Redirected in Google - Help!

Jai · June 8, 2012

Hi there

I have got a brand new Windows 7 laptop at work and was looking up some forums on databases ... and started getting redirects soon after that. I ran Malwarebytes Anti-Malware first and it got rid of a few objects, but the redirects continued. Ran Malwarebytes Anti-Malware again with 0 removals, but the redirects persist. Have run dds.scr.

First Malwarebytes Anti-Malware log:

Malwarebytes Anti-Malware 1.61.0.1400

www.malwarebytes.org

Database version: v2012.06.07.01

Windows 7 Service Pack 1 x86 NTFS

Internet Explorer 8.0.7601.17514

snayak :: 4BRXBT1 [administrator]

6/6/2012 8:44:03 PM

mbam-log-2012-06-06 (20-44-03).txt

Scan type: Full scan

Scan options disabled: P2P

Objects scanned: 421292

Time elapsed: 2 hour(s), 37 minute(s), 33 second(s)

Memory Processes Detected: 0

(No malicious items detected)

Memory Modules Detected: 0

(No malicious items detected)

Registry Keys Detected: 0

(No malicious items detected)

Registry Values Detected: 0

(No malicious items detected)

Registry Data Items Detected: 3

HKLM\SOFTWARE\Microsoft\Security Center|AntiVirusDisableNotify (PUM.Disabled.SecurityCenter) -> Bad: (1) Good: (0) -> Quarantined and repaired successfully.

HKLM\SOFTWARE\Microsoft\Security Center|FirewallDisableNotify (PUM.Disabled.SecurityCenter) -> Bad: (1) Good: (0) -> Quarantined and repaired successfully.

HKLM\SOFTWARE\Microsoft\Security Center|UpdatesDisableNotify (PUM.Disabled.SecurityCenter) -> Bad: (1) Good: (0) -> Quarantined and repaired successfully.

Folders Detected: 0

(No malicious items detected)

Files Detected: 5

C:\Program Files\Altiris\Altiris Agent\Software Delivery\{09CF9025-418A-4936-BC26-74B95230DBF2}\cache\Bitmap-Reg.exe (Trojan.AutoIt) -> Quarantined and deleted successfully.

C:\Users\snayak\AppData\Local\gemagw.exe (Trojan.LameShield) -> Quarantined and deleted successfully.

c:\users\snayak\appdata\local\temp\tempfiles.exe (Trojan.Ransom) -> Quarantined and deleted successfully.

c:\users\snayak\appdata\local\temp\~!#1558.tmp (Rootkit.0Access) -> Quarantined and deleted successfully.

c:\users\snayak\appdata\locallow\sun\java\deployment\cache\6.0\13\320a428d-24c74a2d (Trojan.Ransom) -> Quarantined and deleted successfully.

(end)

Second Malwarebytes Anti-Malware log:

Malwarebytes Anti-Malware 1.61.0.1400

www.malwarebytes.org

Database version: v2012.06.07.06

Windows 7 Service Pack 1 x86 NTFS

Internet Explorer 8.0.7601.17514

snayak :: 4BRXBT1 [administrator]

6/7/2012 7:49:24 PM

mbam-log-2012-06-07 (19-49-24).txt

Scan type: Full scan

Scan options disabled: P2P

Objects scanned: 425709

Time elapsed: 3 hour(s), 28 minute(s), 16 second(s)

Memory Processes Detected: 0

(No malicious items detected)

Memory Modules Detected: 0

(No malicious items detected)

Registry Keys Detected: 0

(No malicious items detected)

Registry Values Detected: 0

(No malicious items detected)

Registry Data Items Detected: 0

(No malicious items detected)

Folders Detected: 0

(No malicious items detected)

Files Detected: 0

(No malicious items detected)

(end)

DDS.txt follows below:

.

DDS (Ver_2011-08-26.01) - NTFSx86

Internet Explorer: 8.0.7601.17514

Run by snayak at 23:26:38 on 2012-06-07

Microsoft Windows 7 Enterprise 6.1.7601.1.1252.1.1033.18.3241.1485 [GMT -5:00]

.

AV: McAfee VirusScan Enterprise *Enabled/Updated* {86355677-4064-3EA7-ABB3-1B136EB04637}

SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

SP: McAfee VirusScan Enterprise Antispyware Module *Enabled/Updated* {3D54B793-665E-3129-9103-206115370C8A}

FW: McAfee Host Intrusion Prevention Firewall *Disabled* {BE0ED752-0A0B-3FFF-80EC-B2269063014C}

.

============== Running Processes ===============

.

C:\windows\system32\wininit.exe

C:\windows\system32\lsm.exe

C:\windows\system32\svchost.exe -k DcomLaunch

C:\windows\system32\svchost.exe -k RPCSS

C:\windows\System32\svchost.exe -k LocalServiceNetworkRestricted

C:\windows\System32\svchost.exe -k LocalSystemNetworkRestricted

C:\windows\system32\svchost.exe -k netsvcs

C:\Program Files\IDT\WDM\STacSV.exe

C:\windows\system32\svchost.exe -k LocalService

C:\Program Files\Intel\WiFi\bin\EvtEng.exe

C:\Program Files\Intel\WiFi\bin\ZCfgSvc7.exe

C:\windows\system32\WLANExt.exe

C:\windows\system32\conhost.exe

C:\windows\System32\spoolsv.exe

C:\windows\system32\svchost.exe -k LocalServiceAndNoImpersonation

C:\windows\System32\svchost.exe -k NetworkService

C:\Program Files\IDT\WDM\aestsrv.exe

C:\Program Files\Altiris\Altiris Agent\AeXNSAgent.exe

C:\Program Files\Passport_Direct\9684826\Program\ServiceWrapper-9684826.exe

C:\Program Files\WIDCOMM\Bluetooth Software\btwdins.exe

C:\Program Files\Dell\Dell System Manager\DCPSysMgrSvc.exe

C:\windows\System32\svchost.exe -k LocalServiceNoNetwork

C:\Program Files\Juniper Networks\Common Files\dsNcService.exe

C:\windows\system32\DWRCS.exe

C:\Program Files\McAfee\Host Intrusion Prevention\FireSvc.exe

C:\Program Files\McAfee\Host Intrusion Prevention\HIPSCore\HIPSvc.exe

C:\windows\system32\svchost.exe -k HsfXAudioService

C:\Program Files\Common Files\Juniper Networks\JUNS\dsAccessService.exe

C:\windows\system32\wbem\unsecapp.exe

C:\windows\system32\wbem\wmiprvse.exe

C:\Program Files\Lotus\Notes\nsd.exe

C:\Program Files\Lotus\Notes\nslsvice.exe

C:\Program Files\McAfee\Common Framework\FrameworkService.exe

C:\Program Files\McAfee\VirusScan Enterprise\vstskmgr.exe

C:\windows\system32\mfevtps.exe

C:\Program Files\Common Files\Microsoft Shared\Microsoft Online Services\MSOIDSVC.EXE

C:\Program Files\Lotus\Notes\ntmulti.exe

C:\windows\System32\svchost.exe -k HPZ12

C:\windows\system32\DRIVERS\o2flash.exe

C:\windows\System32\svchost.exe -k HPZ12

C:\Program Files\Common Files\Microsoft Shared\Microsoft Online Services\MSOIDSvcm.exe

C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe

C:\windows\system32\svchost.exe -k regsvc

C:\Program Files\Passlogix\v-GO SSPR Client\SSPREnrollService.exe

C:\Program Files\Common Files\McAfee\SystemCore\mcshield.exe

C:\Program Files\McAfee\Common Framework\naPrdMgr.exe

C:\windows\system32\SearchIndexer.exe

C:\windows\system32\wbem\WmiApSrv.exe

C:\windows\system32\taskhost.exe

C:\windows\system32\Dwm.exe

C:\windows\system32\DWRCST.exe

C:\windows\Explorer.EXE

C:\Program Files\DellTPad\Apoint.exe

C:\Windows\System32\igfxtray.exe

C:\Windows\System32\hkcmd.exe

C:\Windows\System32\igfxpers.exe

C:\Program Files\STMicroelectronics\AccelerometerP11\FF_Protection.exe

C:\Program Files\Common Files\Intel\WirelessCommon\iFrmewrk.exe

C:\Program Files\Dell Webcam\Dell Webcam Central\WebcamDell2.exe

C:\Program Files\DellTPad\ApMsgFwd.exe

C:\Program Files\CyberLink\PowerDVD9\PDVD9Serv.exe

C:\Program Files\Roxio\OEM\Roxio Burn\RoxioBurnLauncher.exe

C:\Program Files\DellTPad\HidFind.exe

C:\Program Files\DellTPad\Apntex.exe

C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe

C:\windows\system32\conhost.exe

C:\Program Files\McAfee\Common Framework\UdaterUI.exe

C:\Program Files\McAfee\Host Intrusion Prevention\FireTray.exe

C:\Program Files\Altiris\Altiris Agent\AeXAgentUIHost.exe

C:\Windows\System32\rundll32.exe

C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe

C:\Program Files\Dell\Dell System Manager\DCPSysMgr.exe

C:\Program Files\Passport_Direct\9684826\Program\Passport_Direct.exe

C:\windows\System32\mobsync.exe

C:\Program Files\McAfee\Common Framework\McTray.exe

C:\Program Files\Digital Line Detect\DLG.exe

C:\windows\system32\wbem\unsecapp.exe

C:\windows\system32\igfxext.exe

C:\Program Files\TechSmith\Snagit 11\Snagit32.exe

C:\Program Files\TechSmith\Snagit 11\TSCHelp.exe

C:\Program Files\TechSmith\Snagit 11\SnagPriv.exe

C:\Program Files\TechSmith\Snagit 11\snagiteditor.exe

C:\Program Files\Intel\Intel® Management Engine Components\LMS\LMS.exe

C:\Program Files\Intel\Intel® Management Engine Components\UNS\UNS.exe

C:\Program Files\Internet Explorer\iexplore.exe

C:\windows\system32\UI0Detect.exe

C:\Program Files\Adobe\Reader 9.0\Reader\AcroRd32.exe

C:\windows\system32\conhost.exe

C:\windows\system32\svchost.exe -k SDRSVC

C:\windows\system32\conhost.exe

C:\windows\system32\SearchProtocolHost.exe

C:\windows\system32\SearchFilterHost.exe

C:\windows\system32\conhost.exe

C:\windows\system32\wbem\wmiprvse.exe

.

============== Pseudo HJT Report ===============

.

uStart Page = hxxp://www.google.com/

BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll

BHO: Lync Browser Helper: {31d09ba0-12f5-4cce-be8a-2923e76605da} - c:\program files\microsoft lync\OCHelper.dll

BHO: Groove GFS Browser Helper: {72853161-30c5-4d22-b7f9-0bbc1d38a37e} - c:\progra~1\micros~1\office14\GROOVEEX.DLL

BHO: scriptproxy: {7db2d5a0-7241-4e79-b68d-6309f01c5231} - c:\program files\common files\mcafee\systemcore\ScriptSn.20120601155244.dll

BHO: Office Document Cache Handler: {b4f3a835-0e21-4959-ba22-42b3008e02ff} - c:\progra~1\micros~1\office14\URLREDIR.DLL

BHO: Java™ Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll

mRun: [Apoint] c:\program files\delltpad\Apoint.exe

mRun: [igfxTray] c:\windows\system32\igfxtray.exe

mRun: [HotKeysCmds] c:\windows\system32\hkcmd.exe

mRun: [Persistence] c:\windows\system32\igfxpers.exe

mRun: [FreeFallProtection] c:\program files\stmicroelectronics\accelerometerp11\FF_Protection.exe

mRun: [intelPROSet] "c:\program files\common files\intel\wirelesscommon\iFrmewrk.exe" /tf Intel PROSet/Wireless

mRun: [Dell Webcam Central] "c:\program files\dell webcam\dell webcam central\WebcamDell2.exe" /mode2

mRun: [RemoteControl9] "c:\program files\cyberlink\powerdvd9\PDVD9Serv.exe"

mRun: [PDVD9LanguageShortcut] "c:\program files\cyberlink\powerdvd9\language\Language.exe"

mRun: [<NO NAME>]

mRun: [RoxWatchTray] "c:\program files\common files\roxio shared\oem\12.0\sharedcom\RoxWatchTray12OEM.exe"

mRun: [Desktop Disc Tool] "c:\program files\roxio\oem\roxio burn\RoxioBurnLauncher.exe"

mRun: [Adobe Reader Speed Launcher] "c:\program files\adobe\reader 9.0\reader\Reader_sl.exe"

mRun: [Adobe ARM] "c:\program files\common files\adobe\arm\1.0\AdobeARM.exe"

mRun: [AeXAgentLogon] c:\program files\altiris\altiris agent\AeXAgentActivate.exe /logon

mRun: [bCSSync] "c:\program files\microsoft office\office14\BCSSync.exe" /DelayServices

mRun: [McAfeeUpdaterUI] "c:\program files\mcafee\common framework\udaterui.exe" /StartedFromRunKey

mRun: [shStatEXE] "c:\program files\mcafee\virusscan enterprise\SHSTAT.EXE" /STANDALONE

mRun: [McAfee Host Intrusion Prevention Tray] "c:\program files\mcafee\host intrusion prevention\FireTray.exe"

mRun: [Communicator] "c:\program files\microsoft lync\communicator.exe" /fromrunkey

mRun: [skmsvf] rundll32.exe "c:\users\snayak\appdata\roaming\skmsvf.dll",SteamAPI_RestartAppIfNecessary

mRun: [DameWare MRC Agent] c:\windows\system32\DWRCST.exe

StartupFolder: c:\progra~2\micros~1\windows\startm~1\programs\startup\blueto~1.lnk - c:\program files\widcomm\bluetooth software\BTTray.exe

StartupFolder: c:\progra~2\micros~1\windows\startm~1\programs\startup\dellsy~1.lnk - c:\program files\dell\dell system manager\DCPSysMgr.exe

StartupFolder: c:\progra~2\micros~1\windows\startm~1\programs\startup\digita~1.lnk - c:\program files\digital line detect\DLG.exe

StartupFolder: c:\progra~2\micros~1\windows\startm~1\programs\startup\snagit~1.lnk - c:\program files\techsmith\snagit 11\Snagit32.exe

uPolicies-explorer: HideSCAHealth = 1 (0x1)

mPolicies-system: ConsentPromptBehaviorAdmin = 0 (0x0)

mPolicies-system: ConsentPromptBehaviorUser = 3 (0x3)

mPolicies-system: EnableLUA = 0 (0x0)

mPolicies-system: EnableUIADesktopToggle = 0 (0x0)

mPolicies-system: EnableLinkedConnections = 1 (0x1)

IE: E&xport to Microsoft Excel - c:\progra~1\micros~1\office14\EXCEL.EXE/3000

IE: Send image to &Bluetooth Device... - c:\program files\widcomm\bluetooth software\btsendto_ie_ctx.htm

IE: Send page to &Bluetooth Device... - c:\program files\widcomm\bluetooth software\btsendto_ie.htm

IE: {CCA281CA-C863-46ef-9331-5C8D4460577F} - c:\program files\widcomm\bluetooth software\btsendto_ie.htm

IE: {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} - {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} - c:\program files\microsoft lync\OCHelper.dll

IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~1\office12\REFIEBAR.DLL

LSP: mswsock.dll

Trusted Zone: expedia.be

Trusted Zone: expedia.co.uk

Trusted Zone: expedia.com

Trusted Zone: expedia.de

Trusted Zone: expedia.es

Trusted Zone: expedia.fr

Trusted Zone: expedia.it

Trusted Zone: expedia.nl

Trusted Zone: flowstar.net

Trusted Zone: sumtotalsystems.com

DPF: {51BB7DFD-A6F5-4FAC-B8C9-E71CF84D082C} - hxxp://ormnm21.flowserve.net/Altiris/NS/NSCap/Bin/Win32/x86/AltirisNSConsole.cab

DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_21-windows-i586.cab

DPF: {CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_21-windows-i586.cab

DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_21-windows-i586.cab

DPF: {E5F5D008-DD2C-4D32-977D-1A0ADF03058B} - hxxps://juniper.net/dana-cached/setup/JuniperSetupSP1.cab

DPF: {F27237D7-93C8-44C2-AC6E-D6057B9A918F} - hxxps://juniper.net/dana-cached/sc/JuniperSetupClient.cab

TCP: DhcpNameServer = 192.168.1.1

TCP: Interfaces\{26A60F0B-B233-4429-BFE9-E99B95AE3A6C} : DhcpNameServer = 172.26.1.10 172.19.106.28

TCP: Interfaces\{3ED62EB1-8E39-4877-95EB-04EED1AE741A} : DhcpNameServer = 192.168.1.1

TCP: Interfaces\{3ED62EB1-8E39-4877-95EB-04EED1AE741A}\64C4F475055524C49434 : DhcpNameServer = 204.59.152.208 208.67.222.222 57.67.127.195

TCP: Interfaces\{3ED62EB1-8E39-4877-95EB-04EED1AE741A}\64C4F475143435 : DhcpNameServer = 172.26.1.10 172.30.24.1

Handler: bwfile-9684826 - {2DF0241D-8A6A-4E10-A11B-C2E432CF2A28} - c:\program files\passport_direct\9684826\program\GAPlugProtocol-9684826.dll

Handler: qrev - {9DE24BAC-FC3C-42c4-9FC4-76B3FAFDBD90} - c:\progra~1\quests~1\toadfo~1\RNetPin.dll

Notify: igfxcui - igfxdev.dll

AppInit_DLLs: AMINIT32.dll

SEH: Groove GFS Stub Execution Hook: {b5a7f190-dda6-4420-b3ba-52453494e6cd} - c:\progra~1\micros~1\office14\GROOVEEX.DLL

.

============= SERVICES / DRIVERS ===============

.

R0 mfehidk;McAfee Inc. mfehidk;c:\windows\system32\drivers\mfehidk.sys [2012-6-1 463912]

R0 mfewfpk;McAfee Inc. mfewfpk;c:\windows\system32\drivers\mfewfpk.sys [2012-6-1 165416]

R0 stdcfltn;Disk Class Filter Driver for Accelerometer;c:\windows\system32\drivers\stdcfltn.sys [2012-5-23 17904]

R1 vwififlt;Virtual WiFi Filter Driver;c:\windows\system32\drivers\vwififlt.sys [2009-7-13 48128]

R1 WebMail_;WebMail_;c:\windows\system32\WebMail_.sys [2012-6-1 77760]

R2 AESTFilters;Andrea ST Filters Service;c:\program files\idt\wdm\AEstSrv.exe [2012-5-23 81920]

R2 BackWeb Plug-in - 9684826;Passport_Direct;c:\program files\passport_direct\9684826\program\ServiceWrapper-9684826.exe [2012-6-1 24615]

R2 dcpsysmgrsvc;Dell System Manager Service;c:\program files\dell\dell system manager\DCPSysMgrSvc.exe [2011-1-20 388464]

R2 enterceptAgent;McAfee Host Intrusion Prevention Service;c:\program files\mcafee\host intrusion prevention\FireSvc.exe [2011-4-13 1506464]

R2 hips;McAfee HIPSCore Service;c:\program files\mcafee\host intrusion prevention\hipscore\HIPSvc.exe [2012-6-1 35696]

R2 HsfXAudioService;HsfXAudioService;c:\windows\system32\svchost.exe -k HsfXAudioService [2009-7-13 20992]

R2 JuniperAccessService;Juniper Unified Network Service;c:\program files\common files\juniper networks\juns\dsAccessService.exe [2010-8-16 198000]

R2 Lotus Notes Diagnostics;Lotus Notes Diagnostics;c:\program files\lotus\notes\nsd.exe [2009-9-29 3405192]

R2 McAfeeFramework;McAfee Framework Service;c:\program files\mcafee\common framework\FrameworkService.exe [2011-1-12 120128]

R2 McShield;McAfee McShield;c:\program files\common files\mcafee\systemcore\mcshield.exe [2012-6-1 166024]

R2 McTaskManager;McAfee Task Manager;c:\program files\mcafee\virusscan enterprise\vstskmgr.exe [2011-1-12 209760]

R2 mfevtp;McAfee Validation Trust Protection Service;c:\windows\system32\mfevtps.exe [2012-6-1 148520]

R2 msoidsvc;Microsoft Online Services Sign-in Assistant;c:\program files\common files\microsoft shared\microsoft online services\MSOIDSVC.EXE [2011-4-28 1577376]

R2 SSPREnrollService;SSPREnrollService;c:\program files\passlogix\v-go sspr client\SSPREnrollService.exe [2010-10-27 128952]

R2 UNS;Intel® Management and Security Application User Notification Service;c:\program files\intel\intel® management engine components\uns\UNS.exe [2012-5-23 2594584]

R2 WebMail;WebMail;c:\windows\system32\webmail.exe -s --> c:\windows\system32\WebMail.exe -s [?]

R2 ZcfgSvc7;Intel® PROSet/Wireless ZeroConfig Service;c:\program files\intel\wifi\bin\ZCfgSvc7.exe [2010-12-23 577536]

R3 Acceler;Accelerometer Service;c:\windows\system32\drivers\accelern.sys [2012-5-23 44144]

R3 b57nd60x;Broadcom NetXtreme Gigabit Ethernet - NDIS 6.0;c:\windows\system32\drivers\b57nd60x.sys [2012-5-23 349736]

R3 CtClsFlt;Creative Camera Class Upper Filter Driver;c:\windows\system32\drivers\CtClsFlt.sys [2012-5-23 144576]

R3 FirehkMP;FirehkMP;c:\windows\system32\drivers\firehk.sys [2012-6-1 44680]

R3 HIPK;McAfee Inc. HIPK;c:\windows\system32\drivers\HIPK.sys [2012-6-1 107928]

R3 HIPPSK;McAfee Inc. HIPPSK;c:\windows\system32\drivers\HIPPSK.sys [2012-6-1 38680]

R3 HIPQK;McAfee Inc. HIPQK;c:\windows\system32\drivers\HIPQK.sys [2012-6-1 35552]

R3 IntcDAud;Intel® Display Audio;c:\windows\system32\drivers\IntcDAud.sys [2012-5-23 269824]

R3 MEI;Intel® Management Engine Interface ;c:\windows\system32\drivers\HECI.sys [2012-5-23 41216]

R3 mfeavfk;McAfee Inc. mfeavfk;c:\windows\system32\drivers\mfeavfk.sys [2012-6-1 180328]

R3 NETwNs32;___ Intel® Wireless WiFi Link 5000 Series Adapter Driver for Windows 7 - 32 Bit;c:\windows\system32\drivers\NETwNs32.sys [2012-5-23 7434240]

R3 O2MDRRDR;O2MDRRDR;c:\windows\system32\drivers\O2MDRw7.sys [2012-5-23 62440]

R3 O2SDJRDR;O2SDJRDR;c:\windows\system32\drivers\o2sdjw7.sys [2012-5-23 63848]

S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\microsoft.net\framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]

S2 RoxWatch12;Roxio Hard Drive Watcher 12;c:\program files\common files\roxio shared\oem\12.0\sharedcom\RoxWatch12OEM.exe [2010-11-25 219632]

S3 BTWAMPFL;BTWAMPFL;c:\windows\system32\drivers\btwampfl.sys [2012-5-23 302120]

S3 btwl2cap;Bluetooth L2CAP Service;c:\windows\system32\drivers\btwl2cap.sys [2012-5-23 33832]

S3 CtAudDrv;Provides advanced audio effects for audio devices.;c:\windows\system32\drivers\CtAudDrv.sys [2012-5-23 134144]

S3 dmvsc;dmvsc;c:\windows\system32\drivers\dmvsc.sys [2011-4-11 62464]

S3 Firehk;McAfee NDIS Intermediate Filter;c:\windows\system32\drivers\firehk.sys [2012-6-1 44680]

S3 IgniteService;IgniteService;c:\program files\ignitecds\IgniteService.exe [2012-6-1 90464]

S3 Impcd;Impcd;c:\windows\system32\drivers\Impcd.sys [2012-5-23 132480]

S3 mfebopk;McAfee Inc. mfebopk;c:\windows\system32\drivers\mfebopk.sys [2012-6-1 59192]

S3 mferkdet;McAfee Inc. mferkdet;c:\windows\system32\drivers\mferkdet.sys [2012-6-1 87392]

S3 Microsoft SharePoint Workspace Audit Service;Microsoft SharePoint Workspace Audit Service;c:\program files\microsoft office\office14\GROOVE.EXE [2010-12-27 31124344]

S3 O2MDFRDR;O2MDFRDR;c:\windows\system32\drivers\o2mdfw7.sys [2012-5-23 60904]

S3 osppsvc;Office Software Protection Platform;c:\program files\common files\microsoft shared\officesoftwareprotectionplatform\OSPPSVC.EXE [2010-1-9 4640000]

S3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;c:\windows\system32\drivers\rdpvideominiport.sys [2010-11-20 15872]

S3 RoxMediaDB12OEM;RoxMediaDB12OEM;c:\program files\common files\roxio shared\oem\12.0\sharedcom\RoxMediaDB12OEM.exe [2010-11-25 1116656]

S3 StorSvc;Storage Service;c:\windows\system32\svchost.exe -k LocalSystemNetworkRestricted [2009-7-13 20992]

S3 Synth3dVsc;Microsoft Virtual 3D Video Transport Driver;c:\windows\system32\drivers\Synth3dVsc.sys [2011-4-11 77184]

S3 tcm;tcm;c:\windows\system32\drivers\tcm.sys [2012-5-23 12952]

S3 terminpt;Microsoft Remote Desktop Input Driver;c:\windows\system32\drivers\terminpt.sys [2011-4-11 25600]

S3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\TsUsbFlt.sys [2010-11-20 52224]

S3 TsUsbGD;Remote Desktop Generic USB Device;c:\windows\system32\drivers\TsUsbGD.sys [2010-11-20 27264]

S3 tsusbhub;Remote Deskotop USB Hub;c:\windows\system32\drivers\tsusbhub.sys [2011-4-11 112640]

S3 WDC_SAM;WD SCSI Pass Thru driver;c:\windows\system32\drivers\wdcsam.sys [2008-5-6 11520]

.

=============== Created Last 30 ================

.

2012-06-07 01:43:27 -------- d-----w- c:\users\snayak\appdata\roaming\Malwarebytes

2012-06-07 01:43:21 -------- d-----w- c:\programdata\Malwarebytes

2012-06-07 01:43:19 22344 ----a-w- c:\windows\system32\drivers\mbam.sys

2012-06-07 01:43:19 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware

2012-06-07 01:20:15 -------- d-sh--w- c:\windows\system32\%APPDATA%

2012-06-06 17:37:32 266752 ----a-w- c:\users\snayak\appdata\roaming\svcep.dll

2012-06-06 17:37:04 -------- d-----w- c:\users\snayak\appdata\local\CrashDumps

2012-06-06 17:36:53 -------- d-----w- c:\programdata\B7E858A70005A0090002EC59B4EB238B

2012-06-06 17:36:52 131072 --sha-w- c:\users\snayak\appdata\roaming\skmsvf.dll

2012-06-06 17:36:38 -------- d-----w- C:\Quarantine

2012-06-05 23:26:30 -------- d-----w- C:\OraHome_1

2012-06-05 15:41:49 -------- d-----w- c:\users\snayak\appdata\roaming\Software

2012-06-05 15:41:48 -------- d-----w- c:\program files\common files\Quest Shared

2012-06-05 15:27:40 721168 ----a-w- c:\windows\system32\VB40032.DLL

2012-06-05 15:27:12 77824 ----a-w- c:\windows\system32\WindowsAccessBridge.dll

2012-06-05 15:27:12 28672 ----a-w- c:\windows\system32\JAWTAccessBridge.dll

2012-06-05 15:27:12 139264 ----a-w- c:\windows\system32\JavaAccessBridge.dll

2012-06-04 18:27:42 -------- d-----w- C:\Saves

2012-06-04 18:18:43 -------- d-----w- C:\P

2012-06-04 18:18:24 -------- d-----w- C:\STAR

2012-06-04 18:16:13 -------- d-----w- C:\SN

2012-06-04 18:15:31 -------- d-----w- C:\SN-Archive

2012-06-04 18:04:26 40328 ----a-w- c:\windows\system32\HIPIS0e011b8.dll

2012-06-04 17:26:12 398704 ----a-w- c:\windows\system32\dsNcSmartCardProv.dll

2012-06-04 17:26:12 345456 ----a-w- c:\windows\system32\dsNcCredProv.dll

2012-06-04 17:25:31 -------- d-----w- c:\users\snayak\appdata\roaming\Juniper Networks

2012-06-04 17:04:05 -------- d-----w- c:\program files\ESET

2012-06-04 16:45:17 -------- d-----w- C:\Motorola

2012-06-04 16:45:17 -------- d-----w- C:\fslrdr

2012-06-04 16:38:01 -------- d-----w- c:\users\snayak\appdata\roaming\Xerox

2012-06-04 16:37:58 33280 ----a-w- c:\windows\system32\spool\prtprocs\w32x86\x5pp.dll

2012-06-04 16:37:58 11264 ----a-w- c:\windows\system32\spool\prtprocs\w32x86\x5print.dll

2012-06-04 16:33:19 60304 ----a-w- c:\users\snayak\g2mdlhlpx.exe

2012-06-04 16:33:19 226656 ----a-w- c:\users\snayak\cnsload_1308162001787.tmp

2012-06-04 16:33:19 226656 ----a-w- c:\users\snayak\cnsload_1292266988540.tmp

2012-06-04 16:33:19 226656 ----a-w- c:\users\snayak\cnsload_1273174443432.tmp

2012-06-04 16:31:53 -------- d-----w- c:\users\snayak\Oracle Jar Cache

2012-06-04 16:31:50 -------- d-----w- c:\users\snayak\.starbase

2012-06-04 16:31:50 -------- d-----w- c:\users\snayak\.jinit

2012-06-04 16:31:29 -------- d-----w- c:\program files\WinSCP

2012-06-04 16:31:29 -------- d-----w- c:\program files\Philips

2012-06-04 16:25:31 -------- d-----w- c:\program files\Oracle

2012-06-04 16:25:27 -------- d-----w- c:\program files\Option

2012-06-04 16:25:08 -------- d-----w- c:\program files\Citrix

2012-06-04 16:19:32 -------- d-----w- c:\program files\Canon

2012-06-04 16:19:31 -------- d-----w- c:\program files\Zero G Registry

2012-06-04 16:19:31 -------- d-----w- c:\program files\XML Marker

2012-06-04 16:01:27 -------- d-----w- c:\users\snayak\appdata\local\assembly

2012-06-04 16:01:15 -------- d-----w- c:\users\snayak\Tracing

2012-06-04 16:01:03 -------- d-----w- c:\users\snayak\appdata\local\TechSmith

2012-06-04 15:53:31 -------- d-----w- c:\program files\Microsoft Lync

2012-06-04 15:53:22 -------- d-----w- c:\program files\OCSetup

2012-06-04 15:53:01 -------- d-----w- c:\program files\SysTools Export Notes 8.0.5.0 SP1

2012-06-02 08:08:48 1077248 ----a-w- c:\windows\system32\DWrite.dll

2012-06-02 08:08:22 936960 ----a-w- c:\program files\common files\microsoft shared\ink\journal.dll

2012-06-02 08:08:17 1221632 ----a-w- c:\program files\windows journal\NBDoc.DLL

2012-06-02 08:08:11 989184 ----a-w- c:\program files\windows journal\JNTFiltr.dll

2012-06-02 08:08:08 969216 ----a-w- c:\program files\windows journal\JNWDRV.dll

2012-06-02 08:07:34 1291632 ----a-w- c:\windows\system32\drivers\tcpip.sys

2012-06-02 08:07:11 56176 ----a-w- c:\windows\system32\drivers\partmgr.sys

2012-06-02 08:06:12 183808 ----a-w- c:\windows\system32\drivers\rdpwd.sys

2012-06-02 08:06:09 826880 ----a-w- c:\windows\system32\rdpcore.dll

2012-06-02 08:06:08 919040 ----a-w- c:\windows\system32\rdpcorets.dll

2012-06-02 08:06:06 24576 ----a-w- c:\windows\system32\drivers\tdtcp.sys

2012-06-02 08:05:41 1328128 ----a-w- c:\windows\system32\quartz.dll

2012-06-02 08:05:40 514560 ----a-w- c:\windows\system32\qdvd.dll

2012-06-02 08:05:09 22528 ----a-w- c:\windows\system32\lsass.exe

2012-06-02 08:05:07 15872 ----a-w- c:\windows\system32\sspisrv.dll

2012-06-02 08:05:06 224768 ----a-w- c:\windows\system32\schannel.dll

2012-06-02 08:05:05 22016 ----a-w- c:\windows\system32\secur32.dll

2012-06-02 08:05:04 100352 ----a-w- c:\windows\system32\sspicli.dll

2012-06-02 08:05:03 67440 ----a-w- c:\windows\system32\drivers\ksecdd.sys

2012-06-02 08:05:01 134000 ----a-w- c:\windows\system32\drivers\ksecpkg.sys

2012-06-02 08:05:00 314880 ----a-w- c:\windows\system32\webio.dll

2012-06-02 08:04:58 1038848 ----a-w- c:\windows\system32\lsasrv.dll

2012-06-02 08:04:57 369352 ----a-w- c:\windows\system32\drivers\cng.sys

2012-06-02 08:04:36 67072 ----a-w- c:\windows\system32\packager.dll

2012-06-02 08:04:13 38912 ----a-w- c:\windows\system32\csrsrv.dll

2012-06-02 08:03:04 2048 ----a-w- c:\windows\system32\tzres.dll

2012-06-02 08:02:15 708608 ----a-w- c:\program files\common files\system\wab32.dll

2012-06-02 08:01:50 465408 ----a-w- c:\windows\system32\psisdecd.dll

2012-06-02 08:01:46 75776 ----a-w- c:\windows\system32\psisrndr.ax

2012-06-02 08:01:19 571904 ----a-w- c:\windows\system32\oleaut32.dll

2012-06-02 08:01:18 233472 ----a-w- c:\windows\system32\oleacc.dll

2012-06-02 01:56:26 -------- d-----w- C:\IgniteTech

2012-06-02 01:56:13 303104 ----a-w- c:\windows\9684826Uninstall.exe

2012-06-02 01:56:12 -------- d-----w- c:\program files\IgniteCDS

2012-06-02 01:56:07 262202 ------r- c:\windows\bwUnin-8.2.0.29-9684826SL.exe

2012-06-02 01:56:05 -------- d-----w- c:\program files\Passport_Direct

2012-06-02 01:56:01 -------- d-----w- c:\program files\Passlogix

2012-06-01 21:06:00 933888 ----a-w- c:\windows\system32\WebMail_.exe

2012-06-01 21:05:59 933888 ----a-w- c:\windows\system32\WebMail.exe

2012-06-01 21:05:59 77760 ----a-w- c:\windows\system32\WebMail_.sys

2012-06-01 20:50:59 -------- d-----w- c:\programdata\Quest Software

2012-06-01 20:50:38 995383 ----a-w- c:\windows\system32\temp.001

2012-06-01 20:50:38 69632 ----a-w- c:\windows\system32\temp.002

2012-06-01 20:50:38 378880 ----a-w- c:\windows\system32\KXauth.dll

2012-06-01 20:50:38 135168 ----a-w- c:\windows\system32\KXproc.dll

2012-06-01 20:50:37 278581 ----a-w- c:\windows\system32\temp.000

2012-06-01 20:50:31 -------- d-----w- c:\program files\Quest Software

2012-06-01 20:43:05 60344 ----a-w- c:\windows\system32\HcApi.dll

2012-06-01 20:43:05 229264 ----a-w- c:\windows\system32\HcSql.dll

2012-06-01 20:43:05 20256 ----a-w- c:\windows\system32\HcSvc.dll

2012-06-01 20:43:05 143008 ----a-w- c:\windows\system32\KevlarSigs.dll

2012-06-01 20:42:53 65960 ----a-w- c:\windows\system32\drivers\mfetdik.sys

2012-06-01 20:42:53 44448 ----a-w- c:\windows\system32\hipqa.dll

2012-06-01 20:42:53 38680 ----a-w- c:\windows\system32\drivers\HIPPSK.sys

2012-06-01 20:42:53 35552 ----a-w- c:\windows\system32\drivers\HIPQK.sys

2012-06-01 20:42:53 25912 ----a-w- c:\windows\system32\mfehida.dll

2012-06-01 20:42:53 107928 ----a-w- c:\windows\system32\drivers\HIPK.sys

2012-06-01 20:42:27 44680 ----a-w- c:\windows\system32\drivers\firehk.sys

2012-06-01 20:42:21 -------- d-----w- c:\program files\common files\McAfee Inc

2012-06-01 18:46:17 -------- d-----w- c:\program files\Lotus

2012-06-01 18:42:13 -------- d-----w- c:\program files\Microsoft Synchronization Services

2012-06-01 18:42:01 -------- d-----w- c:\windows\PCHEALTH

2012-06-01 18:42:01 -------- d-----w- c:\program files\Microsoft SQL Server Compact Edition

2012-06-01 18:41:36 -------- d-----w- c:\program files\Microsoft Visual Studio 8

2012-06-01 18:41:12 -------- d-----w- c:\program files\Microsoft Analysis Services

2012-06-01 18:38:52 -------- d-----w- c:\program files\common files\Altiris

2012-06-01 18:38:52 -------- d-----w- c:\program files\Altiris

2012-06-01 18:38:50 -------- d--h--w- c:\windows\system32\dwrcssft

2012-06-01 18:38:30 -------- d-sh--we C:\Documents and Settings

2012-05-24 01:37:48 115640 ----a-r- c:\windows\system32\Vxdif.dll

2012-05-24 01:37:48 -------- d-----w- c:\program files\DellTPad

2012-05-24 01:36:09 72296 ----a-w- c:\windows\system32\drivers\o2flash.exe

2012-05-24 01:36:09 63848 ----a-w- c:\windows\system32\drivers\o2sdjw7.sys

2012-05-24 01:36:09 62440 ----a-w- c:\windows\system32\drivers\O2MDRw7.sys

2012-05-24 01:36:09 60904 ----a-w- c:\windows\system32\drivers\o2mdfw7.sys

2012-05-24 01:36:09 1178216 ----a-w- c:\windows\system32\O2Icon_2.dll

2012-05-24 01:36:09 1145448 ----a-w- c:\windows\system32\O2Icon.dll

2012-05-24 01:36:05 7434240 ----a-w- c:\windows\system32\drivers\NETwNs32.sys

2012-05-24 01:36:05 684032 ----a-w- c:\windows\system32\NETwNc32.dll

2012-05-24 01:36:05 2760704 ----a-w- c:\windows\system32\NETwNr32.dll

2012-05-24 01:36:05 132480 ----a-w- c:\windows\system32\drivers\Impcd.sys

2012-05-23 21:56:21 1461992 ----a-r- c:\windows\system32\WdfCoInstaller01009.dll

2012-05-23 21:56:19 284792 ----a-r- c:\windows\system32\drivers\Apfiltr.sys

2012-05-23 21:53:05 302120 ----a-w- c:\windows\system32\drivers\btwampfl.sys

2012-05-23 21:51:48 -------- d--h--w- c:\windows\system32\WLANProfiles

2012-05-23 21:51:15 -------- d-----w- c:\program files\Cisco

2012-05-23 21:49:16 17904 ----a-w- c:\windows\system32\drivers\stdcfltn.sys

2012-05-23 21:49:15 81520 ----a-w- c:\windows\system32\accelernco01.dll

2012-05-23 21:49:15 44144 ----a-w- c:\windows\system32\drivers\accelern.sys

2012-05-23 21:49:15 -------- d-----w- c:\program files\STMicroelectronics

2012-05-23 21:49:10 -------- d-----w- c:\program files\common files\Intel

2012-05-23 21:44:43 -------- d-----w- c:\program files\CONEXANT

2012-05-23 21:44:03 61440 ----a-w- c:\windows\system32\aestaren.dll

2012-05-23 21:44:03 380928 ----a-w- c:\windows\system32\aestecap.dll

2012-05-23 21:44:03 140288 ----a-w- c:\windows\system32\aestacap.dll

2012-05-23 21:44:03 -------- d-----w- c:\program files\IDT

2012-05-23 21:44:02 4644864 ----a-w- c:\windows\system32\stlang.dll

2012-05-23 21:44:02 11870298 ----a-w- c:\windows\system32\idtsg.cpl

2012-05-23 21:43:49 -------- d-----w- C:\Intel

.

==================== Find3M ====================

.

============= FINISH: 23:29:11.78 ===============

Also, Attach.txt is attached.

Helping in getting this resolved is really appreciated!

Thanks

Jai

Attach.txt

gringo_pr · June 8, 2012

Hello and Welcome!!

My name is Gringo and I'll be glad to help you with your computer problems.

I have put together somethings for you to keep in mind while I am helping you to make things go easier and faster for both of us

Please do not run any tools unless instructed to do so.
- We ask you to run different tools in a specific order to ensure the malware is completely removed from your machine, and running any additional tools may detect false positives, interfere with our tools, or cause unforeseen damage or system instability.
[*]Please do not attach logs or use code boxes, just copy and paste the text.
- Due to the high volume of logs we receive it helps to receive everything in the same format, and code boxes make the logs very difficult to read. Also, attachments require us to download and open the reports when it is easier to just read the reports in your post.
[*]Please read every post completely before doing anything.
- Pay special attention to the NOTE: lines, these entries identify an individual issue or important step in the cleanup process.
[*]Please provide feedback about your experience as we go.
- A short statement describing how the computer is working helps us understand where to go next, for example: I am still getting redirected, the computer is running normally, etc. Please do not describe the computer as "the same", this requires the extra step of looking back at your previous post.

NOTE: At the top of your post, click on the Watch Topic Button, select Immediate Notification, and click on Proceed. This will send you an e-mail as soon as I reply to your topic, allowing us to resolve the issue faster.

NOTE: Backup any files that cannot be replaced. Removing malware can be unpredictable and this step can save a lot of hartaches if things don't go as planed. You can put them on a CD/DVD, external drive or a pen drive, anywhere except on the computer.

NOTE: It is good practice to copy and paste the instructions into notepad and print them in case it is necessary for you to go offline during the cleanup process. To open notepad, navigate to Start Menu > All Programs > Accessories > Notepad. Please remember to copy the entire post so you do not miss any instructions.

Security Check

Download Security Check by screen317 from

here.

Save it to your Desktop.
Double click SecurityCheck.exe and follow the onscreen instructions inside of the black box.
A Notepad document should open automatically called checkup.txt; please post the contents of that document.

Run Combofix:

You may be asked to install or update the Recovery Console (Win XP Only) if this happens please allow it to do so (you will need to be connected to the internet for this)

Before you run Combofix I will need you to turn off any security software you have running, If you do not know how to do this you can find out >here< or >here<

Combofix may need to reboot your computer more than once to do its job this is normal.

You can download Combofix from one of these links.

Link 1
Link 2
Link 3

1. Close any open browsers or any other programs that are open.

2. Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.

Double click on combofix.exe & follow the prompts.

When finished, it will produce a report for you.

Note 1: Do not mouseclick combofix's window while it's running. That may cause it to stall

Note 2: If you recieve an error "Illegal operation attempted on a registery key that has been marked for deletion." Please restart the computer

"information and logs"

In your next post I need the following
Log from Combofix
let me know of any problems you may have had
How is the computer doing now?

Gringo

Jai · June 9, 2012

Hi Gringo,

The combofix.exe run was a failure. I am in a bit of a soup!

Here is what happened:

I ran security check. checkup.txt has been posted below.
Then I disconnected from internet.
The McAfee Anti-virus security application is not available to be disabled by me. I am assuming that it is available only to an Administrator in the company. But I have run combofix.exe last time successfully with the anti-virus enabled.
Ran combofix.exe. It unzipped in a window and then the window closed. Since I have run it before, I expected a window to pop up with warnings and it to go through some 20 odd steps.
But nothing occurred for a fairly long time (30 minutes or so).
I was not sure what to do; so I restarted the laptop thinking that for some reason, combofix.exe did not work.
The wallpaper image was no longer visible, and the services.exe and svchost.exe were running taking up 30% CPU. This went on for an hour or so.
Now I have shut down the laptop.

I hope there is a way to get to the state prior to combofix.exe.

checkup.txt follows:

Results of screen317's Security Check version 0.99.41

Windows 7 Service Pack 1 x86 (UAC is disabled!)

Internet Explorer 8 Out of date!

``````````````Antivirus/Firewall Check:``````````````

Windows Security Center service is not running! This report may not be accurate!

McAfee VirusScan Enterprise

Antivirus up to date!

`````````Anti-malware/Other Utilities Check:`````````

Malwarebytes Anti-Malware version 1.61.0.1400

Java 6 Update 21

Java version out of date!

Adobe Flash Player 10 Flash Player out of date!

Adobe Reader 9 Adobe Reader out of date!

````````Process Check: objlist.exe by Laurent````````

Common Files Microsoft Shared Microsoft Online Services MSOIDSVC.EXE

Common Files Microsoft Shared Microsoft Online Services MSOIDSvcm.exe

`````````````````System Health check`````````````````

Total Fragmentation on Drive C: 6%

````````````````````End of Log``````````````````````

Regards

Jai

gringo_pr · June 9, 2012

Hello

download Farbar Recovery Scan Tool x64 and save it to a flash drive.

Plug the flashdrive into the infected PC.

Enter System Recovery Options.

To enter System Recovery Options from the Advanced Boot Options:

Restart the computer.
As soon as the BIOS is loaded begin tapping the F8 key until Advanced Boot Options appears.
Use the arrow keys to select the Repair your computer menu item.
Select US as the keyboard language settings, and then click Next.
Select the operating system you want to repair, and then click Next.
Select your user account an click Next.

To enter System Recovery Options by using Windows installation disc:

Insert the installation disc.
Restart your computer.
If prompted, press any key to start Windows from the installation disc. If your computer is not configured to start from a CD or DVD, check your BIOS settings.
Click Repair your computer.
Select US as the keyboard language settings, and then click Next.
Select the operating system you want to repair, and then click Next.
Select your user account and click Next.

On the System Recovery Options menu you will get the following options:

- Startup Repair
  System Restore
  Windows Complete PC Restore
  Windows Memory Diagnostic Tool
  Command Prompt

[*]Select Command Prompt

[*]In the command window type in notepad and press Enter.

[*]The notepad opens. Under File menu select Open.

[*]Select "Computer" and find your flash drive letter and close the notepad.

[*]In the command window type e:\frst.exe (for x64 bit version type e:\frst64) and press Enter

Note: Replace letter e with the drive letter of your flash drive.

[*]The tool will start to run.

[*]When the tool opens click Yes to disclaimer.

[*]Press Scan button.

[*]It will make a log (FRST.txt) on the flash drive. Please copy and paste it to your reply.

Gringo

Jai · June 9, 2012

Hello Gringo

As this is a company laptop, the Windows installation disc is not provided.

So I have to use the first option of using the Advanced Boot option. While doing so, I proceeded to the step where I have to enter US as the keyboard language. But after that it asks me the password for the "Administrator" user. And I do not have the password. There is only 1 user option of "Administrator". I called up our helpdesk but they are not ready to provide me the password (as expected). The only option is for me to wait until Monday and get the on-site tech in the office to help me. But I am not sure if he will be ready to run something like frst.exe on the computer.

Couple of questions:

Does the "Windows Complete PC Restore" mean that the whole hard drive gets wiped out and a fresh re-installation done?
Are there any other ways for me to corrective action where I do not need to provide the Administrator password?

Thanks

Jai

gringo_pr · June 9, 2012

Greetings

LETS TRY to run these next,

tdsskiller:

Please read carefully and follow these steps.

Download TDSSKiller and save it to your Desktop.
doubleclick on TDSSKiller.exe to run the application, then on Start Scan.
If an infected file is detected, the default action will be Cure, click on Continue.
If a suspicious file is detected, the default action will be Skip, click on Continue.
It may ask you to reboot the computer to complete the process. Click on Reboot Now.
If no reboot is require, click on Report. A log file should appear. Please copy and paste the contents of that file here.
If a reboot is required, the report can also be found in your root directory, (usually C:\ folder) in the form of "TDSSKiller.[Version]_[Date]_[Time]_log.txt". Please copy and paste the contents of that file here.

Please download aswMBR to your desktop.

Double click the aswMBR.exe icon to run it
it will ask to download extra definitions - ALLOW IT
Click the Scan button to start the scan
On completion of the scan, click the save log button, save it to your desktop and post it in your next reply.

If you have any problems running either one come back and let me know

please reply with the reports from TDSSKiller and aswMBR

Gringo

Jai · June 9, 2012

Hi Gringo

TDSSKiller.2.7.36.0_08.06.2012_23.18.59_log follows:

23:18:59.0320 4252 TDSS rootkit removing tool 2.7.36.0 May 21 2012 16:40:16

23:18:59.0367 4252 ============================================================

23:18:59.0367 4252 Current date / time: 2012/06/08 23:18:59.0367

23:18:59.0367 4252 SystemInfo:

23:18:59.0367 4252

23:18:59.0367 4252 OS Version: 6.1.7601 ServicePack: 1.0

23:18:59.0367 4252 Product type: Workstation

23:18:59.0367 4252 ComputerName: 4BRXBT1

23:18:59.0367 4252 UserName: snayak

23:18:59.0367 4252 Windows directory: C:\windows

23:18:59.0367 4252 System windows directory: C:\windows

23:18:59.0367 4252 Processor architecture: Intel x86

23:18:59.0367 4252 Number of processors: 4

23:18:59.0367 4252 Page size: 0x1000

23:18:59.0367 4252 Boot type: Normal boot

23:18:59.0367 4252 ============================================================

23:19:00.0505 4252 Drive \Device\Harddisk0\DR0 - Size: 0x4A85D56000 (298.09 Gb), SectorSize: 0x200, Cylinders: 0x9801, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000050

23:19:00.0505 4252 ============================================================

23:19:00.0505 4252 \Device\Harddisk0\DR0:

23:19:00.0505 4252 MBR partitions:

23:19:00.0505 4252 \Device\Harddisk0\DR0\Partition0: MBR, Type 0x7, StartLBA 0x14000, BlocksNum 0x96000

23:19:00.0505 4252 \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0xAA000, BlocksNum 0x25384000

23:19:00.0505 4252 ============================================================

23:19:00.0521 4252 C: <-> \Device\Harddisk0\DR0\Partition1

23:19:00.0521 4252 ============================================================

23:19:00.0521 4252 Initialize success

23:19:00.0521 4252 ============================================================

23:19:09.0616 3168 ============================================================

23:19:09.0616 3168 Scan started

23:19:09.0616 3168 Mode: Manual;

23:19:09.0616 3168 ============================================================

23:19:10.0240 3168 1394ohci (1b133875b8aa8ac48969bd3458afe9f5) C:\windows\system32\drivers\1394ohci.sys

23:19:10.0287 3168 1394ohci - ok

23:19:10.0333 3168 Acceler (edc50031d6ab9180b3b3bd1c547c7d0a) C:\windows\system32\drivers\accelern.sys

23:19:10.0380 3168 Acceler - ok

23:19:10.0427 3168 ACPI (cea80c80bed809aa0da6febc04733349) C:\windows\system32\drivers\ACPI.sys

23:19:10.0489 3168 ACPI - ok

23:19:10.0521 3168 AcpiPmi (1efbc664abff416d1d07db115dcb264f) C:\windows\system32\drivers\acpipmi.sys

23:19:10.0599 3168 AcpiPmi - ok

23:19:10.0645 3168 adp94xx (21e785ebd7dc90a06391141aac7892fb) C:\windows\system32\drivers\adp94xx.sys

23:19:10.0661 3168 adp94xx - ok

23:19:10.0708 3168 adpahci (0c676bc278d5b59ff5abd57bbe9123f2) C:\windows\system32\drivers\adpahci.sys

23:19:10.0723 3168 adpahci - ok

23:19:10.0739 3168 adpu320 (7c7b5ee4b7b822ec85321fe23a27db33) C:\windows\system32\drivers\adpu320.sys

23:19:10.0755 3168 adpu320 - ok

23:19:10.0786 3168 AeLookupSvc (8b5eefeec1e6d1a72a06c526628ad161) C:\windows\System32\aelupsvc.dll

23:19:10.0786 3168 AeLookupSvc - ok

23:19:10.0848 3168 AESTFilters (827dbc22c96eecf6d36a13162fabafd3) C:\Program Files\IDT\WDM\aestsrv.exe

23:19:10.0848 3168 AESTFilters - ok

23:19:10.0957 3168 AeXNSClient (9203ad68320587889ddddc0df6648c29) C:\Program Files\Altiris\Altiris Agent\AeXNSAgent.exe

23:19:10.0957 3168 AeXNSClient - ok

23:19:11.0098 3168 AFD (9ebbba55060f786f0fcaa3893bfa2806) C:\windows\system32\drivers\afd.sys

23:19:11.0098 3168 AFD - ok

23:19:11.0145 3168 agp440 (507812c3054c21cef746b6ee3d04dd6e) C:\windows\system32\drivers\agp440.sys

23:19:11.0145 3168 agp440 - ok

23:19:11.0191 3168 aic78xx (8b30250d573a8f6b4bd23195160d8707) C:\windows\system32\drivers\djsvs.sys

23:19:11.0191 3168 aic78xx - ok

23:19:11.0223 3168 ALG (18a54e132947cd98fea9accc57f98f13) C:\windows\System32\alg.exe

23:19:11.0223 3168 ALG - ok

23:19:11.0238 3168 aliide (0d40bcf52ea90fc7df2aeab6503dea44) C:\windows\system32\drivers\aliide.sys

23:19:11.0238 3168 aliide - ok

23:19:11.0254 3168 amdagp (3c6600a0696e90a463771c7422e23ab5) C:\windows\system32\drivers\amdagp.sys

23:19:11.0254 3168 amdagp - ok

23:19:11.0254 3168 amdide (cd5914170297126b6266860198d1d4f0) C:\windows\system32\drivers\amdide.sys

23:19:11.0269 3168 amdide - ok

23:19:11.0285 3168 AmdK8 (00dda200d71bac534bf56a9db5dfd666) C:\windows\system32\drivers\amdk8.sys

23:19:11.0285 3168 AmdK8 - ok

23:19:11.0316 3168 AmdPPM (3cbf30f5370fda40dd3e87df38ea53b6) C:\windows\system32\drivers\amdppm.sys

23:19:11.0316 3168 AmdPPM - ok

23:19:11.0332 3168 amdsata (d320bf87125326f996d4904fe24300fc) C:\windows\system32\drivers\amdsata.sys

23:19:11.0425 3168 amdsata - ok

23:19:11.0457 3168 amdsbs (ea43af0c423ff267355f74e7a53bdaba) C:\windows\system32\drivers\amdsbs.sys

23:19:11.0457 3168 amdsbs - ok

23:19:11.0488 3168 amdxata (46387fb17b086d16dea267d5be23a2f2) C:\windows\system32\drivers\amdxata.sys

23:19:11.0581 3168 amdxata - ok

23:19:11.0644 3168 ApfiltrService (9910a9c7d307a9e156d951248601c33e) C:\windows\system32\DRIVERS\Apfiltr.sys

23:19:11.0722 3168 ApfiltrService - ok

23:19:11.0769 3168 AppID (aea177f783e20150ace5383ee368da19) C:\windows\system32\drivers\appid.sys

23:19:11.0893 3168 AppID - ok

23:19:11.0925 3168 AppIDSvc (62a9c86cb6085e20db4823e4e97826f5) C:\windows\System32\appidsvc.dll

23:19:11.0940 3168 AppIDSvc - ok

23:19:11.0956 3168 Appinfo (fb1959012294d6ad43e5304df65e3c26) C:\windows\System32\appinfo.dll

23:19:11.0971 3168 Appinfo - ok

23:19:12.0003 3168 AppMgmt (a45d184df6a8803da13a0b329517a64a) C:\windows\System32\appmgmts.dll

23:19:12.0018 3168 AppMgmt - ok

23:19:12.0049 3168 arc (2932004f49677bd84dbc72edb754ffb3) C:\windows\system32\drivers\arc.sys

23:19:12.0049 3168 arc - ok

23:19:12.0065 3168 arcsas (5d6f36c46fd283ae1b57bd2e9feb0bc7) C:\windows\system32\drivers\arcsas.sys

23:19:12.0081 3168 arcsas - ok

23:19:12.0159 3168 aspnet_state (776acefa0ca9df0faa51a5fb2f435705) C:\windows\Microsoft.NET\Framework\v4.0.30319\aspnet_state.exe

23:19:12.0174 3168 aspnet_state - ok

23:19:12.0205 3168 AsyncMac (add2ade1c2b285ab8378d2daaf991481) C:\windows\system32\DRIVERS\asyncmac.sys

23:19:12.0221 3168 AsyncMac - ok

23:19:12.0252 3168 atapi (338c86357871c167a96ab976519bf59e) C:\windows\system32\drivers\atapi.sys

23:19:12.0252 3168 atapi - ok

23:19:12.0315 3168 AudioEndpointBuilder (ce3b4e731638d2ef62fcb419be0d39f0) C:\windows\System32\Audiosrv.dll

23:19:12.0377 3168 AudioEndpointBuilder - ok

23:19:12.0377 3168 Audiosrv (ce3b4e731638d2ef62fcb419be0d39f0) C:\windows\System32\Audiosrv.dll

23:19:12.0377 3168 Audiosrv - ok

23:19:12.0408 3168 AxInstSV (6e30d02aac9cac84f421622e3a2f6178) C:\windows\System32\AxInstSV.dll

23:19:12.0471 3168 AxInstSV - ok

23:19:12.0533 3168 b06bdrv (1a231abec60fd316ec54c66715543cec) C:\windows\system32\drivers\bxvbdx.sys

23:19:12.0533 3168 b06bdrv - ok

23:19:12.0564 3168 b57nd60x (68fb5af4534aa98b364ea585703d2456) C:\windows\system32\DRIVERS\b57nd60x.sys

23:19:12.0611 3168 b57nd60x - ok

23:19:12.0689 3168 BackWeb Plug-in - 9684826 (13ae937a489107fb24dd164f3224a330) C:\Program Files\Passport_Direct\9684826\Program\ServiceWrapper-9684826.exe

23:19:12.0689 3168 BackWeb Plug-in - 9684826 - ok

23:19:12.0736 3168 BDESVC (ee1e9c3bb8228ae423dd38db69128e71) C:\windows\System32\bdesvc.dll

23:19:12.0736 3168 BDESVC - ok

23:19:12.0767 3168 Beep (505506526a9d467307b3c393dedaf858) C:\windows\system32\drivers\Beep.sys

23:19:12.0767 3168 Beep - ok

23:19:12.0829 3168 BITS (e585445d5021971fae10393f0f1c3961) C:\windows\System32\qmgr.dll

23:19:12.0876 3168 BITS - ok

23:19:12.0892 3168 blbdrive (2287078ed48fcfc477b05b20cf38f36f) C:\windows\system32\drivers\blbdrive.sys

23:19:12.0892 3168 blbdrive - ok

23:19:12.0907 3168 bowser (8f2da3028d5fcbd1a060a3de64cd6506) C:\windows\system32\DRIVERS\bowser.sys

23:19:12.0907 3168 bowser - ok

23:19:12.0923 3168 BrFiltLo (9f9acc7f7ccde8a15c282d3f88b43309) C:\windows\system32\drivers\BrFiltLo.sys

23:19:12.0939 3168 BrFiltLo - ok

23:19:12.0939 3168 BrFiltUp (56801ad62213a41f6497f96dee83755a) C:\windows\system32\drivers\BrFiltUp.sys

23:19:12.0939 3168 BrFiltUp - ok

23:19:12.0970 3168 BridgeMP (77361d72a04f18809d0efb6cceb74d4b) C:\windows\system32\DRIVERS\bridge.sys

23:19:12.0985 3168 BridgeMP - ok

23:19:13.0017 3168 Browser (6e11f33d14d020f58d5e02e4d67dfa19) C:\windows\System32\browser.dll

23:19:13.0079 3168 Browser - ok

23:19:13.0110 3168 Brserid (845b8ce732e67f3b4133164868c666ea) C:\windows\System32\Drivers\Brserid.sys

23:19:13.0126 3168 Brserid - ok

23:19:13.0157 3168 BrSerWdm (203f0b1e73adadbbb7b7b1fabd901f6b) C:\windows\System32\Drivers\BrSerWdm.sys

23:19:13.0157 3168 BrSerWdm - ok

23:19:13.0173 3168 BrUsbMdm (bd456606156ba17e60a04e18016ae54b) C:\windows\System32\Drivers\BrUsbMdm.sys

23:19:13.0173 3168 BrUsbMdm - ok

23:19:13.0173 3168 BrUsbSer (af72ed54503f717a43268b3cc5faec2e) C:\windows\System32\Drivers\BrUsbSer.sys

23:19:13.0188 3168 BrUsbSer - ok

23:19:13.0219 3168 BthEnum (2865a5c8e98c70c605f417908cebb3a4) C:\windows\system32\DRIVERS\BthEnum.sys

23:19:13.0219 3168 BthEnum - ok

23:19:13.0235 3168 BTHMODEM (ed3df7c56ce0084eb2034432fc56565a) C:\windows\system32\drivers\bthmodem.sys

23:19:13.0251 3168 BTHMODEM - ok

23:19:13.0266 3168 BthPan (ad1872e5829e8a2c3b5b4b641c3eab0e) C:\windows\system32\DRIVERS\bthpan.sys

23:19:13.0266 3168 BthPan - ok

23:19:13.0297 3168 BTHPORT (c2fbf6d271d9a94d839c416bf186ead9) C:\windows\system32\Drivers\BTHport.sys

23:19:13.0375 3168 BTHPORT - ok

23:19:13.0516 3168 bthserv (1df19c96eef6c29d1c3e1a8678e07190) C:\windows\system32\bthserv.dll

23:19:13.0531 3168 bthserv - ok

23:19:13.0563 3168 BTHUSB (c81e9413a25a439f436b1d4b6a0cf9e9) C:\windows\system32\Drivers\BTHUSB.sys

23:19:13.0687 3168 BTHUSB - ok

23:19:13.0812 3168 BTWAMPFL (2a0de6423d6be95c96124fc66046176e) C:\windows\system32\DRIVERS\btwampfl.sys

23:19:13.0906 3168 BTWAMPFL - ok

23:19:13.0999 3168 btwaudio (cc0a5e69d19b5c1ecc6cf9bf3acc3969) C:\windows\system32\drivers\btwaudio.sys

23:19:14.0109 3168 btwaudio - ok

23:19:14.0296 3168 btwavdt (9abea4dc976e3f47da2d4b169719cbaa) C:\windows\system32\drivers\btwavdt.sys

23:19:14.0436 3168 btwavdt - ok

23:19:14.0545 3168 btwdins (2a6008a9511330b7864b30a8b455ad0a) C:\Program Files\WIDCOMM\Bluetooth Software\btwdins.exe

23:19:14.0545 3168 btwdins - ok

23:19:14.0561 3168 btwl2cap (c2c9aeb3f9525cba2670d1f2beb32a0a) C:\windows\system32\DRIVERS\btwl2cap.sys

23:19:14.0670 3168 btwl2cap - ok

23:19:14.0686 3168 btwrchid (1e5468447e4d18fbea5f01267d6495a5) C:\windows\system32\drivers\btwrchid.sys

23:19:14.0826 3168 btwrchid - ok

23:19:14.0857 3168 cdfs (77ea11b065e0a8ab902d78145ca51e10) C:\windows\system32\DRIVERS\cdfs.sys

23:19:14.0873 3168 cdfs - ok

23:19:14.0904 3168 cdrom (be167ed0fdb9c1fa1133953c18d5a6c9) C:\windows\system32\drivers\cdrom.sys

23:19:14.0967 3168 cdrom - ok

23:19:15.0013 3168 CertPropSvc (319c6b309773d063541d01df8ac6f55f) C:\windows\System32\certprop.dll

23:19:15.0076 3168 CertPropSvc - ok

23:19:15.0201 3168 circlass (3fe3fe94a34df6fb06e6418d0f6a0060) C:\windows\system32\drivers\circlass.sys

23:19:15.0216 3168 circlass - ok

23:19:15.0341 3168 CLFS (635181e0e9bbf16871bf5380d71db02d) C:\windows\system32\CLFS.sys

23:19:15.0357 3168 CLFS - ok

23:19:15.0544 3168 clr_optimization_v2.0.50727_32 (d88040f816fda31c3b466f0fa0918f29) C:\windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe

23:19:15.0544 3168 clr_optimization_v2.0.50727_32 - ok

23:19:15.0591 3168 clr_optimization_v4.0.30319_32 (c5a75eb48e2344abdc162bda79e16841) C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe

23:19:15.0606 3168 clr_optimization_v4.0.30319_32 - ok

23:19:15.0622 3168 CmBatt (dea805815e587dad1dd2c502220b5616) C:\windows\system32\drivers\CmBatt.sys

23:19:15.0622 3168 CmBatt - ok

23:19:15.0637 3168 cmdide (c537b1db64d495b9b4717b4d6d9edbf2) C:\windows\system32\drivers\cmdide.sys

23:19:15.0637 3168 cmdide - ok

23:19:15.0684 3168 CNG (6427525d76f61d0c519b008d3680e8e7) C:\windows\system32\Drivers\cng.sys

23:19:15.0778 3168 CNG - ok

23:19:15.0809 3168 Compbatt (a6023d3823c37043986713f118a89bee) C:\windows\system32\drivers\compbatt.sys

23:19:15.0809 3168 Compbatt - ok

23:19:15.0840 3168 CompositeBus (cbe8c58a8579cfe5fccf809e6f114e89) C:\windows\system32\drivers\CompositeBus.sys

23:19:15.0887 3168 CompositeBus - ok

23:19:15.0887 3168 COMSysApp - ok

23:19:15.0903 3168 crcdisk (2c4ebcfc84a9b44f209dff6c6e6c61d1) C:\windows\system32\drivers\crcdisk.sys

23:19:15.0918 3168 crcdisk - ok

23:19:15.0965 3168 CryptSvc (a585bebf7d054bd9618eda0922d5484a) C:\windows\system32\cryptsvc.dll

23:19:16.0043 3168 CryptSvc - ok

23:19:16.0090 3168 CSC (3c2177a897b4ca2788c6fb0c3fd81d4b) C:\windows\system32\drivers\csc.sys

23:19:16.0168 3168 CSC - ok

23:19:16.0199 3168 CscService (15f93b37f6801943360d9eb42485d5d3) C:\windows\System32\cscsvc.dll

23:19:16.0199 3168 CscService - ok

23:19:16.0308 3168 CtAudDrv (0f538df1673e5216f3baacb6911d9d0f) C:\windows\system32\Drivers\CtAudDrv.sys

23:19:16.0386 3168 CtAudDrv - ok

23:19:16.0823 3168 CtClsFlt (aa52c0b88c46d5037809d05dd826c61e) C:\windows\system32\DRIVERS\CtClsFlt.sys

23:19:16.0963 3168 CtClsFlt - ok

23:19:17.0057 3168 DcomLaunch (7660f01d3b38aca1747e397d21d790af) C:\windows\system32\rpcss.dll

23:19:17.0057 3168 DcomLaunch - ok

23:19:17.0151 3168 dcpsysmgrsvc (658894a9500b789512e7f16c6f3a707d) C:\Program Files\Dell\Dell System Manager\DCPSysMgrSvc.exe

23:19:17.0213 3168 dcpsysmgrsvc - ok

23:19:17.0260 3168 defragsvc (8d6e10a2d9a5eed59562d9b82cf804e1) C:\windows\System32\defragsvc.dll

23:19:17.0275 3168 defragsvc - ok

23:19:17.0322 3168 DfsC (f024449c97ec1e464aaffda18593db88) C:\windows\system32\Drivers\dfsc.sys

23:19:17.0353 3168 DfsC - ok

23:19:17.0400 3168 Dhcp (e9e01eb683c132f7fa27cd607b8a2b63) C:\windows\system32\dhcpcore.dll

23:19:17.0463 3168 Dhcp - ok

23:19:17.0463 3168 discache (1a050b0274bfb3890703d490f330c0da) C:\windows\system32\drivers\discache.sys

23:19:17.0463 3168 discache - ok

23:19:17.0541 3168 Disk (565003f326f99802e68ca78f2a68e9ff) C:\windows\system32\drivers\disk.sys

23:19:17.0541 3168 Disk - ok

23:19:17.0556 3168 dmvsc (2a958ef85db1b61ffca65044fa4bce9e) C:\windows\system32\drivers\dmvsc.sys

23:19:17.0603 3168 dmvsc - ok

23:19:17.0634 3168 Dnscache (33ef4861f19a0736b11314aad9ae28d0) C:\windows\System32\dnsrslvr.dll

23:19:17.0681 3168 Dnscache - ok

23:19:17.0712 3168 dot3svc (366ba8fb4b7bb7435e3b9eacb3843f67) C:\windows\System32\dot3svc.dll

23:19:17.0743 3168 dot3svc - ok

23:19:17.0759 3168 DPS (8ec04ca86f1d68da9e11952eb85973d6) C:\windows\system32\dps.dll

23:19:17.0806 3168 DPS - ok

23:19:17.0915 3168 drmkaud (b918e7c5f9bf77202f89e1a9539f2eb4) C:\windows\system32\drivers\drmkaud.sys

23:19:17.0931 3168 drmkaud - ok

23:19:17.0962 3168 dsNcAdpt (b2c3f71b86e25c3df78339ddb40a7562) C:\windows\system32\DRIVERS\dsNcAdpt.sys

23:19:17.0993 3168 dsNcAdpt - ok

23:19:18.0102 3168 dsNcService (2aa446f9786e5cd57fbc469e9000d159) C:\Program Files\Juniper Networks\Common Files\dsNcService.exe

23:19:18.0102 3168 dsNcService - ok

23:19:18.0149 3168 DwMirror (383182215a2c238e76b86e3b5ede40eb) C:\windows\system32\DRIVERS\DamewareMini.sys

23:19:18.0243 3168 DwMirror - ok

23:19:18.0258 3168 DWMRCS - ok

23:19:18.0289 3168 dwvkbd (5a402c57f621114c99f813c6ae7bc37a) C:\windows\system32\DRIVERS\dwvkbd.sys

23:19:18.0383 3168 dwvkbd - ok

23:19:18.0445 3168 DXGKrnl (23f5d28378a160352ba8f817bd8c71cb) C:\windows\System32\drivers\dxgkrnl.sys

23:19:18.0508 3168 DXGKrnl - ok

23:19:18.0570 3168 e1express (cf0a6015f437161698c5b2a0a12cf052) C:\windows\system32\DRIVERS\e1e6032.sys

23:19:18.0570 3168 e1express - ok

23:19:18.0601 3168 EapHost (8600142fa91c1b96367d3300ad0f3f3a) C:\windows\System32\eapsvc.dll

23:19:18.0601 3168 EapHost - ok

23:19:18.0820 3168 ebdrv (024e1b5cac09731e4d868e64dbfb4ab0) C:\windows\system32\drivers\evbdx.sys

23:19:18.0882 3168 ebdrv - ok

23:19:18.0976 3168 EFS (81951f51e318aecc2d68559e47485cc4) C:\windows\System32\lsass.exe

23:19:18.0976 3168 EFS - ok

23:19:19.0054 3168 ehRecvr (a8c362018efc87beb013ee28f29c0863) C:\windows\ehome\ehRecvr.exe

23:19:19.0054 3168 ehRecvr - ok

23:19:19.0069 3168 ehSched (d389bff34f80caede417bf9d1507996a) C:\windows\ehome\ehsched.exe

23:19:19.0069 3168 ehSched - ok

23:19:19.0116 3168 elxstor (0ed67910c8c326796faa00b2bf6d9d3c) C:\windows\system32\drivers\elxstor.sys

23:19:19.0132 3168 elxstor - ok

23:19:19.0303 3168 enterceptAgent (fda98c746eb7f39e598d11601b3f4180) C:\Program Files\McAfee\Host Intrusion Prevention\FireSvc.exe

23:19:19.0397 3168 enterceptAgent - ok

23:19:19.0506 3168 ErrDev (8fc3208352dd3912c94367a206ab3f11) C:\windows\system32\drivers\errdev.sys

23:19:19.0506 3168 ErrDev - ok

23:19:19.0584 3168 EventSystem (f6916efc29d9953d5d0df06882ae8e16) C:\windows\system32\es.dll

23:19:19.0584 3168 EventSystem - ok

23:19:19.0709 3168 EvtEng (816025e303a1dae89e39d3d77ccba2fb) C:\Program Files\Intel\WiFi\bin\EvtEng.exe

23:19:19.0709 3168 EvtEng - ok

23:19:19.0725 3168 exfat (2dc9108d74081149cc8b651d3a26207f) C:\windows\system32\drivers\exfat.sys

23:19:19.0740 3168 exfat - ok

23:19:19.0756 3168 fastfat (7e0ab74553476622fb6ae36f73d97d35) C:\windows\system32\drivers\fastfat.sys

23:19:19.0756 3168 fastfat - ok

23:19:19.0803 3168 Fax (967ea5b213e9984cbe270205df37755b) C:\windows\system32\fxssvc.exe

23:19:19.0818 3168 Fax - ok

23:19:19.0834 3168 fdc (e817a017f82df2a1f8cfdbda29388b29) C:\windows\system32\drivers\fdc.sys

23:19:19.0834 3168 fdc - ok

23:19:19.0849 3168 fdPHost (f3222c893bd2f5821a0179e5c71e88fb) C:\windows\system32\fdPHost.dll

23:19:19.0849 3168 fdPHost - ok

23:19:19.0865 3168 FDResPub (7dbe8cbfe79efbdeb98c9fb08d3a9a5b) C:\windows\system32\fdrespub.dll

23:19:19.0881 3168 FDResPub - ok

23:19:19.0881 3168 FileInfo (6cf00369c97f3cf563be99be983d13d8) C:\windows\system32\drivers\fileinfo.sys

23:19:19.0881 3168 FileInfo - ok

23:19:19.0896 3168 Filetrace (42c51dc94c91da21cb9196eb64c45db9) C:\windows\system32\drivers\filetrace.sys

23:19:19.0896 3168 Filetrace - ok

23:19:19.0927 3168 Firehk (f96d1c2c40902604329933374950babb) C:\windows\system32\DRIVERS\firehk.sys

23:19:19.0974 3168 Firehk - ok

23:19:19.0974 3168 FirehkMP (f96d1c2c40902604329933374950babb) C:\windows\system32\DRIVERS\firehk.sys

23:19:19.0974 3168 FirehkMP - ok

23:19:20.0005 3168 firelm01 (84f876f3627cba714876543d5d4ee6d8) C:\windows\system32\drivers\firelm01.sys

23:19:20.0068 3168 firelm01 - ok

23:19:20.0115 3168 FirePM (4f4a04f99dbe19beb26c206f259d78e8) C:\windows\system32\Drivers\FirePM.sys

23:19:20.0161 3168 FirePM - ok

23:19:20.0193 3168 FireTDI (0286c4a880c825879dc7e3a1c0237be9) C:\windows\system32\Drivers\FireTDI.sys

23:19:20.0255 3168 FireTDI - ok

23:19:20.0349 3168 flpydisk (87907aa70cb3c56600f1c2fb8841579b) C:\windows\system32\drivers\flpydisk.sys

23:19:20.0364 3168 flpydisk - ok

23:19:20.0411 3168 FltMgr (7520ec808e0c35e0ee6f841294316653) C:\windows\system32\drivers\fltmgr.sys

23:19:20.0411 3168 FltMgr - ok

23:19:20.0583 3168 FontCache (fa6c66e4364d7da57aade5dcc03bb999) C:\windows\system32\FntCache.dll

23:19:20.0598 3168 FontCache - ok

23:19:20.0848 3168 FontCache3.0.0.0 (e56f39f6b7fda0ac77a79b0fd3de1a2f) C:\windows\Microsoft.Net\Framework\v3.0\WPF\PresentationFontCache.exe

23:19:20.0848 3168 FontCache3.0.0.0 - ok

23:19:20.0848 3168 FsDepends (1a16b57943853e598cff37fe2b8cbf1d) C:\windows\system32\drivers\FsDepends.sys

23:19:20.0863 3168 FsDepends - ok

23:19:20.0879 3168 Fs_Rec (7dae5ebcc80e45d3253f4923dc424d05) C:\windows\system32\drivers\Fs_Rec.sys

23:19:20.0926 3168 Fs_Rec - ok

23:19:20.0957 3168 fvevol (8a73e79089b282100b9393b644cb853b) C:\windows\system32\DRIVERS\fvevol.sys

23:19:21.0082 3168 fvevol - ok

23:19:21.0129 3168 gagp30kx (65ee0c7a58b65e74ae05637418153938) C:\windows\system32\drivers\gagp30kx.sys

23:19:21.0129 3168 gagp30kx - ok

23:19:21.0191 3168 gpsvc (e897eaf5ed6ba41e081060c9b447a673) C:\windows\System32\gpsvc.dll

23:19:21.0253 3168 gpsvc - ok

23:19:21.0269 3168 hcw85cir (c44e3c2bab6837db337ddee7544736db) C:\windows\system32\drivers\hcw85cir.sys

23:19:21.0269 3168 hcw85cir - ok

23:19:21.0316 3168 HdAudAddService (a5ef29d5315111c80a5c1abad14c8972) C:\windows\system32\drivers\HdAudio.sys

23:19:21.0378 3168 HdAudAddService - ok

23:19:21.0409 3168 HDAudBus (9036377b8a6c15dc2eec53e489d159b5) C:\windows\system32\drivers\HDAudBus.sys

23:19:21.0441 3168 HDAudBus - ok

23:19:21.0456 3168 HidBatt (1d58a7f3e11a9731d0eaaaa8405acc36) C:\windows\system32\drivers\HidBatt.sys

23:19:21.0456 3168 HidBatt - ok

23:19:21.0472 3168 HidBth (89448f40e6df260c206a193a4683ba78) C:\windows\system32\drivers\hidbth.sys

23:19:21.0487 3168 HidBth - ok

23:19:21.0503 3168 HidIr (cf50b4cf4a4f229b9f3c08351f99ca5e) C:\windows\system32\drivers\hidir.sys

23:19:21.0503 3168 HidIr - ok

23:19:21.0565 3168 hidserv (2bc6f6a1992b3a77f5f41432ca6b3b6b) C:\windows\System32\hidserv.dll

23:19:21.0565 3168 hidserv - ok

23:19:21.0706 3168 HidUsb (10c19f8290891af023eaec0832e1eb4d) C:\windows\system32\DRIVERS\hidusb.sys

23:19:21.0799 3168 HidUsb - ok

23:19:21.0831 3168 HIPK (41f8ce2b5c587bd1dd3d37e3e74cbb9e) C:\windows\system32\drivers\HIPK.sys

23:19:21.0877 3168 HIPK - ok

23:19:21.0893 3168 HIPPSK (dadf5ea4b87d4568b32e80b97d62cdb4) C:\windows\system32\drivers\HIPPSK.sys

23:19:21.0955 3168 HIPPSK - ok

23:19:21.0971 3168 HIPQK (f5d2fea39275ee8316456249d541e486) C:\windows\system32\drivers\HIPQK.sys

23:19:22.0049 3168 HIPQK - ok

23:19:22.0143 3168 hips (b814bf8a72233065b8633864465922e0) C:\Program Files\McAfee\Host Intrusion Prevention\HIPSCore\HIPSvc.exe

23:19:22.0189 3168 hips - ok

23:19:22.0221 3168 hkmsvc (196b4e3f4cccc24af836ce58facbb699) C:\windows\system32\kmsvc.dll

23:19:22.0283 3168 hkmsvc - ok

23:19:22.0314 3168 HomeGroupListener (6658f4404de03d75fe3ba09f7aba6a30) C:\windows\system32\ListSvc.dll

23:19:22.0345 3168 HomeGroupListener - ok

23:19:22.0392 3168 HomeGroupProvider (dbc02d918fff1cad628acbe0c0eaa8e8) C:\windows\system32\provsvc.dll

23:19:22.0392 3168 HomeGroupProvider - ok

23:19:22.0423 3168 HpSAMD (295fdc419039090eb8b49ffdbb374549) C:\windows\system32\drivers\HpSAMD.sys

23:19:22.0423 3168 HpSAMD - ok

23:19:22.0486 3168 HsfXAudioService (210388fd8225b02bd83d77628aae64a9) C:\windows\system32\XAudio32.dll

23:19:22.0548 3168 HsfXAudioService - ok

23:19:22.0626 3168 HSF_DPV (227c3ba25012752bb7450235392c719f) C:\windows\system32\DRIVERS\HSX_DPV.sys

23:19:22.0735 3168 HSF_DPV - ok

23:19:22.0782 3168 HSXHWAZL (4df5c76302dc2f8f3465966c8426a292) C:\windows\system32\DRIVERS\HSXHWAZL.sys

23:19:22.0938 3168 HSXHWAZL - ok

23:19:22.0985 3168 HTTP (871917b07a141bff43d76d8844d48106) C:\windows\system32\drivers\HTTP.sys

23:19:23.0032 3168 HTTP - ok

23:19:23.0047 3168 hwpolicy (0c4e035c7f105f1299258c90886c64c5) C:\windows\system32\drivers\hwpolicy.sys

23:19:23.0094 3168 hwpolicy - ok

23:19:23.0157 3168 i8042prt (f151f0bdc47f4a28b1b20a0818ea36d6) C:\windows\system32\DRIVERS\i8042prt.sys

23:19:23.0157 3168 i8042prt - ok

23:19:23.0219 3168 iaStor (f4037a3fedb92dd97c95f320766ea5c9) C:\windows\system32\drivers\iaStor.sys

23:19:23.0219 3168 iaStor - ok

23:19:23.0484 3168 iaStorV (5cd5f9a5444e6cdcb0ac89bd62d8b76e) C:\windows\system32\drivers\iaStorV.sys

23:19:23.0640 3168 iaStorV - ok

23:19:23.0749 3168 idsvc (c521d7eb6497bb1af6afa89e322fb43c) C:\windows\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe

23:19:23.0827 3168 idsvc - ok

23:19:24.0280 3168 igfx (721a8d48b2dc8c1c58c61cb948491ea8) C:\windows\system32\DRIVERS\igdkmd32.sys

23:19:24.0576 3168 igfx - ok

23:19:24.0654 3168 IgniteService (2666c59704f8d5a5025b5e59f3be0243) C:\Program Files\IgniteCDS\IgniteService.exe

23:19:24.0717 3168 IgniteService - ok

23:19:24.0826 3168 iirsp (4173ff5708f3236cf25195fecd742915) C:\windows\system32\drivers\iirsp.sys

23:19:24.0841 3168 iirsp - ok

23:19:24.0904 3168 IKEEXT (f95622f161474511b8d80d6b093aa610) C:\windows\System32\ikeext.dll

23:19:24.0966 3168 IKEEXT - ok

23:19:24.0997 3168 Impcd (e3c36ac5ae87ec970ae8ea2a93d59ae1) C:\windows\system32\drivers\Impcd.sys

23:19:25.0107 3168 Impcd - ok

23:19:25.0153 3168 IntcDAud (5576ad2f0039d2bccca3567fc0bf981c) C:\windows\system32\DRIVERS\IntcDAud.sys

23:19:25.0278 3168 IntcDAud - ok

23:19:25.0309 3168 intelide (a0f12f2c9ba6c72f3987ce780e77c130) C:\windows\system32\drivers\intelide.sys

23:19:25.0309 3168 intelide - ok

23:19:25.0341 3168 intelppm (3b514d27bfc4accb4037bc6685f766e0) C:\windows\system32\drivers\intelppm.sys

23:19:25.0341 3168 intelppm - ok

23:19:25.0372 3168 IPBusEnum (acb364b9075a45c0736e5c47be5cae19) C:\windows\system32\ipbusenum.dll

23:19:25.0387 3168 IPBusEnum - ok

23:19:25.0419 3168 IpFilterDriver (709d1761d3b19a932ff0238ea6d50200) C:\windows\system32\DRIVERS\ipfltdrv.sys

23:19:25.0419 3168 IpFilterDriver - ok

23:19:25.0481 3168 iphlpsvc (4d65a07b795d6674312f879d09aa7663) C:\windows\System32\iphlpsvc.dll

23:19:25.0481 3168 iphlpsvc - ok

23:19:25.0497 3168 IPMIDRV (4bd7134618c1d2a27466a099062547bf) C:\windows\system32\drivers\IPMIDrv.sys

23:19:25.0559 3168 IPMIDRV - ok

23:19:25.0575 3168 IPNAT (a5fa468d67abcdaa36264e463a7bb0cd) C:\windows\system32\drivers\ipnat.sys

23:19:25.0575 3168 IPNAT - ok

23:19:25.0590 3168 IRENUM (42996cff20a3084a56017b7902307e9f) C:\windows\system32\drivers\irenum.sys

23:19:25.0590 3168 IRENUM - ok

23:19:25.0590 3168 isapnp (1f32bb6b38f62f7df1a7ab7292638a35) C:\windows\system32\drivers\isapnp.sys

23:19:25.0606 3168 isapnp - ok

23:19:25.0621 3168 iScsiPrt (cb7a9abb12b8415bce5d74994c7ba3ae) C:\windows\system32\drivers\msiscsi.sys

23:19:25.0684 3168 iScsiPrt - ok

23:19:25.0746 3168 JuniperAccessService (c5318614d33fe697e8ade7c030ca6f6f) C:\Program Files\Common Files\Juniper Networks\JUNS\dsAccessService.exe

23:19:25.0746 3168 JuniperAccessService - ok

23:19:25.0777 3168 kbdclass (adef52ca1aeae82b50df86b56413107e) C:\windows\system32\DRIVERS\kbdclass.sys

23:19:25.0777 3168 kbdclass - ok

23:19:25.0793 3168 kbdhid (9e3ced91863e6ee98c24794d05e27a71) C:\windows\system32\DRIVERS\kbdhid.sys

23:19:25.0887 3168 kbdhid - ok

23:19:25.0918 3168 KeyIso (81951f51e318aecc2d68559e47485cc4) C:\windows\system32\lsass.exe

23:19:25.0918 3168 KeyIso - ok

23:19:25.0949 3168 KSecDD (f4647bb23db9038a7536cf6b68f4207f) C:\windows\system32\Drivers\ksecdd.sys

23:19:25.0949 3168 KSecDD - ok

23:19:25.0965 3168 KSecPkg (e73cae53bbb72ba26918492c6b4c229d) C:\windows\system32\Drivers\ksecpkg.sys

23:19:26.0074 3168 KSecPkg - ok

23:19:26.0136 3168 KtmRm (89a7b9cc98d0d80c6f31b91c0a310fcd) C:\windows\system32\msdtckrm.dll

23:19:26.0136 3168 KtmRm - ok

23:19:26.0245 3168 LanmanServer (d64af876d53eca3668bb97b51b4e70ab) C:\windows\System32\srvsvc.dll

23:19:26.0308 3168 LanmanServer - ok

23:19:26.0339 3168 LanmanWorkstation (58405e4f68ba8e4057c6e914f326aba2) C:\windows\System32\wkssvc.dll

23:19:26.0370 3168 LanmanWorkstation - ok

23:19:26.0401 3168 lltdio (f7611ec07349979da9b0ae1f18ccc7a6) C:\windows\system32\DRIVERS\lltdio.sys

23:19:26.0401 3168 lltdio - ok

23:19:26.0433 3168 lltdsvc (5700673e13a2117fa3b9020c852c01e2) C:\windows\System32\lltdsvc.dll

23:19:26.0448 3168 lltdsvc - ok

23:19:26.0464 3168 lmhosts (55ca01ba19d0006c8f2639b6c045e08b) C:\windows\System32\lmhsvc.dll

23:19:26.0464 3168 lmhosts - ok

23:19:26.0557 3168 LMS (103be142566d66f8ae52c89fe9e92d2b) C:\Program Files\Intel\Intel® Management Engine Components\LMS\LMS.exe

23:19:26.0557 3168 LMS - ok

23:19:26.0729 3168 Lotus Notes Diagnostics (1bfdcc17fd8b06f92b048c615c17bf9f) C:\Program Files\Lotus\Notes\nsd.exe

23:19:26.0776 3168 Lotus Notes Diagnostics - ok

23:19:26.0838 3168 Lotus Notes Single Logon (71f607abe2355fabea9fb13e057ac050) C:\Program Files\Lotus\Notes\nslsvice.exe

23:19:26.0838 3168 Lotus Notes Single Logon - ok

23:19:26.0947 3168 LSI_FC (eb119a53ccf2acc000ac71b065b78fef) C:\windows\system32\drivers\lsi_fc.sys

23:19:26.0947 3168 LSI_FC - ok

23:19:26.0979 3168 LSI_SAS (8ade1c877256a22e49b75d1cc9161f9c) C:\windows\system32\drivers\lsi_sas.sys

23:19:26.0979 3168 LSI_SAS - ok

23:19:26.0994 3168 LSI_SAS2 (dc9dc3d3daa0e276fd2ec262e38b11e9) C:\windows\system32\drivers\lsi_sas2.sys

23:19:26.0994 3168 LSI_SAS2 - ok

23:19:27.0010 3168 LSI_SCSI (0a036c7d7cab643a7f07135ac47e0524) C:\windows\system32\drivers\lsi_scsi.sys

23:19:27.0010 3168 LSI_SCSI - ok

23:19:27.0088 3168 luafv (6703e366cc18d3b6e534f5cf7df39cee) C:\windows\system32\drivers\luafv.sys

23:19:27.0103 3168 luafv - ok

23:19:27.0244 3168 McAfeeFramework (062d80f13d762f7bc2f38430d60f5048) C:\Program Files\McAfee\Common Framework\FrameworkService.exe

23:19:27.0244 3168 McAfeeFramework - ok

23:19:27.0337 3168 McShield (c7a9f5343373f389de64c625c5f93d96) C:\Program Files\Common Files\McAfee\SystemCore\\mcshield.exe

23:19:27.0337 3168 McShield - ok

23:19:27.0384 3168 McTaskManager (b15bb3aef59158b4e1dda5328c842713) C:\Program Files\McAfee\VirusScan Enterprise\vstskmgr.exe

23:19:27.0384 3168 McTaskManager - ok

23:19:27.0415 3168 Mcx2Svc (bfb9ee8ee977efe85d1a3105abef6dd1) C:\windows\system32\Mcx2Svc.dll

23:19:27.0431 3168 Mcx2Svc - ok

23:19:27.0462 3168 mdmxsdk (0cea2d0d3fa284b85ed5b68365114f76) C:\windows\system32\DRIVERS\mdmxsdk.sys

23:19:27.0478 3168 mdmxsdk - ok

23:19:27.0493 3168 megasas (0fff5b045293002ab38eb1fd1fc2fb74) C:\windows\system32\drivers\megasas.sys

23:19:27.0493 3168 megasas - ok

23:19:27.0540 3168 MegaSR (dcbab2920c75f390caf1d29f675d03d6) C:\windows\system32\drivers\MegaSR.sys

23:19:27.0556 3168 MegaSR - ok

23:19:27.0571 3168 MEI (34a6e8babff9a3f5342976b9ea0e4899) C:\windows\system32\drivers\HECI.sys

23:19:27.0665 3168 MEI - ok

23:19:27.0712 3168 mfeapfk (fca77f9c5d9f19992ae02538181236a6) C:\windows\system32\drivers\mfeapfk.sys

23:19:27.0727 3168 mfeapfk - ok

23:19:27.0759 3168 mfeavfk (ed6c0825f98bcfa05ee10db9d9ca8391) C:\windows\system32\drivers\mfeavfk.sys

23:19:27.0821 3168 mfeavfk - ok

23:19:27.0868 3168 mfeavfk01 - ok

23:19:27.0868 3168 mfebopk (4957d3b3f35f583a2b11eacb651bff9f) C:\windows\system32\drivers\mfebopk.sys

23:19:27.0930 3168 mfebopk - ok

23:19:28.0024 3168 mfehidk (a8ee8d930600f1fd25583f8aefc9ca73) C:\windows\system32\drivers\mfehidk.sys

23:19:28.0117 3168 mfehidk - ok

23:19:28.0117 3168 mferkdet (fa3b7b57562e58c39564abac538aaecf) C:\windows\system32\drivers\mferkdet.sys

23:19:28.0195 3168 mferkdet - ok

23:19:28.0242 3168 mfetdik (61fc4dbe4a3e95973509da6b920e83aa) C:\windows\system32\drivers\mfetdik.sys

23:19:28.0305 3168 mfetdik - ok

23:19:28.0336 3168 mfevtp (c0e297727a6f804a2ae26d6a441baa0d) C:\windows\system32\mfevtps.exe

23:19:28.0398 3168 mfevtp - ok

23:19:28.0429 3168 mfewfpk (43dc870e4e207d55facd003fbc1d42d9) C:\windows\system32\drivers\mfewfpk.sys

23:19:28.0492 3168 mfewfpk - ok

23:19:28.0585 3168 Microsoft SharePoint Workspace Audit Service - ok

23:19:28.0632 3168 MMCSS (146b6f43a673379a3c670e86d89be5ea) C:\windows\system32\mmcss.dll

23:19:28.0632 3168 MMCSS - ok

23:19:28.0648 3168 Modem (f001861e5700ee84e2d4e52c712f4964) C:\windows\system32\drivers\modem.sys

23:19:28.0648 3168 Modem - ok

23:19:28.0663 3168 monitor (79d10964de86b292320e9dfe02282a23) C:\windows\system32\DRIVERS\monitor.sys

23:19:28.0663 3168 monitor - ok

23:19:28.0695 3168 mouclass (fb18cc1d4c2e716b6b903b0ac0cc0609) C:\windows\system32\DRIVERS\mouclass.sys

23:19:28.0695 3168 mouclass - ok

23:19:28.0726 3168 mouhid (2c388d2cd01c9042596cf3c8f3c7b24d) C:\windows\system32\DRIVERS\mouhid.sys

23:19:28.0726 3168 mouhid - ok

23:19:28.0726 3168 mountmgr (fc8771f45ecccfd89684e38842539b9b) C:\windows\system32\drivers\mountmgr.sys

23:19:28.0788 3168 mountmgr - ok

23:19:29.0038 3168 mpio (2d699fb6e89ce0d8da14ecc03b3edfe0) C:\windows\system32\drivers\mpio.sys

23:19:29.0163 3168 mpio - ok

23:19:29.0209 3168 mpsdrv (ad2723a7b53dd1aacae6ad8c0bfbf4d0) C:\windows\system32\drivers\mpsdrv.sys

23:19:29.0209 3168 mpsdrv - ok

23:19:29.0241 3168 MRxDAV (ceb46ab7c01c9f825f8cc6babc18166a) C:\windows\system32\drivers\mrxdav.sys

23:19:29.0334 3168 MRxDAV - ok

23:19:29.0365 3168 mrxsmb (5d16c921e3671636c0eba3bbaac5fd25) C:\windows\system32\DRIVERS\mrxsmb.sys

23:19:29.0365 3168 mrxsmb - ok

23:19:29.0381 3168 mrxsmb10 (6d17a4791aca19328c685d256349fefc) C:\windows\system32\DRIVERS\mrxsmb10.sys

23:19:29.0381 3168 mrxsmb10 - ok

23:19:29.0397 3168 mrxsmb20 (b81f204d146000be76651a50670a5e9e) C:\windows\system32\DRIVERS\mrxsmb20.sys

23:19:29.0397 3168 mrxsmb20 - ok

23:19:29.0412 3168 msahci (012c5f4e9349e711e11e0f19a8589f0a) C:\windows\system32\drivers\msahci.sys

23:19:29.0521 3168 msahci - ok

23:19:29.0568 3168 msdsm (55055f8ad8be27a64c831322a780a228) C:\windows\system32\drivers\msdsm.sys

23:19:29.0693 3168 msdsm - ok

23:19:29.0740 3168 MSDTC (e1bce74a3bd9902b72599c0192a07e27) C:\windows\System32\msdtc.exe

23:19:29.0740 3168 MSDTC - ok

23:19:29.0818 3168 Msfs (daefb28e3af5a76abcc2c3078c07327f) C:\windows\system32\drivers\Msfs.sys

23:19:29.0818 3168 Msfs - ok

23:19:29.0865 3168 mshidkmdf (3e1e5767043c5af9367f0056295e9f84) C:\windows\System32\drivers\mshidkmdf.sys

23:19:29.0865 3168 mshidkmdf - ok

23:19:29.0958 3168 msisadrv (0a4e5757ae09fa9622e3158cc1aef114) C:\windows\system32\drivers\msisadrv.sys

23:19:29.0958 3168 msisadrv - ok

23:19:30.0052 3168 MSiSCSI (90f7d9e6b6f27e1a707d4a297f077828) C:\windows\system32\iscsiexe.dll

23:19:30.0067 3168 MSiSCSI - ok

23:19:30.0067 3168 msiserver - ok

23:19:30.0099 3168 MSKSSRV (8c0860d6366aaffb6c5bb9df9448e631) C:\windows\system32\drivers\MSKSSRV.sys

23:19:30.0099 3168 MSKSSRV - ok

23:19:30.0255 3168 msoidsvc (1f8b16914dacb952959541a961b51940) C:\Program Files\Common Files\Microsoft Shared\Microsoft Online Services\MSOIDSVC.EXE

23:19:30.0301 3168 msoidsvc - ok

23:19:30.0379 3168 MSPCLOCK (3ea8b949f963562cedbb549eac0c11ce) C:\windows\system32\drivers\MSPCLOCK.sys

23:19:30.0379 3168 MSPCLOCK - ok

23:19:30.0395 3168 MSPQM (f456e973590d663b1073e9c463b40932) C:\windows\system32\drivers\MSPQM.sys

23:19:30.0395 3168 MSPQM - ok

23:19:30.0411 3168 MsRPC (0e008fc4819d238c51d7c93e7b41e560) C:\windows\system32\drivers\MsRPC.sys

23:19:30.0426 3168 MsRPC - ok

23:19:30.0442 3168 mssmbios (fc6b9ff600cc585ea38b12589bd4e246) C:\windows\system32\drivers\mssmbios.sys

23:19:30.0442 3168 mssmbios - ok

23:19:30.0457 3168 MSTEE (b42c6b921f61a6e55159b8be6cd54a36) C:\windows\system32\drivers\MSTEE.sys

23:19:30.0457 3168 MSTEE - ok

23:19:30.0473 3168 MTConfig (33599130f44e1f34631cea241de8ac84) C:\windows\system32\drivers\MTConfig.sys

23:19:30.0473 3168 MTConfig - ok

23:19:30.0551 3168 Multi-user Cleanup Service (218d58976c01c60657818ed0eac81602) C:\Program Files\Lotus\Notes\ntmulti.exe

23:19:30.0567 3168 Multi-user Cleanup Service - ok

23:19:30.0582 3168 Mup (159fad02f64e6381758c990f753bcc80) C:\windows\system32\Drivers\mup.sys

23:19:30.0582 3168 Mup - ok

23:19:30.0629 3168 napagent (61d57a5d7c6d9afe10e77dae6e1b445e) C:\windows\system32\qagentRT.dll

23:19:30.0629 3168 napagent - ok

23:19:30.0676 3168 NativeWifiP (26384429fcd85d83746f63e798ab1480) C:\windows\system32\DRIVERS\nwifi.sys

23:19:30.0691 3168 NativeWifiP - ok

23:19:30.0738 3168 NDIS (e7c54812a2aaf43316eb6930c1ffa108) C:\windows\system32\drivers\ndis.sys

23:19:30.0754 3168 NDIS - ok

23:19:30.0785 3168 NdisCap (0e1787aa6c9191d3d319e8bafe86f80c) C:\windows\system32\DRIVERS\ndiscap.sys

23:19:30.0785 3168 NdisCap - ok

23:19:30.0785 3168 NdisTapi (e4a8aec125a2e43a9e32afeea7c9c888) C:\windows\system32\DRIVERS\ndistapi.sys

23:19:30.0801 3168 NdisTapi - ok

23:19:30.0816 3168 Ndisuio (d8a65dafb3eb41cbb622745676fcd072) C:\windows\system32\DRIVERS\ndisuio.sys

23:19:30.0879 3168 Ndisuio - ok

23:19:30.0879 3168 NdisWan (38fbe267e7e6983311179230facb1017) C:\windows\system32\DRIVERS\ndiswan.sys

23:19:31.0003 3168 NdisWan - ok

23:19:31.0003 3168 NDProxy (a4bdc541e69674fbff1a8ff00be913f2) C:\windows\system32\drivers\NDProxy.sys

23:19:31.0066 3168 NDProxy - ok

23:19:31.0113 3168 Net Driver HPZ12 (51c6d8bfbd4ea5b62a1ba7f4469250d3) C:\windows\system32\HPZinw12.dll

23:19:31.0144 3168 Net Driver HPZ12 - ok

23:19:31.0175 3168 NetBIOS (80b275b1ce3b0e79909db7b39af74d51) C:\windows\system32\DRIVERS\netbios.sys

23:19:31.0191 3168 NetBIOS - ok

23:19:31.0206 3168 NetBT (11e7375fecee3329c7ca3373be510b07) C:\windows\system32\DRIVERS\netbt.sys

23:19:31.0269 3168 Suspicious file (Forged): C:\windows\system32\DRIVERS\netbt.sys. Real md5: 11e7375fecee3329c7ca3373be510b07, Fake md5: 280122ddcf04b378edd1ad54d71c1e54

23:19:31.0269 3168 NetBT ( Virus.Win32.ZAccess.c ) - infected

23:19:31.0269 3168 NetBT - detected Virus.Win32.ZAccess.c (0)

23:19:31.0284 3168 Netlogon (81951f51e318aecc2d68559e47485cc4) C:\windows\system32\lsass.exe

23:19:31.0284 3168 Netlogon - ok

23:19:31.0331 3168 Netman (7cccfca7510684768da22092d1fa4db2) C:\windows\System32\netman.dll

23:19:31.0331 3168 Netman - ok

23:19:31.0425 3168 NetMsmqActivator (d22cd77d4f0d63d1169bb35911bff12d) C:\Windows\Microsoft.NET\Framework\v4.0.30319\SMSvcHost.exe

23:19:31.0425 3168 NetMsmqActivator - ok

23:19:31.0425 3168 NetPipeActivator (d22cd77d4f0d63d1169bb35911bff12d) C:\Windows\Microsoft.NET\Framework\v4.0.30319\SMSvcHost.exe

23:19:31.0425 3168 NetPipeActivator - ok

23:19:31.0487 3168 netprofm (8c338238c16777a802d6a9211eb2ba50) C:\windows\System32\netprofm.dll

23:19:31.0503 3168 netprofm - ok

23:19:31.0503 3168 NetTcpActivator (d22cd77d4f0d63d1169bb35911bff12d) C:\Windows\Microsoft.NET\Framework\v4.0.30319\SMSvcHost.exe

23:19:31.0503 3168 NetTcpActivator - ok

23:19:31.0503 3168 NetTcpPortSharing (d22cd77d4f0d63d1169bb35911bff12d) C:\Windows\Microsoft.NET\Framework\v4.0.30319\SMSvcHost.exe

23:19:31.0503 3168 NetTcpPortSharing - ok

23:19:31.0986 3168 NETwNs32 (814596469bbe40ef99ccfd582a375b83) C:\windows\system32\DRIVERS\NETwNs32.sys

23:19:32.0158 3168 NETwNs32 - ok

23:19:32.0267 3168 nfrd960 (1d85c4b390b0ee09c7a46b91efb2c097) C:\windows\system32\drivers\nfrd960.sys

23:19:32.0267 3168 nfrd960 - ok

23:19:32.0314 3168 NlaSvc (912084381d30d8b89ec4e293053f4710) C:\windows\System32\nlasvc.dll

23:19:32.0314 3168 NlaSvc - ok

23:19:32.0329 3168 Npfs (1db262a9f8c087e8153d89bef3d2235f) C:\windows\system32\drivers\Npfs.sys

23:19:32.0329 3168 Npfs - ok

23:19:32.0376 3168 nsi (ba387e955e890c8a88306d9b8d06bf17) C:\windows\system32\nsisvc.dll

23:19:32.0376 3168 nsi - ok

23:19:32.0376 3168 nsiproxy (e9a0a4d07e53d8fea2bb8387a3293c58) C:\windows\system32\drivers\nsiproxy.sys

23:19:32.0392 3168 nsiproxy - ok

23:19:32.0470 3168 Ntfs (81189c3d7763838e55c397759d49007a) C:\windows\system32\drivers\Ntfs.sys

23:19:32.0548 3168 Ntfs - ok

23:19:32.0548 3168 Null (f9756a98d69098dca8945d62858a812c) C:\windows\system32\drivers\Null.sys

23:19:32.0548 3168 Null - ok

23:19:32.0595 3168 nvraid (b3e25ee28883877076e0e1ff877d02e0) C:\windows\system32\drivers\nvraid.sys

23:19:32.0657 3168 nvraid - ok

23:19:32.0673 3168 nvstor (4380e59a170d88c4f1022eff6719a8a4) C:\windows\system32\drivers\nvstor.sys

23:19:32.0797 3168 nvstor - ok

23:19:32.0813 3168 nv_agp (5a0983915f02bae73267cc2a041f717d) C:\windows\system32\drivers\nv_agp.sys

23:19:32.0813 3168 nv_agp - ok

23:19:32.0844 3168 O2FLASH (4e37455db16aec75862b1d0bc35b589e) C:\windows\system32\DRIVERS\o2flash.exe

23:19:32.0844 3168 O2FLASH - ok

23:19:32.0875 3168 O2MDFRDR (5f63917fcc257ed11e828230be594194) C:\windows\system32\drivers\O2MDFw7.sys

23:19:33.0000 3168 O2MDFRDR - ok

23:19:33.0031 3168 O2MDRRDR (fdc901900d9b1b671b3388c3023bd2ea) C:\windows\system32\drivers\O2MDRw7.sys

23:19:33.0156 3168 O2MDRRDR - ok

23:19:33.0187 3168 O2SDJRDR (e9d663f929862c1ce266f74ac7259c6d) C:\windows\system32\drivers\o2sdjw7.sys

23:19:33.0312 3168 O2SDJRDR - ok

23:19:33.0421 3168 odserv (1f0e05dff4f5a833168e49be1256f002) C:\Program Files\Common Files\Microsoft Shared\OFFICE12\ODSERV.EXE

23:19:33.0499 3168 odserv - ok

23:19:33.0531 3168 ohci1394 (08a70a1f2cdde9bb49b885cb817a66eb) C:\windows\system32\drivers\ohci1394.sys

23:19:33.0546 3168 ohci1394 - ok

23:19:33.0562 3168 ose (9d10f99a6712e28f8acd5641e3a7ea6b) C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE

23:19:33.0624 3168 ose - ok

23:19:33.0843 3168 osppsvc (358a9cca612c68eb2f07ddad4ce1d8d7) C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE

23:19:33.0983 3168 osppsvc - ok

23:19:34.0279 3168 p2pimsvc (82a8521ddc60710c3d3d3e7325209bec) C:\windows\system32\pnrpsvc.dll

23:19:34.0279 3168 p2pimsvc - ok

23:19:34.0357 3168 p2psvc (59c3ddd501e39e006dac31bf55150d91) C:\windows\system32\p2psvc.dll

23:19:34.0373 3168 p2psvc - ok

23:19:34.0607 3168 Parport (2ea877ed5dd9713c5ac74e8ea7348d14) C:\windows\system32\drivers\parport.sys

23:19:34.0638 3168 Parport - ok

23:19:34.0654 3168 partmgr (3f34a1b4c5f6475f320c275e63afce9b) C:\windows\system32\drivers\partmgr.sys

23:19:34.0654 3168 partmgr - ok

23:19:34.0669 3168 Parvdm (eb0a59f29c19b86479d36b35983daadc) C:\windows\system32\drivers\parvdm.sys

23:19:34.0669 3168 Parvdm - ok

23:19:34.0701 3168 PcaSvc (358ab7956d3160000726574083dfc8a6) C:\windows\System32\pcasvc.dll

23:19:34.0701 3168 PcaSvc - ok

23:19:34.0732 3168 pci (673e55c3498eb970088e812ea820aa8f) C:\windows\system32\drivers\pci.sys

23:19:34.0779 3168 pci - ok

23:19:34.0779 3168 pciide (afe86f419014db4e5593f69ffe26ce0a) C:\windows\system32\drivers\pciide.sys

23:19:34.0794 3168 pciide - ok

23:19:34.0810 3168 pcmcia (f396431b31693e71e8a80687ef523506) C:\windows\system32\drivers\pcmcia.sys

23:19:34.0810 3168 pcmcia - ok

23:19:34.0825 3168 pcw (250f6b43d2b613172035c6747aeeb19f) C:\windows\system32\drivers\pcw.sys

23:19:34.0841 3168 pcw - ok

23:19:34.0903 3168 PEAUTH (9e0104ba49f4e6973749a02bf41344ed) C:\windows\system32\drivers\peauth.sys

23:19:34.0903 3168 PEAUTH - ok

23:19:34.0981 3168 PeerDistSvc (af4d64d2a57b9772cf3801950b8058a6) C:\windows\system32\peerdistsvc.dll

23:19:34.0981 3168 PeerDistSvc - ok

23:19:35.0075 3168 pla (414bba67a3ded1d28437eb66aeb8a720) C:\windows\system32\pla.dll

23:19:35.0153 3168 pla - ok

23:19:35.0278 3168 PlugPlay (ec7bc28d207da09e79b3e9faf8b232ca) C:\windows\system32\umpnpmgr.dll

23:19:35.0340 3168 PlugPlay - ok

23:19:35.0543 3168 Pml Driver HPZ12 (79834aa2fbf9fe81eebb229024f6f7fc) C:\windows\system32\HPZipm12.dll

23:19:35.0559 3168 Pml Driver HPZ12 - ok

23:19:35.0590 3168 PNRPAutoReg (63ff8572611249931eb16bb8eed6afc8) C:\windows\system32\pnrpauto.dll

23:19:35.0590 3168 PNRPAutoReg - ok

23:19:35.0621 3168 PNRPsvc (82a8521ddc60710c3d3d3e7325209bec) C:\windows\system32\pnrpsvc.dll

23:19:35.0621 3168 PNRPsvc - ok

23:19:35.0668 3168 PolicyAgent (53946b69ba0836bd95b03759530c81ec) C:\windows\System32\ipsecsvc.dll

23:19:35.0715 3168 PolicyAgent - ok

23:19:35.0730 3168 Power (f87d30e72e03d579a5199ccb3831d6ea) C:\windows\system32\umpo.dll

23:19:35.0730 3168 Power - ok

23:19:35.0777 3168 PptpMiniport (631e3e205ad6d86f2aed6a4a8e69f2db) C:\windows\system32\DRIVERS\raspptp.sys

23:19:35.0777 3168 PptpMiniport - ok

23:19:35.0793 3168 Processor (85b1e3a0c7585bc4aae6899ec6fcf011) C:\windows\system32\drivers\processr.sys

23:19:35.0808 3168 Processor - ok

23:19:35.0824 3168 ProfSvc (43ca4ccc22d52fb58e8988f0198851d0) C:\windows\system32\profsvc.dll

23:19:35.0871 3168 ProfSvc - ok

23:19:35.0886 3168 ProtectedStorage (81951f51e318aecc2d68559e47485cc4) C:\windows\system32\lsass.exe

23:19:35.0886 3168 ProtectedStorage - ok

23:19:35.0902 3168 Psched (6270ccae2a86de6d146529fe55b3246a) C:\windows\system32\DRIVERS\pacer.sys

23:19:35.0902 3168 Psched - ok

23:19:35.0917 3168 PxHelp20 (e42e3433dbb4cffe8fdd91eab29aea8e) C:\windows\system32\Drivers\PxHelp20.sys

23:19:35.0995 3168 PxHelp20 - ok

23:19:36.0073 3168 ql2300 (ab95ecf1f6659a60ddc166d8315b0751) C:\windows\system32\drivers\ql2300.sys

23:19:36.0105 3168 ql2300 - ok

23:19:36.0214 3168 ql40xx (b4dd51dd25182244b86737dc51af2270) C:\windows\system32\drivers\ql40xx.sys

23:19:36.0214 3168 ql40xx - ok

23:19:36.0245 3168 QWAVE (31ac809e7707eb580b2bdb760390765a) C:\windows\system32\qwave.dll

23:19:36.0261 3168 QWAVE - ok

23:19:36.0276 3168 QWAVEdrv (584078ca1b95ca72df2a27c336f9719d) C:\windows\system32\drivers\qwavedrv.sys

23:19:36.0276 3168 QWAVEdrv - ok

23:19:36.0323 3168 RasAcd (30a81b53c766d0133bb86d234e5556ab) C:\windows\system32\DRIVERS\rasacd.sys

23:19:36.0339 3168 RasAcd - ok

23:19:36.0370 3168 RasAgileVpn (57ec4aef73660166074d8f7f31c0d4fd) C:\windows\system32\DRIVERS\AgileVpn.sys

23:19:36.0370 3168 RasAgileVpn - ok

23:19:36.0713 3168 RasAuto (a60f1839849c0c00739787fd5ec03f13) C:\windows\System32\rasauto.dll

23:19:36.0729 3168 RasAuto - ok

23:19:36.0744 3168 Rasl2tp (d9f91eafec2815365cbe6d167e4e332a) C:\windows\system32\DRIVERS\rasl2tp.sys

23:19:36.0744 3168 Rasl2tp - ok

23:19:36.0791 3168 RasMan (cb9e04dc05eacf5b9a36ca276d475006) C:\windows\System32\rasmans.dll

23:19:36.0838 3168 RasMan - ok

23:19:36.0853 3168 RasPppoe (0fe8b15916307a6ac12bfb6a63e45507) C:\windows\system32\DRIVERS\raspppoe.sys

23:19:36.0853 3168 RasPppoe - ok

23:19:36.0869 3168 RasSstp (44101f495a83ea6401d886e7fd70096b) C:\windows\system32\DRIVERS\rassstp.sys

23:19:36.0869 3168 RasSstp - ok

23:19:36.0900 3168 rdbss (d528bc58a489409ba40334ebf96a311b) C:\windows\system32\DRIVERS\rdbss.sys

23:19:37.0041 3168 rdbss - ok

23:19:37.0056 3168 rdpbus (0d8f05481cb76e70e1da06ee9f0da9df) C:\windows\system32\drivers\rdpbus.sys

23:19:37.0072 3168 rdpbus - ok

23:19:37.0072 3168 RDPCDD (23dae03f29d253ae74c44f99e515f9a1) C:\windows\system32\DRIVERS\RDPCDD.sys

23:19:37.0134 3168 RDPCDD - ok

23:19:37.0134 3168 RDPDR (b973fcfc50dc1434e1970a146f7e3885) C:\windows\system32\drivers\rdpdr.sys

23:19:37.0197 3168 RDPDR - ok

23:19:37.0212 3168 RDPENCDD (5a53ca1598dd4156d44196d200c94b8a) C:\windows\system32\drivers\rdpencdd.sys

23:19:37.0212 3168 RDPENCDD - ok

23:19:37.0228 3168 RDPREFMP (44b0a53cd4f27d50ed461dae0c0b4e1f) C:\windows\system32\drivers\rdprefmp.sys

23:19:37.0228 3168 RDPREFMP - ok

23:19:37.0243 3168 RdpVideoMiniport (68a0387f58e226deee23d9715955572a) C:\windows\system32\drivers\rdpvideominiport.sys

23:19:37.0306 3168 RdpVideoMiniport - ok

23:19:37.0337 3168 RDPWD (244c83332f44589ae98fc347f11b2693) C:\windows\system32\drivers\RDPWD.sys

23:19:37.0337 3168 RDPWD - ok

23:19:37.0368 3168 rdyboost (518395321dc96fe2c9f0e96ac743b656) C:\windows\system32\drivers\rdyboost.sys

23:19:37.0509 3168 rdyboost - ok

23:19:37.0696 3168 RegSrvc (b064fc671688a9a1c5f46ae06e87f70d) C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe

23:19:37.0696 3168 RegSrvc - ok

23:19:37.0727 3168 RemoteAccess (7b5e1419717fac363a31cc302895217a) C:\windows\System32\mprdim.dll

23:19:37.0743 3168 RemoteAccess - ok

23:19:37.0758 3168 RemoteRegistry (cb9a8683f4ef2bf99e123d79950d7935) C:\windows\system32\regsvc.dll

23:19:37.0774 3168 RemoteRegistry - ok

23:19:37.0805 3168 RFCOMM (cb928d9e6daf51879dd6ba8d02f01321) C:\windows\system32\DRIVERS\rfcomm.sys

23:19:37.0821 3168 RFCOMM - ok

23:19:37.0945 3168 RoxMediaDB12OEM (3c957189b31c34d3ad21967b12b6aed7) C:\Program Files\Common Files\Roxio Shared\OEM\12.0\SharedCOM\RoxMediaDB12OEM.exe

23:19:38.0039 3168 RoxMediaDB12OEM - ok

23:19:38.0086 3168 RoxWatch12 (2b73088cc2ca757a172b425c9398e5bc) C:\Program Files\Common Files\Roxio Shared\OEM\12.0\SharedCOM\RoxWatch12OEM.exe

23:19:38.0148 3168 RoxWatch12 - ok

23:19:38.0242 3168 RpcEptMapper (78d072f35bc45d9e4e1b61895c152234) C:\windows\System32\RpcEpMap.dll

23:19:38.0242 3168 RpcEptMapper - ok

23:19:38.0273 3168 RpcLocator (94d36c0e44677dd26981d2bfeef2a29d) C:\windows\system32\locator.exe

23:19:38.0273 3168 RpcLocator - ok

23:19:38.0304 3168 RpcSs (7660f01d3b38aca1747e397d21d790af) C:\windows\system32\rpcss.dll

23:19:38.0304 3168 RpcSs - ok

23:19:38.0398 3168 rspndr (032b0d36ad92b582d869879f5af5b928) C:\windows\system32\DRIVERS\rspndr.sys

23:19:38.0398 3168 rspndr - ok

23:19:38.0445 3168 s3cap (7fa7f2e249a5dcbb7970630e15e1f482) C:\windows\system32\drivers\vms3cap.sys

23:19:38.0491 3168 s3cap - ok

23:19:38.0601 3168 SamSs (81951f51e318aecc2d68559e47485cc4) C:\windows\system32\lsass.exe

23:19:38.0601 3168 SamSs - ok

23:19:38.0897 3168 sbp2port (05d860da1040f111503ac416ccef2bca) C:\windows\system32\drivers\sbp2port.sys

23:19:38.0975 3168 sbp2port - ok

23:19:39.0022 3168 SCardSvr (8fc518ffe9519c2631d37515a68009c4) C:\windows\System32\SCardSvr.dll

23:19:39.0022 3168 SCardSvr - ok

23:19:39.0037 3168 scfilter (0693b5ec673e34dc147e195779a4dcf6) C:\windows\system32\DRIVERS\scfilter.sys

23:19:39.0100 3168 scfilter - ok

23:19:39.0178 3168 Schedule (a04bb13f8a72f8b6e8b4071723e4e336) C:\windows\system32\schedsvc.dll

23:19:39.0240 3168 Schedule - ok

23:19:39.0271 3168 SCPolicySvc (319c6b309773d063541d01df8ac6f55f) C:\windows\System32\certprop.dll

23:19:39.0271 3168 SCPolicySvc - ok

23:19:39.0287 3168 SDRSVC (08236c4bce5edd0a0318a438af28e0f7) C:\windows\System32\SDRSVC.dll

23:19:39.0334 3168 SDRSVC - ok

23:19:39.0349 3168 secdrv (90a3935d05b494a5a39d37e71f09a677) C:\windows\system32\drivers\secdrv.sys

23:19:39.0349 3168 secdrv - ok

23:19:39.0365 3168 seclogon (a59b3a4442c52060cc7a85293aa3546f) C:\windows\system32\seclogon.dll

23:19:39.0365 3168 seclogon - ok

23:19:39.0396 3168 SENS (dcb7fcdcc97f87360f75d77425b81737) C:\windows\System32\sens.dll

23:19:39.0396 3168 SENS - ok

23:19:39.0412 3168 SensrSvc (50087fe1ee447009c9cc2997b90de53f) C:\windows\system32\sensrsvc.dll

23:19:39.0412 3168 SensrSvc - ok

23:19:39.0443 3168 Serenum (9ad8b8b515e3df6acd4212ef465de2d1) C:\windows\system32\DRIVERS\serenum.sys

23:19:39.0443 3168 Serenum - ok

23:19:39.0474 3168 Serial (5fb7fcea0490d821f26f39cc5ea3d1e2) C:\windows\system32\DRIVERS\serial.sys

23:19:39.0474 3168 Serial - ok

23:19:39.0490 3168 sermouse (79bffb520327ff916a582dfea17aa813) C:\windows\system32\drivers\sermouse.sys

23:19:39.0490 3168 sermouse - ok

23:19:39.0521 3168 SessionEnv (4ae380f39a0032eab7dd953030b26d28) C:\windows\system32\sessenv.dll

23:19:39.0568 3168 SessionEnv - ok

23:19:39.0615 3168 sffdisk (9f976e1eb233df46fce808d9dea3eb9c) C:\windows\system32\drivers\sffdisk.sys

23:19:39.0646 3168 sffdisk - ok

23:19:39.0677 3168 sffp_mmc (932a68ee27833cfd57c1639d375f2731) C:\windows\system32\drivers\sffp_mmc.sys

23:19:39.0693 3168 sffp_mmc - ok

23:19:39.0739 3168 sffp_sd (6d4ccaedc018f1cf52866bbbaa235982) C:\windows\system32\drivers\sffp_sd.sys

23:19:39.0786 3168 sffp_sd - ok

23:19:39.0849 3168 sfloppy (db96666cc8312ebc45032f30b007a547) C:\windows\system32\drivers\sfloppy.sys

23:19:39.0849 3168 sfloppy - ok

23:19:39.0880 3168 ShellHWDetection (414da952a35bf5d50192e28263b40577) C:\windows\System32\shsvcs.dll

23:19:39.0973 3168 ShellHWDetection - ok

23:19:39.0989 3168 sisagp (2565cac0dc9fe0371bdce60832582b2e) C:\windows\system32\drivers\sisagp.sys

23:19:40.0005 3168 sisagp - ok

23:19:40.0020 3168 SiSRaid2 (a9f0486851becb6dda1d89d381e71055) C:\windows\system32\drivers\SiSRaid2.sys

23:19:40.0020 3168 SiSRaid2 - ok

23:19:40.0036 3168 SiSRaid4 (3727097b55738e2f554972c3be5bc1aa) C:\windows\system32\drivers\sisraid4.sys

23:19:40.0036 3168 SiSRaid4 - ok

23:19:40.0083 3168 Smb (3e21c083b8a01cb70ba1f09303010fce) C:\windows\system32\DRIVERS\smb.sys

23:19:40.0083 3168 Smb - ok

23:19:40.0114 3168 SNMPTRAP (6a984831644eca1a33ffeae4126f4f37) C:\windows\System32\snmptrap.exe

23:19:40.0114 3168 SNMPTRAP - ok

23:19:40.0129 3168 spldr (95cf1ae7527fb70f7816563cbc09d942) C:\windows\system32\drivers\spldr.sys

23:19:40.0129 3168 spldr - ok

23:19:40.0145 3168 Spooler (866a43013535dc8587c258e43579c764) C:\windows\System32\spoolsv.exe

23:19:40.0161 3168 Spooler - ok

23:19:40.0301 3168 sppsvc (cf87a1de791347e75b98885214ced2b8) C:\windows\system32\sppsvc.exe

23:19:40.0317 3168 sppsvc - ok

23:19:40.0410 3168 sppuinotify (b0180b20b065d89232a78a40fe56eaa6) C:\windows\system32\sppuinotify.dll

23:19:40.0473 3168 sppuinotify - ok

23:19:40.0488 3168 srv (e4c2764065d66ea1d2d3ebc28fe99c46) C:\windows\system32\DRIVERS\srv.sys

23:19:40.0488 3168 srv - ok

23:19:40.0504 3168 srv2 (03f0545bd8d4c77fa0ae1ceedfcc71ab) C:\windows\system32\DRIVERS\srv2.sys

23:19:40.0519 3168 srv2 - ok

23:19:40.0519 3168 srvnet (be6bd660caa6f291ae06a718a4fa8abc) C:\windows\system32\DRIVERS\srvnet.sys

23:19:40.0519 3168 srvnet - ok

23:19:40.0551 3168 SSDPSRV (d887c9fd02ac9fa880f6e5027a43e118) C:\windows\System32\ssdpsrv.dll

23:19:40.0566 3168 SSDPSRV - ok

23:19:40.0629 3168 SSPREnrollService (32dbffbc1401d24c093fd3db2bc69ee7) C:\Program Files\Passlogix\v-GO SSPR Client\SSPREnrollService.exe

23:19:40.0707 3168 SSPREnrollService - ok

23:19:40.0831 3168 SstpSvc (d318f23be45d5e3a107469eb64815b50) C:\windows\system32\sstpsvc.dll

23:19:40.0847 3168 SstpSvc - ok

23:19:40.0894 3168 STacSV (a97fca92be4e62bc589371058cbc769e) C:\Program Files\IDT\WDM\STacSV.exe

23:19:40.0894 3168 STacSV - ok

23:19:40.0941 3168 stdcfltn (d8fc8d47fbfcb3852e40f5d5058abc6a) C:\windows\system32\DRIVERS\stdcfltn.sys

23:19:41.0003 3168 stdcfltn - ok

23:19:41.0034 3168 stexstor (db32d325c192b801df274bfd12a7e72b) C:\windows\system32\drivers\stexstor.sys

23:19:41.0050 3168 stexstor - ok

23:19:41.0097 3168 STHDA (d5d73b49d53fcc47e2828d6805dfa0f6) C:\windows\system32\DRIVERS\stwrt.sys

23:19:41.0237 3168 STHDA - ok

23:19:41.0299 3168 StiSvc (e1fb3706030fb4578a0d72c2fc3689e4) C:\windows\System32\wiaservc.dll

23:19:41.0362 3168 StiSvc - ok

23:19:41.0424 3168 stllssvr (7731f46ec0d687a931cba063e8f90ef0) C:\Program Files\Common Files\SureThing Shared\stllssvr.exe

23:19:41.0518 3168 stllssvr - ok

23:19:41.0565 3168 storflt (472af0311073dceceaa8fa18ba2bdf89) C:\windows\system32\drivers\vmstorfl.sys

23:19:41.0627 3168 storflt - ok

23:19:41.0658 3168 StorSvc (0bf669f0a910beda4a32258d363af2a5) C:\windows\system32\storsvc.dll

23:19:41.0705 3168 StorSvc - ok

23:19:41.0736 3168 storvsc (dcaffd62259e0bdb433dd67b5bb37619) C:\windows\system32\drivers\storvsc.sys

23:19:41.0799 3168 storvsc - ok

23:19:41.0799 3168 swenum (e58c78a848add9610a4db6d214af5224) C:\windows\system32\drivers\swenum.sys

23:19:41.0799 3168 swenum - ok

23:19:41.0845 3168 swprv (a28bd92df340e57b024ba433165d34d7) C:\windows\System32\swprv.dll

23:19:41.0861 3168 swprv - ok

23:19:41.0892 3168 Synth3dVsc (f2ad8960812fd111e20e84659ef19d43) C:\windows\system32\drivers\Synth3dVsc.sys

23:19:41.0955 3168 Synth3dVsc - ok

23:19:42.0017 3168 SysMain (36650d618ca34c9d357dfd3d89b2c56f) C:\windows\system32\sysmain.dll

23:19:42.0033 3168 SysMain - ok

23:19:42.0048 3168 TabletInputService (763fecdc3d30c815fe72dd57936c6cd1) C:\windows\System32\TabSvc.dll

23:19:42.0095 3168 TabletInputService - ok

23:19:42.0126 3168 TapiSrv (613bf4820361543956909043a265c6ac) C:\windows\System32\tapisrv.dll

23:19:42.0189 3168 TapiSrv - ok

23:19:42.0220 3168 TBS (b799d9fdb26111737f58288d8dc172d9) C:\windows\System32\tbssvc.dll

23:19:42.0220 3168 TBS - ok

23:19:42.0313 3168 tcm (5150fb0f8dfe5353b15fd7d017112a4e) C:\windows\system32\drivers\tcm.sys

23:19:42.0423 3168 tcm - ok

23:19:42.0594 3168 Tcpip (7fa2e0f8b072bd04b77b421480b6cc22) C:\windows\system32\drivers\tcpip.sys

23:19:42.0594 3168 Tcpip - ok

23:19:42.0610 3168 TCPIP6 (7fa2e0f8b072bd04b77b421480b6cc22) C:\windows\system32\DRIVERS\tcpip.sys

23:19:42.0625 3168 TCPIP6 - ok

23:19:42.0657 3168 tcpipreg (cca24162e055c3714ce5a88b100c64ed) C:\windows\system32\drivers\tcpipreg.sys

23:19:42.0735 3168 tcpipreg - ok

23:19:42.0766 3168 TDPIPE (1cb91b2bd8f6dd367dfc2ef26fd751b2) C:\windows\system32\drivers\tdpipe.sys

23:19:42.0844 3168 TDPIPE - ok

23:19:42.0859 3168 TDTCP (2c2c5afe7ee4f620d69c23c0617651a8) C:\windows\system32\drivers\tdtcp.sys

23:19:42.0969 3168 TDTCP - ok

23:19:42.0984 3168 tdx (b459575348c20e8121d6039da063c704) C:\windows\system32\DRIVERS\tdx.sys

23:19:43.0093 3168 tdx - ok

23:19:43.0109 3168 TermDD (04dbf4b01ea4bf25a9a3e84affac9b20) C:\windows\system32\drivers\termdd.sys

23:19:43.0218 3168 TermDD - ok

23:19:43.0281 3168 terminpt (052306fd76793d5d5ab5d9891fd1adbb) C:\windows\system32\drivers\terminpt.sys

23:19:43.0390 3168 terminpt - ok

23:19:43.0437 3168 TermService (382c804c92811be57829d8e550a900e2) C:\windows\System32\termsrv.dll

23:19:43.0437 3168 TermService - ok

23:19:43.0452 3168 Themes (42fb6afd6b79d9fe07381609172e7ca4) C:\windows\system32\themeservice.dll

23:19:43.0452 3168 Themes - ok

23:19:43.0483 3168 THREADORDER (146b6f43a673379a3c670e86d89be5ea) C:\windows\system32\mmcss.dll

23:19:43.0483 3168 THREADORDER - ok

23:19:43.0499 3168 TrkWks (4792c0378db99a9bc2ae2de6cfff0c3a) C:\windows\System32\trkwks.dll

23:19:43.0499 3168 TrkWks - ok

23:19:43.0561 3168 TrustedInstaller (2c49b175aee1d4364b91b531417fe583) C:\windows\servicing\TrustedInstaller.exe

23:19:43.0561 3168 TrustedInstaller - ok

23:19:43.0577 3168 tssecsrv (254bb140eee3c59d6114c1a86b636877) C:\windows\system32\DRIVERS\tssecsrv.sys

23:19:43.0671 3168 tssecsrv - ok

23:19:43.0671 3168 TsUsbFlt (fd1d6c73e6333be727cbcc6054247654) C:\windows\system32\drivers\tsusbflt.sys

23:19:43.0749 3168 TsUsbFlt - ok

23:19:43.0780 3168 TsUsbGD (01246f0baad7b68ec0f472aa41e33282) C:\windows\system32\drivers\TsUsbGD.sys

23:19:43.0827 3168 TsUsbGD - ok

23:19:43.0842 3168 tsusbhub (045acb987c650d8186c6b4a692223860) C:\windows\system32\drivers\tsusbhub.sys

23:19:43.0936 3168 tsusbhub - ok

23:19:43.0951 3168 tunnel (b2fa25d9b17a68bb93d58b0556e8c90d) C:\windows\system32\DRIVERS\tunnel.sys

23:19:44.0029 3168 tunnel - ok

23:19:44.0076 3168 uagp35 (750fbcb269f4d7dd2e420c56b795db6d) C:\windows\system32\drivers\uagp35.sys

23:19:44.0076 3168 uagp35 - ok

23:19:44.0107 3168 udfs (ee43346c7e4b5e63e54f927babbb32ff) C:\windows\system32\DRIVERS\udfs.sys

23:19:44.0201 3168 udfs - ok

23:19:44.0248 3168 UI0Detect (8344fd4fce927880aa1aa7681d4927e5) C:\windows\system32\UI0Detect.exe

23:19:44.0248 3168 UI0Detect - ok

23:19:44.0404 3168 uliagpkx (44e8048ace47befbfdc2e9be4cbc8880) C:\windows\system32\drivers\uliagpkx.sys

23:19:44.0419 3168 uliagpkx - ok

23:19:44.0466 3168 umbus (d295bed4b898f0fd999fcfa9b32b071b) C:\windows\system32\DRIVERS\umbus.sys

23:19:44.0513 3168 umbus - ok

23:19:44.0544 3168 UmPass (7550ad0c6998ba1cb4843e920ee0feac) C:\windows\system32\drivers\umpass.sys

23:19:44.0544 3168 UmPass - ok

23:19:44.0575 3168 UmRdpService (409994a8eaceee4e328749c0353527a0) C:\windows\System32\umrdp.dll

23:19:44.0607 3168 UmRdpService - ok

23:19:44.0841 3168 UNS (6b778a47eb9ce430708ac42980bb712c) C:\Program Files\Intel\Intel® Management Engine Components\UNS\UNS.exe

23:19:44.0856 3168 UNS - ok

23:19:44.0965 3168 upnphost (833fbb672460efce8011d262175fad33) C:\windows\System32\upnphost.dll

23:19:44.0981 3168 upnphost - ok

23:19:45.0028 3168 usbccgp (7e72e7d7e0757d59481d530fd2b0bfae) C:\windows\system32\drivers\usbccgp.sys

23:19:45.0090 3168 usbccgp - ok

23:19:45.0121 3168 usbcir (04ec7cec62ec3b6d9354eee93327fc82) C:\windows\system32\drivers\usbcir.sys

23:19:45.0121 3168 usbcir - ok

23:19:45.0121 3168 usbehci (cfbce999c057d78979a181c9c60f208e) C:\windows\system32\drivers\usbehci.sys

23:19:45.0215 3168 usbehci - ok

23:19:45.0277 3168 usbhub (9d22aad9ac6a07c691a1113e5f860868) C:\windows\system32\DRIVERS\usbhub.sys

23:19:45.0387 3168 usbhub - ok

23:19:45.0418 3168 usbohci (a6fb7957ea7afb1165991e54ce934b74) C:\windows\system32\drivers\usbohci.sys

23:19:45.0418 3168 usbohci - ok

23:19:45.0449 3168 usbprint (797d862fe0875e75c7cc4c1ad7b30252) C:\windows\system32\drivers\usbprint.sys

23:19:45.0449 3168 usbprint - ok

23:19:45.0465 3168 USBSTOR (f991ab9cc6b908db552166768176896a) C:\windows\system32\DRIVERS\USBSTOR.SYS

23:19:45.0574 3168 USBSTOR - ok

23:19:45.0589 3168 usbuhci (78780c3ebce17405b1ccd07a3a8a7d72) C:\windows\system32\drivers\usbuhci.sys

23:19:45.0605 3168 usbuhci - ok

23:19:45.0652 3168 usbvideo (45f4e7bf43db40a6c6b4d92c76cbc3f2) C:\windows\system32\Drivers\usbvideo.sys

23:19:45.0761 3168 usbvideo - ok

23:19:45.0792 3168 UxSms (081e6e1c91aec36758902a9f727cd23c) C:\windows\System32\uxsms.dll

23:19:45.0792 3168 UxSms - ok

23:19:45.0823 3168 VaultSvc (81951f51e318aecc2d68559e47485cc4) C:\windows\system32\lsass.exe

23:19:45.0823 3168 VaultSvc - ok

23:19:45.0839 3168 vdrvroot (a059c4c3edb09e07d21a8e5c0aabd3cb) C:\windows\system32\drivers\vdrvroot.sys

23:19:45.0855 3168 vdrvroot - ok

23:19:45.0886 3168 vds (c3cd30495687c2a2f66a65ca6fd89be9) C:\windows\System32\vds.exe

23:19:45.0886 3168 vds - ok

23:19:45.0901 3168 vga (17c408214ea61696cec9c66e388b14f3) C:\windows\system32\DRIVERS\vgapnp.sys

23:19:45.0917 3168 vga - ok

23:19:45.0948 3168 VgaSave (8e38096ad5c8570a6f1570a61e251561) C:\windows\System32\drivers\vga.sys

23:19:45.0948 3168 VgaSave - ok

23:19:45.0948 3168 VGPU - ok

23:19:45.0964 3168 vhdmp (5461686cca2fda57b024547733ab42e3) C:\windows\system32\drivers\vhdmp.sys

23:19:46.0026 3168 vhdmp - ok

23:19:46.0229 3168 viaagp (c829317a37b4bea8f39735d4b076e923) C:\windows\system32\drivers\viaagp.sys

23:19:46.0260 3168 viaagp - ok

23:19:46.0385 3168 ViaC7 (e02f079a6aa107f06b16549c6e5c7b74) C:\windows\system32\drivers\viac7.sys

23:19:46.0401 3168 ViaC7 - ok

23:19:46.0416 3168 viaide (e43574f6a56a0ee11809b48c09e4fd3c) C:\windows\system32\drivers\viaide.sys

23:19:46.0416 3168 viaide - ok

23:19:46.0432 3168 vmbus (c2f2911156fdc7817c52829c86da494e) C:\windows\system32\drivers\vmbus.sys

23:19:46.0494 3168 vmbus - ok

23:19:46.0510 3168 VMBusHID (d4d77455211e204f370d08f4963063ce) C:\windows\system32\drivers\VMBusHID.sys

23:19:46.0572 3168 VMBusHID - ok

23:19:46.0603 3168 volmgr (4c63e00f2f4b5f86ab48a58cd990f212) C:\windows\system32\drivers\volmgr.sys

23:19:46.0666 3168 volmgr - ok

23:19:46.0713 3168 volmgrx (b5bb72067ddddbbfb04b2f89ff8c3c87) C:\windows\system32\drivers\volmgrx.sys

23:19:46.0713 3168 volmgrx - ok

23:19:46.0744 3168 volsnap (f497f67932c6fa693d7de2780631cfe7) C:\windows\system32\drivers\volsnap.sys

23:19:46.0806 3168 volsnap - ok

23:19:46.0853 3168 vsmraid (9dfa0cc2f8855a04816729651175b631) C:\windows\system32\drivers\vsmraid.sys

23:19:46.0869 3168 vsmraid - ok

23:19:46.0931 3168 VSS (209a3b1901b83aeb8527ed211cce9e4c) C:\windows\system32\vssvc.exe

23:19:46.0947 3168 VSS - ok

23:19:46.0962 3168 vwifibus (90567b1e658001e79d7c8bbd3dde5aa6) C:\windows\system32\DRIVERS\vwifibus.sys

23:19:46.0962 3168 vwifibus - ok

23:19:46.0962 3168 vwififlt (7090d3436eeb4e7da3373090a23448f7) C:\windows\system32\DRIVERS\vwififlt.sys

23:19:46.0978 3168 vwififlt - ok

23:19:47.0009 3168 W32Time (55187fd710e27d5095d10a472c8baf1c) C:\windows\system32\w32time.dll

23:19:47.0025 3168 W32Time - ok

23:19:47.0056 3168 WacomPen (de3721e89c653aa281428c8a69745d90) C:\windows\system32\drivers\wacompen.sys

23:19:47.0056 3168 WacomPen - ok

23:19:47.0071 3168 WANARP (3c3c78515f5ab448b022bdf5b8ffdd2e) C:\windows\system32\DRIVERS\wanarp.sys

23:19:47.0165 3168 WANARP - ok

23:19:47.0165 3168 Wanarpv6 (3c3c78515f5ab448b022bdf5b8ffdd2e) C:\windows\system32\DRIVERS\wanarp.sys

23:19:47.0165 3168 Wanarpv6 - ok

23:19:47.0243 3168 wbengine (691e3285e53dca558e1a84667f13e15a) C:\windows\system32\wbengine.exe

23:19:47.0337 3168 wbengine - ok

23:19:47.0368 3168 WbioSrvc (9614b5d29dc76ac3c29f6d2d3aa70e67) C:\windows\System32\wbiosrvc.dll

23:19:47.0383 3168 WbioSrvc - ok

23:19:47.0415 3168 wcncsvc (34eee0dfaadb4f691d6d5308a51315dc) C:\windows\System32\wcncsvc.dll

23:19:47.0446 3168 wcncsvc - ok

23:19:47.0477 3168 WcsPlugInService (5d930b6357a6d2af4d7653bdabbf352f) C:\windows\System32\WcsPlugInService.dll

23:19:47.0477 3168 WcsPlugInService - ok

23:19:47.0539 3168 Wd (1112a9badacb47b7c0bb0392e3158dff) C:\windows\system32\drivers\wd.sys

23:19:47.0539 3168 Wd - ok

23:19:47.0586 3168 WDC_SAM (d6efaf429fd30c5df613d220e344cce7) C:\windows\system32\DRIVERS\wdcsam.sys

23:19:47.0680 3168 WDC_SAM - ok

23:19:47.0727 3168 Wdf01000 (9950e3d0f08141c7e89e64456ae7dc73) C:\windows\system32\drivers\Wdf01000.sys

23:19:47.0742 3168 Wdf01000 - ok

23:19:47.0742 3168 WdiServiceHost (46ef9dc96265fd0b423db72e7c38c2a5) C:\windows\system32\wdi.dll

23:19:47.0758 3168 WdiServiceHost - ok

23:19:47.0758 3168 WdiSystemHost (46ef9dc96265fd0b423db72e7c38c2a5) C:\windows\system32\wdi.dll

23:19:47.0758 3168 WdiSystemHost - ok

23:19:47.0789 3168 WebClient (a9d880f97530d5b8fee278923349929d) C:\windows\System32\webclnt.dll

23:19:47.0851 3168 WebClient - ok

23:19:47.0851 3168 WebMail - ok

23:19:47.0992 3168 WebMail_ (5a1c0cfdc7c68bf6e13e58abd60c1e98) C:\windows\system32\WebMail_.sys

23:19:48.0132 3168 WebMail_ - ok

23:19:48.0475 3168 Wecsvc (760f0afe937a77cff27153206534f275) C:\windows\system32\wecsvc.dll

23:19:48.0507 3168 Wecsvc - ok

23:19:48.0522 3168 wercplsupport (ac804569bb2364fb6017370258a4091b) C:\windows\System32\wercplsupport.dll

23:19:48.0522 3168 wercplsupport - ok

23:19:48.0553 3168 WerSvc (08e420d873e4fd85241ee2421b02c4a4) C:\windows\System32\WerSvc.dll

23:19:48.0569 3168 WerSvc - ok

23:19:48.0600 3168 WfpLwf (8b9a943f3b53861f2bfaf6c186168f79) C:\windows\system32\DRIVERS\wfplwf.sys

23:19:48.0600 3168 WfpLwf - ok

23:19:48.0631 3168 WIMMount (5cf95b35e59e2a38023836fff31be64c) C:\windows\system32\drivers\wimmount.sys

23:19:48.0631 3168 WIMMount - ok

23:19:48.0678 3168 winachsf (8b976d4ca270110111df4f313da0e6e8) C:\windows\system32\DRIVERS\HSX_CNXT.sys

23:19:48.0850 3168 winachsf - ok

23:19:48.0959 3168 WinDefend (3fae8f94296001c32eab62cd7d82e0fd) C:\Program Files\Windows Defender\mpsvc.dll

23:19:48.0975 3168 WinDefend - ok

23:19:48.0990 3168 WinHttpAutoProxySvc - ok

23:19:49.0099 3168 Winmgmt (f62e510b6ad4c21eb9fe8668ed251826) C:\windows\system32\wbem\WMIsvc.dll

23:19:49.0115 3168 Winmgmt - ok

23:19:49.0193 3168 WinRM (1b91cd34ea3a90ab6a4ef0550174f4cc) C:\windows\system32\WsmSvc.dll

23:19:49.0271 3168 WinRM - ok

23:19:49.0302 3168 WinUsb (a67e5f9a400f3bd1be3d80613b45f708) C:\windows\system32\DRIVERS\WinUSB.sys

23:19:49.0380 3168 WinUsb - ok

23:19:49.0458 3168 Wlansvc (16935c98ff639d185086a3529b1f2067) C:\windows\System32\wlansvc.dll

23:19:49.0474 3168 Wlansvc - ok

23:19:49.0505 3168 WmiAcpi (0217679b8fca58714c3bf2726d2ca84e) C:\windows\system32\drivers\wmiacpi.sys

23:19:49.0505 3168 WmiAcpi - ok

23:19:49.0552 3168 wmiApSrv (6eb6b66517b048d87dc1856ddf1f4c3f) C:\windows\system32\wbem\WmiApSrv.exe

23:19:49.0552 3168 wmiApSrv - ok

23:19:49.0661 3168 WMPNetworkSvc (3b40d3a61aa8c21b88ae57c58ab3122e) C:\Program Files\Windows Media Player\wmpnetwk.exe

23:19:49.0739 3168 WMPNetworkSvc - ok

23:19:49.0755 3168 WPCSvc (a2f0ec770a92f2b3f9de6d518e11409c) C:\windows\System32\wpcsvc.dll

23:19:49.0770 3168 WPCSvc - ok

23:19:49.0786 3168 WPDBusEnum (aa53356d60af47eacc85bc617a4f3f66) C:\windows\system32\wpdbusenum.dll

23:19:49.0833 3168 WPDBusEnum - ok

23:19:49.0864 3168 ws2ifsl (6db3276587b853bf886b69528fdb048c) C:\windows\system32\drivers\ws2ifsl.sys

23:19:49.0879 3168 ws2ifsl - ok

23:19:49.0895 3168 wscsvc (6f5d49efe0e7164e03ae773a3fe25340) C:\windows\system32\wscsvc.dll

23:19:49.0911 3168 wscsvc - ok

23:19:49.0911 3168 WSearch - ok

23:19:50.0129 3168 wuauserv (3026418a50c5b4761befa632cedb7406) C:\windows\system32\wuaueng.dll

23:19:50.0145 3168 wuauserv - ok

23:19:50.0269 3168 WudfPf (e714a1c0354636837e20ccbf00888ee7) C:\windows\system32\drivers\WudfPf.sys

23:19:50.0441 3168 WudfPf - ok

23:19:50.0457 3168 WUDFRd (1023ee888c9b47178c5293ed5336ab69) C:\windows\system32\DRIVERS\WUDFRd.sys

23:19:50.0535 3168 WUDFRd - ok

23:19:50.0566 3168 wudfsvc (8d1e1e529a2c9e9b6a85b55a345f7629) C:\windows\System32\WUDFSvc.dll

23:19:50.0613 3168 wudfsvc - ok

23:19:50.0659 3168 WwanSvc (ff2d745b560f7c71b31f30f4d49f73d2) C:\windows\System32\wwansvc.dll

23:19:50.0659 3168 WwanSvc - ok

23:19:50.0691 3168 XAudio (894f963be999ba9db5aac3aed55b115d) C:\windows\system32\DRIVERS\XAudio32.sys

23:19:50.0722 3168 XAudio - ok

23:19:50.0831 3168 ZcfgSvc7 (4f5d56ff81b8c0294e22dcc62136f253) C:\Program Files\Intel\WiFi\bin\ZCfgSvc7.exe

23:19:50.0847 3168 ZcfgSvc7 - ok

23:19:50.0878 3168 MBR (0x1B8) (5c616939100b85e558da92b899a0fc36) \Device\Harddisk0\DR0

23:19:51.0205 3168 \Device\Harddisk0\DR0 - ok

23:19:51.0221 3168 Boot (0x1200) (59bf55052728478fb0305887f0ec817c) \Device\Harddisk0\DR0\Partition0

23:19:51.0221 3168 \Device\Harddisk0\DR0\Partition0 - ok

23:19:51.0237 3168 Boot (0x1200) (2b48a20b9e67398236ff9c18f0045952) \Device\Harddisk0\DR0\Partition1

23:19:51.0252 3168 \Device\Harddisk0\DR0\Partition1 - ok

23:19:51.0252 3168 ============================================================

23:19:51.0252 3168 Scan finished

23:19:51.0252 3168 ============================================================

23:19:51.0252 4100 Detected object count: 1

23:19:51.0252 4100 Actual detected object count: 1

23:20:36.0539 4100 C:\windows\system32\DRIVERS\netbt.sys - copied to quarantine

23:20:36.0711 4100 C:\windows\$NtUninstallKB52896$\2699914829\@ - copied to quarantine

23:20:36.0726 4100 C:\windows\$NtUninstallKB52896$\2699914829\Desktop.ini - copied to quarantine

23:20:36.0835 4100 C:\windows\$NtUninstallKB52896$\2699914829\L\00000004.@ - copied to quarantine

23:20:36.0867 4100 C:\windows\$NtUninstallKB52896$\2699914829\L\1afb2d56 - copied to quarantine

23:20:36.0898 4100 C:\windows\$NtUninstallKB52896$\2699914829\L\201d3dde - copied to quarantine

23:20:36.0960 4100 C:\windows\$NtUninstallKB52896$\2699914829\L\xadqgnnk - copied to quarantine

23:20:37.0069 4100 C:\windows\$NtUninstallKB52896$\2699914829\U\00000004.@ - copied to quarantine

23:20:37.0163 4100 C:\windows\$NtUninstallKB52896$\2699914829\U\00000008.@ - copied to quarantine

23:20:47.0521 4100 C:\windows\$NtUninstallKB52896$\2699914829\U\000000cb.@ - copied to quarantine

23:20:47.0599 4100 C:\windows\$NtUninstallKB52896$\2699914829\U\80000000.@ - copied to quarantine

23:20:54.0666 4100 C:\windows\$NtUninstallKB52896$\2699914829\U\80000032.@ - copied to quarantine

23:20:54.0947 4100 Backup copy found, using it..

23:20:55.0181 4100 C:\windows\system32\DRIVERS\netbt.sys - will be cured on reboot

23:20:56.0242 4100 C:\windows\$NtUninstallKB52896$\2126511194 - will be deleted on reboot

23:20:56.0242 4100 C:\windows\$NtUninstallKB52896$\2699914829\@ - will be deleted on reboot

23:20:56.0242 4100 C:\windows\$NtUninstallKB52896$\2699914829\Desktop.ini - will be deleted on reboot

23:20:56.0258 4100 C:\windows\$NtUninstallKB52896$\2699914829\U\00000004.@ - will be deleted on reboot

23:20:56.0258 4100 C:\windows\$NtUninstallKB52896$\2699914829\U\00000008.@ - will be deleted on reboot

23:20:56.0258 4100 C:\windows\$NtUninstallKB52896$\2699914829\U\000000cb.@ - will be deleted on reboot

23:20:56.0258 4100 C:\windows\$NtUninstallKB52896$\2699914829\U\80000000.@ - will be deleted on reboot

23:20:56.0258 4100 C:\windows\$NtUninstallKB52896$\2699914829\U\80000032.@ - will be deleted on reboot

23:20:56.0258 4100 NetBT ( Virus.Win32.ZAccess.c ) - User select action: Cure

23:22:40.0554 5948 Deinitialize success

aswMBR.txt output follows:

Run date: 2012-06-08 23:25:29

-----------------------------

23:25:29.781 OS Version: Windows 6.1.7601 Service Pack 1

23:25:29.781 Number of processors: 4 586 0x2A07

23:25:29.781 ComputerName: 4BRXBT1 UserName: snayak

23:25:34.710 Initialize success

23:25:54.311 AVAST engine download error: 0

23:26:22.516 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IAAStorageDevice-1

23:26:22.516 Disk 0 Vendor: WDC_WD32 01.0 Size: 305245MB BusType: 3

23:26:22.532 Disk 0 MBR read successfully

23:26:22.532 Disk 0 MBR scan

23:26:22.532 Disk 0 Windows VISTA default MBR code

23:26:22.532 Disk 0 Partition 1 00 DE Dell Utility DELL 4.1 39 MB offset 63

23:26:22.547 Disk 0 Partition 2 80 (A) 07 HPFS/NTFS NTFS 300 MB offset 81920

23:26:22.547 Disk 0 Partition 3 00 07 HPFS/NTFS NTFS 304904 MB offset 696320

23:26:22.547 Disk 0 scanning sectors +625139712

23:26:22.625 Disk 0 scanning C:\windows\system32\drivers

23:26:41.298 Service scanning

23:27:12.296 Modules scanning

23:27:25.759 Disk 0 trace - called modules:

23:27:25.774 ntkrnlpa.exe CLASSPNP.SYS disk.sys stdcfltn.sys ACPI.sys halmacpi.dll iaStor.sys

23:27:25.774 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0x8813aac8]

23:27:25.774 3 CLASSPNP.SYS[8be0459e] -> nt!IofCallDriver -> [0x8813a020]

23:27:25.790 5 stdcfltn.sys[8c5d9854] -> nt!IofCallDriver -> [0x864a0950]

23:27:25.790 7 ACPI.sys[8bc963d4] -> nt!IofCallDriver -> \Device\Ide\IAAStorageDevice-1[0x86415028]

23:27:25.790 Scan finished successfully

23:27:59.236 Disk 0 MBR has been saved successfully to "C:\Users\snayak\Desktop\MBR.dat"

23:27:59.236 The log file has been saved successfully to "C:\Users\snayak\Desktop\aswMBR.txt"

gringo_pr · June 9, 2012

Greetings

that removed a rootkit so lets try and run combofix again

gringo

Jai · June 9, 2012

Hi Gringo

Ran combofix. This time it did get invoked immediately. At the very end, the laptop seems to be back to a good state, though I have not turned on the Internet yet and seen if the redirects have stopped.

Note that combofix gave a few errors:

It seems that the file "c:\windows\system32\AMINIT32.dll" was trying to attach to combofix.exe (this was stated right in the beginning).
combofix gave the following error repeatedly, maybe 30 times, over the course of its run: "Windows cannot find NIRKMD. Make sure you typed the name correctly, and then try again".
It also said that "You are infected with Rootkit,ZeroAccess! It has inserted itself in the tcp/ip stack. This is a particularly difficult infection. If for any reason that you are unable to connect tp the internet afetr running combofix, reboot again"

Combofix.txt contents are listed below -

ComboFix 12-06-08.02 - snayak 06/09/2012 0:27.1.4 - x86

Microsoft Windows 7 Enterprise 6.1.7601.1.1252.1.1033.18.3241.2403 [GMT -5:00]

Running from: c:\users\snayak\Desktop\ComboFix.exe

AV: McAfee VirusScan Enterprise *Enabled/Updated* {86355677-4064-3EA7-ABB3-1B136EB04637}

FW: McAfee Host Intrusion Prevention Firewall *Disabled* {BE0ED752-0A0B-3FFF-80EC-B2269063014C}

SP: McAfee VirusScan Enterprise Antispyware Module *Enabled/Updated* {3D54B793-665E-3129-9103-206115370C8A}

SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

* Created a new restore point

* Resident AV is active

.

The following files were disabled during the run:

c:\windows\system32\AMINIT32.dll

.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))

.

c:\program files\Common Files\Altiris_Icon.ico

c:\users\Administrator\Documents\LotusInstall.log

c:\users\snayak\AppData\Local\assembly\tmp

c:\users\snayak\AppData\Roaming\dcpat.dll

c:\users\snayak\AppData\Roaming\skmsvf.dll

c:\users\snayak\AppData\Roaming\svcep.dll

c:\users\snayak\cnsload_1273174443432.tmp

c:\users\snayak\cnsload_1292266988540.tmp

c:\users\snayak\cnsload_1308162001787.tmp

c:\users\snayak\g2mdlhlpx.exe

c:\windows\$NtUninstallKB52896$

c:\windows\$NtUninstallKB52896$\2699914829\L\00000004.@

c:\windows\$NtUninstallKB52896$\2699914829\L\1afb2d56

c:\windows\$NtUninstallKB52896$\2699914829\L\201d3dde

c:\windows\$NtUninstallKB52896$\2699914829\L\xadqgnnk

c:\windows\ESSO_Installation.log

c:\windows\system32\spool\prtprocs\w32x86\x5pp.dll

c:\windows\winhelp.ini

.

((((((((((((((((((((((((( Files Created from 2012-05-09 to 2012-06-09 )))))))))))))))))))))))))))))))

.

2012-06-09 05:36 . 2012-06-09 05:36 -------- d-----w- c:\users\Default\AppData\Local\temp

2012-06-09 04:20 . 2012-06-09 04:20 -------- d-----w- C:\TDSSKiller_Quarantine

2012-06-09 03:27 . 2012-06-09 05:14 -------- d-----w- C:\stuff

2012-06-07 01:43 . 2012-04-04 20:56 22344 ----a-w- c:\windows\system32\drivers\mbam.sys

2012-06-07 01:20 . 2012-06-07 01:20 -------- d-sh--w- c:\windows\system32\%APPDATA%

2012-06-06 17:36 . 2012-06-09 05:27 -------- d-----w- C:\Quarantine

2012-06-05 23:26 . 2012-06-05 23:27 -------- d-----w- C:\OraHome_1

2012-06-05 15:52 . 2012-06-05 15:52 -------- d-----w- c:\windows\Sun

2012-06-05 15:27 . 2004-12-22 21:16 721168 ----a-w- c:\windows\system32\VB40032.DLL

2012-06-05 15:27 . 2004-12-23 04:19 77824 ----a-w- c:\windows\system32\WindowsAccessBridge.dll

2012-06-05 15:27 . 2004-12-23 04:19 28672 ----a-w- c:\windows\system32\JAWTAccessBridge.dll

2012-06-05 15:27 . 2004-12-23 04:19 139264 ----a-w- c:\windows\system32\JavaAccessBridge.dll

2012-06-04 18:27 . 2012-06-04 18:35 -------- d-----w- C:\Saves

2012-06-04 18:18 . 2012-06-05 03:42 -------- d-----w- C:\P

2012-06-04 18:18 . 2012-06-04 18:18 -------- d-----w- C:\STAR

2012-06-04 18:16 . 2012-06-06 23:24 -------- d-----w- C:\SN

2012-06-04 18:15 . 2012-06-04 18:16 -------- d-----w- C:\SN-Archive

2012-06-04 18:04 . 2011-04-13 16:24 40328 ----a-w- c:\windows\system32\HIPIS0e011b8.dll

2012-06-04 17:26 . 2010-08-27 06:56 398704 ----a-w- c:\windows\system32\dsNcSmartCardProv.dll

2012-06-04 17:26 . 2010-08-27 06:56 345456 ----a-w- c:\windows\system32\dsNcCredProv.dll

2012-06-04 16:45 . 2012-06-04 16:45 -------- d-----w- C:\Motorola

2012-06-04 16:45 . 2009-10-09 16:51 -------- d-----w- C:\fslrdr

2012-06-04 16:37 . 2010-02-19 15:51 11264 ----a-w- c:\windows\system32\Spool\prtprocs\w32x86\x5print.dll

2012-06-04 15:59 . 2012-06-09 05:35 -------- d-----w- c:\users\snayak

2012-06-02 08:08 . 2012-03-03 05:31 1077248 ----a-w- c:\windows\system32\DWrite.dll

2012-06-02 08:07 . 2012-03-30 10:23 1291632 ----a-w- c:\windows\system32\drivers\tcpip.sys

2012-06-02 08:07 . 2012-03-17 07:27 56176 ----a-w- c:\windows\system32\drivers\partmgr.sys

2012-06-02 08:06 . 2012-02-17 04:14 183808 ----a-w- c:\windows\system32\drivers\rdpwd.sys

2012-06-02 08:06 . 2012-02-17 05:34 826880 ----a-w- c:\windows\system32\rdpcore.dll

2012-06-02 08:06 . 2012-02-17 05:34 919040 ----a-w- c:\windows\system32\rdpcorets.dll

2012-06-02 08:06 . 2012-02-17 04:13 24576 ----a-w- c:\windows\system32\drivers\tdtcp.sys

2012-06-02 08:05 . 2011-10-26 04:32 1328128 ----a-w- c:\windows\system32\quartz.dll

2012-06-02 08:05 . 2011-10-26 04:32 514560 ----a-w- c:\windows\system32\qdvd.dll

2012-06-02 08:05 . 2011-11-17 05:29 22528 ----a-w- c:\windows\system32\lsass.exe

2012-06-02 08:05 . 2011-11-17 05:34 15872 ----a-w- c:\windows\system32\sspisrv.dll

2012-06-02 08:05 . 2011-11-17 05:34 224768 ----a-w- c:\windows\system32\schannel.dll

2012-06-02 08:05 . 2011-11-17 05:34 22016 ----a-w- c:\windows\system32\secur32.dll

2012-06-02 08:05 . 2011-11-17 05:34 100352 ----a-w- c:\windows\system32\sspicli.dll

2012-06-02 08:05 . 2011-11-17 05:41 67440 ----a-w- c:\windows\system32\drivers\ksecdd.sys

2012-06-02 08:05 . 2011-11-17 05:41 134000 ----a-w- c:\windows\system32\drivers\ksecpkg.sys

2012-06-02 08:05 . 2011-11-17 05:35 314880 ----a-w- c:\windows\system32\webio.dll

2012-06-02 08:04 . 2011-11-17 05:32 1038848 ----a-w- c:\windows\system32\lsasrv.dll

2012-06-02 08:04 . 2011-11-17 05:39 369352 ----a-w- c:\windows\system32\drivers\cng.sys

2012-06-02 08:04 . 2011-11-19 14:01 67072 ----a-w- c:\windows\system32\packager.dll

2012-06-02 08:04 . 2011-10-26 04:28 38912 ----a-w- c:\windows\system32\csrsrv.dll

2012-06-02 08:03 . 2011-11-05 04:26 2048 ----a-w- c:\windows\system32\tzres.dll

2012-06-02 08:01 . 2011-08-17 04:24 465408 ----a-w- c:\windows\system32\psisdecd.dll

2012-06-02 08:01 . 2011-08-17 04:19 75776 ----a-w- c:\windows\system32\psisrndr.ax

2012-06-02 08:01 . 2011-08-27 04:26 571904 ----a-w- c:\windows\system32\oleaut32.dll

2012-06-02 08:01 . 2011-08-27 04:26 233472 ----a-w- c:\windows\system32\oleacc.dll

2012-06-02 01:56 . 2012-06-02 01:56 -------- d-----w- C:\IgniteTech

2012-06-02 01:56 . 2012-06-02 01:56 303104 ----a-w- c:\windows\9684826Uninstall.exe

2012-06-02 01:56 . 2012-06-02 01:56 262202 ------r- c:\windows\bwUnin-8.2.0.29-9684826SL.exe

2012-06-01 21:06 . 2012-06-01 21:06 933888 ----a-w- c:\windows\system32\WebMail_.exe

2012-06-01 21:05 . 2012-06-01 21:05 933888 ----a-w- c:\windows\system32\WebMail.exe

2012-06-01 21:05 . 2012-06-01 21:05 77760 ----a-w- c:\windows\system32\WebMail_.sys

2012-06-01 20:59 . 2012-06-01 20:59 -------- d-----w- c:\users\Default\AppData\Local\Microsoft Help

2012-06-01 20:50 . 2005-05-03 19:39 135168 ----a-w- c:\windows\system32\KXproc.dll

2012-06-01 20:50 . 2002-12-18 12:01 995383 ----a-w- c:\windows\system32\temp.001

2012-06-01 20:50 . 2002-12-18 11:54 378880 ----a-w- c:\windows\system32\KXauth.dll

2012-06-01 20:50 . 2002-12-18 11:53 69632 ----a-w- c:\windows\system32\temp.002

2012-06-01 20:50 . 2001-08-10 06:26 278581 ----a-w- c:\windows\system32\temp.000

2012-06-01 20:49 . 2012-06-01 20:49 -------- d-----w- c:\users\Default\AppData\Roaming\McAfee

2012-06-01 20:43 . 2012-05-03 05:17 143008 ----a-w- c:\windows\system32\KevlarSigs.dll

2012-06-01 20:43 . 2011-04-13 16:24 60344 ----a-w- c:\windows\system32\HcApi.dll

2012-06-01 20:43 . 2011-04-13 16:24 229264 ----a-w- c:\windows\system32\HcSql.dll

2012-06-01 20:43 . 2011-04-13 16:24 20256 ----a-w- c:\windows\system32\HcSvc.dll

2012-06-01 20:42 . 2011-04-13 16:24 65960 ----a-w- c:\windows\system32\drivers\mfetdik.sys

2012-06-01 20:42 . 2011-04-13 16:24 44448 ----a-w- c:\windows\system32\hipqa.dll

2012-06-01 20:42 . 2011-04-13 16:24 38680 ----a-w- c:\windows\system32\drivers\HIPPSK.sys

2012-06-01 20:42 . 2011-04-13 16:24 35552 ----a-w- c:\windows\system32\drivers\HIPQK.sys

2012-06-01 20:42 . 2011-04-13 16:24 25912 ----a-w- c:\windows\system32\mfehida.dll

2012-06-01 20:42 . 2011-04-13 16:24 107928 ----a-w- c:\windows\system32\drivers\HIPK.sys

2012-06-01 20:42 . 2008-10-17 20:26 44680 ----a-w- c:\windows\system32\drivers\firehk.sys

2012-06-01 20:41 . 2012-06-04 15:53 -------- d-----w- c:\users\flsusaxs

2012-06-01 18:49 . 2011-10-06 18:18 9344 ----a-w- c:\windows\system32\drivers\mfeclnk.sys

2012-06-01 18:49 . 2011-10-06 18:18 87392 ----a-w- c:\windows\system32\drivers\mferkdet.sys

2012-06-01 18:49 . 2011-10-06 18:17 74848 ----a-w- c:\windows\system32\MfeOtlkAddin.dll

2012-06-01 18:49 . 2011-10-06 18:17 22816 ----a-w- c:\windows\system32\MFEOtlk.dll

2012-06-01 18:49 . 2011-10-06 18:17 463912 ----a-w- c:\windows\system32\drivers\mfehidk.sys

2012-06-01 18:49 . 2011-10-06 18:16 59192 ----a-w- c:\windows\system32\drivers\mfebopk.sys

2012-06-01 18:49 . 2011-10-06 18:16 180328 ----a-w- c:\windows\system32\drivers\mfeavfk.sys

2012-06-01 18:49 . 2011-10-06 18:16 120992 ----a-w- c:\windows\system32\drivers\mfeapfk.sys

2012-06-01 18:49 . 2011-10-06 18:18 165416 ----a-w- c:\windows\system32\drivers\mfewfpk.sys

2012-06-01 18:49 . 2011-10-06 18:18 148520 ----a-w- c:\windows\system32\mfevtps.exe

2012-06-01 18:42 . 2012-06-01 18:42 -------- d-----w- c:\windows\PCHEALTH

2012-06-01 18:41 . 2012-06-01 18:41 -------- d-----r- C:\MSOCache

2012-06-01 18:38 . 2012-06-08 20:35 -------- d--h--w- c:\windows\system32\dwrcssft

2012-05-24 01:40 . 2012-05-24 01:40 3968368 ----a-w- c:\windows\system32\ntkrnlpa.exe

2012-05-24 01:37 . 2010-12-17 10:52 115640 ----a-r- c:\windows\system32\Vxdif.dll

2012-05-24 01:36 . 2011-01-04 21:41 62440 ----a-w- c:\windows\system32\drivers\O2MDRw7.sys

2012-05-24 01:36 . 2011-01-04 20:44 60904 ----a-w- c:\windows\system32\drivers\o2mdfw7.sys

2012-05-24 01:36 . 2011-01-04 20:29 63848 ----a-w- c:\windows\system32\drivers\o2sdjw7.sys

2012-05-24 01:36 . 2010-03-03 15:49 1145448 ----a-w- c:\windows\system32\O2Icon.dll

2012-05-24 01:36 . 2010-02-11 16:50 72296 ----a-w- c:\windows\system32\drivers\o2flash.exe

2012-05-24 01:36 . 2010-02-11 00:39 1178216 ----a-w- c:\windows\system32\O2Icon_2.dll

2012-05-24 01:36 . 2010-12-21 18:07 7434240 ----a-w- c:\windows\system32\drivers\NETwNs32.sys

2012-05-24 01:36 . 2010-05-19 06:31 2760704 ----a-w- c:\windows\system32\NETwNr32.dll

2012-05-24 01:36 . 2010-05-19 06:29 684032 ----a-w- c:\windows\system32\NETwNc32.dll

2012-05-24 01:36 . 2010-02-27 01:31 132480 ----a-w- c:\windows\system32\drivers\Impcd.sys

2012-05-23 21:56 . 2009-07-14 05:27 1461992 ----a-r- c:\windows\system32\WdfCoInstaller01009.dll

2012-05-23 21:56 . 2011-01-06 04:42 284792 ----a-r- c:\windows\system32\drivers\Apfiltr.sys

2012-05-23 21:53 . 2011-04-27 23:07 302120 ----a-w- c:\windows\system32\drivers\btwampfl.sys

2012-05-23 21:52 . 2009-09-16 20:07 144576 ----a-w- c:\windows\system32\drivers\CtClsFlt.sys

2012-05-23 21:52 . 2009-05-28 14:48 134144 ----a-w- c:\windows\system32\drivers\CtAudDrv.sys

2012-05-23 21:52 . 2012-02-21 23:17 8192 ----a-w- c:\windows\system32\drivers\IntelMEFWVer.dll

2012-05-23 21:51 . 2012-06-08 22:08 -------- d--h--w- c:\windows\system32\WLANProfiles

2012-05-23 21:49 . 2012-05-23 21:49 -------- dc----w- c:\windows\system32\DRVSTORE

2012-05-23 21:49 . 2011-07-16 01:30 17904 ----a-w- c:\windows\system32\drivers\stdcfltn.sys

2012-05-23 21:49 . 2011-07-22 18:45 81520 ----a-w- c:\windows\system32\accelernco01.dll

2012-05-23 21:49 . 2011-07-22 16:28 44144 ----a-w- c:\windows\system32\drivers\accelern.sys

2012-05-23 21:44 . 2010-01-27 09:28 140288 ----a-w- c:\windows\system32\aestacap.dll

2012-05-23 21:44 . 2009-10-10 07:45 380928 ----a-w- c:\windows\system32\aestecap.dll

2012-05-23 21:44 . 2009-03-03 08:57 61440 ----a-w- c:\windows\system32\aestaren.dll

2012-05-23 21:44 . 2011-01-25 08:57 4644864 ----a-w- c:\windows\system32\stlang.dll

2012-05-23 21:44 . 2011-01-25 08:57 11870298 ----a-w- c:\windows\system32\idtsg.cpl

2012-05-23 21:43 . 2012-05-23 21:51 -------- d-----w- C:\Intel

.

(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))

.

2012-06-09 04:23 . 2010-11-20 21:29 187904 ----a-w- c:\windows\system32\drivers\netbt.sys

2012-06-04 15:54 . 2010-11-30 11:28 17816 ----a-w- c:\programdata\Microsoft\MSOIdentityCRL\production\msoidconfig.dll

.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))

.

*Note* empty entries & legit default entries are not shown

REGEDIT4

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"Apoint"="c:\program files\DellTPad\Apoint.exe" [2011-01-05 488816]

"IgfxTray"="c:\windows\system32\igfxtray.exe" [2011-06-28 142616]

"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2011-06-28 177432]

"Persistence"="c:\windows\system32\igfxpers.exe" [2011-06-28 176408]

"FreeFallProtection"="c:\program files\STMicroelectronics\AccelerometerP11\FF_Protection.exe" [2011-07-25 686704]

"IntelPROSet"="c:\program files\Common Files\Intel\WirelessCommon\iFrmewrk.exe" [2010-12-23 1210640]

"Dell Webcam Central"="c:\program files\Dell Webcam\Dell Webcam Central\WebcamDell2.exe" [2010-03-12 462993]

"RemoteControl9"="c:\program files\CyberLink\PowerDVD9\PDVD9Serv.exe" [2009-07-06 87336]

"PDVD9LanguageShortcut"="c:\program files\CyberLink\PowerDVD9\Language\Language.exe" [2010-04-29 50472]

"RoxWatchTray"="c:\program files\Common Files\Roxio Shared\OEM\12.0\SharedCOM\RoxWatchTray12OEM.exe" [2010-11-25 240112]

"Desktop Disc Tool"="c:\program files\Roxio\OEM\Roxio Burn\RoxioBurnLauncher.exe" [2010-11-17 514544]

"AeXAgentLogon"="c:\program files\Altiris\Altiris Agent\AeXAgentActivate.exe" [2010-02-26 152872]

"BCSSync"="c:\program files\Microsoft Office\Office14\BCSSync.exe" [2010-03-13 91520]

"McAfeeUpdaterUI"="c:\program files\McAfee\Common Framework\udaterui.exe" [2011-01-12 161088]

"ShStatEXE"="c:\program files\McAfee\VirusScan Enterprise\SHSTAT.EXE" [2011-01-12 215360]

"McAfee Host Intrusion Prevention Tray"="c:\program files\McAfee\Host Intrusion Prevention\FireTray.exe" [2011-04-13 979104]

"Communicator"="c:\program files\Microsoft Lync\communicator.exe" [2012-03-25 12071200]

"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2012-03-27 37296]

"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2012-01-02 843712]

"DameWare MRC Agent"="c:\windows\system32\DWRCST.exe" [2010-08-06 85528]

.

c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\

Bluetooth.lnk - c:\program files\WIDCOMM\Bluetooth Software\BTTray.exe [2011-2-7 840992]

Dell System Manager.lnk - c:\program files\Dell\Dell System Manager\DCPSysMgr.exe [2011-1-20 1459056]

Digital Line Detect.lnk - c:\program files\Digital Line Detect\DLG.exe [2012-5-23 50688]

Snagit 11.lnk - c:\program files\TechSmith\Snagit 11\Snagit32.exe [2012-5-16 9063352]

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]

"ConsentPromptBehaviorAdmin"= 0 (0x0)

"ConsentPromptBehaviorUser"= 3 (0x3)

"EnableLUA"= 0 (0x0)

"EnableUIADesktopToggle"= 0 (0x0)

"EnableLinkedConnections"= 1 (0x1)

.

[HKEY_LOCAL_MACHINE\software\policies\microsoft\windows\windowsupdate\au]

"NoAutoUpdate"= 1 (0x1)

.

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]

Security Packages REG_MULTI_SZ kerberos msv1_0 schannel wdigest tspkg pku2u msoidssp

.

[HKEY_LOCAL_MACHINE\software\microsoft\security center]

"AntiVirusOverride"=dword:00000001

"FirewallOverride"=dword:00000001

.

R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]

R2 RoxWatch12;Roxio Hard Drive Watcher 12;c:\program files\Common Files\Roxio Shared\OEM\12.0\SharedCOM\RoxWatch12OEM.exe [2010-11-25 219632]

R3 BTWAMPFL;BTWAMPFL;c:\windows\system32\DRIVERS\btwampfl.sys [2011-04-27 302120]

R3 btwl2cap;Bluetooth L2CAP Service;c:\windows\system32\DRIVERS\btwl2cap.sys [2011-04-27 33832]

R3 CtAudDrv;Provides advanced audio effects for audio devices.;c:\windows\system32\Drivers\CtAudDrv.sys [2009-05-28 134144]

R3 dmvsc;dmvsc;c:\windows\system32\drivers\dmvsc.sys [2010-11-20 62464]

R3 Firehk;McAfee NDIS Intermediate Filter;c:\windows\system32\DRIVERS\firehk.sys [2008-10-17 44680]

R3 IgniteService;IgniteService;c:\program files\IgniteCDS\IgniteService.exe [2012-06-02 90464]

R3 Impcd;Impcd;c:\windows\system32\drivers\Impcd.sys [2010-02-27 132480]

R3 mferkdet;McAfee Inc. mferkdet;c:\windows\system32\drivers\mferkdet.sys [2011-10-06 87392]

R3 Microsoft SharePoint Workspace Audit Service;Microsoft SharePoint Workspace Audit Service;c:\program files\Microsoft Office\Office14\GROOVE.EXE [2010-12-28 31124344]

R3 O2MDFRDR;O2MDFRDR;c:\windows\system32\drivers\O2MDFw7.sys [2011-01-04 60904]

R3 osppsvc;Office Software Protection Platform;c:\program files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE [2010-01-10 4640000]

R3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;c:\windows\system32\drivers\rdpvideominiport.sys [2010-11-20 15872]

R3 RoxMediaDB12OEM;RoxMediaDB12OEM;c:\program files\Common Files\Roxio Shared\OEM\12.0\SharedCOM\RoxMediaDB12OEM.exe [2010-11-25 1116656]

R3 Synth3dVsc;Microsoft Virtual 3D Video Transport Driver;c:\windows\system32\drivers\Synth3dVsc.sys [2010-11-20 77184]

R3 tcm;tcm;c:\windows\system32\drivers\tcm.sys [2009-04-17 12952]

R3 terminpt;Microsoft Remote Desktop Input Driver;c:\windows\system32\drivers\terminpt.sys [2010-11-20 25600]

R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [2010-11-20 52224]

R3 TsUsbGD;Remote Desktop Generic USB Device;c:\windows\system32\drivers\TsUsbGD.sys [2010-11-20 27264]

R3 tsusbhub;Remote Deskotop USB Hub;c:\windows\system32\drivers\tsusbhub.sys [2010-11-20 112640]

R3 VGPU;VGPU;c:\windows\system32\drivers\rdvgkmd.sys [x]

R3 WDC_SAM;WD SCSI Pass Thru driver;c:\windows\system32\DRIVERS\wdcsam.sys [2008-05-06 11520]

S0 mfewfpk;McAfee Inc. mfewfpk;c:\windows\system32\drivers\mfewfpk.sys [2011-10-06 165416]

S0 stdcfltn;Disk Class Filter Driver for Accelerometer;c:\windows\system32\DRIVERS\stdcfltn.sys [2011-07-16 17904]

S1 dwvkbd;DameWare Virtual Keyboard 32 bit Driver;c:\windows\system32\DRIVERS\dwvkbd.sys [2007-02-15 26624]

S1 vwififlt;Virtual WiFi Filter Driver;c:\windows\system32\DRIVERS\vwififlt.sys [2009-07-13 48128]

S1 WebMail_;WebMail_;c:\windows\system32\WebMail_.sys [2012-06-01 77760]

S2 AESTFilters;Andrea ST Filters Service;c:\program files\IDT\WDM\aestsrv.exe [2009-03-03 81920]

S2 BackWeb Plug-in - 9684826;Passport_Direct;c:\program files\Passport_Direct\9684826\Program\ServiceWrapper-9684826.exe [2012-06-02 24615]

S2 dcpsysmgrsvc;Dell System Manager Service;c:\program files\Dell\Dell System Manager\DCPSysMgrSvc.exe [2011-01-20 388464]

S2 enterceptAgent;McAfee Host Intrusion Prevention Service;c:\program files\McAfee\Host Intrusion Prevention\FireSvc.exe [2011-04-13 1506464]

S2 hips;McAfee HIPSCore Service;c:\program files\McAfee\Host Intrusion Prevention\HIPSCore\HIPSvc.exe [2011-04-13 35696]

S2 HsfXAudioService;HsfXAudioService;c:\windows\system32\svchost.exe [2009-07-14 20992]

S2 JuniperAccessService;Juniper Unified Network Service;c:\program files\Common Files\Juniper Networks\JUNS\dsAccessService.exe [2010-08-16 198000]

S2 Lotus Notes Diagnostics;Lotus Notes Diagnostics;c:\program files\Lotus\Notes\nsd.exe [2010-09-30 3405192]

S2 mfevtp;McAfee Validation Trust Protection Service;c:\windows\system32\mfevtps.exe [2011-10-06 148520]

S2 msoidsvc;Microsoft Online Services Sign-in Assistant;c:\program files\Common Files\Microsoft Shared\Microsoft Online Services\MSOIDSVC.EXE [2011-04-28 1577376]

S2 SSPREnrollService;SSPREnrollService;c:\program files\Passlogix\v-GO SSPR Client\SSPREnrollService.exe [2010-10-28 128952]

S2 UNS;Intel® Management and Security Application User Notification Service;c:\program files\Intel\Intel® Management Engine Components\UNS\UNS.exe [2012-01-19 2594584]

S2 WebMail;WebMail;c:\windows\system32\WebMail.exe [2012-06-01 933888]

S2 ZcfgSvc7;Intel® PROSet/Wireless ZeroConfig Service;c:\program files\Intel\WiFi\bin\ZCfgSvc7.exe [2010-12-23 577536]

S3 Acceler;Accelerometer Service;c:\windows\system32\drivers\accelern.sys [2011-07-22 44144]

S3 CtClsFlt;Creative Camera Class Upper Filter Driver;c:\windows\system32\DRIVERS\CtClsFlt.sys [2009-09-16 144576]

S3 DwMirror;DwMirror;c:\windows\system32\DRIVERS\DamewareMini.sys [2007-02-07 3712]

S3 FirehkMP;FirehkMP;c:\windows\system32\DRIVERS\firehk.sys [2008-10-17 44680]

S3 HIPK;McAfee Inc. HIPK;c:\windows\system32\drivers\HIPK.sys [2011-04-13 107928]

S3 HIPPSK;McAfee Inc. HIPPSK;c:\windows\system32\drivers\HIPPSK.sys [2011-04-13 38680]

S3 HIPQK;McAfee Inc. HIPQK;c:\windows\system32\drivers\HIPQK.sys [2011-04-13 35552]

S3 IntcDAud;Intel® Display Audio;c:\windows\system32\DRIVERS\IntcDAud.sys [2010-10-15 269824]

S3 MEI;Intel® Management Engine Interface ;c:\windows\system32\drivers\HECI.sys [2011-09-22 41216]

S3 NETwNs32;___ Intel® Wireless WiFi Link 5000 Series Adapter Driver for Windows 7 - 32 Bit;c:\windows\system32\DRIVERS\NETwNs32.sys [2010-12-21 7434240]

S3 O2MDRRDR;O2MDRRDR;c:\windows\system32\drivers\O2MDRw7.sys [2011-01-04 62440]

S3 O2SDJRDR;O2SDJRDR;c:\windows\system32\drivers\o2sdjw7.sys [2011-01-04 63848]

.

--- Other Services/Drivers In Memory ---

.

*Deregistered* - mfeavfk01

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]

HsfXAudioService REG_MULTI_SZ HsfXAudioService

HPZ12 REG_MULTI_SZ Pml Driver HPZ12 Net Driver HPZ12

.

------- Supplementary Scan -------

.

uStart Page = hxxp://www.google.com/

IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~1\Office14\EXCEL.EXE/3000

IE: Send image to &Bluetooth Device... - c:\program files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm

IE: Send page to &Bluetooth Device... - c:\program files\WIDCOMM\Bluetooth Software\btsendto_ie.htm

Trusted Zone: expedia.be

Trusted Zone: expedia.co.uk

Trusted Zone: expedia.com

Trusted Zone: expedia.de

Trusted Zone: expedia.es

Trusted Zone: expedia.fr

Trusted Zone: expedia.it

Trusted Zone: expedia.nl

Trusted Zone: flowstar.net

Trusted Zone: sumtotalsystems.com

TCP: DhcpNameServer = 192.168.1.1

Handler: bwfile-9684826 - {2DF0241D-8A6A-4E10-A11B-C2E432CF2A28} - c:\program files\Passport_Direct\9684826\Program\GAPlugProtocol-9684826.dll

DPF: {51BB7DFD-A6F5-4FAC-B8C9-E71CF84D082C} - hxxp://ormnm21.flowserve.net/Altiris/NS/NSCap/Bin/Win32/x86/AltirisNSConsole.cab

.

- - - - ORPHANS REMOVED - - - -

.

HKLM-Run-skmsvf - c:\users\snayak\AppData\Roaming\skmsvf.dll

HKLM-Run-dcpat - c:\users\snayak\AppData\Roaming\dcpat.dll

SafeBoot-02595056.sys

SafeBoot-Wdf01000.sys

.

--------------------- LOCKED REGISTRY KEYS ---------------------

.

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]

@Denied: (A) (Users)

@Denied: (A) (Everyone)

@Allowed: (B 1 2 3 4 5) (S-1-5-20)

"BlindDial"=dword:00000000

.

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]

@Denied: (Full) (Everyone)

.

--------------------- DLLs Loaded Under Running Processes ---------------------

.

- - - - - - - > 'Explorer.exe'(4832)

c:\program files\WIDCOMM\Bluetooth Software\btmmhook.dll

c:\windows\system32\KevlarSigs.dll

c:\program files\WIDCOMM\Bluetooth Software\btncopy.dll

.

------------------------ Other Running Processes ------------------------

.

c:\program files\IDT\WDM\STacSV.exe

c:\program files\Intel\WiFi\bin\EvtEng.exe

c:\windows\system32\WLANExt.exe

c:\windows\system32\conhost.exe

c:\windows\system32\wbem\unsecapp.exe

c:\program files\Altiris\Altiris Agent\AeXNSAgent.exe

c:\program files\WIDCOMM\Bluetooth Software\btwdins.exe

c:\program files\Juniper Networks\Common Files\dsNcService.exe

c:\windows\system32\DWRCS.exe

c:\program files\Lotus\Notes\nslsvice.exe

c:\program files\McAfee\Common Framework\FrameworkService.exe

c:\program files\McAfee\VirusScan Enterprise\vstskmgr.exe

c:\program files\McAfee\VirusScan Enterprise\mfeann.exe

c:\windows\system32\conhost.exe

c:\program files\Lotus\Notes\ntmulti.exe

c:\windows\system32\DRIVERS\o2flash.exe

c:\program files\Common Files\Microsoft Shared\Microsoft Online Services\MSOIDSvcm.exe

c:\program files\Common Files\Intel\WirelessCommon\RegSrvc.exe

c:\program files\McAfee\Common Framework\naPrdMgr.exe

c:\program files\Common Files\McAfee\SystemCore\mcshield.exe

c:\windows\system32\wbem\WmiApSrv.exe

c:\windows\system32\taskhost.exe

c:\windows\system32\conhost.exe

c:\program files\DellTPad\ApMsgFwd.exe

c:\program files\DellTPad\Apntex.exe

c:\windows\system32\conhost.exe

c:\program files\DellTPad\HidFind.exe

c:\program files\Passport_Direct\9684826\Program\Passport_Direct.exe

c:\windows\system32\igfxext.exe

c:\program files\TechSmith\Snagit 11\TSCHelp.exe

c:\program files\TechSmith\Snagit 11\SnagPriv.exe

c:\windows\system32\wbem\unsecapp.exe

c:\program files\McAfee\Common Framework\McTray.exe

c:\program files\TechSmith\Snagit 11\snagiteditor.exe

c:\program files\Intel\Intel® Management Engine Components\LMS\LMS.exe

c:\windows\system32\sppsvc.exe

.

**************************************************************************

.

Completion time: 2012-06-09 00:43:37 - machine was rebooted

ComboFix-quarantined-files.txt 2012-06-09 05:43

.

Pre-Run: 258,743,771,136 bytes free

Post-Run: 258,719,485,952 bytes free

.

- - End Of File - - 1CB4B8F27AECC628E758C332F64F5EA3

gringo_pr · June 9, 2012

Greetings

At this time I would like you to run this script for me and it is a good time to check out the computer to see if there is anything else that needs to be addressed.

:Run CFScript:

Open Notepad and copy/paste the text in the box into the window:

 ClearJavaCache::

Save it to your desktop as CFScript.txt

Refering to the picture above, drag CFScript.txt into ComboFix.exe

This will let ComboFix run again.

Restart if you have to.

Save the produced logfile to your desktop.

Note: Do not mouseclick combofix's window whilst it's running. That may cause it to stall

Note 2: If you recieve an error "Illegal operation attempted on a registery key that has been marked for deletion." Please restart the computer

"information and logs"

In your next post I need the following

report from Combofix
let me know of any problems you may have had
How is the computer doing now after running the script?

Gringo

Jai · June 9, 2012

_{Hi Gringo,}

_{Report pasted below.}_{Combofix did not restart the computer. But Windows Explorer was not getting recognized. So I did a restart and that made Windows Explorer work.}
_{Problems - I kept getting the "Windows cannot find NIRKMD. Make sure you typed ..." error. Can this error be ignored? Is it related to McAfee running?}
_{I restarted wireless connection and tested some of the earlier google results that were getting redirected earlier. There were no redirects.}

_{Really appreciate all your help and immediate attention. Please suggest any further actions that I need to take, if any.}

_{Below is the output from Combofix:}

_{_{ComboFix 12-06-08.02 - snayak 06/09/2012 8:10.2.4 - x86}}

_{_{Microsoft Windows 7 Enterprise 6.1.7601.1.1252.1.1033.18.3241.1977 [GMT -5:00]}}

_{_{Running from: c:\users\snayak\Desktop\ComboFix.exe}}

_{_{Command switches used :: c:\users\snayak\Desktop\CFScript.txt}}

_{_{AV: McAfee VirusScan Enterprise *Enabled/Updated* {86355677-4064-3EA7-ABB3-1B136EB04637}}}

_{_{FW: McAfee Host Intrusion Prevention Firewall *Disabled* {BE0ED752-0A0B-3FFF-80EC-B2269063014C}}}

_{_{SP: McAfee VirusScan Enterprise Antispyware Module *Enabled/Updated* {3D54B793-665E-3129-9103-206115370C8A}}}

_{_{SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}}}

_{_{* Resident AV is active}}

_{_.}

_{_{((((((((((((((((((((((((( Files Created from 2012-05-09 to 2012-06-09 )))))))))))))))))))))))))))))))}}

_{_.}

_{_{2012-06-09 13:18 . 2012-06-09 13:18 -------- d-----w- c:\users\Default\AppData\Local\temp}}

_{_{2012-06-09 04:20 . 2012-06-09 04:20 -------- d-----w- C:\TDSSKiller_Quarantine}}

_{_{2012-06-09 03:27 . 2012-06-09 05:14 -------- d-----w- C:\stuff}}

_{_{2012-06-07 01:43 . 2012-04-04 20:56 22344 ----a-w- c:\windows\system32\drivers\mbam.sys}}

_{_{2012-06-07 01:20 . 2012-06-07 01:20 -------- d-sh--w- c:\windows\system32\%APPDATA%}}

_{_{2012-06-06 17:36 . 2012-06-09 13:10 -------- d-----w- C:\Quarantine}}

_{_{2012-06-05 23:26 . 2012-06-05 23:27 -------- d-----w- C:\OraHome_1}}

_{_{2012-06-05 15:52 . 2012-06-05 15:52 -------- d-----w- c:\windows\Sun}}

_{_{2012-06-05 15:27 . 2004-12-22 21:16 721168 ----a-w- c:\windows\system32\VB40032.DLL}}

_{_{2012-06-05 15:27 . 2004-12-23 04:19 77824 ----a-w- c:\windows\system32\WindowsAccessBridge.dll}}

_{_{2012-06-05 15:27 . 2004-12-23 04:19 28672 ----a-w- c:\windows\system32\JAWTAccessBridge.dll}}

_{_{2012-06-05 15:27 . 2004-12-23 04:19 139264 ----a-w- c:\windows\system32\JavaAccessBridge.dll}}

_{_{2012-06-04 18:27 . 2012-06-04 18:35 -------- d-----w- C:\Saves}}

_{_{2012-06-04 18:18 . 2012-06-05 03:42 -------- d-----w- C:\P}}

_{_{2012-06-04 18:18 . 2012-06-04 18:18 -------- d-----w- C:\STAR}}

_{_{2012-06-04 18:16 . 2012-06-06 23:24 -------- d-----w- C:\SN}}

_{_{2012-06-04 18:15 . 2012-06-04 18:16 -------- d-----w- C:\SN-Archive}}

_{_{2012-06-04 18:04 . 2011-04-13 16:24 40328 ----a-w- c:\windows\system32\HIPIS0e011b8.dll}}

_{_{2012-06-04 17:26 . 2010-08-27 06:56 398704 ----a-w- c:\windows\system32\dsNcSmartCardProv.dll}}

_{_{2012-06-04 17:26 . 2010-08-27 06:56 345456 ----a-w- c:\windows\system32\dsNcCredProv.dll}}

_{_{2012-06-04 16:45 . 2012-06-04 16:45 -------- d-----w- C:\Motorola}}

_{_{2012-06-04 16:45 . 2009-10-09 16:51 -------- d-----w- C:\fslrdr}}

_{_{2012-06-04 16:37 . 2010-02-19 15:51 11264 ----a-w- c:\windows\system32\Spool\prtprocs\w32x86\x5print.dll}}

_{_{2012-06-04 15:59 . 2012-06-09 05:35 -------- d-----w- c:\users\snayak}}

_{_{2012-06-02 08:08 . 2012-03-03 05:31 1077248 ----a-w- c:\windows\system32\DWrite.dll}}

_{_{2012-06-02 08:07 . 2012-03-30 10:23 1291632 ----a-w- c:\windows\system32\drivers\tcpip.sys}}

_{_{2012-06-02 08:07 . 2012-03-17 07:27 56176 ----a-w- c:\windows\system32\drivers\partmgr.sys}}

_{_{2012-06-02 08:06 . 2012-02-17 04:14 183808 ----a-w- c:\windows\system32\drivers\rdpwd.sys}}

_{_{2012-06-02 08:06 . 2012-02-17 05:34 826880 ----a-w- c:\windows\system32\rdpcore.dll}}

_{_{2012-06-02 08:06 . 2012-02-17 05:34 919040 ----a-w- c:\windows\system32\rdpcorets.dll}}

_{_{2012-06-02 08:06 . 2012-02-17 04:13 24576 ----a-w- c:\windows\system32\drivers\tdtcp.sys}}

_{_{2012-06-02 08:05 . 2011-10-26 04:32 1328128 ----a-w- c:\windows\system32\quartz.dll}}

_{_{2012-06-02 08:05 . 2011-10-26 04:32 514560 ----a-w- c:\windows\system32\qdvd.dll}}

_{_{2012-06-02 08:05 . 2011-11-17 05:29 22528 ----a-w- c:\windows\system32\lsass.exe}}

_{_{2012-06-02 08:05 . 2011-11-17 05:34 15872 ----a-w- c:\windows\system32\sspisrv.dll}}

_{_{2012-06-02 08:05 . 2011-11-17 05:34 224768 ----a-w- c:\windows\system32\schannel.dll}}

_{_{2012-06-02 08:05 . 2011-11-17 05:34 22016 ----a-w- c:\windows\system32\secur32.dll}}

_{_{2012-06-02 08:05 . 2011-11-17 05:34 100352 ----a-w- c:\windows\system32\sspicli.dll}}

_{_{2012-06-02 08:05 . 2011-11-17 05:41 67440 ----a-w- c:\windows\system32\drivers\ksecdd.sys}}

_{_{2012-06-02 08:05 . 2011-11-17 05:41 134000 ----a-w- c:\windows\system32\drivers\ksecpkg.sys}}

_{_{2012-06-02 08:05 . 2011-11-17 05:35 314880 ----a-w- c:\windows\system32\webio.dll}}

_{_{2012-06-02 08:04 . 2011-11-17 05:32 1038848 ----a-w- c:\windows\system32\lsasrv.dll}}

_{_{2012-06-02 08:04 . 2011-11-17 05:39 369352 ----a-w- c:\windows\system32\drivers\cng.sys}}

_{_{2012-06-02 08:04 . 2011-11-19 14:01 67072 ----a-w- c:\windows\system32\packager.dll}}

_{_{2012-06-02 08:04 . 2011-10-26 04:28 38912 ----a-w- c:\windows\system32\csrsrv.dll}}

_{_{2012-06-02 08:03 . 2011-11-05 04:26 2048 ----a-w- c:\windows\system32\tzres.dll}}

_{_{2012-06-02 08:01 . 2011-08-17 04:24 465408 ----a-w- c:\windows\system32\psisdecd.dll}}

_{_{2012-06-02 08:01 . 2011-08-17 04:19 75776 ----a-w- c:\windows\system32\psisrndr.ax}}

_{_{2012-06-02 08:01 . 2011-08-27 04:26 571904 ----a-w- c:\windows\system32\oleaut32.dll}}

_{_{2012-06-02 08:01 . 2011-08-27 04:26 233472 ----a-w- c:\windows\system32\oleacc.dll}}

_{_{2012-06-02 01:56 . 2012-06-02 01:56 -------- d-----w- C:\IgniteTech}}

_{_{2012-06-02 01:56 . 2012-06-02 01:56 303104 ----a-w- c:\windows\9684826Uninstall.exe}}

_{_{2012-06-02 01:56 . 2012-06-02 01:56 262202 ------r- c:\windows\bwUnin-8.2.0.29-9684826SL.exe}}

_{_{2012-06-01 21:06 . 2012-06-01 21:06 933888 ----a-w- c:\windows\system32\WebMail_.exe}}

_{_{2012-06-01 21:05 . 2012-06-01 21:05 933888 ----a-w- c:\windows\system32\WebMail.exe}}

_{_{2012-06-01 21:05 . 2012-06-01 21:05 77760 ----a-w- c:\windows\system32\WebMail_.sys}}

_{_{2012-06-01 20:59 . 2012-06-01 20:59 -------- d-----w- c:\users\Default\AppData\Local\Microsoft Help}}

_{_{2012-06-01 20:50 . 2005-05-03 19:39 135168 ----a-w- c:\windows\system32\KXproc.dll}}

_{_{2012-06-01 20:50 . 2002-12-18 12:01 995383 ----a-w- c:\windows\system32\temp.001}}

_{_{2012-06-01 20:50 . 2002-12-18 11:54 378880 ----a-w- c:\windows\system32\KXauth.dll}}

_{_{2012-06-01 20:50 . 2002-12-18 11:53 69632 ----a-w- c:\windows\system32\temp.002}}

_{_{2012-06-01 20:50 . 2001-08-10 06:26 278581 ----a-w- c:\windows\system32\temp.000}}

_{_{2012-06-01 20:49 . 2012-06-01 20:49 -------- d-----w- c:\users\Default\AppData\Roaming\McAfee}}

_{_{2012-06-01 20:43 . 2012-05-03 05:17 143008 ----a-w- c:\windows\system32\KevlarSigs.dll}}

_{_{2012-06-01 20:43 . 2011-04-13 16:24 60344 ----a-w- c:\windows\system32\HcApi.dll}}

_{_{2012-06-01 20:43 . 2011-04-13 16:24 229264 ----a-w- c:\windows\system32\HcSql.dll}}

_{_{2012-06-01 20:43 . 2011-04-13 16:24 20256 ----a-w- c:\windows\system32\HcSvc.dll}}

_{_{2012-06-01 20:42 . 2011-04-13 16:24 65960 ----a-w- c:\windows\system32\drivers\mfetdik.sys}}

_{_{2012-06-01 20:42 . 2011-04-13 16:24 44448 ----a-w- c:\windows\system32\hipqa.dll}}

_{_{2012-06-01 20:42 . 2011-04-13 16:24 38680 ----a-w- c:\windows\system32\drivers\HIPPSK.sys}}

_{_{2012-06-01 20:42 . 2011-04-13 16:24 35552 ----a-w- c:\windows\system32\drivers\HIPQK.sys}}

_{_{2012-06-01 20:42 . 2011-04-13 16:24 25912 ----a-w- c:\windows\system32\mfehida.dll}}

_{_{2012-06-01 20:42 . 2011-04-13 16:24 107928 ----a-w- c:\windows\system32\drivers\HIPK.sys}}

_{_{2012-06-01 20:42 . 2008-10-17 20:26 44680 ----a-w- c:\windows\system32\drivers\firehk.sys}}

_{_{2012-06-01 20:41 . 2012-06-04 15:53 -------- d-----w- c:\users\flsusaxs}}

_{_{2012-06-01 18:49 . 2011-10-06 18:18 9344 ----a-w- c:\windows\system32\drivers\mfeclnk.sys}}

_{_{2012-06-01 18:49 . 2011-10-06 18:18 87392 ----a-w- c:\windows\system32\drivers\mferkdet.sys}}

_{_{2012-06-01 18:49 . 2011-10-06 18:17 74848 ----a-w- c:\windows\system32\MfeOtlkAddin.dll}}

_{_{2012-06-01 18:49 . 2011-10-06 18:17 22816 ----a-w- c:\windows\system32\MFEOtlk.dll}}

_{_{2012-06-01 18:49 . 2011-10-06 18:17 463912 ----a-w- c:\windows\system32\drivers\mfehidk.sys}}

_{_{2012-06-01 18:49 . 2011-10-06 18:16 59192 ----a-w- c:\windows\system32\drivers\mfebopk.sys}}

_{_{2012-06-01 18:49 . 2011-10-06 18:16 180328 ----a-w- c:\windows\system32\drivers\mfeavfk.sys}}

_{_{2012-06-01 18:49 . 2011-10-06 18:16 120992 ----a-w- c:\windows\system32\drivers\mfeapfk.sys}}

_{_{2012-06-01 18:49 . 2011-10-06 18:18 165416 ----a-w- c:\windows\system32\drivers\mfewfpk.sys}}

_{_{2012-06-01 18:49 . 2011-10-06 18:18 148520 ----a-w- c:\windows\system32\mfevtps.exe}}

_{_{2012-06-01 18:42 . 2012-06-01 18:42 -------- d-----w- c:\windows\PCHEALTH}}

_{_{2012-06-01 18:41 . 2012-06-01 18:41 -------- d-----r- C:\MSOCache}}

_{_{2012-06-01 18:38 . 2012-06-08 20:35 -------- d--h--w- c:\windows\system32\dwrcssft}}

_{_{2012-05-24 01:40 . 2012-05-24 01:40 3968368 ----a-w- c:\windows\system32\ntkrnlpa.exe}}

_{_{2012-05-24 01:37 . 2010-12-17 10:52 115640 ----a-r- c:\windows\system32\Vxdif.dll}}

_{_{2012-05-24 01:36 . 2011-01-04 21:41 62440 ----a-w- c:\windows\system32\drivers\O2MDRw7.sys}}

_{_{2012-05-24 01:36 . 2011-01-04 20:44 60904 ----a-w- c:\windows\system32\drivers\o2mdfw7.sys}}

_{_{2012-05-24 01:36 . 2011-01-04 20:29 63848 ----a-w- c:\windows\system32\drivers\o2sdjw7.sys}}

_{_{2012-05-24 01:36 . 2010-03-03 15:49 1145448 ----a-w- c:\windows\system32\O2Icon.dll}}

_{_{2012-05-24 01:36 . 2010-02-11 16:50 72296 ----a-w- c:\windows\system32\drivers\o2flash.exe}}

_{_{2012-05-24 01:36 . 2010-02-11 00:39 1178216 ----a-w- c:\windows\system32\O2Icon_2.dll}}

_{_{2012-05-24 01:36 . 2010-12-21 18:07 7434240 ----a-w- c:\windows\system32\drivers\NETwNs32.sys}}

_{_{2012-05-24 01:36 . 2010-05-19 06:31 2760704 ----a-w- c:\windows\system32\NETwNr32.dll}}

_{_{2012-05-24 01:36 . 2010-05-19 06:29 684032 ----a-w- c:\windows\system32\NETwNc32.dll}}

_{_{2012-05-24 01:36 . 2010-02-27 01:31 132480 ----a-w- c:\windows\system32\drivers\Impcd.sys}}

_{_{2012-05-23 21:56 . 2009-07-14 05:27 1461992 ----a-r- c:\windows\system32\WdfCoInstaller01009.dll}}

_{_{2012-05-23 21:56 . 2011-01-06 04:42 284792 ----a-w- c:\windows\system32\drivers\Apfiltr.sys}}

_{_{2012-05-23 21:53 . 2011-04-27 23:07 302120 ----a-w- c:\windows\system32\drivers\btwampfl.sys}}

_{_{2012-05-23 21:52 . 2009-09-16 20:07 144576 ----a-w- c:\windows\system32\drivers\CtClsFlt.sys}}

_{_{2012-05-23 21:52 . 2009-05-28 14:48 134144 ----a-w- c:\windows\system32\drivers\CtAudDrv.sys}}

_{_{2012-05-23 21:52 . 2012-02-21 23:17 8192 ----a-w- c:\windows\system32\drivers\IntelMEFWVer.dll}}

_{_{2012-05-23 21:51 . 2012-06-08 22:08 -------- d--h--w- c:\windows\system32\WLANProfiles}}

_{_{2012-05-23 21:49 . 2012-05-23 21:49 -------- dc----w- c:\windows\system32\DRVSTORE}}

_{_{2012-05-23 21:49 . 2011-07-16 01:30 17904 ----a-w- c:\windows\system32\drivers\stdcfltn.sys}}

_{_{2012-05-23 21:49 . 2011-07-22 18:45 81520 ----a-w- c:\windows\system32\accelernco01.dll}}

_{_{2012-05-23 21:49 . 2011-07-22 16:28 44144 ----a-w- c:\windows\system32\drivers\accelern.sys}}

_{_{2012-05-23 21:44 . 2010-01-27 09:28 140288 ----a-w- c:\windows\system32\aestacap.dll}}

_{_{2012-05-23 21:44 . 2009-10-10 07:45 380928 ----a-w- c:\windows\system32\aestecap.dll}}

_{_{2012-05-23 21:44 . 2009-03-03 08:57 61440 ----a-w- c:\windows\system32\aestaren.dll}}

_{_{2012-05-23 21:44 . 2011-01-25 08:57 4644864 ----a-w- c:\windows\system32\stlang.dll}}

_{_{2012-05-23 21:44 . 2011-01-25 08:57 11870298 ----a-w- c:\windows\system32\idtsg.cpl}}

_{_{2012-05-23 21:43 . 2012-05-23 21:51 -------- d-----w- C:\Intel}}

_{_.}

_{_{(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))}}

_{_.}

_{_{2012-06-09 04:23 . 2010-11-20 21:29 187904 ----a-w- c:\windows\system32\drivers\netbt.sys}}

_{_{2012-06-04 15:54 . 2010-11-30 11:28 17816 ----a-w- c:\programdata\Microsoft\MSOIdentityCRL\production\msoidconfig.dll}}

_{_.}

_{_{(((((((((((((((((((((((((((((}}_{_{SnapShot@2012-06-09_05.39.16}}_{_{)))))))))))))))))))))))))))))))))))))))))}}

_{_.}

_{_{+ 2010-11-20 21:20 . 2012-06-09 12:36 43544 c:\windows\System32\wdi\ShutdownPerformanceDiagnostics_SystemData.bin}}

_{_{+ 2009-07-14 04:55 . 2012-06-09 12:36 52012 c:\windows\System32\wdi\BootPerformanceDiagnostics_SystemData.bin}}

_{_{- 2012-06-01 22:11 . 2012-06-09 05:12 16384 c:\windows\ServiceProfiles\LocalService\AppData\Roaming\Microsoft\Windows\Cookies\index.dat}}

_{_{+ 2012-06-01 22:11 . 2012-06-09 13:12 16384 c:\windows\ServiceProfiles\LocalService\AppData\Roaming\Microsoft\Windows\Cookies\index.dat}}

_{_{- 2012-06-01 22:11 . 2012-06-09 05:12 16384 c:\windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat}}

_{_{+ 2012-06-01 22:11 . 2012-06-09 13:12 16384 c:\windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat}}

_{_{- 2012-06-09 05:24 . 2012-06-09 05:37 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive1.dat}}

_{_{+ 2012-06-09 12:33 . 2012-06-09 12:33 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive1.dat}}

_{_{- 2012-06-09 05:24 . 2012-06-09 05:37 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat}}

_{_{+ 2012-06-09 12:33 . 2012-06-09 12:33 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat}}

_{_{- 2012-06-01 17:12 . 2012-06-09 05:37 360448 c:\windows\System32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat}}

_{_{+ 2012-06-01 17:12 . 2012-06-09 12:33 360448 c:\windows\System32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat}}

_{_{+ 2012-06-09 12:33 . 2012-06-09 12:33 127577 c:\windows\System32\api_hook_list.dat}}

_{_{- 2012-06-09 05:37 . 2012-06-09 05:37 127577 c:\windows\System32\api_hook_list.dat}}

_{_{- 2009-07-14 04:47 . 2012-06-09 05:24 364908 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-System.dat}}

_{_{+ 2009-07-14 04:47 . 2012-06-09 05:52 364908 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-System.dat}}

_{_{+ 2012-06-04 17:52 . 2012-06-09 05:52 364908 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-S-1-5-21-1592594467-299521691-1307212239-108594-12288.dat}}

_{_{- 2012-06-04 17:52 . 2012-06-09 05:24 364908 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-S-1-5-21-1592594467-299521691-1307212239-108594-12288.dat}}

_{_{- 2012-06-01 17:12 . 2012-06-09 05:37 3162112 c:\windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat}}

_{_{+ 2012-06-01 17:12 . 2012-06-09 12:33 3162112 c:\windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat}}

_{_{- 2009-07-14 04:41 . 2012-06-09 05:37 3457024 c:\windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat}}

_{_{+ 2009-07-14 04:41 . 2012-06-09 12:33 3457024 c:\windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat}}

_{_.}

_{_{((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))}}

_{_.}

_{_{*Note* empty entries & legit default entries are not shown}}

_{_REGEDIT4}

_{_.}

_{_{[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]}}

_{_{"Apoint"="c:\program files\DellTPad\Apoint.exe" [2011-01-05 488816]}}

_{_{"IgfxTray"="c:\windows\system32\igfxtray.exe" [2011-06-28 142616]}}

_{_{"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2011-06-28 177432]}}

_{_{"Persistence"="c:\windows\system32\igfxpers.exe" [2011-06-28 176408]}}

_{_{"FreeFallProtection"="c:\program files\STMicroelectronics\AccelerometerP11\FF_Protection.exe" [2011-07-25 686704]}}

_{_{"IntelPROSet"="c:\program files\Common Files\Intel\WirelessCommon\iFrmewrk.exe" [2010-12-23 1210640]}}

_{_{"Dell Webcam Central"="c:\program files\Dell Webcam\Dell Webcam Central\WebcamDell2.exe" [2010-03-12 462993]}}

_{_{"RemoteControl9"="c:\program files\CyberLink\PowerDVD9\PDVD9Serv.exe" [2009-07-06 87336]}}

_{_{"PDVD9LanguageShortcut"="c:\program files\CyberLink\PowerDVD9\Language\Language.exe" [2010-04-29 50472]}}

_{_{"RoxWatchTray"="c:\program files\Common Files\Roxio Shared\OEM\12.0\SharedCOM\RoxWatchTray12OEM.exe" [2010-11-25 240112]}}

_{_{"Desktop Disc Tool"="c:\program files\Roxio\OEM\Roxio Burn\RoxioBurnLauncher.exe" [2010-11-17 514544]}}

_{_{"AeXAgentLogon"="c:\program files\Altiris\Altiris Agent\AeXAgentActivate.exe" [2010-02-26 152872]}}

_{_{"BCSSync"="c:\program files\Microsoft Office\Office14\BCSSync.exe" [2010-03-13 91520]}}

_{_{"McAfeeUpdaterUI"="c:\program files\McAfee\Common Framework\udaterui.exe" [2011-01-12 161088]}}

_{_{"ShStatEXE"="c:\program files\McAfee\VirusScan Enterprise\SHSTAT.EXE" [2011-01-12 215360]}}

_{_{"McAfee Host Intrusion Prevention Tray"="c:\program files\McAfee\Host Intrusion Prevention\FireTray.exe" [2011-04-13 979104]}}

_{_{"Communicator"="c:\program files\Microsoft Lync\communicator.exe" [2012-03-25 12071200]}}

_{_{"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2012-03-27 37296]}}

_{_{"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2012-01-02 843712]}}

_{_{"DameWare MRC Agent"="c:\windows\system32\DWRCST.exe" [2010-08-06 85528]}}

_{_.}

_{_{c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\}}

_{_{Bluetooth.lnk - c:\program files\WIDCOMM\Bluetooth Software\BTTray.exe [2011-2-7 840992]}}

_{_{Dell System Manager.lnk - c:\program files\Dell\Dell System Manager\DCPSysMgr.exe [2011-1-20 1459056]}}

_{_{Digital Line Detect.lnk - c:\program files\Digital Line Detect\DLG.exe [2012-5-23 50688]}}

_{_{Snagit 11.lnk - c:\program files\TechSmith\Snagit 11\Snagit32.exe [2012-5-16 9063352]}}

_{_.}

_{_{[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]}}

_{_{"ConsentPromptBehaviorAdmin"= 0 (0x0)}}

_{_{"ConsentPromptBehaviorUser"= 3 (0x3)}}

_{_{"EnableLUA"= 0 (0x0)}}

_{_{"EnableUIADesktopToggle"= 0 (0x0)}}

_{_{"EnableLinkedConnections"= 1 (0x1)}}

_{_.}

_{_{[HKEY_LOCAL_MACHINE\software\policies\microsoft\windows\windowsupdate\au]}}

_{_{"NoAutoUpdate"= 1 (0x1)}}

_{_.}

_{_{[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]}}

_{_{Security Packages REG_MULTI_SZ kerberos msv1_0 schannel wdigest tspkg pku2u msoidssp}}

_{_.}

_{_{[HKEY_LOCAL_MACHINE\software\microsoft\security center]}}

_{_{"AntiVirusOverride"=dword:00000001}}

_{_{"FirewallOverride"=dword:00000001}}

_{_.}

_{_{R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]}}

_{_{R2 RoxWatch12;Roxio Hard Drive Watcher 12;c:\program files\Common Files\Roxio Shared\OEM\12.0\SharedCOM\RoxWatch12OEM.exe [2010-11-25 219632]}}

_{_{R3 BTWAMPFL;BTWAMPFL;c:\windows\system32\DRIVERS\btwampfl.sys [2011-04-27 302120]}}

_{_{R3 btwl2cap;Bluetooth L2CAP Service;c:\windows\system32\DRIVERS\btwl2cap.sys [2011-04-27 33832]}}

_{_{R3 CtAudDrv;Provides advanced audio effects for audio devices.;c:\windows\system32\Drivers\CtAudDrv.sys [2009-05-28 134144]}}

_{_{R3 dmvsc;dmvsc;c:\windows\system32\drivers\dmvsc.sys [2010-11-20 62464]}}

_{_{R3 Firehk;McAfee NDIS Intermediate Filter;c:\windows\system32\DRIVERS\firehk.sys [2008-10-17 44680]}}

_{_{R3 IgniteService;IgniteService;c:\program files\IgniteCDS\IgniteService.exe [2012-06-02 90464]}}

_{_{R3 Impcd;Impcd;c:\windows\system32\drivers\Impcd.sys [2010-02-27 132480]}}

_{_{R3 mferkdet;McAfee Inc. mferkdet;c:\windows\system32\drivers\mferkdet.sys [2011-10-06 87392]}}

_{_{R3 Microsoft SharePoint Workspace Audit Service;Microsoft SharePoint Workspace Audit Service;c:\program files\Microsoft Office\Office14\GROOVE.EXE [2010-12-28 31124344]}}

_{_{R3 O2MDFRDR;O2MDFRDR;c:\windows\system32\drivers\O2MDFw7.sys [2011-01-04 60904]}}

_{_{R3 osppsvc;Office Software Protection Platform;c:\program files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE [2010-01-10 4640000]}}

_{_{R3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;c:\windows\system32\drivers\rdpvideominiport.sys [2010-11-20 15872]}}

_{_{R3 RoxMediaDB12OEM;RoxMediaDB12OEM;c:\program files\Common Files\Roxio Shared\OEM\12.0\SharedCOM\RoxMediaDB12OEM.exe [2010-11-25 1116656]}}

_{_{R3 Synth3dVsc;Microsoft Virtual 3D Video Transport Driver;c:\windows\system32\drivers\Synth3dVsc.sys [2010-11-20 77184]}}

_{_{R3 tcm;tcm;c:\windows\system32\drivers\tcm.sys [2009-04-17 12952]}}

_{_{R3 terminpt;Microsoft Remote Desktop Input Driver;c:\windows\system32\drivers\terminpt.sys [2010-11-20 25600]}}

_{_{R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [2010-11-20 52224]}}

_{_{R3 TsUsbGD;Remote Desktop Generic USB Device;c:\windows\system32\drivers\TsUsbGD.sys [2010-11-20 27264]}}

_{_{R3 tsusbhub;Remote Deskotop USB Hub;c:\windows\system32\drivers\tsusbhub.sys [2010-11-20 112640]}}

_{_{R3 VGPU;VGPU;c:\windows\system32\drivers\rdvgkmd.sys [x]}}

_{_{R3 WDC_SAM;WD SCSI Pass Thru driver;c:\windows\system32\DRIVERS\wdcsam.sys [2008-05-06 11520]}}

_{_{S0 mfewfpk;McAfee Inc. mfewfpk;c:\windows\system32\drivers\mfewfpk.sys [2011-10-06 165416]}}

_{_{S0 stdcfltn;Disk Class Filter Driver for Accelerometer;c:\windows\system32\DRIVERS\stdcfltn.sys [2011-07-16 17904]}}

_{_{S1 dwvkbd;DameWare Virtual Keyboard 32 bit Driver;c:\windows\system32\DRIVERS\dwvkbd.sys [2007-02-15 26624]}}

_{_{S1 vwififlt;Virtual WiFi Filter Driver;c:\windows\system32\DRIVERS\vwififlt.sys [2009-07-13 48128]}}

_{_{S1 WebMail_;WebMail_;c:\windows\system32\WebMail_.sys [2012-06-01 77760]}}

_{_{S2 AESTFilters;Andrea ST Filters Service;c:\program files\IDT\WDM\aestsrv.exe [2009-03-03 81920]}}

_{_{S2 BackWeb Plug-in - 9684826;Passport_Direct;c:\program files\Passport_Direct\9684826\Program\ServiceWrapper-9684826.exe [2012-06-02 24615]}}

_{_{S2 dcpsysmgrsvc;Dell System Manager Service;c:\program files\Dell\Dell System Manager\DCPSysMgrSvc.exe [2011-01-20 388464]}}

_{_{S2 enterceptAgent;McAfee Host Intrusion Prevention Service;c:\program files\McAfee\Host Intrusion Prevention\FireSvc.exe [2011-04-13 1506464]}}

_{_{S2 hips;McAfee HIPSCore Service;c:\program files\McAfee\Host Intrusion Prevention\HIPSCore\HIPSvc.exe [2011-04-13 35696]}}

_{_{S2 HsfXAudioService;HsfXAudioService;c:\windows\system32\svchost.exe [2009-07-14 20992]}}

_{_{S2 JuniperAccessService;Juniper Unified Network Service;c:\program files\Common Files\Juniper Networks\JUNS\dsAccessService.exe [2010-08-16 198000]}}

_{_{S2 Lotus Notes Diagnostics;Lotus Notes Diagnostics;c:\program files\Lotus\Notes\nsd.exe [2010-09-30 3405192]}}

_{_{S2 mfevtp;McAfee Validation Trust Protection Service;c:\windows\system32\mfevtps.exe [2011-10-06 148520]}}

_{_{S2 msoidsvc;Microsoft Online Services Sign-in Assistant;c:\program files\Common Files\Microsoft Shared\Microsoft Online Services\MSOIDSVC.EXE [2011-04-28 1577376]}}

_{_{S2 SSPREnrollService;SSPREnrollService;c:\program files\Passlogix\v-GO SSPR Client\SSPREnrollService.exe [2010-10-28 128952]}}

_{_{S2 UNS;Intel® Management and Security Application User Notification Service;c:\program files\Intel\Intel® Management Engine Components\UNS\UNS.exe [2012-01-19 2594584]}}

_{_{S2 WebMail;WebMail;c:\windows\system32\WebMail.exe [2012-06-01 933888]}}

_{_{S2 ZcfgSvc7;Intel® PROSet/Wireless ZeroConfig Service;c:\program files\Intel\WiFi\bin\ZCfgSvc7.exe [2010-12-23 577536]}}

_{_{S3 Acceler;Accelerometer Service;c:\windows\system32\drivers\accelern.sys [2011-07-22 44144]}}

_{_{S3 CtClsFlt;Creative Camera Class Upper Filter Driver;c:\windows\system32\DRIVERS\CtClsFlt.sys [2009-09-16 144576]}}

_{_{S3 DwMirror;DwMirror;c:\windows\system32\DRIVERS\DamewareMini.sys [2007-02-07 3712]}}

_{_{S3 FirehkMP;FirehkMP;c:\windows\system32\DRIVERS\firehk.sys [2008-10-17 44680]}}

_{_{S3 HIPK;McAfee Inc. HIPK;c:\windows\system32\drivers\HIPK.sys [2011-04-13 107928]}}

_{_{S3 HIPPSK;McAfee Inc. HIPPSK;c:\windows\system32\drivers\HIPPSK.sys [2011-04-13 38680]}}

_{_{S3 HIPQK;McAfee Inc. HIPQK;c:\windows\system32\drivers\HIPQK.sys [2011-04-13 35552]}}

_{_{S3 IntcDAud;Intel® Display Audio;c:\windows\system32\DRIVERS\IntcDAud.sys [2010-10-15 269824]}}

_{_{S3 MEI;Intel® Management Engine Interface ;c:\windows\system32\drivers\HECI.sys [2011-09-22 41216]}}

_{_{S3 NETwNs32;___ Intel® Wireless WiFi Link 5000 Series Adapter Driver for Windows 7 - 32 Bit;c:\windows\system32\DRIVERS\NETwNs32.sys [2010-12-21 7434240]}}

_{_{S3 O2MDRRDR;O2MDRRDR;c:\windows\system32\drivers\O2MDRw7.sys [2011-01-04 62440]}}

_{_{S3 O2SDJRDR;O2SDJRDR;c:\windows\system32\drivers\o2sdjw7.sys [2011-01-04 63848]}}

_{_.}

_{_{--- Other Services/Drivers In Memory ---}}

_{_.}

_{_{*Deregistered* - mfeavfk01}}

_{_.}

_{_{[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]}}

_{_{HsfXAudioService REG_MULTI_SZ HsfXAudioService}}

_{_{HPZ12 REG_MULTI_SZ Pml Driver HPZ12 Net Driver HPZ12}}

_{_.}

_{_{------- Supplementary Scan -------}}

_{_.}

_{_{uStart Page = hxxp://www.google.com/}}

_{_{IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~1\Office14\EXCEL.EXE/3000}}

_{_{IE: Send image to &Bluetooth Device... - c:\program files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm}}

_{_{IE: Send page to &Bluetooth Device... - c:\program files\WIDCOMM\Bluetooth Software\btsendto_ie.htm}}

_{_{Trusted Zone: expedia.be}}

_{_{Trusted Zone: expedia.co.uk}}

_{_{Trusted Zone: expedia.com}}

_{_{Trusted Zone: expedia.de}}

_{_{Trusted Zone: expedia.es}}

_{_{Trusted Zone: expedia.fr}}

_{_{Trusted Zone: expedia.it}}

_{_{Trusted Zone: expedia.nl}}

_{_{Trusted Zone: flowstar.net}}

_{_{Trusted Zone: sumtotalsystems.com}}

_{_{TCP: DhcpNameServer = 192.168.1.1}}

_{_{Handler: bwfile-9684826 - {2DF0241D-8A6A-4E10-A11B-C2E432CF2A28} - c:\program files\Passport_Direct\9684826\Program\GAPlugProtocol-9684826.dll}}

_{_{DPF: {51BB7DFD-A6F5-4FAC-B8C9-E71CF84D082C} - hxxp://ormnm21.flowserve.net/Altiris/NS/NSCap/Bin/Win32/x86/AltirisNSConsole.cab}}

_{_.}

_{_{--------------------- LOCKED REGISTRY KEYS ---------------------}}

_{_.}

_{_{[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]}}

_{_{@Denied: (A) (Users)}}

_{_{@Denied: (A) (Everyone)}}

_{_{@Allowed: (B 1 2 3 4 5) (S-1-5-20)}}

_{_{"BlindDial"=dword:00000000}}

_{_.}

_{_{[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]}}

_{_{@Denied: (Full) (Everyone)}}

_{_.}

_{_{--------------------- DLLs Loaded Under Running Processes ---------------------}}

_{_.}

_{_{- - - - - - - > 'Explorer.exe'(5780)}}

_{_{c:\program files\WIDCOMM\Bluetooth Software\btmmhook.dll}}

_{_{c:\windows\system32\KevlarSigs.dll}}

_{_.}

_{_{Completion time: 2012-06-09 08:20:37}}

_{_{ComboFix-quarantined-files.txt 2012-06-09 13:20}}

_{_{ComboFix2.txt 2012-06-09 05:43}}

_{_.}

_{_{Pre-Run: 258,967,957,504 bytes free}}

_{_{Post-Run: 258,930,630,656 bytes free}}

_{_.}

_{_{- - End Of File - - 8D45447052706877B9BB0D7FD493C4A4}}

Jai · June 9, 2012

Hi Gringo,

Sorry - do not know how the fonts got like that in the previous message. Please delete that post; I do not see the ability to do so. I am re-posting below.

Report pasted below. Combofix did not restart the computer. But Windows Explorer was not getting recognized. So I did a restart and that made Windows Explorer work.
Problems - I kept getting the "Windows cannot find NIRKMD. Make sure you typed ..." error. Can this error be ignored? Is it related to McAfee running?
I restarted wireless connection and tested some of the earlier google results that were getting redirected earlier. There were no redirects.

Really appreciate all your help and immediate attention. Please suggest any further actions that I need to take, if any.

Below is the output from Combofix:

ComboFix 12-06-08.02 - snayak 06/09/2012 8:10.2.4 - x86

Microsoft Windows 7 Enterprise 6.1.7601.1.1252.1.1033.18.3241.1977 [GMT -5:00]

Running from: c:\users\snayak\Desktop\ComboFix.exe

Command switches used :: c:\users\snayak\Desktop\CFScript.txt

AV: McAfee VirusScan Enterprise *Enabled/Updated* {86355677-4064-3EA7-ABB3-1B136EB04637}

FW: McAfee Host Intrusion Prevention Firewall *Disabled* {BE0ED752-0A0B-3FFF-80EC-B2269063014C}

SP: McAfee VirusScan Enterprise Antispyware Module *Enabled/Updated* {3D54B793-665E-3129-9103-206115370C8A}

SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

* Resident AV is active

.

((((((((((((((((((((((((( Files Created from 2012-05-09 to 2012-06-09 )))))))))))))))))))))))))))))))

.

2012-06-09 13:18 . 2012-06-09 13:18 -------- d-----w- c:\users\Default\AppData\Local\temp

2012-06-09 04:20 . 2012-06-09 04:20 -------- d-----w- C:\TDSSKiller_Quarantine

2012-06-09 03:27 . 2012-06-09 05:14 -------- d-----w- C:\stuff

2012-06-07 01:43 . 2012-04-04 20:56 22344 ----a-w- c:\windows\system32\drivers\mbam.sys

2012-06-07 01:20 . 2012-06-07 01:20 -------- d-sh--w- c:\windows\system32\%APPDATA%

2012-06-06 17:36 . 2012-06-09 13:10 -------- d-----w- C:\Quarantine