Jump to content

Welcome to Geeks to Go - Register now for FREE

Geeks To Go is a helpful hub, where thousands of volunteer geeks quickly serve friendly answers and support. Check out the forums and get free advice from the experts. Register now to gain access to all of our features, it's FREE and only takes one minute. Once registered and logged in, you will be able to create topics, post replies to existing threads, give reputation to your fellow members, get your own private messenger, post status updates, manage your profile and so much more.

Create Account How it Works
Photo

Intermittent Google Redirects and 'msadet.dll' [Solved]


  • This topic is locked This topic is locked

#16
azarl

azarl

    GeekU Admin

  • Administrator
  • 25,175 posts
OK, let's tidy up

:idea: First...
Run OTL and click Cleanup. This will remove all of the programs we've used throughout today's work, along with itself.

:idea: Next...
  • Click START then RUN
  • Now type ComboFix /Uninstall in the run box and click OK. Note the space between the ComboFix and the /U, it needs to be there.

  • 0

Advertisements


#17
idrawstuff

idrawstuff

    Member

  • Topic Starter
  • Member
  • PipPip
  • 72 posts
Done! Except it said it couldn't find Combofix (although I no longer see Combofix in the directory I saved it in, either).

Again thank you so much for your help! You guys are really lifesavers.

Edited by idrawstuff, 10 April 2012 - 10:20 AM.

  • 0

#18
azarl

azarl

    GeekU Admin

  • Administrator
  • 25,175 posts
You're welcome
  • 0

#19
idrawstuff

idrawstuff

    Member

  • Topic Starter
  • Member
  • PipPip
  • 72 posts
Uh-oh. Got two redirects to something called "Infomash" today - once while clicking a link to Amazon, and once while clicking a link to a television series review on Sidereel.com.

Edit: just got a redirect to http://r.looksmart.c...ferrer:default} while clicking on a link to a Gizmodo article.

Edited by idrawstuff, 11 April 2012 - 03:21 PM.

  • 0

#20
azarl

azarl

    GeekU Admin

  • Administrator
  • 25,175 posts
Can you run Gooredfix again please
  • 0

#21
idrawstuff

idrawstuff

    Member

  • Topic Starter
  • Member
  • PipPip
  • 72 posts
GooredFix by jpshortstuff (03.07.10.1)
Log created at 10:07 on 12/04/2012 (mike)
Firefox version 11.0 (en-US)

========== GooredScan ==========


========== GooredLog ==========

C:\Program Files\Mozilla Firefox\extensions\
{972ce4c6-7e08-4474-a285-3208198ce6fd} [01:26 22/10/2008]

C:\Documents and Settings\mike.DTB\Application Data\Mozilla\Firefox\Profiles\6g126bdx.default\extensions\
{59c81df5-4b7a-477b-912d-4e0fdf64e5f2} [21:08 08/04/2012]

[HKEY_LOCAL_MACHINE\Software\Mozilla\Firefox\Extensions]
"{20a82645-c095-46ed-80e3-08825760534b}"="c:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\" [21:16 05/08/2009]
"[email protected]"="C:\Program Files\Java\jre6\lib\deploy\jqs\ff" [02:08 19/03/2010]

-=E.O.F=-
  • 0

#22
azarl

azarl

    GeekU Admin

  • Administrator
  • 25,175 posts
Try this again please...

Download the latest version of TDSSKiller from here and save it to your Desktop.

  • Double-click on TDSSKiller.exe to run the application, then click on Change Parameters.

    Posted Image

  • Check the boxes beside Verify Driver Digital Signature and Detect TDLFS file system, then click OK.

    Posted Image

  • Click the Start Scan button.
  • If a suspicious object is detected, the default action will be Skip, click on Continue.

    Posted Image

  • If malicious objects are found, they will show in the Scan results and offer 3 options.
  • Ensure Cure is selected, then click Continue --> Reboot Computer to finish the cleaning process.
  • Note: If Cure is not available, please choose Skip instead, do not choose Delete unless instructed.

A report will be created in your root directory, (usually C:\ folder) in the form of "TDSSKiller.[Version]_[Date]_[Time]_log.txt". Please copy and paste its contents in your next reply.

:idea: Are you connected to a domain server?
  • 0

#23
idrawstuff

idrawstuff

    Member

  • Topic Starter
  • Member
  • PipPip
  • 72 posts
I'm hooked up to my workplace's server, through which I access the internet and work files. I do have to log in to the network, so I'm going to assume that means I'm connected to a domain server?

With the new Parameters TDSSKiller found 10 unsigned files and 1 TDSS File System - however, instead of "cure" my options are "Skip, Copy to Quarantine, Delete" - is copy to quarantine the same thing as "cure?" I still have the window up and will wait to make any changes at all until I hear from you (and if I don't hear from you, I'll just skip all and post the log).
  • 0

#24
idrawstuff

idrawstuff

    Member

  • Topic Starter
  • Member
  • PipPip
  • 72 posts
I just went ahead an skipped everything for now



11:08:06.0109 4408 TDSS rootkit removing tool 2.7.28.0 Apr 10 2012 16:54:05
11:08:06.0328 4408 ============================================================
11:08:06.0328 4408 Current date / time: 2012/04/12 11:08:06.0328
11:08:06.0328 4408 SystemInfo:
11:08:06.0328 4408
11:08:06.0328 4408 OS Version: 5.1.2600 ServicePack: 3.0
11:08:06.0328 4408 Product type: Workstation
11:08:06.0328 4408 ComputerName: MIKE-LT
11:08:06.0328 4408 UserName: mike
11:08:06.0328 4408 Windows directory: C:\WINDOWS
11:08:06.0328 4408 System windows directory: C:\WINDOWS
11:08:06.0328 4408 Processor architecture: Intel x86
11:08:06.0328 4408 Number of processors: 2
11:08:06.0328 4408 Page size: 0x1000
11:08:06.0328 4408 Boot type: Normal boot
11:08:06.0328 4408 ============================================================
11:08:07.0203 4408 Drive \Device\Harddisk0\DR0 - Size: 0x3A38B2E000 (232.89 Gb), SectorSize: 0x200, Cylinders: 0x76C1, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000050
11:08:07.0203 4408 \Device\Harddisk0\DR0:
11:08:07.0203 4408 MBR used
11:08:07.0203 4408 \Device\Harddisk0\DR0\Partition0: MBR, Type 0x7, StartLBA 0x3F, BlocksNum 0x1BE95D5E
11:08:07.0203 4408 \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x1BE95D9D, BlocksNum 0x132E7E4
11:08:07.0281 4408 Initialize success
11:08:07.0281 4408 ============================================================
11:08:16.0265 3376 ============================================================
11:08:16.0265 3376 Scan started
11:08:16.0265 3376 Mode: Manual; SigCheck; TDLFS;
11:08:16.0265 3376 ============================================================
11:08:17.0078 3376 Abiosdsk - ok
11:08:17.0093 3376 abp480n5 - ok
11:08:17.0171 3376 ACPI (8fd99680a539792a30e97944fdaecf17) C:\WINDOWS\system32\DRIVERS\ACPI.sys
11:08:19.0187 3376 ACPI - ok
11:08:19.0359 3376 ACPIEC (9859c0f6936e723e4892d7141b1327d5) C:\WINDOWS\system32\DRIVERS\ACPIEC.sys
11:08:19.0500 3376 ACPIEC - ok
11:08:19.0593 3376 ACT! Scheduler (9b8bccad3a4206feabac5eb36c2caa7c) C:\Program Files\ACT\Act for Windows\Act.Scheduler.exe
11:08:19.0640 3376 ACT! Scheduler ( UnsignedFile.Multi.Generic ) - warning
11:08:19.0640 3376 ACT! Scheduler - detected UnsignedFile.Multi.Generic (1)
11:08:19.0781 3376 ADIHdAudAddService (7356eff52ad50b8946d346002118ce62) C:\WINDOWS\system32\drivers\ADIHdAud.sys
11:08:19.0875 3376 ADIHdAudAddService - ok
11:08:20.0046 3376 AdobeFlashPlayerUpdateSvc (0d4c486a24a711a45fd83acdf4d18506) C:\WINDOWS\system32\Macromed\Flash\FlashPlayerUpdateService.exe
11:08:20.0078 3376 AdobeFlashPlayerUpdateSvc - ok
11:08:20.0140 3376 adpu160m - ok
11:08:20.0218 3376 AEAudio (fff87a9b1ab36ee4b7bec98a4cb01b79) C:\WINDOWS\system32\drivers\AEAudio.sys
11:08:20.0265 3376 AEAudio - ok
11:08:20.0375 3376 aec (8bed39e3c35d6a489438b8141717a557) C:\WINDOWS\system32\drivers\aec.sys
11:08:20.0578 3376 aec - ok
11:08:20.0718 3376 AFD (1e44bc1e83d8fd2305f8d452db109cf9) C:\WINDOWS\System32\drivers\afd.sys
11:08:20.0781 3376 AFD - ok
11:08:20.0875 3376 AgereModemAudio (39e435c90c9c4f780fa0ed05ca3c3a1b) C:\WINDOWS\system32\agrsmsvc.exe
11:08:20.0921 3376 AgereModemAudio - ok
11:08:21.0031 3376 AgereSoftModem (ce91b158fa490cf4c4d487a4130f4660) C:\WINDOWS\system32\DRIVERS\AGRSM.sys
11:08:21.0109 3376 AgereSoftModem - ok
11:08:21.0250 3376 Aha154x - ok
11:08:21.0265 3376 aic78u2 - ok
11:08:21.0281 3376 aic78xx - ok
11:08:21.0343 3376 Alerter (a9a3daa780ca6c9671a19d52456705b4) C:\WINDOWS\system32\alrsvc.dll
11:08:21.0593 3376 Alerter - ok
11:08:21.0734 3376 ALG (8c515081584a38aa007909cd02020b3d) C:\WINDOWS\System32\alg.exe
11:08:21.0843 3376 ALG - ok
11:08:21.0890 3376 AliIde (1140ab9938809700b46bb88e46d72a96) C:\WINDOWS\system32\DRIVERS\aliide.sys
11:08:22.0000 3376 AliIde - ok
11:08:22.0062 3376 amsint - ok
11:08:22.0156 3376 Apple Mobile Device (d503df3aba595f551b98b9bae017a271) C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
11:08:22.0203 3376 Apple Mobile Device - ok
11:08:22.0296 3376 AppMgmt (d8849f77c0b66226335a59d26cb4edc6) C:\WINDOWS\System32\appmgmts.dll
11:08:22.0421 3376 AppMgmt - ok
11:08:22.0562 3376 Arp1394 (b5b8a80875c1dededa8b02765642c32f) C:\WINDOWS\system32\DRIVERS\arp1394.sys
11:08:22.0765 3376 Arp1394 - ok
11:08:22.0875 3376 asc - ok
11:08:22.0906 3376 asc3350p - ok
11:08:22.0953 3376 asc3550 - ok
11:08:23.0125 3376 aspnet_state (0e5e4957549056e2bf2c49f4f6b601ad) C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe
11:08:23.0171 3376 aspnet_state - ok
11:08:23.0265 3376 AsyncMac (b153affac761e7f5fcfa822b9c4e97bc) C:\WINDOWS\system32\DRIVERS\asyncmac.sys
11:08:23.0453 3376 AsyncMac - ok
11:08:23.0578 3376 atapi (9f3a2f5aa6875c72bf062c712cfa2674) C:\WINDOWS\system32\DRIVERS\atapi.sys
11:08:23.0765 3376 atapi - ok
11:08:23.0781 3376 Atdisk - ok
11:08:23.0859 3376 Ati HotKey Poller (1a634710ad85b336883c6ce42ac59d71) C:\WINDOWS\system32\Ati2evxx.exe
11:08:23.0937 3376 Ati HotKey Poller - ok
11:08:24.0390 3376 ati2mtag (b11e7e282eeb8d144b2f429fa0383c0a) C:\WINDOWS\system32\DRIVERS\ati2mtag.sys
11:08:24.0687 3376 ati2mtag - ok
11:08:24.0859 3376 Atmarpc (9916c1225104ba14794209cfa8012159) C:\WINDOWS\system32\DRIVERS\atmarpc.sys
11:08:24.0968 3376 Atmarpc - ok
11:08:25.0031 3376 AudioSrv (def7a7882bec100fe0b2ce2549188f9d) C:\WINDOWS\System32\audiosrv.dll
11:08:25.0125 3376 AudioSrv - ok
11:08:25.0296 3376 audstub (d9f724aa26c010a217c97606b160ed68) C:\WINDOWS\system32\DRIVERS\audstub.sys
11:08:25.0375 3376 audstub - ok
11:08:25.0421 3376 Beep (da1f27d85e0d1525f6621372e7b685e9) C:\WINDOWS\system32\drivers\Beep.sys
11:08:25.0531 3376 Beep - ok
11:08:25.0578 3376 BITS (574738f61fca2935f5265dc4e5691314) C:\WINDOWS\system32\qmgr.dll
11:08:25.0750 3376 BITS - ok
11:08:25.0875 3376 Bonjour Service (ebad0f51d8d4dade7660b1851addbd07) C:\Program Files\Bonjour\mDNSResponder.exe
11:08:25.0890 3376 Bonjour Service - ok
11:08:26.0046 3376 Browser (a06ce3399d16db864f55faeb1f1927a9) C:\WINDOWS\System32\browser.dll
11:08:26.0140 3376 Browser - ok
11:08:26.0234 3376 btaudio (3aa4bf555c00c5b87fd48dd7bdbd4e97) C:\WINDOWS\system32\drivers\btaudio.sys
11:08:26.0343 3376 btaudio - ok
11:08:26.0500 3376 BTDriver (07f0a66cfa550b13ad0674ae09e3cba0) C:\WINDOWS\system32\DRIVERS\btport.sys
11:08:26.0578 3376 BTDriver - ok
11:08:26.0703 3376 BTKRNL (ba57f31eab93dc597d772f6f5b9ed54f) C:\WINDOWS\system32\DRIVERS\btkrnl.sys
11:08:26.0843 3376 BTKRNL - ok
11:08:26.0953 3376 btwdins (0ece2b1910527ae85691151d56621891) C:\Program Files\WIDCOMM\Bluetooth Software\bin\btwdins.exe
11:08:27.0000 3376 btwdins ( UnsignedFile.Multi.Generic ) - warning
11:08:27.0000 3376 btwdins - detected UnsignedFile.Multi.Generic (1)
11:08:27.0187 3376 BTWDNDIS (b1d350f3f13cf340fce93912d2ba1ebf) C:\WINDOWS\system32\DRIVERS\btwdndis.sys
11:08:27.0218 3376 BTWDNDIS - ok
11:08:27.0281 3376 btwmodem (e206ec370646e42dc862fd995869d31d) C:\WINDOWS\system32\DRIVERS\btwmodem.sys
11:08:27.0343 3376 btwmodem - ok
11:08:27.0421 3376 BTWUSB (57e91e9925976bbc98984eebaaf1d84c) C:\WINDOWS\system32\Drivers\btwusb.sys
11:08:27.0453 3376 BTWUSB - ok
11:08:27.0609 3376 cbidf2k (90a673fc8e12a79afbed2576f6a7aaf9) C:\WINDOWS\system32\drivers\cbidf2k.sys
11:08:27.0703 3376 cbidf2k - ok
11:08:27.0750 3376 CCDECODE (0be5aef125be881c4f854c554f2b025c) C:\WINDOWS\system32\DRIVERS\CCDECODE.sys
11:08:27.0843 3376 CCDECODE - ok
11:08:27.0859 3376 cd20xrnt - ok
11:08:27.0875 3376 Cdaudio (c1b486a7658353d33a10cc15211a873b) C:\WINDOWS\system32\drivers\Cdaudio.sys
11:08:27.0968 3376 Cdaudio - ok
11:08:28.0015 3376 Cdfs (c885b02847f5d2fd45a24e219ed93b32) C:\WINDOWS\system32\drivers\Cdfs.sys
11:08:28.0109 3376 Cdfs - ok
11:08:28.0281 3376 Cdrom (1f4260cc5b42272d71f79e570a27a4fe) C:\WINDOWS\system32\DRIVERS\cdrom.sys
11:08:28.0375 3376 Cdrom - ok
11:08:28.0375 3376 Changer - ok
11:08:28.0437 3376 CiSvc (1cfe720eb8d93a7158a4ebc3ab178bde) C:\WINDOWS\system32\cisvc.exe
11:08:28.0546 3376 CiSvc - ok
11:08:28.0671 3376 ClipSrv (34cbe729f38138217f9c80212a2a0c82) C:\WINDOWS\system32\clipsrv.exe
11:08:28.0765 3376 ClipSrv - ok
11:08:28.0906 3376 clr_optimization_v2.0.50727_32 (d87acaed61e417bba546ced5e7e36d9c) C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
11:08:28.0984 3376 clr_optimization_v2.0.50727_32 - ok
11:08:29.0125 3376 CmBatt (0f6c187d38d98f8df904589a5f94d411) C:\WINDOWS\system32\DRIVERS\CmBatt.sys
11:08:29.0234 3376 CmBatt - ok
11:08:29.0250 3376 CmdIde - ok
11:08:29.0296 3376 Compbatt (6e4c9f21f0fae8940661144f41b13203) C:\WINDOWS\system32\DRIVERS\compbatt.sys
11:08:29.0406 3376 Compbatt - ok
11:08:29.0406 3376 COMSysApp - ok
11:08:29.0421 3376 Cpqarray - ok
11:08:29.0468 3376 CryptSvc (3d4e199942e29207970e04315d02ad3b) C:\WINDOWS\System32\cryptsvc.dll
11:08:29.0578 3376 CryptSvc - ok
11:08:29.0703 3376 dac2w2k - ok
11:08:29.0718 3376 dac960nt - ok
11:08:29.0750 3376 DAMDrv (5d5984255a4bfaa4262fb750df7cd537) C:\WINDOWS\system32\DRIVERS\DAMDrv.sys
11:08:29.0796 3376 DAMDrv - ok
11:08:29.0859 3376 DcomLaunch (6b27a5c03dfb94b4245739065431322c) C:\WINDOWS\system32\rpcss.dll
11:08:29.0937 3376 DcomLaunch - ok
11:08:30.0078 3376 Dhcp (5e38d7684a49cacfb752b046357e0589) C:\WINDOWS\System32\dhcpcsvc.dll
11:08:30.0265 3376 Dhcp - ok
11:08:30.0343 3376 Disk (044452051f3e02e7963599fc8f4f3e25) C:\WINDOWS\system32\DRIVERS\disk.sys
11:08:30.0515 3376 Disk - ok
11:08:30.0609 3376 dmadmin - ok
11:08:30.0718 3376 dmboot (d992fe1274bde0f84ad826acae022a41) C:\WINDOWS\system32\drivers\dmboot.sys
11:08:30.0921 3376 dmboot - ok
11:08:31.0093 3376 dmio (7c824cf7bbde77d95c08005717a95f6f) C:\WINDOWS\system32\drivers\dmio.sys
11:08:31.0296 3376 dmio - ok
11:08:31.0328 3376 dmload (e9317282a63ca4d188c0df5e09c6ac5f) C:\WINDOWS\system32\drivers\dmload.sys
11:08:31.0468 3376 dmload - ok
11:08:31.0515 3376 dmserver (57edec2e5f59f0335e92f35184bc8631) C:\WINDOWS\System32\dmserver.dll
11:08:31.0609 3376 dmserver - ok
11:08:31.0765 3376 DMusic (8a208dfcf89792a484e76c40e5f50b45) C:\WINDOWS\system32\drivers\DMusic.sys
11:08:31.0859 3376 DMusic - ok
11:08:31.0906 3376 Dnscache (5f7e24fa9eab896051ffb87f840730d2) C:\WINDOWS\System32\dnsrslvr.dll
11:08:31.0984 3376 Dnscache - ok
11:08:32.0156 3376 Dot3svc (0f0f6e687e5e15579ef4da8dd6945814) C:\WINDOWS\System32\dot3svc.dll
11:08:32.0281 3376 Dot3svc - ok
11:08:32.0343 3376 dpti2o - ok
11:08:32.0468 3376 drmkaud (8f5fcff8e8848afac920905fbd9d33c8) C:\WINDOWS\system32\drivers\drmkaud.sys
11:08:32.0593 3376 drmkaud - ok
11:08:32.0640 3376 DroidCam (89c89872f7fd8d06927ddb4abb5baff5) C:\WINDOWS\system32\drivers\droidcam.sys
11:08:32.0781 3376 DroidCam ( UnsignedFile.Multi.Generic ) - warning
11:08:32.0781 3376 DroidCam - detected UnsignedFile.Multi.Generic (1)
11:08:32.0937 3376 e1express (ed91f1042071a36f54e7c430e130e4cd) C:\WINDOWS\system32\DRIVERS\e1e5132.sys
11:08:32.0984 3376 e1express - ok
11:08:33.0140 3376 EapHost (2187855a7703adef0cef9ee4285182cc) C:\WINDOWS\System32\eapsvc.dll
11:08:33.0406 3376 EapHost - ok
11:08:33.0437 3376 ERSvc (bc93b4a066477954555966d77fec9ecb) C:\WINDOWS\System32\ersvc.dll
11:08:33.0546 3376 ERSvc - ok
11:08:33.0703 3376 Eventlog (65df52f5b8b6e9bbd183505225c37315) C:\WINDOWS\system32\services.exe
11:08:33.0718 3376 Eventlog - ok
11:08:33.0781 3376 EventSystem (d4991d98f2db73c60d042f1aef79efae) C:\WINDOWS\system32\es.dll
11:08:33.0828 3376 EventSystem - ok
11:08:34.0000 3376 Fastfat (38d332a6d56af32635675f132548343e) C:\WINDOWS\system32\drivers\Fastfat.sys
11:08:34.0171 3376 Fastfat - ok
11:08:34.0203 3376 FastUserSwitchingCompatibility (99bc0b50f511924348be19c7c7313bbf) C:\WINDOWS\System32\shsvcs.dll
11:08:34.0265 3376 FastUserSwitchingCompatibility - ok
11:08:34.0437 3376 Fdc (92cdd60b6730b9f50f6a1a0c1f8cdc81) C:\WINDOWS\system32\DRIVERS\fdc.sys
11:08:34.0609 3376 Fdc - ok
11:08:34.0640 3376 Fips (d45926117eb9fa946a6af572fbe1caa3) C:\WINDOWS\system32\drivers\Fips.sys
11:08:34.0843 3376 Fips - ok
11:08:34.0968 3376 FirebirdServerDefaultInstance - ok
11:08:35.0031 3376 FLCDLOCK (224138e0ccdf7ce3281298473f6fd1d2) C:\WINDOWS\system32\flcdlock.exe
11:08:35.0078 3376 FLCDLOCK ( UnsignedFile.Multi.Generic ) - warning
11:08:35.0078 3376 FLCDLOCK - detected UnsignedFile.Multi.Generic (1)
11:08:35.0156 3376 FLEXnet Licensing Service (227846995afeefa70d328bf5334a86a5) C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
11:08:35.0187 3376 FLEXnet Licensing Service ( UnsignedFile.Multi.Generic ) - warning
11:08:35.0187 3376 FLEXnet Licensing Service - detected UnsignedFile.Multi.Generic (1)
11:08:35.0343 3376 Flpydisk (9d27e7b80bfcdf1cdd9b555862d5e7f0) C:\WINDOWS\system32\DRIVERS\flpydisk.sys
11:08:35.0562 3376 Flpydisk - ok
11:08:35.0640 3376 FltMgr (b2cf4b0786f8212cb92ed2b50c6db6b0) C:\WINDOWS\system32\drivers\fltmgr.sys
11:08:35.0734 3376 FltMgr - ok
11:08:35.0890 3376 FontCache3.0.0.0 (8ba7c024070f2b7fdd98ed8a4ba41789) c:\WINDOWS\Microsoft.NET\Framework\v3.0\WPF\PresentationFontCache.exe
11:08:35.0906 3376 FontCache3.0.0.0 - ok
11:08:36.0062 3376 Fs_Rec (3e1e2bd4f39b0e2b7dc4f4d2bcc2779a) C:\WINDOWS\system32\drivers\Fs_Rec.sys
11:08:36.0265 3376 Fs_Rec - ok
11:08:36.0343 3376 Ftdisk (6ac26732762483366c3969c9e4d2259d) C:\WINDOWS\system32\DRIVERS\ftdisk.sys
11:08:36.0453 3376 Ftdisk - ok
11:08:36.0468 3376 GEARAspiWDM (8182ff89c65e4d38b2de4bb0fb18564e) C:\WINDOWS\system32\DRIVERS\GEARAspiWDM.sys
11:08:36.0468 3376 GEARAspiWDM - ok
11:08:36.0515 3376 Gpc (0a02c63c8b144bd8c86b103dee7c86a2) C:\WINDOWS\system32\DRIVERS\msgpc.sys
11:08:36.0625 3376 Gpc - ok
11:08:36.0734 3376 gupdate1c95e6d55cba368 (626a24ed1228580b9518c01930936df9) C:\Program Files\Google\Update\GoogleUpdate.exe
11:08:36.0750 3376 gupdate1c95e6d55cba368 - ok
11:08:36.0750 3376 gupdatem (626a24ed1228580b9518c01930936df9) C:\Program Files\Google\Update\GoogleUpdate.exe
11:08:36.0765 3376 gupdatem - ok
11:08:36.0781 3376 gusvc (408ddd80eede47175f6844817b90213e) C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
11:08:36.0796 3376 gusvc - ok
11:08:36.0968 3376 HBtnKey (de15777902a5d9121857d155873a1d1b) C:\WINDOWS\system32\DRIVERS\cpqbttn.sys
11:08:37.0015 3376 HBtnKey - ok
11:08:37.0062 3376 HDAudBus (573c7d0a32852b48f3058cfd8026f511) C:\WINDOWS\system32\DRIVERS\HDAudBus.sys
11:08:37.0218 3376 HDAudBus - ok
11:08:37.0390 3376 helpsvc (4fcca060dfe0c51a09dd5c3843888bcd) C:\WINDOWS\PCHealth\HelpCtr\Binaries\pchsvc.dll
11:08:37.0593 3376 helpsvc - ok
11:08:37.0765 3376 HidServ (deb04da35cc871b6d309b77e1443c796) C:\WINDOWS\System32\hidserv.dll
11:08:37.0859 3376 HidServ - ok
11:08:37.0906 3376 HidUsb (ccf82c5ec8a7326c3066de870c06daf1) C:\WINDOWS\system32\DRIVERS\hidusb.sys
11:08:38.0015 3376 HidUsb - ok
11:08:38.0171 3376 hkmsvc (8878bd685e490239777bfe51320b88e9) C:\WINDOWS\System32\kmsvc.dll
11:08:38.0343 3376 hkmsvc - ok
11:08:38.0390 3376 hpn - ok
11:08:38.0546 3376 HpqKbFiltr (35956140e686d53bf676cf0c778880fc) C:\WINDOWS\system32\DRIVERS\HpqKbFiltr.sys
11:08:38.0765 3376 HpqKbFiltr - ok
11:08:38.0875 3376 hpqwmiex (f8968c9778f25a90a35755c3c97c7f62) C:\Program Files\Hewlett-Packard\Shared\hpqwmiex.exe
11:08:38.0921 3376 hpqwmiex - ok
11:08:39.0093 3376 HTTP (f80a415ef82cd06ffaf0d971528ead38) C:\WINDOWS\system32\Drivers\HTTP.sys
11:08:39.0171 3376 HTTP - ok
11:08:39.0218 3376 HTTPFilter (6100a808600f44d999cebdef8841c7a3) C:\WINDOWS\System32\w3ssl.dll
11:08:39.0312 3376 HTTPFilter - ok
11:08:39.0453 3376 i2omgmt - ok
11:08:39.0453 3376 i2omp - ok
11:08:39.0515 3376 i8042prt (4a0b06aa8943c1e332520f7440c0aa30) C:\WINDOWS\system32\DRIVERS\i8042prt.sys
11:08:39.0609 3376 i8042prt - ok
11:08:39.0656 3376 iaStor (997e8f5939f2d12cd9f2e6b395724c16) C:\WINDOWS\system32\drivers\iaStor.sys
11:08:39.0687 3376 iaStor - ok
11:08:39.0843 3376 IDriverT (1cf03c69b49acb70c722df92755c0c8c) C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
11:08:39.0843 3376 IDriverT ( UnsignedFile.Multi.Generic ) - warning
11:08:39.0843 3376 IDriverT - detected UnsignedFile.Multi.Generic (1)
11:08:40.0062 3376 idsvc (c01ac32dc5c03076cfb852cb5da5229c) c:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe
11:08:40.0125 3376 idsvc - ok
11:08:40.0281 3376 Imapi (083a052659f5310dd8b6a6cb05edcf8e) C:\WINDOWS\system32\DRIVERS\imapi.sys
11:08:40.0468 3376 Imapi - ok
11:08:40.0531 3376 ImapiService (30deaf54a9755bb8546168cfe8a6b5e1) C:\WINDOWS\system32\imapi.exe
11:08:40.0671 3376 ImapiService - ok
11:08:40.0781 3376 ini910u - ok
11:08:40.0843 3376 IntelIde (b5466a9250342a7aa0cd1fba13420678) C:\WINDOWS\system32\DRIVERS\intelide.sys
11:08:40.0937 3376 IntelIde - ok
11:08:40.0984 3376 intelppm (8c953733d8f36eb2133f5bb58808b66b) C:\WINDOWS\system32\DRIVERS\intelppm.sys
11:08:41.0125 3376 intelppm - ok
11:08:41.0203 3376 Ip6Fw (3bb22519a194418d5fec05d800a19ad0) C:\WINDOWS\system32\drivers\ip6fw.sys
11:08:41.0312 3376 Ip6Fw - ok
11:08:41.0359 3376 IpFilterDriver (731f22ba402ee4b62748adaf6363c182) C:\WINDOWS\system32\DRIVERS\ipfltdrv.sys
11:08:41.0453 3376 IpFilterDriver - ok
11:08:41.0609 3376 IpInIp (b87ab476dcf76e72010632b5550955f5) C:\WINDOWS\system32\DRIVERS\ipinip.sys
11:08:41.0734 3376 IpInIp - ok
11:08:41.0765 3376 IpNat (cc748ea12c6effde940ee98098bf96bb) C:\WINDOWS\system32\DRIVERS\ipnat.sys
11:08:41.0921 3376 IpNat - ok
11:08:42.0078 3376 iPod Service (3c30491045dbbd44a42876b3d6f3917d) C:\Program Files\iPod\bin\iPodService.exe
11:08:42.0125 3376 iPod Service - ok
11:08:42.0296 3376 IPSec (23c74d75e36e7158768dd63d92789a91) C:\WINDOWS\system32\DRIVERS\ipsec.sys
11:08:42.0453 3376 IPSec - ok
11:08:42.0500 3376 IRENUM (c93c9ff7b04d772627a3646d89f7bf89) C:\WINDOWS\system32\DRIVERS\irenum.sys
11:08:42.0703 3376 IRENUM - ok
11:08:42.0718 3376 isapnp (05a299ec56e52649b1cf2fc52d20f2d7) C:\WINDOWS\system32\DRIVERS\isapnp.sys
11:08:42.0812 3376 isapnp - ok
11:08:42.0906 3376 IviRegMgr (213822072085b5bbad9af30ab577d817) C:\Program Files\Common Files\InterVideo\RegMgr\iviRegMgr.exe
11:08:42.0921 3376 IviRegMgr - ok
11:08:43.0000 3376 JavaQuickStarterService (9aa67569d5257462e230767510b0c815) C:\Program Files\Java\jre6\bin\jqs.exe
11:08:43.0015 3376 JavaQuickStarterService - ok
11:08:43.0171 3376 Kbdclass (463c1ec80cd17420a542b7f36a36f128) C:\WINDOWS\system32\DRIVERS\kbdclass.sys
11:08:43.0265 3376 Kbdclass - ok
11:08:43.0312 3376 kbdhid (9ef487a186dea361aa06913a75b3fa99) C:\WINDOWS\system32\DRIVERS\kbdhid.sys
11:08:43.0406 3376 kbdhid - ok
11:08:43.0437 3376 kmixer (692bcf44383d056aed41b045a323d378) C:\WINDOWS\system32\drivers\kmixer.sys
11:08:43.0562 3376 kmixer - ok
11:08:43.0625 3376 KSecDD (b467646c54cc746128904e1654c750c1) C:\WINDOWS\system32\drivers\KSecDD.sys
11:08:43.0750 3376 KSecDD - ok
11:08:43.0890 3376 lanmanserver (3a7c3cbe5d96b8ae96ce81f0b22fb527) C:\WINDOWS\System32\srvsvc.dll
11:08:43.0921 3376 lanmanserver - ok
11:08:43.0984 3376 lanmanworkstation (a8888a5327621856c0cec4e385f69309) C:\WINDOWS\System32\wkssvc.dll
11:08:44.0031 3376 lanmanworkstation - ok
11:08:44.0171 3376 lbrtfdc - ok
11:08:44.0265 3376 LBTServ (a0f7dc0080e4f97dc97de08b699e231b) C:\Program Files\Common Files\Logishrd\Bluetooth\LBTServ.exe
11:08:44.0296 3376 LBTServ - ok
11:08:44.0375 3376 LHidFilt (24e0ddb99aeccf86bb37702611761459) C:\WINDOWS\system32\DRIVERS\LHidFilt.Sys
11:08:44.0390 3376 LHidFilt - ok
11:08:44.0468 3376 LightScribeService (31d8b705dcd5f2366186e731f87c7a71) C:\Program Files\Common Files\LightScribe\LSSrvc.exe
11:08:44.0484 3376 LightScribeService - ok
11:08:44.0640 3376 LmHosts (a7db739ae99a796d91580147e919cc59) C:\WINDOWS\System32\lmhsvc.dll
11:08:44.0828 3376 LmHosts - ok
11:08:44.0968 3376 LMouFilt (d58b330d318361a66a9fe60d7c9b4951) C:\WINDOWS\system32\DRIVERS\LMouFilt.Sys
11:08:44.0984 3376 LMouFilt - ok
11:08:45.0125 3376 LUsbFilt (144011d14bd35f4e36136ae057b1aadd) C:\WINDOWS\system32\Drivers\LUsbFilt.Sys
11:08:45.0125 3376 LUsbFilt - ok
11:08:45.0234 3376 McAfeeFramework (1bc1a6b644d4cc1964cd851e92b604f4) C:\Program Files\McAfee\Common Framework\FrameworkService.exe
11:08:45.0250 3376 McAfeeFramework - ok
11:08:45.0265 3376 McShield (12bef73e0281ac793865be1a331c67fc) C:\Program Files\McAfee\VirusScan Enterprise\Mcshield.exe
11:08:45.0281 3376 McShield - ok
11:08:45.0328 3376 McTaskManager (dd61b815e2cba6cca6b7ed607f466652) C:\Program Files\McAfee\VirusScan Enterprise\VsTskMgr.exe
11:08:45.0343 3376 McTaskManager - ok
11:08:45.0437 3376 MDM (11f714f85530a2bd134074dc30e99fca) C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
11:08:45.0484 3376 MDM - ok
11:08:45.0625 3376 Messenger (986b1ff5814366d71e0ac5755c88f2d3) C:\WINDOWS\System32\msgsvc.dll
11:08:45.0843 3376 Messenger - ok
11:08:45.0968 3376 mfeapfk (1f334eb2a13816df45671ebb98896da7) C:\WINDOWS\system32\drivers\mfeapfk.sys
11:08:45.0984 3376 mfeapfk - ok
11:08:46.0093 3376 mfeavfk (8a1dedbbdad33587f6fad780ce4b34b5) C:\WINDOWS\system32\drivers\mfeavfk.sys
11:08:46.0093 3376 mfeavfk - ok
11:08:46.0156 3376 mfebopk (d800e31a019a6979698eef0507baa746) C:\WINDOWS\system32\drivers\mfebopk.sys
11:08:46.0156 3376 mfebopk - ok
11:08:46.0187 3376 mfehidk (0ae14fab8e25c258c6ebf3827c649273) C:\WINDOWS\system32\drivers\mfehidk.sys
11:08:46.0218 3376 mfehidk - ok
11:08:46.0312 3376 mferkdk (e72afc5056f6804c616e7dc32a38945f) C:\Program Files\McAfee\VirusScan Enterprise\mferkdk.sys
11:08:46.0312 3376 mferkdk - ok
11:08:46.0484 3376 mfetdik (a47f0f63e92730de15d41624ab998c5c) C:\WINDOWS\system32\drivers\mfetdik.sys
11:08:46.0500 3376 mfetdik - ok
11:08:46.0593 3376 mnmdd (4ae068242760a1fb6e1a44bf4e16afa6) C:\WINDOWS\system32\drivers\mnmdd.sys
11:08:46.0796 3376 mnmdd - ok
11:08:46.0843 3376 mnmsrvc (d18f1f0c101d06a1c1adf26eed16fcdd) C:\WINDOWS\system32\mnmsrvc.exe
11:08:46.0953 3376 mnmsrvc - ok
11:08:47.0109 3376 Modem (dfcbad3cec1c5f964962ae10e0bcc8e1) C:\WINDOWS\system32\drivers\Modem.sys
11:08:47.0203 3376 Modem - ok
11:08:47.0265 3376 Mouclass (35c9e97194c8cfb8430125f8dbc34d04) C:\WINDOWS\system32\DRIVERS\mouclass.sys
11:08:47.0375 3376 Mouclass - ok
11:08:47.0406 3376 mouhid (b1c303e17fb9d46e87a98e4ba6769685) C:\WINDOWS\system32\DRIVERS\mouhid.sys
11:08:47.0578 3376 mouhid - ok
11:08:47.0609 3376 MountMgr (a80b9a0bad1b73637dbcbba7df72d3fd) C:\WINDOWS\system32\drivers\MountMgr.sys
11:08:47.0765 3376 MountMgr - ok
11:08:47.0937 3376 MQAC (70c14f5cca5cf73f8a645c73a01d8726) C:\WINDOWS\system32\drivers\mqac.sys
11:08:48.0109 3376 MQAC - ok
11:08:48.0109 3376 mraid35x - ok
11:08:48.0203 3376 MRxDAV (11d42bb6206f33fbb3ba0288d3ef81bd) C:\WINDOWS\system32\DRIVERS\mrxdav.sys
11:08:48.0375 3376 MRxDAV - ok
11:08:48.0546 3376 MRxSmb (7d304a5eb4344ebeeab53a2fe3ffb9f0) C:\WINDOWS\system32\DRIVERS\mrxsmb.sys
11:08:48.0656 3376 MRxSmb - ok
11:08:48.0718 3376 MSDTC (a137f1470499a205abbb9aafb3b6f2b1) C:\WINDOWS\system32\msdtc.exe
11:08:48.0875 3376 MSDTC - ok
11:08:49.0046 3376 Msfs (c941ea2454ba8350021d774daf0f1027) C:\WINDOWS\system32\drivers\Msfs.sys
11:08:49.0234 3376 Msfs - ok
11:08:49.0234 3376 MSIServer - ok
11:08:49.0281 3376 MSKSSRV (d1575e71568f4d9e14ca56b7b0453bf1) C:\WINDOWS\system32\drivers\MSKSSRV.sys
11:08:49.0375 3376 MSKSSRV - ok
11:08:49.0421 3376 MSMQ (afb909b537aae1beae7bbdb6a36d40b0) C:\WINDOWS\system32\mqsvc.exe
11:08:49.0515 3376 MSMQ - ok
11:08:49.0640 3376 MSMQTriggers (7f955ff3b1bb93376ebe75d5accdc6db) C:\WINDOWS\system32\mqtgsvc.exe
11:08:49.0734 3376 MSMQTriggers - ok
11:08:49.0781 3376 MSPCLOCK (325bb26842fc7ccc1fcce2c457317f3e) C:\WINDOWS\system32\drivers\MSPCLOCK.sys
11:08:49.0890 3376 MSPCLOCK - ok
11:08:50.0031 3376 MSPQM (bad59648ba099da4a17680b39730cb3d) C:\WINDOWS\system32\drivers\MSPQM.sys
11:08:50.0156 3376 MSPQM - ok
11:08:50.0187 3376 mssmbios (af5f4f3f14a8ea2c26de30f7a1e17136) C:\WINDOWS\system32\DRIVERS\mssmbios.sys
11:08:50.0296 3376 mssmbios - ok
11:08:50.0406 3376 MSSQL$ACT7 - ok
11:08:50.0453 3376 MSSQLServerADHelper (1d89eb4e2a99cabd4e81225f4f4c4b25) C:\Program Files\Microsoft SQL Server\90\Shared\sqladhlp90.exe
11:08:50.0484 3376 MSSQLServerADHelper - ok
11:08:50.0671 3376 MSTEE (e53736a9e30c45fa9e7b5eac55056d1d) C:\WINDOWS\system32\drivers\MSTEE.sys
11:08:50.0812 3376 MSTEE - ok
11:08:50.0890 3376 Mup (de6a75f5c270e756c5508d94b6cf68f5) C:\WINDOWS\system32\drivers\Mup.sys
11:08:50.0937 3376 Mup - ok
11:08:50.0968 3376 NABTSFEC (5b50f1b2a2ed47d560577b221da734db) C:\WINDOWS\system32\DRIVERS\NABTSFEC.sys
11:08:51.0187 3376 NABTSFEC - ok
11:08:51.0343 3376 napagent (0102140028fad045756796e1c685d695) C:\WINDOWS\System32\qagentrt.dll
11:08:51.0468 3376 napagent - ok
11:08:51.0625 3376 NDIS (1df7f42665c94b825322fae71721130d) C:\WINDOWS\system32\drivers\NDIS.sys
11:08:51.0718 3376 NDIS - ok
11:08:51.0812 3376 NdisIP (7ff1f1fd8609c149aa432f95a8163d97) C:\WINDOWS\system32\DRIVERS\NdisIP.sys
11:08:51.0968 3376 NdisIP - ok
11:08:52.0000 3376 NdisTapi (0109c4f3850dfbab279542515386ae22) C:\WINDOWS\system32\DRIVERS\ndistapi.sys
11:08:52.0031 3376 NdisTapi - ok
11:08:52.0203 3376 Ndisuio (f927a4434c5028758a842943ef1a3849) C:\WINDOWS\system32\DRIVERS\ndisuio.sys
11:08:52.0359 3376 Ndisuio - ok
11:08:52.0453 3376 NdisWan (edc1531a49c80614b2cfda43ca8659ab) C:\WINDOWS\system32\DRIVERS\ndiswan.sys
11:08:52.0671 3376 NdisWan - ok
11:08:52.0718 3376 NDProxy (9282bd12dfb069d3889eb3fcc1000a9b) C:\WINDOWS\system32\drivers\NDProxy.sys
11:08:52.0750 3376 NDProxy - ok
11:08:52.0843 3376 Net Driver HPZ12 (2969d26eee289be7422aa46fc55f4e38) C:\WINDOWS\system32\HPZinw12.dll
11:08:52.0843 3376 Net Driver HPZ12 ( UnsignedFile.Multi.Generic ) - warning
11:08:52.0843 3376 Net Driver HPZ12 - detected UnsignedFile.Multi.Generic (1)
11:08:52.0968 3376 NetBIOS (5d81cf9a2f1a3a756b66cf684911cdf0) C:\WINDOWS\system32\DRIVERS\netbios.sys
11:08:53.0062 3376 NetBIOS - ok
11:08:53.0078 3376 NetBT (74b2b2f5bea5e9a3dc021d685551bd3d) C:\WINDOWS\system32\DRIVERS\netbt.sys
11:08:53.0234 3376 NetBT - ok
11:08:53.0281 3376 NetDDE (b857ba82860d7ff85ae29b095645563b) C:\WINDOWS\system32\netdde.exe
11:08:53.0453 3376 NetDDE - ok
11:08:53.0453 3376 NetDDEdsdm (b857ba82860d7ff85ae29b095645563b) C:\WINDOWS\system32\netdde.exe
11:08:53.0562 3376 NetDDEdsdm - ok
11:08:53.0687 3376 Netlogon (bf2466b3e18e970d8a976fb95fc1ca85) C:\WINDOWS\system32\lsass.exe
11:08:53.0781 3376 Netlogon - ok
11:08:53.0812 3376 Netman (13e67b55b3abd7bf3fe7aae5a0f9a9de) C:\WINDOWS\System32\netman.dll
11:08:53.0906 3376 Netman - ok
11:08:54.0031 3376 NetTcpPortSharing (d34612c5d02d026535b3095d620626ae) c:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe
11:08:54.0046 3376 NetTcpPortSharing - ok
11:08:54.0281 3376 NETw4x32 (a9574f52e2fd5c1c1b4807a326e0488f) C:\WINDOWS\system32\DRIVERS\NETw4x32.sys
11:08:54.0640 3376 NETw4x32 - ok
11:08:54.0796 3376 NIC1394 (e9e47cfb2d461fa0fc75b7a74c6383ea) C:\WINDOWS\system32\DRIVERS\nic1394.sys
11:08:54.0906 3376 NIC1394 - ok
11:08:54.0968 3376 Nla (943337d786a56729263071623bbb9de5) C:\WINDOWS\System32\mswsock.dll
11:08:54.0984 3376 Nla - ok
11:08:55.0140 3376 nm (1e421a6bcf2203cc61b821ada9de878b) C:\WINDOWS\system32\DRIVERS\NMnt.sys
11:08:55.0281 3376 nm - ok
11:08:55.0343 3376 NPF (6623e51595c0076755c29c00846c4eb2) C:\WINDOWS\system32\drivers\npf.sys
11:08:55.0359 3376 NPF - ok
11:08:55.0375 3376 Npfs (3182d64ae053d6fb034f44b6def8034a) C:\WINDOWS\system32\drivers\Npfs.sys
11:08:55.0500 3376 Npfs - ok
11:08:55.0671 3376 Ntfs (78a08dd6a8d65e697c18e1db01c5cdca) C:\WINDOWS\system32\drivers\Ntfs.sys
11:08:55.0812 3376 Ntfs - ok
11:08:55.0843 3376 NtLmSsp (bf2466b3e18e970d8a976fb95fc1ca85) C:\WINDOWS\system32\lsass.exe
11:08:55.0937 3376 NtLmSsp - ok
11:08:56.0093 3376 NtmsSvc (156f64a3345bd23c600655fb4d10bc08) C:\WINDOWS\system32\ntmssvc.dll
11:08:56.0234 3376 NtmsSvc - ok
11:08:56.0343 3376 Null (73c1e1f395918bc2c6dd67af7591a3ad) C:\WINDOWS\system32\drivers\Null.sys
11:08:56.0500 3376 Null - ok
11:08:56.0703 3376 NWADI (0973c0c696780161f4526586d5eac422) C:\WINDOWS\system32\DRIVERS\NWADIenum.sys
11:08:56.0765 3376 NWADI - ok
11:08:56.0796 3376 NwlnkFlt (b305f3fad35083837ef46a0bbce2fc57) C:\WINDOWS\system32\DRIVERS\nwlnkflt.sys
11:08:56.0984 3376 NwlnkFlt - ok
11:08:57.0093 3376 NwlnkFwd (c99b3415198d1aab7227f2c88fd664b9) C:\WINDOWS\system32\DRIVERS\nwlnkfwd.sys
11:08:57.0265 3376 NwlnkFwd - ok
11:08:57.0406 3376 NWUSBCDFIL (1fde5b2d61d97d803594df4b3bc28c4b) C:\WINDOWS\system32\DRIVERS\NwUsbCdFil.sys
11:08:57.0453 3376 NWUSBCDFIL - ok
11:08:57.0500 3376 NWUSBModem (65b471bb7e57c416a1e685ec07d4abfa) C:\WINDOWS\system32\DRIVERS\nwusbmdm.sys
11:08:57.0625 3376 NWUSBModem - ok
11:08:57.0718 3376 NWUSBPort (65b471bb7e57c416a1e685ec07d4abfa) C:\WINDOWS\system32\DRIVERS\nwusbser.sys
11:08:57.0765 3376 NWUSBPort - ok
11:08:57.0906 3376 NWUSBPort2 (65b471bb7e57c416a1e685ec07d4abfa) C:\WINDOWS\system32\DRIVERS\nwusbser2.sys
11:08:57.0937 3376 NWUSBPort2 - ok
11:08:58.0000 3376 ohci1394 (ca33832df41afb202ee7aeb05145922f) C:\WINDOWS\system32\DRIVERS\ohci1394.sys
11:08:58.0203 3376 ohci1394 - ok
11:08:58.0359 3376 ose (7a56cf3e3f12e8af599963b16f50fb6a) C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE
11:08:58.0375 3376 ose - ok
11:08:58.0546 3376 Parport (5575faf8f97ce5e713d108c2a58d7c7c) C:\WINDOWS\system32\DRIVERS\parport.sys
11:08:58.0656 3376 Parport - ok
11:08:58.0671 3376 PartMgr (beb3ba25197665d82ec7065b724171c6) C:\WINDOWS\system32\drivers\PartMgr.sys
11:08:58.0781 3376 PartMgr - ok
11:08:58.0812 3376 ParVdm (70e98b3fd8e963a6a46a2e6247e0bea1) C:\WINDOWS\system32\drivers\ParVdm.sys
11:08:58.0968 3376 ParVdm - ok
11:08:59.0125 3376 PCA (5eeb45f500e3e97153cb75723f8ca185) C:\WINDOWS\SMINST\PCAngel.exe
11:08:59.0125 3376 PCA ( UnsignedFile.Multi.Generic ) - warning
11:08:59.0125 3376 PCA - detected UnsignedFile.Multi.Generic (1)
11:08:59.0250 3376 PCI (a219903ccf74233761d92bef471a07b1) C:\WINDOWS\system32\DRIVERS\pci.sys
11:08:59.0343 3376 PCI - ok
11:08:59.0359 3376 PCIDump - ok
11:08:59.0390 3376 PCIIde (ccf5f451bb1a5a2a522a76e670000ff0) C:\WINDOWS\system32\DRIVERS\pciide.sys
11:08:59.0515 3376 PCIIde - ok
11:08:59.0578 3376 Pcmcia (9e89ef60e9ee05e3f2eef2da7397f1c1) C:\WINDOWS\system32\DRIVERS\pcmcia.sys
11:08:59.0734 3376 Pcmcia - ok
11:08:59.0750 3376 PDCOMP - ok
11:08:59.0765 3376 PDFRAME - ok
11:08:59.0765 3376 PDRELI - ok
11:08:59.0781 3376 PDRFRAME - ok
11:08:59.0781 3376 perc2 - ok
11:08:59.0796 3376 perc2hib - ok
11:08:59.0859 3376 PlugPlay (65df52f5b8b6e9bbd183505225c37315) C:\WINDOWS\system32\services.exe
11:08:59.0859 3376 PlugPlay - ok
11:08:59.0968 3376 Pml Driver HPZ12 (bafc9706bdf425a02b66468ab2605c59) C:\WINDOWS\system32\HPZipm12.dll
11:08:59.0984 3376 Pml Driver HPZ12 ( UnsignedFile.Multi.Generic ) - warning
11:08:59.0984 3376 Pml Driver HPZ12 - detected UnsignedFile.Multi.Generic (1)
11:09:00.0046 3376 PolicyAgent (bf2466b3e18e970d8a976fb95fc1ca85) C:\WINDOWS\system32\lsass.exe
11:09:00.0140 3376 PolicyAgent - ok
11:09:00.0312 3376 PptpMiniport (efeec01b1d3cf84f16ddd24d9d9d8f99) C:\WINDOWS\system32\DRIVERS\raspptp.sys
11:09:00.0437 3376 PptpMiniport - ok
11:09:00.0453 3376 ProtectedStorage (bf2466b3e18e970d8a976fb95fc1ca85) C:\WINDOWS\system32\lsass.exe
11:09:00.0546 3376 ProtectedStorage - ok
11:09:00.0546 3376 PSched (09298ec810b07e5d582cb3a3f9255424) C:\WINDOWS\system32\DRIVERS\psched.sys
11:09:00.0656 3376 PSched - ok
11:09:00.0750 3376 PSI_SVC_2 (4d4855e85cb7958ae10e9c37d90e5163) c:\program files\common files\protexis\license service\psiservice_2.exe
11:09:00.0765 3376 PSI_SVC_2 ( UnsignedFile.Multi.Generic ) - warning
11:09:00.0765 3376 PSI_SVC_2 - detected UnsignedFile.Multi.Generic (1)
11:09:00.0937 3376 Ptilink (80d317bd1c3dbc5d4fe7b1678c60cadd) C:\WINDOWS\system32\DRIVERS\ptilink.sys
11:09:01.0031 3376 Ptilink - ok
11:09:01.0078 3376 PxHelp20 (d86b4a68565e444d76457f14172c875a) C:\WINDOWS\system32\Drivers\PxHelp20.sys
11:09:01.0093 3376 PxHelp20 - ok
11:09:01.0109 3376 ql1080 - ok
11:09:01.0125 3376 Ql10wnt - ok
11:09:01.0125 3376 ql12160 - ok
11:09:01.0140 3376 ql1240 - ok
11:09:01.0156 3376 ql1280 - ok
11:09:01.0171 3376 RasAcd (fe0d99d6f31e4fad8159f690d68ded9c) C:\WINDOWS\system32\DRIVERS\rasacd.sys
11:09:01.0312 3376 RasAcd - ok
11:09:01.0484 3376 RasAuto (ad188be7bdf94e8df4ca0a55c00a5073) C:\WINDOWS\System32\rasauto.dll
11:09:01.0656 3376 RasAuto - ok
11:09:01.0796 3376 Rasirda (0207d26ddf796a193ccd9f83047bb5fc) C:\WINDOWS\system32\DRIVERS\rasirda.sys
11:09:01.0890 3376 Rasirda - ok
11:09:02.0000 3376 Rasl2tp (11b4a627bc9614b885c4969bfa5ff8a6) C:\WINDOWS\system32\DRIVERS\rasl2tp.sys
11:09:02.0156 3376 Rasl2tp - ok
11:09:02.0218 3376 RasMan (76a9a3cbeadd68cc57cda5e1d7448235) C:\WINDOWS\System32\rasmans.dll
11:09:02.0406 3376 RasMan - ok
11:09:02.0578 3376 RasPppoe (5bc962f2654137c9909c3d4603587dee) C:\WINDOWS\system32\DRIVERS\raspppoe.sys
11:09:02.0687 3376 RasPppoe - ok
11:09:02.0734 3376 Raspti (fdbb1d60066fcfbb7452fd8f9829b242) C:\WINDOWS\system32\DRIVERS\raspti.sys
11:09:02.0828 3376 Raspti - ok
11:09:02.0890 3376 Rdbss (7ad224ad1a1437fe28d89cf22b17780a) C:\WINDOWS\system32\DRIVERS\rdbss.sys
11:09:03.0031 3376 Rdbss - ok
11:09:03.0062 3376 RDPCDD (4912d5b403614ce99c28420f75353332) C:\WINDOWS\system32\DRIVERS\RDPCDD.sys
11:09:03.0218 3376 RDPCDD - ok
11:09:03.0390 3376 rdpdr (15cabd0f7c00c47c70124907916af3f1) C:\WINDOWS\system32\DRIVERS\rdpdr.sys
11:09:03.0578 3376 rdpdr - ok
11:09:03.0703 3376 RDPWD (5b3055daa788bd688594d2f5981f2a83) C:\WINDOWS\system32\drivers\RDPWD.sys
11:09:03.0750 3376 RDPWD - ok
11:09:03.0921 3376 RDSessMgr (3c37bf86641bda977c3bf8a840f3b7fa) C:\WINDOWS\system32\sessmgr.exe
11:09:04.0109 3376 RDSessMgr - ok
11:09:04.0187 3376 redbook (f828dd7e1419b6653894a8f97a0094c5) C:\WINDOWS\system32\DRIVERS\redbook.sys
11:09:04.0281 3376 redbook - ok
11:09:04.0359 3376 RemoteAccess (7e699ff5f59b5d9de5390e3c34c67cf5) C:\WINDOWS\System32\mprdim.dll
11:09:04.0468 3376 RemoteAccess - ok
11:09:04.0781 3376 RemoteRegistry (5b19b557b0c188210a56a6b699d90b8f) C:\WINDOWS\system32\regsvc.dll
11:09:04.0937 3376 RemoteRegistry - ok
11:09:05.0031 3376 RMCAST (96f7a9a7bf0c9c0440a967440065d33c) C:\WINDOWS\system32\drivers\RMCast.sys
11:09:05.0078 3376 RMCAST - ok
11:09:05.0281 3376 RoxMediaDB9 (229933ce97a9421f5f1673a20473726f) c:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxMediaDB9.exe
11:09:05.0343 3376 RoxMediaDB9 - ok
11:09:05.0421 3376 rpcapd (e51a8d02b4bd33eba1f7a5b76c3766ed) C:\Program Files\WinPcap\rpcapd.exe
11:09:05.0437 3376 rpcapd - ok
11:09:05.0625 3376 RpcLocator (aaed593f84afa419bbae8572af87cf6a) C:\WINDOWS\system32\locator.exe
11:09:05.0828 3376 RpcLocator - ok
11:09:05.0890 3376 RpcSs (6b27a5c03dfb94b4245739065431322c) C:\WINDOWS\System32\rpcss.dll
11:09:05.0968 3376 RpcSs - ok
11:09:06.0109 3376 RSVP (471b3f9741d762abe75e9deea4787e47) C:\WINDOWS\system32\rsvp.exe
11:09:06.0234 3376 RSVP - ok
11:09:06.0281 3376 SamSs (bf2466b3e18e970d8a976fb95fc1ca85) C:\WINDOWS\system32\lsass.exe
11:09:06.0375 3376 SamSs - ok
11:09:06.0500 3376 SASDIFSV (a3281aec37e0720a2bc28034c2df2a56) C:\Program Files\SUPERAntiSpyware\SASDIFSV.SYS
11:09:06.0515 3376 SASDIFSV - ok
11:09:06.0562 3376 SASKUTIL (61db0d0756a99506207fd724e3692b25) C:\Program Files\SUPERAntiSpyware\SASKUTIL.SYS
11:09:06.0562 3376 SASKUTIL - ok
11:09:06.0750 3376 SCardSvr (86d007e7a654b9a71d1d7d856b104353) C:\WINDOWS\System32\SCardSvr.exe
11:09:06.0937 3376 SCardSvr - ok
11:09:07.0000 3376 Schedule (0a9a7365a1ca4319aa7c1d6cd8e4eafa) C:\WINDOWS\system32\schedsvc.dll
11:09:07.0171 3376 Schedule - ok
11:09:07.0390 3376 Secdrv (90a3935d05b494a5a39d37e71f09a677) C:\WINDOWS\system32\DRIVERS\secdrv.sys
11:09:07.0500 3376 Secdrv - ok
11:09:07.0546 3376 seclogon (cbe612e2bb6a10e3563336191eda1250) C:\WINDOWS\System32\seclogon.dll
11:09:07.0640 3376 seclogon - ok
11:09:07.0765 3376 SENS (7fdd5d0684eca8c1f68b4d99d124dcd0) C:\WINDOWS\system32\sens.dll
11:09:07.0921 3376 SENS - ok
11:09:07.0968 3376 serenum (0f29512ccd6bead730039fb4bd2c85ce) C:\WINDOWS\system32\DRIVERS\serenum.sys
11:09:08.0109 3376 serenum - ok
11:09:08.0203 3376 Serial (cca207a8896d4c6a0c9ce29a4ae411a7) C:\WINDOWS\system32\DRIVERS\serial.sys
11:09:08.0343 3376 Serial - ok
11:09:08.0390 3376 Sfloppy (8e6b8c671615d126fdc553d1e2de5562) C:\WINDOWS\system32\drivers\Sfloppy.sys
11:09:08.0546 3376 Sfloppy - ok
11:09:08.0640 3376 SharedAccess (83f41d0d89645d7235c051ab1d9523ac) C:\WINDOWS\System32\ipnathlp.dll
11:09:08.0828 3376 SharedAccess - ok
11:09:08.0953 3376 ShellHWDetection (99bc0b50f511924348be19c7c7313bbf) C:\WINDOWS\System32\shsvcs.dll
11:09:08.0968 3376 ShellHWDetection - ok
11:09:09.0046 3376 Simbad - ok
11:09:09.0093 3376 SLIP (866d538ebe33709a5c9f5c62b73b7d14) C:\WINDOWS\system32\DRIVERS\SLIP.sys
11:09:09.0265 3376 SLIP - ok
11:09:09.0390 3376 SMCIRDA (707647a1aa0edb6cbef61b0c75c28ed3) C:\WINDOWS\system32\DRIVERS\smcirda.sys
11:09:09.0515 3376 SMCIRDA - ok
11:09:09.0609 3376 SMSIVZAM5 (1e715247efffdda938c085913045d599) C:\PROGRA~1\VERIZO~1\VZACCE~1\SMSIVZAM5.SYS
11:09:09.0640 3376 SMSIVZAM5 - ok
11:09:09.0703 3376 Sparrow - ok
11:09:09.0812 3376 splitter (ab8b92451ecb048a4d1de7c3ffcb4a9f) C:\WINDOWS\system32\drivers\splitter.sys
11:09:10.0031 3376 splitter - ok
11:09:10.0078 3376 Spooler (60784f891563fb1b767f70117fc2428f) C:\WINDOWS\system32\spoolsv.exe
11:09:10.0125 3376 Spooler - ok
11:09:10.0250 3376 SQLBrowser (86ebd8b1f23e743aad21f4d5b4d40985) C:\Program Files\Microsoft SQL Server\90\Shared\sqlbrowser.exe
11:09:10.0265 3376 SQLBrowser - ok
11:09:10.0328 3376 SQLWriter (d89083c4eb02daca8f944b0e05e57f9d) C:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe
11:09:10.0328 3376 SQLWriter - ok
11:09:10.0500 3376 sr (76bb022c2fb6902fd5bdd4f78fc13a5d) C:\WINDOWS\system32\DRIVERS\sr.sys
11:09:10.0609 3376 sr - ok
11:09:10.0656 3376 srservice (3805df0ac4296a34ba4bf93b346cc378) C:\WINDOWS\system32\srsvc.dll
11:09:10.0859 3376 srservice - ok
11:09:11.0062 3376 Srv (47ddfc2f003f7f9f0592c6874962a2e7) C:\WINDOWS\system32\DRIVERS\srv.sys
11:09:11.0109 3376 Srv - ok
11:09:11.0156 3376 SSDPSRV (0a5679b3714edab99e357057ee88fca6) C:\WINDOWS\System32\ssdpsrv.dll
11:09:11.0250 3376 SSDPSRV - ok
11:09:11.0312 3376 stisvc (8bad69cbac032d4bbacfce0306174c30) C:\WINDOWS\system32\wiaservc.dll
11:09:11.0406 3376 stisvc - ok
11:09:11.0500 3376 stllssvr (e5ff667e416dac99bff16b626234a379) c:\Program Files\Common Files\SureThing Shared\stllssvr.exe
11:09:11.0546 3376 stllssvr - ok
11:09:11.0703 3376 streamip (77813007ba6265c4b6098187e6ed79d2) C:\WINDOWS\system32\DRIVERS\StreamIP.sys
11:09:11.0890 3376 streamip - ok
11:09:11.0968 3376 swenum (3941d127aef12e93addf6fe6ee027e0f) C:\WINDOWS\system32\DRIVERS\swenum.sys
11:09:12.0156 3376 swenum - ok
11:09:12.0187 3376 swmidi (8ce882bcc6cf8a62f2b2323d95cb3d01) C:\WINDOWS\system32\drivers\swmidi.sys
11:09:12.0296 3376 swmidi - ok
11:09:12.0625 3376 SwPrv - ok
11:09:12.0671 3376 symc810 - ok
11:09:12.0687 3376 symc8xx - ok
11:09:12.0859 3376 sym_hi - ok
11:09:12.0875 3376 sym_u3 - ok
11:09:12.0937 3376 SynTP (6f9cff60129569ec39efc490f4bcde0e) C:\WINDOWS\system32\DRIVERS\SynTP.sys
11:09:12.0968 3376 SynTP - ok
11:09:13.0031 3376 sysaudio (8b83f3ed0f1688b4958f77cd6d2bf290) C:\WINDOWS\system32\drivers\sysaudio.sys
11:09:13.0125 3376 sysaudio - ok
11:09:13.0281 3376 SysmonLog (c7abbc59b43274b1109df6b24d617051) C:\WINDOWS\system32\smlogsvc.exe
11:09:13.0390 3376 SysmonLog - ok
11:09:13.0468 3376 TapiSrv (3cb78c17bb664637787c9a1c98f79c38) C:\WINDOWS\System32\tapisrv.dll
11:09:13.0578 3376 TapiSrv - ok
11:09:13.0796 3376 Tcpip (9aefa14bd6b182d61e3119fa5f436d3d) C:\WINDOWS\system32\DRIVERS\tcpip.sys
11:09:13.0843 3376 Tcpip - ok
11:09:13.0890 3376 TDPIPE (6471a66807f5e104e4885f5b67349397) C:\WINDOWS\system32\drivers\TDPIPE.sys
11:09:14.0046 3376 TDPIPE - ok
11:09:14.0078 3376 TDTCP (c56b6d0402371cf3700eb322ef3aaf61) C:\WINDOWS\system32\drivers\TDTCP.sys
11:09:14.0250 3376 TDTCP - ok
11:09:14.0406 3376 TermDD (88155247177638048422893737429d9e) C:\WINDOWS\system32\DRIVERS\termdd.sys
11:09:14.0562 3376 TermDD - ok
11:09:14.0687 3376 TermService (ff3477c03be7201c294c35f684b3479f) C:\WINDOWS\System32\termsrv.dll
11:09:14.0843 3376 TermService - ok
11:09:14.0984 3376 Themes (99bc0b50f511924348be19c7c7313bbf) C:\WINDOWS\System32\shsvcs.dll
11:09:15.0000 3376 Themes - ok
11:09:15.0062 3376 TlntSvr (db7205804759ff62c34e3efd8a4cc76a) C:\WINDOWS\system32\tlntsvr.exe
11:09:15.0218 3376 TlntSvr - ok
11:09:15.0343 3376 TomTomHOMEService (efef22b9577e5051057fde1ae381b50c) C:\Program Files\TomTom HOME 2\TomTomHOMEService.exe
11:09:15.0359 3376 TomTomHOMEService - ok
11:09:15.0515 3376 TosIde - ok
11:09:15.0609 3376 TrkWks (55bca12f7f523d35ca3cb833c725f54e) C:\WINDOWS\system32\trkwks.dll
11:09:15.0750 3376 TrkWks - ok
11:09:15.0812 3376 Udfs (5787b80c2e3c5e2f56c2a233d91fa2c9) C:\WINDOWS\system32\drivers\Udfs.sys
11:09:15.0921 3376 Udfs - ok
11:09:15.0921 3376 ultra - ok
11:09:15.0984 3376 Update (402ddc88356b1bac0ee3dd1580c76a31) C:\WINDOWS\system32\DRIVERS\update.sys
11:09:16.0093 3376 Update - ok
11:09:16.0234 3376 upnphost (1ebafeb9a3fbdc41b8d9c7f0f687ad91) C:\WINDOWS\System32\upnphost.dll
11:09:16.0343 3376 upnphost - ok
11:09:16.0375 3376 UPS (05365fb38fca1e98f7a566aaaf5d1815) C:\WINDOWS\System32\ups.exe
11:09:16.0453 3376 UPS - ok
11:09:16.0593 3376 USBAAPL (e8c1b9ebac65288e1b51e8a987d98af6) C:\WINDOWS\system32\Drivers\usbaapl.sys
11:09:16.0640 3376 USBAAPL - ok
11:09:16.0781 3376 usbaudio (e919708db44ed8543a7c017953148330) C:\WINDOWS\system32\drivers\usbaudio.sys
11:09:16.0890 3376 usbaudio - ok
11:09:17.0000 3376 usbccgp (173f317ce0db8e21322e71b7e60a27e8) C:\WINDOWS\system32\DRIVERS\usbccgp.sys
11:09:17.0093 3376 usbccgp - ok
11:09:17.0234 3376 usbehci (65dcf09d0e37d4c6b11b5b0b76d470a7) C:\WINDOWS\system32\DRIVERS\usbehci.sys
11:09:17.0328 3376 usbehci - ok
11:09:17.0390 3376 usbhub (1ab3cdde553b6e064d2e754efe20285c) C:\WINDOWS\system32\DRIVERS\usbhub.sys
11:09:17.0484 3376 usbhub - ok
11:09:17.0578 3376 usbprint (a717c8721046828520c9edf31288fc00) C:\WINDOWS\system32\DRIVERS\usbprint.sys
11:09:17.0671 3376 usbprint - ok
11:09:17.0796 3376 usbscan (a0b8cf9deb1184fbdd20784a58fa75d4) C:\WINDOWS\system32\DRIVERS\usbscan.sys
11:09:17.0906 3376 usbscan - ok
11:09:17.0953 3376 USBSTOR (a32426d9b14a089eaa1d922e0c5801a9) C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS
11:09:18.0046 3376 USBSTOR - ok
11:09:18.0093 3376 usbuhci (26496f9dee2d787fc3e61ad54821ffe6) C:\WINDOWS\system32\DRIVERS\usbuhci.sys
11:09:18.0187 3376 usbuhci - ok
11:09:18.0296 3376 usbvideo (63bbfca7f390f4c49ed4b96bfb1633e0) C:\WINDOWS\system32\Drivers\usbvideo.sys
11:09:18.0406 3376 usbvideo - ok
11:09:18.0546 3376 usb_rndisx (b6cc50279d6cd28e090a5d33244adc9a) C:\WINDOWS\system32\DRIVERS\usb8023x.sys
11:09:18.0656 3376 usb_rndisx - ok
11:09:18.0703 3376 VgaSave (0d3a8fafceacd8b7625cd549757a7df1) C:\WINDOWS\System32\drivers\vga.sys
11:09:18.0796 3376 VgaSave - ok
11:09:18.0859 3376 ViaIde (3b3efcda263b8ac14fdf9cbdd0791b2e) C:\WINDOWS\system32\DRIVERS\viaide.sys
11:09:18.0953 3376 ViaIde - ok
11:09:19.0062 3376 VolSnap (4c8fcb5cc53aab716d810740fe59d025) C:\WINDOWS\system32\drivers\VolSnap.sys
11:09:19.0140 3376 VolSnap - ok
11:09:19.0203 3376 VSS (7a9db3a67c333bf0bd42e42b8596854b) C:\WINDOWS\System32\vssvc.exe
11:09:19.0312 3376 VSS - ok
11:09:19.0390 3376 W32Time (54af4b1d5459500ef0937f6d33b1914f) C:\WINDOWS\system32\w32time.dll
11:09:19.0468 3376 W32Time - ok
11:09:19.0578 3376 Wanarp (e20b95baedb550f32dd489265c1da1f6) C:\WINDOWS\system32\DRIVERS\wanarp.sys
11:09:19.0671 3376 Wanarp - ok
11:09:19.0812 3376 Wdf01000 (bbcfeab7e871cddac2d397ee7fa91fdc) C:\WINDOWS\system32\DRIVERS\Wdf01000.sys
11:09:19.0828 3376 Wdf01000 - ok
11:09:19.0937 3376 WDICA - ok
11:09:20.0031 3376 wdmaud (6768acf64b18196494413695f0c3a00f) C:\WINDOWS\system32\drivers\wdmaud.sys
11:09:20.0125 3376 wdmaud - ok
11:09:20.0171 3376 WebClient (77a354e28153ad2d5e120a5a8687bc06) C:\WINDOWS\System32\webclnt.dll
11:09:20.0265 3376 WebClient - ok
11:09:20.0359 3376 WinDefend (f45dd1e1365d857dd08bc23563370d0e) C:\Program Files\Windows Defender\MsMpEng.exe
11:09:20.0375 3376 WinDefend - ok
11:09:20.0578 3376 winmgmt (2d0e4ed081963804ccc196a0929275b5) C:\WINDOWS\system32\wbem\WMIsvc.dll
11:09:20.0687 3376 winmgmt - ok
11:09:20.0781 3376 WinUSB (fd600b032e741eb6aab509fc630f7c42) C:\WINDOWS\system32\DRIVERS\WinUSB.sys
11:09:20.0796 3376 WinUSB - ok
11:09:20.0953 3376 WmdmPmSN (c51b4a5c05a5475708e3c81c7765b71d) C:\WINDOWS\system32\MsPMSNSv.dll
11:09:21.0000 3376 WmdmPmSN - ok
11:09:21.0062 3376 Wmi (e76f8807070ed04e7408a86d6d3a6137) C:\WINDOWS\System32\advapi32.dll
11:09:21.0093 3376 Wmi - ok
11:09:21.0250 3376 WmiAcpi (c42584fd66ce9e17403aebca199f7bdb) C:\WINDOWS\system32\DRIVERS\wmiacpi.sys
11:09:21.0328 3376 WmiAcpi - ok
11:09:21.0437 3376 WmiApSrv (e0673f1106e62a68d2257e376079f821) C:\WINDOWS\system32\wbem\wmiapsrv.exe
11:09:21.0546 3376 WmiApSrv - ok
11:09:21.0671 3376 WMPNetworkSvc (f74e3d9a7fa9556c3bbb14d4e5e63d3b) C:\Program Files\Windows Media Player\WMPNetwk.exe
11:09:21.0750 3376 WMPNetworkSvc - ok
11:09:21.0921 3376 WpdUsb (cf4def1bf66f06964dc0d91844239104) C:\WINDOWS\system32\DRIVERS\wpdusb.sys
11:09:21.0937 3376 WpdUsb - ok
11:09:22.0015 3376 WS2IFSL (6abe6e225adb5a751622a9cc3bc19ce8) C:\WINDOWS\System32\drivers\ws2ifsl.sys
11:09:22.0125 3376 WS2IFSL - ok
11:09:22.0187 3376 wscsvc (7c278e6408d1dce642230c0585a854d5) C:\WINDOWS\system32\wscsvc.dll
11:09:22.0281 3376 wscsvc - ok
11:09:22.0468 3376 WSTCODEC (c98b39829c2bbd34e454150633c62c78) C:\WINDOWS\system32\DRIVERS\WSTCODEC.SYS
11:09:22.0578 3376 WSTCODEC - ok
11:09:22.0593 3376 wuauserv (35321fb577cdc98ce3eb3a3eb9e4610a) C:\WINDOWS\system32\wuauserv.dll
11:09:22.0718 3376 wuauserv - ok
11:09:22.0765 3376 WudfPf (f15feafffbb3644ccc80c5da584e6311) C:\WINDOWS\system32\DRIVERS\WudfPf.sys
11:09:22.0812 3376 WudfPf - ok
11:09:22.0968 3376 WudfRd (28b524262bce6de1f7ef9f510ba3985b) C:\WINDOWS\system32\DRIVERS\wudfrd.sys
11:09:23.0000 3376 WudfRd - ok
11:09:23.0015 3376 WudfSvc (05231c04253c5bc30b26cbaae680ed89) C:\WINDOWS\System32\WUDFSvc.dll
11:09:23.0031 3376 WudfSvc - ok
11:09:23.0109 3376 WZCSVC (81dc3f549f44b1c1fff022dec9ecf30b) C:\WINDOWS\System32\wzcsvc.dll
11:09:23.0218 3376 WZCSVC - ok
11:09:23.0375 3376 xmlprov (295d21f14c335b53cb8154e5b1f892b9) C:\WINDOWS\System32\xmlprov.dll
11:09:23.0468 3376 xmlprov - ok
11:09:23.0484 3376 MBR (0x1B8) (4f02a8d4048a138c450ed7f867eb0144) \Device\Harddisk0\DR0
11:09:23.0734 3376 \Device\Harddisk0\DR0 ( TDSS File System ) - warning
11:09:23.0734 3376 \Device\Harddisk0\DR0 - detected TDSS File System (1)
11:09:23.0734 3376 Boot (0x1200) (9c9f5348095a91472102a23e7a3536d5) \Device\Harddisk0\DR0\Partition0
11:09:23.0750 3376 \Device\Harddisk0\DR0\Partition0 - ok
11:09:23.0750 3376 Boot (0x1200) (8264b8d865a9818d0d7f436c4a56d5e7) \Device\Harddisk0\DR0\Partition1
11:09:23.0750 3376 \Device\Harddisk0\DR0\Partition1 - ok
11:09:23.0750 3376 ============================================================
11:09:23.0750 3376 Scan finished
11:09:23.0750 3376 ============================================================
11:09:23.0859 4136 Detected object count: 11
11:09:23.0859 4136 Actual detected object count: 11
13:04:39.0015 4136 ACT! Scheduler ( UnsignedFile.Multi.Generic ) - skipped by user
13:04:39.0015 4136 ACT! Scheduler ( UnsignedFile.Multi.Generic ) - User select action: Skip
13:04:39.0015 4136 btwdins ( UnsignedFile.Multi.Generic ) - skipped by user
13:04:39.0015 4136 btwdins ( UnsignedFile.Multi.Generic ) - User select action: Skip
13:04:39.0015 4136 DroidCam ( UnsignedFile.Multi.Generic ) - skipped by user
13:04:39.0015 4136 DroidCam ( UnsignedFile.Multi.Generic ) - User select action: Skip
13:04:39.0031 4136 FLCDLOCK ( UnsignedFile.Multi.Generic ) - skipped by user
13:04:39.0031 4136 FLCDLOCK ( UnsignedFile.Multi.Generic ) - User select action: Skip
13:04:39.0031 4136 FLEXnet Licensing Service ( UnsignedFile.Multi.Generic ) - skipped by user
13:04:39.0031 4136 FLEXnet Licensing Service ( UnsignedFile.Multi.Generic ) - User select action: Skip
13:04:39.0031 4136 IDriverT ( UnsignedFile.Multi.Generic ) - skipped by user
13:04:39.0031 4136 IDriverT ( UnsignedFile.Multi.Generic ) - User select action: Skip
13:04:39.0031 4136 Net Driver HPZ12 ( UnsignedFile.Multi.Generic ) - skipped by user
13:04:39.0031 4136 Net Driver HPZ12 ( UnsignedFile.Multi.Generic ) - User select action: Skip
13:04:39.0046 4136 PCA ( UnsignedFile.Multi.Generic ) - skipped by user
13:04:39.0046 4136 PCA ( UnsignedFile.Multi.Generic ) - User select action: Skip
13:04:39.0046 4136 Pml Driver HPZ12 ( UnsignedFile.Multi.Generic ) - skipped by user
13:04:39.0046 4136 Pml Driver HPZ12 ( UnsignedFile.Multi.Generic ) - User select action: Skip
13:04:39.0046 4136 PSI_SVC_2 ( UnsignedFile.Multi.Generic ) - skipped by user
13:04:39.0046 4136 PSI_SVC_2 ( UnsignedFile.Multi.Generic ) - User select action: Skip
13:04:39.0046 4136 \Device\Harddisk0\DR0 ( TDSS File System ) - skipped by user
13:04:39.0046 4136 \Device\Harddisk0\DR0 ( TDSS File System ) - User select action: Skip
13:05:41.0375 4724 Deinitialize success
  • 0

#25
azarl

azarl

    GeekU Admin

  • Administrator
  • 25,175 posts

I'm hooked up to my workplace's server, through which I access the internet and work files. I do have to log in to the network, so I'm going to assume that means I'm connected to a domain server?

With the new Parameters TDSSKiller found 10 unsigned files and 1 TDSS File System - however, instead of "cure" my options are "Skip, Copy to Quarantine, Delete" - is copy to quarantine the same thing as "cure?" I still have the window up and will wait to make any changes at all until I hear from you (and if I don't hear from you, I'll just skip all and post the log).

They don't need quarantining. I can't see anything here. Are you sure the server is clean?.
  • 0

Advertisements


#26
idrawstuff

idrawstuff

    Member

  • Topic Starter
  • Member
  • PipPip
  • 72 posts
I couldn't be sure, but I did check this morning and none of the other computers on the network are exhibiting this problem if that makes a difference.
  • 0

#27
idrawstuff

idrawstuff

    Member

  • Topic Starter
  • Member
  • PipPip
  • 72 posts
I did notice that the redirects haven't occurred since running Gooredfix again, for what it's worth. May I ask, does anything in my logs indicate what the malware was/is?
  • 0

#28
azarl

azarl

    GeekU Admin

  • Administrator
  • 25,175 posts

does anything in my logs indicate what the malware was/is?

Not really, there's some files that I removed that shouldn't be there, but nothing that I could specifically identify. Let me know how it goes please
  • 0

#29
azarl

azarl

    GeekU Admin

  • Administrator
  • 25,175 posts
Since this issue appears to be resolved ... this Topic has been closed. Glad we could help. :)

If you're the topic starter, and need this topic reopened, please contact a staff member with the address of the thread.

Everyone else please begin a New Topic.
  • 0

#30
azarl

azarl

    GeekU Admin

  • Administrator
  • 25,175 posts
Firstly...

Posted Image OTL
  • Download OTL to your Desktop
  • Double click on the OTL icon to run it. Make sure all other windows are closed and to let it run uninterrupted.
  • Under the Custom Scan box paste this in:

    netsvcs
    %SYSTEMDRIVE%\*.exe
    /md5start
    explorer.exe
    winlogon.exe
    Userinit.exe
    svchost.exe
    consrv.dll
    /md5stop
    HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\NetBT /s
    HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\NetBIOS /s
    hklm\software\clients\startmenuinternet|command /rs
    hklm\software\clients\startmenuinternet|command /64 /rs
    %Temp%\smtmp\1\*.*
    %Temp%\smtmp\2\*.*
    %Temp%\smtmp\3\*.*
    %Temp%\smtmp\4\*.*
    C:\Windows\assembly\tmp\U\*.* /s
    C:\Program Files\Common Files\ComObjects\*.* /s
    DRIVES
    >C:\commands.txt echo list vol /raw /hide /c
    /wait
    >C:\DiskReport.txt diskpart /s C:\commands.txt /raw /hide /c
    /wait
    type c:\diskreport.txt /c
    /wait
    del c:\commands.txt^|y /hide /c
    /wait
    del c:\diskreport.txt^|y /hide /c

  • In the "Extra Registry" section click on "Use Safelist"
  • Click the Run Scan button. Do not change any settings unless otherwise told to do so. The scan wont take long.
When the scan completes, it will open two notepad windows. OTL.Txt and Extras.Txt. These are saved in the same location as OTL.
Please copy (Edit->Select All, Edit->Copy) the contents of these files, one at a time, and paste them into your reply.

Next...
Download aswMBR.exe ( 511KB ) to your desktop.

Double click the aswMBR.exe to run it

Click the "Scan" button to start scan
Posted Image

On completion of the scan click save log, save it to your desktop and post in your next reply
Posted Image
  • 0






Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP