Got infected with a virus today. I think it was siricef c or some such as that.

Shivalyn · April 1, 2012

As the topic says I got infected by a virus today and I believe it was called siricef c or something along those lines. I have a lot of useless junk (remnants of old programs like the LiveScribe pen I don't use any more, for example) running on this computer unfortunately so it may be a bit to wade through. There's especially a lot towards the end, some of which I don't even know what it's for. Any help is appreciated in getting rid of this. From what I read, it's quite the insidious little virus.

Hope I got all the steps right for posting this. Let me know if you need the Attach log as well:

------------------------------------------------------------

Hijack This

------------------------------------------------------------

Logfile of Trend Micro HijackThis v2.0.4

Scan saved at 12:00:03 AM, on 4/1/2012

Platform: Windows 7 SP1 (WinNT 6.00.3505)

MSIE: Internet Explorer v9.00 (9.00.8112.16421)

Boot mode: Normal

Running processes:

C:\Program Files (x86)\Rainlendar2\Rainlendar2.exe

C:\Users\Aaron\Local Settings\Apps\F.lux\flux.exe

C:\Program Files (x86)\Renesas Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe

C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe

C:\Program Files (x86)\TP-LINK\QSS\jswtrayutil.exe

C:\Users\Aaron\AppData\Roaming\Dropbox\bin\Dropbox.exe

C:\Users\Aaron\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\speedfan.exe

C:\Program Files (x86)\Stardock\ObjectDock\ObjectDock.exe

C:\Program Files (x86)\Common Files\Realtime Soft\RTSHookInterop\x32\RTSHookInterop.exe

C:\Program Files (x86)\Mozilla Firefox\firefox.exe

C:\Program Files (x86)\Mozilla Firefox\plugin-container.exe

C:\Users\Aaron\Desktop\HijackThis.exe

C:\Windows\SysWOW64\DllHost.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://en.wikipedia.org/wiki/Special:Random

R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =

R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =

R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local

F2 - REG:system.ini: UserInit=userinit.exe

O1 - Hosts: ::1 localhost

O1 - Hosts: 68.168.222.226 www.google-analytics.com.

O1 - Hosts: 68.168.222.226 ad-emea.doubleclick.net.

O1 - Hosts: 68.168.222.226 www.statcounter.com.

O1 - Hosts: 108.163.215.51 www.google-analytics.com.

O1 - Hosts: 108.163.215.51 ad-emea.doubleclick.net.

O1 - Hosts: 108.163.215.51 www.statcounter.com.

O2 - BHO: Increase performance and video formats for your HTML5 <video> - {326E768D-4182-46FD-9C16-1449A49795F4} - C:\Program Files (x86)\DivX\DivX Plus Web Player\ie\DivXHTML5\DivXHTML5.dll

O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\PROGRA~2\MICROS~1\Office14\GROOVEEX.DLL

O2 - BHO: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll

O2 - BHO: URLRedirectionBHO - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\PROGRA~2\MICROS~1\Office14\URLREDIR.DLL

O2 - BHO: Java Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll

O4 - HKLM\..\Run: [startCCC] "C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun

O4 - HKLM\..\Run: [NUSB3MON] "C:\Program Files (x86)\Renesas Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe"

O4 - HKLM\..\Run: [Control Center] C:\Program Files (x86)\ASUS\WLAN Card Utilities\CenterAgent.exe

O4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"

O4 - HKLM\..\Run: [bCSSync] "C:\Program Files (x86)\Microsoft Office\Office14\BCSSync.exe" /DelayServices

O4 - HKLM\..\Run: [jswtrayutil] "C:\Program Files (x86)\TP-LINK\QSS\jswtrayutil.exe"

O4 - HKCU\..\Run: [sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun

O4 - HKCU\..\Run: [Rainlendar2] C:\Program Files (x86)\Rainlendar2\Rainlendar2.exe

O4 - HKCU\..\Run: [F.lux] "C:\Users\Aaron\Local Settings\Apps\F.lux\flux.exe" /noshow

O4 - HKCU\..\Run: [sUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe

O4 - HKCU\..\Run: [Google Update] "C:\Users\Aaron\AppData\Local\Google\Update\GoogleUpdate.exe" /c

O4 - HKUS\S-1-5-19\..\Run: [sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'LOCAL SERVICE')

O4 - HKUS\S-1-5-19\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'LOCAL SERVICE')

O4 - HKUS\S-1-5-20\..\Run: [sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'NETWORK SERVICE')

O4 - HKUS\S-1-5-20\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'NETWORK SERVICE')

O4 - Startup: debug.nfo

O4 - Startup: Dropbox.lnk = Aaron\AppData\Roaming\Dropbox\bin\Dropbox.exe

O4 - Startup: ProgramHotkeys.ahk - Shortcut.lnk = Aaron\Documents\My Dropbox\Shortcuts.ahk

O4 - Startup: Rainmeter.lnk = C:\Program Files\Rainmeter\Rainmeter.exe

O4 - Startup: speedfan.exe

O4 - Startup: speedfanparams.cfg

O4 - Startup: Stardock ObjectDock.lnk = C:\Program Files (x86)\Stardock\ObjectDock\ObjectDock.exe

O4 - Global Startup: SetPointII.lnk = ?

O4 - Global Startup: UltraMon.lnk = ?

O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~1\Office14\EXCEL.EXE/3000

O8 - Extra context menu item: Se&nd to OneNote - res://C:\PROGRA~1\MICROS~1\Office14\ONBttnIE.dll/105

O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIE.dll

O9 - Extra 'Tools' menuitem: Se&nd to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIE.dll

O9 - Extra button: OneNote Lin&ked Notes - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIELinkedNotes.dll

O9 - Extra 'Tools' menuitem: OneNote Lin&ked Notes - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIELinkedNotes.dll

O10 - Unknown file in Winsock LSP: c:\program files (x86)\common files\microsoft shared\windows live\wlidnsp.dll

O11 - Options group: [ACCELERATED_GRAPHICS] Accelerated graphics

O17 - HKLM\System\CCS\Services\Tcpip\..\{14D423E3-74A5-4DA8-9A1A-2953BDC5AF9D}: NameServer = 8.8.8.8,4.4.2.1

O17 - HKLM\System\CCS\Services\Tcpip\..\{AFD6FD2D-6C85-4F38-9F8E-85EE2EF172F4}: NameServer = 208.67.222.222

O18 - Filter hijack: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE14\MSOXMLMF.DLL

O23 - Service: SAS Core Service (!SASCORE) - SUPERAntiSpyware.com - C:\Program Files\SUPERAntiSpyware\SASCORE64.EXE

O23 - Service: @%SystemRoot%\system32\Alg.exe,-112 (ALG) - Unknown owner - C:\Windows\System32\alg.exe (file missing)

O23 - Service: AMD External Events Utility - Unknown owner - C:\Windows\system32\atiesrxx.exe (file missing)

O23 - Service: AMD Reservation Manager - Advanced Micro Devices - C:\Program Files\ATI Technologies\ATI.ACE\Reservation Manager\AMD Reservation Manager.exe

O23 - Service: ASUS Wireless Card Service (ASWLCCSvc) - Unknown owner - C:\Program Files (x86)\ASUS\WLAN Card Utilities\ASWLCCSVC.exe

O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files (x86)\Bonjour\mDNSResponder.exe

O23 - Service: Cisco Systems, Inc. VPN Service (CVPND) - Cisco Systems, Inc. - C:\Program Files (x86)\Cisco Systems\VPN Client\cvpnd.exe

O23 - Service: @%SystemRoot%\system32\efssvc.dll,-100 (EFS) - Unknown owner - C:\Windows\System32\lsass.exe (file missing)

O23 - Service: @%systemroot%\system32\fxsresm.dll,-118 (Fax) - Unknown owner - C:\Windows\system32\fxssvc.exe (file missing)

O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files (x86)\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe

O23 - Service: Google Update Service (gupdate) (gupdate) - Google Inc. - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe

O23 - Service: Google Update Service (gupdatem) (gupdatem) - Google Inc. - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe

O23 - Service: Hi-Rez Studios Authenticate and Update Service (HiPatchService) - Hi-Rez Studios - C:\Program Files (x86)\Hi-Rez Studios\HiPatchService.exe

O23 - Service: Input Director Vista Service (IDVistaService) - Unknown owner - C:\Program Files (x86)\Input Director\IDVistaService.exe

O23 - Service: Input Director Service (InputDirector) - Unknown owner - C:\Program Files (x86)\Input Director\IDWinService.exe

O23 - Service: JumpStart Push-Button Service (jswpbapi) - Wireless - C:\Program Files (x86)\TP-LINK\QSS\jswpbapi.exe

O23 - Service: JumpStart Wi-Fi Protected Setup (jswpsapi) - Wireless - C:\Program Files (x86)\TP-LINK\QSS\jswpsapi.exe

O23 - Service: @keyiso.dll,-100 (KeyIso) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)

O23 - Service: Logitech Bluetooth Service (LBTServ) - Logitech, Inc. - C:\Program Files\Common Files\Logishrd\Bluetooth\LBTServ.exe

O23 - Service: @comres.dll,-2797 (MSDTC) - Unknown owner - C:\Windows\System32\msdtc.exe (file missing)

O23 - Service: @%SystemRoot%\System32\netlogon.dll,-102 (Netlogon) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)

O23 - Service: Livescribe Pulse Smartpen Service (PenCommService) - Livescribe - C:\Program Files (x86)\Common Files\Livescribe\PenComm\PenCommService.exe

O23 - Service: @%systemroot%\system32\psbase.dll,-300 (ProtectedStorage) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)

O23 - Service: Ralink Registry Writer (RalinkRegistryWriter) - Ralink Technology, Corp. - C:\Program Files (x86)\Ralink\Common\RaRegistry.exe

O23 - Service: Ralink Registry Writer 64 (RalinkRegistryWriter64) - Ralink Technology, Corp. - C:\Program Files (x86)\Ralink\Common\RaRegistry64.exe

O23 - Service: @%systemroot%\system32\Locator.exe,-2 (RpcLocator) - Unknown owner - C:\Windows\system32\locator.exe (file missing)

O23 - Service: @%SystemRoot%\system32\samsrv.dll,-1 (SamSs) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)

O23 - Service: @%SystemRoot%\system32\snmptrap.exe,-3 (SNMPTRAP) - Unknown owner - C:\Windows\System32\snmptrap.exe (file missing)

O23 - Service: @%systemroot%\system32\spoolsv.exe,-1 (Spooler) - Unknown owner - C:\Windows\System32\spoolsv.exe (file missing)

O23 - Service: @%SystemRoot%\system32\sppsvc.exe,-101 (sppsvc) - Unknown owner - C:\Windows\system32\sppsvc.exe (file missing)

O23 - Service: Steam Client Service - Valve Corporation - C:\Program Files (x86)\Common Files\Steam\SteamService.exe

O23 - Service: Synergy Server - Unknown owner - C:\Program Files\Synergy\synergys.exe

O23 - Service: @%SystemRoot%\system32\ui0detect.exe,-101 (UI0Detect) - Unknown owner - C:\Windows\system32\UI0Detect.exe (file missing)

O23 - Service: @%SystemRoot%\system32\vaultsvc.dll,-1003 (VaultSvc) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)

O23 - Service: @%SystemRoot%\system32\vds.exe,-100 (vds) - Unknown owner - C:\Windows\System32\vds.exe (file missing)

O23 - Service: @%systemroot%\system32\vssvc.exe,-102 (VSS) - Unknown owner - C:\Windows\system32\vssvc.exe (file missing)

O23 - Service: @%SystemRoot%\system32\Wat\WatUX.exe,-601 (WatAdminSvc) - Unknown owner - C:\Windows\system32\Wat\WatAdminSvc.exe (file missing)

O23 - Service: @%systemroot%\system32\wbengine.exe,-104 (wbengine) - Unknown owner - C:\Windows\system32\wbengine.exe (file missing)

O23 - Service: SAMSUNG WiselinkPro Service (WiselinkPro) - Unknown owner - C:\Program Files (x86)\Samsung\SAMSUNG PC Share Manager\WiselinkPro.exe

O23 - Service: @%Systemroot%\system32\wbem\wmiapsrv.exe,-110 (wmiApSrv) - Unknown owner - C:\Windows\system32\wbem\WmiApSrv.exe (file missing)

O23 - Service: @%PROGRAMFILES%\Windows Media Player\wmpnetwk.exe,-101 (WMPNetworkSvc) - Unknown owner - C:\Program Files (x86)\Windows Media Player\wmpnetwk.exe (file missing)

--

End of file - 11640 bytes

------------------------------------------------------------

DDS

------------------------------------------------------------

DDS (Ver_2011-08-26.01) - NTFSAMD64

Internet Explorer: 9.0.8112.16421 BrowserJavaVersion: 1.6.0_29

Run by Aaron at 0:09:54 on 2012-04-01

Microsoft Windows 7 Professional 6.1.7601.1.1252.1.1033.18.4095.1216 [GMT -5:00]

.

AV: Microsoft Security Essentials *Enabled/Updated* {108DAC43-C256-20B7-BB05-914135DA5160}

SP: Microsoft Security Essentials *Enabled/Updated* {ABEC4DA7-E46C-2F39-81B5-AA334E5D1BDD}

SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

.

============== Running Processes ===============

.

C:\Windows\system32\wininit.exe

C:\Windows\system32\lsm.exe

C:\Windows\system32\svchost.exe -k DcomLaunch

C:\Windows\system32\svchost.exe -k RPCSS

C:\Program Files\Microsoft Security Client\Antimalware\MsMpEng.exe

C:\Windows\system32\atiesrxx.exe

C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted

C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted

C:\Windows\system32\svchost.exe -k netsvcs

C:\Windows\system32\svchost.exe -k LocalService

C:\Windows\system32\svchost.exe -k NetworkService

C:\Windows\system32\atieclxx.exe

C:\Windows\System32\spoolsv.exe

C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork

C:\Program Files\SUPERAntiSpyware\SASCORE64.EXE

C:\Program Files\ATI Technologies\ATI.ACE\Reservation Manager\AMD Reservation Manager.exe

C:\Program Files (x86)\ASUS\WLAN Card Utilities\ASWLCCSVC.exe

C:\Program Files (x86)\Bonjour\mDNSResponder.exe

C:\Program Files (x86)\Cisco Systems\VPN Client\cvpnd.exe

C:\Program Files (x86)\Hi-Rez Studios\HiPatchService.exe

C:\Program Files (x86)\Input Director\IDWinService.exe

C:\Program Files (x86)\Input Director\InputDirectorSessionHelper.exe

C:\Program Files (x86)\TP-LINK\QSS\jswpbapi.exe

C:\Program Files (x86)\Common Files\Livescribe\PenComm\PenCommService.exe

C:\Program Files (x86)\Ralink\Common\RaRegistry.exe

C:\Program Files (x86)\Ralink\Common\RaRegistry64.exe

C:\Windows\system32\svchost.exe -k imgsvc

C:\Program Files\Synergy\synergys.exe

C:\Windows\system32\svchost.exe -k LocalSystemNetworkRestricted

C:\Program Files\Synergy\synergys.exe

C:\Windows\system32\conhost.exe

C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE

C:\Program Files\Microsoft Security Client\Antimalware\NisSrv.exe

C:\Windows\system32\SearchIndexer.exe

C:\Windows\system32\wbem\wmiprvse.exe

C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe

C:\Windows\system32\taskhost.exe

C:\Windows\system32\Dwm.exe

C:\Windows\Explorer.EXE

C:\Windows\system32\SearchProtocolHost.exe

C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe

C:\Program Files\Microsoft IntelliType Pro\itype.exe

C:\Program Files\Microsoft Security Client\msseces.exe

C:\Program Files\Windows Sidebar\sidebar.exe

C:\Program Files (x86)\Rainlendar2\Rainlendar2.exe

C:\Users\Aaron\Local Settings\Apps\F.lux\flux.exe

C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe

C:\Program Files\Logitech\SetPoint II\SetPointII.exe

C:\Program Files (x86)\Renesas Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe

C:\Program Files\UltraMon\UltraMon.exe

C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe

C:\Program Files (x86)\TP-LINK\QSS\jswtrayutil.exe

C:\Program Files (x86)\ASUS\WLAN Card Utilities\Center.exe

C:\Users\Aaron\AppData\Roaming\Dropbox\bin\Dropbox.exe

C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation

C:\Program Files\AutoHotkey\AutoHotkey.exe

C:\Program Files\Rainmeter\Rainmeter.exe

C:\Program Files\Common Files\Logishrd\KHAL2\KHALMNPR.EXE

C:\Program Files\UltraMon\UltraMonTaskbar.exe

C:\Program Files\UltraMon\UltraMonUiAcc.exe

C:\Users\Aaron\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\speedfan.exe

C:\Program Files (x86)\Stardock\ObjectDock\ObjectDock.exe

C:\Program Files (x86)\Common Files\Realtime Soft\RTSHookInterop\x32\RTSHookInterop.exe

C:\Program Files (x86)\Stardock\ObjectDock\Dock64.exe

C:\Program Files\Windows Media Player\wmpnetwk.exe

C:\Windows\System32\svchost.exe -k LocalServicePeerNet

C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted

C:\Program Files (x86)\Mozilla Firefox\firefox.exe

C:\Program Files (x86)\Mozilla Firefox\plugin-container.exe

C:\Windows\system32\taskmgr.exe

C:\Program Files (x86)\Mozilla Firefox\plugin-container.exe

C:\Windows\SysWOW64\NOTEPAD.EXE

C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbam.exe

C:\Windows\system32\SearchFilterHost.exe

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\conhost.exe

C:\Windows\SysWOW64\cscript.exe

C:\Windows\system32\wbem\wmiprvse.exe

.

============== Pseudo HJT Report ===============

.

uStart Page = hxxp://en.wikipedia.org/wiki/Special:Random

uInternet Settings,ProxyOverride = *.local

mWinlogon: Userinit=userinit.exe

BHO: DivX Plus Web Player HTML5 <video>: {326e768d-4182-46fd-9c16-1449a49795f4} - C:\Program Files (x86)\DivX\DivX Plus Web Player\ie\DivXHTML5\DivXHTML5.dll

BHO: Groove GFS Browser Helper: {72853161-30c5-4d22-b7f9-0bbc1d38a37e} - C:\PROGRA~2\MICROS~1\Office14\GROOVEEX.DLL

BHO: Windows Live ID Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll

BHO: Office Document Cache Handler: {b4f3a835-0e21-4959-ba22-42b3008e02ff} - C:\PROGRA~2\MICROS~1\Office14\URLREDIR.DLL

BHO: Java Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll

uRun: [sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun

uRun: [Rainlendar2] C:\Program Files (x86)\Rainlendar2\Rainlendar2.exe

uRun: [F.lux] "C:\Users\Aaron\Local Settings\Apps\F.lux\flux.exe" /noshow

uRun: [sUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe

uRun: [Google Update] "C:\Users\Aaron\AppData\Local\Google\Update\GoogleUpdate.exe" /c

mRun: [startCCC] "C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun

mRun: [NUSB3MON] "C:\Program Files (x86)\Renesas Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe"

mRun: [Control Center] C:\Program Files (x86)\ASUS\WLAN Card Utilities\CenterAgent.exe

mRun: [sunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"

mRun: [bCSSync] "C:\Program Files (x86)\Microsoft Office\Office14\BCSSync.exe" /DelayServices

mRun: [jswtrayutil] "C:\Program Files (x86)\TP-LINK\QSS\jswtrayutil.exe"

mRunOnce: [Malwarebytes Anti-Malware] C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe /install /silent

StartupFolder: C:\Users\Aaron\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\debug.nfo

StartupFolder: C:\Users\Aaron\AppData\Roaming\MICROS~1\Windows\STARTM~1\Programs\Startup\Dropbox.lnk - C:\Users\Aaron\AppData\Roaming\Dropbox\bin\Dropbox.exe

StartupFolder: C:\Users\Aaron\AppData\Roaming\MICROS~1\Windows\STARTM~1\Programs\Startup\PROGRA~1.LNK - C:\Users\Aaron\Documents\My Dropbox\Shortcuts.ahk

StartupFolder: C:\Users\Aaron\AppData\Roaming\MICROS~1\Windows\STARTM~1\Programs\Startup\RAINME~1.LNK - C:\Program Files\Rainmeter\Rainmeter.exe

StartupFolder: C:\Users\Aaron\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\speedfan.exe

StartupFolder: C:\Users\Aaron\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\speedfanparams.cfg

StartupFolder: C:\Users\Aaron\AppData\Roaming\MICROS~1\Windows\STARTM~1\Programs\Startup\STARDO~1.LNK - C:\Program Files (x86)\Stardock\ObjectDock\ObjectDock.exe

StartupFolder: C:\PROGRA~3\MICROS~1\Windows\STARTM~1\Programs\Startup\SETPOI~1.LNK - C:\Program Files (x86)\Logitech\SetPoint II\SetPointII.exe

StartupFolder: C:\PROGRA~3\MICROS~1\Windows\STARTM~1\Programs\Startup\UltraMon.lnk - C:\Windows\Installer\{B49673F8-7AB6-4A14-8213-C8A7BE370010}\IcoUltraMon.ico

uPolicies-explorer: HideSCAHealth = 1 (0x1)

mPolicies-explorer: NoActiveDesktop = 1 (0x1)

mPolicies-explorer: NoActiveDesktopChanges = 1 (0x1)

mPolicies-system: ConsentPromptBehaviorAdmin = 0 (0x0)

mPolicies-system: ConsentPromptBehaviorUser = 3 (0x3)

mPolicies-system: EnableLUA = 0 (0x0)

mPolicies-system: EnableUIADesktopToggle = 0 (0x0)

mPolicies-system: PromptOnSecureDesktop = 0 (0x0)

mPolicies-system: SoftwareSASGeneration = 3 (0x3)

IE: E&xport to Microsoft Excel - C:\PROGRA~1\MICROS~1\Office14\EXCEL.EXE/3000

IE: Se&nd to OneNote - C:\PROGRA~1\MICROS~1\Office14\ONBttnIE.dll/105

IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIE.dll

IE: {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - {FFFDC614-B694-4AE6-AB38-5D6374584B52} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIELinkedNotes.dll

DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab

DPF: {CAFEEFAC-0016-0000-0029-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab

DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab

TCP: DhcpNameServer = 192.168.0.1

TCP: Interfaces\{14D423E3-74A5-4DA8-9A1A-2953BDC5AF9D} : NameServer = 8.8.8.8,4.4.2.1

TCP: Interfaces\{2B31EA38-7977-43A9-921B-C1E481122C67} : DhcpNameServer = 209.18.47.61 209.18.47.62

TCP: Interfaces\{7CE1D27C-F5A1-4F58-8538-8DBB5297A96E} : DhcpNameServer = 192.168.0.1

TCP: Interfaces\{8DC91429-FDB6-411F-9A4F-541E7E467236} : DhcpNameServer = 209.18.47.61 209.18.47.62

TCP: Interfaces\{8FE0ED82-FDD4-4557-B2AA-512C02FF4AED} : DhcpNameServer = 208.180.42.100 208.180.42.68

TCP: Interfaces\{AA347CCF-9F24-4DCF-811A-87D6F0886E66} : DhcpNameServer = 208.180.42.100 208.180.42.68

TCP: Interfaces\{AFB0EE8A-E585-4C00-99D7-9EDDAE109EA0} : DhcpNameServer = 209.18.47.61 209.18.47.62

TCP: Interfaces\{AFD6FD2D-6C85-4F38-9F8E-85EE2EF172F4} : NameServer = 208.67.222.222

TCP: Interfaces\{AFD6FD2D-6C85-4F38-9F8E-85EE2EF172F4} : DhcpNameServer = 208.180.42.100 208.180.42.68

TCP: Interfaces\{AFD6FD2D-6C85-4F38-9F8E-85EE2EF172F4}\2375942554539383 : DhcpNameServer = 192.168.1.254

TCP: Interfaces\{AFD6FD2D-6C85-4F38-9F8E-85EE2EF172F4}\66732343 : DhcpNameServer = 209.18.47.61 209.18.47.62

TCP: Interfaces\{AFD6FD2D-6C85-4F38-9F8E-85EE2EF172F4}\73833314 : DhcpNameServer = 209.18.47.61 209.18.47.62

TCP: Interfaces\{AFD6FD2D-6C85-4F38-9F8E-85EE2EF172F4}\738333140223 : DhcpNameServer = 209.18.47.61 209.18.47.62

TCP: Interfaces\{AFD6FD2D-6C85-4F38-9F8E-85EE2EF172F4}\73833316 : DhcpNameServer = 209.18.47.61 209.18.47.62

TCP: Interfaces\{C4DCD941-A459-4010-ACC0-FDD4CA8769E6} : DhcpNameServer = 209.18.47.61 209.18.47.62

TCP: Interfaces\{EB71A4B5-397B-4C44-AEE4-663773FD3689} : DhcpNameServer = 209.18.47.61 209.18.47.62

TCP: Interfaces\{F3F04E39-D0CA-4550-8EF0-0C2D393B3E51} : DhcpNameServer = 209.18.47.61 209.18.47.62

Filter: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - C:\Program Files (x86)\Common Files\microsoft shared\OFFICE14\MSOXMLMF.DLL

SEH: Groove GFS Stub Execution Hook: {b5a7f190-dda6-4420-b3ba-52453494e6cd} - C:\PROGRA~2\MICROS~1\Office14\GROOVEEX.DLL

BHO-X64: DivX Plus Web Player HTML5 <video>: {326E768D-4182-46FD-9C16-1449A49795F4} - C:\Program Files (x86)\DivX\DivX Plus Web Player\ie\DivXHTML5\DivXHTML5.dll

BHO-X64: Increase performance and video formats for your HTML5 <video> - No File

BHO-X64: Groove GFS Browser Helper: {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\PROGRA~2\MICROS~1\Office14\GROOVEEX.DLL

BHO-X64: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll

BHO-X64: Office Document Cache Handler: {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\PROGRA~2\MICROS~1\Office14\URLREDIR.DLL

BHO-X64: URLRedirectionBHO - No File

BHO-X64: Java Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll

mRun-x64: [startCCC] "C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun

mRun-x64: [NUSB3MON] "C:\Program Files (x86)\Renesas Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe"

mRun-x64: [Control Center] C:\Program Files (x86)\ASUS\WLAN Card Utilities\CenterAgent.exe

mRun-x64: [sunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"

mRun-x64: [bCSSync] "C:\Program Files (x86)\Microsoft Office\Office14\BCSSync.exe" /DelayServices

mRun-x64: [jswtrayutil] "C:\Program Files (x86)\TP-LINK\QSS\jswtrayutil.exe"

mRunOnce-x64: [Malwarebytes Anti-Malware] C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe /install /silent

SEH-X64: Groove GFS Stub Execution Hook: {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\PROGRA~2\MICROS~1\Office14\GROOVEEX.DLL

Hosts: 68.168.222.226 www.google-analytics.com.

Hosts: 68.168.222.226 ad-emea.doubleclick.net.

Hosts: 68.168.222.226 www.statcounter.com.

Hosts: 108.163.215.51 www.google-analytics.com.

Hosts: 108.163.215.51 ad-emea.doubleclick.net.

.

Note: multiple HOSTS entries found. Please refer to Attach.txt

.

================= FIREFOX ===================

.

FF - ProfilePath - C:\Users\Aaron\AppData\Roaming\Mozilla\Firefox\Profiles\5o375fb7.default\

FF - prefs.js: browser.startup.homepage - hxxp://en.wikipedia.org/wiki/Special:Random

FF - component: C:\Users\Aaron\AppData\Roaming\Mozilla\Firefox\Profiles\5o375fb7.default\extensions\piclens@cooliris.com\components\coolirisstub.dll

FF - plugin: C:\PROGRA~2\MICROS~1\Office14\NPAUTHZ.DLL

FF - plugin: C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL

FF - plugin: C:\Program Files (x86)\DivX\DivX OVS Helper\npovshelper.dll

FF - plugin: C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll

FF - plugin: C:\Program Files (x86)\Google\Update\1.3.21.111\npGoogleUpdate3.dll

FF - plugin: C:\Program Files (x86)\Google\Update\1.3.21.79\npGoogleUpdate3.dll

FF - plugin: C:\Program Files (x86)\Google\Update\1.3.21.99\npGoogleUpdate3.dll

FF - plugin: C:\Program Files (x86)\Java\jre6\bin\new_plugin\npdeployJava1.dll

FF - plugin: C:\Program Files (x86)\Microsoft Silverlight\4.1.10111.0\npctrlui.dll

FF - plugin: C:\Program Files (x86)\Mozilla Firefox\plugins\npdeployJava1.dll

FF - plugin: C:\Program Files (x86)\Mozilla Firefox\plugins\npwachk.dll

FF - plugin: C:\Users\Aaron\AppData\Local\Google\Update\1.3.21.111\npGoogleUpdate3.dll

FF - plugin: C:\Users\Aaron\AppData\LocalLow\Unity\WebPlayer\loader\npUnity3D32.dll

FF - plugin: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32.dll

.

============= SERVICES / DRIVERS ===============

.

R1 JSWPSLWF;JumpStart Wireless Filter Driver;C:\Windows\system32\DRIVERS\jswpslwfx.sys --> C:\Windows\system32\DRIVERS\jswpslwfx.sys [?]

R1 MpFilter;Microsoft Malware Protection Driver;C:\Windows\system32\DRIVERS\MpFilter.sys --> C:\Windows\system32\DRIVERS\MpFilter.sys [?]

R1 MpKsl63129518;MpKsl63129518;C:\Windows\Temp\MpKsl63129518.sys [2012-3-31 35664]

R1 SASDIFSV;SASDIFSV;C:\Program Files\SUPERAntiSpyware\sasdifsv64.sys [2011-7-22 14928]

R1 SASKUTIL;SASKUTIL;C:\Program Files\SUPERAntiSpyware\saskutil64.sys [2011-7-12 12368]

R1 vwififlt;Virtual WiFi Filter Driver;C:\Windows\system32\DRIVERS\vwififlt.sys --> C:\Windows\system32\DRIVERS\vwififlt.sys [?]

R2 !SASCORE;SAS Core Service;C:\Program Files\SUPERAntiSpyware\SASCore64.exe [2011-8-11 140672]

R2 AMD External Events Utility;AMD External Events Utility;C:\Windows\system32\atiesrxx.exe --> C:\Windows\system32\atiesrxx.exe [?]

R2 AMD Reservation Manager;AMD Reservation Manager;C:\Program Files\ATI Technologies\ATI.ACE\Reservation Manager\AMD Reservation Manager.exe [2010-6-17 194496]

R2 ASWLCCSvc;ASUS Wireless Card Service;C:\Program Files (x86)\ASUS\WLAN Card Utilities\ASWLCCSVC.exe [2011-6-19 172032]

R2 HiPatchService;Hi-Rez Studios Authenticate and Update Service;C:\Program Files (x86)\Hi-Rez Studios\HiPatchService.exe [2012-2-17 8704]

R2 InputDirector;Input Director Service;C:\Program Files (x86)\Input Director\IDWinService.exe [2010-2-1 36864]

R2 jswpbapi;JumpStart Push-Button Service;C:\Program Files (x86)\TP-LINK\QSS\jswpbapi.exe [2012-3-5 265216]

R2 PenCommService;Livescribe Pulse Smartpen Service;C:\Program Files (x86)\Common Files\Livescribe\PenComm\PenCommService.exe [2010-7-18 444928]

R2 RalinkRegistryWriter;Ralink Registry Writer;C:\Program Files (x86)\Ralink\Common\RaRegistry.exe [2011-9-29 185632]

R2 RalinkRegistryWriter64;Ralink Registry Writer 64;C:\Program Files (x86)\Ralink\Common\RaRegistry64.exe [2011-9-29 211232]

R2 Synergy Server;Synergy Server;C:\Program Files\Synergy\synergys.exe [2012-2-5 914432]

R2 UltraMonUtility;UltraMon Utility Driver;C:\Program Files (x86)\Common Files\Realtime Soft\UltraMonMirrorDrv\x64\UltraMonUtility.sys [2008-11-14 20512]

R3 amdiox64;AMD IO Driver;C:\Windows\system32\DRIVERS\amdiox64.sys --> C:\Windows\system32\DRIVERS\amdiox64.sys [?]

R3 amdkmdag;amdkmdag;C:\Windows\system32\DRIVERS\atikmdag.sys --> C:\Windows\system32\DRIVERS\atikmdag.sys [?]

R3 amdkmdap;amdkmdap;C:\Windows\system32\DRIVERS\atikmpag.sys --> C:\Windows\system32\DRIVERS\atikmpag.sys [?]

R3 hpnuhst;HP NUSB Host;C:\Windows\system32\DRIVERS\hpnuhst.sys --> C:\Windows\system32\DRIVERS\hpnuhst.sys [?]

R3 HPNUHUB;HP NUSB Hub;C:\Windows\system32\DRIVERS\hpnuhub.sys --> C:\Windows\system32\DRIVERS\hpnuhub.sys [?]

R3 NisDrv;Microsoft Network Inspection System;C:\Windows\system32\DRIVERS\NisDrvWFP.sys --> C:\Windows\system32\DRIVERS\NisDrvWFP.sys [?]

R3 NisSrv;Microsoft Network Inspection;C:\Program Files\Microsoft Security Client\Antimalware\NisSrv.exe [2011-4-27 288272]

R3 nusb3hub;Renesas Electronics USB 3.0 Hub Driver;C:\Windows\system32\DRIVERS\nusb3hub.sys --> C:\Windows\system32\DRIVERS\nusb3hub.sys [?]

R3 nusb3xhc;Renesas Electronics USB 3.0 Host Controller Driver;C:\Windows\system32\DRIVERS\nusb3xhc.sys --> C:\Windows\system32\DRIVERS\nusb3xhc.sys [?]

R3 RTL8167;Realtek 8167 NT Driver;C:\Windows\system32\DRIVERS\Rt64win7.sys --> C:\Windows\system32\DRIVERS\Rt64win7.sys [?]

R3 usbfilter;AMD USB Filter Driver;C:\Windows\system32\DRIVERS\usbfilter.sys --> C:\Windows\system32\DRIVERS\usbfilter.sys [?]

R3 WsAudio_DeviceS(1);WsAudio_DeviceS(1);C:\Windows\system32\drivers\WsAudio_DeviceS(1).sys --> C:\Windows\system32\drivers\WsAudio_DeviceS(1).sys [?]

R3 WsAudio_DeviceS(2);WsAudio_DeviceS(2);C:\Windows\system32\drivers\WsAudio_DeviceS(2).sys --> C:\Windows\system32\drivers\WsAudio_DeviceS(2).sys [?]

R3 WsAudio_DeviceS(3);WsAudio_DeviceS(3);C:\Windows\system32\drivers\WsAudio_DeviceS(3).sys --> C:\Windows\system32\drivers\WsAudio_DeviceS(3).sys [?]

R3 WsAudio_DeviceS(4);WsAudio_DeviceS(4);C:\Windows\system32\drivers\WsAudio_DeviceS(4).sys --> C:\Windows\system32\drivers\WsAudio_DeviceS(4).sys [?]

R3 WsAudio_DeviceS(5);WsAudio_DeviceS(5);C:\Windows\system32\drivers\WsAudio_DeviceS(5).sys --> C:\Windows\system32\drivers\WsAudio_DeviceS(5).sys [?]

S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]

S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-3-18 138576]

S2 gupdate;Google Update Service (gupdate);C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2009-12-1 135664]

S3 AtiHDAudioService;ATI Function Driver for HD Audio Service;C:\Windows\system32\drivers\AtihdW76.sys --> C:\Windows\system32\drivers\AtihdW76.sys [?]

S3 Envy24HFS;ICE Envy24 Family Audio Controller WDM 64 bit;C:\Windows\system32\drivers\Envy24HF.sys --> C:\Windows\system32\drivers\Envy24HF.sys [?]

S3 gupdatem;Google Update Service (gupdatem);C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2009-12-1 135664]

S3 IDVistaService;Input Director Vista Service;C:\Program Files (x86)\Input Director\IDVistaService.exe [2009-2-7 13824]

S3 jswpsapi;JumpStart Wi-Fi Protected Setup;C:\Program Files (x86)\TP-LINK\QSS\jswpsapi.exe [2012-3-5 954368]

S3 Linksys_adapter_H;Linksys Adapter Network Driver;C:\Windows\system32\DRIVERS\AE1200w764.sys --> C:\Windows\system32\DRIVERS\AE1200w764.sys [?]

S3 Microsoft SharePoint Workspace Audit Service;Microsoft SharePoint Workspace Audit Service;C:\Program Files (x86)\Microsoft Office\Office14\GROOVE.EXE [2011-6-12 31125880]

S3 MpNWMon;Microsoft Malware Protection Network Driver;C:\Windows\system32\DRIVERS\MpNWMon.sys --> C:\Windows\system32\DRIVERS\MpNWMon.sys [?]

S3 netr28x;Ralink 802.11n Extensible Wireless Driver;C:\Windows\system32\DRIVERS\netr28x.sys --> C:\Windows\system32\DRIVERS\netr28x.sys [?]

S3 NTIOLib_1_0_2;NTIOLib_1_0_2;C:\Program Files (x86)\MSI\BIOSUnlockCPUCore\NTIOLib_X64.sys [2011-1-16 14136]

S3 osppsvc;Office Software Protection Platform;C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE [2010-1-9 4925184]

S3 PulseUsb;Livescribe Smartpen USB Driver;C:\Windows\system32\DRIVERS\PulseUsb.sys --> C:\Windows\system32\DRIVERS\PulseUsb.sys [?]

S3 RivaTuner64;RivaTuner64;C:\Program Files (x86)\RivaTuner v2.24 MSI Master Overclocking Arena 2009 edition\RivaTuner64.sys [2009-8-22 19952]

S3 RTL8192su;%RTL8192su.DeviceDesc.DispName%;C:\Windows\system32\DRIVERS\RTL8192su.sys --> C:\Windows\system32\DRIVERS\RTL8192su.sys [?]

S3 SaiH0460;SaiH0460;C:\Windows\system32\DRIVERS\SaiH0460.sys --> C:\Windows\system32\DRIVERS\SaiH0460.sys [?]

S3 StorSvc;Storage Service;C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted [2009-7-13 20992]

S3 TsUsbFlt;TsUsbFlt;C:\Windows\system32\drivers\tsusbflt.sys --> C:\Windows\system32\drivers\tsusbflt.sys [?]

S3 vwifimp;Microsoft Virtual WiFi Miniport Service;C:\Windows\system32\DRIVERS\vwifimp.sys --> C:\Windows\system32\DRIVERS\vwifimp.sys [?]

S3 WatAdminSvc;Windows Activation Technologies Service;C:\Windows\system32\Wat\WatAdminSvc.exe --> C:\Windows\system32\Wat\WatAdminSvc.exe [?]

S3 WiselinkPro;SAMSUNG WiselinkPro Service;C:\Program Files (x86)\Samsung\SAMSUNG PC Share Manager\WiselinkPro.exe [2010-2-17 3007488]

.

=============== Created Last 30 ================

.

2012-03-31 17:52:09 51752 --sh--w- C:\Users\Aaron\AppData\Local\dplayx.dll

2012-03-31 17:52:08 114728 --sh--w- C:\Users\Aaron\AppData\Local\dplaysvr.exe

2012-03-31 14:34:27 8669240 ----a-w- C:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{CC1A7897-1324-439A-A5EE-F6B1A9C93C7A}\mpengine.dll

2012-03-22 06:32:35 5559152 ----a-w- C:\Windows\System32\ntoskrnl.exe

2012-03-22 06:32:34 3968368 ----a-w- C:\Windows\SysWow64\ntkrnlpa.exe

2012-03-22 06:32:34 3913584 ----a-w- C:\Windows\SysWow64\ntoskrnl.exe

2012-03-22 06:22:14 592824 ----a-w- C:\Program Files (x86)\Mozilla Firefox\gkmedias.dll

2012-03-22 06:22:14 44472 ----a-w- C:\Program Files (x86)\Mozilla Firefox\mozglue.dll

2012-03-20 21:54:52 3145728 ----a-w- C:\Windows\System32\win32k.sys

2012-03-20 21:53:30 1544192 ----a-w- C:\Windows\System32\DWrite.dll

2012-03-20 21:53:29 1077248 ----a-w- C:\Windows\SysWow64\DWrite.dll

2012-03-20 21:38:15 9216 ----a-w- C:\Windows\System32\rdrmemptylst.exe

2012-03-20 21:38:14 77312 ----a-w- C:\Windows\System32\rdpwsx.dll

2012-03-20 21:38:14 149504 ----a-w- C:\Windows\System32\rdpcorekmts.dll

2012-03-20 21:37:40 1031680 ----a-w- C:\Windows\System32\rdpcore.dll

2012-03-20 21:37:39 826880 ----a-w- C:\Windows\SysWow64\rdpcore.dll

2012-03-20 21:37:37 210944 ----a-w- C:\Windows\System32\drivers\rdpwd.sys

2012-03-20 21:37:36 23552 ----a-w- C:\Windows\System32\drivers\tdtcp.sys

2012-03-17 07:03:29 344064 ----a-w- C:\Windows\SysWow64\msvcr70.dll

2012-03-17 07:03:28 54784 ----a-w- C:\Windows\SysWow64\msvci70.dll

2012-03-17 07:03:28 518416 ----a-w- C:\Windows\SysWow64\msxml.dll

2012-03-17 07:03:28 487424 ----a-w- C:\Windows\SysWow64\msvcp70.dll

2012-03-17 07:03:28 25088 ----a-w- C:\Windows\SysWow64\msxml3a.dll

2012-03-16 08:51:40 -------- d-----w- C:\Program Files (x86)\Photoshop CS 5.1

2012-03-10 07:15:08 -------- d-----w- C:\ProgramData\EA Core

2012-03-10 07:15:03 -------- d-----w- C:\ProgramData\EA Logs

2012-03-10 06:33:13 -------- d--h--w- C:\Program Files (x86)\Common Files\EAInstaller

2012-03-10 06:32:18 -------- d-----w- C:\Program Files (x86)\NVIDIA Corporation

2012-03-10 05:26:37 -------- d-----w- C:\Program Files (x86)\Origin Games

2012-03-10 05:26:36 -------- d-----w- C:\Users\Aaron\AppData\Local\Origin

2012-03-10 05:26:35 -------- d-----w- C:\Users\Aaron\AppData\Roaming\Origin

2012-03-10 05:26:23 -------- d-----w- C:\ProgramData\Origin

2012-03-10 05:26:23 -------- d-----w- C:\ProgramData\Electronic Arts

2012-03-10 05:26:10 -------- d-----w- C:\Program Files (x86)\Origin

2012-03-06 05:11:22 -------- d-----w- C:\Program Files\Synergy

2012-03-06 04:55:42 787968 ----a-w- C:\Windows\System32\drivers\netr28x.sys

2012-03-06 04:55:42 305152 ----a-w- C:\Windows\System32\RaCoInstx.dll

2012-03-06 04:55:39 -------- d-----w- C:\ProgramData\Rosewill Driver

2012-03-06 04:54:50 -------- d-----w- C:\Program Files (x86)\Rosewill

2012-03-06 02:29:01 -------- d-----w- C:\Program Files (x86)\TP-LINK

2012-03-06 02:27:31 -------- d-----w- C:\ProgramData\Atheros

2012-03-06 01:43:12 1584640 ----a-w- C:\Windows\System32\drivers\athrx.sys

2012-03-06 01:43:12 1584640 ----a-w- C:\Windows\System32\athrx.sys

2012-03-06 01:43:12 -------- d-----w- C:\Windows\Options

.

==================== Find3M ====================

.

2012-01-31 12:44:20 279656 ------w- C:\Windows\System32\MpSigStub.exe

2012-01-30 19:37:49 230864 ----a-w- C:\Windows\System32\drivers\truecrypt.sys

2012-01-04 10:44:20 509952 ----a-w- C:\Windows\System32\ntshrui.dll

2012-01-04 08:58:41 442880 ----a-w- C:\Windows\SysWow64\ntshrui.dll

2012-01-04 00:48:42 354176 ----a-w- C:\Windows\SysWow64\DivXControlPanelApplet.cpl

.

============= FINISH: 0:12:36.63 ===============

MrCharlie · April 3, 2012

Welcome to the forum.

Please remove any usb or external drives from the computer before you run this scan!

Please download and run RogueKiller.

For Windows XP, double-click to start.

For Vista or Windows 7, do a right-click on the program, select Run as Administrator to start, & when prompted Allow to run.

Click Scan to scan the system (don't run any other options)

Post back the report.

MrC

Shivalyn · April 4, 2012

Thanks for getting back to me. It doesn't seem to have found much I don't suppose but here's the results from RK:

RogueKiller V7.3.2 [03/20/2012] by Tigzy

mail: tigzyRK<at>gmail<dot>com

Feedback: http://www.geekstogo.com/forum/files/file/413-roguekiller/

Blog: http://tigzyrk.blogspot.com

Operating System: Windows 7 (6.1.7601 Service Pack 1) 64 bits version

Started in : Normal mode

User: Aaron [Admin rights]

Mode: Scan -- Date: 04/04/2012 01:10:53

¤¤¤ Bad processes: 0 ¤¤¤

¤¤¤ Registry Entries: 14 ¤¤¤

[bLACKLIST DLL] HKLM\[...]\Wow6432Node\RunOnce : Malwarebytes Anti-Malware (cleanup) (rundll32.exe "C:\ProgramData\Malwarebytes\Malwarebytes' Anti-Malware\cleanup.dll",ProcessCleanupScript) -> FOUND

[DNS] HKLM\[...]\ControlSet001\Parameters\Interfaces\{14D423E3-74A5-4DA8-9A1A-2953BDC5AF9D} : NameServer (8.8.8.8,4.4.2.1) -> FOUND

[DNS] HKLM\[...]\ControlSet002\Parameters\Interfaces\{14D423E3-74A5-4DA8-9A1A-2953BDC5AF9D} : NameServer (8.8.8.8,4.4.2.1) -> FOUND

[HJ] HKLM\[...]\System : ConsentPromptBehaviorAdmin (0) -> FOUND

[HJ] HKLM\[...]\System : EnableLUA (0) -> FOUND

[sCRSV] HKCU\[...]\Desktop : SCRNSAVE.EXE (C:\Windows\es.scr) -> FOUND

[HJ] HKCU\[...]\Advanced : Start_ShowUser (0) -> FOUND

[HJ] HKCU\[...]\Advanced : Start_ShowMyPics (0) -> FOUND

[HJ] HKCU\[...]\Advanced : Start_ShowMyGames (0) -> FOUND

[HJ] HKCU\[...]\Advanced : Start_ShowMyMusic (0) -> FOUND

[HJ] HKCU\[...]\Advanced : Start_ShowHelp (0) -> FOUND

[HJ] HKCU\[...]\Advanced : Start_ShowSetProgramAccessAndDefaults (0) -> FOUND

[HJ] HKLM\[...]\NewStartPanel : {59031a47-3f72-44a7-89c5-5595fe6b30ee} (1) -> FOUND

[HJ] HKLM\[...]\NewStartPanel : {20D04FE0-3AEA-1069-A2D8-08002B30309D} (1) -> FOUND

¤¤¤ Particular Files / Folders: ¤¤¤

¤¤¤ Driver: [NOT LOADED] ¤¤¤

¤¤¤ Infection : ¤¤¤

¤¤¤ HOSTS File: ¤¤¤

127.0.0.1 localhost

::1 localhost

68.168.222.226 www.google-analytics.com.

68.168.222.226 ad-emea.doubleclick.net.

68.168.222.226 www.statcounter.com.

108.163.215.51 www.google-analytics.com.

108.163.215.51 ad-emea.doubleclick.net.

108.163.215.51 www.statcounter.com.

¤¤¤ MBR Check: ¤¤¤

+++++ PhysicalDrive0: ST3250410AS ATA Device +++++

--- User ---

[MBR] 393877cb30b1ca77ab8583d6adfc0ff5

[bSP] 20391f6c9d291397ba8e5f7e65bcf9cb : Windows 7 MBR Code

Partition table:

0 - [ACTIVE] NTFS (0x07) [VISIBLE] Offset (sectors): 63 | Size: 238474 Mo

User = LL1 ... OK!

User = LL2 ... OK!

Finished : << RKreport[2].txt >>

RKreport[1].txt ; RKreport[2].txt

MrCharlie · April 4, 2012

Please Update and run a Quick Scan with MBAM, post the report.

MrC

Shivalyn · April 5, 2012

Here's the log. Problem is, I think it's found those two before.

Malwarebytes Anti-Malware 1.60.1.1000

www.malwarebytes.org

Database version: v2012.04.04.10

Windows 7 Service Pack 1 x64 NTFS

Internet Explorer 9.0.8112.16421

Aaron :: SPIFFY [administrator]

4/4/2012 7:34:55 PM

mbam-log-2012-04-04 (19-34-55).txt

Scan type: Quick scan

Scan options disabled: P2P

Objects scanned: 202114

Time elapsed: 3 minute(s), 36 second(s)

Memory Processes Detected: 0

(No malicious items detected)

Memory Modules Detected: 0

(No malicious items detected)

Registry Keys Detected: 0

(No malicious items detected)

Registry Values Detected: 1

HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce|GrpConv (Trojan.Agent.Gen) -> Data: grpconv -o -> Quarantined and deleted successfully.

Registry Data Items Detected: 0

(No malicious items detected)

Folders Detected: 0

(No malicious items detected)

Files Detected: 1

C:\Windows\System32\grpconv.exe (Trojan.Agent.Gen) -> Quarantined and deleted successfully.

(end)

MrCharlie · April 5, 2012

Please make sure system restore is running and create a new restore point before continuing.

Please download and run TDSSKiller to your desktop as outlined below:

Doubleclick on TDSSKiller.exe to run the application, then click on Change parameters.

-------------------------

Check the boxes beside Verify Driver Digital Signature and Detect TDLFS file system, then click OK.

------------------------

Click the Start Scan button.

-----------------------

If a suspicious object is detected, the default action will be Skip, click on Continue

If you get the warning about a file UnsignedFile.Multi.Generic or LockedFile.Multi.Generic please choose

Skip and click on Continue

----------------------

If malicious objects are found, they will show in the Scan results and offer three (3) options.

Ensure Cure is selected, then click Continue => Reboot now to finish the cleaning process.

Note: If Cure is not available, please choose Skip instead, do not choose Delete unless instructed.

--------------------

A report will be created in your root directory, (usually C:\ folder) in the form of "TDSSKiller.[Version]_[Date]_[Time]_log.txt". Please copy and paste its contents on your next reply.

MrC

Shivalyn · April 6, 2012

Alright, here it is. I annotated the detections that I know are legit.

Also, since yesterday, I've gotten a spyware/malware popup in my browser itself that goes along the lines of "find (subject) on Scour!". Whatever virus/trojan I got is sure a PITA.

--------------------------------------

20:48:03.0930 4712 TDSS rootkit removing tool 2.7.26.0 Apr 4 2012 19:52:02

20:48:04.0219 4712 ============================================================

20:48:04.0220 4712 Current date / time: 2012/04/05 20:48:04.0219

20:48:04.0220 4712 SystemInfo:

20:48:04.0220 4712

20:48:04.0220 4712 OS Version: 6.1.7601 ServicePack: 1.0

20:48:04.0220 4712 Product type: Workstation

20:48:04.0220 4712 ComputerName: SPIFFY

20:48:04.0220 4712 UserName: Aaron

20:48:04.0220 4712 Windows directory: C:\Windows

20:48:04.0220 4712 System windows directory: C:\Windows

20:48:04.0220 4712 Running under WOW64

20:48:04.0220 4712 Processor architecture: Intel x64

20:48:04.0220 4712 Number of processors: 4

20:48:04.0221 4712 Page size: 0x1000

20:48:04.0221 4712 Boot type: Normal boot

20:48:04.0221 4712 ============================================================

20:48:05.0057 4712 Drive \Device\Harddisk0\DR0 - Size: 0x3A38B2E000 (232.89 Gb), SectorSize: 0x200, Cylinders: 0x764A9, SectorsPerTrack: 0x3F, TracksPerCylinder: 0x10, Type 'K0', Flags 0x00000040

20:48:05.0067 4712 Drive \Device\Harddisk1\DR1 - Size: 0xE8E0DB5E00 (931.51 Gb), SectorSize: 0x200, Cylinders: 0x1DB01, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'W'

20:48:05.0069 4712 \Device\Harddisk0\DR0:

20:48:05.0074 4712 MBR used

20:48:05.0074 4712 \Device\Harddisk0\DR0\Partition0: MBR, Type 0x7, StartLBA 0x3F, BlocksNum 0x1D1C5541

20:48:05.0074 4712 \Device\Harddisk1\DR1:

20:48:05.0074 4712 MBR used

20:48:05.0074 4712 \Device\Harddisk1\DR1\Partition0: MBR, Type 0x7, StartLBA 0x3F, BlocksNum 0x74705981

20:48:05.0111 4712 Initialize success

20:48:05.0111 4712 ============================================================

20:48:22.0839 1528 ============================================================

20:48:22.0839 1528 Scan started

20:48:22.0839 1528 Mode: Manual; SigCheck; TDLFS;

20:48:22.0839 1528 ============================================================

20:48:24.0592 1528 1394ohci (a87d604aea360176311474c87a63bb88) C:\Windows\system32\drivers\1394ohci.sys

20:48:24.0687 1528 1394ohci - ok

20:48:24.0763 1528 ACPI (d81d9e70b8a6dd14d42d7b4efa65d5f2) C:\Windows\system32\drivers\ACPI.sys

20:48:24.0797 1528 ACPI - ok

20:48:24.0849 1528 AcpiPmi (99f8e788246d495ce3794d7e7821d2ca) C:\Windows\system32\drivers\acpipmi.sys

20:48:24.0918 1528 AcpiPmi - ok

20:48:24.0967 1528 adp94xx (2f6b34b83843f0c5118b63ac634f5bf4) C:\Windows\system32\DRIVERS\adp94xx.sys

20:48:25.0000 1528 adp94xx - ok

20:48:25.0022 1528 adpahci (597f78224ee9224ea1a13d6350ced962) C:\Windows\system32\DRIVERS\adpahci.sys

20:48:25.0047 1528 adpahci - ok

20:48:25.0063 1528 adpu320 (e109549c90f62fb570b9540c4b148e54) C:\Windows\system32\DRIVERS\adpu320.sys

20:48:25.0080 1528 adpu320 - ok

20:48:25.0114 1528 AeLookupSvc (4b78b431f225fd8624c5655cb1de7b61) C:\Windows\System32\aelupsvc.dll

20:48:25.0227 1528 AeLookupSvc - ok

20:48:25.0302 1528 AFD (1c7857b62de5994a75b054a9fd4c3825) C:\Windows\system32\drivers\afd.sys

20:48:25.0425 1528 AFD - ok

20:48:25.0501 1528 agp440 (608c14dba7299d8cb6ed035a68a15799) C:\Windows\system32\drivers\agp440.sys

20:48:25.0537 1528 agp440 - ok

20:48:25.0567 1528 ALG (3290d6946b5e30e70414990574883ddb) C:\Windows\System32\alg.exe

20:48:25.0660 1528 ALG - ok

20:48:25.0692 1528 aliide (5812713a477a3ad7363c7438ca2ee038) C:\Windows\system32\drivers\aliide.sys

20:48:25.0709 1528 aliide - ok

20:48:25.0814 1528 ALSysIO - ok

20:48:25.0895 1528 AMD External Events Utility (a359974eaac83a435497c52f62a2e590) C:\Windows\system32\atiesrxx.exe

20:48:26.0092 1528 AMD External Events Utility - ok

20:48:26.0169 1528 AMD Reservation Manager (dd27f6c3de9bfe50635c721e09edc5dd) C:\Program Files\ATI Technologies\ATI.ACE\Reservation Manager\AMD Reservation Manager.exe

20:48:26.0222 1528 AMD Reservation Manager - ok

20:48:26.0291 1528 amdide (1ff8b4431c353ce385c875f194924c0c) C:\Windows\system32\drivers\amdide.sys

20:48:26.0302 1528 amdide - ok

20:48:26.0350 1528 amdiox64 (6a2eeb0c4133b20773bb3dd0b7b377b4) C:\Windows\system32\DRIVERS\amdiox64.sys

20:48:26.0370 1528 amdiox64 - ok

20:48:26.0424 1528 AmdK8 (7024f087cff1833a806193ef9d22cda9) C:\Windows\system32\DRIVERS\amdk8.sys

20:48:26.0491 1528 AmdK8 - ok

20:48:26.0757 1528 amdkmdag (60216b0e704584de6d5a9f59e9c34c47) C:\Windows\system32\DRIVERS\atikmdag.sys

20:48:27.0009 1528 amdkmdag - ok

20:48:27.0056 1528 amdkmdap (6b4e9261b613b047a9a145f328889968) C:\Windows\system32\DRIVERS\atikmpag.sys

20:48:27.0094 1528 amdkmdap - ok

20:48:27.0148 1528 AmdPPM (1e56388b3fe0d031c44144eb8c4d6217) C:\Windows\system32\DRIVERS\amdppm.sys

20:48:27.0200 1528 AmdPPM - ok

20:48:27.0292 1528 amdsata (d4121ae6d0c0e7e13aa221aa57ef2d49) C:\Windows\system32\drivers\amdsata.sys

20:48:27.0332 1528 amdsata - ok

20:48:27.0380 1528 amdsbs (f67f933e79241ed32ff46a4f29b5120b) C:\Windows\system32\DRIVERS\amdsbs.sys

20:48:27.0401 1528 amdsbs - ok

20:48:27.0419 1528 amdxata (540daf1cea6094886d72126fd7c33048) C:\Windows\system32\drivers\amdxata.sys

20:48:27.0437 1528 amdxata - ok

20:48:27.0498 1528 AppID (89a69c3f2f319b43379399547526d952) C:\Windows\system32\drivers\appid.sys

20:48:27.0665 1528 AppID - ok

20:48:27.0705 1528 AppIDSvc (0bc381a15355a3982216f7172f545de1) C:\Windows\System32\appidsvc.dll

20:48:27.0767 1528 AppIDSvc - ok

20:48:27.0838 1528 Appinfo (3977d4a871ca0d4f2ed1e7db46829731) C:\Windows\System32\appinfo.dll

20:48:27.0952 1528 Appinfo - ok

20:48:28.0006 1528 AppMgmt (4aba3e75a76195a3e38ed2766c962899) C:\Windows\System32\appmgmts.dll

20:48:28.0070 1528 AppMgmt - ok

20:48:28.0117 1528 arc (c484f8ceb1717c540242531db7845c4e) C:\Windows\system32\DRIVERS\arc.sys

20:48:28.0130 1528 arc - ok

20:48:28.0149 1528 arcsas (019af6924aefe7839f61c830227fe79c) C:\Windows\system32\DRIVERS\arcsas.sys

20:48:28.0183 1528 arcsas - ok

20:48:28.0289 1528 ASWLCCSvc (28dc376662eb61492bb33d98cd80ca5c) C:\Program Files (x86)\ASUS\WLAN Card Utilities\ASWLCCSVC.exe

20:48:28.0398 1528 ASWLCCSvc ( UnsignedFile.Multi.Generic ) - warning

20:48:28.0398 1528 ASWLCCSvc - detected UnsignedFile.Multi.Generic (1)

20:48:28.0490 1528 AsyncMac (769765ce2cc62867468cea93969b2242) C:\Windows\system32\DRIVERS\asyncmac.sys

20:48:28.0549 1528 AsyncMac - ok

20:48:28.0589 1528 atapi (02062c0b390b7729edc9e69c680a6f3c) C:\Windows\system32\drivers\atapi.sys

20:48:28.0601 1528 atapi - ok

20:48:28.0697 1528 athr (2142725e147c9a44b3f0d76099c5da71) C:\Windows\system32\DRIVERS\athrx.sys

20:48:28.0798 1528 athr - ok

20:48:28.0816 1528 athur - ok

20:48:28.0886 1528 AtiHDAudioService (4bf5bca6e2608cd8a00bc4a6673a9f47) C:\Windows\system32\drivers\AtihdW76.sys

20:48:28.0934 1528 AtiHDAudioService - ok

20:48:28.0981 1528 AtiHdmiService (77c149e6d702737b2e372dee166faef8) C:\Windows\system32\drivers\AtiHdmi.sys

20:48:29.0039 1528 AtiHdmiService - ok

20:48:29.0267 1528 atikmdag (60216b0e704584de6d5a9f59e9c34c47) C:\Windows\system32\DRIVERS\atikmdag.sys

20:48:29.0353 1528 atikmdag - ok

20:48:29.0410 1528 AtiPcie (7c5d273e29dcc5505469b299c6f29163) C:\Windows\system32\DRIVERS\AtiPcie.sys

20:48:29.0421 1528 AtiPcie - ok

20:48:29.0472 1528 atksgt (fc0e8778c000291caf60eb88c011e931) C:\Windows\system32\DRIVERS\atksgt.sys

20:48:29.0515 1528 atksgt - ok

20:48:29.0593 1528 AudioEndpointBuilder (f23fef6d569fce88671949894a8becf1) C:\Windows\System32\Audiosrv.dll

20:48:29.0665 1528 AudioEndpointBuilder - ok

20:48:29.0707 1528 AudioSrv (f23fef6d569fce88671949894a8becf1) C:\Windows\System32\Audiosrv.dll

20:48:29.0747 1528 AudioSrv - ok

20:48:29.0814 1528 AxInstSV (a6bf31a71b409dfa8cac83159e1e2aff) C:\Windows\System32\AxInstSV.dll

20:48:29.0925 1528 AxInstSV - ok

20:48:29.0984 1528 b06bdrv (3e5b191307609f7514148c6832bb0842) C:\Windows\system32\DRIVERS\bxvbda.sys

20:48:30.0038 1528 b06bdrv - ok

20:48:30.0067 1528 b57nd60a (b5ace6968304a3900eeb1ebfd9622df2) C:\Windows\system32\DRIVERS\b57nd60a.sys

20:48:30.0104 1528 b57nd60a - ok

20:48:30.0143 1528 BDESVC (fde360167101b4e45a96f939f388aeb0) C:\Windows\System32\bdesvc.dll

20:48:30.0200 1528 BDESVC - ok

20:48:30.0252 1528 Beep (16a47ce2decc9b099349a5f840654746) C:\Windows\system32\drivers\Beep.sys

20:48:30.0296 1528 Beep - ok

20:48:30.0384 1528 BFE (82974d6a2fd19445cc5171fc378668a4) C:\Windows\System32\bfe.dll

20:48:30.0458 1528 BFE - ok

20:48:30.0504 1528 BITS (1ea7969e3271cbc59e1730697dc74682) C:\Windows\System32\qmgr.dll

20:48:30.0577 1528 BITS - ok

20:48:30.0628 1528 blbdrive (61583ee3c3a17003c4acd0475646b4d3) C:\Windows\system32\DRIVERS\blbdrive.sys

20:48:30.0662 1528 blbdrive - ok

20:48:30.0752 1528 Bonjour Service (673cf4f6bb1fbe09331b526802fbb892) C:\Program Files (x86)\Bonjour\mDNSResponder.exe

20:48:30.0829 1528 Bonjour Service - ok

20:48:30.0927 1528 bowser (6c02a83164f5cc0a262f4199f0871cf5) C:\Windows\system32\DRIVERS\bowser.sys

20:48:30.0951 1528 bowser - ok

20:48:30.0992 1528 BrFiltLo (f09eee9edc320b5e1501f749fde686c8) C:\Windows\system32\DRIVERS\BrFiltLo.sys

20:48:31.0067 1528 BrFiltLo - ok

20:48:31.0100 1528 BrFiltUp (b114d3098e9bdb8bea8b053685831be6) C:\Windows\system32\DRIVERS\BrFiltUp.sys

20:48:31.0114 1528 BrFiltUp - ok

20:48:31.0181 1528 Browser (8ef0d5c41ec907751b8429162b1239ed) C:\Windows\System32\browser.dll

20:48:31.0242 1528 Browser - ok

20:48:31.0273 1528 Brserid (43bea8d483bf1870f018e2d02e06a5bd) C:\Windows\System32\Drivers\Brserid.sys

20:48:31.0307 1528 Brserid - ok

20:48:31.0332 1528 BrSerWdm (a6eca2151b08a09caceca35c07f05b42) C:\Windows\System32\Drivers\BrSerWdm.sys

20:48:31.0363 1528 BrSerWdm - ok

20:48:31.0387 1528 BrUsbMdm (b79968002c277e869cf38bd22cd61524) C:\Windows\System32\Drivers\BrUsbMdm.sys

20:48:31.0418 1528 BrUsbMdm - ok

20:48:31.0450 1528 BrUsbSer (a87528880231c54e75ea7a44943b38bf) C:\Windows\System32\Drivers\BrUsbSer.sys

20:48:31.0482 1528 BrUsbSer - ok

20:48:31.0515 1528 BTHMODEM (9da669f11d1f894ab4eb69bf546a42e8) C:\Windows\system32\DRIVERS\bthmodem.sys

20:48:31.0555 1528 BTHMODEM - ok

20:48:31.0594 1528 bthserv (95f9c2976059462cbbf227f7aab10de9) C:\Windows\system32\bthserv.dll

20:48:31.0656 1528 bthserv - ok

20:48:31.0744 1528 cdfs (b8bd2bb284668c84865658c77574381a) C:\Windows\system32\DRIVERS\cdfs.sys

20:48:31.0796 1528 cdfs - ok

20:48:31.0873 1528 cdrom (f036ce71586e93d94dab220d7bdf4416) C:\Windows\system32\DRIVERS\cdrom.sys

20:48:31.0913 1528 cdrom - ok

20:48:31.0983 1528 CertPropSvc (f17d1d393bbc69c5322fbfafaca28c7f) C:\Windows\System32\certprop.dll

20:48:32.0046 1528 CertPropSvc - ok

20:48:32.0086 1528 circlass (d7cd5c4e1b71fa62050515314cfb52cf) C:\Windows\system32\DRIVERS\circlass.sys

20:48:32.0124 1528 circlass - ok

20:48:32.0171 1528 CLFS (fe1ec06f2253f691fe36217c592a0206) C:\Windows\system32\CLFS.sys

20:48:32.0242 1528 CLFS - ok

20:48:32.0284 1528 clr_optimization_v2.0.50727_32 (d88040f816fda31c3b466f0fa0918f29) C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe

20:48:32.0316 1528 clr_optimization_v2.0.50727_32 - ok

20:48:32.0365 1528 clr_optimization_v2.0.50727_64 (d1ceea2b47cb998321c579651ce3e4f8) C:\Windows\Microsoft.NET\Framework64\v2.0.50727\mscorsvw.exe

20:48:32.0387 1528 clr_optimization_v2.0.50727_64 - ok

20:48:32.0587 1528 clr_optimization_v4.0.30319_32 (c5a75eb48e2344abdc162bda79e16841) C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe

20:48:32.0632 1528 clr_optimization_v4.0.30319_32 - ok

20:48:32.0692 1528 clr_optimization_v4.0.30319_64 (c6f9af94dcd58122a4d7e89db6bed29d) C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe

20:48:32.0710 1528 clr_optimization_v4.0.30319_64 - ok

20:48:32.0783 1528 CmBatt (0840155d0bddf1190f84a663c284bd33) C:\Windows\system32\DRIVERS\CmBatt.sys

20:48:32.0814 1528 CmBatt - ok

20:48:32.0900 1528 cmdide (e19d3f095812725d88f9001985b94edd) C:\Windows\system32\drivers\cmdide.sys

20:48:32.0939 1528 cmdide - ok

20:48:33.0017 1528 CNG (c4943b6c962e4b82197542447ad599f4) C:\Windows\system32\Drivers\cng.sys

20:48:33.0104 1528 CNG - ok

20:48:33.0161 1528 Compbatt (102de219c3f61415f964c88e9085ad14) C:\Windows\system32\DRIVERS\compbatt.sys

20:48:33.0179 1528 Compbatt - ok

20:48:33.0239 1528 CompositeBus (03edb043586cceba243d689bdda370a8) C:\Windows\system32\drivers\CompositeBus.sys

20:48:33.0279 1528 CompositeBus - ok

20:48:33.0308 1528 COMSysApp - ok

20:48:33.0338 1528 crcdisk (1c827878a998c18847245fe1f34ee597) C:\Windows\system32\DRIVERS\crcdisk.sys

20:48:33.0356 1528 crcdisk - ok

20:48:33.0427 1528 CryptSvc (15597883fbe9b056f276ada3ad87d9af) C:\Windows\system32\cryptsvc.dll

20:48:33.0519 1528 CryptSvc - ok

20:48:33.0569 1528 CSC (54da3dfd29ed9f1619b6f53f3ce55e49) C:\Windows\system32\drivers\csc.sys

20:48:33.0648 1528 CSC - ok

20:48:33.0682 1528 CscService (3ab183ab4d2c79dcf459cd2c1266b043) C:\Windows\System32\cscsvc.dll

20:48:33.0753 1528 CscService - ok

20:48:33.0816 1528 CVirtA (44bddeb03c84a1c993c992ffb5700357) C:\Windows\system32\DRIVERS\CVirtA64.sys

20:48:33.0850 1528 CVirtA - ok

20:48:33.0996 1528 CVPND (66257cb4e4fb69887cddc71663741435) C:\Program Files (x86)\Cisco Systems\VPN Client\cvpnd.exe

20:48:34.0185 1528 CVPND - ok

20:48:34.0249 1528 CVPNDRVA (cc8e52daa9826064ba464dbe531f2bb5) C:\Windows\system32\Drivers\CVPNDRVA.sys

20:48:34.0270 1528 CVPNDRVA - ok

20:48:34.0348 1528 DcomLaunch (5c627d1b1138676c0a7ab2c2c190d123) C:\Windows\system32\rpcss.dll

20:48:34.0419 1528 DcomLaunch - ok

20:48:34.0463 1528 defragsvc (3cec7631a84943677aa8fa8ee5b6b43d) C:\Windows\System32\defragsvc.dll

20:48:34.0585 1528 defragsvc - ok

20:48:34.0650 1528 DfsC (9bb2ef44eaa163b29c4a4587887a0fe4) C:\Windows\system32\Drivers\dfsc.sys

20:48:34.0709 1528 DfsC - ok

20:48:34.0793 1528 Dhcp (43d808f5d9e1a18e5eeb5ebc83969e4e) C:\Windows\system32\dhcpcore.dll

20:48:34.0855 1528 Dhcp - ok

20:48:34.0905 1528 discache (13096b05847ec78f0977f2c0f79e9ab3) C:\Windows\system32\drivers\discache.sys

20:48:34.0935 1528 discache - ok

20:48:35.0006 1528 Disk (9819eee8b5ea3784ec4af3b137a5244c) C:\Windows\system32\DRIVERS\disk.sys

20:48:35.0021 1528 Disk - ok

20:48:35.0088 1528 DNE (05cb5910b3ca6019fc3cca815ee06ffb) C:\Windows\system32\DRIVERS\dne64x.sys

20:48:35.0103 1528 DNE - ok

20:48:35.0165 1528 Dnscache (16835866aaa693c7d7fceba8fff706e4) C:\Windows\System32\dnsrslvr.dll

20:48:35.0228 1528 Dnscache - ok

20:48:35.0282 1528 dot3svc (b1fb3ddca0fdf408750d5843591afbc6) C:\Windows\System32\dot3svc.dll

20:48:35.0336 1528 dot3svc - ok

20:48:35.0373 1528 DPS (b26f4f737e8f9df4f31af6cf31d05820) C:\Windows\system32\dps.dll

20:48:35.0428 1528 DPS - ok

20:48:35.0477 1528 drmkaud (9b19f34400d24df84c858a421c205754) C:\Windows\system32\drivers\drmkaud.sys

20:48:35.0491 1528 drmkaud - ok

20:48:35.0553 1528 DXGKrnl (f5bee30450e18e6b83a5012c100616fd) C:\Windows\System32\drivers\dxgkrnl.sys

20:48:35.0588 1528 DXGKrnl - ok

20:48:35.0624 1528 EapHost (e2dda8726da9cb5b2c4000c9018a9633) C:\Windows\System32\eapsvc.dll

20:48:35.0663 1528 EapHost - ok

20:48:35.0765 1528 ebdrv (dc5d737f51be844d8c82c695eb17372f) C:\Windows\system32\DRIVERS\evbda.sys

20:48:35.0883 1528 ebdrv - ok

20:48:35.0923 1528 EFS (c118a82cd78818c29ab228366ebf81c3) C:\Windows\System32\lsass.exe

20:48:35.0981 1528 EFS - ok

20:48:36.0048 1528 ehRecvr (c4002b6b41975f057d98c439030cea07) C:\Windows\ehome\ehRecvr.exe

20:48:36.0130 1528 ehRecvr - ok

20:48:36.0146 1528 ehSched (4705e8ef9934482c5bb488ce28afc681) C:\Windows\ehome\ehsched.exe

20:48:36.0274 1528 ehSched - ok

20:48:36.0335 1528 elxstor (0e5da5369a0fcaea12456dd852545184) C:\Windows\system32\DRIVERS\elxstor.sys

20:48:36.0365 1528 elxstor - ok

20:48:36.0403 1528 Envy24HFS (947b36a9223d7730b73a7b03d5ffd269) C:\Windows\system32\drivers\Envy24HF.sys

20:48:36.0458 1528 Envy24HFS - ok

20:48:36.0508 1528 ErrDev (34a3c54752046e79a126e15c51db409b) C:\Windows\system32\drivers\errdev.sys

20:48:36.0539 1528 ErrDev - ok

20:48:36.0593 1528 EventSystem (4166f82be4d24938977dd1746be9b8a0) C:\Windows\system32\es.dll

20:48:36.0658 1528 EventSystem - ok

20:48:36.0704 1528 exfat (a510c654ec00c1e9bdd91eeb3a59823b) C:\Windows\system32\drivers\exfat.sys

20:48:36.0738 1528 exfat - ok

20:48:36.0774 1528 fastfat (0adc83218b66a6db380c330836f3e36d) C:\Windows\system32\drivers\fastfat.sys

20:48:36.0828 1528 fastfat - ok

20:48:36.0899 1528 Fax (dbefd454f8318a0ef691fdd2eaab44eb) C:\Windows\system32\fxssvc.exe

20:48:37.0111 1528 Fax - ok

20:48:37.0151 1528 fdc (d765d19cd8ef61f650c384f62fac00ab) C:\Windows\system32\DRIVERS\fdc.sys

20:48:37.0186 1528 fdc - ok

20:48:37.0223 1528 fdPHost (0438cab2e03f4fb61455a7956026fe86) C:\Windows\system32\fdPHost.dll

20:48:37.0270 1528 fdPHost - ok

20:48:37.0299 1528 FDResPub (802496cb59a30349f9a6dd22d6947644) C:\Windows\system32\fdrespub.dll

20:48:37.0351 1528 FDResPub - ok

20:48:37.0401 1528 FileInfo (655661be46b5f5f3fd454e2c3095b930) C:\Windows\system32\drivers\fileinfo.sys

20:48:37.0420 1528 FileInfo - ok

20:48:37.0460 1528 Filetrace (5f671ab5bc87eea04ec38a6cd5962a47) C:\Windows\system32\drivers\filetrace.sys

20:48:37.0509 1528 Filetrace - ok

20:48:37.0577 1528 FLEXnet Licensing Service (f76d04f7413b07daa029f6520b64b4e8) C:\Program Files (x86)\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe

20:48:37.0761 1528 FLEXnet Licensing Service ( UnsignedFile.Multi.Generic ) - warning

20:48:37.0761 1528 FLEXnet Licensing Service - detected UnsignedFile.Multi.Generic (1)

20:48:37.0831 1528 flpydisk (c172a0f53008eaeb8ea33fe10e177af5) C:\Windows\system32\DRIVERS\flpydisk.sys

20:48:37.0845 1528 flpydisk - ok

20:48:37.0908 1528 FltMgr (da6b67270fd9db3697b20fce94950741) C:\Windows\system32\drivers\fltmgr.sys

20:48:37.0931 1528 FltMgr - ok

20:48:38.0014 1528 FontCache (5c4cb4086fb83115b153e47add961a0c) C:\Windows\system32\FntCache.dll

20:48:38.0102 1528 FontCache - ok

20:48:38.0184 1528 FontCache3.0.0.0 (a8b7f3818ab65695e3a0bb3279f6dce6) C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe

20:48:38.0196 1528 FontCache3.0.0.0 - ok

20:48:38.0240 1528 FsDepends (d43703496149971890703b4b1b723eac) C:\Windows\system32\drivers\FsDepends.sys

20:48:38.0254 1528 FsDepends - ok

20:48:38.0278 1528 Fs_Rec (e95ef8547de20cf0603557c0cf7a9462) C:\Windows\system32\drivers\Fs_Rec.sys

20:48:38.0290 1528 Fs_Rec - ok

20:48:38.0355 1528 fvevol (1f7b25b858fa27015169fe95e54108ed) C:\Windows\system32\DRIVERS\fvevol.sys

20:48:38.0374 1528 fvevol - ok

20:48:38.0401 1528 gagp30kx (8c778d335c9d272cfd3298ab02abe3b6) C:\Windows\system32\DRIVERS\gagp30kx.sys

20:48:38.0415 1528 gagp30kx - ok

20:48:38.0471 1528 GEARAspiWDM (e403aacf8c7bb11375122d2464560311) C:\Windows\system32\DRIVERS\GEARAspiWDM.sys

20:48:38.0482 1528 GEARAspiWDM - ok

20:48:38.0541 1528 gpsvc (277bbc7e1aa1ee957f573a10eca7ef3a) C:\Windows\System32\gpsvc.dll

20:48:38.0674 1528 gpsvc - ok

20:48:38.0799 1528 gupdate (8f0de4fef8201e306f9938b0905ac96a) C:\Program Files (x86)\Google\Update\GoogleUpdate.exe

20:48:38.0855 1528 gupdate - ok

20:48:38.0898 1528 gupdatem (8f0de4fef8201e306f9938b0905ac96a) C:\Program Files (x86)\Google\Update\GoogleUpdate.exe

20:48:38.0929 1528 gupdatem - ok

20:48:39.0000 1528 hcw85cir (f2523ef6460fc42405b12248338ab2f0) C:\Windows\system32\drivers\hcw85cir.sys

20:48:39.0051 1528 hcw85cir - ok

20:48:39.0114 1528 HdAudAddService (975761c778e33cd22498059b91e7373a) C:\Windows\system32\drivers\HdAudio.sys

20:48:39.0159 1528 HdAudAddService - ok

20:48:39.0225 1528 HDAudBus (97bfed39b6b79eb12cddbfeed51f56bb) C:\Windows\system32\drivers\HDAudBus.sys

20:48:39.0264 1528 HDAudBus - ok

20:48:39.0306 1528 HidBatt (78e86380454a7b10a5eb255dc44a355f) C:\Windows\system32\DRIVERS\HidBatt.sys

20:48:39.0347 1528 HidBatt - ok

20:48:39.0382 1528 HidBth (7fd2a313f7afe5c4dab14798c48dd104) C:\Windows\system32\DRIVERS\hidbth.sys

20:48:39.0399 1528 HidBth - ok

20:48:39.0415 1528 HidIr (0a77d29f311b88cfae3b13f9c1a73825) C:\Windows\system32\DRIVERS\hidir.sys

20:48:39.0458 1528 HidIr - ok

20:48:39.0498 1528 hidserv (bd9eb3958f213f96b97b1d897dee006d) C:\Windows\system32\hidserv.dll

20:48:39.0549 1528 hidserv - ok

20:48:39.0636 1528 HidUsb (9592090a7e2b61cd582b612b6df70536) C:\Windows\system32\DRIVERS\hidusb.sys

20:48:39.0649 1528 HidUsb - ok

20:48:39.0761 1528 HiPatchService (5a457c3d00c1c701230a12aa1580114d) C:\Program Files (x86)\Hi-Rez Studios\HiPatchService.exe

20:48:39.0796 1528 HiPatchService ( UnsignedFile.Multi.Generic ) - warning

20:48:39.0796 1528 HiPatchService - detected UnsignedFile.Multi.Generic (1)

20:48:39.0834 1528 hkmsvc (387e72e739e15e3d37907a86d9ff98e2) C:\Windows\system32\kmsvc.dll

20:48:39.0873 1528 hkmsvc - ok

20:48:39.0924 1528 HomeGroupListener (efdfb3dd38a4376f93e7985173813abd) C:\Windows\system32\ListSvc.dll

20:48:40.0025 1528 HomeGroupListener - ok

20:48:40.0071 1528 HomeGroupProvider (908acb1f594274965a53926b10c81e89) C:\Windows\system32\provsvc.dll

20:48:40.0138 1528 HomeGroupProvider - ok

20:48:40.0198 1528 hpnuhst (32f11ae357bf3c947a23ac21392a35a0) C:\Windows\system32\DRIVERS\hpnuhst.sys

20:48:40.0244 1528 hpnuhst - ok

20:48:40.0279 1528 HPNUHUB (3134571337a4fc30940ba6142db31a00) C:\Windows\system32\DRIVERS\hpnuhub.sys

20:48:40.0328 1528 HPNUHUB - ok

20:48:40.0389 1528 HpSAMD (39d2abcd392f3d8a6dce7b60ae7b8efc) C:\Windows\system32\drivers\HpSAMD.sys

20:48:40.0402 1528 HpSAMD - ok

20:48:40.0468 1528 HTTP (0ea7de1acb728dd5a369fd742d6eee28) C:\Windows\system32\drivers\HTTP.sys

20:48:40.0532 1528 HTTP - ok

20:48:40.0568 1528 hwpolicy (a5462bd6884960c9dc85ed49d34ff392) C:\Windows\system32\drivers\hwpolicy.sys

20:48:40.0579 1528 hwpolicy - ok

20:48:40.0637 1528 i8042prt (fa55c73d4affa7ee23ac4be53b4592d3) C:\Windows\system32\drivers\i8042prt.sys

20:48:40.0693 1528 i8042prt - ok

20:48:40.0766 1528 iaStorV (aaaf44db3bd0b9d1fb6969b23ecc8366) C:\Windows\system32\drivers\iaStorV.sys

20:48:40.0797 1528 iaStorV - ok

20:48:40.0883 1528 idsvc (5988fc40f8db5b0739cd1e3a5d0d78bd) C:\Windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\infocard.exe

20:48:40.0928 1528 idsvc - ok

20:48:40.0964 1528 IDVistaService (704c3164cf06a67886c305ea3677510b) C:\Program Files (x86)\Input Director\IDVistaService.exe

20:48:41.0018 1528 IDVistaService ( UnsignedFile.Multi.Generic ) - warning

20:48:41.0019 1528 IDVistaService - detected UnsignedFile.Multi.Generic (1)

20:48:41.0088 1528 iirsp (5c18831c61933628f5bb0ea2675b9d21) C:\Windows\system32\DRIVERS\iirsp.sys

20:48:41.0100 1528 iirsp - ok

20:48:41.0167 1528 IKEEXT (fcd84c381e0140af901e58d48882d26b) C:\Windows\System32\ikeext.dll

20:48:41.0235 1528 IKEEXT - ok

20:48:41.0288 1528 InputDirector (fb7f9fad063ae5269a6147e3a48acd03) C:\Program Files (x86)\Input Director\IDWinService.exe

20:48:41.0328 1528 InputDirector ( UnsignedFile.Multi.Generic ) - warning

20:48:41.0328 1528 InputDirector - detected UnsignedFile.Multi.Generic (1)

20:48:41.0475 1528 IntcAzAudAddService (f5872a11eb4f6db170d636cd4e53ca9f) C:\Windows\system32\drivers\RTKVHD64.sys

20:48:41.0556 1528 IntcAzAudAddService - ok

20:48:41.0611 1528 intelide (f00f20e70c6ec3aa366910083a0518aa) C:\Windows\system32\drivers\intelide.sys

20:48:41.0623 1528 intelide - ok

20:48:41.0652 1528 intelppm (ada036632c664caa754079041cf1f8c1) C:\Windows\system32\DRIVERS\intelppm.sys

20:48:41.0686 1528 intelppm - ok

20:48:41.0722 1528 IPBusEnum (098a91c54546a3b878dad6a7e90a455b) C:\Windows\system32\ipbusenum.dll

20:48:41.0764 1528 IPBusEnum - ok

20:48:41.0810 1528 IpFilterDriver (c9f0e1bd74365a8771590e9008d22ab6) C:\Windows\system32\DRIVERS\ipfltdrv.sys

20:48:41.0862 1528 IpFilterDriver - ok

20:48:41.0894 1528 IPMIDRV (0fc1aea580957aa8817b8f305d18ca3a) C:\Windows\system32\drivers\IPMIDrv.sys

20:48:41.0929 1528 IPMIDRV - ok

20:48:41.0971 1528 IPNAT (af9b39a7e7b6caa203b3862582e9f2d0) C:\Windows\system32\drivers\ipnat.sys

20:48:42.0027 1528 IPNAT - ok

20:48:42.0118 1528 iPod Service (3151d878bb16307ef2cf4cda2463d15e) C:\Program Files\iPod\bin\iPodService.exe

20:48:42.0259 1528 iPod Service - ok

20:48:42.0286 1528 IRENUM (3abf5e7213eb28966d55d58b515d5ce9) C:\Windows\system32\drivers\irenum.sys

20:48:42.0355 1528 IRENUM - ok

20:48:42.0396 1528 isapnp (2f7b28dc3e1183e5eb418df55c204f38) C:\Windows\system32\drivers\isapnp.sys

20:48:42.0414 1528 isapnp - ok

20:48:42.0464 1528 iScsiPrt (d931d7309deb2317035b07c9f9e6b0bd) C:\Windows\system32\drivers\msiscsi.sys

20:48:42.0490 1528 iScsiPrt - ok

20:48:42.0568 1528 jswpbapi (7e90e9365fd976b672da6f30595a7840) C:\Program Files (x86)\TP-LINK\QSS\jswpbapi.exe

20:48:42.0736 1528 jswpbapi ( UnsignedFile.Multi.Generic ) - warning

20:48:42.0736 1528 jswpbapi - detected UnsignedFile.Multi.Generic (1)

20:48:42.0829 1528 jswpsapi (e712a6b57943d65aa587655335ef9dad) C:\Program Files (x86)\TP-LINK\QSS\jswpsapi.exe

20:48:42.0950 1528 jswpsapi ( UnsignedFile.Multi.Generic ) - warning

20:48:42.0950 1528 jswpsapi - detected UnsignedFile.Multi.Generic (1)

20:48:43.0048 1528 JSWPSLWF (5be640e88814b77a9e84b4549b5dcc2c) C:\Windows\system32\DRIVERS\jswpslwfx.sys

20:48:43.0157 1528 JSWPSLWF - ok

20:48:43.0233 1528 kbdclass (bc02336f1cba7dcc7d1213bb588a68a5) C:\Windows\system32\DRIVERS\kbdclass.sys

20:48:43.0252 1528 kbdclass - ok

20:48:43.0279 1528 kbdhid (0705eff5b42a9db58548eec3b26bb484) C:\Windows\system32\DRIVERS\kbdhid.sys

20:48:43.0299 1528 kbdhid - ok

20:48:43.0362 1528 KeyIso (c118a82cd78818c29ab228366ebf81c3) C:\Windows\system32\lsass.exe

20:48:43.0388 1528 KeyIso - ok

20:48:43.0406 1528 KSecDD (da1e991a61cfdd755a589e206b97644b) C:\Windows\system32\Drivers\ksecdd.sys

20:48:43.0427 1528 KSecDD - ok

20:48:43.0461 1528 KSecPkg (7e33198d956943a4f11a5474c1e9106f) C:\Windows\system32\Drivers\ksecpkg.sys

20:48:43.0485 1528 KSecPkg - ok

20:48:43.0539 1528 ksthunk (6869281e78cb31a43e969f06b57347c4) C:\Windows\system32\drivers\ksthunk.sys

20:48:43.0638 1528 ksthunk - ok

20:48:43.0693 1528 KtmRm (6ab66e16aa859232f64deb66887a8c9c) C:\Windows\system32\msdtckrm.dll

20:48:43.0777 1528 KtmRm - ok

20:48:43.0842 1528 LanmanServer (d9f42719019740baa6d1c6d536cbdaa6) C:\Windows\system32\srvsvc.dll

20:48:43.0899 1528 LanmanServer - ok

20:48:43.0941 1528 LanmanWorkstation (851a1382eed3e3a7476db004f4ee3e1a) C:\Windows\System32\wkssvc.dll

20:48:43.0997 1528 LanmanWorkstation - ok

20:48:44.0094 1528 LBTServ (88e52495b47c67126b510af53fdb0bc7) C:\Program Files\Common Files\Logishrd\Bluetooth\LBTServ.exe

20:48:44.0202 1528 LBTServ - ok

20:48:44.0321 1528 LHidFilt (b6552d382ff070b4ed34cbd6737277c0) C:\Windows\system32\DRIVERS\LHidFilt.Sys

20:48:44.0338 1528 LHidFilt - ok

20:48:44.0456 1528 Linksys_adapter_H (584528bf596a54b2bf6be5067adda44a) C:\Windows\system32\DRIVERS\AE1200w764.sys

20:48:44.0521 1528 Linksys_adapter_H - ok

20:48:44.0591 1528 lirsgt (156ab2e56dc3ca0b582e3362e07cded7) C:\Windows\system32\DRIVERS\lirsgt.sys

20:48:44.0631 1528 lirsgt - ok

20:48:44.0684 1528 lltdio (1538831cf8ad2979a04c423779465827) C:\Windows\system32\DRIVERS\lltdio.sys

20:48:44.0743 1528 lltdio - ok

20:48:44.0816 1528 lltdsvc (c1185803384ab3feed115f79f109427f) C:\Windows\System32\lltdsvc.dll

20:48:44.0874 1528 lltdsvc - ok

20:48:44.0909 1528 lmhosts (f993a32249b66c9d622ea5592a8b76b8) C:\Windows\System32\lmhsvc.dll

20:48:44.0943 1528 lmhosts - ok

20:48:45.0010 1528 LMouFilt (73c1f563ab73d459dffe682d66476558) C:\Windows\system32\DRIVERS\LMouFilt.Sys

20:48:45.0022 1528 LMouFilt - ok

20:48:45.0077 1528 LSI_FC (1a93e54eb0ece102495a51266dcdb6a6) C:\Windows\system32\DRIVERS\lsi_fc.sys

20:48:45.0123 1528 LSI_FC - ok

20:48:45.0171 1528 LSI_SAS (1047184a9fdc8bdbff857175875ee810) C:\Windows\system32\DRIVERS\lsi_sas.sys

20:48:45.0194 1528 LSI_SAS - ok

20:48:45.0234 1528 LSI_SAS2 (30f5c0de1ee8b5bc9306c1f0e4a75f93) C:\Windows\system32\DRIVERS\lsi_sas2.sys

20:48:45.0253 1528 LSI_SAS2 - ok

20:48:45.0274 1528 LSI_SCSI (0504eacaff0d3c8aed161c4b0d369d4a) C:\Windows\system32\DRIVERS\lsi_scsi.sys

20:48:45.0293 1528 LSI_SCSI - ok

20:48:45.0318 1528 luafv (43d0f98e1d56ccddb0d5254cff7b356e) C:\Windows\system32\drivers\luafv.sys

20:48:45.0376 1528 luafv - ok

20:48:45.0444 1528 LUsbFilt (9d9714e78eac9e5368208649489c920e) C:\Windows\system32\Drivers\LUsbFilt.Sys

20:48:45.0456 1528 LUsbFilt - ok

20:48:45.0503 1528 Mcx2Svc (0be09cd858abf9df6ed259d57a1a1663) C:\Windows\system32\Mcx2Svc.dll

20:48:45.0547 1528 Mcx2Svc - ok

20:48:45.0586 1528 megasas (a55805f747c6edb6a9080d7c633bd0f4) C:\Windows\system32\DRIVERS\megasas.sys

20:48:45.0599 1528 megasas - ok

20:48:45.0619 1528 MegaSR (baf74ce0072480c3b6b7c13b2a94d6b3) C:\Windows\system32\DRIVERS\MegaSR.sys

20:48:45.0640 1528 MegaSR - ok

20:48:45.0718 1528 Microsoft SharePoint Workspace Audit Service - ok

20:48:45.0771 1528 MMCSS (e40e80d0304a73e8d269f7141d77250b) C:\Windows\system32\mmcss.dll

20:48:45.0869 1528 MMCSS - ok

20:48:45.0916 1528 Modem (800ba92f7010378b09f9ed9270f07137) C:\Windows\system32\drivers\modem.sys

20:48:45.0970 1528 Modem - ok

20:48:46.0040 1528 monitor (b03d591dc7da45ece20b3b467e6aadaa) C:\Windows\system32\DRIVERS\monitor.sys

20:48:46.0093 1528 monitor - ok

20:48:46.0143 1528 mouclass (7d27ea49f3c1f687d357e77a470aea99) C:\Windows\system32\DRIVERS\mouclass.sys

20:48:46.0156 1528 mouclass - ok

20:48:46.0189 1528 mouhid (d3bf052c40b0c4166d9fd86a4288c1e6) C:\Windows\system32\DRIVERS\mouhid.sys

20:48:46.0226 1528 mouhid - ok

20:48:46.0267 1528 mountmgr (32e7a3d591d671a6df2db515a5cbe0fa) C:\Windows\system32\drivers\mountmgr.sys

20:48:46.0319 1528 mountmgr - ok

20:48:46.0403 1528 MpFilter (c177a7ebf5e8a0b596f618870516cab8) C:\Windows\system32\DRIVERS\MpFilter.sys

20:48:46.0452 1528 MpFilter - ok

20:48:46.0506 1528 mpio (a44b420d30bd56e145d6a2bc8768ec58) C:\Windows\system32\drivers\mpio.sys

20:48:46.0528 1528 mpio - ok

20:48:46.0645 1528 MpKslda5b6dc1 - ok

20:48:46.0694 1528 MpNWMon (8fbf6b31fe8af1833d93c5913d5b4d55) C:\Windows\system32\DRIVERS\MpNWMon.sys

20:48:46.0712 1528 MpNWMon - ok

20:48:46.0747 1528 mpsdrv (6c38c9e45ae0ea2fa5e551f2ed5e978f) C:\Windows\system32\drivers\mpsdrv.sys

20:48:46.0865 1528 mpsdrv - ok

20:48:46.0958 1528 MpsSvc (54ffc9c8898113ace189d4aa7199d2c1) C:\Windows\system32\mpssvc.dll

20:48:47.0046 1528 MpsSvc - ok

20:48:47.0088 1528 MRxDAV (dc722758b8261e1abafd31a3c0a66380) C:\Windows\system32\drivers\mrxdav.sys

20:48:47.0127 1528 MRxDAV - ok

20:48:47.0168 1528 mrxsmb (a5d9106a73dc88564c825d317cac68ac) C:\Windows\system32\DRIVERS\mrxsmb.sys

20:48:47.0222 1528 mrxsmb - ok

20:48:47.0279 1528 mrxsmb10 (d711b3c1d5f42c0c2415687be09fc163) C:\Windows\system32\DRIVERS\mrxsmb10.sys

20:48:47.0320 1528 mrxsmb10 - ok

20:48:47.0359 1528 mrxsmb20 (9423e9d355c8d303e76b8cfbd8a5c30c) C:\Windows\system32\DRIVERS\mrxsmb20.sys

20:48:47.0377 1528 mrxsmb20 - ok

20:48:47.0425 1528 msahci (c25f0bafa182cbca2dd3c851c2e75796) C:\Windows\system32\drivers\msahci.sys

20:48:47.0438 1528 msahci - ok

20:48:47.0495 1528 msdsm (db801a638d011b9633829eb6f663c900) C:\Windows\system32\drivers\msdsm.sys

20:48:47.0511 1528 msdsm - ok

20:48:47.0547 1528 MSDTC (de0ece52236cfa3ed2dbfc03f28253a8) C:\Windows\System32\msdtc.exe

20:48:47.0595 1528 MSDTC - ok

20:48:47.0649 1528 Msfs (aa3fb40e17ce1388fa1bedab50ea8f96) C:\Windows\system32\drivers\Msfs.sys

20:48:47.0678 1528 Msfs - ok

20:48:47.0696 1528 mshidkmdf (f9d215a46a8b9753f61767fa72a20326) C:\Windows\System32\drivers\mshidkmdf.sys

20:48:47.0745 1528 mshidkmdf - ok

20:48:47.0763 1528 msisadrv (d916874bbd4f8b07bfb7fa9b3ccae29d) C:\Windows\system32\drivers\msisadrv.sys

20:48:47.0792 1528 msisadrv - ok

20:48:47.0852 1528 MSiSCSI (808e98ff49b155c522e6400953177b08) C:\Windows\system32\iscsiexe.dll

20:48:47.0951 1528 MSiSCSI - ok

20:48:47.0981 1528 msiserver - ok

20:48:48.0036 1528 MSKSSRV (49ccf2c4fea34ffad8b1b59d49439366) C:\Windows\system32\drivers\MSKSSRV.sys

20:48:48.0072 1528 MSKSSRV - ok

20:48:48.0198 1528 MsMpSvc (157e9e498206a3366baa7e4697bdd947) C:\Program Files\Microsoft Security Client\Antimalware\MsMpEng.exe

20:48:48.0212 1528 MsMpSvc - ok

20:48:48.0262 1528 MSPCLOCK (bdd71ace35a232104ddd349ee70e1ab3) C:\Windows\system32\drivers\MSPCLOCK.sys

20:48:48.0307 1528 MSPCLOCK - ok

20:48:48.0346 1528 MSPQM (4ed981241db27c3383d72092b618a1d0) C:\Windows\system32\drivers\MSPQM.sys

20:48:48.0396 1528 MSPQM - ok

20:48:48.0474 1528 MsRPC (759a9eeb0fa9ed79da1fb7d4ef78866d) C:\Windows\system32\drivers\MsRPC.sys

20:48:48.0545 1528 MsRPC - ok

20:48:48.0595 1528 mssmbios (0eed230e37515a0eaee3c2e1bc97b288) C:\Windows\system32\drivers\mssmbios.sys

20:48:48.0614 1528 mssmbios - ok

20:48:48.0644 1528 MSTEE (2e66f9ecb30b4221a318c92ac2250779) C:\Windows\system32\drivers\MSTEE.sys

20:48:48.0699 1528 MSTEE - ok

20:48:48.0726 1528 MTConfig (7ea404308934e675bffde8edf0757bcd) C:\Windows\system32\DRIVERS\MTConfig.sys

20:48:48.0755 1528 MTConfig - ok

20:48:48.0817 1528 MTsensor (03b7145c889603537e9ffeabb1ad1089) C:\Windows\system32\DRIVERS\ASACPI.sys

20:48:48.0879 1528 MTsensor - ok

20:48:48.0918 1528 Mup (f9a18612fd3526fe473c1bda678d61c8) C:\Windows\system32\Drivers\mup.sys

20:48:48.0931 1528 Mup - ok

20:48:48.0990 1528 napagent (582ac6d9873e31dfa28a4547270862dd) C:\Windows\system32\qagentRT.dll

20:48:49.0049 1528 napagent - ok

20:48:49.0103 1528 NativeWifiP (1ea3749c4114db3e3161156ffffa6b33) C:\Windows\system32\DRIVERS\nwifi.sys

20:48:49.0180 1528 NativeWifiP - ok

20:48:49.0232 1528 NDIS (79b47fd40d9a817e932f9d26fac0a81c) C:\Windows\system32\drivers\ndis.sys

20:48:49.0291 1528 NDIS - ok

20:48:49.0326 1528 NdisCap (9f9a1f53aad7da4d6fef5bb73ab811ac) C:\Windows\system32\DRIVERS\ndiscap.sys

20:48:49.0368 1528 NdisCap - ok

20:48:49.0393 1528 NdisTapi (30639c932d9fef22b31268fe25a1b6e5) C:\Windows\system32\DRIVERS\ndistapi.sys

20:48:49.0445 1528 NdisTapi - ok

20:48:49.0503 1528 Ndisuio (136185f9fb2cc61e573e676aa5402356) C:\Windows\system32\DRIVERS\ndisuio.sys

20:48:49.0552 1528 Ndisuio - ok

20:48:49.0590 1528 NdisWan (53f7305169863f0a2bddc49e116c2e11) C:\Windows\system32\DRIVERS\ndiswan.sys

20:48:49.0638 1528 NdisWan - ok

20:48:49.0677 1528 NDProxy (015c0d8e0e0421b4cfd48cffe2825879) C:\Windows\system32\drivers\NDProxy.sys

20:48:49.0724 1528 NDProxy - ok

20:48:49.0767 1528 NetBIOS (86743d9f5d2b1048062b14b1d84501c4) C:\Windows\system32\DRIVERS\netbios.sys

20:48:49.0796 1528 NetBIOS - ok

20:48:49.0851 1528 NetBT (09594d1089c523423b32a4229263f068) C:\Windows\system32\DRIVERS\netbt.sys

20:48:49.0958 1528 NetBT - ok

20:48:50.0026 1528 Netlogon (c118a82cd78818c29ab228366ebf81c3) C:\Windows\system32\lsass.exe

20:48:50.0052 1528 Netlogon - ok

20:48:50.0092 1528 Netman (847d3ae376c0817161a14a82c8922a9e) C:\Windows\System32\netman.dll

20:48:50.0162 1528 Netman - ok

20:48:50.0191 1528 netprofm (5f28111c648f1e24f7dbc87cdeb091b8) C:\Windows\System32\netprofm.dll

20:48:50.0253 1528 netprofm - ok

20:48:50.0360 1528 netr28x (68cdb276a3009f0cf000c6352c1f72e7) C:\Windows\system32\DRIVERS\netr28x.sys

20:48:50.0424 1528 netr28x - ok

20:48:50.0455 1528 netr7364 - ok

20:48:50.0533 1528 NetTcpPortSharing (3e5a36127e201ddf663176b66828fafe) C:\Windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\SMSvcHost.exe

20:48:50.0585 1528 NetTcpPortSharing - ok

20:48:50.0616 1528 nfrd960 (77889813be4d166cdab78ddba990da92) C:\Windows\system32\DRIVERS\nfrd960.sys

20:48:50.0633 1528 nfrd960 - ok

20:48:50.0700 1528 NisDrv (5f7d72cbcdd025af1f38fdeee5646968) C:\Windows\system32\DRIVERS\NisDrvWFP.sys

20:48:50.0718 1528 NisDrv - ok

20:48:50.0817 1528 NisSrv (566ddd5d82520da01d75f81428ac4c38) C:\Program Files\Microsoft Security Client\Antimalware\NisSrv.exe

20:48:50.0853 1528 NisSrv - ok

20:48:50.0921 1528 NlaSvc (1ee99a89cc788ada662441d1e9830529) C:\Windows\System32\nlasvc.dll

20:48:50.0983 1528 NlaSvc - ok

20:48:51.0032 1528 Npfs (1e4c4ab5c9b8dd13179bbdc75a2a01f7) C:\Windows\system32\drivers\Npfs.sys

20:48:51.0061 1528 Npfs - ok

20:48:51.0085 1528 nsi (d54bfdf3e0c953f823b3d0bfe4732528) C:\Windows\system32\nsisvc.dll

20:48:51.0120 1528 nsi - ok

20:48:51.0131 1528 nsiproxy (e7f5ae18af4168178a642a9247c63001) C:\Windows\system32\drivers\nsiproxy.sys

20:48:51.0174 1528 nsiproxy - ok

20:48:51.0274 1528 Ntfs (a2f74975097f52a00745f9637451fdd8) C:\Windows\system32\drivers\Ntfs.sys

20:48:51.0366 1528 Ntfs - ok

20:48:51.0494 1528 NTIOLib_1_0_2 (f66b96aa7ae430b56289409241645099) C:\Program Files (x86)\MSI\BIOSUnlockCPUCore\NTIOLib_X64.sys

20:48:51.0517 1528 NTIOLib_1_0_2 - ok

20:48:51.0593 1528 Null (9899284589f75fa8724ff3d16aed75c1) C:\Windows\system32\drivers\Null.sys

20:48:51.0650 1528 Null - ok

20:48:51.0694 1528 nusb3hub (0ebc9d13cd96c15b1b18d8678a609e4b) C:\Windows\system32\DRIVERS\nusb3hub.sys

20:48:51.0775 1528 nusb3hub - ok

20:48:51.0842 1528 nusb3xhc (7bdec000d56d485021d9c1e63c2f81ca) C:\Windows\system32\DRIVERS\nusb3xhc.sys

20:48:51.0890 1528 nusb3xhc - ok

20:48:51.0926 1528 NVENETFD (a85b4f2ef3a7304a5399ef0526423040) C:\Windows\system32\DRIVERS\nvm62x64.sys

20:48:51.0965 1528 NVENETFD - ok

20:48:52.0029 1528 nvraid (0a92cb65770442ed0dc44834632f66ad) C:\Windows\system32\drivers\nvraid.sys

20:48:52.0046 1528 nvraid - ok

20:48:52.0071 1528 nvstor (dab0e87525c10052bf65f06152f37e4a) C:\Windows\system32\drivers\nvstor.sys

20:48:52.0110 1528 nvstor - ok

20:48:52.0178 1528 nv_agp (270d7cd42d6e3979f6dd0146650f0e05) C:\Windows\system32\drivers\nv_agp.sys

20:48:52.0236 1528 nv_agp - ok

20:48:52.0287 1528 ohci1394 (3589478e4b22ce21b41fa1bfc0b8b8a0) C:\Windows\system32\drivers\ohci1394.sys

20:48:52.0359 1528 ohci1394 - ok

20:48:52.0455 1528 ose (9d10f99a6712e28f8acd5641e3a7ea6b) C:\Program Files (x86)\Common Files\Microsoft Shared\Source Engine\OSE.EXE

20:48:52.0570 1528 ose - ok

20:48:52.0761 1528 osppsvc (61bffb5f57ad12f83ab64b7181829b34) C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE

20:48:53.0028 1528 osppsvc - ok

20:48:53.0107 1528 p2pimsvc (3eac4455472cc2c97107b5291e0dcafe) C:\Windows\system32\pnrpsvc.dll

20:48:53.0179 1528 p2pimsvc - ok

20:48:53.0205 1528 p2psvc (927463ecb02179f88e4b9a17568c63c3) C:\Windows\system32\p2psvc.dll

20:48:53.0235 1528 p2psvc - ok

20:48:53.0285 1528 Parport (0086431c29c35be1dbc43f52cc273887) C:\Windows\system32\DRIVERS\parport.sys

20:48:53.0302 1528 Parport - ok

20:48:53.0355 1528 partmgr (871eadac56b0a4c6512bbe32753ccf79) C:\Windows\system32\drivers\partmgr.sys

20:48:53.0370 1528 partmgr - ok

20:48:53.0461 1528 PCASp50 (6ae2d4cc74b93d4892f5a5bafa34f834) C:\Windows\system32\Drivers\PCASp50.sys

20:48:53.0494 1528 PCASp50 - ok

20:48:53.0520 1528 PcaSvc (3aeaa8b561e63452c655dc0584922257) C:\Windows\System32\pcasvc.dll

20:48:53.0577 1528 PcaSvc - ok

20:48:53.0611 1528 pci (94575c0571d1462a0f70bde6bd6ee6b3) C:\Windows\system32\drivers\pci.sys

20:48:53.0629 1528 pci - ok

20:48:53.0649 1528 pciide (b5b8b5ef2e5cb34df8dcf8831e3534fa) C:\Windows\system32\drivers\pciide.sys

20:48:53.0661 1528 pciide - ok

20:48:53.0693 1528 pcmcia (b2e81d4e87ce48589f98cb8c05b01f2f) C:\Windows\system32\DRIVERS\pcmcia.sys

20:48:53.0712 1528 pcmcia - ok

20:48:53.0732 1528 pcw (d6b9c2e1a11a3a4b26a182ffef18f603) C:\Windows\system32\drivers\pcw.sys

20:48:53.0751 1528 pcw - ok

20:48:53.0779 1528 PEAUTH (68769c3356b3be5d1c732c97b9a80d6e) C:\Windows\system32\drivers\peauth.sys

20:48:53.0819 1528 PEAUTH - ok

20:48:53.0883 1528 PeerDistSvc (b9b0a4299dd2d76a4243f75fd54dc680) C:\Windows\system32\peerdistsvc.dll

20:48:53.0996 1528 PeerDistSvc - ok

20:48:54.0073 1528 PenCommService (babc6ab89eb4e2027ea469723d71de92) C:\Program Files (x86)\Common Files\Livescribe\PenComm\PenCommService.exe

20:48:54.0195 1528 PenCommService ( UnsignedFile.Multi.Generic ) - warning

20:48:54.0195 1528 PenCommService - detected UnsignedFile.Multi.Generic (1)

20:48:54.0243 1528 PerfHost (e495e408c93141e8fc72dc0c6046ddfa) C:\Windows\SysWow64\perfhost.exe

20:48:54.0286 1528 PerfHost - ok

20:48:54.0402 1528 pla (c7cf6a6e137463219e1259e3f0f0dd6c) C:\Windows\system32\pla.dll

20:48:54.0478 1528 pla - ok

20:48:54.0521 1528 PlugPlay (25fbdef06c4d92815b353f6e792c8129) C:\Windows\system32\umpnpmgr.dll

20:48:54.0597 1528 PlugPlay - ok

20:48:54.0622 1528 PNRPAutoReg (7195581cec9bb7d12abe54036acc2e38) C:\Windows\system32\pnrpauto.dll

20:48:54.0703 1528 PNRPAutoReg - ok

20:48:54.0742 1528 PNRPsvc (3eac4455472cc2c97107b5291e0dcafe) C:\Windows\system32\pnrpsvc.dll

20:48:54.0801 1528 PNRPsvc - ok

20:48:54.0860 1528 PolicyAgent (4f15d75adf6156bf56eced6d4a55c389) C:\Windows\System32\ipsecsvc.dll

20:48:54.0942 1528 PolicyAgent - ok

20:48:54.0979 1528 Power (6ba9d927dded70bd1a9caded45f8b184) C:\Windows\system32\umpo.dll

20:48:55.0035 1528 Power - ok

20:48:55.0140 1528 PptpMiniport (f92a2c41117a11a00be01ca01a7fcde9) C:\Windows\system32\DRIVERS\raspptp.sys

20:48:55.0187 1528 PptpMiniport - ok

20:48:55.0220 1528 Processor (0d922e23c041efb1c3fac2a6f943c9bf) C:\Windows\system32\DRIVERS\processr.sys

20:48:55.0255 1528 Processor - ok

20:48:55.0297 1528 ProfSvc (5c78838b4d166d1a27db3a8a820c799a) C:\Windows\system32\profsvc.dll

20:48:55.0415 1528 ProfSvc - ok

20:48:55.0449 1528 ProtectedStorage (c118a82cd78818c29ab228366ebf81c3) C:\Windows\system32\lsass.exe

20:48:55.0476 1528 ProtectedStorage - ok

20:48:55.0546 1528 Psched (0557cf5a2556bd58e26384169d72438d) C:\Windows\system32\DRIVERS\pacer.sys

20:48:55.0578 1528 Psched - ok

20:48:55.0660 1528 PulseUsb (edc3cc1d029601c8da3ff8bcfb08881f) C:\Windows\system32\DRIVERS\PulseUsb.sys

20:48:55.0710 1528 PulseUsb - ok

20:48:55.0778 1528 ql2300 (a53a15a11ebfd21077463ee2c7afeef0) C:\Windows\system32\DRIVERS\ql2300.sys

20:48:55.0827 1528 ql2300 - ok

20:48:55.0856 1528 ql40xx (4f6d12b51de1aaeff7dc58c4d75423c8) C:\Windows\system32\DRIVERS\ql40xx.sys

20:48:55.0869 1528 ql40xx - ok

20:48:55.0900 1528 QWAVE (906191634e99aea92c4816150bda3732) C:\Windows\system32\qwave.dll

20:48:55.0929 1528 QWAVE - ok

20:48:55.0943 1528 QWAVEdrv (76707bb36430888d9ce9d705398adb6c) C:\Windows\system32\drivers\qwavedrv.sys

20:48:55.0982 1528 QWAVEdrv - ok

20:48:56.0081 1528 RalinkRegistryWriter (e155e09229624c69a1a6609c0cb3641f) C:\Program Files (x86)\Ralink\Common\RaRegistry.exe

20:48:56.0159 1528 RalinkRegistryWriter - ok

20:48:56.0169 1528 RalinkRegistryWriter64 (42a952ca5f9de8fcec25307b19570bb9) C:\Program Files (x86)\Ralink\Common\RaRegistry64.exe

20:48:56.0254 1528 RalinkRegistryWriter64 - ok

20:48:56.0332 1528 RasAcd (5a0da8ad5762fa2d91678a8a01311704) C:\Windows\system32\DRIVERS\rasacd.sys

20:48:56.0380 1528 RasAcd - ok

20:48:56.0429 1528 RasAgileVpn (7ecff9b22276b73f43a99a15a6094e90) C:\Windows\system32\DRIVERS\AgileVpn.sys

20:48:56.0460 1528 RasAgileVpn - ok

20:48:56.0494 1528 RasAuto (8f26510c5383b8dbe976de1cd00fc8c7) C:\Windows\System32\rasauto.dll

20:48:56.0554 1528 RasAuto - ok

20:48:56.0638 1528 Rasl2tp (471815800ae33e6f1c32fb1b97c490ca) C:\Windows\system32\DRIVERS\rasl2tp.sys

20:48:56.0700 1528 Rasl2tp - ok

20:48:56.0720 1528 RasMan (ee867a0870fc9e4972ba9eaad35651e2) C:\Windows\System32\rasmans.dll

20:48:56.0787 1528 RasMan - ok

20:48:56.0825 1528 RasPppoe (855c9b1cd4756c5e9a2aa58a15f58c25) C:\Windows\system32\DRIVERS\raspppoe.sys

20:48:56.0856 1528 RasPppoe - ok

20:48:56.0867 1528 RasSstp (e8b1e447b008d07ff47d016c2b0eeecb) C:\Windows\system32\DRIVERS\rassstp.sys

20:48:56.0919 1528 RasSstp - ok

20:48:56.0960 1528 rdbss (77f665941019a1594d887a74f301fa2f) C:\Windows\system32\DRIVERS\rdbss.sys

20:48:56.0998 1528 rdbss - ok

20:48:57.0011 1528 rdpbus (302da2a0539f2cf54d7c6cc30c1f2d8d) C:\Windows\system32\DRIVERS\rdpbus.sys

20:48:57.0047 1528 rdpbus - ok

20:48:57.0078 1528 RDPCDD (cea6cc257fc9b7715f1c2b4849286d24) C:\Windows\system32\DRIVERS\RDPCDD.sys

20:48:57.0125 1528 RDPCDD - ok

20:48:57.0174 1528 RDPDR (1b6163c503398b23ff8b939c67747683) C:\Windows\system32\drivers\rdpdr.sys

20:48:57.0197 1528 RDPDR - ok

20:48:57.0230 1528 RDPENCDD (bb5971a4f00659529a5c44831af22365) C:\Windows\system32\drivers\rdpencdd.sys

20:48:57.0280 1528 RDPENCDD - ok

20:48:57.0307 1528 RDPREFMP (216f3fa57533d98e1f74ded70113177a) C:\Windows\system32\drivers\rdprefmp.sys

20:48:57.0335 1528 RDPREFMP - ok

20:48:57.0378 1528 RDPWD (6d76e6433574b058adcb0c50df834492) C:\Windows\system32\drivers\RDPWD.sys

20:48:57.0442 1528 RDPWD - ok

20:48:57.0499 1528 rdyboost (34ed295fa0121c241bfef24764fc4520) C:\Windows\system32\drivers\rdyboost.sys

20:48:57.0519 1528 rdyboost - ok

20:48:57.0557 1528 RemoteAccess (254fb7a22d74e5511c73a3f6d802f192) C:\Windows\System32\mprdim.dll

20:48:57.0615 1528 RemoteAccess - ok

20:48:57.0656 1528 RemoteRegistry (e4d94f24081440b5fc5aa556c7c62702) C:\Windows\system32\regsvc.dll

20:48:57.0715 1528 RemoteRegistry - ok

20:48:57.0821 1528 RivaTuner64 (a10b40cf9eb57d24e44717a2d38a00f4) C:\Program Files (x86)\RivaTuner v2.24 MSI Master Overclocking Arena 2009 edition\RivaTuner64.sys

20:48:57.0833 1528 RivaTuner64 - ok

20:48:57.0856 1528 RpcEptMapper (e4dc58cf7b3ea515ae917ff0d402a7bb) C:\Windows\System32\RpcEpMap.dll

20:48:57.0914 1528 RpcEptMapper - ok

20:48:57.0955 1528 RpcLocator (d5ba242d4cf8e384db90e6a8ed850b8c) C:\Windows\system32\locator.exe

20:48:57.0989 1528 RpcLocator - ok

20:48:58.0049 1528 RpcSs (5c627d1b1138676c0a7ab2c2c190d123) C:\Windows\system32\rpcss.dll

20:48:58.0091 1528 RpcSs - ok

20:48:58.0134 1528 rspndr (ddc86e4f8e7456261e637e3552e804ff) C:\Windows\system32\DRIVERS\rspndr.sys

20:48:58.0165 1528 rspndr - ok

20:48:58.0228 1528 RTHDMIAzAudService (ac0e048f44bb30b96b81075a2455f0f7) C:\Windows\system32\drivers\RtHDMIVX.sys

20:48:58.0292 1528 RTHDMIAzAudService - ok

20:48:58.0361 1528 RTL8167 (ee082e06a82ff630351d1e0ebbd3d8d0) C:\Windows\system32\DRIVERS\Rt64win7.sys

20:48:58.0388 1528 RTL8167 - ok

20:48:58.0519 1528 RTL8192su (4ce333ac701c4bd2e3eff721c0db2526) C:\Windows\system32\DRIVERS\RTL8192su.sys

20:48:58.0554 1528 RTL8192su - ok

20:48:58.0589 1528 s3cap (e60c0a09f997826c7627b244195ab581) C:\Windows\system32\drivers\vms3cap.sys

20:48:58.0633 1528 s3cap - ok

20:48:58.0695 1528 SaiH0460 (f4f92cb20ae07235588e711ad3c64db5) C:\Windows\system32\DRIVERS\SaiH0460.sys

20:48:58.0735 1528 SaiH0460 - ok

20:48:58.0769 1528 SaiMini (3da2cca7206db8d4ce234177a97a1b62) C:\Windows\system32\DRIVERS\SaiMini.sys

20:48:58.0808 1528 SaiMini - ok

20:48:58.0845 1528 SaiNtBus (7df4b3e55ff2540111e7e7ad3656a7c5) C:\Windows\system32\drivers\SaiBus.sys

20:48:58.0881 1528 SaiNtBus - ok

20:48:58.0914 1528 SamSs (c118a82cd78818c29ab228366ebf81c3) C:\Windows\system32\lsass.exe

20:48:58.0933 1528 SamSs - ok

20:48:58.0979 1528 sbp2port (ac03af3329579fffb455aa2daabbe22b) C:\Windows\system32\drivers\sbp2port.sys

20:48:58.0995 1528 sbp2port - ok

20:48:59.0031 1528 SCardSvr (9b7395789e3791a3b6d000fe6f8b131e) C:\Windows\System32\SCardSvr.dll

20:48:59.0073 1528 SCardSvr - ok

20:48:59.0121 1528 scfilter (253f38d0d7074c02ff8deb9836c97d2b) C:\Windows\system32\DRIVERS\scfilter.sys

20:48:59.0170 1528 scfilter - ok

20:48:59.0229 1528 Schedule (262f6592c3299c005fd6bec90fc4463a) C:\Windows\system32\schedsvc.dll

20:48:59.0321 1528 Schedule - ok

20:48:59.0355 1528 SCPolicySvc (f17d1d393bbc69c5322fbfafaca28c7f) C:\Windows\System32\certprop.dll

20:48:59.0392 1528 SCPolicySvc - ok

20:48:59.0442 1528 SDRSVC (6ea4234dc55346e0709560fe7c2c1972) C:\Windows\System32\SDRSVC.dll

20:48:59.0504 1528 SDRSVC - ok

20:48:59.0546 1528 secdrv (3ea8a16169c26afbeb544e0e48421186) C:\Windows\system32\drivers\secdrv.sys

20:48:59.0575 1528 secdrv - ok

20:48:59.0601 1528 seclogon (bc617a4e1b4fa8df523a061739a0bd87) C:\Windows\system32\seclogon.dll

20:48:59.0648 1528 seclogon - ok

20:48:59.0686 1528 SENS (c32ab8fa018ef34c0f113bd501436d21) C:\Windows\System32\sens.dll

20:48:59.0806 1528 SENS - ok

20:48:59.0835 1528 SensrSvc (0336cffafaab87a11541f1cf1594b2b2) C:\Windows\system32\sensrsvc.dll

20:48:59.0876 1528 SensrSvc - ok

20:48:59.0926 1528 Serenum (cb624c0035412af0debec78c41f5ca1b) C:\Windows\system32\DRIVERS\serenum.sys

20:48:59.0961 1528 Serenum - ok

20:48:59.0992 1528 Serial (c1d8e28b2c2adfaec4ba89e9fda69bd6) C:\Windows\system32\DRIVERS\serial.sys

20:49:00.0007 1528 Serial - ok

20:49:00.0058 1528 sermouse (1c545a7d0691cc4a027396535691c3e3) C:\Windows\system32\DRIVERS\sermouse.sys

20:49:00.0091 1528 sermouse - ok

20:49:00.0134 1528 SessionEnv (0b6231bf38174a1628c4ac812cc75804) C:\Windows\system32\sessenv.dll

20:49:00.0192 1528 SessionEnv - ok

20:49:00.0247 1528 sffdisk (a554811bcd09279536440c964ae35bbf) C:\Windows\system32\drivers\sffdisk.sys

20:49:00.0332 1528 sffdisk - ok

20:49:00.0349 1528 sffp_mmc (ff414f0baefeba59bc6c04b3db0b87bf) C:\Windows\system32\drivers\sffp_mmc.sys

20:49:00.0401 1528 sffp_mmc - ok

20:49:00.0431 1528 sffp_sd (dd85b78243a19b59f0637dcf284da63c) C:\Windows\system32\drivers\sffp_sd.sys

20:49:00.0452 1528 sffp_sd - ok

20:49:00.0483 1528 sfloppy (a9d601643a1647211a1ee2ec4e433ff4) C:\Windows\system32\DRIVERS\sfloppy.sys

20:49:00.0517 1528 sfloppy - ok

20:49:00.0573 1528 SharedAccess (b95f6501a2f8b2e78c697fec401970ce) C:\Windows\System32\ipnathlp.dll

20:49:00.0647 1528 SharedAccess - ok

20:49:00.0686 1528 ShellHWDetection (aaf932b4011d14052955d4b212a4da8d) C:\Windows\System32\shsvcs.dll

20:49:00.0746 1528 ShellHWDetection - ok

20:49:00.0869 1528 SiSRaid2 (843caf1e5fde1ffd5ff768f23a51e2e1) C:\Windows\system32\DRIVERS\SiSRaid2.sys

20:49:00.0902 1528 SiSRaid2 - ok

20:49:01.0153 1528 SiSRaid4 (6a6c106d42e9ffff8b9fcb4f754f6da4) C:\Windows\system32\DRIVERS\sisraid4.sys

20:49:01.0182 1528 SiSRaid4 - ok

20:49:01.0375 1528 Smb (548260a7b8654e024dc30bf8a7c5baa4) C:\Windows\system32\DRIVERS\smb.sys

20:49:01.0459 1528 Smb - ok

20:49:01.0701 1528 SNMPTRAP (6313f223e817cc09aa41811daa7f541d) C:\Windows\System32\snmptrap.exe

20:49:01.0822 1528 SNMPTRAP - ok

20:49:02.0002 1528 speedfan (7455ed832a33fef453407f5411c3342d) C:\Windows\syswow64\speedfan.sys

20:49:02.0018 1528 speedfan - ok

20:49:02.0152 1528 spldr (b9e31e5cacdfe584f34f730a677803f9) C:\Windows\system32\drivers\spldr.sys

20:49:02.0201 1528 spldr - ok

20:49:02.0351 1528 Spooler (b96c17b5dc1424d56eea3a99e97428cd) C:\Windows\System32\spoolsv.exe

20:49:02.0511 1528 Spooler - ok

20:49:02.0868 1528 sppsvc (e17e0188bb90fae42d83e98707efa59c) C:\Windows\system32\sppsvc.exe

20:49:03.0098 1528 sppsvc - ok

20:49:03.0223 1528 sppuinotify (93d7d61317f3d4bc4f4e9f8a96a7de45) C:\Windows\system32\sppuinotify.dll

20:49:03.0291 1528 sppuinotify - ok

20:49:03.0539 1528 sptd (51de15ca5c05bca46d8b110cd00a02fb) C:\Windows\system32\Drivers\sptd.sys

20:49:03.0540 1528 Suspicious file (NoAccess): C:\Windows\system32\Drivers\sptd.sys. md5: 51de15ca5c05bca46d8b110cd00a02fb

20:49:03.0566 1528 sptd ( LockedFile.Multi.Generic ) - warning

20:49:03.0566 1528 sptd - detected LockedFile.Multi.Generic (1)

20:49:03.0635 1528 srv (441fba48bff01fdb9d5969ebc1838f0b) C:\Windows\system32\DRIVERS\srv.sys

20:49:03.0701 1528 srv - ok

20:49:03.0747 1528 srv2 (b4adebbf5e3677cce9651e0f01f7cc28) C:\Windows\system32\DRIVERS\srv2.sys

20:49:03.0785 1528 srv2 - ok

20:49:03.0825 1528 srvnet (27e461f0be5bff5fc737328f749538c3) C:\Windows\system32\DRIVERS\srvnet.sys

20:49:03.0867 1528 srvnet - ok

20:49:04.0025 1528 SSDPSRV (51b52fbd583cde8aa9ba62b8b4298f33) C:\Windows\System32\ssdpsrv.dll

20:49:04.0161 1528 SSDPSRV - ok

20:49:04.0251 1528 SstpSvc (ab7aebf58dad8daab7a6c45e6a8885cb) C:\Windows\system32\sstpsvc.dll

20:49:04.0299 1528 SstpSvc - ok

20:49:04.0399 1528 StarWindServiceAE - ok

20:49:04.0492 1528 Steam Client Service - ok

20:49:04.0556 1528 stexstor (f3817967ed533d08327dc73bc4d5542a) C:\Windows\system32\DRIVERS\stexstor.sys

20:49:04.0568 1528 stexstor - ok

20:49:04.0635 1528 stisvc (8dd52e8e6128f4b2da92ce27402871c1) C:\Windows\System32\wiaservc.dll

20:49:04.0697 1528 stisvc - ok

20:49:04.0735 1528 storflt (7785dc213270d2fc066538daf94087e7) C:\Windows\system32\drivers\vmstorfl.sys

20:49:04.0748 1528 storflt - ok

20:49:04.0779 1528 StorSvc (c40841817ef57d491f22eb103da587cc) C:\Windows\system32\storsvc.dll

20:49:04.0838 1528 StorSvc - ok

20:49:04.0858 1528 storvsc (d34e4943d5ac096c8edeebfd80d76e23) C:\Windows\system32\drivers\storvsc.sys

20:49:04.0871 1528 storvsc - ok

20:49:04.0924 1528 swenum (d01ec09b6711a5f8e7e6564a4d0fbc90) C:\Windows\system32\drivers\swenum.sys

20:49:04.0958 1528 swenum - ok

20:49:05.0006 1528 swprv (e08e46fdd841b7184194011ca1955a0b) C:\Windows\System32\swprv.dll

20:49:05.0079 1528 swprv - ok

20:49:05.0318 1528 Synergy Server (8bbdcd723d2d1433c1a1cfce7889eb34) C:\Program Files\Synergy\synergys.exe

20:49:05.0375 1528 Synergy Server ( UnsignedFile.Multi.Generic ) - warning

20:49:05.0375 1528 Synergy Server - detected UnsignedFile.Multi.Generic (1)

20:49:05.0485 1528 SysMain (bf9ccc0bf39b418c8d0ae8b05cf95b7d) C:\Windows\system32\sysmain.dll

20:49:05.0589 1528 SysMain - ok

20:49:05.0621 1528 TabletInputService (e3c61fd7b7c2557e1f1b0b4cec713585) C:\Windows\System32\TabSvc.dll

20:49:05.0659 1528 TabletInputService - ok

20:49:05.0692 1528 TapiSrv (40f0849f65d13ee87b9a9ae3c1dd6823) C:\Windows\System32\tapisrv.dll

20:49:05.0767 1528 TapiSrv - ok

20:49:05.0800 1528 TBS (1be03ac720f4d302ea01d40f588162f6) C:\Windows\System32\tbssvc.dll

20:49:05.0837 1528 TBS - ok

20:49:05.0914 1528 Tcpip (fc62769e7bff2896035aeed399108162) C:\Windows\system32\drivers\tcpip.sys

20:49:05.0980 1528 Tcpip - ok

20:49:06.0068 1528 TCPIP6 (fc62769e7bff2896035aeed399108162) C:\Windows\system32\DRIVERS\tcpip.sys

20:49:06.0157 1528 TCPIP6 - ok

20:49:06.0203 1528 tcpipreg (df687e3d8836bfb04fcc0615bf15a519) C:\Windows\system32\drivers\tcpipreg.sys

20:49:06.0253 1528 tcpipreg - ok

20:49:06.0296 1528 TDPIPE (3371d21011695b16333a3934340c4e7c) C:\Windows\system32\drivers\tdpipe.sys

20:49:06.0329 1528 TDPIPE - ok

20:49:06.0373 1528 TDTCP (51c5eceb1cdee2468a1748be550cfbc8) C:\Windows\system32\drivers\tdtcp.sys

20:49:06.0386 1528 TDTCP - ok

20:49:06.0435 1528 tdx (ddad5a7ab24d8b65f8d724f5c20fd806) C:\Windows\system32\DRIVERS\tdx.sys

20:49:06.0493 1528 tdx - ok

20:49:06.0536 1528 TermDD (561e7e1f06895d78de991e01dd0fb6e5) C:\Windows\system32\drivers\termdd.sys

20:49:06.0581 1528 TermDD - ok

20:49:06.0656 1528 TermService (2e648163254233755035b46dd7b89123) C:\Windows\System32\termsrv.dll

20:49:06.0761 1528 TermService - ok

20:49:06.0798 1528 Themes (9201be2bab8a9ff8e20d8439ae3bb04d) C:\Windows\system32\themeservice.dll

20:49:06.0860 1528 Themes ( UnsignedFile.Multi.Generic ) - warning

20:49:06.0860 1528 Themes - detected UnsignedFile.Multi.Generic (1)

20:49:06.0903 1528 THREADORDER (e40e80d0304a73e8d269f7141d77250b) C:\Windows\system32\mmcss.dll

20:49:06.0945 1528 THREADORDER - ok

20:49:06.0977 1528 TrkWks (7e7afd841694f6ac397e99d75cead49d) C:\Windows\System32\trkwks.dll

20:49:07.0034 1528 TrkWks - ok

20:49:07.0143 1528 truecrypt (8de922cd4fea6f83b10805df965b9a08) C:\Windows\system32\drivers\truecrypt.sys

20:49:07.0160 1528 truecrypt - ok

20:49:07.0213 1528 TrustedInstaller (773212b2aaa24c1e31f10246b15b276c) C:\Windows\servicing\TrustedInstaller.exe

20:49:07.0341 1528 TrustedInstaller - ok

20:49:07.0383 1528 tssecsrv (ce18b2cdfc837c99e5fae9ca6cba5d30) C:\Windows\system32\DRIVERS\tssecsrv.sys

20:49:07.0444 1528 tssecsrv - ok

20:49:07.0515 1528 TsUsbFlt (d11c783e3ef9a3c52c0ebe83cc5000e9) C:\Windows\system32\drivers\tsusbflt.sys

20:49:07.0574 1528 TsUsbFlt - ok

20:49:07.0641 1528 tunnel (3566a8daafa27af944f5d705eaa64894) C:\Windows\system32\DRIVERS\tunnel.sys

20:49:07.0721 1528 tunnel - ok

20:49:07.0761 1528 uagp35 (b4dd609bd7e282bfc683cec7eaaaad67) C:\Windows\system32\DRIVERS\uagp35.sys

20:49:07.0796 1528 uagp35 - ok

20:49:07.0847 1528 udfs (ff4232a1a64012baa1fd97c7b67df593) C:\Windows\system32\DRIVERS\udfs.sys

20:49:07.0945 1528 udfs - ok

20:49:08.0011 1528 UI0Detect (3cbdec8d06b9968aba702eba076364a1) C:\Windows\system32\UI0Detect.exe

20:49:08.0041 1528 UI0Detect - ok

20:49:08.0095 1528 uliagpkx (4bfe1bc28391222894cbf1e7d0e42320) C:\Windows\system32\drivers\uliagpkx.sys

20:49:08.0113 1528 uliagpkx - ok

20:49:08.0210 1528 UltraMonUtility (694bcf23662f97d987cf4c6739c35f8b) C:\Program Files (x86)\Common Files\Realtime Soft\UltraMonMirrorDrv\x64\UltraMonUtility.sys

20:49:08.0232 1528 UltraMonUtility - ok

20:49:08.0298 1528 umbus (dc54a574663a895c8763af0fa1ff7561) C:\Windows\system32\drivers\umbus.sys

20:49:08.0365 1528 umbus - ok

20:49:08.0406 1528 UmPass (b2e8e8cb557b156da5493bbddcc1474d) C:\Windows\system32\DRIVERS\umpass.sys

20:49:08.0463 1528 UmPass - ok

20:49:08.0502 1528 UmRdpService (a293dcd756d04d8492a750d03b9a297c) C:\Windows\System32\umrdp.dll

20:49:08.0536 1528 UmRdpService - ok

20:49:08.0562 1528 UnlockerDriver5 - ok

20:49:08.0649 1528 upnphost (d47ec6a8e81633dd18d2436b19baf6de) C:\Windows\System32\upnphost.dll

20:49:08.0706 1528 upnphost - ok

20:49:08.0770 1528 usbccgp (6f1a3157a1c89435352ceb543cdb359c) C:\Windows\system32\DRIVERS\usbccgp.sys

20:49:08.0819 1528 usbccgp - ok

20:49:08.0872 1528 usbcir (af0892a803fdda7492f595368e3b68e7) C:\Windows\system32\drivers\usbcir.sys

20:49:08.0934 1528 usbcir - ok

20:49:08.0950 1528 usbehci (c025055fe7b87701eb042095df1a2d7b) C:\Windows\system32\DRIVERS\usbehci.sys

20:49:08.0988 1528 usbehci - ok

20:49:09.0028 1528 usbfilter (2c780746dc44a28fe67004dc58173f05) C:\Windows\system32\DRIVERS\usbfilter.sys

20:49:09.0044 1528 usbfilter - ok

20:49:09.0080 1528 usbhub (287c6c9410b111b68b52ca298f7b8c24) C:\Windows\system32\DRIVERS\usbhub.sys

20:49:09.0129 1528 usbhub - ok

20:49:09.0162 1528 usbohci (9840fc418b4cbd632d3d0a667a725c31) C:\Windows\system32\DRIVERS\usbohci.sys

20:49:09.0190 1528 usbohci - ok

20:49:09.0233 1528 usbprint (73188f58fb384e75c4063d29413cee3d) C:\Windows\system32\DRIVERS\usbprint.sys

20:49:09.0266 1528 usbprint - ok

20:49:09.0301 1528 usbscan (aaa2513c8aed8b54b189fd0c6b1634c0) C:\Windows\system32\DRIVERS\usbscan.sys

20:49:09.0336 1528 usbscan - ok

20:49:09.0376 1528 USBSTOR (fed648b01349a3c8395a5169db5fb7d6) C:\Windows\system32\DRIVERS\USBSTOR.SYS

20:49:09.0437 1528 USBSTOR - ok

20:49:09.0495 1528 usbuhci (62069a34518bcf9c1fd9e74b3f6db7cd) C:\Windows\system32\drivers\usbuhci.sys

20:49:09.0573 1528 usbuhci - ok

20:49:09.0613 1528 UxSms (edbb23cbcf2cdf727d64ff9b51a6070e) C:\Windows\System32\uxsms.dll

20:49:09.0715 1528 UxSms - ok

20:49:09.0759 1528 VaultSvc (c118a82cd78818c29ab228366ebf81c3) C:\Windows\system32\lsass.exe

20:49:09.0784 1528 VaultSvc - ok

20:49:09.0833 1528 VClone (c5e70c4e64666db9d69c9f2fdae22428) C:\Windows\system32\DRIVERS\VClone.sys

20:49:09.0889 1528 VClone - ok

20:49:09.0943 1528 vdrvroot (c5c876ccfc083ff3b128f933823e87bd) C:\Windows\system32\drivers\vdrvroot.sys

20:49:09.0960 1528 vdrvroot - ok

20:49:10.0023 1528 vds (8d6b481601d01a456e75c3210f1830be) C:\Windows\System32\vds.exe

20:49:10.0118 1528 vds - ok

20:49:10.0143 1528 vga (da4da3f5e02943c2dc8c6ed875de68dd) C:\Windows\system32\DRIVERS\vgapnp.sys

20:49:10.0164 1528 vga - ok

20:49:10.0185 1528 VgaSave (53e92a310193cb3c03bea963de7d9cfc) C:\Windows\System32\drivers\vga.sys

20:49:10.0229 1528 VgaSave - ok

20:49:10.0275 1528 vhdmp (2ce2df28c83aeaf30084e1b1eb253cbb) C:\Windows\system32\drivers\vhdmp.sys

20:49:10.0293 1528 vhdmp - ok

20:49:10.0335 1528 viaide (e5689d93ffe4e5d66c0178761240dd54) C:\Windows\system32\drivers\viaide.sys

20:49:10.0347 1528 viaide - ok

20:49:10.0401 1528 vmbus (86ea3e79ae350fea5331a1303054005f) C:\Windows\system32\drivers\vmbus.sys

20:49:10.0418 1528 vmbus - ok

20:49:10.0469 1528 VMBusHID (7de90b48f210d29649380545db45a187) C:\Windows\system32\drivers\VMBusHID.sys

20:49:10.0540 1528 VMBusHID - ok

20:49:10.0578 1528 volmgr (d2aafd421940f640b407aefaaebd91b0) C:\Windows\system32\drivers\volmgr.sys

20:49:10.0604 1528 volmgr - ok

20:49:10.0660 1528 volmgrx (a255814907c89be58b79ef2f189b843b) C:\Windows\system32\drivers\volmgrx.sys

20:49:10.0686 1528 volmgrx - ok

20:49:10.0737 1528 volsnap (0d08d2f3b3ff84e433346669b5e0f639) C:\Windows\system32\drivers\volsnap.sys

20:49:10.0760 1528 volsnap - ok

20:49:10.0797 1528 vpcbus (b4a73ca4ef9a02b9738cea9ad5fe5917) C:\Windows\system32\DRIVERS\vpchbus.sys

20:49:10.0814 1528 vpcbus - ok

20:49:10.0858 1528 vpcnfltr (e675fb2b48c54f09895482e2253b289c) C:\Windows\system32\DRIVERS\vpcnfltr.sys

20:49:10.0907 1528 vpcnfltr - ok

20:49:10.0927 1528 vpcusb (5fb42082b0d19a0268705f1dd343df20) C:\Windows\system32\DRIVERS\vpcusb.sys

20:49:10.0965 1528 vpcusb - ok

20:49:11.0012 1528 vpcvmm (207b6539799cc1c112661a9b620dd233) C:\Windows\system32\drivers\vpcvmm.sys

20:49:11.0035 1528 vpcvmm - ok

20:49:11.0073 1528 vsmraid (5e2016ea6ebaca03c04feac5f330d997) C:\Windows\system32\DRIVERS\vsmraid.sys

20:49:11.0089 1528 vsmraid - ok

20:49:11.0174 1528 VSS (b60ba0bc31b0cb414593e169f6f21cc2) C:\Windows\system32\vssvc.exe

20:49:11.0269 1528 VSS - ok

20:49:11.0299 1528 vwifibus (36d4720b72b5c5d9cb2b9c29e9df67a1) C:\Windows\system32\DRIVERS\vwifibus.sys

20:49:11.0366 1528 vwifibus - ok

20:49:11.0405 1528 vwififlt (6a3d66263414ff0d6fa754c646612f3f) C:\Windows\system32\DRIVERS\vwififlt.sys

20:49:11.0444 1528 vwififlt - ok

20:49:11.0484 1528 vwifimp (6a638fc4bfddc4d9b186c28c91bd1a01) C:\Windows\system32\DRIVERS\vwifimp.sys

20:49:11.0507 1528 vwifimp - ok

20:49:11.0536 1528 W32Time (1c9d80cc3849b3788048078c26486e1a) C:\Windows\system32\w32time.dll

20:49:11.0592 1528 W32Time - ok

20:49:11.0613 1528 WacomPen (4e9440f4f152a7b944cb1663d3935a3e) C:\Windows\system32\DRIVERS\wacompen.sys

20:49:11.0643 1528 WacomPen - ok

20:49:11.0714 1528 WANARP (356afd78a6ed4457169241ac3965230c) C:\Windows\system32\DRIVERS\wanarp.sys

20:49:11.0762 1528 WANARP - ok

20:49:11.0765 1528 Wanarpv6 (356afd78a6ed4457169241ac3965230c) C:\Windows\system32\DRIVERS\wanarp.sys

20:49:11.0794 1528 Wanarpv6 - ok

20:49:11.0896 1528 WatAdminSvc (3cec96de223e49eaae3651fcf8faea6c) C:\Windows\system32\Wat\WatAdminSvc.exe

20:49:12.0192 1528 WatAdminSvc - ok

20:49:12.0256 1528 wbengine (78f4e7f5c56cb9716238eb57da4b6a75) C:\Windows\system32\wbengine.exe

20:49:12.0388 1528 wbengine - ok

20:49:12.0427 1528 WbioSrvc (3aa101e8edab2db4131333f4325c76a3) C:\Windows\System32\wbiosrvc.dll

20:49:12.0455 1528 WbioSrvc - ok

20:49:12.0594 1528 wcncsvc (7368a2afd46e5a4481d1de9d14848edd) C:\Windows\System32\wcncsvc.dll

20:49:12.0706 1528 wcncsvc - ok

20:49:12.0940 1528 WcsPlugInService (20f7441334b18cee52027661df4a6129) C:\Windows\System32\WcsPlugInService.dll

20:49:13.0046 1528 WcsPlugInService - ok

20:49:13.0514 1528 Wd (72889e16ff12ba0f235467d6091b17dc) C:\Windows\system32\DRIVERS\wd.sys

20:49:13.0532 1528 Wd - ok

20:49:13.0955 1528 Wdf01000 (441bd2d7b4f98134c3a4f9fa570fd250) C:\Windows\system32\drivers\Wdf01000.sys

20:49:14.0030 1528 Wdf01000 - ok

20:49:14.0247 1528 WdiServiceHost (bf1fc3f79b863c914687a737c2f3d681) C:\Windows\system32\wdi.dll

20:49:15.0071 1528 WdiServiceHost - ok

20:49:15.0129 1528 WdiSystemHost (bf1fc3f79b863c914687a737c2f3d681) C:\Windows\system32\wdi.dll

20:49:15.0165 1528 WdiSystemHost - ok

20:49:15.0575 1528 WebClient (3db6d04e1c64272f8b14eb8bc4616280) C:\Windows\System32\webclnt.dll

20:49:15.0646 1528 WebClient - ok

20:49:16.0049 1528 Wecsvc (c749025a679c5103e575e3b48e092c43) C:\Windows\system32\wecsvc.dll

20:49:16.0127 1528 Wecsvc - ok

20:49:16.0374 1528 wercplsupport (7e591867422dc788b9e5bd337a669a08) C:\Windows\System32\wercplsupport.dll

20:49:16.0445 1528 wercplsupport - ok

20:49:16.0822 1528 WerSvc (6d137963730144698cbd10f202e9f251) C:\Windows\System32\WerSvc.dll

20:49:16.0924 1528 WerSvc - ok

20:49:17.0227 1528 WfpLwf (611b23304bf067451a9fdee01fbdd725) C:\Windows\system32\DRIVERS\wfplwf.sys

20:49:17.0308 1528 WfpLwf - ok

20:49:17.0738 1528 WIMMount (05ecaec3e4529a7153b3136ceb49f0ec) C:\Windows\system32\drivers\wimmount.sys

20:49:17.0796 1528 WIMMount - ok

20:49:17.0807 1528 WinHttpAutoProxySvc - ok

20:49:18.0168 1528 Winmgmt (19b07e7e8915d701225da41cb3877306) C:\Windows\system32\wbem\WMIsvc.dll

20:49:18.0280 1528 Winmgmt - ok

20:49:19.0169 1528 WinRM (bcb1310604aa415c4508708975b3931e) C:\Windows\system32\WsmSvc.dll

20:49:19.0307 1528 WinRM - ok

20:49:19.0829 1528 WinUsb (fe88b288356e7b47b74b13372add906d) C:\Windows\system32\DRIVERS\WinUsb.sys

20:49:19.0862 1528 WinUsb - ok

20:49:20.0821 1528 WiselinkPro (c5a88770b321c956109aa08ee0440b2a) C:\Program Files (x86)\Samsung\SAMSUNG PC Share Manager\WiselinkPro.exe

20:49:21.0836 1528 WiselinkPro ( UnsignedFile.Multi.Generic ) - warning

20:49:21.0836 1528 WiselinkPro - detected UnsignedFile.Multi.Generic (1)

20:49:22.0333 1528 Wlansvc (4fada86e62f18a1b2f42ba18ae24e6aa) C:\Windows\System32\wlansvc.dll

20:49:22.0420 1528 Wlansvc - ok

20:49:22.0977 1528 wlidsvc (98f138897ef4246381d197cb81846d62) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE

20:49:23.0119 1528 wlidsvc - ok

20:49:23.0219 1528 WmiAcpi (f6ff8944478594d0e414d3f048f0d778) C:\Windows\system32\drivers\wmiacpi.sys

20:49:23.0247 1528 WmiAcpi - ok

20:49:23.0305 1528 wmiApSrv (38b84c94c5a8af291adfea478ae54f93) C:\Windows\system32\wbem\WmiApSrv.exe

20:49:23.0360 1528 wmiApSrv - ok

20:49:23.0392 1528 WMPNetworkSvc - ok

20:49:23.0418 1528 WPCSvc (96c6e7100d724c69fcf9e7bf590d1dca) C:\Windows\System32\wpcsvc.dll

20:49:23.0465 1528 WPCSvc - ok

20:49:23.0516 1528 WPDBusEnum (93221146d4ebbf314c29b23cd6cc391d) C:\Windows\system32\wpdbusenum.dll

20:49:23.0557 1528 WPDBusEnum - ok

20:49:23.0586 1528 ws2ifsl (6bcc1d7d2fd2453957c5479a32364e52) C:\Windows\system32\drivers\ws2ifsl.sys

20:49:23.0634 1528 ws2ifsl - ok

20:49:23.0689 1528 WsAudio_DeviceS(1) (ad12f5c7251bb8d575d560894e73cbba) C:\Windows\system32\drivers\WsAudio_DeviceS(1).sys

20:49:23.0707 1528 WsAudio_DeviceS(1) - ok

20:49:23.0754 1528 WsAudio_DeviceS(2) (ad12f5c7251bb8d575d560894e73cbba) C:\Windows\system32\drivers\WsAudio_DeviceS(2).sys

20:49:23.0804 1528 WsAudio_DeviceS(2) - ok

20:49:23.0833 1528 WsAudio_DeviceS(3) (ad12f5c7251bb8d575d560894e73cbba) C:\Windows\system32\drivers\WsAudio_DeviceS(3).sys

20:49:23.0866 1528 WsAudio_DeviceS(3) - ok

20:49:24.0006 1528 WsAudio_DeviceS(4) (ad12f5c7251bb8d575d560894e73cbba) C:\Windows\system32\drivers\WsAudio_DeviceS(4).sys

20:49:24.0030 1528 WsAudio_DeviceS(4) - ok

20:49:24.0198 1528 WsAudio_DeviceS(5) (ad12f5c7251bb8d575d560894e73cbba) C:\Windows\system32\drivers\WsAudio_DeviceS(5).sys

20:49:24.0215 1528 WsAudio_DeviceS(5) - ok

20:49:24.0283 1528 wscsvc (e8b1fe6669397d1772d8196df0e57a9e) C:\Windows\System32\wscsvc.dll

20:49:24.0328 1528 wscsvc - ok

20:49:24.0337 1528 WSearch - ok

20:49:24.0488 1528 wuauserv (9df12edbc698b0bc353b3ef84861e430) C:\Windows\system32\wuaueng.dll

20:49:24.0684 1528 wuauserv - ok

20:49:24.0776 1528 WudfPf (d3381dc54c34d79b22cee0d65ba91b7c) C:\Windows\system32\drivers\WudfPf.sys

20:49:24.0830 1528 WudfPf - ok

20:49:24.0933 1528 WUDFRd (cf8d590be3373029d57af80914190682) C:\Windows\system32\DRIVERS\WUDFRd.sys

20:49:24.0983 1528 WUDFRd - ok

20:49:25.0061 1528 wudfsvc (7a95c95b6c4cf292d689106bcae49543) C:\Windows\System32\WUDFSvc.dll

20:49:25.0120 1528 wudfsvc - ok

20:49:25.0162 1528 WwanSvc (9a3452b3c2a46c073166c5cf49fad1ae) C:\Windows\System32\wwansvc.dll

20:49:25.0215 1528 WwanSvc - ok

20:49:25.0349 1528 MBR (0x1B8) (a36c5e4f47e84449ff07ed3517b43a31) \Device\Harddisk0\DR0

20:49:25.0422 1528 \Device\Harddisk0\DR0 - ok

20:49:25.0424 1528 MBR (0x1B8) (5fb38429d5d77768867c76dcbdb35194) \Device\Harddisk1\DR1

20:49:25.0498 1528 \Device\Harddisk1\DR1 - ok

20:49:25.0505 1528 Boot (0x1200) (75e38b9814db9d369a70c053eb1978c7) \Device\Harddisk0\DR0\Partition0

20:49:25.0507 1528 \Device\Harddisk0\DR0\Partition0 - ok

20:49:25.0515 1528 Boot (0x1200) (9ba98e71bf36427dd9e4454939c1ea9c) \Device\Harddisk1\DR1\Partition0

20:49:25.0517 1528 \Device\Harddisk1\DR1\Partition0 - ok

20:49:25.0520 1528 ============================================================

20:49:25.0520 1528 Scan finished

20:49:25.0520 1528 ============================================================

20:49:25.0577 5496 Detected object count: 12

20:49:25.0577 5496 Actual detected object count: 12

20:50:51.0101 5496 ASWLCCSvc ( UnsignedFile.Multi.Generic ) - skipped by user

20:50:51.0101 5496 ASWLCCSvc ( UnsignedFile.Multi.Generic ) - User select action: Skip Don't know what this is.

20:50:51.0102 5496 FLEXnet Licensing Service ( UnsignedFile.Multi.Generic ) - skipped by user Don't know what this is.

20:50:51.0102 5496 FLEXnet Licensing Service ( UnsignedFile.Multi.Generic ) - User select action: Skip

20:50:51.0104 5496 HiPatchService ( UnsignedFile.Multi.Generic ) - skipped by user This is the patching service for a game.

20:50:51.0104 5496 HiPatchService ( UnsignedFile.Multi.Generic ) - User select action: Skip

20:50:51.0105 5496 IDVistaService ( UnsignedFile.Multi.Generic ) - skipped by user Don't know.

20:50:51.0105 5496 IDVistaService ( UnsignedFile.Multi.Generic ) - User select action: Skip

20:50:51.0106 5496 InputDirector ( UnsignedFile.Multi.Generic ) - skipped by user This was what I was trying to replace Synergy with when it stopped working. I need to uninstall it.

20:50:51.0106 5496 InputDirector ( UnsignedFile.Multi.Generic ) - User select action: Skip

20:50:51.0108 5496 jswpbapi ( UnsignedFile.Multi.Generic ) - skipped by user Don't know.

20:50:51.0108 5496 jswpbapi ( UnsignedFile.Multi.Generic ) - User select action: Skip

20:50:51.0109 5496 jswpsapi ( UnsignedFile.Multi.Generic ) - skipped by user Don't know.

20:50:51.0109 5496 jswpsapi ( UnsignedFile.Multi.Generic ) - User select action: Skip

20:50:51.0111 5496 PenCommService ( UnsignedFile.Multi.Generic ) - skipped by user Pretty sure this is from the LiveScribe pen. Not sure though.

20:50:51.0111 5496 PenCommService ( UnsignedFile.Multi.Generic ) - User select action: Skip

20:50:51.0112 5496 sptd ( LockedFile.Multi.Generic ) - skipped by user Don't know.

20:50:51.0112 5496 sptd ( LockedFile.Multi.Generic ) - User select action: Skip

20:50:51.0113 5496 Synergy Server ( UnsignedFile.Multi.Generic ) - skipped by user This is a program that allows you to share a mouse/keyboard across different computers.

20:50:51.0113 5496 Synergy Server ( UnsignedFile.Multi.Generic ) - User select action: Skip

20:50:51.0115 5496 Themes ( UnsignedFile.Multi.Generic ) - skipped by user Don't know.

20:50:51.0115 5496 Themes ( UnsignedFile.Multi.Generic ) - User select action: Skip

20:50:51.0116 5496 WiselinkPro ( UnsignedFile.Multi.Generic ) - skipped by user Don't know.

20:50:51.0116 5496 WiselinkPro ( UnsignedFile.Multi.Generic ) - User select action: Skip

MrCharlie · April 6, 2012

Those files are OK, just "Unsigned".

------------------------------------------------

Please download and run ComboFix.

The most important things to remember when running it is to disable all your malware programs and run Combofix from your desktop.

Please visit this webpage for download links, and instructions for running ComboFix

http://www.bleepingc...to-use-combofix

Ensure you have disabled all anti virus and anti malware programs so they do not interfere with the running of ComboFix.

Information on disabling your malware programs can be found Here.

Make sure you run ComboFix from your desktop.

Please include the C:\ComboFix.txt in your next reply for further review.

Note:

If you get the message Illegal operation attempted on registry key that has been marked for deletion. after you run ComboFix....please reboot the computer, this should resolve the problem. You may have to do this several times if needed.

MrC

Shivalyn · April 7, 2012

Alright here we go. It restarted at some point in the scan (no idea when exactly because I was out of the room) but seems to have run OK.

ComboFix 12-04-06.03 - Aaron 04/07/2012 0:15.1.4 - x64

Microsoft Windows 7 Professional 6.1.7601.1.1252.1.1033.18.4095.2834 [GMT -5:00]

Running from: c:\users\Aaron\Desktop\ComboFix.exe

AV: Microsoft Security Essentials *Disabled/Updated* {108DAC43-C256-20B7-BB05-914135DA5160}

SP: Microsoft Security Essentials *Disabled/Updated* {ABEC4DA7-E46C-2F39-81B5-AA334E5D1BDD}

SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))

.

C:\Install.exe

c:\users\Aaron\AppData\Roaming\Microsoft\AddIns\TM Randomize Slideshow\unins000.exe

c:\users\Aaron\Documents\~WRL0001.tmp

c:\users\Aaron\Documents\~WRL0003.tmp

c:\users\Aaron\Documents\~WRL0174.tmp

c:\users\Aaron\Documents\~WRL0273.tmp

c:\users\Aaron\Documents\~WRL1091.tmp

c:\users\Aaron\Documents\~WRL1544.tmp

c:\users\Aaron\Documents\~WRL3743.tmp

c:\windows\assembly\temp\@

c:\windows\assembly\temp\cfg.ini

c:\windows\pthreadGC2.dll

c:\windows\system32\drivers\etc\hosts.txt

c:\windows\SysWow64\Packet.dll

c:\windows\SysWow64\pthreadVC.dll

c:\windows\SysWow64\WanPacket.dll

c:\windows\SysWow64\wpcap.dll

c:\windows\WinRAR

c:\windows\WinRAR\uninstall.exe

.

((((((((((((((((((((((((( Files Created from 2012-03-07 to 2012-04-07 )))))))))))))))))))))))))))))))

.

2012-04-07 05:23 . 2012-04-07 05:23 -------- d-----w- c:\users\Default\AppData\Local\temp

2012-04-06 18:56 . 2012-03-14 03:27 8669240 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{FF5CE2AC-9411-4C86-BD04-79861BD10A41}\mpengine.dll

2012-04-06 01:56 . 2012-04-06 01:56 -------- d-----w- c:\users\Aaron\AppData\Roaming\SUPERAntiSpyware.com

2012-04-06 01:54 . 2012-04-06 01:54 -------- d-----w- c:\programdata\SUPERAntiSpyware.com

2012-04-06 01:48 . 2012-04-06 01:48 116016 ----a-w- c:\windows\system32\drivers\64287215.sys

2012-04-04 01:45 . 2012-04-04 01:45 -------- d-----w- c:\programdata\Kaspersky Lab

2012-03-22 06:32 . 2011-11-19 15:20 5559152 ----a-w- c:\windows\system32\ntoskrnl.exe

2012-03-22 06:32 . 2011-11-19 14:50 3968368 ----a-w- c:\windows\SysWow64\ntkrnlpa.exe

2012-03-22 06:32 . 2011-11-19 14:50 3913584 ----a-w- c:\windows\SysWow64\ntoskrnl.exe

2012-03-22 06:22 . 2012-03-22 06:22 592824 ----a-w- c:\program files (x86)\Mozilla Firefox\gkmedias.dll

2012-03-22 06:22 . 2012-03-22 06:22 44472 ----a-w- c:\program files (x86)\Mozilla Firefox\mozglue.dll

2012-03-20 21:54 . 2012-02-03 04:34 3145728 ----a-w- c:\windows\system32\win32k.sys

2012-03-20 21:53 . 2012-02-10 06:36 1544192 ----a-w- c:\windows\system32\DWrite.dll

2012-03-20 21:53 . 2012-02-10 05:38 1077248 ----a-w- c:\windows\SysWow64\DWrite.dll

2012-03-20 21:38 . 2012-01-25 06:33 9216 ----a-w- c:\windows\system32\rdrmemptylst.exe

2012-03-20 21:38 . 2012-01-25 06:38 77312 ----a-w- c:\windows\system32\rdpwsx.dll

2012-03-20 21:38 . 2012-01-25 06:38 149504 ----a-w- c:\windows\system32\rdpcorekmts.dll

2012-03-20 21:37 . 2012-02-17 06:38 1031680 ----a-w- c:\windows\system32\rdpcore.dll

2012-03-20 21:37 . 2012-02-17 05:34 826880 ----a-w- c:\windows\SysWow64\rdpcore.dll

2012-03-20 21:37 . 2012-02-17 04:58 210944 ----a-w- c:\windows\system32\drivers\rdpwd.sys

2012-03-20 21:37 . 2012-02-17 04:57 23552 ----a-w- c:\windows\system32\drivers\tdtcp.sys

2012-03-17 07:03 . 2002-01-05 12:37 344064 ----a-w- c:\windows\SysWow64\msvcr70.dll

2012-03-17 07:03 . 2002-01-05 11:40 487424 ----a-w- c:\windows\SysWow64\msvcp70.dll

2012-03-17 07:03 . 2002-01-05 11:38 54784 ----a-w- c:\windows\SysWow64\msvci70.dll

2012-03-17 07:03 . 2000-10-20 05:05 25088 ----a-w- c:\windows\SysWow64\msxml3a.dll

2012-03-17 07:03 . 2000-07-21 16:05 518416 ----a-w- c:\windows\SysWow64\msxml.dll

2012-03-16 08:51 . 2012-03-16 08:51 -------- d-----w- c:\program files (x86)\Photoshop CS 5.1

2012-03-10 07:15 . 2012-03-10 07:15 -------- d-----w- c:\programdata\EA Core

2012-03-10 07:15 . 2012-03-14 22:08 -------- d-----w- c:\programdata\EA Logs

2012-03-10 06:33 . 2012-03-10 06:33 -------- d--h--w- c:\program files (x86)\Common Files\EAInstaller

2012-03-10 06:32 . 2012-03-10 06:32 -------- d-----w- c:\program files (x86)\NVIDIA Corporation

2012-03-10 05:26 . 2012-03-10 05:44 -------- d-----w- c:\program files (x86)\Origin Games

2012-03-10 05:26 . 2012-03-10 05:26 -------- d-----w- c:\users\Aaron\AppData\Local\Origin

2012-03-10 05:26 . 2012-03-10 05:37 -------- d-----w- c:\users\Aaron\AppData\Roaming\Origin

2012-03-10 05:26 . 2012-03-10 07:15 -------- d-----w- c:\programdata\Electronic Arts

2012-03-10 05:26 . 2012-03-10 07:15 -------- d-----w- c:\programdata\Origin

2012-03-10 05:26 . 2012-03-10 05:26 -------- d-----w- c:\program files (x86)\Origin

.

(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))

.

2012-03-14 03:27 . 2010-11-18 02:12 8669240 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\Backup\mpengine.dll

2012-03-06 04:01 . 2012-03-06 04:01 74752 ----a-w- c:\windows\SysWow64\RegisterIEPKEYs.exe

2012-03-06 04:01 . 2012-03-06 04:01 161792 ----a-w- c:\windows\SysWow64\msls31.dll

2012-03-06 04:01 . 2012-03-06 04:01 1127424 ----a-w- c:\windows\SysWow64\wininet.dll

2012-03-06 04:01 . 2012-03-06 04:01 86528 ----a-w- c:\windows\SysWow64\iesysprep.dll

2012-03-06 04:01 . 2012-03-06 04:01 76800 ----a-w- c:\windows\SysWow64\SetIEInstalledDate.exe

2012-03-06 04:01 . 2012-03-06 04:01 74752 ----a-w- c:\windows\SysWow64\iesetup.dll

2012-03-06 04:01 . 2012-03-06 04:01 63488 ----a-w- c:\windows\SysWow64\tdc.ocx

2012-03-06 04:01 . 2012-03-06 04:01 48640 ----a-w- c:\windows\SysWow64\mshtmler.dll

2012-03-06 04:01 . 2012-03-06 04:01 420864 ----a-w- c:\windows\SysWow64\vbscript.dll

2012-03-06 04:01 . 2012-03-06 04:01 367104 ----a-w- c:\windows\SysWow64\html.iec

2012-03-06 04:01 . 2012-03-06 04:01 2382848 ----a-w- c:\windows\SysWow64\mshtml.tlb

2012-03-06 04:01 . 2012-03-06 04:01 23552 ----a-w- c:\windows\SysWow64\licmgr10.dll

2012-03-06 04:01 . 2012-03-06 04:01 1798656 ----a-w- c:\windows\SysWow64\jscript9.dll

2012-03-06 04:01 . 2012-03-06 04:01 152064 ----a-w- c:\windows\SysWow64\wextract.exe

2012-03-06 04:01 . 2012-03-06 04:01 150528 ----a-w- c:\windows\SysWow64\iexpress.exe

2012-03-06 04:01 . 2012-03-06 04:01 142848 ----a-w- c:\windows\SysWow64\ieUnatt.exe

2012-03-06 04:01 . 2012-03-06 04:01 1427456 ----a-w- c:\windows\SysWow64\inetcpl.cpl

2012-03-06 04:01 . 2012-03-06 04:01 110592 ----a-w- c:\windows\SysWow64\IEAdvpack.dll

2012-03-06 04:01 . 2012-03-06 04:01 89088 ----a-w- c:\windows\system32\RegisterIEPKEYs.exe

2012-03-06 04:01 . 2012-03-06 04:01 49664 ----a-w- c:\windows\system32\imgutil.dll

2012-03-06 04:01 . 2012-03-06 04:01 35840 ----a-w- c:\windows\SysWow64\imgutil.dll

2012-03-06 04:01 . 2012-03-06 04:01 2382848 ----a-w- c:\windows\system32\mshtml.tlb

2012-03-06 04:01 . 2012-03-06 04:01 2308096 ----a-w- c:\windows\system32\jscript9.dll

2012-03-06 04:01 . 2012-03-06 04:01 222208 ----a-w- c:\windows\system32\msls31.dll

2012-03-06 04:01 . 2012-03-06 04:01 173056 ----a-w- c:\windows\system32\ieUnatt.exe

2012-03-06 04:01 . 2012-03-06 04:01 1390080 ----a-w- c:\windows\system32\wininet.dll

2012-03-06 04:01 . 2012-03-06 04:01 135168 ----a-w- c:\windows\system32\IEAdvpack.dll

2012-03-06 04:01 . 2012-03-06 04:01 12288 ----a-w- c:\windows\system32\mshta.exe

2012-03-06 04:01 . 2012-03-06 04:01 11776 ----a-w- c:\windows\SysWow64\mshta.exe

2012-03-06 04:01 . 2012-03-06 04:01 114176 ----a-w- c:\windows\system32\admparse.dll

2012-03-06 04:01 . 2012-03-06 04:01 101888 ----a-w- c:\windows\SysWow64\admparse.dll

2012-03-06 04:01 . 2012-03-06 04:01 91648 ----a-w- c:\windows\system32\SetIEInstalledDate.exe

2012-03-06 04:01 . 2012-03-06 04:01 85504 ----a-w- c:\windows\system32\iesetup.dll

2012-03-06 04:01 . 2012-03-06 04:01 76800 ----a-w- c:\windows\system32\tdc.ocx

2012-03-06 04:01 . 2012-03-06 04:01 603648 ----a-w- c:\windows\system32\vbscript.dll

2012-03-06 04:01 . 2012-03-06 04:01 48640 ----a-w- c:\windows\system32\mshtmler.dll

2012-03-06 04:01 . 2012-03-06 04:01 448512 ----a-w- c:\windows\system32\html.iec

2012-03-06 04:01 . 2012-03-06 04:01 30720 ----a-w- c:\windows\system32\licmgr10.dll

2012-03-06 04:01 . 2012-03-06 04:01 165888 ----a-w- c:\windows\system32\iexpress.exe

2012-03-06 04:01 . 2012-03-06 04:01 160256 ----a-w- c:\windows\system32\wextract.exe

2012-03-06 04:01 . 2012-03-06 04:01 1493504 ----a-w- c:\windows\system32\inetcpl.cpl

2012-03-06 04:01 . 2012-03-06 04:01 111616 ----a-w- c:\windows\system32\iesysprep.dll

2012-02-10 06:38 . 2012-02-10 06:39 927800 ------w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{1D7618B1-4F02-479A-A896-AF6CD7D9D7E8}\gapaengine.dll

2012-01-31 12:44 . 2009-11-06 06:28 279656 ------w- c:\windows\system32\MpSigStub.exe

2012-01-30 19:37 . 2012-01-30 19:37 230864 ----a-w- c:\windows\system32\drivers\truecrypt.sys

.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))

.

*Note* empty entries & legit default entries are not shown

REGEDIT4

.

[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt1]

@="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}"

[HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}]

2011-02-18 05:12 94208 ----a-w- c:\users\Aaron\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll

.

[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt2]

@="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}"

[HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}]

2011-02-18 05:12 94208 ----a-w- c:\users\Aaron\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll

.

[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt3]

@="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}"

[HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}]

2011-02-18 05:12 94208 ----a-w- c:\users\Aaron\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll

.

[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt4]

@="{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}"

[HKEY_CLASSES_ROOT\CLSID\{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}]

2011-02-18 05:12 94208 ----a-w- c:\users\Aaron\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll

.

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2010-11-20 1475584]

"Rainlendar2"="c:\program files (x86)\Rainlendar2\Rainlendar2.exe" [2010-07-11 2199040]

"F.lux"="c:\users\Aaron\Local Settings\Apps\F.lux\flux.exe" [2009-08-29 966656]

"SUPERAntiSpyware"="c:\program files\SUPERAntiSpyware\SUPERAntiSpyware.exe" [2012-03-07 4785536]

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]

"StartCCC"="c:\program files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2010-11-26 336384]

"NUSB3MON"="c:\program files (x86)\Renesas Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe" [2010-11-17 113288]

"Control Center"="c:\program files (x86)\ASUS\WLAN Card Utilities\CenterAgent.exe" [2009-05-21 544256]

"SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe" [2011-06-09 254696]

"BCSSync"="c:\program files (x86)\Microsoft Office\Office14\BCSSync.exe" [2010-03-13 91520]

"jswtrayutil"="c:\program files (x86)\TP-LINK\QSS\jswtrayutil.exe" [2009-09-24 32871]

.

c:\users\Aaron\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\

debug.nfo [2012-4-7 62453]

Dropbox.lnk - c:\users\Aaron\AppData\Roaming\Dropbox\bin\Dropbox.exe [2012-4-6 26945440]

ProgramHotkeys.ahk - Shortcut.lnk - c:\users\Aaron\Documents\My Dropbox\Shortcuts.ahk [2010-10-25 4897]

Rainmeter.lnk - c:\program files\Rainmeter\Rainmeter.exe [2012-1-8 107720]

speedfan.exe [2011-3-17 4523928]

speedfanparams.cfg [2012-4-5 810]

.

c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\

SetPointII.lnk - c:\program files\Logitech\SetPoint II\SetPointII.exe [2009-7-21 815104]

UltraMon.lnk - c:\windows\Installer\{B49673F8-7AB6-4A14-8213-C8A7BE370010}\IcoUltraMon.ico [2010-6-6 29310]

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]

"ConsentPromptBehaviorAdmin"= 0 (0x0)

"ConsentPromptBehaviorUser"= 3 (0x3)

"EnableLUA"= 0 (0x0)

"EnableUIADesktopToggle"= 0 (0x0)

"PromptOnSecureDesktop"= 0 (0x0)

"SoftwareSASGeneration"= 3 (0x3)

.

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]

Security Packages REG_MULTI_SZ kerberos msv1_0 schannel wdigest tspkg pku2u livessp

.

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\!SASCORE]

@=""

.

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MsMpSvc]

@="Service"

.

[HKEY_LOCAL_MACHINE\software\microsoft\security center]

"AntiVirusOverride"=dword:00000001

"FirewallOverride"=dword:00000001

.

R1 MpKslda5b6dc1;MpKslda5b6dc1;c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{CC1A7897-1324-439A-A5EE-F6B1A9C93C7A}\MpKslda5b6dc1.sys [x]

R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]

R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]

R2 gupdate;Google Update Service (gupdate);c:\program files (x86)\Google\Update\GoogleUpdate.exe [2009-12-01 135664]

R3 ALSysIO;ALSysIO;c:\users\Aaron\AppData\Local\Temp\ALSysIO64.sys [x]

R3 athur;Atheros AR9271 Wireless Network Adapter Service;c:\windows\system32\DRIVERS\athurx.sys [x]

R3 AtiHDAudioService;ATI Function Driver for HD Audio Service;c:\windows\system32\drivers\AtihdW76.sys [x]

R3 Envy24HFS;ICE Envy24 Family Audio Controller WDM 64 bit;c:\windows\system32\drivers\Envy24HF.sys [x]

R3 gupdatem;Google Update Service (gupdatem);c:\program files (x86)\Google\Update\GoogleUpdate.exe [2009-12-01 135664]

R3 jswpsapi;JumpStart Wi-Fi Protected Setup;c:\program files (x86)\TP-LINK\QSS\jswpsapi.exe [2009-09-21 954368]

R3 Linksys_adapter_H;Linksys Adapter Network Driver;c:\windows\system32\DRIVERS\AE1200w764.sys [x]

R3 Microsoft SharePoint Workspace Audit Service;Microsoft SharePoint Workspace Audit Service;c:\program files (x86)\Microsoft Office\Office14\GROOVE.EXE [2011-06-12 31125880]

R3 MpNWMon;Microsoft Malware Protection Network Driver;c:\windows\system32\DRIVERS\MpNWMon.sys [x]

R3 netr28x;Ralink 802.11n Extensible Wireless Driver;c:\windows\system32\DRIVERS\netr28x.sys [x]

R3 netr7364;Belkin Wireless 54G USB Network Adapter Driver;c:\windows\system32\DRIVERS\netr7364.sys [x]

R3 NisDrv;Microsoft Network Inspection System;c:\windows\system32\DRIVERS\NisDrvWFP.sys [x]

R3 NisSrv;Microsoft Network Inspection;c:\program files\Microsoft Security Client\Antimalware\NisSrv.exe [2011-04-27 288272]

R3 NTIOLib_1_0_2;NTIOLib_1_0_2;c:\program files (x86)\MSI\BIOSUnlockCPUCore\NTIOLib_X64.sys [2010-04-21 14136]

R3 osppsvc;Office Software Protection Platform;c:\program files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE [2010-01-10 4925184]

R3 PulseUsb;Livescribe Smartpen USB Driver;c:\windows\system32\DRIVERS\PulseUsb.sys [x]

R3 RivaTuner64;RivaTuner64;c:\program files (x86)\RivaTuner v2.24 MSI Master Overclocking Arena 2009 edition\RivaTuner64.sys [2011-05-28 19952]

R3 RTL8192su;%RTL8192su.DeviceDesc.DispName%;c:\windows\system32\DRIVERS\RTL8192su.sys [x]

R3 SaiH0460;SaiH0460;c:\windows\system32\DRIVERS\SaiH0460.sys [x]

R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [x]

R3 vwifimp;Microsoft Virtual WiFi Miniport Service;c:\windows\system32\DRIVERS\vwifimp.sys [x]

R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe [x]

R3 WiselinkPro;SAMSUNG WiselinkPro Service;c:\program files (x86)\Samsung\SAMSUNG PC Share Manager\WiselinkPro.exe [2010-02-17 3007488]

S0 sptd;sptd;c:\windows\System32\Drivers\sptd.sys [x]

S1 JSWPSLWF;JumpStart Wireless Filter Driver;c:\windows\system32\DRIVERS\jswpslwfx.sys [x]

S1 SASDIFSV;SASDIFSV;c:\program files\SUPERAntiSpyware\SASDIFSV64.SYS [2011-07-22 14928]

S1 SASKUTIL;SASKUTIL;c:\program files\SUPERAntiSpyware\SASKUTIL64.SYS [2011-07-12 12368]

S1 vwififlt;Virtual WiFi Filter Driver;c:\windows\system32\DRIVERS\vwififlt.sys [x]

S2 !SASCORE;SAS Core Service;c:\program files\SUPERAntiSpyware\SASCORE64.EXE [2011-08-11 140672]

S2 AMD External Events Utility;AMD External Events Utility;c:\windows\system32\atiesrxx.exe [x]

S2 AMD Reservation Manager;AMD Reservation Manager;c:\program files\ATI Technologies\ATI.ACE\Reservation Manager\AMD Reservation Manager.exe [2010-06-17 194496]

S2 ASWLCCSvc;ASUS Wireless Card Service;c:\program files (x86)\ASUS\WLAN Card Utilities\ASWLCCSVC.exe [2009-05-21 172032]

S2 HiPatchService;Hi-Rez Studios Authenticate and Update Service;c:\program files (x86)\Hi-Rez Studios\HiPatchService.exe [2012-04-05 8704]

S2 jswpbapi;JumpStart Push-Button Service;c:\program files (x86)\TP-LINK\QSS\jswpbapi.exe [2009-09-21 265216]

S2 PenCommService;Livescribe Pulse Smartpen Service;c:\program files (x86)\Common Files\Livescribe\PenComm\PenCommService.exe [2010-07-19 444928]

S2 RalinkRegistryWriter64;Ralink Registry Writer 64;c:\program files (x86)\Ralink\Common\RaRegistry64.exe [2009-07-15 211232]

S2 UltraMonUtility;UltraMon Utility Driver;c:\program files (x86)\Common Files\Realtime Soft\UltraMonMirrorDrv\x64\UltraMonUtility.sys [2008-11-14 20512]

S3 amdiox64;AMD IO Driver;c:\windows\system32\DRIVERS\amdiox64.sys [x]

S3 amdkmdag;amdkmdag;c:\windows\system32\DRIVERS\atikmdag.sys [x]

S3 amdkmdap;amdkmdap;c:\windows\system32\DRIVERS\atikmpag.sys [x]

S3 hpnuhst;HP NUSB Host;c:\windows\system32\DRIVERS\hpnuhst.sys [x]

S3 HPNUHUB;HP NUSB Hub;c:\windows\system32\DRIVERS\hpnuhub.sys [x]

S3 nusb3hub;Renesas Electronics USB 3.0 Hub Driver;c:\windows\system32\DRIVERS\nusb3hub.sys [x]

S3 nusb3xhc;Renesas Electronics USB 3.0 Host Controller Driver;c:\windows\system32\DRIVERS\nusb3xhc.sys [x]

S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt64win7.sys [x]

S3 usbfilter;AMD USB Filter Driver;c:\windows\system32\DRIVERS\usbfilter.sys [x]

S3 WsAudio_DeviceS(1);WsAudio_DeviceS(1);c:\windows\system32\drivers\WsAudio_DeviceS(1).sys [x]

S3 WsAudio_DeviceS(2);WsAudio_DeviceS(2);c:\windows\system32\drivers\WsAudio_DeviceS(2).sys [x]

S3 WsAudio_DeviceS(3);WsAudio_DeviceS(3);c:\windows\system32\drivers\WsAudio_DeviceS(3).sys [x]

S3 WsAudio_DeviceS(4);WsAudio_DeviceS(4);c:\windows\system32\drivers\WsAudio_DeviceS(4).sys [x]

S3 WsAudio_DeviceS(5);WsAudio_DeviceS(5);c:\windows\system32\drivers\WsAudio_DeviceS(5).sys [x]

.

--- Other Services/Drivers In Memory ---

.

*NewlyCreated* - SASDIFSV

*NewlyCreated* - SASKUTIL

*NewlyCreated* - WS2IFSL

.

Contents of the 'Scheduled Tasks' folder

.

2012-04-07 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job

- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2009-12-01 20:37]

.

2012-04-07 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job

- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2009-12-01 20:37]

.

2012-04-06 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2572513126-3689791898-647045457-1000Core.job

- c:\users\Aaron\AppData\Local\Google\Update\GoogleUpdate.exe [2011-10-30 06:07]

.

2012-04-07 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2572513126-3689791898-647045457-1000UA.job

- c:\users\Aaron\AppData\Local\Google\Update\GoogleUpdate.exe [2011-10-30 06:07]

.

--------- x86-64 -----------

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt1]

@="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}"

[HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}]

2011-02-18 05:12 97792 ----a-w- c:\users\Aaron\AppData\Roaming\Dropbox\bin\DropboxExt64.14.dll

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt2]

@="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}"

[HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}]

2011-02-18 05:12 97792 ----a-w- c:\users\Aaron\AppData\Roaming\Dropbox\bin\DropboxExt64.14.dll

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt3]

@="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}"

[HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}]

2011-02-18 05:12 97792 ----a-w- c:\users\Aaron\AppData\Roaming\Dropbox\bin\DropboxExt64.14.dll

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt4]

@="{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}"

[HKEY_CLASSES_ROOT\CLSID\{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}]

2011-02-18 05:12 97792 ----a-w- c:\users\Aaron\AppData\Roaming\Dropbox\bin\DropboxExt64.14.dll

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"RtHDVCpl"="c:\program files\Realtek\Audio\HDA\RAVCpl64.exe" [2010-07-07 11057768]

"itype"="c:\program files\Microsoft IntelliType Pro\itype.exe" [2011-08-01 1873288]

"MSC"="c:\program files\Microsoft Security Client\msseces.exe" [2011-06-15 1436736]

"Kernel and Hardware Abstraction Layer"="KHALMNPR.EXE" [2009-06-17 130576]

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]

"LoadAppInit_DLLs"=0x0

.

------- Supplementary Scan -------

.

uLocal Page = c:\windows\system32\blank.htm

uStart Page = hxxp://en.wikipedia.org/wiki/Special:Random

mLocal Page = c:\windows\SYSTEM32\blank.htm

uInternet Settings,ProxyOverride = *.local

IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~1\Office14\EXCEL.EXE/3000

IE: Se&nd to OneNote - c:\progra~1\MICROS~1\Office14\ONBttnIE.dll/105

TCP: DhcpNameServer = 192.168.0.1

TCP: Interfaces\{14D423E3-74A5-4DA8-9A1A-2953BDC5AF9D}: NameServer = 8.8.8.8,4.4.2.1

TCP: Interfaces\{AFD6FD2D-6C85-4F38-9F8E-85EE2EF172F4}: NameServer = 208.67.222.222

FF - ProfilePath - c:\users\Aaron\AppData\Roaming\Mozilla\Firefox\Profiles\5o375fb7.default\

FF - prefs.js: browser.startup.homepage - hxxp://en.wikipedia.org/wiki/Special:Random

.

- - - - ORPHANS REMOVED - - - -

.

AddRemove-TM Randomize Slideshow_is1 - c:\users\Aaron\AppData\Roaming\Microsoft\AddIns\TM Randomize Slideshow\unins000.exe

AddRemove-WinRAR - c:\windows\WinRAR\uninstall.exe

AddRemove-Smart Fortress 2012 - c:\programdata\B7E85B3B000148D100015A47B4EB2331\B7E85B3B000148D100015A47B4EB2331.exe

.

--------------------- LOCKED REGISTRY KEYS ---------------------

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Office\Common\Smart Tag\Actions\{B7EFF951-E52F-45CC-9EF7-57124F2177CC}]

@Denied: (A) (Everyone)

"Solution"="{15727DE6-F92D-4E46-ACB4-0E2C58B31A18}"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Schema Library\ActionsPane3]

@Denied: (A) (Everyone)

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Schema Library\ActionsPane3\0]

"Key"="ActionsPane3"

"Location"="c:\\Program Files (x86)\\Common Files\\Microsoft Shared\\VSTO\\ActionsPane3.xsd"

.

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]

@Denied: (Full) (Everyone)

.

------------------------ Other Running Processes ------------------------

.

c:\program files (x86)\Bonjour\mDNSResponder.exe

c:\program files (x86)\Cisco Systems\VPN Client\cvpnd.exe

c:\program files (x86)\Ralink\Common\RaRegistry.exe

c:\users\Aaron\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\speedfan.exe

c:\program files (x86)\Common Files\Realtime Soft\RTSHookInterop\x32\RTSHookInterop.exe

.

**************************************************************************

.

Completion time: 2012-04-07 00:34:21 - machine was rebooted

ComboFix-quarantined-files.txt 2012-04-07 05:34

.

Pre-Run: 47,797,862,400 bytes free

Post-Run: 48,578,412,544 bytes free

.

- - End Of File - - CC6CE85002E126A0435F6DDC6726BD31

Here is the Quarantine log:

2012-04-07 05:33:30 . 2012-04-07 05:33:30 1,018 ----a-w- C:\Qoobox\Quarantine\Registry_backups\AddRemove-Smart Fortress 2012.reg.dat

2012-04-07 05:33:29 . 2012-04-07 05:33:29 832 ----a-w- C:\Qoobox\Quarantine\Registry_backups\AddRemove-WinRAR.reg.dat

2012-04-07 05:33:29 . 2012-04-07 05:33:29 1,884 ----a-w- C:\Qoobox\Quarantine\Registry_backups\AddRemove-TM Randomize Slideshow_is1.reg.dat

2012-04-07 05:21:17 . 2012-04-07 05:21:17 48,075 ----a-w- C:\Qoobox\Quarantine\Registry_backups\tcpip.reg

2012-04-07 05:12:52 . 2012-04-07 05:12:52 51 ----a-w- C:\Qoobox\Quarantine\catchme.log

2012-03-31 20:44:22 . 2012-03-31 20:44:22 1,343 ----a-w- C:\Qoobox\Quarantine\C\Windows\System32\drivers\etc\hosts.txt.vir

2012-03-31 17:52:26 . 2012-03-31 17:52:26 26 ----a-w- C:\Qoobox\Quarantine\C\Windows\assembly\temp\cfg.ini.vir

2012-03-31 17:52:26 . 2012-03-31 17:52:26 2,048 ----a-w- C:\Qoobox\Quarantine\C\Windows\assembly\temp\@.vir

2011-08-20 02:06:13 . 2007-11-06 04:23:18 240,248 ----a-w- C:\Qoobox\Quarantine\C\Windows\SysWOW64\wpcap.dll.vir

2011-08-20 02:06:12 . 2007-11-06 04:22:30 68,224 ----a-w- C:\Qoobox\Quarantine\C\Windows\SysWOW64\WanPacket.dll.vir

2011-08-20 02:06:12 . 2007-11-06 04:19:28 53,299 ----a-w- C:\Qoobox\Quarantine\C\Windows\SysWOW64\pthreadVC.dll.vir

2011-02-23 00:33:31 . 2011-02-23 00:33:25 707,354 ----a-w- C:\Qoobox\Quarantine\C\Users\Aaron\AppData\Roaming\Microsoft\AddIns\TM Randomize Slideshow\unins000.exe.vir

2010-04-25 09:55:05 . 2010-04-25 09:55:05 13,048 ----a-w- C:\Qoobox\Quarantine\C\Users\Aaron\Documents\~WRL0273.tmp.vir

2009-11-15 06:08:08 . 2009-11-15 06:08:08 451,072 ----a-w- C:\Qoobox\Quarantine\C\Windows\WinRAR\uninstall.exe.vir

2009-11-06 06:38:08 . 2008-02-23 07:28:34 20,480 ----a-w- C:\Qoobox\Quarantine\C\Users\Aaron\Documents\~WRL3743.tmp.vir

2009-11-06 06:38:08 . 2008-02-23 06:50:16 19,968 ----a-w- C:\Qoobox\Quarantine\C\Users\Aaron\Documents\~WRL1091.tmp.vir

2009-11-06 06:38:08 . 2007-11-03 21:50:32 147,968 ----a-w- C:\Qoobox\Quarantine\C\Users\Aaron\Documents\~WRL1544.tmp.vir

2009-11-06 06:38:08 . 2008-02-22 21:19:12 19,968 ----a-w- C:\Qoobox\Quarantine\C\Users\Aaron\Documents\~WRL0003.tmp.vir

2009-11-06 06:38:08 . 2007-11-04 19:44:16 164,352 ----a-w- C:\Qoobox\Quarantine\C\Users\Aaron\Documents\~WRL0174.tmp.vir

2009-11-06 06:38:08 . 2006-09-11 01:46:28 22,016 ----a-w- C:\Qoobox\Quarantine\C\Users\Aaron\Documents\~WRL0001.tmp.vir

2009-05-26 07:27:02 . 2009-05-26 07:27:02 70,553 ----a-w- C:\Qoobox\Quarantine\C\Windows\pthreadGC2.dll.vir

2007-11-07 14:03:18 . 2007-11-07 14:03:18 562,688 ----a-w- C:\Qoobox\Quarantine\C\Install.exe.vir

2007-11-06 04:23:04 . 2007-11-06 04:23:04 88,704 ----a-w- C:\Qoobox\Quarantine\C\Windows\SysWOW64\Packet.dll.vir

MrCharlie · April 7, 2012

Please Update and run a Quick Scan with MBAM, post the report.

Make sure that everything is checked, and click Remove Selected.

Please let me know how it is, MrC

Shivalyn · April 8, 2012

Well I didn't see anything to check for the Quick Scan. This is what it came up with though:

Malwarebytes Anti-Malware 1.60.1.1000

www.malwarebytes.org

Database version: v2012.04.07.11

Windows 7 Service Pack 1 x64 NTFS

Internet Explorer 9.0.8112.16421

Aaron :: SPIFFY [administrator]

4/7/2012 9:45:30 PM

mbam-log-2012-04-07 (21-45-30).txt

Scan type: Quick scan

Scan options disabled: P2P

Objects scanned: 204510

Time elapsed: 3 minute(s), 12 second(s)

Memory Processes Detected: 0

(No malicious items detected)

Memory Modules Detected: 0

(No malicious items detected)

Registry Keys Detected: 0

(No malicious items detected)

Registry Values Detected: 0

(No malicious items detected)

Registry Data Items Detected: 0

(No malicious items detected)

Folders Detected: 0

(No malicious items detected)

Files Detected: 0

(No malicious items detected)

(end)

MrCharlie · April 8, 2012

How is it??? MrC

Shivalyn · April 9, 2012

I'm not sure if I understand the question. How's the computer? The computer seems to be fine but I'm not sure if anything is running 'under the radar' so to speak.

MrCharlie · April 9, 2012

Yes, I'm asking about the computer.

So far a lot of malware has been clean up.

Please update your Microsoft Security Essentials and run a quick scan.

If it finds anything, check the history tab and at the bottom you'll see "items", copy back the report.

MrC

Shivalyn · April 9, 2012

Well, nothing pops up. So does that mean the sirefef b trojan is gone?

MrCharlie · April 9, 2012

Yes, that's sounds good

---------------

Please Uninstall ComboFix:

Press the Windows logo key + R to bring up the "run box"

Copy and paste next command in the field:

ComboFix /uninstall

Make sure there's a space between Combofix and /

Then hit enter.

This will uninstall Combofix, delete its related folders and files, hide file extensions, hide the system/hidden files and clears System Restore cache and create new Restore point

-----------------------------------------

Please download OTL from one of the links below:

http://oldtimer.geekstogo.com/OTL.exe

http://oldtimer.geekstogo.com/OTL.com

Save it to your desktop.

Run OTL and hit the CleanUp button. (This will cleanup the tools and logs used including itself)

Any other programs or logs you can manually delete.

-------------------------------------

You have out date Java on the system, older versions are vulnerable to malware.

Java™ 6 Update 29 <---should be 31

Go to your control panel > Java > Update Tab > Update Now

http://www.java.com/...d/installed.jsp <---verify your Java

Any questions...please post back.

If you think I've helped you, please leave a comment > click on my avatar picture > click Profile Feed.

Take a look at My Preventive Maintenance to avoid being infected again.

Good Luck and Thanks for using the forum, MrC

LDTate · April 10, 2012

Since this issue is resolved I will close the thread to prevent others from posting here. If you need assistance please start your own topic and someone will be happy to assist you.

Got infected with a virus today. I think it was siricef c or some such as that.

Recommended Posts

Link to post

Share on other sites

Link to post

Share on other sites

Link to post

Share on other sites

Link to post

Share on other sites

Link to post

Share on other sites

Link to post

Share on other sites

Link to post

Share on other sites

Link to post

Share on other sites

Link to post

Share on other sites

Link to post

Share on other sites

Link to post

Share on other sites

Link to post

Share on other sites

Link to post

Share on other sites

Link to post

Share on other sites

Link to post

Share on other sites

Link to post

Share on other sites

Link to post

Share on other sites

Recently Browsing 0 members

Important Information