Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Malware bytes will not run due to policy restriction


  • This topic is locked This topic is locked
20 replies to this topic

#1 jadams0173

jadams0173

  • Members
  • 15 posts
  • OFFLINE
  •  
  • Local time:05:08 AM

Posted 03 May 2013 - 06:33 PM

Some how MBAM will not open.  It says that a policy restriction is keeping it from running.  I've searched all over to find a fix. I found a file called fixpolicies.exe written by a MS MVP.  That did not work so maybe I have a bug.  Here is my DDS log.

 

By the way this is not a laptop that is on a domain or has any kind of security that I am trying to bypass.

 

DDS (Ver_2012-11-20.01) - NTFS_x86
Internet Explorer: 8.0.6001.18702  BrowserJavaVersion: 10.17.2
Run by DHartman at 19:24:44 on 2013-05-03
#Option MBR scan  is disabled.
Microsoft Windows XP Professional  5.1.2600.3.1252.1.1033.18.2003.1129 [GMT -4:00]
.
.
============== Running Processes ================
.
C:\Program Files\Cisco\Cisco AnyConnect Secure Mobility Client\vpnagent.exe
C:\WINDOWS\System32\WLTRYSVC.EXE
C:\WINDOWS\System32\bcmwltry.exe
C:\WINDOWS\system32\spoolsv.exe
c:\drivers\audio\r213367\stacsv.exe
C:\WINDOWS\system32\crypserv.exe
C:\Program Files\Juniper Networks\Common Files\dsNcService.exe
C:\Program Files\Java\jre7\bin\jqs.exe
C:\Program Files\LonWorks\bin\LnsMtsSvc.exe
C:\Program Files\Malwarebytes' Anti-Malware\mbamscheduler.exe
C:\Program Files\Motorola Mobility\Motorola Device Manager\MotoHelperService.exe
c:\Program Files\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe
C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
c:\Program Files\Microsoft SQL Server\90\Shared\sqlbrowser.exe
C:\Program Files\Trane\TracerTU.Service\EvoUSB.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
C:\WINDOWS\system32\SearchIndexer.exe
C:\Program Files\Motorola Mobility\Motorola Device Manager\MotoHelperAgent.exe
C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTMon.exe
C:\Program Files\WIDCOMM\Bluetooth Software\bin\btwdins.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
C:\WINDOWS\System32\alg.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\DellTPad\Apoint.exe
C:\Program Files\IDT\WDM\sttray.exe
C:\WINDOWS\system32\AESTFltr.exe
C:\WINDOWS\system32\hkcmd.exe
C:\WINDOWS\system32\igfxpers.exe
C:\WINDOWS\system32\igfxsrvc.exe
C:\Program Files\Intel\Intel Matrix Storage Manager\iaanotif.exe
C:\WINDOWS\system32\WLTRAY.exe
C:\Program Files\CyberLink\PowerDVD DX\PDVDDXSrv.exe
C:\Program Files\DellTPad\ApMsgFwd.exe
C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\DellTPad\Apntex.exe
C:\Program Files\Mouse Setting\Mouse Setting Software\4.0\ACQTMAPP.exe
C:\Program Files\DellTPad\HidFind.exe
C:\Program Files\Elaborate Bytes\VirtualCloneDrive\VCDDaemon.exe
C:\Program Files\Cisco\Cisco AnyConnect Secure Mobility Client\vpnui.exe
C:\Program Files\Mouse Setting\Mouse Setting Software\4.0\ACQHIDCL.DAT
C:\Program Files\MSN Toolbar\Platform\5.0.1449.0\mswinext.exe
C:\Program Files\Delta Controls\3.33\System\siTray.exe
C:\Program Files\Common Files\Java\Java Update\jusched.exe
C:\Program Files\Common Files\InstallShield\UpdateService\ISUSPM.exe
C:\Documents and Settings\DHartman\Local Settings\Application Data\Akamai\netsession_win.exe
C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe
C:\Documents and Settings\DHartman\Local Settings\Application Data\Akamai\netsession_win.exe
C:\PROGRA~1\WIDCOMM\BLUETO~1\BTSTAC~1.EXE
C:\Program Files\iPod\bin\iPodService.exe
c:\jci\FXWorkbench-4.1\bin\niagarad.exe
c:\jci\FXWorkbench-4.1\bin\wb_w.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\WINDOWS\system32\SearchProtocolHost.exe
C:\WINDOWS\system32\SearchFilterHost.exe
C:\WINDOWS\system32\wbem\wmiprvse.exe
C:\WINDOWS\system32\svchost.exe -k DcomLaunch
C:\WINDOWS\system32\svchost.exe -k rpcss
C:\WINDOWS\System32\svchost.exe -k netsvcs
C:\WINDOWS\system32\svchost.exe -k NetworkService
C:\WINDOWS\system32\svchost.exe -k LocalService
C:\WINDOWS\system32\svchost.exe -k LocalService
C:\WINDOWS\system32\svchost.exe -k hpdevmgmt
C:\WINDOWS\system32\svchost.exe -k HPService
C:\WINDOWS\system32\svchost.exe -k imgsvc
.
============== Pseudo HJT Report ===============
.
uStart Page = hxxp://www.sylcoc.com/
uInternet Connection Wizard,ShellNext = ftp://mail.goecsi.com/Public/LP-FXSPDEM-6%202.2/
uProxyOverride = <local>;192.168.*.*
dURLSearchHooks: {A3BC75A2-1F87-4686-AA43-5347D756017C} - <orphaned>
BHO: HP Print Enhancer: {0347C33E-8762-4905-BF09-768834316C61} - c:\program files\hp\digital imaging\smart web printing\hpswp_printenhancer.dll
BHO: Adobe PDF Link Helper: {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll
BHO: AVG Safe Search: {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} -
BHO: Search Helper: {6EBF7485-159F-4bff-A14F-B9E3AAC4465B} - c:\program files\microsoft\search enhancement pack\search helper\SEPsearchhelperie.dll
BHO: Groove GFS Browser Helper: {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - c:\program files\microsoft office\office14\GROOVEEX.DLL
BHO: Java™ Plug-In SSV Helper: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - c:\program files\java\jre7\bin\ssv.dll
BHO: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - c:\program files\common files\microsoft shared\windows live\WindowsLiveLogin.dll
BHO: Office Document Cache Handler: {B4F3A835-0E21-4959-BA22-42B3008E02FF} - c:\program files\microsoft office\office14\URLREDIR.DLL
BHO: Bing Bar BHO: {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - c:\program files\msn toolbar\platform\5.0.1449.0\npwinext.dll
BHO: Java™ Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - c:\program files\java\jre7\bin\jp2ssv.dll
BHO: HP Smart BHO Class: {FFFFFFFF-CF4E-4F2B-BDC2-0E72E116A856} - c:\program files\hp\digital imaging\smart web printing\hpswp_BHO.dll
TB: @c:\program files\msn toolbar\platform\5.0.1449.0\npwinext.dll,-100: {8dcb7100-df86-4384-8842-8fa844297b3f} - c:\program files\msn toolbar\platform\5.0.1449.0\npwinext.dll
EB: HP Smart Web Printing: {555D4D79-4BD2-4094-A395-CFC534424A05} - c:\program files\hp\digital imaging\smart web printing\hpswp_bho.dll
uRun: [ISUSPM] "c:\program files\common files\installshield\updateservice\ISUSPM.exe" -scheduler
uRun: [Akamai NetSession Interface] "c:\documents and settings\dhartman\local settings\application data\akamai\netsession_win.exe"
mRun: [Apoint] c:\program files\delltpad\Apoint.exe
mRun: [SysTrayApp] c:\program files\idt\wdm\sttray.exe
mRun: [AESTFltr] c:\windows\system32\AESTFltr.exe /NoDlg
mRun: [IgfxTray] c:\windows\system32\igfxtray.exe
mRun: [HotKeysCmds] c:\windows\system32\hkcmd.exe
mRun: [Persistence] c:\windows\system32\igfxpers.exe
mRun: [IAAnotif] c:\program files\intel\intel matrix storage manager\iaanotif.exe
mRun: [Broadcom Wireless Manager UI] c:\windows\system32\WLTRAY.exe
mRun: [PDVDDXSrv] "c:\program files\cyberlink\powerdvd dx\PDVDDXSrv.exe"
mRun: [HP Software Update] c:\program files\hp\hp software update\HPWuSchd2.exe
mRun: [iTunesHelper] "c:\program files\itunes\iTunesHelper.exe"
mRun: [Adobe ARM] "c:\program files\common files\adobe\arm\1.0\AdobeARM.exe"
mRun: [ACQTMOUSE] "c:\program files\mouse setting\mouse setting software\4.0\ACQTMAPP.exe"
mRun: [VirtualCloneDrive] "c:\program files\elaborate bytes\virtualclonedrive\VCDDaemon.exe" /s
mRun: [BCSSync] "c:\program files\microsoft office\office14\BCSSync.exe" /DelayServices
mRun: [Cisco AnyConnect Secure Mobility Agent for Windows] "c:\program files\cisco\cisco anyconnect secure mobility client\vpnui.exe" -minimized
mRun: [BrMfcWnd] c:\program files\brother\brmfcmon\BrMfcWnd.exe /AUTORUN
mRun: [ControlCenter3] c:\program files\brother\controlcenter3\brctrcen.exe /autorun
mRun: [Bing Bar] "c:\program files\msn toolbar\platform\5.0.1449.0\mswinext.exe"
mRun: [Microsoft Default Manager] "c:\program files\microsoft\search enhancement pack\default manager\DefMgr.exe" -resume
mRun: [APSDaemon] "c:\program files\common files\apple\apple application support\APSDaemon.exe"
mRun: [QuickTime Task] "c:\program files\quicktime\qttask.exe" -atboottime
mRun: [Delta Tray] c:\program files\delta controls\3.33\system\siTray.exe
mRun: [SunJavaUpdateSched] "c:\program files\common files\java\java update\jusched.exe"
mRunOnce: [Z1] cmd /c "c:\documents and settings\dhartman\my documents\downloads\mbar-1.05.0.1001\mbar\mbar.exe" /cleanup /s
dRun: [DWQueuedReporting] "c:\progra~1\common~1\micros~1\dw\dwtrig20.exe" -t
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\blueto~1.lnk - c:\program files\widcomm\bluetooth software\BTTray.exe
uPolicies-Explorer: NoDriveAutoRun = dword:67108863
uPolicies-Explorer: NoDrives = dword:0
mPolicies-Explorer: NoDriveAutoRun = dword:67108863
mPolicies-Explorer: NoDrives = dword:0
mPolicies-Explorer: NoDriveAutoRun = dword:67108863
IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - c:\program files\microsoft office\office14\ONBttnIE.dll
IE: {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - {FFFDC614-B694-4AE6-AB38-5D6374584B52} - c:\program files\microsoft office\office14\ONBttnIELinkedNotes.dll
IE: {CCA281CA-C863-46ef-9331-5C8D4460577F} - c:\program files\widcomm\bluetooth software\btsendto_ie.htm
IE: {DDE87865-83C5-48c4-8357-2F5B1AA84522} - {DDE87865-83C5-48c4-8357-2F5B1AA84522} - c:\program files\hp\digital imaging\smart web printing\hpswp_BHO.dll
IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
Trusted Zone: dell.com
DPF: {01A88BB1-1174-41EC-ACCB-963509EAE56B} - hxxp://support.dell.com/systemprofiler/SysPro.CAB
DPF: {0742B9EF-8C83-41CA-BFBA-830A59E23533} - hxxps://oas.support.microsoft.com/ActiveX/MSDcode.cab
DPF: {1B9935E4-8A50-4DD8-BD09-A7518723BF97} - hxxp://netagent.inds.com/netagent/objects/custappx3.cab
DPF: {2EA5DD45-9254-4B0D-9F48-E92FEC3A9754} - hxxps://simulcast.manheim.com/simulcast_docs/av/SimulcastAVPlugin-win-ie.cab
DPF: {362C56AA-6E4F-40C7-A0B5-85501DBDAD77} - hxxp://i.dell.com/images/global/js/scanner/SysProExe.cab
DPF: {45830FF9-D9E6-4F41-86ED-B266933D8E90} - hxxp://192.168.1.61/RtspVaPgDec.cab
DPF: {485D813E-EE26-4DF8-9FAF-DEDF2885306E} - hxxp://mainserver/connectcomputer/nshelp.dll
DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} - hxxp://www.update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1359985209109
DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} - hxxp://download.eset.com/special/eos/OnlineScanner.cab
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.7.0/jinstall-1_7_0_11-windows-i586.cab
DPF: {CAFEEFAC-0017-0000-0009-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.7.0/jinstall-1_7_0_09-windows-i586.cab
DPF: {CAFEEFAC-0017-0000-0011-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.7.0/jinstall-1_7_0_11-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.7.0/jinstall-1_7_0_11-windows-i586.cab
DPF: {CC679CB8-DC4B-458B-B817-D447B3B6AC31} - hxxps://198.86.53.50/CACHE/stc/1/binaries/vpnweb.cab
DPF: {DE625294-70E6-45ED-B895-CFFA13AEB044} - hxxp://24.199.235.210/activex/AMC.cab
DPF: {E06E2E99-0AA1-11D4-ABA6-0060082AA75C} -
DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
DPF: {F27237D7-93C8-44C2-AC6E-D6057B9A918F} - hxxps://ssl.jgr18.com/dana-cached/sc/JuniperSetupClient.cab
TCP: Interfaces\{4635568B-2587-4633-B288-B4BE959768FA} : DHCPNameServer = 192.168.1.1
Filter: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - c:\program files\common files\microsoft shared\office14\MSOXMLMF.DLL
Notify: !SASWinLogon - c:\program files\superantispyware\SASWINLO.DLL
Notify: igfxcui - igfxdev.dll
SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll
SEH: Windows Desktop Search Namespace Manager - {56F9679E-7826-4C84-81F3-532071A8BCC5} - c:\program files\windows desktop search\MSNLNamespaceMgr.dll
SEH: SABShellExecuteHook Class - {5AE067D3-9AFB-48E0-853A-EBB7F4A000DA} - c:\program files\superantispyware\SASSEH.DLL
SEH: Groove GFS Stub Execution Hook - {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - c:\program files\microsoft office\office14\GROOVEEX.DLL
.
================= FIREFOX ===================
.
FF - ProfilePath - c:\documents and settings\dhartman\application data\mozilla\firefox\profiles\u3fxcwrd.default\
FF - prefs.js: keyword.URL - hxxp://search.avg.com/route/?d=4c699519&v=6.103.018.001&i=23&tp=ab&iy=&ychte=us&lng=en-US&q=
FF - plugin: c:\documents and settings\dhartman\local settings\application data\google\update\1.3.21.135\npGoogleUpdate3.dll
FF - plugin: c:\progra~1\micros~4\office14\NPAUTHZ.DLL
FF - plugin: c:\progra~1\micros~4\office14\NPSPWRAP.DLL
FF - plugin: c:\program files\adobe\reader 10.0\reader\air\nppdf32.dll
FF - plugin: c:\program files\google\google earth\plugin\npgeplugin.dll
FF - plugin: c:\program files\google\update\1.3.21.135\npGoogleUpdate3.dll
FF - plugin: c:\program files\java\jre7\bin\plugin2\npjp2.dll
FF - plugin: c:\program files\microsoft silverlight\5.1.20125.0\npctrlui.dll
FF - plugin: c:\program files\mozilla firefox\plugins\npatgpc.dll
FF - plugin: c:\program files\msn toolbar\platform\5.0.1449.0\npwinext.dll
FF - plugin: c:\windows\system32\macromed\flash\NPSWF32_11_7_700_169.dll
FF - plugin: c:\windows\system32\npDeployJava1.dll
FF - plugin: c:\windows\system32\npptools.dll
FF - ExtSQL: !HIDDEN! 2010-01-08 22:12; {20a82645-c095-46ed-80e3-08825760534b}; c:\windows\microsoft.net\framework\v3.5\windows presentation foundation\DotNetAssistantExtension
FF - ExtSQL: !HIDDEN! 2012-04-17 15:40; 4f8db76170714@4f8db76170716.info; c:\documents and settings\dhartman\application data\mozilla\firefox\profiles\u3fxcwrd.default\extensions\4f8db76170714@4f8db76170716.info
FF - ExtSQL: !HIDDEN! 2013-01-03 10:46; smartwebprinting@hp.com; c:\program files\hp\digital imaging\smart web printing\MozillaAddOn3
.
============= SERVICES / DRIVERS ===============
.
R1 raddrvv3;raddrvv3;c:\windows\system32\rserver30\raddrvv3.sys [2009-10-9 46304]
R1 SASDIFSV;SASDIFSV;c:\program files\superantispyware\sasdifsv.sys [2010-2-17 12872]
R1 SASKUTIL;SASKUTIL;c:\program files\superantispyware\SASKUTIL.SYS [2010-5-10 67656]
R2 LnsMtsSvc;Echelon Support Service for Microsoft Terminal Services (MTS);c:\program files\lonworks\bin\LnsMtsSvc.exe [2011-8-16 70984]
R2 MBAMScheduler;MBAMScheduler;c:\program files\malwarebytes' anti-malware\mbamscheduler.exe [2012-11-23 418376]
R2 Motorola Device Manager;Motorola Device Manager Service;c:\program files\motorola mobility\motorola device manager\MotoHelperService.exe [2012-10-23 120728]
R2 MSSQL$MNTTOOL;SQL Server (MNTTOOL);c:\program files\microsoft sql server\mssql.1\mssql\binn\sqlservr.exe [2007-2-10 29178224]
R2 Niagara;Niagara;c:\jci\fxworkbench-4.1\bin\niagarad.exe [2012-12-2 246096]
R2 NPF;NetGroup Packet Filter Driver;c:\windows\system32\drivers\npf.sys [2010-6-25 35088]
R2 Tracer TU Service;Tracer TU Service;c:\program files\trane\tracertu.service\EvoUSB.exe [2011-8-1 76288]
R2 vpnagent;Cisco AnyConnect Secure Mobility Agent;c:\program files\cisco\cisco anyconnect secure mobility client\vpnagent.exe [2011-7-20 468432]
R3 AESTAud;AE Audio Service;c:\windows\system32\drivers\AESTAud.sys [2009-11-12 112512]
R3 IntcHdmiAddService;Intel® High Definition Audio HDMI Service;c:\windows\system32\drivers\IntcHdmi.sys [2009-11-12 109568]
R3 mbamchameleon;mbamchameleon;c:\windows\system32\drivers\mbamchameleon.sys [2013-5-3 35144]
R3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [2012-7-27 22856]
R3 mirrorv3;mirrorv3;c:\windows\system32\drivers\rminiv3.sys [2009-10-9 3328]
R3 SRS_PremiumSound_Service;SRS Labs Premium Sound;c:\windows\system32\drivers\SRS_PremiumSound_i386.sys [2009-11-12 232744]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\microsoft.net\framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
S2 MBAMService;MBAMService;c:\program files\malwarebytes' anti-malware\mbamservice.exe [2012-7-27 701512]
S3 ACRUSBTM;ACRUSBTM;c:\windows\system32\drivers\ACRUSBTM.SYS [2011-6-22 28672]
S3 acsint;acsint;c:\windows\system32\drivers\acsint.sys [2012-7-21 36624]
S3 acsmux;acsmux;c:\windows\system32\drivers\acsmux.sys [2012-7-21 46480]
S3 ATService;AuthenTec Fingerprint Service;c:\program files\fingerprint sensor\AtService.exe [2009-5-15 1803512]
S3 CCNCommMgr;CCN Communications Manager;c:\program files\common files\carrier shared\ccn communication\CCNCommMgr.exe [2010-1-7 118784]
S3 FTD2XX;FTD2XX.SYS FT8U2XX device driver;c:\windows\system32\drivers\FTD2XX.sys [2006-5-17 29404]
S3 LdvxBroker;Echelon xDriver Connection Broker;c:\program files\lonworks\bin\LdvxBroker.exe [2011-8-16 142664]
S3 motusbdevice;Motorola USB Dev Driver;c:\windows\system32\drivers\motusbdevice.sys --> c:\windows\system32\drivers\motusbdevice.sys [?]
S3 MSHUSBVideo;NX6000/NX3000/VX5000/VX5500/VX2000/VX7000 Filter Driver;c:\windows\system32\drivers\nx6000.sys [2010-1-31 30560]
S3 NAXMp50;NAXMp50 NDIS Protocol Driver;c:\windows\system32\drivers\NAXMp50.sys [2010-1-20 28224]
S3 NAXSp50;NAXSp50 NDIS Protocol Driver;c:\windows\system32\drivers\NAXSp50.sys [2010-1-20 27072]
S3 nBacES50;NDIS 5.0 SPR Protocol Driver for Niagara;c:\windows\system32\drivers\nBacES50.sys [2011-11-21 28032]
S3 NDNDISSp50;NDNDISSp50 NDIS Protocol Driver;c:\progra~1\deltac~1\3.33\system\NDNDISSp50.SYS [2013-1-21 27048]
S3 NvtSp50;NvtSp50 NDIS Protocol Driver;c:\windows\system32\drivers\nvtsp50.sys --> c:\windows\system32\drivers\NvtSp50.sys [?]
S3 NWUSBCDFIL;Novatel Wireless Installation CD;c:\windows\system32\drivers\NwUsbCdFil.sys [2010-7-8 20480]
S3 NWUSBModem_000;Novatel Wireless USB Modem Driver (vGEN);c:\windows\system32\drivers\nwusbmdm_000.sys [2010-7-8 176384]
S3 NWUSBPort_000;Novatel Wireless USB Status Port Driver (vGEN);c:\windows\system32\drivers\nwusbser_000.sys [2010-7-8 176384]
S3 NWUSBPort2_000;Novatel Wireless USB Status2 Port Driver (vGEN);c:\windows\system32\drivers\nwusbser2_000.sys [2010-7-8 176384]
S3 RServer3;Radmin Server V3;c:\windows\system32\rserver30\rserver3.exe [2009-10-9 1242504]
S3 SMSIVZAM5;SMSIVZAM5 NDIS Protocol Driver;c:\progra~1\verizo~1\vzacce~1\SMSIVZAM5.SYS [2010-4-14 32408]
S3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;c:\windows\microsoft.net\framework\v4.0.30319\wpf\WPFFontCache_v0400.exe [2010-3-18 753504]
.
=============== Created Last 30 ================
.
2013-05-03 20:33:14    35144    ----a-w-    c:\windows\system32\drivers\mbamchameleon.sys
2013-04-15 14:12:19    --------    d-----w-    C:\bin
2013-04-14 01:47:01    26520    ----a-w-    c:\program files\mozilla firefox\plugin-hang-ui.exe
.
==================== Find3M  ====================
.
2013-04-20 22:29:06    71048    ----a-w-    c:\windows\system32\FlashPlayerCPLApp.cpl
2013-04-20 22:29:06    691592    ----a-w-    c:\windows\system32\FlashPlayerApp.exe
2013-04-04 18:50:32    22856    ----a-w-    c:\windows\system32\drivers\mbam.sys
2013-03-10 00:01:12    94112    ----a-w-    c:\windows\system32\WindowsAccessBridge.dll
2013-03-10 00:01:11    861088    ----a-w-    c:\windows\system32\npDeployJava1.dll
2013-03-10 00:01:11    782240    ----a-w-    c:\windows\system32\deployJava1.dll
2013-03-10 00:01:11    143872    ----a-w-    c:\windows\system32\javacpl.cpl
2013-03-08 08:36:22    293376    ----a-w-    c:\windows\system32\winsrv.dll
2013-03-07 01:35:46    2149888    ----a-w-    c:\windows\system32\ntoskrnl.exe
2013-03-07 00:53:36    2028544    ----a-w-    c:\windows\system32\ntkrnlpa.exe
2013-03-02 02:06:31    916480    ----a-w-    c:\windows\system32\wininet.dll
2013-03-02 02:06:30    43520    ----a-w-    c:\windows\system32\licmgr10.dll
2013-03-02 02:06:30    1469440    ------w-    c:\windows\system32\inetcpl.cpl
2013-03-02 01:31:30    1876224    ----a-w-    c:\windows\system32\win32k.sys
2013-03-02 01:08:47    385024    ----a-w-    c:\windows\system32\html.iec
2013-02-27 07:56:51    2067456    ----a-w-    c:\windows\system32\mstscax.dll
2013-02-12 00:32:23    12928    ----a-w-    c:\windows\system32\drivers\usb8023.sys
2008-04-03 19:16:32    12337352    ----a-w-    c:\program files\common files\WDVIEWER.EXE
2008-04-03 19:13:50    752944    ----a-w-    c:\program files\common files\HHUPD.EXE
.
============= FINISH: 19:25:44.45 ===============
 

 

Attached Files



BC AdBot (Login to Remove)

 


#2 HelpBot

HelpBot

    Bleepin' Binary Bot


  • Bots
  • 12,730 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:05:08 AM

Posted 08 May 2013 - 06:35 PM

Hello and welcome to Bleeping Computer!

I am HelpBot: an automated program designed to help the Bleeping Computer Staff better assist you! This message contains very important information, so please read through all of it before doing anything.

We apologize for the delay in responding to your request for help. Here at Bleeping Computer we get overwhelmed at times, and we are trying our best to keep up. Please note that your topic was not intentionally overlooked. Our mission is to help everyone in need, but sometimes it takes just a little longer to get to every request for help. No one is ignored here.

To help Bleeping Computer better assist you please perform the following steps:

***************************************************

step1.gif In order to continue receiving help at BleepingComputer.com, YOU MUST tell me if you still need help or if your issue has already been resolved on your own or through another resource! To tell me this, please click on the following link and follow the instructions there.

CLICK THIS LINK >>> http://www.bleepingcomputer.com/logreply/493472 <<< CLICK THIS LINK



If you no longer need help, then all you needed to do was the previous instructions of telling me so. You can skip the rest of this post. If you do need help please continue with Step 2 below.

***************************************************

step2.gifIf you still need help, I would like you to post a Reply to this topic (click the "Add Reply" button in the lower right hand of this page). In that reply, please include the following information:

  • If you have not done so already, include a clear description of the problems you're having, along with any steps you may have performed so far.
  • A new DDS log. For your convenience, you will find the instructions for generating these logs repeated at the bottom of this post.
    • Please do this even if you have previously posted logs for us.
    • If you were unable to produce the logs originally please try once more.
    • If you are unable to create a log please provide detailed information about your installed Windows Operating System including the Version, Edition and if it is a 32bit or a 64bit system.
    • If you are unsure about any of these characteristics just post what you can and we will guide you.
  • Please tell us if you have your original Windows CD/DVD available.
  • Upon completing the above steps and posting a reply, another staff member will review your topic and do their best to resolve your issues.

Thank you for your patience, and again sorry for the delay.

***************************************************

We need to see some information about what is happening in your machine. Please perform the following scan again:

  • Download DDS by sUBs from the following link if you no longer have it available and save it to your destop.

    DDS.com Download Link
  • Double click on the DDS icon, allow it to run.
  • A small box will open, with an explanation about the tool. No input is needed, the scan is running.
  • Notepad will open with the results.
  • Follow the instructions that pop up for posting the results.
  • Close the program window, and delete the program from your desktop.
Please note: You may have to disable any script protection running if the scan fails to run. After downloading the tool, disconnect from the internet and disable all antivirus protection. Run the scan, enable your A/V and reconnect to the internet.

Information on A/V control can be found HERE.

As I am just a silly little program running on the BleepingComputer.com servers, please do not send me private messages as I do not know how to read and reply to them! Thanks!

#3 jadams0173

jadams0173
  • Topic Starter

  • Members
  • 15 posts
  • OFFLINE
  •  
  • Local time:05:08 AM

Posted 08 May 2013 - 09:17 PM

DDS (Ver_2012-11-20.01) - NTFS_x86
Internet Explorer: 8.0.6001.18702  BrowserJavaVersion: 10.17.2
Run by DHartman at 22:15:45 on 2013-05-08
Microsoft Windows XP Professional  5.1.2600.3.1252.1.1033.18.2003.982 [GMT -4:00]
.
.
============== Running Processes ================
.
C:\Program Files\Cisco\Cisco AnyConnect Secure Mobility Client\vpnagent.exe
C:\WINDOWS\System32\WLTRYSVC.EXE
C:\WINDOWS\System32\bcmwltry.exe
C:\WINDOWS\system32\spoolsv.exe
c:\drivers\audio\r213367\stacsv.exe
C:\Program Files\Juniper Networks\Common Files\dsNcService.exe
C:\Program Files\Java\jre7\bin\jqs.exe
C:\Program Files\LonWorks\bin\LnsMtsSvc.exe
C:\Program Files\Malwarebytes' Anti-Malware\mbamscheduler.exe
C:\Program Files\Motorola Mobility\Motorola Device Manager\MotoHelperService.exe
c:\Program Files\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe
C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
c:\Program Files\Microsoft SQL Server\90\Shared\sqlbrowser.exe
C:\Program Files\Trane\TracerTU.Service\EvoUSB.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
C:\WINDOWS\system32\SearchIndexer.exe
C:\Program Files\Motorola Mobility\Motorola Device Manager\MotoHelperAgent.exe
C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTMon.exe
C:\Program Files\WIDCOMM\Bluetooth Software\bin\btwdins.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
C:\WINDOWS\System32\alg.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\DellTPad\Apoint.exe
C:\Program Files\IDT\WDM\sttray.exe
C:\WINDOWS\system32\AESTFltr.exe
C:\WINDOWS\system32\hkcmd.exe
C:\WINDOWS\system32\igfxpers.exe
C:\WINDOWS\system32\igfxsrvc.exe
C:\Program Files\Intel\Intel Matrix Storage Manager\iaanotif.exe
C:\WINDOWS\system32\WLTRAY.exe
C:\Program Files\CyberLink\PowerDVD DX\PDVDDXSrv.exe
C:\Program Files\DellTPad\ApMsgFwd.exe
C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\DellTPad\Apntex.exe
C:\Program Files\Mouse Setting\Mouse Setting Software\4.0\ACQTMAPP.exe
C:\Program Files\DellTPad\HidFind.exe
C:\Program Files\Elaborate Bytes\VirtualCloneDrive\VCDDaemon.exe
C:\Program Files\Cisco\Cisco AnyConnect Secure Mobility Client\vpnui.exe
C:\Program Files\Mouse Setting\Mouse Setting Software\4.0\ACQHIDCL.DAT
C:\Program Files\MSN Toolbar\Platform\5.0.1449.0\mswinext.exe
C:\Program Files\Delta Controls\3.33\System\siTray.exe
C:\Program Files\Common Files\Java\Java Update\jusched.exe
C:\Program Files\Common Files\InstallShield\UpdateService\ISUSPM.exe
C:\Documents and Settings\DHartman\Local Settings\Application Data\Akamai\netsession_win.exe
C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe
C:\Documents and Settings\DHartman\Local Settings\Application Data\Akamai\netsession_win.exe
C:\PROGRA~1\WIDCOMM\BLUETO~1\BTSTAC~1.EXE
C:\Program Files\iPod\bin\iPodService.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Microsoft Office\Office14\WINWORD.EXE
C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE
C:\PROGRA~1\MICROS~4\Office14\OUTLOOK.EXE
C:\Program Files\Common Files\Java\Java Update\jucheck.exe
C:\JCI\FXSupervisorDemo-3.0\bin\niagarad.exe
C:\WINDOWS\system32\crypserv.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Adobe\Reader 10.0\Reader\AcroRd32.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\WINDOWS\system32\SearchProtocolHost.exe
C:\WINDOWS\system32\SearchFilterHost.exe
C:\WINDOWS\system32\wbem\wmiprvse.exe
C:\WINDOWS\system32\svchost.exe -k DcomLaunch
C:\WINDOWS\system32\svchost.exe -k rpcss
C:\WINDOWS\System32\svchost.exe -k netsvcs
C:\WINDOWS\system32\svchost.exe -k NetworkService
C:\WINDOWS\system32\svchost.exe -k LocalService
C:\WINDOWS\system32\svchost.exe -k LocalService
C:\WINDOWS\system32\svchost.exe -k hpdevmgmt
C:\WINDOWS\system32\svchost.exe -k HPService
C:\WINDOWS\system32\svchost.exe -k imgsvc
C:\WINDOWS\system32\svchost.exe -k netsvcs
.
============== Pseudo HJT Report ===============
.
uStart Page = hxxp://www.sylcoc.com/
uInternet Connection Wizard,ShellNext = ftp://mail.goecsi.com/Public/LP-FXSPDEM-6%202.2/
uProxyOverride = <local>;192.168.*.*
dURLSearchHooks: {A3BC75A2-1F87-4686-AA43-5347D756017C} - <orphaned>
BHO: HP Print Enhancer: {0347C33E-8762-4905-BF09-768834316C61} - c:\program files\hp\digital imaging\smart web printing\hpswp_printenhancer.dll
BHO: Adobe PDF Link Helper: {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll
BHO: AVG Safe Search: {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} -
BHO: Search Helper: {6EBF7485-159F-4bff-A14F-B9E3AAC4465B} - c:\program files\microsoft\search enhancement pack\search helper\SEPsearchhelperie.dll
BHO: Groove GFS Browser Helper: {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - c:\program files\microsoft office\office14\GROOVEEX.DLL
BHO: Java™ Plug-In SSV Helper: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - c:\program files\java\jre7\bin\ssv.dll
BHO: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - c:\program files\common files\microsoft shared\windows live\WindowsLiveLogin.dll
BHO: Office Document Cache Handler: {B4F3A835-0E21-4959-BA22-42B3008E02FF} - c:\program files\microsoft office\office14\URLREDIR.DLL
BHO: Bing Bar BHO: {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - c:\program files\msn toolbar\platform\5.0.1449.0\npwinext.dll
BHO: Java™ Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - c:\program files\java\jre7\bin\jp2ssv.dll
BHO: HP Smart BHO Class: {FFFFFFFF-CF4E-4F2B-BDC2-0E72E116A856} - c:\program files\hp\digital imaging\smart web printing\hpswp_BHO.dll
TB: @c:\program files\msn toolbar\platform\5.0.1449.0\npwinext.dll,-100: {8dcb7100-df86-4384-8842-8fa844297b3f} - c:\program files\msn toolbar\platform\5.0.1449.0\npwinext.dll
EB: HP Smart Web Printing: {555D4D79-4BD2-4094-A395-CFC534424A05} - c:\program files\hp\digital imaging\smart web printing\hpswp_bho.dll
uRun: [ISUSPM] "c:\program files\common files\installshield\updateservice\ISUSPM.exe" -scheduler
uRun: [Akamai NetSession Interface] "c:\documents and settings\dhartman\local settings\application data\akamai\netsession_win.exe"
uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe
mRun: [Apoint] c:\program files\delltpad\Apoint.exe
mRun: [SysTrayApp] c:\program files\idt\wdm\sttray.exe
mRun: [AESTFltr] c:\windows\system32\AESTFltr.exe /NoDlg
mRun: [IgfxTray] c:\windows\system32\igfxtray.exe
mRun: [HotKeysCmds] c:\windows\system32\hkcmd.exe
mRun: [Persistence] c:\windows\system32\igfxpers.exe
mRun: [IAAnotif] c:\program files\intel\intel matrix storage manager\iaanotif.exe
mRun: [Broadcom Wireless Manager UI] c:\windows\system32\WLTRAY.exe
mRun: [PDVDDXSrv] "c:\program files\cyberlink\powerdvd dx\PDVDDXSrv.exe"
mRun: [HP Software Update] c:\program files\hp\hp software update\HPWuSchd2.exe
mRun: [iTunesHelper] "c:\program files\itunes\iTunesHelper.exe"
mRun: [Adobe ARM] "c:\program files\common files\adobe\arm\1.0\AdobeARM.exe"
mRun: [ACQTMOUSE] "c:\program files\mouse setting\mouse setting software\4.0\ACQTMAPP.exe"
mRun: [VirtualCloneDrive] "c:\program files\elaborate bytes\virtualclonedrive\VCDDaemon.exe" /s
mRun: [BCSSync] "c:\program files\microsoft office\office14\BCSSync.exe" /DelayServices
mRun: [Cisco AnyConnect Secure Mobility Agent for Windows] "c:\program files\cisco\cisco anyconnect secure mobility client\vpnui.exe" -minimized
mRun: [BrMfcWnd] c:\program files\brother\brmfcmon\BrMfcWnd.exe /AUTORUN
mRun: [ControlCenter3] c:\program files\brother\controlcenter3\brctrcen.exe /autorun
mRun: [Bing Bar] "c:\program files\msn toolbar\platform\5.0.1449.0\mswinext.exe"
mRun: [Microsoft Default Manager] "c:\program files\microsoft\search enhancement pack\default manager\DefMgr.exe" -resume
mRun: [APSDaemon] "c:\program files\common files\apple\apple application support\APSDaemon.exe"
mRun: [QuickTime Task] "c:\program files\quicktime\qttask.exe" -atboottime
mRun: [Delta Tray] c:\program files\delta controls\3.33\system\siTray.exe
mRun: [SunJavaUpdateSched] "c:\program files\common files\java\java update\jusched.exe"
mRunOnce: [Z1] cmd /c "c:\documents and settings\dhartman\my documents\downloads\mbar-1.05.0.1001\mbar\mbar.exe" /cleanup /s
dRun: [DWQueuedReporting] "c:\progra~1\common~1\micros~1\dw\dwtrig20.exe" -t
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\blueto~1.lnk - c:\program files\widcomm\bluetooth software\BTTray.exe
uPolicies-Explorer: NoDriveAutoRun = dword:67108863
uPolicies-Explorer: NoDrives = dword:0
mPolicies-Explorer: NoDriveAutoRun = dword:67108863
mPolicies-Explorer: NoDrives = dword:0
mPolicies-Explorer: NoDriveAutoRun = dword:67108863
IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - c:\program files\microsoft office\office14\ONBttnIE.dll
IE: {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - {FFFDC614-B694-4AE6-AB38-5D6374584B52} - c:\program files\microsoft office\office14\ONBttnIELinkedNotes.dll
IE: {CCA281CA-C863-46ef-9331-5C8D4460577F} - c:\program files\widcomm\bluetooth software\btsendto_ie.htm
IE: {DDE87865-83C5-48c4-8357-2F5B1AA84522} - {DDE87865-83C5-48c4-8357-2F5B1AA84522} - c:\program files\hp\digital imaging\smart web printing\hpswp_BHO.dll
IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
Trusted Zone: dell.com
DPF: {01A88BB1-1174-41EC-ACCB-963509EAE56B} - hxxp://support.dell.com/systemprofiler/SysPro.CAB
DPF: {0742B9EF-8C83-41CA-BFBA-830A59E23533} - hxxps://oas.support.microsoft.com/ActiveX/MSDcode.cab
DPF: {1B9935E4-8A50-4DD8-BD09-A7518723BF97} - hxxp://netagent.inds.com/netagent/objects/custappx3.cab
DPF: {2EA5DD45-9254-4B0D-9F48-E92FEC3A9754} - hxxps://simulcast.manheim.com/simulcast_docs/av/SimulcastAVPlugin-win-ie.cab
DPF: {362C56AA-6E4F-40C7-A0B5-85501DBDAD77} - hxxp://i.dell.com/images/global/js/scanner/SysProExe.cab
DPF: {45830FF9-D9E6-4F41-86ED-B266933D8E90} - hxxp://192.168.1.61/RtspVaPgDec.cab
DPF: {485D813E-EE26-4DF8-9FAF-DEDF2885306E} - hxxp://mainserver/connectcomputer/nshelp.dll
DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} - hxxp://www.update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1359985209109
DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} - hxxp://download.eset.com/special/eos/OnlineScanner.cab
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.7.0/jinstall-1_7_0_11-windows-i586.cab
DPF: {CAFEEFAC-0017-0000-0009-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.7.0/jinstall-1_7_0_09-windows-i586.cab
DPF: {CAFEEFAC-0017-0000-0011-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.7.0/jinstall-1_7_0_11-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.7.0/jinstall-1_7_0_11-windows-i586.cab
DPF: {CC679CB8-DC4B-458B-B817-D447B3B6AC31} - hxxps://198.86.53.50/CACHE/stc/1/binaries/vpnweb.cab
DPF: {DE625294-70E6-45ED-B895-CFFA13AEB044} - hxxp://24.199.235.210/activex/AMC.cab
DPF: {E06E2E99-0AA1-11D4-ABA6-0060082AA75C} -
DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
DPF: {F27237D7-93C8-44C2-AC6E-D6057B9A918F} - hxxps://ssl.jgr18.com/dana-cached/sc/JuniperSetupClient.cab
TCP: NameServer = 192.168.1.1
TCP: Interfaces\{4635568B-2587-4633-B288-B4BE959768FA} : DHCPNameServer = 192.168.1.1
Filter: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - c:\program files\common files\microsoft shared\office14\MSOXMLMF.DLL
Notify: !SASWinLogon - c:\program files\superantispyware\SASWINLO.DLL
Notify: igfxcui - igfxdev.dll
SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll
SEH: Windows Desktop Search Namespace Manager - {56F9679E-7826-4C84-81F3-532071A8BCC5} - c:\program files\windows desktop search\MSNLNamespaceMgr.dll
SEH: SABShellExecuteHook Class - {5AE067D3-9AFB-48E0-853A-EBB7F4A000DA} - c:\program files\superantispyware\SASSEH.DLL
SEH: Groove GFS Stub Execution Hook - {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - c:\program files\microsoft office\office14\GROOVEEX.DLL
.
================= FIREFOX ===================
.
FF - ProfilePath - c:\documents and settings\dhartman\application data\mozilla\firefox\profiles\u3fxcwrd.default\
FF - prefs.js: keyword.URL - hxxp://search.avg.com/route/?d=4c699519&v=6.103.018.001&i=23&tp=ab&iy=&ychte=us&lng=en-US&q=
FF - plugin: c:\documents and settings\dhartman\local settings\application data\google\update\1.3.21.135\npGoogleUpdate3.dll
FF - plugin: c:\progra~1\micros~4\office14\NPAUTHZ.DLL
FF - plugin: c:\progra~1\micros~4\office14\NPSPWRAP.DLL
FF - plugin: c:\program files\adobe\reader 10.0\reader\air\nppdf32.dll
FF - plugin: c:\program files\google\google earth\plugin\npgeplugin.dll
FF - plugin: c:\program files\google\update\1.3.21.135\npGoogleUpdate3.dll
FF - plugin: c:\program files\java\jre7\bin\plugin2\npjp2.dll
FF - plugin: c:\program files\microsoft silverlight\5.1.20125.0\npctrlui.dll
FF - plugin: c:\program files\mozilla firefox\plugins\npatgpc.dll
FF - plugin: c:\program files\msn toolbar\platform\5.0.1449.0\npwinext.dll
FF - plugin: c:\windows\system32\macromed\flash\NPSWF32_11_7_700_169.dll
FF - plugin: c:\windows\system32\npDeployJava1.dll
FF - plugin: c:\windows\system32\npptools.dll
FF - ExtSQL: !HIDDEN! 2010-01-08 22:12; {20a82645-c095-46ed-80e3-08825760534b}; c:\windows\microsoft.net\framework\v3.5\windows presentation foundation\DotNetAssistantExtension
FF - ExtSQL: !HIDDEN! 2012-04-17 15:40; 4f8db76170714@4f8db76170716.info; c:\documents and settings\dhartman\application data\mozilla\firefox\profiles\u3fxcwrd.default\extensions\4f8db76170714@4f8db76170716.info
FF - ExtSQL: !HIDDEN! 2013-01-03 10:46; smartwebprinting@hp.com; c:\program files\hp\digital imaging\smart web printing\MozillaAddOn3
.
============= SERVICES / DRIVERS ===============
.
R1 raddrvv3;raddrvv3;c:\windows\system32\rserver30\raddrvv3.sys [2009-10-9 46304]
R1 SASDIFSV;SASDIFSV;c:\program files\superantispyware\sasdifsv.sys [2010-2-17 12872]
R1 SASKUTIL;SASKUTIL;c:\program files\superantispyware\SASKUTIL.SYS [2010-5-10 67656]
R2 LnsMtsSvc;Echelon Support Service for Microsoft Terminal Services (MTS);c:\program files\lonworks\bin\LnsMtsSvc.exe [2011-8-16 70984]
R2 MBAMScheduler;MBAMScheduler;c:\program files\malwarebytes' anti-malware\mbamscheduler.exe [2012-11-23 418376]
R2 Motorola Device Manager;Motorola Device Manager Service;c:\program files\motorola mobility\motorola device manager\MotoHelperService.exe [2012-10-23 120728]
R2 MSSQL$MNTTOOL;SQL Server (MNTTOOL);c:\program files\microsoft sql server\mssql.1\mssql\binn\sqlservr.exe [2007-2-10 29178224]
R2 Niagara;Niagara;c:\jci\fxsupervisordemo-3.0\bin\niagarad.exe [2011-1-7 230400]
R2 NPF;NetGroup Packet Filter Driver;c:\windows\system32\drivers\npf.sys [2010-6-25 35088]
R2 Tracer TU Service;Tracer TU Service;c:\program files\trane\tracertu.service\EvoUSB.exe [2011-8-1 76288]
R2 vpnagent;Cisco AnyConnect Secure Mobility Agent;c:\program files\cisco\cisco anyconnect secure mobility client\vpnagent.exe [2011-7-20 468432]
R3 AESTAud;AE Audio Service;c:\windows\system32\drivers\AESTAud.sys [2009-11-12 112512]
R3 IntcHdmiAddService;Intel® High Definition Audio HDMI Service;c:\windows\system32\drivers\IntcHdmi.sys [2009-11-12 109568]
R3 mbamchameleon;mbamchameleon;c:\windows\system32\drivers\mbamchameleon.sys [2013-5-3 35144]
R3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [2012-7-27 22856]
R3 mirrorv3;mirrorv3;c:\windows\system32\drivers\rminiv3.sys [2009-10-9 3328]
R3 SRS_PremiumSound_Service;SRS Labs Premium Sound;c:\windows\system32\drivers\SRS_PremiumSound_i386.sys [2009-11-12 232744]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\microsoft.net\framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
S2 MBAMService;MBAMService;c:\program files\malwarebytes' anti-malware\mbamservice.exe [2012-7-27 701512]
S3 ACRUSBTM;ACRUSBTM;c:\windows\system32\drivers\ACRUSBTM.SYS [2011-6-22 28672]
S3 acsint;acsint;c:\windows\system32\drivers\acsint.sys [2012-7-21 36624]
S3 acsmux;acsmux;c:\windows\system32\drivers\acsmux.sys [2012-7-21 46480]
S3 ATService;AuthenTec Fingerprint Service;c:\program files\fingerprint sensor\AtService.exe [2009-5-15 1803512]
S3 CCNCommMgr;CCN Communications Manager;c:\program files\common files\carrier shared\ccn communication\CCNCommMgr.exe [2010-1-7 118784]
S3 FTD2XX;FTD2XX.SYS FT8U2XX device driver;c:\windows\system32\drivers\FTD2XX.sys [2006-5-17 29404]
S3 LdvxBroker;Echelon xDriver Connection Broker;c:\program files\lonworks\bin\LdvxBroker.exe [2011-8-16 142664]
S3 motusbdevice;Motorola USB Dev Driver;c:\windows\system32\drivers\motusbdevice.sys --> c:\windows\system32\drivers\motusbdevice.sys [?]
S3 MSHUSBVideo;NX6000/NX3000/VX5000/VX5500/VX2000/VX7000 Filter Driver;c:\windows\system32\drivers\nx6000.sys [2010-1-31 30560]
S3 NAXMp50;NAXMp50 NDIS Protocol Driver;c:\windows\system32\drivers\NAXMp50.sys [2010-1-20 28224]
S3 NAXSp50;NAXSp50 NDIS Protocol Driver;c:\windows\system32\drivers\NAXSp50.sys [2010-1-20 27072]
S3 nBacES50;NDIS 5.0 SPR Protocol Driver for Niagara;c:\windows\system32\drivers\nBacES50.sys [2011-11-21 28032]
S3 NDNDISSp50;NDNDISSp50 NDIS Protocol Driver;c:\progra~1\deltac~1\3.33\system\NDNDISSp50.SYS [2013-1-21 27048]
S3 NvtSp50;NvtSp50 NDIS Protocol Driver;c:\windows\system32\drivers\nvtsp50.sys --> c:\windows\system32\drivers\NvtSp50.sys [?]
S3 NWUSBCDFIL;Novatel Wireless Installation CD;c:\windows\system32\drivers\NwUsbCdFil.sys [2010-7-8 20480]
S3 NWUSBModem_000;Novatel Wireless USB Modem Driver (vGEN);c:\windows\system32\drivers\nwusbmdm_000.sys [2010-7-8 176384]
S3 NWUSBPort_000;Novatel Wireless USB Status Port Driver (vGEN);c:\windows\system32\drivers\nwusbser_000.sys [2010-7-8 176384]
S3 NWUSBPort2_000;Novatel Wireless USB Status2 Port Driver (vGEN);c:\windows\system32\drivers\nwusbser2_000.sys [2010-7-8 176384]
S3 RServer3;Radmin Server V3;c:\windows\system32\rserver30\rserver3.exe [2009-10-9 1242504]
S3 SMSIVZAM5;SMSIVZAM5 NDIS Protocol Driver;c:\progra~1\verizo~1\vzacce~1\SMSIVZAM5.SYS [2010-4-14 32408]
S3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;c:\windows\microsoft.net\framework\v4.0.30319\wpf\WPFFontCache_v0400.exe [2010-3-18 753504]
.
=============== Created Last 30 ================
.
2013-05-03 20:33:14    35144    ----a-w-    c:\windows\system32\drivers\mbamchameleon.sys
2013-04-15 14:12:19    --------    d-----w-    C:\bin
2013-04-14 01:47:01    26520    ----a-w-    c:\program files\mozilla firefox\plugin-hang-ui.exe
.
==================== Find3M  ====================
.
2013-04-20 22:29:06    71048    ----a-w-    c:\windows\system32\FlashPlayerCPLApp.cpl
2013-04-20 22:29:06    691592    ----a-w-    c:\windows\system32\FlashPlayerApp.exe
2013-04-04 18:50:32    22856    ----a-w-    c:\windows\system32\drivers\mbam.sys
2013-03-10 00:01:12    94112    ----a-w-    c:\windows\system32\WindowsAccessBridge.dll
2013-03-10 00:01:11    861088    ----a-w-    c:\windows\system32\npDeployJava1.dll
2013-03-10 00:01:11    782240    ----a-w-    c:\windows\system32\deployJava1.dll
2013-03-10 00:01:11    143872    ----a-w-    c:\windows\system32\javacpl.cpl
2013-03-08 08:36:22    293376    ----a-w-    c:\windows\system32\winsrv.dll
2013-03-07 01:35:46    2149888    ----a-w-    c:\windows\system32\ntoskrnl.exe
2013-03-07 00:53:36    2028544    ----a-w-    c:\windows\system32\ntkrnlpa.exe
2013-03-02 02:06:31    916480    ----a-w-    c:\windows\system32\wininet.dll
2013-03-02 02:06:30    43520    ----a-w-    c:\windows\system32\licmgr10.dll
2013-03-02 02:06:30    1469440    ------w-    c:\windows\system32\inetcpl.cpl
2013-03-02 01:31:30    1876224    ----a-w-    c:\windows\system32\win32k.sys
2013-03-02 01:08:47    385024    ----a-w-    c:\windows\system32\html.iec
2013-02-27 07:56:51    2067456    ----a-w-    c:\windows\system32\mstscax.dll
2013-02-12 00:32:23    12928    ----a-w-    c:\windows\system32\drivers\usb8023.sys
2008-04-03 19:16:32    12337352    ----a-w-    c:\program files\common files\WDVIEWER.EXE
2008-04-03 19:13:50    752944    ----a-w-    c:\program files\common files\HHUPD.EXE
.
============= FINISH: 22:16:42.70 ===============
 



#4 nasdaq

nasdaq

  • Malware Response Team
  • 39,903 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:05:08 AM

Posted 10 May 2013 - 07:23 AM

Hello, Welcome to BleepingComputer.
I'm nasdaq and will be helping you.

If you can please print this topic it will make it easier for you to follow the instructions and complete all of the necessary steps.
===

--RogueKiller--
  • Download & SAVE to your Desktop RogueKiller for 32bit or Roguekiller for 64bit
  • Quit all programs that you may have started.
  • Please disconnect any USB or external drives from the computer before you run this scan!
  • For Vista or Windows 7, right-click and select "Run as Administrator to start"
  • For Windows XP, double-click to start.
  • Wait until Prescan has finished ...
  • Then Click on "Scan" button
  • Wait until the Status box shows "Scan Finished"
  • click on "delete"
  • Wait until the Status box shows "Deleting Finished"
  • Click on "Report" and copy/paste the content of the Notepad into your next reply.
  • The log should be found in RKreport[1].txt on your Desktop
  • Exit/Close RogueKiller+
  • ===

    Third party programs if not up to date can be the cause of infiltration an infection.

    Please run this security check for my review.

    Download Security Check by screen317 from here.
  • Save it to your Desktop.
  • Double click SecurityCheck.exe and follow the onscreen instructions inside of the black box.
  • A Notepad document should open automatically called checkup.txt; please post the contents of that document.
  • ===

    Search and delete the AdWare, PUP (Potentially Unwanted Program) installed on your computer.

    Please download AdwCleaner by Xplode onto your Desktop.
  • Close all open programs and internet browsers.
  • Double click on AdwCleaner.exe to run the tool.
  • Click on Delete tab follow the prompts.
  • A log file will automatically open after the scan has finished.
  • Please post the content of that log file with your next answer.
  • You can find the log file at C:\AdwCleaner[Rn].txt (n is a number).
  • ===

    Post the logs for my review.


#5 jadams0173

jadams0173
  • Topic Starter

  • Members
  • 15 posts
  • OFFLINE
  •  
  • Local time:05:08 AM

Posted 10 May 2013 - 10:25 AM

Thanks!  Here are the logs.  The problem still exists.

 

# AdwCleaner v2.300 - Logfile created 05/10/2013 at 11:14:45
# Updated 28/04/2013 by Xplode
# Operating system : Microsoft Windows XP Service Pack 3 (32 bits)
# User : DHartman - SCIJace
# Boot Mode : Normal
# Running from : C:\Documents and Settings\DHartman\Desktop\adwcleaner(1).exe
# Option [Delete]


***** [Services] *****


***** [Files / Folders] *****


***** [Registry] *****

Key Deleted : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\0FF2AEFF45EEA0A48A4B33C1973B6094
Key Deleted : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\305B09CE8C53A214DB58887F62F25536

***** [Internet Browsers] *****

-\\ Internet Explorer v8.0.6001.18702

[OK] Registry is clean.

-\\ Mozilla Firefox v20.0.1 (en-US)

File : C:\Documents and Settings\chris ream\Application Data\Mozilla\Firefox\Profiles\isluoej7.default\prefs.js

[OK] File is clean.

File : C:\Documents and Settings\DHartman\Application Data\Mozilla\Firefox\Profiles\u3fxcwrd.default\prefs.js

[OK] File is clean.

-\\ Google Chrome v26.0.1410.64

File : C:\Documents and Settings\DHartman\Local Settings\Application Data\Google\Chrome\User Data\Default\Preferences

[OK] File is clean.

*************************

AdwCleaner[R1].txt - [1483 octets] - [10/05/2013 11:13:53]
AdwCleaner[S1].txt - [3009 octets] - [03/05/2013 16:18:33]
AdwCleaner[S2].txt - [1418 octets] - [10/05/2013 11:14:45]

########## EOF - C:\AdwCleaner[S2].txt - [1478 octets] ##########
 

RogueKiller V8.5.4 [Mar 18 2013] by Tigzy
mail : tigzyRK<at>gmail<dot>com
Feedback : http://www.geekstogo.com/forum/files/file/413-roguekiller/
Website : http://tigzy.geekstogo.com/roguekiller.php
Blog : http://tigzyrk.blogspot.com/

Operating System : Windows XP (5.1.2600 Service Pack 3) 32 bits version
Started in : Normal mode
User : DHartman [Admin rights]
Mode : Scan -- Date : 05/10/2013 11:07:45
| ARK || FAK || MBR |

¤¤¤ Bad processes : 0 ¤¤¤

¤¤¤ Registry Entries : 3 ¤¤¤
[HJ] HKLM\[...]\Security Center : AntiVirusDisableNotify (1) -> FOUND
[HJ] HKLM\[...]\Security Center : FirewallDisableNotify (1) -> FOUND
[HJ] HKLM\[...]\Security Center : UpdatesDisableNotify (1) -> FOUND

¤¤¤ Particular Files / Folders: ¤¤¤

¤¤¤ Driver : [LOADED] ¤¤¤
SSDT[122] : NtOpenProcess @ 0x805CB486 -> HOOKED (\??\C:\WINDOWS\system32\drivers\mbamchameleon.sys @ 0x8FB47C4C)
SSDT[128] : NtOpenThread @ 0x805CB712 -> HOOKED (\??\C:\WINDOWS\system32\drivers\mbamchameleon.sys @ 0x8FB47D3C)

¤¤¤ HOSTS File: ¤¤¤
--> C:\WINDOWS\system32\drivers\etc\hosts

127.0.0.1       localhost


¤¤¤ MBR Check: ¤¤¤

+++++ PhysicalDrive0: WDC WD1600BEVT-75ZCT2 +++++
--- User ---
[MBR] 7505160cdcd1122901c63d0ecb27d7de
[BSP] 33011a5e6af84273cc2c64e92fc9f6b2 : Windows Vista MBR Code
Partition table:
0 - [XXXXXX] DELL-UTIL (0xde) [VISIBLE] Offset (sectors): 63 | Size: 86 Mo
1 - [ACTIVE] NTFS (0x07) [VISIBLE] Offset (sectors): 176715 | Size: 152539 Mo
User = LL1 ... OK!
User = LL2 ... OK!

Finished : << RKreport[1]_S_05102013_02d1107.txt >>
RKreport[1]_S_05102013_02d1107.txt


 

RogueKiller V8.5.4 [Mar 18 2013] by Tigzy
mail : tigzyRK<at>gmail<dot>com
Feedback : http://www.geekstogo.com/forum/files/file/413-roguekiller/
Website : http://tigzy.geekstogo.com/roguekiller.php
Blog : http://tigzyrk.blogspot.com/

Operating System : Windows XP (5.1.2600 Service Pack 3) 32 bits version
Started in : Normal mode
User : DHartman [Admin rights]
Mode : Remove -- Date : 05/10/2013 11:08:35
| ARK || FAK || MBR |

¤¤¤ Bad processes : 0 ¤¤¤

¤¤¤ Registry Entries : 3 ¤¤¤
[HJ] HKLM\[...]\Security Center : AntiVirusDisableNotify (1) -> REPLACED (0)
[HJ] HKLM\[...]\Security Center : FirewallDisableNotify (1) -> REPLACED (0)
[HJ] HKLM\[...]\Security Center : UpdatesDisableNotify (1) -> REPLACED (0)

¤¤¤ Particular Files / Folders: ¤¤¤

¤¤¤ Driver : [LOADED] ¤¤¤
SSDT[122] : NtOpenProcess @ 0x805CB486 -> HOOKED (\??\C:\WINDOWS\system32\drivers\mbamchameleon.sys @ 0x8FB47C4C)
SSDT[128] : NtOpenThread @ 0x805CB712 -> HOOKED (\??\C:\WINDOWS\system32\drivers\mbamchameleon.sys @ 0x8FB47D3C)

¤¤¤ HOSTS File: ¤¤¤
--> C:\WINDOWS\system32\drivers\etc\hosts

127.0.0.1       localhost


¤¤¤ MBR Check: ¤¤¤

+++++ PhysicalDrive0: WDC WD1600BEVT-75ZCT2 +++++
--- User ---
[MBR] 7505160cdcd1122901c63d0ecb27d7de
[BSP] 33011a5e6af84273cc2c64e92fc9f6b2 : Windows Vista MBR Code
Partition table:
0 - [XXXXXX] DELL-UTIL (0xde) [VISIBLE] Offset (sectors): 63 | Size: 86 Mo
1 - [ACTIVE] NTFS (0x07) [VISIBLE] Offset (sectors): 176715 | Size: 152539 Mo
User = LL1 ... OK!
User = LL2 ... OK!

Finished : << RKreport[2]_D_05102013_02d1108.txt >>
RKreport[1]_S_05102013_02d1107.txt ; RKreport[2]_D_05102013_02d1108.txt


 

 Results of screen317's Security Check version 0.99.63  
 Windows XP Service Pack 3 x86   
 Internet Explorer 8  
``````````````Antivirus/Firewall Check:``````````````
 Windows Firewall Disabled!  
 WMI entry may not exist for antivirus; attempting automatic update.
`````````Anti-malware/Other Utilities Check:`````````
 SUPERAntiSpyware     
 Malwarebytes Anti-Malware version 1.75.0.1300  
 CCleaner     
 Java 7 Update 17  
 Java DB 10.6.2.1   
 Java version out of Date!
 Adobe Flash Player     11.7.700.169  
 Adobe Reader 10.1.6 Adobe Reader out of Date!  
 Mozilla Firefox (20.0.1)
````````Process Check: objlist.exe by Laurent````````  
 Malwarebytes' Anti-Malware mbamscheduler.exe   
`````````````````System Health check`````````````````
 Total Fragmentation on Drive C:: 7%
````````````````````End of Log``````````````````````
 



#6 nasdaq

nasdaq

  • Malware Response Team
  • 39,903 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:05:08 AM

Posted 10 May 2013 - 01:33 PM



Read carefully and follow these steps.
  • Download TDSSKiller and save it to your Desktop.
  • Double-click on TDSSKiller.exe to run the application.
    tdss1.png
  • Click Change parameters
    settings20121003115955.png
  • Check the boxes next to Verify Driver Digital Signature and Detect TDLFS file system, then click OK
    tdss3.png
  • Click on the Start Scan button to begin the scan and wait for it to finish.
    NOTE: Do not use the computer during the scan!
  • During the scan it will look similar to the image below:
    tdss4.jpg
  • When it finishes, you will either see a report that no threats were found like below:
    tdss5.jpg
    If no threats are found at this point, just click the Report selection on the top right of the form to generate a log. A log file report will pop which you can just close since the report file is already saved.
  • If any infection or suspected items are found, you will see a window similar to below:
    tdss7.jpg
    • If you have files that are shown to fail signature check do not take any action on these. Make sure you select Skip. I will tell you what to do with these later. They may not be issues at all.
    • If Suspicious objects are detected, the default action will be Skip. Leave the default set to Skip.
    • If Malicious objects are detected, they will show in the Scan results. TDSSKiller automatically selects an action (Cure or Delete) for malicious objects
    • Make sure that Cure is selected. Important! - If Cure is not available, please choose Skip instead. Do not choose Delete unless instructed to do so.
  • Click Continue to apply selected actions.
  • A reboot may be required to complete disinfection. A window like the below will appear:
    tdss6.jpg
    Reboot immediately if TDSSKiller states that one is needed.
  • Whether an infection is found or not, a log file should have already been created on your C: drive (or whatever drive you boot from) in the root folder named something like TDSSKiller.2.1.1_27.12.2009_14.17.04_log.txt which is based on the program version # and date and time run.
  • Paste the log to your next reply, DO NOT ATTACH IT.
===

Download http://public.avast.com/~gmerek/aswMBR.exe (aswMBR.exe) to your desktop. Double click the aswMBR.exe to run it.
  • Click the "Scan" button to start scan.
  • Upon completion of the scan, click Save log, and save it to your desktop. (Note - do not select any Fix at this time) <- IMPORTANT
  • Please paste the contents of that log in your next reply.
There shall also be a file on your desktop named MBR.dat. Right click that file and select Send To>Compressed (zipped) folder. Please attach that zipped file in your next reply.
===

#7 jadams0173

jadams0173
  • Topic Starter

  • Members
  • 15 posts
  • OFFLINE
  •  
  • Local time:05:08 AM

Posted 11 May 2013 - 12:32 PM

12:44:25.0140 2980  TDSS rootkit removing tool 2.8.16.0 Feb 11 2013 18:50:42
12:44:25.0687 2980  ============================================================
12:44:25.0687 2980  Current date / time: 2013/05/11 12:44:25.0687
12:44:25.0687 2980  SystemInfo:
12:44:25.0687 2980  
12:44:25.0687 2980  OS Version: 5.1.2600 ServicePack: 3.0
12:44:25.0687 2980  Product type: Workstation
12:44:25.0687 2980  ComputerName: SCIJace
12:44:25.0687 2980  UserName: DHartman
12:44:25.0687 2980  Windows directory: C:\WINDOWS
12:44:25.0687 2980  System windows directory: C:\WINDOWS
12:44:25.0687 2980  Processor architecture: Intel x86
12:44:25.0687 2980  Number of processors: 2
12:44:25.0687 2980  Page size: 0x1000
12:44:25.0687 2980  Boot type: Normal boot
12:44:25.0687 2980  ============================================================
12:44:26.0156 2980  Drive \Device\Harddisk0\DR0 - Size: 0x25433D6000 (149.05 Gb), SectorSize: 0x200, Cylinders: 0x4C01, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000050
12:44:26.0156 2980  ============================================================
12:44:26.0156 2980  \Device\Harddisk0\DR0:
12:44:26.0156 2980  MBR partitions:
12:44:26.0156 2980  \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x2B24B, BlocksNum 0x129ED876
12:44:26.0156 2980  ============================================================
12:44:26.0218 2980  C: <-> \Device\Harddisk0\DR0\Partition1
12:44:26.0218 2980  ============================================================
12:44:26.0218 2980  Initialize success
12:44:26.0218 2980  ============================================================
12:44:58.0234 2128  ============================================================
12:44:58.0234 2128  Scan started
12:44:58.0234 2128  Mode: Manual; SigCheck; TDLFS;
12:44:58.0234 2128  ============================================================
12:44:58.0625 2128  ================ Scan system memory ========================
12:45:00.0515 2128  System memory - ok
12:45:00.0515 2128  ================ Scan services =============================
12:45:00.0718 2128  Abiosdsk - ok
12:45:00.0765 2128  [ 6ABB91494FE6C59089B9336452AB2EA3 ] abp480n5        C:\WINDOWS\system32\DRIVERS\ABP480N5.SYS
12:45:02.0125 2128  abp480n5 - ok
12:45:02.0171 2128  [ 8FD99680A539792A30E97944FDAECF17 ] ACPI            C:\WINDOWS\system32\DRIVERS\ACPI.sys
12:45:02.0406 2128  ACPI - ok
12:45:02.0468 2128  [ 9859C0F6936E723E4892D7141B1327D5 ] ACPIEC          C:\WINDOWS\system32\DRIVERS\ACPIEC.sys
12:45:02.0562 2128  ACPIEC - ok
12:45:02.0609 2128  [ 45B952A3ED567264ACFF89E46F65331D ] ACRUSBTM        C:\WINDOWS\system32\drivers\ACRUSBTM.SYS
12:45:02.0640 2128  ACRUSBTM ( UnsignedFile.Multi.Generic ) - warning
12:45:02.0640 2128  ACRUSBTM - detected UnsignedFile.Multi.Generic (1)
12:45:02.0671 2128  [ D2C5C56DD26386EFA289EA0B92EADFD2 ] acsint          C:\WINDOWS\system32\DRIVERS\acsint.sys
12:45:02.0703 2128  acsint - ok
12:45:02.0734 2128  [ 45D6057452EAFE7AC27CAB55A0FED296 ] acsmux          C:\WINDOWS\system32\DRIVERS\acsmux.sys
12:45:02.0750 2128  acsmux - ok
12:45:02.0828 2128  [ 479901C99FA62D1C3261B7ACB1228DAD ] AdobeFlashPlayerUpdateSvc C:\WINDOWS\system32\Macromed\Flash\FlashPlayerUpdateService.exe
12:45:02.0843 2128  AdobeFlashPlayerUpdateSvc - ok
12:45:02.0906 2128  [ 9A11864873DA202C996558B2106B0BBC ] adpu160m        C:\WINDOWS\system32\DRIVERS\adpu160m.sys
12:45:03.0062 2128  adpu160m - ok
12:45:03.0109 2128  [ 8BED39E3C35D6A489438B8141717A557 ] aec             C:\WINDOWS\system32\drivers\aec.sys
12:45:03.0203 2128  aec - ok
12:45:03.0218 2128  [ F21D5E93A94514BE9F5B6EBF74A696B2 ] AESTAud         C:\WINDOWS\system32\drivers\AESTAud.sys
12:45:03.0265 2128  AESTAud - ok
12:45:03.0312 2128  [ 1E44BC1E83D8FD2305F8D452DB109CF9 ] AFD             C:\WINDOWS\System32\drivers\afd.sys
12:45:03.0406 2128  AFD - ok
12:45:03.0421 2128  AFGMp50 - ok
12:45:03.0421 2128  AFGSp50 - ok
12:45:03.0437 2128  [ 08FD04AA961BDC77FB983F328334E3D7 ] agp440          C:\WINDOWS\system32\DRIVERS\agp440.sys
12:45:03.0546 2128  agp440 - ok
12:45:03.0578 2128  [ 03A7E0922ACFE1B07D5DB2EEB0773063 ] agpCPQ          C:\WINDOWS\system32\DRIVERS\agpCPQ.sys
12:45:03.0656 2128  agpCPQ - ok
12:45:03.0687 2128  [ C23EA9B5F46C7F7910DB3EAB648FF013 ] Aha154x         C:\WINDOWS\system32\DRIVERS\aha154x.sys
12:45:03.0718 2128  Aha154x - ok
12:45:03.0750 2128  [ 19DD0FB48B0C18892F70E2E7D61A1529 ] aic78u2         C:\WINDOWS\system32\DRIVERS\aic78u2.sys
12:45:03.0906 2128  aic78u2 - ok
12:45:03.0921 2128  [ B7FE594A7468AA0132DEB03FB8E34326 ] aic78xx         C:\WINDOWS\system32\DRIVERS\aic78xx.sys
12:45:04.0062 2128  aic78xx - ok
12:45:04.0093 2128  [ A9A3DAA780CA6C9671A19D52456705B4 ] Alerter         C:\WINDOWS\system32\alrsvc.dll
12:45:04.0171 2128  Alerter - ok
12:45:04.0218 2128  [ 8C515081584A38AA007909CD02020B3D ] ALG             C:\WINDOWS\System32\alg.exe
12:45:04.0265 2128  ALG - ok
12:45:04.0296 2128  [ 1140AB9938809700B46BB88E46D72A96 ] AliIde          C:\WINDOWS\system32\DRIVERS\aliide.sys
12:45:04.0375 2128  AliIde - ok
12:45:04.0406 2128  [ CB08AED0DE2DD889A8A820CD8082D83C ] alim1541        C:\WINDOWS\system32\DRIVERS\alim1541.sys
12:45:04.0484 2128  alim1541 - ok
12:45:04.0500 2128  [ 95B4FB835E28AA1336CEEB07FD5B9398 ] amdagp          C:\WINDOWS\system32\DRIVERS\amdagp.sys
12:45:04.0578 2128  amdagp - ok
12:45:04.0625 2128  [ 79F5ADD8D24BD6893F2903A3E2F3FAD6 ] amsint          C:\WINDOWS\system32\DRIVERS\amsint.sys
12:45:04.0687 2128  amsint - ok
12:45:04.0703 2128  [ B83F9DA84F7079451C1C6A4A2F140920 ] ApfiltrService  C:\WINDOWS\system32\DRIVERS\Apfiltr.sys
12:45:04.0718 2128  ApfiltrService - ok
12:45:04.0890 2128  [ 2E3E53A6AEF23E24F402C7855B9B1542 ] Apple Mobile Device C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
12:45:04.0906 2128  Apple Mobile Device - ok
12:45:04.0953 2128  [ D8849F77C0B66226335A59D26CB4EDC6 ] AppMgmt         C:\WINDOWS\System32\appmgmts.dll
12:45:05.0031 2128  AppMgmt - ok
12:45:05.0062 2128  [ B5B8A80875C1DEDEDA8B02765642C32F ] Arp1394         C:\WINDOWS\system32\DRIVERS\arp1394.sys
12:45:05.0171 2128  Arp1394 - ok
12:45:05.0218 2128  [ 62D318E9A0C8FC9B780008E724283707 ] asc             C:\WINDOWS\system32\DRIVERS\asc.sys
12:45:05.0359 2128  asc - ok
12:45:05.0390 2128  [ 69EB0CC7714B32896CCBFD5EDCBEA447 ] asc3350p        C:\WINDOWS\system32\DRIVERS\asc3350p.sys
12:45:05.0437 2128  asc3350p - ok
12:45:05.0453 2128  [ 5D8DE112AA0254B907861E9E9C31D597 ] asc3550         C:\WINDOWS\system32\DRIVERS\asc3550.sys
12:45:05.0546 2128  asc3550 - ok
12:45:05.0656 2128  [ 0E5E4957549056E2BF2C49F4F6B601AD ] aspnet_state    C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe
12:45:05.0703 2128  aspnet_state - ok
12:45:05.0750 2128  [ B153AFFAC761E7F5FCFA822B9C4E97BC ] AsyncMac        C:\WINDOWS\system32\DRIVERS\asyncmac.sys
12:45:05.0843 2128  AsyncMac - ok
12:45:05.0890 2128  [ 9F3A2F5AA6875C72BF062C712CFA2674 ] atapi           C:\WINDOWS\system32\DRIVERS\atapi.sys
12:45:05.0984 2128  atapi - ok
12:45:05.0984 2128  Atdisk - ok
12:45:06.0015 2128  [ 9916C1225104BA14794209CFA8012159 ] Atmarpc         C:\WINDOWS\system32\DRIVERS\atmarpc.sys
12:45:06.0109 2128  Atmarpc - ok
12:45:06.0234 2128  [ F6E8CCF14B84507497D3108518DBB4CC ] ATService       C:\Program Files\Fingerprint Sensor\AtService.exe
12:45:06.0359 2128  ATService - ok
12:45:06.0406 2128  [ DEF7A7882BEC100FE0B2CE2549188F9D ] AudioSrv        C:\WINDOWS\System32\audiosrv.dll
12:45:06.0500 2128  AudioSrv - ok
12:45:06.0515 2128  [ D9F724AA26C010A217C97606B160ED68 ] audstub         C:\WINDOWS\system32\DRIVERS\audstub.sys
12:45:06.0625 2128  audstub - ok
12:45:06.0687 2128  [ EA377A8E8E1000877210259750CBBF5F ] b57w2k          C:\WINDOWS\system32\DRIVERS\b57xp32.sys
12:45:06.0750 2128  b57w2k - ok
12:45:06.0843 2128  [ FE4ED785396EAA554C561992106A35FA ] BCM43XX         C:\WINDOWS\system32\DRIVERS\bcmwl5.sys
12:45:07.0031 2128  BCM43XX - ok
12:45:07.0078 2128  [ DA1F27D85E0D1525F6621372E7B685E9 ] Beep            C:\WINDOWS\system32\drivers\Beep.sys
12:45:07.0218 2128  Beep - ok
12:45:07.0328 2128  [ 574738F61FCA2935F5265DC4E5691314 ] BITS            C:\WINDOWS\system32\qmgr.dll
12:45:07.0609 2128  BITS - ok
12:45:07.0703 2128  [ CFD4E51402DA9838B5A04AE680AF54A0 ] Browser         C:\WINDOWS\System32\browser.dll
12:45:07.0828 2128  Browser - ok
12:45:07.0890 2128  [ 37A82E22AF9FC86C428A5F3C3851DCC1 ] btaudio         C:\WINDOWS\system32\drivers\btaudio.sys
12:45:07.0906 2128  btaudio - ok
12:45:07.0984 2128  [ 2F9F111D31AA3FBBE5781D829A4524E6 ] BTDriver        C:\WINDOWS\system32\DRIVERS\btport.sys
12:45:08.0000 2128  BTDriver - ok
12:45:08.0062 2128  [ 9F704F40CD50AE05BBFC492C0342E765 ] BTKRNL          C:\WINDOWS\system32\DRIVERS\btkrnl.sys
12:45:08.0125 2128  BTKRNL - ok
12:45:08.0265 2128  [ 5624E3C73FD98A7F31FAABE60086CD75 ] btwdins         C:\Program Files\WIDCOMM\Bluetooth Software\bin\btwdins.exe
12:45:08.0312 2128  btwdins - ok
12:45:08.0359 2128  [ 485020A1E1FC5C51A800CA69C618D881 ] BTWDNDIS        C:\WINDOWS\system32\DRIVERS\btwdndis.sys
12:45:08.0375 2128  BTWDNDIS - ok
12:45:08.0437 2128  [ 5922BAE0CD84924B9CD7E6BB515EE070 ] btwmodem        C:\WINDOWS\system32\DRIVERS\btwmodem.sys
12:45:08.0453 2128  btwmodem - ok
12:45:08.0531 2128  [ 1166CB501E1C34750A91600579EFEAB3 ] BTWUSB          C:\WINDOWS\system32\Drivers\btwusb.sys
12:45:08.0546 2128  BTWUSB - ok
12:45:08.0796 2128  catchme - ok
12:45:08.0875 2128  [ 90A673FC8E12A79AFBED2576F6A7AAF9 ] cbidf           C:\WINDOWS\system32\DRIVERS\cbidf2k.sys
12:45:08.0968 2128  cbidf - ok
12:45:08.0968 2128  [ 90A673FC8E12A79AFBED2576F6A7AAF9 ] cbidf2k         C:\WINDOWS\system32\drivers\cbidf2k.sys
12:45:09.0062 2128  cbidf2k - ok
12:45:09.0078 2128  [ 0BE5AEF125BE881C4F854C554F2B025C ] CCDECODE        C:\WINDOWS\system32\DRIVERS\CCDECODE.sys
12:45:09.0187 2128  CCDECODE - ok
12:45:09.0250 2128  [ 1B6F29D25C94282D20700961DD01EA65 ] CCNCommMgr      C:\Program Files\Common Files\Carrier Shared\CCN Communication\CCNCommMgr.exe
12:45:09.0265 2128  CCNCommMgr ( UnsignedFile.Multi.Generic ) - warning
12:45:09.0265 2128  CCNCommMgr - detected UnsignedFile.Multi.Generic (1)
12:45:09.0312 2128  [ F3EC03299634490E97BBCE94CD2954C7 ] cd20xrnt        C:\WINDOWS\system32\DRIVERS\cd20xrnt.sys
12:45:09.0375 2128  cd20xrnt - ok
12:45:09.0421 2128  [ C1B486A7658353D33A10CC15211A873B ] Cdaudio         C:\WINDOWS\system32\drivers\Cdaudio.sys
12:45:09.0531 2128  Cdaudio - ok
12:45:09.0546 2128  [ C885B02847F5D2FD45A24E219ED93B32 ] Cdfs            C:\WINDOWS\system32\drivers\Cdfs.sys
12:45:09.0640 2128  Cdfs - ok
12:45:09.0656 2128  [ 1F4260CC5B42272D71F79E570A27A4FE ] Cdrom           C:\WINDOWS\system32\DRIVERS\cdrom.sys
12:45:09.0734 2128  Cdrom - ok
12:45:09.0750 2128  Changer - ok
12:45:09.0812 2128  [ 1CFE720EB8D93A7158A4EBC3AB178BDE ] CiSvc           C:\WINDOWS\system32\cisvc.exe
12:45:09.0890 2128  CiSvc - ok
12:45:09.0921 2128  [ 34CBE729F38138217F9C80212A2A0C82 ] ClipSrv         C:\WINDOWS\system32\clipsrv.exe
12:45:10.0031 2128  ClipSrv - ok
12:45:10.0093 2128  [ D87ACAED61E417BBA546CED5E7E36D9C ] clr_optimization_v2.0.50727_32 C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
12:45:10.0203 2128  clr_optimization_v2.0.50727_32 - ok
12:45:10.0312 2128  [ C5A75EB48E2344ABDC162BDA79E16841 ] clr_optimization_v4.0.30319_32 C:\WINDOWS\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
12:45:10.0312 2128  clr_optimization_v4.0.30319_32 - ok
12:45:10.0359 2128  [ 0F6C187D38D98F8DF904589A5F94D411 ] CmBatt          C:\WINDOWS\system32\DRIVERS\CmBatt.sys
12:45:10.0453 2128  CmBatt - ok
12:45:10.0484 2128  [ E5DCB56C533014ECBC556A8357C929D5 ] CmdIde          C:\WINDOWS\system32\DRIVERS\cmdide.sys
12:45:10.0562 2128  CmdIde - ok
12:45:10.0593 2128  [ 6E4C9F21F0FAE8940661144F41B13203 ] Compbatt        C:\WINDOWS\system32\DRIVERS\compbatt.sys
12:45:10.0750 2128  Compbatt - ok
12:45:10.0750 2128  COMSysApp - ok
12:45:10.0843 2128  [ 3EE529119EED34CD212A215E8C40D4B6 ] Cpqarray        C:\WINDOWS\system32\DRIVERS\cpqarray.sys
12:45:10.0953 2128  Cpqarray - ok
12:45:10.0953 2128  Crypkey License - ok
12:45:11.0000 2128  [ 3D4E199942E29207970E04315D02AD3B ] CryptSvc        C:\WINDOWS\System32\cryptsvc.dll
12:45:11.0093 2128  CryptSvc - ok
12:45:11.0109 2128  [ E550E7418984B65A78299D248F0A7F36 ] dac2w2k         C:\WINDOWS\system32\DRIVERS\dac2w2k.sys
12:45:11.0203 2128  dac2w2k - ok
12:45:11.0234 2128  [ 683789CAA3864EB46125AE86FF677D34 ] dac960nt        C:\WINDOWS\system32\DRIVERS\dac960nt.sys
12:45:11.0312 2128  dac960nt - ok
12:45:11.0375 2128  [ 6B27A5C03DFB94B4245739065431322C ] DcomLaunch      C:\WINDOWS\system32\rpcss.dll
12:45:11.0453 2128  DcomLaunch - ok
12:45:11.0453 2128  DFUBTUSB - ok
12:45:11.0531 2128  [ 5E38D7684A49CACFB752B046357E0589 ] Dhcp            C:\WINDOWS\System32\dhcpcsvc.dll
12:45:11.0609 2128  Dhcp - ok
12:45:11.0640 2128  [ 044452051F3E02E7963599FC8F4F3E25 ] Disk            C:\WINDOWS\system32\DRIVERS\disk.sys
12:45:11.0734 2128  Disk - ok
12:45:11.0765 2128  [ A0500678A33802D8954153839301D539 ] DLABMFSM        C:\WINDOWS\system32\Drivers\DLABMFSM.SYS
12:45:11.0781 2128  DLABMFSM - ok
12:45:11.0781 2128  [ B8D2F68CAC54D46281399F9092644794 ] DLABOIOM        C:\WINDOWS\system32\Drivers\DLABOIOM.SYS
12:45:11.0796 2128  DLABOIOM - ok
12:45:11.0796 2128  [ 0EE93AB799D1CB4EC90B36F3612FE907 ] DLACDBHM        C:\WINDOWS\system32\Drivers\DLACDBHM.SYS
12:45:11.0812 2128  DLACDBHM - ok
12:45:11.0812 2128  [ 87413B94AE1FABC117C4E8AE6725134E ] DLADResM        C:\WINDOWS\system32\Drivers\DLADResM.SYS
12:45:11.0828 2128  DLADResM - ok
12:45:11.0828 2128  [ 766A148235BE1C0039C974446E4C0EDC ] DLAIFS_M        C:\WINDOWS\system32\Drivers\DLAIFS_M.SYS
12:45:11.0843 2128  DLAIFS_M - ok
12:45:11.0843 2128  [ 38267CCA177354F1C64450A43A4F7627 ] DLAOPIOM        C:\WINDOWS\system32\Drivers\DLAOPIOM.SYS
12:45:11.0859 2128  DLAOPIOM - ok
12:45:11.0875 2128  [ FD363369FD313B46B5AEAB1A688B52E9 ] DLAPoolM        C:\WINDOWS\system32\Drivers\DLAPoolM.SYS
12:45:11.0875 2128  DLAPoolM - ok
12:45:11.0890 2128  [ 336AE18F0912EF4FBE5518849E004D74 ] DLARTL_M        C:\WINDOWS\system32\Drivers\DLARTL_M.SYS
12:45:11.0906 2128  DLARTL_M - ok
12:45:11.0906 2128  [ FD85F682C1CC2A7CA878C7A448E6D87E ] DLAUDFAM        C:\WINDOWS\system32\Drivers\DLAUDFAM.SYS
12:45:11.0921 2128  DLAUDFAM - ok
12:45:11.0953 2128  [ AF389CE587B6BF5BBDCD6F6ABE5EABC0 ] DLAUDF_M        C:\WINDOWS\system32\Drivers\DLAUDF_M.SYS
12:45:11.0968 2128  DLAUDF_M - ok
12:45:11.0968 2128  dmadmin - ok
12:45:12.0015 2128  [ D992FE1274BDE0F84AD826ACAE022A41 ] dmboot          C:\WINDOWS\system32\drivers\dmboot.sys
12:45:12.0187 2128  dmboot - ok
12:45:12.0187 2128  [ 7C824CF7BBDE77D95C08005717A95F6F ] dmio            C:\WINDOWS\system32\drivers\dmio.sys
12:45:12.0312 2128  dmio - ok
12:45:12.0359 2128  [ E9317282A63CA4D188C0DF5E09C6AC5F ] dmload          C:\WINDOWS\system32\drivers\dmload.sys
12:45:12.0484 2128  dmload - ok
12:45:12.0531 2128  [ 57EDEC2E5F59F0335E92F35184BC8631 ] dmserver        C:\WINDOWS\System32\dmserver.dll
12:45:12.0671 2128  dmserver - ok
12:45:12.0718 2128  [ 8A208DFCF89792A484E76C40E5F50B45 ] DMusic          C:\WINDOWS\system32\drivers\DMusic.sys
12:45:12.0843 2128  DMusic - ok
12:45:12.0890 2128  [ 5F7E24FA9EAB896051FFB87F840730D2 ] Dnscache        C:\WINDOWS\System32\dnsrslvr.dll
12:45:12.0953 2128  Dnscache - ok
12:45:12.0984 2128  [ 0F0F6E687E5E15579EF4DA8DD6945814 ] Dot3svc         C:\WINDOWS\System32\dot3svc.dll
12:45:13.0125 2128  Dot3svc - ok
12:45:13.0140 2128  [ 40F3B93B4E5B0126F2F5C0A7A5E22660 ] dpti2o          C:\WINDOWS\system32\DRIVERS\dpti2o.sys
12:45:13.0265 2128  dpti2o - ok
12:45:13.0312 2128  [ 8F5FCFF8E8848AFAC920905FBD9D33C8 ] drmkaud         C:\WINDOWS\system32\drivers\drmkaud.sys
12:45:13.0453 2128  drmkaud - ok
12:45:13.0515 2128  [ 5D3B71BB2BB0009D65D290E2EF374BD3 ] DRVMCDB         C:\WINDOWS\system32\Drivers\DRVMCDB.SYS
12:45:13.0531 2128  DRVMCDB - ok
12:45:13.0546 2128  [ C591BA9F96F40A1FD6494DAFDCD17185 ] DRVNDDM         C:\WINDOWS\system32\Drivers\DRVNDDM.SYS
12:45:13.0546 2128  DRVNDDM - ok
12:45:13.0609 2128  [ E6B6DD5A355C432045219FAD8512FB70 ] dsNcAdpt        C:\WINDOWS\system32\DRIVERS\dsNcAdpt.sys
12:45:13.0671 2128  dsNcAdpt - ok
12:45:13.0812 2128  [ AA4DB4D79B2FCF4A4E8F97CE1F649310 ] dsNcService     C:\Program Files\Juniper Networks\Common Files\dsNcService.exe
12:45:13.0906 2128  dsNcService - ok
12:45:13.0953 2128  [ 2187855A7703ADEF0CEF9EE4285182CC ] EapHost         C:\WINDOWS\System32\eapsvc.dll
12:45:14.0140 2128  EapHost - ok
12:45:14.0234 2128  [ D71233D7CCC2E64F8715A20428D5A33B ] ElbyCDIO        C:\WINDOWS\system32\Drivers\ElbyCDIO.sys
12:45:14.0250 2128  ElbyCDIO - ok
12:45:14.0265 2128  [ BC93B4A066477954555966D77FEC9ECB ] ERSvc           C:\WINDOWS\System32\ersvc.dll
12:45:14.0359 2128  ERSvc - ok
12:45:14.0406 2128  [ 65DF52F5B8B6E9BBD183505225C37315 ] Eventlog        C:\WINDOWS\system32\services.exe
12:45:14.0437 2128  Eventlog - ok
12:45:14.0500 2128  [ D4991D98F2DB73C60D042F1AEF79EFAE ] EventSystem     C:\WINDOWS\system32\es.dll
12:45:14.0562 2128  EventSystem - ok
12:45:14.0609 2128  [ 38D332A6D56AF32635675F132548343E ] Fastfat         C:\WINDOWS\system32\drivers\Fastfat.sys
12:45:14.0687 2128  Fastfat - ok
12:45:14.0734 2128  [ 99BC0B50F511924348BE19C7C7313BBF ] FastUserSwitchingCompatibility C:\WINDOWS\System32\shsvcs.dll
12:45:14.0812 2128  FastUserSwitchingCompatibility - ok
12:45:14.0859 2128  [ E97D6A8684466DF94FF3BC24FB787A07 ] Fax             C:\WINDOWS\system32\fxssvc.exe
12:45:15.0046 2128  Fax - ok
12:45:15.0078 2128  [ 92CDD60B6730B9F50F6A1A0C1F8CDC81 ] Fdc             C:\WINDOWS\system32\drivers\Fdc.sys
12:45:15.0171 2128  Fdc - ok
12:45:15.0171 2128  FilterService - ok
12:45:15.0187 2128  [ D45926117EB9FA946A6AF572FBE1CAA3 ] Fips            C:\WINDOWS\system32\drivers\Fips.sys
12:45:15.0281 2128  Fips - ok
12:45:15.0281 2128  [ 9D27E7B80BFCDF1CDD9B555862D5E7F0 ] Flpydisk        C:\WINDOWS\system32\drivers\Flpydisk.sys
12:45:15.0375 2128  Flpydisk - ok
12:45:15.0390 2128  [ B2CF4B0786F8212CB92ED2B50C6DB6B0 ] FltMgr          C:\WINDOWS\system32\DRIVERS\fltMgr.sys
12:45:15.0484 2128  FltMgr - ok
12:45:15.0593 2128  [ 8BA7C024070F2B7FDD98ED8A4BA41789 ] FontCache3.0.0.0 c:\WINDOWS\Microsoft.NET\Framework\v3.0\WPF\PresentationFontCache.exe
12:45:15.0609 2128  FontCache3.0.0.0 - ok
12:45:15.0625 2128  [ 3E1E2BD4F39B0E2B7DC4F4D2BCC2779A ] Fs_Rec          C:\WINDOWS\system32\drivers\Fs_Rec.sys
12:45:15.0718 2128  Fs_Rec - ok
12:45:15.0765 2128  [ F13C4D9F62324D810B279C370A7A7FFC ] FTD2XX          C:\WINDOWS\system32\Drivers\FTD2XX.sys
12:45:15.0828 2128  FTD2XX - ok
12:45:15.0859 2128  [ B283F1BC1FF852BD232449A4B3E3CE63 ] FTDIBUS         C:\WINDOWS\system32\drivers\ftdibus.sys
12:45:15.0859 2128  FTDIBUS ( UnsignedFile.Multi.Generic ) - warning
12:45:15.0859 2128  FTDIBUS - detected UnsignedFile.Multi.Generic (1)
12:45:15.0875 2128  [ 6AC26732762483366C3969C9E4D2259D ] Ftdisk          C:\WINDOWS\system32\DRIVERS\ftdisk.sys
12:45:15.0968 2128  Ftdisk - ok
12:45:16.0031 2128  [ 678A73F56DDF84A08C31123C386E9967 ] FTSER2K         C:\WINDOWS\system32\drivers\ftser2k.sys
12:45:16.0062 2128  FTSER2K ( UnsignedFile.Multi.Generic ) - warning
12:45:16.0062 2128  FTSER2K - detected UnsignedFile.Multi.Generic (1)
12:45:16.0109 2128  [ 8182FF89C65E4D38B2DE4BB0FB18564E ] GEARAspiWDM     C:\WINDOWS\system32\DRIVERS\GEARAspiWDM.sys
12:45:16.0125 2128  GEARAspiWDM - ok
12:45:16.0125 2128  [ 0A02C63C8B144BD8C86B103DEE7C86A2 ] Gpc             C:\WINDOWS\system32\DRIVERS\msgpc.sys
12:45:16.0234 2128  Gpc - ok
12:45:16.0343 2128  [ 506708142BC63DABA64F2D3AD1DCD5BF ] gupdate         C:\Program Files\Google\Update\GoogleUpdate.exe
12:45:16.0375 2128  gupdate - ok
12:45:16.0375 2128  [ 506708142BC63DABA64F2D3AD1DCD5BF ] gupdatem        C:\Program Files\Google\Update\GoogleUpdate.exe
12:45:16.0390 2128  gupdatem - ok
12:45:16.0406 2128  [ 573C7D0A32852B48F3058CFD8026F511 ] HDAudBus        C:\WINDOWS\system32\DRIVERS\HDAudBus.sys
12:45:16.0546 2128  HDAudBus - ok
12:45:16.0656 2128  [ 4FCCA060DFE0C51A09DD5C3843888BCD ] helpsvc         C:\WINDOWS\PCHealth\HelpCtr\Binaries\pchsvc.dll
12:45:16.0812 2128  helpsvc - ok
12:45:16.0890 2128  [ DEB04DA35CC871B6D309B77E1443C796 ] HidServ         C:\WINDOWS\System32\hidserv.dll
12:45:17.0046 2128  HidServ - ok
12:45:17.0046 2128  [ CCF82C5EC8A7326C3066DE870C06DAF1 ] hidusb          C:\WINDOWS\system32\DRIVERS\hidusb.sys
12:45:17.0156 2128  hidusb - ok
12:45:17.0203 2128  [ 8878BD685E490239777BFE51320B88E9 ] hkmsvc          C:\WINDOWS\System32\kmsvc.dll
12:45:17.0296 2128  hkmsvc - ok
12:45:17.0343 2128  [ B028377DEA0546A5FCFBA928A8AEFAE0 ] hpn             C:\WINDOWS\system32\DRIVERS\hpn.sys
12:45:17.0437 2128  hpn - ok
12:45:17.0609 2128  [ 97AAC45A375168C6A2297BEEB9692E31 ] hpqcxs08        C:\Program Files\HP\Digital Imaging\bin\hpqcxs08.dll
12:45:17.0656 2128  hpqcxs08 - ok
12:45:17.0671 2128  [ 19A4FB67B1C97EA18EDFF44340973CD9 ] hpqddsvc        C:\Program Files\HP\Digital Imaging\bin\hpqddsvc.dll
12:45:17.0687 2128  hpqddsvc - ok
12:45:17.0750 2128  [ 56FC98F1014EA8DC51B92839C32759EC ] HPSLPSVC        C:\Program Files\HP\Digital Imaging\bin\HPSLPSVC32.DLL
12:45:17.0781 2128  HPSLPSVC - ok
12:45:17.0843 2128  [ D03D10F7DED688FECF50F8FBF1EA9B8A ] HPZid412        C:\WINDOWS\system32\DRIVERS\HPZid412.sys
12:45:18.0062 2128  HPZid412 - ok
12:45:18.0125 2128  [ 89F41658929393487B6B7D13C8528CE3 ] HPZipr12        C:\WINDOWS\system32\DRIVERS\HPZipr12.sys
12:45:18.0156 2128  HPZipr12 - ok
12:45:18.0187 2128  [ ABCB05CCDBF03000354B9553820E39F8 ] HPZius12        C:\WINDOWS\system32\DRIVERS\HPZius12.sys
12:45:18.0281 2128  HPZius12 - ok
12:45:18.0343 2128  [ F80A415EF82CD06FFAF0D971528EAD38 ] HTTP            C:\WINDOWS\system32\Drivers\HTTP.sys
12:45:18.0406 2128  HTTP - ok
12:45:18.0453 2128  [ 6100A808600F44D999CEBDEF8841C7A3 ] HTTPFilter      C:\WINDOWS\System32\w3ssl.dll
12:45:18.0640 2128  HTTPFilter - ok
12:45:18.0671 2128  [ 9368670BD426EBEA5E8B18A62416EC28 ] i2omgmt         C:\WINDOWS\system32\drivers\i2omgmt.sys
12:45:18.0765 2128  i2omgmt - ok
12:45:18.0828 2128  [ F10863BF1CCC290BABD1A09188AE49E0 ] i2omp           C:\WINDOWS\system32\DRIVERS\i2omp.sys
12:45:18.0906 2128  i2omp - ok
12:45:18.0984 2128  [ 4A0B06AA8943C1E332520F7440C0AA30 ] i8042prt        C:\WINDOWS\system32\DRIVERS\i8042prt.sys
12:45:19.0078 2128  i8042prt - ok
12:45:19.0203 2128  [ 52E8A3CC8269ADB27D25182284C5E650 ] IAANTMON        C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTMon.exe
12:45:19.0218 2128  IAANTMON - ok
12:45:19.0468 2128  [ 3B743262B6456167888D15F1121B3BF7 ] ialm            C:\WINDOWS\system32\DRIVERS\igxpmp32.sys
12:45:19.0921 2128  ialm - ok
12:45:20.0000 2128  [ 71ECC07BC7C5E24C3DD01D8A29A24054 ] iaStor          C:\WINDOWS\system32\drivers\iaStor.sys
12:45:20.0031 2128  iaStor - ok
12:45:20.0140 2128  [ C01AC32DC5C03076CFB852CB5DA5229C ] idsvc           C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe
12:45:20.0234 2128  idsvc - ok
12:45:20.0281 2128  [ 083A052659F5310DD8B6A6CB05EDCF8E ] Imapi           C:\WINDOWS\system32\DRIVERS\imapi.sys
12:45:20.0468 2128  Imapi - ok
12:45:20.0578 2128  [ 1ACAD13923E467E473C3EC503223F983 ] Imapi Helper    C:\Program Files\Alex Feinman\ISO Recorder\ImapiHelper.exe
12:45:20.0593 2128  Imapi Helper ( UnsignedFile.Multi.Generic ) - warning
12:45:20.0593 2128  Imapi Helper - detected UnsignedFile.Multi.Generic (1)
12:45:20.0656 2128  [ 30DEAF54A9755BB8546168CFE8A6B5E1 ] ImapiService    C:\WINDOWS\system32\imapi.exe
12:45:20.0750 2128  ImapiService - ok
12:45:20.0781 2128  [ 4A40E045FAEE58631FD8D91AFC620719 ] ini910u         C:\WINDOWS\system32\DRIVERS\ini910u.sys
12:45:20.0875 2128  ini910u - ok
12:45:20.0937 2128  [ F32A62C765885BD8E4352A1565F702A6 ] IntcHdmiAddService C:\WINDOWS\system32\drivers\IntcHdmi.sys
12:45:20.0984 2128  IntcHdmiAddService - ok
12:45:21.0000 2128  [ B5466A9250342A7AA0CD1FBA13420678 ] IntelIde        C:\WINDOWS\system32\DRIVERS\intelide.sys
12:45:21.0156 2128  IntelIde - ok
12:45:21.0218 2128  [ 8C953733D8F36EB2133F5BB58808B66B ] intelppm        C:\WINDOWS\system32\DRIVERS\intelppm.sys
12:45:21.0343 2128  intelppm - ok
12:45:21.0390 2128  [ 3BB22519A194418D5FEC05D800A19AD0 ] Ip6Fw           C:\WINDOWS\system32\DRIVERS\Ip6Fw.sys
12:45:21.0484 2128  Ip6Fw - ok
12:45:21.0515 2128  [ 731F22BA402EE4B62748ADAF6363C182 ] IpFilterDriver  C:\WINDOWS\system32\DRIVERS\ipfltdrv.sys
12:45:21.0593 2128  IpFilterDriver - ok
12:45:21.0609 2128  [ B87AB476DCF76E72010632B5550955F5 ] IpInIp          C:\WINDOWS\system32\DRIVERS\ipinip.sys
12:45:21.0687 2128  IpInIp - ok
12:45:21.0703 2128  [ CC748EA12C6EFFDE940EE98098BF96BB ] IpNat           C:\WINDOWS\system32\DRIVERS\ipnat.sys
12:45:21.0796 2128  IpNat - ok
12:45:21.0859 2128  [ 630D74599070824AF3DC63A894ADCDFC ] iPod Service    C:\Program Files\iPod\bin\iPodService.exe
12:45:21.0875 2128  iPod Service - ok
12:45:21.0937 2128  [ 23C74D75E36E7158768DD63D92789A91 ] IPSec           C:\WINDOWS\system32\DRIVERS\ipsec.sys
12:45:22.0031 2128  IPSec - ok
12:45:22.0062 2128  [ C93C9FF7B04D772627A3646D89F7BF89 ] IRENUM          C:\WINDOWS\system32\DRIVERS\irenum.sys
12:45:22.0093 2128  IRENUM - ok
12:45:22.0140 2128  [ 05A299EC56E52649B1CF2FC52D20F2D7 ] isapnp          C:\WINDOWS\system32\DRIVERS\isapnp.sys
12:45:22.0234 2128  isapnp - ok
12:45:22.0406 2128  [ 999DB5F88C8E145CCA9D471E33227143 ] JavaQuickStarterService C:\Program Files\Java\jre7\bin\jqs.exe
12:45:22.0421 2128  JavaQuickStarterService - ok
12:45:22.0484 2128  [ 463C1EC80CD17420A542B7F36A36F128 ] Kbdclass        C:\WINDOWS\system32\DRIVERS\kbdclass.sys
12:45:22.0593 2128  Kbdclass - ok
12:45:22.0609 2128  [ 9EF487A186DEA361AA06913A75B3FA99 ] kbdhid          C:\WINDOWS\system32\DRIVERS\kbdhid.sys
12:45:22.0718 2128  kbdhid - ok
12:45:22.0734 2128  [ 692BCF44383D056AED41B045A323D378 ] kmixer          C:\WINDOWS\system32\drivers\kmixer.sys
12:45:22.0859 2128  kmixer - ok
12:45:22.0890 2128  [ B467646C54CC746128904E1654C750C1 ] KSecDD          C:\WINDOWS\system32\drivers\KSecDD.sys
12:45:23.0000 2128  KSecDD - ok
12:45:23.0046 2128  [ 3A7C3CBE5D96B8AE96CE81F0B22FB527 ] LanmanServer    C:\WINDOWS\System32\srvsvc.dll
12:45:23.0093 2128  LanmanServer - ok
12:45:23.0156 2128  [ A8888A5327621856C0CEC4E385F69309 ] lanmanworkstation C:\WINDOWS\System32\wkssvc.dll
12:45:23.0203 2128  lanmanworkstation - ok
12:45:23.0203 2128  lbrtfdc - ok
12:45:23.0359 2128  [ 593CC8F2B98BB3EA2592283BB456D43A ] LdvxBroker      C:\Program Files\LonWorks\bin\LdvxBroker.exe
12:45:23.0375 2128  LdvxBroker - ok
12:45:23.0437 2128  [ A7DB739AE99A796D91580147E919CC59 ] LmHosts         C:\WINDOWS\System32\lmhsvc.dll
12:45:23.0625 2128  LmHosts - ok
12:45:23.0703 2128  [ 777D39C84F8137A58E3097EF71DAF0B2 ] LnsMtsSvc       C:\Program Files\LonWorks\bin\LnsMtsSvc.exe
12:45:23.0703 2128  LnsMtsSvc - ok
12:45:23.0703 2128  lvpopflt - ok
12:45:23.0718 2128  LVRS - ok
12:45:23.0718 2128  LVUVC - ok
12:45:23.0796 2128  [ 4470E3C1E0C3378E4CAB137893C12C3A ] MBAMProtector   C:\WINDOWS\system32\drivers\mbam.sys
12:45:23.0796 2128  MBAMProtector - ok
12:45:23.0859 2128  [ 65085456FD9A74D7F1A999520C299ECB ] MBAMScheduler   C:\Program Files\Malwarebytes' Anti-Malware\mbamscheduler.exe
12:45:23.0890 2128  MBAMScheduler - ok
12:45:23.0937 2128  [ E0D7732F2D2E24B2DB3F67B6750295B8 ] MBAMService     C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe
12:45:23.0968 2128  MBAMService - ok
12:45:24.0000 2128  [ 986B1FF5814366D71E0AC5755C88F2D3 ] Messenger       C:\WINDOWS\System32\msgsvc.dll
12:45:24.0109 2128  Messenger - ok
12:45:24.0187 2128  Microsoft SharePoint Workspace Audit Service - ok
12:45:24.0234 2128  [ D96EA49AB9A9174331BC023FD0CADC18 ] mirrorv3        C:\WINDOWS\system32\DRIVERS\rminiv3.sys
12:45:24.0296 2128  mirrorv3 - ok
12:45:24.0328 2128  [ 4AE068242760A1FB6E1A44BF4E16AFA6 ] mnmdd           C:\WINDOWS\system32\drivers\mnmdd.sys
12:45:24.0484 2128  mnmdd - ok
12:45:24.0515 2128  [ D18F1F0C101D06A1C1ADF26EED16FCDD ] mnmsrvc         C:\WINDOWS\system32\mnmsrvc.exe
12:45:24.0656 2128  mnmsrvc - ok
12:45:24.0671 2128  [ DFCBAD3CEC1C5F964962AE10E0BCC8E1 ] Modem           C:\WINDOWS\system32\drivers\Modem.sys
12:45:24.0812 2128  Modem - ok
12:45:24.0875 2128  [ AC9D6E3629E4388A9EA9B4172493AAEE ] Motorola Device Manager C:\Program Files\Motorola Mobility\Motorola Device Manager\MotoHelperService.exe
12:45:24.0890 2128  Motorola Device Manager - ok
12:45:24.0890 2128  motusbdevice - ok
12:45:24.0953 2128  [ 35C9E97194C8CFB8430125F8DBC34D04 ] Mouclass        C:\WINDOWS\system32\DRIVERS\mouclass.sys
12:45:25.0046 2128  Mouclass - ok
12:45:25.0078 2128  [ B1C303E17FB9D46E87A98E4BA6769685 ] mouhid          C:\WINDOWS\system32\DRIVERS\mouhid.sys
12:45:25.0171 2128  mouhid - ok
12:45:25.0203 2128  [ A80B9A0BAD1B73637DBCBBA7DF72D3FD ] MountMgr        C:\WINDOWS\system32\drivers\MountMgr.sys
12:45:25.0296 2128  MountMgr - ok
12:45:25.0375 2128  [ 7EDBBB9351A38C6BB0FE98CFD44DB430 ] MozillaMaintenance C:\Program Files\Mozilla Maintenance Service\maintenanceservice.exe
12:45:25.0390 2128  MozillaMaintenance - ok
12:45:25.0421 2128  [ 3F4BB95E5A44F3BE34824E8E7CAF0737 ] mraid35x        C:\WINDOWS\system32\DRIVERS\mraid35x.sys
12:45:25.0500 2128  mraid35x - ok
12:45:25.0531 2128  [ 11D42BB6206F33FBB3BA0288D3EF81BD ] MRxDAV          C:\WINDOWS\system32\DRIVERS\mrxdav.sys
12:45:25.0625 2128  MRxDAV - ok
12:45:25.0687 2128  [ 7D304A5EB4344EBEEAB53A2FE3FFB9F0 ] MRxSmb          C:\WINDOWS\system32\DRIVERS\mrxsmb.sys
12:45:25.0781 2128  MRxSmb - ok
12:45:25.0843 2128  [ A137F1470499A205ABBB9AAFB3B6F2B1 ] MSDTC           C:\WINDOWS\system32\msdtc.exe
12:45:26.0015 2128  MSDTC - ok
12:45:26.0046 2128  [ C941EA2454BA8350021D774DAF0F1027 ] Msfs            C:\WINDOWS\system32\drivers\Msfs.sys
12:45:26.0140 2128  Msfs - ok
12:45:26.0171 2128  [ 066F26EFE273125B352E35405D258E85 ] MSHUSBVideo     C:\WINDOWS\system32\Drivers\nx6000.sys
12:45:26.0187 2128  MSHUSBVideo - ok
12:45:26.0187 2128  MSIServer - ok
12:45:26.0218 2128  [ D1575E71568F4D9E14CA56B7B0453BF1 ] MSKSSRV         C:\WINDOWS\system32\drivers\MSKSSRV.sys
12:45:26.0312 2128  MSKSSRV - ok
12:45:26.0343 2128  [ 325BB26842FC7CCC1FCCE2C457317F3E ] MSPCLOCK        C:\WINDOWS\system32\drivers\MSPCLOCK.sys
12:45:26.0421 2128  MSPCLOCK - ok
12:45:26.0421 2128  [ BAD59648BA099DA4A17680B39730CB3D ] MSPQM           C:\WINDOWS\system32\drivers\MSPQM.sys
12:45:26.0531 2128  MSPQM - ok
12:45:26.0546 2128  [ AF5F4F3F14A8EA2C26DE30F7A1E17136 ] mssmbios        C:\WINDOWS\system32\DRIVERS\mssmbios.sys
12:45:26.0640 2128  mssmbios - ok
12:45:26.0734 2128  MSSQL$MNTTOOL - ok
12:45:26.0796 2128  [ ADAF062116B4E6D96E44D26486A87AF6 ] MSSQLServerADHelper c:\Program Files\Microsoft SQL Server\90\Shared\sqladhlp90.exe
12:45:26.0812 2128  MSSQLServerADHelper - ok
12:45:26.0843 2128  [ E53736A9E30C45FA9E7B5EAC55056D1D ] MSTEE           C:\WINDOWS\system32\drivers\MSTEE.sys
12:45:26.0921 2128  MSTEE - ok
12:45:27.0015 2128  [ DE6A75F5C270E756C5508D94B6CF68F5 ] Mup             C:\WINDOWS\system32\drivers\Mup.sys
12:45:27.0109 2128  Mup - ok
12:45:27.0140 2128  [ 5B50F1B2A2ED47D560577B221DA734DB ] NABTSFEC        C:\WINDOWS\system32\DRIVERS\NABTSFEC.sys
12:45:27.0250 2128  NABTSFEC - ok
12:45:27.0281 2128  [ 0102140028FAD045756796E1C685D695 ] napagent        C:\WINDOWS\System32\qagentrt.dll
12:45:27.0406 2128  napagent - ok
12:45:27.0437 2128  [ 1BF91F352D746AD7469FA71783B5FAE8 ] NAXMp50         C:\WINDOWS\system32\Drivers\NAXMp50.sys
12:45:27.0453 2128  NAXMp50 - ok
12:45:27.0468 2128  [ 1961590AA191B6B7DCF18A6A693AF7B8 ] NAXSp50         C:\WINDOWS\system32\Drivers\NAXSp50.sys
12:45:27.0484 2128  NAXSp50 - ok
12:45:27.0515 2128  [ 72C7171A8936044FE7B7AC1345127DC0 ] nBacES50        C:\WINDOWS\system32\DRIVERS\nBacES50.sys
12:45:27.0531 2128  nBacES50 ( UnsignedFile.Multi.Generic ) - warning
12:45:27.0531 2128  nBacES50 - detected UnsignedFile.Multi.Generic (1)
12:45:27.0593 2128  [ 1DF7F42665C94B825322FAE71721130D ] NDIS            C:\WINDOWS\system32\drivers\NDIS.sys
12:45:27.0671 2128  NDIS - ok
12:45:27.0703 2128  [ 7FF1F1FD8609C149AA432F95A8163D97 ] NdisIP          C:\WINDOWS\system32\DRIVERS\NdisIP.sys
12:45:27.0781 2128  NdisIP - ok
12:45:27.0843 2128  [ 0109C4F3850DFBAB279542515386AE22 ] NdisTapi        C:\WINDOWS\system32\DRIVERS\ndistapi.sys
12:45:27.0906 2128  NdisTapi - ok
12:45:27.0921 2128  [ F927A4434C5028758A842943EF1A3849 ] Ndisuio         C:\WINDOWS\system32\DRIVERS\ndisuio.sys
12:45:28.0015 2128  Ndisuio - ok
12:45:28.0062 2128  [ EDC1531A49C80614B2CFDA43CA8659AB ] NdisWan         C:\WINDOWS\system32\DRIVERS\ndiswan.sys
12:45:28.0156 2128  NdisWan - ok
12:45:28.0296 2128  [ 9A74916D77605EEC0102552DEE10E1A2 ] NDNDISSp50      C:\PROGRA~1\DELTAC~1\3.33\System\NDNDISSp50.SYS
12:45:28.0296 2128  NDNDISSp50 - ok
12:45:28.0343 2128  [ 9282BD12DFB069D3889EB3FCC1000A9B ] NDProxy         C:\WINDOWS\system32\drivers\NDProxy.sys
12:45:28.0421 2128  NDProxy - ok
12:45:28.0468 2128  [ 69C503C004F49AEE8B8E3067CC047BA7 ] Net Driver HPZ12 C:\WINDOWS\system32\HPZinw12.dll
12:45:28.0484 2128  Net Driver HPZ12 ( UnsignedFile.Multi.Generic ) - warning
12:45:28.0484 2128  Net Driver HPZ12 - detected UnsignedFile.Multi.Generic (1)
12:45:28.0500 2128  [ 5D81CF9A2F1A3A756B66CF684911CDF0 ] NetBIOS         C:\WINDOWS\system32\DRIVERS\netbios.sys
12:45:28.0578 2128  NetBIOS - ok
12:45:28.0593 2128  [ 74B2B2F5BEA5E9A3DC021D685551BD3D ] NetBT           C:\WINDOWS\system32\DRIVERS\netbt.sys
12:45:28.0687 2128  NetBT - ok
12:45:28.0718 2128  [ B857BA82860D7FF85AE29B095645563B ] NetDDE          C:\WINDOWS\system32\netdde.exe
12:45:28.0812 2128  NetDDE - ok
12:45:28.0828 2128  [ B857BA82860D7FF85AE29B095645563B ] NetDDEdsdm      C:\WINDOWS\system32\netdde.exe
12:45:28.0906 2128  NetDDEdsdm - ok
12:45:28.0953 2128  [ BF2466B3E18E970D8A976FB95FC1CA85 ] Netlogon        C:\WINDOWS\system32\lsass.exe
12:45:29.0046 2128  Netlogon - ok
12:45:29.0078 2128  [ 13E67B55B3ABD7BF3FE7AAE5A0F9A9DE ] Netman          C:\WINDOWS\System32\netman.dll
12:45:29.0156 2128  Netman - ok
12:45:29.0203 2128  [ D34612C5D02D026535B3095D620626AE ] NetTcpPortSharing C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe
12:45:29.0218 2128  NetTcpPortSharing - ok
12:45:29.0250 2128  [ 5EF7DD401771693245D46F4B0B69FE2B ] NetworkX        C:\WINDOWS\system32\ckldrv.sys
12:45:29.0265 2128  NetworkX ( UnsignedFile.Multi.Generic ) - warning
12:45:29.0265 2128  NetworkX - detected UnsignedFile.Multi.Generic (1)
12:45:29.0375 2128  [ 77ADC80693D44112015D5AE680B72020 ] Niagara         C:\JCI\FXSupervisorDemo-3.0\bin\niagarad.exe
12:45:29.0375 2128  Niagara ( UnsignedFile.Multi.Generic ) - warning
12:45:29.0375 2128  Niagara - detected UnsignedFile.Multi.Generic (1)
12:45:29.0437 2128  [ E9E47CFB2D461FA0FC75B7A74C6383EA ] NIC1394         C:\WINDOWS\system32\DRIVERS\nic1394.sys
12:45:29.0578 2128  NIC1394 - ok
12:45:29.0640 2128  [ 943337D786A56729263071623BBB9DE5 ] Nla             C:\WINDOWS\System32\mswsock.dll
12:45:29.0671 2128  Nla - ok
12:45:29.0718 2128  [ B48DC6ABCD3AEFF8618350CCBDC6B09A ] NPF             C:\WINDOWS\system32\drivers\npf.sys
12:45:29.0750 2128  NPF - ok
12:45:29.0765 2128  [ 3182D64AE053D6FB034F44B6DEF8034A ] Npfs            C:\WINDOWS\system32\drivers\Npfs.sys
12:45:29.0906 2128  Npfs - ok
12:45:29.0984 2128  [ 78A08DD6A8D65E697C18E1DB01C5CDCA ] Ntfs            C:\WINDOWS\system32\drivers\Ntfs.sys
12:45:30.0078 2128  Ntfs - ok
12:45:30.0109 2128  [ BF2466B3E18E970D8A976FB95FC1CA85 ] NtLmSsp         C:\WINDOWS\system32\lsass.exe
12:45:30.0187 2128  NtLmSsp - ok
12:45:30.0234 2128  [ 156F64A3345BD23C600655FB4D10BC08 ] NtmsSvc         C:\WINDOWS\system32\ntmssvc.dll
12:45:30.0328 2128  NtmsSvc - ok
12:45:30.0328 2128  [ 73C1E1F395918BC2C6DD67AF7591A3AD ] Null            C:\WINDOWS\system32\drivers\Null.sys
12:45:30.0437 2128  Null - ok
12:45:30.0437 2128  NvtSp50 - ok
12:45:30.0515 2128  [ C83766C4A147159254FF16F1A6C9DC6E ] NWADI           C:\WINDOWS\system32\DRIVERS\NWADIenum.sys
12:45:30.0562 2128  NWADI - ok
12:45:30.0593 2128  [ B305F3FAD35083837EF46A0BBCE2FC57 ] NwlnkFlt        C:\WINDOWS\system32\DRIVERS\nwlnkflt.sys
12:45:30.0671 2128  NwlnkFlt - ok
12:45:30.0671 2128  [ C99B3415198D1AAB7227F2C88FD664B9 ] NwlnkFwd        C:\WINDOWS\system32\DRIVERS\nwlnkfwd.sys
12:45:30.0781 2128  NwlnkFwd - ok
12:45:30.0843 2128  [ 224131778C92AEE8C13AFAC5FBFF19CA ] NWUSBCDFIL      C:\WINDOWS\system32\DRIVERS\NwUsbCdFil.sys
12:45:30.0875 2128  NWUSBCDFIL - ok
12:45:30.0921 2128  [ C7FB1635508D0009489A0F7E7743468A ] NWUSBModem_000  C:\WINDOWS\system32\DRIVERS\nwusbmdm_000.sys
12:45:31.0046 2128  NWUSBModem_000 - ok
12:45:31.0078 2128  [ C7FB1635508D0009489A0F7E7743468A ] NWUSBPort2_000  C:\WINDOWS\system32\DRIVERS\nwusbser2_000.sys
12:45:31.0109 2128  NWUSBPort2_000 - ok
12:45:31.0156 2128  [ C7FB1635508D0009489A0F7E7743468A ] NWUSBPort_000   C:\WINDOWS\system32\DRIVERS\nwusbser_000.sys
12:45:31.0187 2128  NWUSBPort_000 - ok
12:45:31.0234 2128  [ CA33832DF41AFB202EE7AEB05145922F ] ohci1394        C:\WINDOWS\system32\DRIVERS\ohci1394.sys
12:45:31.0343 2128  ohci1394 - ok
12:45:31.0453 2128  [ 9D10F99A6712E28F8ACD5641E3A7EA6B ] ose             C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE
12:45:31.0468 2128  ose - ok
12:45:31.0703 2128  [ 358A9CCA612C68EB2F07DDAD4CE1D8D7 ] osppsvc         C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE
12:45:32.0078 2128  osppsvc - ok
12:45:32.0109 2128  [ 5575FAF8F97CE5E713D108C2A58D7C7C ] Parport         C:\WINDOWS\system32\drivers\Parport.sys
12:45:32.0218 2128  Parport - ok
12:45:32.0234 2128  [ BEB3BA25197665D82EC7065B724171C6 ] PartMgr         C:\WINDOWS\system32\drivers\PartMgr.sys
12:45:32.0328 2128  PartMgr - ok
12:45:32.0343 2128  [ 70E98B3FD8E963A6A46A2E6247E0BEA1 ] ParVdm          C:\WINDOWS\system32\drivers\ParVdm.sys
12:45:32.0453 2128  ParVdm - ok
12:45:32.0484 2128  [ 4088C1ECD1F54281A92FA663B0FDC36F ] PBADRV          C:\WINDOWS\system32\DRIVERS\PBADRV.sys
12:45:32.0500 2128  PBADRV - ok
12:45:32.0500 2128  PCASp50 - ok
12:45:32.0515 2128  [ A219903CCF74233761D92BEF471A07B1 ] PCI             C:\WINDOWS\system32\DRIVERS\pci.sys
12:45:32.0625 2128  PCI - ok
12:45:32.0625 2128  PCIDump - ok
12:45:32.0656 2128  [ CCF5F451BB1A5A2A522A76E670000FF0 ] PCIIde          C:\WINDOWS\system32\DRIVERS\pciide.sys
12:45:32.0750 2128  PCIIde - ok
12:45:32.0750 2128  [ 9E89EF60E9EE05E3F2EEF2DA7397F1C1 ] Pcmcia          C:\WINDOWS\system32\DRIVERS\pcmcia.sys
12:45:32.0843 2128  Pcmcia - ok
12:45:32.0859 2128  PDCOMP - ok
12:45:32.0859 2128  PDFRAME - ok
12:45:32.0875 2128  PDRELI - ok
12:45:32.0875 2128  PDRFRAME - ok
12:45:32.0890 2128  [ 6C14B9C19BA84F73D3A86DBA11133101 ] perc2           C:\WINDOWS\system32\DRIVERS\perc2.sys
12:45:33.0000 2128  perc2 - ok
12:45:33.0015 2128  [ F50F7C27F131AFE7BEBA13E14A3B9416 ] perc2hib        C:\WINDOWS\system32\DRIVERS\perc2hib.sys
12:45:33.0109 2128  perc2hib - ok
12:45:33.0140 2128  [ 65DF52F5B8B6E9BBD183505225C37315 ] PlugPlay        C:\WINDOWS\system32\services.exe
12:45:33.0156 2128  PlugPlay - ok
12:45:33.0171 2128  [ 12B4549D515CB26BB8D375038017CA65 ] Pml Driver HPZ12 C:\WINDOWS\system32\HPZipm12.dll
12:45:33.0187 2128  Pml Driver HPZ12 ( UnsignedFile.Multi.Generic ) - warning
12:45:33.0187 2128  Pml Driver HPZ12 - detected UnsignedFile.Multi.Generic (1)
12:45:33.0187 2128  Point32 - ok
12:45:33.0218 2128  [ BF2466B3E18E970D8A976FB95FC1CA85 ] PolicyAgent     C:\WINDOWS\system32\lsass.exe
12:45:33.0312 2128  PolicyAgent - ok
12:45:33.0328 2128  [ EFEEC01B1D3CF84F16DDD24D9D9D8F99 ] PptpMiniport    C:\WINDOWS\system32\DRIVERS\raspptp.sys
12:45:33.0437 2128  PptpMiniport - ok
12:45:33.0437 2128  [ BF2466B3E18E970D8A976FB95FC1CA85 ] ProtectedStorage C:\WINDOWS\system32\lsass.exe
12:45:33.0546 2128  ProtectedStorage - ok
12:45:33.0562 2128  [ 09298EC810B07E5D582CB3A3F9255424 ] PSched          C:\WINDOWS\system32\DRIVERS\psched.sys
12:45:33.0671 2128  PSched - ok
12:45:33.0718 2128  [ 80D317BD1C3DBC5D4FE7B1678C60CADD ] Ptilink         C:\WINDOWS\system32\DRIVERS\ptilink.sys
12:45:33.0812 2128  Ptilink - ok
12:45:33.0875 2128  [ 153D02480A0A2F45785522E814C634B6 ] PxHelp20        C:\WINDOWS\system32\Drivers\PxHelp20.sys
12:45:33.0890 2128  PxHelp20 - ok
12:45:33.0921 2128  [ 0A63FB54039EB5662433CABA3B26DBA7 ] ql1080          C:\WINDOWS\system32\DRIVERS\ql1080.sys
12:45:34.0015 2128  ql1080 - ok
12:45:34.0031 2128  [ 6503449E1D43A0FF0201AD5CB1B8C706 ] Ql10wnt         C:\WINDOWS\system32\DRIVERS\ql10wnt.sys
12:45:34.0109 2128  Ql10wnt - ok
12:45:34.0125 2128  [ 156ED0EF20C15114CA097A34A30D8A01 ] ql12160         C:\WINDOWS\system32\DRIVERS\ql12160.sys
12:45:34.0203 2128  ql12160 - ok
12:45:34.0218 2128  [ 70F016BEBDE6D29E864C1230A07CC5E6 ] ql1240          C:\WINDOWS\system32\DRIVERS\ql1240.sys
12:45:34.0328 2128  ql1240 - ok
12:45:34.0359 2128  [ 907F0AEEA6BC451011611E732BD31FCF ] ql1280          C:\WINDOWS\system32\DRIVERS\ql1280.sys
12:45:34.0453 2128  ql1280 - ok
12:45:34.0515 2128  [ 2E4F7D36C0D4085C53E151E0C2A85971 ] raddrvv3        C:\WINDOWS\system32\rserver30\raddrvv3.sys
12:45:34.0531 2128  raddrvv3 - ok
12:45:34.0531 2128  [ FE0D99D6F31E4FAD8159F690D68DED9C ] RasAcd          C:\WINDOWS\system32\DRIVERS\rasacd.sys
12:45:34.0625 2128  RasAcd - ok
12:45:34.0671 2128  [ AD188BE7BDF94E8DF4CA0A55C00A5073 ] RasAuto         C:\WINDOWS\System32\rasauto.dll
12:45:34.0781 2128  RasAuto - ok
12:45:34.0812 2128  [ 11B4A627BC9614B885C4969BFA5FF8A6 ] Rasl2tp         C:\WINDOWS\system32\DRIVERS\rasl2tp.sys
12:45:34.0890 2128  Rasl2tp - ok
12:45:34.0937 2128  [ 76A9A3CBEADD68CC57CDA5E1D7448235 ] RasMan          C:\WINDOWS\System32\rasmans.dll
12:45:35.0015 2128  RasMan - ok
12:45:35.0031 2128  [ 5BC962F2654137C9909C3D4603587DEE ] RasPppoe        C:\WINDOWS\system32\DRIVERS\raspppoe.sys
12:45:35.0125 2128  RasPppoe - ok
12:45:35.0140 2128  [ FDBB1D60066FCFBB7452FD8F9829B242 ] Raspti          C:\WINDOWS\system32\DRIVERS\raspti.sys
12:45:35.0250 2128  Raspti - ok
12:45:35.0312 2128  [ 7AD224AD1A1437FE28D89CF22B17780A ] Rdbss           C:\WINDOWS\system32\DRIVERS\rdbss.sys
12:45:35.0437 2128  Rdbss - ok
12:45:35.0453 2128  [ 4912D5B403614CE99C28420F75353332 ] RDPCDD          C:\WINDOWS\system32\DRIVERS\RDPCDD.sys
12:45:35.0562 2128  RDPCDD - ok
12:45:35.0578 2128  [ 15CABD0F7C00C47C70124907916AF3F1 ] rdpdr           C:\WINDOWS\system32\DRIVERS\rdpdr.sys
12:45:35.0671 2128  rdpdr - ok
12:45:35.0734 2128  [ 43AF5212BD8FB5BA6EED9754358BD8F7 ] RDPWD           C:\WINDOWS\system32\drivers\RDPWD.sys
12:45:35.0796 2128  RDPWD - ok
12:45:35.0843 2128  [ 3C37BF86641BDA977C3BF8A840F3B7FA ] RDSessMgr       C:\WINDOWS\system32\sessmgr.exe
12:45:35.0921 2128  RDSessMgr - ok
12:45:35.0953 2128  [ F828DD7E1419B6653894A8F97A0094C5 ] redbook         C:\WINDOWS\system32\DRIVERS\redbook.sys
12:45:36.0031 2128  redbook - ok
12:45:36.0078 2128  [ 7E699FF5F59B5D9DE5390E3C34C67CF5 ] RemoteAccess    C:\WINDOWS\System32\mprdim.dll
12:45:36.0171 2128  RemoteAccess - ok
12:45:36.0187 2128  [ 5B19B557B0C188210A56A6B699D90B8F ] RemoteRegistry  C:\WINDOWS\system32\regsvc.dll
12:45:36.0281 2128  RemoteRegistry - ok
12:45:36.0343 2128  [ EA885E7A56F1BE1F14C372337C42FE48 ] rimmptsk        C:\WINDOWS\system32\DRIVERS\rimmptsk.sys
12:45:36.0390 2128  rimmptsk - ok
12:45:36.0453 2128  [ B60F58F175DE20A6739194E85B035178 ] rpcapd          C:\Program Files\WinPcap\rpcapd.exe
12:45:36.0468 2128  rpcapd - ok
12:45:36.0515 2128  [ AAED593F84AFA419BBAE8572AF87CF6A ] RpcLocator      C:\WINDOWS\system32\locator.exe
12:45:36.0609 2128  RpcLocator - ok
12:45:36.0640 2128  [ 6B27A5C03DFB94B4245739065431322C ] RpcSs           C:\WINDOWS\System32\rpcss.dll
12:45:36.0671 2128  RpcSs - ok
12:45:36.0750 2128  [ 7F4E16384FA3BDC035015148E768A87A ] RServer3        C:\WINDOWS\system32\rserver30\RServer3.exe
12:45:36.0843 2128  RServer3 - ok
12:45:36.0906 2128  [ 471B3F9741D762ABE75E9DEEA4787E47 ] RSVP            C:\WINDOWS\system32\rsvp.exe
12:45:37.0062 2128  RSVP - ok
12:45:37.0125 2128  [ BF2466B3E18E970D8A976FB95FC1CA85 ] SamSs           C:\WINDOWS\system32\lsass.exe
12:45:37.0250 2128  SamSs - ok
12:45:37.0359 2128  [ A3281AEC37E0720A2BC28034C2DF2A56 ] SASDIFSV        C:\Program Files\SUPERAntiSpyware\SASDIFSV.SYS
12:45:37.0375 2128  SASDIFSV - ok
12:45:37.0390 2128  [ 61DB0D0756A99506207FD724E3692B25 ] SASKUTIL        C:\Program Files\SUPERAntiSpyware\SASKUTIL.SYS
12:45:37.0406 2128  SASKUTIL - ok
12:45:37.0421 2128  [ 86D007E7A654B9A71D1D7D856B104353 ] SCardSvr        C:\WINDOWS\System32\SCardSvr.exe
12:45:37.0578 2128  SCardSvr - ok
12:45:37.0593 2128  [ 0A9A7365A1CA4319AA7C1D6CD8E4EAFA ] Schedule        C:\WINDOWS\system32\schedsvc.dll
12:45:37.0734 2128  Schedule - ok
12:45:37.0781 2128  [ 8D04819A3CE51B9EB47E5689B44D43C4 ] sdbus           C:\WINDOWS\system32\DRIVERS\sdbus.sys
12:45:37.0921 2128  sdbus - ok
12:45:38.0031 2128  [ 4A5809A1D796E2675AC0332BF7B0CB11 ] SeaPort         C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
12:45:38.0046 2128  SeaPort - ok
12:45:38.0078 2128  [ 90A3935D05B494A5A39D37E71F09A677 ] Secdrv          C:\WINDOWS\system32\DRIVERS\secdrv.sys
12:45:38.0140 2128  Secdrv - ok
12:45:38.0156 2128  [ CBE612E2BB6A10E3563336191EDA1250 ] seclogon        C:\WINDOWS\System32\seclogon.dll
12:45:38.0234 2128  seclogon - ok
12:45:38.0250 2128  [ 7FDD5D0684ECA8C1F68B4D99D124DCD0 ] SENS            C:\WINDOWS\system32\sens.dll
12:45:38.0328 2128  SENS - ok
12:45:38.0390 2128  [ A2CC81C30BEF6AC9F27055490EEF6DE3 ] Sentinel        C:\WINDOWS\System32\Drivers\SENTINEL.SYS
12:45:38.0406 2128  Sentinel - ok
12:45:38.0421 2128  [ 0F29512CCD6BEAD730039FB4BD2C85CE ] Serenum         C:\WINDOWS\system32\DRIVERS\serenum.sys
12:45:38.0500 2128  Serenum - ok
12:45:38.0515 2128  [ CCA207A8896D4C6A0C9CE29A4AE411A7 ] Serial          C:\WINDOWS\system32\DRIVERS\serial.sys
12:45:38.0593 2128  Serial - ok
12:45:38.0625 2128  [ 1F16931C722C69E4A7866244796C66A0 ] sermouse        C:\WINDOWS\system32\DRIVERS\sermouse.sys
12:45:38.0703 2128  sermouse - ok
12:45:38.0765 2128  [ 0FA803C64DF0914B41F807EA276BF2A6 ] sffdisk         C:\WINDOWS\system32\DRIVERS\sffdisk.sys
12:45:38.0843 2128  sffdisk - ok
12:45:38.0890 2128  [ C17C331E435ED8737525C86A7557B3AC ] sffp_sd         C:\WINDOWS\system32\DRIVERS\sffp_sd.sys
12:45:39.0015 2128  sffp_sd - ok
12:45:39.0046 2128  [ 8E6B8C671615D126FDC553D1E2DE5562 ] Sfloppy         C:\WINDOWS\system32\drivers\Sfloppy.sys
12:45:39.0140 2128  Sfloppy - ok
12:45:39.0203 2128  [ 83F41D0D89645D7235C051AB1D9523AC ] SharedAccess    C:\WINDOWS\System32\ipnathlp.dll
12:45:39.0281 2128  SharedAccess - ok
12:45:39.0328 2128  [ 99BC0B50F511924348BE19C7C7313BBF ] ShellHWDetection C:\WINDOWS\System32\shsvcs.dll
12:45:39.0328 2128  ShellHWDetection - ok
12:45:39.0343 2128  Simbad - ok
12:45:39.0375 2128  [ 6B33D0EBD30DB32E27D1D78FE946A754 ] sisagp          C:\WINDOWS\system32\DRIVERS\sisagp.sys
12:45:39.0468 2128  sisagp - ok
12:45:39.0515 2128  [ 70D7480EBA6E5D2A1687809324237D98 ] slabbus         C:\WINDOWS\system32\DRIVERS\slabbus.sys
12:45:39.0593 2128  slabbus - ok
12:45:39.0609 2128  [ 044C01804923A37E771A2B9750406979 ] slabser         C:\WINDOWS\system32\DRIVERS\slabser.sys
12:45:39.0671 2128  slabser - ok
12:45:39.0703 2128  [ 866D538EBE33709A5C9F5C62B73B7D14 ] SLIP            C:\WINDOWS\system32\DRIVERS\SLIP.sys
12:45:39.0796 2128  SLIP - ok
12:45:39.0906 2128  [ 1E715247EFFFDDA938C085913045D599 ] SMSIVZAM5       C:\PROGRA~1\VERIZO~1\VZACCE~1\SMSIVZAM5.SYS
12:45:39.0906 2128  SMSIVZAM5 - ok
12:45:39.0968 2128  [ 9DE6E60CE7FD82B4985DE5D9C22265AD ] Sntnlusb        C:\WINDOWS\system32\DRIVERS\SNTNLUSB.SYS
12:45:39.0984 2128  Sntnlusb - ok
12:45:40.0015 2128  [ 83C0F71F86D3BDAF915685F3D568B20E ] Sparrow         C:\WINDOWS\system32\DRIVERS\sparrow.sys
12:45:40.0140 2128  Sparrow - ok
12:45:40.0203 2128  [ AB8B92451ECB048A4D1DE7C3FFCB4A9F ] splitter        C:\WINDOWS\system32\drivers\splitter.sys
12:45:40.0375 2128  splitter - ok
12:45:40.0453 2128  [ 60784F891563FB1B767F70117FC2428F ] Spooler         C:\WINDOWS\system32\spoolsv.exe
12:45:40.0531 2128  Spooler - ok
12:45:40.0578 2128  [ D2B096CD2F56FAC6EEEED9A77DDF6DC8 ] SQLBrowser      c:\Program Files\Microsoft SQL Server\90\Shared\sqlbrowser.exe
12:45:40.0593 2128  SQLBrowser - ok
12:45:40.0656 2128  [ 76BB022C2FB6902FD5BDD4F78FC13A5D ] sr              C:\WINDOWS\system32\DRIVERS\sr.sys
12:45:40.0703 2128  sr - ok
12:45:40.0765 2128  [ 3805DF0AC4296A34BA4BF93B346CC378 ] srservice       C:\WINDOWS\system32\srsvc.dll
12:45:40.0812 2128  srservice - ok
12:45:40.0921 2128  [ 584477FDFA731AF4635F5875C6B52531 ] SRS_PremiumSound_Service C:\WINDOWS\system32\drivers\srs_PremiumSound_i386.sys
12:45:40.0953 2128  SRS_PremiumSound_Service - ok
12:45:41.0015 2128  [ 47DDFC2F003F7F9F0592C6874962A2E7 ] Srv             C:\WINDOWS\system32\DRIVERS\srv.sys
12:45:41.0171 2128  Srv - ok
12:45:41.0234 2128  [ 0A5679B3714EDAB99E357057EE88FCA6 ] SSDPSRV         C:\WINDOWS\System32\ssdpsrv.dll
12:45:41.0343 2128  SSDPSRV - ok
12:45:41.0406 2128  [ 3603F3DB9FBA2A8FA91829681BA25AFA ] STacSV          c:\drivers\audio\r213367\stacsv.exe
12:45:41.0453 2128  STacSV - ok
12:45:41.0562 2128  [ 1B76479B80FF0F6E245BA590A64102BE ] STHDA           C:\WINDOWS\system32\drivers\sthda.sys
12:45:41.0687 2128  STHDA - ok
12:45:41.0765 2128  [ A9573045BAA16EAB9B1085205B82F1ED ] StillCam        C:\WINDOWS\system32\DRIVERS\serscan.sys
12:45:41.0937 2128  StillCam - ok
12:45:41.0984 2128  [ 8BAD69CBAC032D4BBACFCE0306174C30 ] stisvc          C:\WINDOWS\system32\wiaservc.dll
12:45:42.0078 2128  stisvc - ok
12:45:42.0109 2128  [ DE3E7A2345EBAA3CE8E6957DFB55FB15 ] stllssvr        C:\Program Files\Common Files\SureThing Shared\stllssvr.exe
12:45:42.0125 2128  stllssvr ( UnsignedFile.Multi.Generic ) - warning
12:45:42.0125 2128  stllssvr - detected UnsignedFile.Multi.Generic (1)
12:45:42.0125 2128  [ 77813007BA6265C4B6098187E6ED79D2 ] streamip        C:\WINDOWS\system32\DRIVERS\StreamIP.sys
12:45:42.0234 2128  streamip - ok
12:45:42.0234 2128  [ 3941D127AEF12E93ADDF6FE6EE027E0F ] swenum          C:\WINDOWS\system32\DRIVERS\swenum.sys
12:45:42.0312 2128  swenum - ok
12:45:42.0375 2128  [ 8CE882BCC6CF8A62F2B2323D95CB3D01 ] swmidi          C:\WINDOWS\system32\drivers\swmidi.sys
12:45:42.0453 2128  swmidi - ok
12:45:42.0453 2128  SwPrv - ok
12:45:42.0500 2128  [ 1FF3217614018630D0A6758630FC698C ] symc810         C:\WINDOWS\system32\DRIVERS\symc810.sys
12:45:42.0593 2128  symc810 - ok
12:45:42.0609 2128  [ 070E001D95CF725186EF8B20335F933C ] symc8xx         C:\WINDOWS\system32\DRIVERS\symc8xx.sys
12:45:42.0734 2128  symc8xx - ok
12:45:42.0734 2128  [ 80AC1C4ABBE2DF3B738BF15517A51F2C ] sym_hi          C:\WINDOWS\system32\DRIVERS\sym_hi.sys
12:45:42.0843 2128  sym_hi - ok
12:45:42.0859 2128  [ BF4FAB949A382A8E105F46EBB4937058 ] sym_u3          C:\WINDOWS\system32\DRIVERS\sym_u3.sys
12:45:42.0953 2128  sym_u3 - ok
12:45:43.0000 2128  [ 8B83F3ED0F1688B4958F77CD6D2BF290 ] sysaudio        C:\WINDOWS\system32\drivers\sysaudio.sys
12:45:43.0093 2128  sysaudio - ok
12:45:43.0156 2128  [ C7ABBC59B43274B1109DF6B24D617051 ] SysmonLog       C:\WINDOWS\system32\smlogsvc.exe
12:45:43.0265 2128  SysmonLog - ok
12:45:43.0312 2128  [ 3CB78C17BB664637787C9A1C98F79C38 ] TapiSrv         C:\WINDOWS\System32\tapisrv.dll
12:45:43.0421 2128  TapiSrv - ok
12:45:43.0437 2128  [ 9AEFA14BD6B182D61E3119FA5F436D3D ] Tcpip           C:\WINDOWS\system32\DRIVERS\tcpip.sys
12:45:43.0468 2128  Tcpip - ok
12:45:43.0500 2128  [ 6471A66807F5E104E4885F5B67349397 ] TDPIPE          C:\WINDOWS\system32\drivers\TDPIPE.sys
12:45:43.0609 2128  TDPIPE - ok
12:45:43.0609 2128  [ C56B6D0402371CF3700EB322EF3AAF61 ] TDTCP           C:\WINDOWS\system32\drivers\TDTCP.sys
12:45:43.0687 2128  TDTCP - ok
12:45:43.0734 2128  [ 88155247177638048422893737429D9E ] TermDD          C:\WINDOWS\system32\DRIVERS\termdd.sys
12:45:43.0812 2128  TermDD - ok
12:45:43.0828 2128  [ FF3477C03BE7201C294C35F684B3479F ] TermService     C:\WINDOWS\System32\termsrv.dll
12:45:43.0921 2128  TermService - ok
12:45:43.0953 2128  [ 99BC0B50F511924348BE19C7C7313BBF ] Themes          C:\WINDOWS\System32\shsvcs.dll
12:45:43.0953 2128  Themes - ok
12:45:44.0000 2128  [ DB7205804759FF62C34E3EFD8A4CC76A ] TlntSvr         C:\WINDOWS\system32\tlntsvr.exe
12:45:44.0031 2128  TlntSvr - ok
12:45:44.0046 2128  [ F2790F6AF01321B172AA62F8E1E187D9 ] TosIde          C:\WINDOWS\system32\DRIVERS\toside.sys
12:45:44.0109 2128  TosIde - ok
12:45:44.0218 2128  [ 768875AC6E01F4931EBE65509398A990 ] Tracer TU Service C:\Program Files\Trane\TracerTU.Service\EvoUSB.exe
12:45:44.0218 2128  Tracer TU Service ( UnsignedFile.Multi.Generic ) - warning
12:45:44.0218 2128  Tracer TU Service - detected UnsignedFile.Multi.Generic (1)
12:45:44.0234 2128  [ 55BCA12F7F523D35CA3CB833C725F54E ] TrkWks          C:\WINDOWS\system32\trkwks.dll
12:45:44.0328 2128  TrkWks - ok
12:45:44.0343 2128  [ 5787B80C2E3C5E2F56C2A233D91FA2C9 ] Udfs            C:\WINDOWS\system32\drivers\Udfs.sys
12:45:44.0437 2128  Udfs - ok
12:45:44.0484 2128  [ 1B698A51CD528D8DA4FFAED66DFC51B9 ] ultra           C:\WINDOWS\system32\DRIVERS\ultra.sys
12:45:44.0546 2128  ultra - ok
12:45:44.0578 2128  [ 402DDC88356B1BAC0EE3DD1580C76A31 ] Update          C:\WINDOWS\system32\DRIVERS\update.sys
12:45:44.0687 2128  Update - ok
12:45:44.0734 2128  [ 1EBAFEB9A3FBDC41B8D9C7F0F687AD91 ] upnphost        C:\WINDOWS\System32\upnphost.dll
12:45:44.0812 2128  upnphost - ok
12:45:44.0828 2128  [ 05365FB38FCA1E98F7A566AAAF5D1815 ] UPS             C:\WINDOWS\System32\ups.exe
12:45:44.0953 2128  UPS - ok
12:45:45.0000 2128  [ 4B8A9C16B6D9258ED99C512AECB8C555 ] USBAAPL         C:\WINDOWS\system32\Drivers\usbaapl.sys
12:45:45.0062 2128  USBAAPL - ok
12:45:45.0093 2128  [ E919708DB44ED8543A7C017953148330 ] usbaudio        C:\WINDOWS\system32\drivers\usbaudio.sys
12:45:45.0187 2128  usbaudio - ok
12:45:45.0250 2128  [ D9F3BB7C292F194F3B053CE295754EB8 ] usbbus          C:\WINDOWS\system32\DRIVERS\lgusbbus.sys
12:45:45.0328 2128  usbbus - ok
12:45:45.0375 2128  [ C18D6C74953621346DF6B0A11F80C1CC ] usbccgp         C:\WINDOWS\system32\DRIVERS\usbccgp.sys
12:45:45.0437 2128  usbccgp - ok
12:45:45.0500 2128  [ C4F77DA649F99FAD116EA585376FC164 ] UsbDiag         C:\WINDOWS\system32\DRIVERS\lgusbdiag.sys
12:45:45.0546 2128  UsbDiag - ok
12:45:45.0593 2128  [ 4BAC8DF07F1D8434FC640E677A62204E ] usbehci         C:\WINDOWS\system32\DRIVERS\usbehci.sys
12:45:45.0671 2128  usbehci - ok
12:45:45.0718 2128  [ 1AB3CDDE553B6E064D2E754EFE20285C ] usbhub          C:\WINDOWS\system32\DRIVERS\usbhub.sys
12:45:45.0921 2128  usbhub - ok
12:45:45.0968 2128  [ C0613CE45E617BC671DE8EBB1B30D175 ] USBModem        C:\WINDOWS\system32\DRIVERS\lgusbmodem.sys
12:45:45.0984 2128  USBModem - ok
12:45:46.0015 2128  [ A717C8721046828520C9EDF31288FC00 ] usbprint        C:\WINDOWS\system32\DRIVERS\usbprint.sys
12:45:46.0093 2128  usbprint - ok
12:45:46.0125 2128  [ A0B8CF9DEB1184FBDD20784A58FA75D4 ] usbscan         C:\WINDOWS\system32\DRIVERS\usbscan.sys
12:45:46.0234 2128  usbscan - ok
12:45:46.0296 2128  [ A32426D9B14A089EAA1D922E0C5801A9 ] USBSTOR         C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS
12:45:46.0359 2128  USBSTOR - ok
12:45:46.0375 2128  [ 26496F9DEE2D787FC3E61AD54821FFE6 ] usbuhci         C:\WINDOWS\system32\DRIVERS\usbuhci.sys
12:45:46.0468 2128  usbuhci - ok
12:45:46.0531 2128  [ 63BBFCA7F390F4C49ED4B96BFB1633E0 ] usbvideo        C:\WINDOWS\system32\Drivers\usbvideo.sys
12:45:46.0625 2128  usbvideo - ok
12:45:46.0671 2128  [ FCE98C43B5C5DB8E0DA8EA0E2B45E044 ] VClone          C:\WINDOWS\system32\DRIVERS\VClone.sys
12:45:46.0687 2128  VClone ( UnsignedFile.Multi.Generic ) - warning
12:45:46.0687 2128  VClone - detected UnsignedFile.Multi.Generic (1)
12:45:46.0734 2128  [ 0D3A8FAFCEACD8B7625CD549757A7DF1 ] VgaSave         C:\WINDOWS\System32\drivers\vga.sys
12:45:46.0843 2128  VgaSave - ok
12:45:46.0859 2128  [ 754292CE5848B3738281B4F3607EAEF4 ] viaagp          C:\WINDOWS\system32\DRIVERS\viaagp.sys
12:45:46.0984 2128  viaagp - ok
12:45:47.0015 2128  [ 3B3EFCDA263B8AC14FDF9CBDD0791B2E ] ViaIde          C:\WINDOWS\system32\DRIVERS\viaide.sys
12:45:47.0156 2128  ViaIde - ok
12:45:47.0171 2128  [ 4C8FCB5CC53AAB716D810740FE59D025 ] VolSnap         C:\WINDOWS\system32\drivers\VolSnap.sys
12:45:47.0281 2128  VolSnap - ok
12:45:47.0359 2128  [ B48455BCCA57858507D97F7A98FCEEAF ] vpnagent        C:\Program Files\Cisco\Cisco AnyConnect Secure Mobility Client\vpnagent.exe
12:45:47.0390 2128  vpnagent - ok
12:45:47.0453 2128  [ 0D8DF4058901616A4E716AB67D472581 ] vpnva           C:\WINDOWS\system32\DRIVERS\vpnva.sys
12:45:47.0468 2128  vpnva - ok
12:45:47.0531 2128  [ 7A9DB3A67C333BF0BD42E42B8596854B ] VSS             C:\WINDOWS\System32\vssvc.exe
12:45:47.0593 2128  VSS - ok
12:45:47.0609 2128  [ 54AF4B1D5459500EF0937F6D33B1914F ] w32time         C:\WINDOWS\system32\w32time.dll
12:45:47.0703 2128  w32time - ok
12:45:47.0750 2128  [ E20B95BAEDB550F32DD489265C1DA1F6 ] Wanarp          C:\WINDOWS\system32\DRIVERS\wanarp.sys
12:45:47.0859 2128  Wanarp - ok
12:45:47.0921 2128  [ BBCFEAB7E871CDDAC2D397EE7FA91FDC ] Wdf01000        C:\WINDOWS\system32\DRIVERS\Wdf01000.sys
12:45:47.0937 2128  Wdf01000 - ok
12:45:47.0937 2128  WDICA - ok
12:45:48.0000 2128  [ 6768ACF64B18196494413695F0C3A00F ] wdmaud          C:\WINDOWS\system32\drivers\wdmaud.sys
12:45:48.0093 2128  wdmaud - ok
12:45:48.0109 2128  [ 77A354E28153AD2D5E120A5A8687BC06 ] WebClient       C:\WINDOWS\System32\webclnt.dll
12:45:48.0203 2128  WebClient - ok
12:45:48.0312 2128  [ 2D0E4ED081963804CCC196A0929275B5 ] winmgmt         C:\WINDOWS\system32\wbem\WMIsvc.dll
12:45:48.0390 2128  winmgmt - ok
12:45:48.0500 2128  [ 5144AE67D60EC653F97DDF3FEED29E77 ] wlidsvc         C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
12:45:48.0609 2128  wlidsvc - ok
12:45:48.0625 2128  wltrysvc - ok
12:45:48.0671 2128  [ C51B4A5C05A5475708E3C81C7765B71D ] WmdmPmSN        C:\WINDOWS\system32\MsPMSNSv.dll
12:45:48.0765 2128  WmdmPmSN - ok
12:45:48.0828 2128  [ E76F8807070ED04E7408A86D6D3A6137 ] Wmi             C:\WINDOWS\System32\advapi32.dll
12:45:48.0890 2128  Wmi - ok
12:45:48.0953 2128  [ C42584FD66CE9E17403AEBCA199F7BDB ] WmiAcpi         C:\WINDOWS\system32\DRIVERS\wmiacpi.sys
12:45:49.0140 2128  WmiAcpi - ok
12:45:49.0250 2128  [ E0673F1106E62A68D2257E376079F821 ] WmiApSrv        C:\WINDOWS\system32\wbem\wmiapsrv.exe
12:45:49.0343 2128  WmiApSrv - ok
12:45:49.0437 2128  [ F74E3D9A7FA9556C3BBB14D4E5E63D3B ] WMPNetworkSvc   C:\Program Files\Windows Media Player\WMPNetwk.exe
12:45:49.0515 2128  WMPNetworkSvc - ok
12:45:49.0671 2128  [ DCF3E3EDF5109EE8BC02FE6E1F045795 ] WPFFontCache_v0400 C:\WINDOWS\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe
12:45:49.0750 2128  WPFFontCache_v0400 - ok
12:45:49.0843 2128  [ 6ABE6E225ADB5A751622A9CC3BC19CE8 ] WS2IFSL         C:\WINDOWS\System32\drivers\ws2ifsl.sys
12:45:50.0031 2128  WS2IFSL - ok
12:45:50.0093 2128  [ 7C278E6408D1DCE642230C0585A854D5 ] wscsvc          C:\WINDOWS\system32\wscsvc.dll
12:45:50.0187 2128  wscsvc - ok
12:45:50.0187 2128  WSearch - ok
12:45:50.0218 2128  [ C98B39829C2BBD34E454150633C62C78 ] WSTCODEC        C:\WINDOWS\system32\DRIVERS\WSTCODEC.SYS
12:45:50.0312 2128  WSTCODEC - ok
12:45:50.0328 2128  [ 35321FB577CDC98CE3EB3A3EB9E4610A ] wuauserv        C:\WINDOWS\system32\wuauserv.dll
12:45:50.0421 2128  wuauserv - ok
12:45:50.0468 2128  [ F15FEAFFFBB3644CCC80C5DA584E6311 ] WudfPf          C:\WINDOWS\system32\DRIVERS\WudfPf.sys
12:45:50.0531 2128  WudfPf - ok
12:45:50.0562 2128  [ 28B524262BCE6DE1F7EF9F510BA3985B ] WudfRd          C:\WINDOWS\system32\DRIVERS\wudfrd.sys
12:45:50.0578 2128  WudfRd - ok
12:45:50.0593 2128  [ 05231C04253C5BC30B26CBAAE680ED89 ] WudfSvc         C:\WINDOWS\System32\WUDFSvc.dll
12:45:50.0609 2128  WudfSvc - ok
12:45:50.0656 2128  [ 81DC3F549F44B1C1FFF022DEC9ECF30B ] WZCSVC          C:\WINDOWS\System32\wzcsvc.dll
12:45:50.0781 2128  WZCSVC - ok
12:45:50.0828 2128  [ 295D21F14C335B53CB8154E5B1F892B9 ] xmlprov         C:\WINDOWS\System32\xmlprov.dll
12:45:50.0953 2128  xmlprov - ok
12:45:50.0968 2128  ================ Scan global ===============================
12:45:51.0015 2128  [ 42F1F4C0AFB08410E5F02D4B13EBB623 ] C:\WINDOWS\system32\basesrv.dll
12:45:51.0062 2128  [ 69AE2B2E6968C316536E5B10B9702E63 ] C:\WINDOWS\system32\winsrv.dll
12:45:51.0093 2128  [ 69AE2B2E6968C316536E5B10B9702E63 ] C:\WINDOWS\system32\winsrv.dll
12:45:51.0109 2128  [ 65DF52F5B8B6E9BBD183505225C37315 ] C:\WINDOWS\system32\services.exe
12:45:51.0109 2128  [Global] - ok
12:45:51.0109 2128  ================ Scan MBR ==================================
12:45:51.0140 2128  [ 5C616939100B85E558DA92B899A0FC36 ] \Device\Harddisk0\DR0
12:45:51.0625 2128  \Device\Harddisk0\DR0 - ok
12:45:51.0625 2128  ================ Scan VBR ==================================
12:45:51.0625 2128  [ 1DCF4AF7D7B14C68629E53DC47C968A1 ] \Device\Harddisk0\DR0\Partition1
12:45:51.0640 2128  \Device\Harddisk0\DR0\Partition1 - ok
12:45:51.0640 2128  ============================================================
12:45:51.0640 2128  Scan finished
12:45:51.0640 2128  ============================================================
12:45:51.0781 0148  Detected object count: 13
12:45:51.0781 0148  Actual detected object count: 13
12:47:26.0546 0148  ACRUSBTM ( UnsignedFile.Multi.Generic ) - skipped by user
12:47:26.0546 0148  ACRUSBTM ( UnsignedFile.Multi.Generic ) - User select action: Skip
12:47:26.0546 0148  CCNCommMgr ( UnsignedFile.Multi.Generic ) - skipped by user
12:47:26.0546 0148  CCNCommMgr ( UnsignedFile.Multi.Generic ) - User select action: Skip
12:47:26.0546 0148  FTDIBUS ( UnsignedFile.Multi.Generic ) - skipped by user
12:47:26.0546 0148  FTDIBUS ( UnsignedFile.Multi.Generic ) - User select action: Skip
12:47:26.0562 0148  FTSER2K ( UnsignedFile.Multi.Generic ) - skipped by user
12:47:26.0562 0148  FTSER2K ( UnsignedFile.Multi.Generic ) - User select action: Skip
12:47:26.0562 0148  Imapi Helper ( UnsignedFile.Multi.Generic ) - skipped by user
12:47:26.0562 0148  Imapi Helper ( UnsignedFile.Multi.Generic ) - User select action: Skip
12:47:26.0562 0148  nBacES50 ( UnsignedFile.Multi.Generic ) - skipped by user
12:47:26.0562 0148  nBacES50 ( UnsignedFile.Multi.Generic ) - User select action: Skip
12:47:26.0562 0148  Net Driver HPZ12 ( UnsignedFile.Multi.Generic ) - skipped by user
12:47:26.0562 0148  Net Driver HPZ12 ( UnsignedFile.Multi.Generic ) - User select action: Skip
12:47:26.0562 0148  NetworkX ( UnsignedFile.Multi.Generic ) - skipped by user
12:47:26.0562 0148  NetworkX ( UnsignedFile.Multi.Generic ) - User select action: Skip
12:47:26.0578 0148  Niagara ( UnsignedFile.Multi.Generic ) - skipped by user
12:47:26.0578 0148  Niagara ( UnsignedFile.Multi.Generic ) - User select action: Skip
12:47:26.0578 0148  Pml Driver HPZ12 ( UnsignedFile.Multi.Generic ) - skipped by user
12:47:26.0578 0148  Pml Driver HPZ12 ( UnsignedFile.Multi.Generic ) - User select action: Skip
12:47:26.0578 0148  stllssvr ( UnsignedFile.Multi.Generic ) - skipped by user
12:47:26.0578 0148  stllssvr ( UnsignedFile.Multi.Generic ) - User select action: Skip
12:47:26.0578 0148  Tracer TU Service ( UnsignedFile.Multi.Generic ) - skipped by user
12:47:26.0578 0148  Tracer TU Service ( UnsignedFile.Multi.Generic ) - User select action: Skip
12:47:26.0593 0148  VClone ( UnsignedFile.Multi.Generic ) - skipped by user
12:47:26.0593 0148  VClone ( UnsignedFile.Multi.Generic ) - User select action: Skip
 

aswMBR version 0.9.9.1771 Copyright© 2011 AVAST Software
Run date: 2013-05-11 12:51:02
-----------------------------
12:51:02.078    OS Version: Windows 5.1.2600 Service Pack 3
12:51:02.078    Number of processors: 2 586 0xF0D
12:51:02.078    ComputerName: SCIJace  UserName:
12:51:03.031    Initialize success
13:02:29.828    AVAST engine defs: 13051100
13:03:04.171    Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IAAStorageDevice-1
13:03:04.171    Disk 0 Vendor: WDC_WD16 11.0 Size: 152627MB BusType: 3
13:03:04.437    Disk 0 MBR read successfully
13:03:04.437    Disk 0 MBR scan
13:03:04.515    Disk 0 Windows VISTA default MBR code
13:03:04.531    Disk 0 Partition 1 00     DE Dell Utility Dell 8.0       86 MB offset 63
13:03:04.562    Disk 0 Partition 2 80 (A) 07    HPFS/NTFS NTFS       152539 MB offset 176715
13:03:04.578    Disk 0 scanning sectors +312576705
13:03:04.656    Disk 0 scanning C:\WINDOWS\system32\drivers
13:03:17.625    Service scanning
13:03:49.984    Modules scanning
13:03:58.531    Disk 0 trace - called modules:
13:03:58.593    ntkrnlpa.exe CLASSPNP.SYS disk.sys iaStor.sys hal.dll
13:03:58.609    1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0x8a772030]
13:03:58.625    3 CLASSPNP.SYS[ba0e8fd7] -> nt!IofCallDriver -> \Device\Ide\IAAStorageDevice-1[0x8a18a028]
13:03:59.625    AVAST engine scan C:\WINDOWS
13:04:07.609    AVAST engine scan C:\WINDOWS\system32
13:07:51.937    AVAST engine scan C:\WINDOWS\system32\drivers
13:08:11.656    AVAST engine scan C:\Documents and Settings\DHartman
13:24:17.765    AVAST engine scan C:\Documents and Settings\All Users
13:27:12.250    Scan finished successfully
13:28:11.781    Disk 0 MBR has been saved successfully to "C:\Documents and Settings\DHartman\Desktop\MBR.dat"
13:28:11.796    The log file has been saved successfully to "C:\Documents and Settings\DHartman\Desktop\aswMBR.txt"

 



#8 jadams0173

jadams0173
  • Topic Starter

  • Members
  • 15 posts
  • OFFLINE
  •  
  • Local time:05:08 AM

Posted 11 May 2013 - 12:35 PM

here is the attachment

Attached Files

  • Attached File  MBR.zip   557bytes   0 downloads


#9 nasdaq

nasdaq

  • Malware Response Team
  • 39,903 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:05:08 AM

Posted 11 May 2013 - 12:58 PM

Nothing suspicious was found.

Please uninstall MBAM using the add/Remove programs list.

Restart the computer normally.

Re install MBAM and see if the problem is solved.

#10 jadams0173

jadams0173
  • Topic Starter

  • Members
  • 15 posts
  • OFFLINE
  •  
  • Local time:05:08 AM

Posted 11 May 2013 - 10:05 PM

It does not show up in the add/remove list.  I tried to uninstall from the MBAM program and it would not run due the policy restrictions.  I tried to reinstall and it did but still will not run due to the policy restriction.



#11 nasdaq

nasdaq

  • Malware Response Team
  • 39,903 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:05:08 AM

Posted 12 May 2013 - 08:29 AM

Download Revo Uninstaller and try to remove all remnant items related to MBAM.

http://majorgeeks.com/Revo_Uninstaller_d5706.html

#12 jadams0173

jadams0173
  • Topic Starter

  • Members
  • 15 posts
  • OFFLINE
  •  
  • Local time:05:08 AM

Posted 12 May 2013 - 11:18 AM

It does not show up under that uninstaller either.  I even tried hunter mode and Revo Uninstaller said No Installation Package Found!


Edited by jadams0173, 12 May 2013 - 11:20 AM.


#13 nasdaq

nasdaq

  • Malware Response Team
  • 39,903 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:05:08 AM

Posted 12 May 2013 - 01:17 PM

I think I may have found a solution in this topic.
http://www.spywareinfoforum.com/topic/134757-malwarebytes-says-program-blocked-by-group-policy-2-dupes-deleted/#entry778187

Will take a safer route.

Please download SystemLook from one of the links below and save it to your Desktop.
Download Mirror #1
Download Mirror #2


If your operating system is 64 bit download this tool:
SystemLook_x64.exe
  • Double-click SystemLook.exe to run it.
  • Copy and paste the content of the following bold text into the main textfield:

    :reg
    HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\safer\codeidentifiers\0 /sub
  • Click the Look button to start the scan.
  • When finished, a notepad window will open with the results of the scan. Please post this log in your next reply.
Note: The log can also be found on your Desktop entitled SystemLook.txt

#14 jadams0173

jadams0173
  • Topic Starter

  • Members
  • 15 posts
  • OFFLINE
  •  
  • Local time:05:08 AM

Posted 12 May 2013 - 10:04 PM

SystemLook 30.07.11 by jpshortstuff
Log created at 23:03 on 12/05/2013 by DHartman
Administrator - Elevation successful

========== reg ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\safer\codeidentifiers\0]
(No values found)

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\safer\codeidentifiers\0\Hashes]
(No values found)

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\safer\codeidentifiers\0\Hashes\{349d35ab-37b5-462f-9b89-edd5fbde1328}]
"Description"="Stop the download of this file"
"FriendlyName"="Mdac11.cab"
"SaferFlags"= 0x0000000000 (0)
"HashAlg"= 0x0000008003 (32771)
"ItemData"=5e ab 30 4f 95 7a 49 89 6a 00 6c 1c 31 15 40 15  (REG_BINARY)
"LastModified"=85 c4 34 dc 19 a2 c2 01  (REG_QWORD)
"ItemSize"=0b 03 00 00 00 00 00 00  (REG_QWORD)

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\safer\codeidentifiers\0\Hashes\{7fb9cd2e-3076-4df9-a57b-b813f72dbb91}]
"Description"="Stop the download of this file"
"FriendlyName"="mdac20.cab"
"SaferFlags"= 0x0000000000 (0)
"HashAlg"= 0x0000008003 (32771)
"ItemData"=67 b0 d4 8b 34 3a 3f d3 bc e9 dc 64 67 04 f3 94  (REG_BINARY)
"LastModified"=03 8a 39 dc 19 a2 c2 01  (REG_QWORD)
"ItemSize"=05 02 00 00 00 00 00 00  (REG_QWORD)

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\safer\codeidentifiers\0\Hashes\{81d1fe15-dd9d-4762-b16d-7c29ddecae3f}]
"Description"="Stop the download of this file"
"FriendlyName"="mdac20_a.cab"
"SaferFlags"= 0x0000000000 (0)
"HashAlg"= 0x0000008003 (32771)
"ItemData"=32 78 02 dc fe f8 c8 93 dc 8a b0 06 dd 84 7d 1d  (REG_BINARY)
"LastModified"=be 77 45 dc 19 a2 c2 01  (REG_QWORD)
"ItemSize"=96 03 00 00 00 00 00 00  (REG_QWORD)

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\safer\codeidentifiers\0\Hashes\{94e3e076-8f53-42a5-8411-085bcc18a68d}]
"Description"="Stop the download of this file"
"FriendlyName"="_msadc10.cab"
"SaferFlags"= 0x0000000000 (0)
"HashAlg"= 0x0000008003 (32771)
"ItemData"=bd 9a 2a db 42 eb d8 56 0e 25 0e 4d f8 16 2f 67  (REG_BINARY)
"LastModified"=81 4f 3e dc 19 a2 c2 01  (REG_QWORD)
"ItemSize"=e5 00 00 00 00 00 00 00  (REG_QWORD)

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\safer\codeidentifiers\0\Hashes\{dc971ee5-44eb-4fe4-ae2e-b91490411bfc}]
"Description"="Stop the download of this file"
"FriendlyName"="msadc11.cab"
"SaferFlags"= 0x0000000000 (0)
"HashAlg"= 0x0000008003 (32771)
"ItemData"=38 6b 08 5f 84 ec f6 69 d3 6b 95 6a 22 c0 1e 80  (REG_BINARY)
"LastModified"=40 b2 40 dc 19 a2 c2 01  (REG_QWORD)
"ItemSize"=72 01 00 00 00 00 00 00  (REG_QWORD)

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\safer\codeidentifiers\0\Paths]
(No values found)

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\safer\codeidentifiers\0\Paths\{22CB5E5D-1798-42BF-ACB6-3CC1323B02A7}]
"SaferFlags"= 0x0000000000 (0)
"ItemData"="C:\Documents and Settings\All Users\Application Data\McAfee"

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\safer\codeidentifiers\0\Paths\{29E25D4A-67B4-4F43-A623-731069174C3A}]
"SaferFlags"= 0x0000000000 (0)
"ItemData"="C:\Documents and Settings\All Users\Application Data\Malwarebytes"

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\safer\codeidentifiers\0\Paths\{354D0D1B-3993-4F34-9923-2714557B5F43}]
"SaferFlags"= 0x0000000000 (0)
"ItemData"="C:\Program Files\AVG"

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\safer\codeidentifiers\0\Paths\{401E05BD-2570-4753-A6A2-41FE6B8215D7}]
"SaferFlags"= 0x0000000000 (0)
"ItemData"="C:\Program Files\Malwarebytes' Anti-Malware"

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\safer\codeidentifiers\0\Paths\{59C62A73-68BE-4596-ADD3-66FC5B547E82}]
"SaferFlags"= 0x0000000000 (0)
"ItemData"="C:\Program Files\AVG"


-= EOF =-



#15 nasdaq

nasdaq

  • Malware Response Team
  • 39,903 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:05:08 AM

Posted 13 May 2013 - 08:18 AM

I neeed you to download and run this ComboFix tool.
 
Please download ComboFix from one of these locations:
IMPORTANT !!! Save ComboFix.exe to your Desktop


  • Disable your Anti-Virus and Anti-Spyware applications, usually via a right click on the System Tray icon. They may otherwise interfere with our tools.



  • Double click on ComboFix.exe & follow the prompts.



  • As part of it's process, ComboFix will check to see if the Microsoft Windows Recovery Console is installed. With malware infections being as they are today, it's strongly recommended to have this pre-installed on your machine before doing any malware removal.  It will allow you to boot up into a special recovery/repair mode that will allow us to more easily help you should your computer have a problem after an attempted removal of malware.



  • Follow the prompts to allow ComboFix to download and install the Microsoft Windows Recovery Console, and when prompted, agree to the End-User License Agreement to install the Microsoft Windows Recovery Console.



  • Some Rookit infection may damage your boot sector. The Windows Recovery Console may be needed to restore it. Do not bypass this installation. You may regret it.

 
**Please note: If the Microsoft Windows Recovery Console is already installed, ComboFix will continue it's malware removal procedures.
RcAuto1.gif
Once the Microsoft Windows Recovery Console is installed using ComboFix, you should see the following message:
whatnext.png
Click on Yes, to continue scanning for malware.
When finished, it shall produce a log for you.  Please include the C:\ComboFix.txt in your next reply.
 
Note: If you have difficulty properly disabling your protection programs, refer to this link --> http://www.bleepingcomputer.com/forums/topic114351.html
 
Do not mouse click ComboFix's window while it's running. That may cause it to stall
 
Note: If after running ComboFix you get this error message "Illegal operation attempted on a registry key that has been marked for deletion." when attempting to run a program all you need to do is restart the computer to reset the registry.
===
 
Post the log do not attahch it.
===
 
If these keys are not removed I will create a fix which will be posted in my next reply.

[-HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\safer\codeidentifiers\0\Paths\{22CB5E5D-1798-42BF-ACB6-3CC1323B02A7}]
[-HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\safer\codeidentifiers\0\Paths\{29E25D4A-67B4-4F43-A623-731069174C3A}]
[-HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\safer\codeidentifiers\0\Paths\{354D0D1B-3993-4F34-9923-2714557B5F43}]
[-HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\safer\codeidentifiers\0\Paths\{401E05BD-2570-4753-A6A2-41FE6B8215D7}]
[-HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\safer\codeidentifiers\0\Paths\{59C62A73-68BE-4596-ADD3-66FC5B547E82}]





0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users