stayley
-
Posts
42 -
Joined
-
Last visited
Content Type
Events
Profiles
Forums
Posts posted by stayley
-
-
I deleted the files that were in quarantine with ESET. However there was one virus that it could not delete. don't know what to do about this.
-
08:46:13.0362 3408 TDSS rootkit removing tool 2.8.15.0 Oct 31 2012 21:47:35
08:46:13.0698 3408 ============================================================
08:46:13.0698 3408 Current date / time: 2012/12/03 08:46:13.0698
08:46:13.0698 3408 SystemInfo:
08:46:13.0698 3408
08:46:13.0698 3408 OS Version: 6.1.7601 ServicePack: 1.0
08:46:13.0698 3408 Product type: Workstation
08:46:13.0698 3408 ComputerName: GATEWAYWORK
08:46:13.0698 3408 UserName: Stephen
08:46:13.0698 3408 Windows directory: C:\Windows
08:46:13.0698 3408 System windows directory: C:\Windows
08:46:13.0698 3408 Running under WOW64
08:46:13.0698 3408 Processor architecture: Intel x64
08:46:13.0698 3408 Number of processors: 4
08:46:13.0698 3408 Page size: 0x1000
08:46:13.0698 3408 Boot type: Normal boot
08:46:13.0698 3408 ============================================================
08:46:14.0824 3408 Drive \Device\Harddisk0\DR0 - Size: 0xE8E0DB6000 (931.51 Gb), SectorSize: 0x200, Cylinders: 0x1DB01, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000040
08:46:14.0840 3408 ============================================================
08:46:14.0840 3408 \Device\Harddisk0\DR0:
08:46:14.0840 3408 MBR partitions:
08:46:14.0840 3408 \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x1C00800, BlocksNum 0x32000
08:46:14.0840 3408 \Device\Harddisk0\DR0\Partition2: MBR, Type 0x7, StartLBA 0x1C32800, BlocksNum 0x72AD3800
08:46:14.0840 3408 ============================================================
08:46:14.0857 3408 C: <-> \Device\Harddisk0\DR0\Partition2
08:46:14.0857 3408 ============================================================
08:46:14.0857 3408 Initialize success
08:46:14.0857 3408 ============================================================
08:47:25.0010 6140 ============================================================
08:47:25.0010 6140 Scan started
08:47:25.0010 6140 Mode: Manual;
08:47:25.0010 6140 ============================================================
08:47:25.0225 6140 ================ Scan system memory ========================
08:47:25.0225 6140 System memory - ok
08:47:25.0225 6140 ================ Scan services =============================
08:47:25.0367 6140 [ A87D604AEA360176311474C87A63BB88 ] 1394ohci C:\Windows\system32\drivers\1394ohci.sys
08:47:25.0370 6140 1394ohci - ok
08:47:25.0381 6140 [ D81D9E70B8A6DD14D42D7B4EFA65D5F2 ] ACPI C:\Windows\system32\drivers\ACPI.sys
08:47:25.0383 6140 ACPI - ok
08:47:25.0409 6140 [ 99F8E788246D495CE3794D7E7821D2CA ] AcpiPmi C:\Windows\system32\drivers\acpipmi.sys
08:47:25.0411 6140 AcpiPmi - ok
08:47:25.0486 6140 [ D19C4EE2AC7C47B8F5F84FFF1A789D8A ] AdobeARMservice C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
08:47:25.0488 6140 AdobeARMservice - ok
08:47:25.0563 6140 [ 0CB0AA071C7B86A64F361DCFDF357329 ] AdobeFlashPlayerUpdateSvc C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
08:47:25.0563 6140 AdobeFlashPlayerUpdateSvc - ok
08:47:25.0583 6140 [ 2F6B34B83843F0C5118B63AC634F5BF4 ] adp94xx C:\Windows\system32\drivers\adp94xx.sys
08:47:25.0588 6140 adp94xx - ok
08:47:25.0608 6140 [ 597F78224EE9224EA1A13D6350CED962 ] adpahci C:\Windows\system32\drivers\adpahci.sys
08:47:25.0613 6140 adpahci - ok
08:47:25.0628 6140 [ E109549C90F62FB570B9540C4B148E54 ] adpu320 C:\Windows\system32\drivers\adpu320.sys
08:47:25.0633 6140 adpu320 - ok
08:47:25.0643 6140 [ 4B78B431F225FD8624C5655CB1DE7B61 ] AeLookupSvc C:\Windows\System32\aelupsvc.dll
08:47:25.0648 6140 AeLookupSvc - ok
08:47:25.0667 6140 [ 1C7857B62DE5994A75B054A9FD4C3825 ] AFD C:\Windows\system32\drivers\afd.sys
08:47:25.0671 6140 AFD - ok
08:47:25.0721 6140 [ 8492D198CA7B91202816A23F7230D11B ] Agent C:\Windows\VPDAgent_x64.exe
08:47:25.0722 6140 Agent - ok
08:47:25.0734 6140 [ 608C14DBA7299D8CB6ED035A68A15799 ] agp440 C:\Windows\system32\drivers\agp440.sys
08:47:25.0736 6140 agp440 - ok
08:47:25.0751 6140 [ 3290D6946B5E30E70414990574883DDB ] ALG C:\Windows\System32\alg.exe
08:47:25.0753 6140 ALG - ok
08:47:25.0768 6140 [ 5812713A477A3AD7363C7438CA2EE038 ] aliide C:\Windows\system32\drivers\aliide.sys
08:47:25.0770 6140 aliide - ok
08:47:25.0778 6140 [ 1FF8B4431C353CE385C875F194924C0C ] amdide C:\Windows\system32\drivers\amdide.sys
08:47:25.0780 6140 amdide - ok
08:47:25.0791 6140 [ 7024F087CFF1833A806193EF9D22CDA9 ] AmdK8 C:\Windows\system32\drivers\amdk8.sys
08:47:25.0793 6140 AmdK8 - ok
08:47:25.0798 6140 [ 1E56388B3FE0D031C44144EB8C4D6217 ] AmdPPM C:\Windows\system32\drivers\amdppm.sys
08:47:25.0800 6140 AmdPPM - ok
08:47:25.0805 6140 [ D4121AE6D0C0E7E13AA221AA57EF2D49 ] amdsata C:\Windows\system32\drivers\amdsata.sys
08:47:25.0807 6140 amdsata - ok
08:47:25.0819 6140 [ F67F933E79241ED32FF46A4F29B5120B ] amdsbs C:\Windows\system32\drivers\amdsbs.sys
08:47:25.0821 6140 amdsbs - ok
08:47:25.0828 6140 [ 540DAF1CEA6094886D72126FD7C33048 ] amdxata C:\Windows\system32\drivers\amdxata.sys
08:47:25.0828 6140 amdxata - ok
08:47:25.0845 6140 [ 89A69C3F2F319B43379399547526D952 ] AppID C:\Windows\system32\drivers\appid.sys
08:47:25.0847 6140 AppID - ok
08:47:25.0860 6140 [ 0BC381A15355A3982216F7172F545DE1 ] AppIDSvc C:\Windows\System32\appidsvc.dll
08:47:25.0862 6140 AppIDSvc - ok
08:47:25.0892 6140 [ 3977D4A871CA0D4F2ED1E7DB46829731 ] Appinfo C:\Windows\System32\appinfo.dll
08:47:25.0893 6140 Appinfo - ok
08:47:25.0929 6140 [ C484F8CEB1717C540242531DB7845C4E ] arc C:\Windows\system32\drivers\arc.sys
08:47:25.0931 6140 arc - ok
08:47:25.0933 6140 [ 019AF6924AEFE7839F61C830227FE79C ] arcsas C:\Windows\system32\drivers\arcsas.sys
08:47:25.0934 6140 arcsas - ok
08:47:25.0961 6140 [ 769765CE2CC62867468CEA93969B2242 ] AsyncMac C:\Windows\system32\DRIVERS\asyncmac.sys
08:47:25.0967 6140 AsyncMac - ok
08:47:26.0010 6140 [ 02062C0B390B7729EDC9E69C680A6F3C ] atapi C:\Windows\system32\drivers\atapi.sys
08:47:26.0010 6140 atapi - ok
08:47:26.0025 6140 [ F23FEF6D569FCE88671949894A8BECF1 ] AudioEndpointBuilder C:\Windows\System32\Audiosrv.dll
08:47:26.0030 6140 AudioEndpointBuilder - ok
08:47:26.0036 6140 [ F23FEF6D569FCE88671949894A8BECF1 ] AudioSrv C:\Windows\System32\Audiosrv.dll
08:47:26.0039 6140 AudioSrv - ok
08:47:26.0085 6140 [ A6BF31A71B409DFA8CAC83159E1E2AFF ] AxInstSV C:\Windows\System32\AxInstSV.dll
08:47:26.0087 6140 AxInstSV - ok
08:47:26.0103 6140 [ 3E5B191307609F7514148C6832BB0842 ] b06bdrv C:\Windows\system32\drivers\bxvbda.sys
08:47:26.0107 6140 b06bdrv - ok
08:47:26.0136 6140 [ B5ACE6968304A3900EEB1EBFD9622DF2 ] b57nd60a C:\Windows\system32\DRIVERS\b57nd60a.sys
08:47:26.0138 6140 b57nd60a - ok
08:47:26.0175 6140 [ 87F3BCF82A63E900AF896CD930BF7E05 ] BBSvc C:\Program Files (x86)\Microsoft\BingBar\BBSvc.EXE
08:47:26.0177 6140 BBSvc - ok
08:47:26.0203 6140 [ 78779EE07231C658B483B1F38B5088DF ] BBUpdate C:\Program Files (x86)\Microsoft\BingBar\SeaPort.EXE
08:47:26.0204 6140 BBUpdate - ok
08:47:26.0214 6140 [ FDE360167101B4E45A96F939F388AEB0 ] BDESVC C:\Windows\System32\bdesvc.dll
08:47:26.0216 6140 BDESVC - ok
08:47:26.0225 6140 [ 16A47CE2DECC9B099349A5F840654746 ] Beep C:\Windows\system32\drivers\Beep.sys
08:47:26.0227 6140 Beep - ok
08:47:26.0297 6140 [ 82974D6A2FD19445CC5171FC378668A4 ] BFE C:\Windows\System32\bfe.dll
08:47:26.0303 6140 BFE - ok
08:47:26.0341 6140 [ 1EA7969E3271CBC59E1730697DC74682 ] BITS C:\Windows\system32\qmgr.dll
08:47:26.0348 6140 BITS - ok
08:47:26.0353 6140 [ 61583EE3C3A17003C4ACD0475646B4D3 ] blbdrive C:\Windows\system32\drivers\blbdrive.sys
08:47:26.0354 6140 blbdrive - ok
08:47:26.0406 6140 [ 5AB58C337AC65837FE404462AD6265AB ] Bonjour Service C:\Program Files (x86)\Bonjour\mDNSResponder.exe
08:47:26.0408 6140 Bonjour Service - ok
08:47:26.0430 6140 [ 6C02A83164F5CC0A262F4199F0871CF5 ] bowser C:\Windows\system32\DRIVERS\bowser.sys
08:47:26.0432 6140 bowser - ok
08:47:26.0444 6140 [ F09EEE9EDC320B5E1501F749FDE686C8 ] BrFiltLo C:\Windows\system32\drivers\BrFiltLo.sys
08:47:26.0446 6140 BrFiltLo - ok
08:47:26.0453 6140 [ B114D3098E9BDB8BEA8B053685831BE6 ] BrFiltUp C:\Windows\system32\drivers\BrFiltUp.sys
08:47:26.0454 6140 BrFiltUp - ok
08:47:26.0463 6140 [ 5C2F352A4E961D72518261257AAE204B ] BridgeMP C:\Windows\system32\DRIVERS\bridge.sys
08:47:26.0465 6140 BridgeMP - ok
08:47:26.0511 6140 [ 05F5A0D14A2EE1D8255C2AA0E9E8E694 ] Browser C:\Windows\System32\browser.dll
08:47:26.0514 6140 Browser - ok
08:47:26.0527 6140 [ 43BEA8D483BF1870F018E2D02E06A5BD ] Brserid C:\Windows\system32\DRIVERS\BrSerId.sys
08:47:26.0530 6140 Brserid - ok
08:47:26.0541 6140 [ A6ECA2151B08A09CACECA35C07F05B42 ] BrSerWdm C:\Windows\System32\Drivers\BrSerWdm.sys
08:47:26.0543 6140 BrSerWdm - ok
08:47:26.0550 6140 [ B79968002C277E869CF38BD22CD61524 ] BrUsbMdm C:\Windows\System32\Drivers\BrUsbMdm.sys
08:47:26.0552 6140 BrUsbMdm - ok
08:47:26.0566 6140 [ A87528880231C54E75EA7A44943B38BF ] BrUsbSer C:\Windows\system32\DRIVERS\BrUsbSer.sys
08:47:26.0568 6140 BrUsbSer - ok
08:47:26.0576 6140 [ 9DA669F11D1F894AB4EB69BF546A42E8 ] BTHMODEM C:\Windows\system32\drivers\bthmodem.sys
08:47:26.0578 6140 BTHMODEM - ok
08:47:26.0586 6140 [ 95F9C2976059462CBBF227F7AAB10DE9 ] bthserv C:\Windows\system32\bthserv.dll
08:47:26.0587 6140 bthserv - ok
08:47:26.0610 6140 catchme - ok
08:47:26.0643 6140 [ B8BD2BB284668C84865658C77574381A ] cdfs C:\Windows\system32\DRIVERS\cdfs.sys
08:47:26.0645 6140 cdfs - ok
08:47:26.0655 6140 [ F036CE71586E93D94DAB220D7BDF4416 ] cdrom C:\Windows\system32\DRIVERS\cdrom.sys
08:47:26.0656 6140 cdrom - ok
08:47:26.0694 6140 [ F17D1D393BBC69C5322FBFAFACA28C7F ] CertPropSvc C:\Windows\System32\certprop.dll
08:47:26.0697 6140 CertPropSvc - ok
08:47:26.0713 6140 [ D7CD5C4E1B71FA62050515314CFB52CF ] circlass C:\Windows\system32\drivers\circlass.sys
08:47:26.0715 6140 circlass - ok
08:47:26.0732 6140 [ FE1EC06F2253F691FE36217C592A0206 ] CLFS C:\Windows\system32\CLFS.sys
08:47:26.0734 6140 CLFS - ok
08:47:26.0770 6140 [ D88040F816FDA31C3B466F0FA0918F29 ] clr_optimization_v2.0.50727_32 C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
08:47:26.0781 6140 clr_optimization_v2.0.50727_32 - ok
08:47:26.0807 6140 [ D1CEEA2B47CB998321C579651CE3E4F8 ] clr_optimization_v2.0.50727_64 C:\Windows\Microsoft.NET\Framework64\v2.0.50727\mscorsvw.exe
08:47:26.0810 6140 clr_optimization_v2.0.50727_64 - ok
08:47:26.0836 6140 [ C5A75EB48E2344ABDC162BDA79E16841 ] clr_optimization_v4.0.30319_32 C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
08:47:26.0853 6140 clr_optimization_v4.0.30319_32 - ok
08:47:26.0880 6140 [ C6F9AF94DCD58122A4D7E89DB6BED29D ] clr_optimization_v4.0.30319_64 C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe
08:47:26.0881 6140 clr_optimization_v4.0.30319_64 - ok
08:47:26.0888 6140 [ 0840155D0BDDF1190F84A663C284BD33 ] CmBatt C:\Windows\system32\drivers\CmBatt.sys
08:47:26.0890 6140 CmBatt - ok
08:47:26.0900 6140 [ E19D3F095812725D88F9001985B94EDD ] cmdide C:\Windows\system32\drivers\cmdide.sys
08:47:26.0902 6140 cmdide - ok
08:47:26.0957 6140 [ 9AC4F97C2D3E93367E2148EA940CD2CD ] CNG C:\Windows\system32\Drivers\cng.sys
08:47:26.0960 6140 CNG - ok
08:47:26.0973 6140 [ 102DE219C3F61415F964C88E9085AD14 ] Compbatt C:\Windows\system32\drivers\compbatt.sys
08:47:26.0975 6140 Compbatt - ok
08:47:26.0992 6140 [ 03EDB043586CCEBA243D689BDDA370A8 ] CompositeBus C:\Windows\system32\drivers\CompositeBus.sys
08:47:26.0994 6140 CompositeBus - ok
08:47:27.0004 6140 COMSysApp - ok
08:47:27.0031 6140 [ 927DA6432AF23ECD82FDB6A7E76CC842 ] cphs C:\Windows\SysWow64\IntelCpHeciSvc.exe
08:47:27.0035 6140 cphs - ok
08:47:27.0044 6140 [ 1C827878A998C18847245FE1F34EE597 ] crcdisk C:\Windows\system32\drivers\crcdisk.sys
08:47:27.0046 6140 crcdisk - ok
08:47:27.0094 6140 [ 9C01375BE382E834CC26D1B7EAF2C4FE ] CryptSvc C:\Windows\system32\cryptsvc.dll
08:47:27.0096 6140 CryptSvc - ok
08:47:27.0152 6140 [ 72794D112CBAFF3BC0C29BF7350D4741 ] cvhsvc C:\Program Files (x86)\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE
08:47:27.0156 6140 cvhsvc - ok
08:47:27.0188 6140 [ 5C627D1B1138676C0A7AB2C2C190D123 ] DcomLaunch C:\Windows\system32\rpcss.dll
08:47:27.0192 6140 DcomLaunch - ok
08:47:27.0216 6140 [ 3CEC7631A84943677AA8FA8EE5B6B43D ] defragsvc C:\Windows\System32\defragsvc.dll
08:47:27.0218 6140 defragsvc - ok
08:47:27.0225 6140 [ 9BB2EF44EAA163B29C4A4587887A0FE4 ] DfsC C:\Windows\system32\Drivers\dfsc.sys
08:47:27.0227 6140 DfsC - ok
08:47:27.0245 6140 [ 105373D52E71D2D1355AD3ACD18259C3 ] dg_ssudbus C:\Windows\system32\DRIVERS\ssudbus.sys
08:47:27.0247 6140 dg_ssudbus - ok
08:47:27.0258 6140 [ 43D808F5D9E1A18E5EEB5EBC83969E4E ] Dhcp C:\Windows\system32\dhcpcore.dll
08:47:27.0261 6140 Dhcp - ok
08:47:27.0266 6140 [ 13096B05847EC78F0977F2C0F79E9AB3 ] discache C:\Windows\system32\drivers\discache.sys
08:47:27.0268 6140 discache - ok
08:47:27.0286 6140 [ 9819EEE8B5EA3784EC4AF3B137A5244C ] Disk C:\Windows\system32\drivers\disk.sys
08:47:27.0288 6140 Disk - ok
08:47:27.0300 6140 [ 16835866AAA693C7D7FCEBA8FFF706E4 ] Dnscache C:\Windows\System32\dnsrslvr.dll
08:47:27.0301 6140 Dnscache - ok
08:47:27.0305 6140 [ B1FB3DDCA0FDF408750D5843591AFBC6 ] dot3svc C:\Windows\System32\dot3svc.dll
08:47:27.0308 6140 dot3svc - ok
08:47:27.0316 6140 [ B26F4F737E8F9DF4F31AF6CF31D05820 ] DPS C:\Windows\system32\dps.dll
08:47:27.0318 6140 DPS - ok
08:47:27.0335 6140 [ 9B19F34400D24DF84C858A421C205754 ] drmkaud C:\Windows\system32\drivers\drmkaud.sys
08:47:27.0336 6140 drmkaud - ok
08:47:27.0355 6140 [ F5BEE30450E18E6B83A5012C100616FD ] DXGKrnl C:\Windows\System32\drivers\dxgkrnl.sys
08:47:27.0359 6140 DXGKrnl - ok
08:47:27.0387 6140 [ 5DB7CEB8FB44ABF01614E33BAD2056E0 ] e1cexpress C:\Windows\system32\DRIVERS\e1c62x64.sys
08:47:27.0388 6140 e1cexpress - ok
08:47:27.0401 6140 [ E2DDA8726DA9CB5B2C4000C9018A9633 ] EapHost C:\Windows\System32\eapsvc.dll
08:47:27.0403 6140 EapHost - ok
08:47:27.0440 6140 [ DC5D737F51BE844D8C82C695EB17372F ] ebdrv C:\Windows\system32\drivers\evbda.sys
08:47:27.0541 6140 ebdrv - ok
08:47:27.0555 6140 [ C118A82CD78818C29AB228366EBF81C3 ] EFS C:\Windows\System32\lsass.exe
08:47:27.0558 6140 EFS - ok
08:47:27.0590 6140 [ C4002B6B41975F057D98C439030CEA07 ] ehRecvr C:\Windows\ehome\ehRecvr.exe
08:47:27.0594 6140 ehRecvr - ok
08:47:27.0610 6140 [ 4705E8EF9934482C5BB488CE28AFC681 ] ehSched C:\Windows\ehome\ehsched.exe
08:47:27.0612 6140 ehSched - ok
08:47:27.0627 6140 [ 0E5DA5369A0FCAEA12456DD852545184 ] elxstor C:\Windows\system32\drivers\elxstor.sys
08:47:27.0631 6140 elxstor - ok
08:47:27.0648 6140 [ 34A3C54752046E79A126E15C51DB409B ] ErrDev C:\Windows\system32\drivers\errdev.sys
08:47:27.0649 6140 ErrDev - ok
08:47:27.0666 6140 [ 4166F82BE4D24938977DD1746BE9B8A0 ] EventSystem C:\Windows\system32\es.dll
08:47:27.0669 6140 EventSystem - ok
08:47:27.0702 6140 [ A510C654EC00C1E9BDD91EEB3A59823B ] exfat C:\Windows\system32\drivers\exfat.sys
08:47:27.0704 6140 exfat - ok
08:47:27.0721 6140 [ 0ADC83218B66A6DB380C330836F3E36D ] fastfat C:\Windows\system32\drivers\fastfat.sys
08:47:27.0723 6140 fastfat - ok
08:47:27.0748 6140 [ DBEFD454F8318A0EF691FDD2EAAB44EB ] Fax C:\Windows\system32\fxssvc.exe
08:47:27.0752 6140 Fax - ok
08:47:27.0762 6140 [ D765D19CD8EF61F650C384F62FAC00AB ] fdc C:\Windows\system32\drivers\fdc.sys
08:47:27.0763 6140 fdc - ok
08:47:27.0778 6140 [ 0438CAB2E03F4FB61455A7956026FE86 ] fdPHost C:\Windows\system32\fdPHost.dll
08:47:27.0779 6140 fdPHost - ok
08:47:27.0790 6140 [ 802496CB59A30349F9A6DD22D6947644 ] FDResPub C:\Windows\system32\fdrespub.dll
08:47:27.0791 6140 FDResPub - ok
08:47:27.0802 6140 [ 655661BE46B5F5F3FD454E2C3095B930 ] FileInfo C:\Windows\system32\drivers\fileinfo.sys
08:47:27.0804 6140 FileInfo - ok
08:47:27.0815 6140 [ 5F671AB5BC87EEA04EC38A6CD5962A47 ] Filetrace C:\Windows\system32\drivers\filetrace.sys
08:47:27.0817 6140 Filetrace - ok
08:47:27.0828 6140 [ C172A0F53008EAEB8EA33FE10E177AF5 ] flpydisk C:\Windows\system32\drivers\flpydisk.sys
08:47:27.0830 6140 flpydisk - ok
08:47:27.0835 6140 [ DA6B67270FD9DB3697B20FCE94950741 ] FltMgr C:\Windows\system32\drivers\fltmgr.sys
08:47:27.0837 6140 FltMgr - ok
08:47:27.0858 6140 [ 5C4CB4086FB83115B153E47ADD961A0C ] FontCache C:\Windows\system32\FntCache.dll
08:47:27.0875 6140 FontCache - ok
08:47:27.0896 6140 [ A8B7F3818AB65695E3A0BB3279F6DCE6 ] FontCache3.0.0.0 C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe
08:47:27.0898 6140 FontCache3.0.0.0 - ok
08:47:27.0910 6140 [ D43703496149971890703B4B1B723EAC ] FsDepends C:\Windows\system32\drivers\FsDepends.sys
08:47:27.0912 6140 FsDepends - ok
08:47:27.0925 6140 [ 6BD9295CC032DD3077C671FCCF579A7B ] Fs_Rec C:\Windows\system32\drivers\Fs_Rec.sys
08:47:27.0926 6140 Fs_Rec - ok
08:47:27.0930 6140 [ 1F7B25B858FA27015169FE95E54108ED ] fvevol C:\Windows\system32\DRIVERS\fvevol.sys
08:47:27.0932 6140 fvevol - ok
08:47:27.0941 6140 [ 8C778D335C9D272CFD3298AB02ABE3B6 ] gagp30kx C:\Windows\system32\drivers\gagp30kx.sys
08:47:27.0944 6140 gagp30kx - ok
08:47:27.0973 6140 [ E6460809993FA1A86899AB39D2B785B6 ] gfiark C:\Windows\system32\drivers\gfiark.sys
08:47:27.0975 6140 gfiark - ok
08:47:28.0030 6140 [ AD826942E10F8D18C29E365CE426A21B ] gfi_lanss10_attservice C:\Program Files (x86)\GFI Software\VIPRE\LanGuard 10 Agent\lnssatt.exe
08:47:28.0031 6140 gfi_lanss10_attservice - ok
08:47:28.0045 6140 [ 277BBC7E1AA1EE957F573A10ECA7EF3A ] gpsvc C:\Windows\System32\gpsvc.dll
08:47:28.0050 6140 gpsvc - ok
08:47:28.0093 6140 [ 32096F187020A54D29C95B3A1467D963 ] GREGService C:\Program Files (x86)\Gateway\Registration\GREGsvc.exe
08:47:28.0094 6140 GREGService - ok
08:47:28.0123 6140 [ 506708142BC63DABA64F2D3AD1DCD5BF ] gupdate C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
08:47:28.0124 6140 gupdate - ok
08:47:28.0127 6140 [ 506708142BC63DABA64F2D3AD1DCD5BF ] gupdatem C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
08:47:28.0128 6140 gupdatem - ok
08:47:28.0141 6140 [ F2523EF6460FC42405B12248338AB2F0 ] hcw85cir C:\Windows\system32\drivers\hcw85cir.sys
08:47:28.0142 6140 hcw85cir - ok
08:47:28.0165 6140 [ 975761C778E33CD22498059B91E7373A ] HdAudAddService C:\Windows\system32\drivers\HdAudio.sys
08:47:28.0168 6140 HdAudAddService - ok
08:47:28.0188 6140 [ 97BFED39B6B79EB12CDDBFEED51F56BB ] HDAudBus C:\Windows\system32\drivers\HDAudBus.sys
08:47:28.0190 6140 HDAudBus - ok
08:47:28.0202 6140 [ 78E86380454A7B10A5EB255DC44A355F ] HidBatt C:\Windows\system32\drivers\HidBatt.sys
08:47:28.0204 6140 HidBatt - ok
08:47:28.0211 6140 [ 7FD2A313F7AFE5C4DAB14798C48DD104 ] HidBth C:\Windows\system32\drivers\hidbth.sys
08:47:28.0213 6140 HidBth - ok
08:47:28.0223 6140 [ 0A77D29F311B88CFAE3B13F9C1A73825 ] HidIr C:\Windows\system32\drivers\hidir.sys
08:47:28.0225 6140 HidIr - ok
08:47:28.0235 6140 [ BD9EB3958F213F96B97B1D897DEE006D ] hidserv C:\Windows\System32\hidserv.dll
08:47:28.0237 6140 hidserv - ok
08:47:28.0245 6140 [ 9592090A7E2B61CD582B612B6DF70536 ] HidUsb C:\Windows\system32\DRIVERS\hidusb.sys
08:47:28.0246 6140 HidUsb - ok
08:47:28.0266 6140 [ 387E72E739E15E3D37907A86D9FF98E2 ] hkmsvc C:\Windows\system32\kmsvc.dll
08:47:28.0269 6140 hkmsvc - ok
08:47:28.0279 6140 [ EFDFB3DD38A4376F93E7985173813ABD ] HomeGroupListener C:\Windows\system32\ListSvc.dll
08:47:28.0281 6140 HomeGroupListener - ok
08:47:28.0303 6140 [ 908ACB1F594274965A53926B10C81E89 ] HomeGroupProvider C:\Windows\system32\provsvc.dll
08:47:28.0305 6140 HomeGroupProvider - ok
08:47:28.0307 6140 [ 39D2ABCD392F3D8A6DCE7B60AE7B8EFC ] HpSAMD C:\Windows\system32\drivers\HpSAMD.sys
08:47:28.0308 6140 HpSAMD - ok
08:47:28.0321 6140 [ 0EA7DE1ACB728DD5A369FD742D6EEE28 ] HTTP C:\Windows\system32\drivers\HTTP.sys
08:47:28.0326 6140 HTTP - ok
08:47:28.0336 6140 [ A5462BD6884960C9DC85ED49D34FF392 ] hwpolicy C:\Windows\system32\drivers\hwpolicy.sys
08:47:28.0336 6140 hwpolicy - ok
08:47:28.0354 6140 [ FA55C73D4AFFA7EE23AC4BE53B4592D3 ] i8042prt C:\Windows\system32\DRIVERS\i8042prt.sys
08:47:28.0356 6140 i8042prt - ok
08:47:28.0376 6140 [ C224331A54571C8C9162F7714400BBBD ] iaStor C:\Windows\system32\DRIVERS\iaStor.sys
08:47:28.0379 6140 iaStor - ok
08:47:28.0445 6140 [ 7D4B9A48430ED57ACA6373B71D5904CA ] IAStorDataMgrSvc C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe
08:47:28.0445 6140 IAStorDataMgrSvc - ok
08:47:28.0457 6140 [ AAAF44DB3BD0B9D1FB6969B23ECC8366 ] iaStorV C:\Windows\system32\drivers\iaStorV.sys
08:47:28.0464 6140 iaStorV - ok
08:47:28.0496 6140 [ 5988FC40F8DB5B0739CD1E3A5D0D78BD ] idsvc C:\Windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\infocard.exe
08:47:28.0503 6140 idsvc - ok
08:47:28.0648 6140 [ 0638D16029B1C800908D965AC78970C7 ] igfx C:\Windows\system32\DRIVERS\igdkmd64.sys
08:47:28.0785 6140 igfx - ok
08:47:28.0804 6140 [ 5C18831C61933628F5BB0EA2675B9D21 ] iirsp C:\Windows\system32\drivers\iirsp.sys
08:47:28.0805 6140 iirsp - ok
08:47:28.0826 6140 [ FCD84C381E0140AF901E58D48882D26B ] IKEEXT C:\Windows\System32\ikeext.dll
08:47:28.0831 6140 IKEEXT - ok
08:47:28.0882 6140 [ ABA41EE6F5EEFC034F3BBD025506B37E ] IntcAzAudAddService C:\Windows\system32\drivers\RTKVHD64.sys
08:47:28.0894 6140 IntcAzAudAddService - ok
08:47:28.0922 6140 [ 6C9FFFECA9FED31347D211C5D1FFBD2D ] IntcDAud C:\Windows\system32\DRIVERS\IntcDAud.sys
08:47:28.0924 6140 IntcDAud - ok
08:47:28.0959 6140 [ 832CE330DD987227B7DEA8C03F22AEFA ] Intel® Capability Licensing Service Interface C:\Program Files\Intel\iCLS Client\HeciServer.exe
08:47:28.0963 6140 Intel® Capability Licensing Service Interface - ok
08:47:29.0015 6140 [ 4A9EB8AC8959C580ADCADDBDBBEBE033 ] Intel® PROSet Monitoring Service C:\Windows\system32\IProsetMonitor.exe
08:47:29.0017 6140 Intel® PROSet Monitoring Service - ok
08:47:29.0032 6140 [ F00F20E70C6EC3AA366910083A0518AA ] intelide C:\Windows\system32\drivers\intelide.sys
08:47:29.0033 6140 intelide - ok
08:47:29.0049 6140 [ ADA036632C664CAA754079041CF1F8C1 ] intelppm C:\Windows\system32\DRIVERS\intelppm.sys
08:47:29.0050 6140 intelppm - ok
08:47:29.0068 6140 [ 098A91C54546A3B878DAD6A7E90A455B ] IPBusEnum C:\Windows\system32\ipbusenum.dll
08:47:29.0070 6140 IPBusEnum - ok
08:47:29.0086 6140 [ C9F0E1BD74365A8771590E9008D22AB6 ] IpFilterDriver C:\Windows\system32\DRIVERS\ipfltdrv.sys
08:47:29.0088 6140 IpFilterDriver - ok
08:47:29.0118 6140 [ 08C2957BB30058E663720C5606885653 ] iphlpsvc C:\Windows\System32\iphlpsvc.dll
08:47:29.0122 6140 iphlpsvc - ok
08:47:29.0132 6140 [ 0FC1AEA580957AA8817B8F305D18CA3A ] IPMIDRV C:\Windows\system32\drivers\IPMIDrv.sys
08:47:29.0134 6140 IPMIDRV - ok
08:47:29.0136 6140 [ AF9B39A7E7B6CAA203B3862582E9F2D0 ] IPNAT C:\Windows\system32\drivers\ipnat.sys
08:47:29.0137 6140 IPNAT - ok
08:47:29.0178 6140 [ 02DEF37AB75E0032C50724646F708DE8 ] iPodDrv C:\Windows\system32\drivers\iPodDrv.sys
08:47:29.0178 6140 iPodDrv - ok
08:47:29.0185 6140 [ 3ABF5E7213EB28966D55D58B515D5CE9 ] IRENUM C:\Windows\system32\drivers\irenum.sys
08:47:29.0186 6140 IRENUM - ok
08:47:29.0199 6140 [ 2F7B28DC3E1183E5EB418DF55C204F38 ] isapnp C:\Windows\system32\drivers\isapnp.sys
08:47:29.0200 6140 isapnp - ok
08:47:29.0209 6140 [ D931D7309DEB2317035B07C9F9E6B0BD ] iScsiPrt C:\Windows\system32\drivers\msiscsi.sys
08:47:29.0211 6140 iScsiPrt - ok
08:47:29.0229 6140 [ DC0DBA5164F657DE2AE94B9D1FF75DA4 ] iusb3hcs C:\Windows\system32\DRIVERS\iusb3hcs.sys
08:47:29.0229 6140 iusb3hcs - ok
08:47:29.0241 6140 [ BA4F3A70F03584E5B907DA815677727D ] iusb3hub C:\Windows\system32\DRIVERS\iusb3hub.sys
08:47:29.0243 6140 iusb3hub - ok
08:47:29.0257 6140 [ E6130F70D61867C7EFC13A2F808EDC58 ] iusb3xhc C:\Windows\system32\DRIVERS\iusb3xhc.sys
08:47:29.0261 6140 iusb3xhc - ok
08:47:29.0279 6140 [ 468F7516B4030603BA9D1427CCEACDF9 ] jhi_service C:\Program Files (x86)\Intel\Intel® Management Engine Components\DAL\jhi_service.exe
08:47:29.0280 6140 jhi_service - ok
08:47:29.0305 6140 [ BC02336F1CBA7DCC7D1213BB588A68A5 ] kbdclass C:\Windows\system32\DRIVERS\kbdclass.sys
08:47:29.0305 6140 kbdclass - ok
08:47:29.0317 6140 [ 0705EFF5B42A9DB58548EEC3B26BB484 ] kbdhid C:\Windows\system32\DRIVERS\kbdhid.sys
08:47:29.0318 6140 kbdhid - ok
08:47:29.0347 6140 [ C118A82CD78818C29AB228366EBF81C3 ] KeyIso C:\Windows\system32\lsass.exe
08:47:29.0348 6140 KeyIso - ok
08:47:29.0373 6140 [ 97A7070AEA4C058B6418519E869A63B4 ] KSecDD C:\Windows\system32\Drivers\ksecdd.sys
08:47:29.0375 6140 KSecDD - ok
08:47:29.0386 6140 [ 26C43A7C2862447EC59DEDA188D1DA07 ] KSecPkg C:\Windows\system32\Drivers\ksecpkg.sys
08:47:29.0387 6140 KSecPkg - ok
08:47:29.0399 6140 [ 6869281E78CB31A43E969F06B57347C4 ] ksthunk C:\Windows\system32\drivers\ksthunk.sys
08:47:29.0401 6140 ksthunk - ok
08:47:29.0414 6140 [ 6AB66E16AA859232F64DEB66887A8C9C ] KtmRm C:\Windows\system32\msdtckrm.dll
08:47:29.0418 6140 KtmRm - ok
08:47:29.0435 6140 [ D9F42719019740BAA6D1C6D536CBDAA6 ] LanmanServer C:\Windows\System32\srvsvc.dll
08:47:29.0438 6140 LanmanServer - ok
08:47:29.0448 6140 [ 851A1382EED3E3A7476DB004F4EE3E1A ] LanmanWorkstation C:\Windows\System32\wkssvc.dll
08:47:29.0451 6140 LanmanWorkstation - ok
08:47:29.0504 6140 [ 7772DFAB22611050B79504E671B06E6E ] LBTServ C:\Program Files\Common Files\LogiShrd\Bluetooth\lbtserv.exe
08:47:29.0507 6140 LBTServ - ok
08:47:29.0521 6140 [ 241F2648ADF090E2A10095BD6D6F5DCB ] LHidFilt C:\Windows\system32\DRIVERS\LHidFilt.Sys
08:47:29.0522 6140 LHidFilt - ok
08:47:29.0556 6140 [ 6BB516A31DE232DAB436FF3A117E1E80 ] Live Updater Service C:\Program Files\Gateway\Gateway Updater\UpdaterService.exe
08:47:29.0558 6140 Live Updater Service - ok
08:47:29.0586 6140 [ 1538831CF8AD2979A04C423779465827 ] lltdio C:\Windows\system32\DRIVERS\lltdio.sys
08:47:29.0587 6140 lltdio - ok
08:47:29.0603 6140 [ C1185803384AB3FEED115F79F109427F ] lltdsvc C:\Windows\System32\lltdsvc.dll
08:47:29.0606 6140 lltdsvc - ok
08:47:29.0624 6140 [ F993A32249B66C9D622EA5592A8B76B8 ] lmhosts C:\Windows\System32\lmhsvc.dll
08:47:29.0626 6140 lmhosts - ok
08:47:29.0660 6140 LMIInfo - ok
08:47:29.0673 6140 [ 413ECDCFAD9A82804D3674C8D7EEC24E ] lmimirr C:\Windows\system32\DRIVERS\lmimirr.sys
08:47:29.0673 6140 lmimirr - ok
08:47:29.0684 6140 LMIRfsClientNP - ok
08:47:29.0690 6140 [ C57D3FAA50E6F395759FFB7C709BD944 ] LMIRfsDriver C:\Windows\system32\drivers\LMIRfsDriver.sys
08:47:29.0691 6140 LMIRfsDriver - ok
08:47:29.0697 6140 [ 342ED5A4B3326014438F36D22D803737 ] LMouFilt C:\Windows\system32\DRIVERS\LMouFilt.Sys
08:47:29.0698 6140 LMouFilt - ok
08:47:29.0718 6140 [ B114B200CCDEBC7EBD8EF5D783819386 ] LMS C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe
08:47:29.0719 6140 LMS - ok
08:47:29.0735 6140 [ 1A93E54EB0ECE102495A51266DCDB6A6 ] LSI_FC C:\Windows\system32\drivers\lsi_fc.sys
08:47:29.0736 6140 LSI_FC - ok
08:47:29.0761 6140 [ 1047184A9FDC8BDBFF857175875EE810 ] LSI_SAS C:\Windows\system32\drivers\lsi_sas.sys
08:47:29.0763 6140 LSI_SAS - ok
08:47:29.0771 6140 [ 30F5C0DE1EE8B5BC9306C1F0E4A75F93 ] LSI_SAS2 C:\Windows\system32\drivers\lsi_sas2.sys
08:47:29.0772 6140 LSI_SAS2 - ok
08:47:29.0790 6140 [ 0504EACAFF0D3C8AED161C4B0D369D4A ] LSI_SCSI C:\Windows\system32\drivers\lsi_scsi.sys
08:47:29.0792 6140 LSI_SCSI - ok
08:47:29.0802 6140 [ 43D0F98E1D56CCDDB0D5254CFF7B356E ] luafv C:\Windows\system32\drivers\luafv.sys
08:47:29.0803 6140 luafv - ok
08:47:29.0824 6140 [ 29C733E1DE824670DC9315CFC9BDBCD3 ] LUsbFilt C:\Windows\system32\Drivers\LUsbFilt.Sys
08:47:29.0825 6140 LUsbFilt - ok
08:47:29.0848 6140 [ 0C85B2B6FB74B36A251792D45E0EF860 ] LVRS64 C:\Windows\system32\DRIVERS\lvrs64.sys
08:47:29.0850 6140 LVRS64 - ok
08:47:29.0910 6140 [ FF3A488924B0032B1A9CA6948C1FA9E8 ] LVUVC64 C:\Windows\system32\DRIVERS\lvuvc64.sys
08:47:29.0929 6140 LVUVC64 - ok
08:47:29.0999 6140 [ A8FE8F2783B2929B56F5370A89356CE9 ] MBAMProtector C:\Windows\system32\drivers\mbam.sys
08:47:30.0000 6140 MBAMProtector - ok
08:47:30.0040 6140 [ 85B16A92B117A5A800032ECD904B86DB ] MBAMScheduler C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe
08:47:30.0043 6140 MBAMScheduler - ok
08:47:30.0062 6140 [ 20E2469DB709FC675E655CEAA11BE312 ] MBAMService C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe
08:47:30.0064 6140 MBAMService - ok
08:47:30.0081 6140 [ 0BE09CD858ABF9DF6ED259D57A1A1663 ] Mcx2Svc C:\Windows\system32\Mcx2Svc.dll
08:47:30.0083 6140 Mcx2Svc - ok
08:47:30.0091 6140 [ A55805F747C6EDB6A9080D7C633BD0F4 ] megasas C:\Windows\system32\drivers\megasas.sys
08:47:30.0093 6140 megasas - ok
08:47:30.0119 6140 [ BAF74CE0072480C3B6B7C13B2A94D6B3 ] MegaSR C:\Windows\system32\drivers\MegaSR.sys
08:47:30.0121 6140 MegaSR - ok
08:47:30.0139 6140 [ 6B01B7414A105B9E51652089A03027CF ] MEIx64 C:\Windows\system32\DRIVERS\HECIx64.sys
08:47:30.0140 6140 MEIx64 - ok
08:47:30.0152 6140 [ E40E80D0304A73E8D269F7141D77250B ] MMCSS C:\Windows\system32\mmcss.dll
08:47:30.0154 6140 MMCSS - ok
08:47:30.0165 6140 [ 800BA92F7010378B09F9ED9270F07137 ] Modem C:\Windows\system32\drivers\modem.sys
08:47:30.0167 6140 Modem - ok
08:47:30.0172 6140 [ B03D591DC7DA45ECE20B3B467E6AADAA ] monitor C:\Windows\system32\DRIVERS\monitor.sys
08:47:30.0172 6140 monitor - ok
08:47:30.0181 6140 [ 7D27EA49F3C1F687D357E77A470AEA99 ] mouclass C:\Windows\system32\DRIVERS\mouclass.sys
08:47:30.0181 6140 mouclass - ok
08:47:30.0187 6140 [ D3BF052C40B0C4166D9FD86A4288C1E6 ] mouhid C:\Windows\system32\DRIVERS\mouhid.sys
08:47:30.0188 6140 mouhid - ok
08:47:30.0215 6140 [ 32E7A3D591D671A6DF2DB515A5CBE0FA ] mountmgr C:\Windows\system32\drivers\mountmgr.sys
08:47:30.0217 6140 mountmgr - ok
08:47:30.0261 6140 [ 313265CF4F5F02ED927774DA1DB3FE00 ] MozillaMaintenance C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe
08:47:30.0264 6140 MozillaMaintenance - ok
08:47:30.0267 6140 [ A44B420D30BD56E145D6A2BC8768EC58 ] mpio C:\Windows\system32\drivers\mpio.sys
08:47:30.0269 6140 mpio - ok
08:47:30.0279 6140 [ 6C38C9E45AE0EA2FA5E551F2ED5E978F ] mpsdrv C:\Windows\system32\drivers\mpsdrv.sys
08:47:30.0280 6140 mpsdrv - ok
08:47:30.0296 6140 [ 54FFC9C8898113ACE189D4AA7199D2C1 ] MpsSvc C:\Windows\system32\mpssvc.dll
08:47:30.0302 6140 MpsSvc - ok
08:47:30.0305 6140 [ DC722758B8261E1ABAFD31A3C0A66380 ] MRxDAV C:\Windows\system32\drivers\mrxdav.sys
08:47:30.0307 6140 MRxDAV - ok
08:47:30.0317 6140 [ A5D9106A73DC88564C825D317CAC68AC ] mrxsmb C:\Windows\system32\DRIVERS\mrxsmb.sys
08:47:30.0318 6140 mrxsmb - ok
08:47:30.0322 6140 [ D711B3C1D5F42C0C2415687BE09FC163 ] mrxsmb10 C:\Windows\system32\DRIVERS\mrxsmb10.sys
08:47:30.0324 6140 mrxsmb10 - ok
08:47:30.0335 6140 [ 9423E9D355C8D303E76B8CFBD8A5C30C ] mrxsmb20 C:\Windows\system32\DRIVERS\mrxsmb20.sys
08:47:30.0337 6140 mrxsmb20 - ok
08:47:30.0343 6140 [ C25F0BAFA182CBCA2DD3C851C2E75796 ] msahci C:\Windows\system32\drivers\msahci.sys
08:47:30.0343 6140 msahci - ok
08:47:30.0346 6140 [ DB801A638D011B9633829EB6F663C900 ] msdsm C:\Windows\system32\drivers\msdsm.sys
08:47:30.0348 6140 msdsm - ok
08:47:30.0360 6140 [ DE0ECE52236CFA3ED2DBFC03F28253A8 ] MSDTC C:\Windows\System32\msdtc.exe
08:47:30.0362 6140 MSDTC - ok
08:47:30.0375 6140 [ AA3FB40E17CE1388FA1BEDAB50EA8F96 ] Msfs C:\Windows\system32\drivers\Msfs.sys
08:47:30.0377 6140 Msfs - ok
08:47:30.0379 6140 [ F9D215A46A8B9753F61767FA72A20326 ] mshidkmdf C:\Windows\System32\drivers\mshidkmdf.sys
08:47:30.0379 6140 mshidkmdf - ok
08:47:30.0391 6140 [ D916874BBD4F8B07BFB7FA9B3CCAE29D ] msisadrv C:\Windows\system32\drivers\msisadrv.sys
08:47:30.0391 6140 msisadrv - ok
08:47:30.0403 6140 [ 808E98FF49B155C522E6400953177B08 ] MSiSCSI C:\Windows\system32\iscsiexe.dll
08:47:30.0406 6140 MSiSCSI - ok
08:47:30.0408 6140 msiserver - ok
08:47:30.0418 6140 [ 49CCF2C4FEA34FFAD8B1B59D49439366 ] MSKSSRV C:\Windows\system32\drivers\MSKSSRV.sys
08:47:30.0419 6140 MSKSSRV - ok
08:47:30.0425 6140 [ BDD71ACE35A232104DDD349EE70E1AB3 ] MSPCLOCK C:\Windows\system32\drivers\MSPCLOCK.sys
08:47:30.0426 6140 MSPCLOCK - ok
08:47:30.0436 6140 [ 4ED981241DB27C3383D72092B618A1D0 ] MSPQM C:\Windows\system32\drivers\MSPQM.sys
08:47:30.0437 6140 MSPQM - ok
08:47:30.0442 6140 [ 759A9EEB0FA9ED79DA1FB7D4EF78866D ] MsRPC C:\Windows\system32\drivers\MsRPC.sys
08:47:30.0445 6140 MsRPC - ok
08:47:30.0454 6140 [ 0EED230E37515A0EAEE3C2E1BC97B288 ] mssmbios C:\Windows\system32\drivers\mssmbios.sys
08:47:30.0454 6140 mssmbios - ok
08:47:30.0462 6140 [ 2E66F9ECB30B4221A318C92AC2250779 ] MSTEE C:\Windows\system32\drivers\MSTEE.sys
08:47:30.0463 6140 MSTEE - ok
08:47:30.0473 6140 [ 7EA404308934E675BFFDE8EDF0757BCD ] MTConfig C:\Windows\system32\drivers\MTConfig.sys
08:47:30.0474 6140 MTConfig - ok
08:47:30.0485 6140 [ F9A18612FD3526FE473C1BDA678D61C8 ] Mup C:\Windows\system32\Drivers\mup.sys
08:47:30.0485 6140 Mup - ok
08:47:30.0496 6140 [ 582AC6D9873E31DFA28A4547270862DD ] napagent C:\Windows\system32\qagentRT.dll
08:47:30.0499 6140 napagent - ok
08:47:30.0516 6140 [ 1EA3749C4114DB3E3161156FFFFA6B33 ] NativeWifiP C:\Windows\system32\DRIVERS\nwifi.sys
08:47:30.0518 6140 NativeWifiP - ok
08:47:30.0575 6140 [ 13AA2130F2A104DD775EAD0F0EE5417B ] NAUpdate C:\Program Files (x86)\Nero\Update\NASvc.exe
08:47:30.0578 6140 NAUpdate - ok
08:47:30.0619 6140 [ 760E38053BF56E501D562B70AD796B88 ] NDIS C:\Windows\system32\drivers\ndis.sys
08:47:30.0625 6140 NDIS - ok
08:47:30.0636 6140 [ 9F9A1F53AAD7DA4D6FEF5BB73AB811AC ] NdisCap C:\Windows\system32\DRIVERS\ndiscap.sys
08:47:30.0637 6140 NdisCap - ok
08:47:30.0656 6140 [ 30639C932D9FEF22B31268FE25A1B6E5 ] NdisTapi C:\Windows\system32\DRIVERS\ndistapi.sys
08:47:30.0657 6140 NdisTapi - ok
08:47:30.0677 6140 [ 136185F9FB2CC61E573E676AA5402356 ] Ndisuio C:\Windows\system32\DRIVERS\ndisuio.sys
08:47:30.0678 6140 Ndisuio - ok
08:47:30.0682 6140 [ 53F7305169863F0A2BDDC49E116C2E11 ] NdisWan C:\Windows\system32\DRIVERS\ndiswan.sys
08:47:30.0683 6140 NdisWan - ok
08:47:30.0690 6140 [ 015C0D8E0E0421B4CFD48CFFE2825879 ] NDProxy C:\Windows\system32\drivers\NDProxy.sys
08:47:30.0692 6140 NDProxy - ok
08:47:30.0702 6140 [ 86743D9F5D2B1048062B14B1D84501C4 ] NetBIOS C:\Windows\system32\DRIVERS\netbios.sys
08:47:30.0704 6140 NetBIOS - ok
08:47:30.0711 6140 [ 09594D1089C523423B32A4229263F068 ] NetBT C:\Windows\system32\DRIVERS\netbt.sys
08:47:30.0713 6140 NetBT - ok
08:47:30.0722 6140 [ C118A82CD78818C29AB228366EBF81C3 ] Netlogon C:\Windows\system32\lsass.exe
08:47:30.0723 6140 Netlogon - ok
08:47:30.0746 6140 [ 847D3AE376C0817161A14A82C8922A9E ] Netman C:\Windows\System32\netman.dll
08:47:30.0749 6140 Netman - ok
08:47:30.0760 6140 [ 5F28111C648F1E24F7DBC87CDEB091B8 ] netprofm C:\Windows\System32\netprofm.dll
08:47:30.0764 6140 netprofm - ok
08:47:30.0795 6140 [ 5758FD37BF31E759F8610311E4D08ECA ] netr28x C:\Windows\system32\DRIVERS\netr28x.sys
08:47:30.0812 6140 netr28x - ok
08:47:30.0827 6140 [ 3E5A36127E201DDF663176B66828FAFE ] NetTcpPortSharing C:\Windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\SMSvcHost.exe
08:47:30.0829 6140 NetTcpPortSharing - ok
08:47:30.0840 6140 [ 77889813BE4D166CDAB78DDBA990DA92 ] nfrd960 C:\Windows\system32\drivers\nfrd960.sys
08:47:30.0842 6140 nfrd960 - ok
08:47:30.0871 6140 [ 8AD77806D336673F270DB31645267293 ] NlaSvc C:\Windows\System32\nlasvc.dll
08:47:30.0874 6140 NlaSvc - ok
08:47:30.0876 6140 [ 1E4C4AB5C9B8DD13179BBDC75A2A01F7 ] Npfs C:\Windows\system32\drivers\Npfs.sys
08:47:30.0877 6140 Npfs - ok
08:47:30.0888 6140 [ D54BFDF3E0C953F823B3D0BFE4732528 ] nsi C:\Windows\system32\nsisvc.dll
08:47:30.0891 6140 nsi - ok
08:47:30.0893 6140 [ E7F5AE18AF4168178A642A9247C63001 ] nsiproxy C:\Windows\system32\drivers\nsiproxy.sys
08:47:30.0893 6140 nsiproxy - ok
08:47:30.0935 6140 [ E453ACF4E7D44E5530B5D5F2B9CA8563 ] Ntfs C:\Windows\system32\drivers\Ntfs.sys
08:47:30.0952 6140 Ntfs - ok
08:47:30.0959 6140 [ 9899284589F75FA8724FF3D16AED75C1 ] Null C:\Windows\system32\drivers\Null.sys
08:47:30.0961 6140 Null - ok
08:47:30.0983 6140 [ 0A92CB65770442ED0DC44834632F66AD ] nvraid C:\Windows\system32\drivers\nvraid.sys
08:47:30.0984 6140 nvraid - ok
08:47:30.0994 6140 [ DAB0E87525C10052BF65F06152F37E4A ] nvstor C:\Windows\system32\drivers\nvstor.sys
08:47:30.0996 6140 nvstor - ok
08:47:30.0999 6140 [ 270D7CD42D6E3979F6DD0146650F0E05 ] nv_agp C:\Windows\system32\drivers\nv_agp.sys
08:47:31.0000 6140 nv_agp - ok
08:47:31.0006 6140 [ 3589478E4B22CE21B41FA1BFC0B8B8A0 ] ohci1394 C:\Windows\system32\drivers\ohci1394.sys
08:47:31.0007 6140 ohci1394 - ok
08:47:31.0038 6140 [ 9D10F99A6712E28F8ACD5641E3A7EA6B ] ose C:\Program Files (x86)\Common Files\Microsoft Shared\Source Engine\OSE.EXE
08:47:31.0040 6140 ose - ok
08:47:31.0106 6140 [ 61BFFB5F57AD12F83AB64B7181829B34 ] osppsvc C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE
08:47:31.0125 6140 osppsvc - ok
08:47:31.0152 6140 [ 3EAC4455472CC2C97107B5291E0DCAFE ] p2pimsvc C:\Windows\system32\pnrpsvc.dll
08:47:31.0155 6140 p2pimsvc - ok
08:47:31.0167 6140 [ 927463ECB02179F88E4B9A17568C63C3 ] p2psvc C:\Windows\system32\p2psvc.dll
08:47:31.0170 6140 p2psvc - ok
08:47:31.0174 6140 [ 0086431C29C35BE1DBC43F52CC273887 ] Parport C:\Windows\system32\drivers\parport.sys
08:47:31.0175 6140 Parport - ok
08:47:31.0185 6140 [ E9766131EEADE40A27DC27D2D68FBA9C ] partmgr C:\Windows\system32\drivers\partmgr.sys
08:47:31.0187 6140 partmgr - ok
08:47:31.0194 6140 [ 3AEAA8B561E63452C655DC0584922257 ] PcaSvc C:\Windows\System32\pcasvc.dll
08:47:31.0196 6140 PcaSvc - ok
08:47:31.0208 6140 [ 94575C0571D1462A0F70BDE6BD6EE6B3 ] pci C:\Windows\system32\drivers\pci.sys
08:47:31.0210 6140 pci - ok
08:47:31.0226 6140 [ B5B8B5EF2E5CB34DF8DCF8831E3534FA ] pciide C:\Windows\system32\drivers\pciide.sys
08:47:31.0228 6140 pciide - ok
08:47:31.0232 6140 [ B2E81D4E87CE48589F98CB8C05B01F2F ] pcmcia C:\Windows\system32\drivers\pcmcia.sys
08:47:31.0234 6140 pcmcia - ok
08:47:31.0241 6140 [ D6B9C2E1A11A3A4B26A182FFEF18F603 ] pcw C:\Windows\system32\drivers\pcw.sys
08:47:31.0242 6140 pcw - ok
08:47:31.0255 6140 [ 68769C3356B3BE5D1C732C97B9A80D6E ] PEAUTH C:\Windows\system32\drivers\peauth.sys
08:47:31.0264 6140 PEAUTH - ok
08:47:31.0314 6140 [ E495E408C93141E8FC72DC0C6046DDFA ] PerfHost C:\Windows\SysWow64\perfhost.exe
08:47:31.0316 6140 PerfHost - ok
08:47:31.0340 6140 [ C7CF6A6E137463219E1259E3F0F0DD6C ] pla C:\Windows\system32\pla.dll
08:47:31.0357 6140 pla - ok
08:47:31.0377 6140 [ 25FBDEF06C4D92815B353F6E792C8129 ] PlugPlay C:\Windows\system32\umpnpmgr.dll
08:47:31.0381 6140 PlugPlay - ok
08:47:31.0402 6140 [ A010F13D27C1033A8BE09D5FA9BF348B ] pneteth C:\Windows\system32\DRIVERS\pneteth.sys
08:47:31.0404 6140 pneteth - ok
08:47:31.0413 6140 [ 7195581CEC9BB7D12ABE54036ACC2E38 ] PNRPAutoReg C:\Windows\system32\pnrpauto.dll
08:47:31.0415 6140 PNRPAutoReg - ok
08:47:31.0434 6140 [ 3EAC4455472CC2C97107B5291E0DCAFE ] PNRPsvc C:\Windows\system32\pnrpsvc.dll
08:47:31.0436 6140 PNRPsvc - ok
08:47:31.0449 6140 [ 4F15D75ADF6156BF56ECED6D4A55C389 ] PolicyAgent C:\Windows\System32\ipsecsvc.dll
08:47:31.0452 6140 PolicyAgent - ok
08:47:31.0456 6140 [ 6BA9D927DDED70BD1A9CADED45F8B184 ] Power C:\Windows\system32\umpo.dll
08:47:31.0459 6140 Power - ok
08:47:31.0473 6140 [ F92A2C41117A11A00BE01CA01A7FCDE9 ] PptpMiniport C:\Windows\system32\DRIVERS\raspptp.sys
08:47:31.0475 6140 PptpMiniport - ok
08:47:31.0485 6140 [ 0D922E23C041EFB1C3FAC2A6F943C9BF ] Processor C:\Windows\system32\drivers\processr.sys
08:47:31.0487 6140 Processor - ok
08:47:31.0505 6140 [ 53E83F1F6CF9D62F32801CF66D8352A8 ] ProfSvc C:\Windows\system32\profsvc.dll
08:47:31.0507 6140 ProfSvc - ok
08:47:31.0514 6140 [ C118A82CD78818C29AB228366EBF81C3 ] ProtectedStorage C:\Windows\system32\lsass.exe
08:47:31.0515 6140 ProtectedStorage - ok
08:47:31.0532 6140 [ 0557CF5A2556BD58E26384169D72438D ] Psched C:\Windows\system32\DRIVERS\pacer.sys
08:47:31.0533 6140 Psched - ok
08:47:31.0560 6140 [ A53A15A11EBFD21077463EE2C7AFEEF0 ] ql2300 C:\Windows\system32\drivers\ql2300.sys
08:47:31.0577 6140 ql2300 - ok
08:47:31.0590 6140 [ 4F6D12B51DE1AAEFF7DC58C4D75423C8 ] ql40xx C:\Windows\system32\drivers\ql40xx.sys
08:47:31.0592 6140 ql40xx - ok
08:47:31.0608 6140 [ 906191634E99AEA92C4816150BDA3732 ] QWAVE C:\Windows\system32\qwave.dll
08:47:31.0610 6140 QWAVE - ok
08:47:31.0620 6140 [ 76707BB36430888D9CE9D705398ADB6C ] QWAVEdrv C:\Windows\system32\drivers\qwavedrv.sys
08:47:31.0622 6140 QWAVEdrv - ok
08:47:31.0630 6140 [ 5A0DA8AD5762FA2D91678A8A01311704 ] RasAcd C:\Windows\system32\DRIVERS\rasacd.sys
08:47:31.0632 6140 RasAcd - ok
08:47:31.0657 6140 [ 7ECFF9B22276B73F43A99A15A6094E90 ] RasAgileVpn C:\Windows\system32\DRIVERS\AgileVpn.sys
08:47:31.0659 6140 RasAgileVpn - ok
08:47:31.0669 6140 [ 8F26510C5383B8DBE976DE1CD00FC8C7 ] RasAuto C:\Windows\System32\rasauto.dll
08:47:31.0671 6140 RasAuto - ok
08:47:31.0681 6140 [ 471815800AE33E6F1C32FB1B97C490CA ] Rasl2tp C:\Windows\system32\DRIVERS\rasl2tp.sys
08:47:31.0684 6140 Rasl2tp - ok
08:47:31.0698 6140 [ EE867A0870FC9E4972BA9EAAD35651E2 ] RasMan C:\Windows\System32\rasmans.dll
08:47:31.0701 6140 RasMan - ok
08:47:31.0711 6140 [ 855C9B1CD4756C5E9A2AA58A15F58C25 ] RasPppoe C:\Windows\system32\DRIVERS\raspppoe.sys
08:47:31.0713 6140 RasPppoe - ok
08:47:31.0724 6140 [ E8B1E447B008D07FF47D016C2B0EEECB ] RasSstp C:\Windows\system32\DRIVERS\rassstp.sys
08:47:31.0725 6140 RasSstp - ok
08:47:31.0730 6140 [ 77F665941019A1594D887A74F301FA2F ] rdbss C:\Windows\system32\DRIVERS\rdbss.sys
08:47:31.0733 6140 rdbss - ok
08:47:31.0746 6140 [ 302DA2A0539F2CF54D7C6CC30C1F2D8D ] rdpbus C:\Windows\system32\drivers\rdpbus.sys
08:47:31.0747 6140 rdpbus - ok
08:47:31.0764 6140 [ CEA6CC257FC9B7715F1C2B4849286D24 ] RDPCDD C:\Windows\system32\DRIVERS\RDPCDD.sys
08:47:31.0765 6140 RDPCDD - ok
08:47:31.0769 6140 [ BB5971A4F00659529A5C44831AF22365 ] RDPENCDD C:\Windows\system32\drivers\rdpencdd.sys
08:47:31.0769 6140 RDPENCDD - ok
08:47:31.0788 6140 [ 216F3FA57533D98E1F74DED70113177A ] RDPREFMP C:\Windows\system32\drivers\rdprefmp.sys
08:47:31.0789 6140 RDPREFMP - ok
08:47:31.0802 6140 [ E61608AA35E98999AF9AAEEEA6114B0A ] RDPWD C:\Windows\system32\drivers\RDPWD.sys
08:47:31.0804 6140 RDPWD - ok
08:47:31.0818 6140 [ 34ED295FA0121C241BFEF24764FC4520 ] rdyboost C:\Windows\system32\drivers\rdyboost.sys
08:47:31.0819 6140 rdyboost - ok
08:47:31.0828 6140 [ 254FB7A22D74E5511C73A3F6D802F192 ] RemoteAccess C:\Windows\System32\mprdim.dll
08:47:31.0830 6140 RemoteAccess - ok
08:47:31.0834 6140 [ E4D94F24081440B5FC5AA556C7C62702 ] RemoteRegistry C:\Windows\system32\regsvc.dll
08:47:31.0836 6140 RemoteRegistry - ok
08:47:31.0845 6140 [ E4DC58CF7B3EA515AE917FF0D402A7BB ] RpcEptMapper C:\Windows\System32\RpcEpMap.dll
08:47:31.0848 6140 RpcEptMapper - ok
08:47:31.0853 6140 [ D5BA242D4CF8E384DB90E6A8ED850B8C ] RpcLocator C:\Windows\system32\locator.exe
08:47:31.0855 6140 RpcLocator - ok
08:47:31.0872 6140 [ 5C627D1B1138676C0A7AB2C2C190D123 ] RpcSs C:\Windows\system32\rpcss.dll
08:47:31.0875 6140 RpcSs - ok
08:47:31.0884 6140 [ DDC86E4F8E7456261E637E3552E804FF ] rspndr C:\Windows\system32\DRIVERS\rspndr.sys
08:47:31.0886 6140 rspndr - ok
08:47:31.0888 6140 [ C118A82CD78818C29AB228366EBF81C3 ] SamSs C:\Windows\system32\lsass.exe
08:47:31.0889 6140 SamSs - ok
08:47:31.0959 6140 [ 99FC1599F89A80216E41175B8CA44D89 ] SBAMSvc C:\Program Files (x86)\GFI Software\VIPRE\SBAMSvc.exe
08:47:31.0973 6140 SBAMSvc - ok
08:47:32.0009 6140 [ 8F19D62B04081C0BFF1E8D6F26220A28 ] sbapifs C:\Windows\system32\DRIVERS\sbapifs.sys
08:47:32.0010 6140 sbapifs - ok
08:47:32.0084 6140 [ D8E08D2D24E777894744B657EA78796A ] SbFw C:\Windows\system32\drivers\SbFw.sys
08:47:32.0085 6140 SbFw - ok
08:47:32.0129 6140 [ 032CBD1D453D3BD4B38DE06AC4F8B8B4 ] SBFWIMCL C:\Windows\system32\DRIVERS\sbfwim.sys
08:47:32.0130 6140 SBFWIMCL - ok
08:47:32.0136 6140 [ 032CBD1D453D3BD4B38DE06AC4F8B8B4 ] SBFWIMCLMP C:\Windows\system32\DRIVERS\SBFWIM.sys
08:47:32.0137 6140 SBFWIMCLMP - ok
08:47:32.0193 6140 [ 1490E7C7A22329BE5641D4C2E16B868E ] SbHips C:\Windows\system32\drivers\sbhips.sys
08:47:32.0194 6140 SbHips - ok
08:47:32.0202 6140 [ AC03AF3329579FFFB455AA2DAABBE22B ] sbp2port C:\Windows\system32\drivers\sbp2port.sys
08:47:32.0204 6140 sbp2port - ok
08:47:32.0225 6140 [ 5314272972576D925A54CABAFD1E7FBF ] SBPIMSvc C:\Program Files (x86)\GFI Software\VIPRE\SBPIMSvc.exe
08:47:32.0227 6140 SBPIMSvc - ok
08:47:32.0267 6140 [ 051C35F5FF516398FFC806979C709A2F ] sbwtis C:\Windows\system32\DRIVERS\sbwtis.sys
08:47:32.0268 6140 sbwtis - ok
08:47:32.0280 6140 [ 9B7395789E3791A3B6D000FE6F8B131E ] SCardSvr C:\Windows\System32\SCardSvr.dll
08:47:32.0283 6140 SCardSvr - ok
08:47:32.0294 6140 [ 253F38D0D7074C02FF8DEB9836C97D2B ] scfilter C:\Windows\system32\DRIVERS\scfilter.sys
08:47:32.0296 6140 scfilter - ok
08:47:32.0310 6140 [ 262F6592C3299C005FD6BEC90FC4463A ] Schedule C:\Windows\system32\schedsvc.dll
08:47:32.0327 6140 Schedule - ok
08:47:32.0334 6140 [ F17D1D393BBC69C5322FBFAFACA28C7F ] SCPolicySvc C:\Windows\System32\certprop.dll
08:47:32.0335 6140 SCPolicySvc - ok
08:47:32.0343 6140 [ 6EA4234DC55346E0709560FE7C2C1972 ] SDRSVC C:\Windows\System32\SDRSVC.dll
08:47:32.0345 6140 SDRSVC - ok
08:47:32.0351 6140 [ 3EA8A16169C26AFBEB544E0E48421186 ] secdrv C:\Windows\system32\drivers\secdrv.sys
08:47:32.0352 6140 secdrv - ok
08:47:32.0364 6140 [ BC617A4E1B4FA8DF523A061739A0BD87 ] seclogon C:\Windows\system32\seclogon.dll
08:47:32.0365 6140 seclogon - ok
08:47:32.0388 6140 [ C32AB8FA018EF34C0F113BD501436D21 ] SENS C:\Windows\system32\sens.dll
08:47:32.0390 6140 SENS - ok
08:47:32.0406 6140 [ 0336CFFAFAAB87A11541F1CF1594B2B2 ] SensrSvc C:\Windows\system32\sensrsvc.dll
08:47:32.0409 6140 SensrSvc - ok
08:47:32.0422 6140 [ CB624C0035412AF0DEBEC78C41F5CA1B ] Serenum C:\Windows\system32\drivers\serenum.sys
08:47:32.0424 6140 Serenum - ok
08:47:32.0448 6140 [ C1D8E28B2C2ADFAEC4BA89E9FDA69BD6 ] Serial C:\Windows\system32\drivers\serial.sys
08:47:32.0450 6140 Serial - ok
08:47:32.0461 6140 [ 1C545A7D0691CC4A027396535691C3E3 ] sermouse C:\Windows\system32\drivers\sermouse.sys
08:47:32.0463 6140 sermouse - ok
08:47:32.0478 6140 [ 0B6231BF38174A1628C4AC812CC75804 ] SessionEnv C:\Windows\system32\sessenv.dll
08:47:32.0481 6140 SessionEnv - ok
08:47:32.0490 6140 [ A554811BCD09279536440C964AE35BBF ] sffdisk C:\Windows\system32\drivers\sffdisk.sys
08:47:32.0491 6140 sffdisk - ok
08:47:32.0504 6140 [ FF414F0BAEFEBA59BC6C04B3DB0B87BF ] sffp_mmc C:\Windows\system32\drivers\sffp_mmc.sys
08:47:32.0506 6140 sffp_mmc - ok
08:47:32.0515 6140 [ DD85B78243A19B59F0637DCF284DA63C ] sffp_sd C:\Windows\system32\drivers\sffp_sd.sys
08:47:32.0517 6140 sffp_sd - ok
08:47:32.0528 6140 [ A9D601643A1647211A1EE2EC4E433FF4 ] sfloppy C:\Windows\system32\drivers\sfloppy.sys
08:47:32.0530 6140 sfloppy - ok
08:47:32.0558 6140 [ C6CC9297BD53E5229653303E556AA539 ] Sftfs C:\Windows\system32\DRIVERS\Sftfslh.sys
08:47:32.0561 6140 Sftfs - ok
08:47:32.0587 6140 [ 13693B6354DD6E72DC5131DA7D764B90 ] sftlist C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe
08:47:32.0590 6140 sftlist - ok
08:47:32.0601 6140 [ 390AA7BC52CEE43F6790CDEA1E776703 ] Sftplay C:\Windows\system32\DRIVERS\Sftplaylh.sys
08:47:32.0602 6140 Sftplay - ok
08:47:32.0613 6140 [ 617E29A0B0A2807466560D4C4E338D3E ] Sftredir C:\Windows\system32\DRIVERS\Sftredirlh.sys
08:47:32.0613 6140 Sftredir - ok
08:47:32.0625 6140 [ 8F571F016FA1976F445147E9E6C8AE9B ] Sftvol C:\Windows\system32\DRIVERS\Sftvollh.sys
08:47:32.0625 6140 Sftvol - ok
08:47:32.0631 6140 [ C3CDDD18F43D44AB713CF8C4916F7696 ] sftvsa C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe
08:47:32.0633 6140 sftvsa - ok
08:47:32.0659 6140 [ B95F6501A2F8B2E78C697FEC401970CE ] SharedAccess C:\Windows\System32\ipnathlp.dll
08:47:32.0662 6140 SharedAccess - ok
08:47:32.0678 6140 [ AAF932B4011D14052955D4B212A4DA8D ] ShellHWDetection C:\Windows\System32\shsvcs.dll
08:47:32.0681 6140 ShellHWDetection - ok
08:47:32.0697 6140 [ 843CAF1E5FDE1FFD5FF768F23A51E2E1 ] SiSRaid2 C:\Windows\system32\drivers\SiSRaid2.sys
08:47:32.0699 6140 SiSRaid2 - ok
08:47:32.0701 6140 [ 6A6C106D42E9FFFF8B9FCB4F754F6DA4 ] SiSRaid4 C:\Windows\system32\drivers\sisraid4.sys
08:47:32.0702 6140 SiSRaid4 - ok
08:47:32.0788 6140 [ 3740B83AEC21D981065D7E819BD7E878 ] Skype C2C Service C:\ProgramData\Skype\Toolbars\Skype C2C Service\c2c_service.exe
08:47:32.0839 6140 Skype C2C Service - ok
08:47:32.0878 6140 [ B866E8C5ED1DCBEA72285BA4107892C2 ] SkypeUpdate C:\Program Files (x86)\Skype\Updater\Updater.exe
08:47:32.0879 6140 SkypeUpdate - ok
08:47:32.0899 6140 [ 548260A7B8654E024DC30BF8A7C5BAA4 ] Smb C:\Windows\system32\DRIVERS\smb.sys
08:47:32.0901 6140 Smb - ok
08:47:32.0921 6140 [ 6313F223E817CC09AA41811DAA7F541D ] SNMPTRAP C:\Windows\System32\snmptrap.exe
08:47:32.0924 6140 SNMPTRAP - ok
08:47:32.0930 6140 [ B9E31E5CACDFE584F34F730A677803F9 ] spldr C:\Windows\system32\drivers\spldr.sys
08:47:32.0930 6140 spldr - ok
08:47:32.0951 6140 [ 85DAA09A98C9286D4EA2BA8D0E644377 ] Spooler C:\Windows\System32\spoolsv.exe
08:47:32.0956 6140 Spooler - ok
08:47:32.0996 6140 [ E17E0188BB90FAE42D83E98707EFA59C ] sppsvc C:\Windows\system32\sppsvc.exe
08:47:33.0031 6140 sppsvc - ok
08:47:33.0044 6140 [ 93D7D61317F3D4BC4F4E9F8A96A7DE45 ] sppuinotify C:\Windows\system32\sppuinotify.dll
08:47:33.0046 6140 sppuinotify - ok
08:47:33.0056 6140 [ 441FBA48BFF01FDB9D5969EBC1838F0B ] srv C:\Windows\system32\DRIVERS\srv.sys
08:47:33.0060 6140 srv - ok
08:47:33.0064 6140 [ B4ADEBBF5E3677CCE9651E0F01F7CC28 ] srv2 C:\Windows\system32\DRIVERS\srv2.sys
08:47:33.0067 6140 srv2 - ok
08:47:33.0073 6140 [ 27E461F0BE5BFF5FC737328F749538C3 ] srvnet C:\Windows\system32\DRIVERS\srvnet.sys
08:47:33.0074 6140 srvnet - ok
08:47:33.0099 6140 [ 51B52FBD583CDE8AA9BA62B8B4298F33 ] SSDPSRV C:\Windows\System32\ssdpsrv.dll
08:47:33.0101 6140 SSDPSRV - ok
08:47:33.0110 6140 [ AB7AEBF58DAD8DAAB7A6C45E6A8885CB ] SstpSvc C:\Windows\system32\sstpsvc.dll
08:47:33.0112 6140 SstpSvc - ok
08:47:33.0140 6140 [ 74425FFA11C133D045E1C3BE2EAD481D ] ssudmdm C:\Windows\system32\DRIVERS\ssudmdm.sys
08:47:33.0142 6140 ssudmdm - ok
08:47:33.0151 6140 [ F3817967ED533D08327DC73BC4D5542A ] stexstor C:\Windows\system32\drivers\stexstor.sys
08:47:33.0153 6140 stexstor - ok
08:47:33.0171 6140 [ 8DD52E8E6128F4B2DA92CE27402871C1 ] stisvc C:\Windows\System32\wiaservc.dll
08:47:33.0176 6140 stisvc - ok
08:47:33.0186 6140 [ D01EC09B6711A5F8E7E6564A4D0FBC90 ] swenum C:\Windows\system32\drivers\swenum.sys
08:47:33.0186 6140 swenum - ok
08:47:33.0199 6140 [ E08E46FDD841B7184194011CA1955A0B ] swprv C:\Windows\System32\swprv.dll
08:47:33.0203 6140 swprv - ok
08:47:33.0227 6140 [ BF9CCC0BF39B418C8D0AE8B05CF95B7D ] SysMain C:\Windows\system32\sysmain.dll
08:47:33.0253 6140 SysMain - ok
08:47:33.0262 6140 [ E3C61FD7B7C2557E1F1B0B4CEC713585 ] TabletInputService C:\Windows\System32\TabSvc.dll
08:47:33.0264 6140 TabletInputService - ok
08:47:33.0277 6140 [ 40F0849F65D13EE87B9A9AE3C1DD6823 ] TapiSrv C:\Windows\System32\tapisrv.dll
08:47:33.0280 6140 TapiSrv - ok
08:47:33.0289 6140 [ 1BE03AC720F4D302EA01D40F588162F6 ] TBS C:\Windows\System32\tbssvc.dll
08:47:33.0291 6140 TBS - ok
08:47:33.0337 6140 [ 37608401DFDB388CAF66917F6B2D6FB0 ] Tcpip C:\Windows\system32\drivers\tcpip.sys
08:47:33.0362 6140 Tcpip - ok
08:47:33.0387 6140 [ 37608401DFDB388CAF66917F6B2D6FB0 ] TCPIP6 C:\Windows\system32\DRIVERS\tcpip.sys
08:47:33.0394 6140 TCPIP6 - ok
08:47:33.0408 6140 [ 1B16D0BD9841794A6E0CDE0CEF744ABC ] tcpipreg C:\Windows\system32\drivers\tcpipreg.sys
08:47:33.0409 6140 tcpipreg - ok
08:47:33.0420 6140 [ 3371D21011695B16333A3934340C4E7C ] TDPIPE C:\Windows\system32\drivers\tdpipe.sys
08:47:33.0421 6140 TDPIPE - ok
08:47:33.0439 6140 [ 51C5ECEB1CDEE2468A1748BE550CFBC8 ] TDTCP C:\Windows\system32\drivers\tdtcp.sys
08:47:33.0441 6140 TDTCP - ok
08:47:33.0459 6140 [ DDAD5A7AB24D8B65F8D724F5C20FD806 ] tdx C:\Windows\system32\DRIVERS\tdx.sys
08:47:33.0461 6140 tdx - ok
08:47:33.0472 6140 [ 561E7E1F06895D78DE991E01DD0FB6E5 ] TermDD C:\Windows\system32\drivers\termdd.sys
08:47:33.0472 6140 TermDD - ok
08:47:33.0490 6140 [ 2E648163254233755035B46DD7B89123 ] TermService C:\Windows\System32\termsrv.dll
08:47:33.0495 6140 TermService - ok
08:47:33.0505 6140 [ F0344071948D1A1FA732231785A0664C ] Themes C:\Windows\system32\themeservice.dll
08:47:33.0508 6140 Themes - ok
08:47:33.0519 6140 [ E40E80D0304A73E8D269F7141D77250B ] THREADORDER C:\Windows\system32\mmcss.dll
08:47:33.0520 6140 THREADORDER - ok
08:47:33.0532 6140 [ 7E7AFD841694F6AC397E99D75CEAD49D ] TrkWks C:\Windows\System32\trkwks.dll
08:47:33.0535 6140 TrkWks - ok
08:47:33.0567 6140 [ 773212B2AAA24C1E31F10246B15B276C ] TrustedInstaller C:\Windows\servicing\TrustedInstaller.exe
08:47:33.0568 6140 TrustedInstaller - ok
08:47:33.0574 6140 [ CE18B2CDFC837C99E5FAE9CA6CBA5D30 ] tssecsrv C:\Windows\system32\DRIVERS\tssecsrv.sys
08:47:33.0575 6140 tssecsrv - ok
08:47:33.0588 6140 [ D11C783E3EF9A3C52C0EBE83CC5000E9 ] TsUsbFlt C:\Windows\system32\drivers\tsusbflt.sys
08:47:33.0590 6140 TsUsbFlt - ok
08:47:33.0595 6140 [ 9CC2CCAE8A84820EAECB886D477CBCB8 ] TsUsbGD C:\Windows\system32\drivers\TsUsbGD.sys
08:47:33.0597 6140 TsUsbGD - ok
08:47:33.0616 6140 [ 3566A8DAAFA27AF944F5D705EAA64894 ] tunnel C:\Windows\system32\DRIVERS\tunnel.sys
08:47:33.0618 6140 tunnel - ok
08:47:33.0627 6140 [ B4DD609BD7E282BFC683CEC7EAAAAD67 ] uagp35 C:\Windows\system32\drivers\uagp35.sys
08:47:33.0629 6140 uagp35 - ok
08:47:33.0647 6140 [ FF4232A1A64012BAA1FD97C7B67DF593 ] udfs C:\Windows\system32\DRIVERS\udfs.sys
08:47:33.0649 6140 udfs - ok
08:47:33.0659 6140 [ 3CBDEC8D06B9968ABA702EBA076364A1 ] UI0Detect C:\Windows\system32\UI0Detect.exe
08:47:33.0662 6140 UI0Detect - ok
08:47:33.0676 6140 [ 4BFE1BC28391222894CBF1E7D0E42320 ] uliagpkx C:\Windows\system32\drivers\uliagpkx.sys
08:47:33.0678 6140 uliagpkx - ok
08:47:33.0692 6140 [ DC54A574663A895C8763AF0FA1FF7561 ] umbus C:\Windows\system32\DRIVERS\umbus.sys
08:47:33.0694 6140 umbus - ok
08:47:33.0702 6140 [ B2E8E8CB557B156DA5493BBDDCC1474D ] UmPass C:\Windows\system32\drivers\umpass.sys
08:47:33.0704 6140 UmPass - ok
08:47:33.0756 6140 [ 67A95B9D129ED5399E7965CD09CF30E7 ] UMVPFSrv C:\Program Files (x86)\Common Files\logishrd\LVMVFM\UMVPFSrv.exe
08:47:33.0759 6140 UMVPFSrv - ok
08:47:33.0837 6140 [ 6617E7CC9DC6729A11BFF54C47CEA7D0 ] UNS C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe
08:47:33.0839 6140 UNS - ok
08:47:33.0850 6140 [ D47EC6A8E81633DD18D2436B19BAF6DE ] upnphost C:\Windows\System32\upnphost.dll
08:47:33.0853 6140 upnphost - ok
08:47:33.0877 6140 [ 82E8F44688E6FAC57B5B7C6FC7ADBC2A ] usbaudio C:\Windows\system32\drivers\usbaudio.sys
08:47:33.0878 6140 usbaudio - ok
08:47:33.0886 6140 [ 6F1A3157A1C89435352CEB543CDB359C ] usbccgp C:\Windows\system32\DRIVERS\usbccgp.sys
08:47:33.0888 6140 usbccgp - ok
08:47:33.0903 6140 [ AF0892A803FDDA7492F595368E3B68E7 ] usbcir C:\Windows\system32\drivers\usbcir.sys
08:47:33.0905 6140 usbcir - ok
08:47:33.0919 6140 [ C025055FE7B87701EB042095DF1A2D7B ] usbehci C:\Windows\system32\DRIVERS\usbehci.sys
08:47:33.0920 6140 usbehci - ok
08:47:33.0932 6140 [ 287C6C9410B111B68B52CA298F7B8C24 ] usbhub C:\Windows\system32\DRIVERS\usbhub.sys
08:47:33.0934 6140 usbhub - ok
08:47:33.0946 6140 [ 9840FC418B4CBD632D3D0A667A725C31 ] usbohci C:\Windows\system32\drivers\usbohci.sys
08:47:33.0948 6140 usbohci - ok
08:47:33.0960 6140 [ 73188F58FB384E75C4063D29413CEE3D ] usbprint C:\Windows\system32\DRIVERS\usbprint.sys
08:47:33.0962 6140 usbprint - ok
08:47:33.0977 6140 [ AAA2513C8AED8B54B189FD0C6B1634C0 ] usbscan C:\Windows\system32\DRIVERS\usbscan.sys
08:47:33.0979 6140 usbscan - ok
08:47:33.0983 6140 [ FED648B01349A3C8395A5169DB5FB7D6 ] USBSTOR C:\Windows\system32\DRIVERS\USBSTOR.SYS
08:47:33.0992 6140 USBSTOR - ok
08:47:33.0999 6140 [ 62069A34518BCF9C1FD9E74B3F6DB7CD ] usbuhci C:\Windows\system32\drivers\usbuhci.sys
08:47:34.0000 6140 usbuhci - ok
08:47:34.0016 6140 [ 454800C2BC7F3927CE030141EE4F4C50 ] usbvideo C:\Windows\system32\Drivers\usbvideo.sys
08:47:34.0018 6140 usbvideo - ok
08:47:34.0031 6140 [ EDBB23CBCF2CDF727D64FF9B51A6070E ] UxSms C:\Windows\System32\uxsms.dll
08:47:34.0034 6140 UxSms - ok
08:47:34.0039 6140 [ C118A82CD78818C29AB228366EBF81C3 ] VaultSvc C:\Windows\system32\lsass.exe
08:47:34.0040 6140 VaultSvc - ok
08:47:34.0048 6140 [ C5C876CCFC083FF3B128F933823E87BD ] vdrvroot C:\Windows\system32\drivers\vdrvroot.sys
08:47:34.0049 6140 vdrvroot - ok
08:47:34.0062 6140 [ 8D6B481601D01A456E75C3210F1830BE ] vds C:\Windows\System32\vds.exe
08:47:34.0066 6140 vds - ok
08:47:34.0090 6140 [ DA4DA3F5E02943C2DC8C6ED875DE68DD ] vga C:\Windows\system32\DRIVERS\vgapnp.sys
08:47:34.0091 6140 vga - ok
08:47:34.0103 6140 [ 53E92A310193CB3C03BEA963DE7D9CFC ] VgaSave C:\Windows\System32\drivers\vga.sys
08:47:34.0104 6140 VgaSave - ok
08:47:34.0119 6140 [ 2CE2DF28C83AEAF30084E1B1EB253CBB ] vhdmp C:\Windows\system32\drivers\vhdmp.sys
08:47:34.0121 6140 vhdmp - ok
08:47:34.0135 6140 [ E5689D93FFE4E5D66C0178761240DD54 ] viaide C:\Windows\system32\drivers\viaide.sys
08:47:34.0136 6140 viaide - ok
08:47:34.0145 6140 [ D2AAFD421940F640B407AEFAAEBD91B0 ] volmgr C:\Windows\system32\drivers\volmgr.sys
08:47:34.0146 6140 volmgr - ok
08:47:34.0154 6140 [ A255814907C89BE58B79EF2F189B843B ] volmgrx C:\Windows\system32\drivers\volmgrx.sys
08:47:34.0162 6140 volmgrx - ok
08:47:34.0167 6140 [ 0D08D2F3B3FF84E433346669B5E0F639 ] volsnap C:\Windows\system32\drivers\volsnap.sys
08:47:34.0169 6140 volsnap - ok
08:47:34.0184 6140 [ 5E2016EA6EBACA03C04FEAC5F330D997 ] vsmraid C:\Windows\system32\drivers\vsmraid.sys
08:47:34.0186 6140 vsmraid - ok
08:47:34.0212 6140 [ B60BA0BC31B0CB414593E169F6F21CC2 ] VSS C:\Windows\system32\vssvc.exe
08:47:34.0229 6140 VSS - ok
08:47:34.0237 6140 [ 36D4720B72B5C5D9CB2B9C29E9DF67A1 ] vwifibus C:\Windows\system32\DRIVERS\vwifibus.sys
08:47:34.0239 6140 vwifibus - ok
08:47:34.0250 6140 [ 6A3D66263414FF0D6FA754C646612F3F ] vwififlt C:\Windows\system32\DRIVERS\vwififlt.sys
08:47:34.0252 6140 vwififlt - ok
08:47:34.0271 6140 [ 1C9D80CC3849B3788048078C26486E1A ] W32Time C:\Windows\system32\w32time.dll
08:47:34.0274 6140 W32Time - ok
08:47:34.0289 6140 [ 4E9440F4F152A7B944CB1663D3935A3E ] WacomPen C:\Windows\system32\drivers\wacompen.sys
08:47:34.0291 6140 WacomPen - ok
08:47:34.0302 6140 [ 356AFD78A6ED4457169241AC3965230C ] WANARP C:\Windows\system32\DRIVERS\wanarp.sys
08:47:34.0304 6140 WANARP - ok
08:47:34.0310 6140 [ 356AFD78A6ED4457169241AC3965230C ] Wanarpv6 C:\Windows\system32\DRIVERS\wanarp.sys
08:47:34.0311 6140 Wanarpv6 - ok
08:47:34.0359 6140 [ 3CEC96DE223E49EAAE3651FCF8FAEA6C ] WatAdminSvc C:\Windows\system32\Wat\WatAdminSvc.exe
08:47:34.0376 6140 WatAdminSvc - ok
08:47:34.0402 6140 [ 78F4E7F5C56CB9716238EB57DA4B6A75 ] wbengine C:\Windows\system32\wbengine.exe
08:47:34.0420 6140 wbengine - ok
08:47:34.0434 6140 [ 3AA101E8EDAB2DB4131333F4325C76A3 ] WbioSrvc C:\Windows\System32\wbiosrvc.dll
08:47:34.0436 6140 WbioSrvc - ok
08:47:34.0449 6140 [ 7368A2AFD46E5A4481D1DE9D14848EDD ] wcncsvc C:\Windows\System32\wcncsvc.dll
08:47:34.0452 6140 wcncsvc - ok
08:47:34.0463 6140 [ 20F7441334B18CEE52027661DF4A6129 ] WcsPlugInService C:\Windows\System32\WcsPlugInService.dll
08:47:34.0466 6140 WcsPlugInService - ok
08:47:34.0478 6140 [ 72889E16FF12BA0F235467D6091B17DC ] Wd C:\Windows\system32\drivers\wd.sys
08:47:34.0481 6140 Wd - ok
08:47:34.0505 6140 [ 442783E2CB0DA19873B7A63833FF4CB4 ] Wdf01000 C:\Windows\system32\drivers\Wdf01000.sys
08:47:34.0510 6140 Wdf01000 - ok
08:47:34.0517 6140 [ BF1FC3F79B863C914687A737C2F3D681 ] WdiServiceHost C:\Windows\system32\wdi.dll
08:47:34.0519 6140 WdiServiceHost - ok
08:47:34.0521 6140 [ BF1FC3F79B863C914687A737C2F3D681 ] WdiSystemHost C:\Windows\system32\wdi.dll
08:47:34.0523 6140 WdiSystemHost - ok
08:47:34.0534 6140 [ 3DB6D04E1C64272F8B14EB8BC4616280 ] WebClient C:\Windows\System32\webclnt.dll
08:47:34.0537 6140 WebClient - ok
08:47:34.0551 6140 [ C749025A679C5103E575E3B48E092C43 ] Wecsvc C:\Windows\system32\wecsvc.dll
08:47:34.0554 6140 Wecsvc - ok
08:47:34.0565 6140 [ 7E591867422DC788B9E5BD337A669A08 ] wercplsupport C:\Windows\System32\wercplsupport.dll
08:47:34.0567 6140 wercplsupport - ok
08:47:34.0572 6140 [ 6D137963730144698CBD10F202E9F251 ] WerSvc C:\Windows\System32\WerSvc.dll
08:47:34.0574 6140 WerSvc - ok
08:47:34.0577 6140 [ 611B23304BF067451A9FDEE01FBDD725 ] WfpLwf C:\Windows\system32\DRIVERS\wfplwf.sys
08:47:34.0577 6140 WfpLwf - ok
08:47:34.0588 6140 [ 05ECAEC3E4529A7153B3136CEB49F0EC ] WIMMount C:\Windows\system32\drivers\wimmount.sys
08:47:34.0590 6140 WIMMount - ok
08:47:34.0592 6140 WinDefend - ok
08:47:34.0594 6140 WinHttpAutoProxySvc - ok
08:47:34.0635 6140 [ 19B07E7E8915D701225DA41CB3877306 ] Winmgmt C:\Windows\system32\wbem\WMIsvc.dll
08:47:34.0636 6140 Winmgmt - ok
08:47:34.0674 6140 [ BCB1310604AA415C4508708975B3931E ] WinRM C:\Windows\system32\WsmSvc.dll
08:47:34.0700 6140 WinRM - ok
08:47:34.0732 6140 [ FE88B288356E7B47B74B13372ADD906D ] WinUsb C:\Windows\system32\DRIVERS\WinUsb.sys
08:47:34.0734 6140 WinUsb - ok
08:47:34.0748 6140 [ 4FADA86E62F18A1B2F42BA18AE24E6AA ] Wlansvc C:\Windows\System32\wlansvc.dll
08:47:34.0754 6140 Wlansvc - ok
08:47:34.0818 6140 [ 06C8FA1CF39DE6A735B54D906BA791C6 ] wlcrasvc C:\Program Files\Windows Live\Mesh\wlcrasvc.exe
08:47:34.0820 6140 wlcrasvc - ok
08:47:34.0864 6140 [ 2BACD71123F42CEA603F4E205E1AE337 ] wlidsvc C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
08:47:34.0890 6140 wlidsvc - ok
08:47:34.0896 6140 [ F6FF8944478594D0E414D3F048F0D778 ] WmiAcpi C:\Windows\system32\drivers\wmiacpi.sys
08:47:34.0897 6140 WmiAcpi - ok
08:47:34.0909 6140 [ 38B84C94C5A8AF291ADFEA478AE54F93 ] wmiApSrv C:\Windows\system32\wbem\WmiApSrv.exe
08:47:34.0910 6140 wmiApSrv - ok
08:47:34.0923 6140 WMPNetworkSvc - ok
08:47:34.0926 6140 [ 96C6E7100D724C69FCF9E7BF590D1DCA ] WPCSvc C:\Windows\System32\wpcsvc.dll
08:47:34.0927 6140 WPCSvc - ok
08:47:34.0934 6140 [ 93221146D4EBBF314C29B23CD6CC391D ] WPDBusEnum C:\Windows\system32\wpdbusenum.dll
08:47:34.0937 6140 WPDBusEnum - ok
08:47:34.0945 6140 [ 6BCC1D7D2FD2453957C5479A32364E52 ] ws2ifsl C:\Windows\system32\drivers\ws2ifsl.sys
08:47:34.0947 6140 ws2ifsl - ok
08:47:34.0979 6140 [ E8B1FE6669397D1772D8196DF0E57A9E ] wscsvc C:\Windows\system32\wscsvc.dll
08:47:34.0982 6140 wscsvc - ok
08:47:34.0983 6140 WSearch - ok
08:47:35.0021 6140 [ D9EF901DCA379CFE914E9FA13B73B4C4 ] wuauserv C:\Windows\system32\wuaueng.dll
08:47:35.0047 6140 wuauserv - ok
08:47:35.0077 6140 [ AB886378EEB55C6C75B4F2D14B6C869F ] WudfPf C:\Windows\system32\drivers\WudfPf.sys
08:47:35.0078 6140 WudfPf - ok
08:47:35.0082 6140 [ DDA4CAF29D8C0A297F886BFE561E6659 ] WUDFRd C:\Windows\system32\DRIVERS\WUDFRd.sys
08:47:35.0084 6140 WUDFRd - ok
08:47:35.0094 6140 [ B20F051B03A966392364C83F009F7D17 ] wudfsvc C:\Windows\System32\WUDFSvc.dll
08:47:35.0097 6140 wudfsvc - ok
08:47:35.0117 6140 [ 9A3452B3C2A46C073166C5CF49FAD1AE ] WwanSvc C:\Windows\System32\wwansvc.dll
08:47:35.0120 6140 WwanSvc - ok
08:47:35.0137 6140 ================ Scan global ===============================
08:47:35.0148 6140 [ BA0CD8C393E8C9F83354106093832C7B ] C:\Windows\system32\basesrv.dll
08:47:35.0169 6140 [ F46BBAAC1C4980F4D0DD463F190A42D3 ] C:\Windows\system32\winsrv.dll
08:47:35.0174 6140 [ F46BBAAC1C4980F4D0DD463F190A42D3 ] C:\Windows\system32\winsrv.dll
08:47:35.0182 6140 [ D6160F9D869BA3AF0B787F971DB56368 ] C:\Windows\system32\sxssrv.dll
08:47:35.0207 6140 [ 24ACB7E5BE595468E3B9AA488B9B4FCB ] C:\Windows\system32\services.exe
08:47:35.0210 6140 [Global] - ok
08:47:35.0211 6140 ================ Scan MBR ==================================
08:47:35.0217 6140 [ A36C5E4F47E84449FF07ED3517B43A31 ] \Device\Harddisk0\DR0
08:47:35.0339 6140 \Device\Harddisk0\DR0 - ok
08:47:35.0339 6140 ================ Scan VBR ==================================
08:47:35.0341 6140 [ D2FE34C7B3FB24C5DECB5B5FE33F131F ] \Device\Harddisk0\DR0\Partition1
08:47:35.0343 6140 \Device\Harddisk0\DR0\Partition1 - ok
08:47:35.0357 6140 [ 4B21FCD3B35766222165ABD1B518D02F ] \Device\Harddisk0\DR0\Partition2
08:47:35.0359 6140 \Device\Harddisk0\DR0\Partition2 - ok
08:47:35.0359 6140 ============================================================
08:47:35.0359 6140 Scan finished
08:47:35.0359 6140 ============================================================
08:47:35.0365 4320 Detected object count: 0
08:47:35.0365 4320 Actual detected object count: 0
ESET
C:\NewsRoverFiles\Valid [Checker]4PP by ZzUk v1.2.exe a variant of Win32/Injector.JEL trojan cleaned by deleting - quarantined
C:\Users\Stephen\Downloads\jZipSetup.exe Win32/Toolbar.SearchSuite application cleaned by deleting - quarantined
C:\Users\Stephen\Downloads\Future\iLividSetup.exe Win32/Toolbar.SearchSuite application cleaned by deleting - quarantined
C:\Users\Stephen\Downloads\Future\Mega SEO Pack by (Santino).zip Win32/HackTool.Patcher.A application deleted - quarantined
C:\Users\Stephen\Downloads\JEH\compile\skype.exe Win32/Spy.Autoit.M trojan cleaned by deleting - quarantined
Operating memory Win32/Ainslot.AA worm
# AdwCleaner v2.011 - Logfile created 12/03/2012 at 14:15:35
# Updated 02/12/2012 by Xplode
# Operating system : Windows 7 Home Premium Service Pack 1 (64 bits)
# User : Stephen - GATEWAYWORK
# Boot Mode : Normal
# Running from : C:\Users\Stephen\Downloads\Malware\ADWcleaner\adwcleaner.exe
# Option [search]
***** [services] *****
***** [Files / Folders] *****
File Found : C:\Users\Public\Desktop\Get The Best Facebook Chat Messenger.lnk
File Found : C:\Users\Stephen\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\iLivid.lnk
File Found : C:\Users\Stephen\Desktop\iLivid.lnk
Folder Found : C:\Users\Stephen\AppData\Local\Ilivid
***** [Registry] *****
Key Found : HKCU\Software\ilivid
Key Found : HKLM\Software\Freeze.com
Key Found : HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\ilivid
***** [internet Browsers] *****
-\\ Internet Explorer v9.0.8112.16455
[OK] Registry is clean.
-\\ Mozilla Firefox v17.0 (en-US)
Profile name : default
File : C:\Users\Stephen\AppData\Roaming\Mozilla\Firefox\Profiles\t9nc1ggn.default\prefs.js
[OK] File is clean.
-\\ Google Chrome v23.0.1271.95
File : C:\Users\Stephen\AppData\Local\Google\Chrome\User Data\Default\Preferences
[OK] File is clean.
-\\ Chromium v check_default_browser: true
File : C:\Users\Stephen\AppData\Local\Chromium\User Data\Default\Preferences
[OK] File is clean.
-\\ Opera v12.11.1661.0
File : C:\Users\Stephen\AppData\Roaming\Opera\Opera\operaprefs.ini
[OK] File is clean.
*************************
AdwCleaner[R1].txt - [1578 octets] - [03/12/2012 14:15:35]
########## EOF - C:\AdwCleaner[R1].txt - [1638 octets] ##########
Results of screen317's Security Check version 0.99.56
Windows 7 Service Pack 1 x64 (UAC is enabled)
Internet Explorer 9
``````````````Antivirus/Firewall Check:``````````````
Windows Firewall Disabled!
GFI Software VIPRE
Antivirus up to date!
`````````Anti-malware/Other Utilities Check:`````````
Spybot - Search & Destroy
Malwarebytes Anti-Malware version 1.65.1.1000
Java 7 Update 9
Adobe Flash Player 11.5.502.110
Adobe Reader 10.1.4 Adobe Reader out of Date!
Mozilla Firefox (17.0)
Google Chrome 21.0.1180.89
Google Chrome 22.0.1229.79
Google Chrome 22.0.1229.92
Google Chrome 22.0.1229.94
Google Chrome 23.0.1271.64
Google Chrome 23.0.1271.91
Google Chrome 23.0.1271.95
Google Chrome plugins...
````````Process Check: objlist.exe by Laurent````````
Malwarebytes Anti-Malware mbamservice.exe
Malwarebytes Anti-Malware mbamgui.exe
ESET ESET Online Scanner OnlineCmdLineScanner.exe
Malwarebytes' Anti-Malware mbamscheduler.exe
Stephen Downloads Malware ADWcleaner\adwcleaner.exe
Stephen Downloads Malware Security Chk\SecurityCheck.exe
`````````````````System Health check`````````````````
Total Fragmentation on Drive C: 2%
````````````````````End of Log``````````````````````
-
Malwarebytes Anti-Malware (PRO) 1.65.1.1000
www.malwarebytes.org
Database version: v2012.11.28.10
Windows 7 Service Pack 1 x64 NTFS
Internet Explorer 9.0.8112.16421
Stephen :: GATEWAYWORK [administrator]
Protection: Enabled
11/29/2012 9:42:25 AM
mbam-log-2012-11-29 (09-42-25).txt
Scan type: Quick scan
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM | P2P
Scan options disabled:
Objects scanned: 213014
Time elapsed: 1 minute(s), 55 second(s)
Memory Processes Detected: 0
(No malicious items detected)
Memory Modules Detected: 0
(No malicious items detected)
Registry Keys Detected: 1
HKCU\Software\VB and VBA Program Settings\SrvID (Malware.Trace) -> Quarantined and deleted successfully.
Registry Values Detected: 0
(No malicious items detected)
Registry Data Items Detected: 0
(No malicious items detected)
Folders Detected: 0
(No malicious items detected)
Files Detected: 0
(No malicious items detected)
(end)
ComboFix 12-11-29.02 - Stephen 11/29/2012 9:50.3.4 - x64
Microsoft Windows 7 Home Premium 6.1.7601.1.1252.1.1033.18.8071.5552 [GMT -5:00]
Running from: c:\users\Stephen\Desktop\ComboFix.exe
AV: GFI Software VIPRE *Disabled/Updated* {E0D97DD4-42BA-B3F2-A5A7-22E9ACE81FC7}
FW: GFI Software VIPRE *Enabled* {D8E2FCF1-08D5-B2AA-8EF8-8BDC523B58BC}
SP: GFI Software VIPRE *Disabled/Updated* {5BB89C30-6480-BC7C-9F17-199BD76F557A}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\users\Stephen\AppData\Local\Temp\_MEI57482\_ctypes.pyd
c:\users\Stephen\AppData\Local\Temp\_MEI57482\_elementtree.pyd
c:\users\Stephen\AppData\Local\Temp\_MEI57482\_hashlib.pyd
c:\users\Stephen\AppData\Local\Temp\_MEI57482\_socket.pyd
c:\users\Stephen\AppData\Local\Temp\_MEI57482\_ssl.pyd
c:\users\Stephen\AppData\Local\Temp\_MEI57482\pyexpat.pyd
c:\users\Stephen\AppData\Local\Temp\_MEI57482\pysqlite2._sqlite.pyd
c:\users\Stephen\AppData\Local\Temp\_MEI57482\python26.dll
c:\users\Stephen\AppData\Local\Temp\_MEI57482\pythoncom26.dll
c:\users\Stephen\AppData\Local\Temp\_MEI57482\PyWinTypes26.dll
c:\users\Stephen\AppData\Local\Temp\_MEI57482\select.pyd
c:\users\Stephen\AppData\Local\Temp\_MEI57482\unicodedata.pyd
c:\users\Stephen\AppData\Local\Temp\_MEI57482\win32api.pyd
c:\users\Stephen\AppData\Local\Temp\_MEI57482\win32com.shell.shell.pyd
c:\users\Stephen\AppData\Local\Temp\_MEI57482\win32crypt.pyd
c:\users\Stephen\AppData\Local\Temp\_MEI57482\win32event.pyd
c:\users\Stephen\AppData\Local\Temp\_MEI57482\win32file.pyd
c:\users\Stephen\AppData\Local\Temp\_MEI57482\win32inet.pyd
c:\users\Stephen\AppData\Local\Temp\_MEI57482\win32pdh.pyd
c:\users\Stephen\AppData\Local\Temp\_MEI57482\win32process.pyd
c:\users\Stephen\AppData\Local\Temp\_MEI57482\win32profile.pyd
c:\users\Stephen\AppData\Local\Temp\_MEI57482\win32security.pyd
c:\users\Stephen\AppData\Local\Temp\_MEI57482\win32ts.pyd
c:\users\Stephen\AppData\Local\Temp\_MEI57482\windows._cacheinvalidation.pyd
c:\users\Stephen\AppData\Local\Temp\_MEI57482\wx._controls_.pyd
c:\users\Stephen\AppData\Local\Temp\_MEI57482\wx._core_.pyd
c:\users\Stephen\AppData\Local\Temp\_MEI57482\wx._gdi_.pyd
c:\users\Stephen\AppData\Local\Temp\_MEI57482\wx._html2.pyd
c:\users\Stephen\AppData\Local\Temp\_MEI57482\wx._misc_.pyd
c:\users\Stephen\AppData\Local\Temp\_MEI57482\wx._windows_.pyd
c:\users\Stephen\AppData\Local\Temp\_MEI57482\wx._wizard.pyd
c:\users\Stephen\AppData\Local\Temp\_MEI57482\wxbase293u_net_vc.dll
c:\users\Stephen\AppData\Local\Temp\_MEI57482\wxbase293u_vc.dll
c:\users\Stephen\AppData\Local\Temp\_MEI57482\wxmsw293u_adv_vc.dll
c:\users\Stephen\AppData\Local\Temp\_MEI57482\wxmsw293u_core_vc.dll
c:\users\Stephen\AppData\Local\Temp\_MEI57482\wxmsw293u_html_vc.dll
c:\users\Stephen\AppData\Local\Temp\_MEI57482\wxmsw293u_webview_vc.dll
c:\users\Stephen\AppData\Local\Temp\tmp2uknxo\googledrivesync.exe
.
.
((((((((((((((((((((((((( Files Created from 2012-10-28 to 2012-11-29 )))))))))))))))))))))))))))))))
.
.
2012-11-29 14:53 . 2012-11-29 14:53 -------- d-----w- c:\users\Default\AppData\Local\temp
2012-11-26 12:22 . 2012-11-26 12:22 -------- d-----w- c:\users\Stephen\AppData\Local\TechSmith
2012-11-26 12:22 . 2012-11-26 12:22 -------- d-----w- c:\users\Stephen\AppData\Roaming\TechSmith
2012-11-26 12:20 . 2012-11-26 12:20 -------- d-----w- c:\program files (x86)\QuickTime
2012-11-26 12:20 . 2012-11-26 12:20 -------- d-----w- c:\program files (x86)\Common Files\TechSmith Shared
2012-11-26 12:20 . 2012-11-26 12:20 -------- d-----w- c:\programdata\TechSmith
2012-11-26 12:20 . 2012-11-26 12:20 -------- d-----w- c:\program files (x86)\TechSmith
2012-11-26 04:59 . 2012-11-26 04:59 -------- d-----w- c:\users\Stephen\AppData\Local\Torch
2012-11-26 04:56 . 2012-11-26 04:59 -------- d-----w- c:\users\Stephen\AppData\Local\iLivid
2012-11-23 16:02 . 2012-11-19 19:32 262112 ----a-w- c:\program files (x86)\Mozilla Firefox\components\browsercomps.dll
2012-11-16 15:14 . 2012-07-26 04:55 785512 ----a-w- c:\windows\system32\drivers\Wdf01000.sys
2012-11-16 15:14 . 2012-07-26 04:47 2560 ----a-w- c:\windows\system32\drivers\en-US\wdf01000.sys.mui
2012-11-16 15:14 . 2012-07-26 04:55 54376 ----a-w- c:\windows\system32\drivers\WdfLdr.sys
2012-11-16 15:14 . 2012-07-26 02:36 9728 ----a-w- c:\windows\system32\Wdfres.dll
2012-11-16 15:10 . 2012-07-26 03:08 229888 ----a-w- c:\windows\system32\WUDFHost.exe
2012-11-16 15:10 . 2012-07-26 03:08 84992 ----a-w- c:\windows\system32\WUDFSvc.dll
2012-11-16 15:10 . 2012-07-26 03:08 744448 ----a-w- c:\windows\system32\WUDFx.dll
2012-11-16 15:10 . 2012-07-26 03:08 45056 ----a-w- c:\windows\system32\WUDFCoinstaller.dll
2012-11-16 15:10 . 2012-07-26 03:08 194048 ----a-w- c:\windows\system32\WUDFPlatform.dll
2012-11-16 15:10 . 2012-07-26 02:26 87040 ----a-w- c:\windows\system32\drivers\WUDFPf.sys
2012-11-16 15:10 . 2012-07-26 02:26 198656 ----a-w- c:\windows\system32\drivers\WUDFRd.sys
2012-11-12 23:49 . 2005-03-11 18:07 87040 ----a-w- c:\windows\system32\redmonnt.dll
2012-11-12 23:49 . 2005-03-11 18:07 46080 ----a-w- c:\windows\system32\unredmon.exe
2012-11-12 23:49 . 2012-11-12 23:49 -------- d-----w- c:\program files (x86)\PDFlite
2012-11-12 23:39 . 2012-09-06 12:41 148480 ----a-w- c:\windows\VPDAgent_x64.exe
2012-11-12 23:39 . 2012-11-12 23:39 -------- d-----w- c:\program files\Send To Neat
2012-11-12 23:39 . 2012-09-06 12:41 54784 ----a-w- c:\windows\system32\sdtnpm.dll
2012-11-12 14:56 . 2012-11-12 16:27 -------- d-----w- c:\programdata\Spybot - Search & Destroy
2012-11-12 14:56 . 2012-11-12 14:56 -------- d-----w- c:\program files (x86)\Spybot - Search & Destroy
2012-11-12 14:49 . 2012-11-12 14:50 -------- d-----w- c:\users\Stephen\AppData\Local\jZip
2012-11-12 14:49 . 2012-11-12 14:49 -------- d-----w- c:\program files (x86)\jZip
2012-11-09 16:32 . 2012-11-20 13:36 -------- d-----w- c:\users\Stephen\AppData\Local\join.me
2012-11-09 11:44 . 2012-11-09 11:44 -------- d-----w- c:\users\Default\AppData\Local\WinZip
2012-11-09 11:43 . 2012-11-09 11:43 -------- d-----w- c:\program files (x86)\Common Files\Skype
2012-11-08 09:00 . 2012-10-24 14:32 35456 ----a-w- c:\windows\system32\drivers\gfiark.sys
2012-11-02 21:22 . 2012-11-02 21:22 289768 ----a-w- c:\windows\system32\javaws.exe
2012-11-02 21:22 . 2012-11-02 21:22 189416 ----a-w- c:\windows\system32\javaw.exe
2012-11-02 21:22 . 2012-11-02 21:22 188904 ----a-w- c:\windows\system32\java.exe
2012-11-02 21:22 . 2012-11-02 21:22 108008 ----a-w- c:\windows\system32\WindowsAccessBridge-64.dll
2012-11-02 21:21 . 2012-11-02 21:21 95208 ----a-w- c:\windows\SysWow64\WindowsAccessBridge-32.dll
2012-11-02 21:21 . 2012-11-02 21:21 -------- d-----w- c:\program files (x86)\Java
2012-11-01 13:22 . 2012-11-02 12:02 -------- d-----w- c:\users\Stephen\AppData\Roaming\SQLUpdate
2012-11-01 13:21 . 2012-11-01 13:22 -------- d-----w- c:\users\Stephen\AppData\Roaming\SQLDriver
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-11-29 14:34 . 2012-09-24 14:43 18960 ----a-w- c:\windows\system32\drivers\LNonPnP.sys
2012-11-18 17:22 . 2012-09-11 23:11 66395536 ----a-w- c:\windows\system32\MRT.exe
2012-11-09 11:42 . 2012-04-06 04:10 73656 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl
2012-11-09 11:42 . 2012-04-06 04:10 697272 ----a-w- c:\windows\SysWow64\FlashPlayerApp.exe
2012-11-02 21:22 . 2012-09-15 22:29 916456 ----a-w- c:\windows\system32\deployJava1.dll
2012-11-02 21:22 . 2012-09-15 22:29 1034216 ----a-w- c:\windows\system32\npDeployJava1.dll
2012-11-02 21:21 . 2012-09-11 15:57 821736 ----a-w- c:\windows\SysWow64\npDeployJava1.dll
2012-11-02 21:21 . 2012-09-11 15:57 746984 ----a-w- c:\windows\SysWow64\deployJava1.dll
2012-10-16 08:38 . 2012-11-27 21:15 135168 ----a-w- c:\windows\apppatch\AppPatch64\AcXtrnal.dll
2012-10-16 08:38 . 2012-11-27 21:15 350208 ----a-w- c:\windows\apppatch\AppPatch64\AcLayers.dll
2012-10-16 07:39 . 2012-11-27 21:15 561664 ----a-w- c:\windows\apppatch\AcLayers.dll
2012-10-15 22:36 . 2012-10-15 22:36 756280 ----a-r- c:\users\Stephen\AppData\Roaming\Microsoft\Installer\{F587CC88-D29F-40DA-9268-EEE18D2AF426}\TweetDeck.exe
2012-09-29 23:54 . 2012-09-15 16:28 25928 ----a-w- c:\windows\system32\drivers\mbam.sys
2012-09-26 20:55 . 2012-09-26 20:58 337608 ----a-w- c:\windows\system32\PROUnstl.exe
2012-09-26 20:55 . 2012-09-26 20:55 316064 ----a-w- c:\windows\system32\PRONtObj.dll
2012-09-26 20:55 . 2012-09-26 20:55 162152 ----a-w- c:\windows\system32\drivers\iANSW60e.sys
2012-09-24 14:43 . 2012-09-24 14:43 53248 ----a-r- c:\users\Stephen\AppData\Roaming\Microsoft\Installer\{3EE9BCAE-E9A9-45E5-9B1C-83A4D357E05C}\ARPPRODUCTICON.exe
2012-09-20 09:40 . 2012-10-02 16:04 47496 ----a-w- c:\windows\system32\sbbd.exe
2012-09-20 09:40 . 2012-09-20 09:40 47496 ----a-w- c:\windows\SysWow64\sbbd.exe
2012-09-20 09:11 . 2012-09-20 09:11 86816 ----a-w- c:\windows\system32\drivers\sbwtis.sys
2012-09-20 09:11 . 2012-09-11 22:51 61216 ----a-w- c:\windows\system32\drivers\sbhips.sys
2012-09-20 09:11 . 2012-09-11 22:51 258848 ----a-w- c:\windows\system32\drivers\SbFw.sys
2012-09-19 04:58 . 2012-10-02 16:05 9308616 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{D541B750-C81D-4652-BCC1-8CCFF623749A}\mpengine.dll
2012-09-18 21:55 . 2012-09-18 21:55 110602 ----a-w- c:\windows\News Rover Uninstaller.exe
2012-09-14 19:19 . 2012-10-09 22:03 2048 ----a-w- c:\windows\system32\tzres.dll
2012-09-14 18:28 . 2012-10-09 22:03 2048 ----a-w- c:\windows\SysWow64\tzres.dll
2012-09-13 00:19 . 2012-09-13 00:19 634560 ----a-w- c:\windows\SysWow64\XceedZip.dll
2012-09-13 00:19 . 2012-09-13 00:19 82872 ----a-w- c:\windows\system32\drivers\sbapifs.sys
2012-09-13 00:19 . 2012-09-11 22:51 120064 ----a-w- c:\windows\system32\drivers\SbFwIm.sys
2012-09-10 23:42 . 2012-09-10 23:42 499712 ----a-w- c:\windows\SysWow64\msvcp71.dll
2012-09-10 23:42 . 2012-09-10 23:42 348160 ----a-w- c:\windows\SysWow64\msvcr71.dll
2012-09-10 23:42 . 2012-09-10 23:42 29480 ----a-w- c:\windows\SysWow64\msxml3a.dll
2012-09-10 21:46 . 2011-03-29 01:36 19720 ----a-w- c:\programdata\Microsoft\IdentityCRL\production\ppcrlconfig600.dll
2012-08-31 18:19 . 2012-10-09 22:04 1659760 ----a-w- c:\windows\system32\drivers\ntfs.sys
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\01InsyncSynced]
@="{79168b3f-9ed7-4209-a2ef-835c56a4c0dc}"
[HKEY_CLASSES_ROOT\CLSID\{79168b3f-9ed7-4209-a2ef-835c56a4c0dc}]
2012-11-15 04:38 156592 ----a-w- c:\users\Stephen\AppData\Roaming\Insync\App\InsyncShellExtensions.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\02InsyncSyncing]
@="{8896d747-f2a9-4527-928d-df152fdf73d7}"
[HKEY_CLASSES_ROOT\CLSID\{8896d747-f2a9-4527-928d-df152fdf73d7}]
2012-11-15 04:38 156592 ----a-w- c:\users\Stephen\AppData\Roaming\Insync\App\InsyncShellExtensions.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\03InsyncError]
@="{06E10739-B8D0-41A4-B4A1-A9A4220003B2}"
[HKEY_CLASSES_ROOT\CLSID\{06E10739-B8D0-41A4-B4A1-A9A4220003B2}]
2012-11-15 04:38 156592 ----a-w- c:\users\Stephen\AppData\Roaming\Insync\App\InsyncShellExtensions.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\04InsyncErrorFolder]
@="{e002350f-7ada-4b24-9f42-09ed31681949}"
[HKEY_CLASSES_ROOT\CLSID\{e002350f-7ada-4b24-9f42-09ed31681949}]
2012-11-15 04:38 156592 ----a-w- c:\users\Stephen\AppData\Roaming\Insync\App\InsyncShellExtensions.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt1]
@="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}]
2012-11-13 23:32 129272 ----a-w- c:\users\Stephen\AppData\Roaming\Dropbox\bin\DropboxExt.17.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt2]
@="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}]
2012-11-13 23:32 129272 ----a-w- c:\users\Stephen\AppData\Roaming\Dropbox\bin\DropboxExt.17.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt3]
@="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}]
2012-11-13 23:32 129272 ----a-w- c:\users\Stephen\AppData\Roaming\Dropbox\bin\DropboxExt.17.dll
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"GoogleDriveSync"="c:\program files (x86)\Google\Drive\googledrivesync.exe" [2012-11-08 16070136]
"57AD0B2C9906DFDBF54DD87E02C3DCFDD7598BCD._service_run"="c:\users\Stephen\AppData\Local\Google\Chrome\Application\chrome.exe" [2012-11-14 1242728]
"SQLDriver"="c:\users\Stephen\AppData\Roaming\SQLDriver\SQLDriver.exe" [2012-10-18 72351744]
"MusicManager"="c:\users\Stephen\AppData\Local\Programs\Google\MusicManager\MusicManager.exe" [2012-10-22 7356928]
"SpybotSD TeaTimer"="c:\program files (x86)\Spybot - Search & Destroy\TeaTimer.exe" [2009-01-26 2144088]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"USB3MON"="c:\program files (x86)\Intel\Intel® USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe" [2011-12-04 291096]
"SBAMTray"="c:\program files (x86)\GFI Software\VIPRE\SBAMTray.exe" [2012-09-20 3149704]
.
c:\users\Stephen\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
Dropbox.lnk - c:\users\Stephen\AppData\Roaming\Dropbox\bin\Dropbox.exe [2012-11-21 28791288]
EvernoteClipper.lnk - c:\program files (x86)\Evernote\Evernote\EvernoteClipper.exe [2012-10-26 1017184]
Insync.lnk - c:\users\Stephen\AppData\Roaming\Insync\App\Insync.exe [2012-11-16 56240]
.
c:\users\Default User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
Best Buy pc app.lnk - c:\programdata\Best Buy pc app\ClickOnceSetup.exe [2011-9-22 16032]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
"EnableLinkedConnections"= 1 (0x1)
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\drivers32]
"aux4"=wdmaud.drv
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\SBAMSvc]
@="Service"
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\SBPIMSvc]
@="Service"
.
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]
R2 IAStorDataMgrSvc;Intel® Rapid Storage Technology;c:\program files (x86)\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe [2011-11-30 13592]
R2 LMIInfo;LogMeIn Kernel Information Provider;c:\program files (x86)\LogMeIn\x64\RaInfo.sys [x]
R2 NAUpdate;Nero Update;c:\program files (x86)\Nero\Update\NASvc.exe [2011-03-29 598312]
R2 SBAMSvc;VIPRE Internet Security;c:\program files (x86)\GFI Software\VIPRE\SBAMSvc.exe [2012-09-20 3677000]
R2 UNS;Intel® Management and Security Application User Notification Service;c:\program files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe [2012-02-08 363800]
R3 BBSvc;Bing Bar Update Service;c:\program files (x86)\Microsoft\BingBar\BBSvc.EXE [2011-06-07 191752]
R3 gfiark;gfiark;c:\windows\system32\drivers\gfiark.sys [2012-10-24 35456]
R3 netr28x;Ralink 802.11n Extensible Wireless Driver;c:\windows\system32\DRIVERS\netr28x.sys [2011-04-19 1488448]
R3 pneteth;PdaNet Broadband;c:\windows\system32\DRIVERS\pneteth.sys [2011-11-25 15360]
R3 SBFWIMCL;GFI Software Firewall NDIS IM Filter Service;c:\windows\system32\DRIVERS\sbfwim.sys [2012-09-13 120064]
R3 SbHips;SbHips;c:\windows\system32\drivers\sbhips.sys [2012-09-20 61216]
R3 sbwtis;sbwtis;c:\windows\system32\DRIVERS\sbwtis.sys [2012-09-20 86816]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [2010-11-21 59392]
R3 TsUsbGD;Remote Desktop Generic USB Device;c:\windows\system32\drivers\TsUsbGD.sys [2010-11-21 31232]
R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe [2012-09-11 1255736]
R4 wlcrasvc;Windows Live Mesh remote connections service;c:\program files\Windows Live\Mesh\wlcrasvc.exe [2010-09-23 57184]
S0 iusb3hcs;Intel® USB 3.0 Host Controller Switch Driver;c:\windows\system32\DRIVERS\iusb3hcs.sys [2011-12-04 16152]
S1 SbFw;SbFw;c:\windows\system32\drivers\SbFw.sys [2012-09-20 258848]
S2 Agent;VPDAgent;c:\windows\VPDAgent_x64.exe [2012-09-06 148480]
S2 BBUpdate;BBUpdate;c:\program files (x86)\Microsoft\BingBar\SeaPort.EXE [2011-05-12 249648]
S2 cvhsvc;Client Virtualization Handler;c:\program files (x86)\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE [2012-01-04 822624]
S2 gfi_lanss10_attservice;GFI LanGuard 10 Attendant Service;c:\program files (x86)\GFI Software\VIPRE\LanGuard 10 Agent\lnssatt.exe [2012-09-13 115568]
S2 GREGService;GREGService;c:\program files (x86)\Gateway\Registration\GREGsvc.exe [2012-02-29 28264]
S2 Intel® Capability Licensing Service Interface;Intel® Capability Licensing Service Interface;c:\program files\Intel\iCLS Client\HeciServer.exe [2012-02-03 628448]
S2 Intel® PROSet Monitoring Service;Intel® PROSet Monitoring Service;c:\windows\system32\IProsetMonitor.exe [2011-11-09 189608]
S2 iPodDrv;iPodDrv;c:\windows\system32\drivers\iPodDrv.sys [2011-07-27 14952]
S2 jhi_service;Intel® Dynamic Application Loader Host Interface Service;c:\program files (x86)\Intel\Intel® Management Engine Components\DAL\jhi_service.exe [2012-02-08 161560]
S2 Live Updater Service;Live Updater Service;c:\program files\Gateway\Gateway Updater\UpdaterService.exe [2012-02-07 255376]
S2 MBAMScheduler;MBAMScheduler;c:\program files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe [2012-09-29 399432]
S2 MBAMService;MBAMService;c:\program files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [2012-09-29 676936]
S2 sbapifs;sbapifs;c:\windows\system32\DRIVERS\sbapifs.sys [2012-09-13 82872]
S2 SBPIMSvc;SB Recovery Service;c:\program files (x86)\GFI Software\VIPRE\SBPIMSvc.exe [2012-09-20 175496]
S2 sftlist;Application Virtualization Client;c:\program files (x86)\Microsoft Application Virtualization Client\sftlist.exe [2011-10-01 508776]
S2 Skype C2C Service;Skype C2C Service;c:\programdata\Skype\Toolbars\Skype C2C Service\c2c_service.exe [2012-10-02 3064000]
S2 SkypeUpdate;Skype Updater;c:\program files (x86)\Skype\Updater\Updater.exe [2012-10-19 160944]
S2 UMVPFSrv;UMVPFSrv;c:\program files (x86)\Common Files\logishrd\LVMVFM\UMVPFSrv.exe [2012-01-18 450848]
S3 dg_ssudbus;SAMSUNG Mobile USB Composite Device Driver (DEVGURU Ver.);c:\windows\system32\DRIVERS\ssudbus.sys [2012-07-30 102240]
S3 IntcDAud;Intel® Display Audio;c:\windows\system32\DRIVERS\IntcDAud.sys [2011-12-05 331264]
S3 iusb3hub;Intel® USB 3.0 Hub Driver;c:\windows\system32\DRIVERS\iusb3hub.sys [2011-12-04 355096]
S3 iusb3xhc;Intel® USB 3.0 eXtensible Host Controller Driver;c:\windows\system32\DRIVERS\iusb3xhc.sys [2011-12-04 785688]
S3 LVRS64;Logitech RightSound Filter Driver;c:\windows\system32\DRIVERS\lvrs64.sys [2012-01-18 351136]
S3 LVUVC64;Logitech HD Webcam C310(UVC);c:\windows\system32\DRIVERS\lvuvc64.sys [2012-01-18 4865568]
S3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [2012-09-29 25928]
S3 SBFWIMCLMP;GFI Software Firewall NDIS IM Filter Miniport;c:\windows\system32\DRIVERS\SBFWIM.sys [2012-09-13 120064]
S3 Sftfs;Sftfs;c:\windows\system32\DRIVERS\Sftfslh.sys [2011-10-01 764264]
S3 Sftplay;Sftplay;c:\windows\system32\DRIVERS\Sftplaylh.sys [2011-10-01 268648]
S3 Sftredir;Sftredir;c:\windows\system32\DRIVERS\Sftredirlh.sys [2011-10-01 25960]
S3 Sftvol;Sftvol;c:\windows\system32\DRIVERS\Sftvollh.sys [2011-10-01 22376]
S3 sftvsa;Application Virtualization Service Agent;c:\program files (x86)\Microsoft Application Virtualization Client\sftvsa.exe [2011-10-01 219496]
S3 ssudmdm;SAMSUNG Mobile USB Modem Drivers (DEVGURU Ver.);c:\windows\system32\DRIVERS\ssudmdm.sys [2012-07-30 203104]
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\active setup\installed components\Neat ADF Scanner 2008]
reg copy HKLM\Software\Wow6432Node\The Neat Company\Neat ADF Scanner 2008 HKCU\Software\The Neat Company\Neat ADF Scanner 2008 [bU]
.
Contents of the 'Scheduled Tasks' folder
.
2012-11-29 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-04-06 11:42]
.
2012-11-29 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2012-09-11 13:15]
.
2012-11-29 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2012-09-11 13:15]
.
2012-11-28 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3359720339-4014307445-4140227809-1001Core.job
- c:\users\Stephen\AppData\Local\Google\Update\GoogleUpdate.exe [2012-09-11 13:15]
.
2012-11-29 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3359720339-4014307445-4140227809-1001UA.job
- c:\users\Stephen\AppData\Local\Google\Update\GoogleUpdate.exe [2012-09-11 13:15]
.
.
--------- X64 Entries -----------
.
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\01InsyncSynced64]
@="{E14A1BB6-3439-4096-808B-ACFFDBB3D313}"
[HKEY_CLASSES_ROOT\CLSID\{E14A1BB6-3439-4096-808B-ACFFDBB3D313}]
2012-11-15 04:38 176560 ----a-w- c:\users\Stephen\AppData\Roaming\Insync\App\InsyncShellExtensions64.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\02InsyncSyncing64]
@="{5141519A-C349-4FF8-90F6-16ADE4CDC8A2}"
[HKEY_CLASSES_ROOT\CLSID\{5141519A-C349-4FF8-90F6-16ADE4CDC8A2}]
2012-11-15 04:38 176560 ----a-w- c:\users\Stephen\AppData\Roaming\Insync\App\InsyncShellExtensions64.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\03InsyncError64]
@="{E82E3537-C355-484B-9825-01389BA1CD25}"
[HKEY_CLASSES_ROOT\CLSID\{E82E3537-C355-484B-9825-01389BA1CD25}]
2012-11-15 04:38 176560 ----a-w- c:\users\Stephen\AppData\Roaming\Insync\App\InsyncShellExtensions64.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\04InsyncErrorFolder64]
@="{722710aa-a7cd-4094-9abb-4bb18b936838}"
[HKEY_CLASSES_ROOT\CLSID\{722710aa-a7cd-4094-9abb-4bb18b936838}]
2012-11-15 04:38 176560 ----a-w- c:\users\Stephen\AppData\Roaming\Insync\App\InsyncShellExtensions64.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt1]
@="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}]
2012-11-13 23:32 162552 ----a-w- c:\users\Stephen\AppData\Roaming\Dropbox\bin\DropboxExt64.17.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt2]
@="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}]
2012-11-13 23:32 162552 ----a-w- c:\users\Stephen\AppData\Roaming\Dropbox\bin\DropboxExt64.17.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt3]
@="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}]
2012-11-13 23:32 162552 ----a-w- c:\users\Stephen\AppData\Roaming\Dropbox\bin\DropboxExt64.17.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt4]
@="{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}]
2012-11-13 23:32 162552 ----a-w- c:\users\Stephen\AppData\Roaming\Dropbox\bin\DropboxExt64.17.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\GDriveBlacklistedOverlay]
@="{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D42}"
[HKEY_CLASSES_ROOT\CLSID\{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D42}]
2012-11-08 21:58 755224 ----a-w- c:\program files (x86)\Google\Drive\googledrivesync64.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\GDriveSharedOverlay]
@="{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D43}"
[HKEY_CLASSES_ROOT\CLSID\{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D43}]
2012-11-08 21:58 755224 ----a-w- c:\program files (x86)\Google\Drive\googledrivesync64.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\GDriveSyncedOverlay]
@="{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D40}"
[HKEY_CLASSES_ROOT\CLSID\{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D40}]
2012-11-08 21:58 755224 ----a-w- c:\program files (x86)\Google\Drive\googledrivesync64.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\GDriveSyncingOverlay]
@="{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D41}"
[HKEY_CLASSES_ROOT\CLSID\{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D41}]
2012-11-08 21:58 755224 ----a-w- c:\program files (x86)\Google\Drive\googledrivesync64.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2011-12-26 170264]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2011-12-26 398104]
"Persistence"="c:\windows\system32\igfxpers.exe" [2011-12-26 440600]
"RTHDVCPL"="c:\program files\Realtek\Audio\HDA\RAVCpl64.exe" [2011-11-14 13353064]
"EvtMgr6"="c:\program files\Logitech\SetPointP\SetPoint.exe" [2011-10-07 1744152]
"LogMeIn GUI"="c:\program files (x86)\LogMeIn\x64\LogMeInSystray.exe" [bU]
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.bing.com/?pc=MAGW
uLocal Page = c:\windows\system32\blank.htm
mDefault_Page_URL = hxxp://www.bing.com/?pc=MAGW
mStart Page = hxxp://www.bing.com/?pc=MAGW
mLocal Page = c:\windows\SysWOW64\blank.htm
uInternet Settings,ProxyOverride = *.local
IE: Add to Evernote 4.0 - c:\program files (x86)\Evernote\Evernote\EvernoteIE.dll/204
Trusted Zone: mailchimp.com\login
TCP: DhcpNameServer = 192.168.13.1
FF - ProfilePath - c:\users\Stephen\AppData\Roaming\Mozilla\Firefox\Profiles\t9nc1ggn.default\
FF - prefs.js: browser.search.selectedEngine - Yahoo (By Genieo)
FF - prefs.js: browser.startup.homepage - hxxp://yahoo.genieo.com/?v=w3i8
FF - prefs.js: keyword.URL - hxxp://us.yhs4.search.yahoo.com/yhs/search?hspart=w3i&hsimp=yhs-geneiotransfer&type=W3i_IA,206,0_0,StartPage,20120102,18482,0,0,6434&p=
FF - ExtSQL: 2012-11-16 16:28; jid0-HZ5UvAEiWWAxT9TKLuhEgUCARqo@jetpack; c:\users\Stephen\AppData\Roaming\Mozilla\Firefox\Profiles\t9nc1ggn.default\extensions\jid0-HZ5UvAEiWWAxT9TKLuhEgUCARqo@jetpack.xpi
FF - ExtSQL: 2012-11-28 10:54; {DDC359D1-844A-42a7-9AA1-88A850A938A8}; c:\users\Stephen\AppData\Roaming\Mozilla\Firefox\Profiles\t9nc1ggn.default\extensions\{DDC359D1-844A-42a7-9AA1-88A850A938A8}.xpi
FF - ExtSQL: 2012-11-28 10:54; anticontainer@downthemall.net; c:\users\Stephen\AppData\Roaming\Mozilla\Firefox\Profiles\t9nc1ggn.default\extensions\anticontainer@downthemall.net.xpi
.
- - - - ORPHANS REMOVED - - - -
.
Toolbar-Locked - (no file)
.
.
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_USERS\.Default\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.htm\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="Opera.HTML"
.
[HKEY_USERS\.Default\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.html\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="Opera.HTML"
.
[HKEY_USERS\.Default\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.mht\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="Opera.HTML"
.
[HKEY_USERS\.Default\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.mhtml\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="Opera.HTML"
.
[HKEY_USERS\.Default\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.xht\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="Opera.HTML"
.
[HKEY_USERS\.Default\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.xhtm\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="Opera.HTML"
.
[HKEY_USERS\.Default\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.xhtml\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="Opera.HTML"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_11_5_502_110_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
@="c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_11_5_502_110_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="IFlashBroker5"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_5_502_110_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_5_502_110_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_5_502_110.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.11"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_5_502_110.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_5_502_110.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_5_502_110.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="IFlashBroker5"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0002\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
------------------------ Other Running Processes ------------------------
.
c:\program files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
c:\program files (x86)\Bonjour\mDNSResponder.exe
c:\program files (x86)\Common Files\Comscan\Comscan.exe
c:\program files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe
c:\program files (x86)\Google\Update\1.3.21.123\GoogleCrashHandler.exe
c:\program files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe
c:\program files (x86)\GFI Software\VIPRE\LanGuard 10 Agent\Mantle.exe
.
**************************************************************************
.
Completion time: 2012-11-29 09:57:33 - machine was rebooted
ComboFix-quarantined-files.txt 2012-11-29 14:57
ComboFix2.txt 2012-11-23 15:24
.
Pre-Run: 848,509,575,168 bytes free
Post-Run: 849,588,092,928 bytes free
.
- - End Of File - - 1260E52F9B845A46C25F2EB2024DABA6
DDS (Ver_2012-11-20.01) - NTFS_AMD64
Internet Explorer: 9.0.8112.16455 BrowserJavaVersion: 10.9.2
Run by Stephen at 10:25:39 on 2012-11-29
Microsoft Windows 7 Home Premium 6.1.7601.1.1252.1.1033.18.8071.4971 [GMT -5:00]
.
AV: GFI Software VIPRE *Enabled/Updated* {E0D97DD4-42BA-B3F2-A5A7-22E9ACE81FC7}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
SP: GFI Software VIPRE *Enabled/Updated* {5BB89C30-6480-BC7C-9F17-199BD76F557A}
FW: GFI Software VIPRE *Enabled* {D8E2FCF1-08D5-B2AA-8EF8-8BDC523B58BC}
.
============== Running Processes ===============
.
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\VPDAgent_x64.exe
C:\Windows\system32\svchost.exe -k RPCSS
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Program Files (x86)\Common Files\logishrd\LVMVFM\UMVPFSrv.exe
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\System32\WUDFHost.exe
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
C:\Program Files (x86)\Microsoft\BingBar\SeaPort.EXE
C:\Program Files (x86)\Bonjour\mDNSResponder.exe
C:\Program Files (x86)\GFI Software\VIPRE\LanGuard 10 Agent\lnssatt.exe
C:\Program Files (x86)\Gateway\Registration\GREGsvc.exe
C:\Program Files\Intel\iCLS Client\HeciServer.exe
C:\Windows\system32\IProsetMonitor.exe
C:\Program Files (x86)\Intel\Intel® Management Engine Components\DAL\jhi_service.exe
C:\Windows\system32\taskhost.exe
C:\Program Files\Gateway\Gateway Updater\UpdaterService.exe
C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe
C:\Program Files (x86)\Google\Update\1.3.21.123\GoogleCrashHandler.exe
C:\Windows\system32\Dwm.exe
C:\Program Files (x86)\Google\Update\1.3.21.123\GoogleCrashHandler64.exe
C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe
C:\Program Files (x86)\GFI Software\VIPRE\SBPIMSvc.exe
C:\Windows\Explorer.EXE
C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe
C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe
C:\ProgramData\Skype\Toolbars\Skype C2C Service\c2c_service.exe
C:\Windows\system32\svchost.exe -k imgsvc
C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe
C:\Program Files (x86)\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE
C:\Program Files (x86)\Common Files\Comscan\Comscan.exe
C:\Windows\System32\WUDFHost.exe
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\Windows\System32\igfxtray.exe
C:\Windows\System32\hkcmd.exe
C:\Windows\System32\igfxpers.exe
C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
C:\Program Files\Logitech\SetPointP\SetPoint.exe
C:\Program Files (x86)\Google\Drive\googledrivesync.exe
C:\Users\Stephen\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Stephen\AppData\Local\Programs\Google\MusicManager\MusicManager.exe
C:\Program Files (x86)\Spybot - Search & Destroy\TeaTimer.exe
C:\Program Files\Common Files\LogiShrd\KHAL3\KHALMNPR.EXE
C:\Program Files (x86)\Intel\Intel® USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe
C:\Program Files (x86)\GFI Software\VIPRE\SBAMTray.exe
C:\Program Files (x86)\Google\Drive\googledrivesync.exe
C:\Users\Stephen\AppData\Roaming\Dropbox\bin\Dropbox.exe
C:\Program Files (x86)\Evernote\Evernote\EvernoteClipper.exe
C:\Users\Stephen\AppData\Roaming\Insync\App\Insync.exe
C:\Windows\system32\SearchIndexer.exe
C:\Users\Stephen\AppData\Roaming\SQLDriver\SQLDriver.exe
C:\Program Files (x86)\GFI Software\VIPRE\SBAMSvc.exe
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\Program Files (x86)\GFI Software\VIPRE\LanGuard 10 Agent\Mantle.exe
C:\Windows\System32\svchost.exe -k LocalServicePeerNet
C:\Users\Stephen\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Stephen\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Stephen\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Stephen\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Stephen\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Stephen\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Stephen\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Stephen\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Stephen\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Stephen\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Stephen\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Stephen\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Stephen\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Stephen\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Stephen\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Stephen\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Stephen\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Stephen\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Stephen\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Stephen\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Stephen\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Stephen\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Stephen\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Stephen\AppData\Local\Google\Google Talk Plugin\googletalkplugin.exe
C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe
C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe
C:\Program Files (x86)\Nero\Update\NASvc.exe
C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe
C:\Users\Stephen\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Internet Explorer\iexplore.exe
C:\Program Files (x86)\Internet Explorer\iexplore.exe
C:\Windows\SysWOW64\Macromed\Flash\FlashUtil32_11_5_502_110_ActiveX.exe
C:\Windows\system32\prevhost.exe
C:\Windows\system32\taskeng.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Windows\System32\cscript.exe
.
============== Pseudo HJT Report ===============
.
uStart Page = hxxp://www.bing.com/?pc=MAGW
mStart Page = hxxp://www.bing.com/?pc=MAGW
mDefault_Page_URL = hxxp://www.bing.com/?pc=MAGW
BHO: Adobe PDF Link Helper: {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
BHO: Spybot-S&D IE Protection: {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files (x86)\Spybot - Search & Destroy\SDHelper.dll
BHO: PodcastBHO Class: {65134FDF-F8A5-4B3D-91D9-CDF273CFD578} - C:\Program Files (x86)\Common Files\doubleTwist\IEPodcastPlugin.dll
BHO: Java Plug-In SSV Helper: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll
BHO: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
BHO: Skype Browser Helper: {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
BHO: Bing Bar Helper: {d2ce3e00-f94a-4740-988e-03dc2f38c34f} -
BHO: Java Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll
TB: Bing Bar: {8dcb7100-df86-4384-8842-8fa844297b3f} -
uRun: [GoogleDriveSync] "C:\Program Files (x86)\Google\Drive\googledrivesync.exe" /autostart
uRun: [57AD0B2C9906DFDBF54DD87E02C3DCFDD7598BCD._service_run] "C:\Users\Stephen\AppData\Local\Google\Chrome\Application\chrome.exe" --type=service
uRun: [sqlDriver] C:\Users\Stephen\AppData\Roaming\SQLDriver\SQLDriver.exe
uRun: [MusicManager] "C:\Users\Stephen\AppData\Local\Programs\Google\MusicManager\MusicManager.exe"
uRun: [spybotSD TeaTimer] C:\Program Files (x86)\Spybot - Search & Destroy\TeaTimer.exe
mRun: [uSB3MON] "C:\Program Files (x86)\Intel\Intel® USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe"
mRun: [sBAMTray] "C:\Program Files (x86)\GFI Software\VIPRE\SBAMTray.exe"
StartupFolder: C:\Users\Stephen\AppData\Roaming\MICROS~1\Windows\STARTM~1\Programs\Startup\Dropbox.lnk - C:\Users\Stephen\AppData\Roaming\Dropbox\bin\Dropbox.exe
StartupFolder: C:\Users\Stephen\AppData\Roaming\MICROS~1\Windows\STARTM~1\Programs\Startup\EVERNO~1.LNK - C:\Program Files (x86)\Evernote\Evernote\EvernoteClipper.exe
uPolicies-Explorer: NoDrives = dword:0
mPolicies-Explorer: NoDrives = dword:0
mPolicies-System: ConsentPromptBehaviorAdmin = dword:5
mPolicies-System: ConsentPromptBehaviorUser = dword:3
mPolicies-System: EnableUIADesktopToggle = dword:0
IE: Add to Evernote 4.0 - C:\Program Files (x86)\Evernote\Evernote\EvernoteIE.dll/204
IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll
IE: {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
IE: {A95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\Program Files (x86)\Evernote\Evernote\EvernoteIE.dll/204
IE: {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files (x86)\Spybot - Search & Destroy\SDHelper.dll
.
INFO: HKCU has more than 50 listed domains.
If you wish to scan all of them, select the 'Force scan all domains' option.
.
TCP: NameServer = 192.168.13.1
TCP: Interfaces\{0AE144C0-F63A-4C16-BAA1-A0267DC4DD46} : DHCPNameServer = 192.168.13.1
TCP: Interfaces\{B539F6E0-F6DF-4C88-B72B-2917B5C7AC86} : DHCPNameServer = 192.168.43.1
TCP: Interfaces\{B539F6E0-F6DF-4C88-B72B-2917B5C7AC86}\3516E6964716279657D6 : DHCPNameServer = 192.168.13.1
TCP: Interfaces\{B539F6E0-F6DF-4C88-B72B-2917B5C7AC86}\46F6D656E6963696 : DHCPNameServer = 75.75.75.75 75.75.76.76
Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll
Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files (x86)\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll
SSODL: WebCheck - <orphaned>
mASetup: Neat ADF Scanner 2008 - reg copy "HKLM\Software\Wow6432Node\The Neat Company\Neat ADF Scanner 2008" "HKCU\Software\The Neat Company\Neat ADF Scanner 2008" /s /f
x64-mStart Page = hxxp://www.bing.com/?pc=MAGW
x64-BHO: Java Plug-In SSV Helper: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre7\bin\ssv.dll
x64-BHO: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
x64-BHO: Skype add-on for Internet Explorer: {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll
x64-BHO: Java Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll
x64-Run: [igfxTray] C:\Windows\System32\igfxtray.exe
x64-Run: [HotKeysCmds] C:\Windows\System32\hkcmd.exe
x64-Run: [Persistence] C:\Windows\System32\igfxpers.exe
x64-Run: [RTHDVCPL] C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe -s
x64-Run: [EvtMgr6] C:\Program Files\Logitech\SetPointP\SetPoint.exe /launchGaming
x64-Run: [LogMeIn GUI] "C:\Program Files (x86)\LogMeIn\x64\LogMeInSystray.exe"
x64-IE: {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll
x64-Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll
x64-Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - <orphaned>
x64-Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - <orphaned>
x64-Notify: igfxcui - igfxdev.dll
x64-Notify: LBTWlgn - c:\program files\common files\logishrd\bluetooth\LBTWlgn.dll
x64-mASetup: Send To Neat - reg copy "HKLM\Software\The Neat Company\Send To Neat" "HKCU\Software\The Neat Company\Send To Neat" /s /f
.
================= FIREFOX ===================
.
FF - ProfilePath - C:\Users\Stephen\AppData\Roaming\Mozilla\Firefox\Profiles\t9nc1ggn.default\
FF - prefs.js: browser.search.selectedEngine - Yahoo (By Genieo)
FF - prefs.js: browser.startup.homepage - hxxp://yahoo.genieo.com/?v=w3i8
FF - prefs.js: keyword.URL - hxxp://us.yhs4.search.yahoo.com/yhs/search?hspart=w3i&hsimp=yhs-geneiotransfer&type=W3i_IA,206,0_0,StartPage,20120102,18482,0,0,6434&p=
FF - plugin: C:\PROGRA~2\MICROS~4\Office14\NPSPWRAP.DLL
FF - plugin: C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll
FF - plugin: C:\Program Files (x86)\Common Files\doubleTwist\NPPodcast.dll
FF - plugin: C:\Program Files (x86)\Google\Update\1.3.21.123\npGoogleUpdate3.dll
FF - plugin: C:\Program Files (x86)\Intel\Intel® Management Engine Components\IPT\npIntelWebAPIIPT.dll
FF - plugin: C:\Program Files (x86)\Intel\Intel® Management Engine Components\IPT\npIntelWebAPIUpdater.dll
FF - plugin: C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll
FF - plugin: c:\Program Files (x86)\Microsoft Silverlight\4.1.10329.0\npctrlui.dll
FF - plugin: C:\Program Files (x86)\PDFlite\npPdfViewer.dll
FF - plugin: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll
FF - plugin: C:\ProgramData\Best Buy pc app\npBestBuyPcAppDetector.dll
FF - plugin: C:\Users\Stephen\AppData\Local\Google\Update\1.3.21.123\npGoogleUpdate3.dll
FF - plugin: C:\Users\Stephen\AppData\Roaming\Mozilla\plugins\npgoogletalk.dll
FF - plugin: C:\Users\Stephen\AppData\Roaming\Mozilla\plugins\npgtpo3dautoplugin.dll
FF - plugin: C:\Windows\System32\Wat\npWatWeb.dll
FF - plugin: C:\Windows\SysWOW64\Adobe\Director\np32dsw_1168638.dll
FF - plugin: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_5_502_110.dll
FF - plugin: C:\Windows\SysWOW64\npDeployJava1.dll
FF - plugin: C:\Windows\SysWOW64\npmproxy.dll
FF - ExtSQL: 2012-11-16 16:28; jid0-HZ5UvAEiWWAxT9TKLuhEgUCARqo@jetpack; C:\Users\Stephen\AppData\Roaming\Mozilla\Firefox\Profiles\t9nc1ggn.default\extensions\jid0-HZ5UvAEiWWAxT9TKLuhEgUCARqo@jetpack.xpi
FF - ExtSQL: 2012-11-28 10:54; {DDC359D1-844A-42a7-9AA1-88A850A938A8}; C:\Users\Stephen\AppData\Roaming\Mozilla\Firefox\Profiles\t9nc1ggn.default\extensions\{DDC359D1-844A-42a7-9AA1-88A850A938A8}.xpi
FF - ExtSQL: 2012-11-28 10:54; anticontainer@downthemall.net; C:\Users\Stephen\AppData\Roaming\Mozilla\Firefox\Profiles\t9nc1ggn.default\extensions\anticontainer@downthemall.net.xpi
.
============= SERVICES / DRIVERS ===============
.
R0 iusb3hcs;Intel® USB 3.0 Host Controller Switch Driver;C:\Windows\System32\drivers\iusb3hcs.sys [2012-4-5 16152]
R1 SbFw;SbFw;C:\Windows\System32\drivers\SbFw.sys [2012-9-11 258848]
R2 Agent;VPDAgent;C:\Windows\VPDAgent_x64.exe [2012-11-12 148480]
R2 BBUpdate;BBUpdate;C:\Program Files (x86)\Microsoft\BingBar\SeaPort.EXE [2011-5-12 249648]
R2 cvhsvc;Client Virtualization Handler;C:\Program Files (x86)\Common Files\microsoft shared\Virtualization Handler\CVHSVC.EXE [2012-1-4 822624]
R2 gfi_lanss10_attservice;GFI LanGuard 10 Attendant Service;C:\Program Files (x86)\GFI Software\VIPRE\LanGuard 10 Agent\lnssatt.exe [2012-9-12 115568]
R2 GREGService;GREGService;C:\Program Files (x86)\Gateway\Registration\GREGsvc.exe [2012-2-29 28264]
R2 IAStorDataMgrSvc;Intel® Rapid Storage Technology;C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe [2012-9-10 13592]
R2 Intel® Capability Licensing Service Interface;Intel® Capability Licensing Service Interface;C:\Program Files\Intel\iCLS Client\HeciServer.exe [2012-2-3 628448]
R2 Intel® PROSet Monitoring Service;Intel® PROSet Monitoring Service;C:\Windows\System32\IPROSetMonitor.exe [2012-9-26 189608]
R2 iPodDrv;iPodDrv;C:\Windows\System32\drivers\iPodDrv.sys [2011-7-27 14952]
R2 jhi_service;Intel® Dynamic Application Loader Host Interface Service;C:\Program Files (x86)\Intel\Intel® Management Engine Components\DAL\Jhi_service.exe [2012-9-10 161560]
R2 Live Updater Service;Live Updater Service;C:\Program Files\Gateway\Gateway Updater\UpdaterService.exe [2012-4-5 255376]
R2 LMIRfsDriver;LogMeIn Remote File System Driver;C:\Windows\System32\drivers\LMIRfsDriver.sys [2012-10-3 72216]
R2 MBAMScheduler;MBAMScheduler;C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe [2012-9-15 399432]
R2 MBAMService;MBAMService;C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [2012-9-15 676936]
R2 NAUpdate;Nero Update;C:\Program Files (x86)\Nero\Update\NASvc.exe [2011-3-29 598312]
R2 SBAMSvc;VIPRE Internet Security;C:\Program Files (x86)\GFI Software\VIPRE\SBAMSvc.exe [2012-9-20 3677000]
R2 sbapifs;sbapifs;C:\Windows\System32\drivers\sbapifs.sys [2012-9-12 82872]
R2 SBPIMSvc;SB Recovery Service;C:\Program Files (x86)\GFI Software\VIPRE\SBPIMSvc.exe [2012-9-20 175496]
R2 sftlist;Application Virtualization Client;C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe [2011-10-1 508776]
R2 Skype C2C Service;Skype C2C Service;C:\ProgramData\Skype\Toolbars\Skype C2C Service\c2c_service.exe [2012-10-2 3064000]
R2 UMVPFSrv;UMVPFSrv;C:\Program Files (x86)\Common Files\LogiShrd\LVMVFM\UMVPFSrv.exe [2012-1-18 450848]
R2 UNS;Intel® Management and Security Application User Notification Service;C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe [2012-9-10 363800]
R3 dg_ssudbus;SAMSUNG Mobile USB Composite Device Driver (DEVGURU Ver.);C:\Windows\System32\drivers\ssudbus.sys [2012-7-30 102240]
R3 IntcDAud;Intel® Display Audio;C:\Windows\System32\drivers\IntcDAud.sys [2012-4-5 331264]
R3 iusb3hub;Intel® USB 3.0 Hub Driver;C:\Windows\System32\drivers\iusb3hub.sys [2012-4-5 355096]
R3 iusb3xhc;Intel® USB 3.0 eXtensible Host Controller Driver;C:\Windows\System32\drivers\iusb3xhc.sys [2012-4-5 785688]
R3 LVRS64;Logitech RightSound Filter Driver;C:\Windows\System32\drivers\lvrs64.sys [2012-1-18 351136]
R3 LVUVC64;Logitech HD Webcam C310(UVC);C:\Windows\System32\drivers\lvuvc64.sys [2012-1-18 4865568]
R3 MBAMProtector;MBAMProtector;C:\Windows\System32\drivers\mbam.sys [2012-9-15 25928]
R3 SBFWIMCLMP;GFI Software Firewall NDIS IM Filter Miniport;C:\Windows\System32\drivers\SbFwIm.sys [2012-9-11 120064]
R3 sbwtis;sbwtis;C:\Windows\System32\drivers\sbwtis.sys [2012-9-20 86816]
R3 Sftfs;Sftfs;C:\Windows\System32\drivers\Sftfslh.sys [2011-10-1 764264]
R3 Sftplay;Sftplay;C:\Windows\System32\drivers\Sftplaylh.sys [2011-10-1 268648]
R3 Sftredir;Sftredir;C:\Windows\System32\drivers\Sftredirlh.sys [2011-10-1 25960]
R3 Sftvol;Sftvol;C:\Windows\System32\drivers\Sftvollh.sys [2011-10-1 22376]
R3 sftvsa;Application Virtualization Service Agent;C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe [2011-10-1 219496]
R3 ssudmdm;SAMSUNG Mobile USB Modem Drivers (DEVGURU Ver.);C:\Windows\System32\drivers\ssudmdm.sys [2012-7-30 203104]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-3-18 138576]
S2 SkypeUpdate;Skype Updater;C:\Program Files (x86)\Skype\Updater\Updater.exe [2012-10-19 160944]
S3 BBSvc;Bing Bar Update Service;C:\Program Files (x86)\Microsoft\BingBar\BBSvc.EXE [2011-6-7 191752]
S3 gfiark;gfiark;C:\Windows\System32\drivers\gfiark.sys [2012-11-8 35456]
S3 netr28x;Ralink 802.11n Extensible Wireless Driver;C:\Windows\System32\drivers\netr28x.sys [2012-4-5 1488448]
S3 pneteth;PdaNet Broadband;C:\Windows\System32\drivers\pneteth.sys [2012-9-15 15360]
S3 SBFWIMCL;GFI Software Firewall NDIS IM Filter Service;C:\Windows\System32\drivers\SbFwIm.sys [2012-9-11 120064]
S3 SbHips;SbHips;C:\Windows\System32\drivers\sbhips.sys [2012-9-11 61216]
S3 TsUsbFlt;TsUsbFlt;C:\Windows\System32\drivers\TsUsbFlt.sys [2010-11-20 59392]
S3 TsUsbGD;Remote Desktop Generic USB Device;C:\Windows\System32\drivers\TsUsbGD.sys [2010-11-20 31232]
S3 WatAdminSvc;Windows Activation Technologies Service;C:\Windows\System32\Wat\WatAdminSvc.exe [2012-9-12 1255736]
S4 wlcrasvc;Windows Live Mesh remote connections service;C:\Program Files\Windows Live\Mesh\wlcrasvc.exe [2010-9-22 57184]
.
=============== Created Last 30 ================
.
2012-11-29 14:55:13 -------- d-sh--w- C:\$RECYCLE.BIN
2012-11-26 12:22:23 -------- d-----w- C:\Users\Stephen\AppData\Local\TechSmith
2012-11-26 12:22:16 -------- d-----w- C:\Users\Stephen\AppData\Roaming\TechSmith
2012-11-26 12:20:45 -------- d-----w- C:\Program Files (x86)\Common Files\TechSmith Shared
2012-11-26 04:59:10 -------- d-----w- C:\Users\Stephen\AppData\Local\Torch
2012-11-26 04:56:45 -------- d-----w- C:\Users\Stephen\AppData\Local\iLivid
2012-11-23 16:02:45 262112 ----a-w- C:\Program Files (x86)\Mozilla Firefox\components\browsercomps.dll
2012-11-16 15:14:01 785512 ----a-w- C:\Windows\System32\drivers\Wdf01000.sys
2012-11-16 15:14:01 2560 ----a-w- C:\Windows\System32\drivers\en-US\wdf01000.sys.mui
2012-11-16 15:14:00 9728 ----a-w- C:\Windows\System32\Wdfres.dll
2012-11-16 15:14:00 54376 ----a-w- C:\Windows\System32\drivers\WdfLdr.sys
2012-11-16 15:10:36 87040 ----a-w- C:\Windows\System32\drivers\WUDFPf.sys
2012-11-16 15:10:36 84992 ----a-w- C:\Windows\System32\WUDFSvc.dll
2012-11-16 15:10:36 744448 ----a-w- C:\Windows\System32\WUDFx.dll
2012-11-16 15:10:36 45056 ----a-w- C:\Windows\System32\WUDFCoinstaller.dll
2012-11-16 15:10:36 229888 ----a-w- C:\Windows\System32\WUDFHost.exe
2012-11-16 15:10:36 198656 ----a-w- C:\Windows\System32\drivers\WUDFRd.sys
2012-11-16 15:10:36 194048 ----a-w- C:\Windows\System32\WUDFPlatform.dll
2012-11-12 23:49:25 87040 ----a-w- C:\Windows\System32\redmonnt.dll
2012-11-12 23:49:25 46080 ----a-w- C:\Windows\System32\unredmon.exe
2012-11-12 23:49:23 -------- d-----w- C:\Program Files (x86)\PDFlite
2012-11-12 23:39:20 148480 ----a-w- C:\Windows\VPDAgent_x64.exe
2012-11-12 23:39:19 -------- d-----w- C:\Program Files\Send To Neat
2012-11-12 23:39:15 54784 ----a-w- C:\Windows\System32\sdtnpm.dll
2012-11-12 14:56:17 -------- d-----w- C:\ProgramData\Spybot - Search & Destroy
2012-11-12 14:56:17 -------- d-----w- C:\Program Files (x86)\Spybot - Search & Destroy
2012-11-12 14:49:41 -------- d-----w- C:\Users\Stephen\AppData\Local\jZip
2012-11-12 14:49:29 -------- d-----w- C:\Program Files (x86)\jZip
2012-11-09 16:32:42 -------- d-----w- C:\Users\Stephen\AppData\Local\join.me
2012-11-08 09:00:00 35456 ----a-w- C:\Windows\System32\drivers\gfiark.sys
2012-11-07 02:31:34 -------- d-----w- C:\Users\Stephen\AppData\Local\{AE704BD6-A1D8-4DEF-85CF-CC30E0BB9B0B}
2012-11-02 21:22:12 108008 ----a-w- C:\Windows\System32\WindowsAccessBridge-64.dll
2012-11-02 21:21:40 95208 ----a-w- C:\Windows\SysWow64\WindowsAccessBridge-32.dll
2012-11-01 13:22:54 -------- d-----w- C:\Users\Stephen\AppData\Roaming\SQLUpdate
2012-11-01 13:21:59 -------- d-----w- C:\Users\Stephen\AppData\Roaming\SQLDriver
.
==================== Find3M ====================
.
2012-11-29 14:34:59 18960 ----a-w- C:\Windows\System32\drivers\LNonPnP.sys
2012-11-09 11:42:54 73656 ----a-w- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl
2012-11-09 11:42:54 697272 ----a-w- C:\Windows\SysWow64\FlashPlayerApp.exe
2012-11-02 21:22:09 916456 ----a-w- C:\Windows\System32\deployJava1.dll
2012-11-02 21:22:09 1034216 ----a-w- C:\Windows\System32\npDeployJava1.dll
2012-11-02 21:21:37 821736 ----a-w- C:\Windows\SysWow64\npDeployJava1.dll
2012-11-02 21:21:37 746984 ----a-w- C:\Windows\SysWow64\deployJava1.dll
2012-10-18 18:25:58 3149824 ----a-w- C:\Windows\System32\win32k.sys
2012-10-16 08:38:37 135168 ----a-w- C:\Windows\apppatch\AppPatch64\AcXtrnal.dll
2012-10-16 08:38:34 350208 ----a-w- C:\Windows\apppatch\AppPatch64\AcLayers.dll
2012-10-16 07:39:52 561664 ----a-w- C:\Windows\apppatch\AcLayers.dll
2012-10-09 18:17:13 55296 ----a-w- C:\Windows\System32\dhcpcsvc6.dll
2012-10-09 18:17:13 226816 ----a-w- C:\Windows\System32\dhcpcore6.dll
2012-10-09 17:40:31 44032 ----a-w- C:\Windows\SysWow64\dhcpcsvc6.dll
2012-10-09 17:40:31 193536 ----a-w- C:\Windows\SysWow64\dhcpcore6.dll
2012-10-08 11:31:03 2312704 ----a-w- C:\Windows\System32\jscript9.dll
2012-10-08 11:23:52 1392128 ----a-w- C:\Windows\System32\wininet.dll
2012-10-08 11:22:55 1494528 ----a-w- C:\Windows\System32\inetcpl.cpl
2012-10-08 11:18:22 173056 ----a-w- C:\Windows\System32\ieUnatt.exe
2012-10-08 11:17:35 599040 ----a-w- C:\Windows\System32\vbscript.dll
2012-10-08 11:13:33 2382848 ----a-w- C:\Windows\System32\mshtml.tlb
2012-10-08 07:56:24 1800704 ----a-w- C:\Windows\SysWow64\jscript9.dll
2012-10-08 07:48:03 1129472 ----a-w- C:\Windows\SysWow64\wininet.dll
2012-10-08 07:47:44 1427968 ----a-w- C:\Windows\SysWow64\inetcpl.cpl
2012-10-08 07:44:05 142848 ----a-w- C:\Windows\SysWow64\ieUnatt.exe
2012-10-08 07:43:21 420864 ----a-w- C:\Windows\SysWow64\vbscript.dll
2012-10-08 07:40:56 2382848 ----a-w- C:\Windows\SysWow64\mshtml.tlb
2012-10-03 17:56:54 1914248 ----a-w- C:\Windows\System32\drivers\tcpip.sys
2012-10-03 17:44:21 70656 ----a-w- C:\Windows\System32\nlaapi.dll
2012-10-03 17:44:21 303104 ----a-w- C:\Windows\System32\nlasvc.dll
2012-10-03 17:44:17 246272 ----a-w- C:\Windows\System32\netcorehc.dll
2012-10-03 17:44:17 18944 ----a-w- C:\Windows\System32\netevent.dll
2012-10-03 17:44:16 216576 ----a-w- C:\Windows\System32\ncsi.dll
2012-10-03 17:42:16 569344 ----a-w- C:\Windows\System32\iphlpsvc.dll
2012-10-03 16:42:24 18944 ----a-w- C:\Windows\SysWow64\netevent.dll
2012-10-03 16:42:24 175104 ----a-w- C:\Windows\SysWow64\netcorehc.dll
2012-10-03 16:42:23 156672 ----a-w- C:\Windows\SysWow64\ncsi.dll
2012-10-03 16:07:26 45568 ----a-w- C:\Windows\System32\drivers\tcpipreg.sys
2012-09-29 23:54:26 25928 ----a-w- C:\Windows\System32\drivers\mbam.sys
2012-09-26 20:55:59 337608 ----a-w- C:\Windows\System32\PROUnstl.exe
2012-09-26 20:55:36 316064 ----a-w- C:\Windows\System32\PRONtObj.dll
2012-09-26 20:55:35 162152 ----a-w- C:\Windows\System32\drivers\iANSW60e.sys
2012-09-25 22:47:43 78336 ----a-w- C:\Windows\SysWow64\synceng.dll
2012-09-25 22:46:17 95744 ----a-w- C:\Windows\System32\synceng.dll
2012-09-20 09:40:04 47496 ----a-w- C:\Windows\SysWow64\sbbd.exe
2012-09-20 09:40:04 47496 ----a-w- C:\Windows\System32\sbbd.exe
2012-09-20 09:11:58 86816 ----a-w- C:\Windows\System32\drivers\sbwtis.sys
2012-09-20 09:11:58 61216 ----a-w- C:\Windows\System32\drivers\sbhips.sys
2012-09-20 09:11:58 258848 ----a-w- C:\Windows\System32\drivers\SbFw.sys
2012-09-18 21:55:55 110602 ----a-w- C:\Windows\News Rover Uninstaller.exe
2012-09-14 19:19:29 2048 ----a-w- C:\Windows\System32\tzres.dll
2012-09-14 18:28:53 2048 ----a-w- C:\Windows\SysWow64\tzres.dll
2012-09-13 00:19:42 634560 ----a-w- C:\Windows\SysWow64\XceedZip.dll
2012-09-13 00:19:38 82872 ----a-w- C:\Windows\System32\drivers\sbapifs.sys
2012-09-13 00:19:34 120064 ----a-w- C:\Windows\System32\drivers\SbFwIm.sys
2012-09-10 23:42:20 499712 ----a-w- C:\Windows\SysWow64\msvcp71.dll
2012-09-10 23:42:20 348160 ----a-w- C:\Windows\SysWow64\msvcr71.dll
2012-09-10 23:42:20 29480 ----a-w- C:\Windows\SysWow64\msxml3a.dll
2012-08-31 18:19:35 1659760 ----a-w- C:\Windows\System32\drivers\ntfs.sys
.
============= FINISH: 10:26:04.28 ===============
-
.
UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
IF REQUESTED, ZIP IT UP & ATTACH IT
.
DDS (Ver_2012-11-20.01)
.
Microsoft Windows 7 Home Premium
Boot Device: \Device\HarddiskVolume2
Install Date: 9/10/2012 5:01:11 PM
System Uptime: 11/27/2012 9:22:27 AM (2 hours ago)
.
Motherboard: Gateway | | DX4870
Processor: Intel® Core i5-2320 CPU @ 3.00GHz | SOCKET 0 | 3001/100mhz
.
==== Disk Partitions =========================
.
C: is FIXED (NTFS) - 917 GiB total, 790.846 GiB free.
D: is CDROM (UDF)
E: is Removable
.
==== Disabled Device Manager Items =============
.
Class GUID: {4d36e972-e325-11ce-bfc1-08002be10318}
Description: 802.11n Wireless LAN Card
Device ID: PCI\VEN_1814&DEV_3090&SUBSYS_760111AD&REV_00\4&858F2F4&0&00E2
Manufacturer: Ralink Technology, Corp.
Name: 802.11n Wireless LAN Card
PNP Device ID: PCI\VEN_1814&DEV_3090&SUBSYS_760111AD&REV_00\4&858F2F4&0&00E2
Service: netr28x
.
Class GUID: {8ECC055D-047F-11D1-A537-0000F8753ED1}
Description: LogMeIn Kernel Information Provider
Device ID: ROOT\LEGACY_LMIINFO\0000
Manufacturer:
Name: LogMeIn Kernel Information Provider
PNP Device ID: ROOT\LEGACY_LMIINFO\0000
Service: LMIInfo
.
==== System Restore Points ===================
.
RP58: 11/15/2012 9:25:00 PM - Removed WinZip 17.0
RP59: 11/16/2012 10:10:17 AM - Windows Update
RP60: 11/18/2012 12:22:04 PM - Windows Update
RP61: 11/20/2012 8:00:43 AM - Removed Fooz Kids
RP62: 11/20/2012 8:01:38 AM - Removed Fooz Kids Platform
RP63: 11/20/2012 8:02:42 AM - Removed LogMeIn
RP64: 11/20/2012 8:05:59 AM - Removed Soda PDF 5
RP65: 11/26/2012 7:19:20 AM - Installed Camtasia Studio 8
.
==== Installed Programs ======================
.
Adobe AIR
Adobe Flash Player 11 ActiveX
Adobe Flash Player 11 Plugin
Adobe Reader X (10.1.4) MUI
Adobe Shockwave Player 11.6
Android SDK Tools
Best Buy pc app
Bing Bar
Bonjour
C5500n - C5800Ldn Series GDI Driver from OKI® Printing Solutions for Windows
CameraHelperMsi
Camtasia Studio 8
Cisco WebEx Meetings
CyberLink PowerDVD 10
D3DX10
doubleTwist
Dropbox
eReg
Evernote v. 4.5.10
ffdshow [rev 2527] [2008-12-19]
Galerie de photos Windows Live
Galería fotográfica de Windows Live
Gateway Recovery Management
Gateway Registration
Gateway ScreenSaver
Gateway Updater
Google Chrome
Google Drive
Google Talk Plugin
Google Update Helper
Google Voice
GoToMeeting 5.3.0.977
Hotkey Utility
HTC Sync
Identity Card
iLivid
Insync
Intel® Control Center
Intel® Management Engine Components
Intel® Network Connections 16.8.46.0
Intel® OpenCL CPU Runtime
Intel® Processor Graphics
Intel® Rapid Storage Technology
Intel® USB 3.0 eXtensible Host Controller Driver
Intel® Trusted Connect Service Client
Java 7 Update 9
Java 7 Update 9 (64-bit)
Java Auto Updater
Java SE Development Kit 7 Update 7 (64-bit)
join.me
Junk Mail filter update
jZip
Logitech SetPoint 6.32
Logitech Vid HD
Logitech Webcam Software
LWS Facebook
LWS Gallery
LWS Help_main
LWS Launcher
LWS Motion Detection
LWS Pictures And Video
LWS Twitter
LWS Video Mask Maker
LWS VideoEffects
LWS Webcam Software
LWS WLM Plugin
LWS YouTube Plugin
Malwarebytes Anti-Malware version 1.65.1.1000
Mesh Runtime
Microsoft .NET Framework 4 Client Profile
Microsoft Application Error Reporting
Microsoft Office 2010
Microsoft Office Click-to-Run 2010
Microsoft Office Starter 2010 - English
Microsoft Silverlight
Microsoft SQL Server 2005 Compact Edition [ENU]
Microsoft SQL Server Compact 3.5 SP2 ENU
Microsoft SQL Server Compact 3.5 SP2 x64 ENU
Microsoft Visual C++ 2005 Redistributable
Microsoft Visual C++ 2005 Redistributable (x64)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
Microsoft Visual C++ 2010 x64 Redistributable - 10.0.30319
Microsoft Visual C++ 2010 x86 Redistributable - 10.0.30319
Mozilla Firefox 17.0 (x86 en-US)
Mozilla Maintenance Service
MSVCRT
MSVCRT_amd64
MSXML 4.0 SP2 (KB954430)
MSXML 4.0 SP2 (KB973688)
MSXML 4.0 SP3 Parser
MSXML 4.0 SP3 Parser (KB2721691)
Music Manager
Neat
Neat ADF Scanner 2008 Driver
Neat ADF Scanner Driver
Neat Core Files
Neat Mobile Scanner (Silver) Driver
Neat Mobile Scanner 2008 Driver
Neat Mobile Scanner Driver
Nero BackItUp 10
Nero BackItUp 10 Help (CHM)
Nero Control Center 10
Nero ControlCenter 10 Help (CHM)
Nero Core Components 10
Nero DiscSpeed 10
Nero DiscSpeed 10 Help (CHM)
Nero Express 10
Nero Express 10 Help (CHM)
Nero Multimedia Suite 10 Essentials
Nero RescueAgent 10
Nero RescueAgent 10 Help (CHM)
Nero StartSmart 10
Nero StartSmart 10 Help (CHM)
Nero Update
News Rover -- Usenet newsreader
Opera 12.11
Package: Samsung Galaxy S3 ToolKit
PDFlite 0.8
RateWatch
Realtek High Definition Audio Driver
RedMon - Redirection Port Monitor
SAMSUNG USB Driver for Mobile Phones
Security Update for CAPICOM (KB931906)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2604121)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2656351)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2656368v2)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2656405)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2686827)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2729449)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2737019)
Send To Neat
Skype Click to Call
Skype™ 6.0
Soda PDF OCR
Spybot - Search & Destroy
swMSM
Torch
TweetDeck
Update for Microsoft .NET Framework 4 Client Profile (KB2468871)
Update for Microsoft .NET Framework 4 Client Profile (KB2533523)
Update for Microsoft .NET Framework 4 Client Profile (KB2600217)
VIPRE Internet Security
VLC media player 2.0.1
Welcome Center
Windows Live
Windows Live Communications Platform
Windows Live Essentials
Windows Live Galeria de Fotos
Windows Live ID Sign-in Assistant
Windows Live Installer
Windows Live Language Selector
Windows Live Mail
Windows Live Mesh
Windows Live Messenger
Windows Live MIME IFilter
Windows Live Movie Maker
Windows Live Photo Common
Windows Live Photo Gallery
Windows Live PIMT Platform
Windows Live Remote Client
Windows Live Remote Client Resources
Windows Live Remote Service
Windows Live Remote Service Resources
Windows Live SOXE
Windows Live SOXE Definitions
Windows Live UX Platform
Windows Live UX Platform Language Pack
Windows Live Writer
Windows Live Writer Resources
Windows XP Mode
XChat 2 (remove only)
.
==== Event Viewer Messages From Past Week ========
.
11/27/2012 9:22:43 AM, Error: Service Control Manager [7000] - The LogMeIn Kernel Information Provider service failed to start due to the following error:
The system cannot find the path specified.
11/27/2012 11:14:19 AM, Error: bowser [8003] - The master browser has received a server announcement from the computer DELLDESKTOP that believes that it is
the master browser for the domain on transport NetBT_Tcpip_{0AE144C0-F63A-4C16-BAA1-A0267DC4DD46}. The master browser is stopping or an election is being
forced.
11/21/2012 8:16:22 PM, Error: bowser [8003] - The master browser has received a server announcement from the computer YOMAMMA-PC that believes that it is
the master browser for the domain on transport NetBT_Tcpip_{0AE144C0-F63A-4C16-BAA1-A0267DC4DD46}. The master browser is stopping or an election is being
forced.
11/21/2012 12:29:24 PM, Error: Microsoft-Windows-Bits-Client [16398] - A new BITS job could not be created. The current job count for the user GatewayWork
\Stephen (60) is equal to or greater than the job limit (60) specified through group policy. To correct the problem, complete or cancel the BITS jobs that
haven't made progress by looking at the error, and restart the BITS service. If this error recurs, contact your system administrator and increate the per-
user and per-computer Group Policy job limits.
11/21/2012 10:12:16 PM, Error: Service Control Manager [7030] - The PEVSystemStart service is marked as an interactive service. However, the system is
configured to not allow interactive services. This service may not function properly.
11/21/2012 10:11:52 PM, Error: Application Popup [1060] - \??\C:\ComboFix\catchme.sys has been blocked from loading due to incompatibility with this system.
Please contact your software vendor for a compatible version of the driver.
11/21/2012 10:07:30 PM, Error: Service Control Manager [7034] - The Skype C2C Service service terminated unexpectedly. It has done this 1 time(s).
.
==== End Of File ===========================
DDS (Ver_2012-11-20.01) - NTFS_AMD64
Internet Explorer: 9.0.8112.16455 BrowserJavaVersion: 10.9.2
Run by Stephen at 11:31:19 on 2012-11-27
Microsoft Windows 7 Home Premium 6.1.7601.1.1252.1.1033.18.8071.5062 [GMT -5:00]
.
AV: GFI Software VIPRE *Enabled/Updated* {E0D97DD4-42BA-B3F2-A5A7-22E9ACE81FC7}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
SP: GFI Software VIPRE *Enabled/Updated* {5BB89C30-6480-BC7C-9F17-199BD76F557A}
FW: GFI Software VIPRE *Enabled* {D8E2FCF1-08D5-B2AA-8EF8-8BDC523B58BC}
.
============== Running Processes ===============
.
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\VPDAgent_x64.exe
C:\Windows\system32\svchost.exe -k RPCSS
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Program Files (x86)\Common Files\logishrd\LVMVFM\UMVPFSrv.exe
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
C:\Program Files (x86)\Microsoft\BingBar\SeaPort.EXE
C:\Program Files (x86)\Bonjour\mDNSResponder.exe
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Program Files (x86)\GFI Software\VIPRE\LanGuard 10 Agent\lnssatt.exe
C:\Program Files (x86)\Gateway\Registration\GREGsvc.exe
C:\Program Files\Intel\iCLS Client\HeciServer.exe
C:\Windows\system32\IProsetMonitor.exe
C:\Windows\system32\taskhost.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Program Files (x86)\Intel\Intel® Management Engine Components\DAL\jhi_service.exe
C:\Program Files (x86)\Google\Update\1.3.21.123\GoogleCrashHandler.exe
C:\Program Files\Gateway\Gateway Updater\UpdaterService.exe
C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe
C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe
C:\Program Files (x86)\GFI Software\VIPRE\SBPIMSvc.exe
C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe
C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe
C:\ProgramData\Skype\Toolbars\Skype C2C Service\c2c_service.exe
C:\Windows\system32\svchost.exe -k imgsvc
C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe
C:\Program Files (x86)\Google\Update\1.3.21.123\GoogleCrashHandler64.exe
C:\Program Files (x86)\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\Windows\System32\WUDFHost.exe
C:\Windows\System32\igfxtray.exe
C:\Windows\System32\hkcmd.exe
C:\Windows\System32\igfxpers.exe
C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
C:\Program Files\Logitech\SetPointP\SetPoint.exe
C:\Program Files (x86)\Google\Drive\googledrivesync.exe
C:\Program Files\Common Files\LogiShrd\KHAL3\KHALMNPR.EXE
C:\Program Files (x86)\Google\Drive\googledrivesync.exe
C:\Users\Stephen\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Windows\system32\SearchIndexer.exe
C:\Users\Stephen\AppData\Local\Programs\Google\MusicManager\MusicManager.exe
C:\Program Files (x86)\Spybot - Search & Destroy\TeaTimer.exe
C:\Program Files (x86)\Evernote\Evernote\EvernoteClipper.exe
C:\Users\Stephen\AppData\Roaming\Insync\App\Insync.exe
C:\Program Files (x86)\Intel\Intel® USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe
C:\Program Files (x86)\GFI Software\VIPRE\SBAMTray.exe
C:\Users\Stephen\AppData\Roaming\SQLDriver\SQLDriver.exe
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\Program Files (x86)\GFI Software\VIPRE\SBAMSvc.exe
C:\Program Files (x86)\GFI Software\VIPRE\LanGuard 10 Agent\Mantle.exe
C:\Windows\System32\svchost.exe -k LocalServicePeerNet
C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe
C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe
C:\Program Files (x86)\Nero\Update\NASvc.exe
C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe
C:\Users\Stephen\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Stephen\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Stephen\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Stephen\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Stephen\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Stephen\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Stephen\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Stephen\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Stephen\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Stephen\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Stephen\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Stephen\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Stephen\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Stephen\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Stephen\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Stephen\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Stephen\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Stephen\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Stephen\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Stephen\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Stephen\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Stephen\AppData\Local\Google\Google Talk Plugin\googletalkplugin.exe
C:\Program Files (x86)\Skype\Phone\Skype.exe
C:\Program Files (x86)\RateWatch\RateWatch.exe
C:\Program Files (x86)\Evernote\Evernote\Evernote.exe
C:\Program Files (x86)\Evernote\Evernote\EvernoteTray.exe
C:\Users\Stephen\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Windows\system32\SearchProtocolHost.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Windows\System32\cscript.exe
.
============== Pseudo HJT Report ===============
.
uStart Page = hxxp://www.bing.com/?pc=MAGW
mStart Page = hxxp://www.bing.com/?pc=MAGW
mDefault_Page_URL = hxxp://www.bing.com/?pc=MAGW
BHO: Adobe PDF Link Helper: {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
BHO: Spybot-S&D IE Protection: {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files (x86)\Spybot - Search & Destroy\SDHelper.dll
BHO: PodcastBHO Class: {65134FDF-F8A5-4B3D-91D9-CDF273CFD578} - C:\Program Files (x86)\Common Files\doubleTwist\IEPodcastPlugin.dll
BHO: Java Plug-In SSV Helper: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll
BHO: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live
\WindowsLiveLogin.dll
BHO: Skype Browser Helper: {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
BHO: Bing Bar Helper: {d2ce3e00-f94a-4740-988e-03dc2f38c34f} -
BHO: Java Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll
TB: Bing Bar: {8dcb7100-df86-4384-8842-8fa844297b3f} -
uRun: [GoogleDriveSync] "C:\Program Files (x86)\Google\Drive\googledrivesync.exe" /autostart
uRun: [57AD0B2C9906DFDBF54DD87E02C3DCFDD7598BCD._service_run] "C:\Users\Stephen\AppData\Local\Google\Chrome\Application\chrome.exe" --type=service
uRun: [sqlDriver] C:\Users\Stephen\AppData\Roaming\SQLDriver\SQLDriver.exe
uRun: [MusicManager] "C:\Users\Stephen\AppData\Local\Programs\Google\MusicManager\MusicManager.exe"
uRun: [spybotSD TeaTimer] C:\Program Files (x86)\Spybot - Search & Destroy\TeaTimer.exe
mRun: [uSB3MON] "C:\Program Files (x86)\Intel\Intel® USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe"
mRun: [sBAMTray] "C:\Program Files (x86)\GFI Software\VIPRE\SBAMTray.exe"
StartupFolder: C:\Users\Stephen\AppData\Roaming\MICROS~1\Windows\STARTM~1\Programs\Startup\EVERNO~1.LNK - C:\Program Files (x86)\Evernote\Evernote
\EvernoteClipper.exe
StartupFolder: C:\Users\Stephen\AppData\Roaming\MICROS~1\Windows\STARTM~1\Programs\Startup\Insync.lnk - C:\Users\Stephen\AppData\Roaming\Insync\App
\Insync.exe
uPolicies-Explorer: NoDrives = dword:0
mPolicies-Explorer: NoDrives = dword:0
mPolicies-System: ConsentPromptBehaviorAdmin = dword:5
mPolicies-System: ConsentPromptBehaviorUser = dword:3
mPolicies-System: EnableUIADesktopToggle = dword:0
IE: Add to Evernote 4.0 - C:\Program Files (x86)\Evernote\Evernote\EvernoteIE.dll/204
IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll
IE: {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer
\skypeieplugin.dll
IE: {A95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\Program Files (x86)\Evernote\Evernote\EvernoteIE.dll/204
IE: {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files (x86)\Spybot - Search & Destroy\SDHelper.dll
.
INFO: HKCU has more than 50 listed domains.
If you wish to scan all of them, select the 'Force scan all domains' option.
.
TCP: NameServer = 192.168.13.1
TCP: Interfaces\{0AE144C0-F63A-4C16-BAA1-A0267DC4DD46} : DHCPNameServer = 192.168.13.1
TCP: Interfaces\{B539F6E0-F6DF-4C88-B72B-2917B5C7AC86} : DHCPNameServer = 192.168.43.1
TCP: Interfaces\{B539F6E0-F6DF-4C88-B72B-2917B5C7AC86}\3516E6964716279657D6 : DHCPNameServer = 192.168.13.1
TCP: Interfaces\{B539F6E0-F6DF-4C88-B72B-2917B5C7AC86}\46F6D656E6963696 : DHCPNameServer = 75.75.75.75 75.75.76.76
Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll
Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files (x86)\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll
SSODL: WebCheck - <orphaned>
mASetup: Neat ADF Scanner 2008 - reg copy "HKLM\Software\Wow6432Node\The Neat Company\Neat ADF Scanner 2008" "HKCU\Software\The Neat Company\Neat ADF Scanner
2008" /s /f
x64-mStart Page = hxxp://www.bing.com/?pc=MAGW
x64-BHO: Java Plug-In SSV Helper: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre7\bin\ssv.dll
x64-BHO: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live
\WindowsLiveLogin.dll
x64-BHO: Skype add-on for Internet Explorer: {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer
x64\skypeieplugin.dll
x64-BHO: Java Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll
x64-Run: [igfxTray] C:\Windows\System32\igfxtray.exe
x64-Run: [HotKeysCmds] C:\Windows\System32\hkcmd.exe
x64-Run: [Persistence] C:\Windows\System32\igfxpers.exe
x64-Run: [RTHDVCPL] C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe -s
x64-Run: [EvtMgr6] C:\Program Files\Logitech\SetPointP\SetPoint.exe /launchGaming
x64-Run: [LogMeIn GUI] "C:\Program Files (x86)\LogMeIn\x64\LogMeInSystray.exe"
x64-IE: {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer
x64\skypeieplugin.dll
x64-Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll
x64-Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - <orphaned>
x64-Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - <orphaned>
x64-Notify: igfxcui - igfxdev.dll
x64-Notify: LBTWlgn - c:\program files\common files\logishrd\bluetooth\LBTWlgn.dll
x64-mASetup: Send To Neat - reg copy "HKLM\Software\The Neat Company\Send To Neat" "HKCU\Software\The Neat Company\Send To Neat" /s /f
.
================= FIREFOX ===================
.
FF - ProfilePath - C:\Users\Stephen\AppData\Roaming\Mozilla\Firefox\Profiles\t9nc1ggn.default\
FF - prefs.js: browser.search.selectedEngine - Yahoo (By Genieo)
FF - prefs.js: browser.startup.homepage - hxxp://yahoo.genieo.com/?v=w3i8
FF - prefs.js: keyword.URL - hxxp://us.yhs4.search.yahoo.com/yhs/search?hspart=w3i&hsimp=yhs-
geneiotransfer&type=W3i_IA,206,0_0,StartPage,20120102,18482,0,0,6434&p=
FF - plugin: C:\PROGRA~2\MICROS~4\Office14\NPSPWRAP.DLL
FF - plugin: C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll
FF - plugin: C:\Program Files (x86)\Common Files\doubleTwist\NPPodcast.dll
FF - plugin: C:\Program Files (x86)\Google\Update\1.3.21.123\npGoogleUpdate3.dll
FF - plugin: C:\Program Files (x86)\Intel\Intel® Management Engine Components\IPT\npIntelWebAPIIPT.dll
FF - plugin: C:\Program Files (x86)\Intel\Intel® Management Engine Components\IPT\npIntelWebAPIUpdater.dll
FF - plugin: C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll
FF - plugin: c:\Program Files (x86)\Microsoft Silverlight\4.1.10329.0\npctrlui.dll
FF - plugin: C:\Program Files (x86)\PDFlite\npPdfViewer.dll
FF - plugin: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll
FF - plugin: C:\ProgramData\Best Buy pc app\npBestBuyPcAppDetector.dll
FF - plugin: C:\Users\Stephen\AppData\Local\Google\Update\1.3.21.123\npGoogleUpdate3.dll
FF - plugin: C:\Users\Stephen\AppData\Roaming\Mozilla\plugins\npgoogletalk.dll
FF - plugin: C:\Users\Stephen\AppData\Roaming\Mozilla\plugins\npgtpo3dautoplugin.dll
FF - plugin: C:\Windows\System32\Wat\npWatWeb.dll
FF - plugin: C:\Windows\SysWOW64\Adobe\Director\np32dsw_1168638.dll
FF - plugin: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_5_502_110.dll
FF - plugin: C:\Windows\SysWOW64\npDeployJava1.dll
FF - plugin: C:\Windows\SysWOW64\npmproxy.dll
FF - ExtSQL: 2012-11-16 16:28; jid0-HZ5UvAEiWWAxT9TKLuhEgUCARqo@jetpack; C:\Users\Stephen\AppData\Roaming\Mozilla\Firefox\Profiles\t9nc1ggn.default
\extensions\jid0-HZ5UvAEiWWAxT9TKLuhEgUCARqo@jetpack.xpi
.
============= SERVICES / DRIVERS ===============
.
R0 iusb3hcs;Intel® USB 3.0 Host Controller Switch Driver;C:\Windows\System32\drivers\iusb3hcs.sys [2012-4-5 16152]
R1 SbFw;SbFw;C:\Windows\System32\drivers\SbFw.sys [2012-9-11 258848]
R2 Agent;VPDAgent;C:\Windows\VPDAgent_x64.exe [2012-11-12 148480]
R2 BBUpdate;BBUpdate;C:\Program Files (x86)\Microsoft\BingBar\SeaPort.EXE [2011-5-12 249648]
R2 cvhsvc;Client Virtualization Handler;C:\Program Files (x86)\Common Files\microsoft shared\Virtualization Handler\CVHSVC.EXE [2012-1-4 822624]
R2 gfi_lanss10_attservice;GFI LanGuard 10 Attendant Service;C:\Program Files (x86)\GFI Software\VIPRE\LanGuard 10 Agent\lnssatt.exe [2012-9-12 115568]
R2 GREGService;GREGService;C:\Program Files (x86)\Gateway\Registration\GREGsvc.exe [2012-2-29 28264]
R2 IAStorDataMgrSvc;Intel® Rapid Storage Technology;C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe [2012-9-10 13592]
R2 Intel® Capability Licensing Service Interface;Intel® Capability Licensing Service Interface;C:\Program Files\Intel\iCLS Client\HeciServer.exe [2012-2
-3 628448]
R2 Intel® PROSet Monitoring Service;Intel® PROSet Monitoring Service;C:\Windows\System32\IPROSetMonitor.exe [2012-9-26 189608]
R2 iPodDrv;iPodDrv;C:\Windows\System32\drivers\iPodDrv.sys [2011-7-27 14952]
R2 jhi_service;Intel® Dynamic Application Loader Host Interface Service;C:\Program Files (x86)\Intel\Intel® Management Engine Components\DAL
\Jhi_service.exe [2012-9-10 161560]
R2 Live Updater Service;Live Updater Service;C:\Program Files\Gateway\Gateway Updater\UpdaterService.exe [2012-4-5 255376]
R2 LMIRfsDriver;LogMeIn Remote File System Driver;C:\Windows\System32\drivers\LMIRfsDriver.sys [2012-10-3 72216]
R2 MBAMScheduler;MBAMScheduler;C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe [2012-9-15 399432]
R2 MBAMService;MBAMService;C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [2012-9-15 676936]
R2 NAUpdate;Nero Update;C:\Program Files (x86)\Nero\Update\NASvc.exe [2011-3-29 598312]
R2 SBAMSvc;VIPRE Internet Security;C:\Program Files (x86)\GFI Software\VIPRE\SBAMSvc.exe [2012-9-20 3677000]
R2 sbapifs;sbapifs;C:\Windows\System32\drivers\sbapifs.sys [2012-9-12 82872]
R2 SBPIMSvc;SB Recovery Service;C:\Program Files (x86)\GFI Software\VIPRE\SBPIMSvc.exe [2012-9-20 175496]
R2 sftlist;Application Virtualization Client;C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe [2011-10-1 508776]
R2 Skype C2C Service;Skype C2C Service;C:\ProgramData\Skype\Toolbars\Skype C2C Service\c2c_service.exe [2012-10-2 3064000]
R2 UMVPFSrv;UMVPFSrv;C:\Program Files (x86)\Common Files\LogiShrd\LVMVFM\UMVPFSrv.exe [2012-1-18 450848]
R2 UNS;Intel® Management and Security Application User Notification Service;C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe
[2012-9-10 363800]
R3 IntcDAud;Intel® Display Audio;C:\Windows\System32\drivers\IntcDAud.sys [2012-4-5 331264]
R3 iusb3hub;Intel® USB 3.0 Hub Driver;C:\Windows\System32\drivers\iusb3hub.sys [2012-4-5 355096]
R3 iusb3xhc;Intel® USB 3.0 eXtensible Host Controller Driver;C:\Windows\System32\drivers\iusb3xhc.sys [2012-4-5 785688]
R3 LVRS64;Logitech RightSound Filter Driver;C:\Windows\System32\drivers\lvrs64.sys [2012-1-18 351136]
R3 LVUVC64;Logitech HD Webcam C310(UVC);C:\Windows\System32\drivers\lvuvc64.sys [2012-1-18 4865568]
R3 MBAMProtector;MBAMProtector;C:\Windows\System32\drivers\mbam.sys [2012-9-15 25928]
R3 SBFWIMCLMP;GFI Software Firewall NDIS IM Filter Miniport;C:\Windows\System32\drivers\SbFwIm.sys [2012-9-11 120064]
R3 sbwtis;sbwtis;C:\Windows\System32\drivers\sbwtis.sys [2012-9-20 86816]
R3 Sftfs;Sftfs;C:\Windows\System32\drivers\Sftfslh.sys [2011-10-1 764264]
R3 Sftplay;Sftplay;C:\Windows\System32\drivers\Sftplaylh.sys [2011-10-1 268648]
R3 Sftredir;Sftredir;C:\Windows\System32\drivers\Sftredirlh.sys [2011-10-1 25960]
R3 Sftvol;Sftvol;C:\Windows\System32\drivers\Sftvollh.sys [2011-10-1 22376]
R3 sftvsa;Application Virtualization Service Agent;C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe [2011-10-1 219496]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-3-18
138576]
S2 SkypeUpdate;Skype Updater;C:\Program Files (x86)\Skype\Updater\Updater.exe [2012-10-19 160944]
S3 BBSvc;Bing Bar Update Service;C:\Program Files (x86)\Microsoft\BingBar\BBSvc.EXE [2011-6-7 191752]
S3 dg_ssudbus;SAMSUNG Mobile USB Composite Device Driver (DEVGURU Ver.);C:\Windows\System32\drivers\ssudbus.sys [2012-7-30 102240]
S3 gfiark;gfiark;C:\Windows\System32\drivers\gfiark.sys [2012-11-8 35456]
S3 netr28x;Ralink 802.11n Extensible Wireless Driver;C:\Windows\System32\drivers\netr28x.sys [2012-4-5 1488448]
S3 pneteth;PdaNet Broadband;C:\Windows\System32\drivers\pneteth.sys [2012-9-15 15360]
S3 SBFWIMCL;GFI Software Firewall NDIS IM Filter Service;C:\Windows\System32\drivers\SbFwIm.sys [2012-9-11 120064]
S3 SbHips;SbHips;C:\Windows\System32\drivers\sbhips.sys [2012-9-11 61216]
S3 ssudmdm;SAMSUNG Mobile USB Modem Drivers (DEVGURU Ver.);C:\Windows\System32\drivers\ssudmdm.sys [2012-7-30 203104]
S3 TsUsbFlt;TsUsbFlt;C:\Windows\System32\drivers\TsUsbFlt.sys [2010-11-20 59392]
S3 TsUsbGD;Remote Desktop Generic USB Device;C:\Windows\System32\drivers\TsUsbGD.sys [2010-11-20 31232]
S3 WatAdminSvc;Windows Activation Technologies Service;C:\Windows\System32\Wat\WatAdminSvc.exe [2012-9-12 1255736]
S4 wlcrasvc;Windows Live Mesh remote connections service;C:\Program Files\Windows Live\Mesh\wlcrasvc.exe [2010-9-22 57184]
.
=============== Created Last 30 ================
.
2012-11-26 12:22:23 -------- d-----w- C:\Users\Stephen\AppData\Local\TechSmith
2012-11-26 12:22:16 -------- d-----w- C:\Users\Stephen\AppData\Roaming\TechSmith
2012-11-26 12:20:45 -------- d-----w- C:\Program Files (x86)\Common Files\TechSmith Shared
2012-11-26 04:59:10 -------- d-----w- C:\Users\Stephen\AppData\Local\Torch
2012-11-26 04:56:45 -------- d-----w- C:\Users\Stephen\AppData\Local\iLivid
2012-11-23 16:02:45 262112 ----a-w- C:\Program Files (x86)\Mozilla Firefox\components\browsercomps.dll
2012-11-23 15:21:58 -------- d-sh--w- C:\$RECYCLE.BIN
2012-11-16 15:14:01 785512 ----a-w- C:\Windows\System32\drivers\Wdf01000.sys
2012-11-16 15:14:01 2560 ----a-w- C:\Windows\System32\drivers\en-US\wdf01000.sys.mui
2012-11-16 15:14:00 9728 ----a-w- C:\Windows\System32\Wdfres.dll
2012-11-16 15:14:00 54376 ----a-w- C:\Windows\System32\drivers\WdfLdr.sys
2012-11-16 15:10:36 87040 ----a-w- C:\Windows\System32\drivers\WUDFPf.sys
2012-11-16 15:10:36 84992 ----a-w- C:\Windows\System32\WUDFSvc.dll
2012-11-16 15:10:36 744448 ----a-w- C:\Windows\System32\WUDFx.dll
2012-11-16 15:10:36 45056 ----a-w- C:\Windows\System32\WUDFCoinstaller.dll
2012-11-16 15:10:36 229888 ----a-w- C:\Windows\System32\WUDFHost.exe
2012-11-16 15:10:36 198656 ----a-w- C:\Windows\System32\drivers\WUDFRd.sys
2012-11-16 15:10:36 194048 ----a-w- C:\Windows\System32\WUDFPlatform.dll
2012-11-12 23:49:25 87040 ----a-w- C:\Windows\System32\redmonnt.dll
2012-11-12 23:49:25 46080 ----a-w- C:\Windows\System32\unredmon.exe
2012-11-12 23:49:23 -------- d-----w- C:\Program Files (x86)\PDFlite
2012-11-12 23:39:20 148480 ----a-w- C:\Windows\VPDAgent_x64.exe
2012-11-12 23:39:19 -------- d-----w- C:\Program Files\Send To Neat
2012-11-12 23:39:15 54784 ----a-w- C:\Windows\System32\sdtnpm.dll
2012-11-12 14:56:17 -------- d-----w- C:\ProgramData\Spybot - Search & Destroy
2012-11-12 14:56:17 -------- d-----w- C:\Program Files (x86)\Spybot - Search & Destroy
2012-11-12 14:49:41 -------- d-----w- C:\Users\Stephen\AppData\Local\jZip
2012-11-12 14:49:29 -------- d-----w- C:\Program Files (x86)\jZip
2012-11-09 16:32:42 -------- d-----w- C:\Users\Stephen\AppData\Local\join.me
2012-11-08 09:00:00 35456 ----a-w- C:\Windows\System32\drivers\gfiark.sys
2012-11-07 02:31:34 -------- d-----w- C:\Users\Stephen\AppData\Local\{AE704BD6-A1D8-4DEF-85CF-CC30E0BB9B0B}
2012-11-02 21:22:12 108008 ----a-w- C:\Windows\System32\WindowsAccessBridge-64.dll
2012-11-02 21:21:40 95208 ----a-w- C:\Windows\SysWow64\WindowsAccessBridge-32.dll
2012-11-01 13:22:54 -------- d-----w- C:\Users\Stephen\AppData\Roaming\SQLUpdate
2012-11-01 13:21:59 -------- d-----w- C:\Users\Stephen\AppData\Roaming\SQLDriver
2012-10-29 20:48:01 -------- d-----w- C:\Users\Stephen\AppData\Local\{1F5F75BD-DA1C-48BA-881B-0D511F7F4C11}
2012-10-29 00:11:07 -------- d-----w- C:\Program Files (x86)\Common Files\PC Tools
.
==================== Find3M ====================
.
2012-11-09 11:42:54 73656 ----a-w- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl
2012-11-09 11:42:54 697272 ----a-w- C:\Windows\SysWow64\FlashPlayerApp.exe
2012-11-02 21:22:09 916456 ----a-w- C:\Windows\System32\deployJava1.dll
2012-11-02 21:22:09 1034216 ----a-w- C:\Windows\System32\npDeployJava1.dll
2012-11-02 21:21:37 821736 ----a-w- C:\Windows\SysWow64\npDeployJava1.dll
2012-11-02 21:21:37 746984 ----a-w- C:\Windows\SysWow64\deployJava1.dll
2012-10-30 19:16:46 18960 ----a-w- C:\Windows\System32\drivers\LNonPnP.sys
2012-10-18 18:25:58 3149824 ----a-w- C:\Windows\System32\win32k.sys
2012-10-09 18:17:13 55296 ----a-w- C:\Windows\System32\dhcpcsvc6.dll
2012-10-09 18:17:13 226816 ----a-w- C:\Windows\System32\dhcpcore6.dll
2012-10-09 17:40:31 44032 ----a-w- C:\Windows\SysWow64\dhcpcsvc6.dll
2012-10-09 17:40:31 193536 ----a-w- C:\Windows\SysWow64\dhcpcore6.dll
2012-10-08 11:31:03 2312704 ----a-w- C:\Windows\System32\jscript9.dll
2012-10-08 11:23:52 1392128 ----a-w- C:\Windows\System32\wininet.dll
2012-10-08 11:22:55 1494528 ----a-w- C:\Windows\System32\inetcpl.cpl
2012-10-08 11:18:22 173056 ----a-w- C:\Windows\System32\ieUnatt.exe
2012-10-08 11:17:35 599040 ----a-w- C:\Windows\System32\vbscript.dll
2012-10-08 11:13:33 2382848 ----a-w- C:\Windows\System32\mshtml.tlb
2012-10-08 07:56:24 1800704 ----a-w- C:\Windows\SysWow64\jscript9.dll
2012-10-08 07:48:03 1129472 ----a-w- C:\Windows\SysWow64\wininet.dll
2012-10-08 07:47:44 1427968 ----a-w- C:\Windows\SysWow64\inetcpl.cpl
2012-10-08 07:44:05 142848 ----a-w- C:\Windows\SysWow64\ieUnatt.exe
2012-10-08 07:43:21 420864 ----a-w- C:\Windows\SysWow64\vbscript.dll
2012-10-08 07:40:56 2382848 ----a-w- C:\Windows\SysWow64\mshtml.tlb
2012-10-03 17:56:54 1914248 ----a-w- C:\Windows\System32\drivers\tcpip.sys
2012-10-03 17:44:21 70656 ----a-w- C:\Windows\System32\nlaapi.dll
2012-10-03 17:44:21 303104 ----a-w- C:\Windows\System32\nlasvc.dll
2012-10-03 17:44:17 246272 ----a-w- C:\Windows\System32\netcorehc.dll
2012-10-03 17:44:17 18944 ----a-w- C:\Windows\System32\netevent.dll
2012-10-03 17:44:16 216576 ----a-w- C:\Windows\System32\ncsi.dll
2012-10-03 17:42:16 569344 ----a-w- C:\Windows\System32\iphlpsvc.dll
2012-10-03 16:42:24 18944 ----a-w- C:\Windows\SysWow64\netevent.dll
2012-10-03 16:42:24 175104 ----a-w- C:\Windows\SysWow64\netcorehc.dll
2012-10-03 16:42:23 156672 ----a-w- C:\Windows\SysWow64\ncsi.dll
2012-10-03 16:07:26 45568 ----a-w- C:\Windows\System32\drivers\tcpipreg.sys
2012-09-29 23:54:26 25928 ----a-w- C:\Windows\System32\drivers\mbam.sys
2012-09-26 20:55:59 337608 ----a-w- C:\Windows\System32\PROUnstl.exe
2012-09-26 20:55:36 316064 ----a-w- C:\Windows\System32\PRONtObj.dll
2012-09-26 20:55:35 162152 ----a-w- C:\Windows\System32\drivers\iANSW60e.sys
2012-09-25 22:47:43 78336 ----a-w- C:\Windows\SysWow64\synceng.dll
2012-09-25 22:46:17 95744 ----a-w- C:\Windows\System32\synceng.dll
2012-09-20 09:40:04 47496 ----a-w- C:\Windows\SysWow64\sbbd.exe
2012-09-20 09:40:04 47496 ----a-w- C:\Windows\System32\sbbd.exe
2012-09-20 09:11:58 86816 ----a-w- C:\Windows\System32\drivers\sbwtis.sys
2012-09-20 09:11:58 61216 ----a-w- C:\Windows\System32\drivers\sbhips.sys
2012-09-20 09:11:58 258848 ----a-w- C:\Windows\System32\drivers\SbFw.sys
2012-09-18 21:55:55 110602 ----a-w- C:\Windows\News Rover Uninstaller.exe
2012-09-14 19:19:29 2048 ----a-w- C:\Windows\System32\tzres.dll
2012-09-14 18:28:53 2048 ----a-w- C:\Windows\SysWow64\tzres.dll
2012-09-13 00:19:42 634560 ----a-w- C:\Windows\SysWow64\XceedZip.dll
2012-09-13 00:19:38 82872 ----a-w- C:\Windows\System32\drivers\sbapifs.sys
2012-09-13 00:19:34 120064 ----a-w- C:\Windows\System32\drivers\SbFwIm.sys
2012-09-10 23:42:20 499712 ----a-w- C:\Windows\SysWow64\msvcp71.dll
2012-09-10 23:42:20 348160 ----a-w- C:\Windows\SysWow64\msvcr71.dll
2012-09-10 23:42:20 29480 ----a-w- C:\Windows\SysWow64\msxml3a.dll
2012-08-31 18:19:35 1659760 ----a-w- C:\Windows\System32\drivers\ntfs.sys
2012-08-30 18:03:45 5559664 ----a-w- C:\Windows\System32\ntoskrnl.exe
2012-08-30 17:12:02 3968880 ----a-w- C:\Windows\SysWow64\ntkrnlpa.exe
2012-08-30 17:12:02 3914096 ----a-w- C:\Windows\SysWow64\ntoskrnl.exe
.
============= FINISH: 11:31:44.92 ===============
-
I've downloaded and installed viper. Viper is up to date & purchased. I've uninstalled norton as well. Reboot in a minute....
-
Yes it came w/ trial version of Norton Internet Security... 60 day trial... not using it.... using viper internet security....
-
I connected w/ gateway tech support & they guided me through the formatting process installed on the computer. Included in the restore process is the applications I that came w/ the system out of the box.
Thank you for all your help.
Completed.
-
-
Maurice, thank you for the advice.... I have no choice but format my hard drive. One question for you, this is a new computer (purchased in july) & it came with MS Word & MS Excel starter programs with advert's and limited functionality. Do you know if this back I'm creating will back this information up?
Thank you again for all your help, I look forward to your response.
-
RogueKiller V8.0.2 [08/31/2012] by Tigzy
mail: tigzyRK<at>gmail<dot>com
Feedback: http://www.geekstogo.com/forum/files/file/413-roguekiller/
Blog: http://tigzyrk.blogspot.com
Operating System: Windows 7 (6.1.7601 Service Pack 1) 64 bits version
Started in : Normal mode
User : Stephen Office [Admin rights]
Mode : Remove -- Date : 09/08/2012 16:15:00
¤¤¤ Bad processes : 0 ¤¤¤
¤¤¤ Registry Entries : 10 ¤¤¤
[RUN][sUSP PATH] HKCU\[...]\Run : Snapseed ("C:\Users\Stephen Office\AppData\Roaming\Snapseed\Snapseed.exe") -> NOT SELECTED
[RUN][sUSP PATH] HKCU\[...]\Run : Steam ("C:\Users\Stephen Office\AppData\Roaming\Steam\steam.exe") -> NOT SELECTED
[RUN][HJNAME] HKCU\[...]\Run : Windows Updater ("C:\Users\Stephen Office\AppData\Local\Temp\svchost.exe") -> DELETED
[RUN][sUSP PATH] HKUS\S-1-5-21-3708766167-61689912-231149725-1000[...]\Run : Snapseed ("C:\Users\Stephen Office\AppData\Roaming\Snapseed\Snapseed.exe") -> DELETED
[RUN][sUSP PATH] HKUS\S-1-5-21-3708766167-61689912-231149725-1000[...]\Run : Steam ("C:\Users\Stephen Office\AppData\Roaming\Steam\steam.exe") -> DELETED
[sTARTUP][sUSP PATH] Best Buy pc app.lnk @Default : C:\ProgramData\Best Buy pc app\ClickOnceSetup.exe -> NOT SELECTED
[sTARTUP][sUSP PATH] Best Buy pc app.lnk @Default User : C:\ProgramData\Best Buy pc app\ClickOnceSetup.exe -> NOT SELECTED
[HJ SMENU] HKCU\[...]\Advanced : Start_ShowMyGames (0) -> REPLACED (1)
[HJ DESK] HKLM\[...]\NewStartPanel : {59031a47-3f72-44a7-89c5-5595fe6b30ee} (1) -> REPLACED (0)
[HJ DESK] HKLM\[...]\NewStartPanel : {20D04FE0-3AEA-1069-A2D8-08002B30309D} (1) -> REPLACED (0)
¤¤¤ Particular Files / Folders: ¤¤¤
¤¤¤ Driver : [NOT LOADED] ¤¤¤
¤¤¤ Infection : ¤¤¤
¤¤¤ HOSTS File: ¤¤¤
--> C:\Windows\system32\drivers\etc\hosts
¤¤¤ MBR Check: ¤¤¤
+++++ PhysicalDrive0: ST1000DM003-9YN162 +++++
--- User ---
[MBR] 4af6bf70c69f8ceb732bdd1551bdb956
[bSP] d8561dcf563882ab125a0ba050e7d21f : Windows 7 MBR Code
Partition table:
0 - [XXXXXX] ACER (0x27) [VISIBLE] Offset (sectors): 2048 | Size: 14336 Mo
1 - [ACTIVE] NTFS (0x07) [VISIBLE] Offset (sectors): 29362176 | Size: 100 Mo
2 - [XXXXXX] NTFS (0x07) [VISIBLE] Offset (sectors): 29566976 | Size: 939431 Mo
User = LL1 ... OK!
User = LL2 ... OK!
Finished : << RKreport[2].txt >>
RKreport[1].txt ; RKreport[2].txt
Malwarebytes Anti-Malware (Trial) 1.62.0.1300
www.malwarebytes.org
Database version: v2012.09.08.08
Windows 7 Service Pack 1 x64 NTFS
Internet Explorer 9.0.8112.16421
Stephen Office :: STEPHENOFFICE [administrator]
Protection: Enabled
9/8/2012 4:29:32 PM
mbam-log-2012-09-08 (16-29-32).txt
Scan type: Full scan (C:\|D:\|E:\|Q:\|)
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
Scan options disabled: P2P
Objects scanned: 313510
Time elapsed: 17 minute(s), 16 second(s)
Memory Processes Detected: 0
(No malicious items detected)
Memory Modules Detected: 0
(No malicious items detected)
Registry Keys Detected: 0
(No malicious items detected)
Registry Values Detected: 0
(No malicious items detected)
Registry Data Items Detected: 0
(No malicious items detected)
Folders Detected: 0
(No malicious items detected)
Files Detected: 2
C:\Users\Stephen Office\AppData\Roaming\audiohd.exe (Backdoor.Agent) -> Quarantined and deleted successfully.
C:\Users\Stephen Office\AppData\Local\Temp\svchost.exe (Trojan.Agent) -> Quarantined and deleted successfully.
(end)
-
aswMBR version 0.9.9.1665 Copyright© 2011 AVAST Software
Run date: 2012-09-08 09:51:54
-----------------------------
09:51:54.015 OS Version: Windows x64 6.1.7601 Service Pack 1
09:51:54.015 Number of processors: 4 586 0x2A07
09:51:54.016 ComputerName: STEPHENOFFICE UserName:
09:51:54.619 Initialize success
09:52:47.093 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IAAStorageDevice-1
09:52:47.095 Disk 0 Vendor: ST1000DM CC4B Size: 953869MB BusType: 3
09:52:47.121 Disk 0 MBR read successfully
09:52:47.123 Disk 0 MBR scan
09:52:47.124 Disk 0 Windows 7 default MBR code
09:52:47.127 Disk 0 Partition 1 00 27 Hidden NTFS WinRE NTFS 14336 MB offset 2048
09:52:47.137 Disk 0 Partition 2 80 (A) 07 HPFS/NTFS NTFS 100 MB offset 29362176
09:52:47.144 Disk 0 Partition 3 00 07 HPFS/NTFS NTFS 939431 MB offset 29566976
09:52:47.157 Disk 0 scanning C:\Windows\system32\drivers
09:52:50.960 Service scanning
09:52:57.217 Modules scanning
09:52:57.221 Scan finished successfully
09:53:34.557 Disk 0 MBR has been saved successfully to "C:\Users\Stephen Office\Downloads\malware scanners\asw logs\MBR.dat"
09:53:34.558 The log file has been saved successfully to "C:\Users\Stephen Office\Downloads\malware scanners\asw logs\aswMBR.txt"
09:54:02.0779 4556 TDSS rootkit removing tool 2.8.8.0 Aug 24 2012 13:27:48
09:54:03.0128 4556 ============================================================
09:54:03.0128 4556 Current date / time: 2012/09/08 09:54:03.0128
09:54:03.0128 4556 SystemInfo:
09:54:03.0128 4556
09:54:03.0128 4556 OS Version: 6.1.7601 ServicePack: 1.0
09:54:03.0128 4556 Product type: Workstation
09:54:03.0128 4556 ComputerName: STEPHENOFFICE
09:54:03.0128 4556 UserName: Stephen Office
09:54:03.0128 4556 Windows directory: C:\Windows
09:54:03.0128 4556 System windows directory: C:\Windows
09:54:03.0128 4556 Running under WOW64
09:54:03.0128 4556 Processor architecture: Intel x64
09:54:03.0128 4556 Number of processors: 4
09:54:03.0128 4556 Page size: 0x1000
09:54:03.0128 4556 Boot type: Normal boot
09:54:03.0128 4556 ============================================================
09:54:03.0438 4556 Drive \Device\Harddisk0\DR0 - Size: 0xE8E0DB6000 (931.51 Gb), SectorSize: 0x200, Cylinders: 0x1DB01, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000040
09:54:03.0446 4556 ============================================================
09:54:03.0447 4556 \Device\Harddisk0\DR0:
09:54:03.0447 4556 MBR partitions:
09:54:03.0447 4556 \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x1C00800, BlocksNum 0x32000
09:54:03.0447 4556 \Device\Harddisk0\DR0\Partition2: MBR, Type 0x7, StartLBA 0x1C32800, BlocksNum 0x72AD3800
09:54:03.0447 4556 ============================================================
09:54:03.0474 4556 C: <-> \Device\Harddisk0\DR0\Partition2
09:54:03.0474 4556 ============================================================
09:54:03.0474 4556 Initialize success
09:54:03.0474 4556 ============================================================
09:54:15.0105 0248 ============================================================
09:54:15.0105 0248 Scan started
09:54:15.0105 0248 Mode: Manual;
09:54:15.0105 0248 ============================================================
09:54:15.0243 0248 ================ Scan system memory ========================
09:54:15.0243 0248 System memory - ok
09:54:15.0244 0248 ================ Scan services =============================
09:54:15.0346 0248 [ A87D604AEA360176311474C87A63BB88 ] 1394ohci C:\Windows\system32\drivers\1394ohci.sys
09:54:15.0348 0248 1394ohci - ok
09:54:15.0362 0248 [ D81D9E70B8A6DD14D42D7B4EFA65D5F2 ] ACPI C:\Windows\system32\drivers\ACPI.sys
09:54:15.0364 0248 ACPI - ok
09:54:15.0366 0248 [ 99F8E788246D495CE3794D7E7821D2CA ] AcpiPmi C:\Windows\system32\drivers\acpipmi.sys
09:54:15.0367 0248 AcpiPmi - ok
09:54:15.0422 0248 [ D19C4EE2AC7C47B8F5F84FFF1A789D8A ] AdobeARMservice C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
09:54:15.0423 0248 AdobeARMservice - ok
09:54:15.0474 0248 [ 86D0D87CB86588818805CF29E0CA14DF ] AdobeFlashPlayerUpdateSvc C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
09:54:15.0476 0248 AdobeFlashPlayerUpdateSvc - ok
09:54:15.0489 0248 [ 2F6B34B83843F0C5118B63AC634F5BF4 ] adp94xx C:\Windows\system32\drivers\adp94xx.sys
09:54:15.0491 0248 adp94xx - ok
09:54:15.0496 0248 [ 597F78224EE9224EA1A13D6350CED962 ] adpahci C:\Windows\system32\drivers\adpahci.sys
09:54:15.0497 0248 adpahci - ok
09:54:15.0500 0248 [ E109549C90F62FB570B9540C4B148E54 ] adpu320 C:\Windows\system32\drivers\adpu320.sys
09:54:15.0501 0248 adpu320 - ok
09:54:15.0521 0248 [ 4B78B431F225FD8624C5655CB1DE7B61 ] AeLookupSvc C:\Windows\System32\aelupsvc.dll
09:54:15.0522 0248 AeLookupSvc - ok
09:54:15.0528 0248 [ 1C7857B62DE5994A75B054A9FD4C3825 ] AFD C:\Windows\system32\drivers\afd.sys
09:54:15.0530 0248 AFD - ok
09:54:15.0561 0248 [ 6953D8D79A275EAD9DA145982981236B ] Agent C:\Windows\agent_x64.exe
09:54:15.0562 0248 Agent - ok
09:54:15.0573 0248 [ 608C14DBA7299D8CB6ED035A68A15799 ] agp440 C:\Windows\system32\drivers\agp440.sys
09:54:15.0573 0248 agp440 - ok
09:54:15.0583 0248 [ 3290D6946B5E30E70414990574883DDB ] ALG C:\Windows\System32\alg.exe
09:54:15.0583 0248 ALG - ok
09:54:15.0585 0248 [ 5812713A477A3AD7363C7438CA2EE038 ] aliide C:\Windows\system32\drivers\aliide.sys
09:54:15.0586 0248 aliide - ok
09:54:15.0588 0248 [ 1FF8B4431C353CE385C875F194924C0C ] amdide C:\Windows\system32\drivers\amdide.sys
09:54:15.0588 0248 amdide - ok
09:54:15.0591 0248 [ 7024F087CFF1833A806193EF9D22CDA9 ] AmdK8 C:\Windows\system32\drivers\amdk8.sys
09:54:15.0591 0248 AmdK8 - ok
09:54:15.0594 0248 [ 1E56388B3FE0D031C44144EB8C4D6217 ] AmdPPM C:\Windows\system32\drivers\amdppm.sys
09:54:15.0594 0248 AmdPPM - ok
09:54:15.0596 0248 [ D4121AE6D0C0E7E13AA221AA57EF2D49 ] amdsata C:\Windows\system32\drivers\amdsata.sys
09:54:15.0597 0248 amdsata - ok
09:54:15.0600 0248 [ F67F933E79241ED32FF46A4F29B5120B ] amdsbs C:\Windows\system32\drivers\amdsbs.sys
09:54:15.0601 0248 amdsbs - ok
09:54:15.0609 0248 [ 540DAF1CEA6094886D72126FD7C33048 ] amdxata C:\Windows\system32\drivers\amdxata.sys
09:54:15.0610 0248 amdxata - ok
09:54:15.0620 0248 [ 89A69C3F2F319B43379399547526D952 ] AppID C:\Windows\system32\drivers\appid.sys
09:54:15.0621 0248 AppID - ok
09:54:15.0633 0248 [ 0BC381A15355A3982216F7172F545DE1 ] AppIDSvc C:\Windows\System32\appidsvc.dll
09:54:15.0633 0248 AppIDSvc - ok
09:54:15.0644 0248 [ 3977D4A871CA0D4F2ED1E7DB46829731 ] Appinfo C:\Windows\System32\appinfo.dll
09:54:15.0645 0248 Appinfo - ok
09:54:15.0647 0248 [ C484F8CEB1717C540242531DB7845C4E ] arc C:\Windows\system32\drivers\arc.sys
09:54:15.0648 0248 arc - ok
09:54:15.0650 0248 [ 019AF6924AEFE7839F61C830227FE79C ] arcsas C:\Windows\system32\drivers\arcsas.sys
09:54:15.0651 0248 arcsas - ok
09:54:15.0664 0248 [ 769765CE2CC62867468CEA93969B2242 ] AsyncMac C:\Windows\system32\DRIVERS\asyncmac.sys
09:54:15.0664 0248 AsyncMac - ok
09:54:15.0676 0248 [ 02062C0B390B7729EDC9E69C680A6F3C ] atapi C:\Windows\system32\drivers\atapi.sys
09:54:15.0676 0248 atapi - ok
09:54:15.0693 0248 [ F23FEF6D569FCE88671949894A8BECF1 ] AudioEndpointBuilder C:\Windows\System32\Audiosrv.dll
09:54:15.0696 0248 AudioEndpointBuilder - ok
09:54:15.0702 0248 [ F23FEF6D569FCE88671949894A8BECF1 ] AudioSrv C:\Windows\System32\Audiosrv.dll
09:54:15.0706 0248 AudioSrv - ok
09:54:15.0727 0248 [ A6BF31A71B409DFA8CAC83159E1E2AFF ] AxInstSV C:\Windows\System32\AxInstSV.dll
09:54:15.0728 0248 AxInstSV - ok
09:54:15.0748 0248 [ 3E5B191307609F7514148C6832BB0842 ] b06bdrv C:\Windows\system32\drivers\bxvbda.sys
09:54:15.0750 0248 b06bdrv - ok
09:54:15.0756 0248 [ B5ACE6968304A3900EEB1EBFD9622DF2 ] b57nd60a C:\Windows\system32\DRIVERS\b57nd60a.sys
09:54:15.0757 0248 b57nd60a - ok
09:54:15.0797 0248 [ 87F3BCF82A63E900AF896CD930BF7E05 ] BBSvc C:\Program Files (x86)\Microsoft\BingBar\BBSvc.EXE
09:54:15.0799 0248 BBSvc - ok
09:54:15.0817 0248 [ 78779EE07231C658B483B1F38B5088DF ] BBUpdate C:\Program Files (x86)\Microsoft\BingBar\SeaPort.EXE
09:54:15.0818 0248 BBUpdate - ok
09:54:15.0828 0248 [ FDE360167101B4E45A96F939F388AEB0 ] BDESVC C:\Windows\System32\bdesvc.dll
09:54:15.0829 0248 BDESVC - ok
09:54:15.0850 0248 [ 16A47CE2DECC9B099349A5F840654746 ] Beep C:\Windows\system32\drivers\Beep.sys
09:54:15.0850 0248 Beep - ok
09:54:15.0868 0248 [ 82974D6A2FD19445CC5171FC378668A4 ] BFE C:\Windows\System32\bfe.dll
09:54:15.0871 0248 BFE - ok
09:54:15.0895 0248 [ 1EA7969E3271CBC59E1730697DC74682 ] BITS C:\Windows\System32\qmgr.dll
09:54:15.0899 0248 BITS - ok
09:54:15.0905 0248 [ 61583EE3C3A17003C4ACD0475646B4D3 ] blbdrive C:\Windows\system32\drivers\blbdrive.sys
09:54:15.0906 0248 blbdrive - ok
09:54:15.0916 0248 [ 6C02A83164F5CC0A262F4199F0871CF5 ] bowser C:\Windows\system32\DRIVERS\bowser.sys
09:54:15.0916 0248 bowser - ok
09:54:15.0919 0248 [ F09EEE9EDC320B5E1501F749FDE686C8 ] BrFiltLo C:\Windows\system32\drivers\BrFiltLo.sys
09:54:15.0919 0248 BrFiltLo - ok
09:54:15.0921 0248 [ B114D3098E9BDB8BEA8B053685831BE6 ] BrFiltUp C:\Windows\system32\drivers\BrFiltUp.sys
09:54:15.0921 0248 BrFiltUp - ok
09:54:15.0942 0248 [ 05F5A0D14A2EE1D8255C2AA0E9E8E694 ] Browser C:\Windows\System32\browser.dll
09:54:15.0943 0248 Browser - ok
09:54:15.0952 0248 [ 43BEA8D483BF1870F018E2D02E06A5BD ] Brserid C:\Windows\system32\DRIVERS\BrSerId.sys
09:54:15.0954 0248 Brserid - ok
09:54:15.0966 0248 [ A6ECA2151B08A09CACECA35C07F05B42 ] BrSerWdm C:\Windows\System32\Drivers\BrSerWdm.sys
09:54:15.0966 0248 BrSerWdm - ok
09:54:15.0968 0248 [ B79968002C277E869CF38BD22CD61524 ] BrUsbMdm C:\Windows\System32\Drivers\BrUsbMdm.sys
09:54:15.0968 0248 BrUsbMdm - ok
09:54:15.0977 0248 [ A87528880231C54E75EA7A44943B38BF ] BrUsbSer C:\Windows\system32\DRIVERS\BrUsbSer.sys
09:54:15.0977 0248 BrUsbSer - ok
09:54:15.0980 0248 [ 9DA669F11D1F894AB4EB69BF546A42E8 ] BTHMODEM C:\Windows\system32\drivers\bthmodem.sys
09:54:15.0980 0248 BTHMODEM - ok
09:54:16.0004 0248 [ 95F9C2976059462CBBF227F7AAB10DE9 ] bthserv C:\Windows\system32\bthserv.dll
09:54:16.0004 0248 bthserv - ok
09:54:16.0007 0248 [ B8BD2BB284668C84865658C77574381A ] cdfs C:\Windows\system32\DRIVERS\cdfs.sys
09:54:16.0007 0248 cdfs - ok
09:54:16.0034 0248 [ F036CE71586E93D94DAB220D7BDF4416 ] cdrom C:\Windows\system32\DRIVERS\cdrom.sys
09:54:16.0035 0248 cdrom - ok
09:54:16.0038 0248 [ F17D1D393BBC69C5322FBFAFACA28C7F ] CertPropSvc C:\Windows\System32\certprop.dll
09:54:16.0038 0248 CertPropSvc - ok
09:54:16.0041 0248 [ D7CD5C4E1B71FA62050515314CFB52CF ] circlass C:\Windows\system32\drivers\circlass.sys
09:54:16.0041 0248 circlass - ok
09:54:16.0056 0248 [ FE1EC06F2253F691FE36217C592A0206 ] CLFS C:\Windows\system32\CLFS.sys
09:54:16.0058 0248 CLFS - ok
09:54:16.0106 0248 [ D88040F816FDA31C3B466F0FA0918F29 ] clr_optimization_v2.0.50727_32 C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
09:54:16.0107 0248 clr_optimization_v2.0.50727_32 - ok
09:54:16.0122 0248 [ D1CEEA2B47CB998321C579651CE3E4F8 ] clr_optimization_v2.0.50727_64 C:\Windows\Microsoft.NET\Framework64\v2.0.50727\mscorsvw.exe
09:54:16.0122 0248 clr_optimization_v2.0.50727_64 - ok
09:54:16.0153 0248 [ C5A75EB48E2344ABDC162BDA79E16841 ] clr_optimization_v4.0.30319_32 C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
09:54:16.0154 0248 clr_optimization_v4.0.30319_32 - ok
09:54:16.0179 0248 [ C6F9AF94DCD58122A4D7E89DB6BED29D ] clr_optimization_v4.0.30319_64 C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe
09:54:16.0180 0248 clr_optimization_v4.0.30319_64 - ok
09:54:16.0192 0248 [ 0840155D0BDDF1190F84A663C284BD33 ] CmBatt C:\Windows\system32\drivers\CmBatt.sys
09:54:16.0192 0248 CmBatt - ok
09:54:16.0194 0248 [ E19D3F095812725D88F9001985B94EDD ] cmdide C:\Windows\system32\drivers\cmdide.sys
09:54:16.0194 0248 cmdide - ok
09:54:16.0219 0248 [ 9AC4F97C2D3E93367E2148EA940CD2CD ] CNG C:\Windows\system32\Drivers\cng.sys
09:54:16.0221 0248 CNG - ok
09:54:16.0230 0248 [ 102DE219C3F61415F964C88E9085AD14 ] Compbatt C:\Windows\system32\drivers\compbatt.sys
09:54:16.0230 0248 Compbatt - ok
09:54:16.0242 0248 [ 03EDB043586CCEBA243D689BDDA370A8 ] CompositeBus C:\Windows\system32\drivers\CompositeBus.sys
09:54:16.0242 0248 CompositeBus - ok
09:54:16.0245 0248 COMSysApp - ok
09:54:16.0270 0248 [ 927DA6432AF23ECD82FDB6A7E76CC842 ] cphs C:\Windows\SysWow64\IntelCpHeciSvc.exe
09:54:16.0272 0248 cphs - ok
09:54:16.0274 0248 [ 1C827878A998C18847245FE1F34EE597 ] crcdisk C:\Windows\system32\drivers\crcdisk.sys
09:54:16.0275 0248 crcdisk - ok
09:54:16.0299 0248 [ 4F5414602E2544A4554D95517948B705 ] CryptSvc C:\Windows\system32\cryptsvc.dll
09:54:16.0300 0248 CryptSvc - ok
09:54:16.0425 0248 [ 72794D112CBAFF3BC0C29BF7350D4741 ] cvhsvc C:\Program Files (x86)\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE
09:54:16.0429 0248 cvhsvc - ok
09:54:16.0451 0248 [ 5C627D1B1138676C0A7AB2C2C190D123 ] DcomLaunch C:\Windows\system32\rpcss.dll
09:54:16.0454 0248 DcomLaunch - ok
09:54:16.0470 0248 [ 3CEC7631A84943677AA8FA8EE5B6B43D ] defragsvc C:\Windows\System32\defragsvc.dll
09:54:16.0471 0248 defragsvc - ok
09:54:16.0474 0248 [ 9BB2EF44EAA163B29C4A4587887A0FE4 ] DfsC C:\Windows\system32\Drivers\dfsc.sys
09:54:16.0475 0248 DfsC - ok
09:54:16.0494 0248 [ 6060106CE00F32F63F1A73160E46E9D2 ] dg_ssudbus C:\Windows\system32\DRIVERS\ssudbus.sys
09:54:16.0494 0248 dg_ssudbus - ok
09:54:16.0520 0248 [ 43D808F5D9E1A18E5EEB5EBC83969E4E ] Dhcp C:\Windows\system32\dhcpcore.dll
09:54:16.0522 0248 Dhcp - ok
09:54:16.0528 0248 [ 13096B05847EC78F0977F2C0F79E9AB3 ] discache C:\Windows\system32\drivers\discache.sys
09:54:16.0529 0248 discache - ok
09:54:16.0534 0248 [ 9819EEE8B5EA3784EC4AF3B137A5244C ] Disk C:\Windows\system32\drivers\disk.sys
09:54:16.0535 0248 Disk - ok
09:54:16.0547 0248 [ 16835866AAA693C7D7FCEBA8FFF706E4 ] Dnscache C:\Windows\System32\dnsrslvr.dll
09:54:16.0548 0248 Dnscache - ok
09:54:16.0560 0248 [ B1FB3DDCA0FDF408750D5843591AFBC6 ] dot3svc C:\Windows\System32\dot3svc.dll
09:54:16.0561 0248 dot3svc - ok
09:54:16.0565 0248 [ B26F4F737E8F9DF4F31AF6CF31D05820 ] DPS C:\Windows\system32\dps.dll
09:54:16.0566 0248 DPS - ok
09:54:16.0601 0248 [ B123656688D67DF3A08FE5912203F71B ] DragonSvc C:\Program Files (x86)\Common Files\Nuance\dgnsvc.exe
09:54:16.0603 0248 DragonSvc - ok
09:54:16.0606 0248 [ 9B19F34400D24DF84C858A421C205754 ] drmkaud C:\Windows\system32\drivers\drmkaud.sys
09:54:16.0606 0248 drmkaud - ok
09:54:16.0621 0248 [ F5BEE30450E18E6B83A5012C100616FD ] DXGKrnl C:\Windows\System32\drivers\dxgkrnl.sys
09:54:16.0628 0248 DXGKrnl - ok
09:54:16.0663 0248 [ 5DB7CEB8FB44ABF01614E33BAD2056E0 ] e1cexpress C:\Windows\system32\DRIVERS\e1c62x64.sys
09:54:16.0665 0248 e1cexpress - ok
09:54:16.0673 0248 [ E2DDA8726DA9CB5B2C4000C9018A9633 ] EapHost C:\Windows\System32\eapsvc.dll
09:54:16.0674 0248 EapHost - ok
09:54:16.0713 0248 [ DC5D737F51BE844D8C82C695EB17372F ] ebdrv C:\Windows\system32\drivers\evbda.sys
09:54:16.0727 0248 ebdrv - ok
09:54:16.0759 0248 [ C118A82CD78818C29AB228366EBF81C3 ] EFS C:\Windows\System32\lsass.exe
09:54:16.0760 0248 EFS - ok
09:54:16.0792 0248 [ C4002B6B41975F057D98C439030CEA07 ] ehRecvr C:\Windows\ehome\ehRecvr.exe
09:54:16.0796 0248 ehRecvr - ok
09:54:16.0804 0248 [ 4705E8EF9934482C5BB488CE28AFC681 ] ehSched C:\Windows\ehome\ehsched.exe
09:54:16.0806 0248 ehSched - ok
09:54:16.0821 0248 [ 0E5DA5369A0FCAEA12456DD852545184 ] elxstor C:\Windows\system32\drivers\elxstor.sys
09:54:16.0825 0248 elxstor - ok
09:54:16.0827 0248 [ 34A3C54752046E79A126E15C51DB409B ] ErrDev C:\Windows\system32\drivers\errdev.sys
09:54:16.0827 0248 ErrDev - ok
09:54:16.0844 0248 [ 4166F82BE4D24938977DD1746BE9B8A0 ] EventSystem C:\Windows\system32\es.dll
09:54:16.0846 0248 EventSystem - ok
09:54:16.0861 0248 [ A510C654EC00C1E9BDD91EEB3A59823B ] exfat C:\Windows\system32\drivers\exfat.sys
09:54:16.0863 0248 exfat - ok
09:54:16.0875 0248 [ 0ADC83218B66A6DB380C330836F3E36D ] fastfat C:\Windows\system32\drivers\fastfat.sys
09:54:16.0876 0248 fastfat - ok
09:54:16.0893 0248 [ DBEFD454F8318A0EF691FDD2EAAB44EB ] Fax C:\Windows\system32\fxssvc.exe
09:54:16.0896 0248 Fax - ok
09:54:16.0902 0248 [ D765D19CD8EF61F650C384F62FAC00AB ] fdc C:\Windows\system32\drivers\fdc.sys
09:54:16.0902 0248 fdc - ok
09:54:16.0914 0248 [ 0438CAB2E03F4FB61455A7956026FE86 ] fdPHost C:\Windows\system32\fdPHost.dll
09:54:16.0914 0248 fdPHost - ok
09:54:16.0920 0248 [ 802496CB59A30349F9A6DD22D6947644 ] FDResPub C:\Windows\system32\fdrespub.dll
09:54:16.0921 0248 FDResPub - ok
09:54:16.0925 0248 [ 655661BE46B5F5F3FD454E2C3095B930 ] FileInfo C:\Windows\system32\drivers\fileinfo.sys
09:54:16.0926 0248 FileInfo - ok
09:54:16.0933 0248 [ 5F671AB5BC87EEA04EC38A6CD5962A47 ] Filetrace C:\Windows\system32\drivers\filetrace.sys
09:54:16.0934 0248 Filetrace - ok
09:54:16.0937 0248 [ C172A0F53008EAEB8EA33FE10E177AF5 ] flpydisk C:\Windows\system32\drivers\flpydisk.sys
09:54:16.0937 0248 flpydisk - ok
09:54:16.0942 0248 [ DA6B67270FD9DB3697B20FCE94950741 ] FltMgr C:\Windows\system32\drivers\fltmgr.sys
09:54:16.0944 0248 FltMgr - ok
09:54:16.0962 0248 [ 5C4CB4086FB83115B153E47ADD961A0C ] FontCache C:\Windows\system32\FntCache.dll
09:54:16.0980 0248 FontCache - ok
09:54:17.0024 0248 [ A8B7F3818AB65695E3A0BB3279F6DCE6 ] FontCache3.0.0.0 C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe
09:54:17.0025 0248 FontCache3.0.0.0 - ok
09:54:17.0039 0248 [ D43703496149971890703B4B1B723EAC ] FsDepends C:\Windows\system32\drivers\FsDepends.sys
09:54:17.0040 0248 FsDepends - ok
09:54:17.0050 0248 [ 6BD9295CC032DD3077C671FCCF579A7B ] Fs_Rec C:\Windows\system32\drivers\Fs_Rec.sys
09:54:17.0051 0248 Fs_Rec - ok
09:54:17.0054 0248 [ 1F7B25B858FA27015169FE95E54108ED ] fvevol C:\Windows\system32\DRIVERS\fvevol.sys
09:54:17.0057 0248 fvevol - ok
09:54:17.0064 0248 [ 8C778D335C9D272CFD3298AB02ABE3B6 ] gagp30kx C:\Windows\system32\drivers\gagp30kx.sys
09:54:17.0065 0248 gagp30kx - ok
09:54:17.0080 0248 [ 277BBC7E1AA1EE957F573A10ECA7EF3A ] gpsvc C:\Windows\System32\gpsvc.dll
09:54:17.0086 0248 gpsvc - ok
09:54:17.0118 0248 [ 32096F187020A54D29C95B3A1467D963 ] GREGService C:\Program Files (x86)\Gateway\Registration\GREGsvc.exe
09:54:17.0119 0248 GREGService - ok
09:54:17.0186 0248 [ 506708142BC63DABA64F2D3AD1DCD5BF ] gupdate C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
09:54:17.0186 0248 gupdate - ok
09:54:17.0190 0248 [ 506708142BC63DABA64F2D3AD1DCD5BF ] gupdatem C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
09:54:17.0191 0248 gupdatem - ok
09:54:17.0197 0248 [ F2523EF6460FC42405B12248338AB2F0 ] hcw85cir C:\Windows\system32\drivers\hcw85cir.sys
09:54:17.0198 0248 hcw85cir - ok
09:54:17.0220 0248 [ 975761C778E33CD22498059B91E7373A ] HdAudAddService C:\Windows\system32\drivers\HdAudio.sys
09:54:17.0223 0248 HdAudAddService - ok
09:54:17.0233 0248 [ 97BFED39B6B79EB12CDDBFEED51F56BB ] HDAudBus C:\Windows\system32\drivers\HDAudBus.sys
09:54:17.0235 0248 HDAudBus - ok
09:54:17.0238 0248 [ 78E86380454A7B10A5EB255DC44A355F ] HidBatt C:\Windows\system32\drivers\HidBatt.sys
09:54:17.0238 0248 HidBatt - ok
09:54:17.0241 0248 [ 7FD2A313F7AFE5C4DAB14798C48DD104 ] HidBth C:\Windows\system32\drivers\hidbth.sys
09:54:17.0242 0248 HidBth - ok
09:54:17.0244 0248 [ 0A77D29F311B88CFAE3B13F9C1A73825 ] HidIr C:\Windows\system32\drivers\hidir.sys
09:54:17.0245 0248 HidIr - ok
09:54:17.0248 0248 [ BD9EB3958F213F96B97B1D897DEE006D ] hidserv C:\Windows\system32\hidserv.dll
09:54:17.0249 0248 hidserv - ok
09:54:17.0259 0248 [ 9592090A7E2B61CD582B612B6DF70536 ] HidUsb C:\Windows\system32\DRIVERS\hidusb.sys
09:54:17.0261 0248 HidUsb - ok
09:54:17.0273 0248 [ 387E72E739E15E3D37907A86D9FF98E2 ] hkmsvc C:\Windows\system32\kmsvc.dll
09:54:17.0275 0248 hkmsvc - ok
09:54:17.0286 0248 [ EFDFB3DD38A4376F93E7985173813ABD ] HomeGroupListener C:\Windows\system32\ListSvc.dll
09:54:17.0289 0248 HomeGroupListener - ok
09:54:17.0309 0248 [ 908ACB1F594274965A53926B10C81E89 ] HomeGroupProvider C:\Windows\system32\provsvc.dll
09:54:17.0311 0248 HomeGroupProvider - ok
09:54:17.0314 0248 [ 39D2ABCD392F3D8A6DCE7B60AE7B8EFC ] HpSAMD C:\Windows\system32\drivers\HpSAMD.sys
09:54:17.0315 0248 HpSAMD - ok
09:54:17.0325 0248 [ 0EA7DE1ACB728DD5A369FD742D6EEE28 ] HTTP C:\Windows\system32\drivers\HTTP.sys
09:54:17.0330 0248 HTTP - ok
09:54:17.0342 0248 [ A5462BD6884960C9DC85ED49D34FF392 ] hwpolicy C:\Windows\system32\drivers\hwpolicy.sys
09:54:17.0343 0248 hwpolicy - ok
09:54:17.0359 0248 [ FA55C73D4AFFA7EE23AC4BE53B4592D3 ] i8042prt C:\Windows\system32\DRIVERS\i8042prt.sys
09:54:17.0361 0248 i8042prt - ok
09:54:17.0376 0248 [ C224331A54571C8C9162F7714400BBBD ] iaStor C:\Windows\system32\DRIVERS\iaStor.sys
09:54:17.0379 0248 iaStor - ok
09:54:17.0435 0248 [ 7D4B9A48430ED57ACA6373B71D5904CA ] IAStorDataMgrSvc C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe
09:54:17.0435 0248 IAStorDataMgrSvc - ok
09:54:17.0449 0248 [ AAAF44DB3BD0B9D1FB6969B23ECC8366 ] iaStorV C:\Windows\system32\drivers\iaStorV.sys
09:54:17.0453 0248 iaStorV - ok
09:54:17.0479 0248 [ 5988FC40F8DB5B0739CD1E3A5D0D78BD ] idsvc C:\Windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\infocard.exe
09:54:17.0485 0248 idsvc - ok
09:54:17.0624 0248 [ 0638D16029B1C800908D965AC78970C7 ] igfx C:\Windows\system32\DRIVERS\igdkmd64.sys
09:54:17.0761 0248 igfx - ok
09:54:17.0765 0248 [ 5C18831C61933628F5BB0EA2675B9D21 ] iirsp C:\Windows\system32\drivers\iirsp.sys
09:54:17.0766 0248 iirsp - ok
09:54:17.0792 0248 [ FCD84C381E0140AF901E58D48882D26B ] IKEEXT C:\Windows\System32\ikeext.dll
09:54:17.0796 0248 IKEEXT - ok
09:54:17.0848 0248 [ ABA41EE6F5EEFC034F3BBD025506B37E ] IntcAzAudAddService C:\Windows\system32\drivers\RTKVHD64.sys
09:54:17.0883 0248 IntcAzAudAddService - ok
09:54:17.0896 0248 [ 6C9FFFECA9FED31347D211C5D1FFBD2D ] IntcDAud C:\Windows\system32\DRIVERS\IntcDAud.sys
09:54:17.0898 0248 IntcDAud - ok
09:54:17.0948 0248 [ 832CE330DD987227B7DEA8C03F22AEFA ] Intel® Capability Licensing Service Interface C:\Program Files\Intel\iCLS Client\HeciServer.exe
09:54:17.0950 0248 Intel® Capability Licensing Service Interface - ok
09:54:17.0953 0248 [ F00F20E70C6EC3AA366910083A0518AA ] intelide C:\Windows\system32\drivers\intelide.sys
09:54:17.0953 0248 intelide - ok
09:54:17.0969 0248 [ ADA036632C664CAA754079041CF1F8C1 ] intelppm C:\Windows\system32\DRIVERS\intelppm.sys
09:54:17.0970 0248 intelppm - ok
09:54:17.0975 0248 [ 098A91C54546A3B878DAD6A7E90A455B ] IPBusEnum C:\Windows\system32\ipbusenum.dll
09:54:17.0976 0248 IPBusEnum - ok
09:54:17.0979 0248 [ C9F0E1BD74365A8771590E9008D22AB6 ] IpFilterDriver C:\Windows\system32\DRIVERS\ipfltdrv.sys
09:54:17.0980 0248 IpFilterDriver - ok
09:54:17.0991 0248 [ A34A587FFFD45FA649FBA6D03784D257 ] iphlpsvc C:\Windows\System32\iphlpsvc.dll
09:54:17.0994 0248 iphlpsvc - ok
09:54:17.0997 0248 [ 0FC1AEA580957AA8817B8F305D18CA3A ] IPMIDRV C:\Windows\system32\drivers\IPMIDrv.sys
09:54:17.0998 0248 IPMIDRV - ok
09:54:18.0000 0248 [ AF9B39A7E7B6CAA203B3862582E9F2D0 ] IPNAT C:\Windows\system32\drivers\ipnat.sys
09:54:18.0001 0248 IPNAT - ok
09:54:18.0008 0248 [ 3ABF5E7213EB28966D55D58B515D5CE9 ] IRENUM C:\Windows\system32\drivers\irenum.sys
09:54:18.0009 0248 IRENUM - ok
09:54:18.0011 0248 [ 2F7B28DC3E1183E5EB418DF55C204F38 ] isapnp C:\Windows\system32\drivers\isapnp.sys
09:54:18.0011 0248 isapnp - ok
09:54:18.0023 0248 [ D931D7309DEB2317035B07C9F9E6B0BD ] iScsiPrt C:\Windows\system32\drivers\msiscsi.sys
09:54:18.0025 0248 iScsiPrt - ok
09:54:18.0039 0248 [ DC0DBA5164F657DE2AE94B9D1FF75DA4 ] iusb3hcs C:\Windows\system32\DRIVERS\iusb3hcs.sys
09:54:18.0040 0248 iusb3hcs - ok
09:54:18.0051 0248 [ BA4F3A70F03584E5B907DA815677727D ] iusb3hub C:\Windows\system32\DRIVERS\iusb3hub.sys
09:54:18.0054 0248 iusb3hub - ok
09:54:18.0077 0248 [ E6130F70D61867C7EFC13A2F808EDC58 ] iusb3xhc C:\Windows\system32\DRIVERS\iusb3xhc.sys
09:54:18.0082 0248 iusb3xhc - ok
09:54:18.0112 0248 [ 468F7516B4030603BA9D1427CCEACDF9 ] jhi_service C:\Program Files (x86)\Intel\Intel® Management Engine Components\DAL\jhi_service.exe
09:54:18.0113 0248 jhi_service - ok
09:54:18.0125 0248 [ BC02336F1CBA7DCC7D1213BB588A68A5 ] kbdclass C:\Windows\system32\DRIVERS\kbdclass.sys
09:54:18.0127 0248 kbdclass - ok
09:54:18.0131 0248 [ 0705EFF5B42A9DB58548EEC3B26BB484 ] kbdhid C:\Windows\system32\DRIVERS\kbdhid.sys
09:54:18.0131 0248 kbdhid - ok
09:54:18.0143 0248 [ C118A82CD78818C29AB228366EBF81C3 ] KeyIso C:\Windows\system32\lsass.exe
09:54:18.0143 0248 KeyIso - ok
09:54:18.0165 0248 [ 97A7070AEA4C058B6418519E869A63B4 ] KSecDD C:\Windows\system32\Drivers\ksecdd.sys
09:54:18.0166 0248 KSecDD - ok
09:54:18.0177 0248 [ 26C43A7C2862447EC59DEDA188D1DA07 ] KSecPkg C:\Windows\system32\Drivers\ksecpkg.sys
09:54:18.0178 0248 KSecPkg - ok
09:54:18.0181 0248 [ 6869281E78CB31A43E969F06B57347C4 ] ksthunk C:\Windows\system32\drivers\ksthunk.sys
09:54:18.0181 0248 ksthunk - ok
09:54:18.0189 0248 [ 6AB66E16AA859232F64DEB66887A8C9C ] KtmRm C:\Windows\system32\msdtckrm.dll
09:54:18.0193 0248 KtmRm - ok
09:54:18.0212 0248 [ D9F42719019740BAA6D1C6D536CBDAA6 ] LanmanServer C:\Windows\system32\srvsvc.dll
09:54:18.0213 0248 LanmanServer - ok
09:54:18.0222 0248 [ 851A1382EED3E3A7476DB004F4EE3E1A ] LanmanWorkstation C:\Windows\System32\wkssvc.dll
09:54:18.0223 0248 LanmanWorkstation - ok
09:54:18.0261 0248 [ 6BB516A31DE232DAB436FF3A117E1E80 ] Live Updater Service C:\Program Files\Gateway\Gateway Updater\UpdaterService.exe
09:54:18.0262 0248 Live Updater Service - ok
09:54:18.0265 0248 [ 1538831CF8AD2979A04C423779465827 ] lltdio C:\Windows\system32\DRIVERS\lltdio.sys
09:54:18.0266 0248 lltdio - ok
09:54:18.0275 0248 [ C1185803384AB3FEED115F79F109427F ] lltdsvc C:\Windows\System32\lltdsvc.dll
09:54:18.0278 0248 lltdsvc - ok
09:54:18.0286 0248 [ F993A32249B66C9D622EA5592A8B76B8 ] lmhosts C:\Windows\System32\lmhsvc.dll
09:54:18.0287 0248 lmhosts - ok
09:54:18.0294 0248 [ B114B200CCDEBC7EBD8EF5D783819386 ] LMS C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe
09:54:18.0295 0248 LMS - ok
09:54:18.0318 0248 [ 1A93E54EB0ECE102495A51266DCDB6A6 ] LSI_FC C:\Windows\system32\drivers\lsi_fc.sys
09:54:18.0319 0248 LSI_FC - ok
09:54:18.0328 0248 [ 1047184A9FDC8BDBFF857175875EE810 ] LSI_SAS C:\Windows\system32\drivers\lsi_sas.sys
09:54:18.0329 0248 LSI_SAS - ok
09:54:18.0331 0248 [ 30F5C0DE1EE8B5BC9306C1F0E4A75F93 ] LSI_SAS2 C:\Windows\system32\drivers\lsi_sas2.sys
09:54:18.0332 0248 LSI_SAS2 - ok
09:54:18.0338 0248 [ 0504EACAFF0D3C8AED161C4B0D369D4A ] LSI_SCSI C:\Windows\system32\drivers\lsi_scsi.sys
09:54:18.0339 0248 LSI_SCSI - ok
09:54:18.0349 0248 [ 43D0F98E1D56CCDDB0D5254CFF7B356E ] luafv C:\Windows\system32\drivers\luafv.sys
09:54:18.0350 0248 luafv - ok
09:54:18.0381 0248 [ DC8490812A3B72811AE534F423B4C206 ] MBAMProtector C:\Windows\system32\drivers\mbam.sys
09:54:18.0382 0248 MBAMProtector - ok
09:54:18.0417 0248 [ 43683E970F008C93C9429EF428147A54 ] MBAMService C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe
09:54:18.0420 0248 MBAMService - ok
09:54:18.0434 0248 [ 0BE09CD858ABF9DF6ED259D57A1A1663 ] Mcx2Svc C:\Windows\system32\Mcx2Svc.dll
09:54:18.0436 0248 Mcx2Svc - ok
09:54:18.0447 0248 [ A55805F747C6EDB6A9080D7C633BD0F4 ] megasas C:\Windows\system32\drivers\megasas.sys
09:54:18.0449 0248 megasas - ok
09:54:18.0459 0248 [ BAF74CE0072480C3B6B7C13B2A94D6B3 ] MegaSR C:\Windows\system32\drivers\MegaSR.sys
09:54:18.0462 0248 MegaSR - ok
09:54:18.0465 0248 [ 6B01B7414A105B9E51652089A03027CF ] MEIx64 C:\Windows\system32\DRIVERS\HECIx64.sys
09:54:18.0465 0248 MEIx64 - ok
09:54:18.0473 0248 [ E40E80D0304A73E8D269F7141D77250B ] MMCSS C:\Windows\system32\mmcss.dll
09:54:18.0474 0248 MMCSS - ok
09:54:18.0486 0248 [ 800BA92F7010378B09F9ED9270F07137 ] Modem C:\Windows\system32\drivers\modem.sys
09:54:18.0487 0248 Modem - ok
09:54:18.0492 0248 [ B03D591DC7DA45ECE20B3B467E6AADAA ] monitor C:\Windows\system32\DRIVERS\monitor.sys
09:54:18.0492 0248 monitor - ok
09:54:18.0503 0248 [ 7D27EA49F3C1F687D357E77A470AEA99 ] mouclass C:\Windows\system32\DRIVERS\mouclass.sys
09:54:18.0504 0248 mouclass - ok
09:54:18.0513 0248 [ D3BF052C40B0C4166D9FD86A4288C1E6 ] mouhid C:\Windows\system32\DRIVERS\mouhid.sys
09:54:18.0515 0248 mouhid - ok
09:54:18.0523 0248 [ 32E7A3D591D671A6DF2DB515A5CBE0FA ] mountmgr C:\Windows\system32\drivers\mountmgr.sys
09:54:18.0525 0248 mountmgr - ok
09:54:18.0540 0248 [ 46297FA8E30A6007F14118FC2B942FBC ] MozillaMaintenance C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe
09:54:18.0542 0248 MozillaMaintenance - ok
09:54:18.0546 0248 [ A44B420D30BD56E145D6A2BC8768EC58 ] mpio C:\Windows\system32\drivers\mpio.sys
09:54:18.0548 0248 mpio - ok
09:54:18.0559 0248 [ 6C38C9E45AE0EA2FA5E551F2ED5E978F ] mpsdrv C:\Windows\system32\drivers\mpsdrv.sys
09:54:18.0561 0248 mpsdrv - ok
09:54:18.0575 0248 [ 54FFC9C8898113ACE189D4AA7199D2C1 ] MpsSvc C:\Windows\system32\mpssvc.dll
09:54:18.0579 0248 MpsSvc - ok
09:54:18.0590 0248 [ DC722758B8261E1ABAFD31A3C0A66380 ] MRxDAV C:\Windows\system32\drivers\mrxdav.sys
09:54:18.0591 0248 MRxDAV - ok
09:54:18.0605 0248 [ A5D9106A73DC88564C825D317CAC68AC ] mrxsmb C:\Windows\system32\DRIVERS\mrxsmb.sys
09:54:18.0607 0248 mrxsmb - ok
09:54:18.0610 0248 [ D711B3C1D5F42C0C2415687BE09FC163 ] mrxsmb10 C:\Windows\system32\DRIVERS\mrxsmb10.sys
09:54:18.0612 0248 mrxsmb10 - ok
09:54:18.0623 0248 [ 9423E9D355C8D303E76B8CFBD8A5C30C ] mrxsmb20 C:\Windows\system32\DRIVERS\mrxsmb20.sys
09:54:18.0625 0248 mrxsmb20 - ok
09:54:18.0632 0248 [ C25F0BAFA182CBCA2DD3C851C2E75796 ] msahci C:\Windows\system32\drivers\msahci.sys
09:54:18.0634 0248 msahci - ok
09:54:18.0645 0248 [ DB801A638D011B9633829EB6F663C900 ] msdsm C:\Windows\system32\drivers\msdsm.sys
09:54:18.0646 0248 msdsm - ok
09:54:18.0654 0248 [ DE0ECE52236CFA3ED2DBFC03F28253A8 ] MSDTC C:\Windows\System32\msdtc.exe
09:54:18.0656 0248 MSDTC - ok
09:54:18.0669 0248 [ AA3FB40E17CE1388FA1BEDAB50EA8F96 ] Msfs C:\Windows\system32\drivers\Msfs.sys
09:54:18.0670 0248 Msfs - ok
09:54:18.0676 0248 [ F9D215A46A8B9753F61767FA72A20326 ] mshidkmdf C:\Windows\System32\drivers\mshidkmdf.sys
09:54:18.0677 0248 mshidkmdf - ok
09:54:18.0682 0248 [ D916874BBD4F8B07BFB7FA9B3CCAE29D ] msisadrv C:\Windows\system32\drivers\msisadrv.sys
09:54:18.0683 0248 msisadrv - ok
09:54:18.0690 0248 [ 808E98FF49B155C522E6400953177B08 ] MSiSCSI C:\Windows\system32\iscsiexe.dll
09:54:18.0692 0248 MSiSCSI - ok
09:54:18.0694 0248 msiserver - ok
09:54:18.0696 0248 [ 49CCF2C4FEA34FFAD8B1B59D49439366 ] MSKSSRV C:\Windows\system32\drivers\MSKSSRV.sys
09:54:18.0697 0248 MSKSSRV - ok
09:54:18.0699 0248 [ BDD71ACE35A232104DDD349EE70E1AB3 ] MSPCLOCK C:\Windows\system32\drivers\MSPCLOCK.sys
09:54:18.0699 0248 MSPCLOCK - ok
09:54:18.0701 0248 [ 4ED981241DB27C3383D72092B618A1D0 ] MSPQM C:\Windows\system32\drivers\MSPQM.sys
09:54:18.0702 0248 MSPQM - ok
09:54:18.0707 0248 [ 759A9EEB0FA9ED79DA1FB7D4EF78866D ] MsRPC C:\Windows\system32\drivers\MsRPC.sys
09:54:18.0710 0248 MsRPC - ok
09:54:18.0716 0248 [ 0EED230E37515A0EAEE3C2E1BC97B288 ] mssmbios C:\Windows\system32\drivers\mssmbios.sys
09:54:18.0717 0248 mssmbios - ok
09:54:18.0726 0248 [ 2E66F9ECB30B4221A318C92AC2250779 ] MSTEE C:\Windows\system32\drivers\MSTEE.sys
09:54:18.0727 0248 MSTEE - ok
09:54:18.0729 0248 [ 7EA404308934E675BFFDE8EDF0757BCD ] MTConfig C:\Windows\system32\drivers\MTConfig.sys
09:54:18.0730 0248 MTConfig - ok
09:54:18.0737 0248 [ F9A18612FD3526FE473C1BDA678D61C8 ] Mup C:\Windows\system32\Drivers\mup.sys
09:54:18.0738 0248 Mup - ok
09:54:18.0748 0248 [ 582AC6D9873E31DFA28A4547270862DD ] napagent C:\Windows\system32\qagentRT.dll
09:54:18.0752 0248 napagent - ok
09:54:18.0761 0248 [ 1EA3749C4114DB3E3161156FFFFA6B33 ] NativeWifiP C:\Windows\system32\DRIVERS\nwifi.sys
09:54:18.0763 0248 NativeWifiP - ok
09:54:18.0799 0248 [ 13AA2130F2A104DD775EAD0F0EE5417B ] NAUpdate C:\Program Files (x86)\Nero\Update\NASvc.exe
09:54:18.0802 0248 NAUpdate - ok
09:54:18.0817 0248 [ 79B47FD40D9A817E932F9D26FAC0A81C ] NDIS C:\Windows\system32\drivers\ndis.sys
09:54:18.0834 0248 NDIS - ok
09:54:18.0845 0248 [ 9F9A1F53AAD7DA4D6FEF5BB73AB811AC ] NdisCap C:\Windows\system32\DRIVERS\ndiscap.sys
09:54:18.0846 0248 NdisCap - ok
09:54:18.0849 0248 [ 30639C932D9FEF22B31268FE25A1B6E5 ] NdisTapi C:\Windows\system32\DRIVERS\ndistapi.sys
09:54:18.0850 0248 NdisTapi - ok
09:54:18.0860 0248 [ 136185F9FB2CC61E573E676AA5402356 ] Ndisuio C:\Windows\system32\DRIVERS\ndisuio.sys
09:54:18.0861 0248 Ndisuio - ok
09:54:18.0865 0248 [ 53F7305169863F0A2BDDC49E116C2E11 ] NdisWan C:\Windows\system32\DRIVERS\ndiswan.sys
09:54:18.0866 0248 NdisWan - ok
09:54:18.0874 0248 [ 015C0D8E0E0421B4CFD48CFFE2825879 ] NDProxy C:\Windows\system32\drivers\NDProxy.sys
09:54:18.0876 0248 NDProxy - ok
09:54:18.0884 0248 [ 86743D9F5D2B1048062B14B1D84501C4 ] NetBIOS C:\Windows\system32\DRIVERS\netbios.sys
09:54:18.0885 0248 NetBIOS - ok
09:54:18.0889 0248 [ 09594D1089C523423B32A4229263F068 ] NetBT C:\Windows\system32\DRIVERS\netbt.sys
09:54:18.0891 0248 NetBT - ok
09:54:18.0901 0248 [ C118A82CD78818C29AB228366EBF81C3 ] Netlogon C:\Windows\system32\lsass.exe
09:54:18.0902 0248 Netlogon - ok
09:54:18.0915 0248 [ 847D3AE376C0817161A14A82C8922A9E ] Netman C:\Windows\System32\netman.dll
09:54:18.0917 0248 Netman - ok
09:54:18.0932 0248 [ 5F28111C648F1E24F7DBC87CDEB091B8 ] netprofm C:\Windows\System32\netprofm.dll
09:54:18.0936 0248 netprofm - ok
09:54:18.0973 0248 [ 5758FD37BF31E759F8610311E4D08ECA ] netr28x C:\Windows\system32\DRIVERS\netr28x.sys
09:54:18.0990 0248 netr28x - ok
09:54:19.0007 0248 [ 3E5A36127E201DDF663176B66828FAFE ] NetTcpPortSharing C:\Windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\SMSvcHost.exe
09:54:19.0008 0248 NetTcpPortSharing - ok
09:54:19.0014 0248 [ 77889813BE4D166CDAB78DDBA990DA92 ] nfrd960 C:\Windows\system32\drivers\nfrd960.sys
09:54:19.0015 0248 nfrd960 - ok
09:54:19.0034 0248 [ 1EE99A89CC788ADA662441D1E9830529 ] NlaSvc C:\Windows\System32\nlasvc.dll
09:54:19.0036 0248 NlaSvc - ok
09:54:19.0060 0248 [ C379E073E41053C19B0816326210806A ] nlsX86cc C:\Windows\SysWOW64\NLSSRV32.EXE
09:54:19.0062 0248 nlsX86cc - ok
09:54:19.0074 0248 [ 1E4C4AB5C9B8DD13179BBDC75A2A01F7 ] Npfs C:\Windows\system32\drivers\Npfs.sys
09:54:19.0075 0248 Npfs - ok
09:54:19.0077 0248 [ D54BFDF3E0C953F823B3D0BFE4732528 ] nsi C:\Windows\system32\nsisvc.dll
09:54:19.0079 0248 nsi - ok
09:54:19.0090 0248 [ E7F5AE18AF4168178A642A9247C63001 ] nsiproxy C:\Windows\system32\drivers\nsiproxy.sys
09:54:19.0091 0248 nsiproxy - ok
09:54:19.0114 0248 [ A2F74975097F52A00745F9637451FDD8 ] Ntfs C:\Windows\system32\drivers\Ntfs.sys
09:54:19.0131 0248 Ntfs - ok
09:54:19.0141 0248 [ 9899284589F75FA8724FF3D16AED75C1 ] Null C:\Windows\system32\drivers\Null.sys
09:54:19.0143 0248 Null - ok
09:54:19.0149 0248 [ 0A92CB65770442ED0DC44834632F66AD ] nvraid C:\Windows\system32\drivers\nvraid.sys
09:54:19.0150 0248 nvraid - ok
09:54:19.0154 0248 [ DAB0E87525C10052BF65F06152F37E4A ] nvstor C:\Windows\system32\drivers\nvstor.sys
09:54:19.0156 0248 nvstor - ok
09:54:19.0158 0248 [ 270D7CD42D6E3979F6DD0146650F0E05 ] nv_agp C:\Windows\system32\drivers\nv_agp.sys
09:54:19.0159 0248 nv_agp - ok
09:54:19.0162 0248 [ 3589478E4B22CE21B41FA1BFC0B8B8A0 ] ohci1394 C:\Windows\system32\drivers\ohci1394.sys
09:54:19.0163 0248 ohci1394 - ok
09:54:19.0191 0248 [ 9D10F99A6712E28F8ACD5641E3A7EA6B ] ose C:\Program Files (x86)\Common Files\Microsoft Shared\Source Engine\OSE.EXE
09:54:19.0193 0248 ose - ok
09:54:19.0259 0248 [ 61BFFB5F57AD12F83AB64B7181829B34 ] osppsvc C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE
09:54:19.0278 0248 osppsvc - ok
09:54:19.0298 0248 [ 3EAC4455472CC2C97107B5291E0DCAFE ] p2pimsvc C:\Windows\system32\pnrpsvc.dll
09:54:19.0300 0248 p2pimsvc - ok
09:54:19.0312 0248 [ 927463ECB02179F88E4B9A17568C63C3 ] p2psvc C:\Windows\system32\p2psvc.dll
09:54:19.0316 0248 p2psvc - ok
09:54:19.0319 0248 [ 0086431C29C35BE1DBC43F52CC273887 ] Parport C:\Windows\system32\drivers\parport.sys
09:54:19.0320 0248 Parport - ok
09:54:19.0330 0248 [ E9766131EEADE40A27DC27D2D68FBA9C ] partmgr C:\Windows\system32\drivers\partmgr.sys
09:54:19.0330 0248 partmgr - ok
09:54:19.0334 0248 [ 3AEAA8B561E63452C655DC0584922257 ] PcaSvc C:\Windows\System32\pcasvc.dll
09:54:19.0336 0248 PcaSvc - ok
09:54:19.0339 0248 [ 94575C0571D1462A0F70BDE6BD6EE6B3 ] pci C:\Windows\system32\drivers\pci.sys
09:54:19.0341 0248 pci - ok
09:54:19.0350 0248 [ B5B8B5EF2E5CB34DF8DCF8831E3534FA ] pciide C:\Windows\system32\drivers\pciide.sys
09:54:19.0351 0248 pciide - ok
09:54:19.0362 0248 [ B2E81D4E87CE48589F98CB8C05B01F2F ] pcmcia C:\Windows\system32\drivers\pcmcia.sys
09:54:19.0364 0248 pcmcia - ok
09:54:19.0371 0248 [ D6B9C2E1A11A3A4B26A182FFEF18F603 ] pcw C:\Windows\system32\drivers\pcw.sys
09:54:19.0372 0248 pcw - ok
09:54:19.0384 0248 [ 68769C3356B3BE5D1C732C97B9A80D6E ] PEAUTH C:\Windows\system32\drivers\peauth.sys
09:54:19.0388 0248 PEAUTH - ok
09:54:19.0405 0248 [ E495E408C93141E8FC72DC0C6046DDFA ] PerfHost C:\Windows\SysWow64\perfhost.exe
09:54:19.0406 0248 PerfHost - ok
09:54:19.0428 0248 [ C7CF6A6E137463219E1259E3F0F0DD6C ] pla C:\Windows\system32\pla.dll
09:54:19.0446 0248 pla - ok
09:54:19.0463 0248 [ 25FBDEF06C4D92815B353F6E792C8129 ] PlugPlay C:\Windows\system32\umpnpmgr.dll
09:54:19.0466 0248 PlugPlay - ok
09:54:19.0478 0248 [ 7195581CEC9BB7D12ABE54036ACC2E38 ] PNRPAutoReg C:\Windows\system32\pnrpauto.dll
09:54:19.0480 0248 PNRPAutoReg - ok
09:54:19.0485 0248 [ 3EAC4455472CC2C97107B5291E0DCAFE ] PNRPsvc C:\Windows\system32\pnrpsvc.dll
09:54:19.0487 0248 PNRPsvc - ok
09:54:19.0495 0248 [ 4F15D75ADF6156BF56ECED6D4A55C389 ] PolicyAgent C:\Windows\System32\ipsecsvc.dll
09:54:19.0499 0248 PolicyAgent - ok
09:54:19.0504 0248 [ 6BA9D927DDED70BD1A9CADED45F8B184 ] Power C:\Windows\system32\umpo.dll
09:54:19.0505 0248 Power - ok
09:54:19.0526 0248 [ F92A2C41117A11A00BE01CA01A7FCDE9 ] PptpMiniport C:\Windows\system32\DRIVERS\raspptp.sys
09:54:19.0527 0248 PptpMiniport - ok
09:54:19.0534 0248 [ 0D922E23C041EFB1C3FAC2A6F943C9BF ] Processor C:\Windows\system32\drivers\processr.sys
09:54:19.0536 0248 Processor - ok
09:54:19.0547 0248 [ 53E83F1F6CF9D62F32801CF66D8352A8 ] ProfSvc C:\Windows\system32\profsvc.dll
09:54:19.0550 0248 ProfSvc - ok
09:54:19.0559 0248 [ C118A82CD78818C29AB228366EBF81C3 ] ProtectedStorage C:\Windows\system32\lsass.exe
09:54:19.0560 0248 ProtectedStorage - ok
09:54:19.0572 0248 [ 0557CF5A2556BD58E26384169D72438D ] Psched C:\Windows\system32\DRIVERS\pacer.sys
09:54:19.0573 0248 Psched - ok
09:54:19.0596 0248 [ A53A15A11EBFD21077463EE2C7AFEEF0 ] ql2300 C:\Windows\system32\drivers\ql2300.sys
09:54:19.0613 0248 ql2300 - ok
09:54:19.0616 0248 [ 4F6D12B51DE1AAEFF7DC58C4D75423C8 ] ql40xx C:\Windows\system32\drivers\ql40xx.sys
09:54:19.0617 0248 ql40xx - ok
09:54:19.0625 0248 [ 906191634E99AEA92C4816150BDA3732 ] QWAVE C:\Windows\system32\qwave.dll
09:54:19.0628 0248 QWAVE - ok
09:54:19.0633 0248 [ 76707BB36430888D9CE9D705398ADB6C ] QWAVEdrv C:\Windows\system32\drivers\qwavedrv.sys
09:54:19.0635 0248 QWAVEdrv - ok
09:54:19.0637 0248 [ 5A0DA8AD5762FA2D91678A8A01311704 ] RasAcd C:\Windows\system32\DRIVERS\rasacd.sys
09:54:19.0638 0248 RasAcd - ok
09:54:19.0646 0248 [ 7ECFF9B22276B73F43A99A15A6094E90 ] RasAgileVpn C:\Windows\system32\DRIVERS\AgileVpn.sys
09:54:19.0648 0248 RasAgileVpn - ok
09:54:19.0655 0248 [ 8F26510C5383B8DBE976DE1CD00FC8C7 ] RasAuto C:\Windows\System32\rasauto.dll
09:54:19.0657 0248 RasAuto - ok
09:54:19.0665 0248 [ 471815800AE33E6F1C32FB1B97C490CA ] Rasl2tp C:\Windows\system32\DRIVERS\rasl2tp.sys
09:54:19.0666 0248 Rasl2tp - ok
09:54:19.0671 0248 [ EE867A0870FC9E4972BA9EAAD35651E2 ] RasMan C:\Windows\System32\rasmans.dll
09:54:19.0674 0248 RasMan - ok
09:54:19.0682 0248 [ 855C9B1CD4756C5E9A2AA58A15F58C25 ] RasPppoe C:\Windows\system32\DRIVERS\raspppoe.sys
09:54:19.0684 0248 RasPppoe - ok
09:54:19.0692 0248 [ E8B1E447B008D07FF47D016C2B0EEECB ] RasSstp C:\Windows\system32\DRIVERS\rassstp.sys
09:54:19.0693 0248 RasSstp - ok
09:54:19.0703 0248 [ 77F665941019A1594D887A74F301FA2F ] rdbss C:\Windows\system32\DRIVERS\rdbss.sys
09:54:19.0706 0248 rdbss - ok
09:54:19.0717 0248 [ 302DA2A0539F2CF54D7C6CC30C1F2D8D ] rdpbus C:\Windows\system32\drivers\rdpbus.sys
09:54:19.0718 0248 rdpbus - ok
09:54:19.0727 0248 [ CEA6CC257FC9B7715F1C2B4849286D24 ] RDPCDD C:\Windows\system32\DRIVERS\RDPCDD.sys
09:54:19.0727 0248 RDPCDD - ok
09:54:19.0739 0248 [ BB5971A4F00659529A5C44831AF22365 ] RDPENCDD C:\Windows\system32\drivers\rdpencdd.sys
09:54:19.0739 0248 RDPENCDD - ok
09:54:19.0745 0248 [ 216F3FA57533D98E1F74DED70113177A ] RDPREFMP C:\Windows\system32\drivers\rdprefmp.sys
09:54:19.0746 0248 RDPREFMP - ok
09:54:19.0762 0248 [ E61608AA35E98999AF9AAEEEA6114B0A ] RDPWD C:\Windows\system32\drivers\RDPWD.sys
09:54:19.0764 0248 RDPWD - ok
09:54:19.0768 0248 [ 34ED295FA0121C241BFEF24764FC4520 ] rdyboost C:\Windows\system32\drivers\rdyboost.sys
09:54:19.0770 0248 rdyboost - ok
09:54:19.0783 0248 [ 254FB7A22D74E5511C73A3F6D802F192 ] RemoteAccess C:\Windows\System32\mprdim.dll
09:54:19.0785 0248 RemoteAccess - ok
09:54:19.0797 0248 [ E4D94F24081440B5FC5AA556C7C62702 ] RemoteRegistry C:\Windows\system32\regsvc.dll
09:54:19.0799 0248 RemoteRegistry - ok
09:54:19.0814 0248 [ 9C3AC71A9934B884FAC567A8807E9C4D ] Revoflt C:\Windows\system32\DRIVERS\revoflt.sys
09:54:19.0815 0248 Revoflt - ok
09:54:19.0818 0248 [ E4DC58CF7B3EA515AE917FF0D402A7BB ] RpcEptMapper C:\Windows\System32\RpcEpMap.dll
09:54:19.0820 0248 RpcEptMapper - ok
09:54:19.0833 0248 [ D5BA242D4CF8E384DB90E6A8ED850B8C ] RpcLocator C:\Windows\system32\locator.exe
09:54:19.0834 0248 RpcLocator - ok
09:54:19.0851 0248 [ 5C627D1B1138676C0A7AB2C2C190D123 ] RpcSs C:\Windows\system32\rpcss.dll
09:54:19.0854 0248 RpcSs - ok
09:54:19.0865 0248 [ DDC86E4F8E7456261E637E3552E804FF ] rspndr C:\Windows\system32\DRIVERS\rspndr.sys
09:54:19.0867 0248 rspndr - ok
09:54:19.0870 0248 [ C118A82CD78818C29AB228366EBF81C3 ] SamSs C:\Windows\system32\lsass.exe
09:54:19.0871 0248 SamSs - ok
09:54:19.0960 0248 [ 1B1B948C2A70EF92AE1D342A26AA89F1 ] SBAMSvc C:\Program Files (x86)\GFI Software\VIPRE\SBAMSvc.exe
09:54:19.0999 0248 SBAMSvc - ok
09:54:20.0018 0248 [ 6E342316E72F4B6FA39C99E06373A1A3 ] sbapifs C:\Windows\system32\DRIVERS\sbapifs.sys
09:54:20.0020 0248 sbapifs - ok
09:54:20.0073 0248 [ C0ACD574F740C5781031FD533C2494F5 ] SbFw C:\Windows\system32\drivers\SbFw.sys
09:54:20.0075 0248 SbFw - ok
09:54:20.0086 0248 [ 513B3BFCD3C465B9820C2D05FA94E630 ] SBFWIMCL C:\Windows\system32\DRIVERS\sbfwim.sys
09:54:20.0087 0248 SBFWIMCL - ok
09:54:20.0090 0248 [ 513B3BFCD3C465B9820C2D05FA94E630 ] SBFWIMCLMP C:\Windows\system32\DRIVERS\SBFWIM.sys
09:54:20.0091 0248 SBFWIMCLMP - ok
09:54:20.0101 0248 [ F2C38F62E9C540F40C2A5F6172D9D07B ] sbhips C:\Windows\system32\drivers\sbhips.sys
09:54:20.0103 0248 sbhips - ok
09:54:20.0114 0248 [ AC03AF3329579FFFB455AA2DAABBE22B ] sbp2port C:\Windows\system32\drivers\sbp2port.sys
09:54:20.0116 0248 sbp2port - ok
09:54:20.0123 0248 [ A31E5652995581E77B62F02EFEB5D09E ] SBPIMSvc C:\Program Files (x86)\GFI Software\VIPRE\SBPIMSvc.exe
09:54:20.0124 0248 SBPIMSvc - ok
09:54:20.0130 0248 [ AAE41EFBAD69B78513875C2EB3DE7008 ] SBRE C:\Windows\system32\drivers\SBREdrv.sys
09:54:20.0131 0248 SBRE - ok
09:54:20.0134 0248 [ F9AA83A88EABE22B29D8F293C21AAA4D ] sbwtis C:\Windows\system32\DRIVERS\sbwtis.sys
09:54:20.0134 0248 sbwtis - ok
09:54:20.0141 0248 [ 9B7395789E3791A3B6D000FE6F8B131E ] SCardSvr C:\Windows\System32\SCardSvr.dll
09:54:20.0144 0248 SCardSvr - ok
09:54:20.0154 0248 [ 253F38D0D7074C02FF8DEB9836C97D2B ] scfilter C:\Windows\system32\DRIVERS\scfilter.sys
09:54:20.0156 0248 scfilter - ok
09:54:20.0176 0248 [ 262F6592C3299C005FD6BEC90FC4463A ] Schedule C:\Windows\system32\schedsvc.dll
09:54:20.0193 0248 Schedule - ok
09:54:20.0204 0248 [ F17D1D393BBC69C5322FBFAFACA28C7F ] SCPolicySvc C:\Windows\System32\certprop.dll
09:54:20.0205 0248 SCPolicySvc - ok
09:54:20.0218 0248 [ 6EA4234DC55346E0709560FE7C2C1972 ] SDRSVC C:\Windows\System32\SDRSVC.dll
09:54:20.0220 0248 SDRSVC - ok
09:54:20.0236 0248 [ 3EA8A16169C26AFBEB544E0E48421186 ] secdrv C:\Windows\system32\drivers\secdrv.sys
09:54:20.0237 0248 secdrv - ok
09:54:20.0243 0248 [ BC617A4E1B4FA8DF523A061739A0BD87 ] seclogon C:\Windows\system32\seclogon.dll
09:54:20.0245 0248 seclogon - ok
09:54:20.0262 0248 [ C32AB8FA018EF34C0F113BD501436D21 ] SENS C:\Windows\System32\sens.dll
09:54:20.0264 0248 SENS - ok
09:54:20.0275 0248 [ 0336CFFAFAAB87A11541F1CF1594B2B2 ] SensrSvc C:\Windows\system32\sensrsvc.dll
09:54:20.0277 0248 SensrSvc - ok
09:54:20.0283 0248 [ CB624C0035412AF0DEBEC78C41F5CA1B ] Serenum C:\Windows\system32\drivers\serenum.sys
09:54:20.0284 0248 Serenum - ok
09:54:20.0293 0248 [ C1D8E28B2C2ADFAEC4BA89E9FDA69BD6 ] Serial C:\Windows\system32\drivers\serial.sys
09:54:20.0295 0248 Serial - ok
09:54:20.0297 0248 [ 1C545A7D0691CC4A027396535691C3E3 ] sermouse C:\Windows\system32\drivers\sermouse.sys
09:54:20.0298 0248 sermouse - ok
09:54:20.0309 0248 [ 0B6231BF38174A1628C4AC812CC75804 ] SessionEnv C:\Windows\system32\sessenv.dll
09:54:20.0312 0248 SessionEnv - ok
09:54:20.0314 0248 [ A554811BCD09279536440C964AE35BBF ] sffdisk C:\Windows\system32\drivers\sffdisk.sys
09:54:20.0314 0248 sffdisk - ok
09:54:20.0316 0248 [ FF414F0BAEFEBA59BC6C04B3DB0B87BF ] sffp_mmc C:\Windows\system32\drivers\sffp_mmc.sys
09:54:20.0317 0248 sffp_mmc - ok
09:54:20.0327 0248 [ DD85B78243A19B59F0637DCF284DA63C ] sffp_sd C:\Windows\system32\drivers\sffp_sd.sys
09:54:20.0328 0248 sffp_sd - ok
09:54:20.0330 0248 [ A9D601643A1647211A1EE2EC4E433FF4 ] sfloppy C:\Windows\system32\drivers\sfloppy.sys
09:54:20.0330 0248 sfloppy - ok
09:54:20.0355 0248 [ C6CC9297BD53E5229653303E556AA539 ] Sftfs C:\Windows\system32\DRIVERS\Sftfslh.sys
09:54:20.0360 0248 Sftfs - ok
09:54:20.0396 0248 [ 13693B6354DD6E72DC5131DA7D764B90 ] sftlist C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe
09:54:20.0399 0248 sftlist - ok
09:54:20.0411 0248 [ 390AA7BC52CEE43F6790CDEA1E776703 ] Sftplay C:\Windows\system32\DRIVERS\Sftplaylh.sys
09:54:20.0413 0248 Sftplay - ok
09:54:20.0419 0248 [ 617E29A0B0A2807466560D4C4E338D3E ] Sftredir C:\Windows\system32\DRIVERS\Sftredirlh.sys
09:54:20.0420 0248 Sftredir - ok
09:54:20.0423 0248 [ 8F571F016FA1976F445147E9E6C8AE9B ] Sftvol C:\Windows\system32\DRIVERS\Sftvollh.sys
09:54:20.0423 0248 Sftvol - ok
09:54:20.0431 0248 [ C3CDDD18F43D44AB713CF8C4916F7696 ] sftvsa C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe
09:54:20.0432 0248 sftvsa - ok
09:54:20.0439 0248 [ B95F6501A2F8B2E78C697FEC401970CE ] SharedAccess C:\Windows\System32\ipnathlp.dll
09:54:20.0442 0248 SharedAccess - ok
09:54:20.0453 0248 [ AAF932B4011D14052955D4B212A4DA8D ] ShellHWDetection C:\Windows\System32\shsvcs.dll
09:54:20.0455 0248 ShellHWDetection - ok
09:54:20.0469 0248 [ 843CAF1E5FDE1FFD5FF768F23A51E2E1 ] SiSRaid2 C:\Windows\system32\drivers\SiSRaid2.sys
09:54:20.0470 0248 SiSRaid2 - ok
09:54:20.0478 0248 [ 6A6C106D42E9FFFF8B9FCB4F754F6DA4 ] SiSRaid4 C:\Windows\system32\drivers\sisraid4.sys
09:54:20.0480 0248 SiSRaid4 - ok
09:54:20.0518 0248 [ F07AF60B152221472FBDB2FECEC4896D ] SkypeUpdate C:\Program Files (x86)\Skype\Updater\Updater.exe
09:54:20.0519 0248 SkypeUpdate - ok
09:54:20.0529 0248 [ 548260A7B8654E024DC30BF8A7C5BAA4 ] Smb C:\Windows\system32\DRIVERS\smb.sys
09:54:20.0530 0248 Smb - ok
09:54:20.0555 0248 [ 6313F223E817CC09AA41811DAA7F541D ] SNMPTRAP C:\Windows\System32\snmptrap.exe
09:54:20.0556 0248 SNMPTRAP - ok
09:54:20.0562 0248 [ B9E31E5CACDFE584F34F730A677803F9 ] spldr C:\Windows\system32\drivers\spldr.sys
09:54:20.0564 0248 spldr - ok
09:54:20.0589 0248 [ 85DAA09A98C9286D4EA2BA8D0E644377 ] Spooler C:\Windows\System32\spoolsv.exe
09:54:20.0592 0248 Spooler - ok
09:54:20.0634 0248 [ E17E0188BB90FAE42D83E98707EFA59C ] sppsvc C:\Windows\system32\sppsvc.exe
09:54:20.0669 0248 sppsvc - ok
09:54:20.0676 0248 [ 93D7D61317F3D4BC4F4E9F8A96A7DE45 ] sppuinotify C:\Windows\system32\sppuinotify.dll
09:54:20.0678 0248 sppuinotify - ok
09:54:20.0693 0248 [ 441FBA48BFF01FDB9D5969EBC1838F0B ] srv C:\Windows\system32\DRIVERS\srv.sys
09:54:20.0696 0248 srv - ok
09:54:20.0702 0248 [ B4ADEBBF5E3677CCE9651E0F01F7CC28 ] srv2 C:\Windows\system32\DRIVERS\srv2.sys
09:54:20.0705 0248 srv2 - ok
09:54:20.0708 0248 [ 27E461F0BE5BFF5FC737328F749538C3 ] srvnet C:\Windows\system32\DRIVERS\srvnet.sys
09:54:20.0709 0248 srvnet - ok
09:54:20.0721 0248 [ 51B52FBD583CDE8AA9BA62B8B4298F33 ] SSDPSRV C:\Windows\System32\ssdpsrv.dll
09:54:20.0724 0248 SSDPSRV - ok
09:54:20.0730 0248 [ AB7AEBF58DAD8DAAB7A6C45E6A8885CB ] SstpSvc C:\Windows\system32\sstpsvc.dll
09:54:20.0733 0248 SstpSvc - ok
09:54:20.0757 0248 [ 855335BF5792E56164F98C012E3D92DD ] ssudmdm C:\Windows\system32\DRIVERS\ssudmdm.sys
09:54:20.0759 0248 ssudmdm - ok
09:54:20.0772 0248 [ F3817967ED533D08327DC73BC4D5542A ] stexstor C:\Windows\system32\drivers\stexstor.sys
09:54:20.0773 0248 stexstor - ok
09:54:20.0792 0248 [ 8DD52E8E6128F4B2DA92CE27402871C1 ] stisvc C:\Windows\System32\wiaservc.dll
09:54:20.0797 0248 stisvc - ok
09:54:20.0806 0248 [ D01EC09B6711A5F8E7E6564A4D0FBC90 ] swenum C:\Windows\system32\drivers\swenum.sys
09:54:20.0807 0248 swenum - ok
09:54:20.0821 0248 [ E08E46FDD841B7184194011CA1955A0B ] swprv C:\Windows\System32\swprv.dll
09:54:20.0825 0248 swprv - ok
09:54:20.0851 0248 [ BF9CCC0BF39B418C8D0AE8B05CF95B7D ] SysMain C:\Windows\system32\sysmain.dll
09:54:20.0876 0248 SysMain - ok
09:54:20.0880 0248 [ E3C61FD7B7C2557E1F1B0B4CEC713585 ] TabletInputService C:\Windows\System32\TabSvc.dll
09:54:20.0882 0248 TabletInputService - ok
09:54:20.0892 0248 [ 40F0849F65D13EE87B9A9AE3C1DD6823 ] TapiSrv C:\Windows\System32\tapisrv.dll
09:54:20.0895 0248 TapiSrv - ok
09:54:20.0907 0248 [ 1BE03AC720F4D302EA01D40F588162F6 ] TBS C:\Windows\System32\tbssvc.dll
09:54:20.0908 0248 TBS - ok
09:54:20.0940 0248 [ ACB82BDA8F46C84F465C1AFA517DC4B9 ] Tcpip C:\Windows\system32\drivers\tcpip.sys
09:54:20.0966 0248 Tcpip - ok
09:54:20.0990 0248 [ ACB82BDA8F46C84F465C1AFA517DC4B9 ] TCPIP6 C:\Windows\system32\DRIVERS\tcpip.sys
09:54:20.0998 0248 TCPIP6 - ok
09:54:21.0019 0248 [ DF687E3D8836BFB04FCC0615BF15A519 ] tcpipreg C:\Windows\system32\drivers\tcpipreg.sys
09:54:21.0021 0248 tcpipreg - ok
09:54:21.0034 0248 [ 3371D21011695B16333A3934340C4E7C ] TDPIPE C:\Windows\system32\drivers\tdpipe.sys
09:54:21.0035 0248 TDPIPE - ok
09:54:21.0047 0248 [ 51C5ECEB1CDEE2468A1748BE550CFBC8 ] TDTCP C:\Windows\system32\drivers\tdtcp.sys
09:54:21.0049 0248 TDTCP - ok
09:54:21.0051 0248 [ DDAD5A7AB24D8B65F8D724F5C20FD806 ] tdx C:\Windows\system32\DRIVERS\tdx.sys
09:54:21.0053 0248 tdx - ok
09:54:21.0061 0248 [ 561E7E1F06895D78DE991E01DD0FB6E5 ] TermDD C:\Windows\system32\drivers\termdd.sys
09:54:21.0063 0248 TermDD - ok
09:54:21.0074 0248 [ 2E648163254233755035B46DD7B89123 ] TermService C:\Windows\System32\termsrv.dll
09:54:21.0079 0248 TermService - ok
09:54:21.0086 0248 [ F0344071948D1A1FA732231785A0664C ] Themes C:\Windows\system32\themeservice.dll
09:54:21.0088 0248 Themes - ok
09:54:21.0098 0248 [ E40E80D0304A73E8D269F7141D77250B ] THREADORDER C:\Windows\system32\mmcss.dll
09:54:21.0099 0248 THREADORDER - ok
09:54:21.0109 0248 [ 7E7AFD841694F6AC397E99D75CEAD49D ] TrkWks C:\Windows\System32\trkwks.dll
09:54:21.0111 0248 TrkWks - ok
09:54:21.0145 0248 [ 773212B2AAA24C1E31F10246B15B276C ] TrustedInstaller C:\Windows\servicing\TrustedInstaller.exe
09:54:21.0146 0248 TrustedInstaller - ok
09:54:21.0156 0248 [ CE18B2CDFC837C99E5FAE9CA6CBA5D30 ] tssecsrv C:\Windows\system32\DRIVERS\tssecsrv.sys
09:54:21.0158 0248 tssecsrv - ok
09:54:21.0172 0248 [ D11C783E3EF9A3C52C0EBE83CC5000E9 ] TsUsbFlt C:\Windows\system32\drivers\tsusbflt.sys
09:54:21.0173 0248 TsUsbFlt - ok
09:54:21.0176 0248 [ 9CC2CCAE8A84820EAECB886D477CBCB8 ] TsUsbGD C:\Windows\system32\drivers\TsUsbGD.sys
09:54:21.0177 0248 TsUsbGD - ok
09:54:21.0197 0248 [ 3566A8DAAFA27AF944F5D705EAA64894 ] tunnel C:\Windows\system32\DRIVERS\tunnel.sys
09:54:21.0199 0248 tunnel - ok
09:54:21.0207 0248 [ B4DD609BD7E282BFC683CEC7EAAAAD67 ] uagp35 C:\Windows\system32\drivers\uagp35.sys
09:54:21.0208 0248 uagp35 - ok
09:54:21.0217 0248 [ FF4232A1A64012BAA1FD97C7B67DF593 ] udfs C:\Windows\system32\DRIVERS\udfs.sys
09:54:21.0219 0248 udfs - ok
09:54:21.0231 0248 [ 3CBDEC8D06B9968ABA702EBA076364A1 ] UI0Detect C:\Windows\system32\UI0Detect.exe
09:54:21.0233 0248 UI0Detect - ok
09:54:21.0244 0248 [ 4BFE1BC28391222894CBF1E7D0E42320 ] uliagpkx C:\Windows\system32\drivers\uliagpkx.sys
09:54:21.0245 0248 uliagpkx - ok
09:54:21.0256 0248 [ DC54A574663A895C8763AF0FA1FF7561 ] umbus C:\Windows\system32\DRIVERS\umbus.sys
09:54:21.0258 0248 umbus - ok
09:54:21.0263 0248 [ B2E8E8CB557B156DA5493BBDDCC1474D ] UmPass C:\Windows\system32\drivers\umpass.sys
09:54:21.0264 0248 UmPass - ok
09:54:21.0288 0248 [ 6617E7CC9DC6729A11BFF54C47CEA7D0 ] UNS C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe
09:54:21.0289 0248 UNS - ok
09:54:21.0304 0248 [ D47EC6A8E81633DD18D2436B19BAF6DE ] upnphost C:\Windows\System32\upnphost.dll
09:54:21.0308 0248 upnphost - ok
09:54:21.0329 0248 [ 82E8F44688E6FAC57B5B7C6FC7ADBC2A ] usbaudio C:\Windows\system32\drivers\usbaudio.sys
09:54:21.0331 0248 usbaudio - ok
09:54:21.0353 0248 [ 6F1A3157A1C89435352CEB543CDB359C ] usbccgp C:\Windows\system32\DRIVERS\usbccgp.sys
09:54:21.0354 0248 usbccgp - ok
09:54:21.0364 0248 [ AF0892A803FDDA7492F595368E3B68E7 ] usbcir C:\Windows\system32\drivers\usbcir.sys
09:54:21.0365 0248 usbcir - ok
09:54:21.0377 0248 [ C025055FE7B87701EB042095DF1A2D7B ] usbehci C:\Windows\system32\DRIVERS\usbehci.sys
09:54:21.0379 0248 usbehci - ok
09:54:21.0394 0248 [ 287C6C9410B111B68B52CA298F7B8C24 ] usbhub C:\Windows\system32\DRIVERS\usbhub.sys
09:54:21.0396 0248 usbhub - ok
09:54:21.0402 0248 [ 9840FC418B4CBD632D3D0A667A725C31 ] usbohci C:\Windows\system32\drivers\usbohci.sys
09:54:21.0404 0248 usbohci - ok
09:54:21.0415 0248 [ 73188F58FB384E75C4063D29413CEE3D ] usbprint C:\Windows\system32\DRIVERS\usbprint.sys
09:54:21.0417 0248 usbprint - ok
09:54:21.0441 0248 [ AAA2513C8AED8B54B189FD0C6B1634C0 ] usbscan C:\Windows\system32\DRIVERS\usbscan.sys
09:54:21.0442 0248 usbscan - ok
09:54:21.0449 0248 [ FED648B01349A3C8395A5169DB5FB7D6 ] USBSTOR C:\Windows\system32\DRIVERS\USBSTOR.SYS
09:54:21.0449 0248 USBSTOR - ok
09:54:21.0458 0248 [ 62069A34518BCF9C1FD9E74B3F6DB7CD ] usbuhci C:\Windows\system32\drivers\usbuhci.sys
09:54:21.0459 0248 usbuhci - ok
09:54:21.0468 0248 [ EDBB23CBCF2CDF727D64FF9B51A6070E ] UxSms C:\Windows\System32\uxsms.dll
09:54:21.0469 0248 UxSms - ok
09:54:21.0476 0248 [ C118A82CD78818C29AB228366EBF81C3 ] VaultSvc C:\Windows\system32\lsass.exe
09:54:21.0477 0248 VaultSvc - ok
09:54:21.0482 0248 [ C5C876CCFC083FF3B128F933823E87BD ] vdrvroot C:\Windows\system32\drivers\vdrvroot.sys
09:54:21.0483 0248 vdrvroot - ok
09:54:21.0498 0248 [ 8D6B481601D01A456E75C3210F1830BE ] vds C:\Windows\System32\vds.exe
09:54:21.0502 0248 vds - ok
09:54:21.0509 0248 [ DA4DA3F5E02943C2DC8C6ED875DE68DD ] vga C:\Windows\system32\DRIVERS\vgapnp.sys
09:54:21.0509 0248 vga - ok
09:54:21.0512 0248 [ 53E92A310193CB3C03BEA963DE7D9CFC ] VgaSave C:\Windows\System32\drivers\vga.sys
09:54:21.0512 0248 VgaSave - ok
09:54:21.0516 0248 [ 2CE2DF28C83AEAF30084E1B1EB253CBB ] vhdmp C:\Windows\system32\drivers\vhdmp.sys
09:54:21.0518 0248 vhdmp - ok
09:54:21.0520 0248 [ E5689D93FFE4E5D66C0178761240DD54 ] viaide C:\Windows\system32\drivers\viaide.sys
09:54:21.0521 0248 viaide - ok
09:54:21.0533 0248 [ D2AAFD421940F640B407AEFAAEBD91B0 ] volmgr C:\Windows\system32\drivers\volmgr.sys
09:54:21.0534 0248 volmgr - ok
09:54:21.0549 0248 [ A255814907C89BE58B79EF2F189B843B ] volmgrx C:\Windows\system32\drivers\volmgrx.sys
09:54:21.0552 0248 volmgrx - ok
09:54:21.0556 0248 [ 0D08D2F3B3FF84E433346669B5E0F639 ] volsnap C:\Windows\system32\drivers\volsnap.sys
09:54:21.0559 0248 volsnap - ok
09:54:21.0571 0248 [ 5E2016EA6EBACA03C04FEAC5F330D997 ] vsmraid C:\Windows\system32\drivers\vsmraid.sys
09:54:21.0573 0248 vsmraid - ok
09:54:21.0598 0248 [ B60BA0BC31B0CB414593E169F6F21CC2 ] VSS C:\Windows\system32\vssvc.exe
09:54:21.0615 0248 VSS - ok
09:54:21.0620 0248 [ 36D4720B72B5C5D9CB2B9C29E9DF67A1 ] vwifibus C:\Windows\system32\DRIVERS\vwifibus.sys
09:54:21.0621 0248 vwifibus - ok
09:54:21.0642 0248 [ 6A3D66263414FF0D6FA754C646612F3F ] vwififlt C:\Windows\system32\DRIVERS\vwififlt.sys
09:54:21.0643 0248 vwififlt - ok
09:54:21.0657 0248 [ 6A638FC4BFDDC4D9B186C28C91BD1A01 ] vwifimp C:\Windows\system32\DRIVERS\vwifimp.sys
09:54:21.0658 0248 vwifimp - ok
09:54:21.0671 0248 [ 1C9D80CC3849B3788048078C26486E1A ] W32Time C:\Windows\system32\w32time.dll
09:54:21.0675 0248 W32Time - ok
09:54:21.0678 0248 [ 4E9440F4F152A7B944CB1663D3935A3E ] WacomPen C:\Windows\system32\drivers\wacompen.sys
09:54:21.0679 0248 WacomPen - ok
09:54:21.0685 0248 [ 356AFD78A6ED4457169241AC3965230C ] WANARP C:\Windows\system32\DRIVERS\wanarp.sys
09:54:21.0686 0248 WANARP - ok
09:54:21.0688 0248 [ 356AFD78A6ED4457169241AC3965230C ] Wanarpv6 C:\Windows\system32\DRIVERS\wanarp.sys
09:54:21.0689 0248 Wanarpv6 - ok
09:54:21.0743 0248 [ 3CEC96DE223E49EAAE3651FCF8FAEA6C ] WatAdminSvc C:\Windows\system32\Wat\WatAdminSvc.exe
09:54:21.0760 0248 WatAdminSvc - ok
09:54:21.0781 0248 [ 78F4E7F5C56CB9716238EB57DA4B6A75 ] wbengine C:\Windows\system32\wbengine.exe
09:54:21.0798 0248 wbengine - ok
09:54:21.0812 0248 [ 3AA101E8EDAB2DB4131333F4325C76A3 ] WbioSrvc C:\Windows\System32\wbiosrvc.dll
09:54:21.0814 0248 WbioSrvc - ok
09:54:21.0821 0248 [ 7368A2AFD46E5A4481D1DE9D14848EDD ] wcncsvc C:\Windows\System32\wcncsvc.dll
09:54:21.0825 0248 wcncsvc - ok
09:54:21.0834 0248 [ 20F7441334B18CEE52027661DF4A6129 ] WcsPlugInService C:\Windows\System32\WcsPlugInService.dll
09:54:21.0836 0248 WcsPlugInService - ok
09:54:21.0838 0248 [ 72889E16FF12BA0F235467D6091B17DC ] Wd C:\Windows\system32\drivers\wd.sys
09:54:21.0839 0248 Wd - ok
09:54:21.0849 0248 [ 441BD2D7B4F98134C3A4F9FA570FD250 ] Wdf01000 C:\Windows\system32\drivers\Wdf01000.sys
09:54:21.0853 0248 Wdf01000 - ok
09:54:21.0858 0248 [ BF1FC3F79B863C914687A737C2F3D681 ] WdiServiceHost C:\Windows\system32\wdi.dll
09:54:21.0859 0248 WdiServiceHost - ok
09:54:21.0861 0248 [ BF1FC3F79B863C914687A737C2F3D681 ] WdiSystemHost C:\Windows\system32\wdi.dll
09:54:21.0863 0248 WdiSystemHost - ok
09:54:21.0876 0248 [ 3DB6D04E1C64272F8B14EB8BC4616280 ] WebClient C:\Windows\System32\webclnt.dll
09:54:21.0879 0248 WebClient - ok
09:54:21.0886 0248 [ C749025A679C5103E575E3B48E092C43 ] Wecsvc C:\Windows\system32\wecsvc.dll
09:54:21.0889 0248 Wecsvc - ok
09:54:21.0898 0248 [ 7E591867422DC788B9E5BD337A669A08 ] wercplsupport C:\Windows\System32\wercplsupport.dll
09:54:21.0901 0248 wercplsupport - ok
09:54:21.0906 0248 [ 6D137963730144698CBD10F202E9F251 ] WerSvc C:\Windows\System32\WerSvc.dll
09:54:21.0908 0248 WerSvc - ok
09:54:21.0918 0248 [ 611B23304BF067451A9FDEE01FBDD725 ] WfpLwf C:\Windows\system32\DRIVERS\wfplwf.sys
09:54:21.0920 0248 WfpLwf - ok
09:54:21.0927 0248 [ 05ECAEC3E4529A7153B3136CEB49F0EC ] WIMMount C:\Windows\system32\drivers\wimmount.sys
09:54:21.0928 0248 WIMMount - ok
09:54:21.0938 0248 WinDefend - ok
09:54:21.0940 0248 WinHttpAutoProxySvc - ok
09:54:21.0972 0248 [ 19B07E7E8915D701225DA41CB3877306 ] Winmgmt C:\Windows\system32\wbem\WMIsvc.dll
09:54:21.0974 0248 Winmgmt - ok
09:54:22.0000 0248 [ BCB1310604AA415C4508708975B3931E ] WinRM C:\Windows\system32\WsmSvc.dll
09:54:22.0025 0248 WinRM - ok
09:54:22.0063 0248 [ FE88B288356E7B47B74B13372ADD906D ] WinUSB C:\Windows\system32\DRIVERS\WinUSB.sys
09:54:22.0064 0248 WinUSB - ok
09:54:22.0077 0248 [ 4FADA86E62F18A1B2F42BA18AE24E6AA ] Wlansvc C:\Windows\System32\wlansvc.dll
09:54:22.0081 0248 Wlansvc - ok
09:54:22.0112 0248 [ 06C8FA1CF39DE6A735B54D906BA791C6 ] wlcrasvc C:\Program Files\Windows Live\Mesh\wlcrasvc.exe
09:54:22.0113 0248 wlcrasvc - ok
09:54:22.0153 0248 [ 2BACD71123F42CEA603F4E205E1AE337 ] wlidsvc C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
09:54:22.0162 0248 wlidsvc - ok
09:54:22.0177 0248 [ F6FF8944478594D0E414D3F048F0D778 ] WmiAcpi C:\Windows\system32\drivers\wmiacpi.sys
09:54:22.0178 0248 WmiAcpi - ok
09:54:22.0189 0248 [ 38B84C94C5A8AF291ADFEA478AE54F93 ] wmiApSrv C:\Windows\system32\wbem\WmiApSrv.exe
09:54:22.0191 0248 wmiApSrv - ok
09:54:22.0202 0248 WMPNetworkSvc - ok
09:54:22.0212 0248 [ 96C6E7100D724C69FCF9E7BF590D1DCA ] WPCSvc C:\Windows\System32\wpcsvc.dll
09:54:22.0214 0248 WPCSvc - ok
09:54:22.0221 0248 [ 93221146D4EBBF314C29B23CD6CC391D ] WPDBusEnum C:\Windows\system32\wpdbusenum.dll
09:54:22.0224 0248 WPDBusEnum - ok
09:54:22.0228 0248 [ 6BCC1D7D2FD2453957C5479A32364E52 ] ws2ifsl C:\Windows\system32\drivers\ws2ifsl.sys
09:54:22.0229 0248 ws2ifsl - ok
09:54:22.0240 0248 [ E8B1FE6669397D1772D8196DF0E57A9E ] wscsvc C:\Windows\System32\wscsvc.dll
09:54:22.0242 0248 wscsvc - ok
09:54:22.0243 0248 WSearch - ok
09:54:22.0291 0248 [ D9EF901DCA379CFE914E9FA13B73B4C4 ] wuauserv C:\Windows\system32\wuaueng.dll
09:54:22.0316 0248 wuauserv - ok
09:54:22.0322 0248 [ D3381DC54C34D79B22CEE0D65BA91B7C ] WudfPf C:\Windows\system32\drivers\WudfPf.sys
09:54:22.0323 0248 WudfPf - ok
09:54:22.0330 0248 [ CF8D590BE3373029D57AF80914190682 ] WUDFRd C:\Windows\system32\DRIVERS\WUDFRd.sys
09:54:22.0331 0248 WUDFRd - ok
09:54:22.0340 0248 [ 7A95C95B6C4CF292D689106BCAE49543 ] wudfsvc C:\Windows\System32\WUDFSvc.dll
09:54:22.0343 0248 wudfsvc - ok
09:54:22.0351 0248 [ 9A3452B3C2A46C073166C5CF49FAD1AE ] WwanSvc C:\Windows\System32\wwansvc.dll
09:54:22.0354 0248 WwanSvc - ok
09:54:22.0361 0248 ================ Scan global ===============================
09:54:22.0372 0248 [ BA0CD8C393E8C9F83354106093832C7B ] C:\Windows\system32\basesrv.dll
09:54:22.0386 0248 [ EB6A48CC998E1090E44E8E7F1009A640 ] C:\Windows\system32\winsrv.dll
09:54:22.0391 0248 [ EB6A48CC998E1090E44E8E7F1009A640 ] C:\Windows\system32\winsrv.dll
09:54:22.0397 0248 [ D6160F9D869BA3AF0B787F971DB56368 ] C:\Windows\system32\sxssrv.dll
09:54:22.0424 0248 [ 24ACB7E5BE595468E3B9AA488B9B4FCB ] C:\Windows\system32\services.exe
09:54:22.0426 0248 [Global] - ok
09:54:22.0426 0248 ================ Scan MBR ==================================
09:54:22.0433 0248 [ A36C5E4F47E84449FF07ED3517B43A31 ] \Device\Harddisk0\DR0
09:54:22.0553 0248 \Device\Harddisk0\DR0 - ok
09:54:22.0553 0248 ================ Scan VBR ==================================
09:54:22.0555 0248 [ D2FE34C7B3FB24C5DECB5B5FE33F131F ] \Device\Harddisk0\DR0\Partition1
09:54:22.0556 0248 \Device\Harddisk0\DR0\Partition1 - ok
09:54:22.0572 0248 [ 838308FFABEC079BB34D6E1879653794 ] \Device\Harddisk0\DR0\Partition2
09:54:22.0574 0248 \Device\Harddisk0\DR0\Partition2 - ok
09:54:22.0574 0248 ============================================================
09:54:22.0574 0248 Scan finished
09:54:22.0574 0248 ============================================================
09:54:22.0579 2216 Detected object count: 0
09:54:22.0579 2216 Actual detected object count: 0
RogueKiller V8.0.2 [08/31/2012] by Tigzy
mail: tigzyRK<at>gmail<dot>com
Feedback: http://www.geekstogo.com/forum/files/file/413-roguekiller/
Blog: http://tigzyrk.blogspot.com
Operating System: Windows 7 (6.1.7601 Service Pack 1) 64 bits version
Started in : Normal mode
User : Stephen Office [Admin rights]
Mode : Scan -- Date : 09/08/2012 09:58:15
¤¤¤ Bad processes : 1 ¤¤¤
[sVCHOST] svchost.exe -- C:\Users\Stephen Office\AppData\Local\Temp\svchost.exe -> KILLED [TermProc]
¤¤¤ Registry Entries : 11 ¤¤¤
[RUN][sUSP PATH] HKCU\[...]\Run : Snapseed ("C:\Users\Stephen Office\AppData\Roaming\Snapseed\Snapseed.exe") -> FOUND
[RUN][sUSP PATH] HKCU\[...]\Run : Steam ("C:\Users\Stephen Office\AppData\Roaming\Steam\steam.exe") -> FOUND
[RUN][HJNAME] HKCU\[...]\Run : Windows Updater ("C:\Users\Stephen Office\AppData\Local\Temp\svchost.exe") -> FOUND
[RUN][sUSP PATH] HKUS\S-1-5-21-3708766167-61689912-231149725-1000[...]\Run : Snapseed ("C:\Users\Stephen Office\AppData\Roaming\Snapseed\Snapseed.exe") -> FOUND
[RUN][sUSP PATH] HKUS\S-1-5-21-3708766167-61689912-231149725-1000[...]\Run : Steam ("C:\Users\Stephen Office\AppData\Roaming\Steam\steam.exe") -> FOUND
[RUN][HJNAME] HKUS\S-1-5-21-3708766167-61689912-231149725-1000[...]\Run : Windows Updater ("C:\Users\Stephen Office\AppData\Local\Temp\svchost.exe") -> FOUND
[sTARTUP][sUSP PATH] Best Buy pc app.lnk @Default : C:\ProgramData\Best Buy pc app\ClickOnceSetup.exe -> FOUND
[sTARTUP][sUSP PATH] Best Buy pc app.lnk @Default User : C:\ProgramData\Best Buy pc app\ClickOnceSetup.exe -> FOUND
[HJ SMENU] HKCU\[...]\Advanced : Start_ShowMyGames (0) -> FOUND
[HJ DESK] HKLM\[...]\NewStartPanel : {59031a47-3f72-44a7-89c5-5595fe6b30ee} (1) -> FOUND
[HJ DESK] HKLM\[...]\NewStartPanel : {20D04FE0-3AEA-1069-A2D8-08002B30309D} (1) -> FOUND
¤¤¤ Particular Files / Folders: ¤¤¤
¤¤¤ Driver : [NOT LOADED] ¤¤¤
¤¤¤ Infection : ¤¤¤
¤¤¤ HOSTS File: ¤¤¤
--> C:\Windows\system32\drivers\etc\hosts
¤¤¤ MBR Check: ¤¤¤
+++++ PhysicalDrive0: ST1000DM003-9YN162 +++++
--- User ---
[MBR] 4af6bf70c69f8ceb732bdd1551bdb956
[bSP] d8561dcf563882ab125a0ba050e7d21f : Windows 7 MBR Code
Partition table:
0 - [XXXXXX] ACER (0x27) [VISIBLE] Offset (sectors): 2048 | Size: 14336 Mo
1 - [ACTIVE] NTFS (0x07) [VISIBLE] Offset (sectors): 29362176 | Size: 100 Mo
2 - [XXXXXX] NTFS (0x07) [VISIBLE] Offset (sectors): 29566976 | Size: 939431 Mo
User = LL1 ... OK!
User = LL2 ... OK!
Finished : << RKreport[1].txt >>
RKreport[1].txt
-
.
DDS (Ver_2011-08-26.01) - NTFSAMD64
Internet Explorer: 9.0.8112.16421 BrowserJavaVersion: 10.7.2
Run by Stephen Office at 9:22:55 on 2012-09-08
Microsoft Windows 7 Home Premium 6.1.7601.1.1252.1.1033.18.8071.5794 [GMT -4:00]
.
AV: GFI Software VIPRE *Enabled/Updated* {E0D97DD4-42BA-B3F2-A5A7-22E9ACE81FC7}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
SP: GFI Software VIPRE *Enabled/Updated* {5BB89C30-6480-BC7C-9F17-199BD76F557A}
FW: GFI Software VIPRE *Enabled* {D8E2FCF1-08D5-B2AA-8EF8-8BDC523B58BC}
.
============== Running Processes ===============
.
C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\svchost.exe -k RPCSS
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Windows\system32\taskhost.exe
C:\Windows\system32\Dwm.exe
C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
C:\Program Files (x86)\Microsoft\BingBar\SeaPort.EXE
C:\Program Files (x86)\Common Files\Nuance\dgnsvc.exe
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Program Files (x86)\Gateway\Registration\GREGsvc.exe
C:\Windows\Explorer.EXE
C:\Program Files\Intel\iCLS Client\HeciServer.exe
C:\Program Files (x86)\Intel\Intel® Management Engine Components\DAL\jhi_service.exe
C:\Program Files\Gateway\Gateway Updater\UpdaterService.exe
C:\Windows\SysWOW64\NLSSRV32.EXE
C:\Program Files (x86)\GFI Software\VIPRE\SBPIMSvc.exe
C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe
C:\Windows\system32\svchost.exe -k imgsvc
C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe
C:\Windows\System32\igfxtray.exe
C:\Program Files (x86)\Common Files\Comscan\Comscan.exe
C:\Windows\System32\hkcmd.exe
C:\Windows\System32\igfxpers.exe
C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
C:\Program Files (x86)\Google\Drive\googledrivesync.exe
C:\ProgramData\FLEXnet\Connect\11\ISUSPM.exe
C:\Users\Stephen Office\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Skype\Phone\Skype.exe
C:\Program Files (x86)\Google\Drive\googledrivesync.exe
C:\Program Files (x86)\Intel\Intel® USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe
C:\Program Files (x86)\CyberLink\PowerDVD10\PDVD10Serv.exe
C:\Program Files (x86)\Gateway\Hotkey Utility\HotkeyUtility.exe
C:\Program Files (x86)\Evernote\Evernote\EvernoteClipper.exe
C:\Program Files (x86)\RateWatch\RateWatch.exe
C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe
C:\Program Files (x86)\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\Windows\system32\SearchIndexer.exe
C:\Program Files (x86)\GFI Software\VIPRE\SBAMTray.exe
C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
C:\Windows\system32\WUDFHost.exe
C:\Users\Stephen Office\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Stephen Office\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Stephen Office\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Stephen Office\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Stephen Office\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\GFI Software\VIPRE\SBAMSvc.exe
"C:\Users\Stephen Office\AppData\Local\Temp\svchost.exe"
C:\Windows\Microsoft.NET\Framework\v2.0.50727\dw20.exe
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\Windows\System32\svchost.exe -k LocalServicePeerNet
C:\Users\Stephen Office\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Windows\system32\DllHost.exe
C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe
C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe
C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe
C:\Program Files (x86)\Nero\Update\NASvc.exe
C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe
C:\Users\Stephen Office\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Stephen Office\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Stephen Office\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Stephen Office\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Stephen Office\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Windows\system32\taskeng.exe
C:\Windows\system32\taskeng.exe
C:\Windows\system32\DllHost.exe
C:\Windows\system32\DllHost.exe
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\conhost.exe
C:\Windows\SysWOW64\cscript.exe
C:\Windows\system32\wbem\wmiprvse.exe
.
============== Pseudo HJT Report ===============
.
uStart Page = hxxp://www.google.com/
uDefault_Page_URL = hxxp://www.bing.com/?pc=MAGW
mDefault_Page_URL = hxxp://www.bing.com/?pc=MAGW
mStart Page = hxxp://www.bing.com/?pc=MAGW
mWinlogon: Userinit=userinit.exe,
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
BHO: Java Plug-In SSV Helper: {761497bb-d6f0-462c-b6eb-d4daf1d92d43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll
BHO: Windows Live ID Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
BHO: Bing Bar Helper: {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - "C:\Program Files (x86)\Microsoft\BingBar\BingExt.dll"
BHO: Java Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll
TB: Bing Bar: {8dcb7100-df86-4384-8842-8fa844297b3f} - "C:\Program Files (x86)\Microsoft\BingBar\BingExt.dll"
TB: {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - No File
uRun: [Google Update] "C:\Users\Stephen Office\AppData\Local\Google\Update\GoogleUpdate.exe" /c
uRun: [GoogleDriveSync] "C:\Program Files (x86)\Google\Drive\googledrivesync.exe" /autostart
uRun: [iSUSPM] C:\ProgramData\FLEXnet\Connect\11\ISUSPM.exe -scheduler
uRun: [snapseed] "C:\Users\Stephen Office\AppData\Roaming\Snapseed\Snapseed.exe"
uRun: [GoogleChromeAutoLaunch_7BCCD22CCD6B50943C05683EEFDFE4FC] "C:\Users\Stephen Office\AppData\Local\Google\Chrome\Application\chrome.exe" --no-startup-window
uRun: [steam] "C:\Users\Stephen Office\AppData\Roaming\Steam\steam.exe"
uRun: [skype] "C:\Program Files (x86)\Skype\Phone\Skype.exe" /minimized /regrun
uRun: [Windows Updater] "C:\Users\Stephen Office\AppData\Local\Temp\svchost.exe"
mRun: [uSB3MON] "C:\Program Files (x86)\Intel\Intel® USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe"
mRun: [RemoteControl10] "C:\Program Files (x86)\CyberLink\PowerDVD10\PDVD10Serv.exe"
mRun: [Hotkey Utility] C:\Program Files (x86)\Gateway\Hotkey Utility\HotkeyUtility.exe
mRun: [DNS7reminder] "C:\Program Files (x86)\Nuance\NaturallySpeaking11\Ereg\Ereg.exe" -r "C:\ProgramData\Nuance\NaturallySpeaking11\Ereg.ini"
mRun: [Malwarebytes' Anti-Malware] "C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe" /starttray
mRun: [sBAMTray] "C:\Program Files (x86)\GFI Software\VIPRE\SBAMTray.exe"
mRun: [sunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
StartupFolder: C:\Users\STEPHE~1\AppData\Roaming\MICROS~1\Windows\STARTM~1\Programs\Startup\EVERNO~1.LNK - C:\Program Files (x86)\Evernote\Evernote\EvernoteClipper.exe
StartupFolder: C:\Users\STEPHE~1\AppData\Roaming\MICROS~1\Windows\STARTM~1\Programs\Startup\RATEWA~1.LNK - C:\Program Files (x86)\RateWatch\RateWatch.exe
mPolicies-explorer: NoActiveDesktop = 1 (0x1)
mPolicies-system: ConsentPromptBehaviorAdmin = 5 (0x5)
mPolicies-system: ConsentPromptBehaviorUser = 3 (0x3)
mPolicies-system: EnableUIADesktopToggle = 0 (0x0)
mPolicies-system: PromptOnSecureDesktop = 0 (0x0)
mPolicies-system: EnableLinkedConnections = 1 (0x1)
IE: Add to Evernote 4.0 - C:\Program Files (x86)\Evernote\Evernote\EvernoteIE.dll/204
IE: {A95fe080-8f5d-11d2-a20b-00aa003c157a} - res://C:\Program Files (x86)\Evernote\Evernote\EvernoteIE.dll/204
IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll
TCP: DhcpNameServer = 75.75.75.75 75.75.76.76
TCP: Interfaces\{B54D3410-5891-4133-A205-A67F367E80A7} : DhcpNameServer = 75.75.75.75 75.75.76.76
TCP: Interfaces\{B54D3410-5891-4133-A205-A67F367E80A7}\D45627369616 : DhcpNameServer = 192.168.1.1
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~2\COMMON~1\Skype\SKYPE4~1.DLL
Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files (x86)\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll
mASetup: Neat ADF Scanner 2008 - reg copy "HKLM\Software\Wow6432Node\The Neat Company\Neat ADF Scanner 2008" "HKCU\Software\The Neat Company\Neat ADF Scanner 2008" /s /f
BHO-X64: Adobe PDF Link Helper: {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
BHO-X64: AcroIEHelperStub - No File
BHO-X64: Java Plug-In SSV Helper: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll
BHO-X64: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
BHO-X64: Bing Bar Helper: {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - "C:\Program Files (x86)\Microsoft\BingBar\BingExt.dll"
BHO-X64: Java Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll
TB-X64: Bing Bar: {8dcb7100-df86-4384-8842-8fa844297b3f} - "C:\Program Files (x86)\Microsoft\BingBar\BingExt.dll"
TB-X64: {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - No File
mRun-x64: [uSB3MON] "C:\Program Files (x86)\Intel\Intel® USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe"
mRun-x64: [RemoteControl10] "C:\Program Files (x86)\CyberLink\PowerDVD10\PDVD10Serv.exe"
mRun-x64: [Hotkey Utility] C:\Program Files (x86)\Gateway\Hotkey Utility\HotkeyUtility.exe
mRun-x64: [DNS7reminder] "C:\Program Files (x86)\Nuance\NaturallySpeaking11\Ereg\Ereg.exe" -r "C:\ProgramData\Nuance\NaturallySpeaking11\Ereg.ini"
mRun-x64: [Malwarebytes' Anti-Malware] "C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe" /starttray
mRun-x64: [sBAMTray] "C:\Program Files (x86)\GFI Software\VIPRE\SBAMTray.exe"
mRun-x64: [sunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
IE-X64: {A95fe080-8f5d-11d2-a20b-00aa003c157a} - res://C:\Program Files (x86)\Evernote\Evernote\EvernoteIE.dll/204
.
================= FIREFOX ===================
.
FF - ProfilePath - C:\Users\Stephen Office\AppData\Roaming\Mozilla\Firefox\Profiles\9lrs1zgh.default\
FF - plugin: C:\PROGRA~2\MICROS~4\Office14\NPSPWRAP.DLL
FF - plugin: C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll
FF - plugin: C:\Program Files (x86)\Google\Update\1.3.21.115\npGoogleUpdate3.dll
FF - plugin: C:\Program Files (x86)\Intel\Intel® Management Engine Components\IPT\npIntelWebAPIIPT.dll
FF - plugin: C:\Program Files (x86)\Intel\Intel® Management Engine Components\IPT\npIntelWebAPIUpdater.dll
FF - plugin: c:\Program Files (x86)\Microsoft Silverlight\4.1.10329.0\npctrlui.dll
FF - plugin: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll
FF - plugin: C:\ProgramData\Best Buy pc app\npBestBuyPcAppDetector.dll
FF - plugin: C:\Users\Stephen Office\AppData\Local\Google\Update\1.3.21.115\npGoogleUpdate3.dll
FF - plugin: C:\Users\Stephen Office\AppData\Roaming\Mozilla\plugins\npgoogletalk.dll
FF - plugin: C:\Users\Stephen Office\AppData\Roaming\Mozilla\plugins\npgtpo3dautoplugin.dll
.
============= SERVICES / DRIVERS ===============
.
R0 iusb3hcs;Intel® USB 3.0 Host Controller Switch Driver;C:\Windows\system32\DRIVERS\iusb3hcs.sys --> C:\Windows\system32\DRIVERS\iusb3hcs.sys [?]
R1 SbFw;SbFw;C:\Windows\system32\drivers\SbFw.sys --> C:\Windows\system32\drivers\SbFw.sys [?]
R1 SBRE;SBRE;C:\Windows\System32\drivers\SBREDrv.sys [2012-1-25 101112]
R1 vwififlt;Virtual WiFi Filter Driver;C:\Windows\system32\DRIVERS\vwififlt.sys --> C:\Windows\system32\DRIVERS\vwififlt.sys [?]
R2 AdobeARMservice;Adobe Acrobat Update Service;C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe [2012-7-27 63960]
R2 BBUpdate;BBUpdate;C:\Program Files (x86)\Microsoft\BingBar\SeaPort.EXE [2011-5-12 249648]
R2 cvhsvc;Client Virtualization Handler;C:\Program Files (x86)\Common Files\microsoft shared\Virtualization Handler\CVHSVC.EXE [2012-1-4 822624]
R2 DragonSvc;Dragon Service;C:\Program Files (x86)\Common Files\Nuance\dgnsvc.exe [2011-6-4 296808]
R2 GREGService;GREGService;C:\Program Files (x86)\Gateway\Registration\GREGsvc.exe [2012-2-29 28264]
R2 IAStorDataMgrSvc;Intel® Rapid Storage Technology;C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe [2012-5-17 13592]
R2 Intel® Capability Licensing Service Interface;Intel® Capability Licensing Service Interface;C:\Program Files\Intel\iCLS Client\HeciServer.exe [2012-2-3 628448]
R2 jhi_service;Intel® Dynamic Application Loader Host Interface Service;C:\Program Files (x86)\Intel\Intel® Management Engine Components\DAL\Jhi_service.exe [2012-5-17 161560]
R2 Live Updater Service;Live Updater Service;C:\Program Files\Gateway\Gateway Updater\UpdaterService.exe [2012-4-5 255376]
R2 MBAMService;MBAMService;C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [2012-8-28 655944]
R2 NAUpdate;Nero Update;C:\Program Files (x86)\Nero\Update\NASvc.exe [2011-3-29 598312]
R2 nlsX86cc;Nalpeiron Licensing Service;C:\Windows\SysWOW64\NLSSRV32.EXE [2012-8-15 69640]
R2 SBAMSvc;VIPRE Internet Security;C:\Program Files (x86)\GFI Software\VIPRE\SBAMSvc.exe [2012-6-22 3289720]
R2 sbapifs;sbapifs;C:\Windows\system32\DRIVERS\sbapifs.sys --> C:\Windows\system32\DRIVERS\sbapifs.sys [?]
R2 SBPIMSvc;SB Recovery Service;C:\Program Files (x86)\GFI Software\VIPRE\SBPIMSvc.exe [2012-6-22 173960]
R2 sftlist;Application Virtualization Client;C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe [2011-10-1 508776]
R2 UNS;Intel® Management and Security Application User Notification Service;C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe [2012-5-17 363800]
R3 e1cexpress;Intel® PRO/1000 PCI Express Network Connection Driver C;C:\Windows\system32\DRIVERS\e1c62x64.sys --> C:\Windows\system32\DRIVERS\e1c62x64.sys [?]
R3 IntcDAud;Intel® Display Audio;C:\Windows\system32\DRIVERS\IntcDAud.sys --> C:\Windows\system32\DRIVERS\IntcDAud.sys [?]
R3 iusb3hub;Intel® USB 3.0 Hub Driver;C:\Windows\system32\DRIVERS\iusb3hub.sys --> C:\Windows\system32\DRIVERS\iusb3hub.sys [?]
R3 iusb3xhc;Intel® USB 3.0 eXtensible Host Controller Driver;C:\Windows\system32\DRIVERS\iusb3xhc.sys --> C:\Windows\system32\DRIVERS\iusb3xhc.sys [?]
R3 MBAMProtector;MBAMProtector;\??\C:\Windows\system32\drivers\mbam.sys --> C:\Windows\system32\drivers\mbam.sys [?]
R3 MEIx64;Intel® Management Engine Interface ;C:\Windows\system32\DRIVERS\HECIx64.sys --> C:\Windows\system32\DRIVERS\HECIx64.sys [?]
R3 netr28x;Ralink 802.11n Extensible Wireless Driver;C:\Windows\system32\DRIVERS\netr28x.sys --> C:\Windows\system32\DRIVERS\netr28x.sys [?]
R3 SBFWIMCLMP;GFI Software Firewall NDIS IM Filter Miniport;C:\Windows\system32\DRIVERS\SBFWIM.sys --> C:\Windows\system32\DRIVERS\SBFWIM.sys [?]
R3 sbwtis;sbwtis;C:\Windows\system32\DRIVERS\sbwtis.sys --> C:\Windows\system32\DRIVERS\sbwtis.sys [?]
R3 Sftfs;Sftfs;C:\Windows\system32\DRIVERS\Sftfslh.sys --> C:\Windows\system32\DRIVERS\Sftfslh.sys [?]
R3 Sftplay;Sftplay;C:\Windows\system32\DRIVERS\Sftplaylh.sys --> C:\Windows\system32\DRIVERS\Sftplaylh.sys [?]
R3 Sftredir;Sftredir;C:\Windows\system32\DRIVERS\Sftredirlh.sys --> C:\Windows\system32\DRIVERS\Sftredirlh.sys [?]
R3 Sftvol;Sftvol;C:\Windows\system32\DRIVERS\Sftvollh.sys --> C:\Windows\system32\DRIVERS\Sftvollh.sys [?]
R3 sftvsa;Application Virtualization Service Agent;C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe [2011-10-1 219496]
R3 vwifimp;Microsoft Virtual WiFi Miniport Service;C:\Windows\system32\DRIVERS\vwifimp.sys --> C:\Windows\system32\DRIVERS\vwifimp.sys [?]
S2 Agent;Agent;C:\Windows\agent_x64.exe [2012-8-8 102912]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-3-18 138576]
S2 gupdate;Google Update Service (gupdate);C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2012-7-30 116648]
S2 SkypeUpdate;Skype Updater;C:\Program Files (x86)\Skype\Updater\Updater.exe [2012-7-13 160944]
S3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service;C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-4-6 253600]
S3 BBSvc;Bing Bar Update Service;C:\Program Files (x86)\Microsoft\BingBar\BBSvc.EXE [2011-6-7 191752]
S3 cphs;Intel® Content Protection HECI Service;C:\Windows\SysWOW64\IntelCpHeciSvc.exe [2012-4-6 274200]
S3 dg_ssudbus;SAMSUNG Mobile USB Composite Device Driver (DEVGURU Ver.);C:\Windows\system32\DRIVERS\ssudbus.sys --> C:\Windows\system32\DRIVERS\ssudbus.sys [?]
S3 gupdatem;Google Update Service (gupdatem);C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2012-7-30 116648]
S3 MozillaMaintenance;Mozilla Maintenance Service;C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe [2012-7-28 113120]
S3 osppsvc;Office Software Protection Platform;C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE [2010-1-9 4925184]
S3 Revoflt;Revoflt;C:\Windows\system32\DRIVERS\revoflt.sys --> C:\Windows\system32\DRIVERS\revoflt.sys [?]
S3 SBFWIMCL;GFI Software Firewall NDIS IM Filter Service;C:\Windows\system32\DRIVERS\sbfwim.sys --> C:\Windows\system32\DRIVERS\sbfwim.sys [?]
S3 sbhips;sbhips;C:\Windows\system32\drivers\sbhips.sys --> C:\Windows\system32\drivers\sbhips.sys [?]
S3 ssudmdm;SAMSUNG Mobile USB Modem Drivers (DEVGURU Ver.);C:\Windows\system32\DRIVERS\ssudmdm.sys --> C:\Windows\system32\DRIVERS\ssudmdm.sys [?]
S3 TsUsbFlt;TsUsbFlt;C:\Windows\system32\drivers\tsusbflt.sys --> C:\Windows\system32\drivers\tsusbflt.sys [?]
S3 TsUsbGD;Remote Desktop Generic USB Device;C:\Windows\system32\drivers\TsUsbGD.sys --> C:\Windows\system32\drivers\TsUsbGD.sys [?]
S3 WatAdminSvc;Windows Activation Technologies Service;C:\Windows\system32\Wat\WatAdminSvc.exe --> C:\Windows\system32\Wat\WatAdminSvc.exe [?]
S4 wlcrasvc;Windows Live Mesh remote connections service;C:\Program Files\Windows Live\Mesh\wlcrasvc.exe [2010-9-22 57184]
.
=============== Created Last 30 ================
.
2012-09-08 13:08:24 -------- d-----w- C:\Program Files (x86)\ESET
2012-09-08 12:33:05 413138944 ---h--w- C:\Users\Stephen Office\AppData\Roaming\audiohd.exe
2012-09-08 00:29:36 -------- d-----r- C:\Program Files (x86)\Skype
2012-09-07 02:21:54 -------- d-----w- C:\Users\Stephen Office\AppData\Roaming\foobar2000
2012-09-07 02:21:50 -------- d-----w- C:\Program Files (x86)\foobar2000
2012-09-07 01:42:36 -------- d-----w- C:\Users\Stephen Office\AppData\Roaming\Steam
2012-09-05 16:40:02 95208 ----a-w- C:\Windows\SysWow64\WindowsAccessBridge-32.dll
2012-09-04 19:09:51 -------- d-----w- C:\Program Files (x86)\Common Files\Comscan
2012-09-01 15:55:58 -------- d-----w- C:\Users\Stephen Office\AppData\Local\Proxure
2012-09-01 15:55:57 -------- d-----w- C:\ProgramData\ClubSanDisk
2012-08-29 16:00:56 60864 ----a-w- C:\Users\Stephen Office\g2mdlhlpx.exe
2012-08-28 14:15:51 -------- d-----w- C:\ProgramData\GFI Software
2012-08-28 14:15:33 61184 ----a-w- C:\Windows\System32\drivers\sbhips.sys
2012-08-28 14:15:28 57976 ----a-w- C:\Windows\System32\drivers\sbredrv.sys
2012-08-28 14:15:28 46472 ----a-w- C:\Windows\System32\sbbd.exe
2012-08-28 14:15:28 258304 ----a-w- C:\Windows\System32\drivers\SbFw.sys
2012-08-28 14:15:28 119416 ----a-w- C:\Windows\System32\drivers\SbFwIm.sys
2012-08-28 14:15:20 -------- d-----w- C:\ProgramData\Downloaded Installations
2012-08-28 14:15:08 -------- d-----w- C:\Program Files (x86)\GFI Software
2012-08-28 14:15:01 -------- d-----w- C:\Users\Stephen Office\AppData\Roaming\GFI Software
2012-08-28 14:03:28 -------- d-----w- C:\Users\Stephen Office\AppData\Roaming\Malwarebytes
2012-08-28 14:03:22 24904 ----a-w- C:\Windows\System32\drivers\mbam.sys
2012-08-28 14:03:22 -------- d-----w- C:\ProgramData\Malwarebytes
2012-08-28 14:03:22 -------- d-----w- C:\Program Files (x86)\Malwarebytes' Anti-Malware
2012-08-28 07:51:15 9309624 ----a-w- C:\ProgramData\Microsoft\Windows Defender\Definition Updates\{AD22C2FD-239E-46A1-88E5-41C0D924A524}\mpengine.dll
2012-08-27 21:41:13 -------- d-----w- C:\Users\Stephen Office\AppData\Roaming\Snapseed
2012-08-27 21:17:55 -------- d-----w- C:\Program Files\BinTube
2012-08-27 21:05:17 -------- d-----w- C:\Program Files (x86)\VideoLAN
2012-08-27 21:04:20 -------- d-----w- C:\Users\Stephen Office\AppData\Local\BinTube.com
2012-08-27 21:04:20 -------- d-----w- C:\ProgramData\IsolatedStorage
2012-08-27 21:02:14 -------- d-----w- C:\Program Files (x86)\BinTube
2012-08-22 20:07:57 821736 ----a-w- C:\Windows\SysWow64\npDeployJava1.dll
2012-08-22 20:07:57 746984 ----a-w- C:\Windows\SysWow64\deployJava1.dll
2012-08-20 19:19:55 -------- d-----w- C:\Users\Stephen Office\AppData\Local\Apple
2012-08-16 19:37:12 -------- d-----w- C:\Users\Stephen Office\AppData\Roaming\RateWatch.8120D7806F19A08520F163B2D95EA0AD9E0C0659.1
2012-08-16 19:37:12 -------- d-----w- C:\Program Files (x86)\RateWatch
2012-08-16 19:35:02 -------- d-----w- C:\Users\Stephen Office\AppData\Local\LogMeIn Rescue Applet
2012-08-16 17:40:12 -------- d-----w- C:\Users\Stephen Office\AppData\Roaming\Downloaded Installations
2012-08-16 17:38:09 -------- d-----w- C:\Users\Stephen Office\AppData\Roaming\Smart PDF Editor Pro
2012-08-16 17:38:02 -------- d-----w- C:\Users\Stephen Office\AppData\Roaming\Smart PDF Editor
2012-08-16 17:37:59 -------- d-----w- C:\Program Files (x86)\Common Files\Smart Soft
2012-08-16 17:24:55 -------- d-----w- C:\Users\Stephen Office\AppData\Local\VS Revo Group
2012-08-16 17:24:54 31800 ----a-w- C:\Windows\System32\drivers\revoflt.sys
2012-08-16 17:24:53 -------- d-----w- C:\Program Files\VS Revo Group
2012-08-16 13:23:18 -------- d-----w- C:\Users\Stephen Office\AppData\Roaming\FLEXnet
2012-08-16 13:21:12 -------- d-----w- C:\Program Files (x86)\Common Files\IVA
2012-08-16 13:21:00 -------- d-----w- C:\Program Files (x86)\Common Files\Nuance
2012-08-16 13:18:24 -------- d-----w- C:\Program Files (x86)\Nuance
2012-08-15 20:15:18 503808 ----a-w- C:\Windows\System32\srcore.dll
2012-08-15 20:15:18 43008 ----a-w- C:\Windows\SysWow64\srclient.dll
2012-08-15 20:15:17 751104 ----a-w- C:\Windows\System32\win32spl.dll
2012-08-15 20:15:17 67072 ----a-w- C:\Windows\splwow64.exe
2012-08-15 20:15:17 559104 ----a-w- C:\Windows\System32\spoolsv.exe
2012-08-15 20:15:17 492032 ----a-w- C:\Windows\SysWow64\win32spl.dll
2012-08-15 20:15:16 956928 ----a-w- C:\Windows\System32\localspl.dll
2012-08-15 20:15:16 59392 ----a-w- C:\Windows\System32\browcli.dll
2012-08-15 20:15:16 41984 ----a-w- C:\Windows\SysWow64\browcli.dll
2012-08-15 20:15:16 3148800 ----a-w- C:\Windows\System32\win32k.sys
2012-08-15 20:15:16 136704 ----a-w- C:\Windows\System32\browser.dll
2012-08-15 18:13:44 69640 ----a-w- C:\Windows\SysWow64\NLSSRV32.EXE
2012-08-09 22:34:56 -------- d-----w- C:\checks
2012-08-09 22:28:08 136672 ----a-w- C:\Program Files (x86)\Mozilla Firefox\components\browsercomps.dll
.
==================== Find3M ====================
.
2012-06-29 03:56:34 2312704 ----a-w- C:\Windows\System32\jscript9.dll
2012-06-29 03:49:11 1392128 ----a-w- C:\Windows\System32\wininet.dll
2012-06-29 03:48:07 1494528 ----a-w- C:\Windows\System32\inetcpl.cpl
2012-06-29 03:43:49 173056 ----a-w- C:\Windows\System32\ieUnatt.exe
2012-06-29 03:39:48 2382848 ----a-w- C:\Windows\System32\mshtml.tlb
2012-06-29 00:16:58 1800704 ----a-w- C:\Windows\SysWow64\jscript9.dll
2012-06-29 00:09:01 1129472 ----a-w- C:\Windows\SysWow64\wininet.dll
2012-06-29 00:08:59 1427968 ----a-w- C:\Windows\SysWow64\inetcpl.cpl
2012-06-29 00:04:43 142848 ----a-w- C:\Windows\SysWow64\ieUnatt.exe
2012-06-29 00:00:45 2382848 ----a-w- C:\Windows\SysWow64\mshtml.tlb
2012-06-22 19:37:42 46472 ----a-w- C:\Windows\SysWow64\sbbd.exe
.
============= FINISH: 9:23:27.84 ===============
-
I'm still getting random popups and redirects. Sometimes I'm getting a page that says the internet site I requested is not available. When I hit the refresh button for the unavailable site, it will usually load.
-
yes I do have a router.
-
-
Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 9:35:53 PM, on 12/19/2010
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v8.00 (8.00.6001.18702)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\PROGRA~1\ENIGMA~1\SPYHUN~1\SH4SER~1.EXE
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
C:\WINDOWS\system32\brsvc01a.exe
C:\WINDOWS\system32\brss01a.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Avira\AntiVir Desktop\sched.exe
C:\Program Files\Apoint\Apoint.exe
C:\Program Files\Sony\VAIO Camera Utility\VCUServe.exe
C:\Program Files\Sony\VAIO Update 2\VAIOUpdt.exe
C:\Program Files\Java\jre6\bin\jusched.exe
C:\Program Files\Sony\VAIO Power Management\SPMgr.exe
C:\WINDOWS\RTHDCPL.EXE
C:\Program Files\CyberLink DVD Solution\PowerDVD\PDVDServ.exe
C:\Program Files\Sony\ISB Utility\ISBMgr.exe
C:\WINDOWS\system32\igfxpers.exe
C:\WINDOWS\system32\hkcmd.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Avira\AntiVir Desktop\avgnt.exe
C:\Program Files\Google\Gmail Notifier\gnotify.exe
C:\Program Files\Windows Media Player\WMPNSCFG.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Apoint\Apntex.exe
C:\Program Files\Avira\AntiVir Desktop\avguard.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\Program Files\Avira\AntiVir Desktop\avshadow.exe
C:\Program Files\Microsoft SQL Server\MSSQL$EMMSDE\Binn\sqlservr.exe
C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Sony\VAIO Event Service\VESMgr.exe
C:\Program Files\Common Files\Sony Shared\VAIO Entertainment Platform\VCSW\VCSW.exe
C:\Program Files\Common Files\Sony Shared\VAIO Entertainment Platform\VzCdb\VzCdbSvc.exe
C:\Program Files\Common Files\Sony Shared\VAIO Entertainment Platform\VzCdb\VzFw.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\WINDOWS\system32\msiexec.exe
C:\Program Files\Trend Micro\HijackThis\HiJackThis.exe
C:\Documents and Settings\stephen\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
C:\Documents and Settings\stephen\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
C:\Documents and Settings\stephen\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
C:\Documents and Settings\stephen\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
C:\Documents and Settings\stephen\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
C:\Documents and Settings\stephen\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
C:\Documents and Settings\stephen\Local Settings\Application Data\Google\Google Talk Plugin\googletalkplugin.exe
C:\Documents and Settings\stephen\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://us.rd.yahoo.com/customize/ie/defaul...rch/search.html
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://www.sony.com/vaiopeople
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - (no file)
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: CitiUSBrowserHelper Class - {387EDF53-1CF2-4523-BC2F-13462651BE8C} - C:\WINDOWS\system32\BhoCitUS.dll
O2 - BHO: Java Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Java Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O4 - HKLM\..\Run: [PartSeal] C:\WINDOWS\Sonysys\VAIO Recovery\PartSeal.exe
O4 - HKLM\..\Run: [Apoint] C:\Program Files\Apoint\Apoint.exe
O4 - HKLM\..\Run: [VAIOCameraUtility] "C:\Program Files\Sony\VAIO Camera Utility\VCUServe.exe"
O4 - HKLM\..\Run: [VAIO Update 2] "C:\Program Files\Sony\VAIO Update 2\VAIOUpdt.exe" /Stationary
O4 - HKLM\..\Run: [VAIO Recovery] C:\WINDOWS\Sonysys\VAIO Recovery\PartSeal.exe
O4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"
O4 - HKLM\..\Run: [sonyPowerCfg] C:\Program Files\Sony\VAIO Power Management\SPMgr.exe
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM\..\Run: [RemoteControl] "C:\Program Files\CyberLink DVD Solution\PowerDVD\PDVDServ.exe"
O4 - HKLM\..\Run: [iSBMgr.exe] C:\Program Files\Sony\ISB Utility\ISBMgr.exe
O4 - HKLM\..\Run: [igfxtray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [igfxpers] C:\WINDOWS\system32\igfxpers.exe
O4 - HKLM\..\Run: [igfxhkcmd] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [AzMixerSel] C:\Program Files\Realtek\InstallShield\AzMixerSel.exe
O4 - HKLM\..\Run: [pdfFactory Dispatcher v3] "C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\fppdis3a.exe" /source=HKLM
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [avgnt] "C:\Program Files\Avira\AntiVir Desktop\avgnt.exe" /min
O4 - HKLM\..\Run: [{0228e555-4f9c-4e35-a3ec-b109a192b4c2}] C:\Program Files\Google\Gmail Notifier\gnotify.exe
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe
O4 - HKCU\..\Run: [Google Update] "C:\Documents and Settings\stephen\Local Settings\Application Data\Google\Update\GoogleUpdate.exe" /c
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~3\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: Transfer by Image Converter 2 Plus - C:\Program Files\Sony\Image Converter 2\menu.htm
O9 - Extra button: Blog This - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra 'Tools' menuitem: &Blog This in Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\OFFICE11\REFIEBAR.DLL
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra button: (no name) - Cmdmapping - (no file) (HKCU)
O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O14 - IERESET.INF: START_PAGE_URL=http://www.sony.com/vaiopeople
O15 - Trusted Zone: http://www.deq.state.va.us
O16 - DPF: {01111F00-3E00-11D2-8470-0060089874ED} - http://supportsoft.adelphia.net/sdccommon/...ad/tgctlins.cab
O16 - DPF: {02A08EC5-C341-4BE5-AD4F-62215D2407EF} (ApplicationSharing Class) - https://wip-data.webdialogs.com/components/WDATL70.CAB
O16 - DPF: {02CF1781-EA91-4FA5-A200-646E8241987C} (VaioInfo.CMClass) - http://esupport.sony.com/VaioInfo.CAB
O16 - DPF: {1663ed61-23eb-11d2-b92f-008048fdd814} (MeadCo ScriptX Advanced) - https://www.taylorbeanonline.com/scriptx/smsx.cab
O16 - DPF: {215B8138-A3CF-44C5-803F-8226143CFC0A} (Trend Micro ActiveX Scan Agent 6.6) - http://housecall65.trendmicro.com/housecal...ivex/hcImpl.cab
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (YInstStarter Class) - C:\Program Files\Yahoo!\Common\yinsthelper.dll
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://gfx1.hotmail.com/mail/w2/resources/MSNPUpld.cab
O16 - DPF: {58D5690D-55A6-4B0B-B735-D0C82E14700C} (ApplicationSharing Class) - https://wip-data.webdialogs.com/components/WDATL72.CAB
O16 - DPF: {5ED80217-570B-4DA9-BF44-BE107C0EC166} (Windows Live Safety Center Base Module) - http://cdn.scan.safety.live.com/resource/d...lscbase8460.cab
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdat...b?1163214234545
O16 - DPF: {7584C670-2274-4EFB-B00B-D6AABA6D3850} (Microsoft RDP Client Control (redist)) - http://remote.ewmortgage.com/tsweb/msrdp.cab
O16 - DPF: {AB86CE53-AC9F-449F-9399-D8ABCA09EC09} (Get_ActiveX Control) - https://h17000.www1.hp.com/ewfrf-JAVA/Secur...loadManager.ocx
O16 - DPF: {CB50428B-657F-47DF-9B32-671F82AA73F7} (Photodex Presenter AX control) - http://www.photodex.com/pxplay.cab
O16 - DPF: {CBF95A06-D408-46E3-8077-37E5B098EB84} (EnClickLoanWF Control) - https://ilnet.wellsfargo.com/ilonline/hmUpl...clickloanwf.cab
O16 - DPF: {E06E2E99-0AA1-11D4-ABA6-0060082AA75C} (GpcContainer Class) - https://alamodetraining.webex.com/client/v_...ing/ieatgpc.cab
O22 - SharedTaskScheduler: Browseui preloader - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - C:\WINDOWS\system32\browseui.dll
O22 - SharedTaskScheduler: Component Categories cache daemon - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\WINDOWS\system32\browseui.dll
O23 - Service: Avira AntiVir Scheduler (AntiVirSchedulerService) - Avira GmbH - C:\Program Files\Avira\AntiVir Desktop\sched.exe
O23 - Service: Avira AntiVir Guard (AntiVirService) - Avira GmbH - C:\Program Files\Avira\AntiVir Desktop\avguard.exe
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: BrSplService (Brother XP spl Service) - brother Industries Ltd - C:\WINDOWS\system32\brsvc01a.exe
O23 - Service: EvtEng - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: Image Converter video recording monitor for VAIO Entertainment - Sony Corporation - C:\Program Files\Sony\Image Converter 2\IcVzMon.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: MSCSPTISRV - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\MSCSPTISRV.exe
O23 - Service: OKI OPHD DCS Loader - Oki Data Corporation - C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\OPHDLDCS.EXE
O23 - Service: PACSPTISVR - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\PACSPTISVR.exe
O23 - Service: RegSrvc - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
O23 - Service: Spectrum24 Event Monitor (S24EventMonitor) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
O23 - Service: Sony SPTI Service (SPTISRV) - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\SPTISRV.exe
O23 - Service: SpyHunter 4 Service - Enigma Software Group USA, LLC. - C:\PROGRA~1\ENIGMA~1\SPYHUN~1\SH4SER~1.EXE
O23 - Service: SonicStage SCSI Service (SSScsiSV) - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\SSScsiSV.exe
O23 - Service: VAIO Entertainment TV Device Arbitration Service - Sony Corporation - C:\Program Files\Common Files\Sony Shared\VAIO Entertainment Platform\VzCs\VzHardwareResourceManager\VzHardwareResourceManager.exe
O23 - Service: VAIO Event Service - Sony Corporation - C:\Program Files\Sony\VAIO Event Service\VESMgr.exe
O23 - Service: VAIO Media Integrated Server (VAIOMediaPlatform-IntegratedServer-AppServer) - Sony Corporation - C:\Program Files\Sony\VAIO Media Integrated Server\VMISrv.exe
O23 - Service: VAIO Media Integrated Server (HTTP) (VAIOMediaPlatform-IntegratedServer-HTTP) - Sony Corporation - C:\Program Files\Sony\VAIO Media Integrated Server\Platform\SV_Httpd.exe
O23 - Service: VAIO Media Integrated Server (UPnP) (VAIOMediaPlatform-IntegratedServer-UPnP) - Sony Corporation - C:\Program Files\Sony\VAIO Media Integrated Server\Platform\UPnPFramework.exe
O23 - Service: VAIO Media Gateway Server (VAIOMediaPlatform-Mobile-Gateway) - Sony Corporation - C:\Program Files\Sony\VAIO Media Integrated Server\Platform\VmGateway.exe
O23 - Service: VAIO Entertainment UPnP Client Adapter (Vcsw) - Sony Corporation - C:\Program Files\Common Files\Sony Shared\VAIO Entertainment Platform\VCSW\VCSW.exe
O23 - Service: VAIO Entertainment Database Service (VzCdbSvc) - Sony Corporation - C:\Program Files\Common Files\Sony Shared\VAIO Entertainment Platform\VzCdb\VzCdbSvc.exe
O23 - Service: VAIO Entertainment File Import Service (VzFw) - Sony Corporation - C:\Program Files\Common Files\Sony Shared\VAIO Entertainment Platform\VzCdb\VzFw.exe
--
End of file - 14601 bytes
-
0 VT Community user(s) with a total of 0 reputation credit(s) say(s) this sample is goodware. 0 VT Community user(s) with a total of 0 reputation credit(s) say(s) this sample is malware.
File name: BRS2MF4A.EXE
Submission date: 2010-12-15 20:20:04 (UTC)
Current status: finished
Result: 0/ 43 (0.0%)
VT Community
not reviewed
Safety score: -
Compact
Print results
Antivirus Version Last Update Result
AhnLab-V3 2010.12.15.02 2010.12.15 -
AntiVir 7.11.0.45 2010.12.15 -
Antiy-AVL 2.0.3.7 2010.12.15 -
Avast 4.8.1351.0 2010.12.15 -
Avast5 5.0.677.0 2010.12.15 -
AVG 9.0.0.851 2010.12.15 -
BitDefender 7.2 2010.12.15 -
CAT-QuickHeal 11.00 2010.12.15 -
ClamAV 0.96.4.0 2010.12.15 -
Command 5.2.11.5 2010.12.15 -
Comodo 7072 2010.12.15 -
DrWeb 5.0.2.03300 2010.12.15 -
Emsisoft 5.1.0.1 2010.12.15 -
eSafe 7.0.17.0 2010.12.15 -
eTrust-Vet 36.1.8043 2010.12.15 -
F-Prot 4.6.2.117 2010.12.14 -
F-Secure 9.0.16160.0 2010.12.15 -
Fortinet 4.2.254.0 2010.12.15 -
GData 21 2010.12.15 -
Ikarus T3.1.1.90.0 2010.12.15 -
Jiangmin 13.0.900 2010.12.15 -
K7AntiVirus 9.73.3258 2010.12.15 -
Kaspersky 7.0.0.125 2010.12.15 -
McAfee 5.400.0.1158 2010.12.15 -
McAfee-GW-Edition 2010.1C 2010.12.15 -
Microsoft 1.6402 2010.12.15 -
NOD32 5706 2010.12.15 -
Norman 6.06.12 2010.12.15 -
nProtect 2010-12-15.02 2010.12.15 -
Panda 10.0.2.7 2010.12.15 -
PCTools 7.0.3.5 2010.12.15 -
Prevx 3.0 2010.12.15 -
Rising 22.78.01.04 2010.12.15 -
Sophos 4.60.0 2010.12.15 -
SUPERAntiSpyware 4.40.0.1006 2010.12.15 -
Symantec 20101.3.0.103 2010.12.15 -
TheHacker 6.7.0.1.101 2010.12.15 -
TrendMicro 9.120.0.1004 2010.12.15 -
TrendMicro-HouseCall 9.120.0.1004 2010.12.15 -
VBA32 3.12.14.2 2010.12.14 -
VIPRE 7665 2010.12.15 -
ViRobot 2010.12.15.4202 2010.12.15 -
VirusBuster 13.6.96.0 2010.12.15 -
Additional informationShow all
MD5 : bda0d5f8767012e18c06fada5ed8a8ec
SHA1 : 4e183d2c118c1b17efdd5776ebdf1a5d03a53eeb
SHA256: 36fed972d974395baa2ba727bad0f862042c37b9758407543634ac1a06993782
ssdeep: 3072:Kp+xCz4ySXMsxg5aXkrr9L22+z/I/wsnwbCXoNG:KcxNXMRk0VLkCM
File size : 131072 bytes
First seen: 2009-05-11 18:11:06
Last seen : 2010-12-15 20:20:04
TrID:
Win64 Executable Generic (54.6%)
Win32 Executable MS Visual C++ (generic) (24.0%)
Windows Screen Saver (8.3%)
Win32 Executable Generic (5.4%)
Win32 Dynamic Link Library (generic) (4.8%)
sigcheck:
publisher....: Brother Industries,ltd
copyright....: Copyright © Brother Industries, ltd 2003
product......: Brother brspl03x
description..: brspl03x
original name: brspl03x.exe
internal name: brspl03x
file version.: 3.70
comments.....:
signers......: -
signing date.: -
verified.....: Unsigned
PEiD: Armadillo v1.71
PEInfo: PE structure information
[[ basic data ]]
entrypointaddress: 0x132AC
timedatestamp....: 0x4007379D (Fri Jan 16 01:00:13 2004)
machinetype......: 0x14c (I386)
[[ 4 section(s) ]]
name, viradd, virsiz, rawdsiz, ntropy, md5
.text, 0x1000, 0x17FFD, 0x18000, 6.57, a99a7088ddfd0bacce13be7cd594f6f0
.rdata, 0x19000, 0x1D32, 0x2000, 5.35, 4ba614b11946d7f3a5a6cc5662ab012d
.data, 0x1B000, 0x12638, 0x4000, 2.79, 8256ead965980bb5d21ab8861674571c
.rsrc, 0x2E000, 0x728, 0x1000, 1.67, 99552165900677a7f1dcd9d3d756a0bb
[[ 6 import(s) ]]
KERNEL32.dll: SetEndOfFile, GetTempPathW, GlobalFree, OpenFile, GetWindowsDirectoryW, ExitThread, _lclose, CreateDirectoryW, GetProcAddress, GetPrivateProfileIntA, LocalSize, QueryDosDeviceA, GetProfileIntA, lstrcmpiW, lstrcatW, CreateFileA, GetTempFileNameW, GetVersionExA, lstrcpyA, FindResourceA, LoadResource, SetEvent, lstrcatA, GetLocalTime, MoveFileExW, GetThreadPriority, SetThreadPriority, GetFileTime, GetPrivateProfileStringW, GetSystemTimeAsFileTime, GlobalLock, WritePrivateProfileStringW, GlobalAlloc, SetFilePointer, GlobalUnlock, lstrcpynW, WideCharToMultiByte, GetFileSize, ReadFile, CopyFileW, DeleteFileW, MultiByteToWideChar, GetPrivateProfileStringA, MoveFileW, DeleteCriticalSection, GetSystemDirectoryA, GetUserDefaultLangID, WritePrivateProfileStringA, _lread, LoadLibraryA, GetExitCodeThread, lstrcpynA, GetCurrentThread, _llseek, FreeLibrary, IsValidCodePage, GetLastError, DeleteFileA, LocalHandle, MoveFileA, LeaveCriticalSection, InitializeCriticalSection, EnterCriticalSection, LocalReAlloc, lstrcmpW, lstrlenW, GetTempFileNameA, lstrcpyW, GetTempPathA, LocalLock, LocalAlloc, LocalFree, lstrcmpiA, lstrlenA, LocalUnlock, LCMapStringA, GetStringTypeW, GetOEMCP, GetACP, GetStdHandle, SetHandleCount, GetEnvironmentStringsW, GetEnvironmentStrings, FreeEnvironmentStringsW, FreeEnvironmentStringsA, UnhandledExceptionFilter, GetVersion, GetCommandLineA, GetStartupInfoA, GetModuleHandleA, GetCurrentProcess, TerminateProcess, ExitProcess, CloseHandle, WaitForSingleObject, Sleep, CreateThread, CreateEventA, GlobalDeleteAtom, GlobalAddAtomA, GlobalFindAtomA, GetModuleFileNameA, WriteFile, CreateFileW, LCMapStringW, FlushFileBuffers, GetFileType, GetEnvironmentVariableA, GetStringTypeA, HeapDestroy, SetStdHandle, HeapReAlloc, VirtualAlloc, HeapAlloc, HeapCreate, GetCPInfo, RtlUnwind, HeapFree, VirtualFree
USER32.dll: SendMessageA, wsprintfA, wsprintfW, InvalidateRect, EndDialog, GetClientRect, MessageBoxA, GetDC, ReleaseDC, FillRect, LoadStringW, DispatchMessageA, TranslateMessage, TranslateAcceleratorA, GetMessageA, LoadAcceleratorsA, LoadStringA, RegisterClassExA, LoadCursorA, LoadIconA, UpdateWindow, ShowWindow, MoveWindow, GetWindowRect, CreateWindowExA, DialogBoxParamA, DestroyWindow, KillTimer, EndPaint, BeginPaint, DefWindowProcA, SetTimer, PostQuitMessage, CharLowerA
GDI32.dll: DeleteEnhMetaFile, SaveDC, SetGraphicsMode, SetBrushOrgEx, DeleteDC, SetStretchBltMode, RemoveFontResourceW, CreateScalableFontResourceW, CreateDCA, SetWorldTransform, GetWorldTransform, AddFontResourceW, CreateRectRgnIndirect, ExtSelectClipRgn, ModifyWorldTransform, SelectObject, DeleteObject, CreatePen, LineTo, GetDeviceCaps, MoveToEx, GetEnhMetaFileA, SetMapMode, RestoreDC, CloseEnhMetaFile, EnumFontsW, CreateEnhMetaFileA, PlayEnhMetaFileRecord, PlayEnhMetaFile, GdiComment, StartDocA, EndDoc, EnumEnhMetaFile, CreateSolidBrush, EndPage, StartPage, SetTextAlign, FillPath, CreateFontIndirectW, BeginPath, GetTextExtentPoint32A, EndPath, TextOutA, SetTextColor, GetTextAlign, SetBkMode, GetTextExtentPoint32W, SetBkColor, GetStockObject, FillRgn, TextOutW, SelectClipPath, StrokePath, SetROP2, CreateRectRgn, CreatePenIndirect, SetPolyFillMode, CreateCompatibleBitmap, CreateCompatibleDC, StretchBlt, GetEnhMetaFileHeader, StretchDIBits
WINSPOOL.DRV: GetPrinterA, AddJobW, OpenPrinterW, EnumJobsW, GetJobW, SetJobW, ScheduleJob, SetJobA, EnumPrintersA, EnumJobsA, GetJobA, OpenPrinterA, ClosePrinter, GetPrinterDriverDirectoryA, EnumPrintersW, AddPrinterConnectionA
comdlg32.dll: GetOpenFileNameA
ADVAPI32.dll: RegCloseKey, RegCreateKeyExA, RegOpenKeyExA, RegQueryValueExA, RegQueryValueExW, InitializeSecurityDescriptor, SetSecurityDescriptorDacl, SetFileSecurityA, RegEnumValueW, RegSetValueExW
ExifTool:
file metadata
CharacterSet: Unicode
CodeSize: 98304
Comments:
CompanyName: Brother Industries,ltd
EntryPoint: 0x132ac
FileDescription: brspl03x
FileFlagsMask: 0x003f
FileOS: Windows NT 32-bit
FileSize: 128 kB
FileSubtype: 0
FileType: Win32 EXE
FileVersion: 3.7
FileVersionNumber: 3.7.0.2
ImageVersion: 0.0
InitializedDataSize: 90112
InternalName: brspl03x
LanguageCode: English (U.S.)
LegalCopyright: Copyright Brother Industries, ltd 2003
LegalTrademarks:
LinkerVersion: 6.0
MIMEType: application/octet-stream
MachineType: Intel 386 or later, and compatibles
OSVersion: 4.0
ObjectFileType: Executable application
OriginalFilename: brspl03x.exe
PEType: PE32
PrivateBuild:
ProductName: Brother brspl03x
ProductVersion: 3.7
ProductVersionNumber: 3.7.0.2
SpecialBuild:
Subsystem: Windows GUI
SubsystemVersion: 4.0
TimeStamp: 2004:01:16 02:00:13+01:00
UninitializedDataSize: 0
0 VT Community user(s) with a total of 0 reputation credit(s) say(s) this sample is goodware. 0 VT Community user(s) with a total of 0 reputation credit(s) say(s) this sample is malware.
File name: BRS2MF4A.dll
Submission date: 2010-12-15 20:25:53 (UTC)
Current status: finished
Result: 0/ 43 (0.0%)
VT Community
not reviewed
Safety score: -
Compact
Print results
Antivirus Version Last Update Result
AhnLab-V3 2010.12.15.02 2010.12.15 -
AntiVir 7.11.0.45 2010.12.15 -
Antiy-AVL 2.0.3.7 2010.12.15 -
Avast 4.8.1351.0 2010.12.15 -
Avast5 5.0.677.0 2010.12.15 -
AVG 9.0.0.851 2010.12.15 -
BitDefender 7.2 2010.12.15 -
CAT-QuickHeal 11.00 2010.12.15 -
ClamAV 0.96.4.0 2010.12.15 -
Command 5.2.11.5 2010.12.15 -
Comodo 7072 2010.12.15 -
DrWeb 5.0.2.03300 2010.12.15 -
Emsisoft 5.1.0.1 2010.12.15 -
eSafe 7.0.17.0 2010.12.15 -
eTrust-Vet 36.1.8043 2010.12.15 -
F-Prot 4.6.2.117 2010.12.14 -
F-Secure 9.0.16160.0 2010.12.15 -
Fortinet 4.2.254.0 2010.12.15 -
GData 21 2010.12.15 -
Ikarus T3.1.1.90.0 2010.12.15 -
Jiangmin 13.0.900 2010.12.15 -
K7AntiVirus 9.73.3258 2010.12.15 -
Kaspersky 7.0.0.125 2010.12.15 -
McAfee 5.400.0.1158 2010.12.15 -
McAfee-GW-Edition 2010.1C 2010.12.15 -
Microsoft 1.6402 2010.12.15 -
NOD32 5706 2010.12.15 -
Norman 6.06.12 2010.12.15 -
nProtect 2010-12-15.02 2010.12.15 -
Panda 10.0.2.7 2010.12.15 -
PCTools 7.0.3.5 2010.12.15 -
Prevx 3.0 2010.12.15 -
Rising 22.78.01.04 2010.12.15 -
Sophos 4.60.0 2010.12.15 -
SUPERAntiSpyware 4.40.0.1006 2010.12.15 -
Symantec 20101.3.0.103 2010.12.15 -
TheHacker 6.7.0.1.101 2010.12.15 -
TrendMicro 9.120.0.1004 2010.12.15 -
TrendMicro-HouseCall 9.120.0.1004 2010.12.15 -
VBA32 3.12.14.2 2010.12.14 -
VIPRE 7665 2010.12.15 -
ViRobot 2010.12.15.4202 2010.12.15 -
VirusBuster 13.6.96.0 2010.12.15 -
Additional informationShow all
MD5 : 6b35b7c1546c128bca65b18d064c591c
SHA1 : ac99cbacc9d3366119e1b0091a24dbb21bd58f24
SHA256: c063115e354b092a041d6342a70549f467154f651b39f8235e8a91014092c354
ssdeep: 1536:H51hz5T9CW7MUSwK4lAqXVuoTUxj941RMnSF7/mrs:ZLDBR3Fuo4xy1R/rm
File size : 163840 bytes
First seen: 2009-06-14 20:53:56
Last seen : 2010-12-15 20:25:53
TrID:
Win32 Executable MS Visual C++ (generic) (65.2%)
Win32 Executable Generic (14.7%)
Win32 Dynamic Link Library (generic) (13.1%)
Generic Win/DOS Executable (3.4%)
DOS Executable Generic (3.4%)
sigcheck:
publisher....: Brother Industries, Ltd
copyright....: Copyright © Brother Industries, Ltd. 2003
product......:
description..: brs2mf4a.dll
original name: brs2mf4a.dll
internal name: brs2mf4a.dll
file version.: 1.05
comments.....:
signers......: -
signing date.: -
verified.....: Unsigned
PEiD: Armadillo v1.xx - v2.xx
PEInfo: PE structure information
[[ basic data ]]
entrypointaddress: 0x2B19
timedatestamp....: 0x3FE23D49 (Thu Dec 18 23:50:33 2003)
machinetype......: 0x14c (I386)
[[ 5 section(s) ]]
name, viradd, virsiz, rawdsiz, ntropy, md5
.text, 0x1000, 0x6CA6, 0x7000, 6.47, a19188d29546fdbab9bfe417aeb64251
.rdata, 0x8000, 0x1351, 0x2000, 3.79, 7a399cbe2284db1c4fdbd0d7f6f65e10
.data, 0xA000, 0x4CA0, 0x4000, 1.44, bb3d45cfa42d714b8d9913951d396fe4
.rsrc, 0xF000, 0x17F40, 0x18000, 2.40, cb0d9b6cb18cbd9c24541d3e3eeac5c1
.reloc, 0x27000, 0x11E0, 0x2000, 2.70, 07f4f6470cfa9956105248af95f687be
[[ 5 import(s) ]]
KERNEL32.dll: GlobalUnlock, LocalLock, GlobalFree, GlobalLock, GlobalAlloc, GetTickCount, LoadLibraryA, GetUserDefaultLangID, GetLastError, GetStdHandle, GetFileType, SetHandleCount, CloseHandle, FlushFileBuffers, GetStringTypeW, GetStringTypeA, LCMapStringW, LCMapStringA, MultiByteToWideChar, RtlUnwind, SetStdHandle, GetProcAddress, HeapReAlloc, VirtualAlloc, GetOEMCP, GetACP, GetCPInfo, HeapAlloc, InitializeCriticalSection, LeaveCriticalSection, EnterCriticalSection, LocalUnlock, InterlockedDecrement, GetStartupInfoA, WriteFile, GetCommandLineA, GetVersion, ExitProcess, TerminateProcess, GetCurrentProcess, GetCurrentThreadId, TlsSetValue, TlsAlloc, TlsFree, SetLastError, TlsGetValue, InterlockedIncrement, GetEnvironmentStrings, HeapFree, SetFilePointer, DeleteCriticalSection, GetModuleFileNameA, FreeEnvironmentStringsA, FreeEnvironmentStringsW, WideCharToMultiByte, GetEnvironmentStringsW, GetModuleHandleA, GetEnvironmentVariableA, GetVersionExA, HeapDestroy, HeapCreate, VirtualFree
USER32.dll: ClientToScreen, GetSystemMetrics, MoveWindow, IsWindowVisible, GetWindowRect, GetClientRect, GetDC, GetParent, SetDlgItemTextA, GetDlgItemTextA, SetActiveWindow, SetWindowPos, EndDialog, DialogBoxParamA, GetActiveWindow, EndPaint, FillRect, GetSysColor, BeginPaint, GetWindowLongA, DefWindowProcA, SetWindowLongA, LoadBitmapA, RegisterClassA, LoadCursorA, LoadStringA, SetTimer, CreateDialogParamA, ShowWindow, GetMessageA, IsDialogMessageA, TranslateMessage, DispatchMessageA, SetWindowTextA, DestroyWindow, ReleaseDC
GDI32.dll: GetClipBox, CreateCompatibleBitmap, GetMapMode, BitBlt, SetStretchBltMode, DeleteDC, CreateCompatibleDC, DeleteObject, SelectObject, CreateSolidBrush, StretchBlt, DPtoLP, CreateBitmap, GetObjectA, GetStockObject, SetMapMode, SetBkColor, PatBlt
WINSPOOL.DRV: GetPrinterDriverDirectoryA
ADVAPI32.dll: RegSetValueExA, RegCloseKey, RegQueryValueExA, RegEnumValueA, RegCreateKeyExA
[[ 6 export(s) ]]
DiskFulErrorDialog, FRegisterBitmapControl, GetDeviceDependentInfo, MemfullErrorDialog, OpenDuplexDlg, RawWarningDialog
ExifTool:
file metadata
CharacterSet: Unicode
CodeSize: 28672
Comments:
CompanyName: Brother Industries, Ltd
EntryPoint: 0x2b19
FileDescription: brs2mf4a.dll
FileFlagsMask: 0x003f
FileOS: Windows NT 32-bit
FileSize: 160 kB
FileSubtype: 0
FileType: Win32 DLL
FileVersion: 1.05
FileVersionNumber: 1.0.5.1
ImageVersion: 0.0
InitializedDataSize: 135168
InternalName: brs2mf4a.dll
LanguageCode: English (U.S.)
LegalCopyright: Copyright Brother Industries, Ltd. 2003
LegalTrademarks:
LinkerVersion: 6.0
MIMEType: application/octet-stream
MachineType: Intel 386 or later, and compatibles
OSVersion: 4.0
ObjectFileType: Dynamic link library
OriginalFilename: brs2mf4a.dll
PEType: PE32
PrivateBuild:
ProductName:
ProductVersion: 1.05
ProductVersionNumber: 1.0.5.1
SpecialBuild:
Subsystem: Windows GUI
SubsystemVersion: 4.0
TimeStamp: 2003:12:19 00:50:33+01:00
UninitializedDataSize: 0
-
DDS (Ver_10-11-10.01) - NTFSx86
Run by stephen at 8:34:25.31 on Wed 12/15/2010
Internet Explorer: 8.0.6001.18702 BrowserJavaVersion: 1.6.0_11
Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.1014.385 [GMT -5:00]
AV: AntiVir Desktop *On-access scanning enabled* (Updated) {AD166499-45F9-482A-A743-FDD3350758C7}
FW: Norton Internet Worm Protection *disabled* {990F9400-4CEE-43EA-A83A-D013ADD8EA6E}
============== Running Processes ===============
C:\PROGRA~1\ENIGMA~1\SPYHUN~1\SH4SER~1.EXE
C:\WINDOWS\system32\svchost -k DcomLaunch
svchost.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
C:\WINDOWS\system32\svchost.exe -k WudfServiceGroup
C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
C:\WINDOWS\Explorer.EXE
svchost.exe
svchost.exe
C:\WINDOWS\system32\brsvc01a.exe
C:\WINDOWS\system32\brss01a.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Avira\AntiVir Desktop\sched.exe
svchost.exe
C:\Program Files\Avira\AntiVir Desktop\avguard.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\WINDOWS\System32\svchost.exe -k HTTPFilter
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\Program Files\Avira\AntiVir Desktop\avshadow.exe
C:\Program Files\Microsoft SQL Server\MSSQL$EMMSDE\Binn\sqlservr.exe
C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
C:\WINDOWS\system32\svchost.exe -k imgsvc
C:\Program Files\Sony\VAIO Event Service\VESMgr.exe
C:\Program Files\Common Files\Sony Shared\VAIO Entertainment Platform\VCSW\VCSW.exe
C:\Program Files\Common Files\Sony Shared\VAIO Entertainment Platform\VzCdb\VzCdbSvc.exe
C:\Program Files\Common Files\Sony Shared\VAIO Entertainment Platform\VzCdb\VzFw.exe
C:\Program Files\Apoint\Apoint.exe
C:\Program Files\Sony\VAIO Camera Utility\VCUServe.exe
C:\Program Files\Sony\VAIO Update 2\VAIOUpdt.exe
C:\Program Files\Java\jre6\bin\jusched.exe
C:\Program Files\Sony\VAIO Power Management\SPMgr.exe
C:\WINDOWS\RTHDCPL.EXE
C:\Program Files\CyberLink DVD Solution\PowerDVD\PDVDServ.exe
C:\Program Files\Sony\ISB Utility\ISBMgr.exe
C:\Program Files\Apoint\Apntex.exe
C:\WINDOWS\system32\igfxpers.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Enigma Software Group\SpyHunter\SpyHunter4.exe
C:\Program Files\Avira\AntiVir Desktop\avgnt.exe
C:\Program Files\Google\Gmail Notifier\gnotify.exe
C:\Program Files\Windows Media Player\WMPNSCFG.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Common Files\Adobe\Updater5\AdobeUpdater.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Documents and Settings\stephen\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
C:\Documents and Settings\stephen\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
C:\Documents and Settings\stephen\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
C:\Documents and Settings\stephen\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
C:\Documents and Settings\stephen\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
C:\Documents and Settings\stephen\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
C:\Documents and Settings\stephen\Local Settings\Application Data\Google\Google Talk Plugin\googletalkplugin.exe
C:\Documents and Settings\stephen\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
C:\Documents and Settings\stephen\Desktop\Virus Cleaning\dds.pif
============== Pseudo HJT Report ===============
uStart Page = hxxp://www.google.com/
uDefault_Search_URL = hxxp://www.Google.com/
uSearchMigratedDefaultURL = hxxp://www.Google.com/
mSearch Bar = hxxp://us.rd.yahoo.com/customize/ie/defaults/sb/msgr9/*http://www.yahoo.com/ext/search/search.html
uInternet Connection Wizard,ShellNext = hxxp://www.sony.com/vaiopeople
uInternet Settings,ProxyOverride = *.local
uSearchAssistant = hxxp://www.google.com/ie
uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
BHO: {02478D38-C3F9-4efb-9B51-7695ECA05670} - No File
BHO: Adobe PDF Reader Link Helper: {06849e9f-c8d7-4d59-b87d-784b7d6be0b3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelper.dll
BHO: CitiUSBrowserHelper Class: {387edf53-1cf2-4523-bc2f-13462651be8c} - c:\windows\system32\BhoCitUS.dll
BHO: Java Plug-In SSV Helper: {761497bb-d6f0-462c-b6eb-d4daf1d92d43} - c:\program files\java\jre6\bin\ssv.dll
{7e853d72-626a-48ec-a868-ba8d5e23e045}
BHO: Windows Live Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - c:\program files\common files\microsoft shared\windows live\WindowsLiveLogin.dll
BHO: Java Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
BHO: JQSIEStartDetectorImpl Class: {e7e6f031-17ce-4c07-bc86-eabfe594f69c} - c:\program files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
TB: {0B53EAC3-8D69-4B9E-9B19-A37C9A5676A7} - No File
TB: {C4069E3A-68F1-403E-B40E-20066696354B} - No File
TB: {EF99BD32-C1FB-11D2-892F-0090271D4F88} - No File
uRun: [WMPNSCFG] c:\program files\windows media player\WMPNSCFG.exe
uRun: [Google Update] "c:\documents and settings\stephen\local settings\application data\google\update\GoogleUpdate.exe" /c
uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe
mRun: [PartSeal] c:\windows\sonysys\vaio recovery\PartSeal.exe
mRun: [Apoint] c:\program files\apoint\Apoint.exe
mRun: [VAIOCameraUtility] "c:\program files\sony\vaio camera utility\VCUServe.exe"
mRun: [VAIO Update 2] "c:\program files\sony\vaio update 2\VAIOUpdt.exe" /Stationary
mRun: [VAIO Recovery] c:\windows\sonysys\vaio recovery\PartSeal.exe
mRun: [sunJavaUpdateSched] "c:\program files\java\jre6\bin\jusched.exe"
mRun: [sonyPowerCfg] c:\program files\sony\vaio power management\SPMgr.exe
mRun: [RTHDCPL] RTHDCPL.EXE
mRun: [RemoteControl] "c:\program files\cyberlink dvd solution\powerdvd\PDVDServ.exe"
mRun: [iSBMgr.exe] c:\program files\sony\isb utility\ISBMgr.exe
mRun: [igfxtray] c:\windows\system32\igfxtray.exe
mRun: [igfxpers] c:\windows\system32\igfxpers.exe
mRun: [igfxhkcmd] c:\windows\system32\hkcmd.exe
mRun: [AzMixerSel] c:\program files\realtek\installshield\AzMixerSel.exe
mRun: [Adobe Reader Speed Launcher] "c:\program files\adobe\reader 8.0\reader\Reader_sl.exe"
mRun: [pdfFactory Dispatcher v3] "c:\windows\system32\spool\drivers\w32x86\3\fppdis3a.exe" /source=HKLM
mRun: [QuickTime Task] "c:\program files\quicktime\QTTask.exe" -atboottime
mRun: [iTunesHelper] "c:\program files\itunes\iTunesHelper.exe"
mRun: [spyHunter Security Suite] "c:\program files\enigma software group\spyhunter\SpyHunter4.exe"
mRun: [avgnt] "c:\program files\avira\antivir desktop\avgnt.exe" /min
mRun: [{0228e555-4f9c-4e35-a3ec-b109a192b4c2}] c:\program files\google\gmail notifier\gnotify.exe
IE: E&xport to Microsoft Excel - c:\progra~1\micros~3\office11\EXCEL.EXE/3000
IE: Transfer by Image Converter 2 Plus - c:\program files\sony\image converter 2\menu.htm
IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - c:\program files\windows live\writer\WriterBrowserExtension.dll
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~3\office11\REFIEBAR.DLL
Trusted Zone: state.va.us\www.deq
Trusted Zone: verizon.com
DPF: {01111F00-3E00-11D2-8470-0060089874ED} - hxxp://supportsoft.adelphia.net/sdccommon/download/tgctlins.cab
DPF: {02A08EC5-C341-4BE5-AD4F-62215D2407EF} - hxxps://wip-data.webdialogs.com/components/WDATL70.CAB
DPF: {02CF1781-EA91-4FA5-A200-646E8241987C} - hxxp://esupport.sony.com/VaioInfo.CAB
DPF: {1663ed61-23eb-11d2-b92f-008048fdd814} - hxxps://www.taylorbeanonline.com/scriptx/smsx.cab
DPF: {166B1BCA-3F9C-11CF-8075-444553540000} - hxxp://download.macromedia.com/pub/shockwave/cabs/director/sw.cab
DPF: {215B8138-A3CF-44C5-803F-8226143CFC0A} - hxxp://housecall65.trendmicro.com/housecall/applet/html/native/x86/win32/activex/hcImpl.cab
DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} - c:\program files\yahoo!\common\yinsthelper.dll
DPF: {3E68E405-C6DE-49FF-83AE-41EE9F4C36CE} - hxxp://office.microsoft.com/officeupdate/content/opuc3.cab
DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} - hxxp://gfx1.hotmail.com/mail/w2/resources/MSNPUpld.cab
DPF: {58D5690D-55A6-4B0B-B735-D0C82E14700C} - hxxps://wip-data.webdialogs.com/components/WDATL72.CAB
DPF: {5ED80217-570B-4DA9-BF44-BE107C0EC166} - hxxp://cdn.scan.safety.live.com/resource/download/scanner/wlscbase8460.cab
DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} - hxxp://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1163214234545
DPF: {7584C670-2274-4EFB-B00B-D6AABA6D3850} - hxxp://remote.ewmortgage.com/tsweb/msrdp.cab
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_11-windows-i586.cab
DPF: {AB86CE53-AC9F-449F-9399-D8ABCA09EC09} - hxxps://h17000.www1.hp.com/ewfrf-JAVA/Secure/HPGetDownloadManager.ocx
DPF: {CAFEEFAC-0015-0000-0006-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.5.0/jinstall-1_5_0_06-windows-i586.cab
DPF: {CAFEEFAC-0015-0000-0011-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.5.0/jinstall-1_5_0_11-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0011-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_11-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_11-windows-i586.cab
DPF: {CB50428B-657F-47DF-9B32-671F82AA73F7} - hxxp://www.photodex.com/pxplay.cab
DPF: {CBF95A06-D408-46E3-8077-37E5B098EB84} - hxxps://ilnet.wellsfargo.com/ilonline/hmUpload/enclickloanwf.cab
DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://download.macromedia.com/pub/shockwave/cabs/flash/swflash.cab
DPF: {E06E2E99-0AA1-11D4-ABA6-0060082AA75C} - hxxps://alamodetraining.webex.com/client/v_mywebex-t20/training/ieatgpc.cab
Notify: VESWinlogon - VESWinlogon.dll
SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll
============= SERVICES / DRIVERS ===============
R1 avgio;avgio;c:\program files\avira\antivir desktop\avgio.sys [2010-11-11 11608]
R2 AntiVirSchedulerService;Avira AntiVir Scheduler;c:\program files\avira\antivir desktop\sched.exe [2010-11-11 135336]
R2 AntiVirService;Avira AntiVir Guard;c:\program files\avira\antivir desktop\avguard.exe [2010-11-11 267944]
R2 avgntflt;avgntflt;c:\windows\system32\drivers\avgntflt.sys [2010-11-11 61960]
R2 MSSQL$EMMSDE;MSSQL$EMMSDE;c:\program files\microsoft sql server\mssql$emmsde\binn\sqlservr.exe -semmsde --> c:\program files\microsoft sql server\mssql$emmsde\binn\sqlservr.exe -sEMMSDE [?]
R2 SpyHunter 4 Service;SpyHunter 4 Service;c:\progra~1\enigma~1\spyhun~1\SH4SER~1.EXE [2010-11-5 327000]
R3 esgiguard;esgiguard;c:\program files\enigma software group\spyhunter\esgiguard.sys [2010-1-27 5248]
R3 SonyImgF;Sony Image Conversion Filter Driver;c:\windows\system32\drivers\SonyImgF.sys [2006-3-2 29184]
S3 brfilt;Brother MFC Filter Driver;c:\windows\system32\drivers\BrFilt.sys [2006-8-15 2944]
S3 BrSerWDM;Brother WDM Serial driver;c:\windows\system32\drivers\BrSerWdm.sys [2006-8-15 61952]
S3 BrUsbMdm;Brother MFC USB Fax Only Modem;c:\windows\system32\drivers\BrUsbMdm.sys [2006-8-15 11008]
S3 BrUsbScn;Brother MFC USB Scanner driver;c:\windows\system32\drivers\BrUsbScn.sys [2006-8-15 10368]
S3 OKI OPHD DCS Loader;OKI OPHD DCS Loader;c:\windows\system32\spool\drivers\w32x86\3\OPHDLDCS.EXE [2006-12-26 24576]
S3 SQLAgent$EMMSDE;SQLAgent$EMMSDE;c:\program files\microsoft sql server\mssql$emmsde\binn\sqlagent.exe -i emmsde --> c:\program files\microsoft sql server\mssql$emmsde\binn\sqlagent.EXE -i EMMSDE [?]
=============== Created Last 30 ================
2010-12-13 03:22:00 -------- d-----w- C:\_OTL
2010-12-01 03:14:47 -------- d-----w- c:\documents and settings\stephen\DoctorWeb
2010-11-22 19:23:23 -------- d-----w- c:\program files\SNLayout
2010-11-21 20:07:19 28365 ----a-w- c:\windows\system32\spool\prtprocs\w32x86\BRMFPP1.DLL
2010-11-21 20:07:19 163840 ----a-w- c:\windows\system32\BRS2MF4A.DLL
2010-11-21 20:07:19 131072 ----a-w- c:\windows\system32\BRS2MF4A.EXE
2010-11-20 01:00:59 -------- d-sha-r- C:\cmdcons
2010-11-20 00:57:02 98816 ----a-w- c:\windows\sed.exe
2010-11-20 00:57:02 89088 ----a-w- c:\windows\MBR.exe
2010-11-20 00:57:02 256512 ----a-w- c:\windows\PEV.exe
2010-11-20 00:57:02 161792 ----a-w- c:\windows\SWREG.exe
2010-11-20 00:56:32 -------- d-sh--w- c:\documents and settings\stephen\IECompatCache
2010-11-19 16:35:03 -------- d-sh--w- c:\documents and settings\stephen\IETldCache
2010-11-19 16:28:45 -------- dc-h--w- c:\windows\ie8
2010-11-19 16:26:20 13312 -c----w- c:\windows\system32\dllcache\iecompat.dll
2010-11-19 16:26:16 602112 -c----w- c:\windows\system32\dllcache\msfeeds.dll
2010-11-19 16:26:16 55296 -c----w- c:\windows\system32\dllcache\msfeedsbs.dll
2010-11-19 16:26:16 12800 -c----w- c:\windows\system32\dllcache\xpshims.dll
2010-11-19 16:26:15 743424 -c----w- c:\windows\system32\dllcache\iedvtool.dll
2010-11-19 16:26:14 247808 -c----w- c:\windows\system32\dllcache\ieproxy.dll
2010-11-19 16:26:13 1986560 -c----w- c:\windows\system32\dllcache\iertutil.dll
2010-11-19 16:26:10 11080192 -c----w- c:\windows\system32\dllcache\ieframe.dll
2010-11-19 13:42:31 -------- d-----w- c:\windows\system32\XPSViewer
2010-11-19 13:41:52 89088 ----a-w- c:\windows\system32\spool\prtprocs\w32x86\filterpipelineprintproc.dll
2010-11-19 13:41:29 89088 -c----w- c:\windows\system32\dllcache\filterpipelineprintproc.dll
2010-11-19 13:41:29 597504 -c----w- c:\windows\system32\dllcache\printfilterpipelinesvc.exe
2010-11-19 13:41:29 597504 ------w- c:\windows\system32\spool\prtprocs\w32x86\printfilterpipelinesvc.exe
2010-11-19 13:41:29 117760 ------w- c:\windows\system32\prntvpt.dll
2010-11-19 13:41:28 575488 -c----w- c:\windows\system32\dllcache\xpsshhdr.dll
2010-11-19 13:41:28 575488 ------w- c:\windows\system32\xpsshhdr.dll
2010-11-19 13:41:28 1676288 -c----w- c:\windows\system32\dllcache\xpssvcs.dll
2010-11-19 13:41:28 1676288 ------w- c:\windows\system32\xpssvcs.dll
2010-11-19 13:41:27 -------- d-----w- C:\d8460462b997e73eef
2010-11-19 03:25:35 -------- d-----w- c:\docume~1\stephen\applic~1\Avira
2010-11-19 01:01:10 -------- d-----w- c:\docume~1\stephen\locals~1\applic~1\Temp
==================== Find3M ====================
2010-09-18 17:23:26 974848 ----a-w- c:\windows\system32\mfc42u.dll
2010-09-18 06:53:25 974848 ----a-w- c:\windows\system32\mfc42.dll
2010-09-18 06:53:25 954368 ----a-w- c:\windows\system32\mfc40.dll
2010-09-18 06:53:25 953856 ----a-w- c:\windows\system32\mfc40u.dll
2004-08-10 04:30:22 40960 ----a-w- c:\program files\Uninstall_CDS.exe
============= FINISH: 8:35:51.53 ===============
-
Bootkit Remover
© 2009 eSage Lab
www.esagelab.com
Program version: 1.2.0.0
OS Version: Microsoft Windows XP Home Edition Service Pack 3 (build 2600)
System volume is \\.\C:
\\.\C: -> \\.\PhysicalDrive0 at offset 0x00000001`805e2000
Boot sector MD5 is: 6def5ffcbcdbdb4082f1015625e597bd
Size Device Name MBR Status
--------------------------------------------
93 GB \\.\PhysicalDrive0 OK (DOS/Win32 Boot code found)
Done;
Press any key to quit...
-
Stealth MBR rootkit/Mebroot/Sinowal/TDL4 detector 0.4.2 by Gmer, http://www.gmer.net
Windows 5.1.2600 Disk: FUJITSU_MHV2100BH_PL rev.00000029 -> Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T0L0-3
device: opened successfully
user: MBR read successfully
kernel: MBR read successfully
user & kernel MBR OK
-
I hate to report this, I am still get random redirects in my browsers
-
All processes killed
========== OTL ==========
ADS C:\Documents and Settings\All Users\Application Data\TEMP:8E3D07DE deleted successfully.
ADS C:\Documents and Settings\All Users\Application Data\TEMP:D1B5B4F1 deleted successfully.
ADS C:\Documents and Settings\All Users\Application Data\TEMP:9D7A6323 deleted successfully.
ADS C:\Documents and Settings\All Users\Application Data\TEMP:F085C8A1 deleted successfully.
========== FILES ==========
C:\sqmdata06.sqm moved successfully.
C:\sqmnoopt06.sqm moved successfully.
C:\sqmdata05.sqm moved successfully.
C:\sqmnoopt05.sqm moved successfully.
C:\sqmdata04.sqm moved successfully.
C:\sqmnoopt04.sqm moved successfully.
C:\sqmdata03.sqm moved successfully.
C:\sqmnoopt03.sqm moved successfully.
C:\Documents and Settings\stephen\Application Data\mcs.rma moved successfully.
C:\Documents and Settings\stephen\Application Data\F00F6F moved successfully.
C:\Documents and Settings\stephen\Application Data\ezpinst.exe moved successfully.
C:\WINDOWS\System32\CONFIG.TMP moved successfully.
C:\WINDOWS\System32\SET23.tmp moved successfully.
C:\WINDOWS\System32\SET24.tmp moved successfully.
C:\WINDOWS\System32\SET30.tmp moved successfully.
C:\WINDOWS\System32\SET39.tmp moved successfully.
C:\WINDOWS\System32\SET3A.tmp moved successfully.
C:\WINDOWS\System32\SET3B.tmp moved successfully.
C:\WINDOWS\System32\SET3C.tmp moved successfully.
C:\WINDOWS\System32\SET3E.tmp moved successfully.
C:\WINDOWS\003020_.tmp moved successfully.
C:\WINDOWS\4E97AE4712934669BBF34BDE52501A1A.TMP folder moved successfully.
C:\Documents and Settings\All Users\Application Data\Viewpoint\AxMetaStream_Win folder moved successfully.
C:\Documents and Settings\All Users\Application Data\Viewpoint folder moved successfully.
========== COMMANDS ==========
[EMPTYTEMP]
User: Administrator
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 67 bytes
User: All Users
User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 32969 bytes
User: LocalService
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 32902 bytes
->FireFox cache emptied: 1738746 bytes
User: NetworkService
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 33170 bytes
User: stephen
->Temp folder emptied: 175217984 bytes
->Temporary Internet Files folder emptied: 48733101 bytes
->Java cache emptied: 12453392 bytes
->Google Chrome cache emptied: 237005417 bytes
->Apple Safari cache emptied: 1625088 bytes
->Flash cache emptied: 375166 bytes
%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32\dllcache .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 834013 bytes
%systemroot%\system32\config\systemprofile\Local Settings\Temp folder emptied: 65082498 bytes
%systemroot%\system32\config\systemprofile\Local Settings\Temporary Internet Files folder emptied: 33170 bytes
RecycleBin emptied: 40179775 bytes
Total Files Cleaned = 556.00 mb
OTL by OldTimer - Version 3.2.17.3 log created on 12122010_222200
Files\Folders moved on Reboot...
C:\WINDOWS\temp\Perflib_Perfdata_694.dat moved successfully.
Registry entries deleted on Reboot...
-
OTL Log
OTL logfile created on: 12/10/2010 6:28:31 AM - Run 1
OTL by OldTimer - Version 3.2.17.3 Folder = C:\Documents and Settings\stephen\My Documents\Downloads
Windows XP Home Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy
1,014.00 Mb Total Physical Memory | 493.00 Mb Available Physical Memory | 49.00% Memory free
2.00 Gb Paging File | 2.00 Gb Available in Paging File | 74.00% Paging File free
Paging file location(s): C:\pagefile.sys 1524 3048 [binary data]
%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 87.15 Gb Total Space | 8.27 Gb Free Space | 9.49% Space Free | Partition Type: NTFS
Computer Name: MAMA | User Name: stephen | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
========== Processes (SafeList) ==========
PRC - C:\Documents and Settings\stephen\My Documents\Downloads\OTL.exe (OldTimer Tools)
PRC - C:\Program Files\Avira\AntiVir Desktop\avguard.exe (Avira GmbH)
PRC - C:\Program Files\Enigma Software Group\SpyHunter\SH4Service.exe (Enigma Software Group USA, LLC.)
PRC - C:\Program Files\Enigma Software Group\SpyHunter\SpyHunter4.exe (Enigma Software Group USA, LLC.)
PRC - C:\Program Files\Avira\AntiVir Desktop\sched.exe (Avira GmbH)
PRC - C:\Program Files\Avira\AntiVir Desktop\avgnt.exe (Avira GmbH)
PRC - C:\Program Files\Avira\AntiVir Desktop\avshadow.exe (Avira GmbH)
PRC - C:\Program Files\Java\jre6\bin\jucheck.exe (Sun Microsystems, Inc.)
PRC - C:\WINDOWS\explorer.exe (Microsoft Corporation)
PRC - C:\Program Files\Sony\VAIO Camera Utility\VCUServe.exe (Sony Corporation)
PRC - C:\Program Files\Common Files\Sony Shared\VAIO Entertainment Platform\VzCdb\VzFw.exe (Sony Corporation)
PRC - C:\Program Files\Common Files\Sony Shared\VAIO Entertainment Platform\VzCdb\VzCdbSvc.exe (Sony Corporation)
PRC - C:\Program Files\Common Files\Sony Shared\VAIO Entertainment Platform\VCSW\VCSW.exe (Sony Corporation)
PRC - C:\Program Files\Sony\VAIO Power Management\SPMgr.exe (Sony Corporation)
PRC - C:\Program Files\Sony\VAIO Update 2\VAIOUpdt.exe (Sony Corporation)
PRC - C:\WINDOWS\system32\igfxext.exe (Intel Corporation)
PRC - C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe (Intel Corporation )
PRC - C:\Program Files\Intel\Wireless\Bin\EvtEng.exe (Intel Corporation)
PRC - C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe (Intel Corporation)
PRC - C:\Program Files\Google\Gmail Notifier\gnotify.exe (Google Inc.)
PRC - C:\Program Files\Sony\VAIO Event Service\VESMgr.exe (Sony Corporation)
PRC - C:\Program Files\Apoint\Apoint.exe (Alps Electric Co., Ltd.)
PRC - C:\Program Files\Apoint\ApntEx.exe (Alps Electric Co., Ltd.)
PRC - C:\Program Files\CyberLink DVD Solution\PowerDVD\PDVDServ.exe (Cyberlink Corp.)
PRC - C:\Program Files\Sony\ISB Utility\ISBMgr.exe (Sony Corporation)
PRC - C:\WINDOWS\system32\BRSS01A.EXE (brother Industries Ltd)
========== Modules (SafeList) ==========
MOD - C:\Documents and Settings\stephen\My Documents\Downloads\OTL.exe (OldTimer Tools)
MOD - C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.6028_x-ww_61e65202\comctl32.dll (Microsoft Corporation)
========== Win32 Services (SafeList) ==========
SRV - (AppMgmt) -- C:\WINDOWS\System32\appmgmts.dll File not found
SRV - (AntiVirService) -- C:\Program Files\Avira\AntiVir Desktop\avguard.exe (Avira GmbH)
SRV - (SpyHunter 4 Service) -- C:\Program Files\Enigma Software Group\SpyHunter\SH4Service.exe (Enigma Software Group USA, LLC.)
SRV - (AntiVirSchedulerService) -- C:\Program Files\Avira\AntiVir Desktop\sched.exe (Avira GmbH)
SRV - (WLSetupSvc) -- C:\Program Files\Windows Live\installer\WLSetupSvc.exe (Microsoft Corporation)
SRV - (VAIOMediaPlatform-IntegratedServer-AppServer) -- C:\Program Files\Sony\VAIO Media Integrated Server\VMISrv.exe (Sony Corporation)
SRV - (SSScsiSV) -- C:\Program Files\Common Files\Sony Shared\AVLib\SSScsiSV.exe (Sony Corporation)
SRV - (VAIOMediaPlatform-Mobile-Gateway) -- C:\Program Files\Sony\VAIO Media Integrated Server\Platform\VmGateway.exe (Sony Corporation)
SRV - (VzFw) -- C:\Program Files\Common Files\Sony Shared\VAIO Entertainment Platform\VzCdb\VzFw.exe (Sony Corporation)
SRV - (VzCdbSvc) -- C:\Program Files\Common Files\Sony Shared\VAIO Entertainment Platform\VzCdb\VzCdbSvc.exe (Sony Corporation)
SRV - (Vcsw) -- C:\Program Files\Common Files\Sony Shared\VAIO Entertainment Platform\VCSW\VCSW.exe (Sony Corporation)
SRV - (VAIO Entertainment TV Device Arbitration Service) -- C:\Program Files\Common Files\Sony Shared\VAIO Entertainment Platform\VzCs\VzHardwareResourceManager\VzHardwareResourceManager.exe (Sony Corporation)
SRV - (MSCSPTISRV) -- C:\Program Files\Common Files\Sony Shared\AVLib\MSCSPTISRV.exe (Sony Corporation)
SRV - (PACSPTISVR) -- C:\Program Files\Common Files\Sony Shared\AVLib\PACSPTISVR.exe (Sony Corporation)
SRV - (SPTISRV) -- C:\Program Files\Common Files\Sony Shared\AVLib\SPTISRV.exe (Sony Corporation)
SRV - (VAIOMediaPlatform-IntegratedServer-UPnP) VAIO Media Integrated Server (UPnP) -- C:\Program Files\Sony\VAIO Media Integrated Server\Platform\UPnPFramework.exe (Sony Corporation)
SRV - (VAIOMediaPlatform-IntegratedServer-HTTP) VAIO Media Integrated Server (HTTP) -- C:\Program Files\Sony\VAIO Media Integrated Server\Platform\SV_Httpd.exe (Sony Corporation)
SRV - (OKI OPHD DCS Loader) -- C:\WINDOWS\system32\spool\drivers\w32x86\3\OPHDLDCS.EXE (Oki Data Corporation)
SRV - (S24EventMonitor) -- C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe (Intel Corporation )
SRV - (EvtEng) -- C:\Program Files\Intel\Wireless\Bin\EvtEng.exe (Intel Corporation)
SRV - (RegSrvc) -- C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe (Intel Corporation)
SRV - (Image Converter video recording monitor for VAIO Entertainment) -- C:\Program Files\Sony\Image Converter 2\IcVzMon.exe (Sony Corporation)
SRV - (VAIO Event Service) -- C:\Program Files\Sony\VAIO Event Service\VESMgr.exe (Sony Corporation)
SRV - (Brother XP spl Service) -- C:\WINDOWS\system32\BRSVC01A.EXE (brother Industries Ltd)
========== Driver Services (SafeList) ==========
DRV - (tmcomm) -- C:\WINDOWS\System32\drivers\tmcomm.sys File not found
DRV - (NWUSBPort) -- C:\WINDOWS\System32\DRIVERS\nwusbser.sys File not found
DRV - (NWUSBModem) -- C:\WINDOWS\System32\DRIVERS\nwusbmdm.sys File not found
DRV - (NWADI) -- C:\WINDOWS\System32\DRIVERS\NWADIenum.sys File not found
DRV - (DwProt) -- File not found
DRV - (catchme) -- C:\Combo-Fix\catchme.sys File not found
DRV - (avipbb) -- C:\WINDOWS\system32\drivers\avipbb.sys (Avira GmbH)
DRV - (avgntflt) -- C:\WINDOWS\system32\drivers\avgntflt.sys (Avira GmbH)
DRV - (ssmdrv) -- C:\WINDOWS\system32\drivers\ssmdrv.sys (Avira GmbH)
DRV - (avgio) -- C:\Program Files\Avira\AntiVir Desktop\avgio.sys (Avira GmbH)
DRV - (esgiguard) -- C:\Program Files\Enigma Software Group\SpyHunter\esgiguard.sys ()
DRV - (mf) -- C:\WINDOWS\system32\drivers\mf.sys (Microsoft Corporation)
DRV - (HDAudBus) -- C:\WINDOWS\system32\drivers\hdaudbus.sys (Windows ® Server 2003 DDK provider)
DRV - (tifmsony) -- C:\WINDOWS\system32\drivers\tifmsony.sys (Texas Instruments)
DRV - (SonyImgF) -- C:\WINDOWS\system32\drivers\SonyImgF.sys (Sony Corporation)
DRV - (usbvm321) -- C:\WINDOWS\system32\drivers\usbvm321.sys (Vimicro Corporation)
DRV - (HSF_DPV) -- C:\WINDOWS\system32\drivers\HSF_DPV.sys (Conexant Systems, Inc.)
DRV - (HSFHWAZL) -- C:\WINDOWS\system32\drivers\HSFHWAZL.sys (Conexant Systems, Inc.)
DRV - (winachsf) -- C:\WINDOWS\system32\drivers\HSF_CNXT.sys (Conexant Systems, Inc.)
DRV - (IntcAzAudAddService) Service for Realtek HD Audio (WDM) -- C:\WINDOWS\system32\drivers\RtkHDAud.sys (Realtek Semiconductor Corp.)
DRV - (s24trans) -- C:\WINDOWS\system32\drivers\s24trans.sys (Intel Corporation)
DRV - (w29n51) Intel® -- C:\WINDOWS\system32\drivers\w29n51.sys (Intel
-
not able to install the software. getting an installation error "NSIS"
Comes back between every scan HKCU\Software\VB and VBA Program Settings\SrvID (Malware.Trace) -> No action taken
in Resolved Malware Removal Logs
Posted
I believe it was this: Operating memory Win32/Ainslot.AA worm
I will rerun Eset