Jump to content
Sign in to follow this  
theatlasisonfire

New Pc, Bad Bug

Recommended Posts

Hi there - Any help on this will be greatly appreciated... I've done all the digging I can do...

 

I was given a new laptop for a business that I am working with. Unfortunately, the person giving me the laptop decided to download a bunk program before they handed it to me. The program initiated (as expected) a gnarly little bug that refuses to let me turn on the firewall, redirects my search results, randomly opens very loud web pages, and just won't let me find it or get rid of it. In the last two weeks, I have updated and run Malwarebytes, McAfee, Avira, and Spybot. Each has found something and cleaned it, but I'm still plagued with this bug.

 

This is a new laptop with new legit LEGAL installs of Windows 7, Office, and CS5.5. I have no idea why the owner tried to install the bunk program.

 

Hijack This Log:

 

Logfile of Trend Micro HijackThis v2.0.4

Scan saved at 11:29:45 AM, on 9/23/2011

Platform: Windows 7 SP1 (WinNT 6.00.3505)

MSIE: Internet Explorer v8.00 (8.00.7601.17514)

Boot mode: Normal

 

Running processes:

C:\Program Files (x86)\Motorola\MotoHelper\MotoHelperAgent.exe

C:\Program Files (x86)\EgisTec MyWinLocker\x86\mwlDaemon.exe

C:\Windows\PLFSetI.exe

C:\Program Files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe

C:\Program Files (x86)\Spybot - Search & Destroy\TeaTimer.exe

C:\Users\Donn Flem\AppData\Local\Google\Update\1.3.21.69\GoogleCrashHandler.exe

C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe

C:\Program Files (x86)\EgisTec IPS\PmmUpdate.exe

C:\Program Files (x86)\NewTech Infosystems\Acer Backup Manager\BackupManagerTray.exe

C:\Program Files (x86)\Launch Manager\LManager.exe

C:\Program Files (x86)\Adobe\Acrobat 10.0\Acrobat\acrotray.exe

C:\Program Files (x86)\iTunes\iTunesHelper.exe

C:\Program Files (x86)\EgisTec IPS\EgisUpdate.exe

C:\Program Files (x86)\iTunes\iTunes.exe

C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceHelper.exe

C:\Program Files (x86)\Common Files\Apple\Apple Application Support\distnoted.exe

C:\HJT\Trend Micro\HiJackThis\HiJackThis.exe

 

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://homepage.acer...g4z115v47l21458

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft....k/?LinkId=54896

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://homepage.acer...g4z115v47l21458

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft....k/?LinkId=54896

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft....k/?LinkId=54896

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://homepage.acer...g4z115v47l21458

R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =

R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm

R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local

R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =

R3 - URLSearchHook: McAfee SiteAdvisor Toolbar - {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - c:\PROGRA~2\mcafee\SITEAD~1\mcieplg.dll

F2 - REG:system.ini: UserInit=userinit.exe,

O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll

O2 - BHO: McAfee Phishing Filter - {27B4851A-3207-45A2-B947-BE8AFE6163AB} - c:\progra~1\mcafee\msk\mskapbho.dll

O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files (x86)\Spybot - Search & Destroy\SDHelper.dll

O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - (no file)

O2 - BHO: scriptproxy - {7DB2D5A0-7241-4E79-B68D-6309F01C5231} - C:\Program Files (x86)\Common Files\McAfee\SystemCore\ScriptSn.20110921151225.dll

O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll

O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll

O2 - BHO: Adobe PDF Conversion Toolbar Helper - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll

O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files (x86)\Google\GoogleToolbarNotifier\5.7.6406.1642\swg.dll

O2 - BHO: McAfee SiteAdvisor BHO - {B164E929-A1B6-4A06-B104-2CD0E90A88FF} - c:\PROGRA~2\mcafee\SITEAD~1\mcieplg.dll

O2 - BHO: URLRedirectionBHO - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\PROGRA~2\MICROS~2\Office14\URLREDIR.DLL

O2 - BHO: SmartSelect - {F4971EE7-DAA0-4053-9964-665D8EE6A077} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll

O3 - Toolbar: McAfee SiteAdvisor Toolbar - {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - c:\PROGRA~2\mcafee\SITEAD~1\mcieplg.dll

O3 - Toolbar: Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll

O3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll

O4 - HKLM\..\Run: [iAStorIcon] C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe

O4 - HKLM\..\Run: [mcui_exe] "C:\Program Files\McAfee.com\Agent\mcagent.exe" /runkey

O4 - HKLM\..\Run: [suiteTray] "C:\Program Files (x86)\EgisTec MyWinLockerSuite\x86\SuiteTray.exe"

O4 - HKLM\..\Run: [EgisUpdate] "C:\Program Files (x86)\EgisTec IPS\EgisUpdate.exe" -d

O4 - HKLM\..\Run: [EgisTecPMMUpdate] "C:\Program Files (x86)\EgisTec IPS\PmmUpdate.exe"

O4 - HKLM\..\Run: [Norton Online Backup] C:\Program Files (x86)\Symantec\Norton Online Backup\NOBuClient.exe

O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe"

O4 - HKLM\..\Run: [backupManagerTray] "C:\Program Files (x86)\NewTech Infosystems\Acer Backup Manager\BackupManagerTray.exe" -h -k

O4 - HKLM\..\Run: [LManager] C:\Program Files (x86)\Launch Manager\LManager.exe

O4 - HKLM\..\Run: [switchBoard] C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe

O4 - HKLM\..\Run: [AdobeCS5.5ServiceManager] "C:\Program Files (x86)\Common Files\Adobe\CS5.5ServiceManager\CS5.5ServiceManager.exe" -launchedbylogin

O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"

O4 - HKLM\..\Run: [Adobe Acrobat Speed Launcher] "C:\Program Files (x86)\Adobe\Acrobat 10.0\Acrobat\Acrobat_sl.exe"

O4 - HKLM\..\Run: [Acrobat Assistant 8.0] "C:\Program Files (x86)\Adobe\Acrobat 10.0\Acrobat\Acrotray.exe"

O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime

O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files (x86)\iTunes\iTunesHelper.exe"

O4 - HKCU\..\Run: [swg] "C:\Program Files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe"

O4 - HKCU\..\Run: [Google Update] "C:\Users\Donn Flem\AppData\Local\Google\Update\GoogleUpdate.exe" /c

O4 - HKCU\..\Run: [spybotSD TeaTimer] C:\Program Files (x86)\Spybot - Search & Destroy\TeaTimer.exe

O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~2\MICROS~2\Office14\EXCEL.EXE/3000

O8 - Extra context menu item: Google Sidewiki... - res://C:\Program Files (x86)\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_950DF09FAB501E03.dll/cmsidewiki.html

O8 - Extra context menu item: Se&nd to OneNote - res://C:\PROGRA~2\MICROS~2\Office14\ONBttnIE.dll/105

O9 - Extra button: Blog This - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll

O9 - Extra 'Tools' menuitem: &Blog This in Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll

O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIE.dll

O9 - Extra 'Tools' menuitem: Se&nd to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIE.dll

O9 - Extra button: OneNote Lin&ked Notes - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIELinkedNotes.dll

O9 - Extra 'Tools' menuitem: OneNote Lin&ked Notes - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIELinkedNotes.dll

O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files (x86)\Spybot - Search & Destroy\SDHelper.dll

O9 - Extra 'Tools' menuitem: Spybot - Search && Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files (x86)\Spybot - Search & Destroy\SDHelper.dll

O16 - DPF: {4871A87A-BFDD-4106-8153-FFDE2BAC2967} (DLM Control) - http://dlm.tools.aka...vex-2.2.6.0.cab

O18 - Protocol: dssrequest - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\PROGRA~2\mcafee\SITEAD~1\mcieplg.dll

O18 - Protocol: sacore - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\PROGRA~2\mcafee\SITEAD~1\mcieplg.dll

O18 - Filter: application/x-mfe-ipt - {3EF5086B-5478-4598-A054-786C45D75692} - c:\progra~2\mcafee\msc\mcsniepl.dll

O18 - Filter hijack: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE14\MSOXMLMF.DLL

O23 - Service: McAfee Application Installer Cleanup (0142131316632884) (0142131316632884mcinstcleanup) - Unknown owner - C:\Windows\TEMP\014213~1.EXE (file missing)

O23 - Service: @%SystemRoot%\system32\Alg.exe,-112 (ALG) - Unknown owner - C:\Windows\System32\alg.exe (file missing)

O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe

O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files (x86)\Bonjour\mDNSResponder.exe

O23 - Service: Dritek WMI Service (DsiWMIService) - Dritek System Inc. - C:\Program Files (x86)\Launch Manager\dsiwmis.exe

O23 - Service: @%SystemRoot%\system32\efssvc.dll,-100 (EFS) - Unknown owner - C:\Windows\System32\lsass.exe (file missing)

O23 - Service: Acer ePower Service (ePowerSvc) - Acer Incorporated - C:\Program Files\Acer\Acer ePower Management\ePowerSvc.exe

O23 - Service: @%systemroot%\system32\fxsresm.dll,-118 (Fax) - Unknown owner - C:\Windows\system32\fxssvc.exe (file missing)

O23 - Service: FLEXnet Licensing Service - Acresso Software Inc. - C:\Program Files (x86)\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe

O23 - Service: GameConsoleService - WildTangent, Inc. - C:\Program Files (x86)\Acer Games\Acer Game Console\GameConsoleService.exe

O23 - Service: GREGService - Acer Incorporated - C:\Program Files (x86)\Acer\Registration\GREGsvc.exe

O23 - Service: Google Update Service (gupdate) (gupdate) - Google Inc. - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe

O23 - Service: Google Update Service (gupdatem) (gupdatem) - Google Inc. - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe

O23 - Service: Google Software Updater (gusvc) - Google - C:\Program Files (x86)\Google\Common\Google Updater\GoogleUpdaterService.exe

O23 - Service: Intel® Rapid Storage Technology (IAStorDataMgrSvc) - Intel Corporation - C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe

O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe

O23 - Service: @keyiso.dll,-100 (KeyIso) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)

O23 - Service: Intel® Management and Security Application Local Management Service (LMS) - Intel Corporation - C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe

O23 - Service: McAfee SiteAdvisor Service - McAfee, Inc. - C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe

O23 - Service: McAfee Personal Firewall Service (McMPFSvc) - McAfee, Inc. - C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe

O23 - Service: McAfee Services (mcmscsvc) - McAfee, Inc. - C:\Program Files\Common Files\mcafee\McSvcHost\McSvHost.exe

O23 - Service: McAfee VirusScan Announcer (McNaiAnn) - McAfee, Inc. - C:\Program Files\Common Files\mcafee\McSvcHost\McSvHost.exe

O23 - Service: McAfee Network Agent (McNASvc) - McAfee, Inc. - C:\Program Files\Common Files\mcafee\McSvcHost\McSvHost.exe

O23 - Service: McAfee Scanner (McODS) - McAfee, Inc. - C:\Program Files\mcafee\VirusScan\mcods.exe

O23 - Service: McAfee Proxy Service (McProxy) - McAfee, Inc. - C:\Program Files\Common Files\mcafee\McSvcHost\McSvHost.exe

O23 - Service: McAfee McShield (McShield) - McAfee, Inc. - C:\Program Files\Common Files\McAfee\SystemCore\\mcshield.exe

O23 - Service: McAfee Firewall Core Service (mfefire) - McAfee, Inc. - C:\Program Files\Common Files\McAfee\SystemCore\\mfefire.exe

O23 - Service: McAfee Validation Trust Protection Service (mfevtp) - McAfee, Inc. - C:\Program Files\Common Files\McAfee\SystemCore\mfevtps.exe

O23 - Service: MotoHelper Service (MotoHelper) - Unknown owner - C:\Program Files (x86)\Motorola\MotoHelper\MotoHelperService.exe

O23 - Service: @comres.dll,-2797 (MSDTC) - Unknown owner - C:\Windows\System32\msdtc.exe (file missing)

O23 - Service: McAfee Anti-Spam Service (MSK80Service) - McAfee, Inc. - C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe

O23 - Service: MyWinLocker Service (MWLService) - Egis Technology Inc. - C:\Program Files (x86)\EgisTec MyWinLocker\x86\MWLService.exe

O23 - Service: @%SystemRoot%\System32\netlogon.dll,-102 (Netlogon) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)

O23 - Service: Norton Online Backup (NOBU) - Symantec Corporation - C:\Program Files (x86)\Symantec\Norton Online Backup\NOBuAgent.exe

O23 - Service: NTI IScheduleSvc - NewTech Infosystems, Inc. - C:\Program Files (x86)\NewTech Infosystems\Acer Backup Manager\IScheduleSvc.exe

O23 - Service: @%systemroot%\system32\psbase.dll,-300 (ProtectedStorage) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)

O23 - Service: @%systemroot%\system32\Locator.exe,-2 (RpcLocator) - Unknown owner - C:\Windows\system32\locator.exe (file missing)

O23 - Service: Remote Procedure Call (RPC) Net (rpcnet) - Absolute Software Corp. - C:\Windows\SysWOW64\rpcnet.exe

O23 - Service: @%SystemRoot%\system32\samsrv.dll,-1 (SamSs) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)

O23 - Service: SBSD Security Center Service (SBSDWSCService) - Safer Networking Ltd. - C:\Program Files (x86)\Spybot - Search & Destroy\SDWinSec.exe

O23 - Service: @%SystemRoot%\system32\snmptrap.exe,-3 (SNMPTRAP) - Unknown owner - C:\Windows\System32\snmptrap.exe (file missing)

O23 - Service: @%systemroot%\system32\spoolsv.exe,-1 (Spooler) - Unknown owner - C:\Windows\System32\spoolsv.exe (file missing)

O23 - Service: @%SystemRoot%\system32\sppsvc.exe,-101 (sppsvc) - Unknown owner - C:\Windows\system32\sppsvc.exe (file missing)

O23 - Service: Adobe SwitchBoard (SwitchBoard) - Adobe Systems Incorporated - C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe

O23 - Service: @%SystemRoot%\system32\ui0detect.exe,-101 (UI0Detect) - Unknown owner - C:\Windows\system32\UI0Detect.exe (file missing)

O23 - Service: Intel® Management & Security Application User Notification Service (UNS) - Intel Corporation - C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe

O23 - Service: Updater Service - Acer Group - C:\Program Files\Acer\Acer Updater\UpdaterService.exe

O23 - Service: @%SystemRoot%\system32\vaultsvc.dll,-1003 (VaultSvc) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)

O23 - Service: @%SystemRoot%\system32\vds.exe,-100 (vds) - Unknown owner - C:\Windows\System32\vds.exe (file missing)

O23 - Service: @%systemroot%\system32\vssvc.exe,-102 (VSS) - Unknown owner - C:\Windows\system32\vssvc.exe (file missing)

O23 - Service: @%SystemRoot%\system32\Wat\WatUX.exe,-601 (WatAdminSvc) - Unknown owner - C:\Windows\system32\Wat\WatAdminSvc.exe (file missing)

O23 - Service: @%systemroot%\system32\wbengine.exe,-104 (wbengine) - Unknown owner - C:\Windows\system32\wbengine.exe (file missing)

O23 - Service: @%Systemroot%\system32\wbem\wmiapsrv.exe,-110 (wmiApSrv) - Unknown owner - C:\Windows\system32\wbem\WmiApSrv.exe (file missing)

O23 - Service: @%PROGRAMFILES%\Windows Media Player\wmpnetwk.exe,-101 (WMPNetworkSvc) - Unknown owner - C:\Program Files (x86)\Windows Media Player\wmpnetwk.exe (file missing)

 

--

End of file - 16186 bytes

 

 

DDS Log:

 

.

DDS (Ver_2011-08-26.01) - NTFSAMD64

Internet Explorer: 8.0.7601.17514

Run by Donn Flem at 11:24:05 on 2011-09-23

Microsoft Windows 7 Home Premium 6.1.7601.1.1252.1.1033.18.3767.1701 [GMT -4:00]

.

AV: McAfee Anti-Virus and Anti-Spyware *Enabled/Updated* {86355677-4064-3EA7-ABB3-1B136EB04637}

SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

SP: McAfee Anti-Virus and Anti-Spyware *Enabled/Updated* {3D54B793-665E-3129-9103-206115370C8A}

FW: McAfee Firewall *Enabled* {BE0ED752-0A0B-3FFF-80EC-B2269063014C}

.

============== Running Processes ===============

.

C:\Windows\system32\wininit.exe

C:\Windows\system32\lsm.exe

C:\Windows\system32\svchost.exe -k DcomLaunch

C:\Windows\system32\svchost.exe -k RPCSS

C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted

C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted

C:\Windows\system32\svchost.exe -k netsvcs

C:\Windows\system32\svchost.exe -k LocalService

C:\Windows\system32\svchost.exe -k NetworkService

C:\Windows\System32\spoolsv.exe

C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork

C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe

C:\Program Files (x86)\Bonjour\mDNSResponder.exe

C:\Program Files (x86)\Launch Manager\dsiwmis.exe

C:\Program Files\Acer\Acer ePower Management\ePowerSvc.exe

C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation

C:\Program Files (x86)\Acer\Registration\GREGsvc.exe

C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe

C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe

C:\Program Files\Common Files\McAfee\SystemCore\mfevtps.exe

C:\Program Files (x86)\Motorola\MotoHelper\MotoHelperService.exe

C:\Windows\system32\rundll32.exe

C:\Windows\SysWOW64\rundll32.exe

C:\Program Files (x86)\Symantec\Norton Online Backup\NOBuAgent.exe

C:\Program Files (x86)\NewTech Infosystems\Acer Backup Manager\IScheduleSvc.exe

C:\Windows\SysWOW64\rpcnet.exe

C:\Program Files\Acer\Acer Updater\UpdaterService.exe

C:\Program Files\Common Files\McAfee\SystemCore\mcshield.exe

C:\Program Files\Common Files\McAfee\SystemCore\mfefire.exe

C:\Program Files (x86)\Spybot - Search & Destroy\SDWinSec.exe

C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe

C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe

C:\Windows\system32\SearchIndexer.exe

C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe

C:\Program Files\Windows Media Player\wmpnetwk.exe

C:\Windows\system32\taskhost.exe

C:\Windows\system32\Dwm.exe

C:\Windows\Explorer.EXE

C:\Program Files (x86)\Motorola\MotoHelper\MotoHelperAgent.exe

C:\Program Files (x86)\EgisTec MyWinLocker\x86\mwlDaemon.exe

C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe

C:\Program Files\Synaptics\SynTP\SynTPEnh.exe

C:\Windows\PLFSetI.exe

C:\Program Files\Acer\Acer ePower Management\ePowerTray.exe

C:\Windows\System32\igfxtray.exe

C:\Windows\System32\hkcmd.exe

C:\Windows\System32\igfxpers.exe

C:\Program Files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe

C:\Windows\system32\igfxsrvc.exe

C:\Program Files (x86)\Spybot - Search & Destroy\TeaTimer.exe

C:\Users\Donn Flem\AppData\Local\Google\Update\1.3.21.69\GoogleCrashHandler.exe

C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe

C:\Program Files (x86)\EgisTec IPS\PmmUpdate.exe

C:\Program Files (x86)\NewTech Infosystems\Acer Backup Manager\BackupManagerTray.exe

C:\Program Files (x86)\Launch Manager\LManager.exe

C:\Program Files\Synaptics\SynTP\SynTPHelper.exe

C:\Program Files (x86)\Launch Manager\MMDx64Fx.exe

C:\Program Files (x86)\Adobe\Acrobat 10.0\Acrobat\acrotray.exe

C:\Program Files (x86)\Launch Manager\LMworker.exe

C:\Windows\system32\igfxext.exe

C:\Program Files (x86)\iTunes\iTunesHelper.exe

C:\Windows\system32\wbem\unsecapp.exe

C:\Windows\system32\wbem\wmiprvse.exe

C:\Program Files (x86)\EgisTec IPS\EgisUpdate.exe

C:\Program Files\iPod\bin\iPodService.exe

C:\Program Files\Acer\Acer ePower Management\ePowerEvent.exe

C:\Windows\system32\svchost.exe -k SDRSVC

C:\Windows\system32\svchost.exe -k imgsvc

C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE

C:\Program Files (x86)\iTunes\iTunes.exe

C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceHelper.exe

C:\Windows\system32\conhost.exe

C:\Program Files (x86)\Common Files\Apple\Apple Application Support\distnoted.exe

C:\Windows\system32\conhost.exe

C:\Windows\system32\taskhost.exe

C:\Program Files\mcafee.com\agent\mcagent.exe

C:\Program Files (x86)\Adobe\Acrobat 10.0\Acrobat\AcroDist.exe

C:\Windows\system32\wbem\wmiprvse.exe

C:\Windows\system32\taskeng.exe

C:\Windows\system32\DllHost.exe

C:\Windows\system32\DllHost.exe

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\conhost.exe

C:\Windows\SysWOW64\cscript.exe

.

============== Pseudo HJT Report ===============

.

uStart Page = hxxp://www.google.com/

uDefault_Page_URL = hxxp://homepage.acer.com/rdr.aspx?b=ACAW&l=0409&m=aspire_5742z&r=27361010v025l04g4z115v47l21458

mDefault_Page_URL = hxxp://homepage.acer.com/rdr.aspx?b=ACAW&l=0409&m=aspire_5742z&r=27361010v025l04g4z115v47l21458

mStart Page = hxxp://homepage.acer.com/rdr.aspx?b=ACAW&l=0409&m=aspire_5742z&r=27361010v025l04g4z115v47l21458

uInternet Settings,ProxyOverride = *.local

uURLSearchHooks: McAfee SiteAdvisor Toolbar: {0ebbbe48-bad4-4b4c-8e5a-516abecae064} - c:\PROGRA~2\mcafee\SITEAD~1\mcieplg.dll

mWinlogon: Userinit=userinit.exe,

BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll

BHO: McAfee Phishing Filter: {27b4851a-3207-45a2-b947-be8afe6163ab} - c:\progra~1\mcafee\msk\mskapbho.dll

BHO: Spybot-S&D IE Protection: {53707962-6f74-2d53-2644-206d7942484f} - C:\Program Files (x86)\Spybot - Search & Destroy\SDHelper.dll

BHO: {5C255C8A-E604-49b4-9D64-90988571CECB} - No File

BHO: scriptproxy: {7db2d5a0-7241-4e79-b68d-6309f01c5231} - C:\Program Files (x86)\Common Files\McAfee\SystemCore\ScriptSn.20110921151225.dll

BHO: Windows Live Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll

BHO: Google Toolbar Helper: {aa58ed58-01dd-4d91-8333-cf10577473f7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll

BHO: Adobe PDF Conversion Toolbar Helper: {ae7cd045-e861-484f-8273-0445ee161910} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll

BHO: Google Toolbar Notifier BHO: {af69de43-7d58-4638-b6fa-ce66b5ad205d} - C:\Program Files (x86)\Google\GoogleToolbarNotifier\5.7.6406.1642\swg.dll

BHO: McAfee SiteAdvisor BHO: {b164e929-a1b6-4a06-b104-2cd0e90a88ff} - c:\PROGRA~2\mcafee\SITEAD~1\mcieplg.dll

BHO: Office Document Cache Handler: {b4f3a835-0e21-4959-ba22-42b3008e02ff} - C:\PROGRA~2\MICROS~2\Office14\URLREDIR.DLL

BHO: SmartSelect Class: {f4971ee7-daa0-4053-9964-665d8ee6a077} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll

TB: McAfee SiteAdvisor Toolbar: {0ebbbe48-bad4-4b4c-8e5a-516abecae064} - c:\PROGRA~2\mcafee\SITEAD~1\mcieplg.dll

TB: Google Toolbar: {2318c2b1-4965-11d4-9b18-009027a5cd4f} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll

TB: Adobe PDF: {47833539-d0c5-4125-9fa8-0819e2eaac93} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll

uRun: [swg] "C:\Program Files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe"

uRun: [Google Update] "C:\Users\Donn Flem\AppData\Local\Google\Update\GoogleUpdate.exe" /c

uRun: [spybotSD TeaTimer] C:\Program Files (x86)\Spybot - Search & Destroy\TeaTimer.exe

mRun: [iAStorIcon] C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe

mRun: [mcui_exe] "C:\Program Files\McAfee.com\Agent\mcagent.exe" /runkey

mRun: [suiteTray] "C:\Program Files (x86)\EgisTec MyWinLockerSuite\x86\SuiteTray.exe"

mRun: [EgisUpdate] "C:\Program Files (x86)\EgisTec IPS\EgisUpdate.exe" -d

mRun: [EgisTecPMMUpdate] "C:\Program Files (x86)\EgisTec IPS\PmmUpdate.exe"

mRun: [Norton Online Backup] C:\Program Files (x86)\Symantec\Norton Online Backup\NOBuClient.exe

mRun: [Adobe Reader Speed Launcher] "C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe"

mRun: [backupManagerTray] "C:\Program Files (x86)\NewTech Infosystems\Acer Backup Manager\BackupManagerTray.exe" -h -k

mRun: [LManager] C:\Program Files (x86)\Launch Manager\LManager.exe

mRun: [switchBoard] C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe

mRun: [AdobeCS5.5ServiceManager] "C:\Program Files (x86)\Common Files\Adobe\CS5.5ServiceManager\CS5.5ServiceManager.exe" -launchedbylogin

mRun: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"

mRun: [<NO NAME>]

mRun: [Adobe Acrobat Speed Launcher] "C:\Program Files (x86)\Adobe\Acrobat 10.0\Acrobat\Acrobat_sl.exe"

mRun: [Acrobat Assistant 8.0] "C:\Program Files (x86)\Adobe\Acrobat 10.0\Acrobat\Acrotray.exe"

mRun: [QuickTime Task] "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime

mRun: [iTunesHelper] "C:\Program Files (x86)\iTunes\iTunesHelper.exe"

mPolicies-explorer: NoActiveDesktop = 1 (0x1)

mPolicies-explorer: NoActiveDesktopChanges = 1 (0x1)

mPolicies-system: ConsentPromptBehaviorAdmin = 5 (0x5)

mPolicies-system: ConsentPromptBehaviorUser = 3 (0x3)

mPolicies-system: EnableUIADesktopToggle = 0 (0x0)

IE: E&xport to Microsoft Excel - C:\PROGRA~2\MICROS~2\Office14\EXCEL.EXE/3000

IE: Google Sidewiki... - C:\Program Files (x86)\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_950DF09FAB501E03.dll/cmsidewiki.html

IE: Se&nd to OneNote - C:\PROGRA~2\MICROS~2\Office14\ONBttnIE.dll/105

IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll

IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIE.dll

IE: {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - {FFFDC614-B694-4AE6-AB38-5D6374584B52} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIELinkedNotes.dll

IE: {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files (x86)\Spybot - Search & Destroy\SDHelper.dll

LSP: mswsock.dll

DPF: {4871A87A-BFDD-4106-8153-FFDE2BAC2967} - hxxp://dlm.tools.akamai.com/dlmanager/versions/activex/dlm-activex-2.2.6.0.cab

TCP: DhcpNameServer = 192.168.1.1

TCP: Interfaces\{7E9AC7C6-831C-49D7-B18B-C9FF122216C5} : DhcpNameServer = 192.168.1.1

TCP: Interfaces\{7E9AC7C6-831C-49D7-B18B-C9FF122216C5}\E44575966496 : DhcpNameServer = 172.28.26.4 172.16.1.20 172.16.1.21 172.16.1.86

Filter: application/x-mfe-ipt - {3EF5086B-5478-4598-A054-786C45D75692} - c:\PROGRA~2\McAfee\msc\McSnIePl.dll

Filter: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - C:\Program Files (x86)\Common Files\microsoft shared\OFFICE14\MSOXMLMF.DLL

Handler: dssrequest - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\PROGRA~2\McAfee\SITEAD~1\McIEPlg.dll

Handler: sacore - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\PROGRA~2\McAfee\SITEAD~1\McIEPlg.dll

SubSystems: Windows = basesrv,1 winsrv:UserServerDllInitialization,3 consrv:ConServerDllInitialization,2 sxssrv,4

BHO-X64: Adobe PDF Link Helper: {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll

BHO-X64: AcroIEHelperStub - No File

BHO-X64: McAfee Phishing Filter: {27B4851A-3207-45A2-B947-BE8AFE6163AB} - c:\progra~1\mcafee\msk\mskapbho.dll

BHO-X64: McAfee Phishing Filter - No File

BHO-X64: Spybot-S&D IE Protection: {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files (x86)\Spybot - Search & Destroy\SDHelper.dll

BHO-X64: {5C255C8A-E604-49b4-9D64-90988571CECB} - No File

BHO-X64: scriptproxy: {7DB2D5A0-7241-4E79-B68D-6309F01C5231} - C:\Program Files (x86)\Common Files\McAfee\SystemCore\ScriptSn.20110921151225.dll

BHO-X64: scriptproxy - No File

BHO-X64: Windows Live Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll

BHO-X64: Google Toolbar Helper: {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll

BHO-X64: Adobe PDF Conversion Toolbar Helper: {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll

BHO-X64: Google Toolbar Notifier BHO: {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files (x86)\Google\GoogleToolbarNotifier\5.7.6406.1642\swg.dll

BHO-X64: McAfee SiteAdvisor BHO: {B164E929-A1B6-4A06-B104-2CD0E90A88FF} - c:\PROGRA~2\mcafee\SITEAD~1\mcieplg.dll

BHO-X64: Office Document Cache Handler: {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\PROGRA~2\MICROS~2\Office14\URLREDIR.DLL

BHO-X64: URLRedirectionBHO - No File

BHO-X64: SmartSelect Class: {F4971EE7-DAA0-4053-9964-665D8EE6A077} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll

BHO-X64: SmartSelect - No File

TB-X64: McAfee SiteAdvisor Toolbar: {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - c:\PROGRA~2\mcafee\SITEAD~1\mcieplg.dll

TB-X64: Google Toolbar: {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll

TB-X64: Adobe PDF: {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll

mRun-x64: [iAStorIcon] C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe

mRun-x64: [mcui_exe] "C:\Program Files\McAfee.com\Agent\mcagent.exe" /runkey

mRun-x64: [suiteTray] "C:\Program Files (x86)\EgisTec MyWinLockerSuite\x86\SuiteTray.exe"

mRun-x64: [EgisUpdate] "C:\Program Files (x86)\EgisTec IPS\EgisUpdate.exe" -d

mRun-x64: [EgisTecPMMUpdate] "C:\Program Files (x86)\EgisTec IPS\PmmUpdate.exe"

mRun-x64: [Norton Online Backup] C:\Program Files (x86)\Symantec\Norton Online Backup\NOBuClient.exe

mRun-x64: [Adobe Reader Speed Launcher] "C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe"

mRun-x64: [backupManagerTray] "C:\Program Files (x86)\NewTech Infosystems\Acer Backup Manager\BackupManagerTray.exe" -h -k

mRun-x64: [LManager] C:\Program Files (x86)\Launch Manager\LManager.exe

mRun-x64: [switchBoard] C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe

mRun-x64: [AdobeCS5.5ServiceManager] "C:\Program Files (x86)\Common Files\Adobe\CS5.5ServiceManager\CS5.5ServiceManager.exe" -launchedbylogin

mRun-x64: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"

mRun-x64: [(Default)]

mRun-x64: [Adobe Acrobat Speed Launcher] "C:\Program Files (x86)\Adobe\Acrobat 10.0\Acrobat\Acrobat_sl.exe"

mRun-x64: [Acrobat Assistant 8.0] "C:\Program Files (x86)\Adobe\Acrobat 10.0\Acrobat\Acrotray.exe"

mRun-x64: [QuickTime Task] "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime

mRun-x64: [iTunesHelper] "C:\Program Files (x86)\iTunes\iTunesHelper.exe"

.

============= SERVICES / DRIVERS ===============

.

R0 mfehidk;McAfee Inc. mfehidk;C:\Windows\system32\drivers\mfehidk.sys --> C:\Windows\system32\drivers\mfehidk.sys [?]

R0 mfewfpk;McAfee Inc. mfewfpk;C:\Windows\system32\drivers\mfewfpk.sys --> C:\Windows\system32\drivers\mfewfpk.sys [?]

R1 mfenlfk;McAfee NDIS Light Filter;C:\Windows\system32\DRIVERS\mfenlfk.sys --> C:\Windows\system32\DRIVERS\mfenlfk.sys [?]

R1 mwlPSDFilter;mwlPSDFilter;C:\Windows\system32\DRIVERS\mwlPSDFilter.sys --> C:\Windows\system32\DRIVERS\mwlPSDFilter.sys [?]

R1 mwlPSDNServ;mwlPSDNServ;C:\Windows\system32\DRIVERS\mwlPSDNServ.sys --> C:\Windows\system32\DRIVERS\mwlPSDNServ.sys [?]

R1 mwlPSDVDisk;mwlPSDVDisk;C:\Windows\system32\DRIVERS\mwlPSDVDisk.sys --> C:\Windows\system32\DRIVERS\mwlPSDVDisk.sys [?]

R1 vwififlt;Virtual WiFi Filter Driver;C:\Windows\system32\DRIVERS\vwififlt.sys --> C:\Windows\system32\DRIVERS\vwififlt.sys [?]

R2 DsiWMIService;Dritek WMI Service;C:\Program Files (x86)\Launch Manager\dsiwmis.exe [2010-7-25 321104]

R2 ePowerSvc;Acer ePower Service;C:\Program Files\Acer\Acer ePower Management\ePowerSvc.exe [2010-8-19 868896]

R2 GREGService;GREGService;C:\Program Files (x86)\Acer\Registration\GREGsvc.exe [2010-1-8 23584]

R2 IAStorDataMgrSvc;Intel® Rapid Storage Technology;C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe [2010-7-20 13336]

R2 McAfee SiteAdvisor Service;McAfee SiteAdvisor Service;C:\Program Files\Common Files\mcafee\mcsvchost\McSvHost.exe [2011-9-5 249936]

R2 McNaiAnn;McAfee VirusScan Announcer;C:\Program Files\Common Files\mcafee\mcsvchost\McSvHost.exe [2011-9-5 249936]

R2 McProxy;McAfee Proxy Service;C:\Program Files\Common Files\mcafee\mcsvchost\McSvHost.exe [2011-9-5 249936]

R2 McShield;McAfee McShield;C:\Program Files\Common Files\mcafee\systemcore\mcshield.exe [2010-7-20 199008]

R2 mfefire;McAfee Firewall Core Service;C:\Program Files\Common Files\mcafee\systemcore\mfefire.exe [2010-7-20 208272]

R2 mfevtp;McAfee Validation Trust Protection Service;C:\Program Files\Common Files\mcafee\systemcore\mfevtps.exe [2010-7-20 158832]

R2 MotoHelper;MotoHelper Service;C:\Program Files (x86)\Motorola\MotoHelper\MotoHelperService.exe [2010-9-7 202048]

R2 NOBU;Norton Online Backup;C:\Program Files (x86)\Symantec\Norton Online Backup\NOBuAgent.exe [2010-6-1 2804568]

R2 NTI IScheduleSvc;NTI IScheduleSvc;C:\Program Files (x86)\NewTech Infosystems\Acer Backup Manager\IScheduleSvc.exe [2010-6-28 255744]

R2 SBSDWSCService;SBSD Security Center Service;C:\Program Files (x86)\Spybot - Search & Destroy\SDWinSec.exe [2011-9-8 1153368]

R2 UNS;Intel® Management & Security Application User Notification Service;C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe [2010-7-20 2320920]

R2 Updater Service;Updater Service;C:\Program Files\Acer\Acer Updater\UpdaterService.exe [2010-7-20 243232]

R3 HECIx64;Intel® Management Engine Interface;C:\Windows\system32\DRIVERS\HECIx64.sys --> C:\Windows\system32\DRIVERS\HECIx64.sys [?]

R3 Impcd;Impcd;C:\Windows\system32\DRIVERS\Impcd.sys --> C:\Windows\system32\DRIVERS\Impcd.sys [?]

R3 IntcDAud;Intel® Display Audio;C:\Windows\system32\DRIVERS\IntcDAud.sys --> C:\Windows\system32\DRIVERS\IntcDAud.sys [?]

R3 k57nd60a;Broadcom NetLink ™ Gigabit Ethernet - NDIS 6.0;C:\Windows\system32\DRIVERS\k57nd60a.sys --> C:\Windows\system32\DRIVERS\k57nd60a.sys [?]

R3 MBAMProtector;MBAMProtector;\??\C:\Windows\system32\drivers\mbam.sys --> C:\Windows\system32\drivers\mbam.sys [?]

R3 mfeavfk;McAfee Inc. mfeavfk;C:\Windows\system32\drivers\mfeavfk.sys --> C:\Windows\system32\drivers\mfeavfk.sys [?]

R3 mfefirek;McAfee Inc. mfefirek;C:\Windows\system32\drivers\mfefirek.sys --> C:\Windows\system32\drivers\mfefirek.sys [?]

R3 osppsvc;Office Software Protection Platform;C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE [2010-1-9 4925184]

R4 MBAMService;MBAMService;C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [2011-9-5 366640]

S2 0142131316632884mcinstcleanup;McAfee Application Installer Cleanup (0142131316632884);C:\Windows\TEMP\014213~1.EXE C:\PROGRA~2\COMMON~1\McAfee\INSTAL~1\cleanup.ini -cleanup -nolog -service --> C:\Windows\TEMP\014213~1.EXE C:\PROGRA~2\COMMON~1\McAfee\INSTAL~1\cleanup.ini -cleanup -nolog -service [?]

S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]

S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-3-18 138576]

S2 gupdate;Google Update Service (gupdate);C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2010-10-29 135664]

S2 McMPFSvc;McAfee Personal Firewall Service;C:\Program Files\Common Files\mcafee\mcsvchost\McSvHost.exe [2011-9-5 249936]

S3 cfwids;McAfee Inc. cfwids;C:\Windows\system32\drivers\cfwids.sys --> C:\Windows\system32\drivers\cfwids.sys [?]

S3 gupdatem;Google Update Service (gupdatem);C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2010-10-29 135664]

S3 mferkdet;McAfee Inc. mferkdet;C:\Windows\system32\drivers\mferkdet.sys --> C:\Windows\system32\drivers\mferkdet.sys [?]

S3 MWLService;MyWinLocker Service;C:\Program Files (x86)\EgisTec MyWinLocker\x86\MWLService.exe [2010-5-26 305520]

S3 RSUSBSTOR;RtsUStor.Sys Realtek USB Card Reader;C:\Windows\system32\Drivers\RtsUStor.sys --> C:\Windows\system32\Drivers\RtsUStor.sys [?]

S3 SwitchBoard;Adobe SwitchBoard;C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [2010-2-19 517096]

S3 TsUsbFlt;TsUsbFlt;C:\Windows\system32\drivers\tsusbflt.sys --> C:\Windows\system32\drivers\tsusbflt.sys [?]

S3 WatAdminSvc;Windows Activation Technologies Service;C:\Windows\system32\Wat\WatAdminSvc.exe --> C:\Windows\system32\Wat\WatAdminSvc.exe [?]

S4 McOobeSv;McAfee OOBE Service;C:\Program Files\Common Files\mcafee\mcsvchost\McSvHost.exe [2011-9-5 249936]

.

=============== Created Last 30 ================

.

2011-09-23 15:07:30 388096 ----a-r- C:\Users\Donn Flem\AppData\Roaming\Microsoft\Installer\{45A66726-69BC-466B-A7A4-12FCBA4883D7}\HiJackThis.exe

2011-09-23 15:05:17 -------- d-----w- C:\HJT

2011-09-20 18:39:30 -------- d-----w- C:\Users\Donn Flem\AppData\Local\Apple Computer

2011-09-20 18:39:14 34152 ----a-w- C:\Windows\System32\drivers\GEARAspiWDM.sys

2011-09-20 18:39:14 126312 ----a-w- C:\Windows\System32\GEARAspi64.dll

2011-09-20 18:39:14 107368 ----a-w- C:\Windows\SysWow64\GEARAspi.dll

2011-09-20 18:38:14 -------- d-----w- C:\Program Files\iPod

2011-09-20 18:38:13 -------- d-----w- C:\ProgramData\{93E26451-CD9A-43A5-A2FA-C42392EA4001}

2011-09-20 18:38:13 -------- d-----w- C:\Program Files\iTunes

2011-09-20 18:38:13 -------- d-----w- C:\Program Files (x86)\iTunes

2011-09-20 18:37:36 159744 ----a-w- C:\Program Files (x86)\Internet Explorer\Plugins\npqtplugin7.dll

2011-09-20 18:37:36 159744 ----a-w- C:\Program Files (x86)\Internet Explorer\Plugins\npqtplugin6.dll

2011-09-20 18:37:36 159744 ----a-w- C:\Program Files (x86)\Internet Explorer\Plugins\npqtplugin5.dll

2011-09-20 18:37:36 159744 ----a-w- C:\Program Files (x86)\Internet Explorer\Plugins\npqtplugin4.dll

2011-09-20 18:37:36 159744 ----a-w- C:\Program Files (x86)\Internet Explorer\Plugins\npqtplugin3.dll

2011-09-20 18:37:36 159744 ----a-w- C:\Program Files (x86)\Internet Explorer\Plugins\npqtplugin2.dll

2011-09-20 18:37:36 159744 ----a-w- C:\Program Files (x86)\Internet Explorer\Plugins\npqtplugin.dll

2011-09-20 18:36:50 -------- d-----w- C:\Users\Donn Flem\AppData\Local\Apple

2011-09-20 18:36:13 -------- d-----w- C:\Program Files\Bonjour

2011-09-20 18:36:13 -------- d-----w- C:\Program Files (x86)\Bonjour

2011-09-19 22:34:55 -------- d-----w- C:\Users\Donn Flem\AppData\Local\ElevatedDiagnostics

2011-09-17 02:03:19 -------- d-----w- C:\Windows\System32\MpEngineStore

2011-09-15 16:17:38 -------- d-----w- C:\ProgramData\AVAST Software

2011-09-15 16:17:38 -------- d-----w- C:\Program Files\AVAST Software

2011-09-13 13:58:35 -------- d-----w- C:\Program Files (x86)\MSXML 4.0

2011-09-12 23:50:54 80024 ----a-w- C:\Windows\SysWow64\PICSDK.dll

2011-09-12 23:50:54 51360 ----a-w- C:\Windows\SysWow64\EpPicPrt.dll

2011-09-12 23:50:54 51360 ----a-w- C:\Windows\SysWow64\EpPicMgr.dll

2011-09-12 23:50:54 501912 ----a-w- C:\Windows\SysWow64\PICSDK2.dll

2011-09-12 23:50:54 108704 ----a-w- C:\Windows\SysWow64\PICEntry.dll

2011-09-12 23:50:42 -------- d-----w- C:\ProgramData\EPSON

2011-09-12 23:48:51 -------- d-----w- C:\Program Files\EPSON

2011-09-12 23:48:37 -------- d-----w- C:\Program Files (x86)\epson

2011-09-12 23:48:35 101888 ----a-w- C:\Windows\System32\esxcwiad.dll

2011-09-12 03:16:16 -------- d-----w- C:\Program Files\Motorola Inc

2011-09-12 03:16:16 -------- d-----w- C:\Program Files\Common Files\Motorola Shared

2011-09-12 03:16:03 -------- d-----w- C:\Program Files (x86)\Motorola

2011-09-12 03:16:03 -------- d-----w- C:\Program Files (x86)\Common Files\MSSoap

2011-09-11 17:10:53 -------- d-----w- C:\Program Files (x86)\California Font Manager

2011-09-09 08:31:57 -------- d-----w- C:\Windows\System32\SPReview

2011-09-09 08:30:42 -------- d-----w- C:\Windows\System32\EventProviders

2011-09-09 08:24:59 488448 ----a-w- C:\Windows\System32\secproc.dll

2011-09-09 08:23:59 853504 ----a-w- C:\Windows\System32\IKEEXT.DLL

2011-09-09 08:22:58 395776 ----a-w- C:\Windows\System32\webio.dll

2011-09-09 08:21:59 312832 ----a-w- C:\Windows\System32\Wldap32.dll

2011-09-09 08:20:59 988160 ----a-w- C:\Windows\SysWow64\propsys.dll

2011-09-09 08:19:58 780008 ----a-w- C:\Windows\System32\ci.dll

2011-09-09 08:17:58 372736 ----a-w- C:\Windows\System32\mtxclu.dll

2011-09-09 08:16:59 72192 ----a-w- C:\Windows\SysWow64\regapi.dll

2011-09-09 08:15:59 983040 ----a-w- C:\Program Files (x86)\Windows Media Player\WMPDMC.exe

2011-09-09 08:14:59 216576 ----a-w- C:\Windows\SysWow64\FWPUCLNT.DLL

2011-09-09 08:13:59 226304 ----a-w- C:\Windows\SysWow64\MSAC3ENC.DLL

2011-09-09 08:12:59 321536 ----a-w- C:\Windows\System32\unimdm.tsp

2011-09-09 08:11:59 34816 ----a-w- C:\Windows\SysWow64\httpapi.dll

2011-09-09 08:10:59 241664 ----a-w- C:\Windows\System32\Ribbons.scr

2011-09-09 08:09:59 133120 ----a-w- C:\Windows\System32\Kswdmcap.ax

2011-09-09 08:08:59 183296 ----a-w- C:\Windows\SysWow64\PortableDeviceSyncProvider.dll

2011-09-09 08:07:58 90624 ----a-w- C:\Windows\System32\KMSVC.DLL

2011-09-09 08:05:59 72192 ----a-w- C:\Windows\System32\napdsnap.dll

2011-09-09 08:04:58 8704 ----a-w- C:\Windows\SysWow64\riched32.dll

2011-09-09 08:03:50 350208 ----a-w- C:\Windows\System32\drivers\HdAudio.sys

2011-09-09 08:02:52 3072 ----a-w- C:\Windows\System32\drivers\en-US\tsusbflt.sys.mui

2011-09-09 08:02:48 2560 ----a-w- C:\Windows\System32\drivers\en-US\rdpwd.sys.mui

2011-09-09 08:02:07 6144 ----a-w- C:\Windows\System32\drivers\en-US\IPMIDrv.sys.mui

2011-09-09 08:02:07 4608 ----a-w- C:\Windows\System32\drivers\en-US\kbdclass.sys.mui

2011-09-09 08:02:00 399872 ----a-w- C:\Windows\System32\dpx.dll

2011-09-09 08:02:00 189952 ----a-w- C:\Windows\SysWow64\wdscore.dll

2011-09-09 08:01:47 189952 ----a-w- C:\Windows\SysWow64\sqmapi.dll

2011-09-09 08:01:14 606208 ----a-w- C:\Windows\SysWow64\wbem\fastprox.dll

2011-09-09 08:01:14 363008 ----a-w- C:\Windows\SysWow64\wbemcomn.dll

2011-09-09 08:01:14 189952 ----a-w- C:\Program Files (x86)\Windows Portable Devices\sqmapi.dll

2011-09-09 07:58:40 529408 ----a-w- C:\Windows\System32\wbemcomn.dll

2011-09-09 07:58:40 529408 ----a-w- C:\Windows\System32\wbemcomn(1504).dll

2011-09-09 07:58:40 244736 ----a-w- C:\Program Files\Windows Portable Devices\sqmapi.dll

2011-09-09 07:58:23 244736 ----a-w- C:\Windows\System32\sqmapi.dll

2011-09-09 06:36:43 902656 ----a-w- C:\Windows\System32\d2d1.dll

2011-09-09 06:36:42 739840 ----a-w- C:\Windows\SysWow64\d2d1.dll

2011-09-09 06:36:42 739840 ----a-w- C:\Windows\SysWow64\d2d1(4377).dll

2011-09-09 06:36:41 1544192 ----a-w- C:\Windows\System32\DWrite.dll

2011-09-09 06:36:41 1139200 ----a-w- C:\Windows\System32\FntCache.dll

2011-09-09 06:36:40 1076736 ----a-w- C:\Windows\SysWow64\DWrite.dll

2011-09-09 01:50:33 -------- d-----w- C:\ProgramData\Spybot - Search & Destroy

2011-09-09 01:50:33 -------- d-----w- C:\Program Files (x86)\Spybot - Search & Destroy

2011-09-08 10:53:53 -------- d-----w- C:\ProgramData\regid.1986-12.com.adobe

2011-09-08 10:42:05 -------- d-----w- C:\ProgramData\ALM

2011-09-08 07:00:19 -------- d-----w- C:\Windows\SysWow64\Wat

2011-09-08 07:00:19 -------- d-----w- C:\Windows\System32\Wat

2011-09-08 04:41:19 -------- d-----w- C:\Users\Donn Flem\AppData\Local\Diagnostics

2011-09-05 17:05:00 53656 ----a-w- C:\Windows\System32\AdobePDF.dll

2011-09-05 17:04:58 24984 ----a-w- C:\Windows\System32\AdobePDFUI.dll

2011-09-05 13:16:43 -------- d-----w- C:\Users\Donn Flem\AppData\Roaming\Malwarebytes

2011-09-05 13:16:38 41272 ----a-w- C:\Windows\SysWow64\drivers\mbamswissarmy.sys

2011-09-05 13:16:36 -------- d-----w- C:\ProgramData\Malwarebytes

2011-09-05 13:16:33 25912 ----a-w- C:\Windows\System32\drivers\mbam.sys

2011-09-05 13:16:32 -------- d-----w- C:\Program Files (x86)\Malwarebytes' Anti-Malware

2011-09-05 12:48:27 159080 ----a-w- C:\ProgramData\Microsoft\Windows\Sqm\Manifest\Sqm10138.bin

2011-09-05 12:26:19 -------- d-----we C:\Windows\system64

2011-09-04 15:13:59 1395712 ----a-w- C:\Windows\System32\mfc42.dll

2011-09-04 15:12:59 404480 ----a-w- C:\Windows\System32\umpnpmgr.dll

2011-09-04 15:00:14 58288 ----a-w- C:\Windows\SysWow64\rpcnet.dll

2011-09-04 15:00:14 58288 ------w- C:\Windows\SysWow64\rpcnet.exe

2011-09-04 14:59:51 13160 ----a-w- C:\Windows\SysWow64\Upgrd.exe

.

==================== Find3M ====================

.

2011-09-23 14:04:02 17920 ----a-w- C:\Windows\System32\rpcnetp.exe

2011-09-09 08:39:18 152576 ----a-w- C:\Windows\SysWow64\msclmd.dll

2011-09-09 08:39:17 175616 ----a-w- C:\Windows\System32\msclmd.dll

2011-09-09 07:04:15 17920 ----a-w- C:\Windows\SysWow64\rpcnetp.dll

2011-09-09 07:04:00 17920 ----a-w- C:\Windows\SysWow64\rpcnetp.exe

2011-08-15 14:00:06 9984 ----a-w- C:\Windows\System32\drivers\mfeclnk.sys

2011-08-15 14:00:06 75672 ----a-w- C:\Windows\System32\drivers\mfenlfk.sys

2011-08-15 14:00:06 65128 ----a-w- C:\Windows\System32\drivers\cfwids.sys

2011-08-15 14:00:06 642824 ----a-w- C:\Windows\System32\drivers\mfehidk.sys

2011-08-15 14:00:06 481504 ----a-w- C:\Windows\System32\drivers\mfefirek.sys

2011-08-15 14:00:06 283744 ----a-w- C:\Windows\System32\drivers\mfewfpk.sys

2011-08-15 14:00:06 228752 ----a-w- C:\Windows\System32\drivers\mfeavfk.sys

2011-08-15 14:00:06 158584 ----a-w- C:\Windows\System32\drivers\mfeapfk.sys

2011-08-15 14:00:06 100904 ----a-w- C:\Windows\System32\drivers\mferkdet.sys

2011-07-29 00:54:24 947472 ----a-w- C:\Windows\SysWow64\msjava.dll

2011-07-22 05:22:26 1638912 ----a-w- C:\Windows\System32\mshtml.tlb

2011-07-22 05:22:26 1638912 ----a-w- C:\Windows\System32\mshtml(3832).tlb

2011-07-22 04:54:18 1638912 ----a-w- C:\Windows\SysWow64\mshtml.tlb

2011-07-16 05:41:50 362496 ----a-w- C:\Windows\System32\wow64win.dll

2011-07-16 05:41:49 243200 ----a-w- C:\Windows\System32\wow64.dll

2011-07-16 05:41:49 243200 ----a-w- C:\Windows\System32\wow64(3360).dll

2011-07-16 05:41:49 13312 ----a-w- C:\Windows\System32\wow64cpu.dll

2011-07-16 05:39:10 16384 ----a-w- C:\Windows\System32\ntvdm64.dll

2011-07-16 05:37:12 421888 ----a-w- C:\Windows\System32\KernelBase.dll

2011-07-16 04:29:19 14336 ----a-w- C:\Windows\SysWow64\ntvdm64.dll

2011-07-16 04:26:00 44032 ----a-w- C:\Windows\apppatch\acwow64.dll

2011-07-16 04:25:37 25600 ----a-w- C:\Windows\SysWow64\setup16.exe

2011-07-16 04:24:23 5120 ----a-w- C:\Windows\SysWow64\wow32.dll

2011-07-16 04:24:22 272384 ----a-w- C:\Windows\SysWow64\KernelBase.dll

2011-07-16 02:21:44 7680 ----a-w- C:\Windows\SysWow64\instnm.exe

2011-07-16 02:21:41 2048 ----a-w- C:\Windows\SysWow64\user.exe

2011-07-16 02:17:19 6144 ---ha-w- C:\Windows\SysWow64\api-ms-win-security-base-l1-1-0.dll

2011-07-16 02:17:19 4608 ---ha-w- C:\Windows\SysWow64\api-ms-win-core-threadpool-l1-1-0.dll

2011-07-16 02:17:19 3584 ---ha-w- C:\Windows\SysWow64\api-ms-win-core-xstate-l1-1-0.dll

2011-07-16 02:17:19 3072 ---ha-w- C:\Windows\SysWow64\api-ms-win-core-util-l1-1-0.dll

2011-07-12 15:34:00 96104 ----a-w- C:\Windows\System32\dns-sd.exe

2011-07-12 15:34:00 85864 ----a-w- C:\Windows\System32\dnssd.dll

2011-07-12 15:34:00 61288 ----a-w- C:\Windows\System32\jdns_sd.dll

2011-07-12 15:34:00 212840 ----a-w- C:\Windows\System32\dnssdX.dll

2011-07-12 15:20:54 83816 ----a-w- C:\Windows\SysWow64\dns-sd.exe

2011-07-12 15:20:54 73064 ----a-w- C:\Windows\SysWow64\dnssd.dll

2011-07-12 15:20:54 50536 ----a-w- C:\Windows\SysWow64\jdns_sd.dll

2011-07-12 15:20:54 178536 ----a-w- C:\Windows\SysWow64\dnssdX.dll

2011-07-09 05:26:20 2048 ----a-w- C:\Windows\System32\tzres.dll

2011-07-09 04:29:46 2048 ----a-w- C:\Windows\SysWow64\tzres.dll

2011-07-09 02:46:28 288768 ----a-w- C:\Windows\System32\drivers\mrxsmb10.sys

2011-07-05 22:37:00 94208 ----a-w- C:\Windows\SysWow64\QuickTimeVR.qtx

2011-07-05 22:37:00 69632 ----a-w- C:\Windows\SysWow64\QuickTime.qts

.

============= FINISH: 11:25:11.14 ===============

 

DDS Attachment:

 

.

UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.

IF REQUESTED, ZIP IT UP & ATTACH IT

.

DDS (Ver_2011-08-26.01)

.

Microsoft Windows 7 Home Premium

Boot Device: \Device\HarddiskVolume2

Install Date: 10/29/2010 6:47:34 AM

System Uptime: 9/22/2011 4:11:53 PM (19 hours ago)

.

Motherboard: Acer | | Aspire 5742Z

Processor: Intel® Pentium® CPU P6100 @ 2.00GHz | CPU | 1999/1066mhz

.

==== Disk Partitions =========================

.

C: is FIXED (NTFS) - 284 GiB total, 212.368 GiB free.

D: is CDROM ()

E: is FIXED (NTFS) - 932 GiB total, 292.217 GiB free.

.

==== Disabled Device Manager Items =============

.

Class GUID: {8ECC055D-047F-11D1-A537-0000F8753ED1}

Description: Windows Firewall Authorization Driver

Device ID: ROOT\LEGACY_MPSDRV\0000

Manufacturer:

Name: Windows Firewall Authorization Driver

PNP Device ID: ROOT\LEGACY_MPSDRV\0000

Service: mpsdrv

.

==== System Restore Points ===================

.

RP38: 9/23/2011 11:07:12 AM - Installed HiJackThis

.

==== Installed Programs ======================

.

18 Wheels of Steel - American Long Haul

Acer Backup Manager

Acer Crystal Eye Webcam

Acer ePower Management

Acer eRecovery Management

Acer Game Console

Acer Games

Acer Registration

Acer ScreenSaver

Acer Updater

Acrobat.com

Adobe Acrobat X Pro - English, Français, Deutsch

Adobe AIR

Adobe Community Help

Adobe Content Viewer

Adobe Creative Suite 5.5 Design Premium

Adobe Flash Player 10 ActiveX

Adobe Flash Player 10 Plugin

Adobe Reader 9.1 MUI

Adobe Widget Browser

Agatha Chr

Spybot - Search & Destroy scan report.pdf

misp___reportframe.pdf

Share this post


Link to post
Share on other sites

theatlasisonfire,

 

Taking a look at the information provided, and will get back with you a little later.

 

Thanks for your patience.

Share this post


Link to post
Share on other sites

Please do the following:

 

If you have ComboFix (CF) already on your Desktop, please remove it! We're downloading an updated version.

 

Download ComboFix

 

Save ComboFix.exe to your Desktop!!

 

Make sure you temporarily disable your AntiVirus, Firewall, and any other AntiSpyware applications, usually via a right clicking on the System Tray icon. They may interfere with the running of CF.

 

Note: If you are having difficulty properly disabling your protective programs, or are unsure as to what programs need to be disabled, please refer to the information available through this link

 

Right-click ComboFix.exe, and select: 'Run as Administrator'

 

Click on Yes, to continue scanning for malware.

 

When finished, CF produces a report.

 

Please provide a copy of the C:\ComboFix.txt in your reply.

 

 

Notes:

 

1.Do not mouse-click the ComboFix window while it is running.

This action may cause it to stall.

 

2. ComboFix may reset a number of Internet Explorer's settings, including making IE the default browser.

 

3. CF disconnects your machine from the internet. However, the connection is automatically restored before CF completes its run. If CF runs into difficulty and terminates prematurely, the connection can be manually restored by restarting your machine.

 

 

Thanks.

Share this post


Link to post
Share on other sites

Hi Aaflac,

Thanks for getting back to me so quickly. I noticed that the report shows the McAfee firewall as active, even though McAfee shows it as inactive... just wanted to make sure I didn't much something up.

 

 

Here are the results:

 

 

 

ComboFix 11-09-23.03 - Donn Flem 09/23/2011 19:25:09.1.2 - x64

Microsoft Windows 7 Home Premium 6.1.7601.1.1252.1.1033.18.3767.2063 [GMT -4:00]

Running from: c:\users\Donn Flem\Desktop\ComboFix.exe

AV: McAfee Anti-Virus and Anti-Spyware *Disabled/Updated* {86355677-4064-3EA7-ABB3-1B136EB04637}

FW: McAfee Firewall *Enabled* {BE0ED752-0A0B-3FFF-80EC-B2269063014C}

SP: McAfee Anti-Virus and Anti-Spyware *Disabled/Updated* {3D54B793-665E-3129-9103-206115370C8A}

SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

.

.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))

.

.

c:\users\Donn Flem\AppData\Local\Microsoft\Windows\Temporary Internet Files\{35F89EA3-AEF7-4380-B474-39FDD2868DB4}.xps

c:\windows\security\Database\tmp.edb

c:\windows\System64

E:\Autorun.inf

E:\Setup.exe

.

.

((((((((((((((((((((((((( Files Created from 2011-08-23 to 2011-09-23 )))))))))))))))))))))))))))))))

.

.

2011-09-23 23:33 . 2011-09-23 23:33 -------- d-----w- c:\users\Default\AppData\Local\temp

2011-09-23 15:07 . 2011-09-23 15:07 388096 ----a-r- c:\users\Donn Flem\AppData\Roaming\Microsoft\Installer\{45A66726-69BC-466B-A7A4-12FCBA4883D7}\HiJackThis.exe

2011-09-23 15:05 . 2011-09-23 15:07 -------- d-----w- C:\HJT

2011-09-20 18:39 . 2011-09-20 18:39 -------- d-----w- c:\users\Donn Flem\AppData\Roaming\Apple Computer

2011-09-20 18:39 . 2011-09-20 18:39 -------- d-----w- c:\users\Donn Flem\AppData\Local\Apple Computer

2011-09-20 18:39 . 2011-09-20 18:39 -------- dc----w- c:\windows\system32\DRVSTORE

2011-09-20 18:39 . 2009-05-18 17:17 34152 ----a-w- c:\windows\system32\drivers\GEARAspiWDM.sys

2011-09-20 18:39 . 2008-04-17 16:12 126312 ----a-w- c:\windows\system32\GEARAspi64.dll

2011-09-20 18:39 . 2008-04-17 16:12 107368 ----a-w- c:\windows\SysWow64\GEARAspi.dll

2011-09-20 18:38 . 2011-09-20 18:38 -------- d-----w- c:\program files\iPod

2011-09-20 18:38 . 2011-09-20 18:39 -------- d-----w- c:\programdata\{93E26451-CD9A-43A5-A2FA-C42392EA4001}

2011-09-20 18:38 . 2011-09-20 18:39 -------- d-----w- c:\program files\iTunes

2011-09-20 18:38 . 2011-09-20 18:39 -------- d-----w- c:\program files (x86)\iTunes

2011-09-20 18:37 . 2011-09-20 18:37 159744 ----a-w- c:\program files (x86)\Internet Explorer\Plugins\npqtplugin7.dll

2011-09-20 18:37 . 2011-09-20 18:37 159744 ----a-w- c:\program files (x86)\Internet Explorer\Plugins\npqtplugin6.dll

2011-09-20 18:37 . 2011-09-20 18:37 159744 ----a-w- c:\program files (x86)\Internet Explorer\Plugins\npqtplugin5.dll

2011-09-20 18:37 . 2011-09-20 18:37 159744 ----a-w- c:\program files (x86)\Internet Explorer\Plugins\npqtplugin4.dll

2011-09-20 18:37 . 2011-09-20 18:37 159744 ----a-w- c:\program files (x86)\Internet Explorer\Plugins\npqtplugin3.dll

2011-09-20 18:37 . 2011-09-20 18:37 159744 ----a-w- c:\program files (x86)\Internet Explorer\Plugins\npqtplugin2.dll

2011-09-20 18:37 . 2011-09-20 18:37 159744 ----a-w- c:\program files (x86)\Internet Explorer\Plugins\npqtplugin.dll

2011-09-20 18:36 . 2011-09-20 18:38 -------- d-----w- c:\programdata\Apple Computer

2011-09-20 18:36 . 2011-09-20 18:37 -------- d-----w- c:\program files (x86)\QuickTime

2011-09-20 18:36 . 2011-09-20 18:36 -------- d-----w- c:\users\Donn Flem\AppData\Local\Apple

2011-09-20 18:36 . 2011-09-20 18:36 -------- d-----w- c:\program files (x86)\Apple Software Update

2011-09-20 18:36 . 2011-09-20 18:36 -------- d-----w- c:\program files\Common Files\Apple

2011-09-20 18:36 . 2011-09-20 18:36 -------- d-----w- c:\program files\Bonjour

2011-09-20 18:36 . 2011-09-20 18:36 -------- d-----w- c:\program files (x86)\Bonjour

2011-09-20 18:36 . 2011-09-20 18:38 -------- d-----w- c:\program files (x86)\Common Files\Apple

2011-09-20 18:36 . 2011-09-20 18:36 -------- d-----w- c:\programdata\Apple

2011-09-19 22:34 . 2011-09-19 22:34 -------- d-----w- c:\users\Donn Flem\AppData\Local\ElevatedDiagnostics

2011-09-17 02:03 . 2011-09-19 00:17 -------- d-----w- c:\windows\system32\MpEngineStore

2011-09-15 16:17 . 2011-09-15 16:17 -------- d-----w- c:\programdata\AVAST Software

2011-09-15 16:17 . 2011-09-15 16:17 -------- d-----w- c:\program files\AVAST Software

2011-09-13 13:58 . 2011-09-13 13:58 -------- d-----w- c:\program files (x86)\MSXML 4.0

2011-09-12 23:57 . 2011-09-12 23:57 -------- d-----w- c:\users\Donn Flem\AppData\Roaming\EPSON

2011-09-12 23:50 . 2006-10-31 04:10 51360 ----a-w- c:\windows\SysWow64\EpPicPrt.dll

2011-09-12 23:50 . 2006-10-31 04:10 51360 ----a-w- c:\windows\SysWow64\EpPicMgr.dll

2011-09-12 23:50 . 2006-10-20 04:10 80024 ----a-w- c:\windows\SysWow64\PICSDK.dll

2011-09-12 23:50 . 2006-10-20 04:10 501912 ----a-w- c:\windows\SysWow64\PICSDK2.dll

2011-09-12 23:50 . 2006-10-20 04:10 108704 ----a-w- c:\windows\SysWow64\PICEntry.dll

2011-09-12 23:50 . 2011-09-12 23:50 -------- d-----w- c:\users\Donn Flem\AppData\Roaming\InstallShield

2011-09-12 23:50 . 2011-09-19 02:49 -------- d-----w- c:\programdata\EPSON

2011-09-12 23:48 . 2011-09-12 23:48 -------- d-----w- c:\program files\EPSON

2011-09-12 23:48 . 2011-09-12 23:48 -------- d-----w- c:\program files (x86)\epson

2011-09-12 23:48 . 2007-04-18 04:00 101888 ----a-w- c:\windows\system32\esxcwiad.dll

2011-09-12 14:01 . 2011-09-19 03:34 -------- d-----w- c:\program files\Recuva

2011-09-12 03:16 . 2011-09-12 03:16 -------- d-----w- c:\program files\Motorola Inc

2011-09-12 03:16 . 2011-09-12 03:16 -------- d-----w- c:\program files\Common Files\Motorola Shared

2011-09-12 03:16 . 2011-09-12 03:16 -------- d-----w- c:\program files (x86)\Motorola

2011-09-11 17:10 . 2011-09-11 17:11 -------- d-----w- c:\program files (x86)\California Font Manager

2011-09-09 08:31 . 2011-09-19 03:35 -------- d-----w- c:\windows\system32\SPReview

2011-09-09 08:30 . 2011-09-19 03:35 -------- d-----w- c:\windows\system32\EventProviders

2011-09-09 08:24 . 2010-11-20 13:27 3008000 ----a-w- c:\windows\system32\xpsservices.dll

2011-09-09 08:23 . 2010-11-20 13:27 754176 ----a-w- c:\windows\system32\wbem\WmiPrvSD.dll

2011-09-09 08:22 . 2010-11-20 13:27 395776 ----a-w- c:\windows\system32\webio.dll

2011-09-09 08:21 . 2010-11-20 13:27 312832 ----a-w- c:\windows\system32\Wldap32.dll

2011-09-09 08:20 . 2010-11-20 12:20 988160 ----a-w- c:\windows\SysWow64\propsys.dll

2011-09-09 08:19 . 2010-11-20 13:28 780008 ----a-w- c:\windows\system32\ci.dll

2011-09-09 08:17 . 2010-11-20 13:27 372736 ----a-w- c:\windows\system32\mtxclu.dll

2011-09-09 08:16 . 2010-11-20 12:21 72192 ----a-w- c:\windows\SysWow64\regapi.dll

2011-09-09 08:15 . 2010-11-20 12:17 983040 ----a-w- c:\program files (x86)\Windows Media Player\WMPDMC.exe

2011-09-09 08:14 . 2010-11-20 12:19 216576 ----a-w- c:\windows\SysWow64\FWPUCLNT.DLL

2011-09-09 08:13 . 2010-11-20 12:19 226304 ----a-w- c:\windows\SysWow64\MSAC3ENC.DLL

2011-09-09 08:12 . 2010-11-20 13:27 28160 ----a-w- c:\windows\system32\secur32.dll

2011-09-09 08:11 . 2010-11-20 12:19 34816 ----a-w- c:\windows\SysWow64\httpapi.dll

2011-09-09 08:10 . 2010-11-20 13:24 241664 ----a-w- c:\windows\system32\Ribbons.scr

2011-09-09 08:09 . 2010-11-20 13:24 133120 ----a-w- c:\windows\system32\Kswdmcap.ax

2011-09-09 08:08 . 2010-11-20 12:20 183296 ----a-w- c:\windows\SysWow64\PortableDeviceSyncProvider.dll

2011-09-09 08:07 . 2010-11-20 13:26 90624 ----a-w- c:\windows\system32\KMSVC.DLL

2011-09-09 08:05 . 2010-11-20 13:27 72192 ----a-w- c:\windows\system32\napdsnap.dll

2011-09-09 08:04 . 2010-11-20 12:21 20992 ----a-w- c:\windows\SysWow64\shgina.dll

2011-09-09 08:03 . 2010-11-20 10:44 350208 ----a-w- c:\windows\system32\drivers\HdAudio.sys

2011-09-09 08:02 . 2010-11-20 12:57 3072 ----a-w- c:\windows\system32\drivers\en-US\tsusbflt.sys.mui

2011-09-09 08:02 . 2010-11-20 13:01 2560 ----a-w- c:\windows\system32\drivers\en-US\rdpwd.sys.mui

2011-09-09 08:02 . 2010-11-20 13:11 6144 ----a-w- c:\windows\system32\drivers\en-US\IPMIDrv.sys.mui

2011-09-09 08:02 . 2010-11-20 13:10 4608 ----a-w- c:\windows\system32\drivers\en-US\kbdclass.sys.mui

2011-09-09 08:02 . 2010-11-20 13:26 399872 ----a-w- c:\windows\system32\dpx.dll

2011-09-09 08:02 . 2010-11-20 12:21 189952 ----a-w- c:\windows\SysWow64\wdscore.dll

2011-09-09 08:01 . 2010-11-20 12:21 189952 ----a-w- c:\windows\SysWow64\sqmapi.dll

2011-09-09 08:01 . 2010-11-20 12:21 363008 ----a-w- c:\windows\SysWow64\wbemcomn.dll

2011-09-09 08:01 . 2010-11-20 12:21 189952 ----a-w- c:\program files (x86)\Windows Portable Devices\sqmapi.dll

2011-09-09 08:01 . 2010-11-20 12:19 606208 ----a-w- c:\windows\SysWow64\wbem\fastprox.dll

2011-09-09 07:58 . 2010-11-20 13:27 529408 ----a-w- c:\windows\system32\wbemcomn.dll

2011-09-09 07:58 . 2010-11-20 13:27 529408 ----a-w- c:\windows\system32\wbemcomn(1504).dll

2011-09-09 07:58 . 2010-11-20 13:27 244736 ----a-w- c:\program files\Windows Portable Devices\sqmapi.dll

2011-09-09 07:58 . 2010-11-20 13:27 244736 ----a-w- c:\windows\system32\sqmapi.dll

2011-09-09 06:36 . 2011-02-19 12:04 902656 ----a-w- c:\windows\system32\d2d1.dll

2011-09-09 06:36 . 2011-02-19 06:30 739840 ----a-w- c:\windows\SysWow64\d2d1.dll

2011-09-09 06:36 . 2011-02-19 06:30 739840 ----a-w- c:\windows\SysWow64\d2d1(4377).dll

2011-09-09 06:36 . 2011-02-19 12:05 1139200 ----a-w- c:\windows\system32\FntCache.dll

2011-09-09 06:36 . 2011-02-19 12:04 1544192 ----a-w- c:\windows\system32\DWrite.dll

2011-09-09 06:36 . 2011-02-19 06:30 1076736 ----a-w- c:\windows\SysWow64\DWrite.dll

2011-09-09 06:31 . 2011-09-09 06:31 -------- d-----w- c:\users\Default\AppData\Local\Microsoft Help

2011-09-09 01:50 . 2011-09-19 03:34 -------- d-----w- c:\programdata\Spybot - Search & Destroy

2011-09-09 01:50 . 2011-09-19 03:33 -------- d-----w- c:\program files (x86)\Spybot - Search & Destroy

2011-09-08 10:53 . 2011-09-08 10:53 -------- d-----w- c:\programdata\regid.1986-12.com.adobe

2011-09-08 10:42 . 2011-09-08 10:42 -------- d-----w- c:\programdata\ALM

2011-09-08 10:30 . 2011-09-19 03:33 -------- d-----w- c:\program files\Common Files\Adobe

2011-09-08 07:00 . 2011-09-19 03:35 -------- d-----w- c:\windows\SysWow64\Wat

2011-09-08 07:00 . 2011-09-19 03:35 -------- d-----w- c:\windows\system32\Wat

2011-09-08 05:21 . 2011-09-08 05:59 -------- d-----w- c:\users\Donn Flem\AppData\Roaming\Download Manager

2011-09-08 04:41 . 2011-09-08 04:41 -------- d-----w- c:\users\Donn Flem\AppData\Local\Diagnostics

2011-09-05 17:05 . 2011-09-05 17:05 53656 ----a-w- c:\windows\system32\AdobePDF.dll

2011-09-05 17:04 . 2011-09-05 17:04 24984 ----a-w- c:\windows\system32\AdobePDFUI.dll

2011-09-05 13:16 . 2011-09-05 13:16 -------- d-----w- c:\users\Donn Flem\AppData\Roaming\Malwarebytes

2011-09-05 13:16 . 2011-07-06 23:52 41272 ----a-w- c:\windows\SysWow64\drivers\mbamswissarmy.sys

2011-09-05 13:16 . 2011-09-05 13:16 -------- d-----w- c:\programdata\Malwarebytes

2011-09-05 13:16 . 2011-07-06 23:52 25912 ----a-w- c:\windows\system32\drivers\mbam.sys

2011-09-05 13:16 . 2011-09-19 03:33 -------- d-----w- c:\program files (x86)\Malwarebytes' Anti-Malware

2011-09-05 12:48 . 2011-09-05 12:48 159080 ----a-w- c:\programdata\Microsoft\Windows\Sqm\Manifest\Sqm10138.bin

2011-09-04 15:13 . 2011-03-11 06:34 1359872 ----a-w- c:\windows\system32\mfc42u.dll

2011-09-04 15:12 . 2011-05-24 11:42 404480 ----a-w- c:\windows\system32\umpnpmgr.dll

2011-09-04 15:00 . 2011-09-23 23:35 58288 ----a-w- c:\windows\SysWow64\rpcnet.dll

2011-09-04 15:00 . 2011-09-04 14:59 58288 ------w- c:\windows\SysWow64\rpcnet.exe

2011-09-04 14:59 . 2011-09-04 14:59 13160 ----a-w- c:\windows\SysWow64\Upgrd.exe

.

.

.

(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))

.

2011-09-23 23:35 . 2010-07-20 08:23 17920 ----a-w- c:\windows\system32\rpcnetp.exe

2011-09-09 08:39 . 2009-07-14 02:36 152576 ----a-w- c:\windows\SysWow64\msclmd.dll

2011-09-09 08:39 . 2009-07-14 02:36 175616 ----a-w- c:\windows\system32\msclmd.dll

2011-09-09 07:04 . 2010-07-20 08:23 17920 ----a-w- c:\windows\SysWow64\rpcnetp.dll

2011-09-09 07:04 . 2010-07-20 08:23 17920 ----a-w- c:\windows\SysWow64\rpcnetp.exe

2011-08-15 14:00 . 2010-07-20 08:45 9984 ----a-w- c:\windows\system32\drivers\mfeclnk.sys

2011-08-15 14:00 . 2010-01-06 01:04 75672 ----a-w- c:\windows\system32\drivers\mfenlfk.sys

2011-08-15 14:00 . 2010-01-06 01:04 65128 ----a-w- c:\windows\system32\drivers\cfwids.sys

2011-08-15 14:00 . 2010-01-06 01:04 642824 ----a-w- c:\windows\system32\drivers\mfehidk.sys

2011-08-15 14:00 . 2010-01-06 01:04 481504 ----a-w- c:\windows\system32\drivers\mfefirek.sys

2011-08-15 14:00 . 2010-01-06 01:04 283744 ----a-w- c:\windows\system32\drivers\mfewfpk.sys

2011-08-15 14:00 . 2010-01-06 01:04 228752 ----a-w- c:\windows\system32\drivers\mfeavfk.sys

2011-08-15 14:00 . 2010-01-06 01:04 158584 ----a-w- c:\windows\system32\drivers\mfeapfk.sys

2011-08-15 14:00 . 2010-01-06 01:04 100904 ----a-w- c:\windows\system32\drivers\mferkdet.sys

2011-07-29 00:54 . 2011-02-28 22:01 947472 ----a-w- c:\windows\SysWow64\msjava.dll

2011-07-16 04:26 . 2011-09-04 15:13 44032 ----a-w- c:\windows\apppatch\acwow64.dll

2011-07-12 15:34 . 2011-07-12 15:34 96104 ----a-w- c:\windows\system32\dns-sd.exe

2011-07-12 15:34 . 2011-07-12 15:34 85864 ----a-w- c:\windows\system32\dnssd.dll

2011-07-12 15:34 . 2011-07-12 15:34 61288 ----a-w- c:\windows\system32\jdns_sd.dll

2011-07-12 15:34 . 2011-07-12 15:34 212840 ----a-w- c:\windows\system32\dnssdX.dll

2011-07-12 15:20 . 2011-07-12 15:20 83816 ----a-w- c:\windows\SysWow64\dns-sd.exe

2011-07-12 15:20 . 2011-07-12 15:20 73064 ----a-w- c:\windows\SysWow64\dnssd.dll

2011-07-12 15:20 . 2011-07-12 15:20 50536 ----a-w- c:\windows\SysWow64\jdns_sd.dll

2011-07-12 15:20 . 2011-07-12 15:20 178536 ----a-w- c:\windows\SysWow64\dnssdX.dll

2011-07-05 22:37 . 2011-07-05 22:37 94208 ----a-w- c:\windows\SysWow64\QuickTimeVR.qtx

2011-07-05 22:37 . 2011-07-05 22:37 69632 ----a-w- c:\windows\SysWow64\QuickTime.qts

.

.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))

.

.

*Note* empty entries & legit default entries are not shown

REGEDIT4

.

[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\egisPSDP]

@="{30A0A3F6-38AC-4C53-BB8B-0D95238E25BA}"

[HKEY_CLASSES_ROOT\CLSID\{30A0A3F6-38AC-4C53-BB8B-0D95238E25BA}]

2010-05-27 02:40 120176 ----a-w- c:\program files (x86)\EgisTec MyWinLocker\x86\PSDProtect.dll

.

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"swg"="c:\program files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2010-07-20 39408]

"SpybotSD TeaTimer"="c:\program files (x86)\Spybot - Search & Destroy\TeaTimer.exe" [2009-03-05 2260480]

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]

"IAStorIcon"="c:\program files (x86)\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe" [2010-04-13 284696]

"mcui_exe"="c:\program files\McAfee.com\Agent\mcagent.exe" [2011-09-10 1671824]

"SuiteTray"="c:\program files (x86)\EgisTec MyWinLockerSuite\x86\SuiteTray.exe" [2010-05-27 337264]

"EgisUpdate"="c:\program files (x86)\EgisTec IPS\EgisUpdate.exe" [2010-03-11 201584]

"EgisTecPMMUpdate"="c:\program files (x86)\EgisTec IPS\PmmUpdate.exe" [2010-03-11 407920]

"Norton Online Backup"="c:\program files (x86)\Symantec\Norton Online Backup\NOBuClient.exe" [2010-06-01 1155928]

"Adobe Reader Speed Launcher"="c:\program files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2009-02-28 35696]

"BackupManagerTray"="c:\program files (x86)\NewTech Infosystems\Acer Backup Manager\BackupManagerTray.exe" [2010-06-28 265984]

"LManager"="c:\program files (x86)\Launch Manager\LManager.exe" [2010-06-22 968272]

"SwitchBoard"="c:\program files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe" [2010-02-19 517096]

"AdobeCS5.5ServiceManager"="c:\program files (x86)\Common Files\Adobe\CS5.5ServiceManager\CS5.5ServiceManager.exe" [2011-01-12 1523360]

"Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2011-03-30 937920]

"Adobe Acrobat Speed Launcher"="c:\program files (x86)\Adobe\Acrobat 10.0\Acrobat\Acrobat_sl.exe" [2011-09-05 36760]

"Acrobat Assistant 8.0"="c:\program files (x86)\Adobe\Acrobat 10.0\Acrobat\Acrotray.exe" [2011-09-05 2904984]

"QuickTime Task"="c:\program files (x86)\QuickTime\QTTask.exe" [2011-07-05 421888]

"iTunesHelper"="c:\program files (x86)\iTunes\iTunesHelper.exe" [2011-08-19 421736]

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]

"ConsentPromptBehaviorAdmin"= 5 (0x5)

"ConsentPromptBehaviorUser"= 3 (0x3)

"EnableUIADesktopToggle"= 0 (0x0)

.

[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\drivers32]

"aux"=wdmaud.drv

.

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\mcmscsvc]

@=""

.

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MCODS]

@=""

.

R2 0142131316632884mcinstcleanup;McAfee Application Installer Cleanup (0142131316632884);c:\windows\TEMP\014213~1.EXE [x]

R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]

R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]

R2 gupdate;Google Update Service (gupdate);c:\program files (x86)\Google\Update\GoogleUpdate.exe [2010-10-29 135664]

R3 gupdatem;Google Update Service (gupdatem);c:\program files (x86)\Google\Update\GoogleUpdate.exe [2010-10-29 135664]

R3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [x]

R3 mferkdet;McAfee Inc. mferkdet;c:\windows\system32\drivers\mferkdet.sys [x]

R3 MWLService;MyWinLocker Service;c:\program files (x86)\EgisTec MyWinLocker\x86\MWLService.exe [2010-05-27 305520]

R3 osppsvc;Office Software Protection Platform;c:\program files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE [2010-01-10 4925184]

R3 RSUSBSTOR;RtsUStor.Sys Realtek USB Card Reader;c:\windows\system32\Drivers\RtsUStor.sys [x]

R3 SwitchBoard;Adobe SwitchBoard;c:\program files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [2010-02-19 517096]

R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [x]

R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe [x]

R4 MBAMService;MBAMService;c:\program files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [2011-07-06 366640]

R4 McOobeSv;McAfee OOBE Service;c:\program files\Common Files\mcafee\McSvcHost\McSvHost.exe [2011-01-27 249936]

S0 mfewfpk;McAfee Inc. mfewfpk;c:\windows\system32\drivers\mfewfpk.sys [x]

S1 mfenlfk;McAfee NDIS Light Filter;c:\windows\system32\DRIVERS\mfenlfk.sys [x]

S1 mwlPSDFilter;mwlPSDFilter;c:\windows\system32\DRIVERS\mwlPSDFilter.sys [x]

S1 mwlPSDNServ;mwlPSDNServ;c:\windows\system32\DRIVERS\mwlPSDNServ.sys [x]

S1 mwlPSDVDisk;mwlPSDVDisk;c:\windows\system32\DRIVERS\mwlPSDVDisk.sys [x]

S1 vwififlt;Virtual WiFi Filter Driver;c:\windows\system32\DRIVERS\vwififlt.sys [x]

S2 DsiWMIService;Dritek WMI Service;c:\program files (x86)\Launch Manager\dsiwmis.exe [2010-06-22 321104]

S2 ePowerSvc;Acer ePower Service;c:\program files\Acer\Acer ePower Management\ePowerSvc.exe [2010-06-11 868896]

S2 GREGService;GREGService;c:\program files (x86)\Acer\Registration\GREGsvc.exe [2010-01-08 23584]

S2 IAStorDataMgrSvc;Intel® Rapid Storage Technology;c:\program files (x86)\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe [2010-04-13 13336]

S2 McAfee SiteAdvisor Service;McAfee SiteAdvisor Service;c:\program files\Common Files\McAfee\McSvcHost\McSvHost.exe [2011-01-27 249936]

S2 McMPFSvc;McAfee Personal Firewall Service;c:\program files\Common Files\McAfee\McSvcHost\McSvHost.exe [2011-01-27 249936]

S2 McNaiAnn;McAfee VirusScan Announcer;c:\program files\Common Files\mcafee\McSvcHost\McSvHost.exe [2011-01-27 249936]

S2 mfefire;McAfee Firewall Core Service;c:\program files\Common Files\McAfee\SystemCore\\mfefire.exe [2011-08-19 208272]

S2 mfevtp;McAfee Validation Trust Protection Service;c:\program files\Common Files\McAfee\SystemCore\mfevtps.exe [2011-08-19 158832]

S2 MotoHelper;MotoHelper Service;c:\program files (x86)\Motorola\MotoHelper\MotoHelperService.exe [2010-09-07 202048]

S2 NOBU;Norton Online Backup;c:\program files (x86)\Symantec\Norton Online Backup\NOBuAgent.exe SERVICE [x]

S2 NTI IScheduleSvc;NTI IScheduleSvc;c:\program files (x86)\NewTech Infosystems\Acer Backup Manager\IScheduleSvc.exe [2010-06-28 255744]

S2 SBSDWSCService;SBSD Security Center Service;c:\program files (x86)\Spybot - Search & Destroy\SDWinSec.exe [2009-01-26 1153368]

S2 UNS;Intel® Management & Security Application User Notification Service;c:\program files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe [2010-03-18 2320920]

S2 Updater Service;Updater Service;c:\program files\Acer\Acer Updater\UpdaterService.exe [2010-01-28 243232]

S3 cfwids;McAfee Inc. cfwids;c:\windows\system32\drivers\cfwids.sys [x]

S3 HECIx64;Intel® Management Engine Interface;c:\windows\system32\DRIVERS\HECIx64.sys [x]

S3 Impcd;Impcd;c:\windows\system32\DRIVERS\Impcd.sys [x]

S3 IntcDAud;Intel® Display Audio;c:\windows\system32\DRIVERS\IntcDAud.sys [x]

S3 k57nd60a;Broadcom NetLink Gigabit Ethernet - NDIS 6.0;c:\windows\system32\DRIVERS\k57nd60a.sys [x]

S3 mfefirek;McAfee Inc. mfefirek;c:\windows\system32\drivers\mfefirek.sys [x]

.

.

--- Other Services/Drivers In Memory ---

.

*Deregistered* - mfeavfk01

.

Contents of the 'Scheduled Tasks' folder

.

2011-09-23 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job

- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2010-10-29 11:13]

.

2011-09-23 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job

- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2010-10-29 11:13]

.

2011-09-23 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-676432998-434936549-2684315561-1001Core.job

- c:\users\Donn Flem\AppData\Local\Google\Update\GoogleUpdate.exe [2011-09-04 14:55]

.

2011-09-23 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-676432998-434936549-2684315561-1001UA.job

- c:\users\Donn Flem\AppData\Local\Google\Update\GoogleUpdate.exe [2011-09-04 14:55]

.

.

--------- x86-64 -----------

.

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\egisPSDP]

@="{30A0A3F6-38AC-4C53-BB8B-0D95238E25BA}"

[HKEY_CLASSES_ROOT\CLSID\{30A0A3F6-38AC-4C53-BB8B-0D95238E25BA}]

2010-05-27 02:42 137584 ----a-w- c:\program files (x86)\EgisTec MyWinLocker\x64\PSDProtect.dll

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"mwlDaemon"="c:\program files (x86)\EgisTec MyWinLocker\x86\mwlDaemon.exe" [2010-05-27 349552]

"RtHDVCpl"="c:\program files\Realtek\Audio\HDA\RAVCpl64.exe" [2010-06-22 10920552]

"PLFSetI"="c:\windows\PLFSetI.exe" [2010-06-10 206208]

"Acer ePower Management"="c:\program files\Acer\Acer ePower Management\ePowerTray.exe" [2010-06-11 861216]

"AdobeAAMUpdater-1.0"="c:\program files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe" [2011-03-30 499608]

"IgfxTray"="c:\windows\system32\igfxtray.exe" [2011-02-11 162328]

"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2011-02-11 386584]

"Persistence"="c:\windows\system32\igfxpers.exe" [2011-02-11 417304]

"combofix"="c:\combofix\CF3189.3XE" [2010-11-20 345088]

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]

"LoadAppInit_DLLs"=0x0

.

------- Supplementary Scan -------

.

uStart Page = hxxp://www.google.com/

uLocal Page = c:\windows\system32\blank.htm

mStart Page = hxxp://homepage.acer.com/rdr.aspx?b=ACAW&l=0409&m=aspire_5742z&r=27361010v025l04g4z115v47l21458

mLocal Page = c:\windows\SysWOW64\blank.htm

uInternet Settings,ProxyOverride = *.local

IE: E&xport to Microsoft Excel - c:\progra~2\MICROS~2\Office14\EXCEL.EXE/3000

IE: Google Sidewiki... - c:\program files (x86)\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_950DF09FAB501E03.dll/cmsidewiki.html

IE: Se&nd to OneNote - c:\progra~2\MICROS~2\Office14\ONBttnIE.dll/105

TCP: DhcpNameServer = 192.168.1.1

.

- - - - ORPHANS REMOVED - - - -

.

Toolbar-Locked - (no file)

Toolbar-Locked - (no file)

HKLM-Run-SynTPEnh - c:\program files (x86)\Synaptics\SynTP\SynTPEnh.exe

.

.

.

--------------------- LOCKED REGISTRY KEYS ---------------------

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]

@Denied: (A 2) (Everyone)

@="FlashBroker"

"LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil10o_ActiveX.exe,-101"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]

"Enabled"=dword:00000001

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]

@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil10o_ActiveX.exe"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]

@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]

@Denied: (A 2) (Everyone)

@="Shockwave Flash Object"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]

@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10o.ocx"

"ThreadingModel"="Apartment"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]

@="0"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]

@="ShockwaveFlash.ShockwaveFlash.10"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]

@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10o.ocx, 1"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]

@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]

@="1.0"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]

@="ShockwaveFlash.ShockwaveFlash"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]

@Denied: (A 2) (Everyone)

@="Macromedia Flash Factory Object"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]

@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10o.ocx"

"ThreadingModel"="Apartment"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]

@="FlashFactory.FlashFactory.1"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]

@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10o.ocx, 1"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]

@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]

@="1.0"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]

@="FlashFactory.FlashFactory"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]

@Denied: (A 2) (Everyone)

@="IFlashBroker4"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]

@="{00020424-0000-0000-C000-000000000046}"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]

@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"

"Version"="1.0"

.

[HKEY_LOCAL_MACHINE\software\McAfee]

"SymbolicLinkValue"=hex(6):5c,00,72,00,65,00,67,00,69,00,73,00,74,00,72,00,79,

00,5c,00,6d,00,61,00,63,00,68,00,69,00,6e,00,65,00,5c,00,53,00,6f,00,66,00,\

.

[HKEY_LOCAL_MACHINE\software\Wow6432Node\Microsoft\Office\Common\Smart Tag\Actions\{B7EFF951-E52F-45CC-9EF7-57124F2177CC}]

@Denied: (A) (Everyone)

"Solution"="{15727DE6-F92D-4E46-ACB4-0E2C58B31A18}"

.

[HKEY_LOCAL_MACHINE\software\Wow6432Node\Microsoft\Schema Library\ActionsPane3]

@Denied: (A) (Everyone)

.

[HKEY_LOCAL_MACHINE\software\Wow6432Node\Microsoft\Schema Library\ActionsPane3\0]

"Key"="ActionsPane3"

"Location"="c:\\Program Files (x86)\\Common Files\\Microsoft Shared\\VSTO\\ActionsPane3.xsd"

.

[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\PCW\Security]

@Denied: (Full) (Everyone)

.

------------------------ Other Running Processes ------------------------

.

c:\program files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe

c:\program files (x86)\Bonjour\mDNSResponder.exe

c:\program files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe

c:\windows\SysWOW64\rundll32.exe

c:\windows\SysWOW64\rpcnet.exe

c:\program files (x86)\Motorola\MotoHelper\MotoHelperAgent.exe

.

**************************************************************************

.

Completion time: 2011-09-23 19:51:21 - machine was rebooted

ComboFix-quarantined-files.txt 2011-09-23 23:51

.

Pre-Run: 227,596,869,632 bytes free

Post-Run: 227,446,452,224 bytes free

.

- - End Of File - - 2DF436435BF910067BDA0B39C831E276

 

Please do the following:

 

If you have ComboFix (CF) already on your Desktop, please remove it! We're downloading an updated version.

 

Download ComboFix

 

Save ComboFix.exe to your Desktop!!

 

Make sure you temporarily disable your AntiVirus, Firewall, and any other AntiSpyware applications, usually via a right clicking on the System Tray icon. They may interfere with the running of CF.

 

Note: If you are having difficulty properly disabling your protective programs, or are unsure as to what programs need to be disabled, please refer to the information available through this link

 

Right-click ComboFix.exe, and select: 'Run as Administrator'

 

Click on Yes, to continue scanning for malware.

 

When finished, CF produces a report.

 

Please provide a copy of the C:\ComboFix.txt in your reply.

 

 

Notes:

 

1.Do not mouse-click the ComboFix window while it is running.

This action may cause it to stall.

 

2. ComboFix may reset a number of Internet Explorer's settings, including making IE the default browser.

 

3. CF disconnects your machine from the internet. However, the connection is automatically restored before CF completes its run. If CF runs into difficulty and terminates prematurely, the connection can be manually restored by restarting your machine.

 

 

Thanks.

 

Share this post


Link to post
Share on other sites

Please download SystemLook from one of the links below:

Link 1

Link 2

 

Save the file to the Desktop

 

  • Double-click SystemLook.exe to run it.
  • Copy the content of the following code box into the open textfield:

 

:reg
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Session Manager\SubSystems /sub

:filefind
consrv.dll
  • Click the Look button to start the scan.
  • When finished, a Notepad window opens with the results of the scan.

    Please post the SystemLook.txt in your reply.

Thanks!

Edited by Aaflac

Share this post


Link to post
Share on other sites

here you are:

 

 

SystemLook 30.07.11 by jpshortstuff

Log created at 08:25 on 24/09/2011 by Donn Flem

Administrator - Elevation successful

 

========== reg ==========

 

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Session Manager\SubSystems]

"Debug"=""

@="mnmsrvc"

"Kmode"="\SystemRoot\System32\win32k.sys"

"Optional"="Posix"

"Posix"="%SystemRoot%\system32\psxss.exe"

"Required"="Debug Windows"

"Windows"="%SystemRoot%\system32\csrss.exe ObjectDirectory=\Windows SharedSection=1024,20480,768 Windows=On SubSystemType=Windows ServerDll=basesrv,1 ServerDll=winsrv:UserServerDllInitialization,3 ServerDll=winsrv:ConServerDllInitialization,2 ServerDll=sxssrv,4 ProfileControl=Off MaxRequestThreads=16"

 

 

========== filefind ==========

 

Searching for "consrv.dll"

No files found.

 

-= EOF =-

Share this post


Link to post
Share on other sites

Looks as if the Registry entry is OK now. ;)

 

On ZeroAccess, let's do some cross-checking...

 

Please remove any previous download of TDSSKiller.exe (if used) and download the latest version.

 

Execute the file:

W7 - Right-click tdsskiller.exe, and select: Run as Administrator

 

Press the button: Start Scan

 

The tool scans and detects two object types:

Malicious (where the malware has been identified)

Suspicious (where the malware cannot be identified)

 

When the scan is over, the tool outputs a list of detected objects (Malicious or Suspicious) with their description.

 

It automatically selects an action (Cure or Delete) for Malicious objects. Leave the setting as it is.

 

It also prompts the User to select an action to apply to Suspicious objects (Skip, by default). Leave the setting as it is.

 

After clicking Next/Continue, the tool applies the selected actions.

 

 

A Reboot Required prompt may appear after a disinfection. Please reboot.

 

 

By default, the tool outputs its log to the system disk root folder (the disk with the Windows operating system, normally C:\).

 

Logs have a name like:

C:\TDSSKiller.2.4.7_23.07.2010_15.31.43_log.txt

 

Please post the TDSSKiller log in your reply.

Share this post


Link to post
Share on other sites

No rest for the wicked, eh? Figured I wouldn't hear back until Monday... thanks so much for keeping up on this with me.

 

Thanks! This is going smoother than I anticipated. I really appreciate it. Here's the TDS log:

 

 

12:56:30.0928 5248 TDSS rootkit removing tool 2.6.0.0 Sep 23 2011 07:42:37

12:56:32.0956 5248 ============================================================

12:56:32.0956 5248 Current date / time: 2011/09/24 12:56:32.0956

12:56:32.0956 5248 SystemInfo:

12:56:32.0956 5248

12:56:32.0956 5248 OS Version: 6.1.7601 ServicePack: 1.0

12:56:32.0956 5248 Product type: Workstation

12:56:32.0956 5248 ComputerName: SPITFIREP

12:56:32.0956 5248 UserName: Donn Flem

12:56:32.0956 5248 Windows directory: C:\Windows

12:56:32.0956 5248 System windows directory: C:\Windows

12:56:32.0956 5248 Running under WOW64

12:56:32.0956 5248 Processor architecture: Intel x64

12:56:32.0956 5248 Number of processors: 2

12:56:32.0956 5248 Page size: 0x1000

12:56:32.0956 5248 Boot type: Normal boot

12:56:32.0956 5248 ============================================================

12:56:39.0914 5248 Initialize success

12:56:49.0013 5488 ============================================================

12:56:49.0013 5488 Scan started

12:56:49.0013 5488 Mode: Manual;

12:56:49.0013 5488 ============================================================

12:56:49.0684 5488 1394ohci (a87d604aea360176311474c87a63bb88) C:\Windows\system32\drivers\1394ohci.sys

12:56:49.0684 5488 1394ohci - ok

12:56:49.0746 5488 ACPI (d81d9e70b8a6dd14d42d7b4efa65d5f2) C:\Windows\system32\drivers\ACPI.sys

12:56:49.0746 5488 ACPI - ok

12:56:49.0855 5488 AcpiPmi (99f8e788246d495ce3794d7e7821d2ca) C:\Windows\system32\drivers\acpipmi.sys

12:56:49.0855 5488 AcpiPmi - ok

12:56:49.0996 5488 adp94xx (2f6b34b83843f0c5118b63ac634f5bf4) C:\Windows\system32\DRIVERS\adp94xx.sys

12:56:49.0996 5488 adp94xx - ok

12:56:50.0152 5488 adpahci (597f78224ee9224ea1a13d6350ced962) C:\Windows\system32\DRIVERS\adpahci.sys

12:56:50.0152 5488 adpahci - ok

12:56:50.0199 5488 adpu320 (e109549c90f62fb570b9540c4b148e54) C:\Windows\system32\DRIVERS\adpu320.sys

12:56:50.0199 5488 adpu320 - ok

12:56:50.0355 5488 AFD (d5b031c308a409a0a576bff4cf083d30) C:\Windows\system32\drivers\afd.sys

12:56:50.0370 5488 AFD - ok

12:56:50.0495 5488 agp440 (608c14dba7299d8cb6ed035a68a15799) C:\Windows\system32\drivers\agp440.sys

12:56:50.0511 5488 agp440 - ok

12:56:50.0667 5488 aliide (5812713a477a3ad7363c7438ca2ee038) C:\Windows\system32\drivers\aliide.sys

12:56:50.0667 5488 aliide - ok

12:56:50.0807 5488 amdide (1ff8b4431c353ce385c875f194924c0c) C:\Windows\system32\drivers\amdide.sys

12:56:50.0807 5488 amdide - ok

12:56:50.0947 5488 AmdK8 (7024f087cff1833a806193ef9d22cda9) C:\Windows\system32\DRIVERS\amdk8.sys

12:56:50.0947 5488 AmdK8 - ok

12:56:50.0994 5488 AmdPPM (1e56388b3fe0d031c44144eb8c4d6217) C:\Windows\system32\DRIVERS\amdppm.sys

12:56:51.0010 5488 AmdPPM - ok

12:56:51.0088 5488 amdsata (d4121ae6d0c0e7e13aa221aa57ef2d49) C:\Windows\system32\drivers\amdsata.sys

12:56:51.0088 5488 amdsata - ok

12:56:51.0135 5488 amdsbs (f67f933e79241ed32ff46a4f29b5120b) C:\Windows\system32\DRIVERS\amdsbs.sys

12:56:51.0135 5488 amdsbs - ok

12:56:51.0228 5488 amdxata (540daf1cea6094886d72126fd7c33048) C:\Windows\system32\drivers\amdxata.sys

12:56:51.0228 5488 amdxata - ok

12:56:51.0306 5488 AppID (89a69c3f2f319b43379399547526d952) C:\Windows\system32\drivers\appid.sys

12:56:51.0306 5488 AppID - ok

12:56:51.0493 5488 arc (c484f8ceb1717c540242531db7845c4e) C:\Windows\system32\DRIVERS\arc.sys

12:56:51.0509 5488 arc - ok

12:56:51.0540 5488 arcsas (019af6924aefe7839f61c830227fe79c) C:\Windows\system32\DRIVERS\arcsas.sys

12:56:51.0540 5488 arcsas - ok

12:56:51.0634 5488 AsyncMac (769765ce2cc62867468cea93969b2242) C:\Windows\system32\DRIVERS\asyncmac.sys

12:56:51.0634 5488 AsyncMac - ok

12:56:51.0712 5488 atapi (02062c0b390b7729edc9e69c680a6f3c) C:\Windows\system32\drivers\atapi.sys

12:56:51.0712 5488 atapi - ok

12:56:51.0837 5488 athr (e642491f64e58cd5bc8fb8b347dcf65f) C:\Windows\system32\DRIVERS\athrx.sys

12:56:51.0883 5488 athr - ok

12:56:52.0086 5488 b06bdrv (3e5b191307609f7514148c6832bb0842) C:\Windows\system32\DRIVERS\bxvbda.sys

12:56:52.0086 5488 b06bdrv - ok

12:56:52.0242 5488 b57nd60a (b5ace6968304a3900eeb1ebfd9622df2) C:\Windows\system32\DRIVERS\b57nd60a.sys

12:56:52.0242 5488 b57nd60a - ok

12:56:52.0351 5488 Beep (16a47ce2decc9b099349a5f840654746) C:\Windows\system32\drivers\Beep.sys

12:56:52.0351 5488 Beep - ok

12:56:52.0539 5488 blbdrive (61583ee3c3a17003c4acd0475646b4d3) C:\Windows\system32\DRIVERS\blbdrive.sys

12:56:52.0539 5488 blbdrive - ok

12:56:52.0632 5488 bowser (6c02a83164f5cc0a262f4199f0871cf5) C:\Windows\system32\DRIVERS\bowser.sys

12:56:52.0632 5488 bowser - ok

12:56:52.0710 5488 BrFiltLo (f09eee9edc320b5e1501f749fde686c8) C:\Windows\system32\DRIVERS\BrFiltLo.sys

12:56:52.0710 5488 BrFiltLo - ok

12:56:52.0741 5488 BrFiltUp (b114d3098e9bdb8bea8b053685831be6) C:\Windows\system32\DRIVERS\BrFiltUp.sys

12:56:52.0741 5488 BrFiltUp - ok

12:56:52.0819 5488 Brserid (43bea8d483bf1870f018e2d02e06a5bd) C:\Windows\System32\Drivers\Brserid.sys

12:56:52.0819 5488 Brserid - ok

12:56:52.0866 5488 BrSerWdm (a6eca2151b08a09caceca35c07f05b42) C:\Windows\System32\Drivers\BrSerWdm.sys

12:56:52.0866 5488 BrSerWdm - ok

12:56:52.0913 5488 BrUsbMdm (b79968002c277e869cf38bd22cd61524) C:\Windows\System32\Drivers\BrUsbMdm.sys

12:56:52.0913 5488 BrUsbMdm - ok

12:56:52.0991 5488 BrUsbSer (a87528880231c54e75ea7a44943b38bf) C:\Windows\System32\Drivers\BrUsbSer.sys

12:56:52.0991 5488 BrUsbSer - ok

12:56:53.0053 5488 BTHMODEM (9da669f11d1f894ab4eb69bf546a42e8) C:\Windows\system32\DRIVERS\bthmodem.sys

12:56:53.0053 5488 BTHMODEM - ok

12:56:53.0100 5488 catchme - ok

12:56:53.0225 5488 cdfs (b8bd2bb284668c84865658c77574381a) C:\Windows\system32\DRIVERS\cdfs.sys

12:56:53.0225 5488 cdfs - ok

12:56:53.0303 5488 cdrom (f036ce71586e93d94dab220d7bdf4416) C:\Windows\system32\drivers\cdrom.sys

12:56:53.0303 5488 cdrom - ok

12:56:53.0490 5488 cfwids (75f91554e5fa6e962b880405fecc97a1) C:\Windows\system32\drivers\cfwids.sys

12:56:53.0490 5488 cfwids - ok

12:56:53.0646 5488 circlass (d7cd5c4e1b71fa62050515314cfb52cf) C:\Windows\system32\DRIVERS\circlass.sys

12:56:53.0646 5488 circlass - ok

12:56:53.0802 5488 CLFS (fe1ec06f2253f691fe36217c592a0206) C:\Windows\system32\CLFS.sys

12:56:53.0802 5488 CLFS - ok

12:56:54.0036 5488 CmBatt (0840155d0bddf1190f84a663c284bd33) C:\Windows\system32\DRIVERS\CmBatt.sys

12:56:54.0036 5488 CmBatt - ok

12:56:54.0083 5488 cmdide (e19d3f095812725d88f9001985b94edd) C:\Windows\system32\drivers\cmdide.sys

12:56:54.0083 5488 cmdide - ok

12:56:54.0161 5488 CNG (d5fea92400f12412b3922087c09da6a5) C:\Windows\system32\Drivers\cng.sys

12:56:54.0161 5488 CNG - ok

12:56:54.0223 5488 Compbatt (102de219c3f61415f964c88e9085ad14) C:\Windows\system32\DRIVERS\compbatt.sys

12:56:54.0223 5488 Compbatt - ok

12:56:54.0301 5488 CompositeBus (03edb043586cceba243d689bdda370a8) C:\Windows\system32\drivers\CompositeBus.sys

12:56:54.0301 5488 CompositeBus - ok

12:56:54.0364 5488 crcdisk (1c827878a998c18847245fe1f34ee597) C:\Windows\system32\DRIVERS\crcdisk.sys

12:56:54.0364 5488 crcdisk - ok

12:56:54.0457 5488 DfsC (9bb2ef44eaa163b29c4a4587887a0fe4) C:\Windows\system32\Drivers\dfsc.sys

12:56:54.0457 5488 DfsC - ok

12:56:54.0535 5488 discache (13096b05847ec78f0977f2c0f79e9ab3) C:\Windows\system32\drivers\discache.sys

12:56:54.0535 5488 discache - ok

12:56:54.0598 5488 Disk (9819eee8b5ea3784ec4af3b137a5244c) C:\Windows\system32\DRIVERS\disk.sys

12:56:54.0598 5488 Disk - ok

12:56:54.0723 5488 drmkaud (9b19f34400d24df84c858a421c205754) C:\Windows\system32\drivers\drmkaud.sys

12:56:54.0723 5488 drmkaud - ok

12:56:54.0801 5488 DXGKrnl (f5bee30450e18e6b83a5012c100616fd) C:\Windows\System32\drivers\dxgkrnl.sys

12:56:54.0816 5488 DXGKrnl - ok

12:56:54.0941 5488 ebdrv (dc5d737f51be844d8c82c695eb17372f) C:\Windows\system32\DRIVERS\evbda.sys

12:56:55.0019 5488 ebdrv - ok

12:56:55.0206 5488 elxstor (0e5da5369a0fcaea12456dd852545184) C:\Windows\system32\DRIVERS\elxstor.sys

12:56:55.0222 5488 elxstor - ok

12:56:55.0331 5488 ErrDev (34a3c54752046e79a126e15c51db409b) C:\Windows\system32\drivers\errdev.sys

12:56:55.0331 5488 ErrDev - ok

12:56:55.0440 5488 exfat (a510c654ec00c1e9bdd91eeb3a59823b) C:\Windows\system32\drivers\exfat.sys

12:56:55.0440 5488 exfat - ok

12:56:55.0471 5488 fastfat (0adc83218b66a6db380c330836f3e36d) C:\Windows\system32\drivers\fastfat.sys

12:56:55.0471 5488 fastfat - ok

12:56:55.0643 5488 fdc (d765d19cd8ef61f650c384f62fac00ab) C:\Windows\system32\DRIVERS\fdc.sys

12:56:55.0643 5488 fdc - ok

12:56:55.0783 5488 FileInfo (655661be46b5f5f3fd454e2c3095b930) C:\Windows\system32\drivers\fileinfo.sys

12:56:55.0783 5488 FileInfo - ok

12:56:55.0861 5488 Filetrace (5f671ab5bc87eea04ec38a6cd5962a47) C:\Windows\system32\drivers\filetrace.sys

12:56:55.0877 5488 Filetrace - ok

12:56:55.0939 5488 flpydisk (c172a0f53008eaeb8ea33fe10e177af5) C:\Windows\system32\DRIVERS\flpydisk.sys

12:56:55.0939 5488 flpydisk - ok

12:56:55.0971 5488 FltMgr (da6b67270fd9db3697b20fce94950741) C:\Windows\system32\drivers\fltmgr.sys

12:56:55.0971 5488 FltMgr - ok

12:56:56.0142 5488 FsDepends (d43703496149971890703b4b1b723eac) C:\Windows\system32\drivers\FsDepends.sys

12:56:56.0142 5488 FsDepends - ok

12:56:56.0251 5488 Fs_Rec (e95ef8547de20cf0603557c0cf7a9462) C:\Windows\system32\drivers\Fs_Rec.sys

12:56:56.0267 5488 Fs_Rec - ok

12:56:56.0392 5488 fvevol (1f7b25b858fa27015169fe95e54108ed) C:\Windows\system32\DRIVERS\fvevol.sys

12:56:56.0392 5488 fvevol - ok

12:56:56.0423 5488 gagp30kx (8c778d335c9d272cfd3298ab02abe3b6) C:\Windows\system32\DRIVERS\gagp30kx.sys

12:56:56.0423 5488 gagp30kx - ok

12:56:56.0626 5488 GEARAspiWDM (e403aacf8c7bb11375122d2464560311) C:\Windows\system32\DRIVERS\GEARAspiWDM.sys

12:56:56.0626 5488 GEARAspiWDM - ok

12:56:56.0829 5488 hcw85cir (f2523ef6460fc42405b12248338ab2f0) C:\Windows\system32\drivers\hcw85cir.sys

12:56:56.0829 5488 hcw85cir - ok

12:56:57.0016 5488 HdAudAddService (975761c778e33cd22498059b91e7373a) C:\Windows\system32\drivers\HdAudio.sys

12:56:57.0016 5488 HdAudAddService - ok

12:56:57.0203 5488 HDAudBus (97bfed39b6b79eb12cddbfeed51f56bb) C:\Windows\system32\drivers\HDAudBus.sys

12:56:57.0219 5488 HDAudBus - ok

12:56:57.0390 5488 HECIx64 (b6ac71aaa2b10848f57fc49d55a651af) C:\Windows\system32\DRIVERS\HECIx64.sys

12:56:57.0406 5488 HECIx64 - ok

12:56:57.0566 5488 HidBatt (78e86380454a7b10a5eb255dc44a355f) C:\Windows\system32\DRIVERS\HidBatt.sys

12:56:57.0567 5488 HidBatt - ok

12:56:57.0706 5488 HidBth (7fd2a313f7afe5c4dab14798c48dd104) C:\Windows\system32\DRIVERS\hidbth.sys

12:56:57.0708 5488 HidBth - ok

12:56:57.0892 5488 HidIr (0a77d29f311b88cfae3b13f9c1a73825) C:\Windows\system32\DRIVERS\hidir.sys

12:56:57.0894 5488 HidIr - ok

12:56:58.0068 5488 HidUsb (9592090a7e2b61cd582b612b6df70536) C:\Windows\system32\DRIVERS\hidusb.sys

12:56:58.0070 5488 HidUsb - ok

12:56:58.0251 5488 HpSAMD (39d2abcd392f3d8a6dce7b60ae7b8efc) C:\Windows\system32\drivers\HpSAMD.sys

12:56:58.0253 5488 HpSAMD - ok

12:56:58.0469 5488 HTTP (0ea7de1acb728dd5a369fd742d6eee28) C:\Windows\system32\drivers\HTTP.sys

12:56:58.0478 5488 HTTP - ok

12:56:58.0674 5488 hwpolicy (a5462bd6884960c9dc85ed49d34ff392) C:\Windows\system32\drivers\hwpolicy.sys

12:56:58.0674 5488 hwpolicy - ok

12:56:58.0861 5488 i8042prt (fa55c73d4affa7ee23ac4be53b4592d3) C:\Windows\system32\drivers\i8042prt.sys

12:56:58.0861 5488 i8042prt - ok

12:56:59.0048 5488 iaStor (1384872112e8e7fd5786eceb8bddf4c9) C:\Windows\system32\DRIVERS\iaStor.sys

12:56:59.0048 5488 iaStor - ok

12:56:59.0251 5488 iaStorV (aaaf44db3bd0b9d1fb6969b23ecc8366) C:\Windows\system32\drivers\iaStorV.sys

12:56:59.0267 5488 iaStorV - ok

12:56:59.0641 5488 igfx (c6238c6abd6ac99f5d152da4e9439a3d) C:\Windows\system32\DRIVERS\igdkmd64.sys

12:56:59.0860 5488 igfx - ok

12:57:00.0000 5488 iirsp (5c18831c61933628f5bb0ea2675b9d21) C:\Windows\system32\DRIVERS\iirsp.sys

12:57:00.0000 5488 iirsp - ok

12:57:00.0125 5488 Impcd (dd587a55390ed2295bce6d36ad567da9) C:\Windows\system32\DRIVERS\Impcd.sys

12:57:00.0140 5488 Impcd - ok

12:57:00.0374 5488 IntcAzAudAddService (235362d403d9d677514649d88db31914) C:\Windows\system32\drivers\RTKVHD64.sys

12:57:00.0421 5488 IntcAzAudAddService - ok

12:57:00.0624 5488 IntcDAud (58cf58dee26c909bd6f977b61d246295) C:\Windows\system32\DRIVERS\IntcDAud.sys

12:57:00.0640 5488 IntcDAud - ok

12:57:00.0702 5488 intelide (f00f20e70c6ec3aa366910083a0518aa) C:\Windows\system32\drivers\intelide.sys

12:57:00.0702 5488 intelide - ok

12:57:00.0858 5488 intelppm (ada036632c664caa754079041cf1f8c1) C:\Windows\system32\DRIVERS\intelppm.sys

12:57:00.0858 5488 intelppm - ok

12:57:00.0998 5488 IpFilterDriver (c9f0e1bd74365a8771590e9008d22ab6) C:\Windows\system32\DRIVERS\ipfltdrv.sys

12:57:01.0014 5488 IpFilterDriver - ok

12:57:01.0186 5488 IPMIDRV (0fc1aea580957aa8817b8f305d18ca3a) C:\Windows\system32\drivers\IPMIDrv.sys

12:57:01.0186 5488 IPMIDRV - ok

12:57:01.0342 5488 IPNAT (af9b39a7e7b6caa203b3862582e9f2d0) C:\Windows\system32\drivers\ipnat.sys

12:57:01.0342 5488 IPNAT - ok

12:57:01.0529 5488 IRENUM (3abf5e7213eb28966d55d58b515d5ce9) C:\Windows\system32\drivers\irenum.sys

12:57:01.0544 5488 IRENUM - ok

12:57:01.0685 5488 isapnp (2f7b28dc3e1183e5eb418df55c204f38) C:\Windows\system32\drivers\isapnp.sys

12:57:01.0685 5488 isapnp - ok

12:57:01.0810 5488 iScsiPrt (d931d7309deb2317035b07c9f9e6b0bd) C:\Windows\system32\drivers\msiscsi.sys

12:57:01.0825 5488 iScsiPrt - ok

12:57:02.0012 5488 k57nd60a (37e053a2cf8f0082b689ed74106e0cec) C:\Windows\system32\DRIVERS\k57nd60a.sys

12:57:02.0012 5488 k57nd60a - ok

12:57:02.0184 5488 kbdclass (bc02336f1cba7dcc7d1213bb588a68a5) C:\Windows\system32\DRIVERS\kbdclass.sys

12:57:02.0184 5488 kbdclass - ok

12:57:02.0309 5488 kbdhid (0705eff5b42a9db58548eec3b26bb484) C:\Windows\system32\DRIVERS\kbdhid.sys

12:57:02.0324 5488 kbdhid - ok

12:57:02.0512 5488 KSecDD (ccd53b5bd33ce0c889e830d839c8b66e) C:\Windows\system32\Drivers\ksecdd.sys

12:57:02.0512 5488 KSecDD - ok

12:57:02.0668 5488 KSecPkg (9ff918a261752c12639e8ad4208d2c2f) C:\Windows\system32\Drivers\ksecpkg.sys

12:57:02.0668 5488 KSecPkg - ok

12:57:02.0839 5488 ksthunk (6869281e78cb31a43e969f06b57347c4) C:\Windows\system32\drivers\ksthunk.sys

12:57:02.0839 5488 ksthunk - ok

12:57:03.0042 5488 lltdio (1538831cf8ad2979a04c423779465827) C:\Windows\system32\DRIVERS\lltdio.sys

12:57:03.0042 5488 lltdio - ok

12:57:03.0260 5488 LSI_FC (1a93e54eb0ece102495a51266dcdb6a6) C:\Windows\system32\DRIVERS\lsi_fc.sys

12:57:03.0260 5488 LSI_FC - ok

12:57:03.0448 5488 LSI_SAS (1047184a9fdc8bdbff857175875ee810) C:\Windows\system32\DRIVERS\lsi_sas.sys

12:57:03.0448 5488 LSI_SAS - ok

12:57:03.0650 5488 LSI_SAS2 (30f5c0de1ee8b5bc9306c1f0e4a75f93) C:\Windows\system32\DRIVERS\lsi_sas2.sys

12:57:03.0650 5488 LSI_SAS2 - ok

12:57:03.0791 5488 LSI_SCSI (0504eacaff0d3c8aed161c4b0d369d4a) C:\Windows\system32\DRIVERS\lsi_scsi.sys

12:57:03.0791 5488 LSI_SCSI - ok

12:57:03.0931 5488 luafv (43d0f98e1d56ccddb0d5254cff7b356e) C:\Windows\system32\drivers\luafv.sys

12:57:03.0947 5488 luafv - ok

12:57:04.0056 5488 MBAMProtector (9c4fb231b6e02f84580de2f00f3c5293) C:\Windows\system32\drivers\mbam.sys

12:57:04.0056 5488 MBAMProtector - ok

12:57:04.0290 5488 megasas (a55805f747c6edb6a9080d7c633bd0f4) C:\Windows\system32\DRIVERS\megasas.sys

12:57:04.0290 5488 megasas - ok

12:57:04.0415 5488 MegaSR (baf74ce0072480c3b6b7c13b2a94d6b3) C:\Windows\system32\DRIVERS\MegaSR.sys

12:57:04.0430 5488 MegaSR - ok

12:57:04.0586 5488 mfeapfk (eac376dd77ec9e95d38108a27c261dca) C:\Windows\system32\drivers\mfeapfk.sys

12:57:04.0602 5488 mfeapfk - ok

12:57:04.0774 5488 mfeavfk (f55f50b11d635658f346db0457bb2b79) C:\Windows\system32\drivers\mfeavfk.sys

12:57:04.0789 5488 mfeavfk - ok

12:57:04.0930 5488 mfeavfk01 - ok

12:57:05.0101 5488 mfefirek (33b8e35c5839a83d6700aab3e464553b) C:\Windows\system32\drivers\mfefirek.sys

12:57:05.0101 5488 mfefirek - ok

12:57:05.0273 5488 mfehidk (ada8c105c8f9a61284c75157c170585b) C:\Windows\system32\drivers\mfehidk.sys

12:57:05.0273 5488 mfehidk - ok

12:57:05.0476 5488 mfenlfk (c52ee6d1e1e5a69c989acc478051964e) C:\Windows\system32\DRIVERS\mfenlfk.sys

12:57:05.0476 5488 mfenlfk - ok

12:57:05.0663 5488 mferkdet (b000720e19ef733f938a6269d630f5dd) C:\Windows\system32\drivers\mferkdet.sys

12:57:05.0663 5488 mferkdet - ok

12:57:05.0834 5488 mfewfpk (62717ab68b38efee54678b85e19b0538) C:\Windows\system32\drivers\mfewfpk.sys

12:57:05.0850 5488 mfewfpk - ok

12:57:06.0022 5488 Modem (800ba92f7010378b09f9ed9270f07137) C:\Windows\system32\drivers\modem.sys

12:57:06.0022 5488 Modem - ok

12:57:06.0162 5488 monitor (b03d591dc7da45ece20b3b467e6aadaa) C:\Windows\system32\DRIVERS\monitor.sys

12:57:06.0178 5488 monitor - ok

12:57:06.0365 5488 mouclass (7d27ea49f3c1f687d357e77a470aea99) C:\Windows\system32\DRIVERS\mouclass.sys

12:57:06.0365 5488 mouclass - ok

12:57:06.0521 5488 mouhid (d3bf052c40b0c4166d9fd86a4288c1e6) C:\Windows\system32\DRIVERS\mouhid.sys

12:57:06.0521 5488 mouhid - ok

12:57:06.0692 5488 mountmgr (32e7a3d591d671a6df2db515a5cbe0fa) C:\Windows\system32\drivers\mountmgr.sys

12:57:06.0692 5488 mountmgr - ok

12:57:06.0848 5488 mpio (a44b420d30bd56e145d6a2bc8768ec58) C:\Windows\system32\drivers\mpio.sys

12:57:06.0848 5488 mpio - ok

12:57:06.0989 5488 mpsdrv (6c38c9e45ae0ea2fa5e551f2ed5e978f) C:\Windows\system32\drivers\mpsdrv.sys

12:57:06.0989 5488 mpsdrv - ok

12:57:07.0114 5488 MRxDAV (dc722758b8261e1abafd31a3c0a66380) C:\Windows\system32\drivers\mrxdav.sys

12:57:07.0114 5488 MRxDAV - ok

12:57:07.0270 5488 mrxsmb (a5d9106a73dc88564c825d317cac68ac) C:\Windows\system32\DRIVERS\mrxsmb.sys

12:57:07.0270 5488 mrxsmb - ok

12:57:07.0410 5488 mrxsmb10 (d711b3c1d5f42c0c2415687be09fc163) C:\Windows\system32\DRIVERS\mrxsmb10.sys

12:57:07.0410 5488 mrxsmb10 - ok

12:57:07.0566 5488 mrxsmb20 (9423e9d355c8d303e76b8cfbd8a5c30c) C:\Windows\system32\DRIVERS\mrxsmb20.sys

12:57:07.0566 5488 mrxsmb20 - ok

12:57:07.0753 5488 msahci (c25f0bafa182cbca2dd3c851c2e75796) C:\Windows\system32\drivers\msahci.sys

12:57:07.0753 5488 msahci - ok

12:57:07.0894 5488 msdsm (db801a638d011b9633829eb6f663c900) C:\Windows\system32\drivers\msdsm.sys

12:57:07.0909 5488 msdsm - ok

12:57:08.0096 5488 Msfs (aa3fb40e17ce1388fa1bedab50ea8f96) C:\Windows\system32\drivers\Msfs.sys

12:57:08.0096 5488 Msfs - ok

12:57:08.0268 5488 mshidkmdf (f9d215a46a8b9753f61767fa72a20326) C:\Windows\System32\drivers\mshidkmdf.sys

12:57:08.0268 5488 mshidkmdf - ok

12:57:08.0455 5488 msisadrv (d916874bbd4f8b07bfb7fa9b3ccae29d) C:\Windows\system32\drivers\msisadrv.sys

12:57:08.0455 5488 msisadrv - ok

12:57:08.0642 5488 MSKSSRV (49ccf2c4fea34ffad8b1b59d49439366) C:\Windows\system32\drivers\MSKSSRV.sys

12:57:08.0642 5488 MSKSSRV - ok

12:57:08.0814 5488 MSPCLOCK (bdd71ace35a232104ddd349ee70e1ab3) C:\Windows\system32\drivers\MSPCLOCK.sys

12:57:08.0814 5488 MSPCLOCK - ok

12:57:08.0986 5488 MSPQM (4ed981241db27c3383d72092b618a1d0) C:\Windows\system32\drivers\MSPQM.sys

12:57:08.0986 5488 MSPQM - ok

12:57:09.0173 5488 MsRPC (759a9eeb0fa9ed79da1fb7d4ef78866d) C:\Windows\system32\drivers\MsRPC.sys

12:57:09.0173 5488 MsRPC - ok

12:57:09.0344 5488 mssmbios (0eed230e37515a0eaee3c2e1bc97b288) C:\Windows\system32\drivers\mssmbios.sys

12:57:09.0344 5488 mssmbios - ok

12:57:09.0516 5488 MSTEE (2e66f9ecb30b4221a318c92ac2250779) C:\Windows\system32\drivers\MSTEE.sys

12:57:09.0516 5488 MSTEE - ok

12:57:09.0688 5488 MTConfig (7ea404308934e675bffde8edf0757bcd) C:\Windows\system32\DRIVERS\MTConfig.sys

12:57:09.0688 5488 MTConfig - ok

12:57:09.0859 5488 Mup (f9a18612fd3526fe473c1bda678d61c8) C:\Windows\system32\Drivers\mup.sys

12:57:09.0859 5488 Mup - ok

12:57:10.0046 5488 mwlPSDFilter (6ffecc25b39dc7652a0cec0ada9db589) C:\Windows\system32\DRIVERS\mwlPSDFilter.sys

12:57:10.0046 5488 mwlPSDFilter - ok

12:57:10.0234 5488 mwlPSDNServ (0befe32ca56d6ee89d58175725596a85) C:\Windows\system32\DRIVERS\mwlPSDNServ.sys

12:57:10.0234 5488 mwlPSDNServ - ok

12:57:10.0390 5488 mwlPSDVDisk (d43bc633b8660463e446e28e14a51262) C:\Windows\system32\DRIVERS\mwlPSDVDisk.sys

12:57:10.0390 5488 mwlPSDVDisk - ok

12:57:10.0608 5488 NativeWifiP (1ea3749c4114db3e3161156ffffa6b33) C:\Windows\system32\DRIVERS\nwifi.sys

12:57:10.0608 5488 NativeWifiP - ok

12:57:10.0826 5488 NDIS (79b47fd40d9a817e932f9d26fac0a81c) C:\Windows\system32\drivers\ndis.sys

12:57:10.0842 5488 NDIS - ok

12:57:11.0029 5488 NdisCap (9f9a1f53aad7da4d6fef5bb73ab811ac) C:\Windows\system32\DRIVERS\ndiscap.sys

12:57:11.0029 5488 NdisCap - ok

12:57:11.0216 5488 NdisTapi (30639c932d9fef22b31268fe25a1b6e5) C:\Windows\system32\DRIVERS\ndistapi.sys

12:57:11.0216 5488 NdisTapi - ok

12:57:11.0404 5488 Ndisuio (136185f9fb2cc61e573e676aa5402356) C:\Windows\system32\DRIVERS\ndisuio.sys

12:57:11.0404 5488 Ndisuio - ok

12:57:11.0575 5488 NdisWan (53f7305169863f0a2bddc49e116c2e11) C:\Windows\system32\DRIVERS\ndiswan.sys

12:57:11.0575 5488 NdisWan - ok

12:57:11.0778 5488 NDProxy (015c0d8e0e0421b4cfd48cffe2825879) C:\Windows\system32\drivers\NDProxy.sys

12:57:11.0778 5488 NDProxy - ok

12:57:11.0981 5488 NetBIOS (86743d9f5d2b1048062b14b1d84501c4) C:\Windows\system32\DRIVERS\netbios.sys

12:57:11.0981 5488 NetBIOS - ok

12:57:12.0152 5488 NetBT (09594d1089c523423b32a4229263f068) C:\Windows\system32\DRIVERS\netbt.sys

12:57:12.0152 5488 NetBT - ok

12:57:12.0355 5488 nfrd960 (77889813be4d166cdab78ddba990da92) C:\Windows\system32\DRIVERS\nfrd960.sys

12:57:12.0355 5488 nfrd960 - ok

12:57:12.0574 5488 Npfs (1e4c4ab5c9b8dd13179bbdc75a2a01f7) C:\Windows\system32\drivers\Npfs.sys

12:57:12.0574 5488 Npfs - ok

12:57:12.0761 5488 nsiproxy (e7f5ae18af4168178a642a9247c63001) C:\Windows\system32\drivers\nsiproxy.sys

12:57:12.0761 5488 nsiproxy - ok

12:57:12.0948 5488 Ntfs (a2f74975097f52a00745f9637451fdd8) C:\Windows\system32\drivers\Ntfs.sys

12:57:12.0995 5488 Ntfs - ok

12:57:13.0198 5488 NTIDrvr (ee3ba1024594d5d09e314f206b94069e) C:\Windows\system32\drivers\NTIDrvr.sys

12:57:13.0213 5488 NTIDrvr - ok

12:57:13.0385 5488 Null (9899284589f75fa8724ff3d16aed75c1) C:\Windows\system32\drivers\Null.sys

12:57:13.0385 5488 Null - ok

12:57:13.0588 5488 nvraid (0a92cb65770442ed0dc44834632f66ad) C:\Windows\system32\drivers\nvraid.sys

12:57:13.0588 5488 nvraid - ok

12:57:13.0775 5488 nvstor (dab0e87525c10052bf65f06152f37e4a) C:\Windows\system32\drivers\nvstor.sys

12:57:13.0775 5488 nvstor - ok

12:57:13.0962 5488 nv_agp (270d7cd42d6e3979f6dd0146650f0e05) C:\Windows\system32\drivers\nv_agp.sys

12:57:13.0962 5488 nv_agp - ok

12:57:14.0134 5488 ohci1394 (3589478e4b22ce21b41fa1bfc0b8b8a0) C:\Windows\system32\drivers\ohci1394.sys

12:57:14.0149 5488 ohci1394 - ok

12:57:14.0383 5488 Parport (0086431c29c35be1dbc43f52cc273887) C:\Windows\system32\DRIVERS\parport.sys

12:57:14.0383 5488 Parport - ok

12:57:14.0570 5488 partmgr (871eadac56b0a4c6512bbe32753ccf79) C:\Windows\system32\drivers\partmgr.sys

12:57:14.0570 5488 partmgr - ok

12:57:14.0758 5488 pci (94575c0571d1462a0f70bde6bd6ee6b3) C:\Windows\system32\drivers\pci.sys

12:57:14.0758 5488 pci - ok

12:57:14.0929 5488 pciide (b5b8b5ef2e5cb34df8dcf8831e3534fa) C:\Windows\system32\drivers\pciide.sys

12:57:14.0929 5488 pciide - ok

12:57:15.0116 5488 pcmcia (b2e81d4e87ce48589f98cb8c05b01f2f) C:\Windows\system32\DRIVERS\pcmcia.sys

12:57:15.0132 5488 pcmcia - ok

12:57:15.0304 5488 pcw (d6b9c2e1a11a3a4b26a182ffef18f603) C:\Windows\system32\drivers\pcw.sys

12:57:15.0319 5488 pcw - ok

12:57:15.0506 5488 PEAUTH (68769c3356b3be5d1c732c97b9a80d6e) C:\Windows\system32\drivers\peauth.sys

12:57:15.0522 5488 PEAUTH - ok

12:57:15.0756 5488 PptpMiniport (f92a2c41117a11a00be01ca01a7fcde9) C:\Windows\system32\DRIVERS\raspptp.sys

12:57:15.0772 5488 PptpMiniport - ok

12:57:15.0943 5488 Processor (0d922e23c041efb1c3fac2a6f943c9bf) C:\Windows\system32\DRIVERS\processr.sys

12:57:15.0943 5488 Processor - ok

12:57:16.0162 5488 Psched (0557cf5a2556bd58e26384169d72438d) C:\Windows\system32\DRIVERS\pacer.sys

12:57:16.0162 5488 Psched - ok

12:57:16.0364 5488 ql2300 (a53a15a11ebfd21077463ee2c7afeef0) C:\Windows\system32\DRIVERS\ql2300.sys

12:57:16.0396 5488 ql2300 - ok

12:57:16.0583 5488 ql40xx (4f6d12b51de1aaeff7dc58c4d75423c8) C:\Windows\system32\DRIVERS\ql40xx.sys

12:57:16.0583 5488 ql40xx - ok

12:57:16.0754 5488 QWAVEdrv (76707bb36430888d9ce9d705398adb6c) C:\Windows\system32\drivers\qwavedrv.sys

12:57:16.0754 5488 QWAVEdrv - ok

12:57:16.0942 5488 RasAcd (5a0da8ad5762fa2d91678a8a01311704) C:\Windows\system32\DRIVERS\rasacd.sys

12:57:16.0942 5488 RasAcd - ok

12:57:17.0129 5488 RasAgileVpn (7ecff9b22276b73f43a99a15a6094e90) C:\Windows\system32\DRIVERS\AgileVpn.sys

12:57:17.0144 5488 RasAgileVpn - ok

12:57:17.0332 5488 Rasl2tp (471815800ae33e6f1c32fb1b97c490ca) C:\Windows\system32\DRIVERS\rasl2tp.sys

12:57:17.0347 5488 Rasl2tp - ok

12:57:17.0550 5488 RasPppoe (855c9b1cd4756c5e9a2aa58a15f58c25) C:\Windows\system32\DRIVERS\raspppoe.sys

12:57:17.0550 5488 RasPppoe - ok

12:57:17.0737 5488 RasSstp (e8b1e447b008d07ff47d016c2b0eeecb) C:\Windows\system32\DRIVERS\rassstp.sys

12:57:17.0737 5488 RasSstp - ok

12:57:17.0924 5488 rdbss (77f665941019a1594d887a74f301fa2f) C:\Windows\system32\DRIVERS\rdbss.sys

12:57:17.0940 5488 rdbss - ok

12:57:18.0112 5488 rdpbus (302da2a0539f2cf54d7c6cc30c1f2d8d) C:\Windows\system32\DRIVERS\rdpbus.sys

12:57:18.0112 5488 rdpbus - ok

12:57:18.0314 5488 RDPCDD (cea6cc257fc9b7715f1c2b4849286d24) C:\Windows\system32\DRIVERS\RDPCDD.sys

12:57:18.0314 5488 RDPCDD - ok

12:57:18.0502 5488 RDPENCDD (bb5971a4f00659529a5c44831af22365) C:\Windows\system32\drivers\rdpencdd.sys

12:57:18.0502 5488 RDPENCDD - ok

12:57:18.0704 5488 RDPREFMP (216f3fa57533d98e1f74ded70113177a) C:\Windows\system32\drivers\rdprefmp.sys

12:57:18.0704 5488 RDPREFMP - ok

12:57:18.0892 5488 RDPWD (15b66c206b5cb095bab980553f38ed23) C:\Windows\system32\drivers\RDPWD.sys

12:57:18.0892 5488 RDPWD - ok

12:57:19.0110 5488 rdyboost (34ed295fa0121c241bfef24764fc4520) C:\Windows\system32\drivers\rdyboost.sys

12:57:19.0126 5488 rdyboost - ok

12:57:19.0375 5488 rspndr (ddc86e4f8e7456261e637e3552e804ff) C:\Windows\system32\DRIVERS\rspndr.sys

12:57:19.0375 5488 rspndr - ok

12:57:19.0609 5488 RSUSBSTOR (763ae0c6d9df4c24b7e2c26036a8188a) C:\Windows\system32\Drivers\RtsUStor.sys

12:57:19.0609 5488 RSUSBSTOR - ok

12:57:19.0796 5488 sbp2port (ac03af3329579fffb455aa2daabbe22b) C:\Windows\system32\drivers\sbp2port.sys

12:57:19.0796 5488 sbp2port - ok

12:57:20.0015 5488 scfilter (253f38d0d7074c02ff8deb9836c97d2b) C:\Windows\system32\DRIVERS\scfilter.sys

12:57:20.0015 5488 scfilter - ok

12:57:20.0218 5488 secdrv (3ea8a16169c26afbeb544e0e48421186) C:\Windows\system32\drivers\secdrv.sys

12:57:20.0218 5488 secdrv - ok

12:57:20.0420 5488 Serenum (cb624c0035412af0debec78c41f5ca1b) C:\Windows\system32\DRIVERS\serenum.sys

12:57:20.0420 5488 Serenum - ok

12:57:20.0639 5488 Serial (c1d8e28b2c2adfaec4ba89e9fda69bd6) C:\Windows\system32\DRIVERS\serial.sys

12:57:20.0639 5488 Serial - ok

12:57:20.0857 5488 sermouse (1c545a7d0691cc4a027396535691c3e3) C:\Windows\system32\DRIVERS\sermouse.sys

12:57:20.0857 5488 sermouse - ok

12:57:21.0060 5488 sffdisk (a554811bcd09279536440c964ae35bbf) C:\Windows\system32\drivers\sffdisk.sys

12:57:21.0060 5488 sffdisk - ok

12:57:21.0247 5488 sffp_mmc (ff414f0baefeba59bc6c04b3db0b87bf) C:\Windows\system32\drivers\sffp_mmc.sys

12:57:21.0247 5488 sffp_mmc - ok

12:57:21.0419 5488 sffp_sd (dd85b78243a19b59f0637dcf284da63c) C:\Windows\system32\drivers\sffp_sd.sys

12:57:21.0419 5488 sffp_sd - ok

12:57:21.0606 5488 sfloppy (a9d601643a1647211a1ee2ec4e433ff4) C:\Windows\system32\DRIVERS\sfloppy.sys

12:57:21.0606 5488 sfloppy - ok

12:57:21.0824 5488 SiSRaid2 (843caf1e5fde1ffd5ff768f23a51e2e1) C:\Windows\system32\DRIVERS\SiSRaid2.sys

12:57:21.0840 5488 SiSRaid2 - ok

12:57:22.0027 5488 SiSRaid4 (6a6c106d42e9ffff8b9fcb4f754f6da4) C:\Windows\system32\DRIVERS\sisraid4.sys

12:57:22.0027 5488 SiSRaid4 - ok

12:57:22.0214 5488 Smb (548260a7b8654e024dc30bf8a7c5baa4) C:\Windows\system32\DRIVERS\smb.sys

12:57:22.0214 5488 Smb - ok

12:57:22.0448 5488 spldr (b9e31e5cacdfe584f34f730a677803f9) C:\Windows\system32\drivers\spldr.sys

12:57:22.0448 5488 spldr - ok

12:57:22.0636 5488 srv (441fba48bff01fdb9d5969ebc1838f0b) C:\Windows\system32\DRIVERS\srv.sys

12:57:22.0636 5488 srv - ok

12:57:22.0838 5488 srv2 (b4adebbf5e3677cce9651e0f01f7cc28) C:\Windows\system32\DRIVERS\srv2.sys

12:57:22.0854 5488 srv2 - ok

12:57:23.0088 5488 srvnet (27e461f0be5bff5fc737328f749538c3) C:\Windows\system32\DRIVERS\srvnet.sys

12:57:23.0088 5488 srvnet - ok

12:57:23.0291 5488 stexstor (f3817967ed533d08327dc73bc4d5542a) C:\Windows\system32\DRIVERS\stexstor.sys

12:57:23.0306 5488 stexstor - ok

12:57:23.0494 5488 swenum (d01ec09b6711a5f8e7e6564a4d0fbc90) C:\Windows\system32\drivers\swenum.sys

12:57:23.0509 5488 swenum - ok

12:57:23.0743 5488 SynTP (064a2530a4a7c7cec1be6a1945645be4) C:\Windows\system32\DRIVERS\SynTP.sys

12:57:23.0743 5488 SynTP - ok

12:57:23.0993 5488 Tcpip (f0e98c00a09fdf791525829a1d14240f) C:\Windows\system32\drivers\tcpip.sys

12:57:24.0040 5488 Tcpip - ok

12:57:24.0289 5488 TCPIP6 (f0e98c00a09fdf791525829a1d14240f) C:\Windows\system32\DRIVERS\tcpip.sys

12:57:24.0289 5488 TCPIP6 - ok

12:57:24.0476 5488 tcpipreg (df687e3d8836bfb04fcc0615bf15a519) C:\Windows\system32\drivers\tcpipreg.sys

12:57:24.0476 5488 tcpipreg - ok

12:57:24.0648 5488 TDPIPE (3371d21011695b16333a3934340c4e7c) C:\Windows\system32\drivers\tdpipe.sys

12:57:24.0648 5488 TDPIPE - ok

12:57:24.0804 5488 TDTCP (e4245bda3190a582d55ed09e137401a9) C:\Windows\system32\drivers\tdtcp.sys

12:57:24.0804 5488 TDTCP - ok

12:57:25.0022 5488 tdx (ddad5a7ab24d8b65f8d724f5c20fd806) C:\Windows\system32\DRIVERS\tdx.sys

12:57:25.0022 5488 tdx - ok

12:57:25.0225 5488 TermDD (561e7e1f06895d78de991e01dd0fb6e5) C:\Windows\system32\drivers\termdd.sys

12:57:25.0241 5488 TermDD - ok

12:57:25.0475 5488 tssecsrv (ce18b2cdfc837c99e5fae9ca6cba5d30) C:\Windows\system32\DRIVERS\tssecsrv.sys

12:57:25.0475 5488 tssecsrv - ok

12:57:25.0646 5488 TsUsbFlt (d11c783e3ef9a3c52c0ebe83cc5000e9) C:\Windows\system32\drivers\tsusbflt.sys

12:57:25.0662 5488 TsUsbFlt - ok

12:57:25.0865 5488 tunnel (3566a8daafa27af944f5d705eaa64894) C:\Windows\system32\DRIVERS\tunnel.sys

12:57:25.0865 5488 tunnel - ok

12:57:26.0036 5488 uagp35 (b4dd609bd7e282bfc683cec7eaaaad67) C:\Windows\system32\DRIVERS\uagp35.sys

12:57:26.0036 5488 uagp35 - ok

12:57:26.0208 5488 UBHelper (a17d5e1a6df4eab0a480f2c490de4c9d) C:\Windows\system32\drivers\UBHelper.sys

12:57:26.0208 5488 UBHelper - ok

12:57:26.0411 5488 udfs (ff4232a1a64012baa1fd97c7b67df593) C:\Windows\system32\DRIVERS\udfs.sys

12:57:26.0411 5488 udfs - ok

12:57:26.0629 5488 uliagpkx (4bfe1bc28391222894cbf1e7d0e42320) C:\Windows\system32\drivers\uliagpkx.sys

12:57:26.0629 5488 uliagpkx - ok

12:57:26.0816 5488 umbus (dc54a574663a895c8763af0fa1ff7561) C:\Windows\system32\drivers\umbus.sys

12:57:26.0832 5488 umbus - ok

12:57:27.0019 5488 UmPass (b2e8e8cb557b156da5493bbddcc1474d) C:\Windows\system32\DRIVERS\umpass.sys

12:57:27.0019 5488 UmPass - ok

12:57:27.0222 5488 usbccgp (6f1a3157a1c89435352ceb543cdb359c) C:\Windows\system32\DRIVERS\usbccgp.sys

12:57:27.0238 5488 usbccgp - ok

12:57:27.0425 5488 usbcir (af0892a803fdda7492f595368e3b68e7) C:\Windows\system32\drivers\usbcir.sys

12:57:27.0440 5488 usbcir - ok

12:57:27.0612 5488 usbehci (c025055fe7b87701eb042095df1a2d7b) C:\Windows\system32\drivers\usbehci.sys

12:57:27.0612 5488 usbehci - ok

12:57:27.0830 5488 usbhub (287c6c9410b111b68b52ca298f7b8c24) C:\Windows\system32\DRIVERS\usbhub.sys

12:57:27.0830 5488 usbhub - ok

12:57:28.0002 5488 usbohci (9840fc418b4cbd632d3d0a667a725c31) C:\Windows\system32\drivers\usbohci.sys

12:57:28.0002 5488 usbohci - ok

12:57:28.0189 5488 usbprint (73188f58fb384e75c4063d29413cee3d) C:\Windows\system32\DRIVERS\usbprint.sys

12:57:28.0189 5488 usbprint - ok

12:57:28.0423 5488 usbscan (aaa2513c8aed8b54b189fd0c6b1634c0) C:\Windows\system32\DRIVERS\usbscan.sys

12:57:28.0423 5488 usbscan - ok

12:57:28.0610 5488 USBSTOR (fed648b01349a3c8395a5169db5fb7d6) C:\Windows\system32\DRIVERS\USBSTOR.SYS

12:57:28.0610 5488 USBSTOR - ok

12:57:28.0798 5488 usbuhci (62069a34518bcf9c1fd9e74b3f6db7cd) C:\Windows\system32\drivers\usbuhci.sys

12:57:28.0798 5488 usbuhci - ok

12:57:29.0032 5488 usbvideo (454800c2bc7f3927ce030141ee4f4c50) C:\Windows\System32\Drivers\usbvideo.sys

12:57:29.0032 5488 usbvideo - ok

12:57:29.0266 5488 vdrvroot (c5c876ccfc083ff3b128f933823e87bd) C:\Windows\system32\drivers\vdrvroot.sys

12:57:29.0266 5488 vdrvroot - ok

12:57:29.0484 5488 vga (da4da3f5e02943c2dc8c6ed875de68dd) C:\Windows\system32\DRIVERS\vgapnp.sys

12:57:29.0484 5488 vga - ok

12:57:29.0671 5488 VgaSave (53e92a310193cb3c03bea963de7d9cfc) C:\Windows\System32\drivers\vga.sys

12:57:29.0671 5488 VgaSave - ok

12:57:29.0858 5488 vhdmp (2ce2df28c83aeaf30084e1b1eb253cbb) C:\Windows\system32\drivers\vhdmp.sys

12:57:29.0858 5488 vhdmp - ok

12:57:30.0046 5488 viaide (e5689d93ffe4e5d66c0178761240dd54) C:\Windows\system32\drivers\viaide.sys

12:57:30.0046 5488 viaide - ok

12:57:30.0248 5488 volmgr (d2aafd421940f640b407aefaaebd91b0) C:\Windows\system32\drivers\volmgr.sys

12:57:30.0248 5488 volmgr - ok

12:57:30.0436 5488 volmgrx (a255814907c89be58b79ef2f189b843b) C:\Windows\system32\drivers\volmgrx.sys

12:57:30.0451 5488 volmgrx - ok

12:57:30.0654 5488 volsnap (0d08d2f3b3ff84e433346669b5e0f639) C:\Windows\system32\drivers\volsnap.sys

12:57:30.0654 5488 volsnap - ok

12:57:30.0857 5488 vsmraid (5e2016ea6ebaca03c04feac5f330d997) C:\Windows\system32\DRIVERS\vsmraid.sys

12:57:30.0857 5488 vsmraid - ok

12:57:31.0044 5488 vwifibus (36d4720b72b5c5d9cb2b9c29e9df67a1) C:\Windows\system32\DRIVERS\vwifibus.sys

12:57:31.0044 5488 vwifibus - ok

12:57:31.0278 5488 vwififlt (6a3d66263414ff0d6fa754c646612f3f) C:\Windows\system32\DRIVERS\vwififlt.sys

12:57:31.0278 5488 vwififlt - ok

12:57:31.0481 5488 WacomPen (4e9440f4f152a7b944cb1663d3935a3e) C:\Windows\system32\DRIVERS\wacompen.sys

12:57:31.0481 5488 WacomPen - ok

12:57:31.0699 5488 WANARP (356afd78a6ed4457169241ac3965230c) C:\Windows\system32\DRIVERS\wanarp.sys

12:57:31.0699 5488 WANARP - ok

12:57:31.0730 5488 Wanarpv6 (356afd78a6ed4457169241ac3965230c) C:\Windows\system32\DRIVERS\wanarp.sys

12:57:31.0730 5488 Wanarpv6 - ok

12:57:31.0933 5488 Wd (72889e16ff12ba0f235467d6091b17dc) C:\Windows\system32\DRIVERS\wd.sys

12:57:31.0933 5488 Wd - ok

12:57:32.0120 5488 Wdf01000 (441bd2d7b4f98134c3a4f9fa570fd250) C:\Windows\system32\drivers\Wdf01000.sys

12:57:32.0136 5488 Wdf01000 - ok

12:57:32.0370 5488 WfpLwf (611b23304bf067451a9fdee01fbdd725) C:\Windows\system32\DRIVERS\wfplwf.sys

12:57:32.0386 5488 WfpLwf - ok

12:57:32.0604 5488 WIMMount (05ecaec3e4529a7153b3136ceb49f0ec) C:\Windows\system32\drivers\wimmount.sys

12:57:32.0604 5488 WIMMount - ok

12:57:32.0838 5488 WinUsb (fe88b288356e7b47b74b13372add906d) C:\Windows\system32\DRIVERS\WinUsb.sys

12:57:32.0838 5488 WinUsb - ok

12:57:33.0056 5488 WmiAcpi (f6ff8944478594d0e414d3f048f0d778) C:\Windows\system32\drivers\wmiacpi.sys

12:57:33.0056 5488 WmiAcpi - ok

12:57:33.0290 5488 ws2ifsl (6bcc1d7d2fd2453957c5479a32364e52) C:\Windows\system32\drivers\ws2ifsl.sys

12:57:33.0290 5488 ws2ifsl - ok

12:57:33.0478 5488 WudfPf (d3381dc54c34d79b22cee0d65ba91b7c) C:\Windows\system32\drivers\WudfPf.sys

12:57:33.0478 5488 WudfPf - ok

12:57:33.0696 5488 WUDFRd (cf8d590be3373029d57af80914190682) C:\Windows\system32\DRIVERS\WUDFRd.sys

12:57:33.0712 5488 WUDFRd - ok

12:57:33.0758 5488 MBR (0x1B8) (a36c5e4f47e84449ff07ed3517b43a31) \Device\Harddisk0\DR0

12:57:33.0790 5488 \Device\Harddisk0\DR0 - ok

12:57:33.0821 5488 MBR (0x1B8) (5fb38429d5d77768867c76dcbdb35194) \Device\Harddisk1\DR1

12:57:33.0821 5488 \Device\Harddisk1\DR1 - ok

12:57:33.0821 5488 Boot (0x1200) (4705d86194895cd06697177361b11b7f) \Device\Harddisk0\DR0\Partition0

12:57:33.0821 5488 \Device\Harddisk0\DR0\Partition0 - ok

12:57:33.0883 5488 Boot (0x1200) (2e5e9cf96fa06cda238f4694e2ba03de) \Device\Harddisk0\DR0\Partition1

12:57:33.0883 5488 \Device\Harddisk0\DR0\Partition1 - ok

12:57:33.0883 5488 Boot (0x1200) (e926cb69c31b4a9904eed0dc1f4787d0) \Device\Harddisk1\DR1\Partition0

12:57:33.0883 5488 \Device\Harddisk1\DR1\Partition0 - ok

12:57:33.0883 5488 ============================================================

12:57:33.0883 5488 Scan finished

12:57:33.0883 5488 ============================================================

12:57:33.0899 5680 Detected object count: 0

12:57:33.0899 5680 Actual detected object count: 0

Share this post


Link to post
Share on other sites

Still doing good, as far as the reports go.

 

How is it going in "real life"? Are you still having redirection problems?

 

Need to do another check...

 

The infection will return if its source is the Master Boot Record (MBR).

It loads the infection as soon as you boot into Windows!

 

To check for this possibility, please download aswMBR:

http://public.avast.com/~gmerek/aswMBR.exe

 

Save it to the Desktop.

 

Windows 7 users: Right-click and select: Run as Administrator

 

Click Scan

 

Upon completion of the scan, click Save log and save it to the Desktop,

Note - Do NOT attempt any fix anything!!.

 

Please post the log produced by aswMBR in your reply.

 

 

Also, you will notice that another file is created on the Desktop.

It is named MBR.dat. (Path on the Desktop = C:\Users\Donn Flem\Desktop\MBR.dat)

 

Please keep the file on the Desktop, and do not do anything with it.

This is important, just in case we need to have access to the MBR information

 

Thanks.

Edited by Aaflac

Share this post


Link to post
Share on other sites

So far, it seems like the redirecting has stopped, and I haven't seen any random windows pop up, but I'm also just using my mobile for internet at this time, so it's not always up and running. I can't thank you enough for helping with this.

 

Here is the log:

 

 

aswMBR version 0.9.8.986 Copyright© 2011 AVAST Software

Run date: 2011-09-26 17:06:16

-----------------------------

17:06:16.315 OS Version: Windows x64 6.1.7601 Service Pack 1

17:06:16.315 Number of processors: 2 586 0x2505

17:06:16.316 ComputerName: SPITFIREP UserName: Donn Flem

17:06:21.675 Initialize success

17:06:41.291 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IAAStorageDevice-1

17:06:41.294 Disk 0 Vendor: WDC_WD32 01.0 Size: 305245MB BusType: 3

17:06:41.326 Disk 0 MBR read successfully

17:06:41.329 Disk 0 MBR scan

17:06:41.331 Disk 0 Windows 7 default MBR code

17:06:41.335 Service scanning

17:06:42.804 Modules scanning

17:06:42.808 Disk 0 trace - called modules:

17:06:42.835 ntoskrnl.exe CLASSPNP.SYS disk.sys iaStor.sys hal.dll

17:06:42.839 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0xfffffa8006f10060]

17:06:42.843 3 CLASSPNP.SYS[fffff88001a6c43f] -> nt!IofCallDriver -> \Device\Ide\IAAStorageDevice-1[0xfffffa8004fa7050]

17:06:42.848 Scan finished successfully

17:06:55.759 Disk 0 MBR has been saved successfully to "C:\Users\Donn Flem\Desktop\MBR.dat"

17:06:55.834 The log file has been saved successfully to "C:\Users\Donn Flem\Desktop\aswMBR.txt"

Edited by theatlasisonfire

Share this post


Link to post
Share on other sites

My apology for the delay.

 

Is it still going OK?

 

Some extra work...

 

Please download TFC to your Desktop.

  • Save any work in progress!! TFC closes open applications and removes unsaved work!.
  • Right-click TFC.exe and select: Run as Administrator
  • If prompted, click "Yes" to reboot.

Last, download Security Check

 

Save it to the Desktop.

Right-click SecurityCheck.exe and select: Run as Administrator

Follow the on-screen instructions (on the black screen)

When done, a Notepad document opens automatically: checkup.txt

 

Please post the contents of checkup.txt in your reply.

Share this post


Link to post
Share on other sites

Hiya!

 

So far so good. Redirecting seems to have stopped... no random pop-ups showing up, and I've been able to go on about work as usual.

 

here is the security check info:

 

 

Results of screen317's Security Check version 0.99.7

Windows 7 (UAC is enabled)

Internet Explorer 8

``````````````````````````````

Antivirus/Firewall Check:

Windows Firewall Enabled!

McAfee Internet Security Suite

WMI entry may not exist for antivirus; attempting automatic update.

```````````````````````````````

Anti-malware/Other Utilities Check:

Malwarebytes' Anti-Malware

Adobe Flash Player

Adobe Reader 9.1 MUI

Out of date Adobe Reader installed!

````````````````````````````````

Process Check:

objlist.exe by Laurent

Symantec Norton Online Backup NOBuAgent.exe

Symantec Norton Online Backup NOBuClient.exe

``````````End of Log````````````

Share this post


Link to post
Share on other sites

If the computer is runnning well, you are good to go.

 

This next step is important, as it will implement important cleanup procedures, reset your System Restore by flushing out previous restore points (which contain the infections), and create a new restore point.

 

Click Start > Run and copy/paste, the following bolded text into the Run box and click OK:

 

ComboFix /uninstall

 

ComboFix will uninstall itself from your computer and remove its backups and quarantined files.

When it has finished you will see a dialog box stating that ComboFix has been uninstalled.

 

You can now delete the ComboFix program icon from your Desktop, if still there.

Also remove any programs we have used, and their related reports or folders.

 

Make sure you also re-enable your security software!

 

 

 

The following tasks are necessary:

 

Please verify the version of Java you have installed:

http://www.java.com/en/download/installed.jsp

 

If your version of Java is outdated, it needs to be updated to eliminate security vulnerabilities.

When done, uninstall older versions:

http://www.java.com/en/download/uninstall.jsp

 

 

Also, there is the following:

Out of date Adobe Reader installed!

 

Please download the latest version from:

http://get.adobe.com/reader/

 

Once installed, launch it, select Help > Check for Updates, and install any updates.

 

Then, uninstall earlier versions of Adobe Reader:

 

Go to Start > Control Panel > Add/Remove Programs, and remove all older versions of Adobe Reader.

 

 

There is also the free Foxit PDF Reader if you prefer:

http://www.foxitsoftware.com/pdf/reader/

 

 

 

 

Consider doing the following to prevent future infections...

 

Malware is normally installed through vulnerabilities found in out-dated and insecure programs on a computer.

You can use the Secunia Personal Software Inspector to scan for vulnerable programs:

http://secunia.com/vulnerability_scanning/personal/

 

A tutorial on how to use the program is found here:

http://www.bleepingcomputer.com/tutorials/detect-vulnerable-programs-with-secunia-psi/

 

 

Surf safely, theatlasisonfire!!

Share this post


Link to post
Share on other sites

Hey Aaflac -

Finished all of the above (or I believe I did), but McAfee shows a PUP Tool-NirCmd - is this part of Secunia, or did I miss removing one of the programs we installed? I haven't done any other work today aside from the steps mentioned above, and the steps requested through Secunia.

 

Please let me know.

 

Thanks,

Josh

Share this post


Link to post
Share on other sites

Scratch that... kind of. I see from another user's post on another forum that it's a file added by ComboFix, so I'm not so worried about it.

 

Only question I have now is:

Did I do something wrong uninstalling that left that file on the laptop, or is it perfectly normal and okay for it to be on here?

 

Sorry to pick up and bug you one more time. Hopefully this is the last of my annoyances for you!

 

:)

Share this post


Link to post
Share on other sites

No to worry... :)

 

NirCmd is a legit program used by ComboFix.

It is a small command-line utility that allows some useful tasks to be accomplished without displaying any user interface.

 

Did you uninstall ComboFix?

 

You can delete the nircmd.exe file (if it still exists) if you want to avoid this message.

Share this post


Link to post
Share on other sites
Sign in to follow this  

×