Jump to content

I am infected! Please help!


Recommended Posts

Hello CTREESE and welcome to Malwarebytes! :welcome:

I am D-FRED-BROWN and I will be helping you. :)

Please print or save this topic: it will make it easier for you to follow the instructions and complete all of the necessary steps.

-------------

Please download to your Desktop:

  • TDSSKiller.zip from here and extract it (right click on it => "Extract here").

>>> TDSSKiller: Double-click on TDSSKiller.exe to run the application.

  • Click on the Start Scan button and wait for the scan and disinfection process to be over.
  • If an infected file is detected, the default action will be Cure, click on Continue tdsskiller2.png
  • If a suspicious file is detected, the default action will be Skip, click on Continue tdsskiller3.png
  • If you are asked to reboot the computer to complete the process, click on the Reboot Now button. A report will be automatically saved at the root of the System drive ((usually C:\) in the form of "TDSSKiller.[Version]_[Date]_[Time]_log.txt" (for example, C:\TDSSKiller.2.2.0_20.12.2009_15.31.43_log.txt). Please copy and paste the contents of that file here.
  • If no reboot is required, click on Report. A log file will appear. Please copy and paste the contents of that file in your next reply.

In your next reply, please include the following (you may need to use two posts to get it all in):

  • TDSSKiller_log.txt

how the PC is running now?

-------------

Please download ComboFix.exe. Please visit this webpage for download links, and instructions for running the tool:

http://www.bleepingcomputer.com/combofix/how-to-use-combofix

***IMPORTANT: save ComboFix to your Desktop***

* Ensure you have disabled all anti virus and anti malware programs so they do not interfere with the running of ComboFix.

Please go here to see a list of programs that should be disabled.

**Note: Do not mouseclick ComboFix's window while it's running. That may cause it to stall**

Please include the C:\ComboFix.txt in your next reply for further review.

Also, please let me know if any problems still remain.

-------------

Please download Security Check by screen317 from here or here.

  • Save it to your Desktop.
  • Double click SecurityCheck.exe and follow the onscreen instructions inside of the black box.
  • A Notepad document should open automatically called checkup.txt; please post the contents of that document.

-------------

In your next reply, please include:

  • TDSSKiller logfile
  • C:\ComboFix.txt
  • Security Check checkup.txt

How is your computer running now?

Link to post
Share on other sites

I have attached the logs. I am still being re-directed. However, I noticed that it goes to gamersunite then to the redirected page...

TDSSKiller logfile:

10:20:19.0168 5536 TDSS rootkit removing tool 2.7.37.0 May 23 2012 08:15:30

10:20:19.0716 5536 ============================================================

10:20:19.0716 5536 Current date / time: 2012/05/24 10:20:19.0716

10:20:19.0716 5536 SystemInfo:

10:20:19.0716 5536

10:20:19.0717 5536 OS Version: 6.1.7601 ServicePack: 1.0

10:20:19.0717 5536 Product type: Workstation

10:20:19.0717 5536 ComputerName: CLAY-PC

10:20:19.0717 5536 UserName: Clay

10:20:19.0717 5536 Windows directory: C:\Windows

10:20:19.0717 5536 System windows directory: C:\Windows

10:20:19.0717 5536 Processor architecture: Intel x86

10:20:19.0717 5536 Number of processors: 2

10:20:19.0717 5536 Page size: 0x1000

10:20:19.0717 5536 Boot type: Normal boot

10:20:19.0717 5536 ============================================================

10:20:20.0802 5536 Drive \Device\Harddisk0\DR0 - Size: 0xE8E0DB6000 (931.51 Gb), SectorSize: 0x200, Cylinders: 0x1DB01, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000050

10:20:20.0806 5536 ============================================================

10:20:20.0806 5536 \Device\Harddisk0\DR0:

10:20:20.0806 5536 MBR partitions:

10:20:20.0806 5536 \Device\Harddisk0\DR0\Partition0: MBR, Type 0x7, StartLBA 0x37000, BlocksNum 0x187F000

10:20:20.0806 5536 \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x18B6000, BlocksNum 0x1B8F2800

10:20:20.0806 5536 ============================================================

10:20:20.0832 5536 C: <-> \Device\Harddisk0\DR0\Partition1

10:20:20.0832 5536 ============================================================

10:20:20.0832 5536 Initialize success

10:20:20.0832 5536 ============================================================

10:20:35.0990 3524 ============================================================

10:20:35.0990 3524 Scan started

10:20:35.0991 3524 Mode: Manual;

10:20:35.0991 3524 ============================================================

10:20:36.0710 3524 1394ohci (1b133875b8aa8ac48969bd3458afe9f5) C:\Windows\system32\drivers\1394ohci.sys

10:20:36.0713 3524 1394ohci - ok

10:20:36.0748 3524 ACPI (cea80c80bed809aa0da6febc04733349) C:\Windows\system32\drivers\ACPI.sys

10:20:36.0752 3524 ACPI - ok

10:20:36.0780 3524 AcpiPmi (1efbc664abff416d1d07db115dcb264f) C:\Windows\system32\drivers\acpipmi.sys

10:20:36.0781 3524 AcpiPmi - ok

10:20:36.0854 3524 ACT! Scheduler (630d2c9d36dad22829c95c55d36ba5cc) C:\Program Files\ACT\Act for Windows\Act.Scheduler.exe

10:20:36.0856 3524 ACT! Scheduler - ok

10:20:36.0902 3524 adp94xx (21e785ebd7dc90a06391141aac7892fb) C:\Windows\system32\DRIVERS\adp94xx.sys

10:20:36.0922 3524 adp94xx - ok

10:20:36.0937 3524 adpahci (0c676bc278d5b59ff5abd57bbe9123f2) C:\Windows\system32\DRIVERS\adpahci.sys

10:20:36.0941 3524 adpahci - ok

10:20:36.0950 3524 adpu320 (7c7b5ee4b7b822ec85321fe23a27db33) C:\Windows\system32\DRIVERS\adpu320.sys

10:20:36.0953 3524 adpu320 - ok

10:20:36.0974 3524 AeLookupSvc (8b5eefeec1e6d1a72a06c526628ad161) C:\Windows\System32\aelupsvc.dll

10:20:36.0975 3524 AeLookupSvc - ok

10:20:37.0033 3524 AFD (9ebbba55060f786f0fcaa3893bfa2806) C:\Windows\system32\drivers\afd.sys

10:20:37.0037 3524 AFD - ok

10:20:37.0069 3524 agp440 (507812c3054c21cef746b6ee3d04dd6e) C:\Windows\system32\drivers\agp440.sys

10:20:37.0070 3524 agp440 - ok

10:20:37.0090 3524 aic78xx (8b30250d573a8f6b4bd23195160d8707) C:\Windows\system32\DRIVERS\djsvs.sys

10:20:37.0091 3524 aic78xx - ok

10:20:37.0122 3524 ALG (18a54e132947cd98fea9accc57f98f13) C:\Windows\System32\alg.exe

10:20:37.0124 3524 ALG - ok

10:20:37.0141 3524 aliide (0d40bcf52ea90fc7df2aeab6503dea44) C:\Windows\system32\drivers\aliide.sys

10:20:37.0142 3524 aliide - ok

10:20:37.0192 3524 AMD External Events Utility (b370e3f0bdd30a3a5082263461fd90aa) C:\Windows\system32\atiesrxx.exe

10:20:37.0195 3524 AMD External Events Utility - ok

10:20:37.0217 3524 amdagp (3c6600a0696e90a463771c7422e23ab5) C:\Windows\system32\drivers\amdagp.sys

10:20:37.0219 3524 amdagp - ok

10:20:37.0231 3524 amdide (cd5914170297126b6266860198d1d4f0) C:\Windows\system32\drivers\amdide.sys

10:20:37.0232 3524 amdide - ok

10:20:37.0245 3524 AmdK8 (00dda200d71bac534bf56a9db5dfd666) C:\Windows\system32\DRIVERS\amdk8.sys

10:20:37.0247 3524 AmdK8 - ok

10:20:37.0262 3524 AmdPPM (3cbf30f5370fda40dd3e87df38ea53b6) C:\Windows\system32\DRIVERS\amdppm.sys

10:20:37.0263 3524 AmdPPM - ok

10:20:37.0277 3524 amdsata (d320bf87125326f996d4904fe24300fc) C:\Windows\system32\drivers\amdsata.sys

10:20:37.0279 3524 amdsata - ok

10:20:37.0302 3524 amdsbs (ea43af0c423ff267355f74e7a53bdaba) C:\Windows\system32\DRIVERS\amdsbs.sys

10:20:37.0304 3524 amdsbs - ok

10:20:37.0318 3524 amdxata (46387fb17b086d16dea267d5be23a2f2) C:\Windows\system32\drivers\amdxata.sys

10:20:37.0319 3524 amdxata - ok

10:20:37.0471 3524 AOL ACS (85180cf88c5ebad73b452a43a004ca51) C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe

10:20:37.0527 3524 AOL ACS - ok

10:20:37.0614 3524 AppID (aea177f783e20150ace5383ee368da19) C:\Windows\system32\drivers\appid.sys

10:20:37.0616 3524 AppID - ok

10:20:37.0635 3524 AppIDSvc (62a9c86cb6085e20db4823e4e97826f5) C:\Windows\System32\appidsvc.dll

10:20:37.0636 3524 AppIDSvc - ok

10:20:37.0662 3524 Appinfo (fb1959012294d6ad43e5304df65e3c26) C:\Windows\System32\appinfo.dll

10:20:37.0663 3524 Appinfo - ok

10:20:37.0671 3524 arc (2932004f49677bd84dbc72edb754ffb3) C:\Windows\system32\DRIVERS\arc.sys

10:20:37.0673 3524 arc - ok

10:20:37.0680 3524 arcsas (5d6f36c46fd283ae1b57bd2e9feb0bc7) C:\Windows\system32\DRIVERS\arcsas.sys

10:20:37.0684 3524 arcsas - ok

10:20:37.0693 3524 AsyncMac (add2ade1c2b285ab8378d2daaf991481) C:\Windows\system32\DRIVERS\asyncmac.sys

10:20:37.0694 3524 AsyncMac - ok

10:20:37.0710 3524 atapi (338c86357871c167a96ab976519bf59e) C:\Windows\system32\drivers\atapi.sys

10:20:37.0710 3524 atapi - ok

10:20:37.0898 3524 atikmdag (b9290cf76263838ed609f3bdb6ad07ec) C:\Windows\system32\DRIVERS\atikmdag.sys

10:20:37.0989 3524 atikmdag - ok

10:20:38.0091 3524 AudioEndpointBuilder (ce3b4e731638d2ef62fcb419be0d39f0) C:\Windows\System32\Audiosrv.dll

10:20:38.0108 3524 AudioEndpointBuilder - ok

10:20:38.0115 3524 Audiosrv (ce3b4e731638d2ef62fcb419be0d39f0) C:\Windows\System32\Audiosrv.dll

10:20:38.0119 3524 Audiosrv - ok

10:20:38.0146 3524 AxInstSV (6e30d02aac9cac84f421622e3a2f6178) C:\Windows\System32\AxInstSV.dll

10:20:38.0148 3524 AxInstSV - ok

10:20:38.0186 3524 b06bdrv (1a231abec60fd316ec54c66715543cec) C:\Windows\system32\DRIVERS\bxvbdx.sys

10:20:38.0195 3524 b06bdrv - ok

10:20:38.0255 3524 b57nd60x (bd8869eb9cde6bbe4508d869929869ee) C:\Windows\system32\DRIVERS\b57nd60x.sys

10:20:38.0258 3524 b57nd60x - ok

10:20:38.0279 3524 BDESVC (ee1e9c3bb8228ae423dd38db69128e71) C:\Windows\System32\bdesvc.dll

10:20:38.0283 3524 BDESVC - ok

10:20:38.0303 3524 Beep (505506526a9d467307b3c393dedaf858) C:\Windows\system32\drivers\Beep.sys

10:20:38.0304 3524 Beep - ok

10:20:38.0354 3524 BFE (1e2bac209d184bb851e1a187d8a29136) C:\Windows\System32\bfe.dll

10:20:38.0371 3524 BFE - ok

10:20:38.0421 3524 BITS (e585445d5021971fae10393f0f1c3961) C:\Windows\System32\qmgr.dll

10:20:38.0436 3524 BITS - ok

10:20:38.0456 3524 blbdrive (2287078ed48fcfc477b05b20cf38f36f) C:\Windows\system32\DRIVERS\blbdrive.sys

10:20:38.0457 3524 blbdrive - ok

10:20:38.0481 3524 bowser (8f2da3028d5fcbd1a060a3de64cd6506) C:\Windows\system32\DRIVERS\bowser.sys

10:20:38.0482 3524 bowser - ok

10:20:38.0549 3524 BrcmMgmtAgent (e7ca80fa5a7e82ed87e8140e0bdfa13b) C:\Program Files\Broadcom\MgmtAgent\BrcmMgmtAgent.exe

10:20:38.0551 3524 BrcmMgmtAgent - ok

10:20:38.0571 3524 BrFiltLo (9f9acc7f7ccde8a15c282d3f88b43309) C:\Windows\system32\DRIVERS\BrFiltLo.sys

10:20:38.0573 3524 BrFiltLo - ok

10:20:38.0589 3524 BrFiltUp (56801ad62213a41f6497f96dee83755a) C:\Windows\system32\DRIVERS\BrFiltUp.sys

10:20:38.0590 3524 BrFiltUp - ok

10:20:38.0614 3524 Browser (6e11f33d14d020f58d5e02e4d67dfa19) C:\Windows\System32\browser.dll

10:20:38.0616 3524 Browser - ok

10:20:38.0644 3524 Brserid (845b8ce732e67f3b4133164868c666ea) C:\Windows\System32\Drivers\Brserid.sys

10:20:38.0648 3524 Brserid - ok

10:20:38.0661 3524 BrSerWdm (203f0b1e73adadbbb7b7b1fabd901f6b) C:\Windows\System32\Drivers\BrSerWdm.sys

10:20:38.0662 3524 BrSerWdm - ok

10:20:38.0667 3524 BrUsbMdm (bd456606156ba17e60a04e18016ae54b) C:\Windows\System32\Drivers\BrUsbMdm.sys

10:20:38.0668 3524 BrUsbMdm - ok

10:20:38.0673 3524 BrUsbSer (af72ed54503f717a43268b3cc5faec2e) C:\Windows\System32\Drivers\BrUsbSer.sys

10:20:38.0674 3524 BrUsbSer - ok

10:20:38.0682 3524 BTHMODEM (ed3df7c56ce0084eb2034432fc56565a) C:\Windows\system32\DRIVERS\bthmodem.sys

10:20:38.0684 3524 BTHMODEM - ok

10:20:38.0712 3524 bthserv (1df19c96eef6c29d1c3e1a8678e07190) C:\Windows\system32\bthserv.dll

10:20:38.0713 3524 bthserv - ok

10:20:38.0718 3524 cdfs (77ea11b065e0a8ab902d78145ca51e10) C:\Windows\system32\DRIVERS\cdfs.sys

10:20:38.0720 3524 cdfs - ok

10:20:38.0758 3524 cdrom (be167ed0fdb9c1fa1133953c18d5a6c9) C:\Windows\system32\drivers\cdrom.sys

10:20:38.0760 3524 cdrom - ok

10:20:38.0788 3524 CertPropSvc (319c6b309773d063541d01df8ac6f55f) C:\Windows\System32\certprop.dll

10:20:38.0790 3524 CertPropSvc - ok

10:20:38.0795 3524 circlass (3fe3fe94a34df6fb06e6418d0f6a0060) C:\Windows\system32\DRIVERS\circlass.sys

10:20:38.0796 3524 circlass - ok

10:20:38.0823 3524 CLFS (635181e0e9bbf16871bf5380d71db02d) C:\Windows\system32\CLFS.sys

10:20:38.0825 3524 CLFS - ok

10:20:38.0885 3524 clr_optimization_v2.0.50727_32 (d88040f816fda31c3b466f0fa0918f29) C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe

10:20:38.0887 3524 clr_optimization_v2.0.50727_32 - ok

10:20:38.0962 3524 clr_optimization_v4.0.30319_32 (c5a75eb48e2344abdc162bda79e16841) C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe

10:20:38.0964 3524 clr_optimization_v4.0.30319_32 - ok

10:20:38.0969 3524 CmBatt (dea805815e587dad1dd2c502220b5616) C:\Windows\system32\DRIVERS\CmBatt.sys

10:20:38.0970 3524 CmBatt - ok

10:20:38.0999 3524 cmdide (c537b1db64d495b9b4717b4d6d9edbf2) C:\Windows\system32\drivers\cmdide.sys

10:20:39.0000 3524 cmdide - ok

10:20:39.0046 3524 CNG (6427525d76f61d0c519b008d3680e8e7) C:\Windows\system32\Drivers\cng.sys

10:20:39.0051 3524 CNG - ok

10:20:39.0055 3524 Compbatt (a6023d3823c37043986713f118a89bee) C:\Windows\system32\DRIVERS\compbatt.sys

10:20:39.0058 3524 Compbatt - ok

10:20:39.0097 3524 CompositeBus (cbe8c58a8579cfe5fccf809e6f114e89) C:\Windows\system32\drivers\CompositeBus.sys

10:20:39.0098 3524 CompositeBus - ok

10:20:39.0104 3524 COMSysApp - ok

10:20:39.0111 3524 crcdisk (2c4ebcfc84a9b44f209dff6c6e6c61d1) C:\Windows\system32\DRIVERS\crcdisk.sys

10:20:39.0112 3524 crcdisk - ok

10:20:39.0154 3524 CryptSvc (a585bebf7d054bd9618eda0922d5484a) C:\Windows\system32\cryptsvc.dll

10:20:39.0156 3524 CryptSvc - ok

10:20:39.0185 3524 DcomLaunch (7660f01d3b38aca1747e397d21d790af) C:\Windows\system32\rpcss.dll

10:20:39.0190 3524 DcomLaunch - ok

10:20:39.0215 3524 defragsvc (8d6e10a2d9a5eed59562d9b82cf804e1) C:\Windows\System32\defragsvc.dll

10:20:39.0219 3524 defragsvc - ok

10:20:39.0248 3524 DfsC (f024449c97ec1e464aaffda18593db88) C:\Windows\system32\Drivers\dfsc.sys

10:20:39.0250 3524 DfsC - ok

10:20:39.0273 3524 Dhcp (e9e01eb683c132f7fa27cd607b8a2b63) C:\Windows\system32\dhcpcore.dll

10:20:39.0278 3524 Dhcp - ok

10:20:39.0285 3524 discache (1a050b0274bfb3890703d490f330c0da) C:\Windows\system32\drivers\discache.sys

10:20:39.0287 3524 discache - ok

10:20:39.0305 3524 Disk (565003f326f99802e68ca78f2a68e9ff) C:\Windows\system32\DRIVERS\disk.sys

10:20:39.0307 3524 Disk - ok

10:20:39.0364 3524 DM150Drv (c1e8f827343c65957f76487677711dfa) C:\Windows\system32\DRIVERS\DM150Drv.sys

10:20:39.0366 3524 DM150Drv - ok

10:20:39.0395 3524 Dnscache (33ef4861f19a0736b11314aad9ae28d0) C:\Windows\System32\dnsrslvr.dll

10:20:39.0398 3524 Dnscache - ok

10:20:39.0423 3524 dot3svc (366ba8fb4b7bb7435e3b9eacb3843f67) C:\Windows\System32\dot3svc.dll

10:20:39.0428 3524 dot3svc - ok

10:20:39.0464 3524 DPS (8ec04ca86f1d68da9e11952eb85973d6) C:\Windows\system32\dps.dll

10:20:39.0465 3524 DPS - ok

10:20:39.0493 3524 drmkaud (b918e7c5f9bf77202f89e1a9539f2eb4) C:\Windows\system32\drivers\drmkaud.sys

10:20:39.0494 3524 drmkaud - ok

10:20:39.0545 3524 DXGKrnl (23f5d28378a160352ba8f817bd8c71cb) C:\Windows\System32\drivers\dxgkrnl.sys

10:20:39.0556 3524 DXGKrnl - ok

10:20:39.0577 3524 EapHost (8600142fa91c1b96367d3300ad0f3f3a) C:\Windows\System32\eapsvc.dll

10:20:39.0580 3524 EapHost - ok

10:20:39.0721 3524 ebdrv (024e1b5cac09731e4d868e64dbfb4ab0) C:\Windows\system32\DRIVERS\evbdx.sys

10:20:39.0781 3524 ebdrv - ok

10:20:39.0871 3524 EFS (81951f51e318aecc2d68559e47485cc4) C:\Windows\System32\lsass.exe

10:20:39.0875 3524 EFS - ok

10:20:39.0932 3524 ehRecvr (a8c362018efc87beb013ee28f29c0863) C:\Windows\ehome\ehRecvr.exe

10:20:39.0948 3524 ehRecvr - ok

10:20:39.0968 3524 ehSched (d389bff34f80caede417bf9d1507996a) C:\Windows\ehome\ehsched.exe

10:20:39.0970 3524 ehSched - ok

10:20:40.0019 3524 elxstor (0ed67910c8c326796faa00b2bf6d9d3c) C:\Windows\system32\DRIVERS\elxstor.sys

10:20:40.0037 3524 elxstor - ok

10:20:40.0060 3524 ErrDev (8fc3208352dd3912c94367a206ab3f11) C:\Windows\system32\drivers\errdev.sys

10:20:40.0062 3524 ErrDev - ok

10:20:40.0099 3524 EventSystem (f6916efc29d9953d5d0df06882ae8e16) C:\Windows\system32\es.dll

10:20:40.0100 3524 EventSystem - ok

10:20:40.0116 3524 exfat (2dc9108d74081149cc8b651d3a26207f) C:\Windows\system32\drivers\exfat.sys

10:20:40.0118 3524 exfat - ok

10:20:40.0141 3524 fastfat (7e0ab74553476622fb6ae36f73d97d35) C:\Windows\system32\drivers\fastfat.sys

10:20:40.0143 3524 fastfat - ok

10:20:40.0182 3524 Fax (967ea5b213e9984cbe270205df37755b) C:\Windows\system32\fxssvc.exe

10:20:40.0198 3524 Fax - ok

10:20:40.0202 3524 fdc (e817a017f82df2a1f8cfdbda29388b29) C:\Windows\system32\DRIVERS\fdc.sys

10:20:40.0203 3524 fdc - ok

10:20:40.0218 3524 fdPHost (f3222c893bd2f5821a0179e5c71e88fb) C:\Windows\system32\fdPHost.dll

10:20:40.0219 3524 fdPHost - ok

10:20:40.0231 3524 FDResPub (7dbe8cbfe79efbdeb98c9fb08d3a9a5b) C:\Windows\system32\fdrespub.dll

10:20:40.0232 3524 FDResPub - ok

10:20:40.0240 3524 FileInfo (6cf00369c97f3cf563be99be983d13d8) C:\Windows\system32\drivers\fileinfo.sys

10:20:40.0242 3524 FileInfo - ok

10:20:40.0259 3524 Filetrace (42c51dc94c91da21cb9196eb64c45db9) C:\Windows\system32\drivers\filetrace.sys

10:20:40.0260 3524 Filetrace - ok

10:20:40.0339 3524 FLEXnet Licensing Service (f76d04f7413b07daa029f6520b64b4e8) C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe

10:20:40.0352 3524 FLEXnet Licensing Service - ok

10:20:40.0357 3524 flpydisk (87907aa70cb3c56600f1c2fb8841579b) C:\Windows\system32\DRIVERS\flpydisk.sys

10:20:40.0357 3524 flpydisk - ok

10:20:40.0375 3524 FltMgr (7520ec808e0c35e0ee6f841294316653) C:\Windows\system32\drivers\fltmgr.sys

10:20:40.0378 3524 FltMgr - ok

10:20:40.0425 3524 FontCache (b3a5ec6b6b6673db7e87c2bcdbddc074) C:\Windows\system32\FntCache.dll

10:20:40.0446 3524 FontCache - ok

10:20:40.0483 3524 FontCache3.0.0.0 (e56f39f6b7fda0ac77a79b0fd3de1a2f) C:\Windows\Microsoft.Net\Framework\v3.0\WPF\PresentationFontCache.exe

10:20:40.0484 3524 FontCache3.0.0.0 - ok

10:20:40.0491 3524 FsDepends (1a16b57943853e598cff37fe2b8cbf1d) C:\Windows\system32\drivers\FsDepends.sys

10:20:40.0493 3524 FsDepends - ok

10:20:40.0517 3524 Fs_Rec (7dae5ebcc80e45d3253f4923dc424d05) C:\Windows\system32\drivers\Fs_Rec.sys

10:20:40.0518 3524 Fs_Rec - ok

10:20:40.0533 3524 fvevol (8a73e79089b282100b9393b644cb853b) C:\Windows\system32\DRIVERS\fvevol.sys

10:20:40.0535 3524 fvevol - ok

10:20:40.0542 3524 gagp30kx (65ee0c7a58b65e74ae05637418153938) C:\Windows\system32\DRIVERS\gagp30kx.sys

10:20:40.0543 3524 gagp30kx - ok

10:20:40.0599 3524 gpsvc (e897eaf5ed6ba41e081060c9b447a673) C:\Windows\System32\gpsvc.dll

10:20:40.0613 3524 gpsvc - ok

10:20:40.0622 3524 hcw85cir (c44e3c2bab6837db337ddee7544736db) C:\Windows\system32\drivers\hcw85cir.sys

10:20:40.0623 3524 hcw85cir - ok

10:20:40.0654 3524 HDAudBus (9036377b8a6c15dc2eec53e489d159b5) C:\Windows\system32\drivers\HDAudBus.sys

10:20:40.0655 3524 HDAudBus - ok

10:20:40.0660 3524 HidBatt (1d58a7f3e11a9731d0eaaaa8405acc36) C:\Windows\system32\DRIVERS\HidBatt.sys

10:20:40.0661 3524 HidBatt - ok

10:20:40.0669 3524 HidBth (89448f40e6df260c206a193a4683ba78) C:\Windows\system32\DRIVERS\hidbth.sys

10:20:40.0671 3524 HidBth - ok

10:20:40.0684 3524 HidIr (cf50b4cf4a4f229b9f3c08351f99ca5e) C:\Windows\system32\DRIVERS\hidir.sys

10:20:40.0686 3524 HidIr - ok

10:20:40.0774 3524 hidserv (2bc6f6a1992b3a77f5f41432ca6b3b6b) C:\Windows\system32\hidserv.dll

10:20:40.0777 3524 hidserv - ok

10:20:40.0802 3524 HidUsb (10c19f8290891af023eaec0832e1eb4d) C:\Windows\system32\DRIVERS\hidusb.sys

10:20:40.0804 3524 HidUsb - ok

10:20:40.0821 3524 hkmsvc (196b4e3f4cccc24af836ce58facbb699) C:\Windows\system32\kmsvc.dll

10:20:40.0824 3524 hkmsvc - ok

10:20:40.0841 3524 HomeGroupListener (6658f4404de03d75fe3ba09f7aba6a30) C:\Windows\system32\ListSvc.dll

10:20:40.0844 3524 HomeGroupListener - ok

10:20:40.0874 3524 HomeGroupProvider (dbc02d918fff1cad628acbe0c0eaa8e8) C:\Windows\system32\provsvc.dll

10:20:40.0879 3524 HomeGroupProvider - ok

10:20:40.0899 3524 HpSAMD (295fdc419039090eb8b49ffdbb374549) C:\Windows\system32\drivers\HpSAMD.sys

10:20:40.0900 3524 HpSAMD - ok

10:20:40.0990 3524 HPSLPSVC (a04f4ac48895774a2cf9d1c9eaaacef0) C:\Program Files\HP\Digital Imaging\bin\HPSLPSVC32.DLL

10:20:41.0003 3524 HPSLPSVC - ok

10:20:41.0050 3524 HTTP (871917b07a141bff43d76d8844d48106) C:\Windows\system32\drivers\HTTP.sys

10:20:41.0057 3524 HTTP - ok

10:20:41.0065 3524 hwpolicy (0c4e035c7f105f1299258c90886c64c5) C:\Windows\system32\drivers\hwpolicy.sys

10:20:41.0067 3524 hwpolicy - ok

10:20:41.0095 3524 i8042prt (f151f0bdc47f4a28b1b20a0818ea36d6) C:\Windows\system32\drivers\i8042prt.sys

10:20:41.0096 3524 i8042prt - ok

10:20:41.0145 3524 iaStorV (5cd5f9a5444e6cdcb0ac89bd62d8b76e) C:\Windows\system32\drivers\iaStorV.sys

10:20:41.0149 3524 iaStorV - ok

10:20:41.0208 3524 idsvc (c521d7eb6497bb1af6afa89e322fb43c) C:\Windows\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe

10:20:41.0226 3524 idsvc - ok

10:20:41.0231 3524 iirsp (4173ff5708f3236cf25195fecd742915) C:\Windows\system32\DRIVERS\iirsp.sys

10:20:41.0232 3524 iirsp - ok

10:20:41.0277 3524 IKEEXT (f95622f161474511b8d80d6b093aa610) C:\Windows\System32\ikeext.dll

10:20:41.0290 3524 IKEEXT - ok

10:20:41.0435 3524 IntcAzAudAddService (2d8d9516281e27a721897a388f17defb) C:\Windows\system32\drivers\RTDVHDA.sys

10:20:41.0491 3524 IntcAzAudAddService - ok

10:20:41.0564 3524 intelide (a0f12f2c9ba6c72f3987ce780e77c130) C:\Windows\system32\drivers\intelide.sys

10:20:41.0565 3524 intelide - ok

10:20:41.0584 3524 intelppm (3b514d27bfc4accb4037bc6685f766e0) C:\Windows\system32\DRIVERS\intelppm.sys

10:20:41.0586 3524 intelppm - ok

10:20:41.0622 3524 IPBusEnum (acb364b9075a45c0736e5c47be5cae19) C:\Windows\system32\ipbusenum.dll

10:20:41.0625 3524 IPBusEnum - ok

10:20:41.0632 3524 IpFilterDriver (709d1761d3b19a932ff0238ea6d50200) C:\Windows\system32\DRIVERS\ipfltdrv.sys

10:20:41.0633 3524 IpFilterDriver - ok

10:20:41.0690 3524 iphlpsvc (4d65a07b795d6674312f879d09aa7663) C:\Windows\System32\iphlpsvc.dll

10:20:41.0706 3524 iphlpsvc - ok

10:20:41.0741 3524 IPMIDRV (4bd7134618c1d2a27466a099062547bf) C:\Windows\system32\drivers\IPMIDrv.sys

10:20:41.0743 3524 IPMIDRV - ok

10:20:41.0752 3524 IPNAT (a5fa468d67abcdaa36264e463a7bb0cd) C:\Windows\system32\drivers\ipnat.sys

10:20:41.0754 3524 IPNAT - ok

10:20:41.0772 3524 IRENUM (42996cff20a3084a56017b7902307e9f) C:\Windows\system32\drivers\irenum.sys

10:20:41.0773 3524 IRENUM - ok

10:20:41.0778 3524 isapnp (1f32bb6b38f62f7df1a7ab7292638a35) C:\Windows\system32\drivers\isapnp.sys

10:20:41.0779 3524 isapnp - ok

10:20:41.0818 3524 iScsiPrt (cb7a9abb12b8415bce5d74994c7ba3ae) C:\Windows\system32\drivers\msiscsi.sys

10:20:41.0821 3524 iScsiPrt - ok

10:20:41.0868 3524 k57nd60x (51b719f0bce4430a6eaad43fb9ff61a3) C:\Windows\system32\DRIVERS\k57nd60x.sys

10:20:41.0873 3524 k57nd60x - ok

10:20:41.0883 3524 kbdclass (adef52ca1aeae82b50df86b56413107e) C:\Windows\system32\DRIVERS\kbdclass.sys

10:20:41.0884 3524 kbdclass - ok

10:20:41.0920 3524 kbdhid (9e3ced91863e6ee98c24794d05e27a71) C:\Windows\system32\DRIVERS\kbdhid.sys

10:20:41.0922 3524 kbdhid - ok

10:20:41.0954 3524 KeyIso (81951f51e318aecc2d68559e47485cc4) C:\Windows\system32\lsass.exe

10:20:41.0957 3524 KeyIso - ok

10:20:41.0975 3524 KSecDD (f4647bb23db9038a7536cf6b68f4207f) C:\Windows\system32\Drivers\ksecdd.sys

10:20:41.0977 3524 KSecDD - ok

10:20:42.0012 3524 KSecPkg (e73cae53bbb72ba26918492c6b4c229d) C:\Windows\system32\Drivers\ksecpkg.sys

10:20:42.0014 3524 KSecPkg - ok

10:20:42.0048 3524 KtmRm (89a7b9cc98d0d80c6f31b91c0a310fcd) C:\Windows\system32\msdtckrm.dll

10:20:42.0054 3524 KtmRm - ok

10:20:42.0098 3524 LanmanServer (d64af876d53eca3668bb97b51b4e70ab) C:\Windows\system32\srvsvc.dll

10:20:42.0103 3524 LanmanServer - ok

10:20:42.0134 3524 LanmanWorkstation (58405e4f68ba8e4057c6e914f326aba2) C:\Windows\System32\wkssvc.dll

10:20:42.0138 3524 LanmanWorkstation - ok

10:20:42.0166 3524 lltdio (f7611ec07349979da9b0ae1f18ccc7a6) C:\Windows\system32\DRIVERS\lltdio.sys

10:20:42.0167 3524 lltdio - ok

10:20:42.0189 3524 lltdsvc (5700673e13a2117fa3b9020c852c01e2) C:\Windows\System32\lltdsvc.dll

10:20:42.0193 3524 lltdsvc - ok

10:20:42.0206 3524 lmhosts (55ca01ba19d0006c8f2639b6c045e08b) C:\Windows\System32\lmhsvc.dll

10:20:42.0209 3524 lmhosts - ok

10:20:42.0219 3524 LSI_FC (eb119a53ccf2acc000ac71b065b78fef) C:\Windows\system32\DRIVERS\lsi_fc.sys

10:20:42.0220 3524 LSI_FC - ok

10:20:42.0227 3524 LSI_SAS (8ade1c877256a22e49b75d1cc9161f9c) C:\Windows\system32\DRIVERS\lsi_sas.sys

10:20:42.0228 3524 LSI_SAS - ok

10:20:42.0233 3524 LSI_SAS2 (dc9dc3d3daa0e276fd2ec262e38b11e9) C:\Windows\system32\DRIVERS\lsi_sas2.sys

10:20:42.0234 3524 LSI_SAS2 - ok

10:20:42.0240 3524 LSI_SCSI (0a036c7d7cab643a7f07135ac47e0524) C:\Windows\system32\DRIVERS\lsi_scsi.sys

10:20:42.0242 3524 LSI_SCSI - ok

10:20:42.0259 3524 luafv (6703e366cc18d3b6e534f5cf7df39cee) C:\Windows\system32\drivers\luafv.sys

10:20:42.0260 3524 luafv - ok

10:20:42.0283 3524 MBAMProtector (fb097bbc1a18f044bd17bd2fccf97865) C:\Windows\system32\drivers\mbam.sys

10:20:42.0284 3524 MBAMProtector - ok

10:20:42.0359 3524 MBAMService (ba400ed640bca1eae5c727ae17c10207) C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe

10:20:42.0364 3524 MBAMService - ok

10:20:42.0422 3524 McAfee SiteAdvisor Enterprise Service (4f2d526298cbc517edb82501e8041112) C:\Program Files\McAfee\SiteAdvisor Enterprise\McSACore.exe

10:20:42.0426 3524 McAfee SiteAdvisor Enterprise Service - ok

10:20:42.0480 3524 McShield (1fe222eaf4ba73ced5a0707b38f3c0b1) C:\Program Files\Common Files\McAfee\SystemCore\\mcshield.exe

10:20:42.0483 3524 McShield - ok

10:20:42.0520 3524 Mcx2Svc (bfb9ee8ee977efe85d1a3105abef6dd1) C:\Windows\system32\Mcx2Svc.dll

10:20:42.0524 3524 Mcx2Svc - ok

10:20:42.0558 3524 megasas (0fff5b045293002ab38eb1fd1fc2fb74) C:\Windows\system32\DRIVERS\megasas.sys

10:20:42.0559 3524 megasas - ok

10:20:42.0573 3524 MegaSR (dcbab2920c75f390caf1d29f675d03d6) C:\Windows\system32\DRIVERS\MegaSR.sys

10:20:42.0577 3524 MegaSR - ok

10:20:42.0594 3524 mfeapfk (37364b530339ff0b0ababc8df1c532c3) C:\Windows\system32\drivers\mfeapfk.sys

10:20:42.0597 3524 mfeapfk - ok

10:20:42.0636 3524 mfeavfk (cd2a8a43bd6b0d15a3255829b1778285) C:\Windows\system32\drivers\mfeavfk.sys

10:20:42.0639 3524 mfeavfk - ok

10:20:42.0663 3524 mfeavfk01 - ok

10:20:42.0686 3524 mfebopk (2cd52e91ba338f10ba14d3f90bbda5e8) C:\Windows\system32\drivers\mfebopk.sys

10:20:42.0687 3524 mfebopk - ok

10:20:42.0711 3524 mfefire (47f47dc4d922085bc178a330fe1748bd) C:\Program Files\Common Files\McAfee\SystemCore\\mfefire.exe

10:20:42.0713 3524 mfefire - ok

10:20:42.0741 3524 mfefirek (2a068871402874cb6487910b904a4321) C:\Windows\system32\drivers\mfefirek.sys

10:20:42.0746 3524 mfefirek - ok

10:20:42.0794 3524 mfehidk (cf669582f5f98c4ba79d59cfe169198b) C:\Windows\system32\drivers\mfehidk.sys

10:20:42.0804 3524 mfehidk - ok

10:20:42.0823 3524 mfenlfk (805b04f90e734e0580efd41fe47b0847) C:\Windows\system32\DRIVERS\mfenlfk.sys

10:20:42.0825 3524 mfenlfk - ok

10:20:42.0847 3524 mferkdet (42f84c2a82a057d74c54ef70e0cf0a2c) C:\Windows\system32\drivers\mferkdet.sys

10:20:42.0849 3524 mferkdet - ok

10:20:42.0865 3524 mfevtp (5339baac5c43ddbdb448863f8ea8fcdc) C:\Windows\system32\mfevtps.exe

10:20:42.0870 3524 mfevtp - ok

10:20:42.0888 3524 mfewfpk (13eaa7dd3bd4ebf6fd5562bf4554f159) C:\Windows\system32\drivers\mfewfpk.sys

10:20:42.0890 3524 mfewfpk - ok

10:20:42.0975 3524 MFE_RR - ok

10:20:42.0997 3524 MMCSS (146b6f43a673379a3c670e86d89be5ea) C:\Windows\system32\mmcss.dll

10:20:42.0999 3524 MMCSS - ok

10:20:43.0005 3524 Modem (f001861e5700ee84e2d4e52c712f4964) C:\Windows\system32\drivers\modem.sys

10:20:43.0006 3524 Modem - ok

10:20:43.0039 3524 monitor (79d10964de86b292320e9dfe02282a23) C:\Windows\system32\DRIVERS\monitor.sys

10:20:43.0040 3524 monitor - ok

10:20:43.0086 3524 mouclass (fb18cc1d4c2e716b6b903b0ac0cc0609) C:\Windows\system32\DRIVERS\mouclass.sys

10:20:43.0087 3524 mouclass - ok

10:20:43.0095 3524 mouhid (2c388d2cd01c9042596cf3c8f3c7b24d) C:\Windows\system32\DRIVERS\mouhid.sys

10:20:43.0097 3524 mouhid - ok

10:20:43.0126 3524 mountmgr (fc8771f45ecccfd89684e38842539b9b) C:\Windows\system32\drivers\mountmgr.sys

10:20:43.0127 3524 mountmgr - ok

10:20:43.0188 3524 MozillaMaintenance (96aa8ba23142cc8e2b30f3cae0c80254) C:\Program Files\Mozilla Maintenance Service\maintenanceservice.exe

10:20:43.0190 3524 MozillaMaintenance - ok

10:20:43.0225 3524 mpio (2d699fb6e89ce0d8da14ecc03b3edfe0) C:\Windows\system32\drivers\mpio.sys

10:20:43.0227 3524 mpio - ok

10:20:43.0242 3524 mpsdrv (ad2723a7b53dd1aacae6ad8c0bfbf4d0) C:\Windows\system32\drivers\mpsdrv.sys

10:20:43.0243 3524 mpsdrv - ok

10:20:43.0298 3524 MpsSvc (9835584e999d25004e1ee8e5f3e3b881) C:\Windows\system32\mpssvc.dll

10:20:43.0313 3524 MpsSvc - ok

10:20:43.0335 3524 MRxDAV (ceb46ab7c01c9f825f8cc6babc18166a) C:\Windows\system32\drivers\mrxdav.sys

10:20:43.0338 3524 MRxDAV - ok

10:20:43.0365 3524 mrxsmb (5d16c921e3671636c0eba3bbaac5fd25) C:\Windows\system32\DRIVERS\mrxsmb.sys

10:20:43.0367 3524 mrxsmb - ok

10:20:43.0386 3524 mrxsmb10 (6d17a4791aca19328c685d256349fefc) C:\Windows\system32\DRIVERS\mrxsmb10.sys

10:20:43.0390 3524 mrxsmb10 - ok

10:20:43.0418 3524 mrxsmb20 (b81f204d146000be76651a50670a5e9e) C:\Windows\system32\DRIVERS\mrxsmb20.sys

10:20:43.0421 3524 mrxsmb20 - ok

10:20:43.0438 3524 msahci (012c5f4e9349e711e11e0f19a8589f0a) C:\Windows\system32\drivers\msahci.sys

10:20:43.0439 3524 msahci - ok

10:20:43.0480 3524 msdsm (55055f8ad8be27a64c831322a780a228) C:\Windows\system32\drivers\msdsm.sys

10:20:43.0483 3524 msdsm - ok

10:20:43.0508 3524 MSDTC (e1bce74a3bd9902b72599c0192a07e27) C:\Windows\System32\msdtc.exe

10:20:43.0511 3524 MSDTC - ok

10:20:43.0531 3524 Msfs (daefb28e3af5a76abcc2c3078c07327f) C:\Windows\system32\drivers\Msfs.sys

10:20:43.0532 3524 Msfs - ok

10:20:43.0540 3524 mshidkmdf (3e1e5767043c5af9367f0056295e9f84) C:\Windows\System32\drivers\mshidkmdf.sys

10:20:43.0541 3524 mshidkmdf - ok

10:20:43.0570 3524 msisadrv (0a4e5757ae09fa9622e3158cc1aef114) C:\Windows\system32\drivers\msisadrv.sys

10:20:43.0571 3524 msisadrv - ok

10:20:43.0609 3524 MSiSCSI (90f7d9e6b6f27e1a707d4a297f077828) C:\Windows\system32\iscsiexe.dll

10:20:43.0613 3524 MSiSCSI - ok

10:20:43.0617 3524 msiserver - ok

10:20:43.0627 3524 MSKSSRV (8c0860d6366aaffb6c5bb9df9448e631) C:\Windows\system32\drivers\MSKSSRV.sys

10:20:43.0628 3524 MSKSSRV - ok

10:20:43.0633 3524 MSPCLOCK (3ea8b949f963562cedbb549eac0c11ce) C:\Windows\system32\drivers\MSPCLOCK.sys

10:20:43.0634 3524 MSPCLOCK - ok

10:20:43.0639 3524 MSPQM (f456e973590d663b1073e9c463b40932) C:\Windows\system32\drivers\MSPQM.sys

10:20:43.0640 3524 MSPQM - ok

10:20:43.0665 3524 MsRPC (0e008fc4819d238c51d7c93e7b41e560) C:\Windows\system32\drivers\MsRPC.sys

10:20:43.0667 3524 MsRPC - ok

10:20:43.0673 3524 mssmbios (fc6b9ff600cc585ea38b12589bd4e246) C:\Windows\system32\drivers\mssmbios.sys

10:20:43.0674 3524 mssmbios - ok

10:20:43.0739 3524 MSSQL$ACT7 - ok

10:20:43.0797 3524 MSSQLServerADHelper100 (8e8e74c953eb0c4f8828d99d6f27fd6f) C:\Program Files\Microsoft SQL Server\100\Shared\SQLADHLP.EXE

10:20:43.0799 3524 MSSQLServerADHelper100 - ok

10:20:43.0803 3524 MSTEE (b42c6b921f61a6e55159b8be6cd54a36) C:\Windows\system32\drivers\MSTEE.sys

10:20:43.0805 3524 MSTEE - ok

10:20:43.0811 3524 MTConfig (33599130f44e1f34631cea241de8ac84) C:\Windows\system32\DRIVERS\MTConfig.sys

10:20:43.0813 3524 MTConfig - ok

10:20:43.0829 3524 Mup (159fad02f64e6381758c990f753bcc80) C:\Windows\system32\Drivers\mup.sys

10:20:43.0830 3524 Mup - ok

10:20:43.0895 3524 myAgtSvc (a35ab0a7a983ebca85805da63d763382) C:\Program Files\McAfee\Managed VirusScan\Agent\myAgtSvc.exe

10:20:43.0898 3524 myAgtSvc - ok

10:20:43.0941 3524 napagent (61d57a5d7c6d9afe10e77dae6e1b445e) C:\Windows\system32\qagentRT.dll

10:20:43.0947 3524 napagent - ok

10:20:43.0978 3524 NativeWifiP (26384429fcd85d83746f63e798ab1480) C:\Windows\system32\DRIVERS\nwifi.sys

10:20:43.0983 3524 NativeWifiP - ok

10:20:44.0035 3524 NDIS (3723262737d90f58059ceda7373b0387) C:\Windows\system32\drivers\ndis.sys

10:20:44.0044 3524 NDIS - ok

10:20:44.0049 3524 NdisCap (0e1787aa6c9191d3d319e8bafe86f80c) C:\Windows\system32\DRIVERS\ndiscap.sys

10:20:44.0051 3524 NdisCap - ok

10:20:44.0074 3524 NdisTapi (e4a8aec125a2e43a9e32afeea7c9c888) C:\Windows\system32\DRIVERS\ndistapi.sys

10:20:44.0075 3524 NdisTapi - ok

10:20:44.0096 3524 Ndisuio (d8a65dafb3eb41cbb622745676fcd072) C:\Windows\system32\DRIVERS\ndisuio.sys

10:20:44.0097 3524 Ndisuio - ok

10:20:44.0126 3524 NdisWan (38fbe267e7e6983311179230facb1017) C:\Windows\system32\DRIVERS\ndiswan.sys

10:20:44.0128 3524 NdisWan - ok

10:20:44.0165 3524 NDProxy (a4bdc541e69674fbff1a8ff00be913f2) C:\Windows\system32\drivers\NDProxy.sys

10:20:44.0166 3524 NDProxy - ok

10:20:44.0203 3524 Net Driver HPZ12 (69c503c004f49aee8b8e3067cc047ba7) C:\Windows\system32\HPZinw12.dll

10:20:44.0206 3524 Net Driver HPZ12 - ok

10:20:44.0222 3524 NetBIOS (80b275b1ce3b0e79909db7b39af74d51) C:\Windows\system32\DRIVERS\netbios.sys

10:20:44.0224 3524 NetBIOS - ok

10:20:44.0258 3524 NetBT (280122ddcf04b378edd1ad54d71c1e54) C:\Windows\system32\DRIVERS\netbt.sys

10:20:44.0261 3524 NetBT - ok

10:20:44.0298 3524 Netlogon (81951f51e318aecc2d68559e47485cc4) C:\Windows\system32\lsass.exe

10:20:44.0300 3524 Netlogon - ok

10:20:44.0339 3524 Netman (7cccfca7510684768da22092d1fa4db2) C:\Windows\System32\netman.dll

10:20:44.0345 3524 Netman - ok

10:20:44.0371 3524 netprofm (8c338238c16777a802d6a9211eb2ba50) C:\Windows\System32\netprofm.dll

10:20:44.0381 3524 netprofm - ok

10:20:44.0460 3524 NetTcpPortSharing (f476ec40033cdb91efbe73eb99b8362d) C:\Windows\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe

10:20:44.0462 3524 NetTcpPortSharing - ok

10:20:44.0485 3524 nfrd960 (1d85c4b390b0ee09c7a46b91efb2c097) C:\Windows\system32\DRIVERS\nfrd960.sys

10:20:44.0486 3524 nfrd960 - ok

10:20:44.0531 3524 NlaSvc (912084381d30d8b89ec4e293053f4710) C:\Windows\System32\nlasvc.dll

10:20:44.0536 3524 NlaSvc - ok

10:20:44.0554 3524 Npfs (1db262a9f8c087e8153d89bef3d2235f) C:\Windows\system32\drivers\Npfs.sys

10:20:44.0555 3524 Npfs - ok

10:20:44.0573 3524 nsi (ba387e955e890c8a88306d9b8d06bf17) C:\Windows\system32\nsisvc.dll

10:20:44.0575 3524 nsi - ok

10:20:44.0584 3524 nsiproxy (e9a0a4d07e53d8fea2bb8387a3293c58) C:\Windows\system32\drivers\nsiproxy.sys

10:20:44.0585 3524 nsiproxy - ok

10:20:44.0642 3524 Ntfs (81189c3d7763838e55c397759d49007a) C:\Windows\system32\drivers\Ntfs.sys

10:20:44.0662 3524 Ntfs - ok

10:20:44.0672 3524 Null (f9756a98d69098dca8945d62858a812c) C:\Windows\system32\drivers\Null.sys

10:20:44.0673 3524 Null - ok

10:20:44.0722 3524 nvraid (b3e25ee28883877076e0e1ff877d02e0) C:\Windows\system32\drivers\nvraid.sys

10:20:44.0724 3524 nvraid - ok

10:20:44.0750 3524 nvstor (4380e59a170d88c4f1022eff6719a8a4) C:\Windows\system32\drivers\nvstor.sys

10:20:44.0753 3524 nvstor - ok

10:20:44.0771 3524 nv_agp (5a0983915f02bae73267cc2a041f717d) C:\Windows\system32\drivers\nv_agp.sys

10:20:44.0773 3524 nv_agp - ok

10:20:44.0809 3524 ohci1394 (08a70a1f2cdde9bb49b885cb817a66eb) C:\Windows\system32\drivers\ohci1394.sys

10:20:44.0811 3524 ohci1394 - ok

10:20:44.0896 3524 OneTouch 4.0 Monitor (b2671cf701f42b117eea7ede55be8d56) C:\Program Files\Visioneer\OneTouch 4.0\OtService.exe

10:20:44.0900 3524 OneTouch 4.0 Monitor - ok

10:20:44.0962 3524 ose (9d10f99a6712e28f8acd5641e3a7ea6b) C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE

10:20:44.0965 3524 ose - ok

10:20:45.0181 3524 osppsvc (358a9cca612c68eb2f07ddad4ce1d8d7) C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE

10:20:45.0217 3524 osppsvc - ok

10:20:45.0311 3524 p2pimsvc (82a8521ddc60710c3d3d3e7325209bec) C:\Windows\system32\pnrpsvc.dll

10:20:45.0316 3524 p2pimsvc - ok

10:20:45.0344 3524 p2psvc (59c3ddd501e39e006dac31bf55150d91) C:\Windows\system32\p2psvc.dll

10:20:45.0355 3524 p2psvc - ok

10:20:45.0388 3524 Parport (2ea877ed5dd9713c5ac74e8ea7348d14) C:\Windows\system32\DRIVERS\parport.sys

10:20:45.0390 3524 Parport - ok

10:20:45.0417 3524 partmgr (3f34a1b4c5f6475f320c275e63afce9b) C:\Windows\system32\drivers\partmgr.sys

10:20:45.0419 3524 partmgr - ok

10:20:45.0423 3524 Parvdm (eb0a59f29c19b86479d36b35983daadc) C:\Windows\system32\DRIVERS\parvdm.sys

10:20:45.0424 3524 Parvdm - ok

10:20:45.0457 3524 PBADRV (4088c1ecd1f54281a92fa663b0fdc36f) C:\Windows\system32\DRIVERS\PBADRV.sys

10:20:45.0458 3524 PBADRV - ok

10:20:45.0477 3524 PcaSvc (358ab7956d3160000726574083dfc8a6) C:\Windows\System32\pcasvc.dll

10:20:45.0481 3524 PcaSvc - ok

10:20:45.0496 3524 pci (673e55c3498eb970088e812ea820aa8f) C:\Windows\system32\drivers\pci.sys

10:20:45.0498 3524 pci - ok

10:20:45.0731 3524 pciide (afe86f419014db4e5593f69ffe26ce0a) C:\Windows\system32\drivers\pciide.sys

10:20:45.0732 3524 pciide - ok

10:20:45.0754 3524 pcmcia (f396431b31693e71e8a80687ef523506) C:\Windows\system32\DRIVERS\pcmcia.sys

10:20:45.0757 3524 pcmcia - ok

10:20:45.0775 3524 pcw (250f6b43d2b613172035c6747aeeb19f) C:\Windows\system32\drivers\pcw.sys

10:20:45.0776 3524 pcw - ok

10:20:45.0807 3524 PEAUTH (9e0104ba49f4e6973749a02bf41344ed) C:\Windows\system32\drivers\peauth.sys

10:20:45.0823 3524 PEAUTH - ok

10:20:45.0918 3524 pla (414bba67a3ded1d28437eb66aeb8a720) C:\Windows\system32\pla.dll

10:20:45.0944 3524 pla - ok

10:20:46.0013 3524 PlugPlay (ec7bc28d207da09e79b3e9faf8b232ca) C:\Windows\system32\umpnpmgr.dll

10:20:46.0019 3524 PlugPlay - ok

10:20:46.0062 3524 Pml Driver HPZ12 (12b4549d515cb26bb8d375038017ca65) C:\Windows\system32\HPZipm12.dll

10:20:46.0064 3524 Pml Driver HPZ12 - ok

10:20:46.0078 3524 PNRPAutoReg (63ff8572611249931eb16bb8eed6afc8) C:\Windows\system32\pnrpauto.dll

10:20:46.0081 3524 PNRPAutoReg - ok

10:20:46.0108 3524 PNRPsvc (82a8521ddc60710c3d3d3e7325209bec) C:\Windows\system32\pnrpsvc.dll

10:20:46.0111 3524 PNRPsvc - ok

10:20:46.0136 3524 PolicyAgent (53946b69ba0836bd95b03759530c81ec) C:\Windows\System32\ipsecsvc.dll

10:20:46.0147 3524 PolicyAgent - ok

10:20:46.0182 3524 Power (f87d30e72e03d579a5199ccb3831d6ea) C:\Windows\system32\umpo.dll

10:20:46.0186 3524 Power - ok

10:20:46.0210 3524 PptpMiniport (631e3e205ad6d86f2aed6a4a8e69f2db) C:\Windows\system32\DRIVERS\raspptp.sys

10:20:46.0212 3524 PptpMiniport - ok

10:20:46.0218 3524 Processor (85b1e3a0c7585bc4aae6899ec6fcf011) C:\Windows\system32\DRIVERS\processr.sys

10:20:46.0220 3524 Processor - ok

10:20:46.0267 3524 ProfSvc (43ca4ccc22d52fb58e8988f0198851d0) C:\Windows\system32\profsvc.dll

10:20:46.0272 3524 ProfSvc - ok

10:20:46.0309 3524 ProtectedStorage (81951f51e318aecc2d68559e47485cc4) C:\Windows\system32\lsass.exe

10:20:46.0311 3524 ProtectedStorage - ok

10:20:46.0320 3524 Psched (6270ccae2a86de6d146529fe55b3246a) C:\Windows\system32\DRIVERS\pacer.sys

10:20:46.0322 3524 Psched - ok

10:20:46.0360 3524 PSI_SVC_2 (e0d0cb09aa07b22be984e4f7ec0326f5) C:\Program Files\Common Files\Protexis\License Service\PsiService_2.exe

10:20:46.0363 3524 PSI_SVC_2 - ok

10:20:46.0391 3524 PxHelp20 (03e0fe281823ba64b3782f5b38950e73) C:\Windows\system32\Drivers\PxHelp20.sys

10:20:46.0393 3524 PxHelp20 - ok

10:20:46.0446 3524 QBCFMonitorService (5fa5863e603426b0b52762492a032dee) C:\Program Files\Common Files\Intuit\QuickBooks\QBCFMonitorService.exe

10:20:46.0447 3524 QBCFMonitorService - ok

10:20:46.0482 3524 QBFCService (6bee1814470dc12fa20c53dfc3c97ebb) C:\Program Files\Common Files\Intuit\QuickBooks\FCS\Intuit.QuickBooks.FCS.exe

10:20:46.0483 3524 QBFCService - ok

10:20:46.0599 3524 QBVSS (78afb70dbe365bd6140e6740792ac3ea) C:\Program Files\Common Files\Intuit\DataProtect\QBIDPService.exe

10:20:46.0620 3524 QBVSS - ok

10:20:46.0709 3524 ql2300 (ab95ecf1f6659a60ddc166d8315b0751) C:\Windows\system32\DRIVERS\ql2300.sys

10:20:46.0737 3524 ql2300 - ok

10:20:46.0768 3524 ql40xx (b4dd51dd25182244b86737dc51af2270) C:\Windows\system32\DRIVERS\ql40xx.sys

10:20:46.0770 3524 ql40xx - ok

10:20:46.0798 3524 QWAVE (31ac809e7707eb580b2bdb760390765a) C:\Windows\system32\qwave.dll

10:20:46.0803 3524 QWAVE - ok

10:20:46.0814 3524 QWAVEdrv (584078ca1b95ca72df2a27c336f9719d) C:\Windows\system32\drivers\qwavedrv.sys

10:20:46.0815 3524 QWAVEdrv - ok

10:20:46.0820 3524 RasAcd (30a81b53c766d0133bb86d234e5556ab) C:\Windows\system32\DRIVERS\rasacd.sys

10:20:46.0822 3524 RasAcd - ok

10:20:46.0832 3524 RasAgileVpn (57ec4aef73660166074d8f7f31c0d4fd) C:\Windows\system32\DRIVERS\AgileVpn.sys

10:20:46.0834 3524 RasAgileVpn - ok

10:20:46.0840 3524 RasAuto (a60f1839849c0c00739787fd5ec03f13) C:\Windows\System32\rasauto.dll

10:20:46.0843 3524 RasAuto - ok

10:20:46.0853 3524 Rasl2tp (d9f91eafec2815365cbe6d167e4e332a) C:\Windows\system32\DRIVERS\rasl2tp.sys

10:20:46.0855 3524 Rasl2tp - ok

10:20:46.0886 3524 RasMan (cb9e04dc05eacf5b9a36ca276d475006) C:\Windows\System32\rasmans.dll

10:20:46.0890 3524 RasMan - ok

10:20:46.0905 3524 RasPppoe (0fe8b15916307a6ac12bfb6a63e45507) C:\Windows\system32\DRIVERS\raspppoe.sys

10:20:46.0906 3524 RasPppoe - ok

10:20:46.0913 3524 RasSstp (44101f495a83ea6401d886e7fd70096b) C:\Windows\system32\DRIVERS\rassstp.sys

10:20:46.0914 3524 RasSstp - ok

10:20:46.0940 3524 rdbss (d528bc58a489409ba40334ebf96a311b) C:\Windows\system32\DRIVERS\rdbss.sys

10:20:46.0943 3524 rdbss - ok

10:20:46.0956 3524 rdpbus (0d8f05481cb76e70e1da06ee9f0da9df) C:\Windows\system32\DRIVERS\rdpbus.sys

10:20:46.0957 3524 rdpbus - ok

10:20:46.0980 3524 RDPCDD (23dae03f29d253ae74c44f99e515f9a1) C:\Windows\system32\DRIVERS\RDPCDD.sys

10:20:46.0981 3524 RDPCDD - ok

10:20:46.0991 3524 RDPENCDD (5a53ca1598dd4156d44196d200c94b8a) C:\Windows\system32\drivers\rdpencdd.sys

10:20:46.0992 3524 RDPENCDD - ok

10:20:47.0004 3524 RDPREFMP (44b0a53cd4f27d50ed461dae0c0b4e1f) C:\Windows\system32\drivers\rdprefmp.sys

10:20:47.0005 3524 RDPREFMP - ok

10:20:47.0043 3524 RDPWD (244c83332f44589ae98fc347f11b2693) C:\Windows\system32\drivers\RDPWD.sys

10:20:47.0046 3524 RDPWD - ok

10:20:47.0085 3524 rdyboost (518395321dc96fe2c9f0e96ac743b656) C:\Windows\system32\drivers\rdyboost.sys

10:20:47.0088 3524 rdyboost - ok

10:20:47.0109 3524 RemoteAccess (7b5e1419717fac363a31cc302895217a) C:\Windows\System32\mprdim.dll

10:20:47.0117 3524 RemoteAccess - ok

10:20:47.0139 3524 RemoteRegistry (cb9a8683f4ef2bf99e123d79950d7935) C:\Windows\system32\regsvc.dll

10:20:47.0143 3524 RemoteRegistry - ok

10:20:47.0160 3524 RpcEptMapper (78d072f35bc45d9e4e1b61895c152234) C:\Windows\System32\RpcEpMap.dll

10:20:47.0163 3524 RpcEptMapper - ok

10:20:47.0185 3524 RpcLocator (94d36c0e44677dd26981d2bfeef2a29d) C:\Windows\system32\locator.exe

10:20:47.0187 3524 RpcLocator - ok

10:20:47.0217 3524 RpcSs (7660f01d3b38aca1747e397d21d790af) C:\Windows\system32\rpcss.dll

10:20:47.0220 3524 RpcSs - ok

10:20:47.0275 3524 RsFx0151 (66a54bf20084400a7dd5e3b69e008799) C:\Windows\system32\DRIVERS\RsFx0151.sys

10:20:47.0279 3524 RsFx0151 - ok

10:20:47.0301 3524 rspndr (032b0d36ad92b582d869879f5af5b928) C:\Windows\system32\DRIVERS\rspndr.sys

10:20:47.0303 3524 rspndr - ok

10:20:47.0363 3524 RumorServer (a35ab0a7a983ebca85805da63d763382) C:\Program Files\McAfee\Managed VirusScan\Agent\myAgtSvc.exe

10:20:47.0365 3524 RumorServer - ok

10:20:47.0398 3524 SamSs (81951f51e318aecc2d68559e47485cc4) C:\Windows\system32\lsass.exe

10:20:47.0400 3524 SamSs - ok

10:20:47.0451 3524 Samsung UPD Service (bd26a150dc292913e48ee2b950372dfd) C:\Windows\System32\SUPDSvc.exe

10:20:47.0456 3524 Samsung UPD Service - ok

10:20:47.0493 3524 sbp2port (05d860da1040f111503ac416ccef2bca) C:\Windows\system32\drivers\sbp2port.sys

10:20:47.0495 3524 sbp2port - ok

10:20:47.0505 3524 SCardSvr (8fc518ffe9519c2631d37515a68009c4) C:\Windows\System32\SCardSvr.dll

10:20:47.0511 3524 SCardSvr - ok

10:20:47.0549 3524 scfilter (0693b5ec673e34dc147e195779a4dcf6) C:\Windows\system32\DRIVERS\scfilter.sys

10:20:47.0550 3524 scfilter - ok

10:20:47.0607 3524 Schedule (a04bb13f8a72f8b6e8b4071723e4e336) C:\Windows\system32\schedsvc.dll

10:20:47.0626 3524 Schedule - ok

10:20:47.0666 3524 SCPolicySvc (319c6b309773d063541d01df8ac6f55f) C:\Windows\System32\certprop.dll

10:20:47.0667 3524 SCPolicySvc - ok

10:20:47.0692 3524 SDRSVC (08236c4bce5edd0a0318a438af28e0f7) C:\Windows\System32\SDRSVC.dll

10:20:47.0697 3524 SDRSVC - ok

10:20:47.0710 3524 secdrv (90a3935d05b494a5a39d37e71f09a677) C:\Windows\system32\drivers\secdrv.sys

10:20:47.0711 3524 secdrv - ok

10:20:47.0720 3524 seclogon (a59b3a4442c52060cc7a85293aa3546f) C:\Windows\system32\seclogon.dll

10:20:47.0722 3524 seclogon - ok

10:20:47.0823 3524 SecureStorageService (e396fbc469df73692318dc90ad13ce86) C:\Program Files\Wave Systems Corp\Secure Storage Manager\SecureStorageService.exe

10:20:47.0839 3524 SecureStorageService - ok

10:20:47.0862 3524 SENS (dcb7fcdcc97f87360f75d77425b81737) C:\Windows\System32\sens.dll

10:20:47.0865 3524 SENS - ok

10:20:47.0892 3524 SensrSvc (50087fe1ee447009c9cc2997b90de53f) C:\Windows\system32\sensrsvc.dll

10:20:47.0895 3524 SensrSvc - ok

10:20:47.0901 3524 Serenum (9ad8b8b515e3df6acd4212ef465de2d1) C:\Windows\system32\DRIVERS\serenum.sys

10:20:47.0902 3524 Serenum - ok

10:20:47.0914 3524 Serial (5fb7fcea0490d821f26f39cc5ea3d1e2) C:\Windows\system32\DRIVERS\serial.sys

10:20:47.0916 3524 Serial - ok

10:20:47.0940 3524 sermouse (79bffb520327ff916a582dfea17aa813) C:\Windows\system32\DRIVERS\sermouse.sys

10:20:47.0941 3524 sermouse - ok

10:20:47.0968 3524 SessionEnv (4ae380f39a0032eab7dd953030b26d28) C:\Windows\system32\sessenv.dll

10:20:47.0971 3524 SessionEnv - ok

10:20:47.0992 3524 sffdisk (9f976e1eb233df46fce808d9dea3eb9c) C:\Windows\system32\drivers\sffdisk.sys

10:20:47.0993 3524 sffdisk - ok

10:20:48.0003 3524 sffp_mmc (932a68ee27833cfd57c1639d375f2731) C:\Windows\system32\drivers\sffp_mmc.sys

10:20:48.0004 3524 sffp_mmc - ok

10:20:48.0016 3524 sffp_sd (6d4ccaedc018f1cf52866bbbaa235982) C:\Windows\system32\drivers\sffp_sd.sys

10:20:48.0017 3524 sffp_sd - ok

10:20:48.0025 3524 sfloppy (db96666cc8312ebc45032f30b007a547) C:\Windows\system32\DRIVERS\sfloppy.sys

10:20:48.0026 3524 sfloppy - ok

10:20:48.0064 3524 SharedAccess (d1a079a0de2ea524513b6930c24527a2) C:\Windows\System32\ipnathlp.dll

10:20:48.0069 3524 SharedAccess - ok

10:20:48.0113 3524 ShellHWDetection (414da952a35bf5d50192e28263b40577) C:\Windows\System32\shsvcs.dll

10:20:48.0119 3524 ShellHWDetection - ok

10:20:48.0152 3524 sisagp (2565cac0dc9fe0371bdce60832582b2e) C:\Windows\system32\drivers\sisagp.sys

10:20:48.0154 3524 sisagp - ok

10:20:48.0173 3524 SiSRaid2 (a9f0486851becb6dda1d89d381e71055) C:\Windows\system32\DRIVERS\SiSRaid2.sys

10:20:48.0175 3524 SiSRaid2 - ok

10:20:48.0182 3524 SiSRaid4 (3727097b55738e2f554972c3be5bc1aa) C:\Windows\system32\DRIVERS\sisraid4.sys

10:20:48.0184 3524 SiSRaid4 - ok

10:20:48.0190 3524 Smb (3e21c083b8a01cb70ba1f09303010fce) C:\Windows\system32\DRIVERS\smb.sys

10:20:48.0192 3524 Smb - ok

10:20:48.0212 3524 SNMPTRAP (6a984831644eca1a33ffeae4126f4f37) C:\Windows\System32\snmptrap.exe

10:20:48.0214 3524 SNMPTRAP - ok

10:20:48.0218 3524 spldr (95cf1ae7527fb70f7816563cbc09d942) C:\Windows\system32\drivers\spldr.sys

10:20:48.0220 3524 spldr - ok

10:20:48.0258 3524 Spooler (866a43013535dc8587c258e43579c764) C:\Windows\System32\spoolsv.exe

10:20:48.0263 3524 Spooler - ok

10:20:48.0415 3524 sppsvc (cf87a1de791347e75b98885214ced2b8) C:\Windows\system32\sppsvc.exe

10:20:48.0471 3524 sppsvc - ok

10:20:48.0564 3524 sppuinotify (b0180b20b065d89232a78a40fe56eaa6) C:\Windows\system32\sppuinotify.dll

10:20:48.0568 3524 sppuinotify - ok

10:20:48.0662 3524 SQLAgent$ACT7 (230c6aa1091190d2fdb40766cbd3dbbd) C:\Program Files\Microsoft SQL Server\MSSQL10_50.ACT7\MSSQL\Binn\SQLAGENT.EXE

10:20:48.0673 3524 SQLAgent$ACT7 - ok

10:20:48.0711 3524 SQLBrowser (7d67c07c63796775cc5492bcfeaff125) C:\Program Files\Microsoft SQL Server\90\Shared\sqlbrowser.exe

10:20:48.0715 3524 SQLBrowser - ok

10:20:48.0746 3524 SQLWriter (8e6e5cfa06769a417b03fd6faa29e010) C:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe

10:20:48.0749 3524 SQLWriter - ok

10:20:48.0800 3524 srv (e4c2764065d66ea1d2d3ebc28fe99c46) C:\Windows\system32\DRIVERS\srv.sys

10:20:48.0805 3524 srv - ok

10:20:48.0832 3524 srv2 (03f0545bd8d4c77fa0ae1ceedfcc71ab) C:\Windows\system32\DRIVERS\srv2.sys

10:20:48.0838 3524 srv2 - ok

10:20:48.0853 3524 srvnet (be6bd660caa6f291ae06a718a4fa8abc) C:\Windows\system32\DRIVERS\srvnet.sys

10:20:48.0855 3524 srvnet - ok

10:20:48.0874 3524 SSDPSRV (d887c9fd02ac9fa880f6e5027a43e118) C:\Windows\System32\ssdpsrv.dll

10:20:48.0879 3524 SSDPSRV - ok

10:20:48.0892 3524 SstpSvc (d318f23be45d5e3a107469eb64815b50) C:\Windows\system32\sstpsvc.dll

10:20:48.0896 3524 SstpSvc - ok

10:20:48.0909 3524 stexstor (db32d325c192b801df274bfd12a7e72b) C:\Windows\system32\DRIVERS\stexstor.sys

10:20:48.0910 3524 stexstor - ok

10:20:48.0934 3524 StillCam (edb05bd63148796f23ea78506404a538) C:\Windows\system32\DRIVERS\serscan.sys

10:20:48.0935 3524 StillCam - ok

10:20:48.0980 3524 StiSvc (e1fb3706030fb4578a0d72c2fc3689e4) C:\Windows\System32\wiaservc.dll

10:20:48.0998 3524 StiSvc - ok

10:20:49.0052 3524 stllssvr (e476c66713c842f58e61a95826ed1d57) C:\Program Files\Common Files\SureThing Shared\stllssvr.exe

10:20:49.0053 3524 stllssvr - ok

10:20:49.0087 3524 swenum (e58c78a848add9610a4db6d214af5224) C:\Windows\system32\drivers\swenum.sys

10:20:49.0088 3524 swenum - ok

10:20:49.0115 3524 swprv (a28bd92df340e57b024ba433165d34d7) C:\Windows\System32\swprv.dll

10:20:49.0119 3524 swprv - ok

10:20:49.0202 3524 SysMain (36650d618ca34c9d357dfd3d89b2c56f) C:\Windows\system32\sysmain.dll

10:20:49.0226 3524 SysMain - ok

10:20:49.0254 3524 TabletInputService (763fecdc3d30c815fe72dd57936c6cd1) C:\Windows\System32\TabSvc.dll

10:20:49.0258 3524 TabletInputService - ok

10:20:49.0296 3524 TapiSrv (613bf4820361543956909043a265c6ac) C:\Windows\System32\tapisrv.dll

10:20:49.0302 3524 TapiSrv - ok

10:20:49.0334 3524 TBS (b799d9fdb26111737f58288d8dc172d9) C:\Windows\System32\tbssvc.dll

10:20:49.0338 3524 TBS - ok

10:20:49.0425 3524 Tcpip (65d10b191c59c5501a1263fc33f6894b) C:\Windows\system32\drivers\tcpip.sys

10:20:49.0458 3524 Tcpip - ok

10:20:49.0478 3524 TCPIP6 (65d10b191c59c5501a1263fc33f6894b) C:\Windows\system32\DRIVERS\tcpip.sys

10:20:49.0485 3524 TCPIP6 - ok

10:20:49.0506 3524 tcpipreg (cca24162e055c3714ce5a88b100c64ed) C:\Windows\system32\drivers\tcpipreg.sys

10:20:49.0507 3524 tcpipreg - ok

10:20:49.0583 3524 tcsd_win32.exe (69f1a38a6dbfe682491cb61a596662e3) C:\Program Files\NTRU Cryptosystems\NTRU TCG Software Stack\bin\tcsd_win32.exe

10:20:49.0605 3524 tcsd_win32.exe - ok

10:20:49.0712 3524 TdmService (a405d39f4dd131954c39114fba31a5e0) C:\Program Files\Wave Systems Corp\Trusted Drive Manager\TdmService.exe

10:20:49.0736 3524 TdmService - ok

10:20:49.0831 3524 TDPIPE (1cb91b2bd8f6dd367dfc2ef26fd751b2) C:\Windows\system32\drivers\tdpipe.sys

10:20:49.0832 3524 TDPIPE - ok

10:20:49.0865 3524 TDTCP (2c2c5afe7ee4f620d69c23c0617651a8) C:\Windows\system32\drivers\tdtcp.sys

10:20:49.0866 3524 TDTCP - ok

10:20:49.0894 3524 tdx (b459575348c20e8121d6039da063c704) C:\Windows\system32\DRIVERS\tdx.sys

10:20:49.0896 3524 tdx - ok

10:20:49.0915 3524 TermDD (04dbf4b01ea4bf25a9a3e84affac9b20) C:\Windows\system32\drivers\termdd.sys

10:20:49.0917 3524 TermDD - ok

10:20:49.0969 3524 TermService (382c804c92811be57829d8e550a900e2) C:\Windows\System32\termsrv.dll

10:20:49.0986 3524 TermService - ok

10:20:50.0003 3524 Themes (42fb6afd6b79d9fe07381609172e7ca4) C:\Windows\system32\themeservice.dll

10:20:50.0007 3524 Themes - ok

10:20:50.0029 3524 THREADORDER (146b6f43a673379a3c670e86d89be5ea) C:\Windows\system32\mmcss.dll

10:20:50.0031 3524 THREADORDER - ok

10:20:50.0059 3524 TrkWks (4792c0378db99a9bc2ae2de6cfff0c3a) C:\Windows\System32\trkwks.dll

10:20:50.0062 3524 TrkWks - ok

10:20:50.0112 3524 TrustedInstaller (2c49b175aee1d4364b91b531417fe583) C:\Windows\servicing\TrustedInstaller.exe

10:20:50.0115 3524 TrustedInstaller - ok

10:20:50.0135 3524 tssecsrv (254bb140eee3c59d6114c1a86b636877) C:\Windows\system32\DRIVERS\tssecsrv.sys

10:20:50.0137 3524 tssecsrv - ok

10:20:50.0173 3524 TsUsbFlt (fd1d6c73e6333be727cbcc6054247654) C:\Windows\system32\drivers\tsusbflt.sys

10:20:50.0175 3524 TsUsbFlt - ok

10:20:50.0212 3524 tunnel (b2fa25d9b17a68bb93d58b0556e8c90d) C:\Windows\system32\DRIVERS\tunnel.sys

10:20:50.0214 3524 tunnel - ok

10:20:50.0242 3524 uagp35 (750fbcb269f4d7dd2e420c56b795db6d) C:\Windows\system32\DRIVERS\uagp35.sys

10:20:50.0244 3524 uagp35 - ok

10:20:50.0274 3524 udfs (ee43346c7e4b5e63e54f927babbb32ff) C:\Windows\system32\DRIVERS\udfs.sys

10:20:50.0278 3524 udfs - ok

10:20:50.0301 3524 UI0Detect (8344fd4fce927880aa1aa7681d4927e5) C:\Windows\system32\UI0Detect.exe

10:20:50.0304 3524 UI0Detect - ok

10:20:50.0348 3524 uliagpkx (44e8048ace47befbfdc2e9be4cbc8880) C:\Windows\system32\drivers\uliagpkx.sys

10:20:50.0350 3524 uliagpkx - ok

10:20:50.0391 3524 umbus (d295bed4b898f0fd999fcfa9b32b071b) C:\Windows\system32\DRIVERS\umbus.sys

10:20:50.0393 3524 umbus - ok

10:20:50.0398 3524 UmPass (7550ad0c6998ba1cb4843e920ee0feac) C:\Windows\system32\DRIVERS\umpass.sys

10:20:50.0399 3524 UmPass - ok

10:20:50.0424 3524 upnphost (833fbb672460efce8011d262175fad33) C:\Windows\System32\upnphost.dll

10:20:50.0428 3524 upnphost - ok

10:20:50.0449 3524 usbccgp (bd9c55d7023c5de374507acc7a14e2ac) C:\Windows\system32\drivers\usbccgp.sys

10:20:50.0450 3524 usbccgp - ok

10:20:50.0484 3524 usbcir (04ec7cec62ec3b6d9354eee93327fc82) C:\Windows\system32\drivers\usbcir.sys

10:20:50.0487 3524 usbcir - ok

10:20:50.0504 3524 usbehci (f92de757e4b7ce9c07c5e65423f3ae3b) C:\Windows\system32\DRIVERS\usbehci.sys

10:20:50.0506 3524 usbehci - ok

10:20:50.0539 3524 usbhub (8dc94aec6a7e644a06135ae7506dc2e9) C:\Windows\system32\DRIVERS\usbhub.sys

10:20:50.0543 3524 usbhub - ok

10:20:50.0552 3524 usbohci (e185d44fac515a18d9deddc23c2cdf44) C:\Windows\system32\drivers\usbohci.sys

10:20:50.0554 3524 usbohci - ok

10:20:50.0566 3524 usbprint (797d862fe0875e75c7cc4c1ad7b30252) C:\Windows\system32\DRIVERS\usbprint.sys

10:20:50.0567 3524 usbprint - ok

10:20:50.0605 3524 usbscan (576096ccbc07e7c4ea4f5e6686d6888f) C:\Windows\system32\DRIVERS\usbscan.sys

10:20:50.0606 3524 usbscan - ok

10:20:50.0621 3524 USBSTOR (f991ab9cc6b908db552166768176896a) C:\Windows\system32\DRIVERS\USBSTOR.SYS

10:20:50.0623 3524 USBSTOR - ok

10:20:50.0637 3524 usbuhci (68df884cf41cdada664beb01daf67e3d) C:\Windows\system32\DRIVERS\usbuhci.sys

10:20:50.0638 3524 usbuhci - ok

10:20:50.0651 3524 UxSms (081e6e1c91aec36758902a9f727cd23c) C:\Windows\System32\uxsms.dll

10:20:50.0654 3524 UxSms - ok

10:20:50.0687 3524 VaultSvc (81951f51e318aecc2d68559e47485cc4) C:\Windows\system32\lsass.exe

10:20:50.0689 3524 VaultSvc - ok

10:20:50.0702 3524 vdrvroot (a059c4c3edb09e07d21a8e5c0aabd3cb) C:\Windows\system32\drivers\vdrvroot.sys

10:20:50.0703 3524 vdrvroot - ok

10:20:50.0754 3524 vds (c3cd30495687c2a2f66a65ca6fd89be9) C:\Windows\System32\vds.exe

10:20:50.0785 3524 vds - ok

10:20:50.0798 3524 vga (17c408214ea61696cec9c66e388b14f3) C:\Windows\system32\DRIVERS\vgapnp.sys

10:20:50.0800 3524 vga - ok

10:20:50.0815 3524 VgaSave (8e38096ad5c8570a6f1570a61e251561) C:\Windows\System32\drivers\vga.sys

10:20:50.0817 3524 VgaSave - ok

10:20:50.0843 3524 vhdmp (5461686cca2fda57b024547733ab42e3) C:\Windows\system32\drivers\vhdmp.sys

10:20:50.0846 3524 vhdmp - ok

10:20:50.0859 3524 viaagp (c829317a37b4bea8f39735d4b076e923) C:\Windows\system32\drivers\viaagp.sys

10:20:50.0861 3524 viaagp - ok

10:20:50.0871 3524 ViaC7 (e02f079a6aa107f06b16549c6e5c7b74) C:\Windows\system32\DRIVERS\viac7.sys

10:20:50.0872 3524 ViaC7 - ok

10:20:50.0889 3524 viaide (e43574f6a56a0ee11809b48c09e4fd3c) C:\Windows\system32\drivers\viaide.sys

10:20:50.0890 3524 viaide - ok

10:20:50.0902 3524 volmgr (4c63e00f2f4b5f86ab48a58cd990f212) C:\Windows\system32\drivers\volmgr.sys

10:20:50.0904 3524 volmgr - ok

10:20:50.0924 3524 volmgrx (b5bb72067ddddbbfb04b2f89ff8c3c87) C:\Windows\system32\drivers\volmgrx.sys

10:20:50.0927 3524 volmgrx - ok

10:20:50.0952 3524 volsnap (f497f67932c6fa693d7de2780631cfe7) C:\Windows\system32\drivers\volsnap.sys

10:20:50.0956 3524 volsnap - ok

10:20:50.0988 3524 vsmraid (9dfa0cc2f8855a04816729651175b631) C:\Windows\system32\DRIVERS\vsmraid.sys

10:20:50.0990 3524 vsmraid - ok

10:20:51.0063 3524 VSS (209a3b1901b83aeb8527ed211cce9e4c) C:\Windows\system32\vssvc.exe

10:20:51.0072 3524 VSS - ok

10:20:51.0084 3524 vwifibus (90567b1e658001e79d7c8bbd3dde5aa6) C:\Windows\System32\drivers\vwifibus.sys

10:20:51.0085 3524 vwifibus - ok

10:20:51.0110 3524 W32Time (55187fd710e27d5095d10a472c8baf1c) C:\Windows\system32\w32time.dll

10:20:51.0114 3524 W32Time - ok

10:20:51.0120 3524 WacomPen (de3721e89c653aa281428c8a69745d90) C:\Windows\system32\DRIVERS\wacompen.sys

10:20:51.0121 3524 WacomPen - ok

10:20:51.0148 3524 WANARP (3c3c78515f5ab448b022bdf5b8ffdd2e) C:\Windows\system32\DRIVERS\wanarp.sys

10:20:51.0150 3524 WANARP - ok

10:20:51.0152 3524 Wanarpv6 (3c3c78515f5ab448b022bdf5b8ffdd2e) C:\Windows\system32\DRIVERS\wanarp.sys

10:20:51.0153 3524 Wanarpv6 - ok

10:20:51.0195 3524 wanatw (0a716c08cb13c3a8f4f51e882dbf7416) C:\Windows\system32\DRIVERS\wanatw4.sys

10:20:51.0196 3524 wanatw - ok

10:20:51.0283 3524 WatAdminSvc (353a04c273ec58475d8633e75ccd5604) C:\Windows\system32\Wat\WatAdminSvc.exe

10:20:51.0312 3524 WatAdminSvc - ok

10:20:51.0372 3524 WavxDMgr (fbf43b275efc98799e76d57e5437edee) C:\Windows\system32\DRIVERS\WavxDMgr.sys

10:20:51.0375 3524 WavxDMgr - ok

10:20:51.0444 3524 wbengine (691e3285e53dca558e1a84667f13e15a) C:\Windows\system32\wbengine.exe

10:20:51.0474 3524 wbengine - ok

10:20:51.0485 3524 WbioSrvc (9614b5d29dc76ac3c29f6d2d3aa70e67) C:\Windows\System32\wbiosrvc.dll

10:20:51.0489 3524 WbioSrvc - ok

10:20:51.0521 3524 wcncsvc (34eee0dfaadb4f691d6d5308a51315dc) C:\Windows\System32\wcncsvc.dll

10:20:51.0526 3524 wcncsvc - ok

10:20:51.0538 3524 WcsPlugInService (5d930b6357a6d2af4d7653bdabbf352f) C:\Windows\System32\WcsPlugInService.dll

10:20:51.0540 3524 WcsPlugInService - ok

10:20:51.0547 3524 Wd (1112a9badacb47b7c0bb0392e3158dff) C:\Windows\system32\DRIVERS\wd.sys

10:20:51.0548 3524 Wd - ok

10:20:51.0580 3524 WDC_SAM (d6efaf429fd30c5df613d220e344cce7) C:\Windows\system32\DRIVERS\wdcsam.sys

10:20:51.0581 3524 WDC_SAM - ok

10:20:51.0688 3524 WDDMService (0220362deb2a21551b418d61f3153347) C:\Program Files\Western Digital\WD SmartWare\WD Drive Manager\WDDMService.exe

10:20:51.0690 3524 WDDMService - ok

10:20:51.0719 3524 Wdf01000 (9950e3d0f08141c7e89e64456ae7dc73) C:\Windows\system32\drivers\Wdf01000.sys

10:20:51.0737 3524 Wdf01000 - ok

10:20:51.0744 3524 WdiServiceHost (46ef9dc96265fd0b423db72e7c38c2a5) C:\Windows\system32\wdi.dll

10:20:51.0748 3524 WdiServiceHost - ok

10:20:51.0751 3524 WdiSystemHost (46ef9dc96265fd0b423db72e7c38c2a5) C:\Windows\system32\wdi.dll

10:20:51.0754 3524 WdiSystemHost - ok

10:20:51.0772 3524 WDSmartWareBackgroundService (138ab06adbbf300aa804d7974a5aec82) C:\Program Files\Western Digital\WD SmartWare\Front Parlor\WDSmartWareBackgroundService.exe

10:20:51.0773 3524 WDSmartWareBackgroundService - ok

10:20:51.0813 3524 WebClient (a9d880f97530d5b8fee278923349929d) C:\Windows\System32\webclnt.dll

10:20:51.0817 3524 WebClient - ok

10:20:51.0828 3524 Wecsvc (760f0afe937a77cff27153206534f275) C:\Windows\system32\wecsvc.dll

10:20:51.0834 3524 Wecsvc - ok

10:20:51.0843 3524 wercplsupport (ac804569bb2364fb6017370258a4091b) C:\Windows\System32\wercplsupport.dll

10:20:51.0847 3524 wercplsupport - ok

10:20:51.0869 3524 WerSvc (08e420d873e4fd85241ee2421b02c4a4) C:\Windows\System32\WerSvc.dll

10:20:51.0871 3524 WerSvc - ok

10:20:51.0888 3524 WfpLwf (8b9a943f3b53861f2bfaf6c186168f79) C:\Windows\system32\DRIVERS\wfplwf.sys

10:20:51.0889 3524 WfpLwf - ok

10:20:51.0893 3524 WIMMount (5cf95b35e59e2a38023836fff31be64c) C:\Windows\system32\drivers\wimmount.sys

10:20:51.0894 3524 WIMMount - ok

10:20:51.0961 3524 WinDefend (3fae8f94296001c32eab62cd7d82e0fd) C:\Program Files\Windows Defender\mpsvc.dll

10:20:51.0973 3524 WinDefend - ok

10:20:51.0981 3524 WinHttpAutoProxySvc - ok

10:20:52.0025 3524 Winmgmt (f62e510b6ad4c21eb9fe8668ed251826) C:\Windows\system32\wbem\WMIsvc.dll

10:20:52.0028 3524 Winmgmt - ok

10:20:52.0091 3524 WinRM (1b91cd34ea3a90ab6a4ef0550174f4cc) C:\Windows\system32\WsmSvc.dll

10:20:52.0113 3524 WinRM - ok

10:20:52.0170 3524 WinUsb (a67e5f9a400f3bd1be3d80613b45f708) C:\Windows\system32\DRIVERS\WinUsb.sys

10:20:52.0172 3524 WinUsb - ok

10:20:52.0208 3524 Wlansvc (16935c98ff639d185086a3529b1f2067) C:\Windows\System32\wlansvc.dll

10:20:52.0221 3524 Wlansvc - ok

10:20:52.0327 3524 wlidsvc (fb01d4ae207b9efdbabfc55dc95c7e31) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE

10:20:52.0357 3524 wlidsvc - ok

10:20:52.0456 3524 WmiAcpi (0217679b8fca58714c3bf2726d2ca84e) C:\Windows\system32\drivers\wmiacpi.sys

10:20:52.0458 3524 WmiAcpi - ok

10:20:52.0477 3524 wmiApSrv (6eb6b66517b048d87dc1856ddf1f4c3f) C:\Windows\system32\wbem\WmiApSrv.exe

10:20:52.0480 3524 wmiApSrv - ok

10:20:52.0548 3524 WMPNetworkSvc (3b40d3a61aa8c21b88ae57c58ab3122e) C:\Program Files\Windows Media Player\wmpnetwk.exe

10:20:52.0572 3524 WMPNetworkSvc - ok

10:20:52.0585 3524 WPCSvc (a2f0ec770a92f2b3f9de6d518e11409c) C:\Windows\System32\wpcsvc.dll

10:20:52.0589 3524 WPCSvc - ok

10:20:52.0626 3524 WPDBusEnum (aa53356d60af47eacc85bc617a4f3f66) C:\Windows\system32\wpdbusenum.dll

10:20:52.0630 3524 WPDBusEnum - ok

10:20:52.0646 3524 ws2ifsl (6db3276587b853bf886b69528fdb048c) C:\Windows\system32\drivers\ws2ifsl.sys

10:20:52.0648 3524 ws2ifsl - ok

10:20:52.0669 3524 wscsvc (6f5d49efe0e7164e03ae773a3fe25340) C:\Windows\System32\wscsvc.dll

10:20:52.0672 3524 wscsvc - ok

10:20:52.0699 3524 WSDPrintDevice (553f6ccd7c58eb98d4a8fbdaf283d7a9) C:\Windows\system32\DRIVERS\WSDPrint.sys

10:20:52.0700 3524 WSDPrintDevice - ok

10:20:52.0705 3524 WSearch - ok

10:20:52.0811 3524 wuauserv (3026418a50c5b4761befa632cedb7406) C:\Windows\system32\wuaueng.dll

10:20:52.0837 3524 wuauserv - ok

10:20:52.0899 3524 WudfPf (e714a1c0354636837e20ccbf00888ee7) C:\Windows\system32\drivers\WudfPf.sys

10:20:52.0901 3524 WudfPf - ok

10:20:52.0920 3524 WUDFRd (1023ee888c9b47178c5293ed5336ab69) C:\Windows\system32\DRIVERS\WUDFRd.sys

10:20:52.0923 3524 WUDFRd - ok

10:20:52.0961 3524 wudfsvc (8d1e1e529a2c9e9b6a85b55a345f7629) C:\Windows\System32\WUDFSvc.dll

10:20:52.0966 3524 wudfsvc - ok

10:20:52.0978 3524 WwanSvc (ff2d745b560f7c71b31f30f4d49f73d2) C:\Windows\System32\wwansvc.dll

10:20:52.0984 3524 WwanSvc - ok

10:20:53.0001 3524 MBR (0x1B8) (a36c5e4f47e84449ff07ed3517b43a31) \Device\Harddisk0\DR0

10:20:53.0335 3524 \Device\Harddisk0\DR0 - ok

10:20:53.0339 3524 Boot (0x1200) (60b12887b981a22c5898c0ce872f5d17) \Device\Harddisk0\DR0\Partition0

10:20:53.0341 3524 \Device\Harddisk0\DR0\Partition0 - ok

10:20:53.0345 3524 Boot (0x1200) (1bd9ced036345fd90663c391acf3360e) \Device\Harddisk0\DR0\Partition1

10:20:53.0348 3524 \Device\Harddisk0\DR0\Partition1 - ok

10:20:53.0348 3524 ============================================================

10:20:53.0348 3524 Scan finished

10:20:53.0348 3524 ============================================================

10:20:53.0358 6024 Detected object count: 0

10:20:53.0358 6024 Actual detected object count: 0

Combofix logfile:

ComboFix 12-05-24.02 - Clay 05/24/2012 10:58:47.1.2 - x86

Microsoft Windows 7 Home Premium 6.1.7601.1.1252.1.1033.18.3070.1961 [GMT -7:00]

Running from: c:\users\Clay\Desktop\ComboFix.exe

AV: McAfee® Security-as-a-Service *Disabled/Updated* {86355677-4064-3EA7-ABB3-1B136EB04637}

FW: McAfee® Security-as-a-Service *Disabled* {BE0ED752-0A0B-3FFF-80EC-B2269063014C}

SP: McAfee® Security-as-a-Service *Disabled/Updated* {3D54B793-665E-3129-9103-206115370C8A}

SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

.

.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))

.

.

c:\programdata\0A59368881.sys

c:\users\Clay\GoToAssistDownloadHelper.exe

c:\windows\system32\test

.

.

((((((((((((((((((((((((( Files Created from 2012-04-24 to 2012-05-24 )))))))))))))))))))))))))))))))

.

.

2012-05-24 18:03 . 2012-05-24 18:03 -------- d-----w- c:\users\Default\AppData\Local\temp

2012-05-23 22:48 . 2012-05-23 22:48 -------- d-----w- c:\users\Clay\AppData\Roaming\Malwarebytes

2012-05-23 22:48 . 2012-05-23 22:48 -------- d-----w- c:\programdata\Malwarebytes

2012-05-23 22:48 . 2012-05-23 22:48 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware

2012-05-23 22:48 . 2012-04-04 22:56 22344 ----a-w- c:\windows\system32\drivers\mbam.sys

2012-05-23 18:34 . 2012-05-23 18:34 -------- d-----w- C:\bfc6bc274857426c40a36783f22fc120

2012-05-09 03:01 . 2012-03-17 07:27 56176 ----a-w- c:\windows\system32\drivers\partmgr.sys

2012-05-09 03:01 . 2012-03-03 05:31 1077248 ----a-w- c:\windows\system32\DWrite.dll

2012-04-27 22:43 . 2009-04-16 21:08 312832 ----a-w- c:\windows\system32\Spool\prtprocs\w32x86\hpfpp70v.dll

2012-04-27 22:40 . 2012-04-27 22:40 -------- d-----w- c:\program files\Common Files\HP

2012-04-27 22:40 . 2012-04-27 22:40 -------- d-----w- c:\program files\Common Files\Hewlett-Packard

2012-04-27 22:39 . 2009-04-16 21:08 123904 ----a-w- c:\windows\system32\hpf3l70v.dll

2012-04-27 22:34 . 2012-04-27 22:39 -------- d-----w- c:\program files\HP

2012-04-27 22:34 . 2012-04-27 22:34 -------- d-----w- c:\programdata\HP

2012-04-27 22:34 . 2009-04-16 11:53 452408 ----a-w- c:\windows\system32\hpzids01.dll

2012-04-27 22:34 . 2009-02-11 11:03 966656 ----a-w- c:\windows\system32\hpost_p02c.dll

2012-04-27 22:34 . 2009-02-11 11:03 712704 ----a-w- c:\windows\system32\hposwia_p02c.dll

2012-04-27 22:34 . 2009-02-11 11:03 315392 ----a-w- c:\windows\system32\hposc_p02a.dll

2012-04-27 22:34 . 2008-10-29 00:27 372736 ----a-w- c:\windows\system32\hppldcoi.dll

2012-04-26 18:20 . 2012-04-26 18:20 -------- d-----w- c:\program files\Mozilla Maintenance Service

2012-04-26 18:20 . 2012-04-26 18:20 157352 ----a-w- c:\program files\Mozilla Firefox\maintenanceservice_installer.exe

2012-04-26 18:20 . 2012-04-26 18:20 129976 ----a-w- c:\program files\Mozilla Firefox\maintenanceservice.exe

.

.

.

(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))

.

2012-05-23 22:17 . 2011-09-23 21:53 848 --sha-w- c:\programdata\KGyGaAvL.sys

2012-05-23 22:16 . 2011-09-22 23:55 0 ----a-w- c:\users\Clay\AppData\Local\WavXMapDrive.bat

2012-05-21 17:44 . 2012-04-12 20:17 419488 ----a-w- c:\windows\system32\FlashPlayerApp.exe

2012-05-21 17:44 . 2011-09-22 21:39 70304 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl

2012-04-12 20:25 . 2011-09-22 21:39 472808 ----a-w- c:\windows\system32\deployJava1.dll

2012-03-06 05:59 . 2012-04-12 16:58 3968368 ----a-w- c:\windows\system32\ntkrnlpa.exe

2012-03-06 05:59 . 2012-04-12 16:58 3913072 ----a-w- c:\windows\system32\ntoskrnl.exe

2012-03-01 05:46 . 2012-04-12 17:00 19824 ----a-w- c:\windows\system32\drivers\fs_rec.sys

2012-03-01 05:37 . 2012-04-12 17:00 172544 ----a-w- c:\windows\system32\wintrust.dll

2012-03-01 05:33 . 2012-04-12 17:00 159232 ----a-w- c:\windows\system32\imagehlp.dll

2012-03-01 05:29 . 2012-04-12 17:00 5120 ----a-w- c:\windows\system32\wmi.dll

2012-02-28 01:18 . 2012-04-12 17:06 1799168 ----a-w- c:\windows\system32\jscript9.dll

2012-02-28 01:11 . 2012-04-12 17:06 1427456 ----a-w- c:\windows\system32\inetcpl.cpl

2012-02-28 01:11 . 2012-04-12 17:06 1127424 ----a-w- c:\windows\system32\wininet.dll

2012-02-28 01:03 . 2012-04-12 17:06 2382848 ----a-w- c:\windows\system32\mshtml.tlb

2012-04-26 18:20 . 2011-09-23 17:33 97208 ----a-w- c:\program files\mozilla firefox\components\browsercomps.dll

.

.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))

.

.

*Note* empty entries & legit default entries are not shown

REGEDIT4

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt1]

@="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}"

[HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}]

2011-12-05 19:17 94208 ----a-w- c:\users\Clay\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt2]

@="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}"

[HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}]

2011-12-05 19:17 94208 ----a-w- c:\users\Clay\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt3]

@="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}"

[HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}]

2011-12-05 19:17 94208 ----a-w- c:\users\Clay\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\EnabledUnlockedFDEIconOverlay]

@="{30D3C2AF-9709-4D05-9CF4-13335F3C1E4A}"

[HKEY_CLASSES_ROOT\CLSID\{30D3C2AF-9709-4D05-9CF4-13335F3C1E4A}]

2010-03-29 17:45 62832 ----a-w- c:\program files\Wave Systems Corp\Trusted Drive Manager\TdmIconOverlay.dll

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\UninitializedFdeIconOverlay]

@="{CF08DA3E-C97D-4891-A66B-E39B28DD270F}"

[HKEY_CLASSES_ROOT\CLSID\{CF08DA3E-C97D-4891-A66B-E39B28DD270F}]

2010-03-29 17:45 62832 ----a-w- c:\program files\Wave Systems Corp\Trusted Drive Manager\TdmIconOverlay.dll

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"RtHDVCpl"="c:\program files\Realtek\Audio\HDA\RtDCpl.exe" [2009-08-26 2691072]

"StartCCC"="c:\program files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2009-11-18 98304]

"WavXMgr"="c:\program files\Wave Systems Corp\Services Manager\Docmgr\bin\WavXDocMgr.exe" [2010-07-21 147840]

"USCService"="c:\program files\Dell\Dell ControlPoint\Security Manager\BcmDeviceAndTaskStatusService.exe" [2010-06-22 34232]

"MVS Splash"="c:\program files\McAfee\Managed VirusScan\DesktopUI\XTray.exe" [2011-08-25 476480]

"Adobe Acrobat Speed Launcher"="c:\program files\Adobe\Acrobat 9.0\Acrobat\Acrobat_sl.exe" [2012-01-04 40376]

"Acrobat Assistant 8.0"="c:\program files\Adobe\Acrobat 9.0\Acrobat\Acrotray.exe" [2012-01-03 640440]

"DBRMTray"="c:\dell\DBRM\Reminder\DbrmTrayIcon.exe" [2011-03-08 227328]

"Act.Outlook.Service"="c:\program files\ACT\Act for Windows\Act.Outlook.Service.exe" [2010-08-19 28672]

"Act! Preloader"="c:\program files\ACT\Act for Windows\ActSage.exe" [2010-08-19 337224]

"Intuit SyncManager"="c:\program files\Common Files\Intuit\Sync\IntuitSyncManager.exe" [2011-09-30 2215768]

"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2012-01-03 843712]

"PC Meter Connect"="c:\program files\Pitney Bowes\PC Meter Connect\mailstationAssistant.exe" [2010-10-20 3514368]

"HostManager"="c:\program files\Common Files\AOL\1326483668\ee\AOLSoftware.exe" [2010-03-08 41800]

"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2012-01-18 254696]

"Malwarebytes' Anti-Malware"="c:\program files\Malwarebytes' Anti-Malware\mbamgui.exe" [2012-04-04 462408]

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce]

"Malwarebytes Anti-Malware"="c:\program files\Malwarebytes' Anti-Malware\mbamgui.exe" [2012-04-04 462408]

.

c:\users\Clay\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\

Dropbox.lnk - c:\users\Clay\AppData\Roaming\Dropbox\bin\Dropbox.exe [2012-2-14 24246216]

.

c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\

Intuit Data Protect.lnk - c:\program files\Common Files\Intuit\DataProtect\IntuitDataProtect.exe [2012-3-9 5969752]

QuickBooks Update Agent.lnk - c:\program files\Common Files\Intuit\QuickBooks\QBUpdate\qbupdate.exe [2012-4-9 1156968]

QuickBooks_Standard_21.lnk - c:\program files\Intuit\QuickBooks 2011\QBW32.EXE [2012-4-9 1178984]

Sage ACT! Outlook Sync.lnk - c:\program files\ACT\Act for Windows\Act.Outlook.Sync.exe [2010-8-18 91136]

TdmNotify.lnk - c:\program files\Wave Systems Corp\Trusted Drive Manager\TdmNotify.exe [2010-3-29 132456]

Vista Fax Daemon.lnk - c:\program files\Common Files\ImageMAKER\Vstdaemon.exe [2011-9-26 90880]

WDDMStatus.lnk - c:\program files\Western Digital\WD SmartWare\WD Drive Manager\WDDMStatus.exe [2010-1-21 2057536]

WDSmartWare.lnk - c:\program files\Western Digital\WD SmartWare\Front Parlor\WDSmartWare.exe [2010-1-21 9136960]

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]

"ConsentPromptBehaviorAdmin"= 5 (0x5)

"ConsentPromptBehaviorUser"= 3 (0x3)

"EnableUIADesktopToggle"= 0 (0x0)

.

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]

Security Packages REG_MULTI_SZ kerberos msv1_0 schannel wdigest tspkg pku2u livessp

Authentication Packages REG_MULTI_SZ msv1_0 wvauth

.

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\McAfeeAntiSpyware]

"DisableMonitoring"=dword:00000001

.

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\McAfeeAntiVirus]

"DisableMonitoring"=dword:00000001

.

R2 ACT! Scheduler;ACT! Scheduler;c:\program files\ACT\Act for Windows\Act.Scheduler.exe [2010-08-19 81920]

R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]

R3 DM150Drv;DM150Drv;c:\windows\system32\DRIVERS\DM150Drv.sys [2010-07-30 20600]

R3 MFE_RR;MFE_RR;c:\users\Clay\AppData\Local\Temp\mfe_rr.sys [x]

R3 mferkdet;McAfee Inc. mferkdet;c:\windows\system32\drivers\mferkdet.sys [2011-07-19 87808]

R3 MozillaMaintenance;Mozilla Maintenance Service;c:\program files\Mozilla Maintenance Service\maintenanceservice.exe [2012-04-26 129976]

R3 Samsung UPD Service;Samsung UPD Service;c:\windows\System32\SUPDSvc.exe [2010-08-09 131888]

R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [2010-11-20 52224]

R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe [2011-09-23 1343400]

R3 WDC_SAM;WD SCSI Pass Thru driver;c:\windows\system32\DRIVERS\wdcsam.sys [2008-05-06 11520]

R4 MSSQLServerADHelper100;SQL Active Directory Helper Service;c:\program files\Microsoft SQL Server\100\Shared\SQLADHLP.EXE [2010-05-06 44896]

R4 RsFx0151;RsFx0151 Driver;c:\windows\system32\DRIVERS\RsFx0151.sys [2011-06-18 240736]

R4 SQLAgent$ACT7;SQL Server Agent (ACT7);c:\program files\Microsoft SQL Server\MSSQL10_50.ACT7\MSSQL\Binn\SQLAGENT.EXE [2011-06-18 370016]

S0 mfewfpk;McAfee Inc. mfewfpk;c:\windows\system32\drivers\mfewfpk.sys [2011-07-19 164776]

S1 mfenlfk;McAfee NDIS Light Filter;c:\windows\system32\DRIVERS\mfenlfk.sys [2011-07-19 64712]

S2 AMD External Events Utility;AMD External Events Utility;c:\windows\system32\atiesrxx.exe [2009-12-09 172032]

S2 BrcmMgmtAgent;Broadcom Management Agent;c:\program files\Broadcom\MgmtAgent\BrcmMgmtAgent.exe [2010-06-29 127488]

S2 MBAMService;MBAMService;c:\program files\Malwarebytes' Anti-Malware\mbamservice.exe [2012-04-04 654408]

S2 McAfee SiteAdvisor Enterprise Service;McAfee SiteAdvisor Enterprise Service;c:\program files\McAfee\SiteAdvisor Enterprise\McSACore.exe [2011-05-12 324928]

S2 mfefire;McAfee Firewall Core Service;c:\program files\Common Files\McAfee\SystemCore\\mfefire.exe [2011-08-03 160344]

S2 mfevtp;McAfee Validation Trust Protection Service;c:\windows\system32\mfevtps.exe [2011-07-19 148520]

S2 MSSQL$ACT7;SQL Server (ACT7);c:\program files\Microsoft SQL Server\MSSQL10_50.ACT7\MSSQL\Binn\sqlservr.exe [2011-06-18 43040096]

S2 myAgtSvc;McAfee Virus and Spyware Protection Service;c:\program files\McAfee\Managed VirusScan\Agent\myAgtSvc.exe [2011-08-25 291064]

S2 QBVSS;QBIDPService;c:\program files\Common Files\Intuit\DataProtect\QBIDPService.exe [2011-06-30 1248256]

S2 RumorServer;McAfee Peer Distribution Service;c:\program files\McAfee\Managed VirusScan\Agent\myAgtSvc.exe [2011-08-25 291064]

S2 WDDMService;WD SmartWare Drive Manager;c:\program files\Western Digital\WD SmartWare\WD Drive Manager\WDDMService.exe [2010-01-21 110592]

S2 WDSmartWareBackgroundService;WD SmartWare Background Service;c:\program files\Western Digital\WD SmartWare\Front Parlor\WDSmartWareBackgroundService.exe [2009-06-16 20480]

S3 k57nd60x;Broadcom NetLink Gigabit Ethernet - NDIS 6.0;c:\windows\system32\DRIVERS\k57nd60x.sys [2010-12-02 349224]

S3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [2012-04-04 22344]

S3 mfefirek;McAfee Inc. mfefirek;c:\windows\system32\drivers\mfefirek.sys [2011-07-19 338040]

S3 osppsvc;Office Software Protection Platform;c:\program files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE [2010-01-10 4640000]

S3 WSDPrintDevice;WSD Print Support via UMB;c:\windows\system32\DRIVERS\WSDPrint.sys [2009-07-14 17920]

.

.

--- Other Services/Drivers In Memory ---

.

*NewlyCreated* - 07206228

*NewlyCreated* - 96380052

*NewlyCreated* - MBAMPROTECTOR

*NewlyCreated* - MFE_RR

*Deregistered* - 07206228

*Deregistered* - 96380052

*Deregistered* - mfeavfk01

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]

HPZ12 REG_MULTI_SZ Pml Driver HPZ12 Net Driver HPZ12

HPService REG_MULTI_SZ HPSLPSVC

.

.

------- Supplementary Scan -------

.

uStart Page = hxxp://www.cnn.com/

uInternet Settings,ProxyServer = 178.48.2.237:8080

IE: Append to existing PDF - c:\program files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppend.html

IE: Convert link target to Adobe PDF - c:\program files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIECaptureSelLinks.html

IE: Convert link target to existing PDF - c:\program files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppendSelLinks.html

IE: Convert to Adobe PDF - c:\program files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIECapture.html

IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~3\Office14\EXCEL.EXE/3000

IE: Se&nd to OneNote - c:\progra~1\MICROS~3\Office14\ONBttnIE.dll/105

Trusted Zone: wiznet.com\wiznet

Trusted Zone: //about.htm/

Trusted Zone: //Exclude.htm/

Trusted Zone: //LanguageSelection.htm/

Trusted Zone: //Message.htm/

Trusted Zone: //MyAgttryCmd.htm/

Trusted Zone: //MyAgttryNag.htm/

Trusted Zone: //MyNotification.htm/

Trusted Zone: //NOCLessUpdate.htm/

Trusted Zone: //quarantine.htm/

Trusted Zone: //ScanNow.htm/

Trusted Zone: //strings.vbs/

Trusted Zone: //Template.htm/

Trusted Zone: //Update.htm/

Trusted Zone: //VirFound.htm/

Trusted Zone: mcafee.com\*

Trusted Zone: mcafeeasap.com\betavscan

Trusted Zone: mcafeeasap.com\vs

Trusted Zone: mcafeeasap.com\www

TCP: DhcpNameServer = 192.168.2.1

DPF: RemotePrintControlCab - hxxps://payrollapp2.com/@57128e25-bfc9-4da2-9796-f1b16cc899b9/checkprintingassistant/RemotePrintControlCabIE.CAB

DPF: {16F67783-7E72-4C39-99C4-4780A8335484} - hxxp://www.syncmyride.com/Own/Modules/UpdateCenter/applets/sync.cab

FF - ProfilePath - c:\users\Clay\AppData\Roaming\Mozilla\Firefox\Profiles\xhbljdsq.default\

.

- - - - ORPHANS REMOVED - - - -

.

Toolbar-Locked - (no file)

AddRemove-Fax Upload - c:\program files\Fax Upload\Setup.exe

AddRemove-MVS - c:\progra~1\McAfee\MANAGE~1\Agent\myinx

.

.

.

--------------------- LOCKED REGISTRY KEYS ---------------------

.

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]

@Denied: (Full) (Everyone)

.

--------------------- DLLs Loaded Under Running Processes ---------------------

.

- - - - - - - > 'lsass.exe'(624)

c:\windows\system32\wvauth.DLL

c:\windows\system32\pstorsvc.dll

.

Completion time: 2012-05-24 11:05:41

ComboFix-quarantined-files.txt 2012-05-24 18:05

.

Pre-Run: 179,577,348,096 bytes free

Post-Run: 180,630,921,216 bytes free

.

- - End Of File - - 5A108768A1E8EEC5D63A990302C50FB7

Security Check checkup logfile:

Results of screen317's Security Check version 0.99.38

Windows 7 Service Pack 1 x86 (UAC is enabled)

Internet Explorer 9

``````````````````````````````

Antivirus/Firewall Check:

Windows Firewall Disabled!

McAfeer Security-as-a-Service

Antivirus up to date! (On Access scanning disabled!)

```````````````````````````````

Anti-malware/Other Utilities Check:

McAfee SiteAdvisor Enterprise Plus

Malwarebytes Anti-Malware version 1.61.0.1400

Java 6 Update 31

Java version out of date!

Adobe Flash Player 11.2.202.228

Mozilla Firefox (12.0)

````````````````````````````````

Process Check:

objlist.exe by Laurent

Malwarebytes Anti-Malware mbamservice.exe

McAfee Managed VirusScan Agent myAgtSvc.exe

McAfee Managed VirusScan DesktopUI XTray.exe

``````````End of Log````````````

Link to post
Share on other sites

Let's see if we can get rid of those redirects ;):

Please do the following:

1. Close any open browsers.

2. Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.

3. Open notepad and copy/paste the text in the quotebox below into it:

KILLALL::

Folder::

C:\bfc6bc274857426c40a36783f22fc120

Driver::

07206228

96380052

File::

C:\Windows\System32\Drivers\07206228.sys

C:\Windows\System32\Drivers\96380052.sys

Reboot::

Save this as CFScript.txt, in the same location as ComboFix.exe

CFScriptB-4.gif

Refering to the picture above, drag CFScript into ComboFix.exe

When finished, it shall produce a log for you at C:\ComboFix.txt which I shall require in your next reply.

Note: Do not mouseclick combofix's window whilst it's running. That may cause it to stall.

Please include the newly-created C:\ComboFix.txt in your next reply, and let me know how things are running now ;)

Link to post
Share on other sites

It appears only to be happening in my firefox browser.

I appreciate all your help!!!

ComboFix log:

ComboFix 12-05-24.02 - Clay 05/24/2012 16:47:19.2.2 - x86

Microsoft Windows 7 Home Premium 6.1.7601.1.1252.1.1033.18.3070.1857 [GMT -7:00]

Running from: c:\users\Clay\Desktop\ComboFix.exe

Command switches used :: c:\users\Clay\Desktop\CFScript.txt

AV: McAfee® Security-as-a-Service *Disabled/Updated* {86355677-4064-3EA7-ABB3-1B136EB04637}

FW: McAfee® Security-as-a-Service *Disabled* {BE0ED752-0A0B-3FFF-80EC-B2269063014C}

SP: McAfee® Security-as-a-Service *Disabled/Updated* {3D54B793-665E-3129-9103-206115370C8A}

SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

.

FILE ::

"c:\windows\System32\Drivers\07206228.sys"

"c:\windows\System32\Drivers\96380052.sys"

.

.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))

.

.

C:\bfc6bc274857426c40a36783f22fc120

c:\bfc6bc274857426c40a36783f22fc120\$shtdwn$.req

c:\bfc6bc274857426c40a36783f22fc120\1025\eula.rtf

c:\bfc6bc274857426c40a36783f22fc120\1025\LocalizedData.xml

c:\bfc6bc274857426c40a36783f22fc120\1025\SetupResources.dll

c:\bfc6bc274857426c40a36783f22fc120\1028\eula.rtf

c:\bfc6bc274857426c40a36783f22fc120\1028\LocalizedData.xml

c:\bfc6bc274857426c40a36783f22fc120\1028\SetupResources.dll

c:\bfc6bc274857426c40a36783f22fc120\1029\eula.rtf

c:\bfc6bc274857426c40a36783f22fc120\1029\LocalizedData.xml

c:\bfc6bc274857426c40a36783f22fc120\1029\SetupResources.dll

c:\bfc6bc274857426c40a36783f22fc120\1030\eula.rtf

c:\bfc6bc274857426c40a36783f22fc120\1030\LocalizedData.xml

c:\bfc6bc274857426c40a36783f22fc120\1030\SetupResources.dll

c:\bfc6bc274857426c40a36783f22fc120\1031\eula.rtf

c:\bfc6bc274857426c40a36783f22fc120\1031\LocalizedData.xml

c:\bfc6bc274857426c40a36783f22fc120\1031\SetupResources.dll

c:\bfc6bc274857426c40a36783f22fc120\1032\eula.rtf

c:\bfc6bc274857426c40a36783f22fc120\1032\LocalizedData.xml

c:\bfc6bc274857426c40a36783f22fc120\1032\SetupResources.dll

c:\bfc6bc274857426c40a36783f22fc120\1033\eula.rtf

c:\bfc6bc274857426c40a36783f22fc120\1033\LocalizedData.xml

c:\bfc6bc274857426c40a36783f22fc120\1033\SetupResources.dll

c:\bfc6bc274857426c40a36783f22fc120\1035\eula.rtf

c:\bfc6bc274857426c40a36783f22fc120\1035\LocalizedData.xml

c:\bfc6bc274857426c40a36783f22fc120\1035\SetupResources.dll

c:\bfc6bc274857426c40a36783f22fc120\1036\eula.rtf

c:\bfc6bc274857426c40a36783f22fc120\1036\LocalizedData.xml

c:\bfc6bc274857426c40a36783f22fc120\1036\SetupResources.dll

c:\bfc6bc274857426c40a36783f22fc120\1037\eula.rtf

c:\bfc6bc274857426c40a36783f22fc120\1037\LocalizedData.xml

c:\bfc6bc274857426c40a36783f22fc120\1037\SetupResources.dll

c:\bfc6bc274857426c40a36783f22fc120\1038\eula.rtf

c:\bfc6bc274857426c40a36783f22fc120\1038\LocalizedData.xml

c:\bfc6bc274857426c40a36783f22fc120\1038\SetupResources.dll

c:\bfc6bc274857426c40a36783f22fc120\1040\eula.rtf

c:\bfc6bc274857426c40a36783f22fc120\1040\LocalizedData.xml

c:\bfc6bc274857426c40a36783f22fc120\1040\SetupResources.dll

c:\bfc6bc274857426c40a36783f22fc120\1041\eula.rtf

c:\bfc6bc274857426c40a36783f22fc120\1041\LocalizedData.xml

c:\bfc6bc274857426c40a36783f22fc120\1041\SetupResources.dll

c:\bfc6bc274857426c40a36783f22fc120\1042\eula.rtf

c:\bfc6bc274857426c40a36783f22fc120\1042\LocalizedData.xml

c:\bfc6bc274857426c40a36783f22fc120\1042\SetupResources.dll

c:\bfc6bc274857426c40a36783f22fc120\1043\eula.rtf

c:\bfc6bc274857426c40a36783f22fc120\1043\LocalizedData.xml

c:\bfc6bc274857426c40a36783f22fc120\1043\SetupResources.dll

c:\bfc6bc274857426c40a36783f22fc120\1044\eula.rtf

c:\bfc6bc274857426c40a36783f22fc120\1044\LocalizedData.xml

c:\bfc6bc274857426c40a36783f22fc120\1044\SetupResources.dll

c:\bfc6bc274857426c40a36783f22fc120\1045\eula.rtf

c:\bfc6bc274857426c40a36783f22fc120\1045\LocalizedData.xml

c:\bfc6bc274857426c40a36783f22fc120\1045\SetupResources.dll

c:\bfc6bc274857426c40a36783f22fc120\1046\eula.rtf

c:\bfc6bc274857426c40a36783f22fc120\1046\LocalizedData.xml

c:\bfc6bc274857426c40a36783f22fc120\1046\SetupResources.dll

c:\bfc6bc274857426c40a36783f22fc120\1049\eula.rtf

c:\bfc6bc274857426c40a36783f22fc120\1049\LocalizedData.xml

c:\bfc6bc274857426c40a36783f22fc120\1049\SetupResources.dll

c:\bfc6bc274857426c40a36783f22fc120\1053\eula.rtf

c:\bfc6bc274857426c40a36783f22fc120\1053\LocalizedData.xml

c:\bfc6bc274857426c40a36783f22fc120\1053\SetupResources.dll

c:\bfc6bc274857426c40a36783f22fc120\1055\eula.rtf

c:\bfc6bc274857426c40a36783f22fc120\1055\LocalizedData.xml

c:\bfc6bc274857426c40a36783f22fc120\1055\SetupResources.dll

c:\bfc6bc274857426c40a36783f22fc120\2052\eula.rtf

c:\bfc6bc274857426c40a36783f22fc120\2052\LocalizedData.xml

c:\bfc6bc274857426c40a36783f22fc120\2052\SetupResources.dll

c:\bfc6bc274857426c40a36783f22fc120\2070\eula.rtf

c:\bfc6bc274857426c40a36783f22fc120\2070\LocalizedData.xml

c:\bfc6bc274857426c40a36783f22fc120\2070\SetupResources.dll

c:\bfc6bc274857426c40a36783f22fc120\3076\eula.rtf

c:\bfc6bc274857426c40a36783f22fc120\3076\LocalizedData.xml

c:\bfc6bc274857426c40a36783f22fc120\3076\SetupResources.dll

c:\bfc6bc274857426c40a36783f22fc120\3082\eula.rtf

c:\bfc6bc274857426c40a36783f22fc120\3082\LocalizedData.xml

c:\bfc6bc274857426c40a36783f22fc120\3082\SetupResources.dll

c:\bfc6bc274857426c40a36783f22fc120\DHtmlHeader.html

c:\bfc6bc274857426c40a36783f22fc120\Graphics\Print.ico

c:\bfc6bc274857426c40a36783f22fc120\Graphics\Rotate1.ico

c:\bfc6bc274857426c40a36783f22fc120\Graphics\Rotate2.ico

c:\bfc6bc274857426c40a36783f22fc120\Graphics\Rotate3.ico

c:\bfc6bc274857426c40a36783f22fc120\Graphics\Rotate4.ico

c:\bfc6bc274857426c40a36783f22fc120\Graphics\Rotate5.ico

c:\bfc6bc274857426c40a36783f22fc120\Graphics\Rotate6.ico

c:\bfc6bc274857426c40a36783f22fc120\Graphics\Rotate7.ico

c:\bfc6bc274857426c40a36783f22fc120\Graphics\Rotate8.ico

c:\bfc6bc274857426c40a36783f22fc120\Graphics\Save.ico

c:\bfc6bc274857426c40a36783f22fc120\Graphics\Setup.ico

c:\bfc6bc274857426c40a36783f22fc120\Graphics\stop.ico

c:\bfc6bc274857426c40a36783f22fc120\Graphics\SysReqMet.ico

c:\bfc6bc274857426c40a36783f22fc120\Graphics\SysReqNotMet.ico

c:\bfc6bc274857426c40a36783f22fc120\Graphics\warn.ico

c:\bfc6bc274857426c40a36783f22fc120\header.bmp

c:\bfc6bc274857426c40a36783f22fc120\NDP40-KB2604121.msp

c:\bfc6bc274857426c40a36783f22fc120\ParameterInfo.xml

c:\bfc6bc274857426c40a36783f22fc120\Setup.exe

c:\bfc6bc274857426c40a36783f22fc120\SetupEngine.dll

c:\bfc6bc274857426c40a36783f22fc120\SetupUi.dll

c:\bfc6bc274857426c40a36783f22fc120\SetupUi.xsd

c:\bfc6bc274857426c40a36783f22fc120\SetupUtility.exe

c:\bfc6bc274857426c40a36783f22fc120\SplashScreen.bmp

c:\bfc6bc274857426c40a36783f22fc120\sqmapi.dll

c:\bfc6bc274857426c40a36783f22fc120\Strings.xml

c:\bfc6bc274857426c40a36783f22fc120\UiInfo.xml

c:\bfc6bc274857426c40a36783f22fc120\watermark.bmp

.

.

((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))

.

.

-------\Legacy_07206228

-------\Legacy_96380052

.

.

((((((((((((((((((((((((( Files Created from 2012-04-24 to 2012-05-24 )))))))))))))))))))))))))))))))

.

.

2012-05-24 23:52 . 2012-05-24 23:52 -------- d-----w- c:\users\Default\AppData\Local\temp

2012-05-24 23:20 . 2012-05-24 23:20 476960 ----a-w- c:\windows\system32\npdeployJava1.dll

2012-05-24 18:10 . 2012-05-24 18:10 -------- d-----w- c:\windows\Sun

2012-05-23 22:48 . 2012-05-23 22:48 -------- d-----w- c:\users\Clay\AppData\Roaming\Malwarebytes

2012-05-23 22:48 . 2012-05-23 22:48 -------- d-----w- c:\programdata\Malwarebytes

2012-05-23 22:48 . 2012-05-23 22:48 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware

2012-05-23 22:48 . 2012-04-04 22:56 22344 ----a-w- c:\windows\system32\drivers\mbam.sys

2012-05-09 03:01 . 2012-03-17 07:27 56176 ----a-w- c:\windows\system32\drivers\partmgr.sys

2012-05-09 03:01 . 2012-03-03 05:31 1077248 ----a-w- c:\windows\system32\DWrite.dll

2012-04-27 22:43 . 2009-04-16 21:08 312832 ----a-w- c:\windows\system32\Spool\prtprocs\w32x86\hpfpp70v.dll

2012-04-27 22:40 . 2012-04-27 22:40 -------- d-----w- c:\program files\Common Files\HP

2012-04-27 22:40 . 2012-04-27 22:40 -------- d-----w- c:\program files\Common Files\Hewlett-Packard

2012-04-27 22:39 . 2009-04-16 21:08 123904 ----a-w- c:\windows\system32\hpf3l70v.dll

2012-04-27 22:34 . 2012-04-27 22:39 -------- d-----w- c:\program files\HP

2012-04-27 22:34 . 2012-04-27 22:34 -------- d-----w- c:\programdata\HP

2012-04-27 22:34 . 2009-04-16 11:53 452408 ----a-w- c:\windows\system32\hpzids01.dll

2012-04-27 22:34 . 2009-02-11 11:03 966656 ----a-w- c:\windows\system32\hpost_p02c.dll

2012-04-27 22:34 . 2009-02-11 11:03 712704 ----a-w- c:\windows\system32\hposwia_p02c.dll

2012-04-27 22:34 . 2009-02-11 11:03 315392 ----a-w- c:\windows\system32\hposc_p02a.dll

2012-04-27 22:34 . 2008-10-29 00:27 372736 ----a-w- c:\windows\system32\hppldcoi.dll

2012-04-26 18:20 . 2012-04-26 18:20 -------- d-----w- c:\program files\Mozilla Maintenance Service

2012-04-26 18:20 . 2012-04-26 18:20 157352 ----a-w- c:\program files\Mozilla Firefox\maintenanceservice_installer.exe

2012-04-26 18:20 . 2012-04-26 18:20 129976 ----a-w- c:\program files\Mozilla Firefox\maintenanceservice.exe

.

.

.

(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))

.

2012-05-24 23:20 . 2011-09-22 21:39 472864 ----a-w- c:\windows\system32\deployJava1.dll

2012-05-23 22:17 . 2011-09-23 21:53 848 --sha-w- c:\programdata\KGyGaAvL.sys

2012-05-23 22:16 . 2011-09-22 23:55 0 ----a-w- c:\users\Clay\AppData\Local\WavXMapDrive.bat

2012-05-21 17:44 . 2012-04-12 20:17 419488 ----a-w- c:\windows\system32\FlashPlayerApp.exe

2012-05-21 17:44 . 2011-09-22 21:39 70304 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl

2012-03-06 05:59 . 2012-04-12 16:58 3968368 ----a-w- c:\windows\system32\ntkrnlpa.exe

2012-03-06 05:59 . 2012-04-12 16:58 3913072 ----a-w- c:\windows\system32\ntoskrnl.exe

2012-03-01 05:46 . 2012-04-12 17:00 19824 ----a-w- c:\windows\system32\drivers\fs_rec.sys

2012-03-01 05:37 . 2012-04-12 17:00 172544 ----a-w- c:\windows\system32\wintrust.dll

2012-03-01 05:33 . 2012-04-12 17:00 159232 ----a-w- c:\windows\system32\imagehlp.dll

2012-03-01 05:29 . 2012-04-12 17:00 5120 ----a-w- c:\windows\system32\wmi.dll

2012-02-28 01:18 . 2012-04-12 17:06 1799168 ----a-w- c:\windows\system32\jscript9.dll

2012-02-28 01:11 . 2012-04-12 17:06 1427456 ----a-w- c:\windows\system32\inetcpl.cpl

2012-02-28 01:11 . 2012-04-12 17:06 1127424 ----a-w- c:\windows\system32\wininet.dll

2012-02-28 01:03 . 2012-04-12 17:06 2382848 ----a-w- c:\windows\system32\mshtml.tlb

2012-04-26 18:20 . 2011-09-23 17:33 97208 ----a-w- c:\program files\mozilla firefox\components\browsercomps.dll

.

.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))

.

.

*Note* empty entries & legit default entries are not shown

REGEDIT4

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt1]

@="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}"

[HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}]

2011-12-05 19:17 94208 ----a-w- c:\users\Clay\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt2]

@="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}"

[HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}]

2011-12-05 19:17 94208 ----a-w- c:\users\Clay\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt3]

@="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}"

[HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}]

2011-12-05 19:17 94208 ----a-w- c:\users\Clay\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\EnabledUnlockedFDEIconOverlay]

@="{30D3C2AF-9709-4D05-9CF4-13335F3C1E4A}"

[HKEY_CLASSES_ROOT\CLSID\{30D3C2AF-9709-4D05-9CF4-13335F3C1E4A}]

2010-03-29 17:45 62832 ----a-w- c:\program files\Wave Systems Corp\Trusted Drive Manager\TdmIconOverlay.dll

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\UninitializedFdeIconOverlay]

@="{CF08DA3E-C97D-4891-A66B-E39B28DD270F}"

[HKEY_CLASSES_ROOT\CLSID\{CF08DA3E-C97D-4891-A66B-E39B28DD270F}]

2010-03-29 17:45 62832 ----a-w- c:\program files\Wave Systems Corp\Trusted Drive Manager\TdmIconOverlay.dll

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"RtHDVCpl"="c:\program files\Realtek\Audio\HDA\RtDCpl.exe" [2009-08-26 2691072]

"StartCCC"="c:\program files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2009-11-18 98304]

"WavXMgr"="c:\program files\Wave Systems Corp\Services Manager\Docmgr\bin\WavXDocMgr.exe" [2010-07-21 147840]

"USCService"="c:\program files\Dell\Dell ControlPoint\Security Manager\BcmDeviceAndTaskStatusService.exe" [2010-06-22 34232]

"MVS Splash"="c:\program files\McAfee\Managed VirusScan\DesktopUI\XTray.exe" [2011-08-25 476480]

"Adobe Acrobat Speed Launcher"="c:\program files\Adobe\Acrobat 9.0\Acrobat\Acrobat_sl.exe" [2012-01-04 40376]

"Acrobat Assistant 8.0"="c:\program files\Adobe\Acrobat 9.0\Acrobat\Acrotray.exe" [2012-01-03 640440]

"DBRMTray"="c:\dell\DBRM\Reminder\DbrmTrayIcon.exe" [2011-03-08 227328]

"Act.Outlook.Service"="c:\program files\ACT\Act for Windows\Act.Outlook.Service.exe" [2010-08-19 28672]

"Act! Preloader"="c:\program files\ACT\Act for Windows\ActSage.exe" [2010-08-19 337224]

"Intuit SyncManager"="c:\program files\Common Files\Intuit\Sync\IntuitSyncManager.exe" [2011-09-30 2215768]

"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2012-01-03 843712]

"PC Meter Connect"="c:\program files\Pitney Bowes\PC Meter Connect\mailstationAssistant.exe" [2010-10-20 3514368]

"HostManager"="c:\program files\Common Files\AOL\1326483668\ee\AOLSoftware.exe" [2010-03-08 41800]

"Malwarebytes' Anti-Malware"="c:\program files\Malwarebytes' Anti-Malware\mbamgui.exe" [2012-04-04 462408]

"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2012-01-18 254696]

.

c:\users\Clay\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\

Dropbox.lnk - c:\users\Clay\AppData\Roaming\Dropbox\bin\Dropbox.exe [2012-2-14 24246216]

.

c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\

Intuit Data Protect.lnk - c:\program files\Common Files\Intuit\DataProtect\IntuitDataProtect.exe [2012-3-9 5969752]

QuickBooks Update Agent.lnk - c:\program files\Common Files\Intuit\QuickBooks\QBUpdate\qbupdate.exe [2012-4-9 1156968]

QuickBooks_Standard_21.lnk - c:\program files\Intuit\QuickBooks 2011\QBW32.EXE [2012-4-9 1178984]

Sage ACT! Outlook Sync.lnk - c:\program files\ACT\Act for Windows\Act.Outlook.Sync.exe [2010-8-18 91136]

TdmNotify.lnk - c:\program files\Wave Systems Corp\Trusted Drive Manager\TdmNotify.exe [2010-3-29 132456]

Vista Fax Daemon.lnk - c:\program files\Common Files\ImageMAKER\Vstdaemon.exe [2011-9-26 90880]

WDDMStatus.lnk - c:\program files\Western Digital\WD SmartWare\WD Drive Manager\WDDMStatus.exe [2010-1-21 2057536]

WDSmartWare.lnk - c:\program files\Western Digital\WD SmartWare\Front Parlor\WDSmartWare.exe [2010-1-21 9136960]

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]

"ConsentPromptBehaviorAdmin"= 5 (0x5)

"ConsentPromptBehaviorUser"= 3 (0x3)

"EnableUIADesktopToggle"= 0 (0x0)

.

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]

Security Packages REG_MULTI_SZ kerberos msv1_0 schannel wdigest tspkg pku2u livessp

Authentication Packages REG_MULTI_SZ msv1_0 wvauth

.

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\McAfeeAntiSpyware]

"DisableMonitoring"=dword:00000001

.

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\McAfeeAntiVirus]

"DisableMonitoring"=dword:00000001

.

R2 ACT! Scheduler;ACT! Scheduler;c:\program files\ACT\Act for Windows\Act.Scheduler.exe [2010-08-19 81920]

R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]

R3 DM150Drv;DM150Drv;c:\windows\system32\DRIVERS\DM150Drv.sys [2010-07-30 20600]

R3 MFE_RR;MFE_RR;c:\users\Clay\AppData\Local\Temp\mfe_rr.sys [x]

R3 mferkdet;McAfee Inc. mferkdet;c:\windows\system32\drivers\mferkdet.sys [2011-07-19 87808]

R3 MozillaMaintenance;Mozilla Maintenance Service;c:\program files\Mozilla Maintenance Service\maintenanceservice.exe [2012-04-26 129976]

R3 osppsvc;Office Software Protection Platform;c:\program files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE [2010-01-10 4640000]

R3 Samsung UPD Service;Samsung UPD Service;c:\windows\System32\SUPDSvc.exe [2010-08-09 131888]

R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [2010-11-20 52224]

R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe [2011-09-23 1343400]

R3 WDC_SAM;WD SCSI Pass Thru driver;c:\windows\system32\DRIVERS\wdcsam.sys [2008-05-06 11520]

R4 MSSQLServerADHelper100;SQL Active Directory Helper Service;c:\program files\Microsoft SQL Server\100\Shared\SQLADHLP.EXE [2010-05-06 44896]

R4 RsFx0151;RsFx0151 Driver;c:\windows\system32\DRIVERS\RsFx0151.sys [2011-06-18 240736]

R4 SQLAgent$ACT7;SQL Server Agent (ACT7);c:\program files\Microsoft SQL Server\MSSQL10_50.ACT7\MSSQL\Binn\SQLAGENT.EXE [2011-06-18 370016]

S0 mfewfpk;McAfee Inc. mfewfpk;c:\windows\system32\drivers\mfewfpk.sys [2011-07-19 164776]

S1 mfenlfk;McAfee NDIS Light Filter;c:\windows\system32\DRIVERS\mfenlfk.sys [2011-07-19 64712]

S2 AMD External Events Utility;AMD External Events Utility;c:\windows\system32\atiesrxx.exe [2009-12-09 172032]

S2 BrcmMgmtAgent;Broadcom Management Agent;c:\program files\Broadcom\MgmtAgent\BrcmMgmtAgent.exe [2010-06-29 127488]

S2 MBAMService;MBAMService;c:\program files\Malwarebytes' Anti-Malware\mbamservice.exe [2012-04-04 654408]

S2 McAfee SiteAdvisor Enterprise Service;McAfee SiteAdvisor Enterprise Service;c:\program files\McAfee\SiteAdvisor Enterprise\McSACore.exe [2011-05-12 324928]

S2 mfefire;McAfee Firewall Core Service;c:\program files\Common Files\McAfee\SystemCore\\mfefire.exe [2011-08-03 160344]

S2 mfevtp;McAfee Validation Trust Protection Service;c:\windows\system32\mfevtps.exe [2011-07-19 148520]

S2 MSSQL$ACT7;SQL Server (ACT7);c:\program files\Microsoft SQL Server\MSSQL10_50.ACT7\MSSQL\Binn\sqlservr.exe [2011-06-18 43040096]

S2 myAgtSvc;McAfee Virus and Spyware Protection Service;c:\program files\McAfee\Managed VirusScan\Agent\myAgtSvc.exe [2011-08-25 291064]

S2 QBVSS;QBIDPService;c:\program files\Common Files\Intuit\DataProtect\QBIDPService.exe [2011-06-30 1248256]

S2 RumorServer;McAfee Peer Distribution Service;c:\program files\McAfee\Managed VirusScan\Agent\myAgtSvc.exe [2011-08-25 291064]

S2 WDDMService;WD SmartWare Drive Manager;c:\program files\Western Digital\WD SmartWare\WD Drive Manager\WDDMService.exe [2010-01-21 110592]

S2 WDSmartWareBackgroundService;WD SmartWare Background Service;c:\program files\Western Digital\WD SmartWare\Front Parlor\WDSmartWareBackgroundService.exe [2009-06-16 20480]

S3 k57nd60x;Broadcom NetLink Gigabit Ethernet - NDIS 6.0;c:\windows\system32\DRIVERS\k57nd60x.sys [2010-12-02 349224]

S3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [2012-04-04 22344]

S3 mfefirek;McAfee Inc. mfefirek;c:\windows\system32\drivers\mfefirek.sys [2011-07-19 338040]

S3 WSDPrintDevice;WSD Print Support via UMB;c:\windows\system32\DRIVERS\WSDPrint.sys [2009-07-14 17920]

.

.

--- Other Services/Drivers In Memory ---

.

*NewlyCreated* - WS2IFSL

*Deregistered* - mfeavfk01

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]

HPZ12 REG_MULTI_SZ Pml Driver HPZ12 Net Driver HPZ12

HPService REG_MULTI_SZ HPSLPSVC

.

.

------- Supplementary Scan -------

.

uStart Page = hxxp://www.cnn.com/

uInternet Settings,ProxyServer = 178.48.2.237:8080

IE: Append to existing PDF - c:\program files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppend.html

IE: Convert link target to Adobe PDF - c:\program files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIECaptureSelLinks.html

IE: Convert link target to existing PDF - c:\program files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppendSelLinks.html

IE: Convert to Adobe PDF - c:\program files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIECapture.html

IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~3\Office14\EXCEL.EXE/3000

IE: Se&nd to OneNote - c:\progra~1\MICROS~3\Office14\ONBttnIE.dll/105

Trusted Zone: wiznet.com\wiznet

Trusted Zone: //about.htm/

Trusted Zone: //Exclude.htm/

Trusted Zone: //LanguageSelection.htm/

Trusted Zone: //Message.htm/

Trusted Zone: //MyAgttryCmd.htm/

Trusted Zone: //MyAgttryNag.htm/

Trusted Zone: //MyNotification.htm/

Trusted Zone: //NOCLessUpdate.htm/

Trusted Zone: //quarantine.htm/

Trusted Zone: //ScanNow.htm/

Trusted Zone: //strings.vbs/

Trusted Zone: //Template.htm/

Trusted Zone: //Update.htm/

Trusted Zone: //VirFound.htm/

Trusted Zone: mcafee.com\*

Trusted Zone: mcafeeasap.com\betavscan

Trusted Zone: mcafeeasap.com\vs

Trusted Zone: mcafeeasap.com\www

TCP: DhcpNameServer = 192.168.2.1

DPF: RemotePrintControlCab - hxxps://payrollapp2.com/@57128e25-bfc9-4da2-9796-f1b16cc899b9/checkprintingassistant/RemotePrintControlCabIE.CAB

DPF: {16F67783-7E72-4C39-99C4-4780A8335484} - hxxp://www.syncmyride.com/Own/Modules/UpdateCenter/applets/sync.cab

FF - ProfilePath - c:\users\Clay\AppData\Roaming\Mozilla\Firefox\Profiles\xhbljdsq.default\

.

.

--------------------- LOCKED REGISTRY KEYS ---------------------

.

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]

@Denied: (Full) (Everyone)

.

--------------------- DLLs Loaded Under Running Processes ---------------------

.

- - - - - - - > 'lsass.exe'(628)

c:\windows\system32\wvauth.DLL

.

- - - - - - - > 'Explorer.exe'(4272)

c:\users\Clay\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll

c:\program files\Wave Systems Corp\Trusted Drive Manager\TdmIconOverlay.dll

.

------------------------ Other Running Processes ------------------------

.

c:\windows\system32\atieclxx.exe

c:\program files\Wave Systems Corp\Trusted Drive Manager\TdmService.exe

c:\windows\system32\taskhost.exe

c:\program files\Visioneer\OneTouch 4.0\OtService.exe

c:\program files\Common Files\Protexis\License Service\PsiService_2.exe

c:\program files\Common Files\Intuit\QuickBooks\QBCFMonitorService.exe

c:\program files\Visioneer\OneTouch 4.0\OtMonEx.exe

c:\program files\Microsoft SQL Server\90\Shared\sqlbrowser.exe

c:\program files\Microsoft SQL Server\90\Shared\sqlwriter.exe

c:\program files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE

c:\program files\Common Files\McAfee\SystemCore\mcshield.exe

c:\program files\Common Files\McAfee\SystemCore\mfefire.exe

c:\program files\Common Files\McAfee\SystemCore\mfeann.exe

c:\windows\system32\conhost.exe

c:\program files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe

c:\windows\system32\wbem\unsecapp.exe

c:\windows\system32\conhost.exe

c:\program files\Windows Media Player\wmpnetwk.exe

.

**************************************************************************

.

Completion time: 2012-05-24 17:02:45 - machine was rebooted

ComboFix-quarantined-files.txt 2012-05-25 00:02

ComboFix2.txt 2012-05-24 18:05

.

Pre-Run: 180,438,634,496 bytes free

Post-Run: 180,005,584,896 bytes free

.

- - End Of File - - 5106096DF78D07C270E9404D70341201

Link to post
Share on other sites

Let's try to fix those issues in Firefox:

Please open Firefox.

In the address bar, type the following (in bold): about:config

Select I'll be carefull, I promise!

In the top left-hand corner of the newly loaded page, copy and paste each of the following entries (in black bold). (ignore the ---- lines)

browser.search.defaultengine ----------------- Google

browser.search.defaultenginename ------------- Google

browser.search.order.1 ----------------------- Google

browser.search.selectedengineURL ------------- www.google.com

browser.startup.homepage --------------------- www.google.com

keyword.URL ---------------------------------- http://www.google.com/search?btnI=I%27m+Feeling+Lucky&ie=UTF-8&oe=UTF-8&q=

Right-Click, and select Modify on each of the Preference Names I have included above..

When the popup titled Enter String Value appears, copy and paste each respective Value located to the left of each Preference Name (in green bold).

You will have to do this for each of the entries I have listed. Make sure that in keyword.URL, you've typed the entire address I've included above.

When you have finished, please restart Firefox. Let me know if that helps.

Link to post
Share on other sites

Go ahead and run ComboFix.exe once again. If asked to update to a newer version, allow it to do so. Please post the new log it creates in your next reply.

Are the new redirects occurring in just Firefox like before, or have they surfaced in all browsers by now?

Link to post
Share on other sites

  • 2 weeks later...

Due to the lack of feedback this topic is closed to prevent others from posting here. If you need this topic reopened, please send a Private Message to any one of the moderating team members. Please include a link to this thread with your request. This applies only to the originator of this thread.

Other members who need assistance please start your own topic in a new thread. Thanks!

Link to post
Share on other sites

Guest
This topic is now closed to further replies.
 Share

  • Recently Browsing   0 members

    • No registered users viewing this page.
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.