Jump to content

Infection - Trojan.Dropper.BCMiner/Rootkit.0Access - Malwarebytes Not Removing

dmar2012

By dmar2012
in Resolved Malware Removal Logs

 Share

Recommended Posts

dmar2012

dmar2012

Posted
Posted

I have a computer infected with a browser/search redirect virus. A Malwarebytes scan detects it but appears unable to fully remove the infection. Every time on reboot the infection tries to reinstall itself, but Malwarebytes detects and asks to quarantine it (which I do). Upon rerunning the quick scan the same files are found, and the process repeats.... I can now browse the Internet normally, but based on the reboot/reappear pattern, the infection is not completely removed.

I've seen other similar posts on this forum, but it seems from reading them that the best course of action is to post a new thread with the log files pasted in, so that is what I am doing here.

Thanks in advance for anyone who can help with this.

I've already downloaded and run DDS. Here are the requested logs (MBAM / DDS / Attach):

***** MBAM log *****

Malwarebytes Anti-Malware (PRO) 1.62.0.1300

www.malwarebytes.org

Database version: v2012.08.18.06

Windows 7 Service Pack 1 x64 NTFS

Internet Explorer 9.0.8112.16421

kmwordsmith :: ROHAN [administrator]

Protection: Enabled

8/19/2012 2:40:02 PM

mbam-log-2012-08-19 (14-40-02).txt

Scan type: Quick scan

Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM

Scan options disabled: P2P

Objects scanned: 198250

Time elapsed: 6 minute(s), 24 second(s)

Memory Processes Detected: 1

C:\WINDOWS\svchost.exe (Trojan.Agent) -> 4644 -> Delete on reboot.

Memory Modules Detected: 0

(No malicious items detected)

Registry Keys Detected: 0

(No malicious items detected)

Registry Values Detected: 0

(No malicious items detected)

Registry Data Items Detected: 0

(No malicious items detected)

Folders Detected: 0

(No malicious items detected)

Files Detected: 3

C:\WINDOWS\Installer\{0f765e1d-3107-d985-aee4-a536c6c4a8a0}\U\00000008.@ (Trojan.Dropper.BCMiner) -> Quarantined and deleted successfully.

C:\WINDOWS\Installer\{0f765e1d-3107-d985-aee4-a536c6c4a8a0}\U\000000cb.@ (Rootkit.0Access) -> Quarantined and deleted successfully.

C:\WINDOWS\svchost.exe (Trojan.Agent) -> Delete on reboot.

(end)

****** DDS.txt ********************************************************************************

.

DDS (Ver_2011-08-26.01) - NTFSAMD64

Internet Explorer: 9.0.8112.16421

Run by kmwordsmith at 15:28:36 on 2012-08-19

Microsoft Windows 7 Home Premium 6.1.7601.1.1252.1.1033.18.4056.2499 [GMT -4:00]

.

AV: McAfee Anti-Virus and Anti-Spyware *Enabled/Updated* {86355677-4064-3EA7-ABB3-1B136EB04637}

SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

SP: McAfee Anti-Virus and Anti-Spyware *Enabled/Updated* {3D54B793-665E-3129-9103-206115370C8A}

FW: McAfee Firewall *Enabled* {BE0ED752-0A0B-3FFF-80EC-B2269063014C}

.

============== Running Processes ===============

.

C:\Windows\system32\wininit.exe

C:\Windows\system32\lsm.exe

C:\Windows\system32\svchost.exe -k DcomLaunch

C:\Windows\system32\svchost.exe -k RPCSS

C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted

C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted

C:\Windows\system32\svchost.exe -k netsvcs

C:\Windows\System32\DriverStore\FileRepository\stwrt64.inf_amd64_neutral_afc3018f8cfedd20\STacSV64.exe

C:\Windows\system32\svchost.exe -k LocalService

C:\Program Files\Dell\DellDock\DockLogin.exe

C:\Windows\system32\svchost.exe -k NetworkService

C:\Program Files\Dell\Dell Wireless WLAN Card\WLTRYSVC.EXE

C:\Windows\system32\WLANExt.exe

C:\Windows\system32\Dwm.exe

C:\Program Files\Dell\Dell Wireless WLAN Card\bcmwltry.exe

C:\Windows\system32\conhost.exe

C:\Windows\Explorer.EXE

C:\Windows\System32\spoolsv.exe

C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe

C:\Windows\system32\taskhost.exe

C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe

C:\Program Files (x86)\Microsoft\BingBar\SeaPort.EXE

C:\Program Files\Bonjour\mDNSResponder.exe

C:\Windows\System32\svchost.exe -k LocalServiceNoNetwork

C:\Program Files (x86)\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE

C:\Program Files\Common Files\McAfee\SystemCore\mfevtps.exe

C:\Program Files (x86)\Dell DataSafe Local Backup\sftservice.EXE

C:\Windows\system32\svchost.exe -k imgsvc

C:\Program Files\Common Files\McAfee\SystemCore\mcshield.exe

C:\Program Files\Common Files\McAfee\SystemCore\mfefire.exe

C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\IAANTMon.exe

C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe

C:\Program Files (x86)\Dell DataSafe Local Backup\TOASTER.EXE

C:\Program Files (x86)\Dell DataSafe Local Backup\COMPONENTS\SCHEDULER\STSERVICE.EXE

C:\Program Files (x86)\Dell DataSafe Local Backup\Components\DSUpdate\DSUpd.exe

C:\Program Files\DellTPad\Apoint.exe

C:\Program Files\IDT\WDM\sttray64.exe

C:\WINDOWS\System32\igfxtray.exe

C:\WINDOWS\System32\hkcmd.exe

C:\WINDOWS\System32\igfxpers.exe

C:\Program Files\Dell\Dell Wireless WLAN Card\WLTRAY.EXE

C:\Program Files\Dell\QuickSet\quickset.exe

C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\IAAnotif.exe

C:\Program Files\Microsoft IntelliPoint\ipoint.exe

C:\Users\kmwordsmith\AppData\Local\LearnPulse\Screenpresso\Screenpresso.exe

C:\Program Files (x86)\Common Files\Apple\Internet Services\ubd.exe

C:\Program Files (x86)\McAfee Security Scan\2.1.121\SSScheduler.exe

C:\Windows\system32\igfxsrvc.exe

C:\Program Files (x86)\PDFCreator\PDFCreator.exe

C:\Program Files\Dell\DellDock\DellDock.exe

C:\Users\kmwordsmith\AppData\Roaming\Dropbox\bin\Dropbox.exe

C:\Windows\system32\wbem\wmiprvse.exe

C:\Program Files (x86)\CyberLink\PowerDVD DX\PDVDDXSrv.exe

C:\Program Files (x86)\Common Files\Apple\Apple Application Support\distnoted.exe

C:\Program Files (x86)\Dell Webcam\Dell Webcam Central\WebcamDell2.exe

C:\Program Files (x86)\Roxio\Roxio Burn\RoxioBurnLauncher.exe

C:\Program Files (x86)\Common Files\Research In Motion\Auto Update\RIMAutoUpdate.exe

C:\Program Files\McAfee.com\Agent\mcagent.exe

C:\Windows\system32\conhost.exe

C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe

C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe

C:\Program Files (x86)\iTunes\iTunesHelper.exe

C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe

C:\Program Files\DellTPad\ApMsgFwd.exe

C:\Program Files\DellTPad\HidFind.exe

C:\Program Files\DellTPad\Apntex.exe

C:\Windows\system32\conhost.exe

C:\Program Files\iPod\bin\iPodService.exe

C:\Windows\system32\SearchIndexer.exe

C:\Program Files\Windows Media Player\wmpnetwk.exe

C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation

-netsvcs

C:\Windows\system32\conhost.exe

C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe

C:\Windows\System32\svchost.exe -k WerSvcGroup

C:\Program Files (x86)\Microsoft Office\OFFICE11\OUTLOOK.EXE

C:\Program Files (x86)\Microsoft Office\OFFICE11\WINWORD.EXE

C:\Windows\splwow64.exe

C:\Windows\SysWOW64\NOTEPAD.EXE

C:\Program Files (x86)\Internet Explorer\IELowutil.exe

C:\Program Files\Common Files\McAfee\Core\mchost.exe

C:\Windows\system32\SearchProtocolHost.exe

C:\Windows\system32\SearchFilterHost.exe

C:\Program Files (x86)\Internet Explorer\iexplore.exe

C:\Program Files (x86)\Internet Explorer\iexplore.exe

C:\Windows\system32\DllHost.exe

C:\Windows\system32\DllHost.exe

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\conhost.exe

C:\Windows\SysWOW64\cscript.exe

C:\Windows\system32\wbem\wmiprvse.exe

.

============== Pseudo HJT Report ===============

.

uStart Page = hxxp://www.bing.com/

uInternet Settings,ProxyOverride = *.local

uURLSearchHooks: Coupons.com Toolbar: {37153479-1976-43c3-a1ee-557513977b64} - C:\Program Files (x86)\Coupons.com\prxtbCoup.dll

mURLSearchHooks: Coupons.com Toolbar: {37153479-1976-43c3-a1ee-557513977b64} - C:\Program Files (x86)\Coupons.com\prxtbCoup.dll

mWinlogon: Userinit=userinit.exe,

BHO: ContributeBHO Class: {074c1dc5-9320-4a9a-947d-c042949c6216} - C:\Program Files (x86)\Adobe\/Adobe Contribute CS3/contributeieplugin.dll

BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll

BHO: McAfee Phishing Filter: {27b4851a-3207-45a2-b947-be8afe6163ab} - c:\progra~1\mcafee\msk\mskapbho.dll

BHO: Coupons.com Toolbar: {37153479-1976-43c3-a1ee-557513977b64} - C:\Program Files (x86)\Coupons.com\prxtbCoup.dll

BHO: {5C255C8A-E604-49b4-9D64-90988571CECB} - No File

BHO: ShopAtHome.com Toolbar: {66516a07-f617-488a-90cf-4e690cfb3c5f} - C:\Program Files (x86)\ShopAtHome\tbcore3U.dll

BHO: CDelHotkeys Object: {78875f5c-a685-4405-8dc5-d48dc65452b0} - C:\Program Files (x86)\Delicious Add-on for Internet Explorer\DeliciousExtension.dll

BHO: scriptproxy: {7db2d5a0-7241-4e79-b68d-6309f01c5231} - C:\Program Files (x86)\Common Files\McAfee\SystemCore\ScriptSn.20100907182941.dll

BHO: Windows Live Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll

BHO: Google Toolbar Helper: {aa58ed58-01dd-4d91-8333-cf10577473f7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll

BHO: Bing Bar Helper: {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - "C:\Program Files (x86)\Microsoft\BingBar\BingExt.dll"

BHO: Java Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll

TB: Contribute Toolbar: {517bdde4-e3a7-4570-b21e-2b52b6139fc7} - C:\Program Files (x86)\Adobe\/Adobe Contribute CS3/contributeieplugin.dll

TB: Delicious Toolbar: {61d1c847-df80-423a-8c6d-dc03b97e6ebe} - C:\Program Files (x86)\Delicious Add-on for Internet Explorer\DeliciousExtension.dll

TB: Coupons.com Toolbar: {37153479-1976-43c3-a1ee-557513977b64} - C:\Program Files (x86)\Coupons.com\prxtbCoup.dll

TB: ShopAtHome.com Toolbar: {311b58dc-a4dc-4b04-b1b5-60299ad3d803} - C:\Program Files (x86)\ShopAtHome\tbcore3U.dll

TB: Bing Bar: {8dcb7100-df86-4384-8842-8fa844297b3f} - "C:\Program Files (x86)\Microsoft\BingBar\BingExt.dll"

TB: Google Toolbar: {2318c2b1-4965-11d4-9b18-009027a5cd4f} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll

TB: {21FA44EF-376D-4D53-9B0F-8A89D3229068} - No File

EB: Delicious Sidebar: {9d19c405-ba93-461b-871f-97992cc45972} - C:\Program Files (x86)\Delicious Add-on for Internet Explorer\DeliciousExtension.dll

uRun: [screenpresso] "C:\Users\kmwordsmith\AppData\Local\LearnPulse\Screenpresso\Screenpresso.exe" -startup

uRun: [MobileDocuments] C:\Program Files (x86)\Common Files\Apple\Internet Services\ubd.exe

uRun: [Google Update] "C:\Users\kmwordsmith\AppData\Local\Google\Update\GoogleUpdate.exe" /c

mRun: [PDVDDXSrv] "C:\Program Files (x86)\CyberLink\PowerDVD DX\PDVDDXSrv.exe"

mRun: [Dell Webcam Central] "C:\Program Files (x86)\Dell Webcam\Dell Webcam Central\WebcamDell2.exe" /mode2

mRun: [Desktop Disc Tool] "C:\Program Files (x86)\Roxio\Roxio Burn\RoxioBurnLauncher.exe"

mRun: [DellSupportCenter] "C:\Program Files (x86)\Dell Support Center\bin\sprtcmd.exe" /P DellSupportCenter

mRun: [blackBerryAutoUpdate] C:\Program Files (x86)\Common Files\Research In Motion\Auto Update\RIMAutoUpdate.exe /background

mRun: [mcui_exe] "C:\Program Files\McAfee.com\Agent\mcagent.exe" /runkey

mRun: [AppleSyncNotifier] C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleSyncNotifier.exe

mRun: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"

mRun: [sunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"

mRun: [APSDaemon] "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe"

mRun: [QuickTime Task] "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime

mRun: [iTunesHelper] "C:\Program Files (x86)\iTunes\iTunesHelper.exe"

mRun: [Malwarebytes' Anti-Malware] "C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe" /starttray

mRunOnce: ["C:\Program Files (x86)\Dell DataSafe Local Backup\Components\DSUpdate\DSUpdate.exe"] "C:\Program Files (x86)\Dell DataSafe Local Backup\Components\DSUpdate\DSUpdate.exe"

mRunOnce: [Malwarebytes Anti-Malware (cleanup)] rundll32.exe "C:\ProgramData\Malwarebytes\Malwarebytes' Anti-Malware\cleanup.dll",ProcessCleanupScript

StartupFolder: C:\Users\KMWORD~1\AppData\Roaming\MICROS~1\Windows\STARTM~1\Programs\Startup\DELLDO~1.LNK - C:\Program Files (x86)\Dell\DellDock\DellDock.exe

StartupFolder: C:\Users\KMWORD~1\AppData\Roaming\MICROS~1\Windows\STARTM~1\Programs\Startup\Dropbox.lnk - C:\Users\kmwordsmith\AppData\Roaming\Dropbox\bin\Dropbox.exe

StartupFolder: C:\PROGRA~3\MICROS~1\Windows\STARTM~1\Programs\Startup\MCAFEE~1.LNK - C:\Program Files (x86)\McAfee Security Scan\2.1.121\SSScheduler.exe

StartupFolder: C:\PROGRA~3\MICROS~1\Windows\STARTM~1\Programs\Startup\PDFCRE~1.LNK - C:\Program Files (x86)\PDFCreator\PDFCreator.exe

mPolicies-explorer: NoActiveDesktop = 1 (0x1)

mPolicies-explorer: NoActiveDesktopChanges = 1 (0x1)

mPolicies-system: ConsentPromptBehaviorAdmin = 5 (0x5)

mPolicies-system: ConsentPromptBehaviorUser = 3 (0x3)

mPolicies-system: EnableUIADesktopToggle = 0 (0x0)

IE: E&xport to Microsoft Excel - C:\PROGRA~2\MIF5BA~1\OFFICE11\EXCEL.EXE/3000

IE: Google Sidewiki... - C:\Program Files (x86)\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_89D8574934B26AC4.dll/cmsidewiki.html

IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll

IE: {2C887991-08F0-11DC-A9B2-0012F0B227DD} - {B8D8B1D0-83AF-451B-8CD9-8F1BF4ED8FEA} - C:\Program Files (x86)\Delicious Add-on for Internet Explorer\DeliciousExtension.dll

IE: {2C887992-08F0-11DC-A9B2-0012F0B227DD} - {9D19C405-BA93-461b-871F-97992CC45972} - C:\Program Files (x86)\Delicious Add-on for Internet Explorer\DeliciousExtension.dll

IE: {2C887993-08F0-11DC-A9B2-0012F0B227DD} - {4D3D441F-9543-4941-B664-2EDCF9FC1B56} - C:\Program Files (x86)\Delicious Add-on for Internet Explorer\DeliciousExtension.dll

IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - C:\PROGRA~2\MIF5BA~1\OFFICE11\REFIEBAR.DLL

LSP: mswsock.dll

DPF: {02BF25D5-8C17-4B23-BC80-D3488ABDDC6B} - hxxp://appldnld.apple.com.edgesuite.net/content.info.apple.com/QuickTime/qtactivex/qtplugin.cab

DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab

DPF: {CAFEEFAC-0016-0000-0029-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab

DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab

DPF: {E06E2E99-0AA1-11D4-ABA6-0060082AA75C} - hxxps://logicalimages.webex.com/client/T27LB/webex/ieatgpc1.cab

DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab

TCP: DhcpNameServer = 192.168.254.254

TCP: Interfaces\{5543631B-9160-4BE9-925D-36734AE345F2} : DhcpNameServer = 192.168.254.254

TCP: Interfaces\{7F302492-41B6-4FBD-8780-5795A2FDC3EF} : DhcpNameServer = 192.168.254.254

BHO-X64: ContributeBHO Class: {074C1DC5-9320-4A9A-947D-C042949C6216} - C:\Program Files (x86)\Adobe\/Adobe Contribute CS3/contributeieplugin.dll

BHO-X64: Adobe PDF Link Helper: {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll

BHO-X64: AcroIEHelperStub - No File

BHO-X64: McAfee Phishing Filter: {27B4851A-3207-45A2-B947-BE8AFE6163AB} - c:\progra~1\mcafee\msk\mskapbho.dll

BHO-X64: McAfee Phishing Filter - No File

BHO-X64: Coupons.com Toolbar: {37153479-1976-43c3-a1ee-557513977b64} - C:\Program Files (x86)\Coupons.com\prxtbCoup.dll

BHO-X64: Coupons.com - No File

BHO-X64: {5C255C8A-E604-49b4-9D64-90988571CECB} - No File

BHO-X64: ShopAtHome.com Toolbar: {66516A07-F617-488A-90CF-4E690CFB3C5F} - C:\Program Files (x86)\ShopAtHome\tbcore3U.dll

BHO-X64: ShopAtHome.com Toolbar - No File

BHO-X64: CDelHotkeys Object: {78875F5C-A685-4405-8DC5-D48DC65452B0} - C:\Program Files (x86)\Delicious Add-on for Internet Explorer\DeliciousExtension.dll

BHO-X64: scriptproxy: {7DB2D5A0-7241-4E79-B68D-6309F01C5231} - C:\Program Files (x86)\Common Files\McAfee\SystemCore\ScriptSn.20100907182941.dll

BHO-X64: scriptproxy - No File

BHO-X64: Windows Live Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll

BHO-X64: Google Toolbar Helper: {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll

BHO-X64: Bing Bar Helper: {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - "C:\Program Files (x86)\Microsoft\BingBar\BingExt.dll"

BHO-X64: Java Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll

TB-X64: Contribute Toolbar: {517BDDE4-E3A7-4570-B21E-2B52B6139FC7} - C:\Program Files (x86)\Adobe\/Adobe Contribute CS3/contributeieplugin.dll

TB-X64: Delicious Toolbar: {61D1C847-DF80-423A-8C6D-DC03B97E6EBE} - C:\Program Files (x86)\Delicious Add-on for Internet Explorer\DeliciousExtension.dll

TB-X64: Coupons.com Toolbar: {37153479-1976-43c3-a1ee-557513977b64} - C:\Program Files (x86)\Coupons.com\prxtbCoup.dll

TB-X64: ShopAtHome.com Toolbar: {311B58DC-A4DC-4B04-B1B5-60299AD3D803} - C:\Program Files (x86)\ShopAtHome\tbcore3U.dll

TB-X64: Bing Bar: {8dcb7100-df86-4384-8842-8fa844297b3f} - "C:\Program Files (x86)\Microsoft\BingBar\BingExt.dll"

TB-X64: Google Toolbar: {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll

TB-X64: {21FA44EF-376D-4D53-9B0F-8A89D3229068} - No File

EB-X64: {9D19C405-BA93-461B-871F-97992CC45972} - No File

mRun-x64: [PDVDDXSrv] "C:\Program Files (x86)\CyberLink\PowerDVD DX\PDVDDXSrv.exe"

mRun-x64: [Dell Webcam Central] "C:\Program Files (x86)\Dell Webcam\Dell Webcam Central\WebcamDell2.exe" /mode2

mRun-x64: [Desktop Disc Tool] "C:\Program Files (x86)\Roxio\Roxio Burn\RoxioBurnLauncher.exe"

mRun-x64: [DellSupportCenter] "C:\Program Files (x86)\Dell Support Center\bin\sprtcmd.exe" /P DellSupportCenter

mRun-x64: [blackBerryAutoUpdate] C:\Program Files (x86)\Common Files\Research In Motion\Auto Update\RIMAutoUpdate.exe /background

mRun-x64: [mcui_exe] "C:\Program Files\McAfee.com\Agent\mcagent.exe" /runkey

mRun-x64: [AppleSyncNotifier] C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleSyncNotifier.exe

mRun-x64: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"

mRun-x64: [sunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"

mRun-x64: [APSDaemon] "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe"

mRun-x64: [QuickTime Task] "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime

mRun-x64: [iTunesHelper] "C:\Program Files (x86)\iTunes\iTunesHelper.exe"

mRun-x64: [Malwarebytes' Anti-Malware] "C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe" /starttray

mRunOnce-x64: ["C:\Program Files (x86)\Dell DataSafe Local Backup\Components\DSUpdate\DSUpdate.exe"] "C:\Program Files (x86)\Dell DataSafe Local Backup\Components\DSUpdate\DSUpdate.exe"

mRunOnce-x64: [Malwarebytes Anti-Malware (cleanup)] rundll32.exe "C:\ProgramData\Malwarebytes\Malwarebytes' Anti-Malware\cleanup.dll",ProcessCleanupScript

.

============= SERVICES / DRIVERS ===============

.

R0 mfehidk;McAfee Inc. mfehidk;C:\Windows\system32\drivers\mfehidk.sys --> C:\Windows\system32\drivers\mfehidk.sys [?]

R0 PxHlpa64;PxHlpa64;C:\Windows\system32\Drivers\PxHlpa64.sys --> C:\Windows\system32\Drivers\PxHlpa64.sys [?]

R1 mfenlfk;McAfee NDIS Light Filter;C:\Windows\system32\DRIVERS\mfenlfk.sys --> C:\Windows\system32\DRIVERS\mfenlfk.sys [?]

R1 mfewfpk;McAfee Inc. mfewfpk;C:\Windows\system32\drivers\mfewfpk.sys --> C:\Windows\system32\drivers\mfewfpk.sys [?]

R1 vwififlt;Virtual WiFi Filter Driver;C:\Windows\system32\DRIVERS\vwififlt.sys --> C:\Windows\system32\DRIVERS\vwififlt.sys [?]

R2 AdobeARMservice;Adobe Acrobat Update Service;C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe [2012-1-3 63928]

R2 BBUpdate;BBUpdate;C:\Program Files (x86)\Microsoft\BingBar\SeaPort.EXE [2011-10-13 249648]

R2 DockLoginService;Dock Login Service;C:\Program Files\Dell\DellDock\DockLogin.exe [2009-6-9 155648]

R2 MBAMService;MBAMService;C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [2012-8-15 655944]

R2 McNaiAnn;McAfee VirusScan Announcer;C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe [2010-9-7 355440]

R2 McProxy;McAfee Proxy Service;C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe [2010-9-7 355440]

R2 McShield;McShield;C:\Program Files\Common Files\McAfee\SystemCore\mcshield.exe [2010-9-7 199032]

R2 mfefire;McAfee Firewall Core Service;C:\Program Files\Common Files\McAfee\SystemCore\mfefire.exe [2010-9-7 244840]

R2 mfevtp;McAfee Validation Trust Protection Service;C:\Program Files\Common Files\McAfee\SystemCore\mfevtps.exe [2010-9-7 148520]

R2 SftService;SoftThinks Agent Service;C:\Program Files (x86)\Dell DataSafe Local Backup\SftService.exe [2009-11-28 1692480]

R3 CtClsFlt;Creative Camera Class Upper Filter Driver;C:\Windows\system32\DRIVERS\CtClsFlt.sys --> C:\Windows\system32\DRIVERS\CtClsFlt.sys [?]

R3 MBAMProtector;MBAMProtector;\??\C:\Windows\system32\drivers\mbam.sys --> C:\Windows\system32\drivers\mbam.sys [?]

R3 mfeavfk;McAfee Inc. mfeavfk;C:\Windows\system32\drivers\mfeavfk.sys --> C:\Windows\system32\drivers\mfeavfk.sys [?]

R3 mfefirek;McAfee Inc. mfefirek;C:\Windows\system32\drivers\mfefirek.sys --> C:\Windows\system32\drivers\mfefirek.sys [?]

R3 RSUSBSTOR;RtsUStor.Sys Realtek USB Card Reader;C:\Windows\system32\Drivers\RtsUStor.sys --> C:\Windows\system32\Drivers\RtsUStor.sys [?]

R3 yukonw7;NDIS6.2 Miniport Driver for Marvell Yukon Ethernet Controller;C:\Windows\system32\DRIVERS\yk62x64.sys --> C:\Windows\system32\DRIVERS\yk62x64.sys [?]

S2 BBSvc;Bing Bar Update Service;C:\Program Files (x86)\Microsoft\BingBar\BBSvc.EXE [2011-10-21 196176]

S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\WINDOWS\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]

S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\WINDOWS\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-3-18 138576]

S2 gupdate;Google Update Service (gupdate);C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2011-3-1 136176]

S2 McMPFSvc;McAfee Personal Firewall Service;C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe [2010-9-7 355440]

S3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service;C:\WINDOWS\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-4-17 250056]

S3 cfwids;McAfee Inc. cfwids;C:\Windows\system32\drivers\cfwids.sys --> C:\Windows\system32\drivers\cfwids.sys [?]

S3 gupdatem;Google Update Service (gupdatem);C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2011-3-1 136176]

S3 McComponentHostService;McAfee Security Scan Component Host Service;C:\Program Files (x86)\McAfee Security Scan\2.1.121\McCHSvc.exe [2010-9-3 227232]

S3 mferkdet;McAfee Inc. mferkdet;C:\Windows\system32\drivers\mferkdet.sys --> C:\Windows\system32\drivers\mferkdet.sys [?]

S3 TsUsbFlt;TsUsbFlt;C:\Windows\system32\drivers\tsusbflt.sys --> C:\Windows\system32\drivers\tsusbflt.sys [?]

S3 USBAAPL64;Apple Mobile USB Driver;C:\Windows\system32\Drivers\usbaapl64.sys --> C:\Windows\system32\Drivers\usbaapl64.sys [?]

S3 WatAdminSvc;Windows Activation Technologies Service;C:\Windows\system32\Wat\WatAdminSvc.exe --> C:\Windows\system32\Wat\WatAdminSvc.exe [?]

.

=============== Created Last 30 ================

.

2012-08-19 18:37:44 20480 ------w- C:\Windows\svchost.exe

2012-08-16 03:14:57 -------- d-----w- C:\Users\kmwordsmith\AppData\Roaming\Malwarebytes

2012-08-16 03:14:50 -------- d-----w- C:\ProgramData\Malwarebytes

2012-08-16 03:14:46 24904 ----a-w- C:\Windows\System32\drivers\mbam.sys

2012-08-16 03:14:46 -------- d-----w- C:\Program Files (x86)\Malwarebytes' Anti-Malware

2012-08-16 02:56:29 -------- d-----w- C:\Program Files (x86)\PC Tools

2012-08-16 02:47:50 251560 ----a-w- C:\Windows\System32\drivers\PCTSD64.sys

2012-08-16 02:47:50 -------- d-----w- C:\Program Files (x86)\Common Files\PC Tools

2012-08-16 02:47:20 -------- d-----w- C:\ProgramData\PC Tools

2012-08-16 02:47:19 -------- d-----w- C:\Users\kmwordsmith\AppData\Roaming\TestApp

2012-07-24 19:47:01 -------- d-sh--w- C:\Windows\SysWow64\%APPDATA%

2012-07-24 14:33:50 5120 ----a-w- C:\ProgramData\Microsoft\Windows\DRM\F337.tmp

2012-07-24 14:33:50 5120 ----a-w- C:\ProgramData\Microsoft\Windows\DRM\F336.tmp

.

==================== Find3M ====================

.

2012-08-15 13:46:15 70344 ----a-w- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl

2012-08-15 13:46:15 426184 ----a-w- C:\Windows\SysWow64\FlashPlayerApp.exe

2012-06-12 03:08:36 3148800 ----a-w- C:\Windows\System32\win32k.sys

2012-06-06 06:06:16 2004480 ----a-w- C:\Windows\System32\msxml6.dll

2012-06-06 06:06:16 1881600 ----a-w- C:\Windows\System32\msxml3.dll

2012-06-06 06:02:54 1133568 ----a-w- C:\Windows\System32\cdosys.dll

2012-06-06 05:05:52 1390080 ----a-w- C:\Windows\SysWow64\msxml6.dll

2012-06-06 05:05:52 1236992 ----a-w- C:\Windows\SysWow64\msxml3.dll

2012-06-06 05:03:06 805376 ----a-w- C:\Windows\SysWow64\cdosys.dll

2012-06-02 22:15:31 2622464 ----a-w- C:\Windows\System32\wucltux.dll

2012-06-02 22:15:08 99840 ----a-w- C:\Windows\System32\wudriver.dll

2012-06-02 19:19:42 186752 ----a-w- C:\Windows\System32\wuwebv.dll

2012-06-02 19:15:12 36864 ----a-w- C:\Windows\System32\wuapp.exe

2012-06-02 12:12:17 2311680 ----a-w- C:\Windows\System32\jscript9.dll

2012-06-02 12:05:28 1392128 ----a-w- C:\Windows\System32\wininet.dll

2012-06-02 12:04:50 1494528 ----a-w- C:\Windows\System32\inetcpl.cpl

2012-06-02 12:01:40 173056 ----a-w- C:\Windows\System32\ieUnatt.exe

2012-06-02 11:57:08 2382848 ----a-w- C:\Windows\System32\mshtml.tlb

2012-06-02 08:33:25 1800192 ----a-w- C:\Windows\SysWow64\jscript9.dll

2012-06-02 08:25:08 1129472 ----a-w- C:\Windows\SysWow64\wininet.dll

2012-06-02 08:25:03 1427968 ----a-w- C:\Windows\SysWow64\inetcpl.cpl

2012-06-02 08:20:33 142848 ----a-w- C:\Windows\SysWow64\ieUnatt.exe

2012-06-02 08:16:52 2382848 ----a-w- C:\Windows\SysWow64\mshtml.tlb

2012-06-02 05:50:10 458704 ----a-w- C:\Windows\System32\drivers\cng.sys

2012-06-02 05:48:16 95600 ----a-w- C:\Windows\System32\drivers\ksecdd.sys

2012-06-02 05:48:16 151920 ----a-w- C:\Windows\System32\drivers\ksecpkg.sys

2012-06-02 05:45:31 340992 ----a-w- C:\Windows\System32\schannel.dll

2012-06-02 05:44:21 307200 ----a-w- C:\Windows\System32\ncrypt.dll

2012-06-02 04:40:42 22016 ----a-w- C:\Windows\SysWow64\secur32.dll

2012-06-02 04:40:39 225280 ----a-w- C:\Windows\SysWow64\schannel.dll

2012-06-02 04:39:10 219136 ----a-w- C:\Windows\SysWow64\ncrypt.dll

2012-06-02 04:34:09 96768 ----a-w- C:\Windows\SysWow64\sspicli.dll

.

============= FINISH: 15:29:33.35 ===============

********** Attach.txt **********************************************************

.

UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.

IF REQUESTED, ZIP IT UP & ATTACH IT

.

DDS (Ver_2011-08-26.01)

.

Microsoft Windows 7 Home Premium

Boot Device: \Device\HarddiskVolume2

Install Date: 12/4/2009 7:12:02 PM

System Uptime: 8/19/2012 2:36:21 PM (1 hours ago)

.

Motherboard: Dell Inc. | | 0G848F

Processor: Pentium® Dual-Core CPU T4300 @ 2.10GHz | Microprocessor | 1197/200mhz

.

==== Disk Partitions =========================

.

C: is FIXED (NTFS) - 218 GiB total, 164.079 GiB free.

D: is CDROM ()

E: is FIXED (NTFS) - 190 GiB total, 105.716 GiB free.

.

==== Disabled Device Manager Items =============

.

==== System Restore Points ===================

.

RP186: 7/9/2012 11:11:13 AM - Scheduled Checkpoint

RP187: 7/11/2012 11:56:50 PM - Windows Update

RP188: 7/19/2012 12:53:10 PM - Scheduled Checkpoint

RP189: 7/27/2012 8:20:17 AM - Scheduled Checkpoint

RP190: 8/3/2012 8:41:58 AM - Scheduled Checkpoint

RP191: 8/10/2012 10:44:01 AM - Scheduled Checkpoint

RP192: 8/17/2012 11:19:58 AM - Scheduled Checkpoint

.

==== Installed Programs ======================

.

Adobe Acrobat Connect Add-in

Adobe AIR

Adobe Anchor Service CS3

Adobe Asset Services CS3

Adobe Bridge CS3

Adobe Bridge Start Meeting

Adobe Camera Raw 4.0

Adobe CMaps

Adobe Contribute CS3

Adobe Default Language CS3

Adobe ExtendScript Toolkit 2

Adobe Flash Player 11 ActiveX

Adobe Help Viewer CS3

Adobe PDF Library Files

Adobe Reader X (10.1.3)

Adobe Setup

Adobe Type Support

Adobe Update Manager CS3

Adobe Version Cue CS3 Client

Advanced Audio FX Engine

Apple Application Support

Apple Software Update

Bing Bar

BlackBerry Desktop Software 5.0.1

BlackBerry® Media Sync

Cisco EAP-FAST Module

Cisco LEAP Module

Cisco PEAP Module

Compatibility Pack for the 2007 Office system

Coupon Printer for Windows

Coupons.com Toolbar

Delicious Add-on for Internet Explorer

Dell DataSafe Local Backup

Dell DataSafe Local Backup - Support Software

Dell Getting Started Guide

Dell Webcam Central

Dropbox

Facebook Plug-In

FileZilla Client 3.3.0.1

Google Chrome

Google Toolbar for Internet Explorer

Google Update Helper

GoToAssist 8.0.0.514

Java Auto Updater

Java 6 Update 29

Junk Mail filter update

Live! Cam Avatar Creator

Malwarebytes Anti-Malware version 1.62.0.1300

McAfee Security Scan Plus

McAfee SecurityCenter

Microsoft Choice Guard

Microsoft Office File Validation Add-In

Microsoft Office Small Business Edition 2003

Microsoft Silverlight

Microsoft SQL Server 2005 Compact Edition [ENU]

Microsoft Sync Framework Runtime Native v1.0 (x86)

Microsoft Sync Framework Services Native v1.0 (x86)

Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053

Microsoft Visual C++ 2005 Redistributable

Microsoft Visual C++ 2005 Redistributable - KB2467175

Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729

Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161

Microsoft Visual C++ 2010 x86 Redistributable - 10.0.30319

MSVCRT

Notepad++

PDFCreator

PowerDVD DX

QualXServ Service Agreement

QuickTime

Roxio Burn

Roxio Update Manager

Screenpresso

Security Update for Microsoft .NET Framework 4 Client Profile (KB2160841)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2446708)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2478663)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2518870)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2539636)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2572078)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2604121)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2633870)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2656351)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2656368)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2656368v2)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2656405)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2686827)

ShopAtHome.com Toolbar

Spelling Dictionaries Support For Adobe Reader 9

Spotify

TweetDeck

Update for Microsoft .NET Framework 4 Client Profile (KB2468871)

Update for Microsoft .NET Framework 4 Client Profile (KB2533523)

Update for Microsoft .NET Framework 4 Client Profile (KB2600217)

WebEx

Windows Live Call

Windows Live Communications Platform

Windows Live Essentials

Windows Live Mail

Windows Live Messenger

Windows Live Movie Maker

Windows Live Photo Gallery

Windows Live Sign-in Assistant

Windows Live Sync

Windows Live Upload Tool

Windows Live Writer

Yahoo! Detect

.

==== Event Viewer Messages From Past Week ========

.

8/19/2012 2:39:26 PM, Error: Service Control Manager [7003] - The McAfee Personal Firewall Service service depends the following service: MpsSvc. This service might not be installed.

8/19/2012 2:37:33 PM, Error: Service Control Manager [7023] - The Function Discovery Resource Publication service terminated with the following error: %%-2147024891

8/19/2012 2:37:33 PM, Error: Service Control Manager [7001] - The HomeGroup Provider service depends on the Function Discovery Resource Publication service which failed to start because of the following error: %%-2147024891

8/19/2012 2:36:59 PM, Error: Service Control Manager [7003] - The IKE and AuthIP IPsec Keying Modules service depends the following service: BFE. This service might not be installed.

8/19/2012 10:50:19 AM, Error: Service Control Manager [7011] - A timeout (30000 milliseconds) was reached while waiting for a transaction response from the AudioEndpointBuilder service.

8/19/2012 10:49:49 AM, Error: Service Control Manager [7011] - A timeout (30000 milliseconds) was reached while waiting for a transaction response from the Wlansvc service.

8/19/2012 10:49:19 AM, Error: Service Control Manager [7011] - A timeout (30000 milliseconds) was reached while waiting for a transaction response from the SysMain service.

8/19/2012 1:51:43 PM, Error: Microsoft-Windows-WER-SystemErrorReporting [1001] - The computer has rebooted from a bugcheck. The bugcheck was: 0x0000001e (0xffffffffc0000096, 0xfffff800030fd4aa, 0x0000000000000000, 0x0000000000000000). A dump was saved in: C:\Windows\MEMORY.DMP. Report Id: 081912-23119-01.

8/19/2012 1:49:17 PM, Error: Microsoft-Windows-WER-SystemErrorReporting [1001] - The computer has rebooted from a bugcheck. The bugcheck was: 0x0000000a (0x00000000000000dc, 0x0000000000000002, 0x0000000000000001, 0xfffff800030be405). A dump was saved in: C:\Windows\MEMORY.DMP. Report Id: 081912-22464-01.

8/18/2012 1:38:38 PM, Error: Microsoft-Windows-DistributedCOM [10016] - The application-specific permission settings do not grant Local Activation permission for the COM Server application with CLSID {D3DCB472-7261-43CE-924B-0704BD730D5F} and APPID {D3DCB472-7261-43CE-924B-0704BD730D5F} to the user Rohan\kmwordsmith SID (S-1-5-21-2178287959-2484263321-3651141593-1001) from address LocalHost (Using LRPC). This security permission can be modified using the Component Services administrative tool.

8/18/2012 1:38:38 PM, Error: Microsoft-Windows-DistributedCOM [10016] - The application-specific permission settings do not grant Local Activation permission for the COM Server application with CLSID {145B4335-FE2A-4927-A040-7C35AD3180EF} and APPID {145B4335-FE2A-4927-A040-7C35AD3180EF} to the user Rohan\kmwordsmith SID (S-1-5-21-2178287959-2484263321-3651141593-1001) from address LocalHost (Using LRPC). This security permission can be modified using the Component Services administrative tool.

8/16/2012 9:13:46 PM, Error: Microsoft-Windows-WMPNSS-Service [14332] - Service 'WMPNetworkSvc' did not start correctly because CoCreateInstance(CLSID_UPnPDeviceFinder) encountered error '0x80004005'. Verify that the UPnPHost service is running and that the UPnPHost component of Windows is installed properly.

8/16/2012 12:55:40 PM, Error: PCTCore [280] -

8/16/2012 1:19:24 PM, Error: Service Control Manager [7011] - A timeout (30000 milliseconds) was reached while waiting for a transaction response from the WerSvc service.

8/16/2012 1:18:54 PM, Error: Service Control Manager [7011] - A timeout (30000 milliseconds) was reached while waiting for a transaction response from the eventlog service.

8/14/2012 1:28:11 PM, Error: Tcpip [4199] - The system detected an address conflict for IP address 192.168.1.101 with the system having network hardware address A4-5C-27-6F-B8-12. Network operations on this system may be disrupted as a result.

.

==== End Of File ===========================

Link to post
Share on other sites
Maniac

Maniac

Posted
Posted

Hello dmar2012 and :welcome:! My name is Maniac and I will be glad to help you solve your malware problem.

Please note:

  • If you are a paying customer, you have the privilege to contact the help desk at Consumer Support. If you choose this option to get help, please let me know.
  • I recommend you to keep the instructions I will be giving you so that they are available to you at any time. You can save them in a text file or print them.
  • Make sure you read all of the instructions and fixes thoroughly before continuing with them.
  • Follow my instructions strictly and don’t hesitate to stop and ask me if you have any questions.
  • Post your log files, don't attach them. Every log file should be copy/pasted in your next reply.

BACKDOOR WARNING

One or more of the identified infections is known to use a backdoor.

This allows hackers to remotely control your computer, steal critical system information and download and execute files.

I would advice you to disconnect this PC from the Internet immediately. If you do any banking or other financial transactions on the PC or if it should contain any other sensitive information, please get to a known clean computer and change all passwords where applicable, and it would be wise to contact those same financial institutions to apprise them of your situation.

Though the infection has been identified and can be killed, because of it's backdoor functionality, your PC is very likely compromised and there is no way to be sure your computer can ever again be trusted. Many experts in the security community believe that once infected with this type of trojan, the best course of action would be a reformat and reinstall of the OS. Please read these for more information:

Help: I Got Hacked. Now What Do I Do?

Help: I Got Hacked. Now What Do I Do? Part II

How Do I Handle Possible Identify Theft, Internet Fraud and CC Fraud?

When Should I Format, How Should I Reinstall

We can still clean this machine but I can't guarantee that it will be 100% secure afterwards. Let me know what you decide to do. If you decide to go through with the cleanup, please proceed with the following steps.

Step 1

Please uninstall the following applications:

Coupons.com Toolbar

ShopAtHome.com Toolbar

Step 2

Download the latest version of TDSSKiller from here and save it to your Desktop.

  1. Doubleclick on TDSSKiller.exe to run the application, then click on Change parameters.
    tdss_1.jpg
  2. Check the boxes beside Verify Driver Digital Signature and Detect TDLFS file system, then click OK.
    tdss_2.jpg
  3. Click the Start Scan button.
    tdss_3.jpg
  4. If a suspicious object is detected, the default action will be Skip, click on Continue.
    tdss_4.jpg
  5. If malicious objects are found, they will show in the Scan results and offer three (3) options.
  6. Ensure Cure is selected, then click Continue => Reboot now to finish the cleaning process.
    tdss_5.jpg
  7. Note: If Cure is not available, please choose Skip instead, do not choose Delete unless instructed.

A report will be created in your root directory, (usually C:\ folder) in the form of "TDSSKiller.[Version]_[Date]_[Time]_log.txt". Please copy and paste its contents on your next reply.

Step 3

  • Launch Malwarebytes' Anti-Malware
  • Go to Update tab and select Check for Updates. If an update is found, it will download and install the latest version.
  • Go to Scanner tab and select Perform Quick Scan, then click Scan.
  • The scan may take some time to finish,so please be patient.
  • When the scan is complete, click OK, then Show Results to view the results.
  • Make sure that everything is checked, and click Remove Selected.
  • When disinfection is completed, a log will open in Notepad and you may be prompted to Restart. (See Extra Note)
  • The log is automatically saved by MBAM and can be viewed by clicking the Logs tab in MBAM.
  • Copy&Paste the entire report in your next reply.

Extra Note: If MBAM encounters a file that is difficult to remove, you will be presented with 1 of 2 prompts, click OK to either and let MBAM proceed with the disinfection process, if asked to restart the computer,please do so immediately.

In your next reply, post the following log files:

  • TDSSKiller log
  • Malwarebytes' Anti-Malware log
  • a new fresh DDS log

Link to post
Share on other sites
dmar2012

dmar2012

Posted
  • Author
Posted

Hi Maniac,

Thanks very much for your assistance and quick reply. I have followed your instructions and am pasting the requested logs below. Everything went smoothly and the MBAM scan did not find anything suspicious after the TDSSKiller ran, so hopefully that is a good sign.

NOTE I got an error "post too long" when I tried to submit with all 3 requested logs in this post. So 2 (TDSSKiller and MBAM) are below - I will post the DDS report in a separate post.

***** TDSSKiller.2.8.6.0_19.08.2012_18.12.19_log.txt *******

18:12:19.0658 5028 TDSS rootkit removing tool 2.8.6.0 Aug 13 2012 17:24:05

18:12:20.0017 5028 ============================================================

18:12:20.0017 5028 Current date / time: 2012/08/19 18:12:20.0017

18:12:20.0017 5028 SystemInfo:

18:12:20.0017 5028

18:12:20.0017 5028 OS Version: 6.1.7601 ServicePack: 1.0

18:12:20.0017 5028 Product type: Workstation

18:12:20.0017 5028 ComputerName: ROHAN

18:12:20.0017 5028 UserName: kmwordsmith

18:12:20.0017 5028 Windows directory: C:\Windows

18:12:20.0017 5028 System windows directory: C:\Windows

18:12:20.0017 5028 Running under WOW64

18:12:20.0017 5028 Processor architecture: Intel x64

18:12:20.0017 5028 Number of processors: 2

18:12:20.0017 5028 Page size: 0x1000

18:12:20.0017 5028 Boot type: Normal boot

18:12:20.0017 5028 ============================================================

18:12:20.0453 5028 Drive \Device\Harddisk0\DR0 - Size: 0x3A38B2E000 (232.89 Gb), SectorSize: 0x200, Cylinders: 0x76C1, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000040

18:12:20.0453 5028 Drive \Device\Harddisk1\DR1 - Size: 0x2F7B000000 (189.92 Gb), SectorSize: 0x200, Cylinders: 0x60D8, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'W'

18:12:27.0817 5028 ============================================================

18:12:27.0817 5028 \Device\Harddisk0\DR0:

18:12:27.0817 5028 MBR partitions:

18:12:27.0817 5028 \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x14000, BlocksNum 0x1D4C000

18:12:27.0817 5028 \Device\Harddisk0\DR0\Partition2: MBR, Type 0x7, StartLBA 0x1D60000, BlocksNum 0x1B465170

18:12:27.0817 5028 \Device\Harddisk1\DR1:

18:12:27.0817 5028 MBR partitions:

18:12:27.0817 5028 \Device\Harddisk1\DR1\Partition1: MBR, Type 0x7, StartLBA 0x3F, BlocksNum 0x17BD13D8

18:12:27.0817 5028 ============================================================

18:12:27.0879 5028 C: <-> \Device\Harddisk0\DR0\Partition2

18:12:27.0957 5028 E: <-> \Device\Harddisk1\DR1\Partition1

18:12:27.0957 5028 ============================================================

18:12:27.0957 5028 Initialize success

18:12:27.0957 5028 ============================================================

18:13:03.0088 5636 ============================================================

18:13:03.0088 5636 Scan started

18:13:03.0088 5636 Mode: Manual; SigCheck; TDLFS;

18:13:03.0088 5636 ============================================================

18:13:03.0509 5636 ================ Scan services =============================

18:13:03.0697 5636 [ a87d604aea360176311474c87a63bb88 ] 1394ohci C:\Windows\system32\drivers\1394ohci.sys

18:13:03.0915 5636 1394ohci - ok

18:13:03.0977 5636 [ d81d9e70b8a6dd14d42d7b4efa65d5f2 ] ACPI C:\Windows\system32\drivers\ACPI.sys

18:13:04.0009 5636 ACPI - ok

18:13:04.0087 5636 [ 99f8e788246d495ce3794d7e7821d2ca ] AcpiPmi C:\Windows\system32\drivers\acpipmi.sys

18:13:04.0243 5636 AcpiPmi - ok

18:13:04.0414 5636 [ 62b7936f9036dd6ed36e6a7efa805dc0 ] AdobeARMservice C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe

18:13:04.0430 5636 AdobeARMservice - ok

18:13:04.0570 5636 [ a9d3b95e8466bd58eeb8a1154654e162 ] AdobeFlashPlayerUpdateSvc C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe

18:13:04.0601 5636 AdobeFlashPlayerUpdateSvc - ok

18:13:04.0664 5636 [ 2f6b34b83843f0c5118b63ac634f5bf4 ] adp94xx C:\Windows\system32\DRIVERS\adp94xx.sys

18:13:04.0726 5636 adp94xx - ok

18:13:04.0773 5636 [ 597f78224ee9224ea1a13d6350ced962 ] adpahci C:\Windows\system32\DRIVERS\adpahci.sys

18:13:04.0820 5636 adpahci - ok

18:13:04.0851 5636 [ e109549c90f62fb570b9540c4b148e54 ] adpu320 C:\Windows\system32\DRIVERS\adpu320.sys

18:13:04.0867 5636 adpu320 - ok

18:13:04.0898 5636 [ 4b78b431f225fd8624c5655cb1de7b61 ] AeLookupSvc C:\Windows\System32\aelupsvc.dll

18:13:05.0069 5636 AeLookupSvc - ok

18:13:05.0147 5636 [ 1c7857b62de5994a75b054a9fd4c3825 ] AFD C:\Windows\system32\drivers\afd.sys

18:13:05.0350 5636 AFD - ok

18:13:05.0397 5636 [ 608c14dba7299d8cb6ed035a68a15799 ] agp440 C:\Windows\system32\drivers\agp440.sys

18:13:05.0444 5636 agp440 - ok

18:13:05.0491 5636 [ 3290d6946b5e30e70414990574883ddb ] ALG C:\Windows\System32\alg.exe

18:13:05.0584 5636 ALG - ok

18:13:05.0631 5636 [ 5812713a477a3ad7363c7438ca2ee038 ] aliide C:\Windows\system32\drivers\aliide.sys

18:13:05.0678 5636 aliide - ok

18:13:05.0709 5636 [ 1ff8b4431c353ce385c875f194924c0c ] amdide C:\Windows\system32\drivers\amdide.sys

18:13:05.0740 5636 amdide - ok

18:13:05.0771 5636 [ 7024f087cff1833a806193ef9d22cda9 ] AmdK8 C:\Windows\system32\DRIVERS\amdk8.sys

18:13:05.0849 5636 AmdK8 - ok

18:13:05.0865 5636 [ 1e56388b3fe0d031c44144eb8c4d6217 ] AmdPPM C:\Windows\system32\DRIVERS\amdppm.sys

18:13:05.0912 5636 AmdPPM - ok

18:13:05.0974 5636 [ d4121ae6d0c0e7e13aa221aa57ef2d49 ] amdsata C:\Windows\system32\drivers\amdsata.sys

18:13:06.0037 5636 amdsata - ok

18:13:06.0068 5636 [ f67f933e79241ed32ff46a4f29b5120b ] amdsbs C:\Windows\system32\DRIVERS\amdsbs.sys

18:13:06.0115 5636 amdsbs - ok

18:13:06.0130 5636 [ 540daf1cea6094886d72126fd7c33048 ] amdxata C:\Windows\system32\drivers\amdxata.sys

18:13:06.0146 5636 amdxata - ok

18:13:06.0193 5636 [ 1412e9a88fe1f7e35ce6058a2ef03664 ] ApfiltrService C:\Windows\system32\DRIVERS\Apfiltr.sys

18:13:06.0271 5636 ApfiltrService - ok

18:13:06.0317 5636 [ 89a69c3f2f319b43379399547526d952 ] AppID C:\Windows\system32\drivers\appid.sys

18:13:06.0458 5636 AppID - ok

18:13:06.0473 5636 [ 0bc381a15355a3982216f7172f545de1 ] AppIDSvc C:\Windows\System32\appidsvc.dll

18:13:06.0567 5636 AppIDSvc - ok

18:13:06.0614 5636 [ 3977d4a871ca0d4f2ed1e7db46829731 ] Appinfo C:\Windows\System32\appinfo.dll

18:13:06.0692 5636 Appinfo - ok

18:13:06.0785 5636 [ 7ef47644b74ebe721cc32211d3c35e76 ] Apple Mobile Device C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe

18:13:06.0817 5636 Apple Mobile Device - ok

18:13:06.0848 5636 [ c484f8ceb1717c540242531db7845c4e ] arc C:\Windows\system32\DRIVERS\arc.sys

18:13:06.0879 5636 arc - ok

18:13:06.0895 5636 [ 019af6924aefe7839f61c830227fe79c ] arcsas C:\Windows\system32\DRIVERS\arcsas.sys

18:13:06.0926 5636 arcsas - ok

18:13:06.0941 5636 [ 769765ce2cc62867468cea93969b2242 ] AsyncMac C:\Windows\system32\DRIVERS\asyncmac.sys

18:13:07.0019 5636 AsyncMac - ok

18:13:07.0082 5636 [ 02062c0b390b7729edc9e69c680a6f3c ] atapi C:\Windows\system32\drivers\atapi.sys

18:13:07.0113 5636 atapi - ok

18:13:07.0191 5636 [ f23fef6d569fce88671949894a8becf1 ] AudioEndpointBuilder C:\Windows\System32\Audiosrv.dll

18:13:07.0378 5636 AudioEndpointBuilder - ok

18:13:07.0394 5636 [ f23fef6d569fce88671949894a8becf1 ] AudioSrv C:\Windows\System32\Audiosrv.dll

18:13:07.0456 5636 AudioSrv - ok

18:13:07.0487 5636 [ a6bf31a71b409dfa8cac83159e1e2aff ] AxInstSV C:\Windows\System32\AxInstSV.dll

18:13:07.0643 5636 AxInstSV - ok

18:13:07.0690 5636 [ 3e5b191307609f7514148c6832bb0842 ] b06bdrv C:\Windows\system32\DRIVERS\bxvbda.sys

18:13:07.0784 5636 b06bdrv - ok

18:13:07.0815 5636 [ b5ace6968304a3900eeb1ebfd9622df2 ] b57nd60a C:\Windows\system32\DRIVERS\b57nd60a.sys

18:13:07.0909 5636 b57nd60a - ok

18:13:07.0987 5636 [ 01a24b415926bb5f772dbe12459d97de ] BBSvc C:\Program Files (x86)\Microsoft\BingBar\BBSvc.EXE

18:13:08.0033 5636 BBSvc - ok

18:13:08.0080 5636 [ 785de7abda13309d6065305542829e76 ] BBUpdate C:\Program Files (x86)\Microsoft\BingBar\SeaPort.EXE

18:13:08.0111 5636 BBUpdate - ok

18:13:08.0143 5636 [ e001dd475a7c27ebe5a0db45c11bad71 ] BCM42RLY C:\Windows\system32\drivers\BCM42RLY.sys

18:13:08.0205 5636 BCM42RLY - ok

18:13:08.0314 5636 [ 37394d3553e220fb732c21e217e1bd8b ] BCM43XX C:\Windows\system32\DRIVERS\bcmwl664.sys

18:13:08.0455 5636 BCM43XX - ok

18:13:08.0501 5636 [ fde360167101b4e45a96f939f388aeb0 ] BDESVC C:\Windows\System32\bdesvc.dll

18:13:08.0564 5636 BDESVC - ok

18:13:08.0595 5636 [ 16a47ce2decc9b099349a5f840654746 ] Beep C:\Windows\system32\drivers\Beep.sys

18:13:08.0673 5636 Beep - ok

18:13:08.0720 5636 [ 61583ee3c3a17003c4acd0475646b4d3 ] blbdrive C:\Windows\system32\DRIVERS\blbdrive.sys

18:13:08.0767 5636 blbdrive - ok

18:13:08.0845 5636 [ ebbcd5dfbb1de70e8f4af8fa59e401fd ] Bonjour Service C:\Program Files\Bonjour\mDNSResponder.exe

18:13:08.0876 5636 Bonjour Service - ok

18:13:08.0923 5636 [ 6c02a83164f5cc0a262f4199f0871cf5 ] bowser C:\Windows\system32\DRIVERS\bowser.sys

18:13:08.0969 5636 bowser - ok

18:13:09.0001 5636 [ f09eee9edc320b5e1501f749fde686c8 ] BrFiltLo C:\Windows\system32\DRIVERS\BrFiltLo.sys

18:13:09.0094 5636 BrFiltLo - ok

18:13:09.0094 5636 [ b114d3098e9bdb8bea8b053685831be6 ] BrFiltUp C:\Windows\system32\DRIVERS\BrFiltUp.sys

18:13:09.0125 5636 BrFiltUp - ok

18:13:09.0188 5636 [ 8ef0d5c41ec907751b8429162b1239ed ] Browser C:\Windows\System32\browser.dll

18:13:09.0281 5636 Browser - ok

18:13:09.0328 5636 [ 43bea8d483bf1870f018e2d02e06a5bd ] Brserid C:\Windows\System32\Drivers\Brserid.sys

18:13:09.0422 5636 Brserid - ok

18:13:09.0437 5636 [ a6eca2151b08a09caceca35c07f05b42 ] BrSerWdm C:\Windows\System32\Drivers\BrSerWdm.sys

18:13:09.0484 5636 BrSerWdm - ok

18:13:09.0500 5636 [ b79968002c277e869cf38bd22cd61524 ] BrUsbMdm C:\Windows\System32\Drivers\BrUsbMdm.sys

18:13:09.0562 5636 BrUsbMdm - ok

18:13:09.0578 5636 [ a87528880231c54e75ea7a44943b38bf ] BrUsbSer C:\Windows\System32\Drivers\BrUsbSer.sys

18:13:09.0625 5636 BrUsbSer - ok

18:13:09.0656 5636 [ 9da669f11d1f894ab4eb69bf546a42e8 ] BTHMODEM C:\Windows\system32\DRIVERS\bthmodem.sys

18:13:09.0703 5636 BTHMODEM - ok

18:13:09.0749 5636 [ 95f9c2976059462cbbf227f7aab10de9 ] bthserv C:\Windows\system32\bthserv.dll

18:13:09.0812 5636 bthserv - ok

18:13:09.0843 5636 [ b8bd2bb284668c84865658c77574381a ] cdfs C:\Windows\system32\DRIVERS\cdfs.sys

18:13:09.0905 5636 cdfs - ok

18:13:09.0968 5636 [ f036ce71586e93d94dab220d7bdf4416 ] cdrom C:\Windows\system32\drivers\cdrom.sys

18:13:10.0061 5636 cdrom - ok

18:13:10.0108 5636 [ f17d1d393bbc69c5322fbfafaca28c7f ] CertPropSvc C:\Windows\System32\certprop.dll

18:13:10.0202 5636 CertPropSvc - ok

18:13:10.0249 5636 [ 3b8a124d87ee9d229d1f07f518da9a4c ] cfwids C:\Windows\system32\drivers\cfwids.sys

18:13:10.0358 5636 cfwids - ok

18:13:10.0405 5636 [ d7cd5c4e1b71fa62050515314cfb52cf ] circlass C:\Windows\system32\DRIVERS\circlass.sys

18:13:10.0467 5636 circlass - ok

18:13:10.0498 5636 [ fe1ec06f2253f691fe36217c592a0206 ] CLFS C:\Windows\system32\CLFS.sys

18:13:10.0545 5636 CLFS - ok

18:13:10.0592 5636 [ d88040f816fda31c3b466f0fa0918f29 ] clr_optimization_v2.0.50727_32 C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe

18:13:10.0623 5636 clr_optimization_v2.0.50727_32 - ok

18:13:10.0670 5636 [ d1ceea2b47cb998321c579651ce3e4f8 ] clr_optimization_v2.0.50727_64 C:\Windows\Microsoft.NET\Framework64\v2.0.50727\mscorsvw.exe

18:13:10.0701 5636 clr_optimization_v2.0.50727_64 - ok

18:13:10.0795 5636 [ c5a75eb48e2344abdc162bda79e16841 ] clr_optimization_v4.0.30319_32 C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe

18:13:10.0826 5636 clr_optimization_v4.0.30319_32 - ok

18:13:10.0888 5636 [ c6f9af94dcd58122a4d7e89db6bed29d ] clr_optimization_v4.0.30319_64 C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe

18:13:10.0919 5636 clr_optimization_v4.0.30319_64 - ok

18:13:10.0951 5636 [ 0840155d0bddf1190f84a663c284bd33 ] CmBatt C:\Windows\system32\DRIVERS\CmBatt.sys

18:13:10.0982 5636 CmBatt - ok

18:13:11.0029 5636 [ e19d3f095812725d88f9001985b94edd ] cmdide C:\Windows\system32\drivers\cmdide.sys

18:13:11.0060 5636 cmdide - ok

18:13:11.0107 5636 [ 9ac4f97c2d3e93367e2148ea940cd2cd ] CNG C:\Windows\system32\Drivers\cng.sys

18:13:11.0153 5636 CNG - ok

18:13:11.0169 5636 [ 102de219c3f61415f964c88e9085ad14 ] Compbatt C:\Windows\system32\DRIVERS\compbatt.sys

18:13:11.0185 5636 Compbatt - ok

18:13:11.0247 5636 [ 03edb043586cceba243d689bdda370a8 ] CompositeBus C:\Windows\system32\drivers\CompositeBus.sys

18:13:11.0341 5636 CompositeBus - ok

18:13:11.0450 5636 COMSysApp - ok

18:13:11.0481 5636 [ 1c827878a998c18847245fe1f34ee597 ] crcdisk C:\Windows\system32\DRIVERS\crcdisk.sys

18:13:11.0512 5636 crcdisk - ok

18:13:11.0543 5636 [ 4f5414602e2544a4554d95517948b705 ] CryptSvc C:\Windows\system32\cryptsvc.dll

18:13:11.0653 5636 CryptSvc - ok

18:13:11.0684 5636 [ ed5cf92396a62f4c15110dcdb5e854d9 ] CtClsFlt C:\Windows\system32\DRIVERS\CtClsFlt.sys

18:13:11.0809 5636 CtClsFlt - ok

18:13:11.0856 5636 [ 7f61fbe259c18666d8ddf862f13a5eb0 ] dc3d C:\Windows\system32\DRIVERS\dc3d.sys

18:13:11.0934 5636 dc3d - ok

18:13:11.0965 5636 [ 5c627d1b1138676c0a7ab2c2c190d123 ] DcomLaunch C:\Windows\system32\rpcss.dll

18:13:12.0058 5636 DcomLaunch - ok

18:13:12.0121 5636 [ 3cec7631a84943677aa8fa8ee5b6b43d ] defragsvc C:\Windows\System32\defragsvc.dll

18:13:12.0230 5636 defragsvc - ok

18:13:12.0277 5636 [ 9bb2ef44eaa163b29c4a4587887a0fe4 ] DfsC C:\Windows\system32\Drivers\dfsc.sys

18:13:12.0339 5636 DfsC - ok

18:13:12.0370 5636 [ 43d808f5d9e1a18e5eeb5ebc83969e4e ] Dhcp C:\Windows\system32\dhcpcore.dll

18:13:12.0480 5636 Dhcp - ok

18:13:12.0511 5636 [ 13096b05847ec78f0977f2c0f79e9ab3 ] discache C:\Windows\system32\drivers\discache.sys

18:13:12.0589 5636 discache - ok

18:13:12.0636 5636 [ 9819eee8b5ea3784ec4af3b137a5244c ] Disk C:\Windows\system32\DRIVERS\disk.sys

18:13:12.0651 5636 Disk - ok

18:13:12.0698 5636 [ 16835866aaa693c7d7fceba8fff706e4 ] Dnscache C:\Windows\System32\dnsrslvr.dll

18:13:12.0776 5636 Dnscache - ok

18:13:12.0854 5636 [ 0840abbbdf438691ee65a20040635cbe ] DockLoginService C:\Program Files\Dell\DellDock\DockLogin.exe

18:13:12.0901 5636 DockLoginService ( UnsignedFile.Multi.Generic ) - warning

18:13:12.0901 5636 DockLoginService - detected UnsignedFile.Multi.Generic (1)

18:13:12.0932 5636 [ b1fb3ddca0fdf408750d5843591afbc6 ] dot3svc C:\Windows\System32\dot3svc.dll

18:13:13.0072 5636 dot3svc - ok

18:13:13.0104 5636 [ b26f4f737e8f9df4f31af6cf31d05820 ] DPS C:\Windows\system32\dps.dll

18:13:13.0182 5636 DPS - ok

18:13:13.0213 5636 [ 9b19f34400d24df84c858a421c205754 ] drmkaud C:\Windows\system32\drivers\drmkaud.sys

18:13:13.0244 5636 drmkaud - ok

18:13:13.0306 5636 [ f5bee30450e18e6b83a5012c100616fd ] DXGKrnl C:\Windows\System32\drivers\dxgkrnl.sys

18:13:13.0431 5636 DXGKrnl - ok

18:13:13.0509 5636 [ e2dda8726da9cb5b2c4000c9018a9633 ] EapHost C:\Windows\System32\eapsvc.dll

18:13:13.0572 5636 EapHost - ok

18:13:13.0681 5636 [ dc5d737f51be844d8c82c695eb17372f ] ebdrv C:\Windows\system32\DRIVERS\evbda.sys

18:13:13.0852 5636 ebdrv - ok

18:13:13.0899 5636 [ c118a82cd78818c29ab228366ebf81c3 ] EFS C:\Windows\System32\lsass.exe

18:13:13.0977 5636 EFS - ok

18:13:14.0040 5636 [ c4002b6b41975f057d98c439030cea07 ] ehRecvr C:\Windows\ehome\ehRecvr.exe

18:13:14.0164 5636 ehRecvr - ok

18:13:14.0180 5636 [ 4705e8ef9934482c5bb488ce28afc681 ] ehSched C:\Windows\ehome\ehsched.exe

18:13:14.0258 5636 ehSched - ok

18:13:14.0305 5636 [ 0e5da5369a0fcaea12456dd852545184 ] elxstor C:\Windows\system32\DRIVERS\elxstor.sys

18:13:14.0367 5636 elxstor - ok

18:13:14.0414 5636 [ 34a3c54752046e79a126e15c51db409b ] ErrDev C:\Windows\system32\drivers\errdev.sys

18:13:14.0461 5636 ErrDev - ok

18:13:14.0508 5636 [ 4166f82be4d24938977dd1746be9b8a0 ] EventSystem C:\Windows\system32\es.dll

18:13:14.0554 5636 EventSystem - ok

18:13:14.0570 5636 [ a510c654ec00c1e9bdd91eeb3a59823b ] exfat C:\Windows\system32\drivers\exfat.sys

18:13:14.0632 5636 exfat - ok

18:13:14.0664 5636 [ 0adc83218b66a6db380c330836f3e36d ] fastfat C:\Windows\system32\drivers\fastfat.sys

18:13:14.0710 5636 fastfat - ok

18:13:14.0773 5636 [ dbefd454f8318a0ef691fdd2eaab44eb ] Fax C:\Windows\system32\fxssvc.exe

18:13:14.0835 5636 Fax - ok

18:13:14.0866 5636 [ d765d19cd8ef61f650c384f62fac00ab ] fdc C:\Windows\system32\DRIVERS\fdc.sys

18:13:14.0913 5636 fdc - ok

18:13:14.0944 5636 [ 0438cab2e03f4fb61455a7956026fe86 ] fdPHost C:\Windows\system32\fdPHost.dll

18:13:15.0007 5636 fdPHost - ok

18:13:15.0022 5636 [ 802496cb59a30349f9a6dd22d6947644 ] FDResPub C:\Windows\system32\fdrespub.dll

18:13:15.0100 5636 FDResPub - ok

18:13:15.0132 5636 [ 655661be46b5f5f3fd454e2c3095b930 ] FileInfo C:\Windows\system32\drivers\fileinfo.sys

18:13:15.0163 5636 FileInfo - ok

18:13:15.0163 5636 [ 5f671ab5bc87eea04ec38a6cd5962a47 ] Filetrace C:\Windows\system32\drivers\filetrace.sys

18:13:15.0256 5636 Filetrace - ok

18:13:15.0303 5636 [ 227846995afeefa70d328bf5334a86a5 ] FLEXnet Licensing Service C:\Program Files (x86)\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe

18:13:15.0350 5636 FLEXnet Licensing Service ( UnsignedFile.Multi.Generic ) - warning

18:13:15.0350 5636 FLEXnet Licensing Service - detected UnsignedFile.Multi.Generic (1)

18:13:15.0381 5636 [ c172a0f53008eaeb8ea33fe10e177af5 ] flpydisk C:\Windows\system32\DRIVERS\flpydisk.sys

18:13:15.0412 5636 flpydisk - ok

18:13:15.0444 5636 [ da6b67270fd9db3697b20fce94950741 ] FltMgr C:\Windows\system32\drivers\fltmgr.sys

18:13:15.0490 5636 FltMgr - ok

18:13:15.0615 5636 [ 5c4cb4086fb83115b153e47add961a0c ] FontCache C:\Windows\system32\FntCache.dll

18:13:15.0724 5636 FontCache - ok

18:13:15.0802 5636 [ a8b7f3818ab65695e3a0bb3279f6dce6 ] FontCache3.0.0.0 C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe

18:13:15.0834 5636 FontCache3.0.0.0 - ok

18:13:15.0849 5636 [ d43703496149971890703b4b1b723eac ] FsDepends C:\Windows\system32\drivers\FsDepends.sys

18:13:15.0880 5636 FsDepends - ok

18:13:15.0912 5636 [ 6bd9295cc032dd3077c671fccf579a7b ] Fs_Rec C:\Windows\system32\drivers\Fs_Rec.sys

18:13:15.0974 5636 Fs_Rec - ok

18:13:16.0036 5636 [ 1f7b25b858fa27015169fe95e54108ed ] fvevol C:\Windows\system32\DRIVERS\fvevol.sys

18:13:16.0068 5636 fvevol - ok

18:13:16.0114 5636 [ 8c778d335c9d272cfd3298ab02abe3b6 ] gagp30kx C:\Windows\system32\DRIVERS\gagp30kx.sys

18:13:16.0146 5636 gagp30kx - ok

18:13:16.0177 5636 [ e403aacf8c7bb11375122d2464560311 ] GEARAspiWDM C:\Windows\system32\DRIVERS\GEARAspiWDM.sys

18:13:16.0255 5636 GEARAspiWDM - ok

18:13:16.0364 5636 [ d3316f6e3c011435f36e3d6e49b3196c ] GoToAssist C:\Program Files (x86)\Citrix\GoToAssist\514\g2aservice.exe

18:13:16.0395 5636 GoToAssist - ok

18:13:16.0442 5636 [ 277bbc7e1aa1ee957f573a10eca7ef3a ] gpsvc C:\Windows\System32\gpsvc.dll

18:13:16.0536 5636 gpsvc - ok

18:13:16.0692 5636 [ f02a533f517eb38333cb12a9e8963773 ] gupdate C:\Program Files (x86)\Google\Update\GoogleUpdate.exe

18:13:16.0707 5636 gupdate - ok

18:13:16.0738 5636 [ f02a533f517eb38333cb12a9e8963773 ] gupdatem C:\Program Files (x86)\Google\Update\GoogleUpdate.exe

18:13:16.0754 5636 gupdatem - ok

18:13:16.0801 5636 [ cc839e8d766cc31a7710c9f38cf3e375 ] gusvc C:\Program Files (x86)\Google\Common\Google Updater\GoogleUpdaterService.exe

18:13:16.0832 5636 gusvc - ok

18:13:16.0863 5636 [ f2523ef6460fc42405b12248338ab2f0 ] hcw85cir C:\Windows\system32\drivers\hcw85cir.sys

18:13:16.0941 5636 hcw85cir - ok

18:13:16.0988 5636 [ 97bfed39b6b79eb12cddbfeed51f56bb ] HDAudBus C:\Windows\system32\drivers\HDAudBus.sys

18:13:17.0050 5636 HDAudBus - ok

18:13:17.0050 5636 [ 78e86380454a7b10a5eb255dc44a355f ] HidBatt C:\Windows\system32\DRIVERS\HidBatt.sys

18:13:17.0082 5636 HidBatt - ok

18:13:17.0097 5636 [ 7fd2a313f7afe5c4dab14798c48dd104 ] HidBth C:\Windows\system32\DRIVERS\hidbth.sys

18:13:17.0128 5636 HidBth - ok

18:13:17.0144 5636 [ 0a77d29f311b88cfae3b13f9c1a73825 ] HidIr C:\Windows\system32\DRIVERS\hidir.sys

18:13:17.0191 5636 HidIr - ok

18:13:17.0222 5636 [ bd9eb3958f213f96b97b1d897dee006d ] hidserv C:\Windows\system32\hidserv.dll

18:13:17.0331 5636 hidserv - ok

18:13:17.0362 5636 [ 9592090a7e2b61cd582b612b6df70536 ] HidUsb C:\Windows\system32\drivers\hidusb.sys

18:13:17.0440 5636 HidUsb - ok

18:13:17.0487 5636 [ 387e72e739e15e3d37907a86d9ff98e2 ] hkmsvc C:\Windows\system32\kmsvc.dll

18:13:17.0565 5636 hkmsvc - ok

18:13:17.0643 5636 [ efdfb3dd38a4376f93e7985173813abd ] HomeGroupListener C:\Windows\system32\ListSvc.dll

18:13:17.0721 5636 HomeGroupListener - ok

18:13:17.0752 5636 [ 908acb1f594274965a53926b10c81e89 ] HomeGroupProvider C:\Windows\system32\provsvc.dll

18:13:17.0815 5636 HomeGroupProvider - ok

18:13:17.0862 5636 [ 39d2abcd392f3d8a6dce7b60ae7b8efc ] HpSAMD C:\Windows\system32\drivers\HpSAMD.sys

18:13:17.0908 5636 HpSAMD - ok

18:13:17.0986 5636 [ 0ea7de1acb728dd5a369fd742d6eee28 ] HTTP C:\Windows\system32\drivers\HTTP.sys

18:13:18.0142 5636 HTTP - ok

18:13:18.0189 5636 [ a5462bd6884960c9dc85ed49d34ff392 ] hwpolicy C:\Windows\system32\drivers\hwpolicy.sys

18:13:18.0205 5636 hwpolicy - ok

18:13:18.0252 5636 [ fa55c73d4affa7ee23ac4be53b4592d3 ] i8042prt C:\Windows\system32\drivers\i8042prt.sys

18:13:18.0267 5636 i8042prt - ok

18:13:18.0345 5636 [ 7548066df68a8a1a56b043359f915f37 ] IAANTMON C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\IAANTMon.exe

18:13:18.0376 5636 IAANTMON - ok

18:13:18.0439 5636 [ 1d004cb1da6323b1f55caef7f94b61d9 ] iaStor C:\Windows\system32\DRIVERS\iaStor.sys

18:13:18.0470 5636 iaStor - ok

18:13:18.0517 5636 [ aaaf44db3bd0b9d1fb6969b23ecc8366 ] iaStorV C:\Windows\system32\drivers\iaStorV.sys

18:13:18.0595 5636 iaStorV - ok

18:13:18.0657 5636 [ 5988fc40f8db5b0739cd1e3a5d0d78bd ] idsvc C:\Windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\infocard.exe

18:13:18.0720 5636 idsvc - ok

18:13:18.0907 5636 [ babd5f9b2bcc82ce556a0baf1ae208a7 ] igfx C:\Windows\system32\DRIVERS\igdkmd64.sys

18:13:19.0281 5636 igfx - ok

18:13:19.0328 5636 [ 5c18831c61933628f5bb0ea2675b9d21 ] iirsp C:\Windows\system32\DRIVERS\iirsp.sys

18:13:19.0359 5636 iirsp - ok

18:13:19.0453 5636 [ fcd84c381e0140af901e58d48882d26b ] IKEEXT C:\Windows\System32\ikeext.dll

18:13:19.0562 5636 IKEEXT - ok

18:13:19.0687 5636 [ f00f20e70c6ec3aa366910083a0518aa ] intelide C:\Windows\system32\drivers\intelide.sys

18:13:19.0718 5636 intelide - ok

18:13:19.0749 5636 [ ada036632c664caa754079041cf1f8c1 ] intelppm C:\Windows\system32\DRIVERS\intelppm.sys

18:13:19.0796 5636 intelppm - ok

18:13:19.0827 5636 [ 098a91c54546a3b878dad6a7e90a455b ] IPBusEnum C:\Windows\system32\ipbusenum.dll

18:13:19.0890 5636 IPBusEnum - ok

18:13:19.0936 5636 [ c9f0e1bd74365a8771590e9008d22ab6 ] IpFilterDriver C:\Windows\system32\DRIVERS\ipfltdrv.sys

18:13:20.0061 5636 IpFilterDriver - ok

18:13:20.0092 5636 [ 0fc1aea580957aa8817b8f305d18ca3a ] IPMIDRV C:\Windows\system32\drivers\IPMIDrv.sys

18:13:20.0202 5636 IPMIDRV - ok

18:13:20.0248 5636 [ af9b39a7e7b6caa203b3862582e9f2d0 ] IPNAT C:\Windows\system32\drivers\ipnat.sys

18:13:20.0326 5636 IPNAT - ok

18:13:20.0420 5636 [ 50d6ccc6ff5561f9f56946b3e6164fb8 ] iPod Service C:\Program Files\iPod\bin\iPodService.exe

18:13:20.0451 5636 iPod Service - ok

18:13:20.0482 5636 [ 3abf5e7213eb28966d55d58b515d5ce9 ] IRENUM C:\Windows\system32\drivers\irenum.sys

18:13:20.0560 5636 IRENUM - ok

18:13:20.0592 5636 [ 2f7b28dc3e1183e5eb418df55c204f38 ] isapnp C:\Windows\system32\drivers\isapnp.sys

18:13:20.0623 5636 isapnp - ok

18:13:20.0670 5636 [ d931d7309deb2317035b07c9f9e6b0bd ] iScsiPrt C:\Windows\system32\drivers\msiscsi.sys

18:13:20.0732 5636 iScsiPrt - ok

18:13:20.0779 5636 [ bc02336f1cba7dcc7d1213bb588a68a5 ] kbdclass C:\Windows\system32\drivers\kbdclass.sys

18:13:20.0826 5636 kbdclass - ok

18:13:20.0872 5636 [ 0705eff5b42a9db58548eec3b26bb484 ] kbdhid C:\Windows\system32\drivers\kbdhid.sys

18:13:20.0966 5636 kbdhid - ok

18:13:20.0982 5636 [ c118a82cd78818c29ab228366ebf81c3 ] KeyIso C:\Windows\system32\lsass.exe

18:13:20.0997 5636 KeyIso - ok

18:13:21.0028 5636 [ 97a7070aea4c058b6418519e869a63b4 ] KSecDD C:\Windows\system32\Drivers\ksecdd.sys

18:13:21.0044 5636 KSecDD - ok

18:13:21.0091 5636 [ 26c43a7c2862447ec59deda188d1da07 ] KSecPkg C:\Windows\system32\Drivers\ksecpkg.sys

18:13:21.0106 5636 KSecPkg - ok

18:13:21.0122 5636 [ 6869281e78cb31a43e969f06b57347c4 ] ksthunk C:\Windows\system32\drivers\ksthunk.sys

18:13:21.0184 5636 ksthunk - ok

18:13:21.0262 5636 [ 6ab66e16aa859232f64deb66887a8c9c ] KtmRm C:\Windows\system32\msdtckrm.dll

18:13:21.0372 5636 KtmRm - ok

18:13:21.0418 5636 [ d9f42719019740baa6d1c6d536cbdaa6 ] LanmanServer C:\Windows\system32\srvsvc.dll

18:13:21.0496 5636 LanmanServer - ok

18:13:21.0528 5636 [ 851a1382eed3e3a7476db004f4ee3e1a ] LanmanWorkstation C:\Windows\System32\wkssvc.dll

18:13:21.0606 5636 LanmanWorkstation - ok

18:13:21.0762 5636 [ 1538831cf8ad2979a04c423779465827 ] lltdio C:\Windows\system32\DRIVERS\lltdio.sys

18:13:21.0840 5636 lltdio - ok

18:13:21.0871 5636 [ c1185803384ab3feed115f79f109427f ] lltdsvc C:\Windows\System32\lltdsvc.dll

18:13:21.0964 5636 lltdsvc - ok

18:13:21.0980 5636 [ f993a32249b66c9d622ea5592a8b76b8 ] lmhosts C:\Windows\System32\lmhsvc.dll

18:13:22.0042 5636 lmhosts - ok

18:13:22.0074 5636 [ 1a93e54eb0ece102495a51266dcdb6a6 ] LSI_FC C:\Windows\system32\DRIVERS\lsi_fc.sys

18:13:22.0089 5636 LSI_FC - ok

18:13:22.0120 5636 [ 1047184a9fdc8bdbff857175875ee810 ] LSI_SAS C:\Windows\system32\DRIVERS\lsi_sas.sys

18:13:22.0136 5636 LSI_SAS - ok

18:13:22.0167 5636 [ 30f5c0de1ee8b5bc9306c1f0e4a75f93 ] LSI_SAS2 C:\Windows\system32\DRIVERS\lsi_sas2.sys

18:13:22.0198 5636 LSI_SAS2 - ok

18:13:22.0214 5636 [ 0504eacaff0d3c8aed161c4b0d369d4a ] LSI_SCSI C:\Windows\system32\DRIVERS\lsi_scsi.sys

18:13:22.0245 5636 LSI_SCSI - ok

18:13:22.0276 5636 [ 43d0f98e1d56ccddb0d5254cff7b356e ] luafv C:\Windows\system32\drivers\luafv.sys

18:13:22.0354 5636 luafv - ok

18:13:22.0386 5636 [ dc8490812a3b72811ae534f423b4c206 ] MBAMProtector C:\Windows\system32\drivers\mbam.sys

18:13:22.0417 5636 MBAMProtector - ok

18:13:22.0479 5636 [ 43683e970f008c93c9429ef428147a54 ] MBAMService C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe

18:13:22.0526 5636 MBAMService - ok

18:13:22.0620 5636 [ fd3ad5e1ecdaa94a89d6697f5c5465d6 ] McComponentHostService C:\Program Files (x86)\McAfee Security Scan\2.1.121\McCHSvc.exe

18:13:22.0651 5636 McComponentHostService - ok

18:13:22.0744 5636 [ 458a013df72eaab91877fa03533e2c8b ] McMPFSvc C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe

18:13:22.0776 5636 McMPFSvc - ok

18:13:22.0791 5636 [ 458a013df72eaab91877fa03533e2c8b ] mcmscsvc C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe

18:13:22.0822 5636 mcmscsvc - ok

18:13:22.0822 5636 [ 458a013df72eaab91877fa03533e2c8b ] McNaiAnn C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe

18:13:22.0854 5636 McNaiAnn - ok

18:13:22.0869 5636 [ 458a013df72eaab91877fa03533e2c8b ] McNASvc C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe

18:13:22.0885 5636 McNASvc - ok

18:13:22.0916 5636 [ 3809b77eb1734cd5fb317425f188abc1 ] McODS C:\Program Files\McAfee\VirusScan\mcods.exe

18:13:22.0947 5636 McODS - ok

18:13:22.0963 5636 [ 458a013df72eaab91877fa03533e2c8b ] McProxy C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe

18:13:22.0994 5636 McProxy - ok

18:13:23.0056 5636 [ be7802cfab44b613ac1a20aec1d45b87 ] McShield C:\Program Files\Common Files\McAfee\SystemCore\\mcshield.exe

18:13:23.0088 5636 McShield - ok

18:13:23.0119 5636 [ 0be09cd858abf9df6ed259d57a1a1663 ] Mcx2Svc C:\Windows\system32\Mcx2Svc.dll

18:13:23.0197 5636 Mcx2Svc - ok

18:13:23.0275 5636 [ 11f714f85530a2bd134074dc30e99fca ] MDM C:\Program Files (x86)\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE

18:13:23.0306 5636 MDM - ok

18:13:23.0322 5636 [ a55805f747c6edb6a9080d7c633bd0f4 ] megasas C:\Windows\system32\DRIVERS\megasas.sys

18:13:23.0368 5636 megasas - ok

18:13:23.0384 5636 [ baf74ce0072480c3b6b7c13b2a94d6b3 ] MegaSR C:\Windows\system32\DRIVERS\MegaSR.sys

18:13:23.0415 5636 MegaSR - ok

18:13:23.0446 5636 [ 0d8a2ccd9fb7a18114ffa13bb681f362 ] mfeapfk C:\Windows\system32\drivers\mfeapfk.sys

18:13:23.0462 5636 mfeapfk - ok

18:13:23.0493 5636 [ 58e891f01db2b41ef1a1296fe63ed74c ] mfeavfk C:\Windows\system32\drivers\mfeavfk.sys

18:13:23.0571 5636 mfeavfk - ok

18:13:23.0602 5636 mfeavfk01 - ok

18:13:23.0634 5636 [ 656ef23f7d0738dac975036d6bdde036 ] mfefire C:\Program Files\Common Files\McAfee\SystemCore\\mfefire.exe

18:13:23.0665 5636 mfefire - ok

18:13:23.0712 5636 [ 74c4bf6c59a8a900c25ee892d3771f73 ] mfefirek C:\Windows\system32\drivers\mfefirek.sys

18:13:23.0805 5636 mfefirek - ok

18:13:23.0868 5636 [ bcd060ddc1ea7d2f84e75d17c8e2c88c ] mfehidk C:\Windows\system32\drivers\mfehidk.sys

18:13:23.0899 5636 mfehidk - ok

18:13:23.0946 5636 [ 27f5b2b6261d018cbce0f2250d812be5 ] mfenlfk C:\Windows\system32\DRIVERS\mfenlfk.sys

18:13:24.0024 5636 mfenlfk - ok

18:13:24.0055 5636 [ 537d31cf8d41222be5bfa56a5ec35ceb ] mferkdet C:\Windows\system32\drivers\mferkdet.sys

18:13:24.0102 5636 mferkdet - ok

18:13:24.0133 5636 [ 5f9f24654ac493970d678ec7b1e3df93 ] mfevtp C:\Program Files\Common Files\McAfee\SystemCore\mfevtps.exe

18:13:24.0164 5636 mfevtp - ok

18:13:24.0195 5636 [ 5c07cb165074c6114616d8473cdd0938 ] mfewfpk C:\Windows\system32\drivers\mfewfpk.sys

18:13:24.0258 5636 mfewfpk - ok

18:13:24.0289 5636 [ e40e80d0304a73e8d269f7141d77250b ] MMCSS C:\Windows\system32\mmcss.dll

18:13:24.0336 5636 MMCSS - ok

18:13:24.0351 5636 [ 800ba92f7010378b09f9ed9270f07137 ] Modem C:\Windows\system32\drivers\modem.sys

18:13:24.0414 5636 Modem - ok

18:13:24.0445 5636 [ b03d591dc7da45ece20b3b467e6aadaa ] monitor C:\Windows\system32\DRIVERS\monitor.sys

18:13:24.0492 5636 monitor - ok

18:13:24.0538 5636 [ 7d27ea49f3c1f687d357e77a470aea99 ] mouclass C:\Windows\system32\drivers\mouclass.sys

18:13:24.0570 5636 mouclass - ok

18:13:24.0601 5636 [ d3bf052c40b0c4166d9fd86a4288c1e6 ] mouhid C:\Windows\system32\DRIVERS\mouhid.sys

18:13:24.0616 5636 mouhid - ok

18:13:24.0648 5636 [ 32e7a3d591d671a6df2db515a5cbe0fa ] mountmgr C:\Windows\system32\drivers\mountmgr.sys

18:13:24.0679 5636 mountmgr - ok

18:13:24.0710 5636 [ a44b420d30bd56e145d6a2bc8768ec58 ] mpio C:\Windows\system32\drivers\mpio.sys

18:13:24.0772 5636 mpio - ok

18:13:24.0788 5636 [ 6c38c9e45ae0ea2fa5e551f2ed5e978f ] mpsdrv C:\Windows\system32\drivers\mpsdrv.sys

18:13:24.0850 5636 mpsdrv - ok

18:13:24.0882 5636 [ dc722758b8261e1abafd31a3c0a66380 ] MRxDAV C:\Windows\system32\drivers\mrxdav.sys

18:13:24.0975 5636 MRxDAV - ok

18:13:25.0006 5636 [ a5d9106a73dc88564c825d317cac68ac ] mrxsmb C:\Windows\system32\DRIVERS\mrxsmb.sys

18:13:25.0084 5636 mrxsmb - ok

18:13:25.0131 5636 [ d711b3c1d5f42c0c2415687be09fc163 ] mrxsmb10 C:\Windows\system32\DRIVERS\mrxsmb10.sys

18:13:25.0162 5636 mrxsmb10 - ok

18:13:25.0194 5636 [ 9423e9d355c8d303e76b8cfbd8a5c30c ] mrxsmb20 C:\Windows\system32\DRIVERS\mrxsmb20.sys

18:13:25.0209 5636 mrxsmb20 - ok

18:13:25.0240 5636 [ c25f0bafa182cbca2dd3c851c2e75796 ] msahci C:\Windows\system32\drivers\msahci.sys

18:13:25.0334 5636 msahci - ok

18:13:25.0381 5636 [ db801a638d011b9633829eb6f663c900 ] msdsm C:\Windows\system32\drivers\msdsm.sys

18:13:25.0443 5636 msdsm - ok

18:13:25.0459 5636 [ de0ece52236cfa3ed2dbfc03f28253a8 ] MSDTC C:\Windows\System32\msdtc.exe

18:13:25.0506 5636 MSDTC - ok

18:13:25.0537 5636 [ aa3fb40e17ce1388fa1bedab50ea8f96 ] Msfs C:\Windows\system32\drivers\Msfs.sys

18:13:25.0599 5636 Msfs - ok

18:13:25.0615 5636 [ f9d215a46a8b9753f61767fa72a20326 ] mshidkmdf C:\Windows\System32\drivers\mshidkmdf.sys

18:13:25.0693 5636 mshidkmdf - ok

18:13:25.0724 5636 [ d916874bbd4f8b07bfb7fa9b3ccae29d ] msisadrv C:\Windows\system32\drivers\msisadrv.sys

18:13:25.0740 5636 msisadrv - ok

18:13:25.0786 5636 [ 808e98ff49b155c522e6400953177b08 ] MSiSCSI C:\Windows\system32\iscsiexe.dll

18:13:25.0864 5636 MSiSCSI - ok

18:13:25.0864 5636 msiserver - ok

18:13:25.0911 5636 [ 458a013df72eaab91877fa03533e2c8b ] MSK80Service C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe

18:13:25.0942 5636 MSK80Service - ok

18:13:25.0958 5636 [ 49ccf2c4fea34ffad8b1b59d49439366 ] MSKSSRV C:\Windows\system32\drivers\MSKSSRV.sys

18:13:26.0036 5636 MSKSSRV - ok

18:13:26.0052 5636 [ bdd71ace35a232104ddd349ee70e1ab3 ] MSPCLOCK C:\Windows\system32\drivers\MSPCLOCK.sys

18:13:26.0098 5636 MSPCLOCK - ok

18:13:26.0114 5636 [ 4ed981241db27c3383d72092b618a1d0 ] MSPQM C:\Windows\system32\drivers\MSPQM.sys

18:13:26.0192 5636 MSPQM - ok

18:13:26.0223 5636 [ 759a9eeb0fa9ed79da1fb7d4ef78866d ] MsRPC C:\Windows\system32\drivers\MsRPC.sys

18:13:26.0254 5636 MsRPC - ok

18:13:26.0301 5636 [ 0eed230e37515a0eaee3c2e1bc97b288 ] mssmbios C:\Windows\system32\drivers\mssmbios.sys

18:13:26.0332 5636 mssmbios - ok

18:13:26.0332 5636 [ 2e66f9ecb30b4221a318c92ac2250779 ] MSTEE C:\Windows\system32\drivers\MSTEE.sys

18:13:26.0410 5636 MSTEE - ok

18:13:26.0426 5636 [ 7ea404308934e675bffde8edf0757bcd ] MTConfig C:\Windows\system32\DRIVERS\MTConfig.sys

18:13:26.0457 5636 MTConfig - ok

18:13:26.0488 5636 [ f9a18612fd3526fe473c1bda678d61c8 ] Mup C:\Windows\system32\Drivers\mup.sys

18:13:26.0504 5636 Mup - ok

18:13:26.0551 5636 [ 582ac6d9873e31dfa28a4547270862dd ] napagent C:\Windows\system32\qagentRT.dll

18:13:26.0644 5636 napagent - ok

18:13:26.0676 5636 [ 1ea3749c4114db3e3161156ffffa6b33 ] NativeWifiP C:\Windows\system32\DRIVERS\nwifi.sys

18:13:26.0738 5636 NativeWifiP - ok

18:13:26.0800 5636 [ 79b47fd40d9a817e932f9d26fac0a81c ] NDIS C:\Windows\system32\drivers\ndis.sys

18:13:26.0878 5636 NDIS - ok

18:13:26.0894 5636 [ 9f9a1f53aad7da4d6fef5bb73ab811ac ] NdisCap C:\Windows\system32\DRIVERS\ndiscap.sys

18:13:26.0956 5636 NdisCap - ok

18:13:26.0988 5636 [ 30639c932d9fef22b31268fe25a1b6e5 ] NdisTapi C:\Windows\system32\DRIVERS\ndistapi.sys

18:13:27.0050 5636 NdisTapi - ok

18:13:27.0081 5636 [ 136185f9fb2cc61e573e676aa5402356 ] Ndisuio C:\Windows\system32\DRIVERS\ndisuio.sys

18:13:27.0175 5636 Ndisuio - ok

18:13:27.0206 5636 [ 53f7305169863f0a2bddc49e116c2e11 ] NdisWan C:\Windows\system32\DRIVERS\ndiswan.sys

18:13:27.0346 5636 NdisWan - ok

18:13:27.0378 5636 [ 015c0d8e0e0421b4cfd48cffe2825879 ] NDProxy C:\Windows\system32\drivers\NDProxy.sys

18:13:27.0518 5636 NDProxy - ok

18:13:27.0549 5636 [ 86743d9f5d2b1048062b14b1d84501c4 ] NetBIOS C:\Windows\system32\DRIVERS\netbios.sys

18:13:27.0627 5636 NetBIOS - ok

18:13:27.0658 5636 [ 09594d1089c523423b32a4229263f068 ] NetBT C:\Windows\system32\DRIVERS\netbt.sys

18:13:27.0736 5636 NetBT - ok

18:13:27.0752 5636 [ c118a82cd78818c29ab228366ebf81c3 ] Netlogon C:\Windows\system32\lsass.exe

18:13:27.0783 5636 Netlogon - ok

18:13:27.0814 5636 [ 847d3ae376c0817161a14a82c8922a9e ] Netman C:\Windows\System32\netman.dll

18:13:27.0877 5636 Netman - ok

18:13:27.0908 5636 [ 5f28111c648f1e24f7dbc87cdeb091b8 ] netprofm C:\Windows\System32\netprofm.dll

18:13:28.0002 5636 netprofm - ok

18:13:28.0033 5636 [ 3e5a36127e201ddf663176b66828fafe ] NetTcpPortSharing C:\Windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\SMSvcHost.exe

18:13:28.0048 5636 NetTcpPortSharing - ok

18:13:28.0095 5636 [ 77889813be4d166cdab78ddba990da92 ] nfrd960 C:\Windows\system32\DRIVERS\nfrd960.sys

18:13:28.0126 5636 nfrd960 - ok

18:13:28.0158 5636 [ 1ee99a89cc788ada662441d1e9830529 ] NlaSvc C:\Windows\System32\nlasvc.dll

18:13:28.0251 5636 NlaSvc - ok

18:13:28.0298 5636 [ 1e4c4ab5c9b8dd13179bbdc75a2a01f7 ] Npfs C:\Windows\system32\drivers\Npfs.sys

18:13:28.0345 5636 Npfs - ok

18:13:28.0345 5636 [ d54bfdf3e0c953f823b3d0bfe4732528 ] nsi C:\Windows\system32\nsisvc.dll

18:13:28.0392 5636 nsi - ok

18:13:28.0407 5636 [ e7f5ae18af4168178a642a9247c63001 ] nsiproxy C:\Windows\system32\drivers\nsiproxy.sys

18:13:28.0470 5636 nsiproxy - ok

18:13:28.0548 5636 [ a2f74975097f52a00745f9637451fdd8 ] Ntfs C:\Windows\system32\drivers\Ntfs.sys

18:13:28.0641 5636 Ntfs - ok

18:13:28.0672 5636 [ 317020d31f1696334679b9d0416eb62e ] NuidFltr C:\Windows\system32\DRIVERS\NuidFltr.sys

18:13:28.0735 5636 NuidFltr - ok

18:13:28.0750 5636 [ 9899284589f75fa8724ff3d16aed75c1 ] Null C:\Windows\system32\drivers\Null.sys

18:13:28.0797 5636 Null - ok

18:13:28.0844 5636 [ 0a92cb65770442ed0dc44834632f66ad ] nvraid C:\Windows\system32\drivers\nvraid.sys

18:13:28.0953 5636 nvraid - ok

18:13:28.0984 5636 [ dab0e87525c10052bf65f06152f37e4a ] nvstor C:\Windows\system32\drivers\nvstor.sys

18:13:29.0062 5636 nvstor - ok

18:13:29.0109 5636 [ 270d7cd42d6e3979f6dd0146650f0e05 ] nv_agp C:\Windows\system32\drivers\nv_agp.sys

18:13:29.0156 5636 nv_agp - ok

18:13:29.0187 5636 [ 3589478e4b22ce21b41fa1bfc0b8b8a0 ] ohci1394 C:\Windows\system32\drivers\ohci1394.sys

18:13:29.0250 5636 ohci1394 - ok

18:13:29.0281 5636 [ 7a56cf3e3f12e8af599963b16f50fb6a ] ose C:\Program Files (x86)\Common Files\Microsoft Shared\Source Engine\OSE.EXE

18:13:29.0312 5636 ose - ok

18:13:29.0343 5636 [ 3eac4455472cc2c97107b5291e0dcafe ] p2pimsvc C:\Windows\system32\pnrpsvc.dll

18:13:29.0406 5636 p2pimsvc - ok

18:13:29.0437 5636 [ 927463ecb02179f88e4b9a17568c63c3 ] p2psvc C:\Windows\system32\p2psvc.dll

18:13:29.0484 5636 p2psvc - ok

18:13:29.0499 5636 [ 0086431c29c35be1dbc43f52cc273887 ] Parport C:\Windows\system32\DRIVERS\parport.sys

18:13:29.0530 5636 Parport - ok

18:13:29.0562 5636 [ e9766131eeade40a27dc27d2d68fba9c ] partmgr C:\Windows\system32\drivers\partmgr.sys

18:13:29.0593 5636 partmgr - ok

18:13:29.0608 5636 [ 3aeaa8b561e63452c655dc0584922257 ] PcaSvc C:\Windows\System32\pcasvc.dll

18:13:29.0671 5636 PcaSvc - ok

18:13:29.0702 5636 [ 94575c0571d1462a0f70bde6bd6ee6b3 ] pci C:\Windows\system32\drivers\pci.sys

18:13:29.0718 5636 pci - ok

18:13:29.0749 5636 [ b5b8b5ef2e5cb34df8dcf8831e3534fa ] pciide C:\Windows\system32\drivers\pciide.sys

18:13:29.0780 5636 pciide - ok

18:13:29.0796 5636 [ b2e81d4e87ce48589f98cb8c05b01f2f ] pcmcia C:\Windows\system32\DRIVERS\pcmcia.sys

18:13:29.0827 5636 pcmcia - ok

18:13:29.0842 5636 [ d6b9c2e1a11a3a4b26a182ffef18f603 ] pcw C:\Windows\system32\drivers\pcw.sys

18:13:29.0858 5636 pcw - ok

18:13:29.0905 5636 [ 68769c3356b3be5d1c732c97b9a80d6e ] PEAUTH C:\Windows\system32\drivers\peauth.sys

18:13:29.0998 5636 PEAUTH - ok

18:13:30.0092 5636 [ e495e408c93141e8fc72dc0c6046ddfa ] PerfHost C:\Windows\SysWow64\perfhost.exe

18:13:30.0139 5636 PerfHost - ok

18:13:30.0217 5636 [ c7cf6a6e137463219e1259e3f0f0dd6c ] pla C:\Windows\system32\pla.dll

18:13:30.0388 5636 pla - ok

18:13:30.0435 5636 [ 25fbdef06c4d92815b353f6e792c8129 ] PlugPlay C:\Windows\system32\umpnpmgr.dll

18:13:30.0529 5636 PlugPlay - ok

18:13:30.0544 5636 [ 7195581cec9bb7d12abe54036acc2e38 ] PNRPAutoReg C:\Windows\system32\pnrpauto.dll

18:13:30.0591 5636 PNRPAutoReg - ok

18:13:30.0622 5636 [ 3eac4455472cc2c97107b5291e0dcafe ] PNRPsvc C:\Windows\system32\pnrpsvc.dll

18:13:30.0638 5636 PNRPsvc - ok

18:13:30.0685 5636 [ 33328fa8a580885ab0065be6db266e9f ] Point64 C:\Windows\system32\DRIVERS\point64.sys

18:13:30.0763 5636 Point64 - ok

18:13:30.0825 5636 [ 4f15d75adf6156bf56eced6d4a55c389 ] PolicyAgent C:\Windows\System32\ipsecsvc.dll

18:13:30.0872 5636 PolicyAgent - ok

18:13:30.0903 5636 [ 6ba9d927dded70bd1a9caded45f8b184 ] Power C:\Windows\system32\umpo.dll

18:13:30.0966 5636 Power - ok

18:13:31.0012 5636 [ f92a2c41117a11a00be01ca01a7fcde9 ] PptpMiniport C:\Windows\system32\DRIVERS\raspptp.sys

18:13:31.0153 5636 PptpMiniport - ok

18:13:31.0184 5636 [ 0d922e23c041efb1c3fac2a6f943c9bf ] Processor C:\Windows\system32\DRIVERS\processr.sys

18:13:31.0231 5636 Processor - ok

18:13:31.0278 5636 [ 53e83f1f6cf9d62f32801cf66d8352a8 ] ProfSvc C:\Windows\system32\profsvc.dll

18:13:31.0356 5636 ProfSvc - ok

18:13:31.0371 5636 [ c118a82cd78818c29ab228366ebf81c3 ] ProtectedStorage C:\Windows\system32\lsass.exe

18:13:31.0387 5636 ProtectedStorage - ok

18:13:31.0434 5636 [ 0557cf5a2556bd58e26384169d72438d ] Psched C:\Windows\system32\DRIVERS\pacer.sys

18:13:31.0558 5636 Psched - ok

18:13:31.0574 5636 [ 4712cc14e720ecccc0aa16949d18aaf1 ] PxHlpa64 C:\Windows\system32\Drivers\PxHlpa64.sys

18:13:31.0590 5636 PxHlpa64 - ok

18:13:31.0652 5636 [ a53a15a11ebfd21077463ee2c7afeef0 ] ql2300 C:\Windows\system32\DRIVERS\ql2300.sys

18:13:31.0761 5636 ql2300 - ok

18:13:31.0792 5636 [ 4f6d12b51de1aaeff7dc58c4d75423c8 ] ql40xx C:\Windows\system32\DRIVERS\ql40xx.sys

18:13:31.0824 5636 ql40xx - ok

18:13:31.0839 5636 [ 906191634e99aea92c4816150bda3732 ] QWAVE C:\Windows\system32\qwave.dll

18:13:31.0886 5636 QWAVE - ok

18:13:31.0902 5636 [ 76707bb36430888d9ce9d705398adb6c ] QWAVEdrv C:\Windows\system32\drivers\qwavedrv.sys

18:13:31.0948 5636 QWAVEdrv - ok

18:13:31.0964 5636 [ 5a0da8ad5762fa2d91678a8a01311704 ] RasAcd C:\Windows\system32\DRIVERS\rasacd.sys

18:13:32.0026 5636 RasAcd - ok

18:13:32.0058 5636 [ 7ecff9b22276b73f43a99a15a6094e90 ] RasAgileVpn C:\Windows\system32\DRIVERS\AgileVpn.sys

18:13:32.0104 5636 RasAgileVpn - ok

18:13:32.0136 5636 [ 8f26510c5383b8dbe976de1cd00fc8c7 ] RasAuto C:\Windows\System32\rasauto.dll

18:13:32.0182 5636 RasAuto - ok

18:13:32.0229 5636 [ 471815800ae33e6f1c32fb1b97c490ca ] Rasl2tp C:\Windows\system32\DRIVERS\rasl2tp.sys

18:13:32.0323 5636 Rasl2tp - ok

18:13:32.0370 5636 [ ee867a0870fc9e4972ba9eaad35651e2 ] RasMan C:\Windows\System32\rasmans.dll

18:13:32.0463 5636 RasMan - ok

18:13:32.0479 5636 [ 855c9b1cd4756c5e9a2aa58a15f58c25 ] RasPppoe C:\Windows\system32\DRIVERS\raspppoe.sys

18:13:32.0557 5636 RasPppoe - ok

18:13:32.0588 5636 [ e8b1e447b008d07ff47d016c2b0eeecb ] RasSstp C:\Windows\system32\DRIVERS\rassstp.sys

18:13:32.0682 5636 RasSstp - ok

18:13:32.0713 5636 [ 77f665941019a1594d887a74f301fa2f ] rdbss C:\Windows\system32\DRIVERS\rdbss.sys

18:13:32.0775 5636 rdbss - ok

18:13:32.0806 5636 [ 302da2a0539f2cf54d7c6cc30c1f2d8d ] rdpbus C:\Windows\system32\DRIVERS\rdpbus.sys

18:13:32.0853 5636 rdpbus - ok

18:13:32.0884 5636 [ cea6cc257fc9b7715f1c2b4849286d24 ] RDPCDD C:\Windows\system32\DRIVERS\RDPCDD.sys

18:13:32.0947 5636 RDPCDD - ok

18:13:32.0962 5636 [ bb5971a4f00659529a5c44831af22365 ] RDPENCDD C:\Windows\system32\drivers\rdpencdd.sys

18:13:33.0040 5636 RDPENCDD - ok

18:13:33.0056 5636 [ 216f3fa57533d98e1f74ded70113177a ] RDPREFMP C:\Windows\system32\drivers\rdprefmp.sys

18:13:33.0103 5636 RDPREFMP - ok

18:13:33.0150 5636 [ e61608aa35e98999af9aaeeea6114b0a ] RDPWD C:\Windows\system32\drivers\RDPWD.sys

18:13:33.0228 5636 RDPWD - ok

18:13:33.0274 5636 [ 34ed295fa0121c241bfef24764fc4520 ] rdyboost C:\Windows\system32\drivers\rdyboost.sys

18:13:33.0306 5636 rdyboost - ok

18:13:33.0337 5636 [ 254fb7a22d74e5511c73a3f6d802f192 ] RemoteAccess C:\Windows\System32\mprdim.dll

18:13:33.0430 5636 RemoteAccess - ok

18:13:33.0462 5636 [ e4d94f24081440b5fc5aa556c7c62702 ] RemoteRegistry C:\Windows\system32\regsvc.dll

18:13:33.0524 5636 RemoteRegistry - ok

18:13:33.0571 5636 [ 5790bca445cc40df8b38c2c48608aac2 ] RimUsb C:\Windows\system32\Drivers\RimUsb_AMD64.sys

18:13:33.0680 5636 RimUsb - ok

18:13:33.0742 5636 [ c903d49655b4aae46673f0aaa6be0f58 ] RimVSerPort C:\Windows\system32\DRIVERS\RimSerial_AMD64.sys

18:13:33.0836 5636 RimVSerPort - ok

18:13:33.0883 5636 [ 388d3dd1a6457280f3badba9f3acd6b1 ] ROOTMODEM C:\Windows\system32\Drivers\RootMdm.sys

18:13:33.0945 5636 ROOTMODEM - ok

18:13:33.0976 5636 [ e4dc58cf7b3ea515ae917ff0d402a7bb ] RpcEptMapper C:\Windows\System32\RpcEpMap.dll

18:13:34.0054 5636 RpcEptMapper - ok

18:13:34.0086 5636 [ d5ba242d4cf8e384db90e6a8ed850b8c ] RpcLocator C:\Windows\system32\locator.exe

18:13:34.0148 5636 RpcLocator - ok

18:13:34.0195 5636 [ 5c627d1b1138676c0a7ab2c2c190d123 ] RpcSs C:\Windows\system32\rpcss.dll

18:13:34.0242 5636 RpcSs - ok

18:13:34.0273 5636 [ ddc86e4f8e7456261e637e3552e804ff ] rspndr C:\Windows\system32\DRIVERS\rspndr.sys

18:13:34.0366 5636 rspndr - ok

18:13:34.0413 5636 [ 4a25dc970c58104602ed274dacafd784 ] RSUSBSTOR C:\Windows\system32\Drivers\RtsUStor.sys

18:13:34.0476 5636 RSUSBSTOR - ok

18:13:34.0491 5636 [ c118a82cd78818c29ab228366ebf81c3 ] SamSs C:\Windows\system32\lsass.exe

18:13:34.0522 5636 SamSs - ok

18:13:34.0554 5636 [ ac03af3329579fffb455aa2daabbe22b ] sbp2port C:\Windows\system32\drivers\sbp2port.sys

18:13:34.0632 5636 sbp2port - ok

18:13:34.0663 5636 [ 9b7395789e3791a3b6d000fe6f8b131e ] SCardSvr C:\Windows\System32\SCardSvr.dll

18:13:34.0772 5636 SCardSvr - ok

18:13:34.0803 5636 [ 253f38d0d7074c02ff8deb9836c97d2b ] scfilter C:\Windows\system32\DRIVERS\scfilter.sys

18:13:34.0944 5636 scfilter - ok

18:13:34.0990 5636 [ 262f6592c3299c005fd6bec90fc4463a ] Schedule C:\Windows\system32\schedsvc.dll

18:13:35.0100 5636 Schedule - ok

18:13:35.0131 5636 [ f17d1d393bbc69c5322fbfafaca28c7f ] SCPolicySvc C:\Windows\System32\certprop.dll

18:13:35.0193 5636 SCPolicySvc - ok

18:13:35.0224 5636 [ 6ea4234dc55346e0709560fe7c2c1972 ] SDRSVC C:\Windows\System32\SDRSVC.dll

18:13:35.0318 5636 SDRSVC - ok

18:13:35.0349 5636 [ 3ea8a16169c26afbeb544e0e48421186 ] secdrv C:\Windows\system32\drivers\secdrv.sys

18:13:35.0396 5636 secdrv - ok

18:13:35.0427 5636 [ bc617a4e1b4fa8df523a061739a0bd87 ] seclogon C:\Windows\system32\seclogon.dll

18:13:35.0474 5636 seclogon - ok

18:13:35.0505 5636 [ c32ab8fa018ef34c0f113bd501436d21 ] SENS C:\Windows\System32\sens.dll

18:13:35.0568 5636 SENS - ok

18:13:35.0583 5636 [ 0336cffafaab87a11541f1cf1594b2b2 ] SensrSvc C:\Windows\system32\sensrsvc.dll

18:13:35.0630 5636 SensrSvc - ok

18:13:35.0661 5636 [ cb624c0035412af0debec78c41f5ca1b ] Serenum C:\Windows\system32\DRIVERS\serenum.sys

18:13:35.0692 5636 Serenum - ok

18:13:35.0724 5636 [ c1d8e28b2c2adfaec4ba89e9fda69bd6 ] Serial C:\Windows\system32\DRIVERS\serial.sys

18:13:35.0755 5636 Serial - ok

18:13:35.0786 5636 [ 1c545a7d0691cc4a027396535691c3e3 ] sermouse C:\Windows\system32\DRIVERS\sermouse.sys

18:13:35.0833 5636 sermouse - ok

18:13:35.0880 5636 [ 0b6231bf38174a1628c4ac812cc75804 ] SessionEnv C:\Windows\system32\sessenv.dll

18:13:35.0989 5636 SessionEnv - ok

18:13:36.0020 5636 [ a554811bcd09279536440c964ae35bbf ] sffdisk C:\Windows\system32\drivers\sffdisk.sys

18:13:36.0067 5636 sffdisk - ok

18:13:36.0114 5636 [ ff414f0baefeba59bc6c04b3db0b87bf ] sffp_mmc C:\Windows\system32\drivers\sffp_mmc.sys

18:13:36.0160 5636 sffp_mmc - ok

18:13:36.0192 5636 [ dd85b78243a19b59f0637dcf284da63c ] sffp_sd C:\Windows\system32\drivers\sffp_sd.sys

18:13:36.0316 5636 sffp_sd - ok

18:13:36.0348 5636 [ a9d601643a1647211a1ee2ec4e433ff4 ] sfloppy C:\Windows\system32\DRIVERS\sfloppy.sys

18:13:36.0410 5636 sfloppy - ok

18:13:36.0519 5636 [ 74ec60e20516aaa573be74f31175270f ] SftService C:\Program Files (x86)\Dell DataSafe Local Backup\sftservice.EXE

18:13:36.0566 5636 SftService - ok

18:13:36.0613 5636 [ aaf932b4011d14052955d4b212a4da8d ] ShellHWDetection C:\Windows\System32\shsvcs.dll

18:13:36.0753 5636 ShellHWDetection - ok

18:13:36.0769 5636 [ 843caf1e5fde1ffd5ff768f23a51e2e1 ] SiSRaid2 C:\Windows\system32\DRIVERS\SiSRaid2.sys

18:13:36.0800 5636 SiSRaid2 - ok

18:13:36.0816 5636 [ 6a6c106d42e9ffff8b9fcb4f754f6da4 ] SiSRaid4 C:\Windows\system32\DRIVERS\sisraid4.sys

18:13:36.0831 5636 SiSRaid4 - ok

18:13:36.0894 5636 [ 548260a7b8654e024dc30bf8a7c5baa4 ] Smb C:\Windows\system32\DRIVERS\smb.sys

18:13:36.0956 5636 Smb - ok

18:13:36.0987 5636 [ 6313f223e817cc09aa41811daa7f541d ] SNMPTRAP C:\Windows\System32\snmptrap.exe

18:13:37.0034 5636 SNMPTRAP - ok

18:13:37.0050 5636 [ b9e31e5cacdfe584f34f730a677803f9 ] spldr C:\Windows\system32\drivers\spldr.sys

18:13:37.0081 5636 spldr - ok

18:13:37.0112 5636 [ b96c17b5dc1424d56eea3a99e97428cd ] Spooler C:\Windows\System32\spoolsv.exe

18:13:37.0174 5636 Spooler - ok

18:13:37.0299 5636 [ e17e0188bb90fae42d83e98707efa59c ] sppsvc C:\Windows\system32\sppsvc.exe

18:13:37.0393 5636 sppsvc - ok

18:13:37.0408 5636 [ 93d7d61317f3d4bc4f4e9f8a96a7de45 ] sppuinotify C:\Windows\system32\sppuinotify.dll

18:13:37.0471 5636 sppuinotify - ok

18:13:37.0518 5636 [ 441fba48bff01fdb9d5969ebc1838f0b ] srv C:\Windows\system32\DRIVERS\srv.sys

18:13:37.0580 5636 srv - ok

18:13:37.0611 5636 [ b4adebbf5e3677cce9651e0f01f7cc28 ] srv2 C:\Windows\system32\DRIVERS\srv2.sys

18:13:37.0642 5636 srv2 - ok

18:13:37.0658 5636 [ 27e461f0be5bff5fc737328f749538c3 ] srvnet C:\Windows\system32\DRIVERS\srvnet.sys

18:13:37.0689 5636 srvnet - ok

18:13:37.0720 5636 [ 51b52fbd583cde8aa9ba62b8b4298f33 ] SSDPSRV C:\Windows\System32\ssdpsrv.dll

18:13:37.0767 5636 SSDPSRV - ok

18:13:37.0783 5636 [ ab7aebf58dad8daab7a6c45e6a8885cb ] SstpSvc C:\Windows\system32\sstpsvc.dll

18:13:37.0845 5636 SstpSvc - ok

18:13:37.0954 5636 [ 444109453a2b87e6c16bcda5953e81a9 ] STacSV C:\Windows\System32\DriverStore\FileRepository\stwrt64.inf_amd64_neutral_afc3018f8cfedd20\STacSV64.exe

18:13:38.0017 5636 STacSV - ok

18:13:38.0048 5636 [ f3817967ed533d08327dc73bc4d5542a ] stexstor C:\Windows\system32\DRIVERS\stexstor.sys

18:13:38.0095 5636 stexstor - ok

18:13:38.0110 5636 [ 02e784fa49032f84964db90a3ed81890 ] STHDA C:\Windows\system32\DRIVERS\stwrt64.sys

18:13:38.0204 5636 STHDA - ok

18:13:38.0266 5636 [ 8dd52e8e6128f4b2da92ce27402871c1 ] stisvc C:\Windows\System32\wiaservc.dll

18:13:38.0360 5636 stisvc - ok

18:13:38.0407 5636 [ d01ec09b6711a5f8e7e6564a4d0fbc90 ] swenum C:\Windows\system32\drivers\swenum.sys

18:13:38.0438 5636 swenum - ok

18:13:38.0485 5636 [ e08e46fdd841b7184194011ca1955a0b ] swprv C:\Windows\System32\swprv.dll

18:13:38.0547 5636 swprv - ok

18:13:38.0625 5636 [ bf9ccc0bf39b418c8d0ae8b05cf95b7d ] SysMain C:\Windows\system32\sysmain.dll

18:13:38.0734 5636 SysMain - ok

18:13:38.0781 5636 [ e3c61fd7b7c2557e1f1b0b4cec713585 ] TabletInputService C:\Windows\System32\TabSvc.dll

18:13:38.0890 5636 TabletInputService - ok

18:13:38.0937 5636 [ 40f0849f65d13ee87b9a9ae3c1dd6823 ] TapiSrv C:\Windows\System32\tapisrv.dll

18:13:39.0046 5636 TapiSrv - ok

18:13:39.0078 5636 [ 1be03ac720f4d302ea01d40f588162f6 ] TBS C:\Windows\System32\tbssvc.dll

18:13:39.0124 5636 TBS - ok

18:13:39.0218 5636 [ acb82bda8f46c84f465c1afa517dc4b9 ] Tcpip C:\Windows\system32\drivers\tcpip.sys

18:13:39.0312 5636 Tcpip - ok

18:13:39.0374 5636 [ acb82bda8f46c84f465c1afa517dc4b9 ] TCPIP6 C:\Windows\system32\DRIVERS\tcpip.sys

18:13:39.0421 5636 TCPIP6 - ok

18:13:39.0468 5636 [ df687e3d8836bfb04fcc0615bf15a519 ] tcpipreg C:\Windows\system32\drivers\tcpipreg.sys

18:13:39.0546 5636 tcpipreg - ok

18:13:39.0577 5636 [ 3371d21011695b16333a3934340c4e7c ] TDPIPE C:\Windows\system32\drivers\tdpipe.sys

18:13:39.0655 5636 TDPIPE - ok

18:13:39.0686 5636 [ 51c5eceb1cdee2468a1748be550cfbc8 ] TDTCP C:\Windows\system32\drivers\tdtcp.sys

18:13:39.0733 5636 TDTCP - ok

18:13:39.0764 5636 [ ddad5a7ab24d8b65f8d724f5c20fd806 ] tdx C:\Windows\system32\DRIVERS\tdx.sys

18:13:39.0826 5636 tdx - ok

18:13:39.0858 5636 [ 561e7e1f06895d78de991e01dd0fb6e5 ] TermDD C:\Windows\system32\drivers\termdd.sys

18:13:39.0889 5636 TermDD - ok

18:13:39.0920 5636 [ 2e648163254233755035b46dd7b89123 ] TermService C:\Windows\System32\termsrv.dll

18:13:39.0998 5636 TermService - ok

18:13:40.0029 5636 [ f0344071948d1a1fa732231785a0664c ] Themes C:\Windows\system32\themeservice.dll

18:13:40.0060 5636 Themes - ok

18:13:40.0092 5636 [ e40e80d0304a73e8d269f7141d77250b ] THREADORDER C:\Windows\system32\mmcss.dll

18:13:40.0154 5636 THREADORDER - ok

18:13:40.0170 5636 [ 7e7afd841694f6ac397e99d75cead49d ] TrkWks C:\Windows\System32\trkwks.dll

18:13:40.0216 5636 TrkWks - ok

18:13:40.0279 5636 [ 773212b2aaa24c1e31f10246b15b276c ] TrustedInstaller C:\Windows\servicing\TrustedInstaller.exe

18:13:40.0341 5636 TrustedInstaller - ok

18:13:40.0404 5636 [ ce18b2cdfc837c99e5fae9ca6cba5d30 ] tssecsrv C:\Windows\system32\DRIVERS\tssecsrv.sys

18:13:40.0482 5636 tssecsrv - ok

18:13:40.0528 5636 [ d11c783e3ef9a3c52c0ebe83cc5000e9 ] TsUsbFlt C:\Windows\system32\drivers\tsusbflt.sys

18:13:40.0622 5636 TsUsbFlt - ok

18:13:40.0669 5636 [ 3566a8daafa27af944f5d705eaa64894 ] tunnel C:\Windows\system32\DRIVERS\tunnel.sys

18:13:40.0731 5636 tunnel - ok

18:13:40.0747 5636 [ b4dd609bd7e282bfc683cec7eaaaad67 ] uagp35 C:\Windows\system32\DRIVERS\uagp35.sys

18:13:40.0778 5636 uagp35 - ok

18:13:40.0825 5636 [ ff4232a1a64012baa1fd97c7b67df593 ] udfs C:\Windows\system32\DRIVERS\udfs.sys

18:13:40.0872 5636 udfs - ok

18:13:40.0903 5636 [ 3cbdec8d06b9968aba702eba076364a1 ] UI0Detect C:\Windows\system32\UI0Detect.exe

18:13:40.0934 5636 UI0Detect - ok

18:13:40.0996 5636 [ 4bfe1bc28391222894cbf1e7d0e42320 ] uliagpkx C:\Windows\system32\drivers\uliagpkx.sys

18:13:41.0028 5636 uliagpkx - ok

18:13:41.0059 5636 [ dc54a574663a895c8763af0fa1ff7561 ] umbus C:\Windows\system32\drivers\umbus.sys

18:13:41.0090 5636 umbus - ok

18:13:41.0121 5636 [ b2e8e8cb557b156da5493bbddcc1474d ] UmPass C:\Windows\system32\DRIVERS\umpass.sys

18:13:41.0152 5636 UmPass - ok

18:13:41.0184 5636 [ d47ec6a8e81633dd18d2436b19baf6de ] upnphost C:\Windows\System32\upnphost.dll

18:13:41.0262 5636 upnphost - ok

18:13:41.0308 5636 [ 54d4b48d443e7228bf64cf7cdc3118ac ] USBAAPL64 C:\Windows\system32\Drivers\usbaapl64.sys

18:13:41.0324 5636 USBAAPL64 ( UnsignedFile.Multi.Generic ) - warning

18:13:41.0324 5636 USBAAPL64 - detected UnsignedFile.Multi.Generic (1)

18:13:41.0355 5636 [ 6f1a3157a1c89435352ceb543cdb359c ] usbccgp C:\Windows\system32\DRIVERS\usbccgp.sys

18:13:41.0433 5636 usbccgp - ok

18:13:41.0464 5636 [ af0892a803fdda7492f595368e3b68e7 ] usbcir C:\Windows\system32\drivers\usbcir.sys

18:13:41.0496 5636 usbcir - ok

18:13:41.0527 5636 [ c025055fe7b87701eb042095df1a2d7b ] usbehci C:\Windows\system32\DRIVERS\usbehci.sys

18:13:41.0574 5636 usbehci - ok

18:13:41.0636 5636 [ 287c6c9410b111b68b52ca298f7b8c24 ] usbhub C:\Windows\system32\DRIVERS\usbhub.sys

18:13:41.0683 5636 usbhub - ok

18:13:41.0714 5636 [ 9840fc418b4cbd632d3d0a667a725c31 ] usbohci C:\Windows\system32\drivers\usbohci.sys

18:13:41.0745 5636 usbohci - ok

18:13:41.0776 5636 [ 73188f58fb384e75c4063d29413cee3d ] usbprint C:\Windows\system32\DRIVERS\usbprint.sys

18:13:41.0823 5636 usbprint - ok

18:13:41.0870 5636 [ aaa2513c8aed8b54b189fd0c6b1634c0 ] usbscan C:\Windows\system32\DRIVERS\usbscan.sys

18:13:41.0932 5636 usbscan - ok

18:13:41.0964 5636 [ fed648b01349a3c8395a5169db5fb7d6 ] USBSTOR C:\Windows\system32\drivers\USBSTOR.SYS

18:13:42.0042 5636 USBSTOR - ok

18:13:42.0073 5636 [ 62069a34518bcf9c1fd9e74b3f6db7cd ] usbuhci C:\Windows\system32\DRIVERS\usbuhci.sys

18:13:42.0120 5636 usbuhci - ok

18:13:42.0166 5636 [ 454800c2bc7f3927ce030141ee4f4c50 ] usbvideo C:\Windows\System32\Drivers\usbvideo.sys

18:13:42.0213 5636 usbvideo - ok

18:13:42.0229 5636 [ edbb23cbcf2cdf727d64ff9b51a6070e ] UxSms C:\Windows\System32\uxsms.dll

18:13:42.0307 5636 UxSms - ok

18:13:42.0322 5636 [ c118a82cd78818c29ab228366ebf81c3 ] VaultSvc C:\Windows\system32\lsass.exe

18:13:42.0338 5636 VaultSvc - ok

18:13:42.0385 5636 [ c5c876ccfc083ff3b128f933823e87bd ] vdrvroot C:\Windows\system32\drivers\vdrvroot.sys

18:13:42.0416 5636 vdrvroot - ok

18:13:42.0478 5636 [ 8d6b481601d01a456e75c3210f1830be ] vds C:\Windows\System32\vds.exe

18:13:42.0588 5636 vds - ok

18:13:42.0619 5636 [ da4da3f5e02943c2dc8c6ed875de68dd ] vga C:\Windows\system32\DRIVERS\vgapnp.sys

18:13:42.0650 5636 vga - ok

18:13:42.0666 5636 [ 53e92a310193cb3c03bea963de7d9cfc ] VgaSave C:\Windows\System32\drivers\vga.sys

18:13:42.0712 5636 VgaSave - ok

18:13:42.0744 5636 [ 2ce2df28c83aeaf30084e1b1eb253cbb ] vhdmp C:\Windows\system32\drivers\vhdmp.sys

18:13:42.0775 5636 vhdmp - ok

18:13:42.0822 5636 [ e5689d93ffe4e5d66c0178761240dd54 ] viaide C:\Windows\system32\drivers\viaide.sys

18:13:42.0853 5636 viaide - ok

18:13:42.0900 5636 [ d2aafd421940f640b407aefaaebd91b0 ] volmgr C:\Windows\system32\drivers\volmgr.sys

18:13:42.0915 5636 volmgr - ok

18:13:42.0962 5636 [ a255814907c89be58b79ef2f189b843b ] volmgrx C:\Windows\system32\drivers\volmgrx.sys

18:13:42.0993 5636 volmgrx - ok

18:13:43.0071 5636 [ 0d08d2f3b3ff84e433346669b5e0f639 ] volsnap C:\Windows\system32\drivers\volsnap.sys

18:13:43.0087 5636 volsnap - ok

18:13:43.0134 5636 [ 5e2016ea6ebaca03c04feac5f330d997 ] vsmraid C:\Windows\system32\DRIVERS\vsmraid.sys

18:13:43.0149 5636 vsmraid - ok

18:13:43.0227 5636 [ b60ba0bc31b0cb414593e169f6f21cc2 ] VSS C:\Windows\system32\vssvc.exe

18:13:43.0305 5636 VSS - ok

18:13:43.0321 5636 [ 36d4720b72b5c5d9cb2b9c29e9df67a1 ] vwifibus C:\Windows\system32\DRIVERS\vwifibus.sys

18:13:43.0368 5636 vwifibus - ok

18:13:43.0399 5636 [ 6a3d66263414ff0d6fa754c646612f3f ] vwififlt C:\Windows\system32\DRIVERS\vwififlt.sys

18:13:43.0461 5636 vwififlt - ok

18:13:43.0492 5636 [ 1c9d80cc3849b3788048078c26486e1a ] W32Time C:\Windows\system32\w32time.dll

18:13:43.0555 5636 W32Time - ok

18:13:43.0586 5636 [ 4e9440f4f152a7b944cb1663d3935a3e ] WacomPen C:\Windows\system32\DRIVERS\wacompen.sys

18:13:43.0617 5636 WacomPen - ok

18:13:43.0680 5636 [ 356afd78a6ed4457169241ac3965230c ] WANARP C:\Windows\system32\DRIVERS\wanarp.sys

18:13:43.0726 5636 WANARP - ok

18:13:43.0758 5636 [ 356afd78a6ed4457169241ac3965230c ] Wanarpv6 C:\Windows\system32\DRIVERS\wanarp.sys

18:13:43.0820 5636 Wanarpv6 - ok

18:13:43.0882 5636 [ 3cec96de223e49eaae3651fcf8faea6c ] WatAdminSvc C:\Windows\system32\Wat\WatAdminSvc.exe

18:13:44.0038 5636 WatAdminSvc - ok

18:13:44.0132 5636 [ 78f4e7f5c56cb9716238eb57da4b6a75 ] wbengine C:\Windows\system32\wbengine.exe

18:13:44.0304 5636 wbengine - ok

18:13:44.0350 5636 [ 3aa101e8edab2db4131333f4325c76a3 ] WbioSrvc C:\Windows\System32\wbiosrvc.dll

18:13:44.0382 5636 WbioSrvc - ok

18:13:44.0428 5636 [ 7368a2afd46e5a4481d1de9d14848edd ] wcncsvc C:\Windows\System32\wcncsvc.dll

18:13:44.0491 5636 wcncsvc - ok

18:13:44.0506 5636 [ 20f7441334b18cee52027661df4a6129 ] WcsPlugInService C:\Windows\System32\WcsPlugInService.dll

18:13:44.0569 5636 WcsPlugInService - ok

18:13:44.0600 5636 [ 72889e16ff12ba0f235467d6091b17dc ] Wd C:\Windows\system32\DRIVERS\wd.sys

18:13:44.0616 5636 Wd - ok

18:13:44.0647 5636 [ 441bd2d7b4f98134c3a4f9fa570fd250 ] Wdf01000 C:\Windows\system32\drivers\Wdf01000.sys

18:13:44.0694 5636 Wdf01000 - ok

18:13:44.0725 5636 [ bf1fc3f79b863c914687a737c2f3d681 ] WdiServiceHost C:\Windows\system32\wdi.dll

18:13:44.0818 5636 WdiServiceHost - ok

18:13:44.0834 5636 [ bf1fc3f79b863c914687a737c2f3d681 ] WdiSystemHost C:\Windows\system32\wdi.dll

18:13:44.0850 5636 WdiSystemHost - ok

18:13:44.0896 5636 [ 3db6d04e1c64272f8b14eb8bc4616280 ] WebClient C:\Windows\System32\webclnt.dll

18:13:44.0990 5636 WebClient - ok

18:13:45.0021 5636 [ c749025a679c5103e575e3b48e092c43 ] Wecsvc C:\Windows\system32\wecsvc.dll

18:13:45.0115 5636 Wecsvc - ok

18:13:45.0130 5636 [ 7e591867422dc788b9e5bd337a669a08 ] wercplsupport C:\Windows\System32\wercplsupport.dll

18:13:45.0193 5636 wercplsupport - ok

18:13:45.0224 5636 [ 6d137963730144698cbd10f202e9f251 ] WerSvc C:\Windows\System32\WerSvc.dll

18:13:45.0302 5636 WerSvc - ok

18:13:45.0349 5636 [ 611b23304bf067451a9fdee01fbdd725 ] WfpLwf C:\Windows\system32\DRIVERS\wfplwf.sys

18:13:45.0396 5636 WfpLwf - ok

18:13:45.0458 5636 [ b14ef15bd757fa488f9c970eee9c0d35 ] WimFltr C:\Windows\system32\DRIVERS\wimfltr.sys

18:13:45.0474 5636 WimFltr - ok

18:13:45.0505 5636 [ 05ecaec3e4529a7153b3136ceb49f0ec ] WIMMount C:\Windows\system32\drivers\wimmount.sys

18:13:45.0520 5636 WIMMount - ok

18:13:45.0552 5636 WinHttpAutoProxySvc - ok

18:13:45.0630 5636 [ 19b07e7e8915d701225da41cb3877306 ] Winmgmt C:\Windows\system32\wbem\WMIsvc.dll

18:13:45.0692 5636 Winmgmt - ok

18:13:45.0801 5636 [ bcb1310604aa415c4508708975b3931e ] WinRM C:\Windows\system32\WsmSvc.dll

18:13:46.0066 5636 WinRM - ok

18:13:46.0160 5636 [ 4fada86e62f18a1b2f42ba18ae24e6aa ] Wlansvc C:\Windows\System32\wlansvc.dll

18:13:46.0238 5636 Wlansvc - ok

18:13:46.0332 5636 [ 13b0a570e1ae451c92da550085d72cf3 ] wltrysvc C:\Program Files\Dell\Dell Wireless WLAN Card\WLTRYSVC.EXE

18:13:46.0347 5636 wltrysvc ( UnsignedFile.Multi.Generic ) - warning

18:13:46.0347 5636 wltrysvc - detected UnsignedFile.Multi.Generic (1)

18:13:46.0394 5636 [ f6ff8944478594d0e414d3f048f0d778 ] WmiAcpi C:\Windows\system32\drivers\wmiacpi.sys

18:13:46.0425 5636 WmiAcpi - ok

18:13:46.0488 5636 [ 38b84c94c5a8af291adfea478ae54f93 ] wmiApSrv C:\Windows\system32\wbem\WmiApSrv.exe

18:13:46.0550 5636 wmiApSrv - ok

18:13:46.0581 5636 WMPNetworkSvc - ok

18:13:46.0612 5636 [ 96c6e7100d724c69fcf9e7bf590d1dca ] WPCSvc C:\Windows\System32\wpcsvc.dll

18:13:46.0675 5636 WPCSvc - ok

18:13:46.0722 5636 [ 93221146d4ebbf314c29b23cd6cc391d ] WPDBusEnum C:\Windows\system32\wpdbusenum.dll

18:13:46.0768 5636 WPDBusEnum - ok

18:13:46.0800 5636 [ 6bcc1d7d2fd2453957c5479a32364e52 ] ws2ifsl C:\Windows\system32\drivers\ws2ifsl.sys

18:13:46.0847 5636 ws2ifsl - ok

18:13:46.0847 5636 WSearch - ok

18:13:46.0910 5636 [ d3381dc54c34d79b22cee0d65ba91b7c ] WudfPf C:\Windows\system32\drivers\WudfPf.sys

18:13:46.0988 5636 WudfPf - ok

18:13:47.0019 5636 [ cf8d590be3373029d57af80914190682 ] WUDFRd C:\Windows\system32\DRIVERS\WUDFRd.sys

18:13:47.0066 5636 WUDFRd - ok

18:13:47.0097 5636 [ 7a95c95b6c4cf292d689106bcae49543 ] wudfsvc C:\Windows\System32\WUDFSvc.dll

18:13:47.0175 5636 wudfsvc - ok

18:13:47.0222 5636 [ 9a3452b3c2a46c073166c5cf49fad1ae ] WwanSvc C:\Windows\System32\wwansvc.dll

18:13:47.0284 5636 WwanSvc - ok

18:13:47.0331 5636 [ 79d9ce9614c955dd31aa2556b4014662 ] yukonw7 C:\Windows\system32\DRIVERS\yk62x64.sys

18:13:47.0440 5636 yukonw7 - ok

18:13:47.0456 5636 ================ Scan global ===============================

18:13:47.0487 5636 (ba0cd8c393e8c9f83354106093832c7b) C:\Windows\system32\basesrv.dll

18:13:47.0518 5636 (eb6a48cc998e1090e44e8e7f1009a640) C:\Windows\system32\winsrv.dll

18:13:47.0549 5636 (eb6a48cc998e1090e44e8e7f1009a640) C:\Windows\system32\winsrv.dll

18:13:47.0581 5636 (d6160f9d869ba3af0b787f971db56368) C:\Windows\system32\sxssrv.dll

18:13:47.0627 5636 (014a9cb92514e27c0107614df764bc06) C:\Windows\system32\services.exe

18:13:47.0627 5636 C:\Windows\system32\services.exe ( Virus.Win64.ZAccess.b ) - infected

18:13:47.0627 5636 C:\Windows\system32\services.exe - detected Virus.Win64.ZAccess.b (0)

18:13:47.0627 5636 ================ Scan MBR ==================================

18:13:47.0659 5636 MBR (0x1B8) (a36c5e4f47e84449ff07ed3517b43a31) \Device\Harddisk0\DR0

18:13:47.0659 5636 Suspicious mbr (Forged): \Device\Harddisk0\DR0

18:13:47.0721 5636 \Device\Harddisk0\DR0 ( Rootkit.Boot.Pihar.c ) - infected

18:13:47.0721 5636 \Device\Harddisk0\DR0 - detected Rootkit.Boot.Pihar.c (0)

18:13:47.0783 5636 \Device\Harddisk0\DR0 ( TDSS File System ) - warning

18:13:47.0783 5636 \Device\Harddisk0\DR0 - detected TDSS File System (1)

18:13:47.0799 5636 MBR (0x1B8) (671b81004fdd1588fa9ed1331c9ceca9) \Device\Harddisk1\DR1

18:13:47.0939 5636 \Device\Harddisk1\DR1 - ok

18:13:47.0939 5636 ================ Scan VBR ==================================

18:13:47.0939 5636 Boot (0x1200) (ce1660b4a78827026eab557be1bfe095) \Device\Harddisk0\DR0\Partition1

18:13:47.0939 5636 \Device\Harddisk0\DR0\Partition1 - ok

18:13:47.0986 5636 Boot (0x1200) (4eb64c46782b52d213573077d5291b6d) \Device\Harddisk0\DR0\Partition2

18:13:47.0986 5636 \Device\Harddisk0\DR0\Partition2 - ok

18:13:47.0986 5636 Boot (0x1200) (32d87aba66365c6c4e0b4978295782b2) \Device\Harddisk1\DR1\Partition1

18:13:47.0986 5636 \Device\Harddisk1\DR1\Partition1 - ok

18:13:47.0986 5636 ============================================================

18:13:47.0986 5636 Scan finished

18:13:47.0986 5636 ============================================================

18:13:48.0017 4412 Detected object count: 7

18:13:48.0017 4412 Actual detected object count: 7

18:15:19.0106 4412 DockLoginService ( UnsignedFile.Multi.Generic ) - skipped by user

18:15:19.0106 4412 DockLoginService ( UnsignedFile.Multi.Generic ) - User select action: Skip

18:15:19.0106 4412 FLEXnet Licensing Service ( UnsignedFile.Multi.Generic ) - skipped by user

18:15:19.0106 4412 FLEXnet Licensing Service ( UnsignedFile.Multi.Generic ) - User select action: Skip

18:15:19.0106 4412 USBAAPL64 ( UnsignedFile.Multi.Generic ) - skipped by user

18:15:19.0106 4412 USBAAPL64 ( UnsignedFile.Multi.Generic ) - User select action: Skip

18:15:19.0106 4412 wltrysvc ( UnsignedFile.Multi.Generic ) - skipped by user

18:15:19.0106 4412 wltrysvc ( UnsignedFile.Multi.Generic ) - User select action: Skip

18:15:19.0215 4412 C:\Windows\system32\services.exe - copied to quarantine

18:15:20.0089 4412 C:\Windows\assembly\GAC_32\desktop.ini - copied to quarantine

18:15:20.0167 4412 C:\Windows\assembly\GAC_64\desktop.ini - copied to quarantine

18:15:20.0182 4412 C:\Windows\installer\{0f765e1d-3107-d985-aee4-a536c6c4a8a0}\@ - copied to quarantine

18:15:20.0198 4412 C:\Windows\installer\{0f765e1d-3107-d985-aee4-a536c6c4a8a0}\L\00000004.@ - copied to quarantine

18:15:20.0198 4412 C:\Windows\installer\{0f765e1d-3107-d985-aee4-a536c6c4a8a0}\L\201d3dde - copied to quarantine

18:15:20.0198 4412 C:\Windows\installer\{0f765e1d-3107-d985-aee4-a536c6c4a8a0}\U\00000004.@ - copied to quarantine

18:15:20.0214 4412 C:\Windows\installer\{0f765e1d-3107-d985-aee4-a536c6c4a8a0}\U\00000008.@ - copied to quarantine

18:15:20.0214 4412 C:\Windows\installer\{0f765e1d-3107-d985-aee4-a536c6c4a8a0}\U\000000cb.@ - copied to quarantine

18:15:20.0214 4412 C:\Windows\installer\{0f765e1d-3107-d985-aee4-a536c6c4a8a0}\U\80000000.@ - copied to quarantine

18:15:20.0214 4412 C:\Windows\installer\{0f765e1d-3107-d985-aee4-a536c6c4a8a0}\U\80000032.@ - copied to quarantine

18:15:20.0214 4412 C:\Windows\installer\{0f765e1d-3107-d985-aee4-a536c6c4a8a0}\U\80000064.@ - copied to quarantine

18:15:40.0433 4412 Backup copy found, using it..

18:15:40.0511 4412 C:\Windows\assembly\GAC_32\desktop.ini - will be deleted on reboot

18:15:40.0511 4412 C:\Windows\assembly\GAC_64\desktop.ini - will be deleted on reboot

18:15:40.0527 4412 C:\Windows\installer\{0f765e1d-3107-d985-aee4-a536c6c4a8a0}\@ - will be deleted on reboot

18:15:40.0527 4412 C:\Windows\installer\{0f765e1d-3107-d985-aee4-a536c6c4a8a0}\U\00000004.@ - will be deleted on reboot

18:15:40.0527 4412 C:\Windows\installer\{0f765e1d-3107-d985-aee4-a536c6c4a8a0}\U\00000008.@ - will be deleted on reboot

18:15:40.0527 4412 C:\Windows\installer\{0f765e1d-3107-d985-aee4-a536c6c4a8a0}\U\000000cb.@ - will be deleted on reboot

18:15:40.0527 4412 C:\Windows\installer\{0f765e1d-3107-d985-aee4-a536c6c4a8a0}\U\80000000.@ - will be deleted on reboot

18:15:40.0527 4412 C:\Windows\installer\{0f765e1d-3107-d985-aee4-a536c6c4a8a0}\U\80000032.@ - will be deleted on reboot

18:15:40.0527 4412 C:\Windows\installer\{0f765e1d-3107-d985-aee4-a536c6c4a8a0}\U\80000064.@ - will be deleted on reboot

18:15:40.0542 4412 C:\Windows\system32\services.exe - will be cured on reboot

18:15:40.0542 4412 C:\Windows\system32\services.exe ( Virus.Win64.ZAccess.b ) - User select action: Cure

18:15:41.0385 4412 \Device\Harddisk0\DR0\# - copied to quarantine

18:15:41.0385 4412 \Device\Harddisk0\DR0 - copied to quarantine

18:15:41.0463 4412 \Device\Harddisk0\DR0\TDLFS\cmd64.dll - copied to quarantine

18:15:41.0478 4412 \Device\Harddisk0\DR0\TDLFS\sub.dll - copied to quarantine

18:15:41.0478 4412 \Device\Harddisk0\DR0\TDLFS\subx.dll - copied to quarantine

18:15:41.0525 4412 \Device\Harddisk0\DR0\TDLFS\drv32 - copied to quarantine

18:15:41.0541 4412 \Device\Harddisk0\DR0\TDLFS\drv64 - copied to quarantine

18:15:41.0541 4412 \Device\Harddisk0\DR0\TDLFS\servers.dat - copied to quarantine

18:15:41.0541 4412 \Device\Harddisk0\DR0\TDLFS\config.ini - copied to quarantine

18:15:41.0556 4412 \Device\Harddisk0\DR0\TDLFS\ldr16 - copied to quarantine

18:15:41.0556 4412 \Device\Harddisk0\DR0\TDLFS\ldr32 - copied to quarantine

18:15:41.0556 4412 \Device\Harddisk0\DR0\TDLFS\ldr64 - copied to quarantine

18:15:41.0572 4412 \Device\Harddisk0\DR0\TDLFS\s - copied to quarantine

18:15:41.0572 4412 \Device\Harddisk0\DR0\TDLFS\ldrm - copied to quarantine

18:15:41.0572 4412 \Device\Harddisk0\DR0\TDLFS\u - copied to quarantine

18:15:41.0603 4412 \Device\Harddisk0\DR0 ( Rootkit.Boot.Pihar.c ) - will be cured on reboot

18:15:41.0603 4412 \Device\Harddisk0\DR0 - ok

18:15:41.0728 4412 \Device\Harddisk0\DR0 ( Rootkit.Boot.Pihar.c ) - User select action: Cure

18:15:41.0728 4412 \Device\Harddisk0\DR0 ( TDSS File System ) - skipped by user

18:15:41.0728 4412 \Device\Harddisk0\DR0 ( TDSS File System ) - User select action: Skip

18:15:49.0076 6112 Deinitialize success

****** MBAM ******************************************************

Malwarebytes Anti-Malware (PRO) 1.62.0.1300

www.malwarebytes.org

Database version: v2012.08.19.07

Windows 7 Service Pack 1 x64 NTFS

Internet Explorer 9.0.8112.16421

kmwordsmith :: ROHAN [administrator]

Protection: Enabled

8/19/2012 6:29:31 PM

mbam-log-2012-08-19 (18-29-31).txt

Scan type: Quick scan

Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM

Scan options disabled: P2P

Objects scanned: 198385

Time elapsed: 6 minute(s), 14 second(s)

Memory Processes Detected: 0

(No malicious items detected)

Memory Modules Detected: 0

(No malicious items detected)

Registry Keys Detected: 0

(No malicious items detected)

Registry Values Detected: 0

(No malicious items detected)

Registry Data Items Detected: 0

(No malicious items detected)

Folders Detected: 0

(No malicious items detected)

Files Detected: 0

(No malicious items detected)

(end)

Link to post
Share on other sites
dmar2012

dmar2012

Posted
  • Author
Posted

And here is the DDS log. Thanks again.

****** DDS **********

.

DDS (Ver_2011-08-26.01) - NTFSAMD64

Internet Explorer: 9.0.8112.16421

Run by kmwordsmith at 18:40:01 on 2012-08-19

Microsoft Windows 7 Home Premium 6.1.7601.1.1252.1.1033.18.4056.2655 [GMT -4:00]

.

AV: McAfee Anti-Virus and Anti-Spyware *Enabled/Updated* {86355677-4064-3EA7-ABB3-1B136EB04637}

SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

SP: McAfee Anti-Virus and Anti-Spyware *Enabled/Updated* {3D54B793-665E-3129-9103-206115370C8A}

FW: McAfee Firewall *Enabled* {BE0ED752-0A0B-3FFF-80EC-B2269063014C}

.

============== Running Processes ===============

.

C:\Windows\system32\wininit.exe

C:\Windows\system32\lsm.exe

C:\Windows\system32\svchost.exe -k DcomLaunch

C:\Windows\system32\svchost.exe -k RPCSS

C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted

C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted

C:\Windows\system32\svchost.exe -k netsvcs

C:\Windows\System32\DriverStore\FileRepository\stwrt64.inf_amd64_neutral_afc3018f8cfedd20\STacSV64.exe

C:\Windows\system32\svchost.exe -k LocalService

C:\Program Files\Dell\DellDock\DockLogin.exe

C:\Windows\system32\svchost.exe -k NetworkService

C:\Program Files\Dell\Dell Wireless WLAN Card\WLTRYSVC.EXE

C:\Windows\system32\WLANExt.exe

C:\Windows\system32\conhost.exe

C:\Program Files\Dell\Dell Wireless WLAN Card\bcmwltry.exe

C:\Windows\System32\spoolsv.exe

C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe

C:\Windows\system32\taskhost.exe

C:\Windows\system32\Dwm.exe

C:\Windows\Explorer.EXE

C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe

C:\Program Files (x86)\Microsoft\BingBar\BBSvc.EXE

C:\Program Files (x86)\Microsoft\BingBar\SeaPort.EXE

C:\Program Files\Bonjour\mDNSResponder.exe

C:\Windows\System32\svchost.exe -k LocalServiceNoNetwork

C:\Program Files (x86)\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE

C:\Program Files\Common Files\McAfee\SystemCore\mfevtps.exe

C:\Program Files (x86)\Dell DataSafe Local Backup\sftservice.EXE

C:\Windows\system32\svchost.exe -k imgsvc

C:\Program Files\Common Files\McAfee\SystemCore\mcshield.exe

C:\Program Files\Common Files\McAfee\SystemCore\mfefire.exe

C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\IAANTMon.exe

C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe

C:\Program Files (x86)\Dell DataSafe Local Backup\TOASTER.EXE

C:\Program Files (x86)\Dell DataSafe Local Backup\COMPONENTS\SCHEDULER\STSERVICE.EXE

C:\Program Files (x86)\Dell DataSafe Local Backup\Components\DSUpdate\DSUpd.exe

C:\Program Files\DellTPad\Apoint.exe

C:\Program Files\IDT\WDM\sttray64.exe

C:\WINDOWS\System32\igfxtray.exe

C:\WINDOWS\System32\hkcmd.exe

C:\WINDOWS\System32\igfxpers.exe

C:\Program Files\Dell\Dell Wireless WLAN Card\WLTRAY.EXE

C:\Program Files\Dell\QuickSet\quickset.exe

C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\IAAnotif.exe

C:\Program Files\Microsoft IntelliPoint\ipoint.exe

C:\Users\kmwordsmith\AppData\Local\LearnPulse\Screenpresso\Screenpresso.exe

C:\Program Files (x86)\Common Files\Apple\Internet Services\ubd.exe

C:\Program Files (x86)\McAfee Security Scan\2.1.121\SSScheduler.exe

C:\Windows\system32\wbem\wmiprvse.exe

C:\Program Files (x86)\CyberLink\PowerDVD DX\PDVDDXSrv.exe

C:\Program Files (x86)\Dell Webcam\Dell Webcam Central\WebcamDell2.exe

C:\Program Files (x86)\Roxio\Roxio Burn\RoxioBurnLauncher.exe

C:\Program Files (x86)\Common Files\Research In Motion\Auto Update\RIMAutoUpdate.exe

C:\Program Files\DellTPad\ApMsgFwd.exe

C:\Program Files\DellTPad\Apntex.exe

C:\Windows\system32\conhost.exe

C:\Program Files\DellTPad\HidFind.exe

C:\Windows\system32\igfxsrvc.exe

C:\Program Files\McAfee.com\Agent\mcagent.exe

C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe

C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe

C:\Program Files (x86)\iTunes\iTunesHelper.exe

C:\Program Files (x86)\PDFCreator\PDFCreator.exe

C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe

C:\Program Files (x86)\Common Files\Apple\Apple Application Support\distnoted.exe

C:\Windows\system32\conhost.exe

C:\Program Files\iPod\bin\iPodService.exe

C:\Program Files\Dell\DellDock\DellDock.exe

C:\Windows\system32\SearchIndexer.exe

C:\Program Files\Windows Media Player\wmpnetwk.exe

C:\Users\kmwordsmith\AppData\Roaming\Dropbox\bin\Dropbox.exe

C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation

C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe

C:\Program Files (x86)\Internet Explorer\iexplore.exe

C:\Program Files (x86)\Internet Explorer\iexplore.exe

C:\Program Files (x86)\Internet Explorer\IELowutil.exe

C:\Program Files (x86)\Microsoft Office\OFFICE11\OUTLOOK.EXE

C:\Program Files (x86)\Microsoft Office\OFFICE11\WINWORD.EXE

C:\Windows\splwow64.exe

C:\Windows\sysWow64\SearchProtocolHost.exe

C:\Windows\system32\SearchFilterHost.exe

C:\Windows\system32\taskeng.exe

C:\Windows\system32\DllHost.exe

C:\Windows\system32\DllHost.exe

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\conhost.exe

C:\Windows\SysWOW64\cscript.exe

C:\Windows\system32\wbem\wmiprvse.exe

.

============== Pseudo HJT Report ===============

.

uSearch Page =

uStart Page = hxxp://www.bing.com/

uSearch Bar =

uInternet Settings,ProxyOverride = *.local

uURLSearchHooks: H - No File

mWinlogon: Userinit=userinit.exe,

BHO: ContributeBHO Class: {074c1dc5-9320-4a9a-947d-c042949c6216} - C:\Program Files (x86)\Adobe\/Adobe Contribute CS3/contributeieplugin.dll

BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll

BHO: McAfee Phishing Filter: {27b4851a-3207-45a2-b947-be8afe6163ab} - c:\progra~1\mcafee\msk\mskapbho.dll

BHO: {5C255C8A-E604-49b4-9D64-90988571CECB} - No File

BHO: CDelHotkeys Object: {78875f5c-a685-4405-8dc5-d48dc65452b0} - C:\Program Files (x86)\Delicious Add-on for Internet Explorer\DeliciousExtension.dll

BHO: scriptproxy: {7db2d5a0-7241-4e79-b68d-6309f01c5231} - C:\Program Files (x86)\Common Files\McAfee\SystemCore\ScriptSn.20100907182941.dll

BHO: Windows Live Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll

BHO: Google Toolbar Helper: {aa58ed58-01dd-4d91-8333-cf10577473f7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll

BHO: Bing Bar Helper: {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - "C:\Program Files (x86)\Microsoft\BingBar\BingExt.dll"

BHO: Java Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll

TB: Contribute Toolbar: {517bdde4-e3a7-4570-b21e-2b52b6139fc7} - C:\Program Files (x86)\Adobe\/Adobe Contribute CS3/contributeieplugin.dll

TB: Delicious Toolbar: {61d1c847-df80-423a-8c6d-dc03b97e6ebe} - C:\Program Files (x86)\Delicious Add-on for Internet Explorer\DeliciousExtension.dll

TB: Bing Bar: {8dcb7100-df86-4384-8842-8fa844297b3f} - "C:\Program Files (x86)\Microsoft\BingBar\BingExt.dll"

TB: Google Toolbar: {2318c2b1-4965-11d4-9b18-009027a5cd4f} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll

TB: {21FA44EF-376D-4D53-9B0F-8A89D3229068} - No File

EB: Delicious Sidebar: {9d19c405-ba93-461b-871f-97992cc45972} - C:\Program Files (x86)\Delicious Add-on for Internet Explorer\DeliciousExtension.dll

uRun: [screenpresso] "C:\Users\kmwordsmith\AppData\Local\LearnPulse\Screenpresso\Screenpresso.exe" -startup

uRun: [MobileDocuments] C:\Program Files (x86)\Common Files\Apple\Internet Services\ubd.exe

uRun: [Google Update] "C:\Users\kmwordsmith\AppData\Local\Google\Update\GoogleUpdate.exe" /c

mRun: [PDVDDXSrv] "C:\Program Files (x86)\CyberLink\PowerDVD DX\PDVDDXSrv.exe"

mRun: [Dell Webcam Central] "C:\Program Files (x86)\Dell Webcam\Dell Webcam Central\WebcamDell2.exe" /mode2

mRun: [Desktop Disc Tool] "C:\Program Files (x86)\Roxio\Roxio Burn\RoxioBurnLauncher.exe"

mRun: [DellSupportCenter] "C:\Program Files (x86)\Dell Support Center\bin\sprtcmd.exe" /P DellSupportCenter

mRun: [blackBerryAutoUpdate] C:\Program Files (x86)\Common Files\Research In Motion\Auto Update\RIMAutoUpdate.exe /background

mRun: [mcui_exe] "C:\Program Files\McAfee.com\Agent\mcagent.exe" /runkey

mRun: [AppleSyncNotifier] C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleSyncNotifier.exe

mRun: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"

mRun: [sunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"

mRun: [APSDaemon] "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe"

mRun: [QuickTime Task] "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime

mRun: [iTunesHelper] "C:\Program Files (x86)\iTunes\iTunesHelper.exe"

mRun: [Malwarebytes' Anti-Malware] "C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe" /starttray

mRunOnce: ["C:\Program Files (x86)\Dell DataSafe Local Backup\Components\DSUpdate\DSUpdate.exe"] "C:\Program Files (x86)\Dell DataSafe Local Backup\Components\DSUpdate\DSUpdate.exe"

StartupFolder: C:\Users\KMWORD~1\AppData\Roaming\MICROS~1\Windows\STARTM~1\Programs\Startup\DELLDO~1.LNK - C:\Program Files (x86)\Dell\DellDock\DellDock.exe

StartupFolder: C:\Users\KMWORD~1\AppData\Roaming\MICROS~1\Windows\STARTM~1\Programs\Startup\Dropbox.lnk - C:\Users\kmwordsmith\AppData\Roaming\Dropbox\bin\Dropbox.exe

StartupFolder: C:\PROGRA~3\MICROS~1\Windows\STARTM~1\Programs\Startup\MCAFEE~1.LNK - C:\Program Files (x86)\McAfee Security Scan\2.1.121\SSScheduler.exe

StartupFolder: C:\PROGRA~3\MICROS~1\Windows\STARTM~1\Programs\Startup\PDFCRE~1.LNK - C:\Program Files (x86)\PDFCreator\PDFCreator.exe

mPolicies-explorer: NoActiveDesktop = 1 (0x1)

mPolicies-explorer: NoActiveDesktopChanges = 1 (0x1)

mPolicies-system: ConsentPromptBehaviorAdmin = 5 (0x5)

mPolicies-system: ConsentPromptBehaviorUser = 3 (0x3)

mPolicies-system: EnableUIADesktopToggle = 0 (0x0)

IE: E&xport to Microsoft Excel - C:\PROGRA~2\MIF5BA~1\OFFICE11\EXCEL.EXE/3000

IE: Google Sidewiki... - C:\Program Files (x86)\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_89D8574934B26AC4.dll/cmsidewiki.html

IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll

IE: {2C887991-08F0-11DC-A9B2-0012F0B227DD} - {B8D8B1D0-83AF-451B-8CD9-8F1BF4ED8FEA} - C:\Program Files (x86)\Delicious Add-on for Internet Explorer\DeliciousExtension.dll

IE: {2C887992-08F0-11DC-A9B2-0012F0B227DD} - {9D19C405-BA93-461b-871F-97992CC45972} - C:\Program Files (x86)\Delicious Add-on for Internet Explorer\DeliciousExtension.dll

IE: {2C887993-08F0-11DC-A9B2-0012F0B227DD} - {4D3D441F-9543-4941-B664-2EDCF9FC1B56} - C:\Program Files (x86)\Delicious Add-on for Internet Explorer\DeliciousExtension.dll

IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - C:\PROGRA~2\MIF5BA~1\OFFICE11\REFIEBAR.DLL

LSP: mswsock.dll

DPF: {02BF25D5-8C17-4B23-BC80-D3488ABDDC6B} - hxxp://appldnld.apple.com.edgesuite.net/content.info.apple.com/QuickTime/qtactivex/qtplugin.cab

DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab

DPF: {CAFEEFAC-0016-0000-0029-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab

DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab

DPF: {E06E2E99-0AA1-11D4-ABA6-0060082AA75C} - hxxps://logicalimages.webex.com/client/T27LB/webex/ieatgpc1.cab

DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab

TCP: DhcpNameServer = 192.168.254.254

TCP: Interfaces\{5543631B-9160-4BE9-925D-36734AE345F2} : DhcpNameServer = 192.168.254.254

TCP: Interfaces\{7F302492-41B6-4FBD-8780-5795A2FDC3EF} : DhcpNameServer = 192.168.254.254

BHO-X64: ContributeBHO Class: {074C1DC5-9320-4A9A-947D-C042949C6216} - C:\Program Files (x86)\Adobe\/Adobe Contribute CS3/contributeieplugin.dll

BHO-X64: Adobe PDF Link Helper: {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll

BHO-X64: AcroIEHelperStub - No File

BHO-X64: McAfee Phishing Filter: {27B4851A-3207-45A2-B947-BE8AFE6163AB} - c:\progra~1\mcafee\msk\mskapbho.dll

BHO-X64: McAfee Phishing Filter - No File

BHO-X64: {5C255C8A-E604-49b4-9D64-90988571CECB} - No File

BHO-X64: CDelHotkeys Object: {78875F5C-A685-4405-8DC5-D48DC65452B0} - C:\Program Files (x86)\Delicious Add-on for Internet Explorer\DeliciousExtension.dll

BHO-X64: scriptproxy: {7DB2D5A0-7241-4E79-B68D-6309F01C5231} - C:\Program Files (x86)\Common Files\McAfee\SystemCore\ScriptSn.20100907182941.dll

BHO-X64: scriptproxy - No File

BHO-X64: Windows Live Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll

BHO-X64: Google Toolbar Helper: {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll

BHO-X64: Bing Bar Helper: {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - "C:\Program Files (x86)\Microsoft\BingBar\BingExt.dll"

BHO-X64: Java Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll

TB-X64: Contribute Toolbar: {517BDDE4-E3A7-4570-B21E-2B52B6139FC7} - C:\Program Files (x86)\Adobe\/Adobe Contribute CS3/contributeieplugin.dll

TB-X64: Delicious Toolbar: {61D1C847-DF80-423A-8C6D-DC03B97E6EBE} - C:\Program Files (x86)\Delicious Add-on for Internet Explorer\DeliciousExtension.dll

TB-X64: Bing Bar: {8dcb7100-df86-4384-8842-8fa844297b3f} - "C:\Program Files (x86)\Microsoft\BingBar\BingExt.dll"

TB-X64: Google Toolbar: {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll

TB-X64: {21FA44EF-376D-4D53-9B0F-8A89D3229068} - No File

EB-X64: {9D19C405-BA93-461B-871F-97992CC45972} - No File

mRun-x64: [PDVDDXSrv] "C:\Program Files (x86)\CyberLink\PowerDVD DX\PDVDDXSrv.exe"

mRun-x64: [Dell Webcam Central] "C:\Program Files (x86)\Dell Webcam\Dell Webcam Central\WebcamDell2.exe" /mode2

mRun-x64: [Desktop Disc Tool] "C:\Program Files (x86)\Roxio\Roxio Burn\RoxioBurnLauncher.exe"

mRun-x64: [DellSupportCenter] "C:\Program Files (x86)\Dell Support Center\bin\sprtcmd.exe" /P DellSupportCenter

mRun-x64: [blackBerryAutoUpdate] C:\Program Files (x86)\Common Files\Research In Motion\Auto Update\RIMAutoUpdate.exe /background

mRun-x64: [mcui_exe] "C:\Program Files\McAfee.com\Agent\mcagent.exe" /runkey

mRun-x64: [AppleSyncNotifier] C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleSyncNotifier.exe

mRun-x64: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"

mRun-x64: [sunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"

mRun-x64: [APSDaemon] "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe"

mRun-x64: [QuickTime Task] "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime

mRun-x64: [iTunesHelper] "C:\Program Files (x86)\iTunes\iTunesHelper.exe"

mRun-x64: [Malwarebytes' Anti-Malware] "C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe" /starttray

mRunOnce-x64: ["C:\Program Files (x86)\Dell DataSafe Local Backup\Components\DSUpdate\DSUpdate.exe"] "C:\Program Files (x86)\Dell DataSafe Local Backup\Components\DSUpdate\DSUpdate.exe"

.

============= SERVICES / DRIVERS ===============

.

R0 mfehidk;McAfee Inc. mfehidk;C:\Windows\system32\drivers\mfehidk.sys --> C:\Windows\system32\drivers\mfehidk.sys [?]

R0 PxHlpa64;PxHlpa64;C:\Windows\system32\Drivers\PxHlpa64.sys --> C:\Windows\system32\Drivers\PxHlpa64.sys [?]

R1 mfenlfk;McAfee NDIS Light Filter;C:\Windows\system32\DRIVERS\mfenlfk.sys --> C:\Windows\system32\DRIVERS\mfenlfk.sys [?]

R1 mfewfpk;McAfee Inc. mfewfpk;C:\Windows\system32\drivers\mfewfpk.sys --> C:\Windows\system32\drivers\mfewfpk.sys [?]

R1 vwififlt;Virtual WiFi Filter Driver;C:\Windows\system32\DRIVERS\vwififlt.sys --> C:\Windows\system32\DRIVERS\vwififlt.sys [?]

R2 AdobeARMservice;Adobe Acrobat Update Service;C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe [2012-1-3 63928]

R2 BBSvc;Bing Bar Update Service;C:\Program Files (x86)\Microsoft\BingBar\BBSvc.EXE [2011-10-21 196176]

R2 BBUpdate;BBUpdate;C:\Program Files (x86)\Microsoft\BingBar\SeaPort.EXE [2011-10-13 249648]

R2 DockLoginService;Dock Login Service;C:\Program Files\Dell\DellDock\DockLogin.exe [2009-6-9 155648]

R2 MBAMService;MBAMService;C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [2012-8-15 655944]

R2 McNaiAnn;McAfee VirusScan Announcer;C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe [2010-9-7 355440]

R2 McProxy;McAfee Proxy Service;C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe [2010-9-7 355440]

R2 McShield;McShield;C:\Program Files\Common Files\McAfee\SystemCore\mcshield.exe [2010-9-7 199032]

R2 mfefire;McAfee Firewall Core Service;C:\Program Files\Common Files\McAfee\SystemCore\mfefire.exe [2010-9-7 244840]

R2 mfevtp;McAfee Validation Trust Protection Service;C:\Program Files\Common Files\McAfee\SystemCore\mfevtps.exe [2010-9-7 148520]

R2 SftService;SoftThinks Agent Service;C:\Program Files (x86)\Dell DataSafe Local Backup\SftService.exe [2009-11-28 1692480]

R3 CtClsFlt;Creative Camera Class Upper Filter Driver;C:\Windows\system32\DRIVERS\CtClsFlt.sys --> C:\Windows\system32\DRIVERS\CtClsFlt.sys [?]

R3 MBAMProtector;MBAMProtector;\??\C:\Windows\system32\drivers\mbam.sys --> C:\Windows\system32\drivers\mbam.sys [?]

R3 mfeavfk;McAfee Inc. mfeavfk;C:\Windows\system32\drivers\mfeavfk.sys --> C:\Windows\system32\drivers\mfeavfk.sys [?]

R3 mfefirek;McAfee Inc. mfefirek;C:\Windows\system32\drivers\mfefirek.sys --> C:\Windows\system32\drivers\mfefirek.sys [?]

R3 RSUSBSTOR;RtsUStor.Sys Realtek USB Card Reader;C:\Windows\system32\Drivers\RtsUStor.sys --> C:\Windows\system32\Drivers\RtsUStor.sys [?]

R3 yukonw7;NDIS6.2 Miniport Driver for Marvell Yukon Ethernet Controller;C:\Windows\system32\DRIVERS\yk62x64.sys --> C:\Windows\system32\DRIVERS\yk62x64.sys [?]

S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\WINDOWS\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]

S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\WINDOWS\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-3-18 138576]

S2 gupdate;Google Update Service (gupdate);C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2011-3-1 136176]

S2 McMPFSvc;McAfee Personal Firewall Service;C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe [2010-9-7 355440]

S3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service;C:\WINDOWS\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-4-17 250056]

S3 cfwids;McAfee Inc. cfwids;C:\Windows\system32\drivers\cfwids.sys --> C:\Windows\system32\drivers\cfwids.sys [?]

S3 gupdatem;Google Update Service (gupdatem);C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2011-3-1 136176]

S3 McComponentHostService;McAfee Security Scan Component Host Service;C:\Program Files (x86)\McAfee Security Scan\2.1.121\McCHSvc.exe [2010-9-3 227232]

S3 mferkdet;McAfee Inc. mferkdet;C:\Windows\system32\drivers\mferkdet.sys --> C:\Windows\system32\drivers\mferkdet.sys [?]

S3 TsUsbFlt;TsUsbFlt;C:\Windows\system32\drivers\tsusbflt.sys --> C:\Windows\system32\drivers\tsusbflt.sys [?]

S3 USBAAPL64;Apple Mobile USB Driver;C:\Windows\system32\Drivers\usbaapl64.sys --> C:\Windows\system32\Drivers\usbaapl64.sys [?]

S3 WatAdminSvc;Windows Activation Technologies Service;C:\Windows\system32\Wat\WatAdminSvc.exe --> C:\Windows\system32\Wat\WatAdminSvc.exe [?]

.

=============== Created Last 30 ================

.

2012-08-19 22:15:19 -------- d-----w- C:\TDSSKiller_Quarantine

2012-08-16 03:14:57 -------- d-----w- C:\Users\kmwordsmith\AppData\Roaming\Malwarebytes

2012-08-16 03:14:50 -------- d-----w- C:\ProgramData\Malwarebytes

2012-08-16 03:14:46 24904 ----a-w- C:\Windows\System32\drivers\mbam.sys

2012-08-16 03:14:46 -------- d-----w- C:\Program Files (x86)\Malwarebytes' Anti-Malware

2012-08-16 02:56:29 -------- d-----w- C:\Program Files (x86)\PC Tools

2012-08-16 02:47:50 251560 ----a-w- C:\Windows\System32\drivers\PCTSD64.sys

2012-08-16 02:47:50 -------- d-----w- C:\Program Files (x86)\Common Files\PC Tools

2012-08-16 02:47:20 -------- d-----w- C:\ProgramData\PC Tools

2012-08-16 02:47:19 -------- d-----w- C:\Users\kmwordsmith\AppData\Roaming\TestApp

2012-07-24 19:47:01 -------- d-sh--w- C:\Windows\SysWow64\%APPDATA%

2012-07-24 14:33:50 5120 ----a-w- C:\ProgramData\Microsoft\Windows\DRM\F337.tmp

2012-07-24 14:33:50 5120 ----a-w- C:\ProgramData\Microsoft\Windows\DRM\F336.tmp

.

==================== Find3M ====================

.

2012-08-19 22:16:23 328704 ----a-w- C:\Windows\System32\services.exe

2012-08-15 13:46:15 70344 ----a-w- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl

2012-08-15 13:46:15 426184 ----a-w- C:\Windows\SysWow64\FlashPlayerApp.exe

2012-06-12 03:08:36 3148800 ----a-w- C:\Windows\System32\win32k.sys

2012-06-06 06:06:16 2004480 ----a-w- C:\Windows\System32\msxml6.dll

2012-06-06 06:06:16 1881600 ----a-w- C:\Windows\System32\msxml3.dll

2012-06-06 06:02:54 1133568 ----a-w- C:\Windows\System32\cdosys.dll

2012-06-06 05:05:52 1390080 ----a-w- C:\Windows\SysWow64\msxml6.dll

2012-06-06 05:05:52 1236992 ----a-w- C:\Windows\SysWow64\msxml3.dll

2012-06-06 05:03:06 805376 ----a-w- C:\Windows\SysWow64\cdosys.dll

2012-06-02 22:15:31 2622464 ----a-w- C:\Windows\System32\wucltux.dll

2012-06-02 22:15:08 99840 ----a-w- C:\Windows\System32\wudriver.dll

2012-06-02 19:19:42 186752 ----a-w- C:\Windows\System32\wuwebv.dll

2012-06-02 19:15:12 36864 ----a-w- C:\Windows\System32\wuapp.exe

2012-06-02 12:12:17 2311680 ----a-w- C:\Windows\System32\jscript9.dll

2012-06-02 12:05:28 1392128 ----a-w- C:\Windows\System32\wininet.dll

2012-06-02 12:04:50 1494528 ----a-w- C:\Windows\System32\inetcpl.cpl

2012-06-02 12:01:40 173056 ----a-w- C:\Windows\System32\ieUnatt.exe

2012-06-02 11:57:08 2382848 ----a-w- C:\Windows\System32\mshtml.tlb

2012-06-02 08:33:25 1800192 ----a-w- C:\Windows\SysWow64\jscript9.dll

2012-06-02 08:25:08 1129472 ----a-w- C:\Windows\SysWow64\wininet.dll

2012-06-02 08:25:03 1427968 ----a-w- C:\Windows\SysWow64\inetcpl.cpl

2012-06-02 08:20:33 142848 ----a-w- C:\Windows\SysWow64\ieUnatt.exe

2012-06-02 08:16:52 2382848 ----a-w- C:\Windows\SysWow64\mshtml.tlb

2012-06-02 05:50:10 458704 ----a-w- C:\Windows\System32\drivers\cng.sys

2012-06-02 05:48:16 95600 ----a-w- C:\Windows\System32\drivers\ksecdd.sys

2012-06-02 05:48:16 151920 ----a-w- C:\Windows\System32\drivers\ksecpkg.sys

2012-06-02 05:45:31 340992 ----a-w- C:\Windows\System32\schannel.dll

2012-06-02 05:44:21 307200 ----a-w- C:\Windows\System32\ncrypt.dll

2012-06-02 04:40:42 22016 ----a-w- C:\Windows\SysWow64\secur32.dll

2012-06-02 04:40:39 225280 ----a-w- C:\Windows\SysWow64\schannel.dll

2012-06-02 04:39:10 219136 ----a-w- C:\Windows\SysWow64\ncrypt.dll

2012-06-02 04:34:09 96768 ----a-w- C:\Windows\SysWow64\sspicli.dll

.

============= FINISH: 18:41:03.70 ===============

Link to post
Share on other sites
Maniac

Maniac

Posted
Posted

Very well! :)

Step 1

Please re-run TDSSKiller and use Delete option for this entry:

18:15:41.0728 4412 \Device\Harddisk0\DR0 ( TDSS File System ) - skipped by user

18:15:41.0728 4412 \Device\Harddisk0\DR0 ( TDSS File System ) - User select action: Skip

Step 2

Please visit this webpage for download links, and instructions for running the tool:

http://www.bleepingcomputer.com/combofix/how-to-use-combofix

* Ensure you have disabled all anti virus and anti malware programs so they do not interfere with the running of ComboFix.

Please post the C:\ComboFix.txt in your next reply for further review.

Note: If you encounter a message "illegal operation attempted on registry key that has been marked for deletion" and no programs will run - please just reboot and that will resolve that error.

Link to post
Share on other sites
dmar2012

dmar2012

Posted
  • Author
Posted

OK, Step 1 completed no problem. I had a little problem with Step 2 (running ComboFix). I disabled McAfee real-time scanning and firewall, but at one point towards the end of the ComboFix running it put up a dialog saying that McAfee was still running. I went back and checked and McAfee Security Center dialog indicated that real-time and firewall were both off. In any case I clicked OK for ComboFix to proceed. It put up another dialog warning me that McAfee was still running and this dialog had only a "Continue" button. I clicked Continue, ComboFix finished and then after a reboot McAfee did definitely restart and the scanner tried to quarantine one of the ComboBox processes - I clicked "Allow" to let ComboBox run. ComboBox did finish and the log is pasted below. I had to reboot to get rid of the "illegal operation attempted on registry key..." error when trying to open anything, but after the reboot everything opens fine.

So not totally sure where things stand now as a result of the McAfee snag, but in any case here is the log:

ComboFix 12-08-20.02 - kmwordsmith 08/20/2012 14:45:21.1.2 - x64

Microsoft Windows 7 Home Premium 6.1.7601.1.1252.1.1033.18.4056.2631 [GMT -4:00]

Running from: c:\users\kmwordsmith\Desktop\ComboFix.exe

AV: McAfee Anti-Virus and Anti-Spyware *Enabled/Updated* {86355677-4064-3EA7-ABB3-1B136EB04637}

FW: McAfee Firewall *Enabled* {BE0ED752-0A0B-3FFF-80EC-B2269063014C}

SP: McAfee Anti-Virus and Anti-Spyware *Enabled/Updated* {3D54B793-665E-3129-9103-206115370C8A}

SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

* Created a new restore point

.

.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))

.

.

c:\program files (x86)\CouponAlert_2pEI

c:\windows\security\Database\tmp.edb

.

.

((((((((((((((((((((((((( Files Created from 2012-07-20 to 2012-08-20 )))))))))))))))))))))))))))))))

.

.

2012-08-20 18:56 . 2012-08-20 18:56 -------- d-----w- c:\users\Default\AppData\Local\temp

2012-08-19 22:15 . 2012-08-20 17:22 -------- d-----w- C:\TDSSKiller_Quarantine

2012-08-16 03:14 . 2012-08-16 03:14 -------- d-----w- c:\users\kmwordsmith\AppData\Roaming\Malwarebytes

2012-08-16 03:14 . 2012-08-16 03:14 -------- d-----w- c:\programdata\Malwarebytes

2012-08-16 03:14 . 2012-08-16 03:17 -------- d-----w- c:\program files (x86)\Malwarebytes' Anti-Malware

2012-08-16 03:14 . 2012-07-03 17:46 24904 ----a-w- c:\windows\system32\drivers\mbam.sys

2012-08-16 02:56 . 2012-08-17 02:05 -------- d-----w- c:\program files (x86)\PC Tools

2012-08-16 02:47 . 2012-08-17 02:05 -------- d-----w- c:\program files (x86)\Common Files\PC Tools

2012-08-16 02:47 . 2012-06-22 19:35 251560 ----a-w- c:\windows\system32\drivers\PCTSD64.sys

2012-08-16 02:47 . 2012-08-17 02:03 -------- d-----w- c:\programdata\PC Tools

2012-08-16 02:47 . 2012-08-16 02:47 -------- d-----w- c:\users\kmwordsmith\AppData\Roaming\TestApp

2012-07-24 19:47 . 2012-07-24 19:47 -------- d-sh--w- c:\windows\SysWow64\%APPDATA%

.

.

.

(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))

.

2012-08-19 22:16 . 2009-07-13 23:19 328704 ----a-w- c:\windows\system32\services.exe

2012-08-15 13:46 . 2012-04-17 12:03 426184 ----a-w- c:\windows\SysWow64\FlashPlayerApp.exe

2012-08-15 13:46 . 2011-06-14 11:13 70344 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl

2012-07-24 14:33 . 2012-07-24 14:33 5120 ----a-w- c:\programdata\Microsoft\Windows\DRM\F337.tmp

2012-07-24 14:33 . 2012-07-24 14:33 5120 ----a-w- c:\programdata\Microsoft\Windows\DRM\F336.tmp

2012-07-12 03:59 . 2011-01-06 11:38 59701280 ----a-w- c:\windows\system32\MRT.exe

2012-06-12 03:08 . 2012-07-12 04:02 3148800 ----a-w- c:\windows\system32\win32k.sys

2012-06-09 05:43 . 2012-07-11 11:25 14172672 ----a-w- c:\windows\system32\shell32.dll

2012-06-06 06:06 . 2012-07-11 11:25 2004480 ----a-w- c:\windows\system32\msxml6.dll

2012-06-06 06:06 . 2012-07-11 11:25 1881600 ----a-w- c:\windows\system32\msxml3.dll

2012-06-06 06:02 . 2012-07-11 11:25 1133568 ----a-w- c:\windows\system32\cdosys.dll

2012-06-06 05:05 . 2012-07-11 11:25 1390080 ----a-w- c:\windows\SysWow64\msxml6.dll

2012-06-06 05:05 . 2012-07-11 11:25 1236992 ----a-w- c:\windows\SysWow64\msxml3.dll

2012-06-06 05:03 . 2012-07-11 11:25 805376 ----a-w- c:\windows\SysWow64\cdosys.dll

2012-06-02 22:19 . 2012-06-25 10:16 38424 ----a-w- c:\windows\system32\wups.dll

2012-06-02 22:19 . 2012-06-25 10:16 2428952 ----a-w- c:\windows\system32\wuaueng.dll

2012-06-02 22:19 . 2012-06-25 10:16 57880 ----a-w- c:\windows\system32\wuauclt.exe

2012-06-02 22:19 . 2012-06-25 10:16 44056 ----a-w- c:\windows\system32\wups2.dll

2012-06-02 22:19 . 2012-06-25 10:16 701976 ----a-w- c:\windows\system32\wuapi.dll

2012-06-02 22:15 . 2012-06-25 10:16 2622464 ----a-w- c:\windows\system32\wucltux.dll

2012-06-02 22:15 . 2012-06-25 10:16 99840 ----a-w- c:\windows\system32\wudriver.dll

2012-06-02 19:19 . 2012-06-25 10:16 186752 ----a-w- c:\windows\system32\wuwebv.dll

2012-06-02 19:15 . 2012-06-25 10:16 36864 ----a-w- c:\windows\system32\wuapp.exe

2012-06-02 12:49 . 2012-07-12 03:58 17807360 ----a-w- c:\windows\system32\mshtml.dll

2012-06-02 12:17 . 2012-07-12 03:58 10924032 ----a-w- c:\windows\system32\ieframe.dll

2012-06-02 12:12 . 2012-07-12 03:58 2311680 ----a-w- c:\windows\system32\jscript9.dll

2012-06-02 12:05 . 2012-07-12 03:58 1346048 ----a-w- c:\windows\system32\urlmon.dll

2012-06-02 12:05 . 2012-07-12 03:58 1392128 ----a-w- c:\windows\system32\wininet.dll

2012-06-02 12:04 . 2012-07-12 03:58 1494528 ----a-w- c:\windows\system32\inetcpl.cpl

2012-06-02 12:04 . 2012-07-12 03:58 237056 ----a-w- c:\windows\system32\url.dll

2012-06-02 12:03 . 2012-07-12 03:58 85504 ----a-w- c:\windows\system32\jsproxy.dll

2012-06-02 12:01 . 2012-07-12 03:58 173056 ----a-w- c:\windows\system32\ieUnatt.exe

2012-06-02 12:00 . 2012-07-12 03:58 818688 ----a-w- c:\windows\system32\jscript.dll

2012-06-02 11:59 . 2012-07-12 03:58 2144768 ----a-w- c:\windows\system32\iertutil.dll

2012-06-02 11:57 . 2012-07-12 03:58 96768 ----a-w- c:\windows\system32\mshtmled.dll

2012-06-02 11:57 . 2012-07-12 03:58 2382848 ----a-w- c:\windows\system32\mshtml.tlb

2012-06-02 11:54 . 2012-07-12 03:58 248320 ----a-w- c:\windows\system32\ieui.dll

2012-06-02 08:33 . 2012-07-12 03:58 1800192 ----a-w- c:\windows\SysWow64\jscript9.dll

2012-06-02 08:25 . 2012-07-12 03:58 1129472 ----a-w- c:\windows\SysWow64\wininet.dll

2012-06-02 08:25 . 2012-07-12 03:58 1427968 ----a-w- c:\windows\SysWow64\inetcpl.cpl

2012-06-02 08:20 . 2012-07-12 03:58 142848 ----a-w- c:\windows\SysWow64\ieUnatt.exe

2012-06-02 08:16 . 2012-07-12 03:58 2382848 ----a-w- c:\windows\SysWow64\mshtml.tlb

2012-06-02 05:50 . 2012-07-11 11:25 458704 ----a-w- c:\windows\system32\drivers\cng.sys

2012-06-02 05:48 . 2012-07-11 11:25 95600 ----a-w- c:\windows\system32\drivers\ksecdd.sys

2012-06-02 05:48 . 2012-07-11 11:25 151920 ----a-w- c:\windows\system32\drivers\ksecpkg.sys

2012-06-02 05:45 . 2012-07-11 11:25 340992 ----a-w- c:\windows\system32\schannel.dll

2012-06-02 05:44 . 2012-07-11 11:25 307200 ----a-w- c:\windows\system32\ncrypt.dll

2012-06-02 04:40 . 2012-07-11 11:25 22016 ----a-w- c:\windows\SysWow64\secur32.dll

2012-06-02 04:40 . 2012-07-11 11:25 225280 ----a-w- c:\windows\SysWow64\schannel.dll

2012-06-02 04:39 . 2012-07-11 11:25 219136 ----a-w- c:\windows\SysWow64\ncrypt.dll

2012-06-02 04:34 . 2012-07-11 11:25 96768 ----a-w- c:\windows\SysWow64\sspicli.dll

.

.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))

.

.

*Note* empty entries & legit default entries are not shown

REGEDIT4

.

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"Screenpresso"="c:\users\kmwordsmith\AppData\Local\LearnPulse\Screenpresso\Screenpresso.exe" [2012-07-09 7884680]

"MobileDocuments"="c:\program files (x86)\Common Files\Apple\Internet Services\ubd.exe" [2012-02-23 59240]

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]

"PDVDDXSrv"="c:\program files (x86)\CyberLink\PowerDVD DX\PDVDDXSrv.exe" [2009-06-25 140520]

"Dell Webcam Central"="c:\program files (x86)\Dell Webcam\Dell Webcam Central\WebcamDell2.exe" [2009-06-24 409744]

"Desktop Disc Tool"="c:\program files (x86)\Roxio\Roxio Burn\RoxioBurnLauncher.exe" [2009-06-19 494064]

"BlackBerryAutoUpdate"="c:\program files (x86)\Common Files\Research In Motion\Auto Update\RIMAutoUpdate.exe" [2009-11-20 623960]

"mcui_exe"="c:\program files\McAfee.com\Agent\mcagent.exe" [2010-07-01 1484856]

"AppleSyncNotifier"="c:\program files (x86)\Common Files\Apple\Mobile Device Support\AppleSyncNotifier.exe" [2011-09-27 59240]

"Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2012-01-03 843712]

"SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe" [2011-06-09 254696]

"APSDaemon"="c:\program files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2012-02-21 59240]

"QuickTime Task"="c:\program files (x86)\QuickTime\QTTask.exe" [2011-10-24 421888]

"iTunesHelper"="c:\program files (x86)\iTunes\iTunesHelper.exe" [2012-03-27 421736]

"Malwarebytes' Anti-Malware"="c:\program files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe" [2012-07-03 462920]

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\RunOnce]

"c:\program files (x86)\Dell DataSafe Local Backup\Components\DSUpdate\DSUpdate.exe"="c:\program files (x86)\Dell DataSafe Local Backup\Components\DSUpdate\DSUpdate.exe" [2011-10-04 559616]

.

c:\users\kmwordsmith\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\

Dell Dock.lnk - c:\program files\Dell\DellDock\DellDock.exe [2009-9-21 1316192]

Dropbox.lnk - c:\users\kmwordsmith\AppData\Roaming\Dropbox\bin\Dropbox.exe [2012-5-24 27112840]

.

c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\

McAfee Security Scan Plus.lnk - c:\program files (x86)\McAfee Security Scan\2.1.121\SSScheduler.exe [2010-9-3 255536]

PDFCreator.lnk - c:\program files (x86)\PDFCreator\PDFCreator.exe [2009-12-5 2641920]

.

c:\users\Default User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\

Dell Dock First Run.lnk - c:\program files\Dell\DellDock\DellDock.exe [2009-9-21 1316192]

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]

"ConsentPromptBehaviorAdmin"= 5 (0x5)

"ConsentPromptBehaviorUser"= 3 (0x3)

"EnableUIADesktopToggle"= 0 (0x0)

.

[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\drivers32]

"mixer"=wdmaud.drv

.

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\mcmscsvc]

@=""

.

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MCODS]

@=""

.

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]

@="Driver"

.

R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]

R2 gupdate;Google Update Service (gupdate);c:\program files (x86)\Google\Update\GoogleUpdate.exe [2011-03-01 136176]

R3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service;c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-08-15 250056]

R3 gupdatem;Google Update Service (gupdatem);c:\program files (x86)\Google\Update\GoogleUpdate.exe [2011-03-01 136176]

R3 McComponentHostService;McAfee Security Scan Component Host Service;c:\program files (x86)\McAfee Security Scan\2.1.121\McCHSvc.exe [2010-09-03 227232]

R3 mferkdet;McAfee Inc. mferkdet;c:\windows\system32\drivers\mferkdet.sys [2010-06-01 93840]

R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [2010-11-20 59392]

R3 USBAAPL64;Apple Mobile USB Driver;c:\windows\system32\Drivers\usbaapl64.sys [2011-02-18 51712]

R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe [2010-04-20 1255736]

S0 PxHlpa64;PxHlpa64;c:\windows\System32\Drivers\PxHlpa64.sys [2009-07-09 55280]

S1 mfenlfk;McAfee NDIS Light Filter;c:\windows\system32\DRIVERS\mfenlfk.sys [2010-06-01 75288]

S1 mfewfpk;McAfee Inc. mfewfpk;c:\windows\system32\drivers\mfewfpk.sys [2010-06-01 279752]

S1 vwififlt;Virtual WiFi Filter Driver;c:\windows\system32\DRIVERS\vwififlt.sys [2009-07-14 59904]

S2 AdobeARMservice;Adobe Acrobat Update Service;c:\program files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe [2012-01-03 63928]

S2 BBSvc;Bing Bar Update Service;c:\program files (x86)\Microsoft\BingBar\BBSvc.EXE [2011-10-21 196176]

S2 BBUpdate;BBUpdate;c:\program files (x86)\Microsoft\BingBar\SeaPort.EXE [2011-10-13 249648]

S2 DockLoginService;Dock Login Service;c:\program files\Dell\DellDock\DockLogin.exe [2009-06-09 155648]

S2 MBAMService;MBAMService;c:\program files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [2012-07-03 655944]

S2 McMPFSvc;McAfee Personal Firewall Service;c:\program files\Common Files\McAfee\McSvcHost\McSvHost.exe [2010-03-10 355440]

S2 McNaiAnn;McAfee VirusScan Announcer;c:\program files\Common Files\McAfee\McSvcHost\McSvHost.exe [2010-03-10 355440]

S2 mfefire;McAfee Firewall Core Service;c:\program files\Common Files\McAfee\SystemCore\\mfefire.exe [2010-06-01 244840]

S2 mfevtp;McAfee Validation Trust Protection Service;c:\program files\Common Files\McAfee\SystemCore\mfevtps.exe [2010-06-01 148520]

S2 SftService;SoftThinks Agent Service;c:\program files (x86)\Dell DataSafe Local Backup\sftservice.EXE [2011-08-18 1692480]

S3 cfwids;McAfee Inc. cfwids;c:\windows\system32\drivers\cfwids.sys [2010-06-01 62416]

S3 CtClsFlt;Creative Camera Class Upper Filter Driver;c:\windows\system32\DRIVERS\CtClsFlt.sys [2009-06-15 172704]

S3 dc3d;MS Hardware Device Detection Driver (USB);c:\windows\system32\DRIVERS\dc3d.sys [2011-04-12 52632]

S3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [2012-07-03 24904]

S3 mfefirek;McAfee Inc. mfefirek;c:\windows\system32\drivers\mfefirek.sys [2010-06-01 440688]

S3 Point64;Microsoft IntelliPoint Filter Driver;c:\windows\system32\DRIVERS\point64.sys [2011-04-13 45432]

S3 RSUSBSTOR;RtsUStor.Sys Realtek USB Card Reader;c:\windows\system32\Drivers\RtsUStor.sys [2009-05-08 215552]

S3 yukonw7;NDIS6.2 Miniport Driver for Marvell Yukon Ethernet Controller;c:\windows\system32\DRIVERS\yk62x64.sys [2009-05-20 393728]

.

.

--- Other Services/Drivers In Memory ---

.

*Deregistered* - mfeavfk01

.

Contents of the 'Scheduled Tasks' folder

.

2012-08-20 c:\windows\Tasks\Adobe Flash Player Updater.job

- c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-04-17 13:46]

.

2012-08-20 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job

- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2011-03-01 16:35]

.

2012-08-20 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job

- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2011-03-01 16:35]

.

2012-08-20 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2178287959-2484263321-3651141593-1001Core.job

- c:\users\kmwordsmith\AppData\Local\Google\Update\GoogleUpdate.exe [2012-04-27 12:12]

.

2012-08-20 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2178287959-2484263321-3651141593-1001UA.job

- c:\users\kmwordsmith\AppData\Local\Google\Update\GoogleUpdate.exe [2012-04-27 12:12]

.

.

--------- X64 Entries -----------

.

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"Apoint"="c:\program files\DellTPad\Apoint.exe" [2009-01-23 305664]

"SysTrayApp"="c:\program files\IDT\WDM\sttray64.exe" [2009-06-29 444416]

"IgfxTray"="c:\windows\system32\igfxtray.exe" [2009-06-30 165912]

"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2009-06-30 385560]

"Persistence"="c:\windows\system32\igfxpers.exe" [2009-06-30 365080]

"Broadcom Wireless Manager UI"="c:\program files\Dell\Dell Wireless WLAN Card\WLTRAY.exe" [2009-07-17 4968960]

"QuickSet"="c:\program files\Dell\QuickSet\QuickSet.exe" [2009-07-02 3180624]

"IAAnotif"="c:\program files (x86)\Intel\Intel Matrix Storage Manager\iaanotif.exe" [2009-06-05 186904]

"IntelliPoint"="c:\program files\Microsoft IntelliPoint\ipoint.exe" [2011-04-13 2399632]

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]

"LoadAppInit_DLLs"=0x0

.

------- Supplementary Scan -------

.

uLocal Page = c:\windows\system32\blank.htm

uStart Page = hxxp://www.bing.com/

mLocal Page = c:\windows\SysWOW64\blank.htm

uInternet Settings,ProxyOverride = *.local

IE: E&xport to Microsoft Excel - c:\progra~2\MIF5BA~1\OFFICE11\EXCEL.EXE/3000

IE: Google Sidewiki... - c:\program files (x86)\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_89D8574934B26AC4.dll/cmsidewiki.html

TCP: DhcpNameServer = 192.168.254.254

.

- - - - ORPHANS REMOVED - - - -

.

URLSearchHooks-{37153479-1976-43c3-a1ee-557513977b64} - (no file)

Toolbar-Locked - (no file)

Wow6432Node-HKLM-Run-DellSupportCenter - c:\program files (x86)\Dell Support Center\bin\sprtcmd.exe

SafeBoot-63553684.sys

Toolbar-Locked - (no file)

.

.

.

--------------------- LOCKED REGISTRY KEYS ---------------------

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]

@Denied: (A 2) (Everyone)

@="FlashBroker"

"LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_3_300_271_ActiveX.exe,-101"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]

"Enabled"=dword:00000001

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]

@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_3_300_271_ActiveX.exe"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]

@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]

@Denied: (A 2) (Everyone)

@="Shockwave Flash Object"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]

@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_3_300_271.ocx"

"ThreadingModel"="Apartment"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]

@="0"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]

@="ShockwaveFlash.ShockwaveFlash.11"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]

@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_3_300_271.ocx, 1"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]

@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]

@="1.0"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]

@="ShockwaveFlash.ShockwaveFlash"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]

@Denied: (A 2) (Everyone)

@="Macromedia Flash Factory Object"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]

@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_3_300_271.ocx"

"ThreadingModel"="Apartment"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]

@="FlashFactory.FlashFactory.1"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]

@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_3_300_271.ocx, 1"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]

@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]

@="1.0"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]

@="FlashFactory.FlashFactory"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]

@Denied: (A 2) (Everyone)

@="IFlashBroker4"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]

@="{00020424-0000-0000-C000-000000000046}"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]

@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"

"Version"="1.0"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\McAfee]

"SymbolicLinkValue"=hex(6):5c,00,72,00,65,00,67,00,69,00,73,00,74,00,72,00,79,

00,5c,00,6d,00,61,00,63,00,68,00,69,00,6e,00,65,00,5c,00,53,00,6f,00,66,00,\

.

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]

@Denied: (A) (Users)

@Denied: (A) (Everyone)

@Allowed: (B 1 2 3 4 5) (S-1-5-20)

"BlindDial"=dword:00000000

.

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]

@Denied: (Full) (Everyone)

.

------------------------ Other Running Processes ------------------------

.

c:\program files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe

c:\program files (x86)\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE

c:\program files (x86)\Intel\Intel Matrix Storage Manager\IAANTMon.exe

c:\program files (x86)\Dell DataSafe Local Backup\TOASTER.EXE

c:\program files (x86)\Dell DataSafe Local Backup\COMPONENTS\SCHEDULER\STSERVICE.EXE

c:\program files (x86)\Dell DataSafe Local Backup\Components\DSUpdate\DSUpd.exe

.

**************************************************************************

.

Completion time: 2012-08-20 15:06:17 - machine was rebooted

ComboFix-quarantined-files.txt 2012-08-20 19:06

.

Pre-Run: 177,837,002,752 bytes free

Post-Run: 178,088,529,920 bytes free

.

- - End Of File - - B3D6F848FEB15C8FBE2722C19DF48E47

Link to post
Share on other sites
Maniac

Maniac

Posted
Posted

Looks good! :)

Please run a free online scan with the ESET Online Scanner

Note: You will need to use Internet Explorer for this scan

  • Tick the box next to YES, I accept the Terms of Use
  • Click Start
  • When asked, allow the ActiveX control to install
  • Click Start
  • Make sure that the options Remove found threats and the option Scan unwanted applications is checked
  • Click Scan (This scan can take several hours, so please be patient)
  • Once the scan is completed, you may close the window
  • Use Notepad to open the logfile located at C:\Program Files\EsetOnlineScanner\log.txt
  • Copy and paste that log as a reply to this topic

Link to post
Share on other sites
dmar2012

dmar2012

Posted
  • Author
Posted

OK, ran the online scanner. Looks like it found some more suspicious items (including some already quarantined by TDSSKiller it appears).

The log noted in your message contained only the following:

ESETSmartInstaller@High as CAB hook log:

OnlineScanner64.ocx - registred OK

OnlineScanner.ocx - registred OK

I also saved the summary of what was quarantined when the scan completed. Here is that text:

C:\ProgramData\Microsoft\Windows\DRM\F336.tmp Win64/Olmarik.AH trojan cleaned by deleting - quarantined

C:\ProgramData\Microsoft\Windows\DRM\F337.tmp Win64/Olmarik.AH trojan cleaned by deleting - quarantined

C:\TDSSKiller_Quarantine\19.08.2012_18.12.20\mbr0000\tdlfs0000\tsk0000.dta Win64/Olmarik.AK trojan cleaned by deleting - quarantined

C:\TDSSKiller_Quarantine\19.08.2012_18.12.20\mbr0000\tdlfs0000\tsk0001.dta Win32/Olmarik.AYH trojan cleaned by deleting - quarantined

C:\TDSSKiller_Quarantine\19.08.2012_18.12.20\mbr0000\tdlfs0000\tsk0002.dta Win64/Olmarik.AL trojan cleaned by deleting - quarantined

C:\TDSSKiller_Quarantine\19.08.2012_18.12.20\mbr0000\tdlfs0000\tsk0003.dta a variant of Win32/Rootkit.Kryptik.NH trojan cleaned by deleting - quarantined

C:\TDSSKiller_Quarantine\19.08.2012_18.12.20\mbr0000\tdlfs0000\tsk0004.dta Win64/Olmarik.AK trojan cleaned by deleting - quarantined

C:\TDSSKiller_Quarantine\19.08.2012_18.12.20\mbr0000\tdlfs0000\tsk0008.dta Win32/Olmarik.AFK trojan cleaned by deleting - quarantined

C:\TDSSKiller_Quarantine\19.08.2012_18.12.20\mbr0000\tdlfs0000\tsk0009.dta Win64/Olmarik.AK trojan cleaned by deleting - quarantined

C:\TDSSKiller_Quarantine\19.08.2012_18.12.20\zasubsys0000\file0000\tsk0000.dta Win64/Patched.B.Gen trojan deleted - quarantined

C:\TDSSKiller_Quarantine\19.08.2012_18.12.20\zasubsys0000\zafs0000\tsk0000.dta Win32/Sirefef.EZ trojan deleted - quarantined

C:\TDSSKiller_Quarantine\19.08.2012_18.12.20\zasubsys0000\zafs0000\tsk0001.dta Win64/Sirefef.AD trojan deleted - quarantined

C:\TDSSKiller_Quarantine\19.08.2012_18.12.20\zasubsys0000\zafs0000\tsk0006.dta Win64/Agent.BA trojan cleaned by deleting - quarantined

C:\TDSSKiller_Quarantine\19.08.2012_18.12.20\zasubsys0000\zafs0000\tsk0007.dta Win64/Conedex.B trojan cleaned by deleting - quarantined

C:\TDSSKiller_Quarantine\19.08.2012_18.12.20\zasubsys0000\zafs0000\tsk0008.dta Win64/Sirefef.AP trojan cleaned by deleting - quarantined

C:\TDSSKiller_Quarantine\20.08.2012_13.21.02\tdlfs0000\tsk0000.dta Win64/Olmarik.AK trojan cleaned by deleting - quarantined

C:\TDSSKiller_Quarantine\20.08.2012_13.21.02\tdlfs0000\tsk0001.dta Win32/Olmarik.AYH trojan cleaned by deleting - quarantined

C:\TDSSKiller_Quarantine\20.08.2012_13.21.02\tdlfs0000\tsk0002.dta Win64/Olmarik.AL trojan cleaned by deleting - quarantined

C:\TDSSKiller_Quarantine\20.08.2012_13.21.02\tdlfs0000\tsk0003.dta a variant of Win32/Rootkit.Kryptik.NH trojan cleaned by deleting - quarantined

C:\TDSSKiller_Quarantine\20.08.2012_13.21.02\tdlfs0000\tsk0004.dta Win64/Olmarik.AK trojan cleaned by deleting - quarantined

C:\TDSSKiller_Quarantine\20.08.2012_13.21.02\tdlfs0000\tsk0008.dta Win32/Olmarik.AFK trojan cleaned by deleting - quarantined

C:\TDSSKiller_Quarantine\20.08.2012_13.21.02\tdlfs0000\tsk0009.dta Win64/Olmarik.AK trojan cleaned by deleting - quarantined

C:\Users\kmwordsmith\AppData\LocalLow\CouponAlert_2pEI\Installr\Cache\00BB4B36.exe a variant of Win32/Toolbar.MyWebSearch.O application cleaned by deleting - quarantined

C:\WINDOWS\System32\config\systemprofile\AppData\Local\{0f765e1d-3107-d985-aee4-a536c6c4a8a0}\n Win64/Sirefef.W trojan cleaned by deleting - quarantined

Thank you!

Link to post
Share on other sites
dmar2012

dmar2012

Posted
  • Author
Posted

OK, folder deleted. There is a similar folder:

C:\Users\kmwordsmith\AppData\LocalLow\CouponAlert_2p

Should I delete that too?

Everything seems fine with the computer now - including Internet search/browsing. Malwarebytes Pro is running and has not found anything recently

(since that first round of cleaning from the start of this thread).

Thanks.

Link to post
Share on other sites
Maurice Naggar

Maurice Naggar

Posted
Posted

Glad we could help. :)

If you need this topic reopened, please send a Private Message to any one of the moderating team members. Please include a link to this thread with your request. This applies only to the originator of this thread.

Other members who need assistance please start your own topic in a new thread. Thanks!

Link to post
Share on other sites
Guest
This topic is now closed to further replies.
 Share
Go to topic listing

  • Recently Browsing   0 members

    • No registered users viewing this page.
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.