Jump to content

Welcome to Geeks to Go - Register now for FREE

Need help with your computer or device? Want to learn new tech skills? You're in the right place!
Geeks to Go is a friendly community of tech experts who can solve any problem you have. Just create a free account and post your question. Our volunteers will reply quickly and guide you through the steps. Don't let tech troubles stop you. Join Geeks to Go now and get the support you need!

How it Works Create Account
Photo

Google Redirect Virus, Tried TDSS Killer [Closed]

Started by Wilbur13 , Feb 20 2013 10:18 PM

  • This topic is locked This topic is locked

#1
Wilbur13
Posted 20 February 2013 - 10:18 PM

Wilbur13

    Member

  • Member
  • PipPip
  • 16 posts
Hello,

I've been infected with the Google redirect virus. I believe you guys helped me remove it once before, years ago when it first appeared, but I've managed to contract it again. As far as I can tell it redirects from all major search engines the first time I click a link, but if I go back and click it again it takes me to the correct link. It is doing this in IE and Firefox, although I downloaded Chrome just to test and it does not appear to affect Chrome.

I've tried everything I can possibly find to get rid of/fix this issue, including your own removal guide posted in the Malware and Spyware Cleaning Guide. After doing that, it appears that Yahoo! searches are not redirecting, but Google searches are still redirecting. I've done scans with TDSS Killer, Malwarebytes, Super Anti-Spyware and Forefront. Earlier in the week, Forefront found an exploit "Java/CVE-2013-0422" and a trojan "Win32/Sirefef!cfg" and "Win32/Sirefef.BC"

I'm usually fairly careful when it comes to malware and viruses, but I'm not even sure what I was doing that caused me to contract these viruses. I downloaded and ran OTL as requested, and the log is below:

OTL logfile created on: 2/20/2013 11:08:28 PM - Run 1
OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\QUARTE_MATT\Desktop
Enterprise Edition (Version = 6.1.7600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.7600.16385)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

2.97 Gb Total Physical Memory | 1.70 Gb Available Physical Memory | 57.24% Memory free
5.93 Gb Paging File | 4.38 Gb Available in Paging File | 73.96% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 230.59 Gb Total Space | 104.54 Gb Free Space | 45.34% Space Free | Partition Type: NTFS
Drive F: | 2.00 Gb Total Space | 1.99 Gb Free Space | 99.83% Space Free | Partition Type: FAT32

Computer Name: 2CE929CQCT | User Name: Matthew | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2013/02/20 23:08:09 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\QUARTE_MATT\Desktop\OTL.exe
PRC - [2013/02/08 01:41:13 | 001,808,240 | ---- | M] (Adobe Systems, Inc.) -- C:\Windows\System32\Macromed\Flash\FlashPlayerPlugin_11_5_502_149.exe
PRC - [2012/12/18 09:28:08 | 000,065,192 | ---- | M] (Adobe Systems Incorporated) -- C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe
PRC - [2012/12/17 19:50:28 | 016,328,976 | ---- | M] (Google) -- C:\Program Files\Google\Drive\googledrivesync.exe
PRC - [2012/11/28 16:37:22 | 000,059,280 | ---- | M] (Apple Inc.) -- C:\Program Files\Common Files\Apple\Internet Services\ApplePhotoStreams.exe
PRC - [2012/11/28 16:23:06 | 000,059,280 | ---- | M] (Apple Inc.) -- C:\Program Files\Common Files\Apple\Internet Services\iCloudServices.exe
PRC - [2012/11/28 14:13:16 | 000,059,280 | ---- | M] (Apple Inc.) -- C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe
PRC - [2012/11/01 14:45:21 | 004,763,008 | ---- | M] (SUPERAntiSpyware.com) -- C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
PRC - [2012/07/11 13:54:49 | 000,116,608 | ---- | M] (SUPERAntiSpyware.com) -- C:\Program Files\SUPERAntiSpyware\SASCore.exe
PRC - [2012/04/04 14:56:40 | 000,654,408 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe
PRC - [2012/03/12 23:39:04 | 000,924,600 | ---- | M] (Mozilla Corporation) -- C:\Program Files\Mozilla Firefox\firefox.exe
PRC - [2012/01/18 05:44:52 | 000,450,848 | ---- | M] (Logitech Inc.) -- C:\Program Files\Common Files\logishrd\LVMVFM\UMVPFSrv.exe
PRC - [2011/02/26 00:33:07 | 002,614,784 | ---- | M] (Microsoft Corporation) -- C:\Windows\explorer.exe
PRC - [2011/02/18 10:47:12 | 000,079,192 | ---- | M] (Research In Motion Limited) -- C:\Program Files\Common Files\Research In Motion\USB Drivers\RIMBBLaunchAgent.exe
PRC - [2011/02/02 11:23:08 | 001,033,600 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Microsoft Forefront\Client Security\Client\Antimalware\MSASCui.exe
PRC - [2011/01/14 12:35:56 | 000,196,912 | ---- | M] (Nitro PDF Software) -- C:\Program Files\Nitro PDF\Reader\NitroPDFReaderDriverService.exe
PRC - [2011/01/08 17:06:56 | 000,016,896 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Microsoft Forefront\Client Security\Client\Antimalware\MsMpEng.exe
PRC - [2010/10/27 19:17:52 | 000,207,424 | ---- | M] (ArcSoft Inc.) -- C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACDaemon.exe
PRC - [2010/08/25 10:27:44 | 000,309,824 | ---- | M] (ArcSoft Inc.) -- C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ArcCon.ac
PRC - [2010/07/22 07:43:43 | 000,202,256 | ---- | M] (RealNetworks, Inc.) -- C:\Program Files\Common Files\Real\Update_OB\realsched.exe
PRC - [2010/03/18 10:19:26 | 000,113,152 | ---- | M] (ArcSoft Inc.) -- C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACService.exe
PRC - [2010/02/25 15:18:20 | 000,076,856 | ---- | M] ( Hewlett-Packard Development Company, L.P.) -- C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\VolCtrl.exe
PRC - [2009/10/22 19:00:12 | 000,322,624 | ---- | M] (DigitalPersona, Inc.) -- C:\Program Files\DigitalPersona\Bin\DpHostW.exe
PRC - [2009/10/22 19:00:10 | 000,842,816 | ---- | M] (DigitalPersona, Inc.) -- C:\Program Files\DigitalPersona\Bin\DpAgent.exe
PRC - [2009/09/18 03:00:00 | 000,764,768 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\CCM\CcmExec.exe
PRC - [2009/09/11 12:51:48 | 001,811,704 | ---- | M] (AuthenTec, Inc.) -- C:\Program Files\Fingerprint Sensor\AtService.exe
PRC - [2009/08/18 01:36:36 | 000,348,160 | ---- | M] (AMD) -- C:\Windows\System32\atieclxx.exe
PRC - [2009/08/18 01:36:08 | 000,176,128 | ---- | M] (AMD) -- C:\Windows\System32\atiesrxx.exe
PRC - [2009/07/13 20:14:42 | 000,049,152 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\taskhost.exe
PRC - [2009/04/07 09:13:10 | 000,673,616 | ---- | M] (SEIKO EPSON CORPORATION) -- C:\Program Files\Epson Software\Event Manager\EEventManager.exe
PRC - [2009/03/27 17:10:56 | 000,014,336 | ---- | M] (LSI Corporation) -- C:\Program Files\LSI SoftModem\agrsmsvc.exe
PRC - [2008/11/07 14:20:40 | 000,025,824 | ---- | M] (Memeo) -- C:\Program Files\WD\WD Anywhere Backup\MemeoBackgroundService.exe
PRC - [2008/11/07 14:20:06 | 001,344,736 | ---- | M] (Memeo Inc.) -- C:\Program Files\WD\WD Anywhere Backup\MemeoBackup.exe
PRC - [2008/09/25 05:23:16 | 000,599,344 | ---- | M] (Validity Sensors, Inc.) -- C:\Windows\System32\vfsFPService.exe
PRC - [2008/07/24 14:22:50 | 000,102,400 | ---- | M] (WDC) -- C:\Program Files\Western Digital\WD Drive Manager\WDBtnMgrSvc.exe
PRC - [2008/07/24 14:22:12 | 000,450,560 | ---- | M] (WDC) -- C:\Program Files\Western Digital\WD Drive Manager\WDBtnMgrUI.exe
PRC - [2008/07/15 12:09:52 | 000,090,112 | ---- | M] (Andrea Electronics Corporation) -- C:\Windows\System32\AEADISRV.EXE
PRC - [2008/05/16 22:12:54 | 000,290,816 | ---- | M] (Pharos Systems International) -- C:\Program Files\PharosSystems\Core\CTskMstr.exe
PRC - [2007/04/06 03:12:48 | 000,073,120 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Microsoft Forefront\Client Security\Client\SSA\FcsSas.exe
PRC - [2005/07/21 10:14:58 | 000,134,656 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Microsoft Forefront\Client Security\Client\Microsoft Operations Manager 2005\MOMService.exe


========== Modules (No Company Name) ==========

MOD - [2013/02/20 22:55:30 | 000,792,576 | ---- | M] () -- C:\Users\QUARTE_MATT\AppData\Local\temp\_MEI47922\wx._gdi_.pyd
MOD - [2013/02/20 22:55:30 | 000,571,392 | ---- | M] () -- C:\Users\QUARTE_MATT\AppData\Local\temp\_MEI47922\pysqlite2._sqlite.pyd
MOD - [2013/02/20 22:55:30 | 000,263,168 | ---- | M] () -- C:\Users\QUARTE_MATT\AppData\Local\temp\_MEI47922\win32com.shell.shell.pyd
MOD - [2013/02/20 22:55:30 | 000,153,088 | ---- | M] () -- C:\Users\QUARTE_MATT\AppData\Local\temp\_MEI47922\pyexpat.pyd
MOD - [2013/02/20 22:55:30 | 000,096,256 | ---- | M] () -- C:\Users\QUARTE_MATT\AppData\Local\temp\_MEI47922\win32api.pyd
MOD - [2013/02/20 22:55:30 | 000,086,016 | ---- | M] () -- C:\Users\QUARTE_MATT\AppData\Local\temp\_MEI47922\_elementtree.pyd
MOD - [2013/02/20 22:55:30 | 000,070,656 | ---- | M] () -- C:\Users\QUARTE_MATT\AppData\Local\temp\_MEI47922\wx._html2.pyd
MOD - [2013/02/20 22:55:30 | 000,040,448 | ---- | M] () -- C:\Users\QUARTE_MATT\AppData\Local\temp\_MEI47922\_socket.pyd
MOD - [2013/02/20 22:55:30 | 000,023,040 | ---- | M] () -- C:\Users\QUARTE_MATT\AppData\Local\temp\_MEI47922\win32ts.pyd
MOD - [2013/02/20 22:55:30 | 000,011,776 | ---- | M] () -- C:\Users\QUARTE_MATT\AppData\Local\temp\_MEI47922\win32crypt.pyd
MOD - [2013/02/20 22:55:29 | 001,024,616 | ---- | M] () -- C:\Users\QUARTE_MATT\AppData\Local\temp\_MEI47922\windows._cacheinvalidation.pyd
MOD - [2013/02/20 22:55:29 | 000,731,136 | ---- | M] () -- C:\Users\QUARTE_MATT\AppData\Local\temp\_MEI47922\wx._misc_.pyd
MOD - [2013/02/20 22:55:29 | 000,645,120 | ---- | M] () -- C:\Users\QUARTE_MATT\AppData\Local\temp\_MEI47922\_ssl.pyd
MOD - [2013/02/20 22:55:29 | 000,354,304 | ---- | M] () -- C:\Users\QUARTE_MATT\AppData\Local\temp\_MEI47922\pythoncom26.dll
MOD - [2013/02/20 22:55:29 | 000,110,592 | ---- | M] () -- C:\Users\QUARTE_MATT\AppData\Local\temp\_MEI47922\win32security.pyd
MOD - [2013/02/20 22:55:29 | 000,110,592 | ---- | M] () -- C:\Users\QUARTE_MATT\AppData\Local\temp\_MEI47922\PyWinTypes26.dll
MOD - [2013/02/20 22:55:29 | 000,073,728 | ---- | M] () -- C:\Users\QUARTE_MATT\AppData\Local\temp\_MEI47922\_ctypes.pyd
MOD - [2013/02/20 22:55:29 | 000,017,920 | ---- | M] () -- C:\Users\QUARTE_MATT\AppData\Local\temp\_MEI47922\win32profile.pyd
MOD - [2013/02/20 22:55:28 | 001,169,408 | ---- | M] () -- C:\Users\QUARTE_MATT\AppData\Local\temp\_MEI47922\wx._core_.pyd
MOD - [2013/02/20 22:55:28 | 000,807,424 | ---- | M] () -- C:\Users\QUARTE_MATT\AppData\Local\temp\_MEI47922\wx._windows_.pyd
MOD - [2013/02/20 22:55:28 | 000,311,808 | ---- | M] () -- C:\Users\QUARTE_MATT\AppData\Local\temp\_MEI47922\_hashlib.pyd
MOD - [2013/02/20 22:55:28 | 000,121,856 | ---- | M] () -- C:\Users\QUARTE_MATT\AppData\Local\temp\_MEI47922\wx._wizard.pyd
MOD - [2013/02/20 22:55:28 | 000,111,104 | ---- | M] () -- C:\Users\QUARTE_MATT\AppData\Local\temp\_MEI47922\win32file.pyd
MOD - [2013/02/20 22:55:28 | 000,039,424 | ---- | M] () -- C:\Users\QUARTE_MATT\AppData\Local\temp\_MEI47922\win32inet.pyd
MOD - [2013/02/20 22:55:28 | 000,036,352 | ---- | M] () -- C:\Users\QUARTE_MATT\AppData\Local\temp\_MEI47922\win32process.pyd
MOD - [2013/02/20 22:55:28 | 000,022,528 | ---- | M] () -- C:\Users\QUARTE_MATT\AppData\Local\temp\_MEI47922\win32pdh.pyd
MOD - [2013/02/20 22:55:27 | 001,056,256 | ---- | M] () -- C:\Users\QUARTE_MATT\AppData\Local\temp\_MEI47922\wx._controls_.pyd
MOD - [2013/02/20 22:55:27 | 000,585,728 | ---- | M] () -- C:\Users\QUARTE_MATT\AppData\Local\temp\_MEI47922\unicodedata.pyd
MOD - [2013/02/20 22:55:27 | 000,017,920 | ---- | M] () -- C:\Users\QUARTE_MATT\AppData\Local\temp\_MEI47922\win32event.pyd
MOD - [2013/02/20 22:55:27 | 000,011,776 | ---- | M] () -- C:\Users\QUARTE_MATT\AppData\Local\temp\_MEI47922\select.pyd
MOD - [2013/02/08 01:41:11 | 014,586,736 | ---- | M] () -- C:\Windows\System32\Macromed\Flash\NPSWF32_11_5_502_149.dll
MOD - [2012/04/19 19:22:45 | 001,670,144 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\Microsoft.VisualBas#\cbfdbf9ed05f520f449102c086841ac4\Microsoft.VisualBasic.ni.dll
MOD - [2012/04/19 19:17:04 | 000,212,992 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.ServiceProce#\8e47bcd69923f39c010b285d0681b795\System.ServiceProcess.ni.dll
MOD - [2012/04/19 19:16:58 | 011,824,128 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Web\cdc38572fd6c34cb3033fb419eff3639\System.Web.ni.dll
MOD - [2012/04/19 19:16:33 | 012,431,360 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\5c37600b4ae4ffeaeff645bb16a58137\System.Windows.Forms.ni.dll
MOD - [2012/04/19 19:16:27 | 001,590,784 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Drawing\b7bec10dca3f27113cc91c24b79c8f75\System.Drawing.ni.dll
MOD - [2012/03/12 23:39:07 | 001,969,080 | ---- | M] () -- C:\Program Files\Mozilla Firefox\mozjs.dll
MOD - [2012/02/24 10:45:22 | 000,997,888 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Management\0794d7af09099432ebfb51af1d7f15ae\System.Management.ni.dll
MOD - [2012/02/24 10:39:44 | 000,771,584 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Runtime.Remo#\0a894f77b9aa64acbd3ce791916357d8\System.Runtime.Remoting.ni.dll
MOD - [2012/02/24 10:39:42 | 006,618,624 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Data\c06a0517281bb4a9c7fcaeb58d38cd63\System.Data.ni.dll
MOD - [2012/02/24 10:38:52 | 005,452,800 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Xml\d49f4cb0755ccc34cd35ff96dc2ef9e3\System.Xml.ni.dll
MOD - [2012/02/24 10:38:47 | 000,971,264 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Configuration\15742b3597258ce67cbe219005c197e5\System.Configuration.ni.dll
MOD - [2012/02/24 10:38:37 | 007,952,384 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System\1f14b3e1ee0847f8662f513e67f92547\System.ni.dll
MOD - [2012/02/17 19:55:35 | 000,166,912 | ---- | M] () -- C:\Program Files\WinRAR\RarExt.dll
MOD - [2011/10/15 09:24:57 | 011,490,304 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\1b31ced9bb880d94fff1c6d47c16a81e\mscorlib.ni.dll
MOD - [2011/06/24 21:56:36 | 000,087,328 | ---- | M] () -- C:\Program Files\Common Files\Apple\Apple Application Support\zlib1.dll
MOD - [2011/06/24 21:56:14 | 001,241,888 | ---- | M] () -- C:\Program Files\Common Files\Apple\Apple Application Support\libxml2.dll
MOD - [2009/06/10 16:23:17 | 002,933,248 | ---- | M] () -- C:\Windows\assembly\GAC_32\System.Data\2.0.0.0__b77a5c561934e089\System.Data.dll
MOD - [2009/03/12 15:45:32 | 000,135,168 | ---- | M] () -- C:\Program Files\Epson Software\Event Manager\Assistants\Scan Assistant\ScanEngine.dll
MOD - [2008/11/21 13:58:42 | 000,057,344 | ---- | M] () -- C:\Program Files\Epson Software\Event Manager\Assistants\Scan Assistant\Satwain.dll
MOD - [2008/11/07 14:21:36 | 000,447,056 | ---- | M] () -- C:\Program Files\WD\WD Anywhere Backup\sqlite3.dll


========== Services (SafeList) ==========

SRV - [2013/02/08 01:41:13 | 000,251,248 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Windows\System32\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc)
SRV - [2012/12/18 09:28:08 | 000,065,192 | ---- | M] (Adobe Systems Incorporated) [Auto | Running] -- C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe -- (AdobeARMservice)
SRV - [2012/07/13 12:28:36 | 000,160,944 | R--- | M] (Skype Technologies) [Auto | Stopped] -- C:\Program Files\Skype\Updater\Updater.exe -- (SkypeUpdate)
SRV - [2012/07/11 13:54:49 | 000,116,608 | ---- | M] (SUPERAntiSpyware.com) [Auto | Running] -- C:\Program Files\SUPERAntiSpyware\SASCore.exe -- (!SASCORE)
SRV - [2012/04/04 14:56:40 | 000,654,408 | ---- | M] (Malwarebytes Corporation) [Auto | Running] -- C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe -- (MBAMService)
SRV - [2012/01/18 05:44:52 | 000,450,848 | ---- | M] (Logitech Inc.) [Auto | Running] -- C:\Program Files\Common Files\logishrd\LVMVFM\UMVPFSrv.exe -- (UMVPFSrv)
SRV - [2011/01/14 12:35:56 | 000,196,912 | ---- | M] (Nitro PDF Software) [Auto | Running] -- C:\Program Files\Nitro PDF\Reader\NitroPDFReaderDriverService.exe -- (NitroReaderDriverReadSpool)
SRV - [2011/01/08 17:06:56 | 000,016,896 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Microsoft Forefront\Client Security\Client\Antimalware\MsMpEng.exe -- (FCSAM)
SRV - [2010/09/13 11:48:12 | 000,025,704 | R--- | M] (Amazon.com) [On_Demand | Stopped] -- C:\Program Files\Amazon\Amazon Unbox Video\ADVWindowsClientService.exe -- (ADVService)
SRV - [2010/07/22 08:10:23 | 001,343,400 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\Wat\WatAdminSvc.exe -- (WatAdminSvc)
SRV - [2010/03/18 10:19:26 | 000,113,152 | ---- | M] (ArcSoft Inc.) [Auto | Running] -- C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACService.exe -- (ACDaemon)
SRV - [2009/10/22 19:00:12 | 000,322,624 | ---- | M] (DigitalPersona, Inc.) [Auto | Running] -- C:\Program Files\DigitalPersona\Bin\DpHostW.exe -- (DpHost)
SRV - [2009/09/18 03:00:00 | 000,764,768 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\System32\CCM\CcmExec.exe -- (CcmExec)
SRV - [2009/09/18 03:00:00 | 000,246,624 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\CCM\TSManager.exe -- (smstsmgr)
SRV - [2009/09/11 12:51:48 | 001,811,704 | ---- | M] (AuthenTec, Inc.) [Auto | Running] -- C:\Program Files\Fingerprint Sensor\AtService.exe -- (ATService)
SRV - [2009/08/18 01:36:08 | 000,176,128 | ---- | M] (AMD) [Auto | Running] -- C:\Windows\System32\atiesrxx.exe -- (AMD External Events Utility)
SRV - [2009/07/13 20:16:15 | 000,016,384 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\StorSvc.dll -- (StorSvc)
SRV - [2009/07/13 20:16:13 | 000,025,088 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\sensrsvc.dll -- (SensrSvc)
SRV - [2009/07/13 20:16:12 | 001,004,544 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\PeerDistSvc.dll -- (PeerDistSvc)
SRV - [2009/07/13 20:15:41 | 000,680,960 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
SRV - [2009/03/27 17:10:56 | 000,014,336 | ---- | M] (LSI Corporation) [Auto | Running] -- C:\Program Files\LSI SoftModem\agrsmsvc.exe -- (AgereModemAudio)
SRV - [2008/11/07 14:20:40 | 000,025,824 | ---- | M] (Memeo) [Auto | Running] -- C:\Program Files\WD\WD Anywhere Backup\MemeoBackgroundService.exe -- (MemeoBackgroundService)
SRV - [2008/09/25 05:23:16 | 000,599,344 | ---- | M] (Validity Sensors, Inc.) [Auto | Running] -- C:\Windows\System32\vfsFPService.exe -- (vfsFPService)
SRV - [2008/07/24 14:22:50 | 000,102,400 | ---- | M] (WDC) [Auto | Running] -- C:\Program Files\Western Digital\WD Drive Manager\WDBtnMgrSvc.exe -- (WDBtnMgrSvc.exe)
SRV - [2008/07/15 12:09:52 | 000,090,112 | ---- | M] (Andrea Electronics Corporation) [Auto | Running] -- C:\Windows\System32\AEADISRV.EXE -- (AEADIFilters)
SRV - [2008/05/16 22:12:54 | 000,290,816 | ---- | M] (Pharos Systems International) [Auto | Running] -- C:\Program Files\PharosSystems\Core\CTskMstr.exe -- (Pharos Systems ComTaskMaster)
SRV - [2008/04/08 12:12:50 | 001,112,560 | ---- | M] (Sonic Solutions) [On_Demand | Stopped] -- C:\Program Files\Common Files\Roxio Shared\10.0\SharedCOM\RoxMediaDB10.exe -- (RoxMediaDB10)
SRV - [2007/04/06 03:12:48 | 000,073,120 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Microsoft Forefront\Client Security\Client\SSA\FcsSas.exe -- (FcsSas)
SRV - [2005/07/21 10:14:58 | 000,134,656 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Microsoft Forefront\Client Security\Client\Microsoft Operations Manager 2005\MOMService.exe -- (MOM)


========== Driver Services (SafeList) ==========

DRV - File not found [Kernel | Disabled | Unknown] -- C:\Windows\TEMP\mc290F8.tmp -- (mchInjDrv)
DRV - File not found [Kernel | On_Demand | Stopped] -- C:\Users\Matthew\AppData\Local\Temp\catchme.sys -- (catchme)
DRV - [2013/02/20 22:26:00 | 000,026,872 | ---- | M] (Symantec Corporation) [Kernel | Boot | Running] -- C:\Windows\System32\drivers\FixTDSS.sys -- (FixTDSS)
DRV - [2012/04/04 14:56:40 | 000,022,344 | ---- | M] (Malwarebytes Corporation) [File_System | On_Demand | Running] -- C:\Windows\System32\drivers\mbam.sys -- (MBAMProtector)
DRV - [2012/01/18 05:44:52 | 004,332,960 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\lvuvc.sys -- (LVUVC)
DRV - [2012/01/18 05:44:28 | 000,312,096 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\lvrs.sys -- (LVRS)
DRV - [2011/07/22 11:27:02 | 000,012,880 | ---- | M] (SUPERAdBlocker.com and SUPERAntiSpyware.com) [Kernel | System | Running] -- C:\Program Files\SUPERAntiSpyware\sasdifsv.sys -- (SASDIFSV)
DRV - [2011/07/12 16:55:22 | 000,067,664 | ---- | M] (SUPERAdBlocker.com and SUPERAntiSpyware.com) [Kernel | System | Running] -- C:\Program Files\SUPERAntiSpyware\SASKUTIL.SYS -- (SASKUTIL)
DRV - [2010/07/16 14:03:36 | 000,025,656 | ---- | M] (Hewlett-Packard Company) [Kernel | Boot | Running] -- C:\Windows\System32\drivers\hpdskflt.sys -- (hpdskflt)
DRV - [2010/07/16 14:03:18 | 000,035,896 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\Accelerometer.sys -- (Accelerometer)
DRV - [2010/01/13 15:36:40 | 006,755,840 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\NETw5s32.sys -- (NETw5s32)
DRV - [2009/09/18 03:00:00 | 000,020,848 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\CCM\PrepDrv.sys -- (prepdrvr)
DRV - [2009/09/14 09:31:54 | 000,659,328 | ---- | M] (AuthenTec, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\ATSwpWDF.sys -- (ATSwpWDF)
DRV - [2009/08/18 02:48:06 | 004,994,560 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\atikmdag.sys -- (atikmdag)
DRV - [2009/07/20 14:05:16 | 000,049,152 | ---- | M] (RICOH Company, Ltd.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\rismc32.sys -- (rismc32)
DRV - [2009/07/13 20:19:10 | 000,175,824 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\vmbus.sys -- (vmbus)
DRV - [2009/07/13 20:19:10 | 000,040,896 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\System32\drivers\vmstorfl.sys -- (storflt)
DRV - [2009/07/13 20:19:10 | 000,028,224 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\storvsc.sys -- (storvsc)
DRV - [2009/07/13 18:52:10 | 000,014,336 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\vwifimp.sys -- (vwifimp)
DRV - [2009/07/13 18:51:11 | 000,034,944 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\winusb.sys -- (WinUsb)
DRV - [2009/07/13 18:28:47 | 000,005,632 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\vms3cap.sys -- (s3cap)
DRV - [2009/07/13 18:28:45 | 000,017,920 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\VMBusHID.sys -- (VMBusHID)
DRV - [2009/07/13 18:12:52 | 000,030,720 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\tpm.sys -- (TPM)
DRV - [2009/06/25 15:58:10 | 000,048,128 | ---- | M] (REDC) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\rimmptsk.sys -- (rimmptsk)
DRV - [2009/06/12 17:20:02 | 000,221,912 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\e1y6232.sys -- (e1yexpress)
DRV - [2009/04/29 07:46:54 | 000,015,872 | ---- | M] (Hewlett-Packard Development Company, L.P.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\HpqKbFiltr.sys -- (HpqKbFiltr)
DRV - [2009/04/20 08:38:54 | 000,009,344 | ---- | M] (Hewlett-Packard Development Company, L.P.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\CPQBttn.sys -- (HBtnKey)
DRV - [2009/04/06 16:12:44 | 001,161,664 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\AGRSM.sys -- (AgereSoftModem)
DRV - [2008/10/11 14:56:00 | 000,045,056 | ---- | M] (REDC) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\rimsptsk.sys -- (rimsptsk)
DRV - [2008/10/09 02:32:46 | 001,810,856 | ---- | M] () [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\snp2uvc.sys -- (SNP2UVC)
DRV - [2008/07/29 14:41:36 | 000,038,400 | ---- | M] (REDC) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\rixdptsk.sys -- (rismxdp)
DRV - [2008/07/10 13:47:22 | 000,011,520 | ---- | M] (Western Digital Technologies) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\wdcsam.sys -- (WDC_SAM)
DRV - [2006/11/10 14:05:00 | 000,018,688 | ---- | M] (Arcsoft, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\afc.sys -- (Afc)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/...ms}&FORM=IE8SRC

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.bentley.edu/
IE - HKCU\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKCU\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/...Box&FORM=IE8SRC
IE - HKCU\..\SearchScopes\{0E3985CD-A97A-4245-856E-76DB3FED2010}: "URL" = http://www.google.co...utputEncoding?}
IE - HKCU\..\SearchScopes\{8AD33851-14CC-4CB8-985B-19EFE3615F65}: "URL" = http://search.avg.co...e}&iy=&ychte=us
IE - HKCU\..\SearchScopes\{A75C516E-2111-4976-B0EA-A7455551A29E}: "URL" = http://libcat.bentle...chTerms}&SORT=D
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local

========== FireFox ==========

FF - prefs.js..browser.startup.homepage: "http://yahoo.com/"
FF - user.js - File not found

FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF32_11_5_502_149.dll ()
FF - HKLM\Software\MozillaPlugins\@adobe.com/ShockwavePlayer: C:\Windows\system32\Adobe\Director\np32dsw.dll (Adobe Systems, Inc.)
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll ()
FF - HKLM\Software\MozillaPlugins\@Google.com/GoogleEarthPlugin: C:\Program Files\Google\Google Earth\plugin\npgeplugin.dll (Google)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files\Java\jre7\bin\new_plugin\npjp2.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\4.1.10111.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0: C:\PROGRA~1\MICROS~1\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/SharePoint,version=14.0: C:\PROGRA~1\MICROS~1\Office14\NPSPWRAP.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=14.0.8117.0416: C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@real.com/nppl3260;version=6.0.12.775: C:\Program Files\Real\RealPlayer\Netscape6\nppl3260.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprjplug;version=1.0.3.775: C:\Program Files\Real\RealPlayer\Netscape6\nprjplug.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprphtml5videoshim;version=1.0.0.0: C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprphtml5videoshim.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprpjplug;version=6.0.12.775: C:\Program Files\Real\RealPlayer\Netscape6\nprpjplug.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nsJSRealPlayerPlugin;version=: File not found
FF - HKLM\Software\MozillaPlugins\@RIM.com/WebSLLauncher,version=1.0: C:\Program Files\Common Files\Research In Motion\BBWebSLLauncher\NPWebSLLauncher.dll ()
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files\Google\Update\1.3.21.135\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files\Google\Update\1.3.21.135\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF - HKCU\Software\MozillaPlugins\amazon.com/AmazonMP3DownloaderPlugin: C:\Program Files\Amazon\MP3 Downloader\npAmazonMP3DownloaderPlugin101752.dll (Amazon.com, Inc.)

FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\[email protected]: C:\Program Files\DigitalPersona\Bin\FirefoxExt\ [2010/07/22 07:48:58 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Flock 2.6.1\extensions\\Components: C:\Program Files\Flock\components
FF - HKEY_LOCAL_MACHINE\software\mozilla\Flock 2.6.1\extensions\\Plugins: C:\Program Files\Flock\plugins [2013/02/17 20:18:23 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 11.0\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2012/11/29 19:49:03 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 11.0\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2013/02/17 20:18:23 | 000,000,000 | ---D | M]
FF - HKEY_CURRENT_USER\software\mozilla\Firefox\Extensions\\[email protected]: C:\Program Files\DigitalPersona\Bin\firefoxext [2010/07/22 07:48:58 | 000,000,000 | ---D | M]

[2011/05/08 17:41:33 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Matthew\AppData\Roaming\Mozilla\Extensions
[2011/05/08 17:41:33 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Matthew\AppData\Roaming\Mozilla\Extensions\{a463f10c-3994-11da-9945-000d60ca027b}
[2013/02/20 22:11:24 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Matthew\AppData\Roaming\Mozilla\Firefox\Profiles\jq9n22n0.default\extensions
[2009/07/13 18:11:12 | 000,004,816 | ---- | M] () (No name found) -- C:\Users\Matthew\AppData\Roaming\Mozilla\Firefox\Profiles\jq9n22n0.default\extensions\[email protected]
[2012/04/19 14:48:46 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions
[2012/04/19 14:48:47 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0031-ABCDEFFEDCBA}
[2012/03/12 23:39:39 | 000,097,208 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\browsercomps.dll
[2012/03/19 15:04:43 | 000,163,840 | ---- | M] (Centra Software, Inc.) -- C:\Program Files\mozilla firefox\plugins\NPCentraUpdater.dll
[2011/12/06 18:28:13 | 000,611,224 | ---- | M] (Oracle Corporation) -- C:\Program Files\mozilla firefox\plugins\npdeployJava1.dll
[2008/07/14 11:12:20 | 000,001,004 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\bentley-library-catalog.xml
[2012/03/12 23:38:32 | 000,002,252 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\bing.xml
[2012/03/12 23:38:32 | 000,002,040 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\twitter.xml

========== Chrome ==========

CHR - homepage: http://www.google.com
CHR - homepage: http://www.google.com

O1 HOSTS File: ([2013/02/20 22:51:52 | 000,000,098 | ---- | M]) - C:\Windows\System32\drivers\etc\Hosts
O1 - Hosts: 127.0.0.1 localhost
O1 - Hosts: ::1 localhost
O2 - BHO: (DigitalPersona Personal Extension) - {395610AE-C624-4f58-B89E-23733EA00F9A} - C:\Program Files\DigitalPersona\Bin\DpOtsPluginIe8.dll (DigitalPersona, Inc.)
O2 - BHO: (Java™ Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre7\bin\ssv.dll (Oracle Corporation)
O2 - BHO: (Office Document Cache Handler) - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation)
O2 - BHO: (Java™ Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
O4 - HKLM..\Run: [APSDaemon] C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe (Apple Inc.)
O4 - HKLM..\Run: [ArcSoft Connection Service] C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACDaemon.exe (ArcSoft Inc.)
O4 - HKLM..\Run: [DpAgent] C:\Program Files\DigitalPersona\Bin\DpAgent.exe (DigitalPersona, Inc.)
O4 - HKLM..\Run: [EEventManager] C:\Program Files\Epson Software\Event Manager\EEventManager.exe (SEIKO EPSON CORPORATION)
O4 - HKLM..\Run: [Malwarebytes' Anti-Malware] C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe (Malwarebytes Corporation)
O4 - HKLM..\Run: [Microsoft Forefront Client Security Antimalware Service] C:\Program Files\Microsoft Forefront\Client Security\Client\Antimalware\MSASCui.exe (Microsoft Corporation)
O4 - HKLM..\Run: [RIMBBLaunchAgent.exe] C:\Program Files\Common Files\Research In Motion\USB Drivers\RIMBBLaunchAgent.exe (Research In Motion Limited)
O4 - HKLM..\Run: [TkBellExe] C:\Program Files\Common Files\Real\Update_OB\realsched.exe (RealNetworks, Inc.)
O4 - HKLM..\Run: [WD Anywhere Backup] C:\Program Files\WD\WD Anywhere Backup\MemeoLauncher2.exe (Memeo Inc.)
O4 - HKLM..\Run: [WD Drive Manager] C:\Program Files\Western Digital\WD Drive Manager\WDBtnMgrUI.exe (WDC)
O4 - HKLM..\RunOnce: [FixTDSS] C:\Windows\System32\cmd.exe (Microsoft Corporation)
O4 - HKCU..\RunOnce: [FlashPlayerUpdate] C:\Windows\System32\Macromed\Flash\FlashUtil32_11_5_502_149_Plugin.exe (Adobe Systems Incorporated)
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Main present
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\New Windows present
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\SQM present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: disablecad = 1
O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O10 - NameSpace_Catalog5\Catalog_Entries\000000000008 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O15 - HKLM\..Trusted Ranges: Range1 ([*] in Trusted sites)
O15 - HKCU\..Trusted Domains: bentley.edu ([]* in Local intranet)
O15 - HKCU\..Trusted Ranges: Range1 ([*] in Trusted sites)
O16 - DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} http://download.eset...lineScanner.cab (Reg Error: Key error.)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.7.0_01)
O16 - DPF: {CAFEEFAC-0016-0000-0031-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_31)
O16 - DPF: {CAFEEFAC-0017-0000-0001-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.7.0_01)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.7.0_01)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 167.206.254.1 167.206.254.2
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: Domain = blue.ad.bentley.edu
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{9682893D-8F95-44B0-A953-DB94F2730FF6}: DhcpNameServer = 192.168.1.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{CD5B4F30-7694-4B1E-A0FD-8941832A33EC}: DhcpNameServer = 167.206.254.1 167.206.254.2
O18 - Protocol\Handler\saphtmlp {D1F8BD1E-7967-11D2-B43A-006094B9EADB} - c:\Program Files\SAP\FrontEnd\SAPgui\SAPHTMLP.DLL (SAP, Walldorf)
O18 - Protocol\Handler\sapr3 {D1F8BD1E-7967-11D2-B43A-006094B9EADB} - c:\Program Files\SAP\FrontEnd\SAPgui\SAPHTMLP.DLL (SAP, Walldorf)
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\System32\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\System32\SystemPropertiesPerformance.exe (Microsoft Corporation)
O20 - Winlogon\Notify\ScCertProp: DllName - (wlnotify.dll) - File not found
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2009/06/10 16:42:20 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = ComFile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)

========== Files/Folders - Created Within 30 Days ==========

[2013/02/20 22:58:20 | 000,000,000 | ---D | C] -- C:\Users\Matthew\Desktop\GooredFix Backups
[2013/02/20 22:51:50 | 000,000,000 | ---D | C] -- C:\_OTM
[2013/02/20 22:26:00 | 000,026,872 | ---- | C] (Symantec Corporation) -- C:\Windows\System32\drivers\FixTDSS.sys
[2013/02/20 22:26:00 | 000,000,000 | ---D | C] -- C:\Users\Matthew\AppData\Roaming\FixTDSS
[2013/02/20 22:12:02 | 002,237,968 | ---- | C] (Kaspersky Lab ZAO) -- C:\Users\Matthew\Desktop\tdsskiller.exe
[2013/02/20 22:10:28 | 000,000,000 | ---D | C] -- C:\Users\Matthew\AppData\Local\Macromedia
[2013/02/17 20:53:30 | 000,000,000 | ---D | C] -- C:\Users\Matthew\AppData\Local\NPE
[2013/02/17 20:53:30 | 000,000,000 | ---D | C] -- C:\ProgramData\Norton
[2013/02/17 20:25:37 | 000,000,000 | ---D | C] -- C:\Windows\pss
[2013/02/17 20:13:13 | 000,000,000 | -HSD | C] -- C:\$RECYCLE.BIN
[2013/02/17 20:13:06 | 000,000,000 | ---D | C] -- C:\Users\Matthew\AppData\Local\temp
[2013/02/17 11:36:31 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome
[2013/02/17 11:35:39 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\SUPERAntiSpyware
[2013/02/17 11:35:35 | 000,000,000 | ---D | C] -- C:\Program Files\SUPERAntiSpyware

========== Files - Modified Within 30 Days ==========

[2013/02/20 23:03:20 | 000,642,484 | ---- | M] () -- C:\Windows\System32\perfh009.dat
[2013/02/20 23:03:20 | 000,109,868 | ---- | M] () -- C:\Windows\System32\perfc009.dat
[2013/02/20 23:03:18 | 000,020,512 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2013/02/20 23:03:18 | 000,020,512 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2013/02/20 22:58:09 | 000,000,474 | ---- | M] () -- C:\Windows\SMSCFG.ini
[2013/02/20 22:55:20 | 000,000,884 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2013/02/20 22:54:33 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2013/02/20 22:54:27 | 2387,816,448 | -HS- | M] () -- C:\hiberfil.sys
[2013/02/20 22:51:52 | 000,000,098 | ---- | M] () -- C:\Windows\System32\drivers\etc\Hosts
[2013/02/20 22:41:00 | 000,000,830 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job
[2013/02/20 22:33:00 | 000,000,888 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2013/02/20 22:26:00 | 000,026,872 | ---- | M] (Symantec Corporation) -- C:\Windows\System32\drivers\FixTDSS.sys
[2013/02/20 22:12:12 | 002,237,968 | ---- | M] (Kaspersky Lab ZAO) -- C:\Users\Matthew\Desktop\tdsskiller.exe
[2013/02/17 21:18:09 | 000,000,272 | ---- | M] () -- C:\ProgramData\SMRResults311.dat
[2013/02/17 20:13:12 | 000,002,231 | ---- | M] () -- C:\Users\Matthew\Application Data\Microsoft\Internet Explorer\Quick Launch\Google Chrome.lnk
[2013/02/17 20:10:54 | 000,000,027 | ---- | M] () -- C:\Windows\System32\drivers\etc\hosts.old
[2013/02/17 11:36:31 | 000,002,207 | ---- | M] () -- C:\Users\Public\Desktop\Google Chrome.lnk
[2013/02/17 11:35:39 | 000,001,967 | ---- | M] () -- C:\Users\Public\Desktop\SUPERAntiSpyware Free Edition.lnk

========== Files Created - No Company Name ==========

[2013/02/17 21:18:09 | 000,000,272 | ---- | C] () -- C:\ProgramData\SMRResults311.dat
[2013/02/17 11:36:31 | 000,002,231 | ---- | C] () -- C:\Users\Matthew\Application Data\Microsoft\Internet Explorer\Quick Launch\Google Chrome.lnk
[2013/02/17 11:36:31 | 000,002,207 | ---- | C] () -- C:\Users\Public\Desktop\Google Chrome.lnk
[2013/02/17 11:35:39 | 000,001,967 | ---- | C] () -- C:\Users\Public\Desktop\SUPERAntiSpyware Free Edition.lnk
[2012/05/13 21:41:53 | 000,000,000 | ---- | C] () -- C:\Windows\PowerReg.dat
[2012/01/18 05:44:00 | 010,920,984 | ---- | C] () -- C:\Windows\System32\LogiDPP.dll
[2012/01/18 05:44:00 | 000,336,408 | ---- | C] () -- C:\Windows\System32\DevManagerCore.dll
[2012/01/18 05:44:00 | 000,104,472 | ---- | C] () -- C:\Windows\System32\LogiDPPApp.exe
[2012/01/18 05:22:54 | 000,028,418 | ---- | C] () -- C:\Windows\System32\lvcoinst.ini
[2011/12/04 16:39:35 | 000,011,678 | -HS- | C] () -- C:\ProgramData\gnknnt2n7ojj3gnm8xoe8a087t8f
[2011/08/08 19:13:48 | 000,256,000 | ---- | C] () -- C:\Windows\PEV.exe
[2011/08/08 19:13:48 | 000,208,896 | ---- | C] () -- C:\Windows\MBR.exe
[2011/08/08 19:13:48 | 000,098,816 | ---- | C] () -- C:\Windows\sed.exe
[2011/08/08 19:13:48 | 000,080,412 | ---- | C] () -- C:\Windows\grep.exe
[2011/08/08 19:13:48 | 000,068,096 | ---- | C] () -- C:\Windows\zip.exe
[2011/05/08 17:41:34 | 000,000,000 | ---- | C] () -- C:\Windows\nsreg.dat
[2011/05/08 17:41:09 | 000,180,624 | ---- | C] () -- C:\Windows\System32\Primomonnt.dll
[2011/03/12 16:53:16 | 000,001,209 | ---- | C] () -- C:\Windows\eReg.dat
[2010/08/05 14:56:28 | 000,048,946 | RHS- | C] () -- C:\ProgramData\ntuser.pol

========== ZeroAccess Check ==========

[2009/07/13 23:42:31 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini

[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]

[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
"" = %SystemRoot%\system32\shell32.dll -- [2012/01/04 04:03:45 | 012,868,096 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
"" = %systemroot%\system32\wbem\fastprox.dll -- [2009/07/13 20:15:20 | 000,605,696 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]
"" = %systemroot%\system32\wbem\wbemess.dll -- [2009/07/13 20:16:17 | 000,342,528 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Both

========== LOP Check ==========

[2011/07/31 18:38:48 | 000,000,000 | ---D | M] -- C:\Users\Matthew\AppData\Roaming\AVG10
[2010/11/03 22:41:37 | 000,000,000 | ---D | M] -- C:\Users\Matthew\AppData\Roaming\avidemux
[2010/09/07 10:44:58 | 000,000,000 | ---D | M] -- C:\Users\Matthew\AppData\Roaming\DigitalPersona
[2011/01/21 15:21:43 | 000,000,000 | ---D | M] -- C:\Users\Matthew\AppData\Roaming\Epson
[2013/02/20 22:26:00 | 000,000,000 | ---D | M] -- C:\Users\Matthew\AppData\Roaming\FixTDSS
[2011/05/22 14:22:19 | 000,000,000 | ---D | M] -- C:\Users\Matthew\AppData\Roaming\Flock
[2011/03/14 11:49:41 | 000,000,000 | ---D | M] -- C:\Users\Matthew\AppData\Roaming\FrostWire
[2010/10/12 18:26:47 | 000,000,000 | ---D | M] -- C:\Users\Matthew\AppData\Roaming\Leadertech
[2013/02/16 11:52:41 | 000,000,000 | ---D | M] -- C:\Users\Matthew\AppData\Roaming\Nitro PDF
[2011/05/08 17:41:08 | 000,000,000 | ---D | M] -- C:\Users\Matthew\AppData\Roaming\OpenCandy
[2010/11/16 00:13:59 | 000,000,000 | ---D | M] -- C:\Users\Matthew\AppData\Roaming\Research In Motion
[2010/08/11 21:33:42 | 000,000,000 | ---D | M] -- C:\Users\Matthew\AppData\Roaming\WD
[2012/03/18 22:02:06 | 000,000,000 | ---D | M] -- C:\Users\Matthew\AppData\Roaming\Xilisoft

========== Purity Check ==========



========== Alternate Data Streams ==========

@Alternate Data Stream - 116 bytes -> C:\ProgramData\TEMP:502D809E

< End of report >
  • 0

Advertisements

#2
maliprog
Posted 21 February 2013 - 12:58 AM

maliprog

    Trusted Helper

  • Malware Removal
  • 6,172 posts
Hello Wilbur13 and welcome to my office here at G2G! :)

My nick is maliprog and I'll be your technical support on this issue. Before we start please read my notes carefully:

NOTES:
  • Malware removal is NOT instantaneous, most infections require several courses of action to completely eradicate.
  • Absence of symptoms does not always mean the computer is clean
  • Kindly follow my instructions in the order posted. Order is crucial in cleaning process.
  • Please DO NOT run any scans or fix on your own without my direction.
  • Please read all of my response through at least once before attempting to follow the procedures described.
  • If there's anything you don't understand or isn't totally clear, please come back to me for clarification.
  • Please do not attach any log files to your replies unless I specifically ask you. Instead please copy and paste it to include the log in your reply.
  • You must reply within 3 days or your topic will be closed

Step 1

NOTE: This fix is custom made for this system only and for current system state! Don't try to run it on another system!

Please close all running programs and Run OTL
  • Under the Custom Scans/Fixes box at the bottom, paste in the following

    :OTL
    DRV - File not found [Kernel | Disabled | Unknown] -- C:\Windows\TEMP\mc290F8.tmp -- (mchInjDrv)
    IE - HKCU\..\SearchScopes\{8AD33851-14CC-4CB8-985B-19EFE3615F65}: "URL" = http://search.avg.co...e}&iy=&ychte=us
    [2011/12/04 16:39:35 | 000,011,678 | -HS- | C] () -- C:\ProgramData\gnknnt2n7ojj3gnm8xoe8a087t8f

    :Files
    C:\ProgramData\gnknnt2n7ojj3gnm8xoe8a087t8f
    ipconfig /flushdns /c

    :Commands
    [purity]
    [emptytemp]
    [Reboot]

  • Then click the Run Fix button at the top
  • Let the program run unhindered, reboot the PC when it is done
  • Post the fix log it produces in your next reply or you can find it in C:\_OTL\MovedFiles

Step 2

Please delete your version of TDSSKiller and download new one.

Download the latest version of TDSSKiller from here and save it to your Desktop.

  • Doubleclick on TDSSKiller.exe to run the application, then click on Change parameters.
  • Check the boxes beside:

    • Loaded modules

  • A reboot will be needed to apply the changes. Do it.
  • TDSSKiller will launch automatically after the reboot. Also your computer may seem very slow and unusable. This is normal. Give it enough time to load your background programs.
  • Then click on Change parameters in TDSSKiller.
  • Make sure to check:

    • Services and drivers
    • Boot sectors
    • Loaded modules
    • Verify Driver Digital Signature
    • Detect TDLFS file system

  • then click OK.
  • Click the Start Scan button to start the scan.
  • If a suspicious object is detected, the default action will be Skip
  • If malicious objects are found, they will show in the Scan results and offer three (3) options.
  • Ensure Cure is selected for malicious objects

    Posted Image
  • Click Continue then Reboot now to finish the cleaning process.
  • Note: If Cure is not available, please choose Skip instead, do not choose Delete unless instructed.
A report will be created in your root directory, (usually C:\\ folder) in the form of \"TDSSKiller.[Version]_[Date]_[Time]_log.txt\". Please copy and paste its contents on your next reply.

Step 3

Download and Install Combofix

Download ComboFix from one of the following locations:

Link 1
Link 2

VERY IMPORTANT !!! Save ComboFix.exe to your Desktop *

IMPORTANT - Disable your AntiVirus and AntiSpyware applications, usually via a right click on the System Tray icon. They may otherwise interfere with our tools. If you have difficulty properly disabling your protective programs, refer to this link here

  • Double click on ComboFix.exe & follow the prompts.
  • Accept the disclaimer and allow to update if it asks

    Posted Image

    Posted Image
  • When finished, it shall produce a log for you.
  • Please include the C:\ComboFix.txt in your next reply.

Notes:
1. Do not mouse-click Combofix's window while it is running. That may cause it to stall.
2. Do not "re-run" Combofix. If you have a problem, reply back for further instructions.
3. If after the reboot you get errors about programmes being marked for deletion just reboot your system once, that will cure it.


Please make sure you include the combo fix log in your next reply

Step 4

Please don't forget to include these items in your reply:

  • OTL fix log
  • TDSSKiller log
  • Combofix log
It would be helpful if you could post each log in separate post using "Add Reply" button
  • 0

#3
Wilbur13
Posted 21 February 2013 - 09:53 PM

Wilbur13

    Member

  • Topic Starter
  • Member
  • PipPip
  • 16 posts
Hi Maliprog, thanks for your help. Here are the logs you requested:

OTL:

All processes killed
========== OTL ==========
Error: No service named mchInjDrv was found to stop!
Registry key HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\mchInjDrv deleted successfully.
File C:\Windows\TEMP\mc290F8.tmp not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{8AD33851-14CC-4CB8-985B-19EFE3615F65}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{8AD33851-14CC-4CB8-985B-19EFE3615F65}\ not found.
C:\ProgramData\gnknnt2n7ojj3gnm8xoe8a087t8f moved successfully.
========== FILES ==========
File\Folder C:\ProgramData\gnknnt2n7ojj3gnm8xoe8a087t8f not found.
< ipconfig /flushdns /c >
Windows IP Configuration
Successfully flushed the DNS Resolver Cache.
C:\Users\QUARTE_MATT\Desktop\cmd.bat deleted successfully.
C:\Users\QUARTE_MATT\Desktop\cmd.txt deleted successfully.
========== COMMANDS ==========

[EMPTYTEMP]

User: All Users

User: Default
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
->Flash cache emptied: 0 bytes

User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
->Flash cache emptied: 0 bytes

User: ithomas
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes

User: jenko_juli
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
->Flash cache emptied: 0 bytes

User: JIMENEZ_ANDR
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes

User: Matthew
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
->Java cache emptied: 0 bytes
->FireFox cache emptied: 0 bytes
->Google Chrome cache emptied: 0 bytes
->Flash cache emptied: 0 bytes

User: Public
->Temp folder emptied: 0 bytes

User: QUARTE_MATT
->Temp folder emptied: 36287329 bytes
->Temporary Internet Files folder emptied: 41365 bytes
->Java cache emptied: 0 bytes
->FireFox cache emptied: 92438670 bytes
->Google Chrome cache emptied: 12554338 bytes
->Flash cache emptied: 57289 bytes

User: sysadmin
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 328041 bytes

%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 989864 bytes
%systemroot%\system32\config\systemprofile\Local Settings\Temporary Internet Files folder emptied: 0 bytes
RecycleBin emptied: 0 bytes

Total Files Cleaned = 136.00 mb


OTL by OldTimer - Version 3.2.69.0 log created on 02212013_220751
  • 0

#4
Wilbur13
Posted 21 February 2013 - 09:54 PM

Wilbur13

    Member

  • Topic Starter
  • Member
  • PipPip
  • 16 posts
TDSS Killer

22:20:17.0835 0612 TDSS rootkit removing tool 2.8.16.0 Feb 11 2013 18:50:42
22:20:18.0100 0612 ============================================================
22:20:18.0100 0612 Current date / time: 2013/02/21 22:20:18.0100
22:20:18.0100 0612 SystemInfo:
22:20:18.0100 0612
22:20:18.0100 0612 OS Version: 6.1.7600 ServicePack: 0.0
22:20:18.0100 0612 Product type: Workstation
22:20:18.0100 0612 ComputerName: 2CE929CQCT
22:20:18.0100 0612 UserName: Matthew
22:20:18.0100 0612 Windows directory: C:\Windows
22:20:18.0100 0612 System windows directory: C:\Windows
22:20:18.0100 0612 Processor architecture: Intel x86
22:20:18.0100 0612 Number of processors: 2
22:20:18.0100 0612 Page size: 0x1000
22:20:18.0100 0612 Boot type: Normal boot
22:20:18.0100 0612 ============================================================
22:20:20.0932 0612 BG loaded
22:20:22.0301 0612 Drive \Device\Harddisk0\DR0 - Size: 0x3A38B2E000 (232.89 Gb), SectorSize: 0x200, Cylinders: 0x76C1, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000050
22:20:22.0301 0612 ============================================================
22:20:22.0301 0612 \Device\Harddisk0\DR0:
22:20:22.0301 0612 MBR partitions:
22:20:22.0301 0612 \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x800, BlocksNum 0x1CD2D800
22:20:22.0301 0612 \Device\Harddisk0\DR0\Partition2: MBR, Type 0xC, StartLBA 0x1CD2E000, BlocksNum 0x400800
22:20:22.0301 0612 \Device\Harddisk0\DR0\Partition3: MBR, Type 0x7, StartLBA 0x1D12E800, BlocksNum 0x96970
22:20:22.0301 0612 ============================================================
22:20:22.0332 0612 C: <-> \Device\Harddisk0\DR0\Partition1
22:20:22.0363 0612 F: <-> \Device\Harddisk0\DR0\Partition2
22:20:22.0363 0612 ============================================================
22:20:22.0363 0612 Initialize success
22:20:22.0363 0612 ============================================================
22:21:26.0199 3484 ============================================================
22:21:26.0199 3484 Scan started
22:21:26.0199 3484 Mode: Manual; SigCheck; TDLFS;
22:21:26.0199 3484 ============================================================
22:21:27.0335 3484 ================ Scan services =============================
22:21:27.0444 3484 [ 01E81C84AD1D0ACC61CF3CFD06632210 ] !SASCORE C:\Program Files\SUPERAntiSpyware\SASCORE.EXE
22:21:27.0786 3484 !SASCORE - ok
22:21:27.0957 3484 [ 6D2ACA41739BFE8CB86EE8E85F29697D ] 1394ohci C:\Windows\system32\DRIVERS\1394ohci.sys
22:21:28.0019 3484 1394ohci - ok
22:21:28.0066 3484 [ 465B6BAABA53A628F7252846D0E900EE ] Accelerometer C:\Windows\system32\DRIVERS\Accelerometer.sys
22:21:28.0175 3484 Accelerometer - ok
22:21:28.0253 3484 [ ADC420616C501B45D26C0FD3EF1E54E4 ] ACDaemon C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACService.exe
22:21:28.0393 3484 ACDaemon - ok
22:21:28.0440 3484 [ F0E07D144C8685B8774BC32FC8DA4DF0 ] ACPI C:\Windows\system32\DRIVERS\ACPI.sys
22:21:28.0486 3484 ACPI - ok
22:21:28.0517 3484 [ 98D81CA942D19F7D9153B095162AC013 ] AcpiPmi C:\Windows\system32\DRIVERS\acpipmi.sys
22:21:28.0626 3484 AcpiPmi - ok
22:21:28.0673 3484 [ 6C61BCEB60C2C187E6F96001FD69493E ] ADIHdAudAddService C:\Windows\system32\drivers\ADIHdAud.sys
22:21:28.0829 3484 ADIHdAudAddService - ok
22:21:28.0953 3484 [ 3927397AC60D943DAF8808AFFED582B7 ] AdobeARMservice C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe
22:21:29.0000 3484 AdobeARMservice - ok
22:21:29.0124 3484 [ EC807244904FA170C299AB06D87FBDBE ] AdobeFlashPlayerUpdateSvc C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe
22:21:29.0358 3484 AdobeFlashPlayerUpdateSvc - ok
22:21:29.0404 3484 [ 21E785EBD7DC90A06391141AAC7892FB ] adp94xx C:\Windows\system32\DRIVERS\adp94xx.sys
22:21:29.0513 3484 adp94xx - ok
22:21:29.0544 3484 [ 0C676BC278D5B59FF5ABD57BBE9123F2 ] adpahci C:\Windows\system32\DRIVERS\adpahci.sys
22:21:29.0622 3484 adpahci - ok
22:21:29.0638 3484 [ 7C7B5EE4B7B822EC85321FE23A27DB33 ] adpu320 C:\Windows\system32\DRIVERS\adpu320.sys
22:21:29.0684 3484 adpu320 - ok
22:21:29.0747 3484 [ 7233688FC422EF657E082309E6180142 ] ADVService C:\Program Files\Amazon\Amazon Unbox Video\ADVWindowsClientService.exe
22:21:29.0855 3484 ADVService ( UnsignedFile.Multi.Generic ) - warning
22:21:29.0855 3484 ADVService - detected UnsignedFile.Multi.Generic (1)
22:21:29.0887 3484 [ 4DC6B0772D1698F04FC79053A21C8260 ] AEADIFilters C:\Windows\system32\AEADISRV.EXE
22:21:29.0949 3484 AEADIFilters - ok
22:21:29.0964 3484 [ 8B5EEFEEC1E6D1A72A06C526628AD161 ] AeLookupSvc C:\Windows\System32\aelupsvc.dll
22:21:30.0058 3484 AeLookupSvc - ok
22:21:30.0073 3484 [ FE3EA6E9AFC1A78E6EDCA121E006AFB7 ] Afc C:\Windows\system32\drivers\Afc.sys
22:21:30.0104 3484 Afc - ok
22:21:30.0229 3484 [ 0DB7A48388D54D154EBEC120461A0FCD ] AFD C:\Windows\system32\drivers\afd.sys
22:21:30.0400 3484 AFD - ok
22:21:30.0431 3484 [ 6416F9B6B220F0A890525C38235AFAD7 ] AgereModemAudio C:\Program Files\LSI SoftModem\agrsmsvc.exe
22:21:30.0509 3484 AgereModemAudio - ok
22:21:30.0540 3484 [ FAA5A0B80E011464C7654851CE3D7FE7 ] AgereSoftModem C:\Windows\system32\DRIVERS\AGRSM.sys
22:21:30.0727 3484 AgereSoftModem - ok
22:21:30.0758 3484 [ 507812C3054C21CEF746B6EE3D04DD6E ] agp440 C:\Windows\system32\DRIVERS\agp440.sys
22:21:30.0851 3484 agp440 - ok
22:21:30.0882 3484 [ 8B30250D573A8F6B4BD23195160D8707 ] aic78xx C:\Windows\system32\DRIVERS\djsvs.sys
22:21:30.0960 3484 aic78xx - ok
22:21:31.0007 3484 [ 18A54E132947CD98FEA9ACCC57F98F13 ] ALG C:\Windows\System32\alg.exe
22:21:31.0100 3484 ALG - ok
22:21:31.0131 3484 [ 0D40BCF52EA90FC7DF2AEAB6503DEA44 ] aliide C:\Windows\system32\DRIVERS\aliide.sys
22:21:31.0163 3484 aliide - ok
22:21:31.0194 3484 [ B19505648F033393E907E2E419FDE8B3 ] AMD External Events Utility C:\Windows\system32\atiesrxx.exe
22:21:31.0349 3484 AMD External Events Utility - ok
22:21:31.0365 3484 [ 3C6600A0696E90A463771C7422E23AB5 ] amdagp C:\Windows\system32\DRIVERS\amdagp.sys
22:21:31.0427 3484 amdagp - ok
22:21:31.0443 3484 [ CD5914170297126B6266860198D1D4F0 ] amdide C:\Windows\system32\DRIVERS\amdide.sys
22:21:31.0474 3484 amdide - ok
22:21:31.0505 3484 [ 00DDA200D71BAC534BF56A9DB5DFD666 ] AmdK8 C:\Windows\system32\DRIVERS\amdk8.sys
22:21:31.0552 3484 AmdK8 - ok
22:21:31.0567 3484 [ 3CBF30F5370FDA40DD3E87DF38EA53B6 ] AmdPPM C:\Windows\system32\DRIVERS\amdppm.sys
22:21:31.0629 3484 AmdPPM - ok
22:21:31.0660 3484 [ 19CE906B4CDC11FC4FEF5745F33A63B6 ] amdsata C:\Windows\system32\drivers\amdsata.sys
22:21:31.0754 3484 amdsata - ok
22:21:31.0785 3484 [ EA43AF0C423FF267355F74E7A53BDABA ] amdsbs C:\Windows\system32\DRIVERS\amdsbs.sys
22:21:31.0863 3484 amdsbs - ok
22:21:31.0878 3484 [ 869E67D66BE326A5A9159FBA8746FA70 ] amdxata C:\Windows\system32\drivers\amdxata.sys
22:21:31.0894 3484 amdxata - ok
22:21:31.0925 3484 [ FEB834C02CE1E84B6A38F953CA067706 ] AppID C:\Windows\system32\drivers\appid.sys
22:21:32.0049 3484 AppID - ok
22:21:32.0081 3484 [ 62A9C86CB6085E20DB4823E4E97826F5 ] AppIDSvc C:\Windows\System32\appidsvc.dll
22:21:32.0236 3484 AppIDSvc - ok
22:21:32.0267 3484 [ 7DEAD9E3F65DCB2794F2711003BBF650 ] Appinfo C:\Windows\System32\appinfo.dll
22:21:32.0314 3484 Appinfo - ok
22:21:32.0407 3484 [ A5299D04ED225D64CF07A568A3E1BF8C ] Apple Mobile Device C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
22:21:32.0501 3484 Apple Mobile Device - ok
22:21:32.0516 3484 [ A45D184DF6A8803DA13A0B329517A64A ] AppMgmt C:\Windows\System32\appmgmts.dll
22:21:32.0563 3484 AppMgmt - ok
22:21:32.0594 3484 [ 2932004F49677BD84DBC72EDB754FFB3 ] arc C:\Windows\system32\DRIVERS\arc.sys
22:21:32.0719 3484 arc - ok
22:21:32.0734 3484 [ 5D6F36C46FD283AE1B57BD2E9FEB0BC7 ] arcsas C:\Windows\system32\DRIVERS\arcsas.sys
22:21:32.0812 3484 arcsas - ok
22:21:32.0843 3484 [ ADD2ADE1C2B285AB8378D2DAAF991481 ] AsyncMac C:\Windows\system32\DRIVERS\asyncmac.sys
22:21:32.0936 3484 AsyncMac - ok
22:21:32.0952 3484 [ 338C86357871C167A96AB976519BF59E ] atapi C:\Windows\system32\DRIVERS\atapi.sys
22:21:32.0983 3484 atapi - ok
22:21:33.0154 3484 [ 04F09923A393E4E0E8453A8F78361E73 ] atikmdag C:\Windows\system32\DRIVERS\atikmdag.sys
22:21:33.0465 3484 atikmdag - ok
22:21:33.0528 3484 [ 4FEE29D288226C9252E49A3277F025C3 ] ATService C:\Program Files\Fingerprint Sensor\AtService.exe
22:21:33.0886 3484 ATService - ok
22:21:33.0901 3484 [ 53FF3096D5D9AE2A75C16703A9819965 ] ATSwpWDF C:\Windows\system32\Drivers\ATSwpWDF.sys
22:21:33.0948 3484 ATSwpWDF - ok
22:21:33.0979 3484 [ 510C873BFA135AA829F4180352772734 ] AudioEndpointBuilder C:\Windows\System32\Audiosrv.dll
22:21:34.0088 3484 AudioEndpointBuilder - ok
22:21:34.0088 3484 [ 510C873BFA135AA829F4180352772734 ] Audiosrv C:\Windows\System32\Audiosrv.dll
22:21:34.0134 3484 Audiosrv - ok
22:21:34.0166 3484 [ DD6A431B43E34B91A767D1CE33728175 ] AxInstSV C:\Windows\System32\AxInstSV.dll
22:21:34.0306 3484 AxInstSV - ok
22:21:34.0337 3484 [ 1A231ABEC60FD316EC54C66715543CEC ] b06bdrv C:\Windows\system32\DRIVERS\bxvbdx.sys
22:21:34.0523 3484 b06bdrv - ok
22:21:34.0570 3484 [ BD8869EB9CDE6BBE4508D869929869EE ] b57nd60x C:\Windows\system32\DRIVERS\b57nd60x.sys
22:21:34.0648 3484 b57nd60x - ok
22:21:34.0664 3484 [ EE1E9C3BB8228AE423DD38DB69128E71 ] BDESVC C:\Windows\System32\bdesvc.dll
22:21:34.0710 3484 BDESVC - ok
22:21:34.0726 3484 [ 505506526A9D467307B3C393DEDAF858 ] Beep C:\Windows\system32\drivers\Beep.sys
22:21:34.0757 3484 Beep - ok
22:21:34.0788 3484 [ 85AC71C045CEB054ED48A7841AAE0C11 ] BFE C:\Windows\System32\bfe.dll
22:21:34.0819 3484 BFE - ok
22:21:34.0866 3484 [ 53F476476F55A27F580661BDE09C4EC4 ] BITS C:\Windows\system32\qmgr.dll
22:21:34.0990 3484 BITS - ok
22:21:35.0021 3484 [ 2287078ED48FCFC477B05B20CF38F36F ] blbdrive C:\Windows\system32\DRIVERS\blbdrive.sys
22:21:35.0068 3484 blbdrive - ok
22:21:35.0146 3484 [ DB5BEA73EDAF19AC68B2C0FAD0F92B1A ] Bonjour Service C:\Program Files\Bonjour\mDNSResponder.exe
22:21:35.0270 3484 Bonjour Service - ok
22:21:35.0301 3484 [ 9A5C671B7FBAE4865149BB11F59B91B2 ] bowser C:\Windows\system32\DRIVERS\bowser.sys
22:21:35.0410 3484 bowser - ok
22:21:35.0426 3484 [ 9F9ACC7F7CCDE8A15C282D3F88B43309 ] BrFiltLo C:\Windows\system32\DRIVERS\BrFiltLo.sys
22:21:35.0504 3484 BrFiltLo - ok
22:21:35.0519 3484 [ 56801AD62213A41F6497F96DEE83755A ] BrFiltUp C:\Windows\system32\DRIVERS\BrFiltUp.sys
22:21:35.0597 3484 BrFiltUp - ok
22:21:35.0644 3484 [ 77361D72A04F18809D0EFB6CCEB74D4B ] BridgeMP C:\Windows\system32\DRIVERS\bridge.sys
22:21:35.0753 3484 BridgeMP - ok
22:21:35.0784 3484 [ 598E1280E7FF3744F4B8329366CC5635 ] Browser C:\Windows\System32\browser.dll
22:21:35.0846 3484 Browser - ok
22:21:35.0862 3484 [ 845B8CE732E67F3B4133164868C666EA ] Brserid C:\Windows\System32\Drivers\Brserid.sys
22:21:36.0048 3484 Brserid - ok
22:21:36.0064 3484 [ 203F0B1E73ADADBBB7B7B1FABD901F6B ] BrSerWdm C:\Windows\System32\Drivers\BrSerWdm.sys
22:21:36.0126 3484 BrSerWdm - ok
22:21:36.0142 3484 [ BD456606156BA17E60A04E18016AE54B ] BrUsbMdm C:\Windows\System32\Drivers\BrUsbMdm.sys
22:21:36.0188 3484 BrUsbMdm - ok
22:21:36.0220 3484 [ AF72ED54503F717A43268B3CC5FAEC2E ] BrUsbSer C:\Windows\System32\Drivers\BrUsbSer.sys
22:21:36.0235 3484 BrUsbSer - ok
22:21:36.0297 3484 [ 2865A5C8E98C70C605F417908CEBB3A4 ] BthEnum C:\Windows\system32\drivers\BthEnum.sys
22:21:36.0391 3484 BthEnum - ok
22:21:36.0391 3484 [ ED3DF7C56CE0084EB2034432FC56565A ] BTHMODEM C:\Windows\system32\DRIVERS\bthmodem.sys
22:21:36.0468 3484 BTHMODEM - ok
22:21:36.0500 3484 [ AD1872E5829E8A2C3B5B4B641C3EAB0E ] BthPan C:\Windows\system32\DRIVERS\bthpan.sys
22:21:36.0609 3484 BthPan - ok
22:21:36.0640 3484 [ 88059FF1DED4472ACD17EEBABD393069 ] BTHPORT C:\Windows\System32\Drivers\BTHport.sys
22:21:36.0749 3484 BTHPORT - ok
22:21:36.0795 3484 [ 1DF19C96EEF6C29D1C3E1A8678E07190 ] bthserv C:\Windows\system32\bthserv.dll
22:21:36.0873 3484 bthserv - ok
22:21:36.0873 3484 [ 80E6384BEEC03B8BD45EDEA29802D657 ] BTHUSB C:\Windows\System32\Drivers\BTHUSB.sys
22:21:36.0966 3484 BTHUSB - ok
22:21:37.0091 3484 catchme - ok
22:21:37.0153 3484 [ A454A9BAA25B8C8E76735DD86BD4B017 ] CcmExec C:\Windows\system32\CCM\CcmExec.exe
22:21:37.0262 3484 CcmExec - ok
22:21:37.0293 3484 [ 77EA11B065E0A8AB902D78145CA51E10 ] cdfs C:\Windows\system32\DRIVERS\cdfs.sys
22:21:37.0433 3484 cdfs - ok
22:21:37.0464 3484 [ BA6E70AA0E6091BC39DE29477D866A77 ] cdrom C:\Windows\system32\DRIVERS\cdrom.sys
22:21:37.0495 3484 cdrom - ok
22:21:37.0542 3484 [ 628A9E30EC5E18DD5DE6BE4DBDC12198 ] CertPropSvc C:\Windows\System32\certprop.dll
22:21:37.0604 3484 CertPropSvc - ok
22:21:37.0620 3484 [ 3FE3FE94A34DF6FB06E6418D0F6A0060 ] circlass C:\Windows\system32\DRIVERS\circlass.sys
22:21:37.0713 3484 circlass - ok
22:21:37.0744 3484 [ 635181E0E9BBF16871BF5380D71DB02D ] CLFS C:\Windows\system32\CLFS.sys
22:21:37.0791 3484 CLFS - ok
22:21:37.0869 3484 [ D88040F816FDA31C3B466F0FA0918F29 ] clr_optimization_v2.0.50727_32 C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
22:21:38.0024 3484 clr_optimization_v2.0.50727_32 - ok
22:21:38.0102 3484 [ C5A75EB48E2344ABDC162BDA79E16841 ] clr_optimization_v4.0.30319_32 C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
22:21:38.0180 3484 clr_optimization_v4.0.30319_32 - ok
22:21:38.0211 3484 [ DEA805815E587DAD1DD2C502220B5616 ] CmBatt C:\Windows\system32\DRIVERS\CmBatt.sys
22:21:38.0289 3484 CmBatt - ok
22:21:38.0305 3484 [ C537B1DB64D495B9B4717B4D6D9EDBF2 ] cmdide C:\Windows\system32\DRIVERS\cmdide.sys
22:21:38.0336 3484 cmdide - ok
22:21:38.0398 3484 [ 36C252E474B2FFA0F0FBBFF20D92A640 ] CNG C:\Windows\system32\Drivers\cng.sys
22:21:38.0460 3484 CNG - ok
22:21:38.0522 3484 [ C7A0E61D5714AC20DE52D4F66EC773B8 ] Com4QLBEx C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\Com4QLBEx.exe
22:21:38.0585 3484 Com4QLBEx - ok
22:21:38.0600 3484 [ A6023D3823C37043986713F118A89BEE ] Compbatt C:\Windows\system32\DRIVERS\compbatt.sys
22:21:38.0631 3484 Compbatt - ok
22:21:38.0662 3484 [ F1724BA27E97D627F808FB0BA77A28A6 ] CompositeBus C:\Windows\system32\DRIVERS\CompositeBus.sys
22:21:38.0756 3484 CompositeBus - ok
22:21:38.0771 3484 COMSysApp - ok
22:21:38.0787 3484 [ 2C4EBCFC84A9B44F209DFF6C6E6C61D1 ] crcdisk C:\Windows\system32\DRIVERS\crcdisk.sys
22:21:38.0896 3484 crcdisk - ok
22:21:38.0927 3484 [ 9C231178CE4FB385F4B54B0A9080B8A4 ] CryptSvc C:\Windows\system32\cryptsvc.dll
22:21:39.0020 3484 CryptSvc - ok
22:21:39.0036 3484 [ 27C9490BDD0AE48911AB8CF1932591ED ] CSC C:\Windows\system32\drivers\csc.sys
22:21:39.0191 3484 CSC - ok
22:21:39.0207 3484 [ 56FB5F222EA30D3D3FC459879772CB73 ] CscService C:\Windows\System32\cscsvc.dll
22:21:39.0269 3484 CscService - ok
22:21:39.0316 3484 [ B82CD39E336973359D7C9BF911E8E84F ] DcomLaunch C:\Windows\system32\rpcss.dll
22:21:39.0409 3484 DcomLaunch - ok
22:21:39.0440 3484 [ 8D6E10A2D9A5EED59562D9B82CF804E1 ] defragsvc C:\Windows\System32\defragsvc.dll
22:21:39.0596 3484 defragsvc - ok
22:21:39.0643 3484 [ 83D1ECEA8FAAE75604C0FA49AC7AD996 ] DfsC C:\Windows\system32\Drivers\dfsc.sys
22:21:39.0814 3484 DfsC - ok
22:21:39.0845 3484 [ C56495FBD770712367CAD35E5DE72DA6 ] Dhcp C:\Windows\system32\dhcpcore.dll
22:21:39.0923 3484 Dhcp - ok
22:21:39.0938 3484 [ 1A050B0274BFB3890703D490F330C0DA ] discache C:\Windows\system32\drivers\discache.sys
22:21:40.0032 3484 discache - ok
22:21:40.0078 3484 [ 565003F326F99802E68CA78F2A68E9FF ] Disk C:\Windows\system32\DRIVERS\disk.sys
22:21:40.0172 3484 Disk - ok
22:21:40.0218 3484 [ B15BE77A2BACF9C3177D27518AFE26A9 ] Dnscache C:\Windows\System32\dnsrslvr.dll
22:21:40.0296 3484 Dnscache - ok
22:21:40.0296 3484 [ 4408C85C21EEA48EB0CE486BAEEF0502 ] dot3svc C:\Windows\System32\dot3svc.dll
22:21:40.0358 3484 dot3svc - ok
22:21:40.0405 3484 [ 5BC1D876DFD53C31C5FC65D2E9614015 ] DpHost C:\Program Files\DigitalPersona\Bin\DpHostW.exe
22:21:40.0483 3484 DpHost ( UnsignedFile.Multi.Generic ) - warning
22:21:40.0483 3484 DpHost - detected UnsignedFile.Multi.Generic (1)
22:21:40.0499 3484 [ 7FA81C6E11CAA594ADB52084DA73A1E5 ] DPS C:\Windows\system32\dps.dll
22:21:40.0545 3484 DPS - ok
22:21:40.0592 3484 [ B918E7C5F9BF77202F89E1A9539F2EB4 ] drmkaud C:\Windows\system32\drivers\drmkaud.sys
22:21:40.0670 3484 drmkaud - ok
22:21:40.0716 3484 [ 1679A4669326CB1A67CC95658D273234 ] DXGKrnl C:\Windows\System32\drivers\dxgkrnl.sys
22:21:40.0825 3484 DXGKrnl - ok
22:21:40.0872 3484 [ 44A91D98D6719B49BCD649A863225B5C ] e1yexpress C:\Windows\system32\DRIVERS\e1y6232.sys
22:21:41.0012 3484 e1yexpress - ok
22:21:41.0043 3484 [ 8600142FA91C1B96367D3300AD0F3F3A ] EapHost C:\Windows\System32\eapsvc.dll
22:21:41.0105 3484 EapHost - ok
22:21:41.0214 3484 [ 024E1B5CAC09731E4D868E64DBFB4AB0 ] ebdrv C:\Windows\system32\DRIVERS\evbdx.sys
22:21:41.0417 3484 ebdrv - ok
22:21:41.0463 3484 [ C2243FF9E9AAD0C30E8B1A0914DA15B6 ] EFS C:\Windows\System32\lsass.exe
22:21:41.0557 3484 EFS - ok
22:21:41.0619 3484 [ 1697C39978CD69F6FBC15302EDCECE1F ] ehRecvr C:\Windows\ehome\ehRecvr.exe
22:21:41.0868 3484 ehRecvr - ok
22:21:41.0899 3484 [ D389BFF34F80CAEDE417BF9D1507996A ] ehSched C:\Windows\ehome\ehsched.exe
22:21:42.0039 3484 ehSched - ok
22:21:42.0086 3484 [ 0ED67910C8C326796FAA00B2BF6D9D3C ] elxstor C:\Windows\system32\DRIVERS\elxstor.sys
22:21:42.0163 3484 elxstor - ok
22:21:42.0163 3484 [ 8FC3208352DD3912C94367A206AB3F11 ] ErrDev C:\Windows\system32\DRIVERS\errdev.sys
22:21:42.0195 3484 ErrDev - ok
22:21:42.0241 3484 [ F6916EFC29D9953D5D0DF06882AE8E16 ] EventSystem C:\Windows\system32\es.dll
22:21:42.0350 3484 EventSystem - ok
22:21:42.0381 3484 [ 2DC9108D74081149CC8B651D3A26207F ] exfat C:\Windows\system32\drivers\exfat.sys
22:21:42.0490 3484 exfat - ok
22:21:42.0506 3484 [ 7E0AB74553476622FB6AE36F73D97D35 ] fastfat C:\Windows\system32\drivers\fastfat.sys
22:21:42.0584 3484 fastfat - ok
22:21:42.0615 3484 [ F7EA23CC5E6BF2181F3F399D54F6EFC1 ] Fax C:\Windows\system32\fxssvc.exe
22:21:42.0770 3484 Fax - ok
22:21:42.0848 3484 [ 8CAB6B589F6610BF0E20780E153248C1 ] FCSAM C:\Program Files\Microsoft Forefront\Client Security\Client\Antimalware\MsMpEng.exe
22:21:42.0941 3484 FCSAM - ok
22:21:42.0973 3484 [ 5E162FEB08F6635F0348D250B98AC758 ] FcsSas C:\Program Files\Microsoft Forefront\Client Security\Client\SSA\FcsSas.exe
22:21:43.0066 3484 FcsSas - ok
22:21:43.0081 3484 [ E817A017F82DF2A1F8CFDBDA29388B29 ] fdc C:\Windows\system32\DRIVERS\fdc.sys
22:21:43.0159 3484 fdc - ok
22:21:43.0175 3484 [ F3222C893BD2F5821A0179E5C71E88FB ] fdPHost C:\Windows\system32\fdPHost.dll
22:21:43.0237 3484 fdPHost - ok
22:21:43.0237 3484 [ 7DBE8CBFE79EFBDEB98C9FB08D3A9A5B ] FDResPub C:\Windows\system32\fdrespub.dll
22:21:43.0284 3484 FDResPub - ok
22:21:43.0315 3484 [ 6CF00369C97F3CF563BE99BE983D13D8 ] FileInfo C:\Windows\system32\drivers\fileinfo.sys
22:21:43.0362 3484 FileInfo - ok
22:21:43.0377 3484 [ 42C51DC94C91DA21CB9196EB64C45DB9 ] Filetrace C:\Windows\system32\drivers\filetrace.sys
22:21:43.0424 3484 Filetrace - ok
22:21:43.0486 3484 [ 77D6FFAA3010B66FB4692532D75A585F ] FixTDSS C:\Windows\system32\drivers\FixTDSS.sys
22:21:43.0782 3484 FixTDSS - ok
22:21:43.0797 3484 [ 87907AA70CB3C56600F1C2FB8841579B ] flpydisk C:\Windows\system32\DRIVERS\flpydisk.sys
22:21:43.0844 3484 flpydisk - ok
22:21:43.0859 3484 [ 7520EC808E0C35E0EE6F841294316653 ] FltMgr C:\Windows\system32\drivers\fltmgr.sys
22:21:43.0906 3484 FltMgr - ok
22:21:43.0968 3484 [ 7FE4995528A7529A761875151EE3D512 ] FontCache C:\Windows\system32\FntCache.dll
22:21:44.0062 3484 FontCache - ok
22:21:44.0124 3484 [ E56F39F6B7FDA0AC77A79B0FD3DE1A2F ] FontCache3.0.0.0 C:\Windows\Microsoft.Net\Framework\v3.0\WPF\PresentationFontCache.exe
22:21:44.0186 3484 FontCache3.0.0.0 - ok
22:21:44.0186 3484 [ 1A16B57943853E598CFF37FE2B8CBF1D ] FsDepends C:\Windows\system32\drivers\FsDepends.sys
22:21:44.0342 3484 FsDepends - ok
22:21:44.0373 3484 [ 500A9814FD9446A8126858A5A7F7D273 ] Fs_Rec C:\Windows\system32\drivers\Fs_Rec.sys
22:21:44.0420 3484 Fs_Rec - ok
22:21:44.0466 3484 [ DAFBD9FE39197495AED6D51F3B85B5D2 ] fvevol C:\Windows\system32\DRIVERS\fvevol.sys
22:21:44.0529 3484 fvevol - ok
22:21:44.0560 3484 [ 65EE0C7A58B65E74AE05637418153938 ] gagp30kx C:\Windows\system32\DRIVERS\gagp30kx.sys
22:21:44.0669 3484 gagp30kx - ok
22:21:44.0731 3484 [ 185ADA973B5020655CEE342059A86CBB ] GEARAspiWDM C:\Windows\system32\DRIVERS\GEARAspiWDM.sys
22:21:44.0840 3484 GEARAspiWDM - ok
22:21:44.0886 3484 [ 8BA3C04702BF8F927AB36AE8313CA4EE ] gpsvc C:\Windows\System32\gpsvc.dll
22:21:44.0995 3484 gpsvc - ok
22:21:45.0089 3484 [ F02A533F517EB38333CB12A9E8963773 ] gupdate C:\Program Files\Google\Update\GoogleUpdate.exe
22:21:45.0198 3484 gupdate - ok
22:21:45.0244 3484 [ F02A533F517EB38333CB12A9E8963773 ] gupdatem C:\Program Files\Google\Update\GoogleUpdate.exe
22:21:45.0307 3484 gupdatem - ok
22:21:45.0338 3484 [ 7DAD592A4D28092D584CFB4DEEF1373D ] HBtnKey C:\Windows\system32\DRIVERS\cpqbttn.sys
22:21:45.0369 3484 HBtnKey - ok
22:21:45.0384 3484 [ C44E3C2BAB6837DB337DDEE7544736DB ] hcw85cir C:\Windows\system32\drivers\hcw85cir.sys
22:21:45.0431 3484 hcw85cir - ok
22:21:45.0478 3484 [ 717A2207FD6F13AD3E664C7D5A43C7BF ] HDAudBus C:\Windows\system32\DRIVERS\HDAudBus.sys
22:21:45.0524 3484 HDAudBus - ok
22:21:45.0556 3484 [ 1D58A7F3E11A9731D0EAAAA8405ACC36 ] HidBatt C:\Windows\system32\DRIVERS\HidBatt.sys
22:21:45.0618 3484 HidBatt - ok
22:21:45.0633 3484 [ 89448F40E6DF260C206A193A4683BA78 ] HidBth C:\Windows\system32\DRIVERS\hidbth.sys
22:21:45.0696 3484 HidBth - ok
22:21:45.0742 3484 [ CF50B4CF4A4F229B9F3C08351F99CA5E ] HidIr C:\Windows\system32\DRIVERS\hidir.sys
22:21:45.0773 3484 HidIr - ok
22:21:45.0804 3484 [ 2BC6F6A1992B3A77F5F41432CA6B3B6B ] hidserv C:\Windows\System32\hidserv.dll
22:21:45.0898 3484 hidserv - ok
22:21:45.0945 3484 [ 25072FB35AC90B25F9E4E3BACF774102 ] HidUsb C:\Windows\system32\DRIVERS\hidusb.sys
22:21:46.0116 3484 HidUsb - ok
22:21:46.0193 3484 [ 741C2A45CA8407E374AABA3E330B7872 ] hkmsvc C:\Windows\system32\kmsvc.dll
22:21:46.0302 3484 hkmsvc - ok
22:21:46.0334 3484 [ A768CA158BB06782A2835B907F4873C3 ] HomeGroupListener C:\Windows\system32\ListSvc.dll
22:21:46.0411 3484 HomeGroupListener - ok
22:21:46.0442 3484 [ FB08DEC5EF43D0C66D83B8E9694E7549 ] HomeGroupProvider C:\Windows\system32\provsvc.dll
22:21:46.0520 3484 HomeGroupProvider - ok
22:21:46.0551 3484 [ D5C35E6416A379C445CDA826B9FE452F ] hpdskflt C:\Windows\system32\DRIVERS\hpdskflt.sys
22:21:46.0598 3484 hpdskflt - ok
22:21:46.0629 3484 [ 1210960FF8928950D2A786895B0C424A ] HpqKbFiltr C:\Windows\system32\DRIVERS\HpqKbFiltr.sys
22:21:46.0660 3484 HpqKbFiltr - ok
22:21:46.0691 3484 [ FDF273A845F1FFCCEADF363AAF47582F ] hpqwmiex C:\Program Files\Hewlett-Packard\Shared\hpqwmiex.exe
22:21:46.0831 3484 hpqwmiex - ok
22:21:46.0863 3484 [ 295FDC419039090EB8B49FFDBB374549 ] HpSAMD C:\Windows\system32\DRIVERS\HpSAMD.sys
22:21:46.0909 3484 HpSAMD - ok
22:21:46.0940 3484 [ 00DC55481FAD2841284ED09E7D69CD11 ] hpsrv C:\Windows\system32\Hpservice.exe
22:21:46.0971 3484 hpsrv - ok
22:21:47.0003 3484 [ C531C7FD9E8B62021112787C4E2C5A5A ] HTTP C:\Windows\system32\drivers\HTTP.sys
22:21:47.0080 3484 HTTP - ok
22:21:47.0096 3484 [ 8305F33CDE89AD6C7A0763ED0B5A8D42 ] hwpolicy C:\Windows\system32\drivers\hwpolicy.sys
22:21:47.0158 3484 hwpolicy - ok
22:21:47.0189 3484 [ F151F0BDC47F4A28B1B20A0818EA36D6 ] i8042prt C:\Windows\system32\DRIVERS\i8042prt.sys
22:21:47.0256 3484 i8042prt - ok
22:21:47.0326 3484 [ 71F1A494FEDF4B33C02C4A6A28D6D9E9 ] iaStorV C:\Windows\system32\drivers\iaStorV.sys
22:21:47.0386 3484 iaStorV - ok
22:21:47.0445 3484 [ 5AF815EB5BC9802E5A064E2BA62BFC0C ] idsvc C:\Windows\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe
22:21:47.0605 3484 idsvc - ok
22:21:47.0625 3484 [ 4173FF5708F3236CF25195FECD742915 ] iirsp C:\Windows\system32\DRIVERS\iirsp.sys
22:21:47.0655 3484 iirsp - ok
22:21:47.0695 3484 [ FAC0EE6562B121B1399D6E855583F7A5 ] IKEEXT C:\Windows\System32\ikeext.dll
22:21:47.0755 3484 IKEEXT - ok
22:21:47.0775 3484 [ A0F12F2C9BA6C72F3987CE780E77C130 ] intelide C:\Windows\system32\DRIVERS\intelide.sys
22:21:47.0805 3484 intelide - ok
22:21:47.0846 3484 [ 3B514D27BFC4ACCB4037BC6685F766E0 ] intelppm C:\Windows\system32\DRIVERS\intelppm.sys
22:21:47.0886 3484 intelppm - ok
22:21:47.0916 3484 [ ACB364B9075A45C0736E5C47BE5CAE19 ] IPBusEnum C:\Windows\system32\ipbusenum.dll
22:21:47.0976 3484 IPBusEnum - ok
22:21:48.0026 3484 [ 709D1761D3B19A932FF0238EA6D50200 ] IpFilterDriver C:\Windows\system32\DRIVERS\ipfltdrv.sys
22:21:48.0148 3484 IpFilterDriver - ok
22:21:48.0195 3484 [ 477397B432A256A50EE7E4339EB9EA14 ] iphlpsvc C:\Windows\System32\iphlpsvc.dll
22:21:48.0273 3484 iphlpsvc - ok
22:21:48.0304 3484 [ E4454B6C37D7FFD5649611F6496308A7 ] IPMIDRV C:\Windows\system32\DRIVERS\IPMIDrv.sys
22:21:48.0491 3484 IPMIDRV - ok
22:21:48.0491 3484 [ A5FA468D67ABCDAA36264E463A7BB0CD ] IPNAT C:\Windows\system32\drivers\ipnat.sys
22:21:48.0616 3484 IPNAT - ok
22:21:48.0694 3484 [ E8A39D41474BE42FD8830CED32932D6C ] iPod Service C:\Program Files\iPod\bin\iPodService.exe
22:21:48.0803 3484 iPod Service - ok
22:21:48.0834 3484 [ 42996CFF20A3084A56017B7902307E9F ] IRENUM C:\Windows\system32\drivers\irenum.sys
22:21:48.0865 3484 IRENUM - ok
22:21:48.0880 3484 [ 1F32BB6B38F62F7DF1A7AB7292638A35 ] isapnp C:\Windows\system32\DRIVERS\isapnp.sys
22:21:48.0927 3484 isapnp - ok
22:21:48.0958 3484 [ ED46C223AE46C6866AB77CDC41C404B7 ] iScsiPrt C:\Windows\system32\DRIVERS\msiscsi.sys
22:21:49.0067 3484 iScsiPrt - ok
22:21:49.0114 3484 [ ADEF52CA1AEAE82B50DF86B56413107E ] kbdclass C:\Windows\system32\DRIVERS\kbdclass.sys
22:21:49.0207 3484 kbdclass - ok
22:21:49.0254 3484 [ 3D9F0EBF350EDCFD6498057301455964 ] kbdhid C:\Windows\system32\DRIVERS\kbdhid.sys
22:21:49.0408 3484 kbdhid - ok
22:21:49.0423 3484 [ C2243FF9E9AAD0C30E8B1A0914DA15B6 ] KeyIso C:\Windows\system32\lsass.exe
22:21:49.0454 3484 KeyIso - ok
22:21:49.0501 3484 [ 0263364ACB9C834ACE52FB85C2C064EC ] KSecDD C:\Windows\system32\Drivers\ksecdd.sys
22:21:49.0595 3484 KSecDD - ok
22:21:49.0626 3484 [ 27391DB553BE2A4E2B0ADEEA2873B2AF ] KSecPkg C:\Windows\system32\Drivers\ksecpkg.sys
22:21:49.0781 3484 KSecPkg - ok
22:21:49.0828 3484 [ 89A7B9CC98D0D80C6F31B91C0A310FCD ] KtmRm C:\Windows\system32\msdtckrm.dll
22:21:49.0921 3484 KtmRm - ok
22:21:49.0984 3484 [ 8F6BF790D3168224C16F2AF68A84438C ] LanmanServer C:\Windows\System32\srvsvc.dll
22:21:50.0124 3484 LanmanServer - ok
22:21:50.0155 3484 [ B9891F885DCF1F0513A51CB58493CB1F ] LanmanWorkstation C:\Windows\System32\wkssvc.dll
22:21:50.0232 3484 LanmanWorkstation - ok
22:21:50.0264 3484 [ F7611EC07349979DA9B0AE1F18CCC7A6 ] lltdio C:\Windows\system32\DRIVERS\lltdio.sys
22:21:50.0341 3484 lltdio - ok
22:21:50.0373 3484 [ 5700673E13A2117FA3B9020C852C01E2 ] lltdsvc C:\Windows\System32\lltdsvc.dll
22:21:50.0513 3484 lltdsvc - ok
22:21:50.0544 3484 [ 55CA01BA19D0006C8F2639B6C045E08B ] lmhosts C:\Windows\System32\lmhsvc.dll
22:21:50.0606 3484 lmhosts - ok
22:21:50.0637 3484 [ EB119A53CCF2ACC000AC71B065B78FEF ] LSI_FC C:\Windows\system32\DRIVERS\lsi_fc.sys
22:21:50.0746 3484 LSI_FC - ok
22:21:50.0777 3484 [ 8ADE1C877256A22E49B75D1CC9161F9C ] LSI_SAS C:\Windows\system32\DRIVERS\lsi_sas.sys
22:21:50.0839 3484 LSI_SAS - ok
22:21:50.0855 3484 [ DC9DC3D3DAA0E276FD2EC262E38B11E9 ] LSI_SAS2 C:\Windows\system32\DRIVERS\lsi_sas2.sys
22:21:50.0902 3484 LSI_SAS2 - ok
22:21:50.0917 3484 [ 0A036C7D7CAB643A7F07135AC47E0524 ] LSI_SCSI C:\Windows\system32\DRIVERS\lsi_scsi.sys
22:21:50.0979 3484 LSI_SCSI - ok
22:21:51.0010 3484 [ 6703E366CC18D3B6E534F5CF7DF39CEE ] luafv C:\Windows\system32\drivers\luafv.sys
22:21:51.0073 3484 luafv - ok
22:21:51.0166 3484 [ ED643E777BA3F7151EF3F0FB6BE4F7F0 ] LVRS C:\Windows\system32\DRIVERS\lvrs.sys
22:21:51.0306 3484 LVRS - ok
22:21:52.0365 3484 [ 5BC80451109A8DD7F2DDD35BCE2929A3 ] LVUVC C:\Windows\system32\DRIVERS\lvuvc.sys
22:21:52.0880 3484 LVUVC - ok
22:21:52.0926 3484 [ FB097BBC1A18F044BD17BD2FCCF97865 ] MBAMProtector C:\Windows\system32\drivers\mbam.sys
22:21:53.0035 3484 MBAMProtector - ok
22:21:53.0066 3484 [ BA400ED640BCA1EAE5C727AE17C10207 ] MBAMService C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe
22:21:53.0222 3484 MBAMService - ok
22:21:53.0269 3484 mchInjDrv - ok
22:21:53.0300 3484 [ E2B0887816ED336685954E3D8FDAA51D ] Mcx2Svc C:\Windows\system32\Mcx2Svc.dll
22:21:53.0363 3484 Mcx2Svc - ok
22:21:53.0394 3484 [ 0FFF5B045293002AB38EB1FD1FC2FB74 ] megasas C:\Windows\system32\DRIVERS\megasas.sys
22:21:53.0518 3484 megasas - ok
22:21:53.0550 3484 [ DCBAB2920C75F390CAF1D29F675D03D6 ] MegaSR C:\Windows\system32\DRIVERS\MegaSR.sys
22:21:53.0628 3484 MegaSR - ok
22:21:53.0659 3484 [ ED6235C93981D8658FA433092A809303 ] MemeoBackgroundService C:\Program Files\WD\WD Anywhere Backup\MemeoBackgroundService.exe
22:21:53.0690 3484 MemeoBackgroundService - ok
22:21:53.0721 3484 [ 146B6F43A673379A3C670E86D89BE5EA ] MMCSS C:\Windows\system32\mmcss.dll
22:21:53.0783 3484 MMCSS - ok
22:21:53.0830 3484 [ F001861E5700EE84E2D4E52C712F4964 ] Modem C:\Windows\system32\drivers\modem.sys
22:21:53.0939 3484 Modem - ok
22:21:54.0033 3484 [ F3C2E6441348A7FC20F21FE2F5EB28E6 ] MOM C:\Program Files\Microsoft Forefront\Client Security\Client\Microsoft Operations Manager 2005\MOMService.exe
22:21:54.0126 3484 MOM ( UnsignedFile.Multi.Generic ) - warning
22:21:54.0126 3484 MOM - detected UnsignedFile.Multi.Generic (1)
22:21:54.0157 3484 [ 79D10964DE86B292320E9DFE02282A23 ] monitor C:\Windows\system32\DRIVERS\monitor.sys
22:21:54.0251 3484 monitor - ok
22:21:54.0267 3484 [ FB18CC1D4C2E716B6B903B0AC0CC0609 ] mouclass C:\Windows\system32\DRIVERS\mouclass.sys
22:21:54.0422 3484 mouclass - ok
22:21:54.0438 3484 [ 2C388D2CD01C9042596CF3C8F3C7B24D ] mouhid C:\Windows\system32\DRIVERS\mouhid.sys
22:21:54.0500 3484 mouhid - ok
22:21:54.0531 3484 [ 921C18727C5920D6C0300736646931C2 ] mountmgr C:\Windows\system32\drivers\mountmgr.sys
22:21:54.0641 3484 mountmgr - ok
22:21:54.0687 3484 [ 356842AAC621AB40F18992C01A590F71 ] MpFilter C:\Windows\system32\DRIVERS\MpFilter.sys
22:21:54.0703 3484 MpFilter - ok
22:21:54.0734 3484 [ 2AF5997438C55FB79D33D015C30E1974 ] mpio C:\Windows\system32\DRIVERS\mpio.sys
22:21:54.0828 3484 mpio - ok
22:21:54.0843 3484 [ AD2723A7B53DD1AACAE6AD8C0BFBF4D0 ] mpsdrv C:\Windows\system32\drivers\mpsdrv.sys
22:21:55.0015 3484 mpsdrv - ok
22:21:55.0046 3484 [ 5CD996CECF45CBC3E8D109C86B82D69E ] MpsSvc C:\Windows\system32\mpssvc.dll
22:21:55.0171 3484 MpsSvc - ok
22:21:55.0186 3484 [ B1BE47008D20E43DA3ADC37C24CDB89D ] MRxDAV C:\Windows\system32\drivers\mrxdav.sys
22:21:55.0264 3484 MRxDAV - ok
22:21:55.0342 3484 [ CA7570E42522E24324A12161DB14EC02 ] mrxsmb C:\Windows\system32\DRIVERS\mrxsmb.sys
22:21:55.0435 3484 mrxsmb - ok
22:21:55.0467 3484 [ F965C3AB2B2AE5C378F4562486E35051 ] mrxsmb10 C:\Windows\system32\DRIVERS\mrxsmb10.sys
22:21:55.0545 3484 mrxsmb10 - ok
22:21:55.0560 3484 [ 25C38264A3C72594DD21D355D70D7A5D ] mrxsmb20 C:\Windows\system32\DRIVERS\mrxsmb20.sys
22:21:55.0622 3484 mrxsmb20 - ok
22:21:55.0654 3484 [ 4326D168944123F38DD3B2D9C37A0B12 ] msahci C:\Windows\system32\DRIVERS\msahci.sys
22:21:55.0747 3484 msahci - ok
22:21:55.0810 3484 [ 455029C7174A2DBB03DBA8A0D8BDDD9A ] msdsm C:\Windows\system32\DRIVERS\msdsm.sys
22:21:55.0919 3484 msdsm - ok
22:21:55.0934 3484 [ E1BCE74A3BD9902B72599C0192A07E27 ] MSDTC C:\Windows\System32\msdtc.exe
22:21:56.0043 3484 MSDTC - ok
22:21:56.0106 3484 [ DAEFB28E3AF5A76ABCC2C3078C07327F ] Msfs C:\Windows\system32\drivers\Msfs.sys
22:21:56.0308 3484 Msfs - ok
22:21:56.0324 3484 [ 3E1E5767043C5AF9367F0056295E9F84 ] mshidkmdf C:\Windows\System32\drivers\mshidkmdf.sys
22:21:56.0402 3484 mshidkmdf - ok
22:21:56.0433 3484 [ 0A4E5757AE09FA9622E3158CC1AEF114 ] msisadrv C:\Windows\system32\DRIVERS\msisadrv.sys
22:21:56.0464 3484 msisadrv - ok
22:21:56.0495 3484 [ 90F7D9E6B6F27E1A707D4A297F077828 ] MSiSCSI C:\Windows\system32\iscsiexe.dll
22:21:56.0558 3484 MSiSCSI - ok
22:21:56.0558 3484 msiserver - ok
22:21:56.0589 3484 [ 8C0860D6366AAFFB6C5BB9DF9448E631 ] MSKSSRV C:\Windows\system32\drivers\MSKSSRV.sys
22:21:56.0651 3484 MSKSSRV - ok
22:21:56.0667 3484 [ 3EA8B949F963562CEDBB549EAC0C11CE ] MSPCLOCK C:\Windows\system32\drivers\MSPCLOCK.sys
22:21:56.0698 3484 MSPCLOCK - ok
22:21:56.0713 3484 [ F456E973590D663B1073E9C463B40932 ] MSPQM C:\Windows\system32\drivers\MSPQM.sys
22:21:56.0760 3484 MSPQM - ok
22:21:56.0776 3484 [ 0E008FC4819D238C51D7C93E7B41E560 ] MsRPC C:\Windows\system32\drivers\MsRPC.sys
22:21:56.0854 3484 MsRPC - ok
22:21:56.0869 3484 [ FC6B9FF600CC585EA38B12589BD4E246 ] mssmbios C:\Windows\system32\DRIVERS\mssmbios.sys
22:21:56.0885 3484 mssmbios - ok
22:21:56.0901 3484 [ B42C6B921F61A6E55159B8BE6CD54A36 ] MSTEE C:\Windows\system32\drivers\MSTEE.sys
22:21:56.0932 3484 MSTEE - ok
22:21:56.0963 3484 [ 33599130F44E1F34631CEA241DE8AC84 ] MTConfig C:\Windows\system32\DRIVERS\MTConfig.sys
22:21:57.0025 3484 MTConfig - ok
22:21:57.0041 3484 [ 159FAD02F64E6381758C990F753BCC80 ] Mup C:\Windows\system32\Drivers\mup.sys
22:21:57.0150 3484 Mup - ok
22:21:57.0228 3484 [ 80284F1985C70C86F0B5F86DA2DFE1DF ] napagent C:\Windows\system32\qagentRT.dll
22:21:57.0353 3484 napagent - ok
22:21:57.0368 3484 [ 26384429FCD85D83746F63E798AB1480 ] NativeWifiP C:\Windows\system32\DRIVERS\nwifi.sys
22:21:57.0524 3484 NativeWifiP - ok
22:21:57.0571 3484 [ 23759D175A0A9BAAF04D05047BC135A8 ] NDIS C:\Windows\system32\drivers\ndis.sys
22:21:57.0711 3484 NDIS - ok
22:21:57.0742 3484 [ 0E1787AA6C9191D3D319E8BAFE86F80C ] NdisCap C:\Windows\system32\DRIVERS\ndiscap.sys
22:21:57.0867 3484 NdisCap - ok
22:21:57.0898 3484 [ E4A8AEC125A2E43A9E32AFEEA7C9C888 ] NdisTapi C:\Windows\system32\DRIVERS\ndistapi.sys
22:21:57.0992 3484 NdisTapi - ok
22:21:58.0007 3484 [ B30AE7F2B6D7E343B0DF32E6C08FCE75 ] Ndisuio C:\Windows\system32\DRIVERS\ndisuio.sys
22:21:58.0116 3484 Ndisuio - ok
22:21:58.0147 3484 [ 267C415EADCBE53C9CA873DEE39CF3A4 ] NdisWan C:\Windows\system32\DRIVERS\ndiswan.sys
22:21:58.0288 3484 NdisWan - ok
22:21:58.0288 3484 [ AF7E7C63DCEF3F8772726F86039D6EB4 ] NDProxy C:\Windows\system32\drivers\NDProxy.sys
22:21:58.0350 3484 NDProxy - ok
22:21:58.0397 3484 [ 2969D26EEE289BE7422AA46FC55F4E38 ] Net Driver HPZ12 C:\Windows\system32\HPZinw12.dll
22:21:58.0428 3484 Net Driver HPZ12 ( UnsignedFile.Multi.Generic ) - warning
22:21:58.0428 3484 Net Driver HPZ12 - detected UnsignedFile.Multi.Generic (1)
22:21:58.0459 3484 [ 80B275B1CE3B0E79909DB7B39AF74D51 ] NetBIOS C:\Windows\system32\DRIVERS\netbios.sys
22:21:58.0537 3484 NetBIOS - ok
22:21:58.0553 3484 [ DD52A733BF4CA5AF84562A5E2F963B91 ] NetBT C:\Windows\system32\DRIVERS\netbt.sys
22:21:58.0724 3484 NetBT - ok
22:21:58.0740 3484 [ C2243FF9E9AAD0C30E8B1A0914DA15B6 ] Netlogon C:\Windows\system32\lsass.exe
22:21:58.0755 3484 Netlogon - ok
22:21:58.0786 3484 [ 7CCCFCA7510684768DA22092D1FA4DB2 ] Netman C:\Windows\System32\netman.dll
22:21:58.0927 3484 Netman - ok
22:21:58.0958 3484 [ 8C338238C16777A802D6A9211EB2BA50 ] netprofm C:\Windows\System32\netprofm.dll
22:21:59.0098 3484 netprofm - ok
22:21:59.0129 3484 [ FE2AA5A684B0DD9B1FAE57B7817C198B ] NetTcpPortSharing C:\Windows\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe
22:21:59.0238 3484 NetTcpPortSharing - ok
22:21:59.0457 3484 [ 5B2DFA9C5C02DDF2A113CC0F551B59DF ] NETw5s32 C:\Windows\system32\DRIVERS\NETw5s32.sys
22:21:59.0877 3484 NETw5s32 - ok
22:21:59.0909 3484 [ 1D85C4B390B0EE09C7A46B91EFB2C097 ] nfrd960 C:\Windows\system32\DRIVERS\nfrd960.sys
22:22:00.0018 3484 nfrd960 - ok
22:22:00.0096 3484 [ 9CCBCA1FE056F67960C9420FCE635691 ] NitroReaderDriverReadSpool C:\Program Files\Nitro PDF\Reader\NitroPDFReaderDriverService.exe
22:22:00.0205 3484 NitroReaderDriverReadSpool - ok
22:22:00.0236 3484 [ 2226496E34BD40734946A054B1CD657F ] NlaSvc C:\Windows\System32\nlasvc.dll
22:22:00.0329 3484 NlaSvc - ok
22:22:00.0361 3484 [ 1DB262A9F8C087E8153D89BEF3D2235F ] Npfs C:\Windows\system32\drivers\Npfs.sys
22:22:00.0485 3484 Npfs - ok
22:22:00.0501 3484 [ BA387E955E890C8A88306D9B8D06BF17 ] nsi C:\Windows\system32\nsisvc.dll
22:22:00.0532 3484 nsi - ok
22:22:00.0548 3484 [ E9A0A4D07E53D8FEA2BB8387A3293C58 ] nsiproxy C:\Windows\system32\drivers\nsiproxy.sys
22:22:00.0594 3484 nsiproxy - ok
22:22:00.0735 3484 [ 187002CE05693C306F43C873F821381F ] Ntfs C:\Windows\system32\drivers\Ntfs.sys
22:22:01.0046 3484 Ntfs - ok
22:22:01.0109 3484 [ F9756A98D69098DCA8945D62858A812C ] Null C:\Windows\system32\drivers\Null.sys
22:22:01.0202 3484 Null - ok
22:22:01.0249 3484 [ F1B0BED906F97E16F6D0C3629D2F21C6 ] nvraid C:\Windows\system32\drivers\nvraid.sys
22:22:01.0374 3484 nvraid - ok
22:22:01.0452 3484 [ 4520B63899E867F354EE012D34E11536 ] nvstor C:\Windows\system32\drivers\nvstor.sys
22:22:01.0607 3484 nvstor - ok
22:22:01.0639 3484 [ 5A0983915F02BAE73267CC2A041F717D ] nv_agp C:\Windows\system32\DRIVERS\nv_agp.sys
22:22:01.0716 3484 nv_agp - ok
22:22:01.0935 3484 [ 1F0E05DFF4F5A833168E49BE1256F002 ] odserv C:\Program Files\Common Files\Microsoft Shared\OFFICE12\ODSERV.EXE
22:22:02.0153 3484 odserv - ok
22:22:02.0168 3484 [ 08A70A1F2CDDE9BB49B885CB817A66EB ] ohci1394 C:\Windows\system32\DRIVERS\ohci1394.sys
22:22:02.0215 3484 ohci1394 - ok
22:22:02.0278 3484 [ 9D10F99A6712E28F8ACD5641E3A7EA6B ] ose C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE
22:22:02.0402 3484 ose - ok
22:22:03.0337 3484 [ 358A9CCA612C68EB2F07DDAD4CE1D8D7 ] osppsvc C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE
22:22:04.0101 3484 osppsvc - ok
22:22:04.0148 3484 [ 82A8521DDC60710C3D3D3E7325209BEC ] p2pimsvc C:\Windows\system32\pnrpsvc.dll
22:22:04.0257 3484 p2pimsvc - ok
22:22:04.0273 3484 [ 59C3DDD501E39E006DAC31BF55150D91 ] p2psvc C:\Windows\system32\p2psvc.dll
22:22:04.0350 3484 p2psvc - ok
22:22:04.0382 3484 [ 2EA877ED5DD9713C5AC74E8EA7348D14 ] Parport C:\Windows\system32\DRIVERS\parport.sys
22:22:04.0506 3484 Parport - ok
22:22:04.0553 3484 [ FF4218952B51DE44FE910953A3E686B9 ] partmgr C:\Windows\system32\drivers\partmgr.sys
22:22:04.0662 3484 partmgr - ok
22:22:04.0693 3484 [ EB0A59F29C19B86479D36B35983DAADC ] Parvdm C:\Windows\system32\DRIVERS\parvdm.sys
22:22:04.0771 3484 Parvdm - ok
22:22:04.0802 3484 [ 358AB7956D3160000726574083DFC8A6 ] PcaSvc C:\Windows\System32\pcasvc.dll
22:22:04.0896 3484 PcaSvc - ok
22:22:04.0927 3484 [ C858CB77C577780ECC456A892E7E7D0F ] pci C:\Windows\system32\DRIVERS\pci.sys
22:22:04.0974 3484 pci - ok
22:22:05.0067 3484 [ AFE86F419014DB4E5593F69FFE26CE0A ] pciide C:\Windows\system32\DRIVERS\pciide.sys
22:22:05.0145 3484 pciide - ok
22:22:05.0161 3484 [ F396431B31693E71E8A80687EF523506 ] pcmcia C:\Windows\system32\DRIVERS\pcmcia.sys
22:22:05.0223 3484 pcmcia - ok
22:22:05.0239 3484 [ 250F6B43D2B613172035C6747AEEB19F ] pcw C:\Windows\system32\drivers\pcw.sys
22:22:05.0286 3484 pcw - ok
22:22:05.0301 3484 [ 9E0104BA49F4E6973749A02BF41344ED ] PEAUTH C:\Windows\system32\drivers\peauth.sys
22:22:05.0426 3484 PEAUTH - ok
22:22:05.0582 3484 [ AF4D64D2A57B9772CF3801950B8058A6 ] PeerDistSvc C:\Windows\system32\peerdistsvc.dll
22:22:05.0738 3484 PeerDistSvc - ok
22:22:05.0816 3484 [ 35045CA2AB16A08330450FC0C1BC5C54 ] Pharos Systems ComTaskMaster C:\PROGRA~1\PHAROS~1\Core\CTskMstr.exe
22:22:05.0940 3484 Pharos Systems ComTaskMaster ( UnsignedFile.Multi.Generic ) - warning
22:22:05.0940 3484 Pharos Systems ComTaskMaster - detected UnsignedFile.Multi.Generic (1)
22:22:06.0190 3484 [ 9C1BFF7910C89A1D12E57343475840CB ] pla C:\Windows\system32\pla.dll
22:22:06.0408 3484 pla - ok
22:22:06.0470 3484 [ 71DEF5EC79774C798342D0EA16E41780 ] PlugPlay C:\Windows\system32\umpnpmgr.dll
22:22:06.0595 3484 PlugPlay - ok
22:22:06.0642 3484 [ BAFC9706BDF425A02B66468AB2605C59 ] Pml Driver HPZ12 C:\Windows\system32\HPZipm12.dll
22:22:06.0735 3484 Pml Driver HPZ12 ( UnsignedFile.Multi.Generic ) - warning
22:22:06.0735 3484 Pml Driver HPZ12 - detected UnsignedFile.Multi.Generic (1)
22:22:06.0751 3484 [ 63FF8572611249931EB16BB8EED6AFC8 ] PNRPAutoReg C:\Windows\system32\pnrpauto.dll
22:22:06.0813 3484 PNRPAutoReg - ok
22:22:06.0829 3484 [ 82A8521DDC60710C3D3D3E7325209BEC ] PNRPsvc C:\Windows\system32\pnrpsvc.dll
22:22:06.0875 3484 PNRPsvc - ok
22:22:06.0938 3484 [ 48E1B75C6DC0232FD92BAAE4BD344721 ] PolicyAgent C:\Windows\System32\ipsecsvc.dll
22:22:07.0047 3484 PolicyAgent - ok
22:22:07.0078 3484 [ DBFF83F709A91049621C1D35DD45C92C ] Power C:\Windows\system32\umpo.dll
22:22:07.0156 3484 Power - ok
22:22:07.0218 3484 [ 631E3E205AD6D86F2AED6A4A8E69F2DB ] PptpMiniport C:\Windows\system32\DRIVERS\raspptp.sys
22:22:07.0343 3484 PptpMiniport - ok
22:22:07.0405 3484 [ 2A4514A9233D35A355F569FF8B8F6240 ] prepdrvr C:\Windows\system32\CCM\prepdrv.sys
22:22:07.0468 3484 prepdrvr - ok
22:22:07.0499 3484 [ 85B1E3A0C7585BC4AAE6899EC6FCF011 ] Processor C:\Windows\system32\DRIVERS\processr.sys
22:22:07.0577 3484 Processor - ok
22:22:07.0608 3484 [ 630CF26F0227498B7D5A92B12548960F ] ProfSvc C:\Windows\system32\profsvc.dll
22:22:07.0639 3484 ProfSvc - ok
22:22:07.0670 3484 [ C2243FF9E9AAD0C30E8B1A0914DA15B6 ] ProtectedStorage C:\Windows\system32\lsass.exe
22:22:07.0717 3484 ProtectedStorage - ok
22:22:07.0748 3484 [ 6270CCAE2A86DE6D146529FE55B3246A ] Psched C:\Windows\system32\DRIVERS\pacer.sys
22:22:07.0857 3484 Psched - ok
22:22:07.0904 3484 [ 153D02480A0A2F45785522E814C634B6 ] PxHelp20 C:\Windows\system32\Drivers\PxHelp20.sys
22:22:07.0935 3484 PxHelp20 - ok
22:22:08.0029 3484 [ AB95ECF1F6659A60DDC166D8315B0751 ] ql2300 C:\Windows\system32\DRIVERS\ql2300.sys
22:22:08.0247 3484 ql2300 - ok
22:22:08.0278 3484 [ B4DD51DD25182244B86737DC51AF2270 ] ql40xx C:\Windows\system32\DRIVERS\ql40xx.sys
22:22:08.0356 3484 ql40xx - ok
22:22:08.0387 3484 [ 31AC809E7707EB580B2BDB760390765A ] QWAVE C:\Windows\system32\qwave.dll
22:22:08.0590 3484 QWAVE - ok
22:22:08.0637 3484 [ 584078CA1B95CA72DF2A27C336F9719D ] QWAVEdrv C:\Windows\system32\drivers\qwavedrv.sys
22:22:08.0746 3484 QWAVEdrv - ok
22:22:08.0761 3484 [ 30A81B53C766D0133BB86D234E5556AB ] RasAcd C:\Windows\system32\DRIVERS\rasacd.sys
22:22:08.0855 3484 RasAcd - ok
22:22:08.0886 3484 [ 57EC4AEF73660166074D8F7F31C0D4FD ] RasAgileVpn C:\Windows\system32\DRIVERS\AgileVpn.sys
22:22:08.0964 3484 RasAgileVpn - ok
22:22:08.0995 3484 [ A60F1839849C0C00739787FD5EC03F13 ] RasAuto C:\Windows\System32\rasauto.dll
22:22:09.0135 3484 RasAuto - ok
22:22:09.0151 3484 [ D9F91EAFEC2815365CBE6D167E4E332A ] Rasl2tp C:\Windows\system32\DRIVERS\rasl2tp.sys
22:22:09.0229 3484 Rasl2tp - ok
22:22:09.0276 3484 [ 0CE66EC736B7FC526D78F7624C7D2A94 ] RasMan C:\Windows\System32\rasmans.dll
22:22:09.0322 3484 RasMan - ok
22:22:09.0338 3484 [ 0FE8B15916307A6AC12BFB6A63E45507 ] RasPppoe C:\Windows\system32\DRIVERS\raspppoe.sys
22:22:09.0369 3484 RasPppoe - ok
22:22:09.0385 3484 [ 44101F495A83EA6401D886E7FD70096B ] RasSstp C:\Windows\system32\DRIVERS\rassstp.sys
22:22:09.0463 3484 RasSstp - ok
22:22:09.0478 3484 [ 835D7E81BF517A3B72384BDCC85E1CE6 ] rdbss C:\Windows\system32\DRIVERS\rdbss.sys
22:22:09.0541 3484 rdbss - ok
22:22:09.0572 3484 [ 0D8F05481CB76E70E1DA06EE9F0DA9DF ] rdpbus C:\Windows\system32\DRIVERS\rdpbus.sys
22:22:09.0681 3484 rdpbus - ok
22:22:09.0681 3484 [ 1E016846895B15A99F9A176A05029075 ] RDPCDD C:\Windows\system32\DRIVERS\RDPCDD.sys
22:22:09.0728 3484 RDPCDD - ok
22:22:09.0743 3484 [ C5FF95883FFEF704D50C40D21CFB3AB5 ] RDPDR C:\Windows\system32\drivers\rdpdr.sys
22:22:09.0868 3484 RDPDR - ok
22:22:09.0899 3484 [ 5A53CA1598DD4156D44196D200C94B8A ] RDPENCDD C:\Windows\system32\drivers\rdpencdd.sys
22:22:09.0993 3484 RDPENCDD - ok
22:22:10.0024 3484 [ 44B0A53CD4F27D50ED461DAE0C0B4E1F ] RDPREFMP C:\Windows\system32\drivers\rdprefmp.sys
22:22:10.0086 3484 RDPREFMP - ok
22:22:10.0180 3484 [ 0399C725A9C95A6F1862B93F008DDF4A ] RDPWD C:\Windows\system32\drivers\RDPWD.sys
22:22:10.0429 3484 RDPWD - ok
22:22:10.0444 3484 [ 4EA225BF1CF05E158853F30A99CA29A7 ] rdyboost C:\Windows\system32\drivers\rdyboost.sys
22:22:10.0585 3484 rdyboost - ok
22:22:10.0647 3484 [ 7B5E1419717FAC363A31CC302895217A ] RemoteAccess C:\Windows\System32\mprdim.dll
22:22:10.0787 3484 RemoteAccess - ok
22:22:10.0834 3484 [ CB9A8683F4EF2BF99E123D79950D7935 ] RemoteRegistry C:\Windows\system32\regsvc.dll
22:22:10.0928 3484 RemoteRegistry - ok
22:22:10.0974 3484 [ CB928D9E6DAF51879DD6BA8D02F01321 ] RFCOMM C:\Windows\system32\DRIVERS\rfcomm.sys
22:22:11.0130 3484 RFCOMM - ok
22:22:11.0146 3484 [ DF672613FBBCD58C38BB0BC2694BCFB0 ] rimmptsk C:\Windows\system32\DRIVERS\rimmptsk.sys
22:22:11.0271 3484 rimmptsk - ok
22:22:11.0286 3484 [ D7E09BC852684A7B1FC0F74FE090D45A ] rimsptsk C:\Windows\system32\DRIVERS\rimsptsk.sys
22:22:11.0426 3484 rimsptsk - ok
22:22:11.0489 3484 [ 616EAC1B0E48B236A5A9B8AE07FDB81C ] RimUsb C:\Windows\system32\Drivers\RimUsb.sys
22:22:11.0660 3484 RimUsb - ok
22:22:11.0723 3484 [ 2C4FB2E9F039287767C384E46EE91030 ] RimVSerPort C:\Windows\system32\DRIVERS\RimSerial.sys
22:22:11.0847 3484 RimVSerPort - ok
22:22:11.0863 3484 [ 470FC46E2989F6606043C1C5365B15FD ] rismc32 C:\Windows\system32\DRIVERS\rismc32.sys
22:22:11.0941 3484 rismc32 - ok
22:22:11.0972 3484 [ B0A7494A9BA7909EFAC64E05D3F160DB ] rismxdp C:\Windows\system32\DRIVERS\rixdptsk.sys
22:22:12.0097 3484 rismxdp - ok
22:22:12.0143 3484 [ 564297827D213F52C7A3A2FF749568CA ] ROOTMODEM C:\Windows\system32\Drivers\RootMdm.sys
22:22:12.0237 3484 ROOTMODEM - ok
22:22:12.0471 3484 [ 5C13017FC008F8492D03143634A479CE ] RoxMediaDB10 C:\Program Files\Common Files\Roxio Shared\10.0\SharedCOM\RoxMediaDB10.exe
22:22:12.0829 3484 RoxMediaDB10 - ok
22:22:12.0860 3484 [ 78D072F35BC45D9E4E1B61895C152234 ] RpcEptMapper C:\Windows\System32\RpcEpMap.dll
22:22:12.0923 3484 RpcEptMapper - ok
22:22:12.0969 3484 [ 94D36C0E44677DD26981D2BFEEF2A29D ] RpcLocator C:\Windows\system32\locator.exe
22:22:13.0078 3484 RpcLocator - ok
22:22:13.0094 3484 [ B82CD39E336973359D7C9BF911E8E84F ] RpcSs C:\Windows\system32\rpcss.dll
22:22:13.0156 3484 RpcSs - ok
22:22:13.0203 3484 [ 032B0D36AD92B582D869879F5AF5B928 ] rspndr C:\Windows\system32\DRIVERS\rspndr.sys
22:22:13.0343 3484 rspndr - ok
22:22:13.0375 3484 [ 5423D8437051E89DD34749F242C98648 ] s3cap C:\Windows\system32\DRIVERS\vms3cap.sys
22:22:13.0421 3484 s3cap - ok
22:22:13.0437 3484 [ C2243FF9E9AAD0C30E8B1A0914DA15B6 ] SamSs C:\Windows\system32\lsass.exe
22:22:13.0484 3484 SamSs - ok
22:22:13.0562 3484 [ 39763504067962108505BFF25F024345 ] SASDIFSV C:\Program Files\SUPERAntiSpyware\SASDIFSV.SYS
22:22:13.0717 3484 SASDIFSV - ok
22:22:13.0780 3484 [ 77B9FC20084B48408AD3E87570EB4A85 ] SASKUTIL C:\Program Files\SUPERAntiSpyware\SASKUTIL.SYS
22:22:13.0889 3484 SASKUTIL - ok
22:22:13.0920 3484 [ 34EE0C44B724E3E4CE2EFF29126DE5B5 ] sbp2port C:\Windows\system32\DRIVERS\sbp2port.sys
22:22:14.0060 3484 sbp2port - ok
22:22:14.0107 3484 [ 8FC518FFE9519C2631D37515A68009C4 ] SCardSvr C:\Windows\System32\SCardSvr.dll
22:22:14.0216 3484 SCardSvr - ok
22:22:14.0232 3484 [ A95C54B2AC3CC9C73FCDF9E51A1D6B51 ] scfilter C:\Windows\system32\DRIVERS\scfilter.sys
22:22:14.0372 3484 scfilter - ok
22:22:15.0603 3484 [ DF1E5C82E4D09CF8105CC644980C4803 ] Schedule C:\Windows\system32\schedsvc.dll
22:22:15.0775 3484 Schedule - ok
22:22:15.0806 3484 [ 628A9E30EC5E18DD5DE6BE4DBDC12198 ] SCPolicySvc C:\Windows\System32\certprop.dll
22:22:15.0853 3484 SCPolicySvc - ok
22:22:15.0931 3484 [ AA826E35F6D28A8E5D1EFEB337F24BA2 ] sdbus C:\Windows\system32\DRIVERS\sdbus.sys
22:22:16.0040 3484 sdbus - ok
22:22:16.0055 3484 [ 5FD90ABDBFAEE85986802622CBB03446 ] SDRSVC C:\Windows\System32\SDRSVC.dll
22:22:16.0227 3484 SDRSVC - ok
22:22:16.0258 3484 [ 90A3935D05B494A5A39D37E71F09A677 ] secdrv C:\Windows\system32\drivers\secdrv.sys
22:22:16.0351 3484 secdrv - ok
22:22:16.0367 3484 [ A59B3A4442C52060CC7A85293AA3546F ] seclogon C:\Windows\system32\seclogon.dll
22:22:16.0429 3484 seclogon - ok
22:22:16.0461 3484 [ DCB7FCDCC97F87360F75D77425B81737 ] SENS C:\Windows\system32\sens.dll
22:22:16.0538 3484 SENS - ok
22:22:16.0570 3484 [ 50087FE1EE447009C9CC2997B90DE53F ] SensrSvc C:\Windows\system32\sensrsvc.dll
22:22:16.0648 3484 SensrSvc - ok
22:22:16.0679 3484 [ 9AD8B8B515E3DF6ACD4212EF465DE2D1 ] Serenum C:\Windows\system32\DRIVERS\serenum.sys
22:22:16.0741 3484 Serenum - ok
22:22:16.0772 3484 [ 5FB7FCEA0490D821F26F39CC5EA3D1E2 ] Serial C:\Windows\system32\DRIVERS\serial.sys
22:22:16.0975 3484 Serial - ok
22:22:17.0006 3484 [ 79BFFB520327FF916A582DFEA17AA813 ] sermouse C:\Windows\system32\DRIVERS\sermouse.sys
22:22:17.0053 3484 sermouse - ok
22:22:17.0100 3484 [ 8F55CE568C543D5ADF45C409D16718FC ] SessionEnv C:\Windows\system32\sessenv.dll
22:22:17.0240 3484 SessionEnv - ok
22:22:17.0271 3484 [ 9F976E1EB233DF46FCE808D9DEA3EB9C ] sffdisk C:\Windows\system32\DRIVERS\sffdisk.sys
22:22:17.0365 3484 sffdisk - ok
22:22:17.0380 3484 [ 932A68EE27833CFD57C1639D375F2731 ] sffp_mmc C:\Windows\system32\DRIVERS\sffp_mmc.sys
22:22:17.0442 3484 sffp_mmc - ok
22:22:17.0458 3484 [ A0708BBD07D245C06FF9DE549CA47185 ] sffp_sd C:\Windows\system32\DRIVERS\sffp_sd.sys
22:22:17.0505 3484 sffp_sd - ok
22:22:17.0536 3484 [ DB96666CC8312EBC45032F30B007A547 ] sfloppy C:\Windows\system32\DRIVERS\sfloppy.sys
22:22:17.0598 3484 sfloppy - ok
22:22:17.0645 3484 [ D1A079A0DE2EA524513B6930C24527A2 ] SharedAccess C:\Windows\System32\ipnathlp.dll
22:22:17.0723 3484 SharedAccess - ok
22:22:17.0739 3484 [ CD2E48FA5B29EE2B3B5858056D246EF2 ] ShellHWDetection C:\Windows\System32\shsvcs.dll
22:22:17.0817 3484 ShellHWDetection - ok
22:22:17.0863 3484 [ 2565CAC0DC9FE0371BDCE60832582B2E ] sisagp C:\Windows\system32\DRIVERS\sisagp.sys
22:22:17.0957 3484 sisagp - ok
22:22:17.0988 3484 [ A9F0486851BECB6DDA1D89D381E71055 ] SiSRaid2 C:\Windows\system32\DRIVERS\SiSRaid2.sys
22:22:18.0019 3484 SiSRaid2 - ok
22:22:18.0066 3484 [ 3727097B55738E2F554972C3BE5BC1AA ] SiSRaid4 C:\Windows\system32\DRIVERS\sisraid4.sys
22:22:18.0113 3484 SiSRaid4 - ok
22:22:18.0175 3484 [ F07AF60B152221472FBDB2FECEC4896D ] SkypeUpdate C:\Program Files\Skype\Updater\Updater.exe
22:22:18.0346 3484 SkypeUpdate - ok
22:22:18.0378 3484 [ 3E21C083B8A01CB70BA1F09303010FCE ] Smb C:\Windows\system32\DRIVERS\smb.sys
22:22:18.0471 3484 Smb - ok
22:22:18.0471 3484 smstsmgr - ok
22:22:18.0502 3484 [ 6A984831644ECA1A33FFEAE4126F4F37 ] SNMPTRAP C:\Windows\System32\snmptrap.exe
22:22:18.0549 3484 SNMPTRAP - ok
22:22:18.0643 3484 [ 869D33035D5CA4B5BC58777B8FD1F47F ] SNP2UVC C:\Windows\system32\DRIVERS\snp2uvc.sys
22:22:18.0767 3484 SNP2UVC - ok
22:22:18.0798 3484 [ 95CF1AE7527FB70F7816563CBC09D942 ] spldr C:\Windows\system32\drivers\spldr.sys
22:22:18.0861 3484 spldr - ok
22:22:18.0892 3484 [ D1BB750EB51694DE183E08B9C33BE5B2 ] Spooler C:\Windows\System32\spoolsv.exe
22:22:18.0985 3484 Spooler - ok
22:22:19.0266 3484 [ 4C287F9069FEDBD791178876EE9DE536 ] sppsvc C:\Windows\system32\sppsvc.exe
22:22:19.0515 3484 sppsvc - ok
22:22:19.0547 3484 [ D8E3E19EEBDAB49DD4A8D3062EAD4EC7 ] sppuinotify C:\Windows\system32\sppuinotify.dll
22:22:19.0609 3484 sppuinotify - ok
22:22:19.0671 3484 [ C4A027B8C0BD3FC0699F41FA5E9E0C87 ] srv C:\Windows\system32\DRIVERS\srv.sys
22:22:19.0780 3484 srv - ok
22:22:19.0827 3484 [ 414BB592CAD8A79649D01F9D94318FB3 ] srv2 C:\Windows\system32\DRIVERS\srv2.sys
22:22:19.0905 3484 srv2 - ok
22:22:19.0921 3484 [ FF207D67700AA18242AAF985D3E7D8F4 ] srvnet C:\Windows\system32\DRIVERS\srvnet.sys
22:22:19.0999 3484 srvnet - ok
22:22:20.0014 3484 [ D887C9FD02AC9FA880F6E5027A43E118 ] SSDPSRV C:\Windows\System32\ssdpsrv.dll
22:22:20.0092 3484 SSDPSRV - ok
22:22:20.0108 3484 [ D318F23BE45D5E3A107469EB64815B50 ] SstpSvc C:\Windows\system32\sstpsvc.dll
22:22:20.0232 3484 SstpSvc - ok
22:22:20.0295 3484 [ DB32D325C192B801DF274BFD12A7E72B ] stexstor C:\Windows\system32\DRIVERS\stexstor.sys
22:22:20.0388 3484 stexstor - ok
22:22:20.0482 3484 [ A22825E7BB7018E8AF3E229A5AF17221 ] StiSvc C:\Windows\System32\wiaservc.dll
22:22:20.0544 3484 StiSvc - ok
22:22:20.0606 3484 [ 1D0063597C3666404FCF97698ABEB019 ] stllssvr C:\Program Files\Common Files\SureThing Shared\stllssvr.exe
22:22:20.0715 3484 stllssvr - ok
22:22:20.0747 3484 [ 957E346CA948668F2496A6CCF6FF82CC ] storflt C:\Windows\system32\DRIVERS\vmstorfl.sys
22:22:20.0825 3484 storflt - ok
22:22:20.0856 3484 [ 0BF669F0A910BEDA4A32258D363AF2A5 ] StorSvc C:\Windows\system32\storsvc.dll
22:22:20.0980 3484 StorSvc - ok
22:22:20.0996 3484 [ D5751969DC3E4B88BF482AC8EC9FE019 ] storvsc C:\Windows\system32\DRIVERS\storvsc.sys
22:22:21.0074 3484 storvsc - ok
22:22:21.0090 3484 [ E58C78A848ADD9610A4DB6D214AF5224 ] swenum C:\Windows\system32\DRIVERS\swenum.sys
22:22:21.0136 3484 swenum - ok
22:22:21.0152 3484 [ A28BD92DF340E57B024BA433165D34D7 ] swprv C:\Windows\System32\swprv.dll
22:22:21.0277 3484 swprv - ok
22:22:21.0479 3484 [ 0E8676FB3BB95AA40FDF7A4A31018C8B ] SynTP C:\Windows\system32\DRIVERS\SynTP.sys
22:22:21.0573 3484 SynTP - ok
22:22:21.0682 3484 [ 04105C8DA62353589C29BDAEB8D88BD8 ] SysMain C:\Windows\system32\sysmain.dll
22:22:21.0869 3484 SysMain - ok
22:22:21.0884 3484 [ FCFB6C552FBC0DA299799CBD50AD9FD4 ] TabletInputService C:\Windows\System32\TabSvc.dll
22:22:22.0009 3484 TabletInputService - ok
22:22:22.0025 3484 [ 2F46B0C70A4ADC8C90CF825DA3B4FEAF ] TapiSrv C:\Windows\System32\tapisrv.dll
22:22:22.0071 3484 TapiSrv - ok
22:22:22.0087 3484 [ B799D9FDB26111737F58288D8DC172D9 ] TBS C:\Windows\System32\tbssvc.dll
22:22:22.0196 3484 TBS - ok
22:22:22.0321 3484 [ 56C198AC82EFA622DD93E9E43575F79C ] Tcpip C:\Windows\system32\drivers\tcpip.sys
22:22:22.0570 3484 Tcpip - ok
22:22:22.0617 3484 [ 56C198AC82EFA622DD93E9E43575F79C ] TCPIP6 C:\Windows\system32\DRIVERS\tcpip.sys
22:22:22.0679 3484 TCPIP6 - ok
22:22:22.0726 3484 [ E64444523ADD154F86567C469BC0B17F ] tcpipreg C:\Windows\system32\drivers\tcpipreg.sys
22:22:22.0835 3484 tcpipreg - ok
22:22:22.0866 3484 [ 1875C1490D99E70E449E3AFAE9FCBADF ] TDPIPE C:\Windows\system32\drivers\tdpipe.sys
22:22:22.0944 3484 TDPIPE - ok
22:22:22.0991 3484 [ 7156308896D34EA75A582F9A09E50C17 ] TDTCP C:\Windows\system32\drivers\tdtcp.sys
22:22:23.0100 3484 TDTCP - ok
22:22:23.0131 3484 [ CB39E896A2A83702D1737BFD402B3542 ] tdx C:\Windows\system32\DRIVERS\tdx.sys
22:22:23.0256 3484 tdx - ok
22:22:23.0318 3484 [ C36F41EE20E6999DBF4B0425963268A5 ] TermDD C:\Windows\system32\DRIVERS\termdd.sys
22:22:23.0365 3484 TermDD - ok
22:22:23.0474 3484 [ A01E50A04D7B1960B33E92B9080E6A94 ] TermService C:\Windows\System32\termsrv.dll
22:22:23.0677 3484 TermService - ok
22:22:23.0692 3484 [ 42FB6AFD6B79D9FE07381609172E7CA4 ] Themes C:\Windows\system32\themeservice.dll
22:22:23.0739 3484 Themes - ok
22:22:23.0770 3484 [ 146B6F43A673379A3C670E86D89BE5EA ] THREADORDER C:\Windows\system32\mmcss.dll
22:22:23.0801 3484 THREADORDER - ok
22:22:23.0833 3484 [ 5AD05191DC8B444A7BA4D79B76C42A30 ] TPM C:\Windows\system32\drivers\tpm.sys
22:22:23.0942 3484 TPM - ok
22:22:23.0957 3484 [ 4792C0378DB99A9BC2AE2DE6CFFF0C3A ] TrkWks C:\Windows\System32\trkwks.dll
22:22:24.0020 3484 TrkWks - ok
22:22:24.0066 3484 [ 41A4C781D2286208D397D72099304133 ] TrustedInstaller C:\Windows\servicing\TrustedInstaller.exe
22:22:24.0160 3484 TrustedInstaller - ok
22:22:24.0175 3484 [ 98AE6FA07D12CB4EC5CF4A9BFA5F4242 ] tssecsrv C:\Windows\system32\DRIVERS\tssecsrv.sys
22:22:24.0222 3484 tssecsrv - ok
22:22:24.0269 3484 [ 3E461D890A97F9D4C168F5FDA36E1D00 ] tunnel C:\Windows\system32\DRIVERS\tunnel.sys
22:22:24.0300 3484 tunnel - ok
22:22:24.0347 3484 [ 750FBCB269F4D7DD2E420C56B795DB6D ] uagp35 C:\Windows\system32\DRIVERS\uagp35.sys
22:22:24.0456 3484 uagp35 - ok
22:22:24.0472 3484 [ 2EFEE45A340E1590E37C2F2BAC16D051 ] udfs C:\Windows\system32\DRIVERS\udfs.sys
22:22:24.0565 3484 udfs - ok
22:22:24.0596 3484 [ 8344FD4FCE927880AA1AA7681D4927E5 ] UI0Detect C:\Windows\system32\UI0Detect.exe
22:22:24.0674 3484 UI0Detect - ok
22:22:24.0690 3484 [ 44E8048ACE47BEFBFDC2E9BE4CBC8880 ] uliagpkx C:\Windows\system32\DRIVERS\uliagpkx.sys
22:22:24.0783 3484 uliagpkx - ok
22:22:24.0815 3484 [ 049B3A50B3D646BAEEEE9EEC9B0668DC ] umbus C:\Windows\system32\DRIVERS\umbus.sys
22:22:24.0877 3484 umbus - ok
22:22:24.0892 3484 [ 7550AD0C6998BA1CB4843E920EE0FEAC ] UmPass C:\Windows\system32\DRIVERS\umpass.sys
22:22:24.0924 3484 UmPass - ok
22:22:24.0986 3484 [ 8ECACA5454844F66386F7BE4AE0D7CD1 ] UmRdpService C:\Windows\System32\umrdp.dll
22:22:25.0111 3484 UmRdpService - ok
22:22:25.0189 3484 [ 67A95B9D129ED5399E7965CD09CF30E7 ] UMVPFSrv C:\Program Files\Common Files\logishrd\LVMVFM\UMVPFSrv.exe
22:22:25.0329 3484 UMVPFSrv - ok
22:22:25.0344 3484 [ 833FBB672460EFCE8011D262175FAD33 ] upnphost C:\Windows\System32\upnphost.dll
22:22:25.0407 3484 upnphost - ok
22:22:25.0454 3484 [ 8BF5D980CDCE35FB26F05047144BB57E ] USBAAPL C:\Windows\system32\Drivers\usbaapl.sys
22:22:25.0578 3484 USBAAPL - ok
22:22:25.0609 3484 [ 2436A42AAB4AD48A9B714E5B0F344627 ] usbaudio C:\Windows\system32\drivers\usbaudio.sys
22:22:25.0750 3484 usbaudio - ok
22:22:25.0765 3484 [ 8455C4ED038EFD09E99327F9D2D48FFA ] usbccgp C:\Windows\system32\DRIVERS\usbccgp.sys
22:22:25.0828 3484 usbccgp - ok
22:22:25.0859 3484 [ 04EC7CEC62EC3B6D9354EEE93327FC82 ] usbcir C:\Windows\system32\DRIVERS\usbcir.sys
22:22:25.0952 3484 usbcir - ok
22:22:25.0999 3484 [ 5B71019A6ACA0116FD21B368F19C0B91 ] usbehci C:\Windows\system32\DRIVERS\usbehci.sys
22:22:26.0093 3484 usbehci - ok
22:22:26.0155 3484 [ 5823D3965C2A4F6F785ED1A3B403F3B8 ] usbhub C:\Windows\system32\DRIVERS\usbhub.sys
22:22:26.0248 3484 usbhub - ok
22:22:26.0280 3484 [ A6FB7957EA7AFB1165991E54CE934B74 ] usbohci C:\Windows\system32\drivers\usbohci.sys
22:22:26.0342 3484 usbohci - ok
22:22:26.0373 3484 [ 797D862FE0875E75C7CC4C1AD7B30252 ] usbprint C:\Windows\system32\DRIVERS\usbprint.sys
22:22:26.0498 3484 usbprint - ok
22:22:26.0529 3484 [ 576096CCBC07E7C4EA4F5E6686D6888F ] usbscan C:\Windows\system32\DRIVERS\usbscan.sys
22:22:26.0622 3484 usbscan - ok
22:22:26.0700 3484 [ 1C4287739A93594E57E2A9E6A3ED7353 ] USBSTOR C:\Windows\system32\DRIVERS\USBSTOR.SYS
22:22:26.0841 3484 USBSTOR - ok
22:22:26.0903 3484 [ 6A30928A469CE802600E1EA8C0F2F53F ] usbuhci C:\Windows\system32\DRIVERS\usbuhci.sys
22:22:27.0012 3484 usbuhci - ok
22:22:27.0028 3484 [ 081E6E1C91AEC36758902A9F727CD23C ] UxSms C:\Windows\System32\uxsms.dll
22:22:27.0074 3484 UxSms - ok
22:22:27.0090 3484 [ C2243FF9E9AAD0C30E8B1A0914DA15B6 ] VaultSvc C:\Windows\system32\lsass.exe
22:22:27.0106 3484 VaultSvc - ok
22:22:27.0152 3484 [ A059C4C3EDB09E07D21A8E5C0AABD3CB ] vdrvroot C:\Windows\system32\DRIVERS\vdrvroot.sys
22:22:27.0230 3484 vdrvroot - ok
22:22:27.0246 3484 [ 8C4E7C49D3641BC9E299E466A7F8867D ] vds C:\Windows\System32\vds.exe
22:22:27.0355 3484 vds - ok
22:22:27.0402 3484 [ 4BC73ECC0C0EF65122E798D68F2E8FA6 ] vfsFPService C:\Windows\system32\vfsFPService.exe
22:22:34.0729 3484 vfsFPService - ok
22:22:34.0776 3484 [ 17C408214EA61696CEC9C66E388B14F3 ] vga C:\Windows\system32\DRIVERS\vgapnp.sys
22:22:34.0854 3484 vga - ok
22:22:34.0869 3484 [ 8E38096AD5C8570A6F1570A61E251561 ] VgaSave C:\Windows\System32\drivers\vga.sys
22:22:34.0947 3484 VgaSave - ok
22:22:34.0963 3484 [ 3BE6E1F3A4F1AFEC8CEE0D7883F93583 ] vhdmp C:\Windows\system32\DRIVERS\vhdmp.sys
22:22:35.0025 3484 vhdmp - ok
22:22:35.0041 3484 [ C829317A37B4BEA8F39735D4B076E923 ] viaagp C:\Windows\system32\DRIVERS\viaagp.sys
22:22:35.0119 3484 viaagp - ok
22:22:35.0150 3484 [ E02F079A6AA107F06B16549C6E5C7B74 ] ViaC7 C:\Windows\system32\DRIVERS\viac7.sys
22:22:35.0197 3484 ViaC7 - ok
22:22:35.0212 3484 [ E43574F6A56A0EE11809B48C09E4FD3C ] viaide C:\Windows\system32\DRIVERS\viaide.sys
22:22:35.0243 3484 viaide - ok
22:22:35.0243 3484 [ 379B349F65F453D2A6E75EA6B7448E49 ] vmbus C:\Windows\system32\DRIVERS\vmbus.sys
22:22:35.0337 3484 vmbus - ok
22:22:35.0368 3484 [ EC2BBAB4B84D0738C6C83D2234DC36FE ] VMBusHID C:\Windows\system32\DRIVERS\VMBusHID.sys
22:22:35.0415 3484 VMBusHID - ok
22:22:35.0462 3484 [ 384E5A2AA49934295171E499F86BA6F3 ] volmgr C:\Windows\system32\DRIVERS\volmgr.sys
22:22:35.0586 3484 volmgr - ok
22:22:35.0617 3484 [ B5BB72067DDDDBBFB04B2F89FF8C3C87 ] volmgrx C:\Windows\system32\drivers\volmgrx.sys
22:22:35.0680 3484 volmgrx - ok
22:22:35.0695 3484 [ 58DF9D2481A56EDDE167E51B334D44FD ] volsnap C:\Windows\system32\DRIVERS\volsnap.sys
22:22:35.0820 3484 volsnap - ok
22:22:35.0867 3484 [ 9DFA0CC2F8855A04816729651175B631 ] vsmraid C:\Windows\system32\DRIVERS\vsmraid.sys
22:22:35.0976 3484 vsmraid - ok
22:22:36.0101 3484 [ 7EA2BCD94D9CFAF4C556F5CC94532A6C ] VSS C:\Windows\system32\vssvc.exe
22:22:36.0303 3484 VSS - ok
22:22:36.0319 3484 [ 90567B1E658001E79D7C8BBD3DDE5AA6 ] vwifibus C:\Windows\system32\DRIVERS\vwifibus.sys
22:22:36.0366 3484 vwifibus - ok
22:22:36.0381 3484 [ 7090D3436EEB4E7DA3373090A23448F7 ] vwififlt C:\Windows\system32\DRIVERS\vwififlt.sys
22:22:36.0443 3484 vwififlt - ok
22:22:36.0459 3484 [ A3F04CBEA6C2A10E6CB01F8B47611882 ] vwifimp C:\Windows\system32\DRIVERS\vwifimp.sys
22:22:36.0506 3484 vwifimp - ok
22:22:36.0553 3484 [ 55187FD710E27D5095D10A472C8BAF1C ] W32Time C:\Windows\system32\w32time.dll
22:22:36.0615 3484 W32Time - ok
22:22:36.0630 3484 [ DE3721E89C653AA281428C8A69745D90 ] WacomPen C:\Windows\system32\DRIVERS\wacompen.sys
22:22:36.0740 3484 WacomPen - ok
22:22:36.0771 3484 [ 692A712062146E96D28BA0B7D75DE31B ] WANARP C:\Windows\system32\DRIVERS\wanarp.sys
22:22:36.0864 3484 WANARP - ok
22:22:36.0880 3484 [ 692A712062146E96D28BA0B7D75DE31B ] Wanarpv6 C:\Windows\system32\DRIVERS\wanarp.sys
22:22:36.0911 3484 Wanarpv6 - ok
22:22:37.0114 3484 [ 353A04C273EC58475D8633E75CCD5604 ] WatAdminSvc C:\Windows\system32\Wat\WatAdminSvc.exe
22:22:37.0815 3484 WatAdminSvc - ok
22:22:37.0846 3484 [ 7790B77FE1E5EE47DCC66247095BB4C9 ] wbengine C:\Windows\system32\wbengine.exe
22:22:38.0142 3484 wbengine - ok
22:22:38.0158 3484 [ 9614B5D29DC76AC3C29F6D2D3AA70E67 ] WbioSrvc C:\Windows\System32\wbiosrvc.dll
22:22:38.0267 3484 WbioSrvc - ok
22:22:38.0298 3484 [ 6D9B75275C3E3A5F51AEF81AFFADB2B6 ] wcncsvc C:\Windows\System32\wcncsvc.dll
22:22:38.0470 3484 wcncsvc - ok
22:22:38.0501 3484 [ 5D930B6357A6D2AF4D7653BDABBF352F ] WcsPlugInService C:\Windows\System32\WcsPlugInService.dll
22:22:38.0579 3484 WcsPlugInService - ok
22:22:38.0610 3484 [ 1112A9BADACB47B7C0BB0392E3158DFF ] Wd C:\Windows\system32\DRIVERS\wd.sys
22:22:38.0657 3484 Wd - ok
22:22:38.0703 3484 [ A1A36682DF22777834E1C37F3C79AEC2 ] WDBtnMgrSvc.exe C:\Program Files\Western Digital\WD Drive Manager\WDBtnMgrSvc.exe
22:22:38.0750 3484 WDBtnMgrSvc.exe ( UnsignedFile.Multi.Generic ) - warning
22:22:38.0750 3484 WDBtnMgrSvc.exe - detected UnsignedFile.Multi.Generic (1)
22:22:38.0766 3484 [ D6EFAF429FD30C5DF613D220E344CCE7 ] WDC_SAM C:\Windows\system32\DRIVERS\wdcsam.sys
22:22:38.0859 3484 WDC_SAM - ok
22:22:38.0906 3484 [ 9950E3D0F08141C7E89E64456AE7DC73 ] Wdf01000 C:\Windows\system32\drivers\Wdf01000.sys
22:22:39.0015 3484 Wdf01000 - ok
22:22:39.0031 3484 [ 46EF9DC96265FD0B423DB72E7C38C2A5 ] WdiServiceHost C:\Windows\system32\wdi.dll
22:22:39.0077 3484 WdiServiceHost - ok
22:22:39.0093 3484 [ 46EF9DC96265FD0B423DB72E7C38C2A5 ] WdiSystemHost C:\Windows\system32\wdi.dll
22:22:39.0124 3484 WdiSystemHost - ok
22:22:39.0202 3484 [ BB5EC38F8D4600119B4720BC5D4211F1 ] WebClient C:\Windows\System32\webclnt.dll
22:22:39.0374 3484 WebClient - ok
22:22:39.0389 3484 [ 760F0AFE937A77CFF27153206534F275 ] Wecsvc C:\Windows\system32\wecsvc.dll
22:22:39.0467 3484 Wecsvc - ok
22:22:39.0483 3484 [ AC804569BB2364FB6017370258A4091B ] wercplsupport C:\Windows\System32\wercplsupport.dll
22:22:39.0514 3484 wercplsupport - ok
22:22:39.0545 3484 [ 08E420D873E4FD85241EE2421B02C4A4 ] WerSvc C:\Windows\System32\WerSvc.dll
22:22:39.0576 3484 WerSvc - ok
22:22:39.0592 3484 [ 8B9A943F3B53861F2BFAF6C186168F79 ] WfpLwf C:\Windows\system32\DRIVERS\wfplwf.sys
22:22:39.0623 3484 WfpLwf - ok
22:22:39.0654 3484 [ 5CF95B35E59E2A38023836FFF31BE64C ] WIMMount C:\Windows\system32\drivers\wimmount.sys
22:22:39.0763 3484 WIMMount - ok
22:22:39.0981 3484 [ 3FAE8F94296001C32EAB62CD7D82E0FD ] WinDefend C:\Program Files\Windows Defender\mpsvc.dll
22:22:40.0106 3484 WinDefend - ok
22:22:40.0106 3484 WinHttpAutoProxySvc - ok
22:22:40.0262 3484 [ F62E510B6AD4C21EB9FE8668ED251826 ] Winmgmt C:\Windows\system32\wbem\WMIsvc.dll
22:22:40.0324 3484 Winmgmt - ok
22:22:40.0480 3484 [ C4F5D3901D1B41D602DDC196E0B95B51 ] WinRM C:\Windows\system32\WsmSvc.dll
22:22:40.0667 3484 WinRM - ok
22:22:40.0698 3484 [ 30FC6E5448D0CBAAA95280EEEF7FEDAE ] WinUsb C:\Windows\system32\DRIVERS\WinUsb.sys
22:22:40.0792 3484 WinUsb - ok
22:22:40.0870 3484 [ 16935C98FF639D185086A3529B1F2067 ] Wlansvc C:\Windows\System32\wlansvc.dll
22:22:41.0057 3484 Wlansvc - ok
22:22:41.0088 3484 [ 0217679B8FCA58714C3BF2726D2CA84E ] WmiAcpi C:\Windows\system32\DRIVERS\wmiacpi.sys
22:22:41.0166 3484 WmiAcpi - ok
22:22:41.0197 3484 [ 6EB6B66517B048D87DC1856DDF1F4C3F ] wmiApSrv C:\Windows\system32\wbem\WmiApSrv.exe
22:22:41.0275 3484 wmiApSrv - ok
22:22:41.0400 3484 [ 77FBD400984CF72BA0FC4B3489D65F74 ] WMPNetworkSvc C:\Program Files\Windows Media Player\wmpnetwk.exe
22:22:41.0665 3484 WMPNetworkSvc - ok
22:22:41.0696 3484 [ A2F0EC770A92F2B3F9DE6D518E11409C ] WPCSvc C:\Windows\System32\wpcsvc.dll
22:22:41.0727 3484 WPCSvc - ok
22:22:41.0743 3484 [ B7F658A2EBC07129538AD9AB35212637 ] WPDBusEnum C:\Windows\system32\wpdbusenum.dll
22:22:41.0774 3484 WPDBusEnum - ok
22:22:41.0805 3484 [ 6DB3276587B853BF886B69528FDB048C ] ws2ifsl C:\Windows\system32\drivers\ws2ifsl.sys
22:22:41.0883 3484 ws2ifsl - ok
22:22:41.0945 3484 [ A661A76333057B383A06E65F0073222F ] wscsvc C:\Windows\system32\wscsvc.dll
22:22:42.0054 3484 wscsvc - ok
22:22:42.0054 3484 WSearch - ok
22:22:42.0257 3484 [ 6298277B73C77FA99106B271A7525163 ] wuauserv C:\Windows\system32\wuaueng.dll
22:22:42.0413 3484 wuauserv - ok
22:22:42.0428 3484 [ 6F9B6C0C93232CFF47D0F72D6DB1D21E ] WudfPf C:\Windows\system32\drivers\WudfPf.sys
22:22:42.0491 3484 WudfPf - ok
22:22:42.0537 3484 [ F91FF1E51FCA30B3C3981DB7D5924252 ] WUDFRd C:\Windows\system32\DRIVERS\WUDFRd.sys
22:22:42.0631 3484 WUDFRd - ok
22:22:42.0693 3484 [ DDEE3682FE97037C45F4D7AB467CB8B6 ] wudfsvc C:\Windows\System32\WUDFSvc.dll
22:22:42.0771 3484 wudfsvc - ok
22:22:42.0802 3484 [ FF2D745B560F7C71B31F30F4D49F73D2 ] WwanSvc C:\Windows\System32\wwansvc.dll
22:22:42.0865 3484 WwanSvc - ok
22:22:42.0896 3484 ================ Scan global ===============================
22:22:42.0912 3484 [ 9A595DF601070DA78C40481120DD2C06 ] C:\Windows\system32\basesrv.dll
22:22:42.0974 3484 [ 008F51AE989C3DF1CBAF8B39DC423CCC ] C:\Windows\system32\winsrv.dll
22:22:43.0021 3484 [ 008F51AE989C3DF1CBAF8B39DC423CCC ] C:\Windows\system32\winsrv.dll
22:22:43.0036 3484 [ 364455805E64882844EE9ACB72522830 ] C:\Windows\system32\sxssrv.dll
22:22:43.0083 3484 [ 5F1B6A9C35D3D5CA72D6D6FDEF9747D6 ] C:\Windows\system32\services.exe
22:22:43.0083 3484 [Global] - ok
22:22:43.0083 3484 ================ Scan MBR ==================================
22:22:43.0099 3484 [ A36C5E4F47E84449FF07ED3517B43A31 ] \Device\Harddisk0\DR0
22:22:44.0610 3484 \Device\Harddisk0\DR0 - ok
22:22:44.0626 3484 ================ Scan VBR ==================================
22:22:44.0657 3484 [ 457229BC9C4F1CD0B396D217C6C73BB9 ] \Device\Harddisk0\DR0\Partition1
22:22:44.0657 3484 \Device\Harddisk0\DR0\Partition1 - ok
22:22:44.0688 3484 [ 5D93BDE07FC1B6AD786A097B5090B265 ] \Device\Harddisk0\DR0\Partition2
22:22:44.0704 3484 \Device\Harddisk0\DR0\Partition2 - ok
22:22:44.0719 3484 [ 482D7EE68567105B9EBBF0E53A8BC8C4 ] \Device\Harddisk0\DR0\Partition3
22:22:44.0719 3484 \Device\Harddisk0\DR0\Partition3 - ok
22:22:44.0719 3484 ================ Scan active images ========================
22:22:44.0719 3484 ============================================================
22:22:44.0719 3484 Scan finished
22:22:44.0719 3484 ============================================================
22:22:44.0751 4744 Detected object count: 7
22:22:44.0751 4744 Actual detected object count: 7
22:23:12.0058 4744 ADVService ( UnsignedFile.Multi.Generic ) - skipped by user
22:23:12.0058 4744 ADVService ( UnsignedFile.Multi.Generic ) - User select action: Skip
22:23:12.0058 4744 DpHost ( UnsignedFile.Multi.Generic ) - skipped by user
22:23:12.0058 4744 DpHost ( UnsignedFile.Multi.Generic ) - User select action: Skip
22:23:12.0058 4744 MOM ( UnsignedFile.Multi.Generic ) - skipped by user
22:23:12.0058 4744 MOM ( UnsignedFile.Multi.Generic ) - User select action: Skip
22:23:12.0058 4744 Net Driver HPZ12 ( UnsignedFile.Multi.Generic ) - skipped by user
22:23:12.0058 4744 Net Driver HPZ12 ( UnsignedFile.Multi.Generic ) - User select action: Skip
22:23:12.0073 4744 Pharos Systems ComTaskMaster ( UnsignedFile.Multi.Generic ) - skipped by user
22:23:12.0073 4744 Pharos Systems ComTaskMaster ( UnsignedFile.Multi.Generic ) - User select action: Skip
22:23:12.0073 4744 Pml Driver HPZ12 ( UnsignedFile.Multi.Generic ) - skipped by user
22:23:12.0073 4744 Pml Driver HPZ12 ( UnsignedFile.Multi.Generic ) - User select action: Skip
22:23:12.0073 4744 WDBtnMgrSvc.exe ( UnsignedFile.Multi.Generic ) - skipped by user
22:23:12.0073 4744 WDBtnMgrSvc.exe ( UnsignedFile.Multi.Generic ) - User select action: Skip
22:23:28.0018 1316 Deinitialize success
  • 0

#5
Wilbur13
Posted 21 February 2013 - 09:55 PM

Wilbur13

    Member

  • Topic Starter
  • Member
  • PipPip
  • 16 posts
ComboFix 13-02-21.02 - Matthew 02/21/2013 22:34:50.4.2 - x86
Microsoft Windows 7 Enterprise 6.1.7600.0.1252.1.1033.18.3036.1473 [GMT -5:00]
Running from: c:\users\QUARTE_MATT\Desktop\ComboFix.exe
AV: Microsoft Forefront Client Security *Enabled/Updated* {108DAC43-C256-20B7-BB05-914135DA5160}
SP: Microsoft Forefront Client Security *Enabled/Updated* {ABEC4DA7-E46C-2F39-81B5-AA334E5D1BDD}
SP: Windows Defender *Enabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
((((((((((((((((((((((((( Files Created from 2013-01-22 to 2013-02-22 )))))))))))))))))))))))))))))))
.
.
2013-02-22 03:43 . 2013-02-22 03:43 -------- d-----w- c:\users\Public\AppData\Local\temp
2013-02-22 03:43 . 2013-02-22 03:43 -------- d-----w- c:\users\ithomas\AppData\Local\temp
2013-02-22 03:43 . 2013-02-22 03:43 -------- d-----w- c:\users\Default\AppData\Local\temp
2013-02-22 03:43 . 2013-02-22 03:43 -------- d-----w- c:\users\sysadmin\AppData\Local\temp
2013-02-22 03:43 . 2013-02-22 03:43 -------- d-----w- c:\users\JIMENEZ_ANDR\AppData\Local\temp
2013-02-22 03:43 . 2013-02-22 03:43 -------- d-----w- c:\users\jenko_juli\AppData\Local\temp
2013-02-22 03:20 . 2013-02-22 03:20 60872 ----a-w- c:\programdata\Microsoft\Microsoft Forefront\Client Security\Client\Antimalware\Definition Updates\{C47B1C1C-A29B-4388-89D6-9C9C610BBB9E}\offreg.dll
2013-02-22 03:07 . 2013-02-22 03:07 -------- d-----w- C:\_OTL
2013-02-21 03:51 . 2013-02-21 03:51 -------- d-----w- C:\_OTM
2013-02-21 03:26 . 2013-02-21 03:26 26872 ----a-w- c:\windows\system32\drivers\FixTDSS.sys
2013-02-21 03:26 . 2013-02-21 03:26 -------- d-----w- c:\users\Matthew\AppData\Roaming\FixTDSS
2013-02-21 03:10 . 2013-02-21 03:10 -------- d-----w- c:\users\Matthew\AppData\Local\Macromedia
2013-02-18 02:08 . 2013-02-18 02:08 -------- d-----w- c:\users\QUARTE_MATT\AppData\Local\CrashDumps
2013-02-18 01:53 . 2013-02-18 02:16 -------- d-----w- c:\users\Matthew\AppData\Local\NPE
2013-02-18 01:53 . 2013-02-18 01:54 -------- d-----w- c:\programdata\Norton
2013-02-18 01:13 . 2013-02-22 03:41 -------- d-----w- c:\users\Matthew\AppData\Local\temp
2013-02-17 22:13 . 2013-01-08 04:57 6991832 ----a-w- c:\programdata\Microsoft\Microsoft Forefront\Client Security\Client\Antimalware\Definition Updates\{C47B1C1C-A29B-4388-89D6-9C9C610BBB9E}\mpengine.dll
2013-02-17 16:35 . 2013-02-17 16:35 -------- d-----w- c:\program files\SUPERAntiSpyware
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2013-02-08 06:41 . 2012-04-11 16:29 697712 ----a-w- c:\windows\system32\FlashPlayerApp.exe
2013-02-08 06:41 . 2011-05-27 15:22 74096 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2013-01-30 10:53 . 2010-07-21 20:40 232336 ------w- c:\windows\system32\MpSigStub.exe
2013-01-08 04:57 . 2010-08-05 20:00 6991832 ----a-w- c:\programdata\Microsoft\Microsoft Forefront\Client Security\Client\Antimalware\Definition Updates\Backup\mpengine.dll
2012-03-13 04:39 . 2011-12-05 02:49 97208 ----a-w- c:\program files\mozilla firefox\components\browsercomps.dll
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\GDriveBlacklistedOverlay]
@="{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D42}"
[HKEY_CLASSES_ROOT\CLSID\{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D42}]
2012-12-18 00:50 556648 ----a-w- c:\program files\Google\Drive\googledrivesync32.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\GDriveSharedOverlay]
@="{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D43}"
[HKEY_CLASSES_ROOT\CLSID\{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D43}]
2012-12-18 00:50 556648 ----a-w- c:\program files\Google\Drive\googledrivesync32.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\GDriveSyncedOverlay]
@="{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D40}"
[HKEY_CLASSES_ROOT\CLSID\{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D40}]
2012-12-18 00:50 556648 ----a-w- c:\program files\Google\Drive\googledrivesync32.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\GDriveSyncingOverlay]
@="{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D41}"
[HKEY_CLASSES_ROOT\CLSID\{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D41}]
2012-12-18 00:50 556648 ----a-w- c:\program files\Google\Drive\googledrivesync32.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2010-06-04 1791272]
"QlbCtrl.exe"="c:\program files\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe" [2010-02-25 287800]
"WirelessAssistant"="c:\program files\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe" [2009-07-23 498744]
"TkBellExe"="c:\program files\Common Files\Real\Update_OB\realsched.exe" [2010-07-22 202256]
"DpAgent"="c:\program files\DigitalPersona\Bin\dpagent.exe" [2009-10-23 842816]
"SoundMAXPnP"="c:\program files\Analog Devices\Core\smax4pnp.exe" [2009-05-18 1314816]
"WD Drive Manager"="c:\program files\Western Digital\WD Drive Manager\WDBtnMgrUI.exe" [2008-07-24 450560]
"WD Anywhere Backup"="c:\program files\WD\WD Anywhere Backup\MemeoLauncher2.exe" [2008-11-07 197856]
"ArcSoft Connection Service"="c:\program files\Common Files\ArcSoft\Connection Service\Bin\ACDaemon.exe" [2010-10-28 207424]
"EEventManager"="c:\progra~1\EPSONS~1\EVENTM~1\EEventManager.exe" [2009-04-07 673616]
"Microsoft Forefront Client Security Antimalware Service"="c:\program files\Microsoft Forefront\Client Security\Client\Antimalware\MSASCui.exe" [2011-02-02 1033600]
"APSDaemon"="c:\program files\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2012-11-28 59280]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2011-05-04 252136]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2012-12-03 946352]
"RIMBBLaunchAgent.exe"="c:\program files\Common Files\Research In Motion\USB Drivers\RIMBBLaunchAgent.exe" [2011-02-18 79192]
"Malwarebytes' Anti-Malware"="c:\program files\Malwarebytes' Anti-Malware\mbamgui.exe" [2012-04-04 462408]
"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2012-10-25 421888]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2012-12-12 152544]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce]
"FixTDSS"="start" [X]
"29679825-F2DD-4206-BF65-5F561CF9DCD4"="start" [X]
"OTL"="c:\users\QUARTE_MATT\Desktop\OTL.exe" [2013-02-21 602112]
.
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"Communicator"="c:\program files\Microsoft Office Communicator\Communicator.exe" [2005-05-12 4167376]
.
c:\users\QUARTE_MATT\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
OneNote 2007 Screen Clipper and Launcher.lnk - c:\program files\Microsoft Office\Office12\ONENOTEM.EXE [2009-2-26 97680]
.
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
Adobe Gamma Loader.lnk - c:\program files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe [2010-8-11 113664]
Amazon Unbox.lnk - c:\program files\Amazon\Amazon Unbox Video\ADVWindowsClientSystemTray.exe [2010-9-13 97384]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"disablecad"= 1 (0x1)
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\group policy\state\S-1-5-21-1229846427-2226813820-890958922-28202\Scripts\Logon\0\0]
"Script"=\\blue.ad.bentley.edu\sysvol\blue.ad.bentley.edu\scripts\StudentLogin.vbs
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\group policy\state\S-1-5-21-1229846427-2226813820-890958922-28202\Scripts\Logon\1\0]
"Script"=\\blue.ad.bentley.edu\SysVol\blue.ad.bentley.edu\scripts\SMS.vbs
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\group policy\state\S-1-5-21-1229846427-2226813820-890958922-28266\Scripts\Logon\0\0]
"Script"=\\blue.ad.bentley.edu\sysvol\blue.ad.bentley.edu\scripts\StudentLogin.vbs
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\group policy\state\S-1-5-21-1229846427-2226813820-890958922-42593\Scripts\Logon\0\0]
"Script"=\\blue.ad.bentley.edu\sysvol\blue.ad.bentley.edu\scripts\StudentLogin.vbs
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\!SASCORE]
@=""
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\FCSAM]
@="Service"
.
R2 SkypeUpdate;Skype Updater;c:\program files\Skype\Updater\Updater.exe [x]
R3 RoxMediaDB10;RoxMediaDB10;c:\program files\Common Files\Roxio Shared\10.0\SharedCOM\RoxMediaDB10.exe [x]
R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe [x]
R3 WDC_SAM;WD SCSI Pass Thru driver;c:\windows\system32\DRIVERS\wdcsam.sys [x]
S0 FixTDSS;TDSS Fixtool driver;c:\windows\system32\drivers\FixTDSS.sys [x]
S1 SASDIFSV;SASDIFSV;c:\program files\SUPERAntiSpyware\SASDIFSV.SYS [x]
S1 SASKUTIL;SASKUTIL;c:\program files\SUPERAntiSpyware\SASKUTIL.SYS [x]
S2 !SASCORE;SAS Core Service;c:\program files\SUPERAntiSpyware\SASCORE.EXE [x]
S2 AMD External Events Utility;AMD External Events Utility;c:\windows\system32\atiesrxx.exe [x]
S2 ATService;AuthenTec Fingerprint Service;c:\program files\Fingerprint Sensor\AtService.exe [x]
S2 FCSAM;Microsoft Forefront Client Security Antimalware Service;c:\program files\Microsoft Forefront\Client Security\Client\Antimalware\MsMpEng.exe [x]
S2 FcsSas;Microsoft Forefront Client Security State Assessment Service;c:\program files\Microsoft Forefront\Client Security\Client\SSA\FcsSas.exe [x]
S2 hpsrv;HP Service;c:\windows\system32\Hpservice.exe [x]
S2 MBAMService;MBAMService;c:\program files\Malwarebytes' Anti-Malware\mbamservice.exe [x]
S2 MemeoBackgroundService;MemeoBackgroundService;c:\program files\WD\WD Anywhere Backup\MemeoBackgroundService.exe [x]
S2 MOM;MOM;c:\program files\Microsoft Forefront\Client Security\Client\Microsoft Operations Manager 2005\MOMService.exe [x]
S2 NitroReaderDriverReadSpool;NitroPDFReaderDriverCreatorReadSpool;c:\program files\Nitro PDF\Reader\NitroPDFReaderDriverService.exe [x]
S2 UMVPFSrv;UMVPFSrv;c:\program files\Common Files\logishrd\LVMVFM\UMVPFSrv.exe [x]
S2 vfsFPService;Validity Fingerprint Service;c:\windows\system32\vfsFPService.exe [x]
S2 WDBtnMgrSvc.exe;WD Drive Manager Service;c:\program files\Western Digital\WD Drive Manager\WDBtnMgrSvc.exe [x]
S3 ATSwpWDF;AuthenTec TruePrint USB WDF Driver;c:\windows\system32\Drivers\ATSwpWDF.sys [x]
S3 Com4QLBEx;Com4QLBEx;c:\program files\Hewlett-Packard\HP Quick Launch Buttons\Com4QLBEx.exe [x]
S3 e1yexpress;Intel® Gigabit Network Connections Driver;c:\windows\system32\DRIVERS\e1y6232.sys [x]
S3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [x]
S3 NETw5s32;Intel® Wireless WiFi Link 5000 Series Adapter Driver for Windows 7 - 32 Bit;c:\windows\system32\DRIVERS\NETw5s32.sys [x]
S3 rismc32;RICOH Smart Card Reader;c:\windows\system32\DRIVERS\rismc32.sys [x]
.
.
--- Other Services/Drivers In Memory ---
.
*NewlyCreated* - 17932442
*NewlyCreated* - 23246996
*Deregistered* - 17932442
*Deregistered* - 23246996
*Deregistered* - mchInjDrv
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
HPZ12 REG_MULTI_SZ Pml Driver HPZ12 Net Driver HPZ12
.
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{8A69D345-D564-463c-AFF1-A69D9E530F96}]
2013-02-17 16:36 1607120 ----a-w- c:\program files\Google\Chrome\Application\24.0.1312.57\Installer\chrmstp.exe
.
Contents of the 'Scheduled Tasks' folder
.
2013-02-22 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2012-04-11 06:41]
.
2013-02-22 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2011-04-07 02:17]
.
2013-02-22 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2011-04-07 02:17]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.bentley.edu/
uInternet Settings,ProxyOverride = *.local
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~1\Office12\EXCEL.EXE/3000
TCP: DhcpNameServer = 167.206.254.1 167.206.254.2
FF - ProfilePath - c:\users\Matthew\AppData\Roaming\Mozilla\Firefox\Profiles\jq9n22n0.default\
FF - prefs.js: browser.startup.homepage - hxxp://yahoo.com/
FF - ExtSQL: !HIDDEN! 2010-07-22 08:48; [email protected]; c:\program files\DigitalPersona\Bin\FirefoxExt
.
- - - - ORPHANS REMOVED - - - -
.
SafeBoot-17932442.sys
.
.
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\mchInjDrv]
"ImagePath"="\??\c:\windows\TEMP\mc27290.tmp"
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
"MSCurrentCountry"=dword:000000b5
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
--------------------- DLLs Loaded Under Running Processes ---------------------
.
- - - - - - - > 'Explorer.exe'(3820)
c:\program files\DigitalPersona\Bin\DpoFeedb.dll
c:\program files\DigitalPersona\Bin\DpoSet.dll
.
Completion time: 2013-02-21 22:44:43
ComboFix-quarantined-files.txt 2013-02-22 03:44
ComboFix2.txt 2013-02-18 01:13
ComboFix3.txt 2011-08-09 00:31
.
Pre-Run: 112,673,525,760 bytes free
Post-Run: 112,401,584,128 bytes free
.
- - End Of File - - 3E7B1EB49323FADE10F1E07B1178A77C
  • 0

#6
maliprog
Posted 22 February 2013 - 02:11 AM

maliprog

    Trusted Helper

  • Malware Removal
  • 6,172 posts
Hi Wilbur13,

Download Virus Removal Tool from Here to your desktop

Run the programme you have just downloaded to your desktop (it will be randomly named )

First we will run a virus scan

Click the cog in the upper right
Posted Image


Select down to and including your main drive, once done select the Automatic scan tab and press Start Scan
Posted Image

Allow Virus Removal Tool to delete all infections found
Once it has finished select report tab (last tab)
Select Detected threads report from the left and press Save button
Save it to your desktop and attach to your next post
  • 0

#7
Wilbur13
Posted 23 February 2013 - 01:59 PM

Wilbur13

    Member

  • Topic Starter
  • Member
  • PipPip
  • 16 posts
Hi Maliprog,

The Kaspersky scan found two infections, both Trojans. In the process of it removing one of the infections, I was forced to restart my computer. I didn't save the report before restarting because I figured it would be there when I started it up again, but unfortunately the two infections that it found were not listed on the reports tab. I know the name of one infection included "TDSS" in the name, but I did not see what the other one was. If there is a way for me to find a report saved somewhere on my computer from that scan please let me know. Thanks again for your help.
  • 0

#8
maliprog
Posted 25 February 2013 - 12:01 AM

maliprog

    Trusted Helper

  • Malware Removal
  • 6,172 posts
Hi Wilbur13,

Sorry for delay...

How is your system now? Problems?
  • 0

#9
Wilbur13
Posted 25 February 2013 - 09:14 PM

Wilbur13

    Member

  • Topic Starter
  • Member
  • PipPip
  • 16 posts
Hey Maliprog,

Google actually worked fine for the first few times I used it, but then it started redirecting again. Yahoo! kept redirecting from the first time that I tried it after the scan.
  • 0

#10
maliprog
Posted 26 February 2013 - 12:42 AM

maliprog

    Trusted Helper

  • Malware Removal
  • 6,172 posts
OK. Let's try to find problem with these two scans.

Step 1

Download aswMBR.exe ( 511KB ) to your desktop.

  • Double click the aswMBR.exe to run it
  • Click the "Scan" button to start scan
  • On completion of the scan click save log, save it to your desktop and post aswMBR.txt in your next reply
  • Also, aswMBR will save additional file named MBR.dat. Attach it to your next reply

Step 2

Download GMER from Here. Note the file's name and save it to your root folder, such as C:.
  • Disconnect from the Internet and close all running programs.
  • Temporarily disable any real-time active protection so your security program drivers will not conflict with this file.
  • Click on this link to see a list of programs that should be disabled.
  • Double-click on the downloaded file to start the program. (If running Vista, right click on it and select "Run as an Administrator")
  • Allow the driver to load if asked.
  • You may be prompted to scan immediately if it detects rootkit activity.
  • If you are prompted to scan your system click "No", save the log and post back the results.
  • If not prompted, click the "Rootkit/Malware" tab.
  • On the right-side, all items to be scanned should be checked by default except for "Show All". Leave that box unchecked.
  • Select all drives that are connected to your system to be scanned.
  • Click the Scan button to begin. (Please be patient as it can take some time to complete)
  • When the scan is finished, click Save to save the scan results to your Desktop.
  • Save the file as Results.log and copy/paste the contents in your next reply.
  • Exit the program and re-enable all active protection when done.

Step 3

Please don't forget to include these items in your reply:

  • aswMBR log
  • GMER log
It would be helpful if you could post each log in separate post using "Add Reply" button
  • 0

Advertisements

#11
Wilbur13
Posted 28 February 2013 - 06:40 PM

Wilbur13

    Member

  • Topic Starter
  • Member
  • PipPip
  • 16 posts
aswMBR version 0.9.9.1707 Copyright© 2011 AVAST Software
Run date: 2013-02-27 22:50:23
-----------------------------
22:50:23.664 OS Version: Windows 6.1.7600
22:50:23.664 Number of processors: 2 586 0x1706
22:50:23.664 ComputerName: 2CE929CQCT UserName:
22:50:52.226 Initialize success
22:51:14.659 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T0L0-0
22:51:14.669 Disk 0 Vendor: ST9250410AS 0003HPM1 Size: 238475MB BusType: 11
22:51:14.669 Disk 0 MBR read successfully
22:51:14.679 Disk 0 MBR scan
22:51:14.689 Disk 0 Windows 7 default MBR code
22:51:14.699 Disk 0 Partition 1 00 07 HPFS/NTFS NTFS 236123 MB offset 2048
22:51:14.739 Disk 0 Partition 2 00 0C FAT32 LBA MSDOS5.0 2049 MB offset 483581952
22:51:14.759 Disk 0 Partition 3 80 (A) 07 HPFS/NTFS NTFS 301 MB offset 487778304
22:51:14.769 Disk 0 scanning sectors +488395120
22:51:14.839 Disk 0 scanning C:\Windows\system32\drivers
22:51:35.444 Service scanning
22:51:51.340 Modules scanning
22:52:00.528 Disk 0 trace - called modules:
22:52:00.578 ntkrnlpa.exe CLASSPNP.SYS disk.sys hpdskflt.sys halmacpi.dll ataport.SYS PCIIDEX.SYS msahci.sys
22:52:00.928 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0x8642c030]
22:52:00.938 3 CLASSPNP.SYS[833d559e] -> nt!IofCallDriver -> [0x8642b970]
22:52:00.958 5 hpdskflt.sys[8b5cf0be] -> nt!IofCallDriver -> \Device\Ide\IdeDeviceP0T0L0-0[0x8632a030]
22:52:00.968 Scan finished successfully
22:54:10.545 Disk 0 MBR has been saved successfully to "C:\Users\QUARTE_MATT\Desktop\MBR.dat"
22:54:10.555 The log file has been saved successfully to "C:\Users\QUARTE_MATT\Desktop\aswMBR.txt"

Attached Files

  • Attached File  MBR.dat   512bytes   86 downloads

  • 0

#12
Wilbur13
Posted 28 February 2013 - 06:41 PM

Wilbur13

    Member

  • Topic Starter
  • Member
  • PipPip
  • 16 posts
GMER 2.1.19115 - http://www.gmer.net
Rootkit scan 2013-02-28 19:28:42
Windows 6.1.7600 \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T0L0-0 ST9250410AS rev.0003HPM1 232.89GB
Running: 9dcg2bw4.exe; Driver: C:\Users\QUARTE~1\AppData\Local\Temp\kxlirpoc.sys


---- Kernel code sections - GMER 2.1 ----

.text ntkrnlpa.exe!ZwSaveKeyEx + 13BD 82C465C9 1 Byte [06]
.text ntkrnlpa.exe!KiDispatchInterrupt + 5A2 82C6B092 19 Bytes [E0, 0F, BA, F0, 07, 73, 09, ...] {LOOPNZ 0x11; MOV EDX, 0x97307f0; MOV CR4, EAX; OR AL, 0x80; MOV CR4, EAX; RET ; MOV ECX, CR3}
.text C:\Windows\system32\DRIVERS\atikmdag.sys section is writeable [0x9161C000, 0x2D5378, 0xE8000020]
? C:\Windows\TEMP\mc27915.tmp The system cannot find the file specified. !
? C:\Users\QUARTE~1\AppData\Local\Temp\aswMBR.sys The system cannot find the path specified. !

---- User IAT/EAT - GMER 2.1 ----

IAT C:\Program Files\WD\WD Anywhere Backup\MemeoBackup.exe[4816] @ C:\Windows\system32\USER32.dll [KERNEL32.dll!GetProcAddress] [74EC5E25] C:\Windows\system32\apphelp.dll (Application Compatibility Client Library/Microsoft Corporation)
IAT C:\Program Files\WD\WD Anywhere Backup\MemeoBackup.exe[4816] @ C:\Windows\system32\GDI32.dll [KERNEL32.dll!GetProcAddress] [74EC5E25] C:\Windows\system32\apphelp.dll (Application Compatibility Client Library/Microsoft Corporation)
IAT C:\Program Files\WD\WD Anywhere Backup\MemeoBackup.exe[4816] @ C:\Windows\system32\SHLWAPI.dll [KERNEL32.dll!GetProcAddress] [74EC5E25] C:\Windows\system32\apphelp.dll (Application Compatibility Client Library/Microsoft Corporation)
IAT C:\Program Files\WD\WD Anywhere Backup\MemeoBackup.exe[4816] @ C:\Windows\system32\ADVAPI32.dll [KERNEL32.dll!GetProcAddress] [74EC5E25] C:\Windows\system32\apphelp.dll (Application Compatibility Client Library/Microsoft Corporation)
IAT C:\Program Files\WD\WD Anywhere Backup\MemeoBackup.exe[4816] @ C:\Windows\system32\CRYPT32.dll [KERNEL32.dll!GetProcAddress] [74EC5E25] C:\Windows\system32\apphelp.dll (Application Compatibility Client Library/Microsoft Corporation)

---- Devices - GMER 2.1 ----

AttachedDevice \Driver\kbdclass \Device\KeyboardClass0 Wdf01000.sys (Kernel Mode Driver Framework Runtime/Microsoft Corporation)
AttachedDevice \FileSystem\fastfat \Fat fltmgr.sys (Microsoft Filesystem Filter Manager/Microsoft Corporation)

---- Registry - GMER 2.1 ----

Reg HKLM\SYSTEM\CurrentControlSet\services\BTHPORT\Parameters\Keys\00247e8f8f9f
Reg HKLM\SYSTEM\ControlSet002\services\BTHPORT\Parameters\Keys\00247e8f8f9f (not active ControlSet)

---- EOF - GMER 2.1 ----
  • 0

#13
maliprog
Posted 02 March 2013 - 12:09 AM

maliprog

    Trusted Helper

  • Malware Removal
  • 6,172 posts
Hi Wilbur13,

Please delete your version of COmbofix and download new one as you did before. Run scan again and post log here for me.
  • 0

#14
Wilbur13
Posted 03 March 2013 - 09:18 PM

Wilbur13

    Member

  • Topic Starter
  • Member
  • PipPip
  • 16 posts
ComboFix 13-03-03.01 - QUARTE_MATT 03/03/2013 21:58:30.5.2 - x86
Microsoft Windows 7 Enterprise 6.1.7600.0.1252.1.1033.18.3036.1823 [GMT -5:00]
Running from: c:\users\QUARTE_MATT\Desktop\ComboFix.exe
AV: Microsoft Forefront Client Security *Enabled/Updated* {108DAC43-C256-20B7-BB05-914135DA5160}
SP: Microsoft Forefront Client Security *Enabled/Updated* {ABEC4DA7-E46C-2F39-81B5-AA334E5D1BDD}
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
* Created a new restore point
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\programdata\Microsoft\Windows\DRM\D7AD.tmp
c:\users\QUARTE_MATT\AppData\Local\temp\_MEI47922\_ctypes.pyd
c:\users\QUARTE_MATT\AppData\Local\temp\_MEI47922\_elementtree.pyd
c:\users\QUARTE_MATT\AppData\Local\temp\_MEI47922\_hashlib.pyd
c:\users\QUARTE_MATT\AppData\Local\Temp\_MEI47922\_socket.pyd
c:\users\QUARTE_MATT\AppData\Local\Temp\_MEI47922\_ssl.pyd
c:\users\QUARTE_MATT\AppData\Local\temp\_MEI47922\pyexpat.pyd
c:\users\QUARTE_MATT\AppData\Local\Temp\_MEI47922\pysqlite2._sqlite.pyd
c:\users\QUARTE_MATT\AppData\Local\Temp\_MEI47922\python26.dll
c:\users\QUARTE_MATT\AppData\Local\temp\_MEI47922\pythoncom26.dll
c:\users\QUARTE_MATT\AppData\Local\Temp\_MEI47922\PyWinTypes26.dll
c:\users\QUARTE_MATT\AppData\Local\Temp\_MEI47922\select.pyd
c:\users\QUARTE_MATT\AppData\Local\temp\_MEI47922\unicodedata.pyd
c:\users\QUARTE_MATT\AppData\Local\temp\_MEI47922\win32api.pyd
c:\users\QUARTE_MATT\AppData\Local\Temp\_MEI47922\win32com.shell.shell.pyd
c:\users\QUARTE_MATT\AppData\Local\Temp\_MEI47922\win32crypt.pyd
c:\users\QUARTE_MATT\AppData\Local\temp\_MEI47922\win32event.pyd
c:\users\QUARTE_MATT\AppData\Local\temp\_MEI47922\win32file.pyd
c:\users\QUARTE_MATT\AppData\Local\temp\_MEI47922\win32inet.pyd
c:\users\QUARTE_MATT\AppData\Local\Temp\_MEI47922\win32pdh.pyd
c:\users\QUARTE_MATT\AppData\Local\temp\_MEI47922\win32process.pyd
c:\users\QUARTE_MATT\AppData\Local\temp\_MEI47922\win32profile.pyd
c:\users\QUARTE_MATT\AppData\Local\Temp\_MEI47922\win32security.pyd
c:\users\QUARTE_MATT\AppData\Local\Temp\_MEI47922\win32ts.pyd
c:\users\QUARTE_MATT\AppData\Local\Temp\_MEI47922\windows._cacheinvalidation.pyd
c:\users\QUARTE_MATT\AppData\Local\temp\_MEI47922\wx._controls_.pyd
c:\users\QUARTE_MATT\AppData\Local\temp\_MEI47922\wx._core_.pyd
c:\users\QUARTE_MATT\AppData\Local\temp\_MEI47922\wx._gdi_.pyd
c:\users\QUARTE_MATT\AppData\Local\Temp\_MEI47922\wx._html2.pyd
c:\users\QUARTE_MATT\AppData\Local\Temp\_MEI47922\wx._misc_.pyd
c:\users\QUARTE_MATT\AppData\Local\temp\_MEI47922\wx._windows_.pyd
c:\users\QUARTE_MATT\AppData\Local\temp\_MEI47922\wx._wizard.pyd
c:\users\QUARTE_MATT\AppData\Local\Temp\_MEI47922\wxbase293u_net_vc.dll
c:\users\QUARTE_MATT\AppData\Local\temp\_MEI47922\wxbase293u_vc.dll
c:\users\QUARTE_MATT\AppData\Local\Temp\_MEI47922\wxmsw293u_adv_vc.dll
c:\users\QUARTE_MATT\AppData\Local\Temp\_MEI47922\wxmsw293u_core_vc.dll
c:\users\QUARTE_MATT\AppData\Local\Temp\_MEI47922\wxmsw293u_html_vc.dll
c:\users\QUARTE_MATT\AppData\Local\temp\_MEI47922\wxmsw293u_webview_vc.dll
c:\users\QUARTE~1\AppData\Local\Temp\_MEI47922\_ctypes.pyd
c:\users\QUARTE~1\AppData\Local\Temp\_MEI47922\_elementtree.pyd
c:\users\QUARTE~1\AppData\Local\Temp\_MEI47922\_hashlib.pyd
c:\users\QUARTE~1\AppData\Local\Temp\_MEI47922\_socket.pyd
c:\users\QUARTE~1\AppData\Local\Temp\_MEI47922\_ssl.pyd
c:\users\QUARTE~1\AppData\Local\Temp\_MEI47922\pyexpat.pyd
c:\users\QUARTE~1\AppData\Local\Temp\_MEI47922\pysqlite2._sqlite.pyd
c:\users\QUARTE~1\AppData\Local\Temp\_MEI47922\python26.dll
c:\users\QUARTE~1\AppData\Local\Temp\_MEI47922\pythoncom26.dll
c:\users\QUARTE~1\AppData\Local\Temp\_MEI47922\PyWinTypes26.dll
c:\users\QUARTE~1\AppData\Local\Temp\_MEI47922\select.pyd
c:\users\QUARTE~1\AppData\Local\Temp\_MEI47922\unicodedata.pyd
c:\users\QUARTE~1\AppData\Local\Temp\_MEI47922\win32api.pyd
c:\users\QUARTE~1\AppData\Local\Temp\_MEI47922\win32com.shell.shell.pyd
c:\users\QUARTE~1\AppData\Local\Temp\_MEI47922\win32crypt.pyd
c:\users\QUARTE~1\AppData\Local\Temp\_MEI47922\win32event.pyd
c:\users\QUARTE~1\AppData\Local\Temp\_MEI47922\win32file.pyd
c:\users\QUARTE~1\AppData\Local\Temp\_MEI47922\win32inet.pyd
c:\users\QUARTE~1\AppData\Local\Temp\_MEI47922\win32pdh.pyd
c:\users\QUARTE~1\AppData\Local\Temp\_MEI47922\win32process.pyd
c:\users\QUARTE~1\AppData\Local\Temp\_MEI47922\win32profile.pyd
c:\users\QUARTE~1\AppData\Local\Temp\_MEI47922\win32security.pyd
c:\users\QUARTE~1\AppData\Local\Temp\_MEI47922\win32ts.pyd
c:\users\QUARTE~1\AppData\Local\Temp\_MEI47922\windows._cacheinvalidation.pyd
c:\users\QUARTE~1\AppData\Local\Temp\_MEI47922\wx._controls_.pyd
c:\users\QUARTE~1\AppData\Local\Temp\_MEI47922\wx._core_.pyd
c:\users\QUARTE~1\AppData\Local\Temp\_MEI47922\wx._gdi_.pyd
c:\users\QUARTE~1\AppData\Local\Temp\_MEI47922\wx._html2.pyd
c:\users\QUARTE~1\AppData\Local\Temp\_MEI47922\wx._misc_.pyd
c:\users\QUARTE~1\AppData\Local\Temp\_MEI47922\wx._windows_.pyd
c:\users\QUARTE~1\AppData\Local\Temp\_MEI47922\wx._wizard.pyd
c:\users\QUARTE~1\AppData\Local\Temp\_MEI47922\wxbase293u_net_vc.dll
c:\users\QUARTE~1\AppData\Local\Temp\_MEI47922\wxbase293u_vc.dll
c:\users\QUARTE~1\AppData\Local\Temp\_MEI47922\wxmsw293u_adv_vc.dll
c:\users\QUARTE~1\AppData\Local\Temp\_MEI47922\wxmsw293u_core_vc.dll
c:\users\QUARTE~1\AppData\Local\Temp\_MEI47922\wxmsw293u_html_vc.dll
c:\users\QUARTE~1\AppData\Local\Temp\_MEI47922\wxmsw293u_webview_vc.dll
.
.
((((((((((((((((((((((((( Files Created from 2013-02-04 to 2013-03-04 )))))))))))))))))))))))))))))))
.
.
2013-03-04 03:06 . 2013-03-04 03:14 -------- d-----w- c:\users\QUARTE_MATT\AppData\Local\temp
2013-03-04 03:06 . 2013-03-04 03:06 -------- d-----w- c:\users\Public\AppData\Local\temp
2013-03-04 03:06 . 2013-03-04 03:06 -------- d-----w- c:\users\ithomas\AppData\Local\temp
2013-03-04 03:06 . 2013-03-04 03:06 -------- d-----w- c:\users\Default\AppData\Local\temp
2013-03-04 03:06 . 2013-03-04 03:06 -------- d-----w- c:\users\sysadmin\AppData\Local\temp
2013-03-04 03:06 . 2013-03-04 03:06 -------- d-----w- c:\users\Matthew\AppData\Local\temp
2013-03-04 03:06 . 2013-03-04 03:06 -------- d-----w- c:\users\JIMENEZ_ANDR\AppData\Local\temp
2013-03-04 03:06 . 2013-03-04 03:06 -------- d-----w- c:\users\jenko_juli\AppData\Local\temp
2013-02-28 04:57 . 2013-03-01 02:50 60872 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{905E4E41-93EE-4D7C-98ED-2AB7674297F9}\offreg.dll
2013-02-28 03:56 . 2013-02-28 03:56 377856 ----a-w- C:\9dcg2bw4.exe
2013-02-24 00:58 . 2013-02-24 00:58 -------- d-----w- c:\program files\Common Files\Java
2013-02-24 00:58 . 2013-02-24 00:57 861088 ----a-w- c:\windows\system32\npDeployJava1.dll
2013-02-24 00:58 . 2013-02-24 00:57 94112 ----a-w- c:\windows\system32\WindowsAccessBridge.dll
2013-02-24 00:56 . 2013-02-24 00:56 -------- d-----w- c:\programdata\McAfee
2013-02-23 23:53 . 2013-02-08 00:45 6954968 ----a-w- c:\programdata\Microsoft\Microsoft Forefront\Client Security\Client\Antimalware\Definition Updates\{D0487E5E-9CE5-479D-9BB5-8CEA3FDEADA0}\mpengine.dll
2013-02-23 23:52 . 2013-02-19 08:58 6954968 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{905E4E41-93EE-4D7C-98ED-2AB7674297F9}\mpengine.dll
2013-02-23 00:36 . 2013-02-23 00:36 -------- d-----w- c:\programdata\Kaspersky Lab
2013-02-22 03:07 . 2013-02-22 03:07 -------- d-----w- C:\_OTL
2013-02-21 03:51 . 2013-02-21 03:51 -------- d-----w- C:\_OTM
2013-02-21 03:26 . 2013-02-21 03:26 26872 ----a-w- c:\windows\system32\drivers\FixTDSS.sys
2013-02-21 03:26 . 2013-02-21 03:26 -------- d-----w- c:\users\Matthew\AppData\Roaming\FixTDSS
2013-02-21 03:10 . 2013-02-21 03:10 -------- d-----w- c:\users\Matthew\AppData\Local\Macromedia
2013-02-18 02:08 . 2013-02-24 00:37 -------- d-----w- c:\users\QUARTE_MATT\AppData\Local\CrashDumps
2013-02-18 01:53 . 2013-02-18 02:16 -------- d-----w- c:\users\Matthew\AppData\Local\NPE
2013-02-18 01:53 . 2013-02-18 01:54 -------- d-----w- c:\programdata\Norton
2013-02-17 16:35 . 2013-02-17 16:35 -------- d-----w- c:\program files\SUPERAntiSpyware
2013-02-15 22:31 . 2013-02-15 22:31 186432 ----a-w- c:\program files\Mozilla Firefox\plugins\nppdf32.dll
2013-02-15 22:31 . 2013-02-15 22:31 186432 ----a-w- c:\program files\Internet Explorer\Plugins\nppdf32.dll
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2013-03-01 00:41 . 2012-04-11 16:29 691568 ----a-w- c:\windows\system32\FlashPlayerApp.exe
2013-03-01 00:41 . 2011-05-27 15:22 71024 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2013-02-24 00:57 . 2010-09-01 02:10 782240 ----a-w- c:\windows\system32\deployJava1.dll
2013-01-17 06:28 . 2010-07-21 20:40 232336 ------w- c:\windows\system32\MpSigStub.exe
2013-01-08 04:57 . 2010-08-05 20:00 6991832 ----a-w- c:\programdata\Microsoft\Microsoft Forefront\Client Security\Client\Antimalware\Definition Updates\Backup\mpengine.dll
2012-12-14 21:49 . 2012-04-13 17:21 21104 ----a-w- c:\windows\system32\drivers\mbam.sys
2012-03-13 04:39 . 2011-12-05 02:49 97208 ----a-w- c:\program files\mozilla firefox\components\browsercomps.dll
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\GDriveBlacklistedOverlay]
@="{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D42}"
[HKEY_CLASSES_ROOT\CLSID\{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D42}]
2012-12-18 00:50 556648 ----a-w- c:\program files\Google\Drive\googledrivesync32.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\GDriveSharedOverlay]
@="{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D43}"
[HKEY_CLASSES_ROOT\CLSID\{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D43}]
2012-12-18 00:50 556648 ----a-w- c:\program files\Google\Drive\googledrivesync32.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\GDriveSyncedOverlay]
@="{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D40}"
[HKEY_CLASSES_ROOT\CLSID\{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D40}]
2012-12-18 00:50 556648 ----a-w- c:\program files\Google\Drive\googledrivesync32.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\GDriveSyncingOverlay]
@="{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D41}"
[HKEY_CLASSES_ROOT\CLSID\{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D41}]
2012-12-18 00:50 556648 ----a-w- c:\program files\Google\Drive\googledrivesync32.dll
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"GoogleDriveSync"="c:\program files\Google\Drive\googledrivesync.exe" [2012-12-18 16328976]
"iCloudServices"="c:\program files\Common Files\Apple\Internet Services\iCloudServices.exe" [2012-11-28 59280]
"ApplePhotoStreams"="c:\program files\Common Files\Apple\Internet Services\ApplePhotoStreams.exe" [2012-11-28 59280]
"SUPERAntiSpyware"="c:\program files\SUPERAntiSpyware\SUPERAntiSpyware.exe" [2012-11-01 4763008]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2010-06-04 1791272]
"QlbCtrl.exe"="c:\program files\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe" [2010-02-25 287800]
"WirelessAssistant"="c:\program files\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe" [2009-07-23 498744]
"TkBellExe"="c:\program files\Common Files\Real\Update_OB\realsched.exe" [2010-07-22 202256]
"DpAgent"="c:\program files\DigitalPersona\Bin\dpagent.exe" [2009-10-23 842816]
"SoundMAXPnP"="c:\program files\Analog Devices\Core\smax4pnp.exe" [2009-05-18 1314816]
"WD Drive Manager"="c:\program files\Western Digital\WD Drive Manager\WDBtnMgrUI.exe" [2008-07-24 450560]
"WD Anywhere Backup"="c:\program files\WD\WD Anywhere Backup\MemeoLauncher2.exe" [2008-11-07 197856]
"ArcSoft Connection Service"="c:\program files\Common Files\ArcSoft\Connection Service\Bin\ACDaemon.exe" [2010-10-28 207424]
"EEventManager"="c:\progra~1\EPSONS~1\EVENTM~1\EEventManager.exe" [2009-04-07 673616]
"Microsoft Forefront Client Security Antimalware Service"="c:\program files\Microsoft Forefront\Client Security\Client\Antimalware\MSASCui.exe" [2011-02-02 1033600]
"APSDaemon"="c:\program files\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2012-11-28 59280]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2012-12-03 946352]
"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2012-10-25 421888]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2012-12-12 152544]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2012-07-03 252848]
.
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"Communicator"="c:\program files\Microsoft Office Communicator\Communicator.exe" [2005-05-12 4167376]
.
c:\users\Matthew\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
_uninst_00426065.lnk - c:\users\QUARTE_MATT\AppData\Local\temp\_uninst_00426065.bat [N/A]
_uninst_42810689.lnk - c:\users\QUARTE_MATT\AppData\Local\temp\_uninst_42810689.bat [N/A]
.
c:\users\QUARTE_MATT\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
OneNote 2007 Screen Clipper and Launcher.lnk - c:\program files\Microsoft Office\Office12\ONENOTEM.EXE [2009-2-26 97680]
.
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
Adobe Gamma Loader.lnk - c:\program files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe [2010-8-11 113664]
Amazon Unbox.lnk - c:\program files\Amazon\Amazon Unbox Video\ADVWindowsClientSystemTray.exe [2010-9-13 97384]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"disablecad"= 1 (0x1)
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\group policy\state\S-1-5-21-1229846427-2226813820-890958922-28202\Scripts\Logon\0\0]
"Script"=\\blue.ad.bentley.edu\sysvol\blue.ad.bentley.edu\scripts\StudentLogin.vbs
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\group policy\state\S-1-5-21-1229846427-2226813820-890958922-28202\Scripts\Logon\1\0]
"Script"=\\blue.ad.bentley.edu\SysVol\blue.ad.bentley.edu\scripts\SMS.vbs
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\group policy\state\S-1-5-21-1229846427-2226813820-890958922-28266\Scripts\Logon\0\0]
"Script"=\\blue.ad.bentley.edu\sysvol\blue.ad.bentley.edu\scripts\StudentLogin.vbs
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\group policy\state\S-1-5-21-1229846427-2226813820-890958922-42593\Scripts\Logon\0\0]
"Script"=\\blue.ad.bentley.edu\sysvol\blue.ad.bentley.edu\scripts\StudentLogin.vbs
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\!SASCORE]
@=""
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\FCSAM]
@="Service"
.
R2 MBAMService;MBAMService;c:\program files\Malwarebytes' Anti-Malware\mbamservice.exe [x]
R2 SkypeUpdate;Skype Updater;c:\program files\Skype\Updater\Updater.exe [x]
R3 RoxMediaDB10;RoxMediaDB10;c:\program files\Common Files\Roxio Shared\10.0\SharedCOM\RoxMediaDB10.exe [x]
R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe [x]
R3 WDC_SAM;WD SCSI Pass Thru driver;c:\windows\system32\DRIVERS\wdcsam.sys [x]
S0 FixTDSS;TDSS Fixtool driver;c:\windows\system32\drivers\FixTDSS.sys [x]
S1 SASDIFSV;SASDIFSV;c:\program files\SUPERAntiSpyware\SASDIFSV.SYS [x]
S1 SASKUTIL;SASKUTIL;c:\program files\SUPERAntiSpyware\SASKUTIL.SYS [x]
S2 !SASCORE;SAS Core Service;c:\program files\SUPERAntiSpyware\SASCORE.EXE [x]
S2 AMD External Events Utility;AMD External Events Utility;c:\windows\system32\atiesrxx.exe [x]
S2 ATService;AuthenTec Fingerprint Service;c:\program files\Fingerprint Sensor\AtService.exe [x]
S2 FCSAM;Microsoft Forefront Client Security Antimalware Service;c:\program files\Microsoft Forefront\Client Security\Client\Antimalware\MsMpEng.exe [x]
S2 FcsSas;Microsoft Forefront Client Security State Assessment Service;c:\program files\Microsoft Forefront\Client Security\Client\SSA\FcsSas.exe [x]
S2 hpsrv;HP Service;c:\windows\system32\Hpservice.exe [x]
S2 MBAMScheduler;MBAMScheduler;c:\program files\Malwarebytes' Anti-Malware\mbamscheduler.exe [x]
S2 MemeoBackgroundService;MemeoBackgroundService;c:\program files\WD\WD Anywhere Backup\MemeoBackgroundService.exe [x]
S2 MOM;MOM;c:\program files\Microsoft Forefront\Client Security\Client\Microsoft Operations Manager 2005\MOMService.exe [x]
S2 NitroReaderDriverReadSpool;NitroPDFReaderDriverCreatorReadSpool;c:\program files\Nitro PDF\Reader\NitroPDFReaderDriverService.exe [x]
S2 UMVPFSrv;UMVPFSrv;c:\program files\Common Files\logishrd\LVMVFM\UMVPFSrv.exe [x]
S2 vfsFPService;Validity Fingerprint Service;c:\windows\system32\vfsFPService.exe [x]
S2 WDBtnMgrSvc.exe;WD Drive Manager Service;c:\program files\Western Digital\WD Drive Manager\WDBtnMgrSvc.exe [x]
S3 ATSwpWDF;AuthenTec TruePrint USB WDF Driver;c:\windows\system32\Drivers\ATSwpWDF.sys [x]
S3 Com4QLBEx;Com4QLBEx;c:\program files\Hewlett-Packard\HP Quick Launch Buttons\Com4QLBEx.exe [x]
S3 e1yexpress;Intel® Gigabit Network Connections Driver;c:\windows\system32\DRIVERS\e1y6232.sys [x]
S3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [x]
S3 NETw5s32;Intel® Wireless WiFi Link 5000 Series Adapter Driver for Windows 7 - 32 Bit;c:\windows\system32\DRIVERS\NETw5s32.sys [x]
S3 rismc32;RICOH Smart Card Reader;c:\windows\system32\DRIVERS\rismc32.sys [x]
.
.
--- Other Services/Drivers In Memory ---
.
*Deregistered* - mchInjDrv
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
HPZ12 REG_MULTI_SZ Pml Driver HPZ12 Net Driver HPZ12
.
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{8A69D345-D564-463c-AFF1-A69D9E530F96}]
2013-02-27 03:33 1629648 ----a-w- c:\program files\Google\Chrome\Application\25.0.1364.97\Installer\chrmstp.exe
.
Contents of the 'Scheduled Tasks' folder
.
2013-03-04 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2012-04-11 00:41]
.
2013-03-04 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2011-04-07 02:17]
.
2013-03-04 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2011-04-07 02:17]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.bentley.edu/
uInternet Settings,ProxyServer = http=127.0.0.1:52222
uInternet Settings,ProxyOverride = *.local
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~1\Office12\EXCEL.EXE/3000
TCP: DhcpNameServer = 167.206.254.1 167.206.254.2
FF - ProfilePath - c:\users\QUARTE_MATT\AppData\Roaming\Mozilla\Firefox\Profiles\rsw2boq3.default\
FF - prefs.js: browser.startup.homepage - hxxp://www.yahoo.com/
FF - prefs.js: network.proxy.type - 0
FF - ExtSQL: !HIDDEN! 2010-07-22 08:48; [email protected]; c:\program files\DigitalPersona\Bin\FirefoxExt
.
- - - - ORPHANS REMOVED - - - -
.
WebBrowser-{CCC7A320-B3CA-4199-B1A6-9F516DD69829} - (no file)
.
.
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\mchInjDrv]
"ImagePath"="\??\c:\windows\TEMP\mc27657.tmp"
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
"MSCurrentCountry"=dword:000000b5
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
--------------------- DLLs Loaded Under Running Processes ---------------------
.
- - - - - - - > 'Explorer.exe'(3604)
c:\program files\DigitalPersona\Bin\DpoFeedb.dll
c:\program files\DigitalPersona\Bin\DpoSet.dll
c:\program files\FileZilla FTP Client\fzshellext.dll
.
------------------------ Other Running Processes ------------------------
.
c:\windows\system32\atieclxx.exe
c:\program files\DigitalPersona\Bin\DpHostW.exe
c:\program files\Common Files\ArcSoft\Connection Service\Bin\ACService.exe
c:\program files\Common Files\Adobe\ARM\1.0\armsvc.exe
c:\windows\system32\AEADISRV.EXE
c:\program files\LSI SoftModem\agrsmsvc.exe
c:\program files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
c:\program files\Bonjour\mDNSResponder.exe
c:\progra~1\PHAROS~1\Core\CTskMstr.exe
c:\windows\system32\CCM\CcmExec.exe
c:\windows\system32\msiexec.exe
c:\windows\system32\taskhost.exe
c:\windows\system32\conhost.exe
c:\program files\Hewlett-Packard\HP Quick Launch Buttons\VolCtrl.exe
c:\program files\Synaptics\SynTP\SynTPHelper.exe
c:\program files\Common Files\ArcSoft\Connection Service\Bin\ArcCon.ac
c:\program files\Epson Software\Event Manager\EEventManager.exe
c:\program files\Hewlett-Packard\Shared\hpqwmiex.exe
c:\program files\iPod\bin\iPodService.exe
c:\program files\WD\WD Anywhere Backup\MemeoBackup.exe
c:\program files\Hewlett-Packard\Shared\hpqToaster.exe
c:\program files\Windows Media Player\wmpnetwk.exe
.
**************************************************************************
.
Completion time: 2013-03-03 22:17:50 - machine was rebooted
ComboFix-quarantined-files.txt 2013-03-04 03:17
ComboFix2.txt 2013-02-22 03:44
ComboFix3.txt 2013-02-18 01:13
ComboFix4.txt 2011-08-09 00:31
.
Pre-Run: 114,896,576,512 bytes free
Post-Run: 115,461,005,312 bytes free
.
- - End Of File - - EDED07723AE279887FB965F86A2FC392
  • 0

#15
maliprog
Posted 04 March 2013 - 12:06 AM

maliprog

    Trusted Helper

  • Malware Removal
  • 6,172 posts
How is your system now?

If you still get redirects then please please answer these questions for me so we can narrow the problem.

  • Do you use router to to access internet?
  • Do you have any other PCs connected to that router and does they get redirected?
  • Do you get redirected in all browsers you use or this redirection only effect one browser?

  • 0
Back to Virus, Spyware, Malware Removal · Next Unread Topic →




Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

  1. Geeks to Go Community
  2. Security
  3. Virus, Spyware, Malware Removal

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP