mbruun

It's done and no threats were found!!!

No threats have been found by ESET online scanner but it is still at 99% - I need to sleep - it's 1 AM here I will let you know if it funds any threats tomorrow Do you htink that this is the last step? thank you so very much for your help - I plan to make a donation tomorrow or monday

I got it to run by changing the size of the screen

I am having a problem with the ESET scan I dont see a "scan" button and the program detects that Windows defender is running I just truned off the progrma but maybe I need to restart?

Malwarebytes Anti-Malware (Trial) 1.65.1.1000 www.malwarebytes.org Database version: v2012.11.08.11 Windows 7 x64 NTFS Internet Explorer 8.0.7600.16385 Connie :: CONNIE01 [administrator] Protection: Enabled 11/8/2012 11:15:10 PM mbam-log-2012-11-08 (23-15-10).txt Scan type: Quick scan Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM Scan options disabled: P2P Objects scanned: 367267 Time elapsed: 1 minute(s), 9 second(s) Memory Processes Detected: 0 (No malicious items detected) Memory Modules Detected: 0 (No malicious items detected) Registry Keys Detected: 0 (No malicious items detected) Registry Values Detected: 0 (No malicious items detected) Registry Data Items Detected: 0 (No malicious items detected) Folders Detected: 0 (No malicious items detected) Files Detected: 0 (No malicious items detected) (end) Logfile of Trend Micro HijackThis v2.0.4 Scan saved at 11:17:45 PM, on 11/8/2012 Platform: Windows 7 (WinNT 6.00.3504) MSIE: Internet Explorer v8.00 (8.00.7600.17115) Boot mode: Normal Running processes: C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe C:\Program Files (x86)\Siber Systems\AI RoboForm\robotaskbaricon.exe C:\Program Files (x86)\Common Files\Intuit\QuickBooks\QBUpdate\qbupdate.exe C:\Program Files (x86)\Analog Devices\Core\smax4pnp.exe C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe C:\Program Files (x86)\MSN Toolbar\Platform\4.0.0401.0\mswinext.exe C:\Program Files (x86)\Internet Explorer\iexplore.exe C:\Program Files (x86)\Internet Explorer\iexplore.exe C:\Program Files (x86)\Microsoft\Search Enhancement Pack\SCServer\SCServer.exe \SBS2008\RedirectedFolders\connie\Desktop\HijackThis.exe R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896 R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157 R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll O2 - BHO: Search Helper - {6EBF7485-159F-4bff-A14F-B9E3AAC4465B} - C:\Program Files (x86)\Microsoft\Search Enhancement Pack\Search Helper\SEPsearchhelperie.dll O2 - BHO: RoboForm - {724d43a9-0d85-11d4-9908-00400523e39a} - C:\Program Files (x86)\Siber Systems\AI RoboForm\roboform.dll O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files (x86)\Microsoft Office\Office12\GrooveShellExtensions.dll O2 - BHO: Java Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll O2 - BHO: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - c:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll O2 - BHO: MSN Toolbar BHO - {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - c:\Program Files (x86)\MSN Toolbar\Platform\4.0.0401.0\npwinext.dll O2 - BHO: Java Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll O3 - Toolbar: &RoboForm - {724d43a0-0d85-11d4-9908-00400523e39a} - C:\Program Files (x86)\Siber Systems\AI RoboForm\roboform.dll O3 - Toolbar: MSN Toolbar - {8dcb7100-df86-4384-8842-8fa844297b3f} - c:\Program Files (x86)\MSN Toolbar\Platform\4.0.0401.0\npwinext.dll O4 - HKLM\..\Run: [GrooveMonitor] "C:\Program Files (x86)\Microsoft Office\Office12\GrooveMonitor.exe" O4 - HKLM\..\Run: [soundMAXPnP] C:\Program Files (x86)\Analog Devices\Core\smax4pnp.exe O4 - HKLM\..\Run: [intuit SyncManager] C:\Program Files (x86)\Common Files\Intuit\Sync\IntuitSyncManager.exe startup O4 - HKLM\..\Run: [MSN Toolbar] "c:\Program Files (x86)\MSN Toolbar\Platform\4.0.0401.0\mswinext.exe" O4 - HKLM\..\Run: [Microsoft Default Manager] "C:\Program Files (x86)\Microsoft\Search Enhancement Pack\Default Manager\DefMgr.exe" -resume O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" O4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe" O4 - HKCU\..\Run: [RoboForm] "C:\Program Files (x86)\Siber Systems\AI RoboForm\RoboTaskBarIcon.exe" O4 - Global Startup: CS Connect Background Services.lnk = WinCSI\Tools\ConnectBGDL.exe O4 - Global Startup: Intuit Data Protect.lnk = C:\Program Files (x86)\Common Files\Intuit\DataProtect\IntuitDataProtect.exe O4 - Global Startup: QuickBooks Update Agent.lnk = C:\Program Files (x86)\Common Files\Intuit\QuickBooks\QBUpdate\qbupdate.exe O4 - Global Startup: QuickBooks_Standard_21.lnk = C:\Program Files (x86)\Intuit\QuickBooks 2012\QBW32.EXE O8 - Extra context menu item: Customize Menu - file://C:\Program Files (x86)\Siber Systems\AI RoboForm\RoboFormComCustomizeIEMenu.html O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~2\MICROS~1\Office12\EXCEL.EXE/3000 O8 - Extra context menu item: Fill Forms - file://C:\Program Files (x86)\Siber Systems\AI RoboForm\RoboFormComFillForms.html O8 - Extra context menu item: RoboForm Toolbar - file://C:\Program Files (x86)\Siber Systems\AI RoboForm\RoboFormComShowToolbar.html O8 - Extra context menu item: Save Forms - file://C:\Program Files (x86)\Siber Systems\AI RoboForm\RoboFormComSavePass.html O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~2\MICROS~1\Office12\ONBttnIE.dll O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~2\MICROS~1\Office12\ONBttnIE.dll O9 - Extra button: @C:\Windows\WindowsMobile\INetRepl.dll,-222 - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - C:\Windows\WindowsMobile\INetRepl.dll O9 - Extra button: (no name) - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\Windows\WindowsMobile\INetRepl.dll O9 - Extra 'Tools' menuitem: @C:\Windows\WindowsMobile\INetRepl.dll,-223 - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\Windows\WindowsMobile\INetRepl.dll O9 - Extra button: Fill Forms - {320AF880-6646-11D3-ABEE-C5DBF3571F46} - file://C:\Program Files (x86)\Siber Systems\AI RoboForm\RoboFormComFillForms.html O9 - Extra 'Tools' menuitem: Fill Forms - {320AF880-6646-11D3-ABEE-C5DBF3571F46} - file://C:\Program Files (x86)\Siber Systems\AI RoboForm\RoboFormComFillForms.html O9 - Extra button: Save - {320AF880-6646-11D3-ABEE-C5DBF3571F49} - file://C:\Program Files (x86)\Siber Systems\AI RoboForm\RoboFormComSavePass.html O9 - Extra 'Tools' menuitem: Save Forms - {320AF880-6646-11D3-ABEE-C5DBF3571F49} - file://C:\Program Files (x86)\Siber Systems\AI RoboForm\RoboFormComSavePass.html O9 - Extra button: RoboForm - {724d43aa-0d85-11d4-9908-00400523e39a} - file://C:\Program Files (x86)\Siber Systems\AI RoboForm\RoboFormComShowToolbar.html O9 - Extra 'Tools' menuitem: RoboForm Toolbar - {724d43aa-0d85-11d4-9908-00400523e39a} - file://C:\Program Files (x86)\Siber Systems\AI RoboForm\RoboFormComShowToolbar.html O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~2\MICROS~1\Office12\REFIEBAR.DLL O9 - Extra button: Sageworks - {5BD9E6D7-A785-41E1-B13F-E7AA845D92DE} - https://www.profitcents.com/login.asp?pcicon=1&username=bhbadvisors&password=showtime (file missing) (HKCU) O9 - Extra 'Tools' menuitem: Sageworks - {5BD9E6D7-A785-41E1-B13F-E7AA845D92DE} - https://www.profitcents.com/login.asp?pcicon=1&username=bhbadvisors&password=showtime (file missing) (HKCU) O10 - Unknown file in Winsock LSP: c:\program files (x86)\common files\microsoft shared\windows live\wlidnsp.dll O10 - Unknown file in Winsock LSP: c:\program files (x86)\common files\microsoft shared\windows live\wlidnsp.dll O16 - DPF: {00134F72-5284-44F7-95A8-52A619F70751} (ObjWinNTCheck Class) - https://sbs2008.bhbadvisors.local:4343/officescan/console/ClientInstall/WinNTChk.cab O16 - DPF: {08D75BB0-D2B5-11D1-88FC-0080C859833B} (OfficeScan Corp Edition Web-Deployment SetupINICtrl Class) - https://sbs2008.bhbadvisors.local:4343/officescan/console/ClientInstall/setupini.cab O16 - DPF: {08D75BC1-D2B5-11D1-88FC-0080C859833B} (OfficeScan Corp Edition Web-Deployment SetupCtrl Class) - https://sbs2008.bhbadvisors.local:4343/officescan/console/ClientInstall/setup.cab O16 - DPF: {5EFE8CB1-D095-11D1-88FC-0080C859833B} (OfficeScan Corp Edition Web-Deployment ObjRemoveCtrl Class) - https://sbs2008.bhbadvisors.local:4343/officescan/console/ClientInstall/RemoveCtrl.cab O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab O17 - HKLM\System\CCS\Services\Tcpip\Parameters: Domain = bhbadvisors.local O17 - HKLM\System\CS1\Services\Tcpip\Parameters: Domain = bhbadvisors.local O17 - HKLM\System\CS2\Services\Tcpip\Parameters: Domain = bhbadvisors.local O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program Files (x86)\Microsoft Office\Office12\GrooveSystemServices.dll O18 - Protocol: intu-help-qb2 - {84D77A00-41B5-4B8B-8ADF-86486D72E749} - C:\Program Files (x86)\Intuit\QuickBooks 2009\HelpAsyncPluggableProtocol.dll O18 - Protocol: intu-help-qb3 - {C5E479EA-0A65-4B05-8C6C-2FC8CC682EB4} - C:\Program Files (x86)\Intuit\QuickBooks 2010\HelpAsyncPluggableProtocol.dll O18 - Protocol: intu-help-qb4 - {ACE22922-D07C-4860-B51B-8CF472FEC2CB} - C:\Program Files (x86)\Intuit\QuickBooks 2011\HelpAsyncPluggableProtocol.dll O18 - Protocol: intu-help-qb5 - {867FCB77-9823-4CD6-8210-D85F968D466F} - C:\Program Files (x86)\Intuit\QuickBooks 2012\HelpAsyncPluggableProtocol.dll O18 - Protocol: qbwc - {FC598A64-626C-4447-85B8-53150405FD57} - mscoree.dll (file missing) O23 - Service: Adobe Acrobat Update Service (AdobeARMservice) - Adobe Systems Incorporated - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe O23 - Service: Adobe Flash Player Update Service (AdobeFlashPlayerUpdateSvc) - Adobe Systems Incorporated - C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe O23 - Service: Andrea ADI Filters Service (AEADIFilters) - Unknown owner - C:\Windows\system32\AEADISRV.EXE (file missing) O23 - Service: @%SystemRoot%\system32\Alg.exe,-112 (ALG) - Unknown owner - C:\Windows\System32\alg.exe (file missing) O23 - Service: Creative Solutions Accounting Print Service (CSAPrintService) - Thomson Reuters - C:\Windows\csasvc.exe O23 - Service: @%SystemRoot%\system32\efssvc.dll,-100 (EFS) - Unknown owner - C:\Windows\System32\lsass.exe (file missing) O23 - Service: @%systemroot%\system32\fxsresm.dll,-118 (Fax) - Unknown owner - C:\Windows\system32\fxssvc.exe (file missing) O23 - Service: FileCabinet CS Print Service (FCPrintService) - Thomson Reuters - C:\Windows\csifcsvc.exe O23 - Service: GoToMyPC - Citrix Online, a division of Citrix Systems, Inc. - C:\Program Files (x86)\Citrix\GoToMyPC\g2svc.exe O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files (x86)\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe O23 - Service: @keyiso.dll,-100 (KeyIso) - Unknown owner - C:\Windows\system32\lsass.exe (file missing) O23 - Service: MBAMScheduler - Malwarebytes Corporation - C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe O23 - Service: MBAMService - Malwarebytes Corporation - C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe O23 - Service: @comres.dll,-2797 (MSDTC) - Unknown owner - C:\Windows\System32\msdtc.exe (file missing) O23 - Service: @%SystemRoot%\System32\netlogon.dll,-102 (Netlogon) - Unknown owner - C:\Windows\system32\lsass.exe (file missing) O23 - Service: @%systemroot%\system32\psbase.dll,-300 (ProtectedStorage) - Unknown owner - C:\Windows\system32\lsass.exe (file missing) O23 - Service: QBCFMonitorService - Intuit - C:\Program Files (x86)\Common Files\Intuit\QuickBooks\QBCFMonitorService.exe O23 - Service: Intuit QuickBooks FCS (QBFCService) - Intuit Inc. - C:\Program Files (x86)\Common Files\Intuit\QuickBooks\FCS\Intuit.QuickBooks.FCS.exe O23 - Service: QBIDPService (QBVSS) - Intuit Inc. - C:\Program Files (x86)\Common Files\Intuit\DataProtect\QBIDPService.exe O23 - Service: @%systemroot%\system32\Locator.exe,-2 (RpcLocator) - Unknown owner - C:\Windows\system32\locator.exe (file missing) O23 - Service: @%SystemRoot%\system32\samsrv.dll,-1 (SamSs) - Unknown owner - C:\Windows\system32\lsass.exe (file missing) O23 - Service: @%SystemRoot%\system32\snmptrap.exe,-3 (SNMPTRAP) - Unknown owner - C:\Windows\System32\snmptrap.exe (file missing) O23 - Service: @%systemroot%\system32\spoolsv.exe,-1 (Spooler) - Unknown owner - C:\Windows\System32\spoolsv.exe (file missing) O23 - Service: @%SystemRoot%\system32\sppsvc.exe,-101 (sppsvc) - Unknown owner - C:\Windows\system32\sppsvc.exe (file missing) O23 - Service: @%SystemRoot%\system32\ui0detect.exe,-101 (UI0Detect) - Unknown owner - C:\Windows\system32\UI0Detect.exe (file missing) O23 - Service: @%SystemRoot%\system32\vaultsvc.dll,-1003 (VaultSvc) - Unknown owner - C:\Windows\system32\lsass.exe (file missing) O23 - Service: @%SystemRoot%\system32\vds.exe,-100 (vds) - Unknown owner - C:\Windows\System32\vds.exe (file missing) O23 - Service: @%systemroot%\system32\vssvc.exe,-102 (VSS) - Unknown owner - C:\Windows\system32\vssvc.exe (file missing) O23 - Service: @%systemroot%\system32\wbengine.exe,-104 (wbengine) - Unknown owner - C:\Windows\system32\wbengine.exe (file missing) O23 - Service: @%Systemroot%\system32\wbem\wmiapsrv.exe,-110 (wmiApSrv) - Unknown owner - C:\Windows\system32\wbem\WmiApSrv.exe (file missing) O23 - Service: @%PROGRAMFILES%\Windows Media Player\wmpnetwk.exe,-101 (WMPNetworkSvc) - Unknown owner - C:\Program Files (x86)\Windows Media Player\wmpnetwk.exe (file missing) -- End of file - 13552 bytes

Malwarebytes Anti-Malware (Trial) 1.65.1.1000 www.malwarebytes.org Database version: v2012.11.08.11 Windows 7 x64 NTFS Internet Explorer 8.0.7600.16385 Connie :: CONNIE01 [administrator] Protection: Enabled 11/8/2012 11:15:10 PM mbam-log-2012-11-08 (23-15-10).txt Scan type: Quick scan Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM Scan options disabled: P2P Objects scanned: 367267 Time elapsed: 1 minute(s), 9 second(s) Memory Processes Detected: 0 (No malicious items detected) Memory Modules Detected: 0 (No malicious items detected) Registry Keys Detected: 0 (No malicious items detected) Registry Values Detected: 0 (No malicious items detected) Registry Data Items Detected: 0 (No malicious items detected) Folders Detected: 0 (No malicious items detected) Files Detected: 0 (No malicious items detected) (end) I do not have any problems I need to reinstal my WFBS trend micro cleint but I need the 64 bit installer file. do you know anyhting about how to get that? Logfile of Trend Micro HijackThis v2.0.4 Scan saved at 11:17:45 PM, on 11/8/2012 Platform: Windows 7 (WinNT 6.00.3504) MSIE: Internet Explorer v8.00 (8.00.7600.17115) Boot mode: Normal Running processes: C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe C:\Program Files (x86)\Siber Systems\AI RoboForm\robotaskbaricon.exe C:\Program Files (x86)\Common Files\Intuit\QuickBooks\QBUpdate\qbupdate.exe C:\Program Files (x86)\Analog Devices\Core\smax4pnp.exe C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe C:\Program Files (x86)\MSN Toolbar\Platform\4.0.0401.0\mswinext.exe C:\Program Files (x86)\Internet Explorer\iexplore.exe C:\Program Files (x86)\Internet Explorer\iexplore.exe C:\Program Files (x86)\Microsoft\Search Enhancement Pack\SCServer\SCServer.exe \SBS2008\RedirectedFolders\connie\Desktop\HijackThis.exe R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896 R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157 R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll O2 - BHO: Search Helper - {6EBF7485-159F-4bff-A14F-B9E3AAC4465B} - C:\Program Files (x86)\Microsoft\Search Enhancement Pack\Search Helper\SEPsearchhelperie.dll O2 - BHO: RoboForm - {724d43a9-0d85-11d4-9908-00400523e39a} - C:\Program Files (x86)\Siber Systems\AI RoboForm\roboform.dll O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files (x86)\Microsoft Office\Office12\GrooveShellExtensions.dll O2 - BHO: Java Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll O2 - BHO: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - c:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll O2 - BHO: MSN Toolbar BHO - {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - c:\Program Files (x86)\MSN Toolbar\Platform\4.0.0401.0\npwinext.dll O2 - BHO: Java Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll O3 - Toolbar: &RoboForm - {724d43a0-0d85-11d4-9908-00400523e39a} - C:\Program Files (x86)\Siber Systems\AI RoboForm\roboform.dll O3 - Toolbar: MSN Toolbar - {8dcb7100-df86-4384-8842-8fa844297b3f} - c:\Program Files (x86)\MSN Toolbar\Platform\4.0.0401.0\npwinext.dll O4 - HKLM\..\Run: [GrooveMonitor] "C:\Program Files (x86)\Microsoft Office\Office12\GrooveMonitor.exe" O4 - HKLM\..\Run: [soundMAXPnP] C:\Program Files (x86)\Analog Devices\Core\smax4pnp.exe O4 - HKLM\..\Run: [intuit SyncManager] C:\Program Files (x86)\Common Files\Intuit\Sync\IntuitSyncManager.exe startup O4 - HKLM\..\Run: [MSN Toolbar] "c:\Program Files (x86)\MSN Toolbar\Platform\4.0.0401.0\mswinext.exe" O4 - HKLM\..\Run: [Microsoft Default Manager] "C:\Program Files (x86)\Microsoft\Search Enhancement Pack\Default Manager\DefMgr.exe" -resume O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" O4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe" O4 - HKCU\..\Run: [RoboForm] "C:\Program Files (x86)\Siber Systems\AI RoboForm\RoboTaskBarIcon.exe" O4 - Global Startup: CS Connect Background Services.lnk = WinCSI\Tools\ConnectBGDL.exe O4 - Global Startup: Intuit Data Protect.lnk = C:\Program Files (x86)\Common Files\Intuit\DataProtect\IntuitDataProtect.exe O4 - Global Startup: QuickBooks Update Agent.lnk = C:\Program Files (x86)\Common Files\Intuit\QuickBooks\QBUpdate\qbupdate.exe O4 - Global Startup: QuickBooks_Standard_21.lnk = C:\Program Files (x86)\Intuit\QuickBooks 2012\QBW32.EXE O8 - Extra context menu item: Customize Menu - file://C:\Program Files (x86)\Siber Systems\AI RoboForm\RoboFormComCustomizeIEMenu.html O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~2\MICROS~1\Office12\EXCEL.EXE/3000 O8 - Extra context menu item: Fill Forms - file://C:\Program Files (x86)\Siber Systems\AI RoboForm\RoboFormComFillForms.html O8 - Extra context menu item: RoboForm Toolbar - file://C:\Program Files (x86)\Siber Systems\AI RoboForm\RoboFormComShowToolbar.html O8 - Extra context menu item: Save Forms - file://C:\Program Files (x86)\Siber Systems\AI RoboForm\RoboFormComSavePass.html O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~2\MICROS~1\Office12\ONBttnIE.dll O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~2\MICROS~1\Office12\ONBttnIE.dll O9 - Extra button: @C:\Windows\WindowsMobile\INetRepl.dll,-222 - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - C:\Windows\WindowsMobile\INetRepl.dll O9 - Extra button: (no name) - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\Windows\WindowsMobile\INetRepl.dll O9 - Extra 'Tools' menuitem: @C:\Windows\WindowsMobile\INetRepl.dll,-223 - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\Windows\WindowsMobile\INetRepl.dll O9 - Extra button: Fill Forms - {320AF880-6646-11D3-ABEE-C5DBF3571F46} - file://C:\Program Files (x86)\Siber Systems\AI RoboForm\RoboFormComFillForms.html O9 - Extra 'Tools' menuitem: Fill Forms - {320AF880-6646-11D3-ABEE-C5DBF3571F46} - file://C:\Program Files (x86)\Siber Systems\AI RoboForm\RoboFormComFillForms.html O9 - Extra button: Save - {320AF880-6646-11D3-ABEE-C5DBF3571F49} - file://C:\Program Files (x86)\Siber Systems\AI RoboForm\RoboFormComSavePass.html O9 - Extra 'Tools' menuitem: Save Forms - {320AF880-6646-11D3-ABEE-C5DBF3571F49} - file://C:\Program Files (x86)\Siber Systems\AI RoboForm\RoboFormComSavePass.html O9 - Extra button: RoboForm - {724d43aa-0d85-11d4-9908-00400523e39a} - file://C:\Program Files (x86)\Siber Systems\AI RoboForm\RoboFormComShowToolbar.html O9 - Extra 'Tools' menuitem: RoboForm Toolbar - {724d43aa-0d85-11d4-9908-00400523e39a} - file://C:\Program Files (x86)\Siber Systems\AI RoboForm\RoboFormComShowToolbar.html O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~2\MICROS~1\Office12\REFIEBAR.DLL O9 - Extra button: Sageworks - {5BD9E6D7-A785-41E1-B13F-E7AA845D92DE} - https://www.profitcents.com/login.asp?pcicon=1&username=bhbadvisors&password=showtime (file missing) (HKCU) O9 - Extra 'Tools' menuitem: Sageworks - {5BD9E6D7-A785-41E1-B13F-E7AA845D92DE} - https://www.profitcents.com/login.asp?pcicon=1&username=bhbadvisors&password=showtime (file missing) (HKCU) O10 - Unknown file in Winsock LSP: c:\program files (x86)\common files\microsoft shared\windows live\wlidnsp.dll O10 - Unknown file in Winsock LSP: c:\program files (x86)\common files\microsoft shared\windows live\wlidnsp.dll O16 - DPF: {00134F72-5284-44F7-95A8-52A619F70751} (ObjWinNTCheck Class) - https://sbs2008.bhbadvisors.local:4343/officescan/console/ClientInstall/WinNTChk.cab O16 - DPF: {08D75BB0-D2B5-11D1-88FC-0080C859833B} (OfficeScan Corp Edition Web-Deployment SetupINICtrl Class) - https://sbs2008.bhbadvisors.local:4343/officescan/console/ClientInstall/setupini.cab O16 - DPF: {08D75BC1-D2B5-11D1-88FC-0080C859833B} (OfficeScan Corp Edition Web-Deployment SetupCtrl Class) - https://sbs2008.bhbadvisors.local:4343/officescan/console/ClientInstall/setup.cab O16 - DPF: {5EFE8CB1-D095-11D1-88FC-0080C859833B} (OfficeScan Corp Edition Web-Deployment ObjRemoveCtrl Class) - https://sbs2008.bhbadvisors.local:4343/officescan/console/ClientInstall/RemoveCtrl.cab O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab O17 - HKLM\System\CCS\Services\Tcpip\Parameters: Domain = bhbadvisors.local O17 - HKLM\System\CS1\Services\Tcpip\Parameters: Domain = bhbadvisors.local O17 - HKLM\System\CS2\Services\Tcpip\Parameters: Domain = bhbadvisors.local O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program Files (x86)\Microsoft Office\Office12\GrooveSystemServices.dll O18 - Protocol: intu-help-qb2 - {84D77A00-41B5-4B8B-8ADF-86486D72E749} - C:\Program Files (x86)\Intuit\QuickBooks 2009\HelpAsyncPluggableProtocol.dll O18 - Protocol: intu-help-qb3 - {C5E479EA-0A65-4B05-8C6C-2FC8CC682EB4} - C:\Program Files (x86)\Intuit\QuickBooks 2010\HelpAsyncPluggableProtocol.dll O18 - Protocol: intu-help-qb4 - {ACE22922-D07C-4860-B51B-8CF472FEC2CB} - C:\Program Files (x86)\Intuit\QuickBooks 2011\HelpAsyncPluggableProtocol.dll O18 - Protocol: intu-help-qb5 - {867FCB77-9823-4CD6-8210-D85F968D466F} - C:\Program Files (x86)\Intuit\QuickBooks 2012\HelpAsyncPluggableProtocol.dll O18 - Protocol: qbwc - {FC598A64-626C-4447-85B8-53150405FD57} - mscoree.dll (file missing) O23 - Service: Adobe Acrobat Update Service (AdobeARMservice) - Adobe Systems Incorporated - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe O23 - Service: Adobe Flash Player Update Service (AdobeFlashPlayerUpdateSvc) - Adobe Systems Incorporated - C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe O23 - Service: Andrea ADI Filters Service (AEADIFilters) - Unknown owner - C:\Windows\system32\AEADISRV.EXE (file missing) O23 - Service: @%SystemRoot%\system32\Alg.exe,-112 (ALG) - Unknown owner - C:\Windows\System32\alg.exe (file missing) O23 - Service: Creative Solutions Accounting Print Service (CSAPrintService) - Thomson Reuters - C:\Windows\csasvc.exe O23 - Service: @%SystemRoot%\system32\efssvc.dll,-100 (EFS) - Unknown owner - C:\Windows\System32\lsass.exe (file missing) O23 - Service: @%systemroot%\system32\fxsresm.dll,-118 (Fax) - Unknown owner - C:\Windows\system32\fxssvc.exe (file missing) O23 - Service: FileCabinet CS Print Service (FCPrintService) - Thomson Reuters - C:\Windows\csifcsvc.exe O23 - Service: GoToMyPC - Citrix Online, a division of Citrix Systems, Inc. - C:\Program Files (x86)\Citrix\GoToMyPC\g2svc.exe O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files (x86)\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe O23 - Service: @keyiso.dll,-100 (KeyIso) - Unknown owner - C:\Windows\system32\lsass.exe (file missing) O23 - Service: MBAMScheduler - Malwarebytes Corporation - C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe O23 - Service: MBAMService - Malwarebytes Corporation - C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe O23 - Service: @comres.dll,-2797 (MSDTC) - Unknown owner - C:\Windows\System32\msdtc.exe (file missing) O23 - Service: @%SystemRoot%\System32\netlogon.dll,-102 (Netlogon) - Unknown owner - C:\Windows\system32\lsass.exe (file missing) O23 - Service: @%systemroot%\system32\psbase.dll,-300 (ProtectedStorage) - Unknown owner - C:\Windows\system32\lsass.exe (file missing) O23 - Service: QBCFMonitorService - Intuit - C:\Program Files (x86)\Common Files\Intuit\QuickBooks\QBCFMonitorService.exe O23 - Service: Intuit QuickBooks FCS (QBFCService) - Intuit Inc. - C:\Program Files (x86)\Common Files\Intuit\QuickBooks\FCS\Intuit.QuickBooks.FCS.exe O23 - Service: QBIDPService (QBVSS) - Intuit Inc. - C:\Program Files (x86)\Common Files\Intuit\DataProtect\QBIDPService.exe O23 - Service: @%systemroot%\system32\Locator.exe,-2 (RpcLocator) - Unknown owner - C:\Windows\system32\locator.exe (file missing) O23 - Service: @%SystemRoot%\system32\samsrv.dll,-1 (SamSs) - Unknown owner - C:\Windows\system32\lsass.exe (file missing) O23 - Service: @%SystemRoot%\system32\snmptrap.exe,-3 (SNMPTRAP) - Unknown owner - C:\Windows\System32\snmptrap.exe (file missing) O23 - Service: @%systemroot%\system32\spoolsv.exe,-1 (Spooler) - Unknown owner - C:\Windows\System32\spoolsv.exe (file missing) O23 - Service: @%SystemRoot%\system32\sppsvc.exe,-101 (sppsvc) - Unknown owner - C:\Windows\system32\sppsvc.exe (file missing) O23 - Service: @%SystemRoot%\system32\ui0detect.exe,-101 (UI0Detect) - Unknown owner - C:\Windows\system32\UI0Detect.exe (file missing) O23 - Service: @%SystemRoot%\system32\vaultsvc.dll,-1003 (VaultSvc) - Unknown owner - C:\Windows\system32\lsass.exe (file missing) O23 - Service: @%SystemRoot%\system32\vds.exe,-100 (vds) - Unknown owner - C:\Windows\System32\vds.exe (file missing) O23 - Service: @%systemroot%\system32\vssvc.exe,-102 (VSS) - Unknown owner - C:\Windows\system32\vssvc.exe (file missing) O23 - Service: @%systemroot%\system32\wbengine.exe,-104 (wbengine) - Unknown owner - C:\Windows\system32\wbengine.exe (file missing) O23 - Service: @%Systemroot%\system32\wbem\wmiapsrv.exe,-110 (wmiApSrv) - Unknown owner - C:\Windows\system32\wbem\WmiApSrv.exe (file missing) O23 - Service: @%PROGRAMFILES%\Windows Media Player\wmpnetwk.exe,-101 (WMPNetworkSvc) - Unknown owner - C:\Program Files (x86)\Windows Media Player\wmpnetwk.exe (file missing) -- End of file - 13552 bytes

ComboFix 12-11-08.01 - Connie 11/08/2012 22:40:05.2.4 - x64 Microsoft Windows 7 Professional 6.1.7600.0.1252.1.1033.18.8090.6310 [GMT -6:00] Running from: \\SBS2008\RedirectedFolders\connie\Desktop\Malware Folder Nov 2012\ComboFix.exe Command switches used :: \\SBS2008\RedirectedFolders\connie\Desktop\CF Script.txt SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46} . . ((((((((((((((((((((((((( Files Created from 2012-10-09 to 2012-11-09 ))))))))))))))))))))))))))))))) . . 2012-11-09 04:43 . 2012-11-09 04:43 -------- d-----w- c:\users\test\AppData\Local\temp 2012-11-09 04:43 . 2012-11-09 04:43 -------- d-----w- c:\users\QBDataServiceUser22\AppData\Local\temp 2012-11-09 04:43 . 2012-11-09 04:43 -------- d-----w- c:\users\QBDataServiceUser21\AppData\Local\temp 2012-11-09 04:43 . 2012-11-09 04:43 -------- d-----w- c:\users\QBDataServiceUser20\AppData\Local\temp 2012-11-09 04:43 . 2012-11-09 04:43 -------- d-----w- c:\users\Matt\AppData\Local\temp 2012-11-09 04:43 . 2012-11-09 04:43 -------- d-----w- c:\users\Default\AppData\Local\temp 2012-11-09 04:43 . 2012-11-09 04:43 -------- d-----w- c:\users\bruun2\AppData\Local\temp 2012-11-09 04:43 . 2012-11-09 04:43 -------- d-----w- c:\users\badmin\AppData\Local\temp 2012-11-09 02:19 . 2012-11-09 02:19 -------- d-----w- c:\users\badmin\AppData\Local\Intuit 2012-11-08 21:43 . 2012-11-08 21:40 689190 ----a-w- C:\dds.scr 2012-11-08 17:44 . 2012-11-08 17:44 -------- d-----w- c:\users\connie\AppData\Roaming\Malwarebytes 2012-11-08 17:44 . 2012-11-08 17:44 -------- d-----w- c:\programdata\Malwarebytes 2012-11-08 17:44 . 2012-11-08 17:44 -------- d-----w- c:\program files (x86)\Malwarebytes' Anti-Malware 2012-11-08 17:44 . 2012-09-30 01:54 25928 ----a-w- c:\windows\system32\drivers\mbam.sys 2012-11-06 08:41 . 2012-10-12 07:19 9291768 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{D21448E0-4C24-43D8-94C8-937A998262BF}\mpengine.dll 2012-11-03 02:02 . 2001-07-30 15:40 44032 ----a-w- c:\windows\SysWow64\temp.051 2012-11-03 02:02 . 2000-05-27 05:00 1388544 ----a-w- c:\windows\SysWow64\temp.052 2012-11-03 02:02 . 1998-05-31 05:00 22288 ----a-w- c:\windows\SysWow64\temp.053 2012-11-03 02:02 . 2001-07-30 15:42 1118720 ----a-w- c:\windows\SysWow64\temp.050 2012-11-03 02:02 . 2001-11-15 22:14 295000 ----a-w- c:\windows\SysWow64\temp.04E 2012-11-03 02:02 . 2001-11-15 22:14 995383 ----a-w- c:\windows\SysWow64\temp.04F 2012-11-03 02:02 . 1998-06-17 17:52 401462 ----a-w- c:\windows\SysWow64\temp.04D 2012-10-26 07:07 . 2012-06-02 22:19 44056 ----a-w- c:\windows\system32\wups2.dll 2012-10-26 07:07 . 2012-06-02 22:19 2428952 ----a-w- c:\windows\system32\wuaueng.dll 2012-10-26 07:07 . 2012-06-02 22:19 57880 ----a-w- c:\windows\system32\wuauclt.exe 2012-10-26 07:07 . 2012-06-02 22:15 2622464 ----a-w- c:\windows\system32\wucltux.dll 2012-10-26 07:06 . 2012-06-02 22:19 38424 ----a-w- c:\windows\system32\wups.dll 2012-10-26 07:06 . 2012-06-02 22:19 701976 ----a-w- c:\windows\system32\wuapi.dll 2012-10-26 07:06 . 2012-06-02 22:15 99840 ----a-w- c:\windows\system32\wudriver.dll 2012-10-26 07:06 . 2012-06-02 20:19 186752 ----a-w- c:\windows\system32\wuwebv.dll 2012-10-26 07:06 . 2012-06-02 20:15 36864 ----a-w- c:\windows\system32\wuapp.exe 2012-10-11 08:02 . 2012-08-30 18:11 5505904 ----a-w- c:\windows\system32\ntoskrnl.exe 2012-10-11 08:02 . 2012-08-30 17:18 3958128 ----a-w- c:\windows\SysWow64\ntkrnlpa.exe 2012-10-11 08:02 . 2012-08-30 17:18 3902832 ----a-w- c:\windows\SysWow64\ntoskrnl.exe 2012-10-11 08:01 . 2012-08-24 18:05 220160 ----a-w- c:\windows\system32\wintrust.dll 2012-10-11 08:01 . 2012-08-24 17:10 172544 ----a-w- c:\windows\SysWow64\wintrust.dll 2012-10-11 08:01 . 2012-08-11 00:53 714752 ----a-w- c:\windows\system32\kerberos.dll 2012-10-11 08:01 . 2012-08-10 23:54 541184 ----a-w- c:\windows\SysWow64\kerberos.dll 2012-10-11 08:00 . 2012-06-02 05:25 182272 ----a-w- c:\windows\system32\cryptsvc.dll 2012-10-11 08:00 . 2012-06-02 05:25 1462784 ----a-w- c:\windows\system32\crypt32.dll 2012-10-11 08:00 . 2012-06-02 05:25 140288 ----a-w- c:\windows\system32\cryptnet.dll 2012-10-11 08:00 . 2012-06-02 04:45 139264 ----a-w- c:\windows\SysWow64\cryptsvc.dll 2012-10-11 08:00 . 2012-06-02 04:45 1157632 ----a-w- c:\windows\SysWow64\crypt32.dll 2012-10-11 08:00 . 2012-06-02 04:45 103936 ----a-w- c:\windows\SysWow64\cryptnet.dll . . . (((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2012-10-09 06:15 . 2012-08-29 14:17 696760 ----a-w- c:\windows\SysWow64\FlashPlayerApp.exe 2012-10-09 06:15 . 2012-02-29 16:29 73656 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl 2012-08-24 18:05 . 2012-09-23 08:00 1197568 ----a-w- c:\windows\system32\wininet.dll 2012-08-24 18:05 . 2012-09-23 08:00 134144 ----a-w- c:\windows\system32\url.dll 2012-08-24 18:05 . 2012-09-23 08:00 1501696 ----a-w- c:\windows\system32\urlmon.dll 2012-08-24 18:03 . 2012-09-23 08:00 1026560 ----a-w- c:\windows\system32\mstime.dll 2012-08-24 18:02 . 2012-09-23 08:00 97792 ----a-w- c:\windows\system32\mshtmled.dll 2012-08-24 18:02 . 2012-09-23 08:00 9375744 ----a-w- c:\windows\system32\mshtml.dll 2012-08-24 18:02 . 2012-09-23 08:00 736256 ----a-w- c:\windows\system32\msfeeds.dll 2012-08-24 18:02 . 2012-09-23 08:00 82944 ----a-w- c:\windows\system32\msfeedsbs.dll 2012-08-24 18:02 . 2012-09-23 08:00 57856 ----a-w- c:\windows\system32\licmgr10.dll 2012-08-24 18:02 . 2012-09-23 08:00 64512 ----a-w- c:\windows\system32\jsproxy.dll 2012-08-24 18:01 . 2012-09-23 08:00 247808 ----a-w- c:\windows\system32\ieui.dll 2012-08-24 18:01 . 2012-09-23 08:00 2458624 ----a-w- c:\windows\system32\iertutil.dll 2012-08-24 18:01 . 2012-09-23 08:00 256000 ----a-w- c:\windows\system32\iepeers.dll 2012-08-24 18:01 . 2012-09-23 08:00 12404736 ----a-w- c:\windows\system32\ieframe.dll 2012-08-24 18:01 . 2012-09-23 08:00 445952 ----a-w- c:\windows\system32\iedkcs32.dll 2012-08-24 17:59 . 2012-09-23 08:00 12288 ----a-w- c:\windows\system32\msfeedssync.exe 2012-08-24 17:10 . 2012-09-23 08:00 981504 ----a-w- c:\windows\SysWow64\wininet.dll 2012-08-24 17:08 . 2012-09-23 08:00 44544 ----a-w- c:\windows\SysWow64\licmgr10.dll 2012-08-24 16:45 . 2012-09-23 08:00 482816 ----a-w- c:\windows\system32\html.iec 2012-08-24 16:02 . 2012-09-23 08:00 1638912 ----a-w- c:\windows\system32\mshtml.tlb 2012-08-24 16:01 . 2012-09-23 08:00 386048 ----a-w- c:\windows\SysWow64\html.iec 2012-08-24 15:27 . 2012-09-23 08:00 1638912 ----a-w- c:\windows\SysWow64\mshtml.tlb . . ((((((((((((((((((((((((((((((((((((( Reg Loading Points )))))))))))))))))))))))))))))))))))))))))))))))))) . . *Note* empty entries & legit default entries are not shown REGEDIT4 . [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "RoboForm"="c:\program files (x86)\Siber Systems\AI RoboForm\RoboTaskBarIcon.exe" [2009-12-31 160592] . [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run] "GrooveMonitor"="c:\program files (x86)\Microsoft Office\Office12\GrooveMonitor.exe" [2008-10-25 31072] "SoundMAXPnP"="c:\program files (x86)\Analog Devices\Core\smax4pnp.exe" [2008-06-24 1310720] "Intuit SyncManager"="c:\program files (x86)\Common Files\Intuit\Sync\IntuitSyncManager.exe" [2011-09-30 2215768] "MSN Toolbar"="c:\program files (x86)\MSN Toolbar\Platform\4.0.0401.0\mswinext.exe" [2010-02-12 240992] "Microsoft Default Manager"="c:\program files (x86)\Microsoft\Search Enhancement Pack\Default Manager\DefMgr.exe" [2009-07-17 288080] "SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe" [2011-04-08 254696] "Adobe Reader Speed Launcher"="c:\program files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2012-01-04 37296] "Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2012-01-02 843712] . c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\ CS Connect Background Services.lnk - \\sbs2008\share1\WinCSI\Tools\ConnectBGDL.exe [2009-12-29 1943544] Intuit Data Protect.lnk - c:\program files (x86)\Common Files\Intuit\DataProtect\IntuitDataProtect.exe [2011-11-2 5927768] QuickBooks Update Agent.lnk - c:\program files (x86)\Common Files\Intuit\QuickBooks\QBUpdate\qbupdate.exe [2011-11-2 1175912] QuickBooks_Standard_21.lnk - c:\program files (x86)\Intuit\QuickBooks 2012\QBW32.EXE [2011-11-2 1178984] . [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system] "ConsentPromptBehaviorAdmin"= 5 (0x5) "ConsentPromptBehaviorUser"= 3 (0x3) "EnableUIADesktopToggle"= 0 (0x0) "EnableLinkedConnections"= 1 (0x1) "SoftwareSASGeneration"= 3 (0x3) . R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576] R4 QuickBooksDB19;QuickBooksDB19;c:\progra~2\Intuit\QUICKB~2\QBDBMgrN.exe [2009-10-01 131072] R4 QuickBooksDB20;QuickBooksDB20;c:\progra~2\Intuit\QUICKB~1\QBDBMgrN.exe [2009-08-18 678912] R4 QuickBooksDB21;QuickBooksDB21;c:\progra~2\Intuit\QUICKB~3\QBDBMgrN.exe [2010-04-28 679936] R4 QuickBooksDB22;QuickBooksDB22;c:\progra~2\Intuit\QUICKB~4\QBDBMgrN.exe [2011-11-02 679936] S2 CSAPrintService;Creative Solutions Accounting Print Service;c:\windows\csasvc.exe [2009-10-23 118784] S2 MBAMScheduler;MBAMScheduler;c:\program files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe [2012-09-30 399432] S2 MBAMService;MBAMService;c:\program files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [2012-09-30 676936] S2 QBVSS;QBIDPService;c:\program files (x86)\Common Files\Intuit\DataProtect\QBIDPService.exe [2011-11-02 1248256] S3 e1kexpress;Intel® PRO/1000 PCI Express Network Connection Driver K;c:\windows\system32\DRIVERS\e1k60x64.sys [2009-06-10 220672] S3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [2012-09-30 25928] . . --- Other Services/Drivers In Memory --- . *NewlyCreated* - 10304941 *NewlyCreated* - ASWMBR *Deregistered* - 10304941 *Deregistered* - aswMBR . Contents of the 'Scheduled Tasks' folder . 2012-11-09 c:\windows\Tasks\Adobe Flash Player Updater.job - c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-08-29 06:15] . . --------- X64 Entries ----------- . . [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "Windows Mobile Device Center"="c:\windows\WindowsMobile\wmdc.exe" [2007-05-31 660360] . ------- Supplementary Scan ------- . uLocal Page = c:\windows\system32\blank.htm uStart Page = hxxp://www.google.com/ mLocal Page = c:\windows\SysWOW64\blank.htm IE: Customize Menu - file://c:\program files (x86)\Siber Systems\AI RoboForm\RoboFormComCustomizeIEMenu.html IE: E&xport to Microsoft Excel - c:\progra~2\MICROS~1\Office12\EXCEL.EXE/3000 IE: Fill Forms - file://c:\program files (x86)\Siber Systems\AI RoboForm\RoboFormComFillForms.html IE: RoboForm Toolbar - file://c:\program files (x86)\Siber Systems\AI RoboForm\RoboFormComShowToolbar.html IE: Save Forms - file://c:\program files (x86)\Siber Systems\AI RoboForm\RoboFormComSavePass.html Trusted Zone: netteller.com\www2 TCP: DhcpNameServer = 10.0.10.11 204.130.255.3 64.122.32.71 Handler: intu-help-qb5 - {867FCB77-9823-4cd6-8210-D85F968D466F} - c:\program files (x86)\Intuit\QuickBooks 2012\HelpAsyncPluggableProtocol.dll . . --------------------- LOCKED REGISTRY KEYS --------------------- . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}] @Denied: (A 2) (Everyone) @="FlashBroker" "LocalizedString"="@c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_11_4_402_287_ActiveX.exe,-101" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation] "Enabled"=dword:00000001 . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32] @="c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_11_4_402_287_ActiveX.exe" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib] @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}] @Denied: (A 2) (Everyone) @="IFlashBroker5" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32] @="{00020424-0000-0000-C000-000000000046}" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib] @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}" "Version"="1.0" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}] @Denied: (A 2) (Everyone) @="FlashBroker" "LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_4_402_287_ActiveX.exe,-101" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation] "Enabled"=dword:00000001 . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32] @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_4_402_287_ActiveX.exe" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib] @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}] @Denied: (A 2) (Everyone) @="Shockwave Flash Object" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32] @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_4_402_287.ocx" "ThreadingModel"="Apartment" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus] @="0" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID] @="ShockwaveFlash.ShockwaveFlash.11" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32] @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_4_402_287.ocx, 1" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib] @="{D27CDB6B-AE6D-11cf-96B8-444553540000}" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version] @="1.0" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID] @="ShockwaveFlash.ShockwaveFlash" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}] @Denied: (A 2) (Everyone) @="Macromedia Flash Factory Object" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32] @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_4_402_287.ocx" "ThreadingModel"="Apartment" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID] @="FlashFactory.FlashFactory.1" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32] @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_4_402_287.ocx, 1" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib] @="{D27CDB6B-AE6D-11cf-96B8-444553540000}" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version] @="1.0" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID] @="FlashFactory.FlashFactory" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}] @Denied: (A 2) (Everyone) @="IFlashBroker5" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32] @="{00020424-0000-0000-C000-000000000046}" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib] @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}" "Version"="1.0" . [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Office\Common\Smart Tag\Actions\{B9A09F18-45AB-4F09-A117-A4ADDA8FA8C8}] @Denied: (A) (Everyone) "Solution"="{36eb6792-3a29-43b3-8cd0-f67d266fb426}" . [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Schema Library\ActionsPane] @Denied: (A) (Everyone) . [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Schema Library\ActionsPane\0] "Key"="ActionsPane" "Location"="c:\\Program Files (x86)\\Common Files\\Microsoft Shared\\VSTO\\8.0\\ActionsPane.xsd" . [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows CE Services] "SymbolicLinkValue"=hex(6):5c,00,72,00,65,00,67,00,69,00,73,00,74,00,72,00,79, 00,5c,00,4d,00,41,00,43,00,48,00,49,00,4e,00,45,00,5c,00,53,00,4f,00,46,00,\ . [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security] @Denied: (Full) (Everyone) . Completion time: 2012-11-08 22:45:04 ComboFix-quarantined-files.txt 2012-11-09 04:45 ComboFix2.txt 2012-11-09 03:45 . Pre-Run: 65,556,115,456 bytes free Post-Run: 65,621,671,936 bytes free .

22:04:24.0643 5116 TDSS rootkit removing tool 2.8.15.0 Oct 31 2012 21:47:35 22:04:24.0924 5116 ============================================================ 22:04:24.0924 5116 Current date / time: 2012/11/08 22:04:24.0924 22:04:24.0924 5116 SystemInfo: 22:04:24.0924 5116 22:04:24.0924 5116 OS Version: 6.1.7600 ServicePack: 0.0 22:04:24.0924 5116 Product type: Workstation 22:04:24.0924 5116 ComputerName: CONNIE01 22:04:24.0924 5116 UserName: Connie 22:04:24.0924 5116 Windows directory: C:\Windows 22:04:24.0924 5116 System windows directory: C:\Windows 22:04:24.0924 5116 Running under WOW64 22:04:24.0924 5116 Processor architecture: Intel x64 22:04:24.0924 5116 Number of processors: 4 22:04:24.0924 5116 Page size: 0x1000 22:04:24.0924 5116 Boot type: Normal boot 22:04:24.0924 5116 ============================================================ 22:04:25.0314 5116 Drive \Device\Harddisk0\DR0 - Size: 0x1DCF856000 (119.24 Gb), SectorSize: 0x200, Cylinders: 0x3CCE, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000040 22:04:25.0314 5116 ============================================================ 22:04:25.0314 5116 \Device\Harddisk0\DR0: 22:04:25.0314 5116 MBR partitions: 22:04:25.0314 5116 \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x800, BlocksNum 0x32000 22:04:25.0314 5116 \Device\Harddisk0\DR0\Partition2: MBR, Type 0x7, StartLBA 0x33000, BlocksNum 0xEE492B1 22:04:25.0314 5116 ============================================================ 22:04:25.0314 5116 C: <-> \Device\Harddisk0\DR0\Partition2 22:04:25.0314 5116 ============================================================ 22:04:25.0314 5116 Initialize success 22:04:25.0314 5116 ============================================================ 22:04:28.0050 3484 ============================================================ 22:04:28.0050 3484 Scan started 22:04:28.0050 3484 Mode: Manual; 22:04:28.0050 3484 ============================================================ 22:04:28.0268 3484 ================ Scan system memory ======================== 22:04:28.0268 3484 System memory - ok 22:04:28.0268 3484 ================ Scan services ============================= 22:04:28.0300 3484 [ 1B00662092F9F9568B995902F0CC40D5 ] 1394ohci C:\Windows\system32\DRIVERS\1394ohci.sys 22:04:28.0315 3484 1394ohci - ok 22:04:28.0315 3484 [ 6F11E88748CDEFD2F76AA215F97DDFE5 ] ACPI C:\Windows\system32\DRIVERS\ACPI.sys 22:04:28.0315 3484 ACPI - ok 22:04:28.0331 3484 [ 63B05A0420CE4BF0E4AF6DCC7CADA254 ] AcpiPmi C:\Windows\system32\DRIVERS\acpipmi.sys 22:04:28.0331 3484 AcpiPmi - ok 22:04:28.0331 3484 [ EBF4430CFBA92EDE9231DFB10B7C0F22 ] ADIHdAudAddService C:\Windows\system32\drivers\ADIHdAud.sys 22:04:28.0346 3484 ADIHdAudAddService - ok 22:04:28.0362 3484 [ 44C00A385CA9DBC1D5CF3781F8C26AEA ] AdobeFlashPlayerUpdateSvc C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe 22:04:28.0362 3484 AdobeFlashPlayerUpdateSvc - ok 22:04:28.0378 3484 [ 2F6B34B83843F0C5118B63AC634F5BF4 ] adp94xx C:\Windows\system32\DRIVERS\adp94xx.sys 22:04:28.0378 3484 adp94xx - ok 22:04:28.0393 3484 [ 597F78224EE9224EA1A13D6350CED962 ] adpahci C:\Windows\system32\DRIVERS\adpahci.sys 22:04:28.0393 3484 adpahci - ok 22:04:28.0393 3484 [ E109549C90F62FB570B9540C4B148E54 ] adpu320 C:\Windows\system32\DRIVERS\adpu320.sys 22:04:28.0409 3484 adpu320 - ok 22:04:28.0409 3484 [ 28C0B0A6CB61BDD1FEF877D4D0F69FBF ] AEADIFilters C:\Windows\system32\AEADISRV.EXE 22:04:28.0409 3484 AEADIFilters - ok 22:04:28.0424 3484 [ 4B78B431F225FD8624C5655CB1DE7B61 ] AeLookupSvc C:\Windows\System32\aelupsvc.dll 22:04:28.0424 3484 AeLookupSvc - ok 22:04:28.0424 3484 [ DB9D6C6B2CD95A9CA414D045B627422E ] AFD C:\Windows\system32\drivers\afd.sys 22:04:28.0440 3484 AFD - ok 22:04:28.0440 3484 [ 608C14DBA7299D8CB6ED035A68A15799 ] agp440 C:\Windows\system32\DRIVERS\agp440.sys 22:04:28.0440 3484 agp440 - ok 22:04:28.0440 3484 [ 3290D6946B5E30E70414990574883DDB ] ALG C:\Windows\System32\alg.exe 22:04:28.0440 3484 ALG - ok 22:04:28.0456 3484 [ 5812713A477A3AD7363C7438CA2EE038 ] aliide C:\Windows\system32\DRIVERS\aliide.sys 22:04:28.0456 3484 aliide - ok 22:04:28.0456 3484 [ 1FF8B4431C353CE385C875F194924C0C ] amdide C:\Windows\system32\DRIVERS\amdide.sys 22:04:28.0456 3484 amdide - ok 22:04:28.0456 3484 [ 7024F087CFF1833A806193EF9D22CDA9 ] AmdK8 C:\Windows\system32\DRIVERS\amdk8.sys 22:04:28.0456 3484 AmdK8 - ok 22:04:28.0471 3484 [ 1E56388B3FE0D031C44144EB8C4D6217 ] AmdPPM C:\Windows\system32\DRIVERS\amdppm.sys 22:04:28.0471 3484 AmdPPM - ok 22:04:28.0471 3484 [ 7A4B413614C055935567CF88A9734D38 ] amdsata C:\Windows\system32\DRIVERS\amdsata.sys 22:04:28.0471 3484 amdsata - ok 22:04:28.0487 3484 [ F67F933E79241ED32FF46A4F29B5120B ] amdsbs C:\Windows\system32\DRIVERS\amdsbs.sys 22:04:28.0487 3484 amdsbs - ok 22:04:28.0487 3484 [ B4AD0CACBAB298671DD6F6EF7E20679D ] amdxata C:\Windows\system32\DRIVERS\amdxata.sys 22:04:28.0487 3484 amdxata - ok 22:04:28.0487 3484 [ 42FD751B27FA0E9C69BB39F39E409594 ] AppID C:\Windows\system32\drivers\appid.sys 22:04:28.0487 3484 AppID - ok 22:04:28.0502 3484 [ 0BC381A15355A3982216F7172F545DE1 ] AppIDSvc C:\Windows\System32\appidsvc.dll 22:04:28.0502 3484 AppIDSvc - ok 22:04:28.0502 3484 [ D065BE66822847B7F127D1F90158376E ] Appinfo C:\Windows\System32\appinfo.dll 22:04:28.0502 3484 Appinfo - ok 22:04:28.0518 3484 [ 4ABA3E75A76195A3E38ED2766C962899 ] AppMgmt C:\Windows\System32\appmgmts.dll 22:04:28.0518 3484 AppMgmt - ok 22:04:28.0518 3484 [ C484F8CEB1717C540242531DB7845C4E ] arc C:\Windows\system32\DRIVERS\arc.sys 22:04:28.0518 3484 arc - ok 22:04:28.0518 3484 [ 019AF6924AEFE7839F61C830227FE79C ] arcsas C:\Windows\system32\DRIVERS\arcsas.sys 22:04:28.0518 3484 arcsas - ok 22:04:28.0534 3484 [ 9217D874131AE6FF8F642F124F00A555 ] aspnet_state C:\Windows\Microsoft.NET\Framework64\v4.0.30319\aspnet_state.exe 22:04:28.0534 3484 aspnet_state - ok 22:04:28.0534 3484 [ 769765CE2CC62867468CEA93969B2242 ] AsyncMac C:\Windows\system32\DRIVERS\asyncmac.sys 22:04:28.0549 3484 AsyncMac - ok 22:04:28.0549 3484 [ 02062C0B390B7729EDC9E69C680A6F3C ] atapi C:\Windows\system32\DRIVERS\atapi.sys 22:04:28.0549 3484 atapi - ok 22:04:28.0565 3484 [ 07721A77180EDD4D39CCB865BF63C7FD ] AudioEndpointBuilder C:\Windows\System32\Audiosrv.dll 22:04:28.0565 3484 AudioEndpointBuilder - ok 22:04:28.0580 3484 [ 07721A77180EDD4D39CCB865BF63C7FD ] AudioSrv C:\Windows\System32\Audiosrv.dll 22:04:28.0580 3484 AudioSrv - ok 22:04:28.0580 3484 [ B20B5FA5CA050E9926E4D1DB81501B32 ] AxInstSV C:\Windows\System32\AxInstSV.dll 22:04:28.0580 3484 AxInstSV - ok 22:04:28.0596 3484 [ 3E5B191307609F7514148C6832BB0842 ] b06bdrv C:\Windows\system32\DRIVERS\bxvbda.sys 22:04:28.0596 3484 b06bdrv - ok 22:04:28.0596 3484 [ B5ACE6968304A3900EEB1EBFD9622DF2 ] b57nd60a C:\Windows\system32\DRIVERS\b57nd60a.sys 22:04:28.0612 3484 b57nd60a - ok 22:04:28.0612 3484 [ FDE360167101B4E45A96F939F388AEB0 ] BDESVC C:\Windows\System32\bdesvc.dll 22:04:28.0612 3484 BDESVC - ok 22:04:28.0612 3484 [ 16A47CE2DECC9B099349A5F840654746 ] Beep C:\Windows\system32\drivers\Beep.sys 22:04:28.0612 3484 Beep - ok 22:04:28.0627 3484 [ 4992C609A6315671463E30F6512BC022 ] BFE C:\Windows\System32\bfe.dll 22:04:28.0627 3484 BFE - ok 22:04:28.0643 3484 [ 7F0C323FE3DA28AA4AA1BDA3F575707F ] BITS C:\Windows\system32\qmgr.dll 22:04:28.0658 3484 BITS - ok 22:04:28.0658 3484 [ 61583EE3C3A17003C4ACD0475646B4D3 ] blbdrive C:\Windows\system32\DRIVERS\blbdrive.sys 22:04:28.0658 3484 blbdrive - ok 22:04:28.0658 3484 [ 19D20159708E152267E53B66677A4995 ] bowser C:\Windows\system32\DRIVERS\bowser.sys 22:04:28.0658 3484 bowser - ok 22:04:28.0674 3484 [ F09EEE9EDC320B5E1501F749FDE686C8 ] BrFiltLo C:\Windows\system32\DRIVERS\BrFiltLo.sys 22:04:28.0674 3484 BrFiltLo - ok 22:04:28.0674 3484 [ B114D3098E9BDB8BEA8B053685831BE6 ] BrFiltUp C:\Windows\system32\DRIVERS\BrFiltUp.sys 22:04:28.0674 3484 BrFiltUp - ok 22:04:28.0674 3484 [ 5C2F352A4E961D72518261257AAE204B ] BridgeMP C:\Windows\system32\DRIVERS\bridge.sys 22:04:28.0674 3484 BridgeMP - ok 22:04:28.0690 3484 [ 6B054C67AAA87843504E8E3C09102009 ] Browser C:\Windows\System32\browser.dll 22:04:28.0690 3484 Browser - ok 22:04:28.0690 3484 [ 43BEA8D483BF1870F018E2D02E06A5BD ] Brserid C:\Windows\System32\Drivers\Brserid.sys 22:04:28.0690 3484 Brserid - ok 22:04:28.0705 3484 [ A6ECA2151B08A09CACECA35C07F05B42 ] BrSerWdm C:\Windows\System32\Drivers\BrSerWdm.sys 22:04:28.0705 3484 BrSerWdm - ok 22:04:28.0705 3484 [ B79968002C277E869CF38BD22CD61524 ] BrUsbMdm C:\Windows\System32\Drivers\BrUsbMdm.sys 22:04:28.0705 3484 BrUsbMdm - ok 22:04:28.0705 3484 [ A87528880231C54E75EA7A44943B38BF ] BrUsbSer C:\Windows\System32\Drivers\BrUsbSer.sys 22:04:28.0705 3484 BrUsbSer - ok 22:04:28.0721 3484 [ 9DA669F11D1F894AB4EB69BF546A42E8 ] BTHMODEM C:\Windows\system32\DRIVERS\bthmodem.sys 22:04:28.0721 3484 BTHMODEM - ok 22:04:28.0721 3484 [ 95F9C2976059462CBBF227F7AAB10DE9 ] bthserv C:\Windows\system32\bthserv.dll 22:04:28.0721 3484 bthserv - ok 22:04:28.0721 3484 catchme - ok 22:04:28.0736 3484 [ B8BD2BB284668C84865658C77574381A ] cdfs C:\Windows\system32\DRIVERS\cdfs.sys 22:04:28.0736 3484 cdfs - ok 22:04:28.0736 3484 [ 83D2D75E1EFB81B3450C18131443F7DB ] cdrom C:\Windows\system32\DRIVERS\cdrom.sys 22:04:28.0736 3484 cdrom - ok 22:04:28.0736 3484 [ 312E2F82AF11E79906898AC3E3D58A1F ] CertPropSvc C:\Windows\System32\certprop.dll 22:04:28.0752 3484 CertPropSvc - ok 22:04:28.0752 3484 [ D7CD5C4E1B71FA62050515314CFB52CF ] circlass C:\Windows\system32\DRIVERS\circlass.sys 22:04:28.0752 3484 circlass - ok 22:04:28.0752 3484 [ FE1EC06F2253F691FE36217C592A0206 ] CLFS C:\Windows\system32\CLFS.sys 22:04:28.0752 3484 CLFS - ok 22:04:28.0768 3484 [ D88040F816FDA31C3B466F0FA0918F29 ] clr_optimization_v2.0.50727_32 C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe 22:04:28.0768 3484 clr_optimization_v2.0.50727_32 - ok 22:04:28.0768 3484 [ D1CEEA2B47CB998321C579651CE3E4F8 ] clr_optimization_v2.0.50727_64 C:\Windows\Microsoft.NET\Framework64\v2.0.50727\mscorsvw.exe 22:04:28.0783 3484 clr_optimization_v2.0.50727_64 - ok 22:04:28.0783 3484 [ C5A75EB48E2344ABDC162BDA79E16841 ] clr_optimization_v4.0.30319_32 C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe 22:04:28.0799 3484 clr_optimization_v4.0.30319_32 - ok 22:04:28.0799 3484 [ C6F9AF94DCD58122A4D7E89DB6BED29D ] clr_optimization_v4.0.30319_64 C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe 22:04:28.0799 3484 clr_optimization_v4.0.30319_64 - ok 22:04:28.0799 3484 [ 0840155D0BDDF1190F84A663C284BD33 ] CmBatt C:\Windows\system32\DRIVERS\CmBatt.sys 22:04:28.0799 3484 CmBatt - ok 22:04:28.0814 3484 [ E19D3F095812725D88F9001985B94EDD ] cmdide C:\Windows\system32\DRIVERS\cmdide.sys 22:04:28.0814 3484 cmdide - ok 22:04:28.0814 3484 [ CA7720B73446FDDEC5C69519C1174C98 ] CNG C:\Windows\system32\Drivers\cng.sys 22:04:28.0830 3484 CNG - ok 22:04:28.0830 3484 [ 102DE219C3F61415F964C88E9085AD14 ] Compbatt C:\Windows\system32\DRIVERS\compbatt.sys 22:04:28.0830 3484 Compbatt - ok 22:04:28.0830 3484 [ F26B3A86F6FA87CA360B879581AB4123 ] CompositeBus C:\Windows\system32\DRIVERS\CompositeBus.sys 22:04:28.0830 3484 CompositeBus - ok 22:04:28.0830 3484 COMSysApp - ok 22:04:28.0845 3484 [ 1C827878A998C18847245FE1F34EE597 ] crcdisk C:\Windows\system32\DRIVERS\crcdisk.sys 22:04:28.0845 3484 crcdisk - ok 22:04:28.0845 3484 [ BAF19B633933A9FB4883D27D66C39E9A ] CryptSvc C:\Windows\system32\cryptsvc.dll 22:04:28.0845 3484 CryptSvc - ok 22:04:28.0861 3484 [ 80B68FDB3D208FB502A9E6AC7D684647 ] CSAPrintService C:\Windows\csasvc.exe 22:04:28.0861 3484 CSAPrintService - ok 22:04:28.0861 3484 [ 4A6173C2279B498CD8F57CAE504564CB ] CSC C:\Windows\system32\drivers\csc.sys 22:04:28.0877 3484 CSC - ok 22:04:28.0877 3484 [ 873FBF927C06E5CEE04DEC617502F8FD ] CscService C:\Windows\System32\cscsvc.dll 22:04:28.0892 3484 CscService - ok 22:04:28.0892 3484 [ 7266972E86890E2B30C0C322E906B027 ] DcomLaunch C:\Windows\system32\rpcss.dll 22:04:28.0908 3484 DcomLaunch - ok 22:04:28.0908 3484 [ 3CEC7631A84943677AA8FA8EE5B6B43D ] defragsvc C:\Windows\System32\defragsvc.dll 22:04:28.0908 3484 defragsvc - ok 22:04:28.0923 3484 [ 9C253CE7311CA60FC11C774692A13208 ] DfsC C:\Windows\system32\Drivers\dfsc.sys 22:04:28.0923 3484 DfsC - ok 22:04:28.0923 3484 [ CE3B9562D997F69B330D181A8875960F ] Dhcp C:\Windows\system32\dhcpcore.dll 22:04:28.0923 3484 Dhcp - ok 22:04:28.0939 3484 [ 13096B05847EC78F0977F2C0F79E9AB3 ] discache C:\Windows\system32\drivers\discache.sys 22:04:28.0939 3484 discache - ok 22:04:28.0939 3484 [ 9819EEE8B5EA3784EC4AF3B137A5244C ] Disk C:\Windows\system32\DRIVERS\disk.sys 22:04:28.0939 3484 Disk - ok 22:04:28.0955 3484 [ 85CF424C74A1D5EC33533E1DBFF9920A ] Dnscache C:\Windows\System32\dnsrslvr.dll 22:04:28.0955 3484 Dnscache - ok 22:04:28.0955 3484 [ 14452ACDB09B70964C8C21BF80A13ACB ] dot3svc C:\Windows\System32\dot3svc.dll 22:04:28.0955 3484 dot3svc - ok 22:04:28.0970 3484 [ 8C2BA6BEA949EE6E68385F5692BAFB94 ] DPS C:\Windows\system32\dps.dll 22:04:28.0970 3484 DPS - ok 22:04:28.0970 3484 [ 9B19F34400D24DF84C858A421C205754 ] drmkaud C:\Windows\system32\drivers\drmkaud.sys 22:04:28.0970 3484 drmkaud - ok 22:04:28.0986 3484 [ EBCE0B0924835F635F620D19F0529DCE ] DXGKrnl C:\Windows\System32\drivers\dxgkrnl.sys 22:04:28.0986 3484 DXGKrnl - ok 22:04:29.0001 3484 [ 955F6564F448119C12AB3C048CCF8946 ] e1kexpress C:\Windows\system32\DRIVERS\e1k60x64.sys 22:04:29.0001 3484 e1kexpress - ok 22:04:29.0001 3484 [ E2DDA8726DA9CB5B2C4000C9018A9633 ] EapHost C:\Windows\System32\eapsvc.dll 22:04:29.0017 3484 EapHost - ok 22:04:29.0048 3484 [ DC5D737F51BE844D8C82C695EB17372F ] ebdrv C:\Windows\system32\DRIVERS\evbda.sys 22:04:29.0079 3484 ebdrv - ok 22:04:29.0079 3484 [ 156F6159457D0AA7E59B62681B56EB90 ] EFS C:\Windows\System32\lsass.exe 22:04:29.0079 3484 EFS - ok 22:04:29.0095 3484 [ B91D81B3B54A54CCAFC03733DBC2E29E ] ehRecvr C:\Windows\ehome\ehRecvr.exe 22:04:29.0095 3484 ehRecvr - ok 22:04:29.0095 3484 [ 4705E8EF9934482C5BB488CE28AFC681 ] ehSched C:\Windows\ehome\ehsched.exe 22:04:29.0111 3484 ehSched - ok 22:04:29.0111 3484 [ 0E5DA5369A0FCAEA12456DD852545184 ] elxstor C:\Windows\system32\DRIVERS\elxstor.sys 22:04:29.0126 3484 elxstor - ok 22:04:29.0126 3484 [ 34A3C54752046E79A126E15C51DB409B ] ErrDev C:\Windows\system32\DRIVERS\errdev.sys 22:04:29.0126 3484 ErrDev - ok 22:04:29.0126 3484 [ 4166F82BE4D24938977DD1746BE9B8A0 ] EventSystem C:\Windows\system32\es.dll 22:04:29.0142 3484 EventSystem - ok 22:04:29.0142 3484 [ A510C654EC00C1E9BDD91EEB3A59823B ] exfat C:\Windows\system32\drivers\exfat.sys 22:04:29.0142 3484 exfat - ok 22:04:29.0157 3484 [ 0ADC83218B66A6DB380C330836F3E36D ] fastfat C:\Windows\system32\drivers\fastfat.sys 22:04:29.0157 3484 fastfat - ok 22:04:29.0157 3484 [ D607B2F1BEE3992AA6C2C92C0A2F0855 ] Fax C:\Windows\system32\fxssvc.exe 22:04:29.0173 3484 Fax - ok 22:04:29.0173 3484 [ 63DD6F772F539AEBCA5DDE819812A462 ] FCPrintService C:\Windows\csifcsvc.exe 22:04:29.0173 3484 FCPrintService - ok 22:04:29.0173 3484 [ D765D19CD8EF61F650C384F62FAC00AB ] fdc C:\Windows\system32\DRIVERS\fdc.sys 22:04:29.0173 3484 fdc - ok 22:04:29.0189 3484 [ 0438CAB2E03F4FB61455A7956026FE86 ] fdPHost C:\Windows\system32\fdPHost.dll 22:04:29.0189 3484 fdPHost - ok 22:04:29.0189 3484 [ 802496CB59A30349F9A6DD22D6947644 ] FDResPub C:\Windows\system32\fdrespub.dll 22:04:29.0204 3484 FDResPub - ok 22:04:29.0204 3484 [ 655661BE46B5F5F3FD454E2C3095B930 ] FileInfo C:\Windows\system32\drivers\fileinfo.sys 22:04:29.0204 3484 FileInfo - ok 22:04:29.0204 3484 [ 5F671AB5BC87EEA04EC38A6CD5962A47 ] Filetrace C:\Windows\system32\drivers\filetrace.sys 22:04:29.0204 3484 Filetrace - ok 22:04:29.0220 3484 [ C172A0F53008EAEB8EA33FE10E177AF5 ] flpydisk C:\Windows\system32\DRIVERS\flpydisk.sys 22:04:29.0220 3484 flpydisk - ok 22:04:29.0220 3484 [ F7866AF72ABBAF84B1FA5AA195378C59 ] FltMgr C:\Windows\system32\drivers\fltmgr.sys 22:04:29.0220 3484 FltMgr - ok 22:04:29.0235 3484 [ 8AC4CB4EA61E41009FAE9AE7B2B5DA3A ] FontCache C:\Windows\system32\FntCache.dll 22:04:29.0251 3484 FontCache - ok 22:04:29.0251 3484 [ 8D89E3131C27FDD6932189CB785E1B7A ] FontCache3.0.0.0 C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe 22:04:29.0251 3484 FontCache3.0.0.0 - ok 22:04:29.0251 3484 [ D43703496149971890703B4B1B723EAC ] FsDepends C:\Windows\system32\drivers\FsDepends.sys 22:04:29.0267 3484 FsDepends - ok 22:04:29.0267 3484 [ D3E3F93D67821A2DB2B3D9FAC2DC2064 ] Fs_Rec C:\Windows\system32\drivers\Fs_Rec.sys 22:04:29.0267 3484 Fs_Rec - ok 22:04:29.0267 3484 [ B8B2A6E1558F8F5DE5CE431C5B2C7B09 ] fvevol C:\Windows\system32\DRIVERS\fvevol.sys 22:04:29.0267 3484 fvevol - ok 22:04:29.0282 3484 [ 8C778D335C9D272CFD3298AB02ABE3B6 ] gagp30kx C:\Windows\system32\DRIVERS\gagp30kx.sys 22:04:29.0282 3484 gagp30kx - ok 22:04:29.0298 3484 [ FCEC59F16559BB038FFA87C2D86A8A8F ] GoToMyPC C:\Program Files (x86)\Citrix\GoToMyPC\g2svc.exe 22:04:29.0298 3484 GoToMyPC - ok 22:04:29.0313 3484 [ FE5AB4525BC2EC68B9119A6E5D40128B ] gpsvc C:\Windows\System32\gpsvc.dll 22:04:29.0313 3484 gpsvc - ok 22:04:29.0329 3484 [ F2523EF6460FC42405B12248338AB2F0 ] hcw85cir C:\Windows\system32\drivers\hcw85cir.sys 22:04:29.0329 3484 hcw85cir - ok 22:04:29.0329 3484 [ 6410F6F415B2A5A9037224C41DA8BF12 ] HdAudAddService C:\Windows\system32\drivers\HdAudio.sys 22:04:29.0345 3484 HdAudAddService - ok 22:04:29.0345 3484 [ 0A49913402747A0B67DE940FB42CBDBB ] HDAudBus C:\Windows\system32\DRIVERS\HDAudBus.sys 22:04:29.0345 3484 HDAudBus - ok 22:04:29.0345 3484 [ 78E86380454A7B10A5EB255DC44A355F ] HidBatt C:\Windows\system32\DRIVERS\HidBatt.sys 22:04:29.0345 3484 HidBatt - ok 22:04:29.0360 3484 [ 7FD2A313F7AFE5C4DAB14798C48DD104 ] HidBth C:\Windows\system32\DRIVERS\hidbth.sys 22:04:29.0360 3484 HidBth - ok 22:04:29.0360 3484 [ 0A77D29F311B88CFAE3B13F9C1A73825 ] HidIr C:\Windows\system32\DRIVERS\hidir.sys 22:04:29.0360 3484 HidIr - ok 22:04:29.0360 3484 [ BD9EB3958F213F96B97B1D897DEE006D ] hidserv C:\Windows\System32\hidserv.dll 22:04:29.0360 3484 hidserv - ok 22:04:29.0376 3484 [ B3BF6B5B50006DEF50B66306D99FCF6F ] HidUsb C:\Windows\system32\DRIVERS\hidusb.sys 22:04:29.0376 3484 HidUsb - ok 22:04:29.0376 3484 [ EFA58EDE58DD74388FFD04CB32681518 ] hkmsvc C:\Windows\system32\kmsvc.dll 22:04:29.0376 3484 hkmsvc - ok 22:04:29.0391 3484 [ 046B2673767CA626E2CFB7FDF735E9E8 ] HomeGroupListener C:\Windows\system32\ListSvc.dll 22:04:29.0391 3484 HomeGroupListener - ok 22:04:29.0391 3484 [ 06A7422224D9865A5613710A089987DF ] HomeGroupProvider C:\Windows\system32\provsvc.dll 22:04:29.0407 3484 HomeGroupProvider - ok 22:04:29.0407 3484 [ 0886D440058F203EBA0E1825E4355914 ] HpSAMD C:\Windows\system32\DRIVERS\HpSAMD.sys 22:04:29.0407 3484 HpSAMD - ok 22:04:29.0423 3484 [ CEE049CAC4EFA7F4E1E4AD014414A5D4 ] HTTP C:\Windows\system32\drivers\HTTP.sys 22:04:29.0423 3484 HTTP - ok 22:04:29.0423 3484 [ F17766A19145F111856378DF337A5D79 ] hwpolicy C:\Windows\system32\drivers\hwpolicy.sys 22:04:29.0423 3484 hwpolicy - ok 22:04:29.0438 3484 [ FA55C73D4AFFA7EE23AC4BE53B4592D3 ] i8042prt C:\Windows\system32\DRIVERS\i8042prt.sys 22:04:29.0438 3484 i8042prt - ok 22:04:29.0438 3484 [ D83EFB6FD45DF9D55E9A1AFC63640D50 ] iaStorV C:\Windows\system32\DRIVERS\iaStorV.sys 22:04:29.0454 3484 iaStorV - ok 22:04:29.0454 3484 [ 6F95324909B502E2651442C1548AB12F ] IDriverT C:\Program Files (x86)\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe 22:04:29.0454 3484 IDriverT - ok 22:04:29.0469 3484 [ 2F2BE70D3E02B6FA877921AB9516D43C ] idsvc C:\Windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\infocard.exe 22:04:29.0469 3484 idsvc - ok 22:04:29.0532 3484 [ A87261EF1546325B559374F5689CF5BC ] igfx C:\Windows\system32\DRIVERS\igdkmd64.sys 22:04:29.0594 3484 igfx - ok 22:04:29.0594 3484 [ 5C18831C61933628F5BB0EA2675B9D21 ] iirsp C:\Windows\system32\DRIVERS\iirsp.sys 22:04:29.0594 3484 iirsp - ok 22:04:29.0610 3484 [ C5B4683680DF085B57BC53E5EF34861F ] IKEEXT C:\Windows\System32\ikeext.dll 22:04:29.0625 3484 IKEEXT - ok 22:04:29.0625 3484 [ F00F20E70C6EC3AA366910083A0518AA ] intelide C:\Windows\system32\DRIVERS\intelide.sys 22:04:29.0625 3484 intelide - ok 22:04:29.0625 3484 [ ADA036632C664CAA754079041CF1F8C1 ] intelppm C:\Windows\system32\DRIVERS\intelppm.sys 22:04:29.0625 3484 intelppm - ok 22:04:29.0641 3484 [ 098A91C54546A3B878DAD6A7E90A455B ] IPBusEnum C:\Windows\system32\ipbusenum.dll 22:04:29.0641 3484 IPBusEnum - ok 22:04:29.0641 3484 [ 722DD294DF62483CECAAE6E094B4D695 ] IpFilterDriver C:\Windows\system32\DRIVERS\ipfltdrv.sys 22:04:29.0641 3484 IpFilterDriver - ok 22:04:29.0656 3484 [ F8E058D17363EC580E4B7232778B6CB5 ] iphlpsvc C:\Windows\System32\iphlpsvc.dll 22:04:29.0656 3484 iphlpsvc - ok 22:04:29.0656 3484 [ E2B4A4494DB7CB9B89B55CA268C337C5 ] IPMIDRV C:\Windows\system32\DRIVERS\IPMIDrv.sys 22:04:29.0656 3484 IPMIDRV - ok 22:04:29.0672 3484 [ AF9B39A7E7B6CAA203B3862582E9F2D0 ] IPNAT C:\Windows\system32\drivers\ipnat.sys 22:04:29.0672 3484 IPNAT - ok 22:04:29.0672 3484 [ 3ABF5E7213EB28966D55D58B515D5CE9 ] IRENUM C:\Windows\system32\drivers\irenum.sys 22:04:29.0672 3484 IRENUM - ok 22:04:29.0688 3484 [ 2F7B28DC3E1183E5EB418DF55C204F38 ] isapnp C:\Windows\system32\DRIVERS\isapnp.sys 22:04:29.0688 3484 isapnp - ok 22:04:29.0688 3484 [ FA4D2557DE56D45B0A346F93564BE6E1 ] iScsiPrt C:\Windows\system32\DRIVERS\msiscsi.sys 22:04:29.0688 3484 iScsiPrt - ok 22:04:29.0688 3484 [ BC02336F1CBA7DCC7D1213BB588A68A5 ] kbdclass C:\Windows\system32\DRIVERS\kbdclass.sys 22:04:29.0688 3484 kbdclass - ok 22:04:29.0703 3484 [ 6DEF98F8541E1B5DCEB2C822A11F7323 ] kbdhid C:\Windows\system32\DRIVERS\kbdhid.sys 22:04:29.0703 3484 kbdhid - ok 22:04:29.0703 3484 [ 156F6159457D0AA7E59B62681B56EB90 ] KeyIso C:\Windows\system32\lsass.exe 22:04:29.0703 3484 KeyIso - ok 22:04:29.0703 3484 [ 4F4B5FDE429416877DE7143044582EB5 ] KSecDD C:\Windows\system32\Drivers\ksecdd.sys 22:04:29.0703 3484 KSecDD - ok 22:04:29.0719 3484 [ 6F40465A44ECDC1731BEFAFEC5BDD03C ] KSecPkg C:\Windows\system32\Drivers\ksecpkg.sys 22:04:29.0719 3484 KSecPkg - ok 22:04:29.0719 3484 [ 6869281E78CB31A43E969F06B57347C4 ] ksthunk C:\Windows\system32\drivers\ksthunk.sys 22:04:29.0719 3484 ksthunk - ok 22:04:29.0734 3484 [ 6AB66E16AA859232F64DEB66887A8C9C ] KtmRm C:\Windows\system32\msdtckrm.dll 22:04:29.0734 3484 KtmRm - ok 22:04:29.0734 3484 [ 81F1D04D4D0E433099365127375FD501 ] LanmanServer C:\Windows\System32\srvsvc.dll 22:04:29.0734 3484 LanmanServer - ok 22:04:29.0750 3484 [ 27026EAC8818E8A6C00A1CAD2F11D29A ] LanmanWorkstation C:\Windows\System32\wkssvc.dll 22:04:29.0750 3484 LanmanWorkstation - ok 22:04:29.0750 3484 [ 1538831CF8AD2979A04C423779465827 ] lltdio C:\Windows\system32\DRIVERS\lltdio.sys 22:04:29.0750 3484 lltdio - ok 22:04:29.0766 3484 [ C1185803384AB3FEED115F79F109427F ] lltdsvc C:\Windows\System32\lltdsvc.dll 22:04:29.0766 3484 lltdsvc - ok 22:04:29.0766 3484 [ F993A32249B66C9D622EA5592A8B76B8 ] lmhosts C:\Windows\System32\lmhsvc.dll 22:04:29.0766 3484 lmhosts - ok 22:04:29.0781 3484 [ 1A93E54EB0ECE102495A51266DCDB6A6 ] LSI_FC C:\Windows\system32\DRIVERS\lsi_fc.sys 22:04:29.0781 3484 LSI_FC - ok 22:04:29.0781 3484 [ 1047184A9FDC8BDBFF857175875EE810 ] LSI_SAS C:\Windows\system32\DRIVERS\lsi_sas.sys 22:04:29.0781 3484 LSI_SAS - ok 22:04:29.0797 3484 [ 30F5C0DE1EE8B5BC9306C1F0E4A75F93 ] LSI_SAS2 C:\Windows\system32\DRIVERS\lsi_sas2.sys 22:04:29.0797 3484 LSI_SAS2 - ok 22:04:29.0797 3484 [ 0504EACAFF0D3C8AED161C4B0D369D4A ] LSI_SCSI C:\Windows\system32\DRIVERS\lsi_scsi.sys 22:04:29.0797 3484 LSI_SCSI - ok 22:04:29.0797 3484 [ 43D0F98E1D56CCDDB0D5254CFF7B356E ] luafv C:\Windows\system32\drivers\luafv.sys 22:04:29.0812 3484 luafv - ok 22:04:29.0812 3484 [ A8FE8F2783B2929B56F5370A89356CE9 ] MBAMProtector C:\Windows\system32\drivers\mbam.sys 22:04:29.0812 3484 MBAMProtector - ok 22:04:29.0812 3484 [ 85B16A92B117A5A800032ECD904B86DB ] MBAMScheduler C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe 22:04:29.0828 3484 MBAMScheduler - ok 22:04:29.0828 3484 [ 20E2469DB709FC675E655CEAA11BE312 ] MBAMService C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe 22:04:29.0844 3484 MBAMService - ok 22:04:29.0844 3484 [ F84C8F1000BC11E3B7B23CBD3BAFF111 ] Mcx2Svc C:\Windows\system32\Mcx2Svc.dll 22:04:29.0844 3484 Mcx2Svc - ok 22:04:29.0844 3484 [ 7CF1B716372B89568AE4C0FE769F5869 ] MDM C:\Program Files (x86)\Common Files\Microsoft Shared\VS7DEBUG\mdm.exe 22:04:29.0859 3484 MDM - ok 22:04:29.0859 3484 [ A55805F747C6EDB6A9080D7C633BD0F4 ] megasas C:\Windows\system32\DRIVERS\megasas.sys 22:04:29.0859 3484 megasas - ok 22:04:29.0859 3484 [ BAF74CE0072480C3B6B7C13B2A94D6B3 ] MegaSR C:\Windows\system32\DRIVERS\MegaSR.sys 22:04:29.0859 3484 MegaSR - ok 22:04:29.0875 3484 [ 7C4C76B39D5525C4A465E0BE32528E19 ] Microsoft Office Groove Audit Service C:\Program Files (x86)\Microsoft Office\Office12\GrooveAuditService.exe 22:04:29.0875 3484 Microsoft Office Groove Audit Service - ok 22:04:29.0875 3484 [ E40E80D0304A73E8D269F7141D77250B ] MMCSS C:\Windows\system32\mmcss.dll 22:04:29.0875 3484 MMCSS - ok 22:04:29.0875 3484 [ 800BA92F7010378B09F9ED9270F07137 ] Modem C:\Windows\system32\drivers\modem.sys 22:04:29.0890 3484 Modem - ok 22:04:29.0890 3484 [ B03D591DC7DA45ECE20B3B467E6AADAA ] monitor C:\Windows\system32\DRIVERS\monitor.sys 22:04:29.0890 3484 monitor - ok 22:04:29.0890 3484 [ 7D27EA49F3C1F687D357E77A470AEA99 ] mouclass C:\Windows\system32\DRIVERS\mouclass.sys 22:04:29.0890 3484 mouclass - ok 22:04:29.0890 3484 [ D3BF052C40B0C4166D9FD86A4288C1E6 ] mouhid C:\Windows\system32\DRIVERS\mouhid.sys 22:04:29.0890 3484 mouhid - ok 22:04:29.0906 3484 [ 791AF66C4D0E7C90A3646066386FB571 ] mountmgr C:\Windows\system32\drivers\mountmgr.sys 22:04:29.0906 3484 mountmgr - ok 22:04:29.0906 3484 [ 609D1D87649ECC19796F4D76D4C15CEA ] mpio C:\Windows\system32\DRIVERS\mpio.sys 22:04:29.0906 3484 mpio - ok 22:04:29.0906 3484 [ 6C38C9E45AE0EA2FA5E551F2ED5E978F ] mpsdrv C:\Windows\system32\drivers\mpsdrv.sys 22:04:29.0906 3484 mpsdrv - ok 22:04:29.0922 3484 [ AECAB449567D1846DAD63ECE49E893E3 ] MpsSvc C:\Windows\system32\mpssvc.dll 22:04:29.0937 3484 MpsSvc - ok 22:04:29.0937 3484 [ 30524261BB51D96D6FCBAC20C810183C ] MRxDAV C:\Windows\system32\drivers\mrxdav.sys 22:04:29.0937 3484 MRxDAV - ok 22:04:29.0953 3484 [ 040D62A9D8AD28922632137ACDD984F2 ] mrxsmb C:\Windows\system32\DRIVERS\mrxsmb.sys 22:04:29.0953 3484 mrxsmb - ok 22:04:29.0953 3484 [ F0067552F8F9B33D7C59403AB808A3CB ] mrxsmb10 C:\Windows\system32\DRIVERS\mrxsmb10.sys 22:04:29.0953 3484 mrxsmb10 - ok 22:04:29.0968 3484 [ 3C142D31DE9F2F193218A53FE2632051 ] mrxsmb20 C:\Windows\system32\DRIVERS\mrxsmb20.sys 22:04:29.0968 3484 mrxsmb20 - ok 22:04:29.0968 3484 [ 5C37497276E3B3A5488B23A326A754B7 ] msahci C:\Windows\system32\DRIVERS\msahci.sys 22:04:29.0968 3484 msahci - ok 22:04:29.0968 3484 [ 8D27B597229AED79430FB9DB3BCBFBD0 ] msdsm C:\Windows\system32\DRIVERS\msdsm.sys 22:04:29.0968 3484 msdsm - ok 22:04:29.0984 3484 [ DE0ECE52236CFA3ED2DBFC03F28253A8 ] MSDTC C:\Windows\System32\msdtc.exe 22:04:29.0984 3484 MSDTC - ok 22:04:29.0984 3484 [ AA3FB40E17CE1388FA1BEDAB50EA8F96 ] Msfs C:\Windows\system32\drivers\Msfs.sys 22:04:29.0984 3484 Msfs - ok 22:04:30.0000 3484 [ F9D215A46A8B9753F61767FA72A20326 ] mshidkmdf C:\Windows\System32\drivers\mshidkmdf.sys 22:04:30.0000 3484 mshidkmdf - ok 22:04:30.0000 3484 [ D916874BBD4F8B07BFB7FA9B3CCAE29D ] msisadrv C:\Windows\system32\DRIVERS\msisadrv.sys 22:04:30.0000 3484 msisadrv - ok 22:04:30.0000 3484 [ 808E98FF49B155C522E6400953177B08 ] MSiSCSI C:\Windows\system32\iscsiexe.dll 22:04:30.0015 3484 MSiSCSI - ok 22:04:30.0015 3484 msiserver - ok 22:04:30.0015 3484 [ 49CCF2C4FEA34FFAD8B1B59D49439366 ] MSKSSRV C:\Windows\system32\drivers\MSKSSRV.sys 22:04:30.0015 3484 MSKSSRV - ok 22:04:30.0015 3484 [ BDD71ACE35A232104DDD349EE70E1AB3 ] MSPCLOCK C:\Windows\system32\drivers\MSPCLOCK.sys 22:04:30.0015 3484 MSPCLOCK - ok 22:04:30.0031 3484 [ 4ED981241DB27C3383D72092B618A1D0 ] MSPQM C:\Windows\system32\drivers\MSPQM.sys 22:04:30.0031 3484 MSPQM - ok 22:04:30.0031 3484 [ 89CB141AA8616D8C6A4610FA26C60964 ] MsRPC C:\Windows\system32\drivers\MsRPC.sys 22:04:30.0031 3484 MsRPC - ok 22:04:30.0046 3484 [ 0EED230E37515A0EAEE3C2E1BC97B288 ] mssmbios C:\Windows\system32\DRIVERS\mssmbios.sys 22:04:30.0046 3484 mssmbios - ok 22:04:30.0046 3484 [ 2E66F9ECB30B4221A318C92AC2250779 ] MSTEE C:\Windows\system32\drivers\MSTEE.sys 22:04:30.0046 3484 MSTEE - ok 22:04:30.0046 3484 [ 7EA404308934E675BFFDE8EDF0757BCD ] MTConfig C:\Windows\system32\DRIVERS\MTConfig.sys 22:04:30.0046 3484 MTConfig - ok 22:04:30.0046 3484 [ F9A18612FD3526FE473C1BDA678D61C8 ] Mup C:\Windows\system32\Drivers\mup.sys 22:04:30.0046 3484 Mup - ok 22:04:30.0062 3484 [ 4987E079A4530FA737A128BE54B63B12 ] napagent C:\Windows\system32\qagentRT.dll 22:04:30.0062 3484 napagent - ok 22:04:30.0078 3484 [ 1EA3749C4114DB3E3161156FFFFA6B33 ] NativeWifiP C:\Windows\system32\DRIVERS\nwifi.sys 22:04:30.0078 3484 NativeWifiP - ok 22:04:30.0093 3484 [ CAD515DBD07D082BB317D9928CE8962C ] NDIS C:\Windows\system32\drivers\ndis.sys 22:04:30.0093 3484 NDIS - ok 22:04:30.0109 3484 [ 9F9A1F53AAD7DA4D6FEF5BB73AB811AC ] NdisCap C:\Windows\system32\DRIVERS\ndiscap.sys 22:04:30.0109 3484 NdisCap - ok 22:04:30.0109 3484 [ 30639C932D9FEF22B31268FE25A1B6E5 ] NdisTapi C:\Windows\system32\DRIVERS\ndistapi.sys 22:04:30.0109 3484 NdisTapi - ok 22:04:30.0109 3484 [ F105BA1E22BF1F2EE8F005D4305E4BEC ] Ndisuio C:\Windows\system32\DRIVERS\ndisuio.sys 22:04:30.0109 3484 Ndisuio - ok 22:04:30.0124 3484 [ 557DFAB9CA1FCB036AC77564C010DAD3 ] NdisWan C:\Windows\system32\DRIVERS\ndiswan.sys 22:04:30.0124 3484 NdisWan - ok 22:04:30.0124 3484 [ 659B74FB74B86228D6338D643CD3E3CF ] NDProxy C:\Windows\system32\drivers\NDProxy.sys 22:04:30.0124 3484 NDProxy - ok 22:04:30.0124 3484 [ 86743D9F5D2B1048062B14B1D84501C4 ] NetBIOS C:\Windows\system32\DRIVERS\netbios.sys 22:04:30.0124 3484 NetBIOS - ok 22:04:30.0140 3484 [ 9162B273A44AB9DCE5B44362731D062A ] NetBT C:\Windows\system32\DRIVERS\netbt.sys 22:04:30.0140 3484 NetBT - ok 22:04:30.0140 3484 [ 156F6159457D0AA7E59B62681B56EB90 ] Netlogon C:\Windows\system32\lsass.exe 22:04:30.0140 3484 Netlogon - ok 22:04:30.0156 3484 [ 847D3AE376C0817161A14A82C8922A9E ] Netman C:\Windows\System32\netman.dll 22:04:30.0156 3484 Netman - ok 22:04:30.0156 3484 [ D22CD77D4F0D63D1169BB35911BFF12D ] NetMsmqActivator C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe 22:04:30.0156 3484 NetMsmqActivator - ok 22:04:30.0171 3484 [ D22CD77D4F0D63D1169BB35911BFF12D ] NetPipeActivator C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe 22:04:30.0171 3484 NetPipeActivator - ok 22:04:30.0171 3484 [ 5F28111C648F1E24F7DBC87CDEB091B8 ] netprofm C:\Windows\System32\netprofm.dll 22:04:30.0171 3484 netprofm - ok 22:04:30.0187 3484 [ D22CD77D4F0D63D1169BB35911BFF12D ] NetTcpActivator C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe 22:04:30.0187 3484 NetTcpActivator - ok 22:04:30.0187 3484 [ D22CD77D4F0D63D1169BB35911BFF12D ] NetTcpPortSharing C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe 22:04:30.0187 3484 NetTcpPortSharing - ok 22:04:30.0187 3484 [ 77889813BE4D166CDAB78DDBA990DA92 ] nfrd960 C:\Windows\system32\DRIVERS\nfrd960.sys 22:04:30.0187 3484 nfrd960 - ok 22:04:30.0202 3484 [ D9A0CE66046D6EFA0C61BAA885CBA0A8 ] NlaSvc C:\Windows\System32\nlasvc.dll 22:04:30.0202 3484 NlaSvc - ok 22:04:30.0202 3484 [ 1E4C4AB5C9B8DD13179BBDC75A2A01F7 ] Npfs C:\Windows\system32\drivers\Npfs.sys 22:04:30.0202 3484 Npfs - ok 22:04:30.0218 3484 [ D54BFDF3E0C953F823B3D0BFE4732528 ] nsi C:\Windows\system32\nsisvc.dll 22:04:30.0218 3484 nsi - ok 22:04:30.0218 3484 [ E7F5AE18AF4168178A642A9247C63001 ] nsiproxy C:\Windows\system32\drivers\nsiproxy.sys 22:04:30.0218 3484 nsiproxy - ok 22:04:30.0233 3484 [ 356698A13C4630D5B31C37378D469196 ] Ntfs C:\Windows\system32\drivers\Ntfs.sys 22:04:30.0249 3484 Ntfs - ok 22:04:30.0265 3484 [ 9899284589F75FA8724FF3D16AED75C1 ] Null C:\Windows\system32\drivers\Null.sys 22:04:30.0265 3484 Null - ok 22:04:30.0265 3484 [ 3E38712941E9BB4DDBEE00AFFE3FED3D ] nvraid C:\Windows\system32\DRIVERS\nvraid.sys 22:04:30.0265 3484 nvraid - ok 22:04:30.0280 3484 [ 477DC4D6DEB99BE37084C9AC6D013DA1 ] nvstor C:\Windows\system32\DRIVERS\nvstor.sys 22:04:30.0280 3484 nvstor - ok 22:04:30.0280 3484 [ 270D7CD42D6E3979F6DD0146650F0E05 ] nv_agp C:\Windows\system32\DRIVERS\nv_agp.sys 22:04:30.0280 3484 nv_agp - ok 22:04:30.0296 3484 [ 1F0E05DFF4F5A833168E49BE1256F002 ] odserv C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE12\ODSERV.EXE 22:04:30.0296 3484 odserv - ok 22:04:30.0296 3484 [ 3589478E4B22CE21B41FA1BFC0B8B8A0 ] ohci1394 C:\Windows\system32\DRIVERS\ohci1394.sys 22:04:30.0296 3484 ohci1394 - ok 22:04:30.0311 3484 [ 5A432A042DAE460ABE7199B758E8606C ] ose C:\Program Files (x86)\Common Files\Microsoft Shared\Source Engine\OSE.EXE 22:04:30.0311 3484 ose - ok 22:04:30.0311 3484 [ 3EAC4455472CC2C97107B5291E0DCAFE ] p2pimsvc C:\Windows\system32\pnrpsvc.dll 22:04:30.0327 3484 p2pimsvc - ok 22:04:30.0327 3484 [ 927463ECB02179F88E4B9A17568C63C3 ] p2psvc C:\Windows\system32\p2psvc.dll 22:04:30.0343 3484 p2psvc - ok 22:04:30.0343 3484 [ 0086431C29C35BE1DBC43F52CC273887 ] Parport C:\Windows\system32\DRIVERS\parport.sys 22:04:30.0343 3484 Parport - ok 22:04:30.0343 3484 [ 90061B1ACFE8CCAA5345750FFE08D8B8 ] partmgr C:\Windows\system32\drivers\partmgr.sys 22:04:30.0343 3484 partmgr - ok 22:04:30.0358 3484 [ 3AEAA8B561E63452C655DC0584922257 ] PcaSvc C:\Windows\System32\pcasvc.dll 22:04:30.0358 3484 PcaSvc - ok 22:04:30.0358 3484 [ F36F6504009F2FB0DFD1B17A116AD74B ] pci C:\Windows\system32\DRIVERS\pci.sys 22:04:30.0358 3484 pci - ok 22:04:30.0374 3484 [ B5B8B5EF2E5CB34DF8DCF8831E3534FA ] pciide C:\Windows\system32\DRIVERS\pciide.sys 22:04:30.0374 3484 pciide - ok 22:04:30.0374 3484 [ B2E81D4E87CE48589F98CB8C05B01F2F ] pcmcia C:\Windows\system32\DRIVERS\pcmcia.sys 22:04:30.0374 3484 pcmcia - ok 22:04:30.0374 3484 [ D6B9C2E1A11A3A4B26A182FFEF18F603 ] pcw C:\Windows\system32\drivers\pcw.sys 22:04:30.0374 3484 pcw - ok 22:04:30.0389 3484 [ 68769C3356B3BE5D1C732C97B9A80D6E ] PEAUTH C:\Windows\system32\drivers\peauth.sys 22:04:30.0389 3484 PEAUTH - ok 22:04:30.0421 3484 [ B9B0A4299DD2D76A4243F75FD54DC680 ] PeerDistSvc C:\Windows\system32\peerdistsvc.dll 22:04:30.0421 3484 PeerDistSvc - ok 22:04:30.0436 3484 [ E495E408C93141E8FC72DC0C6046DDFA ] PerfHost C:\Windows\SysWow64\perfhost.exe 22:04:30.0436 3484 PerfHost - ok 22:04:30.0467 3484 [ 557E9A86F65F0DE18C9B6751DFE9D3F1 ] pla C:\Windows\system32\pla.dll 22:04:30.0483 3484 pla - ok 22:04:30.0483 3484 [ 98B1721B8718164293B9701B98C52D77 ] PlugPlay C:\Windows\system32\umpnpmgr.dll 22:04:30.0499 3484 PlugPlay - ok 22:04:30.0499 3484 [ 7195581CEC9BB7D12ABE54036ACC2E38 ] PNRPAutoReg C:\Windows\system32\pnrpauto.dll 22:04:30.0499 3484 PNRPAutoReg - ok 22:04:30.0499 3484 [ 3EAC4455472CC2C97107B5291E0DCAFE ] PNRPsvc C:\Windows\system32\pnrpsvc.dll 22:04:30.0499 3484 PNRPsvc - ok 22:04:30.0514 3484 [ 166EB40D1F5B47E615DE3D0FFFE5F243 ] PolicyAgent C:\Windows\System32\ipsecsvc.dll 22:04:30.0514 3484 PolicyAgent - ok 22:04:30.0530 3484 [ 6BA9D927DDED70BD1A9CADED45F8B184 ] Power C:\Windows\system32\umpo.dll 22:04:30.0530 3484 Power - ok 22:04:30.0530 3484 [ 27CC19E81BA5E3403C48302127BDA717 ] PptpMiniport C:\Windows\system32\DRIVERS\raspptp.sys 22:04:30.0530 3484 PptpMiniport - ok 22:04:30.0545 3484 [ 0D922E23C041EFB1C3FAC2A6F943C9BF ] Processor C:\Windows\system32\DRIVERS\processr.sys 22:04:30.0545 3484 Processor - ok 22:04:30.0545 3484 [ F381975E1F4346DE875CB07339CE8D3A ] ProfSvc C:\Windows\system32\profsvc.dll 22:04:30.0545 3484 ProfSvc - ok 22:04:30.0561 3484 [ 156F6159457D0AA7E59B62681B56EB90 ] ProtectedStorage C:\Windows\system32\lsass.exe 22:04:30.0561 3484 ProtectedStorage - ok 22:04:30.0561 3484 [ EE992183BD8EAEFD9973F352E587A299 ] Psched C:\Windows\system32\DRIVERS\pacer.sys 22:04:30.0561 3484 Psched - ok 22:04:30.0561 3484 [ 45FF9E4EC506FCA0C263A3299809B73A ] QBCFMonitorService C:\Program Files (x86)\Common Files\Intuit\QuickBooks\QBCFMonitorService.exe 22:04:30.0561 3484 QBCFMonitorService - ok 22:04:30.0577 3484 [ 6BEE1814470DC12FA20C53DFC3C97EBB ] QBFCService C:\Program Files (x86)\Common Files\Intuit\QuickBooks\FCS\Intuit.QuickBooks.FCS.exe 22:04:30.0577 3484 QBFCService - ok 22:04:30.0592 3484 [ 8F5B666C7035DEEB6D945F4E4647C96A ] QBVSS C:\Program Files (x86)\Common Files\Intuit\DataProtect\QBIDPService.exe 22:04:30.0592 3484 QBVSS - ok 22:04:30.0608 3484 [ A53A15A11EBFD21077463EE2C7AFEEF0 ] ql2300 C:\Windows\system32\DRIVERS\ql2300.sys 22:04:30.0623 3484 ql2300 - ok 22:04:30.0639 3484 [ 4F6D12B51DE1AAEFF7DC58C4D75423C8 ] ql40xx C:\Windows\system32\DRIVERS\ql40xx.sys 22:04:30.0639 3484 ql40xx - ok 22:04:30.0639 3484 QuickBooksDB19 - ok 22:04:30.0639 3484 QuickBooksDB20 - ok 22:04:30.0655 3484 QuickBooksDB21 - ok 22:04:30.0655 3484 QuickBooksDB22 - ok 22:04:30.0670 3484 [ 906191634E99AEA92C4816150BDA3732 ] QWAVE C:\Windows\system32\qwave.dll 22:04:30.0670 3484 QWAVE - ok 22:04:30.0670 3484 [ 76707BB36430888D9CE9D705398ADB6C ] QWAVEdrv C:\Windows\system32\drivers\qwavedrv.sys 22:04:30.0670 3484 QWAVEdrv - ok 22:04:30.0670 3484 [ A55E7D0D873B2C97585B3B5926AC6ADE ] RapiMgr C:\Windows\WindowsMobile\rapimgr.dll 22:04:30.0686 3484 RapiMgr - ok 22:04:30.0686 3484 [ 5A0DA8AD5762FA2D91678A8A01311704 ] RasAcd C:\Windows\system32\DRIVERS\rasacd.sys 22:04:30.0686 3484 RasAcd - ok 22:04:30.0686 3484 [ 7ECFF9B22276B73F43A99A15A6094E90 ] RasAgileVpn C:\Windows\system32\DRIVERS\AgileVpn.sys 22:04:30.0686 3484 RasAgileVpn - ok 22:04:30.0686 3484 [ 8F26510C5383B8DBE976DE1CD00FC8C7 ] RasAuto C:\Windows\System32\rasauto.dll 22:04:30.0701 3484 RasAuto - ok 22:04:30.0701 3484 [ 87A6E852A22991580D6D39ADC4790463 ] Rasl2tp C:\Windows\system32\DRIVERS\rasl2tp.sys 22:04:30.0701 3484 Rasl2tp - ok 22:04:30.0701 3484 [ 47394ED3D16D053F5906EFE5AB51CC83 ] RasMan C:\Windows\System32\rasmans.dll 22:04:30.0717 3484 RasMan - ok 22:04:30.0717 3484 [ 855C9B1CD4756C5E9A2AA58A15F58C25 ] RasPppoe C:\Windows\system32\DRIVERS\raspppoe.sys 22:04:30.0717 3484 RasPppoe - ok 22:04:30.0717 3484 [ E8B1E447B008D07FF47D016C2B0EEECB ] RasSstp C:\Windows\system32\DRIVERS\rassstp.sys 22:04:30.0717 3484 RasSstp - ok 22:04:30.0733 3484 [ 3BAC8142102C15D59A87757C1D41DCE5 ] rdbss C:\Windows\system32\DRIVERS\rdbss.sys 22:04:30.0733 3484 rdbss - ok 22:04:30.0733 3484 [ 302DA2A0539F2CF54D7C6CC30C1F2D8D ] rdpbus C:\Windows\system32\DRIVERS\rdpbus.sys 22:04:30.0733 3484 rdpbus - ok 22:04:30.0733 3484 [ CEA6CC257FC9B7715F1C2B4849286D24 ] RDPCDD C:\Windows\system32\DRIVERS\RDPCDD.sys 22:04:30.0733 3484 RDPCDD - ok 22:04:30.0748 3484 [ 9706B84DBABFC4B4CA46C5A82B14DFA3 ] RDPDR C:\Windows\system32\drivers\rdpdr.sys 22:04:30.0748 3484 RDPDR - ok 22:04:30.0748 3484 [ BB5971A4F00659529A5C44831AF22365 ] RDPENCDD C:\Windows\system32\drivers\rdpencdd.sys 22:04:30.0748 3484 RDPENCDD - ok 22:04:30.0764 3484 [ 216F3FA57533D98E1F74DED70113177A ] RDPREFMP C:\Windows\system32\drivers\rdprefmp.sys 22:04:30.0764 3484 RDPREFMP - ok 22:04:30.0764 3484 [ 447DE7E3DEA39D422C1504F245B668B1 ] RDPWD C:\Windows\system32\drivers\RDPWD.sys 22:04:30.0764 3484 RDPWD - ok 22:04:30.0779 3484 [ 634B9A2181D98F15941236886164EC8B ] rdyboost C:\Windows\system32\drivers\rdyboost.sys 22:04:30.0779 3484 rdyboost - ok 22:04:30.0779 3484 [ 254FB7A22D74E5511C73A3F6D802F192 ] RemoteAccess C:\Windows\System32\mprdim.dll 22:04:30.0779 3484 RemoteAccess - ok 22:04:30.0779 3484 [ E4D94F24081440B5FC5AA556C7C62702 ] RemoteRegistry C:\Windows\system32\regsvc.dll 22:04:30.0795 3484 RemoteRegistry - ok 22:04:30.0795 3484 [ E4DC58CF7B3EA515AE917FF0D402A7BB ] RpcEptMapper C:\Windows\System32\RpcEpMap.dll 22:04:30.0795 3484 RpcEptMapper - ok 22:04:30.0795 3484 [ D5BA242D4CF8E384DB90E6A8ED850B8C ] RpcLocator C:\Windows\system32\locator.exe 22:04:30.0795 3484 RpcLocator - ok 22:04:30.0811 3484 [ 7266972E86890E2B30C0C322E906B027 ] RpcSs C:\Windows\system32\rpcss.dll 22:04:30.0811 3484 RpcSs - ok 22:04:30.0811 3484 [ DDC86E4F8E7456261E637E3552E804FF ] rspndr C:\Windows\system32\DRIVERS\rspndr.sys 22:04:30.0811 3484 rspndr - ok 22:04:30.0826 3484 [ 88AF6E02AB19DF7FD07ECDF9C91E9AF6 ] s3cap C:\Windows\system32\DRIVERS\vms3cap.sys 22:04:30.0826 3484 s3cap - ok 22:04:30.0826 3484 [ 156F6159457D0AA7E59B62681B56EB90 ] SamSs C:\Windows\system32\lsass.exe 22:04:30.0826 3484 SamSs - ok 22:04:30.0826 3484 [ E3BBB89983DAF5622C1D50CF49F28227 ] sbp2port C:\Windows\system32\DRIVERS\sbp2port.sys 22:04:30.0826 3484 sbp2port - ok 22:04:30.0842 3484 [ 9B7395789E3791A3B6D000FE6F8B131E ] SCardSvr C:\Windows\System32\SCardSvr.dll 22:04:30.0842 3484 SCardSvr - ok 22:04:30.0842 3484 [ C94DA20C7E3BA1DCA269BC8460D98387 ] scfilter C:\Windows\system32\DRIVERS\scfilter.sys 22:04:30.0842 3484 scfilter - ok 22:04:30.0857 3484 [ 624D0F5FF99428BB90A5B8A4123E918E ] Schedule C:\Windows\system32\schedsvc.dll 22:04:30.0873 3484 Schedule - ok 22:04:30.0873 3484 [ 312E2F82AF11E79906898AC3E3D58A1F ] SCPolicySvc C:\Windows\System32\certprop.dll 22:04:30.0873 3484 SCPolicySvc - ok 22:04:30.0873 3484 [ 765A27C3279CE11D14CB9E4F5869FCA5 ] SDRSVC C:\Windows\System32\SDRSVC.dll 22:04:30.0888 3484 SDRSVC - ok 22:04:30.0888 3484 [ CA7E42E0B8D117165ED553A7D681352A ] SeaPort C:\Program Files (x86)\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe 22:04:30.0888 3484 SeaPort - ok 22:04:30.0888 3484 [ 3EA8A16169C26AFBEB544E0E48421186 ] secdrv C:\Windows\system32\drivers\secdrv.sys 22:04:30.0888 3484 secdrv - ok 22:04:30.0904 3484 [ 463B386EBC70F98DA5DFF85F7E654346 ] seclogon C:\Windows\system32\seclogon.dll 22:04:30.0904 3484 seclogon - ok 22:04:30.0904 3484 [ C32AB8FA018EF34C0F113BD501436D21 ] SENS C:\Windows\system32\sens.dll 22:04:30.0904 3484 SENS - ok 22:04:30.0904 3484 [ 0336CFFAFAAB87A11541F1CF1594B2B2 ] SensrSvc C:\Windows\system32\sensrsvc.dll 22:04:30.0904 3484 SensrSvc - ok 22:04:30.0920 3484 [ CB624C0035412AF0DEBEC78C41F5CA1B ] Serenum C:\Windows\system32\DRIVERS\serenum.sys 22:04:30.0920 3484 Serenum - ok 22:04:30.0920 3484 [ C1D8E28B2C2ADFAEC4BA89E9FDA69BD6 ] Serial C:\Windows\system32\DRIVERS\serial.sys 22:04:30.0920 3484 Serial - ok 22:04:30.0920 3484 [ 1C545A7D0691CC4A027396535691C3E3 ] sermouse C:\Windows\system32\DRIVERS\sermouse.sys 22:04:30.0920 3484 sermouse - ok 22:04:30.0935 3484 [ C3BC61CE47FF6F4E88AB8A3B429A36AF ] SessionEnv C:\Windows\system32\sessenv.dll 22:04:30.0935 3484 SessionEnv - ok 22:04:30.0935 3484 [ A554811BCD09279536440C964AE35BBF ] sffdisk C:\Windows\system32\DRIVERS\sffdisk.sys 22:04:30.0935 3484 sffdisk - ok 22:04:30.0951 3484 [ FF414F0BAEFEBA59BC6C04B3DB0B87BF ] sffp_mmc C:\Windows\system32\DRIVERS\sffp_mmc.sys 22:04:30.0951 3484 sffp_mmc - ok 22:04:30.0951 3484 [ 5588B8C6193EB1522490C122EB94DFFA ] sffp_sd C:\Windows\system32\DRIVERS\sffp_sd.sys 22:04:30.0951 3484 sffp_sd - ok 22:04:30.0951 3484 [ A9D601643A1647211A1EE2EC4E433FF4 ] sfloppy C:\Windows\system32\DRIVERS\sfloppy.sys 22:04:30.0951 3484 sfloppy - ok 22:04:30.0966 3484 [ B95F6501A2F8B2E78C697FEC401970CE ] SharedAccess C:\Windows\System32\ipnathlp.dll 22:04:30.0966 3484 SharedAccess - ok 22:04:30.0966 3484 [ 0298AC45D0EFFFB2DB4BAA7DD186E7BF ] ShellHWDetection C:\Windows\System32\shsvcs.dll 22:04:30.0982 3484 ShellHWDetection - ok 22:04:30.0982 3484 [ 843CAF1E5FDE1FFD5FF768F23A51E2E1 ] SiSRaid2 C:\Windows\system32\DRIVERS\SiSRaid2.sys 22:04:30.0982 3484 SiSRaid2 - ok 22:04:30.0982 3484 [ 6A6C106D42E9FFFF8B9FCB4F754F6DA4 ] SiSRaid4 C:\Windows\system32\DRIVERS\sisraid4.sys 22:04:30.0982 3484 SiSRaid4 - ok 22:04:30.0998 3484 [ 548260A7B8654E024DC30BF8A7C5BAA4 ] Smb C:\Windows\system32\DRIVERS\smb.sys 22:04:30.0998 3484 Smb - ok 22:04:30.0998 3484 [ 6313F223E817CC09AA41811DAA7F541D ] SNMPTRAP C:\Windows\System32\snmptrap.exe 22:04:30.0998 3484 SNMPTRAP - ok 22:04:30.0998 3484 [ B9E31E5CACDFE584F34F730A677803F9 ] spldr C:\Windows\system32\drivers\spldr.sys 22:04:30.0998 3484 spldr - ok 22:04:31.0013 3484 [ F8E1FA03CB70D54A9892AC88B91D1E7B ] Spooler C:\Windows\System32\spoolsv.exe 22:04:31.0013 3484 Spooler - ok 22:04:31.0060 3484 [ 913D843498553A1BC8F8DBAD6358E49F ] sppsvc C:\Windows\system32\sppsvc.exe 22:04:31.0091 3484 sppsvc - ok 22:04:31.0091 3484 [ 93D7D61317F3D4BC4F4E9F8A96A7DE45 ] sppuinotify C:\Windows\system32\sppuinotify.dll 22:04:31.0091 3484 sppuinotify - ok 22:04:31.0107 3484 [ 2408C0366D96BCDF63E8F1C78E4A29C5 ] srv C:\Windows\system32\DRIVERS\srv.sys 22:04:31.0107 3484 srv - ok 22:04:31.0122 3484 [ 76548F7B818881B47D8D1AE1BE9C11F8 ] srv2 C:\Windows\system32\DRIVERS\srv2.sys 22:04:31.0122 3484 srv2 - ok 22:04:31.0122 3484 [ 0AF6E19D39C70844C5CAA8FB0183C36E ] srvnet C:\Windows\system32\DRIVERS\srvnet.sys 22:04:31.0122 3484 srvnet - ok 22:04:31.0138 3484 [ 51B52FBD583CDE8AA9BA62B8B4298F33 ] SSDPSRV C:\Windows\System32\ssdpsrv.dll 22:04:31.0138 3484 SSDPSRV - ok 22:04:31.0138 3484 [ AB7AEBF58DAD8DAAB7A6C45E6A8885CB ] SstpSvc C:\Windows\system32\sstpsvc.dll 22:04:31.0138 3484 SstpSvc - ok 22:04:31.0154 3484 [ F3817967ED533D08327DC73BC4D5542A ] stexstor C:\Windows\system32\DRIVERS\stexstor.sys 22:04:31.0154 3484 stexstor - ok 22:04:31.0154 3484 [ 52D0E33B681BD0F33FDC08812FEE4F7D ] stisvc C:\Windows\System32\wiaservc.dll 22:04:31.0169 3484 stisvc - ok 22:04:31.0169 3484 [ FFD7A6F15B14234B5B0E5D49E7961895 ] storflt C:\Windows\system32\DRIVERS\vmstorfl.sys 22:04:31.0169 3484 storflt - ok 22:04:31.0169 3484 [ C40841817EF57D491F22EB103DA587CC ] StorSvc C:\Windows\system32\storsvc.dll 22:04:31.0169 3484 StorSvc - ok 22:04:31.0185 3484 [ 8FCCBEFC5C440B3C23454656E551B09A ] storvsc C:\Windows\system32\DRIVERS\storvsc.sys 22:04:31.0185 3484 storvsc - ok 22:04:31.0185 3484 [ D01EC09B6711A5F8E7E6564A4D0FBC90 ] swenum C:\Windows\system32\DRIVERS\swenum.sys 22:04:31.0185 3484 swenum - ok 22:04:31.0200 3484 [ E08E46FDD841B7184194011CA1955A0B ] swprv C:\Windows\System32\swprv.dll 22:04:31.0200 3484 swprv - ok 22:04:31.0232 3484 [ 3C1284516A62078FB68F768DE4F1A7BE ] SysMain C:\Windows\system32\sysmain.dll 22:04:31.0247 3484 SysMain - ok 22:04:31.0247 3484 [ 238935C3CF2854886DC7CBB2A0E2CC66 ] TabletInputService C:\Windows\System32\TabSvc.dll 22:04:31.0247 3484 TabletInputService - ok 22:04:31.0263 3484 [ 884264AC597B690C5707C89723BB8E7B ] TapiSrv C:\Windows\System32\tapisrv.dll 22:04:31.0263 3484 TapiSrv - ok 22:04:31.0263 3484 [ 1BE03AC720F4D302EA01D40F588162F6 ] TBS C:\Windows\System32\tbssvc.dll 22:04:31.0263 3484 TBS - ok 22:04:31.0278 3484 [ 624C5B3AA4C99B3184BB922D9ECE3FF0 ] Tcpip C:\Windows\system32\drivers\tcpip.sys 22:04:31.0310 3484 Tcpip - ok 22:04:31.0325 3484 [ 624C5B3AA4C99B3184BB922D9ECE3FF0 ] TCPIP6 C:\Windows\system32\DRIVERS\tcpip.sys 22:04:31.0341 3484 TCPIP6 - ok 22:04:31.0341 3484 [ 76D078AF6F587B162D50210F761EB9ED ] tcpipreg C:\Windows\system32\drivers\tcpipreg.sys 22:04:31.0341 3484 tcpipreg - ok 22:04:31.0341 3484 [ 3371D21011695B16333A3934340C4E7C ] TDPIPE C:\Windows\system32\drivers\tdpipe.sys 22:04:31.0341 3484 TDPIPE - ok 22:04:31.0356 3484 [ 7518F7BCFD4B308ABC9192BACAF6C970 ] TDTCP C:\Windows\system32\drivers\tdtcp.sys 22:04:31.0356 3484 TDTCP - ok 22:04:31.0356 3484 [ 079125C4B17B01FCAEEBCE0BCB290C0F ] tdx C:\Windows\system32\DRIVERS\tdx.sys 22:04:31.0356 3484 tdx - ok 22:04:31.0356 3484 [ C448651339196C0E869A355171875522 ] TermDD C:\Windows\system32\DRIVERS\termdd.sys 22:04:31.0356 3484 TermDD - ok 22:04:31.0372 3484 [ 0F05EC2887BFE197AD82A13287D2F404 ] TermService C:\Windows\System32\termsrv.dll 22:04:31.0388 3484 TermService - ok 22:04:31.0388 3484 [ F0344071948D1A1FA732231785A0664C ] Themes C:\Windows\system32\themeservice.dll 22:04:31.0388 3484 Themes - ok 22:04:31.0388 3484 [ E40E80D0304A73E8D269F7141D77250B ] THREADORDER C:\Windows\system32\mmcss.dll 22:04:31.0388 3484 THREADORDER - ok 22:04:31.0403 3484 [ DBCC20C02E8A3E43B03C304A4E40A84F ] TPM C:\Windows\system32\drivers\tpm.sys 22:04:31.0403 3484 TPM - ok 22:04:31.0403 3484 [ 7E7AFD841694F6AC397E99D75CEAD49D ] TrkWks C:\Windows\System32\trkwks.dll 22:04:31.0403 3484 TrkWks - ok 22:04:31.0403 3484 [ 840F7FB849F5887A49BA18C13B2DA920 ] TrustedInstaller C:\Windows\servicing\TrustedInstaller.exe 22:04:31.0419 3484 TrustedInstaller - ok 22:04:31.0419 3484 [ 61B96C26131E37B24E93327A0BD1FB95 ] tssecsrv C:\Windows\system32\DRIVERS\tssecsrv.sys 22:04:31.0419 3484 tssecsrv - ok 22:04:31.0419 3484 [ 3836171A2CDF3AF8EF10856DB9835A70 ] tunnel C:\Windows\system32\DRIVERS\tunnel.sys 22:04:31.0419 3484 tunnel - ok 22:04:31.0419 3484 [ B4DD609BD7E282BFC683CEC7EAAAAD67 ] uagp35 C:\Windows\system32\DRIVERS\uagp35.sys 22:04:31.0434 3484 uagp35 - ok 22:04:31.0434 3484 [ D47BAEAD86C65D4F4069D7CE0A4EDCEB ] udfs C:\Windows\system32\DRIVERS\udfs.sys 22:04:31.0434 3484 udfs - ok 22:04:31.0450 3484 [ 3CBDEC8D06B9968ABA702EBA076364A1 ] UI0Detect C:\Windows\system32\UI0Detect.exe 22:04:31.0450 3484 UI0Detect - ok 22:04:31.0450 3484 [ 4BFE1BC28391222894CBF1E7D0E42320 ] uliagpkx C:\Windows\system32\DRIVERS\uliagpkx.sys 22:04:31.0450 3484 uliagpkx - ok 22:04:31.0450 3484 [ EAB6C35E62B1B0DB0D1B48B671D3A117 ] umbus C:\Windows\system32\DRIVERS\umbus.sys 22:04:31.0450 3484 umbus - ok 22:04:31.0466 3484 [ B2E8E8CB557B156DA5493BBDDCC1474D ] UmPass C:\Windows\system32\DRIVERS\umpass.sys 22:04:31.0466 3484 UmPass - ok 22:04:31.0466 3484 [ AF0AC98EE5077EB844413EB54287FDE3 ] UmRdpService C:\Windows\System32\umrdp.dll 22:04:31.0466 3484 UmRdpService - ok 22:04:31.0481 3484 [ D47EC6A8E81633DD18D2436B19BAF6DE ] upnphost C:\Windows\System32\upnphost.dll 22:04:31.0481 3484 upnphost - ok 22:04:31.0497 3484 [ B26AFB54A534D634523C4FB66765B026 ] usbccgp C:\Windows\system32\DRIVERS\usbccgp.sys 22:04:31.0497 3484 usbccgp - ok 22:04:31.0497 3484 [ AF0892A803FDDA7492F595368E3B68E7 ] usbcir C:\Windows\system32\DRIVERS\usbcir.sys 22:04:31.0497 3484 usbcir - ok 22:04:31.0497 3484 [ 2EA4AFF7BE7EB4632E3AA8595B0803B5 ] usbehci C:\Windows\system32\DRIVERS\usbehci.sys 22:04:31.0497 3484 usbehci - ok 22:04:31.0512 3484 [ 4C9042B8DF86C1E8E6240C218B99B39B ] usbhub C:\Windows\system32\DRIVERS\usbhub.sys 22:04:31.0512 3484 usbhub - ok 22:04:31.0512 3484 [ 58E546BBAF87664FC57E0F6081E4F609 ] usbohci C:\Windows\system32\DRIVERS\usbohci.sys 22:04:31.0512 3484 usbohci - ok 22:04:31.0528 3484 [ 73188F58FB384E75C4063D29413CEE3D ] usbprint C:\Windows\system32\DRIVERS\usbprint.sys 22:04:31.0528 3484 usbprint - ok 22:04:31.0528 3484 [ 080D3820DA6C046BE82FC8B45A893E83 ] USBSTOR C:\Windows\system32\DRIVERS\USBSTOR.SYS 22:04:31.0528 3484 USBSTOR - ok 22:04:31.0528 3484 [ 81FB2216D3A60D1284455D511797DB3D ] usbuhci C:\Windows\system32\DRIVERS\usbuhci.sys 22:04:31.0544 3484 usbuhci - ok 22:04:31.0544 3484 [ 70D05EE263568A742D14E1876DF80532 ] usb_rndisx C:\Windows\system32\DRIVERS\usb8023x.sys 22:04:31.0544 3484 usb_rndisx - ok 22:04:31.0544 3484 [ EDBB23CBCF2CDF727D64FF9B51A6070E ] UxSms C:\Windows\System32\uxsms.dll 22:04:31.0544 3484 UxSms - ok 22:04:31.0559 3484 [ 156F6159457D0AA7E59B62681B56EB90 ] VaultSvc C:\Windows\system32\lsass.exe 22:04:31.0559 3484 VaultSvc - ok 22:04:31.0559 3484 [ C5C876CCFC083FF3B128F933823E87BD ] vdrvroot C:\Windows\system32\DRIVERS\vdrvroot.sys 22:04:31.0559 3484 vdrvroot - ok 22:04:31.0559 3484 [ 44D73E0BBC1D3C8981304BA15135C2F2 ] vds C:\Windows\System32\vds.exe 22:04:31.0575 3484 vds - ok 22:04:31.0575 3484 [ DA4DA3F5E02943C2DC8C6ED875DE68DD ] vga C:\Windows\system32\DRIVERS\vgapnp.sys 22:04:31.0575 3484 vga - ok 22:04:31.0590 3484 [ 53E92A310193CB3C03BEA963DE7D9CFC ] VgaSave C:\Windows\System32\drivers\vga.sys 22:04:31.0590 3484 VgaSave - ok 22:04:31.0590 3484 [ C82E748660F62A242B2DFAC1442F22A4 ] vhdmp C:\Windows\system32\DRIVERS\vhdmp.sys 22:04:31.0590 3484 vhdmp - ok 22:04:31.0606 3484 [ E5689D93FFE4E5D66C0178761240DD54 ] viaide C:\Windows\system32\DRIVERS\viaide.sys 22:04:31.0606 3484 viaide - ok 22:04:31.0606 3484 [ 1501699D7EDA984ABC4155A7DA5738D1 ] vmbus C:\Windows\system32\DRIVERS\vmbus.sys 22:04:31.0606 3484 vmbus - ok 22:04:31.0621 3484 [ AE10C35761889E65A6F7176937C5592C ] VMBusHID C:\Windows\system32\DRIVERS\VMBusHID.sys 22:04:31.0621 3484 VMBusHID - ok 22:04:31.0621 3484 [ 2B1A3DAE2B4E70DBBA822B7A03FBD4A3 ] volmgr C:\Windows\system32\DRIVERS\volmgr.sys 22:04:31.0621 3484 volmgr - ok 22:04:31.0637 3484 [ 99B0CBB569CA79ACAED8C91461D765FB ] volmgrx C:\Windows\system32\drivers\volmgrx.sys 22:04:31.0637 3484 volmgrx - ok 22:04:31.0653 3484 [ 58F82EED8CA24B461441F9C3E4F0BF5C ] volsnap C:\Windows\system32\DRIVERS\volsnap.sys 22:04:31.0653 3484 volsnap - ok 22:04:31.0653 3484 [ 5E2016EA6EBACA03C04FEAC5F330D997 ] vsmraid C:\Windows\system32\DRIVERS\vsmraid.sys 22:04:31.0653 3484 vsmraid - ok 22:04:31.0684 3484 [ 787898BF9FB6D7BD87A36E2D95C899BA ] VSS C:\Windows\system32\vssvc.exe 22:04:31.0699 3484 VSS - ok 22:04:31.0699 3484 [ 36D4720B72B5C5D9CB2B9C29E9DF67A1 ] vwifibus C:\Windows\System32\drivers\vwifibus.sys 22:04:31.0699 3484 vwifibus - ok 22:04:31.0715 3484 [ 1C9D80CC3849B3788048078C26486E1A ] W32Time C:\Windows\system32\w32time.dll 22:04:31.0715 3484 W32Time - ok 22:04:31.0731 3484 [ 4E9440F4F152A7B944CB1663D3935A3E ] WacomPen C:\Windows\system32\DRIVERS\wacompen.sys 22:04:31.0731 3484 WacomPen - ok 22:04:31.0731 3484 [ 47CA49400643EFFD3F1C9A27E1D69324 ] WANARP C:\Windows\system32\DRIVERS\wanarp.sys 22:04:31.0731 3484 WANARP - ok 22:04:31.0746 3484 [ 47CA49400643EFFD3F1C9A27E1D69324 ] Wanarpv6 C:\Windows\system32\DRIVERS\wanarp.sys 22:04:31.0746 3484 Wanarpv6 - ok 22:04:31.0762 3484 [ 5AB1BB85BD8B5089CC5D64200DEDAE68 ] wbengine C:\Windows\system32\wbengine.exe 22:04:31.0777 3484 wbengine - ok 22:04:31.0777 3484 [ 3AA101E8EDAB2DB4131333F4325C76A3 ] WbioSrvc C:\Windows\System32\wbiosrvc.dll 22:04:31.0793 3484 WbioSrvc - ok 22:04:31.0793 3484 [ 8BDA6DB43AA54E8BB5E0794541DDC209 ] WcesComm C:\Windows\WindowsMobile\wcescomm.dll 22:04:31.0793 3484 WcesComm - ok 22:04:31.0809 3484 [ 8321C2CA3B62B61B293CDA3451984468 ] wcncsvc C:\Windows\System32\wcncsvc.dll 22:04:31.0809 3484 wcncsvc - ok 22:04:31.0809 3484 [ 20F7441334B18CEE52027661DF4A6129 ] WcsPlugInService C:\Windows\System32\WcsPlugInService.dll 22:04:31.0824 3484 WcsPlugInService - ok 22:04:31.0824 3484 [ 72889E16FF12BA0F235467D6091B17DC ] Wd C:\Windows\system32\DRIVERS\wd.sys 22:04:31.0824 3484 Wd - ok 22:04:31.0840 3484 [ 441BD2D7B4F98134C3A4F9FA570FD250 ] Wdf01000 C:\Windows\system32\drivers\Wdf01000.sys 22:04:31.0840 3484 Wdf01000 - ok 22:04:31.0840 3484 [ BF1FC3F79B863C914687A737C2F3D681 ] WdiServiceHost C:\Windows\system32\wdi.dll 22:04:31.0840 3484 WdiServiceHost - ok 22:04:31.0855 3484 [ BF1FC3F79B863C914687A737C2F3D681 ] WdiSystemHost C:\Windows\system32\wdi.dll 22:04:31.0855 3484 WdiSystemHost - ok 22:04:31.0855 3484 [ 8A438CBB8C032A0C798B0C642FFBE572 ] WebClient C:\Windows\System32\webclnt.dll 22:04:31.0871 3484 WebClient - ok 22:04:31.0871 3484 [ C749025A679C5103E575E3B48E092C43 ] Wecsvc C:\Windows\system32\wecsvc.dll 22:04:31.0871 3484 Wecsvc - ok 22:04:31.0871 3484 [ 7E591867422DC788B9E5BD337A669A08 ] wercplsupport C:\Windows\System32\wercplsupport.dll 22:04:31.0887 3484 wercplsupport - ok 22:04:31.0887 3484 [ 6D137963730144698CBD10F202E9F251 ] WerSvc C:\Windows\System32\WerSvc.dll 22:04:31.0887 3484 WerSvc - ok 22:04:31.0887 3484 [ 611B23304BF067451A9FDEE01FBDD725 ] WfpLwf C:\Windows\system32\DRIVERS\wfplwf.sys 22:04:31.0887 3484 WfpLwf - ok 22:04:31.0902 3484 [ 05ECAEC3E4529A7153B3136CEB49F0EC ] WIMMount C:\Windows\system32\drivers\wimmount.sys 22:04:31.0902 3484 WIMMount - ok 22:04:31.0902 3484 WinDefend - ok 22:04:31.0902 3484 WinHttpAutoProxySvc - ok 22:04:31.0918 3484 [ 19B07E7E8915D701225DA41CB3877306 ] Winmgmt C:\Windows\system32\wbem\WMIsvc.dll 22:04:31.0918 3484 Winmgmt - ok 22:04:31.0949 3484 [ 41FBB751936B387F9179E7F03A74FE29 ] WinRM C:\Windows\system32\WsmSvc.dll 22:04:31.0965 3484 WinRM - ok 22:04:31.0980 3484 [ 817EAFF5D38674EDD7713B9DFB8E9791 ] WINUSB C:\Windows\system32\DRIVERS\WinUSB.SYS 22:04:31.0980 3484 WINUSB - ok 22:04:31.0996 3484 [ 4FADA86E62F18A1B2F42BA18AE24E6AA ] Wlansvc C:\Windows\System32\wlansvc.dll 22:04:31.0996 3484 Wlansvc - ok 22:04:32.0027 3484 [ 98F138897EF4246381D197CB81846D62 ] wlidsvc c:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE 22:04:32.0043 3484 wlidsvc - ok 22:04:32.0058 3484 [ F6FF8944478594D0E414D3F048F0D778 ] WmiAcpi C:\Windows\system32\DRIVERS\wmiacpi.sys 22:04:32.0058 3484 WmiAcpi - ok 22:04:32.0058 3484 [ 38B84C94C5A8AF291ADFEA478AE54F93 ] wmiApSrv C:\Windows\system32\wbem\WmiApSrv.exe 22:04:32.0074 3484 wmiApSrv - ok 22:04:32.0074 3484 WMPNetworkSvc - ok 22:04:32.0074 3484 [ 96C6E7100D724C69FCF9E7BF590D1DCA ] WPCSvc C:\Windows\System32\wpcsvc.dll 22:04:32.0074 3484 WPCSvc - ok 22:04:32.0089 3484 [ 2E57DDF2880A7E52E76F41C7E96D327B ] WPDBusEnum C:\Windows\system32\wpdbusenum.dll 22:04:32.0089 3484 WPDBusEnum - ok 22:04:32.0089 3484 [ 6BCC1D7D2FD2453957C5479A32364E52 ] ws2ifsl C:\Windows\system32\drivers\ws2ifsl.sys 22:04:32.0089 3484 ws2ifsl - ok 22:04:32.0105 3484 [ E8B1FE6669397D1772D8196DF0E57A9E ] wscsvc C:\Windows\system32\wscsvc.dll 22:04:32.0105 3484 wscsvc - ok 22:04:32.0105 3484 WSearch - ok 22:04:32.0136 3484 [ D9EF901DCA379CFE914E9FA13B73B4C4 ] wuauserv C:\Windows\system32\wuaueng.dll 22:04:32.0152 3484 wuauserv - ok 22:04:32.0167 3484 [ 7CADC74271DD6461C452C271B30BD378 ] WudfPf C:\Windows\system32\drivers\WudfPf.sys 22:04:32.0167 3484 WudfPf - ok 22:04:32.0167 3484 [ 3B197AF0FFF08AA66B6B2241CA538D64 ] WUDFRd C:\Windows\system32\DRIVERS\WUDFRd.sys 22:04:32.0167 3484 WUDFRd - ok 22:04:32.0183 3484 [ B551D6637AA0E132C18AC6E504F7B79B ] wudfsvc C:\Windows\System32\WUDFSvc.dll 22:04:32.0183 3484 wudfsvc - ok 22:04:32.0183 3484 [ 9A3452B3C2A46C073166C5CF49FAD1AE ] WwanSvc C:\Windows\System32\wwansvc.dll 22:04:32.0199 3484 WwanSvc - ok 22:04:32.0199 3484 ================ Scan global =============================== 22:04:32.0199 3484 [ BA0CD8C393E8C9F83354106093832C7B ] C:\Windows\system32\basesrv.dll 22:04:32.0214 3484 [ 0CB6EBF4B461A6043353C570BD72A1E1 ] C:\Windows\system32\winsrv.dll 22:04:32.0214 3484 [ 0CB6EBF4B461A6043353C570BD72A1E1 ] C:\Windows\system32\winsrv.dll 22:04:32.0230 3484 [ D6160F9D869BA3AF0B787F971DB56368 ] C:\Windows\system32\sxssrv.dll 22:04:32.0230 3484 [ 24ACB7E5BE595468E3B9AA488B9B4FCB ] C:\Windows\system32\services.exe 22:04:32.0230 3484 [Global] - ok 22:04:32.0230 3484 ================ Scan MBR ================================== 22:04:32.0245 3484 [ A36C5E4F47E84449FF07ED3517B43A31 ] \Device\Harddisk0\DR0 22:04:32.0293 3484 \Device\Harddisk0\DR0 - ok 22:04:32.0293 3484 ================ Scan VBR ================================== 22:04:32.0296 3484 [ 3088BDEB626D694C9A9A1FA792FABE14 ] \Device\Harddisk0\DR0\Partition1 22:04:32.0297 3484 \Device\Harddisk0\DR0\Partition1 - ok 22:04:32.0301 3484 [ C5577D56C623E59DE6635CD48BC207F0 ] \Device\Harddisk0\DR0\Partition2 22:04:32.0303 3484 \Device\Harddisk0\DR0\Partition2 - ok 22:04:32.0304 3484 ============================================================ 22:04:32.0304 3484 Scan finished 22:04:32.0304 3484 ============================================================ 22:04:32.0314 2368 Detected object count: 0 22:04:32.0314 2368 Actual detected object count: 0 22:05:56.0341 4924 Deinitialize success aswMBR version 0.9.9.1707 Copyright© 2011 AVAST Software Run date: 2012-11-08 22:06:25 ----------------------------- 22:06:25.503 OS Version: Windows x64 6.1.7600 22:06:25.503 Number of processors: 4 586 0x170A 22:06:25.503 ComputerName: CONNIE01 UserName: Connie 22:06:25.752 Initialize success 22:13:00.014 AVAST engine defs: 12110801 22:13:06.637 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP3T0L0-3 22:13:06.653 Disk 0 Vendor: M4-CT128M4SSD1 000F Size: 122104MB BusType: 3 22:13:06.653 Disk 0 MBR read successfully 22:13:06.653 Disk 0 MBR scan 22:13:06.653 Disk 0 Windows 7 default MBR code 22:13:06.653 Disk 0 Partition 1 80 (A) 07 HPFS/NTFS NTFS 100 MB offset 2048 22:13:06.668 Disk 0 Partition 2 00 07 HPFS/NTFS NTFS 122002 MB offset 208896 22:13:06.668 Disk 0 scanning C:\Windows\system32\drivers 22:13:09.386 Service scanning 22:13:16.181 Modules scanning 22:13:16.181 Disk 0 trace - called modules: 22:13:16.181 ntoskrnl.exe CLASSPNP.SYS disk.sys ataport.SYS pciide.sys PCIIDEX.SYS hal.dll atapi.sys 22:13:16.197 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0xfffffa8007d03060] 22:13:16.197 3 CLASSPNP.SYS[fffff8800140143f] -> nt!IofCallDriver -> \Device\Ide\IdeDeviceP3T0L0-3[0xfffffa8007697680] 22:13:16.588 AVAST engine scan C:\Windows 22:13:17.244 AVAST engine scan C:\Windows\system32 22:14:39.552 AVAST engine scan C:\Windows\system32\drivers 22:14:42.676 AVAST engine scan C:\Users\connie 22:14:57.922 AVAST engine scan C:\ProgramData 22:15:09.763 Scan finished successfully 22:15:41.599 Disk 0 MBR has been saved successfully to "\\SBS2008\RedirectedFolders\connie\Desktop\MBR.dat" 22:15:41.615 The log file has been saved successfully to "\\SBS2008\RedirectedFolders\connie\Desktop\aswMBR.txt" No Problems!

ComboFix 12-11-08.01 - Connie 11/08/2012 21:39:01.1.4 - x64 Microsoft Windows 7 Professional 6.1.7600.0.1252.1.1033.18.8090.6558 [GMT -6:00] Running from: \\SBS2008\RedirectedFolders\connie\Desktop\ComboFix.exe SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46} * Created a new restore point . . ((((((((((((((((((((((((((((((((((((((( Other Deletions ))))))))))))))))))))))))))))))))))))))))))))))))) . . c:\users\connie\AppData\Local\Microsoft\Windows\Temporary Internet Files\1144AccountantCenter.html c:\users\connie\AppData\Local\Microsoft\Windows\Temporary Internet Files\1292AccountantCenter.html c:\users\connie\AppData\Local\Microsoft\Windows\Temporary Internet Files\1312AccountantCenter.html c:\users\connie\AppData\Local\Microsoft\Windows\Temporary Internet Files\1548AccountantCenter.html c:\users\connie\AppData\Local\Microsoft\Windows\Temporary Internet Files\2728AccountantCenter.html c:\users\connie\AppData\Local\Microsoft\Windows\Temporary Internet Files\2888AccountantCenter.html c:\users\connie\AppData\Local\Microsoft\Windows\Temporary Internet Files\3056AccountantCenter.html c:\users\connie\AppData\Local\Microsoft\Windows\Temporary Internet Files\3776AccountantCenter.html c:\users\connie\AppData\Local\Microsoft\Windows\Temporary Internet Files\4184AccountantCenter.html c:\users\connie\AppData\Local\Microsoft\Windows\Temporary Internet Files\4332AccountantCenter.html c:\users\connie\AppData\Local\Microsoft\Windows\Temporary Internet Files\4612AccountantCenter.html c:\users\connie\AppData\Local\Microsoft\Windows\Temporary Internet Files\4956AccountantCenter.html c:\users\connie\AppData\Local\Microsoft\Windows\Temporary Internet Files\4960AccountantCenter.html c:\users\connie\AppData\Local\Microsoft\Windows\Temporary Internet Files\5032AccountantCenter.html c:\users\connie\AppData\Local\Microsoft\Windows\Temporary Internet Files\5132AccountantCenter.html c:\users\connie\AppData\Local\Microsoft\Windows\Temporary Internet Files\5708AccountantCenter.html c:\users\connie\AppData\Local\Microsoft\Windows\Temporary Internet Files\5732AccountantCenter.html c:\users\connie\AppData\Local\Microsoft\Windows\Temporary Internet Files\5968AccountantCenter.html c:\users\connie\AppData\Local\Microsoft\Windows\Temporary Internet Files\6120AccountantCenter.html c:\users\connie\AppData\Local\Microsoft\Windows\Temporary Internet Files\6696AccountantCenter.html c:\users\connie\AppData\Local\Microsoft\Windows\Temporary Internet Files\6844AccountantCenter.html c:\users\connie\AppData\Local\Microsoft\Windows\Temporary Internet Files\6944AccountantCenter.html c:\users\connie\AppData\Local\Microsoft\Windows\Temporary Internet Files\6956AccountantCenter.html c:\users\connie\AppData\Local\Microsoft\Windows\Temporary Internet Files\8008AccountantCenter.html c:\users\connie\AppData\Local\Microsoft\Windows\Temporary Internet Files\920AccountantCenter.html c:\users\connie\AppData\Local\Microsoft\Windows\Temporary Internet Files\ac.js c:\users\connie\AppData\Local\Microsoft\Windows\Temporary Internet Files\close_pop.png c:\users\connie\AppData\Local\Microsoft\Windows\Temporary Internet Files\jquery.corner.js c:\users\connie\AppData\Local\Microsoft\Windows\Temporary Internet Files\jquery.min.js c:\users\connie\AppData\Local\Microsoft\Windows\Temporary Internet Files\mootools.svn.js c:\users\connie\AppData\Local\Microsoft\Windows\Temporary Internet Files\pffcenter.html c:\users\connie\AppData\Local\Microsoft\Windows\Temporary Internet Files\pffCenter.js c:\users\connie\AppData\Local\Microsoft\Windows\Temporary Internet Files\reviewDialog.html c:\users\connie\AppData\Local\Microsoft\Windows\Temporary Internet Files\reviewNotesPopUp.html c:\users\connie\AppData\Local\Microsoft\Windows\Temporary Internet Files\taskNotesDialog.html c:\users\connie\B5C33383.tmp c:\users\connie\biworeamimno.exe c:\users\connie\g2mdlhlpx.exe . . ((((((((((((((((((((((((( Files Created from 2012-10-09 to 2012-11-09 ))))))))))))))))))))))))))))))) . . 2012-11-09 03:42 . 2012-11-09 03:42 -------- d-----w- c:\users\test\AppData\Local\temp 2012-11-09 03:42 . 2012-11-09 03:42 -------- d-----w- c:\users\QBDataServiceUser22\AppData\Local\temp 2012-11-09 03:42 . 2012-11-09 03:42 -------- d-----w- c:\users\QBDataServiceUser21\AppData\Local\temp 2012-11-09 03:42 . 2012-11-09 03:42 -------- d-----w- c:\users\QBDataServiceUser20\AppData\Local\temp 2012-11-09 03:42 . 2012-11-09 03:42 -------- d-----w- c:\users\Matt\AppData\Local\temp 2012-11-09 03:42 . 2012-11-09 03:42 -------- d-----w- c:\users\Default\AppData\Local\temp 2012-11-09 03:42 . 2012-11-09 03:42 -------- d-----w- c:\users\bruun2\AppData\Local\temp 2012-11-09 03:42 . 2012-11-09 03:42 -------- d-----w- c:\users\badmin\AppData\Local\temp 2012-11-09 02:19 . 2012-11-09 02:19 -------- d-----w- c:\users\badmin\AppData\Local\Intuit 2012-11-08 21:43 . 2012-11-08 21:40 689190 ----a-w- C:\dds.scr 2012-11-08 17:44 . 2012-11-08 17:44 -------- d-----w- c:\users\connie\AppData\Roaming\Malwarebytes 2012-11-08 17:44 . 2012-11-08 17:44 -------- d-----w- c:\programdata\Malwarebytes 2012-11-08 17:44 . 2012-11-08 17:44 -------- d-----w- c:\program files (x86)\Malwarebytes' Anti-Malware 2012-11-08 17:44 . 2012-09-30 01:54 25928 ----a-w- c:\windows\system32\drivers\mbam.sys 2012-11-06 08:41 . 2012-10-12 07:19 9291768 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{D21448E0-4C24-43D8-94C8-937A998262BF}\mpengine.dll 2012-11-03 02:02 . 2001-07-30 15:40 44032 ----a-w- c:\windows\SysWow64\temp.051 2012-11-03 02:02 . 2000-05-27 05:00 1388544 ----a-w- c:\windows\SysWow64\temp.052 2012-11-03 02:02 . 1998-05-31 05:00 22288 ----a-w- c:\windows\SysWow64\temp.053 2012-11-03 02:02 . 2001-07-30 15:42 1118720 ----a-w- c:\windows\SysWow64\temp.050 2012-11-03 02:02 . 2001-11-15 22:14 295000 ----a-w- c:\windows\SysWow64\temp.04E 2012-11-03 02:02 . 2001-11-15 22:14 995383 ----a-w- c:\windows\SysWow64\temp.04F 2012-11-03 02:02 . 1998-06-17 17:52 401462 ----a-w- c:\windows\SysWow64\temp.04D 2012-10-26 07:07 . 2012-06-02 22:19 44056 ----a-w- c:\windows\system32\wups2.dll 2012-10-26 07:07 . 2012-06-02 22:19 2428952 ----a-w- c:\windows\system32\wuaueng.dll 2012-10-26 07:07 . 2012-06-02 22:19 57880 ----a-w- c:\windows\system32\wuauclt.exe 2012-10-26 07:07 . 2012-06-02 22:15 2622464 ----a-w- c:\windows\system32\wucltux.dll 2012-10-26 07:06 . 2012-06-02 22:19 38424 ----a-w- c:\windows\system32\wups.dll 2012-10-26 07:06 . 2012-06-02 22:19 701976 ----a-w- c:\windows\system32\wuapi.dll 2012-10-26 07:06 . 2012-06-02 22:15 99840 ----a-w- c:\windows\system32\wudriver.dll 2012-10-26 07:06 . 2012-06-02 20:19 186752 ----a-w- c:\windows\system32\wuwebv.dll 2012-10-26 07:06 . 2012-06-02 20:15 36864 ----a-w- c:\windows\system32\wuapp.exe 2012-10-11 08:02 . 2012-08-30 18:11 5505904 ----a-w- c:\windows\system32\ntoskrnl.exe 2012-10-11 08:02 . 2012-08-30 17:18 3958128 ----a-w- c:\windows\SysWow64\ntkrnlpa.exe 2012-10-11 08:02 . 2012-08-30 17:18 3902832 ----a-w- c:\windows\SysWow64\ntoskrnl.exe 2012-10-11 08:01 . 2012-08-24 18:05 220160 ----a-w- c:\windows\system32\wintrust.dll 2012-10-11 08:01 . 2012-08-24 17:10 172544 ----a-w- c:\windows\SysWow64\wintrust.dll 2012-10-11 08:01 . 2012-08-11 00:53 714752 ----a-w- c:\windows\system32\kerberos.dll 2012-10-11 08:01 . 2012-08-10 23:54 541184 ----a-w- c:\windows\SysWow64\kerberos.dll 2012-10-11 08:00 . 2012-06-02 05:25 182272 ----a-w- c:\windows\system32\cryptsvc.dll 2012-10-11 08:00 . 2012-06-02 05:25 1462784 ----a-w- c:\windows\system32\crypt32.dll 2012-10-11 08:00 . 2012-06-02 05:25 140288 ----a-w- c:\windows\system32\cryptnet.dll 2012-10-11 08:00 . 2012-06-02 04:45 139264 ----a-w- c:\windows\SysWow64\cryptsvc.dll 2012-10-11 08:00 . 2012-06-02 04:45 1157632 ----a-w- c:\windows\SysWow64\crypt32.dll 2012-10-11 08:00 . 2012-06-02 04:45 103936 ----a-w- c:\windows\SysWow64\cryptnet.dll . . . (((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2012-10-09 06:15 . 2012-08-29 14:17 696760 ----a-w- c:\windows\SysWow64\FlashPlayerApp.exe 2012-10-09 06:15 . 2012-02-29 16:29 73656 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl 2012-08-24 18:05 . 2012-09-23 08:00 1197568 ----a-w- c:\windows\system32\wininet.dll 2012-08-24 18:05 . 2012-09-23 08:00 134144 ----a-w- c:\windows\system32\url.dll 2012-08-24 18:05 . 2012-09-23 08:00 1501696 ----a-w- c:\windows\system32\urlmon.dll 2012-08-24 18:03 . 2012-09-23 08:00 1026560 ----a-w- c:\windows\system32\mstime.dll 2012-08-24 18:02 . 2012-09-23 08:00 97792 ----a-w- c:\windows\system32\mshtmled.dll 2012-08-24 18:02 . 2012-09-23 08:00 9375744 ----a-w- c:\windows\system32\mshtml.dll 2012-08-24 18:02 . 2012-09-23 08:00 736256 ----a-w- c:\windows\system32\msfeeds.dll 2012-08-24 18:02 . 2012-09-23 08:00 82944 ----a-w- c:\windows\system32\msfeedsbs.dll 2012-08-24 18:02 . 2012-09-23 08:00 57856 ----a-w- c:\windows\system32\licmgr10.dll 2012-08-24 18:02 . 2012-09-23 08:00 64512 ----a-w- c:\windows\system32\jsproxy.dll 2012-08-24 18:01 . 2012-09-23 08:00 247808 ----a-w- c:\windows\system32\ieui.dll 2012-08-24 18:01 . 2012-09-23 08:00 2458624 ----a-w- c:\windows\system32\iertutil.dll 2012-08-24 18:01 . 2012-09-23 08:00 256000 ----a-w- c:\windows\system32\iepeers.dll 2012-08-24 18:01 . 2012-09-23 08:00 12404736 ----a-w- c:\windows\system32\ieframe.dll 2012-08-24 18:01 . 2012-09-23 08:00 445952 ----a-w- c:\windows\system32\iedkcs32.dll 2012-08-24 17:59 . 2012-09-23 08:00 12288 ----a-w- c:\windows\system32\msfeedssync.exe 2012-08-24 17:10 . 2012-09-23 08:00 981504 ----a-w- c:\windows\SysWow64\wininet.dll 2012-08-24 17:08 . 2012-09-23 08:00 44544 ----a-w- c:\windows\SysWow64\licmgr10.dll 2012-08-24 16:45 . 2012-09-23 08:00 482816 ----a-w- c:\windows\system32\html.iec 2012-08-24 16:02 . 2012-09-23 08:00 1638912 ----a-w- c:\windows\system32\mshtml.tlb 2012-08-24 16:01 . 2012-09-23 08:00 386048 ----a-w- c:\windows\SysWow64\html.iec 2012-08-24 15:27 . 2012-09-23 08:00 1638912 ----a-w- c:\windows\SysWow64\mshtml.tlb . . ((((((((((((((((((((((((((((((((((((( Reg Loading Points )))))))))))))))))))))))))))))))))))))))))))))))))) . . *Note* empty entries & legit default entries are not shown REGEDIT4 . [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "RoboForm"="c:\program files (x86)\Siber Systems\AI RoboForm\RoboTaskBarIcon.exe" [2009-12-31 160592] . [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run] "GrooveMonitor"="c:\program files (x86)\Microsoft Office\Office12\GrooveMonitor.exe" [2008-10-25 31072] "SoundMAXPnP"="c:\program files (x86)\Analog Devices\Core\smax4pnp.exe" [2008-06-24 1310720] "Intuit SyncManager"="c:\program files (x86)\Common Files\Intuit\Sync\IntuitSyncManager.exe" [2011-09-30 2215768] "MSN Toolbar"="c:\program files (x86)\MSN Toolbar\Platform\4.0.0401.0\mswinext.exe" [2010-02-12 240992] "Microsoft Default Manager"="c:\program files (x86)\Microsoft\Search Enhancement Pack\Default Manager\DefMgr.exe" [2009-07-17 288080] "SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe" [2011-04-08 254696] "Adobe Reader Speed Launcher"="c:\program files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2012-01-04 37296] "Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2012-01-02 843712] . c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\ CS Connect Background Services.lnk - \\sbs2008\share1\WinCSI\Tools\ConnectBGDL.exe [2009-12-29 1943544] Intuit Data Protect.lnk - c:\program files (x86)\Common Files\Intuit\DataProtect\IntuitDataProtect.exe [2011-11-2 5927768] QuickBooks Update Agent.lnk - c:\program files (x86)\Common Files\Intuit\QuickBooks\QBUpdate\qbupdate.exe [2011-11-2 1175912] QuickBooks_Standard_21.lnk - c:\program files (x86)\Intuit\QuickBooks 2012\QBW32.EXE [2011-11-2 1178984] . [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system] "ConsentPromptBehaviorAdmin"= 5 (0x5) "ConsentPromptBehaviorUser"= 3 (0x3) "EnableUIADesktopToggle"= 0 (0x0) "EnableLinkedConnections"= 1 (0x1) "SoftwareSASGeneration"= 3 (0x3) . R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576] R2 CSAPrintService;Creative Solutions Accounting Print Service;c:\windows\csasvc.exe [2009-10-23 118784] R2 MBAMService;MBAMService;c:\program files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [2012-09-30 676936] R3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [2012-09-30 25928] R4 QuickBooksDB19;QuickBooksDB19;c:\progra~2\Intuit\QUICKB~2\QBDBMgrN.exe [2009-10-01 131072] R4 QuickBooksDB20;QuickBooksDB20;c:\progra~2\Intuit\QUICKB~1\QBDBMgrN.exe [2009-08-18 678912] R4 QuickBooksDB21;QuickBooksDB21;c:\progra~2\Intuit\QUICKB~3\QBDBMgrN.exe [2010-04-28 679936] R4 QuickBooksDB22;QuickBooksDB22;c:\progra~2\Intuit\QUICKB~4\QBDBMgrN.exe [2011-11-02 679936] S2 MBAMScheduler;MBAMScheduler;c:\program files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe [2012-09-30 399432] S2 QBVSS;QBIDPService;c:\program files (x86)\Common Files\Intuit\DataProtect\QBIDPService.exe [2011-11-02 1248256] S3 e1kexpress;Intel® PRO/1000 PCI Express Network Connection Driver K;c:\windows\system32\DRIVERS\e1k60x64.sys [2009-06-10 220672] . . --- Other Services/Drivers In Memory --- . *Deregistered* - TmFilter *Deregistered* - tmlwf *Deregistered* - tmwfp *Deregistered* - VSApiNt . Contents of the 'Scheduled Tasks' folder . 2012-11-09 c:\windows\Tasks\Adobe Flash Player Updater.job - c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-08-29 06:15] . . --------- X64 Entries ----------- . . [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "Windows Mobile Device Center"="c:\windows\WindowsMobile\wmdc.exe" [2007-05-31 660360] . ------- Supplementary Scan ------- . uLocal Page = c:\windows\system32\blank.htm uStart Page = hxxp://www.google.com/ mLocal Page = c:\windows\SysWOW64\blank.htm IE: Customize Menu - file://c:\program files (x86)\Siber Systems\AI RoboForm\RoboFormComCustomizeIEMenu.html IE: E&xport to Microsoft Excel - c:\progra~2\MICROS~1\Office12\EXCEL.EXE/3000 IE: Fill Forms - file://c:\program files (x86)\Siber Systems\AI RoboForm\RoboFormComFillForms.html IE: RoboForm Toolbar - file://c:\program files (x86)\Siber Systems\AI RoboForm\RoboFormComShowToolbar.html IE: Save Forms - file://c:\program files (x86)\Siber Systems\AI RoboForm\RoboFormComSavePass.html Trusted Zone: netteller.com\www2 TCP: DhcpNameServer = 10.0.10.11 204.130.255.3 64.122.32.71 Handler: intu-help-qb5 - {867FCB77-9823-4cd6-8210-D85F968D466F} - c:\program files (x86)\Intuit\QuickBooks 2012\HelpAsyncPluggableProtocol.dll . - - - - ORPHANS REMOVED - - - - . Wow6432Node-HKCU-Run-Regedit32 - c:\windows\system32\regedit.exe . . . --------------------- LOCKED REGISTRY KEYS --------------------- . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}] @Denied: (A 2) (Everyone) @="FlashBroker" "LocalizedString"="@c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_11_4_402_287_ActiveX.exe,-101" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation] "Enabled"=dword:00000001 . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32] @="c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_11_4_402_287_ActiveX.exe" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib] @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}] @Denied: (A 2) (Everyone) @="IFlashBroker5" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32] @="{00020424-0000-0000-C000-000000000046}" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib] @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}" "Version"="1.0" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}] @Denied: (A 2) (Everyone) @="FlashBroker" "LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_4_402_287_ActiveX.exe,-101" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation] "Enabled"=dword:00000001 . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32] @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_4_402_287_ActiveX.exe" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib] @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}] @Denied: (A 2) (Everyone) @="Shockwave Flash Object" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32] @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_4_402_287.ocx" "ThreadingModel"="Apartment" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus] @="0" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID] @="ShockwaveFlash.ShockwaveFlash.11" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32] @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_4_402_287.ocx, 1" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib] @="{D27CDB6B-AE6D-11cf-96B8-444553540000}" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version] @="1.0" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID] @="ShockwaveFlash.ShockwaveFlash" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}] @Denied: (A 2) (Everyone) @="Macromedia Flash Factory Object" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32] @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_4_402_287.ocx" "ThreadingModel"="Apartment" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID] @="FlashFactory.FlashFactory.1" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32] @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_4_402_287.ocx, 1" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib] @="{D27CDB6B-AE6D-11cf-96B8-444553540000}" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version] @="1.0" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID] @="FlashFactory.FlashFactory" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}] @Denied: (A 2) (Everyone) @="IFlashBroker5" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32] @="{00020424-0000-0000-C000-000000000046}" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib] @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}" "Version"="1.0" . [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Office\Common\Smart Tag\Actions\{B9A09F18-45AB-4F09-A117-A4ADDA8FA8C8}] @Denied: (A) (Everyone) "Solution"="{36eb6792-3a29-43b3-8cd0-f67d266fb426}" . [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Schema Library\ActionsPane] @Denied: (A) (Everyone) . [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Schema Library\ActionsPane\0] "Key"="ActionsPane" "Location"="c:\\Program Files (x86)\\Common Files\\Microsoft Shared\\VSTO\\8.0\\ActionsPane.xsd" . [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows CE Services] "SymbolicLinkValue"=hex(6):5c,00,72,00,65,00,67,00,69,00,73,00,74,00,72,00,79, 00,5c,00,4d,00,41,00,43,00,48,00,49,00,4e,00,45,00,5c,00,53,00,4f,00,46,00,\ . [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security] @Denied: (Full) (Everyone) . Completion time: 2012-11-08 21:45:05 ComboFix-quarantined-files.txt 2012-11-09 03:45 . Pre-Run: 64,358,494,208 bytes free Post-Run: 65,944,338,432 bytes free . - - End Of File - - 2EC9B69ED1B555E986386590BABA5920 I Did not have any problems running any of the programs you recommended. The computer seems to be running fine

Results of screen317's Security Check version 0.99.54 Windows 7 x64 (UAC is enabled) Out of date service pack!! Internet Explorer 8 Out of date! ``````````````Antivirus/Firewall Check:`````````````` Windows Firewall Enabled! Trend Micro Client/Server Security Agent Antivirus Antivirus up to date! `````````Anti-malware/Other Utilities Check:````````` Malwarebytes Anti-Malware version 1.65.1.1000 Java 6 Update 26 Java version out of Date! Adobe Reader 9 Adobe Reader out of Date! ````````Process Check: objlist.exe by Laurent```````` Malwarebytes Anti-Malware mbamservice.exe Malwarebytes Anti-Malware mbamgui.exe Trend Micro OfficeScan Client pccntmon.exe Malwarebytes' Anti-Malware mbamscheduler.exe Trend Micro Client Server Security Agent ntrtscan.exe Trend Micro Client Server Security Agent tmlisten.exe Trend Micro Client Server Security Agent TmPfw.exe Trend Micro BM TMBMSRV.exe Trend Micro Client Server Security Agent CNTAoSMgr.exe Trend Micro Client Server Security Agent TmProxy.exe `````````````````System Health check````````````````` Total Fragmentation on Drive C: 0% ````````````````````End of Log`````````````````````` # AdwCleaner v2.007 - Logfile created 11/08/2012 at 21:01:07 # Updated 06/11/2012 by Xplode # Operating system : Windows 7 Professional (64 bits) # User : Connie - CONNIE01 # Boot Mode : Normal # Running from : \\SBS2008\RedirectedFolders\Connie\Desktop\adwcleaner.exe # Option [Delete] ***** [services] ***** ***** [Files / Folders] ***** ***** [Registry] ***** ***** [internet Browsers] ***** -\\ Internet Explorer v8.0.7600.16385 [OK] Registry is clean. ************************* AdwCleaner[s1].txt - [522 octets] - [08/11/2012 21:01:07] ########## EOF - C:\AdwCleaner[s1].txt - [581 octets] ########## RogueKiller V8.2.3 [11/07/2012] by Tigzy mail: tigzyRK<at>gmail<dot>com Feedback: http://www.geekstogo.com/forum/files/file/413-roguekiller/ Website: http://tigzy.geekstogo.com/roguekiller.php Blog: http://tigzyrk.blogspot.com Operating System: Windows 7 (6.1.7600 ) 64 bits version Started in : Normal mode User : Connie [Admin rights] Mode : Scan -- Date : 11/08/2012 21:05:13 ¤¤¤ Bad processes : 4 ¤¤¤ [sUSP PATH] csasvc.exe -- C:\Windows\csasvc.exe -> KILLED [TermProc] [sUSP PATH] csifcsvc.exe -- C:\Windows\csifcsvc.exe -> KILLED [TermProc] [sUSP PATH] biworeamimno.exe -- C:\Users\connie\biworeamimno.exe -> KILLED [TermProc] [sVCHOST] svchost.exe -- C:\Windows\SysWOW64\svchost.exe -> KILLED [TermProc] ¤¤¤ Registry Entries : 7 ¤¤¤ [RUN][sUSP PATH] HKCU\[...]\Run : biworeamimno (C:\Users\connie\biworeamimno.exe) -> FOUND [RUN][sUSP PATH] HKUS\S-1-5-21-4032088075-2222977693-1530169045-1146[...]\Run : biworeamimno (C:\Users\connie\biworeamimno.exe) -> FOUND [RUN][ROGUE ST] HKLM\[...]\Wow6432Node\Run : QuickBooksDB20 (C:\PROGRA~2\Intuit\QUICKB~1\QBDBMgrN.exe -n QB_CONNIE01_20 -qs -gd ALL -gk all -gp 4096 -gu all -ch 256M -c 128M -x tcpip(BroadcastListener=NO;port=55338) -ti 0 -ec simple -qi -qw -tl 120 -oe C:\PROGRA~3\Intuit\QUICKB~2\DBSTAR~1.LOG -y) -> FOUND [RUN][ROGUE ST] HKLM\[...]\Wow6432Node\Run : QuickBooksDB19 (C:\PROGRA~2\Intuit\QUICKB~2\QBDBMgrN.exe -n QB_CONNIE01_19 -qs -gd ALL -gk all -gp 4096 -gu all -ch 128M -c 64M -x tcpip(BroadcastListener=NO;port=55333) -ti 0 -ec simple -qi -qw -tl 120 -oe C:\PROGRA~3\Intuit\QUICKB~2\DBSTAR~1.LOG -y) -> FOUND [HJ SMENU] HKCU\[...]\Advanced : Start_ShowMyGames (0) -> FOUND [HJ DESK] HKLM\[...]\NewStartPanel : {59031a47-3f72-44a7-89c5-5595fe6b30ee} (1) -> FOUND [HJ DESK] HKLM\[...]\NewStartPanel : {20D04FE0-3AEA-1069-A2D8-08002B30309D} (1) -> FOUND ¤¤¤ Particular Files / Folders: ¤¤¤ ¤¤¤ Driver : [NOT LOADED] ¤¤¤ ¤¤¤ HOSTS File: ¤¤¤ --> C:\Windows\system32\drivers\etc\hosts ¤¤¤ MBR Check: ¤¤¤ +++++ PhysicalDrive0: M4-CT128M4SSD1 ATA Device +++++ --- User --- [MBR] aef347ea88a45ebbdb21c234ed8e332c [bSP] 75c35abb5423f4743a829bbcd6cdfa23 : Windows 7/8 MBR Code Partition table: 0 - [ACTIVE] NTFS (0x07) [VISIBLE] Offset (sectors): 2048 | Size: 100 Mo 1 - [XXXXXX] NTFS (0x07) [VISIBLE] Offset (sectors): 208896 | Size: 122002 Mo User = LL1 ... OK! User = LL2 ... OK! Finished : << RKreport[1]_S_11082012_02d2105.txt >> RKreport[1]_S_11082012_02d2105.txt

I ran antimalware and it removed trojans but still getting messages that the program is blocking attempts to access potentially malicious IP's I can send MBAM logs if you need them dds.txt attach.txt

SOLVED - I ran rkill and was able to run the DDS

I want to create a log to send for an infected PC. What do I try if I cant run the DDS application that I downloaded?