Jump to content

fv42wid

Members
  • Posts

    9
  • Joined

  • Last visited

Reputation

0 Neutral
  1. Here is the list of threats found: C:\Qoobox\Quarantine\C\ProgramData\GoogleServiceManager.dll.vir a variant of Win32/Kryptik.TXQ trojan cleaned by deleting - quarantined C:\Qoobox\Quarantine\C\Users\Frank\AppData\Local\TCPIPUser.dll.vir a variant of Win32/Kryptik.TXQ trojan cleaned by deleting - quarantined C:\Qoobox\Quarantine\C\Users\Frank\AppData\Local\Citrix\CitrixUpdate\Citrixupdt32.DLL.vir a variant of Win32/Kryptik.TXQ trojan cleaned by deleting - quarantined C:\Qoobox\Quarantine\C\Users\Frank\AppData\Local\{6F88E8DB-2957-4C40-9F2C-88B4C1F2E382}\{6F88E8DB-2957-4C40-9F2C-88B4C1F2E382}Update\{6F88E8DB-2957-4C40-9F2C-88B4C1F2E382}updt32.DLL.vir a variant of Win32/Kryptik.TXQ trojan cleaned by deleting - quarantined C:\Qoobox\Quarantine\C\Users\Frank\AppData\Roaming\Mozilla\Firefox\Profiles\ibbn5jll.default\extensions\{52466b56-3c9b-4292-ae64-1504ea1a6ca3}\chrome.manifest.vir Win32/TrojanDownloader.Tracur.F trojan cleaned by deleting - quarantined C:\Qoobox\Quarantine\C\Users\Frank\AppData\Roaming\Mozilla\Firefox\Profiles\ibbn5jll.default\extensions\{52466b56-3c9b-4292-ae64-1504ea1a6ca3}\chrome\xulcache.jar.vir JS/Agent.NDJ trojan deleted - quarantined C:\Qoobox\Quarantine\C\Users\Frank\AppData\Roaming\Mozilla\Firefox\Profiles\ibbn5jll.default\extensions\{b0d1b358-4d13-4229-8df3-a8acb8bb156f}\chrome.manifest.vir Win32/TrojanDownloader.Tracur.F trojan cleaned by deleting - quarantined C:\Qoobox\Quarantine\C\Users\Frank\AppData\Roaming\Mozilla\Firefox\Profiles\ibbn5jll.default\extensions\{b0d1b358-4d13-4229-8df3-a8acb8bb156f}\chrome\xulcache.jar.vir JS/Agent.NDJ trojan deleted - quarantined C:\Qoobox\Quarantine\C\Users\Frank\AppData\Roaming\Mozilla\Firefox\Profiles\ibbn5jll.default\extensions\{d5658e8b-8b07-4f76-96a2-0770b72e6d48}\chrome.manifest.vir Win32/TrojanDownloader.Tracur.F trojan cleaned by deleting - quarantined C:\Users\Frank\AppData\Local\Google\Chrome\User Data\Default\Default\imonoidhamejjfnpnjgpmmmhejpafokj\contentscript.js Win32/TrojanDownloader.Tracur.F trojan cleaned by deleting - quarantined C:\Users\Frank\AppData\Local\Microsoft\Windows\Temporary Internet Files\Virtualized\C\Users\Frank\Local Settings\Application Data\Google\Chrome\User Data\Default\Default\imonoidhamejjfnpnjgpmmmhejpafokj\contentscript.js Win32/TrojanDownloader.Tracur.F trojan cleaned by deleting - quarantined C:\Users\Frank\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\10\7709a4ca-5af22949 a variant of Java/Agent.DT trojan cleaned by deleting - quarantined C:\Windows\System32\srrstr.dll a variant of Win32/Kryptik.TXQ trojan unable to clean C:\Windows\SysWOW64\srrstr.dll a variant of Win32/Kryptik.TXQ trojan cleaned by deleting - quarantined
  2. MWB seems to be running much better. Does this look like a complete scan? Malwarebytes' Anti-Malware 1.51.2.1300 www.malwarebytes.org Database version: 8000 Windows 6.1.7601 Service Pack 1 Internet Explorer 8.0.7601.17514 10/22/2011 3:15:54 PM mbam-log-2011-10-22 (15-15-54).txt Scan type: Full scan (C:\|) Objects scanned: 548563 Time elapsed: 1 hour(s), 37 minute(s), 42 second(s) Memory Processes Infected: 0 Memory Modules Infected: 0 Registry Keys Infected: 0 Registry Values Infected: 0 Registry Data Items Infected: 0 Folders Infected: 0 Files Infected: 0 Memory Processes Infected: (No malicious items detected) Memory Modules Infected: (No malicious items detected) Registry Keys Infected: (No malicious items detected) Registry Values Infected: (No malicious items detected) Registry Data Items Infected: (No malicious items detected) Folders Infected: (No malicious items detected) Files Infected: (No malicious items detected)
  3. Thanks, Elise. Here is the ComboFix.txt file: ComboFix 11-10-18.04 - Frank 10/20/2011 23:27:09.2.8 - x64 Microsoft Windows 7 Home Premium 6.1.7601.1.1252.1.1033.18.12279.10426 [GMT -4:00] Running from: c:\users\Frank\Desktop\ComboFix.exe Command switches used :: c:\users\Frank\Desktop\CFScript.txt AV: McAfee Anti-Virus and Anti-Spyware *Disabled/Updated* {86355677-4064-3EA7-ABB3-1B136EB04637} FW: McAfee Firewall *Enabled* {BE0ED752-0A0B-3FFF-80EC-B2269063014C} SP: McAfee Anti-Virus and Anti-Spyware *Disabled/Updated* {3D54B793-665E-3129-9103-206115370C8A} SP: Windows Defender *Disabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46} . . ((((((((((((((((((((((((( Files Created from 2011-09-21 to 2011-10-21 ))))))))))))))))))))))))))))))) . . 2011-10-21 03:34 . 2011-10-21 03:34 -------- d-----w- c:\users\Default\AppData\Local\temp 2011-10-17 03:11 . 2011-10-17 03:11 -------- d-----w- c:\users\Frank\AppData\Roaming\Malwarebytes 2011-10-17 03:10 . 2011-10-17 03:10 -------- d-----w- c:\programdata\Malwarebytes 2011-10-17 03:10 . 2011-10-17 03:10 -------- d-----w- c:\program files (x86)\Malwarebytes' Anti-Malware 2011-10-17 03:10 . 2011-08-31 21:00 25416 ----a-w- c:\windows\system32\drivers\mbam.sys 2011-10-13 04:32 . 2011-08-17 05:26 613888 ----a-w- c:\windows\system32\psisdecd.dll 2011-10-13 04:32 . 2011-08-17 04:24 465408 ----a-w- c:\windows\SysWow64\psisdecd.dll 2011-10-13 04:32 . 2011-08-17 04:19 75776 ----a-w- c:\windows\SysWow64\psisrndr.ax 2011-10-13 04:32 . 2011-08-17 05:25 108032 ----a-w- c:\windows\system32\psisrndr.ax 2011-10-13 04:32 . 2011-08-27 05:37 331776 ----a-w- c:\windows\system32\oleacc.dll 2011-10-13 04:32 . 2011-08-27 05:37 861696 ----a-w- c:\windows\system32\oleaut32.dll 2011-10-13 04:32 . 2011-08-27 04:26 571904 ----a-w- c:\windows\SysWow64\oleaut32.dll 2011-10-13 04:32 . 2011-08-27 04:26 233472 ----a-w- c:\windows\SysWow64\oleacc.dll 2011-10-11 02:32 . 2011-10-11 02:32 101888 ----a-w- c:\windows\SysWow64\srrstr.dll 2011-10-11 01:25 . 2011-10-06 20:42 28504 ----a-w- c:\program files (x86)\Mozilla Firefox\distribution\bundles\{D19CA586-DD6C-4a0a-96F8-14644F340D60}\components\scriptff.dll . . . (((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2011-08-26 02:17 . 2011-08-26 02:17 404640 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl 2011-08-15 14:00 . 2010-08-13 02:33 9984 ----a-w- c:\windows\system32\drivers\mfeclnk.sys 2011-08-15 14:00 . 2010-08-13 02:33 75672 ----a-w- c:\windows\system32\drivers\mfenlfk.sys 2011-08-15 14:00 . 2010-08-13 02:33 65128 ----a-w- c:\windows\system32\drivers\cfwids.sys 2011-08-15 14:00 . 2010-08-13 02:33 481504 ----a-w- c:\windows\system32\drivers\mfefirek.sys 2011-08-15 14:00 . 2010-08-13 02:33 283744 ----a-w- c:\windows\system32\drivers\mfewfpk.sys 2011-08-15 14:00 . 2010-08-13 02:33 228752 ----a-w- c:\windows\system32\drivers\mfeavfk.sys 2011-08-15 14:00 . 2010-08-13 02:33 100904 ----a-w- c:\windows\system32\drivers\mferkdet.sys 2011-08-15 14:00 . 2010-06-01 00:32 158584 ----a-w- c:\windows\system32\drivers\mfeapfk.sys 2011-08-15 14:00 . 2009-09-26 02:17 642824 ----a-w- c:\windows\system32\drivers\mfehidk.sys . . ((((((((((((((((((((((((((((( SnapShot@2011-10-19_03.53.28 ))))))))))))))))))))))))))))))))))))))))) . - 2009-07-14 04:54 . 2011-10-19 00:12 16384 c:\windows\SysWOW64\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat + 2009-07-14 04:54 . 2011-10-21 00:28 16384 c:\windows\SysWOW64\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat - 2009-07-14 04:54 . 2011-10-19 00:12 32768 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat + 2009-07-14 04:54 . 2011-10-21 00:28 32768 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat + 2009-07-14 04:54 . 2011-10-21 00:28 16384 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat - 2009-07-14 04:54 . 2011-10-19 00:12 16384 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat + 2009-07-14 05:10 . 2011-10-21 00:27 38472 c:\windows\system32\wdi\BootPerformanceDiagnostics_SystemData.bin - 2011-08-20 02:49 . 2011-10-19 00:09 49152 c:\windows\system32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat + 2011-08-20 02:49 . 2011-10-21 00:26 49152 c:\windows\system32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat - 2011-08-20 02:49 . 2011-10-19 00:09 32768 c:\windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat + 2011-08-20 02:49 . 2011-10-21 00:26 32768 c:\windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat - 2009-07-14 04:54 . 2011-10-19 00:09 16384 c:\windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat + 2009-07-14 04:54 . 2011-10-21 00:26 16384 c:\windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat + 2011-08-20 05:14 . 2011-10-21 00:26 16384 c:\windows\ServiceProfiles\NetworkService\AppData\Roaming\Microsoft\Windows\Cookies\index.dat - 2011-08-20 05:14 . 2011-10-19 00:11 16384 c:\windows\ServiceProfiles\NetworkService\AppData\Roaming\Microsoft\Windows\Cookies\index.dat + 2011-08-20 05:14 . 2011-10-21 00:26 32768 c:\windows\ServiceProfiles\NetworkService\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat - 2011-08-20 05:14 . 2011-10-19 00:11 32768 c:\windows\ServiceProfiles\NetworkService\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat + 2011-08-20 05:14 . 2011-10-21 00:26 16384 c:\windows\ServiceProfiles\NetworkService\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat - 2011-08-20 05:14 . 2011-10-19 00:11 16384 c:\windows\ServiceProfiles\NetworkService\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat + 2011-08-20 05:24 . 2011-10-21 03:14 16384 c:\windows\ServiceProfiles\LocalService\AppData\Roaming\Microsoft\Windows\Cookies\index.dat - 2011-08-20 05:24 . 2011-10-19 03:08 16384 c:\windows\ServiceProfiles\LocalService\AppData\Roaming\Microsoft\Windows\Cookies\index.dat + 2011-08-20 05:24 . 2011-10-21 03:14 16384 c:\windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat - 2011-08-20 05:24 . 2011-10-19 03:08 16384 c:\windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat + 2011-08-20 05:24 . 2011-10-21 00:27 8186 c:\windows\system32\wdi\{86432a0b-3c7d-4ddf-a89c-172faa90485d}\S-1-5-21-4183097681-2360656231-3853966839-1000_UserData.bin - 2011-10-19 00:09 . 2011-10-19 00:09 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive1.dat + 2011-10-21 00:25 . 2011-10-21 00:25 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive1.dat - 2011-10-19 00:09 . 2011-10-19 00:09 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat + 2011-10-21 00:25 . 2011-10-21 00:25 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat + 2011-08-20 20:37 . 2011-10-20 01:49 313426 c:\windows\system32\wdi\SuspendPerformanceDiagnostics_SystemData_FastS4.bin - 2009-07-14 02:36 . 2011-10-19 00:14 623940 c:\windows\system32\perfh009.dat + 2009-07-14 02:36 . 2011-10-21 00:30 623940 c:\windows\system32\perfh009.dat + 2009-07-14 02:36 . 2011-10-21 00:30 106316 c:\windows\system32\perfc009.dat - 2009-07-14 02:36 . 2011-10-19 00:14 106316 c:\windows\system32\perfc009.dat - 2009-07-14 05:01 . 2011-10-18 05:05 352404 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-System.dat + 2009-07-14 05:01 . 2011-10-20 04:13 352404 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-System.dat . ((((((((((((((((((((((((((((((((((((( Reg Loading Points )))))))))))))))))))))))))))))))))))))))))))))))))) . . *Note* empty entries & legit default entries are not shown REGEDIT4 . [HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt1] @="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}" [HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}] 2011-02-18 05:12 94208 ----a-w- c:\users\Frank\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll . [HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt2] @="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}" [HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}] 2011-02-18 05:12 94208 ----a-w- c:\users\Frank\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll . [HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt3] @="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}" [HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}] 2011-02-18 05:12 94208 ----a-w- c:\users\Frank\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll . [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run] "iYogi Support Dock"="c:\program files (x86)\iYogi Support Dock\iYogiSupportDock.exe" [2011-06-30 1574128] "dellsupportcenter"="c:\program files (x86)\Dell Support Center\bin\sprtcmd.exe" [2009-05-21 206064] "QuickTime Task"="c:\program files (x86)\QuickTime\QTTask.exe" [2011-07-05 421888] "iTunesHelper"="c:\program files (x86)\iTunes\iTunesHelper.exe" [2011-08-19 421736] "mcui_exe"="c:\program files\McAfee.com\Agent\mcagent.exe" [2011-09-16 1674896] . [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run] "Bomgar_Cleanup_ZD6127729553"="rd" [X] . c:\users\Default User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\ Dell Dock First Run.lnk - c:\program files\Dell\DellDock\DellDock.exe [2009-6-30 1316192] . [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system] "ConsentPromptBehaviorAdmin"= 5 (0x5) "ConsentPromptBehaviorUser"= 3 (0x3) "EnableUIADesktopToggle"= 0 (0x0) . [HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\drivers32] "aux1"=wdmaud.drv . [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\mcmscsvc] @="" . [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MCODS] @="" . R2 0314501319156787mcinstcleanup;McAfee Application Installer Cleanup (0314501319156787);c:\windows\TEMP\031450~1.EXE [x] R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384] R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576] R2 dldtCATSCustConnectService;dldtCATSCustConnectService;c:\windows\system32\spool\DRIVERS\x64\3\\dldtserv.exe [2009-07-09 33448] R2 gupdate;Google Update Service (gupdate);c:\program files (x86)\Google\Update\GoogleUpdate.exe [2011-08-26 136176] R3 Adobe Version Cue CS4;Adobe Version Cue CS4;c:\program files (x86)\Common Files\Adobe\Adobe Version Cue CS4\Server\bin\VersionCueCS4.exe [2008-08-15 284016] R3 FLEXnet Licensing Service 64;FLEXnet Licensing Service 64;c:\program files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService64.exe [2009-09-30 1038088] R3 gupdatem;Google Update Service (gupdatem);c:\program files (x86)\Google\Update\GoogleUpdate.exe [2011-08-26 136176] R3 mferkdet;McAfee Inc. mferkdet;c:\windows\system32\drivers\mferkdet.sys [x] R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [x] R3 TsUsbGD;Remote Desktop Generic USB Device;c:\windows\system32\drivers\TsUsbGD.sys [x] R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe [x] R3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;c:\windows\Microsoft.NET\Framework64\v4.0.30319\WPF\WPFFontCache_v0400.exe [x] S0 mfewfpk;McAfee Inc. mfewfpk;c:\windows\system32\drivers\mfewfpk.sys [x] S0 PxHlpa64;PxHlpa64;c:\windows\System32\Drivers\PxHlpa64.sys [x] S1 mfenlfk;McAfee NDIS Light Filter;c:\windows\system32\DRIVERS\mfenlfk.sys [x] S2 AERTFilters;Andrea RT Filters Service;c:\program files\Realtek\Audio\HDA\AERTSr64.exe [2009-02-24 88576] S2 Apache2.2;Apache2.2;c:\program files (x86)\Apache Software Foundation\Apache2.2\bin\httpd.exe [2009-08-06 24645] S2 DockLoginService;Dock Login Service;c:\program files\Dell\DellDock\DockLogin.exe [2008-12-18 155648] S2 IYSODiskOptimizer;IYSODiskOptimizer;c:\program files (x86)\iYogi Support Dock\pccare\IYSODefragSrv64.exe [2011-05-10 286720] S2 McAfee SiteAdvisor Service;McAfee SiteAdvisor Service;c:\program files\Common Files\McAfee\McSvcHost\McSvHost.exe [2011-01-27 249936] S2 McMPFSvc;McAfee Personal Firewall Service;c:\program files\Common Files\McAfee\McSvcHost\McSvHost.exe [2011-01-27 249936] S2 McNaiAnn;McAfee VirusScan Announcer;c:\program files\Common Files\McAfee\McSvcHost\McSvHost.exe [2011-01-27 249936] S2 MemeoBackgroundService;MemeoBackgroundService;c:\program files (x86)\Memeo\AutoBackup\MemeoBackgroundService.exe [2010-04-23 25824] S2 mfefire;McAfee Firewall Core Service;c:\program files\Common Files\McAfee\SystemCore\\mfefire.exe [2011-08-19 208272] S2 mfevtp;McAfee Validation Trust Protection Service;c:\program files\Common Files\McAfee\SystemCore\mfevtps.exe [2011-08-19 158832] S2 SeagateDashboardService;Seagate Dashboard Service;c:\program files (x86)\Seagate\Seagate Dashboard\SeagateDashboardService.exe [2010-04-30 14088] S2 SupportDockService.exe;Support Dock Service;c:\program files (x86)\iYogi Support Dock\Services\CommAgent\SupportDockService.exe [2011-06-13 73728] S3 cfwids;McAfee Inc. cfwids;c:\windows\system32\drivers\cfwids.sys [x] S3 e1yexpress;Intel® Gigabit Network Connections Driver;c:\windows\system32\DRIVERS\e1y60x64.sys [x] S3 mfefirek;McAfee Inc. mfefirek;c:\windows\system32\drivers\mfefirek.sys [x] S3 NVHDA;Service for NVIDIA High Definition Audio Driver;c:\windows\system32\drivers\nvhda64v.sys [x] S3 OA002Afx;Provides a software interface to control audio effects of OA002 camera.;c:\windows\system32\Drivers\OA002Afx.sys [x] S3 OA002Ufd;Creative Camera OA002 Upper Filter Driver;c:\windows\system32\DRIVERS\OA002Ufd.sys [x] S3 OA002Vid;Creative Camera OA002 Function Driver;c:\windows\system32\DRIVERS\OA002Vid.sys [x] . . --- Other Services/Drivers In Memory --- . *Deregistered* - mfeavfk01 . Contents of the 'Scheduled Tasks' folder . 2011-10-21 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job - c:\program files (x86)\Google\Update\GoogleUpdate.exe [2011-08-26 02:18] . 2011-10-21 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job - c:\program files (x86)\Google\Update\GoogleUpdate.exe [2011-08-26 02:18] . 2011-10-21 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-4183097681-2360656231-3853966839-1000Core.job - c:\users\Frank\AppData\Local\Google\Update\GoogleUpdate.exe [2011-06-22 02:02] . 2011-10-21 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-4183097681-2360656231-3853966839-1000UA.job - c:\users\Frank\AppData\Local\Google\Update\GoogleUpdate.exe [2011-06-22 02:02] . . --------- x86-64 ----------- . . [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt1] @="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}" [HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}] 2011-02-18 05:12 97792 ----a-w- c:\users\Frank\AppData\Roaming\Dropbox\bin\DropboxExt64.14.dll . [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt2] @="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}" [HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}] 2011-02-18 05:12 97792 ----a-w- c:\users\Frank\AppData\Roaming\Dropbox\bin\DropboxExt64.14.dll . [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt3] @="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}" [HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}] 2011-02-18 05:12 97792 ----a-w- c:\users\Frank\AppData\Roaming\Dropbox\bin\DropboxExt64.14.dll . ------- Supplementary Scan ------- . uLocal Page = c:\windows\system32\blank.htm mLocal Page = c:\windows\SysWOW64\blank.htm uInternet Settings,ProxyOverride = *.local IE: Google Sidewiki... - c:\program files (x86)\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_7461B1589E8B4FB7.dll/cmsidewiki.html TCP: DhcpNameServer = 192.168.2.1 FF - ProfilePath - c:\users\Frank\AppData\Roaming\Mozilla\Firefox\Profiles\ibbn5jll.default\ FF - Ext: Default: {972ce4c6-7e08-4474-a285-3208198ce6fd} - c:\program files (x86)\Mozilla Firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd} FF - Ext: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension FF - Ext: McAfee SiteAdvisor: {B7082FAA-CB62-4872-9106-E42DD88EDE45} - c:\program files (x86)\McAfee\SiteAdvisor FF - Ext: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - %profile%\extensions\{20a82645-c095-46ed-80e3-08825760534b} . . [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\MySQL] "ImagePath"="\"c:\program files (x86)\MySQL\MySQL Server 5.1\bin\mysqld\" --defaults-file=\"c:\program files (x86)\MySQL\MySQL Server 5.1\my.ini\" MySQL" . --------------------- LOCKED REGISTRY KEYS --------------------- . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}] @Denied: (A 2) (Everyone) @="FlashBroker" "LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil10w_ActiveX.exe,-101" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation] "Enabled"=dword:00000001 . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32] @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil10w_ActiveX.exe" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib] @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}] @Denied: (A 2) (Everyone) @="Shockwave Flash Object" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32] @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10w.ocx" "ThreadingModel"="Apartment" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus] @="0" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID] @="ShockwaveFlash.ShockwaveFlash.10" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32] @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10w.ocx, 1" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib] @="{D27CDB6B-AE6D-11cf-96B8-444553540000}" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version] @="1.0" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID] @="ShockwaveFlash.ShockwaveFlash" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}] @Denied: (A 2) (Everyone) @="Macromedia Flash Factory Object" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32] @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10w.ocx" "ThreadingModel"="Apartment" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID] @="FlashFactory.FlashFactory.1" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32] @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10w.ocx, 1" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib] @="{D27CDB6B-AE6D-11cf-96B8-444553540000}" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version] @="1.0" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID] @="FlashFactory.FlashFactory" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}] @Denied: (A 2) (Everyone) @="IFlashBroker4" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32] @="{00020424-0000-0000-C000-000000000046}" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib] @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}" "Version"="1.0" . [HKEY_LOCAL_MACHINE\SOFTWARE\McAfee] "SymbolicLinkValue"=hex(6):5c,00,72,00,65,00,67,00,69,00,73,00,74,00,72,00,79, 00,5c,00,6d,00,61,00,63,00,68,00,69,00,6e,00,65,00,5c,00,53,00,6f,00,66,00,\ . [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security] @Denied: (Full) (Everyone) . Completion time: 2011-10-20 23:35:40 ComboFix-quarantined-files.txt 2011-10-21 03:35 ComboFix2.txt 2011-10-19 03:54 . Pre-Run: 767,981,301,760 bytes free Post-Run: 767,930,548,224 bytes free . - - End Of File - - FF5D395AF324773612CCAEA1D2BEB068
  4. Hi, Log info is pasted below. Thanks again for your help. ComboFix 11-10-18.04 - Frank 10/18/2011 23:46:30.1.8 - x64 Microsoft Windows 7 Home Premium 6.1.7601.1.1252.1.1033.18.12279.10270 [GMT -4:00] Running from: c:\users\Frank\Desktop\ComboFix.exe AV: McAfee Anti-Virus and Anti-Spyware *Disabled/Updated* {86355677-4064-3EA7-ABB3-1B136EB04637} FW: McAfee Firewall *Enabled* {BE0ED752-0A0B-3FFF-80EC-B2269063014C} SP: McAfee Anti-Virus and Anti-Spyware *Disabled/Updated* {3D54B793-665E-3129-9103-206115370C8A} SP: Windows Defender *Disabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46} * Created a new restore point . . ((((((((((((((((((((((((((((((((((((((( Other Deletions ))))))))))))))))))))))))))))))))))))))))))))))))) . . c:\programdata\GoogleServiceManager.dll c:\users\Frank\AppData\Local\{6F88E8DB-2957-4C40-9F2C-88B4C1F2E382} c:\users\Frank\AppData\Local\{6F88E8DB-2957-4C40-9F2C-88B4C1F2E382}\{6F88E8DB-2957-4C40-9F2C-88B4C1F2E382}Update\{6F88E8DB-2957-4C40-9F2C-88B4C1F2E382}updt32.DLL c:\users\Frank\AppData\Local\{6F88E8DB-2957-4C40-9F2C-88B4C1F2E382}\chrome.manifest c:\users\Frank\AppData\Local\{6F88E8DB-2957-4C40-9F2C-88B4C1F2E382}\chrome\content\_cfg.js c:\users\Frank\AppData\Local\{6F88E8DB-2957-4C40-9F2C-88B4C1F2E382}\chrome\content\overlay.xul c:\users\Frank\AppData\Local\{6F88E8DB-2957-4C40-9F2C-88B4C1F2E382}\install.rdf c:\users\Frank\AppData\Local\Citrix\CitrixUpdate\Citrixupdt32.DLL c:\users\Frank\AppData\Local\TCPIPUser.dll c:\users\Frank\AppData\Roaming\790A.3D6 c:\users\Frank\AppData\Roaming\Mozilla\Firefox\Profiles\ibbn5jll.default\extensions\{52466b56-3c9b-4292-ae64-1504ea1a6ca3} c:\users\Frank\AppData\Roaming\Mozilla\Firefox\Profiles\ibbn5jll.default\extensions\{52466b56-3c9b-4292-ae64-1504ea1a6ca3}\chrome.manifest c:\users\Frank\AppData\Roaming\Mozilla\Firefox\Profiles\ibbn5jll.default\extensions\{52466b56-3c9b-4292-ae64-1504ea1a6ca3}\chrome\xulcache.jar c:\users\Frank\AppData\Roaming\Mozilla\Firefox\Profiles\ibbn5jll.default\extensions\{52466b56-3c9b-4292-ae64-1504ea1a6ca3}\defaults\preferences\xulcache.js c:\users\Frank\AppData\Roaming\Mozilla\Firefox\Profiles\ibbn5jll.default\extensions\{52466b56-3c9b-4292-ae64-1504ea1a6ca3}\install.rdf c:\users\Frank\AppData\Roaming\Mozilla\Firefox\Profiles\ibbn5jll.default\extensions\{b0d1b358-4d13-4229-8df3-a8acb8bb156f} c:\users\Frank\AppData\Roaming\Mozilla\Firefox\Profiles\ibbn5jll.default\extensions\{b0d1b358-4d13-4229-8df3-a8acb8bb156f}\chrome.manifest c:\users\Frank\AppData\Roaming\Mozilla\Firefox\Profiles\ibbn5jll.default\extensions\{b0d1b358-4d13-4229-8df3-a8acb8bb156f}\chrome\xulcache.jar c:\users\Frank\AppData\Roaming\Mozilla\Firefox\Profiles\ibbn5jll.default\extensions\{b0d1b358-4d13-4229-8df3-a8acb8bb156f}\defaults\preferences\xulcache.js c:\users\Frank\AppData\Roaming\Mozilla\Firefox\Profiles\ibbn5jll.default\extensions\{b0d1b358-4d13-4229-8df3-a8acb8bb156f}\install.rdf c:\users\Frank\AppData\Roaming\Mozilla\Firefox\Profiles\ibbn5jll.default\extensions\{d5658e8b-8b07-4f76-96a2-0770b72e6d48} c:\users\Frank\AppData\Roaming\Mozilla\Firefox\Profiles\ibbn5jll.default\extensions\{d5658e8b-8b07-4f76-96a2-0770b72e6d48}\chrome.manifest c:\users\Frank\AppData\Roaming\Mozilla\Firefox\Profiles\ibbn5jll.default\extensions\{d5658e8b-8b07-4f76-96a2-0770b72e6d48}\chrome\xulcache.jar c:\users\Frank\AppData\Roaming\Mozilla\Firefox\Profiles\ibbn5jll.default\extensions\{d5658e8b-8b07-4f76-96a2-0770b72e6d48}\defaults\preferences\xulcache.js c:\users\Frank\AppData\Roaming\Mozilla\Firefox\Profiles\ibbn5jll.default\extensions\{d5658e8b-8b07-4f76-96a2-0770b72e6d48}\install.rdf c:\users\Frank\Desktop\Security Protection.lnk c:\users\Frank\GoToAssistDownloadHelper.exe . . ((((((((((((((((((((((((( Files Created from 2011-09-19 to 2011-10-19 ))))))))))))))))))))))))))))))) . . 2011-10-19 03:53 . 2011-10-19 03:53 -------- d-----w- c:\users\Default\AppData\Local\temp 2011-10-17 03:11 . 2011-10-17 03:11 -------- d-----w- c:\users\Frank\AppData\Roaming\Malwarebytes 2011-10-17 03:10 . 2011-10-17 03:10 -------- d-----w- c:\programdata\Malwarebytes 2011-10-17 03:10 . 2011-10-17 03:10 -------- d-----w- c:\program files (x86)\Malwarebytes' Anti-Malware 2011-10-17 03:10 . 2011-08-31 21:00 25416 ----a-w- c:\windows\system32\drivers\mbam.sys 2011-10-13 04:32 . 2011-08-17 05:26 613888 ----a-w- c:\windows\system32\psisdecd.dll 2011-10-13 04:32 . 2011-08-17 04:24 465408 ----a-w- c:\windows\SysWow64\psisdecd.dll 2011-10-13 04:32 . 2011-08-17 04:19 75776 ----a-w- c:\windows\SysWow64\psisrndr.ax 2011-10-13 04:32 . 2011-08-17 05:25 108032 ----a-w- c:\windows\system32\psisrndr.ax 2011-10-13 04:32 . 2011-08-27 05:37 331776 ----a-w- c:\windows\system32\oleacc.dll 2011-10-13 04:32 . 2011-08-27 05:37 861696 ----a-w- c:\windows\system32\oleaut32.dll 2011-10-13 04:32 . 2011-08-27 04:26 571904 ----a-w- c:\windows\SysWow64\oleaut32.dll 2011-10-13 04:32 . 2011-08-27 04:26 233472 ----a-w- c:\windows\SysWow64\oleacc.dll 2011-10-11 02:32 . 2011-10-11 02:32 101888 ----a-w- c:\windows\SysWow64\srrstr.dll 2011-10-11 01:25 . 2011-10-06 20:42 28504 ----a-w- c:\program files (x86)\Mozilla Firefox\distribution\bundles\{D19CA586-DD6C-4a0a-96F8-14644F340D60}\components\scriptff.dll . . . (((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2011-08-26 02:17 . 2011-08-26 02:17 404640 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl 2011-08-15 14:00 . 2010-08-13 02:33 9984 ----a-w- c:\windows\system32\drivers\mfeclnk.sys 2011-08-15 14:00 . 2010-08-13 02:33 75672 ----a-w- c:\windows\system32\drivers\mfenlfk.sys 2011-08-15 14:00 . 2010-08-13 02:33 65128 ----a-w- c:\windows\system32\drivers\cfwids.sys 2011-08-15 14:00 . 2010-08-13 02:33 481504 ----a-w- c:\windows\system32\drivers\mfefirek.sys 2011-08-15 14:00 . 2010-08-13 02:33 283744 ----a-w- c:\windows\system32\drivers\mfewfpk.sys 2011-08-15 14:00 . 2010-08-13 02:33 228752 ----a-w- c:\windows\system32\drivers\mfeavfk.sys 2011-08-15 14:00 . 2010-08-13 02:33 100904 ----a-w- c:\windows\system32\drivers\mferkdet.sys 2011-08-15 14:00 . 2010-06-01 00:32 158584 ----a-w- c:\windows\system32\drivers\mfeapfk.sys 2011-08-15 14:00 . 2009-09-26 02:17 642824 ----a-w- c:\windows\system32\drivers\mfehidk.sys . . ((((((((((((((((((((((((((((((((((((( Reg Loading Points )))))))))))))))))))))))))))))))))))))))))))))))))) . . *Note* empty entries & legit default entries are not shown REGEDIT4 . [HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt1] @="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}" [HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}] 2011-02-18 05:12 94208 ----a-w- c:\users\Frank\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll . [HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt2] @="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}" [HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}] 2011-02-18 05:12 94208 ----a-w- c:\users\Frank\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll . [HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt3] @="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}" [HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}] 2011-02-18 05:12 94208 ----a-w- c:\users\Frank\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll . [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run] "iYogi Support Dock"="c:\program files (x86)\iYogi Support Dock\iYogiSupportDock.exe" [2011-06-30 1574128] "dellsupportcenter"="c:\program files (x86)\Dell Support Center\bin\sprtcmd.exe" [2009-05-21 206064] "QuickTime Task"="c:\program files (x86)\QuickTime\QTTask.exe" [2011-07-05 421888] "iTunesHelper"="c:\program files (x86)\iTunes\iTunesHelper.exe" [2011-08-19 421736] "mcui_exe"="c:\program files\McAfee.com\Agent\mcagent.exe" [2011-09-10 1671824] . [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run] "Bomgar_Cleanup_ZD6127729553"="rd" [X] . c:\users\Default User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\ Dell Dock First Run.lnk - c:\program files\Dell\DellDock\DellDock.exe [2009-6-30 1316192] . [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system] "ConsentPromptBehaviorAdmin"= 5 (0x5) "ConsentPromptBehaviorUser"= 3 (0x3) "EnableUIADesktopToggle"= 0 (0x0) . [HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\drivers32] "aux1"=wdmaud.drv . [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\mcmscsvc] @="" . [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MCODS] @="" . R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384] R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576] R2 dldtCATSCustConnectService;dldtCATSCustConnectService;c:\windows\system32\spool\DRIVERS\x64\3\\dldtserv.exe [2009-07-09 33448] R2 gupdate;Google Update Service (gupdate);c:\program files (x86)\Google\Update\GoogleUpdate.exe [2011-08-26 136176] R3 Adobe Version Cue CS4;Adobe Version Cue CS4;c:\program files (x86)\Common Files\Adobe\Adobe Version Cue CS4\Server\bin\VersionCueCS4.exe [2008-08-15 284016] R3 FLEXnet Licensing Service 64;FLEXnet Licensing Service 64;c:\program files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService64.exe [2009-09-30 1038088] R3 gupdatem;Google Update Service (gupdatem);c:\program files (x86)\Google\Update\GoogleUpdate.exe [2011-08-26 136176] R3 mferkdet;McAfee Inc. mferkdet;c:\windows\system32\drivers\mferkdet.sys [x] R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [x] R3 TsUsbGD;Remote Desktop Generic USB Device;c:\windows\system32\drivers\TsUsbGD.sys [x] R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe [x] R3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;c:\windows\Microsoft.NET\Framework64\v4.0.30319\WPF\WPFFontCache_v0400.exe [x] S0 mfewfpk;McAfee Inc. mfewfpk;c:\windows\system32\drivers\mfewfpk.sys [x] S0 PxHlpa64;PxHlpa64;c:\windows\System32\Drivers\PxHlpa64.sys [x] S1 mfenlfk;McAfee NDIS Light Filter;c:\windows\system32\DRIVERS\mfenlfk.sys [x] S2 AERTFilters;Andrea RT Filters Service;c:\program files\Realtek\Audio\HDA\AERTSr64.exe [2009-02-24 88576] S2 Apache2.2;Apache2.2;c:\program files (x86)\Apache Software Foundation\Apache2.2\bin\httpd.exe [2009-08-06 24645] S2 DockLoginService;Dock Login Service;c:\program files\Dell\DellDock\DockLogin.exe [2008-12-18 155648] S2 IYSODiskOptimizer;IYSODiskOptimizer;c:\program files (x86)\iYogi Support Dock\pccare\IYSODefragSrv64.exe [2011-05-10 286720] S2 McAfee SiteAdvisor Service;McAfee SiteAdvisor Service;c:\program files\Common Files\McAfee\McSvcHost\McSvHost.exe [2011-01-27 249936] S2 McMPFSvc;McAfee Personal Firewall Service;c:\program files\Common Files\McAfee\McSvcHost\McSvHost.exe [2011-01-27 249936] S2 McNaiAnn;McAfee VirusScan Announcer;c:\program files\Common Files\McAfee\McSvcHost\McSvHost.exe [2011-01-27 249936] S2 MemeoBackgroundService;MemeoBackgroundService;c:\program files (x86)\Memeo\AutoBackup\MemeoBackgroundService.exe [2010-04-23 25824] S2 mfefire;McAfee Firewall Core Service;c:\program files\Common Files\McAfee\SystemCore\\mfefire.exe [2011-08-19 208272] S2 mfevtp;McAfee Validation Trust Protection Service;c:\program files\Common Files\McAfee\SystemCore\mfevtps.exe [2011-08-19 158832] S2 SeagateDashboardService;Seagate Dashboard Service;c:\program files (x86)\Seagate\Seagate Dashboard\SeagateDashboardService.exe [2010-04-30 14088] S2 SupportDockService.exe;Support Dock Service;c:\program files (x86)\iYogi Support Dock\Services\CommAgent\SupportDockService.exe [2011-06-13 73728] S3 cfwids;McAfee Inc. cfwids;c:\windows\system32\drivers\cfwids.sys [x] S3 e1yexpress;Intel® Gigabit Network Connections Driver;c:\windows\system32\DRIVERS\e1y60x64.sys [x] S3 mfefirek;McAfee Inc. mfefirek;c:\windows\system32\drivers\mfefirek.sys [x] S3 NVHDA;Service for NVIDIA High Definition Audio Driver;c:\windows\system32\drivers\nvhda64v.sys [x] S3 OA002Afx;Provides a software interface to control audio effects of OA002 camera.;c:\windows\system32\Drivers\OA002Afx.sys [x] S3 OA002Ufd;Creative Camera OA002 Upper Filter Driver;c:\windows\system32\DRIVERS\OA002Ufd.sys [x] S3 OA002Vid;Creative Camera OA002 Function Driver;c:\windows\system32\DRIVERS\OA002Vid.sys [x] . . --- Other Services/Drivers In Memory --- . *Deregistered* - mfeavfk01 . Contents of the 'Scheduled Tasks' folder . 2011-10-19 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job - c:\program files (x86)\Google\Update\GoogleUpdate.exe [2011-08-26 02:18] . 2011-10-19 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job - c:\program files (x86)\Google\Update\GoogleUpdate.exe [2011-08-26 02:18] . 2011-10-19 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-4183097681-2360656231-3853966839-1000Core.job - c:\users\Frank\AppData\Local\Google\Update\GoogleUpdate.exe [2011-06-22 02:02] . 2011-10-19 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-4183097681-2360656231-3853966839-1000UA.job - c:\users\Frank\AppData\Local\Google\Update\GoogleUpdate.exe [2011-06-22 02:02] . . --------- x86-64 ----------- . . [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt1] @="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}" [HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}] 2011-02-18 05:12 97792 ----a-w- c:\users\Frank\AppData\Roaming\Dropbox\bin\DropboxExt64.14.dll . [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt2] @="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}" [HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}] 2011-02-18 05:12 97792 ----a-w- c:\users\Frank\AppData\Roaming\Dropbox\bin\DropboxExt64.14.dll . [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt3] @="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}" [HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}] 2011-02-18 05:12 97792 ----a-w- c:\users\Frank\AppData\Roaming\Dropbox\bin\DropboxExt64.14.dll . [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows] "LoadAppInit_DLLs"=0x0 . ------- Supplementary Scan ------- . uLocal Page = c:\windows\system32\blank.htm mLocal Page = c:\windows\SysWOW64\blank.htm uInternet Settings,ProxyOverride = *.local uInternet Settings,ProxyServer = http=127.0.0.1:61556 IE: Google Sidewiki... - c:\program files (x86)\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_7461B1589E8B4FB7.dll/cmsidewiki.html TCP: DhcpNameServer = 192.168.2.1 FF - ProfilePath - c:\users\Frank\AppData\Roaming\Mozilla\Firefox\Profiles\ibbn5jll.default\ FF - prefs.js: network.proxy.http - 127.0.0.1 FF - prefs.js: network.proxy.http_port - 61556 FF - prefs.js: network.proxy.type - 1 FF - Ext: Default: {972ce4c6-7e08-4474-a285-3208198ce6fd} - c:\program files (x86)\Mozilla Firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd} FF - Ext: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension FF - Ext: McAfee SiteAdvisor: {B7082FAA-CB62-4872-9106-E42DD88EDE45} - c:\program files (x86)\McAfee\SiteAdvisor FF - Ext: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - %profile%\extensions\{20a82645-c095-46ed-80e3-08825760534b} . - - - - ORPHANS REMOVED - - - - . Wow6432Node-HKCU-Run-Macromedia Update - c:\users\Frank\AppData\Local\Citrix\CitrixUpdate\Citrixupdt32.DLL Wow6432Node-HKCU-Run-GoogleServiceManager - c:\programdata\GoogleServiceManager.dll Wow6432Node-HKCU-Run-Widcomm Update - c:\users\Frank\AppData\Local\{6F88E8DB-2957-4C40-9F2C-88B4C1F2E382}\{6F88E8DB-2957-4C40-9F2C-88B4C1F2E382}Update\{6F88E8DB-2957-4C40-9F2C-88B4C1F2E382}updt32.DLL . . . [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\MySQL] "ImagePath"="\"c:\program files (x86)\MySQL\MySQL Server 5.1\bin\mysqld\" --defaults-file=\"c:\program files (x86)\MySQL\MySQL Server 5.1\my.ini\" MySQL" . --------------------- LOCKED REGISTRY KEYS --------------------- . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}] @Denied: (A 2) (Everyone) @="FlashBroker" "LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil10w_ActiveX.exe,-101" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation] "Enabled"=dword:00000001 . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32] @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil10w_ActiveX.exe" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib] @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}] @Denied: (A 2) (Everyone) @="Shockwave Flash Object" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32] @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10w.ocx" "ThreadingModel"="Apartment" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus] @="0" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID] @="ShockwaveFlash.ShockwaveFlash.10" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32] @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10w.ocx, 1" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib] @="{D27CDB6B-AE6D-11cf-96B8-444553540000}" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version] @="1.0" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID] @="ShockwaveFlash.ShockwaveFlash" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}] @Denied: (A 2) (Everyone) @="Macromedia Flash Factory Object" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32] @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10w.ocx" "ThreadingModel"="Apartment" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID] @="FlashFactory.FlashFactory.1" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32] @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10w.ocx, 1" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib] @="{D27CDB6B-AE6D-11cf-96B8-444553540000}" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version] @="1.0" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID] @="FlashFactory.FlashFactory" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}] @Denied: (A 2) (Everyone) @="IFlashBroker4" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32] @="{00020424-0000-0000-C000-000000000046}" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib] @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}" "Version"="1.0" . [HKEY_LOCAL_MACHINE\SOFTWARE\McAfee] "SymbolicLinkValue"=hex(6):5c,00,72,00,65,00,67,00,69,00,73,00,74,00,72,00,79, 00,5c,00,6d,00,61,00,63,00,68,00,69,00,6e,00,65,00,5c,00,53,00,6f,00,66,00,\ . [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security] @Denied: (Full) (Everyone) . Completion time: 2011-10-18 23:54:47 ComboFix-quarantined-files.txt 2011-10-19 03:54 . Pre-Run: 765,735,014,400 bytes free Post-Run: 765,752,365,056 bytes free . - - End Of File - - 6D81702E80484BFEF446875B090C3E03
  5. Elise, Thank you for your reply. I ran the TDSSKiller program and it did not find any threats. The report from the run is pasted below. 23:50:24.0771 4292 TDSS rootkit removing tool 2.6.10.0 Oct 17 2011 15:43:23 23:50:25.0340 4292 ============================================================ 23:50:25.0340 4292 Current date / time: 2011/10/17 23:50:25.0340 23:50:25.0340 4292 SystemInfo: 23:50:25.0340 4292 23:50:25.0340 4292 OS Version: 6.1.7601 ServicePack: 1.0 23:50:25.0340 4292 Product type: Workstation 23:50:25.0340 4292 ComputerName: FRANK-PC 23:50:25.0341 4292 UserName: Frank 23:50:25.0341 4292 Windows directory: C:\Windows 23:50:25.0341 4292 System windows directory: C:\Windows 23:50:25.0341 4292 Running under WOW64 23:50:25.0341 4292 Processor architecture: Intel x64 23:50:25.0341 4292 Number of processors: 8 23:50:25.0341 4292 Page size: 0x1000 23:50:25.0341 4292 Boot type: Normal boot 23:50:25.0341 4292 ============================================================ 23:50:26.0333 4292 Initialize success 23:50:35.0578 0700 ============================================================ 23:50:35.0578 0700 Scan started 23:50:35.0579 0700 Mode: Manual; 23:50:35.0579 0700 ============================================================ 23:50:36.0610 0700 1394ohci (a87d604aea360176311474c87a63bb88) C:\Windows\system32\DRIVERS\1394ohci.sys 23:50:36.0612 0700 1394ohci - ok 23:50:36.0707 0700 ACPI (d81d9e70b8a6dd14d42d7b4efa65d5f2) C:\Windows\system32\drivers\ACPI.sys 23:50:36.0709 0700 ACPI - ok 23:50:36.0723 0700 AcpiPmi (99f8e788246d495ce3794d7e7821d2ca) C:\Windows\system32\drivers\acpipmi.sys 23:50:36.0766 0700 AcpiPmi - ok 23:50:36.0803 0700 adfs (2f0683fd2df1d92e891caca14b45a8c1) C:\Windows\system32\drivers\adfs.sys 23:50:36.0850 0700 adfs - ok 23:50:36.0875 0700 adp94xx (2f6b34b83843f0c5118b63ac634f5bf4) C:\Windows\system32\drivers\adp94xx.sys 23:50:36.0885 0700 adp94xx - ok 23:50:36.0904 0700 adpahci (597f78224ee9224ea1a13d6350ced962) C:\Windows\system32\drivers\adpahci.sys 23:50:36.0912 0700 adpahci - ok 23:50:36.0929 0700 adpu320 (e109549c90f62fb570b9540c4b148e54) C:\Windows\system32\drivers\adpu320.sys 23:50:36.0931 0700 adpu320 - ok 23:50:36.0978 0700 AFD (d5b031c308a409a0a576bff4cf083d30) C:\Windows\system32\drivers\afd.sys 23:50:37.0029 0700 AFD - ok 23:50:37.0044 0700 agp440 (608c14dba7299d8cb6ed035a68a15799) C:\Windows\system32\drivers\agp440.sys 23:50:37.0048 0700 agp440 - ok 23:50:37.0063 0700 aliide (5812713a477a3ad7363c7438ca2ee038) C:\Windows\system32\drivers\aliide.sys 23:50:37.0067 0700 aliide - ok 23:50:37.0085 0700 amdide (1ff8b4431c353ce385c875f194924c0c) C:\Windows\system32\drivers\amdide.sys 23:50:37.0087 0700 amdide - ok 23:50:37.0101 0700 AmdK8 (7024f087cff1833a806193ef9d22cda9) C:\Windows\system32\drivers\amdk8.sys 23:50:37.0104 0700 AmdK8 - ok 23:50:37.0121 0700 AmdPPM (1e56388b3fe0d031c44144eb8c4d6217) C:\Windows\system32\drivers\amdppm.sys 23:50:37.0125 0700 AmdPPM - ok 23:50:37.0148 0700 amdsata (d4121ae6d0c0e7e13aa221aa57ef2d49) C:\Windows\system32\drivers\amdsata.sys 23:50:37.0200 0700 amdsata - ok 23:50:37.0209 0700 amdsbs (f67f933e79241ed32ff46a4f29b5120b) C:\Windows\system32\drivers\amdsbs.sys 23:50:37.0215 0700 amdsbs - ok 23:50:37.0243 0700 amdxata (540daf1cea6094886d72126fd7c33048) C:\Windows\system32\drivers\amdxata.sys 23:50:37.0244 0700 amdxata - ok 23:50:37.0262 0700 AppID (89a69c3f2f319b43379399547526d952) C:\Windows\system32\drivers\appid.sys 23:50:37.0304 0700 AppID - ok 23:50:37.0324 0700 arc (c484f8ceb1717c540242531db7845c4e) C:\Windows\system32\drivers\arc.sys 23:50:37.0327 0700 arc - ok 23:50:37.0343 0700 arcsas (019af6924aefe7839f61c830227fe79c) C:\Windows\system32\drivers\arcsas.sys 23:50:37.0348 0700 arcsas - ok 23:50:37.0374 0700 AsyncMac (769765ce2cc62867468cea93969b2242) C:\Windows\system32\DRIVERS\asyncmac.sys 23:50:37.0380 0700 AsyncMac - ok 23:50:37.0407 0700 atapi (02062c0b390b7729edc9e69c680a6f3c) C:\Windows\system32\drivers\atapi.sys 23:50:37.0408 0700 atapi - ok 23:50:37.0443 0700 b06bdrv (3e5b191307609f7514148c6832bb0842) C:\Windows\system32\drivers\bxvbda.sys 23:50:37.0454 0700 b06bdrv - ok 23:50:37.0488 0700 b57nd60a (b5ace6968304a3900eeb1ebfd9622df2) C:\Windows\system32\DRIVERS\b57nd60a.sys 23:50:37.0496 0700 b57nd60a - ok 23:50:37.0517 0700 Beep (16a47ce2decc9b099349a5f840654746) C:\Windows\system32\drivers\Beep.sys 23:50:37.0522 0700 Beep - ok 23:50:37.0566 0700 blbdrive (61583ee3c3a17003c4acd0475646b4d3) C:\Windows\system32\DRIVERS\blbdrive.sys 23:50:37.0572 0700 blbdrive - ok 23:50:37.0596 0700 bowser (6c02a83164f5cc0a262f4199f0871cf5) C:\Windows\system32\DRIVERS\bowser.sys 23:50:37.0597 0700 bowser - ok 23:50:37.0610 0700 BrFiltLo (f09eee9edc320b5e1501f749fde686c8) C:\Windows\system32\drivers\BrFiltLo.sys 23:50:37.0616 0700 BrFiltLo - ok 23:50:37.0628 0700 BrFiltUp (b114d3098e9bdb8bea8b053685831be6) C:\Windows\system32\drivers\BrFiltUp.sys 23:50:37.0629 0700 BrFiltUp - ok 23:50:37.0650 0700 Brserid (43bea8d483bf1870f018e2d02e06a5bd) C:\Windows\System32\Drivers\Brserid.sys 23:50:37.0659 0700 Brserid - ok 23:50:37.0676 0700 BrSerWdm (a6eca2151b08a09caceca35c07f05b42) C:\Windows\System32\Drivers\BrSerWdm.sys 23:50:37.0682 0700 BrSerWdm - ok 23:50:37.0698 0700 BrUsbMdm (b79968002c277e869cf38bd22cd61524) C:\Windows\System32\Drivers\BrUsbMdm.sys 23:50:37.0702 0700 BrUsbMdm - ok 23:50:37.0713 0700 BrUsbSer (a87528880231c54e75ea7a44943b38bf) C:\Windows\System32\Drivers\BrUsbSer.sys 23:50:37.0717 0700 BrUsbSer - ok 23:50:37.0750 0700 BthEnum (cf98190a94f62e405c8cb255018b2315) C:\Windows\system32\drivers\BthEnum.sys 23:50:37.0754 0700 BthEnum - ok 23:50:37.0770 0700 BTHMODEM (9da669f11d1f894ab4eb69bf546a42e8) C:\Windows\system32\drivers\bthmodem.sys 23:50:37.0774 0700 BTHMODEM - ok 23:50:37.0807 0700 BthPan (02dd601b708dd0667e1331fa8518e9ff) C:\Windows\system32\DRIVERS\bthpan.sys 23:50:37.0808 0700 BthPan - ok 23:50:37.0833 0700 BTHPORT (64c198198501f7560ee41d8d1efa7952) C:\Windows\System32\Drivers\BTHport.sys 23:50:37.0869 0700 BTHPORT - ok 23:50:37.0886 0700 BTHUSB (f188b7394d81010767b6df3178519a37) C:\Windows\System32\Drivers\BTHUSB.sys 23:50:37.0920 0700 BTHUSB - ok 23:50:37.0933 0700 cdfs (b8bd2bb284668c84865658c77574381a) C:\Windows\system32\DRIVERS\cdfs.sys 23:50:37.0934 0700 cdfs - ok 23:50:37.0954 0700 cdrom (f036ce71586e93d94dab220d7bdf4416) C:\Windows\system32\DRIVERS\cdrom.sys 23:50:37.0988 0700 cdrom - ok 23:50:38.0029 0700 cfwids (75f91554e5fa6e962b880405fecc97a1) C:\Windows\system32\drivers\cfwids.sys 23:50:38.0076 0700 cfwids - ok 23:50:38.0097 0700 circlass (d7cd5c4e1b71fa62050515314cfb52cf) C:\Windows\system32\drivers\circlass.sys 23:50:38.0100 0700 circlass - ok 23:50:38.0135 0700 CLFS (fe1ec06f2253f691fe36217c592a0206) C:\Windows\system32\CLFS.sys 23:50:38.0140 0700 CLFS - ok 23:50:38.0164 0700 CmBatt (0840155d0bddf1190f84a663c284bd33) C:\Windows\system32\drivers\CmBatt.sys 23:50:38.0169 0700 CmBatt - ok 23:50:38.0184 0700 cmdide (e19d3f095812725d88f9001985b94edd) C:\Windows\system32\drivers\cmdide.sys 23:50:38.0188 0700 cmdide - ok 23:50:38.0209 0700 CNG (d5fea92400f12412b3922087c09da6a5) C:\Windows\system32\Drivers\cng.sys 23:50:38.0212 0700 CNG - ok 23:50:38.0225 0700 Compbatt (102de219c3f61415f964c88e9085ad14) C:\Windows\system32\drivers\compbatt.sys 23:50:38.0230 0700 Compbatt - ok 23:50:38.0253 0700 CompositeBus (03edb043586cceba243d689bdda370a8) C:\Windows\system32\DRIVERS\CompositeBus.sys 23:50:38.0297 0700 CompositeBus - ok 23:50:38.0310 0700 crcdisk (1c827878a998c18847245fe1f34ee597) C:\Windows\system32\drivers\crcdisk.sys 23:50:38.0312 0700 crcdisk - ok 23:50:38.0338 0700 DfsC (9bb2ef44eaa163b29c4a4587887a0fe4) C:\Windows\system32\Drivers\dfsc.sys 23:50:38.0338 0700 DfsC - ok 23:50:38.0358 0700 discache (13096b05847ec78f0977f2c0f79e9ab3) C:\Windows\system32\drivers\discache.sys 23:50:38.0361 0700 discache - ok 23:50:38.0378 0700 Disk (9819eee8b5ea3784ec4af3b137a5244c) C:\Windows\system32\drivers\disk.sys 23:50:38.0378 0700 Disk - ok 23:50:38.0414 0700 drmkaud (9b19f34400d24df84c858a421c205754) C:\Windows\system32\drivers\drmkaud.sys 23:50:38.0418 0700 drmkaud - ok 23:50:38.0445 0700 DXGKrnl (f5bee30450e18e6b83a5012c100616fd) C:\Windows\System32\drivers\dxgkrnl.sys 23:50:38.0503 0700 DXGKrnl - ok 23:50:38.0532 0700 e1yexpress (50ad8fc1dc800ff36087994c8f7fdff2) C:\Windows\system32\DRIVERS\e1y60x64.sys 23:50:38.0539 0700 e1yexpress - ok 23:50:38.0601 0700 ebdrv (dc5d737f51be844d8c82c695eb17372f) C:\Windows\system32\drivers\evbda.sys 23:50:38.0648 0700 ebdrv - ok 23:50:38.0674 0700 elxstor (0e5da5369a0fcaea12456dd852545184) C:\Windows\system32\drivers\elxstor.sys 23:50:38.0683 0700 elxstor - ok 23:50:38.0697 0700 ErrDev (34a3c54752046e79a126e15c51db409b) C:\Windows\system32\drivers\errdev.sys 23:50:38.0698 0700 ErrDev - ok 23:50:38.0718 0700 exfat (a510c654ec00c1e9bdd91eeb3a59823b) C:\Windows\system32\drivers\exfat.sys 23:50:38.0724 0700 exfat - ok 23:50:38.0743 0700 fastfat (0adc83218b66a6db380c330836f3e36d) C:\Windows\system32\drivers\fastfat.sys 23:50:38.0745 0700 fastfat - ok 23:50:38.0764 0700 fdc (d765d19cd8ef61f650c384f62fac00ab) C:\Windows\system32\drivers\fdc.sys 23:50:38.0767 0700 fdc - ok 23:50:38.0789 0700 FileInfo (655661be46b5f5f3fd454e2c3095b930) C:\Windows\system32\drivers\fileinfo.sys 23:50:38.0790 0700 FileInfo - ok 23:50:38.0802 0700 Filetrace (5f671ab5bc87eea04ec38a6cd5962a47) C:\Windows\system32\drivers\filetrace.sys 23:50:38.0805 0700 Filetrace - ok 23:50:38.0823 0700 flpydisk (c172a0f53008eaeb8ea33fe10e177af5) C:\Windows\system32\drivers\flpydisk.sys 23:50:38.0826 0700 flpydisk - ok 23:50:38.0843 0700 FltMgr (da6b67270fd9db3697b20fce94950741) C:\Windows\system32\drivers\fltmgr.sys 23:50:38.0845 0700 FltMgr - ok 23:50:38.0861 0700 FsDepends (d43703496149971890703b4b1b723eac) C:\Windows\system32\drivers\FsDepends.sys 23:50:38.0864 0700 FsDepends - ok 23:50:38.0882 0700 Fs_Rec (e95ef8547de20cf0603557c0cf7a9462) C:\Windows\system32\drivers\Fs_Rec.sys 23:50:38.0883 0700 Fs_Rec - ok 23:50:38.0903 0700 fvevol (1f7b25b858fa27015169fe95e54108ed) C:\Windows\system32\DRIVERS\fvevol.sys 23:50:38.0905 0700 fvevol - ok 23:50:38.0920 0700 gagp30kx (8c778d335c9d272cfd3298ab02abe3b6) C:\Windows\system32\drivers\gagp30kx.sys 23:50:38.0927 0700 gagp30kx - ok 23:50:38.0971 0700 GEARAspiWDM (e403aacf8c7bb11375122d2464560311) C:\Windows\system32\DRIVERS\GEARAspiWDM.sys 23:50:39.0013 0700 GEARAspiWDM - ok 23:50:39.0042 0700 hcw85cir (f2523ef6460fc42405b12248338ab2f0) C:\Windows\system32\drivers\hcw85cir.sys 23:50:39.0043 0700 hcw85cir - ok 23:50:39.0069 0700 HDAudBus (97bfed39b6b79eb12cddbfeed51f56bb) C:\Windows\system32\DRIVERS\HDAudBus.sys 23:50:39.0070 0700 HDAudBus - ok 23:50:39.0088 0700 HidBatt (78e86380454a7b10a5eb255dc44a355f) C:\Windows\system32\drivers\HidBatt.sys 23:50:39.0091 0700 HidBatt - ok 23:50:39.0106 0700 HidBth (7fd2a313f7afe5c4dab14798c48dd104) C:\Windows\system32\drivers\hidbth.sys 23:50:39.0110 0700 HidBth - ok 23:50:39.0122 0700 HidIr (0a77d29f311b88cfae3b13f9c1a73825) C:\Windows\system32\drivers\hidir.sys 23:50:39.0126 0700 HidIr - ok 23:50:39.0145 0700 HidUsb (9592090a7e2b61cd582b612b6df70536) C:\Windows\system32\DRIVERS\hidusb.sys 23:50:39.0188 0700 HidUsb - ok 23:50:39.0218 0700 HpSAMD (39d2abcd392f3d8a6dce7b60ae7b8efc) C:\Windows\system32\drivers\HpSAMD.sys 23:50:39.0255 0700 HpSAMD - ok 23:50:39.0276 0700 HTTP (0ea7de1acb728dd5a369fd742d6eee28) C:\Windows\system32\drivers\HTTP.sys 23:50:39.0312 0700 HTTP - ok 23:50:39.0329 0700 hwpolicy (a5462bd6884960c9dc85ed49d34ff392) C:\Windows\system32\drivers\hwpolicy.sys 23:50:39.0329 0700 hwpolicy - ok 23:50:39.0349 0700 i8042prt (fa55c73d4affa7ee23ac4be53b4592d3) C:\Windows\system32\drivers\i8042prt.sys 23:50:39.0351 0700 i8042prt - ok 23:50:39.0386 0700 iaStorV (aaaf44db3bd0b9d1fb6969b23ecc8366) C:\Windows\system32\drivers\iaStorV.sys 23:50:39.0436 0700 iaStorV - ok 23:50:39.0450 0700 iirsp (5c18831c61933628f5bb0ea2675b9d21) C:\Windows\system32\drivers\iirsp.sys 23:50:39.0454 0700 iirsp - ok 23:50:39.0509 0700 IntcAzAudAddService (e28edf74900e68184f44cfcdd66f1bc3) C:\Windows\system32\drivers\RTKVHD64.sys 23:50:39.0553 0700 IntcAzAudAddService - ok 23:50:39.0583 0700 intelide (f00f20e70c6ec3aa366910083a0518aa) C:\Windows\system32\DRIVERS\intelide.sys 23:50:39.0583 0700 intelide - ok 23:50:39.0594 0700 intelppm (ada036632c664caa754079041cf1f8c1) C:\Windows\system32\DRIVERS\intelppm.sys 23:50:39.0595 0700 intelppm - ok 23:50:39.0616 0700 IpFilterDriver (c9f0e1bd74365a8771590e9008d22ab6) C:\Windows\system32\DRIVERS\ipfltdrv.sys 23:50:39.0664 0700 IpFilterDriver - ok 23:50:39.0682 0700 IPMIDRV (0fc1aea580957aa8817b8f305d18ca3a) C:\Windows\system32\drivers\IPMIDrv.sys 23:50:39.0715 0700 IPMIDRV - ok 23:50:39.0736 0700 IPNAT (af9b39a7e7b6caa203b3862582e9f2d0) C:\Windows\system32\drivers\ipnat.sys 23:50:39.0741 0700 IPNAT - ok 23:50:39.0776 0700 IRENUM (3abf5e7213eb28966d55d58b515d5ce9) C:\Windows\system32\drivers\irenum.sys 23:50:39.0780 0700 IRENUM - ok 23:50:39.0794 0700 isapnp (2f7b28dc3e1183e5eb418df55c204f38) C:\Windows\system32\drivers\isapnp.sys 23:50:39.0798 0700 isapnp - ok 23:50:39.0816 0700 iScsiPrt (d931d7309deb2317035b07c9f9e6b0bd) C:\Windows\system32\drivers\msiscsi.sys 23:50:39.0872 0700 iScsiPrt - ok 23:50:39.0895 0700 kbdclass (bc02336f1cba7dcc7d1213bb588a68a5) C:\Windows\system32\DRIVERS\kbdclass.sys 23:50:39.0899 0700 kbdclass - ok 23:50:39.0917 0700 kbdhid (0705eff5b42a9db58548eec3b26bb484) C:\Windows\system32\DRIVERS\kbdhid.sys 23:50:39.0951 0700 kbdhid - ok 23:50:39.0966 0700 KSecDD (ccd53b5bd33ce0c889e830d839c8b66e) C:\Windows\system32\Drivers\ksecdd.sys 23:50:39.0966 0700 KSecDD - ok 23:50:39.0982 0700 KSecPkg (9ff918a261752c12639e8ad4208d2c2f) C:\Windows\system32\Drivers\ksecpkg.sys 23:50:39.0983 0700 KSecPkg - ok 23:50:39.0996 0700 ksthunk (6869281e78cb31a43e969f06b57347c4) C:\Windows\system32\drivers\ksthunk.sys 23:50:39.0999 0700 ksthunk - ok 23:50:40.0026 0700 lltdio (1538831cf8ad2979a04c423779465827) C:\Windows\system32\DRIVERS\lltdio.sys 23:50:40.0030 0700 lltdio - ok 23:50:40.0057 0700 LSI_FC (1a93e54eb0ece102495a51266dcdb6a6) C:\Windows\system32\drivers\lsi_fc.sys 23:50:40.0061 0700 LSI_FC - ok 23:50:40.0088 0700 LSI_SAS (1047184a9fdc8bdbff857175875ee810) C:\Windows\system32\drivers\lsi_sas.sys 23:50:40.0092 0700 LSI_SAS - ok 23:50:40.0113 0700 LSI_SAS2 (30f5c0de1ee8b5bc9306c1f0e4a75f93) C:\Windows\system32\drivers\lsi_sas2.sys 23:50:40.0115 0700 LSI_SAS2 - ok 23:50:40.0130 0700 LSI_SCSI (0504eacaff0d3c8aed161c4b0d369d4a) C:\Windows\system32\drivers\lsi_scsi.sys 23:50:40.0134 0700 LSI_SCSI - ok 23:50:40.0152 0700 luafv (43d0f98e1d56ccddb0d5254cff7b356e) C:\Windows\system32\drivers\luafv.sys 23:50:40.0153 0700 luafv - ok 23:50:40.0189 0700 megasas (a55805f747c6edb6a9080d7c633bd0f4) C:\Windows\system32\drivers\megasas.sys 23:50:40.0194 0700 megasas - ok 23:50:40.0217 0700 MegaSR (baf74ce0072480c3b6b7c13b2a94d6b3) C:\Windows\system32\drivers\MegaSR.sys 23:50:40.0225 0700 MegaSR - ok 23:50:40.0248 0700 mfeapfk (eac376dd77ec9e95d38108a27c261dca) C:\Windows\system32\drivers\mfeapfk.sys 23:50:40.0297 0700 mfeapfk - ok 23:50:40.0319 0700 mfeavfk (f55f50b11d635658f346db0457bb2b79) C:\Windows\system32\drivers\mfeavfk.sys 23:50:40.0356 0700 mfeavfk - ok 23:50:40.0364 0700 mfeavfk01 - ok 23:50:40.0395 0700 mfefirek (33b8e35c5839a83d6700aab3e464553b) C:\Windows\system32\drivers\mfefirek.sys 23:50:40.0432 0700 mfefirek - ok 23:50:40.0456 0700 mfehidk (ada8c105c8f9a61284c75157c170585b) C:\Windows\system32\drivers\mfehidk.sys 23:50:40.0459 0700 mfehidk - ok 23:50:40.0467 0700 mfenlfk (c52ee6d1e1e5a69c989acc478051964e) C:\Windows\system32\DRIVERS\mfenlfk.sys 23:50:40.0501 0700 mfenlfk - ok 23:50:40.0514 0700 mferkdet (b000720e19ef733f938a6269d630f5dd) C:\Windows\system32\drivers\mferkdet.sys 23:50:40.0549 0700 mferkdet - ok 23:50:40.0572 0700 mfewfpk (62717ab68b38efee54678b85e19b0538) C:\Windows\system32\drivers\mfewfpk.sys 23:50:40.0573 0700 mfewfpk - ok 23:50:40.0590 0700 Modem (800ba92f7010378b09f9ed9270f07137) C:\Windows\system32\drivers\modem.sys 23:50:40.0592 0700 Modem - ok 23:50:40.0610 0700 monitor (b03d591dc7da45ece20b3b467e6aadaa) C:\Windows\system32\DRIVERS\monitor.sys 23:50:40.0610 0700 monitor - ok 23:50:40.0629 0700 mouclass (7d27ea49f3c1f687d357e77a470aea99) C:\Windows\system32\DRIVERS\mouclass.sys 23:50:40.0634 0700 mouclass - ok 23:50:40.0654 0700 mouhid (d3bf052c40b0c4166d9fd86a4288c1e6) C:\Windows\system32\DRIVERS\mouhid.sys 23:50:40.0660 0700 mouhid - ok 23:50:40.0673 0700 mountmgr (32e7a3d591d671a6df2db515a5cbe0fa) C:\Windows\system32\drivers\mountmgr.sys 23:50:40.0674 0700 mountmgr - ok 23:50:40.0691 0700 mpio (a44b420d30bd56e145d6a2bc8768ec58) C:\Windows\system32\drivers\mpio.sys 23:50:40.0743 0700 mpio - ok 23:50:40.0767 0700 mpsdrv (6c38c9e45ae0ea2fa5e551f2ed5e978f) C:\Windows\system32\drivers\mpsdrv.sys 23:50:40.0772 0700 mpsdrv - ok 23:50:40.0797 0700 MRxDAV (dc722758b8261e1abafd31a3c0a66380) C:\Windows\system32\drivers\mrxdav.sys 23:50:40.0847 0700 MRxDAV - ok 23:50:40.0877 0700 mrxsmb (a5d9106a73dc88564c825d317cac68ac) C:\Windows\system32\DRIVERS\mrxsmb.sys 23:50:40.0878 0700 mrxsmb - ok 23:50:40.0897 0700 mrxsmb10 (d711b3c1d5f42c0c2415687be09fc163) C:\Windows\system32\DRIVERS\mrxsmb10.sys 23:50:40.0899 0700 mrxsmb10 - ok 23:50:40.0913 0700 mrxsmb20 (9423e9d355c8d303e76b8cfbd8a5c30c) C:\Windows\system32\DRIVERS\mrxsmb20.sys 23:50:40.0914 0700 mrxsmb20 - ok 23:50:40.0935 0700 msahci (c25f0bafa182cbca2dd3c851c2e75796) C:\Windows\system32\drivers\msahci.sys 23:50:40.0986 0700 msahci - ok 23:50:41.0009 0700 msdsm (db801a638d011b9633829eb6f663c900) C:\Windows\system32\drivers\msdsm.sys 23:50:41.0051 0700 msdsm - ok 23:50:41.0078 0700 Msfs (aa3fb40e17ce1388fa1bedab50ea8f96) C:\Windows\system32\drivers\Msfs.sys 23:50:41.0079 0700 Msfs - ok 23:50:41.0100 0700 mshidkmdf (f9d215a46a8b9753f61767fa72a20326) C:\Windows\System32\drivers\mshidkmdf.sys 23:50:41.0106 0700 mshidkmdf - ok 23:50:41.0123 0700 msisadrv (d916874bbd4f8b07bfb7fa9b3ccae29d) C:\Windows\system32\drivers\msisadrv.sys 23:50:41.0123 0700 msisadrv - ok 23:50:41.0149 0700 MSKSSRV (49ccf2c4fea34ffad8b1b59d49439366) C:\Windows\system32\drivers\MSKSSRV.sys 23:50:41.0154 0700 MSKSSRV - ok 23:50:41.0180 0700 MSPCLOCK (bdd71ace35a232104ddd349ee70e1ab3) C:\Windows\system32\drivers\MSPCLOCK.sys 23:50:41.0186 0700 MSPCLOCK - ok 23:50:41.0203 0700 MSPQM (4ed981241db27c3383d72092b618a1d0) C:\Windows\system32\drivers\MSPQM.sys 23:50:41.0206 0700 MSPQM - ok 23:50:41.0231 0700 MsRPC (759a9eeb0fa9ed79da1fb7d4ef78866d) C:\Windows\system32\drivers\MsRPC.sys 23:50:41.0233 0700 MsRPC - ok 23:50:41.0253 0700 mssmbios (0eed230e37515a0eaee3c2e1bc97b288) C:\Windows\system32\DRIVERS\mssmbios.sys 23:50:41.0254 0700 mssmbios - ok 23:50:41.0274 0700 MSTEE (2e66f9ecb30b4221a318c92ac2250779) C:\Windows\system32\drivers\MSTEE.sys 23:50:41.0278 0700 MSTEE - ok 23:50:41.0291 0700 MTConfig (7ea404308934e675bffde8edf0757bcd) C:\Windows\system32\drivers\MTConfig.sys 23:50:41.0296 0700 MTConfig - ok 23:50:41.0316 0700 Mup (f9a18612fd3526fe473c1bda678d61c8) C:\Windows\system32\Drivers\mup.sys 23:50:41.0316 0700 Mup - ok 23:50:41.0338 0700 NAL (b5a7ded4455d6d694091827dc91fed99) C:\Windows\system32\Drivers\iqvw64e.sys 23:50:41.0387 0700 NAL - ok 23:50:41.0415 0700 NativeWifiP (1ea3749c4114db3e3161156ffffa6b33) C:\Windows\system32\DRIVERS\nwifi.sys 23:50:41.0422 0700 NativeWifiP - ok 23:50:41.0479 0700 NDIS (79b47fd40d9a817e932f9d26fac0a81c) C:\Windows\system32\drivers\ndis.sys 23:50:41.0485 0700 NDIS - ok 23:50:41.0505 0700 NdisCap (9f9a1f53aad7da4d6fef5bb73ab811ac) C:\Windows\system32\DRIVERS\ndiscap.sys 23:50:41.0511 0700 NdisCap - ok 23:50:41.0526 0700 NdisTapi (30639c932d9fef22b31268fe25a1b6e5) C:\Windows\system32\DRIVERS\ndistapi.sys 23:50:41.0531 0700 NdisTapi - ok 23:50:41.0544 0700 Ndisuio (136185f9fb2cc61e573e676aa5402356) C:\Windows\system32\DRIVERS\ndisuio.sys 23:50:41.0588 0700 Ndisuio - ok 23:50:41.0622 0700 NdisWan (53f7305169863f0a2bddc49e116c2e11) C:\Windows\system32\DRIVERS\ndiswan.sys 23:50:41.0656 0700 NdisWan - ok 23:50:41.0665 0700 NDProxy (015c0d8e0e0421b4cfd48cffe2825879) C:\Windows\system32\drivers\NDProxy.sys 23:50:41.0698 0700 NDProxy - ok 23:50:41.0717 0700 NetBIOS (86743d9f5d2b1048062b14b1d84501c4) C:\Windows\system32\DRIVERS\netbios.sys 23:50:41.0717 0700 NetBIOS - ok 23:50:41.0735 0700 NetBT (09594d1089c523423b32a4229263f068) C:\Windows\system32\DRIVERS\netbt.sys 23:50:41.0785 0700 NetBT - ok 23:50:41.0818 0700 nfrd960 (77889813be4d166cdab78ddba990da92) C:\Windows\system32\drivers\nfrd960.sys 23:50:41.0822 0700 nfrd960 - ok 23:50:41.0831 0700 Npfs (1e4c4ab5c9b8dd13179bbdc75a2a01f7) C:\Windows\system32\drivers\Npfs.sys 23:50:41.0832 0700 Npfs - ok 23:50:41.0869 0700 nsiproxy (e7f5ae18af4168178a642a9247c63001) C:\Windows\system32\drivers\nsiproxy.sys 23:50:41.0872 0700 nsiproxy - ok 23:50:42.0019 0700 Ntfs (a2f74975097f52a00745f9637451fdd8) C:\Windows\system32\drivers\Ntfs.sys 23:50:42.0044 0700 Ntfs - ok 23:50:42.0058 0700 Null (9899284589f75fa8724ff3d16aed75c1) C:\Windows\system32\drivers\Null.sys 23:50:42.0065 0700 Null - ok 23:50:42.0097 0700 NVHDA (6574620a7d7549bb72ea26c162025909) C:\Windows\system32\drivers\nvhda64v.sys 23:50:42.0149 0700 NVHDA - ok 23:50:42.0318 0700 nvlddmkm (68fa1d402873cd7c06096584d8c3c403) C:\Windows\system32\DRIVERS\nvlddmkm.sys 23:50:42.0388 0700 nvlddmkm - ok 23:50:42.0418 0700 nvraid (0a92cb65770442ed0dc44834632f66ad) C:\Windows\system32\drivers\nvraid.sys 23:50:42.0455 0700 nvraid - ok 23:50:42.0483 0700 nvstor (dab0e87525c10052bf65f06152f37e4a) C:\Windows\system32\drivers\nvstor.sys 23:50:42.0520 0700 nvstor - ok 23:50:42.0545 0700 nv_agp (270d7cd42d6e3979f6dd0146650f0e05) C:\Windows\system32\drivers\nv_agp.sys 23:50:42.0551 0700 nv_agp - ok 23:50:42.0596 0700 OA002Afx (226d2c0e1aa9040646d6b158fd344046) C:\Windows\system32\Drivers\OA002Afx.sys 23:50:42.0643 0700 OA002Afx - ok 23:50:42.0655 0700 OA002Ufd (706f5504af9f28c8641dab5eddfde03b) C:\Windows\system32\DRIVERS\OA002Ufd.sys 23:50:42.0690 0700 OA002Ufd - ok 23:50:42.0711 0700 OA002Vid (2ce066adca145892715f1df163d879da) C:\Windows\system32\DRIVERS\OA002Vid.sys 23:50:42.0748 0700 OA002Vid - ok 23:50:42.0757 0700 ohci1394 (3589478e4b22ce21b41fa1bfc0b8b8a0) C:\Windows\system32\drivers\ohci1394.sys 23:50:42.0762 0700 ohci1394 - ok 23:50:42.0794 0700 Packet (99e6aa0ae2d05389ba7f7dff6866b569) C:\Windows\system32\DRIVERS\packet.sys 23:50:42.0828 0700 Packet - ok 23:50:42.0841 0700 Parport (0086431c29c35be1dbc43f52cc273887) C:\Windows\system32\drivers\parport.sys 23:50:42.0845 0700 Parport - ok 23:50:42.0863 0700 partmgr (871eadac56b0a4c6512bbe32753ccf79) C:\Windows\system32\drivers\partmgr.sys 23:50:42.0864 0700 partmgr - ok 23:50:42.0877 0700 pci (94575c0571d1462a0f70bde6bd6ee6b3) C:\Windows\system32\drivers\pci.sys 23:50:42.0878 0700 pci - ok 23:50:42.0901 0700 pciide (b5b8b5ef2e5cb34df8dcf8831e3534fa) C:\Windows\system32\drivers\pciide.sys 23:50:42.0901 0700 pciide - ok 23:50:42.0918 0700 pcmcia (b2e81d4e87ce48589f98cb8c05b01f2f) C:\Windows\system32\drivers\pcmcia.sys 23:50:42.0922 0700 pcmcia - ok 23:50:42.0945 0700 pcw (d6b9c2e1a11a3a4b26a182ffef18f603) C:\Windows\system32\drivers\pcw.sys 23:50:42.0945 0700 pcw - ok 23:50:42.0965 0700 PEAUTH (68769c3356b3be5d1c732c97b9a80d6e) C:\Windows\system32\drivers\peauth.sys 23:50:42.0979 0700 PEAUTH - ok 23:50:43.0042 0700 PptpMiniport (f92a2c41117a11a00be01ca01a7fcde9) C:\Windows\system32\DRIVERS\raspptp.sys 23:50:43.0088 0700 PptpMiniport - ok 23:50:43.0097 0700 Processor (0d922e23c041efb1c3fac2a6f943c9bf) C:\Windows\system32\drivers\processr.sys 23:50:43.0100 0700 Processor - ok 23:50:43.0128 0700 Psched (0557cf5a2556bd58e26384169d72438d) C:\Windows\system32\DRIVERS\pacer.sys 23:50:43.0129 0700 Psched - ok 23:50:43.0167 0700 PxHlpa64 (46851bc18322da70f3f2299a1007c479) C:\Windows\system32\Drivers\PxHlpa64.sys 23:50:43.0168 0700 PxHlpa64 - ok 23:50:43.0210 0700 ql2300 (a53a15a11ebfd21077463ee2c7afeef0) C:\Windows\system32\drivers\ql2300.sys 23:50:43.0240 0700 ql2300 - ok 23:50:43.0250 0700 ql40xx (4f6d12b51de1aaeff7dc58c4d75423c8) C:\Windows\system32\drivers\ql40xx.sys 23:50:43.0252 0700 ql40xx - ok 23:50:43.0271 0700 QWAVEdrv (76707bb36430888d9ce9d705398adb6c) C:\Windows\system32\drivers\qwavedrv.sys 23:50:43.0276 0700 QWAVEdrv - ok 23:50:43.0290 0700 RasAcd (5a0da8ad5762fa2d91678a8a01311704) C:\Windows\system32\DRIVERS\rasacd.sys 23:50:43.0294 0700 RasAcd - ok 23:50:43.0312 0700 RasAgileVpn (7ecff9b22276b73f43a99a15a6094e90) C:\Windows\system32\DRIVERS\AgileVpn.sys 23:50:43.0315 0700 RasAgileVpn - ok 23:50:43.0329 0700 Rasl2tp (471815800ae33e6f1c32fb1b97c490ca) C:\Windows\system32\DRIVERS\rasl2tp.sys 23:50:43.0375 0700 Rasl2tp - ok 23:50:43.0389 0700 RasPppoe (855c9b1cd4756c5e9a2aa58a15f58c25) C:\Windows\system32\DRIVERS\raspppoe.sys 23:50:43.0394 0700 RasPppoe - ok 23:50:43.0410 0700 RasSstp (e8b1e447b008d07ff47d016c2b0eeecb) C:\Windows\system32\DRIVERS\rassstp.sys 23:50:43.0413 0700 RasSstp - ok 23:50:43.0429 0700 rdbss (77f665941019a1594d887a74f301fa2f) C:\Windows\system32\DRIVERS\rdbss.sys 23:50:43.0430 0700 rdbss - ok 23:50:43.0453 0700 rdpbus (302da2a0539f2cf54d7c6cc30c1f2d8d) C:\Windows\system32\drivers\rdpbus.sys 23:50:43.0457 0700 rdpbus - ok 23:50:43.0471 0700 RDPCDD (cea6cc257fc9b7715f1c2b4849286d24) C:\Windows\system32\DRIVERS\RDPCDD.sys 23:50:43.0474 0700 RDPCDD - ok 23:50:43.0490 0700 RDPENCDD (bb5971a4f00659529a5c44831af22365) C:\Windows\system32\drivers\rdpencdd.sys 23:50:43.0493 0700 RDPENCDD - ok 23:50:43.0504 0700 RDPREFMP (216f3fa57533d98e1f74ded70113177a) C:\Windows\system32\drivers\rdprefmp.sys 23:50:43.0506 0700 RDPREFMP - ok 23:50:43.0527 0700 RDPWD (15b66c206b5cb095bab980553f38ed23) C:\Windows\system32\drivers\RDPWD.sys 23:50:43.0578 0700 RDPWD - ok 23:50:43.0598 0700 rdyboost (34ed295fa0121c241bfef24764fc4520) C:\Windows\system32\drivers\rdyboost.sys 23:50:43.0599 0700 rdyboost - ok 23:50:43.0641 0700 RFCOMM (3dd798846e2c28102b922c56e71b7932) C:\Windows\system32\DRIVERS\rfcomm.sys 23:50:43.0648 0700 RFCOMM - ok 23:50:43.0676 0700 rspndr (ddc86e4f8e7456261e637e3552e804ff) C:\Windows\system32\DRIVERS\rspndr.sys 23:50:43.0680 0700 rspndr - ok 23:50:43.0692 0700 sbp2port (ac03af3329579fffb455aa2daabbe22b) C:\Windows\system32\drivers\sbp2port.sys 23:50:43.0743 0700 sbp2port - ok 23:50:43.0764 0700 scfilter (253f38d0d7074c02ff8deb9836c97d2b) C:\Windows\system32\DRIVERS\scfilter.sys 23:50:43.0801 0700 scfilter - ok 23:50:43.0824 0700 secdrv (3ea8a16169c26afbeb544e0e48421186) C:\Windows\system32\drivers\secdrv.sys 23:50:43.0827 0700 secdrv - ok 23:50:43.0838 0700 Serenum (cb624c0035412af0debec78c41f5ca1b) C:\Windows\system32\drivers\serenum.sys 23:50:43.0840 0700 Serenum - ok 23:50:43.0864 0700 Serial (c1d8e28b2c2adfaec4ba89e9fda69bd6) C:\Windows\system32\drivers\serial.sys 23:50:43.0867 0700 Serial - ok 23:50:43.0887 0700 sermouse (1c545a7d0691cc4a027396535691c3e3) C:\Windows\system32\drivers\sermouse.sys 23:50:43.0891 0700 sermouse - ok 23:50:43.0929 0700 sffdisk (a554811bcd09279536440c964ae35bbf) C:\Windows\system32\drivers\sffdisk.sys 23:50:43.0934 0700 sffdisk - ok 23:50:43.0952 0700 sffp_mmc (ff414f0baefeba59bc6c04b3db0b87bf) C:\Windows\system32\drivers\sffp_mmc.sys 23:50:43.0957 0700 sffp_mmc - ok 23:50:43.0966 0700 sffp_sd (dd85b78243a19b59f0637dcf284da63c) C:\Windows\system32\drivers\sffp_sd.sys 23:50:44.0011 0700 sffp_sd - ok 23:50:44.0028 0700 sfloppy (a9d601643a1647211a1ee2ec4e433ff4) C:\Windows\system32\drivers\sfloppy.sys 23:50:44.0031 0700 sfloppy - ok 23:50:44.0048 0700 SiSRaid2 (843caf1e5fde1ffd5ff768f23a51e2e1) C:\Windows\system32\drivers\SiSRaid2.sys 23:50:44.0052 0700 SiSRaid2 - ok 23:50:44.0066 0700 SiSRaid4 (6a6c106d42e9ffff8b9fcb4f754f6da4) C:\Windows\system32\drivers\sisraid4.sys 23:50:44.0070 0700 SiSRaid4 - ok 23:50:44.0088 0700 Smb (548260a7b8654e024dc30bf8a7c5baa4) C:\Windows\system32\DRIVERS\smb.sys 23:50:44.0093 0700 Smb - ok 23:50:44.0114 0700 spldr (b9e31e5cacdfe584f34f730a677803f9) C:\Windows\system32\drivers\spldr.sys 23:50:44.0114 0700 spldr - ok 23:50:44.0143 0700 srv (441fba48bff01fdb9d5969ebc1838f0b) C:\Windows\system32\DRIVERS\srv.sys 23:50:44.0145 0700 srv - ok 23:50:44.0165 0700 srv2 (b4adebbf5e3677cce9651e0f01f7cc28) C:\Windows\system32\DRIVERS\srv2.sys 23:50:44.0168 0700 srv2 - ok 23:50:44.0184 0700 srvnet (27e461f0be5bff5fc737328f749538c3) C:\Windows\system32\DRIVERS\srvnet.sys 23:50:44.0186 0700 srvnet - ok 23:50:44.0207 0700 stexstor (f3817967ed533d08327dc73bc4d5542a) C:\Windows\system32\drivers\stexstor.sys 23:50:44.0212 0700 stexstor - ok 23:50:44.0235 0700 swenum (d01ec09b6711a5f8e7e6564a4d0fbc90) C:\Windows\system32\DRIVERS\swenum.sys 23:50:44.0236 0700 swenum - ok 23:50:44.0303 0700 Tcpip (f0e98c00a09fdf791525829a1d14240f) C:\Windows\system32\drivers\tcpip.sys 23:50:44.0332 0700 Tcpip - ok 23:50:44.0386 0700 TCPIP6 (f0e98c00a09fdf791525829a1d14240f) C:\Windows\system32\DRIVERS\tcpip.sys 23:50:44.0397 0700 TCPIP6 - ok 23:50:44.0434 0700 tcpipreg (df687e3d8836bfb04fcc0615bf15a519) C:\Windows\system32\drivers\tcpipreg.sys 23:50:44.0482 0700 tcpipreg - ok 23:50:44.0503 0700 TDPIPE (3371d21011695b16333a3934340c4e7c) C:\Windows\system32\drivers\tdpipe.sys 23:50:44.0508 0700 TDPIPE - ok 23:50:44.0526 0700 TDTCP (e4245bda3190a582d55ed09e137401a9) C:\Windows\system32\drivers\tdtcp.sys 23:50:44.0528 0700 TDTCP - ok 23:50:44.0544 0700 tdx (ddad5a7ab24d8b65f8d724f5c20fd806) C:\Windows\system32\DRIVERS\tdx.sys 23:50:44.0577 0700 tdx - ok 23:50:44.0595 0700 TermDD (561e7e1f06895d78de991e01dd0fb6e5) C:\Windows\system32\DRIVERS\termdd.sys 23:50:44.0622 0700 TermDD - ok 23:50:44.0645 0700 tssecsrv (ce18b2cdfc837c99e5fae9ca6cba5d30) C:\Windows\system32\DRIVERS\tssecsrv.sys 23:50:44.0679 0700 tssecsrv - ok 23:50:44.0697 0700 TsUsbFlt (d11c783e3ef9a3c52c0ebe83cc5000e9) C:\Windows\system32\drivers\tsusbflt.sys 23:50:44.0731 0700 TsUsbFlt - ok 23:50:44.0745 0700 TsUsbGD (9cc2ccae8a84820eaecb886d477cbcb8) C:\Windows\system32\drivers\TsUsbGD.sys 23:50:44.0778 0700 TsUsbGD - ok 23:50:44.0799 0700 tunnel (3566a8daafa27af944f5d705eaa64894) C:\Windows\system32\DRIVERS\tunnel.sys 23:50:44.0833 0700 tunnel - ok 23:50:44.0849 0700 uagp35 (b4dd609bd7e282bfc683cec7eaaaad67) C:\Windows\system32\drivers\uagp35.sys 23:50:44.0853 0700 uagp35 - ok 23:50:44.0874 0700 udfs (ff4232a1a64012baa1fd97c7b67df593) C:\Windows\system32\DRIVERS\udfs.sys 23:50:44.0929 0700 udfs - ok 23:50:44.0949 0700 uliagpkx (4bfe1bc28391222894cbf1e7d0e42320) C:\Windows\system32\drivers\uliagpkx.sys 23:50:44.0953 0700 uliagpkx - ok 23:50:44.0962 0700 umbus (dc54a574663a895c8763af0fa1ff7561) C:\Windows\system32\DRIVERS\umbus.sys 23:50:44.0995 0700 umbus - ok 23:50:45.0019 0700 UmPass (b2e8e8cb557b156da5493bbddcc1474d) C:\Windows\system32\drivers\umpass.sys 23:50:45.0021 0700 UmPass - ok 23:50:45.0060 0700 usbaudio (82e8f44688e6fac57b5b7c6fc7adbc2a) C:\Windows\system32\drivers\usbaudio.sys 23:50:45.0103 0700 usbaudio - ok 23:50:45.0159 0700 usbccgp (6f1a3157a1c89435352ceb543cdb359c) C:\Windows\system32\DRIVERS\usbccgp.sys 23:50:45.0209 0700 usbccgp - ok 23:50:45.0247 0700 usbcir (af0892a803fdda7492f595368e3b68e7) C:\Windows\system32\drivers\usbcir.sys 23:50:45.0251 0700 usbcir - ok 23:50:45.0277 0700 usbehci (c025055fe7b87701eb042095df1a2d7b) C:\Windows\system32\drivers\usbehci.sys 23:50:45.0330 0700 usbehci - ok 23:50:45.0350 0700 usbhub (287c6c9410b111b68b52ca298f7b8c24) C:\Windows\system32\DRIVERS\usbhub.sys 23:50:45.0387 0700 usbhub - ok 23:50:45.0409 0700 usbohci (9840fc418b4cbd632d3d0a667a725c31) C:\Windows\system32\drivers\usbohci.sys 23:50:45.0443 0700 usbohci - ok 23:50:45.0456 0700 usbprint (73188f58fb384e75c4063d29413cee3d) C:\Windows\system32\drivers\usbprint.sys 23:50:45.0458 0700 usbprint - ok 23:50:45.0474 0700 USBSTOR (fed648b01349a3c8395a5169db5fb7d6) C:\Windows\system32\drivers\USBSTOR.SYS 23:50:45.0475 0700 USBSTOR - ok 23:50:45.0494 0700 usbuhci (62069a34518bcf9c1fd9e74b3f6db7cd) C:\Windows\system32\drivers\usbuhci.sys 23:50:45.0544 0700 usbuhci - ok 23:50:45.0561 0700 vdrvroot (c5c876ccfc083ff3b128f933823e87bd) C:\Windows\system32\drivers\vdrvroot.sys 23:50:45.0562 0700 vdrvroot - ok 23:50:45.0578 0700 vga (da4da3f5e02943c2dc8c6ed875de68dd) C:\Windows\system32\DRIVERS\vgapnp.sys 23:50:45.0581 0700 vga - ok 23:50:45.0593 0700 VgaSave (53e92a310193cb3c03bea963de7d9cfc) C:\Windows\System32\drivers\vga.sys 23:50:45.0597 0700 VgaSave - ok 23:50:45.0616 0700 vhdmp (2ce2df28c83aeaf30084e1b1eb253cbb) C:\Windows\system32\drivers\vhdmp.sys 23:50:45.0655 0700 vhdmp - ok 23:50:45.0674 0700 viaide (e5689d93ffe4e5d66c0178761240dd54) C:\Windows\system32\drivers\viaide.sys 23:50:45.0678 0700 viaide - ok 23:50:45.0697 0700 volmgr (d2aafd421940f640b407aefaaebd91b0) C:\Windows\system32\drivers\volmgr.sys 23:50:45.0697 0700 volmgr - ok 23:50:45.0712 0700 volmgrx (a255814907c89be58b79ef2f189b843b) C:\Windows\system32\drivers\volmgrx.sys 23:50:45.0714 0700 volmgrx - ok 23:50:45.0731 0700 volsnap (0d08d2f3b3ff84e433346669b5e0f639) C:\Windows\system32\drivers\volsnap.sys 23:50:45.0733 0700 volsnap - ok 23:50:45.0753 0700 vsmraid (5e2016ea6ebaca03c04feac5f330d997) C:\Windows\system32\drivers\vsmraid.sys 23:50:45.0758 0700 vsmraid - ok 23:50:45.0769 0700 vwifibus (36d4720b72b5c5d9cb2b9c29e9df67a1) C:\Windows\System32\drivers\vwifibus.sys 23:50:45.0771 0700 vwifibus - ok 23:50:45.0791 0700 WacomPen (4e9440f4f152a7b944cb1663d3935a3e) C:\Windows\system32\drivers\wacompen.sys 23:50:45.0796 0700 WacomPen - ok 23:50:45.0820 0700 WANARP (356afd78a6ed4457169241ac3965230c) C:\Windows\system32\DRIVERS\wanarp.sys 23:50:45.0856 0700 WANARP - ok 23:50:45.0860 0700 Wanarpv6 (356afd78a6ed4457169241ac3965230c) C:\Windows\system32\DRIVERS\wanarp.sys 23:50:45.0860 0700 Wanarpv6 - ok 23:50:45.0877 0700 Wd (72889e16ff12ba0f235467d6091b17dc) C:\Windows\system32\drivers\wd.sys 23:50:45.0880 0700 Wd - ok 23:50:45.0900 0700 Wdf01000 (441bd2d7b4f98134c3a4f9fa570fd250) C:\Windows\system32\drivers\Wdf01000.sys 23:50:45.0903 0700 Wdf01000 - ok 23:50:45.0925 0700 WfpLwf (611b23304bf067451a9fdee01fbdd725) C:\Windows\system32\DRIVERS\wfplwf.sys 23:50:45.0927 0700 WfpLwf - ok 23:50:45.0941 0700 WIMMount (05ecaec3e4529a7153b3136ceb49f0ec) C:\Windows\system32\drivers\wimmount.sys 23:50:45.0944 0700 WIMMount - ok 23:50:45.0967 0700 WmiAcpi (f6ff8944478594d0e414d3f048f0d778) C:\Windows\system32\drivers\wmiacpi.sys 23:50:45.0971 0700 WmiAcpi - ok 23:50:45.0992 0700 ws2ifsl (6bcc1d7d2fd2453957c5479a32364e52) C:\Windows\system32\drivers\ws2ifsl.sys 23:50:45.0995 0700 ws2ifsl - ok 23:50:46.0023 0700 WudfPf (d3381dc54c34d79b22cee0d65ba91b7c) C:\Windows\system32\drivers\WudfPf.sys 23:50:46.0059 0700 WudfPf - ok 23:50:46.0078 0700 WUDFRd (cf8d590be3373029d57af80914190682) C:\Windows\system32\DRIVERS\WUDFRd.sys 23:50:46.0112 0700 WUDFRd - ok 23:50:46.0145 0700 MBR (0x1B8) (a36c5e4f47e84449ff07ed3517b43a31) \Device\Harddisk0\DR0 23:50:46.0154 0700 \Device\Harddisk0\DR0 - ok 23:50:46.0170 0700 Boot (0x1200) (60192bcf7fd244640006da84530b60d9) \Device\Harddisk0\DR0\Partition0 23:50:46.0171 0700 \Device\Harddisk0\DR0\Partition0 - ok 23:50:46.0174 0700 Boot (0x1200) (38c6d131303b09707be65fd453d7da01) \Device\Harddisk0\DR0\Partition1 23:50:46.0175 0700 \Device\Harddisk0\DR0\Partition1 - ok 23:50:46.0175 0700 ============================================================ 23:50:46.0175 0700 Scan finished 23:50:46.0175 0700 ============================================================ 23:50:46.0184 6196 Detected object count: 0 23:50:46.0184 6196 Actual detected object count: 0
  6. I've had malwarebytes free version for several months and have run several complete scans. This week I started have problems where I try to run a full scan, and it only takes 15-18 seconds to run. I suspect that I have an infection that is preventing the full scan from running. I ran the DDS script, I'm posting the DDS results below and have attached the attach log. Please let me know if there is any more information I can provide. Thanks for reading. . DDS (Ver_2011-08-26.01) - NTFSAMD64 Internet Explorer: 8.0.7601.17514 Run by Frank at 0:06:36 on 2011-10-17 Microsoft Windows 7 Home Premium 6.1.7601.1.1252.1.1033.18.12279.9914 [GMT -4:00] . AV: McAfee Anti-Virus and Anti-Spyware *Enabled/Updated* {86355677-4064-3EA7-ABB3-1B136EB04637} SP: Windows Defender *Disabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46} SP: McAfee Anti-Virus and Anti-Spyware *Enabled/Updated* {3D54B793-665E-3129-9103-206115370C8A} FW: McAfee Firewall *Enabled* {BE0ED752-0A0B-3FFF-80EC-B2269063014C} . ============== Running Processes =============== . C:\Windows\system32\wininit.exe C:\Windows\system32\lsm.exe C:\Windows\system32\svchost.exe -k DcomLaunch C:\Windows\system32\nvvsvc.exe C:\Windows\system32\svchost.exe -k RPCSS C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted C:\Windows\system32\svchost.exe -k netsvcs C:\Windows\system32\svchost.exe -k LocalService C:\Program Files\Dell\DellDock\DockLogin.exe C:\Windows\system32\nvvsvc.exe C:\Windows\system32\svchost.exe -k NetworkService C:\Windows\System32\spoolsv.exe C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork C:\Program Files\Realtek\Audio\HDA\AERTSr64.exe C:\Program Files (x86)\Apache Software Foundation\Apache2.2\bin\httpd.exe C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe C:\Program Files (x86)\Bonjour\mDNSResponder.exe C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation c:\Program Files (x86)\Common Files\Dell\Advanced Networking Service\hnm_svc.exe C:\Program Files (x86)\iYogi Support Dock\pccare\IYSODefragSrv64.exe C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe C:\Program Files (x86)\Memeo\AutoBackup\MemeoBackgroundService.exe C:\Windows\system32\rundll32.exe C:\Windows\SysWOW64\rundll32.exe C:\Program Files (x86)\Apache Software Foundation\Apache2.2\bin\httpd.exe C:\Program Files\Common Files\McAfee\SystemCore\mfevtps.exe C:\Program Files (x86)\MySQL\MySQL Server 5.1\bin\mysqld.exe C:\Windows\system32\taskhost.exe C:\Program Files (x86)\Seagate\Seagate Dashboard\SeagateDashboardService.exe C:\Windows\system32\Dwm.exe C:\Windows\Explorer.EXE C:\Program Files (x86)\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe C:\Program Files (x86)\iYogi Support Dock\Services\CommAgent\SupportDockService.exe C:\Program Files\Common Files\McAfee\SystemCore\mcshield.exe C:\Program Files\Common Files\McAfee\SystemCore\mfefire.exe C:\Windows\system32\svchost.exe -k bthsvcs C:\Windows\system32\WUDFHost.exe C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted C:\Windows\System32\rundll32.exe C:\Windows\SysWOW64\rundll32.exe C:\Windows\SysWOW64\rundll32.exe C:\Windows\system32\SearchIndexer.exe C:\Program Files\Windows Media Player\wmpnetwk.exe C:\Program Files (x86)\Dell Support Center\bin\sprtcmd.exe C:\Program Files (x86)\iTunes\iTunesHelper.exe C:\Program Files\iPod\bin\iPodService.exe C:\Windows\System32\svchost.exe -k LocalServicePeerNet C:\Program Files (x86)\Internet Explorer\iexplore.exe C:\Program Files (x86)\Internet Explorer\iexplore.exe C:\Windows\SysWOW64\Macromed\Flash\FlashUtil10w_ActiveX.exe C:\Program Files (x86)\Dell Support Center\bin\sprtsvc.exe C:\Windows\system32\wuauclt.exe C:\Program Files (x86)\Internet Explorer\IELowutil.exe C:\Windows\SysWOW64\rundll32.exe C:\Windows\SysWOW64\rundll32.exe C:\Program Files\McAfee.com\Agent\mcagent.exe C:\Windows\system32\SearchProtocolHost.exe C:\Windows\system32\SearchFilterHost.exe C:\Program Files (x86)\Internet Explorer\iexplore.exe C:\Program Files (x86)\Internet Explorer\iexplore.exe C:\Windows\system32\DllHost.exe C:\Windows\system32\DllHost.exe C:\Windows\SysWOW64\cmd.exe C:\Windows\system32\conhost.exe C:\Windows\SysWOW64\cscript.exe C:\Windows\system32\wbem\wmiprvse.exe . ============== Pseudo HJT Report =============== . uSearch Bar = Preserve uInternet Settings,ProxyOverride = *.local uInternet Settings,ProxyServer = http=127.0.0.1:61556 mWinlogon: Userinit=userinit.exe, BHO: {050e78c9-c3e9-4f76-b193-f302050750b0} - C:\Users\Frank\AppData\Local\TCPIPUser.dll BHO: ContributeBHO Class: {074c1dc5-9320-4a9a-947d-c042949c6216} - C:\Program Files (x86)\Adobe\/Adobe Contribute CS4/contributeieplugin.dll BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll BHO: McAfee Phishing Filter: {27b4851a-3207-45a2-b947-be8afe6163ab} - c:\progra~1\mcafee\msk\mskapbho.dll BHO: {5C255C8A-E604-49b4-9D64-90988571CECB} - No File BHO: Search Helper: {6ebf7485-159f-4bff-a14f-b9e3aac4465b} - C:\Program Files (x86)\Microsoft\Search Enhancement Pack\Search Helper\SearchHelper.dll BHO: scriptproxy: {7db2d5a0-7241-4e79-b68d-6309f01c5231} - C:\Program Files (x86)\Common Files\McAfee\SystemCore\ScriptSn.20111010212504.dll BHO: Windows Live Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll BHO: Adobe PDF Conversion Toolbar Helper: {ae7cd045-e861-484f-8273-0445ee161910} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll BHO: Skype add-on for Internet Explorer: {ae805869-2e5c-4ed4-8f7b-f1f7851a4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll BHO: McAfee SiteAdvisor BHO: {b164e929-a1b6-4a06-b104-2cd0e90a88ff} - c:\PROGRA~2\mcafee\SITEAD~1\mcieplg.dll BHO: Java Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll BHO: Windows Live Toolbar Helper: {e15a8dc0-8516-42a1-81ea-dc94ec1acf10} - C:\Program Files (x86)\Windows Live\Toolbar\wltcore.dll BHO: SmartSelect Class: {f4971ee7-daa0-4053-9964-665d8ee6a077} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll TB: McAfee SiteAdvisor Toolbar: {0ebbbe48-bad4-4b4c-8e5a-516abecae064} - c:\PROGRA~2\mcafee\SITEAD~1\mcieplg.dll TB: &Windows Live Toolbar: {21fa44ef-376d-4d53-9b0f-8a89d3229068} - C:\Program Files (x86)\Windows Live\Toolbar\wltcore.dll TB: Adobe PDF: {47833539-d0c5-4125-9fa8-0819e2eaac93} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll TB: Contribute Toolbar: {517bdde4-e3a7-4570-b21e-2b52b6139fc7} - C:\Program Files (x86)\Adobe\/Adobe Contribute CS4/contributeieplugin.dll TB: {2318C2B1-4965-11D4-9B18-009027A5CD4F} - No File uRun: [Google Update] "C:\Users\Frank\AppData\Local\Google\Update\GoogleUpdate.exe" /c uRun: [Macromedia Update] rundll32 "C:\Users\Frank\AppData\Local\Citrix\CitrixUpdate\Citrixupdt32.DLL",DllRegisterServer uRun: [GoogleServiceManager] rundll32.exe "C:\ProgramData\GoogleServiceManager.dll",DllRegisterServer uRun: [Widcomm Update] rundll32 "C:\Users\Frank\AppData\Local\{6F88E8DB-2957-4C40-9F2C-88B4C1F2E382}\{6F88E8DB-2957-4C40-9F2C-88B4C1F2E382}Update\{6F88E8DB-2957-4C40-9F2C-88B4C1F2E382}updt32.DLL",DllRegisterServer mRun: [<NO NAME>] mRun: [iYogi Support Dock] "C:\Program Files (x86)\iYogi Support Dock\iYogiSupportDock.exe" mRun: [dellsupportcenter] "C:\Program Files (x86)\Dell Support Center\bin\sprtcmd.exe" /P dellsupportcenter mRun: [QuickTime Task] "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime mRun: [iTunesHelper] "C:\Program Files (x86)\iTunes\iTunesHelper.exe" mRun: [mcui_exe] "C:\Program Files\McAfee.com\Agent\mcagent.exe" /runkey mRunOnce: [Malwarebytes' Anti-Malware] C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe /install /silent dRun: [bomgar_Cleanup_ZD6127729553] cmd.exe /C rd /S /Q "C:\ProgramData\bomgar-scc-000000004E4EFF19" & reg delete HKCU\Software\Microsoft\Windows\CurrentVersion\Run /v Bomgar_Cleanup_ZD6127729553 /f mPolicies-explorer: NoActiveDesktop = 1 (0x1) mPolicies-explorer: NoActiveDesktopChanges = 1 (0x1) mPolicies-system: ConsentPromptBehaviorAdmin = 5 (0x5) mPolicies-system: ConsentPromptBehaviorUser = 3 (0x3) mPolicies-system: EnableUIADesktopToggle = 0 (0x0) IE: Google Sidewiki... - C:\Program Files (x86)\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_7461B1589E8B4FB7.dll/cmsidewiki.html IE: {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - C:\PROGRA~2\MICROS~2\Office12\ONBttnIE.dll IE: {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - C:\PROGRA~2\MICROS~2\Office12\REFIEBAR.DLL DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_18-windows-i586.cab DPF: {CAFEEFAC-0016-0000-0018-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_18-windows-i586.cab DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_18-windows-i586.cab TCP: DhcpNameServer = 192.168.2.1 TCP: Interfaces\{5B7D1044-0A8B-48AC-A118-CE09FDDB87B5} : DhcpNameServer = 192.168.2.1 Filter: application/x-mfe-ipt - {3EF5086B-5478-4598-A054-786C45D75692} - c:\PROGRA~2\McAfee\MSC\McSnIePl.dll Handler: dssrequest - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\PROGRA~2\McAfee\SITEAD~1\McIEPlg.dll Handler: sacore - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\PROGRA~2\McAfee\SITEAD~1\McIEPlg.dll Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~2\COMMON~1\Skype\SKYPE4~1.DLL C:\Users\Frank\AppData\Local\TCPIPUser.dll BHO-X64: ContributeBHO Class: {074C1DC5-9320-4A9A-947D-C042949C6216} - C:\Program Files (x86)\Adobe\/Adobe Contribute CS4/contributeieplugin.dll BHO-X64: Adobe PDF Link Helper: {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll BHO-X64: AcroIEHelperStub - No File BHO-X64: McAfee Phishing Filter: {27B4851A-3207-45A2-B947-BE8AFE6163AB} - c:\progra~1\mcafee\msk\mskapbho.dll BHO-X64: McAfee Phishing Filter - No File BHO-X64: {5C255C8A-E604-49b4-9D64-90988571CECB} - No File BHO-X64: Search Helper: {6EBF7485-159F-4bff-A14F-B9E3AAC4465B} - C:\Program Files (x86)\Microsoft\Search Enhancement Pack\Search Helper\SearchHelper.dll BHO-X64: Search Helper - No File BHO-X64: scriptproxy: {7DB2D5A0-7241-4E79-B68D-6309F01C5231} - C:\Program Files (x86)\Common Files\McAfee\SystemCore\ScriptSn.20111010212504.dll BHO-X64: scriptproxy - No File BHO-X64: Windows Live Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll BHO-X64: Adobe PDF Conversion Toolbar Helper: {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll BHO-X64: Skype add-on for Internet Explorer: {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll BHO-X64: SkypeIEPluginBHO - No File BHO-X64: McAfee SiteAdvisor BHO: {B164E929-A1B6-4A06-B104-2CD0E90A88FF} - c:\PROGRA~2\mcafee\SITEAD~1\mcieplg.dll BHO-X64: Java Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll BHO-X64: Windows Live Toolbar Helper: {E15A8DC0-8516-42A1-81EA-DC94EC1ACF10} - C:\Program Files (x86)\Windows Live\Toolbar\wltcore.dll BHO-X64: SmartSelect Class: {F4971EE7-DAA0-4053-9964-665D8EE6A077} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll BHO-X64: SmartSelect - No File TB-X64: McAfee SiteAdvisor Toolbar: {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - c:\PROGRA~2\mcafee\SITEAD~1\mcieplg.dll TB-X64: &Windows Live Toolbar: {21FA44EF-376D-4D53-9B0F-8A89D3229068} - C:\Program Files (x86)\Windows Live\Toolbar\wltcore.dll TB-X64: Adobe PDF: {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll TB-X64: Contribute Toolbar: {517BDDE4-E3A7-4570-B21E-2B52B6139FC7} - C:\Program Files (x86)\Adobe\/Adobe Contribute CS4/contributeieplugin.dll TB-X64: {2318C2B1-4965-11D4-9B18-009027A5CD4F} - No File mRun-x64: [(Default)] mRun-x64: [iYogi Support Dock] "C:\Program Files (x86)\iYogi Support Dock\iYogiSupportDock.exe" mRun-x64: [dellsupportcenter] "C:\Program Files (x86)\Dell Support Center\bin\sprtcmd.exe" /P dellsupportcenter mRun-x64: [QuickTime Task] "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime mRun-x64: [iTunesHelper] "C:\Program Files (x86)\iTunes\iTunesHelper.exe" mRun-x64: [mcui_exe] "C:\Program Files\McAfee.com\Agent\mcagent.exe" /runkey mRunOnce-x64: [Malwarebytes' Anti-Malware] C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe /install /silent IE-X64: {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm . ================= FIREFOX =================== . FF - ProfilePath - C:\Users\Frank\AppData\Roaming\Mozilla\Firefox\Profiles\ibbn5jll.default\ FF - prefs.js: network.proxy.http - 127.0.0.1 FF - prefs.js: network.proxy.http_port - 61556 FF - prefs.js: network.proxy.type - 1 FF - plugin: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll FF - plugin: C:\Users\Frank\AppData\Local\Google\Update\1.3.21.57\npGoogleUpdate3.dll FF - Ext: Default: {972ce4c6-7e08-4474-a285-3208198ce6fd} - C:\Program Files (x86)\Mozilla Firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd} FF - Ext: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension FF - Ext: McAfee SiteAdvisor: {B7082FAA-CB62-4872-9106-E42DD88EDE45} - C:\Program Files (x86)\McAfee\SiteAdvisor FF - Ext: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - %profile%\extensions\{20a82645-c095-46ed-80e3-08825760534b} FF - Ext: XULRunner: {6F88E8DB-2957-4C40-9F2C-88B4C1F2E382} - C:\Users\Frank\AppData\Local\{6F88E8DB-2957-4C40-9F2C-88B4C1F2E382} . ============= SERVICES / DRIVERS =============== . R0 mfehidk;McAfee Inc. mfehidk;C:\Windows\system32\drivers\mfehidk.sys --> C:\Windows\system32\drivers\mfehidk.sys [?] R0 mfewfpk;McAfee Inc. mfewfpk;C:\Windows\system32\drivers\mfewfpk.sys --> C:\Windows\system32\drivers\mfewfpk.sys [?] R0 PxHlpa64;PxHlpa64;C:\Windows\system32\Drivers\PxHlpa64.sys --> C:\Windows\system32\Drivers\PxHlpa64.sys [?] R1 mfenlfk;McAfee NDIS Light Filter;C:\Windows\system32\DRIVERS\mfenlfk.sys --> C:\Windows\system32\DRIVERS\mfenlfk.sys [?] R2 AERTFilters;Andrea RT Filters Service;C:\Program Files\Realtek\Audio\HDA\AERTSr64.exe [2009-9-26 88576] R2 Apache2.2;Apache2.2;C:\Program Files (x86)\Apache Software Foundation\Apache2.2\bin\httpd.exe [2009-8-6 24645] R2 DockLoginService;Dock Login Service;C:\Program Files\Dell\DellDock\DockLogin.exe [2008-12-18 155648] R2 IYSODiskOptimizer;IYSODiskOptimizer;C:\Program Files (x86)\iYogi Support Dock\pccare\iysoDefragSrv64.exe [2011-8-17 286720] R2 McAfee SiteAdvisor Service;McAfee SiteAdvisor Service;C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe [2011-9-9 249936] R2 McMPFSvc;McAfee Personal Firewall Service;C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe [2011-9-9 249936] R2 McNaiAnn;McAfee VirusScan Announcer;C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe [2011-9-9 249936] R2 McProxy;McAfee Proxy Service;C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe [2011-9-9 249936] R2 McShield;McAfee McShield;C:\Program Files\Common Files\McAfee\SystemCore\mcshield.exe [2010-8-12 199008] R2 MemeoBackgroundService;MemeoBackgroundService;C:\Program Files (x86)\Memeo\AutoBackup\MemeoBackgroundService.exe [2010-4-22 25824] R2 mfefire;McAfee Firewall Core Service;C:\Program Files\Common Files\McAfee\SystemCore\mfefire.exe [2010-8-12 208272] R2 mfevtp;McAfee Validation Trust Protection Service;C:\Program Files\Common Files\McAfee\SystemCore\mfevtps.exe [2010-8-12 158832] R2 SeagateDashboardService;Seagate Dashboard Service;C:\Program Files (x86)\Seagate\Seagate Dashboard\SeagateDashboardService.exe [2010-4-30 14088] R2 SupportDockService.exe;Support Dock Service;C:\Program Files (x86)\iYogi Support Dock\Services\CommAgent\SupportDockService.exe [2011-6-13 73728] R3 cfwids;McAfee Inc. cfwids;C:\Windows\system32\drivers\cfwids.sys --> C:\Windows\system32\drivers\cfwids.sys [?] R3 e1yexpress;Intel® Gigabit Network Connections Driver;C:\Windows\system32\DRIVERS\e1y60x64.sys --> C:\Windows\system32\DRIVERS\e1y60x64.sys [?] R3 mfeavfk;McAfee Inc. mfeavfk;C:\Windows\system32\drivers\mfeavfk.sys --> C:\Windows\system32\drivers\mfeavfk.sys [?] R3 mfefirek;McAfee Inc. mfefirek;C:\Windows\system32\drivers\mfefirek.sys --> C:\Windows\system32\drivers\mfefirek.sys [?] R3 NVHDA;Service for NVIDIA High Definition Audio Driver;C:\Windows\system32\drivers\nvhda64v.sys --> C:\Windows\system32\drivers\nvhda64v.sys [?] R3 OA002Afx;Provides a software interface to control audio effects of OA002 camera.;\??\C:\Windows\system32\Drivers\OA002Afx.sys --> C:\Windows\system32\Drivers\OA002Afx.sys [?] R3 OA002Ufd;Creative Camera OA002 Upper Filter Driver;C:\Windows\system32\DRIVERS\OA002Ufd.sys --> C:\Windows\system32\DRIVERS\OA002Ufd.sys [?] R3 OA002Vid;Creative Camera OA002 Function Driver;C:\Windows\system32\DRIVERS\OA002Vid.sys --> C:\Windows\system32\DRIVERS\OA002Vid.sys [?] S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384] S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-3-18 138576] S2 dldtCATSCustConnectService;dldtCATSCustConnectService;C:\Windows\System32\spool\drivers\x64\3\dldtserv.exe [2009-7-9 33448] S2 gupdate;Google Update Service (gupdate);C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2011-8-25 136176] S3 Adobe Version Cue CS4;Adobe Version Cue CS4;C:\Program Files (x86)\Common Files\Adobe\Adobe Version Cue CS4\Server\bin\VersionCueCS4.exe [2008-8-15 284016] S3 FLEXnet Licensing Service 64;FLEXnet Licensing Service 64;C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService64.exe [2009-9-30 1038088] S3 gupdatem;Google Update Service (gupdatem);C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2011-8-25 136176] S3 mferkdet;McAfee Inc. mferkdet;C:\Windows\system32\drivers\mferkdet.sys --> C:\Windows\system32\drivers\mferkdet.sys [?] S3 TsUsbFlt;TsUsbFlt;C:\Windows\system32\drivers\tsusbflt.sys --> C:\Windows\system32\drivers\tsusbflt.sys [?] S3 TsUsbGD;Remote Desktop Generic USB Device;C:\Windows\system32\drivers\TsUsbGD.sys --> C:\Windows\system32\drivers\TsUsbGD.sys [?] S3 WatAdminSvc;Windows Activation Technologies Service;C:\Windows\system32\Wat\WatAdminSvc.exe --> C:\Windows\system32\Wat\WatAdminSvc.exe [?] S3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\WPF\WPFFontCache_v0400.exe --> C:\Windows\Microsoft.NET\Framework64\v4.0.30319\WPF\WPFFontCache_v0400.exe [?] . =============== Created Last 30 ================ . 2011-10-17 03:11:07 -------- d-----w- C:\Users\Frank\AppData\Roaming\Malwarebytes 2011-10-17 03:10:38 -------- d-----w- C:\ProgramData\Malwarebytes 2011-10-17 03:10:35 25416 ----a-w- C:\Windows\System32\drivers\mbam.sys 2011-10-17 03:10:35 -------- d-----w- C:\Program Files (x86)\Malwarebytes' Anti-Malware 2011-10-13 04:32:59 75776 ----a-w- C:\Windows\SysWow64\psisrndr.ax 2011-10-13 04:32:59 613888 ----a-w- C:\Windows\System32\psisdecd.dll 2011-10-13 04:32:59 465408 ----a-w- C:\Windows\SysWow64\psisdecd.dll 2011-10-13 04:32:58 108032 ----a-w- C:\Windows\System32\psisrndr.ax 2011-10-13 04:32:49 331776 ----a-w- C:\Windows\System32\oleacc.dll 2011-10-13 04:32:48 861696 ----a-w- C:\Windows\System32\oleaut32.dll 2011-10-13 04:32:48 571904 ----a-w- C:\Windows\SysWow64\oleaut32.dll 2011-10-13 04:32:48 233472 ----a-w- C:\Windows\SysWow64\oleacc.dll 2011-10-11 02:32:13 268800 ----a-w- C:\Users\Frank\AppData\Local\TCPIPUser.dll 2011-10-11 02:32:11 101888 ----a-w- C:\Windows\SysWow64\srrstr.dll 2011-10-11 02:32:09 101888 ----a-w- C:\ProgramData\GoogleServiceManager.dll 2011-10-11 01:25:04 28504 ----a-w- C:\Program Files (x86)\Mozilla Firefox\distribution\bundles\{D19CA586-DD6C-4a0a-96F8-14644F340D60}\components\scriptff.dll . ==================== Find3M ==================== . 2011-10-01 03:25:37 1638912 ----a-w- C:\Windows\System32\mshtml.tlb 2011-10-01 02:42:56 1638912 ----a-w- C:\Windows\SysWow64\mshtml.tlb 2011-09-06 03:03:17 3138048 ----a-w- C:\Windows\System32\win32k.sys 2011-08-26 02:17:59 404640 ----a-w- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl 2011-08-20 05:37:58 1188864 ----a-w- C:\Windows\System32\wininet.dll 2011-08-20 04:31:05 981504 ----a-w- C:\Windows\SysWow64\wininet.dll 2011-08-15 14:00:06 9984 ----a-w- C:\Windows\System32\drivers\mfeclnk.sys 2011-08-15 14:00:06 75672 ----a-w- C:\Windows\System32\drivers\mfenlfk.sys 2011-08-15 14:00:06 65128 ----a-w- C:\Windows\System32\drivers\cfwids.sys 2011-08-15 14:00:06 642824 ----a-w- C:\Windows\System32\drivers\mfehidk.sys 2011-08-15 14:00:06 481504 ----a-w- C:\Windows\System32\drivers\mfefirek.sys 2011-08-15 14:00:06 283744 ----a-w- C:\Windows\System32\drivers\mfewfpk.sys 2011-08-15 14:00:06 228752 ----a-w- C:\Windows\System32\drivers\mfeavfk.sys 2011-08-15 14:00:06 158584 ----a-w- C:\Windows\System32\drivers\mfeapfk.sys 2011-08-15 14:00:06 100904 ----a-w- C:\Windows\System32\drivers\mferkdet.sys . ============= FINISH: 0:07:21.53 =============== Forgot the attachment... Attach.txt
  7. Hi noknojon, I've uninstalled mwb using the mbam-clean.exe program, rebooted, de-activated my antivirus and reinstalled mwb. I still seem to be having the same problem. I just ran a full scan that took 18 seconds and scanned 1871 objects. My suspicion is that I have an infection that is tricking mwb into not scanning all objects because I've been able to run several complete scans prior to experiencing this problem earlier this week. Do you have any suggestions? I'm using the free version of mwb. Is there a limited number of scans you are able to run using the free version?
  8. Thanks for responding! Looks like I have the same scan settings as you:
  9. Hello, I am using the free version of malwarebytes, and I just tried to do a full scan of my PC. The scan only took 15 seconds to complete, and only scanned 1649 objects. This does not sound correct to me. The log info is as follows: Malwarebytes' Anti-Malware 1.51.2.1300 www.malwarebytes.org Database version: 7929 Windows 6.1.7601 Service Pack 1 Internet Explorer 8.0.7601.17514 10/12/2011 12:13:55 PM mbam-log-2011-10-12 (12-13-55).txt Scan type: Full scan (C:\|) Objects scanned: 1649 Time elapsed: 11 second(s) Memory Processes Infected: 0 Memory Modules Infected: 0 Registry Keys Infected: 0 Registry Values Infected: 0 Registry Data Items Infected: 0 Folders Infected: 0 Files Infected: 0 Memory Processes Infected: (No malicious items detected) Memory Modules Infected: (No malicious items detected) Registry Keys Infected: (No malicious items detected) Registry Values Infected: (No malicious items detected) Registry Data Items Infected: (No malicious items detected) Folders Infected: (No malicious items detected) Files Infected: (No malicious items detected) Can anyone suggest anything to get a full scan to run?
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.