Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Google Redirect on PC


  • This topic is locked This topic is locked
19 replies to this topic

#1 Tech4ever

Tech4ever

  • Members
  • 8 posts
  • OFFLINE
  •  
  • Local time:06:29 AM

Posted 19 April 2012 - 08:09 AM

Hi,

I am a computer technician and have always found your forum very helpful in resolving malware issues.
I have come across a infection that i cant seam to get rid of that keeps redirecting a clients pc from their search results in google to www.com.au and then to a Ad website.

I have run the following scans:
  • Malwarebytes
  • Superantispyware
  • checked Hosts file
  • ESET Online
  • Mini toolbox
  • Checked Hijack this logs - looked ok
  • OLT
  • reset winsock and LSP entries
  • Ran combofix but still no joy :(
  • Ran kaspersky Rootkit scan - no objects found

Computer is Windows 7 32bit with TrendMicro as AV

Any assistance would be greatly apriciated

I have attached the logs below:

OLT with the following custom scan options:
%SYSTEMDRIVE%\*.exe
/md5start
explorer.exe
winlogon.exe
wininit.exe
hlp.dat


OTL logfile created on: 4/19/2012 9:36:19 PM - Run 1
OTL by OldTimer - Version 3.2.40.0 Folder = C:\Users\scott\Desktop
Professional Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000409 | Country: Australia | Language: ENA | Date Format: d/MM/yyyy

2.97 Gb Total Physical Memory | 1.77 Gb Available Physical Memory | 59.54% Memory free
5.93 Gb Paging File | 4.50 Gb Available in Paging File | 75.83% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 454.82 Gb Total Space | 381.64 Gb Free Space | 83.91% Space Free | Partition Type: NTFS
Drive D: | 3.68 Gb Total Space | 3.55 Gb Free Space | 96.58% Space Free | Partition Type: FAT32
Drive Q: | 9.77 Gb Total Space | 4.39 Gb Free Space | 45.00% Space Free | Partition Type: NTFS

Computer Name: SCOTTDESKTOP | User Name: Scott | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2012/04/19 21:35:58 | 000,595,968 | ---- | M] (OldTimer Tools) -- C:\Users\scott\Desktop\OTL.exe
PRC - [2012/03/14 01:43:26 | 000,040,960 | ---- | M] () -- C:\Program Files\Navionics World\NavService.exe
PRC - [2012/03/08 07:27:25 | 003,905,920 | ---- | M] (SUPERAntiSpyware.com) -- C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
PRC - [2012/03/05 19:29:44 | 002,416,000 | ---- | M] (TeamViewer GmbH) -- C:\Program Files\TeamViewer\Version6\TeamViewer_Service.exe
PRC - [2012/03/05 07:55:07 | 000,024,592 | ---- | M] (Trend Micro Inc.) -- C:\Program Files\Trend Micro\Client Server Security Agent\HostedAgent\HostedAgent.exe
PRC - [2012/03/05 07:55:03 | 000,689,680 | ---- | M] (Trend Micro Inc.) -- C:\Program Files\Trend Micro\Client Server Security Agent\TmProxy.exe
PRC - [2012/03/05 07:55:02 | 001,531,392 | ---- | M] (Trend Micro Inc.) -- C:\Program Files\Trend Micro\Client Server Security Agent\TmListen.exe
PRC - [2012/03/05 07:55:01 | 001,107,472 | ---- | M] (Trend Micro Inc.) -- C:\Program Files\Trend Micro\Client Server Security Agent\PccNTMon.exe
PRC - [2012/03/05 07:55:00 | 001,336,464 | ---- | M] (Trend Micro Inc.) -- C:\Program Files\Trend Micro\Client Server Security Agent\NTRtScan.exe
PRC - [2012/02/27 08:32:44 | 000,307,824 | ---- | M] (Google Inc.) -- C:\Program Files\Google\Google Toolbar\GoogleToolbarUser_32.exe
PRC - [2012/02/23 11:30:40 | 000,059,240 | ---- | M] (Apple Inc.) -- C:\Program Files\Common Files\Apple\Internet Services\ubd.exe
PRC - [2012/02/10 11:28:06 | 000,425,240 | ---- | M] (Microsoft Corporation.) -- C:\Program Files\Microsoft\BingBar\7.1.361.0\BingBar.exe
PRC - [2012/02/10 11:28:06 | 000,268,056 | ---- | M] (Microsoft Corporation.) -- C:\Program Files\Microsoft\BingBar\7.1.361.0\BingApp.exe
PRC - [2012/02/10 11:28:06 | 000,240,408 | ---- | M] (Microsoft Corporation.) -- C:\Program Files\Microsoft\BingBar\7.1.361.0\SeaPort.EXE
PRC - [2012/02/10 11:28:06 | 000,193,816 | ---- | M] (Microsoft Corporation.) -- C:\Program Files\Microsoft\BingBar\7.1.361.0\BBSvc.EXE
PRC - [2012/02/10 11:28:06 | 000,142,104 | ---- | M] (Microsoft Corporation.) -- C:\Program Files\Microsoft\BingBar\7.1.361.0\bingsurrogate.exe
PRC - [2012/02/07 21:16:44 | 000,050,704 | ---- | M] (Trend Micro Inc.) -- C:\Program Files\Trend Micro\Client Server Security Agent\HostedAgent\svcGenericHost.exe
PRC - [2012/01/03 23:10:42 | 000,063,928 | ---- | M] (Adobe Systems Incorporated) -- C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe
PRC - [2011/08/23 20:20:18 | 000,887,976 | ---- | M] (Ask) -- C:\Program Files\Ask.com\Updater\Updater.exe
PRC - [2011/08/12 09:38:07 | 000,116,608 | ---- | M] (SUPERAntiSpyware.com) -- C:\Program Files\SUPERAntiSpyware\SASCore.exe
PRC - [2011/06/24 14:22:20 | 000,271,360 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\conhost.exe
PRC - [2011/06/03 09:31:52 | 000,345,616 | ---- | M] () -- C:\Program Files\Trend Micro\BM\TMBMSRV.exe
PRC - [2011/03/15 14:02:05 | 000,901,600 | ---- | M] () -- C:\Program Files\Business-in-a-Box\BIBLauncher.exe
PRC - [2010/12/21 13:25:18 | 000,091,136 | ---- | M] (Sage Software, Inc) -- C:\Program Files\ACT\Act for Windows\Act.Outlook.Sync.exe
PRC - [2010/12/21 13:25:10 | 000,028,672 | ---- | M] (Sage Software, Inc.) -- C:\Program Files\ACT\Act for Windows\Act.Outlook.Service.exe
PRC - [2010/11/20 04:17:48 | 000,049,152 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\taskhost.exe
PRC - [2010/11/20 04:17:32 | 000,173,568 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\rdpclip.exe
PRC - [2010/11/20 04:17:10 | 002,616,320 | ---- | M] (Microsoft Corporation) -- C:\Windows\explorer.exe
PRC - [2010/07/30 16:30:18 | 000,159,744 | ---- | M] (Primax Electronics Ltd.) -- C:\Program Files\Lenovo\Lenovo Mouse Suite\PELMICED.EXE
PRC - [2010/07/28 13:46:00 | 000,069,632 | ---- | M] (Primax Electronics Ltd.) -- C:\Program Files\Lenovo\Lenovo Mouse Suite\ICO.exe
PRC - [2010/06/01 18:41:38 | 000,155,648 | ---- | M] () -- C:\Program Files\Lenovo\Lenovo Mouse Suite\PelElvDm.exe
PRC - [2010/04/22 16:04:22 | 000,184,320 | ---- | M] () -- C:\Program Files\Lenovo\Lenovo Mouse Suite\PelService.exe
PRC - [2010/03/16 07:54:56 | 000,028,672 | ---- | M] (Lenovo Group Limited) -- c:\Program Files\Lenovo\System Update\SUService.exe
PRC - [2009/10/16 19:07:06 | 000,064,064 | ---- | M] (Lenovo Group Limited) -- C:\Program Files\ThinkPad\Utilities\SCHTASK.EXE
PRC - [2009/10/16 19:06:14 | 000,072,256 | ---- | M] (Lenovo) -- C:\Program Files\ThinkPad\Utilities\PWMDBSVC.exe
PRC - [2009/08/29 08:09:58 | 001,019,904 | ---- | M] (Lenovo Group Limited) -- C:\Program Files\Common Files\Lenovo\tvt_reg_monitor_svc.exe
PRC - [2009/07/30 05:44:20 | 000,049,152 | ---- | M] (Lenovo (Shenzhen) Electronic Co., Ltd.) -- C:\Program Files\Lenovo\FanSpeedControl\LenovoFSC.exe
PRC - [2009/05/28 16:09:36 | 000,049,976 | ---- | M] () -- C:\Program Files\Lenovo\Message Center Plus\MCPLaunch.exe
PRC - [2009/02/24 15:47:06 | 000,143,360 | ---- | M] (Brother Industries, Ltd.) -- C:\Program Files\Brother\Brmfcmon\BrMfimon.exe
PRC - [2008/11/20 18:27:28 | 000,020,480 | ---- | M] () -- C:\Program Files\Lenovo\Lenovo Mouse Suite\FSRremoS.EXE
PRC - [2008/02/08 06:41:12 | 000,185,632 | ---- | M] (Protexis Inc.) -- C:\Program Files\Common Files\Protexis\License Service\PsiService_2.exe
PRC - [2008/01/11 06:13:50 | 000,061,440 | ---- | M] (Ulead Systems, Inc.) -- C:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe


========== Modules (No Company Name) ==========

MOD - [2012/04/19 21:31:20 | 000,065,024 | ---- | M] () -- C:\ProgramData\SUPERAntiSpyware.com\SUPERAntiSpyware\SDDLLS\SD10006.dll
MOD - [2012/04/19 21:31:20 | 000,052,736 | ---- | M] () -- C:\ProgramData\SUPERAntiSpyware.com\SUPERAntiSpyware\SDDLLS\SD10007.dll
MOD - [2012/04/19 17:25:02 | 000,117,760 | ---- | M] () -- C:\ProgramData\SUPERAntiSpyware.com\SUPERAntiSpyware\SDDLLS\UIREPAIR.DLL
MOD - [2012/04/19 17:25:02 | 000,052,224 | ---- | M] () -- C:\ProgramData\SUPERAntiSpyware.com\SUPERAntiSpyware\SDDLLS\SD10005.dll
MOD - [2012/04/12 13:40:30 | 001,670,144 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\Microsoft.VisualBas#\3ce70b84dbb9970e1893672c5d430c80\Microsoft.VisualBasic.ni.dll
MOD - [2012/04/12 12:51:38 | 011,833,344 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Web\507b4ca18da9d2fde2e51a1f04593443\System.Web.ni.dll
MOD - [2012/04/12 12:49:45 | 012,433,408 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\262285b3d0afafc5059f3fe9be69bff5\System.Windows.Forms.ni.dll
MOD - [2012/04/12 12:49:38 | 001,590,784 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Drawing\8177623eac8f15cf95b587625439eac7\System.Drawing.ni.dll
MOD - [2012/03/14 01:44:25 | 008,179,712 | ---- | M] () -- C:\Program Files\Navionics World\QtGui4.dll
MOD - [2012/03/14 01:44:17 | 002,203,648 | ---- | M] () -- C:\Program Files\Navionics World\QtCore4.dll
MOD - [2012/03/14 01:43:26 | 000,040,960 | ---- | M] () -- C:\Program Files\Navionics World\NavService.exe
MOD - [2012/02/17 11:41:06 | 002,347,008 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Runtime.Seri#\bc96c5c6e644452270ff7c3d066ff713\System.Runtime.Serialization.ni.dll
MOD - [2012/02/17 11:41:06 | 001,083,392 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.IdentityModel\d939fca96c3645bb8806ea8ae43cc0ca\System.IdentityModel.ni.dll
MOD - [2012/02/17 11:41:04 | 000,256,000 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\SMDiagnostics\281b67b96a2dd473dad4d222da0ca514\SMDiagnostics.ni.dll
MOD - [2012/02/17 11:41:03 | 017,478,656 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.ServiceModel\b74950292d5681795d9d2c1a72a79952\System.ServiceModel.ni.dll
MOD - [2012/02/17 10:19:24 | 000,771,584 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Runtime.Remo#\a1c4a635721f85bef0ea4194b888b871\System.Runtime.Remoting.ni.dll
MOD - [2012/02/17 10:10:09 | 005,453,312 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Xml\9866d1f6178e1cde25642f1ac293ff8d\System.Xml.ni.dll
MOD - [2012/02/17 10:09:57 | 000,971,264 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Configuration\e620323cacb5b6bfd93fd28d263440e4\System.Configuration.ni.dll
MOD - [2012/02/17 10:09:56 | 007,967,232 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System\faf4e8730ecbd07570111bb7c3b20565\System.ni.dll
MOD - [2012/01/31 16:16:08 | 001,042,432 | ---- | M] () -- C:\Users\scott\AppData\Local\Microsoft\BingBar\Apps\Translator_f5cbd3ef4c144434b17913278004e270\7.1.361\Blingext.dll
MOD - [2011/10/14 07:10:03 | 011,490,304 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\a1a82db68b3badc7c27ea1f6579d22c5\mscorlib.ni.dll
MOD - [2011/06/24 22:56:36 | 000,087,328 | ---- | M] () -- C:\Program Files\Common Files\Apple\Apple Application Support\zlib1.dll
MOD - [2011/06/24 22:56:14 | 001,241,888 | ---- | M] () -- C:\Program Files\Common Files\Apple\Apple Application Support\libxml2.dll
MOD - [2011/04/01 17:14:35 | 000,076,680 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\Microsoft.Practices.Unity\1.2.0.0__31bf3856ad364e35\Microsoft.Practices.Unity.dll
MOD - [2011/04/01 17:14:35 | 000,076,680 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\Microsoft.Practices.ObjectBuilder2\2.2.0.0__31bf3856ad364e35\Microsoft.Practices.ObjectBuilder2.dll
MOD - [2011/04/01 17:14:35 | 000,052,104 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\Microsoft.Practices.Unity.Configuration\1.2.0.0__31bf3856ad364e35\Microsoft.Practices.Unity.Configuration.dll
MOD - [2011/04/01 17:14:34 | 000,061,440 | ---- | M] () -- C:\Windows\assembly\GAC\Interop.ADChronopher\1.0.0.0__ebf6b2ff4d0a08aa\Interop.ADChronopher.dll
MOD - [2011/04/01 17:14:32 | 000,192,512 | ---- | M] () -- C:\Windows\assembly\GAC\Genghis\0.3.958.30739__f595a82b5e5c871c\Genghis.dll
MOD - [2011/04/01 17:14:29 | 001,110,016 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\Act.UI.SyncSetup\13.1.111.0__ebf6b2ff4d0a08aa\Act.UI.SyncSetup.dll
MOD - [2011/04/01 17:14:26 | 002,134,016 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\Act.Shared.Windows.Forms\13.1.111.0__ebf6b2ff4d0a08aa\Act.Shared.Windows.Forms.dll
MOD - [2011/04/01 17:14:25 | 005,144,576 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\Act.Shared.Images\13.1.111.0__ebf6b2ff4d0a08aa\Act.Shared.Images.dll
MOD - [2011/04/01 17:14:25 | 000,311,296 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\Act.Shared.Win32\13.1.111.0__ebf6b2ff4d0a08aa\Act.Shared.Win32.dll
MOD - [2011/04/01 17:14:25 | 000,057,344 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\Act.Shared.Utilities\13.1.111.0__ebf6b2ff4d0a08aa\Act.Shared.Utilities.dll
MOD - [2011/04/01 17:14:24 | 000,678,912 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\Act.Outlook.Sync.Common\13.1.111.0__ebf6b2ff4d0a08aa\Act.Outlook.Sync.Common.dll
MOD - [2011/04/01 17:14:24 | 000,311,296 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\Act.Outlook.Service.Desktop\13.1.111.0__ebf6b2ff4d0a08aa\Act.Outlook.Service.Desktop.dll
MOD - [2011/04/01 17:14:24 | 000,294,912 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\Act.Outlook.Service.Shared\13.1.111.0__ebf6b2ff4d0a08aa\Act.Outlook.Service.Shared.dll
MOD - [2011/04/01 17:14:24 | 000,072,704 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\Act.Outlook.Win.Integration\13.1.111.0__ebf6b2ff4d0a08aa\Act.Outlook.Win.Integration.dll
MOD - [2011/04/01 17:14:24 | 000,049,152 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\Act.Outlook.Service.AppCommon\13.1.111.0__ebf6b2ff4d0a08aa\Act.Outlook.Service.AppCommon.dll
MOD - [2011/04/01 17:14:24 | 000,045,056 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\Act.Shared.Diagnostics\13.1.111.0__ebf6b2ff4d0a08aa\Act.Shared.Diagnostics.dll
MOD - [2011/04/01 17:14:24 | 000,036,864 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\Act.Shared.Config\13.1.111.0__ebf6b2ff4d0a08aa\Act.Shared.Config.dll
MOD - [2011/04/01 17:14:24 | 000,032,768 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\Act.Outlook.Service.Interfaces\13.1.111.0__ebf6b2ff4d0a08aa\Act.Outlook.Service.Interfaces.dll
MOD - [2011/04/01 17:14:23 | 003,391,488 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\Act.Framework\13.1.111.0__ebf6b2ff4d0a08aa\Act.Framework.dll
MOD - [2011/04/01 17:14:23 | 000,136,192 | ---- | M] () -- C:\Windows\assembly\GAC_32\Act.Outlook.Message.Reader\13.1.111.0__ebf6b2ff4d0a08aa\Act.Outlook.Message.Reader.dll
MOD - [2011/04/01 17:14:04 | 000,120,832 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\Act.Outlook.Integration\13.1.111.0__ebf6b2ff4d0a08aa\Act.Outlook.Integration.dll
MOD - [2011/03/15 14:02:05 | 000,901,600 | ---- | M] () -- C:\Program Files\Business-in-a-Box\BIBLauncher.exe
MOD - [2009/09/22 03:01:00 | 000,028,672 | ---- | M] () -- C:\Program Files\ThinkPad\Utilities\US\PWMRT32V.DLL
MOD - [2009/05/28 16:09:36 | 000,049,976 | ---- | M] () -- C:\Program Files\Lenovo\Message Center Plus\MCPLaunch.exe
MOD - [2009/02/27 16:38:20 | 000,139,264 | R--- | M] () -- C:\Program Files\Brother\BrUtilities\BrLogAPI.dll
MOD - [2008/11/20 18:27:28 | 000,020,480 | ---- | M] () -- C:\Program Files\Lenovo\Lenovo Mouse Suite\FSRremoS.EXE


========== Win32 Services (SafeList) ==========

SRV - File not found [Auto | Stopped] -- C:\Program Files\LogMeIn\x86\LMIGuardianSvc.exe -- (LMIGuardianSvc)
SRV - [2012/04/14 14:02:15 | 000,253,088 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Windows\System32\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc)
SRV - [2012/03/08 12:05:11 | 000,609,144 | ---- | M] (Citrix Online, a division of Citrix Systems, Inc.) [On_Demand | Stopped] -- C:\Program Files\Citrix\GoToAssist Express Customer\363\g2ax_service.exe -- (GoToAssist Express Customer)
SRV - [2012/03/05 19:29:44 | 002,416,000 | ---- | M] (TeamViewer GmbH) [Auto | Running] -- C:\Program Files\TeamViewer\Version6\TeamViewer_Service.exe -- (TeamViewer6)
SRV - [2012/03/05 07:55:03 | 000,689,680 | ---- | M] (Trend Micro Inc.) [On_Demand | Running] -- C:\Program Files\Trend Micro\Client Server Security Agent\TmProxy.exe -- (TmProxy)
SRV - [2012/03/05 07:55:02 | 001,531,392 | ---- | M] (Trend Micro Inc.) [Auto | Running] -- C:\Program Files\Trend Micro\Client Server Security Agent\TmListen.exe -- (tmlisten)
SRV - [2012/03/05 07:55:00 | 001,336,464 | ---- | M] (Trend Micro Inc.) [Auto | Running] -- C:\Program Files\Trend Micro\Client Server Security Agent\NTRtScan.exe -- (ntrtscan)
SRV - [2012/02/10 11:28:06 | 000,240,408 | ---- | M] (Microsoft Corporation.) [On_Demand | Running] -- C:\Program Files\Microsoft\BingBar\7.1.361.0\SeaPort.EXE -- (BBUpdate)
SRV - [2012/02/10 11:28:06 | 000,193,816 | ---- | M] (Microsoft Corporation.) [Auto | Running] -- C:\Program Files\Microsoft\BingBar\7.1.361.0\BBSvc.EXE -- (BBSvc)
SRV - [2012/02/07 21:16:44 | 000,050,704 | ---- | M] (Trend Micro Inc.) [Auto | Running] -- C:\Program Files\Trend Micro\Client Server Security Agent\HostedAgent\svcGenericHost.exe -- (svcGenericHost)
SRV - [2012/01/03 23:10:42 | 000,063,928 | ---- | M] (Adobe Systems Incorporated) [Auto | Running] -- C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe -- (AdobeARMservice)
SRV - [2011/08/12 09:38:07 | 000,116,608 | ---- | M] (SUPERAntiSpyware.com) [Auto | Running] -- C:\Program Files\SUPERAntiSpyware\SASCore.exe -- (!SASCORE)
SRV - [2011/07/07 11:01:43 | 000,016,680 | ---- | M] (Citrix Online, a division of Citrix Systems, Inc.) [On_Demand | Stopped] -- C:\Program Files\Citrix\GoToAssist\570\g2aservice.exe -- (GoToAssist)
SRV - [2011/06/03 09:31:52 | 000,345,616 | ---- | M] () [On_Demand | Running] -- C:\Program Files\Trend Micro\BM\TMBMSRV.exe -- (TMBMServer)
SRV - [2010/04/22 16:04:22 | 000,184,320 | ---- | M] () [Auto | Running] -- C:\Program Files\Lenovo\Lenovo Mouse Suite\PelService.exe -- (PelService)
SRV - [2010/03/16 07:54:56 | 000,028,672 | ---- | M] (Lenovo Group Limited) [Auto | Running] -- c:\Program Files\Lenovo\System Update\SUService.exe -- (SUService)
SRV - [2009/10/16 19:06:14 | 000,072,256 | ---- | M] (Lenovo) [Auto | Running] -- C:\Program Files\ThinkPad\Utilities\PWMDBSVC.exe -- (Power Manager DBC Service)
SRV - [2009/08/29 08:09:58 | 001,019,904 | ---- | M] (Lenovo Group Limited) [Auto | Running] -- C:\Program Files\Common Files\Lenovo\tvt_reg_monitor_svc.exe -- (ThinkVantage Registry Monitor Service)
SRV - [2009/07/14 11:16:15 | 000,016,384 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\StorSvc.dll -- (StorSvc)
SRV - [2009/07/14 11:16:13 | 000,025,088 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\sensrsvc.dll -- (SensrSvc)
SRV - [2009/07/14 11:16:12 | 001,004,544 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\PeerDistSvc.dll -- (PeerDistSvc)
SRV - [2009/07/14 11:15:41 | 000,680,960 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
SRV - [2008/02/08 06:41:12 | 000,185,632 | ---- | M] (Protexis Inc.) [Auto | Running] -- C:\Program Files\Common Files\Protexis\License Service\PsiService_2.exe -- (PSI_SVC_2)
SRV - [2008/01/11 06:13:50 | 000,061,440 | ---- | M] (Ulead Systems, Inc.) [Auto | Running] -- C:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe -- (UleadBurningHelper)


========== Driver Services (SafeList) ==========

DRV - File not found [Kernel | Auto | Stopped] -- C:\Program Files\LogMeIn\x86\RaInfo.sys -- (LMIInfo)
DRV - File not found [Kernel | Unavailable | Unknown] -- -- (kwldipob)
DRV - File not found [Kernel | On_Demand | Stopped] -- C:\Users\scott\AppData\Local\Temp\catchme.sys -- (catchme)
DRV - [2011/10/03 16:05:46 | 000,062,224 | ---- | M] () [Kernel | On_Demand | Running] -- C:\Windows\System32\DRIVERS\tmactmon.sys -- (tmactmon)
DRV - [2011/10/03 16:05:30 | 000,054,544 | ---- | M] () [Kernel | On_Demand | Running] -- C:\Windows\System32\DRIVERS\tmevtmgr.sys -- (tmevtmgr)
DRV - [2011/10/03 16:05:18 | 000,165,136 | ---- | M] () [Kernel | Auto | Running] -- C:\Windows\System32\DRIVERS\tmcomm.sys -- (tmcomm)
DRV - [2011/07/23 02:27:02 | 000,012,880 | ---- | M] (SUPERAdBlocker.com and SUPERAntiSpyware.com) [Kernel | System | Running] -- C:\Program Files\SUPERAntiSpyware\sasdifsv.sys -- (SASDIFSV)
DRV - [2011/07/13 07:55:22 | 000,067,664 | ---- | M] (SUPERAdBlocker.com and SUPERAntiSpyware.com) [Kernel | System | Running] -- C:\Program Files\SUPERAntiSpyware\SASKUTIL.SYS -- (SASKUTIL)
DRV - [2011/07/12 09:44:10 | 000,262,416 | ---- | M] (Trend Micro Inc.) [Kernel | Auto | Running] -- C:\Program Files\Trend Micro\Client Server Security Agent\TmXPFlt.sys -- (TmFilter)
DRV - [2011/07/12 09:43:58 | 000,036,624 | ---- | M] (Trend Micro Inc.) [Kernel | Auto | Running] -- C:\Program Files\Trend Micro\Client Server Security Agent\tmpreflt.sys -- (TmPreFilter)
DRV - [2011/07/12 09:09:32 | 001,405,720 | ---- | M] (Trend Micro Inc.) [Kernel | Auto | Running] -- C:\Program Files\Trend Micro\Client Server Security Agent\vsapiNT.sys -- (VSApiNt)
DRV - [2011/06/17 21:28:18 | 000,240,736 | ---- | M] (Microsoft Corporation) [File_System | Disabled | Stopped] -- C:\Windows\System32\drivers\RsFx0151.sys -- (RsFx0151)
DRV - [2011/03/28 13:16:06 | 000,090,448 | ---- | M] (Trend Micro Inc.) [Kernel | System | Running] -- C:\Windows\System32\drivers\tmtdi.sys -- (tmtdi)
DRV - [2011/03/01 12:12:24 | 000,083,360 | ---- | M] (LogMeIn, Inc.) [File_System | Disabled | Stopped] -- C:\Windows\System32\LMIRfsClientNP.dll -- (LMIRfsClientNP)
DRV - [2010/11/20 04:30:16 | 000,175,360 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\System32\drivers\vmbus.sys -- (vmbus)
DRV - [2010/11/20 04:30:16 | 000,040,704 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\System32\drivers\vmstorfl.sys -- (storflt)
DRV - [2010/11/20 04:30:16 | 000,028,032 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\storvsc.sys -- (storvsc)
DRV - [2010/11/20 02:24:42 | 000,052,224 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\TsUsbFlt.sys -- (TsUsbFlt)
DRV - [2010/11/20 01:59:46 | 000,035,968 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\winusb.sys -- (WinUsb)
DRV - [2010/11/20 01:14:46 | 000,017,920 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\VMBusHID.sys -- (VMBusHID)
DRV - [2010/11/20 01:14:42 | 000,005,632 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\vms3cap.sys -- (s3cap)
DRV - [2010/09/17 15:40:06 | 000,047,640 | ---- | M] (LogMeIn, Inc.) [File_System | Auto | Running] -- C:\Windows\System32\drivers\LMIRfsDriver.sys -- (LMIRfsDriver)
DRV - [2010/05/05 05:37:58 | 000,024,576 | ---- | M] (TPMX Electronics Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\PELUSBLF.SYS -- (pelusblf)
DRV - [2009/11/03 08:29:42 | 000,019,456 | ---- | M] (TPMX Electronics Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\PELMOUSE.SYS -- (pelmouse)
DRV - [2009/07/14 09:45:33 | 000,083,456 | ---- | M] (Brother Industries Ltd.) [Kernel | System | Running] -- C:\Windows\System32\drivers\serial.sys -- (Serial)
DRV - [2009/07/14 09:12:52 | 000,030,720 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\tpm.sys -- (TPM)
DRV - [2009/07/14 08:02:51 | 004,231,168 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\netw5v32.sys -- (netw5v32) Intel®
DRV - [2009/07/02 12:16:16 | 000,033,088 | ---- | M] (Lenovo (United States) Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\psadd.sys -- (psadd)
DRV - [2009/06/06 11:18:08 | 000,011,720 | ---- | M] () [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\spio.sys -- (SuperIO)
DRV - [2009/05/20 13:10:00 | 000,314,368 | ---- | M] (Marvell) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\yk62x86.sys -- (yukonw7)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\..\SearchScopes,DefaultScope = {6A1806CD-94D4-4689-BA73-E35EA1EA9990}
IE - HKLM\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = http://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7
IE - HKLM\..\SearchScopes\{F70BEBC5-AC06-44A8-9DCD-62CCBD0A2D27}: "URL" = http://www.bing.com/search?q={searchTerms}&form=LEMDF8&pc=MALC&src=IE-SearchBox

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://companyweb
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.com.au/
IE - HKCU\..\SearchScopes,DefaultScope = {6A1806CD-94D4-4689-BA73-E35EA1EA9990}
IE - HKCU\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = http://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7&rlz=1I7ADRA_enAU438
IE - HKCU\..\SearchScopes\{AA16071E-46FD-408B-B119-8D627F0C2F74}: "URL" = http://websearch.ask.com/redirect?client=ie&tb=ORJ&o=&src=kw&q={searchTerms}&locale=&apn_ptnrs=&apn_dtid=OSJ000&apn_uid=EF6A6E8C-7F47-49B3-8BB0-025B95A30AA7&apn_sauid=FEA4D94D-75D2-44B9-B027-4ABF813379BD&
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0


========== FireFox ==========

FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF32.dll ()
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll ()
FF - HKLM\Software\MozillaPlugins\@Google.com/GoogleEarthPlugin: C:\Program Files\Google\Google Earth\plugin\npgeplugin.dll (Google)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\4.1.10111.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0: C:\PROGRA~1\MICROS~4\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/SharePoint,version=14.0: C:\PROGRA~1\MICROS~4\Office14\NPSPWRAP.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3502.0922: C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files\Google\Update\1.3.21.111\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files\Google\Update\1.3.21.111\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Users\scott\AppData\Local\Google\Update\1.3.21.111\npGoogleUpdate3.dll (Google Inc.)
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Users\scott\AppData\Local\Google\Update\1.3.21.111\npGoogleUpdate3.dll (Google Inc.)

FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{22C7F6C6-8D67-4534-92B5-529A0EC09405}: C:\Program Files\Trend Micro\Client Server Security Agent\bho\1040\FirefoxExtension [2012/03/05 07:57:56 | 000,000,000 | ---D | M]


========== Chrome ==========

CHR - default_search_provider: Google (Enabled)
CHR - default_search_provider: search_url = {google:baseURL}search?{google:RLZ}{google:acceptedSuggestion}{google:originalQueryForSuggestion}{google:searchFieldtrialParameter}{google:instantFieldTrialGroupParameter}sourceid=chrome&ie={inputEncoding}&q={searchTerms}
CHR - default_search_provider: suggest_url = {google:baseSuggestURL}search?{google:searchFieldtrialParameter}{google:instantFieldTrialGroupParameter}client=chrome&hl={language}&q={searchTerms}
CHR - plugin: Shockwave Flash (Enabled) = C:\Users\scott\AppData\Local\Google\Chrome\Application\18.0.1025.162\gcswf32.dll
CHR - plugin: Shockwave Flash (Enabled) = C:\Windows\system32\Macromed\Flash\NPSWF32.dll
CHR - plugin: Java Deployment Toolkit 6.0.170.4 (Enabled) = C:\Program Files\Java\jre6\bin\new_plugin\npdeploytk.dll
CHR - plugin: Java™ Platform SE 6 U17 (Enabled) = C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll
CHR - plugin: Adobe Acrobat (Disabled) = C:\Program Files\Adobe\Reader 9.0\Reader\Browser\nppdf32.dll
CHR - plugin: Silverlight Plug-In (Enabled) = c:\Program Files\Microsoft Silverlight\4.0.50401.0\npctrl.dll
CHR - plugin: Microsoft Office 2010 (Enabled) = C:\PROGRA~1\MICROS~4\Office14\NPAUTHZ.DLL
CHR - plugin: Microsoft Office 2010 (Enabled) = C:\PROGRA~1\MICROS~4\Office14\NPSPWRAP.DLL
CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Users\scott\AppData\Local\Google\Chrome\Application\18.0.1025.162\pdf.dll
CHR - plugin: Google Gears 0.5.33.0 (Enabled) = C:\Users\scott\AppData\Local\Google\Chrome\Application\18.0.1025.162\gears.dll
CHR - plugin: Bing Bar (Enabled) = C:\Program Files\MSN Toolbar\Platform\6.0.2282.0\npwinext.dll
CHR - plugin: Windows Live\u0099 Photo Gallery (Enabled) = C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll
CHR - plugin: Google Update (Enabled) = C:\Users\scott\AppData\Local\Google\Update\1.2.183.39\npGoogleOneClick8.dll
CHR - plugin: Default Plug-in (Enabled) = default_plugin

O1 HOSTS File: ([2012/04/19 09:06:03 | 000,000,027 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O2 - BHO: (TmIEPlugInBHO Class) - {1CA1377B-DC1D-4A52-9585-6E06050FAC53} - C:\Program Files\Trend Micro\Client Server Security Agent\bho\1040\TmIEPlg.dll (Trend Micro Inc.)
O2 - BHO: (Java™ Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll (Sun Microsystems, Inc.)
O2 - BHO: (Office Document Cache Handler) - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation)
O2 - BHO: (Bing Bar Helper) - {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - C:\Program Files\Microsoft\BingBar\7.1.361.0\BingExt.dll (Microsoft Corporation.)
O2 - BHO: (Ask Toolbar) - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files\Ask.com\GenericAskToolbar.dll (Ask)
O3 - HKLM\..\Toolbar: (Bing Bar) - {8dcb7100-df86-4384-8842-8fa844297b3f} - C:\Program Files\Microsoft\BingBar\7.1.361.0\BingExt.dll (Microsoft Corporation.)
O3 - HKLM\..\Toolbar: (Ask Toolbar) - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files\Ask.com\GenericAskToolbar.dll (Ask)
O4 - HKLM..\Run: [Act! Preloader] C:\Program Files\ACT\Act for Windows\ActSage.exe (Sage Software, Inc.)
O4 - HKLM..\Run: [Act.Outlook.Service] C:\Program Files\ACT\Act for Windows\Act.Outlook.Service.exe (Sage Software, Inc.)
O4 - HKLM..\Run: [ApnUpdater] C:\Program Files\Ask.com\Updater\Updater.exe (Ask)
O4 - HKLM..\Run: [APSDaemon] C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe (Apple Inc.)
O4 - HKLM..\Run: [ControlCenter3] C:\Program Files\Brother\ControlCenter3\brctrcen.exe (Brother Industries, Ltd.)
O4 - HKLM..\Run: [Daemon for Mouse Suite] C:\Program Files\Lenovo\Lenovo Mouse Suite\ICO.EXE (Primax Electronics Ltd.)
O4 - HKLM..\Run: [LenovoFSC] C:\Program Files\Lenovo\FanSpeedControl\LenovoFSC.exe (Lenovo (Shenzhen) Electronic Co., Ltd.)
O4 - HKLM..\Run: [Logitech Download Assistant] C:\Windows\System32\LogiLDA.dll (Logitech, Inc.)
O4 - HKLM..\Run: [Message Center Plus] C:\Program Files\LENOVO\Message Center Plus\MCPLaunch.exe ()
O4 - HKLM..\Run: [navservice] C:\Program Files\Navionics World\NavService.exe ()
O4 - HKLM..\Run: [OfficeScanNT Monitor] C:\Program Files\Trend Micro\Client Server Security Agent\pccntmon.exe (Trend Micro Inc.)
O4 - HKLM..\Run: [Power Manager Power Agenda] C:\Program Files\ThinkPad\Utilities\DPMHost.EXE ()
O4 - HKLM..\Run: [PWMTRV] C:\Program Files\ThinkPad\Utilities\PWMTR32V.DLL (Lenovo Group Limited)
O4 - HKCU..\Run: [BIBLauncher] C:\Program Files\Business-in-a-Box\BIBLauncher.exe ()
O4 - HKCU..\Run: [MobileDocuments] C:\Program Files\Common Files\Apple\Internet Services\ubd.exe (Apple Inc.)
O4 - HKCU..\Run: [SUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe (SUPERAntiSpyware.com)
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Main present
O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\PhishingFilter present
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O8 - Extra context menu item: E&xport to Microsoft Excel - C:\Program Files\Microsoft Office\Office14\EXCEL.EXE (Microsoft Corporation)
O8 - Extra context menu item: Se&nd to OneNote - C:\Program Files\Microsoft Office\Office14\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra Button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office\Office14\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : Se&nd to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office\Office14\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra Button: OneNote Lin&ked Notes - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files\Microsoft Office\Office14\ONBttnIELinkedNotes.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : OneNote Lin&ked Notes - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files\Microsoft Office\Office14\ONBttnIELinkedNotes.dll (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000010 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O15 - HKCU\..Trusted Domains: sbsbuilding.com.au ([remote] https in Local intranet)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_30-windows-i586.cab (Java Plug-in 1.6.0_30)
O16 - DPF: {CAFEEFAC-0016-0000-0030-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_30-windows-i586.cab (Java Plug-in 1.6.0_30)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_30-windows-i586.cab (Java Plug-in 1.6.0_30)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab (Shockwave Flash Object)
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab (Reg Error: Key error.)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.0.2
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: Domain = sbsbuilding.local
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{F7945F9A-B344-4FFD-A0E9-C119B71B937D}: DhcpNameServer = 192.168.0.2
O18 - Protocol\Handler\tmpx {0E526CB5-7446-41D1-A403-19BFE95E8C23} - C:\Program Files\Trend Micro\Client Server Security Agent\bho\1040\TmIEPlg.dll (Trend Micro Inc.)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\System32\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\System32\SystemPropertiesPerformance.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (/pagefile) - File not found
O20 - Winlogon\Notify\GoToAssist: DllName - (C:\Program Files\Citrix\GoToAssist\570\G2AWinLogon.dll) - C:\Program Files\Citrix\GoToAssist\570\g2awinlogon.dll (Citrix Online, a division of Citrix Systems, Inc.)
O20 - Winlogon\Notify\GoToAssist Express Customer: DllName - (C:\Program Files\Citrix\GoToAssist Express Customer\363\g2ax_winlogon.dll) - C:\Program Files\Citrix\GoToAssist Express Customer\363\g2ax_winlogon.dll (Citrix Online, a division of Citrix Systems, Inc.)
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2009/06/11 07:42:20 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = ComFile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*


SafeBootMin: !SASCORE - C:\Program Files\SUPERAntiSpyware\SASCore.exe (SUPERAntiSpyware.com)
SafeBootMin: Base - Driver Group
SafeBootMin: Boot Bus Extender - Driver Group
SafeBootMin: Boot file system - Driver Group
SafeBootMin: File system - Driver Group
SafeBootMin: Filter - Driver Group
SafeBootMin: HelpSvc - Service
SafeBootMin: NTDS - File not found
SafeBootMin: PCI Configuration - Driver Group
SafeBootMin: PNP Filter - Driver Group
SafeBootMin: Primary disk - Driver Group
SafeBootMin: sacsvr - Service
SafeBootMin: SCSI Class - Driver Group
SafeBootMin: System Bus Extender - Driver Group
SafeBootMin: vmms - Service
SafeBootMin: WinDefend - C:\Program Files\Windows Defender\MpSvc.dll (Microsoft Corporation)
SafeBootMin: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers
SafeBootMin: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive
SafeBootMin: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive
SafeBootMin: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller
SafeBootMin: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc
SafeBootMin: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard
SafeBootMin: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse
SafeBootMin: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters
SafeBootMin: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter
SafeBootMin: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System
SafeBootMin: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive
SafeBootMin: {533C5B84-EC70-11D2-9505-00C04F79DEAF} - Volume shadow copy
SafeBootMin: {6BDD1FC1-810F-11D0-BEC7-08002BE2092F} - IEEE 1394 Bus host controllers
SafeBootMin: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume
SafeBootMin: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices
SafeBootMin: {D48179BE-EC20-11D1-B6B8-00C04FA372A7} - SBP2 IEEE 1394 Devices
SafeBootMin: {D94EE5D8-D189-4994-83D2-F68D7D41B0E6} - SecurityDevices

ActiveX: {08B0E5C0-4FCB-11CF-AAA5-00401C608500} - Java (Sun)
ActiveX: {22d6f312-b0f6-11d0-94ab-0080c74c7e95} - Microsoft Windows Media Player 12.0
ActiveX: {2C7339CF-2B09-4501-B3F3-F3508C9228ED} - %SystemRoot%\system32\regsvr32.exe /s /n /i:/UserInstall %SystemRoot%\system32\themeui.dll
ActiveX: {3af36230-a269-11d1-b5bf-0000f8051515} - Offline Browsing Pack
ActiveX: {3C3901C5-3455-3E0A-A214-0B093A5070A6} - .NET Framework
ActiveX: {44BBA840-CC51-11CF-AAFA-00AA00B6015C} - "%ProgramFiles%\Windows Mail\WinMail.exe" OCInstallUserConfigOE
ActiveX: {44BBA855-CC51-11CF-AAFA-00AA00B6015F} - DirectDrawEx
ActiveX: {45ea75a0-a269-11d1-b5bf-0000f8051515} - Internet Explorer Help
ActiveX: {4f645220-306d-11d2-995d-00c04f98bbc9} - Microsoft Windows Script 5.6
ActiveX: {5fd399c0-a70a-11d1-9948-00c04f98bbc9} - Internet Explorer Setup Tools
ActiveX: {630b1da0-b465-11d1-9948-00c04f98bbc9} - Browsing Enhancements
ActiveX: {6BF52A52-394A-11d3-B153-00C04F79FAA6} - Microsoft Windows Media Player
ActiveX: {6fab99d0-bab8-11d1-994a-00c04f98bbc9} - MSN Site Access
ActiveX: {7790769C-0471-11d2-AF11-00C04FA35D02} - Address Book 7
ActiveX: {7C028AF8-F614-47B3-82DA-BA94E41B1089} - .NET Framework
ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4340} - regsvr32.exe /s /n /i:U shell32.dll
ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4383} - C:\Windows\System32\ie4uinit.exe -BaseSettings
ActiveX: {89B4C1CD-B018-4511-B0A1-5476DBF70820} - C:\Windows\system32\Rundll32.exe C:\Windows\system32\mscories.dll,Install
ActiveX: {9381D8F2-0288-11D0-9501-00AA00B911A5} - Dynamic HTML Data Binding
ActiveX: {C9E9A340-D1F1-11D0-821E-444553540600} - Internet Explorer Core Fonts
ActiveX: {D27CDB6E-AE6D-11CF-96B8-444553540000} - Adobe Flash Player
ActiveX: {de5aed00-a4bf-11d1-9948-00c04f98bbc9} - HTML Help
ActiveX: {E92B03AB-B707-11d2-9CBD-0000F87A369E} - Active Directory Service Interface
ActiveX: >{22d6f312-b0f6-11d0-94ab-0080c74c7e95} - %SystemRoot%\system32\unregmp2.exe /ShowWMP
ActiveX: >{26923b43-4d38-484f-9b9e-de460746276c} - C:\Windows\System32\ie4uinit.exe -UserIconConfig
ActiveX: >{60B49E34-C7CC-11D0-8953-00A0C90347FF} - "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\iedkcs32.dll",BrandIEActiveSetup SIGNUP

Drivers32: msacm.dvacm - C:\Program Files\Common Files\Ulead Systems\vio\DVACM.acm (Ulead Systems, Inc.)
Drivers32: msacm.l3acm - C:\Windows\System32\l3codeca.acm (Fraunhofer Institut Integrierte Schaltungen IIS)
Drivers32: msacm.mpegacm - C:\Program Files\Common Files\Ulead Systems\MPEG\MPEGACM.acm (Ulead Systems, Inc.)
Drivers32: msacm.ulmp3acm - C:\Program Files\Common Files\Ulead Systems\MPEG\ulmp3acm.acm (Ulead systems)
Drivers32: MSVideo8 - C:\Windows\System32\vfwwdm32.dll (Microsoft Corporation)
Drivers32: vidc.cvid - C:\Windows\System32\iccvid.dll (Radius Inc.)

NetSvcs: FastUserSwitchingCompatibility - File not found
NetSvcs: Ias - C:\Windows\System32\ias.dll (Microsoft Corporation)
NetSvcs: Nla - File not found
NetSvcs: Ntmssvc - File not found
NetSvcs: NWCWorkstation - File not found
NetSvcs: Nwsapagent - File not found
NetSvcs: SRService - File not found
NetSvcs: WmdmPmSp - File not found
NetSvcs: LogonHours - File not found
NetSvcs: PCAudit - File not found
NetSvcs: helpsvc - File not found
NetSvcs: uploadmgr - File not found

========== Files/Folders - Created Within 30 Days ==========

[2012/04/19 21:40:15 | 000,100,864 | ---- | C] (GMER) -- C:\kwldipob.sys
[2012/04/19 21:35:54 | 000,595,968 | ---- | C] (OldTimer Tools) -- C:\Users\scott\Desktop\OTL.exe
[2012/04/19 17:28:32 | 000,000,000 | ---D | C] -- C:\Users\scott\DoctorWeb
[2012/04/19 17:24:55 | 000,000,000 | ---D | C] -- C:\Users\scott\AppData\Roaming\SUPERAntiSpyware.com
[2012/04/19 17:22:22 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\SUPERAntiSpyware
[2012/04/19 17:22:17 | 000,000,000 | ---D | C] -- C:\ProgramData\SUPERAntiSpyware.com
[2012/04/19 17:22:17 | 000,000,000 | ---D | C] -- C:\Program Files\SUPERAntiSpyware
[2012/04/19 17:16:19 | 000,000,000 | ---D | C] -- C:\Program Files\ESET
[2012/04/19 09:50:26 | 000,000,000 | ---D | C] -- C:\Windows\System32\appmgmt
[2012/04/19 09:07:21 | 000,000,000 | ---D | C] -- C:\Windows\temp
[2012/04/19 09:07:20 | 000,000,000 | -HSD | C] -- C:\$RECYCLE.BIN
[2012/04/19 08:58:52 | 000,518,144 | ---- | C] (SteelWerX) -- C:\Windows\SWREG.exe
[2012/04/19 08:58:52 | 000,406,528 | ---- | C] (SteelWerX) -- C:\Windows\SWSC.exe
[2012/04/19 08:58:52 | 000,060,416 | ---- | C] (NirSoft) -- C:\Windows\NIRCMD.exe
[2012/04/19 08:58:47 | 000,000,000 | ---D | C] -- C:\Windows\ERDNT
[2012/04/19 08:57:56 | 000,000,000 | ---D | C] -- C:\Qoobox
[2012/04/13 03:00:12 | 000,002,048 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\tzres.dll
[2012/04/12 14:06:28 | 002,998,336 | ---- | C] (TeamViewer) -- C:\Users\scott\Desktop\Technicalities Remote Help.exe
[2012/04/12 12:51:59 | 002,382,848 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mshtml.tlb
[2012/04/12 12:51:58 | 001,799,168 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\jscript9.dll
[2012/04/12 12:51:58 | 000,231,936 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\url.dll
[2012/04/12 12:51:58 | 000,065,024 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\jsproxy.dll
[2012/04/12 12:51:57 | 001,427,456 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\inetcpl.cpl
[2012/04/12 12:51:57 | 000,176,640 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieui.dll
[2012/04/12 12:30:34 | 000,000,000 | ---D | C] -- C:\Users\scott\AppData\Roaming\Malwarebytes
[2012/04/12 12:30:26 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware
[2012/04/12 12:30:25 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes
[2012/04/12 12:30:23 | 000,022,344 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbam.sys
[2012/04/12 12:30:23 | 000,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware
[2012/04/10 10:41:08 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Constructor
[2012/04/10 10:40:52 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Data Dynamics
[2012/04/10 10:40:52 | 000,000,000 | ---D | C] -- C:\Program Files\Constructor
[2012/04/03 09:32:30 | 000,418,464 | ---- | C] (Adobe Systems Incorporated) -- C:\Windows\System32\FlashPlayerApp.exe
[2012/03/30 12:41:55 | 000,000,000 | ---D | C] -- C:\Users\scott\Desktop\Navionics_Temp
[2012/03/30 08:30:35 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\iTunes
[2012/03/30 08:29:38 | 000,000,000 | ---D | C] -- C:\Program Files\iPod

========== Files - Modified Within 30 Days ==========

[2012/04/19 21:42:59 | 000,000,528 | ---- | M] () -- C:\Windows\tasks\PCDoctorBackgroundMonitorTask.job
[2012/04/19 21:40:15 | 000,100,864 | ---- | M] (GMER) -- C:\kwldipob.sys
[2012/04/19 21:40:10 | 000,302,592 | ---- | M] () -- C:\Users\scott\Desktop\tyr8rndq.exe
[2012/04/19 21:37:00 | 000,000,884 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2012/04/19 21:35:58 | 000,595,968 | ---- | M] (OldTimer Tools) -- C:\Users\scott\Desktop\OTL.exe
[2012/04/19 21:35:00 | 000,000,382 | ---- | M] () -- C:\Windows\tasks\SystemToolsDailyTest.job
[2012/04/19 21:31:24 | 000,000,848 | -HS- | M] () -- C:\ProgramData\KGyGaAvL.sys
[2012/04/19 21:31:09 | 000,000,880 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2012/04/19 21:31:09 | 000,000,435 | ---- | M] () -- C:\Windows\BRWMARK.INI
[2012/04/19 21:31:09 | 000,000,027 | ---- | M] () -- C:\Windows\BRPP2KA.INI
[2012/04/19 21:31:07 | 000,001,444 | RHS- | M] () -- C:\Users\scott\ntuser.pol
[2012/04/19 21:28:01 | 000,000,908 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-1987074194-147476449-210185347-1145UA.job
[2012/04/19 21:26:07 | 000,016,768 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2012/04/19 21:26:07 | 000,016,768 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2012/04/19 21:23:04 | 000,828,558 | ---- | M] () -- C:\Windows\System32\perfh009.dat
[2012/04/19 21:23:04 | 000,177,148 | ---- | M] () -- C:\Windows\System32\perfc009.dat
[2012/04/19 21:19:09 | 000,000,031 | ---- | M] () -- C:\tmuninst.ini
[2012/04/19 21:18:55 | 000,000,312 | ---- | M] () -- C:\Windows\tasks\Ynojsssujb.job
[2012/04/19 21:18:49 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2012/04/19 21:18:46 | 2388,582,400 | -HS- | M] () -- C:\hiberfil.sys
[2012/04/19 21:02:00 | 000,000,830 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job
[2012/04/19 17:28:02 | 000,000,856 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-1987074194-147476449-210185347-1145Core.job
[2012/04/19 17:22:22 | 000,001,972 | ---- | M] () -- C:\Users\Public\Desktop\SUPERAntiSpyware Free Edition.lnk
[2012/04/19 09:06:03 | 000,000,027 | ---- | M] () -- C:\Windows\System32\drivers\etc\hosts
[2012/04/14 14:02:15 | 000,418,464 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\System32\FlashPlayerApp.exe
[2012/04/14 14:02:15 | 000,070,304 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\System32\FlashPlayerCPLApp.cpl
[2012/04/12 14:06:38 | 002,998,336 | ---- | M] (TeamViewer) -- C:\Users\scott\Desktop\Technicalities Remote Help.exe
[2012/04/12 13:08:16 | 000,001,112 | ---- | M] () -- C:\Users\scott\Application Data\Microsoft\Internet Explorer\Quick Launch\Microsoft Outlook.lnk
[2012/04/12 13:08:02 | 000,002,006 | -H-- | M] () -- C:\Users\scott\Documents\Default.rdp
[2012/04/12 12:30:26 | 000,001,078 | ---- | M] () -- C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
[2012/04/10 10:41:08 | 000,001,865 | ---- | M] () -- C:\Users\Public\Desktop\Constructor.lnk
[2012/04/04 15:56:40 | 000,022,344 | ---- | M] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbam.sys
[2012/04/04 09:49:05 | 000,048,484 | RHS- | M] () -- C:\ProgramData\ntuser.pol
[2012/04/02 13:09:44 | 000,000,204 | ---- | M] () -- C:\Windows\MYOBP.INI
[2012/04/02 13:09:39 | 000,000,039 | ---- | M] () -- C:\Windows\MYOB.INI
[2012/03/30 12:50:09 | 000,001,927 | ---- | M] () -- C:\Users\Public\Desktop\Navionics World.lnk
[2012/03/30 12:41:22 | 000,001,919 | ---- | M] () -- C:\Users\Public\Desktop\Navionics.lnk
[2012/03/27 07:58:48 | 000,002,503 | ---- | M] () -- C:\Users\scott\Application Data\Microsoft\Internet Explorer\Quick Launch\Apple Safari.lnk

========== Files Created - No Company Name ==========

[2012/04/19 21:40:08 | 000,302,592 | ---- | C] () -- C:\Users\scott\Desktop\tyr8rndq.exe
[2012/04/19 17:22:22 | 000,001,972 | ---- | C] () -- C:\Users\Public\Desktop\SUPERAntiSpyware Free Edition.lnk
[2012/04/19 08:58:52 | 000,256,000 | ---- | C] () -- C:\Windows\PEV.exe
[2012/04/19 08:58:52 | 000,208,896 | ---- | C] () -- C:\Windows\MBR.exe
[2012/04/19 08:58:52 | 000,098,816 | ---- | C] () -- C:\Windows\sed.exe
[2012/04/19 08:58:52 | 000,080,412 | ---- | C] () -- C:\Windows\grep.exe
[2012/04/19 08:58:52 | 000,068,096 | ---- | C] () -- C:\Windows\zip.exe
[2012/04/12 12:30:26 | 000,001,078 | ---- | C] () -- C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
[2012/04/10 10:41:08 | 000,001,865 | ---- | C] () -- C:\Users\Public\Desktop\Constructor.lnk
[2012/04/03 09:32:31 | 000,000,830 | ---- | C] () -- C:\Windows\tasks\Adobe Flash Player Updater.job
[2012/03/30 12:50:09 | 000,001,927 | ---- | C] () -- C:\Users\Public\Desktop\Navionics World.lnk
[2012/03/06 13:52:50 | 000,147,456 | RHS- | C] () -- C:\Windows\System32\dxdiagnm.dll
[2011/05/11 14:39:27 | 000,000,000 | ---- | C] () -- C:\Users\scott\AppData\Roaming\bibstats
[2011/04/11 14:43:51 | 000,000,749 | ---- | C] () -- C:\Windows\Brpfx04a.ini
[2011/04/11 14:43:51 | 000,000,094 | ---- | C] () -- C:\Windows\brpcfx.ini
[2011/04/11 14:41:56 | 000,000,050 | ---- | C] () -- C:\Windows\System32\bridf08a.dat
[2011/04/11 14:41:50 | 000,000,066 | ---- | C] () -- C:\Windows\Brfaxrx.ini
[2011/04/11 14:41:50 | 000,000,000 | ---- | C] () -- C:\Windows\brdfxspd.dat
[2011/04/11 14:41:49 | 000,106,496 | ---- | C] () -- C:\Windows\System32\BrMuSNMP.dll
[2011/04/03 16:26:21 | 000,000,435 | ---- | C] () -- C:\Windows\BRWMARK.INI
[2011/04/03 16:26:21 | 000,000,027 | ---- | C] () -- C:\Windows\BRPP2KA.INI
[2011/04/03 15:57:00 | 000,000,204 | ---- | C] () -- C:\Windows\MYOBP.INI
[2011/04/03 15:57:00 | 000,000,039 | ---- | C] () -- C:\Windows\MYOB.INI
[2011/04/03 14:50:07 | 000,007,597 | ---- | C] () -- C:\Users\scott\AppData\Local\Resmon.ResmonCfg
[2011/04/03 02:01:43 | 000,066,048 | ---- | C] () -- C:\Windows\System32\PrintBrmUi.exe
[2011/04/01 17:22:22 | 000,000,088 | RHS- | C] () -- C:\ProgramData\B41DEFA6F2.sys
[2011/04/01 17:22:21 | 000,000,848 | -HS- | C] () -- C:\ProgramData\KGyGaAvL.sys
[2011/04/01 12:34:33 | 000,000,663 | ---- | C] () -- C:\Windows\openrda.ini
[2011/04/01 12:34:18 | 000,000,000 | ---- | C] () -- C:\Windows\drvxl32.INI
[2011/04/01 12:34:17 | 000,000,000 | ---- | C] () -- C:\Windows\drvwd32.INI
[2011/04/01 11:23:21 | 000,048,484 | RHS- | C] () -- C:\ProgramData\ntuser.pol
[2011/03/01 17:09:22 | 000,208,896 | ---- | C] () -- C:\Windows\System32\iglhsip32.dll
[2011/03/01 17:09:22 | 000,143,360 | ---- | C] () -- C:\Windows\System32\iglhcp32.dll
[2011/03/01 17:09:21 | 000,000,151 | ---- | C] () -- C:\Windows\System32\GfxUI.exe.config
[2011/03/01 16:21:39 | 000,140,288 | ---- | C] () -- C:\Windows\System32\igfxtvcx.dll
[2010/08/25 18:30:02 | 000,439,308 | ---- | C] () -- C:\Windows\System32\igcompkrng500.bin
[2010/08/25 18:30:00 | 000,982,240 | ---- | C] () -- C:\Windows\System32\igkrng500.bin
[2010/08/25 18:30:00 | 000,092,356 | ---- | C] () -- C:\Windows\System32\igfcg500m.bin
[2010/08/25 17:59:08 | 000,004,096 | ---- | C] ( ) -- C:\Windows\System32\IGFXDEVLib.dll
[2010/08/03 08:48:30 | 000,062,224 | ---- | C] () -- C:\Windows\System32\drivers\tmactmon.sys
[2010/08/03 08:48:20 | 000,054,544 | ---- | C] () -- C:\Windows\System32\drivers\tmevtmgr.sys
[2010/08/03 08:48:12 | 000,165,136 | ---- | C] () -- C:\Windows\System32\drivers\tmcomm.sys

========== Custom Scans ==========

< %SYSTEMDRIVE%\*.exe >

< MD5 for: EXPLORER.EXE >
[2009/07/14 11:14:20 | 002,613,248 | ---- | M] (Microsoft Corporation) MD5=15BC38A7492BEFE831966ADB477CF76F -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16385_none_518afd35db100430\explorer.exe
[2011/03/01 17:11:08 | 002,614,272 | ---- | M] (Microsoft Corporation) MD5=2626FC9755BE22F805D3CFA0CE3EE727 -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16450_none_51a66d6ddafc2ed1\explorer.exe
[2010/11/20 04:17:10 | 002,616,320 | ---- | M] (Microsoft Corporation) MD5=40D777B7A95E00593EB1568C68514493 -- C:\Windows\ERDNT\cache\explorer.exe
[2010/11/20 04:17:10 | 002,616,320 | ---- | M] (Microsoft Corporation) MD5=40D777B7A95E00593EB1568C68514493 -- C:\Windows\explorer.exe
[2010/11/20 04:17:10 | 002,616,320 | ---- | M] (Microsoft Corporation) MD5=40D777B7A95E00593EB1568C68514493 -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.17514_none_53bc10fdd7fe87ca\explorer.exe
[2011/03/01 17:10:38 | 002,613,248 | ---- | M] (Microsoft Corporation) MD5=9FF6C4C91A3711C0A3B18F87B08B518D -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.20500_none_526619d4f3f142e6\explorer.exe
[2011/03/01 17:10:38 | 002,613,248 | ---- | M] (Microsoft Corporation) MD5=B95EEB0F4E5EFBF1038A35B3351CF047 -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16404_none_51e07e31dad00878\explorer.exe
[2011/03/01 17:11:08 | 002,614,272 | ---- | M] (Microsoft Corporation) MD5=C76153C7ECA00FA852BB0C193378F917 -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.20563_none_52283b2af41f3691\explorer.exe

< MD5 for: WININIT.EXE >
[2009/07/14 11:14:45 | 000,096,256 | ---- | M] (Microsoft Corporation) MD5=B5C5DCAD3899512020D135600129D665 -- C:\Windows\ERDNT\cache\wininit.exe
[2009/07/14 11:14:45 | 000,096,256 | ---- | M] (Microsoft Corporation) MD5=B5C5DCAD3899512020D135600129D665 -- C:\Windows\System32\wininit.exe
[2009/07/14 11:14:45 | 000,096,256 | ---- | M] (Microsoft Corporation) MD5=B5C5DCAD3899512020D135600129D665 -- C:\Windows\winsxs\x86_microsoft-windows-wininit_31bf3856ad364e35_6.1.7600.16385_none_30c90ef265a43c13\wininit.exe

< MD5 for: WINLOGON.EXE >
[2012/04/04 15:56:38 | 000,199,240 | ---- | M] () MD5=097D0E812D7A9A3101CE46CB2BE0474D -- C:\Program Files\Malwarebytes' Anti-Malware\Chameleon\winlogon.exe
[2011/03/01 17:11:08 | 000,285,696 | ---- | M] (Microsoft Corporation) MD5=37CDB7E72EB66BA85A87CBE37E7F03FD -- C:\Windows\winsxs\x86_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7600.16447_none_6fc699643622d177\winlogon.exe
[2011/03/01 17:11:08 | 000,285,696 | ---- | M] (Microsoft Corporation) MD5=3BABE6767C78FBF5FB8435FEED187F30 -- C:\Windows\winsxs\x86_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7600.20560_none_703394514f56f7c2\winlogon.exe
[2010/11/20 04:17:56 | 000,286,720 | ---- | M] (Microsoft Corporation) MD5=6D13E1406F50C66E2A95D97F22C47560 -- C:\Windows\ERDNT\cache\winlogon.exe
[2010/11/20 04:17:56 | 000,286,720 | ---- | M] (Microsoft Corporation) MD5=6D13E1406F50C66E2A95D97F22C47560 -- C:\Windows\System32\winlogon.exe
[2010/11/20 04:17:56 | 000,286,720 | ---- | M] (Microsoft Corporation) MD5=6D13E1406F50C66E2A95D97F22C47560 -- C:\Windows\winsxs\x86_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7601.17514_none_71ca6b0233339500\winlogon.exe
[2009/07/14 11:14:45 | 000,285,696 | ---- | M] (Microsoft Corporation) MD5=8EC6A4AB12B8F3759E21F8E3A388F2CF -- C:\Windows\winsxs\x86_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7600.16385_none_6f99573a36451166\winlogon.exe

< End of report >

OTL Extras logfile created on: 4/19/2012 9:36:19 PM - Run 1
OTL by OldTimer - Version 3.2.40.0 Folder = C:\Users\scott\Desktop
Professional Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000409 | Country: Australia | Language: ENA | Date Format: d/MM/yyyy

2.97 Gb Total Physical Memory | 1.77 Gb Available Physical Memory | 59.54% Memory free
5.93 Gb Paging File | 4.50 Gb Available in Paging File | 75.83% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 454.82 Gb Total Space | 381.64 Gb Free Space | 83.91% Space Free | Partition Type: NTFS
Drive D: | 3.68 Gb Total Space | 3.55 Gb Free Space | 96.58% Space Free | Partition Type: FAT32
Drive Q: | 9.77 Gb Total Space | 4.39 Gb Free Space | 45.00% Space Free | Partition Type: NTFS

Computer Name: SCOTTDESKTOP | User Name: Scott | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Extra Registry (SafeList) ==========


========== File Associations ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\System32\control.exe (Microsoft Corporation)
.hlp [@ = hlpfile] -- C:\Windows\winhlp32.exe (Microsoft Corporation)

========== Shell Spawning ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
hlpfile [open] -- %SystemRoot%\winhlp32.exe %1 (Microsoft Corporation)
htmlfile [edit] -- "C:\Program Files\Microsoft Office\Office14\msohtmed.exe" %1 (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

========== Security Center Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 0
"FirewallDisableNotify" = 0
"AntiVirusDisableNotify" = 0
"UpdatesDisableNotify" = 0

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"VistaSp1" = Reg Error: Unknown registry data type -- File not found
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0

========== System Restore Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]
"DisableSR" = 0

========== Firewall Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall]
"PolicyVersion" = 512

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile]

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\FirewallRules]
"CoreNet-ICMP6-DU-In" = v2.0|Action=Allow|Active=TRUE|Dir=In|Protocol=58|Profile=Domain|ICMP6=1:*|App=System|Name=@FirewallAPI.dll,-25110|Desc=@FirewallAPI.dll,-25112|EmbedCtxt=@FirewallAPI.dll,-25000|Edge=FALSE|
"CoreNet-ICMP4-DUFRAG-In" = v2.0|Action=Allow|Active=TRUE|Dir=In|Protocol=1|Profile=Domain|ICMP4=3:4|App=System|Name=@FirewallAPI.dll,-25251|Desc=@FirewallAPI.dll,-25257|EmbedCtxt=@FirewallAPI.dll,-25000|Edge=FALSE|
"CoreNet-DHCP-In" = v2.0|Action=Allow|Active=TRUE|Dir=In|Protocol=17|Profile=Domain|LPort=68|RPort=67|App=%SystemRoot%\system32\svchost.exe|Svc=dhcp|Name=@FirewallAPI.dll,-25301|Desc=@FirewallAPI.dll,-25303|EmbedCtxt=@FirewallAPI.dll,-25000|Edge=FALSE|
"CoreNet-IGMP-In" = v2.0|Action=Allow|Active=TRUE|Dir=In|Protocol=2|Profile=Domain|App=System|Name=@FirewallAPI.dll,-25376|Desc=@FirewallAPI.dll,-25382|EmbedCtxt=@FirewallAPI.dll,-25000|Edge=FALSE|
"CoreNet-IPv6-In" = v2.0|Action=Allow|Active=TRUE|Dir=In|Protocol=41|Profile=Domain|App=System|Name=@FirewallAPI.dll,-25351|Desc=@FirewallAPI.dll,-25357|EmbedCtxt=@FirewallAPI.dll,-25000|Edge=FALSE|
"CoreNet-ICMP6-LD-In" = v2.0|Action=Allow|Active=TRUE|Dir=In|Protocol=58|Profile=Domain|ICMP6=132:*|RA6=LocalSubnet|App=System|Name=@FirewallAPI.dll,-25082|Desc=@FirewallAPI.dll,-25088|EmbedCtxt=@FirewallAPI.dll,-25000|Edge=FALSE|
"CoreNet-ICMP6-LQ-In" = v2.0|Action=Allow|Active=TRUE|Dir=In|Protocol=58|Profile=Domain|ICMP6=130:*|RA6=LocalSubnet|App=System|Name=@FirewallAPI.dll,-25061|Desc=@FirewallAPI.dll,-25067|EmbedCtxt=@FirewallAPI.dll,-25000|Edge=FALSE|
"CoreNet-ICMP6-LR-In" = v2.0|Action=Allow|Active=TRUE|Dir=In|Protocol=58|Profile=Domain|ICMP6=131:*|RA6=LocalSubnet|App=System|Name=@FirewallAPI.dll,-25068|Desc=@FirewallAPI.dll,-25074|EmbedCtxt=@FirewallAPI.dll,-25000|Edge=FALSE|
"CoreNet-ICMP6-LR2-In" = v2.0|Action=Allow|Active=TRUE|Dir=In|Protocol=58|Profile=Domain|ICMP6=143:*|RA6=LocalSubnet|App=System|Name=@FirewallAPI.dll,-25075|Desc=@FirewallAPI.dll,-25081|EmbedCtxt=@FirewallAPI.dll,-25000|Edge=FALSE|
"CoreNet-ICMP6-NDA-In" = v2.0|Action=Allow|Active=TRUE|Dir=In|Protocol=58|Profile=Domain|ICMP6=136:*|RA6=LocalSubnet|App=System|Name=@FirewallAPI.dll,-25026|Desc=@FirewallAPI.dll,-25032|EmbedCtxt=@FirewallAPI.dll,-25000|Edge=FALSE|
"CoreNet-ICMP6-NDS-In" = v2.0|Action=Allow|Active=TRUE|Dir=In|Protocol=58|Profile=Domain|ICMP6=135:*|RA6=LocalSubnet|App=System|Name=@FirewallAPI.dll,-25019|Desc=@FirewallAPI.dll,-25025|EmbedCtxt=@FirewallAPI.dll,-25000|Edge=FALSE|
"CoreNet-ICMP6-PTB-In" = v2.0|Action=Allow|Active=TRUE|Dir=In|Protocol=58|Profile=Domain|ICMP6=2:*|App=System|Name=@FirewallAPI.dll,-25001|Desc=@FirewallAPI.dll,-25007|EmbedCtxt=@FirewallAPI.dll,-25000|Edge=FALSE|
"CoreNet-ICMP6-PP-In" = v2.0|Action=Allow|Active=TRUE|Dir=In|Protocol=58|Profile=Domain|ICMP6=4:*|App=System|Name=@FirewallAPI.dll,-25116|Desc=@FirewallAPI.dll,-25118|EmbedCtxt=@FirewallAPI.dll,-25000|Edge=FALSE|
"CoreNet-ICMP6-RA-In" = v2.0|Action=Allow|Active=TRUE|Dir=In|Protocol=58|Profile=Domain|ICMP6=134:*|RA6=LocalSubnet|App=System|Name=@FirewallAPI.dll,-25012|Desc=@FirewallAPI.dll,-25018|EmbedCtxt=@FirewallAPI.dll,-25000|Edge=FALSE|
"CoreNet-Teredo-In" = v2.0|Action=Allow|Active=TRUE|Dir=In|Protocol=17|Profile=Domain|LPort=Teredo|App=%SystemRoot%\system32\svchost.exe|Svc=iphlpsvc|Name=@FirewallAPI.dll,-25326|Desc=@FirewallAPI.dll,-25332|EmbedCtxt=@FirewallAPI.dll,-25000|Edge=FALSE|
"CoreNet-ICMP6-TE-In" = v2.0|Action=Allow|Active=TRUE|Dir=In|Protocol=58|Profile=Domain|ICMP6=3:*|App=System|Name=@FirewallAPI.dll,-25113|Desc=@FirewallAPI.dll,-25115|EmbedCtxt=@FirewallAPI.dll,-25000|Edge=FALSE|
"CoreNet-ICMP6-DU-Out" = v2.0|Action=Allow|Active=TRUE|Dir=Out|Protocol=58|Profile=Domain|ICMP6=1:*|App=System|Name=@FirewallAPI.dll,-25111|Desc=@FirewallAPI.dll,-25112|EmbedCtxt=@FirewallAPI.dll,-25000|Edge=FALSE|
"CoreNet-ICMP4-DUFRAG-Out" = v2.0|Action=Allow|Active=TRUE|Dir=Out|Protocol=1|Profile=Domain|ICMP4=3:4|App=System|Name=@FirewallAPI.dll,-25252|Desc=@FirewallAPI.dll,-25257|EmbedCtxt=@FirewallAPI.dll,-25000|Edge=FALSE|
"CoreNet-DHCP-Out" = v2.0|Action=Allow|Active=TRUE|Dir=Out|Protocol=17|Profile=Domain|LPort=68|RPort=67|App=%SystemRoot%\system32\svchost.exe|Svc=dhcp|Name=@FirewallAPI.dll,-25302|Desc=@FirewallAPI.dll,-25303|EmbedCtxt=@FirewallAPI.dll,-25000|Edge=FALSE|
"CoreNet-IGMP-Out" = v2.0|Action=Allow|Active=TRUE|Dir=Out|Protocol=2|Profile=Domain|App=System|Name=@FirewallAPI.dll,-25377|Desc=@FirewallAPI.dll,-25382|EmbedCtxt=@FirewallAPI.dll,-25000|Edge=FALSE|
"CoreNet-IPv6-Out" = v2.0|Action=Allow|Active=TRUE|Dir=Out|Protocol=41|Profile=Domain|App=System|Name=@FirewallAPI.dll,-25352|Desc=@FirewallAPI.dll,-25357|EmbedCtxt=@FirewallAPI.dll,-25000|Edge=FALSE|
"CoreNet-ICMP6-LD-Out" = v2.0|Action=Allow|Active=TRUE|Dir=Out|Protocol=58|Profile=Domain|ICMP6=132:*|RA6=LocalSubnet|App=System|Name=@FirewallAPI.dll,-25083|Desc=@FirewallAPI.dll,-25088|EmbedCtxt=@FirewallAPI.dll,-25000|Edge=FALSE|
"CoreNet-ICMP6-LQ-Out" = v2.0|Action=Allow|Active=TRUE|Dir=Out|Protocol=58|Profile=Domain|ICMP6=130:*|RA6=LocalSubnet|App=System|Name=@FirewallAPI.dll,-25062|Desc=@FirewallAPI.dll,-25067|EmbedCtxt=@FirewallAPI.dll,-25000|Edge=FALSE|
"CoreNet-ICMP6-LR-Out" = v2.0|Action=Allow|Active=TRUE|Dir=Out|Protocol=58|Profile=Domain|ICMP6=131:*|RA6=LocalSubnet|App=System|Name=@FirewallAPI.dll,-25069|Desc=@FirewallAPI.dll,-25074|EmbedCtxt=@FirewallAPI.dll,-25000|Edge=FALSE|
"CoreNet-ICMP6-LR2-Out" = v2.0|Action=Allow|Active=TRUE|Dir=Out|Protocol=58|Profile=Domain|ICMP6=143:*|RA6=LocalSubnet|App=System|Name=@FirewallAPI.dll,-25076|Desc=@FirewallAPI.dll,-25081|EmbedCtxt=@FirewallAPI.dll,-25000|Edge=FALSE|
"CoreNet-ICMP6-NDA-Out" = v2.0|Action=Allow|Active=TRUE|Dir=Out|Protocol=58|Profile=Domain|ICMP6=136:*|RA6=LocalSubnet|App=System|Name=@FirewallAPI.dll,-25027|Desc=@FirewallAPI.dll,-25032|EmbedCtxt=@FirewallAPI.dll,-25000|Edge=FALSE|
"CoreNet-ICMP6-NDS-Out" = v2.0|Action=Allow|Active=TRUE|Dir=Out|Protocol=58|Profile=Domain|ICMP6=135:*|RA6=LocalSubnet|App=System|Name=@FirewallAPI.dll,-25020|Desc=@FirewallAPI.dll,-25025|EmbedCtxt=@FirewallAPI.dll,-25000|Edge=FALSE|
"CoreNet-ICMP6-PTB-Out" = v2.0|Action=Allow|Active=TRUE|Dir=Out|Protocol=58|Profile=Domain|ICMP6=2:*|App=System|Name=@FirewallAPI.dll,-25002|Desc=@FirewallAPI.dll,-25007|EmbedCtxt=@FirewallAPI.dll,-25000|Edge=FALSE|
"CoreNet-ICMP6-PP-Out" = v2.0|Action=Allow|Active=TRUE|Dir=Out|Protocol=58|Profile=Domain|ICMP6=4:*|App=System|Name=@FirewallAPI.dll,-25117|Desc=@FirewallAPI.dll,-25118|EmbedCtxt=@FirewallAPI.dll,-25000|Edge=FALSE|
"CoreNet-ICMP6-RA-Out" = v2.0|Action=Allow|Active=TRUE|Dir=Out|Protocol=58|Profile=Domain|ICMP6=134:*|RA6=LocalSubnet|App=System|Name=@FirewallAPI.dll,-25013|Desc=@FirewallAPI.dll,-25018|EmbedCtxt=@FirewallAPI.dll,-25000|Edge=FALSE|
"CoreNet-Teredo-Out" = v2.0|Action=Allow|Active=TRUE|Dir=Out|Protocol=17|Profile=Domain|App=%SystemRoot%\system32\svchost.exe|Svc=iphlpsvc|Name=@FirewallAPI.dll,-25327|Desc=@FirewallAPI.dll,-25333|EmbedCtxt=@FirewallAPI.dll,-25000|Edge=FALSE|
"CoreNet-ICMP6-TE-Out" = v2.0|Action=Allow|Active=TRUE|Dir=Out|Protocol=58|Profile=Domain|ICMP6=3:*|App=System|Name=@FirewallAPI.dll,-25114|Desc=@FirewallAPI.dll,-25115|EmbedCtxt=@FirewallAPI.dll,-25000|Edge=FALSE|
"CoreNet-GP-LSASS-Out-TCP" = v2.0|Action=Allow|Active=TRUE|Dir=Out|Protocol=6|Profile=Domain|App=%SystemRoot%\system32\lsass.exe|Name=@FirewallAPI.dll,-25407|Desc=@FirewallAPI.dll,-25408|EmbedCtxt=@FirewallAPI.dll,-25000|Edge=FALSE|
"CoreNet-GP-Out-TCP" = v2.0|Action=Allow|Active=TRUE|Dir=Out|Protocol=6|Profile=Domain|App=%SystemRoot%\system32\svchost.exe|Name=@FirewallAPI.dll,-25403|Desc=@FirewallAPI.dll,-25404|EmbedCtxt=@FirewallAPI.dll,-25000|Edge=FALSE|
"CoreNet-GP-NP-Out-TCP" = v2.0|Action=Allow|Active=TRUE|Dir=Out|Protocol=6|Profile=Domain|RPort=445|App=System|Name=@FirewallAPI.dll,-25401|Desc=@FirewallAPI.dll,-25401|EmbedCtxt=@FirewallAPI.dll,-25000|Edge=FALSE|
"CoreNet-ICMP6-RS-Out" = v2.0|Action=Allow|Active=TRUE|Dir=Out|Protocol=58|Profile=Domain|ICMP6=133:*|RA6=LocalSubnet|App=System|Name=@FirewallAPI.dll,-25008|Desc=@FirewallAPI.dll,-25011|EmbedCtxt=@FirewallAPI.dll,-25000|Edge=FALSE|
"CoreNet-DNS-Out-UDP" = v2.0|Action=Allow|Active=TRUE|Dir=Out|Protocol=17|Profile=Domain|RPort=53|App=%SystemRoot%\system32\svchost.exe|Svc=dnscache|Name=@FirewallAPI.dll,-25405|Desc=@FirewallAPI.dll,-25406|EmbedCtxt=@FirewallAPI.dll,-25000|Edge=FALSE|LSM=TRUE|
"FPS-ICMP4-ERQ-In" = v2.0|Action=Allow|Active=TRUE|Dir=In|Protocol=1|Profile=Domain|ICMP4=8:*|Name=@FirewallAPI.dll,-28543|Desc=@FirewallAPI.dll,-28547|EmbedCtxt=@FirewallAPI.dll,-28502|Edge=FALSE|
"FPS-ICMP6-ERQ-In" = v2.0|Action=Allow|Active=TRUE|Dir=In|Protocol=58|Profile=Domain|ICMP6=128:*|Name=@FirewallAPI.dll,-28545|Desc=@FirewallAPI.dll,-28547|EmbedCtxt=@FirewallAPI.dll,-28502|Edge=FALSE|
"FPS-NB_Datagram-In-UDP-NoScope" = v2.0|Action=Allow|Active=TRUE|Dir=In|Protocol=17|Profile=Domain|LPort=138|App=System|Name=@FirewallAPI.dll,-28527|Desc=@FirewallAPI.dll,-28530|EmbedCtxt=@FirewallAPI.dll,-28502|Edge=FALSE|
"FPS-NB_Name-In-UDP-NoScope" = v2.0|Action=Allow|Active=TRUE|Dir=In|Protocol=17|Profile=Domain|LPort=137|App=System|Name=@FirewallAPI.dll,-28519|Desc=@FirewallAPI.dll,-28522|EmbedCtxt=@FirewallAPI.dll,-28502|Edge=FALSE|
"FPS-NB_Session-In-TCP-NoScope" = v2.0|Action=Allow|Active=TRUE|Dir=In|Protocol=6|Profile=Domain|LPort=139|App=System|Name=@FirewallAPI.dll,-28503|Desc=@FirewallAPI.dll,-28506|EmbedCtxt=@FirewallAPI.dll,-28502|Edge=FALSE|
"FPS-SMB-In-TCP-NoScope" = v2.0|Action=Allow|Active=TRUE|Dir=In|Protocol=6|Profile=Domain|LPort=445|App=System|Name=@FirewallAPI.dll,-28511|Desc=@FirewallAPI.dll,-28514|EmbedCtxt=@FirewallAPI.dll,-28502|Edge=FALSE|
"FPS-SpoolSvc-In-TCP-NoScope" = v2.0|Action=Allow|Active=TRUE|Dir=In|Protocol=6|Profile=Domain|LPort=RPC|App=%SystemRoot%\system32\spoolsv.exe|Svc=Spooler|Name=@FirewallAPI.dll,-28535|Desc=@FirewallAPI.dll,-28538|EmbedCtxt=@FirewallAPI.dll,-28502|Edge=FALSE|
"FPS-RPCSS-In-TCP-NoScope" = v2.0|Action=Allow|Active=TRUE|Dir=In|Protocol=6|Profile=Domain|LPort=RPC-EPMap|Svc=Rpcss|Name=@FirewallAPI.dll,-28539|Desc=@FirewallAPI.dll,-28542|EmbedCtxt=@FirewallAPI.dll,-28502|Edge=FALSE|
"FPS-ICMP4-ERQ-Out" = v2.0|Action=Allow|Active=TRUE|Dir=Out|Protocol=1|Profile=Domain|ICMP4=8:*|Name=@FirewallAPI.dll,-28544|Desc=@FirewallAPI.dll,-28547|EmbedCtxt=@FirewallAPI.dll,-28502|Edge=FALSE|
"FPS-ICMP6-ERQ-Out" = v2.0|Action=Allow|Active=TRUE|Dir=Out|Protocol=58|Profile=Domain|ICMP6=128:*|Name=@FirewallAPI.dll,-28546|Desc=@FirewallAPI.dll,-28547|EmbedCtxt=@FirewallAPI.dll,-28502|Edge=FALSE|
"FPS-NB_Datagram-Out-UDP-NoScope" = v2.0|Action=Allow|Active=TRUE|Dir=Out|Protocol=17|Profile=Domain|RPort=138|App=System|Name=@FirewallAPI.dll,-28531|Desc=@FirewallAPI.dll,-28534|EmbedCtxt=@FirewallAPI.dll,-28502|Edge=FALSE|
"FPS-NB_Name-Out-UDP-NoScope" = v2.0|Action=Allow|Active=TRUE|Dir=Out|Protocol=17|Profile=Domain|RPort=137|App=System|Name=@FirewallAPI.dll,-28523|Desc=@FirewallAPI.dll,-28526|EmbedCtxt=@FirewallAPI.dll,-28502|Edge=FALSE|
"FPS-NB_Session-Out-TCP-NoScope" = v2.0|Action=Allow|Active=TRUE|Dir=Out|Protocol=6|Profile=Domain|RPort=139|App=System|Name=@FirewallAPI.dll,-28507|Desc=@FirewallAPI.dll,-28510|EmbedCtxt=@FirewallAPI.dll,-28502|Edge=FALSE|
"FPS-SMB-Out-TCP-NoScope" = v2.0|Action=Allow|Active=TRUE|Dir=Out|Protocol=6|Profile=Domain|RPort=445|App=System|Name=@FirewallAPI.dll,-28515|Desc=@FirewallAPI.dll,-28518|EmbedCtxt=@FirewallAPI.dll,-28502|Edge=FALSE|
"RemoteAssistance-DCOM-In-TCP-NoScope" = v2.0|Action=Allow|Active=TRUE|Dir=In|Protocol=6|Profile=Domain|LPort=RPC-EPMap|App=%SystemRoot%\system32\svchost.exe|Svc=rpcss|Name=@FirewallAPI.dll,-33035|Desc=@FirewallAPI.dll,-33036|EmbedCtxt=@FirewallAPI.dll,-33002|Edge=FALSE|
"RemoteAssistance-UPnPHost-In-TCP" = v2.0|Action=Allow|Active=TRUE|Dir=In|Protocol=6|Profile=Domain|LPort=2869|RA4=LocalSubnet|RA6=LocalSubnet|App=System|Name=@FirewallAPI.dll,-33027|Desc=@FirewallAPI.dll,-33030|EmbedCtxt=@FirewallAPI.dll,-33002|Edge=FALSE|
"RemoteAssistance-SSDPSrv-In-UDP" = v2.0|Action=Allow|Active=TRUE|Dir=In|Protocol=17|Profile=Domain|LPort=1900|RA4=LocalSubnet|RA6=LocalSubnet|App=%SystemRoot%\system32\svchost.exe|Svc=Ssdpsrv|Name=@FirewallAPI.dll,-33019|Desc=@FirewallAPI.dll,-33022|EmbedCtxt=@FirewallAPI.dll,-33002|Edge=FALSE|
"RemoteAssistance-In-TCP-EdgeScope" = v2.0|Action=Allow|Active=TRUE|Dir=In|Protocol=6|Profile=Domain|App=%SystemRoot%\system32\msra.exe|Name=@FirewallAPI.dll,-33003|Desc=@FirewallAPI.dll,-33006|EmbedCtxt=@FirewallAPI.dll,-33002|Edge=FALSE|
"RemoteAssistance-RAServer-In-TCP-NoScope" = v2.0|Action=Allow|Active=TRUE|Dir=In|Protocol=6|Profile=Domain|App=%SystemRoot%\system32\raserver.exe|Name=@FirewallAPI.dll,-33011|Desc=@FirewallAPI.dll,-33014|EmbedCtxt=@FirewallAPI.dll,-33002|Edge=FALSE|
"RemoteAssistance-UPnPHost-Out-TCP" = v2.0|Action=Allow|Active=TRUE|Dir=Out|Protocol=6|Profile=Domain|RA4=LocalSubnet|RA6=LocalSubnet|App=System|Name=@FirewallAPI.dll,-33031|Desc=@FirewallAPI.dll,-33034|EmbedCtxt=@FirewallAPI.dll,-33002|Edge=FALSE|
"RemoteAssistance-UPnP-Out-TCP" = v2.0|Action=Allow|Active=TRUE|Dir=Out|Protocol=6|Profile=Domain|RA4=LocalSubnet|RA6=LocalSubnet|App=%SystemRoot%\system32\svchost.exe|Svc=upnphost|Name=@FirewallAPI.dll,-33037|Desc=@FirewallAPI.dll,-33038|EmbedCtxt=@FirewallAPI.dll,-33002|Edge=FALSE|
"RemoteAssistance-SSDPSrv-Out-UDP" = v2.0|Action=Allow|Active=TRUE|Dir=Out|Protocol=17|Profile=Domain|RPort=1900|RA4=LocalSubnet|RA6=LocalSubnet|App=%SystemRoot%\system32\svchost.exe|Svc=Ssdpsrv|Name=@FirewallAPI.dll,-33023|Desc=@FirewallAPI.dll,-33026|EmbedCtxt=@FirewallAPI.dll,-33002|Edge=FALSE|
"RemoteAssistance-Out-TCP" = v2.0|Action=Allow|Active=TRUE|Dir=Out|Protocol=6|Profile=Domain|App=%SystemRoot%\system32\msra.exe|Name=@FirewallAPI.dll,-33007|Desc=@FirewallAPI.dll,-33010|EmbedCtxt=@FirewallAPI.dll,-33002|Edge=FALSE|
"RemoteAssistance-RAServer-Out-TCP-NoScope" = v2.0|Action=Allow|Active=TRUE|Dir=Out|Protocol=6|Profile=Domain|App=%SystemRoot%\system32\raserver.exe|Name=@FirewallAPI.dll,-33015|Desc=@FirewallAPI.dll,-33018|EmbedCtxt=@FirewallAPI.dll,-33002|Edge=FALSE|
"RemoteDesktop-In-TCP" = v2.0|Action=Allow|Active=TRUE|Dir=In|Protocol=6|Profile=Domain|LPort=3389|App=System|Name=@FirewallAPI.dll,-28753|Desc=@FirewallAPI.dll,-28756|EmbedCtxt=@FirewallAPI.dll,-28752|Edge=FALSE|
"WMI-ASYNC-In-TCP" = v2.0|Action=Allow|Active=TRUE|Dir=In|Protocol=6|Profile=Domain|App=%systemroot%\system32\wbem\unsecapp.exe|Name=@FirewallAPI.dll,-34256|Desc=@FirewallAPI.dll,-34257|EmbedCtxt=@FirewallAPI.dll,-34251|Edge=FALSE|
"WMI-RPCSS-In-TCP" = v2.0|Action=Allow|Active=TRUE|Dir=In|Protocol=6|Profile=Domain|LPort=135|App=%SystemRoot%\system32\svchost.exe|Svc=rpcss|Name=@FirewallAPI.dll,-34252|Desc=@FirewallAPI.dll,-34253|EmbedCtxt=@FirewallAPI.dll,-34251|Edge=FALSE|
"WMI-WINMGMT-In-TCP" = v2.0|Action=Allow|Active=TRUE|Dir=In|Protocol=6|Profile=Domain|App=%SystemRoot%\system32\svchost.exe|Svc=winmgmt|Name=@FirewallAPI.dll,-34254|Desc=@FirewallAPI.dll,-34255|EmbedCtxt=@FirewallAPI.dll,-34251|Edge=FALSE|

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\StandardProfile]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1

========== Authorized Applications List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]


========== HKEY_LOCAL_MACHINE Uninstall List ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{002D9D5E-29BA-3E6D-9BC4-3D7D6DBC735C}" = Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148
"{0879FEC4-52DD-4A87-8315-63ABE914DAED}" = Postcodes For ACT! 2010
"{0B0F231F-CE6A-483D-AA23-77B364F75917}" = Windows Live Installer
"{0DFB3DE8-65B9-44FF-AA0A-3BECC5A2BFD1}" = Adobe Flash Player 10 Plugin
"{17504ED4-DB08-40A8-81C2-27D8C01581DA}" = Windows Live Remote Service Resources
"{18455581-E099-4BA8-BC6B-F34B2F06600C}" = Google Toolbar for Internet Explorer
"{185292F7-7C0A-4F72-B2CC-CBEBD40B050E}" = Microsoft SQL Server 2008 R2 Native Client
"{19A4A990-5343-4FF7-B3B5-6F046C091EDF}" = Windows Live Remote Client
"{19BA08F7-C728-469C-8A35-BFBD3633BE08}" = Windows Live Movie Maker
"{1F6AB0E7-8CDD-4B93-8A23-AA9EB2FEFCE4}" = Junk Mail filter update
"{200FEC62-3C34-4D60-9CE8-EC372E01C08F}" = Windows Live SOXE Definitions
"{209E3222-E1E4-4244-A2E5-49DCEBEA1A91}" = FanSpeedControl
"{20E970DF-A7B2-4345-9DEB-72213A29645E}" = Brother MFL-Pro Suite MFC-6490CW
"{227E8782-B2F4-4E97-B0EE-49DE9CC1C0C0}" = Windows Live Remote Service
"{2318C2B1-4965-11d4-9B18-009027A5CD4F}" = Google Toolbar for Internet Explorer
"{23B8A91D-680B-462B-87AD-3D70F7341731}" = iTunes
"{25C64847-B900-48AD-A164-1B4F9B774650}" = System Update
"{26A24AE4-039D-4CA4-87B4-2F83216017FF}" = Java™ 6 Update 30
"{2902F983-B4C1-44BA-B85D-5C6D52E2C441}" = Windows Live Mesh ActiveX Control for Remote Connections
"{3336F667-9049-4D46-98B6-4C743EEBC5B1}" = Windows Live Photo Gallery
"{34F4D9A4-42C2-4348-BEF4-E553C84549E7}" = Windows Live Photo Gallery
"{3C3901C5-3455-3E0A-A214-0B093A5070A6}" = Microsoft .NET Framework 4 Client Profile
"{464B3406-A4D0-4914-910F-7CA4380DCC13}" = Windows Live Remote Client Resources
"{47BE41E6-2F0F-4D17-9C2D-3850FFD9D405}" = Microsoft SQL Server VSS Writer
"{48B08845-0CB0-45EC-893C-15319ADDA312}" = Microsoft SQL Server 2008 R2 Setup (English)
"{492F8345-095D-467F-926C-278870D93ECF}" = Windows Small Business Server 2008 ClientAgent
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{4C9D82EB-9001-4E59-8F64-0BEEE5F4A30A}" = SQL Server 2008 R2 SP1 Database Engine Shared
"{4CBABDFD-49F8-47FD-BE7D-ECDE7270525A}" = Windows Live PIMT Platform
"{50DC5136-21E8-48BC-97E5-1AD055F6B0B6}" = Create Recovery Media
"{50F68032-B5B7-4513-9116-C978DBD8F27A}" = Corel DVD MovieFactory 7
"{569E52E4-5043-4F93-AE2B-6D8E489D4AAB}" = Sage ACT! Pro 2011
"{58721EC3-8D4E-4B79-BC51-1054E2DDCD10}" = SQL Server 2008 R2 SP1 Database Engine Services
"{5A3C1721-F8ED-11E0-8AFB-B8AC6F97B88E}" = Google Earth
"{61AD15B2-50DB-4686-A739-14FE180D4429}" = Windows Live ID Sign-in Assistant
"{61EDBE71-5D3E-4AB7-AD95-E53FEAF68C17}" = Bing Rewards Client Installer
"{6283B16A-66AE-48F9-BCA5-9EABDAE1790B}" = MYOB Accounting Plus v18
"{682B3E4F-696A-42DE-A41C-4C07EA1678B4}" = Windows Live SOXE
"{6A05FEDF-662E-46BF-8A25-010E3F1C9C69}" = Windows Live UX Platform Language Pack
"{6D172D0A-B9F1-4046-AFAB-8599288545BF}" = Safari
"{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable
"{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
"{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}" = Apple Software Update
"{79155F2B-9895-49D7-8612-D92580E0DE5B}" = Bonjour
"{7A1F99A9-E63B-4F5E-BFEE-0C416511A44B}" = Constructor Workstation
"{7BE15435-2D3E-4B58-867F-9C75BED0208C}" = QuickTime
"{80956555-A512-4190-9CAD-B000C36D6B6B}" = Windows Live Messenger
"{86CE85E6-DBAC-3FFD-B977-E4B79F83C909}" = Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570
"{86D4B82A-ABED-442A-BE86-96357B70F4FE}" = Ask Toolbar
"{89EC332F-0324-4815-AB78-124532FDCB6C}" = Cadimage Takeoff
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8C6D6116-B724-4810-8F2D-D047E6B7D68E}" = Mesh Runtime
"{8DD46C6A-0056-4FEC-B70A-28BB16A1F11F}" = MSVCRT
"{90140000-0015-0409-0000-0000000FF1CE}" = Microsoft Office Access MUI (English) 2010
"{90140000-0015-0409-0000-0000000FF1CE}_Office14.SingleImage_{6BD185A0-E67F-4F77-8BCD-E34EA6AE76DF}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-0016-0409-0000-0000000FF1CE}" = Microsoft Office Excel MUI (English) 2010
"{90140000-0016-0409-0000-0000000FF1CE}_Office14.SingleImage_{6BD185A0-E67F-4F77-8BCD-E34EA6AE76DF}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-0018-0409-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (English) 2010
"{90140000-0018-0409-0000-0000000FF1CE}_Office14.SingleImage_{6BD185A0-E67F-4F77-8BCD-E34EA6AE76DF}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-0019-0409-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (English) 2010
"{90140000-0019-0409-0000-0000000FF1CE}_Office14.SingleImage_{6BD185A0-E67F-4F77-8BCD-E34EA6AE76DF}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001A-0409-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (English) 2010
"{90140000-001A-0409-0000-0000000FF1CE}_Office14.SingleImage_{6BD185A0-E67F-4F77-8BCD-E34EA6AE76DF}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001B-0409-0000-0000000FF1CE}" = Microsoft Office Word MUI (English) 2010
"{90140000-001B-0409-0000-0000000FF1CE}_Office14.SingleImage_{6BD185A0-E67F-4F77-8BCD-E34EA6AE76DF}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2010
"{90140000-001F-0409-0000-0000000FF1CE}_Office14.SingleImage_{99ACCA38-6DD3-48A8-96AE-A283C9759279}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2010
"{90140000-001F-040C-0000-0000000FF1CE}_Office14.SingleImage_{46298F6A-1E7E-4D4A-B5F5-106A4F0E48C6}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001F-0C0A-0000-0000000FF1CE}" = Microsoft Office Proof (Spanish) 2010
"{90140000-001F-0C0A-0000-0000000FF1CE}_Office14.SingleImage_{DEA87BE2-FFCC-4F33-9946-FCBE55A1E998}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-002C-0409-0000-0000000FF1CE}" = Microsoft Office Proofing (English) 2010
"{90140000-002C-0409-0000-0000000FF1CE}_Office14.SingleImage_{7CA93DF4-8902-449E-A42E-4C5923CFBDE3}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-003D-0000-0000-0000000FF1CE}" = Microsoft Office Single Image 2010
"{90140000-003D-0000-0000-0000000FF1CE}_Office14.SingleImage_{047B0968-E622-4FAA-9B4B-121FA109EDDE}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-006E-0409-0000-0000000FF1CE}" = Microsoft Office Shared MUI (English) 2010
"{90140000-006E-0409-0000-0000000FF1CE}_Office14.SingleImage_{4560037C-E356-444A-A015-D21F487D809E}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-00A1-0409-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (English) 2010
"{90140000-00A1-0409-0000-0000000FF1CE}_Office14.SingleImage_{6BD185A0-E67F-4F77-8BCD-E34EA6AE76DF}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-0115-0409-0000-0000000FF1CE}" = Microsoft Office Shared Setup Metadata MUI (English) 2010
"{90140000-0115-0409-0000-0000000FF1CE}_Office14.SingleImage_{4560037C-E356-444A-A015-D21F487D809E}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-0117-0409-0000-0000000FF1CE}" = Microsoft Office Access Setup Metadata MUI (English) 2010
"{90140000-0117-0409-0000-0000000FF1CE}_Office14.SingleImage_{6BD185A0-E67F-4F77-8BCD-E34EA6AE76DF}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{926BD0E8-24A3-41D2-AF9B-340F1A37ED12}" = MobileMe Control Panel
"{92EA4134-10D1-418A-91E1-5A0453131A38}" = Windows Live Movie Maker
"{93968FB2-C67A-4A9B-80C2-5D4D9393058E}" = Microsoft SQL Server 2008 R2 RsFx Driver
"{93998800-1608-403F-9A51-420A77D23C25}" = Sql Server Customer Experience Improvement Program
"{95120000-00B9-0409-0000-0000000FF1CE}" = Microsoft Application Error Reporting
"{964D07BE-460C-4862-B59C-49575B8F46DC}" = Google SketchUp Pro 8
"{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
"{9D56775A-93F3-44A3-8092-840E3826DE30}" = Windows Live Mail
"{A0C91188-C88F-4E86-93E6-CD7C9A266649}" = Windows Live Mesh
"{A3BE3F1E-2472-4211-8735-E8239BE49D9F}" = Burn.Now 4.5
"{A726AE06-AAA3-43D1-87E3-70F510314F04}" = Windows Live Writer
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{A9BDCA6B-3653-467B-AC83-94367DA3BFE3}" = Windows Live Photo Common
"{AAAFC670-569B-4A2F-82B4-42945E0DE3EF}" = Windows Live Writer
"{AAF454FC-82CA-4F29-AB31-6A109485E76E}" = Windows Live Writer
"{AC76BA86-7AD7-1033-7B44-AA1000000001}" = Adobe Reader X (10.1.3)
"{AF844339-2F8A-4593-81B3-9F4C54038C4E}" = Windows Live MIME IFilter
"{B383F243-0ABC-4E56-AA30-923B8D85076E}" = Rescue and Recovery
"{B5153233-9AEE-4CD4-9D2C-4FAAC870DBE2}" = SQL Server 2008 R2 SP1 Database Engine Services
"{B8D0C79E-B564-4797-84D8-BABE6CCB72B4}" = designIT5
"{BED0B8A2-2986-49F8-90D6-FA008D37A3D2}" = Trend Micro Client/Server Security Agent
"{BF9BF038-FE03-429D-9B26-2FA0FD756052}" = Microsoft SQL Server Browser
"{C66824E4-CBB3-4851-BB3F-E8CFD6350923}" = Windows Live Mail
"{C6FA39A7-26B1-480A-BC74-6D17531AC222}" = Access Help
"{CACEA8C8-3D38-4F51-953D-1E6FC3346FEF}" = SQL Server 2008 R2 SP1 Common Files
"{CDDCBBF1-2703-46BC-938B-BCC81A1EEAAA}" = SUPERAntiSpyware
"{CE95A79E-E4FC-4FFF-8A75-29F04B942FF2}" = Windows Live UX Platform
"{D1565BD9-6E66-4292-90C6-5FC70A98A428}" = MYOB ODBC Direct v8 AUS
"{D436F577-1695-4D2F-8B44-AC76C99E0002}" = Windows Live Photo Common
"{D441BD04-E548-4F8E-97A4-1B66135BAAA8}" = Microsoft SQL Server 2008 Setup Support Files
"{D45240D3-B6B3-4FF9-B243-54ECE3E10066}" = Windows Live Communications Platform
"{D6C3C9E7-D334-4918-BD57-5B1EF14C207D}" = Bing Bar
"{DA7DF8E2-4B8F-4286-97FE-DE3FFFE9B728}" = iCloud
"{DAC01CEE-5BAE-42D5-81FC-B687E84E8405}" = ThinkVantage Power Manager
"{DDC8BDEE-DCAC-404D-8257-3E8D4B782467}" = Windows Live Writer Resources
"{DECDCB7C-58CC-4865-91AF-627F9798FE48}" = Windows Live Mesh
"{E09C4DB7-630C-4F06-A631-8EA7239923AF}" = D3DX10
"{EB4DF488-AAEF-406F-A341-CB2AAA315B90}" = Windows Live Messenger
"{EB879750-CCBD-4013-BFD5-0294D4DA5BD0}" = Apple Application Support
"{EFC04D3F-A152-47E7-8517-EE0F6201AFEF}" = Apple Mobile Device Support
"{F021CC0C-21C3-4038-AA4A-6E3CBC669CE8}" = SQL Server 2008 R2 SP1 Database Engine Shared
"{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}" = Microsoft SQL Server 2005 Compact Edition [ENU]
"{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}" = Intel® Graphics Media Accelerator Driver
"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
"{F2004B8D-7791-4B35-A3FA-D8CA8BB4DD81}" = Direct DiscRecorder
"{F8A9085D-4C7A-41a9-8A77-C8998A96C421}" = Intel® Control Center
"{FC835376-FF3B-4CAA-83E0-2148B3FB7C98}" = SQL Server 2008 R2 SP1 Common Files
"{FD331A3B-F7A5-4C31-B8D4-DF413C85AF7A}" = Message Center Plus
"{FDB3B167-F4FA-461D-976F-286304A57B2A}" = Adobe AIR
"{FE044230-9CA5-43F7-9B58-5AC5A28A1F33}" = Windows Live Essentials
"{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022
"3A780A4F2BE742C42960887F05E4CD5CF52F61CA" = Windows Driver Package - Realtek Semiconductor Corp. HD Audio Driver (01/05/2010 6.0.1.6019)
"43AB67B7FFAA910B27AD8EEDCD3F35D302404D75" = Windows Driver Package - Marvell (yukonw7) Net (05/20/2009 11.10.5.3)
"Adobe AIR" = Adobe AIR
"Adobe Flash Player ActiveX" = Adobe Flash Player 11 ActiveX
"B874D20C132ED3E4AE48DDBC359428B22E682A47" = Windows Driver Package - Intel Corporation (igfx) Display (01/08/2010 8.15.10.2040)
"BC77A488740882D6392019DC25993E970D2A21CE" = Windows Driver Package - Realtek Semiconductor Corp. HD Audio Driver (01/05/2010 6.0.1.6019)
"Business-in-a-Box" = Business-in-a-Box
"ESET Online Scanner" = ESET Online Scanner v3
"GoToAssist" = GoToAssist Corporate
"GoToAssist Express Customer" = GoToManage Customer 1.6.0.363
"InstallShield_{209E3222-E1E4-4244-A2E5-49DCEBEA1A91}" = FanSpeedControl
"InstallShield_{50F68032-B5B7-4513-9116-C978DBD8F27A}" = Corel DVD MovieFactory Lenovo Edition
"InstallShield_{569E52E4-5043-4F93-AE2B-6D8E489D4AAB}" = Sage ACT! Pro 2011
"InstallShield_{6283B16A-66AE-48F9-BCA5-9EABDAE1790B}" = MYOB Accounting Plus v18
"InstallShield_{A3BE3F1E-2472-4211-8735-E8239BE49D9F}" = Corel Burn.Now Lenovo Edition
"InstallShield_{B8D0C79E-B564-4797-84D8-BABE6CCB72B4}" = designIT5
"InstallShield_{D1565BD9-6E66-4292-90C6-5FC70A98A428}" = MYOB ODBC Direct v8 AUS
"InstallShield_{F2004B8D-7791-4B35-A3FA-D8CA8BB4DD81}" = Direct DiscRecorder
"Lenovo Welcome_is1" = Lenovo Welcome
"Malwarebytes' Anti-Malware_is1" = Malwarebytes Anti-Malware version 1.61.0.1400
"Marvell Miniport Driver" = Marvell Miniport Driver
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"Microsoft SQL Server 10" = Microsoft SQL Server 2008 R2
"Microsoft SQL Server 2008 R2" = Microsoft SQL Server 2008 R2
"MouseSuite98" = Lenovo Mouse Suite
"Navionics PC App 1.5.0.2" = Navionics PC App-1.5.0.2
"Navionics PC App 1.5.0.4" = Navionics PC App-1.5.0.4
"Navionics World 1.0.4" = Navionics World
"Navionics World 1.0.7" = Navionics World
"Office14.SingleImage" = Microsoft Office Home and Business 2010
"PC-Doctor for Windows" = Lenovo ThinkVantage Toolbox
"PlanSwift 9_is1" = PlanSwift Professional 9.2
"TeamViewer 6" = TeamViewer 6
"TVWiz" = Intel® TV Wizard
"WinLiveSuite" = Windows Live Essentials

========== HKEY_CURRENT_USER Uninstall List ==========

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"eeaff532a549c4ca" = SoloAssist
"Google Chrome" = Google Chrome
"GoToMeeting" = GoToMeeting 4.8.0.723

========== Last 10 Event Log Errors ==========

[ Application Events ]
Error - 2/2/2012 11:59:42 PM | Computer Name = ScottDesktop.sbsbuilding.local | Source = Brother BrLog | ID = 1001
Description = STI BrtSTI: [2012/02/03 14:59:42.288]: [00000108]: GetDeviceIpAddress:
GetAddressByName [BRN001BA90D6CBA] Error

Error - 2/16/2012 8:11:09 PM | Computer Name = ScottDesktop.sbsbuilding.local | Source = Application Error | ID = 1000
Description = Faulting application name: ntrtscan.exe, version: 11.2.0.3142, time
stamp: 0x4efc50e5 Faulting module name: ssapi32.dll, version: 6.2.0.3012, time stamp:
0x4a2489b4 Exception code: 0xc0000409 Fault offset: 0x000f43b9 Faulting process id:
0x764 Faulting application start time: 0x01cced086eff7ed4 Faulting application path:
C:\Program Files\Trend Micro\Client Server Security Agent\ntrtscan.exe Faulting
module path: C:\Program Files\Trend Micro\Client Server Security Agent\ssapi32.dll
Report
Id: e3d33496-58fb-11e1-81fc-1078d273ad7e

Error - 2/24/2012 12:06:45 AM | Computer Name = ScottDesktop.sbsbuilding.local | Source = Application Hang | ID = 1002
Description = The program iexplore.exe version 9.0.8112.16421 stopped interacting
with Windows and was closed. To see if more information about the problem is available,
check the problem history in the Action Center control panel. Process ID: 1a8c Start
Time: 01ccf2a8cc62d3df Termination Time: 45 Application Path: C:\Program Files\Internet
Explorer\iexplore.exe Report Id:

Error - 3/2/2012 1:38:08 AM | Computer Name = ScottDesktop.sbsbuilding.local | Source = Application Hang | ID = 1002
Description = The program iexplore.exe version 9.0.8112.16421 stopped interacting
with Windows and was closed. To see if more information about the problem is available,
check the problem history in the Action Center control panel. Process ID: 418 Start
Time: 01ccf8355d035a6d Termination Time: 31 Application Path: C:\Program Files\Internet
Explorer\iexplore.exe Report Id:

Error - 4/11/2012 1:02:56 AM | Computer Name = ScottDesktop.sbsbuilding.local | Source = Application Error | ID = 1000
Description = Faulting application name: EXCEL.EXE, version: 14.0.6112.5000, time
stamp: 0x4e9b2bb3 Faulting module name: SwiftXL9.dll_unloaded, version: 0.0.0.0,
time stamp: 0x4d88f03b Exception code: 0xc0000005 Fault offset: 0x047ff848 Faulting
process id: 0x82c Faulting application start time: 0x01cd17a05b7148e6 Faulting application
path: C:\Program Files\Microsoft Office\Office14\EXCEL.EXE Faulting module path:
SwiftXL9.dll Report Id: 99842f12-8393-11e1-9566-1078d273ad7e

Error - 4/13/2012 12:02:47 AM | Computer Name = ScottDesktop.sbsbuilding.local | Source = MsiInstaller | ID = 11904
Description =

Error - 4/13/2012 12:02:58 AM | Computer Name = ScottDesktop.sbsbuilding.local | Source = MsiInstaller | ID = 1024
Description =

Error - 4/16/2012 3:16:49 AM | Computer Name = ScottDesktop.sbsbuilding.local | Source = Application Hang | ID = 1002
Description = The program ActSage.exe version 13.1.111.0 stopped interacting with
Windows and was closed. To see if more information about the problem is available,
check the problem history in the Action Center control panel. Process ID: 19a8 Start
Time: 01cd1ba0d19f3474 Termination Time: 15 Application Path: C:\Program Files\ACT\Act
for Windows\ActSage.exe Report Id: 18c18460-8794-11e1-a8d3-1078d273ad7e

Error - 4/19/2012 7:41:09 AM | Computer Name = ScottDesktop.sbsbuilding.local | Source = Application Hang | ID = 1002
Description = The program 8bovt9jp.exe version 1.0.15.15641 stopped interacting
with Windows and was closed. To see if more information about the problem is available,
check the problem history in the Action Center control panel. Process ID: 784 Start
Time: 01cd1e211ea4b3e2 Termination Time: 0 Application Path: C:\Users\scott\Downloads\8bovt9jp.exe

Report
Id: 86a13c4b-8a14-11e1-950e-1078d273ad7e

Error - 4/19/2012 7:41:17 AM | Computer Name = ScottDesktop.sbsbuilding.local | Source = Application Hang | ID = 1002
Description = The program tyr8rndq.exe version 1.0.15.15641 stopped interacting
with Windows and was closed. To see if more information about the problem is available,
check the problem history in the Action Center control panel. Process ID: 1cec Start
Time: 01cd1e212e45008b Termination Time: 0 Application Path: C:\Users\scott\Desktop\tyr8rndq.exe

Report
Id: 907eba72-8a14-11e1-950e-1078d273ad7e

[ System Events ]
Error - 11/3/2011 8:56:13 PM | Computer Name = ScottDesktop.sbsbuilding.local | Source = Schannel | ID = 36888
Description = The following fatal alert was generated: 10. The internal error state
is 10.

Error - 11/3/2011 9:01:14 PM | Computer Name = ScottDesktop.sbsbuilding.local | Source = Schannel | ID = 36888
Description = The following fatal alert was generated: 10. The internal error state
is 10.

Error - 11/3/2011 9:02:21 PM | Computer Name = ScottDesktop.sbsbuilding.local | Source = Schannel | ID = 36888
Description = The following fatal alert was generated: 10. The internal error state
is 10.

Error - 11/3/2011 9:07:23 PM | Computer Name = ScottDesktop.sbsbuilding.local | Source = Schannel | ID = 36888
Description = The following fatal alert was generated: 10. The internal error state
is 10.

Error - 11/3/2011 9:12:25 PM | Computer Name = ScottDesktop.sbsbuilding.local | Source = Schannel | ID = 36888
Description = The following fatal alert was generated: 10. The internal error state
is 10.

Error - 11/3/2011 9:17:27 PM | Computer Name = ScottDesktop.sbsbuilding.local | Source = Schannel | ID = 36888
Description = The following fatal alert was generated: 10. The internal error state
is 10.

Error - 11/3/2011 9:22:29 PM | Computer Name = ScottDesktop.sbsbuilding.local | Source = Schannel | ID = 36888
Description = The following fatal alert was generated: 10. The internal error state
is 10.

Error - 11/3/2011 9:27:31 PM | Computer Name = ScottDesktop.sbsbuilding.local | Source = Schannel | ID = 36888
Description = The following fatal alert was generated: 10. The internal error state
is 10.

Error - 11/3/2011 9:28:38 PM | Computer Name = ScottDesktop.sbsbuilding.local | Source = Schannel | ID = 36888
Description = The following fatal alert was generated: 10. The internal error state
is 10.

Error - 11/3/2011 9:33:40 PM | Computer Name = ScottDesktop.sbsbuilding.local | Source = Schannel | ID = 36888
Description = The following fatal alert was generated: 10. The internal error state
is 10.


< End of report >



GMER Log

GMER 1.0.15.15641 - http://www.gmer.net
Rootkit scan 2012-04-19 23:08:38
Windows 6.1.7601 Service Pack 1 Harddisk0\DR0 -> \Device\Ide\IdeDeviceP2T0L0-2 ST3500418AS rev.CC68
Running: tyr8rndq.exe; Driver: C:\Users\scott\AppData\Local\Temp\kwldipob.sys


---- System - GMER 1.0.15 ----

SSDT 876BA52C ZwCreateKey
SSDT 87962B04 ZwCreateMutant
SSDT 8775F154 ZwCreateProcess
SSDT 877AC0F4 ZwCreateProcessEx
SSDT 86E102F4 ZwCreateThread
SSDT 8766C334 ZwCreateThreadEx
SSDT 877B70F4 ZwCreateUserProcess
SSDT 85C6BA5C ZwDeleteKey
SSDT 85C6BA1C ZwDeleteValueKey
SSDT 8766C2F4 ZwLoadDriver
SSDT 8796260C ZwOpenProcess
SSDT 87962AC4 ZwSetSystemInformation
SSDT 876BA4EC ZwSetValueKey
SSDT 861F5404 ZwTerminateProcess
SSDT 86E10334 ZwWriteVirtualMemory

---- Kernel code sections - GMER 1.0.15 ----

.text ntkrnlpa.exe!ZwSaveKey + 13D1 82C7B369 1 Byte [06]
.text ntkrnlpa.exe!KiDispatchInterrupt + 5A2 82CB4D52 19 Bytes [E0, 0F, BA, F0, 07, 73, 09, ...] {LOOPNZ 0x11; MOV EDX, 0x97307f0; MOV CR4, EAX; OR AL, 0x80; MOV CR4, EAX; RET ; MOV ECX, CR3}
.text ntkrnlpa.exe!KeRemoveQueueEx + 11BF 82CBBE74 4 Bytes [2C, A5, 6B, 87]
.text ntkrnlpa.exe!KeRemoveQueueEx + 11CF 82CBBE84 4 Bytes [04, 2B, 96, 87]
.text ntkrnlpa.exe!KeRemoveQueueEx + 11E3 82CBBE98 8 Bytes [54, F1, 75, 87, F4, C0, 7A, ...]
.text ntkrnlpa.exe!KeRemoveQueueEx + 1203 82CBBEB8 8 Bytes [F4, 02, E1, 86, 34, C3, 66, ...]
.text ntkrnlpa.exe!KeRemoveQueueEx + 121B 82CBBED0 4 Bytes [F4, 70, 7B, 87]
.text ...
? system32\DRIVERS\tmcomm.sys The system cannot find the path specified. !
? system32\DRIVERS\tmevtmgr.sys The system cannot find the path specified. !
? system32\DRIVERS\tmactmon.sys The system cannot find the path specified. !
.text autochk.exe 007811D1 2 Bytes [2C, 6F] {SUB AL, 0x6f}
.text autochk.exe 007811D4 19 Bytes [D3, 6B, 37, CD, 6B, 9F, C0, ...]
.text autochk.exe 007811E8 4 Bytes [FF, FF, FF, FF]
.text autochk.exe 007811FC 1 Byte [6D]
.text autochk.exe 00781200 1 Byte [6F]
.text ...

---- User code sections - GMER 1.0.15 ----

.text C:\Program Files\Internet Explorer\iexplore.exe[2260] kernel32.dll!CreateThread 76ADDCC2 5 Bytes JMP 68DE72FB C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[2260] USER32.dll!EnableWindow 76078D02 5 Bytes JMP 68E29A14 C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[2260] USER32.dll!CallNextHookEx 7607ABE1 5 Bytes JMP 68E47BB7 C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[2260] USER32.dll!UnhookWindowsHookEx 7607ADF9 5 Bytes JMP 68E6EB10 C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[2260] USER32.dll!DefWindowProcA 7607BB1C 7 Bytes JMP 68DE9525 C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[2260] USER32.dll!CreateWindowExA 7607BF40 5 Bytes JMP 68DF335B C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[2260] USER32.dll!SetWindowsHookExW 7607E30C 5 Bytes JMP 68E22194 C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[2260] USER32.dll!CreateWindowExW 7607EC7C 5 Bytes JMP 68E4FF8F C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[2260] USER32.dll!DefWindowProcW 7608507D 7 Bytes JMP 68E47C1A C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[2260] USER32.dll!DrawTextExW 76085894 5 Bytes JMP 00FCEED3
.text C:\Program Files\Internet Explorer\iexplore.exe[2260] USER32.dll!DrawTextW 76085B6A 5 Bytes JMP 00FCED11
.text C:\Program Files\Internet Explorer\iexplore.exe[2260] USER32.dll!SetClipboardData 76092962 5 Bytes JMP 00FCE987
.text C:\Program Files\Internet Explorer\iexplore.exe[2260] USER32.dll!DialogBoxParamW 76093B9B 5 Bytes JMP 00FCDC86
.text C:\Program Files\Internet Explorer\iexplore.exe[2260] USER32.dll!DrawTextA 7609AE29 5 Bytes JMP 00FCEC36
.text C:\Program Files\Internet Explorer\iexplore.exe[2260] USER32.dll!DrawTextExA 7609AE60 5 Bytes JMP 00FCEDEC
.text C:\Program Files\Internet Explorer\iexplore.exe[2260] USER32.dll!DialogBoxIndirectParamW 760A3B7F 5 Bytes JMP 68F7640E C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[2260] USER32.dll!DialogBoxParamA 760BCF42 5 Bytes JMP 68F763A9 C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[2260] USER32.dll!DialogBoxIndirectParamA 760BD274 5 Bytes JMP 68F76473 C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[2260] USER32.dll!MessageBoxIndirectA 760CE869 5 Bytes JMP 68F76330 C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[2260] USER32.dll!MessageBoxIndirectW 760CE963 5 Bytes JMP 68F762B7 C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[2260] USER32.dll!MessageBoxExA 760CE9C9 5 Bytes JMP 68F76253 C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[2260] USER32.dll!MessageBoxExW 760CE9ED 5 Bytes JMP 68F761EF C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[2260] GDI32.dll!ExtTextOutW 762C8192 5 Bytes JMP 00FCF09E
.text C:\Program Files\Internet Explorer\iexplore.exe[2260] GDI32.dll!GetGlyphIndicesW 762CB78F 5 Bytes JMP 00FCF52B
.text C:\Program Files\Internet Explorer\iexplore.exe[2260] GDI32.dll!TextOutW 762CFDE4 5 Bytes JMP 00FCEB6A
.text C:\Program Files\Internet Explorer\iexplore.exe[2260] GDI32.dll!ExtTextOutA 762D03F9 5 Bytes JMP 00FCEFBA
.text C:\Program Files\Internet Explorer\iexplore.exe[2260] GDI32.dll!TextOutA 762D077D 5 Bytes JMP 00FCEA9E
.text C:\Program Files\Internet Explorer\iexplore.exe[2260] GDI32.dll!GetGlyphIndicesA 762EBB6A 5 Bytes JMP 00FCF45E
.text C:\Program Files\Internet Explorer\iexplore.exe[2260] ole32.dll!OleLoadFromStream 76B76143 5 Bytes JMP 68F76BE7 C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[2260] WININET.dll!InternetCrackUrlW 76173129 5 Bytes JMP 00FCF93A
.text C:\Program Files\Internet Explorer\iexplore.exe[2260] WININET.dll!HttpOpenRequestA 7619B841 5 Bytes JMP 6A473EFE C:\Program Files\Microsoft\BingBar\7.1.361.0\BingExt.dll (Bing Client Extensions/Microsoft Corporation.)
.text C:\Program Files\Internet Explorer\iexplore.exe[2260] WININET.dll!HttpOpenRequestW 7619C0CF 5 Bytes JMP 6A474062 C:\Program Files\Microsoft\BingBar\7.1.361.0\BingExt.dll (Bing Client Extensions/Microsoft Corporation.)
.text C:\Program Files\Internet Explorer\iexplore.exe[2260] WS2_32.dll!closesocket 76503918 5 Bytes JMP 6A15976D C:\Program Files\Microsoft\BingBar\7.1.361.0\SeaNote.dll (Microsoft Search Note/Microsoft Corporation.)
.text C:\Program Files\Internet Explorer\iexplore.exe[2260] WS2_32.dll!socket 76503EB8 5 Bytes JMP 6A158A45 C:\Program Files\Microsoft\BingBar\7.1.361.0\SeaNote.dll (Microsoft Search Note/Microsoft Corporation.)
.text C:\Program Files\Internet Explorer\iexplore.exe[2260] WS2_32.dll!getaddrinfo 76504296 5 Bytes JMP 6A158C05 C:\Program Files\Microsoft\BingBar\7.1.361.0\SeaNote.dll (Microsoft Search Note/Microsoft Corporation.)
.text C:\Program Files\Internet Explorer\iexplore.exe[2260] WS2_32.dll!WSASend 76504406 5 Bytes JMP 00FCE5A8
.text C:\Program Files\Internet Explorer\iexplore.exe[2260] WS2_32.dll!GetAddrInfoW 76504889 5 Bytes JMP 00FCD8B7
.text C:\Program Files\Internet Explorer\iexplore.exe[2260] WS2_32.dll!recv 76506B0E 5 Bytes JMP 6A159A6E C:\Program Files\Microsoft\BingBar\7.1.361.0\SeaNote.dll (Microsoft Search Note/Microsoft Corporation.)
.text C:\Program Files\Internet Explorer\iexplore.exe[2260] WS2_32.dll!connect 76506BDD 5 Bytes JMP 6A158AD5 C:\Program Files\Microsoft\BingBar\7.1.361.0\SeaNote.dll (Microsoft Search Note/Microsoft Corporation.)
.text C:\Program Files\Internet Explorer\iexplore.exe[2260] WS2_32.dll!send 76506F01 5 Bytes JMP 6A15907B C:\Program Files\Microsoft\BingBar\7.1.361.0\SeaNote.dll (Microsoft Search Note/Microsoft Corporation.)
.text C:\Program Files\Internet Explorer\iexplore.exe[2260] WS2_32.dll!WSARecv 76507089 5 Bytes JMP 00FCE67C
.text C:\Program Files\Internet Explorer\iexplore.exe[2260] WS2_32.dll!WSAAsyncGetHostByName 7651726A 5 Bytes JMP 00FCDBA7
.text C:\Program Files\Internet Explorer\iexplore.exe[2260] WS2_32.dll!gethostbyname 76517673 5 Bytes JMP 00FCD716
.text C:\Program Files\Internet Explorer\iexplore.exe[3408] USER32.dll!EnableWindow 76078D02 5 Bytes JMP 68E29A14 C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[3408] USER32.dll!DrawTextExW 76085894 5 Bytes JMP 0100EED3
.text C:\Program Files\Internet Explorer\iexplore.exe[3408] USER32.dll!DrawTextW 76085B6A 5 Bytes JMP 0100ED11
.text C:\Program Files\Internet Explorer\iexplore.exe[3408] USER32.dll!SetClipboardData 76092962 5 Bytes JMP 0100E987
.text C:\Program Files\Internet Explorer\iexplore.exe[3408] USER32.dll!DialogBoxParamW 76093B9B 5 Bytes JMP 0100DC86
.text C:\Program Files\Internet Explorer\iexplore.exe[3408] USER32.dll!DrawTextA 7609AE29 5 Bytes JMP 0100EC36
.text C:\Program Files\Internet Explorer\iexplore.exe[3408] USER32.dll!DrawTextExA 7609AE60 5 Bytes JMP 0100EDEC
.text C:\Program Files\Internet Explorer\iexplore.exe[3408] USER32.dll!DialogBoxIndirectParamW 760A3B7F 5 Bytes JMP 68F7640E C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[3408] USER32.dll!DialogBoxParamA 760BCF42 5 Bytes JMP 68F763A9 C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[3408] USER32.dll!DialogBoxIndirectParamA 760BD274 5 Bytes JMP 68F76473 C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[3408] USER32.dll!MessageBoxIndirectA 760CE869 5 Bytes JMP 68F76330 C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[3408] USER32.dll!MessageBoxIndirectW 760CE963 5 Bytes JMP 68F762B7 C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[3408] USER32.dll!MessageBoxExA 760CE9C9 5 Bytes JMP 68F76253 C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[3408] USER32.dll!MessageBoxExW 760CE9ED 5 Bytes JMP 68F761EF C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[3408] GDI32.dll!ExtTextOutW 762C8192 5 Bytes JMP 0100F09E
.text C:\Program Files\Internet Explorer\iexplore.exe[3408] GDI32.dll!GetGlyphIndicesW 762CB78F 5 Bytes JMP 0100F52B
.text C:\Program Files\Internet Explorer\iexplore.exe[3408] GDI32.dll!TextOutW 762CFDE4 5 Bytes JMP 0100EB6A
.text C:\Program Files\Internet Explorer\iexplore.exe[3408] GDI32.dll!ExtTextOutA 762D03F9 5 Bytes JMP 0100EFBA
.text C:\Program Files\Internet Explorer\iexplore.exe[3408] GDI32.dll!TextOutA 762D077D 5 Bytes JMP 0100EA9E
.text C:\Program Files\Internet Explorer\iexplore.exe[3408] GDI32.dll!GetGlyphIndicesA 762EBB6A 5 Bytes JMP 0100F45E
.text C:\Program Files\Internet Explorer\iexplore.exe[3408] WININET.dll!InternetCrackUrlW 76173129 5 Bytes JMP 0100F93A
.text C:\Program Files\Internet Explorer\iexplore.exe[3408] WS2_32.dll!closesocket 76503918 5 Bytes JMP 0100E8E0
.text C:\Program Files\Internet Explorer\iexplore.exe[3408] WS2_32.dll!getaddrinfo 76504296 5 Bytes JMP 0100D7D7
.text C:\Program Files\Internet Explorer\iexplore.exe[3408] WS2_32.dll!WSASend 76504406 5 Bytes JMP 0100E5A8
.text C:\Program Files\Internet Explorer\iexplore.exe[3408] WS2_32.dll!GetAddrInfoW 76504889 5 Bytes JMP 0100D8B7
.text C:\Program Files\Internet Explorer\iexplore.exe[3408] WS2_32.dll!recv 76506B0E 5 Bytes JMP 0100E4FA
.text C:\Program Files\Internet Explorer\iexplore.exe[3408] WS2_32.dll!send 76506F01 5 Bytes JMP 0100E455
.text C:\Program Files\Internet Explorer\iexplore.exe[3408] WS2_32.dll!WSARecv 76507089 5 Bytes JMP 0100E67C
.text C:\Program Files\Internet Explorer\iexplore.exe[3408] WS2_32.dll!WSAAsyncGetHostByName 7651726A 5 Bytes JMP 0100DBA7
.text C:\Program Files\Internet Explorer\iexplore.exe[3408] WS2_32.dll!gethostbyname 76517673 5 Bytes JMP 0100D716

---- Devices - GMER 1.0.15 ----

AttachedDevice \Driver\tdx \Device\Tcp tmtdi.sys (Trend Micro TDI Driver (i386-fre)/Trend Micro Inc.)
AttachedDevice \Driver\volmgr \Device\HarddiskVolume1 fvevol.sys (BitLocker Drive Encryption Driver/Microsoft Corporation)
AttachedDevice \Driver\volmgr \Device\HarddiskVolume1 rdyboost.sys (ReadyBoost Driver/Microsoft Corporation)
AttachedDevice \Driver\volmgr \Device\HarddiskVolume2 fvevol.sys (BitLocker Drive Encryption Driver/Microsoft Corporation)
AttachedDevice \Driver\volmgr \Device\HarddiskVolume2 rdyboost.sys (ReadyBoost Driver/Microsoft Corporation)

Device \Driver\ACPI_HAL \Device\00000059 halmacpi.dll (Hardware Abstraction Layer DLL/Microsoft Corporation)

AttachedDevice \Driver\volmgr \Device\HarddiskVolume3 fvevol.sys (BitLocker Drive Encryption Driver/Microsoft Corporation)
AttachedDevice \Driver\volmgr \Device\HarddiskVolume3 rdyboost.sys (ReadyBoost Driver/Microsoft Corporation)
AttachedDevice \Driver\volmgr \Device\HarddiskVolume4 fvevol.sys (BitLocker Drive Encryption Driver/Microsoft Corporation)
AttachedDevice \Driver\volmgr \Device\HarddiskVolume4 rdyboost.sys (ReadyBoost Driver/Microsoft Corporation)
AttachedDevice \Driver\tdx \Device\Udp tmtdi.sys (Trend Micro TDI Driver (i386-fre)/Trend Micro Inc.)
AttachedDevice \FileSystem\fastfat \Fat fltmgr.sys (Microsoft Filesystem Filter Manager/Microsoft Corporation)

---- Registry - GMER 1.0.15 ----

Reg HKLM\SYSTEM\CurrentControlSet\services\BTHPORT\Parameters\Keys\001f3ad3f68b
Reg HKLM\SYSTEM\ControlSet002\services\BTHPORT\Parameters\Keys\001f3ad3f68b (not active ControlSet)
Reg HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Superfetch@VirtualStoreSize 1075

---- EOF - GMER 1.0.15 ----

BC AdBot (Login to Remove)

 


#2 m0le

m0le

    Can U Dig It?


  • Malware Response Team
  • 34,527 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:London, UK
  • Local time:08:29 PM

Posted 23 April 2012 - 07:11 PM

Hi,

Welcome to Bleeping Computer. My name is m0le and I will be helping you with your log.
  • Please subscribe to this topic, if you haven't already. Click the Watch This Topic button at the top on the right.

  • Please avoid installing/uninstalling or updating any programs and attempting any unsupervised fixes or scans. This can make helping you impossible.

  • Please reply to this post so I know you are there.
The forum is busy and we need to have replies as soon as possible. If I haven't had a reply after 3 days I will bump the topic and if you do not reply by the following day after that then I will close the topic.

Once I receive a reply then I will return with your first instructions.

Thanks :thumbup2:
Posted Image
m0le is a proud member of UNITE

#3 Tech4ever

Tech4ever
  • Topic Starter

  • Members
  • 8 posts
  • OFFLINE
  •  
  • Local time:06:29 AM

Posted 23 April 2012 - 09:44 PM

I am here ready to go :)

#4 m0le

m0le

    Can U Dig It?


  • Malware Response Team
  • 34,527 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:London, UK
  • Local time:08:29 PM

Posted 24 April 2012 - 06:29 PM

Let's look for a rootkit first of all

  • Download TDSSKiller and save it to your Desktop.

  • Extract its contents to your desktop and make sure TDSSKiller.exe (the contents of the zipped file) is on the Desktop itself, not within a folder on the desktop.

  • Go to Start > Run (Or you can hold down your Windows key and press R) and copy and paste the following into the text field. (make sure you include the quote marks) Then press OK.

    "%userprofile%\Desktop\TDSSKiller.exe" -l report.txt

  • Now click Start Scan.
  • If Malicious objects are found, ensure Cure is selected then click Continue > Reboot now.
  • Click Close
  • Finally press Report and copy and paste the contents into your next reply. If you've rebooted then the log will be found at C:\


Then aswMBR


Please download aswMBR ( 511KB ) to your desktop.
  • Double click the aswMBR.exe icon to run it
  • Click the Scan button to start the scan
  • On completion of the scan, click the save log button, save it to your desktop and post it in your next reply.

Posted Image
m0le is a proud member of UNITE

#5 Tech4ever

Tech4ever
  • Topic Starter

  • Members
  • 8 posts
  • OFFLINE
  •  
  • Local time:06:29 AM

Posted 26 April 2012 - 05:42 PM

It found one infection so was able to remote it. Previous virus database on ASWMBR didnt pick up anything.



TDSSKILLER:


13:10:03.0167 6004 TDSS rootkit removing tool 2.7.33.0 Apr 24 2012 18:43:43
13:10:04.0066 6004 ============================================================
13:10:04.0066 6004 Current date / time: 2012/04/26 13:10:04.0066
13:10:04.0066 6004 SystemInfo:
13:10:04.0066 6004
13:10:04.0066 6004 OS Version: 6.1.7601 ServicePack: 1.0
13:10:04.0067 6004 Product type: Workstation
13:10:04.0067 6004 ComputerName: SCOTTDESKTOP
13:10:04.0067 6004 UserName: Scott
13:10:04.0067 6004 Windows directory: C:\Windows
13:10:04.0067 6004 System windows directory: C:\Windows
13:10:04.0067 6004 Processor architecture: Intel x86
13:10:04.0067 6004 Number of processors: 2
13:10:04.0067 6004 Page size: 0x1000
13:10:04.0067 6004 Boot type: Normal boot
13:10:04.0067 6004 ============================================================
13:10:06.0820 6004 Drive \Device\Harddisk0\DR0 - Size: 0x7470C06000 (465.76 Gb), SectorSize: 0x200, Cylinders: 0xED81, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000050
13:10:06.0822 6004 ============================================================
13:10:06.0822 6004 \Device\Harddisk0\DR0:
13:10:06.0843 6004 MBR partitions:
13:10:06.0843 6004 \Device\Harddisk0\DR0\Partition0: MBR, Type 0x7, StartLBA 0x800, BlocksNum 0x258000
13:10:06.0843 6004 \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x258800, BlocksNum 0x38DA5000
13:10:06.0843 6004 \Device\Harddisk0\DR0\Partition2: MBR, Type 0x7, StartLBA 0x38FFD800, BlocksNum 0x1388000
13:10:06.0843 6004 ============================================================
13:10:06.0893 6004 C: <-> \Device\Harddisk0\DR0\Partition1
13:10:06.0945 6004 Q: <-> \Device\Harddisk0\DR0\Partition2
13:10:06.0945 6004 ============================================================
13:10:06.0945 6004 Initialize success
13:10:06.0945 6004 ============================================================
13:10:08.0399 6584 ============================================================
13:10:08.0399 6584 Scan started
13:10:08.0399 6584 Mode: Manual;
13:10:08.0399 6584 ============================================================
13:10:14.0296 6584 !SASCORE (c0393eb99a6c72c6bef9bfc4a72b33a6) C:\Program Files\SUPERAntiSpyware\SASCORE.EXE
13:10:14.0326 6584 !SASCORE - ok
13:10:14.0632 6584 1394ohci (1b133875b8aa8ac48969bd3458afe9f5) C:\Windows\system32\drivers\1394ohci.sys
13:10:14.0702 6584 1394ohci - ok
13:10:14.0863 6584 ACPI (cea80c80bed809aa0da6febc04733349) C:\Windows\system32\drivers\ACPI.sys
13:10:14.0865 6584 ACPI - ok
13:10:14.0926 6584 AcpiPmi (1efbc664abff416d1d07db115dcb264f) C:\Windows\system32\drivers\acpipmi.sys
13:10:14.0938 6584 AcpiPmi - ok
13:10:15.0369 6584 AdobeARMservice (62b7936f9036dd6ed36e6a7efa805dc0) C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe
13:10:15.0398 6584 AdobeARMservice - ok
13:10:15.0668 6584 AdobeFlashPlayerUpdateSvc (459ac130c6ab892b1cd5d7544626efc5) C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe
13:10:15.0690 6584 AdobeFlashPlayerUpdateSvc - ok
13:10:15.0739 6584 adp94xx (21e785ebd7dc90a06391141aac7892fb) C:\Windows\system32\DRIVERS\adp94xx.sys
13:10:15.0806 6584 adp94xx - ok
13:10:15.0897 6584 adpahci (0c676bc278d5b59ff5abd57bbe9123f2) C:\Windows\system32\DRIVERS\adpahci.sys
13:10:16.0506 6584 adpahci - ok
13:10:16.0551 6584 adpu320 (7c7b5ee4b7b822ec85321fe23a27db33) C:\Windows\system32\DRIVERS\adpu320.sys
13:10:16.0574 6584 adpu320 - ok
13:10:16.0607 6584 AeLookupSvc (8b5eefeec1e6d1a72a06c526628ad161) C:\Windows\System32\aelupsvc.dll
13:10:16.0622 6584 AeLookupSvc - ok
13:10:16.0915 6584 AFD (9ebbba55060f786f0fcaa3893bfa2806) C:\Windows\system32\drivers\afd.sys
13:10:16.0941 6584 AFD - ok
13:10:16.0993 6584 agp440 (507812c3054c21cef746b6ee3d04dd6e) C:\Windows\system32\drivers\agp440.sys
13:10:17.0564 6584 agp440 - ok
13:10:17.0614 6584 aic78xx (8b30250d573a8f6b4bd23195160d8707) C:\Windows\system32\DRIVERS\djsvs.sys
13:10:17.0633 6584 aic78xx - ok
13:10:17.0687 6584 ALG (18a54e132947cd98fea9accc57f98f13) C:\Windows\System32\alg.exe
13:10:17.0717 6584 ALG - ok
13:10:17.0757 6584 aliide (0d40bcf52ea90fc7df2aeab6503dea44) C:\Windows\system32\drivers\aliide.sys
13:10:17.0770 6584 aliide - ok
13:10:17.0779 6584 amdagp (3c6600a0696e90a463771c7422e23ab5) C:\Windows\system32\drivers\amdagp.sys
13:10:17.0793 6584 amdagp - ok
13:10:17.0797 6584 amdide (cd5914170297126b6266860198d1d4f0) C:\Windows\system32\drivers\amdide.sys
13:10:17.0810 6584 amdide - ok
13:10:17.0869 6584 AmdK8 (00dda200d71bac534bf56a9db5dfd666) C:\Windows\system32\DRIVERS\amdk8.sys
13:10:18.0339 6584 AmdK8 - ok
13:10:18.0387 6584 AmdPPM (3cbf30f5370fda40dd3e87df38ea53b6) C:\Windows\system32\DRIVERS\amdppm.sys
13:10:18.0965 6584 AmdPPM - ok
13:10:19.0017 6584 amdsata (e7f4d42d8076ec60e21715cd11743a0d) C:\Windows\system32\drivers\amdsata.sys
13:10:19.0038 6584 amdsata - ok
13:10:19.0109 6584 amdsbs (ea43af0c423ff267355f74e7a53bdaba) C:\Windows\system32\DRIVERS\amdsbs.sys
13:10:19.0156 6584 amdsbs - ok
13:10:19.0173 6584 amdxata (146459d2b08bfdcbfa856d9947043c81) C:\Windows\system32\drivers\amdxata.sys
13:10:19.0191 6584 amdxata - ok
13:10:19.0228 6584 AppID (aea177f783e20150ace5383ee368da19) C:\Windows\system32\drivers\appid.sys
13:10:19.0248 6584 AppID - ok
13:10:19.0292 6584 AppIDSvc (62a9c86cb6085e20db4823e4e97826f5) C:\Windows\System32\appidsvc.dll
13:10:19.0304 6584 AppIDSvc - ok
13:10:19.0377 6584 Appinfo (fb1959012294d6ad43e5304df65e3c26) C:\Windows\System32\appinfo.dll
13:10:19.0388 6584 Appinfo - ok
13:10:19.0591 6584 Apple Mobile Device (7ef47644b74ebe721cc32211d3c35e76) C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
13:10:19.0639 6584 Apple Mobile Device - ok
13:10:19.0931 6584 AppMgmt (a45d184df6a8803da13a0b329517a64a) C:\Windows\System32\appmgmts.dll
13:10:19.0945 6584 AppMgmt - ok
13:10:19.0999 6584 arc (2932004f49677bd84dbc72edb754ffb3) C:\Windows\system32\DRIVERS\arc.sys
13:10:20.0017 6584 arc - ok
13:10:20.0054 6584 arcsas (5d6f36c46fd283ae1b57bd2e9feb0bc7) C:\Windows\system32\DRIVERS\arcsas.sys
13:10:20.0515 6584 arcsas - ok
13:10:20.0544 6584 AsyncMac (add2ade1c2b285ab8378d2daaf991481) C:\Windows\system32\DRIVERS\asyncmac.sys
13:10:20.0545 6584 AsyncMac - ok
13:10:20.0573 6584 atapi (338c86357871c167a96ab976519bf59e) C:\Windows\system32\drivers\atapi.sys
13:10:20.0573 6584 atapi - ok
13:10:20.0620 6584 AudioEndpointBuilder (ce3b4e731638d2ef62fcb419be0d39f0) C:\Windows\System32\Audiosrv.dll
13:10:20.0638 6584 AudioEndpointBuilder - ok
13:10:20.0642 6584 Audiosrv (ce3b4e731638d2ef62fcb419be0d39f0) C:\Windows\System32\Audiosrv.dll
13:10:20.0645 6584 Audiosrv - ok
13:10:20.0684 6584 AxInstSV (6e30d02aac9cac84f421622e3a2f6178) C:\Windows\System32\AxInstSV.dll
13:10:20.0702 6584 AxInstSV - ok
13:10:20.0733 6584 b06bdrv (1a231abec60fd316ec54c66715543cec) C:\Windows\system32\DRIVERS\bxvbdx.sys
13:10:21.0408 6584 b06bdrv - ok
13:10:21.0539 6584 b57nd60x (bd8869eb9cde6bbe4508d869929869ee) C:\Windows\system32\DRIVERS\b57nd60x.sys
13:10:21.0564 6584 b57nd60x - ok
13:10:21.0715 6584 BBSvc (a2494901e7226b356b8c1005c45f1c5f) C:\Program Files\Microsoft\BingBar\7.1.361.0\BBSvc.exe
13:10:21.0716 6584 BBSvc - ok
13:10:21.0752 6584 BBUpdate (63b1cbbae4790b5bac98f01bf9449722) C:\Program Files\Microsoft\BingBar\7.1.361.0\SeaPort.exe
13:10:21.0754 6584 BBUpdate - ok
13:10:21.0784 6584 BDESVC (ee1e9c3bb8228ae423dd38db69128e71) C:\Windows\System32\bdesvc.dll
13:10:21.0800 6584 BDESVC - ok
13:10:21.0835 6584 Beep (505506526a9d467307b3c393dedaf858) C:\Windows\system32\drivers\Beep.sys
13:10:21.0847 6584 Beep - ok
13:10:21.0903 6584 BFE (1e2bac209d184bb851e1a187d8a29136) C:\Windows\System32\bfe.dll
13:10:21.0926 6584 BFE - ok
13:10:22.0016 6584 BITS (e585445d5021971fae10393f0f1c3961) C:\Windows\system32\qmgr.dll
13:10:22.0070 6584 BITS - ok
13:10:22.0094 6584 blbdrive (2287078ed48fcfc477b05b20cf38f36f) C:\Windows\system32\DRIVERS\blbdrive.sys
13:10:22.0107 6584 blbdrive - ok
13:10:22.0186 6584 Bonjour Service (db5bea73edaf19ac68b2c0fad0f92b1a) C:\Program Files\Bonjour\mDNSResponder.exe
13:10:22.0257 6584 Bonjour Service - ok
13:10:22.0287 6584 bowser (8f2da3028d5fcbd1a060a3de64cd6506) C:\Windows\system32\DRIVERS\bowser.sys
13:10:22.0319 6584 bowser - ok
13:10:22.0333 6584 BrFiltLo (9f9acc7f7ccde8a15c282d3f88b43309) C:\Windows\system32\DRIVERS\BrFiltLo.sys
13:10:22.0357 6584 BrFiltLo - ok
13:10:22.0376 6584 BrFiltUp (56801ad62213a41f6497f96dee83755a) C:\Windows\system32\DRIVERS\BrFiltUp.sys
13:10:22.0394 6584 BrFiltUp - ok
13:10:22.0423 6584 BridgeMP (77361d72a04f18809d0efb6cceb74d4b) C:\Windows\system32\DRIVERS\bridge.sys
13:10:23.0095 6584 BridgeMP - ok
13:10:23.0125 6584 Browser (6e11f33d14d020f58d5e02e4d67dfa19) C:\Windows\System32\browser.dll
13:10:23.0149 6584 Browser - ok
13:10:23.0190 6584 Brserid (845b8ce732e67f3b4133164868c666ea) C:\Windows\System32\Drivers\Brserid.sys
13:10:23.0224 6584 Brserid - ok
13:10:23.0237 6584 BrSerWdm (203f0b1e73adadbbb7b7b1fabd901f6b) C:\Windows\System32\Drivers\BrSerWdm.sys
13:10:23.0252 6584 BrSerWdm - ok
13:10:23.0258 6584 BrUsbMdm (bd456606156ba17e60a04e18016ae54b) C:\Windows\System32\Drivers\BrUsbMdm.sys
13:10:23.0288 6584 BrUsbMdm - ok
13:10:23.0292 6584 BrUsbSer (af72ed54503f717a43268b3cc5faec2e) C:\Windows\System32\Drivers\BrUsbSer.sys
13:10:23.0315 6584 BrUsbSer - ok
13:10:23.0382 6584 BthEnum (2865a5c8e98c70c605f417908cebb3a4) C:\Windows\system32\drivers\BthEnum.sys
13:10:23.0402 6584 BthEnum - ok
13:10:23.0457 6584 BTHMODEM (ed3df7c56ce0084eb2034432fc56565a) C:\Windows\system32\DRIVERS\bthmodem.sys
13:10:24.0133 6584 BTHMODEM - ok
13:10:24.0231 6584 BthPan (ad1872e5829e8a2c3b5b4b641c3eab0e) C:\Windows\system32\DRIVERS\bthpan.sys
13:10:25.0251 6584 BthPan - ok
13:10:25.0286 6584 BTHPORT (c2fbf6d271d9a94d839c416bf186ead9) C:\Windows\System32\Drivers\BTHport.sys
13:10:25.0393 6584 BTHPORT - ok
13:10:25.0461 6584 bthserv (1df19c96eef6c29d1c3e1a8678e07190) C:\Windows\system32\bthserv.dll
13:10:25.0479 6584 bthserv - ok
13:10:25.0819 6584 BTHUSB (c81e9413a25a439f436b1d4b6a0cf9e9) C:\Windows\System32\Drivers\BTHUSB.sys
13:10:25.0862 6584 BTHUSB - ok
13:10:26.0278 6584 catchme - ok
13:10:26.0301 6584 cdfs (77ea11b065e0a8ab902d78145ca51e10) C:\Windows\system32\DRIVERS\cdfs.sys
13:10:27.0013 6584 cdfs - ok
13:10:27.0061 6584 cdrom (be167ed0fdb9c1fa1133953c18d5a6c9) C:\Windows\system32\drivers\cdrom.sys
13:10:27.0081 6584 cdrom - ok
13:10:27.0112 6584 CertPropSvc (319c6b309773d063541d01df8ac6f55f) C:\Windows\System32\certprop.dll
13:10:27.0127 6584 CertPropSvc - ok
13:10:27.0144 6584 circlass (3fe3fe94a34df6fb06e6418d0f6a0060) C:\Windows\system32\DRIVERS\circlass.sys
13:10:27.0158 6584 circlass - ok
13:10:27.0192 6584 CLFS (635181e0e9bbf16871bf5380d71db02d) C:\Windows\system32\CLFS.sys
13:10:27.0213 6584 CLFS - ok
13:10:27.0267 6584 clr_optimization_v2.0.50727_32 (d88040f816fda31c3b466f0fa0918f29) C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
13:10:27.0283 6584 clr_optimization_v2.0.50727_32 - ok
13:10:27.0426 6584 clr_optimization_v4.0.30319_32 (c5a75eb48e2344abdc162bda79e16841) C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
13:10:27.0457 6584 clr_optimization_v4.0.30319_32 - ok
13:10:27.0557 6584 CmBatt (dea805815e587dad1dd2c502220b5616) C:\Windows\system32\DRIVERS\CmBatt.sys
13:10:27.0580 6584 CmBatt - ok
13:10:27.0635 6584 cmdide (c537b1db64d495b9b4717b4d6d9edbf2) C:\Windows\system32\drivers\cmdide.sys
13:10:27.0675 6584 cmdide - ok
13:10:27.0723 6584 CNG (6427525d76f61d0c519b008d3680e8e7) C:\Windows\system32\Drivers\cng.sys
13:10:27.0749 6584 CNG - ok
13:10:27.0769 6584 Compbatt (a6023d3823c37043986713f118a89bee) C:\Windows\system32\DRIVERS\compbatt.sys
13:10:27.0782 6584 Compbatt - ok
13:10:27.0822 6584 CompositeBus (cbe8c58a8579cfe5fccf809e6f114e89) C:\Windows\system32\drivers\CompositeBus.sys
13:10:27.0837 6584 CompositeBus - ok
13:10:27.0848 6584 COMSysApp - ok
13:10:27.0871 6584 crcdisk (2c4ebcfc84a9b44f209dff6c6e6c61d1) C:\Windows\system32\DRIVERS\crcdisk.sys
13:10:27.0894 6584 crcdisk - ok
13:10:27.0927 6584 CryptSvc (a585bebf7d054bd9618eda0922d5484a) C:\Windows\system32\cryptsvc.dll
13:10:27.0945 6584 CryptSvc - ok
13:10:27.0995 6584 CSC (3c2177a897b4ca2788c6fb0c3fd81d4b) C:\Windows\system32\drivers\csc.sys
13:10:28.0029 6584 CSC - ok
13:10:28.0048 6584 CscService (15f93b37f6801943360d9eb42485d5d3) C:\Windows\System32\cscsvc.dll
13:10:28.0077 6584 CscService - ok
13:10:28.0111 6584 DcomLaunch (7660f01d3b38aca1747e397d21d790af) C:\Windows\system32\rpcss.dll
13:10:28.0116 6584 DcomLaunch - ok
13:10:28.0156 6584 defragsvc (8d6e10a2d9a5eed59562d9b82cf804e1) C:\Windows\System32\defragsvc.dll
13:10:28.0191 6584 defragsvc - ok
13:10:28.0249 6584 DfsC (f024449c97ec1e464aaffda18593db88) C:\Windows\system32\Drivers\dfsc.sys
13:10:28.0274 6584 DfsC - ok
13:10:28.0324 6584 Dhcp (e9e01eb683c132f7fa27cd607b8a2b63) C:\Windows\system32\dhcpcore.dll
13:10:28.0340 6584 Dhcp - ok
13:10:28.0359 6584 discache (1a050b0274bfb3890703d490f330c0da) C:\Windows\system32\drivers\discache.sys
13:10:28.0385 6584 discache - ok
13:10:28.0417 6584 Disk (565003f326f99802e68ca78f2a68e9ff) C:\Windows\system32\DRIVERS\disk.sys
13:10:28.0433 6584 Disk - ok
13:10:28.0471 6584 Dnscache (33ef4861f19a0736b11314aad9ae28d0) C:\Windows\System32\dnsrslvr.dll
13:10:28.0497 6584 Dnscache - ok
13:10:28.0542 6584 dot3svc (366ba8fb4b7bb7435e3b9eacb3843f67) C:\Windows\System32\dot3svc.dll
13:10:28.0561 6584 dot3svc - ok
13:10:28.0591 6584 DPS (8ec04ca86f1d68da9e11952eb85973d6) C:\Windows\system32\dps.dll
13:10:28.0606 6584 DPS - ok
13:10:28.0626 6584 drmkaud (b918e7c5f9bf77202f89e1a9539f2eb4) C:\Windows\system32\drivers\drmkaud.sys
13:10:28.0627 6584 drmkaud - ok
13:10:28.0690 6584 DXGKrnl (23f5d28378a160352ba8f817bd8c71cb) C:\Windows\System32\drivers\dxgkrnl.sys
13:10:28.0699 6584 DXGKrnl - ok
13:10:28.0717 6584 EapHost (8600142fa91c1b96367d3300ad0f3f3a) C:\Windows\System32\eapsvc.dll
13:10:28.0738 6584 EapHost - ok
13:10:29.0010 6584 ebdrv (024e1b5cac09731e4d868e64dbfb4ab0) C:\Windows\system32\DRIVERS\evbdx.sys
13:10:29.0203 6584 ebdrv - ok
13:10:29.0280 6584 EFS (81951f51e318aecc2d68559e47485cc4) C:\Windows\System32\lsass.exe
13:10:29.0305 6584 EFS - ok
13:10:29.0652 6584 ehRecvr (a8c362018efc87beb013ee28f29c0863) C:\Windows\ehome\ehRecvr.exe
13:10:29.0786 6584 ehRecvr - ok
13:10:29.0810 6584 ehSched (d389bff34f80caede417bf9d1507996a) C:\Windows\ehome\ehsched.exe
13:10:29.0852 6584 ehSched - ok
13:10:29.0906 6584 elxstor (0ed67910c8c326796faa00b2bf6d9d3c) C:\Windows\system32\DRIVERS\elxstor.sys
13:10:29.0932 6584 elxstor - ok
13:10:29.0964 6584 ErrDev (8fc3208352dd3912c94367a206ab3f11) C:\Windows\system32\drivers\errdev.sys
13:10:30.0578 6584 ErrDev - ok
13:10:30.0629 6584 EventSystem (f6916efc29d9953d5d0df06882ae8e16) C:\Windows\system32\es.dll
13:10:30.0631 6584 EventSystem - ok
13:10:30.0653 6584 exfat (2dc9108d74081149cc8b651d3a26207f) C:\Windows\system32\drivers\exfat.sys
13:10:30.0680 6584 exfat - ok
13:10:30.0691 6584 fastfat (7e0ab74553476622fb6ae36f73d97d35) C:\Windows\system32\drivers\fastfat.sys
13:10:30.0722 6584 fastfat - ok
13:10:30.0784 6584 Fax (967ea5b213e9984cbe270205df37755b) C:\Windows\system32\fxssvc.exe
13:10:30.0830 6584 Fax - ok
13:10:30.0843 6584 fdc (e817a017f82df2a1f8cfdbda29388b29) C:\Windows\system32\DRIVERS\fdc.sys
13:10:31.0307 6584 fdc - ok
13:10:31.0331 6584 fdPHost (f3222c893bd2f5821a0179e5c71e88fb) C:\Windows\system32\fdPHost.dll
13:10:31.0365 6584 fdPHost - ok
13:10:31.0397 6584 FDResPub (7dbe8cbfe79efbdeb98c9fb08d3a9a5b) C:\Windows\system32\fdrespub.dll
13:10:31.0411 6584 FDResPub - ok
13:10:31.0453 6584 FileInfo (6cf00369c97f3cf563be99be983d13d8) C:\Windows\system32\drivers\fileinfo.sys
13:10:31.0476 6584 FileInfo - ok
13:10:31.0573 6584 Filetrace (42c51dc94c91da21cb9196eb64c45db9) C:\Windows\system32\drivers\filetrace.sys
13:10:31.0592 6584 Filetrace - ok
13:10:31.0676 6584 FixTDSS (77d6ffaa3010b66fb4692532d75a585f) C:\Windows\system32\drivers\FixTDSS.sys
13:10:31.0697 6584 FixTDSS - ok
13:10:31.0725 6584 flpydisk (87907aa70cb3c56600f1c2fb8841579b) C:\Windows\system32\DRIVERS\flpydisk.sys
13:10:31.0755 6584 flpydisk - ok
13:10:31.0810 6584 FltMgr (7520ec808e0c35e0ee6f841294316653) C:\Windows\system32\drivers\fltmgr.sys
13:10:31.0851 6584 FltMgr - ok
13:10:32.0152 6584 FontCache (fa6c66e4364d7da57aade5dcc03bb999) C:\Windows\system32\FntCache.dll
13:10:32.0230 6584 FontCache - ok
13:10:32.0366 6584 FontCache3.0.0.0 (e56f39f6b7fda0ac77a79b0fd3de1a2f) C:\Windows\Microsoft.Net\Framework\v3.0\WPF\PresentationFontCache.exe
13:10:32.0389 6584 FontCache3.0.0.0 - ok
13:10:32.0427 6584 FsDepends (1a16b57943853e598cff37fe2b8cbf1d) C:\Windows\system32\drivers\FsDepends.sys
13:10:32.0902 6584 FsDepends - ok
13:10:32.0931 6584 Fs_Rec (7dae5ebcc80e45d3253f4923dc424d05) C:\Windows\system32\drivers\Fs_Rec.sys
13:10:32.0953 6584 Fs_Rec - ok
13:10:33.0253 6584 fvevol (8a73e79089b282100b9393b644cb853b) C:\Windows\system32\DRIVERS\fvevol.sys
13:10:33.0291 6584 fvevol - ok
13:10:33.0495 6584 gagp30kx (65ee0c7a58b65e74ae05637418153938) C:\Windows\system32\DRIVERS\gagp30kx.sys
13:10:33.0537 6584 gagp30kx - ok
13:10:33.0637 6584 GEARAspiWDM (8182ff89c65e4d38b2de4bb0fb18564e) C:\Windows\system32\DRIVERS\GEARAspiWDM.sys
13:10:33.0676 6584 GEARAspiWDM - ok
13:10:33.0977 6584 GoToAssist (5cc2b1d06ac1962af5fbbcf88d781dd8) C:\Program Files\Citrix\GoToAssist\570\g2aservice.exe
13:10:34.0013 6584 GoToAssist - ok
13:10:34.0206 6584 GoToAssist Express Customer (6eb738ffc7dc8066eb5f4c6c5a5cdbe2) C:\Program Files\Citrix\GoToAssist Express Customer\363\g2ax_service.exe
13:10:34.0275 6584 GoToAssist Express Customer - ok
13:10:34.0324 6584 gpsvc (e897eaf5ed6ba41e081060c9b447a673) C:\Windows\System32\gpsvc.dll
13:10:34.0329 6584 gpsvc - ok
13:10:34.0399 6584 gupdate (f02a533f517eb38333cb12a9e8963773) C:\Program Files\Google\Update\GoogleUpdate.exe
13:10:34.0419 6584 gupdate - ok
13:10:34.0441 6584 gupdatem (f02a533f517eb38333cb12a9e8963773) C:\Program Files\Google\Update\GoogleUpdate.exe
13:10:34.0443 6584 gupdatem - ok
13:10:34.0479 6584 gusvc (cc839e8d766cc31a7710c9f38cf3e375) C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
13:10:34.0509 6584 gusvc - ok
13:10:34.0572 6584 hcw85cir (c44e3c2bab6837db337ddee7544736db) C:\Windows\system32\drivers\hcw85cir.sys
13:10:34.0588 6584 hcw85cir - ok
13:10:34.0632 6584 HdAudAddService (a5ef29d5315111c80a5c1abad14c8972) C:\Windows\system32\drivers\HdAudio.sys
13:10:34.0651 6584 HdAudAddService - ok
13:10:34.0698 6584 HDAudBus (9036377b8a6c15dc2eec53e489d159b5) C:\Windows\system32\DRIVERS\HDAudBus.sys
13:10:34.0699 6584 HDAudBus - ok
13:10:34.0707 6584 HidBatt (1d58a7f3e11a9731d0eaaaa8405acc36) C:\Windows\system32\DRIVERS\HidBatt.sys
13:10:34.0723 6584 HidBatt - ok
13:10:34.0733 6584 HidBth (89448f40e6df260c206a193a4683ba78) C:\Windows\system32\DRIVERS\hidbth.sys
13:10:35.0360 6584 HidBth - ok
13:10:35.0421 6584 HidIr (cf50b4cf4a4f229b9f3c08351f99ca5e) C:\Windows\system32\DRIVERS\hidir.sys
13:10:35.0440 6584 HidIr - ok
13:10:35.0462 6584 hidserv (2bc6f6a1992b3a77f5f41432ca6b3b6b) C:\Windows\System32\hidserv.dll
13:10:35.0477 6584 hidserv - ok
13:10:35.0518 6584 HidUsb (10c19f8290891af023eaec0832e1eb4d) C:\Windows\system32\DRIVERS\hidusb.sys
13:10:35.0532 6584 HidUsb - ok
13:10:35.0568 6584 hkmsvc (196b4e3f4cccc24af836ce58facbb699) C:\Windows\system32\kmsvc.dll
13:10:35.0580 6584 hkmsvc - ok
13:10:35.0616 6584 HomeGroupListener (6658f4404de03d75fe3ba09f7aba6a30) C:\Windows\system32\ListSvc.dll
13:10:35.0657 6584 HomeGroupListener - ok
13:10:35.0700 6584 HomeGroupProvider (dbc02d918fff1cad628acbe0c0eaa8e8) C:\Windows\system32\provsvc.dll
13:10:35.0723 6584 HomeGroupProvider - ok
13:10:35.0750 6584 HpSAMD (295fdc419039090eb8b49ffdbb374549) C:\Windows\system32\drivers\HpSAMD.sys
13:10:36.0215 6584 HpSAMD - ok
13:10:36.0259 6584 HTTP (871917b07a141bff43d76d8844d48106) C:\Windows\system32\drivers\HTTP.sys
13:10:36.0843 6584 HTTP - ok
13:10:36.0852 6584 hwpolicy (0c4e035c7f105f1299258c90886c64c5) C:\Windows\system32\drivers\hwpolicy.sys
13:10:36.0868 6584 hwpolicy - ok
13:10:36.0911 6584 i8042prt (f151f0bdc47f4a28b1b20a0818ea36d6) C:\Windows\system32\drivers\i8042prt.sys
13:10:36.0936 6584 i8042prt - ok
13:10:36.0976 6584 iaStorV (a3cae5d281db4cff7cff8233507ee5ad) C:\Windows\system32\drivers\iaStorV.sys
13:10:37.0515 6584 iaStorV - ok
13:10:37.0614 6584 idsvc (c521d7eb6497bb1af6afa89e322fb43c) C:\Windows\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe
13:10:37.0658 6584 idsvc - ok
13:10:40.0370 6584 igfx (8266ae06df974e5ba047b3e9e9e70b3f) C:\Windows\system32\DRIVERS\igdkmd32.sys
13:10:41.0758 6584 igfx - ok
13:10:43.0082 6584 iirsp (4173ff5708f3236cf25195fecd742915) C:\Windows\system32\DRIVERS\iirsp.sys
13:10:43.0588 6584 iirsp - ok
13:10:44.0263 6584 IKEEXT (f95622f161474511b8d80d6b093aa610) C:\Windows\System32\ikeext.dll
13:10:44.0387 6584 IKEEXT - ok
13:10:46.0242 6584 IntcAzAudAddService (d5fc595475ac551d4fff65d98e957a52) C:\Windows\system32\drivers\RTKVHDA.sys
13:10:46.0368 6584 IntcAzAudAddService - ok
13:10:46.0506 6584 intelide (a0f12f2c9ba6c72f3987ce780e77c130) C:\Windows\system32\drivers\intelide.sys
13:10:46.0517 6584 intelide - ok
13:10:46.0547 6584 intelppm (3b514d27bfc4accb4037bc6685f766e0) C:\Windows\system32\DRIVERS\intelppm.sys
13:10:46.0559 6584 intelppm - ok
13:10:46.0601 6584 IPBusEnum (acb364b9075a45c0736e5c47be5cae19) C:\Windows\system32\ipbusenum.dll
13:10:46.0855 6584 IPBusEnum - ok
13:10:46.0945 6584 IpFilterDriver (709d1761d3b19a932ff0238ea6d50200) C:\Windows\system32\DRIVERS\ipfltdrv.sys
13:10:46.0958 6584 IpFilterDriver - ok
13:10:47.0033 6584 iphlpsvc (4d65a07b795d6674312f879d09aa7663) C:\Windows\System32\iphlpsvc.dll
13:10:47.0055 6584 iphlpsvc - ok
13:10:47.0088 6584 IPMIDRV (4bd7134618c1d2a27466a099062547bf) C:\Windows\system32\drivers\IPMIDrv.sys
13:10:47.0104 6584 IPMIDRV - ok
13:10:47.0115 6584 IPNAT (a5fa468d67abcdaa36264e463a7bb0cd) C:\Windows\system32\drivers\ipnat.sys
13:10:47.0134 6584 IPNAT - ok
13:10:47.0657 6584 iPod Service (57edb35ea2feca88f8b17c0c095c9a56) C:\Program Files\iPod\bin\iPodService.exe
13:10:47.0681 6584 iPod Service - ok
13:10:47.0710 6584 IRENUM (42996cff20a3084a56017b7902307e9f) C:\Windows\system32\drivers\irenum.sys
13:10:47.0721 6584 IRENUM - ok
13:10:47.0753 6584 isapnp (1f32bb6b38f62f7df1a7ab7292638a35) C:\Windows\system32\drivers\isapnp.sys
13:10:48.0670 6584 isapnp - ok
13:10:48.0721 6584 iScsiPrt (cb7a9abb12b8415bce5d74994c7ba3ae) C:\Windows\system32\drivers\msiscsi.sys
13:10:48.0751 6584 iScsiPrt - ok
13:10:48.0789 6584 kbdclass (adef52ca1aeae82b50df86b56413107e) C:\Windows\system32\DRIVERS\kbdclass.sys
13:10:49.0644 6584 kbdclass - ok
13:10:49.0883 6584 kbdhid (9e3ced91863e6ee98c24794d05e27a71) C:\Windows\system32\DRIVERS\kbdhid.sys
13:11:05.0623 6584 kbdhid - ok
13:11:05.0780 6584 KeyIso (81951f51e318aecc2d68559e47485cc4) C:\Windows\system32\lsass.exe
13:11:06.0538 6584 KeyIso - ok
13:11:06.0636 6584 KSecDD (f4647bb23db9038a7536cf6b68f4207f) C:\Windows\system32\Drivers\ksecdd.sys
13:11:06.0727 6584 KSecDD - ok
13:11:06.0988 6584 KSecPkg (e73cae53bbb72ba26918492c6b4c229d) C:\Windows\system32\Drivers\ksecpkg.sys
13:11:07.0040 6584 KSecPkg - ok
13:11:07.0188 6584 KtmRm (89a7b9cc98d0d80c6f31b91c0a310fcd) C:\Windows\system32\msdtckrm.dll
13:11:07.0210 6584 KtmRm - ok
13:11:07.0312 6584 LanmanServer (d64af876d53eca3668bb97b51b4e70ab) C:\Windows\System32\srvsvc.dll
13:11:07.0410 6584 LanmanServer - ok
13:11:07.0626 6584 LanmanWorkstation (58405e4f68ba8e4057c6e914f326aba2) C:\Windows\System32\wkssvc.dll
13:11:07.0669 6584 LanmanWorkstation - ok
13:11:07.0718 6584 lltdio (f7611ec07349979da9b0ae1f18ccc7a6) C:\Windows\system32\DRIVERS\lltdio.sys
13:11:07.0734 6584 lltdio - ok
13:11:08.0533 6584 lltdsvc (5700673e13a2117fa3b9020c852c01e2) C:\Windows\System32\lltdsvc.dll
13:11:08.0826 6584 lltdsvc - ok
13:11:09.0002 6584 lmhosts (55ca01ba19d0006c8f2639b6c045e08b) C:\Windows\System32\lmhsvc.dll
13:11:09.0050 6584 lmhosts - ok
13:11:09.0298 6584 LMIGuardianSvc - ok
13:11:09.0309 6584 LMIInfo - ok
13:11:09.0340 6584 lmimirr (4477689e2d8ae6b78ba34c9af4cc1ed1) C:\Windows\system32\DRIVERS\lmimirr.sys
13:11:09.0350 6584 lmimirr - ok
13:11:09.0579 6584 LMIRfsClientNP - ok
13:11:09.0844 6584 LMIRfsDriver (3faa563ddf853320f90259d455a01d79) C:\Windows\system32\drivers\LMIRfsDriver.sys
13:11:09.0865 6584 LMIRfsDriver - ok
13:11:10.0111 6584 LSI_FC (eb119a53ccf2acc000ac71b065b78fef) C:\Windows\system32\DRIVERS\lsi_fc.sys
13:11:10.0950 6584 LSI_FC - ok
13:11:11.0166 6584 LSI_SAS (8ade1c877256a22e49b75d1cc9161f9c) C:\Windows\system32\DRIVERS\lsi_sas.sys
13:11:11.0218 6584 LSI_SAS - ok
13:11:11.0350 6584 LSI_SAS2 (dc9dc3d3daa0e276fd2ec262e38b11e9) C:\Windows\system32\DRIVERS\lsi_sas2.sys
13:11:11.0385 6584 LSI_SAS2 - ok
13:11:11.0678 6584 LSI_SCSI (0a036c7d7cab643a7f07135ac47e0524) C:\Windows\system32\DRIVERS\lsi_scsi.sys
13:11:11.0720 6584 LSI_SCSI - ok
13:11:11.0827 6584 luafv (6703e366cc18d3b6e534f5cf7df39cee) C:\Windows\system32\drivers\luafv.sys
13:11:11.0863 6584 luafv - ok
13:11:11.0957 6584 Mcx2Svc (bfb9ee8ee977efe85d1a3105abef6dd1) C:\Windows\system32\Mcx2Svc.dll
13:11:12.0447 6584 Mcx2Svc - ok
13:11:12.0537 6584 megasas (0fff5b045293002ab38eb1fd1fc2fb74) C:\Windows\system32\DRIVERS\megasas.sys
13:11:12.0570 6584 megasas - ok
13:11:12.0918 6584 MegaSR (dcbab2920c75f390caf1d29f675d03d6) C:\Windows\system32\DRIVERS\MegaSR.sys
13:11:13.0064 6584 MegaSR - ok
13:11:13.0269 6584 MMCSS (146b6f43a673379a3c670e86d89be5ea) C:\Windows\system32\mmcss.dll
13:11:13.0284 6584 MMCSS - ok
13:11:13.0370 6584 Modem (f001861e5700ee84e2d4e52c712f4964) C:\Windows\system32\drivers\modem.sys
13:11:13.0432 6584 Modem - ok
13:11:13.0600 6584 monitor (79d10964de86b292320e9dfe02282a23) C:\Windows\system32\DRIVERS\monitor.sys
13:11:13.0642 6584 monitor - ok
13:11:14.0163 6584 mouclass (fb18cc1d4c2e716b6b903b0ac0cc0609) C:\Windows\system32\DRIVERS\mouclass.sys
13:11:14.0193 6584 mouclass - ok
13:11:14.0305 6584 mouhid (2c388d2cd01c9042596cf3c8f3c7b24d) C:\Windows\system32\DRIVERS\mouhid.sys
13:11:14.0954 6584 mouhid - ok
13:11:15.0096 6584 mountmgr (fc8771f45ecccfd89684e38842539b9b) C:\Windows\system32\drivers\mountmgr.sys
13:11:15.0112 6584 mountmgr - ok
13:11:15.0188 6584 mpio (2d699fb6e89ce0d8da14ecc03b3edfe0) C:\Windows\system32\drivers\mpio.sys
13:11:15.0256 6584 mpio - ok
13:11:15.0317 6584 mpsdrv (ad2723a7b53dd1aacae6ad8c0bfbf4d0) C:\Windows\system32\drivers\mpsdrv.sys
13:11:15.0330 6584 mpsdrv - ok
13:11:15.0743 6584 MpsSvc (9835584e999d25004e1ee8e5f3e3b881) C:\Windows\system32\mpssvc.dll
13:11:15.0776 6584 MpsSvc - ok
13:11:15.0869 6584 MRxDAV (ceb46ab7c01c9f825f8cc6babc18166a) C:\Windows\system32\drivers\mrxdav.sys
13:11:15.0929 6584 MRxDAV - ok
13:11:16.0036 6584 mrxsmb (5d16c921e3671636c0eba3bbaac5fd25) C:\Windows\system32\DRIVERS\mrxsmb.sys
13:11:16.0064 6584 mrxsmb - ok
13:11:16.0212 6584 mrxsmb10 (6d17a4791aca19328c685d256349fefc) C:\Windows\system32\DRIVERS\mrxsmb10.sys
13:11:16.0298 6584 mrxsmb10 - ok
13:11:16.0649 6584 mrxsmb20 (b81f204d146000be76651a50670a5e9e) C:\Windows\system32\DRIVERS\mrxsmb20.sys
13:11:16.0744 6584 mrxsmb20 - ok
13:11:16.0799 6584 msahci (012c5f4e9349e711e11e0f19a8589f0a) C:\Windows\system32\drivers\msahci.sys
13:11:17.0433 6584 msahci - ok
13:11:17.0598 6584 msdsm (55055f8ad8be27a64c831322a780a228) C:\Windows\system32\drivers\msdsm.sys
13:11:18.0087 6584 msdsm - ok
13:11:18.0183 6584 MSDTC (e1bce74a3bd9902b72599c0192a07e27) C:\Windows\System32\msdtc.exe
13:11:18.0703 6584 MSDTC - ok
13:11:18.0797 6584 Msfs (daefb28e3af5a76abcc2c3078c07327f) C:\Windows\system32\drivers\Msfs.sys
13:11:18.0815 6584 Msfs - ok
13:11:18.0865 6584 mshidkmdf (3e1e5767043c5af9367f0056295e9f84) C:\Windows\System32\drivers\mshidkmdf.sys
13:11:19.0337 6584 mshidkmdf - ok
13:11:19.0446 6584 msisadrv (0a4e5757ae09fa9622e3158cc1aef114) C:\Windows\system32\drivers\msisadrv.sys
13:11:19.0520 6584 msisadrv - ok
13:11:19.0739 6584 MSiSCSI (90f7d9e6b6f27e1a707d4a297f077828) C:\Windows\system32\iscsiexe.dll
13:11:19.0770 6584 MSiSCSI - ok
13:11:19.0782 6584 msiserver - ok
13:11:19.0812 6584 MSKSSRV (8c0860d6366aaffb6c5bb9df9448e631) C:\Windows\system32\drivers\MSKSSRV.sys
13:11:19.0815 6584 MSKSSRV - ok
13:11:19.0826 6584 MSPCLOCK (3ea8b949f963562cedbb549eac0c11ce) C:\Windows\system32\drivers\MSPCLOCK.sys
13:11:19.0828 6584 MSPCLOCK - ok
13:11:19.0831 6584 MSPQM (f456e973590d663b1073e9c463b40932) C:\Windows\system32\drivers\MSPQM.sys
13:11:19.0832 6584 MSPQM - ok
13:11:19.0857 6584 MsRPC (0e008fc4819d238c51d7c93e7b41e560) C:\Windows\system32\drivers\MsRPC.sys
13:11:19.0873 6584 MsRPC - ok
13:11:19.0900 6584 mssmbios (fc6b9ff600cc585ea38b12589bd4e246) C:\Windows\system32\drivers\mssmbios.sys
13:11:19.0911 6584 mssmbios - ok
13:11:20.0259 6584 MSSQL$ACT7 - ok
13:11:20.0463 6584 MSSQLServerADHelper100 (8e8e74c953eb0c4f8828d99d6f27fd6f) C:\Program Files\Microsoft SQL Server\100\Shared\SQLADHLP.EXE
13:11:20.0749 6584 MSSQLServerADHelper100 - ok
13:11:20.0878 6584 MSTEE (b42c6b921f61a6e55159b8be6cd54a36) C:\Windows\system32\drivers\MSTEE.sys
13:11:20.0919 6584 MSTEE - ok
13:11:20.0974 6584 MTConfig (33599130f44e1f34631cea241de8ac84) C:\Windows\system32\DRIVERS\MTConfig.sys
13:11:20.0987 6584 MTConfig - ok
13:11:21.0062 6584 Mup (159fad02f64e6381758c990f753bcc80) C:\Windows\system32\Drivers\mup.sys
13:11:21.0074 6584 Mup - ok
13:11:21.0109 6584 napagent (61d57a5d7c6d9afe10e77dae6e1b445e) C:\Windows\system32\qagentRT.dll
13:11:21.0115 6584 napagent - ok
13:11:21.0167 6584 NativeWifiP (26384429fcd85d83746f63e798ab1480) C:\Windows\system32\DRIVERS\nwifi.sys
13:11:21.0229 6584 NativeWifiP - ok
13:11:21.0597 6584 NDIS (e7c54812a2aaf43316eb6930c1ffa108) C:\Windows\system32\drivers\ndis.sys
13:11:21.0601 6584 NDIS - ok
13:11:21.0637 6584 NdisCap (0e1787aa6c9191d3d319e8bafe86f80c) C:\Windows\system32\DRIVERS\ndiscap.sys
13:11:21.0663 6584 NdisCap - ok
13:11:21.0701 6584 NdisTapi (e4a8aec125a2e43a9e32afeea7c9c888) C:\Windows\system32\DRIVERS\ndistapi.sys
13:11:21.0713 6584 NdisTapi - ok
13:11:21.0752 6584 Ndisuio (d8a65dafb3eb41cbb622745676fcd072) C:\Windows\system32\DRIVERS\ndisuio.sys
13:11:21.0803 6584 Ndisuio - ok
13:11:21.0843 6584 NdisWan (38fbe267e7e6983311179230facb1017) C:\Windows\system32\DRIVERS\ndiswan.sys
13:11:21.0916 6584 NdisWan - ok
13:11:22.0119 6584 NDProxy (a4bdc541e69674fbff1a8ff00be913f2) C:\Windows\system32\drivers\NDProxy.sys
13:11:22.0707 6584 NDProxy - ok
13:11:22.0806 6584 NetBIOS (80b275b1ce3b0e79909db7b39af74d51) C:\Windows\system32\DRIVERS\netbios.sys
13:11:22.0826 6584 NetBIOS - ok
13:11:22.0992 6584 NetBT (280122ddcf04b378edd1ad54d71c1e54) C:\Windows\system32\DRIVERS\netbt.sys
13:11:23.0011 6584 NetBT - ok
13:11:23.0087 6584 Netlogon (81951f51e318aecc2d68559e47485cc4) C:\Windows\system32\lsass.exe
13:11:23.0088 6584 Netlogon - ok
13:11:23.0114 6584 Netman (7cccfca7510684768da22092d1fa4db2) C:\Windows\System32\netman.dll
13:11:23.0133 6584 Netman - ok
13:11:23.0157 6584 netprofm (8c338238c16777a802d6a9211eb2ba50) C:\Windows\System32\netprofm.dll
13:11:23.0175 6584 netprofm - ok
13:11:23.0646 6584 NetTcpPortSharing (f476ec40033cdb91efbe73eb99b8362d) C:\Windows\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe
13:11:23.0782 6584 NetTcpPortSharing - ok
13:11:24.0852 6584 netw5v32 (58218ec6b61b1169cf54aab0d00f5fe2) C:\Windows\system32\DRIVERS\netw5v32.sys
13:11:25.0288 6584 netw5v32 - ok
13:11:26.0782 6584 nfrd960 (1d85c4b390b0ee09c7a46b91efb2c097) C:\Windows\system32\DRIVERS\nfrd960.sys
13:11:27.0430 6584 nfrd960 - ok
13:11:27.0834 6584 NlaSvc (912084381d30d8b89ec4e293053f4710) C:\Windows\System32\nlasvc.dll
13:11:27.0858 6584 NlaSvc - ok
13:11:27.0892 6584 Npfs (1db262a9f8c087e8153d89bef3d2235f) C:\Windows\system32\drivers\Npfs.sys
13:11:27.0909 6584 Npfs - ok
13:11:27.0952 6584 nsi (ba387e955e890c8a88306d9b8d06bf17) C:\Windows\system32\nsisvc.dll
13:11:27.0964 6584 nsi - ok
13:11:27.0986 6584 nsiproxy (e9a0a4d07e53d8fea2bb8387a3293c58) C:\Windows\system32\drivers\nsiproxy.sys
13:11:27.0999 6584 nsiproxy - ok
13:11:28.0062 6584 Ntfs (33c3093d09017cfe2e219f2472bff6eb) C:\Windows\system32\drivers\Ntfs.sys
13:11:28.0139 6584 Ntfs - ok
13:11:29.0313 6584 ntrtscan (69378cdbb1e9f6fb8de6870818469be7) C:\Program Files\Trend Micro\Client Server Security Agent\ntrtscan.exe
13:11:30.0541 6584 ntrtscan - ok
13:11:31.0018 6584 Null (f9756a98d69098dca8945d62858a812c) C:\Windows\system32\drivers\Null.sys
13:11:31.0037 6584 Null - ok
13:11:31.0174 6584 NVHDA (0e616537f3e12d4c9fb71181c2f21bd5) C:\Windows\system32\drivers\nvhda32v.sys
13:11:31.0177 6584 NVHDA - ok
13:11:33.0802 6584 nvlddmkm (847b1755f7757f825305a1ffe6dac3e9) C:\Windows\system32\DRIVERS\nvlddmkm.sys
13:11:34.0014 6584 nvlddmkm - ok
13:11:34.0288 6584 nvraid (af2eec9580c1d32fb7eaf105d9784061) C:\Windows\system32\drivers\nvraid.sys
13:11:34.0325 6584 nvraid - ok
13:11:34.0540 6584 nvstor (9283c58ebaa2618f93482eb5dabcec82) C:\Windows\system32\drivers\nvstor.sys
13:11:34.0584 6584 nvstor - ok
13:11:34.0818 6584 nvsvc (7c732aff202dcd06c3d262966d71604c) C:\Windows\system32\nvvsvc.exe
13:11:34.0848 6584 nvsvc - ok
13:11:35.0246 6584 nvUpdatusService (262d2fbf211a88dcb84249df0f6ef6e7) C:\Program Files\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe
13:11:35.0257 6584 nvUpdatusService - ok
13:11:36.0019 6584 nv_agp (5a0983915f02bae73267cc2a041f717d) C:\Windows\system32\drivers\nv_agp.sys
13:11:36.0042 6584 nv_agp - ok
13:11:36.0054 6584 ohci1394 (08a70a1f2cdde9bb49b885cb817a66eb) C:\Windows\system32\drivers\ohci1394.sys
13:11:36.0070 6584 ohci1394 - ok
13:11:36.0158 6584 ose (9d10f99a6712e28f8acd5641e3a7ea6b) C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE
13:11:36.0187 6584 ose - ok
13:11:36.0553 6584 osppsvc (358a9cca612c68eb2f07ddad4ce1d8d7) C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE
13:11:36.0609 6584 osppsvc - ok
13:11:36.0786 6584 p2pimsvc (82a8521ddc60710c3d3d3e7325209bec) C:\Windows\system32\pnrpsvc.dll
13:11:36.0790 6584 p2pimsvc - ok
13:11:36.0821 6584 p2psvc (59c3ddd501e39e006dac31bf55150d91) C:\Windows\system32\p2psvc.dll
13:11:36.0841 6584 p2psvc - ok
13:11:36.0881 6584 Parport (2ea877ed5dd9713c5ac74e8ea7348d14) C:\Windows\system32\DRIVERS\parport.sys
13:11:36.0895 6584 Parport - ok
13:11:36.0944 6584 partmgr (bf8f6af06da75b336f07e23aef97d93b) C:\Windows\system32\drivers\partmgr.sys
13:11:36.0958 6584 partmgr - ok
13:11:36.0961 6584 Parvdm (eb0a59f29c19b86479d36b35983daadc) C:\Windows\system32\DRIVERS\parvdm.sys
13:11:36.0972 6584 Parvdm - ok
13:11:36.0980 6584 PcaSvc (358ab7956d3160000726574083dfc8a6) C:\Windows\System32\pcasvc.dll
13:11:36.0993 6584 PcaSvc - ok
13:11:37.0032 6584 pci (673e55c3498eb970088e812ea820aa8f) C:\Windows\system32\drivers\pci.sys
13:11:37.0049 6584 pci - ok
13:11:37.0076 6584 pciide (afe86f419014db4e5593f69ffe26ce0a) C:\Windows\system32\drivers\pciide.sys
13:11:37.0635 6584 pciide - ok
13:11:37.0716 6584 pcmcia (f396431b31693e71e8a80687ef523506) C:\Windows\system32\DRIVERS\pcmcia.sys
13:11:37.0749 6584 pcmcia - ok
13:11:37.0799 6584 pcw (250f6b43d2b613172035c6747aeeb19f) C:\Windows\system32\drivers\pcw.sys
13:11:37.0810 6584 pcw - ok
13:11:37.0862 6584 PEAUTH (9e0104ba49f4e6973749a02bf41344ed) C:\Windows\system32\drivers\peauth.sys
13:11:37.0912 6584 PEAUTH - ok
13:11:38.0007 6584 PeerDistSvc (af4d64d2a57b9772cf3801950b8058a6) C:\Windows\system32\peerdistsvc.dll
13:11:38.0034 6584 PeerDistSvc - ok
13:11:38.0142 6584 pelmouse (b4d92797d295807d6739637538d01ccb) C:\Windows\system32\DRIVERS\pelmouse.sys
13:11:38.0156 6584 pelmouse - ok
13:11:38.0289 6584 PelService (a1b34dd18e8c985d6147c4d7a268edb6) C:\Program Files\Lenovo\Lenovo Mouse Suite\PelService.exe
13:11:38.0368 6584 PelService - ok
13:11:38.0462 6584 pelusblf (a271ed40d5fc61721fbef6ada399184d) C:\Windows\system32\DRIVERS\pelusblf.sys
13:11:39.0051 6584 pelusblf - ok
13:11:39.0273 6584 pla (414bba67a3ded1d28437eb66aeb8a720) C:\Windows\system32\pla.dll
13:11:39.0344 6584 pla - ok
13:11:41.0230 6584 PlugPlay (ec7bc28d207da09e79b3e9faf8b232ca) C:\Windows\system32\umpnpmgr.dll
13:11:41.0253 6584 PlugPlay - ok
13:11:41.0287 6584 PNRPAutoReg (63ff8572611249931eb16bb8eed6afc8) C:\Windows\system32\pnrpauto.dll
13:11:41.0300 6584 PNRPAutoReg - ok
13:11:41.0389 6584 PNRPsvc (82a8521ddc60710c3d3d3e7325209bec) C:\Windows\system32\pnrpsvc.dll
13:11:41.0392 6584 PNRPsvc - ok
13:11:43.0266 6584 PolicyAgent (53946b69ba0836bd95b03759530c81ec) C:\Windows\System32\ipsecsvc.dll
13:11:43.0369 6584 PolicyAgent - ok
13:11:43.0656 6584 Power (f87d30e72e03d579a5199ccb3831d6ea) C:\Windows\system32\umpo.dll
13:11:43.0659 6584 Power - ok
13:11:43.0848 6584 Power Manager DBC Service (2e069a57306b34c6354ee485cf49fea9) C:\Program Files\ThinkPad\Utilities\PWMDBSVC.EXE
13:11:43.0919 6584 Power Manager DBC Service - ok
13:11:44.0175 6584 PptpMiniport (631e3e205ad6d86f2aed6a4a8e69f2db) C:\Windows\system32\DRIVERS\raspptp.sys
13:11:44.0311 6584 PptpMiniport - ok
13:11:44.0330 6584 Processor (85b1e3a0c7585bc4aae6899ec6fcf011) C:\Windows\system32\DRIVERS\processr.sys
13:11:44.0342 6584 Processor - ok
13:11:44.0377 6584 ProfSvc (43ca4ccc22d52fb58e8988f0198851d0) C:\Windows\system32\profsvc.dll
13:11:44.0400 6584 ProfSvc - ok
13:11:44.0463 6584 ProtectedStorage (81951f51e318aecc2d68559e47485cc4) C:\Windows\system32\lsass.exe
13:11:44.0464 6584 ProtectedStorage - ok
13:11:44.0494 6584 psadd (72de205cd4006dc45b1401859c506679) C:\Windows\system32\DRIVERS\psadd.sys
13:11:44.0506 6584 psadd - ok
13:11:44.0543 6584 Psched (6270ccae2a86de6d146529fe55b3246a) C:\Windows\system32\DRIVERS\pacer.sys
13:11:44.0544 6584 Psched - ok
13:11:44.0675 6584 PSI_SVC_2 (e0d0cb09aa07b22be984e4f7ec0326f5) C:\Program Files\Common Files\Protexis\License Service\PsiService_2.exe
13:11:44.0696 6584 PSI_SVC_2 - ok
13:11:44.0884 6584 ql2300 (ab95ecf1f6659a60ddc166d8315b0751) C:\Windows\system32\DRIVERS\ql2300.sys
13:11:45.0139 6584 ql2300 - ok
13:11:46.0045 6584 ql40xx (b4dd51dd25182244b86737dc51af2270) C:\Windows\system32\DRIVERS\ql40xx.sys
13:11:46.0212 6584 ql40xx - ok
13:11:46.0265 6584 QWAVE (31ac809e7707eb580b2bdb760390765a) C:\Windows\system32\qwave.dll
13:11:46.0282 6584 QWAVE - ok
13:11:46.0295 6584 QWAVEdrv (584078ca1b95ca72df2a27c336f9719d) C:\Windows\system32\drivers\qwavedrv.sys
13:11:46.0307 6584 QWAVEdrv - ok
13:11:46.0317 6584 RasAcd (30a81b53c766d0133bb86d234e5556ab) C:\Windows\system32\DRIVERS\rasacd.sys
13:11:46.0329 6584 RasAcd - ok
13:11:46.0351 6584 RasAgileVpn (57ec4aef73660166074d8f7f31c0d4fd) C:\Windows\system32\DRIVERS\AgileVpn.sys
13:11:46.0366 6584 RasAgileVpn - ok
13:11:46.0400 6584 RasAuto (a60f1839849c0c00739787fd5ec03f13) C:\Windows\System32\rasauto.dll
13:11:46.0414 6584 RasAuto - ok
13:11:46.0442 6584 Rasl2tp (d9f91eafec2815365cbe6d167e4e332a) C:\Windows\system32\DRIVERS\rasl2tp.sys
13:11:46.0462 6584 Rasl2tp - ok
13:11:46.0523 6584 RasMan (cb9e04dc05eacf5b9a36ca276d475006) C:\Windows\System32\rasmans.dll
13:11:46.0546 6584 RasMan - ok
13:11:46.0560 6584 RasPppoe (0fe8b15916307a6ac12bfb6a63e45507) C:\Windows\system32\DRIVERS\raspppoe.sys
13:11:47.0029 6584 RasPppoe - ok
13:11:48.0121 6584 RasSstp (44101f495a83ea6401d886e7fd70096b) C:\Windows\system32\DRIVERS\rassstp.sys
13:11:48.0155 6584 RasSstp - ok
13:11:48.0260 6584 rdbss (d528bc58a489409ba40334ebf96a311b) C:\Windows\system32\DRIVERS\rdbss.sys
13:11:48.0296 6584 rdbss - ok
13:11:48.0356 6584 rdpbus (0d8f05481cb76e70e1da06ee9f0da9df) C:\Windows\system32\DRIVERS\rdpbus.sys
13:11:48.0875 6584 rdpbus - ok
13:11:48.0924 6584 RDPCDD (23dae03f29d253ae74c44f99e515f9a1) C:\Windows\system32\DRIVERS\RDPCDD.sys
13:11:48.0934 6584 RDPCDD - ok
13:11:49.0011 6584 RDPDR (b973fcfc50dc1434e1970a146f7e3885) C:\Windows\system32\drivers\rdpdr.sys
13:11:49.0042 6584 RDPDR - ok
13:11:49.0074 6584 RDPENCDD (5a53ca1598dd4156d44196d200c94b8a) C:\Windows\system32\drivers\rdpencdd.sys
13:11:49.0085 6584 RDPENCDD - ok
13:11:49.0094 6584 RDPREFMP (44b0a53cd4f27d50ed461dae0c0b4e1f) C:\Windows\system32\drivers\rdprefmp.sys
13:11:49.0105 6584 RDPREFMP - ok
13:11:49.0131 6584 RDPWD (244c83332f44589ae98fc347f11b2693) C:\Windows\system32\drivers\RDPWD.sys
13:11:49.0153 6584 RDPWD - ok
13:11:49.0201 6584 rdyboost (518395321dc96fe2c9f0e96ac743b656) C:\Windows\system32\drivers\rdyboost.sys
13:11:49.0220 6584 rdyboost - ok
13:11:49.0247 6584 RemoteAccess (7b5e1419717fac363a31cc302895217a) C:\Windows\System32\mprdim.dll
13:11:49.0259 6584 RemoteAccess - ok
13:11:49.0287 6584 RemoteRegistry (cb9a8683f4ef2bf99e123d79950d7935) C:\Windows\system32\regsvc.dll
13:11:49.0303 6584 RemoteRegistry - ok
13:11:49.0374 6584 RFCOMM (cb928d9e6daf51879dd6ba8d02f01321) C:\Windows\system32\DRIVERS\rfcomm.sys
13:11:49.0398 6584 RFCOMM - ok
13:11:49.0476 6584 RpcEptMapper (78d072f35bc45d9e4e1b61895c152234) C:\Windows\System32\RpcEpMap.dll
13:11:49.0487 6584 RpcEptMapper - ok
13:11:49.0548 6584 RpcLocator (94d36c0e44677dd26981d2bfeef2a29d) C:\Windows\system32\locator.exe
13:11:49.0560 6584 RpcLocator - ok
13:11:49.0624 6584 RpcSs (7660f01d3b38aca1747e397d21d790af) C:\Windows\system32\rpcss.dll
13:11:49.0628 6584 RpcSs - ok
13:11:49.0681 6584 RsFx0151 (66a54bf20084400a7dd5e3b69e008799) C:\Windows\system32\DRIVERS\RsFx0151.sys
13:11:49.0698 6584 RsFx0151 - ok
13:11:49.0730 6584 rspndr (032b0d36ad92b582d869879f5af5b928) C:\Windows\system32\DRIVERS\rspndr.sys
13:11:49.0748 6584 rspndr - ok
13:11:49.0791 6584 s3cap (7fa7f2e249a5dcbb7970630e15e1f482) C:\Windows\system32\drivers\vms3cap.sys
13:11:49.0801 6584 s3cap - ok
13:11:49.0843 6584 SamSs (81951f51e318aecc2d68559e47485cc4) C:\Windows\system32\lsass.exe
13:11:49.0844 6584 SamSs - ok
13:11:49.0962 6584 SASDIFSV (39763504067962108505bff25f024345) C:\Program Files\SUPERAntiSpyware\SASDIFSV.SYS
13:11:50.0042 6584 SASDIFSV - ok
13:11:50.0134 6584 SASKUTIL (77b9fc20084b48408ad3e87570eb4a85) C:\Program Files\SUPERAntiSpyware\SASKUTIL.SYS
13:11:50.0147 6584 SASKUTIL - ok
13:11:50.0227 6584 sbp2port (05d860da1040f111503ac416ccef2bca) C:\Windows\system32\drivers\sbp2port.sys
13:11:50.0242 6584 sbp2port - ok
13:11:50.0277 6584 SCardSvr (8fc518ffe9519c2631d37515a68009c4) C:\Windows\System32\SCardSvr.dll
13:11:50.0331 6584 SCardSvr - ok
13:11:50.0376 6584 scfilter (0693b5ec673e34dc147e195779a4dcf6) C:\Windows\system32\DRIVERS\scfilter.sys
13:11:50.0390 6584 scfilter - ok
13:11:52.0273 6584 Schedule (a04bb13f8a72f8b6e8b4071723e4e336) C:\Windows\system32\schedsvc.dll
13:11:52.0339 6584 Schedule - ok
13:11:52.0384 6584 SCPolicySvc (319c6b309773d063541d01df8ac6f55f) C:\Windows\System32\certprop.dll
13:11:52.0385 6584 SCPolicySvc - ok
13:11:52.0645 6584 sdbus (0328be1c7f1cba23848179f8762e391c) C:\Windows\system32\drivers\sdbus.sys
13:11:52.0701 6584 sdbus - ok
13:11:52.0732 6584 SDRSVC (08236c4bce5edd0a0318a438af28e0f7) C:\Windows\System32\SDRSVC.dll
13:11:52.0785 6584 SDRSVC - ok
13:11:52.0895 6584 secdrv (90a3935d05b494a5a39d37e71f09a677) C:\Windows\system32\drivers\secdrv.sys
13:11:53.0385 6584 secdrv - ok
13:11:53.0437 6584 seclogon (a59b3a4442c52060cc7a85293aa3546f) C:\Windows\system32\seclogon.dll
13:11:53.0454 6584 seclogon - ok
13:11:53.0495 6584 SENS (dcb7fcdcc97f87360f75d77425b81737) C:\Windows\system32\sens.dll
13:11:53.0523 6584 SENS - ok
13:11:53.0592 6584 SensrSvc (50087fe1ee447009c9cc2997b90de53f) C:\Windows\system32\sensrsvc.dll
13:11:53.0618 6584 SensrSvc - ok
13:11:53.0742 6584 Serenum (9ad8b8b515e3df6acd4212ef465de2d1) C:\Windows\system32\DRIVERS\serenum.sys
13:11:53.0781 6584 Serenum - ok
13:11:53.0829 6584 Serial (5fb7fcea0490d821f26f39cc5ea3d1e2) C:\Windows\system32\DRIVERS\serial.sys
13:11:53.0874 6584 Serial - ok
13:11:54.0110 6584 sermouse (79bffb520327ff916a582dfea17aa813) C:\Windows\system32\DRIVERS\sermouse.sys
13:11:54.0166 6584 sermouse - ok
13:11:54.0372 6584 SessionEnv (4ae380f39a0032eab7dd953030b26d28) C:\Windows\system32\sessenv.dll
13:11:54.0418 6584 SessionEnv - ok
13:11:54.0535 6584 sffdisk (9f976e1eb233df46fce808d9dea3eb9c) C:\Windows\system32\drivers\sffdisk.sys
13:11:54.0603 6584 sffdisk - ok
13:11:54.0684 6584 sffp_mmc (932a68ee27833cfd57c1639d375f2731) C:\Windows\system32\drivers\sffp_mmc.sys
13:11:54.0722 6584 sffp_mmc - ok
13:11:54.0889 6584 sffp_sd (6d4ccaedc018f1cf52866bbbaa235982) C:\Windows\system32\drivers\sffp_sd.sys
13:11:54.0941 6584 sffp_sd - ok
13:11:55.0223 6584 sfloppy (db96666cc8312ebc45032f30b007a547) C:\Windows\system32\DRIVERS\sfloppy.sys
13:11:56.0138 6584 sfloppy - ok
13:11:57.0578 6584 SharedAccess (d1a079a0de2ea524513b6930c24527a2) C:\Windows\System32\ipnathlp.dll
13:11:58.0280 6584 SharedAccess - ok
13:11:58.0843 6584 ShellHWDetection (414da952a35bf5d50192e28263b40577) C:\Windows\System32\shsvcs.dll
13:11:58.0887 6584 ShellHWDetection - ok
13:11:58.0975 6584 sisagp (2565cac0dc9fe0371bdce60832582b2e) C:\Windows\system32\drivers\sisagp.sys
13:11:58.0997 6584 sisagp - ok
13:11:59.0052 6584 SiSRaid2 (a9f0486851becb6dda1d89d381e71055) C:\Windows\system32\DRIVERS\SiSRaid2.sys
13:11:59.0070 6584 SiSRaid2 - ok
13:11:59.0079 6584 SiSRaid4 (3727097b55738e2f554972c3be5bc1aa) C:\Windows\system32\DRIVERS\sisraid4.sys
13:11:59.0095 6584 SiSRaid4 - ok
13:11:59.0118 6584 Smb (3e21c083b8a01cb70ba1f09303010fce) C:\Windows\system32\DRIVERS\smb.sys
13:11:59.0132 6584 Smb - ok
13:11:59.0174 6584 SNMPTRAP (6a984831644eca1a33ffeae4126f4f37) C:\Windows\System32\snmptrap.exe
13:11:59.0188 6584 SNMPTRAP - ok
13:11:59.0194 6584 spldr (95cf1ae7527fb70f7816563cbc09d942) C:\Windows\system32\drivers\spldr.sys
13:11:59.0204 6584 spldr - ok
13:11:59.0231 6584 Spooler (866a43013535dc8587c258e43579c764) C:\Windows\System32\spoolsv.exe
13:11:59.0269 6584 Spooler - ok
13:11:59.0630 6584 sppsvc (cf87a1de791347e75b98885214ced2b8) C:\Windows\system32\sppsvc.exe
13:11:59.0707 6584 sppsvc - ok
13:11:59.0950 6584 sppuinotify (b0180b20b065d89232a78a40fe56eaa6) C:\Windows\system32\sppuinotify.dll
13:11:59.0965 6584 sppuinotify - ok
13:12:00.0619 6584 SQLAgent$ACT7 (230c6aa1091190d2fdb40766cbd3dbbd) C:\Program Files\Microsoft SQL Server\MSSQL10_50.ACT7\MSSQL\Binn\SQLAGENT.EXE
13:12:01.0077 6584 SQLAgent$ACT7 - ok
13:12:03.0592 6584 SQLBrowser (7d67c07c63796775cc5492bcfeaff125) C:\Program Files\Microsoft SQL Server\90\Shared\sqlbrowser.exe
13:12:04.0171 6584 SQLBrowser - ok
13:12:04.0788 6584 SQLWriter (8e6e5cfa06769a417b03fd6faa29e010) C:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe
13:12:04.0806 6584 SQLWriter - ok
13:12:04.0960 6584 srv (e4c2764065d66ea1d2d3ebc28fe99c46) C:\Windows\system32\DRIVERS\srv.sys
13:12:05.0048 6584 srv - ok
13:12:05.0064 6584 srv2 (03f0545bd8d4c77fa0ae1ceedfcc71ab) C:\Windows\system32\DRIVERS\srv2.sys
13:12:05.0094 6584 srv2 - ok
13:12:05.0535 6584 SrvHsfHDA (e00fdfaff025e94f9821153750c35a6d) C:\Windows\system32\DRIVERS\VSTAZL3.SYS
13:12:05.0578 6584 SrvHsfHDA - ok
13:12:06.0071 6584 SrvHsfV92 (ceb4e3b6890e1e42dca6694d9e59e1a0) C:\Windows\system32\DRIVERS\VSTDPV3.SYS
13:12:06.0266 6584 SrvHsfV92 - ok
13:12:06.0439 6584 SrvHsfWinac (bc0c7ea89194c299f051c24119000e17) C:\Windows\system32\DRIVERS\VSTCNXT3.SYS
13:12:06.0546 6584 SrvHsfWinac - ok
13:12:06.0578 6584 srvnet (be6bd660caa6f291ae06a718a4fa8abc) C:\Windows\system32\DRIVERS\srvnet.sys
13:12:06.0599 6584 srvnet - ok
13:12:06.0632 6584 SSDPSRV (d887c9fd02ac9fa880f6e5027a43e118) C:\Windows\System32\ssdpsrv.dll
13:12:06.0653 6584 SSDPSRV - ok
13:12:06.0678 6584 SstpSvc (d318f23be45d5e3a107469eb64815b50) C:\Windows\system32\sstpsvc.dll
13:12:06.0692 6584 SstpSvc - ok
13:12:06.0750 6584 Stereo Service - ok
13:12:06.0787 6584 stexstor (db32d325c192b801df274bfd12a7e72b) C:\Windows\system32\DRIVERS\stexstor.sys
13:12:06.0804 6584 stexstor - ok
13:12:06.0836 6584 StillCam (edb05bd63148796f23ea78506404a538) C:\Windows\system32\DRIVERS\serscan.sys
13:12:06.0852 6584 StillCam - ok
13:12:06.0902 6584 StiSvc (e1fb3706030fb4578a0d72c2fc3689e4) C:\Windows\System32\wiaservc.dll
13:12:06.0930 6584 StiSvc - ok
13:12:06.0966 6584 storflt (472af0311073dceceaa8fa18ba2bdf89) C:\Windows\system32\drivers\vmstorfl.sys
13:12:06.0978 6584 storflt - ok
13:12:07.0004 6584 StorSvc (0bf669f0a910beda4a32258d363af2a5) C:\Windows\system32\storsvc.dll
13:12:07.0016 6584 StorSvc - ok
13:12:07.0026 6584 storvsc (dcaffd62259e0bdb433dd67b5bb37619) C:\Windows\system32\drivers\storvsc.sys
13:12:07.0038 6584 storvsc - ok
13:12:07.0067 6584 SuperIO (d4701170925cc1a532511c5948b195fb) C:\Windows\system32\DRIVERS\spio.sys
13:12:07.0078 6584 SuperIO - ok
13:12:07.0185 6584 SUService (7f7958c5b40f9441d1e8d704310d46ff) c:\Program Files\Lenovo\System Update\SUService.exe
13:12:07.0203 6584 SUService - ok
13:12:07.0418 6584 svcGenericHost (15323ae5d254aa1d389522166e6f4244) C:\Program Files\Trend Micro\Client Server Security Agent\HostedAgent\svcGenericHost.exe
13:12:07.0433 6584 svcGenericHost - ok
13:12:07.0552 6584 swenum (e58c78a848add9610a4db6d214af5224) C:\Windows\system32\drivers\swenum.sys
13:12:07.0607 6584 swenum - ok
13:12:07.0787 6584 swprv (a28bd92df340e57b024ba433165d34d7) C:\Windows\System32\swprv.dll
13:12:07.0791 6584 swprv - ok
13:12:07.0935 6584 SysMain (36650d618ca34c9d357dfd3d89b2c56f) C:\Windows\system32\sysmain.dll
13:12:07.0992 6584 SysMain - ok
13:12:08.0004 6584 TabletInputService (763fecdc3d30c815fe72dd57936c6cd1) C:\Windows\System32\TabSvc.dll
13:12:08.0017 6584 TabletInputService - ok
13:12:08.0050 6584 TapiSrv (613bf4820361543956909043a265c6ac) C:\Windows\System32\tapisrv.dll
13:12:08.0067 6584 TapiSrv - ok
13:12:08.0094 6584 TBS (b799d9fdb26111737f58288d8dc172d9) C:\Windows\System32\tbssvc.dll
13:12:08.0096 6584 TBS - ok
13:12:08.0481 6584 Tcpip (65d10b191c59c5501a1263fc33f6894b) C:\Windows\system32\drivers\tcpip.sys
13:12:08.0651 6584 Tcpip - ok
13:12:09.0395 6584 TCPIP6 (65d10b191c59c5501a1263fc33f6894b) C:\Windows\system32\DRIVERS\tcpip.sys
13:12:09.0403 6584 TCPIP6 - ok
13:12:09.0663 6584 tcpipreg (cca24162e055c3714ce5a88b100c64ed) C:\Windows\system32\drivers\tcpipreg.sys
13:12:09.0683 6584 tcpipreg - ok
13:12:10.0365 6584 TDPIPE (1cb91b2bd8f6dd367dfc2ef26fd751b2) C:\Windows\system32\drivers\tdpipe.sys
13:12:10.0398 6584 TDPIPE - ok
13:12:10.0437 6584 TDTCP (2c2c5afe7ee4f620d69c23c0617651a8) C:\Windows\system32\drivers\tdtcp.sys
13:12:10.0458 6584 TDTCP - ok
13:12:10.0561 6584 tdx (b459575348c20e8121d6039da063c704) C:\Windows\system32\DRIVERS\tdx.sys
13:12:11.0240 6584 tdx - ok
13:12:11.0512 6584 TeamViewer6 (0f0fedeb1bef118cf676b1e5bbb0fe9a) C:\Program Files\TeamViewer\Version6\TeamViewer_Service.exe
13:12:11.0606 6584 TeamViewer6 - ok
13:12:11.0713 6584 TermDD (04dbf4b01ea4bf25a9a3e84affac9b20) C:\Windows\system32\drivers\termdd.sys
13:12:11.0729 6584 TermDD - ok
13:12:11.0764 6584 TermService (382c804c92811be57829d8e550a900e2) C:\Windows\System32\termsrv.dll
13:12:11.0785 6584 TermService - ok
13:12:11.0808 6584 Themes (42fb6afd6b79d9fe07381609172e7ca4) C:\Windows\system32\themeservice.dll
13:12:11.0820 6584 Themes - ok
13:12:12.0056 6584 ThinkVantage Registry Monitor Service (39ac444e07fdbd8c2e8e291a65d515d3) C:\Program Files\Common Files\Lenovo\tvt_reg_monitor_svc.exe
13:12:12.0098 6584 ThinkVantage Registry Monitor Service - ok
13:12:12.0180 6584 THREADORDER (146b6f43a673379a3c670e86d89be5ea) C:\Windows\system32\mmcss.dll
13:12:12.0182 6584 THREADORDER - ok
13:12:12.0256 6584 tmactmon (ad90af229517aadd7c29ddc2f606730b) C:\Windows\system32\DRIVERS\tmactmon.sys
13:12:12.0271 6584 tmactmon - ok
13:12:12.0319 6584 TMBMServer (69e7df29edb32441f14bb77e338e68cd) C:\Program Files\Trend Micro\BM\TMBMSRV.exe
13:12:12.0342 6584 TMBMServer - ok
13:12:12.0379 6584 tmcomm (40035cea54e7cebd1a211998c48655ff) C:\Windows\system32\DRIVERS\tmcomm.sys
13:12:12.0399 6584 tmcomm - ok
13:12:12.0424 6584 tmevtmgr (c1d5c3cdaa19a9abd15cafe9342f1f49) C:\Windows\system32\DRIVERS\tmevtmgr.sys
13:12:12.0516 6584 tmevtmgr - ok
13:12:12.0937 6584 TmFilter (1d84c335eb869bbe64543c6945a1f3c9) C:\Program Files\Trend Micro\Client Server Security Agent\TmXPFlt.sys
13:12:13.0002 6584 TmFilter - ok
13:12:13.0046 6584 tmlisten (a39e5b2b9e5f80b5037f5423290d41f2) C:\Program Files\Trend Micro\Client Server Security Agent\tmlisten.exe
13:12:13.0120 6584 tmlisten - ok
13:12:13.0129 6584 TmPreFilter (7aab3fef8b19ae023ee05386f1b0a5dd) C:\Program Files\Trend Micro\Client Server Security Agent\TmPreFlt.sys
13:12:13.0141 6584 TmPreFilter - ok
13:12:13.0171 6584 TmProxy (12fe3db7b9822bfee3af1016a535f2d8) C:\Program Files\Trend Micro\Client Server Security Agent\TmProxy.exe
13:12:13.0202 6584 TmProxy - ok
13:12:13.0722 6584 tmtdi (5f7f63884a8547981ee379b8c0fb3312) C:\Windows\system32\DRIVERS\tmtdi.sys
13:12:13.0743 6584 tmtdi - ok
13:12:13.0791 6584 TPM (5ad05191dc8b444a7ba4d79b76c42a30) C:\Windows\system32\drivers\tpm.sys
13:12:14.0232 6584 TPM - ok
13:12:14.0257 6584 TrkWks (4792c0378db99a9bc2ae2de6cfff0c3a) C:\Windows\System32\trkwks.dll
13:12:14.0276 6584 TrkWks - ok
13:12:14.0435 6584 TrustedInstaller (2c49b175aee1d4364b91b531417fe583) C:\Windows\servicing\TrustedInstaller.exe
13:12:14.0486 6584 TrustedInstaller - ok
13:12:14.0502 6584 tssecsrv (254bb140eee3c59d6114c1a86b636877) C:\Windows\system32\DRIVERS\tssecsrv.sys
13:12:14.0514 6584 tssecsrv - ok
13:12:14.0565 6584 TsUsbFlt (fd1d6c73e6333be727cbcc6054247654) C:\Windows\system32\drivers\tsusbflt.sys
13:12:15.0022 6584 TsUsbFlt - ok
13:12:15.0093 6584 tunnel (b2fa25d9b17a68bb93d58b0556e8c90d) C:\Windows\system32\DRIVERS\tunnel.sys
13:12:15.0109 6584 tunnel - ok
13:12:16.0857 6584 TVT Backup Service (b56da1aa776c15043d10f82b32aa000d) C:\Program Files\Lenovo\Rescue and Recovery\rrservice.exe
13:12:16.0866 6584 TVT Backup Service - ok
13:12:17.0524 6584 uagp35 (750fbcb269f4d7dd2e420c56b795db6d) C:\Windows\system32\DRIVERS\uagp35.sys
13:12:17.0601 6584 uagp35 - ok
13:12:17.0634 6584 udfs (ee43346c7e4b5e63e54f927babbb32ff) C:\Windows\system32\DRIVERS\udfs.sys
13:12:17.0673 6584 udfs - ok
13:12:17.0696 6584 UI0Detect (8344fd4fce927880aa1aa7681d4927e5) C:\Windows\system32\UI0Detect.exe
13:12:17.0714 6584 UI0Detect - ok
13:12:17.0887 6584 UleadBurningHelper (be788a747457e6916586c410ec0111e7) C:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe
13:12:17.0921 6584 UleadBurningHelper - ok
13:12:17.0951 6584 uliagpkx (44e8048ace47befbfdc2e9be4cbc8880) C:\Windows\system32\drivers\uliagpkx.sys
13:12:17.0965 6584 uliagpkx - ok
13:12:18.0001 6584 umbus (d295bed4b898f0fd999fcfa9b32b071b) C:\Windows\system32\DRIVERS\umbus.sys
13:12:18.0013 6584 umbus - ok
13:12:18.0041 6584 UmPass (7550ad0c6998ba1cb4843e920ee0feac) C:\Windows\system32\DRIVERS\umpass.sys
13:12:18.0052 6584 UmPass - ok
13:12:18.0080 6584 UmRdpService (409994a8eaceee4e328749c0353527a0) C:\Windows\System32\umrdp.dll
13:12:18.0095 6584 UmRdpService - ok
13:12:18.0137 6584 upnphost (833fbb672460efce8011d262175fad33) C:\Windows\System32\upnphost.dll
13:12:18.0155 6584 upnphost - ok
13:12:18.0187 6584 USBAAPL (eafe1e00739afe6c51487a050e772e17) C:\Windows\system32\Drivers\usbaapl.sys
13:12:18.0202 6584 USBAAPL - ok
13:12:18.0239 6584 usbccgp (7e72e7d7e0757d59481d530fd2b0bfae) C:\Windows\system32\DRIVERS\usbccgp.sys
13:12:18.0255 6584 usbccgp - ok
13:12:18.0288 6584 usbcir (04ec7cec62ec3b6d9354eee93327fc82) C:\Windows\system32\drivers\usbcir.sys
13:12:18.0303 6584 usbcir - ok
13:12:18.0329 6584 usbehci (1c333bfd60f2fed2c7ad5daf533cb742) C:\Windows\system32\DRIVERS\usbehci.sys
13:12:18.0342 6584 usbehci - ok
13:12:18.0369 6584 usbhub (9d22aad9ac6a07c691a1113e5f860868) C:\Windows\system32\drivers\usbhub.sys
13:12:18.0389 6584 usbhub - ok
13:12:18.0410 6584 usbohci (a6fb7957ea7afb1165991e54ce934b74) C:\Windows\system32\DRIVERS\usbohci.sys
13:12:18.0421 6584 usbohci - ok
13:12:18.0428 6584 usbprint (797d862fe0875e75c7cc4c1ad7b30252) C:\Windows\system32\DRIVERS\usbprint.sys
13:12:18.0887 6584 usbprint - ok
13:12:19.0024 6584 USBSTOR (bf63ebfc6979fefb2bc03df7989a0c1a) C:\Windows\system32\DRIVERS\USBSTOR.SYS
13:12:19.0046 6584 USBSTOR - ok
13:12:19.0097 6584 usbuhci (78780c3ebce17405b1ccd07a3a8a7d72) C:\Windows\system32\DRIVERS\usbuhci.sys
13:12:19.0112 6584 usbuhci - ok
13:12:19.0171 6584 usbvideo (45f4e7bf43db40a6c6b4d92c76cbc3f2) C:\Windows\System32\Drivers\usbvideo.sys
13:12:19.0195 6584 usbvideo - ok
13:12:19.0218 6584 UxSms (081e6e1c91aec36758902a9f727cd23c) C:\Windows\System32\uxsms.dll
13:12:19.0229 6584 UxSms - ok
13:12:19.0271 6584 VaultSvc (81951f51e318aecc2d68559e47485cc4) C:\Windows\system32\lsass.exe
13:12:19.0272 6584 VaultSvc - ok
13:12:19.0293 6584 vdrvroot (a059c4c3edb09e07d21a8e5c0aabd3cb) C:\Windows\system32\drivers\vdrvroot.sys
13:12:19.0305 6584 vdrvroot - ok
13:12:19.0344 6584 vds (c3cd30495687c2a2f66a65ca6fd89be9) C:\Windows\System32\vds.exe
13:12:19.0377 6584 vds - ok
13:12:19.0413 6584 vga (17c408214ea61696cec9c66e388b14f3) C:\Windows\system32\DRIVERS\vgapnp.sys
13:12:19.0872 6584 vga - ok
13:12:19.0973 6584 VgaSave (8e38096ad5c8570a6f1570a61e251561) C:\Windows\System32\drivers\vga.sys
13:12:19.0997 6584 VgaSave - ok
13:12:20.0378 6584 vhdmp (5461686cca2fda57b024547733ab42e3) C:\Windows\system32\drivers\vhdmp.sys
13:12:20.0405 6584 vhdmp - ok
13:12:20.0473 6584 viaagp (c829317a37b4bea8f39735d4b076e923) C:\Windows\system32\drivers\viaagp.sys
13:12:21.0130 6584 viaagp - ok
13:12:21.0184 6584 ViaC7 (e02f079a6aa107f06b16549c6e5c7b74) C:\Windows\system32\DRIVERS\viac7.sys
13:12:21.0211 6584 ViaC7 - ok
13:12:21.0253 6584 viaide (e43574f6a56a0ee11809b48c09e4fd3c) C:\Windows\system32\drivers\viaide.sys
13:12:21.0264 6584 viaide - ok
13:12:21.0333 6584 vmbus (c2f2911156fdc7817c52829c86da494e) C:\Windows\system32\drivers\vmbus.sys
13:12:21.0349 6584 vmbus - ok
13:12:21.0361 6584 VMBusHID (d4d77455211e204f370d08f4963063ce) C:\Windows\system32\drivers\VMBusHID.sys
13:12:21.0370 6584 VMBusHID - ok
13:12:21.0378 6584 volmgr (4c63e00f2f4b5f86ab48a58cd990f212) C:\Windows\system32\drivers\volmgr.sys
13:12:21.0390 6584 volmgr - ok
13:12:21.0460 6584 volmgrx (b5bb72067ddddbbfb04b2f89ff8c3c87) C:\Windows\system32\drivers\volmgrx.sys
13:12:21.0484 6584 volmgrx - ok
13:12:21.0514 6584 volsnap (f497f67932c6fa693d7de2780631cfe7) C:\Windows\system32\drivers\volsnap.sys
13:12:21.0533 6584 volsnap - ok
13:12:21.0672 6584 VSApiNt (8b9325c1d1167a703042986df758d799) C:\Program Files\Trend Micro\Client Server Security Agent\VSApiNt.sys
13:12:21.0730 6584 VSApiNt - ok
13:12:21.0818 6584 vsmraid (9dfa0cc2f8855a04816729651175b631) C:\Windows\system32\DRIVERS\vsmraid.sys
13:12:21.0841 6584 vsmraid - ok
13:12:22.0169 6584 VSS (209a3b1901b83aeb8527ed211cce9e4c) C:\Windows\system32\vssvc.exe
13:12:22.0181 6584 VSS - ok
13:12:22.0194 6584 vwifibus (90567b1e658001e79d7c8bbd3dde5aa6) C:\Windows\System32\drivers\vwifibus.sys
13:12:22.0211 6584 vwifibus - ok
13:12:22.0243 6584 W32Time (55187fd710e27d5095d10a472c8baf1c) C:\Windows\system32\w32time.dll
13:12:22.0260 6584 W32Time - ok
13:12:22.0267 6584 WacomPen (de3721e89c653aa281428c8a69745d90) C:\Windows\system32\DRIVERS\wacompen.sys
13:12:22.0279 6584 WacomPen - ok
13:12:22.0313 6584 WANARP (3c3c78515f5ab448b022bdf5b8ffdd2e) C:\Windows\system32\DRIVERS\wanarp.sys
13:12:22.0326 6584 WANARP - ok
13:12:22.0331 6584 Wanarpv6 (3c3c78515f5ab448b022bdf5b8ffdd2e) C:\Windows\system32\DRIVERS\wanarp.sys
13:12:22.0332 6584 Wanarpv6 - ok
13:12:23.0146 6584 wbengine (691e3285e53dca558e1a84667f13e15a) C:\Windows\system32\wbengine.exe
13:12:23.0234 6584 wbengine - ok
13:12:23.0258 6584 WbioSrvc (9614b5d29dc76ac3c29f6d2d3aa70e67) C:\Windows\System32\wbiosrvc.dll
13:12:23.0280 6584 WbioSrvc - ok
13:12:23.0302 6584 wcncsvc (34eee0dfaadb4f691d6d5308a51315dc) C:\Windows\System32\wcncsvc.dll
13:12:23.0317 6584 wcncsvc - ok
13:12:23.0328 6584 WcsPlugInService (5d930b6357a6d2af4d7653bdabbf352f) C:\Windows\System32\WcsPlugInService.dll
13:12:23.0341 6584 WcsPlugInService - ok
13:12:23.0389 6584 Wd (1112a9badacb47b7c0bb0392e3158dff) C:\Windows\system32\DRIVERS\wd.sys
13:12:23.0400 6584 Wd - ok
13:12:23.0420 6584 Wdf01000 (9950e3d0f08141c7e89e64456ae7dc73) C:\Windows\system32\drivers\Wdf01000.sys
13:12:23.0472 6584 Wdf01000 - ok
13:12:23.0488 6584 WdiServiceHost (46ef9dc96265fd0b423db72e7c38c2a5) C:\Windows\system32\wdi.dll
13:12:23.0500 6584 WdiServiceHost - ok
13:12:23.0502 6584 WdiSystemHost (46ef9dc96265fd0b423db72e7c38c2a5) C:\Windows\system32\wdi.dll
13:12:23.0504 6584 WdiSystemHost - ok
13:12:23.0585 6584 WebClient (a9d880f97530d5b8fee278923349929d) C:\Windows\System32\webclnt.dll
13:12:23.0604 6584 WebClient - ok
13:12:23.0613 6584 Wecsvc (760f0afe937a77cff27153206534f275) C:\Windows\system32\wecsvc.dll
13:12:23.0628 6584 Wecsvc - ok
13:12:23.0636 6584 wercplsupport (ac804569bb2364fb6017370258a4091b) C:\Windows\System32\wercplsupport.dll
13:12:23.0646 6584 wercplsupport - ok
13:12:23.0671 6584 WerSvc (08e420d873e4fd85241ee2421b02c4a4) C:\Windows\System32\WerSvc.dll
13:12:23.0684 6584 WerSvc - ok
13:12:23.0715 6584 WfpLwf (8b9a943f3b53861f2bfaf6c186168f79) C:\Windows\system32\DRIVERS\wfplwf.sys
13:12:23.0728 6584 WfpLwf - ok
13:12:23.0735 6584 WIMMount (5cf95b35e59e2a38023836fff31be64c) C:\Windows\system32\drivers\wimmount.sys
13:12:24.0616 6584 WIMMount - ok
13:12:25.0472 6584 WinDefend (3fae8f94296001c32eab62cd7d82e0fd) C:\Program Files\Windows Defender\mpsvc.dll
13:12:26.0042 6584 WinDefend - ok
13:12:26.0047 6584 WinHttpAutoProxySvc - ok
13:12:26.0375 6584 Winmgmt (f62e510b6ad4c21eb9fe8668ed251826) C:\Windows\system32\wbem\WMIsvc.dll
13:12:26.0407 6584 Winmgmt - ok
13:12:27.0659 6584 WinRM (1b91cd34ea3a90ab6a4ef0550174f4cc) C:\Windows\system32\WsmSvc.dll
13:12:27.0851 6584 WinRM - ok
13:12:27.0908 6584 WinUsb (a67e5f9a400f3bd1be3d80613b45f708) C:\Windows\system32\DRIVERS\WinUsb.sys
13:12:27.0922 6584 WinUsb - ok
13:12:27.0956 6584 Wlansvc (16935c98ff639d185086a3529b1f2067) C:\Windows\System32\wlansvc.dll
13:12:27.0965 6584 Wlansvc - ok
13:12:28.0027 6584 wlcrasvc (6067acef367e79914af628fa1e9b5330) C:\Program Files\Windows Live\Mesh\wlcrasvc.exe
13:12:28.0046 6584 wlcrasvc - ok
13:12:28.0135 6584 wlidsvc (0a70f4022ec2e14c159efc4f69aa2477) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
13:12:28.0193 6584 wlidsvc - ok
13:12:28.0308 6584 WmiAcpi (0217679b8fca58714c3bf2726d2ca84e) C:\Windows\system32\drivers\wmiacpi.sys
13:12:28.0338 6584 WmiAcpi - ok
13:12:28.0558 6584 wmiApSrv (6eb6b66517b048d87dc1856ddf1f4c3f) C:\Windows\system32\wbem\WmiApSrv.exe
13:12:28.0607 6584 wmiApSrv - ok
13:12:29.0597 6584 WMPNetworkSvc (3b40d3a61aa8c21b88ae57c58ab3122e) C:\Program Files\Windows Media Player\wmpnetwk.exe
13:12:29.0628 6584 WMPNetworkSvc - ok
13:12:29.0766 6584 WPCSvc (a2f0ec770a92f2b3f9de6d518e11409c) C:\Windows\System32\wpcsvc.dll
13:12:29.0782 6584 WPCSvc - ok
13:12:29.0805 6584 WPDBusEnum (aa53356d60af47eacc85bc617a4f3f66) C:\Windows\system32\wpdbusenum.dll
13:12:29.0825 6584 WPDBusEnum - ok
13:12:29.0862 6584 ws2ifsl (6db3276587b853bf886b69528fdb048c) C:\Windows\system32\drivers\ws2ifsl.sys
13:12:29.0878 6584 ws2ifsl - ok
13:12:29.0901 6584 wscsvc (6f5d49efe0e7164e03ae773a3fe25340) C:\Windows\system32\wscsvc.dll
13:12:29.0913 6584 wscsvc - ok
13:12:29.0915 6584 WSearch - ok
13:12:30.0544 6584 wuauserv (3026418a50c5b4761befa632cedb7406) C:\Windows\system32\wuaueng.dll
13:12:30.0600 6584 wuauserv - ok
13:12:30.0680 6584 WudfPf (e714a1c0354636837e20ccbf00888ee7) C:\Windows\system32\drivers\WudfPf.sys
13:12:30.0700 6584 WudfPf - ok
13:12:30.0717 6584 WUDFRd (1023ee888c9b47178c5293ed5336ab69) C:\Windows\system32\DRIVERS\WUDFRd.sys
13:12:30.0734 6584 WUDFRd - ok
13:12:30.0754 6584 wudfsvc (8d1e1e529a2c9e9b6a85b55a345f7629) C:\Windows\System32\WUDFSvc.dll
13:12:30.0765 6584 wudfsvc - ok
13:12:30.0788 6584 WwanSvc (ff2d745b560f7c71b31f30f4d49f73d2) C:\Windows\System32\wwansvc.dll
13:12:30.0805 6584 WwanSvc - ok
13:12:30.0843 6584 yukonw7 (95c1a8e708efa7fcae03cae688465b0a) C:\Windows\system32\DRIVERS\yk62x86.sys
13:12:30.0863 6584 yukonw7 - ok
13:12:30.0894 6584 MBR (0x1B8) (1dea751e4509900aa040ff362d0c61e4) \Device\Harddisk0\DR0
13:12:30.0974 6584 \Device\Harddisk0\DR0 - ok
13:12:30.0985 6584 Boot (0x1200) (7ae8c0109d45048a8d9fd4dccda1f9fe) \Device\Harddisk0\DR0\Partition0
13:12:30.0998 6584 \Device\Harddisk0\DR0\Partition0 - ok
13:12:31.0012 6584 Boot (0x1200) (ba7e8d1a2dc9ffab5a16ac3976ee24f6) \Device\Harddisk0\DR0\Partition1
13:12:31.0022 6584 \Device\Harddisk0\DR0\Partition1 - ok
13:12:31.0059 6584 Boot (0x1200) (4a7d008a070cf547205cea61c48e09e5) \Device\Harddisk0\DR0\Partition2
13:12:31.0095 6584 \Device\Harddisk0\DR0\Partition2 - ok
13:12:31.0096 6584 ============================================================
13:12:31.0096 6584 Scan finished
13:12:31.0096 6584 ============================================================
13:12:31.0124 0108 Detected object count: 0
13:12:31.0124 0108 Actual detected object count: 0
13:12:47.0325 6640 Deinitialize success


ASWMBR

aswMBR version 0.9.9.1665 Copyright© 2011 AVAST Software
Run date: 2012-04-26 13:21:35
-----------------------------
13:21:35.849 OS Version: Windows 6.1.7601 Service Pack 1
13:21:35.849 Number of processors: 2 586 0x170A
13:21:35.850 ComputerName: SCOTTDESKTOP UserName: Scott
13:22:12.409 Initialize success
13:23:48.335 AVAST engine defs: 12042501
13:23:57.551 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP2T0L0-2
13:23:57.553 Disk 0 Vendor: ST3500418AS CC68 Size: 476940MB BusType: 3
13:23:57.563 Disk 0 MBR read successfully
13:23:57.565 Disk 0 MBR scan
13:23:57.572 Disk 0 unknown MBR code
13:23:57.578 Disk 0 Partition 1 80 (A) 07 HPFS/NTFS NTFS 1200 MB offset 2048
13:23:57.596 Disk 0 Partition 2 00 07 HPFS/NTFS NTFS 465738 MB offset 2459648
13:23:57.635 Disk 0 Partition 3 00 07 HPFS/NTFS NTFS 10000 MB offset 956291072
13:23:57.645 Disk 0 scanning sectors +976771072
13:23:57.694 Disk 0 scanning C:\Windows\system32\drivers
13:24:29.858 Service scanning
13:24:58.905 Service tmactmon C:\Windows\system32\DRIVERS\tmactmon.sys **LOCKED** 5
13:25:08.225 Service tmcomm C:\Windows\system32\DRIVERS\tmcomm.sys **LOCKED** 5
13:25:14.270 Service tmevtmgr C:\Windows\system32\DRIVERS\tmevtmgr.sys **LOCKED** 5
13:25:20.482 Modules scanning
13:25:29.938 Disk 0 trace - called modules:
13:25:29.955 ntkrnlpa.exe CLASSPNP.SYS disk.sys ACPI.sys halmacpi.dll ataport.SYS intelide.sys PCIIDEX.SYS atapi.sys nvlddmkm.sys dxgkrnl.sys dxgmms1.sys
13:25:29.961 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0x86195030]
13:25:29.967 3 CLASSPNP.SYS[8b1af59e] -> nt!IofCallDriver -> [0x86068848]
13:25:29.973 5 ACPI.sys[8aea53d4] -> nt!IofCallDriver -> \Device\Ide\IdeDeviceP2T0L0-2[0x860bb030]
13:25:31.899 AVAST engine scan C:\Windows
13:25:45.227 AVAST engine scan C:\Windows\system32
13:26:57.517 File: C:\Windows\system32\dxdiagnm.dll **INFECTED** Win32:Diller-DK [Trj]
13:33:56.831 AVAST engine scan C:\Windows\system32\drivers
13:34:52.565 AVAST engine scan C:\Users\scott
13:56:39.842 AVAST engine scan C:\ProgramData
14:04:57.930 Scan finished successfully
14:28:06.274 Disk 0 MBR has been saved successfully to "C:\Users\scott\Desktop\MBR.dat"
14:28:06.290 The log file has been saved successfully to "C:\Users\scott\Desktop\aswMBR.txt"


aswMBR version 0.9.9.1665 Copyright© 2011 AVAST Software
Run date: 2012-04-26 13:21:35
-----------------------------
13:21:35.849 OS Version: Windows 6.1.7601 Service Pack 1
13:21:35.849 Number of processors: 2 586 0x170A
13:21:35.850 ComputerName: SCOTTDESKTOP UserName: Scott
13:22:12.409 Initialize success
13:23:48.335 AVAST engine defs: 12042501
13:23:57.551 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP2T0L0-2
13:23:57.553 Disk 0 Vendor: ST3500418AS CC68 Size: 476940MB BusType: 3
13:23:57.563 Disk 0 MBR read successfully
13:23:57.565 Disk 0 MBR scan
13:23:57.572 Disk 0 unknown MBR code
13:23:57.578 Disk 0 Partition 1 80 (A) 07 HPFS/NTFS NTFS 1200 MB offset 2048
13:23:57.596 Disk 0 Partition 2 00 07 HPFS/NTFS NTFS 465738 MB offset 2459648
13:23:57.635 Disk 0 Partition 3 00 07 HPFS/NTFS NTFS 10000 MB offset 956291072
13:23:57.645 Disk 0 scanning sectors +976771072
13:23:57.694 Disk 0 scanning C:\Windows\system32\drivers
13:24:29.858 Service scanning
13:24:58.905 Service tmactmon C:\Windows\system32\DRIVERS\tmactmon.sys **LOCKED** 5
13:25:08.225 Service tmcomm C:\Windows\system32\DRIVERS\tmcomm.sys **LOCKED** 5
13:25:14.270 Service tmevtmgr C:\Windows\system32\DRIVERS\tmevtmgr.sys **LOCKED** 5
13:25:20.482 Modules scanning
13:25:29.938 Disk 0 trace - called modules:
13:25:29.955 ntkrnlpa.exe CLASSPNP.SYS disk.sys ACPI.sys halmacpi.dll ataport.SYS intelide.sys PCIIDEX.SYS atapi.sys nvlddmkm.sys dxgkrnl.sys dxgmms1.sys
13:25:29.961 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0x86195030]
13:25:29.967 3 CLASSPNP.SYS[8b1af59e] -> nt!IofCallDriver -> [0x86068848]
13:25:29.973 5 ACPI.sys[8aea53d4] -> nt!IofCallDriver -> \Device\Ide\IdeDeviceP2T0L0-2[0x860bb030]
13:25:31.899 AVAST engine scan C:\Windows
13:25:45.227 AVAST engine scan C:\Windows\system32
13:26:57.517 File: C:\Windows\system32\dxdiagnm.dll **INFECTED** Win32:Diller-DK [Trj]
13:33:56.831 AVAST engine scan C:\Windows\system32\drivers
13:34:52.565 AVAST engine scan C:\Users\scott
13:56:39.842 AVAST engine scan C:\ProgramData
14:04:57.930 Scan finished successfully
14:28:06.274 Disk 0 MBR has been saved successfully to "C:\Users\scott\Desktop\MBR.dat"
14:28:06.290 The log file has been saved successfully to "C:\Users\scott\Desktop\aswMBR.txt"
08:38:21.443 Disk 0 MBR has been saved successfully to "C:\Users\scott\Desktop\MBR.dat"
08:38:21.474 The log file has been saved successfully to "C:\Users\scott\Desktop\aswMBR.txt"

#6 m0le

m0le

    Can U Dig It?


  • Malware Response Team
  • 34,527 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:London, UK
  • Local time:08:29 PM

Posted 26 April 2012 - 08:46 PM

It found one infection so was able to remote it. Previous virus database on ASWMBR didnt pick up anything.


I'm a bit confused by this. It was aswMBR that found the infection but it wouldn't have removed it. You state that aswMBR found nothing but that something removed the infection. What do you mean?
Posted Image
m0le is a proud member of UNITE

#7 Tech4ever

Tech4ever
  • Topic Starter

  • Members
  • 8 posts
  • OFFLINE
  •  
  • Local time:06:29 AM

Posted 26 April 2012 - 10:04 PM

Sorry, aswMBR didn't remove the infection. The virus definitions on the version 3days ago didnt pickup anything.

sorry for the confusion

#8 m0le

m0le

    Can U Dig It?


  • Malware Response Team
  • 34,527 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:London, UK
  • Local time:08:29 PM

Posted 27 April 2012 - 04:50 PM

Please run Combofix, if it misses it first we'll take it out on the next run

Please download ComboFix from one of these locations:* IMPORTANT !!! Save ComboFix.exe to your Desktop making sure you rename it comfix.exe
  • Disable your AntiVirus and AntiSpyware applications including Firewalls, usually via a right click on the System Tray icon. They may otherwise interfere with our tools. (Click on this link to see a list of programs that should be disabled. The list is not all inclusive.)
  • Double click on Comfix.exe & follow the prompts.
  • As part of it's process, ComboFix will check to see if the Microsoft Windows Recovery Console is installed. With malware infections being as they are today, it's strongly recommended to have this pre-installed on your machine before doing any malware removal. It will allow you to boot up into a special recovery/repair mode that will allow us to more easily help you should your computer have a problem after an attempted removal of malware.
  • Follow the prompts to allow ComboFix to download and install the Microsoft Windows Recovery Console, and when prompted, agree to the End-User License Agreement to install the Microsoft Windows Recovery Console.
**Please note: If the Microsoft Windows Recovery Console is already installed, ComboFix will continue it's malware removal procedures.

Posted Image


Once the Microsoft Windows Recovery Console is installed using ComboFix, you should see the following message:

Posted Image


Click on Yes, to continue scanning for malware.

When finished, it shall produce a log for you. Please include the C:\ComboFix.txt in your next reply.
Posted Image
m0le is a proud member of UNITE

#9 m0le

m0le

    Can U Dig It?


  • Malware Response Team
  • 34,527 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:London, UK
  • Local time:08:29 PM

Posted 01 May 2012 - 08:11 PM

Hi,

I have not had a reply from you for 5 days. Can you please tell me if you still need help with your computer as I am unable to help other members with their problems while I have your topic still open. The time taken between posts can also change the situation with your PC making it more difficult to help you.

If you like you can PM me.

Thanks,


m0le
Posted Image
m0le is a proud member of UNITE

#10 Tech4ever

Tech4ever
  • Topic Starter

  • Members
  • 8 posts
  • OFFLINE
  •  
  • Local time:06:29 AM

Posted 02 May 2012 - 07:59 AM

Sorry for the delay in getting back to you. As all work is done remotely there are only certain times where i can login and run these scans.

ComboFix 12-05-01.03 - Scott 02/05/2012 17:31:03.2.2 - x86
Microsoft Windows 7 Professional 6.1.7601.1.1252.61.1033.18.3071.1930 [GMT 10:00]
Running from: c:\users\scott\Downloads\ComFix.exe
AV: Trend Micro Client/Server Security Agent Antivirus *Enabled/Updated* {7193B549-236F-55EE-9AEC-F65279E59A92}
FW: Trend Micro Personal Firewall *Disabled* {50C2E989-60CF-0845-AFD3-290B7D301E79}
SP: Trend Micro Client/Server Security Agent Anti-spyware *Enabled/Updated* {CAF254AD-0555-5A60-A05C-CD200262D02F}
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
* Created a new restore point
.
.
((((((((((((((((((((((((( Files Created from 2012-04-02 to 2012-05-02 )))))))))))))))))))))))))))))))
.
.
2012-05-02 07:36 . 2012-05-02 07:36 -------- d-----w- c:\users\Technicalities\AppData\Local\temp
2012-05-02 07:36 . 2012-05-02 07:36 -------- d-----w- c:\users\megan\AppData\Local\temp
2012-05-02 07:36 . 2012-05-02 07:36 -------- d-----w- c:\users\Default\AppData\Local\temp
2012-05-02 07:36 . 2012-05-02 07:36 -------- d-----w- c:\users\Admin\AppData\Local\temp
2012-04-26 03:10 . 2012-05-02 00:53 -------- d-----w- c:\programdata\NVIDIA
2012-04-26 03:10 . 2012-04-26 03:10 -------- d-----w- c:\users\UpdatusUser
2012-04-26 03:09 . 2011-05-25 07:24 615528 ----a-w- c:\windows\system32\nvvsvc.exe
2012-04-26 03:09 . 2011-05-25 07:24 2560616 ----a-w- c:\windows\system32\nvsvcr.dll
2012-04-26 03:09 . 2011-05-25 07:24 66664 ----a-w- c:\windows\system32\nvshext.dll
2012-04-26 03:09 . 2011-05-25 07:24 2557544 ----a-w- c:\windows\system32\nvsvc.dll
2012-04-26 03:09 . 2011-05-25 07:24 111208 ----a-w- c:\windows\system32\nvmctray.dll
2012-04-26 03:09 . 2011-05-25 07:24 3693672 ----a-w- c:\windows\system32\nvcpl.dll
2012-04-26 03:09 . 2011-05-25 07:24 543336 ----a-w- c:\windows\system32\easyupdatusapiu.dll
2012-04-26 03:08 . 2012-04-26 03:08 -------- d-----w- c:\programdata\NVIDIA Corporation
2012-04-26 03:07 . 2011-05-25 07:25 26216 ----a-w- c:\windows\system32\nvhdap32.dll
2012-04-26 03:07 . 2011-05-25 07:25 139368 ----a-w- c:\windows\system32\drivers\nvhda32v.sys
2012-04-26 03:07 . 2011-05-25 07:25 865896 ----a-w- c:\windows\system32\nvhdagenco322040.dll
2012-04-26 03:05 . 2012-04-26 03:05 -------- d-----w- C:\NVIDIA
2012-04-19 13:12 . 2012-04-19 13:12 26872 ----a-w- c:\windows\system32\drivers\FixTDSS.sys
2012-04-19 13:12 . 2012-04-19 13:12 -------- d-----w- c:\users\scott\AppData\Roaming\FixTDSS
2012-04-19 11:49 . 2012-04-19 11:49 -------- d-----w- c:\programdata\HitmanPro
2012-04-19 11:40 . 2012-04-19 11:40 100864 ----a-w- C:\kwldipob.sys
2012-04-19 07:28 . 2012-04-19 07:28 -------- d-----w- c:\users\scott\DoctorWeb
2012-04-19 07:24 . 2012-04-19 07:24 -------- d-----w- c:\users\scott\AppData\Roaming\SUPERAntiSpyware.com
2012-04-19 07:22 . 2012-04-29 23:14 -------- d-----w- c:\program files\SUPERAntiSpyware
2012-04-19 07:22 . 2012-04-19 07:22 -------- d-----w- c:\programdata\SUPERAntiSpyware.com
2012-04-19 07:16 . 2012-04-19 07:16 -------- d-----w- c:\program files\ESET
2012-04-12 17:00 . 2011-11-05 04:26 2048 ----a-w- c:\windows\system32\tzres.dll
2012-04-12 02:49 . 2012-03-01 05:46 19824 ----a-w- c:\windows\system32\drivers\fs_rec.sys
2012-04-12 02:49 . 2012-03-01 05:37 172544 ----a-w- c:\windows\system32\wintrust.dll
2012-04-12 02:49 . 2012-03-01 05:33 159232 ----a-w- c:\windows\system32\imagehlp.dll
2012-04-12 02:49 . 2012-03-01 05:29 5120 ----a-w- c:\windows\system32\wmi.dll
2012-04-12 02:30 . 2012-04-12 02:30 -------- d-----w- c:\users\scott\AppData\Roaming\Malwarebytes
2012-04-12 02:30 . 2012-04-12 02:30 -------- d-----w- c:\programdata\Malwarebytes
2012-04-12 02:30 . 2012-04-12 02:30 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2012-04-12 02:30 . 2012-04-04 05:56 22344 ----a-w- c:\windows\system32\drivers\mbam.sys
2012-04-10 00:40 . 2012-04-10 00:48 -------- d-----w- c:\program files\Constructor
2012-04-10 00:40 . 2012-04-10 00:40 -------- d-----w- c:\program files\Common Files\Data Dynamics
2012-04-04 05:53 . 2012-04-04 05:53 182160 ----a-w- c:\program files\Internet Explorer\Plugins\nppdf32.dll
2012-04-02 23:32 . 2012-04-14 04:02 418464 ----a-w- c:\windows\system32\FlashPlayerApp.exe
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-05-02 00:54 . 2011-04-01 07:22 848 --sha-w- c:\programdata\KGyGaAvL.sys
2012-04-14 04:02 . 2011-05-17 03:52 70304 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2012-02-17 05:34 . 2012-03-15 16:00 826880 ------w- c:\windows\system32\rdpcore.dll
2012-02-17 04:14 . 2012-03-15 16:00 183808 ------w- c:\windows\system32\drivers\rdpwd.sys
2012-02-17 04:13 . 2012-03-15 16:00 24576 ------w- c:\windows\system32\drivers\tdtcp.sys
2012-02-15 00:01 . 2012-02-15 00:01 4547944 ------w- c:\windows\system32\usbaaplrc.dll
2012-02-15 00:01 . 2012-02-15 00:01 43520 ------w- c:\windows\system32\drivers\usbaapl.sys
2012-02-14 02:09 . 2012-02-14 02:09 1070352 ----a-w- c:\windows\system32\MSCOMCTL.OCX
2012-02-10 05:38 . 2012-03-15 16:00 1077248 ------w- c:\windows\system32\DWrite.dll
2012-02-08 06:03 . 2012-03-04 23:39 6552120 ------w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{B901C04A-CED1-40AA-B1F2-EC5E9D8DC5C5}\mpengine.dll
2012-02-03 03:54 . 2012-03-15 16:00 2343424 ------w- c:\windows\system32\win32k.sys
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{D4027C7F-154A-4066-A1AD-4243D8127440}]
2011-08-23 10:20 1515688 ------w- c:\program files\Ask.com\GenericAskToolbar.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
"{D4027C7F-154A-4066-A1AD-4243D8127440}"= "c:\program files\Ask.com\GenericAskToolbar.dll" [2011-08-23 1515688]
.
[HKEY_CLASSES_ROOT\clsid\{d4027c7f-154a-4066-a1ad-4243d8127440}]
[HKEY_CLASSES_ROOT\GenericAskToolbar.ToolbarWnd.1]
[HKEY_CLASSES_ROOT\TypeLib\{2996F0E7-292B-4CAE-893F-47B8B1C05B56}]
[HKEY_CLASSES_ROOT\GenericAskToolbar.ToolbarWnd]
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"BIBLauncher"="c:\program files\Business-in-a-Box\BIBLauncher.exe" [2011-03-15 901600]
"swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2011-06-28 39408]
"MobileDocuments"="c:\program files\Common Files\Apple\Internet Services\ubd.exe" [2012-02-23 59240]
"SUPERAntiSpyware"="c:\program files\SUPERAntiSpyware\SUPERAntiSpyware.exe" [2012-04-29 3905920]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"LenovoFSC"="c:\program files\Lenovo\FanSpeedControl\LenovoFSC.exe" [2009-07-29 49152]
"Daemon for Mouse Suite"="c:\program files\Lenovo\Lenovo Mouse Suite\ICO.EXE" [2010-07-28 69632]
"PWMTRV"="c:\progra~1\ThinkPad\UTILIT~1\PWMTR32V.DLL" [2009-09-21 622592]
"Power Manager Power Agenda"="c:\progra~1\ThinkPad\UTILIT~1\DPMHost.exe" [2009-10-16 72256]
"Message Center Plus"="c:\program files\LENOVO\Message Center Plus\MCPLaunch.exe" [2009-05-28 49976]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2010-08-25 136216]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2010-08-25 171032]
"Persistence"="c:\windows\system32\igfxpers.exe" [2010-08-25 170520]
"OfficeScanNT Monitor"="c:\program files\Trend Micro\Client Server Security Agent\pccntmon.exe" [2012-01-09 1107472]
"Act.Outlook.Service"="c:\program files\ACT\Act for Windows\Act.Outlook.Service.exe" [2010-12-21 28672]
"Act! Preloader"="c:\program files\ACT\Act for Windows\ActSage.exe" [2010-12-21 337224]
"Logitech Download Assistant"="c:\windows\System32\LogiLDA.dll" [2010-11-03 1246544]
"BrMfcWnd"="c:\program files\Brother\Brmfcmon\BrMfcWnd.exe" [2009-05-26 1159168]
"ControlCenter3"="c:\program files\Brother\ControlCenter3\brctrcen.exe" [2008-12-24 114688]
"AppleSyncNotifier"="c:\program files\Common Files\Apple\Mobile Device Support\AppleSyncNotifier.exe" [2011-10-05 59240]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2011-04-08 254696]
"APSDaemon"="c:\program files\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2012-02-20 59240]
"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2011-10-24 421888]
"ApnUpdater"="c:\program files\Ask.com\Updater\Updater.exe" [2011-08-23 887976]
"navservice"="c:\program files\Navionics World\NavService.exe" [2012-03-13 40960]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2012-03-26 421736]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2012-01-03 843712]
.
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
Sage ACT! Outlook Sync.lnk - c:\program files\ACT\Act for Windows\Act.Outlook.Sync.exe [2010-12-21 91136]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\GoToAssist]
2011-07-07 01:01 16680 ------w- c:\program files\Citrix\GoToAssist\570\g2awinlogon.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\GoToAssist Express Customer]
2012-03-08 02:05 608632 ------w- c:\program files\Citrix\GoToAssist Express Customer\363\g2ax_winlogon.dll
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
Security Packages REG_MULTI_SZ kerberos msv1_0 schannel wdigest tspkg pku2u livessp
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\!SASCORE]
@=""
.
R2 BBSvc;BingBar Service;c:\program files\Microsoft\BingBar\7.1.361.0\BBSvc.exe [2012-02-10 193816]
R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]
R2 gupdate;Google Update Service (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [2011-04-06 136176]
R2 LMIGuardianSvc;LMIGuardianSvc;c:\program files\LogMeIn\x86\LMIGuardianSvc.exe [x]
R2 LMIInfo;LogMeIn Kernel Information Provider;c:\program files\LogMeIn\x86\RaInfo.sys [x]
R2 PelService;Session Launcher Service;c:\program files\Lenovo\Lenovo Mouse Suite\PelService.exe [2010-04-22 184320]
R2 TmFilter;Trend Micro Filter;c:\program files\Trend Micro\Client Server Security Agent\TmXPFlt.sys [2010-05-10 230928]
R2 TmPreFilter;Trend Micro PreFilter;c:\program files\Trend Micro\Client Server Security Agent\TmPreFlt.sys [2010-05-10 36368]
R3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service;c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2012-04-14 253088]
R3 GoToAssist Express Customer;GoToAssist Express Customer;c:\program files\Citrix\GoToAssist Express Customer\363\g2ax_service.exe Start=service [x]
R3 gupdatem;Google Update Service (gupdatem);c:\program files\Google\Update\GoogleUpdate.exe [2011-04-06 136176]
R3 netw5v32;Intel® Wireless WiFi Link 5000 Series Adapter Driver for Windows Vista 32 Bit;c:\windows\system32\DRIVERS\netw5v32.sys [2009-07-13 4231168]
R3 SrvHsfHDA;SrvHsfHDA;c:\windows\system32\DRIVERS\VSTAZL3.SYS [2009-07-13 207360]
R3 SrvHsfV92;SrvHsfV92;c:\windows\system32\DRIVERS\VSTDPV3.SYS [2009-07-13 980992]
R3 SrvHsfWinac;SrvHsfWinac;c:\windows\system32\DRIVERS\VSTCNXT3.SYS [2009-07-13 661504]
R3 tmevtmgr;tmevtmgr;c:\windows\system32\DRIVERS\tmevtmgr.sys [2011-10-03 54544]
R3 TmProxy;Trend Micro Client/Server Security Agent Proxy Service;c:\program files\Trend Micro\Client Server Security Agent\TmProxy.exe [2012-03-15 689680]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [2010-11-19 52224]
R4 MSSQLServerADHelper100;SQL Active Directory Helper Service;c:\program files\Microsoft SQL Server\100\Shared\SQLADHLP.EXE [2010-05-05 44896]
R4 RsFx0151;RsFx0151 Driver;c:\windows\system32\DRIVERS\RsFx0151.sys [2011-06-17 240736]
R4 SQLAgent$ACT7;SQL Server Agent (ACT7);c:\program files\Microsoft SQL Server\MSSQL10_50.ACT7\MSSQL\Binn\SQLAGENT.EXE [2011-06-17 370016]
R4 wlcrasvc;Windows Live Mesh remote connections service;c:\program files\Windows Live\Mesh\wlcrasvc.exe [2010-09-23 51040]
S0 FixTDSS;TDSS Fixtool driver;c:\windows\system32\drivers\FixTDSS.sys [2012-04-19 26872]
S1 SASDIFSV;SASDIFSV;c:\program files\SUPERAntiSpyware\SASDIFSV.SYS [2011-07-22 12880]
S1 SASKUTIL;SASKUTIL;c:\program files\SUPERAntiSpyware\SASKUTIL.SYS [2011-07-12 67664]
S2 !SASCORE;SAS Core Service;c:\program files\SUPERAntiSpyware\SASCORE.EXE [2011-08-11 116608]
S2 AdobeARMservice;Adobe Acrobat Update Service;c:\program files\Common Files\Adobe\ARM\1.0\armsvc.exe [2012-01-03 63928]
S2 MSSQL$ACT7;SQL Server (ACT7);c:\program files\Microsoft SQL Server\MSSQL10_50.ACT7\MSSQL\Binn\sqlservr.exe [2011-06-17 43040096]
S2 nvUpdatusService;NVIDIA Update Service Daemon;c:\program files\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe [2011-05-25 2214504]
S2 Power Manager DBC Service;Power Manager DBC Service;c:\program files\ThinkPad\Utilities\PWMDBSVC.EXE [2009-10-16 72256]
S2 Stereo Service;NVIDIA Stereoscopic 3D Driver Service;c:\program files\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe [2011-05-20 378472]
S2 svcGenericHost;Trend Micro Client/Server Security Agent;c:\program files\Trend Micro\Client Server Security Agent\HostedAgent\svcGenericHost.exe [2012-02-07 50704]
S2 TeamViewer6;TeamViewer 6;c:\program files\TeamViewer\Version6\TeamViewer_Service.exe [2012-03-05 2416000]
S3 BBUpdate;BBUpdate;c:\program files\Microsoft\BingBar\7.1.361.0\SeaPort.exe [2012-02-10 240408]
S3 NVHDA;Service for NVIDIA High Definition Audio Driver;c:\windows\system32\drivers\nvhda32v.sys [2011-05-25 139368]
S3 osppsvc;Office Software Protection Platform;c:\program files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE [2010-01-09 4640000]
S3 SuperIO;Lenovo ASD HWM Driver;c:\windows\system32\DRIVERS\spio.sys [2009-06-06 11720]
S3 yukonw7;NDIS6.2 Miniport Driver for Marvell Yukon Ethernet Controller;c:\windows\system32\DRIVERS\yk62x86.sys [2009-05-20 314368]
.
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
GPSvcGroup REG_MULTI_SZ GPSvc
.
Contents of the 'Scheduled Tasks' folder
.
2012-05-02 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2012-04-02 04:02]
.
2012-05-02 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2011-04-06 05:55]
.
2012-05-02 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2011-04-06 05:55]
.
2012-05-02 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1987074194-147476449-210185347-1145Core.job
- c:\users\scott\AppData\Local\Google\Update\GoogleUpdate.exe [2011-04-05 05:46]
.
2012-05-02 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1987074194-147476449-210185347-1145UA.job
- c:\users\scott\AppData\Local\Google\Update\GoogleUpdate.exe [2011-04-05 05:46]
.
2012-05-02 c:\windows\Tasks\PCDoctorBackgroundMonitorTask.job
- c:\program files\PC-Doctor\uaclauncher.exe [2010-11-12 01:27]
.
2012-05-02 c:\windows\Tasks\SystemToolsDailyTest.job
- c:\program files\PC-Doctor\pcdrcui.exe [2010-11-12 01:27]
.
2012-05-02 c:\windows\Tasks\Ynojsssujb.job
- c:\windows\system32\dxdiagnm.dll [2012-03-06 03:52]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://companyweb
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~4\Office14\EXCEL.EXE/3000
IE: Se&nd to OneNote - c:\progra~1\MICROS~4\Office14\ONBttnIE.dll/105
TCP: DhcpNameServer = 192.168.0.2
.
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
Completion time: 2012-05-02 17:37:35
ComboFix-quarantined-files.txt 2012-05-02 07:37
ComboFix2.txt 2012-04-18 23:07
.
Pre-Run: 408,273,575,936 bytes free
Post-Run: 408,482,168,832 bytes free
.
- - End Of File - - 516C489FD2664D56BE05D3478983923C

#11 m0le

m0le

    Can U Dig It?


  • Malware Response Team
  • 34,527 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:London, UK
  • Local time:08:29 PM

Posted 02 May 2012 - 05:17 PM

As all work is done remotely there are only certain times where i can login and run these scans.


Thanks for letting me know. :)


The Combofix log seems to think everything's okay so let's remove the file aswMBR found.

1. Close any open browsers.

2. Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.

3. Open notepad and copy/paste the text in the box below into it:

File::
C:\Windows\system32\dxdiagnm.dll
c:\windows\Tasks\Ynojsssujb.job


Save this as CFScript.txt, in the same location as Comfix.exe (called ComboFix.exe in the below graphic)


Posted Image

Refering to the picture above, drag CFScript into ComboFix.exe

If the program requests for you to update Combofix then click Yes.

When finished, it shall produce a log for you at C:\ComboFix.txt which I will require in your next reply.
Posted Image
m0le is a proud member of UNITE

#12 Tech4ever

Tech4ever
  • Topic Starter

  • Members
  • 8 posts
  • OFFLINE
  •  
  • Local time:06:29 AM

Posted 04 May 2012 - 08:00 PM

Here is the ComboFix Log


ComboFix 12-05-02.03 - Scott 03/05/2012 9:07.3.2 - x86
Microsoft Windows 7 Professional 6.1.7601.1.1252.61.1033.18.3071.1619 [GMT 10:00]
Running from: c:\users\scott\Desktop\Malware\ComboFix.exe
Command switches used :: c:\users\scott\Desktop\CFScript.txt
AV: Trend Micro Client/Server Security Agent Antivirus *Enabled/Updated* {7193B549-236F-55EE-9AEC-F65279E59A92}
FW: Trend Micro Personal Firewall *Disabled* {50C2E989-60CF-0845-AFD3-290B7D301E79}
SP: Trend Micro Client/Server Security Agent Anti-spyware *Enabled/Updated* {CAF254AD-0555-5A60-A05C-CD200262D02F}
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
* Created a new restore point
.
FILE ::
"c:\windows\system32\dxdiagnm.dll"
"c:\windows\Tasks\Ynojsssujb.job"
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\windows\system32\dxdiagnm.dll
c:\windows\Tasks\Ynojsssujb.job
.
.
((((((((((((((((((((((((( Files Created from 2012-04-02 to 2012-05-02 )))))))))))))))))))))))))))))))
.
.
2012-05-02 23:12 . 2012-05-02 23:12 -------- d-----w- c:\users\Technicalities\AppData\Local\temp
2012-05-02 23:12 . 2012-05-02 23:12 -------- d-----w- c:\users\megan\AppData\Local\temp
2012-05-02 23:12 . 2012-05-02 23:12 -------- d-----w- c:\users\Default\AppData\Local\temp
2012-05-02 23:12 . 2012-05-02 23:12 -------- d-----w- c:\users\Admin\AppData\Local\temp
2012-04-26 03:10 . 2012-05-02 00:53 -------- d-----w- c:\programdata\NVIDIA
2012-04-26 03:10 . 2012-04-26 03:10 -------- d-----w- c:\users\UpdatusUser
2012-04-26 03:09 . 2011-05-25 07:24 615528 ----a-w- c:\windows\system32\nvvsvc.exe
2012-04-26 03:09 . 2011-05-25 07:24 2560616 ----a-w- c:\windows\system32\nvsvcr.dll
2012-04-26 03:09 . 2011-05-25 07:24 66664 ----a-w- c:\windows\system32\nvshext.dll
2012-04-26 03:09 . 2011-05-25 07:24 2557544 ----a-w- c:\windows\system32\nvsvc.dll
2012-04-26 03:09 . 2011-05-25 07:24 111208 ----a-w- c:\windows\system32\nvmctray.dll
2012-04-26 03:09 . 2011-05-25 07:24 3693672 ----a-w- c:\windows\system32\nvcpl.dll
2012-04-26 03:09 . 2011-05-25 07:24 543336 ----a-w- c:\windows\system32\easyupdatusapiu.dll
2012-04-26 03:08 . 2012-04-26 03:08 -------- d-----w- c:\programdata\NVIDIA Corporation
2012-04-26 03:07 . 2011-05-25 07:25 26216 ----a-w- c:\windows\system32\nvhdap32.dll
2012-04-26 03:07 . 2011-05-25 07:25 139368 ----a-w- c:\windows\system32\drivers\nvhda32v.sys
2012-04-26 03:07 . 2011-05-25 07:25 865896 ----a-w- c:\windows\system32\nvhdagenco322040.dll
2012-04-26 03:05 . 2012-04-26 03:05 -------- d-----w- C:\NVIDIA
2012-04-19 13:12 . 2012-04-19 13:12 26872 ----a-w- c:\windows\system32\drivers\FixTDSS.sys
2012-04-19 13:12 . 2012-04-19 13:12 -------- d-----w- c:\users\scott\AppData\Roaming\FixTDSS
2012-04-19 11:49 . 2012-04-19 11:49 -------- d-----w- c:\programdata\HitmanPro
2012-04-19 11:40 . 2012-04-19 11:40 100864 ----a-w- C:\kwldipob.sys
2012-04-19 07:28 . 2012-04-19 07:28 -------- d-----w- c:\users\scott\DoctorWeb
2012-04-19 07:24 . 2012-04-19 07:24 -------- d-----w- c:\users\scott\AppData\Roaming\SUPERAntiSpyware.com
2012-04-19 07:22 . 2012-04-29 23:14 -------- d-----w- c:\program files\SUPERAntiSpyware
2012-04-19 07:22 . 2012-04-19 07:22 -------- d-----w- c:\programdata\SUPERAntiSpyware.com
2012-04-19 07:16 . 2012-04-19 07:16 -------- d-----w- c:\program files\ESET
2012-04-12 17:00 . 2011-11-05 04:26 2048 ----a-w- c:\windows\system32\tzres.dll
2012-04-12 02:49 . 2012-03-01 05:46 19824 ----a-w- c:\windows\system32\drivers\fs_rec.sys
2012-04-12 02:49 . 2012-03-01 05:37 172544 ----a-w- c:\windows\system32\wintrust.dll
2012-04-12 02:49 . 2012-03-01 05:33 159232 ----a-w- c:\windows\system32\imagehlp.dll
2012-04-12 02:49 . 2012-03-01 05:29 5120 ----a-w- c:\windows\system32\wmi.dll
2012-04-12 02:30 . 2012-04-12 02:30 -------- d-----w- c:\users\scott\AppData\Roaming\Malwarebytes
2012-04-12 02:30 . 2012-04-12 02:30 -------- d-----w- c:\programdata\Malwarebytes
2012-04-12 02:30 . 2012-04-12 02:30 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2012-04-12 02:30 . 2012-04-04 05:56 22344 ----a-w- c:\windows\system32\drivers\mbam.sys
2012-04-10 00:40 . 2012-04-10 00:48 -------- d-----w- c:\program files\Constructor
2012-04-10 00:40 . 2012-04-10 00:40 -------- d-----w- c:\program files\Common Files\Data Dynamics
2012-04-04 05:53 . 2012-04-04 05:53 182160 ----a-w- c:\program files\Internet Explorer\Plugins\nppdf32.dll
2012-04-02 23:32 . 2012-04-14 04:02 418464 ----a-w- c:\windows\system32\FlashPlayerApp.exe
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-05-02 00:54 . 2011-04-01 07:22 848 --sha-w- c:\programdata\KGyGaAvL.sys
2012-04-14 04:02 . 2011-05-17 03:52 70304 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2012-02-17 05:34 . 2012-03-15 16:00 826880 ------w- c:\windows\system32\rdpcore.dll
2012-02-17 04:14 . 2012-03-15 16:00 183808 ------w- c:\windows\system32\drivers\rdpwd.sys
2012-02-17 04:13 . 2012-03-15 16:00 24576 ------w- c:\windows\system32\drivers\tdtcp.sys
2012-02-15 00:01 . 2012-02-15 00:01 4547944 ------w- c:\windows\system32\usbaaplrc.dll
2012-02-15 00:01 . 2012-02-15 00:01 43520 ------w- c:\windows\system32\drivers\usbaapl.sys
2012-02-14 02:09 . 2012-02-14 02:09 1070352 ----a-w- c:\windows\system32\MSCOMCTL.OCX
2012-02-10 05:38 . 2012-03-15 16:00 1077248 ------w- c:\windows\system32\DWrite.dll
2012-02-08 06:03 . 2012-03-04 23:39 6552120 ------w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{B901C04A-CED1-40AA-B1F2-EC5E9D8DC5C5}\mpengine.dll
2012-02-03 03:54 . 2012-03-15 16:00 2343424 ------w- c:\windows\system32\win32k.sys
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{D4027C7F-154A-4066-A1AD-4243D8127440}]
2011-08-23 10:20 1515688 ------w- c:\program files\Ask.com\GenericAskToolbar.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
"{D4027C7F-154A-4066-A1AD-4243D8127440}"= "c:\program files\Ask.com\GenericAskToolbar.dll" [2011-08-23 1515688]
.
[HKEY_CLASSES_ROOT\clsid\{d4027c7f-154a-4066-a1ad-4243d8127440}]
[HKEY_CLASSES_ROOT\GenericAskToolbar.ToolbarWnd.1]
[HKEY_CLASSES_ROOT\TypeLib\{2996F0E7-292B-4CAE-893F-47B8B1C05B56}]
[HKEY_CLASSES_ROOT\GenericAskToolbar.ToolbarWnd]
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"BIBLauncher"="c:\program files\Business-in-a-Box\BIBLauncher.exe" [2011-03-15 901600]
"swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2011-06-28 39408]
"MobileDocuments"="c:\program files\Common Files\Apple\Internet Services\ubd.exe" [2012-02-23 59240]
"SUPERAntiSpyware"="c:\program files\SUPERAntiSpyware\SUPERAntiSpyware.exe" [2012-04-29 3905920]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"LenovoFSC"="c:\program files\Lenovo\FanSpeedControl\LenovoFSC.exe" [2009-07-29 49152]
"Daemon for Mouse Suite"="c:\program files\Lenovo\Lenovo Mouse Suite\ICO.EXE" [2010-07-28 69632]
"PWMTRV"="c:\progra~1\ThinkPad\UTILIT~1\PWMTR32V.DLL" [2009-09-21 622592]
"Power Manager Power Agenda"="c:\progra~1\ThinkPad\UTILIT~1\DPMHost.exe" [2009-10-16 72256]
"Message Center Plus"="c:\program files\LENOVO\Message Center Plus\MCPLaunch.exe" [2009-05-28 49976]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2010-08-25 136216]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2010-08-25 171032]
"Persistence"="c:\windows\system32\igfxpers.exe" [2010-08-25 170520]
"OfficeScanNT Monitor"="c:\program files\Trend Micro\Client Server Security Agent\pccntmon.exe" [2012-01-09 1107472]
"Act.Outlook.Service"="c:\program files\ACT\Act for Windows\Act.Outlook.Service.exe" [2010-12-21 28672]
"Act! Preloader"="c:\program files\ACT\Act for Windows\ActSage.exe" [2010-12-21 337224]
"Logitech Download Assistant"="c:\windows\System32\LogiLDA.dll" [2010-11-03 1246544]
"BrMfcWnd"="c:\program files\Brother\Brmfcmon\BrMfcWnd.exe" [2009-05-26 1159168]
"ControlCenter3"="c:\program files\Brother\ControlCenter3\brctrcen.exe" [2008-12-24 114688]
"AppleSyncNotifier"="c:\program files\Common Files\Apple\Mobile Device Support\AppleSyncNotifier.exe" [2011-10-05 59240]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2011-04-08 254696]
"APSDaemon"="c:\program files\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2012-02-20 59240]
"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2011-10-24 421888]
"ApnUpdater"="c:\program files\Ask.com\Updater\Updater.exe" [2011-08-23 887976]
"navservice"="c:\program files\Navionics World\NavService.exe" [2012-03-13 40960]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2012-03-26 421736]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2012-01-03 843712]
.
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
Sage ACT! Outlook Sync.lnk - c:\program files\ACT\Act for Windows\Act.Outlook.Sync.exe [2010-12-21 91136]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\GoToAssist]
2011-07-07 01:01 16680 ------w- c:\program files\Citrix\GoToAssist\570\g2awinlogon.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\GoToAssist Express Customer]
2012-03-08 02:05 608632 ------w- c:\program files\Citrix\GoToAssist Express Customer\363\g2ax_winlogon.dll
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
Security Packages REG_MULTI_SZ kerberos msv1_0 schannel wdigest tspkg pku2u livessp
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\!SASCORE]
@=""
.
R2 BBSvc;BingBar Service;c:\program files\Microsoft\BingBar\7.1.361.0\BBSvc.exe [2012-02-10 193816]
R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]
R2 gupdate;Google Update Service (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [2011-04-06 136176]
R2 LMIGuardianSvc;LMIGuardianSvc;c:\program files\LogMeIn\x86\LMIGuardianSvc.exe [x]
R2 LMIInfo;LogMeIn Kernel Information Provider;c:\program files\LogMeIn\x86\RaInfo.sys [x]
R2 PelService;Session Launcher Service;c:\program files\Lenovo\Lenovo Mouse Suite\PelService.exe [2010-04-22 184320]
R2 TmFilter;Trend Micro Filter;c:\program files\Trend Micro\Client Server Security Agent\TmXPFlt.sys [2010-05-10 230928]
R2 TmPreFilter;Trend Micro PreFilter;c:\program files\Trend Micro\Client Server Security Agent\TmPreFlt.sys [2010-05-10 36368]
R3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service;c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2012-04-14 253088]
R3 GoToAssist Express Customer;GoToAssist Express Customer;c:\program files\Citrix\GoToAssist Express Customer\363\g2ax_service.exe Start=service [x]
R3 gupdatem;Google Update Service (gupdatem);c:\program files\Google\Update\GoogleUpdate.exe [2011-04-06 136176]
R3 netw5v32;Intel® Wireless WiFi Link 5000 Series Adapter Driver for Windows Vista 32 Bit;c:\windows\system32\DRIVERS\netw5v32.sys [2009-07-13 4231168]
R3 SrvHsfHDA;SrvHsfHDA;c:\windows\system32\DRIVERS\VSTAZL3.SYS [2009-07-13 207360]
R3 SrvHsfV92;SrvHsfV92;c:\windows\system32\DRIVERS\VSTDPV3.SYS [2009-07-13 980992]
R3 SrvHsfWinac;SrvHsfWinac;c:\windows\system32\DRIVERS\VSTCNXT3.SYS [2009-07-13 661504]
R3 tmevtmgr;tmevtmgr;c:\windows\system32\DRIVERS\tmevtmgr.sys [2011-10-03 54544]
R3 TmProxy;Trend Micro Client/Server Security Agent Proxy Service;c:\program files\Trend Micro\Client Server Security Agent\TmProxy.exe [2012-03-15 689680]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [2010-11-19 52224]
R4 MSSQLServerADHelper100;SQL Active Directory Helper Service;c:\program files\Microsoft SQL Server\100\Shared\SQLADHLP.EXE [2010-05-05 44896]
R4 RsFx0151;RsFx0151 Driver;c:\windows\system32\DRIVERS\RsFx0151.sys [2011-06-17 240736]
R4 SQLAgent$ACT7;SQL Server Agent (ACT7);c:\program files\Microsoft SQL Server\MSSQL10_50.ACT7\MSSQL\Binn\SQLAGENT.EXE [2011-06-17 370016]
R4 wlcrasvc;Windows Live Mesh remote connections service;c:\program files\Windows Live\Mesh\wlcrasvc.exe [2010-09-23 51040]
S0 FixTDSS;TDSS Fixtool driver;c:\windows\system32\drivers\FixTDSS.sys [2012-04-19 26872]
S1 SASDIFSV;SASDIFSV;c:\program files\SUPERAntiSpyware\SASDIFSV.SYS [2011-07-22 12880]
S1 SASKUTIL;SASKUTIL;c:\program files\SUPERAntiSpyware\SASKUTIL.SYS [2011-07-12 67664]
S2 !SASCORE;SAS Core Service;c:\program files\SUPERAntiSpyware\SASCORE.EXE [2011-08-11 116608]
S2 AdobeARMservice;Adobe Acrobat Update Service;c:\program files\Common Files\Adobe\ARM\1.0\armsvc.exe [2012-01-03 63928]
S2 MSSQL$ACT7;SQL Server (ACT7);c:\program files\Microsoft SQL Server\MSSQL10_50.ACT7\MSSQL\Binn\sqlservr.exe [2011-06-17 43040096]
S2 nvUpdatusService;NVIDIA Update Service Daemon;c:\program files\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe [2011-05-25 2214504]
S2 Power Manager DBC Service;Power Manager DBC Service;c:\program files\ThinkPad\Utilities\PWMDBSVC.EXE [2009-10-16 72256]
S2 Stereo Service;NVIDIA Stereoscopic 3D Driver Service;c:\program files\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe [2011-05-20 378472]
S2 svcGenericHost;Trend Micro Client/Server Security Agent;c:\program files\Trend Micro\Client Server Security Agent\HostedAgent\svcGenericHost.exe [2012-02-07 50704]
S2 TeamViewer6;TeamViewer 6;c:\program files\TeamViewer\Version6\TeamViewer_Service.exe [2012-03-05 2416000]
S3 BBUpdate;BBUpdate;c:\program files\Microsoft\BingBar\7.1.361.0\SeaPort.exe [2012-02-10 240408]
S3 NVHDA;Service for NVIDIA High Definition Audio Driver;c:\windows\system32\drivers\nvhda32v.sys [2011-05-25 139368]
S3 osppsvc;Office Software Protection Platform;c:\program files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE [2010-01-09 4640000]
S3 SuperIO;Lenovo ASD HWM Driver;c:\windows\system32\DRIVERS\spio.sys [2009-06-06 11720]
S3 yukonw7;NDIS6.2 Miniport Driver for Marvell Yukon Ethernet Controller;c:\windows\system32\DRIVERS\yk62x86.sys [2009-05-20 314368]
.
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
GPSvcGroup REG_MULTI_SZ GPSvc
.
Contents of the 'Scheduled Tasks' folder
.
2012-05-02 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2012-04-02 04:02]
.
2012-05-02 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2011-04-06 05:55]
.
2012-05-02 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2011-04-06 05:55]
.
2012-05-02 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1987074194-147476449-210185347-1145Core.job
- c:\users\scott\AppData\Local\Google\Update\GoogleUpdate.exe [2011-04-05 05:46]
.
2012-05-02 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1987074194-147476449-210185347-1145UA.job
- c:\users\scott\AppData\Local\Google\Update\GoogleUpdate.exe [2011-04-05 05:46]
.
2012-05-02 c:\windows\Tasks\PCDoctorBackgroundMonitorTask.job
- c:\program files\PC-Doctor\uaclauncher.exe [2010-11-12 01:27]
.
2012-05-02 c:\windows\Tasks\SystemToolsDailyTest.job
- c:\program files\PC-Doctor\pcdrcui.exe [2010-11-12 01:27]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://companyweb
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~4\Office14\EXCEL.EXE/3000
IE: Se&nd to OneNote - c:\progra~1\MICROS~4\Office14\ONBttnIE.dll/105
TCP: DhcpNameServer = 192.168.0.2
.
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
Completion time: 2012-05-03 09:13:15
ComboFix-quarantined-files.txt 2012-05-02 23:13
ComboFix2.txt 2012-05-02 07:37
ComboFix3.txt 2012-04-18 23:07
.
Pre-Run: 408,501,219,328 bytes free
Post-Run: 408,436,391,936 bytes free
.
- - End Of File - - 53771F4DD60F54A6BECA23189550D378


Thanks for your help

#13 m0le

m0le

    Can U Dig It?


  • Malware Response Team
  • 34,527 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:London, UK
  • Local time:08:29 PM

Posted 04 May 2012 - 08:10 PM

That's removed the last of the malware. Let's check that with a new aswMBR log please.
Posted Image
m0le is a proud member of UNITE

#14 Tech4ever

Tech4ever
  • Topic Starter

  • Members
  • 8 posts
  • OFFLINE
  •  
  • Local time:06:29 AM

Posted 05 May 2012 - 06:43 PM

Yea, Client tells me that he is not getting any redirects anymore so am very happy. Thankyou very much for your help.
I will post the logs of aswMBR tomorrow.

Thanks will

#15 m0le

m0le

    Can U Dig It?


  • Malware Response Team
  • 34,527 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:London, UK
  • Local time:08:29 PM

Posted 05 May 2012 - 08:47 PM

:thumbup2:
Posted Image
m0le is a proud member of UNITE




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users