Jump to content

CTREESE

Members
  • Posts

    4
  • Joined

  • Last visited

Reputation

0 Neutral
  1. still being redirected, but now to marketingsearch.me
  2. It appears only to be happening in my firefox browser. I appreciate all your help!!! ComboFix log: ComboFix 12-05-24.02 - Clay 05/24/2012 16:47:19.2.2 - x86 Microsoft Windows 7 Home Premium 6.1.7601.1.1252.1.1033.18.3070.1857 [GMT -7:00] Running from: c:\users\Clay\Desktop\ComboFix.exe Command switches used :: c:\users\Clay\Desktop\CFScript.txt AV: McAfee® Security-as-a-Service *Disabled/Updated* {86355677-4064-3EA7-ABB3-1B136EB04637} FW: McAfee® Security-as-a-Service *Disabled* {BE0ED752-0A0B-3FFF-80EC-B2269063014C} SP: McAfee® Security-as-a-Service *Disabled/Updated* {3D54B793-665E-3129-9103-206115370C8A} SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46} . FILE :: "c:\windows\System32\Drivers\07206228.sys" "c:\windows\System32\Drivers\96380052.sys" . . ((((((((((((((((((((((((((((((((((((((( Other Deletions ))))))))))))))))))))))))))))))))))))))))))))))))) . . C:\bfc6bc274857426c40a36783f22fc120 c:\bfc6bc274857426c40a36783f22fc120\$shtdwn$.req c:\bfc6bc274857426c40a36783f22fc120\1025\eula.rtf c:\bfc6bc274857426c40a36783f22fc120\1025\LocalizedData.xml c:\bfc6bc274857426c40a36783f22fc120\1025\SetupResources.dll c:\bfc6bc274857426c40a36783f22fc120\1028\eula.rtf c:\bfc6bc274857426c40a36783f22fc120\1028\LocalizedData.xml c:\bfc6bc274857426c40a36783f22fc120\1028\SetupResources.dll c:\bfc6bc274857426c40a36783f22fc120\1029\eula.rtf c:\bfc6bc274857426c40a36783f22fc120\1029\LocalizedData.xml c:\bfc6bc274857426c40a36783f22fc120\1029\SetupResources.dll c:\bfc6bc274857426c40a36783f22fc120\1030\eula.rtf c:\bfc6bc274857426c40a36783f22fc120\1030\LocalizedData.xml c:\bfc6bc274857426c40a36783f22fc120\1030\SetupResources.dll c:\bfc6bc274857426c40a36783f22fc120\1031\eula.rtf c:\bfc6bc274857426c40a36783f22fc120\1031\LocalizedData.xml c:\bfc6bc274857426c40a36783f22fc120\1031\SetupResources.dll c:\bfc6bc274857426c40a36783f22fc120\1032\eula.rtf c:\bfc6bc274857426c40a36783f22fc120\1032\LocalizedData.xml c:\bfc6bc274857426c40a36783f22fc120\1032\SetupResources.dll c:\bfc6bc274857426c40a36783f22fc120\1033\eula.rtf c:\bfc6bc274857426c40a36783f22fc120\1033\LocalizedData.xml c:\bfc6bc274857426c40a36783f22fc120\1033\SetupResources.dll c:\bfc6bc274857426c40a36783f22fc120\1035\eula.rtf c:\bfc6bc274857426c40a36783f22fc120\1035\LocalizedData.xml c:\bfc6bc274857426c40a36783f22fc120\1035\SetupResources.dll c:\bfc6bc274857426c40a36783f22fc120\1036\eula.rtf c:\bfc6bc274857426c40a36783f22fc120\1036\LocalizedData.xml c:\bfc6bc274857426c40a36783f22fc120\1036\SetupResources.dll c:\bfc6bc274857426c40a36783f22fc120\1037\eula.rtf c:\bfc6bc274857426c40a36783f22fc120\1037\LocalizedData.xml c:\bfc6bc274857426c40a36783f22fc120\1037\SetupResources.dll c:\bfc6bc274857426c40a36783f22fc120\1038\eula.rtf c:\bfc6bc274857426c40a36783f22fc120\1038\LocalizedData.xml c:\bfc6bc274857426c40a36783f22fc120\1038\SetupResources.dll c:\bfc6bc274857426c40a36783f22fc120\1040\eula.rtf c:\bfc6bc274857426c40a36783f22fc120\1040\LocalizedData.xml c:\bfc6bc274857426c40a36783f22fc120\1040\SetupResources.dll c:\bfc6bc274857426c40a36783f22fc120\1041\eula.rtf c:\bfc6bc274857426c40a36783f22fc120\1041\LocalizedData.xml c:\bfc6bc274857426c40a36783f22fc120\1041\SetupResources.dll c:\bfc6bc274857426c40a36783f22fc120\1042\eula.rtf c:\bfc6bc274857426c40a36783f22fc120\1042\LocalizedData.xml c:\bfc6bc274857426c40a36783f22fc120\1042\SetupResources.dll c:\bfc6bc274857426c40a36783f22fc120\1043\eula.rtf c:\bfc6bc274857426c40a36783f22fc120\1043\LocalizedData.xml c:\bfc6bc274857426c40a36783f22fc120\1043\SetupResources.dll c:\bfc6bc274857426c40a36783f22fc120\1044\eula.rtf c:\bfc6bc274857426c40a36783f22fc120\1044\LocalizedData.xml c:\bfc6bc274857426c40a36783f22fc120\1044\SetupResources.dll c:\bfc6bc274857426c40a36783f22fc120\1045\eula.rtf c:\bfc6bc274857426c40a36783f22fc120\1045\LocalizedData.xml c:\bfc6bc274857426c40a36783f22fc120\1045\SetupResources.dll c:\bfc6bc274857426c40a36783f22fc120\1046\eula.rtf c:\bfc6bc274857426c40a36783f22fc120\1046\LocalizedData.xml c:\bfc6bc274857426c40a36783f22fc120\1046\SetupResources.dll c:\bfc6bc274857426c40a36783f22fc120\1049\eula.rtf c:\bfc6bc274857426c40a36783f22fc120\1049\LocalizedData.xml c:\bfc6bc274857426c40a36783f22fc120\1049\SetupResources.dll c:\bfc6bc274857426c40a36783f22fc120\1053\eula.rtf c:\bfc6bc274857426c40a36783f22fc120\1053\LocalizedData.xml c:\bfc6bc274857426c40a36783f22fc120\1053\SetupResources.dll c:\bfc6bc274857426c40a36783f22fc120\1055\eula.rtf c:\bfc6bc274857426c40a36783f22fc120\1055\LocalizedData.xml c:\bfc6bc274857426c40a36783f22fc120\1055\SetupResources.dll c:\bfc6bc274857426c40a36783f22fc120\2052\eula.rtf c:\bfc6bc274857426c40a36783f22fc120\2052\LocalizedData.xml c:\bfc6bc274857426c40a36783f22fc120\2052\SetupResources.dll c:\bfc6bc274857426c40a36783f22fc120\2070\eula.rtf c:\bfc6bc274857426c40a36783f22fc120\2070\LocalizedData.xml c:\bfc6bc274857426c40a36783f22fc120\2070\SetupResources.dll c:\bfc6bc274857426c40a36783f22fc120\3076\eula.rtf c:\bfc6bc274857426c40a36783f22fc120\3076\LocalizedData.xml c:\bfc6bc274857426c40a36783f22fc120\3076\SetupResources.dll c:\bfc6bc274857426c40a36783f22fc120\3082\eula.rtf c:\bfc6bc274857426c40a36783f22fc120\3082\LocalizedData.xml c:\bfc6bc274857426c40a36783f22fc120\3082\SetupResources.dll c:\bfc6bc274857426c40a36783f22fc120\DHtmlHeader.html c:\bfc6bc274857426c40a36783f22fc120\Graphics\Print.ico c:\bfc6bc274857426c40a36783f22fc120\Graphics\Rotate1.ico c:\bfc6bc274857426c40a36783f22fc120\Graphics\Rotate2.ico c:\bfc6bc274857426c40a36783f22fc120\Graphics\Rotate3.ico c:\bfc6bc274857426c40a36783f22fc120\Graphics\Rotate4.ico c:\bfc6bc274857426c40a36783f22fc120\Graphics\Rotate5.ico c:\bfc6bc274857426c40a36783f22fc120\Graphics\Rotate6.ico c:\bfc6bc274857426c40a36783f22fc120\Graphics\Rotate7.ico c:\bfc6bc274857426c40a36783f22fc120\Graphics\Rotate8.ico c:\bfc6bc274857426c40a36783f22fc120\Graphics\Save.ico c:\bfc6bc274857426c40a36783f22fc120\Graphics\Setup.ico c:\bfc6bc274857426c40a36783f22fc120\Graphics\stop.ico c:\bfc6bc274857426c40a36783f22fc120\Graphics\SysReqMet.ico c:\bfc6bc274857426c40a36783f22fc120\Graphics\SysReqNotMet.ico c:\bfc6bc274857426c40a36783f22fc120\Graphics\warn.ico c:\bfc6bc274857426c40a36783f22fc120\header.bmp c:\bfc6bc274857426c40a36783f22fc120\NDP40-KB2604121.msp c:\bfc6bc274857426c40a36783f22fc120\ParameterInfo.xml c:\bfc6bc274857426c40a36783f22fc120\Setup.exe c:\bfc6bc274857426c40a36783f22fc120\SetupEngine.dll c:\bfc6bc274857426c40a36783f22fc120\SetupUi.dll c:\bfc6bc274857426c40a36783f22fc120\SetupUi.xsd c:\bfc6bc274857426c40a36783f22fc120\SetupUtility.exe c:\bfc6bc274857426c40a36783f22fc120\SplashScreen.bmp c:\bfc6bc274857426c40a36783f22fc120\sqmapi.dll c:\bfc6bc274857426c40a36783f22fc120\Strings.xml c:\bfc6bc274857426c40a36783f22fc120\UiInfo.xml c:\bfc6bc274857426c40a36783f22fc120\watermark.bmp . . ((((((((((((((((((((((((((((((((((((((( Drivers/Services ))))))))))))))))))))))))))))))))))))))))))))))))) . . -------\Legacy_07206228 -------\Legacy_96380052 . . ((((((((((((((((((((((((( Files Created from 2012-04-24 to 2012-05-24 ))))))))))))))))))))))))))))))) . . 2012-05-24 23:52 . 2012-05-24 23:52 -------- d-----w- c:\users\Default\AppData\Local\temp 2012-05-24 23:20 . 2012-05-24 23:20 476960 ----a-w- c:\windows\system32\npdeployJava1.dll 2012-05-24 18:10 . 2012-05-24 18:10 -------- d-----w- c:\windows\Sun 2012-05-23 22:48 . 2012-05-23 22:48 -------- d-----w- c:\users\Clay\AppData\Roaming\Malwarebytes 2012-05-23 22:48 . 2012-05-23 22:48 -------- d-----w- c:\programdata\Malwarebytes 2012-05-23 22:48 . 2012-05-23 22:48 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware 2012-05-23 22:48 . 2012-04-04 22:56 22344 ----a-w- c:\windows\system32\drivers\mbam.sys 2012-05-09 03:01 . 2012-03-17 07:27 56176 ----a-w- c:\windows\system32\drivers\partmgr.sys 2012-05-09 03:01 . 2012-03-03 05:31 1077248 ----a-w- c:\windows\system32\DWrite.dll 2012-04-27 22:43 . 2009-04-16 21:08 312832 ----a-w- c:\windows\system32\Spool\prtprocs\w32x86\hpfpp70v.dll 2012-04-27 22:40 . 2012-04-27 22:40 -------- d-----w- c:\program files\Common Files\HP 2012-04-27 22:40 . 2012-04-27 22:40 -------- d-----w- c:\program files\Common Files\Hewlett-Packard 2012-04-27 22:39 . 2009-04-16 21:08 123904 ----a-w- c:\windows\system32\hpf3l70v.dll 2012-04-27 22:34 . 2012-04-27 22:39 -------- d-----w- c:\program files\HP 2012-04-27 22:34 . 2012-04-27 22:34 -------- d-----w- c:\programdata\HP 2012-04-27 22:34 . 2009-04-16 11:53 452408 ----a-w- c:\windows\system32\hpzids01.dll 2012-04-27 22:34 . 2009-02-11 11:03 966656 ----a-w- c:\windows\system32\hpost_p02c.dll 2012-04-27 22:34 . 2009-02-11 11:03 712704 ----a-w- c:\windows\system32\hposwia_p02c.dll 2012-04-27 22:34 . 2009-02-11 11:03 315392 ----a-w- c:\windows\system32\hposc_p02a.dll 2012-04-27 22:34 . 2008-10-29 00:27 372736 ----a-w- c:\windows\system32\hppldcoi.dll 2012-04-26 18:20 . 2012-04-26 18:20 -------- d-----w- c:\program files\Mozilla Maintenance Service 2012-04-26 18:20 . 2012-04-26 18:20 157352 ----a-w- c:\program files\Mozilla Firefox\maintenanceservice_installer.exe 2012-04-26 18:20 . 2012-04-26 18:20 129976 ----a-w- c:\program files\Mozilla Firefox\maintenanceservice.exe . . . (((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2012-05-24 23:20 . 2011-09-22 21:39 472864 ----a-w- c:\windows\system32\deployJava1.dll 2012-05-23 22:17 . 2011-09-23 21:53 848 --sha-w- c:\programdata\KGyGaAvL.sys 2012-05-23 22:16 . 2011-09-22 23:55 0 ----a-w- c:\users\Clay\AppData\Local\WavXMapDrive.bat 2012-05-21 17:44 . 2012-04-12 20:17 419488 ----a-w- c:\windows\system32\FlashPlayerApp.exe 2012-05-21 17:44 . 2011-09-22 21:39 70304 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl 2012-03-06 05:59 . 2012-04-12 16:58 3968368 ----a-w- c:\windows\system32\ntkrnlpa.exe 2012-03-06 05:59 . 2012-04-12 16:58 3913072 ----a-w- c:\windows\system32\ntoskrnl.exe 2012-03-01 05:46 . 2012-04-12 17:00 19824 ----a-w- c:\windows\system32\drivers\fs_rec.sys 2012-03-01 05:37 . 2012-04-12 17:00 172544 ----a-w- c:\windows\system32\wintrust.dll 2012-03-01 05:33 . 2012-04-12 17:00 159232 ----a-w- c:\windows\system32\imagehlp.dll 2012-03-01 05:29 . 2012-04-12 17:00 5120 ----a-w- c:\windows\system32\wmi.dll 2012-02-28 01:18 . 2012-04-12 17:06 1799168 ----a-w- c:\windows\system32\jscript9.dll 2012-02-28 01:11 . 2012-04-12 17:06 1427456 ----a-w- c:\windows\system32\inetcpl.cpl 2012-02-28 01:11 . 2012-04-12 17:06 1127424 ----a-w- c:\windows\system32\wininet.dll 2012-02-28 01:03 . 2012-04-12 17:06 2382848 ----a-w- c:\windows\system32\mshtml.tlb 2012-04-26 18:20 . 2011-09-23 17:33 97208 ----a-w- c:\program files\mozilla firefox\components\browsercomps.dll . . ((((((((((((((((((((((((((((((((((((( Reg Loading Points )))))))))))))))))))))))))))))))))))))))))))))))))) . . *Note* empty entries & legit default entries are not shown REGEDIT4 . [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt1] @="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}" [HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}] 2011-12-05 19:17 94208 ----a-w- c:\users\Clay\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll . [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt2] @="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}" [HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}] 2011-12-05 19:17 94208 ----a-w- c:\users\Clay\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll . [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt3] @="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}" [HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}] 2011-12-05 19:17 94208 ----a-w- c:\users\Clay\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll . [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\EnabledUnlockedFDEIconOverlay] @="{30D3C2AF-9709-4D05-9CF4-13335F3C1E4A}" [HKEY_CLASSES_ROOT\CLSID\{30D3C2AF-9709-4D05-9CF4-13335F3C1E4A}] 2010-03-29 17:45 62832 ----a-w- c:\program files\Wave Systems Corp\Trusted Drive Manager\TdmIconOverlay.dll . [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\UninitializedFdeIconOverlay] @="{CF08DA3E-C97D-4891-A66B-E39B28DD270F}" [HKEY_CLASSES_ROOT\CLSID\{CF08DA3E-C97D-4891-A66B-E39B28DD270F}] 2010-03-29 17:45 62832 ----a-w- c:\program files\Wave Systems Corp\Trusted Drive Manager\TdmIconOverlay.dll . [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "RtHDVCpl"="c:\program files\Realtek\Audio\HDA\RtDCpl.exe" [2009-08-26 2691072] "StartCCC"="c:\program files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2009-11-18 98304] "WavXMgr"="c:\program files\Wave Systems Corp\Services Manager\Docmgr\bin\WavXDocMgr.exe" [2010-07-21 147840] "USCService"="c:\program files\Dell\Dell ControlPoint\Security Manager\BcmDeviceAndTaskStatusService.exe" [2010-06-22 34232] "MVS Splash"="c:\program files\McAfee\Managed VirusScan\DesktopUI\XTray.exe" [2011-08-25 476480] "Adobe Acrobat Speed Launcher"="c:\program files\Adobe\Acrobat 9.0\Acrobat\Acrobat_sl.exe" [2012-01-04 40376] "Acrobat Assistant 8.0"="c:\program files\Adobe\Acrobat 9.0\Acrobat\Acrotray.exe" [2012-01-03 640440] "DBRMTray"="c:\dell\DBRM\Reminder\DbrmTrayIcon.exe" [2011-03-08 227328] "Act.Outlook.Service"="c:\program files\ACT\Act for Windows\Act.Outlook.Service.exe" [2010-08-19 28672] "Act! Preloader"="c:\program files\ACT\Act for Windows\ActSage.exe" [2010-08-19 337224] "Intuit SyncManager"="c:\program files\Common Files\Intuit\Sync\IntuitSyncManager.exe" [2011-09-30 2215768] "Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2012-01-03 843712] "PC Meter Connect"="c:\program files\Pitney Bowes\PC Meter Connect\mailstationAssistant.exe" [2010-10-20 3514368] "HostManager"="c:\program files\Common Files\AOL\1326483668\ee\AOLSoftware.exe" [2010-03-08 41800] "Malwarebytes' Anti-Malware"="c:\program files\Malwarebytes' Anti-Malware\mbamgui.exe" [2012-04-04 462408] "SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2012-01-18 254696] . c:\users\Clay\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\ Dropbox.lnk - c:\users\Clay\AppData\Roaming\Dropbox\bin\Dropbox.exe [2012-2-14 24246216] . c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\ Intuit Data Protect.lnk - c:\program files\Common Files\Intuit\DataProtect\IntuitDataProtect.exe [2012-3-9 5969752] QuickBooks Update Agent.lnk - c:\program files\Common Files\Intuit\QuickBooks\QBUpdate\qbupdate.exe [2012-4-9 1156968] QuickBooks_Standard_21.lnk - c:\program files\Intuit\QuickBooks 2011\QBW32.EXE [2012-4-9 1178984] Sage ACT! Outlook Sync.lnk - c:\program files\ACT\Act for Windows\Act.Outlook.Sync.exe [2010-8-18 91136] TdmNotify.lnk - c:\program files\Wave Systems Corp\Trusted Drive Manager\TdmNotify.exe [2010-3-29 132456] Vista Fax Daemon.lnk - c:\program files\Common Files\ImageMAKER\Vstdaemon.exe [2011-9-26 90880] WDDMStatus.lnk - c:\program files\Western Digital\WD SmartWare\WD Drive Manager\WDDMStatus.exe [2010-1-21 2057536] WDSmartWare.lnk - c:\program files\Western Digital\WD SmartWare\Front Parlor\WDSmartWare.exe [2010-1-21 9136960] . [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system] "ConsentPromptBehaviorAdmin"= 5 (0x5) "ConsentPromptBehaviorUser"= 3 (0x3) "EnableUIADesktopToggle"= 0 (0x0) . [HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa] Security Packages REG_MULTI_SZ kerberos msv1_0 schannel wdigest tspkg pku2u livessp Authentication Packages REG_MULTI_SZ msv1_0 wvauth . [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\McAfeeAntiSpyware] "DisableMonitoring"=dword:00000001 . [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\McAfeeAntiVirus] "DisableMonitoring"=dword:00000001 . R2 ACT! Scheduler;ACT! Scheduler;c:\program files\ACT\Act for Windows\Act.Scheduler.exe [2010-08-19 81920] R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384] R3 DM150Drv;DM150Drv;c:\windows\system32\DRIVERS\DM150Drv.sys [2010-07-30 20600] R3 MFE_RR;MFE_RR;c:\users\Clay\AppData\Local\Temp\mfe_rr.sys [x] R3 mferkdet;McAfee Inc. mferkdet;c:\windows\system32\drivers\mferkdet.sys [2011-07-19 87808] R3 MozillaMaintenance;Mozilla Maintenance Service;c:\program files\Mozilla Maintenance Service\maintenanceservice.exe [2012-04-26 129976] R3 osppsvc;Office Software Protection Platform;c:\program files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE [2010-01-10 4640000] R3 Samsung UPD Service;Samsung UPD Service;c:\windows\System32\SUPDSvc.exe [2010-08-09 131888] R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [2010-11-20 52224] R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe [2011-09-23 1343400] R3 WDC_SAM;WD SCSI Pass Thru driver;c:\windows\system32\DRIVERS\wdcsam.sys [2008-05-06 11520] R4 MSSQLServerADHelper100;SQL Active Directory Helper Service;c:\program files\Microsoft SQL Server\100\Shared\SQLADHLP.EXE [2010-05-06 44896] R4 RsFx0151;RsFx0151 Driver;c:\windows\system32\DRIVERS\RsFx0151.sys [2011-06-18 240736] R4 SQLAgent$ACT7;SQL Server Agent (ACT7);c:\program files\Microsoft SQL Server\MSSQL10_50.ACT7\MSSQL\Binn\SQLAGENT.EXE [2011-06-18 370016] S0 mfewfpk;McAfee Inc. mfewfpk;c:\windows\system32\drivers\mfewfpk.sys [2011-07-19 164776] S1 mfenlfk;McAfee NDIS Light Filter;c:\windows\system32\DRIVERS\mfenlfk.sys [2011-07-19 64712] S2 AMD External Events Utility;AMD External Events Utility;c:\windows\system32\atiesrxx.exe [2009-12-09 172032] S2 BrcmMgmtAgent;Broadcom Management Agent;c:\program files\Broadcom\MgmtAgent\BrcmMgmtAgent.exe [2010-06-29 127488] S2 MBAMService;MBAMService;c:\program files\Malwarebytes' Anti-Malware\mbamservice.exe [2012-04-04 654408] S2 McAfee SiteAdvisor Enterprise Service;McAfee SiteAdvisor Enterprise Service;c:\program files\McAfee\SiteAdvisor Enterprise\McSACore.exe [2011-05-12 324928] S2 mfefire;McAfee Firewall Core Service;c:\program files\Common Files\McAfee\SystemCore\\mfefire.exe [2011-08-03 160344] S2 mfevtp;McAfee Validation Trust Protection Service;c:\windows\system32\mfevtps.exe [2011-07-19 148520] S2 MSSQL$ACT7;SQL Server (ACT7);c:\program files\Microsoft SQL Server\MSSQL10_50.ACT7\MSSQL\Binn\sqlservr.exe [2011-06-18 43040096] S2 myAgtSvc;McAfee Virus and Spyware Protection Service;c:\program files\McAfee\Managed VirusScan\Agent\myAgtSvc.exe [2011-08-25 291064] S2 QBVSS;QBIDPService;c:\program files\Common Files\Intuit\DataProtect\QBIDPService.exe [2011-06-30 1248256] S2 RumorServer;McAfee Peer Distribution Service;c:\program files\McAfee\Managed VirusScan\Agent\myAgtSvc.exe [2011-08-25 291064] S2 WDDMService;WD SmartWare Drive Manager;c:\program files\Western Digital\WD SmartWare\WD Drive Manager\WDDMService.exe [2010-01-21 110592] S2 WDSmartWareBackgroundService;WD SmartWare Background Service;c:\program files\Western Digital\WD SmartWare\Front Parlor\WDSmartWareBackgroundService.exe [2009-06-16 20480] S3 k57nd60x;Broadcom NetLink Gigabit Ethernet - NDIS 6.0;c:\windows\system32\DRIVERS\k57nd60x.sys [2010-12-02 349224] S3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [2012-04-04 22344] S3 mfefirek;McAfee Inc. mfefirek;c:\windows\system32\drivers\mfefirek.sys [2011-07-19 338040] S3 WSDPrintDevice;WSD Print Support via UMB;c:\windows\system32\DRIVERS\WSDPrint.sys [2009-07-14 17920] . . --- Other Services/Drivers In Memory --- . *NewlyCreated* - WS2IFSL *Deregistered* - mfeavfk01 . [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost] HPZ12 REG_MULTI_SZ Pml Driver HPZ12 Net Driver HPZ12 HPService REG_MULTI_SZ HPSLPSVC . . ------- Supplementary Scan ------- . uStart Page = hxxp://www.cnn.com/ uInternet Settings,ProxyServer = 178.48.2.237:8080 IE: Append to existing PDF - c:\program files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppend.html IE: Convert link target to Adobe PDF - c:\program files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIECaptureSelLinks.html IE: Convert link target to existing PDF - c:\program files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppendSelLinks.html IE: Convert to Adobe PDF - c:\program files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIECapture.html IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~3\Office14\EXCEL.EXE/3000 IE: Se&nd to OneNote - c:\progra~1\MICROS~3\Office14\ONBttnIE.dll/105 Trusted Zone: wiznet.com\wiznet Trusted Zone: //about.htm/ Trusted Zone: //Exclude.htm/ Trusted Zone: //LanguageSelection.htm/ Trusted Zone: //Message.htm/ Trusted Zone: //MyAgttryCmd.htm/ Trusted Zone: //MyAgttryNag.htm/ Trusted Zone: //MyNotification.htm/ Trusted Zone: //NOCLessUpdate.htm/ Trusted Zone: //quarantine.htm/ Trusted Zone: //ScanNow.htm/ Trusted Zone: //strings.vbs/ Trusted Zone: //Template.htm/ Trusted Zone: //Update.htm/ Trusted Zone: //VirFound.htm/ Trusted Zone: mcafee.com\* Trusted Zone: mcafeeasap.com\betavscan Trusted Zone: mcafeeasap.com\vs Trusted Zone: mcafeeasap.com\www TCP: DhcpNameServer = 192.168.2.1 DPF: RemotePrintControlCab - hxxps://payrollapp2.com/@57128e25-bfc9-4da2-9796-f1b16cc899b9/checkprintingassistant/RemotePrintControlCabIE.CAB DPF: {16F67783-7E72-4C39-99C4-4780A8335484} - hxxp://www.syncmyride.com/Own/Modules/UpdateCenter/applets/sync.cab FF - ProfilePath - c:\users\Clay\AppData\Roaming\Mozilla\Firefox\Profiles\xhbljdsq.default\ . . --------------------- LOCKED REGISTRY KEYS --------------------- . [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security] @Denied: (Full) (Everyone) . --------------------- DLLs Loaded Under Running Processes --------------------- . - - - - - - - > 'lsass.exe'(628) c:\windows\system32\wvauth.DLL . - - - - - - - > 'Explorer.exe'(4272) c:\users\Clay\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll c:\program files\Wave Systems Corp\Trusted Drive Manager\TdmIconOverlay.dll . ------------------------ Other Running Processes ------------------------ . c:\windows\system32\atieclxx.exe c:\program files\Wave Systems Corp\Trusted Drive Manager\TdmService.exe c:\windows\system32\taskhost.exe c:\program files\Visioneer\OneTouch 4.0\OtService.exe c:\program files\Common Files\Protexis\License Service\PsiService_2.exe c:\program files\Common Files\Intuit\QuickBooks\QBCFMonitorService.exe c:\program files\Visioneer\OneTouch 4.0\OtMonEx.exe c:\program files\Microsoft SQL Server\90\Shared\sqlbrowser.exe c:\program files\Microsoft SQL Server\90\Shared\sqlwriter.exe c:\program files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE c:\program files\Common Files\McAfee\SystemCore\mcshield.exe c:\program files\Common Files\McAfee\SystemCore\mfefire.exe c:\program files\Common Files\McAfee\SystemCore\mfeann.exe c:\windows\system32\conhost.exe c:\program files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe c:\windows\system32\wbem\unsecapp.exe c:\windows\system32\conhost.exe c:\program files\Windows Media Player\wmpnetwk.exe . ************************************************************************** . Completion time: 2012-05-24 17:02:45 - machine was rebooted ComboFix-quarantined-files.txt 2012-05-25 00:02 ComboFix2.txt 2012-05-24 18:05 . Pre-Run: 180,438,634,496 bytes free Post-Run: 180,005,584,896 bytes free . - - End Of File - - 5106096DF78D07C270E9404D70341201
  3. I have attached the logs. I am still being re-directed. However, I noticed that it goes to gamersunite then to the redirected page... TDSSKiller logfile: 10:20:19.0168 5536 TDSS rootkit removing tool 2.7.37.0 May 23 2012 08:15:30 10:20:19.0716 5536 ============================================================ 10:20:19.0716 5536 Current date / time: 2012/05/24 10:20:19.0716 10:20:19.0716 5536 SystemInfo: 10:20:19.0716 5536 10:20:19.0717 5536 OS Version: 6.1.7601 ServicePack: 1.0 10:20:19.0717 5536 Product type: Workstation 10:20:19.0717 5536 ComputerName: CLAY-PC 10:20:19.0717 5536 UserName: Clay 10:20:19.0717 5536 Windows directory: C:\Windows 10:20:19.0717 5536 System windows directory: C:\Windows 10:20:19.0717 5536 Processor architecture: Intel x86 10:20:19.0717 5536 Number of processors: 2 10:20:19.0717 5536 Page size: 0x1000 10:20:19.0717 5536 Boot type: Normal boot 10:20:19.0717 5536 ============================================================ 10:20:20.0802 5536 Drive \Device\Harddisk0\DR0 - Size: 0xE8E0DB6000 (931.51 Gb), SectorSize: 0x200, Cylinders: 0x1DB01, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000050 10:20:20.0806 5536 ============================================================ 10:20:20.0806 5536 \Device\Harddisk0\DR0: 10:20:20.0806 5536 MBR partitions: 10:20:20.0806 5536 \Device\Harddisk0\DR0\Partition0: MBR, Type 0x7, StartLBA 0x37000, BlocksNum 0x187F000 10:20:20.0806 5536 \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x18B6000, BlocksNum 0x1B8F2800 10:20:20.0806 5536 ============================================================ 10:20:20.0832 5536 C: <-> \Device\Harddisk0\DR0\Partition1 10:20:20.0832 5536 ============================================================ 10:20:20.0832 5536 Initialize success 10:20:20.0832 5536 ============================================================ 10:20:35.0990 3524 ============================================================ 10:20:35.0990 3524 Scan started 10:20:35.0991 3524 Mode: Manual; 10:20:35.0991 3524 ============================================================ 10:20:36.0710 3524 1394ohci (1b133875b8aa8ac48969bd3458afe9f5) C:\Windows\system32\drivers\1394ohci.sys 10:20:36.0713 3524 1394ohci - ok 10:20:36.0748 3524 ACPI (cea80c80bed809aa0da6febc04733349) C:\Windows\system32\drivers\ACPI.sys 10:20:36.0752 3524 ACPI - ok 10:20:36.0780 3524 AcpiPmi (1efbc664abff416d1d07db115dcb264f) C:\Windows\system32\drivers\acpipmi.sys 10:20:36.0781 3524 AcpiPmi - ok 10:20:36.0854 3524 ACT! Scheduler (630d2c9d36dad22829c95c55d36ba5cc) C:\Program Files\ACT\Act for Windows\Act.Scheduler.exe 10:20:36.0856 3524 ACT! Scheduler - ok 10:20:36.0902 3524 adp94xx (21e785ebd7dc90a06391141aac7892fb) C:\Windows\system32\DRIVERS\adp94xx.sys 10:20:36.0922 3524 adp94xx - ok 10:20:36.0937 3524 adpahci (0c676bc278d5b59ff5abd57bbe9123f2) C:\Windows\system32\DRIVERS\adpahci.sys 10:20:36.0941 3524 adpahci - ok 10:20:36.0950 3524 adpu320 (7c7b5ee4b7b822ec85321fe23a27db33) C:\Windows\system32\DRIVERS\adpu320.sys 10:20:36.0953 3524 adpu320 - ok 10:20:36.0974 3524 AeLookupSvc (8b5eefeec1e6d1a72a06c526628ad161) C:\Windows\System32\aelupsvc.dll 10:20:36.0975 3524 AeLookupSvc - ok 10:20:37.0033 3524 AFD (9ebbba55060f786f0fcaa3893bfa2806) C:\Windows\system32\drivers\afd.sys 10:20:37.0037 3524 AFD - ok 10:20:37.0069 3524 agp440 (507812c3054c21cef746b6ee3d04dd6e) C:\Windows\system32\drivers\agp440.sys 10:20:37.0070 3524 agp440 - ok 10:20:37.0090 3524 aic78xx (8b30250d573a8f6b4bd23195160d8707) C:\Windows\system32\DRIVERS\djsvs.sys 10:20:37.0091 3524 aic78xx - ok 10:20:37.0122 3524 ALG (18a54e132947cd98fea9accc57f98f13) C:\Windows\System32\alg.exe 10:20:37.0124 3524 ALG - ok 10:20:37.0141 3524 aliide (0d40bcf52ea90fc7df2aeab6503dea44) C:\Windows\system32\drivers\aliide.sys 10:20:37.0142 3524 aliide - ok 10:20:37.0192 3524 AMD External Events Utility (b370e3f0bdd30a3a5082263461fd90aa) C:\Windows\system32\atiesrxx.exe 10:20:37.0195 3524 AMD External Events Utility - ok 10:20:37.0217 3524 amdagp (3c6600a0696e90a463771c7422e23ab5) C:\Windows\system32\drivers\amdagp.sys 10:20:37.0219 3524 amdagp - ok 10:20:37.0231 3524 amdide (cd5914170297126b6266860198d1d4f0) C:\Windows\system32\drivers\amdide.sys 10:20:37.0232 3524 amdide - ok 10:20:37.0245 3524 AmdK8 (00dda200d71bac534bf56a9db5dfd666) C:\Windows\system32\DRIVERS\amdk8.sys 10:20:37.0247 3524 AmdK8 - ok 10:20:37.0262 3524 AmdPPM (3cbf30f5370fda40dd3e87df38ea53b6) C:\Windows\system32\DRIVERS\amdppm.sys 10:20:37.0263 3524 AmdPPM - ok 10:20:37.0277 3524 amdsata (d320bf87125326f996d4904fe24300fc) C:\Windows\system32\drivers\amdsata.sys 10:20:37.0279 3524 amdsata - ok 10:20:37.0302 3524 amdsbs (ea43af0c423ff267355f74e7a53bdaba) C:\Windows\system32\DRIVERS\amdsbs.sys 10:20:37.0304 3524 amdsbs - ok 10:20:37.0318 3524 amdxata (46387fb17b086d16dea267d5be23a2f2) C:\Windows\system32\drivers\amdxata.sys 10:20:37.0319 3524 amdxata - ok 10:20:37.0471 3524 AOL ACS (85180cf88c5ebad73b452a43a004ca51) C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe 10:20:37.0527 3524 AOL ACS - ok 10:20:37.0614 3524 AppID (aea177f783e20150ace5383ee368da19) C:\Windows\system32\drivers\appid.sys 10:20:37.0616 3524 AppID - ok 10:20:37.0635 3524 AppIDSvc (62a9c86cb6085e20db4823e4e97826f5) C:\Windows\System32\appidsvc.dll 10:20:37.0636 3524 AppIDSvc - ok 10:20:37.0662 3524 Appinfo (fb1959012294d6ad43e5304df65e3c26) C:\Windows\System32\appinfo.dll 10:20:37.0663 3524 Appinfo - ok 10:20:37.0671 3524 arc (2932004f49677bd84dbc72edb754ffb3) C:\Windows\system32\DRIVERS\arc.sys 10:20:37.0673 3524 arc - ok 10:20:37.0680 3524 arcsas (5d6f36c46fd283ae1b57bd2e9feb0bc7) C:\Windows\system32\DRIVERS\arcsas.sys 10:20:37.0684 3524 arcsas - ok 10:20:37.0693 3524 AsyncMac (add2ade1c2b285ab8378d2daaf991481) C:\Windows\system32\DRIVERS\asyncmac.sys 10:20:37.0694 3524 AsyncMac - ok 10:20:37.0710 3524 atapi (338c86357871c167a96ab976519bf59e) C:\Windows\system32\drivers\atapi.sys 10:20:37.0710 3524 atapi - ok 10:20:37.0898 3524 atikmdag (b9290cf76263838ed609f3bdb6ad07ec) C:\Windows\system32\DRIVERS\atikmdag.sys 10:20:37.0989 3524 atikmdag - ok 10:20:38.0091 3524 AudioEndpointBuilder (ce3b4e731638d2ef62fcb419be0d39f0) C:\Windows\System32\Audiosrv.dll 10:20:38.0108 3524 AudioEndpointBuilder - ok 10:20:38.0115 3524 Audiosrv (ce3b4e731638d2ef62fcb419be0d39f0) C:\Windows\System32\Audiosrv.dll 10:20:38.0119 3524 Audiosrv - ok 10:20:38.0146 3524 AxInstSV (6e30d02aac9cac84f421622e3a2f6178) C:\Windows\System32\AxInstSV.dll 10:20:38.0148 3524 AxInstSV - ok 10:20:38.0186 3524 b06bdrv (1a231abec60fd316ec54c66715543cec) C:\Windows\system32\DRIVERS\bxvbdx.sys 10:20:38.0195 3524 b06bdrv - ok 10:20:38.0255 3524 b57nd60x (bd8869eb9cde6bbe4508d869929869ee) C:\Windows\system32\DRIVERS\b57nd60x.sys 10:20:38.0258 3524 b57nd60x - ok 10:20:38.0279 3524 BDESVC (ee1e9c3bb8228ae423dd38db69128e71) C:\Windows\System32\bdesvc.dll 10:20:38.0283 3524 BDESVC - ok 10:20:38.0303 3524 Beep (505506526a9d467307b3c393dedaf858) C:\Windows\system32\drivers\Beep.sys 10:20:38.0304 3524 Beep - ok 10:20:38.0354 3524 BFE (1e2bac209d184bb851e1a187d8a29136) C:\Windows\System32\bfe.dll 10:20:38.0371 3524 BFE - ok 10:20:38.0421 3524 BITS (e585445d5021971fae10393f0f1c3961) C:\Windows\System32\qmgr.dll 10:20:38.0436 3524 BITS - ok 10:20:38.0456 3524 blbdrive (2287078ed48fcfc477b05b20cf38f36f) C:\Windows\system32\DRIVERS\blbdrive.sys 10:20:38.0457 3524 blbdrive - ok 10:20:38.0481 3524 bowser (8f2da3028d5fcbd1a060a3de64cd6506) C:\Windows\system32\DRIVERS\bowser.sys 10:20:38.0482 3524 bowser - ok 10:20:38.0549 3524 BrcmMgmtAgent (e7ca80fa5a7e82ed87e8140e0bdfa13b) C:\Program Files\Broadcom\MgmtAgent\BrcmMgmtAgent.exe 10:20:38.0551 3524 BrcmMgmtAgent - ok 10:20:38.0571 3524 BrFiltLo (9f9acc7f7ccde8a15c282d3f88b43309) C:\Windows\system32\DRIVERS\BrFiltLo.sys 10:20:38.0573 3524 BrFiltLo - ok 10:20:38.0589 3524 BrFiltUp (56801ad62213a41f6497f96dee83755a) C:\Windows\system32\DRIVERS\BrFiltUp.sys 10:20:38.0590 3524 BrFiltUp - ok 10:20:38.0614 3524 Browser (6e11f33d14d020f58d5e02e4d67dfa19) C:\Windows\System32\browser.dll 10:20:38.0616 3524 Browser - ok 10:20:38.0644 3524 Brserid (845b8ce732e67f3b4133164868c666ea) C:\Windows\System32\Drivers\Brserid.sys 10:20:38.0648 3524 Brserid - ok 10:20:38.0661 3524 BrSerWdm (203f0b1e73adadbbb7b7b1fabd901f6b) C:\Windows\System32\Drivers\BrSerWdm.sys 10:20:38.0662 3524 BrSerWdm - ok 10:20:38.0667 3524 BrUsbMdm (bd456606156ba17e60a04e18016ae54b) C:\Windows\System32\Drivers\BrUsbMdm.sys 10:20:38.0668 3524 BrUsbMdm - ok 10:20:38.0673 3524 BrUsbSer (af72ed54503f717a43268b3cc5faec2e) C:\Windows\System32\Drivers\BrUsbSer.sys 10:20:38.0674 3524 BrUsbSer - ok 10:20:38.0682 3524 BTHMODEM (ed3df7c56ce0084eb2034432fc56565a) C:\Windows\system32\DRIVERS\bthmodem.sys 10:20:38.0684 3524 BTHMODEM - ok 10:20:38.0712 3524 bthserv (1df19c96eef6c29d1c3e1a8678e07190) C:\Windows\system32\bthserv.dll 10:20:38.0713 3524 bthserv - ok 10:20:38.0718 3524 cdfs (77ea11b065e0a8ab902d78145ca51e10) C:\Windows\system32\DRIVERS\cdfs.sys 10:20:38.0720 3524 cdfs - ok 10:20:38.0758 3524 cdrom (be167ed0fdb9c1fa1133953c18d5a6c9) C:\Windows\system32\drivers\cdrom.sys 10:20:38.0760 3524 cdrom - ok 10:20:38.0788 3524 CertPropSvc (319c6b309773d063541d01df8ac6f55f) C:\Windows\System32\certprop.dll 10:20:38.0790 3524 CertPropSvc - ok 10:20:38.0795 3524 circlass (3fe3fe94a34df6fb06e6418d0f6a0060) C:\Windows\system32\DRIVERS\circlass.sys 10:20:38.0796 3524 circlass - ok 10:20:38.0823 3524 CLFS (635181e0e9bbf16871bf5380d71db02d) C:\Windows\system32\CLFS.sys 10:20:38.0825 3524 CLFS - ok 10:20:38.0885 3524 clr_optimization_v2.0.50727_32 (d88040f816fda31c3b466f0fa0918f29) C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe 10:20:38.0887 3524 clr_optimization_v2.0.50727_32 - ok 10:20:38.0962 3524 clr_optimization_v4.0.30319_32 (c5a75eb48e2344abdc162bda79e16841) C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe 10:20:38.0964 3524 clr_optimization_v4.0.30319_32 - ok 10:20:38.0969 3524 CmBatt (dea805815e587dad1dd2c502220b5616) C:\Windows\system32\DRIVERS\CmBatt.sys 10:20:38.0970 3524 CmBatt - ok 10:20:38.0999 3524 cmdide (c537b1db64d495b9b4717b4d6d9edbf2) C:\Windows\system32\drivers\cmdide.sys 10:20:39.0000 3524 cmdide - ok 10:20:39.0046 3524 CNG (6427525d76f61d0c519b008d3680e8e7) C:\Windows\system32\Drivers\cng.sys 10:20:39.0051 3524 CNG - ok 10:20:39.0055 3524 Compbatt (a6023d3823c37043986713f118a89bee) C:\Windows\system32\DRIVERS\compbatt.sys 10:20:39.0058 3524 Compbatt - ok 10:20:39.0097 3524 CompositeBus (cbe8c58a8579cfe5fccf809e6f114e89) C:\Windows\system32\drivers\CompositeBus.sys 10:20:39.0098 3524 CompositeBus - ok 10:20:39.0104 3524 COMSysApp - ok 10:20:39.0111 3524 crcdisk (2c4ebcfc84a9b44f209dff6c6e6c61d1) C:\Windows\system32\DRIVERS\crcdisk.sys 10:20:39.0112 3524 crcdisk - ok 10:20:39.0154 3524 CryptSvc (a585bebf7d054bd9618eda0922d5484a) C:\Windows\system32\cryptsvc.dll 10:20:39.0156 3524 CryptSvc - ok 10:20:39.0185 3524 DcomLaunch (7660f01d3b38aca1747e397d21d790af) C:\Windows\system32\rpcss.dll 10:20:39.0190 3524 DcomLaunch - ok 10:20:39.0215 3524 defragsvc (8d6e10a2d9a5eed59562d9b82cf804e1) C:\Windows\System32\defragsvc.dll 10:20:39.0219 3524 defragsvc - ok 10:20:39.0248 3524 DfsC (f024449c97ec1e464aaffda18593db88) C:\Windows\system32\Drivers\dfsc.sys 10:20:39.0250 3524 DfsC - ok 10:20:39.0273 3524 Dhcp (e9e01eb683c132f7fa27cd607b8a2b63) C:\Windows\system32\dhcpcore.dll 10:20:39.0278 3524 Dhcp - ok 10:20:39.0285 3524 discache (1a050b0274bfb3890703d490f330c0da) C:\Windows\system32\drivers\discache.sys 10:20:39.0287 3524 discache - ok 10:20:39.0305 3524 Disk (565003f326f99802e68ca78f2a68e9ff) C:\Windows\system32\DRIVERS\disk.sys 10:20:39.0307 3524 Disk - ok 10:20:39.0364 3524 DM150Drv (c1e8f827343c65957f76487677711dfa) C:\Windows\system32\DRIVERS\DM150Drv.sys 10:20:39.0366 3524 DM150Drv - ok 10:20:39.0395 3524 Dnscache (33ef4861f19a0736b11314aad9ae28d0) C:\Windows\System32\dnsrslvr.dll 10:20:39.0398 3524 Dnscache - ok 10:20:39.0423 3524 dot3svc (366ba8fb4b7bb7435e3b9eacb3843f67) C:\Windows\System32\dot3svc.dll 10:20:39.0428 3524 dot3svc - ok 10:20:39.0464 3524 DPS (8ec04ca86f1d68da9e11952eb85973d6) C:\Windows\system32\dps.dll 10:20:39.0465 3524 DPS - ok 10:20:39.0493 3524 drmkaud (b918e7c5f9bf77202f89e1a9539f2eb4) C:\Windows\system32\drivers\drmkaud.sys 10:20:39.0494 3524 drmkaud - ok 10:20:39.0545 3524 DXGKrnl (23f5d28378a160352ba8f817bd8c71cb) C:\Windows\System32\drivers\dxgkrnl.sys 10:20:39.0556 3524 DXGKrnl - ok 10:20:39.0577 3524 EapHost (8600142fa91c1b96367d3300ad0f3f3a) C:\Windows\System32\eapsvc.dll 10:20:39.0580 3524 EapHost - ok 10:20:39.0721 3524 ebdrv (024e1b5cac09731e4d868e64dbfb4ab0) C:\Windows\system32\DRIVERS\evbdx.sys 10:20:39.0781 3524 ebdrv - ok 10:20:39.0871 3524 EFS (81951f51e318aecc2d68559e47485cc4) C:\Windows\System32\lsass.exe 10:20:39.0875 3524 EFS - ok 10:20:39.0932 3524 ehRecvr (a8c362018efc87beb013ee28f29c0863) C:\Windows\ehome\ehRecvr.exe 10:20:39.0948 3524 ehRecvr - ok 10:20:39.0968 3524 ehSched (d389bff34f80caede417bf9d1507996a) C:\Windows\ehome\ehsched.exe 10:20:39.0970 3524 ehSched - ok 10:20:40.0019 3524 elxstor (0ed67910c8c326796faa00b2bf6d9d3c) C:\Windows\system32\DRIVERS\elxstor.sys 10:20:40.0037 3524 elxstor - ok 10:20:40.0060 3524 ErrDev (8fc3208352dd3912c94367a206ab3f11) C:\Windows\system32\drivers\errdev.sys 10:20:40.0062 3524 ErrDev - ok 10:20:40.0099 3524 EventSystem (f6916efc29d9953d5d0df06882ae8e16) C:\Windows\system32\es.dll 10:20:40.0100 3524 EventSystem - ok 10:20:40.0116 3524 exfat (2dc9108d74081149cc8b651d3a26207f) C:\Windows\system32\drivers\exfat.sys 10:20:40.0118 3524 exfat - ok 10:20:40.0141 3524 fastfat (7e0ab74553476622fb6ae36f73d97d35) C:\Windows\system32\drivers\fastfat.sys 10:20:40.0143 3524 fastfat - ok 10:20:40.0182 3524 Fax (967ea5b213e9984cbe270205df37755b) C:\Windows\system32\fxssvc.exe 10:20:40.0198 3524 Fax - ok 10:20:40.0202 3524 fdc (e817a017f82df2a1f8cfdbda29388b29) C:\Windows\system32\DRIVERS\fdc.sys 10:20:40.0203 3524 fdc - ok 10:20:40.0218 3524 fdPHost (f3222c893bd2f5821a0179e5c71e88fb) C:\Windows\system32\fdPHost.dll 10:20:40.0219 3524 fdPHost - ok 10:20:40.0231 3524 FDResPub (7dbe8cbfe79efbdeb98c9fb08d3a9a5b) C:\Windows\system32\fdrespub.dll 10:20:40.0232 3524 FDResPub - ok 10:20:40.0240 3524 FileInfo (6cf00369c97f3cf563be99be983d13d8) C:\Windows\system32\drivers\fileinfo.sys 10:20:40.0242 3524 FileInfo - ok 10:20:40.0259 3524 Filetrace (42c51dc94c91da21cb9196eb64c45db9) C:\Windows\system32\drivers\filetrace.sys 10:20:40.0260 3524 Filetrace - ok 10:20:40.0339 3524 FLEXnet Licensing Service (f76d04f7413b07daa029f6520b64b4e8) C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe 10:20:40.0352 3524 FLEXnet Licensing Service - ok 10:20:40.0357 3524 flpydisk (87907aa70cb3c56600f1c2fb8841579b) C:\Windows\system32\DRIVERS\flpydisk.sys 10:20:40.0357 3524 flpydisk - ok 10:20:40.0375 3524 FltMgr (7520ec808e0c35e0ee6f841294316653) C:\Windows\system32\drivers\fltmgr.sys 10:20:40.0378 3524 FltMgr - ok 10:20:40.0425 3524 FontCache (b3a5ec6b6b6673db7e87c2bcdbddc074) C:\Windows\system32\FntCache.dll 10:20:40.0446 3524 FontCache - ok 10:20:40.0483 3524 FontCache3.0.0.0 (e56f39f6b7fda0ac77a79b0fd3de1a2f) C:\Windows\Microsoft.Net\Framework\v3.0\WPF\PresentationFontCache.exe 10:20:40.0484 3524 FontCache3.0.0.0 - ok 10:20:40.0491 3524 FsDepends (1a16b57943853e598cff37fe2b8cbf1d) C:\Windows\system32\drivers\FsDepends.sys 10:20:40.0493 3524 FsDepends - ok 10:20:40.0517 3524 Fs_Rec (7dae5ebcc80e45d3253f4923dc424d05) C:\Windows\system32\drivers\Fs_Rec.sys 10:20:40.0518 3524 Fs_Rec - ok 10:20:40.0533 3524 fvevol (8a73e79089b282100b9393b644cb853b) C:\Windows\system32\DRIVERS\fvevol.sys 10:20:40.0535 3524 fvevol - ok 10:20:40.0542 3524 gagp30kx (65ee0c7a58b65e74ae05637418153938) C:\Windows\system32\DRIVERS\gagp30kx.sys 10:20:40.0543 3524 gagp30kx - ok 10:20:40.0599 3524 gpsvc (e897eaf5ed6ba41e081060c9b447a673) C:\Windows\System32\gpsvc.dll 10:20:40.0613 3524 gpsvc - ok 10:20:40.0622 3524 hcw85cir (c44e3c2bab6837db337ddee7544736db) C:\Windows\system32\drivers\hcw85cir.sys 10:20:40.0623 3524 hcw85cir - ok 10:20:40.0654 3524 HDAudBus (9036377b8a6c15dc2eec53e489d159b5) C:\Windows\system32\drivers\HDAudBus.sys 10:20:40.0655 3524 HDAudBus - ok 10:20:40.0660 3524 HidBatt (1d58a7f3e11a9731d0eaaaa8405acc36) C:\Windows\system32\DRIVERS\HidBatt.sys 10:20:40.0661 3524 HidBatt - ok 10:20:40.0669 3524 HidBth (89448f40e6df260c206a193a4683ba78) C:\Windows\system32\DRIVERS\hidbth.sys 10:20:40.0671 3524 HidBth - ok 10:20:40.0684 3524 HidIr (cf50b4cf4a4f229b9f3c08351f99ca5e) C:\Windows\system32\DRIVERS\hidir.sys 10:20:40.0686 3524 HidIr - ok 10:20:40.0774 3524 hidserv (2bc6f6a1992b3a77f5f41432ca6b3b6b) C:\Windows\system32\hidserv.dll 10:20:40.0777 3524 hidserv - ok 10:20:40.0802 3524 HidUsb (10c19f8290891af023eaec0832e1eb4d) C:\Windows\system32\DRIVERS\hidusb.sys 10:20:40.0804 3524 HidUsb - ok 10:20:40.0821 3524 hkmsvc (196b4e3f4cccc24af836ce58facbb699) C:\Windows\system32\kmsvc.dll 10:20:40.0824 3524 hkmsvc - ok 10:20:40.0841 3524 HomeGroupListener (6658f4404de03d75fe3ba09f7aba6a30) C:\Windows\system32\ListSvc.dll 10:20:40.0844 3524 HomeGroupListener - ok 10:20:40.0874 3524 HomeGroupProvider (dbc02d918fff1cad628acbe0c0eaa8e8) C:\Windows\system32\provsvc.dll 10:20:40.0879 3524 HomeGroupProvider - ok 10:20:40.0899 3524 HpSAMD (295fdc419039090eb8b49ffdbb374549) C:\Windows\system32\drivers\HpSAMD.sys 10:20:40.0900 3524 HpSAMD - ok 10:20:40.0990 3524 HPSLPSVC (a04f4ac48895774a2cf9d1c9eaaacef0) C:\Program Files\HP\Digital Imaging\bin\HPSLPSVC32.DLL 10:20:41.0003 3524 HPSLPSVC - ok 10:20:41.0050 3524 HTTP (871917b07a141bff43d76d8844d48106) C:\Windows\system32\drivers\HTTP.sys 10:20:41.0057 3524 HTTP - ok 10:20:41.0065 3524 hwpolicy (0c4e035c7f105f1299258c90886c64c5) C:\Windows\system32\drivers\hwpolicy.sys 10:20:41.0067 3524 hwpolicy - ok 10:20:41.0095 3524 i8042prt (f151f0bdc47f4a28b1b20a0818ea36d6) C:\Windows\system32\drivers\i8042prt.sys 10:20:41.0096 3524 i8042prt - ok 10:20:41.0145 3524 iaStorV (5cd5f9a5444e6cdcb0ac89bd62d8b76e) C:\Windows\system32\drivers\iaStorV.sys 10:20:41.0149 3524 iaStorV - ok 10:20:41.0208 3524 idsvc (c521d7eb6497bb1af6afa89e322fb43c) C:\Windows\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe 10:20:41.0226 3524 idsvc - ok 10:20:41.0231 3524 iirsp (4173ff5708f3236cf25195fecd742915) C:\Windows\system32\DRIVERS\iirsp.sys 10:20:41.0232 3524 iirsp - ok 10:20:41.0277 3524 IKEEXT (f95622f161474511b8d80d6b093aa610) C:\Windows\System32\ikeext.dll 10:20:41.0290 3524 IKEEXT - ok 10:20:41.0435 3524 IntcAzAudAddService (2d8d9516281e27a721897a388f17defb) C:\Windows\system32\drivers\RTDVHDA.sys 10:20:41.0491 3524 IntcAzAudAddService - ok 10:20:41.0564 3524 intelide (a0f12f2c9ba6c72f3987ce780e77c130) C:\Windows\system32\drivers\intelide.sys 10:20:41.0565 3524 intelide - ok 10:20:41.0584 3524 intelppm (3b514d27bfc4accb4037bc6685f766e0) C:\Windows\system32\DRIVERS\intelppm.sys 10:20:41.0586 3524 intelppm - ok 10:20:41.0622 3524 IPBusEnum (acb364b9075a45c0736e5c47be5cae19) C:\Windows\system32\ipbusenum.dll 10:20:41.0625 3524 IPBusEnum - ok 10:20:41.0632 3524 IpFilterDriver (709d1761d3b19a932ff0238ea6d50200) C:\Windows\system32\DRIVERS\ipfltdrv.sys 10:20:41.0633 3524 IpFilterDriver - ok 10:20:41.0690 3524 iphlpsvc (4d65a07b795d6674312f879d09aa7663) C:\Windows\System32\iphlpsvc.dll 10:20:41.0706 3524 iphlpsvc - ok 10:20:41.0741 3524 IPMIDRV (4bd7134618c1d2a27466a099062547bf) C:\Windows\system32\drivers\IPMIDrv.sys 10:20:41.0743 3524 IPMIDRV - ok 10:20:41.0752 3524 IPNAT (a5fa468d67abcdaa36264e463a7bb0cd) C:\Windows\system32\drivers\ipnat.sys 10:20:41.0754 3524 IPNAT - ok 10:20:41.0772 3524 IRENUM (42996cff20a3084a56017b7902307e9f) C:\Windows\system32\drivers\irenum.sys 10:20:41.0773 3524 IRENUM - ok 10:20:41.0778 3524 isapnp (1f32bb6b38f62f7df1a7ab7292638a35) C:\Windows\system32\drivers\isapnp.sys 10:20:41.0779 3524 isapnp - ok 10:20:41.0818 3524 iScsiPrt (cb7a9abb12b8415bce5d74994c7ba3ae) C:\Windows\system32\drivers\msiscsi.sys 10:20:41.0821 3524 iScsiPrt - ok 10:20:41.0868 3524 k57nd60x (51b719f0bce4430a6eaad43fb9ff61a3) C:\Windows\system32\DRIVERS\k57nd60x.sys 10:20:41.0873 3524 k57nd60x - ok 10:20:41.0883 3524 kbdclass (adef52ca1aeae82b50df86b56413107e) C:\Windows\system32\DRIVERS\kbdclass.sys 10:20:41.0884 3524 kbdclass - ok 10:20:41.0920 3524 kbdhid (9e3ced91863e6ee98c24794d05e27a71) C:\Windows\system32\DRIVERS\kbdhid.sys 10:20:41.0922 3524 kbdhid - ok 10:20:41.0954 3524 KeyIso (81951f51e318aecc2d68559e47485cc4) C:\Windows\system32\lsass.exe 10:20:41.0957 3524 KeyIso - ok 10:20:41.0975 3524 KSecDD (f4647bb23db9038a7536cf6b68f4207f) C:\Windows\system32\Drivers\ksecdd.sys 10:20:41.0977 3524 KSecDD - ok 10:20:42.0012 3524 KSecPkg (e73cae53bbb72ba26918492c6b4c229d) C:\Windows\system32\Drivers\ksecpkg.sys 10:20:42.0014 3524 KSecPkg - ok 10:20:42.0048 3524 KtmRm (89a7b9cc98d0d80c6f31b91c0a310fcd) C:\Windows\system32\msdtckrm.dll 10:20:42.0054 3524 KtmRm - ok 10:20:42.0098 3524 LanmanServer (d64af876d53eca3668bb97b51b4e70ab) C:\Windows\system32\srvsvc.dll 10:20:42.0103 3524 LanmanServer - ok 10:20:42.0134 3524 LanmanWorkstation (58405e4f68ba8e4057c6e914f326aba2) C:\Windows\System32\wkssvc.dll 10:20:42.0138 3524 LanmanWorkstation - ok 10:20:42.0166 3524 lltdio (f7611ec07349979da9b0ae1f18ccc7a6) C:\Windows\system32\DRIVERS\lltdio.sys 10:20:42.0167 3524 lltdio - ok 10:20:42.0189 3524 lltdsvc (5700673e13a2117fa3b9020c852c01e2) C:\Windows\System32\lltdsvc.dll 10:20:42.0193 3524 lltdsvc - ok 10:20:42.0206 3524 lmhosts (55ca01ba19d0006c8f2639b6c045e08b) C:\Windows\System32\lmhsvc.dll 10:20:42.0209 3524 lmhosts - ok 10:20:42.0219 3524 LSI_FC (eb119a53ccf2acc000ac71b065b78fef) C:\Windows\system32\DRIVERS\lsi_fc.sys 10:20:42.0220 3524 LSI_FC - ok 10:20:42.0227 3524 LSI_SAS (8ade1c877256a22e49b75d1cc9161f9c) C:\Windows\system32\DRIVERS\lsi_sas.sys 10:20:42.0228 3524 LSI_SAS - ok 10:20:42.0233 3524 LSI_SAS2 (dc9dc3d3daa0e276fd2ec262e38b11e9) C:\Windows\system32\DRIVERS\lsi_sas2.sys 10:20:42.0234 3524 LSI_SAS2 - ok 10:20:42.0240 3524 LSI_SCSI (0a036c7d7cab643a7f07135ac47e0524) C:\Windows\system32\DRIVERS\lsi_scsi.sys 10:20:42.0242 3524 LSI_SCSI - ok 10:20:42.0259 3524 luafv (6703e366cc18d3b6e534f5cf7df39cee) C:\Windows\system32\drivers\luafv.sys 10:20:42.0260 3524 luafv - ok 10:20:42.0283 3524 MBAMProtector (fb097bbc1a18f044bd17bd2fccf97865) C:\Windows\system32\drivers\mbam.sys 10:20:42.0284 3524 MBAMProtector - ok 10:20:42.0359 3524 MBAMService (ba400ed640bca1eae5c727ae17c10207) C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe 10:20:42.0364 3524 MBAMService - ok 10:20:42.0422 3524 McAfee SiteAdvisor Enterprise Service (4f2d526298cbc517edb82501e8041112) C:\Program Files\McAfee\SiteAdvisor Enterprise\McSACore.exe 10:20:42.0426 3524 McAfee SiteAdvisor Enterprise Service - ok 10:20:42.0480 3524 McShield (1fe222eaf4ba73ced5a0707b38f3c0b1) C:\Program Files\Common Files\McAfee\SystemCore\\mcshield.exe 10:20:42.0483 3524 McShield - ok 10:20:42.0520 3524 Mcx2Svc (bfb9ee8ee977efe85d1a3105abef6dd1) C:\Windows\system32\Mcx2Svc.dll 10:20:42.0524 3524 Mcx2Svc - ok 10:20:42.0558 3524 megasas (0fff5b045293002ab38eb1fd1fc2fb74) C:\Windows\system32\DRIVERS\megasas.sys 10:20:42.0559 3524 megasas - ok 10:20:42.0573 3524 MegaSR (dcbab2920c75f390caf1d29f675d03d6) C:\Windows\system32\DRIVERS\MegaSR.sys 10:20:42.0577 3524 MegaSR - ok 10:20:42.0594 3524 mfeapfk (37364b530339ff0b0ababc8df1c532c3) C:\Windows\system32\drivers\mfeapfk.sys 10:20:42.0597 3524 mfeapfk - ok 10:20:42.0636 3524 mfeavfk (cd2a8a43bd6b0d15a3255829b1778285) C:\Windows\system32\drivers\mfeavfk.sys 10:20:42.0639 3524 mfeavfk - ok 10:20:42.0663 3524 mfeavfk01 - ok 10:20:42.0686 3524 mfebopk (2cd52e91ba338f10ba14d3f90bbda5e8) C:\Windows\system32\drivers\mfebopk.sys 10:20:42.0687 3524 mfebopk - ok 10:20:42.0711 3524 mfefire (47f47dc4d922085bc178a330fe1748bd) C:\Program Files\Common Files\McAfee\SystemCore\\mfefire.exe 10:20:42.0713 3524 mfefire - ok 10:20:42.0741 3524 mfefirek (2a068871402874cb6487910b904a4321) C:\Windows\system32\drivers\mfefirek.sys 10:20:42.0746 3524 mfefirek - ok 10:20:42.0794 3524 mfehidk (cf669582f5f98c4ba79d59cfe169198b) C:\Windows\system32\drivers\mfehidk.sys 10:20:42.0804 3524 mfehidk - ok 10:20:42.0823 3524 mfenlfk (805b04f90e734e0580efd41fe47b0847) C:\Windows\system32\DRIVERS\mfenlfk.sys 10:20:42.0825 3524 mfenlfk - ok 10:20:42.0847 3524 mferkdet (42f84c2a82a057d74c54ef70e0cf0a2c) C:\Windows\system32\drivers\mferkdet.sys 10:20:42.0849 3524 mferkdet - ok 10:20:42.0865 3524 mfevtp (5339baac5c43ddbdb448863f8ea8fcdc) C:\Windows\system32\mfevtps.exe 10:20:42.0870 3524 mfevtp - ok 10:20:42.0888 3524 mfewfpk (13eaa7dd3bd4ebf6fd5562bf4554f159) C:\Windows\system32\drivers\mfewfpk.sys 10:20:42.0890 3524 mfewfpk - ok 10:20:42.0975 3524 MFE_RR - ok 10:20:42.0997 3524 MMCSS (146b6f43a673379a3c670e86d89be5ea) C:\Windows\system32\mmcss.dll 10:20:42.0999 3524 MMCSS - ok 10:20:43.0005 3524 Modem (f001861e5700ee84e2d4e52c712f4964) C:\Windows\system32\drivers\modem.sys 10:20:43.0006 3524 Modem - ok 10:20:43.0039 3524 monitor (79d10964de86b292320e9dfe02282a23) C:\Windows\system32\DRIVERS\monitor.sys 10:20:43.0040 3524 monitor - ok 10:20:43.0086 3524 mouclass (fb18cc1d4c2e716b6b903b0ac0cc0609) C:\Windows\system32\DRIVERS\mouclass.sys 10:20:43.0087 3524 mouclass - ok 10:20:43.0095 3524 mouhid (2c388d2cd01c9042596cf3c8f3c7b24d) C:\Windows\system32\DRIVERS\mouhid.sys 10:20:43.0097 3524 mouhid - ok 10:20:43.0126 3524 mountmgr (fc8771f45ecccfd89684e38842539b9b) C:\Windows\system32\drivers\mountmgr.sys 10:20:43.0127 3524 mountmgr - ok 10:20:43.0188 3524 MozillaMaintenance (96aa8ba23142cc8e2b30f3cae0c80254) C:\Program Files\Mozilla Maintenance Service\maintenanceservice.exe 10:20:43.0190 3524 MozillaMaintenance - ok 10:20:43.0225 3524 mpio (2d699fb6e89ce0d8da14ecc03b3edfe0) C:\Windows\system32\drivers\mpio.sys 10:20:43.0227 3524 mpio - ok 10:20:43.0242 3524 mpsdrv (ad2723a7b53dd1aacae6ad8c0bfbf4d0) C:\Windows\system32\drivers\mpsdrv.sys 10:20:43.0243 3524 mpsdrv - ok 10:20:43.0298 3524 MpsSvc (9835584e999d25004e1ee8e5f3e3b881) C:\Windows\system32\mpssvc.dll 10:20:43.0313 3524 MpsSvc - ok 10:20:43.0335 3524 MRxDAV (ceb46ab7c01c9f825f8cc6babc18166a) C:\Windows\system32\drivers\mrxdav.sys 10:20:43.0338 3524 MRxDAV - ok 10:20:43.0365 3524 mrxsmb (5d16c921e3671636c0eba3bbaac5fd25) C:\Windows\system32\DRIVERS\mrxsmb.sys 10:20:43.0367 3524 mrxsmb - ok 10:20:43.0386 3524 mrxsmb10 (6d17a4791aca19328c685d256349fefc) C:\Windows\system32\DRIVERS\mrxsmb10.sys 10:20:43.0390 3524 mrxsmb10 - ok 10:20:43.0418 3524 mrxsmb20 (b81f204d146000be76651a50670a5e9e) C:\Windows\system32\DRIVERS\mrxsmb20.sys 10:20:43.0421 3524 mrxsmb20 - ok 10:20:43.0438 3524 msahci (012c5f4e9349e711e11e0f19a8589f0a) C:\Windows\system32\drivers\msahci.sys 10:20:43.0439 3524 msahci - ok 10:20:43.0480 3524 msdsm (55055f8ad8be27a64c831322a780a228) C:\Windows\system32\drivers\msdsm.sys 10:20:43.0483 3524 msdsm - ok 10:20:43.0508 3524 MSDTC (e1bce74a3bd9902b72599c0192a07e27) C:\Windows\System32\msdtc.exe 10:20:43.0511 3524 MSDTC - ok 10:20:43.0531 3524 Msfs (daefb28e3af5a76abcc2c3078c07327f) C:\Windows\system32\drivers\Msfs.sys 10:20:43.0532 3524 Msfs - ok 10:20:43.0540 3524 mshidkmdf (3e1e5767043c5af9367f0056295e9f84) C:\Windows\System32\drivers\mshidkmdf.sys 10:20:43.0541 3524 mshidkmdf - ok 10:20:43.0570 3524 msisadrv (0a4e5757ae09fa9622e3158cc1aef114) C:\Windows\system32\drivers\msisadrv.sys 10:20:43.0571 3524 msisadrv - ok 10:20:43.0609 3524 MSiSCSI (90f7d9e6b6f27e1a707d4a297f077828) C:\Windows\system32\iscsiexe.dll 10:20:43.0613 3524 MSiSCSI - ok 10:20:43.0617 3524 msiserver - ok 10:20:43.0627 3524 MSKSSRV (8c0860d6366aaffb6c5bb9df9448e631) C:\Windows\system32\drivers\MSKSSRV.sys 10:20:43.0628 3524 MSKSSRV - ok 10:20:43.0633 3524 MSPCLOCK (3ea8b949f963562cedbb549eac0c11ce) C:\Windows\system32\drivers\MSPCLOCK.sys 10:20:43.0634 3524 MSPCLOCK - ok 10:20:43.0639 3524 MSPQM (f456e973590d663b1073e9c463b40932) C:\Windows\system32\drivers\MSPQM.sys 10:20:43.0640 3524 MSPQM - ok 10:20:43.0665 3524 MsRPC (0e008fc4819d238c51d7c93e7b41e560) C:\Windows\system32\drivers\MsRPC.sys 10:20:43.0667 3524 MsRPC - ok 10:20:43.0673 3524 mssmbios (fc6b9ff600cc585ea38b12589bd4e246) C:\Windows\system32\drivers\mssmbios.sys 10:20:43.0674 3524 mssmbios - ok 10:20:43.0739 3524 MSSQL$ACT7 - ok 10:20:43.0797 3524 MSSQLServerADHelper100 (8e8e74c953eb0c4f8828d99d6f27fd6f) C:\Program Files\Microsoft SQL Server\100\Shared\SQLADHLP.EXE 10:20:43.0799 3524 MSSQLServerADHelper100 - ok 10:20:43.0803 3524 MSTEE (b42c6b921f61a6e55159b8be6cd54a36) C:\Windows\system32\drivers\MSTEE.sys 10:20:43.0805 3524 MSTEE - ok 10:20:43.0811 3524 MTConfig (33599130f44e1f34631cea241de8ac84) C:\Windows\system32\DRIVERS\MTConfig.sys 10:20:43.0813 3524 MTConfig - ok 10:20:43.0829 3524 Mup (159fad02f64e6381758c990f753bcc80) C:\Windows\system32\Drivers\mup.sys 10:20:43.0830 3524 Mup - ok 10:20:43.0895 3524 myAgtSvc (a35ab0a7a983ebca85805da63d763382) C:\Program Files\McAfee\Managed VirusScan\Agent\myAgtSvc.exe 10:20:43.0898 3524 myAgtSvc - ok 10:20:43.0941 3524 napagent (61d57a5d7c6d9afe10e77dae6e1b445e) C:\Windows\system32\qagentRT.dll 10:20:43.0947 3524 napagent - ok 10:20:43.0978 3524 NativeWifiP (26384429fcd85d83746f63e798ab1480) C:\Windows\system32\DRIVERS\nwifi.sys 10:20:43.0983 3524 NativeWifiP - ok 10:20:44.0035 3524 NDIS (3723262737d90f58059ceda7373b0387) C:\Windows\system32\drivers\ndis.sys 10:20:44.0044 3524 NDIS - ok 10:20:44.0049 3524 NdisCap (0e1787aa6c9191d3d319e8bafe86f80c) C:\Windows\system32\DRIVERS\ndiscap.sys 10:20:44.0051 3524 NdisCap - ok 10:20:44.0074 3524 NdisTapi (e4a8aec125a2e43a9e32afeea7c9c888) C:\Windows\system32\DRIVERS\ndistapi.sys 10:20:44.0075 3524 NdisTapi - ok 10:20:44.0096 3524 Ndisuio (d8a65dafb3eb41cbb622745676fcd072) C:\Windows\system32\DRIVERS\ndisuio.sys 10:20:44.0097 3524 Ndisuio - ok 10:20:44.0126 3524 NdisWan (38fbe267e7e6983311179230facb1017) C:\Windows\system32\DRIVERS\ndiswan.sys 10:20:44.0128 3524 NdisWan - ok 10:20:44.0165 3524 NDProxy (a4bdc541e69674fbff1a8ff00be913f2) C:\Windows\system32\drivers\NDProxy.sys 10:20:44.0166 3524 NDProxy - ok 10:20:44.0203 3524 Net Driver HPZ12 (69c503c004f49aee8b8e3067cc047ba7) C:\Windows\system32\HPZinw12.dll 10:20:44.0206 3524 Net Driver HPZ12 - ok 10:20:44.0222 3524 NetBIOS (80b275b1ce3b0e79909db7b39af74d51) C:\Windows\system32\DRIVERS\netbios.sys 10:20:44.0224 3524 NetBIOS - ok 10:20:44.0258 3524 NetBT (280122ddcf04b378edd1ad54d71c1e54) C:\Windows\system32\DRIVERS\netbt.sys 10:20:44.0261 3524 NetBT - ok 10:20:44.0298 3524 Netlogon (81951f51e318aecc2d68559e47485cc4) C:\Windows\system32\lsass.exe 10:20:44.0300 3524 Netlogon - ok 10:20:44.0339 3524 Netman (7cccfca7510684768da22092d1fa4db2) C:\Windows\System32\netman.dll 10:20:44.0345 3524 Netman - ok 10:20:44.0371 3524 netprofm (8c338238c16777a802d6a9211eb2ba50) C:\Windows\System32\netprofm.dll 10:20:44.0381 3524 netprofm - ok 10:20:44.0460 3524 NetTcpPortSharing (f476ec40033cdb91efbe73eb99b8362d) C:\Windows\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe 10:20:44.0462 3524 NetTcpPortSharing - ok 10:20:44.0485 3524 nfrd960 (1d85c4b390b0ee09c7a46b91efb2c097) C:\Windows\system32\DRIVERS\nfrd960.sys 10:20:44.0486 3524 nfrd960 - ok 10:20:44.0531 3524 NlaSvc (912084381d30d8b89ec4e293053f4710) C:\Windows\System32\nlasvc.dll 10:20:44.0536 3524 NlaSvc - ok 10:20:44.0554 3524 Npfs (1db262a9f8c087e8153d89bef3d2235f) C:\Windows\system32\drivers\Npfs.sys 10:20:44.0555 3524 Npfs - ok 10:20:44.0573 3524 nsi (ba387e955e890c8a88306d9b8d06bf17) C:\Windows\system32\nsisvc.dll 10:20:44.0575 3524 nsi - ok 10:20:44.0584 3524 nsiproxy (e9a0a4d07e53d8fea2bb8387a3293c58) C:\Windows\system32\drivers\nsiproxy.sys 10:20:44.0585 3524 nsiproxy - ok 10:20:44.0642 3524 Ntfs (81189c3d7763838e55c397759d49007a) C:\Windows\system32\drivers\Ntfs.sys 10:20:44.0662 3524 Ntfs - ok 10:20:44.0672 3524 Null (f9756a98d69098dca8945d62858a812c) C:\Windows\system32\drivers\Null.sys 10:20:44.0673 3524 Null - ok 10:20:44.0722 3524 nvraid (b3e25ee28883877076e0e1ff877d02e0) C:\Windows\system32\drivers\nvraid.sys 10:20:44.0724 3524 nvraid - ok 10:20:44.0750 3524 nvstor (4380e59a170d88c4f1022eff6719a8a4) C:\Windows\system32\drivers\nvstor.sys 10:20:44.0753 3524 nvstor - ok 10:20:44.0771 3524 nv_agp (5a0983915f02bae73267cc2a041f717d) C:\Windows\system32\drivers\nv_agp.sys 10:20:44.0773 3524 nv_agp - ok 10:20:44.0809 3524 ohci1394 (08a70a1f2cdde9bb49b885cb817a66eb) C:\Windows\system32\drivers\ohci1394.sys 10:20:44.0811 3524 ohci1394 - ok 10:20:44.0896 3524 OneTouch 4.0 Monitor (b2671cf701f42b117eea7ede55be8d56) C:\Program Files\Visioneer\OneTouch 4.0\OtService.exe 10:20:44.0900 3524 OneTouch 4.0 Monitor - ok 10:20:44.0962 3524 ose (9d10f99a6712e28f8acd5641e3a7ea6b) C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE 10:20:44.0965 3524 ose - ok 10:20:45.0181 3524 osppsvc (358a9cca612c68eb2f07ddad4ce1d8d7) C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE 10:20:45.0217 3524 osppsvc - ok 10:20:45.0311 3524 p2pimsvc (82a8521ddc60710c3d3d3e7325209bec) C:\Windows\system32\pnrpsvc.dll 10:20:45.0316 3524 p2pimsvc - ok 10:20:45.0344 3524 p2psvc (59c3ddd501e39e006dac31bf55150d91) C:\Windows\system32\p2psvc.dll 10:20:45.0355 3524 p2psvc - ok 10:20:45.0388 3524 Parport (2ea877ed5dd9713c5ac74e8ea7348d14) C:\Windows\system32\DRIVERS\parport.sys 10:20:45.0390 3524 Parport - ok 10:20:45.0417 3524 partmgr (3f34a1b4c5f6475f320c275e63afce9b) C:\Windows\system32\drivers\partmgr.sys 10:20:45.0419 3524 partmgr - ok 10:20:45.0423 3524 Parvdm (eb0a59f29c19b86479d36b35983daadc) C:\Windows\system32\DRIVERS\parvdm.sys 10:20:45.0424 3524 Parvdm - ok 10:20:45.0457 3524 PBADRV (4088c1ecd1f54281a92fa663b0fdc36f) C:\Windows\system32\DRIVERS\PBADRV.sys 10:20:45.0458 3524 PBADRV - ok 10:20:45.0477 3524 PcaSvc (358ab7956d3160000726574083dfc8a6) C:\Windows\System32\pcasvc.dll 10:20:45.0481 3524 PcaSvc - ok 10:20:45.0496 3524 pci (673e55c3498eb970088e812ea820aa8f) C:\Windows\system32\drivers\pci.sys 10:20:45.0498 3524 pci - ok 10:20:45.0731 3524 pciide (afe86f419014db4e5593f69ffe26ce0a) C:\Windows\system32\drivers\pciide.sys 10:20:45.0732 3524 pciide - ok 10:20:45.0754 3524 pcmcia (f396431b31693e71e8a80687ef523506) C:\Windows\system32\DRIVERS\pcmcia.sys 10:20:45.0757 3524 pcmcia - ok 10:20:45.0775 3524 pcw (250f6b43d2b613172035c6747aeeb19f) C:\Windows\system32\drivers\pcw.sys 10:20:45.0776 3524 pcw - ok 10:20:45.0807 3524 PEAUTH (9e0104ba49f4e6973749a02bf41344ed) C:\Windows\system32\drivers\peauth.sys 10:20:45.0823 3524 PEAUTH - ok 10:20:45.0918 3524 pla (414bba67a3ded1d28437eb66aeb8a720) C:\Windows\system32\pla.dll 10:20:45.0944 3524 pla - ok 10:20:46.0013 3524 PlugPlay (ec7bc28d207da09e79b3e9faf8b232ca) C:\Windows\system32\umpnpmgr.dll 10:20:46.0019 3524 PlugPlay - ok 10:20:46.0062 3524 Pml Driver HPZ12 (12b4549d515cb26bb8d375038017ca65) C:\Windows\system32\HPZipm12.dll 10:20:46.0064 3524 Pml Driver HPZ12 - ok 10:20:46.0078 3524 PNRPAutoReg (63ff8572611249931eb16bb8eed6afc8) C:\Windows\system32\pnrpauto.dll 10:20:46.0081 3524 PNRPAutoReg - ok 10:20:46.0108 3524 PNRPsvc (82a8521ddc60710c3d3d3e7325209bec) C:\Windows\system32\pnrpsvc.dll 10:20:46.0111 3524 PNRPsvc - ok 10:20:46.0136 3524 PolicyAgent (53946b69ba0836bd95b03759530c81ec) C:\Windows\System32\ipsecsvc.dll 10:20:46.0147 3524 PolicyAgent - ok 10:20:46.0182 3524 Power (f87d30e72e03d579a5199ccb3831d6ea) C:\Windows\system32\umpo.dll 10:20:46.0186 3524 Power - ok 10:20:46.0210 3524 PptpMiniport (631e3e205ad6d86f2aed6a4a8e69f2db) C:\Windows\system32\DRIVERS\raspptp.sys 10:20:46.0212 3524 PptpMiniport - ok 10:20:46.0218 3524 Processor (85b1e3a0c7585bc4aae6899ec6fcf011) C:\Windows\system32\DRIVERS\processr.sys 10:20:46.0220 3524 Processor - ok 10:20:46.0267 3524 ProfSvc (43ca4ccc22d52fb58e8988f0198851d0) C:\Windows\system32\profsvc.dll 10:20:46.0272 3524 ProfSvc - ok 10:20:46.0309 3524 ProtectedStorage (81951f51e318aecc2d68559e47485cc4) C:\Windows\system32\lsass.exe 10:20:46.0311 3524 ProtectedStorage - ok 10:20:46.0320 3524 Psched (6270ccae2a86de6d146529fe55b3246a) C:\Windows\system32\DRIVERS\pacer.sys 10:20:46.0322 3524 Psched - ok 10:20:46.0360 3524 PSI_SVC_2 (e0d0cb09aa07b22be984e4f7ec0326f5) C:\Program Files\Common Files\Protexis\License Service\PsiService_2.exe 10:20:46.0363 3524 PSI_SVC_2 - ok 10:20:46.0391 3524 PxHelp20 (03e0fe281823ba64b3782f5b38950e73) C:\Windows\system32\Drivers\PxHelp20.sys 10:20:46.0393 3524 PxHelp20 - ok 10:20:46.0446 3524 QBCFMonitorService (5fa5863e603426b0b52762492a032dee) C:\Program Files\Common Files\Intuit\QuickBooks\QBCFMonitorService.exe 10:20:46.0447 3524 QBCFMonitorService - ok 10:20:46.0482 3524 QBFCService (6bee1814470dc12fa20c53dfc3c97ebb) C:\Program Files\Common Files\Intuit\QuickBooks\FCS\Intuit.QuickBooks.FCS.exe 10:20:46.0483 3524 QBFCService - ok 10:20:46.0599 3524 QBVSS (78afb70dbe365bd6140e6740792ac3ea) C:\Program Files\Common Files\Intuit\DataProtect\QBIDPService.exe 10:20:46.0620 3524 QBVSS - ok 10:20:46.0709 3524 ql2300 (ab95ecf1f6659a60ddc166d8315b0751) C:\Windows\system32\DRIVERS\ql2300.sys 10:20:46.0737 3524 ql2300 - ok 10:20:46.0768 3524 ql40xx (b4dd51dd25182244b86737dc51af2270) C:\Windows\system32\DRIVERS\ql40xx.sys 10:20:46.0770 3524 ql40xx - ok 10:20:46.0798 3524 QWAVE (31ac809e7707eb580b2bdb760390765a) C:\Windows\system32\qwave.dll 10:20:46.0803 3524 QWAVE - ok 10:20:46.0814 3524 QWAVEdrv (584078ca1b95ca72df2a27c336f9719d) C:\Windows\system32\drivers\qwavedrv.sys 10:20:46.0815 3524 QWAVEdrv - ok 10:20:46.0820 3524 RasAcd (30a81b53c766d0133bb86d234e5556ab) C:\Windows\system32\DRIVERS\rasacd.sys 10:20:46.0822 3524 RasAcd - ok 10:20:46.0832 3524 RasAgileVpn (57ec4aef73660166074d8f7f31c0d4fd) C:\Windows\system32\DRIVERS\AgileVpn.sys 10:20:46.0834 3524 RasAgileVpn - ok 10:20:46.0840 3524 RasAuto (a60f1839849c0c00739787fd5ec03f13) C:\Windows\System32\rasauto.dll 10:20:46.0843 3524 RasAuto - ok 10:20:46.0853 3524 Rasl2tp (d9f91eafec2815365cbe6d167e4e332a) C:\Windows\system32\DRIVERS\rasl2tp.sys 10:20:46.0855 3524 Rasl2tp - ok 10:20:46.0886 3524 RasMan (cb9e04dc05eacf5b9a36ca276d475006) C:\Windows\System32\rasmans.dll 10:20:46.0890 3524 RasMan - ok 10:20:46.0905 3524 RasPppoe (0fe8b15916307a6ac12bfb6a63e45507) C:\Windows\system32\DRIVERS\raspppoe.sys 10:20:46.0906 3524 RasPppoe - ok 10:20:46.0913 3524 RasSstp (44101f495a83ea6401d886e7fd70096b) C:\Windows\system32\DRIVERS\rassstp.sys 10:20:46.0914 3524 RasSstp - ok 10:20:46.0940 3524 rdbss (d528bc58a489409ba40334ebf96a311b) C:\Windows\system32\DRIVERS\rdbss.sys 10:20:46.0943 3524 rdbss - ok 10:20:46.0956 3524 rdpbus (0d8f05481cb76e70e1da06ee9f0da9df) C:\Windows\system32\DRIVERS\rdpbus.sys 10:20:46.0957 3524 rdpbus - ok 10:20:46.0980 3524 RDPCDD (23dae03f29d253ae74c44f99e515f9a1) C:\Windows\system32\DRIVERS\RDPCDD.sys 10:20:46.0981 3524 RDPCDD - ok 10:20:46.0991 3524 RDPENCDD (5a53ca1598dd4156d44196d200c94b8a) C:\Windows\system32\drivers\rdpencdd.sys 10:20:46.0992 3524 RDPENCDD - ok 10:20:47.0004 3524 RDPREFMP (44b0a53cd4f27d50ed461dae0c0b4e1f) C:\Windows\system32\drivers\rdprefmp.sys 10:20:47.0005 3524 RDPREFMP - ok 10:20:47.0043 3524 RDPWD (244c83332f44589ae98fc347f11b2693) C:\Windows\system32\drivers\RDPWD.sys 10:20:47.0046 3524 RDPWD - ok 10:20:47.0085 3524 rdyboost (518395321dc96fe2c9f0e96ac743b656) C:\Windows\system32\drivers\rdyboost.sys 10:20:47.0088 3524 rdyboost - ok 10:20:47.0109 3524 RemoteAccess (7b5e1419717fac363a31cc302895217a) C:\Windows\System32\mprdim.dll 10:20:47.0117 3524 RemoteAccess - ok 10:20:47.0139 3524 RemoteRegistry (cb9a8683f4ef2bf99e123d79950d7935) C:\Windows\system32\regsvc.dll 10:20:47.0143 3524 RemoteRegistry - ok 10:20:47.0160 3524 RpcEptMapper (78d072f35bc45d9e4e1b61895c152234) C:\Windows\System32\RpcEpMap.dll 10:20:47.0163 3524 RpcEptMapper - ok 10:20:47.0185 3524 RpcLocator (94d36c0e44677dd26981d2bfeef2a29d) C:\Windows\system32\locator.exe 10:20:47.0187 3524 RpcLocator - ok 10:20:47.0217 3524 RpcSs (7660f01d3b38aca1747e397d21d790af) C:\Windows\system32\rpcss.dll 10:20:47.0220 3524 RpcSs - ok 10:20:47.0275 3524 RsFx0151 (66a54bf20084400a7dd5e3b69e008799) C:\Windows\system32\DRIVERS\RsFx0151.sys 10:20:47.0279 3524 RsFx0151 - ok 10:20:47.0301 3524 rspndr (032b0d36ad92b582d869879f5af5b928) C:\Windows\system32\DRIVERS\rspndr.sys 10:20:47.0303 3524 rspndr - ok 10:20:47.0363 3524 RumorServer (a35ab0a7a983ebca85805da63d763382) C:\Program Files\McAfee\Managed VirusScan\Agent\myAgtSvc.exe 10:20:47.0365 3524 RumorServer - ok 10:20:47.0398 3524 SamSs (81951f51e318aecc2d68559e47485cc4) C:\Windows\system32\lsass.exe 10:20:47.0400 3524 SamSs - ok 10:20:47.0451 3524 Samsung UPD Service (bd26a150dc292913e48ee2b950372dfd) C:\Windows\System32\SUPDSvc.exe 10:20:47.0456 3524 Samsung UPD Service - ok 10:20:47.0493 3524 sbp2port (05d860da1040f111503ac416ccef2bca) C:\Windows\system32\drivers\sbp2port.sys 10:20:47.0495 3524 sbp2port - ok 10:20:47.0505 3524 SCardSvr (8fc518ffe9519c2631d37515a68009c4) C:\Windows\System32\SCardSvr.dll 10:20:47.0511 3524 SCardSvr - ok 10:20:47.0549 3524 scfilter (0693b5ec673e34dc147e195779a4dcf6) C:\Windows\system32\DRIVERS\scfilter.sys 10:20:47.0550 3524 scfilter - ok 10:20:47.0607 3524 Schedule (a04bb13f8a72f8b6e8b4071723e4e336) C:\Windows\system32\schedsvc.dll 10:20:47.0626 3524 Schedule - ok 10:20:47.0666 3524 SCPolicySvc (319c6b309773d063541d01df8ac6f55f) C:\Windows\System32\certprop.dll 10:20:47.0667 3524 SCPolicySvc - ok 10:20:47.0692 3524 SDRSVC (08236c4bce5edd0a0318a438af28e0f7) C:\Windows\System32\SDRSVC.dll 10:20:47.0697 3524 SDRSVC - ok 10:20:47.0710 3524 secdrv (90a3935d05b494a5a39d37e71f09a677) C:\Windows\system32\drivers\secdrv.sys 10:20:47.0711 3524 secdrv - ok 10:20:47.0720 3524 seclogon (a59b3a4442c52060cc7a85293aa3546f) C:\Windows\system32\seclogon.dll 10:20:47.0722 3524 seclogon - ok 10:20:47.0823 3524 SecureStorageService (e396fbc469df73692318dc90ad13ce86) C:\Program Files\Wave Systems Corp\Secure Storage Manager\SecureStorageService.exe 10:20:47.0839 3524 SecureStorageService - ok 10:20:47.0862 3524 SENS (dcb7fcdcc97f87360f75d77425b81737) C:\Windows\System32\sens.dll 10:20:47.0865 3524 SENS - ok 10:20:47.0892 3524 SensrSvc (50087fe1ee447009c9cc2997b90de53f) C:\Windows\system32\sensrsvc.dll 10:20:47.0895 3524 SensrSvc - ok 10:20:47.0901 3524 Serenum (9ad8b8b515e3df6acd4212ef465de2d1) C:\Windows\system32\DRIVERS\serenum.sys 10:20:47.0902 3524 Serenum - ok 10:20:47.0914 3524 Serial (5fb7fcea0490d821f26f39cc5ea3d1e2) C:\Windows\system32\DRIVERS\serial.sys 10:20:47.0916 3524 Serial - ok 10:20:47.0940 3524 sermouse (79bffb520327ff916a582dfea17aa813) C:\Windows\system32\DRIVERS\sermouse.sys 10:20:47.0941 3524 sermouse - ok 10:20:47.0968 3524 SessionEnv (4ae380f39a0032eab7dd953030b26d28) C:\Windows\system32\sessenv.dll 10:20:47.0971 3524 SessionEnv - ok 10:20:47.0992 3524 sffdisk (9f976e1eb233df46fce808d9dea3eb9c) C:\Windows\system32\drivers\sffdisk.sys 10:20:47.0993 3524 sffdisk - ok 10:20:48.0003 3524 sffp_mmc (932a68ee27833cfd57c1639d375f2731) C:\Windows\system32\drivers\sffp_mmc.sys 10:20:48.0004 3524 sffp_mmc - ok 10:20:48.0016 3524 sffp_sd (6d4ccaedc018f1cf52866bbbaa235982) C:\Windows\system32\drivers\sffp_sd.sys 10:20:48.0017 3524 sffp_sd - ok 10:20:48.0025 3524 sfloppy (db96666cc8312ebc45032f30b007a547) C:\Windows\system32\DRIVERS\sfloppy.sys 10:20:48.0026 3524 sfloppy - ok 10:20:48.0064 3524 SharedAccess (d1a079a0de2ea524513b6930c24527a2) C:\Windows\System32\ipnathlp.dll 10:20:48.0069 3524 SharedAccess - ok 10:20:48.0113 3524 ShellHWDetection (414da952a35bf5d50192e28263b40577) C:\Windows\System32\shsvcs.dll 10:20:48.0119 3524 ShellHWDetection - ok 10:20:48.0152 3524 sisagp (2565cac0dc9fe0371bdce60832582b2e) C:\Windows\system32\drivers\sisagp.sys 10:20:48.0154 3524 sisagp - ok 10:20:48.0173 3524 SiSRaid2 (a9f0486851becb6dda1d89d381e71055) C:\Windows\system32\DRIVERS\SiSRaid2.sys 10:20:48.0175 3524 SiSRaid2 - ok 10:20:48.0182 3524 SiSRaid4 (3727097b55738e2f554972c3be5bc1aa) C:\Windows\system32\DRIVERS\sisraid4.sys 10:20:48.0184 3524 SiSRaid4 - ok 10:20:48.0190 3524 Smb (3e21c083b8a01cb70ba1f09303010fce) C:\Windows\system32\DRIVERS\smb.sys 10:20:48.0192 3524 Smb - ok 10:20:48.0212 3524 SNMPTRAP (6a984831644eca1a33ffeae4126f4f37) C:\Windows\System32\snmptrap.exe 10:20:48.0214 3524 SNMPTRAP - ok 10:20:48.0218 3524 spldr (95cf1ae7527fb70f7816563cbc09d942) C:\Windows\system32\drivers\spldr.sys 10:20:48.0220 3524 spldr - ok 10:20:48.0258 3524 Spooler (866a43013535dc8587c258e43579c764) C:\Windows\System32\spoolsv.exe 10:20:48.0263 3524 Spooler - ok 10:20:48.0415 3524 sppsvc (cf87a1de791347e75b98885214ced2b8) C:\Windows\system32\sppsvc.exe 10:20:48.0471 3524 sppsvc - ok 10:20:48.0564 3524 sppuinotify (b0180b20b065d89232a78a40fe56eaa6) C:\Windows\system32\sppuinotify.dll 10:20:48.0568 3524 sppuinotify - ok 10:20:48.0662 3524 SQLAgent$ACT7 (230c6aa1091190d2fdb40766cbd3dbbd) C:\Program Files\Microsoft SQL Server\MSSQL10_50.ACT7\MSSQL\Binn\SQLAGENT.EXE 10:20:48.0673 3524 SQLAgent$ACT7 - ok 10:20:48.0711 3524 SQLBrowser (7d67c07c63796775cc5492bcfeaff125) C:\Program Files\Microsoft SQL Server\90\Shared\sqlbrowser.exe 10:20:48.0715 3524 SQLBrowser - ok 10:20:48.0746 3524 SQLWriter (8e6e5cfa06769a417b03fd6faa29e010) C:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe 10:20:48.0749 3524 SQLWriter - ok 10:20:48.0800 3524 srv (e4c2764065d66ea1d2d3ebc28fe99c46) C:\Windows\system32\DRIVERS\srv.sys 10:20:48.0805 3524 srv - ok 10:20:48.0832 3524 srv2 (03f0545bd8d4c77fa0ae1ceedfcc71ab) C:\Windows\system32\DRIVERS\srv2.sys 10:20:48.0838 3524 srv2 - ok 10:20:48.0853 3524 srvnet (be6bd660caa6f291ae06a718a4fa8abc) C:\Windows\system32\DRIVERS\srvnet.sys 10:20:48.0855 3524 srvnet - ok 10:20:48.0874 3524 SSDPSRV (d887c9fd02ac9fa880f6e5027a43e118) C:\Windows\System32\ssdpsrv.dll 10:20:48.0879 3524 SSDPSRV - ok 10:20:48.0892 3524 SstpSvc (d318f23be45d5e3a107469eb64815b50) C:\Windows\system32\sstpsvc.dll 10:20:48.0896 3524 SstpSvc - ok 10:20:48.0909 3524 stexstor (db32d325c192b801df274bfd12a7e72b) C:\Windows\system32\DRIVERS\stexstor.sys 10:20:48.0910 3524 stexstor - ok 10:20:48.0934 3524 StillCam (edb05bd63148796f23ea78506404a538) C:\Windows\system32\DRIVERS\serscan.sys 10:20:48.0935 3524 StillCam - ok 10:20:48.0980 3524 StiSvc (e1fb3706030fb4578a0d72c2fc3689e4) C:\Windows\System32\wiaservc.dll 10:20:48.0998 3524 StiSvc - ok 10:20:49.0052 3524 stllssvr (e476c66713c842f58e61a95826ed1d57) C:\Program Files\Common Files\SureThing Shared\stllssvr.exe 10:20:49.0053 3524 stllssvr - ok 10:20:49.0087 3524 swenum (e58c78a848add9610a4db6d214af5224) C:\Windows\system32\drivers\swenum.sys 10:20:49.0088 3524 swenum - ok 10:20:49.0115 3524 swprv (a28bd92df340e57b024ba433165d34d7) C:\Windows\System32\swprv.dll 10:20:49.0119 3524 swprv - ok 10:20:49.0202 3524 SysMain (36650d618ca34c9d357dfd3d89b2c56f) C:\Windows\system32\sysmain.dll 10:20:49.0226 3524 SysMain - ok 10:20:49.0254 3524 TabletInputService (763fecdc3d30c815fe72dd57936c6cd1) C:\Windows\System32\TabSvc.dll 10:20:49.0258 3524 TabletInputService - ok 10:20:49.0296 3524 TapiSrv (613bf4820361543956909043a265c6ac) C:\Windows\System32\tapisrv.dll 10:20:49.0302 3524 TapiSrv - ok 10:20:49.0334 3524 TBS (b799d9fdb26111737f58288d8dc172d9) C:\Windows\System32\tbssvc.dll 10:20:49.0338 3524 TBS - ok 10:20:49.0425 3524 Tcpip (65d10b191c59c5501a1263fc33f6894b) C:\Windows\system32\drivers\tcpip.sys 10:20:49.0458 3524 Tcpip - ok 10:20:49.0478 3524 TCPIP6 (65d10b191c59c5501a1263fc33f6894b) C:\Windows\system32\DRIVERS\tcpip.sys 10:20:49.0485 3524 TCPIP6 - ok 10:20:49.0506 3524 tcpipreg (cca24162e055c3714ce5a88b100c64ed) C:\Windows\system32\drivers\tcpipreg.sys 10:20:49.0507 3524 tcpipreg - ok 10:20:49.0583 3524 tcsd_win32.exe (69f1a38a6dbfe682491cb61a596662e3) C:\Program Files\NTRU Cryptosystems\NTRU TCG Software Stack\bin\tcsd_win32.exe 10:20:49.0605 3524 tcsd_win32.exe - ok 10:20:49.0712 3524 TdmService (a405d39f4dd131954c39114fba31a5e0) C:\Program Files\Wave Systems Corp\Trusted Drive Manager\TdmService.exe 10:20:49.0736 3524 TdmService - ok 10:20:49.0831 3524 TDPIPE (1cb91b2bd8f6dd367dfc2ef26fd751b2) C:\Windows\system32\drivers\tdpipe.sys 10:20:49.0832 3524 TDPIPE - ok 10:20:49.0865 3524 TDTCP (2c2c5afe7ee4f620d69c23c0617651a8) C:\Windows\system32\drivers\tdtcp.sys 10:20:49.0866 3524 TDTCP - ok 10:20:49.0894 3524 tdx (b459575348c20e8121d6039da063c704) C:\Windows\system32\DRIVERS\tdx.sys 10:20:49.0896 3524 tdx - ok 10:20:49.0915 3524 TermDD (04dbf4b01ea4bf25a9a3e84affac9b20) C:\Windows\system32\drivers\termdd.sys 10:20:49.0917 3524 TermDD - ok 10:20:49.0969 3524 TermService (382c804c92811be57829d8e550a900e2) C:\Windows\System32\termsrv.dll 10:20:49.0986 3524 TermService - ok 10:20:50.0003 3524 Themes (42fb6afd6b79d9fe07381609172e7ca4) C:\Windows\system32\themeservice.dll 10:20:50.0007 3524 Themes - ok 10:20:50.0029 3524 THREADORDER (146b6f43a673379a3c670e86d89be5ea) C:\Windows\system32\mmcss.dll 10:20:50.0031 3524 THREADORDER - ok 10:20:50.0059 3524 TrkWks (4792c0378db99a9bc2ae2de6cfff0c3a) C:\Windows\System32\trkwks.dll 10:20:50.0062 3524 TrkWks - ok 10:20:50.0112 3524 TrustedInstaller (2c49b175aee1d4364b91b531417fe583) C:\Windows\servicing\TrustedInstaller.exe 10:20:50.0115 3524 TrustedInstaller - ok 10:20:50.0135 3524 tssecsrv (254bb140eee3c59d6114c1a86b636877) C:\Windows\system32\DRIVERS\tssecsrv.sys 10:20:50.0137 3524 tssecsrv - ok 10:20:50.0173 3524 TsUsbFlt (fd1d6c73e6333be727cbcc6054247654) C:\Windows\system32\drivers\tsusbflt.sys 10:20:50.0175 3524 TsUsbFlt - ok 10:20:50.0212 3524 tunnel (b2fa25d9b17a68bb93d58b0556e8c90d) C:\Windows\system32\DRIVERS\tunnel.sys 10:20:50.0214 3524 tunnel - ok 10:20:50.0242 3524 uagp35 (750fbcb269f4d7dd2e420c56b795db6d) C:\Windows\system32\DRIVERS\uagp35.sys 10:20:50.0244 3524 uagp35 - ok 10:20:50.0274 3524 udfs (ee43346c7e4b5e63e54f927babbb32ff) C:\Windows\system32\DRIVERS\udfs.sys 10:20:50.0278 3524 udfs - ok 10:20:50.0301 3524 UI0Detect (8344fd4fce927880aa1aa7681d4927e5) C:\Windows\system32\UI0Detect.exe 10:20:50.0304 3524 UI0Detect - ok 10:20:50.0348 3524 uliagpkx (44e8048ace47befbfdc2e9be4cbc8880) C:\Windows\system32\drivers\uliagpkx.sys 10:20:50.0350 3524 uliagpkx - ok 10:20:50.0391 3524 umbus (d295bed4b898f0fd999fcfa9b32b071b) C:\Windows\system32\DRIVERS\umbus.sys 10:20:50.0393 3524 umbus - ok 10:20:50.0398 3524 UmPass (7550ad0c6998ba1cb4843e920ee0feac) C:\Windows\system32\DRIVERS\umpass.sys 10:20:50.0399 3524 UmPass - ok 10:20:50.0424 3524 upnphost (833fbb672460efce8011d262175fad33) C:\Windows\System32\upnphost.dll 10:20:50.0428 3524 upnphost - ok 10:20:50.0449 3524 usbccgp (bd9c55d7023c5de374507acc7a14e2ac) C:\Windows\system32\drivers\usbccgp.sys 10:20:50.0450 3524 usbccgp - ok 10:20:50.0484 3524 usbcir (04ec7cec62ec3b6d9354eee93327fc82) C:\Windows\system32\drivers\usbcir.sys 10:20:50.0487 3524 usbcir - ok 10:20:50.0504 3524 usbehci (f92de757e4b7ce9c07c5e65423f3ae3b) C:\Windows\system32\DRIVERS\usbehci.sys 10:20:50.0506 3524 usbehci - ok 10:20:50.0539 3524 usbhub (8dc94aec6a7e644a06135ae7506dc2e9) C:\Windows\system32\DRIVERS\usbhub.sys 10:20:50.0543 3524 usbhub - ok 10:20:50.0552 3524 usbohci (e185d44fac515a18d9deddc23c2cdf44) C:\Windows\system32\drivers\usbohci.sys 10:20:50.0554 3524 usbohci - ok 10:20:50.0566 3524 usbprint (797d862fe0875e75c7cc4c1ad7b30252) C:\Windows\system32\DRIVERS\usbprint.sys 10:20:50.0567 3524 usbprint - ok 10:20:50.0605 3524 usbscan (576096ccbc07e7c4ea4f5e6686d6888f) C:\Windows\system32\DRIVERS\usbscan.sys 10:20:50.0606 3524 usbscan - ok 10:20:50.0621 3524 USBSTOR (f991ab9cc6b908db552166768176896a) C:\Windows\system32\DRIVERS\USBSTOR.SYS 10:20:50.0623 3524 USBSTOR - ok 10:20:50.0637 3524 usbuhci (68df884cf41cdada664beb01daf67e3d) C:\Windows\system32\DRIVERS\usbuhci.sys 10:20:50.0638 3524 usbuhci - ok 10:20:50.0651 3524 UxSms (081e6e1c91aec36758902a9f727cd23c) C:\Windows\System32\uxsms.dll 10:20:50.0654 3524 UxSms - ok 10:20:50.0687 3524 VaultSvc (81951f51e318aecc2d68559e47485cc4) C:\Windows\system32\lsass.exe 10:20:50.0689 3524 VaultSvc - ok 10:20:50.0702 3524 vdrvroot (a059c4c3edb09e07d21a8e5c0aabd3cb) C:\Windows\system32\drivers\vdrvroot.sys 10:20:50.0703 3524 vdrvroot - ok 10:20:50.0754 3524 vds (c3cd30495687c2a2f66a65ca6fd89be9) C:\Windows\System32\vds.exe 10:20:50.0785 3524 vds - ok 10:20:50.0798 3524 vga (17c408214ea61696cec9c66e388b14f3) C:\Windows\system32\DRIVERS\vgapnp.sys 10:20:50.0800 3524 vga - ok 10:20:50.0815 3524 VgaSave (8e38096ad5c8570a6f1570a61e251561) C:\Windows\System32\drivers\vga.sys 10:20:50.0817 3524 VgaSave - ok 10:20:50.0843 3524 vhdmp (5461686cca2fda57b024547733ab42e3) C:\Windows\system32\drivers\vhdmp.sys 10:20:50.0846 3524 vhdmp - ok 10:20:50.0859 3524 viaagp (c829317a37b4bea8f39735d4b076e923) C:\Windows\system32\drivers\viaagp.sys 10:20:50.0861 3524 viaagp - ok 10:20:50.0871 3524 ViaC7 (e02f079a6aa107f06b16549c6e5c7b74) C:\Windows\system32\DRIVERS\viac7.sys 10:20:50.0872 3524 ViaC7 - ok 10:20:50.0889 3524 viaide (e43574f6a56a0ee11809b48c09e4fd3c) C:\Windows\system32\drivers\viaide.sys 10:20:50.0890 3524 viaide - ok 10:20:50.0902 3524 volmgr (4c63e00f2f4b5f86ab48a58cd990f212) C:\Windows\system32\drivers\volmgr.sys 10:20:50.0904 3524 volmgr - ok 10:20:50.0924 3524 volmgrx (b5bb72067ddddbbfb04b2f89ff8c3c87) C:\Windows\system32\drivers\volmgrx.sys 10:20:50.0927 3524 volmgrx - ok 10:20:50.0952 3524 volsnap (f497f67932c6fa693d7de2780631cfe7) C:\Windows\system32\drivers\volsnap.sys 10:20:50.0956 3524 volsnap - ok 10:20:50.0988 3524 vsmraid (9dfa0cc2f8855a04816729651175b631) C:\Windows\system32\DRIVERS\vsmraid.sys 10:20:50.0990 3524 vsmraid - ok 10:20:51.0063 3524 VSS (209a3b1901b83aeb8527ed211cce9e4c) C:\Windows\system32\vssvc.exe 10:20:51.0072 3524 VSS - ok 10:20:51.0084 3524 vwifibus (90567b1e658001e79d7c8bbd3dde5aa6) C:\Windows\System32\drivers\vwifibus.sys 10:20:51.0085 3524 vwifibus - ok 10:20:51.0110 3524 W32Time (55187fd710e27d5095d10a472c8baf1c) C:\Windows\system32\w32time.dll 10:20:51.0114 3524 W32Time - ok 10:20:51.0120 3524 WacomPen (de3721e89c653aa281428c8a69745d90) C:\Windows\system32\DRIVERS\wacompen.sys 10:20:51.0121 3524 WacomPen - ok 10:20:51.0148 3524 WANARP (3c3c78515f5ab448b022bdf5b8ffdd2e) C:\Windows\system32\DRIVERS\wanarp.sys 10:20:51.0150 3524 WANARP - ok 10:20:51.0152 3524 Wanarpv6 (3c3c78515f5ab448b022bdf5b8ffdd2e) C:\Windows\system32\DRIVERS\wanarp.sys 10:20:51.0153 3524 Wanarpv6 - ok 10:20:51.0195 3524 wanatw (0a716c08cb13c3a8f4f51e882dbf7416) C:\Windows\system32\DRIVERS\wanatw4.sys 10:20:51.0196 3524 wanatw - ok 10:20:51.0283 3524 WatAdminSvc (353a04c273ec58475d8633e75ccd5604) C:\Windows\system32\Wat\WatAdminSvc.exe 10:20:51.0312 3524 WatAdminSvc - ok 10:20:51.0372 3524 WavxDMgr (fbf43b275efc98799e76d57e5437edee) C:\Windows\system32\DRIVERS\WavxDMgr.sys 10:20:51.0375 3524 WavxDMgr - ok 10:20:51.0444 3524 wbengine (691e3285e53dca558e1a84667f13e15a) C:\Windows\system32\wbengine.exe 10:20:51.0474 3524 wbengine - ok 10:20:51.0485 3524 WbioSrvc (9614b5d29dc76ac3c29f6d2d3aa70e67) C:\Windows\System32\wbiosrvc.dll 10:20:51.0489 3524 WbioSrvc - ok 10:20:51.0521 3524 wcncsvc (34eee0dfaadb4f691d6d5308a51315dc) C:\Windows\System32\wcncsvc.dll 10:20:51.0526 3524 wcncsvc - ok 10:20:51.0538 3524 WcsPlugInService (5d930b6357a6d2af4d7653bdabbf352f) C:\Windows\System32\WcsPlugInService.dll 10:20:51.0540 3524 WcsPlugInService - ok 10:20:51.0547 3524 Wd (1112a9badacb47b7c0bb0392e3158dff) C:\Windows\system32\DRIVERS\wd.sys 10:20:51.0548 3524 Wd - ok 10:20:51.0580 3524 WDC_SAM (d6efaf429fd30c5df613d220e344cce7) C:\Windows\system32\DRIVERS\wdcsam.sys 10:20:51.0581 3524 WDC_SAM - ok 10:20:51.0688 3524 WDDMService (0220362deb2a21551b418d61f3153347) C:\Program Files\Western Digital\WD SmartWare\WD Drive Manager\WDDMService.exe 10:20:51.0690 3524 WDDMService - ok 10:20:51.0719 3524 Wdf01000 (9950e3d0f08141c7e89e64456ae7dc73) C:\Windows\system32\drivers\Wdf01000.sys 10:20:51.0737 3524 Wdf01000 - ok 10:20:51.0744 3524 WdiServiceHost (46ef9dc96265fd0b423db72e7c38c2a5) C:\Windows\system32\wdi.dll 10:20:51.0748 3524 WdiServiceHost - ok 10:20:51.0751 3524 WdiSystemHost (46ef9dc96265fd0b423db72e7c38c2a5) C:\Windows\system32\wdi.dll 10:20:51.0754 3524 WdiSystemHost - ok 10:20:51.0772 3524 WDSmartWareBackgroundService (138ab06adbbf300aa804d7974a5aec82) C:\Program Files\Western Digital\WD SmartWare\Front Parlor\WDSmartWareBackgroundService.exe 10:20:51.0773 3524 WDSmartWareBackgroundService - ok 10:20:51.0813 3524 WebClient (a9d880f97530d5b8fee278923349929d) C:\Windows\System32\webclnt.dll 10:20:51.0817 3524 WebClient - ok 10:20:51.0828 3524 Wecsvc (760f0afe937a77cff27153206534f275) C:\Windows\system32\wecsvc.dll 10:20:51.0834 3524 Wecsvc - ok 10:20:51.0843 3524 wercplsupport (ac804569bb2364fb6017370258a4091b) C:\Windows\System32\wercplsupport.dll 10:20:51.0847 3524 wercplsupport - ok 10:20:51.0869 3524 WerSvc (08e420d873e4fd85241ee2421b02c4a4) C:\Windows\System32\WerSvc.dll 10:20:51.0871 3524 WerSvc - ok 10:20:51.0888 3524 WfpLwf (8b9a943f3b53861f2bfaf6c186168f79) C:\Windows\system32\DRIVERS\wfplwf.sys 10:20:51.0889 3524 WfpLwf - ok 10:20:51.0893 3524 WIMMount (5cf95b35e59e2a38023836fff31be64c) C:\Windows\system32\drivers\wimmount.sys 10:20:51.0894 3524 WIMMount - ok 10:20:51.0961 3524 WinDefend (3fae8f94296001c32eab62cd7d82e0fd) C:\Program Files\Windows Defender\mpsvc.dll 10:20:51.0973 3524 WinDefend - ok 10:20:51.0981 3524 WinHttpAutoProxySvc - ok 10:20:52.0025 3524 Winmgmt (f62e510b6ad4c21eb9fe8668ed251826) C:\Windows\system32\wbem\WMIsvc.dll 10:20:52.0028 3524 Winmgmt - ok 10:20:52.0091 3524 WinRM (1b91cd34ea3a90ab6a4ef0550174f4cc) C:\Windows\system32\WsmSvc.dll 10:20:52.0113 3524 WinRM - ok 10:20:52.0170 3524 WinUsb (a67e5f9a400f3bd1be3d80613b45f708) C:\Windows\system32\DRIVERS\WinUsb.sys 10:20:52.0172 3524 WinUsb - ok 10:20:52.0208 3524 Wlansvc (16935c98ff639d185086a3529b1f2067) C:\Windows\System32\wlansvc.dll 10:20:52.0221 3524 Wlansvc - ok 10:20:52.0327 3524 wlidsvc (fb01d4ae207b9efdbabfc55dc95c7e31) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE 10:20:52.0357 3524 wlidsvc - ok 10:20:52.0456 3524 WmiAcpi (0217679b8fca58714c3bf2726d2ca84e) C:\Windows\system32\drivers\wmiacpi.sys 10:20:52.0458 3524 WmiAcpi - ok 10:20:52.0477 3524 wmiApSrv (6eb6b66517b048d87dc1856ddf1f4c3f) C:\Windows\system32\wbem\WmiApSrv.exe 10:20:52.0480 3524 wmiApSrv - ok 10:20:52.0548 3524 WMPNetworkSvc (3b40d3a61aa8c21b88ae57c58ab3122e) C:\Program Files\Windows Media Player\wmpnetwk.exe 10:20:52.0572 3524 WMPNetworkSvc - ok 10:20:52.0585 3524 WPCSvc (a2f0ec770a92f2b3f9de6d518e11409c) C:\Windows\System32\wpcsvc.dll 10:20:52.0589 3524 WPCSvc - ok 10:20:52.0626 3524 WPDBusEnum (aa53356d60af47eacc85bc617a4f3f66) C:\Windows\system32\wpdbusenum.dll 10:20:52.0630 3524 WPDBusEnum - ok 10:20:52.0646 3524 ws2ifsl (6db3276587b853bf886b69528fdb048c) C:\Windows\system32\drivers\ws2ifsl.sys 10:20:52.0648 3524 ws2ifsl - ok 10:20:52.0669 3524 wscsvc (6f5d49efe0e7164e03ae773a3fe25340) C:\Windows\System32\wscsvc.dll 10:20:52.0672 3524 wscsvc - ok 10:20:52.0699 3524 WSDPrintDevice (553f6ccd7c58eb98d4a8fbdaf283d7a9) C:\Windows\system32\DRIVERS\WSDPrint.sys 10:20:52.0700 3524 WSDPrintDevice - ok 10:20:52.0705 3524 WSearch - ok 10:20:52.0811 3524 wuauserv (3026418a50c5b4761befa632cedb7406) C:\Windows\system32\wuaueng.dll 10:20:52.0837 3524 wuauserv - ok 10:20:52.0899 3524 WudfPf (e714a1c0354636837e20ccbf00888ee7) C:\Windows\system32\drivers\WudfPf.sys 10:20:52.0901 3524 WudfPf - ok 10:20:52.0920 3524 WUDFRd (1023ee888c9b47178c5293ed5336ab69) C:\Windows\system32\DRIVERS\WUDFRd.sys 10:20:52.0923 3524 WUDFRd - ok 10:20:52.0961 3524 wudfsvc (8d1e1e529a2c9e9b6a85b55a345f7629) C:\Windows\System32\WUDFSvc.dll 10:20:52.0966 3524 wudfsvc - ok 10:20:52.0978 3524 WwanSvc (ff2d745b560f7c71b31f30f4d49f73d2) C:\Windows\System32\wwansvc.dll 10:20:52.0984 3524 WwanSvc - ok 10:20:53.0001 3524 MBR (0x1B8) (a36c5e4f47e84449ff07ed3517b43a31) \Device\Harddisk0\DR0 10:20:53.0335 3524 \Device\Harddisk0\DR0 - ok 10:20:53.0339 3524 Boot (0x1200) (60b12887b981a22c5898c0ce872f5d17) \Device\Harddisk0\DR0\Partition0 10:20:53.0341 3524 \Device\Harddisk0\DR0\Partition0 - ok 10:20:53.0345 3524 Boot (0x1200) (1bd9ced036345fd90663c391acf3360e) \Device\Harddisk0\DR0\Partition1 10:20:53.0348 3524 \Device\Harddisk0\DR0\Partition1 - ok 10:20:53.0348 3524 ============================================================ 10:20:53.0348 3524 Scan finished 10:20:53.0348 3524 ============================================================ 10:20:53.0358 6024 Detected object count: 0 10:20:53.0358 6024 Actual detected object count: 0 Combofix logfile: ComboFix 12-05-24.02 - Clay 05/24/2012 10:58:47.1.2 - x86 Microsoft Windows 7 Home Premium 6.1.7601.1.1252.1.1033.18.3070.1961 [GMT -7:00] Running from: c:\users\Clay\Desktop\ComboFix.exe AV: McAfee® Security-as-a-Service *Disabled/Updated* {86355677-4064-3EA7-ABB3-1B136EB04637} FW: McAfee® Security-as-a-Service *Disabled* {BE0ED752-0A0B-3FFF-80EC-B2269063014C} SP: McAfee® Security-as-a-Service *Disabled/Updated* {3D54B793-665E-3129-9103-206115370C8A} SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46} . . ((((((((((((((((((((((((((((((((((((((( Other Deletions ))))))))))))))))))))))))))))))))))))))))))))))))) . . c:\programdata\0A59368881.sys c:\users\Clay\GoToAssistDownloadHelper.exe c:\windows\system32\test . . ((((((((((((((((((((((((( Files Created from 2012-04-24 to 2012-05-24 ))))))))))))))))))))))))))))))) . . 2012-05-24 18:03 . 2012-05-24 18:03 -------- d-----w- c:\users\Default\AppData\Local\temp 2012-05-23 22:48 . 2012-05-23 22:48 -------- d-----w- c:\users\Clay\AppData\Roaming\Malwarebytes 2012-05-23 22:48 . 2012-05-23 22:48 -------- d-----w- c:\programdata\Malwarebytes 2012-05-23 22:48 . 2012-05-23 22:48 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware 2012-05-23 22:48 . 2012-04-04 22:56 22344 ----a-w- c:\windows\system32\drivers\mbam.sys 2012-05-23 18:34 . 2012-05-23 18:34 -------- d-----w- C:\bfc6bc274857426c40a36783f22fc120 2012-05-09 03:01 . 2012-03-17 07:27 56176 ----a-w- c:\windows\system32\drivers\partmgr.sys 2012-05-09 03:01 . 2012-03-03 05:31 1077248 ----a-w- c:\windows\system32\DWrite.dll 2012-04-27 22:43 . 2009-04-16 21:08 312832 ----a-w- c:\windows\system32\Spool\prtprocs\w32x86\hpfpp70v.dll 2012-04-27 22:40 . 2012-04-27 22:40 -------- d-----w- c:\program files\Common Files\HP 2012-04-27 22:40 . 2012-04-27 22:40 -------- d-----w- c:\program files\Common Files\Hewlett-Packard 2012-04-27 22:39 . 2009-04-16 21:08 123904 ----a-w- c:\windows\system32\hpf3l70v.dll 2012-04-27 22:34 . 2012-04-27 22:39 -------- d-----w- c:\program files\HP 2012-04-27 22:34 . 2012-04-27 22:34 -------- d-----w- c:\programdata\HP 2012-04-27 22:34 . 2009-04-16 11:53 452408 ----a-w- c:\windows\system32\hpzids01.dll 2012-04-27 22:34 . 2009-02-11 11:03 966656 ----a-w- c:\windows\system32\hpost_p02c.dll 2012-04-27 22:34 . 2009-02-11 11:03 712704 ----a-w- c:\windows\system32\hposwia_p02c.dll 2012-04-27 22:34 . 2009-02-11 11:03 315392 ----a-w- c:\windows\system32\hposc_p02a.dll 2012-04-27 22:34 . 2008-10-29 00:27 372736 ----a-w- c:\windows\system32\hppldcoi.dll 2012-04-26 18:20 . 2012-04-26 18:20 -------- d-----w- c:\program files\Mozilla Maintenance Service 2012-04-26 18:20 . 2012-04-26 18:20 157352 ----a-w- c:\program files\Mozilla Firefox\maintenanceservice_installer.exe 2012-04-26 18:20 . 2012-04-26 18:20 129976 ----a-w- c:\program files\Mozilla Firefox\maintenanceservice.exe . . . (((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2012-05-23 22:17 . 2011-09-23 21:53 848 --sha-w- c:\programdata\KGyGaAvL.sys 2012-05-23 22:16 . 2011-09-22 23:55 0 ----a-w- c:\users\Clay\AppData\Local\WavXMapDrive.bat 2012-05-21 17:44 . 2012-04-12 20:17 419488 ----a-w- c:\windows\system32\FlashPlayerApp.exe 2012-05-21 17:44 . 2011-09-22 21:39 70304 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl 2012-04-12 20:25 . 2011-09-22 21:39 472808 ----a-w- c:\windows\system32\deployJava1.dll 2012-03-06 05:59 . 2012-04-12 16:58 3968368 ----a-w- c:\windows\system32\ntkrnlpa.exe 2012-03-06 05:59 . 2012-04-12 16:58 3913072 ----a-w- c:\windows\system32\ntoskrnl.exe 2012-03-01 05:46 . 2012-04-12 17:00 19824 ----a-w- c:\windows\system32\drivers\fs_rec.sys 2012-03-01 05:37 . 2012-04-12 17:00 172544 ----a-w- c:\windows\system32\wintrust.dll 2012-03-01 05:33 . 2012-04-12 17:00 159232 ----a-w- c:\windows\system32\imagehlp.dll 2012-03-01 05:29 . 2012-04-12 17:00 5120 ----a-w- c:\windows\system32\wmi.dll 2012-02-28 01:18 . 2012-04-12 17:06 1799168 ----a-w- c:\windows\system32\jscript9.dll 2012-02-28 01:11 . 2012-04-12 17:06 1427456 ----a-w- c:\windows\system32\inetcpl.cpl 2012-02-28 01:11 . 2012-04-12 17:06 1127424 ----a-w- c:\windows\system32\wininet.dll 2012-02-28 01:03 . 2012-04-12 17:06 2382848 ----a-w- c:\windows\system32\mshtml.tlb 2012-04-26 18:20 . 2011-09-23 17:33 97208 ----a-w- c:\program files\mozilla firefox\components\browsercomps.dll . . ((((((((((((((((((((((((((((((((((((( Reg Loading Points )))))))))))))))))))))))))))))))))))))))))))))))))) . . *Note* empty entries & legit default entries are not shown REGEDIT4 . [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt1] @="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}" [HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}] 2011-12-05 19:17 94208 ----a-w- c:\users\Clay\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll . [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt2] @="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}" [HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}] 2011-12-05 19:17 94208 ----a-w- c:\users\Clay\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll . [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt3] @="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}" [HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}] 2011-12-05 19:17 94208 ----a-w- c:\users\Clay\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll . [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\EnabledUnlockedFDEIconOverlay] @="{30D3C2AF-9709-4D05-9CF4-13335F3C1E4A}" [HKEY_CLASSES_ROOT\CLSID\{30D3C2AF-9709-4D05-9CF4-13335F3C1E4A}] 2010-03-29 17:45 62832 ----a-w- c:\program files\Wave Systems Corp\Trusted Drive Manager\TdmIconOverlay.dll . [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\UninitializedFdeIconOverlay] @="{CF08DA3E-C97D-4891-A66B-E39B28DD270F}" [HKEY_CLASSES_ROOT\CLSID\{CF08DA3E-C97D-4891-A66B-E39B28DD270F}] 2010-03-29 17:45 62832 ----a-w- c:\program files\Wave Systems Corp\Trusted Drive Manager\TdmIconOverlay.dll . [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "RtHDVCpl"="c:\program files\Realtek\Audio\HDA\RtDCpl.exe" [2009-08-26 2691072] "StartCCC"="c:\program files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2009-11-18 98304] "WavXMgr"="c:\program files\Wave Systems Corp\Services Manager\Docmgr\bin\WavXDocMgr.exe" [2010-07-21 147840] "USCService"="c:\program files\Dell\Dell ControlPoint\Security Manager\BcmDeviceAndTaskStatusService.exe" [2010-06-22 34232] "MVS Splash"="c:\program files\McAfee\Managed VirusScan\DesktopUI\XTray.exe" [2011-08-25 476480] "Adobe Acrobat Speed Launcher"="c:\program files\Adobe\Acrobat 9.0\Acrobat\Acrobat_sl.exe" [2012-01-04 40376] "Acrobat Assistant 8.0"="c:\program files\Adobe\Acrobat 9.0\Acrobat\Acrotray.exe" [2012-01-03 640440] "DBRMTray"="c:\dell\DBRM\Reminder\DbrmTrayIcon.exe" [2011-03-08 227328] "Act.Outlook.Service"="c:\program files\ACT\Act for Windows\Act.Outlook.Service.exe" [2010-08-19 28672] "Act! Preloader"="c:\program files\ACT\Act for Windows\ActSage.exe" [2010-08-19 337224] "Intuit SyncManager"="c:\program files\Common Files\Intuit\Sync\IntuitSyncManager.exe" [2011-09-30 2215768] "Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2012-01-03 843712] "PC Meter Connect"="c:\program files\Pitney Bowes\PC Meter Connect\mailstationAssistant.exe" [2010-10-20 3514368] "HostManager"="c:\program files\Common Files\AOL\1326483668\ee\AOLSoftware.exe" [2010-03-08 41800] "SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2012-01-18 254696] "Malwarebytes' Anti-Malware"="c:\program files\Malwarebytes' Anti-Malware\mbamgui.exe" [2012-04-04 462408] . [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce] "Malwarebytes Anti-Malware"="c:\program files\Malwarebytes' Anti-Malware\mbamgui.exe" [2012-04-04 462408] . c:\users\Clay\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\ Dropbox.lnk - c:\users\Clay\AppData\Roaming\Dropbox\bin\Dropbox.exe [2012-2-14 24246216] . c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\ Intuit Data Protect.lnk - c:\program files\Common Files\Intuit\DataProtect\IntuitDataProtect.exe [2012-3-9 5969752] QuickBooks Update Agent.lnk - c:\program files\Common Files\Intuit\QuickBooks\QBUpdate\qbupdate.exe [2012-4-9 1156968] QuickBooks_Standard_21.lnk - c:\program files\Intuit\QuickBooks 2011\QBW32.EXE [2012-4-9 1178984] Sage ACT! Outlook Sync.lnk - c:\program files\ACT\Act for Windows\Act.Outlook.Sync.exe [2010-8-18 91136] TdmNotify.lnk - c:\program files\Wave Systems Corp\Trusted Drive Manager\TdmNotify.exe [2010-3-29 132456] Vista Fax Daemon.lnk - c:\program files\Common Files\ImageMAKER\Vstdaemon.exe [2011-9-26 90880] WDDMStatus.lnk - c:\program files\Western Digital\WD SmartWare\WD Drive Manager\WDDMStatus.exe [2010-1-21 2057536] WDSmartWare.lnk - c:\program files\Western Digital\WD SmartWare\Front Parlor\WDSmartWare.exe [2010-1-21 9136960] . [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system] "ConsentPromptBehaviorAdmin"= 5 (0x5) "ConsentPromptBehaviorUser"= 3 (0x3) "EnableUIADesktopToggle"= 0 (0x0) . [HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa] Security Packages REG_MULTI_SZ kerberos msv1_0 schannel wdigest tspkg pku2u livessp Authentication Packages REG_MULTI_SZ msv1_0 wvauth . [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\McAfeeAntiSpyware] "DisableMonitoring"=dword:00000001 . [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\McAfeeAntiVirus] "DisableMonitoring"=dword:00000001 . R2 ACT! Scheduler;ACT! Scheduler;c:\program files\ACT\Act for Windows\Act.Scheduler.exe [2010-08-19 81920] R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384] R3 DM150Drv;DM150Drv;c:\windows\system32\DRIVERS\DM150Drv.sys [2010-07-30 20600] R3 MFE_RR;MFE_RR;c:\users\Clay\AppData\Local\Temp\mfe_rr.sys [x] R3 mferkdet;McAfee Inc. mferkdet;c:\windows\system32\drivers\mferkdet.sys [2011-07-19 87808] R3 MozillaMaintenance;Mozilla Maintenance Service;c:\program files\Mozilla Maintenance Service\maintenanceservice.exe [2012-04-26 129976] R3 Samsung UPD Service;Samsung UPD Service;c:\windows\System32\SUPDSvc.exe [2010-08-09 131888] R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [2010-11-20 52224] R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe [2011-09-23 1343400] R3 WDC_SAM;WD SCSI Pass Thru driver;c:\windows\system32\DRIVERS\wdcsam.sys [2008-05-06 11520] R4 MSSQLServerADHelper100;SQL Active Directory Helper Service;c:\program files\Microsoft SQL Server\100\Shared\SQLADHLP.EXE [2010-05-06 44896] R4 RsFx0151;RsFx0151 Driver;c:\windows\system32\DRIVERS\RsFx0151.sys [2011-06-18 240736] R4 SQLAgent$ACT7;SQL Server Agent (ACT7);c:\program files\Microsoft SQL Server\MSSQL10_50.ACT7\MSSQL\Binn\SQLAGENT.EXE [2011-06-18 370016] S0 mfewfpk;McAfee Inc. mfewfpk;c:\windows\system32\drivers\mfewfpk.sys [2011-07-19 164776] S1 mfenlfk;McAfee NDIS Light Filter;c:\windows\system32\DRIVERS\mfenlfk.sys [2011-07-19 64712] S2 AMD External Events Utility;AMD External Events Utility;c:\windows\system32\atiesrxx.exe [2009-12-09 172032] S2 BrcmMgmtAgent;Broadcom Management Agent;c:\program files\Broadcom\MgmtAgent\BrcmMgmtAgent.exe [2010-06-29 127488] S2 MBAMService;MBAMService;c:\program files\Malwarebytes' Anti-Malware\mbamservice.exe [2012-04-04 654408] S2 McAfee SiteAdvisor Enterprise Service;McAfee SiteAdvisor Enterprise Service;c:\program files\McAfee\SiteAdvisor Enterprise\McSACore.exe [2011-05-12 324928] S2 mfefire;McAfee Firewall Core Service;c:\program files\Common Files\McAfee\SystemCore\\mfefire.exe [2011-08-03 160344] S2 mfevtp;McAfee Validation Trust Protection Service;c:\windows\system32\mfevtps.exe [2011-07-19 148520] S2 MSSQL$ACT7;SQL Server (ACT7);c:\program files\Microsoft SQL Server\MSSQL10_50.ACT7\MSSQL\Binn\sqlservr.exe [2011-06-18 43040096] S2 myAgtSvc;McAfee Virus and Spyware Protection Service;c:\program files\McAfee\Managed VirusScan\Agent\myAgtSvc.exe [2011-08-25 291064] S2 QBVSS;QBIDPService;c:\program files\Common Files\Intuit\DataProtect\QBIDPService.exe [2011-06-30 1248256] S2 RumorServer;McAfee Peer Distribution Service;c:\program files\McAfee\Managed VirusScan\Agent\myAgtSvc.exe [2011-08-25 291064] S2 WDDMService;WD SmartWare Drive Manager;c:\program files\Western Digital\WD SmartWare\WD Drive Manager\WDDMService.exe [2010-01-21 110592] S2 WDSmartWareBackgroundService;WD SmartWare Background Service;c:\program files\Western Digital\WD SmartWare\Front Parlor\WDSmartWareBackgroundService.exe [2009-06-16 20480] S3 k57nd60x;Broadcom NetLink Gigabit Ethernet - NDIS 6.0;c:\windows\system32\DRIVERS\k57nd60x.sys [2010-12-02 349224] S3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [2012-04-04 22344] S3 mfefirek;McAfee Inc. mfefirek;c:\windows\system32\drivers\mfefirek.sys [2011-07-19 338040] S3 osppsvc;Office Software Protection Platform;c:\program files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE [2010-01-10 4640000] S3 WSDPrintDevice;WSD Print Support via UMB;c:\windows\system32\DRIVERS\WSDPrint.sys [2009-07-14 17920] . . --- Other Services/Drivers In Memory --- . *NewlyCreated* - 07206228 *NewlyCreated* - 96380052 *NewlyCreated* - MBAMPROTECTOR *NewlyCreated* - MFE_RR *Deregistered* - 07206228 *Deregistered* - 96380052 *Deregistered* - mfeavfk01 . [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost] HPZ12 REG_MULTI_SZ Pml Driver HPZ12 Net Driver HPZ12 HPService REG_MULTI_SZ HPSLPSVC . . ------- Supplementary Scan ------- . uStart Page = hxxp://www.cnn.com/ uInternet Settings,ProxyServer = 178.48.2.237:8080 IE: Append to existing PDF - c:\program files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppend.html IE: Convert link target to Adobe PDF - c:\program files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIECaptureSelLinks.html IE: Convert link target to existing PDF - c:\program files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppendSelLinks.html IE: Convert to Adobe PDF - c:\program files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIECapture.html IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~3\Office14\EXCEL.EXE/3000 IE: Se&nd to OneNote - c:\progra~1\MICROS~3\Office14\ONBttnIE.dll/105 Trusted Zone: wiznet.com\wiznet Trusted Zone: //about.htm/ Trusted Zone: //Exclude.htm/ Trusted Zone: //LanguageSelection.htm/ Trusted Zone: //Message.htm/ Trusted Zone: //MyAgttryCmd.htm/ Trusted Zone: //MyAgttryNag.htm/ Trusted Zone: //MyNotification.htm/ Trusted Zone: //NOCLessUpdate.htm/ Trusted Zone: //quarantine.htm/ Trusted Zone: //ScanNow.htm/ Trusted Zone: //strings.vbs/ Trusted Zone: //Template.htm/ Trusted Zone: //Update.htm/ Trusted Zone: //VirFound.htm/ Trusted Zone: mcafee.com\* Trusted Zone: mcafeeasap.com\betavscan Trusted Zone: mcafeeasap.com\vs Trusted Zone: mcafeeasap.com\www TCP: DhcpNameServer = 192.168.2.1 DPF: RemotePrintControlCab - hxxps://payrollapp2.com/@57128e25-bfc9-4da2-9796-f1b16cc899b9/checkprintingassistant/RemotePrintControlCabIE.CAB DPF: {16F67783-7E72-4C39-99C4-4780A8335484} - hxxp://www.syncmyride.com/Own/Modules/UpdateCenter/applets/sync.cab FF - ProfilePath - c:\users\Clay\AppData\Roaming\Mozilla\Firefox\Profiles\xhbljdsq.default\ . - - - - ORPHANS REMOVED - - - - . Toolbar-Locked - (no file) AddRemove-Fax Upload - c:\program files\Fax Upload\Setup.exe AddRemove-MVS - c:\progra~1\McAfee\MANAGE~1\Agent\myinx . . . --------------------- LOCKED REGISTRY KEYS --------------------- . [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security] @Denied: (Full) (Everyone) . --------------------- DLLs Loaded Under Running Processes --------------------- . - - - - - - - > 'lsass.exe'(624) c:\windows\system32\wvauth.DLL c:\windows\system32\pstorsvc.dll . Completion time: 2012-05-24 11:05:41 ComboFix-quarantined-files.txt 2012-05-24 18:05 . Pre-Run: 179,577,348,096 bytes free Post-Run: 180,630,921,216 bytes free . - - End Of File - - 5A108768A1E8EEC5D63A990302C50FB7 Security Check checkup logfile: Results of screen317's Security Check version 0.99.38 Windows 7 Service Pack 1 x86 (UAC is enabled) Internet Explorer 9 `````````````````````````````` Antivirus/Firewall Check: Windows Firewall Disabled! McAfeer Security-as-a-Service Antivirus up to date! (On Access scanning disabled!) ``````````````````````````````` Anti-malware/Other Utilities Check: McAfee SiteAdvisor Enterprise Plus Malwarebytes Anti-Malware version 1.61.0.1400 Java 6 Update 31 Java version out of date! Adobe Flash Player 11.2.202.228 Mozilla Firefox (12.0) ```````````````````````````````` Process Check: objlist.exe by Laurent Malwarebytes Anti-Malware mbamservice.exe McAfee Managed VirusScan Agent myAgtSvc.exe McAfee Managed VirusScan DesktopUI XTray.exe ``````````End of Log````````````
  4. Malwarebytes' Anti-Malware did not identify a problem. My search engine is directing me to hapili and nano tech websites. I think I have a rootkit?? The dds.com logs are attached below. THANKS IN ADVANCE FOR THE HELP!!! DDS.txt Attach.txt
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.