Jump to content

Comes back between every scan HKCU\Software\VB and VBA Program Settings\SrvID (Malware.Trace) -> No action taken


stayley

Recommended Posts

.

UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.

IF REQUESTED, ZIP IT UP & ATTACH IT

.

DDS (Ver_2012-11-20.01)

.

Microsoft Windows 7 Home Premium

Boot Device: \Device\HarddiskVolume2

Install Date: 9/10/2012 5:01:11 PM

System Uptime: 11/27/2012 9:22:27 AM (2 hours ago)

.

Motherboard: Gateway | | DX4870

Processor: Intel® Core i5-2320 CPU @ 3.00GHz | SOCKET 0 | 3001/100mhz

.

==== Disk Partitions =========================

.

C: is FIXED (NTFS) - 917 GiB total, 790.846 GiB free.

D: is CDROM (UDF)

E: is Removable

.

==== Disabled Device Manager Items =============

.

Class GUID: {4d36e972-e325-11ce-bfc1-08002be10318}

Description: 802.11n Wireless LAN Card

Device ID: PCI\VEN_1814&DEV_3090&SUBSYS_760111AD&REV_00\4&858F2F4&0&00E2

Manufacturer: Ralink Technology, Corp.

Name: 802.11n Wireless LAN Card

PNP Device ID: PCI\VEN_1814&DEV_3090&SUBSYS_760111AD&REV_00\4&858F2F4&0&00E2

Service: netr28x

.

Class GUID: {8ECC055D-047F-11D1-A537-0000F8753ED1}

Description: LogMeIn Kernel Information Provider

Device ID: ROOT\LEGACY_LMIINFO\0000

Manufacturer:

Name: LogMeIn Kernel Information Provider

PNP Device ID: ROOT\LEGACY_LMIINFO\0000

Service: LMIInfo

.

==== System Restore Points ===================

.

RP58: 11/15/2012 9:25:00 PM - Removed WinZip 17.0

RP59: 11/16/2012 10:10:17 AM - Windows Update

RP60: 11/18/2012 12:22:04 PM - Windows Update

RP61: 11/20/2012 8:00:43 AM - Removed Fooz Kids

RP62: 11/20/2012 8:01:38 AM - Removed Fooz Kids Platform

RP63: 11/20/2012 8:02:42 AM - Removed LogMeIn

RP64: 11/20/2012 8:05:59 AM - Removed Soda PDF 5

RP65: 11/26/2012 7:19:20 AM - Installed Camtasia Studio 8

.

==== Installed Programs ======================

.

Adobe AIR

Adobe Flash Player 11 ActiveX

Adobe Flash Player 11 Plugin

Adobe Reader X (10.1.4) MUI

Adobe Shockwave Player 11.6

Android SDK Tools

Best Buy pc app

Bing Bar

Bonjour

C5500n - C5800Ldn Series GDI Driver from OKI® Printing Solutions for Windows

CameraHelperMsi

Camtasia Studio 8

Cisco WebEx Meetings

CyberLink PowerDVD 10

D3DX10

doubleTwist

Dropbox

eReg

Evernote v. 4.5.10

ffdshow [rev 2527] [2008-12-19]

Galerie de photos Windows Live

Galería fotográfica de Windows Live

Gateway Recovery Management

Gateway Registration

Gateway ScreenSaver

Gateway Updater

Google Chrome

Google Drive

Google Talk Plugin

Google Update Helper

Google Voice

GoToMeeting 5.3.0.977

Hotkey Utility

HTC Sync

Identity Card

iLivid

Insync

Intel® Control Center

Intel® Management Engine Components

Intel® Network Connections 16.8.46.0

Intel® OpenCL CPU Runtime

Intel® Processor Graphics

Intel® Rapid Storage Technology

Intel® USB 3.0 eXtensible Host Controller Driver

Intel® Trusted Connect Service Client

Java 7 Update 9

Java 7 Update 9 (64-bit)

Java Auto Updater

Java SE Development Kit 7 Update 7 (64-bit)

join.me

Junk Mail filter update

jZip

Logitech SetPoint 6.32

Logitech Vid HD

Logitech Webcam Software

LWS Facebook

LWS Gallery

LWS Help_main

LWS Launcher

LWS Motion Detection

LWS Pictures And Video

LWS Twitter

LWS Video Mask Maker

LWS VideoEffects

LWS Webcam Software

LWS WLM Plugin

LWS YouTube Plugin

Malwarebytes Anti-Malware version 1.65.1.1000

Mesh Runtime

Microsoft .NET Framework 4 Client Profile

Microsoft Application Error Reporting

Microsoft Office 2010

Microsoft Office Click-to-Run 2010

Microsoft Office Starter 2010 - English

Microsoft Silverlight

Microsoft SQL Server 2005 Compact Edition [ENU]

Microsoft SQL Server Compact 3.5 SP2 ENU

Microsoft SQL Server Compact 3.5 SP2 x64 ENU

Microsoft Visual C++ 2005 Redistributable

Microsoft Visual C++ 2005 Redistributable (x64)

Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17

Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148

Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161

Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17

Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148

Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161

Microsoft Visual C++ 2010 x64 Redistributable - 10.0.30319

Microsoft Visual C++ 2010 x86 Redistributable - 10.0.30319

Mozilla Firefox 17.0 (x86 en-US)

Mozilla Maintenance Service

MSVCRT

MSVCRT_amd64

MSXML 4.0 SP2 (KB954430)

MSXML 4.0 SP2 (KB973688)

MSXML 4.0 SP3 Parser

MSXML 4.0 SP3 Parser (KB2721691)

Music Manager

Neat

Neat ADF Scanner 2008 Driver

Neat ADF Scanner Driver

Neat Core Files

Neat Mobile Scanner (Silver) Driver

Neat Mobile Scanner 2008 Driver

Neat Mobile Scanner Driver

Nero BackItUp 10

Nero BackItUp 10 Help (CHM)

Nero Control Center 10

Nero ControlCenter 10 Help (CHM)

Nero Core Components 10

Nero DiscSpeed 10

Nero DiscSpeed 10 Help (CHM)

Nero Express 10

Nero Express 10 Help (CHM)

Nero Multimedia Suite 10 Essentials

Nero RescueAgent 10

Nero RescueAgent 10 Help (CHM)

Nero StartSmart 10

Nero StartSmart 10 Help (CHM)

Nero Update

News Rover -- Usenet newsreader

Opera 12.11

Package: Samsung Galaxy S3 ToolKit

PDFlite 0.8

RateWatch

Realtek High Definition Audio Driver

RedMon - Redirection Port Monitor

SAMSUNG USB Driver for Mobile Phones

Security Update for CAPICOM (KB931906)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2604121)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2656351)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2656368v2)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2656405)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2686827)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2729449)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2737019)

Send To Neat

Skype Click to Call

Skype™ 6.0

Soda PDF OCR

Spybot - Search & Destroy

swMSM

Torch

TweetDeck

Update for Microsoft .NET Framework 4 Client Profile (KB2468871)

Update for Microsoft .NET Framework 4 Client Profile (KB2533523)

Update for Microsoft .NET Framework 4 Client Profile (KB2600217)

VIPRE Internet Security

VLC media player 2.0.1

Welcome Center

Windows Live

Windows Live Communications Platform

Windows Live Essentials

Windows Live Galeria de Fotos

Windows Live ID Sign-in Assistant

Windows Live Installer

Windows Live Language Selector

Windows Live Mail

Windows Live Mesh

Windows Live Messenger

Windows Live MIME IFilter

Windows Live Movie Maker

Windows Live Photo Common

Windows Live Photo Gallery

Windows Live PIMT Platform

Windows Live Remote Client

Windows Live Remote Client Resources

Windows Live Remote Service

Windows Live Remote Service Resources

Windows Live SOXE

Windows Live SOXE Definitions

Windows Live UX Platform

Windows Live UX Platform Language Pack

Windows Live Writer

Windows Live Writer Resources

Windows XP Mode

XChat 2 (remove only)

.

==== Event Viewer Messages From Past Week ========

.

11/27/2012 9:22:43 AM, Error: Service Control Manager [7000] - The LogMeIn Kernel Information Provider service failed to start due to the following error:

The system cannot find the path specified.

11/27/2012 11:14:19 AM, Error: bowser [8003] - The master browser has received a server announcement from the computer DELLDESKTOP that believes that it is

the master browser for the domain on transport NetBT_Tcpip_{0AE144C0-F63A-4C16-BAA1-A0267DC4DD46}. The master browser is stopping or an election is being

forced.

11/21/2012 8:16:22 PM, Error: bowser [8003] - The master browser has received a server announcement from the computer YOMAMMA-PC that believes that it is

the master browser for the domain on transport NetBT_Tcpip_{0AE144C0-F63A-4C16-BAA1-A0267DC4DD46}. The master browser is stopping or an election is being

forced.

11/21/2012 12:29:24 PM, Error: Microsoft-Windows-Bits-Client [16398] - A new BITS job could not be created. The current job count for the user GatewayWork

\Stephen (60) is equal to or greater than the job limit (60) specified through group policy. To correct the problem, complete or cancel the BITS jobs that

haven't made progress by looking at the error, and restart the BITS service. If this error recurs, contact your system administrator and increate the per-

user and per-computer Group Policy job limits.

11/21/2012 10:12:16 PM, Error: Service Control Manager [7030] - The PEVSystemStart service is marked as an interactive service. However, the system is

configured to not allow interactive services. This service may not function properly.

11/21/2012 10:11:52 PM, Error: Application Popup [1060] - \??\C:\ComboFix\catchme.sys has been blocked from loading due to incompatibility with this system.

Please contact your software vendor for a compatible version of the driver.

11/21/2012 10:07:30 PM, Error: Service Control Manager [7034] - The Skype C2C Service service terminated unexpectedly. It has done this 1 time(s).

.

==== End Of File ===========================

DDS (Ver_2012-11-20.01) - NTFS_AMD64

Internet Explorer: 9.0.8112.16455 BrowserJavaVersion: 10.9.2

Run by Stephen at 11:31:19 on 2012-11-27

Microsoft Windows 7 Home Premium 6.1.7601.1.1252.1.1033.18.8071.5062 [GMT -5:00]

.

AV: GFI Software VIPRE *Enabled/Updated* {E0D97DD4-42BA-B3F2-A5A7-22E9ACE81FC7}

SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

SP: GFI Software VIPRE *Enabled/Updated* {5BB89C30-6480-BC7C-9F17-199BD76F557A}

FW: GFI Software VIPRE *Enabled* {D8E2FCF1-08D5-B2AA-8EF8-8BDC523B58BC}

.

============== Running Processes ===============

.

C:\Windows\system32\lsm.exe

C:\Windows\system32\svchost.exe -k DcomLaunch

C:\Windows\VPDAgent_x64.exe

C:\Windows\system32\svchost.exe -k RPCSS

C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted

C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted

C:\Windows\system32\svchost.exe -k netsvcs

C:\Program Files (x86)\Common Files\logishrd\LVMVFM\UMVPFSrv.exe

C:\Windows\system32\svchost.exe -k LocalService

C:\Windows\system32\svchost.exe -k NetworkService

C:\Windows\System32\spoolsv.exe

C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork

C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe

C:\Program Files (x86)\Microsoft\BingBar\SeaPort.EXE

C:\Program Files (x86)\Bonjour\mDNSResponder.exe

C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation

C:\Program Files (x86)\GFI Software\VIPRE\LanGuard 10 Agent\lnssatt.exe

C:\Program Files (x86)\Gateway\Registration\GREGsvc.exe

C:\Program Files\Intel\iCLS Client\HeciServer.exe

C:\Windows\system32\IProsetMonitor.exe

C:\Windows\system32\taskhost.exe

C:\Windows\system32\Dwm.exe

C:\Windows\Explorer.EXE

C:\Program Files (x86)\Intel\Intel® Management Engine Components\DAL\jhi_service.exe

C:\Program Files (x86)\Google\Update\1.3.21.123\GoogleCrashHandler.exe

C:\Program Files\Gateway\Gateway Updater\UpdaterService.exe

C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe

C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe

C:\Program Files (x86)\GFI Software\VIPRE\SBPIMSvc.exe

C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe

C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe

C:\ProgramData\Skype\Toolbars\Skype C2C Service\c2c_service.exe

C:\Windows\system32\svchost.exe -k imgsvc

C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe

C:\Program Files (x86)\Google\Update\1.3.21.123\GoogleCrashHandler64.exe

C:\Program Files (x86)\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE

C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted

C:\Windows\System32\WUDFHost.exe

C:\Windows\System32\igfxtray.exe

C:\Windows\System32\hkcmd.exe

C:\Windows\System32\igfxpers.exe

C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe

C:\Program Files\Logitech\SetPointP\SetPoint.exe

C:\Program Files (x86)\Google\Drive\googledrivesync.exe

C:\Program Files\Common Files\LogiShrd\KHAL3\KHALMNPR.EXE

C:\Program Files (x86)\Google\Drive\googledrivesync.exe

C:\Users\Stephen\AppData\Local\Google\Chrome\Application\chrome.exe

C:\Windows\system32\SearchIndexer.exe

C:\Users\Stephen\AppData\Local\Programs\Google\MusicManager\MusicManager.exe

C:\Program Files (x86)\Spybot - Search & Destroy\TeaTimer.exe

C:\Program Files (x86)\Evernote\Evernote\EvernoteClipper.exe

C:\Users\Stephen\AppData\Roaming\Insync\App\Insync.exe

C:\Program Files (x86)\Intel\Intel® USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe

C:\Program Files (x86)\GFI Software\VIPRE\SBAMTray.exe

C:\Users\Stephen\AppData\Roaming\SQLDriver\SQLDriver.exe

C:\Program Files\Windows Media Player\wmpnetwk.exe

C:\Program Files (x86)\GFI Software\VIPRE\SBAMSvc.exe

C:\Program Files (x86)\GFI Software\VIPRE\LanGuard 10 Agent\Mantle.exe

C:\Windows\System32\svchost.exe -k LocalServicePeerNet

C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe

C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe

C:\Program Files (x86)\Nero\Update\NASvc.exe

C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe

C:\Users\Stephen\AppData\Local\Google\Chrome\Application\chrome.exe

C:\Users\Stephen\AppData\Local\Google\Chrome\Application\chrome.exe

C:\Users\Stephen\AppData\Local\Google\Chrome\Application\chrome.exe

C:\Users\Stephen\AppData\Local\Google\Chrome\Application\chrome.exe

C:\Users\Stephen\AppData\Local\Google\Chrome\Application\chrome.exe

C:\Users\Stephen\AppData\Local\Google\Chrome\Application\chrome.exe

C:\Users\Stephen\AppData\Local\Google\Chrome\Application\chrome.exe

C:\Users\Stephen\AppData\Local\Google\Chrome\Application\chrome.exe

C:\Users\Stephen\AppData\Local\Google\Chrome\Application\chrome.exe

C:\Users\Stephen\AppData\Local\Google\Chrome\Application\chrome.exe

C:\Users\Stephen\AppData\Local\Google\Chrome\Application\chrome.exe

C:\Users\Stephen\AppData\Local\Google\Chrome\Application\chrome.exe

C:\Users\Stephen\AppData\Local\Google\Chrome\Application\chrome.exe

C:\Users\Stephen\AppData\Local\Google\Chrome\Application\chrome.exe

C:\Users\Stephen\AppData\Local\Google\Chrome\Application\chrome.exe

C:\Users\Stephen\AppData\Local\Google\Chrome\Application\chrome.exe

C:\Users\Stephen\AppData\Local\Google\Chrome\Application\chrome.exe

C:\Users\Stephen\AppData\Local\Google\Chrome\Application\chrome.exe

C:\Users\Stephen\AppData\Local\Google\Chrome\Application\chrome.exe

C:\Users\Stephen\AppData\Local\Google\Chrome\Application\chrome.exe

C:\Users\Stephen\AppData\Local\Google\Chrome\Application\chrome.exe

C:\Users\Stephen\AppData\Local\Google\Google Talk Plugin\googletalkplugin.exe

C:\Program Files (x86)\Skype\Phone\Skype.exe

C:\Program Files (x86)\RateWatch\RateWatch.exe

C:\Program Files (x86)\Evernote\Evernote\Evernote.exe

C:\Program Files (x86)\Evernote\Evernote\EvernoteTray.exe

C:\Users\Stephen\AppData\Local\Google\Chrome\Application\chrome.exe

C:\Windows\system32\SearchProtocolHost.exe

C:\Windows\system32\SearchFilterHost.exe

C:\Windows\system32\wbem\wmiprvse.exe

C:\Windows\System32\cscript.exe

.

============== Pseudo HJT Report ===============

.

uStart Page = hxxp://www.bing.com/?pc=MAGW

mStart Page = hxxp://www.bing.com/?pc=MAGW

mDefault_Page_URL = hxxp://www.bing.com/?pc=MAGW

BHO: Adobe PDF Link Helper: {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll

BHO: Spybot-S&D IE Protection: {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files (x86)\Spybot - Search & Destroy\SDHelper.dll

BHO: PodcastBHO Class: {65134FDF-F8A5-4B3D-91D9-CDF273CFD578} - C:\Program Files (x86)\Common Files\doubleTwist\IEPodcastPlugin.dll

BHO: Java Plug-In SSV Helper: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll

BHO: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live

\WindowsLiveLogin.dll

BHO: Skype Browser Helper: {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll

BHO: Bing Bar Helper: {d2ce3e00-f94a-4740-988e-03dc2f38c34f} -

BHO: Java Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll

TB: Bing Bar: {8dcb7100-df86-4384-8842-8fa844297b3f} -

uRun: [GoogleDriveSync] "C:\Program Files (x86)\Google\Drive\googledrivesync.exe" /autostart

uRun: [57AD0B2C9906DFDBF54DD87E02C3DCFDD7598BCD._service_run] "C:\Users\Stephen\AppData\Local\Google\Chrome\Application\chrome.exe" --type=service

uRun: [sqlDriver] C:\Users\Stephen\AppData\Roaming\SQLDriver\SQLDriver.exe

uRun: [MusicManager] "C:\Users\Stephen\AppData\Local\Programs\Google\MusicManager\MusicManager.exe"

uRun: [spybotSD TeaTimer] C:\Program Files (x86)\Spybot - Search & Destroy\TeaTimer.exe

mRun: [uSB3MON] "C:\Program Files (x86)\Intel\Intel® USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe"

mRun: [sBAMTray] "C:\Program Files (x86)\GFI Software\VIPRE\SBAMTray.exe"

StartupFolder: C:\Users\Stephen\AppData\Roaming\MICROS~1\Windows\STARTM~1\Programs\Startup\EVERNO~1.LNK - C:\Program Files (x86)\Evernote\Evernote

\EvernoteClipper.exe

StartupFolder: C:\Users\Stephen\AppData\Roaming\MICROS~1\Windows\STARTM~1\Programs\Startup\Insync.lnk - C:\Users\Stephen\AppData\Roaming\Insync\App

\Insync.exe

uPolicies-Explorer: NoDrives = dword:0

mPolicies-Explorer: NoDrives = dword:0

mPolicies-System: ConsentPromptBehaviorAdmin = dword:5

mPolicies-System: ConsentPromptBehaviorUser = dword:3

mPolicies-System: EnableUIADesktopToggle = dword:0

IE: Add to Evernote 4.0 - C:\Program Files (x86)\Evernote\Evernote\EvernoteIE.dll/204

IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll

IE: {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer

\skypeieplugin.dll

IE: {A95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\Program Files (x86)\Evernote\Evernote\EvernoteIE.dll/204

IE: {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files (x86)\Spybot - Search & Destroy\SDHelper.dll

.

INFO: HKCU has more than 50 listed domains.

If you wish to scan all of them, select the 'Force scan all domains' option.

.

TCP: NameServer = 192.168.13.1

TCP: Interfaces\{0AE144C0-F63A-4C16-BAA1-A0267DC4DD46} : DHCPNameServer = 192.168.13.1

TCP: Interfaces\{B539F6E0-F6DF-4C88-B72B-2917B5C7AC86} : DHCPNameServer = 192.168.43.1

TCP: Interfaces\{B539F6E0-F6DF-4C88-B72B-2917B5C7AC86}\3516E6964716279657D6 : DHCPNameServer = 192.168.13.1

TCP: Interfaces\{B539F6E0-F6DF-4C88-B72B-2917B5C7AC86}\46F6D656E6963696 : DHCPNameServer = 75.75.75.75 75.75.76.76

Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll

Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll

Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files (x86)\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll

SSODL: WebCheck - <orphaned>

mASetup: Neat ADF Scanner 2008 - reg copy "HKLM\Software\Wow6432Node\The Neat Company\Neat ADF Scanner 2008" "HKCU\Software\The Neat Company\Neat ADF Scanner

2008" /s /f

x64-mStart Page = hxxp://www.bing.com/?pc=MAGW

x64-BHO: Java Plug-In SSV Helper: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre7\bin\ssv.dll

x64-BHO: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live

\WindowsLiveLogin.dll

x64-BHO: Skype add-on for Internet Explorer: {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer

x64\skypeieplugin.dll

x64-BHO: Java Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll

x64-Run: [igfxTray] C:\Windows\System32\igfxtray.exe

x64-Run: [HotKeysCmds] C:\Windows\System32\hkcmd.exe

x64-Run: [Persistence] C:\Windows\System32\igfxpers.exe

x64-Run: [RTHDVCPL] C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe -s

x64-Run: [EvtMgr6] C:\Program Files\Logitech\SetPointP\SetPoint.exe /launchGaming

x64-Run: [LogMeIn GUI] "C:\Program Files (x86)\LogMeIn\x64\LogMeInSystray.exe"

x64-IE: {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer

x64\skypeieplugin.dll

x64-Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll

x64-Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - <orphaned>

x64-Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - <orphaned>

x64-Notify: igfxcui - igfxdev.dll

x64-Notify: LBTWlgn - c:\program files\common files\logishrd\bluetooth\LBTWlgn.dll

x64-mASetup: Send To Neat - reg copy "HKLM\Software\The Neat Company\Send To Neat" "HKCU\Software\The Neat Company\Send To Neat" /s /f

.

================= FIREFOX ===================

.

FF - ProfilePath - C:\Users\Stephen\AppData\Roaming\Mozilla\Firefox\Profiles\t9nc1ggn.default\

FF - prefs.js: browser.search.selectedEngine - Yahoo (By Genieo)

FF - prefs.js: browser.startup.homepage - hxxp://yahoo.genieo.com/?v=w3i8

FF - prefs.js: keyword.URL - hxxp://us.yhs4.search.yahoo.com/yhs/search?hspart=w3i&hsimp=yhs-

geneiotransfer&type=W3i_IA,206,0_0,StartPage,20120102,18482,0,0,6434&p=

FF - plugin: C:\PROGRA~2\MICROS~4\Office14\NPSPWRAP.DLL

FF - plugin: C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll

FF - plugin: C:\Program Files (x86)\Common Files\doubleTwist\NPPodcast.dll

FF - plugin: C:\Program Files (x86)\Google\Update\1.3.21.123\npGoogleUpdate3.dll

FF - plugin: C:\Program Files (x86)\Intel\Intel® Management Engine Components\IPT\npIntelWebAPIIPT.dll

FF - plugin: C:\Program Files (x86)\Intel\Intel® Management Engine Components\IPT\npIntelWebAPIUpdater.dll

FF - plugin: C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll

FF - plugin: c:\Program Files (x86)\Microsoft Silverlight\4.1.10329.0\npctrlui.dll

FF - plugin: C:\Program Files (x86)\PDFlite\npPdfViewer.dll

FF - plugin: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll

FF - plugin: C:\ProgramData\Best Buy pc app\npBestBuyPcAppDetector.dll

FF - plugin: C:\Users\Stephen\AppData\Local\Google\Update\1.3.21.123\npGoogleUpdate3.dll

FF - plugin: C:\Users\Stephen\AppData\Roaming\Mozilla\plugins\npgoogletalk.dll

FF - plugin: C:\Users\Stephen\AppData\Roaming\Mozilla\plugins\npgtpo3dautoplugin.dll

FF - plugin: C:\Windows\System32\Wat\npWatWeb.dll

FF - plugin: C:\Windows\SysWOW64\Adobe\Director\np32dsw_1168638.dll

FF - plugin: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_5_502_110.dll

FF - plugin: C:\Windows\SysWOW64\npDeployJava1.dll

FF - plugin: C:\Windows\SysWOW64\npmproxy.dll

FF - ExtSQL: 2012-11-16 16:28; jid0-HZ5UvAEiWWAxT9TKLuhEgUCARqo@jetpack; C:\Users\Stephen\AppData\Roaming\Mozilla\Firefox\Profiles\t9nc1ggn.default

\extensions\jid0-HZ5UvAEiWWAxT9TKLuhEgUCARqo@jetpack.xpi

.

============= SERVICES / DRIVERS ===============

.

R0 iusb3hcs;Intel® USB 3.0 Host Controller Switch Driver;C:\Windows\System32\drivers\iusb3hcs.sys [2012-4-5 16152]

R1 SbFw;SbFw;C:\Windows\System32\drivers\SbFw.sys [2012-9-11 258848]

R2 Agent;VPDAgent;C:\Windows\VPDAgent_x64.exe [2012-11-12 148480]

R2 BBUpdate;BBUpdate;C:\Program Files (x86)\Microsoft\BingBar\SeaPort.EXE [2011-5-12 249648]

R2 cvhsvc;Client Virtualization Handler;C:\Program Files (x86)\Common Files\microsoft shared\Virtualization Handler\CVHSVC.EXE [2012-1-4 822624]

R2 gfi_lanss10_attservice;GFI LanGuard 10 Attendant Service;C:\Program Files (x86)\GFI Software\VIPRE\LanGuard 10 Agent\lnssatt.exe [2012-9-12 115568]

R2 GREGService;GREGService;C:\Program Files (x86)\Gateway\Registration\GREGsvc.exe [2012-2-29 28264]

R2 IAStorDataMgrSvc;Intel® Rapid Storage Technology;C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe [2012-9-10 13592]

R2 Intel® Capability Licensing Service Interface;Intel® Capability Licensing Service Interface;C:\Program Files\Intel\iCLS Client\HeciServer.exe [2012-2

-3 628448]

R2 Intel® PROSet Monitoring Service;Intel® PROSet Monitoring Service;C:\Windows\System32\IPROSetMonitor.exe [2012-9-26 189608]

R2 iPodDrv;iPodDrv;C:\Windows\System32\drivers\iPodDrv.sys [2011-7-27 14952]

R2 jhi_service;Intel® Dynamic Application Loader Host Interface Service;C:\Program Files (x86)\Intel\Intel® Management Engine Components\DAL

\Jhi_service.exe [2012-9-10 161560]

R2 Live Updater Service;Live Updater Service;C:\Program Files\Gateway\Gateway Updater\UpdaterService.exe [2012-4-5 255376]

R2 LMIRfsDriver;LogMeIn Remote File System Driver;C:\Windows\System32\drivers\LMIRfsDriver.sys [2012-10-3 72216]

R2 MBAMScheduler;MBAMScheduler;C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe [2012-9-15 399432]

R2 MBAMService;MBAMService;C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [2012-9-15 676936]

R2 NAUpdate;Nero Update;C:\Program Files (x86)\Nero\Update\NASvc.exe [2011-3-29 598312]

R2 SBAMSvc;VIPRE Internet Security;C:\Program Files (x86)\GFI Software\VIPRE\SBAMSvc.exe [2012-9-20 3677000]

R2 sbapifs;sbapifs;C:\Windows\System32\drivers\sbapifs.sys [2012-9-12 82872]

R2 SBPIMSvc;SB Recovery Service;C:\Program Files (x86)\GFI Software\VIPRE\SBPIMSvc.exe [2012-9-20 175496]

R2 sftlist;Application Virtualization Client;C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe [2011-10-1 508776]

R2 Skype C2C Service;Skype C2C Service;C:\ProgramData\Skype\Toolbars\Skype C2C Service\c2c_service.exe [2012-10-2 3064000]

R2 UMVPFSrv;UMVPFSrv;C:\Program Files (x86)\Common Files\LogiShrd\LVMVFM\UMVPFSrv.exe [2012-1-18 450848]

R2 UNS;Intel® Management and Security Application User Notification Service;C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe

[2012-9-10 363800]

R3 IntcDAud;Intel® Display Audio;C:\Windows\System32\drivers\IntcDAud.sys [2012-4-5 331264]

R3 iusb3hub;Intel® USB 3.0 Hub Driver;C:\Windows\System32\drivers\iusb3hub.sys [2012-4-5 355096]

R3 iusb3xhc;Intel® USB 3.0 eXtensible Host Controller Driver;C:\Windows\System32\drivers\iusb3xhc.sys [2012-4-5 785688]

R3 LVRS64;Logitech RightSound Filter Driver;C:\Windows\System32\drivers\lvrs64.sys [2012-1-18 351136]

R3 LVUVC64;Logitech HD Webcam C310(UVC);C:\Windows\System32\drivers\lvuvc64.sys [2012-1-18 4865568]

R3 MBAMProtector;MBAMProtector;C:\Windows\System32\drivers\mbam.sys [2012-9-15 25928]

R3 SBFWIMCLMP;GFI Software Firewall NDIS IM Filter Miniport;C:\Windows\System32\drivers\SbFwIm.sys [2012-9-11 120064]

R3 sbwtis;sbwtis;C:\Windows\System32\drivers\sbwtis.sys [2012-9-20 86816]

R3 Sftfs;Sftfs;C:\Windows\System32\drivers\Sftfslh.sys [2011-10-1 764264]

R3 Sftplay;Sftplay;C:\Windows\System32\drivers\Sftplaylh.sys [2011-10-1 268648]

R3 Sftredir;Sftredir;C:\Windows\System32\drivers\Sftredirlh.sys [2011-10-1 25960]

R3 Sftvol;Sftvol;C:\Windows\System32\drivers\Sftvollh.sys [2011-10-1 22376]

R3 sftvsa;Application Virtualization Service Agent;C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe [2011-10-1 219496]

S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]

S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-3-18

138576]

S2 SkypeUpdate;Skype Updater;C:\Program Files (x86)\Skype\Updater\Updater.exe [2012-10-19 160944]

S3 BBSvc;Bing Bar Update Service;C:\Program Files (x86)\Microsoft\BingBar\BBSvc.EXE [2011-6-7 191752]

S3 dg_ssudbus;SAMSUNG Mobile USB Composite Device Driver (DEVGURU Ver.);C:\Windows\System32\drivers\ssudbus.sys [2012-7-30 102240]

S3 gfiark;gfiark;C:\Windows\System32\drivers\gfiark.sys [2012-11-8 35456]

S3 netr28x;Ralink 802.11n Extensible Wireless Driver;C:\Windows\System32\drivers\netr28x.sys [2012-4-5 1488448]

S3 pneteth;PdaNet Broadband;C:\Windows\System32\drivers\pneteth.sys [2012-9-15 15360]

S3 SBFWIMCL;GFI Software Firewall NDIS IM Filter Service;C:\Windows\System32\drivers\SbFwIm.sys [2012-9-11 120064]

S3 SbHips;SbHips;C:\Windows\System32\drivers\sbhips.sys [2012-9-11 61216]

S3 ssudmdm;SAMSUNG Mobile USB Modem Drivers (DEVGURU Ver.);C:\Windows\System32\drivers\ssudmdm.sys [2012-7-30 203104]

S3 TsUsbFlt;TsUsbFlt;C:\Windows\System32\drivers\TsUsbFlt.sys [2010-11-20 59392]

S3 TsUsbGD;Remote Desktop Generic USB Device;C:\Windows\System32\drivers\TsUsbGD.sys [2010-11-20 31232]

S3 WatAdminSvc;Windows Activation Technologies Service;C:\Windows\System32\Wat\WatAdminSvc.exe [2012-9-12 1255736]

S4 wlcrasvc;Windows Live Mesh remote connections service;C:\Program Files\Windows Live\Mesh\wlcrasvc.exe [2010-9-22 57184]

.

=============== Created Last 30 ================

.

2012-11-26 12:22:23 -------- d-----w- C:\Users\Stephen\AppData\Local\TechSmith

2012-11-26 12:22:16 -------- d-----w- C:\Users\Stephen\AppData\Roaming\TechSmith

2012-11-26 12:20:45 -------- d-----w- C:\Program Files (x86)\Common Files\TechSmith Shared

2012-11-26 04:59:10 -------- d-----w- C:\Users\Stephen\AppData\Local\Torch

2012-11-26 04:56:45 -------- d-----w- C:\Users\Stephen\AppData\Local\iLivid

2012-11-23 16:02:45 262112 ----a-w- C:\Program Files (x86)\Mozilla Firefox\components\browsercomps.dll

2012-11-23 15:21:58 -------- d-sh--w- C:\$RECYCLE.BIN

2012-11-16 15:14:01 785512 ----a-w- C:\Windows\System32\drivers\Wdf01000.sys

2012-11-16 15:14:01 2560 ----a-w- C:\Windows\System32\drivers\en-US\wdf01000.sys.mui

2012-11-16 15:14:00 9728 ----a-w- C:\Windows\System32\Wdfres.dll

2012-11-16 15:14:00 54376 ----a-w- C:\Windows\System32\drivers\WdfLdr.sys

2012-11-16 15:10:36 87040 ----a-w- C:\Windows\System32\drivers\WUDFPf.sys

2012-11-16 15:10:36 84992 ----a-w- C:\Windows\System32\WUDFSvc.dll

2012-11-16 15:10:36 744448 ----a-w- C:\Windows\System32\WUDFx.dll

2012-11-16 15:10:36 45056 ----a-w- C:\Windows\System32\WUDFCoinstaller.dll

2012-11-16 15:10:36 229888 ----a-w- C:\Windows\System32\WUDFHost.exe

2012-11-16 15:10:36 198656 ----a-w- C:\Windows\System32\drivers\WUDFRd.sys

2012-11-16 15:10:36 194048 ----a-w- C:\Windows\System32\WUDFPlatform.dll

2012-11-12 23:49:25 87040 ----a-w- C:\Windows\System32\redmonnt.dll

2012-11-12 23:49:25 46080 ----a-w- C:\Windows\System32\unredmon.exe

2012-11-12 23:49:23 -------- d-----w- C:\Program Files (x86)\PDFlite

2012-11-12 23:39:20 148480 ----a-w- C:\Windows\VPDAgent_x64.exe

2012-11-12 23:39:19 -------- d-----w- C:\Program Files\Send To Neat

2012-11-12 23:39:15 54784 ----a-w- C:\Windows\System32\sdtnpm.dll

2012-11-12 14:56:17 -------- d-----w- C:\ProgramData\Spybot - Search & Destroy

2012-11-12 14:56:17 -------- d-----w- C:\Program Files (x86)\Spybot - Search & Destroy

2012-11-12 14:49:41 -------- d-----w- C:\Users\Stephen\AppData\Local\jZip

2012-11-12 14:49:29 -------- d-----w- C:\Program Files (x86)\jZip

2012-11-09 16:32:42 -------- d-----w- C:\Users\Stephen\AppData\Local\join.me

2012-11-08 09:00:00 35456 ----a-w- C:\Windows\System32\drivers\gfiark.sys

2012-11-07 02:31:34 -------- d-----w- C:\Users\Stephen\AppData\Local\{AE704BD6-A1D8-4DEF-85CF-CC30E0BB9B0B}

2012-11-02 21:22:12 108008 ----a-w- C:\Windows\System32\WindowsAccessBridge-64.dll

2012-11-02 21:21:40 95208 ----a-w- C:\Windows\SysWow64\WindowsAccessBridge-32.dll

2012-11-01 13:22:54 -------- d-----w- C:\Users\Stephen\AppData\Roaming\SQLUpdate

2012-11-01 13:21:59 -------- d-----w- C:\Users\Stephen\AppData\Roaming\SQLDriver

2012-10-29 20:48:01 -------- d-----w- C:\Users\Stephen\AppData\Local\{1F5F75BD-DA1C-48BA-881B-0D511F7F4C11}

2012-10-29 00:11:07 -------- d-----w- C:\Program Files (x86)\Common Files\PC Tools

.

==================== Find3M ====================

.

2012-11-09 11:42:54 73656 ----a-w- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl

2012-11-09 11:42:54 697272 ----a-w- C:\Windows\SysWow64\FlashPlayerApp.exe

2012-11-02 21:22:09 916456 ----a-w- C:\Windows\System32\deployJava1.dll

2012-11-02 21:22:09 1034216 ----a-w- C:\Windows\System32\npDeployJava1.dll

2012-11-02 21:21:37 821736 ----a-w- C:\Windows\SysWow64\npDeployJava1.dll

2012-11-02 21:21:37 746984 ----a-w- C:\Windows\SysWow64\deployJava1.dll

2012-10-30 19:16:46 18960 ----a-w- C:\Windows\System32\drivers\LNonPnP.sys

2012-10-18 18:25:58 3149824 ----a-w- C:\Windows\System32\win32k.sys

2012-10-09 18:17:13 55296 ----a-w- C:\Windows\System32\dhcpcsvc6.dll

2012-10-09 18:17:13 226816 ----a-w- C:\Windows\System32\dhcpcore6.dll

2012-10-09 17:40:31 44032 ----a-w- C:\Windows\SysWow64\dhcpcsvc6.dll

2012-10-09 17:40:31 193536 ----a-w- C:\Windows\SysWow64\dhcpcore6.dll

2012-10-08 11:31:03 2312704 ----a-w- C:\Windows\System32\jscript9.dll

2012-10-08 11:23:52 1392128 ----a-w- C:\Windows\System32\wininet.dll

2012-10-08 11:22:55 1494528 ----a-w- C:\Windows\System32\inetcpl.cpl

2012-10-08 11:18:22 173056 ----a-w- C:\Windows\System32\ieUnatt.exe

2012-10-08 11:17:35 599040 ----a-w- C:\Windows\System32\vbscript.dll

2012-10-08 11:13:33 2382848 ----a-w- C:\Windows\System32\mshtml.tlb

2012-10-08 07:56:24 1800704 ----a-w- C:\Windows\SysWow64\jscript9.dll

2012-10-08 07:48:03 1129472 ----a-w- C:\Windows\SysWow64\wininet.dll

2012-10-08 07:47:44 1427968 ----a-w- C:\Windows\SysWow64\inetcpl.cpl

2012-10-08 07:44:05 142848 ----a-w- C:\Windows\SysWow64\ieUnatt.exe

2012-10-08 07:43:21 420864 ----a-w- C:\Windows\SysWow64\vbscript.dll

2012-10-08 07:40:56 2382848 ----a-w- C:\Windows\SysWow64\mshtml.tlb

2012-10-03 17:56:54 1914248 ----a-w- C:\Windows\System32\drivers\tcpip.sys

2012-10-03 17:44:21 70656 ----a-w- C:\Windows\System32\nlaapi.dll

2012-10-03 17:44:21 303104 ----a-w- C:\Windows\System32\nlasvc.dll

2012-10-03 17:44:17 246272 ----a-w- C:\Windows\System32\netcorehc.dll

2012-10-03 17:44:17 18944 ----a-w- C:\Windows\System32\netevent.dll

2012-10-03 17:44:16 216576 ----a-w- C:\Windows\System32\ncsi.dll

2012-10-03 17:42:16 569344 ----a-w- C:\Windows\System32\iphlpsvc.dll

2012-10-03 16:42:24 18944 ----a-w- C:\Windows\SysWow64\netevent.dll

2012-10-03 16:42:24 175104 ----a-w- C:\Windows\SysWow64\netcorehc.dll

2012-10-03 16:42:23 156672 ----a-w- C:\Windows\SysWow64\ncsi.dll

2012-10-03 16:07:26 45568 ----a-w- C:\Windows\System32\drivers\tcpipreg.sys

2012-09-29 23:54:26 25928 ----a-w- C:\Windows\System32\drivers\mbam.sys

2012-09-26 20:55:59 337608 ----a-w- C:\Windows\System32\PROUnstl.exe

2012-09-26 20:55:36 316064 ----a-w- C:\Windows\System32\PRONtObj.dll

2012-09-26 20:55:35 162152 ----a-w- C:\Windows\System32\drivers\iANSW60e.sys

2012-09-25 22:47:43 78336 ----a-w- C:\Windows\SysWow64\synceng.dll

2012-09-25 22:46:17 95744 ----a-w- C:\Windows\System32\synceng.dll

2012-09-20 09:40:04 47496 ----a-w- C:\Windows\SysWow64\sbbd.exe

2012-09-20 09:40:04 47496 ----a-w- C:\Windows\System32\sbbd.exe

2012-09-20 09:11:58 86816 ----a-w- C:\Windows\System32\drivers\sbwtis.sys

2012-09-20 09:11:58 61216 ----a-w- C:\Windows\System32\drivers\sbhips.sys

2012-09-20 09:11:58 258848 ----a-w- C:\Windows\System32\drivers\SbFw.sys

2012-09-18 21:55:55 110602 ----a-w- C:\Windows\News Rover Uninstaller.exe

2012-09-14 19:19:29 2048 ----a-w- C:\Windows\System32\tzres.dll

2012-09-14 18:28:53 2048 ----a-w- C:\Windows\SysWow64\tzres.dll

2012-09-13 00:19:42 634560 ----a-w- C:\Windows\SysWow64\XceedZip.dll

2012-09-13 00:19:38 82872 ----a-w- C:\Windows\System32\drivers\sbapifs.sys

2012-09-13 00:19:34 120064 ----a-w- C:\Windows\System32\drivers\SbFwIm.sys

2012-09-10 23:42:20 499712 ----a-w- C:\Windows\SysWow64\msvcp71.dll

2012-09-10 23:42:20 348160 ----a-w- C:\Windows\SysWow64\msvcr71.dll

2012-09-10 23:42:20 29480 ----a-w- C:\Windows\SysWow64\msxml3a.dll

2012-08-31 18:19:35 1659760 ----a-w- C:\Windows\System32\drivers\ntfs.sys

2012-08-30 18:03:45 5559664 ----a-w- C:\Windows\System32\ntoskrnl.exe

2012-08-30 17:12:02 3968880 ----a-w- C:\Windows\SysWow64\ntkrnlpa.exe

2012-08-30 17:12:02 3914096 ----a-w- C:\Windows\SysWow64\ntoskrnl.exe

.

============= FINISH: 11:31:44.92 ===============

Link to post
Share on other sites

  • Staff

Hi and welcome to Malwarebytes.

Please update MBAM, run a Quick Scan, and post its log.

Next, please visit this webpage for instructions for running ComboFix:

http://www.bleepingcomputer.com/combofix/how-to-use-combofix

  • When the tool is finished, it will produce a report for you.
  • Please post the contents of C:\ComboFix.txt along with a new DDS log so we may continue cleaning the system.

Link to post
Share on other sites

Malwarebytes Anti-Malware (PRO) 1.65.1.1000

www.malwarebytes.org

Database version: v2012.11.28.10

Windows 7 Service Pack 1 x64 NTFS

Internet Explorer 9.0.8112.16421

Stephen :: GATEWAYWORK [administrator]

Protection: Enabled

11/29/2012 9:42:25 AM

mbam-log-2012-11-29 (09-42-25).txt

Scan type: Quick scan

Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM | P2P

Scan options disabled:

Objects scanned: 213014

Time elapsed: 1 minute(s), 55 second(s)

Memory Processes Detected: 0

(No malicious items detected)

Memory Modules Detected: 0

(No malicious items detected)

Registry Keys Detected: 1

HKCU\Software\VB and VBA Program Settings\SrvID (Malware.Trace) -> Quarantined and deleted successfully.

Registry Values Detected: 0

(No malicious items detected)

Registry Data Items Detected: 0

(No malicious items detected)

Folders Detected: 0

(No malicious items detected)

Files Detected: 0

(No malicious items detected)

(end)

ComboFix 12-11-29.02 - Stephen 11/29/2012 9:50.3.4 - x64

Microsoft Windows 7 Home Premium 6.1.7601.1.1252.1.1033.18.8071.5552 [GMT -5:00]

Running from: c:\users\Stephen\Desktop\ComboFix.exe

AV: GFI Software VIPRE *Disabled/Updated* {E0D97DD4-42BA-B3F2-A5A7-22E9ACE81FC7}

FW: GFI Software VIPRE *Enabled* {D8E2FCF1-08D5-B2AA-8EF8-8BDC523B58BC}

SP: GFI Software VIPRE *Disabled/Updated* {5BB89C30-6480-BC7C-9F17-199BD76F557A}

SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

.

.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))

.

.

c:\users\Stephen\AppData\Local\Temp\_MEI57482\_ctypes.pyd

c:\users\Stephen\AppData\Local\Temp\_MEI57482\_elementtree.pyd

c:\users\Stephen\AppData\Local\Temp\_MEI57482\_hashlib.pyd

c:\users\Stephen\AppData\Local\Temp\_MEI57482\_socket.pyd

c:\users\Stephen\AppData\Local\Temp\_MEI57482\_ssl.pyd

c:\users\Stephen\AppData\Local\Temp\_MEI57482\pyexpat.pyd

c:\users\Stephen\AppData\Local\Temp\_MEI57482\pysqlite2._sqlite.pyd

c:\users\Stephen\AppData\Local\Temp\_MEI57482\python26.dll

c:\users\Stephen\AppData\Local\Temp\_MEI57482\pythoncom26.dll

c:\users\Stephen\AppData\Local\Temp\_MEI57482\PyWinTypes26.dll

c:\users\Stephen\AppData\Local\Temp\_MEI57482\select.pyd

c:\users\Stephen\AppData\Local\Temp\_MEI57482\unicodedata.pyd

c:\users\Stephen\AppData\Local\Temp\_MEI57482\win32api.pyd

c:\users\Stephen\AppData\Local\Temp\_MEI57482\win32com.shell.shell.pyd

c:\users\Stephen\AppData\Local\Temp\_MEI57482\win32crypt.pyd

c:\users\Stephen\AppData\Local\Temp\_MEI57482\win32event.pyd

c:\users\Stephen\AppData\Local\Temp\_MEI57482\win32file.pyd

c:\users\Stephen\AppData\Local\Temp\_MEI57482\win32inet.pyd

c:\users\Stephen\AppData\Local\Temp\_MEI57482\win32pdh.pyd

c:\users\Stephen\AppData\Local\Temp\_MEI57482\win32process.pyd

c:\users\Stephen\AppData\Local\Temp\_MEI57482\win32profile.pyd

c:\users\Stephen\AppData\Local\Temp\_MEI57482\win32security.pyd

c:\users\Stephen\AppData\Local\Temp\_MEI57482\win32ts.pyd

c:\users\Stephen\AppData\Local\Temp\_MEI57482\windows._cacheinvalidation.pyd

c:\users\Stephen\AppData\Local\Temp\_MEI57482\wx._controls_.pyd

c:\users\Stephen\AppData\Local\Temp\_MEI57482\wx._core_.pyd

c:\users\Stephen\AppData\Local\Temp\_MEI57482\wx._gdi_.pyd

c:\users\Stephen\AppData\Local\Temp\_MEI57482\wx._html2.pyd

c:\users\Stephen\AppData\Local\Temp\_MEI57482\wx._misc_.pyd

c:\users\Stephen\AppData\Local\Temp\_MEI57482\wx._windows_.pyd

c:\users\Stephen\AppData\Local\Temp\_MEI57482\wx._wizard.pyd

c:\users\Stephen\AppData\Local\Temp\_MEI57482\wxbase293u_net_vc.dll

c:\users\Stephen\AppData\Local\Temp\_MEI57482\wxbase293u_vc.dll

c:\users\Stephen\AppData\Local\Temp\_MEI57482\wxmsw293u_adv_vc.dll

c:\users\Stephen\AppData\Local\Temp\_MEI57482\wxmsw293u_core_vc.dll

c:\users\Stephen\AppData\Local\Temp\_MEI57482\wxmsw293u_html_vc.dll

c:\users\Stephen\AppData\Local\Temp\_MEI57482\wxmsw293u_webview_vc.dll

c:\users\Stephen\AppData\Local\Temp\tmp2uknxo\googledrivesync.exe

.

.

((((((((((((((((((((((((( Files Created from 2012-10-28 to 2012-11-29 )))))))))))))))))))))))))))))))

.

.

2012-11-29 14:53 . 2012-11-29 14:53 -------- d-----w- c:\users\Default\AppData\Local\temp

2012-11-26 12:22 . 2012-11-26 12:22 -------- d-----w- c:\users\Stephen\AppData\Local\TechSmith

2012-11-26 12:22 . 2012-11-26 12:22 -------- d-----w- c:\users\Stephen\AppData\Roaming\TechSmith

2012-11-26 12:20 . 2012-11-26 12:20 -------- d-----w- c:\program files (x86)\QuickTime

2012-11-26 12:20 . 2012-11-26 12:20 -------- d-----w- c:\program files (x86)\Common Files\TechSmith Shared

2012-11-26 12:20 . 2012-11-26 12:20 -------- d-----w- c:\programdata\TechSmith

2012-11-26 12:20 . 2012-11-26 12:20 -------- d-----w- c:\program files (x86)\TechSmith

2012-11-26 04:59 . 2012-11-26 04:59 -------- d-----w- c:\users\Stephen\AppData\Local\Torch

2012-11-26 04:56 . 2012-11-26 04:59 -------- d-----w- c:\users\Stephen\AppData\Local\iLivid

2012-11-23 16:02 . 2012-11-19 19:32 262112 ----a-w- c:\program files (x86)\Mozilla Firefox\components\browsercomps.dll

2012-11-16 15:14 . 2012-07-26 04:55 785512 ----a-w- c:\windows\system32\drivers\Wdf01000.sys

2012-11-16 15:14 . 2012-07-26 04:47 2560 ----a-w- c:\windows\system32\drivers\en-US\wdf01000.sys.mui

2012-11-16 15:14 . 2012-07-26 04:55 54376 ----a-w- c:\windows\system32\drivers\WdfLdr.sys

2012-11-16 15:14 . 2012-07-26 02:36 9728 ----a-w- c:\windows\system32\Wdfres.dll

2012-11-16 15:10 . 2012-07-26 03:08 229888 ----a-w- c:\windows\system32\WUDFHost.exe

2012-11-16 15:10 . 2012-07-26 03:08 84992 ----a-w- c:\windows\system32\WUDFSvc.dll

2012-11-16 15:10 . 2012-07-26 03:08 744448 ----a-w- c:\windows\system32\WUDFx.dll

2012-11-16 15:10 . 2012-07-26 03:08 45056 ----a-w- c:\windows\system32\WUDFCoinstaller.dll

2012-11-16 15:10 . 2012-07-26 03:08 194048 ----a-w- c:\windows\system32\WUDFPlatform.dll

2012-11-16 15:10 . 2012-07-26 02:26 87040 ----a-w- c:\windows\system32\drivers\WUDFPf.sys

2012-11-16 15:10 . 2012-07-26 02:26 198656 ----a-w- c:\windows\system32\drivers\WUDFRd.sys

2012-11-12 23:49 . 2005-03-11 18:07 87040 ----a-w- c:\windows\system32\redmonnt.dll

2012-11-12 23:49 . 2005-03-11 18:07 46080 ----a-w- c:\windows\system32\unredmon.exe

2012-11-12 23:49 . 2012-11-12 23:49 -------- d-----w- c:\program files (x86)\PDFlite

2012-11-12 23:39 . 2012-09-06 12:41 148480 ----a-w- c:\windows\VPDAgent_x64.exe

2012-11-12 23:39 . 2012-11-12 23:39 -------- d-----w- c:\program files\Send To Neat

2012-11-12 23:39 . 2012-09-06 12:41 54784 ----a-w- c:\windows\system32\sdtnpm.dll

2012-11-12 14:56 . 2012-11-12 16:27 -------- d-----w- c:\programdata\Spybot - Search & Destroy

2012-11-12 14:56 . 2012-11-12 14:56 -------- d-----w- c:\program files (x86)\Spybot - Search & Destroy

2012-11-12 14:49 . 2012-11-12 14:50 -------- d-----w- c:\users\Stephen\AppData\Local\jZip

2012-11-12 14:49 . 2012-11-12 14:49 -------- d-----w- c:\program files (x86)\jZip

2012-11-09 16:32 . 2012-11-20 13:36 -------- d-----w- c:\users\Stephen\AppData\Local\join.me

2012-11-09 11:44 . 2012-11-09 11:44 -------- d-----w- c:\users\Default\AppData\Local\WinZip

2012-11-09 11:43 . 2012-11-09 11:43 -------- d-----w- c:\program files (x86)\Common Files\Skype

2012-11-08 09:00 . 2012-10-24 14:32 35456 ----a-w- c:\windows\system32\drivers\gfiark.sys

2012-11-02 21:22 . 2012-11-02 21:22 289768 ----a-w- c:\windows\system32\javaws.exe

2012-11-02 21:22 . 2012-11-02 21:22 189416 ----a-w- c:\windows\system32\javaw.exe

2012-11-02 21:22 . 2012-11-02 21:22 188904 ----a-w- c:\windows\system32\java.exe

2012-11-02 21:22 . 2012-11-02 21:22 108008 ----a-w- c:\windows\system32\WindowsAccessBridge-64.dll

2012-11-02 21:21 . 2012-11-02 21:21 95208 ----a-w- c:\windows\SysWow64\WindowsAccessBridge-32.dll

2012-11-02 21:21 . 2012-11-02 21:21 -------- d-----w- c:\program files (x86)\Java

2012-11-01 13:22 . 2012-11-02 12:02 -------- d-----w- c:\users\Stephen\AppData\Roaming\SQLUpdate

2012-11-01 13:21 . 2012-11-01 13:22 -------- d-----w- c:\users\Stephen\AppData\Roaming\SQLDriver

.

.

.

(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))

.

2012-11-29 14:34 . 2012-09-24 14:43 18960 ----a-w- c:\windows\system32\drivers\LNonPnP.sys

2012-11-18 17:22 . 2012-09-11 23:11 66395536 ----a-w- c:\windows\system32\MRT.exe

2012-11-09 11:42 . 2012-04-06 04:10 73656 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl

2012-11-09 11:42 . 2012-04-06 04:10 697272 ----a-w- c:\windows\SysWow64\FlashPlayerApp.exe

2012-11-02 21:22 . 2012-09-15 22:29 916456 ----a-w- c:\windows\system32\deployJava1.dll

2012-11-02 21:22 . 2012-09-15 22:29 1034216 ----a-w- c:\windows\system32\npDeployJava1.dll

2012-11-02 21:21 . 2012-09-11 15:57 821736 ----a-w- c:\windows\SysWow64\npDeployJava1.dll

2012-11-02 21:21 . 2012-09-11 15:57 746984 ----a-w- c:\windows\SysWow64\deployJava1.dll

2012-10-16 08:38 . 2012-11-27 21:15 135168 ----a-w- c:\windows\apppatch\AppPatch64\AcXtrnal.dll

2012-10-16 08:38 . 2012-11-27 21:15 350208 ----a-w- c:\windows\apppatch\AppPatch64\AcLayers.dll

2012-10-16 07:39 . 2012-11-27 21:15 561664 ----a-w- c:\windows\apppatch\AcLayers.dll

2012-10-15 22:36 . 2012-10-15 22:36 756280 ----a-r- c:\users\Stephen\AppData\Roaming\Microsoft\Installer\{F587CC88-D29F-40DA-9268-EEE18D2AF426}\TweetDeck.exe

2012-09-29 23:54 . 2012-09-15 16:28 25928 ----a-w- c:\windows\system32\drivers\mbam.sys

2012-09-26 20:55 . 2012-09-26 20:58 337608 ----a-w- c:\windows\system32\PROUnstl.exe

2012-09-26 20:55 . 2012-09-26 20:55 316064 ----a-w- c:\windows\system32\PRONtObj.dll

2012-09-26 20:55 . 2012-09-26 20:55 162152 ----a-w- c:\windows\system32\drivers\iANSW60e.sys

2012-09-24 14:43 . 2012-09-24 14:43 53248 ----a-r- c:\users\Stephen\AppData\Roaming\Microsoft\Installer\{3EE9BCAE-E9A9-45E5-9B1C-83A4D357E05C}\ARPPRODUCTICON.exe

2012-09-20 09:40 . 2012-10-02 16:04 47496 ----a-w- c:\windows\system32\sbbd.exe

2012-09-20 09:40 . 2012-09-20 09:40 47496 ----a-w- c:\windows\SysWow64\sbbd.exe

2012-09-20 09:11 . 2012-09-20 09:11 86816 ----a-w- c:\windows\system32\drivers\sbwtis.sys

2012-09-20 09:11 . 2012-09-11 22:51 61216 ----a-w- c:\windows\system32\drivers\sbhips.sys

2012-09-20 09:11 . 2012-09-11 22:51 258848 ----a-w- c:\windows\system32\drivers\SbFw.sys

2012-09-19 04:58 . 2012-10-02 16:05 9308616 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{D541B750-C81D-4652-BCC1-8CCFF623749A}\mpengine.dll

2012-09-18 21:55 . 2012-09-18 21:55 110602 ----a-w- c:\windows\News Rover Uninstaller.exe

2012-09-14 19:19 . 2012-10-09 22:03 2048 ----a-w- c:\windows\system32\tzres.dll

2012-09-14 18:28 . 2012-10-09 22:03 2048 ----a-w- c:\windows\SysWow64\tzres.dll

2012-09-13 00:19 . 2012-09-13 00:19 634560 ----a-w- c:\windows\SysWow64\XceedZip.dll

2012-09-13 00:19 . 2012-09-13 00:19 82872 ----a-w- c:\windows\system32\drivers\sbapifs.sys

2012-09-13 00:19 . 2012-09-11 22:51 120064 ----a-w- c:\windows\system32\drivers\SbFwIm.sys

2012-09-10 23:42 . 2012-09-10 23:42 499712 ----a-w- c:\windows\SysWow64\msvcp71.dll

2012-09-10 23:42 . 2012-09-10 23:42 348160 ----a-w- c:\windows\SysWow64\msvcr71.dll

2012-09-10 23:42 . 2012-09-10 23:42 29480 ----a-w- c:\windows\SysWow64\msxml3a.dll

2012-09-10 21:46 . 2011-03-29 01:36 19720 ----a-w- c:\programdata\Microsoft\IdentityCRL\production\ppcrlconfig600.dll

2012-08-31 18:19 . 2012-10-09 22:04 1659760 ----a-w- c:\windows\system32\drivers\ntfs.sys

.

.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))

.

.

*Note* empty entries & legit default entries are not shown

REGEDIT4

.

[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\01InsyncSynced]

@="{79168b3f-9ed7-4209-a2ef-835c56a4c0dc}"

[HKEY_CLASSES_ROOT\CLSID\{79168b3f-9ed7-4209-a2ef-835c56a4c0dc}]

2012-11-15 04:38 156592 ----a-w- c:\users\Stephen\AppData\Roaming\Insync\App\InsyncShellExtensions.dll

.

[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\02InsyncSyncing]

@="{8896d747-f2a9-4527-928d-df152fdf73d7}"

[HKEY_CLASSES_ROOT\CLSID\{8896d747-f2a9-4527-928d-df152fdf73d7}]

2012-11-15 04:38 156592 ----a-w- c:\users\Stephen\AppData\Roaming\Insync\App\InsyncShellExtensions.dll

.

[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\03InsyncError]

@="{06E10739-B8D0-41A4-B4A1-A9A4220003B2}"

[HKEY_CLASSES_ROOT\CLSID\{06E10739-B8D0-41A4-B4A1-A9A4220003B2}]

2012-11-15 04:38 156592 ----a-w- c:\users\Stephen\AppData\Roaming\Insync\App\InsyncShellExtensions.dll

.

[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\04InsyncErrorFolder]

@="{e002350f-7ada-4b24-9f42-09ed31681949}"

[HKEY_CLASSES_ROOT\CLSID\{e002350f-7ada-4b24-9f42-09ed31681949}]

2012-11-15 04:38 156592 ----a-w- c:\users\Stephen\AppData\Roaming\Insync\App\InsyncShellExtensions.dll

.

[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt1]

@="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}"

[HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}]

2012-11-13 23:32 129272 ----a-w- c:\users\Stephen\AppData\Roaming\Dropbox\bin\DropboxExt.17.dll

.

[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt2]

@="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}"

[HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}]

2012-11-13 23:32 129272 ----a-w- c:\users\Stephen\AppData\Roaming\Dropbox\bin\DropboxExt.17.dll

.

[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt3]

@="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}"

[HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}]

2012-11-13 23:32 129272 ----a-w- c:\users\Stephen\AppData\Roaming\Dropbox\bin\DropboxExt.17.dll

.

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"GoogleDriveSync"="c:\program files (x86)\Google\Drive\googledrivesync.exe" [2012-11-08 16070136]

"57AD0B2C9906DFDBF54DD87E02C3DCFDD7598BCD._service_run"="c:\users\Stephen\AppData\Local\Google\Chrome\Application\chrome.exe" [2012-11-14 1242728]

"SQLDriver"="c:\users\Stephen\AppData\Roaming\SQLDriver\SQLDriver.exe" [2012-10-18 72351744]

"MusicManager"="c:\users\Stephen\AppData\Local\Programs\Google\MusicManager\MusicManager.exe" [2012-10-22 7356928]

"SpybotSD TeaTimer"="c:\program files (x86)\Spybot - Search & Destroy\TeaTimer.exe" [2009-01-26 2144088]

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]

"USB3MON"="c:\program files (x86)\Intel\Intel® USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe" [2011-12-04 291096]

"SBAMTray"="c:\program files (x86)\GFI Software\VIPRE\SBAMTray.exe" [2012-09-20 3149704]

.

c:\users\Stephen\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\

Dropbox.lnk - c:\users\Stephen\AppData\Roaming\Dropbox\bin\Dropbox.exe [2012-11-21 28791288]

EvernoteClipper.lnk - c:\program files (x86)\Evernote\Evernote\EvernoteClipper.exe [2012-10-26 1017184]

Insync.lnk - c:\users\Stephen\AppData\Roaming\Insync\App\Insync.exe [2012-11-16 56240]

.

c:\users\Default User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\

Best Buy pc app.lnk - c:\programdata\Best Buy pc app\ClickOnceSetup.exe [2011-9-22 16032]

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]

"ConsentPromptBehaviorAdmin"= 5 (0x5)

"ConsentPromptBehaviorUser"= 3 (0x3)

"EnableUIADesktopToggle"= 0 (0x0)

"EnableLinkedConnections"= 1 (0x1)

.

[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\drivers32]

"aux4"=wdmaud.drv

.

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\SBAMSvc]

@="Service"

.

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\SBPIMSvc]

@="Service"

.

R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]

R2 IAStorDataMgrSvc;Intel® Rapid Storage Technology;c:\program files (x86)\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe [2011-11-30 13592]

R2 LMIInfo;LogMeIn Kernel Information Provider;c:\program files (x86)\LogMeIn\x64\RaInfo.sys [x]

R2 NAUpdate;Nero Update;c:\program files (x86)\Nero\Update\NASvc.exe [2011-03-29 598312]

R2 SBAMSvc;VIPRE Internet Security;c:\program files (x86)\GFI Software\VIPRE\SBAMSvc.exe [2012-09-20 3677000]

R2 UNS;Intel® Management and Security Application User Notification Service;c:\program files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe [2012-02-08 363800]

R3 BBSvc;Bing Bar Update Service;c:\program files (x86)\Microsoft\BingBar\BBSvc.EXE [2011-06-07 191752]

R3 gfiark;gfiark;c:\windows\system32\drivers\gfiark.sys [2012-10-24 35456]

R3 netr28x;Ralink 802.11n Extensible Wireless Driver;c:\windows\system32\DRIVERS\netr28x.sys [2011-04-19 1488448]

R3 pneteth;PdaNet Broadband;c:\windows\system32\DRIVERS\pneteth.sys [2011-11-25 15360]

R3 SBFWIMCL;GFI Software Firewall NDIS IM Filter Service;c:\windows\system32\DRIVERS\sbfwim.sys [2012-09-13 120064]

R3 SbHips;SbHips;c:\windows\system32\drivers\sbhips.sys [2012-09-20 61216]

R3 sbwtis;sbwtis;c:\windows\system32\DRIVERS\sbwtis.sys [2012-09-20 86816]

R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [2010-11-21 59392]

R3 TsUsbGD;Remote Desktop Generic USB Device;c:\windows\system32\drivers\TsUsbGD.sys [2010-11-21 31232]

R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe [2012-09-11 1255736]

R4 wlcrasvc;Windows Live Mesh remote connections service;c:\program files\Windows Live\Mesh\wlcrasvc.exe [2010-09-23 57184]

S0 iusb3hcs;Intel® USB 3.0 Host Controller Switch Driver;c:\windows\system32\DRIVERS\iusb3hcs.sys [2011-12-04 16152]

S1 SbFw;SbFw;c:\windows\system32\drivers\SbFw.sys [2012-09-20 258848]

S2 Agent;VPDAgent;c:\windows\VPDAgent_x64.exe [2012-09-06 148480]

S2 BBUpdate;BBUpdate;c:\program files (x86)\Microsoft\BingBar\SeaPort.EXE [2011-05-12 249648]

S2 cvhsvc;Client Virtualization Handler;c:\program files (x86)\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE [2012-01-04 822624]

S2 gfi_lanss10_attservice;GFI LanGuard 10 Attendant Service;c:\program files (x86)\GFI Software\VIPRE\LanGuard 10 Agent\lnssatt.exe [2012-09-13 115568]

S2 GREGService;GREGService;c:\program files (x86)\Gateway\Registration\GREGsvc.exe [2012-02-29 28264]

S2 Intel® Capability Licensing Service Interface;Intel® Capability Licensing Service Interface;c:\program files\Intel\iCLS Client\HeciServer.exe [2012-02-03 628448]

S2 Intel® PROSet Monitoring Service;Intel® PROSet Monitoring Service;c:\windows\system32\IProsetMonitor.exe [2011-11-09 189608]

S2 iPodDrv;iPodDrv;c:\windows\system32\drivers\iPodDrv.sys [2011-07-27 14952]

S2 jhi_service;Intel® Dynamic Application Loader Host Interface Service;c:\program files (x86)\Intel\Intel® Management Engine Components\DAL\jhi_service.exe [2012-02-08 161560]

S2 Live Updater Service;Live Updater Service;c:\program files\Gateway\Gateway Updater\UpdaterService.exe [2012-02-07 255376]

S2 MBAMScheduler;MBAMScheduler;c:\program files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe [2012-09-29 399432]

S2 MBAMService;MBAMService;c:\program files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [2012-09-29 676936]

S2 sbapifs;sbapifs;c:\windows\system32\DRIVERS\sbapifs.sys [2012-09-13 82872]

S2 SBPIMSvc;SB Recovery Service;c:\program files (x86)\GFI Software\VIPRE\SBPIMSvc.exe [2012-09-20 175496]

S2 sftlist;Application Virtualization Client;c:\program files (x86)\Microsoft Application Virtualization Client\sftlist.exe [2011-10-01 508776]

S2 Skype C2C Service;Skype C2C Service;c:\programdata\Skype\Toolbars\Skype C2C Service\c2c_service.exe [2012-10-02 3064000]

S2 SkypeUpdate;Skype Updater;c:\program files (x86)\Skype\Updater\Updater.exe [2012-10-19 160944]

S2 UMVPFSrv;UMVPFSrv;c:\program files (x86)\Common Files\logishrd\LVMVFM\UMVPFSrv.exe [2012-01-18 450848]

S3 dg_ssudbus;SAMSUNG Mobile USB Composite Device Driver (DEVGURU Ver.);c:\windows\system32\DRIVERS\ssudbus.sys [2012-07-30 102240]

S3 IntcDAud;Intel® Display Audio;c:\windows\system32\DRIVERS\IntcDAud.sys [2011-12-05 331264]

S3 iusb3hub;Intel® USB 3.0 Hub Driver;c:\windows\system32\DRIVERS\iusb3hub.sys [2011-12-04 355096]

S3 iusb3xhc;Intel® USB 3.0 eXtensible Host Controller Driver;c:\windows\system32\DRIVERS\iusb3xhc.sys [2011-12-04 785688]

S3 LVRS64;Logitech RightSound Filter Driver;c:\windows\system32\DRIVERS\lvrs64.sys [2012-01-18 351136]

S3 LVUVC64;Logitech HD Webcam C310(UVC);c:\windows\system32\DRIVERS\lvuvc64.sys [2012-01-18 4865568]

S3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [2012-09-29 25928]

S3 SBFWIMCLMP;GFI Software Firewall NDIS IM Filter Miniport;c:\windows\system32\DRIVERS\SBFWIM.sys [2012-09-13 120064]

S3 Sftfs;Sftfs;c:\windows\system32\DRIVERS\Sftfslh.sys [2011-10-01 764264]

S3 Sftplay;Sftplay;c:\windows\system32\DRIVERS\Sftplaylh.sys [2011-10-01 268648]

S3 Sftredir;Sftredir;c:\windows\system32\DRIVERS\Sftredirlh.sys [2011-10-01 25960]

S3 Sftvol;Sftvol;c:\windows\system32\DRIVERS\Sftvollh.sys [2011-10-01 22376]

S3 sftvsa;Application Virtualization Service Agent;c:\program files (x86)\Microsoft Application Virtualization Client\sftvsa.exe [2011-10-01 219496]

S3 ssudmdm;SAMSUNG Mobile USB Modem Drivers (DEVGURU Ver.);c:\windows\system32\DRIVERS\ssudmdm.sys [2012-07-30 203104]

.

[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\active setup\installed components\Neat ADF Scanner 2008]

reg copy HKLM\Software\Wow6432Node\The Neat Company\Neat ADF Scanner 2008 HKCU\Software\The Neat Company\Neat ADF Scanner 2008 [bU]

.

Contents of the 'Scheduled Tasks' folder

.

2012-11-29 c:\windows\Tasks\Adobe Flash Player Updater.job

- c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-04-06 11:42]

.

2012-11-29 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job

- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2012-09-11 13:15]

.

2012-11-29 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job

- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2012-09-11 13:15]

.

2012-11-28 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3359720339-4014307445-4140227809-1001Core.job

- c:\users\Stephen\AppData\Local\Google\Update\GoogleUpdate.exe [2012-09-11 13:15]

.

2012-11-29 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3359720339-4014307445-4140227809-1001UA.job

- c:\users\Stephen\AppData\Local\Google\Update\GoogleUpdate.exe [2012-09-11 13:15]

.

.

--------- X64 Entries -----------

.

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\01InsyncSynced64]

@="{E14A1BB6-3439-4096-808B-ACFFDBB3D313}"

[HKEY_CLASSES_ROOT\CLSID\{E14A1BB6-3439-4096-808B-ACFFDBB3D313}]

2012-11-15 04:38 176560 ----a-w- c:\users\Stephen\AppData\Roaming\Insync\App\InsyncShellExtensions64.dll

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\02InsyncSyncing64]

@="{5141519A-C349-4FF8-90F6-16ADE4CDC8A2}"

[HKEY_CLASSES_ROOT\CLSID\{5141519A-C349-4FF8-90F6-16ADE4CDC8A2}]

2012-11-15 04:38 176560 ----a-w- c:\users\Stephen\AppData\Roaming\Insync\App\InsyncShellExtensions64.dll

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\03InsyncError64]

@="{E82E3537-C355-484B-9825-01389BA1CD25}"

[HKEY_CLASSES_ROOT\CLSID\{E82E3537-C355-484B-9825-01389BA1CD25}]

2012-11-15 04:38 176560 ----a-w- c:\users\Stephen\AppData\Roaming\Insync\App\InsyncShellExtensions64.dll

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\04InsyncErrorFolder64]

@="{722710aa-a7cd-4094-9abb-4bb18b936838}"

[HKEY_CLASSES_ROOT\CLSID\{722710aa-a7cd-4094-9abb-4bb18b936838}]

2012-11-15 04:38 176560 ----a-w- c:\users\Stephen\AppData\Roaming\Insync\App\InsyncShellExtensions64.dll

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt1]

@="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}"

[HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}]

2012-11-13 23:32 162552 ----a-w- c:\users\Stephen\AppData\Roaming\Dropbox\bin\DropboxExt64.17.dll

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt2]

@="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}"

[HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}]

2012-11-13 23:32 162552 ----a-w- c:\users\Stephen\AppData\Roaming\Dropbox\bin\DropboxExt64.17.dll

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt3]

@="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}"

[HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}]

2012-11-13 23:32 162552 ----a-w- c:\users\Stephen\AppData\Roaming\Dropbox\bin\DropboxExt64.17.dll

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt4]

@="{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}"

[HKEY_CLASSES_ROOT\CLSID\{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}]

2012-11-13 23:32 162552 ----a-w- c:\users\Stephen\AppData\Roaming\Dropbox\bin\DropboxExt64.17.dll

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\GDriveBlacklistedOverlay]

@="{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D42}"

[HKEY_CLASSES_ROOT\CLSID\{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D42}]

2012-11-08 21:58 755224 ----a-w- c:\program files (x86)\Google\Drive\googledrivesync64.dll

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\GDriveSharedOverlay]

@="{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D43}"

[HKEY_CLASSES_ROOT\CLSID\{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D43}]

2012-11-08 21:58 755224 ----a-w- c:\program files (x86)\Google\Drive\googledrivesync64.dll

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\GDriveSyncedOverlay]

@="{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D40}"

[HKEY_CLASSES_ROOT\CLSID\{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D40}]

2012-11-08 21:58 755224 ----a-w- c:\program files (x86)\Google\Drive\googledrivesync64.dll

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\GDriveSyncingOverlay]

@="{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D41}"

[HKEY_CLASSES_ROOT\CLSID\{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D41}]

2012-11-08 21:58 755224 ----a-w- c:\program files (x86)\Google\Drive\googledrivesync64.dll

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"IgfxTray"="c:\windows\system32\igfxtray.exe" [2011-12-26 170264]

"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2011-12-26 398104]

"Persistence"="c:\windows\system32\igfxpers.exe" [2011-12-26 440600]

"RTHDVCPL"="c:\program files\Realtek\Audio\HDA\RAVCpl64.exe" [2011-11-14 13353064]

"EvtMgr6"="c:\program files\Logitech\SetPointP\SetPoint.exe" [2011-10-07 1744152]

"LogMeIn GUI"="c:\program files (x86)\LogMeIn\x64\LogMeInSystray.exe" [bU]

.

------- Supplementary Scan -------

.

uStart Page = hxxp://www.bing.com/?pc=MAGW

uLocal Page = c:\windows\system32\blank.htm

mDefault_Page_URL = hxxp://www.bing.com/?pc=MAGW

mStart Page = hxxp://www.bing.com/?pc=MAGW

mLocal Page = c:\windows\SysWOW64\blank.htm

uInternet Settings,ProxyOverride = *.local

IE: Add to Evernote 4.0 - c:\program files (x86)\Evernote\Evernote\EvernoteIE.dll/204

Trusted Zone: mailchimp.com\login

TCP: DhcpNameServer = 192.168.13.1

FF - ProfilePath - c:\users\Stephen\AppData\Roaming\Mozilla\Firefox\Profiles\t9nc1ggn.default\

FF - prefs.js: browser.search.selectedEngine - Yahoo (By Genieo)

FF - prefs.js: browser.startup.homepage - hxxp://yahoo.genieo.com/?v=w3i8

FF - prefs.js: keyword.URL - hxxp://us.yhs4.search.yahoo.com/yhs/search?hspart=w3i&hsimp=yhs-geneiotransfer&type=W3i_IA,206,0_0,StartPage,20120102,18482,0,0,6434&p=

FF - ExtSQL: 2012-11-16 16:28; jid0-HZ5UvAEiWWAxT9TKLuhEgUCARqo@jetpack; c:\users\Stephen\AppData\Roaming\Mozilla\Firefox\Profiles\t9nc1ggn.default\extensions\jid0-HZ5UvAEiWWAxT9TKLuhEgUCARqo@jetpack.xpi

FF - ExtSQL: 2012-11-28 10:54; {DDC359D1-844A-42a7-9AA1-88A850A938A8}; c:\users\Stephen\AppData\Roaming\Mozilla\Firefox\Profiles\t9nc1ggn.default\extensions\{DDC359D1-844A-42a7-9AA1-88A850A938A8}.xpi

FF - ExtSQL: 2012-11-28 10:54; anticontainer@downthemall.net; c:\users\Stephen\AppData\Roaming\Mozilla\Firefox\Profiles\t9nc1ggn.default\extensions\anticontainer@downthemall.net.xpi

.

- - - - ORPHANS REMOVED - - - -

.

Toolbar-Locked - (no file)

.

.

.

--------------------- LOCKED REGISTRY KEYS ---------------------

.

[HKEY_USERS\.Default\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.htm\UserChoice]

@Denied: (2) (LocalSystem)

"Progid"="Opera.HTML"

.

[HKEY_USERS\.Default\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.html\UserChoice]

@Denied: (2) (LocalSystem)

"Progid"="Opera.HTML"

.

[HKEY_USERS\.Default\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.mht\UserChoice]

@Denied: (2) (LocalSystem)

"Progid"="Opera.HTML"

.

[HKEY_USERS\.Default\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.mhtml\UserChoice]

@Denied: (2) (LocalSystem)

"Progid"="Opera.HTML"

.

[HKEY_USERS\.Default\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.xht\UserChoice]

@Denied: (2) (LocalSystem)

"Progid"="Opera.HTML"

.

[HKEY_USERS\.Default\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.xhtm\UserChoice]

@Denied: (2) (LocalSystem)

"Progid"="Opera.HTML"

.

[HKEY_USERS\.Default\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.xhtml\UserChoice]

@Denied: (2) (LocalSystem)

"Progid"="Opera.HTML"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]

@Denied: (A 2) (Everyone)

@="FlashBroker"

"LocalizedString"="@c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_11_5_502_110_ActiveX.exe,-101"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]

"Enabled"=dword:00000001

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]

@="c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_11_5_502_110_ActiveX.exe"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]

@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]

@Denied: (A 2) (Everyone)

@="IFlashBroker5"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]

@="{00020424-0000-0000-C000-000000000046}"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]

@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"

"Version"="1.0"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]

@Denied: (A 2) (Everyone)

@="FlashBroker"

"LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_5_502_110_ActiveX.exe,-101"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]

"Enabled"=dword:00000001

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]

@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_5_502_110_ActiveX.exe"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]

@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]

@Denied: (A 2) (Everyone)

@="Shockwave Flash Object"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]

@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_5_502_110.ocx"

"ThreadingModel"="Apartment"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]

@="0"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]

@="ShockwaveFlash.ShockwaveFlash.11"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]

@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_5_502_110.ocx, 1"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]

@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]

@="1.0"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]

@="ShockwaveFlash.ShockwaveFlash"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]

@Denied: (A 2) (Everyone)

@="Macromedia Flash Factory Object"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]

@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_5_502_110.ocx"

"ThreadingModel"="Apartment"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]

@="FlashFactory.FlashFactory.1"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]

@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_5_502_110.ocx, 1"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]

@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]

@="1.0"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]

@="FlashFactory.FlashFactory"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]

@Denied: (A 2) (Everyone)

@="IFlashBroker5"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]

@="{00020424-0000-0000-C000-000000000046}"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]

@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"

"Version"="1.0"

.

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]

@Denied: (A) (Users)

@Denied: (A) (Everyone)

@Allowed: (B 1 2 3 4 5) (S-1-5-20)

"BlindDial"=dword:00000000

.

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0002\AllUserSettings]

@Denied: (A) (Users)

@Denied: (A) (Everyone)

@Allowed: (B 1 2 3 4 5) (S-1-5-20)

"BlindDial"=dword:00000000

.

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]

@Denied: (Full) (Everyone)

.

------------------------ Other Running Processes ------------------------

.

c:\program files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe

c:\program files (x86)\Bonjour\mDNSResponder.exe

c:\program files (x86)\Common Files\Comscan\Comscan.exe

c:\program files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe

c:\program files (x86)\Google\Update\1.3.21.123\GoogleCrashHandler.exe

c:\program files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe

c:\program files (x86)\GFI Software\VIPRE\LanGuard 10 Agent\Mantle.exe

.

**************************************************************************

.

Completion time: 2012-11-29 09:57:33 - machine was rebooted

ComboFix-quarantined-files.txt 2012-11-29 14:57

ComboFix2.txt 2012-11-23 15:24

.

Pre-Run: 848,509,575,168 bytes free

Post-Run: 849,588,092,928 bytes free

.

- - End Of File - - 1260E52F9B845A46C25F2EB2024DABA6

DDS (Ver_2012-11-20.01) - NTFS_AMD64

Internet Explorer: 9.0.8112.16455 BrowserJavaVersion: 10.9.2

Run by Stephen at 10:25:39 on 2012-11-29

Microsoft Windows 7 Home Premium 6.1.7601.1.1252.1.1033.18.8071.4971 [GMT -5:00]

.

AV: GFI Software VIPRE *Enabled/Updated* {E0D97DD4-42BA-B3F2-A5A7-22E9ACE81FC7}

SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

SP: GFI Software VIPRE *Enabled/Updated* {5BB89C30-6480-BC7C-9F17-199BD76F557A}

FW: GFI Software VIPRE *Enabled* {D8E2FCF1-08D5-B2AA-8EF8-8BDC523B58BC}

.

============== Running Processes ===============

.

C:\Windows\system32\lsm.exe

C:\Windows\system32\svchost.exe -k DcomLaunch

C:\Windows\VPDAgent_x64.exe

C:\Windows\system32\svchost.exe -k RPCSS

C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted

C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted

C:\Windows\system32\svchost.exe -k netsvcs

C:\Program Files (x86)\Common Files\logishrd\LVMVFM\UMVPFSrv.exe

C:\Windows\system32\svchost.exe -k LocalService

C:\Windows\System32\WUDFHost.exe

C:\Windows\system32\svchost.exe -k NetworkService

C:\Windows\System32\spoolsv.exe

C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork

C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe

C:\Program Files (x86)\Microsoft\BingBar\SeaPort.EXE

C:\Program Files (x86)\Bonjour\mDNSResponder.exe

C:\Program Files (x86)\GFI Software\VIPRE\LanGuard 10 Agent\lnssatt.exe

C:\Program Files (x86)\Gateway\Registration\GREGsvc.exe

C:\Program Files\Intel\iCLS Client\HeciServer.exe

C:\Windows\system32\IProsetMonitor.exe

C:\Program Files (x86)\Intel\Intel® Management Engine Components\DAL\jhi_service.exe

C:\Windows\system32\taskhost.exe

C:\Program Files\Gateway\Gateway Updater\UpdaterService.exe

C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe

C:\Program Files (x86)\Google\Update\1.3.21.123\GoogleCrashHandler.exe

C:\Windows\system32\Dwm.exe

C:\Program Files (x86)\Google\Update\1.3.21.123\GoogleCrashHandler64.exe

C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe

C:\Program Files (x86)\GFI Software\VIPRE\SBPIMSvc.exe

C:\Windows\Explorer.EXE

C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe

C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe

C:\ProgramData\Skype\Toolbars\Skype C2C Service\c2c_service.exe

C:\Windows\system32\svchost.exe -k imgsvc

C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe

C:\Program Files (x86)\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE

C:\Program Files (x86)\Common Files\Comscan\Comscan.exe

C:\Windows\System32\WUDFHost.exe

C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation

C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted

C:\Windows\System32\igfxtray.exe

C:\Windows\System32\hkcmd.exe

C:\Windows\System32\igfxpers.exe

C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe

C:\Program Files\Logitech\SetPointP\SetPoint.exe

C:\Program Files (x86)\Google\Drive\googledrivesync.exe

C:\Users\Stephen\AppData\Local\Google\Chrome\Application\chrome.exe

C:\Users\Stephen\AppData\Local\Programs\Google\MusicManager\MusicManager.exe

C:\Program Files (x86)\Spybot - Search & Destroy\TeaTimer.exe

C:\Program Files\Common Files\LogiShrd\KHAL3\KHALMNPR.EXE

C:\Program Files (x86)\Intel\Intel® USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe

C:\Program Files (x86)\GFI Software\VIPRE\SBAMTray.exe

C:\Program Files (x86)\Google\Drive\googledrivesync.exe

C:\Users\Stephen\AppData\Roaming\Dropbox\bin\Dropbox.exe

C:\Program Files (x86)\Evernote\Evernote\EvernoteClipper.exe

C:\Users\Stephen\AppData\Roaming\Insync\App\Insync.exe

C:\Windows\system32\SearchIndexer.exe

C:\Users\Stephen\AppData\Roaming\SQLDriver\SQLDriver.exe

C:\Program Files (x86)\GFI Software\VIPRE\SBAMSvc.exe

C:\Program Files\Windows Media Player\wmpnetwk.exe

C:\Program Files (x86)\GFI Software\VIPRE\LanGuard 10 Agent\Mantle.exe

C:\Windows\System32\svchost.exe -k LocalServicePeerNet

C:\Users\Stephen\AppData\Local\Google\Chrome\Application\chrome.exe

C:\Users\Stephen\AppData\Local\Google\Chrome\Application\chrome.exe

C:\Users\Stephen\AppData\Local\Google\Chrome\Application\chrome.exe

C:\Users\Stephen\AppData\Local\Google\Chrome\Application\chrome.exe

C:\Users\Stephen\AppData\Local\Google\Chrome\Application\chrome.exe

C:\Users\Stephen\AppData\Local\Google\Chrome\Application\chrome.exe

C:\Users\Stephen\AppData\Local\Google\Chrome\Application\chrome.exe

C:\Users\Stephen\AppData\Local\Google\Chrome\Application\chrome.exe

C:\Users\Stephen\AppData\Local\Google\Chrome\Application\chrome.exe

C:\Users\Stephen\AppData\Local\Google\Chrome\Application\chrome.exe

C:\Users\Stephen\AppData\Local\Google\Chrome\Application\chrome.exe

C:\Users\Stephen\AppData\Local\Google\Chrome\Application\chrome.exe

C:\Users\Stephen\AppData\Local\Google\Chrome\Application\chrome.exe

C:\Users\Stephen\AppData\Local\Google\Chrome\Application\chrome.exe

C:\Users\Stephen\AppData\Local\Google\Chrome\Application\chrome.exe

C:\Users\Stephen\AppData\Local\Google\Chrome\Application\chrome.exe

C:\Users\Stephen\AppData\Local\Google\Chrome\Application\chrome.exe

C:\Users\Stephen\AppData\Local\Google\Chrome\Application\chrome.exe

C:\Users\Stephen\AppData\Local\Google\Chrome\Application\chrome.exe

C:\Users\Stephen\AppData\Local\Google\Chrome\Application\chrome.exe

C:\Users\Stephen\AppData\Local\Google\Chrome\Application\chrome.exe

C:\Users\Stephen\AppData\Local\Google\Chrome\Application\chrome.exe

C:\Users\Stephen\AppData\Local\Google\Chrome\Application\chrome.exe

C:\Users\Stephen\AppData\Local\Google\Google Talk Plugin\googletalkplugin.exe

C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe

C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe

C:\Program Files (x86)\Nero\Update\NASvc.exe

C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe

C:\Users\Stephen\AppData\Local\Google\Chrome\Application\chrome.exe

C:\Program Files (x86)\Internet Explorer\iexplore.exe

C:\Program Files (x86)\Internet Explorer\iexplore.exe

C:\Windows\SysWOW64\Macromed\Flash\FlashUtil32_11_5_502_110_ActiveX.exe

C:\Windows\system32\prevhost.exe

C:\Windows\system32\taskeng.exe

C:\Windows\system32\wbem\wmiprvse.exe

C:\Windows\System32\cscript.exe

.

============== Pseudo HJT Report ===============

.

uStart Page = hxxp://www.bing.com/?pc=MAGW

mStart Page = hxxp://www.bing.com/?pc=MAGW

mDefault_Page_URL = hxxp://www.bing.com/?pc=MAGW

BHO: Adobe PDF Link Helper: {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll

BHO: Spybot-S&D IE Protection: {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files (x86)\Spybot - Search & Destroy\SDHelper.dll

BHO: PodcastBHO Class: {65134FDF-F8A5-4B3D-91D9-CDF273CFD578} - C:\Program Files (x86)\Common Files\doubleTwist\IEPodcastPlugin.dll

BHO: Java Plug-In SSV Helper: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll

BHO: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll

BHO: Skype Browser Helper: {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll

BHO: Bing Bar Helper: {d2ce3e00-f94a-4740-988e-03dc2f38c34f} -

BHO: Java Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll

TB: Bing Bar: {8dcb7100-df86-4384-8842-8fa844297b3f} -

uRun: [GoogleDriveSync] "C:\Program Files (x86)\Google\Drive\googledrivesync.exe" /autostart

uRun: [57AD0B2C9906DFDBF54DD87E02C3DCFDD7598BCD._service_run] "C:\Users\Stephen\AppData\Local\Google\Chrome\Application\chrome.exe" --type=service

uRun: [sqlDriver] C:\Users\Stephen\AppData\Roaming\SQLDriver\SQLDriver.exe

uRun: [MusicManager] "C:\Users\Stephen\AppData\Local\Programs\Google\MusicManager\MusicManager.exe"

uRun: [spybotSD TeaTimer] C:\Program Files (x86)\Spybot - Search & Destroy\TeaTimer.exe

mRun: [uSB3MON] "C:\Program Files (x86)\Intel\Intel® USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe"

mRun: [sBAMTray] "C:\Program Files (x86)\GFI Software\VIPRE\SBAMTray.exe"

StartupFolder: C:\Users\Stephen\AppData\Roaming\MICROS~1\Windows\STARTM~1\Programs\Startup\Dropbox.lnk - C:\Users\Stephen\AppData\Roaming\Dropbox\bin\Dropbox.exe

StartupFolder: C:\Users\Stephen\AppData\Roaming\MICROS~1\Windows\STARTM~1\Programs\Startup\EVERNO~1.LNK - C:\Program Files (x86)\Evernote\Evernote\EvernoteClipper.exe

uPolicies-Explorer: NoDrives = dword:0

mPolicies-Explorer: NoDrives = dword:0

mPolicies-System: ConsentPromptBehaviorAdmin = dword:5

mPolicies-System: ConsentPromptBehaviorUser = dword:3

mPolicies-System: EnableUIADesktopToggle = dword:0

IE: Add to Evernote 4.0 - C:\Program Files (x86)\Evernote\Evernote\EvernoteIE.dll/204

IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll

IE: {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll

IE: {A95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\Program Files (x86)\Evernote\Evernote\EvernoteIE.dll/204

IE: {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files (x86)\Spybot - Search & Destroy\SDHelper.dll

.

INFO: HKCU has more than 50 listed domains.

If you wish to scan all of them, select the 'Force scan all domains' option.

.

TCP: NameServer = 192.168.13.1

TCP: Interfaces\{0AE144C0-F63A-4C16-BAA1-A0267DC4DD46} : DHCPNameServer = 192.168.13.1

TCP: Interfaces\{B539F6E0-F6DF-4C88-B72B-2917B5C7AC86} : DHCPNameServer = 192.168.43.1

TCP: Interfaces\{B539F6E0-F6DF-4C88-B72B-2917B5C7AC86}\3516E6964716279657D6 : DHCPNameServer = 192.168.13.1

TCP: Interfaces\{B539F6E0-F6DF-4C88-B72B-2917B5C7AC86}\46F6D656E6963696 : DHCPNameServer = 75.75.75.75 75.75.76.76

Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll

Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll

Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files (x86)\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll

SSODL: WebCheck - <orphaned>

mASetup: Neat ADF Scanner 2008 - reg copy "HKLM\Software\Wow6432Node\The Neat Company\Neat ADF Scanner 2008" "HKCU\Software\The Neat Company\Neat ADF Scanner 2008" /s /f

x64-mStart Page = hxxp://www.bing.com/?pc=MAGW

x64-BHO: Java Plug-In SSV Helper: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre7\bin\ssv.dll

x64-BHO: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll

x64-BHO: Skype add-on for Internet Explorer: {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll

x64-BHO: Java Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll

x64-Run: [igfxTray] C:\Windows\System32\igfxtray.exe

x64-Run: [HotKeysCmds] C:\Windows\System32\hkcmd.exe

x64-Run: [Persistence] C:\Windows\System32\igfxpers.exe

x64-Run: [RTHDVCPL] C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe -s

x64-Run: [EvtMgr6] C:\Program Files\Logitech\SetPointP\SetPoint.exe /launchGaming

x64-Run: [LogMeIn GUI] "C:\Program Files (x86)\LogMeIn\x64\LogMeInSystray.exe"

x64-IE: {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll

x64-Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll

x64-Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - <orphaned>

x64-Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - <orphaned>

x64-Notify: igfxcui - igfxdev.dll

x64-Notify: LBTWlgn - c:\program files\common files\logishrd\bluetooth\LBTWlgn.dll

x64-mASetup: Send To Neat - reg copy "HKLM\Software\The Neat Company\Send To Neat" "HKCU\Software\The Neat Company\Send To Neat" /s /f

.

================= FIREFOX ===================

.

FF - ProfilePath - C:\Users\Stephen\AppData\Roaming\Mozilla\Firefox\Profiles\t9nc1ggn.default\

FF - prefs.js: browser.search.selectedEngine - Yahoo (By Genieo)

FF - prefs.js: browser.startup.homepage - hxxp://yahoo.genieo.com/?v=w3i8

FF - prefs.js: keyword.URL - hxxp://us.yhs4.search.yahoo.com/yhs/search?hspart=w3i&hsimp=yhs-geneiotransfer&type=W3i_IA,206,0_0,StartPage,20120102,18482,0,0,6434&p=

FF - plugin: C:\PROGRA~2\MICROS~4\Office14\NPSPWRAP.DLL

FF - plugin: C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll

FF - plugin: C:\Program Files (x86)\Common Files\doubleTwist\NPPodcast.dll

FF - plugin: C:\Program Files (x86)\Google\Update\1.3.21.123\npGoogleUpdate3.dll

FF - plugin: C:\Program Files (x86)\Intel\Intel® Management Engine Components\IPT\npIntelWebAPIIPT.dll

FF - plugin: C:\Program Files (x86)\Intel\Intel® Management Engine Components\IPT\npIntelWebAPIUpdater.dll

FF - plugin: C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll

FF - plugin: c:\Program Files (x86)\Microsoft Silverlight\4.1.10329.0\npctrlui.dll

FF - plugin: C:\Program Files (x86)\PDFlite\npPdfViewer.dll

FF - plugin: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll

FF - plugin: C:\ProgramData\Best Buy pc app\npBestBuyPcAppDetector.dll

FF - plugin: C:\Users\Stephen\AppData\Local\Google\Update\1.3.21.123\npGoogleUpdate3.dll

FF - plugin: C:\Users\Stephen\AppData\Roaming\Mozilla\plugins\npgoogletalk.dll

FF - plugin: C:\Users\Stephen\AppData\Roaming\Mozilla\plugins\npgtpo3dautoplugin.dll

FF - plugin: C:\Windows\System32\Wat\npWatWeb.dll

FF - plugin: C:\Windows\SysWOW64\Adobe\Director\np32dsw_1168638.dll

FF - plugin: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_5_502_110.dll

FF - plugin: C:\Windows\SysWOW64\npDeployJava1.dll

FF - plugin: C:\Windows\SysWOW64\npmproxy.dll

FF - ExtSQL: 2012-11-16 16:28; jid0-HZ5UvAEiWWAxT9TKLuhEgUCARqo@jetpack; C:\Users\Stephen\AppData\Roaming\Mozilla\Firefox\Profiles\t9nc1ggn.default\extensions\jid0-HZ5UvAEiWWAxT9TKLuhEgUCARqo@jetpack.xpi

FF - ExtSQL: 2012-11-28 10:54; {DDC359D1-844A-42a7-9AA1-88A850A938A8}; C:\Users\Stephen\AppData\Roaming\Mozilla\Firefox\Profiles\t9nc1ggn.default\extensions\{DDC359D1-844A-42a7-9AA1-88A850A938A8}.xpi

FF - ExtSQL: 2012-11-28 10:54; anticontainer@downthemall.net; C:\Users\Stephen\AppData\Roaming\Mozilla\Firefox\Profiles\t9nc1ggn.default\extensions\anticontainer@downthemall.net.xpi

.

============= SERVICES / DRIVERS ===============

.

R0 iusb3hcs;Intel® USB 3.0 Host Controller Switch Driver;C:\Windows\System32\drivers\iusb3hcs.sys [2012-4-5 16152]

R1 SbFw;SbFw;C:\Windows\System32\drivers\SbFw.sys [2012-9-11 258848]

R2 Agent;VPDAgent;C:\Windows\VPDAgent_x64.exe [2012-11-12 148480]

R2 BBUpdate;BBUpdate;C:\Program Files (x86)\Microsoft\BingBar\SeaPort.EXE [2011-5-12 249648]

R2 cvhsvc;Client Virtualization Handler;C:\Program Files (x86)\Common Files\microsoft shared\Virtualization Handler\CVHSVC.EXE [2012-1-4 822624]

R2 gfi_lanss10_attservice;GFI LanGuard 10 Attendant Service;C:\Program Files (x86)\GFI Software\VIPRE\LanGuard 10 Agent\lnssatt.exe [2012-9-12 115568]

R2 GREGService;GREGService;C:\Program Files (x86)\Gateway\Registration\GREGsvc.exe [2012-2-29 28264]

R2 IAStorDataMgrSvc;Intel® Rapid Storage Technology;C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe [2012-9-10 13592]

R2 Intel® Capability Licensing Service Interface;Intel® Capability Licensing Service Interface;C:\Program Files\Intel\iCLS Client\HeciServer.exe [2012-2-3 628448]

R2 Intel® PROSet Monitoring Service;Intel® PROSet Monitoring Service;C:\Windows\System32\IPROSetMonitor.exe [2012-9-26 189608]

R2 iPodDrv;iPodDrv;C:\Windows\System32\drivers\iPodDrv.sys [2011-7-27 14952]

R2 jhi_service;Intel® Dynamic Application Loader Host Interface Service;C:\Program Files (x86)\Intel\Intel® Management Engine Components\DAL\Jhi_service.exe [2012-9-10 161560]

R2 Live Updater Service;Live Updater Service;C:\Program Files\Gateway\Gateway Updater\UpdaterService.exe [2012-4-5 255376]

R2 LMIRfsDriver;LogMeIn Remote File System Driver;C:\Windows\System32\drivers\LMIRfsDriver.sys [2012-10-3 72216]

R2 MBAMScheduler;MBAMScheduler;C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe [2012-9-15 399432]

R2 MBAMService;MBAMService;C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [2012-9-15 676936]

R2 NAUpdate;Nero Update;C:\Program Files (x86)\Nero\Update\NASvc.exe [2011-3-29 598312]

R2 SBAMSvc;VIPRE Internet Security;C:\Program Files (x86)\GFI Software\VIPRE\SBAMSvc.exe [2012-9-20 3677000]

R2 sbapifs;sbapifs;C:\Windows\System32\drivers\sbapifs.sys [2012-9-12 82872]

R2 SBPIMSvc;SB Recovery Service;C:\Program Files (x86)\GFI Software\VIPRE\SBPIMSvc.exe [2012-9-20 175496]

R2 sftlist;Application Virtualization Client;C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe [2011-10-1 508776]

R2 Skype C2C Service;Skype C2C Service;C:\ProgramData\Skype\Toolbars\Skype C2C Service\c2c_service.exe [2012-10-2 3064000]

R2 UMVPFSrv;UMVPFSrv;C:\Program Files (x86)\Common Files\LogiShrd\LVMVFM\UMVPFSrv.exe [2012-1-18 450848]

R2 UNS;Intel® Management and Security Application User Notification Service;C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe [2012-9-10 363800]

R3 dg_ssudbus;SAMSUNG Mobile USB Composite Device Driver (DEVGURU Ver.);C:\Windows\System32\drivers\ssudbus.sys [2012-7-30 102240]

R3 IntcDAud;Intel® Display Audio;C:\Windows\System32\drivers\IntcDAud.sys [2012-4-5 331264]

R3 iusb3hub;Intel® USB 3.0 Hub Driver;C:\Windows\System32\drivers\iusb3hub.sys [2012-4-5 355096]

R3 iusb3xhc;Intel® USB 3.0 eXtensible Host Controller Driver;C:\Windows\System32\drivers\iusb3xhc.sys [2012-4-5 785688]

R3 LVRS64;Logitech RightSound Filter Driver;C:\Windows\System32\drivers\lvrs64.sys [2012-1-18 351136]

R3 LVUVC64;Logitech HD Webcam C310(UVC);C:\Windows\System32\drivers\lvuvc64.sys [2012-1-18 4865568]

R3 MBAMProtector;MBAMProtector;C:\Windows\System32\drivers\mbam.sys [2012-9-15 25928]

R3 SBFWIMCLMP;GFI Software Firewall NDIS IM Filter Miniport;C:\Windows\System32\drivers\SbFwIm.sys [2012-9-11 120064]

R3 sbwtis;sbwtis;C:\Windows\System32\drivers\sbwtis.sys [2012-9-20 86816]

R3 Sftfs;Sftfs;C:\Windows\System32\drivers\Sftfslh.sys [2011-10-1 764264]

R3 Sftplay;Sftplay;C:\Windows\System32\drivers\Sftplaylh.sys [2011-10-1 268648]

R3 Sftredir;Sftredir;C:\Windows\System32\drivers\Sftredirlh.sys [2011-10-1 25960]

R3 Sftvol;Sftvol;C:\Windows\System32\drivers\Sftvollh.sys [2011-10-1 22376]

R3 sftvsa;Application Virtualization Service Agent;C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe [2011-10-1 219496]

R3 ssudmdm;SAMSUNG Mobile USB Modem Drivers (DEVGURU Ver.);C:\Windows\System32\drivers\ssudmdm.sys [2012-7-30 203104]

S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]

S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-3-18 138576]

S2 SkypeUpdate;Skype Updater;C:\Program Files (x86)\Skype\Updater\Updater.exe [2012-10-19 160944]

S3 BBSvc;Bing Bar Update Service;C:\Program Files (x86)\Microsoft\BingBar\BBSvc.EXE [2011-6-7 191752]

S3 gfiark;gfiark;C:\Windows\System32\drivers\gfiark.sys [2012-11-8 35456]

S3 netr28x;Ralink 802.11n Extensible Wireless Driver;C:\Windows\System32\drivers\netr28x.sys [2012-4-5 1488448]

S3 pneteth;PdaNet Broadband;C:\Windows\System32\drivers\pneteth.sys [2012-9-15 15360]

S3 SBFWIMCL;GFI Software Firewall NDIS IM Filter Service;C:\Windows\System32\drivers\SbFwIm.sys [2012-9-11 120064]

S3 SbHips;SbHips;C:\Windows\System32\drivers\sbhips.sys [2012-9-11 61216]

S3 TsUsbFlt;TsUsbFlt;C:\Windows\System32\drivers\TsUsbFlt.sys [2010-11-20 59392]

S3 TsUsbGD;Remote Desktop Generic USB Device;C:\Windows\System32\drivers\TsUsbGD.sys [2010-11-20 31232]

S3 WatAdminSvc;Windows Activation Technologies Service;C:\Windows\System32\Wat\WatAdminSvc.exe [2012-9-12 1255736]

S4 wlcrasvc;Windows Live Mesh remote connections service;C:\Program Files\Windows Live\Mesh\wlcrasvc.exe [2010-9-22 57184]

.

=============== Created Last 30 ================

.

2012-11-29 14:55:13 -------- d-sh--w- C:\$RECYCLE.BIN

2012-11-26 12:22:23 -------- d-----w- C:\Users\Stephen\AppData\Local\TechSmith

2012-11-26 12:22:16 -------- d-----w- C:\Users\Stephen\AppData\Roaming\TechSmith

2012-11-26 12:20:45 -------- d-----w- C:\Program Files (x86)\Common Files\TechSmith Shared

2012-11-26 04:59:10 -------- d-----w- C:\Users\Stephen\AppData\Local\Torch

2012-11-26 04:56:45 -------- d-----w- C:\Users\Stephen\AppData\Local\iLivid

2012-11-23 16:02:45 262112 ----a-w- C:\Program Files (x86)\Mozilla Firefox\components\browsercomps.dll

2012-11-16 15:14:01 785512 ----a-w- C:\Windows\System32\drivers\Wdf01000.sys

2012-11-16 15:14:01 2560 ----a-w- C:\Windows\System32\drivers\en-US\wdf01000.sys.mui

2012-11-16 15:14:00 9728 ----a-w- C:\Windows\System32\Wdfres.dll

2012-11-16 15:14:00 54376 ----a-w- C:\Windows\System32\drivers\WdfLdr.sys

2012-11-16 15:10:36 87040 ----a-w- C:\Windows\System32\drivers\WUDFPf.sys

2012-11-16 15:10:36 84992 ----a-w- C:\Windows\System32\WUDFSvc.dll

2012-11-16 15:10:36 744448 ----a-w- C:\Windows\System32\WUDFx.dll

2012-11-16 15:10:36 45056 ----a-w- C:\Windows\System32\WUDFCoinstaller.dll

2012-11-16 15:10:36 229888 ----a-w- C:\Windows\System32\WUDFHost.exe

2012-11-16 15:10:36 198656 ----a-w- C:\Windows\System32\drivers\WUDFRd.sys

2012-11-16 15:10:36 194048 ----a-w- C:\Windows\System32\WUDFPlatform.dll

2012-11-12 23:49:25 87040 ----a-w- C:\Windows\System32\redmonnt.dll

2012-11-12 23:49:25 46080 ----a-w- C:\Windows\System32\unredmon.exe

2012-11-12 23:49:23 -------- d-----w- C:\Program Files (x86)\PDFlite

2012-11-12 23:39:20 148480 ----a-w- C:\Windows\VPDAgent_x64.exe

2012-11-12 23:39:19 -------- d-----w- C:\Program Files\Send To Neat

2012-11-12 23:39:15 54784 ----a-w- C:\Windows\System32\sdtnpm.dll

2012-11-12 14:56:17 -------- d-----w- C:\ProgramData\Spybot - Search & Destroy

2012-11-12 14:56:17 -------- d-----w- C:\Program Files (x86)\Spybot - Search & Destroy

2012-11-12 14:49:41 -------- d-----w- C:\Users\Stephen\AppData\Local\jZip

2012-11-12 14:49:29 -------- d-----w- C:\Program Files (x86)\jZip

2012-11-09 16:32:42 -------- d-----w- C:\Users\Stephen\AppData\Local\join.me

2012-11-08 09:00:00 35456 ----a-w- C:\Windows\System32\drivers\gfiark.sys

2012-11-07 02:31:34 -------- d-----w- C:\Users\Stephen\AppData\Local\{AE704BD6-A1D8-4DEF-85CF-CC30E0BB9B0B}

2012-11-02 21:22:12 108008 ----a-w- C:\Windows\System32\WindowsAccessBridge-64.dll

2012-11-02 21:21:40 95208 ----a-w- C:\Windows\SysWow64\WindowsAccessBridge-32.dll

2012-11-01 13:22:54 -------- d-----w- C:\Users\Stephen\AppData\Roaming\SQLUpdate

2012-11-01 13:21:59 -------- d-----w- C:\Users\Stephen\AppData\Roaming\SQLDriver

.

==================== Find3M ====================

.

2012-11-29 14:34:59 18960 ----a-w- C:\Windows\System32\drivers\LNonPnP.sys

2012-11-09 11:42:54 73656 ----a-w- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl

2012-11-09 11:42:54 697272 ----a-w- C:\Windows\SysWow64\FlashPlayerApp.exe

2012-11-02 21:22:09 916456 ----a-w- C:\Windows\System32\deployJava1.dll

2012-11-02 21:22:09 1034216 ----a-w- C:\Windows\System32\npDeployJava1.dll

2012-11-02 21:21:37 821736 ----a-w- C:\Windows\SysWow64\npDeployJava1.dll

2012-11-02 21:21:37 746984 ----a-w- C:\Windows\SysWow64\deployJava1.dll

2012-10-18 18:25:58 3149824 ----a-w- C:\Windows\System32\win32k.sys

2012-10-16 08:38:37 135168 ----a-w- C:\Windows\apppatch\AppPatch64\AcXtrnal.dll

2012-10-16 08:38:34 350208 ----a-w- C:\Windows\apppatch\AppPatch64\AcLayers.dll

2012-10-16 07:39:52 561664 ----a-w- C:\Windows\apppatch\AcLayers.dll

2012-10-09 18:17:13 55296 ----a-w- C:\Windows\System32\dhcpcsvc6.dll

2012-10-09 18:17:13 226816 ----a-w- C:\Windows\System32\dhcpcore6.dll

2012-10-09 17:40:31 44032 ----a-w- C:\Windows\SysWow64\dhcpcsvc6.dll

2012-10-09 17:40:31 193536 ----a-w- C:\Windows\SysWow64\dhcpcore6.dll

2012-10-08 11:31:03 2312704 ----a-w- C:\Windows\System32\jscript9.dll

2012-10-08 11:23:52 1392128 ----a-w- C:\Windows\System32\wininet.dll

2012-10-08 11:22:55 1494528 ----a-w- C:\Windows\System32\inetcpl.cpl

2012-10-08 11:18:22 173056 ----a-w- C:\Windows\System32\ieUnatt.exe

2012-10-08 11:17:35 599040 ----a-w- C:\Windows\System32\vbscript.dll

2012-10-08 11:13:33 2382848 ----a-w- C:\Windows\System32\mshtml.tlb

2012-10-08 07:56:24 1800704 ----a-w- C:\Windows\SysWow64\jscript9.dll

2012-10-08 07:48:03 1129472 ----a-w- C:\Windows\SysWow64\wininet.dll

2012-10-08 07:47:44 1427968 ----a-w- C:\Windows\SysWow64\inetcpl.cpl

2012-10-08 07:44:05 142848 ----a-w- C:\Windows\SysWow64\ieUnatt.exe

2012-10-08 07:43:21 420864 ----a-w- C:\Windows\SysWow64\vbscript.dll

2012-10-08 07:40:56 2382848 ----a-w- C:\Windows\SysWow64\mshtml.tlb

2012-10-03 17:56:54 1914248 ----a-w- C:\Windows\System32\drivers\tcpip.sys

2012-10-03 17:44:21 70656 ----a-w- C:\Windows\System32\nlaapi.dll

2012-10-03 17:44:21 303104 ----a-w- C:\Windows\System32\nlasvc.dll

2012-10-03 17:44:17 246272 ----a-w- C:\Windows\System32\netcorehc.dll

2012-10-03 17:44:17 18944 ----a-w- C:\Windows\System32\netevent.dll

2012-10-03 17:44:16 216576 ----a-w- C:\Windows\System32\ncsi.dll

2012-10-03 17:42:16 569344 ----a-w- C:\Windows\System32\iphlpsvc.dll

2012-10-03 16:42:24 18944 ----a-w- C:\Windows\SysWow64\netevent.dll

2012-10-03 16:42:24 175104 ----a-w- C:\Windows\SysWow64\netcorehc.dll

2012-10-03 16:42:23 156672 ----a-w- C:\Windows\SysWow64\ncsi.dll

2012-10-03 16:07:26 45568 ----a-w- C:\Windows\System32\drivers\tcpipreg.sys

2012-09-29 23:54:26 25928 ----a-w- C:\Windows\System32\drivers\mbam.sys

2012-09-26 20:55:59 337608 ----a-w- C:\Windows\System32\PROUnstl.exe

2012-09-26 20:55:36 316064 ----a-w- C:\Windows\System32\PRONtObj.dll

2012-09-26 20:55:35 162152 ----a-w- C:\Windows\System32\drivers\iANSW60e.sys

2012-09-25 22:47:43 78336 ----a-w- C:\Windows\SysWow64\synceng.dll

2012-09-25 22:46:17 95744 ----a-w- C:\Windows\System32\synceng.dll

2012-09-20 09:40:04 47496 ----a-w- C:\Windows\SysWow64\sbbd.exe

2012-09-20 09:40:04 47496 ----a-w- C:\Windows\System32\sbbd.exe

2012-09-20 09:11:58 86816 ----a-w- C:\Windows\System32\drivers\sbwtis.sys

2012-09-20 09:11:58 61216 ----a-w- C:\Windows\System32\drivers\sbhips.sys

2012-09-20 09:11:58 258848 ----a-w- C:\Windows\System32\drivers\SbFw.sys

2012-09-18 21:55:55 110602 ----a-w- C:\Windows\News Rover Uninstaller.exe

2012-09-14 19:19:29 2048 ----a-w- C:\Windows\System32\tzres.dll

2012-09-14 18:28:53 2048 ----a-w- C:\Windows\SysWow64\tzres.dll

2012-09-13 00:19:42 634560 ----a-w- C:\Windows\SysWow64\XceedZip.dll

2012-09-13 00:19:38 82872 ----a-w- C:\Windows\System32\drivers\sbapifs.sys

2012-09-13 00:19:34 120064 ----a-w- C:\Windows\System32\drivers\SbFwIm.sys

2012-09-10 23:42:20 499712 ----a-w- C:\Windows\SysWow64\msvcp71.dll

2012-09-10 23:42:20 348160 ----a-w- C:\Windows\SysWow64\msvcr71.dll

2012-09-10 23:42:20 29480 ----a-w- C:\Windows\SysWow64\msxml3a.dll

2012-08-31 18:19:35 1659760 ----a-w- C:\Windows\System32\drivers\ntfs.sys

.

============= FINISH: 10:26:04.28 ===============

Link to post
Share on other sites

  • Staff

Hi,

Run TFC by OldTimer to clear temporary files:

  • Please download TFC from here and save it to your desktop.
  • Close any open programs and Internet browsers.
  • Double click TFC.exe to run it and once it opens click on the Start button on the lower left of the program to allow it to begin cleaning.
  • Please be patient as clearing out temp files may take a while.
  • Once it completes you may be prompted to restart your computer, please do so.
  • Once it's finished you may delete TFC.exe from your Desktop or save it for later use for the cleaning of temporary files.

  • Download the file TDSSKiller.zip and extract it into a folder on the infected PC.
  • Execute the file TDSSKiller.exe by double-clicking on it.
  • Wait for the scan and disinfection process to be over.
  • When its work is over, the utility prompts for a reboot to complete the disinfection.

By default, the utility outputs runtime log into the system disk root directory (the disk where the operating system is installed, C:\ as a rule).

The log is like UtilityName.Version_Date_Time_log.txt.

for example, C:\TDSSKiller.2.2.0_20.12.2009_15.31.43_log.txt.

Please post that log here.

Next, please run a free online scan with the ESET Online Scanner

Note: You will need to use Internet Explorer for this scan.

  1. Tick the box next to YES, I accept the Terms of Use.
  2. Click Start
  3. When asked, allow the ActiveX control to install
  4. Click Start
  5. Make sure that the options Remove found threats and the option Scan unwanted applications is checked
  6. Click Scan
    Wait for the scan to finish
  7. Export the threats found (if any), and post them here.

Next, please download AdwCleaner by Xplode onto your Desktop.

  • Double click on AdwCleaner.exe to run the tool.
  • Click on Search.
  • A logfile will automatically open after the scan has finished.
  • Please post the content of that logfile in your reply.
  • You can find the logfile at C:\AdwCleaner[Rn].txt as well - n is the order number.

Next, download my Security Check from here.

  • Save it to your Desktop.
  • Double click SecurityCheck.exe and follow the onscreen instructions inside of the black box.
  • A Notepad document should open automatically called checkup.txt; please post the contents of that document.

Let me know how things are running now and what issues remain.

-screen317

Link to post
Share on other sites

08:46:13.0362 3408 TDSS rootkit removing tool 2.8.15.0 Oct 31 2012 21:47:35

08:46:13.0698 3408 ============================================================

08:46:13.0698 3408 Current date / time: 2012/12/03 08:46:13.0698

08:46:13.0698 3408 SystemInfo:

08:46:13.0698 3408

08:46:13.0698 3408 OS Version: 6.1.7601 ServicePack: 1.0

08:46:13.0698 3408 Product type: Workstation

08:46:13.0698 3408 ComputerName: GATEWAYWORK

08:46:13.0698 3408 UserName: Stephen

08:46:13.0698 3408 Windows directory: C:\Windows

08:46:13.0698 3408 System windows directory: C:\Windows

08:46:13.0698 3408 Running under WOW64

08:46:13.0698 3408 Processor architecture: Intel x64

08:46:13.0698 3408 Number of processors: 4

08:46:13.0698 3408 Page size: 0x1000

08:46:13.0698 3408 Boot type: Normal boot

08:46:13.0698 3408 ============================================================

08:46:14.0824 3408 Drive \Device\Harddisk0\DR0 - Size: 0xE8E0DB6000 (931.51 Gb), SectorSize: 0x200, Cylinders: 0x1DB01, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000040

08:46:14.0840 3408 ============================================================

08:46:14.0840 3408 \Device\Harddisk0\DR0:

08:46:14.0840 3408 MBR partitions:

08:46:14.0840 3408 \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x1C00800, BlocksNum 0x32000

08:46:14.0840 3408 \Device\Harddisk0\DR0\Partition2: MBR, Type 0x7, StartLBA 0x1C32800, BlocksNum 0x72AD3800

08:46:14.0840 3408 ============================================================

08:46:14.0857 3408 C: <-> \Device\Harddisk0\DR0\Partition2

08:46:14.0857 3408 ============================================================

08:46:14.0857 3408 Initialize success

08:46:14.0857 3408 ============================================================

08:47:25.0010 6140 ============================================================

08:47:25.0010 6140 Scan started

08:47:25.0010 6140 Mode: Manual;

08:47:25.0010 6140 ============================================================

08:47:25.0225 6140 ================ Scan system memory ========================

08:47:25.0225 6140 System memory - ok

08:47:25.0225 6140 ================ Scan services =============================

08:47:25.0367 6140 [ A87D604AEA360176311474C87A63BB88 ] 1394ohci C:\Windows\system32\drivers\1394ohci.sys

08:47:25.0370 6140 1394ohci - ok

08:47:25.0381 6140 [ D81D9E70B8A6DD14D42D7B4EFA65D5F2 ] ACPI C:\Windows\system32\drivers\ACPI.sys

08:47:25.0383 6140 ACPI - ok

08:47:25.0409 6140 [ 99F8E788246D495CE3794D7E7821D2CA ] AcpiPmi C:\Windows\system32\drivers\acpipmi.sys

08:47:25.0411 6140 AcpiPmi - ok

08:47:25.0486 6140 [ D19C4EE2AC7C47B8F5F84FFF1A789D8A ] AdobeARMservice C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe

08:47:25.0488 6140 AdobeARMservice - ok

08:47:25.0563 6140 [ 0CB0AA071C7B86A64F361DCFDF357329 ] AdobeFlashPlayerUpdateSvc C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe

08:47:25.0563 6140 AdobeFlashPlayerUpdateSvc - ok

08:47:25.0583 6140 [ 2F6B34B83843F0C5118B63AC634F5BF4 ] adp94xx C:\Windows\system32\drivers\adp94xx.sys

08:47:25.0588 6140 adp94xx - ok

08:47:25.0608 6140 [ 597F78224EE9224EA1A13D6350CED962 ] adpahci C:\Windows\system32\drivers\adpahci.sys

08:47:25.0613 6140 adpahci - ok

08:47:25.0628 6140 [ E109549C90F62FB570B9540C4B148E54 ] adpu320 C:\Windows\system32\drivers\adpu320.sys

08:47:25.0633 6140 adpu320 - ok

08:47:25.0643 6140 [ 4B78B431F225FD8624C5655CB1DE7B61 ] AeLookupSvc C:\Windows\System32\aelupsvc.dll

08:47:25.0648 6140 AeLookupSvc - ok

08:47:25.0667 6140 [ 1C7857B62DE5994A75B054A9FD4C3825 ] AFD C:\Windows\system32\drivers\afd.sys

08:47:25.0671 6140 AFD - ok

08:47:25.0721 6140 [ 8492D198CA7B91202816A23F7230D11B ] Agent C:\Windows\VPDAgent_x64.exe

08:47:25.0722 6140 Agent - ok

08:47:25.0734 6140 [ 608C14DBA7299D8CB6ED035A68A15799 ] agp440 C:\Windows\system32\drivers\agp440.sys

08:47:25.0736 6140 agp440 - ok

08:47:25.0751 6140 [ 3290D6946B5E30E70414990574883DDB ] ALG C:\Windows\System32\alg.exe

08:47:25.0753 6140 ALG - ok

08:47:25.0768 6140 [ 5812713A477A3AD7363C7438CA2EE038 ] aliide C:\Windows\system32\drivers\aliide.sys

08:47:25.0770 6140 aliide - ok

08:47:25.0778 6140 [ 1FF8B4431C353CE385C875F194924C0C ] amdide C:\Windows\system32\drivers\amdide.sys

08:47:25.0780 6140 amdide - ok

08:47:25.0791 6140 [ 7024F087CFF1833A806193EF9D22CDA9 ] AmdK8 C:\Windows\system32\drivers\amdk8.sys

08:47:25.0793 6140 AmdK8 - ok

08:47:25.0798 6140 [ 1E56388B3FE0D031C44144EB8C4D6217 ] AmdPPM C:\Windows\system32\drivers\amdppm.sys

08:47:25.0800 6140 AmdPPM - ok

08:47:25.0805 6140 [ D4121AE6D0C0E7E13AA221AA57EF2D49 ] amdsata C:\Windows\system32\drivers\amdsata.sys

08:47:25.0807 6140 amdsata - ok

08:47:25.0819 6140 [ F67F933E79241ED32FF46A4F29B5120B ] amdsbs C:\Windows\system32\drivers\amdsbs.sys

08:47:25.0821 6140 amdsbs - ok

08:47:25.0828 6140 [ 540DAF1CEA6094886D72126FD7C33048 ] amdxata C:\Windows\system32\drivers\amdxata.sys

08:47:25.0828 6140 amdxata - ok

08:47:25.0845 6140 [ 89A69C3F2F319B43379399547526D952 ] AppID C:\Windows\system32\drivers\appid.sys

08:47:25.0847 6140 AppID - ok

08:47:25.0860 6140 [ 0BC381A15355A3982216F7172F545DE1 ] AppIDSvc C:\Windows\System32\appidsvc.dll

08:47:25.0862 6140 AppIDSvc - ok

08:47:25.0892 6140 [ 3977D4A871CA0D4F2ED1E7DB46829731 ] Appinfo C:\Windows\System32\appinfo.dll

08:47:25.0893 6140 Appinfo - ok

08:47:25.0929 6140 [ C484F8CEB1717C540242531DB7845C4E ] arc C:\Windows\system32\drivers\arc.sys

08:47:25.0931 6140 arc - ok

08:47:25.0933 6140 [ 019AF6924AEFE7839F61C830227FE79C ] arcsas C:\Windows\system32\drivers\arcsas.sys

08:47:25.0934 6140 arcsas - ok

08:47:25.0961 6140 [ 769765CE2CC62867468CEA93969B2242 ] AsyncMac C:\Windows\system32\DRIVERS\asyncmac.sys

08:47:25.0967 6140 AsyncMac - ok

08:47:26.0010 6140 [ 02062C0B390B7729EDC9E69C680A6F3C ] atapi C:\Windows\system32\drivers\atapi.sys

08:47:26.0010 6140 atapi - ok

08:47:26.0025 6140 [ F23FEF6D569FCE88671949894A8BECF1 ] AudioEndpointBuilder C:\Windows\System32\Audiosrv.dll

08:47:26.0030 6140 AudioEndpointBuilder - ok

08:47:26.0036 6140 [ F23FEF6D569FCE88671949894A8BECF1 ] AudioSrv C:\Windows\System32\Audiosrv.dll

08:47:26.0039 6140 AudioSrv - ok

08:47:26.0085 6140 [ A6BF31A71B409DFA8CAC83159E1E2AFF ] AxInstSV C:\Windows\System32\AxInstSV.dll

08:47:26.0087 6140 AxInstSV - ok

08:47:26.0103 6140 [ 3E5B191307609F7514148C6832BB0842 ] b06bdrv C:\Windows\system32\drivers\bxvbda.sys

08:47:26.0107 6140 b06bdrv - ok

08:47:26.0136 6140 [ B5ACE6968304A3900EEB1EBFD9622DF2 ] b57nd60a C:\Windows\system32\DRIVERS\b57nd60a.sys

08:47:26.0138 6140 b57nd60a - ok

08:47:26.0175 6140 [ 87F3BCF82A63E900AF896CD930BF7E05 ] BBSvc C:\Program Files (x86)\Microsoft\BingBar\BBSvc.EXE

08:47:26.0177 6140 BBSvc - ok

08:47:26.0203 6140 [ 78779EE07231C658B483B1F38B5088DF ] BBUpdate C:\Program Files (x86)\Microsoft\BingBar\SeaPort.EXE

08:47:26.0204 6140 BBUpdate - ok

08:47:26.0214 6140 [ FDE360167101B4E45A96F939F388AEB0 ] BDESVC C:\Windows\System32\bdesvc.dll

08:47:26.0216 6140 BDESVC - ok

08:47:26.0225 6140 [ 16A47CE2DECC9B099349A5F840654746 ] Beep C:\Windows\system32\drivers\Beep.sys

08:47:26.0227 6140 Beep - ok

08:47:26.0297 6140 [ 82974D6A2FD19445CC5171FC378668A4 ] BFE C:\Windows\System32\bfe.dll

08:47:26.0303 6140 BFE - ok

08:47:26.0341 6140 [ 1EA7969E3271CBC59E1730697DC74682 ] BITS C:\Windows\system32\qmgr.dll

08:47:26.0348 6140 BITS - ok

08:47:26.0353 6140 [ 61583EE3C3A17003C4ACD0475646B4D3 ] blbdrive C:\Windows\system32\drivers\blbdrive.sys

08:47:26.0354 6140 blbdrive - ok

08:47:26.0406 6140 [ 5AB58C337AC65837FE404462AD6265AB ] Bonjour Service C:\Program Files (x86)\Bonjour\mDNSResponder.exe

08:47:26.0408 6140 Bonjour Service - ok

08:47:26.0430 6140 [ 6C02A83164F5CC0A262F4199F0871CF5 ] bowser C:\Windows\system32\DRIVERS\bowser.sys

08:47:26.0432 6140 bowser - ok

08:47:26.0444 6140 [ F09EEE9EDC320B5E1501F749FDE686C8 ] BrFiltLo C:\Windows\system32\drivers\BrFiltLo.sys

08:47:26.0446 6140 BrFiltLo - ok

08:47:26.0453 6140 [ B114D3098E9BDB8BEA8B053685831BE6 ] BrFiltUp C:\Windows\system32\drivers\BrFiltUp.sys

08:47:26.0454 6140 BrFiltUp - ok

08:47:26.0463 6140 [ 5C2F352A4E961D72518261257AAE204B ] BridgeMP C:\Windows\system32\DRIVERS\bridge.sys

08:47:26.0465 6140 BridgeMP - ok

08:47:26.0511 6140 [ 05F5A0D14A2EE1D8255C2AA0E9E8E694 ] Browser C:\Windows\System32\browser.dll

08:47:26.0514 6140 Browser - ok

08:47:26.0527 6140 [ 43BEA8D483BF1870F018E2D02E06A5BD ] Brserid C:\Windows\system32\DRIVERS\BrSerId.sys

08:47:26.0530 6140 Brserid - ok

08:47:26.0541 6140 [ A6ECA2151B08A09CACECA35C07F05B42 ] BrSerWdm C:\Windows\System32\Drivers\BrSerWdm.sys

08:47:26.0543 6140 BrSerWdm - ok

08:47:26.0550 6140 [ B79968002C277E869CF38BD22CD61524 ] BrUsbMdm C:\Windows\System32\Drivers\BrUsbMdm.sys

08:47:26.0552 6140 BrUsbMdm - ok

08:47:26.0566 6140 [ A87528880231C54E75EA7A44943B38BF ] BrUsbSer C:\Windows\system32\DRIVERS\BrUsbSer.sys

08:47:26.0568 6140 BrUsbSer - ok

08:47:26.0576 6140 [ 9DA669F11D1F894AB4EB69BF546A42E8 ] BTHMODEM C:\Windows\system32\drivers\bthmodem.sys

08:47:26.0578 6140 BTHMODEM - ok

08:47:26.0586 6140 [ 95F9C2976059462CBBF227F7AAB10DE9 ] bthserv C:\Windows\system32\bthserv.dll

08:47:26.0587 6140 bthserv - ok

08:47:26.0610 6140 catchme - ok

08:47:26.0643 6140 [ B8BD2BB284668C84865658C77574381A ] cdfs C:\Windows\system32\DRIVERS\cdfs.sys

08:47:26.0645 6140 cdfs - ok

08:47:26.0655 6140 [ F036CE71586E93D94DAB220D7BDF4416 ] cdrom C:\Windows\system32\DRIVERS\cdrom.sys

08:47:26.0656 6140 cdrom - ok

08:47:26.0694 6140 [ F17D1D393BBC69C5322FBFAFACA28C7F ] CertPropSvc C:\Windows\System32\certprop.dll

08:47:26.0697 6140 CertPropSvc - ok

08:47:26.0713 6140 [ D7CD5C4E1B71FA62050515314CFB52CF ] circlass C:\Windows\system32\drivers\circlass.sys

08:47:26.0715 6140 circlass - ok

08:47:26.0732 6140 [ FE1EC06F2253F691FE36217C592A0206 ] CLFS C:\Windows\system32\CLFS.sys

08:47:26.0734 6140 CLFS - ok

08:47:26.0770 6140 [ D88040F816FDA31C3B466F0FA0918F29 ] clr_optimization_v2.0.50727_32 C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe

08:47:26.0781 6140 clr_optimization_v2.0.50727_32 - ok

08:47:26.0807 6140 [ D1CEEA2B47CB998321C579651CE3E4F8 ] clr_optimization_v2.0.50727_64 C:\Windows\Microsoft.NET\Framework64\v2.0.50727\mscorsvw.exe

08:47:26.0810 6140 clr_optimization_v2.0.50727_64 - ok

08:47:26.0836 6140 [ C5A75EB48E2344ABDC162BDA79E16841 ] clr_optimization_v4.0.30319_32 C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe

08:47:26.0853 6140 clr_optimization_v4.0.30319_32 - ok

08:47:26.0880 6140 [ C6F9AF94DCD58122A4D7E89DB6BED29D ] clr_optimization_v4.0.30319_64 C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe

08:47:26.0881 6140 clr_optimization_v4.0.30319_64 - ok

08:47:26.0888 6140 [ 0840155D0BDDF1190F84A663C284BD33 ] CmBatt C:\Windows\system32\drivers\CmBatt.sys

08:47:26.0890 6140 CmBatt - ok

08:47:26.0900 6140 [ E19D3F095812725D88F9001985B94EDD ] cmdide C:\Windows\system32\drivers\cmdide.sys

08:47:26.0902 6140 cmdide - ok

08:47:26.0957 6140 [ 9AC4F97C2D3E93367E2148EA940CD2CD ] CNG C:\Windows\system32\Drivers\cng.sys

08:47:26.0960 6140 CNG - ok

08:47:26.0973 6140 [ 102DE219C3F61415F964C88E9085AD14 ] Compbatt C:\Windows\system32\drivers\compbatt.sys

08:47:26.0975 6140 Compbatt - ok

08:47:26.0992 6140 [ 03EDB043586CCEBA243D689BDDA370A8 ] CompositeBus C:\Windows\system32\drivers\CompositeBus.sys

08:47:26.0994 6140 CompositeBus - ok

08:47:27.0004 6140 COMSysApp - ok

08:47:27.0031 6140 [ 927DA6432AF23ECD82FDB6A7E76CC842 ] cphs C:\Windows\SysWow64\IntelCpHeciSvc.exe

08:47:27.0035 6140 cphs - ok

08:47:27.0044 6140 [ 1C827878A998C18847245FE1F34EE597 ] crcdisk C:\Windows\system32\drivers\crcdisk.sys

08:47:27.0046 6140 crcdisk - ok

08:47:27.0094 6140 [ 9C01375BE382E834CC26D1B7EAF2C4FE ] CryptSvc C:\Windows\system32\cryptsvc.dll

08:47:27.0096 6140 CryptSvc - ok

08:47:27.0152 6140 [ 72794D112CBAFF3BC0C29BF7350D4741 ] cvhsvc C:\Program Files (x86)\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE

08:47:27.0156 6140 cvhsvc - ok

08:47:27.0188 6140 [ 5C627D1B1138676C0A7AB2C2C190D123 ] DcomLaunch C:\Windows\system32\rpcss.dll

08:47:27.0192 6140 DcomLaunch - ok

08:47:27.0216 6140 [ 3CEC7631A84943677AA8FA8EE5B6B43D ] defragsvc C:\Windows\System32\defragsvc.dll

08:47:27.0218 6140 defragsvc - ok

08:47:27.0225 6140 [ 9BB2EF44EAA163B29C4A4587887A0FE4 ] DfsC C:\Windows\system32\Drivers\dfsc.sys

08:47:27.0227 6140 DfsC - ok

08:47:27.0245 6140 [ 105373D52E71D2D1355AD3ACD18259C3 ] dg_ssudbus C:\Windows\system32\DRIVERS\ssudbus.sys

08:47:27.0247 6140 dg_ssudbus - ok

08:47:27.0258 6140 [ 43D808F5D9E1A18E5EEB5EBC83969E4E ] Dhcp C:\Windows\system32\dhcpcore.dll

08:47:27.0261 6140 Dhcp - ok

08:47:27.0266 6140 [ 13096B05847EC78F0977F2C0F79E9AB3 ] discache C:\Windows\system32\drivers\discache.sys

08:47:27.0268 6140 discache - ok

08:47:27.0286 6140 [ 9819EEE8B5EA3784EC4AF3B137A5244C ] Disk C:\Windows\system32\drivers\disk.sys

08:47:27.0288 6140 Disk - ok

08:47:27.0300 6140 [ 16835866AAA693C7D7FCEBA8FFF706E4 ] Dnscache C:\Windows\System32\dnsrslvr.dll

08:47:27.0301 6140 Dnscache - ok

08:47:27.0305 6140 [ B1FB3DDCA0FDF408750D5843591AFBC6 ] dot3svc C:\Windows\System32\dot3svc.dll

08:47:27.0308 6140 dot3svc - ok

08:47:27.0316 6140 [ B26F4F737E8F9DF4F31AF6CF31D05820 ] DPS C:\Windows\system32\dps.dll

08:47:27.0318 6140 DPS - ok

08:47:27.0335 6140 [ 9B19F34400D24DF84C858A421C205754 ] drmkaud C:\Windows\system32\drivers\drmkaud.sys

08:47:27.0336 6140 drmkaud - ok

08:47:27.0355 6140 [ F5BEE30450E18E6B83A5012C100616FD ] DXGKrnl C:\Windows\System32\drivers\dxgkrnl.sys

08:47:27.0359 6140 DXGKrnl - ok

08:47:27.0387 6140 [ 5DB7CEB8FB44ABF01614E33BAD2056E0 ] e1cexpress C:\Windows\system32\DRIVERS\e1c62x64.sys

08:47:27.0388 6140 e1cexpress - ok

08:47:27.0401 6140 [ E2DDA8726DA9CB5B2C4000C9018A9633 ] EapHost C:\Windows\System32\eapsvc.dll

08:47:27.0403 6140 EapHost - ok

08:47:27.0440 6140 [ DC5D737F51BE844D8C82C695EB17372F ] ebdrv C:\Windows\system32\drivers\evbda.sys

08:47:27.0541 6140 ebdrv - ok

08:47:27.0555 6140 [ C118A82CD78818C29AB228366EBF81C3 ] EFS C:\Windows\System32\lsass.exe

08:47:27.0558 6140 EFS - ok

08:47:27.0590 6140 [ C4002B6B41975F057D98C439030CEA07 ] ehRecvr C:\Windows\ehome\ehRecvr.exe

08:47:27.0594 6140 ehRecvr - ok

08:47:27.0610 6140 [ 4705E8EF9934482C5BB488CE28AFC681 ] ehSched C:\Windows\ehome\ehsched.exe

08:47:27.0612 6140 ehSched - ok

08:47:27.0627 6140 [ 0E5DA5369A0FCAEA12456DD852545184 ] elxstor C:\Windows\system32\drivers\elxstor.sys

08:47:27.0631 6140 elxstor - ok

08:47:27.0648 6140 [ 34A3C54752046E79A126E15C51DB409B ] ErrDev C:\Windows\system32\drivers\errdev.sys

08:47:27.0649 6140 ErrDev - ok

08:47:27.0666 6140 [ 4166F82BE4D24938977DD1746BE9B8A0 ] EventSystem C:\Windows\system32\es.dll

08:47:27.0669 6140 EventSystem - ok

08:47:27.0702 6140 [ A510C654EC00C1E9BDD91EEB3A59823B ] exfat C:\Windows\system32\drivers\exfat.sys

08:47:27.0704 6140 exfat - ok

08:47:27.0721 6140 [ 0ADC83218B66A6DB380C330836F3E36D ] fastfat C:\Windows\system32\drivers\fastfat.sys

08:47:27.0723 6140 fastfat - ok

08:47:27.0748 6140 [ DBEFD454F8318A0EF691FDD2EAAB44EB ] Fax C:\Windows\system32\fxssvc.exe

08:47:27.0752 6140 Fax - ok

08:47:27.0762 6140 [ D765D19CD8EF61F650C384F62FAC00AB ] fdc C:\Windows\system32\drivers\fdc.sys

08:47:27.0763 6140 fdc - ok

08:47:27.0778 6140 [ 0438CAB2E03F4FB61455A7956026FE86 ] fdPHost C:\Windows\system32\fdPHost.dll

08:47:27.0779 6140 fdPHost - ok

08:47:27.0790 6140 [ 802496CB59A30349F9A6DD22D6947644 ] FDResPub C:\Windows\system32\fdrespub.dll

08:47:27.0791 6140 FDResPub - ok

08:47:27.0802 6140 [ 655661BE46B5F5F3FD454E2C3095B930 ] FileInfo C:\Windows\system32\drivers\fileinfo.sys

08:47:27.0804 6140 FileInfo - ok

08:47:27.0815 6140 [ 5F671AB5BC87EEA04EC38A6CD5962A47 ] Filetrace C:\Windows\system32\drivers\filetrace.sys

08:47:27.0817 6140 Filetrace - ok

08:47:27.0828 6140 [ C172A0F53008EAEB8EA33FE10E177AF5 ] flpydisk C:\Windows\system32\drivers\flpydisk.sys

08:47:27.0830 6140 flpydisk - ok

08:47:27.0835 6140 [ DA6B67270FD9DB3697B20FCE94950741 ] FltMgr C:\Windows\system32\drivers\fltmgr.sys

08:47:27.0837 6140 FltMgr - ok

08:47:27.0858 6140 [ 5C4CB4086FB83115B153E47ADD961A0C ] FontCache C:\Windows\system32\FntCache.dll

08:47:27.0875 6140 FontCache - ok

08:47:27.0896 6140 [ A8B7F3818AB65695E3A0BB3279F6DCE6 ] FontCache3.0.0.0 C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe

08:47:27.0898 6140 FontCache3.0.0.0 - ok

08:47:27.0910 6140 [ D43703496149971890703B4B1B723EAC ] FsDepends C:\Windows\system32\drivers\FsDepends.sys

08:47:27.0912 6140 FsDepends - ok

08:47:27.0925 6140 [ 6BD9295CC032DD3077C671FCCF579A7B ] Fs_Rec C:\Windows\system32\drivers\Fs_Rec.sys

08:47:27.0926 6140 Fs_Rec - ok

08:47:27.0930 6140 [ 1F7B25B858FA27015169FE95E54108ED ] fvevol C:\Windows\system32\DRIVERS\fvevol.sys

08:47:27.0932 6140 fvevol - ok

08:47:27.0941 6140 [ 8C778D335C9D272CFD3298AB02ABE3B6 ] gagp30kx C:\Windows\system32\drivers\gagp30kx.sys

08:47:27.0944 6140 gagp30kx - ok

08:47:27.0973 6140 [ E6460809993FA1A86899AB39D2B785B6 ] gfiark C:\Windows\system32\drivers\gfiark.sys

08:47:27.0975 6140 gfiark - ok

08:47:28.0030 6140 [ AD826942E10F8D18C29E365CE426A21B ] gfi_lanss10_attservice C:\Program Files (x86)\GFI Software\VIPRE\LanGuard 10 Agent\lnssatt.exe

08:47:28.0031 6140 gfi_lanss10_attservice - ok

08:47:28.0045 6140 [ 277BBC7E1AA1EE957F573A10ECA7EF3A ] gpsvc C:\Windows\System32\gpsvc.dll

08:47:28.0050 6140 gpsvc - ok

08:47:28.0093 6140 [ 32096F187020A54D29C95B3A1467D963 ] GREGService C:\Program Files (x86)\Gateway\Registration\GREGsvc.exe

08:47:28.0094 6140 GREGService - ok

08:47:28.0123 6140 [ 506708142BC63DABA64F2D3AD1DCD5BF ] gupdate C:\Program Files (x86)\Google\Update\GoogleUpdate.exe

08:47:28.0124 6140 gupdate - ok

08:47:28.0127 6140 [ 506708142BC63DABA64F2D3AD1DCD5BF ] gupdatem C:\Program Files (x86)\Google\Update\GoogleUpdate.exe

08:47:28.0128 6140 gupdatem - ok

08:47:28.0141 6140 [ F2523EF6460FC42405B12248338AB2F0 ] hcw85cir C:\Windows\system32\drivers\hcw85cir.sys

08:47:28.0142 6140 hcw85cir - ok

08:47:28.0165 6140 [ 975761C778E33CD22498059B91E7373A ] HdAudAddService C:\Windows\system32\drivers\HdAudio.sys

08:47:28.0168 6140 HdAudAddService - ok

08:47:28.0188 6140 [ 97BFED39B6B79EB12CDDBFEED51F56BB ] HDAudBus C:\Windows\system32\drivers\HDAudBus.sys

08:47:28.0190 6140 HDAudBus - ok

08:47:28.0202 6140 [ 78E86380454A7B10A5EB255DC44A355F ] HidBatt C:\Windows\system32\drivers\HidBatt.sys

08:47:28.0204 6140 HidBatt - ok

08:47:28.0211 6140 [ 7FD2A313F7AFE5C4DAB14798C48DD104 ] HidBth C:\Windows\system32\drivers\hidbth.sys

08:47:28.0213 6140 HidBth - ok

08:47:28.0223 6140 [ 0A77D29F311B88CFAE3B13F9C1A73825 ] HidIr C:\Windows\system32\drivers\hidir.sys

08:47:28.0225 6140 HidIr - ok

08:47:28.0235 6140 [ BD9EB3958F213F96B97B1D897DEE006D ] hidserv C:\Windows\System32\hidserv.dll

08:47:28.0237 6140 hidserv - ok

08:47:28.0245 6140 [ 9592090A7E2B61CD582B612B6DF70536 ] HidUsb C:\Windows\system32\DRIVERS\hidusb.sys

08:47:28.0246 6140 HidUsb - ok

08:47:28.0266 6140 [ 387E72E739E15E3D37907A86D9FF98E2 ] hkmsvc C:\Windows\system32\kmsvc.dll

08:47:28.0269 6140 hkmsvc - ok

08:47:28.0279 6140 [ EFDFB3DD38A4376F93E7985173813ABD ] HomeGroupListener C:\Windows\system32\ListSvc.dll

08:47:28.0281 6140 HomeGroupListener - ok

08:47:28.0303 6140 [ 908ACB1F594274965A53926B10C81E89 ] HomeGroupProvider C:\Windows\system32\provsvc.dll

08:47:28.0305 6140 HomeGroupProvider - ok

08:47:28.0307 6140 [ 39D2ABCD392F3D8A6DCE7B60AE7B8EFC ] HpSAMD C:\Windows\system32\drivers\HpSAMD.sys

08:47:28.0308 6140 HpSAMD - ok

08:47:28.0321 6140 [ 0EA7DE1ACB728DD5A369FD742D6EEE28 ] HTTP C:\Windows\system32\drivers\HTTP.sys

08:47:28.0326 6140 HTTP - ok

08:47:28.0336 6140 [ A5462BD6884960C9DC85ED49D34FF392 ] hwpolicy C:\Windows\system32\drivers\hwpolicy.sys

08:47:28.0336 6140 hwpolicy - ok

08:47:28.0354 6140 [ FA55C73D4AFFA7EE23AC4BE53B4592D3 ] i8042prt C:\Windows\system32\DRIVERS\i8042prt.sys

08:47:28.0356 6140 i8042prt - ok

08:47:28.0376 6140 [ C224331A54571C8C9162F7714400BBBD ] iaStor C:\Windows\system32\DRIVERS\iaStor.sys

08:47:28.0379 6140 iaStor - ok

08:47:28.0445 6140 [ 7D4B9A48430ED57ACA6373B71D5904CA ] IAStorDataMgrSvc C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe

08:47:28.0445 6140 IAStorDataMgrSvc - ok

08:47:28.0457 6140 [ AAAF44DB3BD0B9D1FB6969B23ECC8366 ] iaStorV C:\Windows\system32\drivers\iaStorV.sys

08:47:28.0464 6140 iaStorV - ok

08:47:28.0496 6140 [ 5988FC40F8DB5B0739CD1E3A5D0D78BD ] idsvc C:\Windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\infocard.exe

08:47:28.0503 6140 idsvc - ok

08:47:28.0648 6140 [ 0638D16029B1C800908D965AC78970C7 ] igfx C:\Windows\system32\DRIVERS\igdkmd64.sys

08:47:28.0785 6140 igfx - ok

08:47:28.0804 6140 [ 5C18831C61933628F5BB0EA2675B9D21 ] iirsp C:\Windows\system32\drivers\iirsp.sys

08:47:28.0805 6140 iirsp - ok

08:47:28.0826 6140 [ FCD84C381E0140AF901E58D48882D26B ] IKEEXT C:\Windows\System32\ikeext.dll

08:47:28.0831 6140 IKEEXT - ok

08:47:28.0882 6140 [ ABA41EE6F5EEFC034F3BBD025506B37E ] IntcAzAudAddService C:\Windows\system32\drivers\RTKVHD64.sys

08:47:28.0894 6140 IntcAzAudAddService - ok

08:47:28.0922 6140 [ 6C9FFFECA9FED31347D211C5D1FFBD2D ] IntcDAud C:\Windows\system32\DRIVERS\IntcDAud.sys

08:47:28.0924 6140 IntcDAud - ok

08:47:28.0959 6140 [ 832CE330DD987227B7DEA8C03F22AEFA ] Intel® Capability Licensing Service Interface C:\Program Files\Intel\iCLS Client\HeciServer.exe

08:47:28.0963 6140 Intel® Capability Licensing Service Interface - ok

08:47:29.0015 6140 [ 4A9EB8AC8959C580ADCADDBDBBEBE033 ] Intel® PROSet Monitoring Service C:\Windows\system32\IProsetMonitor.exe

08:47:29.0017 6140 Intel® PROSet Monitoring Service - ok

08:47:29.0032 6140 [ F00F20E70C6EC3AA366910083A0518AA ] intelide C:\Windows\system32\drivers\intelide.sys

08:47:29.0033 6140 intelide - ok

08:47:29.0049 6140 [ ADA036632C664CAA754079041CF1F8C1 ] intelppm C:\Windows\system32\DRIVERS\intelppm.sys

08:47:29.0050 6140 intelppm - ok

08:47:29.0068 6140 [ 098A91C54546A3B878DAD6A7E90A455B ] IPBusEnum C:\Windows\system32\ipbusenum.dll

08:47:29.0070 6140 IPBusEnum - ok

08:47:29.0086 6140 [ C9F0E1BD74365A8771590E9008D22AB6 ] IpFilterDriver C:\Windows\system32\DRIVERS\ipfltdrv.sys

08:47:29.0088 6140 IpFilterDriver - ok

08:47:29.0118 6140 [ 08C2957BB30058E663720C5606885653 ] iphlpsvc C:\Windows\System32\iphlpsvc.dll

08:47:29.0122 6140 iphlpsvc - ok

08:47:29.0132 6140 [ 0FC1AEA580957AA8817B8F305D18CA3A ] IPMIDRV C:\Windows\system32\drivers\IPMIDrv.sys

08:47:29.0134 6140 IPMIDRV - ok

08:47:29.0136 6140 [ AF9B39A7E7B6CAA203B3862582E9F2D0 ] IPNAT C:\Windows\system32\drivers\ipnat.sys

08:47:29.0137 6140 IPNAT - ok

08:47:29.0178 6140 [ 02DEF37AB75E0032C50724646F708DE8 ] iPodDrv C:\Windows\system32\drivers\iPodDrv.sys

08:47:29.0178 6140 iPodDrv - ok

08:47:29.0185 6140 [ 3ABF5E7213EB28966D55D58B515D5CE9 ] IRENUM C:\Windows\system32\drivers\irenum.sys

08:47:29.0186 6140 IRENUM - ok

08:47:29.0199 6140 [ 2F7B28DC3E1183E5EB418DF55C204F38 ] isapnp C:\Windows\system32\drivers\isapnp.sys

08:47:29.0200 6140 isapnp - ok

08:47:29.0209 6140 [ D931D7309DEB2317035B07C9F9E6B0BD ] iScsiPrt C:\Windows\system32\drivers\msiscsi.sys

08:47:29.0211 6140 iScsiPrt - ok

08:47:29.0229 6140 [ DC0DBA5164F657DE2AE94B9D1FF75DA4 ] iusb3hcs C:\Windows\system32\DRIVERS\iusb3hcs.sys

08:47:29.0229 6140 iusb3hcs - ok

08:47:29.0241 6140 [ BA4F3A70F03584E5B907DA815677727D ] iusb3hub C:\Windows\system32\DRIVERS\iusb3hub.sys

08:47:29.0243 6140 iusb3hub - ok

08:47:29.0257 6140 [ E6130F70D61867C7EFC13A2F808EDC58 ] iusb3xhc C:\Windows\system32\DRIVERS\iusb3xhc.sys

08:47:29.0261 6140 iusb3xhc - ok

08:47:29.0279 6140 [ 468F7516B4030603BA9D1427CCEACDF9 ] jhi_service C:\Program Files (x86)\Intel\Intel® Management Engine Components\DAL\jhi_service.exe

08:47:29.0280 6140 jhi_service - ok

08:47:29.0305 6140 [ BC02336F1CBA7DCC7D1213BB588A68A5 ] kbdclass C:\Windows\system32\DRIVERS\kbdclass.sys

08:47:29.0305 6140 kbdclass - ok

08:47:29.0317 6140 [ 0705EFF5B42A9DB58548EEC3B26BB484 ] kbdhid C:\Windows\system32\DRIVERS\kbdhid.sys

08:47:29.0318 6140 kbdhid - ok

08:47:29.0347 6140 [ C118A82CD78818C29AB228366EBF81C3 ] KeyIso C:\Windows\system32\lsass.exe

08:47:29.0348 6140 KeyIso - ok

08:47:29.0373 6140 [ 97A7070AEA4C058B6418519E869A63B4 ] KSecDD C:\Windows\system32\Drivers\ksecdd.sys

08:47:29.0375 6140 KSecDD - ok

08:47:29.0386 6140 [ 26C43A7C2862447EC59DEDA188D1DA07 ] KSecPkg C:\Windows\system32\Drivers\ksecpkg.sys

08:47:29.0387 6140 KSecPkg - ok

08:47:29.0399 6140 [ 6869281E78CB31A43E969F06B57347C4 ] ksthunk C:\Windows\system32\drivers\ksthunk.sys

08:47:29.0401 6140 ksthunk - ok

08:47:29.0414 6140 [ 6AB66E16AA859232F64DEB66887A8C9C ] KtmRm C:\Windows\system32\msdtckrm.dll

08:47:29.0418 6140 KtmRm - ok

08:47:29.0435 6140 [ D9F42719019740BAA6D1C6D536CBDAA6 ] LanmanServer C:\Windows\System32\srvsvc.dll

08:47:29.0438 6140 LanmanServer - ok

08:47:29.0448 6140 [ 851A1382EED3E3A7476DB004F4EE3E1A ] LanmanWorkstation C:\Windows\System32\wkssvc.dll

08:47:29.0451 6140 LanmanWorkstation - ok

08:47:29.0504 6140 [ 7772DFAB22611050B79504E671B06E6E ] LBTServ C:\Program Files\Common Files\LogiShrd\Bluetooth\lbtserv.exe

08:47:29.0507 6140 LBTServ - ok

08:47:29.0521 6140 [ 241F2648ADF090E2A10095BD6D6F5DCB ] LHidFilt C:\Windows\system32\DRIVERS\LHidFilt.Sys

08:47:29.0522 6140 LHidFilt - ok

08:47:29.0556 6140 [ 6BB516A31DE232DAB436FF3A117E1E80 ] Live Updater Service C:\Program Files\Gateway\Gateway Updater\UpdaterService.exe

08:47:29.0558 6140 Live Updater Service - ok

08:47:29.0586 6140 [ 1538831CF8AD2979A04C423779465827 ] lltdio C:\Windows\system32\DRIVERS\lltdio.sys

08:47:29.0587 6140 lltdio - ok

08:47:29.0603 6140 [ C1185803384AB3FEED115F79F109427F ] lltdsvc C:\Windows\System32\lltdsvc.dll

08:47:29.0606 6140 lltdsvc - ok

08:47:29.0624 6140 [ F993A32249B66C9D622EA5592A8B76B8 ] lmhosts C:\Windows\System32\lmhsvc.dll

08:47:29.0626 6140 lmhosts - ok

08:47:29.0660 6140 LMIInfo - ok

08:47:29.0673 6140 [ 413ECDCFAD9A82804D3674C8D7EEC24E ] lmimirr C:\Windows\system32\DRIVERS\lmimirr.sys

08:47:29.0673 6140 lmimirr - ok

08:47:29.0684 6140 LMIRfsClientNP - ok

08:47:29.0690 6140 [ C57D3FAA50E6F395759FFB7C709BD944 ] LMIRfsDriver C:\Windows\system32\drivers\LMIRfsDriver.sys

08:47:29.0691 6140 LMIRfsDriver - ok

08:47:29.0697 6140 [ 342ED5A4B3326014438F36D22D803737 ] LMouFilt C:\Windows\system32\DRIVERS\LMouFilt.Sys

08:47:29.0698 6140 LMouFilt - ok

08:47:29.0718 6140 [ B114B200CCDEBC7EBD8EF5D783819386 ] LMS C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe

08:47:29.0719 6140 LMS - ok

08:47:29.0735 6140 [ 1A93E54EB0ECE102495A51266DCDB6A6 ] LSI_FC C:\Windows\system32\drivers\lsi_fc.sys

08:47:29.0736 6140 LSI_FC - ok

08:47:29.0761 6140 [ 1047184A9FDC8BDBFF857175875EE810 ] LSI_SAS C:\Windows\system32\drivers\lsi_sas.sys

08:47:29.0763 6140 LSI_SAS - ok

08:47:29.0771 6140 [ 30F5C0DE1EE8B5BC9306C1F0E4A75F93 ] LSI_SAS2 C:\Windows\system32\drivers\lsi_sas2.sys

08:47:29.0772 6140 LSI_SAS2 - ok

08:47:29.0790 6140 [ 0504EACAFF0D3C8AED161C4B0D369D4A ] LSI_SCSI C:\Windows\system32\drivers\lsi_scsi.sys

08:47:29.0792 6140 LSI_SCSI - ok

08:47:29.0802 6140 [ 43D0F98E1D56CCDDB0D5254CFF7B356E ] luafv C:\Windows\system32\drivers\luafv.sys

08:47:29.0803 6140 luafv - ok

08:47:29.0824 6140 [ 29C733E1DE824670DC9315CFC9BDBCD3 ] LUsbFilt C:\Windows\system32\Drivers\LUsbFilt.Sys

08:47:29.0825 6140 LUsbFilt - ok

08:47:29.0848 6140 [ 0C85B2B6FB74B36A251792D45E0EF860 ] LVRS64 C:\Windows\system32\DRIVERS\lvrs64.sys

08:47:29.0850 6140 LVRS64 - ok

08:47:29.0910 6140 [ FF3A488924B0032B1A9CA6948C1FA9E8 ] LVUVC64 C:\Windows\system32\DRIVERS\lvuvc64.sys

08:47:29.0929 6140 LVUVC64 - ok

08:47:29.0999 6140 [ A8FE8F2783B2929B56F5370A89356CE9 ] MBAMProtector C:\Windows\system32\drivers\mbam.sys

08:47:30.0000 6140 MBAMProtector - ok

08:47:30.0040 6140 [ 85B16A92B117A5A800032ECD904B86DB ] MBAMScheduler C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe

08:47:30.0043 6140 MBAMScheduler - ok

08:47:30.0062 6140 [ 20E2469DB709FC675E655CEAA11BE312 ] MBAMService C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe

08:47:30.0064 6140 MBAMService - ok

08:47:30.0081 6140 [ 0BE09CD858ABF9DF6ED259D57A1A1663 ] Mcx2Svc C:\Windows\system32\Mcx2Svc.dll

08:47:30.0083 6140 Mcx2Svc - ok

08:47:30.0091 6140 [ A55805F747C6EDB6A9080D7C633BD0F4 ] megasas C:\Windows\system32\drivers\megasas.sys

08:47:30.0093 6140 megasas - ok

08:47:30.0119 6140 [ BAF74CE0072480C3B6B7C13B2A94D6B3 ] MegaSR C:\Windows\system32\drivers\MegaSR.sys

08:47:30.0121 6140 MegaSR - ok

08:47:30.0139 6140 [ 6B01B7414A105B9E51652089A03027CF ] MEIx64 C:\Windows\system32\DRIVERS\HECIx64.sys

08:47:30.0140 6140 MEIx64 - ok

08:47:30.0152 6140 [ E40E80D0304A73E8D269F7141D77250B ] MMCSS C:\Windows\system32\mmcss.dll

08:47:30.0154 6140 MMCSS - ok

08:47:30.0165 6140 [ 800BA92F7010378B09F9ED9270F07137 ] Modem C:\Windows\system32\drivers\modem.sys

08:47:30.0167 6140 Modem - ok

08:47:30.0172 6140 [ B03D591DC7DA45ECE20B3B467E6AADAA ] monitor C:\Windows\system32\DRIVERS\monitor.sys

08:47:30.0172 6140 monitor - ok

08:47:30.0181 6140 [ 7D27EA49F3C1F687D357E77A470AEA99 ] mouclass C:\Windows\system32\DRIVERS\mouclass.sys

08:47:30.0181 6140 mouclass - ok

08:47:30.0187 6140 [ D3BF052C40B0C4166D9FD86A4288C1E6 ] mouhid C:\Windows\system32\DRIVERS\mouhid.sys

08:47:30.0188 6140 mouhid - ok

08:47:30.0215 6140 [ 32E7A3D591D671A6DF2DB515A5CBE0FA ] mountmgr C:\Windows\system32\drivers\mountmgr.sys

08:47:30.0217 6140 mountmgr - ok

08:47:30.0261 6140 [ 313265CF4F5F02ED927774DA1DB3FE00 ] MozillaMaintenance C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe

08:47:30.0264 6140 MozillaMaintenance - ok

08:47:30.0267 6140 [ A44B420D30BD56E145D6A2BC8768EC58 ] mpio C:\Windows\system32\drivers\mpio.sys

08:47:30.0269 6140 mpio - ok

08:47:30.0279 6140 [ 6C38C9E45AE0EA2FA5E551F2ED5E978F ] mpsdrv C:\Windows\system32\drivers\mpsdrv.sys

08:47:30.0280 6140 mpsdrv - ok

08:47:30.0296 6140 [ 54FFC9C8898113ACE189D4AA7199D2C1 ] MpsSvc C:\Windows\system32\mpssvc.dll

08:47:30.0302 6140 MpsSvc - ok

08:47:30.0305 6140 [ DC722758B8261E1ABAFD31A3C0A66380 ] MRxDAV C:\Windows\system32\drivers\mrxdav.sys

08:47:30.0307 6140 MRxDAV - ok

08:47:30.0317 6140 [ A5D9106A73DC88564C825D317CAC68AC ] mrxsmb C:\Windows\system32\DRIVERS\mrxsmb.sys

08:47:30.0318 6140 mrxsmb - ok

08:47:30.0322 6140 [ D711B3C1D5F42C0C2415687BE09FC163 ] mrxsmb10 C:\Windows\system32\DRIVERS\mrxsmb10.sys

08:47:30.0324 6140 mrxsmb10 - ok

08:47:30.0335 6140 [ 9423E9D355C8D303E76B8CFBD8A5C30C ] mrxsmb20 C:\Windows\system32\DRIVERS\mrxsmb20.sys

08:47:30.0337 6140 mrxsmb20 - ok

08:47:30.0343 6140 [ C25F0BAFA182CBCA2DD3C851C2E75796 ] msahci C:\Windows\system32\drivers\msahci.sys

08:47:30.0343 6140 msahci - ok

08:47:30.0346 6140 [ DB801A638D011B9633829EB6F663C900 ] msdsm C:\Windows\system32\drivers\msdsm.sys

08:47:30.0348 6140 msdsm - ok

08:47:30.0360 6140 [ DE0ECE52236CFA3ED2DBFC03F28253A8 ] MSDTC C:\Windows\System32\msdtc.exe

08:47:30.0362 6140 MSDTC - ok

08:47:30.0375 6140 [ AA3FB40E17CE1388FA1BEDAB50EA8F96 ] Msfs C:\Windows\system32\drivers\Msfs.sys

08:47:30.0377 6140 Msfs - ok

08:47:30.0379 6140 [ F9D215A46A8B9753F61767FA72A20326 ] mshidkmdf C:\Windows\System32\drivers\mshidkmdf.sys

08:47:30.0379 6140 mshidkmdf - ok

08:47:30.0391 6140 [ D916874BBD4F8B07BFB7FA9B3CCAE29D ] msisadrv C:\Windows\system32\drivers\msisadrv.sys

08:47:30.0391 6140 msisadrv - ok

08:47:30.0403 6140 [ 808E98FF49B155C522E6400953177B08 ] MSiSCSI C:\Windows\system32\iscsiexe.dll

08:47:30.0406 6140 MSiSCSI - ok

08:47:30.0408 6140 msiserver - ok

08:47:30.0418 6140 [ 49CCF2C4FEA34FFAD8B1B59D49439366 ] MSKSSRV C:\Windows\system32\drivers\MSKSSRV.sys

08:47:30.0419 6140 MSKSSRV - ok

08:47:30.0425 6140 [ BDD71ACE35A232104DDD349EE70E1AB3 ] MSPCLOCK C:\Windows\system32\drivers\MSPCLOCK.sys

08:47:30.0426 6140 MSPCLOCK - ok

08:47:30.0436 6140 [ 4ED981241DB27C3383D72092B618A1D0 ] MSPQM C:\Windows\system32\drivers\MSPQM.sys

08:47:30.0437 6140 MSPQM - ok

08:47:30.0442 6140 [ 759A9EEB0FA9ED79DA1FB7D4EF78866D ] MsRPC C:\Windows\system32\drivers\MsRPC.sys

08:47:30.0445 6140 MsRPC - ok

08:47:30.0454 6140 [ 0EED230E37515A0EAEE3C2E1BC97B288 ] mssmbios C:\Windows\system32\drivers\mssmbios.sys

08:47:30.0454 6140 mssmbios - ok

08:47:30.0462 6140 [ 2E66F9ECB30B4221A318C92AC2250779 ] MSTEE C:\Windows\system32\drivers\MSTEE.sys

08:47:30.0463 6140 MSTEE - ok

08:47:30.0473 6140 [ 7EA404308934E675BFFDE8EDF0757BCD ] MTConfig C:\Windows\system32\drivers\MTConfig.sys

08:47:30.0474 6140 MTConfig - ok

08:47:30.0485 6140 [ F9A18612FD3526FE473C1BDA678D61C8 ] Mup C:\Windows\system32\Drivers\mup.sys

08:47:30.0485 6140 Mup - ok

08:47:30.0496 6140 [ 582AC6D9873E31DFA28A4547270862DD ] napagent C:\Windows\system32\qagentRT.dll

08:47:30.0499 6140 napagent - ok

08:47:30.0516 6140 [ 1EA3749C4114DB3E3161156FFFFA6B33 ] NativeWifiP C:\Windows\system32\DRIVERS\nwifi.sys

08:47:30.0518 6140 NativeWifiP - ok

08:47:30.0575 6140 [ 13AA2130F2A104DD775EAD0F0EE5417B ] NAUpdate C:\Program Files (x86)\Nero\Update\NASvc.exe

08:47:30.0578 6140 NAUpdate - ok

08:47:30.0619 6140 [ 760E38053BF56E501D562B70AD796B88 ] NDIS C:\Windows\system32\drivers\ndis.sys

08:47:30.0625 6140 NDIS - ok

08:47:30.0636 6140 [ 9F9A1F53AAD7DA4D6FEF5BB73AB811AC ] NdisCap C:\Windows\system32\DRIVERS\ndiscap.sys

08:47:30.0637 6140 NdisCap - ok

08:47:30.0656 6140 [ 30639C932D9FEF22B31268FE25A1B6E5 ] NdisTapi C:\Windows\system32\DRIVERS\ndistapi.sys

08:47:30.0657 6140 NdisTapi - ok

08:47:30.0677 6140 [ 136185F9FB2CC61E573E676AA5402356 ] Ndisuio C:\Windows\system32\DRIVERS\ndisuio.sys

08:47:30.0678 6140 Ndisuio - ok

08:47:30.0682 6140 [ 53F7305169863F0A2BDDC49E116C2E11 ] NdisWan C:\Windows\system32\DRIVERS\ndiswan.sys

08:47:30.0683 6140 NdisWan - ok

08:47:30.0690 6140 [ 015C0D8E0E0421B4CFD48CFFE2825879 ] NDProxy C:\Windows\system32\drivers\NDProxy.sys

08:47:30.0692 6140 NDProxy - ok

08:47:30.0702 6140 [ 86743D9F5D2B1048062B14B1D84501C4 ] NetBIOS C:\Windows\system32\DRIVERS\netbios.sys

08:47:30.0704 6140 NetBIOS - ok

08:47:30.0711 6140 [ 09594D1089C523423B32A4229263F068 ] NetBT C:\Windows\system32\DRIVERS\netbt.sys

08:47:30.0713 6140 NetBT - ok

08:47:30.0722 6140 [ C118A82CD78818C29AB228366EBF81C3 ] Netlogon C:\Windows\system32\lsass.exe

08:47:30.0723 6140 Netlogon - ok

08:47:30.0746 6140 [ 847D3AE376C0817161A14A82C8922A9E ] Netman C:\Windows\System32\netman.dll

08:47:30.0749 6140 Netman - ok

08:47:30.0760 6140 [ 5F28111C648F1E24F7DBC87CDEB091B8 ] netprofm C:\Windows\System32\netprofm.dll

08:47:30.0764 6140 netprofm - ok

08:47:30.0795 6140 [ 5758FD37BF31E759F8610311E4D08ECA ] netr28x C:\Windows\system32\DRIVERS\netr28x.sys

08:47:30.0812 6140 netr28x - ok

08:47:30.0827 6140 [ 3E5A36127E201DDF663176B66828FAFE ] NetTcpPortSharing C:\Windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\SMSvcHost.exe

08:47:30.0829 6140 NetTcpPortSharing - ok

08:47:30.0840 6140 [ 77889813BE4D166CDAB78DDBA990DA92 ] nfrd960 C:\Windows\system32\drivers\nfrd960.sys

08:47:30.0842 6140 nfrd960 - ok

08:47:30.0871 6140 [ 8AD77806D336673F270DB31645267293 ] NlaSvc C:\Windows\System32\nlasvc.dll

08:47:30.0874 6140 NlaSvc - ok

08:47:30.0876 6140 [ 1E4C4AB5C9B8DD13179BBDC75A2A01F7 ] Npfs C:\Windows\system32\drivers\Npfs.sys

08:47:30.0877 6140 Npfs - ok

08:47:30.0888 6140 [ D54BFDF3E0C953F823B3D0BFE4732528 ] nsi C:\Windows\system32\nsisvc.dll

08:47:30.0891 6140 nsi - ok

08:47:30.0893 6140 [ E7F5AE18AF4168178A642A9247C63001 ] nsiproxy C:\Windows\system32\drivers\nsiproxy.sys

08:47:30.0893 6140 nsiproxy - ok

08:47:30.0935 6140 [ E453ACF4E7D44E5530B5D5F2B9CA8563 ] Ntfs C:\Windows\system32\drivers\Ntfs.sys

08:47:30.0952 6140 Ntfs - ok

08:47:30.0959 6140 [ 9899284589F75FA8724FF3D16AED75C1 ] Null C:\Windows\system32\drivers\Null.sys

08:47:30.0961 6140 Null - ok

08:47:30.0983 6140 [ 0A92CB65770442ED0DC44834632F66AD ] nvraid C:\Windows\system32\drivers\nvraid.sys

08:47:30.0984 6140 nvraid - ok

08:47:30.0994 6140 [ DAB0E87525C10052BF65F06152F37E4A ] nvstor C:\Windows\system32\drivers\nvstor.sys

08:47:30.0996 6140 nvstor - ok

08:47:30.0999 6140 [ 270D7CD42D6E3979F6DD0146650F0E05 ] nv_agp C:\Windows\system32\drivers\nv_agp.sys

08:47:31.0000 6140 nv_agp - ok

08:47:31.0006 6140 [ 3589478E4B22CE21B41FA1BFC0B8B8A0 ] ohci1394 C:\Windows\system32\drivers\ohci1394.sys

08:47:31.0007 6140 ohci1394 - ok

08:47:31.0038 6140 [ 9D10F99A6712E28F8ACD5641E3A7EA6B ] ose C:\Program Files (x86)\Common Files\Microsoft Shared\Source Engine\OSE.EXE

08:47:31.0040 6140 ose - ok

08:47:31.0106 6140 [ 61BFFB5F57AD12F83AB64B7181829B34 ] osppsvc C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE

08:47:31.0125 6140 osppsvc - ok

08:47:31.0152 6140 [ 3EAC4455472CC2C97107B5291E0DCAFE ] p2pimsvc C:\Windows\system32\pnrpsvc.dll

08:47:31.0155 6140 p2pimsvc - ok

08:47:31.0167 6140 [ 927463ECB02179F88E4B9A17568C63C3 ] p2psvc C:\Windows\system32\p2psvc.dll

08:47:31.0170 6140 p2psvc - ok

08:47:31.0174 6140 [ 0086431C29C35BE1DBC43F52CC273887 ] Parport C:\Windows\system32\drivers\parport.sys

08:47:31.0175 6140 Parport - ok

08:47:31.0185 6140 [ E9766131EEADE40A27DC27D2D68FBA9C ] partmgr C:\Windows\system32\drivers\partmgr.sys

08:47:31.0187 6140 partmgr - ok

08:47:31.0194 6140 [ 3AEAA8B561E63452C655DC0584922257 ] PcaSvc C:\Windows\System32\pcasvc.dll

08:47:31.0196 6140 PcaSvc - ok

08:47:31.0208 6140 [ 94575C0571D1462A0F70BDE6BD6EE6B3 ] pci C:\Windows\system32\drivers\pci.sys

08:47:31.0210 6140 pci - ok

08:47:31.0226 6140 [ B5B8B5EF2E5CB34DF8DCF8831E3534FA ] pciide C:\Windows\system32\drivers\pciide.sys

08:47:31.0228 6140 pciide - ok

08:47:31.0232 6140 [ B2E81D4E87CE48589F98CB8C05B01F2F ] pcmcia C:\Windows\system32\drivers\pcmcia.sys

08:47:31.0234 6140 pcmcia - ok

08:47:31.0241 6140 [ D6B9C2E1A11A3A4B26A182FFEF18F603 ] pcw C:\Windows\system32\drivers\pcw.sys

08:47:31.0242 6140 pcw - ok

08:47:31.0255 6140 [ 68769C3356B3BE5D1C732C97B9A80D6E ] PEAUTH C:\Windows\system32\drivers\peauth.sys

08:47:31.0264 6140 PEAUTH - ok

08:47:31.0314 6140 [ E495E408C93141E8FC72DC0C6046DDFA ] PerfHost C:\Windows\SysWow64\perfhost.exe

08:47:31.0316 6140 PerfHost - ok

08:47:31.0340 6140 [ C7CF6A6E137463219E1259E3F0F0DD6C ] pla C:\Windows\system32\pla.dll

08:47:31.0357 6140 pla - ok

08:47:31.0377 6140 [ 25FBDEF06C4D92815B353F6E792C8129 ] PlugPlay C:\Windows\system32\umpnpmgr.dll

08:47:31.0381 6140 PlugPlay - ok

08:47:31.0402 6140 [ A010F13D27C1033A8BE09D5FA9BF348B ] pneteth C:\Windows\system32\DRIVERS\pneteth.sys

08:47:31.0404 6140 pneteth - ok

08:47:31.0413 6140 [ 7195581CEC9BB7D12ABE54036ACC2E38 ] PNRPAutoReg C:\Windows\system32\pnrpauto.dll

08:47:31.0415 6140 PNRPAutoReg - ok

08:47:31.0434 6140 [ 3EAC4455472CC2C97107B5291E0DCAFE ] PNRPsvc C:\Windows\system32\pnrpsvc.dll

08:47:31.0436 6140 PNRPsvc - ok

08:47:31.0449 6140 [ 4F15D75ADF6156BF56ECED6D4A55C389 ] PolicyAgent C:\Windows\System32\ipsecsvc.dll

08:47:31.0452 6140 PolicyAgent - ok

08:47:31.0456 6140 [ 6BA9D927DDED70BD1A9CADED45F8B184 ] Power C:\Windows\system32\umpo.dll

08:47:31.0459 6140 Power - ok

08:47:31.0473 6140 [ F92A2C41117A11A00BE01CA01A7FCDE9 ] PptpMiniport C:\Windows\system32\DRIVERS\raspptp.sys

08:47:31.0475 6140 PptpMiniport - ok

08:47:31.0485 6140 [ 0D922E23C041EFB1C3FAC2A6F943C9BF ] Processor C:\Windows\system32\drivers\processr.sys

08:47:31.0487 6140 Processor - ok

08:47:31.0505 6140 [ 53E83F1F6CF9D62F32801CF66D8352A8 ] ProfSvc C:\Windows\system32\profsvc.dll

08:47:31.0507 6140 ProfSvc - ok

08:47:31.0514 6140 [ C118A82CD78818C29AB228366EBF81C3 ] ProtectedStorage C:\Windows\system32\lsass.exe

08:47:31.0515 6140 ProtectedStorage - ok

08:47:31.0532 6140 [ 0557CF5A2556BD58E26384169D72438D ] Psched C:\Windows\system32\DRIVERS\pacer.sys

08:47:31.0533 6140 Psched - ok

08:47:31.0560 6140 [ A53A15A11EBFD21077463EE2C7AFEEF0 ] ql2300 C:\Windows\system32\drivers\ql2300.sys

08:47:31.0577 6140 ql2300 - ok

08:47:31.0590 6140 [ 4F6D12B51DE1AAEFF7DC58C4D75423C8 ] ql40xx C:\Windows\system32\drivers\ql40xx.sys

08:47:31.0592 6140 ql40xx - ok

08:47:31.0608 6140 [ 906191634E99AEA92C4816150BDA3732 ] QWAVE C:\Windows\system32\qwave.dll

08:47:31.0610 6140 QWAVE - ok

08:47:31.0620 6140 [ 76707BB36430888D9CE9D705398ADB6C ] QWAVEdrv C:\Windows\system32\drivers\qwavedrv.sys

08:47:31.0622 6140 QWAVEdrv - ok

08:47:31.0630 6140 [ 5A0DA8AD5762FA2D91678A8A01311704 ] RasAcd C:\Windows\system32\DRIVERS\rasacd.sys

08:47:31.0632 6140 RasAcd - ok

08:47:31.0657 6140 [ 7ECFF9B22276B73F43A99A15A6094E90 ] RasAgileVpn C:\Windows\system32\DRIVERS\AgileVpn.sys

08:47:31.0659 6140 RasAgileVpn - ok

08:47:31.0669 6140 [ 8F26510C5383B8DBE976DE1CD00FC8C7 ] RasAuto C:\Windows\System32\rasauto.dll

08:47:31.0671 6140 RasAuto - ok

08:47:31.0681 6140 [ 471815800AE33E6F1C32FB1B97C490CA ] Rasl2tp C:\Windows\system32\DRIVERS\rasl2tp.sys

08:47:31.0684 6140 Rasl2tp - ok

08:47:31.0698 6140 [ EE867A0870FC9E4972BA9EAAD35651E2 ] RasMan C:\Windows\System32\rasmans.dll

08:47:31.0701 6140 RasMan - ok

08:47:31.0711 6140 [ 855C9B1CD4756C5E9A2AA58A15F58C25 ] RasPppoe C:\Windows\system32\DRIVERS\raspppoe.sys

08:47:31.0713 6140 RasPppoe - ok

08:47:31.0724 6140 [ E8B1E447B008D07FF47D016C2B0EEECB ] RasSstp C:\Windows\system32\DRIVERS\rassstp.sys

08:47:31.0725 6140 RasSstp - ok

08:47:31.0730 6140 [ 77F665941019A1594D887A74F301FA2F ] rdbss C:\Windows\system32\DRIVERS\rdbss.sys

08:47:31.0733 6140 rdbss - ok

08:47:31.0746 6140 [ 302DA2A0539F2CF54D7C6CC30C1F2D8D ] rdpbus C:\Windows\system32\drivers\rdpbus.sys

08:47:31.0747 6140 rdpbus - ok

08:47:31.0764 6140 [ CEA6CC257FC9B7715F1C2B4849286D24 ] RDPCDD C:\Windows\system32\DRIVERS\RDPCDD.sys

08:47:31.0765 6140 RDPCDD - ok

08:47:31.0769 6140 [ BB5971A4F00659529A5C44831AF22365 ] RDPENCDD C:\Windows\system32\drivers\rdpencdd.sys

08:47:31.0769 6140 RDPENCDD - ok

08:47:31.0788 6140 [ 216F3FA57533D98E1F74DED70113177A ] RDPREFMP C:\Windows\system32\drivers\rdprefmp.sys

08:47:31.0789 6140 RDPREFMP - ok

08:47:31.0802 6140 [ E61608AA35E98999AF9AAEEEA6114B0A ] RDPWD C:\Windows\system32\drivers\RDPWD.sys

08:47:31.0804 6140 RDPWD - ok

08:47:31.0818 6140 [ 34ED295FA0121C241BFEF24764FC4520 ] rdyboost C:\Windows\system32\drivers\rdyboost.sys

08:47:31.0819 6140 rdyboost - ok

08:47:31.0828 6140 [ 254FB7A22D74E5511C73A3F6D802F192 ] RemoteAccess C:\Windows\System32\mprdim.dll

08:47:31.0830 6140 RemoteAccess - ok

08:47:31.0834 6140 [ E4D94F24081440B5FC5AA556C7C62702 ] RemoteRegistry C:\Windows\system32\regsvc.dll

08:47:31.0836 6140 RemoteRegistry - ok

08:47:31.0845 6140 [ E4DC58CF7B3EA515AE917FF0D402A7BB ] RpcEptMapper C:\Windows\System32\RpcEpMap.dll

08:47:31.0848 6140 RpcEptMapper - ok

08:47:31.0853 6140 [ D5BA242D4CF8E384DB90E6A8ED850B8C ] RpcLocator C:\Windows\system32\locator.exe

08:47:31.0855 6140 RpcLocator - ok

08:47:31.0872 6140 [ 5C627D1B1138676C0A7AB2C2C190D123 ] RpcSs C:\Windows\system32\rpcss.dll

08:47:31.0875 6140 RpcSs - ok

08:47:31.0884 6140 [ DDC86E4F8E7456261E637E3552E804FF ] rspndr C:\Windows\system32\DRIVERS\rspndr.sys

08:47:31.0886 6140 rspndr - ok

08:47:31.0888 6140 [ C118A82CD78818C29AB228366EBF81C3 ] SamSs C:\Windows\system32\lsass.exe

08:47:31.0889 6140 SamSs - ok

08:47:31.0959 6140 [ 99FC1599F89A80216E41175B8CA44D89 ] SBAMSvc C:\Program Files (x86)\GFI Software\VIPRE\SBAMSvc.exe

08:47:31.0973 6140 SBAMSvc - ok

08:47:32.0009 6140 [ 8F19D62B04081C0BFF1E8D6F26220A28 ] sbapifs C:\Windows\system32\DRIVERS\sbapifs.sys

08:47:32.0010 6140 sbapifs - ok

08:47:32.0084 6140 [ D8E08D2D24E777894744B657EA78796A ] SbFw C:\Windows\system32\drivers\SbFw.sys

08:47:32.0085 6140 SbFw - ok

08:47:32.0129 6140 [ 032CBD1D453D3BD4B38DE06AC4F8B8B4 ] SBFWIMCL C:\Windows\system32\DRIVERS\sbfwim.sys

08:47:32.0130 6140 SBFWIMCL - ok

08:47:32.0136 6140 [ 032CBD1D453D3BD4B38DE06AC4F8B8B4 ] SBFWIMCLMP C:\Windows\system32\DRIVERS\SBFWIM.sys

08:47:32.0137 6140 SBFWIMCLMP - ok

08:47:32.0193 6140 [ 1490E7C7A22329BE5641D4C2E16B868E ] SbHips C:\Windows\system32\drivers\sbhips.sys

08:47:32.0194 6140 SbHips - ok

08:47:32.0202 6140 [ AC03AF3329579FFFB455AA2DAABBE22B ] sbp2port C:\Windows\system32\drivers\sbp2port.sys

08:47:32.0204 6140 sbp2port - ok

08:47:32.0225 6140 [ 5314272972576D925A54CABAFD1E7FBF ] SBPIMSvc C:\Program Files (x86)\GFI Software\VIPRE\SBPIMSvc.exe

08:47:32.0227 6140 SBPIMSvc - ok

08:47:32.0267 6140 [ 051C35F5FF516398FFC806979C709A2F ] sbwtis C:\Windows\system32\DRIVERS\sbwtis.sys

08:47:32.0268 6140 sbwtis - ok

08:47:32.0280 6140 [ 9B7395789E3791A3B6D000FE6F8B131E ] SCardSvr C:\Windows\System32\SCardSvr.dll

08:47:32.0283 6140 SCardSvr - ok

08:47:32.0294 6140 [ 253F38D0D7074C02FF8DEB9836C97D2B ] scfilter C:\Windows\system32\DRIVERS\scfilter.sys

08:47:32.0296 6140 scfilter - ok

08:47:32.0310 6140 [ 262F6592C3299C005FD6BEC90FC4463A ] Schedule C:\Windows\system32\schedsvc.dll

08:47:32.0327 6140 Schedule - ok

08:47:32.0334 6140 [ F17D1D393BBC69C5322FBFAFACA28C7F ] SCPolicySvc C:\Windows\System32\certprop.dll

08:47:32.0335 6140 SCPolicySvc - ok

08:47:32.0343 6140 [ 6EA4234DC55346E0709560FE7C2C1972 ] SDRSVC C:\Windows\System32\SDRSVC.dll

08:47:32.0345 6140 SDRSVC - ok

08:47:32.0351 6140 [ 3EA8A16169C26AFBEB544E0E48421186 ] secdrv C:\Windows\system32\drivers\secdrv.sys

08:47:32.0352 6140 secdrv - ok

08:47:32.0364 6140 [ BC617A4E1B4FA8DF523A061739A0BD87 ] seclogon C:\Windows\system32\seclogon.dll

08:47:32.0365 6140 seclogon - ok

08:47:32.0388 6140 [ C32AB8FA018EF34C0F113BD501436D21 ] SENS C:\Windows\system32\sens.dll

08:47:32.0390 6140 SENS - ok

08:47:32.0406 6140 [ 0336CFFAFAAB87A11541F1CF1594B2B2 ] SensrSvc C:\Windows\system32\sensrsvc.dll

08:47:32.0409 6140 SensrSvc - ok

08:47:32.0422 6140 [ CB624C0035412AF0DEBEC78C41F5CA1B ] Serenum C:\Windows\system32\drivers\serenum.sys

08:47:32.0424 6140 Serenum - ok

08:47:32.0448 6140 [ C1D8E28B2C2ADFAEC4BA89E9FDA69BD6 ] Serial C:\Windows\system32\drivers\serial.sys

08:47:32.0450 6140 Serial - ok

08:47:32.0461 6140 [ 1C545A7D0691CC4A027396535691C3E3 ] sermouse C:\Windows\system32\drivers\sermouse.sys

08:47:32.0463 6140 sermouse - ok

08:47:32.0478 6140 [ 0B6231BF38174A1628C4AC812CC75804 ] SessionEnv C:\Windows\system32\sessenv.dll

08:47:32.0481 6140 SessionEnv - ok

08:47:32.0490 6140 [ A554811BCD09279536440C964AE35BBF ] sffdisk C:\Windows\system32\drivers\sffdisk.sys

08:47:32.0491 6140 sffdisk - ok

08:47:32.0504 6140 [ FF414F0BAEFEBA59BC6C04B3DB0B87BF ] sffp_mmc C:\Windows\system32\drivers\sffp_mmc.sys

08:47:32.0506 6140 sffp_mmc - ok

08:47:32.0515 6140 [ DD85B78243A19B59F0637DCF284DA63C ] sffp_sd C:\Windows\system32\drivers\sffp_sd.sys

08:47:32.0517 6140 sffp_sd - ok

08:47:32.0528 6140 [ A9D601643A1647211A1EE2EC4E433FF4 ] sfloppy C:\Windows\system32\drivers\sfloppy.sys

08:47:32.0530 6140 sfloppy - ok

08:47:32.0558 6140 [ C6CC9297BD53E5229653303E556AA539 ] Sftfs C:\Windows\system32\DRIVERS\Sftfslh.sys

08:47:32.0561 6140 Sftfs - ok

08:47:32.0587 6140 [ 13693B6354DD6E72DC5131DA7D764B90 ] sftlist C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe

08:47:32.0590 6140 sftlist - ok

08:47:32.0601 6140 [ 390AA7BC52CEE43F6790CDEA1E776703 ] Sftplay C:\Windows\system32\DRIVERS\Sftplaylh.sys

08:47:32.0602 6140 Sftplay - ok

08:47:32.0613 6140 [ 617E29A0B0A2807466560D4C4E338D3E ] Sftredir C:\Windows\system32\DRIVERS\Sftredirlh.sys

08:47:32.0613 6140 Sftredir - ok

08:47:32.0625 6140 [ 8F571F016FA1976F445147E9E6C8AE9B ] Sftvol C:\Windows\system32\DRIVERS\Sftvollh.sys

08:47:32.0625 6140 Sftvol - ok

08:47:32.0631 6140 [ C3CDDD18F43D44AB713CF8C4916F7696 ] sftvsa C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe

08:47:32.0633 6140 sftvsa - ok

08:47:32.0659 6140 [ B95F6501A2F8B2E78C697FEC401970CE ] SharedAccess C:\Windows\System32\ipnathlp.dll

08:47:32.0662 6140 SharedAccess - ok

08:47:32.0678 6140 [ AAF932B4011D14052955D4B212A4DA8D ] ShellHWDetection C:\Windows\System32\shsvcs.dll

08:47:32.0681 6140 ShellHWDetection - ok

08:47:32.0697 6140 [ 843CAF1E5FDE1FFD5FF768F23A51E2E1 ] SiSRaid2 C:\Windows\system32\drivers\SiSRaid2.sys

08:47:32.0699 6140 SiSRaid2 - ok

08:47:32.0701 6140 [ 6A6C106D42E9FFFF8B9FCB4F754F6DA4 ] SiSRaid4 C:\Windows\system32\drivers\sisraid4.sys

08:47:32.0702 6140 SiSRaid4 - ok

08:47:32.0788 6140 [ 3740B83AEC21D981065D7E819BD7E878 ] Skype C2C Service C:\ProgramData\Skype\Toolbars\Skype C2C Service\c2c_service.exe

08:47:32.0839 6140 Skype C2C Service - ok

08:47:32.0878 6140 [ B866E8C5ED1DCBEA72285BA4107892C2 ] SkypeUpdate C:\Program Files (x86)\Skype\Updater\Updater.exe

08:47:32.0879 6140 SkypeUpdate - ok

08:47:32.0899 6140 [ 548260A7B8654E024DC30BF8A7C5BAA4 ] Smb C:\Windows\system32\DRIVERS\smb.sys

08:47:32.0901 6140 Smb - ok

08:47:32.0921 6140 [ 6313F223E817CC09AA41811DAA7F541D ] SNMPTRAP C:\Windows\System32\snmptrap.exe

08:47:32.0924 6140 SNMPTRAP - ok

08:47:32.0930 6140 [ B9E31E5CACDFE584F34F730A677803F9 ] spldr C:\Windows\system32\drivers\spldr.sys

08:47:32.0930 6140 spldr - ok

08:47:32.0951 6140 [ 85DAA09A98C9286D4EA2BA8D0E644377 ] Spooler C:\Windows\System32\spoolsv.exe

08:47:32.0956 6140 Spooler - ok

08:47:32.0996 6140 [ E17E0188BB90FAE42D83E98707EFA59C ] sppsvc C:\Windows\system32\sppsvc.exe

08:47:33.0031 6140 sppsvc - ok

08:47:33.0044 6140 [ 93D7D61317F3D4BC4F4E9F8A96A7DE45 ] sppuinotify C:\Windows\system32\sppuinotify.dll

08:47:33.0046 6140 sppuinotify - ok

08:47:33.0056 6140 [ 441FBA48BFF01FDB9D5969EBC1838F0B ] srv C:\Windows\system32\DRIVERS\srv.sys

08:47:33.0060 6140 srv - ok

08:47:33.0064 6140 [ B4ADEBBF5E3677CCE9651E0F01F7CC28 ] srv2 C:\Windows\system32\DRIVERS\srv2.sys

08:47:33.0067 6140 srv2 - ok

08:47:33.0073 6140 [ 27E461F0BE5BFF5FC737328F749538C3 ] srvnet C:\Windows\system32\DRIVERS\srvnet.sys

08:47:33.0074 6140 srvnet - ok

08:47:33.0099 6140 [ 51B52FBD583CDE8AA9BA62B8B4298F33 ] SSDPSRV C:\Windows\System32\ssdpsrv.dll

08:47:33.0101 6140 SSDPSRV - ok

08:47:33.0110 6140 [ AB7AEBF58DAD8DAAB7A6C45E6A8885CB ] SstpSvc C:\Windows\system32\sstpsvc.dll

08:47:33.0112 6140 SstpSvc - ok

08:47:33.0140 6140 [ 74425FFA11C133D045E1C3BE2EAD481D ] ssudmdm C:\Windows\system32\DRIVERS\ssudmdm.sys

08:47:33.0142 6140 ssudmdm - ok

08:47:33.0151 6140 [ F3817967ED533D08327DC73BC4D5542A ] stexstor C:\Windows\system32\drivers\stexstor.sys

08:47:33.0153 6140 stexstor - ok

08:47:33.0171 6140 [ 8DD52E8E6128F4B2DA92CE27402871C1 ] stisvc C:\Windows\System32\wiaservc.dll

08:47:33.0176 6140 stisvc - ok

08:47:33.0186 6140 [ D01EC09B6711A5F8E7E6564A4D0FBC90 ] swenum C:\Windows\system32\drivers\swenum.sys

08:47:33.0186 6140 swenum - ok

08:47:33.0199 6140 [ E08E46FDD841B7184194011CA1955A0B ] swprv C:\Windows\System32\swprv.dll

08:47:33.0203 6140 swprv - ok

08:47:33.0227 6140 [ BF9CCC0BF39B418C8D0AE8B05CF95B7D ] SysMain C:\Windows\system32\sysmain.dll

08:47:33.0253 6140 SysMain - ok

08:47:33.0262 6140 [ E3C61FD7B7C2557E1F1B0B4CEC713585 ] TabletInputService C:\Windows\System32\TabSvc.dll

08:47:33.0264 6140 TabletInputService - ok

08:47:33.0277 6140 [ 40F0849F65D13EE87B9A9AE3C1DD6823 ] TapiSrv C:\Windows\System32\tapisrv.dll

08:47:33.0280 6140 TapiSrv - ok

08:47:33.0289 6140 [ 1BE03AC720F4D302EA01D40F588162F6 ] TBS C:\Windows\System32\tbssvc.dll

08:47:33.0291 6140 TBS - ok

08:47:33.0337 6140 [ 37608401DFDB388CAF66917F6B2D6FB0 ] Tcpip C:\Windows\system32\drivers\tcpip.sys

08:47:33.0362 6140 Tcpip - ok

08:47:33.0387 6140 [ 37608401DFDB388CAF66917F6B2D6FB0 ] TCPIP6 C:\Windows\system32\DRIVERS\tcpip.sys

08:47:33.0394 6140 TCPIP6 - ok

08:47:33.0408 6140 [ 1B16D0BD9841794A6E0CDE0CEF744ABC ] tcpipreg C:\Windows\system32\drivers\tcpipreg.sys

08:47:33.0409 6140 tcpipreg - ok

08:47:33.0420 6140 [ 3371D21011695B16333A3934340C4E7C ] TDPIPE C:\Windows\system32\drivers\tdpipe.sys

08:47:33.0421 6140 TDPIPE - ok

08:47:33.0439 6140 [ 51C5ECEB1CDEE2468A1748BE550CFBC8 ] TDTCP C:\Windows\system32\drivers\tdtcp.sys

08:47:33.0441 6140 TDTCP - ok

08:47:33.0459 6140 [ DDAD5A7AB24D8B65F8D724F5C20FD806 ] tdx C:\Windows\system32\DRIVERS\tdx.sys

08:47:33.0461 6140 tdx - ok

08:47:33.0472 6140 [ 561E7E1F06895D78DE991E01DD0FB6E5 ] TermDD C:\Windows\system32\drivers\termdd.sys

08:47:33.0472 6140 TermDD - ok

08:47:33.0490 6140 [ 2E648163254233755035B46DD7B89123 ] TermService C:\Windows\System32\termsrv.dll

08:47:33.0495 6140 TermService - ok

08:47:33.0505 6140 [ F0344071948D1A1FA732231785A0664C ] Themes C:\Windows\system32\themeservice.dll

08:47:33.0508 6140 Themes - ok

08:47:33.0519 6140 [ E40E80D0304A73E8D269F7141D77250B ] THREADORDER C:\Windows\system32\mmcss.dll

08:47:33.0520 6140 THREADORDER - ok

08:47:33.0532 6140 [ 7E7AFD841694F6AC397E99D75CEAD49D ] TrkWks C:\Windows\System32\trkwks.dll

08:47:33.0535 6140 TrkWks - ok

08:47:33.0567 6140 [ 773212B2AAA24C1E31F10246B15B276C ] TrustedInstaller C:\Windows\servicing\TrustedInstaller.exe

08:47:33.0568 6140 TrustedInstaller - ok

08:47:33.0574 6140 [ CE18B2CDFC837C99E5FAE9CA6CBA5D30 ] tssecsrv C:\Windows\system32\DRIVERS\tssecsrv.sys

08:47:33.0575 6140 tssecsrv - ok

08:47:33.0588 6140 [ D11C783E3EF9A3C52C0EBE83CC5000E9 ] TsUsbFlt C:\Windows\system32\drivers\tsusbflt.sys

08:47:33.0590 6140 TsUsbFlt - ok

08:47:33.0595 6140 [ 9CC2CCAE8A84820EAECB886D477CBCB8 ] TsUsbGD C:\Windows\system32\drivers\TsUsbGD.sys

08:47:33.0597 6140 TsUsbGD - ok

08:47:33.0616 6140 [ 3566A8DAAFA27AF944F5D705EAA64894 ] tunnel C:\Windows\system32\DRIVERS\tunnel.sys

08:47:33.0618 6140 tunnel - ok

08:47:33.0627 6140 [ B4DD609BD7E282BFC683CEC7EAAAAD67 ] uagp35 C:\Windows\system32\drivers\uagp35.sys

08:47:33.0629 6140 uagp35 - ok

08:47:33.0647 6140 [ FF4232A1A64012BAA1FD97C7B67DF593 ] udfs C:\Windows\system32\DRIVERS\udfs.sys

08:47:33.0649 6140 udfs - ok

08:47:33.0659 6140 [ 3CBDEC8D06B9968ABA702EBA076364A1 ] UI0Detect C:\Windows\system32\UI0Detect.exe

08:47:33.0662 6140 UI0Detect - ok

08:47:33.0676 6140 [ 4BFE1BC28391222894CBF1E7D0E42320 ] uliagpkx C:\Windows\system32\drivers\uliagpkx.sys

08:47:33.0678 6140 uliagpkx - ok

08:47:33.0692 6140 [ DC54A574663A895C8763AF0FA1FF7561 ] umbus C:\Windows\system32\DRIVERS\umbus.sys

08:47:33.0694 6140 umbus - ok

08:47:33.0702 6140 [ B2E8E8CB557B156DA5493BBDDCC1474D ] UmPass C:\Windows\system32\drivers\umpass.sys

08:47:33.0704 6140 UmPass - ok

08:47:33.0756 6140 [ 67A95B9D129ED5399E7965CD09CF30E7 ] UMVPFSrv C:\Program Files (x86)\Common Files\logishrd\LVMVFM\UMVPFSrv.exe

08:47:33.0759 6140 UMVPFSrv - ok

08:47:33.0837 6140 [ 6617E7CC9DC6729A11BFF54C47CEA7D0 ] UNS C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe

08:47:33.0839 6140 UNS - ok

08:47:33.0850 6140 [ D47EC6A8E81633DD18D2436B19BAF6DE ] upnphost C:\Windows\System32\upnphost.dll

08:47:33.0853 6140 upnphost - ok

08:47:33.0877 6140 [ 82E8F44688E6FAC57B5B7C6FC7ADBC2A ] usbaudio C:\Windows\system32\drivers\usbaudio.sys

08:47:33.0878 6140 usbaudio - ok

08:47:33.0886 6140 [ 6F1A3157A1C89435352CEB543CDB359C ] usbccgp C:\Windows\system32\DRIVERS\usbccgp.sys

08:47:33.0888 6140 usbccgp - ok

08:47:33.0903 6140 [ AF0892A803FDDA7492F595368E3B68E7 ] usbcir C:\Windows\system32\drivers\usbcir.sys

08:47:33.0905 6140 usbcir - ok

08:47:33.0919 6140 [ C025055FE7B87701EB042095DF1A2D7B ] usbehci C:\Windows\system32\DRIVERS\usbehci.sys

08:47:33.0920 6140 usbehci - ok

08:47:33.0932 6140 [ 287C6C9410B111B68B52CA298F7B8C24 ] usbhub C:\Windows\system32\DRIVERS\usbhub.sys

08:47:33.0934 6140 usbhub - ok

08:47:33.0946 6140 [ 9840FC418B4CBD632D3D0A667A725C31 ] usbohci C:\Windows\system32\drivers\usbohci.sys

08:47:33.0948 6140 usbohci - ok

08:47:33.0960 6140 [ 73188F58FB384E75C4063D29413CEE3D ] usbprint C:\Windows\system32\DRIVERS\usbprint.sys

08:47:33.0962 6140 usbprint - ok

08:47:33.0977 6140 [ AAA2513C8AED8B54B189FD0C6B1634C0 ] usbscan C:\Windows\system32\DRIVERS\usbscan.sys

08:47:33.0979 6140 usbscan - ok

08:47:33.0983 6140 [ FED648B01349A3C8395A5169DB5FB7D6 ] USBSTOR C:\Windows\system32\DRIVERS\USBSTOR.SYS

08:47:33.0992 6140 USBSTOR - ok

08:47:33.0999 6140 [ 62069A34518BCF9C1FD9E74B3F6DB7CD ] usbuhci C:\Windows\system32\drivers\usbuhci.sys

08:47:34.0000 6140 usbuhci - ok

08:47:34.0016 6140 [ 454800C2BC7F3927CE030141EE4F4C50 ] usbvideo C:\Windows\system32\Drivers\usbvideo.sys

08:47:34.0018 6140 usbvideo - ok

08:47:34.0031 6140 [ EDBB23CBCF2CDF727D64FF9B51A6070E ] UxSms C:\Windows\System32\uxsms.dll

08:47:34.0034 6140 UxSms - ok

08:47:34.0039 6140 [ C118A82CD78818C29AB228366EBF81C3 ] VaultSvc C:\Windows\system32\lsass.exe

08:47:34.0040 6140 VaultSvc - ok

08:47:34.0048 6140 [ C5C876CCFC083FF3B128F933823E87BD ] vdrvroot C:\Windows\system32\drivers\vdrvroot.sys

08:47:34.0049 6140 vdrvroot - ok

08:47:34.0062 6140 [ 8D6B481601D01A456E75C3210F1830BE ] vds C:\Windows\System32\vds.exe

08:47:34.0066 6140 vds - ok

08:47:34.0090 6140 [ DA4DA3F5E02943C2DC8C6ED875DE68DD ] vga C:\Windows\system32\DRIVERS\vgapnp.sys

08:47:34.0091 6140 vga - ok

08:47:34.0103 6140 [ 53E92A310193CB3C03BEA963DE7D9CFC ] VgaSave C:\Windows\System32\drivers\vga.sys

08:47:34.0104 6140 VgaSave - ok

08:47:34.0119 6140 [ 2CE2DF28C83AEAF30084E1B1EB253CBB ] vhdmp C:\Windows\system32\drivers\vhdmp.sys

08:47:34.0121 6140 vhdmp - ok

08:47:34.0135 6140 [ E5689D93FFE4E5D66C0178761240DD54 ] viaide C:\Windows\system32\drivers\viaide.sys

08:47:34.0136 6140 viaide - ok

08:47:34.0145 6140 [ D2AAFD421940F640B407AEFAAEBD91B0 ] volmgr C:\Windows\system32\drivers\volmgr.sys

08:47:34.0146 6140 volmgr - ok

08:47:34.0154 6140 [ A255814907C89BE58B79EF2F189B843B ] volmgrx C:\Windows\system32\drivers\volmgrx.sys

08:47:34.0162 6140 volmgrx - ok

08:47:34.0167 6140 [ 0D08D2F3B3FF84E433346669B5E0F639 ] volsnap C:\Windows\system32\drivers\volsnap.sys

08:47:34.0169 6140 volsnap - ok

08:47:34.0184 6140 [ 5E2016EA6EBACA03C04FEAC5F330D997 ] vsmraid C:\Windows\system32\drivers\vsmraid.sys

08:47:34.0186 6140 vsmraid - ok

08:47:34.0212 6140 [ B60BA0BC31B0CB414593E169F6F21CC2 ] VSS C:\Windows\system32\vssvc.exe

08:47:34.0229 6140 VSS - ok

08:47:34.0237 6140 [ 36D4720B72B5C5D9CB2B9C29E9DF67A1 ] vwifibus C:\Windows\system32\DRIVERS\vwifibus.sys

08:47:34.0239 6140 vwifibus - ok

08:47:34.0250 6140 [ 6A3D66263414FF0D6FA754C646612F3F ] vwififlt C:\Windows\system32\DRIVERS\vwififlt.sys

08:47:34.0252 6140 vwififlt - ok

08:47:34.0271 6140 [ 1C9D80CC3849B3788048078C26486E1A ] W32Time C:\Windows\system32\w32time.dll

08:47:34.0274 6140 W32Time - ok

08:47:34.0289 6140 [ 4E9440F4F152A7B944CB1663D3935A3E ] WacomPen C:\Windows\system32\drivers\wacompen.sys

08:47:34.0291 6140 WacomPen - ok

08:47:34.0302 6140 [ 356AFD78A6ED4457169241AC3965230C ] WANARP C:\Windows\system32\DRIVERS\wanarp.sys

08:47:34.0304 6140 WANARP - ok

08:47:34.0310 6140 [ 356AFD78A6ED4457169241AC3965230C ] Wanarpv6 C:\Windows\system32\DRIVERS\wanarp.sys

08:47:34.0311 6140 Wanarpv6 - ok

08:47:34.0359 6140 [ 3CEC96DE223E49EAAE3651FCF8FAEA6C ] WatAdminSvc C:\Windows\system32\Wat\WatAdminSvc.exe

08:47:34.0376 6140 WatAdminSvc - ok

08:47:34.0402 6140 [ 78F4E7F5C56CB9716238EB57DA4B6A75 ] wbengine C:\Windows\system32\wbengine.exe

08:47:34.0420 6140 wbengine - ok

08:47:34.0434 6140 [ 3AA101E8EDAB2DB4131333F4325C76A3 ] WbioSrvc C:\Windows\System32\wbiosrvc.dll

08:47:34.0436 6140 WbioSrvc - ok

08:47:34.0449 6140 [ 7368A2AFD46E5A4481D1DE9D14848EDD ] wcncsvc C:\Windows\System32\wcncsvc.dll

08:47:34.0452 6140 wcncsvc - ok

08:47:34.0463 6140 [ 20F7441334B18CEE52027661DF4A6129 ] WcsPlugInService C:\Windows\System32\WcsPlugInService.dll

08:47:34.0466 6140 WcsPlugInService - ok

08:47:34.0478 6140 [ 72889E16FF12BA0F235467D6091B17DC ] Wd C:\Windows\system32\drivers\wd.sys

08:47:34.0481 6140 Wd - ok

08:47:34.0505 6140 [ 442783E2CB0DA19873B7A63833FF4CB4 ] Wdf01000 C:\Windows\system32\drivers\Wdf01000.sys

08:47:34.0510 6140 Wdf01000 - ok

08:47:34.0517 6140 [ BF1FC3F79B863C914687A737C2F3D681 ] WdiServiceHost C:\Windows\system32\wdi.dll

08:47:34.0519 6140 WdiServiceHost - ok

08:47:34.0521 6140 [ BF1FC3F79B863C914687A737C2F3D681 ] WdiSystemHost C:\Windows\system32\wdi.dll

08:47:34.0523 6140 WdiSystemHost - ok

08:47:34.0534 6140 [ 3DB6D04E1C64272F8B14EB8BC4616280 ] WebClient C:\Windows\System32\webclnt.dll

08:47:34.0537 6140 WebClient - ok

08:47:34.0551 6140 [ C749025A679C5103E575E3B48E092C43 ] Wecsvc C:\Windows\system32\wecsvc.dll

08:47:34.0554 6140 Wecsvc - ok

08:47:34.0565 6140 [ 7E591867422DC788B9E5BD337A669A08 ] wercplsupport C:\Windows\System32\wercplsupport.dll

08:47:34.0567 6140 wercplsupport - ok

08:47:34.0572 6140 [ 6D137963730144698CBD10F202E9F251 ] WerSvc C:\Windows\System32\WerSvc.dll

08:47:34.0574 6140 WerSvc - ok

08:47:34.0577 6140 [ 611B23304BF067451A9FDEE01FBDD725 ] WfpLwf C:\Windows\system32\DRIVERS\wfplwf.sys

08:47:34.0577 6140 WfpLwf - ok

08:47:34.0588 6140 [ 05ECAEC3E4529A7153B3136CEB49F0EC ] WIMMount C:\Windows\system32\drivers\wimmount.sys

08:47:34.0590 6140 WIMMount - ok

08:47:34.0592 6140 WinDefend - ok

08:47:34.0594 6140 WinHttpAutoProxySvc - ok

08:47:34.0635 6140 [ 19B07E7E8915D701225DA41CB3877306 ] Winmgmt C:\Windows\system32\wbem\WMIsvc.dll

08:47:34.0636 6140 Winmgmt - ok

08:47:34.0674 6140 [ BCB1310604AA415C4508708975B3931E ] WinRM C:\Windows\system32\WsmSvc.dll

08:47:34.0700 6140 WinRM - ok

08:47:34.0732 6140 [ FE88B288356E7B47B74B13372ADD906D ] WinUsb C:\Windows\system32\DRIVERS\WinUsb.sys

08:47:34.0734 6140 WinUsb - ok

08:47:34.0748 6140 [ 4FADA86E62F18A1B2F42BA18AE24E6AA ] Wlansvc C:\Windows\System32\wlansvc.dll

08:47:34.0754 6140 Wlansvc - ok

08:47:34.0818 6140 [ 06C8FA1CF39DE6A735B54D906BA791C6 ] wlcrasvc C:\Program Files\Windows Live\Mesh\wlcrasvc.exe

08:47:34.0820 6140 wlcrasvc - ok

08:47:34.0864 6140 [ 2BACD71123F42CEA603F4E205E1AE337 ] wlidsvc C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE

08:47:34.0890 6140 wlidsvc - ok

08:47:34.0896 6140 [ F6FF8944478594D0E414D3F048F0D778 ] WmiAcpi C:\Windows\system32\drivers\wmiacpi.sys

08:47:34.0897 6140 WmiAcpi - ok

08:47:34.0909 6140 [ 38B84C94C5A8AF291ADFEA478AE54F93 ] wmiApSrv C:\Windows\system32\wbem\WmiApSrv.exe

08:47:34.0910 6140 wmiApSrv - ok

08:47:34.0923 6140 WMPNetworkSvc - ok

08:47:34.0926 6140 [ 96C6E7100D724C69FCF9E7BF590D1DCA ] WPCSvc C:\Windows\System32\wpcsvc.dll

08:47:34.0927 6140 WPCSvc - ok

08:47:34.0934 6140 [ 93221146D4EBBF314C29B23CD6CC391D ] WPDBusEnum C:\Windows\system32\wpdbusenum.dll

08:47:34.0937 6140 WPDBusEnum - ok

08:47:34.0945 6140 [ 6BCC1D7D2FD2453957C5479A32364E52 ] ws2ifsl C:\Windows\system32\drivers\ws2ifsl.sys

08:47:34.0947 6140 ws2ifsl - ok

08:47:34.0979 6140 [ E8B1FE6669397D1772D8196DF0E57A9E ] wscsvc C:\Windows\system32\wscsvc.dll

08:47:34.0982 6140 wscsvc - ok

08:47:34.0983 6140 WSearch - ok

08:47:35.0021 6140 [ D9EF901DCA379CFE914E9FA13B73B4C4 ] wuauserv C:\Windows\system32\wuaueng.dll

08:47:35.0047 6140 wuauserv - ok

08:47:35.0077 6140 [ AB886378EEB55C6C75B4F2D14B6C869F ] WudfPf C:\Windows\system32\drivers\WudfPf.sys

08:47:35.0078 6140 WudfPf - ok

08:47:35.0082 6140 [ DDA4CAF29D8C0A297F886BFE561E6659 ] WUDFRd C:\Windows\system32\DRIVERS\WUDFRd.sys

08:47:35.0084 6140 WUDFRd - ok

08:47:35.0094 6140 [ B20F051B03A966392364C83F009F7D17 ] wudfsvc C:\Windows\System32\WUDFSvc.dll

08:47:35.0097 6140 wudfsvc - ok

08:47:35.0117 6140 [ 9A3452B3C2A46C073166C5CF49FAD1AE ] WwanSvc C:\Windows\System32\wwansvc.dll

08:47:35.0120 6140 WwanSvc - ok

08:47:35.0137 6140 ================ Scan global ===============================

08:47:35.0148 6140 [ BA0CD8C393E8C9F83354106093832C7B ] C:\Windows\system32\basesrv.dll

08:47:35.0169 6140 [ F46BBAAC1C4980F4D0DD463F190A42D3 ] C:\Windows\system32\winsrv.dll

08:47:35.0174 6140 [ F46BBAAC1C4980F4D0DD463F190A42D3 ] C:\Windows\system32\winsrv.dll

08:47:35.0182 6140 [ D6160F9D869BA3AF0B787F971DB56368 ] C:\Windows\system32\sxssrv.dll

08:47:35.0207 6140 [ 24ACB7E5BE595468E3B9AA488B9B4FCB ] C:\Windows\system32\services.exe

08:47:35.0210 6140 [Global] - ok

08:47:35.0211 6140 ================ Scan MBR ==================================

08:47:35.0217 6140 [ A36C5E4F47E84449FF07ED3517B43A31 ] \Device\Harddisk0\DR0

08:47:35.0339 6140 \Device\Harddisk0\DR0 - ok

08:47:35.0339 6140 ================ Scan VBR ==================================

08:47:35.0341 6140 [ D2FE34C7B3FB24C5DECB5B5FE33F131F ] \Device\Harddisk0\DR0\Partition1

08:47:35.0343 6140 \Device\Harddisk0\DR0\Partition1 - ok

08:47:35.0357 6140 [ 4B21FCD3B35766222165ABD1B518D02F ] \Device\Harddisk0\DR0\Partition2

08:47:35.0359 6140 \Device\Harddisk0\DR0\Partition2 - ok

08:47:35.0359 6140 ============================================================

08:47:35.0359 6140 Scan finished

08:47:35.0359 6140 ============================================================

08:47:35.0365 4320 Detected object count: 0

08:47:35.0365 4320 Actual detected object count: 0

ESET

C:\NewsRoverFiles\Valid [Checker]4PP by ZzUk v1.2.exe a variant of Win32/Injector.JEL trojan cleaned by deleting - quarantined

C:\Users\Stephen\Downloads\jZipSetup.exe Win32/Toolbar.SearchSuite application cleaned by deleting - quarantined

C:\Users\Stephen\Downloads\Future\iLividSetup.exe Win32/Toolbar.SearchSuite application cleaned by deleting - quarantined

C:\Users\Stephen\Downloads\Future\Mega SEO Pack by (Santino).zip Win32/HackTool.Patcher.A application deleted - quarantined

C:\Users\Stephen\Downloads\JEH\compile\skype.exe Win32/Spy.Autoit.M trojan cleaned by deleting - quarantined

Operating memory Win32/Ainslot.AA worm

# AdwCleaner v2.011 - Logfile created 12/03/2012 at 14:15:35

# Updated 02/12/2012 by Xplode

# Operating system : Windows 7 Home Premium Service Pack 1 (64 bits)

# User : Stephen - GATEWAYWORK

# Boot Mode : Normal

# Running from : C:\Users\Stephen\Downloads\Malware\ADWcleaner\adwcleaner.exe

# Option [search]

***** [services] *****

***** [Files / Folders] *****

File Found : C:\Users\Public\Desktop\Get The Best Facebook Chat Messenger.lnk

File Found : C:\Users\Stephen\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\iLivid.lnk

File Found : C:\Users\Stephen\Desktop\iLivid.lnk

Folder Found : C:\Users\Stephen\AppData\Local\Ilivid

***** [Registry] *****

Key Found : HKCU\Software\ilivid

Key Found : HKLM\Software\Freeze.com

Key Found : HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\ilivid

***** [internet Browsers] *****

-\\ Internet Explorer v9.0.8112.16455

[OK] Registry is clean.

-\\ Mozilla Firefox v17.0 (en-US)

Profile name : default

File : C:\Users\Stephen\AppData\Roaming\Mozilla\Firefox\Profiles\t9nc1ggn.default\prefs.js

[OK] File is clean.

-\\ Google Chrome v23.0.1271.95

File : C:\Users\Stephen\AppData\Local\Google\Chrome\User Data\Default\Preferences

[OK] File is clean.

-\\ Chromium v check_default_browser: true

File : C:\Users\Stephen\AppData\Local\Chromium\User Data\Default\Preferences

[OK] File is clean.

-\\ Opera v12.11.1661.0

File : C:\Users\Stephen\AppData\Roaming\Opera\Opera\operaprefs.ini

[OK] File is clean.

*************************

AdwCleaner[R1].txt - [1578 octets] - [03/12/2012 14:15:35]

########## EOF - C:\AdwCleaner[R1].txt - [1638 octets] ##########

Results of screen317's Security Check version 0.99.56

Windows 7 Service Pack 1 x64 (UAC is enabled)

Internet Explorer 9

``````````````Antivirus/Firewall Check:``````````````

Windows Firewall Disabled!

GFI Software VIPRE

Antivirus up to date!

`````````Anti-malware/Other Utilities Check:`````````

Spybot - Search & Destroy

Malwarebytes Anti-Malware version 1.65.1.1000

Java 7 Update 9

Adobe Flash Player 11.5.502.110

Adobe Reader 10.1.4 Adobe Reader out of Date!

Mozilla Firefox (17.0)

Google Chrome 21.0.1180.89

Google Chrome 22.0.1229.79

Google Chrome 22.0.1229.92

Google Chrome 22.0.1229.94

Google Chrome 23.0.1271.64

Google Chrome 23.0.1271.91

Google Chrome 23.0.1271.95

Google Chrome plugins...

````````Process Check: objlist.exe by Laurent````````

Malwarebytes Anti-Malware mbamservice.exe

Malwarebytes Anti-Malware mbamgui.exe

ESET ESET Online Scanner OnlineCmdLineScanner.exe

Malwarebytes' Anti-Malware mbamscheduler.exe

Stephen Downloads Malware ADWcleaner\adwcleaner.exe

Stephen Downloads Malware Security Chk\SecurityCheck.exe

`````````````````System Health check`````````````````

Total Fragmentation on Drive C: 2%

````````````````````End of Log``````````````````````

Link to post
Share on other sites

  • 4 weeks later...
  • 2 weeks later...

Due to the lack of feedback this topic is closed to prevent others from posting here. If you need this topic reopened, please send a Private Message to any one of the moderating team members. Please include a link to this thread with your request. This applies only to the originator of this thread.

Other members who need assistance please start your own topic in a new thread. Thanks!

Link to post
Share on other sites

Guest
This topic is now closed to further replies.
  • Recently Browsing   0 members

    • No registered users viewing this page.
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.