help me I am infected

[msaffa]

attached please find the first scan you said to post

Attach.txt

DDS.txt

[Maniac]

Hello msaffa! My name is Maniac and I will be glad to help you solve your malware problem.

Please note:

• If you are a paying customer, you have the privilege to contact the help desk at support@malwarebytes.org or here (http://helpdesk.malwarebytes.org/home). If you choose this option to get help, please let me know.
  
• I recommend you to keep the instructions I will be giving you so that they are available to you at any time. You can save them in a text file or print them.
  
• Make sure you read all of the instructions and fixes thoroughly before continuing with them.
  
• Follow my instructions strictly and don’t hesitate to stop and ask me if you have any questions.
  
• Post your log files, don't attach them. Every log file should be copy/pasted in your next reply.
  

BACKDOOR WARNING

One or more of the identified infections is known to use a backdoor.

This allows hackers to remotely control your computer, steal critical system information and download and execute files.

I would advice you to disconnect this PC from the Internet immediately. If you do any banking or other financial transactions on the PC or if it should contain any other sensitive information, please get to a known clean computer and change all passwords where applicable, and it would be wise to contact those same financial institutions to apprise them of your situation.

Though the infection has been identified and can be killed, because of it's backdoor functionality, your PC is very likely compromised and there is no way to be sure your computer can ever again be trusted. Many experts in the security community believe that once infected with this type of trojan, the best course of action would be a reformat and reinstall of the OS. Please read these for more information:

How Do I Handle Possible Identify Theft, Internet Fraud and CC Fraud?

When Should I Format, How Should I Reinstall

We can still clean this machine but I can't guarantee that it will be 100% secure afterwards. Let me know what you decide to do. If you decide to go through with the cleanup, please proceed with the following steps.

Step 1

Download the latest version of TDSSKiller from here and save it to your Desktop.

1. Doubleclick on TDSSKiller.exe to run the application, then click on Change parameters.
   
   
2. Check the boxes beside Verify Driver Digital Signature and Detect TDLFS file system, then click OK.
   
   
3. Click the Start Scan button.
   
   
4. If a suspicious object is detected, the default action will be Skip, click on Continue.
   
   
5. If malicious objects are found, they will show in the Scan results and offer three (3) options.
   
6. Ensure Cure is selected, then click Continue => Reboot now to finish the cleaning process.
   
   
7. Note: If Cure is not available, please choose Skip instead, do not choose Delete unless instructed.
   

A report will be created in your root directory, (usually C:\ folder) in the form of "TDSSKiller.[Version]_[Date]_[Time]_log.txt". Please copy and paste its contents on your next reply.

Step 2

• Launch Malwarebytes' Anti-Malware
  
• Go to Update tab and select Check for Updates. If an update is found, it will download and install the latest version.
  
• Go to Scanner tab and select Perform Quick Scan, then click Scan.
  
• The scan may take some time to finish,so please be patient.
  
• When the scan is complete, click OK, then Show Results to view the results.
  
• Make sure that everything is checked, and click Remove Selected.
  
• When disinfection is completed, a log will open in Notepad and you may be prompted to Restart. (See Extra Note)
  
• The log is automatically saved by MBAM and can be viewed by clicking the Logs tab in MBAM.
  
• Copy&Paste the entire report in your next reply.
  

Extra Note: If MBAM encounters a file that is difficult to remove, you will be presented with 1 of 2 prompts, click OK to either and let MBAM proceed with the disinfection process, if asked to restart the computer,please do so immediately.

In your next reply, post the following log files:

• TDSSKiller log
  
• Malwarebytes' Anti-Malware log

[msaffa]

thank you! I can not find my tdsskiller log but here is my malwarebytes

Malwarebytes Anti-Malware (Trial) 1.61.0.1400

www.malwarebytes.org

Database version: v2012.06.12.06

Windows 7 Service Pack 1 x64 NTFS

Internet Explorer 9.0.8112.16421

Terri :: TERRI-PC [administrator]

Protection: Enabled

6/13/2012 1:04:27 PM

mbam-log-2012-06-13 (13-04-27).txt

Scan type: Quick scan

Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM

Scan options disabled: P2P

Objects scanned: 226888

Time elapsed: 6 minute(s), 58 second(s)

Memory Processes Detected: 0

(No malicious items detected)

Memory Modules Detected: 0

(No malicious items detected)

Registry Keys Detected: 0

(No malicious items detected)

Registry Values Detected: 0

(No malicious items detected)

Registry Data Items Detected: 0

(No malicious items detected)

Folders Detected: 0

(No malicious items detected)

Files Detected: 2

C:\Windows\svchost.exe (Trojan.Agent) -> Quarantined and deleted successfully.

C:\Windows\svchost.exe.vir (Heuristics.Reserved.Word.Exploit) -> Quarantined and deleted successfully.

(end)

[Maniac]

TDSSKiller log is very important in this case. Please take a look here:

A report will be created in your root directory, (usually C:\ folder) in the form of "TDSSKiller.[Version]_[Date]_[Time]_log.txt". Please copy and paste its contents on your next reply.

[msaffa]

12:58:22.0908 3420 TDSS rootkit removing tool 2.7.36.0 May 21 2012 16:40:16

12:58:23.0306 3420 ============================================================

12:58:23.0306 3420 Current date / time: 2012/06/13 12:58:23.0306

12:58:23.0306 3420 SystemInfo:

12:58:23.0306 3420

12:58:23.0306 3420 OS Version: 6.1.7601 ServicePack: 1.0

12:58:23.0306 3420 Product type: Workstation

12:58:23.0306 3420 ComputerName: TERRI-PC

12:58:23.0307 3420 UserName: Terri

12:58:23.0307 3420 Windows directory: C:\Windows

12:58:23.0307 3420 System windows directory: C:\Windows

12:58:23.0307 3420 Running under WOW64

12:58:23.0307 3420 Processor architecture: Intel x64

12:58:23.0307 3420 Number of processors: 4

12:58:23.0307 3420 Page size: 0x1000

12:58:23.0307 3420 Boot type: Normal boot

12:58:23.0307 3420 ============================================================

12:58:24.0164 3420 Drive \Device\Harddisk0\DR0 - Size: 0x7470C06000 (465.76 Gb), SectorSize: 0x200, Cylinders: 0xED81, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000040

12:58:24.0170 3420 ============================================================

12:58:24.0170 3420 \Device\Harddisk0\DR0:

12:58:24.0171 3420 MBR partitions:

12:58:24.0171 3420 \Device\Harddisk0\DR0\Partition0: MBR, Type 0x7, StartLBA 0x32800, BlocksNum 0x1D4C000

12:58:24.0171 3420 \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x1D7E800, BlocksNum 0x38607030

12:58:24.0171 3420 ============================================================

12:58:24.0198 3420 C: <-> \Device\Harddisk0\DR0\Partition1

12:58:24.0199 3420 ============================================================

12:58:24.0199 3420 Initialize success

12:58:24.0199 3420 ============================================================

12:59:09.0233 8128 ============================================================

12:59:09.0233 8128 Scan started

12:59:09.0233 8128 Mode: Manual; SigCheck; TDLFS;

12:59:09.0233 8128 ============================================================

12:59:09.0541 8128 0287521336184271mcinstcleanup - ok

12:59:09.0668 8128 1394ohci (a87d604aea360176311474c87a63bb88) C:\Windows\system32\drivers\1394ohci.sys

12:59:09.0905 8128 1394ohci - ok

12:59:10.0300 8128 ACPI (d81d9e70b8a6dd14d42d7b4efa65d5f2) C:\Windows\system32\drivers\ACPI.sys

12:59:10.0330 8128 ACPI - ok

12:59:10.0378 8128 AcpiPmi (99f8e788246d495ce3794d7e7821d2ca) C:\Windows\system32\drivers\acpipmi.sys

12:59:10.0451 8128 AcpiPmi - ok

12:59:10.0669 8128 AdobeFlashPlayerUpdateSvc (76d5a3d2a50402a0b9b6ed13c4371e79) C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe

12:59:10.0697 8128 AdobeFlashPlayerUpdateSvc - ok

12:59:10.0828 8128 adp94xx (2f6b34b83843f0c5118b63ac634f5bf4) C:\Windows\system32\DRIVERS\adp94xx.sys

12:59:10.0868 8128 adp94xx - ok

12:59:10.0933 8128 adpahci (597f78224ee9224ea1a13d6350ced962) C:\Windows\system32\DRIVERS\adpahci.sys

12:59:10.0968 8128 adpahci - ok

12:59:10.0993 8128 adpu320 (e109549c90f62fb570b9540c4b148e54) C:\Windows\system32\DRIVERS\adpu320.sys

12:59:11.0009 8128 adpu320 - ok

12:59:11.0072 8128 AeLookupSvc (4b78b431f225fd8624c5655cb1de7b61) C:\Windows\System32\aelupsvc.dll

12:59:11.0169 8128 AeLookupSvc - ok

12:59:11.0285 8128 AESTFilters (a6fb9db8f1a86861d955fd6975977ae0) C:\Program Files\IDT\WDM\AESTSr64.exe

12:59:11.0358 8128 AESTFilters - ok

12:59:11.0462 8128 AFD (1c7857b62de5994a75b054a9fd4c3825) C:\Windows\system32\drivers\afd.sys

12:59:11.0560 8128 AFD - ok

12:59:11.0621 8128 agp440 (608c14dba7299d8cb6ed035a68a15799) C:\Windows\system32\drivers\agp440.sys

12:59:11.0650 8128 agp440 - ok

12:59:11.0683 8128 ALG (3290d6946b5e30e70414990574883ddb) C:\Windows\System32\alg.exe

12:59:11.0751 8128 ALG - ok

12:59:11.0846 8128 aliide (5812713a477a3ad7363c7438ca2ee038) C:\Windows\system32\drivers\aliide.sys

12:59:11.0876 8128 aliide - ok

12:59:11.0914 8128 amdide (1ff8b4431c353ce385c875f194924c0c) C:\Windows\system32\drivers\amdide.sys

12:59:11.0943 8128 amdide - ok

12:59:12.0002 8128 AmdK8 (7024f087cff1833a806193ef9d22cda9) C:\Windows\system32\DRIVERS\amdk8.sys

12:59:12.0042 8128 AmdK8 - ok

12:59:12.0051 8128 AmdPPM (1e56388b3fe0d031c44144eb8c4d6217) C:\Windows\system32\DRIVERS\amdppm.sys

12:59:12.0089 8128 AmdPPM - ok

12:59:12.0152 8128 amdsata (d4121ae6d0c0e7e13aa221aa57ef2d49) C:\Windows\system32\drivers\amdsata.sys

12:59:12.0184 8128 amdsata - ok

12:59:12.0231 8128 amdsbs (f67f933e79241ed32ff46a4f29b5120b) C:\Windows\system32\DRIVERS\amdsbs.sys

12:59:12.0263 8128 amdsbs - ok

12:59:12.0278 8128 amdxata (540daf1cea6094886d72126fd7c33048) C:\Windows\system32\drivers\amdxata.sys

12:59:12.0292 8128 amdxata - ok

12:59:12.0355 8128 AppID (89a69c3f2f319b43379399547526d952) C:\Windows\system32\drivers\appid.sys

12:59:12.0444 8128 AppID - ok

12:59:12.0481 8128 AppIDSvc (0bc381a15355a3982216f7172f545de1) C:\Windows\System32\appidsvc.dll

12:59:12.0555 8128 AppIDSvc - ok

12:59:12.0630 8128 Appinfo (3977d4a871ca0d4f2ed1e7db46829731) C:\Windows\System32\appinfo.dll

12:59:12.0716 8128 Appinfo - ok

12:59:12.0910 8128 Apple Mobile Device (3debbecf665dcdde3a95d9b902010817) C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe

12:59:12.0934 8128 Apple Mobile Device - ok

12:59:12.0974 8128 arc (c484f8ceb1717c540242531db7845c4e) C:\Windows\system32\DRIVERS\arc.sys

12:59:12.0998 8128 arc - ok

12:59:13.0006 8128 arcsas (019af6924aefe7839f61c830227fe79c) C:\Windows\system32\DRIVERS\arcsas.sys

12:59:13.0020 8128 arcsas - ok

12:59:13.0052 8128 AsyncMac (769765ce2cc62867468cea93969b2242) C:\Windows\system32\DRIVERS\asyncmac.sys

12:59:13.0161 8128 AsyncMac - ok

12:59:13.0242 8128 atapi (02062c0b390b7729edc9e69c680a6f3c) C:\Windows\system32\drivers\atapi.sys

12:59:13.0266 8128 atapi - ok

12:59:13.0335 8128 AudioEndpointBuilder (f23fef6d569fce88671949894a8becf1) C:\Windows\System32\Audiosrv.dll

12:59:13.0452 8128 AudioEndpointBuilder - ok

12:59:13.0458 8128 AudioSrv (f23fef6d569fce88671949894a8becf1) C:\Windows\System32\Audiosrv.dll

12:59:13.0507 8128 AudioSrv - ok

12:59:13.0548 8128 AxInstSV (a6bf31a71b409dfa8cac83159e1e2aff) C:\Windows\System32\AxInstSV.dll

12:59:13.0622 8128 AxInstSV - ok

12:59:13.0707 8128 b06bdrv (3e5b191307609f7514148c6832bb0842) C:\Windows\system32\DRIVERS\bxvbda.sys

12:59:13.0774 8128 b06bdrv - ok

12:59:13.0840 8128 b57nd60a (b5ace6968304a3900eeb1ebfd9622df2) C:\Windows\system32\DRIVERS\b57nd60a.sys

12:59:13.0907 8128 b57nd60a - ok

12:59:14.0022 8128 BBSvc (825f81a6f7dd073509db101f0ba6dc59) C:\Program Files (x86)\Microsoft\BingBar\BBSvc.EXE

12:59:14.0040 8128 BBSvc - ok

12:59:14.0089 8128 BCM42RLY (ac4e2d84de54cd3a013aeff0cc56095c) C:\Windows\system32\drivers\BCM42RLY.sys

12:59:14.0119 8128 BCM42RLY - ok

12:59:14.0254 8128 BCM43XX (8b5d16d20774fc3727f44e161be2c0ac) C:\Windows\system32\DRIVERS\bcmwl664.sys

12:59:14.0318 8128 BCM43XX - ok

12:59:14.0465 8128 BcmVWL (d224b2e6bb543f1d8f1177d57fec2950) C:\Windows\system32\DRIVERS\bcmvwl64.sys

12:59:14.0489 8128 BcmVWL - ok

12:59:14.0548 8128 BDESVC (fde360167101b4e45a96f939f388aeb0) C:\Windows\System32\bdesvc.dll

12:59:14.0583 8128 BDESVC - ok

12:59:14.0636 8128 Beep (16a47ce2decc9b099349a5f840654746) C:\Windows\system32\drivers\Beep.sys

12:59:14.0725 8128 Beep - ok

12:59:14.0798 8128 BFE (82974d6a2fd19445cc5171fc378668a4) C:\Windows\System32\bfe.dll

12:59:14.0873 8128 BFE - ok

12:59:14.0934 8128 BITS (1ea7969e3271cbc59e1730697dc74682) C:\Windows\System32\qmgr.dll

12:59:15.0056 8128 BITS - ok

12:59:15.0126 8128 blbdrive (61583ee3c3a17003c4acd0475646b4d3) C:\Windows\system32\DRIVERS\blbdrive.sys

12:59:15.0155 8128 blbdrive - ok

12:59:15.0294 8128 Bonjour Service (ebbcd5dfbb1de70e8f4af8fa59e401fd) C:\Program Files\Bonjour\mDNSResponder.exe

12:59:15.0332 8128 Bonjour Service - ok

12:59:15.0380 8128 bowser (6c02a83164f5cc0a262f4199f0871cf5) C:\Windows\system32\DRIVERS\bowser.sys

12:59:15.0417 8128 bowser - ok

12:59:15.0464 8128 BrFiltLo (f09eee9edc320b5e1501f749fde686c8) C:\Windows\system32\DRIVERS\BrFiltLo.sys

12:59:15.0517 8128 BrFiltLo - ok

12:59:15.0521 8128 BrFiltUp (b114d3098e9bdb8bea8b053685831be6) C:\Windows\system32\DRIVERS\BrFiltUp.sys

12:59:15.0541 8128 BrFiltUp - ok

12:59:15.0583 8128 Browser (8ef0d5c41ec907751b8429162b1239ed) C:\Windows\System32\browser.dll

12:59:15.0683 8128 Browser - ok

12:59:15.0731 8128 Brserid (43bea8d483bf1870f018e2d02e06a5bd) C:\Windows\System32\Drivers\Brserid.sys

12:59:15.0794 8128 Brserid - ok

12:59:15.0828 8128 BrSerWdm (a6eca2151b08a09caceca35c07f05b42) C:\Windows\System32\Drivers\BrSerWdm.sys

12:59:15.0881 8128 BrSerWdm - ok

12:59:15.0914 8128 BrUsbMdm (b79968002c277e869cf38bd22cd61524) C:\Windows\System32\Drivers\BrUsbMdm.sys

12:59:15.0972 8128 BrUsbMdm - ok

12:59:15.0977 8128 BrUsbSer (a87528880231c54e75ea7a44943b38bf) C:\Windows\System32\Drivers\BrUsbSer.sys

12:59:16.0016 8128 BrUsbSer - ok

12:59:16.0076 8128 BthEnum (cf98190a94f62e405c8cb255018b2315) C:\Windows\system32\drivers\BthEnum.sys

12:59:16.0139 8128 BthEnum - ok

12:59:16.0206 8128 BTHMODEM (9da669f11d1f894ab4eb69bf546a42e8) C:\Windows\system32\DRIVERS\bthmodem.sys

12:59:16.0265 8128 BTHMODEM - ok

12:59:16.0314 8128 BthPan (02dd601b708dd0667e1331fa8518e9ff) C:\Windows\system32\DRIVERS\bthpan.sys

12:59:16.0377 8128 BthPan - ok

12:59:16.0460 8128 BTHPORT (64c198198501f7560ee41d8d1efa7952) C:\Windows\System32\Drivers\BTHport.sys

12:59:16.0540 8128 BTHPORT - ok

12:59:16.0586 8128 bthserv (95f9c2976059462cbbf227f7aab10de9) C:\Windows\system32\bthserv.dll

12:59:16.0672 8128 bthserv - ok

12:59:16.0696 8128 BTHUSB (f188b7394d81010767b6df3178519a37) C:\Windows\System32\Drivers\BTHUSB.sys

12:59:16.0742 8128 BTHUSB - ok

12:59:16.0778 8128 btusbflt (d3466f77c2c49c6e393ba5fba963a33e) C:\Windows\system32\drivers\btusbflt.sys

12:59:16.0806 8128 btusbflt - ok

12:59:16.0855 8128 btwaudio (af838d8029ae7c27470862d63fa54d24) C:\Windows\system32\drivers\btwaudio.sys

12:59:16.0881 8128 btwaudio - ok

12:59:16.0933 8128 btwavdt (5c849bd7c78791c5cee9f4651d7fe38d) C:\Windows\system32\DRIVERS\btwavdt.sys

12:59:16.0955 8128 btwavdt - ok

12:59:17.0067 8128 btwdins (10ffb5fa51d5713d872b41a59dfc2213) C:\Program Files\WIDCOMM\Bluetooth Software\btwdins.exe

12:59:17.0110 8128 btwdins - ok

12:59:17.0141 8128 btwl2cap (6149301dc3f81d6f9667a3fbac410975) C:\Windows\system32\DRIVERS\btwl2cap.sys

12:59:17.0152 8128 btwl2cap - ok

12:59:17.0185 8128 btwrchid (3e1991afa851a36dc978b0a1b0535c8b) C:\Windows\system32\DRIVERS\btwrchid.sys

12:59:17.0203 8128 btwrchid - ok

12:59:17.0252 8128 cdfs (b8bd2bb284668c84865658c77574381a) C:\Windows\system32\DRIVERS\cdfs.sys

12:59:17.0339 8128 cdfs - ok

12:59:17.0398 8128 cdrom (f036ce71586e93d94dab220d7bdf4416) C:\Windows\system32\DRIVERS\cdrom.sys

12:59:17.0463 8128 cdrom - ok

12:59:17.0509 8128 CertPropSvc (f17d1d393bbc69c5322fbfafaca28c7f) C:\Windows\System32\certprop.dll

12:59:17.0601 8128 CertPropSvc - ok

12:59:17.0643 8128 cfwids (274ce03459896006f7a5069266e0469e) C:\Windows\system32\drivers\cfwids.sys

12:59:17.0671 8128 cfwids - ok

12:59:17.0720 8128 circlass (d7cd5c4e1b71fa62050515314cfb52cf) C:\Windows\system32\DRIVERS\circlass.sys

12:59:17.0785 8128 circlass - ok

12:59:17.0847 8128 CLFS (fe1ec06f2253f691fe36217c592a0206) C:\Windows\system32\CLFS.sys

12:59:17.0880 8128 CLFS - ok

12:59:17.0998 8128 clr_optimization_v2.0.50727_32 (d88040f816fda31c3b466f0fa0918f29) C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe

12:59:18.0027 8128 clr_optimization_v2.0.50727_32 - ok

12:59:18.0068 8128 clr_optimization_v2.0.50727_64 (d1ceea2b47cb998321c579651ce3e4f8) C:\Windows\Microsoft.NET\Framework64\v2.0.50727\mscorsvw.exe

12:59:18.0094 8128 clr_optimization_v2.0.50727_64 - ok

12:59:18.0193 8128 clr_optimization_v4.0.30319_32 (c5a75eb48e2344abdc162bda79e16841) C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe

12:59:18.0221 8128 clr_optimization_v4.0.30319_32 - ok

12:59:18.0263 8128 clr_optimization_v4.0.30319_64 (c6f9af94dcd58122a4d7e89db6bed29d) C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe

12:59:18.0284 8128 clr_optimization_v4.0.30319_64 - ok

12:59:18.0331 8128 CmBatt (0840155d0bddf1190f84a663c284bd33) C:\Windows\system32\DRIVERS\CmBatt.sys

12:59:18.0384 8128 CmBatt - ok

12:59:18.0426 8128 cmdide (e19d3f095812725d88f9001985b94edd) C:\Windows\system32\drivers\cmdide.sys

12:59:18.0453 8128 cmdide - ok

12:59:18.0528 8128 CNG (c4943b6c962e4b82197542447ad599f4) C:\Windows\system32\Drivers\cng.sys

12:59:18.0562 8128 CNG - ok

12:59:18.0630 8128 Compbatt (102de219c3f61415f964c88e9085ad14) C:\Windows\system32\DRIVERS\compbatt.sys

12:59:18.0661 8128 Compbatt - ok

12:59:18.0711 8128 CompositeBus (03edb043586cceba243d689bdda370a8) C:\Windows\system32\drivers\CompositeBus.sys

12:59:18.0779 8128 CompositeBus - ok

12:59:18.0803 8128 COMSysApp - ok

12:59:18.0846 8128 crcdisk (1c827878a998c18847245fe1f34ee597) C:\Windows\system32\DRIVERS\crcdisk.sys

12:59:18.0869 8128 crcdisk - ok

12:59:18.0915 8128 CryptSvc (15597883fbe9b056f276ada3ad87d9af) C:\Windows\system32\cryptsvc.dll

12:59:19.0012 8128 CryptSvc - ok

12:59:19.0068 8128 CtClsFlt (ed5cf92396a62f4c15110dcdb5e854d9) C:\Windows\system32\DRIVERS\CtClsFlt.sys

12:59:19.0136 8128 CtClsFlt - ok

12:59:19.0328 8128 cvhsvc (72794d112cbaff3bc0c29bf7350d4741) C:\Program Files (x86)\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE

12:59:19.0367 8128 cvhsvc - ok

12:59:19.0438 8128 DcomLaunch (5c627d1b1138676c0a7ab2c2c190d123) C:\Windows\system32\rpcss.dll

12:59:19.0539 8128 DcomLaunch - ok

12:59:19.0588 8128 defragsvc (3cec7631a84943677aa8fa8ee5b6b43d) C:\Windows\System32\defragsvc.dll

12:59:19.0652 8128 defragsvc - ok

12:59:19.0722 8128 DfsC (9bb2ef44eaa163b29c4a4587887a0fe4) C:\Windows\system32\Drivers\dfsc.sys

12:59:19.0815 8128 DfsC - ok

12:59:19.0868 8128 Dhcp (43d808f5d9e1a18e5eeb5ebc83969e4e) C:\Windows\system32\dhcpcore.dll

12:59:19.0968 8128 Dhcp - ok

12:59:20.0027 8128 discache (13096b05847ec78f0977f2c0f79e9ab3) C:\Windows\system32\drivers\discache.sys

12:59:20.0120 8128 discache - ok

12:59:20.0171 8128 Disk (9819eee8b5ea3784ec4af3b137a5244c) C:\Windows\system32\DRIVERS\disk.sys

12:59:20.0200 8128 Disk - ok

12:59:20.0244 8128 Dnscache (16835866aaa693c7d7fceba8fff706e4) C:\Windows\System32\dnsrslvr.dll

12:59:20.0308 8128 Dnscache - ok

12:59:20.0422 8128 DockLoginService (0840abbbdf438691ee65a20040635cbe) C:\Program Files\Dell\DellDock\DockLogin.exe

12:59:20.0479 8128 DockLoginService ( UnsignedFile.Multi.Generic ) - warning

12:59:20.0479 8128 DockLoginService - detected UnsignedFile.Multi.Generic (1)

12:59:20.0531 8128 dot3svc (b1fb3ddca0fdf408750d5843591afbc6) C:\Windows\System32\dot3svc.dll

12:59:20.0610 8128 dot3svc - ok

12:59:20.0646 8128 DPS (b26f4f737e8f9df4f31af6cf31d05820) C:\Windows\system32\dps.dll

12:59:20.0742 8128 DPS - ok

12:59:20.0786 8128 drmkaud (9b19f34400d24df84c858a421c205754) C:\Windows\system32\drivers\drmkaud.sys

12:59:20.0845 8128 drmkaud - ok

12:59:20.0959 8128 DXGKrnl (f5bee30450e18e6b83a5012c100616fd) C:\Windows\System32\drivers\dxgkrnl.sys

12:59:21.0012 8128 DXGKrnl - ok

12:59:21.0075 8128 EapHost (e2dda8726da9cb5b2c4000c9018a9633) C:\Windows\System32\eapsvc.dll

12:59:21.0170 8128 EapHost - ok

12:59:21.0337 8128 ebdrv (dc5d737f51be844d8c82c695eb17372f) C:\Windows\system32\DRIVERS\evbda.sys

12:59:21.0389 8128 ebdrv - ok

12:59:21.0523 8128 EFS (c118a82cd78818c29ab228366ebf81c3) C:\Windows\System32\lsass.exe

12:59:21.0589 8128 EFS - ok

12:59:21.0689 8128 ehRecvr (c4002b6b41975f057d98c439030cea07) C:\Windows\ehome\ehRecvr.exe

12:59:21.0758 8128 ehRecvr - ok

12:59:21.0800 8128 ehSched (4705e8ef9934482c5bb488ce28afc681) C:\Windows\ehome\ehsched.exe

12:59:21.0834 8128 ehSched - ok

12:59:21.0903 8128 elxstor (0e5da5369a0fcaea12456dd852545184) C:\Windows\system32\DRIVERS\elxstor.sys

12:59:21.0941 8128 elxstor - ok

12:59:21.0967 8128 ErrDev (34a3c54752046e79a126e15c51db409b) C:\Windows\system32\drivers\errdev.sys

12:59:22.0023 8128 ErrDev - ok

12:59:22.0126 8128 EventSystem (4166f82be4d24938977dd1746be9b8a0) C:\Windows\system32\es.dll

12:59:22.0216 8128 EventSystem - ok

12:59:22.0273 8128 exfat (a510c654ec00c1e9bdd91eeb3a59823b) C:\Windows\system32\drivers\exfat.sys

12:59:22.0387 8128 exfat - ok

12:59:22.0421 8128 fastfat (0adc83218b66a6db380c330836f3e36d) C:\Windows\system32\drivers\fastfat.sys

12:59:22.0500 8128 fastfat - ok

12:59:22.0583 8128 Fax (dbefd454f8318a0ef691fdd2eaab44eb) C:\Windows\system32\fxssvc.exe

12:59:22.0629 8128 Fax - ok

12:59:22.0659 8128 fdc (d765d19cd8ef61f650c384f62fac00ab) C:\Windows\system32\DRIVERS\fdc.sys

12:59:22.0708 8128 fdc - ok

12:59:22.0770 8128 fdPHost (0438cab2e03f4fb61455a7956026fe86) C:\Windows\system32\fdPHost.dll

12:59:22.0857 8128 fdPHost - ok

12:59:22.0882 8128 FDResPub (802496cb59a30349f9a6dd22d6947644) C:\Windows\system32\fdrespub.dll

12:59:22.0952 8128 FDResPub - ok

12:59:22.0987 8128 FileInfo (655661be46b5f5f3fd454e2c3095b930) C:\Windows\system32\drivers\fileinfo.sys

12:59:23.0016 8128 FileInfo - ok

12:59:23.0024 8128 Filetrace (5f671ab5bc87eea04ec38a6cd5962a47) C:\Windows\system32\drivers\filetrace.sys

12:59:23.0154 8128 Filetrace - ok

12:59:23.0187 8128 flpydisk (c172a0f53008eaeb8ea33fe10e177af5) C:\Windows\system32\DRIVERS\flpydisk.sys

12:59:23.0220 8128 flpydisk - ok

12:59:23.0267 8128 FltMgr (da6b67270fd9db3697b20fce94950741) C:\Windows\system32\drivers\fltmgr.sys

12:59:23.0293 8128 FltMgr - ok

12:59:23.0368 8128 FontCache (5c4cb4086fb83115b153e47add961a0c) C:\Windows\system32\FntCache.dll

12:59:23.0419 8128 FontCache - ok

12:59:23.0497 8128 FontCache3.0.0.0 (a8b7f3818ab65695e3a0bb3279f6dce6) C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe

12:59:23.0523 8128 FontCache3.0.0.0 - ok

12:59:23.0568 8128 FsDepends (d43703496149971890703b4b1b723eac) C:\Windows\system32\drivers\FsDepends.sys

12:59:23.0596 8128 FsDepends - ok

12:59:23.0644 8128 fssfltr (07da62c960ddccc2d35836aeab4fc578) C:\Windows\system32\DRIVERS\fssfltr.sys

12:59:23.0672 8128 fssfltr - ok

12:59:23.0834 8128 fsssvc (28ddeeec44e988657b732cf404d504cb) C:\Program Files (x86)\Windows Live\Family Safety\fsssvc.exe

12:59:23.0879 8128 fsssvc - ok

12:59:24.0049 8128 Fs_Rec (6bd9295cc032dd3077c671fccf579a7b) C:\Windows\system32\drivers\Fs_Rec.sys

12:59:24.0135 8128 Fs_Rec - ok

12:59:24.0201 8128 fvevol (1f7b25b858fa27015169fe95e54108ed) C:\Windows\system32\DRIVERS\fvevol.sys

12:59:24.0244 8128 fvevol - ok

12:59:24.0269 8128 gagp30kx (8c778d335c9d272cfd3298ab02abe3b6) C:\Windows\system32\DRIVERS\gagp30kx.sys

12:59:24.0301 8128 gagp30kx - ok

12:59:24.0408 8128 GamesAppService (c403c5db49a0f9aaf4f2128edc0106d8) C:\Program Files (x86)\WildTangent Games\App\GamesAppService.exe

12:59:24.0433 8128 GamesAppService - ok

12:59:24.0463 8128 GEARAspiWDM (e403aacf8c7bb11375122d2464560311) C:\Windows\system32\DRIVERS\GEARAspiWDM.sys

12:59:24.0480 8128 GEARAspiWDM - ok

12:59:24.0520 8128 GoToAssist (d3316f6e3c011435f36e3d6e49b3196c) C:\Program Files (x86)\Citrix\GoToAssist\514\g2aservice.exe

12:59:24.0543 8128 GoToAssist - ok

12:59:24.0678 8128 gpsvc (277bbc7e1aa1ee957f573a10eca7ef3a) C:\Windows\System32\gpsvc.dll

12:59:24.0775 8128 gpsvc - ok

12:59:24.0882 8128 gupdate (f02a533f517eb38333cb12a9e8963773) C:\Program Files (x86)\Google\Update\GoogleUpdate.exe

12:59:24.0907 8128 gupdate - ok

12:59:24.0933 8128 gupdatem (f02a533f517eb38333cb12a9e8963773) C:\Program Files (x86)\Google\Update\GoogleUpdate.exe

12:59:24.0946 8128 gupdatem - ok

12:59:24.0979 8128 gusvc (cc839e8d766cc31a7710c9f38cf3e375) C:\Program Files (x86)\Google\Common\Google Updater\GoogleUpdaterService.exe

12:59:24.0992 8128 gusvc - ok

12:59:25.0021 8128 hcw85cir (f2523ef6460fc42405b12248338ab2f0) C:\Windows\system32\drivers\hcw85cir.sys

12:59:25.0080 8128 hcw85cir - ok

12:59:25.0160 8128 HdAudAddService (975761c778e33cd22498059b91e7373a) C:\Windows\system32\drivers\HdAudio.sys

12:59:25.0223 8128 HdAudAddService - ok

12:59:25.0267 8128 HDAudBus (97bfed39b6b79eb12cddbfeed51f56bb) C:\Windows\system32\drivers\HDAudBus.sys

12:59:25.0324 8128 HDAudBus - ok

12:59:25.0385 8128 HECIx64 (b6ac71aaa2b10848f57fc49d55a651af) C:\Windows\system32\DRIVERS\HECIx64.sys

12:59:25.0411 8128 HECIx64 - ok

12:59:25.0429 8128 HidBatt (78e86380454a7b10a5eb255dc44a355f) C:\Windows\system32\DRIVERS\HidBatt.sys

12:59:25.0479 8128 HidBatt - ok

12:59:25.0495 8128 HidBth (7fd2a313f7afe5c4dab14798c48dd104) C:\Windows\system32\DRIVERS\hidbth.sys

12:59:25.0530 8128 HidBth - ok

12:59:25.0571 8128 HidIr (0a77d29f311b88cfae3b13f9c1a73825) C:\Windows\system32\DRIVERS\hidir.sys

12:59:25.0628 8128 HidIr - ok

12:59:25.0683 8128 hidserv (bd9eb3958f213f96b97b1d897dee006d) C:\Windows\system32\hidserv.dll

12:59:25.0748 8128 hidserv - ok

12:59:25.0803 8128 HidUsb (9592090a7e2b61cd582b612b6df70536) C:\Windows\system32\DRIVERS\hidusb.sys

12:59:25.0834 8128 HidUsb - ok

12:59:25.0893 8128 hkmsvc (387e72e739e15e3d37907a86d9ff98e2) C:\Windows\system32\kmsvc.dll

12:59:25.0974 8128 hkmsvc - ok

12:59:26.0041 8128 HomeGroupListener (efdfb3dd38a4376f93e7985173813abd) C:\Windows\system32\ListSvc.dll

12:59:26.0098 8128 HomeGroupListener - ok

12:59:26.0153 8128 HomeGroupProvider (908acb1f594274965a53926b10c81e89) C:\Windows\system32\provsvc.dll

12:59:26.0213 8128 HomeGroupProvider - ok

12:59:26.0363 8128 hpqcxs08 (5da42d24712e00728cea2342a65009b2) C:\Program Files (x86)\HP\Digital Imaging\bin\hpqcxs08.dll

12:59:26.0390 8128 hpqcxs08 - ok

12:59:26.0422 8128 hpqddsvc (d86a39bf100069444d026d22d9a6e555) C:\Program Files (x86)\HP\Digital Imaging\bin\hpqddsvc.dll

12:59:26.0433 8128 hpqddsvc - ok

12:59:26.0475 8128 HpSAMD (39d2abcd392f3d8a6dce7b60ae7b8efc) C:\Windows\system32\drivers\HpSAMD.sys

12:59:26.0498 8128 HpSAMD - ok

12:59:26.0608 8128 HPSLPSVC (f37882f128efacefe353e0bae2766909) C:\Program Files (x86)\HP\Digital Imaging\bin\HPSLPSVC64.DLL

12:59:26.0645 8128 HPSLPSVC ( UnsignedFile.Multi.Generic ) - warning

12:59:26.0646 8128 HPSLPSVC - detected UnsignedFile.Multi.Generic (1)

12:59:26.0721 8128 HTTP (0ea7de1acb728dd5a369fd742d6eee28) C:\Windows\system32\drivers\HTTP.sys

12:59:26.0810 8128 HTTP - ok

12:59:26.0845 8128 hwpolicy (a5462bd6884960c9dc85ed49d34ff392) C:\Windows\system32\drivers\hwpolicy.sys

12:59:26.0872 8128 hwpolicy - ok

12:59:26.0919 8128 i8042prt (fa55c73d4affa7ee23ac4be53b4592d3) C:\Windows\system32\drivers\i8042prt.sys

12:59:26.0951 8128 i8042prt - ok

12:59:27.0022 8128 iaStor (2064090c9faad92c090d77e50e735b2e) C:\Windows\system32\DRIVERS\iaStor.sys

12:59:27.0063 8128 iaStor - ok

12:59:27.0164 8128 IAStorDataMgrSvc (a9be186abf28b3d3d698cb855edf457e) C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe

12:59:27.0184 8128 IAStorDataMgrSvc - ok

12:59:27.0246 8128 iaStorV (aaaf44db3bd0b9d1fb6969b23ecc8366) C:\Windows\system32\drivers\iaStorV.sys

12:59:27.0293 8128 iaStorV - ok

12:59:27.0422 8128 idsvc (5988fc40f8db5b0739cd1e3a5d0d78bd) C:\Windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\infocard.exe

12:59:27.0458 8128 idsvc - ok

12:59:28.0015 8128 igfx (677aa5991026a65ada128c4b59cf2bad) C:\Windows\system32\DRIVERS\igdkmd64.sys

12:59:28.0338 8128 igfx - ok

12:59:28.0474 8128 iirsp (5c18831c61933628f5bb0ea2675b9d21) C:\Windows\system32\DRIVERS\iirsp.sys

12:59:28.0503 8128 iirsp - ok

12:59:28.0595 8128 IKEEXT (fcd84c381e0140af901e58d48882d26b) C:\Windows\System32\ikeext.dll

12:59:28.0659 8128 IKEEXT - ok

12:59:28.0747 8128 Impcd (dd587a55390ed2295bce6d36ad567da9) C:\Windows\system32\DRIVERS\Impcd.sys

12:59:28.0800 8128 Impcd - ok

12:59:28.0867 8128 IntcDAud (c6c1f19205da83c801be7c25f4e2ee07) C:\Windows\system32\DRIVERS\IntcDAud.sys

12:59:28.0926 8128 IntcDAud - ok

12:59:28.0972 8128 intelide (f00f20e70c6ec3aa366910083a0518aa) C:\Windows\system32\drivers\intelide.sys

12:59:28.0996 8128 intelide - ok

12:59:29.0045 8128 intelppm (ada036632c664caa754079041cf1f8c1) C:\Windows\system32\DRIVERS\intelppm.sys

12:59:29.0102 8128 intelppm - ok

12:59:29.0165 8128 IPBusEnum (098a91c54546a3b878dad6a7e90a455b) C:\Windows\system32\ipbusenum.dll

12:59:29.0240 8128 IPBusEnum - ok

12:59:29.0285 8128 IpFilterDriver (c9f0e1bd74365a8771590e9008d22ab6) C:\Windows\system32\DRIVERS\ipfltdrv.sys

12:59:29.0367 8128 IpFilterDriver - ok

12:59:29.0423 8128 iphlpsvc (a34a587fffd45fa649fba6d03784d257) C:\Windows\System32\iphlpsvc.dll

12:59:29.0489 8128 iphlpsvc - ok

12:59:29.0516 8128 IPMIDRV (0fc1aea580957aa8817b8f305d18ca3a) C:\Windows\system32\drivers\IPMIDrv.sys

12:59:29.0572 8128 IPMIDRV - ok

12:59:29.0627 8128 IPNAT (af9b39a7e7b6caa203b3862582e9f2d0) C:\Windows\system32\drivers\ipnat.sys

12:59:29.0720 8128 IPNAT - ok

12:59:29.0847 8128 iPod Service (4472c8825b5e41d8697d5962f47ab1c9) C:\Program Files\iPod\bin\iPodService.exe

12:59:29.0892 8128 iPod Service - ok

12:59:29.0935 8128 IRENUM (3abf5e7213eb28966d55d58b515d5ce9) C:\Windows\system32\drivers\irenum.sys

12:59:30.0007 8128 IRENUM - ok

12:59:30.0051 8128 isapnp (2f7b28dc3e1183e5eb418df55c204f38) C:\Windows\system32\drivers\isapnp.sys

12:59:30.0075 8128 isapnp - ok

12:59:30.0121 8128 iScsiPrt (d931d7309deb2317035b07c9f9e6b0bd) C:\Windows\system32\drivers\msiscsi.sys

12:59:30.0150 8128 iScsiPrt - ok

12:59:30.0184 8128 kbdclass (bc02336f1cba7dcc7d1213bb588a68a5) C:\Windows\system32\drivers\kbdclass.sys

12:59:30.0213 8128 kbdclass - ok

12:59:30.0281 8128 kbdhid (0705eff5b42a9db58548eec3b26bb484) C:\Windows\system32\drivers\kbdhid.sys

12:59:30.0312 8128 kbdhid - ok

12:59:30.0360 8128 KeyIso (c118a82cd78818c29ab228366ebf81c3) C:\Windows\system32\lsass.exe

12:59:30.0393 8128 KeyIso - ok

12:59:30.0409 8128 KSecDD (da1e991a61cfdd755a589e206b97644b) C:\Windows\system32\Drivers\ksecdd.sys

12:59:30.0423 8128 KSecDD - ok

12:59:30.0443 8128 KSecPkg (7e33198d956943a4f11a5474c1e9106f) C:\Windows\system32\Drivers\ksecpkg.sys

12:59:30.0459 8128 KSecPkg - ok

12:59:30.0525 8128 ksthunk (6869281e78cb31a43e969f06b57347c4) C:\Windows\system32\drivers\ksthunk.sys

12:59:30.0613 8128 ksthunk - ok

12:59:30.0667 8128 KtmRm (6ab66e16aa859232f64deb66887a8c9c) C:\Windows\system32\msdtckrm.dll

12:59:30.0764 8128 KtmRm - ok

12:59:30.0832 8128 LanmanServer (d9f42719019740baa6d1c6d536cbdaa6) C:\Windows\system32\srvsvc.dll

12:59:30.0968 8128 LanmanServer - ok

12:59:31.0017 8128 LanmanWorkstation (851a1382eed3e3a7476db004f4ee3e1a) C:\Windows\System32\wkssvc.dll

12:59:31.0095 8128 LanmanWorkstation - ok

12:59:31.0150 8128 lltdio (1538831cf8ad2979a04c423779465827) C:\Windows\system32\DRIVERS\lltdio.sys

12:59:31.0223 8128 lltdio - ok

12:59:31.0297 8128 lltdsvc (c1185803384ab3feed115f79f109427f) C:\Windows\System32\lltdsvc.dll

12:59:31.0343 8128 lltdsvc - ok

12:59:31.0375 8128 lmhosts (f993a32249b66c9d622ea5592a8b76b8) C:\Windows\System32\lmhsvc.dll

12:59:31.0439 8128 lmhosts - ok

12:59:31.0576 8128 LMS (23de5b62b0445a6f874be633c95b483e) C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe

12:59:31.0604 8128 LMS - ok

12:59:31.0651 8128 LSI_FC (1a93e54eb0ece102495a51266dcdb6a6) C:\Windows\system32\DRIVERS\lsi_fc.sys

12:59:31.0683 8128 LSI_FC - ok

12:59:31.0741 8128 LSI_SAS (1047184a9fdc8bdbff857175875ee810) C:\Windows\system32\DRIVERS\lsi_sas.sys

12:59:31.0774 8128 LSI_SAS - ok

12:59:31.0784 8128 LSI_SAS2 (30f5c0de1ee8b5bc9306c1f0e4a75f93) C:\Windows\system32\DRIVERS\lsi_sas2.sys

12:59:31.0798 8128 LSI_SAS2 - ok

12:59:31.0816 8128 LSI_SCSI (0504eacaff0d3c8aed161c4b0d369d4a) C:\Windows\system32\DRIVERS\lsi_scsi.sys

12:59:31.0830 8128 LSI_SCSI - ok

12:59:31.0890 8128 luafv (43d0f98e1d56ccddb0d5254cff7b356e) C:\Windows\system32\drivers\luafv.sys

12:59:31.0973 8128 luafv - ok

12:59:32.0069 8128 MBAMProtector (dbc08862a71459e74f7538b432c114cc) C:\Windows\system32\drivers\mbam.sys

12:59:32.0097 8128 MBAMProtector - ok

12:59:32.0191 8128 MBAMService (ba400ed640bca1eae5c727ae17c10207) C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe

12:59:32.0229 8128 MBAMService - ok

12:59:32.0354 8128 McComponentHostService (f453d1e6d881e8f8717e20ccd4199e85) C:\Program Files (x86)\McAfee Security Scan\2.0.181\McCHSvc.exe

12:59:32.0379 8128 McComponentHostService - ok

12:59:32.0511 8128 McMPFSvc (acb01bf1a905356ab7f978c7fe852209) C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe

12:59:32.0591 8128 McMPFSvc - ok

12:59:32.0614 8128 mcmscsvc (acb01bf1a905356ab7f978c7fe852209) C:\Program Files\Common Files\mcafee\McSvcHost\McSvHost.exe

12:59:32.0646 8128 mcmscsvc - ok

12:59:32.0650 8128 McNaiAnn (acb01bf1a905356ab7f978c7fe852209) C:\Program Files\Common Files\mcafee\McSvcHost\McSvHost.exe

12:59:32.0666 8128 McNaiAnn - ok

12:59:32.0707 8128 McNASvc (acb01bf1a905356ab7f978c7fe852209) C:\Program Files\Common Files\mcafee\McSvcHost\McSvHost.exe

12:59:32.0735 8128 McNASvc - ok

12:59:32.0858 8128 McODS (dd01bf24dd6bf70a90549f9a7bb2d1eb) C:\Program Files\mcafee\VirusScan\mcods.exe

12:59:32.0890 8128 McODS - ok

12:59:32.0894 8128 McOobeSv (acb01bf1a905356ab7f978c7fe852209) C:\Program Files\Common Files\mcafee\McSvcHost\McSvHost.exe

12:59:32.0910 8128 McOobeSv - ok

12:59:32.0914 8128 McProxy (acb01bf1a905356ab7f978c7fe852209) C:\Program Files\Common Files\mcafee\McSvcHost\McSvHost.exe

12:59:32.0928 8128 McProxy - ok

12:59:33.0045 8128 McShield (e998e3b12101288d716558466cbf6ae1) C:\Program Files\Common Files\McAfee\SystemCore\\mcshield.exe

12:59:33.0068 8128 McShield - ok

12:59:33.0212 8128 Mcx2Svc (0be09cd858abf9df6ed259d57a1a1663) C:\Windows\system32\Mcx2Svc.dll

12:59:33.0268 8128 Mcx2Svc - ok

12:59:33.0321 8128 megasas (a55805f747c6edb6a9080d7c633bd0f4) C:\Windows\system32\DRIVERS\megasas.sys

12:59:33.0345 8128 megasas - ok

12:59:33.0394 8128 MegaSR (baf74ce0072480c3b6b7c13b2a94d6b3) C:\Windows\system32\DRIVERS\MegaSR.sys

12:59:33.0420 8128 MegaSR - ok

12:59:33.0470 8128 mfeapfk (01884cb7655c8908b43ff5e364fe6fd2) C:\Windows\system32\drivers\mfeapfk.sys

12:59:33.0493 8128 mfeapfk - ok

12:59:33.0544 8128 mfeavfk (dab9a9cdfb04e4d68924492aa043019d) C:\Windows\system32\drivers\mfeavfk.sys

12:59:33.0574 8128 mfeavfk - ok

12:59:33.0624 8128 mfeavfk01 - ok

12:59:33.0674 8128 mfefire (b26782c3d6045b4464017d7926877560) C:\Program Files\Common Files\McAfee\SystemCore\\mfefire.exe

12:59:33.0699 8128 mfefire - ok

12:59:33.0748 8128 mfefirek (ce9a3680675c0907ade16404ca967b49) C:\Windows\system32\drivers\mfefirek.sys

12:59:33.0788 8128 mfefirek - ok

12:59:33.0834 8128 mfehidk (60cf67458dd29cd17e77f2327b1a9a54) C:\Windows\system32\drivers\mfehidk.sys

12:59:33.0860 8128 mfehidk - ok

12:59:33.0925 8128 mfenlfk (a8129cfb919347f8533c934b365e9202) C:\Windows\system32\DRIVERS\mfenlfk.sys

12:59:33.0946 8128 mfenlfk - ok

12:59:33.0986 8128 mferkdet (5041fa2bd2b3a2693b015771bfbf6dca) C:\Windows\system32\drivers\mferkdet.sys

12:59:34.0010 8128 mferkdet - ok

12:59:34.0104 8128 mfevtp (723a5eb6cef7f408c3d0f15a82a6bff8) C:\Program Files\Common Files\McAfee\SystemCore\mfevtps.exe

12:59:34.0135 8128 mfevtp - ok

12:59:34.0190 8128 mfewfpk (919c56db14a0e1e2ab6da5d2821dc26e) C:\Windows\system32\drivers\mfewfpk.sys

12:59:34.0219 8128 mfewfpk - ok

12:59:34.0274 8128 MMCSS (e40e80d0304a73e8d269f7141d77250b) C:\Windows\system32\mmcss.dll

12:59:34.0371 8128 MMCSS - ok

12:59:34.0407 8128 Modem (800ba92f7010378b09f9ed9270f07137) C:\Windows\system32\drivers\modem.sys

12:59:34.0511 8128 Modem - ok

12:59:34.0553 8128 monitor (b03d591dc7da45ece20b3b467e6aadaa) C:\Windows\system32\DRIVERS\monitor.sys

12:59:34.0600 8128 monitor - ok

12:59:34.0676 8128 mouclass (7d27ea49f3c1f687d357e77a470aea99) C:\Windows\system32\drivers\mouclass.sys

12:59:34.0689 8128 mouclass - ok

12:59:34.0758 8128 mouhid (d3bf052c40b0c4166d9fd86a4288c1e6) C:\Windows\system32\DRIVERS\mouhid.sys

12:59:34.0807 8128 mouhid - ok

12:59:34.0873 8128 mountmgr (32e7a3d591d671a6df2db515a5cbe0fa) C:\Windows\system32\drivers\mountmgr.sys

12:59:34.0892 8128 mountmgr - ok

12:59:34.0927 8128 mpio (a44b420d30bd56e145d6a2bc8768ec58) C:\Windows\system32\drivers\mpio.sys

12:59:34.0948 8128 mpio - ok

12:59:34.0977 8128 mpsdrv (6c38c9e45ae0ea2fa5e551f2ed5e978f) C:\Windows\system32\drivers\mpsdrv.sys

12:59:35.0066 8128 mpsdrv - ok

12:59:35.0149 8128 MpsSvc (54ffc9c8898113ace189d4aa7199d2c1) C:\Windows\system32\mpssvc.dll

12:59:35.0268 8128 MpsSvc - ok

12:59:35.0305 8128 MRxDAV (dc722758b8261e1abafd31a3c0a66380) C:\Windows\system32\drivers\mrxdav.sys

12:59:35.0365 8128 MRxDAV - ok

12:59:35.0410 8128 mrxsmb (a5d9106a73dc88564c825d317cac68ac) C:\Windows\system32\DRIVERS\mrxsmb.sys

12:59:35.0473 8128 mrxsmb - ok

12:59:35.0531 8128 mrxsmb10 (d711b3c1d5f42c0c2415687be09fc163) C:\Windows\system32\DRIVERS\mrxsmb10.sys

12:59:35.0591 8128 mrxsmb10 - ok

12:59:35.0638 8128 mrxsmb20 (9423e9d355c8d303e76b8cfbd8a5c30c) C:\Windows\system32\DRIVERS\mrxsmb20.sys

12:59:35.0672 8128 mrxsmb20 - ok

12:59:35.0710 8128 msahci (c25f0bafa182cbca2dd3c851c2e75796) C:\Windows\system32\drivers\msahci.sys

12:59:35.0724 8128 msahci - ok

12:59:35.0744 8128 msdsm (db801a638d011b9633829eb6f663c900) C:\Windows\system32\drivers\msdsm.sys

12:59:35.0761 8128 msdsm - ok

12:59:35.0811 8128 MSDTC (de0ece52236cfa3ed2dbfc03f28253a8) C:\Windows\System32\msdtc.exe

12:59:35.0843 8128 MSDTC - ok

12:59:35.0889 8128 Msfs (aa3fb40e17ce1388fa1bedab50ea8f96) C:\Windows\system32\drivers\Msfs.sys

12:59:35.0958 8128 Msfs - ok

12:59:36.0000 8128 mshidkmdf (f9d215a46a8b9753f61767fa72a20326) C:\Windows\System32\drivers\mshidkmdf.sys

12:59:36.0086 8128 mshidkmdf - ok

12:59:36.0111 8128 msisadrv (d916874bbd4f8b07bfb7fa9b3ccae29d) C:\Windows\system32\drivers\msisadrv.sys

12:59:36.0128 8128 msisadrv - ok

12:59:36.0160 8128 MSiSCSI (808e98ff49b155c522e6400953177b08) C:\Windows\system32\iscsiexe.dll

12:59:36.0236 8128 MSiSCSI - ok

12:59:36.0239 8128 msiserver - ok

12:59:36.0281 8128 MSKSSRV (49ccf2c4fea34ffad8b1b59d49439366) C:\Windows\system32\drivers\MSKSSRV.sys

12:59:36.0358 8128 MSKSSRV - ok

12:59:36.0411 8128 MSPCLOCK (bdd71ace35a232104ddd349ee70e1ab3) C:\Windows\system32\drivers\MSPCLOCK.sys

12:59:36.0491 8128 MSPCLOCK - ok

12:59:36.0502 8128 MSPQM (4ed981241db27c3383d72092b618a1d0) C:\Windows\system32\drivers\MSPQM.sys

12:59:36.0570 8128 MSPQM - ok

12:59:36.0645 8128 MsRPC (759a9eeb0fa9ed79da1fb7d4ef78866d) C:\Windows\system32\drivers\MsRPC.sys

12:59:36.0753 8128 MsRPC - ok

12:59:36.0785 8128 mssmbios (0eed230e37515a0eaee3c2e1bc97b288) C:\Windows\system32\drivers\mssmbios.sys

12:59:36.0814 8128 mssmbios - ok

12:59:36.0854 8128 MSTEE (2e66f9ecb30b4221a318c92ac2250779) C:\Windows\system32\drivers\MSTEE.sys

12:59:36.0949 8128 MSTEE - ok

12:59:36.0971 8128 MTConfig (7ea404308934e675bffde8edf0757bcd) C:\Windows\system32\DRIVERS\MTConfig.sys

12:59:37.0023 8128 MTConfig - ok

12:59:37.0055 8128 Mup (f9a18612fd3526fe473c1bda678d61c8) C:\Windows\system32\Drivers\mup.sys

12:59:37.0084 8128 Mup - ok

12:59:37.0131 8128 napagent (582ac6d9873e31dfa28a4547270862dd) C:\Windows\system32\qagentRT.dll

12:59:37.0179 8128 napagent - ok

12:59:37.0236 8128 NativeWifiP (1ea3749c4114db3e3161156ffffa6b33) C:\Windows\system32\DRIVERS\nwifi.sys

12:59:37.0287 8128 NativeWifiP - ok

12:59:37.0365 8128 NDIS (79b47fd40d9a817e932f9d26fac0a81c) C:\Windows\system32\drivers\ndis.sys

12:59:37.0402 8128 NDIS - ok

12:59:37.0423 8128 NdisCap (9f9a1f53aad7da4d6fef5bb73ab811ac) C:\Windows\system32\DRIVERS\ndiscap.sys

12:59:37.0472 8128 NdisCap - ok

12:59:37.0512 8128 NdisTapi (30639c932d9fef22b31268fe25a1b6e5) C:\Windows\system32\DRIVERS\ndistapi.sys

12:59:37.0563 8128 NdisTapi - ok

12:59:37.0643 8128 Ndisuio (136185f9fb2cc61e573e676aa5402356) C:\Windows\system32\DRIVERS\ndisuio.sys

12:59:37.0730 8128 Ndisuio - ok

12:59:37.0781 8128 NdisWan (53f7305169863f0a2bddc49e116c2e11) C:\Windows\system32\DRIVERS\ndiswan.sys

12:59:37.0871 8128 NdisWan - ok

12:59:37.0919 8128 NDProxy (015c0d8e0e0421b4cfd48cffe2825879) C:\Windows\system32\drivers\NDProxy.sys

12:59:38.0022 8128 NDProxy - ok

12:59:38.0092 8128 Net Driver HPZ12 (2334dc48997ba203b794df3ee70521db) C:\Windows\system32\HPZinw12.dll

12:59:38.0104 8128 Net Driver HPZ12 ( UnsignedFile.Multi.Generic ) - warning

12:59:38.0104 8128 Net Driver HPZ12 - detected UnsignedFile.Multi.Generic (1)

12:59:38.0146 8128 NetBIOS (86743d9f5d2b1048062b14b1d84501c4) C:\Windows\system32\DRIVERS\netbios.sys

12:59:38.0230 8128 NetBIOS - ok

12:59:38.0282 8128 NetBT (09594d1089c523423b32a4229263f068) C:\Windows\system32\DRIVERS\netbt.sys

12:59:38.0363 8128 NetBT - ok

12:59:38.0438 8128 Netlogon (c118a82cd78818c29ab228366ebf81c3) C:\Windows\system32\lsass.exe

12:59:38.0470 8128 Netlogon - ok

12:59:38.0509 8128 Netman (847d3ae376c0817161a14a82c8922a9e) C:\Windows\System32\netman.dll

12:59:38.0596 8128 Netman - ok

12:59:38.0628 8128 netprofm (5f28111c648f1e24f7dbc87cdeb091b8) C:\Windows\System32\netprofm.dll

12:59:38.0719 8128 netprofm - ok

12:59:38.0796 8128 NetTcpPortSharing (3e5a36127e201ddf663176b66828fafe) C:\Windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\SMSvcHost.exe

12:59:38.0826 8128 NetTcpPortSharing - ok

12:59:38.0849 8128 nfrd960 (77889813be4d166cdab78ddba990da92) C:\Windows\system32\DRIVERS\nfrd960.sys

12:59:38.0863 8128 nfrd960 - ok

12:59:38.0929 8128 NlaSvc (1ee99a89cc788ada662441d1e9830529) C:\Windows\System32\nlasvc.dll

12:59:38.0992 8128 NlaSvc - ok

12:59:39.0011 8128 Npfs (1e4c4ab5c9b8dd13179bbdc75a2a01f7) C:\Windows\system32\drivers\Npfs.sys

12:59:39.0059 8128 Npfs - ok

12:59:39.0079 8128 nsi (d54bfdf3e0c953f823b3d0bfe4732528) C:\Windows\system32\nsisvc.dll

12:59:39.0141 8128 nsi - ok

12:59:39.0180 8128 nsiproxy (e7f5ae18af4168178a642a9247c63001) C:\Windows\system32\drivers\nsiproxy.sys

12:59:39.0263 8128 nsiproxy - ok

12:59:39.0381 8128 Ntfs (a2f74975097f52a00745f9637451fdd8) C:\Windows\system32\drivers\Ntfs.sys

12:59:39.0590 8128 Ntfs - ok

12:59:39.0706 8128 Null (9899284589f75fa8724ff3d16aed75c1) C:\Windows\system32\drivers\Null.sys

12:59:39.0778 8128 Null - ok

12:59:39.0838 8128 nvraid (0a92cb65770442ed0dc44834632f66ad) C:\Windows\system32\drivers\nvraid.sys

12:59:39.0874 8128 nvraid - ok

12:59:39.0917 8128 nvstor (dab0e87525c10052bf65f06152f37e4a) C:\Windows\system32\drivers\nvstor.sys

12:59:39.0940 8128 nvstor - ok

12:59:39.0982 8128 nv_agp (270d7cd42d6e3979f6dd0146650f0e05) C:\Windows\system32\drivers\nv_agp.sys

12:59:39.0999 8128 nv_agp - ok

12:59:40.0136 8128 odserv (785f487a64950f3cb8e9f16253ba3b7b) C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE12\ODSERV.EXE

12:59:40.0167 8128 odserv - ok

12:59:40.0205 8128 ohci1394 (3589478e4b22ce21b41fa1bfc0b8b8a0) C:\Windows\system32\drivers\ohci1394.sys

12:59:40.0266 8128 ohci1394 - ok

12:59:40.0339 8128 ose (9d10f99a6712e28f8acd5641e3a7ea6b) C:\Program Files (x86)\Common Files\Microsoft Shared\Source Engine\OSE.EXE

12:59:40.0359 8128 ose - ok

12:59:40.0713 8128 osppsvc (61bffb5f57ad12f83ab64b7181829b34) C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE

12:59:40.0807 8128 osppsvc - ok

12:59:40.0933 8128 p2pimsvc (3eac4455472cc2c97107b5291e0dcafe) C:\Windows\system32\pnrpsvc.dll

12:59:40.0984 8128 p2pimsvc - ok

12:59:41.0025 8128 p2psvc (927463ecb02179f88e4b9a17568c63c3) C:\Windows\system32\p2psvc.dll

12:59:41.0044 8128 p2psvc - ok

12:59:41.0095 8128 Parport (0086431c29c35be1dbc43f52cc273887) C:\Windows\system32\DRIVERS\parport.sys

12:59:41.0111 8128 Parport - ok

12:59:41.0149 8128 partmgr (e9766131eeade40a27dc27d2d68fba9c) C:\Windows\system32\drivers\partmgr.sys

12:59:41.0165 8128 partmgr - ok

12:59:41.0203 8128 PcaSvc (3aeaa8b561e63452c655dc0584922257) C:\Windows\System32\pcasvc.dll

12:59:41.0258 8128 PcaSvc - ok

12:59:41.0288 8128 pci (94575c0571d1462a0f70bde6bd6ee6b3) C:\Windows\system32\drivers\pci.sys

12:59:41.0318 8128 pci - ok

12:59:41.0344 8128 pciide (b5b8b5ef2e5cb34df8dcf8831e3534fa) C:\Windows\system32\drivers\pciide.sys

12:59:41.0359 8128 pciide - ok

12:59:41.0390 8128 pcmcia (b2e81d4e87ce48589f98cb8c05b01f2f) C:\Windows\system32\DRIVERS\pcmcia.sys

12:59:41.0408 8128 pcmcia - ok

12:59:41.0429 8128 pcw (d6b9c2e1a11a3a4b26a182ffef18f603) C:\Windows\system32\drivers\pcw.sys

12:59:41.0444 8128 pcw - ok

12:59:41.0505 8128 PEAUTH (68769c3356b3be5d1c732c97b9a80d6e) C:\Windows\system32\drivers\peauth.sys

12:59:41.0609 8128 PEAUTH - ok

12:59:41.0698 8128 PerfHost (e495e408c93141e8fc72dc0c6046ddfa) C:\Windows\SysWow64\perfhost.exe

12:59:41.0758 8128 PerfHost - ok

12:59:41.0869 8128 pla (c7cf6a6e137463219e1259e3f0f0dd6c) C:\Windows\system32\pla.dll

12:59:41.0936 8128 pla - ok

12:59:42.0009 8128 PlugPlay (25fbdef06c4d92815b353f6e792c8129) C:\Windows\system32\umpnpmgr.dll

12:59:42.0075 8128 PlugPlay - ok

12:59:42.0137 8128 Pml Driver HPZ12 (ac78df349f0e4cfb8b667c0cfff83cce) C:\Windows\system32\HPZipm12.dll

12:59:42.0167 8128 Pml Driver HPZ12 ( UnsignedFile.Multi.Generic ) - warning

12:59:42.0167 8128 Pml Driver HPZ12 - detected UnsignedFile.Multi.Generic (1)

12:59:42.0205 8128 PNRPAutoReg (7195581cec9bb7d12abe54036acc2e38) C:\Windows\system32\pnrpauto.dll

12:59:42.0262 8128 PNRPAutoReg - ok

12:59:42.0308 8128 PNRPsvc (3eac4455472cc2c97107b5291e0dcafe) C:\Windows\system32\pnrpsvc.dll

12:59:42.0350 8128 PNRPsvc - ok

12:59:42.0408 8128 PolicyAgent (4f15d75adf6156bf56eced6d4a55c389) C:\Windows\System32\ipsecsvc.dll

12:59:42.0502 8128 PolicyAgent - ok

12:59:42.0545 8128 Power (6ba9d927dded70bd1a9caded45f8b184) C:\Windows\system32\umpo.dll

12:59:42.0642 8128 Power - ok

12:59:42.0718 8128 PptpMiniport (f92a2c41117a11a00be01ca01a7fcde9) C:\Windows\system32\DRIVERS\raspptp.sys

12:59:42.0803 8128 PptpMiniport - ok

12:59:42.0841 8128 Processor (0d922e23c041efb1c3fac2a6f943c9bf) C:\Windows\system32\DRIVERS\processr.sys

12:59:42.0899 8128 Processor - ok

12:59:42.0950 8128 ProfSvc (5c78838b4d166d1a27db3a8a820c799a) C:\Windows\system32\profsvc.dll

12:59:43.0036 8128 ProfSvc - ok

12:59:43.0073 8128 ProtectedStorage (c118a82cd78818c29ab228366ebf81c3) C:\Windows\system32\lsass.exe

12:59:43.0097 8128 ProtectedStorage - ok

12:59:43.0154 8128 Psched (0557cf5a2556bd58e26384169d72438d) C:\Windows\system32\DRIVERS\pacer.sys

12:59:43.0205 8128 Psched - ok

12:59:43.0235 8128 PxHlpa64 (4712cc14e720ecccc0aa16949d18aaf1) C:\Windows\system32\Drivers\PxHlpa64.sys

12:59:43.0262 8128 PxHlpa64 - ok

12:59:43.0411 8128 QBCFMonitorService (17996ca5c59259ae02ca95bd11d7beec) C:\Program Files (x86)\Common Files\Intuit\QuickBooks\QBCFMonitorService.exe

12:59:43.0444 8128 QBCFMonitorService ( UnsignedFile.Multi.Generic ) - warning

12:59:43.0444 8128 QBCFMonitorService - detected UnsignedFile.Multi.Generic (1)

12:59:43.0526 8128 QBFCService (2241eaf40e472c471cb80cf6b97cca11) C:\Program Files (x86)\Common Files\Intuit\QuickBooks\FCS\Intuit.QuickBooks.FCS.exe

12:59:43.0558 8128 QBFCService ( UnsignedFile.Multi.Generic ) - warning

12:59:43.0558 8128 QBFCService - detected UnsignedFile.Multi.Generic (1)

12:59:44.0073 8128 ql2300 (a53a15a11ebfd21077463ee2c7afeef0) C:\Windows\system32\DRIVERS\ql2300.sys

12:59:44.0114 8128 ql2300 - ok

12:59:44.0252 8128 ql40xx (4f6d12b51de1aaeff7dc58c4d75423c8) C:\Windows\system32\DRIVERS\ql40xx.sys

12:59:44.0285 8128 ql40xx - ok

12:59:44.0339 8128 QWAVE (906191634e99aea92c4816150bda3732) C:\Windows\system32\qwave.dll

12:59:44.0410 8128 QWAVE - ok

12:59:44.0425 8128 QWAVEdrv (76707bb36430888d9ce9d705398adb6c) C:\Windows\system32\drivers\qwavedrv.sys

12:59:44.0493 8128 QWAVEdrv - ok

12:59:44.0524 8128 RasAcd (5a0da8ad5762fa2d91678a8a01311704) C:\Windows\system32\DRIVERS\rasacd.sys

12:59:44.0607 8128 RasAcd - ok

12:59:44.0654 8128 RasAgileVpn (7ecff9b22276b73f43a99a15a6094e90) C:\Windows\system32\DRIVERS\AgileVpn.sys

12:59:44.0719 8128 RasAgileVpn - ok

12:59:44.0745 8128 RasAuto (8f26510c5383b8dbe976de1cd00fc8c7) C:\Windows\System32\rasauto.dll

12:59:44.0830 8128 RasAuto - ok

12:59:44.0875 8128 Rasl2tp (471815800ae33e6f1c32fb1b97c490ca) C:\Windows\system32\DRIVERS\rasl2tp.sys

12:59:44.0959 8128 Rasl2tp - ok

12:59:45.0008 8128 RasMan (ee867a0870fc9e4972ba9eaad35651e2) C:\Windows\System32\rasmans.dll

12:59:45.0066 8128 RasMan - ok

12:59:45.0101 8128 RasPppoe (855c9b1cd4756c5e9a2aa58a15f58c25) C:\Windows\system32\DRIVERS\raspppoe.sys

12:59:45.0179 8128 RasPppoe - ok

12:59:45.0222 8128 RasSstp (e8b1e447b008d07ff47d016c2b0eeecb) C:\Windows\system32\DRIVERS\rassstp.sys

12:59:45.0296 8128 RasSstp - ok

12:59:45.0347 8128 rdbss (77f665941019a1594d887a74f301fa2f) C:\Windows\system32\DRIVERS\rdbss.sys

12:59:45.0442 8128 rdbss - ok

12:59:45.0474 8128 rdpbus (302da2a0539f2cf54d7c6cc30c1f2d8d) C:\Windows\system32\DRIVERS\rdpbus.sys

12:59:45.0533 8128 rdpbus - ok

12:59:45.0586 8128 RDPCDD (cea6cc257fc9b7715f1c2b4849286d24) C:\Windows\system32\DRIVERS\RDPCDD.sys

12:59:45.0676 8128 RDPCDD - ok

12:59:45.0693 8128 RDPENCDD (bb5971a4f00659529a5c44831af22365) C:\Windows\system32\drivers\rdpencdd.sys

12:59:45.0751 8128 RDPENCDD - ok

12:59:45.0796 8128 RDPREFMP (216f3fa57533d98e1f74ded70113177a) C:\Windows\system32\drivers\rdprefmp.sys

12:59:45.0864 8128 RDPREFMP - ok

12:59:45.0934 8128 RDPWD (6d76e6433574b058adcb0c50df834492) C:\Windows\system32\drivers\RDPWD.sys

12:59:46.0066 8128 RDPWD - ok

12:59:46.0123 8128 rdyboost (34ed295fa0121c241bfef24764fc4520) C:\Windows\system32\drivers\rdyboost.sys

12:59:46.0156 8128 rdyboost - ok

12:59:46.0193 8128 RemoteAccess (254fb7a22d74e5511c73a3f6d802f192) C:\Windows\System32\mprdim.dll

12:59:46.0284 8128 RemoteAccess - ok

12:59:46.0318 8128 RemoteRegistry (e4d94f24081440b5fc5aa556c7c62702) C:\Windows\system32\regsvc.dll

12:59:46.0408 8128 RemoteRegistry - ok

12:59:46.0457 8128 RFCOMM (3dd798846e2c28102b922c56e71b7932) C:\Windows\system32\DRIVERS\rfcomm.sys

12:59:46.0513 8128 RFCOMM - ok

12:59:46.0543 8128 RpcEptMapper (e4dc58cf7b3ea515ae917ff0d402a7bb) C:\Windows\System32\RpcEpMap.dll

12:59:46.0622 8128 RpcEptMapper - ok

12:59:46.0667 8128 RpcLocator (d5ba242d4cf8e384db90e6a8ed850b8c) C:\Windows\system32\locator.exe

12:59:46.0725 8128 RpcLocator - ok

12:59:46.0883 8128 RpcSs (5c627d1b1138676c0a7ab2c2c190d123) C:\Windows\system32\rpcss.dll

12:59:46.0932 8128 RpcSs - ok

12:59:46.0988 8128 rspndr (ddc86e4f8e7456261e637e3552e804ff) C:\Windows\system32\DRIVERS\rspndr.sys

12:59:47.0066 8128 rspndr - ok

12:59:47.0125 8128 RSUSBSTOR (30f463768d5143bfd7b2df822b53cf4d) C:\Windows\system32\Drivers\RtsUStor.sys

12:59:47.0143 8128 RSUSBSTOR - ok

12:59:47.0202 8128 RTL8167 (fd978b2bf8a9b2390dcbef435e9c1f9f) C:\Windows\system32\DRIVERS\Rt64win7.sys

12:59:47.0228 8128 RTL8167 - ok

12:59:47.0254 8128 SamSs (c118a82cd78818c29ab228366ebf81c3) C:\Windows\system32\lsass.exe

12:59:47.0272 8128 SamSs - ok

12:59:47.0434 8128 SASDIFSV - ok

12:59:47.0482 8128 SASKUTIL - ok

12:59:47.0519 8128 sbp2port (ac03af3329579fffb455aa2daabbe22b) C:\Windows\system32\drivers\sbp2port.sys

12:59:47.0552 8128 sbp2port - ok

12:59:47.0594 8128 SCardSvr (9b7395789e3791a3b6d000fe6f8b131e) C:\Windows\System32\SCardSvr.dll

12:59:47.0647 8128 SCardSvr - ok

12:59:47.0697 8128 scfilter (253f38d0d7074c02ff8deb9836c97d2b) C:\Windows\system32\DRIVERS\scfilter.sys

12:59:47.0787 8128 scfilter - ok

12:59:47.0860 8128 Schedule (262f6592c3299c005fd6bec90fc4463a) C:\Windows\system32\schedsvc.dll

12:59:47.0968 8128 Schedule - ok

12:59:48.0018 8128 SCPolicySvc (f17d1d393bbc69c5322fbfafaca28c7f) C:\Windows\System32\certprop.dll

12:59:48.0079 8128 SCPolicySvc - ok

12:59:48.0105 8128 SDRSVC (6ea4234dc55346e0709560fe7c2c1972) C:\Windows\System32\SDRSVC.dll

12:59:48.0158 8128 SDRSVC - ok

12:59:48.0312 8128 SeaPort (cc781378e7eda615d2cdca3b17829fa4) C:\Program Files (x86)\Microsoft\BingBar\SeaPort.EXE

12:59:48.0346 8128 SeaPort - ok

12:59:48.0403 8128 secdrv (3ea8a16169c26afbeb544e0e48421186) C:\Windows\system32\drivers\secdrv.sys

12:59:48.0492 8128 secdrv - ok

12:59:48.0533 8128 seclogon (bc617a4e1b4fa8df523a061739a0bd87) C:\Windows\system32\seclogon.dll

12:59:48.0618 8128 seclogon - ok

12:59:48.0657 8128 SENS (c32ab8fa018ef34c0f113bd501436d21) C:\Windows\System32\sens.dll

12:59:48.0715 8128 SENS - ok

12:59:48.0782 8128 SensrSvc (0336cffafaab87a11541f1cf1594b2b2) C:\Windows\system32\sensrsvc.dll

12:59:48.0842 8128 SensrSvc - ok

12:59:48.0883 8128 Serenum (cb624c0035412af0debec78c41f5ca1b) C:\Windows\system32\DRIVERS\serenum.sys

12:59:48.0941 8128 Serenum - ok

12:59:48.0971 8128 Serial (c1d8e28b2c2adfaec4ba89e9fda69bd6) C:\Windows\system32\DRIVERS\serial.sys

12:59:49.0021 8128 Serial - ok

12:59:49.0193 8128 sermouse (1c545a7d0691cc4a027396535691c3e3) C:\Windows\system32\DRIVERS\sermouse.sys

12:59:49.0251 8128 sermouse - ok

12:59:49.0325 8128 SessionEnv (0b6231bf38174a1628c4ac812cc75804) C:\Windows\system32\sessenv.dll

12:59:49.0451 8128 SessionEnv - ok

12:59:49.0487 8128 sffdisk (a554811bcd09279536440c964ae35bbf) C:\Windows\system32\drivers\sffdisk.sys

12:59:49.0537 8128 sffdisk - ok

12:59:49.0563 8128 sffp_mmc (ff414f0baefeba59bc6c04b3db0b87bf) C:\Windows\system32\drivers\sffp_mmc.sys

12:59:49.0611 8128 sffp_mmc - ok

12:59:49.0619 8128 sffp_sd (dd85b78243a19b59f0637dcf284da63c) C:\Windows\system32\drivers\sffp_sd.sys

12:59:49.0697 8128 sffp_sd - ok

12:59:49.0735 8128 sfloppy (a9d601643a1647211a1ee2ec4e433ff4) C:\Windows\system32\DRIVERS\sfloppy.sys

12:59:49.0760 8128 sfloppy - ok

12:59:49.0854 8128 Sftfs (c6cc9297bd53e5229653303e556aa539) C:\Windows\system32\DRIVERS\Sftfslh.sys

12:59:49.0894 8128 Sftfs - ok

12:59:50.0017 8128 sftlist (13693b6354dd6e72dc5131da7d764b90) C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe

12:59:50.0051 8128 sftlist - ok

12:59:50.0089 8128 Sftplay (390aa7bc52cee43f6790cdea1e776703) C:\Windows\system32\DRIVERS\Sftplaylh.sys

12:59:50.0104 8128 Sftplay - ok

12:59:50.0117 8128 Sftredir (617e29a0b0a2807466560d4c4e338d3e) C:\Windows\system32\DRIVERS\Sftredirlh.sys

12:59:50.0129 8128 Sftredir - ok

12:59:50.0253 8128 SftService (74ec60e20516aaa573be74f31175270f) C:\Program Files (x86)\Dell DataSafe Local Backup\sftservice.EXE

12:59:50.0303 8128 SftService - ok

12:59:50.0424 8128 Sftvol (8f571f016fa1976f445147e9e6c8ae9b) C:\Windows\system32\DRIVERS\Sftvollh.sys

12:59:50.0449 8128 Sftvol - ok

12:59:50.0530 8128 sftvsa (c3cddd18f43d44ab713cf8c4916f7696) C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe

12:59:50.0556 8128 sftvsa - ok

12:59:50.0634 8128 SharedAccess (b95f6501a2f8b2e78c697fec401970ce) C:\Windows\System32\ipnathlp.dll

12:59:50.0703 8128 SharedAccess - ok

12:59:50.0761 8128 ShellHWDetection (aaf932b4011d14052955d4b212a4da8d) C:\Windows\System32\shsvcs.dll

12:59:50.0860 8128 ShellHWDetection - ok

12:59:50.0893 8128 SiSRaid2 (843caf1e5fde1ffd5ff768f23a51e2e1) C:\Windows\system32\DRIVERS\SiSRaid2.sys

12:59:50.0908 8128 SiSRaid2 - ok

12:59:50.0916 8128 SiSRaid4 (6a6c106d42e9ffff8b9fcb4f754f6da4) C:\Windows\system32\DRIVERS\sisraid4.sys

12:59:50.0931 8128 SiSRaid4 - ok

12:59:50.0999 8128 SkypeUpdate (6128e98eaaed364ed1a32708d2fd22cb) C:\Program Files (x86)\Skype\Updater\Updater.exe

12:59:51.0021 8128 SkypeUpdate - ok

12:59:51.0054 8128 Smb (548260a7b8654e024dc30bf8a7c5baa4) C:\Windows\system32\DRIVERS\smb.sys

12:59:51.0160 8128 Smb - ok

12:59:51.0211 8128 SNMPTRAP (6313f223e817cc09aa41811daa7f541d) C:\Windows\System32\snmptrap.exe

12:59:51.0268 8128 SNMPTRAP - ok

12:59:51.0303 8128 spldr (b9e31e5cacdfe584f34f730a677803f9) C:\Windows\system32\drivers\spldr.sys

12:59:51.0336 8128 spldr - ok

12:59:51.0405 8128 Spooler (b96c17b5dc1424d56eea3a99e97428cd) C:\Windows\System32\spoolsv.exe

12:59:51.0462 8128 Spooler - ok

12:59:51.0972 8128 sppsvc (e17e0188bb90fae42d83e98707efa59c) C:\Windows\system32\sppsvc.exe

12:59:52.0081 8128 sppsvc - ok

12:59:52.0195 8128 sppuinotify (93d7d61317f3d4bc4f4e9f8a96a7de45) C:\Windows\system32\sppuinotify.dll

12:59:52.0258 8128 sppuinotify - ok

12:59:52.0331 8128 srv (441fba48bff01fdb9d5969ebc1838f0b) C:\Windows\system32\DRIVERS\srv.sys

12:59:52.0386 8128 srv - ok

12:59:52.0434 8128 srv2 (b4adebbf5e3677cce9651e0f01f7cc28) C:\Windows\system32\DRIVERS\srv2.sys

12:59:52.0485 8128 srv2 - ok

12:59:52.0514 8128 srvnet (27e461f0be5bff5fc737328f749538c3) C:\Windows\system32\DRIVERS\srvnet.sys

12:59:52.0530 8128 srvnet - ok

12:59:52.0572 8128 SSDPSRV (51b52fbd583cde8aa9ba62b8b4298f33) C:\Windows\System32\ssdpsrv.dll

12:59:52.0670 8128 SSDPSRV - ok

12:59:52.0696 8128 SstpSvc (ab7aebf58dad8daab7a6c45e6a8885cb) C:\Windows\system32\sstpsvc.dll

12:59:52.0740 8128 SstpSvc - ok

12:59:52.0825 8128 STacSV (463e33b1ea7af1e6eb87b66b831db41a) C:\Program Files\IDT\WDM\STacSV64.exe

12:59:52.0883 8128 STacSV - ok

12:59:52.0913 8128 stexstor (f3817967ed533d08327dc73bc4d5542a) C:\Windows\system32\DRIVERS\stexstor.sys

12:59:52.0935 8128 stexstor - ok

12:59:53.0009 8128 STHDA (4304b75094e106fb5423a290c95841e5) C:\Windows\system32\DRIVERS\stwrt64.sys

12:59:53.0061 8128 STHDA - ok

12:59:53.0118 8128 StillCam (decacb6921ded1a38642642685d77dac) C:\Windows\system32\DRIVERS\serscan.sys

12:59:53.0176 8128 StillCam - ok

12:59:53.0238 8128 stisvc (8dd52e8e6128f4b2da92ce27402871c1) C:\Windows\System32\wiaservc.dll

12:59:53.0319 8128 stisvc - ok

12:59:53.0363 8128 swenum (d01ec09b6711a5f8e7e6564a4d0fbc90) C:\Windows\system32\drivers\swenum.sys

12:59:53.0384 8128 swenum - ok

12:59:53.0426 8128 swprv (e08e46fdd841b7184194011ca1955a0b) C:\Windows\System32\swprv.dll

12:59:53.0502 8128 swprv - ok

12:59:53.0577 8128 SynTP (8a3fbcb3d6d4710730d27da4392a4863) C:\Windows\system32\DRIVERS\SynTP.sys

12:59:53.0604 8128 SynTP - ok

12:59:53.0768 8128 SysMain (bf9ccc0bf39b418c8d0ae8b05cf95b7d) C:\Windows\system32\sysmain.dll

12:59:53.0880 8128 SysMain - ok

12:59:54.0015 8128 TabletInputService (e3c61fd7b7c2557e1f1b0b4cec713585) C:\Windows\System32\TabSvc.dll

12:59:54.0059 8128 TabletInputService - ok

12:59:54.0085 8128 TapiSrv (40f0849f65d13ee87b9a9ae3c1dd6823) C:\Windows\System32\tapisrv.dll

12:59:54.0149 8128 TapiSrv - ok

12:59:54.0263 8128 TBS (1be03ac720f4d302ea01d40f588162f6) C:\Windows\System32\tbssvc.dll

12:59:54.0324 8128 TBS - ok

12:59:54.0490 8128 Tcpip (acb82bda8f46c84f465c1afa517dc4b9) C:\Windows\system32\drivers\tcpip.sys

12:59:54.0598 8128 Tcpip - ok

12:59:54.0896 8128 TCPIP6 (acb82bda8f46c84f465c1afa517dc4b9) C:\Windows\system32\DRIVERS\tcpip.sys

12:59:54.0943 8128 TCPIP6 - ok

12:59:55.0057 8128 tcpipreg (df687e3d8836bfb04fcc0615bf15a519) C:\Windows\system32\drivers\tcpipreg.sys

12:59:55.0134 8128 tcpipreg - ok

12:59:55.0199 8128 TDPIPE (3371d21011695b16333a3934340c4e7c) C:\Windows\system32\drivers\tdpipe.sys

12:59:55.0239 8128 TDPIPE - ok

12:59:55.0281 8128 TDTCP (51c5eceb1cdee2468a1748be550cfbc8) C:\Windows\system32\drivers\tdtcp.sys

12:59:55.0332 8128 TDTCP - ok

12:59:55.0389 8128 tdx (ddad5a7ab24d8b65f8d724f5c20fd806) C:\Windows\system32\DRIVERS\tdx.sys

12:59:55.0473 8128 tdx - ok

12:59:55.0506 8128 TermDD (561e7e1f06895d78de991e01dd0fb6e5) C:\Windows\system32\drivers\termdd.sys

12:59:55.0537 8128 TermDD - ok

12:59:55.0606 8128 TermService (2e648163254233755035b46dd7b89123) C:\Windows\System32\termsrv.dll

12:59:55.0705 8128 TermService - ok

12:59:55.0730 8128 Themes (f0344071948d1a1fa732231785a0664c) C:\Windows\system32\themeservice.dll

12:59:55.0802 8128 Themes - ok

12:59:55.0846 8128 THREADORDER (e40e80d0304a73e8d269f7141d77250b) C:\Windows\system32\mmcss.dll

12:59:55.0908 8128 THREADORDER - ok

12:59:55.0952 8128 TrkWks (7e7afd841694f6ac397e99d75cead49d) C:\Windows\System32\trkwks.dll

12:59:56.0031 8128 TrkWks - ok

12:59:56.0111 8128 TrustedInstaller (773212b2aaa24c1e31f10246b15b276c) C:\Windows\servicing\TrustedInstaller.exe

12:59:56.0198 8128 TrustedInstaller - ok

12:59:56.0245 8128 tssecsrv (ce18b2cdfc837c99e5fae9ca6cba5d30) C:\Windows\system32\DRIVERS\tssecsrv.sys

12:59:56.0326 8128 tssecsrv - ok

12:59:56.0398 8128 TsUsbFlt (d11c783e3ef9a3c52c0ebe83cc5000e9) C:\Windows\system32\drivers\tsusbflt.sys

12:59:56.0461 8128 TsUsbFlt - ok

12:59:56.0511 8128 tunnel (3566a8daafa27af944f5d705eaa64894) C:\Windows\system32\DRIVERS\tunnel.sys

12:59:56.0600 8128 tunnel - ok

12:59:56.0631 8128 uagp35 (b4dd609bd7e282bfc683cec7eaaaad67) C:\Windows\system32\DRIVERS\uagp35.sys

12:59:56.0645 8128 uagp35 - ok

12:59:56.0691 8128 udfs (ff4232a1a64012baa1fd97c7b67df593) C:\Windows\system32\DRIVERS\udfs.sys

12:59:56.0738 8128 udfs - ok

12:59:56.0859 8128 UI0Detect (3cbdec8d06b9968aba702eba076364a1) C:\Windows\system32\UI0Detect.exe

12:59:56.0888 8128 UI0Detect - ok

12:59:56.0940 8128 uliagpkx (4bfe1bc28391222894cbf1e7d0e42320) C:\Windows\system32\drivers\uliagpkx.sys

12:59:56.0972 8128 uliagpkx - ok

12:59:57.0009 8128 umbus (dc54a574663a895c8763af0fa1ff7561) C:\Windows\system32\drivers\umbus.sys

12:59:57.0061 8128 umbus - ok

12:59:57.0102 8128 UmPass (b2e8e8cb557b156da5493bbddcc1474d) C:\Windows\system32\DRIVERS\umpass.sys

12:59:57.0152 8128 UmPass - ok

12:59:57.0373 8128 UNS (cc3775100aba633984f73dfae1f55cae) C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe

12:59:57.0429 8128 UNS - ok

12:59:57.0553 8128 upnphost (d47ec6a8e81633dd18d2436b19baf6de) C:\Windows\System32\upnphost.dll

12:59:57.0674 8128 upnphost - ok

12:59:57.0766 8128 USBAAPL64 (aa33fc47ed58c34e6e9261e4f850b7eb) C:\Windows\system32\Drivers\usbaapl64.sys

12:59:57.0817 8128 USBAAPL64 - ok

12:59:57.0897 8128 usbaudio (82e8f44688e6fac57b5b7c6fc7adbc2a) C:\Windows\system32\drivers\usbaudio.sys

12:59:57.0963 8128 usbaudio - ok

12:59:58.0008 8128 usbccgp (6f1a3157a1c89435352ceb543cdb359c) C:\Windows\system32\DRIVERS\usbccgp.sys

12:59:58.0069 8128 usbccgp - ok

12:59:58.0121 8128 usbcir (af0892a803fdda7492f595368e3b68e7) C:\Windows\system32\drivers\usbcir.sys

12:59:58.0158 8128 usbcir - ok

12:59:58.0193 8128 usbehci (c025055fe7b87701eb042095df1a2d7b) C:\Windows\system32\drivers\usbehci.sys

12:59:58.0225 8128 usbehci - ok

12:59:58.0282 8128 usbhub (287c6c9410b111b68b52ca298f7b8c24) C:\Windows\system32\DRIVERS\usbhub.sys

12:59:58.0341 8128 usbhub - ok

12:59:58.0374 8128 usbohci (9840fc418b4cbd632d3d0a667a725c31) C:\Windows\system32\drivers\usbohci.sys

12:59:58.0401 8128 usbohci - ok

12:59:58.0447 8128 usbprint (73188f58fb384e75c4063d29413cee3d) C:\Windows\system32\DRIVERS\usbprint.sys

12:59:58.0506 8128 usbprint - ok

12:59:58.0567 8128 usbscan (aaa2513c8aed8b54b189fd0c6b1634c0) C:\Windows\system32\DRIVERS\usbscan.sys

12:59:58.0616 8128 usbscan - ok

12:59:58.0675 8128 USBSTOR (fed648b01349a3c8395a5169db5fb7d6) C:\Windows\system32\DRIVERS\USBSTOR.SYS

12:59:58.0738 8128 USBSTOR - ok

12:59:58.0770 8128 usbuhci (62069a34518bcf9c1fd9e74b3f6db7cd) C:\Windows\system32\drivers\usbuhci.sys

12:59:58.0818 8128 usbuhci - ok

12:59:58.0888 8128 usbvideo (454800c2bc7f3927ce030141ee4f4c50) C:\Windows\System32\Drivers\usbvideo.sys

12:59:58.0928 8128 usbvideo - ok

12:59:58.0953 8128 UxSms (edbb23cbcf2cdf727d64ff9b51a6070e) C:\Windows\System32\uxsms.dll

12:59:59.0032 8128 UxSms - ok

12:59:59.0086 8128 VaultSvc (c118a82cd78818c29ab228366ebf81c3) C:\Windows\system32\lsass.exe

12:59:59.0116 8128 VaultSvc - ok

12:59:59.0160 8128 vdrvroot (c5c876ccfc083ff3b128f933823e87bd) C:\Windows\system32\drivers\vdrvroot.sys

12:59:59.0191 8128 vdrvroot - ok

12:59:59.0253 8128 vds (8d6b481601d01a456e75c3210f1830be) C:\Windows\System32\vds.exe

12:59:59.0316 8128 vds - ok

12:59:59.0346 8128 vga (da4da3f5e02943c2dc8c6ed875de68dd) C:\Windows\system32\DRIVERS\vgapnp.sys

12:59:59.0364 8128 vga - ok

12:59:59.0384 8128 VgaSave (53e92a310193cb3c03bea963de7d9cfc) C:\Windows\System32\drivers\vga.sys

12:59:59.0472 8128 VgaSave - ok

12:59:59.0514 8128 vhdmp (2ce2df28c83aeaf30084e1b1eb253cbb) C:\Windows\system32\drivers\vhdmp.sys

12:59:59.0532 8128 vhdmp - ok

12:59:59.0561 8128 viaide (e5689d93ffe4e5d66c0178761240dd54) C:\Windows\system32\drivers\viaide.sys

12:59:59.0576 8128 viaide - ok

12:59:59.0619 8128 volmgr (d2aafd421940f640b407aefaaebd91b0) C:\Windows\system32\drivers\volmgr.sys

12:59:59.0650 8128 volmgr - ok

12:59:59.0698 8128 volmgrx (a255814907c89be58b79ef2f189b843b) C:\Windows\system32\drivers\volmgrx.sys

12:59:59.0736 8128 volmgrx - ok

12:59:59.0799 8128 volsnap (0d08d2f3b3ff84e433346669b5e0f639) C:\Windows\system32\drivers\volsnap.sys

12:59:59.0830 8128 volsnap - ok

12:59:59.0856 8128 vsmraid (5e2016ea6ebaca03c04feac5f330d997) C:\Windows\system32\DRIVERS\vsmraid.sys

12:59:59.0872 8128 vsmraid - ok

12:59:59.0979 8128 VSS (b60ba0bc31b0cb414593e169f6f21cc2) C:\Windows\system32\vssvc.exe

13:00:00.0090 8128 VSS - ok

13:00:00.0224 8128 vwifibus (36d4720b72b5c5d9cb2b9c29e9df67a1) C:\Windows\system32\DRIVERS\vwifibus.sys

13:00:00.0280 8128 vwifibus - ok

13:00:00.0307 8128 vwififlt (6a3d66263414ff0d6fa754c646612f3f) C:\Windows\system32\DRIVERS\vwififlt.sys

13:00:00.0369 8128 vwififlt - ok

13:00:00.0411 8128 vwifimp (6a638fc4bfddc4d9b186c28c91bd1a01) C:\Windows\system32\DRIVERS\vwifimp.sys

13:00:00.0446 8128 vwifimp - ok

13:00:00.0498 8128 W32Time (1c9d80cc3849b3788048078c26486e1a) C:\Windows\system32\w32time.dll

13:00:00.0552 8128 W32Time - ok

13:00:00.0580 8128 WacomPen (4e9440f4f152a7b944cb1663d3935a3e) C:\Windows\system32\DRIVERS\wacompen.sys

13:00:00.0632 8128 WacomPen - ok

13:00:00.0694 8128 WANARP (356afd78a6ed4457169241ac3965230c) C:\Windows\system32\DRIVERS\wanarp.sys

13:00:00.0778 8128 WANARP - ok

13:00:00.0782 8128 Wanarpv6 (356afd78a6ed4457169241ac3965230c) C:\Windows\system32\DRIVERS\wanarp.sys

13:00:00.0823 8128 Wanarpv6 - ok

13:00:00.0955 8128 WatAdminSvc (3cec96de223e49eaae3651fcf8faea6c) C:\Windows\system32\Wat\WatAdminSvc.exe

13:00:00.0993 8128 WatAdminSvc - ok

13:00:01.0104 8128 wbengine (78f4e7f5c56cb9716238eb57da4b6a75) C:\Windows\system32\wbengine.exe

13:00:01.0173 8128 wbengine - ok

13:00:01.0303 8128 WbioSrvc (3aa101e8edab2db4131333f4325c76a3) C:\Windows\System32\wbiosrvc.dll

13:00:01.0346 8128 WbioSrvc - ok

13:00:01.0401 8128 wcncsvc (7368a2afd46e5a4481d1de9d14848edd) C:\Windows\System32\wcncsvc.dll

13:00:01.0477 8128 wcncsvc - ok

13:00:01.0508 8128 WcsPlugInService (20f7441334b18cee52027661df4a6129) C:\Windows\System32\WcsPlugInService.dll

13:00:01.0565 8128 WcsPlugInService - ok

13:00:01.0650 8128 Wd (72889e16ff12ba0f235467d6091b17dc) C:\Windows\system32\DRIVERS\wd.sys

13:00:01.0681 8128 Wd - ok

13:00:01.0729 8128 Wdf01000 (441bd2d7b4f98134c3a4f9fa570fd250) C:\Windows\system32\drivers\Wdf01000.sys

13:00:01.0761 8128 Wdf01000 - ok

13:00:01.0802 8128 WdiServiceHost (bf1fc3f79b863c914687a737c2f3d681) C:\Windows\system32\wdi.dll

13:00:01.0871 8128 WdiServiceHost - ok

13:00:01.0875 8128 WdiSystemHost (bf1fc3f79b863c914687a737c2f3d681) C:\Windows\system32\wdi.dll

13:00:01.0898 8128 WdiSystemHost - ok

13:00:01.0948 8128 WebClient (3db6d04e1c64272f8b14eb8bc4616280) C:\Windows\System32\webclnt.dll

13:00:02.0012 8128 WebClient - ok

13:00:02.0048 8128 Wecsvc (c749025a679c5103e575e3b48e092c43) C:\Windows\system32\wecsvc.dll

13:00:02.0120 8128 Wecsvc - ok

13:00:02.0147 8128 wercplsupport (7e591867422dc788b9e5bd337a669a08) C:\Windows\System32\wercplsupport.dll

13:00:02.0240 8128 wercplsupport - ok

13:00:02.0286 8128 WerSvc (6d137963730144698cbd10f202e9f251) C:\Windows\System32\WerSvc.dll

13:00:02.0343 8128 WerSvc - ok

13:00:02.0410 8128 WfpLwf (611b23304bf067451a9fdee01fbdd725) C:\Windows\system32\DRIVERS\wfplwf.sys

13:00:02.0463 8128 WfpLwf - ok

13:00:02.0521 8128 WimFltr (b14ef15bd757fa488f9c970eee9c0d35) C:\Windows\system32\DRIVERS\wimfltr.sys

13:00:02.0546 8128 WimFltr - ok

13:00:02.0573 8128 WIMMount (05ecaec3e4529a7153b3136ceb49f0ec) C:\Windows\system32\drivers\wimmount.sys

13:00:02.0587 8128 WIMMount - ok

13:00:02.0621 8128 WinDefend - ok

13:00:02.0635 8128 WinHttpAutoProxySvc - ok

13:00:02.0702 8128 Winmgmt (19b07e7e8915d701225da41cb3877306) C:\Windows\system32\wbem\WMIsvc.dll

13:00:02.0786 8128 Winmgmt - ok

13:00:02.0902 8128 WinRM (bcb1310604aa415c4508708975b3931e) C:\Windows\system32\WsmSvc.dll

13:00:03.0042 8128 WinRM - ok

13:00:03.0228 8128 WinUsb (fe88b288356e7b47b74b13372add906d) C:\Windows\system32\DRIVERS\WinUsb.sys

13:00:03.0276 8128 WinUsb - ok

13:00:03.0347 8128 Wlansvc (4fada86e62f18a1b2f42ba18ae24e6aa) C:\Windows\System32\wlansvc.dll

13:00:03.0424 8128 Wlansvc - ok

13:00:03.0503 8128 wlcrasvc (06c8fa1cf39de6a735b54d906ba791c6) C:\Program Files\Windows Live\Mesh\wlcrasvc.exe

13:00:03.0530 8128 wlcrasvc - ok

13:00:03.0712 8128 wlidsvc (2bacd71123f42cea603f4e205e1ae337) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE

13:00:03.0766 8128 wlidsvc - ok

13:00:03.0840 8128 wltrysvc (de816a0624d54d68e1fb8a9028dcf81a) C:\Program Files\Dell\DW WLAN Card\WLTRYSVC.EXE

13:00:03.0875 8128 wltrysvc ( UnsignedFile.Multi.Generic ) - warning

13:00:03.0875 8128 wltrysvc - detected UnsignedFile.Multi.Generic (1)

13:00:04.0057 8128 WmiAcpi (f6ff8944478594d0e414d3f048f0d778) C:\Windows\system32\drivers\wmiacpi.sys

13:00:04.0107 8128 WmiAcpi - ok

13:00:04.0177 8128 wmiApSrv (38b84c94c5a8af291adfea478ae54f93) C:\Windows\system32\wbem\WmiApSrv.exe

13:00:04.0234 8128 wmiApSrv - ok

13:00:04.0306 8128 WMPNetworkSvc - ok

13:00:04.0341 8128 WPCSvc (96c6e7100d724c69fcf9e7bf590d1dca) C:\Windows\System32\wpcsvc.dll

13:00:04.0378 8128 WPCSvc - ok

13:00:04.0410 8128 WPDBusEnum (93221146d4ebbf314c29b23cd6cc391d) C:\Windows\system32\wpdbusenum.dll

13:00:04.0449 8128 WPDBusEnum - ok

13:00:04.0474 8128 ws2ifsl (6bcc1d7d2fd2453957c5479a32364e52) C:\Windows\system32\drivers\ws2ifsl.sys

13:00:04.0553 8128 ws2ifsl - ok

13:00:04.0584 8128 wscsvc (e8b1fe6669397d1772d8196df0e57a9e) C:\Windows\System32\wscsvc.dll

13:00:04.0639 8128 wscsvc - ok

13:00:04.0705 8128 WSDPrintDevice (8d918b1db190a4d9b1753a66fa8c96e8) C:\Windows\system32\DRIVERS\WSDPrint.sys

13:00:04.0744 8128 WSDPrintDevice - ok

13:00:04.0748 8128 WSearch - ok

13:00:04.0894 8128 wuauserv (9df12edbc698b0bc353b3ef84861e430) C:\Windows\system32\wuaueng.dll

13:00:05.0030 8128 wuauserv - ok

13:00:05.0182 8128 WudfPf (d3381dc54c34d79b22cee0d65ba91b7c) C:\Windows\system32\drivers\WudfPf.sys

13:00:05.0272 8128 WudfPf - ok

13:00:05.0313 8128 WUDFRd (cf8d590be3373029d57af80914190682) C:\Windows\system32\DRIVERS\WUDFRd.sys

13:00:05.0370 8128 WUDFRd - ok

13:00:05.0396 8128 wudfsvc (7a95c95b6c4cf292d689106bcae49543) C:\Windows\System32\WUDFSvc.dll

13:00:05.0456 8128 wudfsvc - ok

13:00:05.0501 8128 WwanSvc (9a3452b3c2a46c073166c5cf49fad1ae) C:\Windows\System32\wwansvc.dll

13:00:05.0535 8128 WwanSvc - ok

13:00:05.0582 8128 yukonw7 (b3eeacf62445e24fbb2cd4b0fb4db026) C:\Windows\system32\DRIVERS\yk62x64.sys

13:00:05.0671 8128 yukonw7 - ok

13:00:05.0738 8128 MBR (0x1B8) (c3220eb08add62e3ed9f72a1f4e4b1bb) \Device\Harddisk0\DR0

13:00:05.0767 8128 \Device\Harddisk0\DR0 ( Rootkit.Boot.Pihar.c ) - infected

13:00:05.0767 8128 \Device\Harddisk0\DR0 - detected Rootkit.Boot.Pihar.c (0)

13:00:05.0842 8128 \Device\Harddisk0\DR0 ( TDSS File System ) - warning

13:00:05.0842 8128 \Device\Harddisk0\DR0 - detected TDSS File System (1)

13:00:05.0858 8128 Boot (0x1200) (b4a651ea79a9998884da67ecffb5e2e7) \Device\Harddisk0\DR0\Partition0

13:00:05.0862 8128 \Device\Harddisk0\DR0\Partition0 - ok

13:00:05.0875 8128 Boot (0x1200) (9353cf31a6ec515e78353d1600509a2f) \Device\Harddisk0\DR0\Partition1

13:00:05.0879 8128 \Device\Harddisk0\DR0\Partition1 - ok

13:00:05.0880 8128 ============================================================

13:00:05.0880 8128 Scan finished

13:00:05.0880 8128 ============================================================

13:00:05.0890 5808 Detected object count: 9

13:00:05.0891 5808 Actual detected object count: 9

13:00:23.0554 5808 DockLoginService ( UnsignedFile.Multi.Generic ) - skipped by user

13:00:23.0554 5808 DockLoginService ( UnsignedFile.Multi.Generic ) - User select action: Skip

13:00:23.0554 5808 HPSLPSVC ( UnsignedFile.Multi.Generic ) - skipped by user

13:00:23.0554 5808 HPSLPSVC ( UnsignedFile.Multi.Generic ) - User select action: Skip

13:00:23.0556 5808 Net Driver HPZ12 ( UnsignedFile.Multi.Generic ) - skipped by user

13:00:23.0556 5808 Net Driver HPZ12 ( UnsignedFile.Multi.Generic ) - User select action: Skip

13:00:23.0557 5808 Pml Driver HPZ12 ( UnsignedFile.Multi.Generic ) - skipped by user

13:00:23.0557 5808 Pml Driver HPZ12 ( UnsignedFile.Multi.Generic ) - User select action: Skip

13:00:23.0558 5808 QBCFMonitorService ( UnsignedFile.Multi.Generic ) - skipped by user

13:00:23.0559 5808 QBCFMonitorService ( UnsignedFile.Multi.Generic ) - User select action: Skip

13:00:23.0560 5808 QBFCService ( UnsignedFile.Multi.Generic ) - skipped by user

13:00:23.0560 5808 QBFCService ( UnsignedFile.Multi.Generic ) - User select action: Skip

13:00:23.0561 5808 wltrysvc ( UnsignedFile.Multi.Generic ) - skipped by user

13:00:23.0561 5808 wltrysvc ( UnsignedFile.Multi.Generic ) - User select action: Skip

13:00:24.0270 5808 \Device\Harddisk0\DR0\# - copied to quarantine

13:00:24.0279 5808 \Device\Harddisk0\DR0 - copied to quarantine

13:00:24.0397 5808 \Device\Harddisk0\DR0\TDLFS\cmd.dll - copied to quarantine

13:00:33.0760 5808 \Device\Harddisk0\DR0\TDLFS\cmd64.dll - copied to quarantine

13:00:33.0840 5808 \Device\Harddisk0\DR0\TDLFS\drv32 - copied to quarantine

13:00:39.0101 5808 \Device\Harddisk0\DR0\TDLFS\drv64 - copied to quarantine

13:00:39.0173 5808 \Device\Harddisk0\DR0\TDLFS\servers.dat - copied to quarantine

13:00:39.0179 5808 \Device\Harddisk0\DR0\TDLFS\config.ini - copied to quarantine

13:00:39.0187 5808 \Device\Harddisk0\DR0\TDLFS\ldr16 - copied to quarantine

13:00:39.0197 5808 \Device\Harddisk0\DR0\TDLFS\ldr32 - copied to quarantine

13:00:39.0312 5808 \Device\Harddisk0\DR0\TDLFS\ldr64 - copied to quarantine

13:00:39.0386 5808 \Device\Harddisk0\DR0\TDLFS\s - copied to quarantine

13:00:39.0393 5808 \Device\Harddisk0\DR0\TDLFS\ldrm - copied to quarantine

13:00:39.0399 5808 \Device\Harddisk0\DR0\TDLFS\u - copied to quarantine

13:00:39.0459 5808 \Device\Harddisk0\DR0 ( Rootkit.Boot.Pihar.c ) - will be cured on reboot

13:00:39.0460 5808 \Device\Harddisk0\DR0 - ok

13:00:39.0715 5808 \Device\Harddisk0\DR0 ( Rootkit.Boot.Pihar.c ) - User select action: Cure

13:00:39.0716 5808 \Device\Harddisk0\DR0 ( TDSS File System ) - skipped by user

13:00:39.0716 5808 \Device\Harddisk0\DR0 ( TDSS File System ) - User select action: Skip

13:01:02.0432 6048 Deinitialize success

Is this it?

[Maniac]

Yes, thank you.

Please visit this webpage for download links, and instructions for running the tool:

http://www.bleepingcomputer.com/combofix/how-to-use-combofix

* Ensure you have disabled all anti virus and anti malware programs so they do not interfere with the running of ComboFix.

Please include the C:\ComboFix.txt in your next reply for further review.

[msaffa]

Here is the combofix log

ComboFix 12-06-13.01 - Terri 06/13/2012 10:38:54.1.4 - x64

Microsoft Windows 7 Home Premium 6.1.7601.1.1252.1.1033.18.3895.2213 [GMT -5:00]

Running from: c:\users\Terri\Downloads\ComboFix.exe

AV: McAfee Anti-Virus and Anti-Spyware *Disabled/Outdated* {86355677-4064-3EA7-ABB3-1B136EB04637}

FW: McAfee Firewall *Enabled* {BE0ED752-0A0B-3FFF-80EC-B2269063014C}

SP: McAfee Anti-Virus and Anti-Spyware *Disabled/Outdated* {3D54B793-665E-3129-9103-206115370C8A}

SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

.

.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))

.

.

c:\programdata\PCDr\5907\Downloads\288d198f-eb50-4316-9b17-4269c8487bf7.dll

c:\programdata\PCDr\5907\Downloads\d2475db4-153a-4cdd-a84a-1f6c794325f4.dll

.

.

((((((((((((((((((((((((( Files Created from 2012-05-13 to 2012-06-13 )))))))))))))))))))))))))))))))

.

.

2012-06-13 19:09 . 2012-06-13 19:09 -------- d-----w- c:\program files (x86)\Mozilla Maintenance Service

2012-06-13 19:09 . 2012-06-13 19:09 588728 ----a-w- c:\program files (x86)\Mozilla Firefox\gkmedias.dll

2012-06-13 19:09 . 2012-06-13 19:09 43960 ----a-w- c:\program files (x86)\Mozilla Firefox\mozglue.dll

2012-06-13 19:09 . 2012-06-13 19:09 157352 ----a-w- c:\program files (x86)\Mozilla Firefox\maintenanceservice_installer.exe

2012-06-13 19:09 . 2012-06-13 19:09 129976 ----a-w- c:\program files (x86)\Mozilla Firefox\maintenanceservice.exe

2012-06-13 19:09 . 2012-06-13 19:09 626688 ----a-w- c:\program files (x86)\Mozilla Firefox\msvcr80.dll

2012-06-13 19:09 . 2012-06-13 19:09 548864 ----a-w- c:\program files (x86)\Mozilla Firefox\msvcp80.dll

2012-06-13 19:09 . 2012-06-13 19:09 479232 ----a-w- c:\program files (x86)\Mozilla Firefox\msvcm80.dll

2012-06-13 18:00 . 2012-06-13 18:00 -------- d-----w- C:\TDSSKiller_Quarantine

2012-06-13 15:49 . 2012-06-13 15:49 -------- d-----w- c:\users\Patrick\AppData\Local\temp

2012-06-13 15:49 . 2012-06-13 15:49 -------- d-----w- c:\users\Default\AppData\Local\temp

2012-06-13 15:27 . 2012-06-13 15:27 -------- d-----w- c:\users\Terri\AppData\Local\Macromedia

2012-06-13 08:00 . 2012-05-18 02:51 754808 ----a-w- c:\program files\Internet Explorer\iexplore.exe

2012-06-13 04:36 . 2012-05-15 01:32 3146752 ----a-w- c:\windows\system32\win32k.sys

2012-06-13 04:36 . 2012-04-26 05:41 77312 ----a-w- c:\windows\system32\rdpwsx.dll

2012-06-13 04:36 . 2012-04-26 05:41 149504 ----a-w- c:\windows\system32\rdpcorekmts.dll

2012-06-13 04:36 . 2012-04-26 05:34 9216 ----a-w- c:\windows\system32\rdrmemptylst.exe

2012-06-13 04:35 . 2012-05-01 05:40 209920 ----a-w- c:\windows\system32\profsvc.dll

2012-06-13 04:35 . 2012-05-04 11:06 5559664 ----a-w- c:\windows\system32\ntoskrnl.exe

2012-06-13 04:35 . 2012-05-04 10:03 3913072 ----a-w- c:\windows\SysWow64\ntoskrnl.exe

2012-06-13 04:35 . 2012-05-04 10:03 3968368 ----a-w- c:\windows\SysWow64\ntkrnlpa.exe

2012-06-13 04:35 . 2012-04-28 03:55 210944 ----a-w- c:\windows\system32\drivers\rdpwd.sys

2012-06-13 04:35 . 2012-04-07 12:31 3216384 ----a-w- c:\windows\system32\msi.dll

2012-06-13 04:35 . 2012-04-07 11:26 2342400 ----a-w- c:\windows\SysWow64\msi.dll

2012-06-13 04:35 . 2012-04-24 05:37 1462272 ----a-w- c:\windows\system32\crypt32.dll

2012-06-13 04:34 . 2012-04-24 05:37 184320 ----a-w- c:\windows\system32\cryptsvc.dll

2012-06-13 04:34 . 2012-04-24 05:37 140288 ----a-w- c:\windows\system32\cryptnet.dll

2012-06-13 04:34 . 2012-04-24 04:36 1158656 ----a-w- c:\windows\SysWow64\crypt32.dll

2012-06-13 04:33 . 2012-04-24 04:36 140288 ----a-w- c:\windows\SysWow64\cryptsvc.dll

2012-06-13 04:33 . 2012-04-24 04:36 103936 ----a-w- c:\windows\SysWow64\cryptnet.dll

2012-06-10 17:43 . 2012-03-03 06:35 1544704 ----a-w- c:\windows\system32\DWrite.dll

2012-06-10 17:43 . 2012-03-03 05:31 1077248 ----a-w- c:\windows\SysWow64\DWrite.dll

2012-06-10 17:43 . 2012-03-17 07:58 75120 ----a-w- c:\windows\system32\drivers\partmgr.sys

2012-06-10 04:02 . 2012-06-10 04:02 388096 ----a-r- c:\users\Terri\AppData\Roaming\Microsoft\Installer\{45A66726-69BC-466B-A7A4-12FCBA4883D7}\HiJackThis.exe

2012-06-10 04:02 . 2012-06-10 04:02 -------- d-----w- c:\program files (x86)\Trend Micro

2012-06-10 01:50 . 2012-04-04 20:56 24904 ----a-w- c:\windows\system32\drivers\mbam.sys

2012-06-09 22:11 . 2012-03-30 11:35 1918320 ----a-w- c:\windows\system32\drivers\tcpip.sys

2012-06-09 22:11 . 2012-03-31 05:42 1732096 ----a-w- c:\program files\Windows Journal\NBDoc.DLL

2012-06-09 22:11 . 2012-03-31 05:40 1367552 ----a-w- c:\program files\Common Files\Microsoft Shared\ink\journal.dll

2012-06-09 22:11 . 2012-03-31 04:29 936960 ----a-w- c:\program files (x86)\Common Files\Microsoft Shared\ink\journal.dll

2012-06-09 22:11 . 2012-03-31 05:40 1402880 ----a-w- c:\program files\Windows Journal\JNWDRV.dll

2012-06-09 22:11 . 2012-03-31 05:40 1393664 ----a-w- c:\program files\Windows Journal\JNTFiltr.dll

2012-06-09 22:08 . 2006-06-19 18:01 69632 ----a-w- c:\windows\SysWow64\ztvcabinet.dll

2012-06-09 22:08 . 2006-05-25 20:52 162304 ----a-w- c:\windows\SysWow64\ztvunrar36.dll

2012-06-09 22:08 . 2005-08-26 06:50 77312 ----a-w- c:\windows\SysWow64\ztvunace26.dll

2012-06-09 22:08 . 2003-02-03 01:06 153088 ----a-w- c:\windows\SysWow64\UNRAR3.dll

2012-06-09 22:08 . 2002-03-06 06:00 75264 ----a-w- c:\windows\SysWow64\unacev2.dll

2012-06-09 22:08 . 2012-06-09 22:08 -------- d-----w- c:\users\Terri\AppData\Roaming\Simply Super Software

2012-06-09 22:08 . 2012-06-09 22:08 -------- d-----w- c:\programdata\Simply Super Software

2012-06-09 22:08 . 2012-06-09 22:14 -------- d-----w- c:\program files (x86)\Trojan Remover

2012-06-09 09:28 . 2012-06-09 09:28 -------- d-----w- c:\users\Terri\AppData\Roaming\Malwarebytes

2012-06-09 09:28 . 2012-06-09 09:28 -------- d-----w- c:\programdata\Malwarebytes

2012-06-09 09:28 . 2012-06-10 01:50 -------- d-----w- c:\program files (x86)\Malwarebytes' Anti-Malware

2012-06-09 09:21 . 2012-06-09 09:21 -------- d-----w- c:\program files (x86)\Oracle

2012-06-08 08:10 . 2012-06-08 08:10 -------- d-----w- c:\users\Terri\AppData\Local\adaware

2012-06-08 08:07 . 2011-12-19 18:21 45936 ----a-w- c:\windows\system32\sbbd.exe

2012-06-08 08:06 . 2012-06-09 08:55 -------- d-----w- c:\program files (x86)\adawaretb

2012-06-08 02:47 . 2012-06-09 08:55 -------- d-----w- c:\program files (x86)\Ad-Aware Antivirus

2012-06-08 02:47 . 2012-06-08 02:47 -------- d-----w- c:\programdata\Lavasoft

2012-06-08 02:46 . 2012-06-09 08:55 -------- d-----w- c:\programdata\Ad-Aware Browsing Protection

2012-06-08 02:46 . 2012-06-09 08:55 -------- d-----w- c:\program files (x86)\Toolbar Cleaner

2012-06-08 02:43 . 2012-06-08 08:17 -------- d-----w- c:\users\Terri\AppData\Roaming\Ad-Aware Antivirus

2012-06-05 21:40 . 2012-06-05 21:39 129536 ----a-w- c:\programdata\Microsoft\Windows\DRM\D32E.tmp

2012-05-30 18:59 . 2012-01-17 16:45 4376224 ----a-w- c:\program files (x86)\Mozilla Firefox\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A}\components\SkypeFfComponent.dll

.

.

.

(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))

.

2012-06-13 14:02 . 2012-04-15 21:53 426184 ----a-w- c:\windows\SysWow64\FlashPlayerApp.exe

2012-06-13 14:02 . 2011-05-27 03:02 70344 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl

2012-05-05 14:19 . 2012-04-15 22:19 8744608 ----a-w- c:\windows\SysWow64\FlashPlayerInstaller.exe

2012-04-15 08:29 . 2012-04-15 08:29 0 ----a-w- c:\windows\SysWow64\sho20AE.tmp

.

.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))

.

.

*Note* empty entries & legit default entries are not shown

REGEDIT4

.

[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt1]

@="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}"

[HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}]

2011-02-18 05:12 94208 ----a-w- c:\users\Terri\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll

.

[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt2]

@="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}"

[HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}]

2011-02-18 05:12 94208 ----a-w- c:\users\Terri\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll

.

[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt3]

@="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}"

[HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}]

2011-02-18 05:12 94208 ----a-w- c:\users\Terri\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll

.

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"swg"="c:\program files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2011-02-27 39408]

"Facebook Update"="c:\users\Terri\AppData\Local\Facebook\Update\FacebookUpdate.exe" [2011-09-24 137536]

"RCUI"="c:\progra~2\RINGCE~1\RINGCE~1\RCUI.exe" [2010-11-23 500992]

"RCHotKey"="c:\program files (x86)\RingCentral\RingCentral Call Controller\RCHotKey.exe" [2010-11-23 38144]

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]

"IAStorIcon"="c:\program files (x86)\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe" [2010-06-08 284696]

"Adobe Reader Speed Launcher"="c:\program files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2009-02-27 35696]

"Dell Webcam Central"="c:\program files (x86)\Dell Webcam\Dell Webcam Central\WebcamDell2.exe" [2009-06-24 409744]

"Desktop Disc Tool"="c:\program files (x86)\Roxio\Roxio Burn\RoxioBurnLauncher.exe" [2009-10-15 498160]

"mcui_exe"="c:\program files\McAfee.com\Agent\mcagent.exe" [2012-03-22 1675160]

"Dell DataSafe Online"="c:\program files (x86)\Dell DataSafe Online\DataSafeOnline.exe" [2010-02-09 1807680]

"Intuit SyncManager"="c:\program files (x86)\Common Files\Intuit\Sync\IntuitSyncManager.exe" [2008-09-09 623880]

"AppleSyncNotifier"="c:\program files (x86)\Common Files\Apple\Mobile Device Support\AppleSyncNotifier.exe" [2011-11-02 59240]

"SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe" [2011-06-09 254696]

"APSDaemon"="c:\program files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2011-11-02 59240]

"iTunesHelper"="c:\program files (x86)\iTunes\iTunesHelper.exe" [2011-11-13 421736]

"QuickTime Task"="c:\program files (x86)\QuickTime\QTTask.exe" [2011-10-24 421888]

"HP Software Update"="c:\program files (x86)\HP\HP Software Update\HPWuSchd2.exe" [2011-05-10 49208]

"TrojanScanner"="c:\program files (x86)\Trojan Remover\Trjscan.exe" [2012-06-09 1239312]

"Malwarebytes' Anti-Malware"="c:\program files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe" [2012-04-04 462408]

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\RunOnce]

"c:\program files (x86)\Dell DataSafe Local Backup\Components\DSUpdate\DSUpdate.exe"="c:\program files (x86)\Dell DataSafe Local Backup\Components\DSUpdate\DSUpdate.exe" [2011-10-27 559616]

.

c:\users\Terri\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\

Dropbox.lnk - c:\users\Terri\AppData\Roaming\Dropbox\bin\Dropbox.exe [2012-5-24 27112840]

OpenOffice.org 3.3.lnk - c:\program files (x86)\OpenOffice.org 3\program\quickstart.exe [2010-12-13 1198592]

.

c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\

HP Digital Imaging Monitor.lnk - c:\program files (x86)\HP\Digital Imaging\bin\hpqtra08.exe [2009-11-18 275072]

McAfee Security Scan Plus.lnk - c:\program files (x86)\McAfee Security Scan\2.0.181\SSScheduler.exe [2010-1-15 255536]

QuickBooks Update Agent.lnk - c:\program files (x86)\Common Files\Intuit\QuickBooks\QBUpdate\qbupdate.exe [2008-9-11 984352]

.

c:\users\Default User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\

Dell Dock First Run.lnk - c:\program files\Dell\DellDock\DellDock.exe [2010-5-28 1324384]

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]

"ConsentPromptBehaviorAdmin"= 5 (0x5)

"ConsentPromptBehaviorUser"= 3 (0x3)

"EnableUIADesktopToggle"= 0 (0x0)

.

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]

Security Packages REG_MULTI_SZ kerberos msv1_0 schannel wdigest tspkg pku2u livessp

.

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\mcmscsvc]

@=""

.

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MCODS]

@=""

.

R1 SASDIFSV;SASDIFSV;c:\users\Terri\AppData\Local\Temp\SAS_SelfExtract\SASDIFSV64.SYS [x]

R1 SASKUTIL;SASKUTIL;c:\users\Terri\AppData\Local\Temp\SAS_SelfExtract\SASKUTIL64.SYS [x]

R2 0287521336184271mcinstcleanup;McAfee Application Installer Cleanup (0287521336184271);c:\windows\TEMP\028752~1.EXE [x]

R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]

R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]

R2 gupdate;Google Update Service (gupdate);c:\program files (x86)\Google\Update\GoogleUpdate.exe [2011-02-27 136176]

R2 SkypeUpdate;Skype Updater;c:\program files (x86)\Skype\Updater\Updater.exe [2012-02-29 158856]

R3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service;c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-06-13 257224]

R3 BBSvc;Bing Bar Update Service;c:\program files (x86)\Microsoft\BingBar\BBSvc.EXE [2011-02-28 183560]

R3 GamesAppService;GamesAppService;c:\program files (x86)\WildTangent Games\App\GamesAppService.exe [2010-10-12 206072]

R3 gupdatem;Google Update Service (gupdatem);c:\program files (x86)\Google\Update\GoogleUpdate.exe [2011-02-27 136176]

R3 McComponentHostService;McAfee Security Scan Component Host Service;c:\program files (x86)\McAfee Security Scan\2.0.181\McCHSvc.exe [2010-01-15 227232]

R3 mferkdet;McAfee Inc. mferkdet;c:\windows\system32\drivers\mferkdet.sys [x]

R3 MozillaMaintenance;Mozilla Maintenance Service;c:\program files (x86)\Mozilla Maintenance Service\maintenanceservice.exe [2012-06-13 129976]

R3 osppsvc;Office Software Protection Platform;c:\program files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE [2010-01-10 4925184]

R3 RSUSBSTOR;RtsUStor.Sys Realtek USB Card Reader;c:\windows\system32\Drivers\RtsUStor.sys [x]

R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [x]

R3 USBAAPL64;Apple Mobile USB Driver;c:\windows\system32\Drivers\usbaapl64.sys [x]

R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe [x]

R3 WSDPrintDevice;WSD Print Support via UMB;c:\windows\system32\DRIVERS\WSDPrint.sys [x]

R3 yukonw7;NDIS6.2 Miniport Driver for Marvell Yukon Ethernet Controller;c:\windows\system32\DRIVERS\yk62x64.sys [x]

R4 McOobeSv;McAfee OOBE Service;c:\program files\Common Files\mcafee\McSvcHost\McSvHost.exe [2011-01-28 249936]

R4 wlcrasvc;Windows Live Mesh remote connections service;c:\program files\Windows Live\Mesh\wlcrasvc.exe [2010-09-22 57184]

S0 mfewfpk;McAfee Inc. mfewfpk;c:\windows\system32\drivers\mfewfpk.sys [x]

S0 PxHlpa64;PxHlpa64;c:\windows\System32\Drivers\PxHlpa64.sys [x]

S1 mfenlfk;McAfee NDIS Light Filter;c:\windows\system32\DRIVERS\mfenlfk.sys [x]

S1 vwififlt;Virtual WiFi Filter Driver;c:\windows\system32\DRIVERS\vwififlt.sys [x]

S2 AESTFilters;Andrea ST Filters Service;c:\program files\IDT\WDM\AESTSr64.exe [2009-03-03 89600]

S2 cvhsvc;Client Virtualization Handler;c:\program files (x86)\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE [2012-01-04 822624]

S2 DockLoginService;Dock Login Service;c:\program files\Dell\DellDock\DockLogin.exe [2009-06-09 155648]

S2 IAStorDataMgrSvc;Intel® Rapid Storage Technology;c:\program files (x86)\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe [2010-06-08 13336]

S2 MBAMService;MBAMService;c:\program files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [2012-04-04 654408]

S2 McMPFSvc;McAfee Personal Firewall Service;c:\program files\Common Files\McAfee\McSvcHost\McSvHost.exe [2011-01-28 249936]

S2 McNaiAnn;McAfee VirusScan Announcer;c:\program files\Common Files\mcafee\McSvcHost\McSvHost.exe [2011-01-28 249936]

S2 mfefire;McAfee Firewall Core Service;c:\program files\Common Files\McAfee\SystemCore\\mfefire.exe [2012-03-20 210584]

S2 mfevtp;McAfee Validation Trust Protection Service;c:\program files\Common Files\McAfee\SystemCore\mfevtps.exe [2012-03-20 162192]

S2 sftlist;Application Virtualization Client;c:\program files (x86)\Microsoft Application Virtualization Client\sftlist.exe [2011-10-01 508776]

S2 SftService;SoftThinks Agent Service;c:\program files (x86)\Dell DataSafe Local Backup\sftservice.EXE [2011-08-18 1692480]

S2 UNS;Intel® Management & Security Application User Notification Service;c:\program files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe [2010-03-03 2320920]

S3 BcmVWL;Broadcom Virtual Wireless;c:\windows\system32\DRIVERS\bcmvwl64.sys [x]

S3 btusbflt;Bluetooth USB Filter;c:\windows\system32\drivers\btusbflt.sys [x]

S3 btwl2cap;Bluetooth L2CAP Service;c:\windows\system32\DRIVERS\btwl2cap.sys [x]

S3 cfwids;McAfee Inc. cfwids;c:\windows\system32\drivers\cfwids.sys [x]

S3 CtClsFlt;Creative Camera Class Upper Filter Driver;c:\windows\system32\DRIVERS\CtClsFlt.sys [x]

S3 HECIx64;Intel® Management Engine Interface;c:\windows\system32\DRIVERS\HECIx64.sys [x]

S3 Impcd;Impcd;c:\windows\system32\DRIVERS\Impcd.sys [x]

S3 IntcDAud;Intel® Display Audio;c:\windows\system32\DRIVERS\IntcDAud.sys [x]

S3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [x]

S3 mfefirek;McAfee Inc. mfefirek;c:\windows\system32\drivers\mfefirek.sys [x]

S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt64win7.sys [x]

S3 Sftfs;Sftfs;c:\windows\system32\DRIVERS\Sftfslh.sys [x]

S3 Sftplay;Sftplay;c:\windows\system32\DRIVERS\Sftplaylh.sys [x]

S3 Sftredir;Sftredir;c:\windows\system32\DRIVERS\Sftredirlh.sys [x]

S3 Sftvol;Sftvol;c:\windows\system32\DRIVERS\Sftvollh.sys [x]

S3 sftvsa;Application Virtualization Service Agent;c:\program files (x86)\Microsoft Application Virtualization Client\sftvsa.exe [2011-10-01 219496]

S3 vwifimp;Microsoft Virtual WiFi Miniport Service;c:\windows\system32\DRIVERS\vwifimp.sys [x]

.

.

--- Other Services/Drivers In Memory ---

.

*Deregistered* - mfeavfk01

.

[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\svchost]

hpdevmgmt REG_MULTI_SZ hpqcxs08 hpqddsvc

.

Contents of the 'Scheduled Tasks' folder

.

2012-06-13 c:\windows\Tasks\Adobe Flash Player Updater.job

- c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-04-15 14:02]

.

2012-06-13 c:\windows\Tasks\FacebookUpdateTaskUserS-1-5-21-2768318042-2633232579-3065488275-1000Core.job

- c:\users\Terri\AppData\Local\Facebook\Update\FacebookUpdate.exe [2011-09-24 03:31]

.

2012-06-13 c:\windows\Tasks\FacebookUpdateTaskUserS-1-5-21-2768318042-2633232579-3065488275-1000UA.job

- c:\users\Terri\AppData\Local\Facebook\Update\FacebookUpdate.exe [2011-09-24 03:31]

.

2012-06-13 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job

- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2011-02-27 23:57]

.

2012-06-13 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job

- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2011-02-27 23:57]

.

2012-06-12 c:\windows\Tasks\PCDoctorBackgroundMonitorTask.job

- c:\program files\Dell Support Center\uaclauncher.exe [2012-04-13 06:11]

.

2012-06-12 c:\windows\Tasks\SystemToolsDailyTest.job

- c:\program files\Dell Support Center\uaclauncher.exe [2012-04-13 06:11]

.

.

--------- X64 Entries -----------

.

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt1]

@="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}"

[HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}]

2011-02-18 05:12 97792 ----a-w- c:\users\Terri\AppData\Roaming\Dropbox\bin\DropboxExt64.14.dll

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt2]

@="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}"

[HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}]

2011-02-18 05:12 97792 ----a-w- c:\users\Terri\AppData\Roaming\Dropbox\bin\DropboxExt64.14.dll

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt3]

@="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}"

[HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}]

2011-02-18 05:12 97792 ----a-w- c:\users\Terri\AppData\Roaming\Dropbox\bin\DropboxExt64.14.dll

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt4]

@="{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}"

[HKEY_CLASSES_ROOT\CLSID\{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}]

2011-02-18 05:12 97792 ----a-w- c:\users\Terri\AppData\Roaming\Dropbox\bin\DropboxExt64.14.dll

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"IgfxTray"="c:\windows\system32\igfxtray.exe" [2010-09-07 161304]

"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2010-09-07 386584]

"Persistence"="c:\windows\system32\igfxpers.exe" [2010-09-07 415256]

"QuickSet"="c:\program files\Dell\QuickSet\QuickSet.exe" [2010-01-06 3179288]

"SysTrayApp"="c:\program files\IDT\WDM\sttray64.exe" [2010-06-18 487424]

"Broadcom Wireless Manager UI"="c:\program files\Dell\DW WLAN Card\WLTRAY.exe" [2010-02-03 5712896]

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]

"LoadAppInit_DLLs"=0x0

.

------- Supplementary Scan -------

.

uLocal Page = c:\windows\system32\blank.htm

uStart Page = hxxp://msn.com/

mLocal Page = c:\windows\SysWOW64\blank.htm

uInternet Settings,ProxyOverride = *.local

IE: E&xport to Microsoft Excel - c:\progra~2\MIF5BA~1\Office12\EXCEL.EXE/3000

IE: Send image to &Bluetooth Device... - c:\program files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm

IE: Send page to &Bluetooth Device... - c:\program files\WIDCOMM\Bluetooth Software\btsendto_ie.htm

TCP: DhcpNameServer = 10.0.0.1

FF - ProfilePath - c:\users\Terri\AppData\Roaming\Mozilla\Firefox\Profiles\gq96nief.default\

.

- - - - ORPHANS REMOVED - - - -

.

Wow6432Node-HKLM-Run-DellSupportCenter - c:\program files (x86)\Dell Support Center\bin\sprtcmd.exe

HKLM-Run-SynTPEnh - c:\program files (x86)\Synaptics\SynTP\SynTPEnh.exe

.

.

.

--------------------- LOCKED REGISTRY KEYS ---------------------

.

[HKEY_USERS\S-1-5-21-2768318042-2633232579-3065488275-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.eml\UserChoice]

@Denied: (2) (LocalSystem)

"Progid"="WindowsLiveMail.Email.1"

.

[HKEY_USERS\S-1-5-21-2768318042-2633232579-3065488275-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.vcf\UserChoice]

@Denied: (2) (LocalSystem)

"Progid"="WindowsLiveMail.VCard.1"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]

@Denied: (A 2) (Everyone)

@="FlashBroker"

"LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_2_202_235_ActiveX.exe,-101"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]

"Enabled"=dword:00000001

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]

@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_2_202_235_ActiveX.exe"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]

@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]

@Denied: (A 2) (Everyone)

@="Shockwave Flash Object"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]

@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_2_202_235.ocx"

"ThreadingModel"="Apartment"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]

@="0"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]

@="ShockwaveFlash.ShockwaveFlash.11"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]

@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_2_202_235.ocx, 1"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]

@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]

@="1.0"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]

@="ShockwaveFlash.ShockwaveFlash"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]

@Denied: (A 2) (Everyone)

@="Macromedia Flash Factory Object"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]

@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_2_202_235.ocx"

"ThreadingModel"="Apartment"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]

@="FlashFactory.FlashFactory.1"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]

@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_2_202_235.ocx, 1"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]

@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]

@="1.0"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]

@="FlashFactory.FlashFactory"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]

@Denied: (A 2) (Everyone)

@="IFlashBroker4"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]

@="{00020424-0000-0000-C000-000000000046}"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]

@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"

"Version"="1.0"

.

[HKEY_LOCAL_MACHINE\software\McAfee]

"SymbolicLinkValue"=hex(6):5c,00,72,00,65,00,67,00,69,00,73,00,74,00,72,00,79,

00,5c,00,6d,00,61,00,63,00,68,00,69,00,6e,00,65,00,5c,00,53,00,6f,00,66,00,\

.

[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\PCW\Security]

@Denied: (Full) (Everyone)

.

Completion time: 2012-06-13 11:14:52

ComboFix-quarantined-files.txt 2012-06-13 16:14

.

Pre-Run: 422,939,860,992 bytes free

Post-Run: 422,890,213,376 bytes free

.

- - End Of File - - 5232C3A3F90257B0DDB292E5710750FC

[Maniac]

1. Close any open browsers.

2. Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.

3. Open notepad and copy/paste the text in the quotebox below into it:

Folder::
c:\program files (x86)\Ad-Aware Antivirus
c:\programdata\Lavasoft
c:\programdata\Ad-Aware Browsing Protection
c:\users\Terri\AppData\Roaming\Ad-Aware Antivirus

JavaClearCache::

Save this as CFScript.txt, in the same location as ComboFix.exe

Refering to the picture above, drag CFScript into ComboFix.exe

When finished, it shall produce a log for you at C:\ComboFix.txt which I will require in your next reply.

[msaffa]

ComboFix 12-06-13.01 - Terri 06/14/2012 8:28.2.4 - x64

Microsoft Windows 7 Home Premium 6.1.7601.1.1252.1.1033.18.3895.2140 [GMT -5:00]

Running from: c:\users\Terri\Desktop\ComboFix.exe

Command switches used :: c:\users\Terri\Desktop\CFScript.txt

AV: McAfee Anti-Virus and Anti-Spyware *Disabled/Outdated* {86355677-4064-3EA7-ABB3-1B136EB04637}

FW: McAfee Firewall *Enabled* {BE0ED752-0A0B-3FFF-80EC-B2269063014C}

SP: McAfee Anti-Virus and Anti-Spyware *Disabled/Outdated* {3D54B793-665E-3129-9103-206115370C8A}

SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

.

.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))

.

.

c:\program files (x86)\Ad-Aware Antivirus

c:\program files (x86)\Ad-Aware Antivirus\BlockedAdPage.htm

c:\program files (x86)\Ad-Aware Antivirus\BlockedWebPage.htm

c:\program files (x86)\Ad-Aware Antivirus\Definitions\adsrules.dat

c:\program files (x86)\Ad-Aware Antivirus\Definitions\AdviceTx.vdx

c:\program files (x86)\Ad-Aware Antivirus\Definitions\apincl.dat

c:\program files (x86)\Ad-Aware Antivirus\Definitions\apprules.dat

c:\program files (x86)\Ad-Aware Antivirus\Definitions\bhmem.vtd

c:\program files (x86)\Ad-Aware Antivirus\Definitions\bhsl.vtd

c:\program files (x86)\Ad-Aware Antivirus\Definitions\bmem.vtd

c:\program files (x86)\Ad-Aware Antivirus\Definitions\CatDesc.vdx

c:\program files (x86)\Ad-Aware Antivirus\Definitions\CatID.vdx

c:\program files (x86)\Ad-Aware Antivirus\Definitions\cblk.vtd

c:\program files (x86)\Ad-Aware Antivirus\Definitions\cmem.vtd

c:\program files (x86)\Ad-Aware Antivirus\Definitions\cname.wtd

c:\program files (x86)\Ad-Aware Antivirus\Definitions\Cookies.vdx

c:\program files (x86)\Ad-Aware Antivirus\Definitions\CoreVer.txt

c:\program files (x86)\Ad-Aware Antivirus\Definitions\ctid.vtd

c:\program files (x86)\Ad-Aware Antivirus\Definitions\DefVer.txt

c:\program files (x86)\Ad-Aware Antivirus\Definitions\dnrl.vdx

c:\program files (x86)\Ad-Aware Antivirus\Definitions\EPSigs.vdx

c:\program files (x86)\Ad-Aware Antivirus\Definitions\FastSigs.vdx

c:\program files (x86)\Ad-Aware Antivirus\Definitions\FileDT.vdx

c:\program files (x86)\Ad-Aware Antivirus\Definitions\FolderDT.vdx

c:\program files (x86)\Ad-Aware Antivirus\Definitions\fsigs.vdx

c:\program files (x86)\Ad-Aware Antivirus\Definitions\hcol.wtd

c:\program files (x86)\Ad-Aware Antivirus\Definitions\HistoryCleaner.xml

c:\program files (x86)\Ad-Aware Antivirus\Definitions\hstn.vtd

c:\program files (x86)\Ad-Aware Antivirus\Definitions\idsrules.dat

c:\program files (x86)\Ad-Aware Antivirus\Definitions\ih.vdx

c:\program files (x86)\Ad-Aware Antivirus\Definitions\incompats.dat

c:\program files (x86)\Ad-Aware Antivirus\Definitions\ip.vtd

c:\program files (x86)\Ad-Aware Antivirus\Definitions\JSSigs.vdx

c:\program files (x86)\Ad-Aware Antivirus\Definitions\kbu.dat

c:\program files (x86)\Ad-Aware Antivirus\Definitions\MFastSigs.vdx

c:\program files (x86)\Ad-Aware Antivirus\Definitions\networkrules.dat

c:\program files (x86)\Ad-Aware Antivirus\Definitions\qscnf.vdx

c:\program files (x86)\Ad-Aware Antivirus\Definitions\qscnr.vdx

c:\program files (x86)\Ad-Aware Antivirus\Definitions\RegDT.vdx

c:\program files (x86)\Ad-Aware Antivirus\Definitions\RootCA.wtd

c:\program files (x86)\Ad-Aware Antivirus\Definitions\RTmem.vdx

c:\program files (x86)\Ad-Aware Antivirus\Definitions\SBTS.dat

c:\program files (x86)\Ad-Aware Antivirus\Definitions\sel.dat

c:\program files (x86)\Ad-Aware Antivirus\Definitions\ThreatCategoryGlossary.xml

c:\program files (x86)\Ad-Aware Antivirus\Definitions\ThreatCategoryGlossary.xsd

c:\program files (x86)\Ad-Aware Antivirus\Definitions\ThreatDT.vdx

c:\program files (x86)\Ad-Aware Antivirus\Definitions\ThreatID.vdx

c:\program files (x86)\Ad-Aware Antivirus\Definitions\TImem.vdx

c:\program files (x86)\Ad-Aware Antivirus\Definitions\VVSSigs.vdx

c:\program files (x86)\Ad-Aware Antivirus\Definitions\WebFilterExceptions.dat

c:\program files (x86)\Ad-Aware Antivirus\Definitions\white.wtd

c:\program files (x86)\Ad-Aware Antivirus\Definitions\whmem.wtd

c:\program files (x86)\Ad-Aware Antivirus\Definitions\whsl.wtd

c:\program files (x86)\Ad-Aware Antivirus\Definitions\wmem.wtd

c:\program files (x86)\Ad-Aware Antivirus\FSSC.dat

c:\program files (x86)\Ad-Aware Antivirus\Incompats.dat

c:\program files (x86)\Ad-Aware Antivirus\SBAMConfig.bin

c:\program files (x86)\Ad-Aware Antivirus\sbipl.dat

c:\programdata\Ad-Aware Browsing Protection

c:\programdata\Ad-Aware Browsing Protection\adawarebp.dll.nsp233C.tmp

c:\programdata\Ad-Aware Browsing Protection\adawarebp.dll.nsyC535.tmp

c:\programdata\Ad-Aware Browsing Protection\adawarebp.exe.nsp233C.tmp

c:\programdata\Ad-Aware Browsing Protection\adawarebp.exe.nsyC535.tmp

c:\programdata\Ad-Aware Browsing Protection\guid.dat

c:\programdata\Ad-Aware Browsing Protection\uninstall.exe.nsp233C.tmp

c:\programdata\Ad-Aware Browsing Protection\uninstall.exe.nsyC535.tmp

c:\programdata\Lavasoft

c:\programdata\Lavasoft\AntiMalware\APConfig.xml

c:\programdata\Lavasoft\AntiMalware\context-menu-settings.xml

c:\programdata\Lavasoft\AntiMalware\EmailAVConfig.xml

c:\programdata\Lavasoft\AntiMalware\Events\EV2012060721543400.xml

c:\programdata\Lavasoft\AntiMalware\Events\EV2012060721551001.xml

c:\programdata\Lavasoft\AntiMalware\Events\EV2012060721551502.xml

c:\programdata\Lavasoft\AntiMalware\Events\EV2012060721551503.xml

c:\programdata\Lavasoft\AntiMalware\Events\EV2012060721563704.xml

c:\programdata\Lavasoft\AntiMalware\Events\EV2012060721564405.xml

c:\programdata\Lavasoft\AntiMalware\Events\EV2012060721593906.xml

c:\programdata\Lavasoft\AntiMalware\Events\EV2012060722000007.xml

c:\programdata\Lavasoft\AntiMalware\Events\EV2012060722302500.xml

c:\programdata\Lavasoft\AntiMalware\Events\EV2012060722302901.xml

c:\programdata\Lavasoft\AntiMalware\Events\EV2012060722351902.xml

c:\programdata\Lavasoft\AntiMalware\Events\EV2012060722352803.xml

c:\programdata\Lavasoft\AntiMalware\Events\EV2012060722352804.xml

c:\programdata\Lavasoft\AntiMalware\Events\EV2012060722352905.xml

c:\programdata\Lavasoft\AntiMalware\Events\EV2012060803193700.xml

c:\programdata\Lavasoft\AntiMalware\Events\EV2012060803194301.xml

c:\programdata\Lavasoft\AntiMalware\Events\EV2012060803224800.xml

c:\programdata\Lavasoft\AntiMalware\Events\EV2012060803230001.xml

c:\programdata\Lavasoft\AntiMalware\Events\EV2012060807591600.xml

c:\programdata\Lavasoft\AntiMalware\Events\EV2012060807592301.xml

c:\programdata\Lavasoft\AntiMalware\Events\EV2012060808042302.xml

c:\programdata\Lavasoft\AntiMalware\Events\EV2012060813023800.xml

c:\programdata\Lavasoft\AntiMalware\Events\EV2012060813024801.xml

c:\programdata\Lavasoft\AntiMalware\Events\EV2012060813074502.xml

c:\programdata\Lavasoft\AntiMalware\Events\EV2012060813074703.xml

c:\programdata\Lavasoft\AntiMalware\Events\EV2012060813075304.xml

c:\programdata\Lavasoft\AntiMalware\Events\EV2012060813075305.xml

c:\programdata\Lavasoft\AntiMalware\FirewallConfig.xml

c:\programdata\Lavasoft\AntiMalware\FW History\Stats_WS_20120607.xml

c:\programdata\Lavasoft\AntiMalware\FW History\Stats_WS_20120608.xml

c:\programdata\Lavasoft\AntiMalware\FW History\WF{03734B72-CA43-43C2-9F2C-B8FFDA401AB4}.xml

c:\programdata\Lavasoft\AntiMalware\FW History\WF{1992D548-9234-4BCA-806F-E38535E857CF}.xml

c:\programdata\Lavasoft\AntiMalware\FW History\WF{25B3BBA5-F2B7-4E5F-9593-7AFDA6914650}.xml

c:\programdata\Lavasoft\AntiMalware\FW History\WF{58F99308-4CB3-41D8-95F5-3A674F62A1DB}.xml

c:\programdata\Lavasoft\AntiMalware\FW History\WF{5D4E8DA2-19C8-44A7-A38E-C7B42F3C9B1E}.xml

c:\programdata\Lavasoft\AntiMalware\FW History\WF{5E1CAC72-6259-4051-ADC6-835A2CCAF54A}.xml

c:\programdata\Lavasoft\AntiMalware\FW History\WF{5E6B0ADB-507C-4CAF-A383-62BE8105CA05}.xml

c:\programdata\Lavasoft\AntiMalware\FW History\WF{633AA384-3ED4-4ACA-B2DA-78CD711E892C}.xml

c:\programdata\Lavasoft\AntiMalware\FW History\WF{668075C6-0017-4575-9BE7-2E6115BF2F9A}.xml

c:\programdata\Lavasoft\AntiMalware\FW History\WF{66B88A8A-3D50-4283-B814-0FAF00EE8BF2}.xml

c:\programdata\Lavasoft\AntiMalware\FW History\WF{6A5D225A-9DB4-409B-A5A2-90362D90D2B9}.xml

c:\programdata\Lavasoft\AntiMalware\FW History\WF{734D5869-C08B-4776-9F76-BC46AC044057}.xml

c:\programdata\Lavasoft\AntiMalware\FW History\WF{7897EE45-602F-4B2B-8F21-D7DCDD1FD437}.xml

c:\programdata\Lavasoft\AntiMalware\FW History\WF{7DE6570D-79EB-4AAE-A986-33E9F6BFCDED}.xml

c:\programdata\Lavasoft\AntiMalware\FW History\WF{84527CAE-32CA-4F14-9EFB-4C1538DE5F43}.xml

c:\programdata\Lavasoft\AntiMalware\FW History\WF{8654706D-C095-4926-9799-83743506C67E}.xml

c:\programdata\Lavasoft\AntiMalware\FW History\WF{86F53592-620B-41CC-A9A5-10391B0B9C4D}.xml

c:\programdata\Lavasoft\AntiMalware\FW History\WF{870B2D29-7B6B-4FEB-B11E-830A47AAFE6B}.xml

c:\programdata\Lavasoft\AntiMalware\FW History\WF{9372E705-C715-4457-BDBF-FB80595D3ECA}.xml

c:\programdata\Lavasoft\AntiMalware\FW History\WF{967BED22-E8E0-4AE9-B8AA-AC121A1C4B75}.xml

c:\programdata\Lavasoft\AntiMalware\FW History\WF{9995A3B9-EBFF-429D-9250-D7E7DAAD9204}.xml

c:\programdata\Lavasoft\AntiMalware\FW History\WF{9C88B090-1618-4427-A793-9C447AED179D}.xml

c:\programdata\Lavasoft\AntiMalware\FW History\WF{9FA5BAA8-6969-4B62-8F2E-5BF64AE46691}.xml

c:\programdata\Lavasoft\AntiMalware\FW History\WF{A16854AD-98E4-42FD-8764-E24A05F94595}.xml

c:\programdata\Lavasoft\AntiMalware\FW History\WF{A3463A9A-3A1F-4960-9695-1723AEA26B4B}.xml

c:\programdata\Lavasoft\AntiMalware\FW History\WF{A4C75BFA-2F26-48FA-8D22-6653639E82EC}.xml

c:\programdata\Lavasoft\AntiMalware\FW History\WF{AA7C5E11-0371-4571-A7E9-D2ADC75CC44F}.xml

c:\programdata\Lavasoft\AntiMalware\FW History\WF{B52E279D-29A7-4AB0-99C4-9DBBC9F8F386}.xml

c:\programdata\Lavasoft\AntiMalware\FW History\WF{B84E3B72-C8D0-482D-8752-E01B9F381225}.xml

c:\programdata\Lavasoft\AntiMalware\FW History\WF{CFF8504A-D53F-4505-A672-25D46B732084}.xml

c:\programdata\Lavasoft\AntiMalware\FW History\WF{DA8B7620-B0F3-4E8C-9995-F1BCD8BDC384}.xml

c:\programdata\Lavasoft\AntiMalware\FW History\WF{E25BA079-66D1-4A55-89C2-20A1BFC324DC}.xml

c:\programdata\Lavasoft\AntiMalware\FW History\WF{E5870578-1445-4A04-9296-BFE1F17ACB76}.xml

c:\programdata\Lavasoft\AntiMalware\FW History\WF{EB031ABF-A4FE-45C8-BE68-703DB43DC49D}.xml

c:\programdata\Lavasoft\AntiMalware\FW History\WF{FB95EAE7-3686-46C9-A627-0324901E1B3F}.xml

c:\programdata\Lavasoft\AntiMalware\HIPSConfig.xml

c:\programdata\Lavasoft\AntiMalware\History\20120607215216.xml

c:\programdata\Lavasoft\AntiMalware\History\20120608031707.xml

c:\programdata\Lavasoft\AntiMalware\Logs\SBAMSvcLog.csv

c:\programdata\Lavasoft\AntiMalware\Logs\SBAMThreatEngineLog.csv

c:\programdata\Lavasoft\AntiMalware\RegistrationConfig.xml

c:\programdata\Lavasoft\AntiMalware\Rules\AdsRules.dat

c:\programdata\Lavasoft\AntiMalware\ScanConfig.xml

c:\programdata\Lavasoft\AntiMalware\ServiceConfig.xml

c:\programdata\Lavasoft\AntiMalware\SoftwareUpdateConfig.xml

c:\programdata\Lavasoft\AntiMalware\ThreatDefinitionsConfig.xml

c:\programdata\Lavasoft\AntiMalware\WebFilterConfig.xml

c:\programdata\Lavasoft\AntiMalware\WSCConfig.xml

c:\programdata\PCDr\5907\Downloads\d2475db4-153a-4cdd-a84a-1f6c794325f4.dll

c:\users\Terri\AppData\Roaming\Ad-Aware Antivirus

c:\users\Terri\AppData\Roaming\Ad-Aware Antivirus\definitions-date.xml

c:\users\Terri\AppData\Roaming\Ad-Aware Antivirus\Installer.xml

c:\users\Terri\AppData\Roaming\Ad-Aware Antivirus\language.xml

c:\users\Terri\AppData\Roaming\Ad-Aware Antivirus\Logs\20120608T024320.537097PID8752\GuiFramework.log

c:\users\Terri\AppData\Roaming\Ad-Aware Antivirus\Logs\20120608T025601.802525PID1832\GuiFramework.log

c:\users\Terri\AppData\Roaming\Ad-Aware Antivirus\Logs\20120608T025601.802525PID1832\Sunbelt.log

c:\users\Terri\AppData\Roaming\Ad-Aware Antivirus\Logs\20120608T050417.104407PID2120\GuiFramework.log

c:\users\Terri\AppData\Roaming\Ad-Aware Antivirus\Logs\20120608T080443.243756PID7112\GuiFramework.log

c:\users\Terri\AppData\Roaming\Ad-Aware Antivirus\update-parameters.xml

.

.

((((((((((((((((((((((((( Files Created from 2012-05-14 to 2012-06-14 )))))))))))))))))))))))))))))))

.

.

2012-06-14 13:40 . 2012-06-14 13:40 -------- d-----w- c:\users\Patrick\AppData\Local\temp

2012-06-14 13:40 . 2012-06-14 13:40 -------- d-----w- c:\users\Default\AppData\Local\temp

2012-06-13 19:09 . 2012-06-13 19:09 -------- d-----w- c:\program files (x86)\Mozilla Maintenance Service

2012-06-13 19:09 . 2012-06-13 19:09 588728 ----a-w- c:\program files (x86)\Mozilla Firefox\gkmedias.dll

2012-06-13 19:09 . 2012-06-13 19:09 43960 ----a-w- c:\program files (x86)\Mozilla Firefox\mozglue.dll

2012-06-13 19:09 . 2012-06-13 19:09 157352 ----a-w- c:\program files (x86)\Mozilla Firefox\maintenanceservice_installer.exe

2012-06-13 19:09 . 2012-06-13 19:09 129976 ----a-w- c:\program files (x86)\Mozilla Firefox\maintenanceservice.exe

2012-06-13 19:09 . 2012-06-13 19:09 626688 ----a-w- c:\program files (x86)\Mozilla Firefox\msvcr80.dll

2012-06-13 19:09 . 2012-06-13 19:09 548864 ----a-w- c:\program files (x86)\Mozilla Firefox\msvcp80.dll

2012-06-13 19:09 . 2012-06-13 19:09 479232 ----a-w- c:\program files (x86)\Mozilla Firefox\msvcm80.dll

2012-06-13 18:00 . 2012-06-13 18:00 -------- d-----w- C:\TDSSKiller_Quarantine

2012-06-13 15:27 . 2012-06-13 15:27 -------- d-----w- c:\users\Terri\AppData\Local\Macromedia

2012-06-13 08:00 . 2012-05-18 02:51 754808 ----a-w- c:\program files\Internet Explorer\iexplore.exe

2012-06-13 04:36 . 2012-05-15 01:32 3146752 ----a-w- c:\windows\system32\win32k.sys

2012-06-13 04:36 . 2012-04-26 05:41 77312 ----a-w- c:\windows\system32\rdpwsx.dll

2012-06-13 04:36 . 2012-04-26 05:41 149504 ----a-w- c:\windows\system32\rdpcorekmts.dll

2012-06-13 04:36 . 2012-04-26 05:34 9216 ----a-w- c:\windows\system32\rdrmemptylst.exe

2012-06-13 04:35 . 2012-05-01 05:40 209920 ----a-w- c:\windows\system32\profsvc.dll

2012-06-13 04:35 . 2012-05-04 11:06 5559664 ----a-w- c:\windows\system32\ntoskrnl.exe

2012-06-13 04:35 . 2012-05-04 10:03 3913072 ----a-w- c:\windows\SysWow64\ntoskrnl.exe

2012-06-13 04:35 . 2012-05-04 10:03 3968368 ----a-w- c:\windows\SysWow64\ntkrnlpa.exe

2012-06-13 04:35 . 2012-04-28 03:55 210944 ----a-w- c:\windows\system32\drivers\rdpwd.sys

2012-06-13 04:35 . 2012-04-07 12:31 3216384 ----a-w- c:\windows\system32\msi.dll

2012-06-13 04:35 . 2012-04-07 11:26 2342400 ----a-w- c:\windows\SysWow64\msi.dll

2012-06-13 04:35 . 2012-04-24 05:37 1462272 ----a-w- c:\windows\system32\crypt32.dll

2012-06-13 04:34 . 2012-04-24 05:37 184320 ----a-w- c:\windows\system32\cryptsvc.dll

2012-06-13 04:34 . 2012-04-24 05:37 140288 ----a-w- c:\windows\system32\cryptnet.dll

2012-06-13 04:34 . 2012-04-24 04:36 1158656 ----a-w- c:\windows\SysWow64\crypt32.dll

2012-06-13 04:33 . 2012-04-24 04:36 140288 ----a-w- c:\windows\SysWow64\cryptsvc.dll

2012-06-13 04:33 . 2012-04-24 04:36 103936 ----a-w- c:\windows\SysWow64\cryptnet.dll

2012-06-10 17:43 . 2012-03-03 06:35 1544704 ----a-w- c:\windows\system32\DWrite.dll

2012-06-10 17:43 . 2012-03-03 05:31 1077248 ----a-w- c:\windows\SysWow64\DWrite.dll

2012-06-10 17:43 . 2012-03-17 07:58 75120 ----a-w- c:\windows\system32\drivers\partmgr.sys

2012-06-10 04:02 . 2012-06-10 04:02 388096 ----a-r- c:\users\Terri\AppData\Roaming\Microsoft\Installer\{45A66726-69BC-466B-A7A4-12FCBA4883D7}\HiJackThis.exe

2012-06-10 04:02 . 2012-06-10 04:02 -------- d-----w- c:\program files (x86)\Trend Micro

2012-06-10 01:50 . 2012-04-04 20:56 24904 ----a-w- c:\windows\system32\drivers\mbam.sys

2012-06-09 22:11 . 2012-03-30 11:35 1918320 ----a-w- c:\windows\system32\drivers\tcpip.sys

2012-06-09 22:11 . 2012-03-31 05:42 1732096 ----a-w- c:\program files\Windows Journal\NBDoc.DLL

2012-06-09 22:11 . 2012-03-31 05:40 1367552 ----a-w- c:\program files\Common Files\Microsoft Shared\ink\journal.dll

2012-06-09 22:11 . 2012-03-31 04:29 936960 ----a-w- c:\program files (x86)\Common Files\Microsoft Shared\ink\journal.dll

2012-06-09 22:11 . 2012-03-31 05:40 1402880 ----a-w- c:\program files\Windows Journal\JNWDRV.dll

2012-06-09 22:11 . 2012-03-31 05:40 1393664 ----a-w- c:\program files\Windows Journal\JNTFiltr.dll

2012-06-09 22:08 . 2006-06-19 18:01 69632 ----a-w- c:\windows\SysWow64\ztvcabinet.dll

2012-06-09 22:08 . 2006-05-25 20:52 162304 ----a-w- c:\windows\SysWow64\ztvunrar36.dll

2012-06-09 22:08 . 2005-08-26 06:50 77312 ----a-w- c:\windows\SysWow64\ztvunace26.dll

2012-06-09 22:08 . 2003-02-03 01:06 153088 ----a-w- c:\windows\SysWow64\UNRAR3.dll

2012-06-09 22:08 . 2002-03-06 06:00 75264 ----a-w- c:\windows\SysWow64\unacev2.dll

2012-06-09 22:08 . 2012-06-09 22:08 -------- d-----w- c:\users\Terri\AppData\Roaming\Simply Super Software

2012-06-09 22:08 . 2012-06-09 22:08 -------- d-----w- c:\programdata\Simply Super Software

2012-06-09 22:08 . 2012-06-09 22:14 -------- d-----w- c:\program files (x86)\Trojan Remover

2012-06-09 09:28 . 2012-06-09 09:28 -------- d-----w- c:\users\Terri\AppData\Roaming\Malwarebytes

2012-06-09 09:28 . 2012-06-09 09:28 -------- d-----w- c:\programdata\Malwarebytes

2012-06-09 09:28 . 2012-06-10 01:50 -------- d-----w- c:\program files (x86)\Malwarebytes' Anti-Malware

2012-06-09 09:21 . 2012-06-09 09:21 -------- d-----w- c:\program files (x86)\Oracle

2012-06-08 08:10 . 2012-06-08 08:10 -------- d-----w- c:\users\Terri\AppData\Local\adaware

2012-06-08 08:07 . 2011-12-19 18:21 45936 ----a-w- c:\windows\system32\sbbd.exe

2012-06-08 08:06 . 2012-06-09 08:55 -------- d-----w- c:\program files (x86)\adawaretb

2012-06-08 02:46 . 2012-06-09 08:55 -------- d-----w- c:\program files (x86)\Toolbar Cleaner

2012-06-05 21:40 . 2012-06-05 21:39 129536 ----a-w- c:\programdata\Microsoft\Windows\DRM\D32E.tmp

2012-05-30 18:59 . 2012-01-17 16:45 4376224 ----a-w- c:\program files (x86)\Mozilla Firefox\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A}\components\SkypeFfComponent.dll

.

.

.

(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))

.

2012-06-13 14:02 . 2012-04-15 21:53 426184 ----a-w- c:\windows\SysWow64\FlashPlayerApp.exe

2012-06-13 14:02 . 2011-05-27 03:02 70344 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl

2012-05-05 14:19 . 2012-04-15 22:19 8744608 ----a-w- c:\windows\SysWow64\FlashPlayerInstaller.exe

2012-04-15 08:29 . 2012-04-15 08:29 0 ----a-w- c:\windows\SysWow64\sho20AE.tmp

.

.

((((((((((((((((((((((((((((( SnapShot@2012-06-13_15.50.42 )))))))))))))))))))))))))))))))))))))))))

.

- 2011-02-22 22:09 . 2012-06-13 08:31 49152 c:\windows\system32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat

+ 2011-02-22 22:09 . 2012-06-14 13:20 49152 c:\windows\system32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat

+ 2011-02-22 22:09 . 2012-06-14 13:20 32768 c:\windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat

- 2011-02-22 22:09 . 2012-06-13 08:31 32768 c:\windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat

+ 2009-07-14 04:54 . 2012-06-14 13:20 16384 c:\windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat

- 2009-07-14 04:54 . 2012-06-13 08:31 16384 c:\windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat

+ 2011-02-23 00:56 . 2012-06-14 07:57 438042 c:\windows\system32\wdi\SuspendPerformanceDiagnostics_SystemData_S3.bin

.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))

.

.

*Note* empty entries & legit default entries are not shown

REGEDIT4

.

[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt1]

@="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}"

[HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}]

2011-02-18 05:12 94208 ----a-w- c:\users\Terri\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll

.

[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt2]

@="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}"

[HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}]

2011-02-18 05:12 94208 ----a-w- c:\users\Terri\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll

.

[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt3]

@="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}"

[HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}]

2011-02-18 05:12 94208 ----a-w- c:\users\Terri\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll

.

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"swg"="c:\program files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2011-02-27 39408]

"Facebook Update"="c:\users\Terri\AppData\Local\Facebook\Update\FacebookUpdate.exe" [2011-09-24 137536]

"RCUI"="c:\progra~2\RINGCE~1\RINGCE~1\RCUI.exe" [2010-11-23 500992]

"RCHotKey"="c:\program files (x86)\RingCentral\RingCentral Call Controller\RCHotKey.exe" [2010-11-23 38144]

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]

"IAStorIcon"="c:\program files (x86)\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe" [2010-06-08 284696]

"Adobe Reader Speed Launcher"="c:\program files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2009-02-27 35696]

"Dell Webcam Central"="c:\program files (x86)\Dell Webcam\Dell Webcam Central\WebcamDell2.exe" [2009-06-24 409744]

"Desktop Disc Tool"="c:\program files (x86)\Roxio\Roxio Burn\RoxioBurnLauncher.exe" [2009-10-15 498160]

"mcui_exe"="c:\program files\McAfee.com\Agent\mcagent.exe" [2012-03-22 1675160]

"Dell DataSafe Online"="c:\program files (x86)\Dell DataSafe Online\DataSafeOnline.exe" [2010-02-09 1807680]

"Intuit SyncManager"="c:\program files (x86)\Common Files\Intuit\Sync\IntuitSyncManager.exe" [2008-09-09 623880]

"AppleSyncNotifier"="c:\program files (x86)\Common Files\Apple\Mobile Device Support\AppleSyncNotifier.exe" [2011-11-02 59240]

"SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe" [2011-06-09 254696]

"APSDaemon"="c:\program files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2011-11-02 59240]

"iTunesHelper"="c:\program files (x86)\iTunes\iTunesHelper.exe" [2011-11-13 421736]

"QuickTime Task"="c:\program files (x86)\QuickTime\QTTask.exe" [2011-10-24 421888]

"HP Software Update"="c:\program files (x86)\HP\HP Software Update\HPWuSchd2.exe" [2011-05-10 49208]

"TrojanScanner"="c:\program files (x86)\Trojan Remover\Trjscan.exe" [2012-06-09 1239312]

"Malwarebytes' Anti-Malware"="c:\program files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe" [2012-04-04 462408]

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\RunOnce]

"c:\program files (x86)\Dell DataSafe Local Backup\Components\DSUpdate\DSUpdate.exe"="c:\program files (x86)\Dell DataSafe Local Backup\Components\DSUpdate\DSUpdate.exe" [2011-10-27 559616]

.

c:\users\Terri\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\

Dropbox.lnk - c:\users\Terri\AppData\Roaming\Dropbox\bin\Dropbox.exe [2012-5-24 27112840]

OpenOffice.org 3.3.lnk - c:\program files (x86)\OpenOffice.org 3\program\quickstart.exe [2010-12-13 1198592]

.

c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\

HP Digital Imaging Monitor.lnk - c:\program files (x86)\HP\Digital Imaging\bin\hpqtra08.exe [2009-11-18 275072]

McAfee Security Scan Plus.lnk - c:\program files (x86)\McAfee Security Scan\2.0.181\SSScheduler.exe [2010-1-15 255536]

QuickBooks Update Agent.lnk - c:\program files (x86)\Common Files\Intuit\QuickBooks\QBUpdate\qbupdate.exe [2008-9-11 984352]

.

c:\users\Default User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\

Dell Dock First Run.lnk - c:\program files\Dell\DellDock\DellDock.exe [2010-5-28 1324384]

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]

"ConsentPromptBehaviorAdmin"= 5 (0x5)

"ConsentPromptBehaviorUser"= 3 (0x3)

"EnableUIADesktopToggle"= 0 (0x0)

.

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]

Security Packages REG_MULTI_SZ kerberos msv1_0 schannel wdigest tspkg pku2u livessp

.

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\mcmscsvc]

@=""

.

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MCODS]

@=""

.

R1 SASDIFSV;SASDIFSV;c:\users\Terri\AppData\Local\Temp\SAS_SelfExtract\SASDIFSV64.SYS [x]

R1 SASKUTIL;SASKUTIL;c:\users\Terri\AppData\Local\Temp\SAS_SelfExtract\SASKUTIL64.SYS [x]

R2 0287521336184271mcinstcleanup;McAfee Application Installer Cleanup (0287521336184271);c:\windows\TEMP\028752~1.EXE [x]

R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]

R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]

R2 gupdate;Google Update Service (gupdate);c:\program files (x86)\Google\Update\GoogleUpdate.exe [2011-02-27 136176]

R2 SkypeUpdate;Skype Updater;c:\program files (x86)\Skype\Updater\Updater.exe [2012-02-29 158856]

R3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service;c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-06-13 257224]

R3 BBSvc;Bing Bar Update Service;c:\program files (x86)\Microsoft\BingBar\BBSvc.EXE [2011-02-28 183560]

R3 GamesAppService;GamesAppService;c:\program files (x86)\WildTangent Games\App\GamesAppService.exe [2010-10-12 206072]

R3 gupdatem;Google Update Service (gupdatem);c:\program files (x86)\Google\Update\GoogleUpdate.exe [2011-02-27 136176]

R3 McComponentHostService;McAfee Security Scan Component Host Service;c:\program files (x86)\McAfee Security Scan\2.0.181\McCHSvc.exe [2010-01-15 227232]

R3 mferkdet;McAfee Inc. mferkdet;c:\windows\system32\drivers\mferkdet.sys [x]

R3 MozillaMaintenance;Mozilla Maintenance Service;c:\program files (x86)\Mozilla Maintenance Service\maintenanceservice.exe [2012-06-13 129976]

R3 osppsvc;Office Software Protection Platform;c:\program files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE [2010-01-10 4925184]

R3 RSUSBSTOR;RtsUStor.Sys Realtek USB Card Reader;c:\windows\system32\Drivers\RtsUStor.sys [x]

R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [x]

R3 USBAAPL64;Apple Mobile USB Driver;c:\windows\system32\Drivers\usbaapl64.sys [x]

R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe [x]

R3 yukonw7;NDIS6.2 Miniport Driver for Marvell Yukon Ethernet Controller;c:\windows\system32\DRIVERS\yk62x64.sys [x]

R4 McOobeSv;McAfee OOBE Service;c:\program files\Common Files\mcafee\McSvcHost\McSvHost.exe [2011-01-28 249936]

R4 wlcrasvc;Windows Live Mesh remote connections service;c:\program files\Windows Live\Mesh\wlcrasvc.exe [2010-09-22 57184]

S0 mfewfpk;McAfee Inc. mfewfpk;c:\windows\system32\drivers\mfewfpk.sys [x]

S0 PxHlpa64;PxHlpa64;c:\windows\System32\Drivers\PxHlpa64.sys [x]

S1 mfenlfk;McAfee NDIS Light Filter;c:\windows\system32\DRIVERS\mfenlfk.sys [x]

S1 vwififlt;Virtual WiFi Filter Driver;c:\windows\system32\DRIVERS\vwififlt.sys [x]

S2 AESTFilters;Andrea ST Filters Service;c:\program files\IDT\WDM\AESTSr64.exe [2009-03-03 89600]

S2 cvhsvc;Client Virtualization Handler;c:\program files (x86)\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE [2012-01-04 822624]

S2 DockLoginService;Dock Login Service;c:\program files\Dell\DellDock\DockLogin.exe [2009-06-09 155648]

S2 IAStorDataMgrSvc;Intel® Rapid Storage Technology;c:\program files (x86)\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe [2010-06-08 13336]

S2 MBAMService;MBAMService;c:\program files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [2012-04-04 654408]

S2 McMPFSvc;McAfee Personal Firewall Service;c:\program files\Common Files\McAfee\McSvcHost\McSvHost.exe [2011-01-28 249936]

S2 McNaiAnn;McAfee VirusScan Announcer;c:\program files\Common Files\mcafee\McSvcHost\McSvHost.exe [2011-01-28 249936]

S2 mfefire;McAfee Firewall Core Service;c:\program files\Common Files\McAfee\SystemCore\\mfefire.exe [2012-03-20 210584]

S2 mfevtp;McAfee Validation Trust Protection Service;c:\program files\Common Files\McAfee\SystemCore\mfevtps.exe [2012-03-20 162192]

S2 sftlist;Application Virtualization Client;c:\program files (x86)\Microsoft Application Virtualization Client\sftlist.exe [2011-10-01 508776]

S2 SftService;SoftThinks Agent Service;c:\program files (x86)\Dell DataSafe Local Backup\sftservice.EXE [2011-08-18 1692480]

S2 UNS;Intel® Management & Security Application User Notification Service;c:\program files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe [2010-03-03 2320920]

S3 BcmVWL;Broadcom Virtual Wireless;c:\windows\system32\DRIVERS\bcmvwl64.sys [x]

S3 btusbflt;Bluetooth USB Filter;c:\windows\system32\drivers\btusbflt.sys [x]

S3 btwl2cap;Bluetooth L2CAP Service;c:\windows\system32\DRIVERS\btwl2cap.sys [x]

S3 cfwids;McAfee Inc. cfwids;c:\windows\system32\drivers\cfwids.sys [x]

S3 CtClsFlt;Creative Camera Class Upper Filter Driver;c:\windows\system32\DRIVERS\CtClsFlt.sys [x]

S3 HECIx64;Intel® Management Engine Interface;c:\windows\system32\DRIVERS\HECIx64.sys [x]

S3 Impcd;Impcd;c:\windows\system32\DRIVERS\Impcd.sys [x]

S3 IntcDAud;Intel® Display Audio;c:\windows\system32\DRIVERS\IntcDAud.sys [x]

S3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [x]

S3 mfefirek;McAfee Inc. mfefirek;c:\windows\system32\drivers\mfefirek.sys [x]

S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt64win7.sys [x]

S3 Sftfs;Sftfs;c:\windows\system32\DRIVERS\Sftfslh.sys [x]

S3 Sftplay;Sftplay;c:\windows\system32\DRIVERS\Sftplaylh.sys [x]

S3 Sftredir;Sftredir;c:\windows\system32\DRIVERS\Sftredirlh.sys [x]

S3 Sftvol;Sftvol;c:\windows\system32\DRIVERS\Sftvollh.sys [x]

S3 sftvsa;Application Virtualization Service Agent;c:\program files (x86)\Microsoft Application Virtualization Client\sftvsa.exe [2011-10-01 219496]

S3 vwifimp;Microsoft Virtual WiFi Miniport Service;c:\windows\system32\DRIVERS\vwifimp.sys [x]

S3 WSDPrintDevice;WSD Print Support via UMB;c:\windows\system32\DRIVERS\WSDPrint.sys [x]

.

.

--- Other Services/Drivers In Memory ---

.

*Deregistered* - mfeavfk01

.

[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\svchost]

hpdevmgmt REG_MULTI_SZ hpqcxs08 hpqddsvc

.

Contents of the 'Scheduled Tasks' folder

.

2012-06-14 c:\windows\Tasks\Adobe Flash Player Updater.job

- c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-04-15 14:02]

.

2012-06-14 c:\windows\Tasks\FacebookUpdateTaskUserS-1-5-21-2768318042-2633232579-3065488275-1000Core.job

- c:\users\Terri\AppData\Local\Facebook\Update\FacebookUpdate.exe [2011-09-24 03:31]

.

2012-06-14 c:\windows\Tasks\FacebookUpdateTaskUserS-1-5-21-2768318042-2633232579-3065488275-1000UA.job

- c:\users\Terri\AppData\Local\Facebook\Update\FacebookUpdate.exe [2011-09-24 03:31]

.

2012-06-14 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job

- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2011-02-27 23:57]

.

2012-06-14 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job

- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2011-02-27 23:57]

.

2012-06-12 c:\windows\Tasks\PCDoctorBackgroundMonitorTask.job

- c:\program files\Dell Support Center\uaclauncher.exe [2012-04-13 06:11]

.

2012-06-14 c:\windows\Tasks\SystemToolsDailyTest.job

- c:\program files\Dell Support Center\uaclauncher.exe [2012-04-13 06:11]

.

.

--------- X64 Entries -----------

.

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt1]

@="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}"

[HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}]

2011-02-18 05:12 97792 ----a-w- c:\users\Terri\AppData\Roaming\Dropbox\bin\DropboxExt64.14.dll

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt2]

@="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}"

[HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}]

2011-02-18 05:12 97792 ----a-w- c:\users\Terri\AppData\Roaming\Dropbox\bin\DropboxExt64.14.dll

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt3]

@="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}"

[HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}]

2011-02-18 05:12 97792 ----a-w- c:\users\Terri\AppData\Roaming\Dropbox\bin\DropboxExt64.14.dll

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt4]

@="{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}"

[HKEY_CLASSES_ROOT\CLSID\{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}]

2011-02-18 05:12 97792 ----a-w- c:\users\Terri\AppData\Roaming\Dropbox\bin\DropboxExt64.14.dll

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"IgfxTray"="c:\windows\system32\igfxtray.exe" [2010-09-07 161304]

"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2010-09-07 386584]

"Persistence"="c:\windows\system32\igfxpers.exe" [2010-09-07 415256]

"SysTrayApp"="c:\program files\IDT\WDM\sttray64.exe" [2010-06-18 487424]

"SynTPEnh"="c:\program files (x86)\Synaptics\SynTP\SynTPEnh.exe" [bU]

"Broadcom Wireless Manager UI"="c:\program files\Dell\DW WLAN Card\WLTRAY.exe" [2010-02-03 5712896]

.

------- Supplementary Scan -------

.

uLocal Page = c:\windows\system32\blank.htm

uStart Page = hxxp://msn.com/

mLocal Page = c:\windows\SysWOW64\blank.htm

uInternet Settings,ProxyOverride = *.local

IE: E&xport to Microsoft Excel - c:\progra~2\MIF5BA~1\Office12\EXCEL.EXE/3000

IE: Send image to &Bluetooth Device... - c:\program files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm

IE: Send page to &Bluetooth Device... - c:\program files\WIDCOMM\Bluetooth Software\btsendto_ie.htm

TCP: DhcpNameServer = 192.168.0.1

FF - ProfilePath - c:\users\Terri\AppData\Roaming\Mozilla\Firefox\Profiles\gq96nief.default\

.

.

--------------------- LOCKED REGISTRY KEYS ---------------------

.

[HKEY_USERS\S-1-5-21-2768318042-2633232579-3065488275-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.eml\UserChoice]

@Denied: (2) (LocalSystem)

"Progid"="WindowsLiveMail.Email.1"

.

[HKEY_USERS\S-1-5-21-2768318042-2633232579-3065488275-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.vcf\UserChoice]

@Denied: (2) (LocalSystem)

"Progid"="WindowsLiveMail.VCard.1"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]

@Denied: (A 2) (Everyone)

@="FlashBroker"

"LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_2_202_235_ActiveX.exe,-101"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]

"Enabled"=dword:00000001

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]

@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_2_202_235_ActiveX.exe"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]

@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]

@Denied: (A 2) (Everyone)

@="Shockwave Flash Object"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]

@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_2_202_235.ocx"

"ThreadingModel"="Apartment"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]

@="0"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]

@="ShockwaveFlash.ShockwaveFlash.11"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]

@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_2_202_235.ocx, 1"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]

@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]

@="1.0"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]

@="ShockwaveFlash.ShockwaveFlash"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]

@Denied: (A 2) (Everyone)

@="Macromedia Flash Factory Object"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]

@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_2_202_235.ocx"

"ThreadingModel"="Apartment"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]

@="FlashFactory.FlashFactory.1"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]

@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_2_202_235.ocx, 1"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]

@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]

@="1.0"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]

@="FlashFactory.FlashFactory"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]

@Denied: (A 2) (Everyone)

@="IFlashBroker4"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]

@="{00020424-0000-0000-C000-000000000046}"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]

@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"

"Version"="1.0"

.

[HKEY_LOCAL_MACHINE\software\McAfee]

"SymbolicLinkValue"=hex(6):5c,00,72,00,65,00,67,00,69,00,73,00,74,00,72,00,79,

00,5c,00,6d,00,61,00,63,00,68,00,69,00,6e,00,65,00,5c,00,53,00,6f,00,66,00,\

.

[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\PCW\Security]

@Denied: (Full) (Everyone)

.

Completion time: 2012-06-14 09:03:54

ComboFix-quarantined-files.txt 2012-06-14 14:03

ComboFix2.txt 2012-06-13 16:15

.

Pre-Run: 422,953,615,360 bytes free

Post-Run: 422,898,733,056 bytes free

.

- - End Of File - - F56C97732FDC70B8BB18F19F267F7900

[Maniac]

Please run a free online scan with the ESET Online Scanner

Note: You will need to use Internet Explorer for this scan

• Tick the box next to YES, I accept the Terms of Use
  
• Click Start
  
• When asked, allow the ActiveX control to install
  
• Click Start
  
• Make sure that the options Remove found threats and the option Scan unwanted applications is checked
  
• Click Scan (This scan can take several hours, so please be patient)
  
• Once the scan is completed, you may close the window
  
• Use Notepad to open the logfile located at C:\Program Files\EsetOnlineScanner\log.txt
  
• Copy and paste that log as a reply to this topic
  

[msaffa]

ESETSmartInstaller@High as CAB hook log:

OnlineScanner64.ocx - registred OK

OnlineScanner.ocx - registred OKESETSmartInstaller@High as CAB hook log:

OnlineScanner64.ocx - registred OK

OnlineScanner.ocx - registred OK

[Maniac]

How are things now?

[msaffa]

everything seems to be working great.. sorry I am just getting back to you had to go out of town for work.. I thank you so much for all your help.. I gave you a donation sorry it wasn't a bunch but all I could afford. Thank you again

[Maniac]

Thank you so much!

Please uninstall ComboFix:

www.bleepingcomputer.com/combofix/how-to-use-combofix#uninstall

Next, uninstall ESET Online Scanner and manually delete DDS and TDSSKiller.

Some malware prevention tips:

http://forums.malwarebytes.org/index.php?showtopic=104379&pid=515983&st=0entry515983

Safe surfing!

[Maurice Naggar]

Glad we could help.

If you need this topic reopened, please send a Private Message to any one of the moderating team members. Please include a link to this thread with your request. This applies only to the originator of this thread.

Other members who need assistance please start your own topic in a new thread. Thanks!