Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

easyA-Z virus infection


  • This topic is locked This topic is locked
34 replies to this topic

#1 MarkMac1

MarkMac1

  • Members
  • 17 posts
  • OFFLINE
  •  
  • Local time:09:42 AM

Posted 23 May 2012 - 03:03 PM

Hi,
I've been infected with the easya-z virus, I get re-directed to EasyA-Z and to other sites and my computer appears to have slowed down.
I've run Malwarebytes and also tried SpywareDoctor but without success
I would really appreciate some help removing this please.
I've followed the preparation guide, backed up my documents, run deFogger etc.
Please see the DDS and GMER logs below


--------------------------------------------
.
DDS (Ver_2011-08-26.01) - NTFSx86
Internet Explorer: 8.0.6001.18702 BrowserJavaVersion: 1.6.0_31
Run by mark.macdonald at 17:52:56 on 2012-05-23
Microsoft Windows XP Professional 5.1.2600.3.1252.44.1033.18.3055.1451 [GMT 1:00]
.
.
============== Running Processes ===============
.
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\svchost.exe -k DcomLaunch
svchost.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
C:\WINDOWS\system32\svchost.exe -k WudfServiceGroup
C:\WINDOWS\system32\vcsFPService.exe
C:\Program Files\HitmanPro\hmpsched.exe
svchost.exe
svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\IDT\WDM\STacSV.exe
svchost.exe
C:\Program Files\Common Files\EPSON\EBAPI\eEBSVC.exe
C:\Program Files\LSI SoftModem\agrsmsvc.exe
C:\WINDOWS\System32\svchost.exe -k Akamai
C:\Program Files\Common Files\Portrait Displays\Plugins\AM\dtsslsrv.exe
C:\Program Files\Autodesk\Content Service\Connect.Service.ContentService.exe
C:\Program Files\AVG\AVG10\avgwdsvc.exe
C:\WINDOWS\system32\rundll32.exe
C:\Program Files\PC Tools\PC Tools Security\BDT\BDTUpdateService.exe
C:\Program Files\Common Files\Portrait Displays\Shared\DTSRVC.exe
C:\Program Files\EaseUS\Todo Backup\bin\GuardAgent.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\LogMeIn\x86\LMIGuardianSvc.exe
C:\Program Files\LogMeIn\x86\RaMaint.exe
C:\Program Files\Intel\Intel® Management Engine Components\LMS\LMS.exe
C:\Program Files\LogMeIn\x86\LogMeIn.exe
C:\Program Files\Autodesk\3ds Max Design 2012\mentalimages\satellite\raysat_3dsmax2012_32server.exe
c:\Program Files\HTC\Internet Pass-Through\PassThruSvr.exe
C:\Program Files\PDF Complete\pdfsvc.exe
C:\Program Files\Common Files\Portrait Displays\Drivers\pdisrvc.exe
C:\Program Files\PC Tools\PC Tools Security\pctsAuxs.exe
C:\WINDOWS\system32\svchost.exe -k imgsvc
C:\Program Files\Intel\Intel® Management Engine Components\UNS\UNS.exe
C:\WINDOWS\system32\SearchIndexer.exe
C:\Program Files\WIDCOMM\Bluetooth Software\bin\btwdins.exe
C:\WINDOWS\System32\svchost.exe -k HTTPFilter
C:\WINDOWS\Explorer.EXE
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\WINDOWS\system32\AESTFltr.exe
C:\WINDOWS\system32\RUNDLL32.EXE
C:\Program Files\Hewlett-Packard\HP 3D DriveGuard\accelerometerST.exe
C:\Program Files\NEC Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe
C:\Program Files\LogMeIn\x86\LogMeInSystray.exe
C:\Program Files\Portrait Displays\Pivot Software\wpctrl.exe
C:\Program Files\AVG\AVG10\avgtray.exe
C:\Program Files\Portrait Displays\HP Display Assistant\DTHtml.exe
C:\Program Files\Epson Software\FAX Utility\FUFAXRCV.exe
C:\Program Files\Portrait Displays\Pivot Software\floater.exe
C:\Program Files\Epson Software\FAX Utility\FUFAXSTM.exe
C:\Program Files\Epson Software\Event Manager\EEventManager.exe
C:\Program Files\Common Files\Portrait Displays\Shared\HookManager.exe
C:\Program Files\Common Files\Java\Java Update\jusched.exe
C:\Program Files\AVG\AVG10\Identity Protection\agent\bin\avgidsmonitor.exe
C:\Program Files\Microsoft Office\Office14\OUTLOOK.EXE
C:\Program Files\PrintKey2000\Printkey2000.exe
C:\Program Files\Logitech\SetPoint\SetPoint.exe
C:\Program Files\Common Files\Logishrd\KHAL2\KHALMNPR.EXE
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\AVG\AVG10\avgcsrvx.exe
c:\Program Files\3Dconnexion\3Dconnexion 3DxSoftware\3DxWare\3DxSrv.exe
C:\Program Files\Internet Explorer\Iexplore.exe
C:\Program Files\Internet Explorer\Iexplore.exe
C:\Program Files\Internet Explorer\Iexplore.exe
C:\Program Files\Internet Explorer\Iexplore.exe
C:\Program Files\EaseUS\Todo Backup\bin\Agent.exe
C:\Program Files\Internet Explorer\Iexplore.exe
C:\Program Files\AVG\AVG10\avgui.exe
C:\Program Files\Internet Explorer\Iexplore.exe
C:\Program Files\Adobe\Reader 10.0\Reader\AcroRd32.exe
C:\Program Files\Adobe\Reader 10.0\Reader\AcroRd32.exe
C:\WINDOWS\system32\SearchProtocolHost.exe
.
============== Pseudo HJT Report ===============
.
uStart Page = hxxp://www.google.co.uk/
uInternet Settings,ProxyOverride = <local>;127.0.0.1:9421;
uURLSearchHooks: PC Tools Browser Guard: {472734ea-242a-422b-adf8-83d1e48cc825} - c:\program files\pc tools\pc tools security\bdt\PCTBrowserDefender.dll
BHO: SnagIt Toolbar Loader: {00c6482d-c502-44c8-8409-fce54ad9c208} - c:\program files\techsmith\snagit 10\SnagitBHO.dll
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll
BHO: PC Tools Browser Guard BHO: {2a0f3d1b-0909-4ff4-b272-609cce6054e7} - c:\program files\pc tools\pc tools security\bdt\PCTBrowserDefender.dll
BHO: AVG Safe Search: {3ca2f312-6f6e-4b53-a66e-4e65e497c8c0} - c:\program files\avg\avg10\avgssie.dll
BHO: Groove GFS Browser Helper: {72853161-30c5-4d22-b7f9-0bbc1d38a37e} - c:\progra~1\micros~2\office14\GROOVEEX.DLL
BHO: Java™ Plug-In SSV Helper: {761497bb-d6f0-462c-b6eb-d4daf1d92d43} - c:\program files\java\jre6\bin\ssv.dll
BHO: Easy Photo Print: {9421dd08-935f-4701-a9ca-22df90ac4ea6} - c:\program files\epson software\easy photo print\EPTBL.dll
BHO: Office Document Cache Handler: {b4f3a835-0e21-4959-ba22-42b3008e02ff} - c:\progra~1\micros~2\office14\URLREDIR.DLL
BHO: Java™ Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
BHO: JQSIEStartDetectorImpl Class: {e7e6f031-17ce-4c07-bc86-eabfe594f69c} - c:\program files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
TB: Snagit: {8ff5e183-abde-46eb-b09e-d2aab95cabe3} - c:\program files\techsmith\snagit 10\SnagitIEAddin.dll
TB: Easy Photo Print: {9421dd08-935f-4701-a9ca-22df90ac4ea6} - c:\program files\epson software\easy photo print\EPTBL.dll
TB: PC Tools Browser Guard: {472734ea-242a-422b-adf8-83d1e48cc825} - c:\program files\pc tools\pc tools security\bdt\PCTBrowserDefender.dll
uRun: [Akamai NetSession Interface] "c:\documents and settings\mark.macdonald\local settings\application data\akamai\netsession_win.exe"
uRun: [ChromeFrameHelper] "c:\documents and settings\mark.macdonald\local settings\application data\google\chrome\application\19.0.1084.46\chrome_frame_helper.exe" --startup
uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe
mRun: [snp2uvc] rundll32.exe c:\windows\system32\csnp2uvc.dll,ResetCIDS
mRun: [SynTPEnh] %ProgramFiles%\Synaptics\SynTP\SynTPEnh.exe
mRun: [AESTFltr] %SystemRoot%\system32\AESTFltr.exe /NoDlg
mRun: [nwiz] c:\program files\nvidia corporation\nview\nwiz.exe /installquiet
mRun: [NvMediaCenter] RUNDLL32.EXE c:\windows\system32\NvMcTray.dll,NvTaskbarInit
mRun: [NvCplDaemon] RUNDLL32.EXE c:\windows\system32\NvCpl.dll,NvStartup
mRun: [AccelerometerSysTrayApplet] c:\program files\hewlett-packard\hp 3d driveguard\accelerometerST.exe
mRun: [IMSS] "c:\program files\intel\intel® management engine components\imss\PIconStartup.exe"
mRun: [NUSB3MON] "c:\program files\nec electronics\usb 3.0 host controller driver\application\nusb3mon.exe"
mRun: [BCSSync] "c:\program files\microsoft office\office14\BCSSync.exe" /DelayServices
mRun: [Adobe Reader Speed Launcher] "c:\program files\adobe\reader 10.0\reader\Reader_sl.exe"
mRun: [Adobe ARM] "c:\program files\common files\adobe\arm\1.0\AdobeARM.exe"
mRun: [LogMeIn GUI] "c:\program files\logmein\x86\LogMeInSystray.exe"
mRun: [Kernel and Hardware Abstraction Layer] KHALMNPR.EXE
mRun: [PivotSoftware] "c:\program files\portrait displays\pivot software\wpctrl.exe"
mRun: [DT HWP] c:\program files\common files\portrait displays\shared\DT_startup.exe -HWP
mRun: [AVG_TRAY] c:\program files\avg\avg10\avgtray.exe
mRun: [FUFAXRCV] "c:\program files\epson software\fax utility\FUFAXRCV.exe"
mRun: [FUFAXSTM] "c:\program files\epson software\fax utility\FUFAXSTM.exe"
mRun: [EEventManager] "c:\program files\epson software\event manager\EEventManager.exe"
mRun: [SunJavaUpdateSched] "c:\program files\common files\java\java update\jusched.exe"
mRunOnce: [WIAWizardMenu] RUNDLL32.EXE c:\windows\system32\sti_ci.dll,WiaCreateWizardMenu
StartupFolder: c:\docume~1\mark~1.mac\startm~1\programs\startup\create~1.lnk - \\monty\productionsoftware\outlook signature creator\Create Signature.exe
StartupFolder: c:\docume~1\mark~1.mac\startm~1\programs\startup\micros~1.lnk - c:\program files\microsoft office\office14\OUTLOOK.EXE
StartupFolder: c:\docume~1\mark~1.mac\startm~1\programs\startup\printk~2.lnk - c:\program files\printkey2000\Printkey2000.exe
StartupFolder: c:\docume~1\mark~1.mac\startm~1\programs\startup\setpoi~1.lnk - c:\program files\logitech\setpoint\SetPoint.exe
IE: E&xport to Microsoft Excel - c:\progra~1\micros~2\office14\EXCEL.EXE/3000
IE: Se&nd to OneNote - c:\progra~1\micros~2\office14\ONBttnIE.dll/105
IE: Send to &Bluetooth Device... - c:\program files\widcomm\bluetooth software\btsendto_ie_ctx.htm
IE: Send To Bluetooth - c:\program files\widcomm\bluetooth software\btsendto_ie.htm
IE: {CCA281CA-C863-46ef-9331-5C8D4460577F} - c:\program files\widcomm\bluetooth software\btsendto_ie.htm
IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - c:\program files\microsoft office\office14\ONBttnIE.dll
IE: {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - {FFFDC614-B694-4AE6-AB38-5D6374584B52} - c:\program files\microsoft office\office14\ONBttnIELinkedNotes.dll
LSP: c:\program files\common files\pc tools\lsp\PCTLsp.dll
Trusted Zone: marge
DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} - hxxp://www.update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1305890235346
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0031-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab
TCP: DhcpNameServer = 192.168.2.2 192.168.2.1
TCP: Interfaces\{EF214CDD-5829-49E8-A732-86625DFC6A5C} : DhcpNameServer = 192.168.2.2 192.168.2.1
Filter: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - c:\program files\common files\microsoft shared\office14\MSOXMLMF.DLL
Handler: gcf - {9875BFAF-B04D-445E-8A69-BE36838CDE3E} - c:\documents and settings\mark.macdonald\local settings\application data\google\chrome\application\19.0.1084.46\npchrome_frame.dll
Handler: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - c:\program files\avg\avg10\avgpp.dll
Notify: DeviceNP - DeviceNP.dll
Notify: LBTWlgn - c:\program files\common files\logishrd\bluetooth\LBTWlgn.dll
Notify: LMIinit - LMIinit.dll
SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll
SEH: Windows Desktop Search Namespace Manager: {56f9679e-7826-4c84-81f3-532071a8bcc5} - c:\program files\windows desktop search\MSNLNamespaceMgr.dll
SEH: Groove GFS Stub Execution Hook: {b5a7f190-dda6-4420-b3ba-52453494e6cd} - c:\progra~1\micros~2\office14\GROOVEEX.DLL
.
================= FIREFOX ===================
.
FF - ProfilePath - c:\documents and settings\mark.macdonald\application data\mozilla\firefox\profiles\tl0ziykq.default\
FF - prefs.js: network.proxy.type - 0
.
============= SERVICES / DRIVERS ===============
.
R0 AVGIDSEH;AVGIDSEH;c:\windows\system32\drivers\AVGIDSEH.sys [2011-2-22 22992]
R0 Avgrkx86;AVG Anti-Rootkit Driver;c:\windows\system32\drivers\avgrkx86.sys [2011-3-16 32592]
R0 EUBAKUP;EUBAKUP;c:\windows\system32\drivers\eubakup.sys [2012-1-22 50312]
R0 EUBKMON;EUBKMON;c:\windows\system32\drivers\EUBKMON.sys [2012-1-22 43784]
R0 PCTCore;PCTools KDS;c:\windows\system32\drivers\PCTCore.sys [2012-5-23 383368]
R0 pctDS;PC Tools Data Store;c:\windows\system32\drivers\pctDS.sys [2012-5-23 342168]
R0 pctEFA;PC Tools Extended File Attributes;c:\windows\system32\drivers\pctEFA.sys [2012-5-23 909728]
R0 TfFsMon;TfFsMon;c:\windows\system32\drivers\TfFsMon.sys [2012-5-23 54328]
R0 TFSysMon;TfSysMon;c:\windows\system32\drivers\TfSysMon.sys [2012-5-23 574424]
R1 Avgldx86;AVG AVI Loader Driver;c:\windows\system32\drivers\avgldx86.sys [2011-1-7 248656]
R1 Avgmfx86;AVG Mini-Filter Resident Anti-Virus Shield;c:\windows\system32\drivers\avgmfx86.sys [2011-3-1 34896]
R1 Avgtdix;AVG TDI Driver;c:\windows\system32\drivers\avgtdix.sys [2011-4-5 297168]
R1 EUDSKACS;EUDSKACS;c:\windows\system32\drivers\eudskacs.sys [2012-1-22 16008]
R1 EUFDDISK;EUFDDISK;c:\windows\system32\drivers\EuFdDisk.sys [2012-1-22 185864]
R1 pctgntdi;pctgntdi;c:\windows\system32\drivers\pctgntdi.sys [2012-5-23 254912]
R1 PCTSD;PC Tools Spyware Doctor Driver;c:\windows\system32\drivers\PCTSD.sys [2012-5-23 203088]
R2 Akamai;Akamai NetSession Interface;c:\windows\system32\svchost.exe -k Akamai [2006-2-28 14336]
R2 Autodesk Content Service;Autodesk Content Service;c:\program files\autodesk\content service\Connect.Service.ContentService.exe [2011-2-2 18656]
R2 avgwd;AVG WatchDog;c:\program files\avg\avg10\avgwdsvc.exe [2011-2-8 269520]
R2 Browser Defender Update Service;Browser Defender Update Service;c:\program files\pc tools\pc tools security\bdt\BDTUpdateService.exe [2012-5-23 575416]
R2 EaseUS Agent;EaseUS Agent;c:\program files\easeus\todo backup\bin\Agent.exe [2012-1-22 61064]
R2 Guard Agent;Guard Agent;c:\program files\easeus\todo backup\bin\GuardAgent.exe [2012-1-22 23176]
R2 HitmanProScheduler;HitmanPro Scheduler;c:\program files\hitmanpro\hmpsched.exe [2012-3-11 105288]
R2 LBeepKE;LBeepKE;c:\windows\system32\drivers\LBeepKE.sys [2011-5-24 10384]
R2 LMIGuardianSvc;LMIGuardianSvc;c:\program files\logmein\x86\LMIGuardianSvc.exe [2011-3-1 374152]
R2 LMIInfo;LogMeIn Kernel Information Provider;c:\program files\logmein\x86\rainfo.sys [2010-9-17 12856]
R2 LMIRfsDriver;LogMeIn Remote File System Driver;c:\windows\system32\drivers\LMIRfsDriver.sys [2011-5-13 47640]
R2 mi-raysat_3dsmax2012_32;mental ray 3.9 Satellite for Autodesk 3ds Max Design 2012 32-bit - English 32-bit;c:\program files\autodesk\3ds max design 2012\mentalimages\satellite\raysat_3dsmax2012_32server.exe [2011-2-23 86016]
R2 PassThru Service;Internet Pass-Through Service;c:\program files\htc\internet pass-through\PassThruSvr.exe [2011-9-15 88576]
R2 pdfcDispatcher;PDF Document Manager;c:\program files\pdf complete\pdfsvc.exe [2011-5-11 1126936]
R2 PdiService;Portrait Displays SDK Service;c:\program files\common files\portrait displays\drivers\pdisrvc.exe [2011-5-25 113264]
R2 sdAuxService;PC Tools Auxiliary Service;c:\program files\pc tools\pc tools security\pctsAuxs.exe [2012-5-23 402336]
R2 UNS;Intel® Management & Security Application User Notification Service;c:\program files\intel\intel® management engine components\uns\UNS.exe [2011-5-11 2320920]
R2 vcsFPService;Validity VCS Fingerprint Service;c:\windows\system32\vcsFPService.exe [2010-2-18 1664304]
R2 vnccom;vnccom;c:\windows\system32\drivers\vnccom.SYS [2011-5-11 6016]
R3 AESTAud;IDT AE Audio Service;c:\windows\system32\drivers\AESTAud.sys [2011-5-11 113664]
R3 AVGIDSDriver;AVGIDSDriver;c:\windows\system32\drivers\AVGIDSDriver.sys [2011-4-14 134480]
R3 AVGIDSFilter;AVGIDSFilter;c:\windows\system32\drivers\AVGIDSFilter.sys [2011-2-10 24144]
R3 AVGIDSShim;AVGIDSShim;c:\windows\system32\drivers\AVGIDSShim.sys [2011-2-10 27216]
R3 e1kexpress;Intel® PRO/1000 PCI Express Network Connection Driver K;c:\windows\system32\drivers\e1k5132.sys [2011-5-11 168616]
R3 IFXTPM;IFXTPM;c:\windows\system32\drivers\ifxtpm.sys [2007-12-18 44800]
R3 Impcd;Impcd;c:\windows\system32\drivers\Impcd.sys [2011-5-11 125696]
R3 LEqdUsb;Logitech SetPoint Unifying KMDF USB Filter;c:\windows\system32\drivers\LEqdUsb.sys [2009-6-17 40720]
R3 LHidEqd;Logitech SetPoint Unifying KMDF HID Filter;c:\windows\system32\drivers\LHidEqd.sys [2009-6-17 10384]
R3 nusb3hub;NEC Electronics USB 3.0 Hub Driver;c:\windows\system32\drivers\nusb3hub.sys [2009-11-20 58880]
R3 nusb3xhc;NEC Electronics USB 3.0 Host Controller Driver;c:\windows\system32\drivers\nusb3xhc.sys [2009-11-20 137728]
R3 osppsvc;Office Software Protection Platform;c:\program files\common files\microsoft shared\officesoftwareprotectionplatform\OSPPSVC.EXE [2010-1-9 4640000]
R3 PCTBD;PC Tools Browser Defender Driver;c:\windows\system32\drivers\PCTBD.sys [2012-5-23 70736]
R3 rismc32;RICOH Smart Card Reader;c:\windows\system32\drivers\rismc32.sys [2011-5-11 49152]
S2 AVGIDSAgent;AVGIDSAgent;c:\program files\avg\avg10\identity protection\agent\bin\AVGIDSAgent.exe [2012-1-31 7391072]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\microsoft.net\framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
S2 gupdate;Google Update Service (gupdate);c:\program files\google\update\GoogleUpdate.exe [2012-1-28 136176]
S3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service;c:\windows\system32\macromed\flash\FlashPlayerUpdateService.exe [2012-4-5 257696]
S3 Com4QLBEx;Com4QLBEx;c:\program files\hewlett-packard\hp quick launch buttons\Com4QLBEx.exe [2011-5-11 227896]
S3 DAMDrv;DAMDrv;c:\windows\system32\drivers\DAMDrv.sys [2010-3-8 32312]
S3 FLCDLOCK;HP ProtectTools Device Locking / Auditing;c:\windows\system32\flcdlock.exe [2010-4-28 362040]
S3 gupdatem;Google Update Service (gupdatem);c:\program files\google\update\GoogleUpdate.exe [2012-1-28 136176]
S3 HTCAND32;HTC Device Driver;c:\windows\system32\drivers\ANDROIDUSB.sys [2011-5-20 24576]
S3 htcnprot;HTC NDIS Protocol Driver;c:\windows\system32\drivers\htcnprot.sys [2010-6-22 21248]
S3 MBAMSwissArmy;MBAMSwissArmy;c:\windows\system32\drivers\mbamswissarmy.sys [2012-5-23 40776]
S3 Microsoft SharePoint Workspace Audit Service;Microsoft SharePoint Workspace Audit Service;c:\program files\microsoft office\office14\GROOVE.EXE [2011-6-12 31125880]
S3 NETwNx32;___ Intel® Wireless WiFi Link 5000 Series Adapter Driver for Windows XP 32 Bit;c:\windows\system32\drivers\NETwNx32.sys [2011-5-11 7391104]
S3 pctplsg;pctplsg;c:\windows\system32\drivers\pctplsg.sys [2012-5-23 70536]
S3 sdCoreService;PC Tools Security Service;c:\program files\pc tools\pc tools security\pctsSvc.exe [2012-5-23 1118648]
S3 TfNetMon;TfNetMon;c:\windows\system32\drivers\TfNetMon.sys [2012-5-23 35264]
S3 ThreatFire;ThreatFire;c:\program files\pc tools\pc tools security\tfengine\tfservice.exe service --> c:\program files\pc tools\pc tools security\tfengine\TFService.exe service [?]
S3 WDC_SAM;WD SCSI Pass Thru driver;c:\windows\system32\drivers\wdcsam.sys [2008-5-6 11520]
S3 WinRM;Windows Remote Management (WS-Management);c:\windows\system32\svchost.exe -k WINRM [2006-2-28 14336]
S3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;c:\windows\microsoft.net\framework\v4.0.30319\wpf\WPFFontCache_v0400.exe [2010-3-18 753504]
S4 LMIRfsClientNP;LMIRfsClientNP; [x]
.
=============== File Associations ===============
.
.scr=DWGTrueViewScriptFile
.
=============== Created Last 30 ================
.
2012-05-23 11:33:43 -------- d-sha-r- C:\cmdcons
2012-05-23 10:36:34 40776 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2012-05-23 09:37:24 -------- d-----w- c:\program files\CCleaner
2012-05-23 08:57:03 574424 --s---w- c:\windows\system32\drivers\TfSysMon.sys
2012-05-23 08:57:03 54328 --s---w- c:\windows\system32\drivers\TfFsMon.sys
2012-05-23 08:57:03 35264 --s---w- c:\windows\system32\drivers\TfNetMon.sys
2012-05-23 08:12:51 -------- d-----w- c:\documents and settings\mark.macdonald\local settings\application data\Threat Expert
2012-05-23 08:09:24 70736 ----a-w- c:\windows\system32\drivers\PCTBD.sys
2012-05-23 08:09:23 767928 ----a-w- c:\windows\BDTSupport.dll
2012-05-23 08:09:23 2271160 ----a-w- c:\windows\PCTBDCore.dll
2012-05-23 08:09:23 1681336 ----a-w- c:\windows\PCTBDRes.dll
2012-05-23 08:09:23 149432 ----a-w- c:\windows\SGDetectionTool.dll
2012-05-23 08:07:49 254912 ----a-w- c:\windows\system32\drivers\pctgntdi.sys
2012-05-23 08:07:39 17848 ----a-w- c:\windows\system32\drivers\pctBTFix.sys
2012-05-23 08:07:34 70536 ----a-w- c:\windows\system32\drivers\pctplsg.sys
2012-05-23 08:07:24 -------- d-----w- c:\program files\PC Tools
2012-05-23 08:05:06 909728 ----a-w- c:\windows\system32\drivers\pctEFA.sys
2012-05-23 08:05:05 342168 ----a-w- c:\windows\system32\drivers\pctDS.sys
2012-05-23 08:04:58 383368 ----a-w- c:\windows\system32\drivers\PCTCore.sys
2012-05-23 08:04:58 162584 ----a-w- c:\windows\system32\drivers\PCTAppEvent.sys
2012-05-23 08:04:57 203088 ----a-w- c:\windows\system32\drivers\PCTSD.sys
2012-05-23 08:04:56 -------- d-----w- c:\program files\common files\PC Tools
2012-05-23 08:04:38 -------- d-----w- c:\documents and settings\mark.macdonald\application data\TestApp
2012-05-23 08:04:38 -------- d-----w- c:\documents and settings\all users\application data\PC Tools
2012-05-22 07:47:11 135168 --sha-r- c:\windows\system32\kemutbn.dll
2012-05-16 08:26:40 -------- d-----w- C:\Acoustic Hood - 55186 Adagio - 460 x 460 x 175 deep
2012-05-10 09:12:43 -------- d-----w- C:\DRIVE_C
.
==================== Find3M ====================
.
2012-05-22 06:53:56 83360 ----a-w- c:\windows\system32\LMIRfsClientNP.dll
2012-05-22 06:53:56 52096 ----a-w- c:\windows\system32\spool\prtprocs\w32x86\LMIproc.dll
2012-05-22 06:53:53 30592 ----a-w- c:\windows\system32\LMIport.dll
2012-05-22 06:53:52 87424 ----a-w- c:\windows\system32\LMIinit.dll
2012-05-07 19:40:32 70304 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2012-05-07 19:40:32 419488 ----a-w- c:\windows\system32\FlashPlayerApp.exe
2012-04-11 13:14:41 2148352 ----a-w- c:\windows\system32\ntoskrnl.exe
2012-04-11 13:12:06 1862272 ----a-w- c:\windows\system32\win32k.sys
2012-04-11 12:35:51 2026496 ----a-w- c:\windows\system32\ntkrnlpa.exe
2012-04-04 14:56:40 22344 ----a-w- c:\windows\system32\drivers\mbam.sys
2012-03-05 07:48:00 23624 ----a-w- c:\windows\system32\drivers\hitmanpro35.sys
2012-03-01 11:01:32 916992 ----a-w- c:\windows\system32\wininet.dll
2012-03-01 11:01:32 43520 ------w- c:\windows\system32\licmgr10.dll
2012-03-01 11:01:32 1469440 ------w- c:\windows\system32\inetcpl.cpl
2012-02-29 14:10:16 177664 ----a-w- c:\windows\system32\wintrust.dll
2012-02-29 14:10:16 148480 ----a-w- c:\windows\system32\imagehlp.dll
2012-02-29 12:17:40 385024 ------w- c:\windows\system32\html.iec
2012-02-27 07:42:55 73728 ----a-w- c:\windows\system32\javacpl.cpl
2012-02-27 07:42:55 472808 ----a-w- c:\windows\system32\deployJava1.dll
.
============= FINISH: 17:55:33.35 ===============

Attached Files



BC AdBot (Login to Remove)

 


#2 B-boy/StyLe/

B-boy/StyLe/

    Bleepin' Freestyler


  • Malware Response Team
  • 8,307 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Bulgaria
  • Local time:12:42 PM

Posted 23 May 2012 - 04:16 PM

Hello MarkMac1 ! Welcome to BleepingComputer Forums! :welcome:

My name is Georgi and and I will be helping you with your computer problems.

Before we begin, please note the following:
  • I will working be on your Malware issues, this may or may not, solve other issues you have with your machine.
  • The logs can take some time to research, so please be patient with me.
  • Stay with the topic until I tell you that your system is clean. Missing symptoms does not mean that everything is okay.
  • Instructions that I give are for your system only!
  • Please do not run any tools until requested ! The reason for this is so I know what is going on with the machine at any time. Some programs can interfere with others and hamper the recovery process.
  • Please perform all steps in the order received. If you can't understand something don't hesitate to ask.
  • Again I would like to remind you to make no further changes to your computer unless I direct you to do so. I will not help you if you do not follow my instructions.





Please make sure that you can view all hidden files. Instructions on how to do this can be found here:

How to see hidden files in Windows

Please click this link-->Virustotal

When the Virustotal page has finished loading, click the Browse button and navigate to the following file and click Submit.

c:\windows\system32\kemutbn.dll

note, if VT says these files have already been analysed, make sure you click re-analyse file now.

Please post back the results of the scan in your next post.

If Virustotal is busy, try the same at Virscan: http://virscan.org/



Regards,
Georgi

cXfZ4wS.png


#3 MarkMac1

MarkMac1
  • Topic Starter

  • Members
  • 17 posts
  • OFFLINE
  •  
  • Local time:09:42 AM

Posted 23 May 2012 - 05:42 PM

Many thanks Georgi, I hope that you can help.

I used Virustotal to analyse (and re-analyse) the file you wanted:
c:\windows\system32\kemutbn.dll

Comments:

216 have indicated that this is Malware and 136 have said that it is harmless

SHA256: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
SHA1: da39a3ee5e6b4b0d3255bfef95601890afd80709
MD5: d41d8cd98f00b204e9800998ecf8427e
File size: 0 bytes ( 0 bytes )
File name: C:\WINDOWS\system32\kemutbn.dll
File type: unknown
Detection ratio: 0 / 42
Analysis date: 2012-05-23 22:31:22 UTC ( 0 minutes ago )

136216More details
Antivirus Result Update
AhnLab-V3 - 20120523
AntiVir - 20120523
Antiy-AVL - 20120523
Avast - 20120524
AVG - 20120523
BitDefender - 20120523
ByteHero - 20120522
CAT-QuickHeal - 20120523
ClamAV - 20120523
Commtouch - 20120523
Comodo - 20120523
DrWeb - 20120524
Emsisoft - 20120523
eSafe - 20120522
F-Prot - 20120523
F-Secure - 20120523
Fortinet - 20120523
GData - 20120523
Ikarus - 20120523
Jiangmin - 20120523
K7AntiVirus - 20120523
Kaspersky - 20120524
McAfee - 20120523
McAfee-GW-Edition - 20120523
Microsoft - 20120523
NOD32 - 20120523
Norman - 20120523
nProtect - 20120523
Panda - 20120523
PCTools - 20120522
Rising - 20120523
Sophos - 20120523
SUPERAntiSpyware - 20120523
Symantec - 20120523
TheHacker - 20120523
TotalDefense - 20120523
TrendMicro - 20120524
TrendMicro-HouseCall - 20120523
VBA32 - 20120523
VIPRE - 20120523
ViRobot - 20120523
VirusBuster - 20120523

Edited by B-boy/StyLe/, 23 May 2012 - 06:02 PM.


#4 B-boy/StyLe/

B-boy/StyLe/

    Bleepin' Freestyler


  • Malware Response Team
  • 8,307 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Bulgaria
  • Local time:12:42 PM

Posted 23 May 2012 - 06:00 PM

Hi,



Please download ComboFix from the link below:

Combofix

Save it to your Desktop <-- Important!!!

  • Disable your AntiVirus and AntiSpyware applications, usually via a right click on the System Tray icon. They may otherwise interfere with our tools. Please refer to this link for instructions.

  • Double click it & follow the prompts.

  • As part of it's process, ComboFix will check to see if the Microsoft Windows Recovery Console is installed. With malware infections being as they are today, it's strongly recommended to have this pre-installed on your machine before doing any malware removal. It will allow you to boot up into a special recovery/repair mode that will allow us to more easily help you should your computer have a problem after an attempted removal of malware.

  • Follow the prompts to allow ComboFix to download and install the Microsoft Windows Recovery Console, and when prompted, agree to the End-User License Agreement to install the Microsoft Windows Recovery Console.

**Please note: If the Microsoft Windows Recovery Console is already installed, ComboFix will continue it's malware removal procedures.

Posted Image


Once the Microsoft Windows Recovery Console is installed using ComboFix, you should see the following message:

Posted Image

Click on Yes, to continue scanning for malware.

When finished, it will produce a log for you. Please include the C:\ComboFix.txt in your next reply



Regards,
Georgi

cXfZ4wS.png


#5 MarkMac1

MarkMac1
  • Topic Starter

  • Members
  • 17 posts
  • OFFLINE
  •  
  • Local time:09:42 AM

Posted 23 May 2012 - 06:51 PM

Thanks Georgi
ComboFix has been run, the log is shown below and also attached.
Many thanks
Mark



ComboFix 12-05-23.05 - mark.macdonald 24/05/2012 0:12.2.4 - x86
Microsoft Windows XP Professional 5.1.2600.3.1252.44.1033.18.3055.1958 [GMT 1:00]
Running from: c:\documents and settings\mark.macdonald\Desktop\ComboFix.exe
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\documents and settings\All Users\Application Data\TEMP
c:\documents and settings\dave.newell\Start Menu\Internet Explorer.lnk
c:\documents and settings\mark.macdonald\Start Menu\Internet Explorer.lnk
C:\Thumbs.db
c:\windows\jestertb.dll
c:\windows\system32\dllcache\dlimport.exe
c:\windows\system32\it.EXE
c:\windows\system32\Thumbs.db
.
.
((((((((((((((((((((((((( Files Created from 2012-04-23 to 2012-05-23 )))))))))))))))))))))))))))))))
.
.
2012-05-23 16:57 . 2012-05-23 20:06 -------- d-----w- C:\0 PROBLEM
2012-05-23 10:36 . 2012-05-23 10:36 40776 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2012-05-23 09:37 . 2012-05-23 09:37 -------- d-----w- c:\program files\CCleaner
2012-05-23 08:57 . 2012-04-23 12:11 574424 --s---w- c:\windows\system32\drivers\TfSysMon.sys
2012-05-23 08:57 . 2012-04-23 12:11 54328 --s---w- c:\windows\system32\drivers\TfFsMon.sys
2012-05-23 08:57 . 2012-04-23 12:11 35264 --s---w- c:\windows\system32\drivers\TfNetMon.sys
2012-05-23 08:12 . 2012-05-23 08:12 -------- d-----w- c:\documents and settings\mark.macdonald\Local Settings\Application Data\Threat Expert
2012-05-23 08:09 . 2012-04-13 13:28 70736 ----a-w- c:\windows\system32\drivers\PCTBD.sys
2012-05-23 08:09 . 2012-04-13 13:28 149432 ----a-w- c:\windows\SGDetectionTool.dll
2012-05-23 08:04 . 2012-05-23 08:57 -------- d-----w- c:\documents and settings\All Users\Application Data\PC Tools
2012-05-23 08:04 . 2012-05-23 08:04 -------- d-----w- c:\documents and settings\mark.macdonald\Application Data\TestApp
2012-05-22 07:47 . 2012-05-22 07:47 135168 --sha-r- c:\windows\system32\kemutbn.dll
2012-05-16 08:26 . 2012-05-22 15:26 -------- d-----w- C:\Acoustic Hood - 55186 Adagio - 460 x 460 x 175 deep
2012-05-10 09:12 . 2012-05-22 15:26 -------- d-----w- C:\DRIVE_C
2012-04-30 12:02 . 2012-04-30 12:02 -------- d-----w- c:\documents and settings\LocalService\Local Settings\Application Data\LogMeIn
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-05-22 06:53 . 2011-05-13 15:00 52096 ----a-w- c:\windows\system32\Spool\prtprocs\w32x86\LMIproc.dll
2012-05-22 06:53 . 2011-05-13 15:00 83360 ----a-w- c:\windows\system32\LMIRfsClientNP.dll
2012-05-22 06:53 . 2011-05-13 15:00 30592 ----a-w- c:\windows\system32\LMIport.dll
2012-05-22 06:53 . 2011-05-13 15:00 87424 ----a-w- c:\windows\system32\LMIinit.dll
2012-05-07 19:40 . 2012-04-05 06:29 419488 ----a-w- c:\windows\system32\FlashPlayerApp.exe
2012-05-07 19:40 . 2011-05-13 08:06 70304 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2012-04-13 12:55 . 2012-05-23 08:09 3488 ----a-w- c:\windows\UDB.zip
2012-04-13 12:55 . 2012-05-23 08:09 131 ----a-w- c:\windows\IDB.zip
2012-04-11 13:14 . 2006-02-28 12:00 2148352 ----a-w- c:\windows\system32\ntoskrnl.exe
2012-04-11 13:12 . 2006-02-28 12:00 1862272 ----a-w- c:\windows\system32\win32k.sys
2012-04-11 12:35 . 2004-08-03 22:59 2026496 ----a-w- c:\windows\system32\ntkrnlpa.exe
2012-04-04 14:56 . 2011-05-19 15:39 22344 ----a-w- c:\windows\system32\drivers\mbam.sys
2012-03-15 07:25 . 2012-03-15 07:25 25911 ----a-w- C:\compound_miters.zip
2012-03-05 07:48 . 2011-05-20 07:07 23624 ----a-w- c:\windows\system32\drivers\hitmanpro35.sys
2012-03-01 11:01 . 2006-02-28 12:00 916992 ----a-w- c:\windows\system32\wininet.dll
2012-03-01 11:01 . 2006-02-28 12:00 43520 ------w- c:\windows\system32\licmgr10.dll
2012-03-01 11:01 . 2006-02-28 12:00 1469440 ------w- c:\windows\system32\inetcpl.cpl
2012-02-29 14:10 . 2006-02-28 12:00 177664 ----a-w- c:\windows\system32\wintrust.dll
2012-02-29 14:10 . 2006-02-28 12:00 148480 ----a-w- c:\windows\system32\imagehlp.dll
2012-02-29 12:17 . 2006-02-28 12:00 385024 ------w- c:\windows\system32\html.iec
2012-02-27 07:42 . 2012-02-27 07:43 73728 ----a-w- c:\windows\system32\javacpl.cpl
2012-02-27 07:42 . 2011-09-15 11:48 472808 ----a-w- c:\windows\system32\deployJava1.dll
2011-11-10 14:53 . 2011-05-19 13:21 134104 ----a-w- c:\program files\mozilla firefox\components\browsercomps.dll
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Akamai NetSession Interface"="c:\documents and settings\mark.macdonald\Local Settings\Application Data\Akamai\netsession_win.exe" [2012-05-07 3331872]
"ChromeFrameHelper"="c:\documents and settings\mark.macdonald\Local Settings\Application Data\Google\Chrome\Application\19.0.1084.46\chrome_frame_helper.exe" [2012-05-09 96752]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"snp2uvc"="c:\windows\system32\csnp2uvc.dll" [2009-09-17 213040]
"SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2010-06-03 1791272]
"AESTFltr"="c:\windows\system32\AESTFltr.exe" [2009-04-20 737280]
"nwiz"="c:\program files\NVIDIA Corporation\nView\nwiz.exe" [2010-11-04 1753192]
"NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2010-12-04 110696]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2010-12-04 13933160]
"AccelerometerSysTrayApplet"="c:\program files\Hewlett-Packard\HP 3D DriveGuard\accelerometerST.exe" [2010-04-15 69176]
"IMSS"="c:\program files\Intel\Intel® Management Engine Components\IMSS\PIconStartup.exe" [2010-03-03 111640]
"NUSB3MON"="c:\program files\NEC Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe" [2009-11-20 106496]
"BCSSync"="c:\program files\Microsoft Office\Office14\BCSSync.exe" [2010-03-13 91520]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 10.0\Reader\Reader_sl.exe" [2010-11-10 35736]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2010-11-10 932288]
"LogMeIn GUI"="c:\program files\LogMeIn\x86\LogMeInSystray.exe" [2010-09-17 63048]
"Kernel and Hardware Abstraction Layer"="KHALMNPR.EXE" [2009-06-17 55824]
"PivotSoftware"="c:\program files\Portrait Displays\Pivot Software\wpctrl.exe" [2009-03-03 694824]
"DT HWP"="c:\program files\Common Files\Portrait Displays\Shared\DT_startup.exe" [2009-06-26 86016]
"AVG_TRAY"="c:\program files\AVG\AVG10\avgtray.exe" [2012-01-17 2339168]
"FUFAXRCV"="c:\program files\Epson Software\FAX Utility\FUFAXRCV.exe" [2011-03-09 495616]
"FUFAXSTM"="c:\program files\Epson Software\FAX Utility\FUFAXSTM.exe" [2011-03-09 856064]
"EEventManager"="c:\program files\Epson Software\Event Manager\EEventManager.exe" [2010-10-12 979328]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2012-01-18 254696]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce]
"WIAWizardMenu"="c:\windows\system32\sti_ci.dll" [2008-04-14 136704]
.
c:\documents and settings\dave.newell\Start Menu\Programs\Startup\
Call Assistant Launcher.lnk - c:\program files\CAICE\Call Assistant\Call Assistant Launcher.exe [2011-5-13 24576]
Comments Checker.lnk - s:\comments checker\CommentsChecker.exe [N/A]
Microsoft Outlook 2007.lnk - c:\program files\Microsoft Office\Office12\OUTLOOK.EXE [2011-5-13 178688]
Printkey2000.lnk - c:\windows\Printkey2000.exe [2011-5-11 869376]
.
[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
"{56F9679E-7826-4C84-81F3-532071A8BCC5}"= "c:\program files\Windows Desktop Search\MSNLNamespaceMgr.dll" [2009-05-24 304128]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\DeviceNP]
2010-04-28 09:39 75320 ----a-w- c:\windows\system32\DeviceNP.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\LBTWlgn]
2009-07-20 11:28 72208 ----a-w- c:\program files\Common Files\Logishrd\Bluetooth\LBTWLgn.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\LMIinit]
2012-05-22 06:53 87424 ----a-w- c:\windows\system32\LMIinit.dll
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]
BootExecute REG_MULTI_SZ autocheck autochk *\0c:\progra~1\AVG\AVG10\avgchsvx.exe /sync\0c:\progra~1\AVG\AVG10\avgrsx.exe /sync /restart
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\group policy\state\S-1-5-21-1782070911-1017172144-2584331571-1190\Scripts\Logoff\0\0]
"Script"=disconnect.bat
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]
@="Driver"
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WdfLoadGroup]
@=""
.
[HKLM\~\startupfolder\C:^Documents and Settings^mark.macdonald^Start Menu^Programs^Startup^Printkey2000.lnk]
path=c:\documents and settings\mark.macdonald\Start Menu\Programs\Startup\Printkey2000.lnk
backup=c:\windows\pss\Printkey2000.lnkStartup
.
[HKLM\~\startupfolder\C:^Documents and Settings^mark.macdonald^Start Menu^Programs^Startup^Production Automated Shutdown.lnk]
path=c:\documents and settings\mark.macdonald\Start Menu\Programs\Startup\Production Automated Shutdown.lnk
backup=c:\windows\pss\Production Automated Shutdown.lnkStartup
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\EaseUs Tray]
2011-12-26 13:06 743560 ----a-w- c:\program files\EaseUS\Todo Backup\bin\TrayNotify.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\EaseUs Watch]
2011-12-22 23:09 70792 ----a-w- c:\program files\EaseUS\Todo Backup\bin\EuWatch.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\EPSON Stylus D88 Series]
2005-01-27 05:00 98304 ----a-w- c:\windows\system32\spool\drivers\w32x86\3\E_FATIABE.EXE
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HTC Sync Loader]
2012-04-17 14:05 651264 ----a-w- c:\program files\HTC\HTC Sync 3.0\htcUPCTLoader.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QlbCtrl.exe]
2010-02-25 14:19 287800 ------w- c:\program files\Hewlett-Packard\HP Quick Launch Buttons\QLBCTRL.exe
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\AVG\\AVG10\\avgmfapx.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\Microsoft Office\\Office14\\ONENOTE.EXE"=
"c:\\Program Files\\Microsoft Office\\Office14\\OUTLOOK.EXE"=
"c:\\WINDOWS\\system32\\fxsclnt.exe"=
"c:\\Program Files\\BitTorrent\\BitTorrent.exe"=
"c:\\Documents and Settings\\mark.macdonald\\Local Settings\\Application Data\\Akamai\\netsession_win.exe"=
"c:\\Program Files\\AVG\\AVG10\\avgdiagex.exe"=
"c:\\Program Files\\AVG\\AVG10\\avgnsx.exe"=
"c:\\Program Files\\AVG\\AVG10\\avgam.exe"=
"c:\\Program Files\\AVG\\AVG10\\avgemcx.exe"=
"c:\\Program Files\\EPSON Software\\ECPrinterSetup\\ENPApp.exe"=
"c:\\Program Files\\EPSON Software\\Event Manager\\EEventManager.exe"=
"c:\\Program Files\\EaseUS\\Todo Backup\\bin\\Agent.exe"=
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"5985:TCP"= 5985:TCP:*:Disabled:Windows Remote Management
"43511:TCP"= 43511:TCP:Windows Core Service
.
R0 AVGIDSEH;AVGIDSEH;c:\windows\system32\drivers\AVGIDSEH.sys [22/02/2011 08:13 22992]
R0 Avgrkx86;AVG Anti-Rootkit Driver;c:\windows\system32\drivers\avgrkx86.sys [16/03/2011 16:03 32592]
R0 EUBAKUP;EUBAKUP;c:\windows\system32\drivers\eubakup.sys [22/01/2012 23:32 50312]
R0 EUBKMON;EUBKMON;c:\windows\system32\drivers\EUBKMON.sys [22/01/2012 23:32 43784]
R0 PCTCore;PCTools KDS;c:\windows\system32\drivers\PCTCore.sys [23/05/2012 09:04 383368]
R0 pctDS;PC Tools Data Store;c:\windows\system32\drivers\pctDS.sys [23/05/2012 09:05 342168]
R0 pctEFA;PC Tools Extended File Attributes;c:\windows\system32\drivers\pctEFA.sys [23/05/2012 09:05 909728]
R0 TfFsMon;TfFsMon;c:\windows\system32\drivers\TfFsMon.sys [23/05/2012 09:57 54328]
R0 TFSysMon;TfSysMon;c:\windows\system32\drivers\TfSysMon.sys [23/05/2012 09:57 574424]
R1 Avgldx86;AVG AVI Loader Driver;c:\windows\system32\drivers\avgldx86.sys [07/01/2011 06:41 248656]
R1 Avgtdix;AVG TDI Driver;c:\windows\system32\drivers\avgtdix.sys [05/04/2011 00:59 297168]
R1 EUDSKACS;EUDSKACS;c:\windows\system32\drivers\eudskacs.sys [22/01/2012 23:32 16008]
R1 EUFDDISK;EUFDDISK;c:\windows\system32\drivers\EuFdDisk.sys [22/01/2012 23:32 185864]
R1 pctgntdi;pctgntdi;c:\windows\system32\drivers\pctgntdi.sys [23/05/2012 09:07 254912]
R1 PCTSD;PC Tools Spyware Doctor Driver;c:\windows\system32\drivers\PCTSD.sys [23/05/2012 09:04 203088]
R2 Akamai;Akamai NetSession Interface;c:\windows\System32\svchost.exe -k Akamai [28/02/2006 13:00 14336]
R2 Autodesk Content Service;Autodesk Content Service;c:\program files\Autodesk\Content Service\Connect.Service.ContentService.exe [02/02/2011 14:08 18656]
R2 avgwd;AVG WatchDog;c:\program files\AVG\AVG10\avgwdsvc.exe [08/02/2011 05:33 269520]
R2 Browser Defender Update Service;Browser Defender Update Service;c:\program files\PC Tools\PC Tools Security\BDT\BDTUpdateService.exe [23/05/2012 09:09 575416]
R2 EaseUS Agent;EaseUS Agent;c:\program files\EaseUS\Todo Backup\bin\Agent.exe [22/01/2012 23:29 61064]
R2 Guard Agent;Guard Agent;c:\program files\EaseUS\Todo Backup\bin\GuardAgent.exe [22/01/2012 23:29 23176]
R2 HitmanProScheduler;HitmanPro Scheduler;c:\program files\HitmanPro\hmpsched.exe [11/03/2012 16:25 105288]
R2 LBeepKE;LBeepKE;c:\windows\system32\drivers\LBeepKE.sys [24/05/2011 08:50 10384]
R2 LMIGuardianSvc;LMIGuardianSvc;c:\program files\LogMeIn\x86\LMIGuardianSvc.exe [01/03/2011 12:11 374152]
R2 LMIInfo;LogMeIn Kernel Information Provider;c:\program files\LogMeIn\x86\rainfo.sys [17/09/2010 15:40 12856]
R2 PassThru Service;Internet Pass-Through Service;c:\program files\HTC\Internet Pass-Through\PassThruSvr.exe [15/09/2011 13:06 88576]
R2 pdfcDispatcher;PDF Document Manager;c:\program files\PDF Complete\pdfsvc.exe [11/05/2011 11:31 1126936]
R2 PdiService;Portrait Displays SDK Service;c:\program files\Common Files\Portrait Displays\Drivers\pdisrvc.exe [25/05/2011 11:59 113264]
R2 sdAuxService;PC Tools Auxiliary Service;c:\program files\PC Tools\PC Tools Security\pctsAuxs.exe [23/05/2012 09:07 402336]
R2 UNS;Intel® Management & Security Application User Notification Service;c:\program files\Intel\Intel® Management Engine Components\UNS\UNS.exe [11/05/2011 13:14 2320920]
R2 vcsFPService;Validity VCS Fingerprint Service;c:\windows\system32\vcsFPService.exe [18/02/2010 14:26 1664304]
R2 vnccom;vnccom;c:\windows\system32\drivers\vnccom.SYS [11/05/2011 16:17 6016]
R3 AESTAud;IDT AE Audio Service;c:\windows\system32\drivers\AESTAud.sys [11/05/2011 10:37 113664]
R3 AVGIDSDriver;AVGIDSDriver;c:\windows\system32\drivers\AVGIDSDriver.sys [14/04/2011 21:28 134480]
R3 AVGIDSFilter;AVGIDSFilter;c:\windows\system32\drivers\AVGIDSFilter.sys [10/02/2011 07:53 24144]
R3 AVGIDSShim;AVGIDSShim;c:\windows\system32\drivers\AVGIDSShim.sys [10/02/2011 07:53 27216]
R3 e1kexpress;Intel® PRO/1000 PCI Express Network Connection Driver K;c:\windows\system32\drivers\e1k5132.sys [11/05/2011 10:21 168616]
R3 IFXTPM;IFXTPM;c:\windows\system32\drivers\ifxtpm.sys [18/12/2007 10:46 44800]
R3 Impcd;Impcd;c:\windows\system32\drivers\Impcd.sys [11/05/2011 14:22 125696]
R3 LEqdUsb;Logitech SetPoint Unifying KMDF USB Filter;c:\windows\system32\drivers\LEqdUsb.sys [17/06/2009 17:55 40720]
R3 LHidEqd;Logitech SetPoint Unifying KMDF HID Filter;c:\windows\system32\drivers\LHidEqd.sys [17/06/2009 17:55 10384]
R3 NETwNx32;___ Intel® Wireless WiFi Link 5000 Series Adapter Driver for Windows XP 32 Bit;c:\windows\system32\drivers\NETwNx32.sys [11/05/2011 11:27 7391104]
R3 nusb3hub;NEC Electronics USB 3.0 Hub Driver;c:\windows\system32\drivers\nusb3hub.sys [20/11/2009 19:15 58880]
R3 nusb3xhc;NEC Electronics USB 3.0 Host Controller Driver;c:\windows\system32\drivers\nusb3xhc.sys [20/11/2009 19:15 137728]
R3 osppsvc;Office Software Protection Platform;c:\program files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE [09/01/2010 21:37 4640000]
R3 PCTBD;PC Tools Browser Defender Driver;c:\windows\system32\drivers\PCTBD.sys [23/05/2012 09:09 70736]
R3 rismc32;RICOH Smart Card Reader;c:\windows\system32\drivers\rismc32.sys [11/05/2011 10:46 49152]
S2 AVGIDSAgent;AVGIDSAgent;c:\program files\AVG\AVG10\Identity Protection\Agent\Bin\AVGIDSAgent.exe [31/01/2012 16:02 7391072]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [18/03/2010 13:16 130384]
S2 gupdate;Google Update Service (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [28/01/2012 12:06 136176]
S2 mi-raysat_3dsmax2012_32;mental ray 3.9 Satellite for Autodesk 3ds Max Design 2012 32-bit - English 32-bit;c:\program files\Autodesk\3ds Max Design 2012\mentalimages\satellite\raysat_3dsmax2012_32server.exe [23/02/2011 07:59 86016]
S3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service;c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [05/04/2012 07:29 257696]
S3 Com4QLBEx;Com4QLBEx;c:\program files\Hewlett-Packard\HP Quick Launch Buttons\Com4QLBEx.exe [11/05/2011 10:28 227896]
S3 DAMDrv;DAMDrv;c:\windows\system32\drivers\DAMDrv.sys [08/03/2010 17:31 32312]
S3 FLCDLOCK;HP ProtectTools Device Locking / Auditing;c:\windows\system32\flcdlock.exe [28/04/2010 10:39 362040]
S3 gupdatem;Google Update Service (gupdatem);c:\program files\Google\Update\GoogleUpdate.exe [28/01/2012 12:06 136176]
S3 HTCAND32;HTC Device Driver;c:\windows\system32\drivers\ANDROIDUSB.sys [20/05/2011 08:58 24576]
S3 htcnprot;HTC NDIS Protocol Driver;c:\windows\system32\drivers\htcnprot.sys [22/06/2010 18:01 21248]
S3 MBAMSwissArmy;MBAMSwissArmy;c:\windows\system32\drivers\mbamswissarmy.sys [23/05/2012 11:36 40776]
S3 Microsoft SharePoint Workspace Audit Service;Microsoft SharePoint Workspace Audit Service;c:\program files\Microsoft Office\Office14\GROOVE.EXE [12/06/2011 11:15 31125880]
S3 pctplsg;pctplsg;c:\windows\system32\drivers\pctplsg.sys [23/05/2012 09:07 70536]
S3 TfNetMon;TfNetMon;c:\windows\system32\drivers\TfNetMon.sys [23/05/2012 09:57 35264]
S3 ThreatFire;ThreatFire;c:\program files\PC Tools\PC Tools Security\TFEngine\TFService.exe service --> c:\program files\PC Tools\PC Tools Security\TFEngine\TFService.exe service [?]
S3 WDC_SAM;WD SCSI Pass Thru driver;c:\windows\system32\drivers\wdcsam.sys [06/05/2008 16:06 11520]
S3 WinRM;Windows Remote Management (WS-Management);c:\windows\system32\svchost.exe -k WINRM [28/02/2006 13:00 14336]
S3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;c:\windows\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe [18/03/2010 13:16 753504]
.
--- Other Services/Drivers In Memory ---
.
*NewlyCreated* - AWTDYPOC
*Deregistered* - awtdypoc
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
WINRM REG_MULTI_SZ WINRM
Akamai REG_MULTI_SZ Akamai
.
Contents of the 'Scheduled Tasks' folder
.
2011-05-23 c:\windows\Tasks\3DxSoftware Create Process (ID 8240089128).job
- c:\program files\3Dconnexion\3Dconnexion 3DxSoftware\3DxWare\3dxsrv.exe [2011-04-01 10:43]
.
2012-05-23 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2012-04-05 19:40]
.
2012-05-23 c:\windows\Tasks\Bvurmb.job
- c:\windows\system32\kemutbn.dll [2012-05-22 07:47]
.
2012-05-23 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2012-01-28 11:06]
.
2012-05-23 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2012-01-28 11:06]
.
2012-05-22 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1782070911-1017172144-2584331571-1290Core.job
- c:\documents and settings\mark.macdonald\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2011-09-28 14:14]
.
2012-05-23 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1782070911-1017172144-2584331571-1290UA.job
- c:\documents and settings\mark.macdonald\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2011-09-28 14:14]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.google.co.uk/
uInternet Settings,ProxyOverride = <local>;127.0.0.1:9421;
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\Office14\EXCEL.EXE/3000
IE: Se&nd to OneNote - c:\progra~1\MICROS~2\Office14\ONBttnIE.dll/105
IE: Send to &Bluetooth Device... - c:\program files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm
IE: Send To Bluetooth - c:\program files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
LSP: c:\program files\Common Files\PC Tools\Lsp\PCTLsp.dll
Trusted Zone: marge
TCP: DhcpNameServer = 212.104.130.9 212.104.130.65 192.168.1.1
FF - ProfilePath - c:\documents and settings\mark.macdonald\Application Data\Mozilla\Firefox\Profiles\tl0ziykq.default\
FF - prefs.js: network.proxy.type - 0
.
.
------- File Associations -------
.
.scr=DWGTrueViewScriptFile
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2012-05-24 00:37
Windows 5.1.2600 Service Pack 3 NTFS
.
scanning hidden processes ...
.
scanning hidden autostart entries ...
.
scanning hidden files ...
.
.
c:\temp\WGAErrLog.txt 439 bytes
.
scan completed successfully
hidden files: 1
.
**************************************************************************
.
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\pdfcDispatcher]
"ImagePath"="c:\program files\PDF Complete\pdfsvc.exe /startedbyscm:66B66708-40E2BE4D-pdfcService"
.
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\Akamai]
"ServiceDll"="c:\program files\common files\akamai/netsession_win_6c825ce.dll"
.
--------------------- DLLs Loaded Under Running Processes ---------------------
.
- - - - - - - > 'winlogon.exe'(1144)
c:\program files\common files\logishrd\bluetooth\LBTWlgn.dll
c:\windows\system32\LMIinit.dll
c:\program files\common files\logishrd\bluetooth\LBTServ.dll
c:\program files\Common Files\PC Tools\Lsp\PCTLsp.dll
c:\windows\system32\LMIRfsClientNP.dll
c:\windows\system32\DeviceNP.dll
c:\windows\system32\SSREGLIB.dll
c:\windows\system32\HPPTLog.dll
.
- - - - - - - > 'lsass.exe'(1204)
c:\program files\Common Files\PC Tools\Lsp\PCTLsp.dll
.
Completion time: 2012-05-24 00:47:19
ComboFix-quarantined-files.txt 2012-05-23 23:47
ComboFix2.txt 2012-05-23 12:07
.
Pre-Run: 223,677,980,672 bytes free
Post-Run: 223,746,576,384 bytes free
.
- - End Of File - - 8B5425BC401E658BC700E0A270BA8B1A

Attached Files



#6 B-boy/StyLe/

B-boy/StyLe/

    Bleepin' Freestyler


  • Malware Response Team
  • 8,307 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Bulgaria
  • Local time:12:42 PM

Posted 23 May 2012 - 07:22 PM

Hi Mark,



Did you set this proxy?

uInternet Settings,ProxyOverride = <local>;127.0.0.1:9421;




I do not recommend that you have more than one anti virus product installed and running on your computer at a time. The reason for this is that if both products have their automatic (Real-Time) protection switched on, then those products which do not encrypt the virus strings within them can cause other anti virus products to cause "false alarms". It can also lead to a clash as both products fight for access to files which are opened again this is the resident/automatic protection. In general terms, the two programs may conflict and cause:
1) False Alarms: When the anti virus software tells you that your PC has a virus when it actually doesn't.
2) System Performance Problems: Your system may lock up due to both products attempting to access the same file at the same time.
Therefore please go to add/remove in the control panel and remove either PC Tools Internet Security or AVG 2011.





I suggest you to uninstall BitTorrent as well !

Your log(s) show that you are using so called peer-to-peer or file-sharing programmes (in your case BitTorrent). These programmes allow to share files between users as the name(s) suggest. In today's world the cyber crime has come to an enormous dimension and any means is used to infect personal computers to make use of their stored data or machine power for further propagation of the malware files. A popular means is the use of file-sharing tools as a tremendous amount of prospective victims can be reached through it.

It is therefore possible to be infected by downloading manipulated files via peer-to-peer tools and thus suggested to be used with intense care. Some further readings on this subject, along the included links, are as follows: "File-Sharing, otherwise known as Peer To Peer" and "Risks of File-Sharing Technology."

It is also important to note that sharing entertainment files and proprietary software infringes the copyright laws in many countries over the world and you are putting yourself at risk of being indicted through organisations watching over the rights of the authors of such files (i.e. the RIAA for music files, or the MPAA for movie files in the USA) or the authors of the files themselves.

Naturally there are also legal ways to use these services, such as downloading Linux distributions or office suites such as "Open Office."


Also, please take a look here:

How cyber criminals infect victims via P2P with pirated software





We need to execute a CFScript to clean some remnants.


Please do this:


1. Open notepad => navigate to format and make sure that wordwrap is unchecked. <--- important !!!

2. Copy/paste the text in the codebox below into it: (include the link as well).

http://www.bleepingcomputer.com/forums/topic454657.html

DirLooK::
C:\0 PROBLEM
C:\DRIVE_C
Collect::
c:\windows\system32\kemutbn.dll
Suspect::
c:\windows\UDB.zip
c:\windows\IDB.zip
File::
c:\windows\Tasks\Bvurmb.job
c:\temp\WGAErrLog.txt
Registry::
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\group policy\state\S-1-5-21-1782070911-1017172144-2584331571-1190\Scripts\Logoff\0\0]
"Script"=-

Save this as CFScript.txt, in the same location as ComboFix.exe

3. Close any open browsers.

4. Referring to the picture below, drag CFScript into ComboFix.exe

Posted Image

5. When Combofix finishes running, the ComboFix log will open along with a message box. With the above script, ComboFix captured some files to submit for analysis.
  • Important: Ensure you are connected to the internet before clicking OK on the message box.
  • A blue-screen would appear auto-uploading the zipped file I requested.
  • After the uploading is done you should see a message near the bottom saying "Upload was Successful".

**NOTE**
  • IF for some reason Combofix fails to upload anything you will see that message:
    Posted Image
  • Please double-click this file: C:\CF-Submit.htm and follow the instructions there to upload that zipped file.


6. When Combifix finished, it shall produce a log for you at C:\ComboFix.txt which I will require in your next reply.



Regards,
Georgi

cXfZ4wS.png


#7 MarkMac1

MarkMac1
  • Topic Starter

  • Members
  • 17 posts
  • OFFLINE
  •  
  • Local time:09:42 AM

Posted 23 May 2012 - 09:12 PM

Thanks Georgi

I've removed/uninstalled the Spyware Doctor & Bittorrent programmes.

As for the proxy I don't know anything about it, or even what it is! I don't know if it's something that our IT people at work may have done perhaps?

I have run ComboFix using the CF script as explained, the file is too big to be attached and also too big to copy all the text below! So I have put in the text below other than the large chunk in the middle beginning with a + . If you need all of that I guess I can send it in another message(s) or alternatively if you give me your email address I can email it.

Hope this is OK

Many thanks
Mark

----------------------------------------------------------------------------------------------

ComboFix 12-05-23.05 - mark.macdonald 24/05/2012 2:28.4.4 - x86
Microsoft Windows XP Professional 5.1.2600.3.1252.44.1033.18.3055.2038 [GMT 1:00]
Running from: c:\documents and settings\mark.macdonald\Desktop\ComboFix.exe
Command switches used :: c:\documents and settings\mark.macdonald\Desktop\CFScript.txt
.
FILE ::
"c:\temp\WGAErrLog.txt"
"c:\windows\Tasks\Bvurmb.job"
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\temp\WGAErrLog.txt
.
---- Previous Run -------
.
c:\documents and settings\All Users\Application Data\TEMP
c:\temp\WGAErrLog.txt
c:\windows\system32\kemutbn.dll
c:\windows\Tasks\Bvurmb.job
.
.
((((((((((((((((((((((((( Files Created from 2012-04-24 to 2012-05-24 )))))))))))))))))))))))))))))))
.
.
2012-05-23 16:57 . 2012-05-23 20:06 -------- d-----w- C:\0 PROBLEM
2012-05-23 10:36 . 2012-05-23 10:36 40776 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2012-05-23 09:37 . 2012-05-23 09:37 -------- d-----w- c:\program files\CCleaner
2012-05-23 08:12 . 2012-05-23 08:12 -------- d-----w- c:\documents and settings\mark.macdonald\Local Settings\Application Data\Threat Expert
2012-05-23 08:07 . 2012-05-24 01:18 -------- d-----w- c:\program files\PC Tools
2012-05-23 08:04 . 2012-04-23 13:17 203088 ----a-w- c:\windows\system32\drivers\PCTSD.sys
2012-05-23 08:04 . 2012-05-24 01:18 -------- d-----w- c:\program files\Common Files\PC Tools
2012-05-23 08:04 . 2012-05-24 00:30 -------- d-----w- c:\documents and settings\All Users\Application Data\PC Tools
2012-05-23 08:04 . 2012-05-23 08:04 -------- d-----w- c:\documents and settings\mark.macdonald\Application Data\TestApp
2012-05-16 08:26 . 2012-05-22 15:26 -------- d-----w- C:\Acoustic Hood - 55186 Adagio - 460 x 460 x 175 deep
2012-05-10 09:12 . 2012-05-22 15:26 -------- d-----w- C:\DRIVE_C
2012-04-30 12:02 . 2012-04-30 12:02 -------- d-----w- c:\documents and settings\LocalService\Local Settings\Application Data\LogMeIn
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-05-22 06:53 . 2011-05-13 15:00 52096 ----a-w- c:\windows\system32\Spool\prtprocs\w32x86\LMIproc.dll
2012-05-22 06:53 . 2011-05-13 15:00 83360 ----a-w- c:\windows\system32\LMIRfsClientNP.dll
2012-05-22 06:53 . 2011-05-13 15:00 30592 ----a-w- c:\windows\system32\LMIport.dll
2012-05-22 06:53 . 2011-05-13 15:00 87424 ----a-w- c:\windows\system32\LMIinit.dll
2012-05-07 19:40 . 2012-04-05 06:29 419488 ----a-w- c:\windows\system32\FlashPlayerApp.exe
2012-05-07 19:40 . 2011-05-13 08:06 70304 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2012-04-11 13:14 . 2006-02-28 12:00 2148352 ----a-w- c:\windows\system32\ntoskrnl.exe
2012-04-11 13:12 . 2006-02-28 12:00 1862272 ----a-w- c:\windows\system32\win32k.sys
2012-04-11 12:35 . 2004-08-03 22:59 2026496 ----a-w- c:\windows\system32\ntkrnlpa.exe
2012-04-04 14:56 . 2011-05-19 15:39 22344 ----a-w- c:\windows\system32\drivers\mbam.sys
2012-03-15 07:25 . 2012-03-15 07:25 25911 ----a-w- C:\compound_miters.zip
2012-03-05 07:48 . 2011-05-20 07:07 23624 ----a-w- c:\windows\system32\drivers\hitmanpro35.sys
2012-03-01 11:01 . 2006-02-28 12:00 916992 ----a-w- c:\windows\system32\wininet.dll
2012-03-01 11:01 . 2006-02-28 12:00 43520 ------w- c:\windows\system32\licmgr10.dll
2012-03-01 11:01 . 2006-02-28 12:00 1469440 ------w- c:\windows\system32\inetcpl.cpl
2012-02-29 14:10 . 2006-02-28 12:00 177664 ----a-w- c:\windows\system32\wintrust.dll
2012-02-29 14:10 . 2006-02-28 12:00 148480 ----a-w- c:\windows\system32\imagehlp.dll
2012-02-29 12:17 . 2006-02-28 12:00 385024 ------w- c:\windows\system32\html.iec
2012-02-27 07:42 . 2012-02-27 07:43 73728 ----a-w- c:\windows\system32\javacpl.cpl
2012-02-27 07:42 . 2011-09-15 11:48 472808 ----a-w- c:\windows\system32\deployJava1.dll
2011-11-10 14:53 . 2011-05-19 13:21 134104 ----a-w- c:\program files\mozilla firefox\components\browsercomps.dll
.
.
(((((((((((((((((((((((((((((((((((((((((((( Look )))))))))))))))))))))))))))))))))))))))))))))))))))))))))
.
---- Directory of C:\0 PROBLEM ----
.
2012-05-23 20:06 . 2011-07-16 21:21 302592 ----a-w- c:\0 problem\gmer.exe
2012-05-23 20:06 . 2012-05-23 16:59 294216 ----a-w- c:\0 problem\gmer.zip
2012-05-23 20:06 . 2012-05-23 16:48 607260 ----a-r- c:\0 problem\dds.com
2012-05-23 20:06 . 2012-05-23 16:44 490 ----a-w- c:\0 problem\defogger_disable.log
2012-05-23 20:06 . 2012-05-23 16:43 50477 ----a-w- c:\0 problem\Defogger.exe
2012-05-23 20:06 . 2012-05-23 20:02 71687 ----a-w- c:\0 problem\ark.txt
2012-05-23 16:58 . 2012-05-23 16:58 23163 ----a-w- c:\0 problem\attach.txt
2012-05-23 16:58 . 2012-05-23 16:58 22635 ----a-w- c:\0 problem\dds.txt
.
---- Directory of C:\DRIVE_C ----
.
2012-05-22 15:26 . 2012-05-22 15:26 5120 --sha-w- c:\drive_c\Thumbs.db
2012-05-10 09:12 . 2012-05-10 09:12 96958 ----a-w- c:\drive_c\Screen17.dwg
.
.
((((((((((((((((((((((((((((( SnapShot@2012-05-23_23.38.22 )))))))))))))))))))))))))))))))))))))))))
.
+ 2008-04-14 00:12 . 2008-04-14 00:12 57344 c:\windows\WinSxS\x86_Microsoft.Windows.CPlusPlusRuntime_6595b64144ccf1df_7.0.2600.5512_x-ww_3fd60d63\msvcirt.dll
+ 2011-04-18 21:51 . 2011-04-18 21:51 51024 c:\windows\WinSxS\x86_Microsoft.VC90.OpenMP_1fc8b3b9a1e18e3b_9.0.30729.6161_x-ww_4ddc769f\vcomp90.dll
+ 2011-01-11 09:59 . 2011-01-11 09:59 51024 c:\windows\WinSxS\x86_Microsoft.VC90.OpenMP_1fc8b3b9a1e18e3b_9.0.30729.5570_x-ww_214ee422\vcomp90.dll
+ 2009-07-11 23:02 . 2009-07-11 23:02 51008 c:\windows\WinSxS\x86_Microsoft.VC90.OpenMP_1fc8b3b9a1e18e3b_9.0.30729.4148_x-ww_f0ccd4aa\vcomp90.dll
+ 2008-07-29 12:05 . 2008-07-29 12:05 54272 c:\windows\WinSxS\x86_Microsoft.VC90.OpenMP_1fc8b3b9a1e18e3b_9.0.30729.1_x-ww_8babbe9a\vcomp90.dll

**** LOTS OF TEXT MISSING FROM THIS SECTION ON

+ 2010-03-13 14:08 . 2010-03-13 14:08 20516712 c:\windows\Installer\$PatchCache$\Managed\00004109110000000000000000F01FEC\14.0.4763\OART.DLL
+ 2010-03-01 03:56 . 2010-03-01 03:56 10272104 c:\windows\Installer\$PatchCache$\Managed\00004109110000000000000000F01FEC\14.0.4763\MSPUB.EXE
+ 2010-03-22 19:36 . 2010-03-22 19:36 72521600 c:\windows\Installer\$PatchCache$\Managed\00004109110000000000000000F01FEC\14.0.4763\MSORES.DLL
+ 2010-03-13 13:53 . 2010-03-13 13:53 20753760 c:\windows\Installer\$PatchCache$\Managed\00004109110000000000000000F01FEC\14.0.4763\EXCEL.EXE
.
-- Snapshot reset to current date --
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Akamai NetSession Interface"="c:\documents and settings\mark.macdonald\Local Settings\Application Data\Akamai\netsession_win.exe" [2012-05-07 3331872]
"ChromeFrameHelper"="c:\documents and settings\mark.macdonald\Local Settings\Application Data\Google\Chrome\Application\19.0.1084.46\chrome_frame_helper.exe" [2012-05-09 96752]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"snp2uvc"="c:\windows\system32\csnp2uvc.dll" [2009-09-17 213040]
"SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2010-06-03 1791272]
"AESTFltr"="c:\windows\system32\AESTFltr.exe" [2009-04-20 737280]
"nwiz"="c:\program files\NVIDIA Corporation\nView\nwiz.exe" [2010-11-04 1753192]
"NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2010-12-04 110696]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2010-12-04 13933160]
"AccelerometerSysTrayApplet"="c:\program files\Hewlett-Packard\HP 3D DriveGuard\accelerometerST.exe" [2010-04-15 69176]
"IMSS"="c:\program files\Intel\Intel® Management Engine Components\IMSS\PIconStartup.exe" [2010-03-03 111640]
"NUSB3MON"="c:\program files\NEC Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe" [2009-11-20 106496]
"BCSSync"="c:\program files\Microsoft Office\Office14\BCSSync.exe" [2010-03-13 91520]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 10.0\Reader\Reader_sl.exe" [2010-11-10 35736]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2010-11-10 932288]
"LogMeIn GUI"="c:\program files\LogMeIn\x86\LogMeInSystray.exe" [2010-09-17 63048]
"Kernel and Hardware Abstraction Layer"="KHALMNPR.EXE" [2009-06-17 55824]
"PivotSoftware"="c:\program files\Portrait Displays\Pivot Software\wpctrl.exe" [2009-03-03 694824]
"DT HWP"="c:\program files\Common Files\Portrait Displays\Shared\DT_startup.exe" [2009-06-26 86016]
"AVG_TRAY"="c:\program files\AVG\AVG10\avgtray.exe" [2012-01-17 2339168]
"FUFAXRCV"="c:\program files\Epson Software\FAX Utility\FUFAXRCV.exe" [2011-03-09 495616]
"FUFAXSTM"="c:\program files\Epson Software\FAX Utility\FUFAXSTM.exe" [2011-03-09 856064]
"EEventManager"="c:\program files\Epson Software\Event Manager\EEventManager.exe" [2010-10-12 979328]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2012-01-18 254696]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce]
"WIAWizardMenu"="c:\windows\system32\sti_ci.dll" [2008-04-14 136704]
.
c:\documents and settings\dave.newell\Start Menu\Programs\Startup\
Call Assistant Launcher.lnk - c:\program files\CAICE\Call Assistant\Call Assistant Launcher.exe [2011-5-13 24576]
Comments Checker.lnk - s:\comments checker\CommentsChecker.exe [N/A]
Microsoft Outlook 2007.lnk - c:\program files\Microsoft Office\Office12\OUTLOOK.EXE [2011-5-13 178688]
Printkey2000.lnk - c:\windows\Printkey2000.exe [2011-5-11 869376]
.
c:\documents and settings\mark.macdonald\Start Menu\Programs\Startup\
Create Outlook Signatures.lnk - \\monty\productionsoftware\Outlook Signature Creator\Create Signature.exe [N/A]
Microsoft Outlook.lnk - c:\program files\Microsoft Office\Office14\OUTLOOK.EXE [2012-2-17 15963936]
Printkey 2000.lnk - c:\program files\PrintKey2000\Printkey2000.exe [2011-5-11 869376]
SetPoint 3d Mouse Driver.lnk - c:\program files\Logitech\SetPoint\SetPoint.exe [2011-5-24 813584]
.
[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
"{56F9679E-7826-4C84-81F3-532071A8BCC5}"= "c:\program files\Windows Desktop Search\MSNLNamespaceMgr.dll" [2009-05-24 304128]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\DeviceNP]
2010-04-28 09:39 75320 ----a-w- c:\windows\system32\DeviceNP.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\LBTWlgn]
2009-07-20 11:28 72208 ----a-w- c:\program files\Common Files\Logishrd\Bluetooth\LBTWLgn.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\LMIinit]
2012-05-22 06:53 87424 ----a-w- c:\windows\system32\LMIinit.dll
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]
BootExecute REG_MULTI_SZ autocheck autochk *\0c:\progra~1\AVG\AVG10\avgchsvx.exe /sync\0c:\progra~1\AVG\AVG10\avgrsx.exe /sync /restart
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]
@="Driver"
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WdfLoadGroup]
@=""
.
[HKLM\~\startupfolder\C:^Documents and Settings^mark.macdonald^Start Menu^Programs^Startup^Printkey2000.lnk]
path=c:\documents and settings\mark.macdonald\Start Menu\Programs\Startup\Printkey2000.lnk
backup=c:\windows\pss\Printkey2000.lnkStartup
.
[HKLM\~\startupfolder\C:^Documents and Settings^mark.macdonald^Start Menu^Programs^Startup^Production Automated Shutdown.lnk]
path=c:\documents and settings\mark.macdonald\Start Menu\Programs\Startup\Production Automated Shutdown.lnk
backup=c:\windows\pss\Production Automated Shutdown.lnkStartup
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\EaseUs Tray]
2011-12-26 13:06 743560 ----a-w- c:\program files\EaseUS\Todo Backup\bin\TrayNotify.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\EaseUs Watch]
2011-12-22 23:09 70792 ----a-w- c:\program files\EaseUS\Todo Backup\bin\EuWatch.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\EPSON Stylus D88 Series]
2005-01-27 05:00 98304 ----a-w- c:\windows\system32\spool\drivers\w32x86\3\E_FATIABE.EXE
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HTC Sync Loader]
2012-04-17 14:05 651264 ----a-w- c:\program files\HTC\HTC Sync 3.0\htcUPCTLoader.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QlbCtrl.exe]
2010-02-25 14:19 287800 ------w- c:\program files\Hewlett-Packard\HP Quick Launch Buttons\QLBCTRL.exe
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\AVG\\AVG10\\avgmfapx.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\Microsoft Office\\Office14\\ONENOTE.EXE"=
"c:\\Program Files\\Microsoft Office\\Office14\\OUTLOOK.EXE"=
"c:\\WINDOWS\\system32\\fxsclnt.exe"=
"c:\\Documents and Settings\\mark.macdonald\\Local Settings\\Application Data\\Akamai\\netsession_win.exe"=
"c:\\Program Files\\AVG\\AVG10\\avgdiagex.exe"=
"c:\\Program Files\\AVG\\AVG10\\avgnsx.exe"=
"c:\\Program Files\\AVG\\AVG10\\avgam.exe"=
"c:\\Program Files\\AVG\\AVG10\\avgemcx.exe"=
"c:\\Program Files\\EPSON Software\\ECPrinterSetup\\ENPApp.exe"=
"c:\\Program Files\\EPSON Software\\Event Manager\\EEventManager.exe"=
"c:\\Program Files\\EaseUS\\Todo Backup\\bin\\Agent.exe"=
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"5985:TCP"= 5985:TCP:*:Disabled:Windows Remote Management
"43511:TCP"= 43511:TCP:Windows Core Service
"1115:TCP"= 1115:TCP:Akamai NetSession Interface
"5000:UDP"= 5000:UDP:Akamai NetSession Interface
.
R0 AVGIDSEH;AVGIDSEH;c:\windows\system32\drivers\AVGIDSEH.sys [22/02/2011 08:13 22992]
R0 Avgrkx86;AVG Anti-Rootkit Driver;c:\windows\system32\drivers\avgrkx86.sys [16/03/2011 16:03 32592]
R0 EUBAKUP;EUBAKUP;c:\windows\system32\drivers\eubakup.sys [22/01/2012 23:32 50312]
R0 EUBKMON;EUBKMON;c:\windows\system32\drivers\EUBKMON.sys [22/01/2012 23:32 43784]
R1 Avgldx86;AVG AVI Loader Driver;c:\windows\system32\drivers\avgldx86.sys [07/01/2011 06:41 248656]
R1 Avgtdix;AVG TDI Driver;c:\windows\system32\drivers\avgtdix.sys [05/04/2011 00:59 297168]
R1 EUDSKACS;EUDSKACS;c:\windows\system32\drivers\eudskacs.sys [22/01/2012 23:32 16008]
R1 EUFDDISK;EUFDDISK;c:\windows\system32\drivers\EuFdDisk.sys [22/01/2012 23:32 185864]
R2 Akamai;Akamai NetSession Interface;c:\windows\System32\svchost.exe -k Akamai [28/02/2006 13:00 14336]
R2 Autodesk Content Service;Autodesk Content Service;c:\program files\Autodesk\Content Service\Connect.Service.ContentService.exe [02/02/2011 14:08 18656]
R2 AVGIDSAgent;AVGIDSAgent;c:\program files\AVG\AVG10\Identity Protection\Agent\Bin\AVGIDSAgent.exe [31/01/2012 16:02 7391072]
R2 avgwd;AVG WatchDog;c:\program files\AVG\AVG10\avgwdsvc.exe [08/02/2011 05:33 269520]
R2 EaseUS Agent;EaseUS Agent;c:\program files\EaseUS\Todo Backup\bin\Agent.exe [22/01/2012 23:29 61064]
R2 Guard Agent;Guard Agent;c:\program files\EaseUS\Todo Backup\bin\GuardAgent.exe [22/01/2012 23:29 23176]
R2 HitmanProScheduler;HitmanPro Scheduler;c:\program files\HitmanPro\hmpsched.exe [11/03/2012 16:25 105288]
R2 LBeepKE;LBeepKE;c:\windows\system32\drivers\LBeepKE.sys [24/05/2011 08:50 10384]
R2 LMIGuardianSvc;LMIGuardianSvc;c:\program files\LogMeIn\x86\LMIGuardianSvc.exe [01/03/2011 12:11 374152]
R2 LMIInfo;LogMeIn Kernel Information Provider;c:\program files\LogMeIn\x86\rainfo.sys [17/09/2010 15:40 12856]
R2 mi-raysat_3dsmax2012_32;mental ray 3.9 Satellite for Autodesk 3ds Max Design 2012 32-bit - English 32-bit;c:\program files\Autodesk\3ds Max Design 2012\mentalimages\satellite\raysat_3dsmax2012_32server.exe [23/02/2011 07:59 86016]
R2 PassThru Service;Internet Pass-Through Service;c:\program files\HTC\Internet Pass-Through\PassThruSvr.exe [15/09/2011 13:06 88576]
R2 pdfcDispatcher;PDF Document Manager;c:\program files\PDF Complete\pdfsvc.exe [11/05/2011 11:31 1126936]
R2 PdiService;Portrait Displays SDK Service;c:\program files\Common Files\Portrait Displays\Drivers\pdisrvc.exe [25/05/2011 11:59 113264]
R2 UNS;Intel® Management & Security Application User Notification Service;c:\program files\Intel\Intel® Management Engine Components\UNS\UNS.exe [11/05/2011 13:14 2320920]
R2 vcsFPService;Validity VCS Fingerprint Service;c:\windows\system32\vcsFPService.exe [18/02/2010 14:26 1664304]
R2 vnccom;vnccom;c:\windows\system32\drivers\vnccom.SYS [11/05/2011 16:17 6016]
R3 AESTAud;IDT AE Audio Service;c:\windows\system32\drivers\AESTAud.sys [11/05/2011 10:37 113664]
R3 AVGIDSDriver;AVGIDSDriver;c:\windows\system32\drivers\AVGIDSDriver.sys [14/04/2011 21:28 134480]
R3 AVGIDSFilter;AVGIDSFilter;c:\windows\system32\drivers\AVGIDSFilter.sys [10/02/2011 07:53 24144]
R3 AVGIDSShim;AVGIDSShim;c:\windows\system32\drivers\AVGIDSShim.sys [10/02/2011 07:53 27216]
R3 e1kexpress;Intel® PRO/1000 PCI Express Network Connection Driver K;c:\windows\system32\drivers\e1k5132.sys [11/05/2011 10:21 168616]
R3 IFXTPM;IFXTPM;c:\windows\system32\drivers\ifxtpm.sys [18/12/2007 10:46 44800]
R3 Impcd;Impcd;c:\windows\system32\drivers\Impcd.sys [11/05/2011 14:22 125696]
R3 LEqdUsb;Logitech SetPoint Unifying KMDF USB Filter;c:\windows\system32\drivers\LEqdUsb.sys [17/06/2009 17:55 40720]
R3 LHidEqd;Logitech SetPoint Unifying KMDF HID Filter;c:\windows\system32\drivers\LHidEqd.sys [17/06/2009 17:55 10384]
R3 NETwNx32;___ Intel® Wireless WiFi Link 5000 Series Adapter Driver for Windows XP 32 Bit;c:\windows\system32\drivers\NETwNx32.sys [11/05/2011 11:27 7391104]
R3 nusb3hub;NEC Electronics USB 3.0 Hub Driver;c:\windows\system32\drivers\nusb3hub.sys [20/11/2009 19:15 58880]
R3 nusb3xhc;NEC Electronics USB 3.0 Host Controller Driver;c:\windows\system32\drivers\nusb3xhc.sys [20/11/2009 19:15 137728]
R3 rismc32;RICOH Smart Card Reader;c:\windows\system32\drivers\rismc32.sys [11/05/2011 10:46 49152]
S0 TfFsMon;TfFsMon;c:\windows\system32\drivers\TfFsMon.sys --> c:\windows\system32\drivers\TfFsMon.sys [?]
S0 TFSysMon;TfSysMon;c:\windows\system32\drivers\TfSysMon.sys --> c:\windows\system32\drivers\TfSysMon.sys [?]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [18/03/2010 13:16 130384]
S2 gupdate;Google Update Service (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [28/01/2012 12:06 136176]
S3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service;c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [05/04/2012 07:29 257696]
S3 Com4QLBEx;Com4QLBEx;c:\program files\Hewlett-Packard\HP Quick Launch Buttons\Com4QLBEx.exe [11/05/2011 10:28 227896]
S3 DAMDrv;DAMDrv;c:\windows\system32\drivers\DAMDrv.sys [08/03/2010 17:31 32312]
S3 FLCDLOCK;HP ProtectTools Device Locking / Auditing;c:\windows\system32\flcdlock.exe [28/04/2010 10:39 362040]
S3 gupdatem;Google Update Service (gupdatem);c:\program files\Google\Update\GoogleUpdate.exe [28/01/2012 12:06 136176]
S3 HTCAND32;HTC Device Driver;c:\windows\system32\drivers\ANDROIDUSB.sys [20/05/2011 08:58 24576]
S3 htcnprot;HTC NDIS Protocol Driver;c:\windows\system32\drivers\htcnprot.sys [22/06/2010 18:01 21248]
S3 MBAMSwissArmy;MBAMSwissArmy;c:\windows\system32\drivers\mbamswissarmy.sys [23/05/2012 11:36 40776]
S3 Microsoft SharePoint Workspace Audit Service;Microsoft SharePoint Workspace Audit Service;c:\program files\Microsoft Office\Office14\GROOVE.EXE [12/06/2011 11:15 31125880]
S3 osppsvc;Office Software Protection Platform;c:\program files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE [09/01/2010 21:37 4640000]
S3 TfNetMon;TfNetMon;\??\c:\windows\system32\drivers\TfNetMon.sys --> c:\windows\system32\drivers\TfNetMon.sys [?]
S3 WDC_SAM;WD SCSI Pass Thru driver;c:\windows\system32\drivers\wdcsam.sys [06/05/2008 16:06 11520]
S3 WinRM;Windows Remote Management (WS-Management);c:\windows\system32\svchost.exe -k WINRM [28/02/2006 13:00 14336]
S3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;c:\windows\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe [18/03/2010 13:16 753504]
.
--- Other Services/Drivers In Memory ---
.
*NewlyCreated* - HITMANPRO35
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
WINRM REG_MULTI_SZ WINRM
Akamai REG_MULTI_SZ Akamai
.
Contents of the 'Scheduled Tasks' folder
.
2011-05-23 c:\windows\Tasks\3DxSoftware Create Process (ID 8240089128).job
- c:\program files\3Dconnexion\3Dconnexion 3DxSoftware\3DxWare\3dxsrv.exe [2011-04-01 10:43]
.
2012-05-24 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2012-04-05 19:40]
.
2012-05-24 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2012-01-28 11:06]
.
2012-05-24 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2012-01-28 11:06]
.
2012-05-22 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1782070911-1017172144-2584331571-1290Core.job
- c:\documents and settings\mark.macdonald\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2011-09-28 14:14]
.
2012-05-23 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1782070911-1017172144-2584331571-1290UA.job
- c:\documents and settings\mark.macdonald\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2011-09-28 14:14]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.google.co.uk/
uInternet Settings,ProxyOverride = <local>;127.0.0.1:9421;
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\Office14\EXCEL.EXE/3000
IE: Se&nd to OneNote - c:\progra~1\MICROS~2\Office14\ONBttnIE.dll/105
IE: Send to &Bluetooth Device... - c:\program files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm
IE: Send To Bluetooth - c:\program files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
Trusted Zone: marge
TCP: DhcpNameServer = 212.104.130.9 212.104.130.65 192.168.1.1
FF - ProfilePath - c:\documents and settings\mark.macdonald\Application Data\Mozilla\Firefox\Profiles\tl0ziykq.default\
FF - prefs.js: network.proxy.type - 0
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2012-05-24 02:38
Windows 5.1.2600 Service Pack 3 NTFS
.
scanning hidden processes ...
.
scanning hidden autostart entries ...
.
scanning hidden files ...
.
scan completed successfully
hidden files: 0
.
**************************************************************************
.
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\pdfcDispatcher]
"ImagePath"="c:\program files\PDF Complete\pdfsvc.exe /startedbyscm:66B66708-40E2BE4D-pdfcService"
.
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\Akamai]
"ServiceDll"="c:\program files\common files\akamai/netsession_win_6c825ce.dll"
.
--------------------- DLLs Loaded Under Running Processes ---------------------
.
- - - - - - - > 'winlogon.exe'(1244)
c:\program files\common files\logishrd\bluetooth\LBTWlgn.dll
c:\windows\system32\LMIinit.dll
c:\program files\common files\logishrd\bluetooth\LBTServ.dll
c:\windows\system32\DeviceNP.dll
c:\windows\system32\SSREGLIB.dll
c:\windows\system32\HPPTLog.dll
c:\windows\system32\LMIRfsClientNP.dll
.
- - - - - - - > 'explorer.exe'(5060)
c:\windows\system32\WININET.dll
c:\program files\Logitech\SetPoint\lgscroll.dll
c:\windows\WinSxS\x86_Microsoft.VC80.CRT_1fc8b3b9a1e18e3b_8.0.50727.6195_x-ww_44262b86\MSVCR80.dll
c:\documents and settings\mark.macdonald\Local Settings\Application Data\Google\Chrome\Application\19.0.1084.46\chrome_frame_helper.dll
c:\windows\system32\AcSignIcon.dll
c:\progra~1\COMMON~1\MICROS~1\OFFICE14\Cultures\office.odf
c:\progra~1\WINDOW~2\wmpband.dll
c:\program files\Portrait Displays\Pivot Software\winphook.dll
c:\program files\Common Files\Autodesk Shared\AcSignCore16.dll
c:\windows\system32\webcheck.dll
c:\windows\system32\IEFRAME.dll
c:\windows\system32\WPDShServiceObj.dll
c:\windows\system32\btncopy.dll
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
c:\windows\system32\msi.dll
.
------------------------ Other Running Processes ------------------------
.
c:\progra~1\AVG\AVG10\avgchsvx.exe
c:\windows\system32\nvsvc32.exe
c:\program files\IDT\WDM\STacSV.exe
c:\windows\System32\SCardSvr.exe
c:\program files\Common Files\EPSON\EBAPI\eEBSVC.exe
c:\program files\LSI SoftModem\agrsmsvc.exe
c:\program files\Common Files\Portrait Displays\Plugins\AM\dtsslsrv.exe
c:\program files\Common Files\Portrait Displays\Shared\DTSRVC.exe
c:\program files\Java\jre6\bin\jqs.exe
c:\program files\LogMeIn\x86\RaMaint.exe
c:\program files\Intel\Intel® Management Engine Components\LMS\LMS.exe
c:\program files\LogMeIn\x86\LogMeIn.exe
c:\program files\AVG\AVG10\avgnsx.exe
c:\program files\HitmanPro\HitmanPro.exe
c:\program files\AVG\AVG10\avgcsrvx.exe
c:\windows\system32\SearchIndexer.exe
c:\program files\AVG\AVG10\avgcsrvx.exe
c:\program files\WIDCOMM\Bluetooth Software\bin\btwdins.exe
c:\windows\system32\RUNDLL32.EXE
c:\program files\Portrait Displays\HP Display Assistant\DTHtml.exe
c:\program files\Portrait Displays\Pivot Software\floater.exe
c:\program files\Common Files\Portrait Displays\Shared\HookManager.exe
c:\program files\AVG\AVG10\Identity Protection\agent\bin\avgidsmonitor.exe
c:\program files\Common Files\Logishrd\KHAL2\KHALMNPR.EXE
c:\program files\Intel\Intel® Management Engine Components\IMSS\PrivacyIconClient.exe
c:\progra~1\AVG\AVG10\avgrsx.exe
c:\program files\AVG\AVG10\avgcsrvx.exe
.
**************************************************************************
.
Completion time: 2012-05-24 02:43:03 - machine was rebooted
ComboFix-quarantined-files.txt 2012-05-24 01:42
ComboFix2.txt 2012-05-23 23:47
ComboFix3.txt 2012-05-23 12:07
.
Pre-Run: 224,215,867,392 bytes free
Post-Run: 224,185,380,864 bytes free
.
- - End Of File - - 07EAB6C5E9A468AC497DEF1FCDC2CA43
Upload was successful

#8 B-boy/StyLe/

B-boy/StyLe/

    Bleepin' Freestyler


  • Malware Response Team
  • 8,307 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Bulgaria
  • Local time:12:42 PM

Posted 24 May 2012 - 04:11 AM

Hello,



We need to execute a CFScript to clean some remnants from PC Tools.

Please do this:


1. Open notepad => navigate to format and make sure that wordwrap is unchecked. <--- important !!!

2. Copy/paste the text in the codebox below into it:

Driver::
TfFsMon
TFSysMon
TfNetMon
DDS::
uInternet Settings,ProxyOverride = <local>;127.0.0.1:9421;

3. Save this as CFScript.txt to your flash drive and then transfer it to the infected PC. Save it in the same place as ComboFix.exe.

4. Close any open browsers.

5. Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.

6. Referring to the picture below, drag CFScript into ComboFix.exe

Posted Image


When finished, it shall produce a log for you at C:\ComboFix.txt which I will require in your next reply.



Also reply back to let me know how things are going. Still getting redirects?



Can you please go to C:\qoobox and right click the quarantine folder, select send to compressed(zip) folders that will make a zipped copy of the quarantine folder.
Then please upload that to http://www.bleepingcomputer.com/submit-malware.php?channel=122 so we can examine the files and submit to antivirus companies if needed.



Regards,
Georgi

cXfZ4wS.png


#9 MarkMac1

MarkMac1
  • Topic Starter

  • Members
  • 17 posts
  • OFFLINE
  •  
  • Local time:09:42 AM

Posted 24 May 2012 - 04:54 AM

Georgi

Many, many thanks, I tried not to use the internet yesterday due to the re-directions and the speed issues but I'm glad to say that so far today I've had NO redirections and the speed on the internet and of the PC generally is much better so it all looks VERY GOOD so far.

I've run ComboFix again using the CFScript, the log is attached

I've also uploaded the zipped quarantine folder as requested and had a note saying that it was succesfully submitted.

Best regards
Mark

Attached Files



#10 B-boy/StyLe/

B-boy/StyLe/

    Bleepin' Freestyler


  • Malware Response Team
  • 8,307 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Bulgaria
  • Local time:12:42 PM

Posted 24 May 2012 - 05:37 AM

Hello,



We need to execute a CFScript again to clean some remnants from PC Tools.

Please do this:


1. Open notepad => navigate to format and make sure that wordwrap is unchecked. <--- important !!!

2. Copy/paste the text in the codebox below into it:

File::
c:\windows\system32\drivers\PCTSD.sys
c:\documents and settings\dave.newell\Start Menu\Programs\Startup\Comments Checker.lnk
Folder::
c:\documents and settings\mark.macdonald\Local Settings\Application Data\Threat Expert
c:\program files\PC Tools
c:\program files\Common Files\PC Tools
c:\documents and settings\All Users\Application Data\PC Tools
Registry::
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"=dword:00000001

3. Save this as CFScript.txt to your flash drive and then transfer it to the infected PC. Save it in the same place as ComboFix.exe.

4. Close any open browsers.

5. Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.

6. Referring to the picture below, drag CFScript into ComboFix.exe

Posted Image


When finished, it shall produce a log for you at C:\ComboFix.txt which I will require in your next reply.



It is advisable that you update AVG to the latest version.



Click "start" on the taskbar and then click on the "Control Panel" icon.
Please doubleclick the "Add or Remove Programs" icon
A list of programs installed will be "populated" this may take a bit of time.
If they exist, uninstall the following by clicking on the following entries and selecting "remove":

AVG

Additional instructions can be found here if needed.



Next please download AVG Remover and save it to your desktop.

Run it to remove all leftovers from AVG. After this, please restart your computer.



AppRemover:



Please download AppRemover and save it to your desktop.
  • Double click on AppRemover.exe to run it.
  • Uncheck "Enable anonymous usage statistics. No personal data will be recorded."
  • Click on the Next button.
  • Click on "Remove Security Application" or "Clean Up a Failed Uninstall" depending on what you want to do. (you want the failed uninstall)
  • Click on the Next button.
  • A scan begins, please wait. Once done, click on the Next button.
  • Now you should have a list of your installed programs, choose the one you want to remove and click on the Next button. (AVG and PCTools if they exist).
  • Follow the last step and reboot if asked to do so.


Then download and install the latest version of AVG from here.



Regards,
Georgi

cXfZ4wS.png


#11 MarkMac1

MarkMac1
  • Topic Starter

  • Members
  • 17 posts
  • OFFLINE
  •  
  • Local time:09:42 AM

Posted 24 May 2012 - 08:54 AM

Georgi

It's probably not related but when opening internet explorer I get pop up message saying it's not the default and would I like to make it default, although I haven't done yet I assume it's OK to accept this.

I've run ComboFix again using the CFScript, the log is attached.

I've uninstalled AVG, then used AVG Remover and AppRemover and finally re-installed AVG as instructed.

Sorry it took so long, I installed AVG but then realised that we have Business Edition so had to go through the entire process of uninstalling AVG, then using AVG Remover and AppRemover and finally installing AVG again.

Attached Files



#12 B-boy/StyLe/

B-boy/StyLe/

    Bleepin' Freestyler


  • Malware Response Team
  • 8,307 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Bulgaria
  • Local time:12:42 PM

Posted 24 May 2012 - 09:07 AM

Not a problem about the delay.



STEP 1



Please download the latest version of TDSSKiller from here and save it to your Desktop.

  • Doubleclick on TDSSKiller.exe to run the application, then click on Change parameters.

    Posted Image
  • Check the boxes beside Verify Driver Digital Signature and Detect TDLFS file system, then click OK.

    Posted Image
  • Click the Start Scan button.

    Posted Image
  • If a suspicious object is detected, the default action will be Skip, click on Continue.

    Posted Image
  • If malicious objects are found, they will show in the Scan results - Select action for found objects and offer three options.
    Ensure Cure (default) is selected, then click Continue > Reboot now to finish the cleaning process.

    Posted Image

    Note: If Cure is not available, please choose Skip instead, do not choose Delete unless instructed.
  • A report will be created in your root directory, (usually C:\ folder) in the form of "TDSSKiller.[Version]_[Date]_[Time]_log.txt". Please copy and paste the contents of that file here.




STEP 2



Please download aswMBR.exe to your desktop.



  • Double click the aswMBR.exe icon to run it.
  • The program will offers to download the latest antivirus definitions from Avast servers. Click YES to agree.
  • When it's done in the AV Scan drop down options choose C:\
    Posted Image
  • Click the Scan button to start the scan
  • On completion of the scan, click the save log button, save it to your desktop and post it in your next reply.
Note - do NOT attempt any Fix or FixMBR yet.





STEP 3



Please download Malwarebytes Anti-Malware 1.61.0.1400 Final and save it to your desktop.
MBAM may "make changes to your registry" as part of its disinfection routine. If using other security programs that detect registry changes (ie Spybot's Teatimer), they may interfere or alert you. Temporarily disable such programs or permit them to allow the changes.
  • Make sure you are connected to the Internet.
  • Double-click on mbam-setup.exe to install the application.
    For instructions with screenshots, please refer to the How to use Malwarebytes' Anti-Malware Guide.
  • When the installation begins, follow the prompts and do not make any changes to default settings.
  • When installation has finished, make sure you leave both of these checked:
    • Update Malwarebytes' Anti-Malware
    • Launch Malwarebytes' Anti-Malware
  • Then click Finish.
MBAM will automatically start and you will be asked to update the program before performing a scan.
  • If an update is found, the program will automatically update itself. Press the OK button to close that box and continue.
  • If you encounter any problems while downloading the definition updates, manually download them from here and just double-click on mbam-rules.exe to install.
On the Scanner tab:
  • Make sure the "Perform Quick Scan" option is selected.
  • Then click on the Scan button.
  • The scan will begin and "Scan in progress" will show at the top. It may take some time to complete so please be patient.
  • When the scan is finished, a message box will say "The scan completed successfully. Click 'Show Results' to display all objects found".
  • Click OK to close the message box and continue with the removal process.
Back at the main Scanner screen:
  • Click on the Show Results button to see a list of any malware that was found.
  • Make sure that everything is checked, and click Remove Selected.
  • When removal is completed, a log report will open in Notepad.
  • The log is automatically saved and can be viewed by clicking the Logs tab in MBAM.
  • Copy and paste the contents of that report in your next reply. Be sure to post the complete log to include the top portion which shows MBAM's database version and your operating system.
  • Exit MBAM when done.
Note: If MBAM encounters a file that is difficult to remove, you will be asked to reboot your computer so MBAM can proceed with the disinfection process. If asked to restart the computer, please do so immediately. Failure to reboot normally (not into safe mode) will prevent MBAM from removing all the malware.





STEP 4



I'd like us to scan your machine with ESET OnlineScan


  • Hold down Control and click on the following link to open ESET OnlineScan in a new window.
    ESET OnlineScan
  • Click the Run ESET Online Scanner button.
  • For alternate browsers only: (Microsoft Internet Explorer users can skip these steps)
    • Click on Posted Image to download the ESET Smart Installer. Save it to your desktop.
    • Double click on the Posted Image icon on your desktop.
  • Check Posted Image
  • Click the Posted Image button.
  • Accept any security warnings from your browser.
  • Make sure that the option Remove found threats is NOT checked, and the option Scan archives is checked.
  • Now click on Advanced Settings and select the following:
    • Scan for potentially unwanted applications
    • Scan for potentially unsafe applications
    • Enable Anti-Stealth Technology
  • Push the Start button.
  • ESET will then download updates for itself, install itself, and begin scanning your computer. Please be patient as this can take some time.
  • When the scan completes, push Posted Image
  • Push Posted Image, and save the file to your desktop using a unique name, such as ESETScan. Include the contents of this report in your next reply.
  • Push the Posted Image button.
  • Push Posted Image




STEP 5



Download Security Check by screen317 from here.
  • Save it to your Desktop.
  • Double click SecurityCheck.exe and follow the onscreen instructions inside of the black box.
  • A Notepad document should open automatically called checkup.txt; please post the contents of that document.



Regards,
Georgi

cXfZ4wS.png


#13 MarkMac1

MarkMac1
  • Topic Starter

  • Members
  • 17 posts
  • OFFLINE
  •  
  • Local time:09:42 AM

Posted 24 May 2012 - 12:09 PM

Georgi

Below are the logs for the 5 different operations
Best regards
Mark



-----------------------------------------------------------------------------------
Kaspersky TDSS Killer log

15:03:36.0937 6048 TDSS rootkit removing tool 2.7.37.0 May 23 2012 08:15:30
15:03:37.0031 6048 ============================================================
15:03:37.0031 6048 Current date / time: 2012/05/24 15:03:37.0031
15:03:37.0031 6048 SystemInfo:
15:03:37.0031 6048
15:03:37.0031 6048 OS Version: 5.1.2600 ServicePack: 3.0
15:03:37.0031 6048 Product type: Workstation
15:03:37.0031 6048 ComputerName: MARKMAC
15:03:37.0031 6048 UserName: mark.macdonald
15:03:37.0031 6048 Windows directory: C:\WINDOWS
15:03:37.0031 6048 System windows directory: C:\WINDOWS
15:03:37.0031 6048 Processor architecture: Intel x86
15:03:37.0031 6048 Number of processors: 4
15:03:37.0031 6048 Page size: 0x1000
15:03:37.0031 6048 Boot type: Normal boot
15:03:37.0031 6048 ============================================================
15:03:39.0484 6048 Drive \Device\Harddisk0\DR0 - Size: 0x4A85D56000 (298.09 Gb), SectorSize: 0x200, Cylinders: 0x9801, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000054
15:03:39.0484 6048 ============================================================
15:03:39.0484 6048 \Device\Harddisk0\DR0:
15:03:39.0484 6048 MBR partitions:
15:03:39.0484 6048 \Device\Harddisk0\DR0\Partition0: MBR, Type 0x7, StartLBA 0x3F, BlocksNum 0x254297C1
15:03:39.0484 6048 ============================================================
15:03:39.0547 6048 C: <-> \Device\Harddisk0\DR0\Partition0
15:03:39.0547 6048 ============================================================
15:03:39.0547 6048 Initialize success
15:03:39.0547 6048 ============================================================
15:04:10.0421 3136 ============================================================
15:04:10.0421 3136 Scan started
15:04:10.0421 3136 Mode: Manual; SigCheck; TDLFS;
15:04:10.0421 3136 ============================================================
15:04:10.0905 3136 Abiosdsk - ok
15:04:10.0921 3136 abp480n5 - ok
15:04:10.0983 3136 Accelerometer (8356dd18da15d9c42a8584e1841844fe) C:\WINDOWS\system32\DRIVERS\Accelerometer.sys
15:04:11.0155 3136 Accelerometer - ok
15:04:11.0249 3136 ACPI (8fd99680a539792a30e97944fdaecf17) C:\WINDOWS\system32\DRIVERS\ACPI.sys
15:04:12.0124 3136 ACPI - ok
15:04:12.0155 3136 ACPIEC (9859c0f6936e723e4892d7141b1327d5) C:\WINDOWS\system32\DRIVERS\ACPIEC.sys
15:04:12.0624 3136 ACPIEC - ok
15:04:12.0718 3136 AdobeFlashPlayerUpdateSvc (76d5a3d2a50402a0b9b6ed13c4371e79) C:\WINDOWS\system32\Macromed\Flash\FlashPlayerUpdateService.exe
15:04:12.0733 3136 AdobeFlashPlayerUpdateSvc - ok
15:04:12.0749 3136 adpu160m - ok
15:04:12.0796 3136 aec (8bed39e3c35d6a489438b8141717a557) C:\WINDOWS\system32\drivers\aec.sys
15:04:12.0952 3136 aec - ok
15:04:13.0030 3136 AESTAud (822d53766d57c90c437536232ece9023) C:\WINDOWS\system32\drivers\AESTAud.sys
15:04:13.0140 3136 AESTAud - ok
15:04:13.0202 3136 AFD (1e44bc1e83d8fd2305f8d452db109cf9) C:\WINDOWS\System32\drivers\afd.sys
15:04:13.0249 3136 AFD - ok
15:04:13.0327 3136 AgereModemAudio (6416f9b6b220f0a890525c38235afad7) C:\Program Files\LSI SoftModem\agrsmsvc.exe
15:04:13.0483 3136 AgereModemAudio - ok
15:04:13.0577 3136 AgereSoftModem (07758c2196a62f207f77556311e7459a) C:\WINDOWS\system32\DRIVERS\AGRSM.sys
15:04:13.0640 3136 AgereSoftModem - ok
15:04:13.0640 3136 Aha154x - ok
15:04:13.0655 3136 aic78u2 - ok
15:04:13.0655 3136 aic78xx - ok
15:04:13.0952 3136 Akamai (1125c7d9fb8898015829c387c1bc87c7) c:\program files\common files\akamai/netsession_win_6c825ce.dll
15:04:13.0952 3136 Suspicious file (Hidden): c:\program files\common files\akamai/netsession_win_6c825ce.dll. md5: 1125c7d9fb8898015829c387c1bc87c7
15:04:13.0968 3136 Akamai ( HiddenFile.Multi.Generic ) - warning
15:04:13.0968 3136 Akamai - detected HiddenFile.Multi.Generic (1)
15:04:14.0124 3136 Alerter (a9a3daa780ca6c9671a19d52456705b4) C:\WINDOWS\system32\alrsvc.dll
15:04:14.0280 3136 Alerter - ok
15:04:14.0312 3136 ALG (8c515081584a38aa007909cd02020b3d) C:\WINDOWS\System32\alg.exe
15:04:14.0452 3136 ALG - ok
15:04:14.0468 3136 AliIde - ok
15:04:14.0468 3136 amsint - ok
15:04:14.0530 3136 AppMgmt (d8849f77c0b66226335a59d26cb4edc6) C:\WINDOWS\System32\appmgmts.dll
15:04:14.0671 3136 AppMgmt - ok
15:04:14.0718 3136 Arp1394 (b5b8a80875c1dededa8b02765642c32f) C:\WINDOWS\system32\DRIVERS\arp1394.sys
15:04:14.0905 3136 Arp1394 - ok
15:04:14.0905 3136 asc - ok
15:04:14.0905 3136 asc3350p - ok
15:04:14.0921 3136 asc3550 - ok
15:04:15.0061 3136 aspnet_state (776acefa0ca9df0faa51a5fb2f435705) C:\WINDOWS\Microsoft.NET\Framework\v4.0.30319\aspnet_state.exe
15:04:15.0077 3136 aspnet_state - ok
15:04:15.0171 3136 Asset Management Daemon (f16e27f1afad4dee2f0651ac90691bbd) C:\Program Files\Common Files\Portrait Displays\Plugins\AM\dtsslsrv.exe
15:04:15.0311 3136 Asset Management Daemon ( UnsignedFile.Multi.Generic ) - warning
15:04:15.0311 3136 Asset Management Daemon - detected UnsignedFile.Multi.Generic (1)
15:04:15.0358 3136 AsyncMac (b153affac761e7f5fcfa822b9c4e97bc) C:\WINDOWS\system32\DRIVERS\asyncmac.sys
15:04:15.0499 3136 AsyncMac - ok
15:04:15.0561 3136 atapi (9f3a2f5aa6875c72bf062c712cfa2674) C:\WINDOWS\system32\DRIVERS\atapi.sys
15:04:15.0702 3136 atapi - ok
15:04:15.0702 3136 Atdisk - ok
15:04:15.0733 3136 Atmarpc (9916c1225104ba14794209cfa8012159) C:\WINDOWS\system32\DRIVERS\atmarpc.sys
15:04:15.0921 3136 Atmarpc - ok
15:04:15.0968 3136 AudioSrv (def7a7882bec100fe0b2ce2549188f9d) C:\WINDOWS\System32\audiosrv.dll
15:04:16.0124 3136 AudioSrv - ok
15:04:16.0155 3136 audstub (d9f724aa26c010a217c97606b160ed68) C:\WINDOWS\system32\DRIVERS\audstub.sys
15:04:16.0265 3136 audstub - ok
15:04:16.0390 3136 Autodesk Content Service (1992c2a1867d95aa3a0802539358d162) C:\Program Files\Autodesk\Content Service\Connect.Service.ContentService.exe
15:04:16.0405 3136 Autodesk Content Service - ok
15:04:16.0827 3136 AVGIDSAgent (ba60fd7a64b9759a14c0fba4a9ed4c7b) C:\Program Files\AVG\AVG2012\avgidsagent.exe
15:04:17.0061 3136 AVGIDSAgent - ok
15:04:17.0202 3136 AVGIDSDriver (1074f787080068c71303b61fae7e7ca4) C:\WINDOWS\system32\DRIVERS\avgidsdriverx.sys
15:04:17.0265 3136 AVGIDSDriver - ok
15:04:17.0280 3136 AVGIDSFilter (61a7e0b02f82cff3db2445bbe50b3589) C:\WINDOWS\system32\DRIVERS\avgidsfilterx.sys
15:04:17.0296 3136 AVGIDSFilter - ok
15:04:17.0311 3136 AVGIDSHX (d63d83659eedf60b3a3e620281a888e5) C:\WINDOWS\system32\DRIVERS\avgidshx.sys
15:04:17.0327 3136 AVGIDSHX - ok
15:04:17.0327 3136 AVGIDSShim (baf975b72062f53d327788e99d64197e) C:\WINDOWS\system32\DRIVERS\avgidsshimx.sys
15:04:17.0343 3136 AVGIDSShim - ok
15:04:17.0374 3136 Avgldx86 (dda6a2a18841e4c9172bb85958b8d948) C:\WINDOWS\system32\DRIVERS\avgldx86.sys
15:04:17.0390 3136 Avgldx86 - ok
15:04:17.0405 3136 Avgmfx86 (ccdd61545aaea265977e4b1efdc74e8c) C:\WINDOWS\system32\DRIVERS\avgmfx86.sys
15:04:17.0421 3136 Avgmfx86 - ok
15:04:17.0436 3136 Avgrkx86 (1fd90b28d2c3100bf4500199c8ad6358) C:\WINDOWS\system32\DRIVERS\avgrkx86.sys
15:04:17.0452 3136 Avgrkx86 - ok
15:04:17.0483 3136 Avgtdix (1263f2554ace925c237a40b4c568d815) C:\WINDOWS\system32\DRIVERS\avgtdix.sys
15:04:17.0515 3136 Avgtdix - ok
15:04:17.0671 3136 avgwd (ea1145debcd508fd25bd1e95c4346929) C:\Program Files\AVG\AVG2012\avgwdsvc.exe
15:04:17.0686 3136 avgwd - ok
15:04:17.0733 3136 Beep (da1f27d85e0d1525f6621372e7b685e9) C:\WINDOWS\system32\drivers\Beep.sys
15:04:17.0936 3136 Beep - ok
15:04:18.0015 3136 BITS (574738f61fca2935f5265dc4e5691314) C:\WINDOWS\system32\qmgr.dll
15:04:18.0186 3136 BITS - ok
15:04:18.0202 3136 Browser (a06ce3399d16db864f55faeb1f1927a9) C:\WINDOWS\System32\browser.dll
15:04:18.0374 3136 Browser - ok
15:04:18.0436 3136 btaudio (37a82e22af9fc86c428a5f3c3851dcc1) C:\WINDOWS\system32\drivers\btaudio.sys
15:04:18.0468 3136 btaudio - ok
15:04:18.0499 3136 BTDriver (2f9f111d31aa3fbbe5781d829a4524e6) C:\WINDOWS\system32\DRIVERS\btport.sys
15:04:18.0515 3136 BTDriver - ok
15:04:18.0546 3136 BthServ (f4c43c66471b87996d95db7a3a664a37) C:\WINDOWS\system32\bthserv.dll
15:04:18.0749 3136 BthServ - ok
15:04:18.0905 3136 BTKRNL (9f704f40cd50ae05bbfc492c0342e765) C:\WINDOWS\system32\DRIVERS\btkrnl.sys
15:04:18.0952 3136 BTKRNL - ok
15:04:19.0015 3136 btwdins (5624e3c73fd98a7f31faabe60086cd75) C:\Program Files\WIDCOMM\Bluetooth Software\bin\btwdins.exe
15:04:19.0030 3136 btwdins - ok
15:04:19.0155 3136 BTWDNDIS (485020a1e1fc5c51a800ca69c618d881) C:\WINDOWS\system32\DRIVERS\btwdndis.sys
15:04:19.0171 3136 BTWDNDIS - ok
15:04:19.0202 3136 btwhid (c51d50cf24da69a9c499e65b0edb3bb7) C:\WINDOWS\system32\DRIVERS\btwhid.sys
15:04:19.0218 3136 btwhid - ok
15:04:19.0249 3136 BTWUSB (1166cb501e1c34750a91600579efeab3) C:\WINDOWS\system32\Drivers\btwusb.sys
15:04:19.0264 3136 BTWUSB - ok
15:04:19.0280 3136 catchme - ok
15:04:19.0296 3136 cbidf2k (90a673fc8e12a79afbed2576f6a7aaf9) C:\WINDOWS\system32\drivers\cbidf2k.sys
15:04:19.0718 3136 cbidf2k - ok
15:04:19.0749 3136 CCDECODE (0be5aef125be881c4f854c554f2b025c) C:\WINDOWS\system32\DRIVERS\CCDECODE.sys
15:04:19.0921 3136 CCDECODE - ok
15:04:19.0921 3136 cd20xrnt - ok
15:04:19.0952 3136 Cdaudio (c1b486a7658353d33a10cc15211a873b) C:\WINDOWS\system32\drivers\Cdaudio.sys
15:04:20.0124 3136 Cdaudio - ok
15:04:20.0155 3136 Cdfs (c885b02847f5d2fd45a24e219ed93b32) C:\WINDOWS\system32\drivers\Cdfs.sys
15:04:20.0311 3136 Cdfs - ok
15:04:20.0327 3136 Cdrom (1f4260cc5b42272d71f79e570a27a4fe) C:\WINDOWS\system32\DRIVERS\cdrom.sys
15:04:20.0499 3136 Cdrom - ok
15:04:20.0514 3136 Changer - ok
15:04:20.0546 3136 CiSvc (1cfe720eb8d93a7158a4ebc3ab178bde) C:\WINDOWS\system32\cisvc.exe
15:04:20.0749 3136 CiSvc - ok
15:04:20.0811 3136 ClipSrv (34cbe729f38138217f9c80212a2a0c82) C:\WINDOWS\system32\clipsrv.exe
15:04:20.0999 3136 ClipSrv - ok
15:04:21.0139 3136 clr_optimization_v2.0.50727_32 (d87acaed61e417bba546ced5e7e36d9c) c:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
15:04:21.0327 3136 clr_optimization_v2.0.50727_32 - ok
15:04:21.0389 3136 clr_optimization_v4.0.30319_32 (c5a75eb48e2344abdc162bda79e16841) C:\WINDOWS\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
15:04:21.0530 3136 clr_optimization_v4.0.30319_32 - ok
15:04:21.0546 3136 CmBatt (0f6c187d38d98f8df904589a5f94d411) C:\WINDOWS\system32\DRIVERS\CmBatt.sys
15:04:21.0749 3136 CmBatt - ok
15:04:21.0749 3136 CmdIde - ok
15:04:21.0936 3136 Com4QLBEx (c7a0e61d5714ac20de52d4f66ec773b8) C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\Com4QLBEx.exe
15:04:21.0952 3136 Com4QLBEx - ok
15:04:21.0968 3136 Compbatt (6e4c9f21f0fae8940661144f41b13203) C:\WINDOWS\system32\DRIVERS\compbatt.sys
15:04:22.0202 3136 Compbatt - ok
15:04:22.0202 3136 COMSysApp - ok
15:04:22.0202 3136 Cpqarray - ok
15:04:22.0264 3136 CryptSvc (3d4e199942e29207970e04315d02ad3b) C:\WINDOWS\System32\cryptsvc.dll
15:04:22.0343 3136 CryptSvc - ok
15:04:22.0343 3136 dac2w2k - ok
15:04:22.0343 3136 dac960nt - ok
15:04:22.0374 3136 DAMDrv (a05433f6218dcb8f0dec232de65f8b26) C:\WINDOWS\system32\DRIVERS\DAMDrv.sys
15:04:22.0389 3136 DAMDrv - ok
15:04:22.0452 3136 DcomLaunch (6b27a5c03dfb94b4245739065431322c) C:\WINDOWS\system32\rpcss.dll
15:04:22.0546 3136 DcomLaunch - ok
15:04:22.0608 3136 Dhcp (5e38d7684a49cacfb752b046357e0589) C:\WINDOWS\System32\dhcpcsvc.dll
15:04:22.0733 3136 Dhcp - ok
15:04:22.0811 3136 Disk (044452051f3e02e7963599fc8f4f3e25) C:\WINDOWS\system32\DRIVERS\disk.sys
15:04:22.0968 3136 Disk - ok
15:04:22.0983 3136 dmadmin - ok
15:04:23.0061 3136 dmboot (d992fe1274bde0f84ad826acae022a41) C:\WINDOWS\system32\drivers\dmboot.sys
15:04:23.0249 3136 dmboot - ok
15:04:23.0280 3136 dmio (7c824cf7bbde77d95c08005717a95f6f) C:\WINDOWS\system32\drivers\dmio.sys
15:04:23.0499 3136 dmio - ok
15:04:23.0530 3136 dmload (e9317282a63ca4d188c0df5e09c6ac5f) C:\WINDOWS\system32\drivers\dmload.sys
15:04:23.0639 3136 dmload - ok
15:04:23.0686 3136 dmserver (57edec2e5f59f0335e92f35184bc8631) C:\WINDOWS\System32\dmserver.dll
15:04:23.0811 3136 dmserver - ok
15:04:23.0827 3136 DMusic (8a208dfcf89792a484e76c40e5f50b45) C:\WINDOWS\system32\drivers\DMusic.sys
15:04:23.0889 3136 DMusic - ok
15:04:23.0936 3136 Dnscache (5f7e24fa9eab896051ffb87f840730d2) C:\WINDOWS\System32\dnsrslvr.dll
15:04:23.0983 3136 Dnscache - ok
15:04:24.0046 3136 Dot3svc (0f0f6e687e5e15579ef4da8dd6945814) C:\WINDOWS\System32\dot3svc.dll
15:04:24.0233 3136 Dot3svc - ok
15:04:24.0233 3136 dpti2o - ok
15:04:24.0233 3136 drmkaud (8f5fcff8e8848afac920905fbd9d33c8) C:\WINDOWS\system32\drivers\drmkaud.sys
15:04:24.0421 3136 drmkaud - ok
15:04:24.0530 3136 DTSRVC (222f54132446024480741abb675245b9) C:\Program Files\Common Files\Portrait Displays\Shared\DTSRVC.exe
15:04:24.0624 3136 DTSRVC ( UnsignedFile.Multi.Generic ) - warning
15:04:24.0624 3136 DTSRVC - detected UnsignedFile.Multi.Generic (1)
15:04:24.0686 3136 e1kexpress (8bed3dbbb13d2c8e1c1c9decec309826) C:\WINDOWS\system32\DRIVERS\e1k5132.sys
15:04:24.0702 3136 e1kexpress - ok
15:04:24.0733 3136 EapHost (2187855a7703adef0cef9ee4285182cc) C:\WINDOWS\System32\eapsvc.dll
15:04:24.0936 3136 EapHost - ok
15:04:24.0983 3136 EaseUS Agent (64585b1d85ff7566b99ced303a02f357) C:\Program Files\EaseUS\Todo Backup\bin\Agent.exe
15:04:25.0014 3136 EaseUS Agent - ok
15:04:25.0077 3136 EpsonBidirectionalService (abdd5ad016affd34ad40e944ce94bf59) C:\Program Files\Common Files\EPSON\EBAPI\eEBSVC.exe
15:04:25.0139 3136 EpsonBidirectionalService ( UnsignedFile.Multi.Generic ) - warning
15:04:25.0139 3136 EpsonBidirectionalService - detected UnsignedFile.Multi.Generic (1)
15:04:25.0186 3136 ERSvc (bc93b4a066477954555966d77fec9ecb) C:\WINDOWS\System32\ersvc.dll
15:04:25.0342 3136 ERSvc - ok
15:04:25.0421 3136 EUBAKUP (40f272bc66a4692c4e5a07008b3c428d) C:\WINDOWS\system32\drivers\eubakup.sys
15:04:25.0436 3136 EUBAKUP - ok
15:04:25.0452 3136 EUBKMON (d6dd9e76f2d084292d3a032aa7ce9aec) C:\WINDOWS\system32\drivers\EUBKMON.sys
15:04:25.0467 3136 EUBKMON - ok
15:04:25.0467 3136 EUDSKACS (b5a6d8ffb1be1ea333c96f8788c6a909) C:\WINDOWS\system32\drivers\eudskacs.sys
15:04:25.0483 3136 EUDSKACS - ok
15:04:25.0499 3136 EUFDDISK (a67bf5bb59c6c15fab47c771dbe00c20) C:\WINDOWS\system32\drivers\EuFdDisk.sys
15:04:25.0530 3136 EUFDDISK - ok
15:04:25.0577 3136 Eventlog (65df52f5b8b6e9bbd183505225c37315) C:\WINDOWS\system32\services.exe
15:04:25.0608 3136 Eventlog - ok
15:04:25.0671 3136 EventSystem (d4991d98f2db73c60d042f1aef79efae) C:\WINDOWS\system32\es.dll
15:04:25.0702 3136 EventSystem - ok
15:04:25.0764 3136 Fastfat (38d332a6d56af32635675f132548343e) C:\WINDOWS\system32\drivers\Fastfat.sys
15:04:25.0936 3136 Fastfat - ok
15:04:26.0046 3136 FastUserSwitchingCompatibility (99bc0b50f511924348be19c7c7313bbf) C:\WINDOWS\System32\shsvcs.dll
15:04:26.0092 3136 FastUserSwitchingCompatibility - ok
15:04:26.0155 3136 Fax (e97d6a8684466df94ff3bc24fb787a07) C:\WINDOWS\system32\fxssvc.exe
15:04:26.0405 3136 Fax - ok
15:04:26.0436 3136 Fdc (92cdd60b6730b9f50f6a1a0c1f8cdc81) C:\WINDOWS\system32\drivers\Fdc.sys
15:04:26.0639 3136 Fdc - ok
15:04:26.0702 3136 Fips (d45926117eb9fa946a6af572fbe1caa3) C:\WINDOWS\system32\drivers\Fips.sys
15:04:26.0889 3136 Fips - ok
15:04:26.0952 3136 FLCDLOCK (36f3fcb7547431756eb260cf96d84a4e) C:\WINDOWS\system32\flcdlock.exe
15:04:26.0983 3136 FLCDLOCK - ok
15:04:27.0155 3136 FLEXnet Licensing Service (73081cf28f0ae20a52ca4f67cee6e6b0) C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
15:04:27.0217 3136 FLEXnet Licensing Service - ok
15:04:27.0358 3136 Flpydisk (9d27e7b80bfcdf1cdd9b555862d5e7f0) C:\WINDOWS\system32\drivers\Flpydisk.sys
15:04:27.0546 3136 Flpydisk - ok
15:04:27.0639 3136 FltMgr (b2cf4b0786f8212cb92ed2b50c6db6b0) C:\WINDOWS\system32\drivers\fltmgr.sys
15:04:27.0874 3136 FltMgr - ok
15:04:27.0967 3136 FontCache3.0.0.0 (8ba7c024070f2b7fdd98ed8a4ba41789) c:\WINDOWS\Microsoft.NET\Framework\v3.0\WPF\PresentationFontCache.exe
15:04:27.0983 3136 FontCache3.0.0.0 - ok
15:04:28.0046 3136 Fs_Rec (3e1e2bd4f39b0e2b7dc4f4d2bcc2779a) C:\WINDOWS\system32\drivers\Fs_Rec.sys
15:04:28.0264 3136 Fs_Rec - ok
15:04:28.0311 3136 Ftdisk (6ac26732762483366c3969c9e4d2259d) C:\WINDOWS\system32\DRIVERS\ftdisk.sys
15:04:28.0514 3136 Ftdisk - ok
15:04:28.0561 3136 Gpc (0a02c63c8b144bd8c86b103dee7c86a2) C:\WINDOWS\system32\DRIVERS\msgpc.sys
15:04:28.0749 3136 Gpc - ok
15:04:28.0967 3136 Guard Agent (a6a4223573cfcf87843cfcb3a9c237c7) C:\Program Files\EaseUS\Todo Backup\bin\GuardAgent.exe
15:04:29.0092 3136 Guard Agent - ok
15:04:29.0124 3136 gupdate (f02a533f517eb38333cb12a9e8963773) C:\Program Files\Google\Update\GoogleUpdate.exe
15:04:29.0139 3136 gupdate - ok
15:04:29.0139 3136 gupdatem (f02a533f517eb38333cb12a9e8963773) C:\Program Files\Google\Update\GoogleUpdate.exe
15:04:29.0155 3136 gupdatem - ok
15:04:29.0202 3136 HDAudBus (573c7d0a32852b48f3058cfd8026f511) C:\WINDOWS\system32\DRIVERS\HDAudBus.sys
15:04:29.0342 3136 HDAudBus - ok
15:04:29.0436 3136 HECI (a88485dc6a7136c10d9a6c7e38fdfe3c) C:\WINDOWS\system32\DRIVERS\HECI.sys
15:04:29.0467 3136 HECI - ok
15:04:29.0577 3136 helpsvc (4fcca060dfe0c51a09dd5c3843888bcd) C:\WINDOWS\PCHealth\HelpCtr\Binaries\pchsvc.dll
15:04:29.0717 3136 helpsvc - ok
15:04:29.0749 3136 HidServ (deb04da35cc871b6d309b77e1443c796) C:\WINDOWS\System32\hidserv.dll
15:04:29.0920 3136 HidServ - ok
15:04:29.0936 3136 hidusb (ccf82c5ec8a7326c3066de870c06daf1) C:\WINDOWS\system32\DRIVERS\hidusb.sys
15:04:30.0092 3136 hidusb - ok
15:04:30.0155 3136 HitmanProScheduler (dfe4303b9e624eca01ad5e388b9d1dea) C:\Program Files\HitmanPro\hmpsched.exe
15:04:30.0170 3136 HitmanProScheduler - ok
15:04:30.0217 3136 hkmsvc (8878bd685e490239777bfe51320b88e9) C:\WINDOWS\System32\kmsvc.dll
15:04:30.0420 3136 hkmsvc - ok
15:04:30.0467 3136 hpdskflt (c1ae4bc866aaf10d8bbb182b35c14986) C:\WINDOWS\system32\DRIVERS\hpdskflt.sys
15:04:30.0483 3136 hpdskflt - ok
15:04:30.0483 3136 hpn - ok
15:04:30.0530 3136 HpqKbFiltr (35956140e686d53bf676cf0c778880fc) C:\WINDOWS\system32\DRIVERS\HpqKbFiltr.sys
15:04:30.0670 3136 HpqKbFiltr - ok
15:04:30.0780 3136 hpqwmiex (fdf273a845f1ffcceadf363aaf47582f) C:\Program Files\Hewlett-Packard\Shared\hpqwmiex.exe
15:04:30.0795 3136 hpqwmiex - ok
15:04:30.0827 3136 HTCAND32 (cbd09ed9cf6822177ee85aea4d8816a2) C:\WINDOWS\system32\Drivers\ANDROIDUSB.sys
15:04:30.0889 3136 HTCAND32 - ok
15:04:30.0920 3136 htcnprot (04e3b3554076b8192a668efe88a682a1) C:\WINDOWS\system32\DRIVERS\htcnprot.sys
15:04:30.0952 3136 htcnprot - ok
15:04:31.0014 3136 HTTP (f80a415ef82cd06ffaf0d971528ead38) C:\WINDOWS\system32\Drivers\HTTP.sys
15:04:31.0077 3136 HTTP - ok
15:04:31.0124 3136 HTTPFilter (6100a808600f44d999cebdef8841c7a3) C:\WINDOWS\System32\w3ssl.dll
15:04:31.0264 3136 HTTPFilter - ok
15:04:31.0264 3136 i2omgmt - ok
15:04:31.0264 3136 i2omp - ok
15:04:31.0311 3136 i8042prt (4a0b06aa8943c1e332520f7440c0aa30) C:\WINDOWS\system32\DRIVERS\i8042prt.sys
15:04:31.0483 3136 i8042prt - ok
15:04:31.0530 3136 IDriverT (daf66902f08796f9c694901660e5a64a) C:\Program Files\Common Files\InstallShield\Driver\1150\Intel 32\IDriverT.exe
15:04:31.0577 3136 IDriverT ( UnsignedFile.Multi.Generic ) - warning
15:04:31.0577 3136 IDriverT - detected UnsignedFile.Multi.Generic (1)
15:04:31.0717 3136 idsvc (c01ac32dc5c03076cfb852cb5da5229c) c:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe
15:04:31.0858 3136 idsvc - ok
15:04:31.0889 3136 IFXTPM (91c5e9f49f32110ced27e2f902fad607) C:\WINDOWS\system32\DRIVERS\IFXTPM.SYS
15:04:31.0952 3136 IFXTPM - ok
15:04:31.0952 3136 Imapi (083a052659f5310dd8b6a6cb05edcf8e) C:\WINDOWS\system32\DRIVERS\imapi.sys
15:04:32.0170 3136 Imapi - ok
15:04:32.0202 3136 ImapiService (30deaf54a9755bb8546168cfe8a6b5e1) C:\WINDOWS\system32\imapi.exe
15:04:32.0342 3136 ImapiService - ok
15:04:32.0358 3136 Impcd (2db41ba61d5e44d0667cf126d35dcf34) C:\WINDOWS\system32\DRIVERS\Impcd.sys
15:04:32.0374 3136 Impcd - ok
15:04:32.0389 3136 ini910u - ok
15:04:32.0389 3136 IntelIde - ok
15:04:32.0436 3136 intelppm (8c953733d8f36eb2133f5bb58808b66b) C:\WINDOWS\system32\DRIVERS\intelppm.sys
15:04:32.0545 3136 intelppm - ok
15:04:32.0577 3136 Ip6Fw (3bb22519a194418d5fec05d800a19ad0) C:\WINDOWS\system32\drivers\ip6fw.sys
15:04:32.0764 3136 Ip6Fw - ok
15:04:32.0795 3136 IpFilterDriver (731f22ba402ee4b62748adaf6363c182) C:\WINDOWS\system32\DRIVERS\ipfltdrv.sys
15:04:32.0905 3136 IpFilterDriver - ok
15:04:32.0936 3136 IpInIp (b87ab476dcf76e72010632b5550955f5) C:\WINDOWS\system32\DRIVERS\ipinip.sys
15:04:33.0108 3136 IpInIp - ok
15:04:33.0139 3136 IpNat (cc748ea12c6effde940ee98098bf96bb) C:\WINDOWS\system32\DRIVERS\ipnat.sys
15:04:33.0264 3136 IpNat - ok
15:04:33.0280 3136 IPSec (23c74d75e36e7158768dd63d92789a91) C:\WINDOWS\system32\DRIVERS\ipsec.sys
15:04:33.0452 3136 IPSec - ok
15:04:33.0483 3136 IRENUM (c93c9ff7b04d772627a3646d89f7bf89) C:\WINDOWS\system32\DRIVERS\irenum.sys
15:04:33.0670 3136 IRENUM - ok
15:04:33.0717 3136 isapnp (05a299ec56e52649b1cf2fc52d20f2d7) C:\WINDOWS\system32\DRIVERS\isapnp.sys
15:04:33.0889 3136 isapnp - ok
15:04:34.0061 3136 JavaQuickStarterService (0a5709543986843d37a92290b7838340) C:\Program Files\Java\jre6\bin\jqs.exe
15:04:34.0061 3136 JavaQuickStarterService - ok
15:04:34.0077 3136 Kbdclass (463c1ec80cd17420a542b7f36a36f128) C:\WINDOWS\system32\DRIVERS\kbdclass.sys
15:04:34.0248 3136 Kbdclass - ok
15:04:34.0295 3136 kbdhid (9ef487a186dea361aa06913a75b3fa99) C:\WINDOWS\system32\DRIVERS\kbdhid.sys
15:04:34.0452 3136 kbdhid - ok
15:04:34.0514 3136 kmixer (692bcf44383d056aed41b045a323d378) C:\WINDOWS\system32\drivers\kmixer.sys
15:04:34.0623 3136 kmixer - ok
15:04:34.0639 3136 KSecDD (b467646c54cc746128904e1654c750c1) C:\WINDOWS\system32\drivers\KSecDD.sys
15:04:34.0670 3136 KSecDD - ok
15:04:34.0717 3136 lanmanserver (3a7c3cbe5d96b8ae96ce81f0b22fb527) C:\WINDOWS\System32\srvsvc.dll
15:04:34.0748 3136 lanmanserver - ok
15:04:34.0795 3136 lanmanworkstation (a8888a5327621856c0cec4e385f69309) C:\WINDOWS\System32\wkssvc.dll
15:04:34.0795 3136 lanmanworkstation - ok
15:04:34.0811 3136 LBeepKE (9ffd1cf2a782f2560e78eec4b8b8689e) C:\WINDOWS\system32\Drivers\LBeepKE.sys
15:04:34.0827 3136 LBeepKE - ok
15:04:34.0827 3136 lbrtfdc - ok
15:04:34.0920 3136 LBTServ (3af6b73a3ad1fc37c5933441f66ceb91) C:\Program Files\Common Files\Logishrd\Bluetooth\LBTServ.exe
15:04:34.0936 3136 LBTServ - ok
15:04:34.0967 3136 LEqdUsb (70035567754bed4e6ad353ca3f175127) C:\WINDOWS\system32\Drivers\LEqdUsb.Sys
15:04:34.0967 3136 LEqdUsb - ok
15:04:34.0983 3136 LHidEqd (32491b6bae0afad1d7a62c0ef0af4321) C:\WINDOWS\system32\Drivers\LHidEqd.Sys
15:04:34.0983 3136 LHidEqd - ok
15:04:34.0998 3136 LHidFilt (7f9c7b28cf1c859e1c42619eea946dc8) C:\WINDOWS\system32\DRIVERS\LHidFilt.Sys
15:04:34.0998 3136 LHidFilt - ok
15:04:35.0061 3136 LmHosts (a7db739ae99a796d91580147e919cc59) C:\WINDOWS\System32\lmhsvc.dll
15:04:35.0186 3136 LmHosts - ok
15:04:35.0295 3136 LMIGuardianSvc (c2bc96051da4330c1fcf2fe13f60a748) C:\Program Files\LogMeIn\x86\LMIGuardianSvc.exe
15:04:35.0327 3136 LMIGuardianSvc - ok
15:04:35.0342 3136 LMIInfo (4f69faaabb7db0d43e327c0b6aab40fc) C:\Program Files\LogMeIn\x86\RaInfo.sys
15:04:35.0342 3136 LMIInfo - ok
15:04:35.0358 3136 LMIMaint (8960ac10842199c9dc2ec0956f5a4a8d) C:\Program Files\LogMeIn\x86\RaMaint.exe
15:04:35.0358 3136 LMIMaint - ok
15:04:35.0405 3136 lmimirr (4477689e2d8ae6b78ba34c9af4cc1ed1) C:\WINDOWS\system32\DRIVERS\lmimirr.sys
15:04:35.0420 3136 lmimirr - ok
15:04:35.0420 3136 LMIRfsClientNP - ok
15:04:35.0436 3136 LMIRfsDriver (3faa563ddf853320f90259d455a01d79) C:\WINDOWS\system32\drivers\LMIRfsDriver.sys
15:04:35.0436 3136 LMIRfsDriver - ok
15:04:35.0467 3136 LMouFilt (ab33792a87285344f43b5ce23421bab0) C:\WINDOWS\system32\DRIVERS\LMouFilt.Sys
15:04:35.0467 3136 LMouFilt - ok
15:04:35.0530 3136 LMS (271f79326cd571bd271d45c47148ed78) C:\Program Files\Intel\Intel® Management Engine Components\LMS\LMS.exe
15:04:35.0530 3136 LMS - ok
15:04:35.0592 3136 LogMeIn (432618fa75b61059d2c57d6a7e55147a) C:\Program Files\LogMeIn\x86\LogMeIn.exe
15:04:35.0608 3136 LogMeIn - ok
15:04:35.0639 3136 MBAMSwissArmy (0db7527db188c7d967a37bb51bbf3963) C:\WINDOWS\system32\drivers\mbamswissarmy.sys
15:04:35.0655 3136 MBAMSwissArmy - ok
15:04:35.0686 3136 Messenger (986b1ff5814366d71e0ac5755c88f2d3) C:\WINDOWS\System32\msgsvc.dll
15:04:35.0827 3136 Messenger - ok
15:04:35.0967 3136 mi-raysat_3dsmax2012_32 (0af89452a8ce3928168f4e5b2208c68b) C:\Program Files\Autodesk\3ds Max Design 2012\mentalimages\satellite\raysat_3dsmax2012_32server.exe
15:04:36.0077 3136 mi-raysat_3dsmax2012_32 ( UnsignedFile.Multi.Generic ) - warning
15:04:36.0077 3136 mi-raysat_3dsmax2012_32 - detected UnsignedFile.Multi.Generic (1)
15:04:36.0139 3136 Microsoft SharePoint Workspace Audit Service - ok
15:04:36.0170 3136 mnmdd (4ae068242760a1fb6e1a44bf4e16afa6) C:\WINDOWS\system32\drivers\mnmdd.sys
15:04:36.0342 3136 mnmdd - ok
15:04:36.0358 3136 mnmsrvc (d18f1f0c101d06a1c1adf26eed16fcdd) C:\WINDOWS\system32\mnmsrvc.exe
15:04:36.0483 3136 mnmsrvc - ok
15:04:36.0530 3136 Modem (dfcbad3cec1c5f964962ae10e0bcc8e1) C:\WINDOWS\system32\drivers\Modem.sys
15:04:36.0655 3136 Modem - ok
15:04:36.0670 3136 Mouclass (35c9e97194c8cfb8430125f8dbc34d04) C:\WINDOWS\system32\DRIVERS\mouclass.sys
15:04:36.0780 3136 Mouclass - ok
15:04:36.0827 3136 mouhid (b1c303e17fb9d46e87a98e4ba6769685) C:\WINDOWS\system32\DRIVERS\mouhid.sys
15:04:37.0014 3136 mouhid - ok
15:04:37.0045 3136 MountMgr (a80b9a0bad1b73637dbcbba7df72d3fd) C:\WINDOWS\system32\drivers\MountMgr.sys
15:04:37.0170 3136 MountMgr - ok
15:04:37.0170 3136 mraid35x - ok
15:04:37.0186 3136 MRxDAV (11d42bb6206f33fbb3ba0288d3ef81bd) C:\WINDOWS\system32\DRIVERS\mrxdav.sys
15:04:37.0327 3136 MRxDAV - ok
15:04:37.0420 3136 MRxSmb (7d304a5eb4344ebeeab53a2fe3ffb9f0) C:\WINDOWS\system32\DRIVERS\mrxsmb.sys
15:04:37.0498 3136 MRxSmb - ok
15:04:37.0545 3136 MSDTC (a137f1470499a205abbb9aafb3b6f2b1) C:\WINDOWS\system32\msdtc.exe
15:04:37.0733 3136 MSDTC - ok
15:04:37.0780 3136 Msfs (c941ea2454ba8350021d774daf0f1027) C:\WINDOWS\system32\drivers\Msfs.sys
15:04:37.0920 3136 Msfs - ok
15:04:37.0936 3136 MSIServer - ok
15:04:37.0952 3136 MSKSSRV (d1575e71568f4d9e14ca56b7b0453bf1) C:\WINDOWS\system32\drivers\MSKSSRV.sys
15:04:38.0123 3136 MSKSSRV - ok
15:04:38.0155 3136 MSPCLOCK (325bb26842fc7ccc1fcce2c457317f3e) C:\WINDOWS\system32\drivers\MSPCLOCK.sys
15:04:38.0280 3136 MSPCLOCK - ok
15:04:38.0311 3136 MSPQM (bad59648ba099da4a17680b39730cb3d) C:\WINDOWS\system32\drivers\MSPQM.sys
15:04:38.0420 3136 MSPQM - ok
15:04:38.0483 3136 mssmbios (af5f4f3f14a8ea2c26de30f7a1e17136) C:\WINDOWS\system32\DRIVERS\mssmbios.sys
15:04:38.0592 3136 mssmbios - ok
15:04:38.0608 3136 MSTEE (e53736a9e30c45fa9e7b5eac55056d1d) C:\WINDOWS\system32\drivers\MSTEE.sys
15:04:38.0733 3136 MSTEE - ok
15:04:38.0780 3136 Mup (de6a75f5c270e756c5508d94b6cf68f5) C:\WINDOWS\system32\drivers\Mup.sys
15:04:38.0811 3136 Mup - ok
15:04:38.0858 3136 NABTSFEC (5b50f1b2a2ed47d560577b221da734db) C:\WINDOWS\system32\DRIVERS\NABTSFEC.sys
15:04:38.0983 3136 NABTSFEC - ok
15:04:39.0061 3136 napagent (0102140028fad045756796e1c685d695) C:\WINDOWS\System32\qagentrt.dll
15:04:39.0233 3136 napagent - ok
15:04:39.0264 3136 NDIS (1df7f42665c94b825322fae71721130d) C:\WINDOWS\system32\drivers\NDIS.sys
15:04:39.0405 3136 NDIS - ok
15:04:39.0436 3136 NdisIP (7ff1f1fd8609c149aa432f95a8163d97) C:\WINDOWS\system32\DRIVERS\NdisIP.sys
15:04:39.0561 3136 NdisIP - ok
15:04:39.0608 3136 NdisTapi (0109c4f3850dfbab279542515386ae22) C:\WINDOWS\system32\DRIVERS\ndistapi.sys
15:04:39.0670 3136 NdisTapi - ok
15:04:39.0717 3136 Ndisuio (f927a4434c5028758a842943ef1a3849) C:\WINDOWS\system32\DRIVERS\ndisuio.sys
15:04:39.0811 3136 Ndisuio - ok
15:04:39.0811 3136 NdisWan (edc1531a49c80614b2cfda43ca8659ab) C:\WINDOWS\system32\DRIVERS\ndiswan.sys
15:04:39.0967 3136 NdisWan - ok
15:04:40.0014 3136 NDProxy (9282bd12dfb069d3889eb3fcc1000a9b) C:\WINDOWS\system32\drivers\NDProxy.sys
15:04:40.0030 3136 NDProxy - ok
15:04:40.0061 3136 NetBIOS (5d81cf9a2f1a3a756b66cf684911cdf0) C:\WINDOWS\system32\DRIVERS\netbios.sys
15:04:40.0186 3136 NetBIOS - ok
15:04:40.0217 3136 NetBT (74b2b2f5bea5e9a3dc021d685551bd3d) C:\WINDOWS\system32\DRIVERS\netbt.sys
15:04:40.0420 3136 NetBT - ok
15:04:40.0467 3136 NetDDE (b857ba82860d7ff85ae29b095645563b) C:\WINDOWS\system32\netdde.exe
15:04:40.0623 3136 NetDDE - ok
15:04:40.0623 3136 NetDDEdsdm (b857ba82860d7ff85ae29b095645563b) C:\WINDOWS\system32\netdde.exe
15:04:40.0701 3136 NetDDEdsdm - ok
15:04:40.0733 3136 Netlogon (bf2466b3e18e970d8a976fb95fc1ca85) C:\WINDOWS\system32\lsass.exe
15:04:40.0826 3136 Netlogon - ok
15:04:40.0842 3136 Netman (13e67b55b3abd7bf3fe7aae5a0f9a9de) C:\WINDOWS\System32\netman.dll
15:04:40.0951 3136 Netman - ok
15:04:41.0061 3136 NetTcpPortSharing (d22cd77d4f0d63d1169bb35911bff12d) C:\WINDOWS\Microsoft.NET\Framework\v4.0.30319\SMSvcHost.exe
15:04:41.0139 3136 NetTcpPortSharing - ok
15:04:41.0639 3136 NETwNx32 (32e6902485c5add8e4c6cd21545d5133) C:\WINDOWS\system32\DRIVERS\NETwNx32.sys
15:04:41.0858 3136 NETwNx32 - ok
15:04:41.0998 3136 NIC1394 (e9e47cfb2d461fa0fc75b7a74c6383ea) C:\WINDOWS\system32\DRIVERS\nic1394.sys
15:04:42.0092 3136 NIC1394 - ok
15:04:42.0139 3136 Nla (943337d786a56729263071623bbb9de5) C:\WINDOWS\System32\mswsock.dll
15:04:42.0170 3136 Nla - ok
15:04:42.0186 3136 Npfs (3182d64ae053d6fb034f44b6def8034a) C:\WINDOWS\system32\drivers\Npfs.sys
15:04:42.0639 3136 Npfs - ok
15:04:42.0686 3136 Ntfs (78a08dd6a8d65e697c18e1db01c5cdca) C:\WINDOWS\system32\drivers\Ntfs.sys
15:04:42.0795 3136 Ntfs - ok
15:04:42.0811 3136 NtLmSsp (bf2466b3e18e970d8a976fb95fc1ca85) C:\WINDOWS\system32\lsass.exe
15:04:42.0889 3136 NtLmSsp - ok
15:04:42.0920 3136 NtmsSvc (156f64a3345bd23c600655fb4d10bc08) C:\WINDOWS\system32\ntmssvc.dll
15:04:43.0076 3136 NtmsSvc - ok
15:04:43.0123 3136 Null (73c1e1f395918bc2c6dd67af7591a3ad) C:\WINDOWS\system32\drivers\Null.sys
15:04:43.0264 3136 Null - ok
15:04:43.0342 3136 nusb3hub (68c890ddb21028cb1ea5551b47b29e1b) C:\WINDOWS\system32\DRIVERS\nusb3hub.sys
15:04:43.0373 3136 nusb3hub - ok
15:04:43.0483 3136 nusb3xhc (2cf970c1a9e05d3b91039c2dd4471c0e) C:\WINDOWS\system32\DRIVERS\nusb3xhc.sys
15:04:43.0514 3136 nusb3xhc - ok
15:04:44.0029 3136 nv (6ad9ee567a67c010dfae9f25d172a0aa) C:\WINDOWS\system32\DRIVERS\nv4_mini.sys
15:04:44.0373 3136 nv - ok
15:04:44.0545 3136 nvsvc (c0798084837e229bfc42a77313cf0eae) C:\WINDOWS\system32\nvsvc32.exe
15:04:44.0561 3136 nvsvc - ok
15:04:44.0608 3136 NwlnkFlt (b305f3fad35083837ef46a0bbce2fc57) C:\WINDOWS\system32\DRIVERS\nwlnkflt.sys
15:04:44.0811 3136 NwlnkFlt - ok
15:04:44.0811 3136 NwlnkFwd (c99b3415198d1aab7227f2c88fd664b9) C:\WINDOWS\system32\DRIVERS\nwlnkfwd.sys
15:04:44.0951 3136 NwlnkFwd - ok
15:04:45.0014 3136 ohci1394 (ca33832df41afb202ee7aeb05145922f) C:\WINDOWS\system32\DRIVERS\ohci1394.sys
15:04:45.0076 3136 ohci1394 - ok
15:04:45.0186 3136 ose (9d10f99a6712e28f8acd5641e3a7ea6b) C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE
15:04:45.0358 3136 ose - ok
15:04:45.0764 3136 osppsvc (358a9cca612c68eb2f07ddad4ce1d8d7) C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE
15:04:45.0904 3136 osppsvc - ok
15:04:46.0045 3136 Parport (5575faf8f97ce5e713d108c2a58d7c7c) C:\WINDOWS\system32\DRIVERS\parport.sys
15:04:46.0217 3136 Parport - ok
15:04:46.0264 3136 PartMgr (beb3ba25197665d82ec7065b724171c6) C:\WINDOWS\system32\drivers\PartMgr.sys
15:04:46.0467 3136 PartMgr - ok
15:04:46.0545 3136 ParVdm (70e98b3fd8e963a6a46a2e6247e0bea1) C:\WINDOWS\system32\drivers\ParVdm.sys
15:04:46.0639 3136 ParVdm - ok
15:04:46.0795 3136 PassThru Service (39b9dcd7040654c2e57d7396736c718e) c:\Program Files\HTC\Internet Pass-Through\PassThruSvr.exe
15:04:46.0920 3136 PassThru Service ( UnsignedFile.Multi.Generic ) - warning
15:04:46.0920 3136 PassThru Service - detected UnsignedFile.Multi.Generic (1)
15:04:46.0983 3136 PCI (a219903ccf74233761d92bef471a07b1) C:\WINDOWS\system32\DRIVERS\pci.sys
15:04:47.0139 3136 PCI - ok
15:04:47.0139 3136 PCIDump - ok
15:04:47.0139 3136 PCIIde (ccf5f451bb1a5a2a522a76e670000ff0) C:\WINDOWS\system32\DRIVERS\pciide.sys
15:04:47.0358 3136 PCIIde - ok
15:04:47.0389 3136 Pcmcia (9e89ef60e9ee05e3f2eef2da7397f1c1) C:\WINDOWS\system32\DRIVERS\pcmcia.sys
15:04:47.0545 3136 Pcmcia - ok
15:04:47.0545 3136 PDCOMP - ok
15:04:47.0623 3136 pdfcDispatcher - ok
15:04:47.0623 3136 PDFRAME - ok
15:04:47.0670 3136 PdiPorts (797cb64632201f14b723091f826166a6) C:\WINDOWS\system32\Drivers\PdiPorts.sys
15:04:47.0686 3136 PdiPorts - ok
15:04:47.0748 3136 PdiService (67a21574969956e3a42cff3a55fcd150) C:\Program Files\Common Files\Portrait Displays\Drivers\pdisrvc.exe
15:04:47.0764 3136 PdiService - ok
15:04:47.0779 3136 PDRELI - ok
15:04:47.0795 3136 PDRFRAME - ok
15:04:47.0826 3136 perc2 - ok
15:04:47.0826 3136 perc2hib - ok
15:04:47.0920 3136 Pivot (68c6ade0da199e7c00b6083da4605cb8) C:\WINDOWS\system32\drivers\pivot.sys
15:04:47.0920 3136 Pivot ( UnsignedFile.Multi.Generic ) - warning
15:04:47.0920 3136 Pivot - detected UnsignedFile.Multi.Generic (1)
15:04:47.0998 3136 pivotmou (552a7a474fd47bc634113b169494dfbb) C:\WINDOWS\system32\drivers\pivotmou.sys
15:04:48.0014 3136 pivotmou ( UnsignedFile.Multi.Generic ) - warning
15:04:48.0014 3136 pivotmou - detected UnsignedFile.Multi.Generic (1)
15:04:48.0076 3136 PlugPlay (65df52f5b8b6e9bbd183505225c37315) C:\WINDOWS\system32\services.exe
15:04:48.0092 3136 PlugPlay - ok
15:04:48.0139 3136 PolicyAgent (bf2466b3e18e970d8a976fb95fc1ca85) C:\WINDOWS\system32\lsass.exe
15:04:48.0233 3136 PolicyAgent - ok
15:04:48.0264 3136 PptpMiniport (efeec01b1d3cf84f16ddd24d9d9d8f99) C:\WINDOWS\system32\DRIVERS\raspptp.sys
15:04:48.0404 3136 PptpMiniport - ok
15:04:48.0420 3136 ProtectedStorage (bf2466b3e18e970d8a976fb95fc1ca85) C:\WINDOWS\system32\lsass.exe
15:04:48.0514 3136 ProtectedStorage - ok
15:04:48.0529 3136 PSched (09298ec810b07e5d582cb3a3f9255424) C:\WINDOWS\system32\DRIVERS\psched.sys
15:04:48.0639 3136 PSched - ok
15:04:48.0670 3136 Ptilink (80d317bd1c3dbc5d4fe7b1678c60cadd) C:\WINDOWS\system32\DRIVERS\ptilink.sys
15:04:48.0826 3136 Ptilink - ok
15:04:48.0873 3136 PxHelp20 (e42e3433dbb4cffe8fdd91eab29aea8e) C:\WINDOWS\system32\Drivers\PxHelp20.sys
15:04:48.0889 3136 PxHelp20 - ok
15:04:48.0889 3136 ql1080 - ok
15:04:48.0889 3136 Ql10wnt - ok
15:04:48.0920 3136 ql12160 - ok
15:04:48.0920 3136 ql1240 - ok
15:04:48.0920 3136 ql1280 - ok
15:04:48.0936 3136 RasAcd (fe0d99d6f31e4fad8159f690d68ded9c) C:\WINDOWS\system32\DRIVERS\rasacd.sys
15:04:49.0076 3136 RasAcd - ok
15:04:49.0123 3136 RasAuto (ad188be7bdf94e8df4ca0a55c00a5073) C:\WINDOWS\System32\rasauto.dll
15:04:49.0232 3136 RasAuto - ok
15:04:49.0248 3136 Rasl2tp (11b4a627bc9614b885c4969bfa5ff8a6) C:\WINDOWS\system32\DRIVERS\rasl2tp.sys
15:04:49.0373 3136 Rasl2tp - ok
15:04:49.0420 3136 RasMan (76a9a3cbeadd68cc57cda5e1d7448235) C:\WINDOWS\System32\rasmans.dll
15:04:49.0561 3136 RasMan - ok
15:04:49.0576 3136 RasPppoe (5bc962f2654137c9909c3d4603587dee) C:\WINDOWS\system32\DRIVERS\raspppoe.sys
15:04:49.0701 3136 RasPppoe - ok
15:04:49.0717 3136 Raspti (fdbb1d60066fcfbb7452fd8f9829b242) C:\WINDOWS\system32\DRIVERS\raspti.sys
15:04:49.0873 3136 Raspti - ok
15:04:49.0904 3136 Rdbss (7ad224ad1a1437fe28d89cf22b17780a) C:\WINDOWS\system32\DRIVERS\rdbss.sys
15:04:50.0029 3136 Rdbss - ok
15:04:50.0045 3136 RDPCDD (4912d5b403614ce99c28420f75353332) C:\WINDOWS\system32\DRIVERS\RDPCDD.sys
15:04:50.0170 3136 RDPCDD - ok
15:04:50.0201 3136 rdpdr (15cabd0f7c00c47c70124907916af3f1) C:\WINDOWS\system32\DRIVERS\rdpdr.sys
15:04:50.0357 3136 rdpdr - ok
15:04:50.0420 3136 RDPWD (5b3055daa788bd688594d2f5981f2a83) C:\WINDOWS\system32\drivers\RDPWD.sys
15:04:50.0482 3136 RDPWD - ok
15:04:50.0514 3136 RDSessMgr (3c37bf86641bda977c3bf8a840f3b7fa) C:\WINDOWS\system32\sessmgr.exe
15:04:50.0748 3136 RDSessMgr - ok
15:04:50.0764 3136 redbook (f828dd7e1419b6653894a8f97a0094c5) C:\WINDOWS\system32\DRIVERS\redbook.sys
15:04:50.0936 3136 redbook - ok
15:04:50.0967 3136 RemoteAccess (7e699ff5f59b5d9de5390e3c34c67cf5) C:\WINDOWS\System32\mprdim.dll
15:04:51.0139 3136 RemoteAccess - ok
15:04:51.0186 3136 RemoteRegistry (5b19b557b0c188210a56a6b699d90b8f) C:\WINDOWS\system32\regsvc.dll
15:04:51.0357 3136 RemoteRegistry - ok
15:04:51.0420 3136 rimmptsk (df672613fbbcd58c38bb0bc2694bcfb0) C:\WINDOWS\system32\DRIVERS\rimmptsk.sys
15:04:51.0529 3136 rimmptsk - ok
15:04:51.0561 3136 rimsptsk (9bfb54d3559f2ff7301271d29d383564) C:\WINDOWS\system32\DRIVERS\rimsptsk.sys
15:04:51.0607 3136 rimsptsk - ok
15:04:51.0623 3136 rismc32 (470fc46e2989f6606043c1c5365b15fd) C:\WINDOWS\system32\DRIVERS\rismc32.sys
15:04:51.0654 3136 rismc32 - ok
15:04:51.0670 3136 rismxdp (dcb87da83cc1010cbc9fc4dc9e395bbc) C:\WINDOWS\system32\DRIVERS\rixdptsk.sys
15:04:51.0701 3136 rismxdp - ok
15:04:51.0764 3136 RpcLocator (aaed593f84afa419bbae8572af87cf6a) C:\WINDOWS\system32\locator.exe
15:04:51.0889 3136 RpcLocator - ok
15:04:51.0936 3136 RpcSs (6b27a5c03dfb94b4245739065431322c) C:\WINDOWS\System32\rpcss.dll
15:04:51.0998 3136 RpcSs - ok
15:04:52.0045 3136 RSVP (471b3f9741d762abe75e9deea4787e47) C:\WINDOWS\system32\rsvp.exe
15:04:52.0295 3136 RSVP - ok
15:04:52.0357 3136 SamSs (bf2466b3e18e970d8a976fb95fc1ca85) C:\WINDOWS\system32\lsass.exe
15:04:52.0482 3136 SamSs - ok
15:04:52.0514 3136 SCardSvr (86d007e7a654b9a71d1d7d856b104353) C:\WINDOWS\System32\SCardSvr.exe
15:04:52.0686 3136 SCardSvr - ok
15:04:52.0748 3136 Schedule (0a9a7365a1ca4319aa7c1d6cd8e4eafa) C:\WINDOWS\system32\schedsvc.dll
15:04:52.0873 3136 Schedule - ok
15:04:52.0936 3136 sdbus (8d04819a3ce51b9eb47e5689b44d43c4) C:\WINDOWS\system32\DRIVERS\sdbus.sys
15:04:53.0076 3136 sdbus - ok
15:04:53.0092 3136 Secdrv (90a3935d05b494a5a39d37e71f09a677) C:\WINDOWS\system32\DRIVERS\secdrv.sys
15:04:53.0264 3136 Secdrv - ok
15:04:53.0311 3136 seclogon (cbe612e2bb6a10e3563336191eda1250) C:\WINDOWS\System32\seclogon.dll
15:04:53.0451 3136 seclogon - ok
15:04:53.0467 3136 SENS (7fdd5d0684eca8c1f68b4d99d124dcd0) C:\WINDOWS\system32\sens.dll
15:04:53.0623 3136 SENS - ok
15:04:53.0639 3136 Serenum (0f29512ccd6bead730039fb4bd2c85ce) C:\WINDOWS\system32\DRIVERS\serenum.sys
15:04:53.0779 3136 Serenum - ok
15:04:53.0795 3136 Serial (cca207a8896d4c6a0c9ce29a4ae411a7) C:\WINDOWS\system32\DRIVERS\serial.sys
15:04:53.0998 3136 Serial - ok
15:04:54.0045 3136 Sfloppy (8e6b8c671615d126fdc553d1e2de5562) C:\WINDOWS\system32\drivers\Sfloppy.sys
15:04:54.0232 3136 Sfloppy - ok
15:04:54.0279 3136 SharedAccess (83f41d0d89645d7235c051ab1d9523ac) C:\WINDOWS\System32\ipnathlp.dll
15:04:54.0435 3136 SharedAccess - ok
15:04:54.0482 3136 ShellHWDetection (99bc0b50f511924348be19c7c7313bbf) C:\WINDOWS\System32\shsvcs.dll
15:04:54.0514 3136 ShellHWDetection - ok
15:04:54.0514 3136 Simbad - ok
15:04:54.0545 3136 SLIP (866d538ebe33709a5c9f5c62b73b7d14) C:\WINDOWS\system32\DRIVERS\SLIP.sys
15:04:54.0748 3136 SLIP - ok
15:04:54.0920 3136 SNP2UVC (1db08cbdda27e3f143137638d422cf45) C:\WINDOWS\system32\DRIVERS\snp2uvc.sys
15:04:55.0045 3136 SNP2UVC - ok
15:04:55.0185 3136 Sparrow - ok
15:04:55.0248 3136 splitter (ab8b92451ecb048a4d1de7c3ffcb4a9f) C:\WINDOWS\system32\drivers\splitter.sys
15:04:55.0373 3136 splitter - ok
15:04:55.0420 3136 Spooler (60784f891563fb1b767f70117fc2428f) C:\WINDOWS\system32\spoolsv.exe
15:04:55.0451 3136 Spooler - ok
15:04:55.0467 3136 sr (76bb022c2fb6902fd5bdd4f78fc13a5d) C:\WINDOWS\system32\DRIVERS\sr.sys
15:04:55.0732 3136 sr - ok
15:04:55.0795 3136 srservice (3805df0ac4296a34ba4bf93b346cc378) C:\WINDOWS\system32\srsvc.dll
15:04:55.0935 3136 srservice - ok
15:04:55.0967 3136 Srv (47ddfc2f003f7f9f0592c6874962a2e7) C:\WINDOWS\system32\DRIVERS\srv.sys
15:04:56.0029 3136 Srv - ok
15:04:56.0045 3136 SSDPSRV (0a5679b3714edab99e357057ee88fca6) C:\WINDOWS\System32\ssdpsrv.dll
15:04:56.0201 3136 SSDPSRV - ok
15:04:56.0326 3136 STacSV (03f6cf42a1db74290448cde668578c87) C:\Program Files\IDT\WDM\STacSV.exe
15:04:56.0420 3136 STacSV - ok
15:04:56.0576 3136 STHDA (c24c14d1463375c1c028848b12a70a5e) C:\WINDOWS\system32\drivers\sthda.sys
15:04:56.0685 3136 STHDA - ok
15:04:56.0795 3136 stisvc (8bad69cbac032d4bbacfce0306174c30) C:\WINDOWS\system32\wiaservc.dll
15:04:57.0014 3136 stisvc - ok
15:04:57.0045 3136 streamip (77813007ba6265c4b6098187e6ed79d2) C:\WINDOWS\system32\DRIVERS\StreamIP.sys
15:04:57.0248 3136 streamip - ok
15:04:57.0264 3136 swenum (3941d127aef12e93addf6fe6ee027e0f) C:\WINDOWS\system32\DRIVERS\swenum.sys
15:04:57.0467 3136 swenum - ok
15:04:57.0482 3136 swmidi (8ce882bcc6cf8a62f2b2323d95cb3d01) C:\WINDOWS\system32\drivers\swmidi.sys
15:04:57.0639 3136 swmidi - ok
15:04:57.0639 3136 SwPrv - ok
15:04:57.0654 3136 symc810 - ok
15:04:57.0654 3136 symc8xx - ok
15:04:57.0654 3136 sym_hi - ok
15:04:57.0654 3136 sym_u3 - ok
15:04:57.0779 3136 SynTP (0e8676fb3bb95aa40fdf7a4a31018c8b) C:\WINDOWS\system32\DRIVERS\SynTP.sys
15:04:57.0842 3136 SynTP - ok
15:04:57.0873 3136 sysaudio (8b83f3ed0f1688b4958f77cd6d2bf290) C:\WINDOWS\system32\drivers\sysaudio.sys
15:04:57.0998 3136 sysaudio - ok
15:04:58.0045 3136 SysmonLog (c7abbc59b43274b1109df6b24d617051) C:\WINDOWS\system32\smlogsvc.exe
15:04:58.0248 3136 SysmonLog - ok
15:04:58.0279 3136 TapiSrv (3cb78c17bb664637787c9a1c98f79c38) C:\WINDOWS\System32\tapisrv.dll
15:04:58.0467 3136 TapiSrv - ok
15:04:58.0529 3136 Tcpip (9aefa14bd6b182d61e3119fa5f436d3d) C:\WINDOWS\system32\DRIVERS\tcpip.sys
15:04:58.0560 3136 Tcpip - ok
15:04:58.0607 3136 TDPIPE (6471a66807f5e104e4885f5b67349397) C:\WINDOWS\system32\drivers\TDPIPE.sys
15:04:58.0810 3136 TDPIPE - ok
15:04:58.0842 3136 TDTCP (c56b6d0402371cf3700eb322ef3aaf61) C:\WINDOWS\system32\drivers\TDTCP.sys
15:04:59.0013 3136 TDTCP - ok
15:04:59.0045 3136 TermDD (88155247177638048422893737429d9e) C:\WINDOWS\system32\DRIVERS\termdd.sys
15:04:59.0295 3136 TermDD - ok
15:04:59.0357 3136 TermService (ff3477c03be7201c294c35f684b3479f) C:\WINDOWS\System32\termsrv.dll
15:04:59.0560 3136 TermService - ok
15:04:59.0607 3136 Themes (99bc0b50f511924348be19c7c7313bbf) C:\WINDOWS\System32\shsvcs.dll
15:04:59.0623 3136 Themes - ok
15:04:59.0670 3136 TlntSvr (db7205804759ff62c34e3efd8a4cc76a) C:\WINDOWS\system32\tlntsvr.exe
15:04:59.0842 3136 TlntSvr - ok
15:04:59.0842 3136 TosIde - ok
15:04:59.0873 3136 TrkWks (55bca12f7f523d35ca3cb833c725f54e) C:\WINDOWS\system32\trkwks.dll
15:05:00.0013 3136 TrkWks - ok
15:05:00.0045 3136 Udfs (5787b80c2e3c5e2f56c2a233d91fa2c9) C:\WINDOWS\system32\drivers\Udfs.sys
15:05:00.0248 3136 Udfs - ok
15:05:00.0263 3136 ultra - ok
15:05:00.0529 3136 UNS (5713e039c0622f40347735cba460b8fc) C:\Program Files\Intel\Intel® Management Engine Components\UNS\UNS.exe
15:05:00.0654 3136 UNS - ok
15:05:00.0795 3136 Update (402ddc88356b1bac0ee3dd1580c76a31) C:\WINDOWS\system32\DRIVERS\update.sys
15:05:01.0451 3136 Update - ok
15:05:01.0498 3136 upnphost (1ebafeb9a3fbdc41b8d9c7f0f687ad91) C:\WINDOWS\System32\upnphost.dll
15:05:01.0592 3136 upnphost - ok
15:05:01.0607 3136 UPS (05365fb38fca1e98f7a566aaaf5d1815) C:\WINDOWS\System32\ups.exe
15:05:01.0732 3136 UPS - ok
15:05:01.0748 3136 usbccgp (173f317ce0db8e21322e71b7e60a27e8) C:\WINDOWS\system32\DRIVERS\usbccgp.sys
15:05:01.0857 3136 usbccgp - ok
15:05:01.0904 3136 usbehci (65dcf09d0e37d4c6b11b5b0b76d470a7) C:\WINDOWS\system32\DRIVERS\usbehci.sys
15:05:02.0029 3136 usbehci - ok
15:05:02.0060 3136 usbhub (1ab3cdde553b6e064d2e754efe20285c) C:\WINDOWS\system32\DRIVERS\usbhub.sys
15:05:02.0201 3136 usbhub - ok
15:05:02.0263 3136 usbprint (a717c8721046828520c9edf31288fc00) C:\WINDOWS\system32\DRIVERS\usbprint.sys
15:05:02.0404 3136 usbprint - ok
15:05:02.0435 3136 usbscan (a0b8cf9deb1184fbdd20784a58fa75d4) C:\WINDOWS\system32\DRIVERS\usbscan.sys
15:05:02.0529 3136 usbscan - ok
15:05:02.0560 3136 USBSTOR (a32426d9b14a089eaa1d922e0c5801a9) C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS
15:05:02.0654 3136 USBSTOR - ok
15:05:02.0701 3136 usbvideo (63bbfca7f390f4c49ed4b96bfb1633e0) C:\WINDOWS\system32\Drivers\usbvideo.sys
15:05:02.0826 3136 usbvideo - ok
15:05:02.0935 3136 vcsFPService (8c72e0e88e5a1a70691135864f2f7f1b) C:\WINDOWS\system32\vcsFPService.exe
15:05:02.0982 3136 vcsFPService - ok
15:05:03.0107 3136 VgaSave (0d3a8fafceacd8b7625cd549757a7df1) C:\WINDOWS\System32\drivers\vga.sys
15:05:03.0248 3136 VgaSave - ok
15:05:03.0248 3136 ViaIde - ok
15:05:03.0295 3136 vnccom (b67632451f760797bb183e1fb99f4b39) C:\WINDOWS\system32\Drivers\vnccom.SYS
15:05:03.0310 3136 vnccom ( UnsignedFile.Multi.Generic ) - warning
15:05:03.0310 3136 vnccom - detected UnsignedFile.Multi.Generic (1)
15:05:03.0357 3136 vncdrv (4ec979b157d1aa075330362acb5424e5) C:\WINDOWS\system32\DRIVERS\vncdrv.sys
15:05:03.0357 3136 vncdrv ( UnsignedFile.Multi.Generic ) - warning
15:05:03.0357 3136 vncdrv - detected UnsignedFile.Multi.Generic (1)
15:05:03.0388 3136 VolSnap (4c8fcb5cc53aab716d810740fe59d025) C:\WINDOWS\system32\drivers\VolSnap.sys
15:05:03.0466 3136 VolSnap - ok
15:05:03.0529 3136 VSS (7a9db3a67c333bf0bd42e42b8596854b) C:\WINDOWS\System32\vssvc.exe
15:05:03.0638 3136 VSS - ok
15:05:03.0779 3136 vToolbarUpdater11.0.2 (56e1e4442e4613fb2039a6b7421f4e58) C:\Program Files\Common Files\AVG Secure Search\vToolbarUpdater\11.0.2\ToolbarUpdater.exe
15:05:03.0810 3136 vToolbarUpdater11.0.2 - ok
15:05:03.0841 3136 W32Time (54af4b1d5459500ef0937f6d33b1914f) C:\WINDOWS\system32\w32time.dll
15:05:03.0935 3136 W32Time - ok
15:05:03.0998 3136 Wanarp (e20b95baedb550f32dd489265c1da1f6) C:\WINDOWS\system32\DRIVERS\wanarp.sys
15:05:04.0138 3136 Wanarp - ok
15:05:04.0201 3136 WDC_SAM (d6efaf429fd30c5df613d220e344cce7) C:\WINDOWS\system32\DRIVERS\wdcsam.sys
15:05:04.0310 3136 WDC_SAM - ok
15:05:04.0388 3136 Wdf01000 (d918617b46457b9ac28027722e30f647) C:\WINDOWS\system32\DRIVERS\Wdf01000.sys
15:05:04.0404 3136 Wdf01000 - ok
15:05:04.0420 3136 WDICA - ok
15:05:04.0451 3136 wdmaud (6768acf64b18196494413695f0c3a00f) C:\WINDOWS\system32\drivers\wdmaud.sys
15:05:04.0591 3136 wdmaud - ok
15:05:04.0638 3136 WebClient (77a354e28153ad2d5e120a5a8687bc06) C:\WINDOWS\System32\webclnt.dll
15:05:04.0763 3136 WebClient - ok
15:05:04.0873 3136 winmgmt (2d0e4ed081963804ccc196a0929275b5) C:\WINDOWS\system32\wbem\WMIsvc.dll
15:05:05.0013 3136 winmgmt - ok
15:05:05.0154 3136 WinRM (18f347402da544a780949b8fdf83351b) C:\WINDOWS\system32\WsmSvc.dll
15:05:05.0388 3136 WinRM - ok
15:05:05.0482 3136 WinUSB (fd600b032e741eb6aab509fc630f7c42) C:\WINDOWS\system32\DRIVERS\WinUSB.sys
15:05:05.0513 3136 WinUSB - ok
15:05:05.0560 3136 WmdmPmSN (c51b4a5c05a5475708e3c81c7765b71d) C:\WINDOWS\system32\MsPMSNSv.dll
15:05:05.0638 3136 WmdmPmSN - ok
15:05:05.0716 3136 Wmi (e76f8807070ed04e7408a86d6d3a6137) C:\WINDOWS\System32\advapi32.dll
15:05:05.0748 3136 Wmi - ok
15:05:05.0795 3136 WmiAcpi (c42584fd66ce9e17403aebca199f7bdb) C:\WINDOWS\system32\DRIVERS\wmiacpi.sys
15:05:05.0841 3136 WmiAcpi - ok
15:05:05.0920 3136 WmiApSrv (e0673f1106e62a68d2257e376079f821) C:\WINDOWS\system32\wbem\wmiapsrv.exe
15:05:06.0482 3136 WmiApSrv - ok
15:05:06.0638 3136 WMPNetworkSvc (f74e3d9a7fa9556c3bbb14d4e5e63d3b) C:\Program Files\Windows Media Player\WMPNetwk.exe
15:05:06.0795 3136 WMPNetworkSvc - ok
15:05:06.0826 3136 WpdUsb (cf4def1bf66f06964dc0d91844239104) C:\WINDOWS\system32\DRIVERS\wpdusb.sys
15:05:06.0904 3136 WpdUsb - ok
15:05:07.0107 3136 WPFFontCache_v0400 (dcf3e3edf5109ee8bc02fe6e1f045795) C:\WINDOWS\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe
15:05:07.0232 3136 WPFFontCache_v0400 - ok
15:05:07.0279 3136 WS2IFSL (6abe6e225adb5a751622a9cc3bc19ce8) C:\WINDOWS\System32\drivers\ws2ifsl.sys
15:05:07.0513 3136 WS2IFSL - ok
15:05:07.0560 3136 wscsvc (7c278e6408d1dce642230c0585a854d5) C:\WINDOWS\system32\wscsvc.dll
15:05:07.0701 3136 wscsvc - ok
15:05:07.0716 3136 WSearch - ok
15:05:07.0748 3136 WSTCODEC (c98b39829c2bbd34e454150633c62c78) C:\WINDOWS\system32\DRIVERS\WSTCODEC.SYS
15:05:07.0920 3136 WSTCODEC - ok
15:05:07.0951 3136 wuauserv (35321fb577cdc98ce3eb3a3eb9e4610a) C:\WINDOWS\system32\wuauserv.dll
15:05:08.0123 3136 wuauserv - ok
15:05:08.0154 3136 WudfPf (f15feafffbb3644ccc80c5da584e6311) C:\WINDOWS\system32\DRIVERS\WudfPf.sys
15:05:08.0263 3136 WudfPf - ok
15:05:08.0294 3136 WudfRd (28b524262bce6de1f7ef9f510ba3985b) C:\WINDOWS\system32\DRIVERS\wudfrd.sys
15:05:08.0373 3136 WudfRd - ok
15:05:08.0482 3136 WudfSvc (05231c04253c5bc30b26cbaae680ed89) C:\WINDOWS\System32\WUDFSvc.dll
15:05:08.0623 3136 WudfSvc - ok
15:05:08.0701 3136 WZCSVC (81dc3f549f44b1c1fff022dec9ecf30b) C:\WINDOWS\System32\wzcsvc.dll
15:05:08.0841 3136 WZCSVC - ok
15:05:08.0873 3136 xmlprov (295d21f14c335b53cb8154e5b1f892b9) C:\WINDOWS\System32\xmlprov.dll
15:05:09.0185 3136 xmlprov - ok
15:05:09.0232 3136 MBR (0x1B8) (8f558eb6672622401da993e1e865c861) \Device\Harddisk0\DR0
15:05:09.0701 3136 \Device\Harddisk0\DR0 - ok
15:05:09.0701 3136 Boot (0x1200) (cfdc26c16db7fff8462d8b40335fd370) \Device\Harddisk0\DR0\Partition0
15:05:09.0701 3136 \Device\Harddisk0\DR0\Partition0 - ok
15:05:09.0701 3136 ============================================================
15:05:09.0701 3136 Scan finished
15:05:09.0701 3136 ============================================================
15:05:09.0826 4508 Detected object count: 11
15:05:09.0826 4508 Actual detected object count: 11
15:05:42.0575 4508 Akamai ( HiddenFile.Multi.Generic ) - skipped by user
15:05:42.0575 4508 Akamai ( HiddenFile.Multi.Generic ) - User select action: Skip
15:05:42.0575 4508 Asset Management Daemon ( UnsignedFile.Multi.Generic ) - skipped by user
15:05:42.0575 4508 Asset Management Daemon ( UnsignedFile.Multi.Generic ) - User select action: Skip
15:05:42.0575 4508 DTSRVC ( UnsignedFile.Multi.Generic ) - skipped by user
15:05:42.0575 4508 DTSRVC ( UnsignedFile.Multi.Generic ) - User select action: Skip
15:05:42.0575 4508 EpsonBidirectionalService ( UnsignedFile.Multi.Generic ) - skipped by user
15:05:42.0575 4508 EpsonBidirectionalService ( UnsignedFile.Multi.Generic ) - User select action: Skip
15:05:42.0575 4508 IDriverT ( UnsignedFile.Multi.Generic ) - skipped by user
15:05:42.0575 4508 IDriverT ( UnsignedFile.Multi.Generic ) - User select action: Skip
15:05:42.0575 4508 mi-raysat_3dsmax2012_32 ( UnsignedFile.Multi.Generic ) - skipped by user
15:05:42.0575 4508 mi-raysat_3dsmax2012_32 ( UnsignedFile.Multi.Generic ) - User select action: Skip
15:05:42.0575 4508 PassThru Service ( UnsignedFile.Multi.Generic ) - skipped by user
15:05:42.0575 4508 PassThru Service ( UnsignedFile.Multi.Generic ) - User select action: Skip
15:05:42.0575 4508 Pivot ( UnsignedFile.Multi.Generic ) - skipped by user
15:05:42.0575 4508 Pivot ( UnsignedFile.Multi.Generic ) - User select action: Skip
15:05:42.0575 4508 pivotmou ( UnsignedFile.Multi.Generic ) - skipped by user
15:05:42.0575 4508 pivotmou ( UnsignedFile.Multi.Generic ) - User select action: Skip
15:05:42.0575 4508 vnccom ( UnsignedFile.Multi.Generic ) - skipped by user
15:05:42.0575 4508 vnccom ( UnsignedFile.Multi.Generic ) - User select action: Skip
15:05:42.0575 4508 vncdrv ( UnsignedFile.Multi.Generic ) - skipped by user
15:05:42.0575 4508 vncdrv ( UnsignedFile.Multi.Generic ) - User select action: Skip
15:06:04.0121 3272 ============================================================
15:06:04.0121 3272 Scan started
15:06:04.0121 3272 Mode: Manual; SigCheck; TDLFS;
15:06:04.0121 3272 ============================================================
15:06:04.0371 3272 Abiosdsk - ok
15:06:04.0371 3272 abp480n5 - ok
15:06:04.0418 3272 Accelerometer (8356dd18da15d9c42a8584e1841844fe) C:\WINDOWS\system32\DRIVERS\Accelerometer.sys
15:06:04.0465 3272 Accelerometer - ok
15:06:04.0512 3272 ACPI (8fd99680a539792a30e97944fdaecf17) C:\WINDOWS\system32\DRIVERS\ACPI.sys
15:06:04.0637 3272 ACPI - ok
15:06:04.0652 3272 ACPIEC (9859c0f6936e723e4892d7141b1327d5) C:\WINDOWS\system32\DRIVERS\ACPIEC.sys
15:06:04.0809 3272 ACPIEC - ok
15:06:04.0918 3272 AdobeFlashPlayerUpdateSvc (76d5a3d2a50402a0b9b6ed13c4371e79) C:\WINDOWS\system32\Macromed\Flash\FlashPlayerUpdateService.exe
15:06:04.0949 3272 AdobeFlashPlayerUpdateSvc - ok
15:06:04.0949 3272 adpu160m - ok
15:06:04.0965 3272 aec (8bed39e3c35d6a489438b8141717a557) C:\WINDOWS\system32\drivers\aec.sys
15:06:05.0074 3272 aec - ok
15:06:05.0121 3272 AESTAud (822d53766d57c90c437536232ece9023) C:\WINDOWS\system32\drivers\AESTAud.sys
15:06:05.0152 3272 AESTAud - ok
15:06:05.0199 3272 AFD (1e44bc1e83d8fd2305f8d452db109cf9) C:\WINDOWS\System32\drivers\afd.sys
15:06:05.0215 3272 AFD - ok
15:06:05.0309 3272 AgereModemAudio (6416f9b6b220f0a890525c38235afad7) C:\Program Files\LSI SoftModem\agrsmsvc.exe
15:06:05.0340 3272 AgereModemAudio - ok
15:06:05.0418 3272 AgereSoftModem (07758c2196a62f207f77556311e7459a) C:\WINDOWS\system32\DRIVERS\AGRSM.sys
15:06:05.0465 3272 AgereSoftModem - ok
15:06:05.0465 3272 Aha154x - ok
15:06:05.0481 3272 aic78u2 - ok
15:06:05.0481 3272 aic78xx - ok
15:06:05.0762 3272 Akamai (1125c7d9fb8898015829c387c1bc87c7) c:\program files\common files\akamai/netsession_win_6c825ce.dll
15:06:05.0762 3272 Suspicious file (Hidden): c:\program files\common files\akamai/netsession_win_6c825ce.dll. md5: 1125c7d9fb8898015829c387c1bc87c7
15:06:05.0777 3272 Akamai ( HiddenFile.Multi.Generic ) - warning
15:06:05.0777 3272 Akamai - detected HiddenFile.Multi.Generic (1)
15:06:05.0887 3272 Alerter (a9a3daa780ca6c9671a19d52456705b4) C:\WINDOWS\system32\alrsvc.dll
15:06:06.0012 3272 Alerter - ok
15:06:06.0043 3272 ALG (8c515081584a38aa007909cd02020b3d) C:\WINDOWS\System32\alg.exe
15:06:06.0168 3272 ALG - ok
15:06:06.0184 3272 AliIde - ok
15:06:06.0184 3272 amsint - ok
15:06:06.0215 3272 AppMgmt (d8849f77c0b66226335a59d26cb4edc6) C:\WINDOWS\System32\appmgmts.dll
15:06:06.0309 3272 AppMgmt - ok
15:06:06.0340 3272 Arp1394 (b5b8a80875c1dededa8b02765642c32f) C:\WINDOWS\system32\DRIVERS\arp1394.sys
15:06:06.0465 3272 Arp1394 - ok
15:06:06.0465 3272 asc - ok
15:06:06.0465 3272 asc3350p - ok
15:06:06.0465 3272 asc3550 - ok
15:06:06.0559 3272 aspnet_state (776acefa0ca9df0faa51a5fb2f435705) C:\WINDOWS\Microsoft.NET\Framework\v4.0.30319\aspnet_state.exe
15:06:06.0590 3272 aspnet_state - ok
15:06:06.0684 3272 Asset Management Daemon (f16e27f1afad4dee2f0651ac90691bbd) C:\Program Files\Common Files\Portrait Displays\Plugins\AM\dtsslsrv.exe
15:06:06.0699 3272 Asset Management Daemon ( UnsignedFile.Multi.Generic ) - warning
15:06:06.0699 3272 Asset Management Daemon - detected UnsignedFile.Multi.Generic (1)
15:06:06.0715 3272 AsyncMac (b153affac761e7f5fcfa822b9c4e97bc) C:\WINDOWS\system32\DRIVERS\asyncmac.sys
15:06:06.0824 3272 AsyncMac - ok
15:06:06.0871 3272 atapi (9f3a2f5aa6875c72bf062c712cfa2674) C:\WINDOWS\system32\DRIVERS\atapi.sys
15:06:06.0996 3272 atapi - ok
15:06:06.0996 3272 Atdisk - ok
15:06:07.0027 3272 Atmarpc (9916c1225104ba14794209cfa8012159) C:\WINDOWS\system32\DRIVERS\atmarpc.sys
15:06:07.0137 3272 Atmarpc - ok
15:06:07.0199 3272 AudioSrv (def7a7882bec100fe0b2ce2549188f9d) C:\WINDOWS\System32\audiosrv.dll
15:06:07.0277 3272 AudioSrv - ok
15:06:07.0324 3272 audstub (d9f724aa26c010a217c97606b160ed68) C:\WINDOWS\system32\DRIVERS\audstub.sys
15:06:07.0434 3272 audstub - ok
15:06:07.0559 3272 Autodesk Content Service (1992c2a1867d95aa3a0802539358d162) C:\Program Files\Autodesk\Content Service\Connect.Service.ContentService.exe
15:06:07.0574 3272 Autodesk Content Service - ok
15:06:07.0996 3272 AVGIDSAgent (ba60fd7a64b9759a14c0fba4a9ed4c7b) C:\Program Files\AVG\AVG2012\avgidsagent.exe
15:06:08.0121 3272 AVGIDSAgent - ok
15:06:08.0277 3272 AVGIDSDriver (1074f787080068c71303b61fae7e7ca4) C:\WINDOWS\system32\DRIVERS\avgidsdriverx.sys
15:06:08.0293 3272 AVGIDSDriver - ok
15:06:08.0309 3272 AVGIDSFilter (61a7e0b02f82cff3db2445bbe50b3589) C:\WINDOWS\system32\DRIVERS\avgidsfilterx.sys
15:06:08.0324 3272 AVGIDSFilter - ok
15:06:08.0340 3272 AVGIDSHX (d63d83659eedf60b3a3e620281a888e5) C:\WINDOWS\system32\DRIVERS\avgidshx.sys
15:06:08.0355 3272 AVGIDSHX - ok
15:06:08.0371 3272 AVGIDSShim (baf975b72062f53d327788e99d64197e) C:\WINDOWS\system32\DRIVERS\avgidsshimx.sys
15:06:08.0387 3272 AVGIDSShim - ok
15:06:08.0418 3272 Avgldx86 (dda6a2a18841e4c9172bb85958b8d948) C:\WINDOWS\system32\DRIVERS\avgldx86.sys
15:06:08.0418 3272 Avgldx86 - ok
15:06:08.0434 3272 Avgmfx86 (ccdd61545aaea265977e4b1efdc74e8c) C:\WINDOWS\system32\DRIVERS\avgmfx86.sys
15:06:08.0449 3272 Avgmfx86 - ok
15:06:08.0465 3272 Avgrkx86 (1fd90b28d2c3100bf4500199c8ad6358) C:\WINDOWS\system32\DRIVERS\avgrkx86.sys
15:06:08.0480 3272 Avgrkx86 - ok
15:06:08.0512 3272 Avgtdix (1263f2554ace925c237a40b4c568d815) C:\WINDOWS\system32\DRIVERS\avgtdix.sys
15:06:08.0543 3272 Avgtdix - ok
15:06:08.0699 3272 avgwd (ea1145debcd508fd25bd1e95c4346929) C:\Program Files\AVG\AVG2012\avgwdsvc.exe
15:06:08.0715 3272 avgwd - ok
15:06:08.0746 3272 Beep (da1f27d85e0d1525f6621372e7b685e9) C:\WINDOWS\system32\drivers\Beep.sys
15:06:08.0902 3272 Beep - ok
15:06:08.0965 3272 BITS (574738f61fca2935f5265dc4e5691314) C:\WINDOWS\system32\qmgr.dll
15:06:09.0387 3272 BITS - ok
15:06:09.0402 3272 Browser (a06ce3399d16db864f55faeb1f1927a9) C:\WINDOWS\System32\browser.dll
15:06:09.0496 3272 Browser - ok
15:06:09.0574 3272 btaudio (37a82e22af9fc86c428a5f3c3851dcc1) C:\WINDOWS\system32\drivers\btaudio.sys
15:06:09.0605 3272 btaudio - ok
15:06:09.0637 3272 BTDriver (2f9f111d31aa3fbbe5781d829a4524e6) C:\WINDOWS\system32\DRIVERS\btport.sys
15:06:09.0652 3272 BTDriver - ok
15:06:09.0684 3272 BthServ (f4c43c66471b87996d95db7a3a664a37) C:\WINDOWS\system32\bthserv.dll
15:06:09.0809 3272 BthServ - ok
15:06:09.0918 3272 BTKRNL (9f704f40cd50ae05bbfc492c0342e765) C:\WINDOWS\system32\DRIVERS\btkrnl.sys
15:06:09.0949 3272 BTKRNL - ok
15:06:10.0012 3272 btwdins (5624e3c73fd98a7f31faabe60086cd75) C:\Program Files\WIDCOMM\Bluetooth Software\bin\btwdins.exe
15:06:10.0043 3272 btwdins - ok
15:06:10.0199 3272 BTWDNDIS (485020a1e1fc5c51a800ca69c618d881) C:\WINDOWS\system32\DRIVERS\btwdndis.sys
15:06:10.0215 3272 BTWDNDIS - ok
15:06:10.0246 3272 btwhid (c51d50cf24da69a9c499e65b0edb3bb7) C:\WINDOWS\system32\DRIVERS\btwhid.sys
15:06:10.0262 3272 btwhid - ok
15:06:10.0293 3272 BTWUSB (1166cb501e1c34750a91600579efeab3) C:\WINDOWS\system32\Drivers\btwusb.sys
15:06:10.0309 3272 BTWUSB - ok
15:06:10.0324 3272 catchme - ok
15:06:10.0340 3272 cbidf2k (90a673fc8e12a79afbed2576f6a7aaf9) C:\WINDOWS\system32\drivers\cbidf2k.sys
15:06:10.0512 3272 cbidf2k - ok
15:06:10.0543 3272 CCDECODE (0be5aef125be881c4f854c554f2b025c) C:\WINDOWS\system32\DRIVERS\CCDECODE.sys
15:06:10.0621 3272 CCDECODE - ok
15:06:10.0621 3272 cd20xrnt - ok
15:06:10.0637 3272 Cdaudio (c1b486a7658353d33a10cc15211a873b) C:\WINDOWS\system32\drivers\Cdaudio.sys
15:06:10.0699 3272 Cdaudio - ok
15:06:10.0715 3272 Cdfs (c885b02847f5d2fd45a24e219ed93b32) C:\WINDOWS\system32\drivers\Cdfs.sys
15:06:10.0809 3272 Cdfs - ok
15:06:10.0824 3272 Cdrom (1f4260cc5b42272d71f79e570a27a4fe) C:\WINDOWS\system32\DRIVERS\cdrom.sys
15:06:10.0918 3272 Cdrom - ok
15:06:10.0918 3272 Changer - ok
15:06:10.0949 3272 CiSvc (1cfe720eb8d93a7158a4ebc3ab178bde) C:\WINDOWS\system32\cisvc.exe
15:06:11.0043 3272 CiSvc - ok
15:06:11.0043 3272 ClipSrv (34cbe729f38138217f9c80212a2a0c82) C:\WINDOWS\system32\clipsrv.exe
15:06:11.0121 3272 ClipSrv - ok
15:06:11.0262 3272 clr_optimization_v2.0.50727_32 (d87acaed61e417bba546ced5e7e36d9c) c:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
15:06:11.0262 3272 clr_optimization_v2.0.50727_32 - ok
15:06:11.0340 3272 clr_optimization_v4.0.30319_32 (c5a75eb48e2344abdc162bda79e16841) C:\WINDOWS\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
15:06:11.0340 3272 clr_optimization_v4.0.30319_32 - ok
15:06:11.0340 3272 CmBatt (0f6c187d38d98f8df904589a5f94d411) C:\WINDOWS\system32\DRIVERS\CmBatt.sys
15:06:11.0434 3272 CmBatt - ok
15:06:11.0434 3272 CmdIde - ok
15:06:11.0574 3272 Com4QLBEx (c7a0e61d5714ac20de52d4f66ec773b8) C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\Com4QLBEx.exe
15:06:11.0590 3272 Com4QLBEx - ok
15:06:11.0605 3272 Compbatt (6e4c9f21f0fae8940661144f41b13203) C:\WINDOWS\system32\DRIVERS\compbatt.sys
15:06:11.0652 3272 Compbatt - ok
15:06:11.0652 3272 COMSysApp - ok
15:06:11.0652 3272 Cpqarray - ok
15:06:11.0668 3272 CryptSvc (3d4e199942e29207970e04315d02ad3b) C:\WINDOWS\System32\cryptsvc.dll
15:06:11.0730 3272 CryptSvc - ok
15:06:11.0730 3272 dac2w2k - ok
15:06:11.0730 3272 dac960nt - ok
15:06:11.0762 3272 DAMDrv (a05433f6218dcb8f0dec232de65f8b26) C:\WINDOWS\system32\DRIVERS\DAMDrv.sys
15:06:11.0762 3272 DAMDrv - ok
15:06:11.0824 3272 DcomLaunch (6b27a5c03dfb94b4245739065431322c) C:\WINDOWS\system32\rpcss.dll
15:06:11.0840 3272 DcomLaunch - ok
15:06:11.0902 3272 Dhcp (5e38d7684a49cacfb752b046357e0589) C:\WINDOWS\System32\dhcpcsvc.dll
15:06:11.0965 3272 Dhcp - ok
15:06:11.0980 3272 Disk (044452051f3e02e7963599fc8f4f3e25) C:\WINDOWS\system32\DRIVERS\disk.sys
15:06:12.0074 3272 Disk - ok
15:06:12.0090 3272 dmadmin - ok
15:06:12.0199 3272 dmboot (d992fe1274bde0f84ad826acae022a41) C:\WINDOWS\system32\drivers\dmboot.sys
15:06:12.0262 3272 dmboot - ok
15:06:12.0277 3272 dmio (7c824cf7bbde77d95c08005717a95f6f) C:\WINDOWS\system32\drivers\dmio.sys
15:06:12.0340 3272 dmio - ok
15:06:12.0371 3272 dmload (e9317282a63ca4d188c0df5e09c6ac5f) C:\WINDOWS\system32\drivers\dmload.sys
15:06:12.0433 3272 dmload - ok
15:06:12.0465 3272 dmserver (57edec2e5f59f0335e92f35184bc8631) C:\WINDOWS\System32\dmserver.dll
15:06:12.0512 3272 dmserver - ok
15:06:12.0527 3272 DMusic (8a208dfcf89792a484e76c40e5f50b45) C:\WINDOWS\system32\drivers\DMusic.sys
15:06:12.0590 3272 DMusic - ok
15:06:12.0605 3272 Dnscache (5f7e24fa9eab896051ffb87f840730d2) C:\WINDOWS\System32\dnsrslvr.dll
15:06:12.0637 3272 Dnscache - ok
15:06:12.0683 3272 Dot3svc (0f0f6e687e5e15579ef4da8dd6945814) C:\WINDOWS\System32\dot3svc.dll
15:06:12.0808 3272 Dot3svc - ok
15:06:12.0808 3272 dpti2o - ok
15:06:12.0808 3272 drmkaud (8f5fcff8e8848afac920905fbd9d33c8) C:\WINDOWS\system32\drivers\drmkaud.sys
15:06:12.0855 3272 drmkaud - ok
15:06:12.0949 3272 DTSRVC (222f54132446024480741abb675245b9) C:\Program Files\Common Files\Portrait Displays\Shared\DTSRVC.exe
15:06:12.0965 3272 DTSRVC ( UnsignedFile.Multi.Generic ) - warning
15:06:12.0965 3272 DTSRVC - detected UnsignedFile.Multi.Generic (1)
15:06:13.0027 3272 e1kexpress (8bed3dbbb13d2c8e1c1c9decec309826) C:\WINDOWS\system32\DRIVERS\e1k5132.sys
15:06:13.0043 3272 e1kexpress - ok
15:06:13.0058 3272 EapHost (2187855a7703adef0cef9ee4285182cc) C:\WINDOWS\System32\eapsvc.dll
15:06:13.0152 3272 EapHost - ok
15:06:13.0230 3272 EaseUS Agent (64585b1d85ff7566b99ced303a02f357) C:\Program Files\EaseUS\Todo Backup\bin\Agent.exe
15:06:13.0246 3272 EaseUS Agent - ok
15:06:13.0293 3272 EpsonBidirectionalService (abdd5ad016affd34ad40e944ce94bf59) C:\Program Files\Common Files\EPSON\EBAPI\eEBSVC.exe
15:06:13.0308 3272 EpsonBidirectionalService ( UnsignedFile.Multi.Generic ) - warning
15:06:13.0308 3272 EpsonBidirectionalService - detected UnsignedFile.Multi.Generic (1)
15:06:13.0355 3272 ERSvc (bc93b4a066477954555966d77fec9ecb) C:\WINDOWS\System32\ersvc.dll
15:06:13.0418 3272 ERSvc - ok
15:06:13.0465 3272 EUBAKUP (40f272bc66a4692c4e5a07008b3c428d) C:\WINDOWS\system32\drivers\eubakup.sys
15:06:13.0465 3272 EUBAKUP - ok
15:06:13.0480 3272 EUBKMON (d6dd9e76f2d084292d3a032aa7ce9aec) C:\WINDOWS\system32\drivers\EUBKMON.sys
15:06:13.0480 3272 EUBKMON - ok
15:06:13.0496 3272 EUDSKACS (b5a6d8ffb1be1ea333c96f8788c6a909) C:\WINDOWS\system32\drivers\eudskacs.sys
15:06:13.0496 3272 EUDSKACS - ok
15:06:13.0512 3272 EUFDDISK (a67bf5bb59c6c15fab47c771dbe00c20) C:\WINDOWS\system32\drivers\EuFdDisk.sys
15:06:13.0527 3272 EUFDDISK - ok
15:06:13.0574 3272 Eventlog (65df52f5b8b6e9bbd183505225c37315) C:\WINDOWS\system32\services.exe
15:06:13.0590 3272 Eventlog - ok
15:06:13.0652 3272 EventSystem (d4991d98f2db73c60d042f1aef79efae) C:\WINDOWS\system32\es.dll
15:06:13.0668 3272 EventSystem - ok
15:06:13.0715 3272 Fastfat (38d332a6d56af32635675f132548343e) C:\WINDOWS\system32\drivers\Fastfat.sys
15:06:13.0777 3272 Fastfat - ok
15:06:13.0840 3272 FastUserSwitchingCompatibility (99bc0b50f511924348be19c7c7313bbf) C:\WINDOWS\System32\shsvcs.dll
15:06:13.0855 3272 FastUserSwitchingCompatibility - ok
15:06:13.0918 3272 Fax (e97d6a8684466df94ff3bc24fb787a07) C:\WINDOWS\system32\fxssvc.exe
15:06:14.0043 3272 Fax - ok
15:06:14.0058 3272 Fdc (92cdd60b6730b9f50f6a1a0c1f8cdc81) C:\WINDOWS\system32\drivers\Fdc.sys
15:06:14.0121 3272 Fdc - ok
15:06:14.0137 3272 Fips (d45926117eb9fa946a6af572fbe1caa3) C:\WINDOWS\system32\drivers\Fips.sys
15:06:14.0199 3272 Fips - ok
15:06:14.0262 3272 FLCDLOCK (36f3fcb7547431756eb260cf96d84a4e) C:\WINDOWS\system32\flcdlock.exe
15:06:14.0277 3272 FLCDLOCK - ok
15:06:14.0433 3272 FLEXnet Licensing Service (73081cf28f0ae20a52ca4f67cee6e6b0) C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
15:06:14.0465 3272 FLEXnet Licensing Service - ok
15:06:14.0574 3272 Flpydisk (9d27e7b80bfcdf1cdd9b555862d5e7f0) C:\WINDOWS\system32\drivers\Flpydisk.sys
15:06:14.0683 3272 Flpydisk - ok
15:06:14.0699 3272 FltMgr (b2cf4b0786f8212cb92ed2b50c6db6b0) C:\WINDOWS\system32\drivers\fltmgr.sys
15:06:14.0793 3272 FltMgr - ok
15:06:14.0902 3272 FontCache3.0.0.0 (8ba7c024070f2b7fdd98ed8a4ba41789) c:\WINDOWS\Microsoft.NET\Framework\v3.0\WPF\PresentationFontCache.exe
15:06:14.0902 3272 FontCache3.0.0.0 - ok
15:06:14.0965 3272 Fs_Rec (3e1e2bd4f39b0e2b7dc4f4d2bcc2779a) C:\WINDOWS\system32\drivers\Fs_Rec.sys
15:06:15.0074 3272 Fs_Rec - ok
15:06:15.0105 3272 Ftdisk (6ac26732762483366c3969c9e4d2259d) C:\WINDOWS\system32\DRIVERS\ftdisk.sys
15:06:15.0199 3272 Ftdisk - ok
15:06:15.0215 3272 Gpc (0a02c63c8b144bd8c86b103dee7c86a2) C:\WINDOWS\system32\DRIVERS\msgpc.sys
15:06:15.0308 3272 Gpc - ok
15:06:15.0512 3272 Guard Agent (a6a4223573cfcf87843cfcb3a9c237c7) C:\Program Files\EaseUS\Todo Backup\bin\GuardAgent.exe
15:06:15.0527 3272 Guard Agent - ok
15:06:15.0574 3272 gupdate (f02a533f517eb38333cb12a9e8963773) C:\Program Files\Google\Update\GoogleUpdate.exe
15:06:15.0574 3272 gupdate - ok
15:06:15.0574 3272 gupdatem (f02a533f517eb38333cb12a9e8963773) C:\Program Files\Google\Update\GoogleUpdate.exe
15:06:15.0590 3272 gupdatem - ok
15:06:15.0621 3272 HDAudBus (573c7d0a32852b48f3058cfd8026f511) C:\WINDOWS\system32\DRIVERS\HDAudBus.sys
15:06:15.0683 3272 HDAudBus - ok
15:06:15.0730 3272 HECI (a88485dc6a7136c10d9a6c7e38fdfe3c) C:\WINDOWS\system32\DRIVERS\HECI.sys
15:06:15.0746 3272 HECI - ok
15:06:15.0855 3272 helpsvc (4fcca060dfe0c51a09dd5c3843888bcd) C:\WINDOWS\PCHealth\HelpCtr\Binaries\pchsvc.dll
15:06:15.0918 3272 helpsvc - ok
15:06:15.0949 3272 HidServ (deb04da35cc871b6d309b77e1443c796) C:\WINDOWS\System32\hidserv.dll
15:06:16.0027 3272 HidServ - ok
15:06:16.0058 3272 hidusb (ccf82c5ec8a7326c3066de870c06daf1) C:\WINDOWS\system32\DRIVERS\hidusb.sys
15:06:16.0121 3272 hidusb - ok
15:06:16.0183 3272 HitmanProScheduler (dfe4303b9e624eca01ad5e388b9d1dea) C:\Program Files\HitmanPro\hmpsched.exe
15:06:16.0183 3272 HitmanProScheduler - ok
15:06:16.0230 3272 hkmsvc (8878bd685e490239777bfe51320b88e9) C:\WINDOWS\System32\kmsvc.dll
15:06:16.0308 3272 hkmsvc - ok
15:06:16.0355 3272 hpdskflt (c1ae4bc866aaf10d8bbb182b35c14986) C:\WINDOWS\system32\DRIVERS\hpdskflt.sys
15:06:16.0355 3272 hpdskflt - ok
15:06:16.0371 3272 hpn - ok
15:06:16.0418 3272 HpqKbFiltr (35956140e686d53bf676cf0c778880fc) C:\WINDOWS\system32\DRIVERS\HpqKbFiltr.sys
15:06:16.0433 3272 HpqKbFiltr - ok
15:06:16.0543 3272 hpqwmiex (fdf273a845f1ffcceadf363aaf47582f) C:\Program Files\Hewlett-Packard\Shared\hpqwmiex.exe
15:06:16.0543 3272 hpqwmiex - ok
15:06:16.0574 3272 HTCAND32 (cbd09ed9cf6822177ee85aea4d8816a2) C:\WINDOWS\system32\Drivers\ANDROIDUSB.sys
15:06:16.0590 3272 HTCAND32 - ok
15:06:16.0605 3272 htcnprot (04e3b3554076b8192a668efe88a682a1) C:\WINDOWS\system32\DRIVERS\htcnprot.sys
15:06:16.0636 3272 htcnprot - ok
15:06:16.0699 3272 HTTP (f80a415ef82cd06ffaf0d971528ead38) C:\WINDOWS\system32\Drivers\HTTP.sys
15:06:16.0699 3272 HTTP - ok
15:06:16.0761 3272 HTTPFilter (6100a808600f44d999cebdef8841c7a3) C:\WINDOWS\System32\w3ssl.dll
15:06:16.0808 3272 HTTPFilter - ok
15:06:16.0808 3272 i2omgmt - ok
15:06:16.0808 3272 i2omp - ok
15:06:16.0840 3272 i8042prt (4a0b06aa8943c1e332520f7440c0aa30) C:\WINDOWS\system32\DRIVERS\i8042prt.sys
15:06:16.0949 3272 i8042prt - ok
15:06:17.0011 3272 IDriverT (daf66902f08796f9c694901660e5a64a) C:\Program Files\Common Files\InstallShield\Driver\1150\Intel 32\IDriverT.exe
15:06:17.0043 3272 IDriverT ( UnsignedFile.Multi.Generic ) - warning
15:06:17.0043 3272 IDriverT - detected UnsignedFile.Multi.Generic (1)
15:06:17.0168 3272 idsvc (c01ac32dc5c03076cfb852cb5da5229c) c:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe
15:06:17.0199 3272 idsvc - ok
15:06:17.0246 3272 IFXTPM (91c5e9f49f32110ced27e2f902fad607) C:\WINDOWS\system32\DRIVERS\IFXTPM.SYS
15:06:17.0261 3272 IFXTPM - ok
15:06:17.0277 3272 Imapi (083a052659f5310dd8b6a6cb05edcf8e) C:\WINDOWS\system32\DRIVERS\imapi.sys
15:06:17.0371 3272 Imapi - ok
15:06:17.0402 3272 ImapiService (30deaf54a9755bb8546168cfe8a6b5e1) C:\WINDOWS\system32\imapi.exe
15:06:17.0480 3272 ImapiService - ok
15:06:17.0496 3272 Impcd (2db41ba61d5e44d0667cf126d35dcf34) C:\WINDOWS\system32\DRIVERS\Impcd.sys
15:06:17.0511 3272 Impcd - ok
15:06:17.0527 3272 ini910u - ok
15:06:17.0527 3272 IntelIde - ok
15:06:17.0574 3272 intelppm (8c953733d8f36eb2133f5bb58808b66b) C:\WINDOWS\system32\DRIVERS\intelppm.sys
15:06:17.0636 3272 intelppm - ok
15:06:17.0652 3272 Ip6Fw (3bb22519a194418d5fec05d800a19ad0) C:\WINDOWS\system32\drivers\ip6fw.sys
15:06:17.0730 3272 Ip6Fw - ok
15:06:17.0761 3272 IpFilterDriver (731f22ba402ee4b62748adaf6363c182) C:\WINDOWS\system32\DRIVERS\ipfltdrv.sys
15:06:17.0840 3272 IpFilterDriver - ok
15:06:17.0871 3272 IpInIp (b87ab476dcf76e72010632b5550955f5) C:\WINDOWS\system32\DRIVERS\ipinip.sys
15:06:17.0949 3272 IpInIp - ok
15:06:17.0980 3272 IpNat (cc748ea12c6effde940ee98098bf96bb) C:\WINDOWS\system32\DRIVERS\ipnat.sys
15:06:18.0058 3272 IpNat - ok
15:06:18.0074 3272 IPSec (23c74d75e36e7158768dd63d92789a91) C:\WINDOWS\system32\DRIVERS\ipsec.sys
15:06:18.0136 3272 IPSec - ok
15:06:18.0168 3272 IRENUM (c93c9ff7b04d772627a3646d89f7bf89) C:\WINDOWS\system32\DRIVERS\irenum.sys
15:06:18.0215 3272 IRENUM - ok
15:06:18.0261 3272 isapnp (05a299ec56e52649b1cf2fc52d20f2d7) C:\WINDOWS\system32\DRIVERS\isapnp.sys
15:06:18.0340 3272 isapnp - ok
15:06:18.0496 3272 JavaQuickStarterService (0a5709543986843d37a92290b7838340) C:\Program Files\Java\jre6\bin\jqs.exe
15:06:18.0496 3272 JavaQuickStarterService - ok
15:06:18.0511 3272 Kbdclass (463c1ec80cd17420a542b7f36a36f128) C:\WINDOWS\system32\DRIVERS\kbdclass.sys
15:06:18.0558 3272 Kbdclass - ok
15:06:18.0605 3272 kbdhid (9ef487a186dea361aa06913a75b3fa99) C:\WINDOWS\system32\DRIVERS\kbdhid.sys
15:06:18.0683 3272 kbdhid - ok
15:06:18.0730 3272 kmixer (692bcf44383d056aed41b045a323d378) C:\WINDOWS\system32\drivers\kmixer.sys
15:06:18.0808 3272 kmixer - ok
15:06:18.0808 3272 KSecDD (b467646c54cc746128904e1654c750c1) C:\WINDOWS\system32\drivers\KSecDD.sys
15:06:18.0824 3272 KSecDD - ok
15:06:18.0886 3272 lanmanserver (3a7c3cbe5d96b8ae96ce81f0b22fb527) C:\WINDOWS\System32\srvsvc.dll
15:06:18.0902 3272 lanmanserver - ok
15:06:18.0902 3272 lanmanworkstation (a8888a5327621856c0cec4e385f69309) C:\WINDOWS\System32\wkssvc.dll
15:06:18.0918 3272 lanmanworkstation - ok
15:06:18.0949 3272 LBeepKE (9ffd1cf2a782f2560e78eec4b8b8689e) C:\WINDOWS\system32\Drivers\LBeepKE.sys
15:06:18.0949 3272 LBeepKE - ok
15:06:18.0949 3272 lbrtfdc - ok
15:06:19.0074 3272 LBTServ (3af6b73a3ad1fc37c5933441f66ceb91) C:\Program Files\Common Files\Logishrd\Bluetooth\LBTServ.exe
15:06:19.0074 3272 LBTServ - ok
15:06:19.0121 3272 LEqdUsb (70035567754bed4e6ad353ca3f175127) C:\WINDOWS\system32\Drivers\LEqdUsb.Sys
15:06:19.0121 3272 LEqdUsb - ok
15:06:19.0121 3272 LHidEqd (32491b6bae0afad1d7a62c0ef0af4321) C:\WINDOWS\system32\Drivers\LHidEqd.Sys
15:06:19.0136 3272 LHidEqd - ok
15:06:19.0152 3272 LHidFilt (7f9c7b28cf1c859e1c42619eea946dc8) C:\WINDOWS\system32\DRIVERS\LHidFilt.Sys
15:06:19.0152 3272 LHidFilt - ok
15:06:19.0168 3272 LmHosts (a7db739ae99a796d91580147e919cc59) C:\WINDOWS\System32\lmhsvc.dll
15:06:19.0215 3272 LmHosts - ok
15:06:19.0324 3272 LMIGuardianSvc (c2bc96051da4330c1fcf2fe13f60a748) C:\Program Files\LogMeIn\x86\LMIGuardianSvc.exe
15:06:19.0340 3272 LMIGuardianSvc - ok
15:06:19.0386 3272 LMIInfo (4f69faaabb7db0d43e327c0b6aab40fc) C:\Program Files\LogMeIn\x86\RaInfo.sys
15:06:19.0386 3272 LMIInfo - ok
15:06:19.0402 3272 LMIMaint (8960ac10842199c9dc2ec0956f5a4a8d) C:\Program Files\LogMeIn\x86\RaMaint.exe
15:06:19.0402 3272 LMIMaint - ok
15:06:19.0449 3272 lmimirr (4477689e2d8ae6b78ba34c9af4cc1ed1) C:\WINDOWS\system32\DRIVERS\lmimirr.sys
15:06:19.0465 3272 lmimirr - ok
15:06:19.0465 3272 LMIRfsClientNP - ok
15:06:19.0480 3272 LMIRfsDriver (3faa563ddf853320f90259d455a01d79) C:\WINDOWS\system32\drivers\LMIRfsDriver.sys
15:06:19.0480 3272 LMIRfsDriver - ok
15:06:19.0496 3272 LMouFilt (ab33792a87285344f43b5ce23421bab0) C:\WINDOWS\system32\DRIVERS\LMouFilt.Sys
15:06:19.0496 3272 LMouFilt - ok
15:06:19.0558 3272 LMS (271f79326cd571bd271d45c47148ed78) C:\Program Files\Intel\Intel® Management Engine Components\LMS\LMS.exe
15:06:19.0574 3272 LMS - ok
15:06:19.0605 3272 LogMeIn (432618fa75b61059d2c57d6a7e55147a) C:\Program Files\LogMeIn\x86\LogMeIn.exe
15:06:19.0621 3272 LogMeIn - ok
15:06:19.0652 3272 MBAMSwissArmy (0db7527db188c7d967a37bb51bbf3963) C:\WINDOWS\system32\drivers\mbamswissarmy.sys
15:06:19.0652 3272 MBAMSwissArmy - ok
15:06:19.0683 3272 Messenger (986b1ff5814366d71e0ac5755c88f2d3) C:\WINDOWS\System32\msgsvc.dll
15:06:19.0761 3272 Messenger - ok
15:06:19.0886 3272 mi-raysat_3dsmax2012_32 (0af89452a8ce3928168f4e5b2208c68b) C:\Program Files\Autodesk\3ds Max Design 2012\mentalimages\satellite\raysat_3dsmax2012_32server.exe
15:06:19.0886 3272 mi-raysat_3dsmax2012_32 ( UnsignedFile.Multi.Generic ) - warning
15:06:19.0886 3272 mi-raysat_3dsmax2012_32 - detected UnsignedFile.Multi.Generic (1)
15:06:19.0949 3272 Microsoft SharePoint Workspace Audit Service - ok
15:06:19.0980 3272 mnmdd (4ae068242760a1fb6e1a44bf4e16afa6) C:\WINDOWS\system32\drivers\mnmdd.sys
15:06:20.0058 3272 mnmdd - ok
15:06:20.0090 3272 mnmsrvc (d18f1f0c101d06a1c1adf26eed16fcdd) C:\WINDOWS\system32\mnmsrvc.exe
15:06:20.0168 3272 mnmsrvc - ok
15:06:20.0183 3272 Modem (dfcbad3cec1c5f964962ae10e0bcc8e1) C:\WINDOWS\system32\drivers\Modem.sys
15:06:20.0246 3272 Modem - ok
15:06:20.0261 3272 Mouclass (35c9e97194c8cfb8430125f8dbc34d04) C:\WINDOWS\system32\DRIVERS\mouclass.sys
15:06:20.0371 3272 Mouclass - ok
15:06:20.0418 3272 mouhid (b1c303e17fb9d46e87a98e4ba6769685) C:\WINDOWS\system32\DRIVERS\mouhid.sys
15:06:20.0496 3272 mouhid - ok
15:06:20.0511 3272 MountMgr (a80b9a0bad1b73637dbcbba7df72d3fd) C:\WINDOWS\system32\drivers\MountMgr.sys
15:06:20.0574 3272 MountMgr - ok
15:06:20.0574 3272 mraid35x - ok
15:06:20.0590 3272 MRxDAV (11d42bb6206f33fbb3ba0288d3ef81bd) C:\WINDOWS\system32\DRIVERS\mrxdav.sys
15:06:20.0668 3272 MRxDAV - ok
15:06:20.0746 3272 MRxSmb (7d304a5eb4344ebeeab53a2fe3ffb9f0) C:\WINDOWS\system32\DRIVERS\mrxsmb.sys
15:06:20.0808 3272 MRxSmb - ok
15:06:20.0824 3272 MSDTC (a137f1470499a205abbb9aafb3b6f2b1) C:\WINDOWS\system32\msdtc.exe
15:06:20.0871 3272 MSDTC - ok
15:06:20.0902 3272 Msfs (c941ea2454ba8350021d774daf0f1027) C:\WINDOWS\system32\drivers\Msfs.sys
15:06:20.0980 3272 Msfs - ok
15:06:20.0980 3272 MSIServer - ok
15:06:21.0011 3272 MSKSSRV (d1575e71568f4d9e14ca56b7b0453bf1) C:\WINDOWS\system32\drivers\MSKSSRV.sys
15:06:21.0105 3272 MSKSSRV - ok
15:06:21.0136 3272 MSPCLOCK (325bb26842fc7ccc1fcce2c457317f3e) C:\WINDOWS\system32\drivers\MSPCLOCK.sys
15:06:21.0230 3272 MSPCLOCK - ok
15:06:21.0261 3272 MSPQM (bad59648ba099da4a17680b39730cb3d) C:\WINDOWS\system32\drivers\MSPQM.sys
15:06:21.0339 3272 MSPQM - ok
15:06:21.0355 3272 mssmbios (af5f4f3f14a8ea2c26de30f7a1e17136) C:\WINDOWS\system32\DRIVERS\mssmbios.sys
15:06:21.0433 3272 mssmbios - ok
15:06:21.0464 3272 MSTEE (e53736a9e30c45fa9e7b5eac55056d1d) C:\WINDOWS\system32\drivers\MSTEE.sys
15:06:21.0511 3272 MSTEE - ok
15:06:21.0543 3272 Mup (de6a75f5c270e756c5508d94b6cf68f5) C:\WINDOWS\system32\drivers\Mup.sys
15:06:21.0558 3272 Mup - ok
15:06:21.0605 3272 NABTSFEC (5b50f1b2a2ed47d560577b221da734db) C:\WINDOWS\system32\DRIVERS\NABTSFEC.sys
15:06:21.0699 3272 NABTSFEC - ok
15:06:21.0746 3272 napagent (0102140028fad045756796e1c685d695) C:\WINDOWS\System32\qagentrt.dll
15:06:21.0808 3272 napagent - ok
15:06:21.0839 3272 NDIS (1df7f42665c94b825322fae71721130d) C:\WINDOWS\system32\drivers\NDIS.sys
15:06:21.0918 3272 NDIS - ok
15:06:21.0933 3272 NdisIP (7ff1f1fd8609c149aa432f95a8163d97) C:\WINDOWS\system32\DRIVERS\NdisIP.sys
15:06:22.0058 3272 NdisIP - ok
15:06:22.0105 3272 NdisTapi (0109c4f3850dfbab279542515386ae22) C:\WINDOWS\system32\DRIVERS\ndistapi.sys
15:06:22.0121 3272 NdisTapi - ok
15:06:22.0136 3272 Ndisuio (f927a4434c5028758a842943ef1a3849) C:\WINDOWS\system32\DRIVERS\ndisuio.sys
15:06:22.0199 3272 Ndisuio - ok
15:06:22.0214 3272 NdisWan (edc1531a49c80614b2cfda43ca8659ab) C:\WINDOWS\system32\DRIVERS\ndiswan.sys
15:06:22.0261 3272 NdisWan - ok
15:06:22.0308 3272 NDProxy (9282bd12dfb069d3889eb3fcc1000a9b) C:\WINDOWS\system32\drivers\NDProxy.sys
15:06:22.0324 3272 NDProxy - ok
15:06:22.0339 3272 NetBIOS (5d81cf9a2f1a3a756b66cf684911cdf0) C:\WINDOWS\system32\DRIVERS\netbios.sys
15:06:22.0386 3272 NetBIOS - ok
15:06:22.0433 3272 NetBT (74b2b2f5bea5e9a3dc021d685551bd3d) C:\WINDOWS\system32\DRIVERS\netbt.sys
15:06:22.0496 3272 NetBT - ok
15:06:22.0543 3272 NetDDE (b857ba82860d7ff85ae29b095645563b) C:\WINDOWS\system32\netdde.exe
15:06:22.0605 3272 NetDDE - ok
15:06:22.0605 3272 NetDDEdsdm (b857ba82860d7ff85ae29b095645563b) C:\WINDOWS\system32\netdde.exe
15:06:22.0668 3272 NetDDEdsdm - ok
15:06:22.0683 3272 Netlogon (bf2466b3e18e970d8a976fb95fc1ca85) C:\WINDOWS\system32\lsass.exe
15:06:22.0730 3272 Netlogon - ok
15:06:22.0761 3272 Netman (13e67b55b3abd7bf3fe7aae5a0f9a9de) C:\WINDOWS\System32\netman.dll
15:06:22.0824 3272 Netman - ok
15:06:22.0949 3272 NetTcpPortSharing (d22cd77d4f0d63d1169bb35911bff12d) C:\WINDOWS\Microsoft.NET\Framework\v4.0.30319\SMSvcHost.exe
15:06:22.0949 3272 NetTcpPortSharing - ok
15:06:23.0496 3272 NETwNx32 (32e6902485c5add8e4c6cd21545d5133) C:\WINDOWS\system32\DRIVERS\NETwNx32.sys
15:06:23.0652 3272 NETwNx32 - ok
15:06:23.0808 3272 NIC1394 (e9e47cfb2d461fa0fc75b7a74c6383ea) C:\WINDOWS\system32\DRIVERS\nic1394.sys
15:06:23.0871 3272 NIC1394 - ok
15:06:23.0933 3272 Nla (943337d786a56729263071623bbb9de5) C:\WINDOWS\System32\mswsock.dll
15:06:23.0964 3272 Nla - ok
15:06:23.0964 3272 Npfs (3182d64ae053d6fb034f44b6def8034a) C:\WINDOWS\system32\drivers\Npfs.sys
15:06:24.0043 3272 Npfs - ok
15:06:24.0105 3272 Ntfs (78a08dd6a8d65e697c18e1db01c5cdca) C:\WINDOWS\system32\drivers\Ntfs.sys
15:06:24.0652 3272 Ntfs - ok
15:06:24.0683 3272 NtLmSsp (bf2466b3e18e970d8a976fb95fc1ca85) C:\WINDOWS\system32\lsass.exe
15:06:24.0746 3272 NtLmSsp - ok
15:06:24.0793 3272 NtmsSvc (156f64a3345bd23c600655fb4d10bc08) C:\WINDOWS\system32\ntmssvc.dll
15:06:24.0918 3272 NtmsSvc - ok
15:06:24.0964 3272 Null (73c1e1f395918bc2c6dd67af7591a3ad) C:\WINDOWS\system32\drivers\Null.sys
15:06:25.0105 3272 Null - ok
15:06:25.0121 3272 nusb3hub (68c890ddb21028cb1ea5551b47b29e1b) C:\WINDOWS\system32\DRIVERS\nusb3hub.sys
15:06:25.0136 3272 nusb3hub - ok
15:06:25.0183 3272 nusb3xhc (2cf970c1a9e05d3b91039c2dd4471c0e) C:\WINDOWS\system32\DRIVERS\nusb3xhc.sys
15:06:25.0199 3272 nusb3xhc - ok
15:06:25.0793 3272 nv (6ad9ee567a67c010dfae9f25d172a0aa) C:\WINDOWS\system32\DRIVERS\nv4_mini.sys
15:06:26.0136 3272 nv - ok
15:06:26.0277 3272 nvsvc (c0798084837e229bfc42a77313cf0eae) C:\WINDOWS\system32\nvsvc32.exe
15:06:26.0292 3272 nvsvc - ok
15:06:26.0324 3272 NwlnkFlt (b305f3fad35083837ef46a0bbce2fc57) C:\WINDOWS\system32\DRIVERS\nwlnkflt.sys
15:06:26.0417 3272 NwlnkFlt - ok
15:06:26.0417 3272 NwlnkFwd (c99b3415198d1aab7227f2c88fd664b9) C:\WINDOWS\system32\DRIVERS\nwlnkfwd.sys
15:06:26.0496 3272 NwlnkFwd - ok
15:06:26.0527 3272 ohci1394 (ca33832df41afb202ee7aeb05145922f) C:\WINDOWS\system32\DRIVERS\ohci1394.sys
15:06:26.0589 3272 ohci1394 - ok
15:06:26.0683 3272 ose (9d10f99a6712e28f8acd5641e3a7ea6b) C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE
15:06:26.0699 3272 ose - ok
15:06:27.0105 3272 osppsvc (358a9cca612c68eb2f07ddad4ce1d8d7) C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE
15:06:27.0214 3272 osppsvc - ok
15:06:27.0355 3272 Parport (5575faf8f97ce5e713d108c2a58d7c7c) C:\WINDOWS\system32\DRIVERS\parport.sys
15:06:27.0402 3272 Parport - ok
15:06:27.0417 3272 PartMgr (beb3ba25197665d82ec7065b724171c6) C:\WINDOWS\system32\drivers\PartMgr.sys
15:06:27.0480 3272 PartMgr - ok
15:06:27.0527 3272 ParVdm (70e98b3fd8e963a6a46a2e6247e0bea1) C:\WINDOWS\system32\drivers\ParVdm.sys
15:06:27.0589 3272 ParVdm - ok
15:06:27.0730 3272 PassThru Service (39b9dcd7040654c2e57d7396736c718e) c:\Program Files\HTC\Internet Pass-Through\PassThruSvr.exe
15:06:27.0746 3272 PassThru Service ( UnsignedFile.Multi.Generic ) - warning
15:06:27.0746 3272 PassThru Service - detected UnsignedFile.Multi.Generic (1)
15:06:27.0777 3272 PCI (a219903ccf74233761d92bef471a07b1) C:\WINDOWS\system32\DRIVERS\pci.sys
15:06:27.0824 3272 PCI - ok
15:06:27.0824 3272 PCIDump - ok
15:06:27.0824 3272 PCIIde (ccf5f451bb1a5a2a522a76e670000ff0) C:\WINDOWS\system32\DRIVERS\pciide.sys
15:06:27.0902 3272 PCIIde - ok
15:06:27.0917 3272 Pcmcia (9e89ef60e9ee05e3f2eef2da7397f1c1) C:\WINDOWS\system32\DRIVERS\pcmcia.sys
15:06:27.0964 3272 Pcmcia - ok
15:06:27.0964 3272 PDCOMP - ok
15:06:28.0011 3272 pdfcDispatcher - ok
15:06:28.0011 3272 PDFRAME - ok
15:06:28.0074 3272 PdiPorts (797cb64632201f14b723091f826166a6) C:\WINDOWS\system32\Drivers\PdiPorts.sys
15:06:28.0074 3272 PdiPorts - ok
15:06:28.0199 3272 PdiService (67a21574969956e3a42cff3a55fcd150) C:\Program Files\Common Files\Portrait Displays\Drivers\pdisrvc.exe
15:06:28.0199 3272 PdiService - ok
15:06:28.0199 3272 PDRELI - ok
15:06:28.0199 3272 PDRFRAME - ok
15:06:28.0214 3272 perc2 - ok
15:06:28.0214 3272 perc2hib - ok
15:06:28.0261 3272 Pivot (68c6ade0da199e7c00b6083da4605cb8) C:\WINDOWS\system32\drivers\pivot.sys
15:06:28.0277 3272 Pivot ( UnsignedFile.Multi.Generic ) - warning
15:06:28.0277 3272 Pivot - detected UnsignedFile.Multi.Generic (1)
15:06:28.0308 3272 pivotmou (552a7a474fd47bc634113b169494dfbb) C:\WINDOWS\system32\drivers\pivotmou.sys
15:06:28.0324 3272 pivotmou ( UnsignedFile.Multi.Generic ) - warning
15:06:28.0324 3272 pivotmou - detected UnsignedFile.Multi.Generic (1)
15:06:28.0386 3272 PlugPlay (65df52f5b8b6e9bbd183505225c37315) C:\WINDOWS\system32\services.exe
15:06:28.0386 3272 PlugPlay - ok
15:06:28.0433 3272 PolicyAgent (bf2466b3e18e970d8a976fb95fc1ca85) C:\WINDOWS\system32\lsass.exe
15:06:28.0511 3272 PolicyAgent - ok
15:06:28.0542 3272 PptpMiniport (efeec01b1d3cf84f16ddd24d9d9d8f99) C:\WINDOWS\system32\DRIVERS\raspptp.sys
15:06:28.0621 3272 PptpMiniport - ok
15:06:28.0636 3272 ProtectedStorage (bf2466b3e18e970d8a976fb95fc1ca85) C:\WINDOWS\system32\lsass.exe
15:06:28.0730 3272 ProtectedStorage - ok
15:06:28.0730 3272 PSched (09298ec810b07e5d582cb3a3f9255424) C:\WINDOWS\system32\DRIVERS\psched.sys
15:06:28.0792 3272 PSched - ok
15:06:28.0824 3272 Ptilink (80d317bd1c3dbc5d4fe7b1678c60cadd) C:\WINDOWS\system32\DRIVERS\ptilink.sys
15:06:28.0886 3272 Ptilink - ok
15:06:28.0917 3272 PxHelp20 (e42e3433dbb4cffe8fdd91eab29aea8e) C:\WINDOWS\system32\Drivers\PxHelp20.sys
15:06:28.0917 3272 PxHelp20 - ok
15:06:28.0917 3272 ql1080 - ok
15:06:28.0917 3272 Ql10wnt - ok
15:06:28.0933 3272 ql12160 - ok
15:06:28.0933 3272 ql1240 - ok
15:06:28.0933 3272 ql1280 - ok
15:06:28.0949 3272 RasAcd (fe0d99d6f31e4fad8159f690d68ded9c) C:\WINDOWS\system32\DRIVERS\rasacd.sys
15:06:29.0011 3272 RasAcd - ok
15:06:29.0027 3272 RasAuto (ad188be7bdf94e8df4ca0a55c00a5073) C:\WINDOWS\System32\rasauto.dll
15:06:29.0105 3272 RasAuto - ok
15:06:29.0121 3272 Rasl2tp (11b4a627bc9614b885c4969bfa5ff8a6) C:\WINDOWS\system32\DRIVERS\rasl2tp.sys
15:06:29.0167 3272 Rasl2tp - ok
15:06:29.0214 3272 RasMan (76a9a3cbeadd68cc57cda5e1d7448235) C:\WINDOWS\System32\rasmans.dll
15:06:29.0277 3272 RasMan - ok
15:06:29.0292 3272 RasPppoe (5bc962f2654137c9909c3d4603587dee) C:\WINDOWS\system32\DRIVERS\raspppoe.sys
15:06:29.0386 3272 RasPppoe - ok
15:06:29.0386 3272 Raspti (fdbb1d60066fcfbb7452fd8f9829b242) C:\WINDOWS\system32\DRIVERS\raspti.sys
15:06:29.0480 3272 Raspti - ok
15:06:29.0511 3272 Rdbss (7ad224ad1a1437fe28d89cf22b17780a) C:\WINDOWS\system32\DRIVERS\rdbss.sys
15:06:29.0589 3272 Rdbss - ok
15:06:29.0589 3272 RDPCDD (4912d5b403614ce99c28420f75353332) C:\WINDOWS\system32\DRIVERS\RDPCDD.sys
15:06:29.0667 3272 RDPCDD - ok
15:06:29.0683 3272 rdpdr (15cabd0f7c00c47c70124907916af3f1) C:\WINDOWS\system32\DRIVERS\rdpdr.sys
15:06:29.0761 3272 rdpdr - ok
15:06:29.0808 3272 RDPWD (5b3055daa788bd688594d2f5981f2a83) C:\WINDOWS\system32\drivers\RDPWD.sys
15:06:29.0824 3272 RDPWD - ok
15:06:29.0855 3272 RDSessMgr (3c37bf86641bda977c3bf8a840f3b7fa) C:\WINDOWS\system32\sessmgr.exe
15:06:29.0933 3272 RDSessMgr - ok
15:06:29.0964 3272 redbook (f828dd7e1419b6653894a8f97a0094c5) C:\WINDOWS\system32\DRIVERS\redbook.sys
15:06:30.0058 3272 redbook - ok
15:06:30.0089 3272 RemoteAccess (7e699ff5f59b5d9de5390e3c34c67cf5) C:\WINDOWS\System32\mprdim.dll
15:06:30.0183 3272 RemoteAccess - ok
15:06:30.0230 3272 RemoteRegistry (5b19b557b0c188210a56a6b699d90b8f) C:\WINDOWS\system32\regsvc.dll
15:06:30.0308 3272 RemoteRegistry - ok
15:06:30.0355 3272 rimmptsk (df672613fbbcd58c38bb0bc2694bcfb0) C:\WINDOWS\system32\DRIVERS\rimmptsk.sys
15:06:30.0371 3272 rimmptsk - ok
15:06:30.0386 3272 rimsptsk (9bfb54d3559f2ff7301271d29d383564) C:\WINDOWS\system32\DRIVERS\rimsptsk.sys
15:06:30.0402 3272 rimsptsk - ok
15:06:30.0402 3272 rismc32 (470fc46e2989f6606043c1c5365b15fd) C:\WINDOWS\system32\DRIVERS\rismc32.sys
15:06:30.0417 3272 rismc32 - ok
15:06:30.0433 3272 rismxdp (dcb87da83cc1010cbc9fc4dc9e395bbc) C:\WINDOWS\system32\DRIVERS\rixdptsk.sys
15:06:30.0449 3272 rismxdp - ok
15:06:30.0480 3272 RpcLocator (aaed593f84afa419bbae8572af87cf6a) C:\WINDOWS\system32\locator.exe
15:06:30.0589 3272 RpcLocator - ok
15:06:30.0652 3272 RpcSs (6b27a5c03dfb94b4245739065431322c) C:\WINDOWS\System32\rpcss.dll
15:06:30.0683 3272 RpcSs - ok
15:06:30.0714 3272 RSVP (471b3f9741d762abe75e9deea4787e47) C:\WINDOWS\system32\rsvp.exe
15:06:30.0777 3272 RSVP - ok
15:06:30.0808 3272 SamSs (bf2466b3e18e970d8a976fb95fc1ca85) C:\WINDOWS\system32\lsass.exe
15:06:30.0871 3272 SamSs - ok
15:06:30.0886 3272 SCardSvr (86d007e7a654b9a71d1d7d856b104353) C:\WINDOWS\System32\SCardSvr.exe
15:06:31.0011 3272 SCardSvr - ok
15:06:31.0042 3272 Schedule (0a9a7365a1ca4319aa7c1d6cd8e4eafa) C:\WINDOWS\system32\schedsvc.dll
15:06:31.0152 3272 Schedule - ok
15:06:31.0199 3272 sdbus (8d04819a3ce51b9eb47e5689b44d43c4) C:\WINDOWS\system32\DRIVERS\sdbus.sys
15:06:31.0292 3272 sdbus - ok
15:06:31.0324 3272 Secdrv (90a3935d05b494a5a39d37e71f09a677) C:\WINDOWS\system32\DRIVERS\secdrv.sys
15:06:31.0402 3272 Secdrv - ok
15:06:31.0433 3272 seclogon (cbe612e2bb6a10e3563336191eda1250) C:\WINDOWS\System32\seclogon.dll
15:06:31.0558 3272 seclogon - ok
15:06:31.0558 3272 SENS (7fdd5d0684eca8c1f68b4d99d124dcd0) C:\WINDOWS\system32\sens.dll
15:06:31.0683 3272 SENS - ok
15:06:31.0699 3272 Serenum (0f29512ccd6bead730039fb4bd2c85ce) C:\WINDOWS\system32\DRIVERS\serenum.sys
15:06:31.0824 3272 Serenum - ok
15:06:31.0839 3272 Serial (cca207a8896d4c6a0c9ce29a4ae411a7) C:\WINDOWS\system32\DRIVERS\serial.sys
15:06:31.0917 3272 Serial - ok
15:06:31.0933 3272 Sfloppy (8e6b8c671615d126fdc553d1e2de5562) C:\WINDOWS\system32\drivers\Sfloppy.sys
15:06:32.0042 3272 Sfloppy - ok
15:06:32.0089 3272 SharedAccess (83f41d0d89645d7235c051ab1d9523ac) C:\WINDOWS\System32\ipnathlp.dll
15:06:32.0199 3272 SharedAccess - ok
15:06:32.0261 3272 ShellHWDetection (99bc0b50f511924348be19c7c7313bbf) C:\WINDOWS\System32\shsvcs.dll
15:06:32.0261 3272 ShellHWDetection - ok
15:06:32.0277 3272 Simbad - ok
15:06:32.0292 3272 SLIP (866d538ebe33709a5c9f5c62b73b7d14) C:\WINDOWS\system32\DRIVERS\SLIP.sys
15:06:32.0386 3272 SLIP - ok
15:06:32.0542 3272 SNP2UVC (1db08cbdda27e3f143137638d422cf45) C:\WINDOWS\system32\DRIVERS\snp2uvc.sys
15:06:32.0605 3272 SNP2UVC - ok
15:06:32.0667 3272 Sparrow - ok
15:06:32.0714 3272 splitter (ab8b92451ecb048a4d1de7c3ffcb4a9f) C:\WINDOWS\system32\drivers\splitter.sys
15:06:32.0792 3272 splitter - ok
15:06:32.0855 3272 Spooler (60784f891563fb1b767f70117fc2428f) C:\WINDOWS\system32\spoolsv.exe
15:06:32.0870 3272 Spooler - ok
15:06:32.0886 3272 sr (76bb022c2fb6902fd5bdd4f78fc13a5d) C:\WINDOWS\system32\DRIVERS\sr.sys
15:06:33.0011 3272 sr - ok
15:06:33.0058 3272 srservice (3805df0ac4296a34ba4bf93b346cc378) C:\WINDOWS\system32\srsvc.dll
15:06:33.0136 3272 srservice - ok
15:06:33.0183 3272 Srv (47ddfc2f003f7f9f0592c6874962a2e7) C:\WINDOWS\system32\DRIVERS\srv.sys
15:06:33.0230 3272 Srv - ok
15:06:33.0261 3272 SSDPSRV (0a5679b3714edab99e357057ee88fca6) C:\WINDOWS\System32\ssdpsrv.dll
15:06:33.0402 3272 SSDPSRV - ok
15:06:33.0527 3272 STacSV (03f6cf42a1db74290448cde668578c87) C:\Program Files\IDT\WDM\STacSV.exe
15:06:33.0558 3272 STacSV - ok
15:06:33.0683 3272 STHDA (c24c14d1463375c1c028848b12a70a5e) C:\WINDOWS\system32\drivers\sthda.sys
15:06:33.0761 3272 STHDA - ok
15:06:33.0855 3272 stisvc (8bad69cbac032d4bbacfce0306174c30) C:\WINDOWS\system32\wiaservc.dll
15:06:33.0964 3272 stisvc - ok
15:06:33.0995 3272 streamip (77813007ba6265c4b6098187e6ed79d2) C:\WINDOWS\system32\DRIVERS\StreamIP.sys
15:06:34.0105 3272 streamip - ok
15:06:34.0120 3272 swenum (3941d127aef12e93addf6fe6ee027e0f) C:\WINDOWS\system32\DRIVERS\swenum.sys
15:06:34.0199 3272 swenum - ok
15:06:34.0214 3272 swmidi (8ce882bcc6cf8a62f2b2323d95cb3d01) C:\WINDOWS\system32\drivers\swmidi.sys
15:06:34.0292 3272 swmidi - ok
15:06:34.0292 3272 SwPrv - ok
15:06:34.0292 3272 symc810 - ok
15:06:34.0308 3272 symc8xx - ok
15:06:34.0308 3272 sym_hi - ok
15:06:34.0308 3272 sym_u3 - ok
15:06:34.0433 3272 SynTP (0e8676fb3bb95aa40fdf7a4a31018c8b) C:\WINDOWS\system32\DRIVERS\SynTP.sys
15:06:34.0480 3272 SynTP - ok
15:06:34.0511 3272 sysaudio (8b83f3ed0f1688b4958f77cd6d2bf290) C:\WINDOWS\system32\drivers\sysaudio.sys
15:06:34.0620 3272 sysaudio - ok
15:06:34.0683 3272 SysmonLog (c7abbc59b43274b1109df6b24d617051) C:\WINDOWS\system32\smlogsvc.exe
15:06:34.0730 3272 SysmonLog - ok
15:06:34.0777 3272 TapiSrv (3cb78c17bb664637787c9a1c98f79c38) C:\WINDOWS\System32\tapisrv.dll
15:06:34.0886 3272 TapiSrv - ok
15:06:34.0964 3272 Tcpip (9aefa14bd6b182d61e3119fa5f436d3d) C:\WINDOWS\system32\DRIVERS\tcpip.sys
15:06:35.0027 3272 Tcpip - ok
15:06:35.0058 3272 TDPIPE (6471a66807f5e104e4885f5b67349397) C:\WINDOWS\system32\drivers\TDPIPE.sys
15:06:35.0183 3272 TDPIPE - ok
15:06:35.0199 3272 TDTCP (c56b6d0402371cf3700eb322ef3aaf61) C:\WINDOWS\system32\drivers\TDTCP.sys
15:06:35.0292 3272 TDTCP - ok
15:06:35.0308 3272 TermDD (88155247177638048422893737429d9e) C:\WINDOWS\system32\DRIVERS\termdd.sys
15:06:35.0433 3272 TermDD - ok
15:06:35.0464 3272 TermService (ff3477c03be7201c294c35f684b3479f) C:\WINDOWS\System32\termsrv.dll
15:06:35.0589 3272 TermService - ok
15:06:35.0652 3272 Themes (99bc0b50f511924348be19c7c7313bbf) C:\WINDOWS\System32\shsvcs.dll
15:06:35.0667 3272 Themes - ok
15:06:35.0714 3272 TlntSvr (db7205804759ff62c34e3efd8a4cc76a) C:\WINDOWS\system32\tlntsvr.exe
15:06:35.0792 3272 TlntSvr - ok
15:06:35.0792 3272 TosIde - ok
15:06:35.0839 3272 TrkWks (55bca12f7f523d35ca3cb833c725f54e) C:\WINDOWS\system32\trkwks.dll
15:06:35.0917 3272 TrkWks - ok
15:06:35.0933 3272 Udfs (5787b80c2e3c5e2f56c2a233d91fa2c9) C:\WINDOWS\system32\drivers\Udfs.sys
15:06:36.0027 3272 Udfs - ok
15:06:36.0027 3272 ultra - ok
15:06:36.0292 3272 UNS (5713e039c0622f40347735cba460b8fc) C:\Program Files\Intel\Intel® Management Engine Components\UNS\UNS.exe
15:06:36.0402 3272 UNS - ok
15:06:36.0527 3272 Update (402ddc88356b1bac0ee3dd1580c76a31) C:\WINDOWS\system32\DRIVERS\update.sys
15:06:36.0636 3272 Update - ok
15:06:36.0698 3272 upnphost (1ebafeb9a3fbdc41b8d9c7f0f687ad91) C:\WINDOWS\System32\upnphost.dll
15:06:36.0808 3272 upnphost - ok
15:06:36.0839 3272 UPS (05365fb38fca1e98f7a566aaaf5d1815) C:\WINDOWS\System32\ups.exe
15:06:36.0933 3272 UPS - ok
15:06:36.0980 3272 usbccgp (173f317ce0db8e21322e71b7e60a27e8) C:\WINDOWS\system32\DRIVERS\usbccgp.sys
15:06:37.0073 3272 usbccgp - ok
15:06:37.0105 3272 usbehci (65dcf09d0e37d4c6b11b5b0b76d470a7) C:\WINDOWS\system32\DRIVERS\usbehci.sys
15:06:37.0230 3272 usbehci - ok
15:06:37.0245 3272 usbhub (1ab3cdde553b6e064d2e754efe20285c) C:\WINDOWS\system32\DRIVERS\usbhub.sys
15:06:37.0355 3272 usbhub - ok
15:06:37.0402 3272 usbprint (a717c8721046828520c9edf31288fc00) C:\WINDOWS\system32\DRIVERS\usbprint.sys
15:06:37.0464 3272 usbprint - ok
15:06:37.0495 3272 usbscan (a0b8cf9deb1184fbdd20784a58fa75d4) C:\WINDOWS\system32\DRIVERS\usbscan.sys
15:06:37.0589 3272 usbscan - ok
15:06:37.0589 3272 USBSTOR (a32426d9b14a089eaa1d922e0c5801a9) C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS
15:06:37.0683 3272 USBSTOR - ok
15:06:37.0730 3272 usbvideo (63bbfca7f390f4c49ed4b96bfb1633e0) C:\WINDOWS\system32\Drivers\usbvideo.sys
15:06:37.0855 3272 usbvideo - ok
15:06:37.0995 3272 vcsFPService (8c72e0e88e5a1a70691135864f2f7f1b) C:\WINDOWS\system32\vcsFPService.exe
15:06:38.0058 3272 vcsFPService - ok
15:06:38.0152 3272 VgaSave (0d3a8fafceacd8b7625cd549757a7df1) C:\WINDOWS\System32\drivers\vga.sys
15:06:38.0261 3272 VgaSave - ok
15:06:38.0261 3272 ViaIde - ok
15:06:38.0308 3272 vnccom (b67632451f760797bb183e1fb99f4b39) C:\WINDOWS\system32\Drivers\vnccom.SYS
15:06:38.0308 3272 vnccom ( UnsignedFile.Multi.Generic ) - warning
15:06:38.0308 3272 vnccom - detected UnsignedFile.Multi.Generic (1)
15:06:38.0355 3272 vncdrv (4ec979b157d1aa075330362acb5424e5) C:\WINDOWS\system32\DRIVERS\vncdrv.sys
15:06:38.0370 3272 vncdrv ( UnsignedFile.Multi.Generic ) - warning
15:06:38.0370 3272 vncdrv - detected UnsignedFile.Multi.Generic (1)
15:06:38.0402 3272 VolSnap (4c8fcb5cc53aab716d810740fe59d025) C:\WINDOWS\system32\drivers\VolSnap.sys
15:06:38.0527 3272 VolSnap - ok
15:06:38.0589 3272 VSS (7a9db3a67c333bf0bd42e42b8596854b) C:\WINDOWS\System32\vssvc.exe
15:06:38.0667 3272 VSS - ok
15:06:38.0839 3272 vToolbarUpdater11.0.2 (56e1e4442e4613fb2039a6b7421f4e58) C:\Program Files\Common Files\AVG Secure Search\vToolbarUpdater\11.0.2\ToolbarUpdater.exe
15:06:38.0870 3272 vToolbarUpdater11.0.2 - ok
15:06:38.0902 3272 W32Time (54af4b1d5459500ef0937f6d33b1914f) C:\WINDOWS\system32\w32time.dll
15:06:38.0964 3272 W32Time - ok
15:06:39.0027 3272 Wanarp (e20b95baedb550f32dd489265c1da1f6) C:\WINDOWS\system32\DRIVERS\wanarp.sys
15:06:39.0073 3272 Wanarp - ok
15:06:39.0120 3272 WDC_SAM (d6efaf429fd30c5df613d220e344cce7) C:\WINDOWS\system32\DRIVERS\wdcsam.sys
15:06:39.0136 3272 WDC_SAM - ok
15:06:39.0214 3272 Wdf01000 (d918617b46457b9ac28027722e30f647) C:\WINDOWS\system32\DRIVERS\Wdf01000.sys
15:06:39.0214 3272 Wdf01000 - ok
15:06:39.0230 3272 WDICA - ok
15:06:39.0261 3272 wdmaud (6768acf64b18196494413695f0c3a00f) C:\WINDOWS\system32\drivers\wdmaud.sys
15:06:39.0323 3272 wdmaud - ok
15:06:39.0370 3272 WebClient (77a354e28153ad2d5e120a5a8687bc06) C:\WINDOWS\System32\webclnt.dll
15:06:39.0433 3272 WebClient - ok
15:06:39.0527 3272 winmgmt (2d0e4ed081963804ccc196a0929275b5) C:\WINDOWS\system32\wbem\WMIsvc.dll
15:06:39.0589 3272 winmgmt - ok
15:06:39.0698 3272 WinRM (18f347402da544a780949b8fdf83351b) C:\WINDOWS\system32\WsmSvc.dll
15:06:39.0730 3272 WinRM - ok
15:06:39.0808 3272 WinUSB (fd600b032e741eb6aab509fc630f7c42) C:\WINDOWS\system32\DRIVERS\WinUSB.sys
15:06:39.0808 3272 WinUSB - ok
15:06:39.0855 3272 WmdmPmSN (c51b4a5c05a5475708e3c81c7765b71d) C:\WINDOWS\system32\MsPMSNSv.dll
15:06:39.0855 3272 WmdmPmSN - ok
15:06:39.0933 3272 Wmi (e76f8807070ed04e7408a86d6d3a6137) C:\WINDOWS\System32\advapi32.dll
15:06:39.0995 3272 Wmi - ok
15:06:40.0042 3272 WmiAcpi (c42584fd66ce9e17403aebca199f7bdb) C:\WINDOWS\system32\DRIVERS\wmiacpi.sys
15:06:40.0105 3272 WmiAcpi - ok
15:06:40.0136 3272 WmiApSrv (e0673f1106e62a68d2257e376079f821) C:\WINDOWS\system32\wbem\wmiapsrv.exe
15:06:40.0214 3272 WmiApSrv - ok
15:06:40.0370 3272 WMPNetworkSvc (f74e3d9a7fa9556c3bbb14d4e5e63d3b) C:\Program Files\Windows Media Player\WMPNetwk.exe
15:06:40.0433 3272 WMPNetworkSvc - ok
15:06:40.0464 3272 WpdUsb (cf4def1bf66f06964dc0d91844239104) C:\WINDOWS\system32\DRIVERS\wpdusb.sys
15:06:40.0464 3272 WpdUsb - ok
15:06:40.0636 3272 WPFFontCache_v0400 (dcf3e3edf5109ee8bc02fe6e1f045795) C:\WINDOWS\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe
15:06:40.0667 3272 WPFFontCache_v0400 - ok
15:06:40.0698 3272 WS2IFSL (6abe6e225adb5a751622a9cc3bc19ce8) C:\WINDOWS\System32\drivers\ws2ifsl.sys
15:06:40.0808 3272 WS2IFSL - ok
15:06:40.0855 3272 wscsvc (7c278e6408d1dce642230c0585a854d5) C:\WINDOWS\system32\wscsvc.dll
15:06:40.0901 3272 wscsvc - ok
15:06:40.0917 3272 WSearch - ok
15:06:40.0948 3272 WSTCODEC (c98b39829c2bbd34e454150633c62c78) C:\WINDOWS\system32\DRIVERS\WSTCODEC.SYS
15:06:41.0026 3272 WSTCODEC - ok
15:06:41.0042 3272 wuauserv (35321fb577cdc98ce3eb3a3eb9e4610a) C:\WINDOWS\system32\wuauserv.dll
15:06:41.0089 3272 wuauserv - ok
15:06:41.0136 3272 WudfPf (f15feafffbb3644ccc80c5da584e6311) C:\WINDOWS\system32\DRIVERS\WudfPf.sys
15:06:41.0151 3272 WudfPf - ok
15:06:41.0183 3272 WudfRd (28b524262bce6de1f7ef9f510ba3985b) C:\WINDOWS\system32\DRIVERS\wudfrd.sys
15:06:41.0183 3272 WudfRd - ok
15:06:41.0214 3272 WudfSvc (05231c04253c5bc30b26cbaae680ed89) C:\WINDOWS\System32\WUDFSvc.dll
15:06:41.0230 3272 WudfSvc - ok
15:06:41.0308 3272 WZCSVC (81dc3f549f44b1c1fff022dec9ecf30b) C:\WINDOWS\System32\wzcsvc.dll
15:06:41.0355 3272 WZCSVC - ok
15:06:41.0386 3272 xmlprov (295d21f14c335b53cb8154e5b1f892b9) C:\WINDOWS\System32\xmlprov.dll
15:06:41.0433 3272 xmlprov - ok
15:06:41.0448 3272 MBR (0x1B8) (8f558eb6672622401da993e1e865c861) \Device\Harddisk0\DR0
15:06:41.0917 3272 \Device\Harddisk0\DR0 - ok
15:06:41.0917 3272 Boot (0x1200) (cfdc26c16db7fff8462d8b40335fd370) \Device\Harddisk0\DR0\Partition0
15:06:41.0917 3272 \Device\Harddisk0\DR0\Partition0 - ok
15:06:41.0917 3272 ============================================================
15:06:41.0917 3272 Scan finished
15:06:41.0917 3272 ============================================================
15:06:41.0917 3540 Detected object count: 11
15:06:41.0917 3540 Actual detected object count: 11
15:06:52.0542 3540 Akamai ( HiddenFile.Multi.Generic ) - skipped by user
15:06:52.0542 3540 Akamai ( HiddenFile.Multi.Generic ) - User select action: Skip
15:06:52.0542 3540 Asset Management Daemon ( UnsignedFile.Multi.Generic ) - skipped by user
15:06:52.0542 3540 Asset Management Daemon ( UnsignedFile.Multi.Generic ) - User select action: Skip
15:06:52.0542 3540 DTSRVC ( UnsignedFile.Multi.Generic ) - skipped by user
15:06:52.0542 3540 DTSRVC ( UnsignedFile.Multi.Generic ) - User select action: Skip
15:06:52.0557 3540 EpsonBidirectionalService ( UnsignedFile.Multi.Generic ) - skipped by user
15:06:52.0557 3540 EpsonBidirectionalService ( UnsignedFile.Multi.Generic ) - User select action: Skip
15:06:52.0557 3540 IDriverT ( UnsignedFile.Multi.Generic ) - skipped by user
15:06:52.0557 3540 IDriverT ( UnsignedFile.Multi.Generic ) - User select action: Skip
15:06:52.0557 3540 mi-raysat_3dsmax2012_32 ( UnsignedFile.Multi.Generic ) - skipped by user
15:06:52.0557 3540 mi-raysat_3dsmax2012_32 ( UnsignedFile.Multi.Generic ) - User select action: Skip
15:06:52.0557 3540 PassThru Service ( UnsignedFile.Multi.Generic ) - skipped by user
15:06:52.0557 3540 PassThru Service ( UnsignedFile.Multi.Generic ) - User select action: Skip
15:06:52.0557 3540 Pivot ( UnsignedFile.Multi.Generic ) - skipped by user
15:06:52.0557 3540 Pivot ( UnsignedFile.Multi.Generic ) - User select action: Skip
15:06:52.0557 3540 pivotmou ( UnsignedFile.Multi.Generic ) - skipped by user
15:06:52.0557 3540 pivotmou ( UnsignedFile.Multi.Generic ) - User select action: Skip
15:06:52.0557 3540 vnccom ( UnsignedFile.Multi.Generic ) - skipped by user
15:06:52.0557 3540 vnccom ( UnsignedFile.Multi.Generic ) - User select action: Skip
15:06:52.0557 3540 vncdrv ( UnsignedFile.Multi.Generic ) - skipped by user
15:06:52.0557 3540 vncdrv ( UnsignedFile.Multi.Generic ) - User select action: Skip
15:07:12.0119 4084 Deinitialize success




-------------------------------------------------------------------------------
aswMBR log

aswMBR version 0.9.9.1665 Copyright© 2011 AVAST Software
Run date: 2012-05-24 15:07:55
-----------------------------
15:07:55.275 OS Version: Windows 5.1.2600 Service Pack 3
15:07:55.275 Number of processors: 4 586 0x2505
15:07:55.275 ComputerName: MARKMAC UserName:
15:07:57.243 Initialize success
15:12:25.415 AVAST engine defs: 12052300
15:14:00.234 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T0L0-3
15:14:00.234 Disk 0 Vendor: Hitachi_HTS725032A9A364 PC3OCH0A Size: 305245MB BusType: 3
15:14:00.250 Disk 0 MBR read successfully
15:14:00.250 Disk 0 MBR scan
15:14:00.297 Disk 0 Windows XP default MBR code
15:14:00.297 Disk 0 Partition 1 80 (A) 07 HPFS/NTFS NTFS 305234 MB offset 63
15:14:00.312 Disk 0 scanning sectors +625121280
15:14:00.375 Disk 0 scanning C:\WINDOWS\system32\drivers
15:14:24.982 Service scanning
15:14:51.542 Modules scanning
15:14:57.713 Disk 0 trace - called modules:
15:14:57.729 ntkrnlpa.exe CLASSPNP.SYS disk.sys hpdskflt.sys hal.dll ACPI.sys atapi.sys pciide.sys PCIIDEX.SYS
15:14:57.744 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0x8acb8ab8]
15:14:57.744 3 CLASSPNP.SYS[b8108fd7] -> nt!IofCallDriver -> [0x8ad2bc58]
15:14:57.744 5 hpdskflt.sys[b83395ae] -> nt!IofCallDriver -> \Device\00000099[0x8ad7b9e8]
15:14:57.744 7 ACPI.sys[b7f7f620] -> nt!IofCallDriver -> \Device\Ide\IdeDeviceP0T0L0-3[0x8ad7d940]
15:14:59.088 AVAST engine scan C:\
15:24:25.846 Disk 0 MBR has been saved successfully to "C:\MBR.dat"
15:24:26.002 The log file has been saved successfully to "C:\aswMBR.txt"


aswMBR version 0.9.9.1665 Copyright© 2011 AVAST Software
Run date: 2012-05-24 15:07:55
-----------------------------
15:07:55.275 OS Version: Windows 5.1.2600 Service Pack 3
15:07:55.275 Number of processors: 4 586 0x2505
15:07:55.275 ComputerName: MARKMAC UserName:
15:07:57.243 Initialize success
15:12:25.415 AVAST engine defs: 12052300
15:14:00.234 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T0L0-3
15:14:00.234 Disk 0 Vendor: Hitachi_HTS725032A9A364 PC3OCH0A Size: 305245MB BusType: 3
15:14:00.250 Disk 0 MBR read successfully
15:14:00.250 Disk 0 MBR scan
15:14:00.297 Disk 0 Windows XP default MBR code
15:14:00.297 Disk 0 Partition 1 80 (A) 07 HPFS/NTFS NTFS 305234 MB offset 63
15:14:00.312 Disk 0 scanning sectors +625121280
15:14:00.375 Disk 0 scanning C:\WINDOWS\system32\drivers
15:14:24.982 Service scanning
15:14:51.542 Modules scanning
15:14:57.713 Disk 0 trace - called modules:
15:14:57.729 ntkrnlpa.exe CLASSPNP.SYS disk.sys hpdskflt.sys hal.dll ACPI.sys atapi.sys pciide.sys PCIIDEX.SYS
15:14:57.744 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0x8acb8ab8]
15:14:57.744 3 CLASSPNP.SYS[b8108fd7] -> nt!IofCallDriver -> [0x8ad2bc58]
15:14:57.744 5 hpdskflt.sys[b83395ae] -> nt!IofCallDriver -> \Device\00000099[0x8ad7b9e8]
15:14:57.744 7 ACPI.sys[b7f7f620] -> nt!IofCallDriver -> \Device\Ide\IdeDeviceP0T0L0-3[0x8ad7d940]
15:14:59.088 AVAST engine scan C:\
15:24:25.846 Disk 0 MBR has been saved successfully to "C:\MBR.dat"
15:24:26.002 The log file has been saved successfully to "C:\aswMBR.txt"
15:24:38.908 Disk 0 MBR has been saved successfully to "C:\MBR.dat"
15:24:38.908 The log file has been saved successfully to "C:\aswMBR.txt"


aswMBR version 0.9.9.1665 Copyright© 2011 AVAST Software
Run date: 2012-05-24 15:07:55
-----------------------------
15:07:55.275 OS Version: Windows 5.1.2600 Service Pack 3
15:07:55.275 Number of processors: 4 586 0x2505
15:07:55.275 ComputerName: MARKMAC UserName:
15:07:57.243 Initialize success
15:12:25.415 AVAST engine defs: 12052300
15:14:00.234 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T0L0-3
15:14:00.234 Disk 0 Vendor: Hitachi_HTS725032A9A364 PC3OCH0A Size: 305245MB BusType: 3
15:14:00.250 Disk 0 MBR read successfully
15:14:00.250 Disk 0 MBR scan
15:14:00.297 Disk 0 Windows XP default MBR code
15:14:00.297 Disk 0 Partition 1 80 (A) 07 HPFS/NTFS NTFS 305234 MB offset 63
15:14:00.312 Disk 0 scanning sectors +625121280
15:14:00.375 Disk 0 scanning C:\WINDOWS\system32\drivers
15:14:24.982 Service scanning
15:14:51.542 Modules scanning
15:14:57.713 Disk 0 trace - called modules:
15:14:57.729 ntkrnlpa.exe CLASSPNP.SYS disk.sys hpdskflt.sys hal.dll ACPI.sys atapi.sys pciide.sys PCIIDEX.SYS
15:14:57.744 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0x8acb8ab8]
15:14:57.744 3 CLASSPNP.SYS[b8108fd7] -> nt!IofCallDriver -> [0x8ad2bc58]
15:14:57.744 5 hpdskflt.sys[b83395ae] -> nt!IofCallDriver -> \Device\00000099[0x8ad7b9e8]
15:14:57.744 7 ACPI.sys[b7f7f620] -> nt!IofCallDriver -> \Device\Ide\IdeDeviceP0T0L0-3[0x8ad7d940]
15:14:59.088 AVAST engine scan C:\
15:24:25.846 Disk 0 MBR has been saved successfully to "C:\MBR.dat"
15:24:26.002 The log file has been saved successfully to "C:\aswMBR.txt"
15:24:38.908 Disk 0 MBR has been saved successfully to "C:\MBR.dat"
15:24:38.908 The log file has been saved successfully to "C:\aswMBR.txt"
15:24:46.064 Disk 0 MBR has been saved successfully to "C:\MBR.dat"
15:24:46.064 The log file has been saved successfully to "C:\aswMBR.txt"





---------------------------------------------------------------------------------
Malwarebytes log

Malwarebytes Anti-Malware 1.61.0.1400
www.malwarebytes.org

Database version: v2012.05.24.03

Windows XP Service Pack 3 x86 NTFS
Internet Explorer 8.0.6001.18702
mark.macdonald :: MARKMAC [administrator]

24/05/2012 15:27:23
mbam-log-2012-05-24 (15-27-23).txt

Scan type: Quick scan
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
Scan options disabled: P2P
Objects scanned: 333578
Time elapsed: 11 minute(s), 53 second(s)

Memory Processes Detected: 0
(No malicious items detected)

Memory Modules Detected: 0
(No malicious items detected)

Registry Keys Detected: 0
(No malicious items detected)

Registry Values Detected: 0
(No malicious items detected)

Registry Data Items Detected: 0
(No malicious items detected)

Folders Detected: 0
(No malicious items detected)

Files Detected: 0
(No malicious items detected)

(end)



--------------------------------------------------------------------------------
ESET Scan log:

C:\Documents and Settings\mark.macdonald\Application Data\Sun\Java\Deployment\cache\6.0\1\f0c3701-3f054c73 multiple threats
C:\Documents and Settings\mark.macdonald\Application Data\Sun\Java\Deployment\cache\6.0\50\31c9be72-6e8c96ae Java/TrojanDownloader.Agent.NDR trojan
C:\Qoobox\Quarantine.zip a variant of Win32/Ponmocup.CM trojan
C:\Qoobox\Quarantine\[4]-Submit_2012-05-24_01.42.04.zip a variant of Win32/Ponmocup.CM trojan


--------------------------------------------------------------------------------
Security Check log:

Results of screen317's Security Check version 0.99.38
Windows XP Service Pack 3 x86
Internet Explorer 8
``````````````````````````````
Antivirus/Firewall Check:

Windows Security Center service is not running! This report may not be accurate!
Windows Firewall Enabled!
WMI entry may not exist for antivirus; attempting automatic update.
```````````````````````````````
Anti-malware/Other Utilities Check:

Malwarebytes Anti-Malware version 1.61.0.1400
CCleaner
Java™ 6 Update 31
Java version out of date!
Mozilla Firefox (8.0)
````````````````````````````````
Process Check:
objlist.exe by Laurent

AVG avgwdsvc.exe
AVG avgtray.exe
AVG avgrsx.exe
AVG avgnsx.exe
AVG avgemc.exe
``````````End of Log````````````

------------------------------------------------------------------------------------

#14 B-boy/StyLe/

B-boy/StyLe/

    Bleepin' Freestyler


  • Malware Response Team
  • 8,307 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Bulgaria
  • Local time:12:42 PM

Posted 24 May 2012 - 12:37 PM

Hui again Mark,



We need to execute an OTM script



  • Please download OTM by OldTimer and save it to your desktop.
  • Double click the Posted Image icon on your desktop.
  • Paste the following code under the Posted Image area. Do not include the word "Code".
    :files
    C:\Documents and Settings\mark.macdonald\Application Data\Sun\Java\Deployment\cache\6.0\1\f0c3701-3f054c73
    C:\Documents and Settings\mark.macdonald\Application Data\Sun\Java\Deployment\cache\6.0\50\31c9be72-6e8c96ae
    :commands
    [emptytemp]
    
  • Push the large Posted Image button.
  • OTM may ask to reboot the machine. Please do so if asked.
  • Copy/Paste the contents under the Posted Image line here in your next reply.
  • If you are unable to copy/paste from this window (as will be the case if the machine was rebooted), open Notepad (Start->All Programs->Accessories->Notepad), click File->Open, in the File Name box enter *.log and press the Enter key, navigate to the C:\_OTM\MovedFiles folder, and open the newest .log file present, and copy/paste the contents of that document back here in your next post.



Upgrading Java:



Posted Image Your Java is out of date. Older versions have vulnerabilities that malware can use to infect your system. Please follow these steps to remove older version of Java components and upgrade the application. NOT supported for use in 9x or ME


  • Download the latest version of Java SE 6 Update 32.
  • Click the Java SE 6 Update 32 "Download JRE" button to the right.
  • Select your Platform, Register and check the box that says: "I agree to the Java SE Runtime Environment 6 License Agreement.".
  • Click on Continue.
  • Click on the link to download Windows Offline Installation (jre-6u32-windows-i586.exe) and save it to your desktop. Do NOT use the Sun Download Manager..
  • Close any programs you may have running - especially your web browser.
  • Go to Start > Control Panel > Programs, click on Uninstall a program and remove all older versions of Java => (Java™ 6 Update 31)
  • Check any item with Java Runtime Environment (JRE or J2SE) in the name.
  • Click the Remove or Change/Remove button.
  • Repeat as many times as necessary to remove each Java version.
  • Reboot your computer once all Java components are removed.
  • Then from your desktop double-click on the download to install the newest version. (Vista/Windows 7 users, right click on the jre-6u32-windows-i586.exe and select "Run as an Administrator.")




Your Mozilla Firefox is out of date!



You can download and install the latest stable version 12.0 from here.
Please do a backup of your existing profile using Mozbackup or FEBE just in case before you proceed with the update.



Please download Farbar Service Scanner (FSS) and run it on the computer with the issue.
  • Make sure that all options are checked.
  • Press "Scan".
  • It will create a log (FSS.txt) in the same directory the tool is run.
  • Please copy and paste the log to your reply.


Regards,
Georgi

cXfZ4wS.png


#15 MarkMac1

MarkMac1
  • Topic Starter

  • Members
  • 17 posts
  • OFFLINE
  •  
  • Local time:09:42 AM

Posted 24 May 2012 - 03:02 PM

Hi Georgi

Latest instructions all completed, Java & firefox updated, no previous versions of Java.

Logs are as follows:

Best regards

Mark

------------------------------------------------------------------------
OTM log:

All processes killed
========== FILES ==========
C:\Documents and Settings\mark.macdonald\Application Data\Sun\Java\Deployment\cache\6.0\1\f0c3701-3f054c73 moved successfully.
C:\Documents and Settings\mark.macdonald\Application Data\Sun\Java\Deployment\cache\6.0\50\31c9be72-6e8c96ae moved successfully.
========== COMMANDS ==========

[EMPTYTEMP]

User: Administrator
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 294871 bytes
->Google Chrome cache emptied: 6970106 bytes
->Flash cache emptied: 652 bytes

User: administrator.SALES
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 67 bytes
->Flash cache emptied: 56502 bytes

User: All Users

User: dave.newell
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 67 bytes
->Flash cache emptied: 1108 bytes

User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 67 bytes
->Flash cache emptied: 56466 bytes

User: LocalService
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 32902 bytes

User: mark.macdonald
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 34361150 bytes
->Java cache emptied: 2324871 bytes
->FireFox cache emptied: 42310375 bytes
->Google Chrome cache emptied: 0 bytes
->Flash cache emptied: 59805 bytes

User: mark.macdonald.MARKMAC
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 2617321 bytes
->Java cache emptied: 0 bytes
->FireFox cache emptied: 7096658 bytes
->Flash cache emptied: 87802 bytes

User: NetworkService
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 33170 bytes

%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 2176856 bytes
%systemroot%\System32 .tmp files removed: 2577 bytes
%systemroot%\System32\dllcache .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 0 bytes
Session Manager Temp folder emptied: 111323331 bytes
Session Manager Tmp folder emptied: 16384 bytes
%systemroot%\system32\config\systemprofile\Local Settings\Temp folder emptied: 0 bytes
%systemroot%\system32\config\systemprofile\Local Settings\Temporary Internet Files folder emptied: 33170 bytes
RecycleBin emptied: 20052742 bytes

Total Files Cleaned = 219.00 mb


OTM by OldTimer - Version 3.1.19.0 log created on 05242012_184222

Files moved on Reboot...
File C:\TEMP\Perflib_Perfdata_64c.dat not found!

Registry entries deleted on Reboot...


---------------------------------------------------------------------------

Farbar Service Scanner log:

Farbar Service Scanner Version: 17-05-2012
Ran by mark.macdonald (administrator) on 24-05-2012 at 20:52:47
Running from "C:\Documents and Settings\mark.macdonald\Local Settings\Temporary Internet Files\Content.IE5\KMQDLMSE"
Microsoft Windows XP Professional Service Pack 3 (X86)
Boot Mode: Normal
****************************************************************

Internet Services:
============

Connection Status:
==============
Localhost is accessible.
LAN connected.
Google IP is accessible.
Yahoo IP is accessible.


Windows Firewall:
=============

Firewall Disabled Policy:
==================
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"EnableFirewall"=DWORD:0


System Restore:
============

System Restore Disabled Policy:
========================


Security Center:
============
wscsvc Service is not running. Checking service configuration:
The start type of wscsvc service is OK.
The ImagePath of wscsvc service is OK.
The ServiceDll of wscsvc service is OK.


Windows Update:
============

Windows Autoupdate Disabled Policy:
============================


File Check:
========
C:\WINDOWS\system32\dhcpcsvc.dll => MD5 is legit
C:\WINDOWS\system32\Drivers\afd.sys => MD5 is legit
C:\WINDOWS\system32\Drivers\netbt.sys => MD5 is legit
C:\WINDOWS\system32\Drivers\tcpip.sys => MD5 is legit
C:\WINDOWS\system32\Drivers\ipsec.sys => MD5 is legit
C:\WINDOWS\system32\dnsrslvr.dll => MD5 is legit
C:\WINDOWS\system32\ipnathlp.dll => MD5 is legit
C:\WINDOWS\system32\netman.dll => MD5 is legit
C:\WINDOWS\system32\wbem\WMIsvc.dll => MD5 is legit
C:\WINDOWS\system32\srsvc.dll => MD5 is legit
C:\WINDOWS\system32\Drivers\sr.sys => MD5 is legit
C:\WINDOWS\system32\wscsvc.dll => MD5 is legit
C:\WINDOWS\system32\wbem\WMIsvc.dll => MD5 is legit
C:\WINDOWS\system32\wuauserv.dll => MD5 is legit
C:\WINDOWS\system32\qmgr.dll => MD5 is legit
C:\WINDOWS\system32\es.dll => MD5 is legit
C:\WINDOWS\system32\cryptsvc.dll => MD5 is legit
C:\WINDOWS\system32\svchost.exe => MD5 is legit
C:\WINDOWS\system32\rpcss.dll => MD5 is legit
C:\WINDOWS\system32\services.exe => MD5 is legit

Extra List:
=======
Avgtdix(11) Gpc(3) IPSec(5) NetBT(6) PSched(7) Tcpip(4)
0x0B000000050000000100000002000000030000000400000008000000090000000A0000000B0000000600000007000000
IpSec Tag value is correct.

**** End of log ****




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users