Jump to content


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.

Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

google redirect virus


  • This topic is locked This topic is locked
20 replies to this topic

#1 mjtaxpro

mjtaxpro

  • Members
  • 16 posts
  • OFFLINE
  •  
  • Local time:09:44 PM

Posted 31 March 2012 - 06:21 PM

today for the first time on my win 7 computer after performing a google search and clicking on the link it took me to a different website than the one i clicked on. i downloaded malwarebytes and it found a couple trojans which it removed (or so i thought). after a reboot i still had the problem when doing a google search and getting redirected to a different site. another scan with malwarebytes turned up nothing. hoping someone is able to help me get rid of this thing.

thanks in advance
Mark

BC AdBot (Login to Remove)

 


#2 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 135,634 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:11:44 PM

Posted 01 April 2012 - 12:42 AM

Hello and Welcome to Bleeping Computer!!

My name is Gringo and I'll be glad to help you with your computer problems.

I have put together somethings for you to keep in mind while I am helping you to make things go easier and faster for both of us

  • Please do not run any tools unless instructed to do so.
    • We ask you to run different tools in a specific order to ensure the malware is completely removed from your machine, and running any additional tools may detect false positives, interfere with our tools, or cause unforeseen damage or system instability.
  • Please do not attach logs or use code boxes, just copy and paste the text.
    • Due to the high volume of logs we receive it helps to receive everything in the same format, and code boxes make the logs very difficult to read. Also, attachments require us to download and open the reports when it is easier to just read the reports in your post.
  • Please read every post completely before doing anything.
    • Pay special attention to the NOTE: lines, these entries identify an individual issue or important step in the cleanup process.
  • Please provide feedback about your experience as we go.
    • A short statement describing how the computer is working helps us understand where to go next, for example: I am still getting redirected, the computer is running normally, etc. Please do not describe the computer as "the same", this requires the extra step of looking back at your previous post.
NOTE: At the top of your post, click on the Watch Topic Button, select Immediate Notification, and click on Proceed. This will send you an e-mail as soon as I reply to your topic, allowing us to resolve the issue faster.

NOTE: Backup any files that cannot be replaced. Removing malware can be unpredictable and this step can save a lot of hartaches if things don't go as planed. You can put them on a CD/DVD, external drive or a pen drive, anywhere except on the computer.

NOTE: It is good practice to copy and paste the instructions into notepad and print them in case it is necessary for you to go offline during the cleanup process. To open notepad, navigate to Start Menu > All Programs > Accessories > Notepad. Please remember to copy the entire post so you do not miss any instructions.


DeFogger:

  • Please download DeFogger to your desktop.

    Double click DeFogger to run the tool.
  • The application window will appear
  • Click the Disable button to disable your CD Emulation drivers
  • Click Yes to continue
  • A 'Finished!' message will appear
  • Click OK
  • DeFogger may ask you to reboot the machine, if it does - click OK
Do not re-enable these drivers until otherwise instructed.

Download DDS:

  • Please download DDS by sUBs from one of the links below and save it to your desktop:

    Posted Image
    Download DDS and save it to your desktop

    Link1
    Link2
    Link3

    Please disable any anti-malware program that will block scripts from running before running DDS.

    • Double-Click on dds.scr and a command window will appear. This is normal.
    • Shortly after two logs will appear:
    • DDS.txt
    • Attach.txt
  • A window will open instructing you save & post the logs
  • Save the logs to a convenient place such as your desktop
  • Copy the contents of both logs & post in your next reply

information and logs:

  • In your next post I need the following

  • .logs from DDS
  • let me know of any problems you may have had

Gringo

I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic


Please Only Copy And Paste Reports Into Topic - Do Not Attach

My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#3 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 135,634 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:11:44 PM

Posted 04 April 2012 - 01:20 AM

Hello

48 Hour bump

It has been more than 48 hours since my last post.

  • do you still need help with this?
  • do you need more time?
  • are you having problems following my instructions?
  • if after 48hrs you have not replied to this thread then it will have to be closed!

Gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic


Please Only Copy And Paste Reports Into Topic - Do Not Attach

My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#4 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 135,634 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:11:44 PM

Posted 07 April 2012 - 12:57 AM

Due to the lack of feedback, this topic is now closed.In the event you still have problems, please send me or any Moderator a Private Message and ask them to reopen this topic within the next 5 days. Please include a link to your topic in the Private Message. Thank you.
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic


Please Only Copy And Paste Reports Into Topic - Do Not Attach

My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#5 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 135,634 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:11:44 PM

Posted 09 April 2012 - 12:57 PM

This topic has been re-opened at the request of the person who originally posted.
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic


Please Only Copy And Paste Reports Into Topic - Do Not Attach

My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#6 mjtaxpro

mjtaxpro
  • Topic Starter

  • Members
  • 16 posts
  • OFFLINE
  •  
  • Local time:09:44 PM

Posted 09 April 2012 - 01:48 PM

.
DDS (Ver_2011-08-26.01) - NTFSx86
Internet Explorer: 9.0.8112.16421 BrowserJavaVersion: 10.3.0
Run by mjadmin2 at 13:37:27 on 2012-04-09
Microsoft Windows 7 Ultimate 6.1.7601.1.1252.1.1033.18.3326.607 [GMT -5:00]
.
AV: Microsoft Security Essentials *Disabled/Updated* {108DAC43-C256-20B7-BB05-914135DA5160}
AV: Panda Cloud Antivirus *Disabled/Updated* {86971480-9989-6750-B122-681A86518D59}
SP: Panda Cloud Antivirus *Disabled/Updated* {3DF6F564-BFB3-68DE-8B92-5368FDD6C7E4}
SP: Microsoft Security Essentials *Disabled/Updated* {ABEC4DA7-E46C-2F39-81B5-AA334E5D1BDD}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
SP: PC Tools Spyware Doctor *Disabled/Updated* {94076BB2-F3DA-227F-9A1E-F060FF73600F}
.
============== Running Processes ===============
.
C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\svchost.exe -k RPCSS
c:\Program Files\Microsoft Security Client\Antimalware\MsMpEng.exe
C:\Windows\system32\atiesrxx.exe
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Program Files\Wave Systems Corp\Trusted Drive Manager\TdmService.exe
C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe
C:\Program Files\PC Tools\PC Tools Security\BDT\BDTUpdateService.exe
C:\Program Files\DYMO\DYMO Label Software\DymoPnpService.exe
C:\Windows\twain_32\fjscan32\FJTWMKSV.exe
C:\Windows\system32\LxrSII1s.exe
C:\Program Files\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe
C:\Program Files\Panda Security\Panda Cloud Antivirus\PSANHost.exe
C:\Program Files\Common Files\Protexis\License Service\PsiService_2.exe
C:\Program Files\Pervasive Software\PSQL\bin\w3dbsmgr.exe
C:\Program Files\Microsoft SQL Server\90\Shared\sqlbrowser.exe
C:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
c:\Program Files\Dell\Dell System Manager\DCPSysMgrSvc.exe
C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTMon.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
C:\Windows\system32\wbem\unsecapp.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Windows\system32\SearchIndexer.exe
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\Windows\system32\WUDFHost.exe
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe
C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE
C:\Windows\Microsoft.Net\Framework\v3.0\WPF\PresentationFontCache.exe
C:\Windows\system32\atieclxx.exe
C:\Windows\system32\taskhost.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Program Files\Analog Devices\Core\smax4pnp.exe
C:\Program Files\Intel\Intel Matrix Storage Manager\IAAnotif.exe
C:\Program Files\Wave Systems Corp\Services Manager\DocMgr\bin\WavXDocMgr.exe
C:\Program Files\Adobe\Acrobat 9.0\Acrobat\acrotray.exe
C:\Program Files\CyberLink\PowerDVD9\PDVD9Serv.exe
C:\Program Files\Roxio\OEM\Roxio Burn\RoxioBurnLauncher.exe
C:\Program Files\ACT\Act for Windows\Act.Outlook.Service.exe
c:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
C:\Windows\twain_32\Fjscan32\SOP\FtLnSOP.exe
C:\Windows\twain_32\Fjscan32\FjtwMkup.exe
C:\Program Files\Microsoft Security Client\msseces.exe
C:\Program Files\Panda Security\Panda Cloud Antivirus\PSUNMain.exe
C:\ProgramData\Panda Security URL Filtering\Panda_URL_Filtering.exe
C:\Users\mj6\AppData\Local\Google\Update\GoogleUpdate.exe
C:\Program Files\Siber Systems\AI RoboForm\robotaskbaricon.exe
C:\Program Files\Dell\Dell System Manager\DCPSysMgr.exe
C:\Windows\twain_32\Fjscan32\ERG\FTErGuid.exe
C:\Program Files\MMTaskbar\MultiMon.exe
C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CCC.exe
C:\Program Files\Wave Systems Corp\Trusted Drive Manager\TdmNotify.exe
C:\Windows\system32\ntvdm.exe
C:\Users\mjadmin2.CORP\AppData\Roaming\Dropbox\bin\Dropbox.exe
C:\Program Files\Microsoft Office\Office14\ONENOTEM.EXE
C:\Windows\system32\conhost.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Windows\System32\mobsync.exe
C:\11tax\w11tax.exe
C:\Program Files\ACT\Act for Windows\ActSage.exe
C:\Program Files\Intuit\DMS\DMS.EXE
C:\10tax\w10tax.exe
C:\Program Files\Microsoft Office\Office14\OUTLOOK.EXE
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Windows\system32\atieclxx.exe
C:\Windows\system32\taskhost.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Program Files\Analog Devices\Core\smax4pnp.exe
C:\Program Files\Intel\Intel Matrix Storage Manager\IAAnotif.exe
C:\Program Files\Wave Systems Corp\Services Manager\DocMgr\bin\WavXDocMgr.exe
C:\Program Files\Dell\Dell ControlPoint\Security Manager\BcmDeviceAndTaskStatusService.exe
C:\Program Files\Adobe\Acrobat 9.0\Acrobat\acrotray.exe
C:\Program Files\CyberLink\PowerDVD9\PDVD9Serv.exe
c:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
C:\Program Files\Roxio\OEM\Roxio Burn\RoxioBurnLauncher.exe
C:\Program Files\ACT\Act for Windows\Act.Outlook.Service.exe
C:\Windows\twain_32\Fjscan32\SOP\FtLnSOP.exe
C:\Windows\twain_32\Fjscan32\FjtwMkup.exe
C:\Program Files\Microsoft Security Client\msseces.exe
C:\Program Files\Panda Security\Panda Cloud Antivirus\PSUNMain.exe
C:\ProgramData\Panda Security URL Filtering\Panda_URL_Filtering.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Program Files\Siber Systems\AI RoboForm\robotaskbaricon.exe
C:\Users\mjadmin2.CORP\AppData\Local\Lexar Media\LxrAutorun.exe
C:\Users\mjadmin2.CORP\AppData\Local\Google\Update\GoogleUpdate.exe
C:\Program Files\Dell\Dell System Manager\DCPSysMgr.exe
C:\Windows\twain_32\Fjscan32\ERG\FTErGuid.exe
C:\Program Files\MMTaskbar\MultiMon.exe
C:\Program Files\Wave Systems Corp\Trusted Drive Manager\TdmNotify.exe
C:\Windows\System32\mobsync.exe
C:\Users\mjadmin2.CORP\AppData\Roaming\Dropbox\bin\Dropbox.exe
C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CCC.exe
C:\11tax\w11tax.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Windows\system32\SearchProtocolHost.exe
C:\10tax\w10tax.exe
C:\Users\mjadmin2.CORP\Desktop\Defogger.exe
C:\Windows\system32\conhost.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Windows\system32\conhost.exe
.
============== Pseudo HJT Report ===============
.
uStart Page = hxxp://www.mystart.com/?pr=vmn&rlz=1V1IPYX&id=pandasecuritytb&v=3_0
uWindow Title = Internet Explorer provided by Dell
uURLSearchHooks: PC Tools Browser Defender: {472734ea-242a-422b-adf8-83d1e48cc825} - c:\program files\pc tools\pc tools security\bdt\PCTBrowserDefender.dll
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll
BHO: TmIEPlugInBHO Class: {1ca1377b-dc1d-4a52-9585-6e06050fac53} - c:\program files\trend micro\client server security agent\bho\1009\TmIEPlg.dll
BHO: PC Tools Browser Defender BHO: {2a0f3d1b-0909-4ff4-b272-609cce6054e7} - c:\program files\pc tools\pc tools security\bdt\PCTBrowserDefender.dll
BHO: RoboForm: {724d43a9-0d85-11d4-9908-00400523e39a} - c:\program files\siber systems\ai roboform\roboform.dll
BHO: Java™ Plug-In SSV Helper: {761497bb-d6f0-462c-b6eb-d4daf1d92d43} - c:\program files\java\jre7\bin\ssv.dll
BHO: Windows Live ID Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - c:\program files\common files\microsoft shared\windows live\WindowsLiveLogin.dll
BHO: Windows Live Messenger Companion Helper: {9fdde16b-836f-4806-ab1f-1455cbeff289} - c:\program files\windows live\companion\companioncore.dll
BHO: Adobe PDF Conversion Toolbar Helper: {ae7cd045-e861-484f-8273-0445ee161910} - c:\program files\common files\adobe\acrobat\activex\AcroIEFavClient.dll
BHO: Office Document Cache Handler: {b4f3a835-0e21-4959-ba22-42b3008e02ff} - c:\progra~1\micros~2\office14\URLREDIR.DLL
BHO: Panda Security Toolbar: {b821bf60-5c2d-41eb-92dc-3e4ccd3a22e4} - c:\program files\panda security\panda security toolbar\PandaSecurityDx.dll
BHO: Act.UI.InternetExplorer.Plugins.AttachFile.CAttachFile: {d5233fcd-d258-4903-89b8-fb1568e7413d} - mscoree.dll
BHO: Java™ Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre7\bin\jp2ssv.dll
BHO: SmartSelect Class: {f4971ee7-daa0-4053-9964-665d8ee6a077} - c:\program files\common files\adobe\acrobat\activex\AcroIEFavClient.dll
TB: Adobe PDF: {47833539-d0c5-4125-9fa8-0819e2eaac93} - c:\program files\common files\adobe\acrobat\activex\AcroIEFavClient.dll
TB: &RoboForm: {724d43a0-0d85-11d4-9908-00400523e39a} - c:\program files\siber systems\ai roboform\roboform.dll
TB: Panda Security Toolbar: {b821bf60-5c2d-41eb-92dc-3e4ccd3a22e4} - c:\program files\panda security\panda security toolbar\PandaSecurityDx.dll
TB: PC Tools Browser Defender: {472734ea-242a-422b-adf8-83d1e48cc825} - c:\program files\pc tools\pc tools security\bdt\PCTBrowserDefender.dll
uRun: [Sidebar] c:\program files\windows sidebar\sidebar.exe
uRun: [RoboForm] "c:\program files\siber systems\ai roboform\RoboTaskBarIcon.exe"
uRun: [LxrAutorun] c:\users\mjadmin2.corp\appdata\local\lexar media\LxrAutorun.exe
uRun: [Google Update] "c:\users\mjadmin2.corp\appdata\local\google\update\GoogleUpdate.exe" /c
mRun: [ATIModeChange] Ati2mdxx.exe
mRun: [SoundMAXPnP] c:\program files\analog devices\core\smax4pnp.exe
mRun: [IAAnotif] c:\program files\intel\intel matrix storage manager\iaanotif.exe
mRun: [StartCCC] "c:\program files\ati technologies\ati.ace\core-static\CLIStart.exe" MSRun
mRun: [WavXMgr] c:\program files\wave systems corp\services manager\docmgr\bin\WavXDocMgr.exe
mRun: [USCService] c:\program files\dell\dell controlpoint\security manager\BcmDeviceAndTaskStatusService.exe
mRun: [Adobe Acrobat Speed Launcher] "c:\program files\adobe\acrobat 9.0\acrobat\Acrobat_sl.exe"
mRun: [<NO NAME>]
mRun: [Acrobat Assistant 8.0] "c:\program files\adobe\acrobat 9.0\acrobat\Acrotray.exe"
mRun: [Adobe ARM] "c:\program files\common files\adobe\arm\1.0\AdobeARM.exe"
mRun: [RemoteControl9] "c:\program files\cyberlink\powerdvd9\PDVD9Serv.exe"
mRun: [PDVD9LanguageShortcut] "c:\program files\cyberlink\powerdvd9\language\Language.exe"
mRun: [RoxWatchTray] "c:\program files\common files\roxio shared\oem\12.0\sharedcom\RoxWatchTray12OEM.exe"
mRun: [Desktop Disc Tool] "c:\program files\roxio\oem\roxio burn\RoxioBurnLauncher.exe"
mRun: [OfficeScanNT Monitor] "c:\program files\trend micro\client server security agent\pccntmon.exe" -HideWindow
mRun: [PeachtreePrefetcher.exe] c:\paw2012\PeachtreePrefetcher.exe /configfile:peachtreeprefetcher.winstart.config
mRun: [Act.Outlook.Service] "c:\program files\act\act for windows\Act.Outlook.Service.exe"
mRun: [Act! Preloader] "c:\program files\act\act for windows\ActSage.exe" -preload
mRun: [FtLnSOP_setup] c:\windows\twain_32\fjscan32\sop\FtLnSOP.exe
mRun: [FJTWAIN Setup] c:\windows\twain_32\fjscan32\FjtwMkup.exe /Station
mRun: [MSC] "c:\program files\microsoft security client\msseces.exe" -hide -runkey
mRun: [DLSService] "c:\program files\dymo\dymo label software\DLSService.exe"
mRun: [Malwarebytes' Anti-Malware] "c:\program files\malwarebytes' anti-malware\mbamgui.exe" /starttray
mRun: [PSUNMain] "c:\program files\panda security\panda cloud antivirus\PSUNMain.exe" /Traybar
mRun: [Panda Security URL Filtering] "c:\programdata\panda security url filtering\Panda_URL_Filtering.exe"
StartupFolder: c:\users\mjadmi~1.cor\appdata\roaming\micros~1\windows\startm~1\programs\startup\dropbox.lnk - c:\users\mjadmin2.corp\appdata\roaming\dropbox\bin\Dropbox.exe
StartupFolder: c:\progra~2\micros~1\windows\startm~1\programs\startup\dellsy~1.lnk - c:\program files\dell\dell system manager\DCPSysMgr.exe
StartupFolder: c:\progra~2\micros~1\windows\startm~1\programs\startup\errorr~1.lnk - c:\windows\twain_32\fjscan32\erg\FTErGuid.exe
StartupFolder: c:\progra~2\micros~1\windows\startm~1\programs\startup\multim~1.lnk - c:\program files\mmtaskbar\MultiMon.exe
StartupFolder: c:\progra~2\micros~1\windows\startm~1\programs\startup\quickb~1.lnk - c:\program files\common files\intuit\quickbooks\qbupdate\qbupdate.exe
StartupFolder: c:\programdata\microsoft\windows\start menu\programs\startup\Service Manager.norun
StartupFolder: c:\progra~2\micros~1\windows\startm~1\programs\startup\tdmnot~1.lnk - c:\program files\wave systems corp\trusted drive manager\TdmNotify.exe
mPolicies-system: ConsentPromptBehaviorAdmin = 0 (0x0)
mPolicies-system: ConsentPromptBehaviorUser = 3 (0x3)
mPolicies-system: EnableLUA = 0 (0x0)
mPolicies-system: EnableUIADesktopToggle = 0 (0x0)
mPolicies-system: PromptOnSecureDesktop = 0 (0x0)
mPolicies-system: EnableLinkedConnections = 1 (0x1)
IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200
IE: Append Link Target to Existing PDF - c:\program files\common files\adobe\acrobat\activex\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
IE: Append to Existing PDF - c:\program files\common files\adobe\acrobat\activex\AcroIEFavClient.dll/AcroIEAppend.html
IE: Convert Link Target to Adobe PDF - c:\program files\common files\adobe\acrobat\activex\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
IE: Convert link target to existing PDF - c:\program files\adobe\acrobat 8.0\acrobat\AcroIEFavClient.dll/AcroIEAppend.html
IE: Convert selected links to Adobe PDF - c:\program files\adobe\acrobat 8.0\acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
IE: Convert selected links to existing PDF - c:\program files\adobe\acrobat 8.0\acrobat\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
IE: Convert selection to Adobe PDF - c:\program files\adobe\acrobat 8.0\acrobat\AcroIEFavClient.dll/AcroIECapture.html
IE: Convert selection to existing PDF - c:\program files\adobe\acrobat 8.0\acrobat\AcroIEFavClient.dll/AcroIEAppend.html
IE: Convert to Adobe PDF - c:\program files\common files\adobe\acrobat\activex\AcroIEFavClient.dll/AcroIECapture.html
IE: Customize Menu - file://c:\program files\siber systems\ai roboform\RoboFormComCustomizeIEMenu.html
IE: E&xport to Microsoft Excel - c:\progra~1\micros~2\office14\EXCEL.EXE/3000
IE: Fill Forms - file://c:\program files\siber systems\ai roboform\RoboFormComFillForms.html
IE: RoboForm Toolbar - file://c:\program files\siber systems\ai roboform\RoboFormComShowToolbar.html
IE: Save Forms - file://c:\program files\siber systems\ai roboform\RoboFormComSavePass.html
IE: Se&nd to OneNote - c:\progra~1\micros~2\office14\ONBttnIE.dll/105
IE: {320AF880-6646-11D3-ABEE-C5DBF3571F46} - c:\program files\siber systems\ai roboform\RoboFormComFillForms.html
IE: {320AF880-6646-11D3-ABEE-C5DBF3571F49} - c:\program files\siber systems\ai roboform\RoboFormComSavePass.html
IE: {724d43aa-0d85-11d4-9908-00400523e39a} - c:\program files\siber systems\ai roboform\RoboFormComShowToolbar.html
IE: {0000036B-C524-4050-81A0-243669A86B9F} - {B63DBA5F-523F-4B9C-A43D-65DF1977EAD3} - c:\program files\windows live\companion\companioncore.dll
IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - c:\program files\windows live\writer\WriterBrowserExtension.dll
IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - c:\program files\microsoft office\office14\ONBttnIE.dll
IE: {6F431AC3-364A-478b-BBDB-89C7CE1B18F6} - {6F431AC3-364A-478b-BBDB-89C7CE1B18F6} - mscoree.dll
IE: {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - {FFFDC614-B694-4AE6-AB38-5D6374584B52} - c:\program files\microsoft office\office14\ONBttnIELinkedNotes.dll
LSP: c:\program files\common files\pc tools\lsp\PCTLsp.dll
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.7.0/jinstall-1_7_0_03-windows-i586.cab
DPF: {CAFEEFAC-0017-0000-0003-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.7.0/jinstall-1_7_0_03-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.7.0/jinstall-1_7_0_03-windows-i586.cab
DPF: {D27CDB6A-AE6D-11CF-96B8-555664650000} - hxxp://www.in.com/pagenotfound.html
DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
DPF: {E7DA7F8D-27AB-4EE9-8FC0-3FEC9ECFE758} - hxxps://access.wisconsin.gov/access/DynamicWebTWAIN.cab
TCP: Interfaces\{64D18F0B-AF9E-4A1A-8115-23278DF2AA1B} : NameServer = 192.168.1.32,192.168.1.1
Filter: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - c:\program files\common files\microsoft shared\office14\MSOXMLMF.DLL
Handler: tmpx - {0E526CB5-7446-41D1-A403-19BFE95E8C23} - c:\program files\trend micro\client server security agent\bho\1009\TmIEPlg.dll
Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - c:\program files\windows live\photo gallery\AlbumDownloadProtocolHandler.dll
LSA: Authentication Packages = msv1_0 wvauth
.
================= FIREFOX ===================
.
FF - ProfilePath - c:\users\mjadmin2.corp\appdata\roaming\mozilla\firefox\profiles\106lcypn.default\
FF - prefs.js: browser.search.selectedEngine - Panda Safe Search
FF - prefs.js: browser.startup.homepage - hxxp://www.mystart.com/?pr=vmn&rlz=1V1IPYX&id=pandasecuritytb&v=3_0
FF - prefs.js: network.proxy.type - 0
FF - plugin: c:\progra~1\micros~2\office14\NPAUTHZ.DLL
FF - plugin: c:\progra~1\micros~2\office14\NPSPWRAP.DLL
FF - plugin: c:\program files\adobe\acrobat 9.0\acrobat\air\nppdf32.dll
FF - plugin: c:\program files\adobe\reader 10.0\reader\air\nppdf32.dll
FF - plugin: c:\program files\dymo\dymo label software\framework\npDYMOLabelFramework.dll
FF - plugin: c:\program files\java\jre6\bin\new_plugin\npdeployJava1.dll
FF - plugin: c:\program files\microsoft silverlight\4.0.60531.0\npctrlui.dll
FF - plugin: c:\program files\windows live\photo gallery\NPWLPG.dll
FF - plugin: c:\users\mjadmin2.corp\appdata\local\google\update\1.3.21.65\npGoogleUpdate3.dll
.
============= SERVICES / DRIVERS ===============
.
R0 PCTCore;PCTools KDS;c:\windows\system32\drivers\PCTCore.sys [2012-3-31 331880]
R0 pctDS;PC Tools Data Store;c:\windows\system32\drivers\pctDS.sys [2012-3-31 342168]
R0 pctEFA;PC Tools Extended File Attributes;c:\windows\system32\drivers\pctEFA.sys [2012-3-31 909728]
R1 MpFilter;Microsoft Malware Protection Driver;c:\windows\system32\drivers\MpFilter.sys [2010-3-25 165648]
R1 PCTSD;PC Tools Spyware Doctor Driver;c:\windows\system32\drivers\PCTSD.sys [2012-3-31 185560]
R1 PSINKNC;PSINKNC;c:\windows\system32\drivers\PSINKNC.sys [2011-11-23 126216]
R1 tmlwf;Trend Micro NDIS 6.0 Filter Driver;c:\windows\system32\drivers\tmlwf.sys [2009-7-15 146448]
R2 AdobeARMservice;Adobe Acrobat Update Service;c:\program files\common files\adobe\arm\1.0\armsvc.exe [2012-1-3 63928]
R2 AMD External Events Utility;AMD External Events Utility;c:\windows\system32\atiesrxx.exe [2011-1-6 176128]
R2 Browser Defender Update Service;Browser Defender Update Service;c:\program files\pc tools\pc tools security\bdt\BDTUpdateService.exe [2012-3-31 550864]
R2 dcpsysmgrsvc;Dell System Manager Service;c:\program files\dell\dell system manager\DCPSysMgrSvc.exe [2010-8-24 388464]
R2 DymoPnpService;DYMO PnP Service;c:\program files\dymo\dymo label software\DymoPnpService.exe [2011-8-10 32336]
R2 FJTWMKSV;FJTWMKSV;c:\windows\twain_32\fjscan32\FJTWMKSV.exe [2011-1-14 45056]
R2 LxrSII1d;Secure II Driver;c:\windows\system32\drivers\LxrSII1d.sys [2011-2-21 63448]
R2 MBAMService;MBAMService;c:\program files\malwarebytes' anti-malware\mbamservice.exe [2012-3-31 652360]
R2 MSSQL$ACT7;SQL Server (ACT7);c:\program files\microsoft sql server\mssql.1\mssql\binn\sqlservr.exe [2010-12-10 29293408]
R2 NanoServiceMain;Panda Cloud Antivirus Service;c:\program files\panda security\panda cloud antivirus\PSANHost.exe [2011-4-28 140608]
R2 PSINAflt;PSINAflt;c:\windows\system32\drivers\PSINAflt.sys [2012-1-5 144136]
R2 PSINFile;PSINFile;c:\windows\system32\drivers\PSINFile.sys [2011-4-28 99400]
R2 PSINProc;PSINProc;c:\windows\system32\drivers\PSINProc.sys [2011-4-28 111176]
R2 PSINProt;PSINProt;c:\windows\system32\drivers\PSINProt.sys [2011-11-30 112904]
R2 psqlWGE;Pervasive PSQL Workgroup Engine;c:\program files\pervasive software\psql\bin\w3dbsmgr.exe [2008-6-6 435496]
R2 tmwfp;Trend Micro WFP Callout Driver;c:\windows\system32\drivers\tmwfp.sys [2009-7-15 283152]
R3 b57nd60x;Broadcom NetXtreme Gigabit Ethernet - NDIS 6.0;c:\windows\system32\drivers\b57nd60x.sys [2011-1-6 325672]
R3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [2012-3-31 20464]
R3 MpNWMon;Microsoft Malware Protection Network Driver;c:\windows\system32\drivers\MpNWMon.sys [2010-3-25 43392]
R3 osppsvc;Office Software Protection Platform;c:\program files\common files\microsoft shared\officesoftwareprotectionplatform\OSPPSVC.EXE [2010-1-9 4640000]
R3 PCTBD;PC Tools Browser Defender Driver;c:\windows\system32\drivers\PCTBD.sys [2012-3-31 56840]
S2 ACT! Scheduler;ACT! Scheduler;c:\program files\act\act for windows\Act.Scheduler.exe [2009-8-24 81920]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\microsoft.net\framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
S2 RoxWatch12;Roxio Hard Drive Watcher 12;c:\program files\common files\roxio shared\oem\12.0\sharedcom\RoxWatch12OEM.exe [2010-9-4 219632]
S2 svcGenericHost;Trend Micro Client/Server Security Agent;"c:\program files\trend micro\client server security agent\hostedagent\svcgenerichost.exe" --> c:\program files\trend micro\client server security agent\hostedagent\svcGenericHost.exe [?]
S3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service;c:\windows\system32\macromed\flash\FlashPlayerUpdateService.exe [2012-3-31 253600]
S3 MSSQL$LACERTEDB;MSSQL$LACERTEDB;c:\program files\microsoft sql server\mssql$lacertedb\binn\sqlservr.exe -slacertedb --> c:\program files\microsoft sql server\mssql$lacertedb\binn\sqlservr.exe -sLACERTEDB [?]
S3 NisDrv;Microsoft Network Inspection System;c:\windows\system32\drivers\NisDrvWFP.sys [2010-10-24 65024]
S3 NisSrv;Microsoft Network Inspection;c:\program files\microsoft security client\antimalware\NisSrv.exe [2011-4-27 208944]
S3 Peachtree SmartPosting 2009;Peachtree SmartPosting 2009;c:\paw2009\SmartPostingService2009.exe [2008-5-3 49152]
S3 Peachtree SmartPosting 2011;Peachtree SmartPosting 2011;c:\paw2011\SmartPostingService2011.exe [2010-4-10 43848]
S3 Peachtree SmartPosting 2012;Peachtree SmartPosting 2012;c:\paw2012\SmartPostingService2012.exe [2011-4-7 43848]
S3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;c:\windows\system32\drivers\rdpvideominiport.sys [2011-3-5 15872]
S3 RoxMediaDB12OEM;RoxMediaDB12OEM;c:\program files\common files\roxio shared\oem\12.0\sharedcom\RoxMediaDB12OEM.exe [2010-9-4 1116656]
S3 sdAuxService;PC Tools Auxiliary Service;c:\program files\pc tools\pc tools security\pctsAuxs.exe [2012-3-31 402336]
S3 sdCoreService;PC Tools Security Service;c:\program files\pc tools\pc tools security\pctsSvc.exe [2012-3-31 1117624]
S3 SQLAgent$LACERTEDB;SQLAgent$LACERTEDB;c:\program files\microsoft sql server\mssql$lacertedb\binn\sqlagent.exe -i lacertedb --> c:\program files\microsoft sql server\mssql$lacertedb\binn\sqlagent.EXE -i LACERTEDB [?]
S3 TmPfw;Trend Micro Client/Server Security Agent Personal Firewall;"c:\program files\trend micro\client server security agent\tmpfw.exe" --> c:\program files\trend micro\client server security agent\TmPfw.exe [?]
S3 TmProxy;Trend Micro Client/Server Security Agent Proxy Service;"c:\program files\trend micro\client server security agent\tmproxy.exe" --> c:\program files\trend micro\client server security agent\TmProxy.exe [?]
S3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\TsUsbFlt.sys [2011-3-5 52224]
S3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\wat\WatAdminSvc.exe [2011-1-13 1343400]
S4 wlcrasvc;Windows Live Mesh remote connections service;c:\program files\windows live\mesh\wlcrasvc.exe [2010-9-22 51040]
.
=============== Created Last 30 ================
.
2012-04-09 14:47:10 6582328 ----a-w- c:\programdata\microsoft\microsoft antimalware\definition updates\{5ece021c-c56b-4feb-a2b8-1181a292cc9b}\mpengine.dll
2012-03-31 23:12:22 -------- d-----w- c:\programdata\HitmanPro
2012-03-31 23:01:03 637848 ----a-w- c:\windows\system32\npdeployJava1.dll
2012-03-31 21:16:14 56840 ----a-w- c:\windows\system32\drivers\PCTBD.sys
2012-03-31 21:16:09 767952 ----a-w- c:\windows\BDTSupport.dll
2012-03-31 21:16:08 149456 ----a-w- c:\windows\SGDetectionTool.dll
2012-03-31 21:16:05 2250704 ----a-w- c:\windows\PCTBDCore.dll
2012-03-31 21:16:05 1681360 ----a-w- c:\windows\PCTBDRes.dll
2012-03-31 21:14:40 253352 ----a-w- c:\windows\system32\drivers\pctgntdi.sys
2012-03-31 21:14:40 107864 ----a-w- c:\windows\system32\drivers\pctwfpfilter.sys
2012-03-31 21:14:28 17848 ----a-w- c:\windows\system32\drivers\pctBTFix.sys
2012-03-31 21:14:17 70536 ----a-w- c:\windows\system32\drivers\pctplsg.sys
2012-03-31 21:13:36 -------- d-----w- c:\program files\PC Tools
2012-03-31 20:59:13 909728 ----a-w- c:\windows\system32\drivers\pctEFA.sys
2012-03-31 20:59:13 342168 ----a-w- c:\windows\system32\drivers\pctDS.sys
2012-03-31 20:59:10 331880 ----a-w- c:\windows\system32\drivers\PCTCore.sys
2012-03-31 20:59:10 162584 ----a-w- c:\windows\system32\drivers\PCTAppEvent.sys
2012-03-31 20:59:08 185560 ----a-w- c:\windows\system32\drivers\PCTSD.sys
2012-03-31 20:59:03 -------- d-----w- c:\program files\common files\PC Tools
2012-03-31 20:57:59 -------- d-----w- c:\programdata\PC Tools
2012-03-31 20:57:57 -------- d-----w- c:\users\mjadmin2.corp\appdata\roaming\TestApp
2012-03-31 20:47:00 -------- d-----w- c:\users\mjadmin2.corp\appdata\roaming\Panda Security
2012-03-31 20:46:38 -------- d-----w- c:\program files\Toolbar Cleaner
2012-03-31 20:46:34 -------- d-----w- c:\users\mjadmin2.corp\appdata\local\panda2_0dn
2012-03-31 20:46:32 -------- d-----w- c:\programdata\Panda Security URL Filtering
2012-03-31 20:45:40 -------- d-----w- c:\programdata\Panda Security
2012-03-31 20:45:40 -------- d-----w- c:\program files\Panda Security
2012-03-31 20:45:16 -------- d-----w- C:\temp
2012-03-31 16:54:46 418464 ----a-w- c:\windows\system32\FlashPlayerApp.exe
2012-03-31 16:24:18 -------- d-----w- c:\users\mjadmin2.corp\appdata\roaming\Malwarebytes
2012-03-31 16:24:10 -------- d-----w- c:\programdata\Malwarebytes
2012-03-31 16:24:09 20464 ----a-w- c:\windows\system32\drivers\mbam.sys
2012-03-31 16:24:09 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2012-03-29 13:25:45 22872 ----a-r- c:\windows\system32\AdobePDFUI.dll
2012-03-22 19:12:12 4435968 ----a-w- c:\windows\system32\GPhotos.scr
2012-03-14 23:34:15 3968368 ----a-w- c:\windows\system32\ntkrnlpa.exe
2012-03-14 23:34:15 3913584 ----a-w- c:\windows\system32\ntoskrnl.exe
2012-03-14 13:39:16 2343424 ----a-w- c:\windows\system32\win32k.sys
2012-03-14 13:39:16 1077248 ----a-w- c:\windows\system32\DWrite.dll
2012-03-14 13:38:01 8192 ----a-w- c:\windows\system32\rdrmemptylst.exe
2012-03-14 13:38:01 58880 ----a-w- c:\windows\system32\rdpwsx.dll
2012-03-14 13:38:01 129536 ----a-w- c:\windows\system32\rdpcorekmts.dll
2012-03-14 13:38:00 919040 ----a-w- c:\windows\system32\rdpcorets.dll
2012-03-14 13:38:00 826880 ----a-w- c:\windows\system32\rdpcore.dll
2012-03-14 13:37:59 24576 ----a-w- c:\windows\system32\drivers\tdtcp.sys
2012-03-14 13:37:58 183808 ----a-w- c:\windows\system32\drivers\rdpwd.sys
.
==================== Find3M ====================
.
2012-04-09 18:32:00 848 --sha-w- c:\programdata\KGyGaAvL.sys
2012-03-31 23:00:54 567696 ----a-w- c:\windows\system32\deployJava1.dll
2012-03-31 16:54:46 70304 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2012-01-31 12:44:05 237072 ------w- c:\windows\system32\MpSigStub.exe
.
============= FINISH: 13:38:27.44 ===============


.
UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
IF REQUESTED, ZIP IT UP & ATTACH IT
.
DDS (Ver_2011-08-26.01)
.
Microsoft Windows 7 Ultimate
Boot Device: \Device\HarddiskVolume2
Install Date: 01/13/11 1:45:24 PM
System Uptime: 04/06/12 1:10:27 PM (72 hours ago)
.
Motherboard: Dell Inc. | | 09KPNV
Processor: Intel® Xeon® CPU E5507 @ 2.27GHz | CPU | 2266/4800mhz
.
==== Disk Partitions =========================
.
C: is FIXED (NTFS) - 232 GiB total, 148.393 GiB free.
D: is CDROM ()
E: is Removable
S: is NetworkDisk (NTFS) - 423 GiB total, 224.393 GiB free.
T: is NetworkDisk (NTFS) - 423 GiB total, 224.393 GiB free.
U: is NetworkDisk (NTFS) - 423 GiB total, 224.393 GiB free.
Z: is NetworkDisk (NTFS) - 423 GiB total, 224.393 GiB free.
.
==== Disabled Device Manager Items =============
.
Class GUID: {8ECC055D-047F-11D1-A537-0000F8753ED1}
Description: tmcomm
Device ID: ROOT\LEGACY_TMCOMM\0000
Manufacturer:
Name: tmcomm
PNP Device ID: ROOT\LEGACY_TMCOMM\0000
Service: tmcomm
.
Class GUID: {8ECC055D-047F-11D1-A537-0000F8753ED1}
Description: Trend Micro PreFilter
Device ID: ROOT\LEGACY_TMPREFILTER\0000
Manufacturer:
Name: Trend Micro PreFilter
PNP Device ID: ROOT\LEGACY_TMPREFILTER\0000
Service: TmPreFilter
.
Class GUID: {8ECC055D-047F-11D1-A537-0000F8753ED1}
Description: Trend Micro VSAPI NT
Device ID: ROOT\LEGACY_VSAPINT\0000
Manufacturer:
Name: Trend Micro VSAPI NT
PNP Device ID: ROOT\LEGACY_VSAPINT\0000
Service: VSApiNt
.
==== System Restore Points ===================
.
RP333: 03/25/12 9:26:33 AM - Windows Update
RP334: 03/29/12 8:20:49 AM - Installed Peachtree Payroll Solutions Update
RP335: 03/29/12 8:21:01 AM - Removed Propalms Connection Manager
RP336: 03/29/12 8:26:50 AM - Windows Update
RP337: 03/31/12 5:55:07 PM - Installed Java™ 6 Update 31
RP338: 03/31/12 6:00:40 PM - Installed Java™ 7 Update 3
RP339: 03/31/12 6:04:54 PM - Removed Java™ 6 Update 31
RP340: 04/01/12 8:36:08 AM - Windows Update
RP341: 04/05/12 8:31:18 AM - Windows Update
RP342: 04/08/12 8:55:56 AM - Windows Update
.
==== Installed Programs ======================
.
2000 Lacerte Tax
2001 Lacerte Tax
2002 Lacerte Tax
2003 Lacerte Tax
2004 Lacerte Tax
2006 Lacerte Tax
2007 Lacerte Tax
2008 Lacerte Tax
2009 Lacerte Tax
2009 SFS W2/1099 Printer
2010 Lacerte Tax
2010 Mutual Fund Tax Guide
2011 Lacerte Tax
2011 Mutual Fund Tax Guide
ACT! by Sage 2010
Adobe Acrobat 9 Standard - English, Français, Deutsch
Adobe Acrobat 9.5.0 - CPSID_83708
Adobe AIR
Adobe Flash Player 11 ActiveX
Adobe Reader X (10.1.2)
AI RoboForm (All Users)
ATI Catalyst Control Center
ATX Kleinrock 2006 Tax Products (Remove Only)
ATX Kleinrock 2007 Tax Products (Remove Only)
BioAPI Framework
Broadcom NetXtreme-I Netlink Driver and Management Installer
Browser Defender 4.0
Catalyst Control Center - Branding
Catalyst Control Center Core Implementation
Catalyst Control Center Graphics Full Existing
Catalyst Control Center Graphics Full New
Catalyst Control Center Graphics Light
Catalyst Control Center Graphics Previews Common
Catalyst Control Center Graphics Previews Vista
Catalyst Control Center InstallProxy
Catalyst Control Center Localization All
ccc-core-static
ccc-utility
CCC Help Chinese Standard
CCC Help Chinese Traditional
CCC Help Czech
CCC Help Danish
CCC Help Dutch
CCC Help English
CCC Help Finnish
CCC Help French
CCC Help German
CCC Help Greek
CCC Help Hungarian
CCC Help Italian
CCC Help Japanese
CCC Help Korean
CCC Help Norwegian
CCC Help Polish
CCC Help Portuguese
CCC Help Russian
CCC Help Spanish
CCC Help Swedish
CCC Help Thai
CCC Help Turkish
CCH Small Firm Services (xulRunner)
CCH Small Firm Services 2008 (Remove Only)
CCH Small Firm Services 2009 (Remove Only)
CCH Small Firm Services 2010 (Remove Only)
CCH Small Firm Services 2011 (Remove Only)
Crystal Reports 2008 Runtime SP1
Crystal Reports 2008 SP1
CyberLink PowerDVD 9.5
D3DX10
Definition Update for Microsoft Office 2010 (KB982726) 32-Bit Edition
Dell Control Point
Dell ControlPoint Security Manager
Dell Edoc Viewer
Dell Embassy Trust Suite by Wave Systems
Dell Security Device Driver Pack
Dell System Manager
DirectX 9 Runtime
Document eSort Components
Document Manager Lite
Dropbox
DYMO Label v.8
DYMO LabelWriter Drivers
EFTPS Batch Provider Client
EMBASSY Security Center
EMBASSY Security Setup
ESC Home Page Plugin
FAS for Peachtree
Gemalto
Google Chrome
Intel® Matrix Storage Manager
Intuit Runtime Components 6.0.16
Java Auto Updater
Java™ 7 Update 3
Junk Mail filter update
Kleinrock Tax Products (Remove Only)
Lacerte DMS
Lacerte Runtime Components
Lacerte Tax Planner
Malwarebytes Anti-Malware version 1.60.1.1000
Mesh Runtime
Messenger Companion
MFCLOC
Microsoft .NET Framework 1.1
Microsoft .NET Framework 4 Client Profile
Microsoft .NET Framework 4 Extended
Microsoft Antimalware
Microsoft Application Error Reporting
Microsoft Office 2010 Service Pack 1 (SP1)
Microsoft Office Access MUI (English) 2010
Microsoft Office Access Setup Metadata MUI (English) 2010
Microsoft Office Excel MUI (English) 2010
Microsoft Office Home and Business 2010
Microsoft Office OneNote MUI (English) 2010
Microsoft Office Outlook MUI (English) 2010
Microsoft Office PowerPoint MUI (English) 2010
Microsoft Office Proof (English) 2010
Microsoft Office Proof (French) 2010
Microsoft Office Proof (Spanish) 2010
Microsoft Office Proofing (English) 2010
Microsoft Office Publisher MUI (English) 2010
Microsoft Office Shared MUI (English) 2010
Microsoft Office Shared Setup Metadata MUI (English) 2010
Microsoft Office Single Image 2010
Microsoft Office Word MUI (English) 2010
Microsoft Security Client
Microsoft Security Essentials
Microsoft Silverlight
Microsoft SQL Server 2005
Microsoft SQL Server 2005 Compact Edition [ENU]
Microsoft SQL Server 2005 Express Edition (ACT7)
Microsoft SQL Server Desktop Engine (LACERTEDB)
Microsoft SQL Server Native Client
Microsoft SQL Server Setup Support Files (English)
Microsoft SQL Server VSS Writer
Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
Microsoft Visual C++ 2005 Redistributable
Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148
Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570
Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
Microsoft WSE 3.0 Runtime
Mozilla Firefox 6.0 (x86 en-US)
MSVCRT
MSXML 4.0 SP2 (KB954430)
MSXML 4.0 SP2 (KB973688)
MSXML 4.0 SP2 Parser and SDK
MultiMon TaskBar 2.1
NTRU TCG Software Stack
Panda Cloud Antivirus
Panda Security Toolbar
Panda Security URL Filtering
PC Tools Spyware Doctor 9.0
Peachtree Accounting 2008
Peachtree Accounting 2009
Peachtree Accounting 2011
Peachtree Accounting 2012
Peachtree Complete Accounting
Peachtree Premium Accounting 2006 - Accountants' Edition
Peachtree Quantum 2008 - Accountants' Edition
Peachtree Quantum 2009 - Accountants' Edition
Peachtree Signature Ready Forms
Pervasive PSQL v10 SP2 Workgroup (32-bit)
Pervasive Software PSQL v9.1 Client
Pervasive System Analyzer v9.1
PhotoShowExpress
Picasa 3
Preboot Manager
Private Information Manager
QuickBooks Premier Edition 2004
Roxio Activation Module
Roxio BackOnTrack
Roxio Burn
Roxio Creator Starter
Roxio Express Labeler 3
Roxio File Backup
Sage Message Center
Sage Software Integration Services
Scanner Utility for Microsoft Windows
Security Update for Microsoft .NET Framework 4 Client Profile (KB2446708)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2478663)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2518870)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2539636)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2572078)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2633870)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2656351)
Security Update for Microsoft .NET Framework 4 Extended (KB2487367)
Security Update for Microsoft .NET Framework 4 Extended (KB2656351)
Security Update for Microsoft Office 2010 (KB2553091)
Security Update for Microsoft Office 2010 (KB2553096)
Security Update for Microsoft Office 2010 (KB2589320) 32-Bit Edition
Security Update for Microsoft PowerPoint 2010 (KB2553185) 32-Bit Edition
Security Update for Microsoft Visio Viewer 2010 (KB2597170) 32-Bit Edition
Security Wizards
Skins
Skype™ 5.5
Software Operation Panel
Sonic CinePlayer Decoder Pack
StreetSmart Edge
SupportSoft Assisted Service
Toolbar Cleaner 1.0
Trusted Drive Manager
Update for Microsoft .NET Framework 4 Client Profile (KB2468871)
Update for Microsoft .NET Framework 4 Client Profile (KB2533523)
Update for Microsoft .NET Framework 4 Client Profile (KB2600217)
Update for Microsoft .NET Framework 4 Extended (KB2468871)
Update for Microsoft .NET Framework 4 Extended (KB2533523)
Update for Microsoft .NET Framework 4 Extended (KB2600217)
Update for Microsoft Excel 2010 (KB2553439) 32-Bit Edition
Update for Microsoft Office 2010 (KB2494150)
Update for Microsoft Office 2010 (KB2553065)
Update for Microsoft Office 2010 (KB2553181) 32-Bit Edition
Update for Microsoft Office 2010 (KB2553270) 32-Bit Edition
Update for Microsoft Office 2010 (KB2553310) 32-Bit Edition
Update for Microsoft Office 2010 (KB2553385) 32-Bit Edition
Update for Microsoft Office 2010 (KB2566458)
Update for Microsoft Office 2010 (KB2596964) 32-Bit Edition
Update for Microsoft Office 2010 (KB2597091) 32-Bit Edition
Update for Microsoft OneNote 2010 (KB2553290) 32-Bit Edition
Update for Microsoft Outlook 2010 (KB2553323) 32-Bit Edition
Update for Microsoft Outlook Social Connector (KB2583935)
UPEK TouchChip Fingerprint Reader
Visual Studio Tools for the Office system 3.0 Runtime
Visual Studio Tools for the Office system 3.0 Runtime Service Pack 1 (KB949258)
Wave Infrastructure Installer
Wave Support Software
Windows Driver Package - Dell Inc. PBADRV System (09/11/2009 1.0.1.6)
Windows Live Communications Platform
Windows Live Essentials
Windows Live ID Sign-in Assistant
Windows Live Installer
Windows Live Mail
Windows Live Mesh
Windows Live Mesh ActiveX Control for Remote Connections
Windows Live Messenger
Windows Live Messenger Companion Core
Windows Live MIME IFilter
Windows Live Movie Maker
Windows Live Photo Common
Windows Live Photo Gallery
Windows Live PIMT Platform
Windows Live Remote Client
Windows Live Remote Client Resources
Windows Live Remote Service
Windows Live Remote Service Resources
Windows Live SOXE
Windows Live SOXE Definitions
Windows Live UX Platform
Windows Live UX Platform Language Pack
Windows Live Writer
Windows Live Writer Resources
.
==== Event Viewer Messages From Past Week ========
.
04/09/12 8:16:48 AM, Error: Microsoft-Windows-DistributedCOM [10016] - The application-specific permission settings do not grant Local Activation permission for the COM Server application with CLSID {F706B4B5-72BC-49D5-967C-05194FA83446} and APPID {F706B4B5-72BC-49D5-967C-05194FA83446} to the user CORP\mj6 SID (S-1-5-21-3110335400-1483347335-1036199953-1144) from address LocalHost (Using LRPC). This security permission can be modified using the Component Services administrative tool.
04/09/12 8:15:59 AM, Error: Microsoft-Windows-GroupPolicy [1058] - The processing of Group Policy failed. Windows attempted to read the file \\CORP.NTATAX.COM\sysvol\CORP.NTATAX.COM\Policies\{31B2F340-016D-11D2-945F-00C04FB984F9}\gpt.ini from a domain controller and was not successful. Group Policy settings may not be applied until this event is resolved. This issue may be transient and could be caused by one or more of the following: a) Name Resolution/Network Connectivity to the current domain controller. B) File Replication Service Latency (a file created on another domain controller has not replicated to the current domain controller). c) The Distributed File System (DFS) client has been disabled.
04/09/12 1:29:47 PM, Error: atikmdag [43029] - Display is not active
04/08/12 7:55:31 AM, Error: Microsoft-Windows-GroupPolicy [1129] - The processing of Group Policy failed because of lack of network connectivity to a domain controller. This may be a transient condition. A success message would be generated once the machine gets connected to the domain controller and Group Policy has succesfully processed. If you do not see a success message for several hours, then contact your administrator.
04/06/12 1:11:03 PM, Error: Service Control Manager [7000] - The Trend Micro Client/Server Security Agent service failed to start due to the following error: The system cannot find the file specified.
04/06/12 1:11:03 PM, Error: Service Control Manager [7000] - The Trend Micro Client/Server Security Agent Listener service failed to start due to the following error: The system cannot find the file specified.
04/06/12 1:10:57 PM, Error: Service Control Manager [7000] - The Trend Micro Client/Server Security Agent RealTime Scan service failed to start due to the following error: The system cannot find the file specified.
04/06/12 1:10:53 PM, Error: Service Control Manager [7001] - The NTRU TSS v1.2.1.29 TCS service depends on the TPM Base Services service which failed to start because of the following error: The operation completed successfully.
04/06/12 1:10:53 PM, Error: Service Control Manager [7000] - The tmcomm service failed to start due to the following error: The revision level is unknown.
04/06/12 1:10:52 PM, Error: Service Control Manager [7001] - The Trend Micro Filter service depends on the Trend Micro PreFilter service which failed to start because of the following error: The system cannot find the file specified.
04/06/12 1:10:52 PM, Error: Service Control Manager [7000] - The Trend Micro VSAPI NT service failed to start due to the following error: The system cannot find the file specified.
04/06/12 1:10:52 PM, Error: Service Control Manager [7000] - The Trend Micro PreFilter service failed to start due to the following error: The system cannot find the file specified.
04/06/12 1:10:45 PM, Error: atikmdag [52236] - CPLIB :: General - Invalid Parameter
04/05/12 4:47:32 PM, Error: Disk [11] - The driver detected a controller error on \Device\Harddisk1\DR3.
04/05/12 4:00:00 PM, Error: Disk [11] - The driver detected a controller error on \Device\Harddisk1\DR2.
04/05/12 11:27:38 AM, Error: Disk [11] - The driver detected a controller error on \Device\Harddisk1\DR1.
04/05/12 1:51:46 PM, Error: Microsoft-Windows-GroupPolicy [1054] - The processing of Group Policy failed. Windows could not obtain the name of a domain controller. This could be caused by a name resolution failure. Verify your Domain Name System (DNS) is configured and working correctly.
04/05/12 1:46:17 PM, Error: NETLOGON [5719] - This computer was not able to set up a secure session with a domain controller in domain CORP due to the following: There are currently no logon servers available to service the logon request. This may lead to authentication problems. Make sure that this computer is connected to the network. If the problem persists, please contact your domain administrator. ADDITIONAL INFO If this computer is a domain controller for the specified domain, it sets up the secure session to the primary domain controller emulator in the specified domain. Otherwise, this computer sets up the secure session to any domain controller in the specified domain.
04/04/12 9:10:36 AM, Error: Schannel [36888] - The following fatal alert was generated: 40. The internal error state is 107.
04/04/12 9:10:36 AM, Error: Schannel [36874] - An SSL 3.0 connection request was received from a remote client application, but none of the cipher suites supported by the client application are supported by the server. The SSL connection request has failed.
04/04/12 8:21:31 AM, Error: Microsoft-Windows-GroupPolicy [1006] - The processing of Group Policy failed. Windows could not authenticate to the Active Directory service on a domain controller. (LDAP Bind function call failed). Look in the details tab for error code and description.
04/04/12 11:43:20 AM, Error: Microsoft-Windows-GroupPolicy [1053] - The processing of Group Policy failed. Windows could not resolve the user name. This could be caused by one of more of the following: a) Name Resolution failure on the current domain controller. B) Active Directory Replication Latency (an account created on another domain controller has not replicated to the current domain controller).
04/04/12 11:29:00 AM, Error: Service Control Manager [7031] - The RPC Endpoint Mapper service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 120000 milliseconds: Restart the service.
04/04/12 11:29:00 AM, Error: Service Control Manager [7031] - The Remote Procedure Call (RPC) service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 60000 milliseconds: Reboot the machine.
04/03/12 12:44:23 PM, Error: PCTCore [280] - The item store is corrupted: @5512.
.
==== End Of File ===========================

Microsoft Security Essentials on 4/2/12 removed a trojan Win32/Medfos.B and after that i havent had anymore google redirects. But then this morning it automatically removed an Exploit:Java/CVE-2012-0507.M

#7 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 135,634 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:11:44 PM

Posted 09 April 2012 - 04:26 PM

Hello

I Would like you to do the following.

Please print out or make a copy in notpad of any instructions given, as sometimes it is necessary to go offline and you will lose access to them.

Run Combofix:

You may be asked to install or update the Recovery Console (Win XP Only) if this happens please allow it to do so (you will need to be connected to the internet for this)

Before you run Combofix I will need you to turn off any security software you have running, If you do not know how to do this you can find out >here< or >here<

Combofix may need to reboot your computer more than once to do its job this is normal.

You can download Combofix from one of these links. I want you to save it to the desktop and run it from there.
Link 1
Link 2
Link 3
1. Close any open browsers or any other programs that are open.
2. Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.

Double click on combofix.exe & follow the prompts.
When finished, it will produce a report for you.

Note 1: Do not mouseclick combofix's window while it's running. That may cause it to stall

Note 2: If you recieve an error "Illegal operation attempted on a registery key that has been marked for deletion." Please restart the computer

"information and logs"

  • In your next post I need the following
  • Log from Combofix
  • let me know of any problems you may have had
  • How is the computer doing now?

Gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic


Please Only Copy And Paste Reports Into Topic - Do Not Attach

My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#8 mjtaxpro

mjtaxpro
  • Topic Starter

  • Members
  • 16 posts
  • OFFLINE
  •  
  • Local time:09:44 PM

Posted 10 April 2012 - 09:11 AM

ran combofix last night, took about 20-30 minutes. restarted a couple times afterwards and when i logged on this morning it still took about 5 minutes to login. Still no redirects when doing a google search, but its been that way for a few days now ever since microsoft security essentials removed the trojan. the internet seems to be running fine. heres the combofix log:

ComboFix 12-04-09.07 - mjadmin2 04/09/12 20:32:49.1.4 - x86
Running from: c:\users\mjadmin2.CORP\Desktop\ComboFix.exe
AV: Microsoft Security Essentials *Disabled/Updated* {108DAC43-C256-20B7-BB05-914135DA5160}
AV: Panda Cloud Antivirus *Disabled/Updated* {86971480-9989-6750-B122-681A86518D59}
SP: Microsoft Security Essentials *Disabled/Updated* {ABEC4DA7-E46C-2F39-81B5-AA334E5D1BDD}
SP: Panda Cloud Antivirus *Disabled/Updated* {3DF6F564-BFB3-68DE-8B92-5368FDD6C7E4}
SP: PC Tools Spyware Doctor *Disabled/Updated* {94076BB2-F3DA-227F-9A1E-F060FF73600F}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\users\mj4\~Outlook.pst.tmp
c:\users\mj4\~Outlook1.pst.tmp
c:\users\mj5\~Outlook1.pst.tmp
c:\users\mj6\AppData\Local\assembly\tmp
c:\users\mj6\AppData\Local\Microsoft\Windows\Temporary Internet Files\{51C4A31A-967E-4946-957E-65FF8BCC7DE5}.xps
c:\users\mj6\g2mdlhlpx.exe
c:\users\mjadmin2.CORP\AppData\Local\assembly\tmp
c:\users\mjadmin2.CORP\AppData\Local\Lexar Media\LxrAutorun.exe
c:\users\msadmin2\Desktop\Internet Explorer.lnk
c:\windows\dasetup.log
c:\windows\system32\rnaph.dll
.
.
((((((((((((((((((((((((( Files Created from 2012-03-10 to 2012-04-10 )))))))))))))))))))))))))))))))
.
.
2012-04-10 01:49 . 2012-04-10 01:49 -------- d-----w- c:\users\MJADMI~1~COR\AppData\Local\temp
2012-04-10 01:49 . 2012-04-10 01:49 -------- d-----w- c:\users\mj6\AppData\Local\temp
2012-04-10 01:49 . 2012-04-10 01:57 -------- d-----w- c:\users\mjadmin2.CORP\AppData\Local\temp
2012-04-10 01:49 . 2012-04-10 01:49 -------- d-----w- c:\users\Default\AppData\Local\temp
2012-04-10 01:49 . 2012-04-10 01:49 -------- d-----w- c:\users\msadmin2\AppData\Local\temp
2012-04-10 01:49 . 2012-04-10 01:49 -------- d-----w- c:\users\mjadmin2\AppData\Local\temp
2012-04-10 01:49 . 2012-04-10 01:49 -------- d-----w- c:\users\mj5\AppData\Local\temp
2012-04-10 01:49 . 2012-04-10 01:49 -------- d-----w- c:\users\mj4\AppData\Local\temp
2012-04-09 16:30 . 2012-04-09 16:30 -------- d-----w- c:\users\mj6\AppData\Roaming\Panda Security
2012-04-09 14:47 . 2012-03-14 02:15 6582328 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{5ECE021C-C56B-4FEB-A2B8-1181A292CC9B}\mpengine.dll
2012-03-31 23:12 . 2012-03-31 23:12 -------- d-----w- c:\programdata\HitmanPro
2012-03-31 23:01 . 2012-03-31 23:01 -------- d-----w- c:\program files\Common Files\Java
2012-03-31 23:01 . 2012-03-31 23:00 637848 ----a-w- c:\windows\system32\npdeployJava1.dll
2012-03-31 22:56 . 2012-03-31 23:05 -------- d-----w- c:\program files\Java
2012-03-31 21:16 . 2011-09-28 18:14 56840 ----a-w- c:\windows\system32\drivers\PCTBD.sys
2012-03-31 21:16 . 2012-02-17 20:08 767952 ----a-w- c:\windows\BDTSupport.dll
2012-03-31 21:16 . 2012-02-17 20:08 149456 ----a-w- c:\windows\SGDetectionTool.dll
2012-03-31 20:57 . 2012-03-31 21:14 -------- d-----w- c:\programdata\PC Tools
2012-03-31 20:57 . 2012-03-31 20:57 -------- d-----w- c:\users\mjadmin2.CORP\AppData\Roaming\TestApp
2012-03-31 20:53 . 2012-03-31 20:53 -------- d-----w- c:\users\mj6\AppData\Local\panda2_0dn
2012-03-31 20:47 . 2012-03-31 20:47 -------- d-----w- c:\users\mjadmin2.CORP\AppData\Roaming\Panda Security
2012-03-31 20:46 . 2012-03-31 20:46 -------- d-----w- c:\program files\Toolbar Cleaner
2012-03-31 20:46 . 2012-03-31 20:46 -------- d-----w- c:\users\mjadmin2.CORP\AppData\Local\panda2_0dn
2012-03-31 20:46 . 2012-04-10 01:55 -------- d-----w- c:\programdata\Panda Security URL Filtering
2012-03-31 20:46 . 2012-03-31 20:46 -------- d-----w- c:\users\RP
2012-03-31 20:45 . 2012-03-31 20:46 -------- d-----w- c:\program files\Panda Security
2012-03-31 20:45 . 2012-03-31 20:45 -------- d-----w- c:\programdata\Panda Security
2012-03-31 20:45 . 2012-03-31 20:45 -------- d-----w- C:\temp
2012-03-31 18:41 . 2012-03-31 18:41 -------- d-----w- c:\users\mj6\AppData\Roaming\Malwarebytes
2012-03-31 16:54 . 2012-03-31 16:54 418464 ----a-w- c:\windows\system32\FlashPlayerApp.exe
2012-03-31 16:24 . 2012-03-31 16:24 -------- d-----w- c:\users\mjadmin2.CORP\AppData\Roaming\Malwarebytes
2012-03-31 16:24 . 2012-03-31 16:24 -------- d-----w- c:\programdata\Malwarebytes
2012-03-31 16:24 . 2012-03-31 16:24 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2012-03-31 16:24 . 2011-12-10 20:24 20464 ----a-w- c:\windows\system32\drivers\mbam.sys
2012-03-30 20:34 . 2012-03-30 20:34 -------- d-----w- c:\users\mj6\AppData\Local\{0E075A5F-7AA8-11E1-826D-B8AC6F996F26}
2012-03-29 13:25 . 2009-08-20 05:50 22872 ----a-r- c:\windows\system32\AdobePDFUI.dll
2012-03-22 19:12 . 2012-03-22 19:12 4435968 ----a-w- c:\windows\system32\GPhotos.scr
2012-03-14 23:34 . 2011-11-19 14:50 3968368 ----a-w- c:\windows\system32\ntkrnlpa.exe
2012-03-14 23:34 . 2011-11-19 14:50 3913584 ----a-w- c:\windows\system32\ntoskrnl.exe
2012-03-14 13:39 . 2012-02-10 05:38 1077248 ----a-w- c:\windows\system32\DWrite.dll
2012-03-14 13:39 . 2012-02-03 03:54 2343424 ----a-w- c:\windows\system32\win32k.sys
2012-03-14 13:38 . 2012-01-25 05:32 58880 ----a-w- c:\windows\system32\rdpwsx.dll
2012-03-14 13:38 . 2012-01-25 05:32 129536 ----a-w- c:\windows\system32\rdpcorekmts.dll
2012-03-14 13:38 . 2012-01-25 05:27 8192 ----a-w- c:\windows\system32\rdrmemptylst.exe
2012-03-14 13:38 . 2012-02-17 05:34 919040 ----a-w- c:\windows\system32\rdpcorets.dll
2012-03-14 13:38 . 2012-02-17 05:34 826880 ----a-w- c:\windows\system32\rdpcore.dll
2012-03-14 13:37 . 2012-02-17 04:13 24576 ----a-w- c:\windows\system32\drivers\tdtcp.sys
2012-03-14 13:37 . 2012-02-17 04:14 183808 ----a-w- c:\windows\system32\drivers\rdpwd.sys
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-04-10 01:56 . 2011-01-14 14:10 848 --sha-w- c:\programdata\KGyGaAvL.sys
2012-04-10 01:55 . 2011-01-13 20:43 0 ----a-w- c:\users\mjadmin2.CORP\AppData\Local\WavXMapDrive.bat
2012-04-09 13:16 . 2011-01-14 19:03 0 ----a-w- c:\users\mj6\AppData\Local\WavXMapDrive.bat
2012-03-31 23:00 . 2011-01-06 09:35 567696 ----a-w- c:\windows\system32\deployJava1.dll
2012-03-31 16:54 . 2011-06-04 11:00 70304 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2012-03-14 02:15 . 2011-01-26 09:11 6582328 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\Backup\mpengine.dll
2012-02-10 15:16 . 2012-02-10 15:16 713784 ------w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{06A65476-FC11-4027-9CA3-AE07A1D58CF7}\gapaengine.dll
2012-01-31 12:44 . 2011-01-13 20:05 237072 ------w- c:\windows\system32\MpSigStub.exe
2011-08-12 05:57 . 2011-08-30 17:33 134104 ----a-w- c:\program files\mozilla firefox\components\browsercomps.dll
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{B821BF60-5C2D-41EB-92DC-3E4CCD3A22E4}]
2012-01-31 20:59 86696 ----a-w- c:\program files\Panda Security\Panda Security Toolbar\PandaSecurityDx.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
"{B821BF60-5C2D-41EB-92DC-3E4CCD3A22E4}"= "c:\program files\Panda Security\Panda Security Toolbar\PandaSecurityDx.dll" [2012-01-31 86696]
.
[HKEY_CLASSES_ROOT\clsid\{b821bf60-5c2d-41eb-92dc-3e4ccd3a22e4}]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt1]
@="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}]
2011-02-18 05:12 94208 ----a-w- c:\users\mjadmin2.CORP\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt2]
@="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}]
2011-02-18 05:12 94208 ----a-w- c:\users\mjadmin2.CORP\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt3]
@="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}]
2011-02-18 05:12 94208 ----a-w- c:\users\mjadmin2.CORP\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt4]
@="{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}]
2011-02-18 05:12 94208 ----a-w- c:\users\mjadmin2.CORP\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\EnabledUnlockedFDEIconOverlay]
@="{30D3C2AF-9709-4D05-9CF4-13335F3C1E4A}"
[HKEY_CLASSES_ROOT\CLSID\{30D3C2AF-9709-4D05-9CF4-13335F3C1E4A}]
2010-03-29 18:45 62832 ----a-w- c:\program files\Wave Systems Corp\Trusted Drive Manager\TdmIconOverlay.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\UninitializedFdeIconOverlay]
@="{CF08DA3E-C97D-4891-A66B-E39B28DD270F}"
[HKEY_CLASSES_ROOT\CLSID\{CF08DA3E-C97D-4891-A66B-E39B28DD270F}]
2010-03-29 18:45 62832 ----a-w- c:\program files\Wave Systems Corp\Trusted Drive Manager\TdmIconOverlay.dll
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2010-11-20 1174016]
"RoboForm"="c:\program files\Siber Systems\AI RoboForm\RoboTaskBarIcon.exe" [2011-01-13 160592]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SoundMAXPnP"="c:\program files\Analog Devices\Core\smax4pnp.exe" [2009-04-23 1314816]
"IAAnotif"="c:\program files\Intel\Intel Matrix Storage Manager\iaanotif.exe" [2009-08-07 186904]
"StartCCC"="c:\program files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2009-07-10 98304]
"WavXMgr"="c:\program files\Wave Systems Corp\Services Manager\Docmgr\bin\WavXDocMgr.exe" [2010-07-21 147840]
"USCService"="c:\program files\Dell\Dell ControlPoint\Security Manager\BcmDeviceAndTaskStatusService.exe" [2010-06-22 34232]
"Adobe Acrobat Speed Launcher"="c:\program files\Adobe\Acrobat 9.0\Acrobat\Acrobat_sl.exe" [2012-01-04 40376]
"Acrobat Assistant 8.0"="c:\program files\Adobe\Acrobat 9.0\Acrobat\Acrotray.exe" [2012-01-03 640440]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2012-01-03 843712]
"RemoteControl9"="c:\program files\CyberLink\PowerDVD9\PDVD9Serv.exe" [2009-07-06 87336]
"PDVD9LanguageShortcut"="c:\program files\CyberLink\PowerDVD9\Language\Language.exe" [2010-04-29 50472]
"RoxWatchTray"="c:\program files\Common Files\Roxio Shared\OEM\12.0\SharedCOM\RoxWatchTray12OEM.exe" [2010-09-04 240112]
"Desktop Disc Tool"="c:\program files\Roxio\OEM\Roxio Burn\RoxioBurnLauncher.exe" [2010-09-03 518640]
"PeachtreePrefetcher.exe"="c:\paw2012\PeachtreePrefetcher.exe" [2011-12-27 30024]
"Act.Outlook.Service"="c:\program files\ACT\Act for Windows\Act.Outlook.Service.exe" [2009-08-24 28672]
"Act! Preloader"="c:\program files\ACT\Act for Windows\ActSage.exe" [2009-08-24 331776]
"FtLnSOP_setup"="c:\windows\Twain_32\Fjscan32\SOP\FtLnSOP.exe" [2007-09-28 118784]
"FJTWAIN Setup"="c:\windows\Twain_32\fjscan32\FjtwMkup.exe" [2007-12-14 131072]
"MSC"="c:\program files\Microsoft Security Client\msseces.exe" [2011-06-15 997920]
"Malwarebytes' Anti-Malware"="c:\program files\Malwarebytes' Anti-Malware\mbamgui.exe" [2012-01-13 460872]
"PSUNMain"="c:\program files\Panda Security\Panda Cloud Antivirus\PSUNMain.exe" [2011-04-28 439616]
"Panda Security URL Filtering"="c:\programdata\Panda Security URL Filtering\Panda_URL_Filtering.exe" [2012-03-19 217256]
.
c:\users\mj4\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
Check Factory.lnk - s:\paw2008\CFACTORY\LFEWIN2.EXE [2008-11-15 620839]
.
c:\users\msadmin2\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
Check Factory.lnk - s:\paw2008\CFACTORY\LFEWIN2.EXE [2008-11-15 620839]
.
c:\users\mjadmin2.CORP\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
Dropbox.lnk - c:\users\mjadmin2.CORP\AppData\Roaming\Dropbox\bin\Dropbox.exe [2012-2-14 24246216]
.
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
Dell System Manager.lnk - c:\program files\Dell\Dell System Manager\DCPSysMgr.exe [2010-8-24 1458032]
Error Recovery Guide.lnk - c:\windows\twain_32\Fjscan32\ERG\FTErGuid.exe [2011-1-14 270336]
MultiMon Taskbar.lnk - c:\program files\MMTaskbar\MultiMon.exe [2011-1-13 294912]
QuickBooks Update Agent.lnk - c:\program files\Common Files\intuit\QuickBooks\QBUpdate\qbupdate.exe [2007-9-11 972064]
Service Manager.norun [2011-1-13 2153]
TdmNotify.lnk - c:\program files\Wave Systems Corp\Trusted Drive Manager\TdmNotify.exe [2010-3-29 132456]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 0 (0x0)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableLUA"= 0 (0x0)
"EnableUIADesktopToggle"= 0 (0x0)
"PromptOnSecureDesktop"= 0 (0x0)
"EnableLinkedConnections"= 1 (0x1)
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
Security Packages REG_MULTI_SZ kerberos msv1_0 schannel wdigest tspkg pku2u livessp
Authentication Packages REG_MULTI_SZ msv1_0 wvauth
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MsMpSvc]
@="Service"
.
R2 ACT! Scheduler;ACT! Scheduler;c:\program files\ACT\Act for Windows\Act.Scheduler.exe [2009-08-24 81920]
R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]
R2 RoxWatch12;Roxio Hard Drive Watcher 12;c:\program files\Common Files\Roxio Shared\OEM\12.0\SharedCOM\RoxWatch12OEM.exe [2010-09-04 219632]
R2 svcGenericHost;Trend Micro Client/Server Security Agent;c:\program files\Trend Micro\Client Server Security Agent\HostedAgent\svcGenericHost.exe [x]
R2 TmFilter;Trend Micro Filter;c:\program files\Trend Micro\Client Server Security Agent\TmXPFlt.sys [x]
R2 TmPreFilter;Trend Micro PreFilter;c:\program files\Trend Micro\Client Server Security Agent\TmPreFlt.sys [x]
R3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service;c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2012-03-31 253600]
R3 MpNWMon;Microsoft Malware Protection Network Driver;c:\windows\system32\DRIVERS\MpNWMon.sys [2011-04-18 43392]
R3 MSSQL$LACERTEDB;MSSQL$LACERTEDB;c:\program files\Microsoft SQL Server\MSSQL$LACERTEDB\Binn\sqlservr.exe [2002-12-17 7520337]
R3 NisDrv;Microsoft Network Inspection System;c:\windows\system32\DRIVERS\NisDrvWFP.sys [2011-04-27 65024]
R3 NisSrv;Microsoft Network Inspection;c:\program files\Microsoft Security Client\Antimalware\NisSrv.exe [2011-04-27 208944]
R3 osppsvc;Office Software Protection Platform;c:\program files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE [2010-01-10 4640000]
R3 Peachtree SmartPosting 2009;Peachtree SmartPosting 2009;c:\paw2009\SmartPostingService2009.exe [2011-10-26 49152]
R3 Peachtree SmartPosting 2011;Peachtree SmartPosting 2011;c:\paw2011\SmartPostingService2011.exe [2011-10-25 43848]
R3 Peachtree SmartPosting 2012;Peachtree SmartPosting 2012;c:\paw2012\SmartPostingService2012.exe [2011-12-27 43848]
R3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;c:\windows\system32\drivers\rdpvideominiport.sys [2010-11-20 15872]
R3 RoxMediaDB12OEM;RoxMediaDB12OEM;c:\program files\Common Files\Roxio Shared\OEM\12.0\SharedCOM\RoxMediaDB12OEM.exe [2010-09-04 1116656]
R3 sdAuxService;PC Tools Auxiliary Service;c:\program files\PC Tools\PC Tools Security\pctsAuxs.exe [2012-02-24 402336]
R3 SQLAgent$LACERTEDB;SQLAgent$LACERTEDB;c:\program files\Microsoft SQL Server\MSSQL$LACERTEDB\Binn\sqlagent.EXE [2002-12-17 311872]
R3 Synth3dVsc;Synth3dVsc;c:\windows\system32\drivers\synth3dvsc.sys [x]
R3 TmPfw;Trend Micro Client/Server Security Agent Personal Firewall;c:\program files\Trend Micro\Client Server Security Agent\TmPfw.exe [x]
R3 TmProxy;Trend Micro Client/Server Security Agent Proxy Service;c:\program files\Trend Micro\Client Server Security Agent\TmProxy.exe [x]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [2010-11-20 52224]
R3 tsusbhub;tsusbhub;c:\windows\system32\drivers\tsusbhub.sys [x]
R3 VGPU;VGPU;c:\windows\system32\drivers\rdvgkmd.sys [x]
R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe [2011-01-13 1343400]
R4 wlcrasvc;Windows Live Mesh remote connections service;c:\program files\Windows Live\Mesh\wlcrasvc.exe [2010-09-22 51040]
S0 PCTCore;PCTools KDS;c:\windows\system32\drivers\PCTCore.sys [2011-11-14 331880]
S0 pctDS;PC Tools Data Store;c:\windows\system32\drivers\pctDS.sys [2011-12-01 342168]
S0 pctEFA;PC Tools Extended File Attributes;c:\windows\system32\drivers\pctEFA.sys [2011-12-01 909728]
S1 PCTSD;PC Tools Spyware Doctor Driver;c:\windows\system32\Drivers\PCTSD.sys [2012-02-24 185560]
S1 PSINKNC;PSINKNC;c:\windows\system32\DRIVERS\psinknc.sys [2011-11-23 126216]
S1 tmlwf;Trend Micro NDIS 6.0 Filter Driver;c:\windows\system32\DRIVERS\tmlwf.sys [2009-07-15 146448]
S2 AdobeARMservice;Adobe Acrobat Update Service;c:\program files\Common Files\Adobe\ARM\1.0\armsvc.exe [2012-01-03 63928]
S2 AMD External Events Utility;AMD External Events Utility;c:\windows\system32\atiesrxx.exe [2009-08-18 176128]
S2 Browser Defender Update Service;Browser Defender Update Service;c:\program files\PC Tools\PC Tools Security\BDT\BDTUpdateService.exe [2012-02-17 550864]
S2 dcpsysmgrsvc;Dell System Manager Service;c:\program files\Dell\Dell System Manager\DCPSysMgrSvc.exe [2010-08-24 388464]
S2 DymoPnpService;DYMO PnP Service;c:\program files\DYMO\DYMO Label Software\DymoPnpService.exe [2011-08-10 32336]
S2 FJTWMKSV;FJTWMKSV;c:\windows\twain_32\fjscan32\FJTWMKSV.exe [2007-03-08 45056]
S2 LxrSII1d;Secure II Driver;c:\windows\System32\Drivers\LxrSII1d.sys [2009-12-30 63448]
S2 MBAMService;MBAMService;c:\program files\Malwarebytes' Anti-Malware\mbamservice.exe [2012-01-13 652360]
S2 MSSQL$ACT7;SQL Server (ACT7);c:\program files\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe [2010-12-11 29293408]
S2 NanoServiceMain;Panda Cloud Antivirus Service;c:\program files\Panda Security\Panda Cloud Antivirus\PSANHost.exe [2011-04-28 140608]
S2 PSINAflt;PSINAflt;c:\windows\system32\DRIVERS\PSINAflt.sys [2012-01-05 144136]
S2 PSINFile;PSINFile;c:\windows\system32\DRIVERS\PSINFile.sys [2011-04-28 99400]
S2 PSINProc;PSINProc;c:\windows\system32\DRIVERS\PSINProc.sys [2011-04-28 111176]
S2 PSINProt;PSINProt;c:\windows\system32\DRIVERS\PSINProt.sys [2011-11-30 112904]
S2 psqlWGE;Pervasive PSQL Workgroup Engine;c:\program files\Pervasive Software\PSQL\bin\w3dbsmgr.exe [2010-04-10 435496]
S2 tmwfp;Trend Micro WFP Callout Driver;c:\windows\system32\DRIVERS\tmwfp.sys [2009-07-15 283152]
S3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [2011-12-10 20464]
S3 PCTBD;PC Tools Browser Defender Driver;c:\windows\system32\Drivers\PCTBD.sys [2011-09-28 56840]
.
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
HPZ12 REG_MULTI_SZ Pml Driver HPZ12 Net Driver HPZ12
.
Contents of the 'Scheduled Tasks' folder
.
2012-04-10 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2012-03-31 16:54]
.
2012-04-09 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3110335400-1483347335-1036199953-1113Core.job
- c:\users\mjadmin2.CORP\AppData\Local\Google\Update\GoogleUpdate.exe [2011-05-23 16:36]
.
2012-04-10 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3110335400-1483347335-1036199953-1113UA.job
- c:\users\mjadmin2.CORP\AppData\Local\Google\Update\GoogleUpdate.exe [2011-05-23 16:36]
.
2012-03-23 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3110335400-1483347335-1036199953-1144Core1cd08fc3dc77369.job
- c:\users\mj6\AppData\Local\Google\Update\GoogleUpdate.exe [2011-05-23 16:42]
.
.
------- Supplementary Scan -------
.
IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200
IE: Append Link Target to Existing PDF - c:\program files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
IE: Append to Existing PDF - c:\program files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppend.html
IE: Convert Link Target to Adobe PDF - c:\program files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
IE: Convert link target to existing PDF - c:\program files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
IE: Convert selected links to Adobe PDF - c:\program files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
IE: Convert selected links to existing PDF - c:\program files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
IE: Convert selection to Adobe PDF - c:\program files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
IE: Convert selection to existing PDF - c:\program files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
IE: Convert to Adobe PDF - c:\program files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIECapture.html
IE: Customize Menu - file://c:\program files\Siber Systems\AI RoboForm\RoboFormComCustomizeIEMenu.html
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\Office14\EXCEL.EXE/3000
IE: Fill Forms - file://c:\program files\Siber Systems\AI RoboForm\RoboFormComFillForms.html
IE: RoboForm Toolbar - file://c:\program files\Siber Systems\AI RoboForm\RoboFormComShowToolbar.html
IE: Save Forms - file://c:\program files\Siber Systems\AI RoboForm\RoboFormComSavePass.html
IE: Se&nd to OneNote - c:\progra~1\MICROS~2\Office14\ONBttnIE.dll/105
LSP: c:\program files\Common Files\PC Tools\Lsp\PCTLsp.dll
TCP: Interfaces\{64D18F0B-AF9E-4A1A-8115-23278DF2AA1B}: NameServer = 192.168.1.32,192.168.1.1
DPF: {D27CDB6A-AE6D-11CF-96B8-555664650000} - hxxp://www.in.com/pagenotfound.html
DPF: {E7DA7F8D-27AB-4EE9-8FC0-3FEC9ECFE758} - hxxps://access.wisconsin.gov/access/DynamicWebTWAIN.cab
FF - ProfilePath - c:\users\mjadmin2.CORP\AppData\Roaming\Mozilla\Firefox\Profiles\106lcypn.default\
FF - prefs.js: browser.search.selectedEngine - Panda Safe Search
FF - prefs.js: browser.startup.homepage - hxxp://www.mystart.com/?pr=vmn&rlz=1V1IPYX&id=pandasecuritytb&v=3_0
FF - prefs.js: network.proxy.type - 0
.
- - - - ORPHANS REMOVED - - - -
.
Toolbar-Locked - (no file)
HKCU-Run-LxrAutorun - c:\users\mjadmin2.CORP\AppData\Local\Lexar Media\LxrAutorun.exe
HKLM-Run-ATIModeChange - Ati2mdxx.exe
HKLM-Run-OfficeScanNT Monitor - c:\program files\Trend Micro\Client Server Security Agent\pccntmon.exe
HKLM-Run-DLSService - c:\program files\DYMO\DYMO Label Software\DLSService.exe
.
.
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
--------------------- DLLs Loaded Under Running Processes ---------------------
.
- - - - - - - > 'lsass.exe'(828)
c:\windows\system32\wvauth.DLL
.
- - - - - - - > 'Explorer.exe'(5616)
c:\programdata\Panda Security URL Filtering\panda_url_filtering.dll
c:\users\mjadmin2.CORP\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll
c:\program files\Wave Systems Corp\Trusted Drive Manager\TdmIconOverlay.dll
.
------------------------ Other Running Processes ------------------------
.
c:\program files\Microsoft Security Client\Antimalware\MsMpEng.exe
c:\windows\system32\atieclxx.exe
c:\program files\Wave Systems Corp\Trusted Drive Manager\TdmService.exe
c:\windows\system32\LxrSII1s.exe
c:\program files\Common Files\Protexis\License Service\PsiService_2.exe
c:\program files\Microsoft SQL Server\90\Shared\sqlbrowser.exe
c:\program files\Microsoft SQL Server\90\Shared\sqlwriter.exe
c:\program files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
c:\program files\Intel\Intel Matrix Storage Manager\IAANTMon.exe
c:\program files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
c:\windows\system32\wbem\unsecapp.exe
c:\windows\system32\WUDFHost.exe
c:\windows\system32\taskhost.exe
c:\windows\system32\conhost.exe
c:\program files\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
c:\program files\ATI Technologies\ATI.ACE\Core-Static\CCC.exe
c:\windows\system32\sppsvc.exe
.
**************************************************************************
.
Completion time: 2012-04-09 21:03:20 - machine was rebooted
ComboFix-quarantined-files.txt 2012-04-10 02:03
.
Pre-Run: 164,271,857,664 bytes free
Post-Run: 166,672,535,552 bytes free
.
- - End Of File - - 66A7BB5C527A04E4EE5C810209006B6B

#9 mjtaxpro

mjtaxpro
  • Topic Starter

  • Members
  • 16 posts
  • OFFLINE
  •  
  • Local time:09:44 PM

Posted 10 April 2012 - 04:17 PM

I tried opening Peachtree Accounting software today on my computer and i get an error that says it "could not be started because Microsoft.Net Framework 3.5 SP1 is missing or damaged. Would you like to view online instructions for installing .Net now?"

#10 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 135,634 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:11:44 PM

Posted 10 April 2012 - 06:22 PM

Greetings

I want you to run these next,

tdsskiller:

Please read carefully and follow these steps.
  • Download TDSSKiller and save it to your Desktop.
  • doubleclick on TDSSKiller.exe to run the application, then on Start Scan.
  • If an infected file is detected, the default action will be Cure, click on Continue.
  • If a suspicious file is detected, the default action will be Skip, click on Continue.
  • It may ask you to reboot the computer to complete the process. Click on Reboot Now.
  • If no reboot is require, click on Report. A log file should appear. Please copy and paste the contents of that file here.
  • If a reboot is required, the report can also be found in your root directory, (usually C:\ folder) in the form of "TDSSKiller.[Version]_[Date]_[Time]_log.txt". Please copy and paste the contents of that file here.

Please download aswMBR to your desktop.
  • Double click the aswMBR.exe icon to run it
  • it will ask to download extra definitions - ALLOW IT
  • Click the Scan button to start the scan
  • On completion of the scan, click the save log button, save it to your desktop and post it in your next reply.

If you have any problems running either one come back and let me know

please reply with the reports from TDSSKiller and aswMBR

Gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic


Please Only Copy And Paste Reports Into Topic - Do Not Attach

My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#11 mjtaxpro

mjtaxpro
  • Topic Starter

  • Members
  • 16 posts
  • OFFLINE
  •  
  • Local time:09:44 PM

Posted 10 April 2012 - 07:35 PM

When i try to open peachtree accounting software it gives me an error saying that it couldnt start because Microsoft.Net 3.5 Framework SP1 is missing or damaged. Its been that way since last night running combo fix and defogger.


18:39:14.0302 9432 TDSS rootkit removing tool 2.7.28.0 Apr 10 2012 16:54:05
18:39:14.0957 9432 ============================================================
18:39:14.0957 9432 Current date / time: 2012/04/10 18:39:14.0957
18:39:14.0957 9432 SystemInfo:
18:39:14.0957 9432
18:39:14.0957 9432 OS Version: 6.1.7601 ServicePack: 1.0
18:39:14.0957 9432 Product type: Workstation
18:39:14.0957 9432 ComputerName: JUNIOR5
18:39:14.0957 9432 UserName: mjadmin2
18:39:14.0957 9432 Windows directory: C:\Windows
18:39:14.0957 9432 System windows directory: C:\Windows
18:39:14.0957 9432 Processor architecture: Intel x86
18:39:14.0957 9432 Number of processors: 4
18:39:14.0957 9432 Page size: 0x1000
18:39:14.0957 9432 Boot type: Normal boot
18:39:14.0957 9432 ============================================================
18:39:16.0595 9432 Drive \Device\Harddisk0\DR0 - Size: 0x3A35294400 (232.83 Gb), SectorSize: 0x200, Cylinders: 0x76BA, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000050
18:39:16.0611 9432 Drive \Device\Harddisk1\DR1 - Size: 0x1DE000000 (7.47 Gb), SectorSize: 0x200, Cylinders: 0x3CE, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'W'
18:39:16.0611 9432 \Device\Harddisk0\DR0:
18:39:16.0611 9432 MBR used
18:39:16.0611 9432 \Device\Harddisk0\DR0\Partition0: MBR, Type 0x7, StartLBA 0x14000, BlocksNum 0x177000
18:39:16.0611 9432 \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x18B000, BlocksNum 0x1D01D800
18:39:16.0611 9432 \Device\Harddisk1\DR1:
18:39:16.0611 9432 MBR used
18:39:16.0611 9432 \Device\Harddisk1\DR1\Partition0: MBR, Type 0xC, StartLBA 0x50, BlocksNum 0xEEFFB0
18:39:16.0642 9432 Initialize success
18:39:16.0642 9432 ============================================================
18:39:18.0904 7448 ============================================================
18:39:18.0904 7448 Scan started
18:39:18.0904 7448 Mode: Manual;
18:39:18.0904 7448 ============================================================
18:39:20.0697 7448 1394ohci (1b133875b8aa8ac48969bd3458afe9f5) C:\Windows\system32\drivers\1394ohci.sys
18:39:20.0697 7448 1394ohci - ok
18:39:20.0760 7448 ACPI (cea80c80bed809aa0da6febc04733349) C:\Windows\system32\drivers\ACPI.sys
18:39:20.0760 7448 ACPI - ok
18:39:20.0822 7448 AcpiPmi (1efbc664abff416d1d07db115dcb264f) C:\Windows\system32\drivers\acpipmi.sys
18:39:20.0822 7448 AcpiPmi - ok
18:39:20.0869 7448 ACT! Scheduler (75d856834660f71718e90b7627967de1) C:\Program Files\ACT\Act for Windows\Act.Scheduler.exe
18:39:20.0994 7448 ACT! Scheduler - ok
18:39:21.0087 7448 ADIHdAudAddService (9e5ae3da1956a7825cc5869be3350a96) C:\Windows\system32\drivers\ADIHdAud.sys
18:39:21.0087 7448 ADIHdAudAddService - ok
18:39:21.0228 7448 AdobeARMservice (62b7936f9036dd6ed36e6a7efa805dc0) C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe
18:39:21.0228 7448 AdobeARMservice - ok
18:39:21.0337 7448 AdobeFlashPlayerUpdateSvc (0d4c486a24a711a45fd83acdf4d18506) C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe
18:39:21.0337 7448 AdobeFlashPlayerUpdateSvc - ok
18:39:21.0399 7448 adp94xx (21e785ebd7dc90a06391141aac7892fb) C:\Windows\system32\DRIVERS\adp94xx.sys
18:39:21.0399 7448 adp94xx - ok
18:39:21.0430 7448 adpahci (0c676bc278d5b59ff5abd57bbe9123f2) C:\Windows\system32\DRIVERS\adpahci.sys
18:39:21.0430 7448 adpahci - ok
18:39:21.0462 7448 adpu320 (7c7b5ee4b7b822ec85321fe23a27db33) C:\Windows\system32\DRIVERS\adpu320.sys
18:39:21.0462 7448 adpu320 - ok
18:39:21.0493 7448 AeLookupSvc (8b5eefeec1e6d1a72a06c526628ad161) C:\Windows\System32\aelupsvc.dll
18:39:21.0493 7448 AeLookupSvc - ok
18:39:21.0555 7448 AFD (9ebbba55060f786f0fcaa3893bfa2806) C:\Windows\system32\drivers\afd.sys
18:39:21.0555 7448 AFD - ok
18:39:21.0602 7448 agp440 (507812c3054c21cef746b6ee3d04dd6e) C:\Windows\system32\drivers\agp440.sys
18:39:21.0602 7448 agp440 - ok
18:39:21.0664 7448 aic78xx (8b30250d573a8f6b4bd23195160d8707) C:\Windows\system32\DRIVERS\djsvs.sys
18:39:21.0664 7448 aic78xx - ok
18:39:21.0711 7448 ALG (18a54e132947cd98fea9accc57f98f13) C:\Windows\System32\alg.exe
18:39:21.0711 7448 ALG - ok
18:39:21.0758 7448 aliide (0d40bcf52ea90fc7df2aeab6503dea44) C:\Windows\system32\drivers\aliide.sys
18:39:21.0758 7448 aliide - ok
18:39:21.0789 7448 AMD External Events Utility (b19505648f033393e907e2e419fde8b3) C:\Windows\system32\atiesrxx.exe
18:39:21.0789 7448 AMD External Events Utility - ok
18:39:21.0852 7448 amdagp (3c6600a0696e90a463771c7422e23ab5) C:\Windows\system32\drivers\amdagp.sys
18:39:21.0852 7448 amdagp - ok
18:39:21.0898 7448 amdide (cd5914170297126b6266860198d1d4f0) C:\Windows\system32\drivers\amdide.sys
18:39:21.0898 7448 amdide - ok
18:39:21.0945 7448 AmdK8 (00dda200d71bac534bf56a9db5dfd666) C:\Windows\system32\DRIVERS\amdk8.sys
18:39:21.0945 7448 AmdK8 - ok
18:39:21.0961 7448 AmdPPM (3cbf30f5370fda40dd3e87df38ea53b6) C:\Windows\system32\DRIVERS\amdppm.sys
18:39:21.0961 7448 AmdPPM - ok
18:39:21.0992 7448 amdsata (d320bf87125326f996d4904fe24300fc) C:\Windows\system32\drivers\amdsata.sys
18:39:21.0992 7448 amdsata - ok
18:39:22.0023 7448 amdsbs (ea43af0c423ff267355f74e7a53bdaba) C:\Windows\system32\DRIVERS\amdsbs.sys
18:39:22.0023 7448 amdsbs - ok
18:39:22.0054 7448 amdxata (46387fb17b086d16dea267d5be23a2f2) C:\Windows\system32\drivers\amdxata.sys
18:39:22.0054 7448 amdxata - ok
18:39:22.0101 7448 AppID (aea177f783e20150ace5383ee368da19) C:\Windows\system32\drivers\appid.sys
18:39:22.0117 7448 AppID - ok
18:39:22.0148 7448 AppIDSvc (62a9c86cb6085e20db4823e4e97826f5) C:\Windows\System32\appidsvc.dll
18:39:22.0148 7448 AppIDSvc - ok
18:39:22.0195 7448 Appinfo (fb1959012294d6ad43e5304df65e3c26) C:\Windows\System32\appinfo.dll
18:39:22.0195 7448 Appinfo - ok
18:39:22.0226 7448 AppMgmt (a45d184df6a8803da13a0b329517a64a) C:\Windows\System32\appmgmts.dll
18:39:22.0226 7448 AppMgmt - ok
18:39:22.0273 7448 arc (2932004f49677bd84dbc72edb754ffb3) C:\Windows\system32\DRIVERS\arc.sys
18:39:22.0273 7448 arc - ok
18:39:22.0288 7448 arcsas (5d6f36c46fd283ae1b57bd2e9feb0bc7) C:\Windows\system32\DRIVERS\arcsas.sys
18:39:22.0288 7448 arcsas - ok
18:39:22.0398 7448 aspnet_state (776acefa0ca9df0faa51a5fb2f435705) C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_state.exe
18:39:22.0429 7448 aspnet_state - ok
18:39:22.0491 7448 AsyncMac (add2ade1c2b285ab8378d2daaf991481) C:\Windows\system32\DRIVERS\asyncmac.sys
18:39:22.0491 7448 AsyncMac - ok
18:39:22.0554 7448 atapi (338c86357871c167a96ab976519bf59e) C:\Windows\system32\drivers\atapi.sys
18:39:22.0554 7448 atapi - ok
18:39:22.0725 7448 atikmdag (04f09923a393e4e0e8453a8f78361e73) C:\Windows\system32\DRIVERS\atikmdag.sys
18:39:22.0819 7448 atikmdag - ok
18:39:22.0912 7448 AudioEndpointBuilder (ce3b4e731638d2ef62fcb419be0d39f0) C:\Windows\System32\Audiosrv.dll
18:39:22.0912 7448 AudioEndpointBuilder - ok
18:39:22.0912 7448 Audiosrv (ce3b4e731638d2ef62fcb419be0d39f0) C:\Windows\System32\Audiosrv.dll
18:39:22.0928 7448 Audiosrv - ok
18:39:22.0975 7448 AxInstSV (6e30d02aac9cac84f421622e3a2f6178) C:\Windows\System32\AxInstSV.dll
18:39:22.0975 7448 AxInstSV - ok
18:39:23.0021 7448 b06bdrv (1a231abec60fd316ec54c66715543cec) C:\Windows\system32\DRIVERS\bxvbdx.sys
18:39:23.0037 7448 b06bdrv - ok
18:39:23.0084 7448 b57nd60x (3d3f40545c81032297625655cad40963) C:\Windows\system32\DRIVERS\b57nd60x.sys
18:39:23.0084 7448 b57nd60x - ok
18:39:23.0131 7448 BDESVC (ee1e9c3bb8228ae423dd38db69128e71) C:\Windows\System32\bdesvc.dll
18:39:23.0131 7448 BDESVC - ok
18:39:23.0162 7448 Beep (505506526a9d467307b3c393dedaf858) C:\Windows\system32\drivers\Beep.sys
18:39:23.0162 7448 Beep - ok
18:39:23.0224 7448 BFE (1e2bac209d184bb851e1a187d8a29136) C:\Windows\System32\bfe.dll
18:39:23.0224 7448 BFE - ok
18:39:23.0271 7448 BITS (e585445d5021971fae10393f0f1c3961) C:\Windows\system32\qmgr.dll
18:39:23.0287 7448 BITS - ok
18:39:23.0333 7448 blbdrive (2287078ed48fcfc477b05b20cf38f36f) C:\Windows\system32\DRIVERS\blbdrive.sys
18:39:23.0333 7448 blbdrive - ok
18:39:23.0380 7448 Blfp (ed5e8ced1b616590b252c61ec9e9b507) C:\Windows\system32\DRIVERS\basp.sys
18:39:23.0380 7448 Blfp - ok
18:39:23.0427 7448 bowser (8f2da3028d5fcbd1a060a3de64cd6506) C:\Windows\system32\DRIVERS\bowser.sys
18:39:23.0427 7448 bowser - ok
18:39:23.0458 7448 BrFiltLo (9f9acc7f7ccde8a15c282d3f88b43309) C:\Windows\system32\DRIVERS\BrFiltLo.sys
18:39:23.0458 7448 BrFiltLo - ok
18:39:23.0489 7448 BrFiltUp (56801ad62213a41f6497f96dee83755a) C:\Windows\system32\DRIVERS\BrFiltUp.sys
18:39:23.0489 7448 BrFiltUp - ok
18:39:23.0536 7448 BridgeMP (77361d72a04f18809d0efb6cceb74d4b) C:\Windows\system32\DRIVERS\bridge.sys
18:39:23.0536 7448 BridgeMP - ok
18:39:23.0583 7448 Browser (6e11f33d14d020f58d5e02e4d67dfa19) C:\Windows\System32\browser.dll
18:39:23.0583 7448 Browser - ok
18:39:23.0677 7448 Browser Defender Update Service (335219836821cb675533ab4731779754) C:\Program Files\PC Tools\PC Tools Security\BDT\BDTUpdateService.exe
18:39:23.0692 7448 Browser Defender Update Service - ok
18:39:23.0770 7448 Brserid (845b8ce732e67f3b4133164868c666ea) C:\Windows\System32\Drivers\Brserid.sys
18:39:23.0770 7448 Brserid - ok
18:39:23.0833 7448 BrSerWdm (203f0b1e73adadbbb7b7b1fabd901f6b) C:\Windows\System32\Drivers\BrSerWdm.sys
18:39:23.0833 7448 BrSerWdm - ok
18:39:23.0848 7448 BrUsbMdm (bd456606156ba17e60a04e18016ae54b) C:\Windows\System32\Drivers\BrUsbMdm.sys
18:39:23.0864 7448 BrUsbMdm - ok
18:39:23.0864 7448 BrUsbSer (af72ed54503f717a43268b3cc5faec2e) C:\Windows\System32\Drivers\BrUsbSer.sys
18:39:23.0864 7448 BrUsbSer - ok
18:39:23.0895 7448 BTHMODEM (ed3df7c56ce0084eb2034432fc56565a) C:\Windows\system32\DRIVERS\bthmodem.sys
18:39:23.0895 7448 BTHMODEM - ok
18:39:23.0926 7448 bthserv (1df19c96eef6c29d1c3e1a8678e07190) C:\Windows\system32\bthserv.dll
18:39:23.0926 7448 bthserv - ok
18:39:24.0051 7448 catchme - ok
18:39:24.0129 7448 cdfs (77ea11b065e0a8ab902d78145ca51e10) C:\Windows\system32\DRIVERS\cdfs.sys
18:39:24.0129 7448 cdfs - ok
18:39:24.0176 7448 cdrom (be167ed0fdb9c1fa1133953c18d5a6c9) C:\Windows\system32\DRIVERS\cdrom.sys
18:39:24.0176 7448 cdrom - ok
18:39:24.0238 7448 CertPropSvc (319c6b309773d063541d01df8ac6f55f) C:\Windows\System32\certprop.dll
18:39:24.0238 7448 CertPropSvc - ok
18:39:24.0269 7448 circlass (3fe3fe94a34df6fb06e6418d0f6a0060) C:\Windows\system32\DRIVERS\circlass.sys
18:39:24.0269 7448 circlass - ok
18:39:24.0301 7448 CLFS (635181e0e9bbf16871bf5380d71db02d) C:\Windows\system32\CLFS.sys
18:39:24.0301 7448 CLFS - ok
18:39:24.0363 7448 clr_optimization_v2.0.50727_32 (d88040f816fda31c3b466f0fa0918f29) C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
18:39:24.0363 7448 clr_optimization_v2.0.50727_32 - ok
18:39:24.0425 7448 clr_optimization_v4.0.30319_32 (c5a75eb48e2344abdc162bda79e16841) C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
18:39:24.0503 7448 clr_optimization_v4.0.30319_32 - ok
18:39:24.0566 7448 CmBatt (dea805815e587dad1dd2c502220b5616) C:\Windows\system32\DRIVERS\CmBatt.sys
18:39:24.0566 7448 CmBatt - ok
18:39:24.0612 7448 cmdide (c537b1db64d495b9b4717b4d6d9edbf2) C:\Windows\system32\drivers\cmdide.sys
18:39:24.0612 7448 cmdide - ok
18:39:24.0659 7448 CNG (6427525d76f61d0c519b008d3680e8e7) C:\Windows\system32\Drivers\cng.sys
18:39:24.0659 7448 CNG - ok
18:39:24.0675 7448 Compbatt (a6023d3823c37043986713f118a89bee) C:\Windows\system32\DRIVERS\compbatt.sys
18:39:24.0675 7448 Compbatt - ok
18:39:24.0737 7448 CompositeBus (cbe8c58a8579cfe5fccf809e6f114e89) C:\Windows\system32\drivers\CompositeBus.sys
18:39:24.0737 7448 CompositeBus - ok
18:39:24.0753 7448 COMSysApp - ok
18:39:24.0784 7448 crcdisk (2c4ebcfc84a9b44f209dff6c6e6c61d1) C:\Windows\system32\DRIVERS\crcdisk.sys
18:39:24.0784 7448 crcdisk - ok
18:39:24.0831 7448 CryptSvc (a585bebf7d054bd9618eda0922d5484a) C:\Windows\system32\cryptsvc.dll
18:39:24.0831 7448 CryptSvc - ok
18:39:24.0878 7448 CSC (3c2177a897b4ca2788c6fb0c3fd81d4b) C:\Windows\system32\drivers\csc.sys
18:39:24.0878 7448 CSC - ok
18:39:24.0909 7448 CscService (15f93b37f6801943360d9eb42485d5d3) C:\Windows\System32\cscsvc.dll
18:39:24.0909 7448 CscService - ok
18:39:24.0971 7448 DcomLaunch (7660f01d3b38aca1747e397d21d790af) C:\Windows\system32\rpcss.dll
18:39:24.0987 7448 DcomLaunch - ok
18:39:25.0080 7448 dcpsysmgrsvc (4a557869c542b26264ea727c11b6670e) c:\Program Files\Dell\Dell System Manager\DCPSysMgrSvc.exe
18:39:25.0080 7448 dcpsysmgrsvc - ok
18:39:25.0158 7448 defragsvc (8d6e10a2d9a5eed59562d9b82cf804e1) C:\Windows\System32\defragsvc.dll
18:39:25.0158 7448 defragsvc - ok
18:39:25.0236 7448 DfsC (f024449c97ec1e464aaffda18593db88) C:\Windows\system32\Drivers\dfsc.sys
18:39:25.0236 7448 DfsC - ok
18:39:25.0283 7448 Dhcp (e9e01eb683c132f7fa27cd607b8a2b63) C:\Windows\system32\dhcpcore.dll
18:39:25.0299 7448 Dhcp - ok
18:39:25.0314 7448 discache (1a050b0274bfb3890703d490f330c0da) C:\Windows\system32\drivers\discache.sys
18:39:25.0314 7448 discache - ok
18:39:25.0346 7448 Disk (565003f326f99802e68ca78f2a68e9ff) C:\Windows\system32\DRIVERS\disk.sys
18:39:25.0346 7448 Disk - ok
18:39:25.0392 7448 Dnscache (33ef4861f19a0736b11314aad9ae28d0) C:\Windows\System32\dnsrslvr.dll
18:39:25.0392 7448 Dnscache - ok
18:39:25.0439 7448 dot3svc (366ba8fb4b7bb7435e3b9eacb3843f67) C:\Windows\System32\dot3svc.dll
18:39:25.0439 7448 dot3svc - ok
18:39:25.0502 7448 Dot4 (b5e479eb83707dd698f66953e922042c) C:\Windows\system32\DRIVERS\Dot4.sys
18:39:25.0502 7448 Dot4 - ok
18:39:25.0548 7448 Dot4Print (caefd09b6a6249c53a67d55a9a9fcabf) C:\Windows\system32\drivers\Dot4Prt.sys
18:39:25.0548 7448 Dot4Print - ok
18:39:25.0595 7448 DPS (8ec04ca86f1d68da9e11952eb85973d6) C:\Windows\system32\dps.dll
18:39:25.0595 7448 DPS - ok
18:39:26.0453 7448 drmkaud (b918e7c5f9bf77202f89e1a9539f2eb4) C:\Windows\system32\drivers\drmkaud.sys
18:39:26.0453 7448 drmkaud - ok
18:39:26.0531 7448 DXGKrnl (23f5d28378a160352ba8f817bd8c71cb) C:\Windows\System32\drivers\dxgkrnl.sys
18:39:26.0547 7448 DXGKrnl - ok
18:39:26.0609 7448 DymoPnpService (16801152c1c1ba0857972c28d35bce33) C:\Program Files\DYMO\DYMO Label Software\DymoPnpService.exe
18:39:26.0609 7448 DymoPnpService - ok
18:39:26.0640 7448 EapHost (8600142fa91c1b96367d3300ad0f3f3a) C:\Windows\System32\eapsvc.dll
18:39:26.0640 7448 EapHost - ok
18:39:26.0734 7448 ebdrv (024e1b5cac09731e4d868e64dbfb4ab0) C:\Windows\system32\DRIVERS\evbdx.sys
18:39:26.0796 7448 ebdrv - ok
18:39:26.0890 7448 EFS (81951f51e318aecc2d68559e47485cc4) C:\Windows\System32\lsass.exe
18:39:26.0890 7448 EFS - ok
18:39:26.0952 7448 ehRecvr (a8c362018efc87beb013ee28f29c0863) C:\Windows\ehome\ehRecvr.exe
18:39:26.0968 7448 ehRecvr - ok
18:39:26.0983 7448 ehSched (d389bff34f80caede417bf9d1507996a) C:\Windows\ehome\ehsched.exe
18:39:26.0983 7448 ehSched - ok
18:39:27.0046 7448 elxstor (0ed67910c8c326796faa00b2bf6d9d3c) C:\Windows\system32\DRIVERS\elxstor.sys
18:39:27.0046 7448 elxstor - ok
18:39:27.0108 7448 ErrDev (8fc3208352dd3912c94367a206ab3f11) C:\Windows\system32\drivers\errdev.sys
18:39:27.0108 7448 ErrDev - ok
18:39:27.0155 7448 EventSystem (f6916efc29d9953d5d0df06882ae8e16) C:\Windows\system32\es.dll
18:39:27.0171 7448 EventSystem - ok
18:39:27.0202 7448 exfat (2dc9108d74081149cc8b651d3a26207f) C:\Windows\system32\drivers\exfat.sys
18:39:27.0202 7448 exfat - ok
18:39:27.0233 7448 fastfat (7e0ab74553476622fb6ae36f73d97d35) C:\Windows\system32\drivers\fastfat.sys
18:39:27.0233 7448 fastfat - ok
18:39:27.0280 7448 Fax (967ea5b213e9984cbe270205df37755b) C:\Windows\system32\fxssvc.exe
18:39:27.0295 7448 Fax - ok
18:39:27.0327 7448 fdc (e817a017f82df2a1f8cfdbda29388b29) C:\Windows\system32\DRIVERS\fdc.sys
18:39:27.0327 7448 fdc - ok
18:39:27.0358 7448 fdPHost (f3222c893bd2f5821a0179e5c71e88fb) C:\Windows\system32\fdPHost.dll
18:39:27.0358 7448 fdPHost - ok
18:39:27.0373 7448 FDResPub (7dbe8cbfe79efbdeb98c9fb08d3a9a5b) C:\Windows\system32\fdrespub.dll
18:39:27.0373 7448 FDResPub - ok
18:39:27.0389 7448 FileInfo (6cf00369c97f3cf563be99be983d13d8) C:\Windows\system32\drivers\fileinfo.sys
18:39:27.0389 7448 FileInfo - ok
18:39:27.0405 7448 Filetrace (42c51dc94c91da21cb9196eb64c45db9) C:\Windows\system32\drivers\filetrace.sys
18:39:27.0405 7448 Filetrace - ok
18:39:27.0467 7448 FJTWMKSV (bc73fcff20492133b132bb9ef182c8ad) C:\Windows\twain_32\fjscan32\FJTWMKSV.exe
18:39:27.0467 7448 FJTWMKSV - ok
18:39:27.0529 7448 FLEXnet Licensing Service (f76d04f7413b07daa029f6520b64b4e8) C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
18:39:27.0545 7448 FLEXnet Licensing Service - ok
18:39:27.0607 7448 flpydisk (87907aa70cb3c56600f1c2fb8841579b) C:\Windows\system32\DRIVERS\flpydisk.sys
18:39:27.0607 7448 flpydisk - ok
18:39:27.0654 7448 FltMgr (7520ec808e0c35e0ee6f841294316653) C:\Windows\system32\drivers\fltmgr.sys
18:39:27.0654 7448 FltMgr - ok
18:39:27.0717 7448 FontCache (b3a5ec6b6b6673db7e87c2bcdbddc074) C:\Windows\system32\FntCache.dll
18:39:27.0732 7448 FontCache - ok
18:39:27.0794 7448 FontCache3.0.0.0 (e56f39f6b7fda0ac77a79b0fd3de1a2f) C:\Windows\Microsoft.Net\Framework\v3.0\WPF\PresentationFontCache.exe
18:39:27.0794 7448 FontCache3.0.0.0 - ok
18:39:27.0857 7448 FsDepends (1a16b57943853e598cff37fe2b8cbf1d) C:\Windows\system32\drivers\FsDepends.sys
18:39:27.0857 7448 FsDepends - ok
18:39:27.0888 7448 Fs_Rec (a574b4360e438977038aae4bf60d79a2) C:\Windows\system32\drivers\Fs_Rec.sys
18:39:27.0888 7448 Fs_Rec - ok
18:39:27.0935 7448 fvevol (8a73e79089b282100b9393b644cb853b) C:\Windows\system32\DRIVERS\fvevol.sys
18:39:27.0935 7448 fvevol - ok
18:39:27.0966 7448 gagp30kx (65ee0c7a58b65e74ae05637418153938) C:\Windows\system32\DRIVERS\gagp30kx.sys
18:39:27.0982 7448 gagp30kx - ok
18:39:28.0028 7448 gpsvc (e897eaf5ed6ba41e081060c9b447a673) C:\Windows\System32\gpsvc.dll
18:39:28.0044 7448 gpsvc - ok
18:39:28.0122 7448 gusvc (c1b577b2169900f4cf7190c39f085794) C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
18:39:28.0122 7448 gusvc - ok
18:39:28.0200 7448 hcw85cir (c44e3c2bab6837db337ddee7544736db) C:\Windows\system32\drivers\hcw85cir.sys
18:39:28.0216 7448 hcw85cir - ok
18:39:28.0278 7448 HdAudAddService (a5ef29d5315111c80a5c1abad14c8972) C:\Windows\system32\drivers\HdAudio.sys
18:39:28.0278 7448 HdAudAddService - ok
18:39:28.0340 7448 HDAudBus (9036377b8a6c15dc2eec53e489d159b5) C:\Windows\system32\DRIVERS\HDAudBus.sys
18:39:28.0340 7448 HDAudBus - ok
18:39:28.0372 7448 HidBatt (1d58a7f3e11a9731d0eaaaa8405acc36) C:\Windows\system32\DRIVERS\HidBatt.sys
18:39:28.0372 7448 HidBatt - ok
18:39:28.0387 7448 HidBth (89448f40e6df260c206a193a4683ba78) C:\Windows\system32\DRIVERS\hidbth.sys
18:39:28.0403 7448 HidBth - ok
18:39:28.0434 7448 HidIr (cf50b4cf4a4f229b9f3c08351f99ca5e) C:\Windows\system32\DRIVERS\hidir.sys
18:39:28.0434 7448 HidIr - ok
18:39:28.0450 7448 hidserv (2bc6f6a1992b3a77f5f41432ca6b3b6b) C:\Windows\System32\hidserv.dll
18:39:28.0465 7448 hidserv - ok
18:39:28.0496 7448 HidUsb (10c19f8290891af023eaec0832e1eb4d) C:\Windows\system32\drivers\hidusb.sys
18:39:28.0496 7448 HidUsb - ok
18:39:28.0543 7448 hkmsvc (196b4e3f4cccc24af836ce58facbb699) C:\Windows\system32\kmsvc.dll
18:39:28.0543 7448 hkmsvc - ok
18:39:28.0590 7448 HomeGroupListener (6658f4404de03d75fe3ba09f7aba6a30) C:\Windows\system32\ListSvc.dll
18:39:28.0590 7448 HomeGroupListener - ok
18:39:28.0621 7448 HomeGroupProvider (dbc02d918fff1cad628acbe0c0eaa8e8) C:\Windows\system32\provsvc.dll
18:39:28.0621 7448 HomeGroupProvider - ok
18:39:28.0652 7448 HpSAMD (295fdc419039090eb8b49ffdbb374549) C:\Windows\system32\drivers\HpSAMD.sys
18:39:28.0652 7448 HpSAMD - ok
18:39:28.0715 7448 HTTP (871917b07a141bff43d76d8844d48106) C:\Windows\system32\drivers\HTTP.sys
18:39:28.0730 7448 HTTP - ok
18:39:28.0762 7448 hwpolicy (0c4e035c7f105f1299258c90886c64c5) C:\Windows\system32\drivers\hwpolicy.sys
18:39:28.0762 7448 hwpolicy - ok
18:39:28.0808 7448 i8042prt (f151f0bdc47f4a28b1b20a0818ea36d6) C:\Windows\system32\drivers\i8042prt.sys
18:39:28.0808 7448 i8042prt - ok
18:39:28.0886 7448 IAANTMON (0e899d0db39617aa0b2f992e7e95b5eb) C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTMon.exe
18:39:28.0902 7448 IAANTMON - ok
18:39:28.0933 7448 iaStorV (5cd5f9a5444e6cdcb0ac89bd62d8b76e) C:\Windows\system32\drivers\iaStorV.sys
18:39:28.0933 7448 iaStorV - ok
18:39:29.0011 7448 IDriverT (6f95324909b502e2651442c1548ab12f) C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
18:39:29.0011 7448 IDriverT - ok
18:39:29.0105 7448 idsvc (c521d7eb6497bb1af6afa89e322fb43c) C:\Windows\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe
18:39:29.0136 7448 idsvc - ok
18:39:29.0198 7448 iirsp (4173ff5708f3236cf25195fecd742915) C:\Windows\system32\DRIVERS\iirsp.sys
18:39:29.0198 7448 iirsp - ok
18:39:29.0261 7448 IKEEXT (f95622f161474511b8d80d6b093aa610) C:\Windows\System32\ikeext.dll
18:39:29.0276 7448 IKEEXT - ok
18:39:29.0323 7448 intelide (a0f12f2c9ba6c72f3987ce780e77c130) C:\Windows\system32\drivers\intelide.sys
18:39:29.0323 7448 intelide - ok
18:39:29.0370 7448 intelppm (3b514d27bfc4accb4037bc6685f766e0) C:\Windows\system32\DRIVERS\intelppm.sys
18:39:29.0370 7448 intelppm - ok
18:39:29.0401 7448 IPBusEnum (acb364b9075a45c0736e5c47be5cae19) C:\Windows\system32\ipbusenum.dll
18:39:29.0401 7448 IPBusEnum - ok
18:39:29.0432 7448 IpFilterDriver (709d1761d3b19a932ff0238ea6d50200) C:\Windows\system32\DRIVERS\ipfltdrv.sys
18:39:29.0432 7448 IpFilterDriver - ok
18:39:29.0495 7448 iphlpsvc (4d65a07b795d6674312f879d09aa7663) C:\Windows\System32\iphlpsvc.dll
18:39:29.0510 7448 iphlpsvc - ok
18:39:29.0557 7448 IPMIDRV (4bd7134618c1d2a27466a099062547bf) C:\Windows\system32\drivers\IPMIDrv.sys
18:39:29.0557 7448 IPMIDRV - ok
18:39:29.0573 7448 IPNAT (a5fa468d67abcdaa36264e463a7bb0cd) C:\Windows\system32\drivers\ipnat.sys
18:39:29.0573 7448 IPNAT - ok
18:39:29.0604 7448 IRENUM (42996cff20a3084a56017b7902307e9f) C:\Windows\system32\drivers\irenum.sys
18:39:29.0619 7448 IRENUM - ok
18:39:29.0635 7448 isapnp (1f32bb6b38f62f7df1a7ab7292638a35) C:\Windows\system32\drivers\isapnp.sys
18:39:29.0635 7448 isapnp - ok
18:39:29.0666 7448 iScsiPrt (cb7a9abb12b8415bce5d74994c7ba3ae) C:\Windows\system32\drivers\msiscsi.sys
18:39:29.0682 7448 iScsiPrt - ok
18:39:29.0729 7448 kbdclass (adef52ca1aeae82b50df86b56413107e) C:\Windows\system32\drivers\kbdclass.sys
18:39:29.0729 7448 kbdclass - ok
18:39:29.0791 7448 kbdhid (9e3ced91863e6ee98c24794d05e27a71) C:\Windows\system32\drivers\kbdhid.sys
18:39:29.0791 7448 kbdhid - ok
18:39:29.0822 7448 KeyIso (81951f51e318aecc2d68559e47485cc4) C:\Windows\system32\lsass.exe
18:39:29.0838 7448 KeyIso - ok
18:39:29.0853 7448 KSecDD (f4647bb23db9038a7536cf6b68f4207f) C:\Windows\system32\Drivers\ksecdd.sys
18:39:29.0853 7448 KSecDD - ok
18:39:29.0869 7448 KSecPkg (e73cae53bbb72ba26918492c6b4c229d) C:\Windows\system32\Drivers\ksecpkg.sys
18:39:29.0885 7448 KSecPkg - ok
18:39:29.0916 7448 KtmRm (89a7b9cc98d0d80c6f31b91c0a310fcd) C:\Windows\system32\msdtckrm.dll
18:39:29.0916 7448 KtmRm - ok
18:39:29.0978 7448 LanmanServer (d64af876d53eca3668bb97b51b4e70ab) C:\Windows\System32\srvsvc.dll
18:39:29.0978 7448 LanmanServer - ok
18:39:30.0025 7448 LanmanWorkstation (58405e4f68ba8e4057c6e914f326aba2) C:\Windows\System32\wkssvc.dll
18:39:30.0025 7448 LanmanWorkstation - ok
18:39:30.0087 7448 lltdio (f7611ec07349979da9b0ae1f18ccc7a6) C:\Windows\system32\DRIVERS\lltdio.sys
18:39:30.0087 7448 lltdio - ok
18:39:30.0119 7448 lltdsvc (5700673e13a2117fa3b9020c852c01e2) C:\Windows\System32\lltdsvc.dll
18:39:30.0134 7448 lltdsvc - ok
18:39:30.0150 7448 lmhosts (55ca01ba19d0006c8f2639b6c045e08b) C:\Windows\System32\lmhsvc.dll
18:39:30.0150 7448 lmhosts - ok
18:39:30.0197 7448 LSI_FC (eb119a53ccf2acc000ac71b065b78fef) C:\Windows\system32\DRIVERS\lsi_fc.sys
18:39:30.0197 7448 LSI_FC - ok
18:39:30.0212 7448 LSI_SAS (8ade1c877256a22e49b75d1cc9161f9c) C:\Windows\system32\DRIVERS\lsi_sas.sys
18:39:30.0212 7448 LSI_SAS - ok
18:39:30.0228 7448 LSI_SAS2 (dc9dc3d3daa0e276fd2ec262e38b11e9) C:\Windows\system32\DRIVERS\lsi_sas2.sys
18:39:30.0228 7448 LSI_SAS2 - ok
18:39:30.0259 7448 LSI_SCSI (0a036c7d7cab643a7f07135ac47e0524) C:\Windows\system32\DRIVERS\lsi_scsi.sys
18:39:30.0259 7448 LSI_SCSI - ok
18:39:30.0290 7448 luafv (6703e366cc18d3b6e534f5cf7df39cee) C:\Windows\system32\drivers\luafv.sys
18:39:30.0290 7448 luafv - ok
18:39:30.0353 7448 LxrSII1d (59045011f52b81cd411419b558dd50ff) C:\Windows\System32\Drivers\LxrSII1d.sys
18:39:30.0368 7448 LxrSII1d - ok
18:39:30.0384 7448 LxrSII1s (e66286727fbf58eb323625af3efda53e) C:\Windows\system32\LxrSII1s.exe
18:39:30.0384 7448 LxrSII1s - ok
18:39:30.0431 7448 MBAMProtector (b7ca8cc3f978201856b6ab82f40953c3) C:\Windows\system32\drivers\mbam.sys
18:39:30.0431 7448 MBAMProtector - ok
18:39:30.0493 7448 MBAMService (056b19651bd7b7ce5f89a3ac46dbdc08) C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe
18:39:30.0509 7448 MBAMService - ok
18:39:30.0555 7448 Mcx2Svc (bfb9ee8ee977efe85d1a3105abef6dd1) C:\Windows\system32\Mcx2Svc.dll
18:39:30.0555 7448 Mcx2Svc - ok
18:39:30.0618 7448 megasas (0fff5b045293002ab38eb1fd1fc2fb74) C:\Windows\system32\DRIVERS\megasas.sys
18:39:30.0618 7448 megasas - ok
18:39:30.0633 7448 MegaSR (dcbab2920c75f390caf1d29f675d03d6) C:\Windows\system32\DRIVERS\MegaSR.sys
18:39:30.0649 7448 MegaSR - ok
18:39:30.0665 7448 MMCSS (146b6f43a673379a3c670e86d89be5ea) C:\Windows\system32\mmcss.dll
18:39:30.0665 7448 MMCSS - ok
18:39:30.0696 7448 Modem (f001861e5700ee84e2d4e52c712f4964) C:\Windows\system32\drivers\modem.sys
18:39:30.0696 7448 Modem - ok
18:39:30.0727 7448 monitor (79d10964de86b292320e9dfe02282a23) C:\Windows\system32\DRIVERS\monitor.sys
18:39:30.0727 7448 monitor - ok
18:39:30.0774 7448 mouclass (fb18cc1d4c2e716b6b903b0ac0cc0609) C:\Windows\system32\drivers\mouclass.sys
18:39:30.0774 7448 mouclass - ok
18:39:30.0805 7448 mouhid (2c388d2cd01c9042596cf3c8f3c7b24d) C:\Windows\system32\DRIVERS\mouhid.sys
18:39:30.0805 7448 mouhid - ok
18:39:30.0852 7448 mountmgr (fc8771f45ecccfd89684e38842539b9b) C:\Windows\system32\drivers\mountmgr.sys
18:39:30.0852 7448 mountmgr - ok
18:39:30.0914 7448 MpFilter (fee0baded54222e9f1dae9541212aab1) C:\Windows\system32\DRIVERS\MpFilter.sys
18:39:30.0914 7448 MpFilter - ok
18:39:30.0961 7448 mpio (2d699fb6e89ce0d8da14ecc03b3edfe0) C:\Windows\system32\drivers\mpio.sys
18:39:30.0961 7448 mpio - ok
18:39:31.0008 7448 MpNWMon (2c3489660d4a8d514c123c3f0d67df46) C:\Windows\system32\DRIVERS\MpNWMon.sys
18:39:31.0008 7448 MpNWMon - ok
18:39:31.0039 7448 mpsdrv (ad2723a7b53dd1aacae6ad8c0bfbf4d0) C:\Windows\system32\drivers\mpsdrv.sys
18:39:31.0055 7448 mpsdrv - ok
18:39:31.0086 7448 MpsSvc (9835584e999d25004e1ee8e5f3e3b881) C:\Windows\system32\mpssvc.dll
18:39:31.0117 7448 MpsSvc - ok
18:39:31.0164 7448 MRxDAV (ceb46ab7c01c9f825f8cc6babc18166a) C:\Windows\system32\drivers\mrxdav.sys
18:39:31.0164 7448 MRxDAV - ok
18:39:31.0211 7448 mrxsmb (5d16c921e3671636c0eba3bbaac5fd25) C:\Windows\system32\DRIVERS\mrxsmb.sys
18:39:31.0211 7448 mrxsmb - ok
18:39:31.0257 7448 mrxsmb10 (6d17a4791aca19328c685d256349fefc) C:\Windows\system32\DRIVERS\mrxsmb10.sys
18:39:31.0257 7448 mrxsmb10 - ok
18:39:31.0304 7448 mrxsmb20 (b81f204d146000be76651a50670a5e9e) C:\Windows\system32\DRIVERS\mrxsmb20.sys
18:39:31.0304 7448 mrxsmb20 - ok
18:39:31.0335 7448 msahci (012c5f4e9349e711e11e0f19a8589f0a) C:\Windows\system32\drivers\msahci.sys
18:39:31.0335 7448 msahci - ok
18:39:31.0398 7448 msdsm (55055f8ad8be27a64c831322a780a228) C:\Windows\system32\drivers\msdsm.sys
18:39:31.0398 7448 msdsm - ok
18:39:31.0429 7448 MSDTC (e1bce74a3bd9902b72599c0192a07e27) C:\Windows\System32\msdtc.exe
18:39:31.0444 7448 MSDTC - ok
18:39:31.0491 7448 Msfs (daefb28e3af5a76abcc2c3078c07327f) C:\Windows\system32\drivers\Msfs.sys
18:39:31.0491 7448 Msfs - ok
18:39:31.0507 7448 mshidkmdf (3e1e5767043c5af9367f0056295e9f84) C:\Windows\System32\drivers\mshidkmdf.sys
18:39:31.0507 7448 mshidkmdf - ok
18:39:31.0554 7448 msisadrv (0a4e5757ae09fa9622e3158cc1aef114) C:\Windows\system32\drivers\msisadrv.sys
18:39:31.0554 7448 msisadrv - ok
18:39:31.0600 7448 MSiSCSI (90f7d9e6b6f27e1a707d4a297f077828) C:\Windows\system32\iscsiexe.dll
18:39:31.0616 7448 MSiSCSI - ok
18:39:31.0616 7448 msiserver - ok
18:39:31.0647 7448 MSKSSRV (8c0860d6366aaffb6c5bb9df9448e631) C:\Windows\system32\drivers\MSKSSRV.sys
18:39:31.0663 7448 MSKSSRV - ok
18:39:31.0756 7448 MsMpSvc (cfce43b70ca0cc4dcc8adb62b792b173) c:\Program Files\Microsoft Security Client\Antimalware\MsMpEng.exe
18:39:31.0756 7448 MsMpSvc - ok
18:39:31.0803 7448 MSPCLOCK (3ea8b949f963562cedbb549eac0c11ce) C:\Windows\system32\drivers\MSPCLOCK.sys
18:39:31.0803 7448 MSPCLOCK - ok
18:39:31.0834 7448 MSPQM (f456e973590d663b1073e9c463b40932) C:\Windows\system32\drivers\MSPQM.sys
18:39:31.0850 7448 MSPQM - ok
18:39:31.0866 7448 MsRPC (0e008fc4819d238c51d7c93e7b41e560) C:\Windows\system32\drivers\MsRPC.sys
18:39:31.0866 7448 MsRPC - ok
18:39:31.0912 7448 mssmbios (fc6b9ff600cc585ea38b12589bd4e246) C:\Windows\system32\drivers\mssmbios.sys
18:39:31.0928 7448 mssmbios - ok
18:39:32.0022 7448 MSSQL$ACT7 - ok
18:39:32.0068 7448 MSSQL$LACERTEDB - ok
18:39:32.0115 7448 MSSQLServerADHelper (1d89eb4e2a99cabd4e81225f4f4c4b25) C:\Program Files\Microsoft SQL Server\90\Shared\sqladhlp90.exe
18:39:32.0115 7448 MSSQLServerADHelper - ok
18:39:32.0193 7448 MSTEE (b42c6b921f61a6e55159b8be6cd54a36) C:\Windows\system32\drivers\MSTEE.sys
18:39:32.0209 7448 MSTEE - ok
18:39:32.0240 7448 MTConfig (33599130f44e1f34631cea241de8ac84) C:\Windows\system32\DRIVERS\MTConfig.sys
18:39:32.0240 7448 MTConfig - ok
18:39:32.0256 7448 Mup (159fad02f64e6381758c990f753bcc80) C:\Windows\system32\Drivers\mup.sys
18:39:32.0256 7448 Mup - ok
18:39:32.0365 7448 NanoServiceMain (a830e59f98827943686e90bf79fc96fa) C:\Program Files\Panda Security\Panda Cloud Antivirus\PSANHost.exe
18:39:32.0365 7448 NanoServiceMain - ok
18:39:32.0427 7448 napagent (61d57a5d7c6d9afe10e77dae6e1b445e) C:\Windows\system32\qagentRT.dll
18:39:32.0443 7448 napagent - ok
18:39:32.0490 7448 NativeWifiP (26384429fcd85d83746f63e798ab1480) C:\Windows\system32\DRIVERS\nwifi.sys
18:39:32.0490 7448 NativeWifiP - ok
18:39:32.0521 7448 NDIS (e7c54812a2aaf43316eb6930c1ffa108) C:\Windows\system32\drivers\ndis.sys
18:39:32.0536 7448 NDIS - ok
18:39:32.0568 7448 NdisCap (0e1787aa6c9191d3d319e8bafe86f80c) C:\Windows\system32\DRIVERS\ndiscap.sys
18:39:32.0583 7448 NdisCap - ok
18:39:32.0599 7448 NdisTapi (e4a8aec125a2e43a9e32afeea7c9c888) C:\Windows\system32\DRIVERS\ndistapi.sys
18:39:32.0599 7448 NdisTapi - ok
18:39:32.0646 7448 Ndisuio (d8a65dafb3eb41cbb622745676fcd072) C:\Windows\system32\DRIVERS\ndisuio.sys
18:39:32.0646 7448 Ndisuio - ok
18:39:32.0692 7448 NdisWan (38fbe267e7e6983311179230facb1017) C:\Windows\system32\DRIVERS\ndiswan.sys
18:39:32.0692 7448 NdisWan - ok
18:39:32.0739 7448 NDProxy (a4bdc541e69674fbff1a8ff00be913f2) C:\Windows\system32\drivers\NDProxy.sys
18:39:32.0739 7448 NDProxy - ok
18:39:32.0770 7448 NetBIOS (80b275b1ce3b0e79909db7b39af74d51) C:\Windows\system32\DRIVERS\netbios.sys
18:39:32.0770 7448 NetBIOS - ok
18:39:32.0817 7448 NetBT (280122ddcf04b378edd1ad54d71c1e54) C:\Windows\system32\DRIVERS\netbt.sys
18:39:32.0833 7448 NetBT - ok
18:39:32.0864 7448 Netlogon (81951f51e318aecc2d68559e47485cc4) C:\Windows\system32\lsass.exe
18:39:32.0880 7448 Netlogon - ok
18:39:32.0911 7448 Netman (7cccfca7510684768da22092d1fa4db2) C:\Windows\System32\netman.dll
18:39:32.0911 7448 Netman - ok
18:39:33.0004 7448 NetMsmqActivator (d22cd77d4f0d63d1169bb35911bff12d) C:\Windows\Microsoft.NET\Framework\v4.0.30319\SMSvcHost.exe
18:39:33.0004 7448 NetMsmqActivator - ok
18:39:33.0020 7448 NetPipeActivator (d22cd77d4f0d63d1169bb35911bff12d) C:\Windows\Microsoft.NET\Framework\v4.0.30319\SMSvcHost.exe
18:39:33.0020 7448 NetPipeActivator - ok
18:39:33.0051 7448 netprofm (8c338238c16777a802d6a9211eb2ba50) C:\Windows\System32\netprofm.dll
18:39:33.0067 7448 netprofm - ok
18:39:33.0067 7448 NetTcpActivator (d22cd77d4f0d63d1169bb35911bff12d) C:\Windows\Microsoft.NET\Framework\v4.0.30319\SMSvcHost.exe
18:39:33.0067 7448 NetTcpActivator - ok
18:39:33.0067 7448 NetTcpPortSharing (d22cd77d4f0d63d1169bb35911bff12d) C:\Windows\Microsoft.NET\Framework\v4.0.30319\SMSvcHost.exe
18:39:33.0067 7448 NetTcpPortSharing - ok
18:39:33.0129 7448 nfrd960 (1d85c4b390b0ee09c7a46b91efb2c097) C:\Windows\system32\DRIVERS\nfrd960.sys
18:39:33.0129 7448 nfrd960 - ok
18:39:33.0191 7448 NisDrv (7b01c6172cfd0b10116175e09200d4b4) C:\Windows\system32\DRIVERS\NisDrvWFP.sys
18:39:33.0207 7448 NisDrv - ok
18:39:33.0269 7448 NisSrv (a5cb074f34bbd89948e34a630d459c0c) c:\Program Files\Microsoft Security Client\Antimalware\NisSrv.exe
18:39:33.0269 7448 NisSrv - ok
18:39:33.0347 7448 NlaSvc (912084381d30d8b89ec4e293053f4710) C:\Windows\System32\nlasvc.dll
18:39:33.0363 7448 NlaSvc - ok
18:39:33.0394 7448 Npfs (1db262a9f8c087e8153d89bef3d2235f) C:\Windows\system32\drivers\Npfs.sys
18:39:33.0394 7448 Npfs - ok
18:39:33.0425 7448 nsi (ba387e955e890c8a88306d9b8d06bf17) C:\Windows\system32\nsisvc.dll
18:39:33.0425 7448 nsi - ok
18:39:33.0441 7448 nsiproxy (e9a0a4d07e53d8fea2bb8387a3293c58) C:\Windows\system32\drivers\nsiproxy.sys
18:39:33.0441 7448 nsiproxy - ok
18:39:33.0503 7448 Ntfs (81189c3d7763838e55c397759d49007a) C:\Windows\system32\drivers\Ntfs.sys
18:39:33.0535 7448 Ntfs - ok
18:39:33.0597 7448 ntrtscan - ok
18:39:33.0644 7448 Null (f9756a98d69098dca8945d62858a812c) C:\Windows\system32\drivers\Null.sys
18:39:33.0644 7448 Null - ok
18:39:33.0675 7448 nvraid (b3e25ee28883877076e0e1ff877d02e0) C:\Windows\system32\drivers\nvraid.sys
18:39:33.0675 7448 nvraid - ok
18:39:33.0706 7448 nvstor (4380e59a170d88c4f1022eff6719a8a4) C:\Windows\system32\drivers\nvstor.sys
18:39:33.0706 7448 nvstor - ok
18:39:33.0753 7448 nv_agp (5a0983915f02bae73267cc2a041f717d) C:\Windows\system32\drivers\nv_agp.sys
18:39:33.0769 7448 nv_agp - ok
18:39:33.0800 7448 ohci1394 (08a70a1f2cdde9bb49b885cb817a66eb) C:\Windows\system32\drivers\ohci1394.sys
18:39:33.0800 7448 ohci1394 - ok
18:39:33.0862 7448 ose (9d10f99a6712e28f8acd5641e3a7ea6b) C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE
18:39:33.0878 7448 ose - ok
18:39:33.0987 7448 osppsvc (358a9cca612c68eb2f07ddad4ce1d8d7) C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE
18:39:34.0018 7448 osppsvc - ok
18:39:34.0081 7448 p2pimsvc (82a8521ddc60710c3d3d3e7325209bec) C:\Windows\system32\pnrpsvc.dll
18:39:34.0096 7448 p2pimsvc - ok
18:39:34.0143 7448 p2psvc (59c3ddd501e39e006dac31bf55150d91) C:\Windows\system32\p2psvc.dll
18:39:34.0143 7448 p2psvc - ok
18:39:34.0205 7448 Parport (2ea877ed5dd9713c5ac74e8ea7348d14) C:\Windows\system32\DRIVERS\parport.sys
18:39:34.0205 7448 Parport - ok
18:39:34.0237 7448 partmgr (bf8f6af06da75b336f07e23aef97d93b) C:\Windows\system32\drivers\partmgr.sys
18:39:34.0237 7448 partmgr - ok
18:39:34.0252 7448 Parvdm (eb0a59f29c19b86479d36b35983daadc) C:\Windows\system32\DRIVERS\parvdm.sys
18:39:34.0268 7448 Parvdm - ok
18:39:34.0299 7448 PBADRV (4088c1ecd1f54281a92fa663b0fdc36f) C:\Windows\system32\DRIVERS\PBADRV.sys
18:39:34.0299 7448 PBADRV - ok
18:39:34.0330 7448 PcaSvc (358ab7956d3160000726574083dfc8a6) C:\Windows\System32\pcasvc.dll
18:39:34.0330 7448 PcaSvc - ok
18:39:34.0393 7448 pci (673e55c3498eb970088e812ea820aa8f) C:\Windows\system32\drivers\pci.sys
18:39:34.0393 7448 pci - ok
18:39:34.0439 7448 pciide (afe86f419014db4e5593f69ffe26ce0a) C:\Windows\system32\drivers\pciide.sys
18:39:34.0439 7448 pciide - ok
18:39:34.0471 7448 pcmcia (f396431b31693e71e8a80687ef523506) C:\Windows\system32\DRIVERS\pcmcia.sys
18:39:34.0471 7448 pcmcia - ok
18:39:34.0502 7448 PCTBD (3a0262b85b5bb4d4cfc096ea00ed610b) C:\Windows\system32\Drivers\PCTBD.sys
18:39:34.0502 7448 PCTBD - ok
18:39:34.0580 7448 PCTCore (0edb74bd0d52d6d94cf862322e48b94e) C:\Windows\system32\drivers\PCTCore.sys
18:39:34.0580 7448 PCTCore - ok
18:39:34.0611 7448 pctDS (8734f7346b39a710491e0ddb136da2a3) C:\Windows\system32\drivers\pctDS.sys
18:39:34.0611 7448 pctDS - ok
18:39:34.0642 7448 pctEFA (653d8079cc000ec454789740a07b84a8) C:\Windows\system32\drivers\pctEFA.sys
18:39:34.0673 7448 pctEFA - ok
18:39:34.0705 7448 PCTSD (eb98f7514dcf1b922b318e6182d836b1) C:\Windows\system32\Drivers\PCTSD.sys
18:39:34.0705 7448 PCTSD - ok
18:39:34.0736 7448 pcw (250f6b43d2b613172035c6747aeeb19f) C:\Windows\system32\drivers\pcw.sys
18:39:34.0736 7448 pcw - ok
18:39:34.0782 7448 Peachtree SmartPosting 2009 (02e22ad5a252d81fa4357855fec81129) C:\Paw2009\SmartPostingService2009.exe
18:39:34.0798 7448 Peachtree SmartPosting 2009 - ok
18:39:34.0845 7448 Peachtree SmartPosting 2011 (1ac0f275c583c3323fc36865914774b3) C:\Paw2011\SmartPostingService2011.exe
18:39:34.0954 7448 Peachtree SmartPosting 2011 - ok
18:39:35.0016 7448 Peachtree SmartPosting 2012 (d87c58dd652df387c4e9a0f9ce595d69) C:\Paw2012\SmartPostingService2012.exe
18:39:35.0032 7448 Peachtree SmartPosting 2012 - ok
18:39:35.0110 7448 PEAUTH (9e0104ba49f4e6973749a02bf41344ed) C:\Windows\system32\drivers\peauth.sys
18:39:35.0126 7448 PEAUTH - ok
18:39:35.0172 7448 PeerDistSvc (af4d64d2a57b9772cf3801950b8058a6) C:\Windows\system32\peerdistsvc.dll
18:39:35.0204 7448 PeerDistSvc - ok
18:39:35.0282 7448 pla (414bba67a3ded1d28437eb66aeb8a720) C:\Windows\system32\pla.dll
18:39:35.0313 7448 pla - ok
18:39:35.0375 7448 PlugPlay (ec7bc28d207da09e79b3e9faf8b232ca) C:\Windows\system32\umpnpmgr.dll
18:39:35.0391 7448 PlugPlay - ok
18:39:35.0484 7448 Pml Driver HPZ12 (379f7a0ec9fbe07629fd3f244d3e3e44) C:\Windows\system32\HPZipm12.dll
18:39:35.0484 7448 Pml Driver HPZ12 - ok
18:39:35.0516 7448 PNRPAutoReg (63ff8572611249931eb16bb8eed6afc8) C:\Windows\system32\pnrpauto.dll
18:39:35.0516 7448 PNRPAutoReg - ok
18:39:35.0531 7448 PNRPsvc (82a8521ddc60710c3d3d3e7325209bec) C:\Windows\system32\pnrpsvc.dll
18:39:35.0547 7448 PNRPsvc - ok
18:39:35.0594 7448 PolicyAgent (53946b69ba0836bd95b03759530c81ec) C:\Windows\System32\ipsecsvc.dll
18:39:35.0594 7448 PolicyAgent - ok
18:39:35.0640 7448 Power (f87d30e72e03d579a5199ccb3831d6ea) C:\Windows\system32\umpo.dll
18:39:35.0656 7448 Power - ok
18:39:35.0687 7448 PptpMiniport (631e3e205ad6d86f2aed6a4a8e69f2db) C:\Windows\system32\DRIVERS\raspptp.sys
18:39:35.0687 7448 PptpMiniport - ok
18:39:35.0718 7448 Processor (85b1e3a0c7585bc4aae6899ec6fcf011) C:\Windows\system32\DRIVERS\processr.sys
18:39:35.0734 7448 Processor - ok
18:39:35.0781 7448 ProfSvc (43ca4ccc22d52fb58e8988f0198851d0) C:\Windows\system32\profsvc.dll
18:39:35.0781 7448 ProfSvc - ok
18:39:35.0812 7448 ProtectedStorage (81951f51e318aecc2d68559e47485cc4) C:\Windows\system32\lsass.exe
18:39:35.0828 7448 ProtectedStorage - ok
18:39:35.0859 7448 Psched (6270ccae2a86de6d146529fe55b3246a) C:\Windows\system32\DRIVERS\pacer.sys
18:39:35.0859 7448 Psched - ok
18:39:35.0906 7448 PSINAflt (32b3fc7498240fe4a14a454a7c6a0bcc) C:\Windows\system32\DRIVERS\PSINAflt.sys
18:39:35.0906 7448 PSINAflt - ok
18:39:35.0952 7448 PSINFile (5f039f535860c865e497b4cd55cea741) C:\Windows\system32\DRIVERS\PSINFile.sys
18:39:35.0952 7448 PSINFile - ok
18:39:36.0015 7448 PSINKNC (bd28cb758d82df2e39a3fad7baaa8d6d) C:\Windows\system32\DRIVERS\psinknc.sys
18:39:36.0015 7448 PSINKNC - ok
18:39:36.0046 7448 PSINProc (1bc0fd2c2289f98bbb02bda36f41724f) C:\Windows\system32\DRIVERS\PSINProc.sys
18:39:36.0062 7448 PSINProc - ok
18:39:36.0093 7448 PSINProt (cf71fbec125cbebc363d71b5fd4fdada) C:\Windows\system32\DRIVERS\PSINProt.sys
18:39:36.0093 7448 PSINProt - ok
18:39:36.0155 7448 PSI_SVC_2 (e0d0cb09aa07b22be984e4f7ec0326f5) C:\Program Files\Common Files\Protexis\License Service\PsiService_2.exe
18:39:36.0155 7448 PSI_SVC_2 - ok
18:39:36.0218 7448 psqlWGE (2bbfa874b938a9435b82a538ddacb546) C:\Program Files\Pervasive Software\PSQL\bin\w3dbsmgr.exe
18:39:36.0218 7448 psqlWGE - ok
18:39:36.0296 7448 PxHelp20 (e42e3433dbb4cffe8fdd91eab29aea8e) C:\Windows\system32\Drivers\PxHelp20.sys
18:39:36.0296 7448 PxHelp20 - ok
18:39:36.0358 7448 ql2300 (ab95ecf1f6659a60ddc166d8315b0751) C:\Windows\system32\DRIVERS\ql2300.sys
18:39:36.0389 7448 ql2300 - ok
18:39:36.0420 7448 ql40xx (b4dd51dd25182244b86737dc51af2270) C:\Windows\system32\DRIVERS\ql40xx.sys
18:39:36.0420 7448 ql40xx - ok
18:39:37.0231 7448 QWAVE (31ac809e7707eb580b2bdb760390765a) C:\Windows\system32\qwave.dll
18:39:37.0247 7448 QWAVE - ok
18:39:37.0263 7448 QWAVEdrv (584078ca1b95ca72df2a27c336f9719d) C:\Windows\system32\drivers\qwavedrv.sys
18:39:37.0278 7448 QWAVEdrv - ok
18:39:37.0294 7448 RasAcd (30a81b53c766d0133bb86d234e5556ab) C:\Windows\system32\DRIVERS\rasacd.sys
18:39:37.0294 7448 RasAcd - ok
18:39:37.0325 7448 RasAgileVpn (57ec4aef73660166074d8f7f31c0d4fd) C:\Windows\system32\DRIVERS\AgileVpn.sys
18:39:37.0325 7448 RasAgileVpn - ok
18:39:37.0372 7448 RasAuto (a60f1839849c0c00739787fd5ec03f13) C:\Windows\System32\rasauto.dll
18:39:37.0372 7448 RasAuto - ok
18:39:37.0403 7448 Rasl2tp (d9f91eafec2815365cbe6d167e4e332a) C:\Windows\system32\DRIVERS\rasl2tp.sys
18:39:37.0403 7448 Rasl2tp - ok
18:39:37.0450 7448 RasMan (cb9e04dc05eacf5b9a36ca276d475006) C:\Windows\System32\rasmans.dll
18:39:37.0450 7448 RasMan - ok
18:39:37.0481 7448 RasPppoe (0fe8b15916307a6ac12bfb6a63e45507) C:\Windows\system32\DRIVERS\raspppoe.sys
18:39:37.0481 7448 RasPppoe - ok
18:39:37.0512 7448 RasSstp (44101f495a83ea6401d886e7fd70096b) C:\Windows\system32\DRIVERS\rassstp.sys
18:39:37.0512 7448 RasSstp - ok
18:39:37.0528 7448 rdbss (d528bc58a489409ba40334ebf96a311b) C:\Windows\system32\DRIVERS\rdbss.sys
18:39:37.0528 7448 rdbss - ok
18:39:37.0543 7448 rdpbus (0d8f05481cb76e70e1da06ee9f0da9df) C:\Windows\system32\DRIVERS\rdpbus.sys
18:39:37.0559 7448 rdpbus - ok
18:39:37.0590 7448 RDPCDD (23dae03f29d253ae74c44f99e515f9a1) C:\Windows\system32\DRIVERS\RDPCDD.sys
18:39:37.0590 7448 RDPCDD - ok
18:39:37.0621 7448 RDPDR (b973fcfc50dc1434e1970a146f7e3885) C:\Windows\system32\drivers\rdpdr.sys
18:39:37.0621 7448 RDPDR - ok
18:39:37.0653 7448 RDPENCDD (5a53ca1598dd4156d44196d200c94b8a) C:\Windows\system32\drivers\rdpencdd.sys
18:39:37.0653 7448 RDPENCDD - ok
18:39:37.0684 7448 RDPREFMP (44b0a53cd4f27d50ed461dae0c0b4e1f) C:\Windows\system32\drivers\rdprefmp.sys
18:39:37.0684 7448 RDPREFMP - ok
18:39:37.0731 7448 RdpVideoMiniport (68a0387f58e226deee23d9715955572a) C:\Windows\system32\drivers\rdpvideominiport.sys
18:39:37.0731 7448 RdpVideoMiniport - ok
18:39:37.0777 7448 RDPWD (244c83332f44589ae98fc347f11b2693) C:\Windows\system32\drivers\RDPWD.sys
18:39:37.0777 7448 RDPWD - ok
18:39:37.0840 7448 rdyboost (518395321dc96fe2c9f0e96ac743b656) C:\Windows\system32\drivers\rdyboost.sys
18:39:37.0840 7448 rdyboost - ok
18:39:37.0871 7448 RemoteAccess (7b5e1419717fac363a31cc302895217a) C:\Windows\System32\mprdim.dll
18:39:37.0871 7448 RemoteAccess - ok
18:39:37.0887 7448 RemoteRegistry (cb9a8683f4ef2bf99e123d79950d7935) C:\Windows\system32\regsvc.dll
18:39:37.0902 7448 RemoteRegistry - ok
18:39:38.0011 7448 RoxMediaDB12OEM (bddc447ab46625a54619808575d5cb46) C:\Program Files\Common Files\Roxio Shared\OEM\12.0\SharedCOM\RoxMediaDB12OEM.exe
18:39:38.0043 7448 RoxMediaDB12OEM - ok
18:39:38.0058 7448 RoxWatch12 (ce203243adf512540249df9c264f12dd) C:\Program Files\Common Files\Roxio Shared\OEM\12.0\SharedCOM\RoxWatch12OEM.exe
18:39:38.0074 7448 RoxWatch12 - ok
18:39:38.0136 7448 RpcEptMapper (78d072f35bc45d9e4e1b61895c152234) C:\Windows\System32\RpcEpMap.dll
18:39:38.0152 7448 RpcEptMapper - ok
18:39:38.0198 7448 RpcLocator (94d36c0e44677dd26981d2bfeef2a29d) C:\Windows\system32\locator.exe
18:39:38.0198 7448 RpcLocator - ok
18:39:38.0261 7448 RpcSs (7660f01d3b38aca1747e397d21d790af) C:\Windows\system32\rpcss.dll
18:39:38.0261 7448 RpcSs - ok
18:39:38.0308 7448 rspndr (032b0d36ad92b582d869879f5af5b928) C:\Windows\system32\DRIVERS\rspndr.sys
18:39:38.0323 7448 rspndr - ok
18:39:38.0354 7448 s3cap (7fa7f2e249a5dcbb7970630e15e1f482) C:\Windows\system32\drivers\vms3cap.sys
18:39:38.0354 7448 s3cap - ok
18:39:38.0401 7448 SamSs (81951f51e318aecc2d68559e47485cc4) C:\Windows\system32\lsass.exe
18:39:38.0401 7448 SamSs - ok
18:39:38.0448 7448 sbp2port (05d860da1040f111503ac416ccef2bca) C:\Windows\system32\drivers\sbp2port.sys
18:39:38.0448 7448 sbp2port - ok
18:39:38.0479 7448 SCardSvr (8fc518ffe9519c2631d37515a68009c4) C:\Windows\System32\SCardSvr.dll
18:39:38.0479 7448 SCardSvr - ok
18:39:38.0526 7448 scfilter (0693b5ec673e34dc147e195779a4dcf6) C:\Windows\system32\DRIVERS\scfilter.sys
18:39:38.0526 7448 scfilter - ok
18:39:38.0573 7448 Schedule (a04bb13f8a72f8b6e8b4071723e4e336) C:\Windows\system32\schedsvc.dll
18:39:38.0588 7448 Schedule - ok
18:39:38.0635 7448 SCPolicySvc (319c6b309773d063541d01df8ac6f55f) C:\Windows\System32\certprop.dll
18:39:38.0635 7448 SCPolicySvc - ok
18:39:38.0729 7448 sdAuxService (17d6a03103586d7954ba74c2219ce1bb) C:\Program Files\PC Tools\PC Tools Security\pctsAuxs.exe
18:39:38.0744 7448 sdAuxService - ok
18:39:38.0776 7448 sdCoreService (d2b30a5a8f57c00b0fa84a8880e9ec5b) C:\Program Files\PC Tools\PC Tools Security\pctsSvc.exe
18:39:38.0807 7448 sdCoreService - ok
18:39:38.0900 7448 SDRSVC (08236c4bce5edd0a0318a438af28e0f7) C:\Windows\System32\SDRSVC.dll
18:39:38.0900 7448 SDRSVC - ok
18:39:38.0963 7448 secdrv (90a3935d05b494a5a39d37e71f09a677) C:\Windows\system32\drivers\secdrv.sys
18:39:38.0963 7448 secdrv - ok
18:39:38.0994 7448 seclogon (a59b3a4442c52060cc7a85293aa3546f) C:\Windows\system32\seclogon.dll
18:39:38.0994 7448 seclogon - ok
18:39:39.0072 7448 SecureStorageService (e396fbc469df73692318dc90ad13ce86) C:\Program Files\Wave Systems Corp\Secure Storage Manager\SecureStorageService.exe
18:39:39.0103 7448 SecureStorageService - ok
18:39:39.0119 7448 SENS (dcb7fcdcc97f87360f75d77425b81737) C:\Windows\system32\sens.dll
18:39:39.0119 7448 SENS - ok
18:39:39.0150 7448 SensrSvc (50087fe1ee447009c9cc2997b90de53f) C:\Windows\system32\sensrsvc.dll
18:39:39.0150 7448 SensrSvc - ok
18:39:39.0181 7448 Serenum (9ad8b8b515e3df6acd4212ef465de2d1) C:\Windows\system32\DRIVERS\serenum.sys
18:39:39.0181 7448 Serenum - ok
18:39:39.0228 7448 Serial (5fb7fcea0490d821f26f39cc5ea3d1e2) C:\Windows\system32\DRIVERS\serial.sys
18:39:39.0228 7448 Serial - ok
18:39:39.0275 7448 sermouse (79bffb520327ff916a582dfea17aa813) C:\Windows\system32\DRIVERS\sermouse.sys
18:39:39.0275 7448 sermouse - ok
18:39:39.0322 7448 SessionEnv (4ae380f39a0032eab7dd953030b26d28) C:\Windows\system32\sessenv.dll
18:39:39.0322 7448 SessionEnv - ok
18:39:39.0368 7448 sffdisk (9f976e1eb233df46fce808d9dea3eb9c) C:\Windows\system32\drivers\sffdisk.sys
18:39:39.0368 7448 sffdisk - ok
18:39:39.0384 7448 sffp_mmc (932a68ee27833cfd57c1639d375f2731) C:\Windows\system32\drivers\sffp_mmc.sys
18:39:39.0384 7448 sffp_mmc - ok
18:39:39.0400 7448 sffp_sd (6d4ccaedc018f1cf52866bbbaa235982) C:\Windows\system32\drivers\sffp_sd.sys
18:39:39.0400 7448 sffp_sd - ok
18:39:39.0431 7448 sfloppy (db96666cc8312ebc45032f30b007a547) C:\Windows\system32\DRIVERS\sfloppy.sys
18:39:39.0431 7448 sfloppy - ok
18:39:39.0478 7448 SharedAccess (d1a079a0de2ea524513b6930c24527a2) C:\Windows\System32\ipnathlp.dll
18:39:39.0478 7448 SharedAccess - ok
18:39:39.0524 7448 ShellHWDetection (414da952a35bf5d50192e28263b40577) C:\Windows\System32\shsvcs.dll
18:39:39.0540 7448 ShellHWDetection - ok
18:39:39.0587 7448 sisagp (2565cac0dc9fe0371bdce60832582b2e) C:\Windows\system32\drivers\sisagp.sys
18:39:39.0587 7448 sisagp - ok
18:39:39.0634 7448 SiSRaid2 (a9f0486851becb6dda1d89d381e71055) C:\Windows\system32\DRIVERS\SiSRaid2.sys
18:39:39.0634 7448 SiSRaid2 - ok
18:39:39.0649 7448 SiSRaid4 (3727097b55738e2f554972c3be5bc1aa) C:\Windows\system32\DRIVERS\sisraid4.sys
18:39:39.0665 7448 SiSRaid4 - ok
18:39:39.0680 7448 Smb (3e21c083b8a01cb70ba1f09303010fce) C:\Windows\system32\DRIVERS\smb.sys
18:39:39.0680 7448 Smb - ok
18:39:39.0727 7448 SNMPTRAP (6a984831644eca1a33ffeae4126f4f37) C:\Windows\System32\snmptrap.exe
18:39:39.0727 7448 SNMPTRAP - ok
18:39:39.0743 7448 spldr (95cf1ae7527fb70f7816563cbc09d942) C:\Windows\system32\drivers\spldr.sys
18:39:39.0743 7448 spldr - ok
18:39:39.0790 7448 Spooler (866a43013535dc8587c258e43579c764) C:\Windows\System32\spoolsv.exe
18:39:39.0805 7448 Spooler - ok
18:39:39.0883 7448 sppsvc (cf87a1de791347e75b98885214ced2b8) C:\Windows\system32\sppsvc.exe
18:39:39.0961 7448 sppsvc - ok
18:39:40.0008 7448 sppuinotify (b0180b20b065d89232a78a40fe56eaa6) C:\Windows\system32\sppuinotify.dll
18:39:40.0008 7448 sppuinotify - ok
18:39:40.0070 7448 SQLAgent$LACERTEDB - ok
18:39:40.0133 7448 SQLBrowser (86ebd8b1f23e743aad21f4d5b4d40985) C:\Program Files\Microsoft SQL Server\90\Shared\sqlbrowser.exe
18:39:40.0133 7448 SQLBrowser - ok
18:39:40.0148 7448 SQLWriter (d89083c4eb02daca8f944b0e05e57f9d) C:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe
18:39:40.0148 7448 SQLWriter - ok
18:39:40.0242 7448 srv (e4c2764065d66ea1d2d3ebc28fe99c46) C:\Windows\system32\DRIVERS\srv.sys
18:39:40.0257 7448 srv - ok
18:39:40.0320 7448 srv2 (03f0545bd8d4c77fa0ae1ceedfcc71ab) C:\Windows\system32\DRIVERS\srv2.sys
18:39:40.0320 7448 srv2 - ok
18:39:40.0335 7448 srvnet (be6bd660caa6f291ae06a718a4fa8abc) C:\Windows\system32\DRIVERS\srvnet.sys
18:39:40.0335 7448 srvnet - ok
18:39:40.0382 7448 SSDPSRV (d887c9fd02ac9fa880f6e5027a43e118) C:\Windows\System32\ssdpsrv.dll
18:39:40.0382 7448 SSDPSRV - ok
18:39:40.0398 7448 SstpSvc (d318f23be45d5e3a107469eb64815b50) C:\Windows\system32\sstpsvc.dll
18:39:40.0413 7448 SstpSvc - ok
18:39:40.0445 7448 stexstor (db32d325c192b801df274bfd12a7e72b) C:\Windows\system32\DRIVERS\stexstor.sys
18:39:40.0445 7448 stexstor - ok
18:39:40.0491 7448 StiSvc (e1fb3706030fb4578a0d72c2fc3689e4) C:\Windows\System32\wiaservc.dll
18:39:40.0491 7448 StiSvc - ok
18:39:40.0554 7448 stllssvr (9e182dd94496550a22a392cc1a8e0f52) C:\Program Files\Common Files\SureThing Shared\stllssvr.exe
18:39:40.0554 7448 stllssvr - ok
18:39:40.0632 7448 storflt (472af0311073dceceaa8fa18ba2bdf89) C:\Windows\system32\drivers\vmstorfl.sys
18:39:40.0647 7448 storflt - ok
18:39:40.0663 7448 storvsc (dcaffd62259e0bdb433dd67b5bb37619) C:\Windows\system32\drivers\storvsc.sys
18:39:40.0663 7448 storvsc - ok
18:39:40.0741 7448 svcGenericHost - ok
18:39:40.0772 7448 swenum (e58c78a848add9610a4db6d214af5224) C:\Windows\system32\drivers\swenum.sys
18:39:40.0772 7448 swenum - ok
18:39:40.0803 7448 swprv (a28bd92df340e57b024ba433165d34d7) C:\Windows\System32\swprv.dll
18:39:40.0819 7448 swprv - ok
18:39:40.0866 7448 Synth3dVsc - ok
18:39:40.0928 7448 SysMain (36650d618ca34c9d357dfd3d89b2c56f) C:\Windows\system32\sysmain.dll
18:39:40.0959 7448 SysMain - ok
18:39:40.0991 7448 TabletInputService (763fecdc3d30c815fe72dd57936c6cd1) C:\Windows\System32\TabSvc.dll
18:39:41.0006 7448 TabletInputService - ok
18:39:41.0037 7448 TapiSrv (613bf4820361543956909043a265c6ac) C:\Windows\System32\tapisrv.dll
18:39:41.0053 7448 TapiSrv - ok
18:39:41.0069 7448 TBS (b799d9fdb26111737f58288d8dc172d9) C:\Windows\System32\tbssvc.dll
18:39:41.0084 7448 TBS - ok
18:39:41.0147 7448 Tcpip (65d10b191c59c5501a1263fc33f6894b) C:\Windows\system32\drivers\tcpip.sys
18:39:41.0178 7448 Tcpip - ok
18:39:41.0209 7448 TCPIP6 (65d10b191c59c5501a1263fc33f6894b) C:\Windows\system32\DRIVERS\tcpip.sys
18:39:41.0225 7448 TCPIP6 - ok
18:39:41.0256 7448 tcpipreg (cca24162e055c3714ce5a88b100c64ed) C:\Windows\system32\drivers\tcpipreg.sys
18:39:41.0271 7448 tcpipreg - ok
18:39:41.0349 7448 tcsd_win32.exe (69f1a38a6dbfe682491cb61a596662e3) C:\Program Files\NTRU Cryptosystems\NTRU TCG Software Stack\bin\tcsd_win32.exe
18:39:41.0381 7448 tcsd_win32.exe - ok
18:39:41.0459 7448 TdmService (a405d39f4dd131954c39114fba31a5e0) C:\Program Files\Wave Systems Corp\Trusted Drive Manager\TdmService.exe
18:39:41.0490 7448 TdmService - ok
18:39:41.0583 7448 TDPIPE (1cb91b2bd8f6dd367dfc2ef26fd751b2) C:\Windows\system32\drivers\tdpipe.sys
18:39:41.0583 7448 TDPIPE - ok
18:39:41.0646 7448 TDTCP (2c2c5afe7ee4f620d69c23c0617651a8) C:\Windows\system32\drivers\tdtcp.sys
18:39:41.0646 7448 TDTCP - ok
18:39:41.0692 7448 tdx (b459575348c20e8121d6039da063c704) C:\Windows\system32\DRIVERS\tdx.sys
18:39:41.0692 7448 tdx - ok
18:39:41.0724 7448 TermDD (04dbf4b01ea4bf25a9a3e84affac9b20) C:\Windows\system32\drivers\termdd.sys
18:39:41.0724 7448 TermDD - ok
18:39:41.0770 7448 TermService (382c804c92811be57829d8e550a900e2) C:\Windows\System32\termsrv.dll
18:39:41.0786 7448 TermService - ok
18:39:41.0817 7448 Themes (42fb6afd6b79d9fe07381609172e7ca4) C:\Windows\system32\themeservice.dll
18:39:41.0817 7448 Themes - ok
18:39:41.0848 7448 THREADORDER (146b6f43a673379a3c670e86d89be5ea) C:\Windows\system32\mmcss.dll
18:39:41.0848 7448 THREADORDER - ok
18:39:41.0880 7448 tmcomm (949ef0df929a71d6cc77494dfcb1ddeb) C:\Windows\system32\DRIVERS\tmcomm.sys
18:39:41.0880 7448 tmcomm - ok
18:39:41.0926 7448 TmFilter - ok
18:39:41.0926 7448 tmlisten - ok
18:39:41.0958 7448 tmlwf (4e87d02e56e9b1af831c5d521597d629) C:\Windows\system32\DRIVERS\tmlwf.sys
18:39:41.0958 7448 tmlwf - ok
18:39:41.0973 7448 TmPfw - ok
18:39:41.0973 7448 TmPreFilter - ok
18:39:41.0989 7448 TmProxy - ok
18:39:42.0004 7448 tmtdi (44c262c1b2412ded35078b6166d2acc2) C:\Windows\system32\DRIVERS\tmtdi.sys
18:39:42.0020 7448 tmtdi - ok
18:39:42.0036 7448 tmwfp (d9882fd91b7c4c35acaa8498d1f3cd68) C:\Windows\system32\DRIVERS\tmwfp.sys
18:39:42.0051 7448 tmwfp - ok
18:39:42.0082 7448 TrkWks (4792c0378db99a9bc2ae2de6cfff0c3a) C:\Windows\System32\trkwks.dll
18:39:42.0082 7448 TrkWks - ok
18:39:42.0129 7448 TrustedInstaller (2c49b175aee1d4364b91b531417fe583) C:\Windows\servicing\TrustedInstaller.exe
18:39:42.0129 7448 TrustedInstaller - ok
18:39:42.0160 7448 tssecsrv (254bb140eee3c59d6114c1a86b636877) C:\Windows\system32\DRIVERS\tssecsrv.sys
18:39:42.0160 7448 tssecsrv - ok
18:39:42.0207 7448 TsUsbFlt (fd1d6c73e6333be727cbcc6054247654) C:\Windows\system32\drivers\tsusbflt.sys
18:39:42.0207 7448 TsUsbFlt - ok
18:39:42.0223 7448 tsusbhub - ok
18:39:42.0270 7448 tunnel (b2fa25d9b17a68bb93d58b0556e8c90d) C:\Windows\system32\DRIVERS\tunnel.sys
18:39:42.0285 7448 tunnel - ok
18:39:42.0316 7448 uagp35 (750fbcb269f4d7dd2e420c56b795db6d) C:\Windows\system32\DRIVERS\uagp35.sys
18:39:42.0316 7448 uagp35 - ok
18:39:42.0348 7448 udfs (ee43346c7e4b5e63e54f927babbb32ff) C:\Windows\system32\DRIVERS\udfs.sys
18:39:42.0348 7448 udfs - ok
18:39:42.0394 7448 UI0Detect (8344fd4fce927880aa1aa7681d4927e5) C:\Windows\system32\UI0Detect.exe
18:39:42.0394 7448 UI0Detect - ok
18:39:42.0457 7448 uliagpkx (44e8048ace47befbfdc2e9be4cbc8880) C:\Windows\system32\drivers\uliagpkx.sys
18:39:42.0457 7448 uliagpkx - ok
18:39:42.0504 7448 umbus (d295bed4b898f0fd999fcfa9b32b071b) C:\Windows\system32\drivers\umbus.sys
18:39:42.0504 7448 umbus - ok
18:39:42.0535 7448 UmPass (7550ad0c6998ba1cb4843e920ee0feac) C:\Windows\system32\DRIVERS\umpass.sys
18:39:42.0535 7448 UmPass - ok
18:39:42.0597 7448 UmRdpService (409994a8eaceee4e328749c0353527a0) C:\Windows\System32\umrdp.dll
18:39:42.0597 7448 UmRdpService - ok
18:39:42.0628 7448 upnphost (833fbb672460efce8011d262175fad33) C:\Windows\System32\upnphost.dll
18:39:42.0644 7448 upnphost - ok
18:39:42.0675 7448 usbccgp (bd9c55d7023c5de374507acc7a14e2ac) C:\Windows\system32\DRIVERS\usbccgp.sys
18:39:42.0675 7448 usbccgp - ok
18:39:42.0722 7448 usbcir (04ec7cec62ec3b6d9354eee93327fc82) C:\Windows\system32\drivers\usbcir.sys
18:39:42.0738 7448 usbcir - ok
18:39:42.0769 7448 usbehci (f92de757e4b7ce9c07c5e65423f3ae3b) C:\Windows\system32\DRIVERS\usbehci.sys
18:39:42.0769 7448 usbehci - ok
18:39:42.0816 7448 usbhub (8dc94aec6a7e644a06135ae7506dc2e9) C:\Windows\system32\DRIVERS\usbhub.sys
18:39:42.0816 7448 usbhub - ok
18:39:42.0862 7448 usbohci (a6fb7957ea7afb1165991e54ce934b74) C:\Windows\system32\DRIVERS\usbohci.sys
18:39:42.0862 7448 usbohci - ok
18:39:42.0894 7448 usbprint (797d862fe0875e75c7cc4c1ad7b30252) C:\Windows\system32\DRIVERS\usbprint.sys
18:39:42.0894 7448 usbprint - ok
18:39:42.0925 7448 usbscan (576096ccbc07e7c4ea4f5e6686d6888f) C:\Windows\system32\DRIVERS\usbscan.sys
18:39:42.0925 7448 usbscan - ok
18:39:42.0956 7448 USBSTOR (f991ab9cc6b908db552166768176896a) C:\Windows\system32\DRIVERS\USBSTOR.SYS
18:39:42.0956 7448 USBSTOR - ok
18:39:43.0003 7448 usbuhci (68df884cf41cdada664beb01daf67e3d) C:\Windows\system32\DRIVERS\usbuhci.sys
18:39:43.0003 7448 usbuhci - ok
18:39:43.0018 7448 UxSms (081e6e1c91aec36758902a9f727cd23c) C:\Windows\System32\uxsms.dll
18:39:43.0018 7448 UxSms - ok
18:39:43.0081 7448 VaultSvc (81951f51e318aecc2d68559e47485cc4) C:\Windows\system32\lsass.exe
18:39:43.0081 7448 VaultSvc - ok
18:39:43.0143 7448 vdrvroot (a059c4c3edb09e07d21a8e5c0aabd3cb) C:\Windows\system32\drivers\vdrvroot.sys
18:39:43.0143 7448 vdrvroot - ok
18:39:43.0190 7448 vds (c3cd30495687c2a2f66a65ca6fd89be9) C:\Windows\System32\vds.exe
18:39:43.0206 7448 vds - ok
18:39:43.0221 7448 vga (17c408214ea61696cec9c66e388b14f3) C:\Windows\system32\DRIVERS\vgapnp.sys
18:39:43.0237 7448 vga - ok
18:39:43.0252 7448 VgaSave (8e38096ad5c8570a6f1570a61e251561) C:\Windows\System32\drivers\vga.sys
18:39:43.0252 7448 VgaSave - ok
18:39:43.0284 7448 VGPU - ok
18:39:43.0315 7448 vhdmp (5461686cca2fda57b024547733ab42e3) C:\Windows\system32\drivers\vhdmp.sys
18:39:43.0330 7448 vhdmp - ok
18:39:43.0362 7448 viaagp (c829317a37b4bea8f39735d4b076e923) C:\Windows\system32\drivers\viaagp.sys
18:39:43.0362 7448 viaagp - ok
18:39:43.0377 7448 ViaC7 (e02f079a6aa107f06b16549c6e5c7b74) C:\Windows\system32\DRIVERS\viac7.sys
18:39:43.0393 7448 ViaC7 - ok
18:39:43.0424 7448 viaide (e43574f6a56a0ee11809b48c09e4fd3c) C:\Windows\system32\drivers\viaide.sys
18:39:43.0424 7448 viaide - ok
18:39:43.0455 7448 vmbus (c2f2911156fdc7817c52829c86da494e) C:\Windows\system32\drivers\vmbus.sys
18:39:43.0455 7448 vmbus - ok
18:39:43.0486 7448 VMBusHID (d4d77455211e204f370d08f4963063ce) C:\Windows\system32\drivers\VMBusHID.sys
18:39:43.0486 7448 VMBusHID - ok
18:39:43.0502 7448 volmgr (4c63e00f2f4b5f86ab48a58cd990f212) C:\Windows\system32\drivers\volmgr.sys
18:39:43.0502 7448 volmgr - ok
18:39:43.0533 7448 volmgrx (b5bb72067ddddbbfb04b2f89ff8c3c87) C:\Windows\system32\drivers\volmgrx.sys
18:39:43.0533 7448 volmgrx - ok
18:39:43.0564 7448 volsnap (f497f67932c6fa693d7de2780631cfe7) C:\Windows\system32\drivers\volsnap.sys
18:39:43.0564 7448 volsnap - ok
18:39:43.0595 7448 vpcbus (b26536add1d748cda104d856c979ae79) C:\Windows\system32\DRIVERS\vpchbus.sys
18:39:43.0595 7448 vpcbus - ok
18:39:43.0658 7448 vpcnfltr (a0f7e923a6261760130f22b85df9040e) C:\Windows\system32\DRIVERS\vpcnfltr.sys
18:39:43.0673 7448 vpcnfltr - ok
18:39:43.0705 7448 vpcusb (5f4b55e91ce7e2523c9e1e0ece858869) C:\Windows\system32\DRIVERS\vpcusb.sys
18:39:43.0705 7448 vpcusb - ok
18:39:43.0720 7448 vpcvmm (b487191fe18d6863381a1ac55482469a) C:\Windows\system32\drivers\vpcvmm.sys
18:39:43.0736 7448 vpcvmm - ok
18:39:43.0767 7448 VSApiNt - ok
18:39:43.0798 7448 vsmraid (9dfa0cc2f8855a04816729651175b631) C:\Windows\system32\DRIVERS\vsmraid.sys
18:39:43.0798 7448 vsmraid - ok
18:39:43.0861 7448 VSS (209a3b1901b83aeb8527ed211cce9e4c) C:\Windows\system32\vssvc.exe
18:39:43.0892 7448 VSS - ok
18:39:43.0907 7448 vwifibus (90567b1e658001e79d7c8bbd3dde5aa6) C:\Windows\System32\drivers\vwifibus.sys
18:39:43.0907 7448 vwifibus - ok
18:39:43.0954 7448 W32Time (55187fd710e27d5095d10a472c8baf1c) C:\Windows\system32\w32time.dll
18:39:43.0954 7448 W32Time - ok
18:39:43.0985 7448 WacomPen (de3721e89c653aa281428c8a69745d90) C:\Windows\system32\DRIVERS\wacompen.sys
18:39:43.0985 7448 WacomPen - ok
18:39:44.0017 7448 WANARP (3c3c78515f5ab448b022bdf5b8ffdd2e) C:\Windows\system32\DRIVERS\wanarp.sys
18:39:44.0032 7448 WANARP - ok
18:39:44.0032 7448 Wanarpv6 (3c3c78515f5ab448b022bdf5b8ffdd2e) C:\Windows\system32\DRIVERS\wanarp.sys
18:39:44.0032 7448 Wanarpv6 - ok
18:39:44.0079 7448 WatAdminSvc (353a04c273ec58475d8633e75ccd5604) C:\Windows\system32\Wat\WatAdminSvc.exe
18:39:44.0110 7448 WatAdminSvc - ok
18:39:44.0157 7448 WavxDMgr (fbf43b275efc98799e76d57e5437edee) C:\Windows\system32\DRIVERS\WavxDMgr.sys
18:39:44.0157 7448 WavxDMgr - ok
18:39:44.0219 7448 wbengine (691e3285e53dca558e1a84667f13e15a) C:\Windows\system32\wbengine.exe
18:39:44.0235 7448 wbengine - ok
18:39:44.0282 7448 WbioSrvc (9614b5d29dc76ac3c29f6d2d3aa70e67) C:\Windows\System32\wbiosrvc.dll
18:39:44.0282 7448 WbioSrvc - ok
18:39:44.0329 7448 wcncsvc (34eee0dfaadb4f691d6d5308a51315dc) C:\Windows\System32\wcncsvc.dll
18:39:44.0329 7448 wcncsvc - ok
18:39:44.0360 7448 WcsPlugInService (5d930b6357a6d2af4d7653bdabbf352f) C:\Windows\System32\WcsPlugInService.dll
18:39:44.0360 7448 WcsPlugInService - ok
18:39:44.0391 7448 Wd (1112a9badacb47b7c0bb0392e3158dff) C:\Windows\system32\DRIVERS\wd.sys
18:39:44.0407 7448 Wd - ok
18:39:44.0422 7448 Wdf01000 (9950e3d0f08141c7e89e64456ae7dc73) C:\Windows\system32\drivers\Wdf01000.sys
18:39:44.0438 7448 Wdf01000 - ok
18:39:44.0469 7448 WdiServiceHost (46ef9dc96265fd0b423db72e7c38c2a5) C:\Windows\system32\wdi.dll
18:39:44.0469 7448 WdiServiceHost - ok
18:39:44.0469 7448 WdiSystemHost (46ef9dc96265fd0b423db72e7c38c2a5) C:\Windows\system32\wdi.dll
18:39:44.0469 7448 WdiSystemHost - ok
18:39:44.0516 7448 WebClient (a9d880f97530d5b8fee278923349929d) C:\Windows\System32\webclnt.dll
18:39:44.0516 7448 WebClient - ok
18:39:44.0547 7448 Wecsvc (760f0afe937a77cff27153206534f275) C:\Windows\system32\wecsvc.dll
18:39:44.0547 7448 Wecsvc - ok
18:39:44.0563 7448 wercplsupport (ac804569bb2364fb6017370258a4091b) C:\Windows\System32\wercplsupport.dll
18:39:44.0578 7448 wercplsupport - ok
18:39:44.0594 7448 WerSvc (08e420d873e4fd85241ee2421b02c4a4) C:\Windows\System32\WerSvc.dll
18:39:44.0609 7448 WerSvc - ok
18:39:44.0656 7448 WfpLwf (8b9a943f3b53861f2bfaf6c186168f79) C:\Windows\system32\DRIVERS\wfplwf.sys
18:39:44.0656 7448 WfpLwf - ok
18:39:44.0687 7448 WIMMount (5cf95b35e59e2a38023836fff31be64c) C:\Windows\system32\drivers\wimmount.sys
18:39:44.0687 7448 WIMMount - ok
18:39:44.0750 7448 WinDefend (3fae8f94296001c32eab62cd7d82e0fd) C:\Program Files\Windows Defender\mpsvc.dll
18:39:44.0765 7448 WinDefend - ok
18:39:44.0765 7448 WinHttpAutoProxySvc - ok
18:39:44.0812 7448 Winmgmt (f62e510b6ad4c21eb9fe8668ed251826) C:\Windows\system32\wbem\WMIsvc.dll
18:39:44.0812 7448 Winmgmt - ok
18:39:44.0875 7448 WinRM (1b91cd34ea3a90ab6a4ef0550174f4cc) C:\Windows\system32\WsmSvc.dll
18:39:44.0906 7448 WinRM - ok
18:39:44.0953 7448 WinUsb (a67e5f9a400f3bd1be3d80613b45f708) C:\Windows\system32\DRIVERS\WinUsb.sys
18:39:44.0953 7448 WinUsb - ok
18:39:44.0999 7448 Wlansvc (16935c98ff639d185086a3529b1f2067) C:\Windows\System32\wlansvc.dll
18:39:45.0015 7448 Wlansvc - ok
18:39:45.0077 7448 wlcrasvc (6067acef367e79914af628fa1e9b5330) C:\Program Files\Windows Live\Mesh\wlcrasvc.exe
18:39:45.0077 7448 wlcrasvc - ok
18:39:45.0140 7448 wlidsvc (0a70f4022ec2e14c159efc4f69aa2477) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
18:39:45.0186 7448 wlidsvc - ok
18:39:45.0280 7448 WmiAcpi (0217679b8fca58714c3bf2726d2ca84e) C:\Windows\system32\drivers\wmiacpi.sys
18:39:45.0280 7448 WmiAcpi - ok
18:39:45.0342 7448 wmiApSrv (6eb6b66517b048d87dc1856ddf1f4c3f) C:\Windows\system32\wbem\WmiApSrv.exe
18:39:45.0342 7448 wmiApSrv - ok
18:39:45.0420 7448 WMPNetworkSvc (3b40d3a61aa8c21b88ae57c58ab3122e) C:\Program Files\Windows Media Player\wmpnetwk.exe
18:39:45.0452 7448 WMPNetworkSvc - ok
18:39:45.0545 7448 WPCSvc (a2f0ec770a92f2b3f9de6d518e11409c) C:\Windows\System32\wpcsvc.dll
18:39:45.0545 7448 WPCSvc - ok
18:39:45.0608 7448 WPDBusEnum (aa53356d60af47eacc85bc617a4f3f66) C:\Windows\system32\wpdbusenum.dll
18:39:45.0608 7448 WPDBusEnum - ok
18:39:45.0639 7448 ws2ifsl (6db3276587b853bf886b69528fdb048c) C:\Windows\system32\drivers\ws2ifsl.sys
18:39:45.0654 7448 ws2ifsl - ok
18:39:45.0670 7448 wscsvc (6f5d49efe0e7164e03ae773a3fe25340) C:\Windows\system32\wscsvc.dll
18:39:45.0670 7448 wscsvc - ok
18:39:45.0686 7448 WSearch - ok
18:39:45.0764 7448 wuauserv (3026418a50c5b4761befa632cedb7406) C:\Windows\system32\wuaueng.dll
18:39:45.0810 7448 wuauserv - ok
18:39:45.0857 7448 WudfPf (e714a1c0354636837e20ccbf00888ee7) C:\Windows\system32\drivers\WudfPf.sys
18:39:45.0857 7448 WudfPf - ok
18:39:45.0904 7448 WUDFRd (1023ee888c9b47178c5293ed5336ab69) C:\Windows\system32\DRIVERS\WUDFRd.sys
18:39:45.0904 7448 WUDFRd - ok
18:39:45.0935 7448 wudfsvc (8d1e1e529a2c9e9b6a85b55a345f7629) C:\Windows\System32\WUDFSvc.dll
18:39:45.0951 7448 wudfsvc - ok
18:39:45.0982 7448 WwanSvc (ff2d745b560f7c71b31f30f4d49f73d2) C:\Windows\System32\wwansvc.dll
18:39:45.0998 7448 WwanSvc - ok
18:39:46.0013 7448 MBR (0x1B8) (cdb4de4bbd714f152979da2dcbef57eb) \Device\Harddisk0\DR0
18:39:46.0076 7448 \Device\Harddisk0\DR0 - ok
18:39:46.0076 7448 MBR (0x1B8) (8f558eb6672622401da993e1e865c861) \Device\Harddisk1\DR1
18:39:48.0306 7448 \Device\Harddisk1\DR1 - ok
18:39:48.0306 7448 Boot (0x1200) (d484c7e4f12e66037ee4bfeab40ceebd) \Device\Harddisk0\DR0\Partition0
18:39:48.0306 7448 \Device\Harddisk0\DR0\Partition0 - ok
18:39:48.0322 7448 Boot (0x1200) (9fa5f802b169b8aa5567730a2125874b) \Device\Harddisk0\DR0\Partition1
18:39:48.0322 7448 \Device\Harddisk0\DR0\Partition1 - ok
18:39:48.0322 7448 Boot (0x1200) (9f7016e4e40f0c1c13b539b3a4156b97) \Device\Harddisk1\DR1\Partition0
18:39:48.0322 7448 \Device\Harddisk1\DR1\Partition0 - ok
18:39:48.0322 7448 ============================================================
18:39:48.0322 7448 Scan finished
18:39:48.0322 7448 ============================================================
18:39:48.0337 9000 Detected object count: 0
18:39:48.0337 9000 Actual detected object count: 0


aswMBR version 0.9.9.1665 Copyright© 2011 AVAST Software
Run date: 2012-04-10 18:41:59
-----------------------------
18:41:59.892 OS Version: Windows 6.1.7601 Service Pack 1
18:41:59.892 Number of processors: 4 586 0x1A05
18:41:59.892 ComputerName: JUNIOR5 UserName:
18:42:27.486 Initialize success
18:47:59.763 AVAST engine defs: 12041002
19:22:55.364 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IAAStorageDevice-1
19:22:55.364 Disk 0 Vendor: WDC_WD25 02.0 Size: 238418MB BusType: 8
19:22:55.411 Disk 0 MBR read successfully
19:22:55.411 Disk 0 MBR scan
19:22:55.442 Disk 0 Windows VISTA default MBR code
19:22:55.442 Disk 0 Partition 1 00 DE Dell Utility Dell 8.0 39 MB offset 63
19:22:55.457 Disk 0 Partition 2 80 (A) 07 HPFS/NTFS NTFS 750 MB offset 81920
19:22:55.473 Disk 0 Partition 3 00 07 HPFS/NTFS NTFS 237627 MB offset 1617920
19:22:55.473 Disk 0 scanning sectors +488278016
19:22:55.582 Disk 0 scanning C:\Windows\system32\drivers
19:23:10.526 Service scanning
19:23:23.052 Service MpNWMon C:\Windows\system32\DRIVERS\MpNWMon.sys **LOCKED** 32
19:23:40.898 Modules scanning
19:24:07.931 Disk 0 trace - called modules:
19:24:07.962 ntkrnlpa.exe CLASSPNP.SYS disk.sys PCTCore.sys iaStorV.sys halmacpi.dll
19:24:07.962 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0x86f5f988]
19:24:07.978 3 CLASSPNP.SYS[8c47259e] -> nt!IofCallDriver -> [0x86f5a2a8]
19:24:07.978 5 PCTCore.sys[8bd79407] -> nt!IofCallDriver -> \Device\Ide\IAAStorageDevice-1[0x8608f028]
19:24:08.976 AVAST engine scan C:\Windows
19:24:15.574 AVAST engine scan C:\Windows\system32
19:28:29.858 AVAST engine scan C:\Windows\system32\drivers
19:28:47.610 AVAST engine scan C:\Users\mjadmin2.CORP
19:30:35.961 AVAST engine scan C:\ProgramData
19:32:09.400 Scan finished successfully
19:33:11.219 Disk 0 MBR has been saved successfully to "C:\Users\mjadmin2.CORP\Desktop\MBR.dat"
19:33:11.266 The log file has been saved successfully to "C:\Users\mjadmin2.CORP\Desktop\aswMBR.txt"

#12 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 135,634 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:11:44 PM

Posted 10 April 2012 - 07:45 PM

Hello


most likely it was the virus messing things up and the removal of this virus caused the problems


I would uninstall .net from add/remove and then run this tool - http://blogs.msdn.com/cfs-file.ashx/__key/CommunityServer-Components-PostAttachments/00-08-90-44-93/dotnetfx_5F00_cleanup_5F00_tool.zip


reinstall all .net and see if it works


gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic


Please Only Copy And Paste Reports Into Topic - Do Not Attach

My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#13 mjtaxpro

mjtaxpro
  • Topic Starter

  • Members
  • 16 posts
  • OFFLINE
  •  
  • Local time:09:44 PM

Posted 10 April 2012 - 08:48 PM

when i download the microsoft.net 3.5 framework and try to run it nothing happens. I click on the icon and nothing happens. still get same error message. could it have to do with not re-enabling something in defogger.

#14 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 135,634 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:11:44 PM

Posted 10 April 2012 - 09:10 PM

Hello


you can try defogger but it should have nothing to do with it - defogger only stops a type of program that makes virtual drives on the computer



:Run CFScript:

Open Notepad and copy/paste the text in the box into the window:

ClearJavaCache::

Save it to your desktop as CFScript.txt

Refering to the picture above, drag CFScript.txt into ComboFix.exe
Posted Image
This will let ComboFix run again.
Restart if you have to.
Save the produced logfile to your desktop.

Note: Do not mouseclick combofix's window whilst it's running. That may cause it to stall

Note 2: If you recieve an error "Illegal operation attempted on a registery key that has been marked for deletion." Please restart the computer

"information and logs"

  • In your next post I need the following

  • report from Combofix
  • let me know of any problems you may have had
  • How is the computer doing now after running the script?

Gringo

I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic


Please Only Copy And Paste Reports Into Topic - Do Not Attach

My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#15 mjtaxpro

mjtaxpro
  • Topic Starter

  • Members
  • 16 posts
  • OFFLINE
  •  
  • Local time:09:44 PM

Posted 12 April 2012 - 08:35 PM

still having the same problem with the microsoft.net 3.5 framework. the other day when i tried to go to add/remove programs it wasnt even in the list of programs, so all i really did was uninstall framework 1.1 and also 4.0. then using that tool you told me to use, all it saw was the 1.1 and 4.0 as well, and not the 3.5. i tried reinstalling 3.5 and still having problems. could something be blocking the file somehow which is keeping it from uninstalling and also keeping me from reinstalling.

I really appreciate all your help.

ran combofix again with the cfscript and still took about 20 minutes but didnt have to restart it at all this time. heres the log. when i ran combofix the first time were you able to tell that it removed a virus.


ComboFix 12-04-09.07 - mjadmin2 04/12/12 20:10:16.2.4 - x86
Microsoft Windows 7 Ultimate 6.1.7601.1.1252.1.1033.18.3326.2185 [GMT -5:00]
Running from: c:\users\mjadmin2.CORP\Desktop\ComboFix.exe
Command switches used :: c:\users\mjadmin2.CORP\Desktop\CFScript.txt
AV: Microsoft Security Essentials *Disabled/Updated* {108DAC43-C256-20B7-BB05-914135DA5160}
AV: Panda Cloud Antivirus *Disabled/Updated* {86971480-9989-6750-B122-681A86518D59}
SP: Microsoft Security Essentials *Disabled/Updated* {ABEC4DA7-E46C-2F39-81B5-AA334E5D1BDD}
SP: Panda Cloud Antivirus *Disabled/Updated* {3DF6F564-BFB3-68DE-8B92-5368FDD6C7E4}
SP: PC Tools Spyware Doctor *Disabled/Updated* {94076BB2-F3DA-227F-9A1E-F060FF73600F}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\users\mj6\AppData\Local\assembly\tmp
c:\users\mj6\g2mdlhlpx.exe
.
.
((((((((((((((((((((((((( Files Created from 2012-03-13 to 2012-04-13 )))))))))))))))))))))))))))))))
.
.
2012-04-13 01:24 . 2012-04-13 01:25 -------- d-----w- c:\users\mjadmin2.CORP\AppData\Local\temp
2012-04-13 01:24 . 2012-04-13 01:24 -------- d-----w- c:\users\msadmin2\AppData\Local\temp
2012-04-13 01:24 . 2012-04-13 01:24 -------- d-----w- c:\users\mjadmin2\AppData\Local\temp
2012-04-13 01:24 . 2012-04-13 01:24 -------- d-----w- c:\users\MJADMI~1~COR\AppData\Local\temp
2012-04-13 01:24 . 2012-04-13 01:24 -------- d-----w- c:\users\mj6\AppData\Local\temp
2012-04-13 01:24 . 2012-04-13 01:24 -------- d-----w- c:\users\mj5\AppData\Local\temp
2012-04-13 01:24 . 2012-04-13 01:24 -------- d-----w- c:\users\mj4\AppData\Local\temp
2012-04-13 01:24 . 2012-04-13 01:24 -------- d-----w- c:\users\Default\AppData\Local\temp
2012-04-12 14:28 . 2012-03-14 02:15 6582328 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{67C8E961-EECE-49C3-8407-A26D1CFC4C7F}\mpengine.dll
2012-04-09 16:30 . 2012-04-09 16:30 -------- d-----w- c:\users\mj6\AppData\Roaming\Panda Security
2012-03-31 23:12 . 2012-03-31 23:12 -------- d-----w- c:\programdata\HitmanPro
2012-03-31 23:01 . 2012-03-31 23:01 -------- d-----w- c:\program files\Common Files\Java
2012-03-31 23:01 . 2012-03-31 23:00 637848 ----a-w- c:\windows\system32\npdeployJava1.dll
2012-03-31 22:56 . 2012-03-31 23:05 -------- d-----w- c:\program files\Java
2012-03-31 21:16 . 2011-09-28 18:14 56840 ----a-w- c:\windows\system32\drivers\PCTBD.sys
2012-03-31 21:16 . 2012-02-17 20:08 767952 ----a-w- c:\windows\BDTSupport.dll
2012-03-31 21:16 . 2012-02-17 20:08 149456 ----a-w- c:\windows\SGDetectionTool.dll
2012-03-31 20:57 . 2012-03-31 21:14 -------- d-----w- c:\programdata\PC Tools
2012-03-31 20:57 . 2012-03-31 20:57 -------- d-----w- c:\users\mjadmin2.CORP\AppData\Roaming\TestApp
2012-03-31 20:53 . 2012-03-31 20:53 -------- d-----w- c:\users\mj6\AppData\Local\panda2_0dn
2012-03-31 20:47 . 2012-03-31 20:47 -------- d-----w- c:\users\mjadmin2.CORP\AppData\Roaming\Panda Security
2012-03-31 20:46 . 2012-03-31 20:46 -------- d-----w- c:\program files\Toolbar Cleaner
2012-03-31 20:46 . 2012-03-31 20:46 -------- d-----w- c:\users\mjadmin2.CORP\AppData\Local\panda2_0dn
2012-03-31 20:46 . 2012-04-13 01:03 -------- d-----w- c:\programdata\Panda Security URL Filtering
2012-03-31 20:46 . 2012-04-10 02:03 -------- d-----w- c:\users\RP
2012-03-31 20:45 . 2012-03-31 20:46 -------- d-----w- c:\program files\Panda Security
2012-03-31 20:45 . 2012-03-31 20:45 -------- d-----w- c:\programdata\Panda Security
2012-03-31 20:45 . 2012-03-31 20:45 -------- d-----w- C:\temp
2012-03-31 18:41 . 2012-03-31 18:41 -------- d-----w- c:\users\mj6\AppData\Roaming\Malwarebytes
2012-03-31 16:54 . 2012-03-31 16:54 418464 ----a-w- c:\windows\system32\FlashPlayerApp.exe
2012-03-31 16:24 . 2012-03-31 16:24 -------- d-----w- c:\users\mjadmin2.CORP\AppData\Roaming\Malwarebytes
2012-03-31 16:24 . 2012-03-31 16:24 -------- d-----w- c:\programdata\Malwarebytes
2012-03-31 16:24 . 2012-03-31 16:24 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2012-03-31 16:24 . 2011-12-10 20:24 20464 ----a-w- c:\windows\system32\drivers\mbam.sys
2012-03-30 20:34 . 2012-03-30 20:34 -------- d-----w- c:\users\mj6\AppData\Local\{0E075A5F-7AA8-11E1-826D-B8AC6F996F26}
2012-03-29 13:25 . 2009-08-20 05:50 22872 ----a-r- c:\windows\system32\AdobePDFUI.dll
2012-03-22 19:12 . 2012-03-22 19:12 4435968 ----a-w- c:\windows\system32\GPhotos.scr
2012-03-14 23:34 . 2011-11-19 14:50 3968368 ----a-w- c:\windows\system32\ntkrnlpa.exe
2012-03-14 23:34 . 2011-11-19 14:50 3913584 ----a-w- c:\windows\system32\ntoskrnl.exe
2012-03-14 13:39 . 2012-02-10 05:38 1077248 ----a-w- c:\windows\system32\DWrite.dll
2012-03-14 13:39 . 2012-02-03 03:54 2343424 ----a-w- c:\windows\system32\win32k.sys
2012-03-14 13:38 . 2012-01-25 05:32 58880 ----a-w- c:\windows\system32\rdpwsx.dll
2012-03-14 13:38 . 2012-01-25 05:32 129536 ----a-w- c:\windows\system32\rdpcorekmts.dll
2012-03-14 13:38 . 2012-01-25 05:27 8192 ----a-w- c:\windows\system32\rdrmemptylst.exe
2012-03-14 13:38 . 2012-02-17 05:34 919040 ----a-w- c:\windows\system32\rdpcorets.dll
2012-03-14 13:38 . 2012-02-17 05:34 826880 ----a-w- c:\windows\system32\rdpcore.dll
2012-03-14 13:37 . 2012-02-17 04:13 24576 ----a-w- c:\windows\system32\drivers\tdtcp.sys
2012-03-14 13:37 . 2012-02-17 04:14 183808 ----a-w- c:\windows\system32\drivers\rdpwd.sys
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-04-13 01:04 . 2011-01-14 14:10 848 --sha-w- c:\programdata\KGyGaAvL.sys
2012-04-13 01:03 . 2011-01-13 20:43 0 ----a-w- c:\users\mjadmin2.CORP\AppData\Local\WavXMapDrive.bat
2012-04-12 13:47 . 2011-01-14 19:03 0 ----a-w- c:\users\mj6\AppData\Local\WavXMapDrive.bat
2012-03-31 23:00 . 2011-01-06 09:35 567696 ----a-w- c:\windows\system32\deployJava1.dll
2012-03-31 16:54 . 2011-06-04 11:00 70304 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2012-03-14 02:15 . 2011-01-26 09:11 6582328 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\Backup\mpengine.dll
2012-02-10 15:16 . 2012-02-10 15:16 713784 ------w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{06A65476-FC11-4027-9CA3-AE07A1D58CF7}\gapaengine.dll
2012-01-31 12:44 . 2011-01-13 20:05 237072 ------w- c:\windows\system32\MpSigStub.exe
2011-08-12 05:57 . 2011-08-30 17:33 134104 ----a-w- c:\program files\mozilla firefox\components\browsercomps.dll
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{B821BF60-5C2D-41EB-92DC-3E4CCD3A22E4}]
2012-01-31 20:59 86696 ----a-w- c:\program files\Panda Security\Panda Security Toolbar\PandaSecurityDx.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
"{B821BF60-5C2D-41EB-92DC-3E4CCD3A22E4}"= "c:\program files\Panda Security\Panda Security Toolbar\PandaSecurityDx.dll" [2012-01-31 86696]
.
[HKEY_CLASSES_ROOT\clsid\{b821bf60-5c2d-41eb-92dc-3e4ccd3a22e4}]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt1]
@="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}]
2011-02-18 05:12 94208 ----a-w- c:\users\mjadmin2.CORP\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt2]
@="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}]
2011-02-18 05:12 94208 ----a-w- c:\users\mjadmin2.CORP\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt3]
@="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}]
2011-02-18 05:12 94208 ----a-w- c:\users\mjadmin2.CORP\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt4]
@="{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}]
2011-02-18 05:12 94208 ----a-w- c:\users\mjadmin2.CORP\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\EnabledUnlockedFDEIconOverlay]
@="{30D3C2AF-9709-4D05-9CF4-13335F3C1E4A}"
[HKEY_CLASSES_ROOT\CLSID\{30D3C2AF-9709-4D05-9CF4-13335F3C1E4A}]
2010-03-29 18:45 62832 ----a-w- c:\program files\Wave Systems Corp\Trusted Drive Manager\TdmIconOverlay.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\UninitializedFdeIconOverlay]
@="{CF08DA3E-C97D-4891-A66B-E39B28DD270F}"
[HKEY_CLASSES_ROOT\CLSID\{CF08DA3E-C97D-4891-A66B-E39B28DD270F}]
2010-03-29 18:45 62832 ----a-w- c:\program files\Wave Systems Corp\Trusted Drive Manager\TdmIconOverlay.dll
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2010-11-20 1174016]
"RoboForm"="c:\program files\Siber Systems\AI RoboForm\RoboTaskBarIcon.exe" [2011-01-13 160592]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SoundMAXPnP"="c:\program files\Analog Devices\Core\smax4pnp.exe" [2009-04-23 1314816]
"IAAnotif"="c:\program files\Intel\Intel Matrix Storage Manager\iaanotif.exe" [2009-08-07 186904]
"StartCCC"="c:\program files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2009-07-10 98304]
"WavXMgr"="c:\program files\Wave Systems Corp\Services Manager\Docmgr\bin\WavXDocMgr.exe" [2010-07-21 147840]
"USCService"="c:\program files\Dell\Dell ControlPoint\Security Manager\BcmDeviceAndTaskStatusService.exe" [2010-06-22 34232]
"Adobe Acrobat Speed Launcher"="c:\program files\Adobe\Acrobat 9.0\Acrobat\Acrobat_sl.exe" [2012-01-04 40376]
"Acrobat Assistant 8.0"="c:\program files\Adobe\Acrobat 9.0\Acrobat\Acrotray.exe" [2012-01-03 640440]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2012-01-03 843712]
"RemoteControl9"="c:\program files\CyberLink\PowerDVD9\PDVD9Serv.exe" [2009-07-06 87336]
"PDVD9LanguageShortcut"="c:\program files\CyberLink\PowerDVD9\Language\Language.exe" [2010-04-29 50472]
"RoxWatchTray"="c:\program files\Common Files\Roxio Shared\OEM\12.0\SharedCOM\RoxWatchTray12OEM.exe" [2010-09-04 240112]
"Desktop Disc Tool"="c:\program files\Roxio\OEM\Roxio Burn\RoxioBurnLauncher.exe" [2010-09-03 518640]
"PeachtreePrefetcher.exe"="c:\paw2012\PeachtreePrefetcher.exe" [2011-04-07 30024]
"Act.Outlook.Service"="c:\program files\ACT\Act for Windows\Act.Outlook.Service.exe" [2009-08-24 28672]
"Act! Preloader"="c:\program files\ACT\Act for Windows\ActSage.exe" [2009-08-24 331776]
"FtLnSOP_setup"="c:\windows\Twain_32\Fjscan32\SOP\FtLnSOP.exe" [2007-09-28 118784]
"FJTWAIN Setup"="c:\windows\Twain_32\fjscan32\FjtwMkup.exe" [2007-12-14 131072]
"MSC"="c:\program files\Microsoft Security Client\msseces.exe" [2011-06-15 997920]
"Malwarebytes' Anti-Malware"="c:\program files\Malwarebytes' Anti-Malware\mbamgui.exe" [2012-01-13 460872]
"PSUNMain"="c:\program files\Panda Security\Panda Cloud Antivirus\PSUNMain.exe" [2011-04-28 439616]
"Panda Security URL Filtering"="c:\programdata\Panda Security URL Filtering\Panda_URL_Filtering.exe" [2012-03-19 217256]
.
c:\users\mj4\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
Check Factory.lnk - s:\paw2008\CFACTORY\LFEWIN2.EXE [2008-11-15 620839]
.
c:\users\msadmin2\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
Check Factory.lnk - s:\paw2008\CFACTORY\LFEWIN2.EXE [2008-11-15 620839]
.
c:\users\mjadmin2.CORP\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
Dropbox.lnk - c:\users\mjadmin2.CORP\AppData\Roaming\Dropbox\bin\Dropbox.exe [2012-2-14 24246216]
.
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
Dell System Manager.lnk - c:\program files\Dell\Dell System Manager\DCPSysMgr.exe [2010-8-24 1458032]
Error Recovery Guide.lnk - c:\windows\twain_32\Fjscan32\ERG\FTErGuid.exe [2011-1-14 270336]
MultiMon Taskbar.lnk - c:\program files\MMTaskbar\MultiMon.exe [2011-1-13 294912]
QuickBooks Update Agent.lnk - c:\program files\Common Files\intuit\QuickBooks\QBUpdate\qbupdate.exe [2007-9-11 972064]
Service Manager.norun [2011-1-13 2153]
TdmNotify.lnk - c:\program files\Wave Systems Corp\Trusted Drive Manager\TdmNotify.exe [2010-3-29 132456]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 0 (0x0)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableLUA"= 0 (0x0)
"EnableUIADesktopToggle"= 0 (0x0)
"PromptOnSecureDesktop"= 0 (0x0)
"EnableLinkedConnections"= 1 (0x1)
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
Security Packages REG_MULTI_SZ kerberos msv1_0 schannel wdigest tspkg pku2u livessp
Authentication Packages REG_MULTI_SZ msv1_0 wvauth
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MsMpSvc]
@="Service"
.
R2 ACT! Scheduler;ACT! Scheduler;c:\program files\ACT\Act for Windows\Act.Scheduler.exe [2009-08-24 81920]
R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]
R2 RoxWatch12;Roxio Hard Drive Watcher 12;c:\program files\Common Files\Roxio Shared\OEM\12.0\SharedCOM\RoxWatch12OEM.exe [2010-09-04 219632]
R2 svcGenericHost;Trend Micro Client/Server Security Agent;c:\program files\Trend Micro\Client Server Security Agent\HostedAgent\svcGenericHost.exe [x]
R2 TmFilter;Trend Micro Filter;c:\program files\Trend Micro\Client Server Security Agent\TmXPFlt.sys [x]
R2 TmPreFilter;Trend Micro PreFilter;c:\program files\Trend Micro\Client Server Security Agent\TmPreFlt.sys [x]
R3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service;c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2012-03-31 253600]
R3 MpNWMon;Microsoft Malware Protection Network Driver;c:\windows\system32\DRIVERS\MpNWMon.sys [2011-04-18 43392]
R3 MSSQL$LACERTEDB;MSSQL$LACERTEDB;c:\program files\Microsoft SQL Server\MSSQL$LACERTEDB\Binn\sqlservr.exe [2002-12-17 7520337]
R3 NisDrv;Microsoft Network Inspection System;c:\windows\system32\DRIVERS\NisDrvWFP.sys [2011-04-27 65024]
R3 NisSrv;Microsoft Network Inspection;c:\program files\Microsoft Security Client\Antimalware\NisSrv.exe [2011-04-27 208944]
R3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;c:\windows\system32\drivers\rdpvideominiport.sys [2010-11-20 15872]
R3 RoxMediaDB12OEM;RoxMediaDB12OEM;c:\program files\Common Files\Roxio Shared\OEM\12.0\SharedCOM\RoxMediaDB12OEM.exe [2010-09-04 1116656]
R3 sdAuxService;PC Tools Auxiliary Service;c:\program files\PC Tools\PC Tools Security\pctsAuxs.exe [2012-02-24 402336]
R3 SQLAgent$LACERTEDB;SQLAgent$LACERTEDB;c:\program files\Microsoft SQL Server\MSSQL$LACERTEDB\Binn\sqlagent.EXE [2002-12-17 311872]
R3 Synth3dVsc;Synth3dVsc;c:\windows\system32\drivers\synth3dvsc.sys [x]
R3 TmPfw;Trend Micro Client/Server Security Agent Personal Firewall;c:\program files\Trend Micro\Client Server Security Agent\TmPfw.exe [x]
R3 TmProxy;Trend Micro Client/Server Security Agent Proxy Service;c:\program files\Trend Micro\Client Server Security Agent\TmProxy.exe [x]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [2010-11-20 52224]
R3 tsusbhub;tsusbhub;c:\windows\system32\drivers\tsusbhub.sys [x]
R3 VGPU;VGPU;c:\windows\system32\drivers\rdvgkmd.sys [x]
R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe [2011-01-13 1343400]
R4 wlcrasvc;Windows Live Mesh remote connections service;c:\program files\Windows Live\Mesh\wlcrasvc.exe [2010-09-22 51040]
S0 PCTCore;PCTools KDS;c:\windows\system32\drivers\PCTCore.sys [2011-11-14 331880]
S0 pctDS;PC Tools Data Store;c:\windows\system32\drivers\pctDS.sys [2011-12-01 342168]
S0 pctEFA;PC Tools Extended File Attributes;c:\windows\system32\drivers\pctEFA.sys [2011-12-01 909728]
S1 PCTSD;PC Tools Spyware Doctor Driver;c:\windows\system32\Drivers\PCTSD.sys [2012-02-24 185560]
S1 PSINKNC;PSINKNC;c:\windows\system32\DRIVERS\psinknc.sys [2011-11-23 126216]
S1 tmlwf;Trend Micro NDIS 6.0 Filter Driver;c:\windows\system32\DRIVERS\tmlwf.sys [2009-07-15 146448]
S2 AdobeARMservice;Adobe Acrobat Update Service;c:\program files\Common Files\Adobe\ARM\1.0\armsvc.exe [2012-01-03 63928]
S2 AMD External Events Utility;AMD External Events Utility;c:\windows\system32\atiesrxx.exe [2009-08-18 176128]
S2 Browser Defender Update Service;Browser Defender Update Service;c:\program files\PC Tools\PC Tools Security\BDT\BDTUpdateService.exe [2012-02-17 550864]
S2 dcpsysmgrsvc;Dell System Manager Service;c:\program files\Dell\Dell System Manager\DCPSysMgrSvc.exe [2010-08-24 388464]
S2 DymoPnpService;DYMO PnP Service;c:\program files\DYMO\DYMO Label Software\DymoPnpService.exe [2011-08-10 32336]
S2 FJTWMKSV;FJTWMKSV;c:\windows\twain_32\fjscan32\FJTWMKSV.exe [2007-03-08 45056]
S2 LxrSII1d;Secure II Driver;c:\windows\System32\Drivers\LxrSII1d.sys [2009-12-30 63448]
S2 MBAMService;MBAMService;c:\program files\Malwarebytes' Anti-Malware\mbamservice.exe [2012-01-13 652360]
S2 MSSQL$ACT7;SQL Server (ACT7);c:\program files\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe [2010-12-11 29293408]
S2 NanoServiceMain;Panda Cloud Antivirus Service;c:\program files\Panda Security\Panda Cloud Antivirus\PSANHost.exe [2011-04-28 140608]
S2 PSINAflt;PSINAflt;c:\windows\system32\DRIVERS\PSINAflt.sys [2012-01-05 144136]
S2 PSINFile;PSINFile;c:\windows\system32\DRIVERS\PSINFile.sys [2011-04-28 99400]
S2 PSINProc;PSINProc;c:\windows\system32\DRIVERS\PSINProc.sys [2011-04-28 111176]
S2 PSINProt;PSINProt;c:\windows\system32\DRIVERS\PSINProt.sys [2011-11-30 112904]
S2 psqlWGE;Pervasive PSQL Workgroup Engine;c:\program files\Pervasive Software\PSQL\bin\w3dbsmgr.exe [2010-04-10 435496]
S2 tmwfp;Trend Micro WFP Callout Driver;c:\windows\system32\DRIVERS\tmwfp.sys [2009-07-15 283152]
S3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [2011-12-10 20464]
S3 osppsvc;Office Software Protection Platform;c:\program files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE [2010-01-10 4640000]
S3 PCTBD;PC Tools Browser Defender Driver;c:\windows\system32\Drivers\PCTBD.sys [2011-09-28 56840]
S3 Peachtree SmartPosting 2009;Peachtree SmartPosting 2009;c:\paw2009\SmartPostingService2009.exe [2011-10-26 49152]
S3 Peachtree SmartPosting 2011;Peachtree SmartPosting 2011;c:\paw2011\SmartPostingService2011.exe [2011-10-25 43848]
S3 Peachtree SmartPosting 2012;Peachtree SmartPosting 2012;c:\paw2012\SmartPostingService2012.exe [2011-04-07 43848]
.
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
HPZ12 REG_MULTI_SZ Pml Driver HPZ12 Net Driver HPZ12
.
Contents of the 'Scheduled Tasks' folder
.
2012-04-13 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2012-03-31 16:54]
.
2012-04-12 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3110335400-1483347335-1036199953-1113Core.job
- c:\users\mjadmin2.CORP\AppData\Local\Google\Update\GoogleUpdate.exe [2011-05-23 16:36]
.
2012-04-13 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3110335400-1483347335-1036199953-1113UA.job
- c:\users\mjadmin2.CORP\AppData\Local\Google\Update\GoogleUpdate.exe [2011-05-23 16:36]
.
2012-03-23 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3110335400-1483347335-1036199953-1144Core1cd08fc3dc77369.job
- c:\users\mj6\AppData\Local\Google\Update\GoogleUpdate.exe [2011-05-23 16:42]
.
.
------- Supplementary Scan -------
.
IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200
IE: Append Link Target to Existing PDF - c:\program files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
IE: Append to Existing PDF - c:\program files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppend.html
IE: Convert Link Target to Adobe PDF - c:\program files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
IE: Convert link target to existing PDF - c:\program files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
IE: Convert selected links to Adobe PDF - c:\program files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
IE: Convert selected links to existing PDF - c:\program files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
IE: Convert selection to Adobe PDF - c:\program files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
IE: Convert selection to existing PDF - c:\program files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
IE: Convert to Adobe PDF - c:\program files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIECapture.html
IE: Customize Menu - file://c:\program files\Siber Systems\AI RoboForm\RoboFormComCustomizeIEMenu.html
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\Office14\EXCEL.EXE/3000
IE: Fill Forms - file://c:\program files\Siber Systems\AI RoboForm\RoboFormComFillForms.html
IE: RoboForm Toolbar - file://c:\program files\Siber Systems\AI RoboForm\RoboFormComShowToolbar.html
IE: Save Forms - file://c:\program files\Siber Systems\AI RoboForm\RoboFormComSavePass.html
IE: Se&nd to OneNote - c:\progra~1\MICROS~2\Office14\ONBttnIE.dll/105
LSP: c:\program files\Common Files\PC Tools\Lsp\PCTLsp.dll
TCP: Interfaces\{64D18F0B-AF9E-4A1A-8115-23278DF2AA1B}: NameServer = 192.168.1.32,192.168.1.1
DPF: {D27CDB6A-AE6D-11CF-96B8-555664650000} - hxxp://www.in.com/pagenotfound.html
DPF: {E7DA7F8D-27AB-4EE9-8FC0-3FEC9ECFE758} - hxxps://access.wisconsin.gov/access/DynamicWebTWAIN.cab
FF - ProfilePath - c:\users\mjadmin2.CORP\AppData\Roaming\Mozilla\Firefox\Profiles\106lcypn.default\
FF - prefs.js: browser.search.selectedEngine - Panda Safe Search
FF - prefs.js: browser.startup.homepage - hxxp://www.mystart.com/?pr=vmn&rlz=1V1IPYX&id=pandasecuritytb&v=3_0
FF - prefs.js: network.proxy.type - 0
.
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
--------------------- DLLs Loaded Under Running Processes ---------------------
.
- - - - - - - > 'lsass.exe'(828)
c:\windows\system32\wvauth.DLL
c:\windows\system32\pstorsvc.dll
.
Completion time: 2012-04-12 20:28:12
ComboFix-quarantined-files.txt 2012-04-13 01:28
ComboFix2.txt 2012-04-10 02:03
.
Pre-Run: 167,065,993,216 bytes free
Post-Run: 167,296,421,888 bytes free
.
- - End Of File - - 0EF3173FBA8378E6F760696AC98F09C5




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users