greg1426

Update! Almost Made it through a scan! As you can tell from my previous post, I am getting desperate to resolve this before O end up trashing my hard drive and starting over. I downloaded CCleaner to assist with wiping the hard drive, then saw that it had some registry cleaning tools. I ran a scan which turned up a bunch of registry errors, bad files, etc. After cleaning all of them I reran MBAM. It made it over 7 minutes and had even identified one infected object, and I thought I was home free. However, it went into the same Windows\Microsoft.net folder at about 7 minutes 30 seconds into the scan, then went to the same routine, raced up in numbers of objects then shut utself down. Thw worst part is that even though it identified and infected object, it still doesn't show anything in the log or in quarantined area. If I pause the scan after an objet has been identified can it be fixed before resuming the scan? Is there any way to find out what file(s) were identified during the scan without letting it complete itself? Obviously we need to get the system to the point that it will allow MBAM to do its job, but I'd like to get the infected itens resolved asap. What do you think? Greg

I was afraid that would be the answer. Well I guess we keep plugging. Ran MBAM-Clean, downloaded and installed the new version. Same issue occured. First time it runs for a couple of minutes, then suddenly it shows: "Scanning additional items on your computer" Then it runs super fast as the numbers of objects go from 40,000 to 160,00 objects scanned in a few seconds (while not showing any file or folder names, just the same message), then shuts down. FYI, I was trying to load HP Printer/Scanner software today and it also shut down about halfway through. Is it possible that whatever malware I have is shutting down any program if it starts looking in the wrong place or attempting to change system files? I've run scans with Spybot, Superantispyware and Mcafee with no shutdown issues whatsoever. Spybot found some cookies, SuperAS found a few hundred cookies and 7 system registry threats. I know it's not the MBAM tool (I keep trying with MBAM, because everything I've read says your tool is the best-if I can just get my system straight so it will run.) It may mean nothing, but here are the 7 registry threats it fixed: Adware.URLBlaze (x86) HKCR\CLSID\{CE7C3CF0-4B15-11D1-ABED-709549C10000} (x86) HKCR\CLSID\{CE7C3CF0-4B15-11D1-ABED-709549C10000}\InprocServer32 (x86) HKCR\CLSID\{CE7C3CF0-4B15-11D1-ABED-709549C10000}\InprocServer32#ThreadingModel (x86) HKCR\CLSID\{CE7C3CF0-4B15-11D1-ABED-709549C10000}\Programmable (x86) HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{CE7C3CF0-4B15-11D1-ABED-709549C10000} (x86) HKCR\CLSID\{CE7C3CF0-4B15-11D1-ABED-709549C10000} (x86) HKU\S-1-5-21-247605775-3237907158-2430251106-1000\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{CE7C3CF0-4B15-11D1-ABED-709549C10000} I've tried turing off every AV process before the scan and nothing changes the result. Thoughts? Greg

First, thank you again for taking the time to help with our problem. Updates: 1. I clicked the link you provided and ger the following result: An Error Occurred Sorry, an error occurred. If you are unsure on how to use a feature, or don't know why you got this error message, try looking through the help files for more information. [#10343] We could not determine which topic you were attempting to view. 2. I searched the forum for "BETA" and found this post: http://forums.malwarebytes.org/index.php?showtopic=102515 Which states: Greetings Malwarebytes Anti-Malware users, We are please to announce the availability of Malwarebytes Anti-Malware 1.60 beta program to the general public in this forum. After running the latest MBAM 1.60 beta, please contribute any feedback pertaining to this beta program here. Thanks for participating in our beta program! -- The Malwarebytes Team But has no link to the actual beta download! It is also a locked post, so I could not respond or post a question. 3. I searched the download sites and google and could not find a link to download the actual BETA 1.60 version. 4. Finally, I went to the Forum Main Listing and started reading through the latest posts, found one with the download link, downloaded it, installed it, and ran a quick scan. After restarting my laptop the scan ran for about 1 minute, then totally froze on Desktop/MyVideoConverter While frozen I a could not open a web browser, though I could open the start menu to click on IE. I waited a minute or so and it suddenly unfroze, after which the MWB window jumped from one minute to over two minutes and the system unfroze (and opened 5 ot 6 IE windows, of course.) I closed all of the web browser windows and waited. The scan made it much further (to about 5 minutes) then (as before) went to "Searching additional items" while rapidly jumping into hundreds of thousands of scanned objects, then the window just disappeared. Subsequent scans ran for the usual 90 to 100 seconds and did the same thing, shutting the scan down usually while scanning this folder: Windows\Microsoft.net\framework\v4.0.30319 As I said before, I really appreciate your continued assistance with this matter. I'd appreciate some dialogue as to the nature of this problem and your prior experiences with this type of behavior. As yet I have not received any information as to what sort of problem we're dealing with here. I understand and appreciate that I have not paid anyone anything at this point. I'd happily buy the software and permanently install it on all of my family's systems if it actually worked on my PC. I'm sure it does wonderful things, but I'd really like to understand why it will not complete a scan or at least create a report or message indicating what is causing it to fail. Does this mean I have some super virus that is so sophisticated it causes the actual scan to shut down and erases all knowledge of how or why this is occuring? Or is this simply a glitch that occurs with some systems that have certain AV or other type programs that cause this? Should I be supremely worried or is this just a minor glitch that will ventually be fixed? My system is working just fine other than the MWB scan not working. Still, I'm paranoid now, because maybe this infection is so insidious that it lies dormant and allows the system to run perfectly until it has what it needs to suit its nefarious purposes. I know this is an inexact science against a constantly moving target, and again I truly appreciate that you are volunteers doing a service to help poor souls like me with our problem PCs. But can you please take a moment and address the larger questions I've asked? Thanks, Greg

This link doesn't work.

Hi Chris, Thanks for the lates instructions. Followed them all, then ran Quick Scan again. It scanned through the following folders for about 2 minutes: Windows\system32\ Windows\SYSWOW64 Windows\Fonts Windows\Microsoft.net\framework It jumped back and forth between System32 and the others, then at about 2 minutes it displayed this message instead of the folder/file being scanned: "Scanning additional items on your computer" At this point, it started to run super fast as the numbers of objects went from 40,000 to 160,00 objects scanned in a few seconds (while not showing any file or folder names, just the same message), then shut down I disabled all my Mcaffee Virus Scan and Access Scan protection while I ran the MWB scan. I reran MWB Quick Scan a few more times, and it always goes to the "Scanning additional items on your computer" message, races to 160,000 or 170,000 objects scanned very quickly and shuts down. After the first time, it always happens at 35 to 40 seconds into the scan. It was always occuring while scanning in the Windows\Microsoft.net\framework\v4.0.30319 folder. I told it to ignore the Microsoft.net folder entirely, and then it hung up on some other folder, again about 38 seconds into the scan, and always the same message and behavior. It creates no logs other than a protection log that says: 10:25:30 gpitts MESSAGE Protection started successfully 10:25:34 gpitts MESSAGE IP Protection started successfully 10:26:14 gpitts MESSAGE IP Protection stopped Thanks, Greg

Here is the content of log.txt: ESETSmartInstaller@High as CAB hook log: OnlineScanner64.ocx - registred OK OnlineScanner.ocx - registred OK Here is the tex file from the 1 file ESET found and quarantined: C:\Users\gpitts\Documents\Pitts\AE\Legal\Upcoming Shows\cnet_MyVideoConverter_Setup244_zip.exe a variant of Win32/InstallCore.D application cleaned by deleting - quarantined Here is the contents of the Security Scan "Checkup.Txt": Results of screen317's Security Check version 0.99.28 Windows 7 x64 (UAC is enabled) Internet Explorer 8 Out of date! `````````````````````````````` Antivirus/Firewall Check: Windows Firewall Disabled! ESET Online Scanner v3 McAfee VirusScan Enterprise McAfee AntiSpyware Enterprise Module McAfee Endpoint Encryption for Files and Folders McAfee Endpoint Encryption for PC McAfee Agent McAfee Host Intrusion Prevention WMI entry may not exist for antivirus; attempting automatic update. ``````````````````````````````` Anti-malware/Other Utilities Check: Malwarebytes' Anti-Malware Java 6 Update 24 Java version out of date! Adobe Reader X (10.1.1) Mozilla Firefox ((3.6.10)) Firefox out of Date! Mozilla Thunderbird (3.1.7) Thunderbird out of Date! ```````````````````````````````` Process Check: objlist.exe by Laurent Malwarebytes' Anti-Malware mbamservice.exe Malwarebytes' Anti-Malware mbamgui.exe McAfee VirusScan Enterprise x64 engineserver.exe McAfee VirusScan Enterprise vstskmgr.exe McAfee VirusScan Enterprise x64 mcshield.exe McAfee VirusScan Enterprise x64 mfeann.exe ``````````End of Log```````````` Malwarebytes still shuts itself down during a quick scan with no report or log after about 150,000 objects scanned and 1 minute 39 seconds of running (I stared at it this time to see what happened, if anything. Nothing happened, it just disappeared.) I believe I've shut down all AV software and firewalls so the scan doesn't get interfered with. Thanks, Greg

Thanks again for your assistance! The combofix log is: ComboFix 11-12-05.01 - gpitts 12/05/2011 9:42.1.4 - x64 Microsoft Windows 7 Professional 6.1.7601.1.1252.1.1033.18.8073.6213 [GMT -5:00] Running from: c:\users\gpitts\Desktop\ComboFix.exe AV: McAfee VirusScan Enterprise *Disabled/Updated* {86355677-4064-3EA7-ABB3-1B136EB04637} FW: McAfee Host Intrusion Prevention Firewall *Enabled* {BE0ED752-0A0B-3FFF-80EC-B2269063014C} SP: McAfee VirusScan Enterprise Antispyware Module *Disabled/Updated* {3D54B793-665E-3129-9103-206115370C8A} SP: Windows Defender *Disabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46} * Created a new restore point . . ((((((((((((((((((((((((((((((((((((((( Other Deletions ))))))))))))))))))))))))))))))))))))))))))))))))) . . c:\drivers\application c:\drivers\application\R291837\production\Windows7-x64\accelern.cat c:\drivers\application\R291837\production\Windows7-x64\accelern.inf c:\drivers\application\R291837\production\Windows7-x64\accelern.sys c:\drivers\application\R291837\production\Windows7-x64\accelernco01.dll c:\drivers\application\R291837\production\Windows7-x64\stdcfltn.cab c:\programdata\tmp7CB9.tmp c:\programdata\tmp7DB7.tmp c:\programdata\tmp908C.tmp c:\programdata\tmpA998.tmp c:\programdata\tmpEED1.tmp . . ((((((((((((((((((((((((( Files Created from 2011-11-05 to 2011-12-05 ))))))))))))))))))))))))))))))) . . 2011-12-05 14:53 . 2011-12-05 14:53 -------- d-----w- c:\users\Default\AppData\Local\temp 2011-12-05 14:26 . 2011-12-05 14:26 -------- d-----w- C:\Quarantine 2011-12-05 14:12 . 2011-12-05 14:12 -------- d-----w- c:\program files\iPod 2011-12-05 14:12 . 2011-12-05 14:13 -------- d-----w- c:\program files\iTunes 2011-12-05 14:12 . 2011-12-05 14:13 -------- d-----w- c:\program files (x86)\iTunes 2011-11-27 15:16 . 2011-11-27 15:16 -------- d-----w- c:\users\gpitts\AppData\Roaming\Malwarebytes 2011-11-27 15:16 . 2011-11-27 15:16 -------- d-----w- c:\programdata\Malwarebytes 2011-11-27 15:16 . 2011-08-31 22:00 25416 ----a-w- c:\windows\system32\drivers\mbam.sys 2011-11-27 15:16 . 2011-11-27 15:16 -------- d-----w- c:\program files (x86)\Malwarebytes' Anti-Malware 2011-11-13 14:43 . 2011-07-19 16:35 15360 ----a-w- c:\windows\system32\drivers\pneteth.sys 2011-11-13 14:43 . 2011-11-13 14:43 -------- d-----w- c:\program files (x86)\PdaNet for Android 2011-11-13 05:10 . 2011-10-01 05:45 886784 ----a-w- c:\program files\Common Files\System\wab32.dll 2011-11-13 05:10 . 2011-10-01 04:37 708608 ----a-w- c:\program files (x86)\Common Files\System\wab32.dll 2011-11-13 05:10 . 2011-09-29 16:29 1923952 ----a-w- c:\windows\system32\drivers\tcpip.sys 2011-11-13 05:08 . 2011-09-29 04:03 3144704 ----a-w- c:\windows\system32\win32k.sys . . . (((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2011-11-07 22:02 . 2011-04-15 09:45 140864 ----a-w- c:\windows\SysWow64\KevlarSigs.dll 2011-10-24 18:29 . 2011-10-24 18:29 94208 ----a-w- c:\windows\SysWow64\QuickTimeVR.qtx 2011-10-24 18:29 . 2011-10-24 18:29 69632 ----a-w- c:\windows\SysWow64\QuickTime.qts 2011-10-16 12:37 . 2011-09-16 14:08 414368 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl 2011-10-01 03:25 . 2011-10-16 13:14 1638912 ----a-w- c:\windows\system32\mshtml.tlb 2011-10-01 02:42 . 2011-10-16 13:14 1638912 ----a-w- c:\windows\SysWow64\mshtml.tlb 2011-09-25 14:35 . 2011-09-25 14:35 159838 ----a-w- c:\windows\SysWow64\DirShowEXMyVC.dll 2011-09-08 16:27 . 2011-09-08 16:28 39464 ----a-w- c:\windows\system32\drivers\btwl2cap.sys 2011-09-08 16:27 . 2011-09-08 16:28 22056 ----a-w- c:\windows\system32\btwcoins.dll 2011-09-08 16:27 . 2011-09-08 16:28 21416 ----a-w- c:\windows\system32\drivers\btwrchid.sys 2011-09-08 16:27 . 2011-09-08 16:28 138280 ----a-w- c:\windows\system32\drivers\btwavdt.sys 2011-09-08 16:27 . 2011-09-08 16:28 106536 ----a-w- c:\windows\system32\drivers\btwaudio.sys 2011-09-08 16:27 . 2011-09-08 16:28 348712 ----a-w- c:\windows\system32\drivers\btwampfl.sys . . ((((((((((((((((((((((((((((((((((((( Reg Loading Points )))))))))))))))))))))))))))))))))))))))))))))))))) . . *Note* empty entries & legit default entries are not shown REGEDIT4 . [HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt1] @="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}" [HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}] 2011-02-18 05:12 94208 ----a-w- c:\users\gpitts\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll . [HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt2] @="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}" [HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}] 2011-02-18 05:12 94208 ----a-w- c:\users\gpitts\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll . [HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt3] @="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}" [HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}] 2011-02-18 05:12 94208 ----a-w- c:\users\gpitts\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll . [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "uTorrent"="c:\program files (x86)\uTorrent\uTorrent.exe" [2011-10-22 641400] . [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run] "TkBellExe"="c:\program files (x86)\Common Files\Real\Update_OB\realsched.exe" [2011-04-15 180224] "ShStatEXE"="c:\program files (x86)\McAfee\VirusScan Enterprise\SHSTAT.EXE" [2010-10-22 124224] "McAfee Host Intrusion Prevention Tray"="c:\program files (x86)\McAfee\Host Intrusion Prevention\FireTray.exe" [2010-06-15 979104] "SafeBootTrayManager"="c:\program files (x86)\SafeBoot Tray Manager\SbTrayManager.exe" [2009-08-19 69632] "SafeBootTokenWatcher"="c:\program files (x86)\McAfee\Endpoint Encryption for PC\SbTokWatch.exe" [2010-10-12 172092] "McAfeeUpdaterUI"="c:\program files (x86)\McAfee\Common Framework\udaterui.exe" [2011-05-19 161088] "Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2011-06-06 937920] "APSDaemon"="c:\program files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2011-11-02 59240] "QuickTime Task"="c:\program files (x86)\QuickTime\QTTask.exe" [2011-10-24 421888] "kmw_run.exe"="kmw_run.exe" [2005-09-01 118784] "Malwarebytes' Anti-Malware"="c:\program files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe" [2011-08-31 449608] "iTunesHelper"="c:\program files (x86)\iTunes\iTunesHelper.exe" [2011-11-13 421736] . [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\RunOnce] "ClickToCallConfig"="c:\programdata\Oracle\BaseImage\config\realplayerent_config.exe" [2011-01-24 192066] . c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\ Bluetooth.lnk - c:\program files\WIDCOMM\Bluetooth Software\BTTray.exe [2010-10-15 1133856] Dell System Manager.lnk - c:\program files\Dell\Dell System Manager\DCPSysMgr.exe [2011-1-20 1552240] . c:\users\Default User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\ startControlconfig.lnk - c:\programdata\Oracle\Baseimage\utils\startControlConfig.hta [2011-4-19 1371] . [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system] "ConsentPromptBehaviorAdmin"= 5 (0x5) "ConsentPromptBehaviorUser"= 3 (0x3) "EnableUIADesktopToggle"= 0 (0x0) "HideFastUserSwitching"= 1 (0x1) . [HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\drivers32] "aux1"=wdmaud.drv . [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\McAfeeEngineService] @="Service" . [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys] @="Driver" . R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384] R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576] R2 MyDesktopWindows;MyDesktopService;c:\programdata\Oracle\MyDesktop\MyDesktopService.exe [2011-10-28 1038848] R2 QOSMyDesktop;QOS MyDesktop;c:\programdata\Oracle\MyDesktop\MyDesktopQOS.exe [2009-10-13 470016] R3 androidusb;SAMSUNG Android Composite ADB Interface Driver;c:\windows\system32\Drivers\ssadadb.sys [x] R3 dmvsc;dmvsc;c:\windows\system32\drivers\dmvsc.sys [x] R3 Firehk;McAfee NDIS Intermediate Filter;c:\windows\system32\DRIVERS\firehk.sys [x] R3 ivusb;Initio Driver for USB Default Controller;c:\windows\system32\DRIVERS\ivusb.sys [x] R3 L6PODHD5;Service - Line 6 POD HD500;c:\windows\system32\Drivers\L6PODHD564.sys [x] R3 mferkdet;McAfee Inc. mferkdet;c:\windows\system32\drivers\mferkdet.sys [x] R3 ssadbus;SAMSUNG Android USB Composite Device driver (WDM);c:\windows\system32\DRIVERS\ssadbus.sys [x] R3 ssadmdfl;SAMSUNG Android USB Modem (Filter);c:\windows\system32\DRIVERS\ssadmdfl.sys [x] R3 ssadmdm;SAMSUNG Android USB Modem Drivers;c:\windows\system32\DRIVERS\ssadmdm.sys [x] R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [x] R3 TsUsbGD;Remote Desktop Generic USB Device;c:\windows\system32\drivers\TsUsbGD.sys [x] R3 USBAAPL64;Apple Mobile USB Driver;c:\windows\system32\Drivers\usbaapl64.sys [x] R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe [x] S0 MfeEERM;MfeEERM; [x] S0 SafeBoot;SafeBoot; [x] S0 SBAlg;SBAlg; [x] S0 SBAlg00;SBAlg00; [x] S0 SBAlg01;SBAlg01; [x] S0 SBAlg11;SBAlg11; [x] S0 SBAlg12;SBAlg12; [x] S0 SbCe;SbCe; [x] S0 SbFsLock;SbFsLock; [x] S0 stdcfltn;Disk Class Filter Driver for Accelerometer;c:\windows\system32\DRIVERS\stdcfltn.sys [x] S1 RsvLock;RsvLock; [x] S1 SbFlop;SbFlop; [x] S1 SbRegFlt;SbRegFlt; [x] S1 vwififlt;Virtual WiFi Filter Driver;c:\windows\system32\DRIVERS\vwififlt.sys [x] S2 AdobeARMservice;Adobe Acrobat Update Service;c:\program files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe [2011-06-06 64952] S2 AESTFilters;Andrea ST Filters Service;c:\program files\IDT\WDM\AESTSr64.exe [2011-01-28 89600] S2 dcpsysmgrsvc;Dell System Manager Service;c:\program files\Dell\Dell System Manager\DCPSysMgrSvc.exe [2011-01-20 517488] S2 enterceptAgent;McAfee Host Intrusion Prevention Service;c:\program files (x86)\McAfee\Host Intrusion Prevention\FireSvc.exe [2010-06-15 1498224] S2 hips;McAfee HIPSCore Service;c:\program files (x86)\McAfee\Host Intrusion Prevention\HIPSCore\x64\HIPSvc.exe [2010-01-26 39840] S2 MBAMService;MBAMService;c:\program files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [2011-08-31 366152] S2 McAfee SiteAdvisor Enterprise Service;McAfee SiteAdvisor Enterprise Service;c:\program files (x86)\McAfee\SiteAdvisor Enterprise\McSACore.exe [2010-03-25 226624] S2 McAfeeEngineService;McAfee Engine Service;c:\program files (x86)\McAfee\VirusScan Enterprise\x64\engineserver.exe [2010-10-22 20792] S2 mfevtp;McAfee Validation Trust Protection Service;c:\windows\system32\mfevtps.exe [x] S2 SafeBootClientManager;SafeBoot Client Manager;c:\program files (x86)\McAfee\Endpoint Encryption for PC\SbClientManager.exe [2010-10-12 380988] S2 SbCeCoreService;McAfee Endpoint Encryption Core Service;c:\program files (x86)\McAfee\Endpoint Encryption for Files and Folders\SbCeCoreService.exe [2010-12-17 203080] S2 vpnagent;Cisco AnyConnect VPN Agent;c:\program files (x86)\Cisco\Cisco AnyConnect VPN Client\vpnagent.exe [2011-06-10 641464] S3 Acceler;Accelerometer Service;c:\windows\system32\DRIVERS\Accelern.sys [x] S3 BTWAMPFL;BTWAMPFL;c:\windows\system32\DRIVERS\btwampfl.sys [x] S3 btwl2cap;Bluetooth L2CAP Service;c:\windows\system32\DRIVERS\btwl2cap.sys [x] S3 cvusbdrv;Dell ControlVault;c:\windows\system32\Drivers\cvusbdrv.sys [x] S3 e1cexpress;Intel® PRO/1000 PCI Express Network Connection Driver C;c:\windows\system32\DRIVERS\e1c62x64.sys [x] S3 FirehkMP;FirehkMP;c:\windows\system32\DRIVERS\firehk.sys [x] S3 HIPK;McAfee Inc. HIPK;c:\windows\system32\drivers\HIPK.sys [x] S3 HIPPSK;McAfee Inc. HIPPSK;c:\windows\system32\drivers\HIPPSK.sys [x] S3 HIPQK;McAfee Inc. HIPQK;c:\windows\system32\drivers\HIPQK.sys [x] S3 IntcDAud;Intel® Display Audio;c:\windows\system32\DRIVERS\IntcDAud.sys [x] S3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [x] S3 MEIx64;Intel® Management Engine Interface;c:\windows\system32\DRIVERS\HECIx64.sys [x] S3 NETwNs64;___ Intel® Wireless WiFi Link 5000 Series Adapter Driver for Windows 7 - 64 Bit;c:\windows\system32\DRIVERS\NETwNs64.sys [x] S3 O2SDJRDR;O2SDJRDR;c:\windows\system32\DRIVERS\o2sdjw7x64.sys [x] S3 pneteth;PdaNet Broadband;c:\windows\system32\DRIVERS\pneteth.sys [x] S3 SbCeCd;SbCeCd; [x] . . Contents of the 'Scheduled Tasks' folder . 2011-12-05 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-247605775-3237907158-2430251106-1000Core.job - c:\users\gpitts\AppData\Local\Google\Update\GoogleUpdate.exe [2011-10-24 18:23] . 2011-12-05 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-247605775-3237907158-2430251106-1000UA.job - c:\users\gpitts\AppData\Local\Google\Update\GoogleUpdate.exe [2011-10-24 18:23] . . --------- x86-64 ----------- . . [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\CeDesktopIntegration] @="{3CEC3E6D-ECF2-4B49-8A41-3B16DF8B9C3F}" [HKEY_CLASSES_ROOT\CLSID\{3CEC3E6D-ECF2-4B49-8A41-3B16DF8B9C3F}] 2010-12-17 16:53 1000672 ----a-w- c:\program files (x86)\McAfee\Endpoint Encryption for Files and Folders\SbCeDesktopIntegration.dll . [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt1] @="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}" [HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}] 2011-02-18 05:12 97792 ----a-w- c:\users\gpitts\AppData\Roaming\Dropbox\bin\DropboxExt64.14.dll . [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt2] @="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}" [HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}] 2011-02-18 05:12 97792 ----a-w- c:\users\gpitts\AppData\Roaming\Dropbox\bin\DropboxExt64.14.dll . [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt3] @="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}" [HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}] 2011-02-18 05:12 97792 ----a-w- c:\users\gpitts\AppData\Roaming\Dropbox\bin\DropboxExt64.14.dll . [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt4] @="{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}" [HKEY_CLASSES_ROOT\CLSID\{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}] 2011-02-18 05:12 97792 ----a-w- c:\users\gpitts\AppData\Roaming\Dropbox\bin\DropboxExt64.14.dll . [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "IgfxTray"="c:\windows\system32\igfxtray.exe" [2011-01-28 167960] "HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2011-01-28 391704] "Persistence"="c:\windows\system32\igfxpers.exe" [2011-01-28 418328] "Apoint"="c:\program files\DellTPad\Apoint.exe" [2011-01-28 592240] "SysTrayApp"="c:\program files\IDT\WDM\sttray64.exe" [2011-01-28 525312] "FreeFallProtection"="c:\program files (x86)\STMicroelectronics\AccelerometerP11\FF_Protection.exe" [2010-12-17 686704] "SbCeCore"="c:\program files (x86)\McAfee\Endpoint Encryption for Files and Folders\SbCeCore.exe" [2010-12-17 388936] "itype"="c:\program files\Microsoft IntelliType Pro\itype.exe" [2011-08-10 1873256] . [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows] "LoadAppInit_DLLs"=0x1 . ------- Supplementary Scan ------- . uLocal Page = c:\windows\system32\blank.htm uStart Page = hxxp://www.google.com/ mLocal Page = c:\windows\SysWOW64\blank.htm uInternet Settings,ProxyOverride = *.oracle.com;*.oracleads.com;*.us.oracle.com;*.uk.oracle.com;*.ca.oracle.com;*.oraclecorp.com;*.oracleportal.com;*.local;<local> IE: E&xport to Microsoft Excel - c:\progra~2\MICROS~2\Office12\EXCEL.EXE/3000 IE: Send image to &Bluetooth Device... - c:\program files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm IE: Send page to &Bluetooth Device... - c:\program files\WIDCOMM\Bluetooth Software\btsendto_ie.htm IE: {{c95fe080-8f5d-11d2-a20b-00aa003c157a} Trusted Zone: oracle.com\login Trusted Zone: oraclecorp.com\global-ebusiness Trusted Zone: oraclecorp.com\global-erp Trusted Zone: oraclecorp.com\global-hrms Trusted Zone: oraclecorp.com\global-service Trusted Zone: oraclevpn.com\myaccess Trusted Zone: oracle.com\login Trusted Zone: oraclecorp.com\global-ebusiness Trusted Zone: oraclecorp.com\global-erp Trusted Zone: oraclecorp.com\global-hrms Trusted Zone: oraclecorp.com\global-service Trusted Zone: oraclevpn.com\myaccess TCP: DhcpNameServer = 192.168.1.1 DPF: {00191E4B-49C2-48E2-A548-8F702D75622A} - hxxps://strtc.oracle.com/imtapp/res/jar/cnsload.cab DPF: {D847E32E-BEE3-4B37-A1E2-D5AF9099A8AC} - hxxps://global-crm.oraclecorp.com/callcenter_enu/20436/applets/SiebelAx_HI_Client.cab FF - ProfilePath - c:\users\gpitts\AppData\Roaming\Mozilla\Firefox\Profiles\cgm06i81.default\ FF - prefs.js: browser.startup.homepage - hxxp://www.searchqu.com//406 FF - prefs.js: browser.search.selectedEngine - Web Search FF - prefs.js: keyword.URL - hxxp://www.searchqu.com/web?src=ffb&appid=150&systemid=406&sr=0&q= FF - prefs.js: network.proxy.type - 2 FF - Ext: Default: {972ce4c6-7e08-4474-a285-3208198ce6fd} - c:\program files (x86)\Mozilla Firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd} FF - Ext: Java Console: {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA} - c:\program files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA} FF - Ext: McAfee SiteAdvisor Enterprise: {B7082FAA-CB62-4872-9106-E42DD88EDE45} - c:\program files (x86)\McAfee\SiteAdvisor Enterprise . - - - - ORPHANS REMOVED - - - - . Toolbar-Locked - (no file) Toolbar-10 - (no file) Wow6432Node-HKLM-Run-MSWheel - (no file) Toolbar-Locked - (no file) Toolbar-10 - (no file) . . . --------------------- LOCKED REGISTRY KEYS --------------------- . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}] @Denied: (A 2) (Everyone) @="FlashBroker" "LocalizedString"="@c:\\windows\\SysWOW64\\Macromed\\Flash\\FlashUtil11c_ActiveX.exe,-101" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation] "Enabled"=dword:00000001 . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32] @="c:\\windows\\SysWOW64\\Macromed\\Flash\\FlashUtil11c_ActiveX.exe" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib] @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}] @Denied: (A 2) (Everyone) @="Shockwave Flash Object" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32] @="c:\\windows\\SysWOW64\\Macromed\\Flash\\Flash11c.ocx" "ThreadingModel"="Apartment" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus] @="0" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID] @="ShockwaveFlash.ShockwaveFlash.10" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32] @="c:\\windows\\SysWOW64\\Macromed\\Flash\\Flash11c.ocx, 1" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib] @="{D27CDB6B-AE6D-11cf-96B8-444553540000}" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version] @="1.0" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID] @="ShockwaveFlash.ShockwaveFlash" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}] @Denied: (A 2) (Everyone) @="Macromedia Flash Factory Object" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32] @="c:\\windows\\SysWOW64\\Macromed\\Flash\\Flash11c.ocx" "ThreadingModel"="Apartment" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID] @="FlashFactory.FlashFactory.1" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32] @="c:\\windows\\SysWOW64\\Macromed\\Flash\\Flash11c.ocx, 1" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib] @="{D27CDB6B-AE6D-11cf-96B8-444553540000}" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version] @="1.0" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID] @="FlashFactory.FlashFactory" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}] @Denied: (A 2) (Everyone) @="IFlashBroker4" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32] @="{00020424-0000-0000-C000-000000000046}" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib] @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}" "Version"="1.0" . [HKEY_LOCAL_MACHINE\SOFTWARE\McAfee] "SymbolicLinkValue"=hex(6):5c,00,52,00,65,00,67,00,69,00,73,00,74,00,72,00,79, 00,5c,00,4d,00,41,00,43,00,48,00,49,00,4e,00,45,00,5c,00,53,00,6f,00,66,00,\ . [HKEY_LOCAL_MACHINE\SOFTWARE\Network Associates] "SymbolicLinkValue"=hex(6):5c,00,52,00,65,00,67,00,69,00,73,00,74,00,72,00,79, 00,5c,00,4d,00,41,00,43,00,48,00,49,00,4e,00,45,00,5c,00,53,00,6f,00,66,00,\ . [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings] @Denied: (A) (Users) @Denied: (A) (Everyone) @Allowed: (B 1 2 3 4 5) (S-1-5-20) "BlindDial"=dword:00000000 . [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security] @Denied: (Full) (Everyone) . Completion time: 2011-12-05 10:04:23 ComboFix-quarantined-files.txt 2011-12-05 15:04 . Pre-Run: 103,452,921,856 bytes free Post-Run: 103,793,356,800 bytes free . - - End Of File - - 15D4B9EF1232D4F123FB5BA6F4CD3D3A The new DDS Log is: . DDS (Ver_2011-08-26.01) - NTFSAMD64 Internet Explorer: 8.0.7601.17514 BrowserJavaVersion: 1.6.0_24 Run by gpitts at 10:14:45 on 2011-12-05 Microsoft Windows 7 Professional 6.1.7601.1.1252.1.1033.18.8073.5636 [GMT -5:00] . AV: McAfee VirusScan Enterprise *Enabled/Updated* {86355677-4064-3EA7-ABB3-1B136EB04637} SP: Windows Defender *Disabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46} SP: McAfee VirusScan Enterprise Antispyware Module *Enabled/Updated* {3D54B793-665E-3129-9103-206115370C8A} FW: McAfee Host Intrusion Prevention Firewall *Enabled* {BE0ED752-0A0B-3FFF-80EC-B2269063014C} . ============== Running Processes =============== . C:\windows\system32\wininit.exe C:\windows\system32\lsm.exe C:\windows\system32\svchost.exe -k DcomLaunch C:\windows\system32\svchost.exe -k RPCSS C:\windows\System32\svchost.exe -k LocalServiceNetworkRestricted C:\windows\System32\svchost.exe -k LocalSystemNetworkRestricted C:\windows\system32\svchost.exe -k netsvcs C:\Program Files\IDT\WDM\STacSV64.exe C:\windows\system32\svchost.exe -k LocalService C:\Windows\system32\WUDFHost.exe C:\Program Files (x86)\Cisco\Cisco AnyConnect VPN Client\vpnagent.exe C:\windows\system32\svchost.exe -k NetworkService C:\windows\System32\spoolsv.exe C:\windows\system32\svchost.exe -k LocalServiceAndNoImpersonation C:\windows\system32\svchost.exe -k LocalServiceNoNetwork C:\Program Files (x86)\McAfee\Endpoint Encryption for PC\SbClientManager.exe C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe C:\Program Files\IDT\WDM\AESTSr64.exe C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe C:\Program Files\Bonjour\mDNSResponder.exe C:\Program Files\WIDCOMM\Bluetooth Software\btwdins.exe C:\Program Files (x86)\McAfee\Host Intrusion Prevention\FireSvc.exe C:\Program Files (x86)\McAfee\Host Intrusion Prevention\HIPSCore\x64\HIPSvc.exe C:\Program Files (x86)\McAfee\SiteAdvisor Enterprise\McSACore.exe C:\windows\system32\taskhost.exe C:\windows\system32\Dwm.exe C:\windows\Explorer.EXE C:\Program Files (x86)\McAfee\VirusScan Enterprise\x64\engineserver.exe C:\Program Files (x86)\McAfee\Common Framework\FrameworkService.exe C:\Program Files (x86)\McAfee\VirusScan Enterprise\vstskmgr.exe C:\Windows\system32\mfevtps.exe C:\windows\system32\DRIVERS\o2flash.exe C:\Program Files (x86)\McAfee\Endpoint Encryption for Files and Folders\SbCeCoreService.exe C:\windows\system32\svchost.exe -k imgsvc C:\Program Files (x86)\McAfee\VirusScan Enterprise\x64\mcshield.exe C:\Program Files (x86)\McAfee\Endpoint Encryption for Files and Folders\SbCeProxy32.exe C:\Program Files\Dell\Dell System Manager\DCPSysMgrSvc.exe C:\Program Files (x86)\McAfee\VirusScan Enterprise\x64\mfeann.exe C:\windows\system32\conhost.exe C:\Program Files (x86)\McAfee\Common Framework\naPrdMgr.exe C:\Windows\System32\igfxtray.exe C:\Windows\System32\hkcmd.exe C:\Windows\System32\igfxpers.exe C:\Program Files\DellTPad\Apoint.exe C:\Program Files\IDT\WDM\sttray64.exe C:\Program Files (x86)\STMicroelectronics\AccelerometerP11\FF_Protection.exe C:\windows\system32\wbem\wmiprvse.exe C:\Program Files\Microsoft IntelliType Pro\itype.exe C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe C:\Program Files\Dell\Dell System Manager\DCPSysMgr.exe C:\Program Files (x86)\Common Files\Real\Update_OB\realsched.exe C:\Program Files (x86)\McAfee\Common Framework\UdaterUI.exe C:\Program Files (x86)\Oracle\Oracle Open Office 3\program\soffice.exe C:\Program Files (x86)\PdaNet for Android\PdaNetPC.exe C:\Windows\SysWOW64\kmw_run.exe C:\Program Files (x86)\Oracle\Oracle Open Office 3\program\soffice.bin C:\Program Files (x86)\iTunes\iTunesHelper.exe C:\windows\system32\SearchIndexer.exe C:\windows\system32\svchost.exe -k bthsvcs C:\windows\system32\svchost.exe -k NetworkServiceNetworkRestricted C:\Program Files\WIDCOMM\Bluetooth Software\BtStackServer.exe C:\Program Files\iPod\bin\iPodService.exe C:\windows\system32\igfxext.exe C:\windows\system32\igfxsrvc.exe C:\Program Files\WIDCOMM\Bluetooth Software\BluetoothHeadsetProxy.exe C:\Program Files\Dell\Dell System Manager\PanelHelper32.exe C:\Program Files\DellTPad\ApMsgFwd.exe C:\Program Files\DellTPad\HidFind.exe C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe C:\Program Files (x86)\Internet Explorer\IELowutil.exe C:\Program Files (x86)\McAfee\VirusScan Enterprise\ShStat.exe C:\windows\system32\notepad.exe C:\windows\SysWOW64\Macromed\Flash\FlashUtil11c_ActiveX.exe C:\Program Files (x86)\McAfee\Endpoint Encryption for Files and Folders\SbCeCore.exe C:\Program Files (x86)\McAfee\Endpoint Encryption for Files and Folders\SbCeProxy32.exe C:\Program Files (x86)\Internet Explorer\iexplore.exe C:\Program Files (x86)\Internet Explorer\iexplore.exe C:\Program Files (x86)\Internet Explorer\iexplore.exe C:\Program Files (x86)\Internet Explorer\iexplore.exe C:\Program Files (x86)\Internet Explorer\iexplore.exe C:\windows\system32\taskhost.exe C:\windows\system32\DllHost.exe C:\windows\system32\DllHost.exe C:\windows\SysWOW64\cmd.exe C:\windows\system32\conhost.exe C:\windows\SysWOW64\cscript.exe C:\windows\system32\wbem\wmiprvse.exe . ============== Pseudo HJT Report =============== . uStart Page = hxxp://www.google.com/ uInternet Settings,ProxyOverride = *.oracle.com;*.oracleads.com;*.us.oracle.com;*.uk.oracle.com;*.ca.oracle.com;*.oraclecorp.com;*.oracleportal.com;*.local;<local> uURLSearchHooks: McAfee SiteAdvisor Toolbar: {0ebbbe48-bad4-4b4c-8e5a-516abecae064} - C:\Program Files (x86)\McAfee\SiteAdvisor Enterprise\McIEPlg.dll BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll BHO: McAfee SiteAdvisor BHO: {b164e929-a1b6-4a06-b104-2cd0e90a88ff} - C:\Program Files (x86)\McAfee\SiteAdvisor Enterprise\McIEPlg.dll BHO: IEHlprObjClass: {ce7c3cf0-4b15-11d1-abed-709549c10000} - C:\Program Files (x86)\Kensington\MouseWorks\IE_KMW.DLL BHO: Java Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll TB: McAfee SiteAdvisor Toolbar: {0ebbbe48-bad4-4b4c-8e5a-516abecae064} - C:\Program Files (x86)\McAfee\SiteAdvisor Enterprise\McIEPlg.dll uRun: [uTorrent] "C:\Program Files (x86)\uTorrent\uTorrent.exe" /MINIMIZED mRun: [TkBellExe] "C:\Program Files (x86)\Common Files\Real\Update_OB\realsched.exe" -osboot mRun: [shStatEXE] "C:\Program Files (x86)\McAfee\VirusScan Enterprise\SHSTAT.EXE" /STANDALONE mRun: [McAfee Host Intrusion Prevention Tray] "C:\Program Files (x86)\McAfee\Host Intrusion Prevention\FireTray.exe" mRun: [safeBootTrayManager] "C:\Program Files (x86)\SafeBoot Tray Manager\SbTrayManager.exe" mRun: [safeBootTokenWatcher] "C:\Program Files (x86)\McAfee\Endpoint Encryption for PC\SbTokWatch.exe" mRun: [McAfeeUpdaterUI] "C:\Program Files (x86)\McAfee\Common Framework\udaterui.exe" /StartedFromRunKey mRun: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" mRun: [APSDaemon] "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe" mRun: [QuickTime Task] "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime mRun: [kmw_run.exe] kmw_run.exe mRun: [Malwarebytes' Anti-Malware] "C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe" /starttray mRun: [iTunesHelper] "C:\Program Files (x86)\iTunes\iTunesHelper.exe" dRunOnce: [ClickToCallConfig] C:\ProgramData\Oracle\BaseImage\config\realplayerent_config.exe /SS=YES StartupFolder: C:\Users\gpitts\AppData\Roaming\MICROS~1\Windows\STARTM~1\Programs\Startup\Dropbox.lnk - C:\Users\gpitts\AppData\Roaming\Dropbox\bin\Dropbox.exe StartupFolder: C:\Users\gpitts\AppData\Roaming\MICROS~1\Windows\STARTM~1\Programs\Startup\ORACLE~1.LNK - C:\Program Files (x86)\Oracle\Oracle Open Office 3\program\quickstart.exe StartupFolder: C:\Users\gpitts\AppData\Roaming\MICROS~1\Windows\STARTM~1\Programs\Startup\PDANET~1.LNK - C:\Program Files (x86)\PdaNet for Android\PdaNetPC.exe StartupFolder: C:\PROGRA~3\MICROS~1\Windows\STARTM~1\Programs\Startup\BLUETO~1.LNK - C:\Program Files (x86)\WIDCOMM\Bluetooth Software\BTTray.exe StartupFolder: C:\PROGRA~3\MICROS~1\Windows\STARTM~1\Programs\Startup\DELLSY~1.LNK - C:\Program Files (x86)\Dell\Dell System Manager\DCPSysMgr.exe mPolicies-system: ConsentPromptBehaviorAdmin = 5 (0x5) mPolicies-system: ConsentPromptBehaviorUser = 3 (0x3) mPolicies-system: EnableUIADesktopToggle = 0 (0x0) mPolicies-system: HideFastUserSwitching = 1 (0x1) IE: E&xport to Microsoft Excel - C:\PROGRA~2\MICROS~2\Office12\EXCEL.EXE/3000 IE: Send image to &Bluetooth Device... - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm IE: Send page to &Bluetooth Device... - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm IE: {c95fe080-8f5d-11d2-a20b-00aa003c157a} IE: {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - C:\PROGRA~2\MICROS~2\Office12\REFIEBAR.DLL Trusted Zone: oracle.com\login Trusted Zone: oraclecorp.com\global-ebusiness Trusted Zone: oraclecorp.com\global-erp Trusted Zone: oraclecorp.com\global-hrms Trusted Zone: oraclecorp.com\global-service Trusted Zone: oraclevpn.com\myaccess Trusted Zone: oracle.com\login Trusted Zone: oraclecorp.com\global-ebusiness Trusted Zone: oraclecorp.com\global-erp Trusted Zone: oraclecorp.com\global-hrms Trusted Zone: oraclecorp.com\global-service Trusted Zone: oraclevpn.com\myaccess DPF: {00191E4B-49C2-48E2-A548-8F702D75622A} - hxxps://strtc.oracle.com/imtapp/res/jar/cnsload.cab DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_24-windows-i586.cab DPF: {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_24-windows-i586.cab DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_24-windows-i586.cab DPF: {D847E32E-BEE3-4B37-A1E2-D5AF9099A8AC} - hxxps://global-crm.oraclecorp.com/callcenter_enu/20436/applets/SiebelAx_HI_Client.cab DPF: {E06E2E99-0AA1-11D4-ABA6-0060082AA75C} - hxxps://oraclemeetings.webex.com/client/WBXclient-T27L10NSP25-10481/training/ieatgpc1.cab TCP: DhcpNameServer = 192.168.1.1 TCP: Interfaces\{9F277400-DDF6-45DC-8E0E-97D2EA593464} : DhcpNameServer = 192.168.1.1 TCP: Interfaces\{9F277400-DDF6-45DC-8E0E-97D2EA593464}\2456C6C614538323 : DhcpNameServer = 192.168.0.1 TCP: Interfaces\{9F277400-DDF6-45DC-8E0E-97D2EA593464}\4554740284F4553554 : DhcpNameServer = 192.168.10.1 TCP: Interfaces\{9F277400-DDF6-45DC-8E0E-97D2EA593464}\74053575966696 : DhcpNameServer = 192.168.0.1 TCP: Interfaces\{9F277400-DDF6-45DC-8E0E-97D2EA593464}\74350575966496 : DhcpNameServer = 192.168.0.1 TCP: Interfaces\{9F277400-DDF6-45DC-8E0E-97D2EA593464}\F467562746279667560527F6241363 : DhcpNameServer = 192.168.0.1 Handler: dssrequest - {5513F07E-936B-4E52-9B00-067394E91CC5} - C:\Program Files (x86)\McAfee\SiteAdvisor Enterprise\McIEPlg.dll Handler: sacore - {5513F07E-936B-4E52-9B00-067394E91CC5} - C:\Program Files (x86)\McAfee\SiteAdvisor Enterprise\McIEPlg.dll BHO-X64: Adobe PDF Link Helper: {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll BHO-X64: AcroIEHelperStub - No File BHO-X64: McAfee SiteAdvisor BHO: {B164E929-A1B6-4A06-B104-2CD0E90A88FF} - C:\Program Files (x86)\McAfee\SiteAdvisor Enterprise\McIEPlg.dll BHO-X64: IEHlprObjClass: {CE7C3CF0-4B15-11D1-ABED-709549C10000} - C:\Program Files (x86)\Kensington\MouseWorks\IE_KMW.DLL BHO-X64: Java Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll TB-X64: McAfee SiteAdvisor Toolbar: {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - C:\Program Files (x86)\McAfee\SiteAdvisor Enterprise\McIEPlg.dll mRun-x64: [TkBellExe] "C:\Program Files (x86)\Common Files\Real\Update_OB\realsched.exe" -osboot mRun-x64: [shStatEXE] "C:\Program Files (x86)\McAfee\VirusScan Enterprise\SHSTAT.EXE" /STANDALONE mRun-x64: [McAfee Host Intrusion Prevention Tray] "C:\Program Files (x86)\McAfee\Host Intrusion Prevention\FireTray.exe" mRun-x64: [safeBootTrayManager] "C:\Program Files (x86)\SafeBoot Tray Manager\SbTrayManager.exe" mRun-x64: [safeBootTokenWatcher] "C:\Program Files (x86)\McAfee\Endpoint Encryption for PC\SbTokWatch.exe" mRun-x64: [McAfeeUpdaterUI] "C:\Program Files (x86)\McAfee\Common Framework\udaterui.exe" /StartedFromRunKey mRun-x64: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" mRun-x64: [APSDaemon] "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe" mRun-x64: [QuickTime Task] "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime mRun-x64: [kmw_run.exe] kmw_run.exe mRun-x64: [Malwarebytes' Anti-Malware] "C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe" /starttray mRun-x64: [iTunesHelper] "C:\Program Files (x86)\iTunes\iTunesHelper.exe" IE-X64: {c95fe080-8f5d-11d2-a20b-00aa003c157a} IE-X64: {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm . ================= FIREFOX =================== . FF - ProfilePath - C:\Users\gpitts\AppData\Roaming\Mozilla\Firefox\Profiles\cgm06i81.default\ FF - prefs.js: browser.startup.homepage - hxxp://www.searchqu.com//406 FF - prefs.js: browser.search.selectedEngine - Web Search FF - prefs.js: keyword.URL - hxxp://www.searchqu.com/web?src=ffb&appid=150&systemid=406&sr=0&q= FF - prefs.js: network.proxy.type - 2 FF - component: C:\Program Files (x86)\McAfee\SiteAdvisor Enterprise\components\McFFPlg.dll FF - Ext: Default: {972ce4c6-7e08-4474-a285-3208198ce6fd} - C:\Program Files (x86)\Mozilla Firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd} FF - Ext: Java Console: {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA} - C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA} FF - Ext: McAfee SiteAdvisor Enterprise: {B7082FAA-CB62-4872-9106-E42DD88EDE45} - C:\Program Files (x86)\McAfee\SiteAdvisor Enterprise . ============= SERVICES / DRIVERS =============== . R0 MfeEERM;MfeEERM;C:\Windows\System32\drivers\MfeEERM.sys [2010-12-17 226504] R0 mfehidk;McAfee Inc. mfehidk;C:\windows\system32\drivers\mfehidk.sys --> C:\windows\system32\drivers\mfehidk.sys [?] R0 SBAlg;SBAlg;C:\Windows\System32\drivers\SbAlg.sys [2008-8-13 60128] R0 SBAlg00;SBAlg00;C:\Windows\System32\drivers\SbAlg00.sys [2009-6-4 18176] R0 SBAlg01;SBAlg01;C:\Windows\System32\drivers\SbAlg01.sys [2009-6-4 18176] R0 SBAlg11;SBAlg11;C:\Windows\System32\drivers\SbAlg11.sys [2009-6-4 36096] R0 SBAlg12;SBAlg12;C:\Windows\System32\drivers\SbAlg12.sys [2009-6-4 60160] R0 SbCe;SbCe;C:\Windows\System32\drivers\SbCe.sys [2010-12-17 698312] R0 SbFsLock;SbFsLock;C:\Windows\System32\drivers\SbFsLock.sys [2010-10-12 15688] R0 stdcfltn;Disk Class Filter Driver for Accelerometer;C:\windows\system32\DRIVERS\stdcfltn.sys --> C:\windows\system32\DRIVERS\stdcfltn.sys [?] R1 RsvLock;RsvLock;C:\Windows\System32\drivers\RsvLock.sys [2010-10-12 58184] R1 SbFlop;SbFlop;C:\Windows\System32\drivers\SbFlop.sys [2010-10-12 23368] R1 SbRegFlt;SbRegFlt;C:\Windows\System32\drivers\SbRegFlt.sys [2010-10-12 15688] R1 vwififlt;Virtual WiFi Filter Driver;C:\windows\system32\DRIVERS\vwififlt.sys --> C:\windows\system32\DRIVERS\vwififlt.sys [?] R2 AdobeARMservice;Adobe Acrobat Update Service;C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe [2011-6-6 64952] R2 AESTFilters;Andrea ST Filters Service;C:\Program Files\IDT\WDM\AESTSr64.exe [2011-9-8 89600] R2 dcpsysmgrsvc;Dell System Manager Service;C:\Program Files\Dell\Dell System Manager\DCPSysMgrSvc.exe [2011-1-20 517488] R2 enterceptAgent;McAfee Host Intrusion Prevention Service;C:\Program Files (x86)\McAfee\Host Intrusion Prevention\FireSvc.exe [2010-6-15 1498224] R2 hips;McAfee HIPSCore Service;C:\Program Files (x86)\McAfee\Host Intrusion Prevention\HIPSCore\x64\HIPSvc.exe [2011-4-15 39840] R2 MBAMService;MBAMService;C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [2011-11-27 366152] R2 McAfee SiteAdvisor Enterprise Service;McAfee SiteAdvisor Enterprise Service;C:\Program Files (x86)\McAfee\SiteAdvisor Enterprise\McSACore.exe [2010-3-25 226624] R2 McAfeeEngineService;McAfee Engine Service;C:\Program Files (x86)\McAfee\VirusScan Enterprise\x64\engineserver.exe [2010-10-22 20792] R2 McAfeeFramework;McAfee Framework Service;C:\Program Files (x86)\McAfee\Common Framework\FrameworkService.exe [2011-5-19 120128] R2 McShield;McAfee McShield;C:\Program Files (x86)\McAfee\VirusScan Enterprise\x64\mcshield.exe [2010-10-22 181480] R2 McTaskManager;McAfee Task Manager;C:\Program Files (x86)\McAfee\VirusScan Enterprise\vstskmgr.exe [2010-10-22 66880] R2 mfevtp;McAfee Validation Trust Protection Service;C:\Windows\system32\mfevtps.exe --> C:\Windows\system32\mfevtps.exe [?] R2 SafeBootClientManager;SafeBoot Client Manager;C:\Program Files (x86)\McAfee\Endpoint Encryption for PC\SbClientManager.exe [2010-10-12 380988] R2 SbCeCoreService;McAfee Endpoint Encryption Core Service;C:\Program Files (x86)\McAfee\Endpoint Encryption for Files and Folders\SbCeCoreService.exe [2010-12-17 203080] R2 vpnagent;Cisco AnyConnect VPN Agent;C:\Program Files (x86)\Cisco\Cisco AnyConnect VPN Client\vpnagent.exe [2011-6-10 641464] R3 Acceler;Accelerometer Service;C:\windows\system32\DRIVERS\Accelern.sys --> C:\windows\system32\DRIVERS\Accelern.sys [?] R3 BTWAMPFL;BTWAMPFL;C:\windows\system32\DRIVERS\btwampfl.sys --> C:\windows\system32\DRIVERS\btwampfl.sys [?] R3 btwl2cap;Bluetooth L2CAP Service;C:\windows\system32\DRIVERS\btwl2cap.sys --> C:\windows\system32\DRIVERS\btwl2cap.sys [?] R3 cvusbdrv;Dell ControlVault;C:\windows\system32\Drivers\cvusbdrv.sys --> C:\windows\system32\Drivers\cvusbdrv.sys [?] R3 e1cexpress;Intel® PRO/1000 PCI Express Network Connection Driver C;C:\windows\system32\DRIVERS\e1c62x64.sys --> C:\windows\system32\DRIVERS\e1c62x64.sys [?] R3 FirehkMP;FirehkMP;C:\windows\system32\DRIVERS\firehk.sys --> C:\windows\system32\DRIVERS\firehk.sys [?] R3 HIPK;McAfee Inc. HIPK;C:\windows\system32\drivers\HIPK.sys --> C:\windows\system32\drivers\HIPK.sys [?] R3 HIPPSK;McAfee Inc. HIPPSK;C:\windows\system32\drivers\HIPPSK.sys --> C:\windows\system32\drivers\HIPPSK.sys [?] R3 HIPQK;McAfee Inc. HIPQK;C:\windows\system32\drivers\HIPQK.sys --> C:\windows\system32\drivers\HIPQK.sys [?] R3 IntcDAud;Intel® Display Audio;C:\windows\system32\DRIVERS\IntcDAud.sys --> C:\windows\system32\DRIVERS\IntcDAud.sys [?] R3 MBAMProtector;MBAMProtector;\??\C:\windows\system32\drivers\mbam.sys --> C:\windows\system32\drivers\mbam.sys [?] R3 MEIx64;Intel® Management Engine Interface;C:\windows\system32\DRIVERS\HECIx64.sys --> C:\windows\system32\DRIVERS\HECIx64.sys [?] R3 mfeavfk;McAfee Inc. mfeavfk;C:\windows\system32\drivers\mfeavfk.sys --> C:\windows\system32\drivers\mfeavfk.sys [?] R3 NETwNs64;___ Intel® Wireless WiFi Link 5000 Series Adapter Driver for Windows 7 - 64 Bit;C:\windows\system32\DRIVERS\NETwNs64.sys --> C:\windows\system32\DRIVERS\NETwNs64.sys [?] R3 O2SDJRDR;O2SDJRDR;C:\windows\system32\DRIVERS\o2sdjw7x64.sys --> C:\windows\system32\DRIVERS\o2sdjw7x64.sys [?] R3 pneteth;PdaNet Broadband;C:\windows\system32\DRIVERS\pneteth.sys --> C:\windows\system32\DRIVERS\pneteth.sys [?] R3 SbCeCd;SbCeCd;C:\Windows\System32\drivers\SbCeCd.sys [2010-12-17 132808] S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384] S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-3-18 138576] S2 MyDesktopWindows;MyDesktopService;C:\ProgramData\Oracle\MyDesktop\MyDesktopService.exe [2011-10-28 1038848] S2 QOSMyDesktop;QOS MyDesktop;C:\ProgramData\Oracle\MyDesktop\MyDesktopQOS.exe [2009-10-13 470016] S3 androidusb;SAMSUNG Android Composite ADB Interface Driver;C:\windows\system32\Drivers\ssadadb.sys --> C:\windows\system32\Drivers\ssadadb.sys [?] S3 dmvsc;dmvsc;C:\windows\system32\drivers\dmvsc.sys --> C:\windows\system32\drivers\dmvsc.sys [?] S3 Firehk;McAfee NDIS Intermediate Filter;C:\windows\system32\DRIVERS\firehk.sys --> C:\windows\system32\DRIVERS\firehk.sys [?] S3 ivusb;Initio Driver for USB Default Controller;C:\windows\system32\DRIVERS\ivusb.sys --> C:\windows\system32\DRIVERS\ivusb.sys [?] S3 L6PODHD5;Service - Line 6 POD HD500;C:\windows\system32\Drivers\L6PODHD564.sys --> C:\windows\system32\Drivers\L6PODHD564.sys [?] S3 mferkdet;McAfee Inc. mferkdet;C:\windows\system32\drivers\mferkdet.sys --> C:\windows\system32\drivers\mferkdet.sys [?] S3 ssadbus;SAMSUNG Android USB Composite Device driver (WDM);C:\windows\system32\DRIVERS\ssadbus.sys --> C:\windows\system32\DRIVERS\ssadbus.sys [?] S3 ssadmdfl;SAMSUNG Android USB Modem (Filter);C:\windows\system32\DRIVERS\ssadmdfl.sys --> C:\windows\system32\DRIVERS\ssadmdfl.sys [?] S3 ssadmdm;SAMSUNG Android USB Modem Drivers;C:\windows\system32\DRIVERS\ssadmdm.sys --> C:\windows\system32\DRIVERS\ssadmdm.sys [?] S3 StorSvc;Storage Service;C:\windows\System32\svchost.exe -k LocalSystemNetworkRestricted [2009-7-13 20992] S3 TsUsbFlt;TsUsbFlt;C:\windows\system32\drivers\tsusbflt.sys --> C:\windows\system32\drivers\tsusbflt.sys [?] S3 TsUsbGD;Remote Desktop Generic USB Device;C:\windows\system32\drivers\TsUsbGD.sys --> C:\windows\system32\drivers\TsUsbGD.sys [?] S3 USBAAPL64;Apple Mobile USB Driver;C:\windows\system32\Drivers\usbaapl64.sys --> C:\windows\system32\Drivers\usbaapl64.sys [?] S3 WatAdminSvc;Windows Activation Technologies Service;C:\windows\system32\Wat\WatAdminSvc.exe --> C:\windows\system32\Wat\WatAdminSvc.exe [?] . =============== Created Last 30 ================ . 2011-12-05 14:35:21 98816 ----a-w- C:\windows\sed.exe 2011-12-05 14:35:21 518144 ----a-w- C:\windows\SWREG.exe 2011-12-05 14:35:21 256000 ----a-w- C:\windows\PEV.exe 2011-12-05 14:35:21 208896 ----a-w- C:\windows\MBR.exe 2011-12-05 14:30:13 47080 ----a-w- C:\windows\System32\HIPIS0e011b5.dll 2011-12-05 14:30:13 40328 ----a-w- C:\windows\SysWow64\HIPIS0e011b5.dll 2011-12-05 14:26:42 -------- d-----w- C:\Quarantine 2011-12-05 14:12:21 -------- d-----w- C:\Program Files\iPod 2011-12-05 14:12:20 -------- d-----w- C:\Program Files\iTunes 2011-12-05 14:12:20 -------- d-----w- C:\Program Files (x86)\iTunes 2011-11-27 15:16:44 -------- d-----w- C:\Users\gpitts\AppData\Roaming\Malwarebytes 2011-11-27 15:16:36 -------- d-----w- C:\ProgramData\Malwarebytes 2011-11-27 15:16:30 25416 ----a-w- C:\windows\System32\drivers\mbam.sys 2011-11-27 15:16:29 -------- d-----w- C:\Program Files (x86)\Malwarebytes' Anti-Malware 2011-11-13 14:43:16 15360 ----a-w- C:\windows\System32\drivers\pneteth.sys 2011-11-13 14:43:14 -------- d-----w- C:\Program Files (x86)\PdaNet for Android 2011-11-13 05:10:13 886784 ----a-w- C:\Program Files\Common Files\System\wab32.dll 2011-11-13 05:10:12 708608 ----a-w- C:\Program Files (x86)\Common Files\System\wab32.dll 2011-11-13 05:10:11 1923952 ----a-w- C:\windows\System32\drivers\tcpip.sys 2011-11-13 05:08:44 3144704 ----a-w- C:\windows\System32\win32k.sys . ==================== Find3M ==================== . 2011-11-07 22:02:08 140864 ----a-w- C:\windows\SysWow64\KevlarSigs.dll 2011-10-24 18:29:02 94208 ----a-w- C:\windows\SysWow64\QuickTimeVR.qtx 2011-10-24 18:29:02 69632 ----a-w- C:\windows\SysWow64\QuickTime.qts 2011-10-16 12:37:43 414368 ----a-w- C:\windows\SysWow64\FlashPlayerCPLApp.cpl 2011-10-01 03:25:37 1638912 ----a-w- C:\windows\System32\mshtml.tlb 2011-10-01 02:42:56 1638912 ----a-w- C:\windows\SysWow64\mshtml.tlb 2011-09-25 14:35:28 159838 ----a-w- C:\windows\SysWow64\DirShowEXMyVC.dll 2011-09-08 16:27:28 39464 ----a-w- C:\windows\System32\drivers\btwl2cap.sys 2011-09-08 16:27:28 348712 ----a-w- C:\windows\System32\drivers\btwampfl.sys 2011-09-08 16:27:28 22056 ----a-w- C:\windows\System32\btwcoins.dll 2011-09-08 16:27:28 21416 ----a-w- C:\windows\System32\drivers\btwrchid.sys 2011-09-08 16:27:28 138280 ----a-w- C:\windows\System32\drivers\btwavdt.sys 2011-09-08 16:27:28 106536 ----a-w- C:\windows\System32\drivers\btwaudio.sys . ============= FINISH: 10:15:45.64 =============== I've attached the new attach,txt in a zipped file. Awaiting further instructions. Cheers, Greg Attach.zip

I ran mbam-clean, reinstalled and updated mbam, made all of the changes to McAffee. When I run quick scan or full scan it runs fine (sometimes for a long time), then it just shuts down. I look up and the program isn't even open any more. No logs are being created by the scans. There is one log called "protection-log-2011-11-27.txt" that contains: 10:17:12 gpitts MESSAGE Protection started successfully 10:17:17 gpitts MESSAGE IP Protection started successfully 12:31:58 gpitts IP-BLOCK 89.28.31.246 (Type: incoming, Port: 40407, Process: svchost.exe) 15:00:45 gpitts IP-BLOCK 194.165.0.3 (Type: incoming, Port: 40407, Process: svchost.exe) Any idea why the program can't complete it's scan?

I couldn't get the tool to run a full scan. It would get part way through, then just close. I did a quick scan, which closed itself and created this log: 08:09:06 gpitts ERROR IsValidLicenseKey failed with error code 13 08:09:06 gpitts MESSAGE Protection stopped 08:41:24 gpitts ERROR IsValidLicenseKey failed with error code 13 08:41:24 gpitts MESSAGE Protection stopped 10:08:34 gpitts ERROR IsValidLicenseKey failed with error code 13 10:08:34 gpitts MESSAGE Protection stopped I tried to download the DDS script, but the link kept going to a blank page and even when I manually surfed to the correct page the download would not begin. I used a different PC to download the DDS.SCR program and copied it to this PC and ran it. The tool instructed me to zip the attach.txt and attach here, which I have done. The result of DDS.TXT is: . DDS (Ver_2011-08-26.01) - NTFSAMD64 Internet Explorer: 8.0.7601.17514 BrowserJavaVersion: 1.6.0_24 Run by gpitts at 10:31:03 on 2011-11-23 Microsoft Windows 7 Professional 6.1.7601.1.1252.1.1033.18.8073.6209 [GMT -5:00] . AV: McAfee VirusScan Enterprise *Enabled/Updated* {86355677-4064-3EA7-ABB3-1B136EB04637} SP: Windows Defender *Disabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46} SP: McAfee VirusScan Enterprise Antispyware Module *Enabled/Updated* {3D54B793-665E-3129-9103-206115370C8A} FW: McAfee Host Intrusion Prevention Firewall *Enabled* {BE0ED752-0A0B-3FFF-80EC-B2269063014C} . ============== Running Processes =============== . C:\windows\system32\wininit.exe C:\windows\system32\lsm.exe C:\windows\system32\svchost.exe -k DcomLaunch C:\windows\system32\svchost.exe -k RPCSS C:\windows\System32\svchost.exe -k LocalServiceNetworkRestricted C:\windows\System32\svchost.exe -k LocalSystemNetworkRestricted C:\windows\system32\svchost.exe -k netsvcs C:\Program Files\IDT\WDM\STacSV64.exe C:\windows\system32\svchost.exe -k LocalService C:\Windows\system32\WUDFHost.exe C:\Program Files (x86)\Cisco\Cisco AnyConnect VPN Client\vpnagent.exe C:\windows\system32\svchost.exe -k NetworkService C:\windows\System32\spoolsv.exe C:\windows\system32\svchost.exe -k LocalServiceAndNoImpersonation C:\windows\system32\svchost.exe -k LocalServiceNoNetwork C:\Program Files (x86)\McAfee\Endpoint Encryption for PC\SbClientManager.exe C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe C:\Program Files\IDT\WDM\AESTSr64.exe C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe C:\Program Files\Bonjour\mDNSResponder.exe C:\Program Files\WIDCOMM\Bluetooth Software\btwdins.exe C:\Program Files (x86)\McAfee\Host Intrusion Prevention\FireSvc.exe C:\Program Files (x86)\McAfee\Host Intrusion Prevention\HIPSCore\x64\HIPSvc.exe C:\Program Files (x86)\McAfee\SiteAdvisor Enterprise\McSACore.exe C:\Program Files (x86)\McAfee\VirusScan Enterprise\x64\engineserver.exe C:\Program Files (x86)\McAfee\Common Framework\FrameworkService.exe C:\Program Files (x86)\McAfee\VirusScan Enterprise\vstskmgr.exe C:\Windows\system32\mfevtps.exe C:\ProgramData\Oracle\MyDesktop\MyDesktopService.exe C:\windows\system32\DRIVERS\o2flash.exe C:\ProgramData\Oracle\MyDesktop\MyDesktopQOS.exe C:\Program Files (x86)\McAfee\Endpoint Encryption for Files and Folders\SbCeCoreService.exe C:\Program Files (x86)\McAfee\Endpoint Encryption for Files and Folders\SbCeProxy32.exe C:\Program Files (x86)\McAfee\Common Framework\naPrdMgr.exe C:\windows\system32\taskhost.exe C:\windows\system32\Dwm.exe C:\windows\Explorer.EXE C:\windows\system32\svchost.exe -k imgsvc C:\Program Files (x86)\McAfee\VirusScan Enterprise\x64\mcshield.exe C:\Program Files\Dell\Dell System Manager\DCPSysMgrSvc.exe C:\Program Files (x86)\McAfee\VirusScan Enterprise\x64\mfeann.exe C:\windows\system32\conhost.exe C:\Windows\System32\igfxtray.exe C:\Windows\System32\hkcmd.exe C:\Windows\System32\igfxpers.exe C:\Program Files\DellTPad\Apoint.exe C:\Program Files\IDT\WDM\sttray64.exe C:\Program Files (x86)\STMicroelectronics\AccelerometerP11\FF_Protection.exe C:\Program Files (x86)\McAfee\Endpoint Encryption for Files and Folders\SbCeCore.exe C:\Program Files\Microsoft IntelliType Pro\itype.exe C:\Program Files (x86)\McAfee\Endpoint Encryption for Files and Folders\SbCeProxy32.exe C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe C:\windows\system32\wbem\wmiprvse.exe C:\Program Files (x86)\Common Files\Real\Update_OB\realsched.exe C:\Program Files\Dell\Dell System Manager\DCPSysMgr.exe C:\Program Files (x86)\McAfee\Host Intrusion Prevention\FireTray.exe C:\Program Files (x86)\SafeBoot Tray Manager\SbTrayManager.exe C:\Users\gpitts\AppData\Roaming\Dropbox\bin\Dropbox.exe C:\Program Files (x86)\McAfee\Endpoint Encryption for PC\SbTokWatch.exe C:\Program Files (x86)\McAfee\Common Framework\UdaterUI.exe C:\Program Files (x86)\iTunes\iTunesHelper.exe C:\Program Files (x86)\Oracle\Oracle Open Office 3\program\soffice.exe C:\Windows\SysWOW64\kmw_run.exe C:\Program Files (x86)\PdaNet for Android\PdaNetPC.exe C:\Program Files (x86)\Oracle\Oracle Open Office 3\program\soffice.bin C:\Program Files (x86)\McAfee\Common Framework\McTray.exe C:\windows\system32\igfxext.exe C:\windows\system32\igfxsrvc.exe C:\Program Files\Dell\Dell System Manager\PanelHelper32.exe C:\windows\system32\SearchIndexer.exe C:\Program Files\iPod\bin\iPodService.exe C:\windows\system32\svchost.exe -k bthsvcs C:\windows\system32\svchost.exe -k NetworkServiceNetworkRestricted C:\Program Files\WIDCOMM\Bluetooth Software\BtStackServer.exe C:\Program Files\DellTPad\ApMsgFwd.exe C:\Program Files\DellTPad\Apntex.exe C:\windows\system32\conhost.exe C:\Program Files\DellTPad\HidFind.exe C:\windows\SysWOW64\RunDll32.exe C:\Program Files\WIDCOMM\Bluetooth Software\BluetoothHeadsetProxy.exe C:\Users\gpitts\AppData\Local\Google\Chrome\Application\chrome.exe C:\Users\gpitts\AppData\Local\Google\Chrome\Application\chrome.exe C:\Users\gpitts\AppData\Local\Google\Chrome\Application\chrome.exe C:\Users\gpitts\AppData\Local\Google\Chrome\Application\chrome.exe C:\windows\SysWOW64\rundll32.exe C:\Users\gpitts\AppData\Local\Google\Chrome\Application\chrome.exe C:\Users\gpitts\Downloads\Anti Malware\Defogger.exe C:\windows\system32\conhost.exe C:\windows\system32\taskeng.exe C:\Windows\system32\WUDFHost.exe C:\windows\SysWOW64\cmd.exe C:\windows\system32\conhost.exe C:\windows\SysWOW64\cscript.exe C:\windows\system32\wbem\wmiprvse.exe . ============== Pseudo HJT Report =============== . uStart Page = hxxp://www.google.com/ uDefault_Page_URL = hxxp://my.oracle.com uInternet Settings,ProxyOverride = *.oracle.com;*.oracleads.com;*.us.oracle.com;*.uk.oracle.com;*.ca.oracle.com;*.oraclecorp.com;*.oracleportal.com;*.local;<local> uURLSearchHooks: McAfee SiteAdvisor Toolbar: {0ebbbe48-bad4-4b4c-8e5a-516abecae064} - C:\Program Files (x86)\McAfee\SiteAdvisor Enterprise\McIEPlg.dll mWinlogon: Userinit=userinit.exe BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll BHO: McAfee SiteAdvisor BHO: {b164e929-a1b6-4a06-b104-2cd0e90a88ff} - C:\Program Files (x86)\McAfee\SiteAdvisor Enterprise\McIEPlg.dll BHO: IEHlprObjClass: {ce7c3cf0-4b15-11d1-abed-709549c10000} - C:\Program Files (x86)\Kensington\MouseWorks\IE_KMW.DLL BHO: Java Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll TB: McAfee SiteAdvisor Toolbar: {0ebbbe48-bad4-4b4c-8e5a-516abecae064} - C:\Program Files (x86)\McAfee\SiteAdvisor Enterprise\McIEPlg.dll uRun: [uTorrent] "C:\Program Files (x86)\uTorrent\uTorrent.exe" /MINIMIZED uRun: [Google Update] "C:\Users\gpitts\AppData\Local\Google\Update\GoogleUpdate.exe" /c mRun: [TkBellExe] "C:\Program Files (x86)\Common Files\Real\Update_OB\realsched.exe" -osboot mRun: [shStatEXE] "C:\Program Files (x86)\McAfee\VirusScan Enterprise\SHSTAT.EXE" /STANDALONE mRun: [McAfee Host Intrusion Prevention Tray] "C:\Program Files (x86)\McAfee\Host Intrusion Prevention\FireTray.exe" mRun: [safeBootTrayManager] "C:\Program Files (x86)\SafeBoot Tray Manager\SbTrayManager.exe" mRun: [safeBootTokenWatcher] "C:\Program Files (x86)\McAfee\Endpoint Encryption for PC\SbTokWatch.exe" mRun: [McAfeeUpdaterUI] "C:\Program Files (x86)\McAfee\Common Framework\udaterui.exe" /StartedFromRunKey mRun: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" mRun: [APSDaemon] "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe" mRun: [iTunesHelper] "C:\Program Files (x86)\iTunes\iTunesHelper.exe" mRun: [QuickTime Task] "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime mRun: [kmw_run.exe] kmw_run.exe mRun: [MSWheel] dRunOnce: [ClickToCallConfig] C:\ProgramData\Oracle\BaseImage\config\realplayerent_config.exe /SS=YES StartupFolder: C:\Users\gpitts\AppData\Roaming\MICROS~1\Windows\STARTM~1\Programs\Startup\Dropbox.lnk - C:\Users\gpitts\AppData\Roaming\Dropbox\bin\Dropbox.exe StartupFolder: C:\Users\gpitts\AppData\Roaming\MICROS~1\Windows\STARTM~1\Programs\Startup\ORACLE~1.LNK - C:\Program Files (x86)\Oracle\Oracle Open Office 3\program\quickstart.exe StartupFolder: C:\Users\gpitts\AppData\Roaming\MICROS~1\Windows\STARTM~1\Programs\Startup\PDANET~1.LNK - C:\Program Files (x86)\PdaNet for Android\PdaNetPC.exe StartupFolder: C:\PROGRA~3\MICROS~1\Windows\STARTM~1\Programs\Startup\BLUETO~1.LNK - C:\Program Files (x86)\WIDCOMM\Bluetooth Software\BTTray.exe StartupFolder: C:\PROGRA~3\MICROS~1\Windows\STARTM~1\Programs\Startup\DELLSY~1.LNK - C:\Program Files (x86)\Dell\Dell System Manager\DCPSysMgr.exe mPolicies-explorer: NoActiveDesktop = 1 (0x1) mPolicies-explorer: NoActiveDesktopChanges = 1 (0x1) mPolicies-system: ConsentPromptBehaviorAdmin = 5 (0x5) mPolicies-system: ConsentPromptBehaviorUser = 3 (0x3) mPolicies-system: EnableUIADesktopToggle = 0 (0x0) mPolicies-system: HideFastUserSwitching = 1 (0x1) IE: E&xport to Microsoft Excel - C:\PROGRA~2\MICROS~2\Office12\EXCEL.EXE/3000 IE: Send image to &Bluetooth Device... - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm IE: Send page to &Bluetooth Device... - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm IE: {c95fe080-8f5d-11d2-a20b-00aa003c157a} IE: {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - C:\PROGRA~2\MICROS~2\Office12\REFIEBAR.DLL Trusted Zone: oracle.com\login Trusted Zone: oraclecorp.com\global-ebusiness Trusted Zone: oraclecorp.com\global-erp Trusted Zone: oraclecorp.com\global-hrms Trusted Zone: oraclecorp.com\global-service Trusted Zone: oraclevpn.com\myaccess Trusted Zone: oracle.com\login Trusted Zone: oraclecorp.com\global-ebusiness Trusted Zone: oraclecorp.com\global-erp Trusted Zone: oraclecorp.com\global-hrms Trusted Zone: oraclecorp.com\global-service Trusted Zone: oraclevpn.com\myaccess DPF: {00191E4B-49C2-48E2-A548-8F702D75622A} - hxxps://strtc.oracle.com/imtapp/res/jar/cnsload.cab DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_24-windows-i586.cab DPF: {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_24-windows-i586.cab DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_24-windows-i586.cab DPF: {E06E2E99-0AA1-11D4-ABA6-0060082AA75C} - hxxps://oraclemeetings.webex.com/client/WBXclient-T27L10NSP25-10481/training/ieatgpc1.cab TCP: DhcpNameServer = 192.168.1.1 TCP: Interfaces\{9F277400-DDF6-45DC-8E0E-97D2EA593464} : DhcpNameServer = 192.168.1.1 TCP: Interfaces\{9F277400-DDF6-45DC-8E0E-97D2EA593464}\2456C6C614538323 : DhcpNameServer = 192.168.0.1 TCP: Interfaces\{9F277400-DDF6-45DC-8E0E-97D2EA593464}\74053575966696 : DhcpNameServer = 192.168.0.1 TCP: Interfaces\{9F277400-DDF6-45DC-8E0E-97D2EA593464}\74350575966496 : DhcpNameServer = 192.168.0.1 TCP: Interfaces\{9F277400-DDF6-45DC-8E0E-97D2EA593464}\F467562746279667560527F6241363 : DhcpNameServer = 192.168.0.1 Handler: dssrequest - {5513F07E-936B-4E52-9B00-067394E91CC5} - C:\Program Files (x86)\McAfee\SiteAdvisor Enterprise\McIEPlg.dll Handler: sacore - {5513F07E-936B-4E52-9B00-067394E91CC5} - C:\Program Files (x86)\McAfee\SiteAdvisor Enterprise\McIEPlg.dll AppInit_DLLs: BHO-X64: Adobe PDF Link Helper: {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll BHO-X64: AcroIEHelperStub - No File BHO-X64: McAfee SiteAdvisor BHO: {B164E929-A1B6-4A06-B104-2CD0E90A88FF} - C:\Program Files (x86)\McAfee\SiteAdvisor Enterprise\McIEPlg.dll BHO-X64: IEHlprObjClass: {CE7C3CF0-4B15-11D1-ABED-709549C10000} - C:\Program Files (x86)\Kensington\MouseWorks\IE_KMW.DLL BHO-X64: Java Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll TB-X64: McAfee SiteAdvisor Toolbar: {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - C:\Program Files (x86)\McAfee\SiteAdvisor Enterprise\McIEPlg.dll mRun-x64: [TkBellExe] "C:\Program Files (x86)\Common Files\Real\Update_OB\realsched.exe" -osboot mRun-x64: [shStatEXE] "C:\Program Files (x86)\McAfee\VirusScan Enterprise\SHSTAT.EXE" /STANDALONE mRun-x64: [McAfee Host Intrusion Prevention Tray] "C:\Program Files (x86)\McAfee\Host Intrusion Prevention\FireTray.exe" mRun-x64: [safeBootTrayManager] "C:\Program Files (x86)\SafeBoot Tray Manager\SbTrayManager.exe" mRun-x64: [safeBootTokenWatcher] "C:\Program Files (x86)\McAfee\Endpoint Encryption for PC\SbTokWatch.exe" mRun-x64: [McAfeeUpdaterUI] "C:\Program Files (x86)\McAfee\Common Framework\udaterui.exe" /StartedFromRunKey mRun-x64: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" mRun-x64: [APSDaemon] "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe" mRun-x64: [iTunesHelper] "C:\Program Files (x86)\iTunes\iTunesHelper.exe" mRun-x64: [QuickTime Task] "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime mRun-x64: [kmw_run.exe] kmw_run.exe mRun-x64: [MSWheel] IE-X64: {c95fe080-8f5d-11d2-a20b-00aa003c157a} IE-X64: {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm AppInit_DLLs-X64: . ================= FIREFOX =================== . FF - ProfilePath - C:\Users\gpitts\AppData\Roaming\Mozilla\Firefox\Profiles\cgm06i81.default\ FF - prefs.js: browser.startup.homepage - hxxp://www.searchqu.com//406 FF - prefs.js: browser.search.selectedEngine - Web Search FF - prefs.js: keyword.URL - hxxp://www.searchqu.com/web?src=ffb&appid=150&systemid=406&sr=0&q= FF - prefs.js: network.proxy.type - 2 FF - component: C:\Program Files (x86)\McAfee\SiteAdvisor Enterprise\components\McFFPlg.dll FF - plugin: C:\Program Files (x86)\Java\jre6\bin\new_plugin\npdeployJava1.dll FF - plugin: C:\Program Files (x86)\Mozilla Firefox\plugins\npdeployJava1.dll FF - plugin: C:\Program Files (x86)\Real\RealPlayer Enterprise\Netscape6\nppl3260.dll FF - plugin: C:\Program Files (x86)\Real\RealPlayer Enterprise\Netscape6\nprjplug.dll FF - plugin: C:\Program Files (x86)\Real\RealPlayer Enterprise\Netscape6\nprpjplug.dll FF - plugin: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32.dll FF - Ext: Default: {972ce4c6-7e08-4474-a285-3208198ce6fd} - C:\Program Files (x86)\Mozilla Firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd} FF - Ext: Java Console: {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA} - C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA} FF - Ext: McAfee SiteAdvisor Enterprise: {B7082FAA-CB62-4872-9106-E42DD88EDE45} - C:\Program Files (x86)\McAfee\SiteAdvisor Enterprise . ============= SERVICES / DRIVERS =============== . R0 MfeEERM;MfeEERM;C:\Windows\System32\drivers\MfeEERM.sys [2010-12-17 226504] R0 mfehidk;McAfee Inc. mfehidk;C:\windows\system32\drivers\mfehidk.sys --> C:\windows\system32\drivers\mfehidk.sys [?] R3 Acceler;Accelerometer Service;C:\windows\system32\DRIVERS\Accelern.sys --> C:\windows\system32\DRIVERS\Accelern.sys [?] R3 BTWAMPFL;BTWAMPFL;C:\windows\system32\DRIVERS\btwampfl.sys --> C:\windows\system32\DRIVERS\btwampfl.sys [?] R3 btwl2cap;Bluetooth L2CAP Service;C:\windows\system32\DRIVERS\btwl2cap.sys --> C:\windows\system32\DRIVERS\btwl2cap.sys [?] R3 cvusbdrv;Dell ControlVault;C:\windows\system32\Drivers\cvusbdrv.sys --> C:\windows\system32\Drivers\cvusbdrv.sys [?] R3 e1cexpress;Intel® PRO/1000 PCI Express Network Connection Driver C;C:\windows\system32\DRIVERS\e1c62x64.sys --> C:\windows\system32\DRIVERS\e1c62x64.sys [?] R3 FirehkMP;FirehkMP;C:\windows\system32\DRIVERS\firehk.sys --> C:\windows\system32\DRIVERS\firehk.sys [?] R3 HIPK;McAfee Inc. HIPK;C:\windows\system32\drivers\HIPK.sys --> C:\windows\system32\drivers\HIPK.sys [?] R3 HIPPSK;McAfee Inc. HIPPSK;C:\windows\system32\drivers\HIPPSK.sys --> C:\windows\system32\drivers\HIPPSK.sys [?] R3 HIPQK;McAfee Inc. HIPQK;C:\windows\system32\drivers\HIPQK.sys --> C:\windows\system32\drivers\HIPQK.sys [?] R3 IntcDAud;Intel® Display Audio;C:\windows\system32\DRIVERS\IntcDAud.sys --> C:\windows\system32\DRIVERS\IntcDAud.sys [?] R3 MBAMProtector;MBAMProtector;\??\C:\windows\system32\drivers\mbam.sys --> C:\windows\system32\drivers\mbam.sys [?] R3 MEIx64;Intel® Management Engine Interface;C:\windows\system32\DRIVERS\HECIx64.sys --> C:\windows\system32\DRIVERS\HECIx64.sys [?] R3 mfeavfk;McAfee Inc. mfeavfk;C:\windows\system32\drivers\mfeavfk.sys --> C:\windows\system32\drivers\mfeavfk.sys [?] S3 androidusb;SAMSUNG Android Composite ADB Interface Driver;C:\windows\system32\Drivers\ssadadb.sys --> C:\windows\system32\Drivers\ssadadb.sys [?] S3 dmvsc;dmvsc;C:\windows\system32\drivers\dmvsc.sys --> C:\windows\system32\drivers\dmvsc.sys [?] S3 Firehk;McAfee NDIS Intermediate Filter;C:\windows\system32\DRIVERS\firehk.sys --> C:\windows\system32\DRIVERS\firehk.sys [?] S3 ivusb;Initio Driver for USB Default Controller;C:\windows\system32\DRIVERS\ivusb.sys --> C:\windows\system32\DRIVERS\ivusb.sys [?] S3 L6PODHD5;Service - Line 6 POD HD500;C:\windows\system32\Drivers\L6PODHD564.sys --> C:\windows\system32\Drivers\L6PODHD564.sys [?] S3 mferkdet;McAfee Inc. mferkdet;C:\windows\system32\drivers\mferkdet.sys --> C:\windows\system32\drivers\mferkdet.sys [?] . =============== Created Last 30 ================ . 2011-11-23 15:09:19 14909 ----a-w- C:\ProgramData\tmp7DB7.tmp 2011-11-23 15:03:01 14909 ----a-w- C:\ProgramData\tmp908C.tmp 2011-11-23 15:00:56 14909 ----a-w- C:\ProgramData\tmpA998.tmp 2011-11-23 01:22:54 -------- d-----w- C:\Users\gpitts\AppData\Roaming\Malwarebytes 2011-11-23 01:22:48 -------- d-----w- C:\ProgramData\Malwarebytes 2011-11-23 01:22:43 25416 ----a-w- C:\windows\System32\drivers\mbam.sys 2011-11-23 01:22:42 -------- d-----w- C:\Program Files (x86)\Malwarebytes' Anti-Malware 2011-11-16 13:31:30 40328 ----a-w- C:\windows\SysWow64\HIPIS0e011b5.dll 2011-11-16 13:31:29 47080 ----a-w- C:\windows\System32\HIPIS0e011b5.dll 2011-11-13 14:43:16 15360 ----a-w- C:\windows\System32\drivers\pneteth.sys 2011-11-13 14:43:14 -------- d-----w- C:\Program Files (x86)\PdaNet for Android 2011-11-13 05:10:13 886784 ----a-w- C:\Program Files\Common Files\System\wab32.dll 2011-11-13 05:10:12 708608 ----a-w- C:\Program Files (x86)\Common Files\System\wab32.dll 2011-11-13 05:10:11 1923952 ----a-w- C:\windows\System32\drivers\tcpip.sys 2011-11-13 05:08:44 3144704 ----a-w- C:\windows\System32\win32k.sys 2011-11-02 16:33:29 -------- d-----w- C:\Program Files\Microsoft IntelliType Pro 2011-11-02 16:32:32 92032 ----a-w- C:\windows\SysWow64\drivers\kmw_sys.sys 2011-11-02 16:32:32 5760 ----a-w- C:\windows\SysWow64\drivers\kmw_kbd.sys 2011-11-02 16:32:32 4992 ----a-w- C:\windows\SysWow64\drivers\kmw_lib.sys 2011-11-02 16:32:32 10496 ----a-w- C:\windows\SysWow64\drivers\kmw_usb.sys 2011-11-02 16:32:31 188416 ----a-w- C:\windows\SysWow64\kmw_show.exe 2011-11-02 16:32:31 122880 ----a-w- C:\windows\SysWow64\kmw_dll.dll 2011-11-02 16:32:31 118784 ----a-w- C:\windows\SysWow64\kmw_run.exe 2011-11-02 16:32:18 -------- d-----w- C:\Program Files (x86)\Kensington 2011-11-02 16:31:48 32768 ----a-w- C:\Program Files (x86)\Common Files\InstallShield\Professional\RunTime\Objectps.dll 2011-11-02 16:31:47 69715 ----a-w- C:\Program Files (x86)\Common Files\InstallShield\Professional\RunTime\09\01\Intel32\ctor.dll 2011-11-02 16:31:47 266240 ----a-w- C:\Program Files (x86)\Common Files\InstallShield\Professional\RunTime\09\01\Intel32\iscript.dll 2011-11-02 16:31:47 192512 ----a-w- C:\Program Files (x86)\Common Files\InstallShield\Professional\RunTime\09\01\Intel32\iuser.dll 2011-11-02 16:31:46 729088 ----a-w- C:\Program Files (x86)\Common Files\InstallShield\Professional\RunTime\09\01\Intel32\iKernel.dll 2011-11-02 16:31:46 5632 ----a-w- C:\Program Files (x86)\Common Files\InstallShield\Professional\RunTime\09\01\Intel32\DotNetInstaller.exe 2011-11-02 16:31:42 188548 ----a-w- C:\Program Files (x86)\Common Files\InstallShield\Professional\RunTime\09\01\Intel32\iGdi.dll 2011-11-02 16:31:38 311428 ----a-w- C:\Program Files (x86)\Common Files\InstallShield\Professional\RunTime\09\01\Intel32\setup.dll 2011-11-02 15:39:13 -------- d-----w- C:\Program Files (x86)\Lame For Audacity 2011-11-01 13:58:50 -------- d-----w- C:\Program Files (x86)\viewsonic 2011-11-01 13:56:53 225280 ------w- C:\Program Files (x86)\Common Files\InstallShield\IScript\iscript.dll 2011-11-01 13:56:52 77824 ----a-w- C:\Program Files (x86)\Common Files\InstallShield\Engine\6\Intel 32\ctor.dll 2011-11-01 13:56:52 32768 ------w- C:\Program Files (x86)\Common Files\InstallShield\Engine\6\Intel 32\objectps.dll 2011-11-01 13:56:52 176128 ------w- C:\Program Files (x86)\Common Files\InstallShield\Engine\6\Intel 32\iuser.dll 2011-11-01 13:56:51 614532 ----a-w- C:\Program Files (x86)\Common Files\InstallShield\Engine\6\Intel 32\IKernel.exe 2011-10-31 16:26:51 -------- d-----w- C:\Program Files (x86)\Audacity 1.3 Beta (Unicode) 2011-10-29 18:17:34 2048 ----a-w- C:\windows\SysWow64\tzres.dll 2011-10-29 18:17:34 2048 ----a-w- C:\windows\System32\tzres.dll 2011-10-27 23:08:24 24013 ----a-w- C:\ProgramData\tmpEED1.tmp 2011-10-24 18:29:02 94208 ----a-w- C:\windows\SysWow64\QuickTimeVR.qtx 2011-10-24 18:29:02 69632 ----a-w- C:\windows\SysWow64\QuickTime.qts 2011-10-24 18:23:26 -------- d-----w- C:\Users\gpitts\AppData\Local\Google 2011-10-24 18:22:37 -------- d-----w- C:\Users\gpitts\AppData\Local\Deployment 2011-10-24 18:22:37 -------- d-----w- C:\Users\gpitts\AppData\Local\Apps . ==================== Find3M ==================== . 2011-11-07 22:02:08 140864 ----a-w- C:\windows\SysWow64\KevlarSigs.dll 2011-10-16 12:37:43 414368 ----a-w- C:\windows\SysWow64\FlashPlayerCPLApp.cpl 2011-10-14 01:52:18 50512 ----a-w- C:\ProgramData\tmp7CB9.tmp 2011-10-01 03:25:37 1638912 ----a-w- C:\windows\System32\mshtml.tlb 2011-10-01 02:42:56 1638912 ----a-w- C:\windows\SysWow64\mshtml.tlb 2011-09-25 14:35:28 159838 ----a-w- C:\windows\SysWow64\DirShowEXMyVC.dll 2011-09-08 16:27:28 39464 ----a-w- C:\windows\System32\drivers\btwl2cap.sys 2011-09-08 16:27:28 348712 ----a-w- C:\windows\System32\drivers\btwampfl.sys 2011-09-08 16:27:28 22056 ----a-w- C:\windows\System32\btwcoins.dll 2011-09-08 16:27:28 21416 ----a-w- C:\windows\System32\drivers\btwrchid.sys 2011-09-08 16:27:28 138280 ----a-w- C:\windows\System32\drivers\btwavdt.sys 2011-09-08 16:27:28 106536 ----a-w- C:\windows\System32\drivers\btwaudio.sys 2011-08-31 03:05:32 96104 ----a-w- C:\windows\System32\dns-sd.exe 2011-08-31 03:05:32 85864 ----a-w- C:\windows\System32\dnssd.dll 2011-08-31 03:05:32 61288 ----a-w- C:\windows\System32\jdns_sd.dll 2011-08-31 03:05:32 212840 ----a-w- C:\windows\System32\dnssdX.dll 2011-08-31 03:05:04 83816 ----a-w- C:\windows\SysWow64\dns-sd.exe 2011-08-31 03:05:04 73064 ----a-w- C:\windows\SysWow64\dnssd.dll 2011-08-31 03:05:04 50536 ----a-w- C:\windows\SysWow64\jdns_sd.dll 2011-08-31 03:05:04 178536 ----a-w- C:\windows\SysWow64\dnssdX.dll 2011-08-27 05:37:49 861696 ----a-w- C:\windows\System32\oleaut32.dll 2011-08-27 05:37:48 331776 ----a-w- C:\windows\System32\oleacc.dll 2011-08-27 04:26:27 571904 ----a-w- C:\windows\SysWow64\oleaut32.dll 2011-08-27 04:26:27 233472 ----a-w- C:\windows\SysWow64\oleacc.dll . ============= FINISH: 10:34:24.15 ===============

FYI, I am still unable to remove Webroot, although I was able to stop the annoying notice from popping up every time IO start windows. We're putting the Pro version of Malwarebytes on all of our home PCs, by the way. This doesn't replace anti-virus though, right? We still need both?

Oops. Sorry for posting the attach.txt file, but the instructions in the pinned post say to post it. Now as I read the post I see the file itself instructs me NOT to post it. Greg

I then ran DDS and the following text files were created: DDS.txt . DDS (Ver_2011-08-26.01) - NTFSx86 Internet Explorer: 7.0.6001.18000 Run by SUPER USER at 10:21:41 on 2011-10-20 Microsoft® Windows Vista™ Home Premium 6.0.6001.1.1252.1.1033.18.1915.903 [GMT -4:00] . AV: Webroot Internet Security Essentials *Disabled/Updated* {3A033352-45FD-579C-DF47-2D2DA7A56A3D} SP: Webroot Internet Security Essentials *Disabled/Updated* {8162D2B6-63C7-5812-E5F7-165FDC222080} SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46} FW: Webroot Internet Security Essentials *Disabled* {0238B277-0F92-56C4-F418-841859762D46} . ============== Running Processes =============== . C:\PROGRA~1\AVG\AVG10\avgchsvx.exe C:\Windows\system32\wininit.exe C:\Windows\system32\lsm.exe C:\Windows\system32\svchost.exe -k DcomLaunch C:\Windows\Microsoft.Net\Framework\v3.0\WPF\PresentationFontCache.exe C:\Windows\system32\svchost.exe -k rpcss C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted C:\Windows\system32\svchost.exe -k netsvcs C:\Windows\system32\SLsvc.exe C:\Windows\system32\svchost.exe -k LocalService C:\Windows\system32\svchost.exe -k NetworkService C:\Windows\system32\WLANExt.exe C:\Windows\system32\taskeng.exe C:\Windows\System32\spoolsv.exe C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork C:\Windows\system32\rundll32.exe C:\Windows\system32\agrsmsvc.exe C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe C:\Program Files\AVG\AVG10\avgwdsvc.exe C:\Program Files\TOSHIBA\ConfigFree\CFSvcs.exe C:\Windows\system32\lxddcoms.exe C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE C:\Program Files\PostgreSQL\8.3\bin\pg_ctl.exe C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted C:\Windows\system32\svchost.exe -k imgsvc C:\Program Files\TOSHIBA\TOSHIBA Service Station\TMachInfo.exe C:\Program Files\AVG\AVG10\avgnsx.exe C:\Program Files\Toshiba\TOSHIBA DVD PLAYER\TNaviSrv.exe C:\Windows\system32\TODDSrv.exe C:\Program Files\PostgreSQL\8.3\bin\postgres.exe C:\Program Files\Toshiba\Power Saver\TosCoSrv.exe C:\Program Files\TOSHIBA\SMARTLogService\TosIPCSrv.exe C:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe C:\Windows\System32\svchost.exe -k WerSvcGroup C:\Program Files\PostgreSQL\8.3\bin\postgres.exe C:\Windows\system32\SearchIndexer.exe C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTMon.exe C:\Program Files\PostgreSQL\8.3\bin\postgres.exe C:\Program Files\PostgreSQL\8.3\bin\postgres.exe C:\Program Files\PostgreSQL\8.3\bin\postgres.exe C:\Program Files\PostgreSQL\8.3\bin\postgres.exe C:\Program Files\AVG\AVG10\Identity Protection\Agent\Bin\AVGIDSAgent.exe C:\Windows\system32\Dwm.exe C:\Windows\system32\taskeng.exe C:\Windows\Explorer.EXE C:\Windows\System32\hkcmd.exe C:\Windows\System32\igfxpers.exe C:\Windows\RtHDVCpl.exe C:\Program Files\Intel\Intel Matrix Storage Manager\IAAnotif.exe C:\Program Files\Synaptics\SynTP\SynTPEnh.exe C:\Program Files\Toshiba\Power Saver\TPwrMain.exe C:\Program Files\Toshiba\SmoothView\SmoothView.exe C:\Program Files\Toshiba\FlashCards\TCrdMain.exe C:\Program Files\Toshiba\ConfigFree\NDSTray.exe C:\Program Files\Toshiba\TOSHIBA Service Station\TSS.exe C:\Program Files\iTunes\iTunesHelper.exe C:\Program Files\Adobe\Acrobat 9.0\Acrobat\acrotray.exe C:\Program Files\AVG\AVG10\avgtray.exe C:\Windows\System32\wpcumi.exe C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe C:\Windows\system32\igfxsrvc.exe C:\Program Files\Toshiba\TOSCDSPD\TOSCDSPD.exe C:\Windows\ehome\ehtray.exe C:\Windows\ehome\ehmsas.exe C:\Program Files\Toshiba\ConfigFree\CFSwMgr.exe C:\Program Files\iPod\bin\iPodService.exe C:\Windows\system32\igfxext.exe C:\Program Files\AVG\AVG10\Identity Protection\agent\bin\avgidsmonitor.exe C:\Program Files\Windows Media Player\wmpnscfg.exe C:\Program Files\Windows Media Player\wmpnetwk.exe C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe C:\Program Files\Internet Explorer\ieuser.exe C:\Windows\system32\wuauclt.exe C:\Program Files\Internet Explorer\iexplore.exe C:\Windows\system32\Macromed\Flash\FlashUtil10x_ActiveX.exe C:\Windows\system32\wbem\wmiprvse.exe C:\Windows\system32\DllHost.exe C:\Windows\system32\DllHost.exe C:\Windows\system32\wbem\wmiprvse.exe . ============== Pseudo HJT Report =============== . uStart Page = hxxp://www.google.com/ uDefault_Page_URL = hxxp://www.toshibadirect.com/dpdstart mDefault_Page_URL = hxxp://www.toshibadirect.com/dpdstart BHO: Adobe PDF Reader Link Helper: {06849e9f-c8d7-4d59-b87d-784b7d6be0b3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelper.dll BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll BHO: AVG Safe Search: {3ca2f312-6f6e-4b53-a66e-4e65e497c8c0} - c:\program files\avg\avg10\avgssie.dll BHO: WhiteSmoke Toolbar: {52794457-af6c-4c50-9def-f2e24f4c8889} - c:\program files\whitesmoketoolbar\whitesmoketoolbarX.dll BHO: SSVHelper Class: {761497bb-d6f0-462c-b6eb-d4daf1d92d43} - c:\program files\java\jre1.6.0_06\bin\ssv.dll BHO: Windows Live Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - c:\program files\common files\microsoft shared\windows live\WindowsLiveLogin.dll BHO: Adobe PDF Conversion Toolbar Helper: {ae7cd045-e861-484f-8273-0445ee161910} - c:\program files\common files\adobe\acrobat\activex\AcroIEFavClient.dll BHO: SmartSelect Class: {f4971ee7-daa0-4053-9964-665d8ee6a077} - c:\program files\common files\adobe\acrobat\activex\AcroIEFavClient.dll TB: Adobe PDF: {47833539-d0c5-4125-9fa8-0819e2eaac93} - c:\program files\common files\adobe\acrobat\activex\AcroIEFavClient.dll TB: WhiteSmoke Toolbar: {52794457-af6c-4c50-9def-f2e24f4c8889} - c:\program files\whitesmoketoolbar\whitesmoketoolbarX.dll uRun: [TOSCDSPD] TOSCDSPD.EXE uRun: [ehTray.exe] c:\windows\ehome\ehTray.exe mRun: [igfxTray] "c:\windows\system32\igfxtray.exe" mRun: [HotKeysCmds] "c:\windows\system32\hkcmd.exe" mRun: [Persistence] "c:\windows\system32\igfxpers.exe" mRun: [RtHDVCpl] "RtHDVCpl.exe" mRun: [iAAnotif] "c:\program files\intel\intel matrix storage manager\iaanotif.exe" mRun: [synTPEnh] "c:\program files\synaptics\syntp\SynTPEnh.exe" mRun: [TPwrMain] "%ProgramFiles%\TOSHIBA\Power Saver\TPwrMain.EXE" mRun: [HSON] "%ProgramFiles%\TOSHIBA\TBS\HSON.exe" mRun: [smoothView] "%ProgramFiles%\Toshiba\SmoothView\SmoothView.exe" mRun: [00TCrdMain] "%ProgramFiles%\TOSHIBA\FlashCards\TCrdMain.exe" mRun: [NDSTray.exe] NDSTray.exe mRun: [cfFncEnabler.exe] cfFncEnabler.exe mRun: [ToshibaServiceStation] "c:\program files\toshiba\toshiba service station\TSS.exe" /hide mRun: [QuickTime Task] "c:\program files\quicktime\QTTask.exe" -atboottime mRun: [iTunesHelper] "c:\program files\itunes\iTunesHelper.exe" mRun: [Adobe Acrobat Speed Launcher] "c:\program files\adobe\acrobat 9.0\acrobat\Acrobat_sl.exe" mRun: [Acrobat Assistant 8.0] "c:\program files\adobe\acrobat 9.0\acrobat\Acrotray.exe" mRun: [AVG_TRAY] c:\program files\avg\avg10\avgtray.exe mRun: [WPCUMI] c:\windows\system32\WpcUmi.exe mRun: [Malwarebytes' Anti-Malware] "c:\program files\malwarebytes' anti-malware\mbamgui.exe" /starttray dRun: [JP595IR86O] c:\windows\temp\Oh1.exe StartupFolder: c:\progra~2\micros~1\windows\startm~1\programs\startup\adobeg~1.lnk - c:\program files\common files\adobe\calibration\Adobe Gamma Loader.exe mPolicies-system: EnableUIADesktopToggle = 0 (0x0) IE: Append Link Target to Existing PDF - c:\program files\common files\adobe\acrobat\activex\AcroIEFavClient.dll/AcroIEAppendSelLinks.html IE: Append to Existing PDF - c:\program files\common files\adobe\acrobat\activex\AcroIEFavClient.dll/AcroIEAppend.html IE: Convert Link Target to Adobe PDF - c:\program files\common files\adobe\acrobat\activex\AcroIEFavClient.dll/AcroIECaptureSelLinks.html IE: Convert to Adobe PDF - c:\program files\common files\adobe\acrobat\activex\AcroIEFavClient.dll/AcroIECapture.html IE: E&xport to Microsoft Excel - c:\progra~1\micros~3\office11\EXCEL.EXE/3000 IE: {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - c:\programs\partygaming\partypoker\RunApp.exe IE: {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - {CAFEEFAC-0016-0000-0006-ABCDEFFEDCBC} - c:\program files\java\jre1.6.0_06\bin\ssv.dll IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~3\office11\REFIEBAR.DLL LSP: c:\windows\system32\wpclsp.dll DPF: {02BCC737-B171-4746-94C9-0D8A0B2C0089} - hxxp://office.microsoft.com/sites/production/ieawsdc32.cab DPF: {8100D56A-5661-482C-BEE8-AFECE305D968} - hxxp://upload.facebook.com/controls/2009.07.28_v5.5.8.1/FacebookPhotoUploader55.cab DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_06-windows-i586.cab DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} - hxxp://fpdownload.macromedia.com/get/flashplayer/current/polarbear/ultrashim.cab DPF: {CAFEEFAC-0015-0000-0006-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.5.0/jinstall-1_5_0_06-windows-i586.cab DPF: {CAFEEFAC-0016-0000-0006-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_06-windows-i586.cab DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_06-windows-i586.cab DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab TCP: DhcpNameServer = 192.168.1.1 TCP: Interfaces\{0A2E6BA9-3B42-4B4C-BBFB-E7D86FD7E9DB} : DhcpNameServer = 192.168.10.1 TCP: Interfaces\{73D31E00-DC1F-490B-A3EE-B4CA0DAFFBBB} : DhcpNameServer = 192.168.1.1 Handler: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - c:\program files\avg\avg10\avgpp.dll Notify: igfxcui - igfxdev.dll AppInit_DLLs: acaptuser32.dll . ============= SERVICES / DRIVERS =============== . R0 AVGIDSEH;AVGIDSEH;c:\windows\system32\drivers\AVGIDSEH.sys [2011-2-22 22992] R0 Avgrkx86;AVG Anti-Rootkit Driver;c:\windows\system32\drivers\avgrkx86.sys [2011-7-11 32464] R0 ssfs0bbc;ssfs0bbc;c:\windows\system32\drivers\ssfs0bbc.sys [2009-4-21 29808] R1 Avgldx86;AVG AVI Loader Driver;c:\windows\system32\drivers\avgldx86.sys [2011-7-11 229840] R1 Avgmfx86;AVG Mini-Filter Resident Anti-Virus Shield;c:\windows\system32\drivers\avgmfx86.sys [2011-3-1 34896] R1 Avgtdix;AVG TDI Driver;c:\windows\system32\drivers\avgtdix.sys [2011-4-5 297168] R1 jswpslwf;JumpStart Wireless Filter Driver;c:\windows\system32\drivers\jswpslwf.sys [2008-12-16 20384] R1 pwipf6;Privacyware Filter Driver;c:\windows\system32\drivers\pwipf6.sys [2009-9-13 101128] R2 AVGIDSAgent;AVGIDSAgent;c:\program files\avg\avg10\identity protection\agent\bin\AVGIDSAgent.exe [2011-8-18 7390560] R2 avgwd;AVG WatchDog;c:\program files\avg\avg10\avgwdsvc.exe [2011-2-8 269520] R2 ConfigFree Service;ConfigFree Service;c:\program files\toshiba\configfree\CFSvcs.exe [2008-4-17 40960] R2 lxdd_device;lxdd_device;c:\windows\system32\lxddcoms.exe -service --> c:\windows\system32\lxddcoms.exe -service [?] R2 MBAMService;MBAMService;c:\program files\malwarebytes' anti-malware\mbamservice.exe [2011-10-20 366152] R2 pgsql-8.3;PostgreSQL Database Server 8.3;c:\program files\postgresql\8.3\bin\pg_ctl.exe [2008-9-19 65536] R2 TMachInfo;TMachInfo;c:\program files\toshiba\toshiba service station\TMachInfo.exe [2008-8-18 46392] R2 TOSHIBA SMART Log Service;TOSHIBA SMART Log Service;c:\program files\toshiba\smartlogservice\TosIPCSrv.exe [2007-12-3 126976] R3 AVGIDSDriver;AVGIDSDriver;c:\windows\system32\drivers\AVGIDSDriver.sys [2011-5-27 134480] R3 AVGIDSFilter;AVGIDSFilter;c:\windows\system32\drivers\AVGIDSFilter.sys [2011-2-10 24144] R3 AVGIDSShim;AVGIDSShim;c:\windows\system32\drivers\AVGIDSShim.sys [2011-2-10 28624] R3 FwLnk;FwLnk Driver;c:\windows\system32\drivers\FwLnk.sys [2008-8-18 7168] R3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [2011-10-20 22216] S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\microsoft.net\framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384] S3 ivusb;Initio Driver for 1530 USB Default Controller;c:\windows\system32\drivers\ivusb_x86.sys [2011-9-29 18432] S3 jswpsapi;Jumpstart Wifi Protected Setup;c:\program files\jumpstart\jswpsapi.exe [2008-12-16 954368] S3 KORGUMDS;KORG USB-MIDI Driver for Windows;c:\windows\system32\drivers\KORGUMDS.SYS [2010-12-8 22304] S3 SVRPEDRV;SVRPEDRV;c:\windows\system32\sysprep\PEDRV.SYS [2008-8-21 9216] S3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;c:\windows\microsoft.net\framework\v4.0.30319\wpf\WPFFontCache_v0400.exe [2010-3-18 753504] S4 WebrootSpySweeperService;Webroot Spy Sweeper Engine;c:\program files\webroot\webrootsecurity\SpySweeper.exe [2009-4-21 4048240] S4 WRConsumerService;Webroot Client Service;c:\program files\webroot\webrootsecurity\WRConsumerService.exe [2009-9-13 1205760] . =============== Created Last 30 ================ . 2011-10-20 13:18:29 -------- d-----w- c:\users\super user\appdata\roaming\Malwarebytes 2011-10-20 13:18:24 -------- d-----w- c:\programdata\Malwarebytes 2011-10-20 13:18:21 22216 ----a-w- c:\windows\system32\drivers\mbam.sys 2011-10-20 13:18:21 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware 2011-09-29 19:12:17 18432 ----a-w- c:\windows\system32\drivers\ivusb_x86.sys 2011-09-29 19:12:17 -------- d-----w- c:\program files\initio 2011-09-29 17:54:54 -------- d-----w- c:\users\super user\appdata\roaming\AVG2012 2011-09-29 17:54:30 -------- d-----w- c:\programdata\AVG2012 . ==================== Find3M ==================== . 2011-09-29 18:49:03 404640 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl . ============= FINISH: 10:22:39.52 =============== and from Attach.txt . UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG. IF REQUESTED, ZIP IT UP & ATTACH IT . DDS (Ver_2011-08-26.01) . Microsoft® Windows Vista™ Home Premium Boot Device: \Device\HarddiskVolume2 Install Date: 12/16/2008 8:43:19 AM System Uptime: 10/20/2011 10:15:01 AM (0 hours ago) . Motherboard: TOSHIBA | | Portable PC Processor: Intel® Pentium® Dual CPU T3400 @ 2.16GHz | CPU | 2166/667mhz . ==== Disk Partitions ========================= . C: is FIXED (NTFS) - 140 GiB total, 106.582 GiB free. D: is CDROM () . ==== Disabled Device Manager Items ============= . ==== System Restore Points =================== . No restore point in system. . ==== Installed Programs ====================== . ACID Pro 7.0 Adobe Acrobat 9 Pro Extended - English, Français, Deutsch Adobe Flash Player 10 ActiveX Adobe Flash Player 10 Plugin Adobe Photoshop 7.0 Adobe Reader 8.1.2 Apple Application Support Apple Mobile Device Support Apple Software Update Atheros Driver Installation Program Atheros Wi-Fi Protected Setup Library AVG 2011 AVG 2012 CD & DVD Label Maker 1.2 CD/DVD Drive Acoustic Silencer Cisco EAP-FAST Module Cisco LEAP Module Cisco PEAP Module Compatibility Pack for the 2007 Office system CutePDF Writer 2.7 DebugMode Wax 2.0 DVD MovieFactory for TOSHIBA Hotfix for Microsoft .NET Framework 3.5 SP1 (KB953595) Hotfix for Microsoft .NET Framework 3.5 SP1 (KB958484) Hotfix for Microsoft Visual Studio 2007 Tools for Applications - ENU (KB946040) Hotfix for Microsoft Visual Studio 2007 Tools for Applications - ENU (KB946308) Hotfix for Microsoft Visual Studio 2007 Tools for Applications - ENU (KB946344) Hotfix for Microsoft Visual Studio 2007 Tools for Applications - ENU (KB947540) Hotfix for Microsoft Visual Studio 2007 Tools for Applications - ENU (KB947789) INI_FCFG_V03.14A05 Intel® Graphics Media Accelerator Driver Intel® Matrix Storage Manager iTunes iZotope Ozone 4 J2SE Runtime Environment 5.0 Update 6 Jahshaka Java 6 Update 6 Malwarebytes' Anti-Malware version 1.51.2.1300 Mastering Effects Bundle 2 for Sound Forge Pro Memorex exPressit Label Design Studio Microsoft .NET Framework 3.5 SP1 Microsoft .NET Framework 4 Client Profile Microsoft Application Error Reporting Microsoft Choice Guard Microsoft Office PowerPoint Viewer 2007 (English) Microsoft Office Professional Edition 2003 Microsoft Office Suite Activation Assistant Microsoft SQL Server 2005 Compact Edition [ENU] Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053 Microsoft Visual C++ 2005 Redistributable Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148 Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 Microsoft Visual Studio Tools for Applications 2.0 - ENU Microsoft Visual Studio Tools for Applications 2.0 Runtime Microsoft Works Microsoft XML Parser MSVCRT MSXML 4.0 SP2 (KB941833) MSXML 4.0 SP2 (KB954430) MSXML 4.0 SP2 (KB973688) MSXML 4.0 SP2 and SOAP Toolkit 3.0 msxml4 OpenLibraries PostgreSQL 8.3 QuickBooks Financial Center QuickTime Realtek 8169 8168 8101E 8102E Ethernet Driver Realtek High Definition Audio Driver Realtek USB 2.0 Card Reader Security Update for Microsoft .NET Framework 3.5 SP1 (KB2416473) Security Update for Windows Media Encoder (KB2447961) Security Update for Windows Media Encoder (KB954156) Security Update for Windows Media Encoder (KB979332) Sound Forge Pro 10.0 Spy Sweeper Core Synaptics Pointing Device Driver T-RackS 3 Deluxe TOSHIBA Assist TOSHIBA ConfigFree TOSHIBA Desktop Links TOSHIBA Disc Creator TOSHIBA DVD PLAYER TOSHIBA Extended Tiles for Windows Mobility Center TOSHIBA Hardware Setup TOSHIBA Recovery Disc Creator Toshiba Registration TOSHIBA Service Station TOSHIBA Software Modem TOSHIBA Speech System Applications TOSHIBA Speech System SR Engine(U.S.) Version1.0 TOSHIBA Speech System TTS Engine(U.S.) Version1.0 TOSHIBA Supervisor Password TOSHIBA Value Added Package Update for Microsoft .NET Framework 3.5 SP1 (KB963707) Vegas Pro 9.0 Webroot Internet Security Essentials Windows Essentials Media Codec Pack 2.3d Windows Live Communications Platform Windows Live Essentials Windows Live Movie Maker Windows Live Photo Gallery Windows Live Sign-in Assistant Windows Live Sync Windows Live Upload Tool Windows Media Encoder 9 Series Windows Media Player Firefox Plugin WinRAR archiver . ==== Event Viewer Messages From Past Week ======== . 10/20/2011 10:15:13 AM, Error: netbt [4311] - Initialization failed because the driver device could not be created. Use the string "001E33905F53" to identify the interface for which initialization failed. It represents the MAC address of the failed interface or the Globally Unique Interface Identifier (GUID) if NetBT was unable to map from GUID to MAC address. If neither the MAC address nor the GUID were available, the string represents a cluster device name. 10/19/2011 9:50:23 AM, Error: Microsoft-Windows-DistributedCOM [10000] - Unable to start a DCOM Server: {C2BFE331-6739-4270-86C9-493D9A04CD38}. The error: "5" Happened while starting this command: C:\Windows\system32\igfxsrvc.exe -Embedding 10/19/2011 9:15:25 AM, Error: Service Control Manager [7022] - The PostgreSQL Database Server 8.3 service hung on starting. 10/19/2011 9:10:16 AM, Error: Service Control Manager [7043] - The AVGIDSAgent service did not shut down properly after receiving a preshutdown control. 10/19/2011 9:07:14 AM, Error: Service Control Manager [7043] - The Group Policy Client service did not shut down properly after receiving a preshutdown control. 10/19/2011 10:14:56 AM, Error: Service Control Manager [7026] - The following boot-start or system-start driver(s) failed to load: AFD Avgldx86 Avgmfx86 Avgtdix DfsC DnsFilter jswpslwf NetBIOS netbt nsiproxy PSched pwipf6 RasAcd rdbss Smb spldr tdx Wanarpv6 ws2ifsl 10/19/2011 10:14:56 AM, Error: Service Control Manager [7001] - The Workstation service depends on the Network Store Interface Service service which failed to start because of the following error: The dependency service or group failed to start. 10/19/2011 10:14:56 AM, Error: Service Control Manager [7001] - The WebDav Client Redirector Driver service depends on the Redirected Buffering Sub Sysytem service which failed to start because of the following error: A device attached to the system is not functioning. 10/19/2011 10:14:56 AM, Error: Service Control Manager [7001] - The WebClient service depends on the WebDav Client Redirector Driver service which failed to start because of the following error: The dependency service or group failed to start. 10/19/2011 10:14:56 AM, Error: Service Control Manager [7001] - The TCP/IP NetBIOS Helper service depends on the Ancilliary Function Driver for Winsock service which failed to start because of the following error: A device attached to the system is not functioning. 10/19/2011 10:14:56 AM, Error: Service Control Manager [7001] - The SMB MiniRedirector Wrapper and Engine service depends on the Redirected Buffering Sub Sysytem service which failed to start because of the following error: A device attached to the system is not functioning. 10/19/2011 10:14:56 AM, Error: Service Control Manager [7001] - The SMB 2.0 MiniRedirector service depends on the SMB MiniRedirector Wrapper and Engine service which failed to start because of the following error: The dependency service or group failed to start. 10/19/2011 10:14:56 AM, Error: Service Control Manager [7001] - The SMB 1.x MiniRedirector service depends on the SMB MiniRedirector Wrapper and Engine service which failed to start because of the following error: The dependency service or group failed to start. 10/19/2011 10:14:56 AM, Error: Service Control Manager [7001] - The Network Store Interface Service service depends on the NSI proxy service service which failed to start because of the following error: A device attached to the system is not functioning. 10/19/2011 10:14:56 AM, Error: Service Control Manager [7001] - The Network Location Awareness service depends on the Network Store Interface Service service which failed to start because of the following error: The dependency service or group failed to start. 10/19/2011 10:14:56 AM, Error: Service Control Manager [7001] - The Network List Service service depends on the Network Location Awareness service which failed to start because of the following error: The dependency service or group failed to start. 10/19/2011 10:14:56 AM, Error: Service Control Manager [7001] - The IP Helper service depends on the Network Store Interface Service service which failed to start because of the following error: The dependency service or group failed to start. 10/19/2011 10:14:56 AM, Error: Service Control Manager [7001] - The DNS Client service depends on the NetIO Legacy TDI Support Driver service which failed to start because of the following error: A device attached to the system is not functioning. 10/19/2011 10:14:56 AM, Error: Service Control Manager [7001] - The DHCP Client service depends on the Ancilliary Function Driver for Winsock service which failed to start because of the following error: A device attached to the system is not functioning. 10/19/2011 10:14:56 AM, Error: Service Control Manager [7001] - The Computer Browser service depends on the Server service which failed to start because of the following error: The dependency service or group failed to start. 10/19/2011 10:14:43 AM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service WSearch with arguments "" in order to run the server: {9E175B6D-F52A-11D8-B9A5-505054503030} 10/19/2011 10:14:09 AM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1068" attempting to start the service netprofm with arguments "" in order to run the server: {A47979D2-C419-11D9-A5B4-001185AD2B89} 10/19/2011 10:14:09 AM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1068" attempting to start the service netman with arguments "" in order to run the server: {BA126AD1-2166-11D1-B1D0-00805FC1270E} 10/19/2011 10:14:09 AM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1068" attempting to start the service fdPHost with arguments "" in order to run the server: {145B4335-FE2A-4927-A040-7C35AD3180EF} 10/19/2011 10:14:08 AM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service EventSystem with arguments "" in order to run the server: {1BE1F766-5536-11D1-B726-00C04FB926AF} 10/19/2011 10:14:03 AM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service ShellHWDetection with arguments "" in order to run the server: {DD522ACC-F821-461A-A407-50B198B896DC} 10/18/2011 5:16:02 PM, Error: EventLog [6008] - The previous system shutdown at 9:28:35 PM on 10/16/2011 was unexpected. 10/16/2011 7:26:01 PM, Error: EventLog [6008] - The previous system shutdown at 6:30:26 PM on 10/16/2011 was unexpected. 10/16/2011 5:29:51 PM, Error: EventLog [6008] - The previous system shutdown at 3:18:31 PM on 10/16/2011 was unexpected. 10/16/2011 3:16:54 PM, Error: PlugPlayManager [12] - The device 'Intel® ICH9 Family PCI Express Root Port 2 - 2942' (PCI\VEN_8086&DEV_2942&SUBSYS_FF661179&REV_03\3&21436425&0&E1) disappeared from the system without first being prepared for removal. 10/16/2011 3:16:54 PM, Error: PlugPlayManager [12] - The device 'Atheros AR5007EG Wireless Network Adapter' (PCI\VEN_168C&DEV_001C&SUBSYS_7128144F&REV_01\4&c8c337f&0&00E1) disappeared from the system without first being prepared for removal. 10/16/2011 2:30:13 PM, Error: Service Control Manager [7026] - The following boot-start or system-start driver(s) failed to load: DnsFilter 10/16/2011 2:30:13 PM, Error: Service Control Manager [7023] - The Network Security service terminated with the following error: The specified module could not be found. 10/16/2011 2:30:13 PM, Error: Service Control Manager [7023] - The ddnsfilter service terminated with the following error: The specified module could not be found. 10/16/2011 2:28:26 PM, Error: EventLog [6008] - The previous system shutdown at 3:19:23 PM on 9/29/2011 was unexpected. . ==== End Of File =========================== Cheers, Greg

Hello, and thanks in advance for this service. I had whitesmoke issues, webroot security bugs that wouldn't die, and various other nasty things I couldn't identify. I ran TDSSKiller to get rid of the SVCHost problem. Here is that log: 10:12:38.0013 0764 TDSS rootkit removing tool 2.6.11.0 Oct 19 2011 13:50:27 10:12:38.0372 0764 ============================================================ 10:12:38.0372 0764 Current date / time: 2011/10/20 10:12:38.0372 10:12:38.0372 0764 SystemInfo: 10:12:38.0372 0764 10:12:38.0372 0764 OS Version: 6.0.6001 ServicePack: 1.0 10:12:38.0372 0764 Product type: Workstation 10:12:38.0372 0764 ComputerName: ASHLEY 10:12:38.0372 0764 UserName: SUPER USER 10:12:38.0372 0764 Windows directory: C:\Windows 10:12:38.0372 0764 System windows directory: C:\Windows 10:12:38.0372 0764 Processor architecture: Intel x86 10:12:38.0372 0764 Number of processors: 2 10:12:38.0372 0764 Page size: 0x1000 10:12:38.0372 0764 Boot type: Normal boot 10:12:38.0372 0764 ============================================================ 10:12:38.0778 0764 Initialize success 10:12:58.0590 1744 ============================================================ 10:12:58.0590 1744 Scan started 10:12:58.0590 1744 Mode: Manual; 10:12:58.0590 1744 ============================================================ 10:12:58.0948 1744 ACPI (fcb8c7210f0135e24c6580f7f649c73c) C:\Windows\system32\drivers\acpi.sys 10:12:58.0964 1744 ACPI - ok 10:12:58.0995 1744 adp94xx (04f0fcac69c7c71a3ac4eb97fafc8303) C:\Windows\system32\drivers\adp94xx.sys 10:12:58.0995 1744 adp94xx - ok 10:12:59.0026 1744 adpahci (60505e0041f7751bdbb80f88bf45c2ce) C:\Windows\system32\drivers\adpahci.sys 10:12:59.0042 1744 adpahci - ok 10:12:59.0073 1744 adpu160m (8a42779b02aec986eab64ecfc98f8bd7) C:\Windows\system32\drivers\adpu160m.sys 10:12:59.0073 1744 adpu160m - ok 10:12:59.0089 1744 adpu320 (241c9e37f8ce45ef51c3de27515ca4e5) C:\Windows\system32\drivers\adpu320.sys 10:12:59.0089 1744 adpu320 - ok 10:12:59.0136 1744 AFD (763e172a55177e478cb419f88fd0ba03) C:\Windows\system32\drivers\afd.sys 10:12:59.0151 1744 AFD - ok 10:12:59.0245 1744 AgereSoftModem (ce91b158fa490cf4c4d487a4130f4660) C:\Windows\system32\DRIVERS\AGRSM.sys 10:12:59.0276 1744 AgereSoftModem - ok 10:12:59.0323 1744 agp440 (13f9e33747e6b41a3ff305c37db0d360) C:\Windows\system32\drivers\agp440.sys 10:12:59.0323 1744 agp440 - ok 10:12:59.0370 1744 aic78xx (ae1fdf7bf7bb6c6a70f67699d880592a) C:\Windows\system32\drivers\djsvs.sys 10:12:59.0370 1744 aic78xx - ok 10:12:59.0416 1744 aliide (9eaef5fc9b8e351afa7e78a6fae91f91) C:\Windows\system32\drivers\aliide.sys 10:12:59.0416 1744 aliide - ok 10:12:59.0463 1744 amdagp (c47344bc706e5f0b9dce369516661578) C:\Windows\system32\drivers\amdagp.sys 10:12:59.0463 1744 amdagp - ok 10:12:59.0494 1744 amdide (9b78a39a4c173fdbc1321e0dd659b34c) C:\Windows\system32\drivers\amdide.sys 10:12:59.0494 1744 amdide - ok 10:12:59.0510 1744 AmdK7 (18f29b49ad23ecee3d2a826c725c8d48) C:\Windows\system32\drivers\amdk7.sys 10:12:59.0510 1744 AmdK7 - ok 10:12:59.0526 1744 AmdK8 (93ae7f7dd54ab986a6f1a1b37be7442d) C:\Windows\system32\drivers\amdk8.sys 10:12:59.0526 1744 AmdK8 - ok 10:12:59.0588 1744 arc (5d2888182fb46632511acee92fdad522) C:\Windows\system32\drivers\arc.sys 10:12:59.0588 1744 arc - ok 10:12:59.0650 1744 arcsas (5e2a321bd7c8b3624e41fdec3e244945) C:\Windows\system32\drivers\arcsas.sys 10:12:59.0650 1744 arcsas - ok 10:12:59.0728 1744 Aspi32 (54ab078660e536da72b21a27f56b035b) C:\Windows\system32\drivers\aspi32.sys 10:12:59.0728 1744 Aspi32 - ok 10:12:59.0775 1744 AsyncMac (53b202abee6455406254444303e87be1) C:\Windows\system32\DRIVERS\asyncmac.sys 10:12:59.0775 1744 AsyncMac - ok 10:12:59.0806 1744 atapi (0d83c87a801a3dfcd1bf73893fe7518c) C:\Windows\system32\drivers\atapi.sys 10:12:59.0806 1744 atapi - ok 10:12:59.0884 1744 athr (8be56f8300e1c37b578da23c71816b7a) C:\Windows\system32\DRIVERS\athr.sys 10:12:59.0884 1744 athr - ok 10:12:59.0962 1744 AVGIDSDriver (1c8d965bbcaa9ee5defdb54743437086) C:\Windows\system32\DRIVERS\AVGIDSDriver.Sys 10:12:59.0962 1744 AVGIDSDriver - ok 10:13:00.0009 1744 AVGIDSEH (c59c9bc3f0612bd207ccdc5d8cb9ce39) C:\Windows\system32\DRIVERS\AVGIDSEH.Sys 10:13:00.0009 1744 AVGIDSEH - ok 10:13:00.0040 1744 AVGIDSFilter (c5559de2ec66cede15a1664f6d183d8e) C:\Windows\system32\DRIVERS\AVGIDSFilter.Sys 10:13:00.0040 1744 AVGIDSFilter - ok 10:13:00.0087 1744 AVGIDSShim (ae5e9667fa40206796d1bd5bd0427a8a) C:\Windows\system32\DRIVERS\AVGIDSShim.Sys 10:13:00.0087 1744 AVGIDSShim - ok 10:13:00.0134 1744 Avgldx86 (f4dbbc8d3c5338693da23c59a50f8abc) C:\Windows\system32\DRIVERS\avgldx86.sys 10:13:00.0134 1744 Avgldx86 - ok 10:13:00.0165 1744 Avgmfx86 (5639de66b37d02bd22df4cf3155fba60) C:\Windows\system32\DRIVERS\avgmfx86.sys 10:13:00.0165 1744 Avgmfx86 - ok 10:13:00.0196 1744 Avgrkx86 (4def59ff7d09b9ce59739102b49fd526) C:\Windows\system32\DRIVERS\avgrkx86.sys 10:13:00.0196 1744 Avgrkx86 - ok 10:13:00.0243 1744 Avgtdix (aaf0ebcad95f2164cffb544e00392498) C:\Windows\system32\DRIVERS\avgtdix.sys 10:13:00.0243 1744 Avgtdix - ok 10:13:00.0306 1744 Beep (67e506b75bd5326a3ec7b70bd014dfb6) C:\Windows\system32\drivers\Beep.sys 10:13:00.0306 1744 Beep - ok 10:13:00.0368 1744 blbdrive (d4df28447741fd3d953526e33a617397) C:\Windows\system32\drivers\blbdrive.sys 10:13:00.0368 1744 blbdrive - ok 10:13:00.0384 1744 bowser (74b442b2be1260b7588c136177ceac66) C:\Windows\system32\DRIVERS\bowser.sys 10:13:00.0399 1744 bowser - ok 10:13:00.0446 1744 BrFiltLo (9f9acc7f7ccde8a15c282d3f88b43309) C:\Windows\system32\drivers\brfiltlo.sys 10:13:00.0446 1744 BrFiltLo - ok 10:13:00.0462 1744 BrFiltUp (56801ad62213a41f6497f96dee83755a) C:\Windows\system32\drivers\brfiltup.sys 10:13:00.0462 1744 BrFiltUp - ok 10:13:00.0508 1744 Brserid (b304e75cff293029eddf094246747113) C:\Windows\system32\drivers\brserid.sys 10:13:00.0508 1744 Brserid - ok 10:13:00.0555 1744 BrSerWdm (203f0b1e73adadbbb7b7b1fabd901f6b) C:\Windows\system32\drivers\brserwdm.sys 10:13:00.0555 1744 BrSerWdm - ok 10:13:00.0586 1744 BrUsbMdm (bd456606156ba17e60a04e18016ae54b) C:\Windows\system32\drivers\brusbmdm.sys 10:13:00.0586 1744 BrUsbMdm - ok 10:13:00.0633 1744 BrUsbSer (af72ed54503f717a43268b3cc5faec2e) C:\Windows\system32\drivers\brusbser.sys 10:13:00.0633 1744 BrUsbSer - ok 10:13:00.0664 1744 BTHMODEM (ad07c1ec6665b8b35741ab91200c6b68) C:\Windows\system32\drivers\bthmodem.sys 10:13:00.0664 1744 BTHMODEM - ok 10:13:00.0711 1744 cdfs (7add03e75beb9e6dd102c3081d29840a) C:\Windows\system32\DRIVERS\cdfs.sys 10:13:00.0711 1744 cdfs - ok 10:13:00.0758 1744 cdrom (1ec25cea0de6ac4718bf89f9e1778b57) C:\Windows\system32\DRIVERS\cdrom.sys 10:13:00.0758 1744 cdrom - ok 10:13:00.0805 1744 circlass (e5d4133f37219dbcfe102bc61072589d) C:\Windows\system32\drivers\circlass.sys 10:13:00.0805 1744 circlass - ok 10:13:00.0852 1744 CLFS (465745561c832b29f7c48b488aab3842) C:\Windows\system32\CLFS.sys 10:13:00.0867 1744 CLFS - ok 10:13:00.0914 1744 CmBatt (99afc3795b58cc478fbbbcdc658fcb56) C:\Windows\system32\DRIVERS\CmBatt.sys 10:13:00.0914 1744 CmBatt - ok 10:13:00.0945 1744 cmdide (0ca25e686a4928484e9fdabd168ab629) C:\Windows\system32\drivers\cmdide.sys 10:13:00.0945 1744 cmdide - ok 10:13:00.0961 1744 Compbatt (6afef0b60fa25de07c0968983ee4f60a) C:\Windows\system32\DRIVERS\compbatt.sys 10:13:00.0961 1744 Compbatt - ok 10:13:01.0008 1744 crcdisk (741e9dff4f42d2d8477d0fc1dc0df871) C:\Windows\system32\drivers\crcdisk.sys 10:13:01.0008 1744 crcdisk - ok 10:13:01.0039 1744 Crusoe (1f07becdca750766a96cda811ba86410) C:\Windows\system32\drivers\crusoe.sys 10:13:01.0039 1744 Crusoe - ok 10:13:01.0070 1744 DfsC (9e635ae5e8ad93e2b5989e2e23679f97) C:\Windows\system32\Drivers\dfsc.sys 10:13:01.0070 1744 DfsC - ok 10:13:01.0132 1744 disk (64109e623abd6955c8fb110b592e68b7) C:\Windows\system32\drivers\disk.sys 10:13:01.0132 1744 disk - ok 10:13:01.0179 1744 drmkaud (97fef831ab90bee128c9af390e243f80) C:\Windows\system32\drivers\drmkaud.sys 10:13:01.0179 1744 drmkaud - ok 10:13:01.0226 1744 DXGKrnl (85f33880b8cfb554bd3d9ccdb486845a) C:\Windows\System32\drivers\dxgkrnl.sys 10:13:01.0257 1744 DXGKrnl - ok 10:13:01.0304 1744 E1G60 (5425f74ac0c1dbd96a1e04f17d63f94c) C:\Windows\system32\DRIVERS\E1G60I32.sys 10:13:01.0304 1744 E1G60 - ok 10:13:01.0366 1744 Ecache (dd2cd259d83d8b72c02c5f2331ff9d68) C:\Windows\system32\drivers\ecache.sys 10:13:01.0366 1744 Ecache - ok 10:13:01.0429 1744 elxstor (23b62471681a124889978f6295b3f4c6) C:\Windows\system32\drivers\elxstor.sys 10:13:01.0444 1744 elxstor - ok 10:13:01.0476 1744 ErrDev (3db974f3935483555d7148663f726c61) C:\Windows\system32\drivers\errdev.sys 10:13:01.0476 1744 ErrDev - ok 10:13:01.0522 1744 exfat (0d858eb20589a34efb25695acaa6aa2d) C:\Windows\system32\drivers\exfat.sys 10:13:01.0522 1744 exfat - ok 10:13:01.0554 1744 fastfat (3c489390c2e2064563727752af8eab9e) C:\Windows\system32\drivers\fastfat.sys 10:13:01.0554 1744 fastfat - ok 10:13:01.0600 1744 fdc (afe1e8b9782a0dd7fb46bbd88e43f89a) C:\Windows\system32\DRIVERS\fdc.sys 10:13:01.0600 1744 fdc - ok 10:13:01.0663 1744 FileInfo (a8c0139a884861e3aae9cfe73b208a9f) C:\Windows\system32\drivers\fileinfo.sys 10:13:01.0663 1744 FileInfo - ok 10:13:01.0694 1744 Filetrace (0ae429a696aecbc5970e3cf2c62635ae) C:\Windows\system32\drivers\filetrace.sys 10:13:01.0694 1744 Filetrace - ok 10:13:01.0741 1744 flpydisk (85b7cf99d532820495d68d747fda9ebd) C:\Windows\system32\DRIVERS\flpydisk.sys 10:13:01.0741 1744 flpydisk - ok 10:13:01.0756 1744 FltMgr (05ea53afe985443011e36dab07343b46) C:\Windows\system32\drivers\fltmgr.sys 10:13:01.0772 1744 FltMgr - ok 10:13:01.0803 1744 Fs_Rec (65ea8b77b5851854f0c55c43fa51a198) C:\Windows\system32\drivers\Fs_Rec.sys 10:13:01.0819 1744 Fs_Rec - ok 10:13:01.0866 1744 FwLnk (cbc22823628544735625b280665e434e) C:\Windows\system32\DRIVERS\FwLnk.sys 10:13:01.0866 1744 FwLnk - ok 10:13:01.0912 1744 gagp30kx (34582a6e6573d54a07ece5fe24a126b5) C:\Windows\system32\drivers\gagp30kx.sys 10:13:01.0912 1744 gagp30kx - ok 10:13:01.0944 1744 GEARAspiWDM (8182ff89c65e4d38b2de4bb0fb18564e) C:\Windows\system32\DRIVERS\GEARAspiWDM.sys 10:13:01.0944 1744 GEARAspiWDM - ok 10:13:02.0006 1744 HdAudAddService (cb04c744be0a61b1d648faed182c3b59) C:\Windows\system32\drivers\HdAudio.sys 10:13:02.0006 1744 HdAudAddService - ok 10:13:02.0037 1744 HDAudBus (c87b1ee051c0464491c1a7b03fa0bc99) C:\Windows\system32\DRIVERS\HDAudBus.sys 10:13:02.0037 1744 HDAudBus - ok 10:13:02.0084 1744 HidBth (1338520e78d90154ed6be8f84de5fceb) C:\Windows\system32\drivers\hidbth.sys 10:13:02.0100 1744 HidBth - ok 10:13:02.0115 1744 HidIr (ff3160c3a2445128c5a6d9b076da519e) C:\Windows\system32\drivers\hidir.sys 10:13:02.0115 1744 HidIr - ok 10:13:02.0162 1744 HidUsb (854ca287ab7faf949617a788306d967e) C:\Windows\system32\DRIVERS\hidusb.sys 10:13:02.0162 1744 HidUsb - ok 10:13:02.0209 1744 HpCISSs (16ee7b23a009e00d835cdb79574a91a6) C:\Windows\system32\drivers\hpcisss.sys 10:13:02.0209 1744 HpCISSs - ok 10:13:02.0287 1744 HTTP (96e241624c71211a79c84f50a8e71cab) C:\Windows\system32\drivers\HTTP.sys 10:13:02.0287 1744 HTTP - ok 10:13:02.0318 1744 i2omp (c6b032d69650985468160fc9937cf5b4) C:\Windows\system32\drivers\i2omp.sys 10:13:02.0318 1744 i2omp - ok 10:13:02.0365 1744 i8042prt (22d56c8184586b7a1f6fa60be5f5a2bd) C:\Windows\system32\DRIVERS\i8042prt.sys 10:13:02.0365 1744 i8042prt - ok 10:13:02.0443 1744 iaStor (db0cc620b27a928d968c1a1e9cd9cb87) C:\Windows\system32\DRIVERS\iaStor.sys 10:13:02.0443 1744 iaStor - ok 10:13:02.0474 1744 iaStorV (54155ea1b0df185878e0fc9ec3ac3a14) C:\Windows\system32\drivers\iastorv.sys 10:13:02.0474 1744 iaStorV - ok 10:13:02.0599 1744 igfx (6fb1858d1f0923d122b0331865695041) C:\Windows\system32\DRIVERS\igdkmd32.sys 10:13:02.0661 1744 igfx - ok 10:13:02.0692 1744 iirsp (2d077bf86e843f901d8db709c95b49a5) C:\Windows\system32\drivers\iirsp.sys 10:13:02.0692 1744 iirsp - ok 10:13:02.0817 1744 IntcAzAudAddService (b9cbd3dea7ca02868621173bf7a2af9f) C:\Windows\system32\drivers\RTKVHDA.sys 10:13:02.0864 1744 IntcAzAudAddService - ok 10:13:02.0942 1744 intelide (83aa759f3189e6370c30de5dc5590718) C:\Windows\system32\drivers\intelide.sys 10:13:02.0958 1744 intelide - ok 10:13:02.0989 1744 intelppm (224191001e78c89dfa78924c3ea595ff) C:\Windows\system32\DRIVERS\intelppm.sys 10:13:02.0989 1744 intelppm - ok 10:13:03.0051 1744 IO_Memory - ok 10:13:03.0098 1744 IpFilterDriver (62c265c38769b864cb25b4bcf62df6c3) C:\Windows\system32\DRIVERS\ipfltdrv.sys 10:13:03.0098 1744 IpFilterDriver - ok 10:13:03.0114 1744 IpInIp - ok 10:13:03.0160 1744 IPMIDRV (b25aaf203552b7b3491139d582b39ad1) C:\Windows\system32\drivers\ipmidrv.sys 10:13:03.0160 1744 IPMIDRV - ok 10:13:03.0192 1744 IPNAT (8793643a67b42cec66490b2a0cf92d68) C:\Windows\system32\DRIVERS\ipnat.sys 10:13:03.0207 1744 IPNAT - ok 10:13:03.0238 1744 IRENUM (109c0dfb82c3632fbd11949b73aeeac9) C:\Windows\system32\drivers\irenum.sys 10:13:03.0238 1744 IRENUM - ok 10:13:03.0270 1744 isapnp (6c70698a3e5c4376c6ab5c7c17fb0614) C:\Windows\system32\drivers\isapnp.sys 10:13:03.0270 1744 isapnp - ok 10:13:03.0301 1744 iScsiPrt (f247eec28317f6c739c16de420097301) C:\Windows\system32\DRIVERS\msiscsi.sys 10:13:03.0301 1744 iScsiPrt - ok 10:13:03.0332 1744 iteatapi (bced60d16156e428f8df8cf27b0df150) C:\Windows\system32\drivers\iteatapi.sys 10:13:03.0332 1744 iteatapi - ok 10:13:03.0363 1744 iteraid (06fa654504a498c30adca8bec4e87e7e) C:\Windows\system32\drivers\iteraid.sys 10:13:03.0363 1744 iteraid - ok 10:13:03.0426 1744 ivusb (d3a4b37811f7494729eaf0b6c6b87b73) C:\Windows\system32\DRIVERS\ivusb_x86.sys 10:13:03.0426 1744 ivusb - ok 10:13:03.0472 1744 jswpslwf (11ad410f41af42ba12e63187e3ec141a) C:\Windows\system32\DRIVERS\jswpslwf.sys 10:13:03.0472 1744 jswpslwf - ok 10:13:03.0504 1744 kbdclass (37605e0a8cf00cbba538e753e4344c6e) C:\Windows\system32\DRIVERS\kbdclass.sys 10:13:03.0504 1744 kbdclass - ok 10:13:03.0535 1744 kbdhid (18247836959ba67e3511b62846b9c2e0) C:\Windows\system32\DRIVERS\kbdhid.sys 10:13:03.0535 1744 kbdhid - ok 10:13:03.0582 1744 KORGUMDS (322854bdb011b5b87d242422aa4c60bb) C:\Windows\system32\Drivers\KORGUMDS.SYS 10:13:03.0582 1744 KORGUMDS - ok 10:13:03.0613 1744 KR10I (e8ca038f51f7761bd6e3a3b0b8014263) C:\Windows\system32\drivers\kr10i.sys 10:13:03.0613 1744 KR10I - ok 10:13:03.0644 1744 KR10N (6a4adb9186dd0e114e623daf57e42b31) C:\Windows\system32\drivers\kr10n.sys 10:13:03.0644 1744 KR10N - ok 10:13:03.0706 1744 KSecDD (7a0cf7908b6824d6a2a1d313e5ae3dca) C:\Windows\system32\Drivers\ksecdd.sys 10:13:03.0722 1744 KSecDD - ok 10:13:03.0738 1744 L6PODHD3 - ok 10:13:03.0769 1744 lltdio (d1c5883087a0c3f1344d9d55a44901f6) C:\Windows\system32\DRIVERS\lltdio.sys 10:13:03.0769 1744 lltdio - ok 10:13:03.0800 1744 LSI_FC (c7e15e82879bf3235b559563d4185365) C:\Windows\system32\drivers\lsi_fc.sys 10:13:03.0800 1744 LSI_FC - ok 10:13:03.0816 1744 LSI_SAS (ee01ebae8c9bf0fa072e0ff68718920a) C:\Windows\system32\drivers\lsi_sas.sys 10:13:03.0816 1744 LSI_SAS - ok 10:13:03.0862 1744 LSI_SCSI (912a04696e9ca30146a62afa1463dd5c) C:\Windows\system32\drivers\lsi_scsi.sys 10:13:03.0862 1744 LSI_SCSI - ok 10:13:03.0878 1744 luafv (8f5c7426567798e62a3b3614965d62cc) C:\Windows\system32\drivers\luafv.sys 10:13:03.0878 1744 luafv - ok 10:13:03.0987 1744 MBAMProtector (69a6268d7f81e53d568ab4e7e991caf3) C:\Windows\system32\drivers\mbam.sys 10:13:03.0987 1744 MBAMProtector - ok 10:13:04.0050 1744 megasas (0001ce609d66632fa17b84705f658879) C:\Windows\system32\drivers\megasas.sys 10:13:04.0050 1744 megasas - ok 10:13:04.0096 1744 MegaSR (c252f32cd9a49dbfc25ecf26ebd51a99) C:\Windows\system32\drivers\megasr.sys 10:13:04.0096 1744 MegaSR - ok 10:13:04.0128 1744 Modem (e13b5ea0f51ba5b1512ec671393d09ba) C:\Windows\system32\drivers\modem.sys 10:13:04.0128 1744 Modem - ok 10:13:04.0159 1744 monitor (0a9bb33b56e294f686abb7c1e4e2d8a8) C:\Windows\system32\DRIVERS\monitor.sys 10:13:04.0159 1744 monitor - ok 10:13:04.0190 1744 mouclass (5bf6a1326a335c5298477754a506d263) C:\Windows\system32\DRIVERS\mouclass.sys 10:13:04.0190 1744 mouclass - ok 10:13:04.0206 1744 mouhid (93b8d4869e12cfbe663915502900876f) C:\Windows\system32\DRIVERS\mouhid.sys 10:13:04.0206 1744 mouhid - ok 10:13:04.0237 1744 MountMgr (bdafc88aa6b92f7842416ea6a48e1600) C:\Windows\system32\drivers\mountmgr.sys 10:13:04.0237 1744 MountMgr - ok 10:13:04.0268 1744 mpio (511d011289755dd9f9a7579fb0b064e6) C:\Windows\system32\drivers\mpio.sys 10:13:04.0268 1744 mpio - ok 10:13:04.0299 1744 mpsdrv (22241feba9b2defa669c8cb0a8dd7d2e) C:\Windows\system32\drivers\mpsdrv.sys 10:13:04.0299 1744 mpsdrv - ok 10:13:04.0330 1744 Mraid35x (4fbbb70d30fd20ec51f80061703b001e) C:\Windows\system32\drivers\mraid35x.sys 10:13:04.0330 1744 Mraid35x - ok 10:13:04.0346 1744 MRxDAV (ae3de84536b6799d2267443cec8edbb9) C:\Windows\system32\drivers\mrxdav.sys 10:13:04.0362 1744 MRxDAV - ok 10:13:04.0408 1744 mrxsmb (7afc42e60432fd1014f5342f2b1b1f74) C:\Windows\system32\DRIVERS\mrxsmb.sys 10:13:04.0408 1744 mrxsmb - ok 10:13:04.0440 1744 mrxsmb10 (8a75752ae17924f65452746674b14b78) C:\Windows\system32\DRIVERS\mrxsmb10.sys 10:13:04.0440 1744 mrxsmb10 - ok 10:13:04.0455 1744 mrxsmb20 (f4d0f3252e651f02be64984ffa738394) C:\Windows\system32\DRIVERS\mrxsmb20.sys 10:13:04.0455 1744 mrxsmb20 - ok 10:13:04.0518 1744 msahci (f70590424eefbf5c27a40c67afdb8383) C:\Windows\system32\drivers\msahci.sys 10:13:04.0518 1744 msahci - ok 10:13:04.0533 1744 msdsm (4468b0f385a86ecddaf8d3ca662ec0e7) C:\Windows\system32\drivers\msdsm.sys 10:13:04.0533 1744 msdsm - ok 10:13:04.0580 1744 Msfs (a9927f4a46b816c92f461acb90cf8515) C:\Windows\system32\drivers\Msfs.sys 10:13:04.0580 1744 Msfs - ok 10:13:04.0596 1744 msisadrv (1e00b9b8601f24a96ad71a7d0fc5f136) C:\Windows\system32\drivers\msisadrv.sys 10:13:04.0596 1744 msisadrv - ok 10:13:04.0642 1744 MSKSSRV (d8c63d34d9c9e56c059e24ec7185cc07) C:\Windows\system32\drivers\MSKSSRV.sys 10:13:04.0642 1744 MSKSSRV - ok 10:13:04.0658 1744 MSPCLOCK (1d373c90d62ddb641d50e55b9e78d65e) C:\Windows\system32\drivers\MSPCLOCK.sys 10:13:04.0658 1744 MSPCLOCK - ok 10:13:04.0705 1744 MSPQM (b572da05bf4e098d4bba3a4734fb505b) C:\Windows\system32\drivers\MSPQM.sys 10:13:04.0705 1744 MSPQM - ok 10:13:04.0720 1744 MsRPC (b5614aecb05a9340aa0fb55bf561cc63) C:\Windows\system32\drivers\MsRPC.sys 10:13:04.0720 1744 MsRPC - ok 10:13:04.0783 1744 mssmbios (215634cf935b696e3ebca813d02e9165) C:\Windows\system32\DRIVERS\mssmbios.sys 10:13:04.0783 1744 mssmbios - ok 10:13:04.0830 1744 MSTEE (7199c1eec1e4993caf96b8c0a26bd58a) C:\Windows\system32\drivers\MSTEE.sys 10:13:04.0830 1744 MSTEE - ok 10:13:04.0861 1744 Mup (6dfd1d322de55b0b7db7d21b90bec49c) C:\Windows\system32\Drivers\mup.sys 10:13:04.0861 1744 Mup - ok 10:13:04.0939 1744 NativeWifiP (3c21ce48ff529bb73dadb98770b54025) C:\Windows\system32\DRIVERS\nwifi.sys 10:13:04.0939 1744 NativeWifiP - ok 10:13:05.0001 1744 NDIS (9bdc71790fa08f0a0b5f10462b1bd0b1) C:\Windows\system32\drivers\ndis.sys 10:13:05.0001 1744 NDIS - ok 10:13:05.0032 1744 NdisTapi (0e186e90404980569fb449ba7519ae61) C:\Windows\system32\DRIVERS\ndistapi.sys 10:13:05.0032 1744 NdisTapi - ok 10:13:05.0048 1744 Ndisuio (d6973aa34c4d5d76c0430b181c3cd389) C:\Windows\system32\DRIVERS\ndisuio.sys 10:13:05.0048 1744 Ndisuio - ok 10:13:05.0079 1744 NdisWan (3d14c3b3496f88890d431e8aa022a411) C:\Windows\system32\DRIVERS\ndiswan.sys 10:13:05.0079 1744 NdisWan - ok 10:13:05.0095 1744 NDProxy (71dab552b41936358f3b541ae5997fb3) C:\Windows\system32\drivers\NDProxy.sys 10:13:05.0095 1744 NDProxy - ok 10:13:05.0126 1744 NetBIOS (bcd093a5a6777cf626434568dc7dba78) C:\Windows\system32\DRIVERS\netbios.sys 10:13:05.0126 1744 NetBIOS - ok 10:13:05.0157 1744 netbt (7c5fee5b1c5728507cd96fb4a13e7a02) C:\Windows\system32\DRIVERS\netbt.sys 10:13:05.0157 1744 netbt - ok 10:13:05.0188 1744 nfrd960 (2e7fb731d4790a1bc6270accefacb36e) C:\Windows\system32\drivers\nfrd960.sys 10:13:05.0188 1744 nfrd960 - ok 10:13:05.0220 1744 Nmea - ok 10:13:05.0235 1744 Npfs (ecb5003f484f9ed6c608d6d6c7886cbb) C:\Windows\system32\drivers\Npfs.sys 10:13:05.0235 1744 Npfs - ok 10:13:05.0251 1744 nsiproxy (609773e344a97410ce4ebf74a8914fcf) C:\Windows\system32\drivers\nsiproxy.sys 10:13:05.0251 1744 nsiproxy - ok 10:13:05.0313 1744 Ntfs (b4effe29eb4f15538fd8a9681108492d) C:\Windows\system32\drivers\Ntfs.sys 10:13:05.0344 1744 Ntfs - ok 10:13:05.0376 1744 ntrigdigi (e875c093aec0c978a90f30c9e0dfbb72) C:\Windows\system32\drivers\ntrigdigi.sys 10:13:05.0376 1744 ntrigdigi - ok 10:13:05.0391 1744 Null (c5dbbcda07d780bda9b685df333bb41e) C:\Windows\system32\drivers\Null.sys 10:13:05.0391 1744 Null - ok 10:13:05.0422 1744 nvraid (2edf9e7751554b42cbb60116de727101) C:\Windows\system32\drivers\nvraid.sys 10:13:05.0422 1744 nvraid - ok 10:13:05.0454 1744 nvstor (abed0c09758d1d97db0042dbb2688177) C:\Windows\system32\drivers\nvstor.sys 10:13:05.0454 1744 nvstor - ok 10:13:05.0485 1744 nv_agp (18bbdf913916b71bd54575bdb6eeac0b) C:\Windows\system32\drivers\nv_agp.sys 10:13:05.0485 1744 nv_agp - ok 10:13:05.0500 1744 NwlnkFlt - ok 10:13:05.0516 1744 NwlnkFwd - ok 10:13:05.0547 1744 ohci1394 (be32da025a0be1878f0ee8d6d9386cd5) C:\Windows\system32\drivers\ohci1394.sys 10:13:05.0547 1744 ohci1394 - ok 10:13:05.0610 1744 Parport (0fa9b5055484649d63c303fe404e5f4d) C:\Windows\system32\drivers\parport.sys 10:13:05.0610 1744 Parport - ok 10:13:05.0625 1744 partmgr (3b38467e7c3daed009dfe359e17f139f) C:\Windows\system32\drivers\partmgr.sys 10:13:05.0641 1744 partmgr - ok 10:13:05.0672 1744 Parvdm (4f9a6a8a31413180d0fcb279ad5d8112) C:\Windows\system32\drivers\parvdm.sys 10:13:05.0672 1744 Parvdm - ok 10:13:05.0734 1744 PCASp50 (1961590aa191b6b7dcf18a6a693af7b8) C:\Windows\system32\Drivers\PCASp50.sys 10:13:05.0734 1744 PCASp50 - ok 10:13:05.0766 1744 pci (eca39351296d905baa4fa3244c152b00) C:\Windows\system32\drivers\pci.sys 10:13:05.0766 1744 pci - ok 10:13:05.0797 1744 pciide (fc175f5ddab666d7f4d17449a547626f) C:\Windows\system32\DRIVERS\pciide.sys 10:13:05.0797 1744 pciide - ok 10:13:05.0828 1744 pcmcia (e6f3fb1b86aa519e7698ad05e58b04e5) C:\Windows\system32\drivers\pcmcia.sys 10:13:05.0828 1744 pcmcia - ok 10:13:05.0844 1744 PCTINDIS5 - ok 10:13:05.0906 1744 PEAUTH (6349f6ed9c623b44b52ea3c63c831a92) C:\Windows\system32\drivers\peauth.sys 10:13:05.0922 1744 PEAUTH - ok 10:13:06.0000 1744 PptpMiniport (ecfffaec0c1ecd8dbc77f39070ea1db1) C:\Windows\system32\DRIVERS\raspptp.sys 10:13:06.0000 1744 PptpMiniport - ok 10:13:06.0031 1744 Processor (2027293619dd0f047c584cf2e7df4ffd) C:\Windows\system32\drivers\processr.sys 10:13:06.0031 1744 Processor - ok 10:13:06.0078 1744 PSched (bfef604508a0ed1eae2a73e872555ffb) C:\Windows\system32\DRIVERS\pacer.sys 10:13:06.0078 1744 PSched - ok 10:13:06.0124 1744 pwipf6 (f36574577dd24bfb9c7fa4c2e2edc4db) C:\Windows\system32\DRIVERS\pwipf6.sys 10:13:06.0124 1744 pwipf6 - ok 10:13:06.0171 1744 PxHelp20 (49452bfcec22f36a7a9b9c2181bc3042) C:\Windows\system32\Drivers\PxHelp20.sys 10:13:06.0171 1744 PxHelp20 - ok 10:13:06.0234 1744 ql2300 (0a6db55afb7820c99aa1f3a1d270f4f6) C:\Windows\system32\drivers\ql2300.sys 10:13:06.0234 1744 ql2300 - ok 10:13:06.0280 1744 ql40xx (81a7e5c076e59995d54bc1ed3a16e60b) C:\Windows\system32\drivers\ql40xx.sys 10:13:06.0280 1744 ql40xx - ok 10:13:06.0296 1744 QWAVEdrv (9f5e0e1926014d17486901c88eca2db7) C:\Windows\system32\drivers\qwavedrv.sys 10:13:06.0296 1744 QWAVEdrv - ok 10:13:06.0327 1744 RasAcd (147d7f9c556d259924351feb0de606c3) C:\Windows\system32\DRIVERS\rasacd.sys 10:13:06.0327 1744 RasAcd - ok 10:13:06.0358 1744 Rasl2tp (a214adbaf4cb47dd2728859ef31f26b0) C:\Windows\system32\DRIVERS\rasl2tp.sys 10:13:06.0358 1744 Rasl2tp - ok 10:13:06.0374 1744 RasPppoe (3e9d9b048107b40d87b97df2e48e0744) C:\Windows\system32\DRIVERS\raspppoe.sys 10:13:06.0390 1744 RasPppoe - ok 10:13:06.0405 1744 RasSstp (a7d141684e9500ac928a772ed8e6b671) C:\Windows\system32\DRIVERS\rassstp.sys 10:13:06.0405 1744 RasSstp - ok 10:13:06.0436 1744 rdbss (6e1c5d0457622f9ee35f683110e93d14) C:\Windows\system32\DRIVERS\rdbss.sys 10:13:06.0436 1744 rdbss - ok 10:13:06.0452 1744 RDPCDD (89e59be9a564262a3fb6c4f4f1cd9899) C:\Windows\system32\DRIVERS\RDPCDD.sys 10:13:06.0452 1744 RDPCDD - ok 10:13:06.0499 1744 rdpdr (fbc0bacd9c3d7f6956853f64a66e252d) C:\Windows\system32\drivers\rdpdr.sys 10:13:06.0499 1744 rdpdr - ok 10:13:06.0514 1744 RDPENCDD (9d91fe5286f748862ecffa05f8a0710c) C:\Windows\system32\drivers\rdpencdd.sys 10:13:06.0514 1744 RDPENCDD - ok 10:13:06.0546 1744 RDPWD (e1c18f4097a5abcec941dc4b2f99db7e) C:\Windows\system32\drivers\RDPWD.sys 10:13:06.0561 1744 RDPWD - ok 10:13:06.0592 1744 RimUsb - ok 10:13:06.0639 1744 RimVSerPort (d9b34325ee5df78b8f28a3de9f577c7d) C:\Windows\system32\DRIVERS\RimSerial.sys 10:13:06.0639 1744 RimVSerPort - ok 10:13:06.0670 1744 ROOTMODEM (75e8a6bfa7374aba833ae92bf41ae4e6) C:\Windows\system32\Drivers\RootMdm.sys 10:13:06.0670 1744 ROOTMODEM - ok 10:13:06.0733 1744 rspndr (9c508f4074a39e8b4b31d27198146fad) C:\Windows\system32\DRIVERS\rspndr.sys 10:13:06.0733 1744 rspndr - ok 10:13:06.0780 1744 RTL8169 (7157e70a90cce49deb8885d23a073a39) C:\Windows\system32\DRIVERS\Rtlh86.sys 10:13:06.0795 1744 RTL8169 - ok 10:13:06.0826 1744 RTSTOR (9ff7d9cf3a5f296613588b0e8db83afe) C:\Windows\system32\drivers\RTSTOR.SYS 10:13:06.0826 1744 RTSTOR - ok 10:13:06.0858 1744 sbp2port (3ce8f073a557e172b330109436984e30) C:\Windows\system32\drivers\sbp2port.sys 10:13:06.0858 1744 sbp2port - ok 10:13:06.0904 1744 secdrv (90a3935d05b494a5a39d37e71f09a677) C:\Windows\system32\drivers\secdrv.sys 10:13:06.0904 1744 secdrv - ok 10:13:06.0967 1744 Serenum (68e44e331d46f0fb38f0863a84cd1a31) C:\Windows\system32\drivers\serenum.sys 10:13:06.0967 1744 Serenum - ok 10:13:06.0982 1744 Serial (c70d69a918b178d3c3b06339b40c2e1b) C:\Windows\system32\drivers\serial.sys 10:13:06.0982 1744 Serial - ok 10:13:07.0014 1744 sermouse (8af3d28a879bf75db53a0ee7a4289624) C:\Windows\system32\drivers\sermouse.sys 10:13:07.0014 1744 sermouse - ok 10:13:07.0045 1744 sffdisk (3efa810bdca87f6ecc24f9832243fe86) C:\Windows\system32\drivers\sffdisk.sys 10:13:07.0045 1744 sffdisk - ok 10:13:07.0060 1744 sffp_mmc (e95d451f7ea3e583aec75f3b3ee42dc5) C:\Windows\system32\drivers\sffp_mmc.sys 10:13:07.0060 1744 sffp_mmc - ok 10:13:07.0092 1744 sffp_sd (3d0ea348784b7ac9ea9bd9f317980979) C:\Windows\system32\drivers\sffp_sd.sys 10:13:07.0092 1744 sffp_sd - ok 10:13:07.0107 1744 sfloppy (46ed8e91793b2e6f848015445a0ac188) C:\Windows\system32\drivers\sfloppy.sys 10:13:07.0107 1744 sfloppy - ok 10:13:07.0138 1744 sisagp (1d76624a09a054f682d746b924e2dbc3) C:\Windows\system32\drivers\sisagp.sys 10:13:07.0138 1744 sisagp - ok 10:13:07.0154 1744 SiSRaid2 (43cb7aa756c7db280d01da9b676cfde2) C:\Windows\system32\drivers\sisraid2.sys 10:13:07.0170 1744 SiSRaid2 - ok 10:13:07.0185 1744 SiSRaid4 (a99c6c8b0baa970d8aa59ddc50b57f94) C:\Windows\system32\drivers\sisraid4.sys 10:13:07.0185 1744 SiSRaid4 - ok 10:13:07.0216 1744 Smb (031e6bcd53c9b2b9ace111eafec347b6) C:\Windows\system32\DRIVERS\smb.sys 10:13:07.0216 1744 Smb - ok 10:13:07.0248 1744 spldr (7aebdeef071fe28b0eef2cdd69102bff) C:\Windows\system32\drivers\spldr.sys 10:13:07.0248 1744 spldr - ok 10:13:07.0294 1744 srv (5754e8bae40943871d0ab9becbf335e8) C:\Windows\system32\DRIVERS\srv.sys 10:13:07.0294 1744 srv - ok 10:13:07.0326 1744 srv2 (d47b09ff7d28ee44d728f57c2d1fab86) C:\Windows\system32\DRIVERS\srv2.sys 10:13:07.0341 1744 srv2 - ok 10:13:07.0372 1744 srvnet (32d52290341a740881521e118106acd6) C:\Windows\system32\DRIVERS\srvnet.sys 10:13:07.0372 1744 srvnet - ok 10:13:07.0450 1744 ssfs0bbc (4479aeb7ec022b75f882c167fe2a7a34) C:\Windows\system32\DRIVERS\ssfs0bbc.sys 10:13:07.0450 1744 ssfs0bbc - ok 10:13:07.0497 1744 sshrmd (58154d7f69a1322d9bd885e2e61cf152) C:\Windows\system32\DRIVERS\sshrmd.sys 10:13:07.0497 1744 sshrmd - ok 10:13:07.0513 1744 ssidrv (e971eee20b8083e57b5529aea065ec51) C:\Windows\system32\DRIVERS\ssidrv.sys 10:13:07.0528 1744 ssidrv - ok 10:13:07.0591 1744 SVRPEDRV (3e4239b92139f7174a0da7d53fe5e1ab) C:\Windows\System32\sysprep\PEDrv.sys 10:13:07.0591 1744 SVRPEDRV - ok 10:13:07.0653 1744 swenum (97e089971a6aba49ad5592bd6298e416) C:\Windows\system32\DRIVERS\swenum.sys 10:13:07.0653 1744 swenum - ok 10:13:07.0716 1744 swmsflt (150ab4fa272130ec55b2a4faebdf47f9) C:\Windows\system32\DRIVERS\swmsflt.sys 10:13:07.0716 1744 swmsflt - ok 10:13:07.0747 1744 swmx00 (2712cc6d42f1c620e3b5d81b215b942d) C:\Windows\system32\DRIVERS\swmx00.sys 10:13:07.0747 1744 swmx00 - ok 10:13:07.0794 1744 SWNC5E00 (47edcd5fdd249e5273cb90e56be97a5d) C:\Windows\system32\DRIVERS\SWNC5E00.sys 10:13:07.0794 1744 SWNC5E00 - ok 10:13:07.0840 1744 Symc8xx (192aa3ac01df071b541094f251deed10) C:\Windows\system32\drivers\symc8xx.sys 10:13:07.0840 1744 Symc8xx - ok 10:13:07.0872 1744 Sym_hi (8c8eb8c76736ebaf3b13b633b2e64125) C:\Windows\system32\drivers\sym_hi.sys 10:13:07.0872 1744 Sym_hi - ok 10:13:07.0887 1744 Sym_u3 (8072af52b5fd103bbba387a1e49f62cb) C:\Windows\system32\drivers\sym_u3.sys 10:13:07.0887 1744 Sym_u3 - ok 10:13:07.0934 1744 SynTP (55f6e55cc2430ca8713387106fa79817) C:\Windows\system32\DRIVERS\SynTP.sys 10:13:07.0934 1744 SynTP - ok 10:13:08.0028 1744 Tcpip (782568ab6a43160a159b6215b70bcce9) C:\Windows\system32\drivers\tcpip.sys 10:13:08.0059 1744 Tcpip - ok 10:13:08.0090 1744 Tcpip6 (782568ab6a43160a159b6215b70bcce9) C:\Windows\system32\DRIVERS\tcpip.sys 10:13:08.0090 1744 Tcpip6 - ok 10:13:08.0106 1744 tcpipreg (d4a2e4a4b011f3a883af77315a5ae76b) C:\Windows\system32\drivers\tcpipreg.sys 10:13:08.0106 1744 tcpipreg - ok 10:13:08.0137 1744 tdcmdpst (6fdfba25002ce4bac463ac866ae71405) C:\Windows\system32\DRIVERS\tdcmdpst.sys 10:13:08.0137 1744 tdcmdpst - ok 10:13:08.0152 1744 TDPIPE (5dcf5e267be67a1ae926f2df77fbcc56) C:\Windows\system32\drivers\tdpipe.sys 10:13:08.0152 1744 TDPIPE - ok 10:13:08.0184 1744 TDTCP (389c63e32b3cefed425b61ed92d3f021) C:\Windows\system32\drivers\tdtcp.sys 10:13:08.0199 1744 TDTCP - ok 10:13:08.0215 1744 tdx (d09276b1fab033ce1d40dcbdf303d10f) C:\Windows\system32\DRIVERS\tdx.sys 10:13:08.0215 1744 tdx - ok 10:13:08.0230 1744 TermDD (718b2f4355cd8eb2844741addac0e622) C:\Windows\system32\DRIVERS\termdd.sys 10:13:08.0230 1744 TermDD - ok 10:13:08.0324 1744 tos_sps32 (4399a9bf7d8f49991a07fd86590a1619) C:\Windows\system32\DRIVERS\tos_sps32.sys 10:13:08.0324 1744 tos_sps32 - ok 10:13:08.0355 1744 tssecsrv (dcf0f056a2e4f52287264f5ab29cf206) C:\Windows\system32\DRIVERS\tssecsrv.sys 10:13:08.0355 1744 tssecsrv - ok 10:13:08.0386 1744 tunmp (caecc0120ac49e3d2f758b9169872d38) C:\Windows\system32\DRIVERS\tunmp.sys 10:13:08.0386 1744 tunmp - ok 10:13:08.0449 1744 tunnel (6042505ff6fa9ac1ef7684d0e03b6940) C:\Windows\system32\DRIVERS\tunnel.sys 10:13:08.0449 1744 tunnel - ok 10:13:08.0496 1744 TVALZ (792a8b80f8188aba4b2be271583f3e46) C:\Windows\system32\DRIVERS\TVALZ_O.SYS 10:13:08.0496 1744 TVALZ - ok 10:13:08.0542 1744 uagp35 (7d33c4db2ce363c8518d2dfcf533941f) C:\Windows\system32\drivers\uagp35.sys 10:13:08.0558 1744 uagp35 - ok 10:13:08.0574 1744 udfs (c985b36e127ea9b8a92396120bff52d8) C:\Windows\system32\DRIVERS\udfs.sys 10:13:08.0574 1744 udfs - ok 10:13:08.0636 1744 uliagpkx (b0acfdc9e4af279e9116c03e014b2b27) C:\Windows\system32\drivers\uliagpkx.sys 10:13:08.0636 1744 uliagpkx - ok 10:13:08.0667 1744 uliahci (9224bb254f591de4ca8d572a5f0d635c) C:\Windows\system32\drivers\uliahci.sys 10:13:08.0667 1744 uliahci - ok 10:13:08.0698 1744 UlSata (8514d0e5cd0534467c5fc61be94a569f) C:\Windows\system32\drivers\ulsata.sys 10:13:08.0698 1744 UlSata - ok 10:13:08.0714 1744 ulsata2 (38c3c6e62b157a6bc46594fada45c62b) C:\Windows\system32\drivers\ulsata2.sys 10:13:08.0714 1744 ulsata2 - ok 10:13:08.0776 1744 umbus (32cff9f809ae9aed85464492bf3e32d2) C:\Windows\system32\DRIVERS\umbus.sys 10:13:08.0776 1744 umbus - ok 10:13:08.0839 1744 USBAAPL (1df89c499bf45d878b87ebd4421d462d) C:\Windows\system32\Drivers\usbaapl.sys 10:13:08.0839 1744 USBAAPL - ok 10:13:08.0886 1744 usbaudio (292a25bb75a568ae2c67169ba2c6365a) C:\Windows\system32\drivers\usbaudio.sys 10:13:08.0886 1744 usbaudio - ok 10:13:08.0901 1744 usbccgp (caf811ae4c147ffcd5b51750c7f09142) C:\Windows\system32\DRIVERS\usbccgp.sys 10:13:08.0917 1744 usbccgp - ok 10:13:08.0932 1744 usbcir (e9476e6c486e76bc4898074768fb7131) C:\Windows\system32\drivers\usbcir.sys 10:13:08.0932 1744 usbcir - ok 10:13:08.0995 1744 usbehci (cebe90821810e76320155beba722fcf9) C:\Windows\system32\DRIVERS\usbehci.sys 10:13:08.0995 1744 usbehci - ok 10:13:09.0010 1744 usbhub (cc6b28e4ce39951357963119ce47b143) C:\Windows\system32\DRIVERS\usbhub.sys 10:13:09.0026 1744 usbhub - ok 10:13:09.0042 1744 usbohci (38dbc7dd6cc5a72011f187425384388b) C:\Windows\system32\drivers\usbohci.sys 10:13:09.0042 1744 usbohci - ok 10:13:09.0073 1744 usbprint (e75c4b5269091d15a2e7dc0b6d35f2f5) C:\Windows\system32\DRIVERS\usbprint.sys 10:13:09.0073 1744 usbprint - ok 10:13:09.0135 1744 usbscan (a508c9bd8724980512136b039bba65e9) C:\Windows\system32\DRIVERS\usbscan.sys 10:13:09.0135 1744 usbscan - ok 10:13:09.0151 1744 USBSTOR (87ba6b83c5d19b69160968d07d6e2982) C:\Windows\system32\DRIVERS\USBSTOR.SYS 10:13:09.0151 1744 USBSTOR - ok 10:13:09.0182 1744 usbuhci (814d653efc4d48be3b04a307eceff56f) C:\Windows\system32\DRIVERS\usbuhci.sys 10:13:09.0182 1744 usbuhci - ok 10:13:09.0213 1744 usbvideo (e67998e8f14cb0627a769f6530bcb352) C:\Windows\system32\Drivers\usbvideo.sys 10:13:09.0213 1744 usbvideo - ok 10:13:09.0229 1744 vga (87b06e1f30b749a114f74622d013f8d4) C:\Windows\system32\DRIVERS\vgapnp.sys 10:13:09.0244 1744 vga - ok 10:13:09.0260 1744 VgaSave (2e93ac0a1d8c79d019db6c51f036636c) C:\Windows\System32\drivers\vga.sys 10:13:09.0260 1744 VgaSave - ok 10:13:09.0291 1744 viaagp (5d7159def58a800d5781ba3a879627bc) C:\Windows\system32\drivers\viaagp.sys 10:13:09.0291 1744 viaagp - ok 10:13:09.0307 1744 ViaC7 (c4f3a691b5bad343e6249bd8c2d45dee) C:\Windows\system32\drivers\viac7.sys 10:13:09.0307 1744 ViaC7 - ok 10:13:09.0322 1744 viaide (aadf5587a4063f52c2c3fed7887426fc) C:\Windows\system32\drivers\viaide.sys 10:13:09.0322 1744 viaide - ok 10:13:09.0354 1744 volmgr (bdd98bbe7323fc0975a26373d8050471) C:\Windows\system32\drivers\volmgr.sys 10:13:09.0354 1744 volmgr - ok 10:13:09.0385 1744 volmgrx (98f5ffe6316bd74e9e2c97206c190196) C:\Windows\system32\drivers\volmgrx.sys 10:13:09.0385 1744 volmgrx - ok 10:13:09.0400 1744 volsnap (d8b4a53dd2769f226b3eb374374987c9) C:\Windows\system32\drivers\volsnap.sys 10:13:09.0400 1744 volsnap - ok 10:13:09.0463 1744 vsmraid (587253e09325e6bf226b299774b728a9) C:\Windows\system32\drivers\vsmraid.sys 10:13:09.0463 1744 vsmraid - ok 10:13:09.0494 1744 WacomPen (48dfee8f1af7c8235d4e626f0c4fe031) C:\Windows\system32\drivers\wacompen.sys 10:13:09.0494 1744 WacomPen - ok 10:13:09.0525 1744 Wanarp (55201897378cca7af8b5efd874374a26) C:\Windows\system32\DRIVERS\wanarp.sys 10:13:09.0525 1744 Wanarp - ok 10:13:09.0541 1744 Wanarpv6 (55201897378cca7af8b5efd874374a26) C:\Windows\system32\DRIVERS\wanarp.sys 10:13:09.0541 1744 Wanarpv6 - ok 10:13:09.0588 1744 Wd (78fe9542363f297b18c027b2d7e7c07f) C:\Windows\system32\drivers\wd.sys 10:13:09.0588 1744 Wd - ok 10:13:09.0619 1744 Wdf01000 (b6f0a7ad6d4bd325fbcd8bac96cd8d96) C:\Windows\system32\drivers\Wdf01000.sys 10:13:09.0634 1744 Wdf01000 - ok 10:13:09.0712 1744 WinUSB (f03110711b17ad31271cb2baf0dbb2b1) C:\Windows\system32\DRIVERS\WinUSB.sys 10:13:09.0712 1744 WinUSB - ok 10:13:09.0759 1744 WmiAcpi (2e7255d172df0b8283cdfb7b433b864e) C:\Windows\system32\drivers\wmiacpi.sys 10:13:09.0775 1744 WmiAcpi - ok 10:13:09.0837 1744 WpdUsb (0cec23084b51b8288099eb710224e955) C:\Windows\system32\DRIVERS\wpdusb.sys 10:13:09.0837 1744 WpdUsb - ok 10:13:09.0884 1744 ws2ifsl (e3a3cb253c0ec2494d4a61f5e43a389c) C:\Windows\system32\drivers\ws2ifsl.sys 10:13:09.0884 1744 ws2ifsl - ok 10:13:09.0946 1744 WUDFRd (ac13cb789d93412106b0fb6c7eb2bcb6) C:\Windows\system32\DRIVERS\WUDFRd.sys 10:13:09.0946 1744 WUDFRd - ok 10:13:09.0978 1744 MBR (0x1B8) (2eba834febf4b719d36003336ff4dced) \Device\Harddisk0\DR0 10:13:09.0978 1744 \Device\Harddisk0\DR0 ( Rootkit.Win32.TDSS.tdl4 ) - infected 10:13:09.0978 1744 \Device\Harddisk0\DR0 - detected Rootkit.Win32.TDSS.tdl4 (0) 10:13:09.0993 1744 Boot (0x1200) (5bf2fe7ee6c387472df1bcca228532aa) \Device\Harddisk0\DR0\Partition0 10:13:09.0993 1744 \Device\Harddisk0\DR0\Partition0 - ok 10:13:09.0993 1744 ============================================================ 10:13:09.0993 1744 Scan finished 10:13:09.0993 1744 ============================================================ 10:13:10.0087 4100 Detected object count: 1 10:13:10.0087 4100 Actual detected object count: 1 10:13:58.0540 4100 \Device\Harddisk0\DR0 ( Rootkit.Win32.TDSS.tdl4 ) - will be cured on reboot 10:13:58.0540 4100 \Device\Harddisk0\DR0 - ok 10:13:58.0540 4100 \Device\Harddisk0\DR0 ( Rootkit.Win32.TDSS.tdl4 ) - User select action: Cure 10:14:02.0019 4520 Deinitialize success I rebooted and the problem has not recurred.