mbruun
-
Posts
13 -
Joined
-
Last visited
Content Type
Events
Profiles
Forums
Posts posted by mbruun
-
-
No threats have been found by ESET online scanner but it is still at 99% - I need to sleep - it's 1 AM here
I will let you know if it funds any threats tomorrow
Do you htink that this is the last step?
thank you so very much for your help - I plan to make a donation tomorrow or monday
-
I got it to run by changing the size of the screen
-
I am having a problem with the ESET scan
I dont see a "scan" button and the program detects that Windows defender is running
I just truned off the progrma but maybe I need to restart?
-
Malwarebytes Anti-Malware (Trial) 1.65.1.1000
Database version: v2012.11.08.11
Windows 7 x64 NTFS
Internet Explorer 8.0.7600.16385
Connie :: CONNIE01 [administrator]
Protection: Enabled
11/8/2012 11:15:10 PM
mbam-log-2012-11-08 (23-15-10).txt
Scan type: Quick scan
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
Scan options disabled: P2P
Objects scanned: 367267
Time elapsed: 1 minute(s), 9 second(s)
Memory Processes Detected: 0
(No malicious items detected)
Memory Modules Detected: 0
(No malicious items detected)
Registry Keys Detected: 0
(No malicious items detected)
Registry Values Detected: 0
(No malicious items detected)
Registry Data Items Detected: 0
(No malicious items detected)
Folders Detected: 0
(No malicious items detected)
Files Detected: 0
(No malicious items detected)
(end)
Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 11:17:45 PM, on 11/8/2012
Platform: Windows 7 (WinNT 6.00.3504)
MSIE: Internet Explorer v8.00 (8.00.7600.17115)
Boot mode: Normal
Running processes:
C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe
C:\Program Files (x86)\Siber Systems\AI RoboForm\robotaskbaricon.exe
C:\Program Files (x86)\Common Files\Intuit\QuickBooks\QBUpdate\qbupdate.exe
C:\Program Files (x86)\Analog Devices\Core\smax4pnp.exe
C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe
C:\Program Files (x86)\MSN Toolbar\Platform\4.0.0401.0\mswinext.exe
C:\Program Files (x86)\Internet Explorer\iexplore.exe
C:\Program Files (x86)\Internet Explorer\iexplore.exe
C:\Program Files (x86)\Microsoft\Search Enhancement Pack\SCServer\SCServer.exe
\SBS2008\RedirectedFolders\connie\Desktop\HijackThis.exe
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: Search Helper - {6EBF7485-159F-4bff-A14F-B9E3AAC4465B} - C:\Program Files (x86)\Microsoft\Search Enhancement Pack\Search Helper\SEPsearchhelperie.dll
O2 - BHO: RoboForm - {724d43a9-0d85-11d4-9908-00400523e39a} - C:\Program Files (x86)\Siber Systems\AI RoboForm\roboform.dll
O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files (x86)\Microsoft Office\Office12\GrooveShellExtensions.dll
O2 - BHO: Java Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll
O2 - BHO: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - c:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: MSN Toolbar BHO - {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - c:\Program Files (x86)\MSN Toolbar\Platform\4.0.0401.0\npwinext.dll
O2 - BHO: Java Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll
O3 - Toolbar: &RoboForm - {724d43a0-0d85-11d4-9908-00400523e39a} - C:\Program Files (x86)\Siber Systems\AI RoboForm\roboform.dll
O3 - Toolbar: MSN Toolbar - {8dcb7100-df86-4384-8842-8fa844297b3f} - c:\Program Files (x86)\MSN Toolbar\Platform\4.0.0401.0\npwinext.dll
O4 - HKLM\..\Run: [GrooveMonitor] "C:\Program Files (x86)\Microsoft Office\Office12\GrooveMonitor.exe"
O4 - HKLM\..\Run: [soundMAXPnP] C:\Program Files (x86)\Analog Devices\Core\smax4pnp.exe
O4 - HKLM\..\Run: [intuit SyncManager] C:\Program Files (x86)\Common Files\Intuit\Sync\IntuitSyncManager.exe startup
O4 - HKLM\..\Run: [MSN Toolbar] "c:\Program Files (x86)\MSN Toolbar\Platform\4.0.0401.0\mswinext.exe"
O4 - HKLM\..\Run: [Microsoft Default Manager] "C:\Program Files (x86)\Microsoft\Search Enhancement Pack\Default Manager\DefMgr.exe" -resume
O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
O4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
O4 - HKCU\..\Run: [RoboForm] "C:\Program Files (x86)\Siber Systems\AI RoboForm\RoboTaskBarIcon.exe"
O4 - Global Startup: CS Connect Background Services.lnk = WinCSI\Tools\ConnectBGDL.exe
O4 - Global Startup: Intuit Data Protect.lnk = C:\Program Files (x86)\Common Files\Intuit\DataProtect\IntuitDataProtect.exe
O4 - Global Startup: QuickBooks Update Agent.lnk = C:\Program Files (x86)\Common Files\Intuit\QuickBooks\QBUpdate\qbupdate.exe
O4 - Global Startup: QuickBooks_Standard_21.lnk = C:\Program Files (x86)\Intuit\QuickBooks 2012\QBW32.EXE
O8 - Extra context menu item: Customize Menu - file://C:\Program Files (x86)\Siber Systems\AI RoboForm\RoboFormComCustomizeIEMenu.html
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~2\MICROS~1\Office12\EXCEL.EXE/3000
O8 - Extra context menu item: Fill Forms - file://C:\Program Files (x86)\Siber Systems\AI RoboForm\RoboFormComFillForms.html
O8 - Extra context menu item: RoboForm Toolbar - file://C:\Program Files (x86)\Siber Systems\AI RoboForm\RoboFormComShowToolbar.html
O8 - Extra context menu item: Save Forms - file://C:\Program Files (x86)\Siber Systems\AI RoboForm\RoboFormComSavePass.html
O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~2\MICROS~1\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~2\MICROS~1\Office12\ONBttnIE.dll
O9 - Extra button: @C:\Windows\WindowsMobile\INetRepl.dll,-222 - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - C:\Windows\WindowsMobile\INetRepl.dll
O9 - Extra button: (no name) - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\Windows\WindowsMobile\INetRepl.dll
O9 - Extra 'Tools' menuitem: @C:\Windows\WindowsMobile\INetRepl.dll,-223 - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\Windows\WindowsMobile\INetRepl.dll
O9 - Extra button: Fill Forms - {320AF880-6646-11D3-ABEE-C5DBF3571F46} - file://C:\Program Files (x86)\Siber Systems\AI RoboForm\RoboFormComFillForms.html
O9 - Extra 'Tools' menuitem: Fill Forms - {320AF880-6646-11D3-ABEE-C5DBF3571F46} - file://C:\Program Files (x86)\Siber Systems\AI RoboForm\RoboFormComFillForms.html
O9 - Extra button: Save - {320AF880-6646-11D3-ABEE-C5DBF3571F49} - file://C:\Program Files (x86)\Siber Systems\AI RoboForm\RoboFormComSavePass.html
O9 - Extra 'Tools' menuitem: Save Forms - {320AF880-6646-11D3-ABEE-C5DBF3571F49} - file://C:\Program Files (x86)\Siber Systems\AI RoboForm\RoboFormComSavePass.html
O9 - Extra button: RoboForm - {724d43aa-0d85-11d4-9908-00400523e39a} - file://C:\Program Files (x86)\Siber Systems\AI RoboForm\RoboFormComShowToolbar.html
O9 - Extra 'Tools' menuitem: RoboForm Toolbar - {724d43aa-0d85-11d4-9908-00400523e39a} - file://C:\Program Files (x86)\Siber Systems\AI RoboForm\RoboFormComShowToolbar.html
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~2\MICROS~1\Office12\REFIEBAR.DLL
O9 - Extra button: Sageworks - {5BD9E6D7-A785-41E1-B13F-E7AA845D92DE} - https://www.profitcents.com/login.asp?pcicon=1&username=bhbadvisors&password=showtime (file missing) (HKCU)
O9 - Extra 'Tools' menuitem: Sageworks - {5BD9E6D7-A785-41E1-B13F-E7AA845D92DE} - https://www.profitcents.com/login.asp?pcicon=1&username=bhbadvisors&password=showtime (file missing) (HKCU)
O10 - Unknown file in Winsock LSP: c:\program files (x86)\common files\microsoft shared\windows live\wlidnsp.dll
O10 - Unknown file in Winsock LSP: c:\program files (x86)\common files\microsoft shared\windows live\wlidnsp.dll
O16 - DPF: {00134F72-5284-44F7-95A8-52A619F70751} (ObjWinNTCheck Class) - https://sbs2008.bhbadvisors.local:4343/officescan/console/ClientInstall/WinNTChk.cab
O16 - DPF: {08D75BB0-D2B5-11D1-88FC-0080C859833B} (OfficeScan Corp Edition Web-Deployment SetupINICtrl Class) - https://sbs2008.bhbadvisors.local:4343/officescan/console/ClientInstall/setupini.cab
O16 - DPF: {08D75BC1-D2B5-11D1-88FC-0080C859833B} (OfficeScan Corp Edition Web-Deployment SetupCtrl Class) - https://sbs2008.bhbadvisors.local:4343/officescan/console/ClientInstall/setup.cab
O16 - DPF: {5EFE8CB1-D095-11D1-88FC-0080C859833B} (OfficeScan Corp Edition Web-Deployment ObjRemoveCtrl Class) - https://sbs2008.bhbadvisors.local:4343/officescan/console/ClientInstall/RemoveCtrl.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: Domain = bhbadvisors.local
O17 - HKLM\System\CS1\Services\Tcpip\Parameters: Domain = bhbadvisors.local
O17 - HKLM\System\CS2\Services\Tcpip\Parameters: Domain = bhbadvisors.local
O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program Files (x86)\Microsoft Office\Office12\GrooveSystemServices.dll
O18 - Protocol: intu-help-qb2 - {84D77A00-41B5-4B8B-8ADF-86486D72E749} - C:\Program Files (x86)\Intuit\QuickBooks 2009\HelpAsyncPluggableProtocol.dll
O18 - Protocol: intu-help-qb3 - {C5E479EA-0A65-4B05-8C6C-2FC8CC682EB4} - C:\Program Files (x86)\Intuit\QuickBooks 2010\HelpAsyncPluggableProtocol.dll
O18 - Protocol: intu-help-qb4 - {ACE22922-D07C-4860-B51B-8CF472FEC2CB} - C:\Program Files (x86)\Intuit\QuickBooks 2011\HelpAsyncPluggableProtocol.dll
O18 - Protocol: intu-help-qb5 - {867FCB77-9823-4CD6-8210-D85F968D466F} - C:\Program Files (x86)\Intuit\QuickBooks 2012\HelpAsyncPluggableProtocol.dll
O18 - Protocol: qbwc - {FC598A64-626C-4447-85B8-53150405FD57} - mscoree.dll (file missing)
O23 - Service: Adobe Acrobat Update Service (AdobeARMservice) - Adobe Systems Incorporated - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
O23 - Service: Adobe Flash Player Update Service (AdobeFlashPlayerUpdateSvc) - Adobe Systems Incorporated - C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
O23 - Service: Andrea ADI Filters Service (AEADIFilters) - Unknown owner - C:\Windows\system32\AEADISRV.EXE (file missing)
O23 - Service: @%SystemRoot%\system32\Alg.exe,-112 (ALG) - Unknown owner - C:\Windows\System32\alg.exe (file missing)
O23 - Service: Creative Solutions Accounting Print Service (CSAPrintService) - Thomson Reuters - C:\Windows\csasvc.exe
O23 - Service: @%SystemRoot%\system32\efssvc.dll,-100 (EFS) - Unknown owner - C:\Windows\System32\lsass.exe (file missing)
O23 - Service: @%systemroot%\system32\fxsresm.dll,-118 (Fax) - Unknown owner - C:\Windows\system32\fxssvc.exe (file missing)
O23 - Service: FileCabinet CS Print Service (FCPrintService) - Thomson Reuters - C:\Windows\csifcsvc.exe
O23 - Service: GoToMyPC - Citrix Online, a division of Citrix Systems, Inc. - C:\Program Files (x86)\Citrix\GoToMyPC\g2svc.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files (x86)\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: @keyiso.dll,-100 (KeyIso) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: MBAMScheduler - Malwarebytes Corporation - C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe
O23 - Service: MBAMService - Malwarebytes Corporation - C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe
O23 - Service: @comres.dll,-2797 (MSDTC) - Unknown owner - C:\Windows\System32\msdtc.exe (file missing)
O23 - Service: @%SystemRoot%\System32\netlogon.dll,-102 (Netlogon) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%systemroot%\system32\psbase.dll,-300 (ProtectedStorage) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: QBCFMonitorService - Intuit - C:\Program Files (x86)\Common Files\Intuit\QuickBooks\QBCFMonitorService.exe
O23 - Service: Intuit QuickBooks FCS (QBFCService) - Intuit Inc. - C:\Program Files (x86)\Common Files\Intuit\QuickBooks\FCS\Intuit.QuickBooks.FCS.exe
O23 - Service: QBIDPService (QBVSS) - Intuit Inc. - C:\Program Files (x86)\Common Files\Intuit\DataProtect\QBIDPService.exe
O23 - Service: @%systemroot%\system32\Locator.exe,-2 (RpcLocator) - Unknown owner - C:\Windows\system32\locator.exe (file missing)
O23 - Service: @%SystemRoot%\system32\samsrv.dll,-1 (SamSs) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%SystemRoot%\system32\snmptrap.exe,-3 (SNMPTRAP) - Unknown owner - C:\Windows\System32\snmptrap.exe (file missing)
O23 - Service: @%systemroot%\system32\spoolsv.exe,-1 (Spooler) - Unknown owner - C:\Windows\System32\spoolsv.exe (file missing)
O23 - Service: @%SystemRoot%\system32\sppsvc.exe,-101 (sppsvc) - Unknown owner - C:\Windows\system32\sppsvc.exe (file missing)
O23 - Service: @%SystemRoot%\system32\ui0detect.exe,-101 (UI0Detect) - Unknown owner - C:\Windows\system32\UI0Detect.exe (file missing)
O23 - Service: @%SystemRoot%\system32\vaultsvc.dll,-1003 (VaultSvc) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%SystemRoot%\system32\vds.exe,-100 (vds) - Unknown owner - C:\Windows\System32\vds.exe (file missing)
O23 - Service: @%systemroot%\system32\vssvc.exe,-102 (VSS) - Unknown owner - C:\Windows\system32\vssvc.exe (file missing)
O23 - Service: @%systemroot%\system32\wbengine.exe,-104 (wbengine) - Unknown owner - C:\Windows\system32\wbengine.exe (file missing)
O23 - Service: @%Systemroot%\system32\wbem\wmiapsrv.exe,-110 (wmiApSrv) - Unknown owner - C:\Windows\system32\wbem\WmiApSrv.exe (file missing)
O23 - Service: @%PROGRAMFILES%\Windows Media Player\wmpnetwk.exe,-101 (WMPNetworkSvc) - Unknown owner - C:\Program Files (x86)\Windows Media Player\wmpnetwk.exe (file missing)
--
End of file - 13552 bytes
-
Malwarebytes Anti-Malware (Trial) 1.65.1.1000
Database version: v2012.11.08.11
Windows 7 x64 NTFS
Internet Explorer 8.0.7600.16385
Connie :: CONNIE01 [administrator]
Protection: Enabled
11/8/2012 11:15:10 PM
mbam-log-2012-11-08 (23-15-10).txt
Scan type: Quick scan
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
Scan options disabled: P2P
Objects scanned: 367267
Time elapsed: 1 minute(s), 9 second(s)
Memory Processes Detected: 0
(No malicious items detected)
Memory Modules Detected: 0
(No malicious items detected)
Registry Keys Detected: 0
(No malicious items detected)
Registry Values Detected: 0
(No malicious items detected)
Registry Data Items Detected: 0
(No malicious items detected)
Folders Detected: 0
(No malicious items detected)
Files Detected: 0
(No malicious items detected)
(end)
I do not have any problems
I need to reinstal my WFBS trend micro cleint but I need the 64 bit installer file. do you know anyhting about how to get that?
Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 11:17:45 PM, on 11/8/2012
Platform: Windows 7 (WinNT 6.00.3504)
MSIE: Internet Explorer v8.00 (8.00.7600.17115)
Boot mode: Normal
Running processes:
C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe
C:\Program Files (x86)\Siber Systems\AI RoboForm\robotaskbaricon.exe
C:\Program Files (x86)\Common Files\Intuit\QuickBooks\QBUpdate\qbupdate.exe
C:\Program Files (x86)\Analog Devices\Core\smax4pnp.exe
C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe
C:\Program Files (x86)\MSN Toolbar\Platform\4.0.0401.0\mswinext.exe
C:\Program Files (x86)\Internet Explorer\iexplore.exe
C:\Program Files (x86)\Internet Explorer\iexplore.exe
C:\Program Files (x86)\Microsoft\Search Enhancement Pack\SCServer\SCServer.exe
\SBS2008\RedirectedFolders\connie\Desktop\HijackThis.exe
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: Search Helper - {6EBF7485-159F-4bff-A14F-B9E3AAC4465B} - C:\Program Files (x86)\Microsoft\Search Enhancement Pack\Search Helper\SEPsearchhelperie.dll
O2 - BHO: RoboForm - {724d43a9-0d85-11d4-9908-00400523e39a} - C:\Program Files (x86)\Siber Systems\AI RoboForm\roboform.dll
O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files (x86)\Microsoft Office\Office12\GrooveShellExtensions.dll
O2 - BHO: Java Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll
O2 - BHO: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - c:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: MSN Toolbar BHO - {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - c:\Program Files (x86)\MSN Toolbar\Platform\4.0.0401.0\npwinext.dll
O2 - BHO: Java Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll
O3 - Toolbar: &RoboForm - {724d43a0-0d85-11d4-9908-00400523e39a} - C:\Program Files (x86)\Siber Systems\AI RoboForm\roboform.dll
O3 - Toolbar: MSN Toolbar - {8dcb7100-df86-4384-8842-8fa844297b3f} - c:\Program Files (x86)\MSN Toolbar\Platform\4.0.0401.0\npwinext.dll
O4 - HKLM\..\Run: [GrooveMonitor] "C:\Program Files (x86)\Microsoft Office\Office12\GrooveMonitor.exe"
O4 - HKLM\..\Run: [soundMAXPnP] C:\Program Files (x86)\Analog Devices\Core\smax4pnp.exe
O4 - HKLM\..\Run: [intuit SyncManager] C:\Program Files (x86)\Common Files\Intuit\Sync\IntuitSyncManager.exe startup
O4 - HKLM\..\Run: [MSN Toolbar] "c:\Program Files (x86)\MSN Toolbar\Platform\4.0.0401.0\mswinext.exe"
O4 - HKLM\..\Run: [Microsoft Default Manager] "C:\Program Files (x86)\Microsoft\Search Enhancement Pack\Default Manager\DefMgr.exe" -resume
O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
O4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
O4 - HKCU\..\Run: [RoboForm] "C:\Program Files (x86)\Siber Systems\AI RoboForm\RoboTaskBarIcon.exe"
O4 - Global Startup: CS Connect Background Services.lnk = WinCSI\Tools\ConnectBGDL.exe
O4 - Global Startup: Intuit Data Protect.lnk = C:\Program Files (x86)\Common Files\Intuit\DataProtect\IntuitDataProtect.exe
O4 - Global Startup: QuickBooks Update Agent.lnk = C:\Program Files (x86)\Common Files\Intuit\QuickBooks\QBUpdate\qbupdate.exe
O4 - Global Startup: QuickBooks_Standard_21.lnk = C:\Program Files (x86)\Intuit\QuickBooks 2012\QBW32.EXE
O8 - Extra context menu item: Customize Menu - file://C:\Program Files (x86)\Siber Systems\AI RoboForm\RoboFormComCustomizeIEMenu.html
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~2\MICROS~1\Office12\EXCEL.EXE/3000
O8 - Extra context menu item: Fill Forms - file://C:\Program Files (x86)\Siber Systems\AI RoboForm\RoboFormComFillForms.html
O8 - Extra context menu item: RoboForm Toolbar - file://C:\Program Files (x86)\Siber Systems\AI RoboForm\RoboFormComShowToolbar.html
O8 - Extra context menu item: Save Forms - file://C:\Program Files (x86)\Siber Systems\AI RoboForm\RoboFormComSavePass.html
O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~2\MICROS~1\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~2\MICROS~1\Office12\ONBttnIE.dll
O9 - Extra button: @C:\Windows\WindowsMobile\INetRepl.dll,-222 - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - C:\Windows\WindowsMobile\INetRepl.dll
O9 - Extra button: (no name) - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\Windows\WindowsMobile\INetRepl.dll
O9 - Extra 'Tools' menuitem: @C:\Windows\WindowsMobile\INetRepl.dll,-223 - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\Windows\WindowsMobile\INetRepl.dll
O9 - Extra button: Fill Forms - {320AF880-6646-11D3-ABEE-C5DBF3571F46} - file://C:\Program Files (x86)\Siber Systems\AI RoboForm\RoboFormComFillForms.html
O9 - Extra 'Tools' menuitem: Fill Forms - {320AF880-6646-11D3-ABEE-C5DBF3571F46} - file://C:\Program Files (x86)\Siber Systems\AI RoboForm\RoboFormComFillForms.html
O9 - Extra button: Save - {320AF880-6646-11D3-ABEE-C5DBF3571F49} - file://C:\Program Files (x86)\Siber Systems\AI RoboForm\RoboFormComSavePass.html
O9 - Extra 'Tools' menuitem: Save Forms - {320AF880-6646-11D3-ABEE-C5DBF3571F49} - file://C:\Program Files (x86)\Siber Systems\AI RoboForm\RoboFormComSavePass.html
O9 - Extra button: RoboForm - {724d43aa-0d85-11d4-9908-00400523e39a} - file://C:\Program Files (x86)\Siber Systems\AI RoboForm\RoboFormComShowToolbar.html
O9 - Extra 'Tools' menuitem: RoboForm Toolbar - {724d43aa-0d85-11d4-9908-00400523e39a} - file://C:\Program Files (x86)\Siber Systems\AI RoboForm\RoboFormComShowToolbar.html
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~2\MICROS~1\Office12\REFIEBAR.DLL
O9 - Extra button: Sageworks - {5BD9E6D7-A785-41E1-B13F-E7AA845D92DE} - https://www.profitcents.com/login.asp?pcicon=1&username=bhbadvisors&password=showtime (file missing) (HKCU)
O9 - Extra 'Tools' menuitem: Sageworks - {5BD9E6D7-A785-41E1-B13F-E7AA845D92DE} - https://www.profitcents.com/login.asp?pcicon=1&username=bhbadvisors&password=showtime (file missing) (HKCU)
O10 - Unknown file in Winsock LSP: c:\program files (x86)\common files\microsoft shared\windows live\wlidnsp.dll
O10 - Unknown file in Winsock LSP: c:\program files (x86)\common files\microsoft shared\windows live\wlidnsp.dll
O16 - DPF: {00134F72-5284-44F7-95A8-52A619F70751} (ObjWinNTCheck Class) - https://sbs2008.bhbadvisors.local:4343/officescan/console/ClientInstall/WinNTChk.cab
O16 - DPF: {08D75BB0-D2B5-11D1-88FC-0080C859833B} (OfficeScan Corp Edition Web-Deployment SetupINICtrl Class) - https://sbs2008.bhbadvisors.local:4343/officescan/console/ClientInstall/setupini.cab
O16 - DPF: {08D75BC1-D2B5-11D1-88FC-0080C859833B} (OfficeScan Corp Edition Web-Deployment SetupCtrl Class) - https://sbs2008.bhbadvisors.local:4343/officescan/console/ClientInstall/setup.cab
O16 - DPF: {5EFE8CB1-D095-11D1-88FC-0080C859833B} (OfficeScan Corp Edition Web-Deployment ObjRemoveCtrl Class) - https://sbs2008.bhbadvisors.local:4343/officescan/console/ClientInstall/RemoveCtrl.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: Domain = bhbadvisors.local
O17 - HKLM\System\CS1\Services\Tcpip\Parameters: Domain = bhbadvisors.local
O17 - HKLM\System\CS2\Services\Tcpip\Parameters: Domain = bhbadvisors.local
O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program Files (x86)\Microsoft Office\Office12\GrooveSystemServices.dll
O18 - Protocol: intu-help-qb2 - {84D77A00-41B5-4B8B-8ADF-86486D72E749} - C:\Program Files (x86)\Intuit\QuickBooks 2009\HelpAsyncPluggableProtocol.dll
O18 - Protocol: intu-help-qb3 - {C5E479EA-0A65-4B05-8C6C-2FC8CC682EB4} - C:\Program Files (x86)\Intuit\QuickBooks 2010\HelpAsyncPluggableProtocol.dll
O18 - Protocol: intu-help-qb4 - {ACE22922-D07C-4860-B51B-8CF472FEC2CB} - C:\Program Files (x86)\Intuit\QuickBooks 2011\HelpAsyncPluggableProtocol.dll
O18 - Protocol: intu-help-qb5 - {867FCB77-9823-4CD6-8210-D85F968D466F} - C:\Program Files (x86)\Intuit\QuickBooks 2012\HelpAsyncPluggableProtocol.dll
O18 - Protocol: qbwc - {FC598A64-626C-4447-85B8-53150405FD57} - mscoree.dll (file missing)
O23 - Service: Adobe Acrobat Update Service (AdobeARMservice) - Adobe Systems Incorporated - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
O23 - Service: Adobe Flash Player Update Service (AdobeFlashPlayerUpdateSvc) - Adobe Systems Incorporated - C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
O23 - Service: Andrea ADI Filters Service (AEADIFilters) - Unknown owner - C:\Windows\system32\AEADISRV.EXE (file missing)
O23 - Service: @%SystemRoot%\system32\Alg.exe,-112 (ALG) - Unknown owner - C:\Windows\System32\alg.exe (file missing)
O23 - Service: Creative Solutions Accounting Print Service (CSAPrintService) - Thomson Reuters - C:\Windows\csasvc.exe
O23 - Service: @%SystemRoot%\system32\efssvc.dll,-100 (EFS) - Unknown owner - C:\Windows\System32\lsass.exe (file missing)
O23 - Service: @%systemroot%\system32\fxsresm.dll,-118 (Fax) - Unknown owner - C:\Windows\system32\fxssvc.exe (file missing)
O23 - Service: FileCabinet CS Print Service (FCPrintService) - Thomson Reuters - C:\Windows\csifcsvc.exe
O23 - Service: GoToMyPC - Citrix Online, a division of Citrix Systems, Inc. - C:\Program Files (x86)\Citrix\GoToMyPC\g2svc.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files (x86)\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: @keyiso.dll,-100 (KeyIso) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: MBAMScheduler - Malwarebytes Corporation - C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe
O23 - Service: MBAMService - Malwarebytes Corporation - C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe
O23 - Service: @comres.dll,-2797 (MSDTC) - Unknown owner - C:\Windows\System32\msdtc.exe (file missing)
O23 - Service: @%SystemRoot%\System32\netlogon.dll,-102 (Netlogon) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%systemroot%\system32\psbase.dll,-300 (ProtectedStorage) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: QBCFMonitorService - Intuit - C:\Program Files (x86)\Common Files\Intuit\QuickBooks\QBCFMonitorService.exe
O23 - Service: Intuit QuickBooks FCS (QBFCService) - Intuit Inc. - C:\Program Files (x86)\Common Files\Intuit\QuickBooks\FCS\Intuit.QuickBooks.FCS.exe
O23 - Service: QBIDPService (QBVSS) - Intuit Inc. - C:\Program Files (x86)\Common Files\Intuit\DataProtect\QBIDPService.exe
O23 - Service: @%systemroot%\system32\Locator.exe,-2 (RpcLocator) - Unknown owner - C:\Windows\system32\locator.exe (file missing)
O23 - Service: @%SystemRoot%\system32\samsrv.dll,-1 (SamSs) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%SystemRoot%\system32\snmptrap.exe,-3 (SNMPTRAP) - Unknown owner - C:\Windows\System32\snmptrap.exe (file missing)
O23 - Service: @%systemroot%\system32\spoolsv.exe,-1 (Spooler) - Unknown owner - C:\Windows\System32\spoolsv.exe (file missing)
O23 - Service: @%SystemRoot%\system32\sppsvc.exe,-101 (sppsvc) - Unknown owner - C:\Windows\system32\sppsvc.exe (file missing)
O23 - Service: @%SystemRoot%\system32\ui0detect.exe,-101 (UI0Detect) - Unknown owner - C:\Windows\system32\UI0Detect.exe (file missing)
O23 - Service: @%SystemRoot%\system32\vaultsvc.dll,-1003 (VaultSvc) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%SystemRoot%\system32\vds.exe,-100 (vds) - Unknown owner - C:\Windows\System32\vds.exe (file missing)
O23 - Service: @%systemroot%\system32\vssvc.exe,-102 (VSS) - Unknown owner - C:\Windows\system32\vssvc.exe (file missing)
O23 - Service: @%systemroot%\system32\wbengine.exe,-104 (wbengine) - Unknown owner - C:\Windows\system32\wbengine.exe (file missing)
O23 - Service: @%Systemroot%\system32\wbem\wmiapsrv.exe,-110 (wmiApSrv) - Unknown owner - C:\Windows\system32\wbem\WmiApSrv.exe (file missing)
O23 - Service: @%PROGRAMFILES%\Windows Media Player\wmpnetwk.exe,-101 (WMPNetworkSvc) - Unknown owner - C:\Program Files (x86)\Windows Media Player\wmpnetwk.exe (file missing)
--
End of file - 13552 bytes
-
ComboFix 12-11-08.01 - Connie 11/08/2012 22:40:05.2.4 - x64
Microsoft Windows 7 Professional 6.1.7600.0.1252.1.1033.18.8090.6310 [GMT -6:00]
Running from: \\SBS2008\RedirectedFolders\connie\Desktop\Malware Folder Nov 2012\ComboFix.exe
Command switches used :: \\SBS2008\RedirectedFolders\connie\Desktop\CF Script.txt
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
((((((((((((((((((((((((( Files Created from 2012-10-09 to 2012-11-09 )))))))))))))))))))))))))))))))
.
.
2012-11-09 04:43 . 2012-11-09 04:43 -------- d-----w- c:\users\test\AppData\Local\temp
2012-11-09 04:43 . 2012-11-09 04:43 -------- d-----w- c:\users\QBDataServiceUser22\AppData\Local\temp
2012-11-09 04:43 . 2012-11-09 04:43 -------- d-----w- c:\users\QBDataServiceUser21\AppData\Local\temp
2012-11-09 04:43 . 2012-11-09 04:43 -------- d-----w- c:\users\QBDataServiceUser20\AppData\Local\temp
2012-11-09 04:43 . 2012-11-09 04:43 -------- d-----w- c:\users\Matt\AppData\Local\temp
2012-11-09 04:43 . 2012-11-09 04:43 -------- d-----w- c:\users\Default\AppData\Local\temp
2012-11-09 04:43 . 2012-11-09 04:43 -------- d-----w- c:\users\bruun2\AppData\Local\temp
2012-11-09 04:43 . 2012-11-09 04:43 -------- d-----w- c:\users\badmin\AppData\Local\temp
2012-11-09 02:19 . 2012-11-09 02:19 -------- d-----w- c:\users\badmin\AppData\Local\Intuit
2012-11-08 21:43 . 2012-11-08 21:40 689190 ----a-w- C:\dds.scr
2012-11-08 17:44 . 2012-11-08 17:44 -------- d-----w- c:\users\connie\AppData\Roaming\Malwarebytes
2012-11-08 17:44 . 2012-11-08 17:44 -------- d-----w- c:\programdata\Malwarebytes
2012-11-08 17:44 . 2012-11-08 17:44 -------- d-----w- c:\program files (x86)\Malwarebytes' Anti-Malware
2012-11-08 17:44 . 2012-09-30 01:54 25928 ----a-w- c:\windows\system32\drivers\mbam.sys
2012-11-06 08:41 . 2012-10-12 07:19 9291768 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{D21448E0-4C24-43D8-94C8-937A998262BF}\mpengine.dll
2012-11-03 02:02 . 2001-07-30 15:40 44032 ----a-w- c:\windows\SysWow64\temp.051
2012-11-03 02:02 . 2000-05-27 05:00 1388544 ----a-w- c:\windows\SysWow64\temp.052
2012-11-03 02:02 . 1998-05-31 05:00 22288 ----a-w- c:\windows\SysWow64\temp.053
2012-11-03 02:02 . 2001-07-30 15:42 1118720 ----a-w- c:\windows\SysWow64\temp.050
2012-11-03 02:02 . 2001-11-15 22:14 295000 ----a-w- c:\windows\SysWow64\temp.04E
2012-11-03 02:02 . 2001-11-15 22:14 995383 ----a-w- c:\windows\SysWow64\temp.04F
2012-11-03 02:02 . 1998-06-17 17:52 401462 ----a-w- c:\windows\SysWow64\temp.04D
2012-10-26 07:07 . 2012-06-02 22:19 44056 ----a-w- c:\windows\system32\wups2.dll
2012-10-26 07:07 . 2012-06-02 22:19 2428952 ----a-w- c:\windows\system32\wuaueng.dll
2012-10-26 07:07 . 2012-06-02 22:19 57880 ----a-w- c:\windows\system32\wuauclt.exe
2012-10-26 07:07 . 2012-06-02 22:15 2622464 ----a-w- c:\windows\system32\wucltux.dll
2012-10-26 07:06 . 2012-06-02 22:19 38424 ----a-w- c:\windows\system32\wups.dll
2012-10-26 07:06 . 2012-06-02 22:19 701976 ----a-w- c:\windows\system32\wuapi.dll
2012-10-26 07:06 . 2012-06-02 22:15 99840 ----a-w- c:\windows\system32\wudriver.dll
2012-10-26 07:06 . 2012-06-02 20:19 186752 ----a-w- c:\windows\system32\wuwebv.dll
2012-10-26 07:06 . 2012-06-02 20:15 36864 ----a-w- c:\windows\system32\wuapp.exe
2012-10-11 08:02 . 2012-08-30 18:11 5505904 ----a-w- c:\windows\system32\ntoskrnl.exe
2012-10-11 08:02 . 2012-08-30 17:18 3958128 ----a-w- c:\windows\SysWow64\ntkrnlpa.exe
2012-10-11 08:02 . 2012-08-30 17:18 3902832 ----a-w- c:\windows\SysWow64\ntoskrnl.exe
2012-10-11 08:01 . 2012-08-24 18:05 220160 ----a-w- c:\windows\system32\wintrust.dll
2012-10-11 08:01 . 2012-08-24 17:10 172544 ----a-w- c:\windows\SysWow64\wintrust.dll
2012-10-11 08:01 . 2012-08-11 00:53 714752 ----a-w- c:\windows\system32\kerberos.dll
2012-10-11 08:01 . 2012-08-10 23:54 541184 ----a-w- c:\windows\SysWow64\kerberos.dll
2012-10-11 08:00 . 2012-06-02 05:25 182272 ----a-w- c:\windows\system32\cryptsvc.dll
2012-10-11 08:00 . 2012-06-02 05:25 1462784 ----a-w- c:\windows\system32\crypt32.dll
2012-10-11 08:00 . 2012-06-02 05:25 140288 ----a-w- c:\windows\system32\cryptnet.dll
2012-10-11 08:00 . 2012-06-02 04:45 139264 ----a-w- c:\windows\SysWow64\cryptsvc.dll
2012-10-11 08:00 . 2012-06-02 04:45 1157632 ----a-w- c:\windows\SysWow64\crypt32.dll
2012-10-11 08:00 . 2012-06-02 04:45 103936 ----a-w- c:\windows\SysWow64\cryptnet.dll
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-10-09 06:15 . 2012-08-29 14:17 696760 ----a-w- c:\windows\SysWow64\FlashPlayerApp.exe
2012-10-09 06:15 . 2012-02-29 16:29 73656 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl
2012-08-24 18:05 . 2012-09-23 08:00 1197568 ----a-w- c:\windows\system32\wininet.dll
2012-08-24 18:05 . 2012-09-23 08:00 134144 ----a-w- c:\windows\system32\url.dll
2012-08-24 18:05 . 2012-09-23 08:00 1501696 ----a-w- c:\windows\system32\urlmon.dll
2012-08-24 18:03 . 2012-09-23 08:00 1026560 ----a-w- c:\windows\system32\mstime.dll
2012-08-24 18:02 . 2012-09-23 08:00 97792 ----a-w- c:\windows\system32\mshtmled.dll
2012-08-24 18:02 . 2012-09-23 08:00 9375744 ----a-w- c:\windows\system32\mshtml.dll
2012-08-24 18:02 . 2012-09-23 08:00 736256 ----a-w- c:\windows\system32\msfeeds.dll
2012-08-24 18:02 . 2012-09-23 08:00 82944 ----a-w- c:\windows\system32\msfeedsbs.dll
2012-08-24 18:02 . 2012-09-23 08:00 57856 ----a-w- c:\windows\system32\licmgr10.dll
2012-08-24 18:02 . 2012-09-23 08:00 64512 ----a-w- c:\windows\system32\jsproxy.dll
2012-08-24 18:01 . 2012-09-23 08:00 247808 ----a-w- c:\windows\system32\ieui.dll
2012-08-24 18:01 . 2012-09-23 08:00 2458624 ----a-w- c:\windows\system32\iertutil.dll
2012-08-24 18:01 . 2012-09-23 08:00 256000 ----a-w- c:\windows\system32\iepeers.dll
2012-08-24 18:01 . 2012-09-23 08:00 12404736 ----a-w- c:\windows\system32\ieframe.dll
2012-08-24 18:01 . 2012-09-23 08:00 445952 ----a-w- c:\windows\system32\iedkcs32.dll
2012-08-24 17:59 . 2012-09-23 08:00 12288 ----a-w- c:\windows\system32\msfeedssync.exe
2012-08-24 17:10 . 2012-09-23 08:00 981504 ----a-w- c:\windows\SysWow64\wininet.dll
2012-08-24 17:08 . 2012-09-23 08:00 44544 ----a-w- c:\windows\SysWow64\licmgr10.dll
2012-08-24 16:45 . 2012-09-23 08:00 482816 ----a-w- c:\windows\system32\html.iec
2012-08-24 16:02 . 2012-09-23 08:00 1638912 ----a-w- c:\windows\system32\mshtml.tlb
2012-08-24 16:01 . 2012-09-23 08:00 386048 ----a-w- c:\windows\SysWow64\html.iec
2012-08-24 15:27 . 2012-09-23 08:00 1638912 ----a-w- c:\windows\SysWow64\mshtml.tlb
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"RoboForm"="c:\program files (x86)\Siber Systems\AI RoboForm\RoboTaskBarIcon.exe" [2009-12-31 160592]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"GrooveMonitor"="c:\program files (x86)\Microsoft Office\Office12\GrooveMonitor.exe" [2008-10-25 31072]
"SoundMAXPnP"="c:\program files (x86)\Analog Devices\Core\smax4pnp.exe" [2008-06-24 1310720]
"Intuit SyncManager"="c:\program files (x86)\Common Files\Intuit\Sync\IntuitSyncManager.exe" [2011-09-30 2215768]
"MSN Toolbar"="c:\program files (x86)\MSN Toolbar\Platform\4.0.0401.0\mswinext.exe" [2010-02-12 240992]
"Microsoft Default Manager"="c:\program files (x86)\Microsoft\Search Enhancement Pack\Default Manager\DefMgr.exe" [2009-07-17 288080]
"SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe" [2011-04-08 254696]
"Adobe Reader Speed Launcher"="c:\program files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2012-01-04 37296]
"Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2012-01-02 843712]
.
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
CS Connect Background Services.lnk - \\sbs2008\share1\WinCSI\Tools\ConnectBGDL.exe [2009-12-29 1943544]
Intuit Data Protect.lnk - c:\program files (x86)\Common Files\Intuit\DataProtect\IntuitDataProtect.exe [2011-11-2 5927768]
QuickBooks Update Agent.lnk - c:\program files (x86)\Common Files\Intuit\QuickBooks\QBUpdate\qbupdate.exe [2011-11-2 1175912]
QuickBooks_Standard_21.lnk - c:\program files (x86)\Intuit\QuickBooks 2012\QBW32.EXE [2011-11-2 1178984]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
"EnableLinkedConnections"= 1 (0x1)
"SoftwareSASGeneration"= 3 (0x3)
.
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]
R4 QuickBooksDB19;QuickBooksDB19;c:\progra~2\Intuit\QUICKB~2\QBDBMgrN.exe [2009-10-01 131072]
R4 QuickBooksDB20;QuickBooksDB20;c:\progra~2\Intuit\QUICKB~1\QBDBMgrN.exe [2009-08-18 678912]
R4 QuickBooksDB21;QuickBooksDB21;c:\progra~2\Intuit\QUICKB~3\QBDBMgrN.exe [2010-04-28 679936]
R4 QuickBooksDB22;QuickBooksDB22;c:\progra~2\Intuit\QUICKB~4\QBDBMgrN.exe [2011-11-02 679936]
S2 CSAPrintService;Creative Solutions Accounting Print Service;c:\windows\csasvc.exe [2009-10-23 118784]
S2 MBAMScheduler;MBAMScheduler;c:\program files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe [2012-09-30 399432]
S2 MBAMService;MBAMService;c:\program files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [2012-09-30 676936]
S2 QBVSS;QBIDPService;c:\program files (x86)\Common Files\Intuit\DataProtect\QBIDPService.exe [2011-11-02 1248256]
S3 e1kexpress;Intel® PRO/1000 PCI Express Network Connection Driver K;c:\windows\system32\DRIVERS\e1k60x64.sys [2009-06-10 220672]
S3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [2012-09-30 25928]
.
.
--- Other Services/Drivers In Memory ---
.
*NewlyCreated* - 10304941
*NewlyCreated* - ASWMBR
*Deregistered* - 10304941
*Deregistered* - aswMBR
.
Contents of the 'Scheduled Tasks' folder
.
2012-11-09 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-08-29 06:15]
.
.
--------- X64 Entries -----------
.
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Windows Mobile Device Center"="c:\windows\WindowsMobile\wmdc.exe" [2007-05-31 660360]
.
------- Supplementary Scan -------
.
uLocal Page = c:\windows\system32\blank.htm
uStart Page = hxxp://www.google.com/
mLocal Page = c:\windows\SysWOW64\blank.htm
IE: Customize Menu - file://c:\program files (x86)\Siber Systems\AI RoboForm\RoboFormComCustomizeIEMenu.html
IE: E&xport to Microsoft Excel - c:\progra~2\MICROS~1\Office12\EXCEL.EXE/3000
IE: Fill Forms - file://c:\program files (x86)\Siber Systems\AI RoboForm\RoboFormComFillForms.html
IE: RoboForm Toolbar - file://c:\program files (x86)\Siber Systems\AI RoboForm\RoboFormComShowToolbar.html
IE: Save Forms - file://c:\program files (x86)\Siber Systems\AI RoboForm\RoboFormComSavePass.html
Trusted Zone: netteller.com\www2
TCP: DhcpNameServer = 10.0.10.11 204.130.255.3 64.122.32.71
Handler: intu-help-qb5 - {867FCB77-9823-4cd6-8210-D85F968D466F} - c:\program files (x86)\Intuit\QuickBooks 2012\HelpAsyncPluggableProtocol.dll
.
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_11_4_402_287_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
@="c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_11_4_402_287_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="IFlashBroker5"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_4_402_287_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_4_402_287_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_4_402_287.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.11"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_4_402_287.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_4_402_287.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_4_402_287.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="IFlashBroker5"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Office\Common\Smart Tag\Actions\{B9A09F18-45AB-4F09-A117-A4ADDA8FA8C8}]
@Denied: (A) (Everyone)
"Solution"="{36eb6792-3a29-43b3-8cd0-f67d266fb426}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Schema Library\ActionsPane]
@Denied: (A) (Everyone)
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Schema Library\ActionsPane\0]
"Key"="ActionsPane"
"Location"="c:\\Program Files (x86)\\Common Files\\Microsoft Shared\\VSTO\\8.0\\ActionsPane.xsd"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows CE Services]
"SymbolicLinkValue"=hex(6):5c,00,72,00,65,00,67,00,69,00,73,00,74,00,72,00,79,
00,5c,00,4d,00,41,00,43,00,48,00,49,00,4e,00,45,00,5c,00,53,00,4f,00,46,00,\
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
Completion time: 2012-11-08 22:45:04
ComboFix-quarantined-files.txt 2012-11-09 04:45
ComboFix2.txt 2012-11-09 03:45
.
Pre-Run: 65,556,115,456 bytes free
Post-Run: 65,621,671,936 bytes free
.
-
22:04:24.0643 5116 TDSS rootkit removing tool 2.8.15.0 Oct 31 2012 21:47:35
22:04:24.0924 5116 ============================================================
22:04:24.0924 5116 Current date / time: 2012/11/08 22:04:24.0924
22:04:24.0924 5116 SystemInfo:
22:04:24.0924 5116
22:04:24.0924 5116 OS Version: 6.1.7600 ServicePack: 0.0
22:04:24.0924 5116 Product type: Workstation
22:04:24.0924 5116 ComputerName: CONNIE01
22:04:24.0924 5116 UserName: Connie
22:04:24.0924 5116 Windows directory: C:\Windows
22:04:24.0924 5116 System windows directory: C:\Windows
22:04:24.0924 5116 Running under WOW64
22:04:24.0924 5116 Processor architecture: Intel x64
22:04:24.0924 5116 Number of processors: 4
22:04:24.0924 5116 Page size: 0x1000
22:04:24.0924 5116 Boot type: Normal boot
22:04:24.0924 5116 ============================================================
22:04:25.0314 5116 Drive \Device\Harddisk0\DR0 - Size: 0x1DCF856000 (119.24 Gb), SectorSize: 0x200, Cylinders: 0x3CCE, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000040
22:04:25.0314 5116 ============================================================
22:04:25.0314 5116 \Device\Harddisk0\DR0:
22:04:25.0314 5116 MBR partitions:
22:04:25.0314 5116 \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x800, BlocksNum 0x32000
22:04:25.0314 5116 \Device\Harddisk0\DR0\Partition2: MBR, Type 0x7, StartLBA 0x33000, BlocksNum 0xEE492B1
22:04:25.0314 5116 ============================================================
22:04:25.0314 5116 C: <-> \Device\Harddisk0\DR0\Partition2
22:04:25.0314 5116 ============================================================
22:04:25.0314 5116 Initialize success
22:04:25.0314 5116 ============================================================
22:04:28.0050 3484 ============================================================
22:04:28.0050 3484 Scan started
22:04:28.0050 3484 Mode: Manual;
22:04:28.0050 3484 ============================================================
22:04:28.0268 3484 ================ Scan system memory ========================
22:04:28.0268 3484 System memory - ok
22:04:28.0268 3484 ================ Scan services =============================
22:04:28.0300 3484 [ 1B00662092F9F9568B995902F0CC40D5 ] 1394ohci C:\Windows\system32\DRIVERS\1394ohci.sys
22:04:28.0315 3484 1394ohci - ok
22:04:28.0315 3484 [ 6F11E88748CDEFD2F76AA215F97DDFE5 ] ACPI C:\Windows\system32\DRIVERS\ACPI.sys
22:04:28.0315 3484 ACPI - ok
22:04:28.0331 3484 [ 63B05A0420CE4BF0E4AF6DCC7CADA254 ] AcpiPmi C:\Windows\system32\DRIVERS\acpipmi.sys
22:04:28.0331 3484 AcpiPmi - ok
22:04:28.0331 3484 [ EBF4430CFBA92EDE9231DFB10B7C0F22 ] ADIHdAudAddService C:\Windows\system32\drivers\ADIHdAud.sys
22:04:28.0346 3484 ADIHdAudAddService - ok
22:04:28.0362 3484 [ 44C00A385CA9DBC1D5CF3781F8C26AEA ] AdobeFlashPlayerUpdateSvc C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
22:04:28.0362 3484 AdobeFlashPlayerUpdateSvc - ok
22:04:28.0378 3484 [ 2F6B34B83843F0C5118B63AC634F5BF4 ] adp94xx C:\Windows\system32\DRIVERS\adp94xx.sys
22:04:28.0378 3484 adp94xx - ok
22:04:28.0393 3484 [ 597F78224EE9224EA1A13D6350CED962 ] adpahci C:\Windows\system32\DRIVERS\adpahci.sys
22:04:28.0393 3484 adpahci - ok
22:04:28.0393 3484 [ E109549C90F62FB570B9540C4B148E54 ] adpu320 C:\Windows\system32\DRIVERS\adpu320.sys
22:04:28.0409 3484 adpu320 - ok
22:04:28.0409 3484 [ 28C0B0A6CB61BDD1FEF877D4D0F69FBF ] AEADIFilters C:\Windows\system32\AEADISRV.EXE
22:04:28.0409 3484 AEADIFilters - ok
22:04:28.0424 3484 [ 4B78B431F225FD8624C5655CB1DE7B61 ] AeLookupSvc C:\Windows\System32\aelupsvc.dll
22:04:28.0424 3484 AeLookupSvc - ok
22:04:28.0424 3484 [ DB9D6C6B2CD95A9CA414D045B627422E ] AFD C:\Windows\system32\drivers\afd.sys
22:04:28.0440 3484 AFD - ok
22:04:28.0440 3484 [ 608C14DBA7299D8CB6ED035A68A15799 ] agp440 C:\Windows\system32\DRIVERS\agp440.sys
22:04:28.0440 3484 agp440 - ok
22:04:28.0440 3484 [ 3290D6946B5E30E70414990574883DDB ] ALG C:\Windows\System32\alg.exe
22:04:28.0440 3484 ALG - ok
22:04:28.0456 3484 [ 5812713A477A3AD7363C7438CA2EE038 ] aliide C:\Windows\system32\DRIVERS\aliide.sys
22:04:28.0456 3484 aliide - ok
22:04:28.0456 3484 [ 1FF8B4431C353CE385C875F194924C0C ] amdide C:\Windows\system32\DRIVERS\amdide.sys
22:04:28.0456 3484 amdide - ok
22:04:28.0456 3484 [ 7024F087CFF1833A806193EF9D22CDA9 ] AmdK8 C:\Windows\system32\DRIVERS\amdk8.sys
22:04:28.0456 3484 AmdK8 - ok
22:04:28.0471 3484 [ 1E56388B3FE0D031C44144EB8C4D6217 ] AmdPPM C:\Windows\system32\DRIVERS\amdppm.sys
22:04:28.0471 3484 AmdPPM - ok
22:04:28.0471 3484 [ 7A4B413614C055935567CF88A9734D38 ] amdsata C:\Windows\system32\DRIVERS\amdsata.sys
22:04:28.0471 3484 amdsata - ok
22:04:28.0487 3484 [ F67F933E79241ED32FF46A4F29B5120B ] amdsbs C:\Windows\system32\DRIVERS\amdsbs.sys
22:04:28.0487 3484 amdsbs - ok
22:04:28.0487 3484 [ B4AD0CACBAB298671DD6F6EF7E20679D ] amdxata C:\Windows\system32\DRIVERS\amdxata.sys
22:04:28.0487 3484 amdxata - ok
22:04:28.0487 3484 [ 42FD751B27FA0E9C69BB39F39E409594 ] AppID C:\Windows\system32\drivers\appid.sys
22:04:28.0487 3484 AppID - ok
22:04:28.0502 3484 [ 0BC381A15355A3982216F7172F545DE1 ] AppIDSvc C:\Windows\System32\appidsvc.dll
22:04:28.0502 3484 AppIDSvc - ok
22:04:28.0502 3484 [ D065BE66822847B7F127D1F90158376E ] Appinfo C:\Windows\System32\appinfo.dll
22:04:28.0502 3484 Appinfo - ok
22:04:28.0518 3484 [ 4ABA3E75A76195A3E38ED2766C962899 ] AppMgmt C:\Windows\System32\appmgmts.dll
22:04:28.0518 3484 AppMgmt - ok
22:04:28.0518 3484 [ C484F8CEB1717C540242531DB7845C4E ] arc C:\Windows\system32\DRIVERS\arc.sys
22:04:28.0518 3484 arc - ok
22:04:28.0518 3484 [ 019AF6924AEFE7839F61C830227FE79C ] arcsas C:\Windows\system32\DRIVERS\arcsas.sys
22:04:28.0518 3484 arcsas - ok
22:04:28.0534 3484 [ 9217D874131AE6FF8F642F124F00A555 ] aspnet_state C:\Windows\Microsoft.NET\Framework64\v4.0.30319\aspnet_state.exe
22:04:28.0534 3484 aspnet_state - ok
22:04:28.0534 3484 [ 769765CE2CC62867468CEA93969B2242 ] AsyncMac C:\Windows\system32\DRIVERS\asyncmac.sys
22:04:28.0549 3484 AsyncMac - ok
22:04:28.0549 3484 [ 02062C0B390B7729EDC9E69C680A6F3C ] atapi C:\Windows\system32\DRIVERS\atapi.sys
22:04:28.0549 3484 atapi - ok
22:04:28.0565 3484 [ 07721A77180EDD4D39CCB865BF63C7FD ] AudioEndpointBuilder C:\Windows\System32\Audiosrv.dll
22:04:28.0565 3484 AudioEndpointBuilder - ok
22:04:28.0580 3484 [ 07721A77180EDD4D39CCB865BF63C7FD ] AudioSrv C:\Windows\System32\Audiosrv.dll
22:04:28.0580 3484 AudioSrv - ok
22:04:28.0580 3484 [ B20B5FA5CA050E9926E4D1DB81501B32 ] AxInstSV C:\Windows\System32\AxInstSV.dll
22:04:28.0580 3484 AxInstSV - ok
22:04:28.0596 3484 [ 3E5B191307609F7514148C6832BB0842 ] b06bdrv C:\Windows\system32\DRIVERS\bxvbda.sys
22:04:28.0596 3484 b06bdrv - ok
22:04:28.0596 3484 [ B5ACE6968304A3900EEB1EBFD9622DF2 ] b57nd60a C:\Windows\system32\DRIVERS\b57nd60a.sys
22:04:28.0612 3484 b57nd60a - ok
22:04:28.0612 3484 [ FDE360167101B4E45A96F939F388AEB0 ] BDESVC C:\Windows\System32\bdesvc.dll
22:04:28.0612 3484 BDESVC - ok
22:04:28.0612 3484 [ 16A47CE2DECC9B099349A5F840654746 ] Beep C:\Windows\system32\drivers\Beep.sys
22:04:28.0612 3484 Beep - ok
22:04:28.0627 3484 [ 4992C609A6315671463E30F6512BC022 ] BFE C:\Windows\System32\bfe.dll
22:04:28.0627 3484 BFE - ok
22:04:28.0643 3484 [ 7F0C323FE3DA28AA4AA1BDA3F575707F ] BITS C:\Windows\system32\qmgr.dll
22:04:28.0658 3484 BITS - ok
22:04:28.0658 3484 [ 61583EE3C3A17003C4ACD0475646B4D3 ] blbdrive C:\Windows\system32\DRIVERS\blbdrive.sys
22:04:28.0658 3484 blbdrive - ok
22:04:28.0658 3484 [ 19D20159708E152267E53B66677A4995 ] bowser C:\Windows\system32\DRIVERS\bowser.sys
22:04:28.0658 3484 bowser - ok
22:04:28.0674 3484 [ F09EEE9EDC320B5E1501F749FDE686C8 ] BrFiltLo C:\Windows\system32\DRIVERS\BrFiltLo.sys
22:04:28.0674 3484 BrFiltLo - ok
22:04:28.0674 3484 [ B114D3098E9BDB8BEA8B053685831BE6 ] BrFiltUp C:\Windows\system32\DRIVERS\BrFiltUp.sys
22:04:28.0674 3484 BrFiltUp - ok
22:04:28.0674 3484 [ 5C2F352A4E961D72518261257AAE204B ] BridgeMP C:\Windows\system32\DRIVERS\bridge.sys
22:04:28.0674 3484 BridgeMP - ok
22:04:28.0690 3484 [ 6B054C67AAA87843504E8E3C09102009 ] Browser C:\Windows\System32\browser.dll
22:04:28.0690 3484 Browser - ok
22:04:28.0690 3484 [ 43BEA8D483BF1870F018E2D02E06A5BD ] Brserid C:\Windows\System32\Drivers\Brserid.sys
22:04:28.0690 3484 Brserid - ok
22:04:28.0705 3484 [ A6ECA2151B08A09CACECA35C07F05B42 ] BrSerWdm C:\Windows\System32\Drivers\BrSerWdm.sys
22:04:28.0705 3484 BrSerWdm - ok
22:04:28.0705 3484 [ B79968002C277E869CF38BD22CD61524 ] BrUsbMdm C:\Windows\System32\Drivers\BrUsbMdm.sys
22:04:28.0705 3484 BrUsbMdm - ok
22:04:28.0705 3484 [ A87528880231C54E75EA7A44943B38BF ] BrUsbSer C:\Windows\System32\Drivers\BrUsbSer.sys
22:04:28.0705 3484 BrUsbSer - ok
22:04:28.0721 3484 [ 9DA669F11D1F894AB4EB69BF546A42E8 ] BTHMODEM C:\Windows\system32\DRIVERS\bthmodem.sys
22:04:28.0721 3484 BTHMODEM - ok
22:04:28.0721 3484 [ 95F9C2976059462CBBF227F7AAB10DE9 ] bthserv C:\Windows\system32\bthserv.dll
22:04:28.0721 3484 bthserv - ok
22:04:28.0721 3484 catchme - ok
22:04:28.0736 3484 [ B8BD2BB284668C84865658C77574381A ] cdfs C:\Windows\system32\DRIVERS\cdfs.sys
22:04:28.0736 3484 cdfs - ok
22:04:28.0736 3484 [ 83D2D75E1EFB81B3450C18131443F7DB ] cdrom C:\Windows\system32\DRIVERS\cdrom.sys
22:04:28.0736 3484 cdrom - ok
22:04:28.0736 3484 [ 312E2F82AF11E79906898AC3E3D58A1F ] CertPropSvc C:\Windows\System32\certprop.dll
22:04:28.0752 3484 CertPropSvc - ok
22:04:28.0752 3484 [ D7CD5C4E1B71FA62050515314CFB52CF ] circlass C:\Windows\system32\DRIVERS\circlass.sys
22:04:28.0752 3484 circlass - ok
22:04:28.0752 3484 [ FE1EC06F2253F691FE36217C592A0206 ] CLFS C:\Windows\system32\CLFS.sys
22:04:28.0752 3484 CLFS - ok
22:04:28.0768 3484 [ D88040F816FDA31C3B466F0FA0918F29 ] clr_optimization_v2.0.50727_32 C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
22:04:28.0768 3484 clr_optimization_v2.0.50727_32 - ok
22:04:28.0768 3484 [ D1CEEA2B47CB998321C579651CE3E4F8 ] clr_optimization_v2.0.50727_64 C:\Windows\Microsoft.NET\Framework64\v2.0.50727\mscorsvw.exe
22:04:28.0783 3484 clr_optimization_v2.0.50727_64 - ok
22:04:28.0783 3484 [ C5A75EB48E2344ABDC162BDA79E16841 ] clr_optimization_v4.0.30319_32 C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
22:04:28.0799 3484 clr_optimization_v4.0.30319_32 - ok
22:04:28.0799 3484 [ C6F9AF94DCD58122A4D7E89DB6BED29D ] clr_optimization_v4.0.30319_64 C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe
22:04:28.0799 3484 clr_optimization_v4.0.30319_64 - ok
22:04:28.0799 3484 [ 0840155D0BDDF1190F84A663C284BD33 ] CmBatt C:\Windows\system32\DRIVERS\CmBatt.sys
22:04:28.0799 3484 CmBatt - ok
22:04:28.0814 3484 [ E19D3F095812725D88F9001985B94EDD ] cmdide C:\Windows\system32\DRIVERS\cmdide.sys
22:04:28.0814 3484 cmdide - ok
22:04:28.0814 3484 [ CA7720B73446FDDEC5C69519C1174C98 ] CNG C:\Windows\system32\Drivers\cng.sys
22:04:28.0830 3484 CNG - ok
22:04:28.0830 3484 [ 102DE219C3F61415F964C88E9085AD14 ] Compbatt C:\Windows\system32\DRIVERS\compbatt.sys
22:04:28.0830 3484 Compbatt - ok
22:04:28.0830 3484 [ F26B3A86F6FA87CA360B879581AB4123 ] CompositeBus C:\Windows\system32\DRIVERS\CompositeBus.sys
22:04:28.0830 3484 CompositeBus - ok
22:04:28.0830 3484 COMSysApp - ok
22:04:28.0845 3484 [ 1C827878A998C18847245FE1F34EE597 ] crcdisk C:\Windows\system32\DRIVERS\crcdisk.sys
22:04:28.0845 3484 crcdisk - ok
22:04:28.0845 3484 [ BAF19B633933A9FB4883D27D66C39E9A ] CryptSvc C:\Windows\system32\cryptsvc.dll
22:04:28.0845 3484 CryptSvc - ok
22:04:28.0861 3484 [ 80B68FDB3D208FB502A9E6AC7D684647 ] CSAPrintService C:\Windows\csasvc.exe
22:04:28.0861 3484 CSAPrintService - ok
22:04:28.0861 3484 [ 4A6173C2279B498CD8F57CAE504564CB ] CSC C:\Windows\system32\drivers\csc.sys
22:04:28.0877 3484 CSC - ok
22:04:28.0877 3484 [ 873FBF927C06E5CEE04DEC617502F8FD ] CscService C:\Windows\System32\cscsvc.dll
22:04:28.0892 3484 CscService - ok
22:04:28.0892 3484 [ 7266972E86890E2B30C0C322E906B027 ] DcomLaunch C:\Windows\system32\rpcss.dll
22:04:28.0908 3484 DcomLaunch - ok
22:04:28.0908 3484 [ 3CEC7631A84943677AA8FA8EE5B6B43D ] defragsvc C:\Windows\System32\defragsvc.dll
22:04:28.0908 3484 defragsvc - ok
22:04:28.0923 3484 [ 9C253CE7311CA60FC11C774692A13208 ] DfsC C:\Windows\system32\Drivers\dfsc.sys
22:04:28.0923 3484 DfsC - ok
22:04:28.0923 3484 [ CE3B9562D997F69B330D181A8875960F ] Dhcp C:\Windows\system32\dhcpcore.dll
22:04:28.0923 3484 Dhcp - ok
22:04:28.0939 3484 [ 13096B05847EC78F0977F2C0F79E9AB3 ] discache C:\Windows\system32\drivers\discache.sys
22:04:28.0939 3484 discache - ok
22:04:28.0939 3484 [ 9819EEE8B5EA3784EC4AF3B137A5244C ] Disk C:\Windows\system32\DRIVERS\disk.sys
22:04:28.0939 3484 Disk - ok
22:04:28.0955 3484 [ 85CF424C74A1D5EC33533E1DBFF9920A ] Dnscache C:\Windows\System32\dnsrslvr.dll
22:04:28.0955 3484 Dnscache - ok
22:04:28.0955 3484 [ 14452ACDB09B70964C8C21BF80A13ACB ] dot3svc C:\Windows\System32\dot3svc.dll
22:04:28.0955 3484 dot3svc - ok
22:04:28.0970 3484 [ 8C2BA6BEA949EE6E68385F5692BAFB94 ] DPS C:\Windows\system32\dps.dll
22:04:28.0970 3484 DPS - ok
22:04:28.0970 3484 [ 9B19F34400D24DF84C858A421C205754 ] drmkaud C:\Windows\system32\drivers\drmkaud.sys
22:04:28.0970 3484 drmkaud - ok
22:04:28.0986 3484 [ EBCE0B0924835F635F620D19F0529DCE ] DXGKrnl C:\Windows\System32\drivers\dxgkrnl.sys
22:04:28.0986 3484 DXGKrnl - ok
22:04:29.0001 3484 [ 955F6564F448119C12AB3C048CCF8946 ] e1kexpress C:\Windows\system32\DRIVERS\e1k60x64.sys
22:04:29.0001 3484 e1kexpress - ok
22:04:29.0001 3484 [ E2DDA8726DA9CB5B2C4000C9018A9633 ] EapHost C:\Windows\System32\eapsvc.dll
22:04:29.0017 3484 EapHost - ok
22:04:29.0048 3484 [ DC5D737F51BE844D8C82C695EB17372F ] ebdrv C:\Windows\system32\DRIVERS\evbda.sys
22:04:29.0079 3484 ebdrv - ok
22:04:29.0079 3484 [ 156F6159457D0AA7E59B62681B56EB90 ] EFS C:\Windows\System32\lsass.exe
22:04:29.0079 3484 EFS - ok
22:04:29.0095 3484 [ B91D81B3B54A54CCAFC03733DBC2E29E ] ehRecvr C:\Windows\ehome\ehRecvr.exe
22:04:29.0095 3484 ehRecvr - ok
22:04:29.0095 3484 [ 4705E8EF9934482C5BB488CE28AFC681 ] ehSched C:\Windows\ehome\ehsched.exe
22:04:29.0111 3484 ehSched - ok
22:04:29.0111 3484 [ 0E5DA5369A0FCAEA12456DD852545184 ] elxstor C:\Windows\system32\DRIVERS\elxstor.sys
22:04:29.0126 3484 elxstor - ok
22:04:29.0126 3484 [ 34A3C54752046E79A126E15C51DB409B ] ErrDev C:\Windows\system32\DRIVERS\errdev.sys
22:04:29.0126 3484 ErrDev - ok
22:04:29.0126 3484 [ 4166F82BE4D24938977DD1746BE9B8A0 ] EventSystem C:\Windows\system32\es.dll
22:04:29.0142 3484 EventSystem - ok
22:04:29.0142 3484 [ A510C654EC00C1E9BDD91EEB3A59823B ] exfat C:\Windows\system32\drivers\exfat.sys
22:04:29.0142 3484 exfat - ok
22:04:29.0157 3484 [ 0ADC83218B66A6DB380C330836F3E36D ] fastfat C:\Windows\system32\drivers\fastfat.sys
22:04:29.0157 3484 fastfat - ok
22:04:29.0157 3484 [ D607B2F1BEE3992AA6C2C92C0A2F0855 ] Fax C:\Windows\system32\fxssvc.exe
22:04:29.0173 3484 Fax - ok
22:04:29.0173 3484 [ 63DD6F772F539AEBCA5DDE819812A462 ] FCPrintService C:\Windows\csifcsvc.exe
22:04:29.0173 3484 FCPrintService - ok
22:04:29.0173 3484 [ D765D19CD8EF61F650C384F62FAC00AB ] fdc C:\Windows\system32\DRIVERS\fdc.sys
22:04:29.0173 3484 fdc - ok
22:04:29.0189 3484 [ 0438CAB2E03F4FB61455A7956026FE86 ] fdPHost C:\Windows\system32\fdPHost.dll
22:04:29.0189 3484 fdPHost - ok
22:04:29.0189 3484 [ 802496CB59A30349F9A6DD22D6947644 ] FDResPub C:\Windows\system32\fdrespub.dll
22:04:29.0204 3484 FDResPub - ok
22:04:29.0204 3484 [ 655661BE46B5F5F3FD454E2C3095B930 ] FileInfo C:\Windows\system32\drivers\fileinfo.sys
22:04:29.0204 3484 FileInfo - ok
22:04:29.0204 3484 [ 5F671AB5BC87EEA04EC38A6CD5962A47 ] Filetrace C:\Windows\system32\drivers\filetrace.sys
22:04:29.0204 3484 Filetrace - ok
22:04:29.0220 3484 [ C172A0F53008EAEB8EA33FE10E177AF5 ] flpydisk C:\Windows\system32\DRIVERS\flpydisk.sys
22:04:29.0220 3484 flpydisk - ok
22:04:29.0220 3484 [ F7866AF72ABBAF84B1FA5AA195378C59 ] FltMgr C:\Windows\system32\drivers\fltmgr.sys
22:04:29.0220 3484 FltMgr - ok
22:04:29.0235 3484 [ 8AC4CB4EA61E41009FAE9AE7B2B5DA3A ] FontCache C:\Windows\system32\FntCache.dll
22:04:29.0251 3484 FontCache - ok
22:04:29.0251 3484 [ 8D89E3131C27FDD6932189CB785E1B7A ] FontCache3.0.0.0 C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe
22:04:29.0251 3484 FontCache3.0.0.0 - ok
22:04:29.0251 3484 [ D43703496149971890703B4B1B723EAC ] FsDepends C:\Windows\system32\drivers\FsDepends.sys
22:04:29.0267 3484 FsDepends - ok
22:04:29.0267 3484 [ D3E3F93D67821A2DB2B3D9FAC2DC2064 ] Fs_Rec C:\Windows\system32\drivers\Fs_Rec.sys
22:04:29.0267 3484 Fs_Rec - ok
22:04:29.0267 3484 [ B8B2A6E1558F8F5DE5CE431C5B2C7B09 ] fvevol C:\Windows\system32\DRIVERS\fvevol.sys
22:04:29.0267 3484 fvevol - ok
22:04:29.0282 3484 [ 8C778D335C9D272CFD3298AB02ABE3B6 ] gagp30kx C:\Windows\system32\DRIVERS\gagp30kx.sys
22:04:29.0282 3484 gagp30kx - ok
22:04:29.0298 3484 [ FCEC59F16559BB038FFA87C2D86A8A8F ] GoToMyPC C:\Program Files (x86)\Citrix\GoToMyPC\g2svc.exe
22:04:29.0298 3484 GoToMyPC - ok
22:04:29.0313 3484 [ FE5AB4525BC2EC68B9119A6E5D40128B ] gpsvc C:\Windows\System32\gpsvc.dll
22:04:29.0313 3484 gpsvc - ok
22:04:29.0329 3484 [ F2523EF6460FC42405B12248338AB2F0 ] hcw85cir C:\Windows\system32\drivers\hcw85cir.sys
22:04:29.0329 3484 hcw85cir - ok
22:04:29.0329 3484 [ 6410F6F415B2A5A9037224C41DA8BF12 ] HdAudAddService C:\Windows\system32\drivers\HdAudio.sys
22:04:29.0345 3484 HdAudAddService - ok
22:04:29.0345 3484 [ 0A49913402747A0B67DE940FB42CBDBB ] HDAudBus C:\Windows\system32\DRIVERS\HDAudBus.sys
22:04:29.0345 3484 HDAudBus - ok
22:04:29.0345 3484 [ 78E86380454A7B10A5EB255DC44A355F ] HidBatt C:\Windows\system32\DRIVERS\HidBatt.sys
22:04:29.0345 3484 HidBatt - ok
22:04:29.0360 3484 [ 7FD2A313F7AFE5C4DAB14798C48DD104 ] HidBth C:\Windows\system32\DRIVERS\hidbth.sys
22:04:29.0360 3484 HidBth - ok
22:04:29.0360 3484 [ 0A77D29F311B88CFAE3B13F9C1A73825 ] HidIr C:\Windows\system32\DRIVERS\hidir.sys
22:04:29.0360 3484 HidIr - ok
22:04:29.0360 3484 [ BD9EB3958F213F96B97B1D897DEE006D ] hidserv C:\Windows\System32\hidserv.dll
22:04:29.0360 3484 hidserv - ok
22:04:29.0376 3484 [ B3BF6B5B50006DEF50B66306D99FCF6F ] HidUsb C:\Windows\system32\DRIVERS\hidusb.sys
22:04:29.0376 3484 HidUsb - ok
22:04:29.0376 3484 [ EFA58EDE58DD74388FFD04CB32681518 ] hkmsvc C:\Windows\system32\kmsvc.dll
22:04:29.0376 3484 hkmsvc - ok
22:04:29.0391 3484 [ 046B2673767CA626E2CFB7FDF735E9E8 ] HomeGroupListener C:\Windows\system32\ListSvc.dll
22:04:29.0391 3484 HomeGroupListener - ok
22:04:29.0391 3484 [ 06A7422224D9865A5613710A089987DF ] HomeGroupProvider C:\Windows\system32\provsvc.dll
22:04:29.0407 3484 HomeGroupProvider - ok
22:04:29.0407 3484 [ 0886D440058F203EBA0E1825E4355914 ] HpSAMD C:\Windows\system32\DRIVERS\HpSAMD.sys
22:04:29.0407 3484 HpSAMD - ok
22:04:29.0423 3484 [ CEE049CAC4EFA7F4E1E4AD014414A5D4 ] HTTP C:\Windows\system32\drivers\HTTP.sys
22:04:29.0423 3484 HTTP - ok
22:04:29.0423 3484 [ F17766A19145F111856378DF337A5D79 ] hwpolicy C:\Windows\system32\drivers\hwpolicy.sys
22:04:29.0423 3484 hwpolicy - ok
22:04:29.0438 3484 [ FA55C73D4AFFA7EE23AC4BE53B4592D3 ] i8042prt C:\Windows\system32\DRIVERS\i8042prt.sys
22:04:29.0438 3484 i8042prt - ok
22:04:29.0438 3484 [ D83EFB6FD45DF9D55E9A1AFC63640D50 ] iaStorV C:\Windows\system32\DRIVERS\iaStorV.sys
22:04:29.0454 3484 iaStorV - ok
22:04:29.0454 3484 [ 6F95324909B502E2651442C1548AB12F ] IDriverT C:\Program Files (x86)\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
22:04:29.0454 3484 IDriverT - ok
22:04:29.0469 3484 [ 2F2BE70D3E02B6FA877921AB9516D43C ] idsvc C:\Windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\infocard.exe
22:04:29.0469 3484 idsvc - ok
22:04:29.0532 3484 [ A87261EF1546325B559374F5689CF5BC ] igfx C:\Windows\system32\DRIVERS\igdkmd64.sys
22:04:29.0594 3484 igfx - ok
22:04:29.0594 3484 [ 5C18831C61933628F5BB0EA2675B9D21 ] iirsp C:\Windows\system32\DRIVERS\iirsp.sys
22:04:29.0594 3484 iirsp - ok
22:04:29.0610 3484 [ C5B4683680DF085B57BC53E5EF34861F ] IKEEXT C:\Windows\System32\ikeext.dll
22:04:29.0625 3484 IKEEXT - ok
22:04:29.0625 3484 [ F00F20E70C6EC3AA366910083A0518AA ] intelide C:\Windows\system32\DRIVERS\intelide.sys
22:04:29.0625 3484 intelide - ok
22:04:29.0625 3484 [ ADA036632C664CAA754079041CF1F8C1 ] intelppm C:\Windows\system32\DRIVERS\intelppm.sys
22:04:29.0625 3484 intelppm - ok
22:04:29.0641 3484 [ 098A91C54546A3B878DAD6A7E90A455B ] IPBusEnum C:\Windows\system32\ipbusenum.dll
22:04:29.0641 3484 IPBusEnum - ok
22:04:29.0641 3484 [ 722DD294DF62483CECAAE6E094B4D695 ] IpFilterDriver C:\Windows\system32\DRIVERS\ipfltdrv.sys
22:04:29.0641 3484 IpFilterDriver - ok
22:04:29.0656 3484 [ F8E058D17363EC580E4B7232778B6CB5 ] iphlpsvc C:\Windows\System32\iphlpsvc.dll
22:04:29.0656 3484 iphlpsvc - ok
22:04:29.0656 3484 [ E2B4A4494DB7CB9B89B55CA268C337C5 ] IPMIDRV C:\Windows\system32\DRIVERS\IPMIDrv.sys
22:04:29.0656 3484 IPMIDRV - ok
22:04:29.0672 3484 [ AF9B39A7E7B6CAA203B3862582E9F2D0 ] IPNAT C:\Windows\system32\drivers\ipnat.sys
22:04:29.0672 3484 IPNAT - ok
22:04:29.0672 3484 [ 3ABF5E7213EB28966D55D58B515D5CE9 ] IRENUM C:\Windows\system32\drivers\irenum.sys
22:04:29.0672 3484 IRENUM - ok
22:04:29.0688 3484 [ 2F7B28DC3E1183E5EB418DF55C204F38 ] isapnp C:\Windows\system32\DRIVERS\isapnp.sys
22:04:29.0688 3484 isapnp - ok
22:04:29.0688 3484 [ FA4D2557DE56D45B0A346F93564BE6E1 ] iScsiPrt C:\Windows\system32\DRIVERS\msiscsi.sys
22:04:29.0688 3484 iScsiPrt - ok
22:04:29.0688 3484 [ BC02336F1CBA7DCC7D1213BB588A68A5 ] kbdclass C:\Windows\system32\DRIVERS\kbdclass.sys
22:04:29.0688 3484 kbdclass - ok
22:04:29.0703 3484 [ 6DEF98F8541E1B5DCEB2C822A11F7323 ] kbdhid C:\Windows\system32\DRIVERS\kbdhid.sys
22:04:29.0703 3484 kbdhid - ok
22:04:29.0703 3484 [ 156F6159457D0AA7E59B62681B56EB90 ] KeyIso C:\Windows\system32\lsass.exe
22:04:29.0703 3484 KeyIso - ok
22:04:29.0703 3484 [ 4F4B5FDE429416877DE7143044582EB5 ] KSecDD C:\Windows\system32\Drivers\ksecdd.sys
22:04:29.0703 3484 KSecDD - ok
22:04:29.0719 3484 [ 6F40465A44ECDC1731BEFAFEC5BDD03C ] KSecPkg C:\Windows\system32\Drivers\ksecpkg.sys
22:04:29.0719 3484 KSecPkg - ok
22:04:29.0719 3484 [ 6869281E78CB31A43E969F06B57347C4 ] ksthunk C:\Windows\system32\drivers\ksthunk.sys
22:04:29.0719 3484 ksthunk - ok
22:04:29.0734 3484 [ 6AB66E16AA859232F64DEB66887A8C9C ] KtmRm C:\Windows\system32\msdtckrm.dll
22:04:29.0734 3484 KtmRm - ok
22:04:29.0734 3484 [ 81F1D04D4D0E433099365127375FD501 ] LanmanServer C:\Windows\System32\srvsvc.dll
22:04:29.0734 3484 LanmanServer - ok
22:04:29.0750 3484 [ 27026EAC8818E8A6C00A1CAD2F11D29A ] LanmanWorkstation C:\Windows\System32\wkssvc.dll
22:04:29.0750 3484 LanmanWorkstation - ok
22:04:29.0750 3484 [ 1538831CF8AD2979A04C423779465827 ] lltdio C:\Windows\system32\DRIVERS\lltdio.sys
22:04:29.0750 3484 lltdio - ok
22:04:29.0766 3484 [ C1185803384AB3FEED115F79F109427F ] lltdsvc C:\Windows\System32\lltdsvc.dll
22:04:29.0766 3484 lltdsvc - ok
22:04:29.0766 3484 [ F993A32249B66C9D622EA5592A8B76B8 ] lmhosts C:\Windows\System32\lmhsvc.dll
22:04:29.0766 3484 lmhosts - ok
22:04:29.0781 3484 [ 1A93E54EB0ECE102495A51266DCDB6A6 ] LSI_FC C:\Windows\system32\DRIVERS\lsi_fc.sys
22:04:29.0781 3484 LSI_FC - ok
22:04:29.0781 3484 [ 1047184A9FDC8BDBFF857175875EE810 ] LSI_SAS C:\Windows\system32\DRIVERS\lsi_sas.sys
22:04:29.0781 3484 LSI_SAS - ok
22:04:29.0797 3484 [ 30F5C0DE1EE8B5BC9306C1F0E4A75F93 ] LSI_SAS2 C:\Windows\system32\DRIVERS\lsi_sas2.sys
22:04:29.0797 3484 LSI_SAS2 - ok
22:04:29.0797 3484 [ 0504EACAFF0D3C8AED161C4B0D369D4A ] LSI_SCSI C:\Windows\system32\DRIVERS\lsi_scsi.sys
22:04:29.0797 3484 LSI_SCSI - ok
22:04:29.0797 3484 [ 43D0F98E1D56CCDDB0D5254CFF7B356E ] luafv C:\Windows\system32\drivers\luafv.sys
22:04:29.0812 3484 luafv - ok
22:04:29.0812 3484 [ A8FE8F2783B2929B56F5370A89356CE9 ] MBAMProtector C:\Windows\system32\drivers\mbam.sys
22:04:29.0812 3484 MBAMProtector - ok
22:04:29.0812 3484 [ 85B16A92B117A5A800032ECD904B86DB ] MBAMScheduler C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe
22:04:29.0828 3484 MBAMScheduler - ok
22:04:29.0828 3484 [ 20E2469DB709FC675E655CEAA11BE312 ] MBAMService C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe
22:04:29.0844 3484 MBAMService - ok
22:04:29.0844 3484 [ F84C8F1000BC11E3B7B23CBD3BAFF111 ] Mcx2Svc C:\Windows\system32\Mcx2Svc.dll
22:04:29.0844 3484 Mcx2Svc - ok
22:04:29.0844 3484 [ 7CF1B716372B89568AE4C0FE769F5869 ] MDM C:\Program Files (x86)\Common Files\Microsoft Shared\VS7DEBUG\mdm.exe
22:04:29.0859 3484 MDM - ok
22:04:29.0859 3484 [ A55805F747C6EDB6A9080D7C633BD0F4 ] megasas C:\Windows\system32\DRIVERS\megasas.sys
22:04:29.0859 3484 megasas - ok
22:04:29.0859 3484 [ BAF74CE0072480C3B6B7C13B2A94D6B3 ] MegaSR C:\Windows\system32\DRIVERS\MegaSR.sys
22:04:29.0859 3484 MegaSR - ok
22:04:29.0875 3484 [ 7C4C76B39D5525C4A465E0BE32528E19 ] Microsoft Office Groove Audit Service C:\Program Files (x86)\Microsoft Office\Office12\GrooveAuditService.exe
22:04:29.0875 3484 Microsoft Office Groove Audit Service - ok
22:04:29.0875 3484 [ E40E80D0304A73E8D269F7141D77250B ] MMCSS C:\Windows\system32\mmcss.dll
22:04:29.0875 3484 MMCSS - ok
22:04:29.0875 3484 [ 800BA92F7010378B09F9ED9270F07137 ] Modem C:\Windows\system32\drivers\modem.sys
22:04:29.0890 3484 Modem - ok
22:04:29.0890 3484 [ B03D591DC7DA45ECE20B3B467E6AADAA ] monitor C:\Windows\system32\DRIVERS\monitor.sys
22:04:29.0890 3484 monitor - ok
22:04:29.0890 3484 [ 7D27EA49F3C1F687D357E77A470AEA99 ] mouclass C:\Windows\system32\DRIVERS\mouclass.sys
22:04:29.0890 3484 mouclass - ok
22:04:29.0890 3484 [ D3BF052C40B0C4166D9FD86A4288C1E6 ] mouhid C:\Windows\system32\DRIVERS\mouhid.sys
22:04:29.0890 3484 mouhid - ok
22:04:29.0906 3484 [ 791AF66C4D0E7C90A3646066386FB571 ] mountmgr C:\Windows\system32\drivers\mountmgr.sys
22:04:29.0906 3484 mountmgr - ok
22:04:29.0906 3484 [ 609D1D87649ECC19796F4D76D4C15CEA ] mpio C:\Windows\system32\DRIVERS\mpio.sys
22:04:29.0906 3484 mpio - ok
22:04:29.0906 3484 [ 6C38C9E45AE0EA2FA5E551F2ED5E978F ] mpsdrv C:\Windows\system32\drivers\mpsdrv.sys
22:04:29.0906 3484 mpsdrv - ok
22:04:29.0922 3484 [ AECAB449567D1846DAD63ECE49E893E3 ] MpsSvc C:\Windows\system32\mpssvc.dll
22:04:29.0937 3484 MpsSvc - ok
22:04:29.0937 3484 [ 30524261BB51D96D6FCBAC20C810183C ] MRxDAV C:\Windows\system32\drivers\mrxdav.sys
22:04:29.0937 3484 MRxDAV - ok
22:04:29.0953 3484 [ 040D62A9D8AD28922632137ACDD984F2 ] mrxsmb C:\Windows\system32\DRIVERS\mrxsmb.sys
22:04:29.0953 3484 mrxsmb - ok
22:04:29.0953 3484 [ F0067552F8F9B33D7C59403AB808A3CB ] mrxsmb10 C:\Windows\system32\DRIVERS\mrxsmb10.sys
22:04:29.0953 3484 mrxsmb10 - ok
22:04:29.0968 3484 [ 3C142D31DE9F2F193218A53FE2632051 ] mrxsmb20 C:\Windows\system32\DRIVERS\mrxsmb20.sys
22:04:29.0968 3484 mrxsmb20 - ok
22:04:29.0968 3484 [ 5C37497276E3B3A5488B23A326A754B7 ] msahci C:\Windows\system32\DRIVERS\msahci.sys
22:04:29.0968 3484 msahci - ok
22:04:29.0968 3484 [ 8D27B597229AED79430FB9DB3BCBFBD0 ] msdsm C:\Windows\system32\DRIVERS\msdsm.sys
22:04:29.0968 3484 msdsm - ok
22:04:29.0984 3484 [ DE0ECE52236CFA3ED2DBFC03F28253A8 ] MSDTC C:\Windows\System32\msdtc.exe
22:04:29.0984 3484 MSDTC - ok
22:04:29.0984 3484 [ AA3FB40E17CE1388FA1BEDAB50EA8F96 ] Msfs C:\Windows\system32\drivers\Msfs.sys
22:04:29.0984 3484 Msfs - ok
22:04:30.0000 3484 [ F9D215A46A8B9753F61767FA72A20326 ] mshidkmdf C:\Windows\System32\drivers\mshidkmdf.sys
22:04:30.0000 3484 mshidkmdf - ok
22:04:30.0000 3484 [ D916874BBD4F8B07BFB7FA9B3CCAE29D ] msisadrv C:\Windows\system32\DRIVERS\msisadrv.sys
22:04:30.0000 3484 msisadrv - ok
22:04:30.0000 3484 [ 808E98FF49B155C522E6400953177B08 ] MSiSCSI C:\Windows\system32\iscsiexe.dll
22:04:30.0015 3484 MSiSCSI - ok
22:04:30.0015 3484 msiserver - ok
22:04:30.0015 3484 [ 49CCF2C4FEA34FFAD8B1B59D49439366 ] MSKSSRV C:\Windows\system32\drivers\MSKSSRV.sys
22:04:30.0015 3484 MSKSSRV - ok
22:04:30.0015 3484 [ BDD71ACE35A232104DDD349EE70E1AB3 ] MSPCLOCK C:\Windows\system32\drivers\MSPCLOCK.sys
22:04:30.0015 3484 MSPCLOCK - ok
22:04:30.0031 3484 [ 4ED981241DB27C3383D72092B618A1D0 ] MSPQM C:\Windows\system32\drivers\MSPQM.sys
22:04:30.0031 3484 MSPQM - ok
22:04:30.0031 3484 [ 89CB141AA8616D8C6A4610FA26C60964 ] MsRPC C:\Windows\system32\drivers\MsRPC.sys
22:04:30.0031 3484 MsRPC - ok
22:04:30.0046 3484 [ 0EED230E37515A0EAEE3C2E1BC97B288 ] mssmbios C:\Windows\system32\DRIVERS\mssmbios.sys
22:04:30.0046 3484 mssmbios - ok
22:04:30.0046 3484 [ 2E66F9ECB30B4221A318C92AC2250779 ] MSTEE C:\Windows\system32\drivers\MSTEE.sys
22:04:30.0046 3484 MSTEE - ok
22:04:30.0046 3484 [ 7EA404308934E675BFFDE8EDF0757BCD ] MTConfig C:\Windows\system32\DRIVERS\MTConfig.sys
22:04:30.0046 3484 MTConfig - ok
22:04:30.0046 3484 [ F9A18612FD3526FE473C1BDA678D61C8 ] Mup C:\Windows\system32\Drivers\mup.sys
22:04:30.0046 3484 Mup - ok
22:04:30.0062 3484 [ 4987E079A4530FA737A128BE54B63B12 ] napagent C:\Windows\system32\qagentRT.dll
22:04:30.0062 3484 napagent - ok
22:04:30.0078 3484 [ 1EA3749C4114DB3E3161156FFFFA6B33 ] NativeWifiP C:\Windows\system32\DRIVERS\nwifi.sys
22:04:30.0078 3484 NativeWifiP - ok
22:04:30.0093 3484 [ CAD515DBD07D082BB317D9928CE8962C ] NDIS C:\Windows\system32\drivers\ndis.sys
22:04:30.0093 3484 NDIS - ok
22:04:30.0109 3484 [ 9F9A1F53AAD7DA4D6FEF5BB73AB811AC ] NdisCap C:\Windows\system32\DRIVERS\ndiscap.sys
22:04:30.0109 3484 NdisCap - ok
22:04:30.0109 3484 [ 30639C932D9FEF22B31268FE25A1B6E5 ] NdisTapi C:\Windows\system32\DRIVERS\ndistapi.sys
22:04:30.0109 3484 NdisTapi - ok
22:04:30.0109 3484 [ F105BA1E22BF1F2EE8F005D4305E4BEC ] Ndisuio C:\Windows\system32\DRIVERS\ndisuio.sys
22:04:30.0109 3484 Ndisuio - ok
22:04:30.0124 3484 [ 557DFAB9CA1FCB036AC77564C010DAD3 ] NdisWan C:\Windows\system32\DRIVERS\ndiswan.sys
22:04:30.0124 3484 NdisWan - ok
22:04:30.0124 3484 [ 659B74FB74B86228D6338D643CD3E3CF ] NDProxy C:\Windows\system32\drivers\NDProxy.sys
22:04:30.0124 3484 NDProxy - ok
22:04:30.0124 3484 [ 86743D9F5D2B1048062B14B1D84501C4 ] NetBIOS C:\Windows\system32\DRIVERS\netbios.sys
22:04:30.0124 3484 NetBIOS - ok
22:04:30.0140 3484 [ 9162B273A44AB9DCE5B44362731D062A ] NetBT C:\Windows\system32\DRIVERS\netbt.sys
22:04:30.0140 3484 NetBT - ok
22:04:30.0140 3484 [ 156F6159457D0AA7E59B62681B56EB90 ] Netlogon C:\Windows\system32\lsass.exe
22:04:30.0140 3484 Netlogon - ok
22:04:30.0156 3484 [ 847D3AE376C0817161A14A82C8922A9E ] Netman C:\Windows\System32\netman.dll
22:04:30.0156 3484 Netman - ok
22:04:30.0156 3484 [ D22CD77D4F0D63D1169BB35911BFF12D ] NetMsmqActivator C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
22:04:30.0156 3484 NetMsmqActivator - ok
22:04:30.0171 3484 [ D22CD77D4F0D63D1169BB35911BFF12D ] NetPipeActivator C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
22:04:30.0171 3484 NetPipeActivator - ok
22:04:30.0171 3484 [ 5F28111C648F1E24F7DBC87CDEB091B8 ] netprofm C:\Windows\System32\netprofm.dll
22:04:30.0171 3484 netprofm - ok
22:04:30.0187 3484 [ D22CD77D4F0D63D1169BB35911BFF12D ] NetTcpActivator C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
22:04:30.0187 3484 NetTcpActivator - ok
22:04:30.0187 3484 [ D22CD77D4F0D63D1169BB35911BFF12D ] NetTcpPortSharing C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
22:04:30.0187 3484 NetTcpPortSharing - ok
22:04:30.0187 3484 [ 77889813BE4D166CDAB78DDBA990DA92 ] nfrd960 C:\Windows\system32\DRIVERS\nfrd960.sys
22:04:30.0187 3484 nfrd960 - ok
22:04:30.0202 3484 [ D9A0CE66046D6EFA0C61BAA885CBA0A8 ] NlaSvc C:\Windows\System32\nlasvc.dll
22:04:30.0202 3484 NlaSvc - ok
22:04:30.0202 3484 [ 1E4C4AB5C9B8DD13179BBDC75A2A01F7 ] Npfs C:\Windows\system32\drivers\Npfs.sys
22:04:30.0202 3484 Npfs - ok
22:04:30.0218 3484 [ D54BFDF3E0C953F823B3D0BFE4732528 ] nsi C:\Windows\system32\nsisvc.dll
22:04:30.0218 3484 nsi - ok
22:04:30.0218 3484 [ E7F5AE18AF4168178A642A9247C63001 ] nsiproxy C:\Windows\system32\drivers\nsiproxy.sys
22:04:30.0218 3484 nsiproxy - ok
22:04:30.0233 3484 [ 356698A13C4630D5B31C37378D469196 ] Ntfs C:\Windows\system32\drivers\Ntfs.sys
22:04:30.0249 3484 Ntfs - ok
22:04:30.0265 3484 [ 9899284589F75FA8724FF3D16AED75C1 ] Null C:\Windows\system32\drivers\Null.sys
22:04:30.0265 3484 Null - ok
22:04:30.0265 3484 [ 3E38712941E9BB4DDBEE00AFFE3FED3D ] nvraid C:\Windows\system32\DRIVERS\nvraid.sys
22:04:30.0265 3484 nvraid - ok
22:04:30.0280 3484 [ 477DC4D6DEB99BE37084C9AC6D013DA1 ] nvstor C:\Windows\system32\DRIVERS\nvstor.sys
22:04:30.0280 3484 nvstor - ok
22:04:30.0280 3484 [ 270D7CD42D6E3979F6DD0146650F0E05 ] nv_agp C:\Windows\system32\DRIVERS\nv_agp.sys
22:04:30.0280 3484 nv_agp - ok
22:04:30.0296 3484 [ 1F0E05DFF4F5A833168E49BE1256F002 ] odserv C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE12\ODSERV.EXE
22:04:30.0296 3484 odserv - ok
22:04:30.0296 3484 [ 3589478E4B22CE21B41FA1BFC0B8B8A0 ] ohci1394 C:\Windows\system32\DRIVERS\ohci1394.sys
22:04:30.0296 3484 ohci1394 - ok
22:04:30.0311 3484 [ 5A432A042DAE460ABE7199B758E8606C ] ose C:\Program Files (x86)\Common Files\Microsoft Shared\Source Engine\OSE.EXE
22:04:30.0311 3484 ose - ok
22:04:30.0311 3484 [ 3EAC4455472CC2C97107B5291E0DCAFE ] p2pimsvc C:\Windows\system32\pnrpsvc.dll
22:04:30.0327 3484 p2pimsvc - ok
22:04:30.0327 3484 [ 927463ECB02179F88E4B9A17568C63C3 ] p2psvc C:\Windows\system32\p2psvc.dll
22:04:30.0343 3484 p2psvc - ok
22:04:30.0343 3484 [ 0086431C29C35BE1DBC43F52CC273887 ] Parport C:\Windows\system32\DRIVERS\parport.sys
22:04:30.0343 3484 Parport - ok
22:04:30.0343 3484 [ 90061B1ACFE8CCAA5345750FFE08D8B8 ] partmgr C:\Windows\system32\drivers\partmgr.sys
22:04:30.0343 3484 partmgr - ok
22:04:30.0358 3484 [ 3AEAA8B561E63452C655DC0584922257 ] PcaSvc C:\Windows\System32\pcasvc.dll
22:04:30.0358 3484 PcaSvc - ok
22:04:30.0358 3484 [ F36F6504009F2FB0DFD1B17A116AD74B ] pci C:\Windows\system32\DRIVERS\pci.sys
22:04:30.0358 3484 pci - ok
22:04:30.0374 3484 [ B5B8B5EF2E5CB34DF8DCF8831E3534FA ] pciide C:\Windows\system32\DRIVERS\pciide.sys
22:04:30.0374 3484 pciide - ok
22:04:30.0374 3484 [ B2E81D4E87CE48589F98CB8C05B01F2F ] pcmcia C:\Windows\system32\DRIVERS\pcmcia.sys
22:04:30.0374 3484 pcmcia - ok
22:04:30.0374 3484 [ D6B9C2E1A11A3A4B26A182FFEF18F603 ] pcw C:\Windows\system32\drivers\pcw.sys
22:04:30.0374 3484 pcw - ok
22:04:30.0389 3484 [ 68769C3356B3BE5D1C732C97B9A80D6E ] PEAUTH C:\Windows\system32\drivers\peauth.sys
22:04:30.0389 3484 PEAUTH - ok
22:04:30.0421 3484 [ B9B0A4299DD2D76A4243F75FD54DC680 ] PeerDistSvc C:\Windows\system32\peerdistsvc.dll
22:04:30.0421 3484 PeerDistSvc - ok
22:04:30.0436 3484 [ E495E408C93141E8FC72DC0C6046DDFA ] PerfHost C:\Windows\SysWow64\perfhost.exe
22:04:30.0436 3484 PerfHost - ok
22:04:30.0467 3484 [ 557E9A86F65F0DE18C9B6751DFE9D3F1 ] pla C:\Windows\system32\pla.dll
22:04:30.0483 3484 pla - ok
22:04:30.0483 3484 [ 98B1721B8718164293B9701B98C52D77 ] PlugPlay C:\Windows\system32\umpnpmgr.dll
22:04:30.0499 3484 PlugPlay - ok
22:04:30.0499 3484 [ 7195581CEC9BB7D12ABE54036ACC2E38 ] PNRPAutoReg C:\Windows\system32\pnrpauto.dll
22:04:30.0499 3484 PNRPAutoReg - ok
22:04:30.0499 3484 [ 3EAC4455472CC2C97107B5291E0DCAFE ] PNRPsvc C:\Windows\system32\pnrpsvc.dll
22:04:30.0499 3484 PNRPsvc - ok
22:04:30.0514 3484 [ 166EB40D1F5B47E615DE3D0FFFE5F243 ] PolicyAgent C:\Windows\System32\ipsecsvc.dll
22:04:30.0514 3484 PolicyAgent - ok
22:04:30.0530 3484 [ 6BA9D927DDED70BD1A9CADED45F8B184 ] Power C:\Windows\system32\umpo.dll
22:04:30.0530 3484 Power - ok
22:04:30.0530 3484 [ 27CC19E81BA5E3403C48302127BDA717 ] PptpMiniport C:\Windows\system32\DRIVERS\raspptp.sys
22:04:30.0530 3484 PptpMiniport - ok
22:04:30.0545 3484 [ 0D922E23C041EFB1C3FAC2A6F943C9BF ] Processor C:\Windows\system32\DRIVERS\processr.sys
22:04:30.0545 3484 Processor - ok
22:04:30.0545 3484 [ F381975E1F4346DE875CB07339CE8D3A ] ProfSvc C:\Windows\system32\profsvc.dll
22:04:30.0545 3484 ProfSvc - ok
22:04:30.0561 3484 [ 156F6159457D0AA7E59B62681B56EB90 ] ProtectedStorage C:\Windows\system32\lsass.exe
22:04:30.0561 3484 ProtectedStorage - ok
22:04:30.0561 3484 [ EE992183BD8EAEFD9973F352E587A299 ] Psched C:\Windows\system32\DRIVERS\pacer.sys
22:04:30.0561 3484 Psched - ok
22:04:30.0561 3484 [ 45FF9E4EC506FCA0C263A3299809B73A ] QBCFMonitorService C:\Program Files (x86)\Common Files\Intuit\QuickBooks\QBCFMonitorService.exe
22:04:30.0561 3484 QBCFMonitorService - ok
22:04:30.0577 3484 [ 6BEE1814470DC12FA20C53DFC3C97EBB ] QBFCService C:\Program Files (x86)\Common Files\Intuit\QuickBooks\FCS\Intuit.QuickBooks.FCS.exe
22:04:30.0577 3484 QBFCService - ok
22:04:30.0592 3484 [ 8F5B666C7035DEEB6D945F4E4647C96A ] QBVSS C:\Program Files (x86)\Common Files\Intuit\DataProtect\QBIDPService.exe
22:04:30.0592 3484 QBVSS - ok
22:04:30.0608 3484 [ A53A15A11EBFD21077463EE2C7AFEEF0 ] ql2300 C:\Windows\system32\DRIVERS\ql2300.sys
22:04:30.0623 3484 ql2300 - ok
22:04:30.0639 3484 [ 4F6D12B51DE1AAEFF7DC58C4D75423C8 ] ql40xx C:\Windows\system32\DRIVERS\ql40xx.sys
22:04:30.0639 3484 ql40xx - ok
22:04:30.0639 3484 QuickBooksDB19 - ok
22:04:30.0639 3484 QuickBooksDB20 - ok
22:04:30.0655 3484 QuickBooksDB21 - ok
22:04:30.0655 3484 QuickBooksDB22 - ok
22:04:30.0670 3484 [ 906191634E99AEA92C4816150BDA3732 ] QWAVE C:\Windows\system32\qwave.dll
22:04:30.0670 3484 QWAVE - ok
22:04:30.0670 3484 [ 76707BB36430888D9CE9D705398ADB6C ] QWAVEdrv C:\Windows\system32\drivers\qwavedrv.sys
22:04:30.0670 3484 QWAVEdrv - ok
22:04:30.0670 3484 [ A55E7D0D873B2C97585B3B5926AC6ADE ] RapiMgr C:\Windows\WindowsMobile\rapimgr.dll
22:04:30.0686 3484 RapiMgr - ok
22:04:30.0686 3484 [ 5A0DA8AD5762FA2D91678A8A01311704 ] RasAcd C:\Windows\system32\DRIVERS\rasacd.sys
22:04:30.0686 3484 RasAcd - ok
22:04:30.0686 3484 [ 7ECFF9B22276B73F43A99A15A6094E90 ] RasAgileVpn C:\Windows\system32\DRIVERS\AgileVpn.sys
22:04:30.0686 3484 RasAgileVpn - ok
22:04:30.0686 3484 [ 8F26510C5383B8DBE976DE1CD00FC8C7 ] RasAuto C:\Windows\System32\rasauto.dll
22:04:30.0701 3484 RasAuto - ok
22:04:30.0701 3484 [ 87A6E852A22991580D6D39ADC4790463 ] Rasl2tp C:\Windows\system32\DRIVERS\rasl2tp.sys
22:04:30.0701 3484 Rasl2tp - ok
22:04:30.0701 3484 [ 47394ED3D16D053F5906EFE5AB51CC83 ] RasMan C:\Windows\System32\rasmans.dll
22:04:30.0717 3484 RasMan - ok
22:04:30.0717 3484 [ 855C9B1CD4756C5E9A2AA58A15F58C25 ] RasPppoe C:\Windows\system32\DRIVERS\raspppoe.sys
22:04:30.0717 3484 RasPppoe - ok
22:04:30.0717 3484 [ E8B1E447B008D07FF47D016C2B0EEECB ] RasSstp C:\Windows\system32\DRIVERS\rassstp.sys
22:04:30.0717 3484 RasSstp - ok
22:04:30.0733 3484 [ 3BAC8142102C15D59A87757C1D41DCE5 ] rdbss C:\Windows\system32\DRIVERS\rdbss.sys
22:04:30.0733 3484 rdbss - ok
22:04:30.0733 3484 [ 302DA2A0539F2CF54D7C6CC30C1F2D8D ] rdpbus C:\Windows\system32\DRIVERS\rdpbus.sys
22:04:30.0733 3484 rdpbus - ok
22:04:30.0733 3484 [ CEA6CC257FC9B7715F1C2B4849286D24 ] RDPCDD C:\Windows\system32\DRIVERS\RDPCDD.sys
22:04:30.0733 3484 RDPCDD - ok
22:04:30.0748 3484 [ 9706B84DBABFC4B4CA46C5A82B14DFA3 ] RDPDR C:\Windows\system32\drivers\rdpdr.sys
22:04:30.0748 3484 RDPDR - ok
22:04:30.0748 3484 [ BB5971A4F00659529A5C44831AF22365 ] RDPENCDD C:\Windows\system32\drivers\rdpencdd.sys
22:04:30.0748 3484 RDPENCDD - ok
22:04:30.0764 3484 [ 216F3FA57533D98E1F74DED70113177A ] RDPREFMP C:\Windows\system32\drivers\rdprefmp.sys
22:04:30.0764 3484 RDPREFMP - ok
22:04:30.0764 3484 [ 447DE7E3DEA39D422C1504F245B668B1 ] RDPWD C:\Windows\system32\drivers\RDPWD.sys
22:04:30.0764 3484 RDPWD - ok
22:04:30.0779 3484 [ 634B9A2181D98F15941236886164EC8B ] rdyboost C:\Windows\system32\drivers\rdyboost.sys
22:04:30.0779 3484 rdyboost - ok
22:04:30.0779 3484 [ 254FB7A22D74E5511C73A3F6D802F192 ] RemoteAccess C:\Windows\System32\mprdim.dll
22:04:30.0779 3484 RemoteAccess - ok
22:04:30.0779 3484 [ E4D94F24081440B5FC5AA556C7C62702 ] RemoteRegistry C:\Windows\system32\regsvc.dll
22:04:30.0795 3484 RemoteRegistry - ok
22:04:30.0795 3484 [ E4DC58CF7B3EA515AE917FF0D402A7BB ] RpcEptMapper C:\Windows\System32\RpcEpMap.dll
22:04:30.0795 3484 RpcEptMapper - ok
22:04:30.0795 3484 [ D5BA242D4CF8E384DB90E6A8ED850B8C ] RpcLocator C:\Windows\system32\locator.exe
22:04:30.0795 3484 RpcLocator - ok
22:04:30.0811 3484 [ 7266972E86890E2B30C0C322E906B027 ] RpcSs C:\Windows\system32\rpcss.dll
22:04:30.0811 3484 RpcSs - ok
22:04:30.0811 3484 [ DDC86E4F8E7456261E637E3552E804FF ] rspndr C:\Windows\system32\DRIVERS\rspndr.sys
22:04:30.0811 3484 rspndr - ok
22:04:30.0826 3484 [ 88AF6E02AB19DF7FD07ECDF9C91E9AF6 ] s3cap C:\Windows\system32\DRIVERS\vms3cap.sys
22:04:30.0826 3484 s3cap - ok
22:04:30.0826 3484 [ 156F6159457D0AA7E59B62681B56EB90 ] SamSs C:\Windows\system32\lsass.exe
22:04:30.0826 3484 SamSs - ok
22:04:30.0826 3484 [ E3BBB89983DAF5622C1D50CF49F28227 ] sbp2port C:\Windows\system32\DRIVERS\sbp2port.sys
22:04:30.0826 3484 sbp2port - ok
22:04:30.0842 3484 [ 9B7395789E3791A3B6D000FE6F8B131E ] SCardSvr C:\Windows\System32\SCardSvr.dll
22:04:30.0842 3484 SCardSvr - ok
22:04:30.0842 3484 [ C94DA20C7E3BA1DCA269BC8460D98387 ] scfilter C:\Windows\system32\DRIVERS\scfilter.sys
22:04:30.0842 3484 scfilter - ok
22:04:30.0857 3484 [ 624D0F5FF99428BB90A5B8A4123E918E ] Schedule C:\Windows\system32\schedsvc.dll
22:04:30.0873 3484 Schedule - ok
22:04:30.0873 3484 [ 312E2F82AF11E79906898AC3E3D58A1F ] SCPolicySvc C:\Windows\System32\certprop.dll
22:04:30.0873 3484 SCPolicySvc - ok
22:04:30.0873 3484 [ 765A27C3279CE11D14CB9E4F5869FCA5 ] SDRSVC C:\Windows\System32\SDRSVC.dll
22:04:30.0888 3484 SDRSVC - ok
22:04:30.0888 3484 [ CA7E42E0B8D117165ED553A7D681352A ] SeaPort C:\Program Files (x86)\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
22:04:30.0888 3484 SeaPort - ok
22:04:30.0888 3484 [ 3EA8A16169C26AFBEB544E0E48421186 ] secdrv C:\Windows\system32\drivers\secdrv.sys
22:04:30.0888 3484 secdrv - ok
22:04:30.0904 3484 [ 463B386EBC70F98DA5DFF85F7E654346 ] seclogon C:\Windows\system32\seclogon.dll
22:04:30.0904 3484 seclogon - ok
22:04:30.0904 3484 [ C32AB8FA018EF34C0F113BD501436D21 ] SENS C:\Windows\system32\sens.dll
22:04:30.0904 3484 SENS - ok
22:04:30.0904 3484 [ 0336CFFAFAAB87A11541F1CF1594B2B2 ] SensrSvc C:\Windows\system32\sensrsvc.dll
22:04:30.0904 3484 SensrSvc - ok
22:04:30.0920 3484 [ CB624C0035412AF0DEBEC78C41F5CA1B ] Serenum C:\Windows\system32\DRIVERS\serenum.sys
22:04:30.0920 3484 Serenum - ok
22:04:30.0920 3484 [ C1D8E28B2C2ADFAEC4BA89E9FDA69BD6 ] Serial C:\Windows\system32\DRIVERS\serial.sys
22:04:30.0920 3484 Serial - ok
22:04:30.0920 3484 [ 1C545A7D0691CC4A027396535691C3E3 ] sermouse C:\Windows\system32\DRIVERS\sermouse.sys
22:04:30.0920 3484 sermouse - ok
22:04:30.0935 3484 [ C3BC61CE47FF6F4E88AB8A3B429A36AF ] SessionEnv C:\Windows\system32\sessenv.dll
22:04:30.0935 3484 SessionEnv - ok
22:04:30.0935 3484 [ A554811BCD09279536440C964AE35BBF ] sffdisk C:\Windows\system32\DRIVERS\sffdisk.sys
22:04:30.0935 3484 sffdisk - ok
22:04:30.0951 3484 [ FF414F0BAEFEBA59BC6C04B3DB0B87BF ] sffp_mmc C:\Windows\system32\DRIVERS\sffp_mmc.sys
22:04:30.0951 3484 sffp_mmc - ok
22:04:30.0951 3484 [ 5588B8C6193EB1522490C122EB94DFFA ] sffp_sd C:\Windows\system32\DRIVERS\sffp_sd.sys
22:04:30.0951 3484 sffp_sd - ok
22:04:30.0951 3484 [ A9D601643A1647211A1EE2EC4E433FF4 ] sfloppy C:\Windows\system32\DRIVERS\sfloppy.sys
22:04:30.0951 3484 sfloppy - ok
22:04:30.0966 3484 [ B95F6501A2F8B2E78C697FEC401970CE ] SharedAccess C:\Windows\System32\ipnathlp.dll
22:04:30.0966 3484 SharedAccess - ok
22:04:30.0966 3484 [ 0298AC45D0EFFFB2DB4BAA7DD186E7BF ] ShellHWDetection C:\Windows\System32\shsvcs.dll
22:04:30.0982 3484 ShellHWDetection - ok
22:04:30.0982 3484 [ 843CAF1E5FDE1FFD5FF768F23A51E2E1 ] SiSRaid2 C:\Windows\system32\DRIVERS\SiSRaid2.sys
22:04:30.0982 3484 SiSRaid2 - ok
22:04:30.0982 3484 [ 6A6C106D42E9FFFF8B9FCB4F754F6DA4 ] SiSRaid4 C:\Windows\system32\DRIVERS\sisraid4.sys
22:04:30.0982 3484 SiSRaid4 - ok
22:04:30.0998 3484 [ 548260A7B8654E024DC30BF8A7C5BAA4 ] Smb C:\Windows\system32\DRIVERS\smb.sys
22:04:30.0998 3484 Smb - ok
22:04:30.0998 3484 [ 6313F223E817CC09AA41811DAA7F541D ] SNMPTRAP C:\Windows\System32\snmptrap.exe
22:04:30.0998 3484 SNMPTRAP - ok
22:04:30.0998 3484 [ B9E31E5CACDFE584F34F730A677803F9 ] spldr C:\Windows\system32\drivers\spldr.sys
22:04:30.0998 3484 spldr - ok
22:04:31.0013 3484 [ F8E1FA03CB70D54A9892AC88B91D1E7B ] Spooler C:\Windows\System32\spoolsv.exe
22:04:31.0013 3484 Spooler - ok
22:04:31.0060 3484 [ 913D843498553A1BC8F8DBAD6358E49F ] sppsvc C:\Windows\system32\sppsvc.exe
22:04:31.0091 3484 sppsvc - ok
22:04:31.0091 3484 [ 93D7D61317F3D4BC4F4E9F8A96A7DE45 ] sppuinotify C:\Windows\system32\sppuinotify.dll
22:04:31.0091 3484 sppuinotify - ok
22:04:31.0107 3484 [ 2408C0366D96BCDF63E8F1C78E4A29C5 ] srv C:\Windows\system32\DRIVERS\srv.sys
22:04:31.0107 3484 srv - ok
22:04:31.0122 3484 [ 76548F7B818881B47D8D1AE1BE9C11F8 ] srv2 C:\Windows\system32\DRIVERS\srv2.sys
22:04:31.0122 3484 srv2 - ok
22:04:31.0122 3484 [ 0AF6E19D39C70844C5CAA8FB0183C36E ] srvnet C:\Windows\system32\DRIVERS\srvnet.sys
22:04:31.0122 3484 srvnet - ok
22:04:31.0138 3484 [ 51B52FBD583CDE8AA9BA62B8B4298F33 ] SSDPSRV C:\Windows\System32\ssdpsrv.dll
22:04:31.0138 3484 SSDPSRV - ok
22:04:31.0138 3484 [ AB7AEBF58DAD8DAAB7A6C45E6A8885CB ] SstpSvc C:\Windows\system32\sstpsvc.dll
22:04:31.0138 3484 SstpSvc - ok
22:04:31.0154 3484 [ F3817967ED533D08327DC73BC4D5542A ] stexstor C:\Windows\system32\DRIVERS\stexstor.sys
22:04:31.0154 3484 stexstor - ok
22:04:31.0154 3484 [ 52D0E33B681BD0F33FDC08812FEE4F7D ] stisvc C:\Windows\System32\wiaservc.dll
22:04:31.0169 3484 stisvc - ok
22:04:31.0169 3484 [ FFD7A6F15B14234B5B0E5D49E7961895 ] storflt C:\Windows\system32\DRIVERS\vmstorfl.sys
22:04:31.0169 3484 storflt - ok
22:04:31.0169 3484 [ C40841817EF57D491F22EB103DA587CC ] StorSvc C:\Windows\system32\storsvc.dll
22:04:31.0169 3484 StorSvc - ok
22:04:31.0185 3484 [ 8FCCBEFC5C440B3C23454656E551B09A ] storvsc C:\Windows\system32\DRIVERS\storvsc.sys
22:04:31.0185 3484 storvsc - ok
22:04:31.0185 3484 [ D01EC09B6711A5F8E7E6564A4D0FBC90 ] swenum C:\Windows\system32\DRIVERS\swenum.sys
22:04:31.0185 3484 swenum - ok
22:04:31.0200 3484 [ E08E46FDD841B7184194011CA1955A0B ] swprv C:\Windows\System32\swprv.dll
22:04:31.0200 3484 swprv - ok
22:04:31.0232 3484 [ 3C1284516A62078FB68F768DE4F1A7BE ] SysMain C:\Windows\system32\sysmain.dll
22:04:31.0247 3484 SysMain - ok
22:04:31.0247 3484 [ 238935C3CF2854886DC7CBB2A0E2CC66 ] TabletInputService C:\Windows\System32\TabSvc.dll
22:04:31.0247 3484 TabletInputService - ok
22:04:31.0263 3484 [ 884264AC597B690C5707C89723BB8E7B ] TapiSrv C:\Windows\System32\tapisrv.dll
22:04:31.0263 3484 TapiSrv - ok
22:04:31.0263 3484 [ 1BE03AC720F4D302EA01D40F588162F6 ] TBS C:\Windows\System32\tbssvc.dll
22:04:31.0263 3484 TBS - ok
22:04:31.0278 3484 [ 624C5B3AA4C99B3184BB922D9ECE3FF0 ] Tcpip C:\Windows\system32\drivers\tcpip.sys
22:04:31.0310 3484 Tcpip - ok
22:04:31.0325 3484 [ 624C5B3AA4C99B3184BB922D9ECE3FF0 ] TCPIP6 C:\Windows\system32\DRIVERS\tcpip.sys
22:04:31.0341 3484 TCPIP6 - ok
22:04:31.0341 3484 [ 76D078AF6F587B162D50210F761EB9ED ] tcpipreg C:\Windows\system32\drivers\tcpipreg.sys
22:04:31.0341 3484 tcpipreg - ok
22:04:31.0341 3484 [ 3371D21011695B16333A3934340C4E7C ] TDPIPE C:\Windows\system32\drivers\tdpipe.sys
22:04:31.0341 3484 TDPIPE - ok
22:04:31.0356 3484 [ 7518F7BCFD4B308ABC9192BACAF6C970 ] TDTCP C:\Windows\system32\drivers\tdtcp.sys
22:04:31.0356 3484 TDTCP - ok
22:04:31.0356 3484 [ 079125C4B17B01FCAEEBCE0BCB290C0F ] tdx C:\Windows\system32\DRIVERS\tdx.sys
22:04:31.0356 3484 tdx - ok
22:04:31.0356 3484 [ C448651339196C0E869A355171875522 ] TermDD C:\Windows\system32\DRIVERS\termdd.sys
22:04:31.0356 3484 TermDD - ok
22:04:31.0372 3484 [ 0F05EC2887BFE197AD82A13287D2F404 ] TermService C:\Windows\System32\termsrv.dll
22:04:31.0388 3484 TermService - ok
22:04:31.0388 3484 [ F0344071948D1A1FA732231785A0664C ] Themes C:\Windows\system32\themeservice.dll
22:04:31.0388 3484 Themes - ok
22:04:31.0388 3484 [ E40E80D0304A73E8D269F7141D77250B ] THREADORDER C:\Windows\system32\mmcss.dll
22:04:31.0388 3484 THREADORDER - ok
22:04:31.0403 3484 [ DBCC20C02E8A3E43B03C304A4E40A84F ] TPM C:\Windows\system32\drivers\tpm.sys
22:04:31.0403 3484 TPM - ok
22:04:31.0403 3484 [ 7E7AFD841694F6AC397E99D75CEAD49D ] TrkWks C:\Windows\System32\trkwks.dll
22:04:31.0403 3484 TrkWks - ok
22:04:31.0403 3484 [ 840F7FB849F5887A49BA18C13B2DA920 ] TrustedInstaller C:\Windows\servicing\TrustedInstaller.exe
22:04:31.0419 3484 TrustedInstaller - ok
22:04:31.0419 3484 [ 61B96C26131E37B24E93327A0BD1FB95 ] tssecsrv C:\Windows\system32\DRIVERS\tssecsrv.sys
22:04:31.0419 3484 tssecsrv - ok
22:04:31.0419 3484 [ 3836171A2CDF3AF8EF10856DB9835A70 ] tunnel C:\Windows\system32\DRIVERS\tunnel.sys
22:04:31.0419 3484 tunnel - ok
22:04:31.0419 3484 [ B4DD609BD7E282BFC683CEC7EAAAAD67 ] uagp35 C:\Windows\system32\DRIVERS\uagp35.sys
22:04:31.0434 3484 uagp35 - ok
22:04:31.0434 3484 [ D47BAEAD86C65D4F4069D7CE0A4EDCEB ] udfs C:\Windows\system32\DRIVERS\udfs.sys
22:04:31.0434 3484 udfs - ok
22:04:31.0450 3484 [ 3CBDEC8D06B9968ABA702EBA076364A1 ] UI0Detect C:\Windows\system32\UI0Detect.exe
22:04:31.0450 3484 UI0Detect - ok
22:04:31.0450 3484 [ 4BFE1BC28391222894CBF1E7D0E42320 ] uliagpkx C:\Windows\system32\DRIVERS\uliagpkx.sys
22:04:31.0450 3484 uliagpkx - ok
22:04:31.0450 3484 [ EAB6C35E62B1B0DB0D1B48B671D3A117 ] umbus C:\Windows\system32\DRIVERS\umbus.sys
22:04:31.0450 3484 umbus - ok
22:04:31.0466 3484 [ B2E8E8CB557B156DA5493BBDDCC1474D ] UmPass C:\Windows\system32\DRIVERS\umpass.sys
22:04:31.0466 3484 UmPass - ok
22:04:31.0466 3484 [ AF0AC98EE5077EB844413EB54287FDE3 ] UmRdpService C:\Windows\System32\umrdp.dll
22:04:31.0466 3484 UmRdpService - ok
22:04:31.0481 3484 [ D47EC6A8E81633DD18D2436B19BAF6DE ] upnphost C:\Windows\System32\upnphost.dll
22:04:31.0481 3484 upnphost - ok
22:04:31.0497 3484 [ B26AFB54A534D634523C4FB66765B026 ] usbccgp C:\Windows\system32\DRIVERS\usbccgp.sys
22:04:31.0497 3484 usbccgp - ok
22:04:31.0497 3484 [ AF0892A803FDDA7492F595368E3B68E7 ] usbcir C:\Windows\system32\DRIVERS\usbcir.sys
22:04:31.0497 3484 usbcir - ok
22:04:31.0497 3484 [ 2EA4AFF7BE7EB4632E3AA8595B0803B5 ] usbehci C:\Windows\system32\DRIVERS\usbehci.sys
22:04:31.0497 3484 usbehci - ok
22:04:31.0512 3484 [ 4C9042B8DF86C1E8E6240C218B99B39B ] usbhub C:\Windows\system32\DRIVERS\usbhub.sys
22:04:31.0512 3484 usbhub - ok
22:04:31.0512 3484 [ 58E546BBAF87664FC57E0F6081E4F609 ] usbohci C:\Windows\system32\DRIVERS\usbohci.sys
22:04:31.0512 3484 usbohci - ok
22:04:31.0528 3484 [ 73188F58FB384E75C4063D29413CEE3D ] usbprint C:\Windows\system32\DRIVERS\usbprint.sys
22:04:31.0528 3484 usbprint - ok
22:04:31.0528 3484 [ 080D3820DA6C046BE82FC8B45A893E83 ] USBSTOR C:\Windows\system32\DRIVERS\USBSTOR.SYS
22:04:31.0528 3484 USBSTOR - ok
22:04:31.0528 3484 [ 81FB2216D3A60D1284455D511797DB3D ] usbuhci C:\Windows\system32\DRIVERS\usbuhci.sys
22:04:31.0544 3484 usbuhci - ok
22:04:31.0544 3484 [ 70D05EE263568A742D14E1876DF80532 ] usb_rndisx C:\Windows\system32\DRIVERS\usb8023x.sys
22:04:31.0544 3484 usb_rndisx - ok
22:04:31.0544 3484 [ EDBB23CBCF2CDF727D64FF9B51A6070E ] UxSms C:\Windows\System32\uxsms.dll
22:04:31.0544 3484 UxSms - ok
22:04:31.0559 3484 [ 156F6159457D0AA7E59B62681B56EB90 ] VaultSvc C:\Windows\system32\lsass.exe
22:04:31.0559 3484 VaultSvc - ok
22:04:31.0559 3484 [ C5C876CCFC083FF3B128F933823E87BD ] vdrvroot C:\Windows\system32\DRIVERS\vdrvroot.sys
22:04:31.0559 3484 vdrvroot - ok
22:04:31.0559 3484 [ 44D73E0BBC1D3C8981304BA15135C2F2 ] vds C:\Windows\System32\vds.exe
22:04:31.0575 3484 vds - ok
22:04:31.0575 3484 [ DA4DA3F5E02943C2DC8C6ED875DE68DD ] vga C:\Windows\system32\DRIVERS\vgapnp.sys
22:04:31.0575 3484 vga - ok
22:04:31.0590 3484 [ 53E92A310193CB3C03BEA963DE7D9CFC ] VgaSave C:\Windows\System32\drivers\vga.sys
22:04:31.0590 3484 VgaSave - ok
22:04:31.0590 3484 [ C82E748660F62A242B2DFAC1442F22A4 ] vhdmp C:\Windows\system32\DRIVERS\vhdmp.sys
22:04:31.0590 3484 vhdmp - ok
22:04:31.0606 3484 [ E5689D93FFE4E5D66C0178761240DD54 ] viaide C:\Windows\system32\DRIVERS\viaide.sys
22:04:31.0606 3484 viaide - ok
22:04:31.0606 3484 [ 1501699D7EDA984ABC4155A7DA5738D1 ] vmbus C:\Windows\system32\DRIVERS\vmbus.sys
22:04:31.0606 3484 vmbus - ok
22:04:31.0621 3484 [ AE10C35761889E65A6F7176937C5592C ] VMBusHID C:\Windows\system32\DRIVERS\VMBusHID.sys
22:04:31.0621 3484 VMBusHID - ok
22:04:31.0621 3484 [ 2B1A3DAE2B4E70DBBA822B7A03FBD4A3 ] volmgr C:\Windows\system32\DRIVERS\volmgr.sys
22:04:31.0621 3484 volmgr - ok
22:04:31.0637 3484 [ 99B0CBB569CA79ACAED8C91461D765FB ] volmgrx C:\Windows\system32\drivers\volmgrx.sys
22:04:31.0637 3484 volmgrx - ok
22:04:31.0653 3484 [ 58F82EED8CA24B461441F9C3E4F0BF5C ] volsnap C:\Windows\system32\DRIVERS\volsnap.sys
22:04:31.0653 3484 volsnap - ok
22:04:31.0653 3484 [ 5E2016EA6EBACA03C04FEAC5F330D997 ] vsmraid C:\Windows\system32\DRIVERS\vsmraid.sys
22:04:31.0653 3484 vsmraid - ok
22:04:31.0684 3484 [ 787898BF9FB6D7BD87A36E2D95C899BA ] VSS C:\Windows\system32\vssvc.exe
22:04:31.0699 3484 VSS - ok
22:04:31.0699 3484 [ 36D4720B72B5C5D9CB2B9C29E9DF67A1 ] vwifibus C:\Windows\System32\drivers\vwifibus.sys
22:04:31.0699 3484 vwifibus - ok
22:04:31.0715 3484 [ 1C9D80CC3849B3788048078C26486E1A ] W32Time C:\Windows\system32\w32time.dll
22:04:31.0715 3484 W32Time - ok
22:04:31.0731 3484 [ 4E9440F4F152A7B944CB1663D3935A3E ] WacomPen C:\Windows\system32\DRIVERS\wacompen.sys
22:04:31.0731 3484 WacomPen - ok
22:04:31.0731 3484 [ 47CA49400643EFFD3F1C9A27E1D69324 ] WANARP C:\Windows\system32\DRIVERS\wanarp.sys
22:04:31.0731 3484 WANARP - ok
22:04:31.0746 3484 [ 47CA49400643EFFD3F1C9A27E1D69324 ] Wanarpv6 C:\Windows\system32\DRIVERS\wanarp.sys
22:04:31.0746 3484 Wanarpv6 - ok
22:04:31.0762 3484 [ 5AB1BB85BD8B5089CC5D64200DEDAE68 ] wbengine C:\Windows\system32\wbengine.exe
22:04:31.0777 3484 wbengine - ok
22:04:31.0777 3484 [ 3AA101E8EDAB2DB4131333F4325C76A3 ] WbioSrvc C:\Windows\System32\wbiosrvc.dll
22:04:31.0793 3484 WbioSrvc - ok
22:04:31.0793 3484 [ 8BDA6DB43AA54E8BB5E0794541DDC209 ] WcesComm C:\Windows\WindowsMobile\wcescomm.dll
22:04:31.0793 3484 WcesComm - ok
22:04:31.0809 3484 [ 8321C2CA3B62B61B293CDA3451984468 ] wcncsvc C:\Windows\System32\wcncsvc.dll
22:04:31.0809 3484 wcncsvc - ok
22:04:31.0809 3484 [ 20F7441334B18CEE52027661DF4A6129 ] WcsPlugInService C:\Windows\System32\WcsPlugInService.dll
22:04:31.0824 3484 WcsPlugInService - ok
22:04:31.0824 3484 [ 72889E16FF12BA0F235467D6091B17DC ] Wd C:\Windows\system32\DRIVERS\wd.sys
22:04:31.0824 3484 Wd - ok
22:04:31.0840 3484 [ 441BD2D7B4F98134C3A4F9FA570FD250 ] Wdf01000 C:\Windows\system32\drivers\Wdf01000.sys
22:04:31.0840 3484 Wdf01000 - ok
22:04:31.0840 3484 [ BF1FC3F79B863C914687A737C2F3D681 ] WdiServiceHost C:\Windows\system32\wdi.dll
22:04:31.0840 3484 WdiServiceHost - ok
22:04:31.0855 3484 [ BF1FC3F79B863C914687A737C2F3D681 ] WdiSystemHost C:\Windows\system32\wdi.dll
22:04:31.0855 3484 WdiSystemHost - ok
22:04:31.0855 3484 [ 8A438CBB8C032A0C798B0C642FFBE572 ] WebClient C:\Windows\System32\webclnt.dll
22:04:31.0871 3484 WebClient - ok
22:04:31.0871 3484 [ C749025A679C5103E575E3B48E092C43 ] Wecsvc C:\Windows\system32\wecsvc.dll
22:04:31.0871 3484 Wecsvc - ok
22:04:31.0871 3484 [ 7E591867422DC788B9E5BD337A669A08 ] wercplsupport C:\Windows\System32\wercplsupport.dll
22:04:31.0887 3484 wercplsupport - ok
22:04:31.0887 3484 [ 6D137963730144698CBD10F202E9F251 ] WerSvc C:\Windows\System32\WerSvc.dll
22:04:31.0887 3484 WerSvc - ok
22:04:31.0887 3484 [ 611B23304BF067451A9FDEE01FBDD725 ] WfpLwf C:\Windows\system32\DRIVERS\wfplwf.sys
22:04:31.0887 3484 WfpLwf - ok
22:04:31.0902 3484 [ 05ECAEC3E4529A7153B3136CEB49F0EC ] WIMMount C:\Windows\system32\drivers\wimmount.sys
22:04:31.0902 3484 WIMMount - ok
22:04:31.0902 3484 WinDefend - ok
22:04:31.0902 3484 WinHttpAutoProxySvc - ok
22:04:31.0918 3484 [ 19B07E7E8915D701225DA41CB3877306 ] Winmgmt C:\Windows\system32\wbem\WMIsvc.dll
22:04:31.0918 3484 Winmgmt - ok
22:04:31.0949 3484 [ 41FBB751936B387F9179E7F03A74FE29 ] WinRM C:\Windows\system32\WsmSvc.dll
22:04:31.0965 3484 WinRM - ok
22:04:31.0980 3484 [ 817EAFF5D38674EDD7713B9DFB8E9791 ] WINUSB C:\Windows\system32\DRIVERS\WinUSB.SYS
22:04:31.0980 3484 WINUSB - ok
22:04:31.0996 3484 [ 4FADA86E62F18A1B2F42BA18AE24E6AA ] Wlansvc C:\Windows\System32\wlansvc.dll
22:04:31.0996 3484 Wlansvc - ok
22:04:32.0027 3484 [ 98F138897EF4246381D197CB81846D62 ] wlidsvc c:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
22:04:32.0043 3484 wlidsvc - ok
22:04:32.0058 3484 [ F6FF8944478594D0E414D3F048F0D778 ] WmiAcpi C:\Windows\system32\DRIVERS\wmiacpi.sys
22:04:32.0058 3484 WmiAcpi - ok
22:04:32.0058 3484 [ 38B84C94C5A8AF291ADFEA478AE54F93 ] wmiApSrv C:\Windows\system32\wbem\WmiApSrv.exe
22:04:32.0074 3484 wmiApSrv - ok
22:04:32.0074 3484 WMPNetworkSvc - ok
22:04:32.0074 3484 [ 96C6E7100D724C69FCF9E7BF590D1DCA ] WPCSvc C:\Windows\System32\wpcsvc.dll
22:04:32.0074 3484 WPCSvc - ok
22:04:32.0089 3484 [ 2E57DDF2880A7E52E76F41C7E96D327B ] WPDBusEnum C:\Windows\system32\wpdbusenum.dll
22:04:32.0089 3484 WPDBusEnum - ok
22:04:32.0089 3484 [ 6BCC1D7D2FD2453957C5479A32364E52 ] ws2ifsl C:\Windows\system32\drivers\ws2ifsl.sys
22:04:32.0089 3484 ws2ifsl - ok
22:04:32.0105 3484 [ E8B1FE6669397D1772D8196DF0E57A9E ] wscsvc C:\Windows\system32\wscsvc.dll
22:04:32.0105 3484 wscsvc - ok
22:04:32.0105 3484 WSearch - ok
22:04:32.0136 3484 [ D9EF901DCA379CFE914E9FA13B73B4C4 ] wuauserv C:\Windows\system32\wuaueng.dll
22:04:32.0152 3484 wuauserv - ok
22:04:32.0167 3484 [ 7CADC74271DD6461C452C271B30BD378 ] WudfPf C:\Windows\system32\drivers\WudfPf.sys
22:04:32.0167 3484 WudfPf - ok
22:04:32.0167 3484 [ 3B197AF0FFF08AA66B6B2241CA538D64 ] WUDFRd C:\Windows\system32\DRIVERS\WUDFRd.sys
22:04:32.0167 3484 WUDFRd - ok
22:04:32.0183 3484 [ B551D6637AA0E132C18AC6E504F7B79B ] wudfsvc C:\Windows\System32\WUDFSvc.dll
22:04:32.0183 3484 wudfsvc - ok
22:04:32.0183 3484 [ 9A3452B3C2A46C073166C5CF49FAD1AE ] WwanSvc C:\Windows\System32\wwansvc.dll
22:04:32.0199 3484 WwanSvc - ok
22:04:32.0199 3484 ================ Scan global ===============================
22:04:32.0199 3484 [ BA0CD8C393E8C9F83354106093832C7B ] C:\Windows\system32\basesrv.dll
22:04:32.0214 3484 [ 0CB6EBF4B461A6043353C570BD72A1E1 ] C:\Windows\system32\winsrv.dll
22:04:32.0214 3484 [ 0CB6EBF4B461A6043353C570BD72A1E1 ] C:\Windows\system32\winsrv.dll
22:04:32.0230 3484 [ D6160F9D869BA3AF0B787F971DB56368 ] C:\Windows\system32\sxssrv.dll
22:04:32.0230 3484 [ 24ACB7E5BE595468E3B9AA488B9B4FCB ] C:\Windows\system32\services.exe
22:04:32.0230 3484 [Global] - ok
22:04:32.0230 3484 ================ Scan MBR ==================================
22:04:32.0245 3484 [ A36C5E4F47E84449FF07ED3517B43A31 ] \Device\Harddisk0\DR0
22:04:32.0293 3484 \Device\Harddisk0\DR0 - ok
22:04:32.0293 3484 ================ Scan VBR ==================================
22:04:32.0296 3484 [ 3088BDEB626D694C9A9A1FA792FABE14 ] \Device\Harddisk0\DR0\Partition1
22:04:32.0297 3484 \Device\Harddisk0\DR0\Partition1 - ok
22:04:32.0301 3484 [ C5577D56C623E59DE6635CD48BC207F0 ] \Device\Harddisk0\DR0\Partition2
22:04:32.0303 3484 \Device\Harddisk0\DR0\Partition2 - ok
22:04:32.0304 3484 ============================================================
22:04:32.0304 3484 Scan finished
22:04:32.0304 3484 ============================================================
22:04:32.0314 2368 Detected object count: 0
22:04:32.0314 2368 Actual detected object count: 0
22:05:56.0341 4924 Deinitialize success
aswMBR version 0.9.9.1707 Copyright© 2011 AVAST Software
Run date: 2012-11-08 22:06:25
-----------------------------
22:06:25.503 OS Version: Windows x64 6.1.7600
22:06:25.503 Number of processors: 4 586 0x170A
22:06:25.503 ComputerName: CONNIE01 UserName: Connie
22:06:25.752 Initialize success
22:13:00.014 AVAST engine defs: 12110801
22:13:06.637 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP3T0L0-3
22:13:06.653 Disk 0 Vendor: M4-CT128M4SSD1 000F Size: 122104MB BusType: 3
22:13:06.653 Disk 0 MBR read successfully
22:13:06.653 Disk 0 MBR scan
22:13:06.653 Disk 0 Windows 7 default MBR code
22:13:06.653 Disk 0 Partition 1 80 (A) 07 HPFS/NTFS NTFS 100 MB offset 2048
22:13:06.668 Disk 0 Partition 2 00 07 HPFS/NTFS NTFS 122002 MB offset 208896
22:13:06.668 Disk 0 scanning C:\Windows\system32\drivers
22:13:09.386 Service scanning
22:13:16.181 Modules scanning
22:13:16.181 Disk 0 trace - called modules:
22:13:16.181 ntoskrnl.exe CLASSPNP.SYS disk.sys ataport.SYS pciide.sys PCIIDEX.SYS hal.dll atapi.sys
22:13:16.197 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0xfffffa8007d03060]
22:13:16.197 3 CLASSPNP.SYS[fffff8800140143f] -> nt!IofCallDriver -> \Device\Ide\IdeDeviceP3T0L0-3[0xfffffa8007697680]
22:13:16.588 AVAST engine scan C:\Windows
22:13:17.244 AVAST engine scan C:\Windows\system32
22:14:39.552 AVAST engine scan C:\Windows\system32\drivers
22:14:42.676 AVAST engine scan C:\Users\connie
22:14:57.922 AVAST engine scan C:\ProgramData
22:15:09.763 Scan finished successfully
22:15:41.599 Disk 0 MBR has been saved successfully to "\\SBS2008\RedirectedFolders\connie\Desktop\MBR.dat"
22:15:41.615 The log file has been saved successfully to "\\SBS2008\RedirectedFolders\connie\Desktop\aswMBR.txt"
No Problems!
-
ComboFix 12-11-08.01 - Connie 11/08/2012 21:39:01.1.4 - x64
Microsoft Windows 7 Professional 6.1.7600.0.1252.1.1033.18.8090.6558 [GMT -6:00]
Running from: \\SBS2008\RedirectedFolders\connie\Desktop\ComboFix.exe
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
* Created a new restore point
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\users\connie\AppData\Local\Microsoft\Windows\Temporary Internet Files\1144AccountantCenter.html
c:\users\connie\AppData\Local\Microsoft\Windows\Temporary Internet Files\1292AccountantCenter.html
c:\users\connie\AppData\Local\Microsoft\Windows\Temporary Internet Files\1312AccountantCenter.html
c:\users\connie\AppData\Local\Microsoft\Windows\Temporary Internet Files\1548AccountantCenter.html
c:\users\connie\AppData\Local\Microsoft\Windows\Temporary Internet Files\2728AccountantCenter.html
c:\users\connie\AppData\Local\Microsoft\Windows\Temporary Internet Files\2888AccountantCenter.html
c:\users\connie\AppData\Local\Microsoft\Windows\Temporary Internet Files\3056AccountantCenter.html
c:\users\connie\AppData\Local\Microsoft\Windows\Temporary Internet Files\3776AccountantCenter.html
c:\users\connie\AppData\Local\Microsoft\Windows\Temporary Internet Files\4184AccountantCenter.html
c:\users\connie\AppData\Local\Microsoft\Windows\Temporary Internet Files\4332AccountantCenter.html
c:\users\connie\AppData\Local\Microsoft\Windows\Temporary Internet Files\4612AccountantCenter.html
c:\users\connie\AppData\Local\Microsoft\Windows\Temporary Internet Files\4956AccountantCenter.html
c:\users\connie\AppData\Local\Microsoft\Windows\Temporary Internet Files\4960AccountantCenter.html
c:\users\connie\AppData\Local\Microsoft\Windows\Temporary Internet Files\5032AccountantCenter.html
c:\users\connie\AppData\Local\Microsoft\Windows\Temporary Internet Files\5132AccountantCenter.html
c:\users\connie\AppData\Local\Microsoft\Windows\Temporary Internet Files\5708AccountantCenter.html
c:\users\connie\AppData\Local\Microsoft\Windows\Temporary Internet Files\5732AccountantCenter.html
c:\users\connie\AppData\Local\Microsoft\Windows\Temporary Internet Files\5968AccountantCenter.html
c:\users\connie\AppData\Local\Microsoft\Windows\Temporary Internet Files\6120AccountantCenter.html
c:\users\connie\AppData\Local\Microsoft\Windows\Temporary Internet Files\6696AccountantCenter.html
c:\users\connie\AppData\Local\Microsoft\Windows\Temporary Internet Files\6844AccountantCenter.html
c:\users\connie\AppData\Local\Microsoft\Windows\Temporary Internet Files\6944AccountantCenter.html
c:\users\connie\AppData\Local\Microsoft\Windows\Temporary Internet Files\6956AccountantCenter.html
c:\users\connie\AppData\Local\Microsoft\Windows\Temporary Internet Files\8008AccountantCenter.html
c:\users\connie\AppData\Local\Microsoft\Windows\Temporary Internet Files\920AccountantCenter.html
c:\users\connie\AppData\Local\Microsoft\Windows\Temporary Internet Files\ac.js
c:\users\connie\AppData\Local\Microsoft\Windows\Temporary Internet Files\close_pop.png
c:\users\connie\AppData\Local\Microsoft\Windows\Temporary Internet Files\jquery.corner.js
c:\users\connie\AppData\Local\Microsoft\Windows\Temporary Internet Files\jquery.min.js
c:\users\connie\AppData\Local\Microsoft\Windows\Temporary Internet Files\mootools.svn.js
c:\users\connie\AppData\Local\Microsoft\Windows\Temporary Internet Files\pffcenter.html
c:\users\connie\AppData\Local\Microsoft\Windows\Temporary Internet Files\pffCenter.js
c:\users\connie\AppData\Local\Microsoft\Windows\Temporary Internet Files\reviewDialog.html
c:\users\connie\AppData\Local\Microsoft\Windows\Temporary Internet Files\reviewNotesPopUp.html
c:\users\connie\AppData\Local\Microsoft\Windows\Temporary Internet Files\taskNotesDialog.html
c:\users\connie\B5C33383.tmp
c:\users\connie\biworeamimno.exe
c:\users\connie\g2mdlhlpx.exe
.
.
((((((((((((((((((((((((( Files Created from 2012-10-09 to 2012-11-09 )))))))))))))))))))))))))))))))
.
.
2012-11-09 03:42 . 2012-11-09 03:42 -------- d-----w- c:\users\test\AppData\Local\temp
2012-11-09 03:42 . 2012-11-09 03:42 -------- d-----w- c:\users\QBDataServiceUser22\AppData\Local\temp
2012-11-09 03:42 . 2012-11-09 03:42 -------- d-----w- c:\users\QBDataServiceUser21\AppData\Local\temp
2012-11-09 03:42 . 2012-11-09 03:42 -------- d-----w- c:\users\QBDataServiceUser20\AppData\Local\temp
2012-11-09 03:42 . 2012-11-09 03:42 -------- d-----w- c:\users\Matt\AppData\Local\temp
2012-11-09 03:42 . 2012-11-09 03:42 -------- d-----w- c:\users\Default\AppData\Local\temp
2012-11-09 03:42 . 2012-11-09 03:42 -------- d-----w- c:\users\bruun2\AppData\Local\temp
2012-11-09 03:42 . 2012-11-09 03:42 -------- d-----w- c:\users\badmin\AppData\Local\temp
2012-11-09 02:19 . 2012-11-09 02:19 -------- d-----w- c:\users\badmin\AppData\Local\Intuit
2012-11-08 21:43 . 2012-11-08 21:40 689190 ----a-w- C:\dds.scr
2012-11-08 17:44 . 2012-11-08 17:44 -------- d-----w- c:\users\connie\AppData\Roaming\Malwarebytes
2012-11-08 17:44 . 2012-11-08 17:44 -------- d-----w- c:\programdata\Malwarebytes
2012-11-08 17:44 . 2012-11-08 17:44 -------- d-----w- c:\program files (x86)\Malwarebytes' Anti-Malware
2012-11-08 17:44 . 2012-09-30 01:54 25928 ----a-w- c:\windows\system32\drivers\mbam.sys
2012-11-06 08:41 . 2012-10-12 07:19 9291768 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{D21448E0-4C24-43D8-94C8-937A998262BF}\mpengine.dll
2012-11-03 02:02 . 2001-07-30 15:40 44032 ----a-w- c:\windows\SysWow64\temp.051
2012-11-03 02:02 . 2000-05-27 05:00 1388544 ----a-w- c:\windows\SysWow64\temp.052
2012-11-03 02:02 . 1998-05-31 05:00 22288 ----a-w- c:\windows\SysWow64\temp.053
2012-11-03 02:02 . 2001-07-30 15:42 1118720 ----a-w- c:\windows\SysWow64\temp.050
2012-11-03 02:02 . 2001-11-15 22:14 295000 ----a-w- c:\windows\SysWow64\temp.04E
2012-11-03 02:02 . 2001-11-15 22:14 995383 ----a-w- c:\windows\SysWow64\temp.04F
2012-11-03 02:02 . 1998-06-17 17:52 401462 ----a-w- c:\windows\SysWow64\temp.04D
2012-10-26 07:07 . 2012-06-02 22:19 44056 ----a-w- c:\windows\system32\wups2.dll
2012-10-26 07:07 . 2012-06-02 22:19 2428952 ----a-w- c:\windows\system32\wuaueng.dll
2012-10-26 07:07 . 2012-06-02 22:19 57880 ----a-w- c:\windows\system32\wuauclt.exe
2012-10-26 07:07 . 2012-06-02 22:15 2622464 ----a-w- c:\windows\system32\wucltux.dll
2012-10-26 07:06 . 2012-06-02 22:19 38424 ----a-w- c:\windows\system32\wups.dll
2012-10-26 07:06 . 2012-06-02 22:19 701976 ----a-w- c:\windows\system32\wuapi.dll
2012-10-26 07:06 . 2012-06-02 22:15 99840 ----a-w- c:\windows\system32\wudriver.dll
2012-10-26 07:06 . 2012-06-02 20:19 186752 ----a-w- c:\windows\system32\wuwebv.dll
2012-10-26 07:06 . 2012-06-02 20:15 36864 ----a-w- c:\windows\system32\wuapp.exe
2012-10-11 08:02 . 2012-08-30 18:11 5505904 ----a-w- c:\windows\system32\ntoskrnl.exe
2012-10-11 08:02 . 2012-08-30 17:18 3958128 ----a-w- c:\windows\SysWow64\ntkrnlpa.exe
2012-10-11 08:02 . 2012-08-30 17:18 3902832 ----a-w- c:\windows\SysWow64\ntoskrnl.exe
2012-10-11 08:01 . 2012-08-24 18:05 220160 ----a-w- c:\windows\system32\wintrust.dll
2012-10-11 08:01 . 2012-08-24 17:10 172544 ----a-w- c:\windows\SysWow64\wintrust.dll
2012-10-11 08:01 . 2012-08-11 00:53 714752 ----a-w- c:\windows\system32\kerberos.dll
2012-10-11 08:01 . 2012-08-10 23:54 541184 ----a-w- c:\windows\SysWow64\kerberos.dll
2012-10-11 08:00 . 2012-06-02 05:25 182272 ----a-w- c:\windows\system32\cryptsvc.dll
2012-10-11 08:00 . 2012-06-02 05:25 1462784 ----a-w- c:\windows\system32\crypt32.dll
2012-10-11 08:00 . 2012-06-02 05:25 140288 ----a-w- c:\windows\system32\cryptnet.dll
2012-10-11 08:00 . 2012-06-02 04:45 139264 ----a-w- c:\windows\SysWow64\cryptsvc.dll
2012-10-11 08:00 . 2012-06-02 04:45 1157632 ----a-w- c:\windows\SysWow64\crypt32.dll
2012-10-11 08:00 . 2012-06-02 04:45 103936 ----a-w- c:\windows\SysWow64\cryptnet.dll
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-10-09 06:15 . 2012-08-29 14:17 696760 ----a-w- c:\windows\SysWow64\FlashPlayerApp.exe
2012-10-09 06:15 . 2012-02-29 16:29 73656 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl
2012-08-24 18:05 . 2012-09-23 08:00 1197568 ----a-w- c:\windows\system32\wininet.dll
2012-08-24 18:05 . 2012-09-23 08:00 134144 ----a-w- c:\windows\system32\url.dll
2012-08-24 18:05 . 2012-09-23 08:00 1501696 ----a-w- c:\windows\system32\urlmon.dll
2012-08-24 18:03 . 2012-09-23 08:00 1026560 ----a-w- c:\windows\system32\mstime.dll
2012-08-24 18:02 . 2012-09-23 08:00 97792 ----a-w- c:\windows\system32\mshtmled.dll
2012-08-24 18:02 . 2012-09-23 08:00 9375744 ----a-w- c:\windows\system32\mshtml.dll
2012-08-24 18:02 . 2012-09-23 08:00 736256 ----a-w- c:\windows\system32\msfeeds.dll
2012-08-24 18:02 . 2012-09-23 08:00 82944 ----a-w- c:\windows\system32\msfeedsbs.dll
2012-08-24 18:02 . 2012-09-23 08:00 57856 ----a-w- c:\windows\system32\licmgr10.dll
2012-08-24 18:02 . 2012-09-23 08:00 64512 ----a-w- c:\windows\system32\jsproxy.dll
2012-08-24 18:01 . 2012-09-23 08:00 247808 ----a-w- c:\windows\system32\ieui.dll
2012-08-24 18:01 . 2012-09-23 08:00 2458624 ----a-w- c:\windows\system32\iertutil.dll
2012-08-24 18:01 . 2012-09-23 08:00 256000 ----a-w- c:\windows\system32\iepeers.dll
2012-08-24 18:01 . 2012-09-23 08:00 12404736 ----a-w- c:\windows\system32\ieframe.dll
2012-08-24 18:01 . 2012-09-23 08:00 445952 ----a-w- c:\windows\system32\iedkcs32.dll
2012-08-24 17:59 . 2012-09-23 08:00 12288 ----a-w- c:\windows\system32\msfeedssync.exe
2012-08-24 17:10 . 2012-09-23 08:00 981504 ----a-w- c:\windows\SysWow64\wininet.dll
2012-08-24 17:08 . 2012-09-23 08:00 44544 ----a-w- c:\windows\SysWow64\licmgr10.dll
2012-08-24 16:45 . 2012-09-23 08:00 482816 ----a-w- c:\windows\system32\html.iec
2012-08-24 16:02 . 2012-09-23 08:00 1638912 ----a-w- c:\windows\system32\mshtml.tlb
2012-08-24 16:01 . 2012-09-23 08:00 386048 ----a-w- c:\windows\SysWow64\html.iec
2012-08-24 15:27 . 2012-09-23 08:00 1638912 ----a-w- c:\windows\SysWow64\mshtml.tlb
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"RoboForm"="c:\program files (x86)\Siber Systems\AI RoboForm\RoboTaskBarIcon.exe" [2009-12-31 160592]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"GrooveMonitor"="c:\program files (x86)\Microsoft Office\Office12\GrooveMonitor.exe" [2008-10-25 31072]
"SoundMAXPnP"="c:\program files (x86)\Analog Devices\Core\smax4pnp.exe" [2008-06-24 1310720]
"Intuit SyncManager"="c:\program files (x86)\Common Files\Intuit\Sync\IntuitSyncManager.exe" [2011-09-30 2215768]
"MSN Toolbar"="c:\program files (x86)\MSN Toolbar\Platform\4.0.0401.0\mswinext.exe" [2010-02-12 240992]
"Microsoft Default Manager"="c:\program files (x86)\Microsoft\Search Enhancement Pack\Default Manager\DefMgr.exe" [2009-07-17 288080]
"SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe" [2011-04-08 254696]
"Adobe Reader Speed Launcher"="c:\program files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2012-01-04 37296]
"Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2012-01-02 843712]
.
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
CS Connect Background Services.lnk - \\sbs2008\share1\WinCSI\Tools\ConnectBGDL.exe [2009-12-29 1943544]
Intuit Data Protect.lnk - c:\program files (x86)\Common Files\Intuit\DataProtect\IntuitDataProtect.exe [2011-11-2 5927768]
QuickBooks Update Agent.lnk - c:\program files (x86)\Common Files\Intuit\QuickBooks\QBUpdate\qbupdate.exe [2011-11-2 1175912]
QuickBooks_Standard_21.lnk - c:\program files (x86)\Intuit\QuickBooks 2012\QBW32.EXE [2011-11-2 1178984]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
"EnableLinkedConnections"= 1 (0x1)
"SoftwareSASGeneration"= 3 (0x3)
.
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]
R2 CSAPrintService;Creative Solutions Accounting Print Service;c:\windows\csasvc.exe [2009-10-23 118784]
R2 MBAMService;MBAMService;c:\program files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [2012-09-30 676936]
R3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [2012-09-30 25928]
R4 QuickBooksDB19;QuickBooksDB19;c:\progra~2\Intuit\QUICKB~2\QBDBMgrN.exe [2009-10-01 131072]
R4 QuickBooksDB20;QuickBooksDB20;c:\progra~2\Intuit\QUICKB~1\QBDBMgrN.exe [2009-08-18 678912]
R4 QuickBooksDB21;QuickBooksDB21;c:\progra~2\Intuit\QUICKB~3\QBDBMgrN.exe [2010-04-28 679936]
R4 QuickBooksDB22;QuickBooksDB22;c:\progra~2\Intuit\QUICKB~4\QBDBMgrN.exe [2011-11-02 679936]
S2 MBAMScheduler;MBAMScheduler;c:\program files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe [2012-09-30 399432]
S2 QBVSS;QBIDPService;c:\program files (x86)\Common Files\Intuit\DataProtect\QBIDPService.exe [2011-11-02 1248256]
S3 e1kexpress;Intel® PRO/1000 PCI Express Network Connection Driver K;c:\windows\system32\DRIVERS\e1k60x64.sys [2009-06-10 220672]
.
.
--- Other Services/Drivers In Memory ---
.
*Deregistered* - TmFilter
*Deregistered* - tmlwf
*Deregistered* - tmwfp
*Deregistered* - VSApiNt
.
Contents of the 'Scheduled Tasks' folder
.
2012-11-09 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-08-29 06:15]
.
.
--------- X64 Entries -----------
.
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Windows Mobile Device Center"="c:\windows\WindowsMobile\wmdc.exe" [2007-05-31 660360]
.
------- Supplementary Scan -------
.
uLocal Page = c:\windows\system32\blank.htm
uStart Page = hxxp://www.google.com/
mLocal Page = c:\windows\SysWOW64\blank.htm
IE: Customize Menu - file://c:\program files (x86)\Siber Systems\AI RoboForm\RoboFormComCustomizeIEMenu.html
IE: E&xport to Microsoft Excel - c:\progra~2\MICROS~1\Office12\EXCEL.EXE/3000
IE: Fill Forms - file://c:\program files (x86)\Siber Systems\AI RoboForm\RoboFormComFillForms.html
IE: RoboForm Toolbar - file://c:\program files (x86)\Siber Systems\AI RoboForm\RoboFormComShowToolbar.html
IE: Save Forms - file://c:\program files (x86)\Siber Systems\AI RoboForm\RoboFormComSavePass.html
Trusted Zone: netteller.com\www2
TCP: DhcpNameServer = 10.0.10.11 204.130.255.3 64.122.32.71
Handler: intu-help-qb5 - {867FCB77-9823-4cd6-8210-D85F968D466F} - c:\program files (x86)\Intuit\QuickBooks 2012\HelpAsyncPluggableProtocol.dll
.
- - - - ORPHANS REMOVED - - - -
.
Wow6432Node-HKCU-Run-Regedit32 - c:\windows\system32\regedit.exe
.
.
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_11_4_402_287_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
@="c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_11_4_402_287_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="IFlashBroker5"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_4_402_287_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_4_402_287_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_4_402_287.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.11"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_4_402_287.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_4_402_287.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_4_402_287.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="IFlashBroker5"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Office\Common\Smart Tag\Actions\{B9A09F18-45AB-4F09-A117-A4ADDA8FA8C8}]
@Denied: (A) (Everyone)
"Solution"="{36eb6792-3a29-43b3-8cd0-f67d266fb426}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Schema Library\ActionsPane]
@Denied: (A) (Everyone)
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Schema Library\ActionsPane\0]
"Key"="ActionsPane"
"Location"="c:\\Program Files (x86)\\Common Files\\Microsoft Shared\\VSTO\\8.0\\ActionsPane.xsd"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows CE Services]
"SymbolicLinkValue"=hex(6):5c,00,72,00,65,00,67,00,69,00,73,00,74,00,72,00,79,
00,5c,00,4d,00,41,00,43,00,48,00,49,00,4e,00,45,00,5c,00,53,00,4f,00,46,00,\
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
Completion time: 2012-11-08 21:45:05
ComboFix-quarantined-files.txt 2012-11-09 03:45
.
Pre-Run: 64,358,494,208 bytes free
Post-Run: 65,944,338,432 bytes free
.
- - End Of File - - 2EC9B69ED1B555E986386590BABA5920
I Did not have any problems running any of the programs you recommended.
The computer seems to be running fine
-
Results of screen317's Security Check version 0.99.54
Windows 7 x64 (UAC is enabled)
Internet Explorer 8 Out of date!
``````````````Antivirus/Firewall Check:``````````````
Windows Firewall Enabled!
Trend Micro Client/Server Security Agent Antivirus
Antivirus up to date!
`````````Anti-malware/Other Utilities Check:`````````
Malwarebytes Anti-Malware version 1.65.1.1000
Java 6 Update 26
Java version out of Date!
Adobe Reader 9 Adobe Reader out of Date!
````````Process Check: objlist.exe by Laurent````````
Malwarebytes Anti-Malware mbamservice.exe
Malwarebytes Anti-Malware mbamgui.exe
Trend Micro OfficeScan Client pccntmon.exe
Malwarebytes' Anti-Malware mbamscheduler.exe
Trend Micro Client Server Security Agent ntrtscan.exe
Trend Micro Client Server Security Agent tmlisten.exe
Trend Micro Client Server Security Agent TmPfw.exe
Trend Micro BM TMBMSRV.exe
Trend Micro Client Server Security Agent CNTAoSMgr.exe
Trend Micro Client Server Security Agent TmProxy.exe
`````````````````System Health check`````````````````
Total Fragmentation on Drive C: 0%
````````````````````End of Log``````````````````````
# AdwCleaner v2.007 - Logfile created 11/08/2012 at 21:01:07
# Updated 06/11/2012 by Xplode
# Operating system : Windows 7 Professional (64 bits)
# User : Connie - CONNIE01
# Boot Mode : Normal
# Running from : \\SBS2008\RedirectedFolders\Connie\Desktop\adwcleaner.exe
# Option [Delete]
***** [services] *****
***** [Files / Folders] *****
***** [Registry] *****
***** [internet Browsers] *****
-\\ Internet Explorer v8.0.7600.16385
[OK] Registry is clean.
*************************
AdwCleaner[s1].txt - [522 octets] - [08/11/2012 21:01:07]
########## EOF - C:\AdwCleaner[s1].txt - [581 octets] ##########
RogueKiller V8.2.3 [11/07/2012] by Tigzy
mail: tigzyRK<at>gmail<dot>com
Feedback: http://www.geekstogo.com/forum/files/file/413-roguekiller/
Website: http://tigzy.geekstogo.com/roguekiller.php
Blog: http://tigzyrk.blogspot.com
Operating System: Windows 7 (6.1.7600 ) 64 bits version
Started in : Normal mode
User : Connie [Admin rights]
Mode : Scan -- Date : 11/08/2012 21:05:13
¤¤¤ Bad processes : 4 ¤¤¤
[sUSP PATH] csasvc.exe -- C:\Windows\csasvc.exe -> KILLED [TermProc]
[sUSP PATH] csifcsvc.exe -- C:\Windows\csifcsvc.exe -> KILLED [TermProc]
[sUSP PATH] biworeamimno.exe -- C:\Users\connie\biworeamimno.exe -> KILLED [TermProc]
[sVCHOST] svchost.exe -- C:\Windows\SysWOW64\svchost.exe -> KILLED [TermProc]
¤¤¤ Registry Entries : 7 ¤¤¤
[RUN][sUSP PATH] HKCU\[...]\Run : biworeamimno (C:\Users\connie\biworeamimno.exe) -> FOUND
[RUN][sUSP PATH] HKUS\S-1-5-21-4032088075-2222977693-1530169045-1146[...]\Run : biworeamimno (C:\Users\connie\biworeamimno.exe) -> FOUND
[RUN][ROGUE ST] HKLM\[...]\Wow6432Node\Run : QuickBooksDB20 (C:\PROGRA~2\Intuit\QUICKB~1\QBDBMgrN.exe -n QB_CONNIE01_20 -qs -gd ALL -gk all -gp 4096 -gu all -ch 256M -c 128M -x tcpip(BroadcastListener=NO;port=55338) -ti 0 -ec simple -qi -qw -tl 120 -oe C:\PROGRA~3\Intuit\QUICKB~2\DBSTAR~1.LOG -y) -> FOUND
[RUN][ROGUE ST] HKLM\[...]\Wow6432Node\Run : QuickBooksDB19 (C:\PROGRA~2\Intuit\QUICKB~2\QBDBMgrN.exe -n QB_CONNIE01_19 -qs -gd ALL -gk all -gp 4096 -gu all -ch 128M -c 64M -x tcpip(BroadcastListener=NO;port=55333) -ti 0 -ec simple -qi -qw -tl 120 -oe C:\PROGRA~3\Intuit\QUICKB~2\DBSTAR~1.LOG -y) -> FOUND
[HJ SMENU] HKCU\[...]\Advanced : Start_ShowMyGames (0) -> FOUND
[HJ DESK] HKLM\[...]\NewStartPanel : {59031a47-3f72-44a7-89c5-5595fe6b30ee} (1) -> FOUND
[HJ DESK] HKLM\[...]\NewStartPanel : {20D04FE0-3AEA-1069-A2D8-08002B30309D} (1) -> FOUND
¤¤¤ Particular Files / Folders: ¤¤¤
¤¤¤ Driver : [NOT LOADED] ¤¤¤
¤¤¤ HOSTS File: ¤¤¤
--> C:\Windows\system32\drivers\etc\hosts
¤¤¤ MBR Check: ¤¤¤
+++++ PhysicalDrive0: M4-CT128M4SSD1 ATA Device +++++
--- User ---
[MBR] aef347ea88a45ebbdb21c234ed8e332c
[bSP] 75c35abb5423f4743a829bbcd6cdfa23 : Windows 7/8 MBR Code
Partition table:
0 - [ACTIVE] NTFS (0x07) [VISIBLE] Offset (sectors): 2048 | Size: 100 Mo
1 - [XXXXXX] NTFS (0x07) [VISIBLE] Offset (sectors): 208896 | Size: 122002 Mo
User = LL1 ... OK!
User = LL2 ... OK!
Finished : << RKreport[1]_S_11082012_02d2105.txt >>
RKreport[1]_S_11082012_02d2105.txt
-
I ran antimalware and it removed trojans but still getting messages that the program is blocking attempts to access potentially malicious IP's
I can send MBAM logs if you need them
-
SOLVED - I ran rkill and was able to run the DDS
-
I want to create a log to send for an infected PC. What do I try if I cant run the DDS application that I downloaded?
HELP! dds & attach attached
in Resolved Malware Removal Logs
Posted
It's done and no threats were found!!!