Jump to content

Got me too


Recommended Posts

Search redirects in Firefox. Have not noticed any w/IE. MBAM finds nothing. DSS logs follow. Have also run tdsskiller but "cure" is not an available option. It found 10 suspicious situations, typically unsigned files. That log also follows. TIA for any help/advice.

DDS (Ver_2011-08-26.01) - NTFSx86

Internet Explorer: 9.0.8112.16421 BrowserJavaVersion: 1.6.0_31

Run by Jack at 9:02:24 on 2012-03-24

Microsoft® Windows Vista™ Home Premium 6.0.6002.2.1252.1.1033.18.1918.860 [GMT -4:00]

.

AV: Kaspersky Anti-Virus *Disabled/Updated* {56547CC9-C9B2-849D-8FEF-A496150D6A06}

SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

SP: Kaspersky Anti-Virus *Disabled/Updated* {ED359D2D-EF88-8B13-B55F-9FE46E8A20BB}

.

============== Running Processes ===============

.

C:\Windows\system32\wininit.exe

C:\Windows\system32\lsm.exe

C:\Windows\system32\svchost.exe -k DcomLaunch

C:\Windows\system32\nvvsvc.exe

C:\Windows\system32\svchost.exe -k rpcss

C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted

C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted

C:\Windows\system32\svchost.exe -k netsvcs

C:\Program Files\Common Files\logishrd\LVMVFM\UMVPFSrv.exe

C:\Windows\system32\svchost.exe -k GPSvcGroup

C:\Windows\system32\SLsvc.exe

C:\Windows\system32\svchost.exe -k LocalService

C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe

C:\Windows\system32\nvvsvc.exe

C:\Windows\system32\svchost.exe -k NetworkService

C:\Program Files\Cisco\Cisco AnyConnect VPN Client\vpnagent.exe

C:\Windows\System32\spoolsv.exe

C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork

C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe

C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe

C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2011\avp.exe

C:\Program Files\Bonjour\mDNSResponder.exe

C:\Windows\system32\svchost.exe -k hpdevmgmt

C:\Program Files\LeapFrog\LeapFrog Connect\CommandService.exe

c:\Program Files\Common Files\LightScribe\LSSrvc.exe

C:\Program Files\Common Files\Motive\McciCMService.exe

C:\Windows\System32\svchost.exe -k HPZ12

C:\Windows\System32\svchost.exe -k HPZ12

C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted

C:\Windows\system32\svchost.exe -k imgsvc

C:\Windows\System32\svchost.exe -k WerSvcGroup

C:\Windows\system32\SearchIndexer.exe

C:\Windows\system32\taskeng.exe

C:\Windows\system32\taskeng.exe

C:\Windows\system32\Dwm.exe

C:\Windows\Explorer.EXE

C:\hp\support\hpsysdrv.exe

C:\Windows\RtHDVCpl.exe

C:\Program Files\NVIDIA Corporation\Display\nvtray.exe

C:\Program Files\Winamp\winampa.exe

C:\Program Files\Common Files\Real\Update_OB\realsched.exe

C:\Program Files\Hewlett-Packard\On-Screen OSD Indicator\OSD.exe

C:\Program Files\HP\HP Software Update\hpwuSchd2.exe

C:\Program Files\Logitech\LWS\Webcam Software\LWS.exe

C:\Program Files\LeapFrog\LeapFrog Connect\Monitor.exe

C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2011\avp.exe

C:\Program Files\Windows Media Player\wmpnscfg.exe

C:\Program Files\Common Files\Java\Java Update\jusched.exe

C:\Program Files\iTunes\iTunesHelper.exe

C:\Program Files\Windows Sidebar\sidebar.exe

C:\Windows\ehome\ehtray.exe

C:\Program Files\Windows Media Player\wmpnetwk.exe

C:\Program Files\Logitech\Vid HD\Vid.exe

C:\Program Files\SkyGolf\CaddieSync Express\CaddieSyncExpress.exe

C:\Windows\ehome\ehmsas.exe

C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe

C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation

C:\Program Files\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe

C:\Program Files\iPod\bin\iPodService.exe

C:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exe

C:\Program Files\Mozilla Firefox\firefox.exe

C:\Program Files\Mozilla Firefox\plugin-container.exe

C:\Windows\system32\wbem\wmiprvse.exe

C:\Windows\system32\vssvc.exe

C:\Windows\System32\svchost.exe -k swprv

C:\Windows\system32\SearchProtocolHost.exe

C:\Windows\system32\SearchFilterHost.exe

C:\Windows\system32\DllHost.exe

C:\Windows\system32\DllHost.exe

.

============== Pseudo HJT Report ===============

.

uStart Page = hxxp://my.yahoo.com/

uSearch Bar = Preserve

mStart Page = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=EN_US&c=73&bd=Pavilion&pf=desktop

mDefault_Page_URL = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=EN_US&c=73&bd=Pavilion&pf=desktop

uInternet Settings,ProxyOverride = *.local

uSearchURL,(Default) = hxxp://search.yahoo.com/search?fr=mcafee&p=%s

BHO: {02478D38-C3F9-4EFB-9B51-7695ECA05670} - No File

BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll

BHO: RealPlayer Download and Record Plugin for Internet Explorer: {3049c3e9-b461-4bc5-8870-4c09146192ca} - c:\program files\real\realplayer\rpbrowserrecordplugin.dll

BHO: IEVkbdBHO Class: {59273ab4-e7d3-40f9-a1a8-6fa9cca1862c} - c:\program files\kaspersky lab\kaspersky anti-virus 2011\ievkbd.dll

BHO: Java™ Plug-In SSV Helper: {761497bb-d6f0-462c-b6eb-d4daf1d92d43} - c:\program files\java\jre6\bin\ssv.dll

BHO: {B164E929-A1B6-4A06-B104-2CD0E90A88FF} - No File

BHO: Java™ Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll

BHO: FilterBHO Class: {e33cf602-d945-461a-83f0-819f76a199f8} - c:\program files\kaspersky lab\kaspersky anti-virus 2011\klwtbbho.dll

uRun: [sidebar] c:\program files\windows sidebar\sidebar.exe /autoRun

uRun: [ehTray.exe] c:\windows\ehome\ehTray.exe

uRun: [WMPNSCFG] c:\program files\windows media player\WMPNSCFG.exe

uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe

uRun: [Logitech Vid] "c:\program files\logitech\vid hd\Vid.exe" -bootmode

uRun: [CaddieSync Express] c:\program files\skygolf\caddiesync express\CaddieSyncExpress.exe

mRun: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide

mRun: [hpsysdrv] c:\hp\support\hpsysdrv.exe

mRun: [RtHDVCpl] RtHDVCpl.exe

mRun: [<NO NAME>]

mRun: [WinampAgent] "c:\program files\winamp\winampa.exe"

mRun: [TkBellExe] "c:\program files\common files\real\update_ob\realsched.exe" -osboot

mRun: [OsdMaestro] "c:\program files\hewlett-packard\on-screen osd indicator\OSD.exe"

mRun: [HP Software Update] c:\program files\hp\hp software update\HPWuSchd2.exe

mRun: [LWS] c:\program files\logitech\lws\webcam software\LWS.exe -hide

mRun: [CaddieSyncConduit] c:\program files\skygolf\caddiesync express\CaddieSyncExpress.exe

mRun: [Monitor] "c:\program files\leapfrog\leapfrog connect\Monitor.exe"

mRun: [Adobe ARM] "c:\program files\common files\adobe\arm\1.0\AdobeARM.exe"

mRun: [snapfishMediaDetector] c:\program files\snapfish media detector\SnapfishMediaDetector.exe

mRun: [AVP] "c:\program files\kaspersky lab\kaspersky anti-virus 2011\avp.exe"

mRun: [APSDaemon] "c:\program files\common files\apple\apple application support\APSDaemon.exe"

mRun: [QuickTime Task] "c:\program files\quicktime\QTTask.exe" -atboottime

mRun: [sunJavaUpdateSched] "c:\program files\common files\java\java update\jusched.exe"

mRun: [iTunesHelper] "c:\program files\itunes\iTunesHelper.exe"

mRunOnce: [Launcher] %WINDIR%\SMINST\launcher.exe

StartupFolder: c:\progra~2\micros~1\windows\startm~1\programs\startup\hpdigi~1.lnk - c:\program files\hp\digital imaging\bin\hpqtra08.exe

StartupFolder: c:\progra~2\micros~1\windows\startm~1\programs\startup\micros~1.lnk - c:\program files\microsoft office\office\OSA9.EXE

uPolicies-explorer: HideSCAHealth = 1 (0x1)

mPolicies-explorer: BindDirectlyToPropertySetStorage = 0 (0x0)

mPolicies-system: EnableUIADesktopToggle = 0 (0x0)

IE: {4248FE82-7FCB-46AC-B270-339F08212110} - {4248FE82-7FCB-46AC-B270-339F08212110} - c:\program files\kaspersky lab\kaspersky anti-virus 2011\klwtbbho.dll

IE: {CCF151D8-D089-449F-A5A4-D9909053F20F} - {CCF151D8-D089-449F-A5A4-D9909053F20F} - c:\program files\kaspersky lab\kaspersky anti-virus 2011\klwtbbho.dll

DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab

DPF: {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_07-windows-i586.cab

DPF: {CAFEEFAC-0016-0000-0031-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab

DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab

DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab

TCP: DhcpNameServer = 192.168.1.254

TCP: Interfaces\{854BBC7C-1364-4E65-BD9F-5143C38824AD} : DhcpNameServer = 192.168.1.254

Notify: klogon - c:\windows\system32\klogon.dll

.

================= FIREFOX ===================

.

FF - ProfilePath - c:\users\jack\appdata\roaming\mozilla\firefox\profiles\nsqwj5pi.default\

FF - prefs.js: browser.search.selectedEngine - Secure Search

FF - prefs.js: browser.startup.homepage - hxxp://my.yahoo.com/

FF - prefs.js: keyword.URL - hxxp://search.yahoo.com/search?fr=mcafee&p=

FF - plugin: c:\program files\adobe\reader 10.0\reader\air\nppdf32.dll

FF - plugin: c:\program files\common files\motive\npMotive.dll

FF - plugin: c:\program files\google\google earth\plugin\npgeplugin.dll

FF - plugin: c:\program files\google\update\1.3.21.111\npGoogleUpdate3.dll

FF - plugin: c:\program files\java\jre6\bin\new_plugin\npdeployJava1.dll

FF - plugin: c:\program files\java\jre6\bin\plugin2\npdeployJava1.dll

FF - plugin: c:\program files\java\jre6\bin\plugin2\npjp2.dll

FF - plugin: c:\program files\microsoft silverlight\4.1.10111.0\npctrlui.dll

FF - plugin: c:\program files\mozilla firefox\plugins\npdeployJava1.dll

FF - plugin: c:\program files\viewpoint\viewpoint experience technology\npViewpoint.dll

.

============= SERVICES / DRIVERS ===============

.

R1 kl2;kl2;c:\windows\system32\drivers\kl2.sys [2010-6-9 11352]

R1 KLIM6;Kaspersky Anti-Virus NDIS 6 Filter;c:\windows\system32\drivers\klim6.sys [2010-4-22 22104]

R2 AdobeARMservice;Adobe Acrobat Update Service;c:\program files\common files\adobe\arm\1.0\armsvc.exe [2012-1-3 63928]

R2 AVP;Kaspersky Anti-Virus Service;c:\program files\kaspersky lab\kaspersky anti-virus 2011\avp.exe [2010-11-2 365336]

R2 FontCache;Windows Font Cache Service;c:\windows\system32\svchost.exe -k LocalServiceAndNoImpersonation [2008-3-25 21504]

R2 nvUpdatusService;NVIDIA Update Service Daemon;c:\program files\nvidia corporation\nvidia update core\daemonu.exe [2012-3-13 2348352]

R2 UMVPFSrv;UMVPFSrv;c:\program files\common files\logishrd\lvmvfm\UMVPFSrv.exe [2011-4-1 450848]

R2 vpnagent;Cisco AnyConnect VPN Agent;c:\program files\cisco\cisco anyconnect vpn client\vpnagent.exe [2009-10-9 493248]

R3 CompFilter;UVCCompositeFilter;c:\windows\system32\drivers\lvbusflt.sys [2011-8-19 22176]

R3 klmouflt;Kaspersky Lab KLMOUFLT;c:\windows\system32\drivers\klmouflt.sys [2009-11-2 19984]

S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\microsoft.net\framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]

S2 gupdate;Google Update Service (gupdate);c:\program files\google\update\GoogleUpdate.exe [2010-7-11 136176]

S2 McciServiceHost;McciServiceHost;"c:\program files\common files\motive\mcciservicehost.exe" --> c:\program files\common files\motive\McciServiceHost.exe [?]

S3 gupdatem;Google Update Service (gupdatem);c:\program files\google\update\GoogleUpdate.exe [2010-7-11 136176]

S3 silabenm;Silicon Labs CP210x USB to UART Bridge Serial Port Enumerator Driver;c:\windows\system32\drivers\silabenm.sys [2011-1-27 47176]

S3 silabser;Silicon Labs CP210x USB to UART Bridge Driver;c:\windows\system32\drivers\silabser.sys [2011-1-27 58496]

S3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;c:\windows\microsoft.net\framework\v4.0.30319\wpf\WPFFontCache_v0400.exe [2010-3-18 753504]

.

=============== Created Last 30 ================

.

2012-03-23 23:47:58 -------- d-----w- c:\program files\iPod

2012-03-23 23:47:41 -------- d-----w- c:\program files\iTunes

2012-03-18 00:04:10 592824 ----a-w- c:\program files\mozilla firefox\gkmedias.dll

2012-03-18 00:04:10 44472 ----a-w- c:\program files\mozilla firefox\mozglue.dll

2012-03-14 00:40:45 2044416 ----a-w- c:\windows\system32\win32k.sys

2012-03-14 00:40:43 219648 ----a-w- c:\windows\system32\d3d10_1core.dll

2012-03-14 00:40:43 1068544 ----a-w- c:\windows\system32\DWrite.dll

2012-03-14 00:40:42 683008 ----a-w- c:\windows\system32\d2d1.dll

2012-03-14 00:40:42 160768 ----a-w- c:\windows\system32\d3d10_1.dll

2012-03-14 00:40:42 1172480 ----a-w- c:\windows\system32\d3d10warp.dll

2012-03-14 00:40:40 2409784 ----a-w- c:\program files\windows mail\OESpamFilter.dat

2012-03-13 21:50:00 61248 ----a-w- c:\windows\system32\OpenCL.dll

2012-03-13 21:49:59 19444544 ----a-w- c:\windows\system32\nvoglv32.dll

2012-03-13 21:49:59 10819392 ----a-w- c:\windows\system32\drivers\nvlddmkm.sys

2012-03-13 21:49:57 5892928 ----a-w- c:\windows\system32\nvcuda.dll

2012-03-13 21:49:57 2517312 ----a-w- c:\windows\system32\nvcuvid.dll

2012-03-13 21:49:57 2437440 ----a-w- c:\windows\system32\nvcuvenc.dll

2012-03-13 21:49:54 17543488 ----a-w- c:\windows\system32\nvcompiler.dll

2012-03-13 21:41:46 613376 ----a-w- c:\windows\system32\rdpencom.dll

2012-03-13 21:41:46 180736 ----a-w- c:\windows\system32\drivers\rdpwd.sys

.

==================== Find3M ====================

.

2012-02-29 23:59:00 881984 ----a-w- c:\windows\system32\nvgenco32.dll

2012-02-29 23:59:00 2301248 ----a-w- c:\windows\system32\nvapi.dll

2012-02-29 23:59:00 15009600 ----a-w- c:\windows\system32\nvd3dum.dll

2012-02-29 23:59:00 1000256 ----a-w- c:\windows\system32\nvdispco32.dll

2012-02-29 20:56:41 3881792 ----a-w- c:\windows\system32\nvcpl.dll

2012-02-29 20:55:16 2719040 ----a-w- c:\windows\system32\nvsvc.dll

2012-02-29 20:53:47 108352 ----a-w- c:\windows\system32\nvmctray.dll

2012-02-29 20:53:46 645440 ----a-w- c:\windows\system32\nvvsvc.exe

2012-02-29 20:53:46 62272 ----a-w- c:\windows\system32\nvshext.dll

2012-02-21 22:38:39 414368 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl

2012-02-21 11:21:59 472808 ----a-w- c:\windows\system32\deployJava1.dll

.

============= FINISH: 9:02:54.05 ===============

DDS (Ver_2011-08-26.01)

.

Microsoft® Windows Vista™ Home Premium

Boot Device: \Device\HarddiskVolume1

Install Date: 8/6/2007 6:22:29 PM

System Uptime: 3/24/2012 5:47:35 AM (4 hours ago)

.

Motherboard: ASUSTek Computer INC. | | NARRA2

Processor: AMD Athlon™ 64 X2 Dual Core Processor 4000+ | Socket AM2 | 2100/200mhz

.

==== Disk Partitions =========================

.

C: is FIXED (NTFS) - 139 GiB total, 74.23 GiB free.

D: is FIXED (NTFS) - 10 GiB total, 1.343 GiB free.

E: is CDROM ()

F: is Removable

G: is Removable

H: is Removable

I: is Removable

.

==== Disabled Device Manager Items =============

.

Class GUID: {4d36e972-e325-11ce-bfc1-08002be10318}

Description: Cisco AnyConnect VPN Virtual Miniport Adapter for Windows

Device ID: ROOT\NET\0000

Manufacturer: Cisco Systems

Name: Cisco AnyConnect VPN Virtual Miniport Adapter for Windows

PNP Device ID: ROOT\NET\0000

Service: vpnva

.

Class GUID: {eec5ad98-8080-425f-922a-dabf3de3f69a}

Description: Compact Flash

Device ID: WPDBUSENUMROOT\UMB\2&37C186B&0&STORAGE#VOLUME#1&19F7E59C&0&_??_USBSTOR#DISK&VEN_GENERIC-&PROD_COMPACT_FLASH&REV_1.00#20021111153705700&0#

Manufacturer: Generic-

Name: Compact Flash

PNP Device ID: WPDBUSENUMROOT\UMB\2&37C186B&0&STORAGE#VOLUME#1&19F7E59C&0&_??_USBSTOR#DISK&VEN_GENERIC-&PROD_COMPACT_FLASH&REV_1.00#20021111153705700&0#

Service: WUDFRd

.

Class GUID: {eec5ad98-8080-425f-922a-dabf3de3f69a}

Description: MS/MS-Pro

Device ID: WPDBUSENUMROOT\UMB\2&37C186B&0&STORAGE#VOLUME#1&19F7E59C&0&_??_USBSTOR#DISK&VEN_GENERIC-&PROD_MS#MS-PRO&REV_1.00#20021111153705700&3#

Manufacturer: Generic-

Name: MS/MS-Pro

PNP Device ID: WPDBUSENUMROOT\UMB\2&37C186B&0&STORAGE#VOLUME#1&19F7E59C&0&_??_USBSTOR#DISK&VEN_GENERIC-&PROD_MS#MS-PRO&REV_1.00#20021111153705700&3#

Service: WUDFRd

.

Class GUID: {eec5ad98-8080-425f-922a-dabf3de3f69a}

Description: SD/MMC

Device ID: WPDBUSENUMROOT\UMB\2&37C186B&0&STORAGE#VOLUME#1&19F7E59C&0&_??_USBSTOR#DISK&VEN_GENERIC-&PROD_SD#MMC&REV_1.00#20021111153705700&2#

Manufacturer: Generic-

Name: SD/MMC

PNP Device ID: WPDBUSENUMROOT\UMB\2&37C186B&0&STORAGE#VOLUME#1&19F7E59C&0&_??_USBSTOR#DISK&VEN_GENERIC-&PROD_SD#MMC&REV_1.00#20021111153705700&2#

Service: WUDFRd

.

Class GUID: {eec5ad98-8080-425f-922a-dabf3de3f69a}

Description: SM/xD-Picture

Device ID: WPDBUSENUMROOT\UMB\2&37C186B&0&STORAGE#VOLUME#1&19F7E59C&0&_??_USBSTOR#DISK&VEN_GENERIC-&PROD_SM#XD-PICTURE&REV_1.00#20021111153705700&1#

Manufacturer: Generic-

Name: SM/xD-Picture

PNP Device ID: WPDBUSENUMROOT\UMB\2&37C186B&0&STORAGE#VOLUME#1&19F7E59C&0&_??_USBSTOR#DISK&VEN_GENERIC-&PROD_SM#XD-PICTURE&REV_1.00#20021111153705700&1#

Service: WUDFRd

.

==== System Restore Points ===================

.

RP2201: 3/14/2012 12:25:03 AM - Windows Update

RP2202: 3/14/2012 7:20:41 PM - Scheduled Checkpoint

RP2203: 3/15/2012 10:27:06 AM - Scheduled Checkpoint

RP2204: 3/16/2012 6:08:22 AM - Scheduled Checkpoint

RP2205: 3/16/2012 7:07:37 PM - Scheduled Checkpoint

RP2206: 3/17/2012 11:07:33 AM - Scheduled Checkpoint

RP2207: 3/18/2012 6:41:22 PM - Scheduled Checkpoint

RP2208: 3/19/2012 11:10:48 AM - Scheduled Checkpoint

RP2209: 3/20/2012 6:02:50 AM - Scheduled Checkpoint

RP2210: 3/20/2012 7:40:13 PM - Scheduled Checkpoint

RP2211: 3/21/2012 8:35:56 PM - Scheduled Checkpoint

RP2212: 3/22/2012 8:01:00 PM - Scheduled Checkpoint

RP2213: 3/23/2012 7:12:06 PM - Scheduled Checkpoint

RP2214: 3/23/2012 7:31:47 PM - Device Driver Package Install: Apple, Inc. Universal Serial Bus controllers

.

==== Installed Programs ======================

.

32 Bit HP CIO Components Installer

5600

5600_Help

5600Trb

Acrobat.com

Activation Assistant for the 2007 Microsoft Office suites

Adobe AIR

Adobe Flash Player 11 ActiveX

Adobe Flash Player 11 Plugin

Adobe Reader X (10.1.2)

Adobe Shockwave Player 11.5

AIO_CDB_ProductContext

AIO_CDB_Software

AIO_Scan

Amazon MP3 Downloader 1.0.9

Apple Application Support

Apple Mobile Device Support

Apple Software Update

AT&T Portal

Bonjour

BufferChm

CaddieSync Express 1.0.1

CameraHelperMsi

Cisco AnyConnect VPN Client

Compatibility Pack for the 2007 Office system

Copy

Destinations

DeviceManagementQFolder

DocProc

DocProcQFolder

erLT

eSupportQFolder

Fax

Google Earth Plug-in

Google Update Helper

Hardware Diagnostic Tools

Hotfix for Microsoft .NET Framework 3.5 SP1 (KB953595)

Hotfix for Microsoft .NET Framework 3.5 SP1 (KB958484)

Hoyle Card Games 2009 (remove only)

Hoyle Casino 2009 (remove only)

HP Customer Experience Enhancements

HP Customer Feedback

HP Easy Setup - Frontend

HP Imaging Device Functions 8.0

HP OCR Software 8.0

HP On-Screen Cap/Num/Scroll Lock Indicator

HP Photosmart Essential

HP Photosmart Essential 2.0

HP Photosmart Essential2.5

HP Photosmart, Officejet, PSC and Deskjet All-In-One Driver Software 8.0.B

HP Solution Center 8.0

HP Total Care Advisor

HPProductAssistant

iTunes

Java Auto Updater

Java™ 6 Update 2

Java™ 6 Update 3

Java™ 6 Update 31

Java™ 6 Update 5

Java™ 6 Update 7

Kaspersky Anti-Virus 2011

LeapFrog Connect

LeapFrog My Pals Plugin

LightScribe 1.4.142.1

Logitech Vid HD

Logitech Webcam Software

LWS Facebook

LWS Gallery

LWS Help_main

LWS Launcher

LWS Motion Detection

LWS Pictures And Video

LWS Twitter

LWS Video Mask Maker

LWS VideoEffects

LWS Webcam Software

LWS WLM Plugin

LWS YouTube Plugin

Malwarebytes Anti-Malware version 1.60.1.1000

Microsoft .NET Framework 3.5 SP1

Microsoft .NET Framework 4 Client Profile

Microsoft Money Plus

Microsoft Money Shared Libraries

Microsoft Office 2000 SR-1 Premium

Microsoft Office PowerPoint Viewer 2007 (English)

Microsoft Silverlight

Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053

Microsoft Visual C++ 2005 Redistributable

Mozilla Firefox 11.0 (x86 en-US)

MSXML 4.0 SP2 (KB936181)

MSXML 4.0 SP2 (KB941833)

MSXML 4.0 SP2 (KB954430)

MSXML 4.0 SP2 (KB973688)

muvee autoProducer 6.0

My HP Games

NVIDIA Control Panel 296.10

NVIDIA Graphics Driver 296.10

NVIDIA Install Application

NVIDIA Update 1.7.11

NVIDIA Update Components

OGA Notifier 2.0.0048.0

PSSWCORE

Python 2.4.3

QuickTime

RealPlayer

Realtek High Definition Audio Driver

Rhapsody Player Engine

Roxio Activation Module

Roxio Creator Audio

Roxio Creator Basic v9

Roxio Creator Copy

Roxio Creator Data

Roxio Creator EasyArchive

Roxio Creator Tools

Roxio Express Labeler 3

Roxio MyDVD Basic v9

Roxio PhotoSuite Deluxe v9

Scan

Security Update for Microsoft .NET Framework 3.5 SP1 (KB2657424)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2446708)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2478663)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2518870)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2539636)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2572078)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2633870)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2656351)

SkyCaddie Desktop

Snapfish Media Detector

SolutionCenter

Spelling Dictionaries Support For Adobe Reader 8

Spybot - Search & Destroy

Status

System Requirements Lab

Toolbox

TrayApp

UB

UnloadSupport

Update for Microsoft .NET Framework 3.5 SP1 (KB963707)

Update for Microsoft .NET Framework 4 Client Profile (KB2468871)

Update for Microsoft .NET Framework 4 Client Profile (KB2533523)

Update for Microsoft .NET Framework 4 Client Profile (KB2600217)

Use the entry named LeapFrog Connect to uninstall (LeapFrog My Pals Plugin)

Viewpoint Media Player

WebIQ Technology Engine

WebReg

WildTangent Games

Winamp

Windows Driver Package - Leapfrog (Leapfrog-USBLAN) Net (09/10/2009 02.03.05.012)

Windows Media Player Firefox Plugin

Yahoo! Install Manager

.

==== Event Viewer Messages From Past Week ========

.

3/24/2012 5:49:38 AM, Error: Service Control Manager [7000] - The Parallel port driver service failed to start due to the following error: The service cannot be started, either because it is disabled or because it has no enabled devices associated with it.

3/24/2012 5:49:38 AM, Error: Service Control Manager [7000] - The McciServiceHost service failed to start due to the following error: The system cannot find the file specified.

3/23/2012 7:32:44 PM, Error: Service Control Manager [7031] - The Apple Mobile Device service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 60000 milliseconds: Restart the service.

3/21/2012 5:19:10 PM, Error: Service Control Manager [7011] - A timeout (30000 milliseconds) was reached while waiting for a transaction response from the vpnagent service.

.

==== End Of File ===========================

8:20:50.0468 4980 TDSS rootkit removing tool 2.7.22.0 Mar 21 2012 17:40:00

08:20:51.0107 4980 ============================================================

08:20:51.0107 4980 Current date / time: 2012/03/24 08:20:51.0107

08:20:51.0107 4980 SystemInfo:

08:20:51.0107 4980

08:20:51.0108 4980 OS Version: 6.0.6002 ServicePack: 2.0

08:20:51.0108 4980 Product type: Workstation

08:20:51.0108 4980 ComputerName: HOME-PC

08:20:51.0108 4980 UserName: Jack

08:20:51.0108 4980 Windows directory: C:\Windows

08:20:51.0108 4980 System windows directory: C:\Windows

08:20:51.0108 4980 Processor architecture: Intel x86

08:20:51.0108 4980 Number of processors: 2

08:20:51.0108 4980 Page size: 0x1000

08:20:51.0108 4980 Boot type: Normal boot

08:20:51.0108 4980 ============================================================

08:20:51.0578 4980 Drive \Device\Harddisk0\DR0 - Size: 0x25433D6000 (149.05 Gb), SectorSize: 0x200, Cylinders: 0x50C1, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xF0, Type 'K0', Flags 0x00000050

08:20:51.0594 4980 \Device\Harddisk0\DR0:

08:20:51.0594 4980 MBR used

08:20:51.0594 4980 \Device\Harddisk0\DR0\Partition0: MBR, Type 0x7, StartLBA 0x3F, BlocksNum 0x116CD531

08:20:51.0594 4980 \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x116CD570, BlocksNum 0x134B1A0

08:20:51.0644 4980 Initialize success

08:20:51.0645 4980 ============================================================

08:21:03.0024 2648 ============================================================

08:21:03.0024 2648 Scan started

08:21:03.0024 2648 Mode: Manual; SigCheck; TDLFS;

08:21:03.0024 2648 ============================================================

08:21:03.0632 2648 ACPI (82b296ae1892fe3dbee00c9cf92f8ac7) C:\Windows\system32\drivers\acpi.sys

08:21:03.0854 2648 ACPI - ok

08:21:03.0968 2648 AdobeARMservice (62b7936f9036dd6ed36e6a7efa805dc0) C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe

08:21:03.0985 2648 AdobeARMservice - ok

08:21:04.0115 2648 adp94xx (2edc5bbac6c651ece337bde8ed97c9fb) C:\Windows\system32\drivers\adp94xx.sys

08:21:04.0146 2648 adp94xx - ok

08:21:04.0216 2648 adpahci (b84088ca3cdca97da44a984c6ce1ccad) C:\Windows\system32\drivers\adpahci.sys

08:21:04.0240 2648 adpahci - ok

08:21:04.0335 2648 adpu160m (7880c67bccc27c86fd05aa2afb5ea469) C:\Windows\system32\drivers\adpu160m.sys

08:21:04.0356 2648 adpu160m - ok

08:21:04.0392 2648 adpu320 (9ae713f8e30efc2abccd84904333df4d) C:\Windows\system32\drivers\adpu320.sys

08:21:04.0415 2648 adpu320 - ok

08:21:04.0489 2648 AeLookupSvc (9d1fda9e086ba64e3c93c9de32461bcf) C:\Windows\System32\aelupsvc.dll

08:21:04.0536 2648 AeLookupSvc - ok

08:21:04.0663 2648 AFD (3911b972b55fea0478476b2e777b29fa) C:\Windows\system32\drivers\afd.sys

08:21:04.0742 2648 AFD - ok

08:21:04.0817 2648 agp440 (ef23439cdd587f64c2c1b8825cead7d8) C:\Windows\system32\drivers\agp440.sys

08:21:04.0836 2648 agp440 - ok

08:21:04.0920 2648 aic78xx (ae1fdf7bf7bb6c6a70f67699d880592a) C:\Windows\system32\drivers\djsvs.sys

08:21:04.0940 2648 aic78xx - ok

08:21:04.0979 2648 ALG (a1545b731579895d8cc44fc0481c1192) C:\Windows\System32\alg.exe

08:21:05.0022 2648 ALG - ok

08:21:05.0044 2648 aliide (90395b64600ebb4552e26e178c94b2e4) C:\Windows\system32\drivers\aliide.sys

08:21:05.0064 2648 aliide - ok

08:21:05.0135 2648 amdagp (2b13e304c9dfdfa5eb582f6a149fa2c7) C:\Windows\system32\drivers\amdagp.sys

08:21:05.0156 2648 amdagp - ok

08:21:05.0234 2648 amdide (0577df1d323fe75a739c787893d300ea) C:\Windows\system32\drivers\amdide.sys

08:21:05.0253 2648 amdide - ok

08:21:05.0315 2648 AmdK7 (dc487885bcef9f28eece6fac0e5ddfc5) C:\Windows\system32\drivers\amdk7.sys

08:21:05.0388 2648 AmdK7 - ok

08:21:05.0439 2648 AmdK8 (93ae7f7dd54ab986a6f1a1b37be7442d) C:\Windows\system32\DRIVERS\amdk8.sys

08:21:05.0482 2648 AmdK8 - ok

08:21:05.0588 2648 Appinfo (c6d704c7f0434dc791aac37cac4b6e14) C:\Windows\System32\appinfo.dll

08:21:05.0621 2648 Appinfo - ok

08:21:05.0733 2648 Apple Mobile Device (7ef47644b74ebe721cc32211d3c35e76) C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe

08:21:05.0759 2648 Apple Mobile Device - ok

08:21:05.0858 2648 arc (5f673180268bb1fdb69c99b6619fe379) C:\Windows\system32\drivers\arc.sys

08:21:05.0876 2648 arc - ok

08:21:05.0948 2648 arcsas (957f7540b5e7f602e44648c7de5a1c05) C:\Windows\system32\drivers\arcsas.sys

08:21:05.0967 2648 arcsas - ok

08:21:06.0039 2648 AsyncMac (53b202abee6455406254444303e87be1) C:\Windows\system32\DRIVERS\asyncmac.sys

08:21:06.0078 2648 AsyncMac - ok

08:21:06.0145 2648 atapi (1f05b78ab91c9075565a9d8a4b880bc4) C:\Windows\system32\drivers\atapi.sys

08:21:06.0165 2648 atapi - ok

08:21:06.0242 2648 AudioEndpointBuilder (68e2a1a0407a66cf50da0300852424ab) C:\Windows\System32\Audiosrv.dll

08:21:06.0287 2648 AudioEndpointBuilder - ok

08:21:06.0296 2648 Audiosrv (68e2a1a0407a66cf50da0300852424ab) C:\Windows\System32\Audiosrv.dll

08:21:06.0341 2648 Audiosrv - ok

08:21:06.0461 2648 AVP (b2b3fcba37671c853879df7dde8a839a) C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2011\avp.exe

08:21:06.0560 2648 AVP - ok

08:21:06.0661 2648 Beep (67e506b75bd5326a3ec7b70bd014dfb6) C:\Windows\system32\drivers\Beep.sys

08:21:06.0702 2648 Beep - ok

08:21:06.0795 2648 BFE (c789af0f724fda5852fb9a7d3a432381) C:\Windows\System32\bfe.dll

08:21:06.0842 2648 BFE - ok

08:21:06.0953 2648 BITS (93952506c6d67330367f7e7934b6a02f) C:\Windows\System32\qmgr.dll

08:21:07.0011 2648 BITS - ok

08:21:07.0043 2648 blbdrive - ok

08:21:07.0143 2648 Bonjour Service (db5bea73edaf19ac68b2c0fad0f92b1a) C:\Program Files\Bonjour\mDNSResponder.exe

08:21:07.0192 2648 Bonjour Service - ok

08:21:07.0261 2648 bowser (35f376253f687bde63976ccb3f2108ca) C:\Windows\system32\DRIVERS\bowser.sys

08:21:07.0303 2648 bowser - ok

08:21:07.0374 2648 BrFiltLo (9f9acc7f7ccde8a15c282d3f88b43309) C:\Windows\system32\drivers\brfiltlo.sys

08:21:07.0413 2648 BrFiltLo - ok

08:21:07.0436 2648 BrFiltUp (56801ad62213a41f6497f96dee83755a) C:\Windows\system32\drivers\brfiltup.sys

08:21:07.0473 2648 BrFiltUp - ok

08:21:07.0558 2648 Browser (a3629a0c4226f9e9c72faaeebc3ad33c) C:\Windows\System32\browser.dll

08:21:07.0601 2648 Browser - ok

08:21:07.0688 2648 Brserid (b304e75cff293029eddf094246747113) C:\Windows\system32\drivers\brserid.sys

08:21:07.0761 2648 Brserid - ok

08:21:07.0778 2648 BrSerWdm (203f0b1e73adadbbb7b7b1fabd901f6b) C:\Windows\system32\drivers\brserwdm.sys

08:21:07.0855 2648 BrSerWdm - ok

08:21:07.0914 2648 BrUsbMdm (bd456606156ba17e60a04e18016ae54b) C:\Windows\system32\drivers\brusbmdm.sys

08:21:07.0986 2648 BrUsbMdm - ok

08:21:07.0999 2648 BrUsbSer (af72ed54503f717a43268b3cc5faec2e) C:\Windows\system32\drivers\brusbser.sys

08:21:08.0066 2648 BrUsbSer - ok

08:21:08.0148 2648 BTHMODEM (ad07c1ec6665b8b35741ab91200c6b68) C:\Windows\system32\drivers\bthmodem.sys

08:21:08.0228 2648 BTHMODEM - ok

08:21:08.0346 2648 cdfs (7add03e75beb9e6dd102c3081d29840a) C:\Windows\system32\DRIVERS\cdfs.sys

08:21:08.0386 2648 cdfs - ok

08:21:08.0475 2648 cdrom (6b4bffb9becd728097024276430db314) C:\Windows\system32\DRIVERS\cdrom.sys

08:21:08.0511 2648 cdrom - ok

08:21:08.0615 2648 CertPropSvc (312ec3e37a0a1f2006534913e37b4423) C:\Windows\System32\certprop.dll

08:21:08.0651 2648 CertPropSvc - ok

08:21:08.0710 2648 circlass (da8e0afc7baa226c538ef53ac2f90897) C:\Windows\system32\drivers\circlass.sys

08:21:08.0782 2648 circlass - ok

08:21:08.0829 2648 CLFS (d7659d3b5b92c31e84e53c1431f35132) C:\Windows\system32\CLFS.sys

08:21:08.0853 2648 CLFS - ok

08:21:08.0932 2648 clr_optimization_v2.0.50727_32 (8ee772032e2fe80a924f3b8dd5082194) C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe

08:21:08.0953 2648 clr_optimization_v2.0.50727_32 - ok

08:21:09.0043 2648 clr_optimization_v4.0.30319_32 (c5a75eb48e2344abdc162bda79e16841) C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe

08:21:09.0065 2648 clr_optimization_v4.0.30319_32 - ok

08:21:09.0126 2648 cmdide (45201046c776ffdaf3fc8a0029c581c8) C:\Windows\system32\drivers\cmdide.sys

08:21:09.0143 2648 cmdide - ok

08:21:09.0177 2648 Compbatt (82b8c91d327cfecf76cb58716f7d4997) C:\Windows\system32\drivers\compbatt.sys

08:21:09.0194 2648 Compbatt - ok

08:21:09.0277 2648 CompFilter (bc6b87086ff0d99f87fe8af9a919a1e7) C:\Windows\system32\DRIVERS\lvbusflt.sys

08:21:09.0295 2648 CompFilter - ok

08:21:09.0339 2648 COMSysApp - ok

08:21:09.0376 2648 crcdisk (2a213ae086bbec5e937553c7d9a2b22c) C:\Windows\system32\drivers\crcdisk.sys

08:21:09.0396 2648 crcdisk - ok

08:21:09.0443 2648 Crusoe (22a7f883508176489f559ee745b5bf5d) C:\Windows\system32\drivers\crusoe.sys

08:21:09.0517 2648 Crusoe - ok

08:21:09.0594 2648 CryptSvc (fb27772beaf8e1d28ccd825c09da939b) C:\Windows\system32\cryptsvc.dll

08:21:09.0635 2648 CryptSvc - ok

08:21:09.0742 2648 DcomLaunch (3b5b4d53fec14f7476ca29a20cc31ac9) C:\Windows\system32\rpcss.dll

08:21:09.0834 2648 DcomLaunch - ok

08:21:09.0914 2648 DfsC (622c41a07ca7e6dd91770f50d532cb6c) C:\Windows\system32\Drivers\dfsc.sys

08:21:09.0952 2648 DfsC - ok

08:21:10.0091 2648 DFSR (2cc3dcfb533a1035b13dcab6160ab38b) C:\Windows\system32\DFSR.exe

08:21:10.0209 2648 DFSR - ok

08:21:10.0336 2648 Dhcp (9028559c132146fb75eb7acf384b086a) C:\Windows\System32\dhcpcsvc.dll

08:21:10.0408 2648 Dhcp - ok

08:21:10.0508 2648 disk (5d4aefc3386920236a548271f8f1af6a) C:\Windows\system32\drivers\disk.sys

08:21:10.0533 2648 disk - ok

08:21:10.0645 2648 Dnscache (57d762f6f5974af0da2be88a3349baaa) C:\Windows\System32\dnsrslvr.dll

08:21:10.0701 2648 Dnscache - ok

08:21:10.0746 2648 dot3svc (324fd74686b1ef5e7c19a8af49e748f6) C:\Windows\System32\dot3svc.dll

08:21:10.0814 2648 dot3svc - ok

08:21:10.0949 2648 Dot4 (4f59c172c094e1a1d46463a8dc061cbd) C:\Windows\system32\DRIVERS\Dot4.sys

08:21:10.0988 2648 Dot4 - ok

08:21:11.0040 2648 Dot4Print (80bf3ba09f6f2523c8f6b7cc6dbf7bd5) C:\Windows\system32\DRIVERS\Dot4Prt.sys

08:21:11.0079 2648 Dot4Print - ok

08:21:11.0106 2648 dot4usb (c55004ca6b419b6695970dfe849b122f) C:\Windows\system32\DRIVERS\dot4usb.sys

08:21:11.0145 2648 dot4usb - ok

08:21:11.0225 2648 DPS (a622e888f8aa2f6b49e9bc466f0e5def) C:\Windows\system32\dps.dll

08:21:11.0268 2648 DPS - ok

08:21:11.0340 2648 drmkaud (97fef831ab90bee128c9af390e243f80) C:\Windows\system32\drivers\drmkaud.sys

08:21:11.0376 2648 drmkaud - ok

08:21:11.0433 2648 DXGKrnl (c68ac676b0ef30cfbb1080adce49eb1f) C:\Windows\System32\drivers\dxgkrnl.sys

08:21:11.0475 2648 DXGKrnl - ok

08:21:11.0609 2648 E1G60 (f88fb26547fd2ce6d0a5af2985892c48) C:\Windows\system32\DRIVERS\E1G60I32.sys

08:21:11.0683 2648 E1G60 - ok

08:21:11.0741 2648 EapHost (c0b95e40d85cd807d614e264248a45b9) C:\Windows\System32\eapsvc.dll

08:21:11.0780 2648 EapHost - ok

08:21:11.0916 2648 Ecache (7f64ea048dcfac7acf8b4d7b4e6fe371) C:\Windows\system32\drivers\ecache.sys

08:21:11.0943 2648 Ecache - ok

08:21:12.0004 2648 ehRecvr (9be3744d295a7701eb425332014f0797) C:\Windows\ehome\ehRecvr.exe

08:21:12.0039 2648 ehRecvr - ok

08:21:12.0085 2648 ehSched (ad1870c8e5d6dd340c829e6074bf3c3f) C:\Windows\ehome\ehsched.exe

08:21:12.0117 2648 ehSched - ok

08:21:12.0128 2648 ehstart (c27c4ee8926e74aa72efcab24c5242c3) C:\Windows\ehome\ehstart.dll

08:21:12.0152 2648 ehstart - ok

08:21:12.0272 2648 elxstor (e8f3f21a71720c84bcf423b80028359f) C:\Windows\system32\drivers\elxstor.sys

08:21:12.0301 2648 elxstor - ok

08:21:12.0387 2648 EMDMgmt (4e6b23dfc917ea39306b529b773950f4) C:\Windows\system32\emdmgmt.dll

08:21:12.0435 2648 EMDMgmt - ok

08:21:12.0500 2648 EventSystem (67058c46504bc12d821f38cf99b7b28f) C:\Windows\system32\es.dll

08:21:12.0544 2648 EventSystem - ok

08:21:12.0649 2648 exfat (22b408651f9123527bcee54b4f6c5cae) C:\Windows\system32\drivers\exfat.sys

08:21:12.0684 2648 exfat - ok

08:21:12.0720 2648 fastfat (1e9b9a70d332103c52995e957dc09ef8) C:\Windows\system32\drivers\fastfat.sys

08:21:12.0765 2648 fastfat - ok

08:21:12.0830 2648 fdc (63bdada84951b9c03e641800e176898a) C:\Windows\system32\DRIVERS\fdc.sys

08:21:12.0902 2648 fdc - ok

08:21:12.0972 2648 fdPHost (6629b5f0e98151f4afdd87567ea32ba3) C:\Windows\system32\fdPHost.dll

08:21:13.0016 2648 fdPHost - ok

08:21:13.0043 2648 FDResPub (89ed56dce8e47af40892778a5bd31fd2) C:\Windows\system32\fdrespub.dll

08:21:13.0120 2648 FDResPub - ok

08:21:13.0212 2648 FileInfo (a8c0139a884861e3aae9cfe73b208a9f) C:\Windows\system32\drivers\fileinfo.sys

08:21:13.0232 2648 FileInfo - ok

08:21:13.0307 2648 Filetrace (0ae429a696aecbc5970e3cf2c62635ae) C:\Windows\system32\drivers\filetrace.sys

08:21:13.0347 2648 Filetrace - ok

08:21:13.0379 2648 flpydisk (6603957eff5ec62d25075ea8ac27de68) C:\Windows\system32\DRIVERS\flpydisk.sys

08:21:13.0445 2648 flpydisk - ok

08:21:13.0517 2648 FltMgr (01334f9ea68e6877c4ef05d3ea8abb05) C:\Windows\system32\drivers\fltmgr.sys

08:21:13.0539 2648 FltMgr - ok

08:21:13.0654 2648 FontCache (8ce364388c8eca59b14b539179276d44) C:\Windows\system32\FntCache.dll

08:21:13.0698 2648 FontCache - ok

08:21:13.0764 2648 FontCache3.0.0.0 (c7fbdd1ed42f82bfa35167a5c9803ea3) C:\Windows\Microsoft.Net\Framework\v3.0\WPF\PresentationFontCache.exe

08:21:13.0781 2648 FontCache3.0.0.0 - ok

08:21:13.0866 2648 Fs_Rec (65ea8b77b5851854f0c55c43fa51a198) C:\Windows\system32\drivers\Fs_Rec.sys

08:21:13.0906 2648 Fs_Rec - ok

08:21:13.0961 2648 gagp30kx (4e1cd0a45c50a8882616cae5bf82f3c5) C:\Windows\system32\drivers\gagp30kx.sys

08:21:13.0985 2648 gagp30kx - ok

08:21:14.0088 2648 GameConsoleService (58f9ee8357271a5529cccbd35a80e599) C:\Program Files\WildGames\Game Console - WildGames\GameConsoleService.exe

08:21:14.0114 2648 GameConsoleService - ok

08:21:14.0223 2648 GEARAspiWDM (8182ff89c65e4d38b2de4bb0fb18564e) C:\Windows\system32\Drivers\GEARAspiWDM.sys

08:21:14.0243 2648 GEARAspiWDM - ok

08:21:14.0319 2648 gpsvc (cd5d0aeee35dfd4e986a5aa1500a6e66) C:\Windows\System32\gpsvc.dll

08:21:14.0373 2648 gpsvc - ok

08:21:14.0472 2648 gupdate (f02a533f517eb38333cb12a9e8963773) C:\Program Files\Google\Update\GoogleUpdate.exe

08:21:14.0493 2648 gupdate - ok

08:21:14.0500 2648 gupdatem (f02a533f517eb38333cb12a9e8963773) C:\Program Files\Google\Update\GoogleUpdate.exe

08:21:14.0521 2648 gupdatem - ok

08:21:14.0626 2648 HdAudAddService (cb04c744be0a61b1d648faed182c3b59) C:\Windows\system32\drivers\HdAudio.sys

08:21:14.0705 2648 HdAudAddService - ok

08:21:14.0783 2648 HDAudBus (062452b7ffd68c8c042a6261fe8dff4a) C:\Windows\system32\DRIVERS\HDAudBus.sys

08:21:14.0836 2648 HDAudBus - ok

08:21:14.0935 2648 HidBth (1338520e78d90154ed6be8f84de5fceb) C:\Windows\system32\drivers\hidbth.sys

08:21:15.0046 2648 HidBth - ok

08:21:15.0095 2648 HidIr (ff3160c3a2445128c5a6d9b076da519e) C:\Windows\system32\drivers\hidir.sys

08:21:15.0160 2648 HidIr - ok

08:21:15.0203 2648 hidserv (84067081f3318162797385e11a8f0582) C:\Windows\system32\hidserv.dll

08:21:15.0227 2648 hidserv - ok

08:21:15.0317 2648 HidUsb (cca4b519b17e23a00b826c55716809cc) C:\Windows\system32\DRIVERS\hidusb.sys

08:21:15.0355 2648 HidUsb - ok

08:21:15.0415 2648 hkmsvc (d8ad255b37da92434c26e4876db7d418) C:\Windows\system32\kmsvc.dll

08:21:15.0459 2648 hkmsvc - ok

08:21:15.0492 2648 HpCISSs (df353b401001246853763c4b7aaa6f50) C:\Windows\system32\drivers\hpcisss.sys

08:21:15.0510 2648 HpCISSs - ok

08:21:15.0612 2648 hpqcxs08 (fcb563b0a23643e5f80b6ff1e60f610f) C:\Program Files\HP\Digital Imaging\bin\hpqcxs08.dll

08:21:15.0626 2648 hpqcxs08 ( UnsignedFile.Multi.Generic ) - warning

08:21:15.0626 2648 hpqcxs08 - detected UnsignedFile.Multi.Generic (1)

08:21:15.0645 2648 hpqddsvc (25e443e27165c652723a92d9bdfd4649) C:\Program Files\HP\Digital Imaging\bin\hpqddsvc.dll

08:21:15.0660 2648 hpqddsvc ( UnsignedFile.Multi.Generic ) - warning

08:21:15.0661 2648 hpqddsvc - detected UnsignedFile.Multi.Generic (1)

08:21:15.0762 2648 HTTP (f870aa3e254628ebeafe754108d664de) C:\Windows\system32\drivers\HTTP.sys

08:21:15.0817 2648 HTTP - ok

08:21:15.0860 2648 i2omp (324c2152ff2c61abae92d09f3cca4d63) C:\Windows\system32\drivers\i2omp.sys

08:21:15.0880 2648 i2omp - ok

08:21:16.0018 2648 i8042prt (22d56c8184586b7a1f6fa60be5f5a2bd) C:\Windows\system32\DRIVERS\i8042prt.sys

08:21:16.0066 2648 i8042prt - ok

08:21:16.0117 2648 iaStorV (c957bf4b5d80b46c5017bf0101e6c906) C:\Windows\system32\drivers\iastorv.sys

08:21:16.0151 2648 iaStorV - ok

08:21:16.0205 2648 IDriverT (6f95324909b502e2651442c1548ab12f) c:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe

08:21:16.0219 2648 IDriverT ( UnsignedFile.Multi.Generic ) - warning

08:21:16.0219 2648 IDriverT - detected UnsignedFile.Multi.Generic (1)

08:21:16.0322 2648 idsvc (98477b08e61945f974ed9fdc4cb6bdab) C:\Windows\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe

08:21:16.0366 2648 idsvc - ok

08:21:16.0475 2648 iirsp (2d077bf86e843f901d8db709c95b49a5) C:\Windows\system32\drivers\iirsp.sys

08:21:16.0501 2648 iirsp - ok

08:21:16.0572 2648 IKEEXT (9908d8a397b76cd8d31d0d383c5773c9) C:\Windows\System32\ikeext.dll

08:21:16.0619 2648 IKEEXT - ok

08:21:16.0821 2648 IntcAzAudAddService (3914ea9111dbeffaf1c68200817768ad) C:\Windows\system32\drivers\RTKVHDA.sys

08:21:16.0938 2648 IntcAzAudAddService - ok

08:21:17.0059 2648 intelide (97469037714070e45194ed318d636401) C:\Windows\system32\drivers\intelide.sys

08:21:17.0094 2648 intelide - ok

08:21:17.0147 2648 intelppm (ce44cc04262f28216dd4341e9e36a16f) C:\Windows\system32\DRIVERS\intelppm.sys

08:21:17.0256 2648 intelppm - ok

08:21:17.0329 2648 IPBusEnum (9ac218c6e6105477484c6fdbe7d409a4) C:\Windows\system32\ipbusenum.dll

08:21:17.0377 2648 IPBusEnum - ok

08:21:17.0452 2648 IpFilterDriver (62c265c38769b864cb25b4bcf62df6c3) C:\Windows\system32\DRIVERS\ipfltdrv.sys

08:21:17.0495 2648 IpFilterDriver - ok

08:21:17.0557 2648 iphlpsvc (1998bd97f950680bb55f55a7244679c2) C:\Windows\System32\iphlpsvc.dll

08:21:17.0609 2648 iphlpsvc - ok

08:21:17.0692 2648 IpInIp - ok

08:21:17.0740 2648 IPMIDRV (40f34f8aba2a015d780e4b09138b6c17) C:\Windows\system32\drivers\ipmidrv.sys

08:21:17.0848 2648 IPMIDRV - ok

08:21:17.0885 2648 IPNAT (8793643a67b42cec66490b2a0cf92d68) C:\Windows\system32\DRIVERS\ipnat.sys

08:21:17.0925 2648 IPNAT - ok

08:21:18.0036 2648 iPod Service (ce004777b92dea56fe14ec900d20baa4) C:\Program Files\iPod\bin\iPodService.exe

08:21:18.0135 2648 iPod Service - ok

08:21:18.0233 2648 IRENUM (109c0dfb82c3632fbd11949b73aeeac9) C:\Windows\system32\drivers\irenum.sys

08:21:18.0273 2648 IRENUM - ok

08:21:18.0320 2648 isapnp (350fca7e73cf65bcef43fae1e4e91293) C:\Windows\system32\drivers\isapnp.sys

08:21:18.0338 2648 isapnp - ok

08:21:18.0457 2648 iScsiPrt (232fa340531d940aac623b121a595034) C:\Windows\system32\DRIVERS\msiscsi.sys

08:21:18.0480 2648 iScsiPrt - ok

08:21:18.0527 2648 iteatapi (bced60d16156e428f8df8cf27b0df150) C:\Windows\system32\drivers\iteatapi.sys

08:21:18.0544 2648 iteatapi - ok

08:21:18.0559 2648 iteraid (06fa654504a498c30adca8bec4e87e7e) C:\Windows\system32\drivers\iteraid.sys

08:21:18.0578 2648 iteraid - ok

08:21:18.0679 2648 kbdclass (37605e0a8cf00cbba538e753e4344c6e) C:\Windows\system32\DRIVERS\kbdclass.sys

08:21:18.0698 2648 kbdclass - ok

08:21:18.0741 2648 kbdhid (d2600cb17b7408b4a83f231dc9a11ac3) C:\Windows\system32\drivers\kbdhid.sys

08:21:18.0805 2648 kbdhid - ok

08:21:18.0839 2648 KeyIso (a3e186b4b935905b829219502557314e) C:\Windows\system32\lsass.exe

08:21:18.0898 2648 KeyIso - ok

08:21:19.0030 2648 KL1 (94d67d49bd9503bb1d838405d80f2058) C:\Windows\system32\DRIVERS\kl1.sys

08:21:19.0052 2648 KL1 - ok

08:21:19.0107 2648 kl2 (713576569667ac9e0f8556076004a96b) C:\Windows\system32\DRIVERS\kl2.sys

08:21:19.0126 2648 kl2 - ok

08:21:19.0234 2648 KLIF (39920d69eaedb51757527aa54fe25216) C:\Windows\system32\DRIVERS\klif.sys

08:21:19.0292 2648 KLIF - ok

08:21:19.0354 2648 KLIM6 (cf88b4985d957eee45c9939092e87c92) C:\Windows\system32\DRIVERS\klim6.sys

08:21:19.0376 2648 KLIM6 - ok

08:21:19.0449 2648 klmouflt (3de1771c135328420315e21dde229bba) C:\Windows\system32\DRIVERS\klmouflt.sys

08:21:19.0470 2648 klmouflt - ok

08:21:19.0528 2648 KSecDD (2b2f1638466e8cb091400c9019cc730e) C:\Windows\system32\Drivers\ksecdd.sys

08:21:19.0573 2648 KSecDD - ok

08:21:19.0679 2648 KtmRm (8078f8f8f7a79e2e6b494523a828c585) C:\Windows\system32\msdtckrm.dll

08:21:19.0732 2648 KtmRm - ok

08:21:19.0804 2648 LanmanServer (1bf5eebfd518dd7298434d8c862f825d) C:\Windows\system32\srvsvc.dll

08:21:19.0837 2648 LanmanServer - ok

08:21:19.0936 2648 LanmanWorkstation (1db69705b695b987082c8baec0c6b34f) C:\Windows\System32\wkssvc.dll

08:21:19.0992 2648 LanmanWorkstation - ok

08:21:20.0240 2648 LeapFrog Connect Device Service (24a7d535bd9e58e5bc1ac52ef7e2ec8e) C:\Program Files\LeapFrog\LeapFrog Connect\CommandService.exe

08:21:20.0526 2648 LeapFrog Connect Device Service - ok

08:21:20.0590 2648 LightScribeService (793ff718477345cd5d232c50bed1e452) c:\Program Files\Common Files\LightScribe\LSSrvc.exe

08:21:20.0602 2648 LightScribeService ( UnsignedFile.Multi.Generic ) - warning

08:21:20.0602 2648 LightScribeService - detected UnsignedFile.Multi.Generic (1)

08:21:20.0698 2648 lltdio (d1c5883087a0c3f1344d9d55a44901f6) C:\Windows\system32\DRIVERS\lltdio.sys

08:21:20.0742 2648 lltdio - ok

08:21:20.0783 2648 lltdsvc (2d5a428872f1442631d0959a34abff63) C:\Windows\System32\lltdsvc.dll

08:21:20.0829 2648 lltdsvc - ok

08:21:20.0860 2648 lmhosts (35d40113e4a5b961b6ce5c5857702518) C:\Windows\System32\lmhsvc.dll

08:21:20.0936 2648 lmhosts - ok

08:21:21.0035 2648 LSI_FC (a2262fb9f28935e862b4db46438c80d2) C:\Windows\system32\drivers\lsi_fc.sys

08:21:21.0056 2648 LSI_FC - ok

08:21:21.0113 2648 LSI_SAS (30d73327d390f72a62f32c103daf1d6d) C:\Windows\system32\drivers\lsi_sas.sys

08:21:21.0135 2648 LSI_SAS - ok

08:21:21.0237 2648 LSI_SCSI (e1e36fefd45849a95f1ab81de0159fe3) C:\Windows\system32\drivers\lsi_scsi.sys

08:21:21.0266 2648 LSI_SCSI - ok

08:21:21.0335 2648 luafv (8f5c7426567798e62a3b3614965d62cc) C:\Windows\system32\drivers\luafv.sys

08:21:21.0382 2648 luafv - ok

08:21:21.0446 2648 LVPr2Mon (8be71d7edb8c7494913722059f760dd0) C:\Windows\system32\DRIVERS\LVPr2Mon.sys

08:21:21.0481 2648 LVPr2Mon - ok

08:21:21.0576 2648 LVRS (7521c0c58ee91be90b6cc33e792d10c7) C:\Windows\system32\DRIVERS\lvrs.sys

08:21:21.0600 2648 LVRS - ok

08:21:21.0759 2648 LVUVC (37e57c48af530df01cdd4e8a2ad77b51) C:\Windows\system32\DRIVERS\lvuvc.sys

08:21:21.0942 2648 LVUVC - ok

08:21:22.0032 2648 McciCMService (e6cb119ef2e148eaa1a247343550756e) C:\Program Files\Common Files\Motive\McciCMService.exe

08:21:22.0051 2648 McciCMService ( UnsignedFile.Multi.Generic ) - warning

08:21:22.0051 2648 McciCMService - detected UnsignedFile.Multi.Generic (1)

08:21:22.0074 2648 McciServiceHost - ok

08:21:22.0161 2648 Mcx2Svc (aef9babb8a506bc4ce0451a64aaded46) C:\Windows\system32\Mcx2Svc.dll

08:21:22.0190 2648 Mcx2Svc - ok

08:21:22.0287 2648 megasas (d153b14fc6598eae8422a2037553adce) C:\Windows\system32\drivers\megasas.sys

08:21:22.0308 2648 megasas - ok

08:21:22.0390 2648 MMCSS (1076ffcffaae8385fd62dfcb25ac4708) C:\Windows\system32\mmcss.dll

08:21:22.0437 2648 MMCSS - ok

08:21:22.0606 2648 Modem (e13b5ea0f51ba5b1512ec671393d09ba) C:\Windows\system32\drivers\modem.sys

08:21:22.0671 2648 Modem - ok

08:21:22.0771 2648 monitor (0a9bb33b56e294f686abb7c1e4e2d8a8) C:\Windows\system32\DRIVERS\monitor.sys

08:21:22.0814 2648 monitor - ok

08:21:22.0874 2648 mouclass (5bf6a1326a335c5298477754a506d263) C:\Windows\system32\DRIVERS\mouclass.sys

08:21:22.0894 2648 mouclass - ok

08:21:22.0925 2648 mouhid (93b8d4869e12cfbe663915502900876f) C:\Windows\system32\DRIVERS\mouhid.sys

08:21:22.0972 2648 mouhid - ok

08:21:23.0053 2648 MountMgr (bdafc88aa6b92f7842416ea6a48e1600) C:\Windows\system32\drivers\mountmgr.sys

08:21:23.0075 2648 MountMgr - ok

08:21:23.0157 2648 MPFP (95675c3398dcc084c8d1dc35cc4e9e01) C:\Windows\system32\Drivers\Mpfp.sys

08:21:23.0178 2648 MPFP - ok

08:21:23.0291 2648 mpio (583a41f26278d9e0ea548163d6139397) C:\Windows\system32\drivers\mpio.sys

08:21:23.0313 2648 mpio - ok

08:21:23.0393 2648 mpsdrv (22241feba9b2defa669c8cb0a8dd7d2e) C:\Windows\system32\drivers\mpsdrv.sys

08:21:23.0447 2648 mpsdrv - ok

08:21:23.0495 2648 MpsSvc (5de62c6e9108f14f6794060a9bdecaec) C:\Windows\system32\mpssvc.dll

08:21:23.0543 2648 MpsSvc - ok

08:21:23.0639 2648 Mraid35x (4fbbb70d30fd20ec51f80061703b001e) C:\Windows\system32\drivers\mraid35x.sys

08:21:23.0662 2648 Mraid35x - ok

08:21:23.0727 2648 MREMP50 (9bd4dcb5412921864a7aacdedfbd1923) C:\PROGRA~1\COMMON~1\Motive\MREMP50.SYS

08:21:23.0768 2648 MREMP50 ( UnsignedFile.Multi.Generic ) - warning

08:21:23.0768 2648 MREMP50 - detected UnsignedFile.Multi.Generic (1)

08:21:23.0778 2648 MREMPR5 - ok

08:21:23.0796 2648 MRENDIS5 - ok

08:21:23.0853 2648 MRESP50 (07c02c892e8e1a72d6bf35004f0e9c5e) C:\PROGRA~1\COMMON~1\Motive\MRESP50.SYS

08:21:23.0877 2648 MRESP50 ( UnsignedFile.Multi.Generic ) - warning

08:21:23.0877 2648 MRESP50 - detected UnsignedFile.Multi.Generic (1)

08:21:23.0969 2648 MRxDAV (82cea0395524aacfeb58ba1448e8325c) C:\Windows\system32\drivers\mrxdav.sys

08:21:24.0006 2648 MRxDAV - ok

08:21:24.0056 2648 mrxsmb (1e94971c4b446ab2290deb71d01cf0c2) C:\Windows\system32\DRIVERS\mrxsmb.sys

08:21:24.0098 2648 mrxsmb - ok

08:21:24.0199 2648 mrxsmb10 (4fccb34d793b116423209c0f8b7a3b03) C:\Windows\system32\DRIVERS\mrxsmb10.sys

08:21:24.0240 2648 mrxsmb10 - ok

08:21:24.0305 2648 mrxsmb20 (c3cb1b40ad4a0124d617a1199b0b9d7c) C:\Windows\system32\DRIVERS\mrxsmb20.sys

08:21:24.0336 2648 mrxsmb20 - ok

08:21:24.0398 2648 msahci (742aed7939e734c36b7e8d6228ce26b7) C:\Windows\system32\drivers\msahci.sys

08:21:24.0419 2648 msahci - ok

08:21:24.0450 2648 msdsm (3fc82a2ae4cc149165a94699183d3028) C:\Windows\system32\drivers\msdsm.sys

08:21:24.0471 2648 msdsm - ok

08:21:24.0546 2648 MSDTC (fd7520cc3a80c5fc8c48852bb24c6ded) C:\Windows\System32\msdtc.exe

08:21:24.0592 2648 MSDTC - ok

08:21:24.0675 2648 Msfs (a9927f4a46b816c92f461acb90cf8515) C:\Windows\system32\drivers\Msfs.sys

08:21:24.0720 2648 Msfs - ok

08:21:24.0821 2648 msisadrv (0f400e306f385c56317357d6dea56f62) C:\Windows\system32\drivers\msisadrv.sys

08:21:24.0851 2648 msisadrv - ok

08:21:24.0903 2648 MSiSCSI (85466c0757a23d9a9aecdc0755203cb2) C:\Windows\system32\iscsiexe.dll

08:21:24.0960 2648 MSiSCSI - ok

08:21:25.0004 2648 msiserver - ok

08:21:25.0099 2648 MSKSSRV (d8c63d34d9c9e56c059e24ec7185cc07) C:\Windows\system32\drivers\MSKSSRV.sys

08:21:25.0141 2648 MSKSSRV - ok

08:21:25.0179 2648 MSPCLOCK (1d373c90d62ddb641d50e55b9e78d65e) C:\Windows\system32\drivers\MSPCLOCK.sys

08:21:25.0221 2648 MSPCLOCK - ok

08:21:25.0252 2648 MSPQM (b572da05bf4e098d4bba3a4734fb505b) C:\Windows\system32\drivers\MSPQM.sys

08:21:25.0290 2648 MSPQM - ok

08:21:25.0344 2648 MsRPC (b49456d70555de905c311bcda6ec6adb) C:\Windows\system32\drivers\MsRPC.sys

08:21:25.0370 2648 MsRPC - ok

08:21:25.0436 2648 mssmbios (e384487cb84be41d09711c30ca79646c) C:\Windows\system32\DRIVERS\mssmbios.sys

08:21:25.0454 2648 mssmbios - ok

08:21:25.0511 2648 MSTEE (7199c1eec1e4993caf96b8c0a26bd58a) C:\Windows\system32\drivers\MSTEE.sys

08:21:25.0551 2648 MSTEE - ok

08:21:25.0611 2648 Mup (6a57b5733d4cb702c8ea4542e836b96c) C:\Windows\system32\Drivers\mup.sys

08:21:25.0632 2648 Mup - ok

08:21:25.0676 2648 napagent (e4eaf0c5c1b41b5c83386cf212ca9584) C:\Windows\system32\qagentRT.dll

08:21:25.0718 2648 napagent - ok

08:21:25.0814 2648 NativeWifiP (85c44fdff9cf7e72a40dcb7ec06a4416) C:\Windows\system32\DRIVERS\nwifi.sys

08:21:25.0848 2648 NativeWifiP - ok

08:21:25.0960 2648 NDIS (1357274d1883f68300aeadd15d7bbb42) C:\Windows\system32\drivers\ndis.sys

08:21:25.0997 2648 NDIS - ok

08:21:26.0072 2648 NdisTapi (0e186e90404980569fb449ba7519ae61) C:\Windows\system32\DRIVERS\ndistapi.sys

08:21:26.0110 2648 NdisTapi - ok

08:21:26.0176 2648 Ndisuio (d6973aa34c4d5d76c0430b181c3cd389) C:\Windows\system32\DRIVERS\ndisuio.sys

08:21:26.0219 2648 Ndisuio - ok

08:21:26.0283 2648 NdisWan (818f648618ae34f729fdb47ec68345c3) C:\Windows\system32\DRIVERS\ndiswan.sys

08:21:26.0326 2648 NdisWan - ok

08:21:26.0389 2648 NDProxy (71dab552b41936358f3b541ae5997fb3) C:\Windows\system32\drivers\NDProxy.sys

08:21:26.0430 2648 NDProxy - ok

08:21:26.0514 2648 Net Driver HPZ12 (51c6d8bfbd4ea5b62a1ba7f4469250d3) C:\Windows\system32\HPZinw12.dll

08:21:26.0529 2648 Net Driver HPZ12 ( UnsignedFile.Multi.Generic ) - warning

08:21:26.0529 2648 Net Driver HPZ12 - detected UnsignedFile.Multi.Generic (1)

08:21:26.0603 2648 NetBIOS (bcd093a5a6777cf626434568dc7dba78) C:\Windows\system32\DRIVERS\netbios.sys

08:21:26.0640 2648 NetBIOS - ok

08:21:26.0718 2648 netbt (ecd64230a59cbd93c85f1cd1cab9f3f6) C:\Windows\system32\DRIVERS\netbt.sys

08:21:26.0758 2648 netbt - ok

08:21:26.0822 2648 Netlogon (a3e186b4b935905b829219502557314e) C:\Windows\system32\lsass.exe

08:21:26.0879 2648 Netlogon - ok

08:21:26.0950 2648 Netman (c8052711daecc48b982434c5116ca401) C:\Windows\System32\netman.dll

08:21:26.0997 2648 Netman - ok

08:21:27.0035 2648 netprofm (2ef3bbe22e5a5acd1428ee387a0d0172) C:\Windows\System32\netprofm.dll

08:21:27.0079 2648 netprofm - ok

08:21:27.0154 2648 NetTcpPortSharing (d6c4e4a39a36029ac0813d476fbd0248) C:\Windows\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe

08:21:27.0177 2648 NetTcpPortSharing - ok

08:21:27.0267 2648 nfrd960 (2e7fb731d4790a1bc6270accefacb36e) C:\Windows\system32\drivers\nfrd960.sys

08:21:27.0290 2648 nfrd960 - ok

08:21:27.0348 2648 NlaSvc (2997b15415f9bbe05b5a4c1c85e0c6a2) C:\Windows\System32\nlasvc.dll

08:21:27.0398 2648 NlaSvc - ok

08:21:27.0455 2648 Npfs (d36f239d7cce1931598e8fb90a0dbc26) C:\Windows\system32\drivers\Npfs.sys

08:21:27.0490 2648 Npfs - ok

08:21:27.0551 2648 nsi (8bb86f0c7eea2bded6fe095d0b4ca9bd) C:\Windows\system32\nsisvc.dll

08:21:27.0597 2648 nsi - ok

08:21:27.0657 2648 nsiproxy (609773e344a97410ce4ebf74a8914fcf) C:\Windows\system32\drivers\nsiproxy.sys

08:21:27.0702 2648 nsiproxy - ok

08:21:27.0784 2648 Ntfs (6a4a98cee84cf9e99564510dda4baa47) C:\Windows\system32\drivers\Ntfs.sys

08:21:27.0837 2648 Ntfs - ok

08:21:27.0895 2648 ntrigdigi (e875c093aec0c978a90f30c9e0dfbb72) C:\Windows\system32\drivers\ntrigdigi.sys

08:21:27.0968 2648 ntrigdigi - ok

08:21:28.0033 2648 Null (c5dbbcda07d780bda9b685df333bb41e) C:\Windows\system32\drivers\Null.sys

08:21:28.0078 2648 Null - ok

08:21:28.0203 2648 NVENETFD (d958a2b5f6ad5c3b8ccdc4d7da62466c) C:\Windows\system32\DRIVERS\nvmfdx32.sys

08:21:28.0256 2648 NVENETFD - ok

08:21:28.0637 2648 nvlddmkm (e891b3979f0cf2740c1b073f834221fe) C:\Windows\system32\DRIVERS\nvlddmkm.sys

08:21:29.0134 2648 nvlddmkm - ok

08:21:29.0265 2648 nvraid (e69e946f80c1c31c53003bfbf50cbb7c) C:\Windows\system32\drivers\nvraid.sys

08:21:29.0285 2648 nvraid - ok

08:21:29.0305 2648 nvstor (9e0ba19a28c498a6d323d065db76dffc) C:\Windows\system32\drivers\nvstor.sys

08:21:29.0324 2648 nvstor - ok

08:21:29.0365 2648 nvstor32 (7eba6c9a0a295b1559efb9062e701218) C:\Windows\system32\drivers\nvstor32.sys

08:21:29.0383 2648 nvstor32 - ok

08:21:29.0528 2648 nvsvc (ae2de8e165dcb93a66b21748e6f913df) C:\Windows\system32\nvvsvc.exe

08:21:29.0563 2648 nvsvc - ok

08:21:29.0723 2648 nvUpdatusService (c78581c14699c46fe0f0817416383134) C:\Program Files\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe

08:21:29.0821 2648 nvUpdatusService - ok

08:21:29.0952 2648 nv_agp (07c186427eb8fcc3d8d7927187f260f7) C:\Windows\system32\drivers\nv_agp.sys

08:21:29.0975 2648 nv_agp - ok

08:21:29.0984 2648 NwlnkFlt - ok

08:21:29.0997 2648 NwlnkFwd - ok

08:21:30.0051 2648 ohci1394 (6f310e890d46e246e0e261a63d9b36b4) C:\Windows\system32\DRIVERS\ohci1394.sys

08:21:30.0085 2648 ohci1394 - ok

08:21:30.0161 2648 p2pimsvc (0c8e8e61ad1eb0b250b846712c917506) C:\Windows\system32\p2psvc.dll

08:21:30.0209 2648 p2pimsvc - ok

08:21:30.0223 2648 p2psvc (0c8e8e61ad1eb0b250b846712c917506) C:\Windows\system32\p2psvc.dll

08:21:30.0270 2648 p2psvc - ok

08:21:30.0338 2648 Parport (0fa9b5055484649d63c303fe404e5f4d) C:\Windows\system32\drivers\parport.sys

08:21:30.0409 2648 Parport - ok

08:21:30.0457 2648 partmgr (57389fa59a36d96b3eb09d0cb91e9cdc) C:\Windows\system32\drivers\partmgr.sys

08:21:30.0475 2648 partmgr - ok

08:21:30.0522 2648 Parvdm (4f9a6a8a31413180d0fcb279ad5d8112) C:\Windows\system32\drivers\parvdm.sys

08:21:30.0583 2648 Parvdm - ok

08:21:30.0642 2648 PcaSvc (c6276ad11f4bb49b58aa1ed88537f14a) C:\Windows\System32\pcasvc.dll

08:21:30.0669 2648 PcaSvc - ok

08:21:30.0682 2648 PcdrNdisuio - ok

08:21:30.0742 2648 pci (941dc1d19e7e8620f40bbc206981efdb) C:\Windows\system32\drivers\pci.sys

08:21:30.0762 2648 pci - ok

08:21:30.0804 2648 pciide (1636d43f10416aeb483bc6001097b26c) C:\Windows\system32\drivers\pciide.sys

08:21:30.0821 2648 pciide - ok

08:21:30.0879 2648 pcmcia (e6f3fb1b86aa519e7698ad05e58b04e5) C:\Windows\system32\drivers\pcmcia.sys

08:21:30.0902 2648 pcmcia - ok

08:21:30.0978 2648 PEAUTH (6349f6ed9c623b44b52ea3c63c831a92) C:\Windows\system32\drivers\peauth.sys

08:21:31.0064 2648 PEAUTH - ok

08:21:31.0218 2648 pla (b1689df169143f57053f795390c99db3) C:\Windows\system32\pla.dll

08:21:31.0294 2648 pla - ok

08:21:31.0341 2648 PlugPlay (c5e7f8a996ec0a82d508fd9064a5569e) C:\Windows\system32\umpnpmgr.dll

08:21:31.0384 2648 PlugPlay - ok

08:21:31.0513 2648 Pml Driver HPZ12 (79834aa2fbf9fe81eebb229024f6f7fc) C:\Windows\system32\HPZipm12.dll

08:21:31.0525 2648 Pml Driver HPZ12 ( UnsignedFile.Multi.Generic ) - warning

08:21:31.0525 2648 Pml Driver HPZ12 - detected UnsignedFile.Multi.Generic (1)

08:21:31.0589 2648 PNRPAutoReg (0c8e8e61ad1eb0b250b846712c917506) C:\Windows\system32\p2psvc.dll

08:21:31.0654 2648 PNRPAutoReg - ok

08:21:31.0669 2648 PNRPsvc (0c8e8e61ad1eb0b250b846712c917506) C:\Windows\system32\p2psvc.dll

08:21:31.0717 2648 PNRPsvc - ok

08:21:31.0818 2648 PolicyAgent (d0494460421a03cd5225cca0059aa146) C:\Windows\System32\ipsecsvc.dll

08:21:31.0862 2648 PolicyAgent - ok

08:21:31.0932 2648 PptpMiniport (ecfffaec0c1ecd8dbc77f39070ea1db1) C:\Windows\system32\DRIVERS\raspptp.sys

08:21:31.0973 2648 PptpMiniport - ok

08:21:32.0064 2648 Processor (0e3cef5d28b40cf273281d620c50700a) C:\Windows\system32\drivers\processr.sys

08:21:32.0126 2648 Processor - ok

08:21:32.0173 2648 ProfSvc (0508faa222d28835310b7bfca7a77346) C:\Windows\system32\profsvc.dll

08:21:32.0209 2648 ProfSvc - ok

08:21:32.0263 2648 ProtectedStorage (a3e186b4b935905b829219502557314e) C:\Windows\system32\lsass.exe

08:21:32.0302 2648 ProtectedStorage - ok

08:21:32.0386 2648 PSched (99514faa8df93d34b5589187db3aa0ba) C:\Windows\system32\DRIVERS\pacer.sys

08:21:32.0425 2648 PSched - ok

08:21:32.0449 2648 PxHelp20 (d86b4a68565e444d76457f14172c875a) C:\Windows\system32\Drivers\PxHelp20.sys

08:21:32.0468 2648 PxHelp20 - ok

08:21:32.0566 2648 ql2300 (ccdac889326317792480c0a67156a1ec) C:\Windows\system32\drivers\ql2300.sys

08:21:32.0612 2648 ql2300 - ok

08:21:32.0709 2648 ql40xx (81a7e5c076e59995d54bc1ed3a16e60b) C:\Windows\system32\drivers\ql40xx.sys

08:21:32.0734 2648 ql40xx - ok

08:21:32.0809 2648 QWAVE (e9ecae663f47e6cb43962d18ab18890f) C:\Windows\system32\qwave.dll

08:21:32.0853 2648 QWAVE - ok

08:21:32.0894 2648 QWAVEdrv (9f5e0e1926014d17486901c88eca2db7) C:\Windows\system32\drivers\qwavedrv.sys

08:21:32.0922 2648 QWAVEdrv - ok

08:21:33.0009 2648 RasAcd (147d7f9c556d259924351feb0de606c3) C:\Windows\system32\DRIVERS\rasacd.sys

08:21:33.0053 2648 RasAcd - ok

08:21:33.0102 2648 RasAuto (f6a452eb4ceadbb51c9e0ee6b3ecef0f) C:\Windows\System32\rasauto.dll

08:21:33.0150 2648 RasAuto - ok

08:21:33.0192 2648 Rasl2tp (a214adbaf4cb47dd2728859ef31f26b0) C:\Windows\system32\DRIVERS\rasl2tp.sys

08:21:33.0238 2648 Rasl2tp - ok

08:21:33.0286 2648 RasMan (75d47445d70ca6f9f894b032fbc64fcf) C:\Windows\System32\rasmans.dll

08:21:33.0325 2648 RasMan - ok

08:21:33.0433 2648 RasPppoe (509a98dd18af4375e1fc40bc175f1def) C:\Windows\system32\DRIVERS\raspppoe.sys

08:21:33.0502 2648 RasPppoe - ok

08:21:33.0543 2648 RasSstp (2005f4a1e05fa09389ac85840f0a9e4d) C:\Windows\system32\DRIVERS\rassstp.sys

08:21:33.0572 2648 RasSstp - ok

08:21:33.0613 2648 rdbss (b14c9d5b9add2f84f70570bbbfaa7935) C:\Windows\system32\DRIVERS\rdbss.sys

08:21:33.0654 2648 rdbss - ok

08:21:33.0761 2648 RDPCDD (89e59be9a564262a3fb6c4f4f1cd9899) C:\Windows\system32\DRIVERS\RDPCDD.sys

08:21:33.0805 2648 RDPCDD - ok

08:21:33.0856 2648 rdpdr (e8bd98d46f2ed77132ba927fccb47d8b) C:\Windows\system32\drivers\rdpdr.sys

08:21:33.0930 2648 rdpdr - ok

08:21:33.0941 2648 RDPENCDD (9d91fe5286f748862ecffa05f8a0710c) C:\Windows\system32\drivers\rdpencdd.sys

08:21:33.0986 2648 RDPENCDD - ok

08:21:34.0133 2648 RDPWD (79c6df8477250f5c54f7c5ae1d6b814e) C:\Windows\system32\drivers\RDPWD.sys

08:21:34.0229 2648 RDPWD - ok

08:21:34.0278 2648 RemoteAccess (bcdd6b4804d06b1f7ebf29e53a57ece9) C:\Windows\System32\mprdim.dll

08:21:34.0318 2648 RemoteAccess - ok

08:21:34.0357 2648 RemoteRegistry (9e6894ea18daff37b63e1005f83ae4ab) C:\Windows\system32\regsvc.dll

08:21:34.0394 2648 RemoteRegistry - ok

08:21:34.0472 2648 RoxLiveShare9 (19be545cb9840fb8158b3369be16f777) c:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxLiveShare9.exe

08:21:34.0497 2648 RoxLiveShare9 - ok

08:21:34.0540 2648 RoxMediaDB9 (062d1268cfcf569ba5fbcfd1bea88d2a) c:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxMediaDB9.exe

08:21:34.0580 2648 RoxMediaDB9 - ok

08:21:34.0686 2648 RpcLocator (5123f83cbc4349d065534eeb6bbdc42b) C:\Windows\system32\locator.exe

08:21:34.0717 2648 RpcLocator - ok

08:21:34.0768 2648 RpcSs (3b5b4d53fec14f7476ca29a20cc31ac9) C:\Windows\system32\rpcss.dll

08:21:34.0811 2648 RpcSs - ok

08:21:34.0940 2648 rspndr (9c508f4074a39e8b4b31d27198146fad) C:\Windows\system32\DRIVERS\rspndr.sys

08:21:34.0986 2648 rspndr - ok

08:21:35.0029 2648 SamSs (a3e186b4b935905b829219502557314e) C:\Windows\system32\lsass.exe

08:21:35.0093 2648 SamSs - ok

08:21:35.0144 2648 sbp2port (3ce8f073a557e172b330109436984e30) C:\Windows\system32\drivers\sbp2port.sys

08:21:35.0167 2648 sbp2port - ok

08:21:35.0290 2648 SCardSvr (77b7a11a0c3d78d3386398fbbea1b632) C:\Windows\System32\SCardSvr.dll

08:21:35.0356 2648 SCardSvr - ok

08:21:35.0418 2648 Schedule (1a58069db21d05eb2ab58ee5753ebe8d) C:\Windows\system32\schedsvc.dll

08:21:35.0513 2648 Schedule - ok

08:21:35.0537 2648 SCPolicySvc (312ec3e37a0a1f2006534913e37b4423) C:\Windows\System32\certprop.dll

08:21:35.0567 2648 SCPolicySvc - ok

08:21:35.0661 2648 SDRSVC (716313d9f6b0529d03f726d5aaf6f191) C:\Windows\System32\SDRSVC.dll

08:21:35.0690 2648 SDRSVC - ok

08:21:35.0746 2648 secdrv (90a3935d05b494a5a39d37e71f09a677) C:\Windows\system32\drivers\secdrv.sys

08:21:35.0807 2648 secdrv - ok

08:21:35.0892 2648 seclogon (fd5199d4d8a521005e4b5ee7fe00fa9b) C:\Windows\system32\seclogon.dll

08:21:35.0933 2648 seclogon - ok

08:21:35.0960 2648 SENS (a9bbab5759771e523f55563d6cbe140f) C:\Windows\System32\sens.dll

08:21:36.0002 2648 SENS - ok

08:21:36.0032 2648 Serenum (68e44e331d46f0fb38f0863a84cd1a31) C:\Windows\system32\drivers\serenum.sys

08:21:36.0094 2648 Serenum - ok

08:21:36.0124 2648 Serial (c70d69a918b178d3c3b06339b40c2e1b) C:\Windows\system32\drivers\serial.sys

08:21:36.0189 2648 Serial - ok

08:21:36.0282 2648 sermouse (8af3d28a879bf75db53a0ee7a4289624) C:\Windows\system32\drivers\sermouse.sys

08:21:36.0337 2648 sermouse - ok

08:21:36.0385 2648 SessionEnv (d2193326f729b163125610dbf3e17d57) C:\Windows\system32\sessenv.dll

08:21:36.0433 2648 SessionEnv - ok

08:21:36.0468 2648 sffdisk (103b79418da647736ee95645f305f68a) C:\Windows\system32\drivers\sffdisk.sys

08:21:36.0538 2648 sffdisk - ok

08:21:36.0614 2648 sffp_mmc (8fd08a310645fe872eeec6e08c6bf3ee) C:\Windows\system32\drivers\sffp_mmc.sys

08:21:36.0722 2648 sffp_mmc - ok

08:21:36.0752 2648 sffp_sd (9cfa05fcfcb7124e69cfc812b72f9614) C:\Windows\system32\drivers\sffp_sd.sys

08:21:36.0813 2648 sffp_sd - ok

08:21:36.0833 2648 sfloppy (46ed8e91793b2e6f848015445a0ac188) C:\Windows\system32\drivers\sfloppy.sys

08:21:36.0901 2648 sfloppy - ok

08:21:36.0945 2648 SharedAccess (e1499bd0ff76b1b2fbbf1af339d91165) C:\Windows\System32\ipnathlp.dll

08:21:36.0991 2648 SharedAccess - ok

08:21:37.0078 2648 ShellHWDetection (c7230fbee14437716701c15be02c27b8) C:\Windows\System32\shsvcs.dll

08:21:37.0119 2648 ShellHWDetection - ok

08:21:37.0198 2648 silabenm (3ead8e1668ce42a0afe41d56e7157bcf) C:\Windows\system32\DRIVERS\silabenm.sys

08:21:37.0232 2648 silabenm - ok

08:21:37.0311 2648 silabser (177d3ebf3e236a272d769c14f73ecc3e) C:\Windows\system32\DRIVERS\silabser.sys

08:21:37.0341 2648 silabser - ok

08:21:37.0390 2648 sisagp (d2a595d6eebeeaf4334f8e50efbc9931) C:\Windows\system32\drivers\sisagp.sys

08:21:37.0409 2648 sisagp - ok

08:21:37.0468 2648 SiSRaid2 (cedd6f4e7d84e9f98b34b3fe988373aa) C:\Windows\system32\drivers\sisraid2.sys

08:21:37.0490 2648 SiSRaid2 - ok

08:21:37.0522 2648 SiSRaid4 (df843c528c4f69d12ce41ce462e973a7) C:\Windows\system32\drivers\sisraid4.sys

08:21:37.0543 2648 SiSRaid4 - ok

08:21:37.0708 2648 slsvc (862bb4cbc05d80c5b45be430e5ef872f) C:\Windows\system32\SLsvc.exe

08:21:37.0854 2648 slsvc - ok

08:21:37.0984 2648 SLUINotify (6edc422215cd78aa8a9cde6b30abbd35) C:\Windows\system32\SLUINotify.dll

08:21:38.0022 2648 SLUINotify - ok

08:21:38.0086 2648 Smb (7b75299a4d201d6a6533603d6914ab04) C:\Windows\system32\DRIVERS\smb.sys

08:21:38.0123 2648 Smb - ok

08:21:38.0163 2648 SNMPTRAP (2a146a055b4401c16ee62d18b8e2a032) C:\Windows\System32\snmptrap.exe

08:21:38.0197 2648 SNMPTRAP - ok

08:21:38.0271 2648 spldr (7aebdeef071fe28b0eef2cdd69102bff) C:\Windows\system32\drivers\spldr.sys

08:21:38.0292 2648 spldr - ok

08:21:38.0351 2648 Spooler (8554097e5136c3bf9f69fe578a1b35f4) C:\Windows\System32\spoolsv.exe

08:21:38.0383 2648 Spooler - ok

08:21:38.0432 2648 srv (41987f9fc0e61adf54f581e15029ad91) C:\Windows\system32\DRIVERS\srv.sys

08:21:38.0479 2648 srv - ok

08:21:38.0572 2648 srv2 (ff33aff99564b1aa534f58868cbe41ef) C:\Windows\system32\DRIVERS\srv2.sys

08:21:38.0616 2648 srv2 - ok

08:21:38.0636 2648 srvnet (7605c0e1d01a08f3ecd743f38b834a44) C:\Windows\system32\DRIVERS\srvnet.sys

08:21:38.0682 2648 srvnet - ok

08:21:38.0724 2648 SSDPSRV (03d50b37234967433a5ea5ba72bc0b62) C:\Windows\System32\ssdpsrv.dll

08:21:38.0769 2648 SSDPSRV - ok

08:21:38.0885 2648 SstpSvc (6f1a32e7b7b30f004d9a20afadb14944) C:\Windows\system32\sstpsvc.dll

08:21:38.0914 2648 SstpSvc - ok

08:21:38.0970 2648 stisvc (5de7d67e49b88f5f07f3e53c4b92a352) C:\Windows\System32\wiaservc.dll

08:21:39.0013 2648 stisvc - ok

08:21:39.0077 2648 stllssvr (4cfeb2bd9723489da072b300940ea287) c:\Program Files\Common Files\SureThing Shared\stllssvr.exe

08:21:39.0095 2648 stllssvr - ok

08:21:39.0196 2648 swenum (7ba58ecf0c0a9a69d44b3dca62becf56) C:\Windows\system32\DRIVERS\swenum.sys

08:21:39.0214 2648 swenum - ok

08:21:39.0266 2648 swprv (f21fd248040681cca1fb6c9a03aaa93d) C:\Windows\System32\swprv.dll

08:21:39.0308 2648 swprv - ok

08:21:39.0406 2648 Symc8xx (192aa3ac01df071b541094f251deed10) C:\Windows\system32\drivers\symc8xx.sys

08:21:39.0424 2648 Symc8xx - ok

08:21:39.0471 2648 Sym_hi (8c8eb8c76736ebaf3b13b633b2e64125) C:\Windows\system32\drivers\sym_hi.sys

08:21:39.0492 2648 Sym_hi - ok

08:21:39.0510 2648 Sym_u3 (8072af52b5fd103bbba387a1e49f62cb) C:\Windows\system32\drivers\sym_u3.sys

08:21:39.0530 2648 Sym_u3 - ok

08:21:39.0634 2648 SysMain (9a51b04e9886aa4ee90093586b0ba88d) C:\Windows\system32\sysmain.dll

08:21:39.0686 2648 SysMain - ok

08:21:39.0745 2648 TabletInputService (2dca225eae15f42c0933e998ee0231c3) C:\Windows\System32\TabSvc.dll

08:21:39.0784 2648 TabletInputService - ok

08:21:39.0864 2648 TapiSrv (d7673e4b38ce21ee54c59eeeb65e2483) C:\Windows\System32\tapisrv.dll

08:21:39.0910 2648 TapiSrv - ok

08:21:39.0950 2648 TBS (cb05822cd9cc6c688168e113c603dbe7) C:\Windows\System32\tbssvc.dll

08:21:39.0998 2648 TBS - ok

08:21:40.0082 2648 Tcpip (814a1c66fbd4e1b310a517221f1456bf) C:\Windows\system32\drivers\tcpip.sys

08:21:40.0132 2648 Tcpip - ok

08:21:40.0192 2648 Tcpip6 (814a1c66fbd4e1b310a517221f1456bf) C:\Windows\system32\DRIVERS\tcpip.sys

08:21:40.0236 2648 Tcpip6 - ok

08:21:40.0303 2648 tcpipreg (608c345a255d82a6289c2d468eb41fd7) C:\Windows\system32\drivers\tcpipreg.sys

08:21:40.0362 2648 tcpipreg - ok

08:21:40.0400 2648 TDPIPE (5dcf5e267be67a1ae926f2df77fbcc56) C:\Windows\system32\drivers\tdpipe.sys

08:21:40.0444 2648 TDPIPE - ok

08:21:40.0541 2648 TDTCP (389c63e32b3cefed425b61ed92d3f021) C:\Windows\system32\drivers\tdtcp.sys

08:21:40.0583 2648 TDTCP - ok

08:21:40.0636 2648 tdx (76b06eb8a01fc8624d699e7045303e54) C:\Windows\system32\DRIVERS\tdx.sys

08:21:40.0678 2648 tdx - ok

08:21:40.0717 2648 TermDD (3cad38910468eab9a6479e2f01db43c7) C:\Windows\system32\DRIVERS\termdd.sys

08:21:40.0743 2648 TermDD - ok

08:21:40.0819 2648 TermService (bb95da09bef6e7a131bff3ba5032090d) C:\Windows\System32\termsrv.dll

08:21:40.0870 2648 TermService - ok

08:21:40.0945 2648 Themes (c7230fbee14437716701c15be02c27b8) C:\Windows\system32\shsvcs.dll

08:21:40.0977 2648 Themes - ok

08:21:41.0022 2648 THREADORDER (1076ffcffaae8385fd62dfcb25ac4708) C:\Windows\system32\mmcss.dll

08:21:41.0061 2648 THREADORDER - ok

08:21:41.0120 2648 TrkWks (ec74e77d0eb004bd3a809b5f8fb8c2ce) C:\Windows\System32\trkwks.dll

08:21:41.0164 2648 TrkWks - ok

08:21:41.0226 2648 TrustedInstaller (97d9d6a04e3ad9b6c626b9931db78dba) C:\Windows\servicing\TrustedInstaller.exe

08:21:41.0260 2648 TrustedInstaller - ok

08:21:41.0320 2648 tssecsrv (dcf0f056a2e4f52287264f5ab29cf206) C:\Windows\system32\DRIVERS\tssecsrv.sys

08:21:41.0358 2648 tssecsrv - ok

08:21:41.0462 2648 tunmp (caecc0120ac49e3d2f758b9169872d38) C:\Windows\system32\DRIVERS\tunmp.sys

08:21:41.0494 2648 tunmp - ok

08:21:41.0540 2648 tunnel (300db877ac094feab0be7688c3454a9c) C:\Windows\system32\DRIVERS\tunnel.sys

08:21:41.0576 2648 tunnel - ok

08:21:41.0649 2648 uagp35 (c3ade15414120033a36c0f293d4a4121) C:\Windows\system32\drivers\uagp35.sys

08:21:41.0674 2648 uagp35 - ok

08:21:41.0765 2648 udfs (d9728af68c4c7693cb100b8441cbdec6) C:\Windows\system32\DRIVERS\udfs.sys

08:21:41.0807 2648 udfs - ok

08:21:41.0887 2648 UI0Detect (ecef404f62863755951e09c802c94ad5) C:\Windows\system32\UI0Detect.exe

08:21:41.0932 2648 UI0Detect - ok

08:21:42.0013 2648 uliagpkx (75e6890ebfce0841d3291b02e7a8bdb0) C:\Windows\system32\drivers\uliagpkx.sys

08:21:42.0035 2648 uliagpkx - ok

08:21:42.0100 2648 uliahci (3cd4ea35a6221b85dcc25daa46313f8d) C:\Windows\system32\drivers\uliahci.sys

08:21:42.0127 2648 uliahci - ok

08:21:42.0228 2648 UlSata (8514d0e5cd0534467c5fc61be94a569f) C:\Windows\system32\drivers\ulsata.sys

08:21:42.0250 2648 UlSata - ok

08:21:42.0316 2648 ulsata2 (38c3c6e62b157a6bc46594fada45c62b) C:\Windows\system32\drivers\ulsata2.sys

08:21:42.0336 2648 ulsata2 - ok

08:21:42.0435 2648 umbus (32cff9f809ae9aed85464492bf3e32d2) C:\Windows\system32\DRIVERS\umbus.sys

08:21:42.0473 2648 umbus - ok

08:21:42.0561 2648 UMVPFSrv (927754abf077aeb5504be4e0f2c60c1b) C:\Program Files\Common Files\logishrd\LVMVFM\UMVPFSrv.exe

08:21:42.0590 2648 UMVPFSrv - ok

08:21:42.0676 2648 upnphost (68308183f4ae0be7bf8ecd07cb297999) C:\Windows\System32\upnphost.dll

08:21:42.0721 2648 upnphost - ok

08:21:42.0797 2648 USBAAPL (83cafcb53201bbac04d822f32438e244) C:\Windows\system32\Drivers\usbaapl.sys

08:21:42.0809 2648 USBAAPL ( UnsignedFile.Multi.Generic ) - warning

08:21:42.0809 2648 USBAAPL - detected UnsignedFile.Multi.Generic (1)

08:21:42.0913 2648 usbaudio (32db9517628ff0d070682aab61e688f0) C:\Windows\system32\drivers\usbaudio.sys

08:21:42.0960 2648 usbaudio - ok

08:21:43.0036 2648 usbccgp (caf811ae4c147ffcd5b51750c7f09142) C:\Windows\system32\DRIVERS\usbccgp.sys

08:21:43.0075 2648 usbccgp - ok

08:21:43.0152 2648 usbcir (e9476e6c486e76bc4898074768fb7131) C:\Windows\system32\drivers\usbcir.sys

08:21:43.0226 2648 usbcir - ok

08:21:43.0318 2648 usbehci (79e96c23a97ce7b8f14d310da2db0c9b) C:\Windows\system32\DRIVERS\usbehci.sys

08:21:43.0357 2648 usbehci - ok

08:21:43.0436 2648 usbhub (4673bbcb006af60e7abddbe7a130ba42) C:\Windows\system32\DRIVERS\usbhub.sys

08:21:43.0488 2648 usbhub - ok

08:21:43.0539 2648 usbohci (ce697fee0d479290d89bec80dfe793b7) C:\Windows\system32\DRIVERS\usbohci.sys

08:21:43.0579 2648 usbohci - ok

08:21:43.0624 2648 usbprint (e75c4b5269091d15a2e7dc0b6d35f2f5) C:\Windows\system32\DRIVERS\usbprint.sys

08:21:43.0667 2648 usbprint - ok

08:21:43.0743 2648 usbscan (a508c9bd8724980512136b039bba65e9) C:\Windows\system32\DRIVERS\usbscan.sys

08:21:43.0783 2648 usbscan - ok

08:21:43.0859 2648 USBSTOR (be3da31c191bc222d9ad503c5224f2ad) C:\Windows\system32\DRIVERS\USBSTOR.SYS

08:21:43.0900 2648 USBSTOR - ok

08:21:43.0930 2648 usbuhci (325dbbacb8a36af9988ccf40eac228cc) C:\Windows\system32\DRIVERS\usbuhci.sys

08:21:44.0002 2648 usbuhci - ok

08:21:44.0082 2648 usbvideo (e67998e8f14cb0627a769f6530bcb352) C:\Windows\system32\Drivers\usbvideo.sys

08:21:44.0132 2648 usbvideo - ok

08:21:44.0201 2648 UxSms (1509e705f3ac1d474c92454a5c2dd81f) C:\Windows\System32\uxsms.dll

08:21:44.0244 2648 UxSms - ok

08:21:44.0293 2648 vds (cd88d1b7776dc17a119049742ec07eb4) C:\Windows\System32\vds.exe

08:21:44.0344 2648 vds - ok

08:21:44.0463 2648 vga (7d92be0028ecdedec74617009084b5ef) C:\Windows\system32\DRIVERS\vgapnp.sys

08:21:44.0537 2648 vga - ok

08:21:44.0594 2648 VgaSave (2e93ac0a1d8c79d019db6c51f036636c) C:\Windows\System32\drivers\vga.sys

08:21:44.0637 2648 VgaSave - ok

08:21:44.0665 2648 viaagp (045d9961e591cf0674a920b6ba3ba5cb) C:\Windows\system32\drivers\viaagp.sys

08:21:44.0686 2648 viaagp - ok

08:21:44.0801 2648 ViaC7 (56a4de5f02f2e88182b0981119b4dd98) C:\Windows\system32\drivers\viac7.sys

08:21:44.0874 2648 ViaC7 - ok

08:21:44.0917 2648 viaide (fd2e3175fcada350c7ab4521dca187ec) C:\Windows\system32\drivers\viaide.sys

08:21:44.0936 2648 viaide - ok

08:21:44.0973 2648 volmgr (69503668ac66c77c6cd7af86fbdf8c43) C:\Windows\system32\drivers\volmgr.sys

08:21:44.0993 2648 volmgr - ok

08:21:45.0096 2648 volmgrx (23e41b834759917bfd6b9a0d625d0c28) C:\Windows\system32\drivers\volmgrx.sys

08:21:45.0122 2648 volmgrx - ok

08:21:45.0178 2648 volsnap (147281c01fcb1df9252de2a10d5e7093) C:\Windows\system32\drivers\volsnap.sys

08:21:45.0201 2648 volsnap - ok

08:21:45.0315 2648 vpnagent (e4d2305ebb9de0871a1e13294d0f349b) C:\Program Files\Cisco\Cisco AnyConnect VPN Client\vpnagent.exe

08:21:45.0349 2648 vpnagent - ok

08:21:45.0492 2648 vpnva (e1f2333a88ec4a5c8ea6be357323b72d) C:\Windows\system32\DRIVERS\vpnva.sys

08:21:45.0516 2648 vpnva - ok

08:21:45.0583 2648 vsmraid (d984439746d42b30fc65a4c3546c6829) C:\Windows\system32\drivers\vsmraid.sys

08:21:45.0606 2648 vsmraid - ok

08:21:45.0729 2648 VSS (db3d19f850c6eb32bdcb9bc0836acddb) C:\Windows\system32\vssvc.exe

08:21:45.0799 2648 VSS - ok

08:21:45.0840 2648 W32Time (96ea68b9eb310a69c25ebb0282b2b9de) C:\Windows\system32\w32time.dll

08:21:45.0885 2648 W32Time - ok

08:21:45.0970 2648 WacomPen (48dfee8f1af7c8235d4e626f0c4fe031) C:\Windows\system32\drivers\wacompen.sys

08:21:46.0043 2648 WacomPen - ok

08:21:46.0080 2648 Wanarp (55201897378cca7af8b5efd874374a26) C:\Windows\system32\DRIVERS\wanarp.sys

08:21:46.0121 2648 Wanarp - ok

08:21:46.0127 2648 Wanarpv6 (55201897378cca7af8b5efd874374a26) C:\Windows\system32\DRIVERS\wanarp.sys

08:21:46.0168 2648 Wanarpv6 - ok

08:21:46.0226 2648 wcncsvc (a3cd60fd826381b49f03832590e069af) C:\Windows\System32\wcncsvc.dll

08:21:46.0271 2648 wcncsvc - ok

08:21:46.0350 2648 WcsPlugInService (11bcb7afcdd7aadacb5746f544d3a9c7) C:\Windows\System32\WcsPlugInService.dll

08:21:46.0395 2648 WcsPlugInService - ok

08:21:46.0438 2648 Wd (afc5ad65b991c1e205cf25cfdbf7a6f4) C:\Windows\system32\drivers\wd.sys

08:21:46.0458 2648 Wd - ok

08:21:46.0522 2648 Wdf01000 (9950e3d0f08141c7e89e64456ae7dc73) C:\Windows\system32\drivers\Wdf01000.sys

08:21:46.0567 2648 Wdf01000 - ok

08:21:46.0647 2648 WdiServiceHost (abfc76b48bb6c96e3338d8943c5d93b5) C:\Windows\system32\wdi.dll

08:21:46.0693 2648 WdiServiceHost - ok

08:21:46.0699 2648 WdiSystemHost (abfc76b48bb6c96e3338d8943c5d93b5) C:\Windows\system32\wdi.dll

08:21:46.0749 2648 WdiSystemHost - ok

08:21:46.0790 2648 WebClient (04c37d8107320312fbae09926103d5e2) C:\Windows\System32\webclnt.dll

08:21:46.0828 2648 WebClient - ok

08:21:46.0883 2648 Wecsvc (ae3736e7e8892241c23e4ebbb7453b60) C:\Windows\system32\wecsvc.dll

08:21:46.0917 2648 Wecsvc - ok

08:21:47.0000 2648 wercplsupport (670ff720071ed741206d69bd995ea453) C:\Windows\System32\wercplsupport.dll

08:21:47.0041 2648 wercplsupport - ok

08:21:47.0081 2648 WerSvc (32b88481d3b326da6deb07b1d03481e7) C:\Windows\System32\WerSvc.dll

08:21:47.0124 2648 WerSvc - ok

08:21:47.0133 2648 WinHttpAutoProxySvc - ok

08:21:47.0207 2648 Winmgmt (6b2a1d0e80110e3d04e6863c6e62fd8a) C:\Windows\system32\wbem\WMIsvc.dll

08:21:47.0247 2648 Winmgmt - ok

08:21:47.0362 2648 WinRM (7cfe68bdc065e55aa5e8421607037511) C:\Windows\system32\WsmSvc.dll

08:21:47.0432 2648 WinRM - ok

08:21:47.0515 2648 Wlansvc (c008405e4feeb069e30da1d823910234) C:\Windows\System32\wlansvc.dll

08:21:47.0557 2648 Wlansvc - ok

08:21:47.0653 2648 WmiAcpi (701a9f884a294327e9141d73746ee279) C:\Windows\system32\drivers\wmiacpi.sys

08:21:47.0718 2648 WmiAcpi - ok

08:21:47.0785 2648 wmiApSrv (43be3875207dcb62a85c8c49970b66cc) C:\Windows\system32\wbem\WmiApSrv.exe

08:21:47.0826 2648 wmiApSrv - ok

08:21:47.0905 2648 WMPNetworkSvc (3978704576a121a9204f8cc49a301a9b) C:\Program Files\Windows Media Player\wmpnetwk.exe

08:21:47.0952 2648 WMPNetworkSvc - ok

08:21:48.0053 2648 WPCSvc (cfc5a04558f5070cee3e3a7809f3ff52) C:\Windows\System32\wpcsvc.dll

08:21:48.0098 2648 WPCSvc - ok

08:21:48.0147 2648 WPDBusEnum (801fbdb89d472b3c467eb112a0fc9246) C:\Windows\system32\wpdbusenum.dll

08:21:48.0179 2648 WPDBusEnum - ok

08:21:48.0246 2648 WpdUsb (de9d36f91a4df3d911626643debf11ea) C:\Windows\system32\DRIVERS\wpdusb.sys

08:21:48.0275 2648 WpdUsb - ok

08:21:48.0409 2648 WPFFontCache_v0400 (dcf3e3edf5109ee8bc02fe6e1f045795) C:\Windows\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe

08:21:48.0454 2648 WPFFontCache_v0400 - ok

08:21:48.0547 2648 ws2ifsl (e3a3cb253c0ec2494d4a61f5e43a389c) C:\Windows\system32\drivers\ws2ifsl.sys

08:21:48.0590 2648 ws2ifsl - ok

08:21:48.0638 2648 wscsvc (1ca6c40261ddc0425987980d0cd2aaab) C:\Windows\System32\wscsvc.dll

08:21:48.0675 2648 wscsvc - ok

08:21:48.0695 2648 WSearch - ok

08:21:48.0792 2648 wuauserv (6298277b73c77fa99106b271a7525163) C:\Windows\system32\wuaueng.dll

08:21:48.0880 2648 wuauserv - ok

08:21:48.0969 2648 wudfsvc (575a4190d989f64732119e4114045a4f) C:\Windows\System32\WUDFSvc.dll

08:21:49.0014 2648 wudfsvc - ok

08:21:49.0064 2648 MBR (0x1B8) (8913823ff508ccf109db74b636c301da) \Device\Harddisk0\DR0

08:21:49.0146 2648 \Device\Harddisk0\DR0 - ok

08:21:49.0155 2648 Boot (0x1200) (c00231fd864cae38433a2d446a6a2f70) \Device\Harddisk0\DR0\Partition0

08:21:49.0157 2648 \Device\Harddisk0\DR0\Partition0 - ok

08:21:49.0172 2648 Boot (0x1200) (c904b6cac57a53082ff40b47a79ea976) \Device\Harddisk0\DR0\Partition1

08:21:49.0174 2648 \Device\Harddisk0\DR0\Partition1 - ok

08:21:49.0182 2648 ============================================================

08:21:49.0182 2648 Scan finished

08:21:49.0182 2648 ============================================================

08:21:49.0217 5084 Detected object count: 10

08:21:49.0217 5084 Actual detected object count: 10

08:22:10.0862 5084 hpqcxs08 ( UnsignedFile.Multi.Generic ) - skipped by user

08:22:10.0863 5084 hpqcxs08 ( UnsignedFile.Multi.Generic ) - User select action: Skip

08:22:10.0866 5084 hpqddsvc ( UnsignedFile.Multi.Generic ) - skipped by user

08:22:10.0866 5084 hpqddsvc ( UnsignedFile.Multi.Generic ) - User select action: Skip

08:22:10.0871 5084 IDriverT ( UnsignedFile.Multi.Generic ) - skipped by user

08:22:10.0872 5084 IDriverT ( UnsignedFile.Multi.Generic ) - User select action: Skip

08:22:10.0874 5084 LightScribeService ( UnsignedFile.Multi.Generic ) - skipped by user

08:22:10.0874 5084 LightScribeService ( UnsignedFile.Multi.Generic ) - User select action: Skip

08:22:10.0879 5084 McciCMService ( UnsignedFile.Multi.Generic ) - skipped by user

08:22:10.0879 5084 McciCMService ( UnsignedFile.Multi.Generic ) - User select action: Skip

08:22:10.0882 5084 MREMP50 ( UnsignedFile.Multi.Generic ) - skipped by user

08:22:10.0882 5084 MREMP50 ( UnsignedFile.Multi.Generic ) - User select action: Skip

08:22:10.0888 5084 MRESP50 ( UnsignedFile.Multi.Generic ) - skipped by user

08:22:10.0888 5084 MRESP50 ( UnsignedFile.Multi.Generic ) - User select action: Skip

08:22:10.0889 5084 Net Driver HPZ12 ( UnsignedFile.Multi.Generic ) - skipped by user

08:22:10.0889 5084 Net Driver HPZ12 ( UnsignedFile.Multi.Generic ) - User select action: Skip

08:22:10.0894 5084 Pml Driver HPZ12 ( UnsignedFile.Multi.Generic ) - skipped by user

08:22:10.0894 5084 Pml Driver HPZ12 ( UnsignedFile.Multi.Generic ) - User select action: Skip

08:22:10.0897 5084 USBAAPL ( UnsignedFile.Multi.Generic ) - skipped by user

08:22:10.0897 5084 USBAAPL ( UnsignedFile.Multi.Generic ) - User select action: Skip

08:22:18.0189 0540 Deinitialize success

Link to post
Share on other sites

post-32477-1261866970.gif

Logs will be closed if you haven't replied within 3 days

Please don't attach the scans / logs for these tools, use "copy/paste".

DO NOT use any TOOLS such as Combofix or HijackThis fixes without supervision.

Doing so could make your pc inoperatible and could require a full reinstall of your OS, losing all your programs and data.

Please run a new MBAM scan being sure to update before scanning.

Post the scan results

Also please describe how your computer behaves at the moment.

Please don't attach the scans / logs, use "copy/paste".

Link to post
Share on other sites

First off, TYVM for taking the time to reply. It is very much appreciated. I did as you suggested and MBAM still comes up with nothing. As for how the machine is acting: If I perform a web search search from, say, Yahoo using Firefox as the browser....the initial results look perfectly normal. But roughly 80% of the time that a resulting link is clicked I see "redirect" instead of the target url in the tab and am taken to one of several phony search sites like this for example:

http://63.209.69.107/search/web/corned+beef/a12/46351-8909_757/v5

or http://www.gimmeanswers.org/search/bc_rtus/results.php?search=malware%20protection&aid=161

It has never happened when using IE as the browser, nor have I noticed anything unusual when an address has been typed in...or a bookmark used. Nothing else out of the ordinary happening that I have noticed, but it seems obvious that something unwanted is at work here and made me very reluctant to assume that its not more sinister that it appears. Any advice and/or insight you may be able to lend and I'll be forever in your debt.

Thanks again for your time and expertise.

Link to post
Share on other sites

The MBAM scan results from this evening:

Malwarebytes Anti-Malware 1.60.1.1000

www.malwarebytes.org

Database version: v2012.03.29.09

Windows Vista Service Pack 2 x86 NTFS

Internet Explorer 9.0.8112.16421

Jack :: HOME-PC [administrator]

3/29/2012 5:46:18 PM

mbam-log-2012-03-29 (17-46-18).txt

Scan type: Quick scan

Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM

Scan options disabled: P2P

Objects scanned: 342391

Time elapsed: 49 minute(s), 39 second(s)

Memory Processes Detected: 0

(No malicious items detected)

Memory Modules Detected: 0

(No malicious items detected)

Registry Keys Detected: 0

(No malicious items detected)

Registry Values Detected: 0

(No malicious items detected)

Registry Data Items Detected: 0

(No malicious items detected)

Folders Detected: 0

(No malicious items detected)

Files Detected: 0

(No malicious items detected)

(end)

Link to post
Share on other sites

OK.

Please do not attach the scan results from Combofx. Use copy/paste.

Vista and Windows 7 users:

1. These tools MUST be run from the executable. (.exe) every time you run them

2. With Admin Rights (Right click, choose "Run as Administrator")

Download ComboFix from one of these locations:

Link 1

Link 2 If using this link, Right Click and select Save As.

* IMPORTANT !!! Save ComboFix.exe to your Desktop

  • Disable your AntiVirus and AntiSpyware applications, usually via a right click on the System Tray icon. They may otherwise interfere with our tools. Note: If you are having difficulty properly disabling your protective programs, or are unsure as to what programs need to be disabled, please refer to the information available through this link : Protective Programs
  • Double click on ComboFix.exe & follow the prompts.
    Notes: Combofix will run without the Recovery Console installed. Skip the Recovery Console part if you're running Vista or Windows 7.
    Note: If you have XP SP3, use the XP SP2 package.
    If Vista or Windows 7, skip the Recovery Console part
  • As part of it's process, ComboFix will check to see if the Microsoft Windows Recovery Console is installed. With malware infections being as they are today, it's strongly recommended to have this pre-installed on your machine before doing any malware removal. It will allow you to boot up into a special recovery/repair mode that will allow us to more easily help you should your computer have a problem after an attempted removal of malware.
  • Follow the prompts to allow ComboFix to download and install the Microsoft Windows Recovery Console, and when prompted, agree to the End-User License Agreement to install the Microsoft Windows Recovery Console.

**Please note: If the Microsoft Windows Recovery Console is already installed, ComboFix will continue it's malware removal procedures.

RC1.png

Once the Microsoft Windows Recovery Console is installed using ComboFix, you should see the following message:

RC2-1.png

Click on Yes, to continue scanning for malware.

When finished, it shall produce a log for you. Please include the C:\ComboFix.txt using Copy / Paste in your next reply.

Notes:

1.Do not mouse-click Combofix's window while it is running. That may cause it to stall.

2. ComboFix may reset a number of Internet Explorer's settings, including making I-E the default browser.

3. Combofix prevents autorun of ALL CD, floppy and USB devices to assist with malware removal & increase security. If this is an issue or makes it difficult for you -- please tell your helper.

4. CF disconnects your machine from the internet. The connection is automatically restored before CF completes its run. If CF runs into difficulty and terminates prematurely, the connection can be manually restored by restarting your machine.

Give it atleast 20-30 minutes to finish if needed.

Please do not attach the scan results from Combofx. Use copy/paste.

Also please describe how your computer behaves at the moment.

Link to post
Share on other sites

Ran CF as directed...log follows. Tried about a dozen search result clicks and not a single re-direct. Obviously much better. Assuming the results stay this way and based on the log, is there anything you can tell me about what exactly we're dealing with here? I see that several items were removed. I'll give it another day or two and let you know how things look so we can close this thread. Thanks for the guidance and a $ donation to MWBAM will also be forthcoming.

ComboFix 12-03-29.02 - Jack 03/29/2012 20:45:16.1.2 - x86

Microsoft® Windows Vista™ Home Premium 6.0.6002.2.1252.1.1033.18.1918.993 [GMT -4:00]

Running from: c:\users\Jack\Desktop\ComboFix.exe

AV: Kaspersky Anti-Virus *Disabled/Updated* {56547CC9-C9B2-849D-8FEF-A496150D6A06}

SP: Kaspersky Anti-Virus *Disabled/Updated* {ED359D2D-EF88-8B13-B55F-9FE46E8A20BB}

SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

.

.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))

.

.

c:\users\Guest\AppData\Roaming\Mozilla\Firefox\Profiles\be1ndkcw.default\extensions\{001fa8cd-20d5-40ec-9c3e-ad54c1682e7d}

c:\users\Guest\AppData\Roaming\Mozilla\Firefox\Profiles\be1ndkcw.default\extensions\{001fa8cd-20d5-40ec-9c3e-ad54c1682e7d}\chrome.manifest

c:\users\Guest\AppData\Roaming\Mozilla\Firefox\Profiles\be1ndkcw.default\extensions\{001fa8cd-20d5-40ec-9c3e-ad54c1682e7d}\chrome\xulcache.jar

c:\users\Guest\AppData\Roaming\Mozilla\Firefox\Profiles\be1ndkcw.default\extensions\{001fa8cd-20d5-40ec-9c3e-ad54c1682e7d}\defaults\preferences\xulcache.js

c:\users\Guest\AppData\Roaming\Mozilla\Firefox\Profiles\be1ndkcw.default\extensions\{001fa8cd-20d5-40ec-9c3e-ad54c1682e7d}\install.rdf

c:\users\Jack\AppData\Roaming\Mozilla\Firefox\Profiles\nsqwj5pi.default\extensions\{001fa8cd-20d5-40ec-9c3e-ad54c1682e7d}

c:\users\Jack\AppData\Roaming\Mozilla\Firefox\Profiles\nsqwj5pi.default\extensions\{001fa8cd-20d5-40ec-9c3e-ad54c1682e7d}\chrome.manifest

c:\users\Jack\AppData\Roaming\Mozilla\Firefox\Profiles\nsqwj5pi.default\extensions\{001fa8cd-20d5-40ec-9c3e-ad54c1682e7d}\chrome\xulcache.jar

c:\users\Jack\AppData\Roaming\Mozilla\Firefox\Profiles\nsqwj5pi.default\extensions\{001fa8cd-20d5-40ec-9c3e-ad54c1682e7d}\defaults\preferences\xulcache.js

c:\users\Jack\AppData\Roaming\Mozilla\Firefox\Profiles\nsqwj5pi.default\extensions\{001fa8cd-20d5-40ec-9c3e-ad54c1682e7d}\install.rdf

c:\users\Tina\AppData\Roaming\Mozilla\Firefox\Profiles\qqputoac.default\extensions\{001fa8cd-20d5-40ec-9c3e-ad54c1682e7d}

c:\users\Tina\AppData\Roaming\Mozilla\Firefox\Profiles\qqputoac.default\extensions\{001fa8cd-20d5-40ec-9c3e-ad54c1682e7d}\chrome.manifest

c:\users\Tina\AppData\Roaming\Mozilla\Firefox\Profiles\qqputoac.default\extensions\{001fa8cd-20d5-40ec-9c3e-ad54c1682e7d}\chrome\xulcache.jar

c:\users\Tina\AppData\Roaming\Mozilla\Firefox\Profiles\qqputoac.default\extensions\{001fa8cd-20d5-40ec-9c3e-ad54c1682e7d}\defaults\preferences\xulcache.js

c:\users\Tina\AppData\Roaming\Mozilla\Firefox\Profiles\qqputoac.default\extensions\{001fa8cd-20d5-40ec-9c3e-ad54c1682e7d}\install.rdf

.

.

((((((((((((((((((((((((( Files Created from 2012-02-28 to 2012-03-30 )))))))))))))))))))))))))))))))

.

.

2012-03-30 01:02 . 2012-03-30 01:02 -------- d-----w- c:\users\Tina\AppData\Local\temp

2012-03-30 01:02 . 2012-03-30 01:02 -------- d-----w- c:\users\Meredith\AppData\Local\temp

2012-03-30 01:02 . 2012-03-30 01:02 -------- d-----w- c:\users\Default\AppData\Local\temp

2012-03-30 01:02 . 2012-03-30 01:02 -------- d-----w- c:\users\Guest\AppData\Local\temp

2012-03-23 23:47 . 2012-03-23 23:47 -------- d-----w- c:\program files\iPod

2012-03-23 23:47 . 2012-03-23 23:49 -------- d-----w- c:\program files\iTunes

2012-03-18 00:04 . 2012-03-18 00:04 592824 ----a-w- c:\program files\Mozilla Firefox\gkmedias.dll

2012-03-18 00:04 . 2012-03-18 00:04 44472 ----a-w- c:\program files\Mozilla Firefox\mozglue.dll

2012-03-14 00:40 . 2012-02-02 15:16 2044416 ----a-w- c:\windows\system32\win32k.sys

2012-03-14 00:40 . 2012-02-14 15:45 219648 ----a-w- c:\windows\system32\d3d10_1core.dll

2012-03-14 00:40 . 2012-02-13 13:44 1068544 ----a-w- c:\windows\system32\DWrite.dll

2012-03-14 00:40 . 2012-02-14 15:45 160768 ----a-w- c:\windows\system32\d3d10_1.dll

2012-03-14 00:40 . 2012-02-13 14:12 1172480 ----a-w- c:\windows\system32\d3d10warp.dll

2012-03-14 00:40 . 2012-02-13 13:47 683008 ----a-w- c:\windows\system32\d2d1.dll

2012-03-14 00:40 . 2012-01-31 10:59 2409784 ----a-w- c:\program files\Windows Mail\OESpamFilter.dat

2012-03-13 21:57 . 2012-03-13 21:57 -------- d-----w- c:\users\UpdatusUser.Home-PC

2012-03-13 21:50 . 2012-02-29 23:59 61248 ----a-w- c:\windows\system32\OpenCL.dll

2012-03-13 21:49 . 2012-02-29 23:59 19444544 ----a-w- c:\windows\system32\nvoglv32.dll

2012-03-13 21:49 . 2012-02-29 23:59 10819392 ----a-w- c:\windows\system32\drivers\nvlddmkm.sys

2012-03-13 21:49 . 2012-02-29 23:59 5892928 ----a-w- c:\windows\system32\nvcuda.dll

2012-03-13 21:49 . 2012-02-29 23:59 2517312 ----a-w- c:\windows\system32\nvcuvid.dll

2012-03-13 21:49 . 2012-02-29 23:59 2437440 ----a-w- c:\windows\system32\nvcuvenc.dll

2012-03-13 21:49 . 2012-02-29 23:59 17543488 ----a-w- c:\windows\system32\nvcompiler.dll

2012-03-13 21:41 . 2012-01-09 15:54 613376 ----a-w- c:\windows\system32\rdpencom.dll

2012-03-13 21:41 . 2012-01-09 13:58 180736 ----a-w- c:\windows\system32\drivers\rdpwd.sys

.

.

.

(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))

.

2012-02-29 23:59 . 2012-01-29 14:03 881984 ----a-w- c:\windows\system32\nvgenco32.dll

2012-02-29 23:59 . 2012-01-29 14:03 1000256 ----a-w- c:\windows\system32\nvdispco32.dll

2012-02-29 23:59 . 2007-07-07 01:15 2301248 ----a-w- c:\windows\system32\nvapi.dll

2012-02-29 23:59 . 2007-07-07 01:15 15009600 ----a-w- c:\windows\system32\nvd3dum.dll

2012-02-29 20:56 . 2008-05-23 01:49 3881792 ----a-w- c:\windows\system32\nvcpl.dll

2012-02-29 20:55 . 2007-07-07 01:15 2719040 ----a-w- c:\windows\system32\nvsvc.dll

2012-02-29 20:53 . 2007-07-07 01:15 108352 ----a-w- c:\windows\system32\nvmctray.dll

2012-02-29 20:53 . 2012-01-29 14:10 62272 ----a-w- c:\windows\system32\nvshext.dll

2012-02-29 20:53 . 2008-05-03 02:46 645440 ----a-w- c:\windows\system32\nvvsvc.exe

2012-02-21 22:38 . 2011-05-16 08:57 414368 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl

2012-02-21 11:21 . 2010-05-05 21:43 472808 ----a-w- c:\windows\system32\deployJava1.dll

2012-03-18 00:04 . 2011-04-04 00:17 97208 ----a-w- c:\program files\mozilla firefox\components\browsercomps.dll

2011-04-14 18:01 . 2010-05-02 21:08 24376 ----a-w- c:\program files\mozilla firefox\components\Scriptff.dll

.

.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))

.

.

*Note* empty entries & legit default entries are not shown

REGEDIT4

.

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2009-04-11 1233920]

"ehTray.exe"="c:\windows\ehome\ehTray.exe" [2008-01-19 125952]

"WMPNSCFG"="c:\program files\Windows Media Player\WMPNSCFG.exe" [2008-01-19 202240]

"Logitech Vid"="c:\program files\Logitech\Vid HD\Vid.exe" [2011-06-02 6123032]

"CaddieSync Express"="c:\program files\SkyGolf\CaddieSync Express\CaddieSyncExpress.exe" [2011-04-27 2364792]

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"hpsysdrv"="c:\hp\support\hpsysdrv.exe" [2006-09-28 65536]

"RtHDVCpl"="RtHDVCpl.exe" [2008-01-15 4874240]

"WinampAgent"="c:\program files\Winamp\winampa.exe" [2008-01-15 37376]

"TkBellExe"="c:\program files\Common Files\Real\Update_OB\realsched.exe" [2009-11-28 198160]

"OsdMaestro"="c:\program files\Hewlett-Packard\On-Screen OSD Indicator\OSD.exe" [2007-02-15 118784]

"HP Software Update"="c:\program files\HP\HP Software Update\HPWuSchd2.exe" [2006-12-11 49152]

"LWS"="c:\program files\Logitech\LWS\Webcam Software\LWS.exe" [2011-03-02 190808]

"CaddieSyncConduit"="c:\program files\SkyGolf\CaddieSync Express\CaddieSyncExpress.exe" [2011-04-27 2364792]

"Monitor"="c:\program files\LeapFrog\LeapFrog Connect\Monitor.exe" [2010-11-19 193880]

"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2012-01-03 843712]

"SnapfishMediaDetector"="c:\program files\Snapfish Media Detector\SnapfishMediaDetector.exe" [2007-03-02 1441792]

"AVP"="c:\program files\Kaspersky Lab\Kaspersky Anti-Virus 2011\avp.exe" [2010-11-03 365336]

"APSDaemon"="c:\program files\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2012-02-21 59240]

"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2011-10-24 421888]

"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2012-01-18 254696]

"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2012-03-06 421736]

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce]

"Launcher"="c:\windows\SMINST\launcher.exe" [2007-03-07 44168]

.

c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\

HP Digital Imaging Monitor.lnk - c:\program files\HP\Digital Imaging\bin\hpqtra08.exe [2007-1-2 210520]

Microsoft Office.lnk - c:\program files\Microsoft Office\Office\OSA9.EXE [2000-1-21 65588]

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]

"EnableUIADesktopToggle"= 0 (0x0)

.

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MCODS]

@=""

.

[HKLM\~\startupfolder\C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^Snapfish Media Detector.lnk]

path=c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\Snapfish Media Detector.lnk

backup=c:\windows\pss\Snapfish Media Detector.lnk.CommonStartup

backupExtension=.CommonStartup

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Malwarebytes' Anti-Malware (reboot)]

2012-01-13 18:53 981680 ----a-w- c:\program files\Malwarebytes' Anti-Malware\mbam.exe

.

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring]

"DisableMonitoring"=dword:00000001

.

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\KasperskyAntiVirus]

"DisableMonitoring"=dword:00000001

.

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]

"DisableMonitoring"=dword:00000001

.

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]

"DisableMonitoring"=dword:00000001

.

S2 AdobeARMservice;Adobe Acrobat Update Service;c:\program files\Common Files\Adobe\ARM\1.0\armsvc.exe [2012-01-03 63928]

.

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]

HPZ12 REG_MULTI_SZ Pml Driver HPZ12 Net Driver HPZ12

hpdevmgmt REG_MULTI_SZ hpqcxs08 hpqddsvc

LocalServiceAndNoImpersonation REG_MULTI_SZ FontCache

.

Contents of the 'Scheduled Tasks' folder

.

2012-03-29 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job

- c:\program files\Google\Update\GoogleUpdate.exe [2010-07-11 14:05]

.

2012-03-30 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job

- c:\program files\Google\Update\GoogleUpdate.exe [2010-07-11 14:05]

.

.

------- Supplementary Scan -------

.

uStart Page = hxxp://my.yahoo.com/

mStart Page = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=EN_US&c=73&bd=Pavilion&pf=desktop

uInternet Settings,ProxyOverride = *.local

uSearchURL,(Default) = hxxp://search.yahoo.com/search?fr=mcafee&p=%s

TCP: DhcpNameServer = 192.168.1.254

FF - ProfilePath - c:\users\Jack\AppData\Roaming\Mozilla\Firefox\Profiles\nsqwj5pi.default\

FF - prefs.js: browser.search.selectedEngine - Secure Search

FF - prefs.js: browser.startup.homepage - hxxp://my.yahoo.com/

FF - prefs.js: keyword.URL - hxxp://search.yahoo.com/search?fr=mcafee&p=

.

- - - - ORPHANS REMOVED - - - -

.

MSConfigStartUp-ATT-SST_McciTrayApp - c:\program files\ATT-SST\McciTrayApp.exe

AddRemove-ATT-SST-UversePortal - c:\program files\ATT-SST\Uninstall.exe

AddRemove-Winamp - c:\program files\Winamp\UninstWA.exe

.

.

.

**************************************************************************

.

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net

Rootkit scan 2012-03-29 21:17

Windows 6.0.6002 Service Pack 2 NTFS

.

scanning hidden processes ...

.

scanning hidden autostart entries ...

.

scanning hidden files ...

.

scan completed successfully

hidden files: 0

.

**************************************************************************

.

Completion time: 2012-03-29 21:21:48

ComboFix-quarantined-files.txt 2012-03-30 01:21

.

Pre-Run: 79,971,291,136 bytes free

Post-Run: 80,951,296,000 bytes free

.

- - End Of File - - 8F73CDC0C9F7FC03FB67EA4CDA435122

Link to post
Share on other sites

Looks like they were all FireFox extensions

c:\users\Guest\AppData\Roaming\Mozilla\Firefox\Profiles\be1ndkcw.default\extensions\

Good job thumbup.gif

The following will implement some cleanup procedures as well as reset System Restore points:

For XP:

  • Click START run
  • Now type ComboFix /Uninstall in the runbox and click OK. Note the space between the X and the /, it needs to be there.

For Vista / Windows 7

  • Click START Search
  • Now type ComboFix /Uninstall in the runbox and click OK. Note the space between the X and the /, it needs to be there.

Here's my usual all clean post

To be on the safe side, I would also change all my passwords.

This infection appears to have been cleaned, but as the malware could be configured to run any program a remote attacker requires, it's impossible to be 100% sure that any machine is clean.

Log looks good :D

  • Update your AntiVirus Software - It is imperative that you update your Antivirus software at least once a week
    (Even more if you wish). If you do not update your antivirus software then it will not be able to catch any of the new variants that may come out.
  • Use a Firewall - I can not stress how important it is that you use a Firewall on your computer.
    Without a firewall your computer is succeptible to being hacked and taken over.
    I am very serious about this and see it happen almost every day with my clients.
    Simply using a Firewall in its default configuration can lower your risk greatly.

  • Securing Your Web Browser
    This paper will help you configure your web browser for safer internet surfing.
  • Using a secure browser plugin M86 SecureBrowsing makes it safe to search, surf and socialize online. This free browser plug-in displays security icons next to links on search engines and social networking sites like Facebook, Twitter and LinkedIn, so you'll know which pages are safe and which ones to avoid.
    •Free browser plug-in for Internet Explorer and Firefox
    •Real-time safety ratings
    •Ideal for Facebook, Twitter and LinkedIn
  • JAVA Click this link and click on the Free JAVA Download
  • Visit Microsoft's Windows Update Site Frequently - It is important that you visit http://www.windowsupdate.com regularly.
    This will ensure your computer has always the latest security updates available installed on your computer.
    If there are new updates to install, install them immediately, reboot your computer, and revisit the site
    until there are no more critical updates.

Only run one Anti-Virus and Firewall program.

I would suggest you read:

PC Safety and Security--What Do I Need?.

How to Prevent Malware:

The full version of Malwarebytes' Anti-Malware could have helped protect your computer against this threat.

We use different ways of protecting your computer(s):

  • Dynamically Blocks Malware Sites & Servers
  • Malware Execution Prevention

Save yourself the hassle and get protected.

Link to post
Share on other sites

Guest
This topic is now closed to further replies.
 Share

  • Recently Browsing   0 members

    • No registered users viewing this page.
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.