\DRIVERS\fdc.sys
15:50:25.0324 4748 fdc - ok
15:50:25.0340 4748 fdPHost (0438cab2e03f4fb61455a7956026fe86) C:\Windows\system32\fdPHost.dll
15:50:25.0340 4748 fdPHost - ok
15:50:25.0355 4748 FDResPub (802496cb59a30349f9a6dd22d6947644) C:\Windows\system32\fdrespub.dll
15:50:25.0355 4748 FDResPub - ok
15:50:25.0386 4748 FileInfo (655661be46b5f5f3fd454e2c3095b930) C:\Windows\system32\drivers\fileinfo.sys
15:50:25.0386 4748 FileInfo - ok
15:50:25.0386 4748 Filetrace (5f671ab5bc87eea04ec38a6cd5962a47) C:\Windows\system32\drivers\filetrace.sys
15:50:25.0386 4748 Filetrace - ok
15:50:25.0402 4748 flpydisk (c172a0f53008eaeb8ea33fe10e177af5) C:\Windows\system32\DRIVERS\flpydisk.sys
15:50:25.0402 4748 flpydisk - ok
15:50:25.0418 4748 FltMgr (f7866af72abbaf84b1fa5aa195378c59) C:\Windows\system32\drivers\fltmgr.sys
15:50:25.0418 4748 FltMgr - ok
15:50:25.0542 4748 FontCache (bc00505cfda789ed3be95d2ff38c4875) C:\Windows\system32\FntCache.dll
15:50:25.0558 4748 FontCache - ok
15:50:25.0730 4748 FontCache3.0.0.0 (8d89e3131c27fdd6932189cb785e1b7a) C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe
15:50:25.0730 4748 FontCache3.0.0.0 - ok
15:50:25.0917 4748 FsDepends (d43703496149971890703b4b1b723eac) C:\Windows\system32\drivers\FsDepends.sys
15:50:25.0917 4748 FsDepends - ok
15:50:25.0964 4748 Fs_Rec (d3e3f93d67821a2db2b3d9fac2dc2064) C:\Windows\system32\drivers\Fs_Rec.sys
15:50:25.0979 4748 Fs_Rec - ok
15:50:26.0026 4748 fvevol (ae87ba80d0ec3b57126ed2cdc15b24ed) C:\Windows\system32\DRIVERS\fvevol.sys
15:50:26.0042 4748 fvevol - ok
15:50:26.0120 4748 gagp30kx (8c778d335c9d272cfd3298ab02abe3b6) C:\Windows\system32\DRIVERS\gagp30kx.sys
15:50:26.0120 4748 gagp30kx - ok
15:50:26.0213 4748 gpsvc (fe5ab4525bc2ec68b9119a6e5d40128b) C:\Windows\System32\gpsvc.dll
15:50:26.0213 4748 gpsvc - ok
15:50:26.0276 4748 hcw85cir (f2523ef6460fc42405b12248338ab2f0) C:\Windows\system32\drivers\hcw85cir.sys
15:50:26.0276 4748 hcw85cir - ok
15:50:26.0338 4748 HdAudAddService (6410f6f415b2a5a9037224c41da8bf12) C:\Windows\system32\drivers\HdAudio.sys
15:50:26.0354 4748 HdAudAddService - ok
15:50:26.0400 4748 HDAudBus (0a49913402747a0b67de940fb42cbdbb) C:\Windows\system32\DRIVERS\HDAudBus.sys
15:50:26.0400 4748 HDAudBus - ok
15:50:26.0447 4748 HidBatt (78e86380454a7b10a5eb255dc44a355f) C:\Windows\system32\DRIVERS\HidBatt.sys
15:50:26.0463 4748 HidBatt - ok
15:50:26.0463 4748 HidBth (7fd2a313f7afe5c4dab14798c48dd104) C:\Windows\system32\DRIVERS\hidbth.sys
15:50:26.0463 4748 HidBth - ok
15:50:26.0510 4748 HidIr (0a77d29f311b88cfae3b13f9c1a73825) C:\Windows\system32\DRIVERS\hidir.sys
15:50:26.0510 4748 HidIr - ok
15:50:26.0619 4748 hidserv (bd9eb3958f213f96b97b1d897dee006d) C:\Windows\System32\hidserv.dll
15:50:26.0619 4748 hidserv - ok
15:50:26.0634 4748 HidUsb (b3bf6b5b50006def50b66306d99fcf6f) C:\Windows\system32\DRIVERS\hidusb.sys
15:50:26.0650 4748 HidUsb - ok
15:50:26.0697 4748 hkmsvc (efa58ede58dd74388ffd04cb32681518) C:\Windows\system32\kmsvc.dll
15:50:26.0697 4748 hkmsvc - ok
15:50:26.0790 4748 HomeGroupListener (046b2673767ca626e2cfb7fdf735e9e8) C:\Windows\system32\ListSvc.dll
15:50:26.0790 4748 HomeGroupListener - ok
15:50:26.0853 4748 HomeGroupProvider (06a7422224d9865a5613710a089987df) C:\Windows\system32\provsvc.dll
15:50:26.0853 4748 HomeGroupProvider - ok
15:50:26.0884 4748 HpSAMD (0886d440058f203eba0e1825e4355914) C:\Windows\system32\DRIVERS\HpSAMD.sys
15:50:26.0884 4748 HpSAMD - ok
15:50:26.0978 4748 HTTP (cee049cac4efa7f4e1e4ad014414a5d4) C:\Windows\system32\drivers\HTTP.sys
15:50:26.0978 4748 HTTP - ok
15:50:27.0024 4748 hwpolicy (f17766a19145f111856378df337a5d79) C:\Windows\system32\drivers\hwpolicy.sys
15:50:27.0024 4748 hwpolicy - ok
15:50:27.0071 4748 i8042prt (fa55c73d4affa7ee23ac4be53b4592d3) C:\Windows\system32\DRIVERS\i8042prt.sys
15:50:27.0071 4748 i8042prt - ok
15:50:27.0243 4748 iaStorV (b75e45c564e944a2657167d197ab29da) C:\Windows\system32\drivers\iaStorV.sys
15:50:27.0243 4748 iaStorV - ok
15:50:27.0492 4748 idsvc (2f2be70d3e02b6fa877921ab9516d43c) C:\Windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\infocard.exe
15:50:27.0508 4748 idsvc - ok
15:50:27.0960 4748 igfx (a87261ef1546325b559374f5689cf5bc) C:\Windows\system32\DRIVERS\igdkmd64.sys
15:50:28.0116 4748 igfx - ok
15:50:28.0896 4748 iirsp (5c18831c61933628f5bb0ea2675b9d21) C:\Windows\system32\DRIVERS\iirsp.sys
15:50:28.0912 4748 iirsp - ok
15:50:29.0021 4748 IKEEXT (c5b4683680df085b57bc53e5ef34861f) C:\Windows\System32\ikeext.dll
15:50:29.0021 4748 IKEEXT - ok
15:50:29.0052 4748 intelide (f00f20e70c6ec3aa366910083a0518aa) C:\Windows\system32\DRIVERS\intelide.sys
15:50:29.0052 4748 intelide - ok
15:50:29.0052 4748 intelppm (ada036632c664caa754079041cf1f8c1) C:\Windows\system32\DRIVERS\intelppm.sys
15:50:29.0052 4748 intelppm - ok
15:50:29.0115 4748 IPBusEnum (098a91c54546a3b878dad6a7e90a455b) C:\Windows\system32\ipbusenum.dll
15:50:29.0115 4748 IPBusEnum - ok
15:50:29.0115 4748 IpFilterDriver (722dd294df62483cecaae6e094b4d695) C:\Windows\system32\DRIVERS\ipfltdrv.sys
15:50:29.0115 4748 IpFilterDriver - ok
15:50:29.0208 4748 iphlpsvc (f8e058d17363ec580e4b7232778b6cb5) C:\Windows\System32\iphlpsvc.dll
15:50:29.0224 4748 iphlpsvc - ok
15:50:29.0271 4748 IPMIDRV (e2b4a4494db7cb9b89b55ca268c337c5) C:\Windows\system32\DRIVERS\IPMIDrv.sys
15:50:29.0271 4748 IPMIDRV - ok
15:50:29.0302 4748 IPNAT (af9b39a7e7b6caa203b3862582e9f2d0) C:\Windows\system32\drivers\ipnat.sys
15:50:29.0302 4748 IPNAT - ok
15:50:29.0380 4748 IRENUM (3abf5e7213eb28966d55d58b515d5ce9) C:\Windows\system32\drivers\irenum.sys
15:50:29.0380 4748 IRENUM - ok
15:50:29.0380 4748 isapnp (2f7b28dc3e1183e5eb418df55c204f38) C:\Windows\system32\DRIVERS\isapnp.sys
15:50:29.0380 4748 isapnp - ok
15:50:29.0442 4748 iScsiPrt (fa4d2557de56d45b0a346f93564be6e1) C:\Windows\system32\DRIVERS\msiscsi.sys
15:50:29.0442 4748 iScsiPrt - ok
15:50:29.0474 4748 kbdclass (bc02336f1cba7dcc7d1213bb588a68a5) C:\Windows\system32\DRIVERS\kbdclass.sys
15:50:29.0474 4748 kbdclass - ok
15:50:29.0520 4748 kbdhid (6def98f8541e1b5dceb2c822a11f7323) C:\Windows\system32\DRIVERS\kbdhid.sys
15:50:29.0520 4748 kbdhid - ok
15:50:29.0583 4748 KeyIso (156f6159457d0aa7e59b62681b56eb90) C:\Windows\system32\lsass.exe
15:50:29.0583 4748 KeyIso - ok
15:50:29.0630 4748 KSecDD (16c1b906fc5ead84769f90b736b6bf0e) C:\Windows\system32\Drivers\ksecdd.sys
15:50:29.0630 4748 KSecDD - ok
15:50:29.0661 4748 KSecPkg (0b711550c56444879d71c7daabda6c83) C:\Windows\system32\Drivers\ksecpkg.sys
15:50:29.0661 4748 KSecPkg - ok
15:50:29.0708 4748 ksthunk (6869281e78cb31a43e969f06b57347c4) C:\Windows\system32\drivers\ksthunk.sys
15:50:29.0723 4748 ksthunk - ok
15:50:29.0801 4748 KtmRm (6ab66e16aa859232f64deb66887a8c9c) C:\Windows\system32\msdtckrm.dll
15:50:29.0817 4748 KtmRm - ok
15:50:29.0910 4748 LanmanServer (81f1d04d4d0e433099365127375fd501) C:\Windows\System32\srvsvc.dll
15:50:29.0910 4748 LanmanServer - ok
15:50:29.0942 4748 LanmanWorkstation (27026eac8818e8a6c00a1cad2f11d29a) C:\Windows\System32\wkssvc.dll
15:50:29.0957 4748 LanmanWorkstation - ok
15:50:30.0098 4748 lltdio (1538831cf8ad2979a04c423779465827) C:\Windows\system32\DRIVERS\lltdio.sys
15:50:30.0098 4748 lltdio - ok
15:50:30.0176 4748 lltdsvc (c1185803384ab3feed115f79f109427f) C:\Windows\System32\lltdsvc.dll
15:50:30.0191 4748 lltdsvc - ok
15:50:30.0191 4748 lmhosts (f993a32249b66c9d622ea5592a8b76b8) C:\Windows\System32\lmhsvc.dll
15:50:30.0191 4748 lmhosts - ok
15:50:30.0254 4748 LSI_FC (1a93e54eb0ece102495a51266dcdb6a6) C:\Windows\system32\DRIVERS\lsi_fc.sys
15:50:30.0254 4748 LSI_FC - ok
15:50:30.0269 4748 LSI_SAS (1047184a9fdc8bdbff857175875ee810) C:\Windows\system32\DRIVERS\lsi_sas.sys
15:50:30.0269 4748 LSI_SAS - ok
15:50:30.0332 4748 LSI_SAS2 (30f5c0de1ee8b5bc9306c1f0e4a75f93) C:\Windows\system32\DRIVERS\lsi_sas2.sys
15:50:30.0332 4748 LSI_SAS2 - ok
15:50:30.0347 4748 LSI_SCSI (0504eacaff0d3c8aed161c4b0d369d4a) C:\Windows\system32\DRIVERS\lsi_scsi.sys
15:50:30.0347 4748 LSI_SCSI - ok
15:50:30.0378 4748 luafv (43d0f98e1d56ccddb0d5254cff7b356e) C:\Windows\system32\drivers\luafv.sys
15:50:30.0394 4748 luafv - ok
15:50:30.0566 4748 McAfee SiteAdvisor Service (acb01bf1a905356ab7f978c7fe852209) C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe
15:50:30.0566 4748 McAfee SiteAdvisor Service - ok
15:50:30.0581 4748 McMPFSvc (acb01bf1a905356ab7f978c7fe852209) C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe
15:50:30.0581 4748 McMPFSvc - ok
15:50:30.0597 4748 mcmscsvc (acb01bf1a905356ab7f978c7fe852209) C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe
15:50:30.0612 4748 mcmscsvc - ok
15:50:30.0659 4748 McNaiAnn (acb01bf1a905356ab7f978c7fe852209) C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe
15:50:30.0659 4748 McNaiAnn - ok
15:50:30.0706 4748 McNASvc (acb01bf1a905356ab7f978c7fe852209) C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe
15:50:30.0706 4748 McNASvc - ok
15:50:30.0893 4748 McODS (dd2321925274f2902929d76ce2b0eb45) C:\Program Files\McAfee\VirusScan\mcods.exe
15:50:30.0893 4748 McODS - ok
15:50:30.0909 4748 McProxy (acb01bf1a905356ab7f978c7fe852209) C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe
15:50:30.0909 4748 McProxy - ok
15:50:30.0987 4748 McShield (e998e3b12101288d716558466cbf6ae1) C:\Program Files\Common Files\McAfee\SystemCore\\mcshield.exe
15:50:30.0987 4748 McShield - ok
15:50:31.0034 4748 Mcx2Svc (f84c8f1000bc11e3b7b23cbd3baff111) C:\Windows\system32\Mcx2Svc.dll
15:50:31.0034 4748 Mcx2Svc - ok
15:50:31.0080 4748 megasas (a55805f747c6edb6a9080d7c633bd0f4) C:\Windows\system32\DRIVERS\megasas.sys
15:50:31.0080 4748 megasas - ok
15:50:31.0096 4748 MegaSR (baf74ce0072480c3b6b7c13b2a94d6b3) C:\Windows\system32\DRIVERS\MegaSR.sys
15:50:31.0112 4748 MegaSR - ok
15:50:31.0158 4748 mfeapfk (01884cb7655c8908b43ff5e364fe6fd2) C:\Windows\system32\drivers\mfeapfk.sys
15:50:31.0158 4748 mfeapfk - ok
15:50:31.0236 4748 mfeavfk (dab9a9cdfb04e4d68924492aa043019d) C:\Windows\system32\drivers\mfeavfk.sys
15:50:31.0236 4748 mfeavfk - ok
15:50:31.0283 4748 mfeavfk01 - ok
15:50:31.0330 4748 mfefire (b26782c3d6045b4464017d7926877560) C:\Program Files\Common Files\McAfee\SystemCore\\mfefire.exe
15:50:31.0330 4748 mfefire - ok
15:50:31.0377 4748 mfefirek (ce9a3680675c0907ade16404ca967b49) C:\Windows\system32\drivers\mfefirek.sys
15:50:31.0392 4748 mfefirek - ok
15:50:31.0502 4748 mfehidk (60cf67458dd29cd17e77f2327b1a9a54) C:\Windows\system32\drivers\mfehidk.sys
15:50:31.0502 4748 mfehidk - ok
15:50:31.0533 4748 mfenlfk (a8129cfb919347f8533c934b365e9202) C:\Windows\system32\DRIVERS\mfenlfk.sys
15:50:31.0533 4748 mfenlfk - ok
15:50:31.0595 4748 mferkdet (5041fa2bd2b3a2693b015771bfbf6dca) C:\Windows\system32\drivers\mferkdet.sys
15:50:31.0595 4748 mferkdet - ok
15:50:31.0642 4748 mfevtp (723a5eb6cef7f408c3d0f15a82a6bff8) C:\Windows\system32\mfevtps.exe
15:50:31.0642 4748 mfevtp - ok
15:50:31.0704 4748 mfewfpk (919c56db14a0e1e2ab6da5d2821dc26e) C:\Windows\system32\drivers\mfewfpk.sys
15:50:31.0704 4748 mfewfpk - ok
15:50:31.0782 4748 MMCSS (e40e80d0304a73e8d269f7141d77250b) C:\Windows\system32\mmcss.dll
15:50:31.0782 4748 MMCSS - ok
15:50:31.0829 4748 Modem (800ba92f7010378b09f9ed9270f07137) C:\Windows\system32\drivers\modem.sys
15:50:31.0829 4748 Modem - ok
15:50:31.0860 4748 monitor (b03d591dc7da45ece20b3b467e6aadaa) C:\Windows\system32\DRIVERS\monitor.sys
15:50:31.0860 4748 monitor - ok
15:50:31.0876 4748 mouclass (7d27ea49f3c1f687d357e77a470aea99) C:\Windows\system32\DRIVERS\mouclass.sys
15:50:31.0876 4748 mouclass - ok
15:50:31.0892 4748 mouhid (d3bf052c40b0c4166d9fd86a4288c1e6) C:\Windows\system32\DRIVERS\mouhid.sys
15:50:31.0892 4748 mouhid - ok
15:50:31.0923 4748 mountmgr (791af66c4d0e7c90a3646066386fb571) C:\Windows\system32\drivers\mountmgr.sys
15:50:31.0923 4748 mountmgr - ok
15:50:31.0938 4748 mpio (609d1d87649ecc19796f4d76d4c15cea) C:\Windows\system32\DRIVERS\mpio.sys
15:50:31.0938 4748 mpio - ok
15:50:31.0954 4748 mpsdrv (6c38c9e45ae0ea2fa5e551f2ed5e978f) C:\Windows\system32\drivers\mpsdrv.sys
15:50:31.0954 4748 mpsdrv - ok
15:50:32.0032 4748 MpsSvc (aecab449567d1846dad63ece49e893e3) C:\Windows\system32\mpssvc.dll
15:50:32.0032 4748 MpsSvc - ok
15:50:32.0048 4748 MRxDAV (30524261bb51d96d6fcbac20c810183c) C:\Windows\system32\drivers\mrxdav.sys
15:50:32.0048 4748 MRxDAV - ok
15:50:32.0094 4748 mrxsmb (040d62a9d8ad28922632137acdd984f2) C:\Windows\system32\DRIVERS\mrxsmb.sys
15:50:32.0094 4748 mrxsmb - ok
15:50:32.0141 4748 mrxsmb10 (f0067552f8f9b33d7c59403ab808a3cb) C:\Windows\system32\DRIVERS\mrxsmb10.sys
15:50:32.0157 4748 mrxsmb10 - ok
15:50:32.0204 4748 mrxsmb20 (3c142d31de9f2f193218a53fe2632051) C:\Windows\system32\DRIVERS\mrxsmb20.sys
15:50:32.0204 4748 mrxsmb20 - ok
15:50:32.0235 4748 msahci (5c37497276e3b3a5488b23a326a754b7) C:\Windows\system32\DRIVERS\msahci.sys
15:50:32.0235 4748 msahci - ok
15:50:32.0250 4748 msdsm (8d27b597229aed79430fb9db3bcbfbd0) C:\Windows\system32\DRIVERS\msdsm.sys
15:50:32.0250 4748 msdsm - ok
15:50:32.0313 4748 MSDTC (de0ece52236cfa3ed2dbfc03f28253a8) C:\Windows\System32\msdtc.exe
15:50:32.0313 4748 MSDTC - ok
15:50:32.0344 4748 Msfs (aa3fb40e17ce1388fa1bedab50ea8f96) C:\Windows\system32\drivers\Msfs.sys
15:50:32.0344 4748 Msfs - ok
15:50:32.0344 4748 mshidkmdf (f9d215a46a8b9753f61767fa72a20326) C:\Windows\System32\drivers\mshidkmdf.sys
15:50:32.0344 4748 mshidkmdf - ok
15:50:32.0360 4748 msisadrv (d916874bbd4f8b07bfb7fa9b3ccae29d) C:\Windows\system32\DRIVERS\msisadrv.sys
15:50:32.0360 4748 msisadrv - ok
15:50:32.0406 4748 MSiSCSI (808e98ff49b155c522e6400953177b08) C:\Windows\system32\iscsiexe.dll
15:50:32.0422 4748 MSiSCSI - ok
15:50:32.0422 4748 msiserver - ok
15:50:32.0578 4748 MSK80Service (acb01bf1a905356ab7f978c7fe852209) C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe
15:50:32.0578 4748 MSK80Service - ok
15:50:32.0625 4748 MSKSSRV (49ccf2c4fea34ffad8b1b59d49439366) C:\Windows\system32\drivers\MSKSSRV.sys
15:50:32.0625 4748 MSKSSRV - ok
15:50:32.0640 4748 MSPCLOCK (bdd71ace35a232104ddd349ee70e1ab3) C:\Windows\system32\drivers\MSPCLOCK.sys
15:50:32.0640 4748 MSPCLOCK - ok
15:50:32.0656 4748 MSPQM (4ed981241db27c3383d72092b618a1d0) C:\Windows\system32\drivers\MSPQM.sys
15:50:32.0656 4748 MSPQM - ok
15:50:32.0703 4748 MsRPC (89cb141aa8616d8c6a4610fa26c60964) C:\Windows\system32\drivers\MsRPC.sys
15:50:32.0718 4748 MsRPC - ok
15:50:32.0718 4748 mssmbios (0eed230e37515a0eaee3c2e1bc97b288) C:\Windows\system32\DRIVERS\mssmbios.sys
15:50:32.0734 4748 mssmbios - ok
15:50:32.0734 4748 MSTEE (2e66f9ecb30b4221a318c92ac2250779) C:\Windows\system32\drivers\MSTEE.sys
15:50:32.0734 4748 MSTEE - ok
15:50:32.0750 4748 MTConfig (7ea404308934e675bffde8edf0757bcd) C:\Windows\system32\DRIVERS\MTConfig.sys
15:50:32.0750 4748 MTConfig - ok
15:50:32.0781 4748 Mup (f9a18612fd3526fe473c1bda678d61c8) C:\Windows\system32\Drivers\mup.sys
15:50:32.0781 4748 Mup - ok
15:50:32.0859 4748 napagent (4987e079a4530fa737a128be54b63b12) C:\Windows\system32\qagentRT.dll
15:50:32.0859 4748 napagent - ok
15:50:32.0937 4748 NativeWifiP (1ea3749c4114db3e3161156ffffa6b33) C:\Windows\system32\DRIVERS\nwifi.sys
15:50:32.0952 4748 NativeWifiP - ok
15:50:33.0046 4748 NDIS (cad515dbd07d082bb317d9928ce8962c) C:\Windows\system32\drivers\ndis.sys
15:50:33.0062 4748 NDIS - ok
15:50:33.0108 4748 NdisCap (9f9a1f53aad7da4d6fef5bb73ab811ac) C:\Windows\system32\DRIVERS\ndiscap.sys
15:50:33.0108 4748 NdisCap - ok
15:50:33.0155 4748 NdisTapi (30639c932d9fef22b31268fe25a1b6e5) C:\Windows\system32\DRIVERS\ndistapi.sys
15:50:33.0155 4748 NdisTapi - ok
15:50:33.0186 4748 Ndisuio (f105ba1e22bf1f2ee8f005d4305e4bec) C:\Windows\system32\DRIVERS\ndisuio.sys
15:50:33.0186 4748 Ndisuio - ok
15:50:33.0202 4748 NdisWan (557dfab9ca1fcb036ac77564c010dad3) C:\Windows\system32\DRIVERS\ndiswan.sys
15:50:33.0202 4748 NdisWan - ok
15:50:33.0218 4748 NDProxy (659b74fb74b86228d6338d643cd3e3cf) C:\Windows\system32\drivers\NDProxy.sys
15:50:33.0218 4748 NDProxy - ok
15:50:33.0249 4748 NetBIOS (86743d9f5d2b1048062b14b1d84501c4) C:\Windows\system32\DRIVERS\netbios.sys
15:50:33.0249 4748 NetBIOS - ok
15:50:33.0264 4748 NetBT (9162b273a44ab9dce5b44362731d062a) C:\Windows\system32\DRIVERS\netbt.sys
15:50:33.0264 4748 NetBT - ok
15:50:33.0311 4748 Netlogon (156f6159457d0aa7e59b62681b56eb90) C:\Windows\system32\lsass.exe
15:50:33.0311 4748 Netlogon - ok
15:50:33.0405 4748 Netman (847d3ae376c0817161a14a82c8922a9e) C:\Windows\System32\netman.dll
15:50:33.0405 4748 Netman - ok
15:50:33.0452 4748 netprofm (5f28111c648f1e24f7dbc87cdeb091b8) C:\Windows\System32\netprofm.dll
15:50:33.0452 4748 netprofm - ok
15:50:33.0639 4748 NetTcpPortSharing (3e5a36127e201ddf663176b66828fafe) C:\Windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\SMSvcHost.exe
15:50:33.0654 4748 NetTcpPortSharing - ok
15:50:33.0732 4748 nfrd960 (77889813be4d166cdab78ddba990da92) C:\Windows\system32\DRIVERS\nfrd960.sys
15:50:33.0732 4748 nfrd960 - ok
15:50:33.0826 4748 NlaSvc (d9a0ce66046d6efa0c61baa885cba0a8) C:\Windows\System32\nlasvc.dll
15:50:33.0826 4748 NlaSvc - ok
15:50:33.0842 4748 Npfs (1e4c4ab5c9b8dd13179bbdc75a2a01f7) C:\Windows\system32\drivers\Npfs.sys
15:50:33.0842 4748 Npfs - ok
15:50:33.0873 4748 nsi (d54bfdf3e0c953f823b3d0bfe4732528) C:\Windows\system32\nsisvc.dll
15:50:33.0873 4748 nsi - ok
15:50:33.0873 4748 nsiproxy (e7f5ae18af4168178a642a9247c63001) C:\Windows\system32\drivers\nsiproxy.sys
15:50:33.0873 4748 nsiproxy - ok
15:50:33.0998 4748 Ntfs (378e0e0dfea67d98ae6ea53adbbd76bc) C:\Windows\system32\drivers\Ntfs.sys
15:50:34.0013 4748 Ntfs - ok
15:50:34.0544 4748 Null (9899284589f75fa8724ff3d16aed75c1) C:\Windows\system32\drivers\Null.sys
15:50:34.0544 4748 Null - ok
15:50:34.0606 4748 nvraid (a4d9c9a608a97f59307c2f2600edc6a4) C:\Windows\system32\drivers\nvraid.sys
15:50:34.0606 4748 nvraid - ok
15:50:34.0668 4748 nvstor (6c1d5f70e7a6a3fd1c90d840edc048b9) C:\Windows\system32\drivers\nvstor.sys
15:50:34.0668 4748 nvstor - ok
15:50:34.0700 4748 nv_agp (270d7cd42d6e3979f6dd0146650f0e05) C:\Windows\system32\DRIVERS\nv_agp.sys
15:50:34.0715 4748 nv_agp - ok
15:50:34.0934 4748 odserv (785f487a64950f3cb8e9f16253ba3b7b) C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE12\ODSERV.EXE
15:50:34.0949 4748 odserv - ok
15:50:34.0965 4748 ohci1394 (3589478e4b22ce21b41fa1bfc0b8b8a0) C:\Windows\system32\DRIVERS\ohci1394.sys
15:50:34.0965 4748 ohci1394 - ok
15:50:35.0012 4748 ose (5a432a042dae460abe7199b758e8606c) C:\Program Files (x86)\Common Files\Microsoft Shared\Source Engine\OSE.EXE
15:50:35.0012 4748 ose - ok
15:50:35.0074 4748 p2pimsvc (3eac4455472cc2c97107b5291e0dcafe) C:\Windows\system32\pnrpsvc.dll
15:50:35.0074 4748 p2pimsvc - ok
15:50:35.0199 4748 p2psvc (927463ecb02179f88e4b9a17568c63c3) C:\Windows\system32\p2psvc.dll
15:50:35.0199 4748 p2psvc - ok
15:50:35.0261 4748 Parport (0086431c29c35be1dbc43f52cc273887) C:\Windows\system32\DRIVERS\parport.sys
15:50:35.0261 4748 Parport - ok
15:50:35.0308 4748 partmgr (90061b1acfe8ccaa5345750ffe08d8b8) C:\Windows\system32\drivers\partmgr.sys
15:50:35.0308 4748 partmgr - ok
15:50:35.0324 4748 PcaSvc (3aeaa8b561e63452c655dc0584922257) C:\Windows\System32\pcasvc.dll
15:50:35.0324 4748 PcaSvc - ok
15:50:35.0339 4748 pci (f36f6504009f2fb0dfd1b17a116ad74b) C:\Windows\system32\DRIVERS\pci.sys
15:50:35.0339 4748 pci - ok
15:50:35.0339 4748 pciide (b5b8b5ef2e5cb34df8dcf8831e3534fa) C:\Windows\system32\DRIVERS\pciide.sys
15:50:35.0339 4748 pciide - ok
15:50:35.0402 4748 pcmcia (b2e81d4e87ce48589f98cb8c05b01f2f) C:\Windows\system32\DRIVERS\pcmcia.sys
15:50:35.0402 4748 pcmcia - ok
15:50:35.0417 4748 pcw (d6b9c2e1a11a3a4b26a182ffef18f603) C:\Windows\system32\drivers\pcw.sys
15:50:35.0417 4748 pcw - ok
15:50:35.0464 4748 PEAUTH (68769c3356b3be5d1c732c97b9a80d6e) C:\Windows\system32\drivers\peauth.sys
15:50:35.0464 4748 PEAUTH - ok
15:50:35.0745 4748 PerfHost (e495e408c93141e8fc72dc0c6046ddfa) C:\Windows\SysWow64\perfhost.exe
15:50:35.0760 4748 PerfHost - ok
15:50:35.0916 4748 pla (557e9a86f65f0de18c9b6751dfe9d3f1) C:\Windows\system32\pla.dll
15:50:35.0932 4748 pla - ok
15:50:36.0010 4748 PlugPlay (98b1721b8718164293b9701b98c52d77) C:\Windows\system32\umpnpmgr.dll
15:50:36.0026 4748 PlugPlay - ok
15:50:36.0072 4748 PNRPAutoReg (7195581cec9bb7d12abe54036acc2e38) C:\Windows\system32\pnrpauto.dll
15:50:36.0072 4748 PNRPAutoReg - ok
15:50:36.0104 4748 PNRPsvc (3eac4455472cc2c97107b5291e0dcafe) C:\Windows\system32\pnrpsvc.dll
15:50:36.0104 4748 PNRPsvc - ok
15:50:36.0197 4748 PolicyAgent (166eb40d1f5b47e615de3d0fffe5f243) C:\Windows\System32\ipsecsvc.dll
15:50:36.0197 4748 PolicyAgent - ok
15:50:36.0244 4748 Power (6ba9d927dded70bd1a9caded45f8b184) C:\Windows\system32\umpo.dll
15:50:36.0260 4748 Power - ok
15:50:36.0431 4748 PptpMiniport (27cc19e81ba5e3403c48302127bda717) C:\Windows\system32\DRIVERS\raspptp.sys
15:50:36.0431 4748 PptpMiniport - ok
15:50:36.0447 4748 Processor (0d922e23c041efb1c3fac2a6f943c9bf) C:\Windows\system32\DRIVERS\processr.sys
15:50:36.0462 4748 Processor - ok
15:50:36.0509 4748 ProfSvc (97293447431311c06703368ad0f6c4be) C:\Windows\system32\profsvc.dll
15:50:36.0509 4748 ProfSvc - ok
15:50:36.0556 4748 ProtectedStorage (156f6159457d0aa7e59b62681b56eb90) C:\Windows\system32\lsass.exe
15:50:36.0556 4748 ProtectedStorage - ok
15:50:36.0603 4748 Psched (ee992183bd8eaefd9973f352e587a299) C:\Windows\system32\DRIVERS\pacer.sys
15:50:36.0603 4748 Psched - ok
shelbs318
2012-06-21, 22:08
15:51:57.0957 4312 ql2300 (a53a15a11ebfd21077463ee2c7afeef0) C:\Windows\system32\DRIVERS\ql2300.sys
15:51:57.0957 4312 ql2300 - ok
15:51:58.0487 4312 ql40xx (4f6d12b51de1aaeff7dc58c4d75423c8) C:\Windows\system32\DRIVERS\ql40xx.sys
15:51:58.0503 4312 ql40xx - ok
15:51:58.0550 4312 QWAVE (906191634e99aea92c4816150bda3732) C:\Windows\system32\qwave.dll
15:51:58.0565 4312 QWAVE - ok
15:51:58.0565 4312 QWAVEdrv (76707bb36430888d9ce9d705398adb6c) C:\Windows\system32\drivers\qwavedrv.sys
15:51:58.0565 4312 QWAVEdrv - ok
15:51:58.0581 4312 RasAcd (5a0da8ad5762fa2d91678a8a01311704) C:\Windows\system32\DRIVERS\rasacd.sys
15:51:58.0581 4312 RasAcd - ok
15:51:58.0628 4312 RasAgileVpn (7ecff9b22276b73f43a99a15a6094e90) C:\Windows\system32\DRIVERS\AgileVpn.sys
15:51:58.0628 4312 RasAgileVpn - ok
15:51:58.0659 4312 RasAuto (8f26510c5383b8dbe976de1cd00fc8c7) C:\Windows\System32\rasauto.dll
15:51:58.0659 4312 RasAuto - ok
15:51:58.0706 4312 Rasl2tp (87a6e852a22991580d6d39adc4790463) C:\Windows\system32\DRIVERS\rasl2tp.sys
15:51:58.0706 4312 Rasl2tp - ok
15:51:58.0753 4312 RasMan (47394ed3d16d053f5906efe5ab51cc83) C:\Windows\System32\rasmans.dll
15:51:58.0768 4312 RasMan - ok
15:51:58.0768 4312 RasPppoe (855c9b1cd4756c5e9a2aa58a15f58c25) C:\Windows\system32\DRIVERS\raspppoe.sys
15:51:58.0784 4312 RasPppoe - ok
15:51:58.0799 4312 RasSstp (e8b1e447b008d07ff47d016c2b0eeecb) C:\Windows\system32\DRIVERS\rassstp.sys
15:51:58.0815 4312 RasSstp - ok
15:51:58.0831 4312 rdbss (3bac8142102c15d59a87757c1d41dce5) C:\Windows\system32\DRIVERS\rdbss.sys
15:51:58.0831 4312 rdbss - ok
15:51:58.0831 4312 rdpbus (302da2a0539f2cf54d7c6cc30c1f2d8d) C:\Windows\system32\DRIVERS\rdpbus.sys
15:51:58.0831 4312 rdpbus - ok
15:51:58.0846 4312 RDPCDD (cea6cc257fc9b7715f1c2b4849286d24) C:\Windows\system32\DRIVERS\RDPCDD.sys
15:51:58.0846 4312 RDPCDD - ok
15:51:58.0862 4312 RDPENCDD (bb5971a4f00659529a5c44831af22365) C:\Windows\system32\drivers\rdpencdd.sys
15:51:58.0862 4312 RDPENCDD - ok
15:51:58.0877 4312 RDPREFMP (216f3fa57533d98e1f74ded70113177a) C:\Windows\system32\drivers\rdprefmp.sys
15:51:58.0877 4312 RDPREFMP - ok
15:51:58.0924 4312 RDPWD (447de7e3dea39d422c1504f245b668b1) C:\Windows\system32\drivers\RDPWD.sys
15:51:58.0924 4312 RDPWD - ok
15:51:58.0940 4312 rdyboost (634b9a2181d98f15941236886164ec8b) C:\Windows\system32\drivers\rdyboost.sys
15:51:58.0955 4312 rdyboost - ok
15:51:59.0002 4312 RemoteAccess (254fb7a22d74e5511c73a3f6d802f192) C:\Windows\System32\mprdim.dll
15:51:59.0002 4312 RemoteAccess - ok
15:51:59.0065 4312 RemoteRegistry (e4d94f24081440b5fc5aa556c7c62702) C:\Windows\system32\regsvc.dll
15:51:59.0065 4312 RemoteRegistry - ok
15:51:59.0080 4312 RpcEptMapper (e4dc58cf7b3ea515ae917ff0d402a7bb) C:\Windows\System32\RpcEpMap.dll
15:51:59.0080 4312 RpcEptMapper - ok
15:51:59.0189 4312 RpcLocator (d5ba242d4cf8e384db90e6a8ed850b8c) C:\Windows\system32\locator.exe
15:51:59.0189 4312 RpcLocator - ok
15:51:59.0252 4312 RpcSs (7266972e86890e2b30c0c322e906b027) C:\Windows\system32\rpcss.dll
15:51:59.0252 4312 RpcSs - ok
15:51:59.0299 4312 rspndr (ddc86e4f8e7456261e637e3552e804ff) C:\Windows\system32\DRIVERS\rspndr.sys
15:51:59.0299 4312 rspndr - ok
15:51:59.0330 4312 SamSs (156f6159457d0aa7e59b62681b56eb90) C:\Windows\system32\lsass.exe
15:51:59.0345 4312 SamSs - ok
15:51:59.0345 4312 sbp2port (e3bbb89983daf5622c1d50cf49f28227) C:\Windows\system32\DRIVERS\sbp2port.sys
15:51:59.0361 4312 sbp2port - ok
15:51:59.0579 4312 SBSDWSCService (794d4b48dfb6e999537c7c3947863463) C:\Program Files (x86)\Spybot - Search & Destroy\SDWinSec.exe
15:51:59.0579 4312 SBSDWSCService - ok
15:51:59.0657 4312 SCardSvr (9b7395789e3791a3b6d000fe6f8b131e) C:\Windows\System32\SCardSvr.dll
15:51:59.0657 4312 SCardSvr - ok
15:51:59.0798 4312 scfilter (c94da20c7e3ba1dca269bc8460d98387) C:\Windows\system32\DRIVERS\scfilter.sys
15:51:59.0798 4312 scfilter - ok
15:51:59.0891 4312 Schedule (624d0f5ff99428bb90a5b8a4123e918e) C:\Windows\system32\schedsvc.dll
15:51:59.0907 4312 Schedule - ok
15:51:59.0954 4312 SCPolicySvc (312e2f82af11e79906898ac3e3d58a1f) C:\Windows\System32\certprop.dll
15:51:59.0954 4312 SCPolicySvc - ok
15:52:00.0016 4312 SDRSVC (765a27c3279ce11d14cb9e4f5869fca5) C:\Windows\System32\SDRSVC.dll
15:52:00.0016 4312 SDRSVC - ok
15:52:00.0188 4312 secdrv (3ea8a16169c26afbeb544e0e48421186) C:\Windows\system32\drivers\secdrv.sys
15:52:00.0188 4312 secdrv - ok
15:52:00.0219 4312 seclogon (463b386ebc70f98da5dff85f7e654346) C:\Windows\system32\seclogon.dll
15:52:00.0219 4312 seclogon - ok
15:52:00.0235 4312 SENS (c32ab8fa018ef34c0f113bd501436d21) C:\Windows\system32\sens.dll
15:52:00.0235 4312 SENS - ok
15:52:00.0266 4312 SensrSvc (0336cffafaab87a11541f1cf1594b2b2) C:\Windows\system32\sensrsvc.dll
15:52:00.0266 4312 SensrSvc - ok
15:52:00.0266 4312 Serenum (cb624c0035412af0debec78c41f5ca1b) C:\Windows\system32\DRIVERS\serenum.sys
15:52:00.0266 4312 Serenum - ok
15:52:00.0281 4312 Serial (c1d8e28b2c2adfaec4ba89e9fda69bd6) C:\Windows\system32\DRIVERS\serial.sys
15:52:00.0281 4312 Serial - ok
15:52:00.0297 4312 sermouse (1c545a7d0691cc4a027396535691c3e3) C:\Windows\system32\DRIVERS\sermouse.sys
15:52:00.0297 4312 sermouse - ok
15:52:00.0328 4312 SessionEnv (c3bc61ce47ff6f4e88ab8a3b429a36af) C:\Windows\system32\sessenv.dll
15:52:00.0328 4312 SessionEnv - ok
15:52:00.0344 4312 sffdisk (a554811bcd09279536440c964ae35bbf) C:\Windows\system32\DRIVERS\sffdisk.sys
15:52:00.0344 4312 sffdisk - ok
15:52:00.0344 4312 sffp_mmc (ff414f0baefeba59bc6c04b3db0b87bf) C:\Windows\system32\DRIVERS\sffp_mmc.sys
15:52:00.0344 4312 sffp_mmc - ok
15:52:00.0359 4312 sffp_sd (5588b8c6193eb1522490c122eb94dffa) C:\Windows\system32\DRIVERS\sffp_sd.sys
15:52:00.0359 4312 sffp_sd - ok
15:52:00.0359 4312 sfloppy (a9d601643a1647211a1ee2ec4e433ff4) C:\Windows\system32\DRIVERS\sfloppy.sys
15:52:00.0359 4312 sfloppy - ok
15:52:00.0437 4312 SharedAccess (b95f6501a2f8b2e78c697fec401970ce) C:\Windows\System32\ipnathlp.dll
15:52:00.0437 4312 SharedAccess - ok
15:52:00.0469 4312 ShellHWDetection (0298ac45d0efffb2db4baa7dd186e7bf) C:\Windows\System32\shsvcs.dll
15:52:00.0484 4312 ShellHWDetection - ok
15:52:00.0515 4312 SiSRaid2 (843caf1e5fde1ffd5ff768f23a51e2e1) C:\Windows\system32\DRIVERS\SiSRaid2.sys
15:52:00.0515 4312 SiSRaid2 - ok
15:52:00.0531 4312 SiSRaid4 (6a6c106d42e9ffff8b9fcb4f754f6da4) C:\Windows\system32\DRIVERS\sisraid4.sys
15:52:00.0531 4312 SiSRaid4 - ok
15:52:00.0547 4312 Smb (548260a7b8654e024dc30bf8a7c5baa4) C:\Windows\system32\DRIVERS\smb.sys
15:52:00.0547 4312 Smb - ok
15:52:00.0593 4312 SNMPTRAP (6313f223e817cc09aa41811daa7f541d) C:\Windows\System32\snmptrap.exe
15:52:00.0593 4312 SNMPTRAP - ok
15:52:00.0593 4312 spldr (b9e31e5cacdfe584f34f730a677803f9) C:\Windows\system32\drivers\spldr.sys
15:52:00.0593 4312 spldr - ok
15:52:00.0656 4312 Spooler (f8e1fa03cb70d54a9892ac88b91d1e7b) C:\Windows\System32\spoolsv.exe
15:52:00.0671 4312 Spooler - ok
15:52:00.0874 4312 sppsvc (913d843498553a1bc8f8dbad6358e49f) C:\Windows\system32\sppsvc.exe
15:52:00.0890 4312 sppsvc - ok
15:52:01.0311 4312 sppuinotify (93d7d61317f3d4bc4f4e9f8a96a7de45) C:\Windows\system32\sppuinotify.dll
15:52:01.0311 4312 sppuinotify - ok
15:52:01.0498 4312 srv (2408c0366d96bcdf63e8f1c78e4a29c5) C:\Windows\system32\DRIVERS\srv.sys
15:52:01.0498 4312 srv - ok
15:52:01.0561 4312 srv2 (76548f7b818881b47d8d1ae1be9c11f8) C:\Windows\system32\DRIVERS\srv2.sys
15:52:01.0561 4312 srv2 - ok
15:52:01.0592 4312 srvnet (0af6e19d39c70844c5caa8fb0183c36e) C:\Windows\system32\DRIVERS\srvnet.sys
15:52:01.0592 4312 srvnet - ok
15:52:01.0654 4312 SSDPSRV (51b52fbd583cde8aa9ba62b8b4298f33) C:\Windows\System32\ssdpsrv.dll
15:52:01.0654 4312 SSDPSRV - ok
15:52:01.0670 4312 SstpSvc (ab7aebf58dad8daab7a6c45e6a8885cb) C:\Windows\system32\sstpsvc.dll
15:52:01.0670 4312 SstpSvc - ok
15:52:01.0748 4312 stexstor (f3817967ed533d08327dc73bc4d5542a) C:\Windows\system32\DRIVERS\stexstor.sys
15:52:01.0748 4312 stexstor - ok
15:52:01.0810 4312 stisvc (52d0e33b681bd0f33fdc08812fee4f7d) C:\Windows\System32\wiaservc.dll
15:52:01.0810 4312 stisvc - ok
15:52:01.0826 4312 swenum (d01ec09b6711a5f8e7e6564a4d0fbc90) C:\Windows\system32\DRIVERS\swenum.sys
15:52:01.0826 4312 swenum - ok
15:52:01.0888 4312 swprv (e08e46fdd841b7184194011ca1955a0b) C:\Windows\System32\swprv.dll
15:52:01.0888 4312 swprv - ok
15:52:02.0044 4312 SysMain (3c1284516a62078fb68f768de4f1a7be) C:\Windows\system32\sysmain.dll
15:52:02.0060 4312 SysMain - ok
15:52:02.0481 4312 TabletInputService (238935c3cf2854886dc7cbb2a0e2cc66) C:\Windows\System32\TabSvc.dll
15:52:02.0481 4312 TabletInputService - ok
15:52:02.0512 4312 TapiSrv (884264ac597b690c5707c89723bb8e7b) C:\Windows\System32\tapisrv.dll
15:52:02.0512 4312 TapiSrv - ok
15:52:02.0528 4312 TBS (1be03ac720f4d302ea01d40f588162f6) C:\Windows\System32\tbssvc.dll
15:52:02.0543 4312 TBS - ok
15:52:02.0793 4312 Tcpip (624c5b3aa4c99b3184bb922d9ece3ff0) C:\Windows\system32\drivers\tcpip.sys
15:52:02.0824 4312 Tcpip - ok
15:52:03.0495 4312 TCPIP6 (624c5b3aa4c99b3184bb922d9ece3ff0) C:\Windows\system32\DRIVERS\tcpip.sys
15:52:03.0511 4312 TCPIP6 - ok
15:52:04.0041 4312 tcpipreg (76d078af6f587b162d50210f761eb9ed) C:\Windows\system32\drivers\tcpipreg.sys
15:52:04.0041 4312 tcpipreg - ok
15:52:04.0057 4312 TDPIPE (3371d21011695b16333a3934340c4e7c) C:\Windows\system32\drivers\tdpipe.sys
15:52:04.0057 4312 TDPIPE - ok
15:52:04.0103 4312 TDTCP (7518f7bcfd4b308abc9192bacaf6c970) C:\Windows\system32\drivers\tdtcp.sys
15:52:04.0103 4312 TDTCP - ok
15:52:04.0103 4312 tdx (079125c4b17b01fcaeebce0bcb290c0f) C:\Windows\system32\DRIVERS\tdx.sys
15:52:04.0103 4312 tdx - ok
15:52:04.0119 4312 TermDD (c448651339196c0e869a355171875522) C:\Windows\system32\DRIVERS\termdd.sys
15:52:04.0119 4312 TermDD - ok
15:52:04.0213 4312 TermService (0f05ec2887bfe197ad82a13287d2f404) C:\Windows\System32\termsrv.dll
15:52:04.0228 4312 TermService - ok
15:52:04.0259 4312 Themes (f0344071948d1a1fa732231785a0664c) C:\Windows\system32\themeservice.dll
15:52:04.0259 4312 Themes - ok
15:52:04.0322 4312 THREADORDER (e40e80d0304a73e8d269f7141d77250b) C:\Windows\system32\mmcss.dll
15:52:04.0322 4312 THREADORDER - ok
15:52:04.0353 4312 TrkWks (7e7afd841694f6ac397e99d75cead49d) C:\Windows\System32\trkwks.dll
15:52:04.0353 4312 TrkWks - ok
15:52:04.0447 4312 TrustedInstaller (840f7fb849f5887a49ba18c13b2da920) C:\Windows\servicing\TrustedInstaller.exe
15:52:04.0447 4312 TrustedInstaller - ok
15:52:04.0493 4312 tssecsrv (61b96c26131e37b24e93327a0bd1fb95) C:\Windows\system32\DRIVERS\tssecsrv.sys
15:52:04.0493 4312 tssecsrv - ok
15:52:04.0509 4312 tunnel (3836171a2cdf3af8ef10856db9835a70) C:\Windows\system32\DRIVERS\tunnel.sys
15:52:04.0509 4312 tunnel - ok
15:52:04.0525 4312 uagp35 (b4dd609bd7e282bfc683cec7eaaaad67) C:\Windows\system32\DRIVERS\uagp35.sys
15:52:04.0525 4312 uagp35 - ok
15:52:04.0556 4312 udfs (d47baead86c65d4f4069d7ce0a4edceb) C:\Windows\system32\DRIVERS\udfs.sys
15:52:04.0556 4312 udfs - ok
15:52:04.0618 4312 UI0Detect (3cbdec8d06b9968aba702eba076364a1) C:\Windows\system32\UI0Detect.exe
15:52:04.0618 4312 UI0Detect - ok
15:52:04.0634 4312 uliagpkx (4bfe1bc28391222894cbf1e7d0e42320) C:\Windows\system32\DRIVERS\uliagpkx.sys
15:52:04.0634 4312 uliagpkx - ok
15:52:04.0649 4312 umbus (eab6c35e62b1b0db0d1b48b671d3a117) C:\Windows\system32\DRIVERS\umbus.sys
15:52:04.0649 4312 umbus - ok
15:52:04.0649 4312 UmPass (b2e8e8cb557b156da5493bbddcc1474d) C:\Windows\system32\DRIVERS\umpass.sys
15:52:04.0649 4312 UmPass - ok
15:52:04.0696 4312 upnphost (d47ec6a8e81633dd18d2436b19baf6de) C:\Windows\System32\upnphost.dll
15:52:04.0696 4312 upnphost - ok
15:52:04.0743 4312 usbccgp (7b6a127c93ee590e4d79a5f2a76fe46f) C:\Windows\system32\DRIVERS\usbccgp.sys
15:52:04.0759 4312 usbccgp - ok
15:52:04.0790 4312 usbcir (af0892a803fdda7492f595368e3b68e7) C:\Windows\system32\DRIVERS\usbcir.sys
15:52:04.0790 4312 usbcir - ok
15:52:04.0805 4312 usbehci (92969ba5ac44e229c55a332864f79677) C:\Windows\system32\DRIVERS\usbehci.sys
15:52:04.0805 4312 usbehci - ok
15:52:04.0837 4312 usbhub (e7df1cfd28ca86b35ef5add0735ceef3) C:\Windows\system32\DRIVERS\usbhub.sys
15:52:04.0852 4312 usbhub - ok
15:52:04.0899 4312 usbohci (f1bb1e55f1e7a65c5839ccc7b36d773e) C:\Windows\system32\drivers\usbohci.sys
15:52:04.0899 4312 usbohci - ok
15:52:04.0930 4312 usbprint (73188f58fb384e75c4063d29413cee3d) C:\Windows\system32\DRIVERS\usbprint.sys
15:52:04.0930 4312 usbprint - ok
15:52:04.0977 4312 USBSTOR (f39983647bc1f3e6100778ddfe9dce29) C:\Windows\system32\DRIVERS\USBSTOR.SYS
15:52:04.0977 4312 USBSTOR - ok
15:52:05.0024 4312 usbuhci (bc3070350a491d84b518d7cca9abd36f) C:\Windows\system32\DRIVERS\usbuhci.sys
15:52:05.0024 4312 usbuhci - ok
15:52:05.0055 4312 usbvideo (7cb8c573c6e4a2714402cc0a36eab4fe) C:\Windows\System32\Drivers\usbvideo.sys
15:52:05.0071 4312 usbvideo - ok
15:52:05.0086 4312 UxSms (edbb23cbcf2cdf727d64ff9b51a6070e) C:\Windows\System32\uxsms.dll
15:52:05.0086 4312 UxSms - ok
15:52:05.0117 4312 VaultSvc (156f6159457d0aa7e59b62681b56eb90) C:\Windows\system32\lsass.exe
15:52:05.0133 4312 VaultSvc - ok
15:52:05.0164 4312 vdrvroot (c5c876ccfc083ff3b128f933823e87bd) C:\Windows\system32\DRIVERS\vdrvroot.sys
15:52:05.0164 4312 vdrvroot - ok
15:52:05.0227 4312 vds (44d73e0bbc1d3c8981304ba15135c2f2) C:\Windows\System32\vds.exe
15:52:05.0242 4312 vds - ok
15:52:05.0258 4312 vga (da4da3f5e02943c2dc8c6ed875de68dd) C:\Windows\system32\DRIVERS\vgapnp.sys
15:52:05.0258 4312 vga - ok
15:52:05.0258 4312 VgaSave (53e92a310193cb3c03bea963de7d9cfc) C:\Windows\System32\drivers\vga.sys
15:52:05.0258 4312 VgaSave - ok
15:52:05.0273 4312 vhdmp (c82e748660f62a242b2dfac1442f22a4) C:\Windows\system32\DRIVERS\vhdmp.sys
15:52:05.0273 4312 vhdmp - ok
15:52:05.0289 4312 viaide (e5689d93ffe4e5d66c0178761240dd54) C:\Windows\system32\DRIVERS\viaide.sys
15:52:05.0289 4312 viaide - ok
15:52:05.0289 4312 volmgr (2b1a3dae2b4e70dbba822b7a03fbd4a3) C:\Windows\system32\DRIVERS\volmgr.sys
15:52:05.0305 4312 volmgr - ok
15:52:05.0336 4312 volmgrx (99b0cbb569ca79acaed8c91461d765fb) C:\Windows\system32\drivers\volmgrx.sys
15:52:05.0336 4312 volmgrx - ok
15:52:05.0383 4312 volsnap (58f82eed8ca24b461441f9c3e4f0bf5c) C:\Windows\system32\DRIVERS\volsnap.sys
15:52:05.0383 4312 volsnap - ok
15:52:05.0398 4312 vsmraid (5e2016ea6ebaca03c04feac5f330d997) C:\Windows\system32\DRIVERS\vsmraid.sys
15:52:05.0398 4312 vsmraid - ok
15:52:05.0523 4312 VSS (787898bf9fb6d7bd87a36e2d95c899ba) C:\Windows\system32\vssvc.exe
15:52:05.0554 4312 VSS - ok
15:52:06.0069 4312 vwifibus (36d4720b72b5c5d9cb2b9c29e9df67a1) C:\Windows\system32\DRIVERS\vwifibus.sys
15:52:06.0069 4312 vwifibus - ok
15:52:06.0085 4312 vwififlt (6a3d66263414ff0d6fa754c646612f3f) C:\Windows\system32\DRIVERS\vwififlt.sys
15:52:06.0085 4312 vwififlt - ok
15:52:06.0147 4312 W32Time (1c9d80cc3849b3788048078c26486e1a) C:\Windows\system32\w32time.dll
15:52:06.0147 4312 W32Time - ok
15:52:06.0163 4312 WacomPen (4e9440f4f152a7b944cb1663d3935a3e) C:\Windows\system32\DRIVERS\wacompen.sys
15:52:06.0163 4312 WacomPen - ok
15:52:06.0178 4312 WANARP (47ca49400643effd3f1c9a27e1d69324) C:\Windows\system32\DRIVERS\wanarp.sys
15:52:06.0178 4312 WANARP - ok
15:52:06.0178 4312 Wanarpv6 (47ca49400643effd3f1c9a27e1d69324) C:\Windows\system32\DRIVERS\wanarp.sys
15:52:06.0178 4312 Wanarpv6 - ok
15:52:06.0303 4312 WatAdminSvc (3cec96de223e49eaae3651fcf8faea6c) C:\Windows\system32\Wat\WatAdminSvc.exe
15:52:06.0303 4312 WatAdminSvc - ok
15:52:06.0428 4312 wbengine (5ab1bb85bd8b5089cc5d64200dedae68) C:\Windows\system32\wbengine.exe
15:52:06.0459 4312 wbengine - ok
15:52:06.0865 4312 WbioSrvc (3aa101e8edab2db4131333f4325c76a3) C:\Windows\System32\wbiosrvc.dll
15:52:06.0880 4312 WbioSrvc - ok
15:52:06.0927 4312 wcncsvc (dd1bae8ebfc653824d29ccf8c9054d68) C:\Windows\System32\wcncsvc.dll
15:52:06.0943 4312 wcncsvc - ok
15:52:06.0974 4312 WcsPlugInService (20f7441334b18cee52027661df4a6129) C:\Windows\System32\WcsPlugInService.dll
15:52:06.0974 4312 WcsPlugInService - ok
15:52:07.0114 4312 Wd (72889e16ff12ba0f235467d6091b17dc) C:\Windows\system32\DRIVERS\wd.sys
15:52:07.0114 4312 Wd - ok
15:52:07.0161 4312 Wdf01000 (441bd2d7b4f98134c3a4f9fa570fd250) C:\Windows\system32\drivers\Wdf01000.sys
15:52:07.0177 4312 Wdf01000 - ok
15:52:07.0208 4312 WdiServiceHost (bf1fc3f79b863c914687a737c2f3d681) C:\Windows\system32\wdi.dll
15:52:07.0223 4312 WdiServiceHost - ok
15:52:07.0223 4312 WdiSystemHost (bf1fc3f79b863c914687a737c2f3d681) C:\Windows\system32\wdi.dll
15:52:07.0223 4312 WdiSystemHost - ok
15:52:07.0286 4312 WebClient (733006127f235be7c35354ebee7b9a7b) C:\Windows\System32\webclnt.dll
15:52:07.0286 4312 WebClient - ok
15:52:07.0333 4312 Wecsvc (c749025a679c5103e575e3b48e092c43) C:\Windows\system32\wecsvc.dll
15:52:07.0348 4312 Wecsvc - ok
15:52:07.0364 4312 wercplsupport (7e591867422dc788b9e5bd337a669a08) C:\Windows\System32\wercplsupport.dll
15:52:07.0364 4312 wercplsupport - ok
15:52:07.0379 4312 WerSvc (6d137963730144698cbd10f202e9f251) C:\Windows\System32\WerSvc.dll
15:52:07.0379 4312 WerSvc - ok
15:52:07.0520 4312 WfpLwf (611b23304bf067451a9fdee01fbdd725) C:\Windows\system32\DRIVERS\wfplwf.sys
15:52:07.0520 4312 WfpLwf - ok
15:52:07.0535 4312 WIMMount (05ecaec3e4529a7153b3136ceb49f0ec) C:\Windows\system32\drivers\wimmount.sys
15:52:07.0535 4312 WIMMount - ok
15:52:07.0645 4312 WinDefend - ok
15:52:07.0660 4312 WinHttpAutoProxySvc - ok
15:52:07.0847 4312 Winmgmt (19b07e7e8915d701225da41cb3877306) C:\Windows\system32\wbem\WMIsvc.dll
15:52:07.0863 4312 Winmgmt - ok
15:52:08.0003 4312 WinRM (41fbb751936b387f9179e7f03a74fe29) C:\Windows\system32\WsmSvc.dll
15:52:08.0019 4312 WinRM - ok
15:52:08.0487 4312 Wlansvc (4fada86e62f18a1b2f42ba18ae24e6aa) C:\Windows\System32\wlansvc.dll
15:52:08.0503 4312 Wlansvc - ok
15:52:08.0643 4312 WmiAcpi (f6ff8944478594d0e414d3f048f0d778) C:\Windows\system32\DRIVERS\wmiacpi.sys
15:52:08.0643 4312 WmiAcpi - ok
15:52:08.0830 4312 wmiApSrv (38b84c94c5a8af291adfea478ae54f93) C:\Windows\system32\wbem\WmiApSrv.exe
15:52:08.0846 4312 wmiApSrv - ok
15:52:08.0939 4312 WMPNetworkSvc - ok
15:52:09.0002 4312 WPCSvc (96c6e7100d724c69fcf9e7bf590d1dca) C:\Windows\System32\wpcsvc.dll
15:52:09.0002 4312 WPCSvc - ok
15:52:09.0033 4312 WPDBusEnum (2e57ddf2880a7e52e76f41c7e96d327b) C:\Windows\system32\wpdbusenum.dll
15:52:09.0033 4312 WPDBusEnum - ok
15:52:09.0064 4312 ws2ifsl (6bcc1d7d2fd2453957c5479a32364e52) C:\Windows\system32\drivers\ws2ifsl.sys
15:52:09.0064 4312 ws2ifsl - ok
15:52:09.0111 4312 wscsvc (8f9f3969933c02da96eb0f84576db43e) C:\Windows\system32\wscsvc.dll
15:52:09.0111 4312 wscsvc - ok
15:52:09.0111 4312 WSearch - ok
15:52:09.0298 4312 wuauserv (d9ef901dca379cfe914e9fa13b73b4c4) C:\Windows\system32\wuaueng.dll
15:52:09.0329 4312 wuauserv - ok
15:52:09.0860 4312 WudfPf (7cadc74271dd6461c452c271b30bd378) C:\Windows\system32\drivers\WudfPf.sys
15:52:09.0860 4312 WudfPf - ok
15:52:09.0891 4312 WUDFRd (3b197af0fff08aa66b6b2241ca538d64) C:\Windows\system32\DRIVERS\WUDFRd.sys
15:52:09.0891 4312 WUDFRd - ok
15:52:09.0922 4312 wudfsvc (b551d6637aa0e132c18ac6e504f7b79b) C:\Windows\System32\WUDFSvc.dll
15:52:09.0922 4312 wudfsvc - ok
15:52:09.0953 4312 WwanSvc (9a3452b3c2a46c073166c5cf49fad1ae) C:\Windows\System32\wwansvc.dll
15:52:09.0953 4312 WwanSvc - ok
15:52:10.0000 4312 yukonw7 (b3eeacf62445e24fbb2cd4b0fb4db026) C:\Windows\system32\DRIVERS\yk62x64.sys
15:52:10.0000 4312 yukonw7 - ok
15:52:10.0078 4312 MBR (0x1B8) (cdb4de4bbd714f152979da2dcbef57eb) \Device\Harddisk0\DR0
15:52:10.0297 4312 \Device\Harddisk0\DR0 - ok
15:52:10.0312 4312 Boot (0x1200) (e9898696208d9272da9533ade414211f) \Device\Harddisk0\DR0\Partition0
15:52:10.0312 4312 \Device\Harddisk0\DR0\Partition0 - ok
15:52:10.0328 4312 Boot (0x1200) (3f759e083daa0bfc53855744e15a6d5a) \Device\Harddisk0\DR0\Partition1
15:52:10.0328 4312 \Device\Harddisk0\DR0\Partition1 - ok
15:52:10.0328 4312 ============================================================
15:52:10.0328 4312 Scan finished
15:52:10.0328 4312 ============================================================
15:52:10.0343 4264 Detected object count: 0
15:52:10.0343 4264 Actual detected object count: 0
On a side note, my computer has been running ads or something of the sort when no application is pulled up. This happens about every 15 mintues, whether I am on the internet or just looking at a blank screen. Could this have anything to do with the smitfraud?
Thanks again!
Hi,
Let's give ComboFix another go :)
shelbs318
2012-06-21, 22:54
ComboFix 12-06-21.02 - Shelby 06/21/2012 16:24:47.5.2 - x64
Microsoft Windows 7 Home Premium 6.1.7600.0.1252.1.1033.18.4056.2973 [GMT -4:00]
Running from: c:\users\Shelby\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\DWR4Z2OK\ComboFix.exe
AV: McAfee Anti-Virus and Anti-Spyware *Disabled/Updated* {86355677-4064-3EA7-ABB3-1B136EB04637}
FW: McAfee Firewall *Disabled* {BE0ED752-0A0B-3FFF-80EC-B2269063014C}
SP: McAfee Anti-Virus and Anti-Spyware *Disabled/Updated* {3D54B793-665E-3129-9103-206115370C8A}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\windows\svchost.exe
.
---- Previous Run -------
.
c:\windows\svchost.exe
.
.
((((((((((((((((((((((((( Files Created from 2012-05-21 to 2012-06-21 )))))))))))))))))))))))))))))))
.
.
2012-06-21 20:34 . 2012-06-21 20:34 -------- d-----w- c:\users\Default\AppData\Local\temp
2012-06-21 19:44 . 2012-06-21 19:44 -------- d-----w- C:\TDSSKiller_Quarantine
2012-06-21 15:16 . 2012-06-02 22:19 2428952 ----a-w- c:\windows\system32\wuaueng.dll
2012-06-21 15:16 . 2012-06-02 22:19 57880 ----a-w- c:\windows\system32\wuauclt.exe
2012-06-21 15:16 . 2012-06-02 22:19 44056 ----a-w- c:\windows\system32\wups2.dll
2012-06-21 15:16 . 2012-06-02 22:15 2622464 ----a-w- c:\windows\system32\wucltux.dll
2012-06-21 15:15 . 2012-06-02 19:19 186752 ----a-w- c:\windows\system32\wuwebv.dll
2012-06-21 15:15 . 2012-06-02 19:15 36864 ----a-w- c:\windows\system32\wuapp.exe
2012-06-19 22:18 . 2012-05-02 05:32 208896 ----a-w- c:\windows\system32\profsvc.dll
2012-06-19 22:18 . 2012-04-26 05:34 76288 ----a-w- c:\windows\system32\rdpwsx.dll
2012-06-19 22:18 . 2012-04-26 05:34 149504 ----a-w- c:\windows\system32\rdpcorekmts.dll
2012-06-19 22:18 . 2012-04-26 05:28 9216 ----a-w- c:\windows\system32\rdrmemptylst.exe
2012-06-19 22:18 . 2012-05-15 01:32 3144192 ----a-w- c:\windows\system32\win32k.sys
2012-06-19 22:16 . 2012-04-28 03:50 204800 ----a-w- c:\windows\system32\drivers\rdpwd.sys
2012-06-19 22:16 . 2012-04-07 12:18 3213824 ----a-w- c:\windows\system32\msi.dll
2012-06-19 22:16 . 2012-04-07 11:34 2342400 ----a-w- c:\windows\SysWow64\msi.dll
2012-06-19 22:14 . 2012-04-24 05:59 1460224 ----a-w- c:\windows\system32\crypt32.dll
2012-06-19 22:14 . 2012-04-24 04:47 1156608 ----a-w- c:\windows\SysWow64\crypt32.dll
2012-06-19 22:14 . 2012-04-24 05:59 182272 ----a-w- c:\windows\system32\cryptsvc.dll
2012-06-19 22:14 . 2012-04-24 05:59 140288 ----a-w- c:\windows\system32\cryptnet.dll
2012-06-19 22:14 . 2012-04-24 04:47 139264 ----a-w- c:\windows\SysWow64\cryptsvc.dll
2012-06-19 22:14 . 2012-04-24 04:47 103936 ----a-w- c:\windows\SysWow64\cryptnet.dll
2012-06-13 21:09 . 2012-06-21 18:22 -------- d-----w- c:\program files (x86)\Common Files\Adobe
2012-06-11 19:29 . 2011-03-25 03:22 52224 ----a-w- c:\windows\system32\drivers\usbehci.sys
2012-06-11 19:29 . 2011-03-25 03:23 343040 ----a-w- c:\windows\system32\drivers\usbhub.sys
2012-06-11 19:29 . 2011-03-25 03:23 98816 ----a-w- c:\windows\system32\drivers\usbccgp.sys
2012-06-11 19:29 . 2011-03-25 03:23 324608 ----a-w- c:\windows\system32\drivers\usbport.sys
2012-06-11 19:29 . 2011-03-25 03:22 25600 ----a-w- c:\windows\system32\drivers\usbohci.sys
2012-06-11 19:29 . 2011-03-25 03:22 30720 ----a-w- c:\windows\system32\drivers\usbuhci.sys
2012-06-11 19:29 . 2011-03-25 03:22 7936 ----a-w- c:\windows\system32\drivers\usbd.sys
2012-06-11 19:25 . 2011-03-11 06:23 1657216 ----a-w- c:\windows\system32\drivers\ntfs.sys
2012-06-11 19:25 . 2011-03-11 06:23 166272 ----a-w- c:\windows\system32\drivers\nvstor.sys
2012-06-11 19:25 . 2011-03-11 06:23 148352 ----a-w- c:\windows\system32\drivers\nvraid.sys
2012-06-11 19:25 . 2011-03-11 06:22 107904 ----a-w- c:\windows\system32\drivers\amdsata.sys
2012-06-11 19:25 . 2011-03-11 06:18 2566144 ----a-w- c:\windows\system32\esent.dll
2012-06-11 19:25 . 2011-03-11 06:23 187264 ----a-w- c:\windows\system32\drivers\storport.sys
2012-06-11 19:25 . 2011-03-11 06:22 27008 ----a-w- c:\windows\system32\drivers\amdxata.sys
2012-06-11 19:25 . 2011-03-11 05:39 1686016 ----a-w- c:\windows\SysWow64\esent.dll
2012-06-11 19:25 . 2011-03-11 06:23 410496 ----a-w- c:\windows\system32\drivers\iaStorV.sys
2012-06-11 19:25 . 2011-03-11 06:15 96768 ----a-w- c:\windows\system32\fsutil.exe
2012-06-11 19:25 . 2011-03-11 05:37 74240 ----a-w- c:\windows\SysWow64\fsutil.exe
2012-06-11 18:55 . 2012-06-11 18:55 -------- d-----w- c:\windows\SysWow64\Wat
2012-06-11 18:55 . 2012-06-11 18:55 -------- d-----w- c:\windows\system32\Wat
2012-06-10 20:36 . 2010-09-14 06:45 367104 ----a-w- c:\windows\system32\wcncsvc.dll
2012-06-10 20:36 . 2010-09-14 06:07 276992 ----a-w- c:\windows\SysWow64\wcncsvc.dll
2012-06-10 20:12 . 2009-09-10 06:28 311808 ----a-w- c:\windows\system32\msv1_0.dll
2012-06-10 20:12 . 2009-09-10 05:52 257024 ----a-w- c:\windows\SysWow64\msv1_0.dll
2012-06-10 19:52 . 2009-11-25 16:47 99176 ----a-w- c:\windows\SysWow64\PresentationHostProxy.dll
2012-06-10 19:52 . 2009-11-25 16:47 49472 ----a-w- c:\windows\SysWow64\netfxperf.dll
2012-06-10 19:52 . 2009-11-25 16:47 48960 ----a-w- c:\windows\system32\netfxperf.dll
2012-06-10 19:52 . 2009-11-25 16:47 297808 ----a-w- c:\windows\SysWow64\mscoree.dll
2012-06-10 19:52 . 2009-11-25 16:47 295264 ----a-w- c:\windows\SysWow64\PresentationHost.exe
2012-06-10 19:52 . 2009-11-25 16:47 1130824 ----a-w- c:\windows\SysWow64\dfshim.dll
2012-06-10 19:52 . 2009-11-25 16:47 109912 ----a-w- c:\windows\system32\PresentationHostProxy.dll
2012-06-10 19:52 . 2009-11-25 16:47 444752 ----a-w- c:\windows\system32\mscoree.dll
2012-06-10 19:52 . 2009-11-25 16:47 320352 ----a-w- c:\windows\system32\PresentationHost.exe
2012-06-10 19:52 . 2009-11-25 16:47 1942856 ----a-w- c:\windows\system32\dfshim.dll
2012-06-10 19:36 . 2012-06-10 19:36 -------- d-----w- c:\users\Default\AppData\Local\Microsoft Help
2012-06-10 19:27 . 2012-03-01 06:54 22896 ----a-w- c:\windows\system32\drivers\fs_rec.sys
2012-06-10 19:27 . 2012-03-01 06:45 220672 ----a-w- c:\windows\system32\wintrust.dll
2012-06-10 19:27 . 2012-03-01 06:40 80896 ----a-w- c:\windows\system32\imagehlp.dll
2012-06-10 19:27 . 2012-03-01 06:35 5120 ----a-w- c:\windows\system32\wmi.dll
2012-06-10 19:27 . 2012-03-01 05:49 172544 ----a-w- c:\windows\SysWow64\wintrust.dll
2012-06-10 19:27 . 2012-03-01 05:45 158720 ----a-w- c:\windows\SysWow64\imagehlp.dll
2012-06-10 19:27 . 2012-03-01 05:40 5120 ----a-w- c:\windows\SysWow64\wmi.dll
2012-06-10 18:55 . 2012-06-19 21:47 -------- d-----w- c:\program files (x86)\Microsoft Works
2012-06-10 18:55 . 2012-06-11 19:12 -------- d-----w- c:\program files (x86)\Microsoft.NET
2012-06-10 18:55 . 2012-06-10 18:55 -------- d-----w- c:\windows\PCHEALTH
2012-06-10 18:51 . 2012-06-20 00:07 -------- d-----w- c:\programdata\Microsoft Help
2012-06-10 17:48 . 2011-10-01 05:28 886784 ----a-w- c:\program files\Common Files\System\wab32.dll
2012-06-10 17:46 . 2011-10-26 05:22 1572864 ----a-w- c:\windows\system32\quartz.dll
2012-06-10 17:46 . 2011-10-26 04:28 1328640 ----a-w- c:\windows\SysWow64\quartz.dll
2012-06-10 17:46 . 2011-10-26 05:22 366592 ----a-w- c:\windows\system32\qdvd.dll
2012-06-10 17:46 . 2011-10-26 04:28 514560 ----a-w- c:\windows\SysWow64\qdvd.dll
2012-06-10 17:46 . 2012-01-04 09:58 509952 ----a-w- c:\windows\system32\ntshrui.dll
2012-06-10 17:46 . 2012-01-04 09:03 442880 ----a-w- c:\windows\SysWow64\ntshrui.dll
2012-06-10 17:46 . 2010-06-29 05:35 4582912 ----a-w- c:\program files\Windows NT\Accessories\wordpad.exe
2012-06-10 17:46 . 2010-06-29 05:39 2085376 ----a-w- c:\windows\system32\ole32.dll
2012-06-10 17:46 . 2010-06-29 04:57 4247040 ----a-w- c:\program files (x86)\Windows NT\Accessories\wordpad.exe
2012-06-10 17:46 . 2010-06-29 05:02 1413632 ----a-w- c:\windows\SysWow64\ole32.dll
2012-06-10 17:46 . 2011-05-04 05:28 2228224 ----a-w- c:\windows\system32\mssrch.dll
2012-06-10 17:44 . 2010-01-19 09:05 422912 ----a-w- c:\windows\system32\secproc_isv.dll
2012-06-10 17:43 . 2012-01-03 06:24 515584 ----a-w- c:\windows\system32\timedate.cpl
2012-06-10 17:42 . 2010-06-19 06:53 52224 ----a-w- c:\windows\system32\rtutils.dll
2012-06-10 17:41 . 2011-04-22 20:18 27008 ----a-w- c:\windows\system32\drivers\Diskdump.sys
2012-06-10 17:40 . 2011-12-28 03:59 499200 ----a-w- c:\windows\system32\drivers\afd.sys
2012-06-10 17:40 . 2012-03-17 07:55 75632 ----a-w- c:\windows\system32\drivers\partmgr.sys
2012-06-10 17:40 . 2010-08-27 06:14 236032 ----a-w- c:\windows\system32\srvsvc.dll
2012-06-10 17:40 . 2010-08-27 05:46 9728 ----a-w- c:\windows\SysWow64\sscore.dll
2012-06-10 17:40 . 2010-10-12 05:05 35328 ----a-w- c:\program files\Windows Mail\wabfind.dll
2012-06-10 17:40 . 2010-10-12 05:00 516096 ----a-w- c:\program files\Windows Mail\wab.exe
2012-06-10 17:40 . 2010-10-12 04:25 516096 ----a-w- c:\program files (x86)\Windows Mail\wab.exe
2012-06-10 17:40 . 2011-08-17 05:32 613888 ----a-w- c:\windows\system32\psisdecd.dll
2012-06-10 17:40 . 2011-08-17 05:27 288256 ----a-w- c:\windows\system32\MSNP.ax
2012-06-10 17:40 . 2011-08-17 05:27 108032 ----a-w- c:\windows\system32\psisrndr.ax
2012-06-10 17:40 . 2011-08-17 04:22 75776 ----a-w- c:\windows\SysWow64\psisrndr.ax
2012-06-10 17:38 . 2011-07-16 05:04 4608 ---ha-w- c:\windows\system32\api-ms-win-core-processthreads-l1-1-0.dll
2012-06-10 17:37 . 2011-05-24 11:21 404992 ----a-w- c:\windows\system32\umpnpmgr.dll
2012-06-10 17:37 . 2011-05-24 10:34 145920 ----a-w- c:\windows\SysWow64\cfgmgr32.dll
2012-06-10 17:37 . 2011-05-24 10:32 252928 ----a-w- c:\windows\SysWow64\drvinst.exe
2012-06-10 17:37 . 2011-05-24 10:34 64512 ----a-w- c:\windows\SysWow64\devobj.dll
2012-06-10 17:37 . 2011-05-24 10:34 44544 ----a-w- c:\windows\SysWow64\devrtl.dll
2012-06-10 17:37 . 2011-02-12 06:14 267776 ----a-w- c:\windows\system32\FXSCOVER.exe
2012-06-10 17:25 . 2011-05-03 05:21 976896 ----a-w- c:\windows\system32\inetcomm.dll
2012-06-10 17:25 . 2011-05-03 04:50 740864 ----a-w- c:\windows\SysWow64\inetcomm.dll
2012-06-10 17:25 . 2011-12-16 08:42 634368 ----a-w- c:\windows\system32\msvcrt.dll
2012-06-10 17:25 . 2011-12-16 07:59 690688 ----a-w- c:\windows\SysWow64\msvcrt.dll
2012-06-10 17:25 . 2010-10-16 05:23 112000 ----a-w- c:\windows\system32\consent.exe
2012-06-10 17:25 . 2011-02-23 05:15 90624 ----a-w- c:\windows\system32\drivers\bowser.sys
2012-06-10 17:25 . 2011-08-27 05:40 861184 ----a-w- c:\windows\system32\oleaut32.dll
2012-06-10 17:25 . 2011-08-27 05:40 331776 ----a-w- c:\windows\system32\oleacc.dll
2012-06-10 17:25 . 2011-08-27 04:43 571904 ----a-w- c:\windows\SysWow64\oleaut32.dll
2012-06-10 17:25 . 2011-08-27 04:43 233472 ----a-w- c:\windows\SysWow64\oleacc.dll
2012-06-10 17:25 . 2011-10-15 06:25 723456 ----a-w- c:\windows\system32\EncDec.dll
2012-06-10 17:25 . 2011-10-15 05:48 534528 ----a-w- c:\windows\SysWow64\EncDec.dll
2012-06-10 17:24 . 2011-11-05 05:17 2048 ----a-w- c:\windows\system32\tzres.dll
2012-06-10 17:24 . 2011-11-05 04:30 2048 ----a-w- c:\windows\SysWow64\tzres.dll
2012-06-10 17:24 . 2012-03-30 11:09 1895280 ----a-w- c:\windows\system32\drivers\tcpip.sys
2012-06-10 17:24 . 2012-04-02 05:26 1732096 ----a-w- c:\program files\Windows Journal\NBDoc.DLL
2012-06-10 17:24 . 2012-04-02 05:24 1367552 ----a-w- c:\program files\Common Files\Microsoft Shared\ink\journal.dll
2012-06-10 17:24 . 2012-04-02 05:24 1393664 ----a-w- c:\program files\Windows Journal\JNTFiltr.dll
2012-06-10 17:24 . 2012-04-02 04:40 936960 ----a-w- c:\program files (x86)\Common Files\Microsoft Shared\ink\journal.dll
2012-06-10 17:24 . 2012-04-02 05:24 1402880 ----a-w- c:\program files\Windows Journal\JNWDRV.dll
2012-06-10 17:23 . 2010-10-16 05:17 720896 ----a-w- c:\windows\system32\odbc32.dll
2012-06-10 17:23 . 2010-10-16 05:16 1425408 ----a-w- c:\program files\Common Files\System\ado\msado15.dll
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"PDVDDXSrv"="c:\program files (x86)\CyberLink\PowerDVD DX\PDVDDXSrv.exe" [2009-06-25 140520]
"mcui_exe"="c:\program files\McAfee.com\Agent\mcagent.exe" [2012-03-22 1675160]
"Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2012-04-04 843712]
.
c:\users\Shelby\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
OneNote 2007 Screen Clipper and Launcher.lnk - c:\program files (x86)\Microsoft Office\Office12\ONENOTEM.EXE [2009-2-26 97680]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\mcmscsvc]
@=""
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MCODS]
@=""
.
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]
R3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service;c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-06-10 257224]
R3 mferkdet;McAfee Inc. mferkdet;c:\windows\system32\drivers\mferkdet.sys [x]
R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe [x]
S0 mfewfpk;McAfee Inc. mfewfpk;c:\windows\system32\drivers\mfewfpk.sys [x]
S1 mfenlfk;McAfee NDIS Light Filter;c:\windows\system32\DRIVERS\mfenlfk.sys [x]
S1 vwififlt;Virtual WiFi Filter Driver;c:\windows\system32\DRIVERS\vwififlt.sys [x]
S2 AdobeARMservice;Adobe Acrobat Update Service;c:\program files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe [2012-04-04 63928]
S2 McAfee SiteAdvisor Service;McAfee SiteAdvisor Service;c:\program files\Common Files\McAfee\McSvcHost\McSvHost.exe [2011-01-27 249936]
S2 McMPFSvc;McAfee Personal Firewall Service;c:\program files\Common Files\McAfee\McSvcHost\McSvHost.exe [2011-01-27 249936]
S2 McNaiAnn;McAfee VirusScan Announcer;c:\program files\Common Files\McAfee\McSvcHost\McSvHost.exe [2011-01-27 249936]
S2 mfefire;McAfee Firewall Core Service;c:\program files\Common Files\McAfee\SystemCore\\mfefire.exe [2012-03-20 210584]
S2 mfevtp;McAfee Validation Trust Protection Service;c:\windows\system32\mfevtps.exe [x]
S2 SBSDWSCService;SBSD Security Center Service;c:\program files (x86)\Spybot - Search & Destroy\SDWinSec.exe [2009-01-26 1153368]
S3 cfwids;McAfee Inc. cfwids;c:\windows\system32\drivers\cfwids.sys [x]
S3 mfefirek;McAfee Inc. mfefirek;c:\windows\system32\drivers\mfefirek.sys [x]
S3 yukonw7;NDIS6.2 Miniport Driver for Marvell Yukon Ethernet Controller;c:\windows\system32\DRIVERS\yk62x64.sys [x]
.
.
--- Other Services/Drivers In Memory ---
.
*Deregistered* - mfeavfk01
.
Contents of the 'Scheduled Tasks' folder
.
2012-06-21 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-06-10 02:33]
.
.
--------- X64 Entries -----------
.
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
"LoadAppInit_DLLs"=0x0
.
------- Supplementary Scan -------
.
uLocal Page = c:\windows\system32\blank.htm
mLocal Page = c:\windows\SysWOW64\blank.htm
IE: E&xport to Microsoft Excel - c:\progra~2\MICROS~1\Office12\EXCEL.EXE/3000
TCP: DhcpNameServer = 192.168.1.1
.
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_USERS\.Default\Software\Microsoft\Internet Explorer\Approved Extensions]
@Denied: (2) (LocalSystem)
"{0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064}"=hex:51,66,7a,6c,4c,1d,38,12,26,bd,a8,
0a,e6,f4,22,0e,f1,4c,12,2a,bb,94,a4,70
"{53707962-6F74-2D53-2644-206D7942484F}"=hex:51,66,7a,6c,4c,1d,38,12,0c,7a,63,
57,46,21,3d,68,59,52,63,2d,7c,1c,0c,5b
"{7DB2D5A0-7241-4E79-B68D-6309F01C5231}"=hex:51,66,7a,6c,4c,1d,38,12,ce,d6,a1,
79,73,3c,17,0b,c9,9b,20,49,f5,42,16,25
"{B164E929-A1B6-4A06-B104-2CD0E90A88FF}"=hex:51,66,7a,6c,4c,1d,38,12,47,ea,77,
b5,84,ef,68,0f,ce,12,6f,90,ec,54,cc,eb
"{FF059E31-CC5A-4E2E-BF3B-96E929D65503}"=hex:51,66,7a,6c,4c,1d,38,12,5f,9d,16,
fb,68,82,40,0b,c0,2d,d5,a9,2c,88,11,17
"{BDEADE7F-C265-11D0-BCED-00A0C90AB50F}"=hex:51,66,7a,6c,4c,1d,38,12,11,dd,f9,
b9,57,8c,be,54,c3,fb,43,e0,cc,54,f1,1b
.
[HKEY_USERS\.Default\Software\Microsoft\Internet Explorer\ApprovedExtensionsMigration]
@Denied: (2) (LocalSystem)
"Timestamp"=hex:35,db,6f,37,cf,4f,cd,01
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_3_300_257_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_3_300_257_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_3_300_257.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.11"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_3_300_257.ocx, 1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_3_300_257.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_3_300_257.ocx, 1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]
@Denied: (A 2) (Everyone)
@="IFlashBroker4"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\software\McAfee]
"SymbolicLinkValue"=hex(6):5c,00,72,00,65,00,67,00,69,00,73,00,74,00,72,00,79,
00,5c,00,6d,00,61,00,63,00,68,00,69,00,6e,00,65,00,5c,00,53,00,6f,00,66,00,\
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
------------------------ Other Running Processes ------------------------
.
c:\windows\SysWOW64\rundll32.exe
.
**************************************************************************
.
Completion time: 2012-06-21 16:51:44 - machine was rebooted
ComboFix-quarantined-files.txt 2012-06-21 20:51
.
Pre-Run: 148,951,822,336 bytes free
Post-Run: 148,862,464,000 bytes free
.
- - End Of File - - DD79FE68C47986692CC47B118DE6AB75
Hi,
Please place the ComboFix.exe file to your desktop.
* Go here (http://www.eset.eu/online-scanner) to run an online scanner from ESET.
Note: You will need to use Internet explorer for this scan
Tick the box next to YES, I accept the Terms of Use.
Click Start
When asked, allow the activex control to install
Click Start
Make sure that the option Remove found threats is UNchecked and the option Scan unwanted applications is checkmarked.
Click Scan
Wait for the scan to finish.
Post back its report & a fresh dds.txt log. Any issues present?
shelbs318
2012-06-24, 06:37
Sorry for the delay. This scan has literally been running for the past 2 days and it just finished. Unfortunately, when I clicked finish, the details disappeared, and the screen jumped to an add for the company. Needless to say I am going to have to run the scan again, which will most likely take an additional 2 days. So far, I haven't seen any problems, they seem to have gone away. However, this scan did come up with 63 issues, and I want to see this through. Thank you for your patience, and I will get back to you as soon as the scan is finished.
Hi,
Make sure your McAfee antivirus protection is disabled when running ESET scanner. That may speed up the scanning process.
shelbs318
2012-06-26, 05:12
Hi,
So here is the ESET but now I am having troubles with the dds links. I turned off mcaffe but the link would just act like it's loading but never appear. I will try again in the morning. So far, no issues though. Thanks again for all of your help so far; you're amazing!
shelbs318
2012-06-26, 05:13
Here is the report haha.
C:\ProgramData\Spybot - Search & Destroy\Recovery\SmitfraudCgeneric.zip Win32/Bagle.gen.zip worm
C:\ProgramData\Spybot - Search & Destroy\Recovery\SmitfraudCgeneric1.zip Win32/Bagle.gen.zip worm
C:\ProgramData\Spybot - Search & Destroy\Recovery\SmitfraudCgeneric2.zip Win32/Bagle.gen.zip worm
C:\ProgramData\Spybot - Search & Destroy\Recovery\SmitfraudCgeneric3.zip Win32/Bagle.gen.zip worm
C:\ProgramData\Spybot - Search & Destroy\Recovery\SmitfraudCgeneric4.zip Win32/Bagle.gen.zip worm
C:\ProgramData\Spybot - Search & Destroy\Recovery\SmitfraudCgeneric5.zip Win32/Bagle.gen.zip worm
C:\ProgramData\Spybot - Search & Destroy\Recovery\SmitfraudCgeneric6.zip Win32/Bagle.gen.zip worm
C:\ProgramData\Spybot - Search & Destroy\Recovery\SmitfraudCgeneric7.zip Win32/Bagle.gen.zip worm
C:\ProgramData\Spybot - Search & Destroy\Recovery\SmitfraudCgeneric8.zip Win32/Bagle.gen.zip worm
C:\TDSSKiller_Quarantine\21.06.2012_15.44.02\mbr0000\tdlfs0000\tsk0000.dta Win64/Olmarik.AK trojan
C:\Users\All Users\Spybot - Search & Destroy\Recovery\SmitfraudCgeneric.zip Win32/Bagle.gen.zip worm
C:\Users\All Users\Spybot - Search & Destroy\Recovery\SmitfraudCgeneric1.zip Win32/Bagle.gen.zip worm
C:\Users\All Users\Spybot - Search & Destroy\Recovery\SmitfraudCgeneric2.zip Win32/Bagle.gen.zip worm
C:\Users\All Users\Spybot - Search & Destroy\Recovery\SmitfraudCgeneric3.zip Win32/Bagle.gen.zip worm
C:\Users\All Users\Spybot - Search & Destroy\Recovery\SmitfraudCgeneric4.zip Win32/Bagle.gen.zip worm
C:\Users\All Users\Spybot - Search & Destroy\Recovery\SmitfraudCgeneric5.zip Win32/Bagle.gen.zip worm
C:\Users\All Users\Spybot - Search & Destroy\Recovery\SmitfraudCgeneric6.zip Win32/Bagle.gen.zip worm
C:\Users\All Users\Spybot - Search & Destroy\Recovery\SmitfraudCgeneric7.zip Win32/Bagle.gen.zip worm
C:\Users\All Users\Spybot - Search & Destroy\Recovery\SmitfraudCgeneric8.zip Win32/Bagle.gen.zip worm
C:\Windows.old\Documents and Settings\Shelby\AppData\Local\Application Data\Microsoft\Windows\Temporary Internet Files\Content.IE5\13NEMFE3\daclips-300x250-default[1].htm HTML/ScrInject.B.Gen virus
C:\Windows.old\Documents and Settings\Shelby\AppData\Local\Application Data\Microsoft\Windows\Temporary Internet Files\Content.IE5\1P238XEW\xitnf0qeioodcbb478d6[1].htm HTML/Iframe.B.Gen virus
C:\Windows.old\Documents and Settings\Shelby\AppData\Local\Application Data\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\JQABFQSB\daclips-300x250-default[1].htm HTML/ScrInject.B.Gen virus
C:\Windows.old\Documents and Settings\Shelby\AppData\Local\Application Data\Temporary Internet Files\Content.IE5\13NEMFE3\daclips-300x250-default[1].htm HTML/ScrInject.B.Gen virus
C:\Windows.old\Documents and Settings\Shelby\AppData\Local\Application Data\Temporary Internet Files\Content.IE5\1P238XEW\xitnf0qeioodcbb478d6[1].htm HTML/Iframe.B.Gen virus
C:\Windows.old\Documents and Settings\Shelby\AppData\Local\Application Data\Temporary Internet Files\Low\Content.IE5\JQABFQSB\daclips-300x250-default[1].htm HTML/ScrInject.B.Gen virus
C:\Windows.old\Documents and Settings\Shelby\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\13NEMFE3\daclips-300x250-default[1].htm HTML/ScrInject.B.Gen virus
C:\Windows.old\Documents and Settings\Shelby\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\1P238XEW\xitnf0qeioodcbb478d6[1].htm HTML/Iframe.B.Gen virus
C:\Windows.old\Documents and Settings\Shelby\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\JQABFQSB\daclips-300x250-default[1].htm HTML/ScrInject.B.Gen virus
C:\Windows.old\Documents and Settings\Shelby\AppData\Local\Temporary Internet Files\Content.IE5\13NEMFE3\daclips-300x250-default[1].htm HTML/ScrInject.B.Gen virus
C:\Windows.old\Documents and Settings\Shelby\AppData\Local\Temporary Internet Files\Content.IE5\1P238XEW\xitnf0qeioodcbb478d6[1].htm HTML/Iframe.B.Gen virus
C:\Windows.old\Documents and Settings\Shelby\AppData\Local\Temporary Internet Files\Low\Content.IE5\JQABFQSB\daclips-300x250-default[1].htm HTML/ScrInject.B.Gen virus
C:\Windows.old\Documents and Settings\Shelby\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\11\ec625cb-7627966d multiple threats
C:\Windows.old\Documents and Settings\Shelby\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\14\57a3fb8e-3775af0e a variant of Win32/Kryptik.AFDK trojan
C:\Windows.old\Documents and Settings\Shelby\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\29\1b0b81d-22fff9be multiple threats
C:\Windows.old\Documents and Settings\Shelby\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\33\53784821-4355561b a variant of Java/TrojanDownloader.Agent.NDJ trojan
C:\Windows.old\Documents and Settings\Shelby\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\43\e5a51ab-236f96ea a variant of Java/TrojanDownloader.Agent.NDJ trojan
C:\Windows.old\Documents and Settings\Shelby\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\5\3eb5fd45-6b8d64b6 a variant of Java/TrojanDownloader.Agent.NDJ trojan
C:\Windows.old\Documents and Settings\Shelby\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\9\64a5ca89-58885d98 a variant of Java/TrojanDownloader.Agent.NDJ trojan
C:\Windows.old\Documents and Settings\Shelby\Local Settings\Microsoft\Windows\Temporary Internet Files\Content.IE5\13NEMFE3\daclips-300x250-default[1].htm HTML/ScrInject.B.Gen virus
C:\Windows.old\Documents and Settings\Shelby\Local Settings\Microsoft\Windows\Temporary Internet Files\Content.IE5\1P238XEW\xitnf0qeioodcbb478d6[1].htm HTML/Iframe.B.Gen virus
C:\Windows.old\Documents and Settings\Shelby\Local Settings\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\JQABFQSB\daclips-300x250-default[1].htm HTML/ScrInject.B.Gen virus
C:\Windows.old\Documents and Settings\Shelby\Local Settings\Temporary Internet Files\Content.IE5\13NEMFE3\daclips-300x250-default[1].htm HTML/ScrInject.B.Gen virus
C:\Windows.old\Documents and Settings\Shelby\Local Settings\Temporary Internet Files\Content.IE5\1P238XEW\xitnf0qeioodcbb478d6[1].htm HTML/Iframe.B.Gen virus
C:\Windows.old\Documents and Settings\Shelby\Local Settings\Temporary Internet Files\Low\Content.IE5\JQABFQSB\daclips-300x250-default[1].htm HTML/ScrInject.B.Gen virus
C:\Windows.old\Users\Shelby\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\13NEMFE3\daclips-300x250-default[1].htm HTML/ScrInject.B.Gen virus
C:\Windows.old\Users\Shelby\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\1P238XEW\xitnf0qeioodcbb478d6[1].htm HTML/Iframe.B.Gen virus
C:\Windows.old\Users\Shelby\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\JQABFQSB\daclips-300x250-default[1].htm HTML/ScrInject.B.Gen virus
C:\Windows.old\Users\Shelby\AppData\Local\Temporary Internet Files\Content.IE5\13NEMFE3\daclips-300x250-default[1].htm HTML/ScrInject.B.Gen virus
C:\Windows.old\Users\Shelby\AppData\Local\Temporary Internet Files\Content.IE5\1P238XEW\xitnf0qeioodcbb478d6[1].htm HTML/Iframe.B.Gen virus
C:\Windows.old\Users\Shelby\AppData\Local\Temporary Internet Files\Low\Content.IE5\JQABFQSB\daclips-300x250-default[1].htm HTML/ScrInject.B.Gen virus
C:\Windows.old\Users\Shelby\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\11\ec625cb-7627966d multiple threats
C:\Windows.old\Users\Shelby\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\14\57a3fb8e-3775af0e a variant of Win32/Kryptik.AFDK trojan
C:\Windows.old\Users\Shelby\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\29\1b0b81d-22fff9be multiple threats
C:\Windows.old\Users\Shelby\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\33\53784821-4355561b a variant of Java/TrojanDownloader.Agent.NDJ trojan
C:\Windows.old\Users\Shelby\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\43\e5a51ab-236f96ea a variant of Java/TrojanDownloader.Agent.NDJ trojan
C:\Windows.old\Users\Shelby\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\5\3eb5fd45-6b8d64b6 a variant of Java/TrojanDownloader.Agent.NDJ trojan
C:\Windows.old\Users\Shelby\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\9\64a5ca89-58885d98 a variant of Java/TrojanDownloader.Agent.NDJ trojan
C:\Windows.old\Users\Shelby\Local Settings\Microsoft\Windows\Temporary Internet Files\Content.IE5\13NEMFE3\daclips-300x250-default[1].htm HTML/ScrInject.B.Gen virus
C:\Windows.old\Users\Shelby\Local Settings\Microsoft\Windows\Temporary Internet Files\Content.IE5\1P238XEW\xitnf0qeioodcbb478d6[1].htm HTML/Iframe.B.Gen virus
C:\Windows.old\Users\Shelby\Local Settings\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\JQABFQSB\daclips-300x250-default[1].htm HTML/ScrInject.B.Gen virus
C:\Windows.old\Users\Shelby\Local Settings\Temporary Internet Files\Content.IE5\13NEMFE3\daclips-300x250-default[1].htm HTML/ScrInject.B.Gen virus
C:\Windows.old\Users\Shelby\Local Settings\Temporary Internet Files\Content.IE5\1P238XEW\xitnf0qeioodcbb478d6[1].htm HTML/Iframe.B.Gen virus
C:\Windows.old\Users\Shelby\Local Settings\Temporary Internet Files\Low\Content.IE5\JQABFQSB\daclips-300x250-default[1].htm HTML/ScrInject.B.Gen virus
Hi,
So here is the ESET but now I am having troubles with the dds links. I turned off mcaffe but the link would just act like it's loading but never appear. I will try again in the morning.
Both DDS links listed here (http://forums.spybot.info/showpost.php?p=1150&postcount=2) work. I'll get back to dealing with those ESET findings after seeing DDS report first :)
shelbs318
2012-06-26, 14:41
.
DDS (Ver_2011-08-26.01) - NTFSAMD64
Internet Explorer: 9.0.8112.16421
Run by Shelby at 8:38:06 on 2012-06-26
Microsoft Windows 7 Home Premium 6.1.7600.0.1252.1.1033.18.4056.2998 [GMT -4:00]
.
AV: McAfee Anti-Virus and Anti-Spyware *Enabled/Updated* {86355677-4064-3EA7-ABB3-1B136EB04637}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
SP: McAfee Anti-Virus and Anti-Spyware *Enabled/Updated* {3D54B793-665E-3129-9103-206115370C8A}
FW: McAfee Firewall *Enabled* {BE0ED752-0A0B-3FFF-80EC-B2269063014C}
.
============== Running Processes ===============
.
C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\svchost.exe -k RPCSS
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe
C:\Windows\system32\rundll32.exe
C:\Windows\system32\rundll32.exe
C:\Windows\SysWOW64\rundll32.exe
C:\Windows\system32\mfevtps.exe
C:\Program Files (x86)\Spybot - Search & Destroy\SDWinSec.exe
C:\Program Files\Common Files\McAfee\SystemCore\mcshield.exe
C:\Program Files\Common Files\McAfee\SystemCore\mfefire.exe
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\Windows\system32\WUDFHost.exe
C:\Windows\system32\taskhost.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Windows\System32\StikyNot.exe
C:\Program Files (x86)\Microsoft Office\Office12\ONENOTEM.EXE
C:\Windows\system32\SearchIndexer.exe
C:\Program Files (x86)\CyberLink\PowerDVD DX\PDVDDXSrv.exe
C:\Program Files\McAfee.com\Agent\mcagent.exe
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\Windows\System32\svchost.exe -k LocalServicePeerNet
C:\Program Files\Microsoft Games\minesweeper\minesweeper.exe
C:\Windows\system32\wuauclt.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Program Files (x86)\Internet Explorer\iexplore.exe
C:\Program Files (x86)\Internet Explorer\iexplore.exe
C:\Windows\system32\SearchProtocolHost.exe
C:\Program Files (x86)\Internet Explorer\iexplore.exe
C:\Program Files (x86)\Internet Explorer\iexplore.exe
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\conhost.exe
C:\Windows\SysWOW64\cscript.exe
C:\Windows\system32\wbem\wmiprvse.exe
.
============== Pseudo HJT Report ===============
.
uURLSearchHooks: McAfee SiteAdvisor Toolbar: {0ebbbe48-bad4-4b4c-8e5a-516abecae064} - c:\progra~2\mcafee\sitead~1\mcieplg.dll
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
BHO: Spybot-S&D IE Protection: {53707962-6f74-2d53-2644-206d7942484f} - C:\Program Files (x86)\Spybot - Search & Destroy\SDHelper.dll
BHO: scriptproxy: {7db2d5a0-7241-4e79-b68d-6309f01c5231} - C:\Program Files (x86)\Common Files\McAfee\SystemCore\ScriptSn.20120611170811.dll
BHO: McAfee SiteAdvisor BHO: {b164e929-a1b6-4a06-b104-2cd0e90a88ff} - c:\progra~2\mcafee\sitead~1\mcieplg.dll
TB: McAfee SiteAdvisor Toolbar: {0ebbbe48-bad4-4b4c-8e5a-516abecae064} - c:\progra~2\mcafee\sitead~1\mcieplg.dll
uRun: [RESTART_STICKY_NOTES] C:\Windows\System32\StikyNot.exe
mRun: [PDVDDXSrv] "C:\Program Files (x86)\CyberLink\PowerDVD DX\PDVDDXSrv.exe"
mRun: [mcui_exe] "C:\Program Files\McAfee.com\Agent\mcagent.exe" /runkey
mRun: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
StartupFolder: C:\Users\Shelby\AppData\Roaming\MICROS~1\Windows\STARTM~1\Programs\Startup\ONENOT~1.LNK - C:\Program Files (x86)\Microsoft Office\Office12\ONENOTEM.EXE
mPolicies-system: ConsentPromptBehaviorAdmin = 5 (0x5)
mPolicies-system: ConsentPromptBehaviorUser = 3 (0x3)
mPolicies-system: EnableUIADesktopToggle = 0 (0x0)
IE: E&xport to Microsoft Excel - C:\PROGRA~2\MICROS~1\Office12\EXCEL.EXE/3000
IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - C:\PROGRA~2\MICROS~1\Office12\ONBttnIE.dll
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - C:\PROGRA~2\MICROS~1\Office12\REFIEBAR.DLL
IE: {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files (x86)\Spybot - Search & Destroy\SDHelper.dll
TCP: DhcpNameServer = 192.168.1.1
TCP: Interfaces\{23ABA2C2-32B0-4CD4-A2A1-593D5A68FE43} : DhcpNameServer = 192.168.1.1
Filter: application/x-mfe-ipt - {3EF5086B-5478-4598-A054-786C45D75692} - c:\PROGRA~2\McAfee\MSC\McSnIePl.dll
Handler: dssrequest - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\PROGRA~2\McAfee\SITEAD~1\McIEPlg.dll
Handler: sacore - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\PROGRA~2\McAfee\SITEAD~1\McIEPlg.dll
BHO-X64: Adobe PDF Link Helper: {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
BHO-X64: AcroIEHelperStub - No File
BHO-X64: Spybot-S&D IE Protection: {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files (x86)\Spybot - Search & Destroy\SDHelper.dll
BHO-X64: scriptproxy: {7DB2D5A0-7241-4E79-B68D-6309F01C5231} - C:\Program Files (x86)\Common Files\McAfee\SystemCore\ScriptSn.20120611170811.dll
BHO-X64: scriptproxy - No File
BHO-X64: McAfee SiteAdvisor BHO: {B164E929-A1B6-4A06-B104-2CD0E90A88FF} - c:\progra~2\mcafee\sitead~1\mcieplg.dll
TB-X64: McAfee SiteAdvisor Toolbar: {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - c:\progra~2\mcafee\sitead~1\mcieplg.dll
mRun-x64: [PDVDDXSrv] "C:\Program Files (x86)\CyberLink\PowerDVD DX\PDVDDXSrv.exe"
mRun-x64: [mcui_exe] "C:\Program Files\McAfee.com\Agent\mcagent.exe" /runkey
mRun-x64: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
.
============= SERVICES / DRIVERS ===============
.
R0 mfehidk;McAfee Inc. mfehidk;C:\Windows\system32\drivers\mfehidk.sys --> C:\Windows\system32\drivers\mfehidk.sys [?]
R0 mfewfpk;McAfee Inc. mfewfpk;C:\Windows\system32\drivers\mfewfpk.sys --> C:\Windows\system32\drivers\mfewfpk.sys [?]
R1 mfenlfk;McAfee NDIS Light Filter;C:\Windows\system32\DRIVERS\mfenlfk.sys --> C:\Windows\system32\DRIVERS\mfenlfk.sys [?]
R1 vwififlt;Virtual WiFi Filter Driver;C:\Windows\system32\DRIVERS\vwififlt.sys --> C:\Windows\system32\DRIVERS\vwififlt.sys [?]
R2 AdobeARMservice;Adobe Acrobat Update Service;C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe [2012-4-4 63928]
R2 McAfee SiteAdvisor Service;McAfee SiteAdvisor Service;C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe [2012-6-9 249936]
R2 McMPFSvc;McAfee Personal Firewall Service;C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe [2012-6-9 249936]
R2 McNaiAnn;McAfee VirusScan Announcer;C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe [2012-6-9 249936]
R2 McProxy;McAfee Proxy Service;C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe [2012-6-9 249936]
R2 McShield;McAfee McShield;C:\Program Files\Common Files\McAfee\SystemCore\mcshield.exe [2012-6-9 199272]
R2 mfefire;McAfee Firewall Core Service;C:\Program Files\Common Files\McAfee\SystemCore\mfefire.exe [2012-6-9 210584]
R2 mfevtp;McAfee Validation Trust Protection Service;"C:\Windows\system32\mfevtps.exe" --> C:\Windows\system32\mfevtps.exe [?]
R2 SBSDWSCService;SBSD Security Center Service;C:\Program Files (x86)\Spybot - Search & Destroy\SDWinSec.exe [2012-6-9 1153368]
R3 cfwids;McAfee Inc. cfwids;C:\Windows\system32\drivers\cfwids.sys --> C:\Windows\system32\drivers\cfwids.sys [?]
R3 mfeavfk;McAfee Inc. mfeavfk;C:\Windows\system32\drivers\mfeavfk.sys --> C:\Windows\system32\drivers\mfeavfk.sys [?]
R3 mfefirek;McAfee Inc. mfefirek;C:\Windows\system32\drivers\mfefirek.sys --> C:\Windows\system32\drivers\mfefirek.sys [?]
R3 yukonw7;NDIS6.2 Miniport Driver for Marvell Yukon Ethernet Controller;C:\Windows\system32\DRIVERS\yk62x64.sys --> C:\Windows\system32\DRIVERS\yk62x64.sys [?]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-3-18 138576]
S3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service;C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-6-9 257224]
S3 mferkdet;McAfee Inc. mferkdet;C:\Windows\system32\drivers\mferkdet.sys --> C:\Windows\system32\drivers\mferkdet.sys [?]
S3 WatAdminSvc;Windows Activation Technologies Service;C:\Windows\system32\Wat\WatAdminSvc.exe --> C:\Windows\system32\Wat\WatAdminSvc.exe [?]
.
=============== Created Last 30 ================
.
2012-06-22 19:29:41 -------- d-----w- C:\Program Files (x86)\ESET
2012-06-22 13:42:50 -------- d-sh--w- C:\$RECYCLE.BIN
2012-06-21 19:44:57 -------- d-----w- C:\TDSSKiller_Quarantine
2012-06-21 15:16:42 2622464 ----a-w- C:\Windows\System32\wucltux.dll
2012-06-21 15:16:11 99840 ----a-w- C:\Windows\System32\wudriver.dll
2012-06-21 15:15:42 36864 ----a-w- C:\Windows\System32\wuapp.exe
2012-06-21 15:15:42 186752 ----a-w- C:\Windows\System32\wuwebv.dll
2012-06-20 18:41:28 98816 ----a-w- C:\Windows\sed.exe
2012-06-20 18:41:28 518144 ----a-w- C:\Windows\SWREG.exe
2012-06-20 18:41:28 256000 ----a-w- C:\Windows\PEV.exe
2012-06-20 18:41:28 208896 ----a-w- C:\Windows\MBR.exe
2012-06-19 22:18:57 208896 ----a-w- C:\Windows\System32\profsvc.dll
2012-06-19 22:18:53 9216 ----a-w- C:\Windows\System32\rdrmemptylst.exe
2012-06-19 22:18:53 76288 ----a-w- C:\Windows\System32\rdpwsx.dll
2012-06-19 22:18:53 149504 ----a-w- C:\Windows\System32\rdpcorekmts.dll
2012-06-19 22:18:33 3144192 ----a-w- C:\Windows\System32\win32k.sys
2012-06-19 22:16:16 204800 ----a-w- C:\Windows\System32\drivers\rdpwd.sys
2012-06-19 22:16:10 3213824 ----a-w- C:\Windows\System32\msi.dll
2012-06-19 22:16:09 2342400 ----a-w- C:\Windows\SysWow64\msi.dll
2012-06-19 22:14:48 1460224 ----a-w- C:\Windows\System32\crypt32.dll
2012-06-19 22:14:48 1156608 ----a-w- C:\Windows\SysWow64\crypt32.dll
2012-06-19 22:14:47 182272 ----a-w- C:\Windows\System32\cryptsvc.dll
2012-06-19 22:14:47 140288 ----a-w- C:\Windows\System32\cryptnet.dll
2012-06-19 22:14:46 139264 ----a-w- C:\Windows\SysWow64\cryptsvc.dll
2012-06-19 22:14:46 103936 ----a-w- C:\Windows\SysWow64\cryptnet.dll
2012-06-13 21:14:55 -------- d-----w- C:\Users\Shelby\AppData\Local\Adobe
2012-06-13 19:30:01 5505392 ----a-w- C:\Windows\System32\ntoskrnl.exe
2012-06-13 19:29:58 3958128 ----a-w- C:\Windows\SysWow64\ntkrnlpa.exe
2012-06-13 19:29:58 3902320 ----a-w- C:\Windows\SysWow64\ntoskrnl.exe
2012-06-11 19:29:29 52224 ----a-w- C:\Windows\System32\drivers\usbehci.sys
2012-06-11 19:29:28 98816 ----a-w- C:\Windows\System32\drivers\usbccgp.sys
2012-06-11 19:29:28 343040 ----a-w- C:\Windows\System32\drivers\usbhub.sys
2012-06-11 19:29:28 324608 ----a-w- C:\Windows\System32\drivers\usbport.sys
2012-06-11 19:29:27 7936 ----a-w- C:\Windows\System32\drivers\usbd.sys
2012-06-11 19:29:27 30720 ----a-w- C:\Windows\System32\drivers\usbuhci.sys
2012-06-11 19:29:27 25600 ----a-w- C:\Windows\System32\drivers\usbohci.sys
2012-06-11 19:25:26 1657216 ----a-w- C:\Windows\System32\drivers\ntfs.sys
2012-06-11 19:25:25 2566144 ----a-w- C:\Windows\System32\esent.dll
2012-06-11 19:25:25 166272 ----a-w- C:\Windows\System32\drivers\nvstor.sys
2012-06-11 19:25:25 148352 ----a-w- C:\Windows\System32\drivers\nvraid.sys
2012-06-11 19:25:25 107904 ----a-w- C:\Windows\System32\drivers\amdsata.sys
2012-06-11 19:25:24 27008 ----a-w- C:\Windows\System32\drivers\amdxata.sys
2012-06-11 19:25:24 187264 ----a-w- C:\Windows\System32\drivers\storport.sys
2012-06-11 19:25:24 1686016 ----a-w- C:\Windows\SysWow64\esent.dll
2012-06-11 19:25:23 96768 ----a-w- C:\Windows\System32\fsutil.exe
2012-06-11 19:25:23 410496 ----a-w- C:\Windows\System32\drivers\iaStorV.sys
2012-06-11 19:25:22 74240 ----a-w- C:\Windows\SysWow64\fsutil.exe
2012-06-11 18:55:04 -------- d-----w- C:\Windows\SysWow64\Wat
2012-06-11 18:55:04 -------- d-----w- C:\Windows\System32\Wat
2012-06-10 20:36:57 367104 ----a-w- C:\Windows\System32\wcncsvc.dll
2012-06-10 20:36:57 276992 ----a-w- C:\Windows\SysWow64\wcncsvc.dll
2012-06-10 20:12:12 311808 ----a-w- C:\Windows\System32\msv1_0.dll
2012-06-10 20:12:12 257024 ----a-w- C:\Windows\SysWow64\msv1_0.dll
2012-06-10 19:52:54 99176 ----a-w- C:\Windows\SysWow64\PresentationHostProxy.dll
2012-06-10 19:52:54 49472 ----a-w- C:\Windows\SysWow64\netfxperf.dll
2012-06-10 19:52:54 48960 ----a-w- C:\Windows\System32\netfxperf.dll
2012-06-10 19:52:54 444752 ----a-w- C:\Windows\System32\mscoree.dll
2012-06-10 19:52:54 320352 ----a-w- C:\Windows\System32\PresentationHost.exe
2012-06-10 19:52:54 297808 ----a-w- C:\Windows\SysWow64\mscoree.dll
2012-06-10 19:52:54 295264 ----a-w- C:\Windows\SysWow64\PresentationHost.exe
2012-06-10 19:52:54 1942856 ----a-w- C:\Windows\System32\dfshim.dll
2012-06-10 19:52:54 1130824 ----a-w- C:\Windows\SysWow64\dfshim.dll
2012-06-10 19:52:54 109912 ----a-w- C:\Windows\System32\PresentationHostProxy.dll
2012-06-10 19:27:45 80896 ----a-w- C:\Windows\System32\imagehlp.dll
2012-06-10 19:27:45 5120 ----a-w- C:\Windows\SysWow64\wmi.dll
2012-06-10 19:27:45 5120 ----a-w- C:\Windows\System32\wmi.dll
2012-06-10 19:27:45 22896 ----a-w- C:\Windows\System32\drivers\fs_rec.sys
2012-06-10 19:27:45 220672 ----a-w- C:\Windows\System32\wintrust.dll
2012-06-10 19:27:45 172544 ----a-w- C:\Windows\SysWow64\wintrust.dll
2012-06-10 19:27:45 158720 ----a-w- C:\Windows\SysWow64\imagehlp.dll
2012-06-10 18:55:20 -------- d-----w- C:\Windows\PCHEALTH
2012-06-10 18:52:02 -------- d-----w- C:\Users\Shelby\AppData\Local\Microsoft Help
2012-06-10 17:48:56 886784 ----a-w- C:\Program Files\Common Files\System\wab32.dll
2012-06-10 17:46:44 1572864 ----a-w- C:\Windows\System32\quartz.dll
2012-06-10 17:46:44 1328640 ----a-w- C:\Windows\SysWow64\quartz.dll
2012-06-10 17:46:43 514560 ----a-w- C:\Windows\SysWow64\qdvd.dll
2012-06-10 17:46:43 366592 ----a-w- C:\Windows\System32\qdvd.dll
2012-06-10 17:46:31 509952 ----a-w- C:\Windows\System32\ntshrui.dll
2012-06-10 17:46:31 442880 ----a-w- C:\Windows\SysWow64\ntshrui.dll
2012-06-10 17:46:26 4582912 ----a-w- C:\Program Files\Windows NT\Accessories\wordpad.exe
2012-06-10 17:46:25 4247040 ----a-w- C:\Program Files (x86)\Windows NT\Accessories\wordpad.exe
2012-06-10 17:46:25 2085376 ----a-w- C:\Windows\System32\ole32.dll
2012-06-10 17:46:24 1413632 ----a-w- C:\Windows\SysWow64\ole32.dll
2012-06-10 17:46:00 2228224 ----a-w- C:\Windows\System32\mssrch.dll
2012-06-10 17:44:39 422912 ----a-w- C:\Windows\System32\secproc_isv.dll
2012-06-10 17:43:54 515584 ----a-w- C:\Windows\System32\timedate.cpl
2012-06-10 17:42:57 52224 ----a-w- C:\Windows\System32\rtutils.dll
2012-06-10 17:41:44 27008 ----a-w- C:\Windows\System32\drivers\Diskdump.sys
2012-06-10 17:40:14 499200 ----a-w- C:\Windows\System32\drivers\afd.sys
2012-06-10 17:40:11 75632 ----a-w- C:\Windows\System32\drivers\partmgr.sys
2012-06-10 17:40:09 236032 ----a-w- C:\Windows\System32\srvsvc.dll
2012-06-10 17:40:08 9728 ----a-w- C:\Windows\SysWow64\sscore.dll
2012-06-10 17:40:06 516096 ----a-w- C:\Program Files\Windows Mail\wab.exe
2012-06-10 17:40:06 516096 ----a-w- C:\Program Files (x86)\Windows Mail\wab.exe
2012-06-10 17:40:06 35328 ----a-w- C:\Program Files\Windows Mail\wabfind.dll
2012-06-10 17:40:01 613888 ----a-w- C:\Windows\System32\psisdecd.dll
2012-06-10 17:40:01 288256 ----a-w- C:\Windows\System32\MSNP.ax
2012-06-10 17:40:00 75776 ----a-w- C:\Windows\SysWow64\psisrndr.ax
2012-06-10 17:40:00 108032 ----a-w- C:\Windows\System32\psisrndr.ax
2012-06-10 17:38:59 4608 ---ha-w- C:\Windows\System32\api-ms-win-core-processthreads-l1-1-0.dll
2012-06-10 17:37:55 404992 ----a-w- C:\Windows\System32\umpnpmgr.dll
2012-06-10 17:37:54 252928 ----a-w- C:\Windows\SysWow64\drvinst.exe
2012-06-10 17:37:54 145920 ----a-w- C:\Windows\SysWow64\cfgmgr32.dll
2012-06-10 17:37:53 64512 ----a-w- C:\Windows\SysWow64\devobj.dll
2012-06-10 17:37:53 44544 ----a-w- C:\Windows\SysWow64\devrtl.dll
2012-06-10 17:37:44 267776 ----a-w- C:\Windows\System32\FXSCOVER.exe
2012-06-10 17:25:41 976896 ----a-w- C:\Windows\System32\inetcomm.dll
2012-06-10 17:25:40 740864 ----a-w- C:\Windows\SysWow64\inetcomm.dll
2012-06-10 17:25:37 634368 ----a-w- C:\Windows\System32\msvcrt.dll
2012-06-10 17:25:36 690688 ----a-w- C:\Windows\SysWow64\msvcrt.dll
2012-06-10 17:25:33 112000 ----a-w- C:\Windows\System32\consent.exe
2012-06-10 17:25:30 90624 ----a-w- C:\Windows\System32\drivers\bowser.sys
2012-06-10 17:25:24 861184 ----a-w- C:\Windows\System32\oleaut32.dll
2012-06-10 17:25:24 331776 ----a-w- C:\Windows\System32\oleacc.dll
2012-06-10 17:25:23 571904 ----a-w- C:\Windows\SysWow64\oleaut32.dll
2012-06-10 17:25:23 233472 ----a-w- C:\Windows\SysWow64\oleacc.dll
2012-06-10 17:25:16 723456 ----a-w- C:\Windows\System32\EncDec.dll
2012-06-10 17:25:15 534528 ----a-w- C:\Windows\SysWow64\EncDec.dll
2012-06-10 17:24:55 2048 ----a-w- C:\Windows\SysWow64\tzres.dll
2012-06-10 17:24:55 2048 ----a-w- C:\Windows\System32\tzres.dll
2012-06-10 17:24:13 1895280 ----a-w- C:\Windows\System32\drivers\tcpip.sys
2012-06-10 17:24:05 1732096 ----a-w- C:\Program Files\Windows Journal\NBDoc.DLL
2012-06-10 17:24:05 1367552 ----a-w- C:\Program Files\Common Files\Microsoft Shared\ink\journal.dll
2012-06-10 17:24:04 936960 ----a-w- C:\Program Files (x86)\Common Files\Microsoft Shared\ink\journal.dll
2012-06-10 17:24:04 1393664 ----a-w- C:\Program Files\Windows Journal\JNTFiltr.dll
2012-06-10 17:24:03 1402880 ----a-w- C:\Program Files\Windows Journal\JNWDRV.dll
2012-06-10 17:23:57 720896 ----a-w- C:\Windows\System32\odbc32.dll
2012-06-10 17:23:56 573440 ----a-w- C:\Windows\SysWow64\odbc32.dll
2012-06-10 17:23:56 1425408 ----a-w- C:\Program Files\Common Files\System\ado\msado15.dll
2012-06-10 17:23:55 495616 ----a-w- C:\Program Files\Common Files\System\ado\msadox.dll
2012-06-10 17:23:55 466944 ----a-w- C:\Program Files\Common Files\System\ado\msadomd.dll
2012-06-10 17:23:55 258048 ----a-w- C:\Program Files\Common Files\System\msadc\msadco.dll
2012-06-10 17:23:54 987136 ----a-w- C:\Program Files (x86)\Common Files\System\ado\msado15.dll
2012-06-10 17:23:53 372736 ----a-w- C:\Program Files (x86)\Common Files\System\ado\msadox.dll
2012-06-10 17:23:53 352256 ----a-w- C:\Program Files (x86)\Common Files\System\ado\msadomd.dll
2012-06-10 17:23:53 208896 ----a-w- C:\Program Files (x86)\Common Files\System\msadc\msadco.dll
2012-06-10 17:23:34 1739160 ----a-w- C:\Windows\System32\ntdll.dll
2012-06-10 17:23:33 1292592 ----a-w- C:\Windows\SysWow64\ntdll.dll
2012-06-10 17:19:56 77312 ----a-w- C:\Windows\System32\packager.dll
2012-06-10 17:19:55 67072 ----a-w- C:\Windows\SysWow64\packager.dll
2012-06-10 13:05:44 243712 ----a-w- C:\Windows\System32\drivers\ks.sys
2012-06-10 13:05:44 184832 ----a-w- C:\Windows\System32\drivers\usbvideo.sys
2012-06-10 07:15:54 -------- d-----w- C:\Windows\Panther
2012-06-10 07:15:25 -------- d-----w- C:\Windows\System32\oem
2012-06-10 06:49:54 -------- d-----w- C:\Windows.old
2012-06-10 03:12:00 -------- d-----w- C:\Users\Shelby\AppData\Local\Microsoft Games
2012-06-10 02:33:09 70344 ----a-w- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl
2012-06-10 02:33:09 426184 ----a-w- C:\Windows\SysWow64\FlashPlayerApp.exe
2012-06-10 01:29:43 -------- d-----w- C:\ProgramData\Spybot - Search & Destroy
2012-06-10 01:29:43 -------- d-----w- C:\Program Files (x86)\Spybot - Search & Destroy
2012-06-10 01:17:50 -------- d-----w- C:\Program Files (x86)\McAfee.com
2012-06-10 01:17:38 10248 ----a-w- C:\Windows\System32\drivers\mfeclnk.sys
2012-06-10 01:17:38 -------- d-----w- C:\Program Files (x86)\Common Files\McAfee
2012-06-10 01:16:44 75936 ----a-w- C:\Windows\System32\drivers\mfenlfk.sys
2012-06-10 01:16:44 65264 ----a-w- C:\Windows\System32\drivers\cfwids.sys
2012-06-10 01:16:44 487296 ----a-w- C:\Windows\System32\drivers\mfefirek.sys
2012-06-10 01:16:44 289664 ----a-w- C:\Windows\System32\drivers\mfewfpk.sys
2012-06-10 01:16:44 229528 ----a-w- C:\Windows\System32\drivers\mfeavfk.sys
2012-06-10 01:16:44 100912 ----a-w- C:\Windows\System32\drivers\mferkdet.sys
2012-06-10 01:16:32 -------- d-----w- C:\Program Files\McAfee.com
2012-06-10 01:16:32 -------- d-----w- C:\Program Files\McAfee
2012-06-10 01:16:32 -------- d-----w- C:\Program Files\Common Files\McAfee
2012-06-10 01:16:29 -------- d-----w- C:\Program Files (x86)\McAfee
2012-06-10 01:07:34 162192 ----a-w- C:\Windows\System32\mfevtps.exe
2012-06-10 00:35:54 -------- d-----w- C:\Users\Shelby\AppData\Local\Diagnostics
2012-06-10 00:27:50 8955792 ----a-w- C:\ProgramData\Microsoft\Windows Defender\Definition Updates\{7250C547-3BEC-4613-AECF-28596846A027}\mpengine.dll
2012-06-10 00:27:49 279656 ------w- C:\Windows\System32\MpSigStub.exe
2012-06-10 00:04:13 45056 ----a-r- C:\Users\Shelby\AppData\Roaming\Microsoft\Installer\{42929F0F-CE14-47AF-9FC7-FF297A603021}\NewShortcut1_42929F0FCE1447AF9FC7FF297A603021_1.exe
2012-06-10 00:04:12 -------- d-----w- C:\Windows\SysWow64\vmm32
2012-06-10 00:04:12 -------- d-----w- C:\Program Files (x86)\Dell
2012-06-10 00:03:44 -------- d-sh--w- C:\Windows\Installer
2012-06-09 23:58:08 89088 ----a-w- C:\Windows\SysWow64\atl71.dll
2012-06-09 23:58:08 499712 ----a-w- C:\Windows\SysWow64\msvcp71.dll
2012-06-09 23:58:08 348160 ----a-w- C:\Windows\SysWow64\msvcr71.dll
2012-06-09 23:58:08 1060864 ----a-w- C:\Windows\SysWow64\MFC71.dll
2012-06-09 23:58:08 1047552 ----a-w- C:\Windows\SysWow64\MFC71u.dll
2012-06-09 23:56:07 139264 ----a-w- C:\Windows\System32\cabview.dll
2012-06-09 23:56:07 132608 ----a-w- C:\Windows\SysWow64\cabview.dll
2012-06-09 23:56:05 826368 ----a-w- C:\Windows\SysWow64\rdpcore.dll
2012-06-09 23:56:05 23552 ----a-w- C:\Windows\System32\drivers\tdtcp.sys
2012-06-09 23:56:05 1031680 ----a-w- C:\Windows\System32\rdpcore.dll
2012-06-09 23:52:56 -------- d-----w- C:\Recovery
.
==================== Find3M ====================
.
2012-05-18 02:06:48 2311680 ----a-w- C:\Windows\System32\jscript9.dll
2012-05-18 01:59:14 1392128 ----a-w- C:\Windows\System32\wininet.dll
2012-05-18 01:58:39 1494528 ----a-w- C:\Windows\System32\inetcpl.cpl
2012-05-18 01:55:22 173056 ----a-w- C:\Windows\System32\ieUnatt.exe
2012-05-18 01:51:30 2382848 ----a-w- C:\Windows\System32\mshtml.tlb
2012-05-17 22:45:37 1800192 ----a-w- C:\Windows\SysWow64\jscript9.dll
2012-05-17 22:35:47 1129472 ----a-w- C:\Windows\SysWow64\wininet.dll
2012-05-17 22:35:39 1427968 ----a-w- C:\Windows\SysWow64\inetcpl.cpl
2012-05-17 22:29:45 142848 ----a-w- C:\Windows\SysWow64\ieUnatt.exe
2012-05-17 22:24:45 2382848 ----a-w- C:\Windows\SysWow64\mshtml.tlb
.
============= FINISH: 8:40:20.13 ===============
Hi again,
Open notepad and copy/paste the text in the quotebox below into it:
Folder::
C:\TDSSKiller_Quarantine
File::
C:\ProgramData\Spybot - Search & Destroy\Recovery\SmitfraudCgeneric.zip
C:\ProgramData\Spybot - Search & Destroy\Recovery\SmitfraudCgeneric1.zip
C:\ProgramData\Spybot - Search & Destroy\Recovery\SmitfraudCgeneric2.zip
C:\ProgramData\Spybot - Search & Destroy\Recovery\SmitfraudCgeneric3.zip
C:\ProgramData\Spybot - Search & Destroy\Recovery\SmitfraudCgeneric4.zip
C:\ProgramData\Spybot - Search & Destroy\Recovery\SmitfraudCgeneric5.zip
C:\ProgramData\Spybot - Search & Destroy\Recovery\SmitfraudCgeneric6.zip
C:\ProgramData\Spybot - Search & Destroy\Recovery\SmitfraudCgeneric7.zip
C:\ProgramData\Spybot - Search & Destroy\Recovery\SmitfraudCgeneric8.zip
C:\Users\All Users\Spybot - Search & Destroy\Recovery\SmitfraudCgeneric.zip
C:\Users\All Users\Spybot - Search & Destroy\Recovery\SmitfraudCgeneric1.zip
C:\Users\All Users\Spybot - Search & Destroy\Recovery\SmitfraudCgeneric2.zip
C:\Users\All Users\Spybot - Search & Destroy\Recovery\SmitfraudCgeneric3.zip
C:\Users\All Users\Spybot - Search & Destroy\Recovery\SmitfraudCgeneric4.zip
C:\Users\All Users\Spybot - Search & Destroy\Recovery\SmitfraudCgeneric5.zip
C:\Users\All Users\Spybot - Search & Destroy\Recovery\SmitfraudCgeneric6.zip
C:\Users\All Users\Spybot - Search & Destroy\Recovery\SmitfraudCgeneric7.zip
C:\Users\All Users\Spybot - Search & Destroy\Recovery\SmitfraudCgeneric8.zip
C:\Windows.old\Documents and Settings\Shelby\AppData\Local\Application Data\Microsoft\Windows\Temporary Internet Files\Content.IE5\13NEMFE3\daclips-300x250-default[1].htm
C:\Windows.old\Documents and Settings\Shelby\AppData\Local\Application Data\Microsoft\Windows\Temporary Internet Files\Content.IE5\1P238XEW\xitnf0qeioodcbb478d6[1].htm
C:\Windows.old\Documents and Settings\Shelby\AppData\Local\Application Data\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\JQABFQSB\daclips-300x250-default[1].htm
C:\Windows.old\Documents and Settings\Shelby\AppData\Local\Application Data\Temporary Internet Files\Content.IE5\13NEMFE3\daclips-300x250-default[1].htm
C:\Windows.old\Documents and Settings\Shelby\AppData\Local\Application Data\Temporary Internet Files\Content.IE5\1P238XEW\xitnf0qeioodcbb478d6[1].htm
C:\Windows.old\Documents and Settings\Shelby\AppData\Local\Application Data\Temporary Internet Files\Low\Content.IE5\JQABFQSB\daclips-300x250-default[1].htm
C:\Windows.old\Documents and Settings\Shelby\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\13NEMFE3\daclips-300x250-default[1].htm
C:\Windows.old\Documents and Settings\Shelby\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\1P238XEW\xitnf0qeioodcbb478d6[1].htm
C:\Windows.old\Documents and Settings\Shelby\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\JQABFQSB\daclips-300x250-default[1].htm
C:\Windows.old\Documents and Settings\Shelby\AppData\Local\Temporary Internet Files\Content.IE5\13NEMFE3\daclips-300x250-default[1].htm
C:\Windows.old\Documents and Settings\Shelby\AppData\Local\Temporary Internet Files\Content.IE5\1P238XEW\xitnf0qeioodcbb478d6[1].htm
C:\Windows.old\Documents and Settings\Shelby\AppData\Local\Temporary Internet Files\Low\Content.IE5\JQABFQSB\daclips-300x250-default[1].htm
C:\Windows.old\Documents and Settings\Shelby\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\11\ec625cb-7627966d
C:\Windows.old\Documents and Settings\Shelby\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\14\57a3fb8e-3775af0e
C:\Windows.old\Documents and Settings\Shelby\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\29\1b0b81d-22fff9be
C:\Windows.old\Documents and Settings\Shelby\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\33\53784821-4355561b
C:\Windows.old\Documents and Settings\Shelby\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\43\e5a51ab-236f96ea
C:\Windows.old\Documents and Settings\Shelby\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\5\3eb5fd45-6b8d64b6
C:\Windows.old\Documents and Settings\Shelby\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\9\64a5ca89-58885d98
C:\Windows.old\Documents and Settings\Shelby\Local Settings\Microsoft\Windows\Temporary Internet Files\Content.IE5\13NEMFE3\daclips-300x250-default[1].htm
C:\Windows.old\Documents and Settings\Shelby\Local Settings\Microsoft\Windows\Temporary Internet Files\Content.IE5\1P238XEW\xitnf0qeioodcbb478d6[1].htm
C:\Windows.old\Documents and Settings\Shelby\Local Settings\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\JQABFQSB\daclips-300x250-default[1].htm
C:\Windows.old\Documents and Settings\Shelby\Local Settings\Temporary Internet Files\Content.IE5\13NEMFE3\daclips-300x250-default[1].htm
C:\Windows.old\Documents and Settings\Shelby\Local Settings\Temporary Internet Files\Content.IE5\1P238XEW\xitnf0qeioodcbb478d6[1].htm
C:\Windows.old\Documents and Settings\Shelby\Local Settings\Temporary Internet Files\Low\Content.IE5\JQABFQSB\daclips-300x250-default[1].htm
C:\Windows.old\Users\Shelby\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\13NEMFE3\daclips-300x250-default[1].htm
C:\Windows.old\Users\Shelby\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\1P238XEW\xitnf0qeioodcbb478d6[1].htm
C:\Windows.old\Users\Shelby\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\JQABFQSB\daclips-300x250-default[1].htm
C:\Windows.old\Users\Shelby\AppData\Local\Temporary Internet Files\Content.IE5\13NEMFE3\daclips-300x250-default[1].htm
C:\Windows.old\Users\Shelby\AppData\Local\Temporary Internet Files\Content.IE5\1P238XEW\xitnf0qeioodcbb478d6[1].htm
C:\Windows.old\Users\Shelby\AppData\Local\Temporary Internet Files\Low\Content.IE5\JQABFQSB\daclips-300x250-default[1].htm
C:\Windows.old\Users\Shelby\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\11\ec625cb-7627966d
C:\Windows.old\Users\Shelby\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\14\57a3fb8e-3775af0e
C:\Windows.old\Users\Shelby\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\29\1b0b81d-22fff9be
C:\Windows.old\Users\Shelby\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\33\53784821-4355561b
C:\Windows.old\Users\Shelby\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\43\e5a51ab-236f96ea
C:\Windows.old\Users\Shelby\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\5\3eb5fd45-6b8d64b6
C:\Windows.old\Users\Shelby\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\9\64a5ca89-58885d98
C:\Windows.old\Users\Shelby\Local Settings\Microsoft\Windows\Temporary Internet Files\Content.IE5\13NEMFE3\daclips-300x250-default[1].htm
C:\Windows.old\Users\Shelby\Local Settings\Microsoft\Windows\Temporary Internet Files\Content.IE5\1P238XEW\xitnf0qeioodcbb478d6[1].htm
C:\Windows.old\Users\Shelby\Local Settings\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\JQABFQSB\daclips-300x250-default[1].htm
C:\Windows.old\Users\Shelby\Local Settings\Temporary Internet Files\Content.IE5\13NEMFE3\daclips-300x250-default[1].htm
C:\Windows.old\Users\Shelby\Local Settings\Temporary Internet Files\Content.IE5\1P238XEW\xitnf0qeioodcbb478d6[1].htm
C:\Windows.old\Users\Shelby\Local Settings\Temporary Internet Files\Low\Content.IE5\JQABFQSB\daclips-300x250-default[1].htm
Save this as
CFScript
A word of warning: Neither I nor sUBs are responsible for any damage you may have caused your machine. This tool is not a toy and not for everyday use.
http://img.photobucket.com/albums/v666/sUBs/CFScriptB-4.gif
Close all browser windows and refering to the picture above, drag CFScript into ComboFix.exe (let the tool to update itself if prompted).
Then post the resultant log.
shelbs318
2012-06-26, 21:14
ComboFix 12-06-26.02 - Shelby 06/26/2012 13:21:52.6.2 - x64
Microsoft Windows 7 Home Premium 6.1.7600.0.1252.1.1033.18.4056.2938 [GMT -4:00]
Running from: c:\users\Shelby\Downloads\ComboFix.exe
Command switches used :: c:\users\Shelby\Desktop\CFScript.txt
AV: McAfee Anti-Virus and Anti-Spyware *Disabled/Updated* {86355677-4064-3EA7-ABB3-1B136EB04637}
FW: McAfee Firewall *Disabled* {BE0ED752-0A0B-3FFF-80EC-B2269063014C}
SP: McAfee Anti-Virus and Anti-Spyware *Disabled/Updated* {3D54B793-665E-3129-9103-206115370C8A}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
* Created a new restore point
.
FILE ::
"c:\programdata\Spybot - Search & Destroy\Recovery\SmitfraudCgeneric.zip"
"c:\programdata\Spybot - Search & Destroy\Recovery\SmitfraudCgeneric1.zip"
"c:\programdata\Spybot - Search & Destroy\Recovery\SmitfraudCgeneric2.zip"
"c:\programdata\Spybot - Search & Destroy\Recovery\SmitfraudCgeneric3.zip"
"c:\programdata\Spybot - Search & Destroy\Recovery\SmitfraudCgeneric4.zip"
"c:\programdata\Spybot - Search & Destroy\Recovery\SmitfraudCgeneric5.zip"
"c:\programdata\Spybot - Search & Destroy\Recovery\SmitfraudCgeneric6.zip"
"c:\programdata\Spybot - Search & Destroy\Recovery\SmitfraudCgeneric7.zip"
"c:\programdata\Spybot - Search & Destroy\Recovery\SmitfraudCgeneric8.zip"
"c:\users\All Users\Spybot - Search & Destroy\Recovery\SmitfraudCgeneric.zip"
"c:\users\All Users\Spybot - Search & Destroy\Recovery\SmitfraudCgeneric1.zip"
"c:\users\All Users\Spybot - Search & Destroy\Recovery\SmitfraudCgeneric2.zip"
"c:\users\All Users\Spybot - Search & Destroy\Recovery\SmitfraudCgeneric3.zip"
"c:\users\All Users\Spybot - Search & Destroy\Recovery\SmitfraudCgeneric4.zip"
"c:\users\All Users\Spybot - Search & Destroy\Recovery\SmitfraudCgeneric5.zip"
"c:\users\All Users\Spybot - Search & Destroy\Recovery\SmitfraudCgeneric6.zip"
"c:\users\All Users\Spybot - Search & Destroy\Recovery\SmitfraudCgeneric7.zip"
"c:\users\All Users\Spybot - Search & Destroy\Recovery\SmitfraudCgeneric8.zip"
"c:\windows.old\Documents and Settings\Shelby\AppData\Local\Application Data\Microsoft\Windows\Temporary Internet Files\Content.IE5\13NEMFE3\daclips-300x250-default[1].htm"
"c:\windows.old\Documents and Settings\Shelby\AppData\Local\Application Data\Microsoft\Windows\Temporary Internet Files\Content.IE5\1P238XEW\xitnf0qeioodcbb478d6[1].htm"
"c:\windows.old\Documents and Settings\Shelby\AppData\Local\Application Data\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\JQABFQSB\daclips-300x250-default[1].htm"
"c:\windows.old\Documents and Settings\Shelby\AppData\Local\Application Data\Temporary Internet Files\Content.IE5\13NEMFE3\daclips-300x250-default[1].htm"
"c:\windows.old\Documents and Settings\Shelby\AppData\Local\Application Data\Temporary Internet Files\Content.IE5\1P238XEW\xitnf0qeioodcbb478d6[1].htm"
"c:\windows.old\Documents and Settings\Shelby\AppData\Local\Application Data\Temporary Internet Files\Low\Content.IE5\JQABFQSB\daclips-300x250-default[1].htm"
"c:\windows.old\Documents and Settings\Shelby\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\13NEMFE3\daclips-300x250-default[1].htm"
"c:\windows.old\Documents and Settings\Shelby\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\1P238XEW\xitnf0qeioodcbb478d6[1].htm"
"c:\windows.old\Documents and Settings\Shelby\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\JQABFQSB\daclips-300x250-default[1].htm"
"c:\windows.old\Documents and Settings\Shelby\AppData\Local\Temporary Internet Files\Content.IE5\13NEMFE3\daclips-300x250-default[1].htm"
"c:\windows.old\Documents and Settings\Shelby\AppData\Local\Temporary Internet Files\Content.IE5\1P238XEW\xitnf0qeioodcbb478d6[1].htm"
"c:\windows.old\Documents and Settings\Shelby\AppData\Local\Temporary Internet Files\Low\Content.IE5\JQABFQSB\daclips-300x250-default[1].htm"
"c:\windows.old\Documents and Settings\Shelby\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\11\ec625cb-7627966d"
"c:\windows.old\Documents and Settings\Shelby\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\14\57a3fb8e-3775af0e"
"c:\windows.old\Documents and Settings\Shelby\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\29\1b0b81d-22fff9be"
"c:\windows.old\Documents and Settings\Shelby\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\33\53784821-4355561b"
"c:\windows.old\Documents and Settings\Shelby\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\43\e5a51ab-236f96ea"
"c:\windows.old\Documents and Settings\Shelby\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\5\3eb5fd45-6b8d64b6"
"c:\windows.old\Documents and Settings\Shelby\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\9\64a5ca89-58885d98"
"c:\windows.old\Documents and Settings\Shelby\Local Settings\Microsoft\Windows\Temporary Internet Files\Content.IE5\13NEMFE3\daclips-300x250-default[1].htm"
"c:\windows.old\Documents and Settings\Shelby\Local Settings\Microsoft\Windows\Temporary Internet Files\Content.IE5\1P238XEW\xitnf0qeioodcbb478d6[1].htm"
"c:\windows.old\Documents and Settings\Shelby\Local Settings\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\JQABFQSB\daclips-300x250-default[1].htm"
"c:\windows.old\Documents and Settings\Shelby\Local Settings\Temporary Internet Files\Content.IE5\13NEMFE3\daclips-300x250-default[1].htm"
"c:\windows.old\Documents and Settings\Shelby\Local Settings\Temporary Internet Files\Content.IE5\1P238XEW\xitnf0qeioodcbb478d6[1].htm"
"c:\windows.old\Documents and Settings\Shelby\Local Settings\Temporary Internet Files\Low\Content.IE5\JQABFQSB\daclips-300x250-default[1].htm"
"c:\windows.old\Users\Shelby\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\13NEMFE3\daclips-300x250-default[1].htm"
"c:\windows.old\Users\Shelby\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\1P238XEW\xitnf0qeioodcbb478d6[1].htm"
"c:\windows.old\Users\Shelby\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\JQABFQSB\daclips-300x250-default[1].htm"
"c:\windows.old\Users\Shelby\AppData\Local\Temporary Internet Files\Content.IE5\13NEMFE3\daclips-300x250-default[1].htm"
"c:\windows.old\Users\Shelby\AppData\Local\Temporary Internet Files\Content.IE5\1P238XEW\xitnf0qeioodcbb478d6[1].htm"
"c:\windows.old\Users\Shelby\AppData\Local\Temporary Internet Files\Low\Content.IE5\JQABFQSB\daclips-300x250-default[1].htm"
"c:\windows.old\Users\Shelby\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\11\ec625cb-7627966d"
"c:\windows.old\Users\Shelby\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\14\57a3fb8e-3775af0e"
"c:\windows.old\Users\Shelby\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\29\1b0b81d-22fff9be"
"c:\windows.old\Users\Shelby\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\33\53784821-4355561b"
"c:\windows.old\Users\Shelby\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\43\e5a51ab-236f96ea"
"c:\windows.old\Users\Shelby\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\5\3eb5fd45-6b8d64b6"
"c:\windows.old\Users\Shelby\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\9\64a5ca89-58885d98"
"c:\windows.old\Users\Shelby\Local Settings\Microsoft\Windows\Temporary Internet Files\Content.IE5\13NEMFE3\daclips-300x250-default[1].htm"
"c:\windows.old\Users\Shelby\Local Settings\Microsoft\Windows\Temporary Internet Files\Content.IE5\1P238XEW\xitnf0qeioodcbb478d6[1].htm"
"c:\windows.old\Users\Shelby\Local Settings\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\JQABFQSB\daclips-300x250-default[1].htm"
"c:\windows.old\Users\Shelby\Local Settings\Temporary Internet Files\Content.IE5\13NEMFE3\daclips-300x250-default[1].htm"
"c:\windows.old\Users\Shelby\Local Settings\Temporary Internet Files\Content.IE5\1P238XEW\xitnf0qeioodcbb478d6[1].htm"
"c:\windows.old\Users\Shelby\Local Settings\Temporary Internet Files\Low\Content.IE5\JQABFQSB\daclips-300x250-default[1].htm"
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\programdata\Spybot - Search & Destroy\Recovery\SmitfraudCgeneric.zip
c:\programdata\Spybot - Search & Destroy\Recovery\SmitfraudCgeneric1.zip
c:\programdata\Spybot - Search & Destroy\Recovery\SmitfraudCgeneric2.zip
c:\programdata\Spybot - Search & Destroy\Recovery\SmitfraudCgeneric3.zip
c:\programdata\Spybot - Search & Destroy\Recovery\SmitfraudCgeneric4.zip
c:\programdata\Spybot - Search & Destroy\Recovery\SmitfraudCgeneric5.zip
c:\programdata\Spybot - Search & Destroy\Recovery\SmitfraudCgeneric6.zip
c:\programdata\Spybot - Search & Destroy\Recovery\SmitfraudCgeneric7.zip
c:\programdata\Spybot - Search & Destroy\Recovery\SmitfraudCgeneric8.zip
C:\TDSSKiller_Quarantine
c:\tdsskiller_quarantine\21.06.2012_15.44.02\mbr0000\mbr0000\object.ini
c:\tdsskiller_quarantine\21.06.2012_15.44.02\mbr0000\mbr0000\tsk0000.dta
c:\tdsskiller_quarantine\21.06.2012_15.44.02\mbr0000\mbr0000\tsk0000.ini
c:\tdsskiller_quarantine\21.06.2012_15.44.02\mbr0000\mbr0000\tsk0001.dta
c:\tdsskiller_quarantine\21.06.2012_15.44.02\mbr0000\mbr0000\tsk0001.ini
c:\tdsskiller_quarantine\21.06.2012_15.44.02\mbr0000\object.ini
c:\tdsskiller_quarantine\21.06.2012_15.44.02\mbr0000\tdlfs0000\object.ini
c:\tdsskiller_quarantine\21.06.2012_15.44.02\mbr0000\tdlfs0000\tsk0000.dta
c:\tdsskiller_quarantine\21.06.2012_15.44.02\mbr0000\tdlfs0000\tsk0000.ini
c:\tdsskiller_quarantine\21.06.2012_15.44.02\mbr0000\tdlfs0000\tsk0001.ini
c:\tdsskiller_quarantine\21.06.2012_15.44.02\mbr0000\tdlfs0000\tsk0002.dta
c:\tdsskiller_quarantine\21.06.2012_15.44.02\mbr0000\tdlfs0000\tsk0002.ini
c:\tdsskiller_quarantine\21.06.2012_15.44.02\mbr0000\tdlfs0000\tsk0003.dta
c:\tdsskiller_quarantine\21.06.2012_15.44.02\mbr0000\tdlfs0000\tsk0003.ini
c:\tdsskiller_quarantine\21.06.2012_15.44.02\mbr0000\tdlfs0000\tsk0004.dta
c:\tdsskiller_quarantine\21.06.2012_15.44.02\mbr0000\tdlfs0000\tsk0004.ini
c:\tdsskiller_quarantine\21.06.2012_15.44.02\mbr0000\tdlfs0000\tsk0005.dta
c:\tdsskiller_quarantine\21.06.2012_15.44.02\mbr0000\tdlfs0000\tsk0005.ini
c:\tdsskiller_quarantine\21.06.2012_15.44.02\mbr0000\tdlfs0000\tsk0006.dta
c:\tdsskiller_quarantine\21.06.2012_15.44.02\mbr0000\tdlfs0000\tsk0006.ini
c:\users\All Users\Spybot - Search & Destroy\Recovery\SmitfraudCgeneric.zip
c:\users\All Users\Spybot - Search & Destroy\Recovery\SmitfraudCgeneric1.zip
c:\users\All Users\Spybot - Search & Destroy\Recovery\SmitfraudCgeneric2.zip
c:\users\All Users\Spybot - Search & Destroy\Recovery\SmitfraudCgeneric3.zip
c:\users\All Users\Spybot - Search & Destroy\Recovery\SmitfraudCgeneric4.zip
c:\users\All Users\Spybot - Search & Destroy\Recovery\SmitfraudCgeneric5.zip
c:\users\All Users\Spybot - Search & Destroy\Recovery\SmitfraudCgeneric6.zip
c:\users\All Users\Spybot - Search & Destroy\Recovery\SmitfraudCgeneric7.zip
c:\users\All Users\Spybot - Search & Destroy\Recovery\SmitfraudCgeneric8.zip
c:\windows.old\Users\Shelby\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\13NEMFE3\daclips-300x250-default[1].htm
c:\windows.old\Users\Shelby\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\1P238XEW\xitnf0qeioodcbb478d6[1].htm
c:\windows.old\Users\Shelby\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\JQABFQSB\daclips-300x250-default[1].htm
c:\windows.old\Users\Shelby\AppData\Local\Temporary Internet Files\Content.IE5\13NEMFE3\daclips-300x250-default[1].htm
c:\windows.old\Users\Shelby\AppData\Local\Temporary Internet Files\Content.IE5\1P238XEW\xitnf0qeioodcbb478d6[1].htm
c:\windows.old\Users\Shelby\AppData\Local\Temporary Internet Files\Low\Content.IE5\JQABFQSB\daclips-300x250-default[1].htm
c:\windows.old\Users\Shelby\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\11\ec625cb-7627966d
c:\windows.old\Users\Shelby\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\14\57a3fb8e-3775af0e
c:\windows.old\Users\Shelby\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\29\1b0b81d-22fff9be
c:\windows.old\Users\Shelby\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\33\53784821-4355561b
c:\windows.old\Users\Shelby\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\43\e5a51ab-236f96ea
c:\windows.old\Users\Shelby\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\5\3eb5fd45-6b8d64b6
c:\windows.old\Users\Shelby\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\9\64a5ca89-58885d98
c:\windows.old\Users\Shelby\Local Settings\Microsoft\Windows\Temporary Internet Files\Content.IE5\13NEMFE3\daclips-300x250-default[1].htm
c:\windows.old\Users\Shelby\Local Settings\Microsoft\Windows\Temporary Internet Files\Content.IE5\1P238XEW\xitnf0qeioodcbb478d6[1].htm
c:\windows.old\Users\Shelby\Local Settings\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\JQABFQSB\daclips-300x250-default[1].htm
c:\windows.old\Users\Shelby\Local Settings\Temporary Internet Files\Content.IE5\13NEMFE3\daclips-300x250-default[1].htm
c:\windows.old\Users\Shelby\Local Settings\Temporary Internet Files\Content.IE5\1P238XEW\xitnf0qeioodcbb478d6[1].htm
c:\windows.old\Users\Shelby\Local Settings\Temporary Internet Files\Low\Content.IE5\JQABFQSB\daclips-300x250-default[1].htm
.
.
((((((((((((((((((((((((( Files Created from 2012-05-26 to 2012-06-26 )))))))))))))))))))))))))))))))
.
.
2012-06-26 17:35 . 2012-06-26 17:35 -------- d-----w- c:\users\Default\AppData\Local\temp
2012-06-26 12:36 . 2012-06-26 12:37 -------- d-----w- c:\program files (x86)\ERUNT
2012-06-22 19:29 . 2012-06-22 19:29 -------- d-----w- c:\program files (x86)\ESET
2012-06-21 15:16 . 2012-06-02 22:19 2428952 ----a-w- c:\windows\system32\wuaueng.dll
2012-06-21 15:16 . 2012-06-02 22:19 57880 ----a-w- c:\windows\system32\wuauclt.exe
2012-06-21 15:16 . 2012-06-02 22:19 44056 ----a-w- c:\windows\system32\wups2.dll
2012-06-21 15:16 . 2012-06-02 22:15 2622464 ----a-w- c:\windows\system32\wucltux.dll
2012-06-21 15:16 . 2012-06-02 22:19 38424 ----a-w- c:\windows\system32\wups.dll
2012-06-21 15:16 . 2012-06-02 22:19 701976 ----a-w- c:\windows\system32\wuapi.dll
2012-06-21 15:16 . 2012-06-02 22:15 99840 ----a-w- c:\windows\system32\wudriver.dll
2012-06-21 15:15 . 2012-06-02 19:19 186752 ----a-w- c:\windows\system32\wuwebv.dll
2012-06-21 15:15 . 2012-06-02 19:15 36864 ----a-w- c:\windows\system32\wuapp.exe
2012-06-19 22:18 . 2012-05-02 05:32 208896 ----a-w- c:\windows\system32\profsvc.dll
2012-06-19 22:18 . 2012-04-26 05:34 76288 ----a-w- c:\windows\system32\rdpwsx.dll
2012-06-19 22:18 . 2012-04-26 05:34 149504 ----a-w- c:\windows\system32\rdpcorekmts.dll
2012-06-19 22:18 . 2012-04-26 05:28 9216 ----a-w- c:\windows\system32\rdrmemptylst.exe
2012-06-19 22:18 . 2012-05-15 01:32 3144192 ----a-w- c:\windows\system32\win32k.sys
2012-06-19 22:16 . 2012-04-28 03:50 204800 ----a-w- c:\windows\system32\drivers\rdpwd.sys
2012-06-19 22:16 . 2012-04-07 12:18 3213824 ----a-w- c:\windows\system32\msi.dll
2012-06-19 22:16 . 2012-04-07 11:34 2342400 ----a-w- c:\windows\SysWow64\msi.dll
2012-06-19 22:14 . 2012-04-24 05:59 1460224 ----a-w- c:\windows\system32\crypt32.dll
2012-06-19 22:14 . 2012-04-24 04:47 1156608 ----a-w- c:\windows\SysWow64\crypt32.dll
2012-06-19 22:14 . 2012-04-24 05:59 182272 ----a-w- c:\windows\system32\cryptsvc.dll
2012-06-19 22:14 . 2012-04-24 05:59 140288 ----a-w- c:\windows\system32\cryptnet.dll
2012-06-19 22:14 . 2012-04-24 04:47 139264 ----a-w- c:\windows\SysWow64\cryptsvc.dll
2012-06-19 22:14 . 2012-04-24 04:47 103936 ----a-w- c:\windows\SysWow64\cryptnet.dll
2012-06-13 21:09 . 2012-06-21 18:22 -------- d-----w- c:\program files (x86)\Common Files\Adobe
2012-06-13 19:30 . 2012-05-04 10:52 5505392 ----a-w- c:\windows\system32\ntoskrnl.exe
2012-06-13 19:29 . 2012-05-04 10:08 3958128 ----a-w- c:\windows\SysWow64\ntkrnlpa.exe
2012-06-13 19:29 . 2012-05-04 10:08 3902320 ----a-w- c:\windows\SysWow64\ntoskrnl.exe
2012-06-11 19:29 . 2011-03-25 03:22 52224 ----a-w- c:\windows\system32\drivers\usbehci.sys
2012-06-11 19:29 . 2011-03-25 03:23 343040 ----a-w- c:\windows\system32\drivers\usbhub.sys
2012-06-11 19:29 . 2011-03-25 03:23 98816 ----a-w- c:\windows\system32\drivers\usbccgp.sys
2012-06-11 19:29 . 2011-03-25 03:23 324608 ----a-w- c:\windows\system32\drivers\usbport.sys
2012-06-11 19:29 . 2011-03-25 03:22 25600 ----a-w- c:\windows\system32\drivers\usbohci.sys
2012-06-11 19:29 . 2011-03-25 03:22 30720 ----a-w- c:\windows\system32\drivers\usbuhci.sys
2012-06-11 19:29 . 2011-03-25 03:22 7936 ----a-w- c:\windows\system32\drivers\usbd.sys
2012-06-11 19:25 . 2011-03-11 06:23 1657216 ----a-w- c:\windows\system32\drivers\ntfs.sys
2012-06-11 19:25 . 2011-03-11 06:23 166272 ----a-w- c:\windows\system32\drivers\nvstor.sys
2012-06-11 19:25 . 2011-03-11 06:23 148352 ----a-w- c:\windows\system32\drivers\nvraid.sys
2012-06-11 19:25 . 2011-03-11 06:22 107904 ----a-w- c:\windows\system32\drivers\amdsata.sys
2012-06-11 19:25 . 2011-03-11 06:18 2566144 ----a-w- c:\windows\system32\esent.dll
2012-06-11 19:25 . 2011-03-11 06:23 187264 ----a-w- c:\windows\system32\drivers\storport.sys
2012-06-11 19:25 . 2011-03-11 06:22 27008 ----a-w- c:\windows\system32\drivers\amdxata.sys
2012-06-11 19:25 . 2011-03-11 05:39 1686016 ----a-w- c:\windows\SysWow64\esent.dll
2012-06-11 19:25 . 2011-03-11 06:23 410496 ----a-w- c:\windows\system32\drivers\iaStorV.sys
2012-06-11 19:25 . 2011-03-11 06:15 96768 ----a-w- c:\windows\system32\fsutil.exe
2012-06-11 19:25 . 2011-03-11 05:37 74240 ----a-w- c:\windows\SysWow64\fsutil.exe
2012-06-11 18:55 . 2012-06-11 18:55 -------- d-----w- c:\windows\SysWow64\Wat
2012-06-11 18:55 . 2012-06-11 18:55 -------- d-----w- c:\windows\system32\Wat
2012-06-10 20:36 . 2010-09-14 06:45 367104 ----a-w- c:\windows\system32\wcncsvc.dll
2012-06-10 20:36 . 2010-09-14 06:07 276992 ----a-w- c:\windows\SysWow64\wcncsvc.dll
2012-06-10 20:12 . 2009-09-10 06:28 311808 ----a-w- c:\windows\system32\msv1_0.dll
2012-06-10 20:12 . 2009-09-10 05:52 257024 ----a-w- c:\windows\SysWow64\msv1_0.dll
2012-06-10 19:52 . 2009-11-25 16:47 99176 ----a-w- c:\windows\SysWow64\PresentationHostProxy.dll
2012-06-10 19:52 . 2009-11-25 16:47 49472 ----a-w- c:\windows\SysWow64\netfxperf.dll
2012-06-10 19:52 . 2009-11-25 16:47 48960 ----a-w- c:\windows\system32\netfxperf.dll
2012-06-10 19:52 . 2009-11-25 16:47 297808 ----a-w- c:\windows\SysWow64\mscoree.dll
2012-06-10 19:52 . 2009-11-25 16:47 295264 ----a-w- c:\windows\SysWow64\PresentationHost.exe
2012-06-10 19:52 . 2009-11-25 16:47 1130824 ----a-w- c:\windows\SysWow64\dfshim.dll
2012-06-10 19:52 . 2009-11-25 16:47 109912 ----a-w- c:\windows\system32\PresentationHostProxy.dll
2012-06-10 19:52 . 2009-11-25 16:47 444752 ----a-w- c:\windows\system32\mscoree.dll
2012-06-10 19:52 . 2009-11-25 16:47 320352 ----a-w- c:\windows\system32\PresentationHost.exe
2012-06-10 19:52 . 2009-11-25 16:47 1942856 ----a-w- c:\windows\system32\dfshim.dll
2012-06-10 19:36 . 2012-06-10 19:36 -------- d-----w- c:\users\Default\AppData\Local\Microsoft Help
2012-06-10 19:27 . 2012-03-01 06:54 22896 ----a-w- c:\windows\system32\drivers\fs_rec.sys
2012-06-10 19:27 . 2012-03-01 06:45 220672 ----a-w- c:\windows\system32\wintrust.dll
2012-06-10 19:27 . 2012-03-01 06:40 80896 ----a-w- c:\windows\system32\imagehlp.dll
2012-06-10 19:27 . 2012-03-01 06:35 5120 ----a-w- c:\windows\system32\wmi.dll
2012-06-10 19:27 . 2012-03-01 05:49 172544 ----a-w- c:\windows\SysWow64\wintrust.dll
2012-06-10 19:27 . 2012-03-01 05:45 158720 ----a-w- c:\windows\SysWow64\imagehlp.dll
2012-06-10 19:27 . 2012-03-01 05:40 5120 ----a-w- c:\windows\SysWow64\wmi.dll
2012-06-10 18:55 . 2012-06-19 21:47 -------- d-----w- c:\program files (x86)\Microsoft Works
2012-06-10 18:55 . 2012-06-11 19:12 -------- d-----w- c:\program files (x86)\Microsoft.NET
2012-06-10 18:55 . 2012-06-10 18:55 -------- d-----w- c:\windows\PCHEALTH
2012-06-10 18:51 . 2012-06-20 00:07 -------- d-----w- c:\programdata\Microsoft Help
2012-06-10 17:48 . 2011-10-01 05:28 886784 ----a-w- c:\program files\Common Files\System\wab32.dll
2012-06-10 17:46 . 2011-10-26 05:22 1572864 ----a-w- c:\windows\system32\quartz.dll
2012-06-10 17:46 . 2011-10-26 04:28 1328640 ----a-w- c:\windows\SysWow64\quartz.dll
2012-06-10 17:46 . 2011-10-26 05:22 366592 ----a-w- c:\windows\system32\qdvd.dll
2012-06-10 17:46 . 2011-10-26 04:28 514560 ----a-w- c:\windows\SysWow64\qdvd.dll
2012-06-10 17:46 . 2012-01-04 09:58 509952 ----a-w- c:\windows\system32\ntshrui.dll
2012-06-10 17:46 . 2012-01-04 09:03 442880 ----a-w- c:\windows\SysWow64\ntshrui.dll
2012-06-10 17:46 . 2010-06-29 05:35 4582912 ----a-w- c:\program files\Windows NT\Accessories\wordpad.exe
2012-06-10 17:46 . 2010-06-29 05:39 2085376 ----a-w- c:\windows\system32\ole32.dll
2012-06-10 17:46 . 2010-06-29 04:57 4247040 ----a-w- c:\program files (x86)\Windows NT\Accessories\wordpad.exe
2012-06-10 17:46 . 2010-06-29 05:02 1413632 ----a-w- c:\windows\SysWow64\ole32.dll
2012-06-10 17:46 . 2011-05-04 05:28 2228224 ----a-w- c:\windows\system32\mssrch.dll
2012-06-10 17:44 . 2010-01-19 09:05 422912 ----a-w- c:\windows\system32\secproc_isv.dll
2012-06-10 17:43 . 2012-01-03 06:24 515584 ----a-w- c:\windows\system32\timedate.cpl
2012-06-10 17:42 . 2010-06-19 06:53 52224 ----a-w- c:\windows\system32\rtutils.dll
2012-06-10 17:41 . 2011-04-22 20:18 27008 ----a-w- c:\windows\system32\drivers\Diskdump.sys
2012-06-10 17:40 . 2011-12-28 03:59 499200 ----a-w- c:\windows\system32\drivers\afd.sys
2012-06-10 17:40 . 2012-03-17 07:55 75632 ----a-w- c:\windows\system32\drivers\partmgr.sys
2012-06-10 17:40 . 2010-08-27 06:14 236032 ----a-w- c:\windows\system32\srvsvc.dll
2012-06-10 17:40 . 2010-08-27 05:46 9728 ----a-w- c:\windows\SysWow64\sscore.dll
2012-06-10 17:40 . 2010-10-12 05:05 35328 ----a-w- c:\program files\Windows Mail\wabfind.dll
2012-06-10 17:40 . 2010-10-12 05:00 516096 ----a-w- c:\program files\Windows Mail\wab.exe
2012-06-10 17:40 . 2010-10-12 04:25 516096 ----a-w- c:\program files (x86)\Windows Mail\wab.exe
2012-06-10 17:40 . 2011-08-17 05:32 613888 ----a-w- c:\windows\system32\psisdecd.dll
2012-06-10 17:40 . 2011-08-17 05:27 288256 ----a-w- c:\windows\system32\MSNP.ax
2012-06-10 17:40 . 2011-08-17 05:27 108032 ----a-w- c:\windows\system32\psisrndr.ax
2012-06-10 17:40 . 2011-08-17 04:22 75776 ----a-w- c:\windows\SysWow64\psisrndr.ax
2012-06-10 17:38 . 2011-07-16 05:04 4608 ---ha-w- c:\windows\system32\api-ms-win-core-processthreads-l1-1-0.dll
2012-06-10 17:37 . 2011-05-24 11:21 404992 ----a-w- c:\windows\system32\umpnpmgr.dll
2012-06-10 17:37 . 2011-05-24 10:34 145920 ----a-w- c:\windows\SysWow64\cfgmgr32.dll
2012-06-10 17:37 . 2011-05-24 10:32 252928 ----a-w- c:\windows\SysWow64\drvinst.exe
2012-06-10 17:37 . 2011-05-24 10:34 64512 ----a-w- c:\windows\SysWow64\devobj.dll
2012-06-10 17:37 . 2011-05-24 10:34 44544 ----a-w- c:\windows\SysWow64\devrtl.dll
2012-06-10 17:37 . 2011-02-12 06:14 267776 ----a-w- c:\windows\system32\FXSCOVER.exe
2012-06-10 17:25 . 2011-05-03 05:21 976896 ----a-w- c:\windows\system32\inetcomm.dll
2012-06-10 17:25 . 2011-05-03 04:50 740864 ----a-w- c:\windows\SysWow64\inetcomm.dll
2012-06-10 17:25 . 2011-12-16 08:42 634368 ----a-w- c:\windows\system32\msvcrt.dll
2012-06-10 17:25 . 2011-12-16 07:59 690688 ----a-w- c:\windows\SysWow64\msvcrt.dll
2012-06-10 17:25 . 2010-10-16 05:23 112000 ----a-w- c:\windows\system32\consent.exe
2012-06-10 17:25 . 2011-02-23 05:15 90624 ----a-w- c:\windows\system32\drivers\bowser.sys
2012-06-10 17:25 . 2011-08-27 05:40 861184 ----a-w- c:\windows\system32\oleaut32.dll
2012-06-10 17:25 . 2011-08-27 05:40 331776 ----a-w- c:\windows\system32\oleacc.dll
2012-06-10 17:25 . 2011-08-27 04:43 571904 ----a-w- c:\windows\SysWow64\oleaut32.dll
2012-06-10 17:25 . 2011-08-27 04:43 233472 ----a-w- c:\windows\SysWow64\oleacc.dll
2012-06-10 17:25 . 2011-10-15 06:25 723456 ----a-w- c:\windows\system32\EncDec.dll
2012-06-10 17:25 . 2011-10-15 05:48 534528 ----a-w- c:\windows\SysWow64\EncDec.dll
2012-06-10 17:24 . 2011-11-05 05:17 2048 ----a-w- c:\windows\system32\tzres.dll
2012-06-10 17:24 . 2011-11-05 04:30 2048 ----a-w- c:\windows\SysWow64\tzres.dll
2012-06-10 17:24 . 2012-03-30 11:09 1895280 ----a-w- c:\windows\system32\drivers\tcpip.sys
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
.
((((((((((((((((((((((((((((( SnapShot@2012-06-21_20.37.13 )))))))))))))))))))))))))))))))))))))))))
.
+ 2009-07-14 05:10 . 2012-06-26 11:34 33178 c:\windows\system32\wdi\BootPerformanceDiagnostics_SystemData.bin
+ 2012-06-10 06:46 . 2012-06-26 17:37 32768 c:\windows\system32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
- 2012-06-10 06:46 . 2012-06-21 20:36 32768 c:\windows\system32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
- 2012-06-10 06:46 . 2012-06-21 20:36 32768 c:\windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
+ 2012-06-10 06:46 . 2012-06-26 17:37 32768 c:\windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
+ 2009-07-14 04:54 . 2012-06-26 17:37 16384 c:\windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
- 2009-07-14 04:54 . 2012-06-21 20:36 16384 c:\windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
+ 2009-07-14 04:46 . 2012-06-26 17:45 78720 c:\windows\ServiceProfiles\NetworkService\AppData\Roaming\Microsoft\SoftwareProtectionPlatform\Cache\cache.dat
+ 2012-06-10 00:11 . 2012-06-26 11:34 8566 c:\windows\system32\wdi\{86432a0b-3c7d-4ddf-a89c-172faa90485d}\S-1-5-21-272985379-3414866733-3463117093-1001_UserData.bin
+ 2012-06-26 17:37 . 2012-06-26 17:37 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive1.dat
- 2012-06-21 20:36 . 2012-06-21 20:36 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive1.dat
- 2012-06-21 20:36 . 2012-06-21 20:36 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat
+ 2012-06-26 17:37 . 2012-06-26 17:37 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat
+ 2012-06-10 03:15 . 2012-06-26 18:56 221782 c:\windows\system32\wdi\SuspendPerformanceDiagnostics_SystemData_S3.bin
+ 2009-07-14 05:01 . 2012-06-26 17:36 275584 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-System.dat
- 2009-07-14 05:01 . 2012-06-21 20:35 275584 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-System.dat
+ 2012-06-26 12:37 . 2005-10-20 16:02 163328 c:\windows\ERDNT\6-26-2012\ERDNT.EXE
- 2009-07-14 04:45 . 2012-06-21 19:31 3802445 c:\windows\ServiceProfiles\NetworkService\AppData\Roaming\Microsoft\SoftwareProtectionPlatform\tokens.dat
+ 2009-07-14 04:45 . 2012-06-26 11:34 3802445 c:\windows\ServiceProfiles\NetworkService\AppData\Roaming\Microsoft\SoftwareProtectionPlatform\tokens.dat
+ 2012-06-11 23:29 . 2012-06-26 17:36 8058312 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-S-1-5-21-272985379-3414866733-3463117093-1001-8192.dat
- 2009-07-14 02:34 . 2012-06-21 20:01 10485760 c:\windows\system32\SMI\Store\Machine\schema.dat
+ 2009-07-14 02:34 . 2012-06-26 17:51 10485760 c:\windows\system32\SMI\Store\Machine\schema.dat
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"PDVDDXSrv"="c:\program files (x86)\CyberLink\PowerDVD DX\PDVDDXSrv.exe" [2009-06-25 140520]
"mcui_exe"="c:\program files\McAfee.com\Agent\mcagent.exe" [2012-03-22 1675160]
"Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2012-04-04 843712]
.
c:\users\Shelby\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
OneNote 2007 Screen Clipper and Launcher.lnk - c:\program files (x86)\Microsoft Office\Office12\ONENOTEM.EXE [2009-2-26 97680]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\mcmscsvc]
@=""
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MCODS]
@=""
.
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]
R3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service;c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-06-10 257224]
R3 mferkdet;McAfee Inc. mferkdet;c:\windows\system32\drivers\mferkdet.sys [2012-02-22 100912]
R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe [2012-06-10 1255736]
S0 mfewfpk;McAfee Inc. mfewfpk;c:\windows\system32\drivers\mfewfpk.sys [2012-02-22 289664]
S1 mfenlfk;McAfee NDIS Light Filter;c:\windows\system32\DRIVERS\mfenlfk.sys [2012-02-22 75936]
S1 vwififlt;Virtual WiFi Filter Driver;c:\windows\system32\DRIVERS\vwififlt.sys [2009-07-14 59904]
S2 AdobeARMservice;Adobe Acrobat Update Service;c:\program files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe [2012-04-04 63928]
S2 McAfee SiteAdvisor Service;McAfee SiteAdvisor Service;c:\program files\Common Files\McAfee\McSvcHost\McSvHost.exe [2011-01-27 249936]
S2 McMPFSvc;McAfee Personal Firewall Service;c:\program files\Common Files\McAfee\McSvcHost\McSvHost.exe [2011-01-27 249936]
S2 McNaiAnn;McAfee VirusScan Announcer;c:\program files\Common Files\McAfee\McSvcHost\McSvHost.exe [2011-01-27 249936]
S2 mfefire;McAfee Firewall Core Service;c:\program files\Common Files\McAfee\SystemCore\\mfefire.exe [2012-03-20 210584]
S2 mfevtp;McAfee Validation Trust Protection Service;c:\windows\system32\mfevtps.exe [2012-03-20 162192]
S2 SBSDWSCService;SBSD Security Center Service;c:\program files (x86)\Spybot - Search & Destroy\SDWinSec.exe [2009-01-26 1153368]
S3 cfwids;McAfee Inc. cfwids;c:\windows\system32\drivers\cfwids.sys [2012-02-22 65264]
S3 mfefirek;McAfee Inc. mfefirek;c:\windows\system32\drivers\mfefirek.sys [2012-02-22 487296]
S3 yukonw7;NDIS6.2 Miniport Driver for Marvell Yukon Ethernet Controller;c:\windows\system32\DRIVERS\yk62x64.sys [2009-06-10 389120]
.
.
--- Other Services/Drivers In Memory ---
.
*Deregistered* - mfeavfk01
.
Contents of the 'Scheduled Tasks' folder
.
2012-06-26 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-06-10 02:33]
.
.
--------- X64 Entries -----------
.
.
------- Supplementary Scan -------
.
uLocal Page = c:\windows\system32\blank.htm
mLocal Page = c:\windows\SysWOW64\blank.htm
IE: E&xport to Microsoft Excel - c:\progra~2\MICROS~1\Office12\EXCEL.EXE/3000
TCP: DhcpNameServer = 192.168.1.1
.
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_USERS\.Default\Software\Microsoft\Internet Explorer\Approved Extensions]
@Denied: (2) (LocalSystem)
"{0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064}"=hex:51,66,7a,6c,4c,1d,38,12,26,bd,a8,
0a,e6,f4,22,0e,f1,4c,12,2a,bb,94,a4,70
"{53707962-6F74-2D53-2644-206D7942484F}"=hex:51,66,7a,6c,4c,1d,38,12,0c,7a,63,
57,46,21,3d,68,59,52,63,2d,7c,1c,0c,5b
"{7DB2D5A0-7241-4E79-B68D-6309F01C5231}"=hex:51,66,7a,6c,4c,1d,38,12,ce,d6,a1,
79,73,3c,17,0b,c9,9b,20,49,f5,42,16,25
"{B164E929-A1B6-4A06-B104-2CD0E90A88FF}"=hex:51,66,7a,6c,4c,1d,38,12,47,ea,77,
b5,84,ef,68,0f,ce,12,6f,90,ec,54,cc,eb
"{FF059E31-CC5A-4E2E-BF3B-96E929D65503}"=hex:51,66,7a,6c,4c,1d,38,12,5f,9d,16,
fb,68,82,40,0b,c0,2d,d5,a9,2c,88,11,17
"{BDEADE7F-C265-11D0-BCED-00A0C90AB50F}"=hex:51,66,7a,6c,4c,1d,38,12,11,dd,f9,
b9,57,8c,be,54,c3,fb,43,e0,cc,54,f1,1b
.
[HKEY_USERS\.Default\Software\Microsoft\Internet Explorer\ApprovedExtensionsMigration]
@Denied: (2) (LocalSystem)
"Timestamp"=hex:35,db,6f,37,cf,4f,cd,01
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_3_300_257_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_3_300_257_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_3_300_257.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.11"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_3_300_257.ocx, 1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_3_300_257.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_3_300_257.ocx, 1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]
@Denied: (A 2) (Everyone)
@="IFlashBroker4"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\software\McAfee]
"SymbolicLinkValue"=hex(6):5c,00,72,00,65,00,67,00,69,00,73,00,74,00,72,00,79,
00,5c,00,6d,00,61,00,63,00,68,00,69,00,6e,00,65,00,5c,00,53,00,6f,00,66,00,\
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
------------------------ Other Running Processes ------------------------
.
c:\windows\SysWOW64\rundll32.exe
.
**************************************************************************
.
Completion time: 2012-06-26 15:12:31 - machine was rebooted
ComboFix-quarantined-files.txt 2012-06-26 19:12
ComboFix2.txt 2012-06-21 20:51
.
Pre-Run: 148,971,827,200 bytes free
Post-Run: 148,771,131,392 bytes free
.
- - End Of File - - C7A0F39C16B08FE9A2102A0EF9FC8145
Good. Any issues left? If not let's see the final steps next.
THESE STEPS ARE VERY IMPORTANT
Let's reset system restore
Reset and Re-enable your System Restore to remove infected files that have been backed up by Windows. The files in System Restore are protected to prevent any programs changing those files. This is the only way to clean these files: You will lose all previous restore points which are likely to be infected. Please note you need Administrator Access to do clean the restore points.
A To disable the System Restore feature:
1. Click on the Start button.
2. Hover over the Computer option, right click on it and then click Properties.
3. On the left hand side, click Advanced Settings.
4. If asked to permit the action, click on Allow.
5. Click on the System Protection tab.
6. Select c: drive and click Configure...
7. Select Turn off protection
8. Press OK.
Repeat steps 6-8 for each hard drive.
B. Reboot.
C Turn ON System Restore.
Follow the steps like you did when disabling system restore but on step 7. select Restore system settings and previous versions of files -option.
Now lets uninstall ComboFix:
Click START then RUN
Now copy-paste Combofix /uninstall in the runbox and click OK
UPDATING WINDOWS AND INTERNET EXPLORER
IMPORTANT: You Need to Update Windows and Internet Explorer to protect your computer from the malware that is around on the Internet. Please go to the windows update site (http://windowsupdate.microsoft.com/) to get the critical updates.
Download and run Secunia Personal Software Inspector (PSI) (http://secunia.com/vulnerability_scanning/personal/) and fix its findings. Leave the program installed so you'll stay alarmed about vulnerable components in future too.
Just a final reminder for you. I am trying to stress these two points.
UPDATE UPDATE UPDATE!!! Make sure you do this about every 1-2 weeks.
Make sure all of your security programs are up to date.
Visit Microsoft's Windows Update Site Frequently - It is important that you visit http://www.windowsupdate.com regularly. This will ensure your computer has always the latest security updates available installed on your computer. If there are new updates to install, install them immediately, reboot your computer, and revisit the site until there are no more critical updates.
Once again, please post and tell me how things are going with your system... problems etc.
Have a great day,
Blade :cool:
shelbs318
2012-06-27, 16:16
Everything is complete! There are no more issues, either. Thank you so much for all of your help Blade. I never would have been able to do all of this without your help. I am so glad that my computer is finally usable. Again, thank you so much for your service; I am sure it took a lot of time, and I greatly appreciate all you did.
Thanks again!!
Since this issue appears to be resolved ... this Topic has been closed. Glad I could help. :)
Note:If it has been three days or more since your last post, and the helper assisting you posted a response to that post to which you did not reply, your topic will not be reopened. At that point, if you still require help, please start a new topic and include a fresh DDS log and a link to your previous thread.
If it has been less than three days since your last response and you need the thread re-opened, please send me or other MOD a private message (pm). A valid, working link to the closed topic is required.