Jump to content

stayley

Honorary Members
  • Posts

    42
  • Joined

  • Last visited

Everything posted by stayley

  1. I deleted the files that were in quarantine with ESET. However there was one virus that it could not delete. don't know what to do about this.
  2. 08:46:13.0362 3408 TDSS rootkit removing tool 2.8.15.0 Oct 31 2012 21:47:35 08:46:13.0698 3408 ============================================================ 08:46:13.0698 3408 Current date / time: 2012/12/03 08:46:13.0698 08:46:13.0698 3408 SystemInfo: 08:46:13.0698 3408 08:46:13.0698 3408 OS Version: 6.1.7601 ServicePack: 1.0 08:46:13.0698 3408 Product type: Workstation 08:46:13.0698 3408 ComputerName: GATEWAYWORK 08:46:13.0698 3408 UserName: Stephen 08:46:13.0698 3408 Windows directory: C:\Windows 08:46:13.0698 3408 System windows directory: C:\Windows 08:46:13.0698 3408 Running under WOW64 08:46:13.0698 3408 Processor architecture: Intel x64 08:46:13.0698 3408 Number of processors: 4 08:46:13.0698 3408 Page size: 0x1000 08:46:13.0698 3408 Boot type: Normal boot 08:46:13.0698 3408 ============================================================ 08:46:14.0824 3408 Drive \Device\Harddisk0\DR0 - Size: 0xE8E0DB6000 (931.51 Gb), SectorSize: 0x200, Cylinders: 0x1DB01, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000040 08:46:14.0840 3408 ============================================================ 08:46:14.0840 3408 \Device\Harddisk0\DR0: 08:46:14.0840 3408 MBR partitions: 08:46:14.0840 3408 \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x1C00800, BlocksNum 0x32000 08:46:14.0840 3408 \Device\Harddisk0\DR0\Partition2: MBR, Type 0x7, StartLBA 0x1C32800, BlocksNum 0x72AD3800 08:46:14.0840 3408 ============================================================ 08:46:14.0857 3408 C: <-> \Device\Harddisk0\DR0\Partition2 08:46:14.0857 3408 ============================================================ 08:46:14.0857 3408 Initialize success 08:46:14.0857 3408 ============================================================ 08:47:25.0010 6140 ============================================================ 08:47:25.0010 6140 Scan started 08:47:25.0010 6140 Mode: Manual; 08:47:25.0010 6140 ============================================================ 08:47:25.0225 6140 ================ Scan system memory ======================== 08:47:25.0225 6140 System memory - ok 08:47:25.0225 6140 ================ Scan services ============================= 08:47:25.0367 6140 [ A87D604AEA360176311474C87A63BB88 ] 1394ohci C:\Windows\system32\drivers\1394ohci.sys 08:47:25.0370 6140 1394ohci - ok 08:47:25.0381 6140 [ D81D9E70B8A6DD14D42D7B4EFA65D5F2 ] ACPI C:\Windows\system32\drivers\ACPI.sys 08:47:25.0383 6140 ACPI - ok 08:47:25.0409 6140 [ 99F8E788246D495CE3794D7E7821D2CA ] AcpiPmi C:\Windows\system32\drivers\acpipmi.sys 08:47:25.0411 6140 AcpiPmi - ok 08:47:25.0486 6140 [ D19C4EE2AC7C47B8F5F84FFF1A789D8A ] AdobeARMservice C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe 08:47:25.0488 6140 AdobeARMservice - ok 08:47:25.0563 6140 [ 0CB0AA071C7B86A64F361DCFDF357329 ] AdobeFlashPlayerUpdateSvc C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe 08:47:25.0563 6140 AdobeFlashPlayerUpdateSvc - ok 08:47:25.0583 6140 [ 2F6B34B83843F0C5118B63AC634F5BF4 ] adp94xx C:\Windows\system32\drivers\adp94xx.sys 08:47:25.0588 6140 adp94xx - ok 08:47:25.0608 6140 [ 597F78224EE9224EA1A13D6350CED962 ] adpahci C:\Windows\system32\drivers\adpahci.sys 08:47:25.0613 6140 adpahci - ok 08:47:25.0628 6140 [ E109549C90F62FB570B9540C4B148E54 ] adpu320 C:\Windows\system32\drivers\adpu320.sys 08:47:25.0633 6140 adpu320 - ok 08:47:25.0643 6140 [ 4B78B431F225FD8624C5655CB1DE7B61 ] AeLookupSvc C:\Windows\System32\aelupsvc.dll 08:47:25.0648 6140 AeLookupSvc - ok 08:47:25.0667 6140 [ 1C7857B62DE5994A75B054A9FD4C3825 ] AFD C:\Windows\system32\drivers\afd.sys 08:47:25.0671 6140 AFD - ok 08:47:25.0721 6140 [ 8492D198CA7B91202816A23F7230D11B ] Agent C:\Windows\VPDAgent_x64.exe 08:47:25.0722 6140 Agent - ok 08:47:25.0734 6140 [ 608C14DBA7299D8CB6ED035A68A15799 ] agp440 C:\Windows\system32\drivers\agp440.sys 08:47:25.0736 6140 agp440 - ok 08:47:25.0751 6140 [ 3290D6946B5E30E70414990574883DDB ] ALG C:\Windows\System32\alg.exe 08:47:25.0753 6140 ALG - ok 08:47:25.0768 6140 [ 5812713A477A3AD7363C7438CA2EE038 ] aliide C:\Windows\system32\drivers\aliide.sys 08:47:25.0770 6140 aliide - ok 08:47:25.0778 6140 [ 1FF8B4431C353CE385C875F194924C0C ] amdide C:\Windows\system32\drivers\amdide.sys 08:47:25.0780 6140 amdide - ok 08:47:25.0791 6140 [ 7024F087CFF1833A806193EF9D22CDA9 ] AmdK8 C:\Windows\system32\drivers\amdk8.sys 08:47:25.0793 6140 AmdK8 - ok 08:47:25.0798 6140 [ 1E56388B3FE0D031C44144EB8C4D6217 ] AmdPPM C:\Windows\system32\drivers\amdppm.sys 08:47:25.0800 6140 AmdPPM - ok 08:47:25.0805 6140 [ D4121AE6D0C0E7E13AA221AA57EF2D49 ] amdsata C:\Windows\system32\drivers\amdsata.sys 08:47:25.0807 6140 amdsata - ok 08:47:25.0819 6140 [ F67F933E79241ED32FF46A4F29B5120B ] amdsbs C:\Windows\system32\drivers\amdsbs.sys 08:47:25.0821 6140 amdsbs - ok 08:47:25.0828 6140 [ 540DAF1CEA6094886D72126FD7C33048 ] amdxata C:\Windows\system32\drivers\amdxata.sys 08:47:25.0828 6140 amdxata - ok 08:47:25.0845 6140 [ 89A69C3F2F319B43379399547526D952 ] AppID C:\Windows\system32\drivers\appid.sys 08:47:25.0847 6140 AppID - ok 08:47:25.0860 6140 [ 0BC381A15355A3982216F7172F545DE1 ] AppIDSvc C:\Windows\System32\appidsvc.dll 08:47:25.0862 6140 AppIDSvc - ok 08:47:25.0892 6140 [ 3977D4A871CA0D4F2ED1E7DB46829731 ] Appinfo C:\Windows\System32\appinfo.dll 08:47:25.0893 6140 Appinfo - ok 08:47:25.0929 6140 [ C484F8CEB1717C540242531DB7845C4E ] arc C:\Windows\system32\drivers\arc.sys 08:47:25.0931 6140 arc - ok 08:47:25.0933 6140 [ 019AF6924AEFE7839F61C830227FE79C ] arcsas C:\Windows\system32\drivers\arcsas.sys 08:47:25.0934 6140 arcsas - ok 08:47:25.0961 6140 [ 769765CE2CC62867468CEA93969B2242 ] AsyncMac C:\Windows\system32\DRIVERS\asyncmac.sys 08:47:25.0967 6140 AsyncMac - ok 08:47:26.0010 6140 [ 02062C0B390B7729EDC9E69C680A6F3C ] atapi C:\Windows\system32\drivers\atapi.sys 08:47:26.0010 6140 atapi - ok 08:47:26.0025 6140 [ F23FEF6D569FCE88671949894A8BECF1 ] AudioEndpointBuilder C:\Windows\System32\Audiosrv.dll 08:47:26.0030 6140 AudioEndpointBuilder - ok 08:47:26.0036 6140 [ F23FEF6D569FCE88671949894A8BECF1 ] AudioSrv C:\Windows\System32\Audiosrv.dll 08:47:26.0039 6140 AudioSrv - ok 08:47:26.0085 6140 [ A6BF31A71B409DFA8CAC83159E1E2AFF ] AxInstSV C:\Windows\System32\AxInstSV.dll 08:47:26.0087 6140 AxInstSV - ok 08:47:26.0103 6140 [ 3E5B191307609F7514148C6832BB0842 ] b06bdrv C:\Windows\system32\drivers\bxvbda.sys 08:47:26.0107 6140 b06bdrv - ok 08:47:26.0136 6140 [ B5ACE6968304A3900EEB1EBFD9622DF2 ] b57nd60a C:\Windows\system32\DRIVERS\b57nd60a.sys 08:47:26.0138 6140 b57nd60a - ok 08:47:26.0175 6140 [ 87F3BCF82A63E900AF896CD930BF7E05 ] BBSvc C:\Program Files (x86)\Microsoft\BingBar\BBSvc.EXE 08:47:26.0177 6140 BBSvc - ok 08:47:26.0203 6140 [ 78779EE07231C658B483B1F38B5088DF ] BBUpdate C:\Program Files (x86)\Microsoft\BingBar\SeaPort.EXE 08:47:26.0204 6140 BBUpdate - ok 08:47:26.0214 6140 [ FDE360167101B4E45A96F939F388AEB0 ] BDESVC C:\Windows\System32\bdesvc.dll 08:47:26.0216 6140 BDESVC - ok 08:47:26.0225 6140 [ 16A47CE2DECC9B099349A5F840654746 ] Beep C:\Windows\system32\drivers\Beep.sys 08:47:26.0227 6140 Beep - ok 08:47:26.0297 6140 [ 82974D6A2FD19445CC5171FC378668A4 ] BFE C:\Windows\System32\bfe.dll 08:47:26.0303 6140 BFE - ok 08:47:26.0341 6140 [ 1EA7969E3271CBC59E1730697DC74682 ] BITS C:\Windows\system32\qmgr.dll 08:47:26.0348 6140 BITS - ok 08:47:26.0353 6140 [ 61583EE3C3A17003C4ACD0475646B4D3 ] blbdrive C:\Windows\system32\drivers\blbdrive.sys 08:47:26.0354 6140 blbdrive - ok 08:47:26.0406 6140 [ 5AB58C337AC65837FE404462AD6265AB ] Bonjour Service C:\Program Files (x86)\Bonjour\mDNSResponder.exe 08:47:26.0408 6140 Bonjour Service - ok 08:47:26.0430 6140 [ 6C02A83164F5CC0A262F4199F0871CF5 ] bowser C:\Windows\system32\DRIVERS\bowser.sys 08:47:26.0432 6140 bowser - ok 08:47:26.0444 6140 [ F09EEE9EDC320B5E1501F749FDE686C8 ] BrFiltLo C:\Windows\system32\drivers\BrFiltLo.sys 08:47:26.0446 6140 BrFiltLo - ok 08:47:26.0453 6140 [ B114D3098E9BDB8BEA8B053685831BE6 ] BrFiltUp C:\Windows\system32\drivers\BrFiltUp.sys 08:47:26.0454 6140 BrFiltUp - ok 08:47:26.0463 6140 [ 5C2F352A4E961D72518261257AAE204B ] BridgeMP C:\Windows\system32\DRIVERS\bridge.sys 08:47:26.0465 6140 BridgeMP - ok 08:47:26.0511 6140 [ 05F5A0D14A2EE1D8255C2AA0E9E8E694 ] Browser C:\Windows\System32\browser.dll 08:47:26.0514 6140 Browser - ok 08:47:26.0527 6140 [ 43BEA8D483BF1870F018E2D02E06A5BD ] Brserid C:\Windows\system32\DRIVERS\BrSerId.sys 08:47:26.0530 6140 Brserid - ok 08:47:26.0541 6140 [ A6ECA2151B08A09CACECA35C07F05B42 ] BrSerWdm C:\Windows\System32\Drivers\BrSerWdm.sys 08:47:26.0543 6140 BrSerWdm - ok 08:47:26.0550 6140 [ B79968002C277E869CF38BD22CD61524 ] BrUsbMdm C:\Windows\System32\Drivers\BrUsbMdm.sys 08:47:26.0552 6140 BrUsbMdm - ok 08:47:26.0566 6140 [ A87528880231C54E75EA7A44943B38BF ] BrUsbSer C:\Windows\system32\DRIVERS\BrUsbSer.sys 08:47:26.0568 6140 BrUsbSer - ok 08:47:26.0576 6140 [ 9DA669F11D1F894AB4EB69BF546A42E8 ] BTHMODEM C:\Windows\system32\drivers\bthmodem.sys 08:47:26.0578 6140 BTHMODEM - ok 08:47:26.0586 6140 [ 95F9C2976059462CBBF227F7AAB10DE9 ] bthserv C:\Windows\system32\bthserv.dll 08:47:26.0587 6140 bthserv - ok 08:47:26.0610 6140 catchme - ok 08:47:26.0643 6140 [ B8BD2BB284668C84865658C77574381A ] cdfs C:\Windows\system32\DRIVERS\cdfs.sys 08:47:26.0645 6140 cdfs - ok 08:47:26.0655 6140 [ F036CE71586E93D94DAB220D7BDF4416 ] cdrom C:\Windows\system32\DRIVERS\cdrom.sys 08:47:26.0656 6140 cdrom - ok 08:47:26.0694 6140 [ F17D1D393BBC69C5322FBFAFACA28C7F ] CertPropSvc C:\Windows\System32\certprop.dll 08:47:26.0697 6140 CertPropSvc - ok 08:47:26.0713 6140 [ D7CD5C4E1B71FA62050515314CFB52CF ] circlass C:\Windows\system32\drivers\circlass.sys 08:47:26.0715 6140 circlass - ok 08:47:26.0732 6140 [ FE1EC06F2253F691FE36217C592A0206 ] CLFS C:\Windows\system32\CLFS.sys 08:47:26.0734 6140 CLFS - ok 08:47:26.0770 6140 [ D88040F816FDA31C3B466F0FA0918F29 ] clr_optimization_v2.0.50727_32 C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe 08:47:26.0781 6140 clr_optimization_v2.0.50727_32 - ok 08:47:26.0807 6140 [ D1CEEA2B47CB998321C579651CE3E4F8 ] clr_optimization_v2.0.50727_64 C:\Windows\Microsoft.NET\Framework64\v2.0.50727\mscorsvw.exe 08:47:26.0810 6140 clr_optimization_v2.0.50727_64 - ok 08:47:26.0836 6140 [ C5A75EB48E2344ABDC162BDA79E16841 ] clr_optimization_v4.0.30319_32 C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe 08:47:26.0853 6140 clr_optimization_v4.0.30319_32 - ok 08:47:26.0880 6140 [ C6F9AF94DCD58122A4D7E89DB6BED29D ] clr_optimization_v4.0.30319_64 C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe 08:47:26.0881 6140 clr_optimization_v4.0.30319_64 - ok 08:47:26.0888 6140 [ 0840155D0BDDF1190F84A663C284BD33 ] CmBatt C:\Windows\system32\drivers\CmBatt.sys 08:47:26.0890 6140 CmBatt - ok 08:47:26.0900 6140 [ E19D3F095812725D88F9001985B94EDD ] cmdide C:\Windows\system32\drivers\cmdide.sys 08:47:26.0902 6140 cmdide - ok 08:47:26.0957 6140 [ 9AC4F97C2D3E93367E2148EA940CD2CD ] CNG C:\Windows\system32\Drivers\cng.sys 08:47:26.0960 6140 CNG - ok 08:47:26.0973 6140 [ 102DE219C3F61415F964C88E9085AD14 ] Compbatt C:\Windows\system32\drivers\compbatt.sys 08:47:26.0975 6140 Compbatt - ok 08:47:26.0992 6140 [ 03EDB043586CCEBA243D689BDDA370A8 ] CompositeBus C:\Windows\system32\drivers\CompositeBus.sys 08:47:26.0994 6140 CompositeBus - ok 08:47:27.0004 6140 COMSysApp - ok 08:47:27.0031 6140 [ 927DA6432AF23ECD82FDB6A7E76CC842 ] cphs C:\Windows\SysWow64\IntelCpHeciSvc.exe 08:47:27.0035 6140 cphs - ok 08:47:27.0044 6140 [ 1C827878A998C18847245FE1F34EE597 ] crcdisk C:\Windows\system32\drivers\crcdisk.sys 08:47:27.0046 6140 crcdisk - ok 08:47:27.0094 6140 [ 9C01375BE382E834CC26D1B7EAF2C4FE ] CryptSvc C:\Windows\system32\cryptsvc.dll 08:47:27.0096 6140 CryptSvc - ok 08:47:27.0152 6140 [ 72794D112CBAFF3BC0C29BF7350D4741 ] cvhsvc C:\Program Files (x86)\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE 08:47:27.0156 6140 cvhsvc - ok 08:47:27.0188 6140 [ 5C627D1B1138676C0A7AB2C2C190D123 ] DcomLaunch C:\Windows\system32\rpcss.dll 08:47:27.0192 6140 DcomLaunch - ok 08:47:27.0216 6140 [ 3CEC7631A84943677AA8FA8EE5B6B43D ] defragsvc C:\Windows\System32\defragsvc.dll 08:47:27.0218 6140 defragsvc - ok 08:47:27.0225 6140 [ 9BB2EF44EAA163B29C4A4587887A0FE4 ] DfsC C:\Windows\system32\Drivers\dfsc.sys 08:47:27.0227 6140 DfsC - ok 08:47:27.0245 6140 [ 105373D52E71D2D1355AD3ACD18259C3 ] dg_ssudbus C:\Windows\system32\DRIVERS\ssudbus.sys 08:47:27.0247 6140 dg_ssudbus - ok 08:47:27.0258 6140 [ 43D808F5D9E1A18E5EEB5EBC83969E4E ] Dhcp C:\Windows\system32\dhcpcore.dll 08:47:27.0261 6140 Dhcp - ok 08:47:27.0266 6140 [ 13096B05847EC78F0977F2C0F79E9AB3 ] discache C:\Windows\system32\drivers\discache.sys 08:47:27.0268 6140 discache - ok 08:47:27.0286 6140 [ 9819EEE8B5EA3784EC4AF3B137A5244C ] Disk C:\Windows\system32\drivers\disk.sys 08:47:27.0288 6140 Disk - ok 08:47:27.0300 6140 [ 16835866AAA693C7D7FCEBA8FFF706E4 ] Dnscache C:\Windows\System32\dnsrslvr.dll 08:47:27.0301 6140 Dnscache - ok 08:47:27.0305 6140 [ B1FB3DDCA0FDF408750D5843591AFBC6 ] dot3svc C:\Windows\System32\dot3svc.dll 08:47:27.0308 6140 dot3svc - ok 08:47:27.0316 6140 [ B26F4F737E8F9DF4F31AF6CF31D05820 ] DPS C:\Windows\system32\dps.dll 08:47:27.0318 6140 DPS - ok 08:47:27.0335 6140 [ 9B19F34400D24DF84C858A421C205754 ] drmkaud C:\Windows\system32\drivers\drmkaud.sys 08:47:27.0336 6140 drmkaud - ok 08:47:27.0355 6140 [ F5BEE30450E18E6B83A5012C100616FD ] DXGKrnl C:\Windows\System32\drivers\dxgkrnl.sys 08:47:27.0359 6140 DXGKrnl - ok 08:47:27.0387 6140 [ 5DB7CEB8FB44ABF01614E33BAD2056E0 ] e1cexpress C:\Windows\system32\DRIVERS\e1c62x64.sys 08:47:27.0388 6140 e1cexpress - ok 08:47:27.0401 6140 [ E2DDA8726DA9CB5B2C4000C9018A9633 ] EapHost C:\Windows\System32\eapsvc.dll 08:47:27.0403 6140 EapHost - ok 08:47:27.0440 6140 [ DC5D737F51BE844D8C82C695EB17372F ] ebdrv C:\Windows\system32\drivers\evbda.sys 08:47:27.0541 6140 ebdrv - ok 08:47:27.0555 6140 [ C118A82CD78818C29AB228366EBF81C3 ] EFS C:\Windows\System32\lsass.exe 08:47:27.0558 6140 EFS - ok 08:47:27.0590 6140 [ C4002B6B41975F057D98C439030CEA07 ] ehRecvr C:\Windows\ehome\ehRecvr.exe 08:47:27.0594 6140 ehRecvr - ok 08:47:27.0610 6140 [ 4705E8EF9934482C5BB488CE28AFC681 ] ehSched C:\Windows\ehome\ehsched.exe 08:47:27.0612 6140 ehSched - ok 08:47:27.0627 6140 [ 0E5DA5369A0FCAEA12456DD852545184 ] elxstor C:\Windows\system32\drivers\elxstor.sys 08:47:27.0631 6140 elxstor - ok 08:47:27.0648 6140 [ 34A3C54752046E79A126E15C51DB409B ] ErrDev C:\Windows\system32\drivers\errdev.sys 08:47:27.0649 6140 ErrDev - ok 08:47:27.0666 6140 [ 4166F82BE4D24938977DD1746BE9B8A0 ] EventSystem C:\Windows\system32\es.dll 08:47:27.0669 6140 EventSystem - ok 08:47:27.0702 6140 [ A510C654EC00C1E9BDD91EEB3A59823B ] exfat C:\Windows\system32\drivers\exfat.sys 08:47:27.0704 6140 exfat - ok 08:47:27.0721 6140 [ 0ADC83218B66A6DB380C330836F3E36D ] fastfat C:\Windows\system32\drivers\fastfat.sys 08:47:27.0723 6140 fastfat - ok 08:47:27.0748 6140 [ DBEFD454F8318A0EF691FDD2EAAB44EB ] Fax C:\Windows\system32\fxssvc.exe 08:47:27.0752 6140 Fax - ok 08:47:27.0762 6140 [ D765D19CD8EF61F650C384F62FAC00AB ] fdc C:\Windows\system32\drivers\fdc.sys 08:47:27.0763 6140 fdc - ok 08:47:27.0778 6140 [ 0438CAB2E03F4FB61455A7956026FE86 ] fdPHost C:\Windows\system32\fdPHost.dll 08:47:27.0779 6140 fdPHost - ok 08:47:27.0790 6140 [ 802496CB59A30349F9A6DD22D6947644 ] FDResPub C:\Windows\system32\fdrespub.dll 08:47:27.0791 6140 FDResPub - ok 08:47:27.0802 6140 [ 655661BE46B5F5F3FD454E2C3095B930 ] FileInfo C:\Windows\system32\drivers\fileinfo.sys 08:47:27.0804 6140 FileInfo - ok 08:47:27.0815 6140 [ 5F671AB5BC87EEA04EC38A6CD5962A47 ] Filetrace C:\Windows\system32\drivers\filetrace.sys 08:47:27.0817 6140 Filetrace - ok 08:47:27.0828 6140 [ C172A0F53008EAEB8EA33FE10E177AF5 ] flpydisk C:\Windows\system32\drivers\flpydisk.sys 08:47:27.0830 6140 flpydisk - ok 08:47:27.0835 6140 [ DA6B67270FD9DB3697B20FCE94950741 ] FltMgr C:\Windows\system32\drivers\fltmgr.sys 08:47:27.0837 6140 FltMgr - ok 08:47:27.0858 6140 [ 5C4CB4086FB83115B153E47ADD961A0C ] FontCache C:\Windows\system32\FntCache.dll 08:47:27.0875 6140 FontCache - ok 08:47:27.0896 6140 [ A8B7F3818AB65695E3A0BB3279F6DCE6 ] FontCache3.0.0.0 C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe 08:47:27.0898 6140 FontCache3.0.0.0 - ok 08:47:27.0910 6140 [ D43703496149971890703B4B1B723EAC ] FsDepends C:\Windows\system32\drivers\FsDepends.sys 08:47:27.0912 6140 FsDepends - ok 08:47:27.0925 6140 [ 6BD9295CC032DD3077C671FCCF579A7B ] Fs_Rec C:\Windows\system32\drivers\Fs_Rec.sys 08:47:27.0926 6140 Fs_Rec - ok 08:47:27.0930 6140 [ 1F7B25B858FA27015169FE95E54108ED ] fvevol C:\Windows\system32\DRIVERS\fvevol.sys 08:47:27.0932 6140 fvevol - ok 08:47:27.0941 6140 [ 8C778D335C9D272CFD3298AB02ABE3B6 ] gagp30kx C:\Windows\system32\drivers\gagp30kx.sys 08:47:27.0944 6140 gagp30kx - ok 08:47:27.0973 6140 [ E6460809993FA1A86899AB39D2B785B6 ] gfiark C:\Windows\system32\drivers\gfiark.sys 08:47:27.0975 6140 gfiark - ok 08:47:28.0030 6140 [ AD826942E10F8D18C29E365CE426A21B ] gfi_lanss10_attservice C:\Program Files (x86)\GFI Software\VIPRE\LanGuard 10 Agent\lnssatt.exe 08:47:28.0031 6140 gfi_lanss10_attservice - ok 08:47:28.0045 6140 [ 277BBC7E1AA1EE957F573A10ECA7EF3A ] gpsvc C:\Windows\System32\gpsvc.dll 08:47:28.0050 6140 gpsvc - ok 08:47:28.0093 6140 [ 32096F187020A54D29C95B3A1467D963 ] GREGService C:\Program Files (x86)\Gateway\Registration\GREGsvc.exe 08:47:28.0094 6140 GREGService - ok 08:47:28.0123 6140 [ 506708142BC63DABA64F2D3AD1DCD5BF ] gupdate C:\Program Files (x86)\Google\Update\GoogleUpdate.exe 08:47:28.0124 6140 gupdate - ok 08:47:28.0127 6140 [ 506708142BC63DABA64F2D3AD1DCD5BF ] gupdatem C:\Program Files (x86)\Google\Update\GoogleUpdate.exe 08:47:28.0128 6140 gupdatem - ok 08:47:28.0141 6140 [ F2523EF6460FC42405B12248338AB2F0 ] hcw85cir C:\Windows\system32\drivers\hcw85cir.sys 08:47:28.0142 6140 hcw85cir - ok 08:47:28.0165 6140 [ 975761C778E33CD22498059B91E7373A ] HdAudAddService C:\Windows\system32\drivers\HdAudio.sys 08:47:28.0168 6140 HdAudAddService - ok 08:47:28.0188 6140 [ 97BFED39B6B79EB12CDDBFEED51F56BB ] HDAudBus C:\Windows\system32\drivers\HDAudBus.sys 08:47:28.0190 6140 HDAudBus - ok 08:47:28.0202 6140 [ 78E86380454A7B10A5EB255DC44A355F ] HidBatt C:\Windows\system32\drivers\HidBatt.sys 08:47:28.0204 6140 HidBatt - ok 08:47:28.0211 6140 [ 7FD2A313F7AFE5C4DAB14798C48DD104 ] HidBth C:\Windows\system32\drivers\hidbth.sys 08:47:28.0213 6140 HidBth - ok 08:47:28.0223 6140 [ 0A77D29F311B88CFAE3B13F9C1A73825 ] HidIr C:\Windows\system32\drivers\hidir.sys 08:47:28.0225 6140 HidIr - ok 08:47:28.0235 6140 [ BD9EB3958F213F96B97B1D897DEE006D ] hidserv C:\Windows\System32\hidserv.dll 08:47:28.0237 6140 hidserv - ok 08:47:28.0245 6140 [ 9592090A7E2B61CD582B612B6DF70536 ] HidUsb C:\Windows\system32\DRIVERS\hidusb.sys 08:47:28.0246 6140 HidUsb - ok 08:47:28.0266 6140 [ 387E72E739E15E3D37907A86D9FF98E2 ] hkmsvc C:\Windows\system32\kmsvc.dll 08:47:28.0269 6140 hkmsvc - ok 08:47:28.0279 6140 [ EFDFB3DD38A4376F93E7985173813ABD ] HomeGroupListener C:\Windows\system32\ListSvc.dll 08:47:28.0281 6140 HomeGroupListener - ok 08:47:28.0303 6140 [ 908ACB1F594274965A53926B10C81E89 ] HomeGroupProvider C:\Windows\system32\provsvc.dll 08:47:28.0305 6140 HomeGroupProvider - ok 08:47:28.0307 6140 [ 39D2ABCD392F3D8A6DCE7B60AE7B8EFC ] HpSAMD C:\Windows\system32\drivers\HpSAMD.sys 08:47:28.0308 6140 HpSAMD - ok 08:47:28.0321 6140 [ 0EA7DE1ACB728DD5A369FD742D6EEE28 ] HTTP C:\Windows\system32\drivers\HTTP.sys 08:47:28.0326 6140 HTTP - ok 08:47:28.0336 6140 [ A5462BD6884960C9DC85ED49D34FF392 ] hwpolicy C:\Windows\system32\drivers\hwpolicy.sys 08:47:28.0336 6140 hwpolicy - ok 08:47:28.0354 6140 [ FA55C73D4AFFA7EE23AC4BE53B4592D3 ] i8042prt C:\Windows\system32\DRIVERS\i8042prt.sys 08:47:28.0356 6140 i8042prt - ok 08:47:28.0376 6140 [ C224331A54571C8C9162F7714400BBBD ] iaStor C:\Windows\system32\DRIVERS\iaStor.sys 08:47:28.0379 6140 iaStor - ok 08:47:28.0445 6140 [ 7D4B9A48430ED57ACA6373B71D5904CA ] IAStorDataMgrSvc C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe 08:47:28.0445 6140 IAStorDataMgrSvc - ok 08:47:28.0457 6140 [ AAAF44DB3BD0B9D1FB6969B23ECC8366 ] iaStorV C:\Windows\system32\drivers\iaStorV.sys 08:47:28.0464 6140 iaStorV - ok 08:47:28.0496 6140 [ 5988FC40F8DB5B0739CD1E3A5D0D78BD ] idsvc C:\Windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\infocard.exe 08:47:28.0503 6140 idsvc - ok 08:47:28.0648 6140 [ 0638D16029B1C800908D965AC78970C7 ] igfx C:\Windows\system32\DRIVERS\igdkmd64.sys 08:47:28.0785 6140 igfx - ok 08:47:28.0804 6140 [ 5C18831C61933628F5BB0EA2675B9D21 ] iirsp C:\Windows\system32\drivers\iirsp.sys 08:47:28.0805 6140 iirsp - ok 08:47:28.0826 6140 [ FCD84C381E0140AF901E58D48882D26B ] IKEEXT C:\Windows\System32\ikeext.dll 08:47:28.0831 6140 IKEEXT - ok 08:47:28.0882 6140 [ ABA41EE6F5EEFC034F3BBD025506B37E ] IntcAzAudAddService C:\Windows\system32\drivers\RTKVHD64.sys 08:47:28.0894 6140 IntcAzAudAddService - ok 08:47:28.0922 6140 [ 6C9FFFECA9FED31347D211C5D1FFBD2D ] IntcDAud C:\Windows\system32\DRIVERS\IntcDAud.sys 08:47:28.0924 6140 IntcDAud - ok 08:47:28.0959 6140 [ 832CE330DD987227B7DEA8C03F22AEFA ] Intel® Capability Licensing Service Interface C:\Program Files\Intel\iCLS Client\HeciServer.exe 08:47:28.0963 6140 Intel® Capability Licensing Service Interface - ok 08:47:29.0015 6140 [ 4A9EB8AC8959C580ADCADDBDBBEBE033 ] Intel® PROSet Monitoring Service C:\Windows\system32\IProsetMonitor.exe 08:47:29.0017 6140 Intel® PROSet Monitoring Service - ok 08:47:29.0032 6140 [ F00F20E70C6EC3AA366910083A0518AA ] intelide C:\Windows\system32\drivers\intelide.sys 08:47:29.0033 6140 intelide - ok 08:47:29.0049 6140 [ ADA036632C664CAA754079041CF1F8C1 ] intelppm C:\Windows\system32\DRIVERS\intelppm.sys 08:47:29.0050 6140 intelppm - ok 08:47:29.0068 6140 [ 098A91C54546A3B878DAD6A7E90A455B ] IPBusEnum C:\Windows\system32\ipbusenum.dll 08:47:29.0070 6140 IPBusEnum - ok 08:47:29.0086 6140 [ C9F0E1BD74365A8771590E9008D22AB6 ] IpFilterDriver C:\Windows\system32\DRIVERS\ipfltdrv.sys 08:47:29.0088 6140 IpFilterDriver - ok 08:47:29.0118 6140 [ 08C2957BB30058E663720C5606885653 ] iphlpsvc C:\Windows\System32\iphlpsvc.dll 08:47:29.0122 6140 iphlpsvc - ok 08:47:29.0132 6140 [ 0FC1AEA580957AA8817B8F305D18CA3A ] IPMIDRV C:\Windows\system32\drivers\IPMIDrv.sys 08:47:29.0134 6140 IPMIDRV - ok 08:47:29.0136 6140 [ AF9B39A7E7B6CAA203B3862582E9F2D0 ] IPNAT C:\Windows\system32\drivers\ipnat.sys 08:47:29.0137 6140 IPNAT - ok 08:47:29.0178 6140 [ 02DEF37AB75E0032C50724646F708DE8 ] iPodDrv C:\Windows\system32\drivers\iPodDrv.sys 08:47:29.0178 6140 iPodDrv - ok 08:47:29.0185 6140 [ 3ABF5E7213EB28966D55D58B515D5CE9 ] IRENUM C:\Windows\system32\drivers\irenum.sys 08:47:29.0186 6140 IRENUM - ok 08:47:29.0199 6140 [ 2F7B28DC3E1183E5EB418DF55C204F38 ] isapnp C:\Windows\system32\drivers\isapnp.sys 08:47:29.0200 6140 isapnp - ok 08:47:29.0209 6140 [ D931D7309DEB2317035B07C9F9E6B0BD ] iScsiPrt C:\Windows\system32\drivers\msiscsi.sys 08:47:29.0211 6140 iScsiPrt - ok 08:47:29.0229 6140 [ DC0DBA5164F657DE2AE94B9D1FF75DA4 ] iusb3hcs C:\Windows\system32\DRIVERS\iusb3hcs.sys 08:47:29.0229 6140 iusb3hcs - ok 08:47:29.0241 6140 [ BA4F3A70F03584E5B907DA815677727D ] iusb3hub C:\Windows\system32\DRIVERS\iusb3hub.sys 08:47:29.0243 6140 iusb3hub - ok 08:47:29.0257 6140 [ E6130F70D61867C7EFC13A2F808EDC58 ] iusb3xhc C:\Windows\system32\DRIVERS\iusb3xhc.sys 08:47:29.0261 6140 iusb3xhc - ok 08:47:29.0279 6140 [ 468F7516B4030603BA9D1427CCEACDF9 ] jhi_service C:\Program Files (x86)\Intel\Intel® Management Engine Components\DAL\jhi_service.exe 08:47:29.0280 6140 jhi_service - ok 08:47:29.0305 6140 [ BC02336F1CBA7DCC7D1213BB588A68A5 ] kbdclass C:\Windows\system32\DRIVERS\kbdclass.sys 08:47:29.0305 6140 kbdclass - ok 08:47:29.0317 6140 [ 0705EFF5B42A9DB58548EEC3B26BB484 ] kbdhid C:\Windows\system32\DRIVERS\kbdhid.sys 08:47:29.0318 6140 kbdhid - ok 08:47:29.0347 6140 [ C118A82CD78818C29AB228366EBF81C3 ] KeyIso C:\Windows\system32\lsass.exe 08:47:29.0348 6140 KeyIso - ok 08:47:29.0373 6140 [ 97A7070AEA4C058B6418519E869A63B4 ] KSecDD C:\Windows\system32\Drivers\ksecdd.sys 08:47:29.0375 6140 KSecDD - ok 08:47:29.0386 6140 [ 26C43A7C2862447EC59DEDA188D1DA07 ] KSecPkg C:\Windows\system32\Drivers\ksecpkg.sys 08:47:29.0387 6140 KSecPkg - ok 08:47:29.0399 6140 [ 6869281E78CB31A43E969F06B57347C4 ] ksthunk C:\Windows\system32\drivers\ksthunk.sys 08:47:29.0401 6140 ksthunk - ok 08:47:29.0414 6140 [ 6AB66E16AA859232F64DEB66887A8C9C ] KtmRm C:\Windows\system32\msdtckrm.dll 08:47:29.0418 6140 KtmRm - ok 08:47:29.0435 6140 [ D9F42719019740BAA6D1C6D536CBDAA6 ] LanmanServer C:\Windows\System32\srvsvc.dll 08:47:29.0438 6140 LanmanServer - ok 08:47:29.0448 6140 [ 851A1382EED3E3A7476DB004F4EE3E1A ] LanmanWorkstation C:\Windows\System32\wkssvc.dll 08:47:29.0451 6140 LanmanWorkstation - ok 08:47:29.0504 6140 [ 7772DFAB22611050B79504E671B06E6E ] LBTServ C:\Program Files\Common Files\LogiShrd\Bluetooth\lbtserv.exe 08:47:29.0507 6140 LBTServ - ok 08:47:29.0521 6140 [ 241F2648ADF090E2A10095BD6D6F5DCB ] LHidFilt C:\Windows\system32\DRIVERS\LHidFilt.Sys 08:47:29.0522 6140 LHidFilt - ok 08:47:29.0556 6140 [ 6BB516A31DE232DAB436FF3A117E1E80 ] Live Updater Service C:\Program Files\Gateway\Gateway Updater\UpdaterService.exe 08:47:29.0558 6140 Live Updater Service - ok 08:47:29.0586 6140 [ 1538831CF8AD2979A04C423779465827 ] lltdio C:\Windows\system32\DRIVERS\lltdio.sys 08:47:29.0587 6140 lltdio - ok 08:47:29.0603 6140 [ C1185803384AB3FEED115F79F109427F ] lltdsvc C:\Windows\System32\lltdsvc.dll 08:47:29.0606 6140 lltdsvc - ok 08:47:29.0624 6140 [ F993A32249B66C9D622EA5592A8B76B8 ] lmhosts C:\Windows\System32\lmhsvc.dll 08:47:29.0626 6140 lmhosts - ok 08:47:29.0660 6140 LMIInfo - ok 08:47:29.0673 6140 [ 413ECDCFAD9A82804D3674C8D7EEC24E ] lmimirr C:\Windows\system32\DRIVERS\lmimirr.sys 08:47:29.0673 6140 lmimirr - ok 08:47:29.0684 6140 LMIRfsClientNP - ok 08:47:29.0690 6140 [ C57D3FAA50E6F395759FFB7C709BD944 ] LMIRfsDriver C:\Windows\system32\drivers\LMIRfsDriver.sys 08:47:29.0691 6140 LMIRfsDriver - ok 08:47:29.0697 6140 [ 342ED5A4B3326014438F36D22D803737 ] LMouFilt C:\Windows\system32\DRIVERS\LMouFilt.Sys 08:47:29.0698 6140 LMouFilt - ok 08:47:29.0718 6140 [ B114B200CCDEBC7EBD8EF5D783819386 ] LMS C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe 08:47:29.0719 6140 LMS - ok 08:47:29.0735 6140 [ 1A93E54EB0ECE102495A51266DCDB6A6 ] LSI_FC C:\Windows\system32\drivers\lsi_fc.sys 08:47:29.0736 6140 LSI_FC - ok 08:47:29.0761 6140 [ 1047184A9FDC8BDBFF857175875EE810 ] LSI_SAS C:\Windows\system32\drivers\lsi_sas.sys 08:47:29.0763 6140 LSI_SAS - ok 08:47:29.0771 6140 [ 30F5C0DE1EE8B5BC9306C1F0E4A75F93 ] LSI_SAS2 C:\Windows\system32\drivers\lsi_sas2.sys 08:47:29.0772 6140 LSI_SAS2 - ok 08:47:29.0790 6140 [ 0504EACAFF0D3C8AED161C4B0D369D4A ] LSI_SCSI C:\Windows\system32\drivers\lsi_scsi.sys 08:47:29.0792 6140 LSI_SCSI - ok 08:47:29.0802 6140 [ 43D0F98E1D56CCDDB0D5254CFF7B356E ] luafv C:\Windows\system32\drivers\luafv.sys 08:47:29.0803 6140 luafv - ok 08:47:29.0824 6140 [ 29C733E1DE824670DC9315CFC9BDBCD3 ] LUsbFilt C:\Windows\system32\Drivers\LUsbFilt.Sys 08:47:29.0825 6140 LUsbFilt - ok 08:47:29.0848 6140 [ 0C85B2B6FB74B36A251792D45E0EF860 ] LVRS64 C:\Windows\system32\DRIVERS\lvrs64.sys 08:47:29.0850 6140 LVRS64 - ok 08:47:29.0910 6140 [ FF3A488924B0032B1A9CA6948C1FA9E8 ] LVUVC64 C:\Windows\system32\DRIVERS\lvuvc64.sys 08:47:29.0929 6140 LVUVC64 - ok 08:47:29.0999 6140 [ A8FE8F2783B2929B56F5370A89356CE9 ] MBAMProtector C:\Windows\system32\drivers\mbam.sys 08:47:30.0000 6140 MBAMProtector - ok 08:47:30.0040 6140 [ 85B16A92B117A5A800032ECD904B86DB ] MBAMScheduler C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe 08:47:30.0043 6140 MBAMScheduler - ok 08:47:30.0062 6140 [ 20E2469DB709FC675E655CEAA11BE312 ] MBAMService C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe 08:47:30.0064 6140 MBAMService - ok 08:47:30.0081 6140 [ 0BE09CD858ABF9DF6ED259D57A1A1663 ] Mcx2Svc C:\Windows\system32\Mcx2Svc.dll 08:47:30.0083 6140 Mcx2Svc - ok 08:47:30.0091 6140 [ A55805F747C6EDB6A9080D7C633BD0F4 ] megasas C:\Windows\system32\drivers\megasas.sys 08:47:30.0093 6140 megasas - ok 08:47:30.0119 6140 [ BAF74CE0072480C3B6B7C13B2A94D6B3 ] MegaSR C:\Windows\system32\drivers\MegaSR.sys 08:47:30.0121 6140 MegaSR - ok 08:47:30.0139 6140 [ 6B01B7414A105B9E51652089A03027CF ] MEIx64 C:\Windows\system32\DRIVERS\HECIx64.sys 08:47:30.0140 6140 MEIx64 - ok 08:47:30.0152 6140 [ E40E80D0304A73E8D269F7141D77250B ] MMCSS C:\Windows\system32\mmcss.dll 08:47:30.0154 6140 MMCSS - ok 08:47:30.0165 6140 [ 800BA92F7010378B09F9ED9270F07137 ] Modem C:\Windows\system32\drivers\modem.sys 08:47:30.0167 6140 Modem - ok 08:47:30.0172 6140 [ B03D591DC7DA45ECE20B3B467E6AADAA ] monitor C:\Windows\system32\DRIVERS\monitor.sys 08:47:30.0172 6140 monitor - ok 08:47:30.0181 6140 [ 7D27EA49F3C1F687D357E77A470AEA99 ] mouclass C:\Windows\system32\DRIVERS\mouclass.sys 08:47:30.0181 6140 mouclass - ok 08:47:30.0187 6140 [ D3BF052C40B0C4166D9FD86A4288C1E6 ] mouhid C:\Windows\system32\DRIVERS\mouhid.sys 08:47:30.0188 6140 mouhid - ok 08:47:30.0215 6140 [ 32E7A3D591D671A6DF2DB515A5CBE0FA ] mountmgr C:\Windows\system32\drivers\mountmgr.sys 08:47:30.0217 6140 mountmgr - ok 08:47:30.0261 6140 [ 313265CF4F5F02ED927774DA1DB3FE00 ] MozillaMaintenance C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe 08:47:30.0264 6140 MozillaMaintenance - ok 08:47:30.0267 6140 [ A44B420D30BD56E145D6A2BC8768EC58 ] mpio C:\Windows\system32\drivers\mpio.sys 08:47:30.0269 6140 mpio - ok 08:47:30.0279 6140 [ 6C38C9E45AE0EA2FA5E551F2ED5E978F ] mpsdrv C:\Windows\system32\drivers\mpsdrv.sys 08:47:30.0280 6140 mpsdrv - ok 08:47:30.0296 6140 [ 54FFC9C8898113ACE189D4AA7199D2C1 ] MpsSvc C:\Windows\system32\mpssvc.dll 08:47:30.0302 6140 MpsSvc - ok 08:47:30.0305 6140 [ DC722758B8261E1ABAFD31A3C0A66380 ] MRxDAV C:\Windows\system32\drivers\mrxdav.sys 08:47:30.0307 6140 MRxDAV - ok 08:47:30.0317 6140 [ A5D9106A73DC88564C825D317CAC68AC ] mrxsmb C:\Windows\system32\DRIVERS\mrxsmb.sys 08:47:30.0318 6140 mrxsmb - ok 08:47:30.0322 6140 [ D711B3C1D5F42C0C2415687BE09FC163 ] mrxsmb10 C:\Windows\system32\DRIVERS\mrxsmb10.sys 08:47:30.0324 6140 mrxsmb10 - ok 08:47:30.0335 6140 [ 9423E9D355C8D303E76B8CFBD8A5C30C ] mrxsmb20 C:\Windows\system32\DRIVERS\mrxsmb20.sys 08:47:30.0337 6140 mrxsmb20 - ok 08:47:30.0343 6140 [ C25F0BAFA182CBCA2DD3C851C2E75796 ] msahci C:\Windows\system32\drivers\msahci.sys 08:47:30.0343 6140 msahci - ok 08:47:30.0346 6140 [ DB801A638D011B9633829EB6F663C900 ] msdsm C:\Windows\system32\drivers\msdsm.sys 08:47:30.0348 6140 msdsm - ok 08:47:30.0360 6140 [ DE0ECE52236CFA3ED2DBFC03F28253A8 ] MSDTC C:\Windows\System32\msdtc.exe 08:47:30.0362 6140 MSDTC - ok 08:47:30.0375 6140 [ AA3FB40E17CE1388FA1BEDAB50EA8F96 ] Msfs C:\Windows\system32\drivers\Msfs.sys 08:47:30.0377 6140 Msfs - ok 08:47:30.0379 6140 [ F9D215A46A8B9753F61767FA72A20326 ] mshidkmdf C:\Windows\System32\drivers\mshidkmdf.sys 08:47:30.0379 6140 mshidkmdf - ok 08:47:30.0391 6140 [ D916874BBD4F8B07BFB7FA9B3CCAE29D ] msisadrv C:\Windows\system32\drivers\msisadrv.sys 08:47:30.0391 6140 msisadrv - ok 08:47:30.0403 6140 [ 808E98FF49B155C522E6400953177B08 ] MSiSCSI C:\Windows\system32\iscsiexe.dll 08:47:30.0406 6140 MSiSCSI - ok 08:47:30.0408 6140 msiserver - ok 08:47:30.0418 6140 [ 49CCF2C4FEA34FFAD8B1B59D49439366 ] MSKSSRV C:\Windows\system32\drivers\MSKSSRV.sys 08:47:30.0419 6140 MSKSSRV - ok 08:47:30.0425 6140 [ BDD71ACE35A232104DDD349EE70E1AB3 ] MSPCLOCK C:\Windows\system32\drivers\MSPCLOCK.sys 08:47:30.0426 6140 MSPCLOCK - ok 08:47:30.0436 6140 [ 4ED981241DB27C3383D72092B618A1D0 ] MSPQM C:\Windows\system32\drivers\MSPQM.sys 08:47:30.0437 6140 MSPQM - ok 08:47:30.0442 6140 [ 759A9EEB0FA9ED79DA1FB7D4EF78866D ] MsRPC C:\Windows\system32\drivers\MsRPC.sys 08:47:30.0445 6140 MsRPC - ok 08:47:30.0454 6140 [ 0EED230E37515A0EAEE3C2E1BC97B288 ] mssmbios C:\Windows\system32\drivers\mssmbios.sys 08:47:30.0454 6140 mssmbios - ok 08:47:30.0462 6140 [ 2E66F9ECB30B4221A318C92AC2250779 ] MSTEE C:\Windows\system32\drivers\MSTEE.sys 08:47:30.0463 6140 MSTEE - ok 08:47:30.0473 6140 [ 7EA404308934E675BFFDE8EDF0757BCD ] MTConfig C:\Windows\system32\drivers\MTConfig.sys 08:47:30.0474 6140 MTConfig - ok 08:47:30.0485 6140 [ F9A18612FD3526FE473C1BDA678D61C8 ] Mup C:\Windows\system32\Drivers\mup.sys 08:47:30.0485 6140 Mup - ok 08:47:30.0496 6140 [ 582AC6D9873E31DFA28A4547270862DD ] napagent C:\Windows\system32\qagentRT.dll 08:47:30.0499 6140 napagent - ok 08:47:30.0516 6140 [ 1EA3749C4114DB3E3161156FFFFA6B33 ] NativeWifiP C:\Windows\system32\DRIVERS\nwifi.sys 08:47:30.0518 6140 NativeWifiP - ok 08:47:30.0575 6140 [ 13AA2130F2A104DD775EAD0F0EE5417B ] NAUpdate C:\Program Files (x86)\Nero\Update\NASvc.exe 08:47:30.0578 6140 NAUpdate - ok 08:47:30.0619 6140 [ 760E38053BF56E501D562B70AD796B88 ] NDIS C:\Windows\system32\drivers\ndis.sys 08:47:30.0625 6140 NDIS - ok 08:47:30.0636 6140 [ 9F9A1F53AAD7DA4D6FEF5BB73AB811AC ] NdisCap C:\Windows\system32\DRIVERS\ndiscap.sys 08:47:30.0637 6140 NdisCap - ok 08:47:30.0656 6140 [ 30639C932D9FEF22B31268FE25A1B6E5 ] NdisTapi C:\Windows\system32\DRIVERS\ndistapi.sys 08:47:30.0657 6140 NdisTapi - ok 08:47:30.0677 6140 [ 136185F9FB2CC61E573E676AA5402356 ] Ndisuio C:\Windows\system32\DRIVERS\ndisuio.sys 08:47:30.0678 6140 Ndisuio - ok 08:47:30.0682 6140 [ 53F7305169863F0A2BDDC49E116C2E11 ] NdisWan C:\Windows\system32\DRIVERS\ndiswan.sys 08:47:30.0683 6140 NdisWan - ok 08:47:30.0690 6140 [ 015C0D8E0E0421B4CFD48CFFE2825879 ] NDProxy C:\Windows\system32\drivers\NDProxy.sys 08:47:30.0692 6140 NDProxy - ok 08:47:30.0702 6140 [ 86743D9F5D2B1048062B14B1D84501C4 ] NetBIOS C:\Windows\system32\DRIVERS\netbios.sys 08:47:30.0704 6140 NetBIOS - ok 08:47:30.0711 6140 [ 09594D1089C523423B32A4229263F068 ] NetBT C:\Windows\system32\DRIVERS\netbt.sys 08:47:30.0713 6140 NetBT - ok 08:47:30.0722 6140 [ C118A82CD78818C29AB228366EBF81C3 ] Netlogon C:\Windows\system32\lsass.exe 08:47:30.0723 6140 Netlogon - ok 08:47:30.0746 6140 [ 847D3AE376C0817161A14A82C8922A9E ] Netman C:\Windows\System32\netman.dll 08:47:30.0749 6140 Netman - ok 08:47:30.0760 6140 [ 5F28111C648F1E24F7DBC87CDEB091B8 ] netprofm C:\Windows\System32\netprofm.dll 08:47:30.0764 6140 netprofm - ok 08:47:30.0795 6140 [ 5758FD37BF31E759F8610311E4D08ECA ] netr28x C:\Windows\system32\DRIVERS\netr28x.sys 08:47:30.0812 6140 netr28x - ok 08:47:30.0827 6140 [ 3E5A36127E201DDF663176B66828FAFE ] NetTcpPortSharing C:\Windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\SMSvcHost.exe 08:47:30.0829 6140 NetTcpPortSharing - ok 08:47:30.0840 6140 [ 77889813BE4D166CDAB78DDBA990DA92 ] nfrd960 C:\Windows\system32\drivers\nfrd960.sys 08:47:30.0842 6140 nfrd960 - ok 08:47:30.0871 6140 [ 8AD77806D336673F270DB31645267293 ] NlaSvc C:\Windows\System32\nlasvc.dll 08:47:30.0874 6140 NlaSvc - ok 08:47:30.0876 6140 [ 1E4C4AB5C9B8DD13179BBDC75A2A01F7 ] Npfs C:\Windows\system32\drivers\Npfs.sys 08:47:30.0877 6140 Npfs - ok 08:47:30.0888 6140 [ D54BFDF3E0C953F823B3D0BFE4732528 ] nsi C:\Windows\system32\nsisvc.dll 08:47:30.0891 6140 nsi - ok 08:47:30.0893 6140 [ E7F5AE18AF4168178A642A9247C63001 ] nsiproxy C:\Windows\system32\drivers\nsiproxy.sys 08:47:30.0893 6140 nsiproxy - ok 08:47:30.0935 6140 [ E453ACF4E7D44E5530B5D5F2B9CA8563 ] Ntfs C:\Windows\system32\drivers\Ntfs.sys 08:47:30.0952 6140 Ntfs - ok 08:47:30.0959 6140 [ 9899284589F75FA8724FF3D16AED75C1 ] Null C:\Windows\system32\drivers\Null.sys 08:47:30.0961 6140 Null - ok 08:47:30.0983 6140 [ 0A92CB65770442ED0DC44834632F66AD ] nvraid C:\Windows\system32\drivers\nvraid.sys 08:47:30.0984 6140 nvraid - ok 08:47:30.0994 6140 [ DAB0E87525C10052BF65F06152F37E4A ] nvstor C:\Windows\system32\drivers\nvstor.sys 08:47:30.0996 6140 nvstor - ok 08:47:30.0999 6140 [ 270D7CD42D6E3979F6DD0146650F0E05 ] nv_agp C:\Windows\system32\drivers\nv_agp.sys 08:47:31.0000 6140 nv_agp - ok 08:47:31.0006 6140 [ 3589478E4B22CE21B41FA1BFC0B8B8A0 ] ohci1394 C:\Windows\system32\drivers\ohci1394.sys 08:47:31.0007 6140 ohci1394 - ok 08:47:31.0038 6140 [ 9D10F99A6712E28F8ACD5641E3A7EA6B ] ose C:\Program Files (x86)\Common Files\Microsoft Shared\Source Engine\OSE.EXE 08:47:31.0040 6140 ose - ok 08:47:31.0106 6140 [ 61BFFB5F57AD12F83AB64B7181829B34 ] osppsvc C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE 08:47:31.0125 6140 osppsvc - ok 08:47:31.0152 6140 [ 3EAC4455472CC2C97107B5291E0DCAFE ] p2pimsvc C:\Windows\system32\pnrpsvc.dll 08:47:31.0155 6140 p2pimsvc - ok 08:47:31.0167 6140 [ 927463ECB02179F88E4B9A17568C63C3 ] p2psvc C:\Windows\system32\p2psvc.dll 08:47:31.0170 6140 p2psvc - ok 08:47:31.0174 6140 [ 0086431C29C35BE1DBC43F52CC273887 ] Parport C:\Windows\system32\drivers\parport.sys 08:47:31.0175 6140 Parport - ok 08:47:31.0185 6140 [ E9766131EEADE40A27DC27D2D68FBA9C ] partmgr C:\Windows\system32\drivers\partmgr.sys 08:47:31.0187 6140 partmgr - ok 08:47:31.0194 6140 [ 3AEAA8B561E63452C655DC0584922257 ] PcaSvc C:\Windows\System32\pcasvc.dll 08:47:31.0196 6140 PcaSvc - ok 08:47:31.0208 6140 [ 94575C0571D1462A0F70BDE6BD6EE6B3 ] pci C:\Windows\system32\drivers\pci.sys 08:47:31.0210 6140 pci - ok 08:47:31.0226 6140 [ B5B8B5EF2E5CB34DF8DCF8831E3534FA ] pciide C:\Windows\system32\drivers\pciide.sys 08:47:31.0228 6140 pciide - ok 08:47:31.0232 6140 [ B2E81D4E87CE48589F98CB8C05B01F2F ] pcmcia C:\Windows\system32\drivers\pcmcia.sys 08:47:31.0234 6140 pcmcia - ok 08:47:31.0241 6140 [ D6B9C2E1A11A3A4B26A182FFEF18F603 ] pcw C:\Windows\system32\drivers\pcw.sys 08:47:31.0242 6140 pcw - ok 08:47:31.0255 6140 [ 68769C3356B3BE5D1C732C97B9A80D6E ] PEAUTH C:\Windows\system32\drivers\peauth.sys 08:47:31.0264 6140 PEAUTH - ok 08:47:31.0314 6140 [ E495E408C93141E8FC72DC0C6046DDFA ] PerfHost C:\Windows\SysWow64\perfhost.exe 08:47:31.0316 6140 PerfHost - ok 08:47:31.0340 6140 [ C7CF6A6E137463219E1259E3F0F0DD6C ] pla C:\Windows\system32\pla.dll 08:47:31.0357 6140 pla - ok 08:47:31.0377 6140 [ 25FBDEF06C4D92815B353F6E792C8129 ] PlugPlay C:\Windows\system32\umpnpmgr.dll 08:47:31.0381 6140 PlugPlay - ok 08:47:31.0402 6140 [ A010F13D27C1033A8BE09D5FA9BF348B ] pneteth C:\Windows\system32\DRIVERS\pneteth.sys 08:47:31.0404 6140 pneteth - ok 08:47:31.0413 6140 [ 7195581CEC9BB7D12ABE54036ACC2E38 ] PNRPAutoReg C:\Windows\system32\pnrpauto.dll 08:47:31.0415 6140 PNRPAutoReg - ok 08:47:31.0434 6140 [ 3EAC4455472CC2C97107B5291E0DCAFE ] PNRPsvc C:\Windows\system32\pnrpsvc.dll 08:47:31.0436 6140 PNRPsvc - ok 08:47:31.0449 6140 [ 4F15D75ADF6156BF56ECED6D4A55C389 ] PolicyAgent C:\Windows\System32\ipsecsvc.dll 08:47:31.0452 6140 PolicyAgent - ok 08:47:31.0456 6140 [ 6BA9D927DDED70BD1A9CADED45F8B184 ] Power C:\Windows\system32\umpo.dll 08:47:31.0459 6140 Power - ok 08:47:31.0473 6140 [ F92A2C41117A11A00BE01CA01A7FCDE9 ] PptpMiniport C:\Windows\system32\DRIVERS\raspptp.sys 08:47:31.0475 6140 PptpMiniport - ok 08:47:31.0485 6140 [ 0D922E23C041EFB1C3FAC2A6F943C9BF ] Processor C:\Windows\system32\drivers\processr.sys 08:47:31.0487 6140 Processor - ok 08:47:31.0505 6140 [ 53E83F1F6CF9D62F32801CF66D8352A8 ] ProfSvc C:\Windows\system32\profsvc.dll 08:47:31.0507 6140 ProfSvc - ok 08:47:31.0514 6140 [ C118A82CD78818C29AB228366EBF81C3 ] ProtectedStorage C:\Windows\system32\lsass.exe 08:47:31.0515 6140 ProtectedStorage - ok 08:47:31.0532 6140 [ 0557CF5A2556BD58E26384169D72438D ] Psched C:\Windows\system32\DRIVERS\pacer.sys 08:47:31.0533 6140 Psched - ok 08:47:31.0560 6140 [ A53A15A11EBFD21077463EE2C7AFEEF0 ] ql2300 C:\Windows\system32\drivers\ql2300.sys 08:47:31.0577 6140 ql2300 - ok 08:47:31.0590 6140 [ 4F6D12B51DE1AAEFF7DC58C4D75423C8 ] ql40xx C:\Windows\system32\drivers\ql40xx.sys 08:47:31.0592 6140 ql40xx - ok 08:47:31.0608 6140 [ 906191634E99AEA92C4816150BDA3732 ] QWAVE C:\Windows\system32\qwave.dll 08:47:31.0610 6140 QWAVE - ok 08:47:31.0620 6140 [ 76707BB36430888D9CE9D705398ADB6C ] QWAVEdrv C:\Windows\system32\drivers\qwavedrv.sys 08:47:31.0622 6140 QWAVEdrv - ok 08:47:31.0630 6140 [ 5A0DA8AD5762FA2D91678A8A01311704 ] RasAcd C:\Windows\system32\DRIVERS\rasacd.sys 08:47:31.0632 6140 RasAcd - ok 08:47:31.0657 6140 [ 7ECFF9B22276B73F43A99A15A6094E90 ] RasAgileVpn C:\Windows\system32\DRIVERS\AgileVpn.sys 08:47:31.0659 6140 RasAgileVpn - ok 08:47:31.0669 6140 [ 8F26510C5383B8DBE976DE1CD00FC8C7 ] RasAuto C:\Windows\System32\rasauto.dll 08:47:31.0671 6140 RasAuto - ok 08:47:31.0681 6140 [ 471815800AE33E6F1C32FB1B97C490CA ] Rasl2tp C:\Windows\system32\DRIVERS\rasl2tp.sys 08:47:31.0684 6140 Rasl2tp - ok 08:47:31.0698 6140 [ EE867A0870FC9E4972BA9EAAD35651E2 ] RasMan C:\Windows\System32\rasmans.dll 08:47:31.0701 6140 RasMan - ok 08:47:31.0711 6140 [ 855C9B1CD4756C5E9A2AA58A15F58C25 ] RasPppoe C:\Windows\system32\DRIVERS\raspppoe.sys 08:47:31.0713 6140 RasPppoe - ok 08:47:31.0724 6140 [ E8B1E447B008D07FF47D016C2B0EEECB ] RasSstp C:\Windows\system32\DRIVERS\rassstp.sys 08:47:31.0725 6140 RasSstp - ok 08:47:31.0730 6140 [ 77F665941019A1594D887A74F301FA2F ] rdbss C:\Windows\system32\DRIVERS\rdbss.sys 08:47:31.0733 6140 rdbss - ok 08:47:31.0746 6140 [ 302DA2A0539F2CF54D7C6CC30C1F2D8D ] rdpbus C:\Windows\system32\drivers\rdpbus.sys 08:47:31.0747 6140 rdpbus - ok 08:47:31.0764 6140 [ CEA6CC257FC9B7715F1C2B4849286D24 ] RDPCDD C:\Windows\system32\DRIVERS\RDPCDD.sys 08:47:31.0765 6140 RDPCDD - ok 08:47:31.0769 6140 [ BB5971A4F00659529A5C44831AF22365 ] RDPENCDD C:\Windows\system32\drivers\rdpencdd.sys 08:47:31.0769 6140 RDPENCDD - ok 08:47:31.0788 6140 [ 216F3FA57533D98E1F74DED70113177A ] RDPREFMP C:\Windows\system32\drivers\rdprefmp.sys 08:47:31.0789 6140 RDPREFMP - ok 08:47:31.0802 6140 [ E61608AA35E98999AF9AAEEEA6114B0A ] RDPWD C:\Windows\system32\drivers\RDPWD.sys 08:47:31.0804 6140 RDPWD - ok 08:47:31.0818 6140 [ 34ED295FA0121C241BFEF24764FC4520 ] rdyboost C:\Windows\system32\drivers\rdyboost.sys 08:47:31.0819 6140 rdyboost - ok 08:47:31.0828 6140 [ 254FB7A22D74E5511C73A3F6D802F192 ] RemoteAccess C:\Windows\System32\mprdim.dll 08:47:31.0830 6140 RemoteAccess - ok 08:47:31.0834 6140 [ E4D94F24081440B5FC5AA556C7C62702 ] RemoteRegistry C:\Windows\system32\regsvc.dll 08:47:31.0836 6140 RemoteRegistry - ok 08:47:31.0845 6140 [ E4DC58CF7B3EA515AE917FF0D402A7BB ] RpcEptMapper C:\Windows\System32\RpcEpMap.dll 08:47:31.0848 6140 RpcEptMapper - ok 08:47:31.0853 6140 [ D5BA242D4CF8E384DB90E6A8ED850B8C ] RpcLocator C:\Windows\system32\locator.exe 08:47:31.0855 6140 RpcLocator - ok 08:47:31.0872 6140 [ 5C627D1B1138676C0A7AB2C2C190D123 ] RpcSs C:\Windows\system32\rpcss.dll 08:47:31.0875 6140 RpcSs - ok 08:47:31.0884 6140 [ DDC86E4F8E7456261E637E3552E804FF ] rspndr C:\Windows\system32\DRIVERS\rspndr.sys 08:47:31.0886 6140 rspndr - ok 08:47:31.0888 6140 [ C118A82CD78818C29AB228366EBF81C3 ] SamSs C:\Windows\system32\lsass.exe 08:47:31.0889 6140 SamSs - ok 08:47:31.0959 6140 [ 99FC1599F89A80216E41175B8CA44D89 ] SBAMSvc C:\Program Files (x86)\GFI Software\VIPRE\SBAMSvc.exe 08:47:31.0973 6140 SBAMSvc - ok 08:47:32.0009 6140 [ 8F19D62B04081C0BFF1E8D6F26220A28 ] sbapifs C:\Windows\system32\DRIVERS\sbapifs.sys 08:47:32.0010 6140 sbapifs - ok 08:47:32.0084 6140 [ D8E08D2D24E777894744B657EA78796A ] SbFw C:\Windows\system32\drivers\SbFw.sys 08:47:32.0085 6140 SbFw - ok 08:47:32.0129 6140 [ 032CBD1D453D3BD4B38DE06AC4F8B8B4 ] SBFWIMCL C:\Windows\system32\DRIVERS\sbfwim.sys 08:47:32.0130 6140 SBFWIMCL - ok 08:47:32.0136 6140 [ 032CBD1D453D3BD4B38DE06AC4F8B8B4 ] SBFWIMCLMP C:\Windows\system32\DRIVERS\SBFWIM.sys 08:47:32.0137 6140 SBFWIMCLMP - ok 08:47:32.0193 6140 [ 1490E7C7A22329BE5641D4C2E16B868E ] SbHips C:\Windows\system32\drivers\sbhips.sys 08:47:32.0194 6140 SbHips - ok 08:47:32.0202 6140 [ AC03AF3329579FFFB455AA2DAABBE22B ] sbp2port C:\Windows\system32\drivers\sbp2port.sys 08:47:32.0204 6140 sbp2port - ok 08:47:32.0225 6140 [ 5314272972576D925A54CABAFD1E7FBF ] SBPIMSvc C:\Program Files (x86)\GFI Software\VIPRE\SBPIMSvc.exe 08:47:32.0227 6140 SBPIMSvc - ok 08:47:32.0267 6140 [ 051C35F5FF516398FFC806979C709A2F ] sbwtis C:\Windows\system32\DRIVERS\sbwtis.sys 08:47:32.0268 6140 sbwtis - ok 08:47:32.0280 6140 [ 9B7395789E3791A3B6D000FE6F8B131E ] SCardSvr C:\Windows\System32\SCardSvr.dll 08:47:32.0283 6140 SCardSvr - ok 08:47:32.0294 6140 [ 253F38D0D7074C02FF8DEB9836C97D2B ] scfilter C:\Windows\system32\DRIVERS\scfilter.sys 08:47:32.0296 6140 scfilter - ok 08:47:32.0310 6140 [ 262F6592C3299C005FD6BEC90FC4463A ] Schedule C:\Windows\system32\schedsvc.dll 08:47:32.0327 6140 Schedule - ok 08:47:32.0334 6140 [ F17D1D393BBC69C5322FBFAFACA28C7F ] SCPolicySvc C:\Windows\System32\certprop.dll 08:47:32.0335 6140 SCPolicySvc - ok 08:47:32.0343 6140 [ 6EA4234DC55346E0709560FE7C2C1972 ] SDRSVC C:\Windows\System32\SDRSVC.dll 08:47:32.0345 6140 SDRSVC - ok 08:47:32.0351 6140 [ 3EA8A16169C26AFBEB544E0E48421186 ] secdrv C:\Windows\system32\drivers\secdrv.sys 08:47:32.0352 6140 secdrv - ok 08:47:32.0364 6140 [ BC617A4E1B4FA8DF523A061739A0BD87 ] seclogon C:\Windows\system32\seclogon.dll 08:47:32.0365 6140 seclogon - ok 08:47:32.0388 6140 [ C32AB8FA018EF34C0F113BD501436D21 ] SENS C:\Windows\system32\sens.dll 08:47:32.0390 6140 SENS - ok 08:47:32.0406 6140 [ 0336CFFAFAAB87A11541F1CF1594B2B2 ] SensrSvc C:\Windows\system32\sensrsvc.dll 08:47:32.0409 6140 SensrSvc - ok 08:47:32.0422 6140 [ CB624C0035412AF0DEBEC78C41F5CA1B ] Serenum C:\Windows\system32\drivers\serenum.sys 08:47:32.0424 6140 Serenum - ok 08:47:32.0448 6140 [ C1D8E28B2C2ADFAEC4BA89E9FDA69BD6 ] Serial C:\Windows\system32\drivers\serial.sys 08:47:32.0450 6140 Serial - ok 08:47:32.0461 6140 [ 1C545A7D0691CC4A027396535691C3E3 ] sermouse C:\Windows\system32\drivers\sermouse.sys 08:47:32.0463 6140 sermouse - ok 08:47:32.0478 6140 [ 0B6231BF38174A1628C4AC812CC75804 ] SessionEnv C:\Windows\system32\sessenv.dll 08:47:32.0481 6140 SessionEnv - ok 08:47:32.0490 6140 [ A554811BCD09279536440C964AE35BBF ] sffdisk C:\Windows\system32\drivers\sffdisk.sys 08:47:32.0491 6140 sffdisk - ok 08:47:32.0504 6140 [ FF414F0BAEFEBA59BC6C04B3DB0B87BF ] sffp_mmc C:\Windows\system32\drivers\sffp_mmc.sys 08:47:32.0506 6140 sffp_mmc - ok 08:47:32.0515 6140 [ DD85B78243A19B59F0637DCF284DA63C ] sffp_sd C:\Windows\system32\drivers\sffp_sd.sys 08:47:32.0517 6140 sffp_sd - ok 08:47:32.0528 6140 [ A9D601643A1647211A1EE2EC4E433FF4 ] sfloppy C:\Windows\system32\drivers\sfloppy.sys 08:47:32.0530 6140 sfloppy - ok 08:47:32.0558 6140 [ C6CC9297BD53E5229653303E556AA539 ] Sftfs C:\Windows\system32\DRIVERS\Sftfslh.sys 08:47:32.0561 6140 Sftfs - ok 08:47:32.0587 6140 [ 13693B6354DD6E72DC5131DA7D764B90 ] sftlist C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe 08:47:32.0590 6140 sftlist - ok 08:47:32.0601 6140 [ 390AA7BC52CEE43F6790CDEA1E776703 ] Sftplay C:\Windows\system32\DRIVERS\Sftplaylh.sys 08:47:32.0602 6140 Sftplay - ok 08:47:32.0613 6140 [ 617E29A0B0A2807466560D4C4E338D3E ] Sftredir C:\Windows\system32\DRIVERS\Sftredirlh.sys 08:47:32.0613 6140 Sftredir - ok 08:47:32.0625 6140 [ 8F571F016FA1976F445147E9E6C8AE9B ] Sftvol C:\Windows\system32\DRIVERS\Sftvollh.sys 08:47:32.0625 6140 Sftvol - ok 08:47:32.0631 6140 [ C3CDDD18F43D44AB713CF8C4916F7696 ] sftvsa C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe 08:47:32.0633 6140 sftvsa - ok 08:47:32.0659 6140 [ B95F6501A2F8B2E78C697FEC401970CE ] SharedAccess C:\Windows\System32\ipnathlp.dll 08:47:32.0662 6140 SharedAccess - ok 08:47:32.0678 6140 [ AAF932B4011D14052955D4B212A4DA8D ] ShellHWDetection C:\Windows\System32\shsvcs.dll 08:47:32.0681 6140 ShellHWDetection - ok 08:47:32.0697 6140 [ 843CAF1E5FDE1FFD5FF768F23A51E2E1 ] SiSRaid2 C:\Windows\system32\drivers\SiSRaid2.sys 08:47:32.0699 6140 SiSRaid2 - ok 08:47:32.0701 6140 [ 6A6C106D42E9FFFF8B9FCB4F754F6DA4 ] SiSRaid4 C:\Windows\system32\drivers\sisraid4.sys 08:47:32.0702 6140 SiSRaid4 - ok 08:47:32.0788 6140 [ 3740B83AEC21D981065D7E819BD7E878 ] Skype C2C Service C:\ProgramData\Skype\Toolbars\Skype C2C Service\c2c_service.exe 08:47:32.0839 6140 Skype C2C Service - ok 08:47:32.0878 6140 [ B866E8C5ED1DCBEA72285BA4107892C2 ] SkypeUpdate C:\Program Files (x86)\Skype\Updater\Updater.exe 08:47:32.0879 6140 SkypeUpdate - ok 08:47:32.0899 6140 [ 548260A7B8654E024DC30BF8A7C5BAA4 ] Smb C:\Windows\system32\DRIVERS\smb.sys 08:47:32.0901 6140 Smb - ok 08:47:32.0921 6140 [ 6313F223E817CC09AA41811DAA7F541D ] SNMPTRAP C:\Windows\System32\snmptrap.exe 08:47:32.0924 6140 SNMPTRAP - ok 08:47:32.0930 6140 [ B9E31E5CACDFE584F34F730A677803F9 ] spldr C:\Windows\system32\drivers\spldr.sys 08:47:32.0930 6140 spldr - ok 08:47:32.0951 6140 [ 85DAA09A98C9286D4EA2BA8D0E644377 ] Spooler C:\Windows\System32\spoolsv.exe 08:47:32.0956 6140 Spooler - ok 08:47:32.0996 6140 [ E17E0188BB90FAE42D83E98707EFA59C ] sppsvc C:\Windows\system32\sppsvc.exe 08:47:33.0031 6140 sppsvc - ok 08:47:33.0044 6140 [ 93D7D61317F3D4BC4F4E9F8A96A7DE45 ] sppuinotify C:\Windows\system32\sppuinotify.dll 08:47:33.0046 6140 sppuinotify - ok 08:47:33.0056 6140 [ 441FBA48BFF01FDB9D5969EBC1838F0B ] srv C:\Windows\system32\DRIVERS\srv.sys 08:47:33.0060 6140 srv - ok 08:47:33.0064 6140 [ B4ADEBBF5E3677CCE9651E0F01F7CC28 ] srv2 C:\Windows\system32\DRIVERS\srv2.sys 08:47:33.0067 6140 srv2 - ok 08:47:33.0073 6140 [ 27E461F0BE5BFF5FC737328F749538C3 ] srvnet C:\Windows\system32\DRIVERS\srvnet.sys 08:47:33.0074 6140 srvnet - ok 08:47:33.0099 6140 [ 51B52FBD583CDE8AA9BA62B8B4298F33 ] SSDPSRV C:\Windows\System32\ssdpsrv.dll 08:47:33.0101 6140 SSDPSRV - ok 08:47:33.0110 6140 [ AB7AEBF58DAD8DAAB7A6C45E6A8885CB ] SstpSvc C:\Windows\system32\sstpsvc.dll 08:47:33.0112 6140 SstpSvc - ok 08:47:33.0140 6140 [ 74425FFA11C133D045E1C3BE2EAD481D ] ssudmdm C:\Windows\system32\DRIVERS\ssudmdm.sys 08:47:33.0142 6140 ssudmdm - ok 08:47:33.0151 6140 [ F3817967ED533D08327DC73BC4D5542A ] stexstor C:\Windows\system32\drivers\stexstor.sys 08:47:33.0153 6140 stexstor - ok 08:47:33.0171 6140 [ 8DD52E8E6128F4B2DA92CE27402871C1 ] stisvc C:\Windows\System32\wiaservc.dll 08:47:33.0176 6140 stisvc - ok 08:47:33.0186 6140 [ D01EC09B6711A5F8E7E6564A4D0FBC90 ] swenum C:\Windows\system32\drivers\swenum.sys 08:47:33.0186 6140 swenum - ok 08:47:33.0199 6140 [ E08E46FDD841B7184194011CA1955A0B ] swprv C:\Windows\System32\swprv.dll 08:47:33.0203 6140 swprv - ok 08:47:33.0227 6140 [ BF9CCC0BF39B418C8D0AE8B05CF95B7D ] SysMain C:\Windows\system32\sysmain.dll 08:47:33.0253 6140 SysMain - ok 08:47:33.0262 6140 [ E3C61FD7B7C2557E1F1B0B4CEC713585 ] TabletInputService C:\Windows\System32\TabSvc.dll 08:47:33.0264 6140 TabletInputService - ok 08:47:33.0277 6140 [ 40F0849F65D13EE87B9A9AE3C1DD6823 ] TapiSrv C:\Windows\System32\tapisrv.dll 08:47:33.0280 6140 TapiSrv - ok 08:47:33.0289 6140 [ 1BE03AC720F4D302EA01D40F588162F6 ] TBS C:\Windows\System32\tbssvc.dll 08:47:33.0291 6140 TBS - ok 08:47:33.0337 6140 [ 37608401DFDB388CAF66917F6B2D6FB0 ] Tcpip C:\Windows\system32\drivers\tcpip.sys 08:47:33.0362 6140 Tcpip - ok 08:47:33.0387 6140 [ 37608401DFDB388CAF66917F6B2D6FB0 ] TCPIP6 C:\Windows\system32\DRIVERS\tcpip.sys 08:47:33.0394 6140 TCPIP6 - ok 08:47:33.0408 6140 [ 1B16D0BD9841794A6E0CDE0CEF744ABC ] tcpipreg C:\Windows\system32\drivers\tcpipreg.sys 08:47:33.0409 6140 tcpipreg - ok 08:47:33.0420 6140 [ 3371D21011695B16333A3934340C4E7C ] TDPIPE C:\Windows\system32\drivers\tdpipe.sys 08:47:33.0421 6140 TDPIPE - ok 08:47:33.0439 6140 [ 51C5ECEB1CDEE2468A1748BE550CFBC8 ] TDTCP C:\Windows\system32\drivers\tdtcp.sys 08:47:33.0441 6140 TDTCP - ok 08:47:33.0459 6140 [ DDAD5A7AB24D8B65F8D724F5C20FD806 ] tdx C:\Windows\system32\DRIVERS\tdx.sys 08:47:33.0461 6140 tdx - ok 08:47:33.0472 6140 [ 561E7E1F06895D78DE991E01DD0FB6E5 ] TermDD C:\Windows\system32\drivers\termdd.sys 08:47:33.0472 6140 TermDD - ok 08:47:33.0490 6140 [ 2E648163254233755035B46DD7B89123 ] TermService C:\Windows\System32\termsrv.dll 08:47:33.0495 6140 TermService - ok 08:47:33.0505 6140 [ F0344071948D1A1FA732231785A0664C ] Themes C:\Windows\system32\themeservice.dll 08:47:33.0508 6140 Themes - ok 08:47:33.0519 6140 [ E40E80D0304A73E8D269F7141D77250B ] THREADORDER C:\Windows\system32\mmcss.dll 08:47:33.0520 6140 THREADORDER - ok 08:47:33.0532 6140 [ 7E7AFD841694F6AC397E99D75CEAD49D ] TrkWks C:\Windows\System32\trkwks.dll 08:47:33.0535 6140 TrkWks - ok 08:47:33.0567 6140 [ 773212B2AAA24C1E31F10246B15B276C ] TrustedInstaller C:\Windows\servicing\TrustedInstaller.exe 08:47:33.0568 6140 TrustedInstaller - ok 08:47:33.0574 6140 [ CE18B2CDFC837C99E5FAE9CA6CBA5D30 ] tssecsrv C:\Windows\system32\DRIVERS\tssecsrv.sys 08:47:33.0575 6140 tssecsrv - ok 08:47:33.0588 6140 [ D11C783E3EF9A3C52C0EBE83CC5000E9 ] TsUsbFlt C:\Windows\system32\drivers\tsusbflt.sys 08:47:33.0590 6140 TsUsbFlt - ok 08:47:33.0595 6140 [ 9CC2CCAE8A84820EAECB886D477CBCB8 ] TsUsbGD C:\Windows\system32\drivers\TsUsbGD.sys 08:47:33.0597 6140 TsUsbGD - ok 08:47:33.0616 6140 [ 3566A8DAAFA27AF944F5D705EAA64894 ] tunnel C:\Windows\system32\DRIVERS\tunnel.sys 08:47:33.0618 6140 tunnel - ok 08:47:33.0627 6140 [ B4DD609BD7E282BFC683CEC7EAAAAD67 ] uagp35 C:\Windows\system32\drivers\uagp35.sys 08:47:33.0629 6140 uagp35 - ok 08:47:33.0647 6140 [ FF4232A1A64012BAA1FD97C7B67DF593 ] udfs C:\Windows\system32\DRIVERS\udfs.sys 08:47:33.0649 6140 udfs - ok 08:47:33.0659 6140 [ 3CBDEC8D06B9968ABA702EBA076364A1 ] UI0Detect C:\Windows\system32\UI0Detect.exe 08:47:33.0662 6140 UI0Detect - ok 08:47:33.0676 6140 [ 4BFE1BC28391222894CBF1E7D0E42320 ] uliagpkx C:\Windows\system32\drivers\uliagpkx.sys 08:47:33.0678 6140 uliagpkx - ok 08:47:33.0692 6140 [ DC54A574663A895C8763AF0FA1FF7561 ] umbus C:\Windows\system32\DRIVERS\umbus.sys 08:47:33.0694 6140 umbus - ok 08:47:33.0702 6140 [ B2E8E8CB557B156DA5493BBDDCC1474D ] UmPass C:\Windows\system32\drivers\umpass.sys 08:47:33.0704 6140 UmPass - ok 08:47:33.0756 6140 [ 67A95B9D129ED5399E7965CD09CF30E7 ] UMVPFSrv C:\Program Files (x86)\Common Files\logishrd\LVMVFM\UMVPFSrv.exe 08:47:33.0759 6140 UMVPFSrv - ok 08:47:33.0837 6140 [ 6617E7CC9DC6729A11BFF54C47CEA7D0 ] UNS C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe 08:47:33.0839 6140 UNS - ok 08:47:33.0850 6140 [ D47EC6A8E81633DD18D2436B19BAF6DE ] upnphost C:\Windows\System32\upnphost.dll 08:47:33.0853 6140 upnphost - ok 08:47:33.0877 6140 [ 82E8F44688E6FAC57B5B7C6FC7ADBC2A ] usbaudio C:\Windows\system32\drivers\usbaudio.sys 08:47:33.0878 6140 usbaudio - ok 08:47:33.0886 6140 [ 6F1A3157A1C89435352CEB543CDB359C ] usbccgp C:\Windows\system32\DRIVERS\usbccgp.sys 08:47:33.0888 6140 usbccgp - ok 08:47:33.0903 6140 [ AF0892A803FDDA7492F595368E3B68E7 ] usbcir C:\Windows\system32\drivers\usbcir.sys 08:47:33.0905 6140 usbcir - ok 08:47:33.0919 6140 [ C025055FE7B87701EB042095DF1A2D7B ] usbehci C:\Windows\system32\DRIVERS\usbehci.sys 08:47:33.0920 6140 usbehci - ok 08:47:33.0932 6140 [ 287C6C9410B111B68B52CA298F7B8C24 ] usbhub C:\Windows\system32\DRIVERS\usbhub.sys 08:47:33.0934 6140 usbhub - ok 08:47:33.0946 6140 [ 9840FC418B4CBD632D3D0A667A725C31 ] usbohci C:\Windows\system32\drivers\usbohci.sys 08:47:33.0948 6140 usbohci - ok 08:47:33.0960 6140 [ 73188F58FB384E75C4063D29413CEE3D ] usbprint C:\Windows\system32\DRIVERS\usbprint.sys 08:47:33.0962 6140 usbprint - ok 08:47:33.0977 6140 [ AAA2513C8AED8B54B189FD0C6B1634C0 ] usbscan C:\Windows\system32\DRIVERS\usbscan.sys 08:47:33.0979 6140 usbscan - ok 08:47:33.0983 6140 [ FED648B01349A3C8395A5169DB5FB7D6 ] USBSTOR C:\Windows\system32\DRIVERS\USBSTOR.SYS 08:47:33.0992 6140 USBSTOR - ok 08:47:33.0999 6140 [ 62069A34518BCF9C1FD9E74B3F6DB7CD ] usbuhci C:\Windows\system32\drivers\usbuhci.sys 08:47:34.0000 6140 usbuhci - ok 08:47:34.0016 6140 [ 454800C2BC7F3927CE030141EE4F4C50 ] usbvideo C:\Windows\system32\Drivers\usbvideo.sys 08:47:34.0018 6140 usbvideo - ok 08:47:34.0031 6140 [ EDBB23CBCF2CDF727D64FF9B51A6070E ] UxSms C:\Windows\System32\uxsms.dll 08:47:34.0034 6140 UxSms - ok 08:47:34.0039 6140 [ C118A82CD78818C29AB228366EBF81C3 ] VaultSvc C:\Windows\system32\lsass.exe 08:47:34.0040 6140 VaultSvc - ok 08:47:34.0048 6140 [ C5C876CCFC083FF3B128F933823E87BD ] vdrvroot C:\Windows\system32\drivers\vdrvroot.sys 08:47:34.0049 6140 vdrvroot - ok 08:47:34.0062 6140 [ 8D6B481601D01A456E75C3210F1830BE ] vds C:\Windows\System32\vds.exe 08:47:34.0066 6140 vds - ok 08:47:34.0090 6140 [ DA4DA3F5E02943C2DC8C6ED875DE68DD ] vga C:\Windows\system32\DRIVERS\vgapnp.sys 08:47:34.0091 6140 vga - ok 08:47:34.0103 6140 [ 53E92A310193CB3C03BEA963DE7D9CFC ] VgaSave C:\Windows\System32\drivers\vga.sys 08:47:34.0104 6140 VgaSave - ok 08:47:34.0119 6140 [ 2CE2DF28C83AEAF30084E1B1EB253CBB ] vhdmp C:\Windows\system32\drivers\vhdmp.sys 08:47:34.0121 6140 vhdmp - ok 08:47:34.0135 6140 [ E5689D93FFE4E5D66C0178761240DD54 ] viaide C:\Windows\system32\drivers\viaide.sys 08:47:34.0136 6140 viaide - ok 08:47:34.0145 6140 [ D2AAFD421940F640B407AEFAAEBD91B0 ] volmgr C:\Windows\system32\drivers\volmgr.sys 08:47:34.0146 6140 volmgr - ok 08:47:34.0154 6140 [ A255814907C89BE58B79EF2F189B843B ] volmgrx C:\Windows\system32\drivers\volmgrx.sys 08:47:34.0162 6140 volmgrx - ok 08:47:34.0167 6140 [ 0D08D2F3B3FF84E433346669B5E0F639 ] volsnap C:\Windows\system32\drivers\volsnap.sys 08:47:34.0169 6140 volsnap - ok 08:47:34.0184 6140 [ 5E2016EA6EBACA03C04FEAC5F330D997 ] vsmraid C:\Windows\system32\drivers\vsmraid.sys 08:47:34.0186 6140 vsmraid - ok 08:47:34.0212 6140 [ B60BA0BC31B0CB414593E169F6F21CC2 ] VSS C:\Windows\system32\vssvc.exe 08:47:34.0229 6140 VSS - ok 08:47:34.0237 6140 [ 36D4720B72B5C5D9CB2B9C29E9DF67A1 ] vwifibus C:\Windows\system32\DRIVERS\vwifibus.sys 08:47:34.0239 6140 vwifibus - ok 08:47:34.0250 6140 [ 6A3D66263414FF0D6FA754C646612F3F ] vwififlt C:\Windows\system32\DRIVERS\vwififlt.sys 08:47:34.0252 6140 vwififlt - ok 08:47:34.0271 6140 [ 1C9D80CC3849B3788048078C26486E1A ] W32Time C:\Windows\system32\w32time.dll 08:47:34.0274 6140 W32Time - ok 08:47:34.0289 6140 [ 4E9440F4F152A7B944CB1663D3935A3E ] WacomPen C:\Windows\system32\drivers\wacompen.sys 08:47:34.0291 6140 WacomPen - ok 08:47:34.0302 6140 [ 356AFD78A6ED4457169241AC3965230C ] WANARP C:\Windows\system32\DRIVERS\wanarp.sys 08:47:34.0304 6140 WANARP - ok 08:47:34.0310 6140 [ 356AFD78A6ED4457169241AC3965230C ] Wanarpv6 C:\Windows\system32\DRIVERS\wanarp.sys 08:47:34.0311 6140 Wanarpv6 - ok 08:47:34.0359 6140 [ 3CEC96DE223E49EAAE3651FCF8FAEA6C ] WatAdminSvc C:\Windows\system32\Wat\WatAdminSvc.exe 08:47:34.0376 6140 WatAdminSvc - ok 08:47:34.0402 6140 [ 78F4E7F5C56CB9716238EB57DA4B6A75 ] wbengine C:\Windows\system32\wbengine.exe 08:47:34.0420 6140 wbengine - ok 08:47:34.0434 6140 [ 3AA101E8EDAB2DB4131333F4325C76A3 ] WbioSrvc C:\Windows\System32\wbiosrvc.dll 08:47:34.0436 6140 WbioSrvc - ok 08:47:34.0449 6140 [ 7368A2AFD46E5A4481D1DE9D14848EDD ] wcncsvc C:\Windows\System32\wcncsvc.dll 08:47:34.0452 6140 wcncsvc - ok 08:47:34.0463 6140 [ 20F7441334B18CEE52027661DF4A6129 ] WcsPlugInService C:\Windows\System32\WcsPlugInService.dll 08:47:34.0466 6140 WcsPlugInService - ok 08:47:34.0478 6140 [ 72889E16FF12BA0F235467D6091B17DC ] Wd C:\Windows\system32\drivers\wd.sys 08:47:34.0481 6140 Wd - ok 08:47:34.0505 6140 [ 442783E2CB0DA19873B7A63833FF4CB4 ] Wdf01000 C:\Windows\system32\drivers\Wdf01000.sys 08:47:34.0510 6140 Wdf01000 - ok 08:47:34.0517 6140 [ BF1FC3F79B863C914687A737C2F3D681 ] WdiServiceHost C:\Windows\system32\wdi.dll 08:47:34.0519 6140 WdiServiceHost - ok 08:47:34.0521 6140 [ BF1FC3F79B863C914687A737C2F3D681 ] WdiSystemHost C:\Windows\system32\wdi.dll 08:47:34.0523 6140 WdiSystemHost - ok 08:47:34.0534 6140 [ 3DB6D04E1C64272F8B14EB8BC4616280 ] WebClient C:\Windows\System32\webclnt.dll 08:47:34.0537 6140 WebClient - ok 08:47:34.0551 6140 [ C749025A679C5103E575E3B48E092C43 ] Wecsvc C:\Windows\system32\wecsvc.dll 08:47:34.0554 6140 Wecsvc - ok 08:47:34.0565 6140 [ 7E591867422DC788B9E5BD337A669A08 ] wercplsupport C:\Windows\System32\wercplsupport.dll 08:47:34.0567 6140 wercplsupport - ok 08:47:34.0572 6140 [ 6D137963730144698CBD10F202E9F251 ] WerSvc C:\Windows\System32\WerSvc.dll 08:47:34.0574 6140 WerSvc - ok 08:47:34.0577 6140 [ 611B23304BF067451A9FDEE01FBDD725 ] WfpLwf C:\Windows\system32\DRIVERS\wfplwf.sys 08:47:34.0577 6140 WfpLwf - ok 08:47:34.0588 6140 [ 05ECAEC3E4529A7153B3136CEB49F0EC ] WIMMount C:\Windows\system32\drivers\wimmount.sys 08:47:34.0590 6140 WIMMount - ok 08:47:34.0592 6140 WinDefend - ok 08:47:34.0594 6140 WinHttpAutoProxySvc - ok 08:47:34.0635 6140 [ 19B07E7E8915D701225DA41CB3877306 ] Winmgmt C:\Windows\system32\wbem\WMIsvc.dll 08:47:34.0636 6140 Winmgmt - ok 08:47:34.0674 6140 [ BCB1310604AA415C4508708975B3931E ] WinRM C:\Windows\system32\WsmSvc.dll 08:47:34.0700 6140 WinRM - ok 08:47:34.0732 6140 [ FE88B288356E7B47B74B13372ADD906D ] WinUsb C:\Windows\system32\DRIVERS\WinUsb.sys 08:47:34.0734 6140 WinUsb - ok 08:47:34.0748 6140 [ 4FADA86E62F18A1B2F42BA18AE24E6AA ] Wlansvc C:\Windows\System32\wlansvc.dll 08:47:34.0754 6140 Wlansvc - ok 08:47:34.0818 6140 [ 06C8FA1CF39DE6A735B54D906BA791C6 ] wlcrasvc C:\Program Files\Windows Live\Mesh\wlcrasvc.exe 08:47:34.0820 6140 wlcrasvc - ok 08:47:34.0864 6140 [ 2BACD71123F42CEA603F4E205E1AE337 ] wlidsvc C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE 08:47:34.0890 6140 wlidsvc - ok 08:47:34.0896 6140 [ F6FF8944478594D0E414D3F048F0D778 ] WmiAcpi C:\Windows\system32\drivers\wmiacpi.sys 08:47:34.0897 6140 WmiAcpi - ok 08:47:34.0909 6140 [ 38B84C94C5A8AF291ADFEA478AE54F93 ] wmiApSrv C:\Windows\system32\wbem\WmiApSrv.exe 08:47:34.0910 6140 wmiApSrv - ok 08:47:34.0923 6140 WMPNetworkSvc - ok 08:47:34.0926 6140 [ 96C6E7100D724C69FCF9E7BF590D1DCA ] WPCSvc C:\Windows\System32\wpcsvc.dll 08:47:34.0927 6140 WPCSvc - ok 08:47:34.0934 6140 [ 93221146D4EBBF314C29B23CD6CC391D ] WPDBusEnum C:\Windows\system32\wpdbusenum.dll 08:47:34.0937 6140 WPDBusEnum - ok 08:47:34.0945 6140 [ 6BCC1D7D2FD2453957C5479A32364E52 ] ws2ifsl C:\Windows\system32\drivers\ws2ifsl.sys 08:47:34.0947 6140 ws2ifsl - ok 08:47:34.0979 6140 [ E8B1FE6669397D1772D8196DF0E57A9E ] wscsvc C:\Windows\system32\wscsvc.dll 08:47:34.0982 6140 wscsvc - ok 08:47:34.0983 6140 WSearch - ok 08:47:35.0021 6140 [ D9EF901DCA379CFE914E9FA13B73B4C4 ] wuauserv C:\Windows\system32\wuaueng.dll 08:47:35.0047 6140 wuauserv - ok 08:47:35.0077 6140 [ AB886378EEB55C6C75B4F2D14B6C869F ] WudfPf C:\Windows\system32\drivers\WudfPf.sys 08:47:35.0078 6140 WudfPf - ok 08:47:35.0082 6140 [ DDA4CAF29D8C0A297F886BFE561E6659 ] WUDFRd C:\Windows\system32\DRIVERS\WUDFRd.sys 08:47:35.0084 6140 WUDFRd - ok 08:47:35.0094 6140 [ B20F051B03A966392364C83F009F7D17 ] wudfsvc C:\Windows\System32\WUDFSvc.dll 08:47:35.0097 6140 wudfsvc - ok 08:47:35.0117 6140 [ 9A3452B3C2A46C073166C5CF49FAD1AE ] WwanSvc C:\Windows\System32\wwansvc.dll 08:47:35.0120 6140 WwanSvc - ok 08:47:35.0137 6140 ================ Scan global =============================== 08:47:35.0148 6140 [ BA0CD8C393E8C9F83354106093832C7B ] C:\Windows\system32\basesrv.dll 08:47:35.0169 6140 [ F46BBAAC1C4980F4D0DD463F190A42D3 ] C:\Windows\system32\winsrv.dll 08:47:35.0174 6140 [ F46BBAAC1C4980F4D0DD463F190A42D3 ] C:\Windows\system32\winsrv.dll 08:47:35.0182 6140 [ D6160F9D869BA3AF0B787F971DB56368 ] C:\Windows\system32\sxssrv.dll 08:47:35.0207 6140 [ 24ACB7E5BE595468E3B9AA488B9B4FCB ] C:\Windows\system32\services.exe 08:47:35.0210 6140 [Global] - ok 08:47:35.0211 6140 ================ Scan MBR ================================== 08:47:35.0217 6140 [ A36C5E4F47E84449FF07ED3517B43A31 ] \Device\Harddisk0\DR0 08:47:35.0339 6140 \Device\Harddisk0\DR0 - ok 08:47:35.0339 6140 ================ Scan VBR ================================== 08:47:35.0341 6140 [ D2FE34C7B3FB24C5DECB5B5FE33F131F ] \Device\Harddisk0\DR0\Partition1 08:47:35.0343 6140 \Device\Harddisk0\DR0\Partition1 - ok 08:47:35.0357 6140 [ 4B21FCD3B35766222165ABD1B518D02F ] \Device\Harddisk0\DR0\Partition2 08:47:35.0359 6140 \Device\Harddisk0\DR0\Partition2 - ok 08:47:35.0359 6140 ============================================================ 08:47:35.0359 6140 Scan finished 08:47:35.0359 6140 ============================================================ 08:47:35.0365 4320 Detected object count: 0 08:47:35.0365 4320 Actual detected object count: 0 ESET C:\NewsRoverFiles\Valid [Checker]4PP by ZzUk v1.2.exe a variant of Win32/Injector.JEL trojan cleaned by deleting - quarantined C:\Users\Stephen\Downloads\jZipSetup.exe Win32/Toolbar.SearchSuite application cleaned by deleting - quarantined C:\Users\Stephen\Downloads\Future\iLividSetup.exe Win32/Toolbar.SearchSuite application cleaned by deleting - quarantined C:\Users\Stephen\Downloads\Future\Mega SEO Pack by (Santino).zip Win32/HackTool.Patcher.A application deleted - quarantined C:\Users\Stephen\Downloads\JEH\compile\skype.exe Win32/Spy.Autoit.M trojan cleaned by deleting - quarantined Operating memory Win32/Ainslot.AA worm # AdwCleaner v2.011 - Logfile created 12/03/2012 at 14:15:35 # Updated 02/12/2012 by Xplode # Operating system : Windows 7 Home Premium Service Pack 1 (64 bits) # User : Stephen - GATEWAYWORK # Boot Mode : Normal # Running from : C:\Users\Stephen\Downloads\Malware\ADWcleaner\adwcleaner.exe # Option [search] ***** [services] ***** ***** [Files / Folders] ***** File Found : C:\Users\Public\Desktop\Get The Best Facebook Chat Messenger.lnk File Found : C:\Users\Stephen\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\iLivid.lnk File Found : C:\Users\Stephen\Desktop\iLivid.lnk Folder Found : C:\Users\Stephen\AppData\Local\Ilivid ***** [Registry] ***** Key Found : HKCU\Software\ilivid Key Found : HKLM\Software\Freeze.com Key Found : HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\ilivid ***** [internet Browsers] ***** -\\ Internet Explorer v9.0.8112.16455 [OK] Registry is clean. -\\ Mozilla Firefox v17.0 (en-US) Profile name : default File : C:\Users\Stephen\AppData\Roaming\Mozilla\Firefox\Profiles\t9nc1ggn.default\prefs.js [OK] File is clean. -\\ Google Chrome v23.0.1271.95 File : C:\Users\Stephen\AppData\Local\Google\Chrome\User Data\Default\Preferences [OK] File is clean. -\\ Chromium v check_default_browser: true File : C:\Users\Stephen\AppData\Local\Chromium\User Data\Default\Preferences [OK] File is clean. -\\ Opera v12.11.1661.0 File : C:\Users\Stephen\AppData\Roaming\Opera\Opera\operaprefs.ini [OK] File is clean. ************************* AdwCleaner[R1].txt - [1578 octets] - [03/12/2012 14:15:35] ########## EOF - C:\AdwCleaner[R1].txt - [1638 octets] ########## Results of screen317's Security Check version 0.99.56 Windows 7 Service Pack 1 x64 (UAC is enabled) Internet Explorer 9 ``````````````Antivirus/Firewall Check:`````````````` Windows Firewall Disabled! GFI Software VIPRE Antivirus up to date! `````````Anti-malware/Other Utilities Check:````````` Spybot - Search & Destroy Malwarebytes Anti-Malware version 1.65.1.1000 Java 7 Update 9 Adobe Flash Player 11.5.502.110 Adobe Reader 10.1.4 Adobe Reader out of Date! Mozilla Firefox (17.0) Google Chrome 21.0.1180.89 Google Chrome 22.0.1229.79 Google Chrome 22.0.1229.92 Google Chrome 22.0.1229.94 Google Chrome 23.0.1271.64 Google Chrome 23.0.1271.91 Google Chrome 23.0.1271.95 Google Chrome plugins... ````````Process Check: objlist.exe by Laurent```````` Malwarebytes Anti-Malware mbamservice.exe Malwarebytes Anti-Malware mbamgui.exe ESET ESET Online Scanner OnlineCmdLineScanner.exe Malwarebytes' Anti-Malware mbamscheduler.exe Stephen Downloads Malware ADWcleaner\adwcleaner.exe Stephen Downloads Malware Security Chk\SecurityCheck.exe `````````````````System Health check````````````````` Total Fragmentation on Drive C: 2% ````````````````````End of Log``````````````````````
  3. Malwarebytes Anti-Malware (PRO) 1.65.1.1000 www.malwarebytes.org Database version: v2012.11.28.10 Windows 7 Service Pack 1 x64 NTFS Internet Explorer 9.0.8112.16421 Stephen :: GATEWAYWORK [administrator] Protection: Enabled 11/29/2012 9:42:25 AM mbam-log-2012-11-29 (09-42-25).txt Scan type: Quick scan Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM | P2P Scan options disabled: Objects scanned: 213014 Time elapsed: 1 minute(s), 55 second(s) Memory Processes Detected: 0 (No malicious items detected) Memory Modules Detected: 0 (No malicious items detected) Registry Keys Detected: 1 HKCU\Software\VB and VBA Program Settings\SrvID (Malware.Trace) -> Quarantined and deleted successfully. Registry Values Detected: 0 (No malicious items detected) Registry Data Items Detected: 0 (No malicious items detected) Folders Detected: 0 (No malicious items detected) Files Detected: 0 (No malicious items detected) (end) ComboFix 12-11-29.02 - Stephen 11/29/2012 9:50.3.4 - x64 Microsoft Windows 7 Home Premium 6.1.7601.1.1252.1.1033.18.8071.5552 [GMT -5:00] Running from: c:\users\Stephen\Desktop\ComboFix.exe AV: GFI Software VIPRE *Disabled/Updated* {E0D97DD4-42BA-B3F2-A5A7-22E9ACE81FC7} FW: GFI Software VIPRE *Enabled* {D8E2FCF1-08D5-B2AA-8EF8-8BDC523B58BC} SP: GFI Software VIPRE *Disabled/Updated* {5BB89C30-6480-BC7C-9F17-199BD76F557A} SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46} . . ((((((((((((((((((((((((((((((((((((((( Other Deletions ))))))))))))))))))))))))))))))))))))))))))))))))) . . c:\users\Stephen\AppData\Local\Temp\_MEI57482\_ctypes.pyd c:\users\Stephen\AppData\Local\Temp\_MEI57482\_elementtree.pyd c:\users\Stephen\AppData\Local\Temp\_MEI57482\_hashlib.pyd c:\users\Stephen\AppData\Local\Temp\_MEI57482\_socket.pyd c:\users\Stephen\AppData\Local\Temp\_MEI57482\_ssl.pyd c:\users\Stephen\AppData\Local\Temp\_MEI57482\pyexpat.pyd c:\users\Stephen\AppData\Local\Temp\_MEI57482\pysqlite2._sqlite.pyd c:\users\Stephen\AppData\Local\Temp\_MEI57482\python26.dll c:\users\Stephen\AppData\Local\Temp\_MEI57482\pythoncom26.dll c:\users\Stephen\AppData\Local\Temp\_MEI57482\PyWinTypes26.dll c:\users\Stephen\AppData\Local\Temp\_MEI57482\select.pyd c:\users\Stephen\AppData\Local\Temp\_MEI57482\unicodedata.pyd c:\users\Stephen\AppData\Local\Temp\_MEI57482\win32api.pyd c:\users\Stephen\AppData\Local\Temp\_MEI57482\win32com.shell.shell.pyd c:\users\Stephen\AppData\Local\Temp\_MEI57482\win32crypt.pyd c:\users\Stephen\AppData\Local\Temp\_MEI57482\win32event.pyd c:\users\Stephen\AppData\Local\Temp\_MEI57482\win32file.pyd c:\users\Stephen\AppData\Local\Temp\_MEI57482\win32inet.pyd c:\users\Stephen\AppData\Local\Temp\_MEI57482\win32pdh.pyd c:\users\Stephen\AppData\Local\Temp\_MEI57482\win32process.pyd c:\users\Stephen\AppData\Local\Temp\_MEI57482\win32profile.pyd c:\users\Stephen\AppData\Local\Temp\_MEI57482\win32security.pyd c:\users\Stephen\AppData\Local\Temp\_MEI57482\win32ts.pyd c:\users\Stephen\AppData\Local\Temp\_MEI57482\windows._cacheinvalidation.pyd c:\users\Stephen\AppData\Local\Temp\_MEI57482\wx._controls_.pyd c:\users\Stephen\AppData\Local\Temp\_MEI57482\wx._core_.pyd c:\users\Stephen\AppData\Local\Temp\_MEI57482\wx._gdi_.pyd c:\users\Stephen\AppData\Local\Temp\_MEI57482\wx._html2.pyd c:\users\Stephen\AppData\Local\Temp\_MEI57482\wx._misc_.pyd c:\users\Stephen\AppData\Local\Temp\_MEI57482\wx._windows_.pyd c:\users\Stephen\AppData\Local\Temp\_MEI57482\wx._wizard.pyd c:\users\Stephen\AppData\Local\Temp\_MEI57482\wxbase293u_net_vc.dll c:\users\Stephen\AppData\Local\Temp\_MEI57482\wxbase293u_vc.dll c:\users\Stephen\AppData\Local\Temp\_MEI57482\wxmsw293u_adv_vc.dll c:\users\Stephen\AppData\Local\Temp\_MEI57482\wxmsw293u_core_vc.dll c:\users\Stephen\AppData\Local\Temp\_MEI57482\wxmsw293u_html_vc.dll c:\users\Stephen\AppData\Local\Temp\_MEI57482\wxmsw293u_webview_vc.dll c:\users\Stephen\AppData\Local\Temp\tmp2uknxo\googledrivesync.exe . . ((((((((((((((((((((((((( Files Created from 2012-10-28 to 2012-11-29 ))))))))))))))))))))))))))))))) . . 2012-11-29 14:53 . 2012-11-29 14:53 -------- d-----w- c:\users\Default\AppData\Local\temp 2012-11-26 12:22 . 2012-11-26 12:22 -------- d-----w- c:\users\Stephen\AppData\Local\TechSmith 2012-11-26 12:22 . 2012-11-26 12:22 -------- d-----w- c:\users\Stephen\AppData\Roaming\TechSmith 2012-11-26 12:20 . 2012-11-26 12:20 -------- d-----w- c:\program files (x86)\QuickTime 2012-11-26 12:20 . 2012-11-26 12:20 -------- d-----w- c:\program files (x86)\Common Files\TechSmith Shared 2012-11-26 12:20 . 2012-11-26 12:20 -------- d-----w- c:\programdata\TechSmith 2012-11-26 12:20 . 2012-11-26 12:20 -------- d-----w- c:\program files (x86)\TechSmith 2012-11-26 04:59 . 2012-11-26 04:59 -------- d-----w- c:\users\Stephen\AppData\Local\Torch 2012-11-26 04:56 . 2012-11-26 04:59 -------- d-----w- c:\users\Stephen\AppData\Local\iLivid 2012-11-23 16:02 . 2012-11-19 19:32 262112 ----a-w- c:\program files (x86)\Mozilla Firefox\components\browsercomps.dll 2012-11-16 15:14 . 2012-07-26 04:55 785512 ----a-w- c:\windows\system32\drivers\Wdf01000.sys 2012-11-16 15:14 . 2012-07-26 04:47 2560 ----a-w- c:\windows\system32\drivers\en-US\wdf01000.sys.mui 2012-11-16 15:14 . 2012-07-26 04:55 54376 ----a-w- c:\windows\system32\drivers\WdfLdr.sys 2012-11-16 15:14 . 2012-07-26 02:36 9728 ----a-w- c:\windows\system32\Wdfres.dll 2012-11-16 15:10 . 2012-07-26 03:08 229888 ----a-w- c:\windows\system32\WUDFHost.exe 2012-11-16 15:10 . 2012-07-26 03:08 84992 ----a-w- c:\windows\system32\WUDFSvc.dll 2012-11-16 15:10 . 2012-07-26 03:08 744448 ----a-w- c:\windows\system32\WUDFx.dll 2012-11-16 15:10 . 2012-07-26 03:08 45056 ----a-w- c:\windows\system32\WUDFCoinstaller.dll 2012-11-16 15:10 . 2012-07-26 03:08 194048 ----a-w- c:\windows\system32\WUDFPlatform.dll 2012-11-16 15:10 . 2012-07-26 02:26 87040 ----a-w- c:\windows\system32\drivers\WUDFPf.sys 2012-11-16 15:10 . 2012-07-26 02:26 198656 ----a-w- c:\windows\system32\drivers\WUDFRd.sys 2012-11-12 23:49 . 2005-03-11 18:07 87040 ----a-w- c:\windows\system32\redmonnt.dll 2012-11-12 23:49 . 2005-03-11 18:07 46080 ----a-w- c:\windows\system32\unredmon.exe 2012-11-12 23:49 . 2012-11-12 23:49 -------- d-----w- c:\program files (x86)\PDFlite 2012-11-12 23:39 . 2012-09-06 12:41 148480 ----a-w- c:\windows\VPDAgent_x64.exe 2012-11-12 23:39 . 2012-11-12 23:39 -------- d-----w- c:\program files\Send To Neat 2012-11-12 23:39 . 2012-09-06 12:41 54784 ----a-w- c:\windows\system32\sdtnpm.dll 2012-11-12 14:56 . 2012-11-12 16:27 -------- d-----w- c:\programdata\Spybot - Search & Destroy 2012-11-12 14:56 . 2012-11-12 14:56 -------- d-----w- c:\program files (x86)\Spybot - Search & Destroy 2012-11-12 14:49 . 2012-11-12 14:50 -------- d-----w- c:\users\Stephen\AppData\Local\jZip 2012-11-12 14:49 . 2012-11-12 14:49 -------- d-----w- c:\program files (x86)\jZip 2012-11-09 16:32 . 2012-11-20 13:36 -------- d-----w- c:\users\Stephen\AppData\Local\join.me 2012-11-09 11:44 . 2012-11-09 11:44 -------- d-----w- c:\users\Default\AppData\Local\WinZip 2012-11-09 11:43 . 2012-11-09 11:43 -------- d-----w- c:\program files (x86)\Common Files\Skype 2012-11-08 09:00 . 2012-10-24 14:32 35456 ----a-w- c:\windows\system32\drivers\gfiark.sys 2012-11-02 21:22 . 2012-11-02 21:22 289768 ----a-w- c:\windows\system32\javaws.exe 2012-11-02 21:22 . 2012-11-02 21:22 189416 ----a-w- c:\windows\system32\javaw.exe 2012-11-02 21:22 . 2012-11-02 21:22 188904 ----a-w- c:\windows\system32\java.exe 2012-11-02 21:22 . 2012-11-02 21:22 108008 ----a-w- c:\windows\system32\WindowsAccessBridge-64.dll 2012-11-02 21:21 . 2012-11-02 21:21 95208 ----a-w- c:\windows\SysWow64\WindowsAccessBridge-32.dll 2012-11-02 21:21 . 2012-11-02 21:21 -------- d-----w- c:\program files (x86)\Java 2012-11-01 13:22 . 2012-11-02 12:02 -------- d-----w- c:\users\Stephen\AppData\Roaming\SQLUpdate 2012-11-01 13:21 . 2012-11-01 13:22 -------- d-----w- c:\users\Stephen\AppData\Roaming\SQLDriver . . . (((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2012-11-29 14:34 . 2012-09-24 14:43 18960 ----a-w- c:\windows\system32\drivers\LNonPnP.sys 2012-11-18 17:22 . 2012-09-11 23:11 66395536 ----a-w- c:\windows\system32\MRT.exe 2012-11-09 11:42 . 2012-04-06 04:10 73656 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl 2012-11-09 11:42 . 2012-04-06 04:10 697272 ----a-w- c:\windows\SysWow64\FlashPlayerApp.exe 2012-11-02 21:22 . 2012-09-15 22:29 916456 ----a-w- c:\windows\system32\deployJava1.dll 2012-11-02 21:22 . 2012-09-15 22:29 1034216 ----a-w- c:\windows\system32\npDeployJava1.dll 2012-11-02 21:21 . 2012-09-11 15:57 821736 ----a-w- c:\windows\SysWow64\npDeployJava1.dll 2012-11-02 21:21 . 2012-09-11 15:57 746984 ----a-w- c:\windows\SysWow64\deployJava1.dll 2012-10-16 08:38 . 2012-11-27 21:15 135168 ----a-w- c:\windows\apppatch\AppPatch64\AcXtrnal.dll 2012-10-16 08:38 . 2012-11-27 21:15 350208 ----a-w- c:\windows\apppatch\AppPatch64\AcLayers.dll 2012-10-16 07:39 . 2012-11-27 21:15 561664 ----a-w- c:\windows\apppatch\AcLayers.dll 2012-10-15 22:36 . 2012-10-15 22:36 756280 ----a-r- c:\users\Stephen\AppData\Roaming\Microsoft\Installer\{F587CC88-D29F-40DA-9268-EEE18D2AF426}\TweetDeck.exe 2012-09-29 23:54 . 2012-09-15 16:28 25928 ----a-w- c:\windows\system32\drivers\mbam.sys 2012-09-26 20:55 . 2012-09-26 20:58 337608 ----a-w- c:\windows\system32\PROUnstl.exe 2012-09-26 20:55 . 2012-09-26 20:55 316064 ----a-w- c:\windows\system32\PRONtObj.dll 2012-09-26 20:55 . 2012-09-26 20:55 162152 ----a-w- c:\windows\system32\drivers\iANSW60e.sys 2012-09-24 14:43 . 2012-09-24 14:43 53248 ----a-r- c:\users\Stephen\AppData\Roaming\Microsoft\Installer\{3EE9BCAE-E9A9-45E5-9B1C-83A4D357E05C}\ARPPRODUCTICON.exe 2012-09-20 09:40 . 2012-10-02 16:04 47496 ----a-w- c:\windows\system32\sbbd.exe 2012-09-20 09:40 . 2012-09-20 09:40 47496 ----a-w- c:\windows\SysWow64\sbbd.exe 2012-09-20 09:11 . 2012-09-20 09:11 86816 ----a-w- c:\windows\system32\drivers\sbwtis.sys 2012-09-20 09:11 . 2012-09-11 22:51 61216 ----a-w- c:\windows\system32\drivers\sbhips.sys 2012-09-20 09:11 . 2012-09-11 22:51 258848 ----a-w- c:\windows\system32\drivers\SbFw.sys 2012-09-19 04:58 . 2012-10-02 16:05 9308616 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{D541B750-C81D-4652-BCC1-8CCFF623749A}\mpengine.dll 2012-09-18 21:55 . 2012-09-18 21:55 110602 ----a-w- c:\windows\News Rover Uninstaller.exe 2012-09-14 19:19 . 2012-10-09 22:03 2048 ----a-w- c:\windows\system32\tzres.dll 2012-09-14 18:28 . 2012-10-09 22:03 2048 ----a-w- c:\windows\SysWow64\tzres.dll 2012-09-13 00:19 . 2012-09-13 00:19 634560 ----a-w- c:\windows\SysWow64\XceedZip.dll 2012-09-13 00:19 . 2012-09-13 00:19 82872 ----a-w- c:\windows\system32\drivers\sbapifs.sys 2012-09-13 00:19 . 2012-09-11 22:51 120064 ----a-w- c:\windows\system32\drivers\SbFwIm.sys 2012-09-10 23:42 . 2012-09-10 23:42 499712 ----a-w- c:\windows\SysWow64\msvcp71.dll 2012-09-10 23:42 . 2012-09-10 23:42 348160 ----a-w- c:\windows\SysWow64\msvcr71.dll 2012-09-10 23:42 . 2012-09-10 23:42 29480 ----a-w- c:\windows\SysWow64\msxml3a.dll 2012-09-10 21:46 . 2011-03-29 01:36 19720 ----a-w- c:\programdata\Microsoft\IdentityCRL\production\ppcrlconfig600.dll 2012-08-31 18:19 . 2012-10-09 22:04 1659760 ----a-w- c:\windows\system32\drivers\ntfs.sys . . ((((((((((((((((((((((((((((((((((((( Reg Loading Points )))))))))))))))))))))))))))))))))))))))))))))))))) . . *Note* empty entries & legit default entries are not shown REGEDIT4 . [HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\01InsyncSynced] @="{79168b3f-9ed7-4209-a2ef-835c56a4c0dc}" [HKEY_CLASSES_ROOT\CLSID\{79168b3f-9ed7-4209-a2ef-835c56a4c0dc}] 2012-11-15 04:38 156592 ----a-w- c:\users\Stephen\AppData\Roaming\Insync\App\InsyncShellExtensions.dll . [HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\02InsyncSyncing] @="{8896d747-f2a9-4527-928d-df152fdf73d7}" [HKEY_CLASSES_ROOT\CLSID\{8896d747-f2a9-4527-928d-df152fdf73d7}] 2012-11-15 04:38 156592 ----a-w- c:\users\Stephen\AppData\Roaming\Insync\App\InsyncShellExtensions.dll . [HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\03InsyncError] @="{06E10739-B8D0-41A4-B4A1-A9A4220003B2}" [HKEY_CLASSES_ROOT\CLSID\{06E10739-B8D0-41A4-B4A1-A9A4220003B2}] 2012-11-15 04:38 156592 ----a-w- c:\users\Stephen\AppData\Roaming\Insync\App\InsyncShellExtensions.dll . [HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\04InsyncErrorFolder] @="{e002350f-7ada-4b24-9f42-09ed31681949}" [HKEY_CLASSES_ROOT\CLSID\{e002350f-7ada-4b24-9f42-09ed31681949}] 2012-11-15 04:38 156592 ----a-w- c:\users\Stephen\AppData\Roaming\Insync\App\InsyncShellExtensions.dll . [HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt1] @="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}" [HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}] 2012-11-13 23:32 129272 ----a-w- c:\users\Stephen\AppData\Roaming\Dropbox\bin\DropboxExt.17.dll . [HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt2] @="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}" [HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}] 2012-11-13 23:32 129272 ----a-w- c:\users\Stephen\AppData\Roaming\Dropbox\bin\DropboxExt.17.dll . [HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt3] @="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}" [HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}] 2012-11-13 23:32 129272 ----a-w- c:\users\Stephen\AppData\Roaming\Dropbox\bin\DropboxExt.17.dll . [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "GoogleDriveSync"="c:\program files (x86)\Google\Drive\googledrivesync.exe" [2012-11-08 16070136] "57AD0B2C9906DFDBF54DD87E02C3DCFDD7598BCD._service_run"="c:\users\Stephen\AppData\Local\Google\Chrome\Application\chrome.exe" [2012-11-14 1242728] "SQLDriver"="c:\users\Stephen\AppData\Roaming\SQLDriver\SQLDriver.exe" [2012-10-18 72351744] "MusicManager"="c:\users\Stephen\AppData\Local\Programs\Google\MusicManager\MusicManager.exe" [2012-10-22 7356928] "SpybotSD TeaTimer"="c:\program files (x86)\Spybot - Search & Destroy\TeaTimer.exe" [2009-01-26 2144088] . [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run] "USB3MON"="c:\program files (x86)\Intel\Intel® USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe" [2011-12-04 291096] "SBAMTray"="c:\program files (x86)\GFI Software\VIPRE\SBAMTray.exe" [2012-09-20 3149704] . c:\users\Stephen\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\ Dropbox.lnk - c:\users\Stephen\AppData\Roaming\Dropbox\bin\Dropbox.exe [2012-11-21 28791288] EvernoteClipper.lnk - c:\program files (x86)\Evernote\Evernote\EvernoteClipper.exe [2012-10-26 1017184] Insync.lnk - c:\users\Stephen\AppData\Roaming\Insync\App\Insync.exe [2012-11-16 56240] . c:\users\Default User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\ Best Buy pc app.lnk - c:\programdata\Best Buy pc app\ClickOnceSetup.exe [2011-9-22 16032] . [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system] "ConsentPromptBehaviorAdmin"= 5 (0x5) "ConsentPromptBehaviorUser"= 3 (0x3) "EnableUIADesktopToggle"= 0 (0x0) "EnableLinkedConnections"= 1 (0x1) . [HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\drivers32] "aux4"=wdmaud.drv . [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\SBAMSvc] @="Service" . [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\SBPIMSvc] @="Service" . R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576] R2 IAStorDataMgrSvc;Intel® Rapid Storage Technology;c:\program files (x86)\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe [2011-11-30 13592] R2 LMIInfo;LogMeIn Kernel Information Provider;c:\program files (x86)\LogMeIn\x64\RaInfo.sys [x] R2 NAUpdate;Nero Update;c:\program files (x86)\Nero\Update\NASvc.exe [2011-03-29 598312] R2 SBAMSvc;VIPRE Internet Security;c:\program files (x86)\GFI Software\VIPRE\SBAMSvc.exe [2012-09-20 3677000] R2 UNS;Intel® Management and Security Application User Notification Service;c:\program files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe [2012-02-08 363800] R3 BBSvc;Bing Bar Update Service;c:\program files (x86)\Microsoft\BingBar\BBSvc.EXE [2011-06-07 191752] R3 gfiark;gfiark;c:\windows\system32\drivers\gfiark.sys [2012-10-24 35456] R3 netr28x;Ralink 802.11n Extensible Wireless Driver;c:\windows\system32\DRIVERS\netr28x.sys [2011-04-19 1488448] R3 pneteth;PdaNet Broadband;c:\windows\system32\DRIVERS\pneteth.sys [2011-11-25 15360] R3 SBFWIMCL;GFI Software Firewall NDIS IM Filter Service;c:\windows\system32\DRIVERS\sbfwim.sys [2012-09-13 120064] R3 SbHips;SbHips;c:\windows\system32\drivers\sbhips.sys [2012-09-20 61216] R3 sbwtis;sbwtis;c:\windows\system32\DRIVERS\sbwtis.sys [2012-09-20 86816] R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [2010-11-21 59392] R3 TsUsbGD;Remote Desktop Generic USB Device;c:\windows\system32\drivers\TsUsbGD.sys [2010-11-21 31232] R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe [2012-09-11 1255736] R4 wlcrasvc;Windows Live Mesh remote connections service;c:\program files\Windows Live\Mesh\wlcrasvc.exe [2010-09-23 57184] S0 iusb3hcs;Intel® USB 3.0 Host Controller Switch Driver;c:\windows\system32\DRIVERS\iusb3hcs.sys [2011-12-04 16152] S1 SbFw;SbFw;c:\windows\system32\drivers\SbFw.sys [2012-09-20 258848] S2 Agent;VPDAgent;c:\windows\VPDAgent_x64.exe [2012-09-06 148480] S2 BBUpdate;BBUpdate;c:\program files (x86)\Microsoft\BingBar\SeaPort.EXE [2011-05-12 249648] S2 cvhsvc;Client Virtualization Handler;c:\program files (x86)\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE [2012-01-04 822624] S2 gfi_lanss10_attservice;GFI LanGuard 10 Attendant Service;c:\program files (x86)\GFI Software\VIPRE\LanGuard 10 Agent\lnssatt.exe [2012-09-13 115568] S2 GREGService;GREGService;c:\program files (x86)\Gateway\Registration\GREGsvc.exe [2012-02-29 28264] S2 Intel® Capability Licensing Service Interface;Intel® Capability Licensing Service Interface;c:\program files\Intel\iCLS Client\HeciServer.exe [2012-02-03 628448] S2 Intel® PROSet Monitoring Service;Intel® PROSet Monitoring Service;c:\windows\system32\IProsetMonitor.exe [2011-11-09 189608] S2 iPodDrv;iPodDrv;c:\windows\system32\drivers\iPodDrv.sys [2011-07-27 14952] S2 jhi_service;Intel® Dynamic Application Loader Host Interface Service;c:\program files (x86)\Intel\Intel® Management Engine Components\DAL\jhi_service.exe [2012-02-08 161560] S2 Live Updater Service;Live Updater Service;c:\program files\Gateway\Gateway Updater\UpdaterService.exe [2012-02-07 255376] S2 MBAMScheduler;MBAMScheduler;c:\program files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe [2012-09-29 399432] S2 MBAMService;MBAMService;c:\program files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [2012-09-29 676936] S2 sbapifs;sbapifs;c:\windows\system32\DRIVERS\sbapifs.sys [2012-09-13 82872] S2 SBPIMSvc;SB Recovery Service;c:\program files (x86)\GFI Software\VIPRE\SBPIMSvc.exe [2012-09-20 175496] S2 sftlist;Application Virtualization Client;c:\program files (x86)\Microsoft Application Virtualization Client\sftlist.exe [2011-10-01 508776] S2 Skype C2C Service;Skype C2C Service;c:\programdata\Skype\Toolbars\Skype C2C Service\c2c_service.exe [2012-10-02 3064000] S2 SkypeUpdate;Skype Updater;c:\program files (x86)\Skype\Updater\Updater.exe [2012-10-19 160944] S2 UMVPFSrv;UMVPFSrv;c:\program files (x86)\Common Files\logishrd\LVMVFM\UMVPFSrv.exe [2012-01-18 450848] S3 dg_ssudbus;SAMSUNG Mobile USB Composite Device Driver (DEVGURU Ver.);c:\windows\system32\DRIVERS\ssudbus.sys [2012-07-30 102240] S3 IntcDAud;Intel® Display Audio;c:\windows\system32\DRIVERS\IntcDAud.sys [2011-12-05 331264] S3 iusb3hub;Intel® USB 3.0 Hub Driver;c:\windows\system32\DRIVERS\iusb3hub.sys [2011-12-04 355096] S3 iusb3xhc;Intel® USB 3.0 eXtensible Host Controller Driver;c:\windows\system32\DRIVERS\iusb3xhc.sys [2011-12-04 785688] S3 LVRS64;Logitech RightSound Filter Driver;c:\windows\system32\DRIVERS\lvrs64.sys [2012-01-18 351136] S3 LVUVC64;Logitech HD Webcam C310(UVC);c:\windows\system32\DRIVERS\lvuvc64.sys [2012-01-18 4865568] S3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [2012-09-29 25928] S3 SBFWIMCLMP;GFI Software Firewall NDIS IM Filter Miniport;c:\windows\system32\DRIVERS\SBFWIM.sys [2012-09-13 120064] S3 Sftfs;Sftfs;c:\windows\system32\DRIVERS\Sftfslh.sys [2011-10-01 764264] S3 Sftplay;Sftplay;c:\windows\system32\DRIVERS\Sftplaylh.sys [2011-10-01 268648] S3 Sftredir;Sftredir;c:\windows\system32\DRIVERS\Sftredirlh.sys [2011-10-01 25960] S3 Sftvol;Sftvol;c:\windows\system32\DRIVERS\Sftvollh.sys [2011-10-01 22376] S3 sftvsa;Application Virtualization Service Agent;c:\program files (x86)\Microsoft Application Virtualization Client\sftvsa.exe [2011-10-01 219496] S3 ssudmdm;SAMSUNG Mobile USB Modem Drivers (DEVGURU Ver.);c:\windows\system32\DRIVERS\ssudmdm.sys [2012-07-30 203104] . [HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\active setup\installed components\Neat ADF Scanner 2008] reg copy HKLM\Software\Wow6432Node\The Neat Company\Neat ADF Scanner 2008 HKCU\Software\The Neat Company\Neat ADF Scanner 2008 [bU] . Contents of the 'Scheduled Tasks' folder . 2012-11-29 c:\windows\Tasks\Adobe Flash Player Updater.job - c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-04-06 11:42] . 2012-11-29 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job - c:\program files (x86)\Google\Update\GoogleUpdate.exe [2012-09-11 13:15] . 2012-11-29 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job - c:\program files (x86)\Google\Update\GoogleUpdate.exe [2012-09-11 13:15] . 2012-11-28 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3359720339-4014307445-4140227809-1001Core.job - c:\users\Stephen\AppData\Local\Google\Update\GoogleUpdate.exe [2012-09-11 13:15] . 2012-11-29 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3359720339-4014307445-4140227809-1001UA.job - c:\users\Stephen\AppData\Local\Google\Update\GoogleUpdate.exe [2012-09-11 13:15] . . --------- X64 Entries ----------- . . [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\01InsyncSynced64] @="{E14A1BB6-3439-4096-808B-ACFFDBB3D313}" [HKEY_CLASSES_ROOT\CLSID\{E14A1BB6-3439-4096-808B-ACFFDBB3D313}] 2012-11-15 04:38 176560 ----a-w- c:\users\Stephen\AppData\Roaming\Insync\App\InsyncShellExtensions64.dll . [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\02InsyncSyncing64] @="{5141519A-C349-4FF8-90F6-16ADE4CDC8A2}" [HKEY_CLASSES_ROOT\CLSID\{5141519A-C349-4FF8-90F6-16ADE4CDC8A2}] 2012-11-15 04:38 176560 ----a-w- c:\users\Stephen\AppData\Roaming\Insync\App\InsyncShellExtensions64.dll . [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\03InsyncError64] @="{E82E3537-C355-484B-9825-01389BA1CD25}" [HKEY_CLASSES_ROOT\CLSID\{E82E3537-C355-484B-9825-01389BA1CD25}] 2012-11-15 04:38 176560 ----a-w- c:\users\Stephen\AppData\Roaming\Insync\App\InsyncShellExtensions64.dll . [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\04InsyncErrorFolder64] @="{722710aa-a7cd-4094-9abb-4bb18b936838}" [HKEY_CLASSES_ROOT\CLSID\{722710aa-a7cd-4094-9abb-4bb18b936838}] 2012-11-15 04:38 176560 ----a-w- c:\users\Stephen\AppData\Roaming\Insync\App\InsyncShellExtensions64.dll . [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt1] @="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}" [HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}] 2012-11-13 23:32 162552 ----a-w- c:\users\Stephen\AppData\Roaming\Dropbox\bin\DropboxExt64.17.dll . [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt2] @="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}" [HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}] 2012-11-13 23:32 162552 ----a-w- c:\users\Stephen\AppData\Roaming\Dropbox\bin\DropboxExt64.17.dll . [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt3] @="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}" [HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}] 2012-11-13 23:32 162552 ----a-w- c:\users\Stephen\AppData\Roaming\Dropbox\bin\DropboxExt64.17.dll . [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt4] @="{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}" [HKEY_CLASSES_ROOT\CLSID\{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}] 2012-11-13 23:32 162552 ----a-w- c:\users\Stephen\AppData\Roaming\Dropbox\bin\DropboxExt64.17.dll . [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\GDriveBlacklistedOverlay] @="{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D42}" [HKEY_CLASSES_ROOT\CLSID\{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D42}] 2012-11-08 21:58 755224 ----a-w- c:\program files (x86)\Google\Drive\googledrivesync64.dll . [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\GDriveSharedOverlay] @="{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D43}" [HKEY_CLASSES_ROOT\CLSID\{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D43}] 2012-11-08 21:58 755224 ----a-w- c:\program files (x86)\Google\Drive\googledrivesync64.dll . [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\GDriveSyncedOverlay] @="{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D40}" [HKEY_CLASSES_ROOT\CLSID\{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D40}] 2012-11-08 21:58 755224 ----a-w- c:\program files (x86)\Google\Drive\googledrivesync64.dll . [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\GDriveSyncingOverlay] @="{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D41}" [HKEY_CLASSES_ROOT\CLSID\{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D41}] 2012-11-08 21:58 755224 ----a-w- c:\program files (x86)\Google\Drive\googledrivesync64.dll . [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "IgfxTray"="c:\windows\system32\igfxtray.exe" [2011-12-26 170264] "HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2011-12-26 398104] "Persistence"="c:\windows\system32\igfxpers.exe" [2011-12-26 440600] "RTHDVCPL"="c:\program files\Realtek\Audio\HDA\RAVCpl64.exe" [2011-11-14 13353064] "EvtMgr6"="c:\program files\Logitech\SetPointP\SetPoint.exe" [2011-10-07 1744152] "LogMeIn GUI"="c:\program files (x86)\LogMeIn\x64\LogMeInSystray.exe" [bU] . ------- Supplementary Scan ------- . uStart Page = hxxp://www.bing.com/?pc=MAGW uLocal Page = c:\windows\system32\blank.htm mDefault_Page_URL = hxxp://www.bing.com/?pc=MAGW mStart Page = hxxp://www.bing.com/?pc=MAGW mLocal Page = c:\windows\SysWOW64\blank.htm uInternet Settings,ProxyOverride = *.local IE: Add to Evernote 4.0 - c:\program files (x86)\Evernote\Evernote\EvernoteIE.dll/204 Trusted Zone: mailchimp.com\login TCP: DhcpNameServer = 192.168.13.1 FF - ProfilePath - c:\users\Stephen\AppData\Roaming\Mozilla\Firefox\Profiles\t9nc1ggn.default\ FF - prefs.js: browser.search.selectedEngine - Yahoo (By Genieo) FF - prefs.js: browser.startup.homepage - hxxp://yahoo.genieo.com/?v=w3i8 FF - prefs.js: keyword.URL - hxxp://us.yhs4.search.yahoo.com/yhs/search?hspart=w3i&hsimp=yhs-geneiotransfer&type=W3i_IA,206,0_0,StartPage,20120102,18482,0,0,6434&p= FF - ExtSQL: 2012-11-16 16:28; jid0-HZ5UvAEiWWAxT9TKLuhEgUCARqo@jetpack; c:\users\Stephen\AppData\Roaming\Mozilla\Firefox\Profiles\t9nc1ggn.default\extensions\jid0-HZ5UvAEiWWAxT9TKLuhEgUCARqo@jetpack.xpi FF - ExtSQL: 2012-11-28 10:54; {DDC359D1-844A-42a7-9AA1-88A850A938A8}; c:\users\Stephen\AppData\Roaming\Mozilla\Firefox\Profiles\t9nc1ggn.default\extensions\{DDC359D1-844A-42a7-9AA1-88A850A938A8}.xpi FF - ExtSQL: 2012-11-28 10:54; anticontainer@downthemall.net; c:\users\Stephen\AppData\Roaming\Mozilla\Firefox\Profiles\t9nc1ggn.default\extensions\anticontainer@downthemall.net.xpi . - - - - ORPHANS REMOVED - - - - . Toolbar-Locked - (no file) . . . --------------------- LOCKED REGISTRY KEYS --------------------- . [HKEY_USERS\.Default\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.htm\UserChoice] @Denied: (2) (LocalSystem) "Progid"="Opera.HTML" . [HKEY_USERS\.Default\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.html\UserChoice] @Denied: (2) (LocalSystem) "Progid"="Opera.HTML" . [HKEY_USERS\.Default\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.mht\UserChoice] @Denied: (2) (LocalSystem) "Progid"="Opera.HTML" . [HKEY_USERS\.Default\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.mhtml\UserChoice] @Denied: (2) (LocalSystem) "Progid"="Opera.HTML" . [HKEY_USERS\.Default\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.xht\UserChoice] @Denied: (2) (LocalSystem) "Progid"="Opera.HTML" . [HKEY_USERS\.Default\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.xhtm\UserChoice] @Denied: (2) (LocalSystem) "Progid"="Opera.HTML" . [HKEY_USERS\.Default\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.xhtml\UserChoice] @Denied: (2) (LocalSystem) "Progid"="Opera.HTML" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}] @Denied: (A 2) (Everyone) @="FlashBroker" "LocalizedString"="@c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_11_5_502_110_ActiveX.exe,-101" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation] "Enabled"=dword:00000001 . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32] @="c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_11_5_502_110_ActiveX.exe" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib] @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}] @Denied: (A 2) (Everyone) @="IFlashBroker5" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32] @="{00020424-0000-0000-C000-000000000046}" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib] @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}" "Version"="1.0" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}] @Denied: (A 2) (Everyone) @="FlashBroker" "LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_5_502_110_ActiveX.exe,-101" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation] "Enabled"=dword:00000001 . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32] @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_5_502_110_ActiveX.exe" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib] @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}] @Denied: (A 2) (Everyone) @="Shockwave Flash Object" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32] @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_5_502_110.ocx" "ThreadingModel"="Apartment" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus] @="0" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID] @="ShockwaveFlash.ShockwaveFlash.11" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32] @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_5_502_110.ocx, 1" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib] @="{D27CDB6B-AE6D-11cf-96B8-444553540000}" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version] @="1.0" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID] @="ShockwaveFlash.ShockwaveFlash" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}] @Denied: (A 2) (Everyone) @="Macromedia Flash Factory Object" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32] @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_5_502_110.ocx" "ThreadingModel"="Apartment" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID] @="FlashFactory.FlashFactory.1" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32] @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_5_502_110.ocx, 1" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib] @="{D27CDB6B-AE6D-11cf-96B8-444553540000}" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version] @="1.0" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID] @="FlashFactory.FlashFactory" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}] @Denied: (A 2) (Everyone) @="IFlashBroker5" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32] @="{00020424-0000-0000-C000-000000000046}" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib] @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}" "Version"="1.0" . [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings] @Denied: (A) (Users) @Denied: (A) (Everyone) @Allowed: (B 1 2 3 4 5) (S-1-5-20) "BlindDial"=dword:00000000 . [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0002\AllUserSettings] @Denied: (A) (Users) @Denied: (A) (Everyone) @Allowed: (B 1 2 3 4 5) (S-1-5-20) "BlindDial"=dword:00000000 . [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security] @Denied: (Full) (Everyone) . ------------------------ Other Running Processes ------------------------ . c:\program files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe c:\program files (x86)\Bonjour\mDNSResponder.exe c:\program files (x86)\Common Files\Comscan\Comscan.exe c:\program files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe c:\program files (x86)\Google\Update\1.3.21.123\GoogleCrashHandler.exe c:\program files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe c:\program files (x86)\GFI Software\VIPRE\LanGuard 10 Agent\Mantle.exe . ************************************************************************** . Completion time: 2012-11-29 09:57:33 - machine was rebooted ComboFix-quarantined-files.txt 2012-11-29 14:57 ComboFix2.txt 2012-11-23 15:24 . Pre-Run: 848,509,575,168 bytes free Post-Run: 849,588,092,928 bytes free . - - End Of File - - 1260E52F9B845A46C25F2EB2024DABA6 DDS (Ver_2012-11-20.01) - NTFS_AMD64 Internet Explorer: 9.0.8112.16455 BrowserJavaVersion: 10.9.2 Run by Stephen at 10:25:39 on 2012-11-29 Microsoft Windows 7 Home Premium 6.1.7601.1.1252.1.1033.18.8071.4971 [GMT -5:00] . AV: GFI Software VIPRE *Enabled/Updated* {E0D97DD4-42BA-B3F2-A5A7-22E9ACE81FC7} SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46} SP: GFI Software VIPRE *Enabled/Updated* {5BB89C30-6480-BC7C-9F17-199BD76F557A} FW: GFI Software VIPRE *Enabled* {D8E2FCF1-08D5-B2AA-8EF8-8BDC523B58BC} . ============== Running Processes =============== . C:\Windows\system32\lsm.exe C:\Windows\system32\svchost.exe -k DcomLaunch C:\Windows\VPDAgent_x64.exe C:\Windows\system32\svchost.exe -k RPCSS C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted C:\Windows\system32\svchost.exe -k netsvcs C:\Program Files (x86)\Common Files\logishrd\LVMVFM\UMVPFSrv.exe C:\Windows\system32\svchost.exe -k LocalService C:\Windows\System32\WUDFHost.exe C:\Windows\system32\svchost.exe -k NetworkService C:\Windows\System32\spoolsv.exe C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe C:\Program Files (x86)\Microsoft\BingBar\SeaPort.EXE C:\Program Files (x86)\Bonjour\mDNSResponder.exe C:\Program Files (x86)\GFI Software\VIPRE\LanGuard 10 Agent\lnssatt.exe C:\Program Files (x86)\Gateway\Registration\GREGsvc.exe C:\Program Files\Intel\iCLS Client\HeciServer.exe C:\Windows\system32\IProsetMonitor.exe C:\Program Files (x86)\Intel\Intel® Management Engine Components\DAL\jhi_service.exe C:\Windows\system32\taskhost.exe C:\Program Files\Gateway\Gateway Updater\UpdaterService.exe C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe C:\Program Files (x86)\Google\Update\1.3.21.123\GoogleCrashHandler.exe C:\Windows\system32\Dwm.exe C:\Program Files (x86)\Google\Update\1.3.21.123\GoogleCrashHandler64.exe C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe C:\Program Files (x86)\GFI Software\VIPRE\SBPIMSvc.exe C:\Windows\Explorer.EXE C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe C:\ProgramData\Skype\Toolbars\Skype C2C Service\c2c_service.exe C:\Windows\system32\svchost.exe -k imgsvc C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe C:\Program Files (x86)\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE C:\Program Files (x86)\Common Files\Comscan\Comscan.exe C:\Windows\System32\WUDFHost.exe C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted C:\Windows\System32\igfxtray.exe C:\Windows\System32\hkcmd.exe C:\Windows\System32\igfxpers.exe C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe C:\Program Files\Logitech\SetPointP\SetPoint.exe C:\Program Files (x86)\Google\Drive\googledrivesync.exe C:\Users\Stephen\AppData\Local\Google\Chrome\Application\chrome.exe C:\Users\Stephen\AppData\Local\Programs\Google\MusicManager\MusicManager.exe C:\Program Files (x86)\Spybot - Search & Destroy\TeaTimer.exe C:\Program Files\Common Files\LogiShrd\KHAL3\KHALMNPR.EXE C:\Program Files (x86)\Intel\Intel® USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe C:\Program Files (x86)\GFI Software\VIPRE\SBAMTray.exe C:\Program Files (x86)\Google\Drive\googledrivesync.exe C:\Users\Stephen\AppData\Roaming\Dropbox\bin\Dropbox.exe C:\Program Files (x86)\Evernote\Evernote\EvernoteClipper.exe C:\Users\Stephen\AppData\Roaming\Insync\App\Insync.exe C:\Windows\system32\SearchIndexer.exe C:\Users\Stephen\AppData\Roaming\SQLDriver\SQLDriver.exe C:\Program Files (x86)\GFI Software\VIPRE\SBAMSvc.exe C:\Program Files\Windows Media Player\wmpnetwk.exe C:\Program Files (x86)\GFI Software\VIPRE\LanGuard 10 Agent\Mantle.exe C:\Windows\System32\svchost.exe -k LocalServicePeerNet C:\Users\Stephen\AppData\Local\Google\Chrome\Application\chrome.exe C:\Users\Stephen\AppData\Local\Google\Chrome\Application\chrome.exe C:\Users\Stephen\AppData\Local\Google\Chrome\Application\chrome.exe C:\Users\Stephen\AppData\Local\Google\Chrome\Application\chrome.exe C:\Users\Stephen\AppData\Local\Google\Chrome\Application\chrome.exe C:\Users\Stephen\AppData\Local\Google\Chrome\Application\chrome.exe C:\Users\Stephen\AppData\Local\Google\Chrome\Application\chrome.exe C:\Users\Stephen\AppData\Local\Google\Chrome\Application\chrome.exe C:\Users\Stephen\AppData\Local\Google\Chrome\Application\chrome.exe C:\Users\Stephen\AppData\Local\Google\Chrome\Application\chrome.exe C:\Users\Stephen\AppData\Local\Google\Chrome\Application\chrome.exe C:\Users\Stephen\AppData\Local\Google\Chrome\Application\chrome.exe C:\Users\Stephen\AppData\Local\Google\Chrome\Application\chrome.exe C:\Users\Stephen\AppData\Local\Google\Chrome\Application\chrome.exe C:\Users\Stephen\AppData\Local\Google\Chrome\Application\chrome.exe C:\Users\Stephen\AppData\Local\Google\Chrome\Application\chrome.exe C:\Users\Stephen\AppData\Local\Google\Chrome\Application\chrome.exe C:\Users\Stephen\AppData\Local\Google\Chrome\Application\chrome.exe C:\Users\Stephen\AppData\Local\Google\Chrome\Application\chrome.exe C:\Users\Stephen\AppData\Local\Google\Chrome\Application\chrome.exe C:\Users\Stephen\AppData\Local\Google\Chrome\Application\chrome.exe C:\Users\Stephen\AppData\Local\Google\Chrome\Application\chrome.exe C:\Users\Stephen\AppData\Local\Google\Chrome\Application\chrome.exe C:\Users\Stephen\AppData\Local\Google\Google Talk Plugin\googletalkplugin.exe C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe C:\Program Files (x86)\Nero\Update\NASvc.exe C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe C:\Users\Stephen\AppData\Local\Google\Chrome\Application\chrome.exe C:\Program Files (x86)\Internet Explorer\iexplore.exe C:\Program Files (x86)\Internet Explorer\iexplore.exe C:\Windows\SysWOW64\Macromed\Flash\FlashUtil32_11_5_502_110_ActiveX.exe C:\Windows\system32\prevhost.exe C:\Windows\system32\taskeng.exe C:\Windows\system32\wbem\wmiprvse.exe C:\Windows\System32\cscript.exe . ============== Pseudo HJT Report =============== . uStart Page = hxxp://www.bing.com/?pc=MAGW mStart Page = hxxp://www.bing.com/?pc=MAGW mDefault_Page_URL = hxxp://www.bing.com/?pc=MAGW BHO: Adobe PDF Link Helper: {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll BHO: Spybot-S&D IE Protection: {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files (x86)\Spybot - Search & Destroy\SDHelper.dll BHO: PodcastBHO Class: {65134FDF-F8A5-4B3D-91D9-CDF273CFD578} - C:\Program Files (x86)\Common Files\doubleTwist\IEPodcastPlugin.dll BHO: Java Plug-In SSV Helper: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll BHO: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll BHO: Skype Browser Helper: {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll BHO: Bing Bar Helper: {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - BHO: Java Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll TB: Bing Bar: {8dcb7100-df86-4384-8842-8fa844297b3f} - uRun: [GoogleDriveSync] "C:\Program Files (x86)\Google\Drive\googledrivesync.exe" /autostart uRun: [57AD0B2C9906DFDBF54DD87E02C3DCFDD7598BCD._service_run] "C:\Users\Stephen\AppData\Local\Google\Chrome\Application\chrome.exe" --type=service uRun: [sqlDriver] C:\Users\Stephen\AppData\Roaming\SQLDriver\SQLDriver.exe uRun: [MusicManager] "C:\Users\Stephen\AppData\Local\Programs\Google\MusicManager\MusicManager.exe" uRun: [spybotSD TeaTimer] C:\Program Files (x86)\Spybot - Search & Destroy\TeaTimer.exe mRun: [uSB3MON] "C:\Program Files (x86)\Intel\Intel® USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe" mRun: [sBAMTray] "C:\Program Files (x86)\GFI Software\VIPRE\SBAMTray.exe" StartupFolder: C:\Users\Stephen\AppData\Roaming\MICROS~1\Windows\STARTM~1\Programs\Startup\Dropbox.lnk - C:\Users\Stephen\AppData\Roaming\Dropbox\bin\Dropbox.exe StartupFolder: C:\Users\Stephen\AppData\Roaming\MICROS~1\Windows\STARTM~1\Programs\Startup\EVERNO~1.LNK - C:\Program Files (x86)\Evernote\Evernote\EvernoteClipper.exe uPolicies-Explorer: NoDrives = dword:0 mPolicies-Explorer: NoDrives = dword:0 mPolicies-System: ConsentPromptBehaviorAdmin = dword:5 mPolicies-System: ConsentPromptBehaviorUser = dword:3 mPolicies-System: EnableUIADesktopToggle = dword:0 IE: Add to Evernote 4.0 - C:\Program Files (x86)\Evernote\Evernote\EvernoteIE.dll/204 IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll IE: {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll IE: {A95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\Program Files (x86)\Evernote\Evernote\EvernoteIE.dll/204 IE: {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files (x86)\Spybot - Search & Destroy\SDHelper.dll . INFO: HKCU has more than 50 listed domains. If you wish to scan all of them, select the 'Force scan all domains' option. . TCP: NameServer = 192.168.13.1 TCP: Interfaces\{0AE144C0-F63A-4C16-BAA1-A0267DC4DD46} : DHCPNameServer = 192.168.13.1 TCP: Interfaces\{B539F6E0-F6DF-4C88-B72B-2917B5C7AC86} : DHCPNameServer = 192.168.43.1 TCP: Interfaces\{B539F6E0-F6DF-4C88-B72B-2917B5C7AC86}\3516E6964716279657D6 : DHCPNameServer = 192.168.13.1 TCP: Interfaces\{B539F6E0-F6DF-4C88-B72B-2917B5C7AC86}\46F6D656E6963696 : DHCPNameServer = 75.75.75.75 75.75.76.76 Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files (x86)\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll SSODL: WebCheck - <orphaned> mASetup: Neat ADF Scanner 2008 - reg copy "HKLM\Software\Wow6432Node\The Neat Company\Neat ADF Scanner 2008" "HKCU\Software\The Neat Company\Neat ADF Scanner 2008" /s /f x64-mStart Page = hxxp://www.bing.com/?pc=MAGW x64-BHO: Java Plug-In SSV Helper: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre7\bin\ssv.dll x64-BHO: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll x64-BHO: Skype add-on for Internet Explorer: {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll x64-BHO: Java Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll x64-Run: [igfxTray] C:\Windows\System32\igfxtray.exe x64-Run: [HotKeysCmds] C:\Windows\System32\hkcmd.exe x64-Run: [Persistence] C:\Windows\System32\igfxpers.exe x64-Run: [RTHDVCPL] C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe -s x64-Run: [EvtMgr6] C:\Program Files\Logitech\SetPointP\SetPoint.exe /launchGaming x64-Run: [LogMeIn GUI] "C:\Program Files (x86)\LogMeIn\x64\LogMeInSystray.exe" x64-IE: {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll x64-Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll x64-Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - <orphaned> x64-Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - <orphaned> x64-Notify: igfxcui - igfxdev.dll x64-Notify: LBTWlgn - c:\program files\common files\logishrd\bluetooth\LBTWlgn.dll x64-mASetup: Send To Neat - reg copy "HKLM\Software\The Neat Company\Send To Neat" "HKCU\Software\The Neat Company\Send To Neat" /s /f . ================= FIREFOX =================== . FF - ProfilePath - C:\Users\Stephen\AppData\Roaming\Mozilla\Firefox\Profiles\t9nc1ggn.default\ FF - prefs.js: browser.search.selectedEngine - Yahoo (By Genieo) FF - prefs.js: browser.startup.homepage - hxxp://yahoo.genieo.com/?v=w3i8 FF - prefs.js: keyword.URL - hxxp://us.yhs4.search.yahoo.com/yhs/search?hspart=w3i&hsimp=yhs-geneiotransfer&type=W3i_IA,206,0_0,StartPage,20120102,18482,0,0,6434&p= FF - plugin: C:\PROGRA~2\MICROS~4\Office14\NPSPWRAP.DLL FF - plugin: C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll FF - plugin: C:\Program Files (x86)\Common Files\doubleTwist\NPPodcast.dll FF - plugin: C:\Program Files (x86)\Google\Update\1.3.21.123\npGoogleUpdate3.dll FF - plugin: C:\Program Files (x86)\Intel\Intel® Management Engine Components\IPT\npIntelWebAPIIPT.dll FF - plugin: C:\Program Files (x86)\Intel\Intel® Management Engine Components\IPT\npIntelWebAPIUpdater.dll FF - plugin: C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll FF - plugin: c:\Program Files (x86)\Microsoft Silverlight\4.1.10329.0\npctrlui.dll FF - plugin: C:\Program Files (x86)\PDFlite\npPdfViewer.dll FF - plugin: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll FF - plugin: C:\ProgramData\Best Buy pc app\npBestBuyPcAppDetector.dll FF - plugin: C:\Users\Stephen\AppData\Local\Google\Update\1.3.21.123\npGoogleUpdate3.dll FF - plugin: C:\Users\Stephen\AppData\Roaming\Mozilla\plugins\npgoogletalk.dll FF - plugin: C:\Users\Stephen\AppData\Roaming\Mozilla\plugins\npgtpo3dautoplugin.dll FF - plugin: C:\Windows\System32\Wat\npWatWeb.dll FF - plugin: C:\Windows\SysWOW64\Adobe\Director\np32dsw_1168638.dll FF - plugin: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_5_502_110.dll FF - plugin: C:\Windows\SysWOW64\npDeployJava1.dll FF - plugin: C:\Windows\SysWOW64\npmproxy.dll FF - ExtSQL: 2012-11-16 16:28; jid0-HZ5UvAEiWWAxT9TKLuhEgUCARqo@jetpack; C:\Users\Stephen\AppData\Roaming\Mozilla\Firefox\Profiles\t9nc1ggn.default\extensions\jid0-HZ5UvAEiWWAxT9TKLuhEgUCARqo@jetpack.xpi FF - ExtSQL: 2012-11-28 10:54; {DDC359D1-844A-42a7-9AA1-88A850A938A8}; C:\Users\Stephen\AppData\Roaming\Mozilla\Firefox\Profiles\t9nc1ggn.default\extensions\{DDC359D1-844A-42a7-9AA1-88A850A938A8}.xpi FF - ExtSQL: 2012-11-28 10:54; anticontainer@downthemall.net; C:\Users\Stephen\AppData\Roaming\Mozilla\Firefox\Profiles\t9nc1ggn.default\extensions\anticontainer@downthemall.net.xpi . ============= SERVICES / DRIVERS =============== . R0 iusb3hcs;Intel® USB 3.0 Host Controller Switch Driver;C:\Windows\System32\drivers\iusb3hcs.sys [2012-4-5 16152] R1 SbFw;SbFw;C:\Windows\System32\drivers\SbFw.sys [2012-9-11 258848] R2 Agent;VPDAgent;C:\Windows\VPDAgent_x64.exe [2012-11-12 148480] R2 BBUpdate;BBUpdate;C:\Program Files (x86)\Microsoft\BingBar\SeaPort.EXE [2011-5-12 249648] R2 cvhsvc;Client Virtualization Handler;C:\Program Files (x86)\Common Files\microsoft shared\Virtualization Handler\CVHSVC.EXE [2012-1-4 822624] R2 gfi_lanss10_attservice;GFI LanGuard 10 Attendant Service;C:\Program Files (x86)\GFI Software\VIPRE\LanGuard 10 Agent\lnssatt.exe [2012-9-12 115568] R2 GREGService;GREGService;C:\Program Files (x86)\Gateway\Registration\GREGsvc.exe [2012-2-29 28264] R2 IAStorDataMgrSvc;Intel® Rapid Storage Technology;C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe [2012-9-10 13592] R2 Intel® Capability Licensing Service Interface;Intel® Capability Licensing Service Interface;C:\Program Files\Intel\iCLS Client\HeciServer.exe [2012-2-3 628448] R2 Intel® PROSet Monitoring Service;Intel® PROSet Monitoring Service;C:\Windows\System32\IPROSetMonitor.exe [2012-9-26 189608] R2 iPodDrv;iPodDrv;C:\Windows\System32\drivers\iPodDrv.sys [2011-7-27 14952] R2 jhi_service;Intel® Dynamic Application Loader Host Interface Service;C:\Program Files (x86)\Intel\Intel® Management Engine Components\DAL\Jhi_service.exe [2012-9-10 161560] R2 Live Updater Service;Live Updater Service;C:\Program Files\Gateway\Gateway Updater\UpdaterService.exe [2012-4-5 255376] R2 LMIRfsDriver;LogMeIn Remote File System Driver;C:\Windows\System32\drivers\LMIRfsDriver.sys [2012-10-3 72216] R2 MBAMScheduler;MBAMScheduler;C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe [2012-9-15 399432] R2 MBAMService;MBAMService;C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [2012-9-15 676936] R2 NAUpdate;Nero Update;C:\Program Files (x86)\Nero\Update\NASvc.exe [2011-3-29 598312] R2 SBAMSvc;VIPRE Internet Security;C:\Program Files (x86)\GFI Software\VIPRE\SBAMSvc.exe [2012-9-20 3677000] R2 sbapifs;sbapifs;C:\Windows\System32\drivers\sbapifs.sys [2012-9-12 82872] R2 SBPIMSvc;SB Recovery Service;C:\Program Files (x86)\GFI Software\VIPRE\SBPIMSvc.exe [2012-9-20 175496] R2 sftlist;Application Virtualization Client;C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe [2011-10-1 508776] R2 Skype C2C Service;Skype C2C Service;C:\ProgramData\Skype\Toolbars\Skype C2C Service\c2c_service.exe [2012-10-2 3064000] R2 UMVPFSrv;UMVPFSrv;C:\Program Files (x86)\Common Files\LogiShrd\LVMVFM\UMVPFSrv.exe [2012-1-18 450848] R2 UNS;Intel® Management and Security Application User Notification Service;C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe [2012-9-10 363800] R3 dg_ssudbus;SAMSUNG Mobile USB Composite Device Driver (DEVGURU Ver.);C:\Windows\System32\drivers\ssudbus.sys [2012-7-30 102240] R3 IntcDAud;Intel® Display Audio;C:\Windows\System32\drivers\IntcDAud.sys [2012-4-5 331264] R3 iusb3hub;Intel® USB 3.0 Hub Driver;C:\Windows\System32\drivers\iusb3hub.sys [2012-4-5 355096] R3 iusb3xhc;Intel® USB 3.0 eXtensible Host Controller Driver;C:\Windows\System32\drivers\iusb3xhc.sys [2012-4-5 785688] R3 LVRS64;Logitech RightSound Filter Driver;C:\Windows\System32\drivers\lvrs64.sys [2012-1-18 351136] R3 LVUVC64;Logitech HD Webcam C310(UVC);C:\Windows\System32\drivers\lvuvc64.sys [2012-1-18 4865568] R3 MBAMProtector;MBAMProtector;C:\Windows\System32\drivers\mbam.sys [2012-9-15 25928] R3 SBFWIMCLMP;GFI Software Firewall NDIS IM Filter Miniport;C:\Windows\System32\drivers\SbFwIm.sys [2012-9-11 120064] R3 sbwtis;sbwtis;C:\Windows\System32\drivers\sbwtis.sys [2012-9-20 86816] R3 Sftfs;Sftfs;C:\Windows\System32\drivers\Sftfslh.sys [2011-10-1 764264] R3 Sftplay;Sftplay;C:\Windows\System32\drivers\Sftplaylh.sys [2011-10-1 268648] R3 Sftredir;Sftredir;C:\Windows\System32\drivers\Sftredirlh.sys [2011-10-1 25960] R3 Sftvol;Sftvol;C:\Windows\System32\drivers\Sftvollh.sys [2011-10-1 22376] R3 sftvsa;Application Virtualization Service Agent;C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe [2011-10-1 219496] R3 ssudmdm;SAMSUNG Mobile USB Modem Drivers (DEVGURU Ver.);C:\Windows\System32\drivers\ssudmdm.sys [2012-7-30 203104] S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384] S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-3-18 138576] S2 SkypeUpdate;Skype Updater;C:\Program Files (x86)\Skype\Updater\Updater.exe [2012-10-19 160944] S3 BBSvc;Bing Bar Update Service;C:\Program Files (x86)\Microsoft\BingBar\BBSvc.EXE [2011-6-7 191752] S3 gfiark;gfiark;C:\Windows\System32\drivers\gfiark.sys [2012-11-8 35456] S3 netr28x;Ralink 802.11n Extensible Wireless Driver;C:\Windows\System32\drivers\netr28x.sys [2012-4-5 1488448] S3 pneteth;PdaNet Broadband;C:\Windows\System32\drivers\pneteth.sys [2012-9-15 15360] S3 SBFWIMCL;GFI Software Firewall NDIS IM Filter Service;C:\Windows\System32\drivers\SbFwIm.sys [2012-9-11 120064] S3 SbHips;SbHips;C:\Windows\System32\drivers\sbhips.sys [2012-9-11 61216] S3 TsUsbFlt;TsUsbFlt;C:\Windows\System32\drivers\TsUsbFlt.sys [2010-11-20 59392] S3 TsUsbGD;Remote Desktop Generic USB Device;C:\Windows\System32\drivers\TsUsbGD.sys [2010-11-20 31232] S3 WatAdminSvc;Windows Activation Technologies Service;C:\Windows\System32\Wat\WatAdminSvc.exe [2012-9-12 1255736] S4 wlcrasvc;Windows Live Mesh remote connections service;C:\Program Files\Windows Live\Mesh\wlcrasvc.exe [2010-9-22 57184] . =============== Created Last 30 ================ . 2012-11-29 14:55:13 -------- d-sh--w- C:\$RECYCLE.BIN 2012-11-26 12:22:23 -------- d-----w- C:\Users\Stephen\AppData\Local\TechSmith 2012-11-26 12:22:16 -------- d-----w- C:\Users\Stephen\AppData\Roaming\TechSmith 2012-11-26 12:20:45 -------- d-----w- C:\Program Files (x86)\Common Files\TechSmith Shared 2012-11-26 04:59:10 -------- d-----w- C:\Users\Stephen\AppData\Local\Torch 2012-11-26 04:56:45 -------- d-----w- C:\Users\Stephen\AppData\Local\iLivid 2012-11-23 16:02:45 262112 ----a-w- C:\Program Files (x86)\Mozilla Firefox\components\browsercomps.dll 2012-11-16 15:14:01 785512 ----a-w- C:\Windows\System32\drivers\Wdf01000.sys 2012-11-16 15:14:01 2560 ----a-w- C:\Windows\System32\drivers\en-US\wdf01000.sys.mui 2012-11-16 15:14:00 9728 ----a-w- C:\Windows\System32\Wdfres.dll 2012-11-16 15:14:00 54376 ----a-w- C:\Windows\System32\drivers\WdfLdr.sys 2012-11-16 15:10:36 87040 ----a-w- C:\Windows\System32\drivers\WUDFPf.sys 2012-11-16 15:10:36 84992 ----a-w- C:\Windows\System32\WUDFSvc.dll 2012-11-16 15:10:36 744448 ----a-w- C:\Windows\System32\WUDFx.dll 2012-11-16 15:10:36 45056 ----a-w- C:\Windows\System32\WUDFCoinstaller.dll 2012-11-16 15:10:36 229888 ----a-w- C:\Windows\System32\WUDFHost.exe 2012-11-16 15:10:36 198656 ----a-w- C:\Windows\System32\drivers\WUDFRd.sys 2012-11-16 15:10:36 194048 ----a-w- C:\Windows\System32\WUDFPlatform.dll 2012-11-12 23:49:25 87040 ----a-w- C:\Windows\System32\redmonnt.dll 2012-11-12 23:49:25 46080 ----a-w- C:\Windows\System32\unredmon.exe 2012-11-12 23:49:23 -------- d-----w- C:\Program Files (x86)\PDFlite 2012-11-12 23:39:20 148480 ----a-w- C:\Windows\VPDAgent_x64.exe 2012-11-12 23:39:19 -------- d-----w- C:\Program Files\Send To Neat 2012-11-12 23:39:15 54784 ----a-w- C:\Windows\System32\sdtnpm.dll 2012-11-12 14:56:17 -------- d-----w- C:\ProgramData\Spybot - Search & Destroy 2012-11-12 14:56:17 -------- d-----w- C:\Program Files (x86)\Spybot - Search & Destroy 2012-11-12 14:49:41 -------- d-----w- C:\Users\Stephen\AppData\Local\jZip 2012-11-12 14:49:29 -------- d-----w- C:\Program Files (x86)\jZip 2012-11-09 16:32:42 -------- d-----w- C:\Users\Stephen\AppData\Local\join.me 2012-11-08 09:00:00 35456 ----a-w- C:\Windows\System32\drivers\gfiark.sys 2012-11-07 02:31:34 -------- d-----w- C:\Users\Stephen\AppData\Local\{AE704BD6-A1D8-4DEF-85CF-CC30E0BB9B0B} 2012-11-02 21:22:12 108008 ----a-w- C:\Windows\System32\WindowsAccessBridge-64.dll 2012-11-02 21:21:40 95208 ----a-w- C:\Windows\SysWow64\WindowsAccessBridge-32.dll 2012-11-01 13:22:54 -------- d-----w- C:\Users\Stephen\AppData\Roaming\SQLUpdate 2012-11-01 13:21:59 -------- d-----w- C:\Users\Stephen\AppData\Roaming\SQLDriver . ==================== Find3M ==================== . 2012-11-29 14:34:59 18960 ----a-w- C:\Windows\System32\drivers\LNonPnP.sys 2012-11-09 11:42:54 73656 ----a-w- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl 2012-11-09 11:42:54 697272 ----a-w- C:\Windows\SysWow64\FlashPlayerApp.exe 2012-11-02 21:22:09 916456 ----a-w- C:\Windows\System32\deployJava1.dll 2012-11-02 21:22:09 1034216 ----a-w- C:\Windows\System32\npDeployJava1.dll 2012-11-02 21:21:37 821736 ----a-w- C:\Windows\SysWow64\npDeployJava1.dll 2012-11-02 21:21:37 746984 ----a-w- C:\Windows\SysWow64\deployJava1.dll 2012-10-18 18:25:58 3149824 ----a-w- C:\Windows\System32\win32k.sys 2012-10-16 08:38:37 135168 ----a-w- C:\Windows\apppatch\AppPatch64\AcXtrnal.dll 2012-10-16 08:38:34 350208 ----a-w- C:\Windows\apppatch\AppPatch64\AcLayers.dll 2012-10-16 07:39:52 561664 ----a-w- C:\Windows\apppatch\AcLayers.dll 2012-10-09 18:17:13 55296 ----a-w- C:\Windows\System32\dhcpcsvc6.dll 2012-10-09 18:17:13 226816 ----a-w- C:\Windows\System32\dhcpcore6.dll 2012-10-09 17:40:31 44032 ----a-w- C:\Windows\SysWow64\dhcpcsvc6.dll 2012-10-09 17:40:31 193536 ----a-w- C:\Windows\SysWow64\dhcpcore6.dll 2012-10-08 11:31:03 2312704 ----a-w- C:\Windows\System32\jscript9.dll 2012-10-08 11:23:52 1392128 ----a-w- C:\Windows\System32\wininet.dll 2012-10-08 11:22:55 1494528 ----a-w- C:\Windows\System32\inetcpl.cpl 2012-10-08 11:18:22 173056 ----a-w- C:\Windows\System32\ieUnatt.exe 2012-10-08 11:17:35 599040 ----a-w- C:\Windows\System32\vbscript.dll 2012-10-08 11:13:33 2382848 ----a-w- C:\Windows\System32\mshtml.tlb 2012-10-08 07:56:24 1800704 ----a-w- C:\Windows\SysWow64\jscript9.dll 2012-10-08 07:48:03 1129472 ----a-w- C:\Windows\SysWow64\wininet.dll 2012-10-08 07:47:44 1427968 ----a-w- C:\Windows\SysWow64\inetcpl.cpl 2012-10-08 07:44:05 142848 ----a-w- C:\Windows\SysWow64\ieUnatt.exe 2012-10-08 07:43:21 420864 ----a-w- C:\Windows\SysWow64\vbscript.dll 2012-10-08 07:40:56 2382848 ----a-w- C:\Windows\SysWow64\mshtml.tlb 2012-10-03 17:56:54 1914248 ----a-w- C:\Windows\System32\drivers\tcpip.sys 2012-10-03 17:44:21 70656 ----a-w- C:\Windows\System32\nlaapi.dll 2012-10-03 17:44:21 303104 ----a-w- C:\Windows\System32\nlasvc.dll 2012-10-03 17:44:17 246272 ----a-w- C:\Windows\System32\netcorehc.dll 2012-10-03 17:44:17 18944 ----a-w- C:\Windows\System32\netevent.dll 2012-10-03 17:44:16 216576 ----a-w- C:\Windows\System32\ncsi.dll 2012-10-03 17:42:16 569344 ----a-w- C:\Windows\System32\iphlpsvc.dll 2012-10-03 16:42:24 18944 ----a-w- C:\Windows\SysWow64\netevent.dll 2012-10-03 16:42:24 175104 ----a-w- C:\Windows\SysWow64\netcorehc.dll 2012-10-03 16:42:23 156672 ----a-w- C:\Windows\SysWow64\ncsi.dll 2012-10-03 16:07:26 45568 ----a-w- C:\Windows\System32\drivers\tcpipreg.sys 2012-09-29 23:54:26 25928 ----a-w- C:\Windows\System32\drivers\mbam.sys 2012-09-26 20:55:59 337608 ----a-w- C:\Windows\System32\PROUnstl.exe 2012-09-26 20:55:36 316064 ----a-w- C:\Windows\System32\PRONtObj.dll 2012-09-26 20:55:35 162152 ----a-w- C:\Windows\System32\drivers\iANSW60e.sys 2012-09-25 22:47:43 78336 ----a-w- C:\Windows\SysWow64\synceng.dll 2012-09-25 22:46:17 95744 ----a-w- C:\Windows\System32\synceng.dll 2012-09-20 09:40:04 47496 ----a-w- C:\Windows\SysWow64\sbbd.exe 2012-09-20 09:40:04 47496 ----a-w- C:\Windows\System32\sbbd.exe 2012-09-20 09:11:58 86816 ----a-w- C:\Windows\System32\drivers\sbwtis.sys 2012-09-20 09:11:58 61216 ----a-w- C:\Windows\System32\drivers\sbhips.sys 2012-09-20 09:11:58 258848 ----a-w- C:\Windows\System32\drivers\SbFw.sys 2012-09-18 21:55:55 110602 ----a-w- C:\Windows\News Rover Uninstaller.exe 2012-09-14 19:19:29 2048 ----a-w- C:\Windows\System32\tzres.dll 2012-09-14 18:28:53 2048 ----a-w- C:\Windows\SysWow64\tzres.dll 2012-09-13 00:19:42 634560 ----a-w- C:\Windows\SysWow64\XceedZip.dll 2012-09-13 00:19:38 82872 ----a-w- C:\Windows\System32\drivers\sbapifs.sys 2012-09-13 00:19:34 120064 ----a-w- C:\Windows\System32\drivers\SbFwIm.sys 2012-09-10 23:42:20 499712 ----a-w- C:\Windows\SysWow64\msvcp71.dll 2012-09-10 23:42:20 348160 ----a-w- C:\Windows\SysWow64\msvcr71.dll 2012-09-10 23:42:20 29480 ----a-w- C:\Windows\SysWow64\msxml3a.dll 2012-08-31 18:19:35 1659760 ----a-w- C:\Windows\System32\drivers\ntfs.sys . ============= FINISH: 10:26:04.28 ===============
  4. . UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG. IF REQUESTED, ZIP IT UP & ATTACH IT . DDS (Ver_2012-11-20.01) . Microsoft Windows 7 Home Premium Boot Device: \Device\HarddiskVolume2 Install Date: 9/10/2012 5:01:11 PM System Uptime: 11/27/2012 9:22:27 AM (2 hours ago) . Motherboard: Gateway | | DX4870 Processor: Intel® Core i5-2320 CPU @ 3.00GHz | SOCKET 0 | 3001/100mhz . ==== Disk Partitions ========================= . C: is FIXED (NTFS) - 917 GiB total, 790.846 GiB free. D: is CDROM (UDF) E: is Removable . ==== Disabled Device Manager Items ============= . Class GUID: {4d36e972-e325-11ce-bfc1-08002be10318} Description: 802.11n Wireless LAN Card Device ID: PCI\VEN_1814&DEV_3090&SUBSYS_760111AD&REV_00\4&858F2F4&0&00E2 Manufacturer: Ralink Technology, Corp. Name: 802.11n Wireless LAN Card PNP Device ID: PCI\VEN_1814&DEV_3090&SUBSYS_760111AD&REV_00\4&858F2F4&0&00E2 Service: netr28x . Class GUID: {8ECC055D-047F-11D1-A537-0000F8753ED1} Description: LogMeIn Kernel Information Provider Device ID: ROOT\LEGACY_LMIINFO\0000 Manufacturer: Name: LogMeIn Kernel Information Provider PNP Device ID: ROOT\LEGACY_LMIINFO\0000 Service: LMIInfo . ==== System Restore Points =================== . RP58: 11/15/2012 9:25:00 PM - Removed WinZip 17.0 RP59: 11/16/2012 10:10:17 AM - Windows Update RP60: 11/18/2012 12:22:04 PM - Windows Update RP61: 11/20/2012 8:00:43 AM - Removed Fooz Kids RP62: 11/20/2012 8:01:38 AM - Removed Fooz Kids Platform RP63: 11/20/2012 8:02:42 AM - Removed LogMeIn RP64: 11/20/2012 8:05:59 AM - Removed Soda PDF 5 RP65: 11/26/2012 7:19:20 AM - Installed Camtasia Studio 8 . ==== Installed Programs ====================== . Adobe AIR Adobe Flash Player 11 ActiveX Adobe Flash Player 11 Plugin Adobe Reader X (10.1.4) MUI Adobe Shockwave Player 11.6 Android SDK Tools Best Buy pc app Bing Bar Bonjour C5500n - C5800Ldn Series GDI Driver from OKI® Printing Solutions for Windows CameraHelperMsi Camtasia Studio 8 Cisco WebEx Meetings CyberLink PowerDVD 10 D3DX10 doubleTwist Dropbox eReg Evernote v. 4.5.10 ffdshow [rev 2527] [2008-12-19] Galerie de photos Windows Live Galería fotográfica de Windows Live Gateway Recovery Management Gateway Registration Gateway ScreenSaver Gateway Updater Google Chrome Google Drive Google Talk Plugin Google Update Helper Google Voice GoToMeeting 5.3.0.977 Hotkey Utility HTC Sync Identity Card iLivid Insync Intel® Control Center Intel® Management Engine Components Intel® Network Connections 16.8.46.0 Intel® OpenCL CPU Runtime Intel® Processor Graphics Intel® Rapid Storage Technology Intel® USB 3.0 eXtensible Host Controller Driver Intel® Trusted Connect Service Client Java 7 Update 9 Java 7 Update 9 (64-bit) Java Auto Updater Java SE Development Kit 7 Update 7 (64-bit) join.me Junk Mail filter update jZip Logitech SetPoint 6.32 Logitech Vid HD Logitech Webcam Software LWS Facebook LWS Gallery LWS Help_main LWS Launcher LWS Motion Detection LWS Pictures And Video LWS Twitter LWS Video Mask Maker LWS VideoEffects LWS Webcam Software LWS WLM Plugin LWS YouTube Plugin Malwarebytes Anti-Malware version 1.65.1.1000 Mesh Runtime Microsoft .NET Framework 4 Client Profile Microsoft Application Error Reporting Microsoft Office 2010 Microsoft Office Click-to-Run 2010 Microsoft Office Starter 2010 - English Microsoft Silverlight Microsoft SQL Server 2005 Compact Edition [ENU] Microsoft SQL Server Compact 3.5 SP2 ENU Microsoft SQL Server Compact 3.5 SP2 x64 ENU Microsoft Visual C++ 2005 Redistributable Microsoft Visual C++ 2005 Redistributable (x64) Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148 Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 Microsoft Visual C++ 2010 x64 Redistributable - 10.0.30319 Microsoft Visual C++ 2010 x86 Redistributable - 10.0.30319 Mozilla Firefox 17.0 (x86 en-US) Mozilla Maintenance Service MSVCRT MSVCRT_amd64 MSXML 4.0 SP2 (KB954430) MSXML 4.0 SP2 (KB973688) MSXML 4.0 SP3 Parser MSXML 4.0 SP3 Parser (KB2721691) Music Manager Neat Neat ADF Scanner 2008 Driver Neat ADF Scanner Driver Neat Core Files Neat Mobile Scanner (Silver) Driver Neat Mobile Scanner 2008 Driver Neat Mobile Scanner Driver Nero BackItUp 10 Nero BackItUp 10 Help (CHM) Nero Control Center 10 Nero ControlCenter 10 Help (CHM) Nero Core Components 10 Nero DiscSpeed 10 Nero DiscSpeed 10 Help (CHM) Nero Express 10 Nero Express 10 Help (CHM) Nero Multimedia Suite 10 Essentials Nero RescueAgent 10 Nero RescueAgent 10 Help (CHM) Nero StartSmart 10 Nero StartSmart 10 Help (CHM) Nero Update News Rover -- Usenet newsreader Opera 12.11 Package: Samsung Galaxy S3 ToolKit PDFlite 0.8 RateWatch Realtek High Definition Audio Driver RedMon - Redirection Port Monitor SAMSUNG USB Driver for Mobile Phones Security Update for CAPICOM (KB931906) Security Update for Microsoft .NET Framework 4 Client Profile (KB2604121) Security Update for Microsoft .NET Framework 4 Client Profile (KB2656351) Security Update for Microsoft .NET Framework 4 Client Profile (KB2656368v2) Security Update for Microsoft .NET Framework 4 Client Profile (KB2656405) Security Update for Microsoft .NET Framework 4 Client Profile (KB2686827) Security Update for Microsoft .NET Framework 4 Client Profile (KB2729449) Security Update for Microsoft .NET Framework 4 Client Profile (KB2737019) Send To Neat Skype Click to Call Skype™ 6.0 Soda PDF OCR Spybot - Search & Destroy swMSM Torch TweetDeck Update for Microsoft .NET Framework 4 Client Profile (KB2468871) Update for Microsoft .NET Framework 4 Client Profile (KB2533523) Update for Microsoft .NET Framework 4 Client Profile (KB2600217) VIPRE Internet Security VLC media player 2.0.1 Welcome Center Windows Live Windows Live Communications Platform Windows Live Essentials Windows Live Galeria de Fotos Windows Live ID Sign-in Assistant Windows Live Installer Windows Live Language Selector Windows Live Mail Windows Live Mesh Windows Live Messenger Windows Live MIME IFilter Windows Live Movie Maker Windows Live Photo Common Windows Live Photo Gallery Windows Live PIMT Platform Windows Live Remote Client Windows Live Remote Client Resources Windows Live Remote Service Windows Live Remote Service Resources Windows Live SOXE Windows Live SOXE Definitions Windows Live UX Platform Windows Live UX Platform Language Pack Windows Live Writer Windows Live Writer Resources Windows XP Mode XChat 2 (remove only) . ==== Event Viewer Messages From Past Week ======== . 11/27/2012 9:22:43 AM, Error: Service Control Manager [7000] - The LogMeIn Kernel Information Provider service failed to start due to the following error: The system cannot find the path specified. 11/27/2012 11:14:19 AM, Error: bowser [8003] - The master browser has received a server announcement from the computer DELLDESKTOP that believes that it is the master browser for the domain on transport NetBT_Tcpip_{0AE144C0-F63A-4C16-BAA1-A0267DC4DD46}. The master browser is stopping or an election is being forced. 11/21/2012 8:16:22 PM, Error: bowser [8003] - The master browser has received a server announcement from the computer YOMAMMA-PC that believes that it is the master browser for the domain on transport NetBT_Tcpip_{0AE144C0-F63A-4C16-BAA1-A0267DC4DD46}. The master browser is stopping or an election is being forced. 11/21/2012 12:29:24 PM, Error: Microsoft-Windows-Bits-Client [16398] - A new BITS job could not be created. The current job count for the user GatewayWork \Stephen (60) is equal to or greater than the job limit (60) specified through group policy. To correct the problem, complete or cancel the BITS jobs that haven't made progress by looking at the error, and restart the BITS service. If this error recurs, contact your system administrator and increate the per- user and per-computer Group Policy job limits. 11/21/2012 10:12:16 PM, Error: Service Control Manager [7030] - The PEVSystemStart service is marked as an interactive service. However, the system is configured to not allow interactive services. This service may not function properly. 11/21/2012 10:11:52 PM, Error: Application Popup [1060] - \??\C:\ComboFix\catchme.sys has been blocked from loading due to incompatibility with this system. Please contact your software vendor for a compatible version of the driver. 11/21/2012 10:07:30 PM, Error: Service Control Manager [7034] - The Skype C2C Service service terminated unexpectedly. It has done this 1 time(s). . ==== End Of File =========================== DDS (Ver_2012-11-20.01) - NTFS_AMD64 Internet Explorer: 9.0.8112.16455 BrowserJavaVersion: 10.9.2 Run by Stephen at 11:31:19 on 2012-11-27 Microsoft Windows 7 Home Premium 6.1.7601.1.1252.1.1033.18.8071.5062 [GMT -5:00] . AV: GFI Software VIPRE *Enabled/Updated* {E0D97DD4-42BA-B3F2-A5A7-22E9ACE81FC7} SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46} SP: GFI Software VIPRE *Enabled/Updated* {5BB89C30-6480-BC7C-9F17-199BD76F557A} FW: GFI Software VIPRE *Enabled* {D8E2FCF1-08D5-B2AA-8EF8-8BDC523B58BC} . ============== Running Processes =============== . C:\Windows\system32\lsm.exe C:\Windows\system32\svchost.exe -k DcomLaunch C:\Windows\VPDAgent_x64.exe C:\Windows\system32\svchost.exe -k RPCSS C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted C:\Windows\system32\svchost.exe -k netsvcs C:\Program Files (x86)\Common Files\logishrd\LVMVFM\UMVPFSrv.exe C:\Windows\system32\svchost.exe -k LocalService C:\Windows\system32\svchost.exe -k NetworkService C:\Windows\System32\spoolsv.exe C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe C:\Program Files (x86)\Microsoft\BingBar\SeaPort.EXE C:\Program Files (x86)\Bonjour\mDNSResponder.exe C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation C:\Program Files (x86)\GFI Software\VIPRE\LanGuard 10 Agent\lnssatt.exe C:\Program Files (x86)\Gateway\Registration\GREGsvc.exe C:\Program Files\Intel\iCLS Client\HeciServer.exe C:\Windows\system32\IProsetMonitor.exe C:\Windows\system32\taskhost.exe C:\Windows\system32\Dwm.exe C:\Windows\Explorer.EXE C:\Program Files (x86)\Intel\Intel® Management Engine Components\DAL\jhi_service.exe C:\Program Files (x86)\Google\Update\1.3.21.123\GoogleCrashHandler.exe C:\Program Files\Gateway\Gateway Updater\UpdaterService.exe C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe C:\Program Files (x86)\GFI Software\VIPRE\SBPIMSvc.exe C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe C:\ProgramData\Skype\Toolbars\Skype C2C Service\c2c_service.exe C:\Windows\system32\svchost.exe -k imgsvc C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe C:\Program Files (x86)\Google\Update\1.3.21.123\GoogleCrashHandler64.exe C:\Program Files (x86)\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted C:\Windows\System32\WUDFHost.exe C:\Windows\System32\igfxtray.exe C:\Windows\System32\hkcmd.exe C:\Windows\System32\igfxpers.exe C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe C:\Program Files\Logitech\SetPointP\SetPoint.exe C:\Program Files (x86)\Google\Drive\googledrivesync.exe C:\Program Files\Common Files\LogiShrd\KHAL3\KHALMNPR.EXE C:\Program Files (x86)\Google\Drive\googledrivesync.exe C:\Users\Stephen\AppData\Local\Google\Chrome\Application\chrome.exe C:\Windows\system32\SearchIndexer.exe C:\Users\Stephen\AppData\Local\Programs\Google\MusicManager\MusicManager.exe C:\Program Files (x86)\Spybot - Search & Destroy\TeaTimer.exe C:\Program Files (x86)\Evernote\Evernote\EvernoteClipper.exe C:\Users\Stephen\AppData\Roaming\Insync\App\Insync.exe C:\Program Files (x86)\Intel\Intel® USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe C:\Program Files (x86)\GFI Software\VIPRE\SBAMTray.exe C:\Users\Stephen\AppData\Roaming\SQLDriver\SQLDriver.exe C:\Program Files\Windows Media Player\wmpnetwk.exe C:\Program Files (x86)\GFI Software\VIPRE\SBAMSvc.exe C:\Program Files (x86)\GFI Software\VIPRE\LanGuard 10 Agent\Mantle.exe C:\Windows\System32\svchost.exe -k LocalServicePeerNet C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe C:\Program Files (x86)\Nero\Update\NASvc.exe C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe C:\Users\Stephen\AppData\Local\Google\Chrome\Application\chrome.exe C:\Users\Stephen\AppData\Local\Google\Chrome\Application\chrome.exe C:\Users\Stephen\AppData\Local\Google\Chrome\Application\chrome.exe C:\Users\Stephen\AppData\Local\Google\Chrome\Application\chrome.exe C:\Users\Stephen\AppData\Local\Google\Chrome\Application\chrome.exe C:\Users\Stephen\AppData\Local\Google\Chrome\Application\chrome.exe C:\Users\Stephen\AppData\Local\Google\Chrome\Application\chrome.exe C:\Users\Stephen\AppData\Local\Google\Chrome\Application\chrome.exe C:\Users\Stephen\AppData\Local\Google\Chrome\Application\chrome.exe C:\Users\Stephen\AppData\Local\Google\Chrome\Application\chrome.exe C:\Users\Stephen\AppData\Local\Google\Chrome\Application\chrome.exe C:\Users\Stephen\AppData\Local\Google\Chrome\Application\chrome.exe C:\Users\Stephen\AppData\Local\Google\Chrome\Application\chrome.exe C:\Users\Stephen\AppData\Local\Google\Chrome\Application\chrome.exe C:\Users\Stephen\AppData\Local\Google\Chrome\Application\chrome.exe C:\Users\Stephen\AppData\Local\Google\Chrome\Application\chrome.exe C:\Users\Stephen\AppData\Local\Google\Chrome\Application\chrome.exe C:\Users\Stephen\AppData\Local\Google\Chrome\Application\chrome.exe C:\Users\Stephen\AppData\Local\Google\Chrome\Application\chrome.exe C:\Users\Stephen\AppData\Local\Google\Chrome\Application\chrome.exe C:\Users\Stephen\AppData\Local\Google\Chrome\Application\chrome.exe C:\Users\Stephen\AppData\Local\Google\Google Talk Plugin\googletalkplugin.exe C:\Program Files (x86)\Skype\Phone\Skype.exe C:\Program Files (x86)\RateWatch\RateWatch.exe C:\Program Files (x86)\Evernote\Evernote\Evernote.exe C:\Program Files (x86)\Evernote\Evernote\EvernoteTray.exe C:\Users\Stephen\AppData\Local\Google\Chrome\Application\chrome.exe C:\Windows\system32\SearchProtocolHost.exe C:\Windows\system32\SearchFilterHost.exe C:\Windows\system32\wbem\wmiprvse.exe C:\Windows\System32\cscript.exe . ============== Pseudo HJT Report =============== . uStart Page = hxxp://www.bing.com/?pc=MAGW mStart Page = hxxp://www.bing.com/?pc=MAGW mDefault_Page_URL = hxxp://www.bing.com/?pc=MAGW BHO: Adobe PDF Link Helper: {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll BHO: Spybot-S&D IE Protection: {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files (x86)\Spybot - Search & Destroy\SDHelper.dll BHO: PodcastBHO Class: {65134FDF-F8A5-4B3D-91D9-CDF273CFD578} - C:\Program Files (x86)\Common Files\doubleTwist\IEPodcastPlugin.dll BHO: Java Plug-In SSV Helper: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll BHO: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live \WindowsLiveLogin.dll BHO: Skype Browser Helper: {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll BHO: Bing Bar Helper: {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - BHO: Java Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll TB: Bing Bar: {8dcb7100-df86-4384-8842-8fa844297b3f} - uRun: [GoogleDriveSync] "C:\Program Files (x86)\Google\Drive\googledrivesync.exe" /autostart uRun: [57AD0B2C9906DFDBF54DD87E02C3DCFDD7598BCD._service_run] "C:\Users\Stephen\AppData\Local\Google\Chrome\Application\chrome.exe" --type=service uRun: [sqlDriver] C:\Users\Stephen\AppData\Roaming\SQLDriver\SQLDriver.exe uRun: [MusicManager] "C:\Users\Stephen\AppData\Local\Programs\Google\MusicManager\MusicManager.exe" uRun: [spybotSD TeaTimer] C:\Program Files (x86)\Spybot - Search & Destroy\TeaTimer.exe mRun: [uSB3MON] "C:\Program Files (x86)\Intel\Intel® USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe" mRun: [sBAMTray] "C:\Program Files (x86)\GFI Software\VIPRE\SBAMTray.exe" StartupFolder: C:\Users\Stephen\AppData\Roaming\MICROS~1\Windows\STARTM~1\Programs\Startup\EVERNO~1.LNK - C:\Program Files (x86)\Evernote\Evernote \EvernoteClipper.exe StartupFolder: C:\Users\Stephen\AppData\Roaming\MICROS~1\Windows\STARTM~1\Programs\Startup\Insync.lnk - C:\Users\Stephen\AppData\Roaming\Insync\App \Insync.exe uPolicies-Explorer: NoDrives = dword:0 mPolicies-Explorer: NoDrives = dword:0 mPolicies-System: ConsentPromptBehaviorAdmin = dword:5 mPolicies-System: ConsentPromptBehaviorUser = dword:3 mPolicies-System: EnableUIADesktopToggle = dword:0 IE: Add to Evernote 4.0 - C:\Program Files (x86)\Evernote\Evernote\EvernoteIE.dll/204 IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll IE: {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer \skypeieplugin.dll IE: {A95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\Program Files (x86)\Evernote\Evernote\EvernoteIE.dll/204 IE: {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files (x86)\Spybot - Search & Destroy\SDHelper.dll . INFO: HKCU has more than 50 listed domains. If you wish to scan all of them, select the 'Force scan all domains' option. . TCP: NameServer = 192.168.13.1 TCP: Interfaces\{0AE144C0-F63A-4C16-BAA1-A0267DC4DD46} : DHCPNameServer = 192.168.13.1 TCP: Interfaces\{B539F6E0-F6DF-4C88-B72B-2917B5C7AC86} : DHCPNameServer = 192.168.43.1 TCP: Interfaces\{B539F6E0-F6DF-4C88-B72B-2917B5C7AC86}\3516E6964716279657D6 : DHCPNameServer = 192.168.13.1 TCP: Interfaces\{B539F6E0-F6DF-4C88-B72B-2917B5C7AC86}\46F6D656E6963696 : DHCPNameServer = 75.75.75.75 75.75.76.76 Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files (x86)\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll SSODL: WebCheck - <orphaned> mASetup: Neat ADF Scanner 2008 - reg copy "HKLM\Software\Wow6432Node\The Neat Company\Neat ADF Scanner 2008" "HKCU\Software\The Neat Company\Neat ADF Scanner 2008" /s /f x64-mStart Page = hxxp://www.bing.com/?pc=MAGW x64-BHO: Java Plug-In SSV Helper: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre7\bin\ssv.dll x64-BHO: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live \WindowsLiveLogin.dll x64-BHO: Skype add-on for Internet Explorer: {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll x64-BHO: Java Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll x64-Run: [igfxTray] C:\Windows\System32\igfxtray.exe x64-Run: [HotKeysCmds] C:\Windows\System32\hkcmd.exe x64-Run: [Persistence] C:\Windows\System32\igfxpers.exe x64-Run: [RTHDVCPL] C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe -s x64-Run: [EvtMgr6] C:\Program Files\Logitech\SetPointP\SetPoint.exe /launchGaming x64-Run: [LogMeIn GUI] "C:\Program Files (x86)\LogMeIn\x64\LogMeInSystray.exe" x64-IE: {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll x64-Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll x64-Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - <orphaned> x64-Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - <orphaned> x64-Notify: igfxcui - igfxdev.dll x64-Notify: LBTWlgn - c:\program files\common files\logishrd\bluetooth\LBTWlgn.dll x64-mASetup: Send To Neat - reg copy "HKLM\Software\The Neat Company\Send To Neat" "HKCU\Software\The Neat Company\Send To Neat" /s /f . ================= FIREFOX =================== . FF - ProfilePath - C:\Users\Stephen\AppData\Roaming\Mozilla\Firefox\Profiles\t9nc1ggn.default\ FF - prefs.js: browser.search.selectedEngine - Yahoo (By Genieo) FF - prefs.js: browser.startup.homepage - hxxp://yahoo.genieo.com/?v=w3i8 FF - prefs.js: keyword.URL - hxxp://us.yhs4.search.yahoo.com/yhs/search?hspart=w3i&hsimp=yhs- geneiotransfer&type=W3i_IA,206,0_0,StartPage,20120102,18482,0,0,6434&p= FF - plugin: C:\PROGRA~2\MICROS~4\Office14\NPSPWRAP.DLL FF - plugin: C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll FF - plugin: C:\Program Files (x86)\Common Files\doubleTwist\NPPodcast.dll FF - plugin: C:\Program Files (x86)\Google\Update\1.3.21.123\npGoogleUpdate3.dll FF - plugin: C:\Program Files (x86)\Intel\Intel® Management Engine Components\IPT\npIntelWebAPIIPT.dll FF - plugin: C:\Program Files (x86)\Intel\Intel® Management Engine Components\IPT\npIntelWebAPIUpdater.dll FF - plugin: C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll FF - plugin: c:\Program Files (x86)\Microsoft Silverlight\4.1.10329.0\npctrlui.dll FF - plugin: C:\Program Files (x86)\PDFlite\npPdfViewer.dll FF - plugin: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll FF - plugin: C:\ProgramData\Best Buy pc app\npBestBuyPcAppDetector.dll FF - plugin: C:\Users\Stephen\AppData\Local\Google\Update\1.3.21.123\npGoogleUpdate3.dll FF - plugin: C:\Users\Stephen\AppData\Roaming\Mozilla\plugins\npgoogletalk.dll FF - plugin: C:\Users\Stephen\AppData\Roaming\Mozilla\plugins\npgtpo3dautoplugin.dll FF - plugin: C:\Windows\System32\Wat\npWatWeb.dll FF - plugin: C:\Windows\SysWOW64\Adobe\Director\np32dsw_1168638.dll FF - plugin: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_5_502_110.dll FF - plugin: C:\Windows\SysWOW64\npDeployJava1.dll FF - plugin: C:\Windows\SysWOW64\npmproxy.dll FF - ExtSQL: 2012-11-16 16:28; jid0-HZ5UvAEiWWAxT9TKLuhEgUCARqo@jetpack; C:\Users\Stephen\AppData\Roaming\Mozilla\Firefox\Profiles\t9nc1ggn.default \extensions\jid0-HZ5UvAEiWWAxT9TKLuhEgUCARqo@jetpack.xpi . ============= SERVICES / DRIVERS =============== . R0 iusb3hcs;Intel® USB 3.0 Host Controller Switch Driver;C:\Windows\System32\drivers\iusb3hcs.sys [2012-4-5 16152] R1 SbFw;SbFw;C:\Windows\System32\drivers\SbFw.sys [2012-9-11 258848] R2 Agent;VPDAgent;C:\Windows\VPDAgent_x64.exe [2012-11-12 148480] R2 BBUpdate;BBUpdate;C:\Program Files (x86)\Microsoft\BingBar\SeaPort.EXE [2011-5-12 249648] R2 cvhsvc;Client Virtualization Handler;C:\Program Files (x86)\Common Files\microsoft shared\Virtualization Handler\CVHSVC.EXE [2012-1-4 822624] R2 gfi_lanss10_attservice;GFI LanGuard 10 Attendant Service;C:\Program Files (x86)\GFI Software\VIPRE\LanGuard 10 Agent\lnssatt.exe [2012-9-12 115568] R2 GREGService;GREGService;C:\Program Files (x86)\Gateway\Registration\GREGsvc.exe [2012-2-29 28264] R2 IAStorDataMgrSvc;Intel® Rapid Storage Technology;C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe [2012-9-10 13592] R2 Intel® Capability Licensing Service Interface;Intel® Capability Licensing Service Interface;C:\Program Files\Intel\iCLS Client\HeciServer.exe [2012-2 -3 628448] R2 Intel® PROSet Monitoring Service;Intel® PROSet Monitoring Service;C:\Windows\System32\IPROSetMonitor.exe [2012-9-26 189608] R2 iPodDrv;iPodDrv;C:\Windows\System32\drivers\iPodDrv.sys [2011-7-27 14952] R2 jhi_service;Intel® Dynamic Application Loader Host Interface Service;C:\Program Files (x86)\Intel\Intel® Management Engine Components\DAL \Jhi_service.exe [2012-9-10 161560] R2 Live Updater Service;Live Updater Service;C:\Program Files\Gateway\Gateway Updater\UpdaterService.exe [2012-4-5 255376] R2 LMIRfsDriver;LogMeIn Remote File System Driver;C:\Windows\System32\drivers\LMIRfsDriver.sys [2012-10-3 72216] R2 MBAMScheduler;MBAMScheduler;C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe [2012-9-15 399432] R2 MBAMService;MBAMService;C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [2012-9-15 676936] R2 NAUpdate;Nero Update;C:\Program Files (x86)\Nero\Update\NASvc.exe [2011-3-29 598312] R2 SBAMSvc;VIPRE Internet Security;C:\Program Files (x86)\GFI Software\VIPRE\SBAMSvc.exe [2012-9-20 3677000] R2 sbapifs;sbapifs;C:\Windows\System32\drivers\sbapifs.sys [2012-9-12 82872] R2 SBPIMSvc;SB Recovery Service;C:\Program Files (x86)\GFI Software\VIPRE\SBPIMSvc.exe [2012-9-20 175496] R2 sftlist;Application Virtualization Client;C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe [2011-10-1 508776] R2 Skype C2C Service;Skype C2C Service;C:\ProgramData\Skype\Toolbars\Skype C2C Service\c2c_service.exe [2012-10-2 3064000] R2 UMVPFSrv;UMVPFSrv;C:\Program Files (x86)\Common Files\LogiShrd\LVMVFM\UMVPFSrv.exe [2012-1-18 450848] R2 UNS;Intel® Management and Security Application User Notification Service;C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe [2012-9-10 363800] R3 IntcDAud;Intel® Display Audio;C:\Windows\System32\drivers\IntcDAud.sys [2012-4-5 331264] R3 iusb3hub;Intel® USB 3.0 Hub Driver;C:\Windows\System32\drivers\iusb3hub.sys [2012-4-5 355096] R3 iusb3xhc;Intel® USB 3.0 eXtensible Host Controller Driver;C:\Windows\System32\drivers\iusb3xhc.sys [2012-4-5 785688] R3 LVRS64;Logitech RightSound Filter Driver;C:\Windows\System32\drivers\lvrs64.sys [2012-1-18 351136] R3 LVUVC64;Logitech HD Webcam C310(UVC);C:\Windows\System32\drivers\lvuvc64.sys [2012-1-18 4865568] R3 MBAMProtector;MBAMProtector;C:\Windows\System32\drivers\mbam.sys [2012-9-15 25928] R3 SBFWIMCLMP;GFI Software Firewall NDIS IM Filter Miniport;C:\Windows\System32\drivers\SbFwIm.sys [2012-9-11 120064] R3 sbwtis;sbwtis;C:\Windows\System32\drivers\sbwtis.sys [2012-9-20 86816] R3 Sftfs;Sftfs;C:\Windows\System32\drivers\Sftfslh.sys [2011-10-1 764264] R3 Sftplay;Sftplay;C:\Windows\System32\drivers\Sftplaylh.sys [2011-10-1 268648] R3 Sftredir;Sftredir;C:\Windows\System32\drivers\Sftredirlh.sys [2011-10-1 25960] R3 Sftvol;Sftvol;C:\Windows\System32\drivers\Sftvollh.sys [2011-10-1 22376] R3 sftvsa;Application Virtualization Service Agent;C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe [2011-10-1 219496] S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384] S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-3-18 138576] S2 SkypeUpdate;Skype Updater;C:\Program Files (x86)\Skype\Updater\Updater.exe [2012-10-19 160944] S3 BBSvc;Bing Bar Update Service;C:\Program Files (x86)\Microsoft\BingBar\BBSvc.EXE [2011-6-7 191752] S3 dg_ssudbus;SAMSUNG Mobile USB Composite Device Driver (DEVGURU Ver.);C:\Windows\System32\drivers\ssudbus.sys [2012-7-30 102240] S3 gfiark;gfiark;C:\Windows\System32\drivers\gfiark.sys [2012-11-8 35456] S3 netr28x;Ralink 802.11n Extensible Wireless Driver;C:\Windows\System32\drivers\netr28x.sys [2012-4-5 1488448] S3 pneteth;PdaNet Broadband;C:\Windows\System32\drivers\pneteth.sys [2012-9-15 15360] S3 SBFWIMCL;GFI Software Firewall NDIS IM Filter Service;C:\Windows\System32\drivers\SbFwIm.sys [2012-9-11 120064] S3 SbHips;SbHips;C:\Windows\System32\drivers\sbhips.sys [2012-9-11 61216] S3 ssudmdm;SAMSUNG Mobile USB Modem Drivers (DEVGURU Ver.);C:\Windows\System32\drivers\ssudmdm.sys [2012-7-30 203104] S3 TsUsbFlt;TsUsbFlt;C:\Windows\System32\drivers\TsUsbFlt.sys [2010-11-20 59392] S3 TsUsbGD;Remote Desktop Generic USB Device;C:\Windows\System32\drivers\TsUsbGD.sys [2010-11-20 31232] S3 WatAdminSvc;Windows Activation Technologies Service;C:\Windows\System32\Wat\WatAdminSvc.exe [2012-9-12 1255736] S4 wlcrasvc;Windows Live Mesh remote connections service;C:\Program Files\Windows Live\Mesh\wlcrasvc.exe [2010-9-22 57184] . =============== Created Last 30 ================ . 2012-11-26 12:22:23 -------- d-----w- C:\Users\Stephen\AppData\Local\TechSmith 2012-11-26 12:22:16 -------- d-----w- C:\Users\Stephen\AppData\Roaming\TechSmith 2012-11-26 12:20:45 -------- d-----w- C:\Program Files (x86)\Common Files\TechSmith Shared 2012-11-26 04:59:10 -------- d-----w- C:\Users\Stephen\AppData\Local\Torch 2012-11-26 04:56:45 -------- d-----w- C:\Users\Stephen\AppData\Local\iLivid 2012-11-23 16:02:45 262112 ----a-w- C:\Program Files (x86)\Mozilla Firefox\components\browsercomps.dll 2012-11-23 15:21:58 -------- d-sh--w- C:\$RECYCLE.BIN 2012-11-16 15:14:01 785512 ----a-w- C:\Windows\System32\drivers\Wdf01000.sys 2012-11-16 15:14:01 2560 ----a-w- C:\Windows\System32\drivers\en-US\wdf01000.sys.mui 2012-11-16 15:14:00 9728 ----a-w- C:\Windows\System32\Wdfres.dll 2012-11-16 15:14:00 54376 ----a-w- C:\Windows\System32\drivers\WdfLdr.sys 2012-11-16 15:10:36 87040 ----a-w- C:\Windows\System32\drivers\WUDFPf.sys 2012-11-16 15:10:36 84992 ----a-w- C:\Windows\System32\WUDFSvc.dll 2012-11-16 15:10:36 744448 ----a-w- C:\Windows\System32\WUDFx.dll 2012-11-16 15:10:36 45056 ----a-w- C:\Windows\System32\WUDFCoinstaller.dll 2012-11-16 15:10:36 229888 ----a-w- C:\Windows\System32\WUDFHost.exe 2012-11-16 15:10:36 198656 ----a-w- C:\Windows\System32\drivers\WUDFRd.sys 2012-11-16 15:10:36 194048 ----a-w- C:\Windows\System32\WUDFPlatform.dll 2012-11-12 23:49:25 87040 ----a-w- C:\Windows\System32\redmonnt.dll 2012-11-12 23:49:25 46080 ----a-w- C:\Windows\System32\unredmon.exe 2012-11-12 23:49:23 -------- d-----w- C:\Program Files (x86)\PDFlite 2012-11-12 23:39:20 148480 ----a-w- C:\Windows\VPDAgent_x64.exe 2012-11-12 23:39:19 -------- d-----w- C:\Program Files\Send To Neat 2012-11-12 23:39:15 54784 ----a-w- C:\Windows\System32\sdtnpm.dll 2012-11-12 14:56:17 -------- d-----w- C:\ProgramData\Spybot - Search & Destroy 2012-11-12 14:56:17 -------- d-----w- C:\Program Files (x86)\Spybot - Search & Destroy 2012-11-12 14:49:41 -------- d-----w- C:\Users\Stephen\AppData\Local\jZip 2012-11-12 14:49:29 -------- d-----w- C:\Program Files (x86)\jZip 2012-11-09 16:32:42 -------- d-----w- C:\Users\Stephen\AppData\Local\join.me 2012-11-08 09:00:00 35456 ----a-w- C:\Windows\System32\drivers\gfiark.sys 2012-11-07 02:31:34 -------- d-----w- C:\Users\Stephen\AppData\Local\{AE704BD6-A1D8-4DEF-85CF-CC30E0BB9B0B} 2012-11-02 21:22:12 108008 ----a-w- C:\Windows\System32\WindowsAccessBridge-64.dll 2012-11-02 21:21:40 95208 ----a-w- C:\Windows\SysWow64\WindowsAccessBridge-32.dll 2012-11-01 13:22:54 -------- d-----w- C:\Users\Stephen\AppData\Roaming\SQLUpdate 2012-11-01 13:21:59 -------- d-----w- C:\Users\Stephen\AppData\Roaming\SQLDriver 2012-10-29 20:48:01 -------- d-----w- C:\Users\Stephen\AppData\Local\{1F5F75BD-DA1C-48BA-881B-0D511F7F4C11} 2012-10-29 00:11:07 -------- d-----w- C:\Program Files (x86)\Common Files\PC Tools . ==================== Find3M ==================== . 2012-11-09 11:42:54 73656 ----a-w- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl 2012-11-09 11:42:54 697272 ----a-w- C:\Windows\SysWow64\FlashPlayerApp.exe 2012-11-02 21:22:09 916456 ----a-w- C:\Windows\System32\deployJava1.dll 2012-11-02 21:22:09 1034216 ----a-w- C:\Windows\System32\npDeployJava1.dll 2012-11-02 21:21:37 821736 ----a-w- C:\Windows\SysWow64\npDeployJava1.dll 2012-11-02 21:21:37 746984 ----a-w- C:\Windows\SysWow64\deployJava1.dll 2012-10-30 19:16:46 18960 ----a-w- C:\Windows\System32\drivers\LNonPnP.sys 2012-10-18 18:25:58 3149824 ----a-w- C:\Windows\System32\win32k.sys 2012-10-09 18:17:13 55296 ----a-w- C:\Windows\System32\dhcpcsvc6.dll 2012-10-09 18:17:13 226816 ----a-w- C:\Windows\System32\dhcpcore6.dll 2012-10-09 17:40:31 44032 ----a-w- C:\Windows\SysWow64\dhcpcsvc6.dll 2012-10-09 17:40:31 193536 ----a-w- C:\Windows\SysWow64\dhcpcore6.dll 2012-10-08 11:31:03 2312704 ----a-w- C:\Windows\System32\jscript9.dll 2012-10-08 11:23:52 1392128 ----a-w- C:\Windows\System32\wininet.dll 2012-10-08 11:22:55 1494528 ----a-w- C:\Windows\System32\inetcpl.cpl 2012-10-08 11:18:22 173056 ----a-w- C:\Windows\System32\ieUnatt.exe 2012-10-08 11:17:35 599040 ----a-w- C:\Windows\System32\vbscript.dll 2012-10-08 11:13:33 2382848 ----a-w- C:\Windows\System32\mshtml.tlb 2012-10-08 07:56:24 1800704 ----a-w- C:\Windows\SysWow64\jscript9.dll 2012-10-08 07:48:03 1129472 ----a-w- C:\Windows\SysWow64\wininet.dll 2012-10-08 07:47:44 1427968 ----a-w- C:\Windows\SysWow64\inetcpl.cpl 2012-10-08 07:44:05 142848 ----a-w- C:\Windows\SysWow64\ieUnatt.exe 2012-10-08 07:43:21 420864 ----a-w- C:\Windows\SysWow64\vbscript.dll 2012-10-08 07:40:56 2382848 ----a-w- C:\Windows\SysWow64\mshtml.tlb 2012-10-03 17:56:54 1914248 ----a-w- C:\Windows\System32\drivers\tcpip.sys 2012-10-03 17:44:21 70656 ----a-w- C:\Windows\System32\nlaapi.dll 2012-10-03 17:44:21 303104 ----a-w- C:\Windows\System32\nlasvc.dll 2012-10-03 17:44:17 246272 ----a-w- C:\Windows\System32\netcorehc.dll 2012-10-03 17:44:17 18944 ----a-w- C:\Windows\System32\netevent.dll 2012-10-03 17:44:16 216576 ----a-w- C:\Windows\System32\ncsi.dll 2012-10-03 17:42:16 569344 ----a-w- C:\Windows\System32\iphlpsvc.dll 2012-10-03 16:42:24 18944 ----a-w- C:\Windows\SysWow64\netevent.dll 2012-10-03 16:42:24 175104 ----a-w- C:\Windows\SysWow64\netcorehc.dll 2012-10-03 16:42:23 156672 ----a-w- C:\Windows\SysWow64\ncsi.dll 2012-10-03 16:07:26 45568 ----a-w- C:\Windows\System32\drivers\tcpipreg.sys 2012-09-29 23:54:26 25928 ----a-w- C:\Windows\System32\drivers\mbam.sys 2012-09-26 20:55:59 337608 ----a-w- C:\Windows\System32\PROUnstl.exe 2012-09-26 20:55:36 316064 ----a-w- C:\Windows\System32\PRONtObj.dll 2012-09-26 20:55:35 162152 ----a-w- C:\Windows\System32\drivers\iANSW60e.sys 2012-09-25 22:47:43 78336 ----a-w- C:\Windows\SysWow64\synceng.dll 2012-09-25 22:46:17 95744 ----a-w- C:\Windows\System32\synceng.dll 2012-09-20 09:40:04 47496 ----a-w- C:\Windows\SysWow64\sbbd.exe 2012-09-20 09:40:04 47496 ----a-w- C:\Windows\System32\sbbd.exe 2012-09-20 09:11:58 86816 ----a-w- C:\Windows\System32\drivers\sbwtis.sys 2012-09-20 09:11:58 61216 ----a-w- C:\Windows\System32\drivers\sbhips.sys 2012-09-20 09:11:58 258848 ----a-w- C:\Windows\System32\drivers\SbFw.sys 2012-09-18 21:55:55 110602 ----a-w- C:\Windows\News Rover Uninstaller.exe 2012-09-14 19:19:29 2048 ----a-w- C:\Windows\System32\tzres.dll 2012-09-14 18:28:53 2048 ----a-w- C:\Windows\SysWow64\tzres.dll 2012-09-13 00:19:42 634560 ----a-w- C:\Windows\SysWow64\XceedZip.dll 2012-09-13 00:19:38 82872 ----a-w- C:\Windows\System32\drivers\sbapifs.sys 2012-09-13 00:19:34 120064 ----a-w- C:\Windows\System32\drivers\SbFwIm.sys 2012-09-10 23:42:20 499712 ----a-w- C:\Windows\SysWow64\msvcp71.dll 2012-09-10 23:42:20 348160 ----a-w- C:\Windows\SysWow64\msvcr71.dll 2012-09-10 23:42:20 29480 ----a-w- C:\Windows\SysWow64\msxml3a.dll 2012-08-31 18:19:35 1659760 ----a-w- C:\Windows\System32\drivers\ntfs.sys 2012-08-30 18:03:45 5559664 ----a-w- C:\Windows\System32\ntoskrnl.exe 2012-08-30 17:12:02 3968880 ----a-w- C:\Windows\SysWow64\ntkrnlpa.exe 2012-08-30 17:12:02 3914096 ----a-w- C:\Windows\SysWow64\ntoskrnl.exe . ============= FINISH: 11:31:44.92 ===============
  5. I've downloaded and installed viper. Viper is up to date & purchased. I've uninstalled norton as well. Reboot in a minute....
  6. Yes it came w/ trial version of Norton Internet Security... 60 day trial... not using it.... using viper internet security....
  7. I connected w/ gateway tech support & they guided me through the formatting process installed on the computer. Included in the restore process is the applications I that came w/ the system out of the box. Thank you for all your help. Completed.
  8. Maurice, thank you for the advice.... I have no choice but format my hard drive. One question for you, this is a new computer (purchased in july) & it came with MS Word & MS Excel starter programs with advert's and limited functionality. Do you know if this back I'm creating will back this information up? Thank you again for all your help, I look forward to your response.
  9. RogueKiller V8.0.2 [08/31/2012] by Tigzy mail: tigzyRK<at>gmail<dot>com Feedback: http://www.geekstogo.com/forum/files/file/413-roguekiller/ Blog: http://tigzyrk.blogspot.com Operating System: Windows 7 (6.1.7601 Service Pack 1) 64 bits version Started in : Normal mode User : Stephen Office [Admin rights] Mode : Remove -- Date : 09/08/2012 16:15:00 ¤¤¤ Bad processes : 0 ¤¤¤ ¤¤¤ Registry Entries : 10 ¤¤¤ [RUN][sUSP PATH] HKCU\[...]\Run : Snapseed ("C:\Users\Stephen Office\AppData\Roaming\Snapseed\Snapseed.exe") -> NOT SELECTED [RUN][sUSP PATH] HKCU\[...]\Run : Steam ("C:\Users\Stephen Office\AppData\Roaming\Steam\steam.exe") -> NOT SELECTED [RUN][HJNAME] HKCU\[...]\Run : Windows Updater ("C:\Users\Stephen Office\AppData\Local\Temp\svchost.exe") -> DELETED [RUN][sUSP PATH] HKUS\S-1-5-21-3708766167-61689912-231149725-1000[...]\Run : Snapseed ("C:\Users\Stephen Office\AppData\Roaming\Snapseed\Snapseed.exe") -> DELETED [RUN][sUSP PATH] HKUS\S-1-5-21-3708766167-61689912-231149725-1000[...]\Run : Steam ("C:\Users\Stephen Office\AppData\Roaming\Steam\steam.exe") -> DELETED [sTARTUP][sUSP PATH] Best Buy pc app.lnk @Default : C:\ProgramData\Best Buy pc app\ClickOnceSetup.exe -> NOT SELECTED [sTARTUP][sUSP PATH] Best Buy pc app.lnk @Default User : C:\ProgramData\Best Buy pc app\ClickOnceSetup.exe -> NOT SELECTED [HJ SMENU] HKCU\[...]\Advanced : Start_ShowMyGames (0) -> REPLACED (1) [HJ DESK] HKLM\[...]\NewStartPanel : {59031a47-3f72-44a7-89c5-5595fe6b30ee} (1) -> REPLACED (0) [HJ DESK] HKLM\[...]\NewStartPanel : {20D04FE0-3AEA-1069-A2D8-08002B30309D} (1) -> REPLACED (0) ¤¤¤ Particular Files / Folders: ¤¤¤ ¤¤¤ Driver : [NOT LOADED] ¤¤¤ ¤¤¤ Infection : ¤¤¤ ¤¤¤ HOSTS File: ¤¤¤ --> C:\Windows\system32\drivers\etc\hosts ¤¤¤ MBR Check: ¤¤¤ +++++ PhysicalDrive0: ST1000DM003-9YN162 +++++ --- User --- [MBR] 4af6bf70c69f8ceb732bdd1551bdb956 [bSP] d8561dcf563882ab125a0ba050e7d21f : Windows 7 MBR Code Partition table: 0 - [XXXXXX] ACER (0x27) [VISIBLE] Offset (sectors): 2048 | Size: 14336 Mo 1 - [ACTIVE] NTFS (0x07) [VISIBLE] Offset (sectors): 29362176 | Size: 100 Mo 2 - [XXXXXX] NTFS (0x07) [VISIBLE] Offset (sectors): 29566976 | Size: 939431 Mo User = LL1 ... OK! User = LL2 ... OK! Finished : << RKreport[2].txt >> RKreport[1].txt ; RKreport[2].txt Malwarebytes Anti-Malware (Trial) 1.62.0.1300 www.malwarebytes.org Database version: v2012.09.08.08 Windows 7 Service Pack 1 x64 NTFS Internet Explorer 9.0.8112.16421 Stephen Office :: STEPHENOFFICE [administrator] Protection: Enabled 9/8/2012 4:29:32 PM mbam-log-2012-09-08 (16-29-32).txt Scan type: Full scan (C:\|D:\|E:\|Q:\|) Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM Scan options disabled: P2P Objects scanned: 313510 Time elapsed: 17 minute(s), 16 second(s) Memory Processes Detected: 0 (No malicious items detected) Memory Modules Detected: 0 (No malicious items detected) Registry Keys Detected: 0 (No malicious items detected) Registry Values Detected: 0 (No malicious items detected) Registry Data Items Detected: 0 (No malicious items detected) Folders Detected: 0 (No malicious items detected) Files Detected: 2 C:\Users\Stephen Office\AppData\Roaming\audiohd.exe (Backdoor.Agent) -> Quarantined and deleted successfully. C:\Users\Stephen Office\AppData\Local\Temp\svchost.exe (Trojan.Agent) -> Quarantined and deleted successfully. (end)
  10. aswMBR version 0.9.9.1665 Copyright© 2011 AVAST Software Run date: 2012-09-08 09:51:54 ----------------------------- 09:51:54.015 OS Version: Windows x64 6.1.7601 Service Pack 1 09:51:54.015 Number of processors: 4 586 0x2A07 09:51:54.016 ComputerName: STEPHENOFFICE UserName: 09:51:54.619 Initialize success 09:52:47.093 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IAAStorageDevice-1 09:52:47.095 Disk 0 Vendor: ST1000DM CC4B Size: 953869MB BusType: 3 09:52:47.121 Disk 0 MBR read successfully 09:52:47.123 Disk 0 MBR scan 09:52:47.124 Disk 0 Windows 7 default MBR code 09:52:47.127 Disk 0 Partition 1 00 27 Hidden NTFS WinRE NTFS 14336 MB offset 2048 09:52:47.137 Disk 0 Partition 2 80 (A) 07 HPFS/NTFS NTFS 100 MB offset 29362176 09:52:47.144 Disk 0 Partition 3 00 07 HPFS/NTFS NTFS 939431 MB offset 29566976 09:52:47.157 Disk 0 scanning C:\Windows\system32\drivers 09:52:50.960 Service scanning 09:52:57.217 Modules scanning 09:52:57.221 Scan finished successfully 09:53:34.557 Disk 0 MBR has been saved successfully to "C:\Users\Stephen Office\Downloads\malware scanners\asw logs\MBR.dat" 09:53:34.558 The log file has been saved successfully to "C:\Users\Stephen Office\Downloads\malware scanners\asw logs\aswMBR.txt" 09:54:02.0779 4556 TDSS rootkit removing tool 2.8.8.0 Aug 24 2012 13:27:48 09:54:03.0128 4556 ============================================================ 09:54:03.0128 4556 Current date / time: 2012/09/08 09:54:03.0128 09:54:03.0128 4556 SystemInfo: 09:54:03.0128 4556 09:54:03.0128 4556 OS Version: 6.1.7601 ServicePack: 1.0 09:54:03.0128 4556 Product type: Workstation 09:54:03.0128 4556 ComputerName: STEPHENOFFICE 09:54:03.0128 4556 UserName: Stephen Office 09:54:03.0128 4556 Windows directory: C:\Windows 09:54:03.0128 4556 System windows directory: C:\Windows 09:54:03.0128 4556 Running under WOW64 09:54:03.0128 4556 Processor architecture: Intel x64 09:54:03.0128 4556 Number of processors: 4 09:54:03.0128 4556 Page size: 0x1000 09:54:03.0128 4556 Boot type: Normal boot 09:54:03.0128 4556 ============================================================ 09:54:03.0438 4556 Drive \Device\Harddisk0\DR0 - Size: 0xE8E0DB6000 (931.51 Gb), SectorSize: 0x200, Cylinders: 0x1DB01, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000040 09:54:03.0446 4556 ============================================================ 09:54:03.0447 4556 \Device\Harddisk0\DR0: 09:54:03.0447 4556 MBR partitions: 09:54:03.0447 4556 \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x1C00800, BlocksNum 0x32000 09:54:03.0447 4556 \Device\Harddisk0\DR0\Partition2: MBR, Type 0x7, StartLBA 0x1C32800, BlocksNum 0x72AD3800 09:54:03.0447 4556 ============================================================ 09:54:03.0474 4556 C: <-> \Device\Harddisk0\DR0\Partition2 09:54:03.0474 4556 ============================================================ 09:54:03.0474 4556 Initialize success 09:54:03.0474 4556 ============================================================ 09:54:15.0105 0248 ============================================================ 09:54:15.0105 0248 Scan started 09:54:15.0105 0248 Mode: Manual; 09:54:15.0105 0248 ============================================================ 09:54:15.0243 0248 ================ Scan system memory ======================== 09:54:15.0243 0248 System memory - ok 09:54:15.0244 0248 ================ Scan services ============================= 09:54:15.0346 0248 [ A87D604AEA360176311474C87A63BB88 ] 1394ohci C:\Windows\system32\drivers\1394ohci.sys 09:54:15.0348 0248 1394ohci - ok 09:54:15.0362 0248 [ D81D9E70B8A6DD14D42D7B4EFA65D5F2 ] ACPI C:\Windows\system32\drivers\ACPI.sys 09:54:15.0364 0248 ACPI - ok 09:54:15.0366 0248 [ 99F8E788246D495CE3794D7E7821D2CA ] AcpiPmi C:\Windows\system32\drivers\acpipmi.sys 09:54:15.0367 0248 AcpiPmi - ok 09:54:15.0422 0248 [ D19C4EE2AC7C47B8F5F84FFF1A789D8A ] AdobeARMservice C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe 09:54:15.0423 0248 AdobeARMservice - ok 09:54:15.0474 0248 [ 86D0D87CB86588818805CF29E0CA14DF ] AdobeFlashPlayerUpdateSvc C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe 09:54:15.0476 0248 AdobeFlashPlayerUpdateSvc - ok 09:54:15.0489 0248 [ 2F6B34B83843F0C5118B63AC634F5BF4 ] adp94xx C:\Windows\system32\drivers\adp94xx.sys 09:54:15.0491 0248 adp94xx - ok 09:54:15.0496 0248 [ 597F78224EE9224EA1A13D6350CED962 ] adpahci C:\Windows\system32\drivers\adpahci.sys 09:54:15.0497 0248 adpahci - ok 09:54:15.0500 0248 [ E109549C90F62FB570B9540C4B148E54 ] adpu320 C:\Windows\system32\drivers\adpu320.sys 09:54:15.0501 0248 adpu320 - ok 09:54:15.0521 0248 [ 4B78B431F225FD8624C5655CB1DE7B61 ] AeLookupSvc C:\Windows\System32\aelupsvc.dll 09:54:15.0522 0248 AeLookupSvc - ok 09:54:15.0528 0248 [ 1C7857B62DE5994A75B054A9FD4C3825 ] AFD C:\Windows\system32\drivers\afd.sys 09:54:15.0530 0248 AFD - ok 09:54:15.0561 0248 [ 6953D8D79A275EAD9DA145982981236B ] Agent C:\Windows\agent_x64.exe 09:54:15.0562 0248 Agent - ok 09:54:15.0573 0248 [ 608C14DBA7299D8CB6ED035A68A15799 ] agp440 C:\Windows\system32\drivers\agp440.sys 09:54:15.0573 0248 agp440 - ok 09:54:15.0583 0248 [ 3290D6946B5E30E70414990574883DDB ] ALG C:\Windows\System32\alg.exe 09:54:15.0583 0248 ALG - ok 09:54:15.0585 0248 [ 5812713A477A3AD7363C7438CA2EE038 ] aliide C:\Windows\system32\drivers\aliide.sys 09:54:15.0586 0248 aliide - ok 09:54:15.0588 0248 [ 1FF8B4431C353CE385C875F194924C0C ] amdide C:\Windows\system32\drivers\amdide.sys 09:54:15.0588 0248 amdide - ok 09:54:15.0591 0248 [ 7024F087CFF1833A806193EF9D22CDA9 ] AmdK8 C:\Windows\system32\drivers\amdk8.sys 09:54:15.0591 0248 AmdK8 - ok 09:54:15.0594 0248 [ 1E56388B3FE0D031C44144EB8C4D6217 ] AmdPPM C:\Windows\system32\drivers\amdppm.sys 09:54:15.0594 0248 AmdPPM - ok 09:54:15.0596 0248 [ D4121AE6D0C0E7E13AA221AA57EF2D49 ] amdsata C:\Windows\system32\drivers\amdsata.sys 09:54:15.0597 0248 amdsata - ok 09:54:15.0600 0248 [ F67F933E79241ED32FF46A4F29B5120B ] amdsbs C:\Windows\system32\drivers\amdsbs.sys 09:54:15.0601 0248 amdsbs - ok 09:54:15.0609 0248 [ 540DAF1CEA6094886D72126FD7C33048 ] amdxata C:\Windows\system32\drivers\amdxata.sys 09:54:15.0610 0248 amdxata - ok 09:54:15.0620 0248 [ 89A69C3F2F319B43379399547526D952 ] AppID C:\Windows\system32\drivers\appid.sys 09:54:15.0621 0248 AppID - ok 09:54:15.0633 0248 [ 0BC381A15355A3982216F7172F545DE1 ] AppIDSvc C:\Windows\System32\appidsvc.dll 09:54:15.0633 0248 AppIDSvc - ok 09:54:15.0644 0248 [ 3977D4A871CA0D4F2ED1E7DB46829731 ] Appinfo C:\Windows\System32\appinfo.dll 09:54:15.0645 0248 Appinfo - ok 09:54:15.0647 0248 [ C484F8CEB1717C540242531DB7845C4E ] arc C:\Windows\system32\drivers\arc.sys 09:54:15.0648 0248 arc - ok 09:54:15.0650 0248 [ 019AF6924AEFE7839F61C830227FE79C ] arcsas C:\Windows\system32\drivers\arcsas.sys 09:54:15.0651 0248 arcsas - ok 09:54:15.0664 0248 [ 769765CE2CC62867468CEA93969B2242 ] AsyncMac C:\Windows\system32\DRIVERS\asyncmac.sys 09:54:15.0664 0248 AsyncMac - ok 09:54:15.0676 0248 [ 02062C0B390B7729EDC9E69C680A6F3C ] atapi C:\Windows\system32\drivers\atapi.sys 09:54:15.0676 0248 atapi - ok 09:54:15.0693 0248 [ F23FEF6D569FCE88671949894A8BECF1 ] AudioEndpointBuilder C:\Windows\System32\Audiosrv.dll 09:54:15.0696 0248 AudioEndpointBuilder - ok 09:54:15.0702 0248 [ F23FEF6D569FCE88671949894A8BECF1 ] AudioSrv C:\Windows\System32\Audiosrv.dll 09:54:15.0706 0248 AudioSrv - ok 09:54:15.0727 0248 [ A6BF31A71B409DFA8CAC83159E1E2AFF ] AxInstSV C:\Windows\System32\AxInstSV.dll 09:54:15.0728 0248 AxInstSV - ok 09:54:15.0748 0248 [ 3E5B191307609F7514148C6832BB0842 ] b06bdrv C:\Windows\system32\drivers\bxvbda.sys 09:54:15.0750 0248 b06bdrv - ok 09:54:15.0756 0248 [ B5ACE6968304A3900EEB1EBFD9622DF2 ] b57nd60a C:\Windows\system32\DRIVERS\b57nd60a.sys 09:54:15.0757 0248 b57nd60a - ok 09:54:15.0797 0248 [ 87F3BCF82A63E900AF896CD930BF7E05 ] BBSvc C:\Program Files (x86)\Microsoft\BingBar\BBSvc.EXE 09:54:15.0799 0248 BBSvc - ok 09:54:15.0817 0248 [ 78779EE07231C658B483B1F38B5088DF ] BBUpdate C:\Program Files (x86)\Microsoft\BingBar\SeaPort.EXE 09:54:15.0818 0248 BBUpdate - ok 09:54:15.0828 0248 [ FDE360167101B4E45A96F939F388AEB0 ] BDESVC C:\Windows\System32\bdesvc.dll 09:54:15.0829 0248 BDESVC - ok 09:54:15.0850 0248 [ 16A47CE2DECC9B099349A5F840654746 ] Beep C:\Windows\system32\drivers\Beep.sys 09:54:15.0850 0248 Beep - ok 09:54:15.0868 0248 [ 82974D6A2FD19445CC5171FC378668A4 ] BFE C:\Windows\System32\bfe.dll 09:54:15.0871 0248 BFE - ok 09:54:15.0895 0248 [ 1EA7969E3271CBC59E1730697DC74682 ] BITS C:\Windows\System32\qmgr.dll 09:54:15.0899 0248 BITS - ok 09:54:15.0905 0248 [ 61583EE3C3A17003C4ACD0475646B4D3 ] blbdrive C:\Windows\system32\drivers\blbdrive.sys 09:54:15.0906 0248 blbdrive - ok 09:54:15.0916 0248 [ 6C02A83164F5CC0A262F4199F0871CF5 ] bowser C:\Windows\system32\DRIVERS\bowser.sys 09:54:15.0916 0248 bowser - ok 09:54:15.0919 0248 [ F09EEE9EDC320B5E1501F749FDE686C8 ] BrFiltLo C:\Windows\system32\drivers\BrFiltLo.sys 09:54:15.0919 0248 BrFiltLo - ok 09:54:15.0921 0248 [ B114D3098E9BDB8BEA8B053685831BE6 ] BrFiltUp C:\Windows\system32\drivers\BrFiltUp.sys 09:54:15.0921 0248 BrFiltUp - ok 09:54:15.0942 0248 [ 05F5A0D14A2EE1D8255C2AA0E9E8E694 ] Browser C:\Windows\System32\browser.dll 09:54:15.0943 0248 Browser - ok 09:54:15.0952 0248 [ 43BEA8D483BF1870F018E2D02E06A5BD ] Brserid C:\Windows\system32\DRIVERS\BrSerId.sys 09:54:15.0954 0248 Brserid - ok 09:54:15.0966 0248 [ A6ECA2151B08A09CACECA35C07F05B42 ] BrSerWdm C:\Windows\System32\Drivers\BrSerWdm.sys 09:54:15.0966 0248 BrSerWdm - ok 09:54:15.0968 0248 [ B79968002C277E869CF38BD22CD61524 ] BrUsbMdm C:\Windows\System32\Drivers\BrUsbMdm.sys 09:54:15.0968 0248 BrUsbMdm - ok 09:54:15.0977 0248 [ A87528880231C54E75EA7A44943B38BF ] BrUsbSer C:\Windows\system32\DRIVERS\BrUsbSer.sys 09:54:15.0977 0248 BrUsbSer - ok 09:54:15.0980 0248 [ 9DA669F11D1F894AB4EB69BF546A42E8 ] BTHMODEM C:\Windows\system32\drivers\bthmodem.sys 09:54:15.0980 0248 BTHMODEM - ok 09:54:16.0004 0248 [ 95F9C2976059462CBBF227F7AAB10DE9 ] bthserv C:\Windows\system32\bthserv.dll 09:54:16.0004 0248 bthserv - ok 09:54:16.0007 0248 [ B8BD2BB284668C84865658C77574381A ] cdfs C:\Windows\system32\DRIVERS\cdfs.sys 09:54:16.0007 0248 cdfs - ok 09:54:16.0034 0248 [ F036CE71586E93D94DAB220D7BDF4416 ] cdrom C:\Windows\system32\DRIVERS\cdrom.sys 09:54:16.0035 0248 cdrom - ok 09:54:16.0038 0248 [ F17D1D393BBC69C5322FBFAFACA28C7F ] CertPropSvc C:\Windows\System32\certprop.dll 09:54:16.0038 0248 CertPropSvc - ok 09:54:16.0041 0248 [ D7CD5C4E1B71FA62050515314CFB52CF ] circlass C:\Windows\system32\drivers\circlass.sys 09:54:16.0041 0248 circlass - ok 09:54:16.0056 0248 [ FE1EC06F2253F691FE36217C592A0206 ] CLFS C:\Windows\system32\CLFS.sys 09:54:16.0058 0248 CLFS - ok 09:54:16.0106 0248 [ D88040F816FDA31C3B466F0FA0918F29 ] clr_optimization_v2.0.50727_32 C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe 09:54:16.0107 0248 clr_optimization_v2.0.50727_32 - ok 09:54:16.0122 0248 [ D1CEEA2B47CB998321C579651CE3E4F8 ] clr_optimization_v2.0.50727_64 C:\Windows\Microsoft.NET\Framework64\v2.0.50727\mscorsvw.exe 09:54:16.0122 0248 clr_optimization_v2.0.50727_64 - ok 09:54:16.0153 0248 [ C5A75EB48E2344ABDC162BDA79E16841 ] clr_optimization_v4.0.30319_32 C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe 09:54:16.0154 0248 clr_optimization_v4.0.30319_32 - ok 09:54:16.0179 0248 [ C6F9AF94DCD58122A4D7E89DB6BED29D ] clr_optimization_v4.0.30319_64 C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe 09:54:16.0180 0248 clr_optimization_v4.0.30319_64 - ok 09:54:16.0192 0248 [ 0840155D0BDDF1190F84A663C284BD33 ] CmBatt C:\Windows\system32\drivers\CmBatt.sys 09:54:16.0192 0248 CmBatt - ok 09:54:16.0194 0248 [ E19D3F095812725D88F9001985B94EDD ] cmdide C:\Windows\system32\drivers\cmdide.sys 09:54:16.0194 0248 cmdide - ok 09:54:16.0219 0248 [ 9AC4F97C2D3E93367E2148EA940CD2CD ] CNG C:\Windows\system32\Drivers\cng.sys 09:54:16.0221 0248 CNG - ok 09:54:16.0230 0248 [ 102DE219C3F61415F964C88E9085AD14 ] Compbatt C:\Windows\system32\drivers\compbatt.sys 09:54:16.0230 0248 Compbatt - ok 09:54:16.0242 0248 [ 03EDB043586CCEBA243D689BDDA370A8 ] CompositeBus C:\Windows\system32\drivers\CompositeBus.sys 09:54:16.0242 0248 CompositeBus - ok 09:54:16.0245 0248 COMSysApp - ok 09:54:16.0270 0248 [ 927DA6432AF23ECD82FDB6A7E76CC842 ] cphs C:\Windows\SysWow64\IntelCpHeciSvc.exe 09:54:16.0272 0248 cphs - ok 09:54:16.0274 0248 [ 1C827878A998C18847245FE1F34EE597 ] crcdisk C:\Windows\system32\drivers\crcdisk.sys 09:54:16.0275 0248 crcdisk - ok 09:54:16.0299 0248 [ 4F5414602E2544A4554D95517948B705 ] CryptSvc C:\Windows\system32\cryptsvc.dll 09:54:16.0300 0248 CryptSvc - ok 09:54:16.0425 0248 [ 72794D112CBAFF3BC0C29BF7350D4741 ] cvhsvc C:\Program Files (x86)\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE 09:54:16.0429 0248 cvhsvc - ok 09:54:16.0451 0248 [ 5C627D1B1138676C0A7AB2C2C190D123 ] DcomLaunch C:\Windows\system32\rpcss.dll 09:54:16.0454 0248 DcomLaunch - ok 09:54:16.0470 0248 [ 3CEC7631A84943677AA8FA8EE5B6B43D ] defragsvc C:\Windows\System32\defragsvc.dll 09:54:16.0471 0248 defragsvc - ok 09:54:16.0474 0248 [ 9BB2EF44EAA163B29C4A4587887A0FE4 ] DfsC C:\Windows\system32\Drivers\dfsc.sys 09:54:16.0475 0248 DfsC - ok 09:54:16.0494 0248 [ 6060106CE00F32F63F1A73160E46E9D2 ] dg_ssudbus C:\Windows\system32\DRIVERS\ssudbus.sys 09:54:16.0494 0248 dg_ssudbus - ok 09:54:16.0520 0248 [ 43D808F5D9E1A18E5EEB5EBC83969E4E ] Dhcp C:\Windows\system32\dhcpcore.dll 09:54:16.0522 0248 Dhcp - ok 09:54:16.0528 0248 [ 13096B05847EC78F0977F2C0F79E9AB3 ] discache C:\Windows\system32\drivers\discache.sys 09:54:16.0529 0248 discache - ok 09:54:16.0534 0248 [ 9819EEE8B5EA3784EC4AF3B137A5244C ] Disk C:\Windows\system32\drivers\disk.sys 09:54:16.0535 0248 Disk - ok 09:54:16.0547 0248 [ 16835866AAA693C7D7FCEBA8FFF706E4 ] Dnscache C:\Windows\System32\dnsrslvr.dll 09:54:16.0548 0248 Dnscache - ok 09:54:16.0560 0248 [ B1FB3DDCA0FDF408750D5843591AFBC6 ] dot3svc C:\Windows\System32\dot3svc.dll 09:54:16.0561 0248 dot3svc - ok 09:54:16.0565 0248 [ B26F4F737E8F9DF4F31AF6CF31D05820 ] DPS C:\Windows\system32\dps.dll 09:54:16.0566 0248 DPS - ok 09:54:16.0601 0248 [ B123656688D67DF3A08FE5912203F71B ] DragonSvc C:\Program Files (x86)\Common Files\Nuance\dgnsvc.exe 09:54:16.0603 0248 DragonSvc - ok 09:54:16.0606 0248 [ 9B19F34400D24DF84C858A421C205754 ] drmkaud C:\Windows\system32\drivers\drmkaud.sys 09:54:16.0606 0248 drmkaud - ok 09:54:16.0621 0248 [ F5BEE30450E18E6B83A5012C100616FD ] DXGKrnl C:\Windows\System32\drivers\dxgkrnl.sys 09:54:16.0628 0248 DXGKrnl - ok 09:54:16.0663 0248 [ 5DB7CEB8FB44ABF01614E33BAD2056E0 ] e1cexpress C:\Windows\system32\DRIVERS\e1c62x64.sys 09:54:16.0665 0248 e1cexpress - ok 09:54:16.0673 0248 [ E2DDA8726DA9CB5B2C4000C9018A9633 ] EapHost C:\Windows\System32\eapsvc.dll 09:54:16.0674 0248 EapHost - ok 09:54:16.0713 0248 [ DC5D737F51BE844D8C82C695EB17372F ] ebdrv C:\Windows\system32\drivers\evbda.sys 09:54:16.0727 0248 ebdrv - ok 09:54:16.0759 0248 [ C118A82CD78818C29AB228366EBF81C3 ] EFS C:\Windows\System32\lsass.exe 09:54:16.0760 0248 EFS - ok 09:54:16.0792 0248 [ C4002B6B41975F057D98C439030CEA07 ] ehRecvr C:\Windows\ehome\ehRecvr.exe 09:54:16.0796 0248 ehRecvr - ok 09:54:16.0804 0248 [ 4705E8EF9934482C5BB488CE28AFC681 ] ehSched C:\Windows\ehome\ehsched.exe 09:54:16.0806 0248 ehSched - ok 09:54:16.0821 0248 [ 0E5DA5369A0FCAEA12456DD852545184 ] elxstor C:\Windows\system32\drivers\elxstor.sys 09:54:16.0825 0248 elxstor - ok 09:54:16.0827 0248 [ 34A3C54752046E79A126E15C51DB409B ] ErrDev C:\Windows\system32\drivers\errdev.sys 09:54:16.0827 0248 ErrDev - ok 09:54:16.0844 0248 [ 4166F82BE4D24938977DD1746BE9B8A0 ] EventSystem C:\Windows\system32\es.dll 09:54:16.0846 0248 EventSystem - ok 09:54:16.0861 0248 [ A510C654EC00C1E9BDD91EEB3A59823B ] exfat C:\Windows\system32\drivers\exfat.sys 09:54:16.0863 0248 exfat - ok 09:54:16.0875 0248 [ 0ADC83218B66A6DB380C330836F3E36D ] fastfat C:\Windows\system32\drivers\fastfat.sys 09:54:16.0876 0248 fastfat - ok 09:54:16.0893 0248 [ DBEFD454F8318A0EF691FDD2EAAB44EB ] Fax C:\Windows\system32\fxssvc.exe 09:54:16.0896 0248 Fax - ok 09:54:16.0902 0248 [ D765D19CD8EF61F650C384F62FAC00AB ] fdc C:\Windows\system32\drivers\fdc.sys 09:54:16.0902 0248 fdc - ok 09:54:16.0914 0248 [ 0438CAB2E03F4FB61455A7956026FE86 ] fdPHost C:\Windows\system32\fdPHost.dll 09:54:16.0914 0248 fdPHost - ok 09:54:16.0920 0248 [ 802496CB59A30349F9A6DD22D6947644 ] FDResPub C:\Windows\system32\fdrespub.dll 09:54:16.0921 0248 FDResPub - ok 09:54:16.0925 0248 [ 655661BE46B5F5F3FD454E2C3095B930 ] FileInfo C:\Windows\system32\drivers\fileinfo.sys 09:54:16.0926 0248 FileInfo - ok 09:54:16.0933 0248 [ 5F671AB5BC87EEA04EC38A6CD5962A47 ] Filetrace C:\Windows\system32\drivers\filetrace.sys 09:54:16.0934 0248 Filetrace - ok 09:54:16.0937 0248 [ C172A0F53008EAEB8EA33FE10E177AF5 ] flpydisk C:\Windows\system32\drivers\flpydisk.sys 09:54:16.0937 0248 flpydisk - ok 09:54:16.0942 0248 [ DA6B67270FD9DB3697B20FCE94950741 ] FltMgr C:\Windows\system32\drivers\fltmgr.sys 09:54:16.0944 0248 FltMgr - ok 09:54:16.0962 0248 [ 5C4CB4086FB83115B153E47ADD961A0C ] FontCache C:\Windows\system32\FntCache.dll 09:54:16.0980 0248 FontCache - ok 09:54:17.0024 0248 [ A8B7F3818AB65695E3A0BB3279F6DCE6 ] FontCache3.0.0.0 C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe 09:54:17.0025 0248 FontCache3.0.0.0 - ok 09:54:17.0039 0248 [ D43703496149971890703B4B1B723EAC ] FsDepends C:\Windows\system32\drivers\FsDepends.sys 09:54:17.0040 0248 FsDepends - ok 09:54:17.0050 0248 [ 6BD9295CC032DD3077C671FCCF579A7B ] Fs_Rec C:\Windows\system32\drivers\Fs_Rec.sys 09:54:17.0051 0248 Fs_Rec - ok 09:54:17.0054 0248 [ 1F7B25B858FA27015169FE95E54108ED ] fvevol C:\Windows\system32\DRIVERS\fvevol.sys 09:54:17.0057 0248 fvevol - ok 09:54:17.0064 0248 [ 8C778D335C9D272CFD3298AB02ABE3B6 ] gagp30kx C:\Windows\system32\drivers\gagp30kx.sys 09:54:17.0065 0248 gagp30kx - ok 09:54:17.0080 0248 [ 277BBC7E1AA1EE957F573A10ECA7EF3A ] gpsvc C:\Windows\System32\gpsvc.dll 09:54:17.0086 0248 gpsvc - ok 09:54:17.0118 0248 [ 32096F187020A54D29C95B3A1467D963 ] GREGService C:\Program Files (x86)\Gateway\Registration\GREGsvc.exe 09:54:17.0119 0248 GREGService - ok 09:54:17.0186 0248 [ 506708142BC63DABA64F2D3AD1DCD5BF ] gupdate C:\Program Files (x86)\Google\Update\GoogleUpdate.exe 09:54:17.0186 0248 gupdate - ok 09:54:17.0190 0248 [ 506708142BC63DABA64F2D3AD1DCD5BF ] gupdatem C:\Program Files (x86)\Google\Update\GoogleUpdate.exe 09:54:17.0191 0248 gupdatem - ok 09:54:17.0197 0248 [ F2523EF6460FC42405B12248338AB2F0 ] hcw85cir C:\Windows\system32\drivers\hcw85cir.sys 09:54:17.0198 0248 hcw85cir - ok 09:54:17.0220 0248 [ 975761C778E33CD22498059B91E7373A ] HdAudAddService C:\Windows\system32\drivers\HdAudio.sys 09:54:17.0223 0248 HdAudAddService - ok 09:54:17.0233 0248 [ 97BFED39B6B79EB12CDDBFEED51F56BB ] HDAudBus C:\Windows\system32\drivers\HDAudBus.sys 09:54:17.0235 0248 HDAudBus - ok 09:54:17.0238 0248 [ 78E86380454A7B10A5EB255DC44A355F ] HidBatt C:\Windows\system32\drivers\HidBatt.sys 09:54:17.0238 0248 HidBatt - ok 09:54:17.0241 0248 [ 7FD2A313F7AFE5C4DAB14798C48DD104 ] HidBth C:\Windows\system32\drivers\hidbth.sys 09:54:17.0242 0248 HidBth - ok 09:54:17.0244 0248 [ 0A77D29F311B88CFAE3B13F9C1A73825 ] HidIr C:\Windows\system32\drivers\hidir.sys 09:54:17.0245 0248 HidIr - ok 09:54:17.0248 0248 [ BD9EB3958F213F96B97B1D897DEE006D ] hidserv C:\Windows\system32\hidserv.dll 09:54:17.0249 0248 hidserv - ok 09:54:17.0259 0248 [ 9592090A7E2B61CD582B612B6DF70536 ] HidUsb C:\Windows\system32\DRIVERS\hidusb.sys 09:54:17.0261 0248 HidUsb - ok 09:54:17.0273 0248 [ 387E72E739E15E3D37907A86D9FF98E2 ] hkmsvc C:\Windows\system32\kmsvc.dll 09:54:17.0275 0248 hkmsvc - ok 09:54:17.0286 0248 [ EFDFB3DD38A4376F93E7985173813ABD ] HomeGroupListener C:\Windows\system32\ListSvc.dll 09:54:17.0289 0248 HomeGroupListener - ok 09:54:17.0309 0248 [ 908ACB1F594274965A53926B10C81E89 ] HomeGroupProvider C:\Windows\system32\provsvc.dll 09:54:17.0311 0248 HomeGroupProvider - ok 09:54:17.0314 0248 [ 39D2ABCD392F3D8A6DCE7B60AE7B8EFC ] HpSAMD C:\Windows\system32\drivers\HpSAMD.sys 09:54:17.0315 0248 HpSAMD - ok 09:54:17.0325 0248 [ 0EA7DE1ACB728DD5A369FD742D6EEE28 ] HTTP C:\Windows\system32\drivers\HTTP.sys 09:54:17.0330 0248 HTTP - ok 09:54:17.0342 0248 [ A5462BD6884960C9DC85ED49D34FF392 ] hwpolicy C:\Windows\system32\drivers\hwpolicy.sys 09:54:17.0343 0248 hwpolicy - ok 09:54:17.0359 0248 [ FA55C73D4AFFA7EE23AC4BE53B4592D3 ] i8042prt C:\Windows\system32\DRIVERS\i8042prt.sys 09:54:17.0361 0248 i8042prt - ok 09:54:17.0376 0248 [ C224331A54571C8C9162F7714400BBBD ] iaStor C:\Windows\system32\DRIVERS\iaStor.sys 09:54:17.0379 0248 iaStor - ok 09:54:17.0435 0248 [ 7D4B9A48430ED57ACA6373B71D5904CA ] IAStorDataMgrSvc C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe 09:54:17.0435 0248 IAStorDataMgrSvc - ok 09:54:17.0449 0248 [ AAAF44DB3BD0B9D1FB6969B23ECC8366 ] iaStorV C:\Windows\system32\drivers\iaStorV.sys 09:54:17.0453 0248 iaStorV - ok 09:54:17.0479 0248 [ 5988FC40F8DB5B0739CD1E3A5D0D78BD ] idsvc C:\Windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\infocard.exe 09:54:17.0485 0248 idsvc - ok 09:54:17.0624 0248 [ 0638D16029B1C800908D965AC78970C7 ] igfx C:\Windows\system32\DRIVERS\igdkmd64.sys 09:54:17.0761 0248 igfx - ok 09:54:17.0765 0248 [ 5C18831C61933628F5BB0EA2675B9D21 ] iirsp C:\Windows\system32\drivers\iirsp.sys 09:54:17.0766 0248 iirsp - ok 09:54:17.0792 0248 [ FCD84C381E0140AF901E58D48882D26B ] IKEEXT C:\Windows\System32\ikeext.dll 09:54:17.0796 0248 IKEEXT - ok 09:54:17.0848 0248 [ ABA41EE6F5EEFC034F3BBD025506B37E ] IntcAzAudAddService C:\Windows\system32\drivers\RTKVHD64.sys 09:54:17.0883 0248 IntcAzAudAddService - ok 09:54:17.0896 0248 [ 6C9FFFECA9FED31347D211C5D1FFBD2D ] IntcDAud C:\Windows\system32\DRIVERS\IntcDAud.sys 09:54:17.0898 0248 IntcDAud - ok 09:54:17.0948 0248 [ 832CE330DD987227B7DEA8C03F22AEFA ] Intel® Capability Licensing Service Interface C:\Program Files\Intel\iCLS Client\HeciServer.exe 09:54:17.0950 0248 Intel® Capability Licensing Service Interface - ok 09:54:17.0953 0248 [ F00F20E70C6EC3AA366910083A0518AA ] intelide C:\Windows\system32\drivers\intelide.sys 09:54:17.0953 0248 intelide - ok 09:54:17.0969 0248 [ ADA036632C664CAA754079041CF1F8C1 ] intelppm C:\Windows\system32\DRIVERS\intelppm.sys 09:54:17.0970 0248 intelppm - ok 09:54:17.0975 0248 [ 098A91C54546A3B878DAD6A7E90A455B ] IPBusEnum C:\Windows\system32\ipbusenum.dll 09:54:17.0976 0248 IPBusEnum - ok 09:54:17.0979 0248 [ C9F0E1BD74365A8771590E9008D22AB6 ] IpFilterDriver C:\Windows\system32\DRIVERS\ipfltdrv.sys 09:54:17.0980 0248 IpFilterDriver - ok 09:54:17.0991 0248 [ A34A587FFFD45FA649FBA6D03784D257 ] iphlpsvc C:\Windows\System32\iphlpsvc.dll 09:54:17.0994 0248 iphlpsvc - ok 09:54:17.0997 0248 [ 0FC1AEA580957AA8817B8F305D18CA3A ] IPMIDRV C:\Windows\system32\drivers\IPMIDrv.sys 09:54:17.0998 0248 IPMIDRV - ok 09:54:18.0000 0248 [ AF9B39A7E7B6CAA203B3862582E9F2D0 ] IPNAT C:\Windows\system32\drivers\ipnat.sys 09:54:18.0001 0248 IPNAT - ok 09:54:18.0008 0248 [ 3ABF5E7213EB28966D55D58B515D5CE9 ] IRENUM C:\Windows\system32\drivers\irenum.sys 09:54:18.0009 0248 IRENUM - ok 09:54:18.0011 0248 [ 2F7B28DC3E1183E5EB418DF55C204F38 ] isapnp C:\Windows\system32\drivers\isapnp.sys 09:54:18.0011 0248 isapnp - ok 09:54:18.0023 0248 [ D931D7309DEB2317035B07C9F9E6B0BD ] iScsiPrt C:\Windows\system32\drivers\msiscsi.sys 09:54:18.0025 0248 iScsiPrt - ok 09:54:18.0039 0248 [ DC0DBA5164F657DE2AE94B9D1FF75DA4 ] iusb3hcs C:\Windows\system32\DRIVERS\iusb3hcs.sys 09:54:18.0040 0248 iusb3hcs - ok 09:54:18.0051 0248 [ BA4F3A70F03584E5B907DA815677727D ] iusb3hub C:\Windows\system32\DRIVERS\iusb3hub.sys 09:54:18.0054 0248 iusb3hub - ok 09:54:18.0077 0248 [ E6130F70D61867C7EFC13A2F808EDC58 ] iusb3xhc C:\Windows\system32\DRIVERS\iusb3xhc.sys 09:54:18.0082 0248 iusb3xhc - ok 09:54:18.0112 0248 [ 468F7516B4030603BA9D1427CCEACDF9 ] jhi_service C:\Program Files (x86)\Intel\Intel® Management Engine Components\DAL\jhi_service.exe 09:54:18.0113 0248 jhi_service - ok 09:54:18.0125 0248 [ BC02336F1CBA7DCC7D1213BB588A68A5 ] kbdclass C:\Windows\system32\DRIVERS\kbdclass.sys 09:54:18.0127 0248 kbdclass - ok 09:54:18.0131 0248 [ 0705EFF5B42A9DB58548EEC3B26BB484 ] kbdhid C:\Windows\system32\DRIVERS\kbdhid.sys 09:54:18.0131 0248 kbdhid - ok 09:54:18.0143 0248 [ C118A82CD78818C29AB228366EBF81C3 ] KeyIso C:\Windows\system32\lsass.exe 09:54:18.0143 0248 KeyIso - ok 09:54:18.0165 0248 [ 97A7070AEA4C058B6418519E869A63B4 ] KSecDD C:\Windows\system32\Drivers\ksecdd.sys 09:54:18.0166 0248 KSecDD - ok 09:54:18.0177 0248 [ 26C43A7C2862447EC59DEDA188D1DA07 ] KSecPkg C:\Windows\system32\Drivers\ksecpkg.sys 09:54:18.0178 0248 KSecPkg - ok 09:54:18.0181 0248 [ 6869281E78CB31A43E969F06B57347C4 ] ksthunk C:\Windows\system32\drivers\ksthunk.sys 09:54:18.0181 0248 ksthunk - ok 09:54:18.0189 0248 [ 6AB66E16AA859232F64DEB66887A8C9C ] KtmRm C:\Windows\system32\msdtckrm.dll 09:54:18.0193 0248 KtmRm - ok 09:54:18.0212 0248 [ D9F42719019740BAA6D1C6D536CBDAA6 ] LanmanServer C:\Windows\system32\srvsvc.dll 09:54:18.0213 0248 LanmanServer - ok 09:54:18.0222 0248 [ 851A1382EED3E3A7476DB004F4EE3E1A ] LanmanWorkstation C:\Windows\System32\wkssvc.dll 09:54:18.0223 0248 LanmanWorkstation - ok 09:54:18.0261 0248 [ 6BB516A31DE232DAB436FF3A117E1E80 ] Live Updater Service C:\Program Files\Gateway\Gateway Updater\UpdaterService.exe 09:54:18.0262 0248 Live Updater Service - ok 09:54:18.0265 0248 [ 1538831CF8AD2979A04C423779465827 ] lltdio C:\Windows\system32\DRIVERS\lltdio.sys 09:54:18.0266 0248 lltdio - ok 09:54:18.0275 0248 [ C1185803384AB3FEED115F79F109427F ] lltdsvc C:\Windows\System32\lltdsvc.dll 09:54:18.0278 0248 lltdsvc - ok 09:54:18.0286 0248 [ F993A32249B66C9D622EA5592A8B76B8 ] lmhosts C:\Windows\System32\lmhsvc.dll 09:54:18.0287 0248 lmhosts - ok 09:54:18.0294 0248 [ B114B200CCDEBC7EBD8EF5D783819386 ] LMS C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe 09:54:18.0295 0248 LMS - ok 09:54:18.0318 0248 [ 1A93E54EB0ECE102495A51266DCDB6A6 ] LSI_FC C:\Windows\system32\drivers\lsi_fc.sys 09:54:18.0319 0248 LSI_FC - ok 09:54:18.0328 0248 [ 1047184A9FDC8BDBFF857175875EE810 ] LSI_SAS C:\Windows\system32\drivers\lsi_sas.sys 09:54:18.0329 0248 LSI_SAS - ok 09:54:18.0331 0248 [ 30F5C0DE1EE8B5BC9306C1F0E4A75F93 ] LSI_SAS2 C:\Windows\system32\drivers\lsi_sas2.sys 09:54:18.0332 0248 LSI_SAS2 - ok 09:54:18.0338 0248 [ 0504EACAFF0D3C8AED161C4B0D369D4A ] LSI_SCSI C:\Windows\system32\drivers\lsi_scsi.sys 09:54:18.0339 0248 LSI_SCSI - ok 09:54:18.0349 0248 [ 43D0F98E1D56CCDDB0D5254CFF7B356E ] luafv C:\Windows\system32\drivers\luafv.sys 09:54:18.0350 0248 luafv - ok 09:54:18.0381 0248 [ DC8490812A3B72811AE534F423B4C206 ] MBAMProtector C:\Windows\system32\drivers\mbam.sys 09:54:18.0382 0248 MBAMProtector - ok 09:54:18.0417 0248 [ 43683E970F008C93C9429EF428147A54 ] MBAMService C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe 09:54:18.0420 0248 MBAMService - ok 09:54:18.0434 0248 [ 0BE09CD858ABF9DF6ED259D57A1A1663 ] Mcx2Svc C:\Windows\system32\Mcx2Svc.dll 09:54:18.0436 0248 Mcx2Svc - ok 09:54:18.0447 0248 [ A55805F747C6EDB6A9080D7C633BD0F4 ] megasas C:\Windows\system32\drivers\megasas.sys 09:54:18.0449 0248 megasas - ok 09:54:18.0459 0248 [ BAF74CE0072480C3B6B7C13B2A94D6B3 ] MegaSR C:\Windows\system32\drivers\MegaSR.sys 09:54:18.0462 0248 MegaSR - ok 09:54:18.0465 0248 [ 6B01B7414A105B9E51652089A03027CF ] MEIx64 C:\Windows\system32\DRIVERS\HECIx64.sys 09:54:18.0465 0248 MEIx64 - ok 09:54:18.0473 0248 [ E40E80D0304A73E8D269F7141D77250B ] MMCSS C:\Windows\system32\mmcss.dll 09:54:18.0474 0248 MMCSS - ok 09:54:18.0486 0248 [ 800BA92F7010378B09F9ED9270F07137 ] Modem C:\Windows\system32\drivers\modem.sys 09:54:18.0487 0248 Modem - ok 09:54:18.0492 0248 [ B03D591DC7DA45ECE20B3B467E6AADAA ] monitor C:\Windows\system32\DRIVERS\monitor.sys 09:54:18.0492 0248 monitor - ok 09:54:18.0503 0248 [ 7D27EA49F3C1F687D357E77A470AEA99 ] mouclass C:\Windows\system32\DRIVERS\mouclass.sys 09:54:18.0504 0248 mouclass - ok 09:54:18.0513 0248 [ D3BF052C40B0C4166D9FD86A4288C1E6 ] mouhid C:\Windows\system32\DRIVERS\mouhid.sys 09:54:18.0515 0248 mouhid - ok 09:54:18.0523 0248 [ 32E7A3D591D671A6DF2DB515A5CBE0FA ] mountmgr C:\Windows\system32\drivers\mountmgr.sys 09:54:18.0525 0248 mountmgr - ok 09:54:18.0540 0248 [ 46297FA8E30A6007F14118FC2B942FBC ] MozillaMaintenance C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe 09:54:18.0542 0248 MozillaMaintenance - ok 09:54:18.0546 0248 [ A44B420D30BD56E145D6A2BC8768EC58 ] mpio C:\Windows\system32\drivers\mpio.sys 09:54:18.0548 0248 mpio - ok 09:54:18.0559 0248 [ 6C38C9E45AE0EA2FA5E551F2ED5E978F ] mpsdrv C:\Windows\system32\drivers\mpsdrv.sys 09:54:18.0561 0248 mpsdrv - ok 09:54:18.0575 0248 [ 54FFC9C8898113ACE189D4AA7199D2C1 ] MpsSvc C:\Windows\system32\mpssvc.dll 09:54:18.0579 0248 MpsSvc - ok 09:54:18.0590 0248 [ DC722758B8261E1ABAFD31A3C0A66380 ] MRxDAV C:\Windows\system32\drivers\mrxdav.sys 09:54:18.0591 0248 MRxDAV - ok 09:54:18.0605 0248 [ A5D9106A73DC88564C825D317CAC68AC ] mrxsmb C:\Windows\system32\DRIVERS\mrxsmb.sys 09:54:18.0607 0248 mrxsmb - ok 09:54:18.0610 0248 [ D711B3C1D5F42C0C2415687BE09FC163 ] mrxsmb10 C:\Windows\system32\DRIVERS\mrxsmb10.sys 09:54:18.0612 0248 mrxsmb10 - ok 09:54:18.0623 0248 [ 9423E9D355C8D303E76B8CFBD8A5C30C ] mrxsmb20 C:\Windows\system32\DRIVERS\mrxsmb20.sys 09:54:18.0625 0248 mrxsmb20 - ok 09:54:18.0632 0248 [ C25F0BAFA182CBCA2DD3C851C2E75796 ] msahci C:\Windows\system32\drivers\msahci.sys 09:54:18.0634 0248 msahci - ok 09:54:18.0645 0248 [ DB801A638D011B9633829EB6F663C900 ] msdsm C:\Windows\system32\drivers\msdsm.sys 09:54:18.0646 0248 msdsm - ok 09:54:18.0654 0248 [ DE0ECE52236CFA3ED2DBFC03F28253A8 ] MSDTC C:\Windows\System32\msdtc.exe 09:54:18.0656 0248 MSDTC - ok 09:54:18.0669 0248 [ AA3FB40E17CE1388FA1BEDAB50EA8F96 ] Msfs C:\Windows\system32\drivers\Msfs.sys 09:54:18.0670 0248 Msfs - ok 09:54:18.0676 0248 [ F9D215A46A8B9753F61767FA72A20326 ] mshidkmdf C:\Windows\System32\drivers\mshidkmdf.sys 09:54:18.0677 0248 mshidkmdf - ok 09:54:18.0682 0248 [ D916874BBD4F8B07BFB7FA9B3CCAE29D ] msisadrv C:\Windows\system32\drivers\msisadrv.sys 09:54:18.0683 0248 msisadrv - ok 09:54:18.0690 0248 [ 808E98FF49B155C522E6400953177B08 ] MSiSCSI C:\Windows\system32\iscsiexe.dll 09:54:18.0692 0248 MSiSCSI - ok 09:54:18.0694 0248 msiserver - ok 09:54:18.0696 0248 [ 49CCF2C4FEA34FFAD8B1B59D49439366 ] MSKSSRV C:\Windows\system32\drivers\MSKSSRV.sys 09:54:18.0697 0248 MSKSSRV - ok 09:54:18.0699 0248 [ BDD71ACE35A232104DDD349EE70E1AB3 ] MSPCLOCK C:\Windows\system32\drivers\MSPCLOCK.sys 09:54:18.0699 0248 MSPCLOCK - ok 09:54:18.0701 0248 [ 4ED981241DB27C3383D72092B618A1D0 ] MSPQM C:\Windows\system32\drivers\MSPQM.sys 09:54:18.0702 0248 MSPQM - ok 09:54:18.0707 0248 [ 759A9EEB0FA9ED79DA1FB7D4EF78866D ] MsRPC C:\Windows\system32\drivers\MsRPC.sys 09:54:18.0710 0248 MsRPC - ok 09:54:18.0716 0248 [ 0EED230E37515A0EAEE3C2E1BC97B288 ] mssmbios C:\Windows\system32\drivers\mssmbios.sys 09:54:18.0717 0248 mssmbios - ok 09:54:18.0726 0248 [ 2E66F9ECB30B4221A318C92AC2250779 ] MSTEE C:\Windows\system32\drivers\MSTEE.sys 09:54:18.0727 0248 MSTEE - ok 09:54:18.0729 0248 [ 7EA404308934E675BFFDE8EDF0757BCD ] MTConfig C:\Windows\system32\drivers\MTConfig.sys 09:54:18.0730 0248 MTConfig - ok 09:54:18.0737 0248 [ F9A18612FD3526FE473C1BDA678D61C8 ] Mup C:\Windows\system32\Drivers\mup.sys 09:54:18.0738 0248 Mup - ok 09:54:18.0748 0248 [ 582AC6D9873E31DFA28A4547270862DD ] napagent C:\Windows\system32\qagentRT.dll 09:54:18.0752 0248 napagent - ok 09:54:18.0761 0248 [ 1EA3749C4114DB3E3161156FFFFA6B33 ] NativeWifiP C:\Windows\system32\DRIVERS\nwifi.sys 09:54:18.0763 0248 NativeWifiP - ok 09:54:18.0799 0248 [ 13AA2130F2A104DD775EAD0F0EE5417B ] NAUpdate C:\Program Files (x86)\Nero\Update\NASvc.exe 09:54:18.0802 0248 NAUpdate - ok 09:54:18.0817 0248 [ 79B47FD40D9A817E932F9D26FAC0A81C ] NDIS C:\Windows\system32\drivers\ndis.sys 09:54:18.0834 0248 NDIS - ok 09:54:18.0845 0248 [ 9F9A1F53AAD7DA4D6FEF5BB73AB811AC ] NdisCap C:\Windows\system32\DRIVERS\ndiscap.sys 09:54:18.0846 0248 NdisCap - ok 09:54:18.0849 0248 [ 30639C932D9FEF22B31268FE25A1B6E5 ] NdisTapi C:\Windows\system32\DRIVERS\ndistapi.sys 09:54:18.0850 0248 NdisTapi - ok 09:54:18.0860 0248 [ 136185F9FB2CC61E573E676AA5402356 ] Ndisuio C:\Windows\system32\DRIVERS\ndisuio.sys 09:54:18.0861 0248 Ndisuio - ok 09:54:18.0865 0248 [ 53F7305169863F0A2BDDC49E116C2E11 ] NdisWan C:\Windows\system32\DRIVERS\ndiswan.sys 09:54:18.0866 0248 NdisWan - ok 09:54:18.0874 0248 [ 015C0D8E0E0421B4CFD48CFFE2825879 ] NDProxy C:\Windows\system32\drivers\NDProxy.sys 09:54:18.0876 0248 NDProxy - ok 09:54:18.0884 0248 [ 86743D9F5D2B1048062B14B1D84501C4 ] NetBIOS C:\Windows\system32\DRIVERS\netbios.sys 09:54:18.0885 0248 NetBIOS - ok 09:54:18.0889 0248 [ 09594D1089C523423B32A4229263F068 ] NetBT C:\Windows\system32\DRIVERS\netbt.sys 09:54:18.0891 0248 NetBT - ok 09:54:18.0901 0248 [ C118A82CD78818C29AB228366EBF81C3 ] Netlogon C:\Windows\system32\lsass.exe 09:54:18.0902 0248 Netlogon - ok 09:54:18.0915 0248 [ 847D3AE376C0817161A14A82C8922A9E ] Netman C:\Windows\System32\netman.dll 09:54:18.0917 0248 Netman - ok 09:54:18.0932 0248 [ 5F28111C648F1E24F7DBC87CDEB091B8 ] netprofm C:\Windows\System32\netprofm.dll 09:54:18.0936 0248 netprofm - ok 09:54:18.0973 0248 [ 5758FD37BF31E759F8610311E4D08ECA ] netr28x C:\Windows\system32\DRIVERS\netr28x.sys 09:54:18.0990 0248 netr28x - ok 09:54:19.0007 0248 [ 3E5A36127E201DDF663176B66828FAFE ] NetTcpPortSharing C:\Windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\SMSvcHost.exe 09:54:19.0008 0248 NetTcpPortSharing - ok 09:54:19.0014 0248 [ 77889813BE4D166CDAB78DDBA990DA92 ] nfrd960 C:\Windows\system32\drivers\nfrd960.sys 09:54:19.0015 0248 nfrd960 - ok 09:54:19.0034 0248 [ 1EE99A89CC788ADA662441D1E9830529 ] NlaSvc C:\Windows\System32\nlasvc.dll 09:54:19.0036 0248 NlaSvc - ok 09:54:19.0060 0248 [ C379E073E41053C19B0816326210806A ] nlsX86cc C:\Windows\SysWOW64\NLSSRV32.EXE 09:54:19.0062 0248 nlsX86cc - ok 09:54:19.0074 0248 [ 1E4C4AB5C9B8DD13179BBDC75A2A01F7 ] Npfs C:\Windows\system32\drivers\Npfs.sys 09:54:19.0075 0248 Npfs - ok 09:54:19.0077 0248 [ D54BFDF3E0C953F823B3D0BFE4732528 ] nsi C:\Windows\system32\nsisvc.dll 09:54:19.0079 0248 nsi - ok 09:54:19.0090 0248 [ E7F5AE18AF4168178A642A9247C63001 ] nsiproxy C:\Windows\system32\drivers\nsiproxy.sys 09:54:19.0091 0248 nsiproxy - ok 09:54:19.0114 0248 [ A2F74975097F52A00745F9637451FDD8 ] Ntfs C:\Windows\system32\drivers\Ntfs.sys 09:54:19.0131 0248 Ntfs - ok 09:54:19.0141 0248 [ 9899284589F75FA8724FF3D16AED75C1 ] Null C:\Windows\system32\drivers\Null.sys 09:54:19.0143 0248 Null - ok 09:54:19.0149 0248 [ 0A92CB65770442ED0DC44834632F66AD ] nvraid C:\Windows\system32\drivers\nvraid.sys 09:54:19.0150 0248 nvraid - ok 09:54:19.0154 0248 [ DAB0E87525C10052BF65F06152F37E4A ] nvstor C:\Windows\system32\drivers\nvstor.sys 09:54:19.0156 0248 nvstor - ok 09:54:19.0158 0248 [ 270D7CD42D6E3979F6DD0146650F0E05 ] nv_agp C:\Windows\system32\drivers\nv_agp.sys 09:54:19.0159 0248 nv_agp - ok 09:54:19.0162 0248 [ 3589478E4B22CE21B41FA1BFC0B8B8A0 ] ohci1394 C:\Windows\system32\drivers\ohci1394.sys 09:54:19.0163 0248 ohci1394 - ok 09:54:19.0191 0248 [ 9D10F99A6712E28F8ACD5641E3A7EA6B ] ose C:\Program Files (x86)\Common Files\Microsoft Shared\Source Engine\OSE.EXE 09:54:19.0193 0248 ose - ok 09:54:19.0259 0248 [ 61BFFB5F57AD12F83AB64B7181829B34 ] osppsvc C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE 09:54:19.0278 0248 osppsvc - ok 09:54:19.0298 0248 [ 3EAC4455472CC2C97107B5291E0DCAFE ] p2pimsvc C:\Windows\system32\pnrpsvc.dll 09:54:19.0300 0248 p2pimsvc - ok 09:54:19.0312 0248 [ 927463ECB02179F88E4B9A17568C63C3 ] p2psvc C:\Windows\system32\p2psvc.dll 09:54:19.0316 0248 p2psvc - ok 09:54:19.0319 0248 [ 0086431C29C35BE1DBC43F52CC273887 ] Parport C:\Windows\system32\drivers\parport.sys 09:54:19.0320 0248 Parport - ok 09:54:19.0330 0248 [ E9766131EEADE40A27DC27D2D68FBA9C ] partmgr C:\Windows\system32\drivers\partmgr.sys 09:54:19.0330 0248 partmgr - ok 09:54:19.0334 0248 [ 3AEAA8B561E63452C655DC0584922257 ] PcaSvc C:\Windows\System32\pcasvc.dll 09:54:19.0336 0248 PcaSvc - ok 09:54:19.0339 0248 [ 94575C0571D1462A0F70BDE6BD6EE6B3 ] pci C:\Windows\system32\drivers\pci.sys 09:54:19.0341 0248 pci - ok 09:54:19.0350 0248 [ B5B8B5EF2E5CB34DF8DCF8831E3534FA ] pciide C:\Windows\system32\drivers\pciide.sys 09:54:19.0351 0248 pciide - ok 09:54:19.0362 0248 [ B2E81D4E87CE48589F98CB8C05B01F2F ] pcmcia C:\Windows\system32\drivers\pcmcia.sys 09:54:19.0364 0248 pcmcia - ok 09:54:19.0371 0248 [ D6B9C2E1A11A3A4B26A182FFEF18F603 ] pcw C:\Windows\system32\drivers\pcw.sys 09:54:19.0372 0248 pcw - ok 09:54:19.0384 0248 [ 68769C3356B3BE5D1C732C97B9A80D6E ] PEAUTH C:\Windows\system32\drivers\peauth.sys 09:54:19.0388 0248 PEAUTH - ok 09:54:19.0405 0248 [ E495E408C93141E8FC72DC0C6046DDFA ] PerfHost C:\Windows\SysWow64\perfhost.exe 09:54:19.0406 0248 PerfHost - ok 09:54:19.0428 0248 [ C7CF6A6E137463219E1259E3F0F0DD6C ] pla C:\Windows\system32\pla.dll 09:54:19.0446 0248 pla - ok 09:54:19.0463 0248 [ 25FBDEF06C4D92815B353F6E792C8129 ] PlugPlay C:\Windows\system32\umpnpmgr.dll 09:54:19.0466 0248 PlugPlay - ok 09:54:19.0478 0248 [ 7195581CEC9BB7D12ABE54036ACC2E38 ] PNRPAutoReg C:\Windows\system32\pnrpauto.dll 09:54:19.0480 0248 PNRPAutoReg - ok 09:54:19.0485 0248 [ 3EAC4455472CC2C97107B5291E0DCAFE ] PNRPsvc C:\Windows\system32\pnrpsvc.dll 09:54:19.0487 0248 PNRPsvc - ok 09:54:19.0495 0248 [ 4F15D75ADF6156BF56ECED6D4A55C389 ] PolicyAgent C:\Windows\System32\ipsecsvc.dll 09:54:19.0499 0248 PolicyAgent - ok 09:54:19.0504 0248 [ 6BA9D927DDED70BD1A9CADED45F8B184 ] Power C:\Windows\system32\umpo.dll 09:54:19.0505 0248 Power - ok 09:54:19.0526 0248 [ F92A2C41117A11A00BE01CA01A7FCDE9 ] PptpMiniport C:\Windows\system32\DRIVERS\raspptp.sys 09:54:19.0527 0248 PptpMiniport - ok 09:54:19.0534 0248 [ 0D922E23C041EFB1C3FAC2A6F943C9BF ] Processor C:\Windows\system32\drivers\processr.sys 09:54:19.0536 0248 Processor - ok 09:54:19.0547 0248 [ 53E83F1F6CF9D62F32801CF66D8352A8 ] ProfSvc C:\Windows\system32\profsvc.dll 09:54:19.0550 0248 ProfSvc - ok 09:54:19.0559 0248 [ C118A82CD78818C29AB228366EBF81C3 ] ProtectedStorage C:\Windows\system32\lsass.exe 09:54:19.0560 0248 ProtectedStorage - ok 09:54:19.0572 0248 [ 0557CF5A2556BD58E26384169D72438D ] Psched C:\Windows\system32\DRIVERS\pacer.sys 09:54:19.0573 0248 Psched - ok 09:54:19.0596 0248 [ A53A15A11EBFD21077463EE2C7AFEEF0 ] ql2300 C:\Windows\system32\drivers\ql2300.sys 09:54:19.0613 0248 ql2300 - ok 09:54:19.0616 0248 [ 4F6D12B51DE1AAEFF7DC58C4D75423C8 ] ql40xx C:\Windows\system32\drivers\ql40xx.sys 09:54:19.0617 0248 ql40xx - ok 09:54:19.0625 0248 [ 906191634E99AEA92C4816150BDA3732 ] QWAVE C:\Windows\system32\qwave.dll 09:54:19.0628 0248 QWAVE - ok 09:54:19.0633 0248 [ 76707BB36430888D9CE9D705398ADB6C ] QWAVEdrv C:\Windows\system32\drivers\qwavedrv.sys 09:54:19.0635 0248 QWAVEdrv - ok 09:54:19.0637 0248 [ 5A0DA8AD5762FA2D91678A8A01311704 ] RasAcd C:\Windows\system32\DRIVERS\rasacd.sys 09:54:19.0638 0248 RasAcd - ok 09:54:19.0646 0248 [ 7ECFF9B22276B73F43A99A15A6094E90 ] RasAgileVpn C:\Windows\system32\DRIVERS\AgileVpn.sys 09:54:19.0648 0248 RasAgileVpn - ok 09:54:19.0655 0248 [ 8F26510C5383B8DBE976DE1CD00FC8C7 ] RasAuto C:\Windows\System32\rasauto.dll 09:54:19.0657 0248 RasAuto - ok 09:54:19.0665 0248 [ 471815800AE33E6F1C32FB1B97C490CA ] Rasl2tp C:\Windows\system32\DRIVERS\rasl2tp.sys 09:54:19.0666 0248 Rasl2tp - ok 09:54:19.0671 0248 [ EE867A0870FC9E4972BA9EAAD35651E2 ] RasMan C:\Windows\System32\rasmans.dll 09:54:19.0674 0248 RasMan - ok 09:54:19.0682 0248 [ 855C9B1CD4756C5E9A2AA58A15F58C25 ] RasPppoe C:\Windows\system32\DRIVERS\raspppoe.sys 09:54:19.0684 0248 RasPppoe - ok 09:54:19.0692 0248 [ E8B1E447B008D07FF47D016C2B0EEECB ] RasSstp C:\Windows\system32\DRIVERS\rassstp.sys 09:54:19.0693 0248 RasSstp - ok 09:54:19.0703 0248 [ 77F665941019A1594D887A74F301FA2F ] rdbss C:\Windows\system32\DRIVERS\rdbss.sys 09:54:19.0706 0248 rdbss - ok 09:54:19.0717 0248 [ 302DA2A0539F2CF54D7C6CC30C1F2D8D ] rdpbus C:\Windows\system32\drivers\rdpbus.sys 09:54:19.0718 0248 rdpbus - ok 09:54:19.0727 0248 [ CEA6CC257FC9B7715F1C2B4849286D24 ] RDPCDD C:\Windows\system32\DRIVERS\RDPCDD.sys 09:54:19.0727 0248 RDPCDD - ok 09:54:19.0739 0248 [ BB5971A4F00659529A5C44831AF22365 ] RDPENCDD C:\Windows\system32\drivers\rdpencdd.sys 09:54:19.0739 0248 RDPENCDD - ok 09:54:19.0745 0248 [ 216F3FA57533D98E1F74DED70113177A ] RDPREFMP C:\Windows\system32\drivers\rdprefmp.sys 09:54:19.0746 0248 RDPREFMP - ok 09:54:19.0762 0248 [ E61608AA35E98999AF9AAEEEA6114B0A ] RDPWD C:\Windows\system32\drivers\RDPWD.sys 09:54:19.0764 0248 RDPWD - ok 09:54:19.0768 0248 [ 34ED295FA0121C241BFEF24764FC4520 ] rdyboost C:\Windows\system32\drivers\rdyboost.sys 09:54:19.0770 0248 rdyboost - ok 09:54:19.0783 0248 [ 254FB7A22D74E5511C73A3F6D802F192 ] RemoteAccess C:\Windows\System32\mprdim.dll 09:54:19.0785 0248 RemoteAccess - ok 09:54:19.0797 0248 [ E4D94F24081440B5FC5AA556C7C62702 ] RemoteRegistry C:\Windows\system32\regsvc.dll 09:54:19.0799 0248 RemoteRegistry - ok 09:54:19.0814 0248 [ 9C3AC71A9934B884FAC567A8807E9C4D ] Revoflt C:\Windows\system32\DRIVERS\revoflt.sys 09:54:19.0815 0248 Revoflt - ok 09:54:19.0818 0248 [ E4DC58CF7B3EA515AE917FF0D402A7BB ] RpcEptMapper C:\Windows\System32\RpcEpMap.dll 09:54:19.0820 0248 RpcEptMapper - ok 09:54:19.0833 0248 [ D5BA242D4CF8E384DB90E6A8ED850B8C ] RpcLocator C:\Windows\system32\locator.exe 09:54:19.0834 0248 RpcLocator - ok 09:54:19.0851 0248 [ 5C627D1B1138676C0A7AB2C2C190D123 ] RpcSs C:\Windows\system32\rpcss.dll 09:54:19.0854 0248 RpcSs - ok 09:54:19.0865 0248 [ DDC86E4F8E7456261E637E3552E804FF ] rspndr C:\Windows\system32\DRIVERS\rspndr.sys 09:54:19.0867 0248 rspndr - ok 09:54:19.0870 0248 [ C118A82CD78818C29AB228366EBF81C3 ] SamSs C:\Windows\system32\lsass.exe 09:54:19.0871 0248 SamSs - ok 09:54:19.0960 0248 [ 1B1B948C2A70EF92AE1D342A26AA89F1 ] SBAMSvc C:\Program Files (x86)\GFI Software\VIPRE\SBAMSvc.exe 09:54:19.0999 0248 SBAMSvc - ok 09:54:20.0018 0248 [ 6E342316E72F4B6FA39C99E06373A1A3 ] sbapifs C:\Windows\system32\DRIVERS\sbapifs.sys 09:54:20.0020 0248 sbapifs - ok 09:54:20.0073 0248 [ C0ACD574F740C5781031FD533C2494F5 ] SbFw C:\Windows\system32\drivers\SbFw.sys 09:54:20.0075 0248 SbFw - ok 09:54:20.0086 0248 [ 513B3BFCD3C465B9820C2D05FA94E630 ] SBFWIMCL C:\Windows\system32\DRIVERS\sbfwim.sys 09:54:20.0087 0248 SBFWIMCL - ok 09:54:20.0090 0248 [ 513B3BFCD3C465B9820C2D05FA94E630 ] SBFWIMCLMP C:\Windows\system32\DRIVERS\SBFWIM.sys 09:54:20.0091 0248 SBFWIMCLMP - ok 09:54:20.0101 0248 [ F2C38F62E9C540F40C2A5F6172D9D07B ] sbhips C:\Windows\system32\drivers\sbhips.sys 09:54:20.0103 0248 sbhips - ok 09:54:20.0114 0248 [ AC03AF3329579FFFB455AA2DAABBE22B ] sbp2port C:\Windows\system32\drivers\sbp2port.sys 09:54:20.0116 0248 sbp2port - ok 09:54:20.0123 0248 [ A31E5652995581E77B62F02EFEB5D09E ] SBPIMSvc C:\Program Files (x86)\GFI Software\VIPRE\SBPIMSvc.exe 09:54:20.0124 0248 SBPIMSvc - ok 09:54:20.0130 0248 [ AAE41EFBAD69B78513875C2EB3DE7008 ] SBRE C:\Windows\system32\drivers\SBREdrv.sys 09:54:20.0131 0248 SBRE - ok 09:54:20.0134 0248 [ F9AA83A88EABE22B29D8F293C21AAA4D ] sbwtis C:\Windows\system32\DRIVERS\sbwtis.sys 09:54:20.0134 0248 sbwtis - ok 09:54:20.0141 0248 [ 9B7395789E3791A3B6D000FE6F8B131E ] SCardSvr C:\Windows\System32\SCardSvr.dll 09:54:20.0144 0248 SCardSvr - ok 09:54:20.0154 0248 [ 253F38D0D7074C02FF8DEB9836C97D2B ] scfilter C:\Windows\system32\DRIVERS\scfilter.sys 09:54:20.0156 0248 scfilter - ok 09:54:20.0176 0248 [ 262F6592C3299C005FD6BEC90FC4463A ] Schedule C:\Windows\system32\schedsvc.dll 09:54:20.0193 0248 Schedule - ok 09:54:20.0204 0248 [ F17D1D393BBC69C5322FBFAFACA28C7F ] SCPolicySvc C:\Windows\System32\certprop.dll 09:54:20.0205 0248 SCPolicySvc - ok 09:54:20.0218 0248 [ 6EA4234DC55346E0709560FE7C2C1972 ] SDRSVC C:\Windows\System32\SDRSVC.dll 09:54:20.0220 0248 SDRSVC - ok 09:54:20.0236 0248 [ 3EA8A16169C26AFBEB544E0E48421186 ] secdrv C:\Windows\system32\drivers\secdrv.sys 09:54:20.0237 0248 secdrv - ok 09:54:20.0243 0248 [ BC617A4E1B4FA8DF523A061739A0BD87 ] seclogon C:\Windows\system32\seclogon.dll 09:54:20.0245 0248 seclogon - ok 09:54:20.0262 0248 [ C32AB8FA018EF34C0F113BD501436D21 ] SENS C:\Windows\System32\sens.dll 09:54:20.0264 0248 SENS - ok 09:54:20.0275 0248 [ 0336CFFAFAAB87A11541F1CF1594B2B2 ] SensrSvc C:\Windows\system32\sensrsvc.dll 09:54:20.0277 0248 SensrSvc - ok 09:54:20.0283 0248 [ CB624C0035412AF0DEBEC78C41F5CA1B ] Serenum C:\Windows\system32\drivers\serenum.sys 09:54:20.0284 0248 Serenum - ok 09:54:20.0293 0248 [ C1D8E28B2C2ADFAEC4BA89E9FDA69BD6 ] Serial C:\Windows\system32\drivers\serial.sys 09:54:20.0295 0248 Serial - ok 09:54:20.0297 0248 [ 1C545A7D0691CC4A027396535691C3E3 ] sermouse C:\Windows\system32\drivers\sermouse.sys 09:54:20.0298 0248 sermouse - ok 09:54:20.0309 0248 [ 0B6231BF38174A1628C4AC812CC75804 ] SessionEnv C:\Windows\system32\sessenv.dll 09:54:20.0312 0248 SessionEnv - ok 09:54:20.0314 0248 [ A554811BCD09279536440C964AE35BBF ] sffdisk C:\Windows\system32\drivers\sffdisk.sys 09:54:20.0314 0248 sffdisk - ok 09:54:20.0316 0248 [ FF414F0BAEFEBA59BC6C04B3DB0B87BF ] sffp_mmc C:\Windows\system32\drivers\sffp_mmc.sys 09:54:20.0317 0248 sffp_mmc - ok 09:54:20.0327 0248 [ DD85B78243A19B59F0637DCF284DA63C ] sffp_sd C:\Windows\system32\drivers\sffp_sd.sys 09:54:20.0328 0248 sffp_sd - ok 09:54:20.0330 0248 [ A9D601643A1647211A1EE2EC4E433FF4 ] sfloppy C:\Windows\system32\drivers\sfloppy.sys 09:54:20.0330 0248 sfloppy - ok 09:54:20.0355 0248 [ C6CC9297BD53E5229653303E556AA539 ] Sftfs C:\Windows\system32\DRIVERS\Sftfslh.sys 09:54:20.0360 0248 Sftfs - ok 09:54:20.0396 0248 [ 13693B6354DD6E72DC5131DA7D764B90 ] sftlist C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe 09:54:20.0399 0248 sftlist - ok 09:54:20.0411 0248 [ 390AA7BC52CEE43F6790CDEA1E776703 ] Sftplay C:\Windows\system32\DRIVERS\Sftplaylh.sys 09:54:20.0413 0248 Sftplay - ok 09:54:20.0419 0248 [ 617E29A0B0A2807466560D4C4E338D3E ] Sftredir C:\Windows\system32\DRIVERS\Sftredirlh.sys 09:54:20.0420 0248 Sftredir - ok 09:54:20.0423 0248 [ 8F571F016FA1976F445147E9E6C8AE9B ] Sftvol C:\Windows\system32\DRIVERS\Sftvollh.sys 09:54:20.0423 0248 Sftvol - ok 09:54:20.0431 0248 [ C3CDDD18F43D44AB713CF8C4916F7696 ] sftvsa C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe 09:54:20.0432 0248 sftvsa - ok 09:54:20.0439 0248 [ B95F6501A2F8B2E78C697FEC401970CE ] SharedAccess C:\Windows\System32\ipnathlp.dll 09:54:20.0442 0248 SharedAccess - ok 09:54:20.0453 0248 [ AAF932B4011D14052955D4B212A4DA8D ] ShellHWDetection C:\Windows\System32\shsvcs.dll 09:54:20.0455 0248 ShellHWDetection - ok 09:54:20.0469 0248 [ 843CAF1E5FDE1FFD5FF768F23A51E2E1 ] SiSRaid2 C:\Windows\system32\drivers\SiSRaid2.sys 09:54:20.0470 0248 SiSRaid2 - ok 09:54:20.0478 0248 [ 6A6C106D42E9FFFF8B9FCB4F754F6DA4 ] SiSRaid4 C:\Windows\system32\drivers\sisraid4.sys 09:54:20.0480 0248 SiSRaid4 - ok 09:54:20.0518 0248 [ F07AF60B152221472FBDB2FECEC4896D ] SkypeUpdate C:\Program Files (x86)\Skype\Updater\Updater.exe 09:54:20.0519 0248 SkypeUpdate - ok 09:54:20.0529 0248 [ 548260A7B8654E024DC30BF8A7C5BAA4 ] Smb C:\Windows\system32\DRIVERS\smb.sys 09:54:20.0530 0248 Smb - ok 09:54:20.0555 0248 [ 6313F223E817CC09AA41811DAA7F541D ] SNMPTRAP C:\Windows\System32\snmptrap.exe 09:54:20.0556 0248 SNMPTRAP - ok 09:54:20.0562 0248 [ B9E31E5CACDFE584F34F730A677803F9 ] spldr C:\Windows\system32\drivers\spldr.sys 09:54:20.0564 0248 spldr - ok 09:54:20.0589 0248 [ 85DAA09A98C9286D4EA2BA8D0E644377 ] Spooler C:\Windows\System32\spoolsv.exe 09:54:20.0592 0248 Spooler - ok 09:54:20.0634 0248 [ E17E0188BB90FAE42D83E98707EFA59C ] sppsvc C:\Windows\system32\sppsvc.exe 09:54:20.0669 0248 sppsvc - ok 09:54:20.0676 0248 [ 93D7D61317F3D4BC4F4E9F8A96A7DE45 ] sppuinotify C:\Windows\system32\sppuinotify.dll 09:54:20.0678 0248 sppuinotify - ok 09:54:20.0693 0248 [ 441FBA48BFF01FDB9D5969EBC1838F0B ] srv C:\Windows\system32\DRIVERS\srv.sys 09:54:20.0696 0248 srv - ok 09:54:20.0702 0248 [ B4ADEBBF5E3677CCE9651E0F01F7CC28 ] srv2 C:\Windows\system32\DRIVERS\srv2.sys 09:54:20.0705 0248 srv2 - ok 09:54:20.0708 0248 [ 27E461F0BE5BFF5FC737328F749538C3 ] srvnet C:\Windows\system32\DRIVERS\srvnet.sys 09:54:20.0709 0248 srvnet - ok 09:54:20.0721 0248 [ 51B52FBD583CDE8AA9BA62B8B4298F33 ] SSDPSRV C:\Windows\System32\ssdpsrv.dll 09:54:20.0724 0248 SSDPSRV - ok 09:54:20.0730 0248 [ AB7AEBF58DAD8DAAB7A6C45E6A8885CB ] SstpSvc C:\Windows\system32\sstpsvc.dll 09:54:20.0733 0248 SstpSvc - ok 09:54:20.0757 0248 [ 855335BF5792E56164F98C012E3D92DD ] ssudmdm C:\Windows\system32\DRIVERS\ssudmdm.sys 09:54:20.0759 0248 ssudmdm - ok 09:54:20.0772 0248 [ F3817967ED533D08327DC73BC4D5542A ] stexstor C:\Windows\system32\drivers\stexstor.sys 09:54:20.0773 0248 stexstor - ok 09:54:20.0792 0248 [ 8DD52E8E6128F4B2DA92CE27402871C1 ] stisvc C:\Windows\System32\wiaservc.dll 09:54:20.0797 0248 stisvc - ok 09:54:20.0806 0248 [ D01EC09B6711A5F8E7E6564A4D0FBC90 ] swenum C:\Windows\system32\drivers\swenum.sys 09:54:20.0807 0248 swenum - ok 09:54:20.0821 0248 [ E08E46FDD841B7184194011CA1955A0B ] swprv C:\Windows\System32\swprv.dll 09:54:20.0825 0248 swprv - ok 09:54:20.0851 0248 [ BF9CCC0BF39B418C8D0AE8B05CF95B7D ] SysMain C:\Windows\system32\sysmain.dll 09:54:20.0876 0248 SysMain - ok 09:54:20.0880 0248 [ E3C61FD7B7C2557E1F1B0B4CEC713585 ] TabletInputService C:\Windows\System32\TabSvc.dll 09:54:20.0882 0248 TabletInputService - ok 09:54:20.0892 0248 [ 40F0849F65D13EE87B9A9AE3C1DD6823 ] TapiSrv C:\Windows\System32\tapisrv.dll 09:54:20.0895 0248 TapiSrv - ok 09:54:20.0907 0248 [ 1BE03AC720F4D302EA01D40F588162F6 ] TBS C:\Windows\System32\tbssvc.dll 09:54:20.0908 0248 TBS - ok 09:54:20.0940 0248 [ ACB82BDA8F46C84F465C1AFA517DC4B9 ] Tcpip C:\Windows\system32\drivers\tcpip.sys 09:54:20.0966 0248 Tcpip - ok 09:54:20.0990 0248 [ ACB82BDA8F46C84F465C1AFA517DC4B9 ] TCPIP6 C:\Windows\system32\DRIVERS\tcpip.sys 09:54:20.0998 0248 TCPIP6 - ok 09:54:21.0019 0248 [ DF687E3D8836BFB04FCC0615BF15A519 ] tcpipreg C:\Windows\system32\drivers\tcpipreg.sys 09:54:21.0021 0248 tcpipreg - ok 09:54:21.0034 0248 [ 3371D21011695B16333A3934340C4E7C ] TDPIPE C:\Windows\system32\drivers\tdpipe.sys 09:54:21.0035 0248 TDPIPE - ok 09:54:21.0047 0248 [ 51C5ECEB1CDEE2468A1748BE550CFBC8 ] TDTCP C:\Windows\system32\drivers\tdtcp.sys 09:54:21.0049 0248 TDTCP - ok 09:54:21.0051 0248 [ DDAD5A7AB24D8B65F8D724F5C20FD806 ] tdx C:\Windows\system32\DRIVERS\tdx.sys 09:54:21.0053 0248 tdx - ok 09:54:21.0061 0248 [ 561E7E1F06895D78DE991E01DD0FB6E5 ] TermDD C:\Windows\system32\drivers\termdd.sys 09:54:21.0063 0248 TermDD - ok 09:54:21.0074 0248 [ 2E648163254233755035B46DD7B89123 ] TermService C:\Windows\System32\termsrv.dll 09:54:21.0079 0248 TermService - ok 09:54:21.0086 0248 [ F0344071948D1A1FA732231785A0664C ] Themes C:\Windows\system32\themeservice.dll 09:54:21.0088 0248 Themes - ok 09:54:21.0098 0248 [ E40E80D0304A73E8D269F7141D77250B ] THREADORDER C:\Windows\system32\mmcss.dll 09:54:21.0099 0248 THREADORDER - ok 09:54:21.0109 0248 [ 7E7AFD841694F6AC397E99D75CEAD49D ] TrkWks C:\Windows\System32\trkwks.dll 09:54:21.0111 0248 TrkWks - ok 09:54:21.0145 0248 [ 773212B2AAA24C1E31F10246B15B276C ] TrustedInstaller C:\Windows\servicing\TrustedInstaller.exe 09:54:21.0146 0248 TrustedInstaller - ok 09:54:21.0156 0248 [ CE18B2CDFC837C99E5FAE9CA6CBA5D30 ] tssecsrv C:\Windows\system32\DRIVERS\tssecsrv.sys 09:54:21.0158 0248 tssecsrv - ok 09:54:21.0172 0248 [ D11C783E3EF9A3C52C0EBE83CC5000E9 ] TsUsbFlt C:\Windows\system32\drivers\tsusbflt.sys 09:54:21.0173 0248 TsUsbFlt - ok 09:54:21.0176 0248 [ 9CC2CCAE8A84820EAECB886D477CBCB8 ] TsUsbGD C:\Windows\system32\drivers\TsUsbGD.sys 09:54:21.0177 0248 TsUsbGD - ok 09:54:21.0197 0248 [ 3566A8DAAFA27AF944F5D705EAA64894 ] tunnel C:\Windows\system32\DRIVERS\tunnel.sys 09:54:21.0199 0248 tunnel - ok 09:54:21.0207 0248 [ B4DD609BD7E282BFC683CEC7EAAAAD67 ] uagp35 C:\Windows\system32\drivers\uagp35.sys 09:54:21.0208 0248 uagp35 - ok 09:54:21.0217 0248 [ FF4232A1A64012BAA1FD97C7B67DF593 ] udfs C:\Windows\system32\DRIVERS\udfs.sys 09:54:21.0219 0248 udfs - ok 09:54:21.0231 0248 [ 3CBDEC8D06B9968ABA702EBA076364A1 ] UI0Detect C:\Windows\system32\UI0Detect.exe 09:54:21.0233 0248 UI0Detect - ok 09:54:21.0244 0248 [ 4BFE1BC28391222894CBF1E7D0E42320 ] uliagpkx C:\Windows\system32\drivers\uliagpkx.sys 09:54:21.0245 0248 uliagpkx - ok 09:54:21.0256 0248 [ DC54A574663A895C8763AF0FA1FF7561 ] umbus C:\Windows\system32\DRIVERS\umbus.sys 09:54:21.0258 0248 umbus - ok 09:54:21.0263 0248 [ B2E8E8CB557B156DA5493BBDDCC1474D ] UmPass C:\Windows\system32\drivers\umpass.sys 09:54:21.0264 0248 UmPass - ok 09:54:21.0288 0248 [ 6617E7CC9DC6729A11BFF54C47CEA7D0 ] UNS C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe 09:54:21.0289 0248 UNS - ok 09:54:21.0304 0248 [ D47EC6A8E81633DD18D2436B19BAF6DE ] upnphost C:\Windows\System32\upnphost.dll 09:54:21.0308 0248 upnphost - ok 09:54:21.0329 0248 [ 82E8F44688E6FAC57B5B7C6FC7ADBC2A ] usbaudio C:\Windows\system32\drivers\usbaudio.sys 09:54:21.0331 0248 usbaudio - ok 09:54:21.0353 0248 [ 6F1A3157A1C89435352CEB543CDB359C ] usbccgp C:\Windows\system32\DRIVERS\usbccgp.sys 09:54:21.0354 0248 usbccgp - ok 09:54:21.0364 0248 [ AF0892A803FDDA7492F595368E3B68E7 ] usbcir C:\Windows\system32\drivers\usbcir.sys 09:54:21.0365 0248 usbcir - ok 09:54:21.0377 0248 [ C025055FE7B87701EB042095DF1A2D7B ] usbehci C:\Windows\system32\DRIVERS\usbehci.sys 09:54:21.0379 0248 usbehci - ok 09:54:21.0394 0248 [ 287C6C9410B111B68B52CA298F7B8C24 ] usbhub C:\Windows\system32\DRIVERS\usbhub.sys 09:54:21.0396 0248 usbhub - ok 09:54:21.0402 0248 [ 9840FC418B4CBD632D3D0A667A725C31 ] usbohci C:\Windows\system32\drivers\usbohci.sys 09:54:21.0404 0248 usbohci - ok 09:54:21.0415 0248 [ 73188F58FB384E75C4063D29413CEE3D ] usbprint C:\Windows\system32\DRIVERS\usbprint.sys 09:54:21.0417 0248 usbprint - ok 09:54:21.0441 0248 [ AAA2513C8AED8B54B189FD0C6B1634C0 ] usbscan C:\Windows\system32\DRIVERS\usbscan.sys 09:54:21.0442 0248 usbscan - ok 09:54:21.0449 0248 [ FED648B01349A3C8395A5169DB5FB7D6 ] USBSTOR C:\Windows\system32\DRIVERS\USBSTOR.SYS 09:54:21.0449 0248 USBSTOR - ok 09:54:21.0458 0248 [ 62069A34518BCF9C1FD9E74B3F6DB7CD ] usbuhci C:\Windows\system32\drivers\usbuhci.sys 09:54:21.0459 0248 usbuhci - ok 09:54:21.0468 0248 [ EDBB23CBCF2CDF727D64FF9B51A6070E ] UxSms C:\Windows\System32\uxsms.dll 09:54:21.0469 0248 UxSms - ok 09:54:21.0476 0248 [ C118A82CD78818C29AB228366EBF81C3 ] VaultSvc C:\Windows\system32\lsass.exe 09:54:21.0477 0248 VaultSvc - ok 09:54:21.0482 0248 [ C5C876CCFC083FF3B128F933823E87BD ] vdrvroot C:\Windows\system32\drivers\vdrvroot.sys 09:54:21.0483 0248 vdrvroot - ok 09:54:21.0498 0248 [ 8D6B481601D01A456E75C3210F1830BE ] vds C:\Windows\System32\vds.exe 09:54:21.0502 0248 vds - ok 09:54:21.0509 0248 [ DA4DA3F5E02943C2DC8C6ED875DE68DD ] vga C:\Windows\system32\DRIVERS\vgapnp.sys 09:54:21.0509 0248 vga - ok 09:54:21.0512 0248 [ 53E92A310193CB3C03BEA963DE7D9CFC ] VgaSave C:\Windows\System32\drivers\vga.sys 09:54:21.0512 0248 VgaSave - ok 09:54:21.0516 0248 [ 2CE2DF28C83AEAF30084E1B1EB253CBB ] vhdmp C:\Windows\system32\drivers\vhdmp.sys 09:54:21.0518 0248 vhdmp - ok 09:54:21.0520 0248 [ E5689D93FFE4E5D66C0178761240DD54 ] viaide C:\Windows\system32\drivers\viaide.sys 09:54:21.0521 0248 viaide - ok 09:54:21.0533 0248 [ D2AAFD421940F640B407AEFAAEBD91B0 ] volmgr C:\Windows\system32\drivers\volmgr.sys 09:54:21.0534 0248 volmgr - ok 09:54:21.0549 0248 [ A255814907C89BE58B79EF2F189B843B ] volmgrx C:\Windows\system32\drivers\volmgrx.sys 09:54:21.0552 0248 volmgrx - ok 09:54:21.0556 0248 [ 0D08D2F3B3FF84E433346669B5E0F639 ] volsnap C:\Windows\system32\drivers\volsnap.sys 09:54:21.0559 0248 volsnap - ok 09:54:21.0571 0248 [ 5E2016EA6EBACA03C04FEAC5F330D997 ] vsmraid C:\Windows\system32\drivers\vsmraid.sys 09:54:21.0573 0248 vsmraid - ok 09:54:21.0598 0248 [ B60BA0BC31B0CB414593E169F6F21CC2 ] VSS C:\Windows\system32\vssvc.exe 09:54:21.0615 0248 VSS - ok 09:54:21.0620 0248 [ 36D4720B72B5C5D9CB2B9C29E9DF67A1 ] vwifibus C:\Windows\system32\DRIVERS\vwifibus.sys 09:54:21.0621 0248 vwifibus - ok 09:54:21.0642 0248 [ 6A3D66263414FF0D6FA754C646612F3F ] vwififlt C:\Windows\system32\DRIVERS\vwififlt.sys 09:54:21.0643 0248 vwififlt - ok 09:54:21.0657 0248 [ 6A638FC4BFDDC4D9B186C28C91BD1A01 ] vwifimp C:\Windows\system32\DRIVERS\vwifimp.sys 09:54:21.0658 0248 vwifimp - ok 09:54:21.0671 0248 [ 1C9D80CC3849B3788048078C26486E1A ] W32Time C:\Windows\system32\w32time.dll 09:54:21.0675 0248 W32Time - ok 09:54:21.0678 0248 [ 4E9440F4F152A7B944CB1663D3935A3E ] WacomPen C:\Windows\system32\drivers\wacompen.sys 09:54:21.0679 0248 WacomPen - ok 09:54:21.0685 0248 [ 356AFD78A6ED4457169241AC3965230C ] WANARP C:\Windows\system32\DRIVERS\wanarp.sys 09:54:21.0686 0248 WANARP - ok 09:54:21.0688 0248 [ 356AFD78A6ED4457169241AC3965230C ] Wanarpv6 C:\Windows\system32\DRIVERS\wanarp.sys 09:54:21.0689 0248 Wanarpv6 - ok 09:54:21.0743 0248 [ 3CEC96DE223E49EAAE3651FCF8FAEA6C ] WatAdminSvc C:\Windows\system32\Wat\WatAdminSvc.exe 09:54:21.0760 0248 WatAdminSvc - ok 09:54:21.0781 0248 [ 78F4E7F5C56CB9716238EB57DA4B6A75 ] wbengine C:\Windows\system32\wbengine.exe 09:54:21.0798 0248 wbengine - ok 09:54:21.0812 0248 [ 3AA101E8EDAB2DB4131333F4325C76A3 ] WbioSrvc C:\Windows\System32\wbiosrvc.dll 09:54:21.0814 0248 WbioSrvc - ok 09:54:21.0821 0248 [ 7368A2AFD46E5A4481D1DE9D14848EDD ] wcncsvc C:\Windows\System32\wcncsvc.dll 09:54:21.0825 0248 wcncsvc - ok 09:54:21.0834 0248 [ 20F7441334B18CEE52027661DF4A6129 ] WcsPlugInService C:\Windows\System32\WcsPlugInService.dll 09:54:21.0836 0248 WcsPlugInService - ok 09:54:21.0838 0248 [ 72889E16FF12BA0F235467D6091B17DC ] Wd C:\Windows\system32\drivers\wd.sys 09:54:21.0839 0248 Wd - ok 09:54:21.0849 0248 [ 441BD2D7B4F98134C3A4F9FA570FD250 ] Wdf01000 C:\Windows\system32\drivers\Wdf01000.sys 09:54:21.0853 0248 Wdf01000 - ok 09:54:21.0858 0248 [ BF1FC3F79B863C914687A737C2F3D681 ] WdiServiceHost C:\Windows\system32\wdi.dll 09:54:21.0859 0248 WdiServiceHost - ok 09:54:21.0861 0248 [ BF1FC3F79B863C914687A737C2F3D681 ] WdiSystemHost C:\Windows\system32\wdi.dll 09:54:21.0863 0248 WdiSystemHost - ok 09:54:21.0876 0248 [ 3DB6D04E1C64272F8B14EB8BC4616280 ] WebClient C:\Windows\System32\webclnt.dll 09:54:21.0879 0248 WebClient - ok 09:54:21.0886 0248 [ C749025A679C5103E575E3B48E092C43 ] Wecsvc C:\Windows\system32\wecsvc.dll 09:54:21.0889 0248 Wecsvc - ok 09:54:21.0898 0248 [ 7E591867422DC788B9E5BD337A669A08 ] wercplsupport C:\Windows\System32\wercplsupport.dll 09:54:21.0901 0248 wercplsupport - ok 09:54:21.0906 0248 [ 6D137963730144698CBD10F202E9F251 ] WerSvc C:\Windows\System32\WerSvc.dll 09:54:21.0908 0248 WerSvc - ok 09:54:21.0918 0248 [ 611B23304BF067451A9FDEE01FBDD725 ] WfpLwf C:\Windows\system32\DRIVERS\wfplwf.sys 09:54:21.0920 0248 WfpLwf - ok 09:54:21.0927 0248 [ 05ECAEC3E4529A7153B3136CEB49F0EC ] WIMMount C:\Windows\system32\drivers\wimmount.sys 09:54:21.0928 0248 WIMMount - ok 09:54:21.0938 0248 WinDefend - ok 09:54:21.0940 0248 WinHttpAutoProxySvc - ok 09:54:21.0972 0248 [ 19B07E7E8915D701225DA41CB3877306 ] Winmgmt C:\Windows\system32\wbem\WMIsvc.dll 09:54:21.0974 0248 Winmgmt - ok 09:54:22.0000 0248 [ BCB1310604AA415C4508708975B3931E ] WinRM C:\Windows\system32\WsmSvc.dll 09:54:22.0025 0248 WinRM - ok 09:54:22.0063 0248 [ FE88B288356E7B47B74B13372ADD906D ] WinUSB C:\Windows\system32\DRIVERS\WinUSB.sys 09:54:22.0064 0248 WinUSB - ok 09:54:22.0077 0248 [ 4FADA86E62F18A1B2F42BA18AE24E6AA ] Wlansvc C:\Windows\System32\wlansvc.dll 09:54:22.0081 0248 Wlansvc - ok 09:54:22.0112 0248 [ 06C8FA1CF39DE6A735B54D906BA791C6 ] wlcrasvc C:\Program Files\Windows Live\Mesh\wlcrasvc.exe 09:54:22.0113 0248 wlcrasvc - ok 09:54:22.0153 0248 [ 2BACD71123F42CEA603F4E205E1AE337 ] wlidsvc C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE 09:54:22.0162 0248 wlidsvc - ok 09:54:22.0177 0248 [ F6FF8944478594D0E414D3F048F0D778 ] WmiAcpi C:\Windows\system32\drivers\wmiacpi.sys 09:54:22.0178 0248 WmiAcpi - ok 09:54:22.0189 0248 [ 38B84C94C5A8AF291ADFEA478AE54F93 ] wmiApSrv C:\Windows\system32\wbem\WmiApSrv.exe 09:54:22.0191 0248 wmiApSrv - ok 09:54:22.0202 0248 WMPNetworkSvc - ok 09:54:22.0212 0248 [ 96C6E7100D724C69FCF9E7BF590D1DCA ] WPCSvc C:\Windows\System32\wpcsvc.dll 09:54:22.0214 0248 WPCSvc - ok 09:54:22.0221 0248 [ 93221146D4EBBF314C29B23CD6CC391D ] WPDBusEnum C:\Windows\system32\wpdbusenum.dll 09:54:22.0224 0248 WPDBusEnum - ok 09:54:22.0228 0248 [ 6BCC1D7D2FD2453957C5479A32364E52 ] ws2ifsl C:\Windows\system32\drivers\ws2ifsl.sys 09:54:22.0229 0248 ws2ifsl - ok 09:54:22.0240 0248 [ E8B1FE6669397D1772D8196DF0E57A9E ] wscsvc C:\Windows\System32\wscsvc.dll 09:54:22.0242 0248 wscsvc - ok 09:54:22.0243 0248 WSearch - ok 09:54:22.0291 0248 [ D9EF901DCA379CFE914E9FA13B73B4C4 ] wuauserv C:\Windows\system32\wuaueng.dll 09:54:22.0316 0248 wuauserv - ok 09:54:22.0322 0248 [ D3381DC54C34D79B22CEE0D65BA91B7C ] WudfPf C:\Windows\system32\drivers\WudfPf.sys 09:54:22.0323 0248 WudfPf - ok 09:54:22.0330 0248 [ CF8D590BE3373029D57AF80914190682 ] WUDFRd C:\Windows\system32\DRIVERS\WUDFRd.sys 09:54:22.0331 0248 WUDFRd - ok 09:54:22.0340 0248 [ 7A95C95B6C4CF292D689106BCAE49543 ] wudfsvc C:\Windows\System32\WUDFSvc.dll 09:54:22.0343 0248 wudfsvc - ok 09:54:22.0351 0248 [ 9A3452B3C2A46C073166C5CF49FAD1AE ] WwanSvc C:\Windows\System32\wwansvc.dll 09:54:22.0354 0248 WwanSvc - ok 09:54:22.0361 0248 ================ Scan global =============================== 09:54:22.0372 0248 [ BA0CD8C393E8C9F83354106093832C7B ] C:\Windows\system32\basesrv.dll 09:54:22.0386 0248 [ EB6A48CC998E1090E44E8E7F1009A640 ] C:\Windows\system32\winsrv.dll 09:54:22.0391 0248 [ EB6A48CC998E1090E44E8E7F1009A640 ] C:\Windows\system32\winsrv.dll 09:54:22.0397 0248 [ D6160F9D869BA3AF0B787F971DB56368 ] C:\Windows\system32\sxssrv.dll 09:54:22.0424 0248 [ 24ACB7E5BE595468E3B9AA488B9B4FCB ] C:\Windows\system32\services.exe 09:54:22.0426 0248 [Global] - ok 09:54:22.0426 0248 ================ Scan MBR ================================== 09:54:22.0433 0248 [ A36C5E4F47E84449FF07ED3517B43A31 ] \Device\Harddisk0\DR0 09:54:22.0553 0248 \Device\Harddisk0\DR0 - ok 09:54:22.0553 0248 ================ Scan VBR ================================== 09:54:22.0555 0248 [ D2FE34C7B3FB24C5DECB5B5FE33F131F ] \Device\Harddisk0\DR0\Partition1 09:54:22.0556 0248 \Device\Harddisk0\DR0\Partition1 - ok 09:54:22.0572 0248 [ 838308FFABEC079BB34D6E1879653794 ] \Device\Harddisk0\DR0\Partition2 09:54:22.0574 0248 \Device\Harddisk0\DR0\Partition2 - ok 09:54:22.0574 0248 ============================================================ 09:54:22.0574 0248 Scan finished 09:54:22.0574 0248 ============================================================ 09:54:22.0579 2216 Detected object count: 0 09:54:22.0579 2216 Actual detected object count: 0 RogueKiller V8.0.2 [08/31/2012] by Tigzy mail: tigzyRK<at>gmail<dot>com Feedback: http://www.geekstogo.com/forum/files/file/413-roguekiller/ Blog: http://tigzyrk.blogspot.com Operating System: Windows 7 (6.1.7601 Service Pack 1) 64 bits version Started in : Normal mode User : Stephen Office [Admin rights] Mode : Scan -- Date : 09/08/2012 09:58:15 ¤¤¤ Bad processes : 1 ¤¤¤ [sVCHOST] svchost.exe -- C:\Users\Stephen Office\AppData\Local\Temp\svchost.exe -> KILLED [TermProc] ¤¤¤ Registry Entries : 11 ¤¤¤ [RUN][sUSP PATH] HKCU\[...]\Run : Snapseed ("C:\Users\Stephen Office\AppData\Roaming\Snapseed\Snapseed.exe") -> FOUND [RUN][sUSP PATH] HKCU\[...]\Run : Steam ("C:\Users\Stephen Office\AppData\Roaming\Steam\steam.exe") -> FOUND [RUN][HJNAME] HKCU\[...]\Run : Windows Updater ("C:\Users\Stephen Office\AppData\Local\Temp\svchost.exe") -> FOUND [RUN][sUSP PATH] HKUS\S-1-5-21-3708766167-61689912-231149725-1000[...]\Run : Snapseed ("C:\Users\Stephen Office\AppData\Roaming\Snapseed\Snapseed.exe") -> FOUND [RUN][sUSP PATH] HKUS\S-1-5-21-3708766167-61689912-231149725-1000[...]\Run : Steam ("C:\Users\Stephen Office\AppData\Roaming\Steam\steam.exe") -> FOUND [RUN][HJNAME] HKUS\S-1-5-21-3708766167-61689912-231149725-1000[...]\Run : Windows Updater ("C:\Users\Stephen Office\AppData\Local\Temp\svchost.exe") -> FOUND [sTARTUP][sUSP PATH] Best Buy pc app.lnk @Default : C:\ProgramData\Best Buy pc app\ClickOnceSetup.exe -> FOUND [sTARTUP][sUSP PATH] Best Buy pc app.lnk @Default User : C:\ProgramData\Best Buy pc app\ClickOnceSetup.exe -> FOUND [HJ SMENU] HKCU\[...]\Advanced : Start_ShowMyGames (0) -> FOUND [HJ DESK] HKLM\[...]\NewStartPanel : {59031a47-3f72-44a7-89c5-5595fe6b30ee} (1) -> FOUND [HJ DESK] HKLM\[...]\NewStartPanel : {20D04FE0-3AEA-1069-A2D8-08002B30309D} (1) -> FOUND ¤¤¤ Particular Files / Folders: ¤¤¤ ¤¤¤ Driver : [NOT LOADED] ¤¤¤ ¤¤¤ Infection : ¤¤¤ ¤¤¤ HOSTS File: ¤¤¤ --> C:\Windows\system32\drivers\etc\hosts ¤¤¤ MBR Check: ¤¤¤ +++++ PhysicalDrive0: ST1000DM003-9YN162 +++++ --- User --- [MBR] 4af6bf70c69f8ceb732bdd1551bdb956 [bSP] d8561dcf563882ab125a0ba050e7d21f : Windows 7 MBR Code Partition table: 0 - [XXXXXX] ACER (0x27) [VISIBLE] Offset (sectors): 2048 | Size: 14336 Mo 1 - [ACTIVE] NTFS (0x07) [VISIBLE] Offset (sectors): 29362176 | Size: 100 Mo 2 - [XXXXXX] NTFS (0x07) [VISIBLE] Offset (sectors): 29566976 | Size: 939431 Mo User = LL1 ... OK! User = LL2 ... OK! Finished : << RKreport[1].txt >> RKreport[1].txt
  11. . DDS (Ver_2011-08-26.01) - NTFSAMD64 Internet Explorer: 9.0.8112.16421 BrowserJavaVersion: 10.7.2 Run by Stephen Office at 9:22:55 on 2012-09-08 Microsoft Windows 7 Home Premium 6.1.7601.1.1252.1.1033.18.8071.5794 [GMT -4:00] . AV: GFI Software VIPRE *Enabled/Updated* {E0D97DD4-42BA-B3F2-A5A7-22E9ACE81FC7} SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46} SP: GFI Software VIPRE *Enabled/Updated* {5BB89C30-6480-BC7C-9F17-199BD76F557A} FW: GFI Software VIPRE *Enabled* {D8E2FCF1-08D5-B2AA-8EF8-8BDC523B58BC} . ============== Running Processes =============== . C:\Windows\system32\wininit.exe C:\Windows\system32\lsm.exe C:\Windows\system32\svchost.exe -k DcomLaunch C:\Windows\system32\svchost.exe -k RPCSS C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted C:\Windows\system32\svchost.exe -k netsvcs C:\Windows\system32\svchost.exe -k LocalService C:\Windows\system32\svchost.exe -k NetworkService C:\Windows\System32\spoolsv.exe C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork C:\Windows\system32\taskhost.exe C:\Windows\system32\Dwm.exe C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe C:\Program Files (x86)\Microsoft\BingBar\SeaPort.EXE C:\Program Files (x86)\Common Files\Nuance\dgnsvc.exe C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation C:\Program Files (x86)\Gateway\Registration\GREGsvc.exe C:\Windows\Explorer.EXE C:\Program Files\Intel\iCLS Client\HeciServer.exe C:\Program Files (x86)\Intel\Intel® Management Engine Components\DAL\jhi_service.exe C:\Program Files\Gateway\Gateway Updater\UpdaterService.exe C:\Windows\SysWOW64\NLSSRV32.EXE C:\Program Files (x86)\GFI Software\VIPRE\SBPIMSvc.exe C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe C:\Windows\system32\svchost.exe -k imgsvc C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe C:\Windows\System32\igfxtray.exe C:\Program Files (x86)\Common Files\Comscan\Comscan.exe C:\Windows\System32\hkcmd.exe C:\Windows\System32\igfxpers.exe C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe C:\Program Files (x86)\Google\Drive\googledrivesync.exe C:\ProgramData\FLEXnet\Connect\11\ISUSPM.exe C:\Users\Stephen Office\AppData\Local\Google\Chrome\Application\chrome.exe C:\Program Files (x86)\Skype\Phone\Skype.exe C:\Program Files (x86)\Google\Drive\googledrivesync.exe C:\Program Files (x86)\Intel\Intel® USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe C:\Program Files (x86)\CyberLink\PowerDVD10\PDVD10Serv.exe C:\Program Files (x86)\Gateway\Hotkey Utility\HotkeyUtility.exe C:\Program Files (x86)\Evernote\Evernote\EvernoteClipper.exe C:\Program Files (x86)\RateWatch\RateWatch.exe C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe C:\Program Files (x86)\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted C:\Windows\system32\SearchIndexer.exe C:\Program Files (x86)\GFI Software\VIPRE\SBAMTray.exe C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe C:\Windows\system32\WUDFHost.exe C:\Users\Stephen Office\AppData\Local\Google\Chrome\Application\chrome.exe C:\Users\Stephen Office\AppData\Local\Google\Chrome\Application\chrome.exe C:\Users\Stephen Office\AppData\Local\Google\Chrome\Application\chrome.exe C:\Users\Stephen Office\AppData\Local\Google\Chrome\Application\chrome.exe C:\Users\Stephen Office\AppData\Local\Google\Chrome\Application\chrome.exe C:\Program Files (x86)\GFI Software\VIPRE\SBAMSvc.exe "C:\Users\Stephen Office\AppData\Local\Temp\svchost.exe" C:\Windows\Microsoft.NET\Framework\v2.0.50727\dw20.exe C:\Program Files\Windows Media Player\wmpnetwk.exe C:\Windows\System32\svchost.exe -k LocalServicePeerNet C:\Users\Stephen Office\AppData\Local\Google\Chrome\Application\chrome.exe C:\Windows\system32\DllHost.exe C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe C:\Program Files (x86)\Nero\Update\NASvc.exe C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe C:\Users\Stephen Office\AppData\Local\Google\Chrome\Application\chrome.exe C:\Users\Stephen Office\AppData\Local\Google\Chrome\Application\chrome.exe C:\Users\Stephen Office\AppData\Local\Google\Chrome\Application\chrome.exe C:\Users\Stephen Office\AppData\Local\Google\Chrome\Application\chrome.exe C:\Users\Stephen Office\AppData\Local\Google\Chrome\Application\chrome.exe C:\Windows\system32\taskeng.exe C:\Windows\system32\taskeng.exe C:\Windows\system32\DllHost.exe C:\Windows\system32\DllHost.exe C:\Windows\SysWOW64\cmd.exe C:\Windows\system32\conhost.exe C:\Windows\SysWOW64\cscript.exe C:\Windows\system32\wbem\wmiprvse.exe . ============== Pseudo HJT Report =============== . uStart Page = hxxp://www.google.com/ uDefault_Page_URL = hxxp://www.bing.com/?pc=MAGW mDefault_Page_URL = hxxp://www.bing.com/?pc=MAGW mStart Page = hxxp://www.bing.com/?pc=MAGW mWinlogon: Userinit=userinit.exe, BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll BHO: Java Plug-In SSV Helper: {761497bb-d6f0-462c-b6eb-d4daf1d92d43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll BHO: Windows Live ID Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll BHO: Bing Bar Helper: {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - "C:\Program Files (x86)\Microsoft\BingBar\BingExt.dll" BHO: Java Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll TB: Bing Bar: {8dcb7100-df86-4384-8842-8fa844297b3f} - "C:\Program Files (x86)\Microsoft\BingBar\BingExt.dll" TB: {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - No File uRun: [Google Update] "C:\Users\Stephen Office\AppData\Local\Google\Update\GoogleUpdate.exe" /c uRun: [GoogleDriveSync] "C:\Program Files (x86)\Google\Drive\googledrivesync.exe" /autostart uRun: [iSUSPM] C:\ProgramData\FLEXnet\Connect\11\ISUSPM.exe -scheduler uRun: [snapseed] "C:\Users\Stephen Office\AppData\Roaming\Snapseed\Snapseed.exe" uRun: [GoogleChromeAutoLaunch_7BCCD22CCD6B50943C05683EEFDFE4FC] "C:\Users\Stephen Office\AppData\Local\Google\Chrome\Application\chrome.exe" --no-startup-window uRun: [steam] "C:\Users\Stephen Office\AppData\Roaming\Steam\steam.exe" uRun: [skype] "C:\Program Files (x86)\Skype\Phone\Skype.exe" /minimized /regrun uRun: [Windows Updater] "C:\Users\Stephen Office\AppData\Local\Temp\svchost.exe" mRun: [uSB3MON] "C:\Program Files (x86)\Intel\Intel® USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe" mRun: [RemoteControl10] "C:\Program Files (x86)\CyberLink\PowerDVD10\PDVD10Serv.exe" mRun: [Hotkey Utility] C:\Program Files (x86)\Gateway\Hotkey Utility\HotkeyUtility.exe mRun: [DNS7reminder] "C:\Program Files (x86)\Nuance\NaturallySpeaking11\Ereg\Ereg.exe" -r "C:\ProgramData\Nuance\NaturallySpeaking11\Ereg.ini" mRun: [Malwarebytes' Anti-Malware] "C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe" /starttray mRun: [sBAMTray] "C:\Program Files (x86)\GFI Software\VIPRE\SBAMTray.exe" mRun: [sunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe" StartupFolder: C:\Users\STEPHE~1\AppData\Roaming\MICROS~1\Windows\STARTM~1\Programs\Startup\EVERNO~1.LNK - C:\Program Files (x86)\Evernote\Evernote\EvernoteClipper.exe StartupFolder: C:\Users\STEPHE~1\AppData\Roaming\MICROS~1\Windows\STARTM~1\Programs\Startup\RATEWA~1.LNK - C:\Program Files (x86)\RateWatch\RateWatch.exe mPolicies-explorer: NoActiveDesktop = 1 (0x1) mPolicies-system: ConsentPromptBehaviorAdmin = 5 (0x5) mPolicies-system: ConsentPromptBehaviorUser = 3 (0x3) mPolicies-system: EnableUIADesktopToggle = 0 (0x0) mPolicies-system: PromptOnSecureDesktop = 0 (0x0) mPolicies-system: EnableLinkedConnections = 1 (0x1) IE: Add to Evernote 4.0 - C:\Program Files (x86)\Evernote\Evernote\EvernoteIE.dll/204 IE: {A95fe080-8f5d-11d2-a20b-00aa003c157a} - res://C:\Program Files (x86)\Evernote\Evernote\EvernoteIE.dll/204 IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll TCP: DhcpNameServer = 75.75.75.75 75.75.76.76 TCP: Interfaces\{B54D3410-5891-4133-A205-A67F367E80A7} : DhcpNameServer = 75.75.75.75 75.75.76.76 TCP: Interfaces\{B54D3410-5891-4133-A205-A67F367E80A7}\D45627369616 : DhcpNameServer = 192.168.1.1 Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~2\COMMON~1\Skype\SKYPE4~1.DLL Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files (x86)\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll mASetup: Neat ADF Scanner 2008 - reg copy "HKLM\Software\Wow6432Node\The Neat Company\Neat ADF Scanner 2008" "HKCU\Software\The Neat Company\Neat ADF Scanner 2008" /s /f BHO-X64: Adobe PDF Link Helper: {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll BHO-X64: AcroIEHelperStub - No File BHO-X64: Java Plug-In SSV Helper: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll BHO-X64: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll BHO-X64: Bing Bar Helper: {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - "C:\Program Files (x86)\Microsoft\BingBar\BingExt.dll" BHO-X64: Java Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll TB-X64: Bing Bar: {8dcb7100-df86-4384-8842-8fa844297b3f} - "C:\Program Files (x86)\Microsoft\BingBar\BingExt.dll" TB-X64: {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - No File mRun-x64: [uSB3MON] "C:\Program Files (x86)\Intel\Intel® USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe" mRun-x64: [RemoteControl10] "C:\Program Files (x86)\CyberLink\PowerDVD10\PDVD10Serv.exe" mRun-x64: [Hotkey Utility] C:\Program Files (x86)\Gateway\Hotkey Utility\HotkeyUtility.exe mRun-x64: [DNS7reminder] "C:\Program Files (x86)\Nuance\NaturallySpeaking11\Ereg\Ereg.exe" -r "C:\ProgramData\Nuance\NaturallySpeaking11\Ereg.ini" mRun-x64: [Malwarebytes' Anti-Malware] "C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe" /starttray mRun-x64: [sBAMTray] "C:\Program Files (x86)\GFI Software\VIPRE\SBAMTray.exe" mRun-x64: [sunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe" IE-X64: {A95fe080-8f5d-11d2-a20b-00aa003c157a} - res://C:\Program Files (x86)\Evernote\Evernote\EvernoteIE.dll/204 . ================= FIREFOX =================== . FF - ProfilePath - C:\Users\Stephen Office\AppData\Roaming\Mozilla\Firefox\Profiles\9lrs1zgh.default\ FF - plugin: C:\PROGRA~2\MICROS~4\Office14\NPSPWRAP.DLL FF - plugin: C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll FF - plugin: C:\Program Files (x86)\Google\Update\1.3.21.115\npGoogleUpdate3.dll FF - plugin: C:\Program Files (x86)\Intel\Intel® Management Engine Components\IPT\npIntelWebAPIIPT.dll FF - plugin: C:\Program Files (x86)\Intel\Intel® Management Engine Components\IPT\npIntelWebAPIUpdater.dll FF - plugin: c:\Program Files (x86)\Microsoft Silverlight\4.1.10329.0\npctrlui.dll FF - plugin: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll FF - plugin: C:\ProgramData\Best Buy pc app\npBestBuyPcAppDetector.dll FF - plugin: C:\Users\Stephen Office\AppData\Local\Google\Update\1.3.21.115\npGoogleUpdate3.dll FF - plugin: C:\Users\Stephen Office\AppData\Roaming\Mozilla\plugins\npgoogletalk.dll FF - plugin: C:\Users\Stephen Office\AppData\Roaming\Mozilla\plugins\npgtpo3dautoplugin.dll . ============= SERVICES / DRIVERS =============== . R0 iusb3hcs;Intel® USB 3.0 Host Controller Switch Driver;C:\Windows\system32\DRIVERS\iusb3hcs.sys --> C:\Windows\system32\DRIVERS\iusb3hcs.sys [?] R1 SbFw;SbFw;C:\Windows\system32\drivers\SbFw.sys --> C:\Windows\system32\drivers\SbFw.sys [?] R1 SBRE;SBRE;C:\Windows\System32\drivers\SBREDrv.sys [2012-1-25 101112] R1 vwififlt;Virtual WiFi Filter Driver;C:\Windows\system32\DRIVERS\vwififlt.sys --> C:\Windows\system32\DRIVERS\vwififlt.sys [?] R2 AdobeARMservice;Adobe Acrobat Update Service;C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe [2012-7-27 63960] R2 BBUpdate;BBUpdate;C:\Program Files (x86)\Microsoft\BingBar\SeaPort.EXE [2011-5-12 249648] R2 cvhsvc;Client Virtualization Handler;C:\Program Files (x86)\Common Files\microsoft shared\Virtualization Handler\CVHSVC.EXE [2012-1-4 822624] R2 DragonSvc;Dragon Service;C:\Program Files (x86)\Common Files\Nuance\dgnsvc.exe [2011-6-4 296808] R2 GREGService;GREGService;C:\Program Files (x86)\Gateway\Registration\GREGsvc.exe [2012-2-29 28264] R2 IAStorDataMgrSvc;Intel® Rapid Storage Technology;C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe [2012-5-17 13592] R2 Intel® Capability Licensing Service Interface;Intel® Capability Licensing Service Interface;C:\Program Files\Intel\iCLS Client\HeciServer.exe [2012-2-3 628448] R2 jhi_service;Intel® Dynamic Application Loader Host Interface Service;C:\Program Files (x86)\Intel\Intel® Management Engine Components\DAL\Jhi_service.exe [2012-5-17 161560] R2 Live Updater Service;Live Updater Service;C:\Program Files\Gateway\Gateway Updater\UpdaterService.exe [2012-4-5 255376] R2 MBAMService;MBAMService;C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [2012-8-28 655944] R2 NAUpdate;Nero Update;C:\Program Files (x86)\Nero\Update\NASvc.exe [2011-3-29 598312] R2 nlsX86cc;Nalpeiron Licensing Service;C:\Windows\SysWOW64\NLSSRV32.EXE [2012-8-15 69640] R2 SBAMSvc;VIPRE Internet Security;C:\Program Files (x86)\GFI Software\VIPRE\SBAMSvc.exe [2012-6-22 3289720] R2 sbapifs;sbapifs;C:\Windows\system32\DRIVERS\sbapifs.sys --> C:\Windows\system32\DRIVERS\sbapifs.sys [?] R2 SBPIMSvc;SB Recovery Service;C:\Program Files (x86)\GFI Software\VIPRE\SBPIMSvc.exe [2012-6-22 173960] R2 sftlist;Application Virtualization Client;C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe [2011-10-1 508776] R2 UNS;Intel® Management and Security Application User Notification Service;C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe [2012-5-17 363800] R3 e1cexpress;Intel® PRO/1000 PCI Express Network Connection Driver C;C:\Windows\system32\DRIVERS\e1c62x64.sys --> C:\Windows\system32\DRIVERS\e1c62x64.sys [?] R3 IntcDAud;Intel® Display Audio;C:\Windows\system32\DRIVERS\IntcDAud.sys --> C:\Windows\system32\DRIVERS\IntcDAud.sys [?] R3 iusb3hub;Intel® USB 3.0 Hub Driver;C:\Windows\system32\DRIVERS\iusb3hub.sys --> C:\Windows\system32\DRIVERS\iusb3hub.sys [?] R3 iusb3xhc;Intel® USB 3.0 eXtensible Host Controller Driver;C:\Windows\system32\DRIVERS\iusb3xhc.sys --> C:\Windows\system32\DRIVERS\iusb3xhc.sys [?] R3 MBAMProtector;MBAMProtector;\??\C:\Windows\system32\drivers\mbam.sys --> C:\Windows\system32\drivers\mbam.sys [?] R3 MEIx64;Intel® Management Engine Interface ;C:\Windows\system32\DRIVERS\HECIx64.sys --> C:\Windows\system32\DRIVERS\HECIx64.sys [?] R3 netr28x;Ralink 802.11n Extensible Wireless Driver;C:\Windows\system32\DRIVERS\netr28x.sys --> C:\Windows\system32\DRIVERS\netr28x.sys [?] R3 SBFWIMCLMP;GFI Software Firewall NDIS IM Filter Miniport;C:\Windows\system32\DRIVERS\SBFWIM.sys --> C:\Windows\system32\DRIVERS\SBFWIM.sys [?] R3 sbwtis;sbwtis;C:\Windows\system32\DRIVERS\sbwtis.sys --> C:\Windows\system32\DRIVERS\sbwtis.sys [?] R3 Sftfs;Sftfs;C:\Windows\system32\DRIVERS\Sftfslh.sys --> C:\Windows\system32\DRIVERS\Sftfslh.sys [?] R3 Sftplay;Sftplay;C:\Windows\system32\DRIVERS\Sftplaylh.sys --> C:\Windows\system32\DRIVERS\Sftplaylh.sys [?] R3 Sftredir;Sftredir;C:\Windows\system32\DRIVERS\Sftredirlh.sys --> C:\Windows\system32\DRIVERS\Sftredirlh.sys [?] R3 Sftvol;Sftvol;C:\Windows\system32\DRIVERS\Sftvollh.sys --> C:\Windows\system32\DRIVERS\Sftvollh.sys [?] R3 sftvsa;Application Virtualization Service Agent;C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe [2011-10-1 219496] R3 vwifimp;Microsoft Virtual WiFi Miniport Service;C:\Windows\system32\DRIVERS\vwifimp.sys --> C:\Windows\system32\DRIVERS\vwifimp.sys [?] S2 Agent;Agent;C:\Windows\agent_x64.exe [2012-8-8 102912] S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384] S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-3-18 138576] S2 gupdate;Google Update Service (gupdate);C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2012-7-30 116648] S2 SkypeUpdate;Skype Updater;C:\Program Files (x86)\Skype\Updater\Updater.exe [2012-7-13 160944] S3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service;C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-4-6 253600] S3 BBSvc;Bing Bar Update Service;C:\Program Files (x86)\Microsoft\BingBar\BBSvc.EXE [2011-6-7 191752] S3 cphs;Intel® Content Protection HECI Service;C:\Windows\SysWOW64\IntelCpHeciSvc.exe [2012-4-6 274200] S3 dg_ssudbus;SAMSUNG Mobile USB Composite Device Driver (DEVGURU Ver.);C:\Windows\system32\DRIVERS\ssudbus.sys --> C:\Windows\system32\DRIVERS\ssudbus.sys [?] S3 gupdatem;Google Update Service (gupdatem);C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2012-7-30 116648] S3 MozillaMaintenance;Mozilla Maintenance Service;C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe [2012-7-28 113120] S3 osppsvc;Office Software Protection Platform;C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE [2010-1-9 4925184] S3 Revoflt;Revoflt;C:\Windows\system32\DRIVERS\revoflt.sys --> C:\Windows\system32\DRIVERS\revoflt.sys [?] S3 SBFWIMCL;GFI Software Firewall NDIS IM Filter Service;C:\Windows\system32\DRIVERS\sbfwim.sys --> C:\Windows\system32\DRIVERS\sbfwim.sys [?] S3 sbhips;sbhips;C:\Windows\system32\drivers\sbhips.sys --> C:\Windows\system32\drivers\sbhips.sys [?] S3 ssudmdm;SAMSUNG Mobile USB Modem Drivers (DEVGURU Ver.);C:\Windows\system32\DRIVERS\ssudmdm.sys --> C:\Windows\system32\DRIVERS\ssudmdm.sys [?] S3 TsUsbFlt;TsUsbFlt;C:\Windows\system32\drivers\tsusbflt.sys --> C:\Windows\system32\drivers\tsusbflt.sys [?] S3 TsUsbGD;Remote Desktop Generic USB Device;C:\Windows\system32\drivers\TsUsbGD.sys --> C:\Windows\system32\drivers\TsUsbGD.sys [?] S3 WatAdminSvc;Windows Activation Technologies Service;C:\Windows\system32\Wat\WatAdminSvc.exe --> C:\Windows\system32\Wat\WatAdminSvc.exe [?] S4 wlcrasvc;Windows Live Mesh remote connections service;C:\Program Files\Windows Live\Mesh\wlcrasvc.exe [2010-9-22 57184] . =============== Created Last 30 ================ . 2012-09-08 13:08:24 -------- d-----w- C:\Program Files (x86)\ESET 2012-09-08 12:33:05 413138944 ---h--w- C:\Users\Stephen Office\AppData\Roaming\audiohd.exe 2012-09-08 00:29:36 -------- d-----r- C:\Program Files (x86)\Skype 2012-09-07 02:21:54 -------- d-----w- C:\Users\Stephen Office\AppData\Roaming\foobar2000 2012-09-07 02:21:50 -------- d-----w- C:\Program Files (x86)\foobar2000 2012-09-07 01:42:36 -------- d-----w- C:\Users\Stephen Office\AppData\Roaming\Steam 2012-09-05 16:40:02 95208 ----a-w- C:\Windows\SysWow64\WindowsAccessBridge-32.dll 2012-09-04 19:09:51 -------- d-----w- C:\Program Files (x86)\Common Files\Comscan 2012-09-01 15:55:58 -------- d-----w- C:\Users\Stephen Office\AppData\Local\Proxure 2012-09-01 15:55:57 -------- d-----w- C:\ProgramData\ClubSanDisk 2012-08-29 16:00:56 60864 ----a-w- C:\Users\Stephen Office\g2mdlhlpx.exe 2012-08-28 14:15:51 -------- d-----w- C:\ProgramData\GFI Software 2012-08-28 14:15:33 61184 ----a-w- C:\Windows\System32\drivers\sbhips.sys 2012-08-28 14:15:28 57976 ----a-w- C:\Windows\System32\drivers\sbredrv.sys 2012-08-28 14:15:28 46472 ----a-w- C:\Windows\System32\sbbd.exe 2012-08-28 14:15:28 258304 ----a-w- C:\Windows\System32\drivers\SbFw.sys 2012-08-28 14:15:28 119416 ----a-w- C:\Windows\System32\drivers\SbFwIm.sys 2012-08-28 14:15:20 -------- d-----w- C:\ProgramData\Downloaded Installations 2012-08-28 14:15:08 -------- d-----w- C:\Program Files (x86)\GFI Software 2012-08-28 14:15:01 -------- d-----w- C:\Users\Stephen Office\AppData\Roaming\GFI Software 2012-08-28 14:03:28 -------- d-----w- C:\Users\Stephen Office\AppData\Roaming\Malwarebytes 2012-08-28 14:03:22 24904 ----a-w- C:\Windows\System32\drivers\mbam.sys 2012-08-28 14:03:22 -------- d-----w- C:\ProgramData\Malwarebytes 2012-08-28 14:03:22 -------- d-----w- C:\Program Files (x86)\Malwarebytes' Anti-Malware 2012-08-28 07:51:15 9309624 ----a-w- C:\ProgramData\Microsoft\Windows Defender\Definition Updates\{AD22C2FD-239E-46A1-88E5-41C0D924A524}\mpengine.dll 2012-08-27 21:41:13 -------- d-----w- C:\Users\Stephen Office\AppData\Roaming\Snapseed 2012-08-27 21:17:55 -------- d-----w- C:\Program Files\BinTube 2012-08-27 21:05:17 -------- d-----w- C:\Program Files (x86)\VideoLAN 2012-08-27 21:04:20 -------- d-----w- C:\Users\Stephen Office\AppData\Local\BinTube.com 2012-08-27 21:04:20 -------- d-----w- C:\ProgramData\IsolatedStorage 2012-08-27 21:02:14 -------- d-----w- C:\Program Files (x86)\BinTube 2012-08-22 20:07:57 821736 ----a-w- C:\Windows\SysWow64\npDeployJava1.dll 2012-08-22 20:07:57 746984 ----a-w- C:\Windows\SysWow64\deployJava1.dll 2012-08-20 19:19:55 -------- d-----w- C:\Users\Stephen Office\AppData\Local\Apple 2012-08-16 19:37:12 -------- d-----w- C:\Users\Stephen Office\AppData\Roaming\RateWatch.8120D7806F19A08520F163B2D95EA0AD9E0C0659.1 2012-08-16 19:37:12 -------- d-----w- C:\Program Files (x86)\RateWatch 2012-08-16 19:35:02 -------- d-----w- C:\Users\Stephen Office\AppData\Local\LogMeIn Rescue Applet 2012-08-16 17:40:12 -------- d-----w- C:\Users\Stephen Office\AppData\Roaming\Downloaded Installations 2012-08-16 17:38:09 -------- d-----w- C:\Users\Stephen Office\AppData\Roaming\Smart PDF Editor Pro 2012-08-16 17:38:02 -------- d-----w- C:\Users\Stephen Office\AppData\Roaming\Smart PDF Editor 2012-08-16 17:37:59 -------- d-----w- C:\Program Files (x86)\Common Files\Smart Soft 2012-08-16 17:24:55 -------- d-----w- C:\Users\Stephen Office\AppData\Local\VS Revo Group 2012-08-16 17:24:54 31800 ----a-w- C:\Windows\System32\drivers\revoflt.sys 2012-08-16 17:24:53 -------- d-----w- C:\Program Files\VS Revo Group 2012-08-16 13:23:18 -------- d-----w- C:\Users\Stephen Office\AppData\Roaming\FLEXnet 2012-08-16 13:21:12 -------- d-----w- C:\Program Files (x86)\Common Files\IVA 2012-08-16 13:21:00 -------- d-----w- C:\Program Files (x86)\Common Files\Nuance 2012-08-16 13:18:24 -------- d-----w- C:\Program Files (x86)\Nuance 2012-08-15 20:15:18 503808 ----a-w- C:\Windows\System32\srcore.dll 2012-08-15 20:15:18 43008 ----a-w- C:\Windows\SysWow64\srclient.dll 2012-08-15 20:15:17 751104 ----a-w- C:\Windows\System32\win32spl.dll 2012-08-15 20:15:17 67072 ----a-w- C:\Windows\splwow64.exe 2012-08-15 20:15:17 559104 ----a-w- C:\Windows\System32\spoolsv.exe 2012-08-15 20:15:17 492032 ----a-w- C:\Windows\SysWow64\win32spl.dll 2012-08-15 20:15:16 956928 ----a-w- C:\Windows\System32\localspl.dll 2012-08-15 20:15:16 59392 ----a-w- C:\Windows\System32\browcli.dll 2012-08-15 20:15:16 41984 ----a-w- C:\Windows\SysWow64\browcli.dll 2012-08-15 20:15:16 3148800 ----a-w- C:\Windows\System32\win32k.sys 2012-08-15 20:15:16 136704 ----a-w- C:\Windows\System32\browser.dll 2012-08-15 18:13:44 69640 ----a-w- C:\Windows\SysWow64\NLSSRV32.EXE 2012-08-09 22:34:56 -------- d-----w- C:\checks 2012-08-09 22:28:08 136672 ----a-w- C:\Program Files (x86)\Mozilla Firefox\components\browsercomps.dll . ==================== Find3M ==================== . 2012-06-29 03:56:34 2312704 ----a-w- C:\Windows\System32\jscript9.dll 2012-06-29 03:49:11 1392128 ----a-w- C:\Windows\System32\wininet.dll 2012-06-29 03:48:07 1494528 ----a-w- C:\Windows\System32\inetcpl.cpl 2012-06-29 03:43:49 173056 ----a-w- C:\Windows\System32\ieUnatt.exe 2012-06-29 03:39:48 2382848 ----a-w- C:\Windows\System32\mshtml.tlb 2012-06-29 00:16:58 1800704 ----a-w- C:\Windows\SysWow64\jscript9.dll 2012-06-29 00:09:01 1129472 ----a-w- C:\Windows\SysWow64\wininet.dll 2012-06-29 00:08:59 1427968 ----a-w- C:\Windows\SysWow64\inetcpl.cpl 2012-06-29 00:04:43 142848 ----a-w- C:\Windows\SysWow64\ieUnatt.exe 2012-06-29 00:00:45 2382848 ----a-w- C:\Windows\SysWow64\mshtml.tlb 2012-06-22 19:37:42 46472 ----a-w- C:\Windows\SysWow64\sbbd.exe . ============= FINISH: 9:23:27.84 ===============
  12. I'm still getting random popups and redirects. Sometimes I'm getting a page that says the internet site I requested is not available. When I hit the refresh button for the unavailable site, it will usually load.
  13. Logfile of Trend Micro HijackThis v2.0.4 Scan saved at 9:35:53 PM, on 12/19/2010 Platform: Windows XP SP3 (WinNT 5.01.2600) MSIE: Internet Explorer v8.00 (8.00.6001.18702) Boot mode: Normal Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\PROGRA~1\ENIGMA~1\SPYHUN~1\SH4SER~1.EXE C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\svchost.exe C:\Program Files\Intel\Wireless\Bin\EvtEng.exe C:\WINDOWS\Explorer.EXE C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe C:\WINDOWS\system32\brsvc01a.exe C:\WINDOWS\system32\brss01a.exe C:\WINDOWS\system32\spoolsv.exe C:\Program Files\Avira\AntiVir Desktop\sched.exe C:\Program Files\Apoint\Apoint.exe C:\Program Files\Sony\VAIO Camera Utility\VCUServe.exe C:\Program Files\Sony\VAIO Update 2\VAIOUpdt.exe C:\Program Files\Java\jre6\bin\jusched.exe C:\Program Files\Sony\VAIO Power Management\SPMgr.exe C:\WINDOWS\RTHDCPL.EXE C:\Program Files\CyberLink DVD Solution\PowerDVD\PDVDServ.exe C:\Program Files\Sony\ISB Utility\ISBMgr.exe C:\WINDOWS\system32\igfxpers.exe C:\WINDOWS\system32\hkcmd.exe C:\Program Files\iTunes\iTunesHelper.exe C:\Program Files\Avira\AntiVir Desktop\avgnt.exe C:\Program Files\Google\Gmail Notifier\gnotify.exe C:\Program Files\Windows Media Player\WMPNSCFG.exe C:\WINDOWS\system32\ctfmon.exe C:\Program Files\Apoint\Apntex.exe C:\Program Files\Avira\AntiVir Desktop\avguard.exe C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe C:\Program Files\Bonjour\mDNSResponder.exe C:\WINDOWS\System32\svchost.exe C:\Program Files\Java\jre6\bin\jqs.exe C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE C:\Program Files\Avira\AntiVir Desktop\avshadow.exe C:\Program Files\Microsoft SQL Server\MSSQL$EMMSDE\Binn\sqlservr.exe C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe C:\WINDOWS\system32\svchost.exe C:\Program Files\Sony\VAIO Event Service\VESMgr.exe C:\Program Files\Common Files\Sony Shared\VAIO Entertainment Platform\VCSW\VCSW.exe C:\Program Files\Common Files\Sony Shared\VAIO Entertainment Platform\VzCdb\VzCdbSvc.exe C:\Program Files\Common Files\Sony Shared\VAIO Entertainment Platform\VzCdb\VzFw.exe C:\Program Files\iPod\bin\iPodService.exe C:\WINDOWS\system32\msiexec.exe C:\Program Files\Trend Micro\HijackThis\HiJackThis.exe C:\Documents and Settings\stephen\Local Settings\Application Data\Google\Chrome\Application\chrome.exe C:\Documents and Settings\stephen\Local Settings\Application Data\Google\Chrome\Application\chrome.exe C:\Documents and Settings\stephen\Local Settings\Application Data\Google\Chrome\Application\chrome.exe C:\Documents and Settings\stephen\Local Settings\Application Data\Google\Chrome\Application\chrome.exe C:\Documents and Settings\stephen\Local Settings\Application Data\Google\Chrome\Application\chrome.exe C:\Documents and Settings\stephen\Local Settings\Application Data\Google\Chrome\Application\chrome.exe C:\Documents and Settings\stephen\Local Settings\Application Data\Google\Google Talk Plugin\googletalkplugin.exe C:\Documents and Settings\stephen\Local Settings\Application Data\Google\Chrome\Application\chrome.exe R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://us.rd.yahoo.com/customize/ie/defaul...rch/search.html R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896 R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157 R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://www.sony.com/vaiopeople R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - (no file) O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll O2 - BHO: CitiUSBrowserHelper Class - {387EDF53-1CF2-4523-BC2F-13462651BE8C} - C:\WINDOWS\system32\BhoCitUS.dll O2 - BHO: Java Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file) O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll O2 - BHO: Java Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll O4 - HKLM\..\Run: [PartSeal] C:\WINDOWS\Sonysys\VAIO Recovery\PartSeal.exe O4 - HKLM\..\Run: [Apoint] C:\Program Files\Apoint\Apoint.exe O4 - HKLM\..\Run: [VAIOCameraUtility] "C:\Program Files\Sony\VAIO Camera Utility\VCUServe.exe" O4 - HKLM\..\Run: [VAIO Update 2] "C:\Program Files\Sony\VAIO Update 2\VAIOUpdt.exe" /Stationary O4 - HKLM\..\Run: [VAIO Recovery] C:\WINDOWS\Sonysys\VAIO Recovery\PartSeal.exe O4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe" O4 - HKLM\..\Run: [sonyPowerCfg] C:\Program Files\Sony\VAIO Power Management\SPMgr.exe O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE O4 - HKLM\..\Run: [RemoteControl] "C:\Program Files\CyberLink DVD Solution\PowerDVD\PDVDServ.exe" O4 - HKLM\..\Run: [iSBMgr.exe] C:\Program Files\Sony\ISB Utility\ISBMgr.exe O4 - HKLM\..\Run: [igfxtray] C:\WINDOWS\system32\igfxtray.exe O4 - HKLM\..\Run: [igfxpers] C:\WINDOWS\system32\igfxpers.exe O4 - HKLM\..\Run: [igfxhkcmd] C:\WINDOWS\system32\hkcmd.exe O4 - HKLM\..\Run: [AzMixerSel] C:\Program Files\Realtek\InstallShield\AzMixerSel.exe O4 - HKLM\..\Run: [pdfFactory Dispatcher v3] "C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\fppdis3a.exe" /source=HKLM O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe" O4 - HKLM\..\Run: [avgnt] "C:\Program Files\Avira\AntiVir Desktop\avgnt.exe" /min O4 - HKLM\..\Run: [{0228e555-4f9c-4e35-a3ec-b109a192b4c2}] C:\Program Files\Google\Gmail Notifier\gnotify.exe O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe O4 - HKCU\..\Run: [Google Update] "C:\Documents and Settings\stephen\Local Settings\Application Data\Google\Update\GoogleUpdate.exe" /c O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~3\OFFICE11\EXCEL.EXE/3000 O8 - Extra context menu item: Transfer by Image Converter 2 Plus - C:\Program Files\Sony\Image Converter 2\menu.htm O9 - Extra button: Blog This - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll O9 - Extra 'Tools' menuitem: &Blog This in Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\OFFICE11\REFIEBAR.DLL O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O9 - Extra button: (no name) - Cmdmapping - (no file) (HKCU) O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll O14 - IERESET.INF: START_PAGE_URL=http://www.sony.com/vaiopeople O15 - Trusted Zone: http://www.deq.state.va.us O16 - DPF: {01111F00-3E00-11D2-8470-0060089874ED} - http://supportsoft.adelphia.net/sdccommon/...ad/tgctlins.cab O16 - DPF: {02A08EC5-C341-4BE5-AD4F-62215D2407EF} (ApplicationSharing Class) - https://wip-data.webdialogs.com/components/WDATL70.CAB O16 - DPF: {02CF1781-EA91-4FA5-A200-646E8241987C} (VaioInfo.CMClass) - http://esupport.sony.com/VaioInfo.CAB O16 - DPF: {1663ed61-23eb-11d2-b92f-008048fdd814} (MeadCo ScriptX Advanced) - https://www.taylorbeanonline.com/scriptx/smsx.cab O16 - DPF: {215B8138-A3CF-44C5-803F-8226143CFC0A} (Trend Micro ActiveX Scan Agent 6.6) - http://housecall65.trendmicro.com/housecal...ivex/hcImpl.cab O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (YInstStarter Class) - C:\Program Files\Yahoo!\Common\yinsthelper.dll O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://gfx1.hotmail.com/mail/w2/resources/MSNPUpld.cab O16 - DPF: {58D5690D-55A6-4B0B-B735-D0C82E14700C} (ApplicationSharing Class) - https://wip-data.webdialogs.com/components/WDATL72.CAB O16 - DPF: {5ED80217-570B-4DA9-BF44-BE107C0EC166} (Windows Live Safety Center Base Module) - http://cdn.scan.safety.live.com/resource/d...lscbase8460.cab O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdat...b?1163214234545 O16 - DPF: {7584C670-2274-4EFB-B00B-D6AABA6D3850} (Microsoft RDP Client Control (redist)) - http://remote.ewmortgage.com/tsweb/msrdp.cab O16 - DPF: {AB86CE53-AC9F-449F-9399-D8ABCA09EC09} (Get_ActiveX Control) - https://h17000.www1.hp.com/ewfrf-JAVA/Secur...loadManager.ocx O16 - DPF: {CB50428B-657F-47DF-9B32-671F82AA73F7} (Photodex Presenter AX control) - http://www.photodex.com/pxplay.cab O16 - DPF: {CBF95A06-D408-46E3-8077-37E5B098EB84} (EnClickLoanWF Control) - https://ilnet.wellsfargo.com/ilonline/hmUpl...clickloanwf.cab O16 - DPF: {E06E2E99-0AA1-11D4-ABA6-0060082AA75C} (GpcContainer Class) - https://alamodetraining.webex.com/client/v_...ing/ieatgpc.cab O22 - SharedTaskScheduler: Browseui preloader - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - C:\WINDOWS\system32\browseui.dll O22 - SharedTaskScheduler: Component Categories cache daemon - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\WINDOWS\system32\browseui.dll O23 - Service: Avira AntiVir Scheduler (AntiVirSchedulerService) - Avira GmbH - C:\Program Files\Avira\AntiVir Desktop\sched.exe O23 - Service: Avira AntiVir Guard (AntiVirService) - Avira GmbH - C:\Program Files\Avira\AntiVir Desktop\avguard.exe O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe O23 - Service: BrSplService (Brother XP spl Service) - brother Industries Ltd - C:\WINDOWS\system32\brsvc01a.exe O23 - Service: EvtEng - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\EvtEng.exe O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe O23 - Service: Image Converter video recording monitor for VAIO Entertainment - Sony Corporation - C:\Program Files\Sony\Image Converter 2\IcVzMon.exe O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe O23 - Service: MSCSPTISRV - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\MSCSPTISRV.exe O23 - Service: OKI OPHD DCS Loader - Oki Data Corporation - C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\OPHDLDCS.EXE O23 - Service: PACSPTISVR - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\PACSPTISVR.exe O23 - Service: RegSrvc - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe O23 - Service: Spectrum24 Event Monitor (S24EventMonitor) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe O23 - Service: Sony SPTI Service (SPTISRV) - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\SPTISRV.exe O23 - Service: SpyHunter 4 Service - Enigma Software Group USA, LLC. - C:\PROGRA~1\ENIGMA~1\SPYHUN~1\SH4SER~1.EXE O23 - Service: SonicStage SCSI Service (SSScsiSV) - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\SSScsiSV.exe O23 - Service: VAIO Entertainment TV Device Arbitration Service - Sony Corporation - C:\Program Files\Common Files\Sony Shared\VAIO Entertainment Platform\VzCs\VzHardwareResourceManager\VzHardwareResourceManager.exe O23 - Service: VAIO Event Service - Sony Corporation - C:\Program Files\Sony\VAIO Event Service\VESMgr.exe O23 - Service: VAIO Media Integrated Server (VAIOMediaPlatform-IntegratedServer-AppServer) - Sony Corporation - C:\Program Files\Sony\VAIO Media Integrated Server\VMISrv.exe O23 - Service: VAIO Media Integrated Server (HTTP) (VAIOMediaPlatform-IntegratedServer-HTTP) - Sony Corporation - C:\Program Files\Sony\VAIO Media Integrated Server\Platform\SV_Httpd.exe O23 - Service: VAIO Media Integrated Server (UPnP) (VAIOMediaPlatform-IntegratedServer-UPnP) - Sony Corporation - C:\Program Files\Sony\VAIO Media Integrated Server\Platform\UPnPFramework.exe O23 - Service: VAIO Media Gateway Server (VAIOMediaPlatform-Mobile-Gateway) - Sony Corporation - C:\Program Files\Sony\VAIO Media Integrated Server\Platform\VmGateway.exe O23 - Service: VAIO Entertainment UPnP Client Adapter (Vcsw) - Sony Corporation - C:\Program Files\Common Files\Sony Shared\VAIO Entertainment Platform\VCSW\VCSW.exe O23 - Service: VAIO Entertainment Database Service (VzCdbSvc) - Sony Corporation - C:\Program Files\Common Files\Sony Shared\VAIO Entertainment Platform\VzCdb\VzCdbSvc.exe O23 - Service: VAIO Entertainment File Import Service (VzFw) - Sony Corporation - C:\Program Files\Common Files\Sony Shared\VAIO Entertainment Platform\VzCdb\VzFw.exe -- End of file - 14601 bytes
  14. 0 VT Community user(s) with a total of 0 reputation credit(s) say(s) this sample is goodware. 0 VT Community user(s) with a total of 0 reputation credit(s) say(s) this sample is malware. File name: BRS2MF4A.EXE Submission date: 2010-12-15 20:20:04 (UTC) Current status: finished Result: 0/ 43 (0.0%) VT Community not reviewed Safety score: - Compact Print results Antivirus Version Last Update Result AhnLab-V3 2010.12.15.02 2010.12.15 - AntiVir 7.11.0.45 2010.12.15 - Antiy-AVL 2.0.3.7 2010.12.15 - Avast 4.8.1351.0 2010.12.15 - Avast5 5.0.677.0 2010.12.15 - AVG 9.0.0.851 2010.12.15 - BitDefender 7.2 2010.12.15 - CAT-QuickHeal 11.00 2010.12.15 - ClamAV 0.96.4.0 2010.12.15 - Command 5.2.11.5 2010.12.15 - Comodo 7072 2010.12.15 - DrWeb 5.0.2.03300 2010.12.15 - Emsisoft 5.1.0.1 2010.12.15 - eSafe 7.0.17.0 2010.12.15 - eTrust-Vet 36.1.8043 2010.12.15 - F-Prot 4.6.2.117 2010.12.14 - F-Secure 9.0.16160.0 2010.12.15 - Fortinet 4.2.254.0 2010.12.15 - GData 21 2010.12.15 - Ikarus T3.1.1.90.0 2010.12.15 - Jiangmin 13.0.900 2010.12.15 - K7AntiVirus 9.73.3258 2010.12.15 - Kaspersky 7.0.0.125 2010.12.15 - McAfee 5.400.0.1158 2010.12.15 - McAfee-GW-Edition 2010.1C 2010.12.15 - Microsoft 1.6402 2010.12.15 - NOD32 5706 2010.12.15 - Norman 6.06.12 2010.12.15 - nProtect 2010-12-15.02 2010.12.15 - Panda 10.0.2.7 2010.12.15 - PCTools 7.0.3.5 2010.12.15 - Prevx 3.0 2010.12.15 - Rising 22.78.01.04 2010.12.15 - Sophos 4.60.0 2010.12.15 - SUPERAntiSpyware 4.40.0.1006 2010.12.15 - Symantec 20101.3.0.103 2010.12.15 - TheHacker 6.7.0.1.101 2010.12.15 - TrendMicro 9.120.0.1004 2010.12.15 - TrendMicro-HouseCall 9.120.0.1004 2010.12.15 - VBA32 3.12.14.2 2010.12.14 - VIPRE 7665 2010.12.15 - ViRobot 2010.12.15.4202 2010.12.15 - VirusBuster 13.6.96.0 2010.12.15 - Additional informationShow all MD5 : bda0d5f8767012e18c06fada5ed8a8ec SHA1 : 4e183d2c118c1b17efdd5776ebdf1a5d03a53eeb SHA256: 36fed972d974395baa2ba727bad0f862042c37b9758407543634ac1a06993782 ssdeep: 3072:Kp+xCz4ySXMsxg5aXkrr9L22+z/I/wsnwbCXoNG:KcxNXMRk0VLkCM File size : 131072 bytes First seen: 2009-05-11 18:11:06 Last seen : 2010-12-15 20:20:04 TrID: Win64 Executable Generic (54.6%) Win32 Executable MS Visual C++ (generic) (24.0%) Windows Screen Saver (8.3%) Win32 Executable Generic (5.4%) Win32 Dynamic Link Library (generic) (4.8%) sigcheck: publisher....: Brother Industries,ltd copyright....: Copyright © Brother Industries, ltd 2003 product......: Brother brspl03x description..: brspl03x original name: brspl03x.exe internal name: brspl03x file version.: 3.70 comments.....: signers......: - signing date.: - verified.....: Unsigned PEiD: Armadillo v1.71 PEInfo: PE structure information [[ basic data ]] entrypointaddress: 0x132AC timedatestamp....: 0x4007379D (Fri Jan 16 01:00:13 2004) machinetype......: 0x14c (I386) [[ 4 section(s) ]] name, viradd, virsiz, rawdsiz, ntropy, md5 .text, 0x1000, 0x17FFD, 0x18000, 6.57, a99a7088ddfd0bacce13be7cd594f6f0 .rdata, 0x19000, 0x1D32, 0x2000, 5.35, 4ba614b11946d7f3a5a6cc5662ab012d .data, 0x1B000, 0x12638, 0x4000, 2.79, 8256ead965980bb5d21ab8861674571c .rsrc, 0x2E000, 0x728, 0x1000, 1.67, 99552165900677a7f1dcd9d3d756a0bb [[ 6 import(s) ]] KERNEL32.dll: SetEndOfFile, GetTempPathW, GlobalFree, OpenFile, GetWindowsDirectoryW, ExitThread, _lclose, CreateDirectoryW, GetProcAddress, GetPrivateProfileIntA, LocalSize, QueryDosDeviceA, GetProfileIntA, lstrcmpiW, lstrcatW, CreateFileA, GetTempFileNameW, GetVersionExA, lstrcpyA, FindResourceA, LoadResource, SetEvent, lstrcatA, GetLocalTime, MoveFileExW, GetThreadPriority, SetThreadPriority, GetFileTime, GetPrivateProfileStringW, GetSystemTimeAsFileTime, GlobalLock, WritePrivateProfileStringW, GlobalAlloc, SetFilePointer, GlobalUnlock, lstrcpynW, WideCharToMultiByte, GetFileSize, ReadFile, CopyFileW, DeleteFileW, MultiByteToWideChar, GetPrivateProfileStringA, MoveFileW, DeleteCriticalSection, GetSystemDirectoryA, GetUserDefaultLangID, WritePrivateProfileStringA, _lread, LoadLibraryA, GetExitCodeThread, lstrcpynA, GetCurrentThread, _llseek, FreeLibrary, IsValidCodePage, GetLastError, DeleteFileA, LocalHandle, MoveFileA, LeaveCriticalSection, InitializeCriticalSection, EnterCriticalSection, LocalReAlloc, lstrcmpW, lstrlenW, GetTempFileNameA, lstrcpyW, GetTempPathA, LocalLock, LocalAlloc, LocalFree, lstrcmpiA, lstrlenA, LocalUnlock, LCMapStringA, GetStringTypeW, GetOEMCP, GetACP, GetStdHandle, SetHandleCount, GetEnvironmentStringsW, GetEnvironmentStrings, FreeEnvironmentStringsW, FreeEnvironmentStringsA, UnhandledExceptionFilter, GetVersion, GetCommandLineA, GetStartupInfoA, GetModuleHandleA, GetCurrentProcess, TerminateProcess, ExitProcess, CloseHandle, WaitForSingleObject, Sleep, CreateThread, CreateEventA, GlobalDeleteAtom, GlobalAddAtomA, GlobalFindAtomA, GetModuleFileNameA, WriteFile, CreateFileW, LCMapStringW, FlushFileBuffers, GetFileType, GetEnvironmentVariableA, GetStringTypeA, HeapDestroy, SetStdHandle, HeapReAlloc, VirtualAlloc, HeapAlloc, HeapCreate, GetCPInfo, RtlUnwind, HeapFree, VirtualFree USER32.dll: SendMessageA, wsprintfA, wsprintfW, InvalidateRect, EndDialog, GetClientRect, MessageBoxA, GetDC, ReleaseDC, FillRect, LoadStringW, DispatchMessageA, TranslateMessage, TranslateAcceleratorA, GetMessageA, LoadAcceleratorsA, LoadStringA, RegisterClassExA, LoadCursorA, LoadIconA, UpdateWindow, ShowWindow, MoveWindow, GetWindowRect, CreateWindowExA, DialogBoxParamA, DestroyWindow, KillTimer, EndPaint, BeginPaint, DefWindowProcA, SetTimer, PostQuitMessage, CharLowerA GDI32.dll: DeleteEnhMetaFile, SaveDC, SetGraphicsMode, SetBrushOrgEx, DeleteDC, SetStretchBltMode, RemoveFontResourceW, CreateScalableFontResourceW, CreateDCA, SetWorldTransform, GetWorldTransform, AddFontResourceW, CreateRectRgnIndirect, ExtSelectClipRgn, ModifyWorldTransform, SelectObject, DeleteObject, CreatePen, LineTo, GetDeviceCaps, MoveToEx, GetEnhMetaFileA, SetMapMode, RestoreDC, CloseEnhMetaFile, EnumFontsW, CreateEnhMetaFileA, PlayEnhMetaFileRecord, PlayEnhMetaFile, GdiComment, StartDocA, EndDoc, EnumEnhMetaFile, CreateSolidBrush, EndPage, StartPage, SetTextAlign, FillPath, CreateFontIndirectW, BeginPath, GetTextExtentPoint32A, EndPath, TextOutA, SetTextColor, GetTextAlign, SetBkMode, GetTextExtentPoint32W, SetBkColor, GetStockObject, FillRgn, TextOutW, SelectClipPath, StrokePath, SetROP2, CreateRectRgn, CreatePenIndirect, SetPolyFillMode, CreateCompatibleBitmap, CreateCompatibleDC, StretchBlt, GetEnhMetaFileHeader, StretchDIBits WINSPOOL.DRV: GetPrinterA, AddJobW, OpenPrinterW, EnumJobsW, GetJobW, SetJobW, ScheduleJob, SetJobA, EnumPrintersA, EnumJobsA, GetJobA, OpenPrinterA, ClosePrinter, GetPrinterDriverDirectoryA, EnumPrintersW, AddPrinterConnectionA comdlg32.dll: GetOpenFileNameA ADVAPI32.dll: RegCloseKey, RegCreateKeyExA, RegOpenKeyExA, RegQueryValueExA, RegQueryValueExW, InitializeSecurityDescriptor, SetSecurityDescriptorDacl, SetFileSecurityA, RegEnumValueW, RegSetValueExW ExifTool: file metadata CharacterSet: Unicode CodeSize: 98304 Comments: CompanyName: Brother Industries,ltd EntryPoint: 0x132ac FileDescription: brspl03x FileFlagsMask: 0x003f FileOS: Windows NT 32-bit FileSize: 128 kB FileSubtype: 0 FileType: Win32 EXE FileVersion: 3.7 FileVersionNumber: 3.7.0.2 ImageVersion: 0.0 InitializedDataSize: 90112 InternalName: brspl03x LanguageCode: English (U.S.) LegalCopyright: Copyright Brother Industries, ltd 2003 LegalTrademarks: LinkerVersion: 6.0 MIMEType: application/octet-stream MachineType: Intel 386 or later, and compatibles OSVersion: 4.0 ObjectFileType: Executable application OriginalFilename: brspl03x.exe PEType: PE32 PrivateBuild: ProductName: Brother brspl03x ProductVersion: 3.7 ProductVersionNumber: 3.7.0.2 SpecialBuild: Subsystem: Windows GUI SubsystemVersion: 4.0 TimeStamp: 2004:01:16 02:00:13+01:00 UninitializedDataSize: 0 0 VT Community user(s) with a total of 0 reputation credit(s) say(s) this sample is goodware. 0 VT Community user(s) with a total of 0 reputation credit(s) say(s) this sample is malware. File name: BRS2MF4A.dll Submission date: 2010-12-15 20:25:53 (UTC) Current status: finished Result: 0/ 43 (0.0%) VT Community not reviewed Safety score: - Compact Print results Antivirus Version Last Update Result AhnLab-V3 2010.12.15.02 2010.12.15 - AntiVir 7.11.0.45 2010.12.15 - Antiy-AVL 2.0.3.7 2010.12.15 - Avast 4.8.1351.0 2010.12.15 - Avast5 5.0.677.0 2010.12.15 - AVG 9.0.0.851 2010.12.15 - BitDefender 7.2 2010.12.15 - CAT-QuickHeal 11.00 2010.12.15 - ClamAV 0.96.4.0 2010.12.15 - Command 5.2.11.5 2010.12.15 - Comodo 7072 2010.12.15 - DrWeb 5.0.2.03300 2010.12.15 - Emsisoft 5.1.0.1 2010.12.15 - eSafe 7.0.17.0 2010.12.15 - eTrust-Vet 36.1.8043 2010.12.15 - F-Prot 4.6.2.117 2010.12.14 - F-Secure 9.0.16160.0 2010.12.15 - Fortinet 4.2.254.0 2010.12.15 - GData 21 2010.12.15 - Ikarus T3.1.1.90.0 2010.12.15 - Jiangmin 13.0.900 2010.12.15 - K7AntiVirus 9.73.3258 2010.12.15 - Kaspersky 7.0.0.125 2010.12.15 - McAfee 5.400.0.1158 2010.12.15 - McAfee-GW-Edition 2010.1C 2010.12.15 - Microsoft 1.6402 2010.12.15 - NOD32 5706 2010.12.15 - Norman 6.06.12 2010.12.15 - nProtect 2010-12-15.02 2010.12.15 - Panda 10.0.2.7 2010.12.15 - PCTools 7.0.3.5 2010.12.15 - Prevx 3.0 2010.12.15 - Rising 22.78.01.04 2010.12.15 - Sophos 4.60.0 2010.12.15 - SUPERAntiSpyware 4.40.0.1006 2010.12.15 - Symantec 20101.3.0.103 2010.12.15 - TheHacker 6.7.0.1.101 2010.12.15 - TrendMicro 9.120.0.1004 2010.12.15 - TrendMicro-HouseCall 9.120.0.1004 2010.12.15 - VBA32 3.12.14.2 2010.12.14 - VIPRE 7665 2010.12.15 - ViRobot 2010.12.15.4202 2010.12.15 - VirusBuster 13.6.96.0 2010.12.15 - Additional informationShow all MD5 : 6b35b7c1546c128bca65b18d064c591c SHA1 : ac99cbacc9d3366119e1b0091a24dbb21bd58f24 SHA256: c063115e354b092a041d6342a70549f467154f651b39f8235e8a91014092c354 ssdeep: 1536:H51hz5T9CW7MUSwK4lAqXVuoTUxj941RMnSF7/mrs:ZLDBR3Fuo4xy1R/rm File size : 163840 bytes First seen: 2009-06-14 20:53:56 Last seen : 2010-12-15 20:25:53 TrID: Win32 Executable MS Visual C++ (generic) (65.2%) Win32 Executable Generic (14.7%) Win32 Dynamic Link Library (generic) (13.1%) Generic Win/DOS Executable (3.4%) DOS Executable Generic (3.4%) sigcheck: publisher....: Brother Industries, Ltd copyright....: Copyright © Brother Industries, Ltd. 2003 product......: description..: brs2mf4a.dll original name: brs2mf4a.dll internal name: brs2mf4a.dll file version.: 1.05 comments.....: signers......: - signing date.: - verified.....: Unsigned PEiD: Armadillo v1.xx - v2.xx PEInfo: PE structure information [[ basic data ]] entrypointaddress: 0x2B19 timedatestamp....: 0x3FE23D49 (Thu Dec 18 23:50:33 2003) machinetype......: 0x14c (I386) [[ 5 section(s) ]] name, viradd, virsiz, rawdsiz, ntropy, md5 .text, 0x1000, 0x6CA6, 0x7000, 6.47, a19188d29546fdbab9bfe417aeb64251 .rdata, 0x8000, 0x1351, 0x2000, 3.79, 7a399cbe2284db1c4fdbd0d7f6f65e10 .data, 0xA000, 0x4CA0, 0x4000, 1.44, bb3d45cfa42d714b8d9913951d396fe4 .rsrc, 0xF000, 0x17F40, 0x18000, 2.40, cb0d9b6cb18cbd9c24541d3e3eeac5c1 .reloc, 0x27000, 0x11E0, 0x2000, 2.70, 07f4f6470cfa9956105248af95f687be [[ 5 import(s) ]] KERNEL32.dll: GlobalUnlock, LocalLock, GlobalFree, GlobalLock, GlobalAlloc, GetTickCount, LoadLibraryA, GetUserDefaultLangID, GetLastError, GetStdHandle, GetFileType, SetHandleCount, CloseHandle, FlushFileBuffers, GetStringTypeW, GetStringTypeA, LCMapStringW, LCMapStringA, MultiByteToWideChar, RtlUnwind, SetStdHandle, GetProcAddress, HeapReAlloc, VirtualAlloc, GetOEMCP, GetACP, GetCPInfo, HeapAlloc, InitializeCriticalSection, LeaveCriticalSection, EnterCriticalSection, LocalUnlock, InterlockedDecrement, GetStartupInfoA, WriteFile, GetCommandLineA, GetVersion, ExitProcess, TerminateProcess, GetCurrentProcess, GetCurrentThreadId, TlsSetValue, TlsAlloc, TlsFree, SetLastError, TlsGetValue, InterlockedIncrement, GetEnvironmentStrings, HeapFree, SetFilePointer, DeleteCriticalSection, GetModuleFileNameA, FreeEnvironmentStringsA, FreeEnvironmentStringsW, WideCharToMultiByte, GetEnvironmentStringsW, GetModuleHandleA, GetEnvironmentVariableA, GetVersionExA, HeapDestroy, HeapCreate, VirtualFree USER32.dll: ClientToScreen, GetSystemMetrics, MoveWindow, IsWindowVisible, GetWindowRect, GetClientRect, GetDC, GetParent, SetDlgItemTextA, GetDlgItemTextA, SetActiveWindow, SetWindowPos, EndDialog, DialogBoxParamA, GetActiveWindow, EndPaint, FillRect, GetSysColor, BeginPaint, GetWindowLongA, DefWindowProcA, SetWindowLongA, LoadBitmapA, RegisterClassA, LoadCursorA, LoadStringA, SetTimer, CreateDialogParamA, ShowWindow, GetMessageA, IsDialogMessageA, TranslateMessage, DispatchMessageA, SetWindowTextA, DestroyWindow, ReleaseDC GDI32.dll: GetClipBox, CreateCompatibleBitmap, GetMapMode, BitBlt, SetStretchBltMode, DeleteDC, CreateCompatibleDC, DeleteObject, SelectObject, CreateSolidBrush, StretchBlt, DPtoLP, CreateBitmap, GetObjectA, GetStockObject, SetMapMode, SetBkColor, PatBlt WINSPOOL.DRV: GetPrinterDriverDirectoryA ADVAPI32.dll: RegSetValueExA, RegCloseKey, RegQueryValueExA, RegEnumValueA, RegCreateKeyExA [[ 6 export(s) ]] DiskFulErrorDialog, FRegisterBitmapControl, GetDeviceDependentInfo, MemfullErrorDialog, OpenDuplexDlg, RawWarningDialog ExifTool: file metadata CharacterSet: Unicode CodeSize: 28672 Comments: CompanyName: Brother Industries, Ltd EntryPoint: 0x2b19 FileDescription: brs2mf4a.dll FileFlagsMask: 0x003f FileOS: Windows NT 32-bit FileSize: 160 kB FileSubtype: 0 FileType: Win32 DLL FileVersion: 1.05 FileVersionNumber: 1.0.5.1 ImageVersion: 0.0 InitializedDataSize: 135168 InternalName: brs2mf4a.dll LanguageCode: English (U.S.) LegalCopyright: Copyright Brother Industries, Ltd. 2003 LegalTrademarks: LinkerVersion: 6.0 MIMEType: application/octet-stream MachineType: Intel 386 or later, and compatibles OSVersion: 4.0 ObjectFileType: Dynamic link library OriginalFilename: brs2mf4a.dll PEType: PE32 PrivateBuild: ProductName: ProductVersion: 1.05 ProductVersionNumber: 1.0.5.1 SpecialBuild: Subsystem: Windows GUI SubsystemVersion: 4.0 TimeStamp: 2003:12:19 00:50:33+01:00 UninitializedDataSize: 0
  15. DDS (Ver_10-11-10.01) - NTFSx86 Run by stephen at 8:34:25.31 on Wed 12/15/2010 Internet Explorer: 8.0.6001.18702 BrowserJavaVersion: 1.6.0_11 Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.1014.385 [GMT -5:00] AV: AntiVir Desktop *On-access scanning enabled* (Updated) {AD166499-45F9-482A-A743-FDD3350758C7} FW: Norton Internet Worm Protection *disabled* {990F9400-4CEE-43EA-A83A-D013ADD8EA6E} ============== Running Processes =============== C:\PROGRA~1\ENIGMA~1\SPYHUN~1\SH4SER~1.EXE C:\WINDOWS\system32\svchost -k DcomLaunch svchost.exe C:\WINDOWS\System32\svchost.exe -k netsvcs C:\WINDOWS\system32\svchost.exe -k WudfServiceGroup C:\Program Files\Intel\Wireless\Bin\EvtEng.exe C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe C:\WINDOWS\Explorer.EXE svchost.exe svchost.exe C:\WINDOWS\system32\brsvc01a.exe C:\WINDOWS\system32\brss01a.exe C:\WINDOWS\system32\spoolsv.exe C:\Program Files\Avira\AntiVir Desktop\sched.exe svchost.exe C:\Program Files\Avira\AntiVir Desktop\avguard.exe C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe C:\Program Files\Bonjour\mDNSResponder.exe C:\WINDOWS\System32\svchost.exe -k HTTPFilter C:\Program Files\Java\jre6\bin\jqs.exe C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE C:\Program Files\Avira\AntiVir Desktop\avshadow.exe C:\Program Files\Microsoft SQL Server\MSSQL$EMMSDE\Binn\sqlservr.exe C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe C:\WINDOWS\system32\svchost.exe -k imgsvc C:\Program Files\Sony\VAIO Event Service\VESMgr.exe C:\Program Files\Common Files\Sony Shared\VAIO Entertainment Platform\VCSW\VCSW.exe C:\Program Files\Common Files\Sony Shared\VAIO Entertainment Platform\VzCdb\VzCdbSvc.exe C:\Program Files\Common Files\Sony Shared\VAIO Entertainment Platform\VzCdb\VzFw.exe C:\Program Files\Apoint\Apoint.exe C:\Program Files\Sony\VAIO Camera Utility\VCUServe.exe C:\Program Files\Sony\VAIO Update 2\VAIOUpdt.exe C:\Program Files\Java\jre6\bin\jusched.exe C:\Program Files\Sony\VAIO Power Management\SPMgr.exe C:\WINDOWS\RTHDCPL.EXE C:\Program Files\CyberLink DVD Solution\PowerDVD\PDVDServ.exe C:\Program Files\Sony\ISB Utility\ISBMgr.exe C:\Program Files\Apoint\Apntex.exe C:\WINDOWS\system32\igfxpers.exe C:\Program Files\iTunes\iTunesHelper.exe C:\Program Files\Enigma Software Group\SpyHunter\SpyHunter4.exe C:\Program Files\Avira\AntiVir Desktop\avgnt.exe C:\Program Files\Google\Gmail Notifier\gnotify.exe C:\Program Files\Windows Media Player\WMPNSCFG.exe C:\WINDOWS\system32\ctfmon.exe C:\Program Files\iPod\bin\iPodService.exe C:\Program Files\Common Files\Adobe\Updater5\AdobeUpdater.exe C:\WINDOWS\system32\wuauclt.exe C:\Documents and Settings\stephen\Local Settings\Application Data\Google\Chrome\Application\chrome.exe C:\Documents and Settings\stephen\Local Settings\Application Data\Google\Chrome\Application\chrome.exe C:\Documents and Settings\stephen\Local Settings\Application Data\Google\Chrome\Application\chrome.exe C:\Documents and Settings\stephen\Local Settings\Application Data\Google\Chrome\Application\chrome.exe C:\Documents and Settings\stephen\Local Settings\Application Data\Google\Chrome\Application\chrome.exe C:\Documents and Settings\stephen\Local Settings\Application Data\Google\Chrome\Application\chrome.exe C:\Documents and Settings\stephen\Local Settings\Application Data\Google\Google Talk Plugin\googletalkplugin.exe C:\Documents and Settings\stephen\Local Settings\Application Data\Google\Chrome\Application\chrome.exe C:\Documents and Settings\stephen\Desktop\Virus Cleaning\dds.pif ============== Pseudo HJT Report =============== uStart Page = hxxp://www.google.com/ uDefault_Search_URL = hxxp://www.Google.com/ uSearchMigratedDefaultURL = hxxp://www.Google.com/ mSearch Bar = hxxp://us.rd.yahoo.com/customize/ie/defaults/sb/msgr9/*http://www.yahoo.com/ext/search/search.html uInternet Connection Wizard,ShellNext = hxxp://www.sony.com/vaiopeople uInternet Settings,ProxyOverride = *.local uSearchAssistant = hxxp://www.google.com/ie uSearchURL,(Default) = hxxp://www.google.com/search?q=%s BHO: {02478D38-C3F9-4efb-9B51-7695ECA05670} - No File BHO: Adobe PDF Reader Link Helper: {06849e9f-c8d7-4d59-b87d-784b7d6be0b3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelper.dll BHO: CitiUSBrowserHelper Class: {387edf53-1cf2-4523-bc2f-13462651be8c} - c:\windows\system32\BhoCitUS.dll BHO: Java Plug-In SSV Helper: {761497bb-d6f0-462c-b6eb-d4daf1d92d43} - c:\program files\java\jre6\bin\ssv.dll {7e853d72-626a-48ec-a868-ba8d5e23e045} BHO: Windows Live Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - c:\program files\common files\microsoft shared\windows live\WindowsLiveLogin.dll BHO: Java Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll BHO: JQSIEStartDetectorImpl Class: {e7e6f031-17ce-4c07-bc86-eabfe594f69c} - c:\program files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll TB: {0B53EAC3-8D69-4B9E-9B19-A37C9A5676A7} - No File TB: {C4069E3A-68F1-403E-B40E-20066696354B} - No File TB: {EF99BD32-C1FB-11D2-892F-0090271D4F88} - No File uRun: [WMPNSCFG] c:\program files\windows media player\WMPNSCFG.exe uRun: [Google Update] "c:\documents and settings\stephen\local settings\application data\google\update\GoogleUpdate.exe" /c uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe mRun: [PartSeal] c:\windows\sonysys\vaio recovery\PartSeal.exe mRun: [Apoint] c:\program files\apoint\Apoint.exe mRun: [VAIOCameraUtility] "c:\program files\sony\vaio camera utility\VCUServe.exe" mRun: [VAIO Update 2] "c:\program files\sony\vaio update 2\VAIOUpdt.exe" /Stationary mRun: [VAIO Recovery] c:\windows\sonysys\vaio recovery\PartSeal.exe mRun: [sunJavaUpdateSched] "c:\program files\java\jre6\bin\jusched.exe" mRun: [sonyPowerCfg] c:\program files\sony\vaio power management\SPMgr.exe mRun: [RTHDCPL] RTHDCPL.EXE mRun: [RemoteControl] "c:\program files\cyberlink dvd solution\powerdvd\PDVDServ.exe" mRun: [iSBMgr.exe] c:\program files\sony\isb utility\ISBMgr.exe mRun: [igfxtray] c:\windows\system32\igfxtray.exe mRun: [igfxpers] c:\windows\system32\igfxpers.exe mRun: [igfxhkcmd] c:\windows\system32\hkcmd.exe mRun: [AzMixerSel] c:\program files\realtek\installshield\AzMixerSel.exe mRun: [Adobe Reader Speed Launcher] "c:\program files\adobe\reader 8.0\reader\Reader_sl.exe" mRun: [pdfFactory Dispatcher v3] "c:\windows\system32\spool\drivers\w32x86\3\fppdis3a.exe" /source=HKLM mRun: [QuickTime Task] "c:\program files\quicktime\QTTask.exe" -atboottime mRun: [iTunesHelper] "c:\program files\itunes\iTunesHelper.exe" mRun: [spyHunter Security Suite] "c:\program files\enigma software group\spyhunter\SpyHunter4.exe" mRun: [avgnt] "c:\program files\avira\antivir desktop\avgnt.exe" /min mRun: [{0228e555-4f9c-4e35-a3ec-b109a192b4c2}] c:\program files\google\gmail notifier\gnotify.exe IE: E&xport to Microsoft Excel - c:\progra~1\micros~3\office11\EXCEL.EXE/3000 IE: Transfer by Image Converter 2 Plus - c:\program files\sony\image converter 2\menu.htm IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - c:\program files\windows live\writer\WriterBrowserExtension.dll IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~3\office11\REFIEBAR.DLL Trusted Zone: state.va.us\www.deq Trusted Zone: verizon.com DPF: {01111F00-3E00-11D2-8470-0060089874ED} - hxxp://supportsoft.adelphia.net/sdccommon/download/tgctlins.cab DPF: {02A08EC5-C341-4BE5-AD4F-62215D2407EF} - hxxps://wip-data.webdialogs.com/components/WDATL70.CAB DPF: {02CF1781-EA91-4FA5-A200-646E8241987C} - hxxp://esupport.sony.com/VaioInfo.CAB DPF: {1663ed61-23eb-11d2-b92f-008048fdd814} - hxxps://www.taylorbeanonline.com/scriptx/smsx.cab DPF: {166B1BCA-3F9C-11CF-8075-444553540000} - hxxp://download.macromedia.com/pub/shockwave/cabs/director/sw.cab DPF: {215B8138-A3CF-44C5-803F-8226143CFC0A} - hxxp://housecall65.trendmicro.com/housecall/applet/html/native/x86/win32/activex/hcImpl.cab DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} - c:\program files\yahoo!\common\yinsthelper.dll DPF: {3E68E405-C6DE-49FF-83AE-41EE9F4C36CE} - hxxp://office.microsoft.com/officeupdate/content/opuc3.cab DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} - hxxp://gfx1.hotmail.com/mail/w2/resources/MSNPUpld.cab DPF: {58D5690D-55A6-4B0B-B735-D0C82E14700C} - hxxps://wip-data.webdialogs.com/components/WDATL72.CAB DPF: {5ED80217-570B-4DA9-BF44-BE107C0EC166} - hxxp://cdn.scan.safety.live.com/resource/download/scanner/wlscbase8460.cab DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} - hxxp://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1163214234545 DPF: {7584C670-2274-4EFB-B00B-D6AABA6D3850} - hxxp://remote.ewmortgage.com/tsweb/msrdp.cab DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_11-windows-i586.cab DPF: {AB86CE53-AC9F-449F-9399-D8ABCA09EC09} - hxxps://h17000.www1.hp.com/ewfrf-JAVA/Secure/HPGetDownloadManager.ocx DPF: {CAFEEFAC-0015-0000-0006-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.5.0/jinstall-1_5_0_06-windows-i586.cab DPF: {CAFEEFAC-0015-0000-0011-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.5.0/jinstall-1_5_0_11-windows-i586.cab DPF: {CAFEEFAC-0016-0000-0011-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_11-windows-i586.cab DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_11-windows-i586.cab DPF: {CB50428B-657F-47DF-9B32-671F82AA73F7} - hxxp://www.photodex.com/pxplay.cab DPF: {CBF95A06-D408-46E3-8077-37E5B098EB84} - hxxps://ilnet.wellsfargo.com/ilonline/hmUpload/enclickloanwf.cab DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://download.macromedia.com/pub/shockwave/cabs/flash/swflash.cab DPF: {E06E2E99-0AA1-11D4-ABA6-0060082AA75C} - hxxps://alamodetraining.webex.com/client/v_mywebex-t20/training/ieatgpc.cab Notify: VESWinlogon - VESWinlogon.dll SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll ============= SERVICES / DRIVERS =============== R1 avgio;avgio;c:\program files\avira\antivir desktop\avgio.sys [2010-11-11 11608] R2 AntiVirSchedulerService;Avira AntiVir Scheduler;c:\program files\avira\antivir desktop\sched.exe [2010-11-11 135336] R2 AntiVirService;Avira AntiVir Guard;c:\program files\avira\antivir desktop\avguard.exe [2010-11-11 267944] R2 avgntflt;avgntflt;c:\windows\system32\drivers\avgntflt.sys [2010-11-11 61960] R2 MSSQL$EMMSDE;MSSQL$EMMSDE;c:\program files\microsoft sql server\mssql$emmsde\binn\sqlservr.exe -semmsde --> c:\program files\microsoft sql server\mssql$emmsde\binn\sqlservr.exe -sEMMSDE [?] R2 SpyHunter 4 Service;SpyHunter 4 Service;c:\progra~1\enigma~1\spyhun~1\SH4SER~1.EXE [2010-11-5 327000] R3 esgiguard;esgiguard;c:\program files\enigma software group\spyhunter\esgiguard.sys [2010-1-27 5248] R3 SonyImgF;Sony Image Conversion Filter Driver;c:\windows\system32\drivers\SonyImgF.sys [2006-3-2 29184] S3 brfilt;Brother MFC Filter Driver;c:\windows\system32\drivers\BrFilt.sys [2006-8-15 2944] S3 BrSerWDM;Brother WDM Serial driver;c:\windows\system32\drivers\BrSerWdm.sys [2006-8-15 61952] S3 BrUsbMdm;Brother MFC USB Fax Only Modem;c:\windows\system32\drivers\BrUsbMdm.sys [2006-8-15 11008] S3 BrUsbScn;Brother MFC USB Scanner driver;c:\windows\system32\drivers\BrUsbScn.sys [2006-8-15 10368] S3 OKI OPHD DCS Loader;OKI OPHD DCS Loader;c:\windows\system32\spool\drivers\w32x86\3\OPHDLDCS.EXE [2006-12-26 24576] S3 SQLAgent$EMMSDE;SQLAgent$EMMSDE;c:\program files\microsoft sql server\mssql$emmsde\binn\sqlagent.exe -i emmsde --> c:\program files\microsoft sql server\mssql$emmsde\binn\sqlagent.EXE -i EMMSDE [?] =============== Created Last 30 ================ 2010-12-13 03:22:00 -------- d-----w- C:\_OTL 2010-12-01 03:14:47 -------- d-----w- c:\documents and settings\stephen\DoctorWeb 2010-11-22 19:23:23 -------- d-----w- c:\program files\SNLayout 2010-11-21 20:07:19 28365 ----a-w- c:\windows\system32\spool\prtprocs\w32x86\BRMFPP1.DLL 2010-11-21 20:07:19 163840 ----a-w- c:\windows\system32\BRS2MF4A.DLL 2010-11-21 20:07:19 131072 ----a-w- c:\windows\system32\BRS2MF4A.EXE 2010-11-20 01:00:59 -------- d-sha-r- C:\cmdcons 2010-11-20 00:57:02 98816 ----a-w- c:\windows\sed.exe 2010-11-20 00:57:02 89088 ----a-w- c:\windows\MBR.exe 2010-11-20 00:57:02 256512 ----a-w- c:\windows\PEV.exe 2010-11-20 00:57:02 161792 ----a-w- c:\windows\SWREG.exe 2010-11-20 00:56:32 -------- d-sh--w- c:\documents and settings\stephen\IECompatCache 2010-11-19 16:35:03 -------- d-sh--w- c:\documents and settings\stephen\IETldCache 2010-11-19 16:28:45 -------- dc-h--w- c:\windows\ie8 2010-11-19 16:26:20 13312 -c----w- c:\windows\system32\dllcache\iecompat.dll 2010-11-19 16:26:16 602112 -c----w- c:\windows\system32\dllcache\msfeeds.dll 2010-11-19 16:26:16 55296 -c----w- c:\windows\system32\dllcache\msfeedsbs.dll 2010-11-19 16:26:16 12800 -c----w- c:\windows\system32\dllcache\xpshims.dll 2010-11-19 16:26:15 743424 -c----w- c:\windows\system32\dllcache\iedvtool.dll 2010-11-19 16:26:14 247808 -c----w- c:\windows\system32\dllcache\ieproxy.dll 2010-11-19 16:26:13 1986560 -c----w- c:\windows\system32\dllcache\iertutil.dll 2010-11-19 16:26:10 11080192 -c----w- c:\windows\system32\dllcache\ieframe.dll 2010-11-19 13:42:31 -------- d-----w- c:\windows\system32\XPSViewer 2010-11-19 13:41:52 89088 ----a-w- c:\windows\system32\spool\prtprocs\w32x86\filterpipelineprintproc.dll 2010-11-19 13:41:29 89088 -c----w- c:\windows\system32\dllcache\filterpipelineprintproc.dll 2010-11-19 13:41:29 597504 -c----w- c:\windows\system32\dllcache\printfilterpipelinesvc.exe 2010-11-19 13:41:29 597504 ------w- c:\windows\system32\spool\prtprocs\w32x86\printfilterpipelinesvc.exe 2010-11-19 13:41:29 117760 ------w- c:\windows\system32\prntvpt.dll 2010-11-19 13:41:28 575488 -c----w- c:\windows\system32\dllcache\xpsshhdr.dll 2010-11-19 13:41:28 575488 ------w- c:\windows\system32\xpsshhdr.dll 2010-11-19 13:41:28 1676288 -c----w- c:\windows\system32\dllcache\xpssvcs.dll 2010-11-19 13:41:28 1676288 ------w- c:\windows\system32\xpssvcs.dll 2010-11-19 13:41:27 -------- d-----w- C:\d8460462b997e73eef 2010-11-19 03:25:35 -------- d-----w- c:\docume~1\stephen\applic~1\Avira 2010-11-19 01:01:10 -------- d-----w- c:\docume~1\stephen\locals~1\applic~1\Temp ==================== Find3M ==================== 2010-09-18 17:23:26 974848 ----a-w- c:\windows\system32\mfc42u.dll 2010-09-18 06:53:25 974848 ----a-w- c:\windows\system32\mfc42.dll 2010-09-18 06:53:25 954368 ----a-w- c:\windows\system32\mfc40.dll 2010-09-18 06:53:25 953856 ----a-w- c:\windows\system32\mfc40u.dll 2004-08-10 04:30:22 40960 ----a-w- c:\program files\Uninstall_CDS.exe ============= FINISH: 8:35:51.53 ===============
  16. Bootkit Remover © 2009 eSage Lab www.esagelab.com Program version: 1.2.0.0 OS Version: Microsoft Windows XP Home Edition Service Pack 3 (build 2600) System volume is \\.\C: \\.\C: -> \\.\PhysicalDrive0 at offset 0x00000001`805e2000 Boot sector MD5 is: 6def5ffcbcdbdb4082f1015625e597bd Size Device Name MBR Status -------------------------------------------- 93 GB \\.\PhysicalDrive0 OK (DOS/Win32 Boot code found) Done; Press any key to quit...
  17. Stealth MBR rootkit/Mebroot/Sinowal/TDL4 detector 0.4.2 by Gmer, http://www.gmer.net Windows 5.1.2600 Disk: FUJITSU_MHV2100BH_PL rev.00000029 -> Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T0L0-3 device: opened successfully user: MBR read successfully kernel: MBR read successfully user & kernel MBR OK
  18. I hate to report this, I am still get random redirects in my browsers
  19. All processes killed ========== OTL ========== ADS C:\Documents and Settings\All Users\Application Data\TEMP:8E3D07DE deleted successfully. ADS C:\Documents and Settings\All Users\Application Data\TEMP:D1B5B4F1 deleted successfully. ADS C:\Documents and Settings\All Users\Application Data\TEMP:9D7A6323 deleted successfully. ADS C:\Documents and Settings\All Users\Application Data\TEMP:F085C8A1 deleted successfully. ========== FILES ========== C:\sqmdata06.sqm moved successfully. C:\sqmnoopt06.sqm moved successfully. C:\sqmdata05.sqm moved successfully. C:\sqmnoopt05.sqm moved successfully. C:\sqmdata04.sqm moved successfully. C:\sqmnoopt04.sqm moved successfully. C:\sqmdata03.sqm moved successfully. C:\sqmnoopt03.sqm moved successfully. C:\Documents and Settings\stephen\Application Data\mcs.rma moved successfully. C:\Documents and Settings\stephen\Application Data\F00F6F moved successfully. C:\Documents and Settings\stephen\Application Data\ezpinst.exe moved successfully. C:\WINDOWS\System32\CONFIG.TMP moved successfully. C:\WINDOWS\System32\SET23.tmp moved successfully. C:\WINDOWS\System32\SET24.tmp moved successfully. C:\WINDOWS\System32\SET30.tmp moved successfully. C:\WINDOWS\System32\SET39.tmp moved successfully. C:\WINDOWS\System32\SET3A.tmp moved successfully. C:\WINDOWS\System32\SET3B.tmp moved successfully. C:\WINDOWS\System32\SET3C.tmp moved successfully. C:\WINDOWS\System32\SET3E.tmp moved successfully. C:\WINDOWS\003020_.tmp moved successfully. C:\WINDOWS\4E97AE4712934669BBF34BDE52501A1A.TMP folder moved successfully. C:\Documents and Settings\All Users\Application Data\Viewpoint\AxMetaStream_Win folder moved successfully. C:\Documents and Settings\All Users\Application Data\Viewpoint folder moved successfully. ========== COMMANDS ========== [EMPTYTEMP] User: Administrator ->Temp folder emptied: 0 bytes ->Temporary Internet Files folder emptied: 67 bytes User: All Users User: Default User ->Temp folder emptied: 0 bytes ->Temporary Internet Files folder emptied: 32969 bytes User: LocalService ->Temp folder emptied: 0 bytes ->Temporary Internet Files folder emptied: 32902 bytes ->FireFox cache emptied: 1738746 bytes User: NetworkService ->Temp folder emptied: 0 bytes ->Temporary Internet Files folder emptied: 33170 bytes User: stephen ->Temp folder emptied: 175217984 bytes ->Temporary Internet Files folder emptied: 48733101 bytes ->Java cache emptied: 12453392 bytes ->Google Chrome cache emptied: 237005417 bytes ->Apple Safari cache emptied: 1625088 bytes ->Flash cache emptied: 375166 bytes %systemdrive% .tmp files removed: 0 bytes %systemroot% .tmp files removed: 0 bytes %systemroot%\System32 .tmp files removed: 0 bytes %systemroot%\System32\dllcache .tmp files removed: 0 bytes %systemroot%\System32\drivers .tmp files removed: 0 bytes Windows Temp folder emptied: 834013 bytes %systemroot%\system32\config\systemprofile\Local Settings\Temp folder emptied: 65082498 bytes %systemroot%\system32\config\systemprofile\Local Settings\Temporary Internet Files folder emptied: 33170 bytes RecycleBin emptied: 40179775 bytes Total Files Cleaned = 556.00 mb OTL by OldTimer - Version 3.2.17.3 log created on 12122010_222200 Files\Folders moved on Reboot... C:\WINDOWS\temp\Perflib_Perfdata_694.dat moved successfully. Registry entries deleted on Reboot...
  20. OTL Log OTL logfile created on: 12/10/2010 6:28:31 AM - Run 1 OTL by OldTimer - Version 3.2.17.3 Folder = C:\Documents and Settings\stephen\My Documents\Downloads Windows XP Home Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation Internet Explorer (Version = 8.0.6001.18702) Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy 1,014.00 Mb Total Physical Memory | 493.00 Mb Available Physical Memory | 49.00% Memory free 2.00 Gb Paging File | 2.00 Gb Available in Paging File | 74.00% Paging File free Paging file location(s): C:\pagefile.sys 1524 3048 [binary data] %SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files Drive C: | 87.15 Gb Total Space | 8.27 Gb Free Space | 9.49% Space Free | Partition Type: NTFS Computer Name: MAMA | User Name: stephen | Logged in as Administrator. Boot Mode: Normal | Scan Mode: Current user Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days ========== Processes (SafeList) ========== PRC - C:\Documents and Settings\stephen\My Documents\Downloads\OTL.exe (OldTimer Tools) PRC - C:\Program Files\Avira\AntiVir Desktop\avguard.exe (Avira GmbH) PRC - C:\Program Files\Enigma Software Group\SpyHunter\SH4Service.exe (Enigma Software Group USA, LLC.) PRC - C:\Program Files\Enigma Software Group\SpyHunter\SpyHunter4.exe (Enigma Software Group USA, LLC.) PRC - C:\Program Files\Avira\AntiVir Desktop\sched.exe (Avira GmbH) PRC - C:\Program Files\Avira\AntiVir Desktop\avgnt.exe (Avira GmbH) PRC - C:\Program Files\Avira\AntiVir Desktop\avshadow.exe (Avira GmbH) PRC - C:\Program Files\Java\jre6\bin\jucheck.exe (Sun Microsystems, Inc.) PRC - C:\WINDOWS\explorer.exe (Microsoft Corporation) PRC - C:\Program Files\Sony\VAIO Camera Utility\VCUServe.exe (Sony Corporation) PRC - C:\Program Files\Common Files\Sony Shared\VAIO Entertainment Platform\VzCdb\VzFw.exe (Sony Corporation) PRC - C:\Program Files\Common Files\Sony Shared\VAIO Entertainment Platform\VzCdb\VzCdbSvc.exe (Sony Corporation) PRC - C:\Program Files\Common Files\Sony Shared\VAIO Entertainment Platform\VCSW\VCSW.exe (Sony Corporation) PRC - C:\Program Files\Sony\VAIO Power Management\SPMgr.exe (Sony Corporation) PRC - C:\Program Files\Sony\VAIO Update 2\VAIOUpdt.exe (Sony Corporation) PRC - C:\WINDOWS\system32\igfxext.exe (Intel Corporation) PRC - C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe (Intel Corporation ) PRC - C:\Program Files\Intel\Wireless\Bin\EvtEng.exe (Intel Corporation) PRC - C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe (Intel Corporation) PRC - C:\Program Files\Google\Gmail Notifier\gnotify.exe (Google Inc.) PRC - C:\Program Files\Sony\VAIO Event Service\VESMgr.exe (Sony Corporation) PRC - C:\Program Files\Apoint\Apoint.exe (Alps Electric Co., Ltd.) PRC - C:\Program Files\Apoint\ApntEx.exe (Alps Electric Co., Ltd.) PRC - C:\Program Files\CyberLink DVD Solution\PowerDVD\PDVDServ.exe (Cyberlink Corp.) PRC - C:\Program Files\Sony\ISB Utility\ISBMgr.exe (Sony Corporation) PRC - C:\WINDOWS\system32\BRSS01A.EXE (brother Industries Ltd) ========== Modules (SafeList) ========== MOD - C:\Documents and Settings\stephen\My Documents\Downloads\OTL.exe (OldTimer Tools) MOD - C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.6028_x-ww_61e65202\comctl32.dll (Microsoft Corporation) ========== Win32 Services (SafeList) ========== SRV - (AppMgmt) -- C:\WINDOWS\System32\appmgmts.dll File not found SRV - (AntiVirService) -- C:\Program Files\Avira\AntiVir Desktop\avguard.exe (Avira GmbH) SRV - (SpyHunter 4 Service) -- C:\Program Files\Enigma Software Group\SpyHunter\SH4Service.exe (Enigma Software Group USA, LLC.) SRV - (AntiVirSchedulerService) -- C:\Program Files\Avira\AntiVir Desktop\sched.exe (Avira GmbH) SRV - (WLSetupSvc) -- C:\Program Files\Windows Live\installer\WLSetupSvc.exe (Microsoft Corporation) SRV - (VAIOMediaPlatform-IntegratedServer-AppServer) -- C:\Program Files\Sony\VAIO Media Integrated Server\VMISrv.exe (Sony Corporation) SRV - (SSScsiSV) -- C:\Program Files\Common Files\Sony Shared\AVLib\SSScsiSV.exe (Sony Corporation) SRV - (VAIOMediaPlatform-Mobile-Gateway) -- C:\Program Files\Sony\VAIO Media Integrated Server\Platform\VmGateway.exe (Sony Corporation) SRV - (VzFw) -- C:\Program Files\Common Files\Sony Shared\VAIO Entertainment Platform\VzCdb\VzFw.exe (Sony Corporation) SRV - (VzCdbSvc) -- C:\Program Files\Common Files\Sony Shared\VAIO Entertainment Platform\VzCdb\VzCdbSvc.exe (Sony Corporation) SRV - (Vcsw) -- C:\Program Files\Common Files\Sony Shared\VAIO Entertainment Platform\VCSW\VCSW.exe (Sony Corporation) SRV - (VAIO Entertainment TV Device Arbitration Service) -- C:\Program Files\Common Files\Sony Shared\VAIO Entertainment Platform\VzCs\VzHardwareResourceManager\VzHardwareResourceManager.exe (Sony Corporation) SRV - (MSCSPTISRV) -- C:\Program Files\Common Files\Sony Shared\AVLib\MSCSPTISRV.exe (Sony Corporation) SRV - (PACSPTISVR) -- C:\Program Files\Common Files\Sony Shared\AVLib\PACSPTISVR.exe (Sony Corporation) SRV - (SPTISRV) -- C:\Program Files\Common Files\Sony Shared\AVLib\SPTISRV.exe (Sony Corporation) SRV - (VAIOMediaPlatform-IntegratedServer-UPnP) VAIO Media Integrated Server (UPnP) -- C:\Program Files\Sony\VAIO Media Integrated Server\Platform\UPnPFramework.exe (Sony Corporation) SRV - (VAIOMediaPlatform-IntegratedServer-HTTP) VAIO Media Integrated Server (HTTP) -- C:\Program Files\Sony\VAIO Media Integrated Server\Platform\SV_Httpd.exe (Sony Corporation) SRV - (OKI OPHD DCS Loader) -- C:\WINDOWS\system32\spool\drivers\w32x86\3\OPHDLDCS.EXE (Oki Data Corporation) SRV - (S24EventMonitor) -- C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe (Intel Corporation ) SRV - (EvtEng) -- C:\Program Files\Intel\Wireless\Bin\EvtEng.exe (Intel Corporation) SRV - (RegSrvc) -- C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe (Intel Corporation) SRV - (Image Converter video recording monitor for VAIO Entertainment) -- C:\Program Files\Sony\Image Converter 2\IcVzMon.exe (Sony Corporation) SRV - (VAIO Event Service) -- C:\Program Files\Sony\VAIO Event Service\VESMgr.exe (Sony Corporation) SRV - (Brother XP spl Service) -- C:\WINDOWS\system32\BRSVC01A.EXE (brother Industries Ltd) ========== Driver Services (SafeList) ========== DRV - (tmcomm) -- C:\WINDOWS\System32\drivers\tmcomm.sys File not found DRV - (NWUSBPort) -- C:\WINDOWS\System32\DRIVERS\nwusbser.sys File not found DRV - (NWUSBModem) -- C:\WINDOWS\System32\DRIVERS\nwusbmdm.sys File not found DRV - (NWADI) -- C:\WINDOWS\System32\DRIVERS\NWADIenum.sys File not found DRV - (DwProt) -- File not found DRV - (catchme) -- C:\Combo-Fix\catchme.sys File not found DRV - (avipbb) -- C:\WINDOWS\system32\drivers\avipbb.sys (Avira GmbH) DRV - (avgntflt) -- C:\WINDOWS\system32\drivers\avgntflt.sys (Avira GmbH) DRV - (ssmdrv) -- C:\WINDOWS\system32\drivers\ssmdrv.sys (Avira GmbH) DRV - (avgio) -- C:\Program Files\Avira\AntiVir Desktop\avgio.sys (Avira GmbH) DRV - (esgiguard) -- C:\Program Files\Enigma Software Group\SpyHunter\esgiguard.sys () DRV - (mf) -- C:\WINDOWS\system32\drivers\mf.sys (Microsoft Corporation) DRV - (HDAudBus) -- C:\WINDOWS\system32\drivers\hdaudbus.sys (Windows ® Server 2003 DDK provider) DRV - (tifmsony) -- C:\WINDOWS\system32\drivers\tifmsony.sys (Texas Instruments) DRV - (SonyImgF) -- C:\WINDOWS\system32\drivers\SonyImgF.sys (Sony Corporation) DRV - (usbvm321) -- C:\WINDOWS\system32\drivers\usbvm321.sys (Vimicro Corporation) DRV - (HSF_DPV) -- C:\WINDOWS\system32\drivers\HSF_DPV.sys (Conexant Systems, Inc.) DRV - (HSFHWAZL) -- C:\WINDOWS\system32\drivers\HSFHWAZL.sys (Conexant Systems, Inc.) DRV - (winachsf) -- C:\WINDOWS\system32\drivers\HSF_CNXT.sys (Conexant Systems, Inc.) DRV - (IntcAzAudAddService) Service for Realtek HD Audio (WDM) -- C:\WINDOWS\system32\drivers\RtkHDAud.sys (Realtek Semiconductor Corp.) DRV - (s24trans) -- C:\WINDOWS\system32\drivers\s24trans.sys (Intel Corporation) DRV - (w29n51) Intel® -- C:\WINDOWS\system32\drivers\w29n51.sys (Intel
  21. not able to install the software. getting an installation error "NSIS"
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.