Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Ads in left & right corner of IE9, redirecting also.


  • This topic is locked This topic is locked
15 replies to this topic

#1 GarethD

GarethD

  • Members
  • 11 posts
  • OFFLINE
  •  
  • Local time:01:03 PM

Posted 24 September 2012 - 08:33 AM

Went onto a site earlier and got redirect to a youtube style sites, ever since have had ads in the bottom left and right hand side of the page. Please help!

# AdwCleaner v2.003 - Logfile created 09/24/2012 at 14:19:42
# Updated 23/09/2012 by Xplode
# Operating system : Windows 7 Ultimate Service Pack 1 (64 bits)
# User : Gareth Davies - MISUK02
# Boot Mode : Normal
# Running from : C:\Users\Gareth Davies\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\8MRVXZ3J\adwcleaner.exe
# Option [Delete]


***** [Services] *****


***** [Files / Folders] *****

Folder Deleted : C:\Program Files (x86)\Ilivid
Folder Deleted : C:\ProgramData\splashtop
Folder Deleted : C:\Users\Gareth Davies\AppData\Local\Ilivid Player
Folder Deleted : C:\Users\Gareth Davies\AppData\Roaming\splashtop

***** [Registry] *****

Key Deleted : HKCU\Software\ilivid
Key Deleted : HKLM\Software\ilivid
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\ilivid
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{79FB5FC8-44B9-4AF5-BADD-CCE547F953E5}
Value Deleted : HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser [{D4027C7F-154A-4066-A1AD-4243D8127440}]

***** [Internet Browsers] *****

-\\ Internet Explorer v9.0.8112.16421

Restored : [HKCU\Software\Wow6432Node\Microsoft\Internet Explorer\SearchScopes - DefaultScope]
Restored : [HKCU\Software\Microsoft\Internet Explorer\SearchScopes - DefaultScope]
Restored : [HKU\S-1-5-18\Software\Microsoft\Internet Explorer\SearchScopes - DefaultScope]
Restored : [HKU\S-1-5-19\Software\Microsoft\Internet Explorer\SearchScopes - DefaultScope]
Restored : [HKU\S-1-5-20\Software\Microsoft\Internet Explorer\SearchScopes - DefaultScope]
Restored : [HKU\S-1-5-21-1173053573-1497775661-467333394-1007\Software\Microsoft\Internet Explorer\SearchScopes - DefaultScope]
Restored : [HKU\S-1-5-80-658301257-2982135855-2592439322-278883598-2576459600\Software\Microsoft\Internet Explorer\SearchScopes - DefaultScope]

-\\ Mozilla Firefox v7.0.1 (en-GB)

Profile name : default
File : C:\Users\Gareth Davies\AppData\Roaming\Mozilla\Firefox\Profiles\t5ton78a.default\prefs.js

[OK] File is clean.

-\\ Google Chrome v [Unable to get version]

File : C:\Users\Gareth Davies\AppData\Local\Google\Chrome\User Data\Default\Preferences

[OK] File is clean.

*************************

AdwCleaner[S1].txt - [2247 octets] - [24/09/2012 14:19:42]

########## EOF - C:\AdwCleaner[S1].txt - [2307 octets] ##########

BC AdBot (Login to Remove)

 


#2 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:01:03 PM

Posted 26 September 2012 - 11:25 PM

Greetings and Welcome to The Forums!!

My name is Gringo and I'll be glad to help you with your computer problems.

I have put together somethings for you to keep in mind while I am helping you to make things go easier and faster for both of us

  • Please do not run any tools unless instructed to do so.
    • We ask you to run different tools in a specific order to ensure the malware is completely removed from your machine, and running any additional tools may detect false positives, interfere with our tools, or cause unforeseen damage or system instability.
  • Please do not attach logs or use code boxes, just copy and paste the text.
    • Due to the high volume of logs we receive it helps to receive everything in the same format, and code boxes make the logs very difficult to read. Also, attachments require us to download and open the reports when it is easier to just read the reports in your post.
  • Please read every post completely before doing anything.
    • Pay special attention to the NOTE: lines, these entries identify an individual issue or important step in the cleanup process.
  • Please provide feedback about your experience as we go.
    • A short statement describing how the computer is working helps us understand where to go next, for example: I am still getting redirected, the computer is running normally, etc. Please do not describe the computer as "the same", this requires the extra step of looking back at your previous post.
NOTE: At the top of your post, click on the Watch Topic Button, select Immediate Notification, and click on Proceed. This will send you an e-mail as soon as I reply to your topic, allowing us to resolve the issue faster.

NOTE: Backup any files that cannot be replaced. Removing malware can be unpredictable and this step can save a lot of hartaches if things don't go as planed. You can put them on a CD/DVD, external drive or a pen drive, anywhere except on the computer.

NOTE: It is good practice to copy and paste the instructions into notepad and print them in case it is necessary for you to go offline during the cleanup process. To open notepad, navigate to Start Menu > All Programs > Accessories > Notepad. Please remember to copy the entire post so you do not miss any instructions.


DeFogger:

  • Please download DeFogger to your desktop.

    Double click DeFogger to run the tool.
  • The application window will appear
  • Click the Disable button to disable your CD Emulation drivers
  • Click Yes to continue
  • A 'Finished!' message will appear
  • Click OK
  • DeFogger may ask you to reboot the machine, if it does - click OK
Do not re-enable these drivers until otherwise instructed.


Security Check

  • Download Security Check by screen317 from here.
  • Save it to your Desktop.
  • Double click SecurityCheck.exe and follow the onscreen instructions inside of the black box.
  • A Notepad document should open automatically called checkup.txt; please post the contents of that document.


Download DDS:

  • Please download DDS by sUBs from one of the links below and save it to your desktop:

    Posted Image
    Download DDS and save it to your desktop

    Link1
    Link2
    Link3

    Please disable any anti-malware program that will block scripts from running before running DDS.

    • Double-Click on dds.scr and a command window will appear. This is normal.
    • Shortly after two logs will appear:
    • DDS.txt
    • Attach.txt
  • A window will open instructing you save & post the logs
  • Save the logs to a convenient place such as your desktop
  • Copy the contents of both logs & post in your next reply

information and logs:

  • In your next post I need the following

  • .logs from DDS
  • let me know of any problems you may have had

Gringo

I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#3 GarethD

GarethD
  • Topic Starter

  • Members
  • 11 posts
  • OFFLINE
  •  
  • Local time:01:03 PM

Posted 27 September 2012 - 03:02 AM

Hi Gringo,

many thanks for the help. This is the contents of the Security Check Log.

Results of screen317's Security Check version 0.99.51
Windows 7 Service Pack 1 x64 (UAC is disabled!)
Internet Explorer 9
``````````````Antivirus/Firewall Check:``````````````
Windows Security Center service is not running! This report may not be accurate!
Microsoft Security Essentials
(On Access scanning disabled!)
Error obtaining update status for antivirus!
`````````Anti-malware/Other Utilities Check:`````````
Java™ 6 Update 27
Java version out of Date!
Adobe Reader X 10.1.0 Adobe Reader out of Date!
Mozilla Firefox (7.0.1)
Google Chrome 21.0.1180.83
Google Chrome 21.0.1180.89
Google Chrome 22.0.1229.79
````````Process Check: objlist.exe by Laurent````````
Microsoft Security Essentials MSMpEng.exe
Microsoft Security Essentials msseces.exe
`````````````````System Health check`````````````````
Total Fragmentation on Drive C: 0%
````````````````````End of Log``````````````````````

Regards

Gareth

#4 GarethD

GarethD
  • Topic Starter

  • Members
  • 11 posts
  • OFFLINE
  •  
  • Local time:01:03 PM

Posted 27 September 2012 - 03:05 AM

This is the contents of the DDS.txt log

.
DDS (Ver_2011-08-26.01) - NTFSAMD64
Internet Explorer: 9.0.8112.16421
Run by Gareth Davies at 9:03:11 on 2012-09-27
Microsoft Windows 7 Ultimate 6.1.7601.1.1252.44.1033.18.8175.3361 [GMT 1:00]
.
AV: Microsoft Security Essentials *Disabled/Updated* {108DAC43-C256-20B7-BB05-914135DA5160}
SP: Microsoft Security Essentials *Disabled/Updated* {ABEC4DA7-E46C-2F39-81B5-AA334E5D1BDD}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
============== Running Processes ===============
.
C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\nvvsvc.exe
C:\Windows\system32\svchost.exe -k RPCSS
c:\Program Files\Microsoft Security Client\MsMpEng.exe
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\svchost.exe -k NetworkService
C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe
C:\Windows\system32\nvvsvc.exe
C:\Windows\System32\spoolsv.exe
C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files (x86)\CheckPoint\SSL Network Extender\slimsvc.exe
C:\Program Files (x86)\GIGABYTE\EnergySaver2\des2svr.exe
C:\Windows\System32\svchost.exe -k LocalServiceNoNetwork
C:\Program Files (x86)\LogMeIn\x64\LMIGuardianSvc.exe
C:\Program Files (x86)\LogMeIn\x64\RaMaint.exe
C:\Program Files (x86)\LogMeIn\x64\LogMeIn.exe
c:\Program Files\Microsoft SQL Server\MSSQL11.MSTRACK\MSSQL\Binn\sqlservr.exe
C:\Windows\System32\svchost.exe -k HPZ12
C:\Windows\System32\svchost.exe -k HPZ12
c:\Program Files (x86)\Common Files\Protexis\License Service\PsiService_2.exe
C:\Program Files (x86)\Common Files\Intuit\QuickBooks\QBCFMonitorService.exe
C:\Windows\system32\taskhost.exe
C:\ProgramData\Skype\Toolbars\Skype C2C Service\c2c_service.exe
C:\Program Files (x86)\GIGABYTE\Smart6\Timelock\TimeMgmtDaemon.exe
c:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe
C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
C:\Windows\system32\svchost.exe -k imgsvc
C:\Program Files (x86)\TeamViewer\Version7\TeamViewer_Service.exe
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Program Files\GIGABYTE\SMART6\Recovery\RPMDaemon.exe
C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
C:\Program Files\Microsoft IntelliPoint\ipoint.exe
C:\Program Files (x86)\LogMeIn\x64\LogMeInSystray.exe
C:\Program Files\Microsoft Security Client\msseces.exe
C:\Program Files (x86)\Skype\Phone\Skype.exe
C:\Program Files (x86)\Common Files\Intuit\QuickBooks\QBUpdate\qbupdate.exe
C:\Users\Gareth Davies\AppData\Roaming\Dropbox\bin\Dropbox.exe
C:\Program Files (x86)\Common Files\InstallShield\UpdateService\issch.exe
C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
C:\Program Files (x86)\iTunes\iTunesHelper.exe
C:\Windows\system32\SearchIndexer.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\Program Files (x86)\GIGABYTE\Smart6\Timelock\AlarmClock.exe
C:\Program Files (x86)\Internet Explorer\iexplore.exe
C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe
C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe
C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe
C:\Program Files (x86)\Common Files\Java\Java Update\jucheck.exe
C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE
C:\Program Files (x86)\code4ward\Royal TS\RTSApp.exe
C:\Program Files (x86)\Microsoft SQL Server\110\Tools\Binn\ManagementStudio\Ssms.exe
c:\program files (x86)\common files\installshield\updateservice\isuspm.exe
C:\PROGRA~2\COMMON~1\INSTAL~1\UPDATE~1\agent.exe
C:\Program Files\Microsoft Office\Office14\OUTLOOK.EXE
C:\Windows\splwow64.exe
C:\Program Files\Microsoft Office\Office14\WINWORD.EXE
C:\Program Files (x86)\Common Files\Apple\Apple Application Support\distnoted.exe
C:\Windows\system32\conhost.exe
C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\SyncServer.exe
C:\Windows\system32\conhost.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Program Files (x86)\BIS\Digiweb - InfoDBManager\InfoDBManager 8.exe
C:\Windows\system32\taskmgr.exe
C:\Program Files (x86)\Intuit\QuickBooks 2010\qbw32.exe
C:\PROGRA~2\Intuit\QUICKB~1\QBDBMgr.exe
C:\Program Files (x86)\Common Files\Intuit\QuickBooks\axlbridge.exe
C:\Program Files (x86)\Internet Explorer\iexplore.exe
C:\Windows\system32\conhost.exe
C:\Windows\system32\PING.EXE
C:\Program Files (x86)\LogMeIn Rescue Technician Console\LogMeInRescueTechnicianConsole_x64\LMIRTechConsole.exe
C:\Program Files (x86)\LogMeIn Rescue Technician Console\LogMeInRescueTechnicianConsole_x64\LMIGuardian.exe
C:\Program Files (x86)\BIS MS Track Pro 8 - DIGIWEB\MS Track Pro 8.exe
C:\Program Files (x86)\Internet Explorer\iexplore.exe
C:\Program Files (x86)\Internet Explorer\iexplore.exe
C:\Program Files\Microsoft Office\Office14\EXCEL.EXE
C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AcroRd32.exe
C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AcroRd32.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Internet Explorer\iexplore.exe
C:\Users\Gareth Davies\Desktop\SecurityCheck.exe
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\conhost.exe
C:\Windows\SysWOW64\notepad.exe
C:\Windows\system32\SearchProtocolHost.exe
C:\Windows\system32\SearchProtocolHost.exe
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\conhost.exe
C:\Windows\SysWOW64\cscript.exe
.
============== Pseudo HJT Report ===============
.
uStart Page = hxxp://www.google.co.uk/
mWinlogon: Userinit=userinit.exe
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
BHO: Groove GFS Browser Helper: {72853161-30c5-4d22-b7f9-0bbc1d38a37e} - C:\PROGRA~2\MIF5BA~1\Office14\GROOVEEX.DLL
BHO: Skype Browser Helper: {ae805869-2e5c-4ed4-8f7b-f1f7851a4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
BHO: Java™ Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll
BHO: ChromeFrame BHO: {ecb3c477-1a0a-44bd-bb57-78f9efe34fa7} - C:\Program Files (x86)\Google\Chrome\Application\22.0.1229.79\npchrome_frame.dll
uRun: [ISUSPM Startup] C:\PROGRA~2\COMMON~1\INSTAL~1\UPDATE~1\isuspm.exe -startup
uRun: [Skype] "C:\Program Files (x86)\Skype\Phone\Skype.exe" /minimized /regrun
mRun: [ISUSScheduler] "C:\Program Files (x86)\Common Files\InstallShield\UpdateService\issch.exe" -start
mRun: [Intuit SyncManager] C:\Program Files (x86)\Common Files\Intuit\Sync\IntuitSyncManager.exe startup
mRun: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
mRun: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
mRun: [APSDaemon] "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe"
mRun: [iTunesHelper] "C:\Program Files (x86)\iTunes\iTunesHelper.exe"
StartupFolder: C:\Users\GARETH~1\AppData\Roaming\MICROS~1\Windows\STARTM~1\Programs\Startup\Dropbox.lnk - C:\Users\Gareth Davies\AppData\Roaming\Dropbox\bin\Dropbox.exe
StartupFolder: C:\PROGRA~3\MICROS~1\Windows\STARTM~1\Programs\Startup\QUICKB~1.LNK - C:\Program Files (x86)\Common Files\Intuit\QuickBooks\QBUpdate\qbupdate.exe
mPolicies-explorer: NoActiveDesktop = 1 (0x1)
mPolicies-explorer: NoActiveDesktopChanges = 1 (0x1)
mPolicies-system: ConsentPromptBehaviorAdmin = 0 (0x0)
mPolicies-system: ConsentPromptBehaviorUser = 3 (0x3)
mPolicies-system: EnableLUA = 0 (0x0)
mPolicies-system: EnableUIADesktopToggle = 0 (0x0)
mPolicies-system: PromptOnSecureDesktop = 0 (0x0)
IE: E&xport to Microsoft Excel - C:\PROGRA~1\MICROS~3\Office14\EXCEL.EXE/3000
IE: Se&nd to OneNote - C:\PROGRA~1\MICROS~3\Office14\ONBttnIE.dll/105
IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIE.dll
IE: {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - {FFFDC614-B694-4AE6-AB38-5D6374584B52} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIELinkedNotes.dll
IE: {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
LSP: mswsock.dll
DPF: {166B1BCA-3F9C-11CF-8075-444553540000} - hxxp://download.macromedia.com/pub/shockwave/cabs/director/sw.cab
DPF: {17492023-C23A-453E-A040-C7C580BBF700} - hxxp://download.microsoft.com/download/E/5/6/E5611B10-0D6D-4117-8430-A67417AA88CD/LegitCheckControl.cab
DPF: {233C1507-6A77-46A4-9443-F871F945D258} - hxxp://download.macromedia.com/pub/shockwave/cabs/director/sw.cab
DPF: {4871A87A-BFDD-4106-8153-FFDE2BAC2967} - hxxp://dlm.tools.akamai.com/dlmanager/versions/activex/dlm-activex-2.2.6.2.cab
DPF: {76392179-60A8-462D-8961-B95C14DAADF4} - hxxps://billcentre.vodafone.co.uk/bpa/content/ddiprintengine.cab
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_27-windows-i586.cab
DPF: {B8E73359-3422-4384-8D27-4EA1B4C01232} - hxxps://portal.dalkia.ie/+CSCOL+/cscopf.cab
DPF: {CAFEEFAC-0016-0000-0027-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_27-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_27-windows-i586.cab
DPF: {E06E2E99-0AA1-11D4-ABA6-0060082AA75C} - hxxps://akamaicdn.webex.com/client/WBXclient-T27L10NSP30-13034/training/ieatgpc1.cab
DPF: {FD0B6769-6490-4A91-AA0A-B5AE0DC75AC9} - hxxps://secure.logmein.com//activex/ractrl.cab?lmi=928
TCP: DhcpNameServer = 192.168.1.1
TCP: Interfaces\{4F77FADA-C41E-455C-842F-EB9758286466} : DhcpNameServer = 192.168.1.1
TCP: Interfaces\{B869CA82-F51C-4D40-8E54-1744BABCE275} : DhcpNameServer = 88.82.13.60 88.82.13.60
TCP: Interfaces\{C6996012-37C3-4221-9808-3729DA7912BB} : NameServer = 192.168.0.10
Filter: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - C:\Program Files (x86)\Common Files\microsoft shared\OFFICE14\MSOXMLMF.DLL
Handler: gcf - {9875BFAF-B04D-445E-8A69-BE36838CDE3E} - C:\Program Files (x86)\Google\Chrome\Application\22.0.1229.79\npchrome_frame.dll
Handler: intu-help-qb2 - {84D77A00-41B5-4b8b-8ADF-86486D72E749} - C:\Program Files (x86)\Intuit\QuickBooks 2010\HelpAsyncPluggableProtocol.dll
Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~2\COMMON~1\Skype\SKYPE4~1.DLL
SEH: Groove GFS Stub Execution Hook: {b5a7f190-dda6-4420-b3ba-52453494e6cd} - C:\PROGRA~2\MIF5BA~1\Office14\GROOVEEX.DLL
BHO-X64: Adobe PDF Link Helper: {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
BHO-X64: AcroIEHelperStub - No File
BHO-X64: Groove GFS Browser Helper: {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\PROGRA~2\MIF5BA~1\Office14\GROOVEEX.DLL
BHO-X64: Skype Browser Helper: {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
BHO-X64: SkypeIEPluginBHO - No File
BHO-X64: Java™ Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll
BHO-X64: ChromeFrame BHO: {ECB3C477-1A0A-44BD-BB57-78F9EFE34FA7} - C:\Program Files (x86)\Google\Chrome\Application\22.0.1229.79\npchrome_frame.dll
BHO-X64: ChromeFrame BHO - No File
mRun-x64: [ISUSScheduler] "C:\Program Files (x86)\Common Files\InstallShield\UpdateService\issch.exe" -start
mRun-x64: [Intuit SyncManager] C:\Program Files (x86)\Common Files\Intuit\Sync\IntuitSyncManager.exe startup
mRun-x64: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
mRun-x64: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
mRun-x64: [APSDaemon] "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe"
mRun-x64: [iTunesHelper] "C:\Program Files (x86)\iTunes\iTunesHelper.exe"
SEH-X64: Groove GFS Stub Execution Hook: {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\PROGRA~2\MIF5BA~1\Office14\GROOVEEX.DLL
Hosts: 72.29.93.243 www.google-analytics.com.
Hosts: 72.29.93.243 ad-emea.doubleclick.net.
Hosts: 72.29.93.243 www.statcounter.com.
Hosts: 64.27.10.42 www.google-analytics.com.
Hosts: 64.27.10.42 ad-emea.doubleclick.net.
.
Note: multiple HOSTS entries found. Please refer to Attach.txt
.
================= FIREFOX ===================
.
FF - ProfilePath - C:\Users\Gareth Davies\AppData\Roaming\Mozilla\Firefox\Profiles\t5ton78a.default\
FF - plugin: C:\PROGRA~2\MIF5BA~1\Office14\NPAUTHZ.DLL
FF - plugin: C:\PROGRA~2\MIF5BA~1\Office14\NPSPWRAP.DLL
FF - plugin: C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll
FF - plugin: C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll
FF - plugin: C:\Program Files (x86)\Google\Update\1.3.21.111\npGoogleUpdate3.dll
FF - plugin: C:\Program Files (x86)\Java\jre6\bin\new_plugin\npdeployJava1.dll
FF - plugin: c:\Program Files (x86)\Microsoft Silverlight\4.1.10329.0\npctrlui.dll
FF - plugin: C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll
FF - plugin: C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll
FF - plugin: C:\Windows\SysWOW64\Adobe\Director\np32dsw.dll
.
============= SERVICES / DRIVERS ===============
.
R0 MpFilter;Microsoft Malware Protection Driver;C:\Windows\system32\DRIVERS\MpFilter.sys --> C:\Windows\system32\DRIVERS\MpFilter.sys [?]
R1 AppleCharger;AppleCharger;C:\Windows\system32\DRIVERS\AppleCharger.sys --> C:\Windows\system32\DRIVERS\AppleCharger.sys [?]
R2 AdobeARMservice;Adobe Acrobat Update Service;C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe [2011-6-6 64952]
R2 cpextender;Check Point SSL Network Extender;C:\Program Files (x86)\CheckPoint\SSL Network Extender\slimsvc.exe [2010-11-28 353800]
R2 DES2 Service;DES2 Service for Energy Saving.;C:\Program Files (x86)\GIGABYTE\EnergySaver2\des2svr.exe [2011-9-9 68136]
R2 LMIGuardianSvc;LMIGuardianSvc;C:\Program Files (x86)\LogMeIn\x64\LMIGuardianSvc.exe [2011-9-26 375208]
R2 LMIInfo;LogMeIn Kernel Information Provider;C:\Program Files (x86)\LogMeIn\x64\rainfo.sys [2011-9-16 15928]
R2 LMIRfsDriver;LogMeIn Remote File System Driver;\??\C:\Windows\system32\drivers\LMIRfsDriver.sys --> C:\Windows\system32\drivers\LMIRfsDriver.sys [?]
R2 MSSQL$MSTRACK;SQL Server (MSTRACK);C:\Program Files\Microsoft SQL Server\MSSQL11.MSTRACK\MSSQL\Binn\sqlservr.exe [2012-2-11 191064]
R2 nvUpdatusService;NVIDIA Update Service Daemon;C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe [2011-9-13 2214504]
R2 Skype C2C Service;Skype C2C Service;C:\ProgramData\Skype\Toolbars\Skype C2C Service\c2c_service.exe [2012-8-13 3064000]
R2 Smart TimeLock;Smart TimeLock Service;C:\Program Files (x86)\GIGABYTE\smart6\timelock\TimeMgmtDaemon.exe [2011-9-9 114688]
R2 Stereo Service;NVIDIA Stereoscopic 3D Driver Service;C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe [2011-2-28 378472]
R2 TeamViewer7;TeamViewer 7;C:\Program Files (x86)\TeamViewer\Version7\TeamViewer_Service.exe [2012-7-16 2673064]
R2 UNS;Intel® Management and Security Application User Notification Service;C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe [2011-9-9 2655768]
R3 EtronHub3;Etron USB 3.0 Extensible Hub Driver;C:\Windows\system32\Drivers\EtronHub3.sys --> C:\Windows\system32\Drivers\EtronHub3.sys [?]
R3 EtronXHCI;Etron USB 3.0 Extensible Host Controller Driver;C:\Windows\system32\Drivers\EtronXHCI.sys --> C:\Windows\system32\Drivers\EtronXHCI.sys [?]
R3 MEIx64;Intel® Management Engine Interface;C:\Windows\system32\DRIVERS\HECIx64.sys --> C:\Windows\system32\DRIVERS\HECIx64.sys [?]
R3 NVHDA;Service for NVIDIA High Definition Audio Driver;C:\Windows\system32\drivers\nvhda64v.sys --> C:\Windows\system32\drivers\nvhda64v.sys [?]
R3 osppsvc;Office Software Protection Platform;C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE [2010-1-9 4925184]
R3 RTL8167;Realtek 8167 NT Driver;C:\Windows\system32\DRIVERS\Rt64win7.sys --> C:\Windows\system32\DRIVERS\Rt64win7.sys [?]
R3 VNA;Check Point Virtual Network Adapter;C:\Windows\system32\DRIVERS\vna.sys --> C:\Windows\system32\DRIVERS\vna.sys [?]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-3-18 138576]
S2 gupdate;Google Update Service (gupdate);C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2011-9-14 136176]
S2 SkypeUpdate;Skype Updater;C:\Program Files (x86)\Skype\Updater\Updater.exe [2012-6-7 160944]
S3 AppleChargerSrv;AppleChargerSrv;system32\AppleChargerSrv.exe --> system32\AppleChargerSrv.exe [?]
S3 dmvsc;dmvsc;C:\Windows\system32\drivers\dmvsc.sys --> C:\Windows\system32\drivers\dmvsc.sys [?]
S3 etdrv;etdrv;C:\Windows\etdrv.sys [2011-9-13 25640]
S3 gupdatem;Google Update Service (gupdatem);C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2011-9-14 136176]
S3 GVTDrv64;GVTDrv64;C:\Windows\GVTDrv64.sys [2011-9-9 30528]
S3 Microsoft SharePoint Workspace Audit Service;Microsoft SharePoint Workspace Audit Service;C:\Program Files\Microsoft Office\Office14\GROOVE.EXE [2011-6-12 51740536]
S3 Netaapl;Apple Mobile Device Ethernet Service;C:\Windows\system32\DRIVERS\netaapl64.sys --> C:\Windows\system32\DRIVERS\netaapl64.sys [?]
S3 NisDrv;Microsoft Network Inspection System;C:\Windows\system32\DRIVERS\NisDrvWFP.sys --> C:\Windows\system32\DRIVERS\NisDrvWFP.sys [?]
S3 NisSrv;Microsoft Network Inspection;C:\Program Files\Microsoft Security Client\NisSrv.exe [2012-3-26 291696]
S3 ose64;Office 64 Source Engine;C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE [2010-1-9 174440]
S3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;C:\Windows\system32\drivers\rdpvideominiport.sys --> C:\Windows\system32\drivers\rdpvideominiport.sys [?]
S3 Synth3dVsc;Synth3dVsc;C:\Windows\system32\drivers\synth3dvsc.sys --> C:\Windows\system32\drivers\synth3dvsc.sys [?]
S3 terminpt;Microsoft Remote Desktop Input Driver;C:\Windows\system32\drivers\terminpt.sys --> C:\Windows\system32\drivers\terminpt.sys [?]
S3 TsUsbFlt;TsUsbFlt;C:\Windows\system32\drivers\tsusbflt.sys --> C:\Windows\system32\drivers\tsusbflt.sys [?]
S3 TsUsbGD;Remote Desktop Generic USB Device;C:\Windows\system32\drivers\TsUsbGD.sys --> C:\Windows\system32\drivers\TsUsbGD.sys [?]
S3 tsusbhub;tsusbhub;C:\Windows\system32\drivers\tsusbhub.sys --> C:\Windows\system32\drivers\tsusbhub.sys [?]
S3 USBAAPL64;Apple Mobile USB Driver;C:\Windows\system32\Drivers\usbaapl64.sys --> C:\Windows\system32\Drivers\usbaapl64.sys [?]
S3 WatAdminSvc;Windows Activation Technologies Service;C:\Windows\system32\Wat\WatAdminSvc.exe --> C:\Windows\system32\Wat\WatAdminSvc.exe [?]
S3 WDC_SAM;WD SCSI Pass Thru driver;C:\Windows\system32\DRIVERS\wdcsam64.sys --> C:\Windows\system32\DRIVERS\wdcsam64.sys [?]
S3 WMSVC;Web Management Service;C:\Windows\system32\inetsrv\wmsvc.exe --> C:\Windows\system32\inetsrv\wmsvc.exe [?]
S4 RsFx0200;RsFx0200 Driver;C:\Windows\system32\DRIVERS\RsFx0200.sys --> C:\Windows\system32\DRIVERS\RsFx0200.sys [?]
S4 SQLAgent$MSTRACK;SQL Server Agent (MSTRACK);C:\Program Files\Microsoft SQL Server\MSSQL11.MSTRACK\MSSQL\Binn\SQLAGENT.EXE [2012-2-11 597080]
.
=============== Created Last 30 ================
.
2012-09-26 13:32:27 9308616 ----a-w- C:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{D734F822-E1F2-407C-82F3-554F150B2A6E}\mpengine.dll
2012-09-25 14:21:19 -------- d-----w- C:\Program Files (x86)\BIS MS Track Pro 8 - ITSL
2012-09-25 13:31:57 9308616 ----a-w- C:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\Backup\mpengine.dll
2012-09-21 12:33:21 -------- d-----w- C:\Users\Gareth Davies\AppData\Local\Citrix
2012-09-21 12:33:20 103272 ----a-w- C:\Users\Gareth Davies\GoToAssistDownloadHelper.exe
2012-08-28 13:54:47 -------- d-----w- C:\Program Files (x86)\BIS MS Track Pro 8 - SISAT
.
==================== Find3M ====================
.
2012-09-24 13:21:07 25640 ----a-w- C:\Windows\gdrv.sys
2012-07-18 12:43:47 328704 ----a-w- C:\Windows\System32\services.exe
2012-07-18 12:40:54 328704 ----a-w- C:\Windows\System32\services.exe.EE9B0ED88DA80F00
2012-07-18 12:37:36 328704 ----a-w- C:\Windows\System32\services.exe.EE2638F52ADE01A9
2012-07-18 12:34:29 328704 ----a-w- C:\Windows\System32\services.exe.94D5E24D1CD82B10
2012-07-11 16:09:43 87488 ----a-w- C:\Windows\System32\LMIRfsClientNP.dll
2012-07-11 16:09:42 80800 ----a-w- C:\Windows\System32\LMIinit.dll
2012-07-11 16:09:42 34720 ----a-w- C:\Windows\System32\LMIport.dll
.
============= FINISH: 9:03:30.68 ===============

This is the contents of the Attach.txt log

.
UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
IF REQUESTED, ZIP IT UP & ATTACH IT
.
DDS (Ver_2011-08-26.01)
.
Microsoft Windows 7 Ultimate
Boot Device: \Device\HarddiskVolume1
Install Date: 09/09/2011 15:20:32
System Uptime: 24/09/2012 14:20:41 (67 hours ago)
.
Motherboard: Gigabyte Technology Co., Ltd. | | PA65-UD3-B3
Processor: Intel® Core™ i7-2600 CPU @ 3.40GHz | Socket 1155 | 2886/100mhz
.
==== Disk Partitions =========================
.
C: is FIXED (NTFS) - 466 GiB total, 314.049 GiB free.
D: is CDROM ()
S: is NetworkDisk (NTFS) - 222 GiB total, 146.823 GiB free.
.
==== Disabled Device Manager Items =============
.
==== System Restore Points ===================
.
RP167: 28/08/2012 08:23:02 - Windows Update
RP168: 31/08/2012 12:42:04 - Windows Update
RP169: 04/09/2012 12:41:40 - Windows Update
RP170: 08/09/2012 12:43:30 - Windows Update
RP171: 11/09/2012 19:46:45 - Windows Update
RP172: 15/09/2012 19:46:41 - Windows Update
RP173: 19/09/2012 19:47:19 - Windows Update
RP174: 23/09/2012 02:18:54 - Windows Update
RP175: 26/09/2012 14:32:00 - Windows Update
.
==== Hosts File Hijack ======================
.
Hosts: 72.29.93.243 www.google-analytics.com.
Hosts: 72.29.93.243 ad-emea.doubleclick.net.
Hosts: 72.29.93.243 www.statcounter.com.
Hosts: 64.27.10.42 www.google-analytics.com.
Hosts: 64.27.10.42 ad-emea.doubleclick.net.
Hosts: 64.27.10.42 www.statcounter.com.
.
==== Installed Programs ======================
.
@BIOS
Adobe AIR
Adobe Reader X (10.1.0)
Adobe Shockwave Player 11.6
AIDA64 Extreme Edition v2.30
Apple Application Support
Apple Software Update
AutoGreen B10.1021.1
CamStudio
Check Point SSL Network Extender
Corel Graphics - Windows Shell Extension
CorelDRAW Graphics Suite X6
CorelDRAW Graphics Suite X6 - Capture
CorelDRAW Graphics Suite X6 - Common
CorelDRAW Graphics Suite X6 - Connect
CorelDRAW Graphics Suite X6 - Custom Data
CorelDRAW Graphics Suite X6 - Draw
CorelDRAW Graphics Suite X6 - EN
CorelDRAW Graphics Suite X6 - Filters
CorelDRAW Graphics Suite X6 - FontNav
CorelDRAW Graphics Suite X6 - IPM
CorelDRAW Graphics Suite X6 - PHOTO-PAINT
CorelDRAW Graphics Suite X6 - Photozoom Plugin
CorelDRAW Graphics Suite X6 - Redist
CorelDRAW Graphics Suite X6 - Setup Files
CorelDRAW Graphics Suite X6 - VBA
CorelDRAW Graphics Suite X6 - VideoBrowser
CorelDRAW Graphics Suite X6 - VSTA
CorelDRAW Graphics Suite X6 - Writing Tools
DES 2.0
Dropbox
Easy Tune 6 B10.1216.1
Etron USB3.0 Host Controller
Fences
Garmin USB Drivers
Garmin WebUpdater
Google Chrome
Google Chrome Frame
Google Earth
Google Update Helper
Hotfix for Microsoft Visual Studio 2007 Tools for Applications - ENU (KB946040)
Hotfix for Microsoft Visual Studio 2007 Tools for Applications - ENU (KB946308)
Hotfix for Microsoft Visual Studio 2007 Tools for Applications - ENU (KB946344)
Hotfix for Microsoft Visual Studio 2007 Tools for Applications - ENU (KB947540)
Hotfix for Microsoft Visual Studio 2007 Tools for Applications - ENU (KB947789)
Intel® Management Engine Components
Ipswitch WS_FTP Professional 2007
Java Auto Updater
Java™ 6 Update 27
join.me
LogMeIn
LogMeIn Rescue Technician Console
LogMeIn Rescue Technician Console
Microsoft .NET Framework 4 Multi-Targeting Pack
Microsoft Application Error Reporting
Microsoft MapPoint Europe 2009
Microsoft Office Access database engine 2007 (English)
Microsoft Report Viewer 2012 Runtime
Microsoft Report Viewer Redistributable 2008 (KB971119)
Microsoft Report Viewer Redistributable 2008 SP1
Microsoft Silverlight
Microsoft SQL Server 2008 R2 Management Objects
Microsoft SQL Server System CLR Types
Microsoft Visual Basic for Applications 7.1 (x86)
Microsoft Visual Basic for Applications 7.1 (x86) English
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4974
Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219
Microsoft Visual C++ 2010 x86 Runtime - 10.0.40219
Microsoft Visual Studio 2010 Shell (Isolated) - ENU
Microsoft Visual Studio Tools for Applications 2.0 - ENU
Microsoft Visual Studio Tools for Applications 2.0 Runtime
Moneysoft Payroll Manager
Mozilla Firefox 7.0.1 (x86 en-GB)
MS Track Pro 8
MS Track Reports
MSXML 4.0 SP2 (KB954430)
MSXML 4.0 SP2 (KB973688)
MSXML 4.0 SP2 Parser and SDK
NVIDIA Stereoscopic 3D Driver
ON_OFF Charge B11.0110.1
QuickBooks
QuickBooks Pro 2010
Realtek Ethernet Controller Driver
Realtek High Definition Audio Driver
Royal TS
Safari
SAP Crystal Reports runtime engine for .NET Framework 4 (32-bit)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2478663)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2518870)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2539636)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2572078)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2633870)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2656351)
Security Update for Microsoft .NET Framework 4 Extended (KB2416472)
Security Update for Microsoft .NET Framework 4 Extended (KB2487367)
Security Update for Microsoft .NET Framework 4 Extended (KB2656351)
Send HTTP Tool version 2.5.9
Sky-Q
Skype Click to Call
Skype™ 5.10
SkyWave IsatM2M Developer's Toolkit 5.3
Smart 6 B10.1221.1
SQL Server Browser for SQL Server 2012
SupportSoft Assisted Service
swMSM
TatukGIS Viewer 3 3.5.0.8138
TeamViewer 7
Update 4.0.2 for Microsoft .NET Framework 4 Client Profile (KB2544514)
Update 4.0.2 for Microsoft .NET Framework 4 Extended (KB2544514)
Update for Microsoft .NET Framework 4 Client Profile (KB2468871)
Update for Microsoft .NET Framework 4 Client Profile (KB2473228)
Update for Microsoft .NET Framework 4 Client Profile (KB2478063)
Update for Microsoft .NET Framework 4 Client Profile (KB2533523)
Update for Microsoft .NET Framework 4 Extended (KB2468871)
Update for Microsoft .NET Framework 4 Extended (KB2533523)
WebEx
Windows 7 Codec Pack 3.4.0
.
==== Event Viewer Messages From Past Week ========
.
27/09/2012 08:41:40, Error: Service Control Manager [7023] - The Function Discovery Resource Publication service terminated with the following error: %%-2147024891
27/09/2012 08:41:40, Error: Service Control Manager [7001] - The HomeGroup Provider service depends on the Function Discovery Resource Publication service which failed to start because of the following error: %%-2147024891
27/09/2012 08:40:33, Error: Schannel [36888] - The following fatal alert was generated: 48. The internal error state is 552.
27/09/2012 08:40:33, Error: Schannel [36882] - The certificate received from the remote server was issued by an untrusted certificate authority. Because of this, none of the data contained in the certificate can be validated. The SSL connection request has failed. The attached data contains the server certificate.
26/09/2012 10:19:07, Error: Schannel [36888] - The following fatal alert was generated: 40. The internal error state is 107.
26/09/2012 10:19:07, Error: Schannel [36874] - An SSL 3.0 connection request was received from a remote client application, but none of the cipher suites supported by the client application are supported by the server. The SSL connection request has failed.
26/09/2012 09:36:59, Error: Microsoft-Windows-DistributedCOM [10009] - DCOM was unable to communicate with the computer UKINFOFLEETSQL2 using any of the configured protocols.
25/09/2012 15:03:21, Error: Microsoft-Windows-RasSstp [1] - CoId={05BFD1BA-C856-430E-8F7D-37343FE79698}:The initial Secure Socket Tunneling Protocol request could not be successfully sent to the server. This can be due to network connectivity issues or certificate (trust) issues. The detailed error message is provided below. Correct the problem and try again. The requested name is valid, but no data of the requested type was found.
24/09/2012 16:54:03, Error: Microsoft-Windows-DistributedCOM [10009] - DCOM was unable to communicate with the computer UKINFOROUTESQL using any of the configured protocols.
24/09/2012 16:53:38, Error: Microsoft-Windows-DistributedCOM [10009] - DCOM was unable to communicate with the computer UKINFOFLEETSQL1 using any of the configured protocols.
24/09/2012 14:21:11, Error: Service Control Manager [7003] - The IPsec Policy Agent service depends the following service: BFE. This service might not be installed.
24/09/2012 14:21:07, Error: Service Control Manager [7023] - The Computer Browser service terminated with the following error: The specified service does not exist as an installed service.
24/09/2012 14:21:07, Error: Service Control Manager [7003] - The IKE and AuthIP IPsec Keying Modules service depends the following service: BFE. This service might not be installed.
22/09/2012 07:46:04, Error: srv [2017] - The server was unable to allocate from the system nonpaged pool because the server reached the configured limit for nonpaged pool allocations.
.
==== End Of File ===========================

#5 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:01:03 PM

Posted 27 September 2012 - 03:21 AM

-AdwCleaner-

  • Please download AdwCleaner by Xplode onto your desktop.
  • Close all open programs and internet browsers.
  • Double click on AdwCleaner.exe to run the tool.
  • Click on Delete.
  • Confirm each time with Ok.
  • Your computer will be rebooted automatically. A text file will open after the restart.
  • Please post the content of that logfile with your next answer.
  • You can find the logfile at C:\AdwCleaner[S1].txt as well.

--RogueKiller--

  • Download & SAVE to your Desktop RogueKiller or from here
  • Quit all programs that you may have started.
  • Please disconnect any USB or external drives from the computer before you run this scan!
  • For Vista or Windows 7, right-click and select "Run as Administrator to start"
  • For Windows XP, double-click to start.
  • Wait until Prescan has finished ...
  • Then Click on "Scan" button
  • Wait until the Status box shows "Scan Finished"
  • click on "delete"
  • Wait until the Status box shows "Deleting Finished"
  • Click on "Report" and copy/paste the content of the Notepad into your next reply.
  • The log should be found in RKreport[1].txt on your Desktop
  • Exit/Close RogueKiller+

Gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#6 GarethD

GarethD
  • Topic Starter

  • Members
  • 11 posts
  • OFFLINE
  •  
  • Local time:01:03 PM

Posted 27 September 2012 - 06:01 AM

Log from ADWCleaner


# AdwCleaner v2.003 - Logfile created 09/27/2012 at 11:54:23
# Updated 23/09/2012 by Xplode
# Operating system : Windows 7 Ultimate Service Pack 1 (64 bits)
# User : Gareth Davies - MISUK02
# Boot Mode : Normal
# Running from : C:\Users\Gareth Davies\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\OMXWGGWG\adwcleaner.exe
# Option [Delete]


***** [Services] *****


***** [Files / Folders] *****


***** [Registry] *****


***** [Internet Browsers] *****

-\\ Internet Explorer v9.0.8112.16421

[OK] Registry is clean.

-\\ Mozilla Firefox v7.0.1 (en-GB)

Profile name : default
File : C:\Users\Gareth Davies\AppData\Roaming\Mozilla\Firefox\Profiles\t5ton78a.default\prefs.js

[OK] File is clean.

-\\ Google Chrome v [Unable to get version]

File : C:\Users\Gareth Davies\AppData\Local\Google\Chrome\User Data\Default\Preferences

[OK] File is clean.

*************************

AdwCleaner[S1].txt - [2372 octets] - [24/09/2012 14:19:42]
AdwCleaner[R1].txt - [1132 octets] - [24/09/2012 14:24:36]
AdwCleaner[S2].txt - [1063 octets] - [27/09/2012 11:54:23]

########## EOF - C:\AdwCleaner[S2].txt - [1123 octets] ##########

#7 GarethD

GarethD
  • Topic Starter

  • Members
  • 11 posts
  • OFFLINE
  •  
  • Local time:01:03 PM

Posted 27 September 2012 - 06:04 AM

When trying to run RogueKiller i get an error to say the RogueKiller.exe is not a valid Win32 application, any ideas?

#8 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:01:03 PM

Posted 27 September 2012 - 07:31 AM

Hello

I Would like you to do the following.

Please print out or make a copy in notpad of any instructions given, as sometimes it is necessary to go offline and you will lose access to them.

Run Combofix:

You may be asked to install or update the Recovery Console (Win XP Only) if this happens please allow it to do so (you will need to be connected to the internet for this)

Before you run Combofix I will need you to turn off any security software you have running, If you do not know how to do this you can find out >here< or >here<

Combofix may need to reboot your computer more than once to do its job this is normal.

You can download Combofix from one of these links. I want you to save it to the desktop and run it from there.
Link 1
Link 2
Link 3
1. Close any open browsers or any other programs that are open.
2. Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.

Double click on combofix.exe & follow the prompts.
When finished, it will produce a report for you.

Note 1: Do not mouseclick combofix's window while it's running. That may cause it to stall

Note 2: If you recieve an error "Illegal operation attempted on a registery key that has been marked for deletion." Please restart the computer

"information and logs"

  • In your next post I need the following
  • Log from Combofix
  • let me know of any problems you may have had
  • How is the computer doing now?

Gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#9 GarethD

GarethD
  • Topic Starter

  • Members
  • 11 posts
  • OFFLINE
  •  
  • Local time:01:03 PM

Posted 27 September 2012 - 08:48 AM

This is the ComboFix log

ComboFix 12-09-26.06 - Gareth Davies 27/09/2012 14:34:11.1.8 - x64
Microsoft Windows 7 Ultimate 6.1.7601.1.1252.44.1033.18.8175.6025 [GMT 1:00]
Running from: c:\users\Gareth Davies\Downloads\ComboFix.exe
AV: Microsoft Security Essentials *Disabled/Updated* {108DAC43-C256-20B7-BB05-914135DA5160}
SP: Microsoft Security Essentials *Disabled/Updated* {ABEC4DA7-E46C-2F39-81B5-AA334E5D1BDD}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\programdata\ntuser.dat
c:\users\Gareth Davies\AppData\Local\Microsoft\Windows\Temporary Internet Files\{961CB759-FE3A-405D-ABFC-5D88CBB0424C}.xps
c:\users\Gareth Davies\GoToAssistDownloadHelper.exe
c:\windows\Installer\{0cf29438-6bb9-dacd-a1c0-8ee760c9212b}\@
c:\windows\Installer\{0cf29438-6bb9-dacd-a1c0-8ee760c9212b}\L\00000004.@
c:\windows\Installer\{0cf29438-6bb9-dacd-a1c0-8ee760c9212b}\L\1afb2d56
c:\windows\Installer\{0cf29438-6bb9-dacd-a1c0-8ee760c9212b}\L\201d3dde
c:\windows\Installer\{0cf29438-6bb9-dacd-a1c0-8ee760c9212b}\U\00000008.@
.
.
((((((((((((((((((((((((( Files Created from 2012-08-27 to 2012-09-27 )))))))))))))))))))))))))))))))
.
.
2012-09-27 13:37 . 2012-09-27 13:37 -------- d-----w- c:\users\UpdatusUser\AppData\Local\temp
2012-09-26 13:32 . 2012-08-30 07:27 9308616 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{D734F822-E1F2-407C-82F3-554F150B2A6E}\mpengine.dll
2012-09-25 14:21 . 2012-09-25 14:22 -------- d-----w- c:\program files (x86)\BIS MS Track Pro 8 - ITSL
2012-09-25 13:31 . 2012-08-30 07:27 9308616 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\Backup\mpengine.dll
2012-09-21 12:33 . 2012-09-21 12:33 -------- d-----w- c:\users\Gareth Davies\AppData\Local\Citrix
2012-08-28 13:54 . 2012-09-27 07:25 -------- d-----w- c:\program files (x86)\BIS MS Track Pro 8 - SISAT
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-09-27 13:38 . 2011-09-09 14:40 25640 ----a-w- c:\windows\gdrv.sys
2012-07-18 12:43 . 2009-07-13 23:19 328704 ----a-w- c:\windows\system32\services.exe
2012-07-18 12:40 . 2012-07-18 12:40 328704 ----a-w- c:\windows\system32\services.exe.EE9B0ED88DA80F00
2012-07-18 12:37 . 2012-07-18 12:37 328704 ----a-w- c:\windows\system32\services.exe.EE2638F52ADE01A9
2012-07-18 12:34 . 2012-07-18 12:34 328704 ----a-w- c:\windows\system32\services.exe.94D5E24D1CD82B10
2012-07-11 16:09 . 2011-12-02 15:59 87488 ----a-w- c:\windows\system32\LMIRfsClientNP.dll
2012-07-11 16:09 . 2011-12-02 15:59 34720 ----a-w- c:\windows\system32\LMIport.dll
2012-07-11 16:09 . 2011-12-02 15:59 80800 ----a-w- c:\windows\system32\LMIinit.dll
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt1]
@="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}]
2011-02-18 05:12 94208 ----a-w- c:\users\Gareth Davies\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt2]
@="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}]
2011-02-18 05:12 94208 ----a-w- c:\users\Gareth Davies\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt3]
@="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}]
2011-02-18 05:12 94208 ----a-w- c:\users\Gareth Davies\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt4]
@="{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}]
2011-02-18 05:12 94208 ----a-w- c:\users\Gareth Davies\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ISUSPM Startup"="c:\progra~2\COMMON~1\INSTAL~1\UPDATE~1\isuspm.exe" [2005-02-17 221184]
"Skype"="c:\program files (x86)\Skype\Phone\Skype.exe" [2012-07-13 17418928]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"ISUSScheduler"="c:\program files (x86)\Common Files\InstallShield\UpdateService\issch.exe" [2005-02-17 81920]
"Intuit SyncManager"="c:\program files (x86)\Common Files\Intuit\Sync\IntuitSyncManager.exe" [2008-11-18 623880]
"Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2011-06-06 937920]
"SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe" [2011-06-09 254696]
"APSDaemon"="c:\program files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2011-11-01 59240]
"iTunesHelper"="c:\program files (x86)\iTunes\iTunesHelper.exe" [2012-01-16 421736]
.
c:\users\Gareth Davies\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
Dropbox.lnk - c:\users\Gareth Davies\AppData\Roaming\Dropbox\bin\Dropbox.exe [2012-5-24 27112840]
.
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
QuickBooks Update Agent.lnk - c:\program files (x86)\Common Files\Intuit\QuickBooks\QBUpdate\qbupdate.exe [2012-2-13 984408]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 0 (0x0)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableLUA"= 0 (0x0)
"EnableUIADesktopToggle"= 0 (0x0)
"PromptOnSecureDesktop"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\windows]
"LoadAppInit_DLLs"=0 (0x0)
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MsMpSvc]
@="Service"
.
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]
R2 gupdate;Google Update Service (gupdate);c:\program files (x86)\Google\Update\GoogleUpdate.exe [2011-09-14 136176]
R2 SkypeUpdate;Skype Updater;c:\program files (x86)\Skype\Updater\Updater.exe [2012-06-07 160944]
R3 AppleChargerSrv;AppleChargerSrv;c:\windows\system32\AppleChargerSrv.exe [2010-04-06 31272]
R3 dc3d;MS Hardware Device Detection Driver;c:\windows\system32\DRIVERS\dc3d.sys [2011-05-18 47616]
R3 dmvsc;dmvsc;c:\windows\system32\drivers\dmvsc.sys [2010-11-21 71168]
R3 etdrv;etdrv;c:\windows\etdrv.sys [2011-09-13 25640]
R3 gupdatem;Google Update Service (gupdatem);c:\program files (x86)\Google\Update\GoogleUpdate.exe [2011-09-14 136176]
R3 GVTDrv64;GVTDrv64;c:\windows\GVTDrv64.sys [2011-09-13 30528]
R3 Microsoft SharePoint Workspace Audit Service;Microsoft SharePoint Workspace Audit Service;c:\program files\Microsoft Office\Office14\GROOVE.EXE [2011-06-12 51740536]
R3 Netaapl;Apple Mobile Device Ethernet Service;c:\windows\system32\DRIVERS\netaapl64.sys [2011-08-02 22528]
R3 NisDrv;Microsoft Network Inspection System;c:\windows\system32\DRIVERS\NisDrvWFP.sys [2012-03-20 98688]
R3 NisSrv;Microsoft Network Inspection;c:\program files\Microsoft Security Client\NisSrv.exe [2012-03-26 291696]
R3 ose64;Office 64 Source Engine;c:\program files\Common Files\Microsoft Shared\Source Engine\OSE.EXE [2010-01-09 174440]
R3 osppsvc;Office Software Protection Platform;c:\program files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE [2010-01-09 4925184]
R3 Point64;Microsoft IntelliPoint Filter Driver;c:\windows\system32\DRIVERS\point64.sys [2011-08-01 45416]
R3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;c:\windows\system32\drivers\rdpvideominiport.sys [2010-11-21 20992]
R3 Synth3dVsc;Synth3dVsc;c:\windows\system32\drivers\synth3dvsc.sys [2010-11-21 88960]
R3 terminpt;Microsoft Remote Desktop Input Driver;c:\windows\system32\drivers\terminpt.sys [2010-11-21 34816]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [2010-11-21 59392]
R3 TsUsbGD;Remote Desktop Generic USB Device;c:\windows\system32\drivers\TsUsbGD.sys [2010-11-21 31232]
R3 tsusbhub;tsusbhub;c:\windows\system32\drivers\tsusbhub.sys [2010-11-21 117248]
R3 USBAAPL64;Apple Mobile USB Driver;c:\windows\system32\Drivers\usbaapl64.sys [2011-08-02 51712]
R3 VGPU;VGPU;c:\windows\system32\drivers\rdvgkmd.sys [x]
R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe [2011-09-09 1255736]
R3 WDC_SAM;WD SCSI Pass Thru driver;c:\windows\system32\DRIVERS\wdcsam64.sys [2008-05-06 14464]
R3 WMSVC;Web Management Service;c:\windows\system32\inetsrv\wmsvc.exe [2009-07-14 10752]
R4 RsFx0200;RsFx0200 Driver;c:\windows\system32\DRIVERS\RsFx0200.sys [2012-02-11 334936]
R4 SQLAgent$MSTRACK;SQL Server Agent (MSTRACK);c:\program files\Microsoft SQL Server\MSSQL11.MSTRACK\MSSQL\Binn\SQLAGENT.EXE [2012-02-11 597080]
S1 AppleCharger;AppleCharger;c:\windows\system32\DRIVERS\AppleCharger.sys [2011-01-10 21104]
S2 AdobeARMservice;Adobe Acrobat Update Service;c:\program files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe [2011-06-06 64952]
S2 cpextender;Check Point SSL Network Extender;c:\program files (x86)\CheckPoint\SSL Network Extender\slimsvc.exe [2010-11-28 353800]
S2 DES2 Service;DES2 Service for Energy Saving.;c:\program files (x86)\GIGABYTE\EnergySaver2\des2svr.exe [2009-06-17 68136]
S2 LMIGuardianSvc;LMIGuardianSvc;c:\program files (x86)\LogMeIn\x64\LMIGuardianSvc.exe [2012-07-11 375208]
S2 LMIInfo;LogMeIn Kernel Information Provider;c:\program files (x86)\LogMeIn\x64\RaInfo.sys [2011-09-16 15928]
S2 MSSQL$MSTRACK;SQL Server (MSTRACK);c:\program files\Microsoft SQL Server\MSSQL11.MSTRACK\MSSQL\Binn\sqlservr.exe [2012-02-11 191064]
S2 nvUpdatusService;NVIDIA Update Service Daemon;c:\program files (x86)\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe [2011-05-21 2214504]
S2 Skype C2C Service;Skype C2C Service;c:\programdata\Skype\Toolbars\Skype C2C Service\c2c_service.exe [2012-08-13 3064000]
S2 Smart TimeLock;Smart TimeLock Service;c:\program files (x86)\GIGABYTE\Smart6\Timelock\TimeMgmtDaemon.exe [2009-10-13 114688]
S2 Stereo Service;NVIDIA Stereoscopic 3D Driver Service;c:\program files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe [2011-02-28 378472]
S2 TeamViewer7;TeamViewer 7;c:\program files (x86)\TeamViewer\Version7\TeamViewer_Service.exe [2012-07-16 2673064]
S2 UNS;Intel® Management and Security Application User Notification Service;c:\program files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe [2010-10-05 2655768]
S3 EtronHub3;Etron USB 3.0 Extensible Hub Driver;c:\windows\system32\Drivers\EtronHub3.sys [2011-01-26 39808]
S3 EtronXHCI;Etron USB 3.0 Extensible Host Controller Driver;c:\windows\system32\Drivers\EtronXHCI.sys [2011-01-26 64256]
S3 MEIx64;Intel® Management Engine Interface;c:\windows\system32\DRIVERS\HECIx64.sys [2010-10-19 56344]
S3 NVHDA;Service for NVIDIA High Definition Audio Driver;c:\windows\system32\drivers\nvhda64v.sys [2011-01-25 172648]
S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt64win7.sys [2010-12-24 412264]
S3 VNA;Check Point Virtual Network Adapter;c:\windows\system32\DRIVERS\vna.sys [2010-11-28 161256]
.
.
--- Other Services/Drivers In Memory ---
.
*NewlyCreated* - WS2IFSL
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\svchost]
iissvcs REG_MULTI_SZ w3svc was
.
Contents of the 'Scheduled Tasks' folder
.
2012-09-27 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2011-09-14 08:02]
.
2012-09-27 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2011-09-14 08:02]
.
.
--------- X64 Entries -----------
.
.
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{45d30484-7ded-43d9-957a-d2fd1f046511}]
2010-11-21 03:23 444752 ----a-w- c:\windows\System32\mscoree.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
"{1d09c093-f71e-43c3-b948-19316cbd695e}"= "mscoree.dll" [2010-11-21 444752]
.
[HKEY_CLASSES_ROOT\CLSID\{1d09c093-f71e-43c3-b948-19316cbd695e}]
[HKEY_CLASSES_ROOT\tGBandObj.tGBandObjClass]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt1]
@="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}]
2011-02-18 05:12 97792 ----a-w- c:\users\Gareth Davies\AppData\Roaming\Dropbox\bin\DropboxExt64.14.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt2]
@="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}]
2011-02-18 05:12 97792 ----a-w- c:\users\Gareth Davies\AppData\Roaming\Dropbox\bin\DropboxExt64.14.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt3]
@="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}]
2011-02-18 05:12 97792 ----a-w- c:\users\Gareth Davies\AppData\Roaming\Dropbox\bin\DropboxExt64.14.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt4]
@="{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}]
2011-02-18 05:12 97792 ----a-w- c:\users\Gareth Davies\AppData\Roaming\Dropbox\bin\DropboxExt64.14.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"RtHDVCpl"="c:\program files\Realtek\Audio\HDA\RAVCpl64.exe" [2011-01-04 11772520]
"BCSSync"="c:\program files\Microsoft Office\Office14\BCSSync.exe" [2010-03-13 112512]
"IntelliPoint"="c:\program files\Microsoft IntelliPoint\ipoint.exe" [2011-08-01 2417032]
"LogMeIn GUI"="c:\program files (x86)\LogMeIn\x64\LogMeInSystray.exe" [2011-09-16 57928]
"MSC"="c:\program files\Microsoft Security Client\msseces.exe" [2012-03-26 1271168]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce]
"RPMKickstart"="c:\program files\GIGABYTE\SMART6\Recovery\RPMKickstart.exe" [2010-08-23 2552320]
.
[hkey_local_machine\software\microsoft\windows\currentversion\explorer\SharedTaskScheduler]
"{1984DD45-52CF-49cd-AB77-18F378FEA264}"= "c:\program files (x86)\Stardock\Fences\FencesMenu64.dll" [2010-06-22 253288]
.
------- Supplementary Scan -------
.
uLocal Page = c:\windows\system32\blank.htm
uStart Page = hxxp://www.google.co.uk/
mLocal Page = c:\windows\SysWOW64\blank.htm
uInternet Settings,ProxyOverride = *.local
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~3\Office14\EXCEL.EXE/3000
IE: Se&nd to OneNote - c:\progra~1\MICROS~3\Office14\ONBttnIE.dll/105
TCP: DhcpNameServer = 192.168.1.1
TCP: Interfaces\{C6996012-37C3-4221-9808-3729DA7912BB}: NameServer = 192.168.0.10
DPF: {76392179-60A8-462D-8961-B95C14DAADF4} - hxxps://billcentre.vodafone.co.uk/bpa/content/ddiprintengine.cab
DPF: {B8E73359-3422-4384-8D27-4EA1B4C01232} - hxxps://portal.dalkia.ie/+CSCOL+/cscopf.cab
FF - ProfilePath - c:\users\Gareth Davies\AppData\Roaming\Mozilla\Firefox\Profiles\t5ton78a.default\
.
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil11g_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil11g_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash11g.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.10"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash11g.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash11g.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash11g.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]
@Denied: (A 2) (Everyone)
@="IFlashBroker4"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
------------------------ Other Running Processes ------------------------
.
c:\program files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
c:\program files (x86)\Common Files\Protexis\License Service\PsiService_2.exe
c:\program files (x86)\Common Files\Intuit\QuickBooks\QBCFMonitorService.exe
c:\program files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe
.
**************************************************************************
.
Completion time: 2012-09-27 14:44:53 - machine was rebooted
ComboFix-quarantined-files.txt 2012-09-27 13:44
.
Pre-Run: 337,848,610,816 bytes free
Post-Run: 338,259,324,928 bytes free
.
- - End Of File - - 9D0AA364AEC4D964960C5A4CAD383380

#10 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:01:03 PM

Posted 27 September 2012 - 12:44 PM

Greetings GarethD

I would like to know how the computer is doing now and I want you to run these next,

tdsskiller:

Please read carefully and follow these steps.
  • Download TDSSKiller and save it to your Desktop.
  • doubleclick on TDSSKiller.exe to run the application, then on Start Scan.
  • If an infected file is detected, the default action will be Cure, click on Continue.
  • If a suspicious file is detected, the default action will be Skip, click on Continue.
  • It may ask you to reboot the computer to complete the process. Click on Reboot Now.
  • If no reboot is require, click on Report. A log file should appear. Please copy and paste the contents of that file here.
  • If a reboot is required, the report can also be found in your root directory, (usually C:\ folder) in the form of "TDSSKiller.[Version]_[Date]_[Time]_log.txt". Please copy and paste the contents of that file here.

Please download aswMBR to your desktop.
  • Double click the aswMBR.exe icon to run it
  • it will ask to download extra definitions - ALLOW IT
  • Click the Scan button to start the scan
  • On completion of the scan, click the save log button, save it to your desktop and post it in your next reply.

If you have any problems running either one come back and let me know

please reply with the reports from TDSSKiller and aswMBR

Gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#11 GarethD

GarethD
  • Topic Starter

  • Members
  • 11 posts
  • OFFLINE
  •  
  • Local time:01:03 PM

Posted 28 September 2012 - 02:22 AM

TDSSKiler Log Report

08:21:33.0631 7556 TDSS rootkit removing tool 2.8.10.0 Sep 17 2012 19:23:24
08:21:33.0710 7556 ============================================================
08:21:33.0710 7556 Current date / time: 2012/09/28 08:21:33.0710
08:21:33.0710 7556 SystemInfo:
08:21:33.0710 7556
08:21:33.0710 7556 OS Version: 6.1.7601 ServicePack: 1.0
08:21:33.0710 7556 Product type: Workstation
08:21:33.0710 7556 ComputerName: MISUK02
08:21:33.0710 7556 UserName: Gareth Davies
08:21:33.0710 7556 Windows directory: C:\Windows
08:21:33.0710 7556 System windows directory: C:\Windows
08:21:33.0710 7556 Running under WOW64
08:21:33.0710 7556 Processor architecture: Intel x64
08:21:33.0710 7556 Number of processors: 8
08:21:33.0710 7556 Page size: 0x1000
08:21:33.0710 7556 Boot type: Normal boot
08:21:33.0710 7556 ============================================================
08:21:34.0656 7556 Drive \Device\Harddisk0\DR0 - Size: 0x7470C06000 (465.76 Gb), SectorSize: 0x200, Cylinders: 0xFC59, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xF0, Type 'K0', Flags 0x00000040
08:21:34.0659 7556 ============================================================
08:21:34.0659 7556 \Device\Harddisk0\DR0:
08:21:34.0659 7556 MBR partitions:
08:21:34.0659 7556 \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x800, BlocksNum 0x32000
08:21:34.0659 7556 \Device\Harddisk0\DR0\Partition2: MBR, Type 0x7, StartLBA 0x32800, BlocksNum 0x3A353000
08:21:34.0659 7556 ============================================================
08:21:34.0678 7556 C: <-> \Device\Harddisk0\DR0\Partition2
08:21:34.0678 7556 ============================================================
08:21:34.0678 7556 Initialize success
08:21:34.0678 7556 ============================================================
08:21:55.0943 2704 ============================================================
08:21:55.0943 2704 Scan started
08:21:55.0943 2704 Mode: Manual;
08:21:55.0943 2704 ============================================================
08:21:56.0658 2704 ================ Scan system memory ========================
08:21:56.0658 2704 System memory - ok
08:21:56.0659 2704 ================ Scan services =============================
08:21:56.0766 2704 [ A87D604AEA360176311474C87A63BB88 ] 1394ohci C:\Windows\system32\drivers\1394ohci.sys
08:21:56.0769 2704 1394ohci - ok
08:21:56.0793 2704 [ D81D9E70B8A6DD14D42D7B4EFA65D5F2 ] ACPI C:\Windows\system32\drivers\ACPI.sys
08:21:56.0797 2704 ACPI - ok
08:21:56.0812 2704 [ 99F8E788246D495CE3794D7E7821D2CA ] AcpiPmi C:\Windows\system32\drivers\acpipmi.sys
08:21:56.0812 2704 AcpiPmi - ok
08:21:56.0877 2704 [ 11A52CF7B265631DEEB24C6149309EFF ] AdobeARMservice C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
08:21:56.0878 2704 AdobeARMservice - ok
08:21:56.0905 2704 [ 2F6B34B83843F0C5118B63AC634F5BF4 ] adp94xx C:\Windows\system32\drivers\adp94xx.sys
08:21:56.0912 2704 adp94xx - ok
08:21:56.0936 2704 [ 597F78224EE9224EA1A13D6350CED962 ] adpahci C:\Windows\system32\drivers\adpahci.sys
08:21:56.0941 2704 adpahci - ok
08:21:56.0955 2704 [ E109549C90F62FB570B9540C4B148E54 ] adpu320 C:\Windows\system32\drivers\adpu320.sys
08:21:56.0958 2704 adpu320 - ok
08:21:56.0985 2704 [ 4B78B431F225FD8624C5655CB1DE7B61 ] AeLookupSvc C:\Windows\System32\aelupsvc.dll
08:21:56.0986 2704 AeLookupSvc - ok
08:21:57.0034 2704 [ 1C7857B62DE5994A75B054A9FD4C3825 ] AFD C:\Windows\system32\drivers\afd.sys
08:21:57.0038 2704 AFD - ok
08:21:57.0060 2704 [ 608C14DBA7299D8CB6ED035A68A15799 ] agp440 C:\Windows\system32\drivers\agp440.sys
08:21:57.0061 2704 agp440 - ok
08:21:57.0071 2704 [ 3290D6946B5E30E70414990574883DDB ] ALG C:\Windows\System32\alg.exe
08:21:57.0072 2704 ALG - ok
08:21:57.0095 2704 [ 5812713A477A3AD7363C7438CA2EE038 ] aliide C:\Windows\system32\drivers\aliide.sys
08:21:57.0096 2704 aliide - ok
08:21:57.0101 2704 [ 1FF8B4431C353CE385C875F194924C0C ] amdide C:\Windows\system32\drivers\amdide.sys
08:21:57.0102 2704 amdide - ok
08:21:57.0112 2704 [ 7024F087CFF1833A806193EF9D22CDA9 ] AmdK8 C:\Windows\system32\drivers\amdk8.sys
08:21:57.0113 2704 AmdK8 - ok
08:21:57.0122 2704 [ 1E56388B3FE0D031C44144EB8C4D6217 ] AmdPPM C:\Windows\system32\drivers\amdppm.sys
08:21:57.0123 2704 AmdPPM - ok
08:21:57.0157 2704 [ D4121AE6D0C0E7E13AA221AA57EF2D49 ] amdsata C:\Windows\system32\drivers\amdsata.sys
08:21:57.0159 2704 amdsata - ok
08:21:57.0177 2704 [ F67F933E79241ED32FF46A4F29B5120B ] amdsbs C:\Windows\system32\drivers\amdsbs.sys
08:21:57.0181 2704 amdsbs - ok
08:21:57.0197 2704 [ 540DAF1CEA6094886D72126FD7C33048 ] amdxata C:\Windows\system32\drivers\amdxata.sys
08:21:57.0198 2704 amdxata - ok
08:21:57.0241 2704 [ 89A69C3F2F319B43379399547526D952 ] AppID C:\Windows\system32\drivers\appid.sys
08:21:57.0242 2704 AppID - ok
08:21:57.0250 2704 [ 0BC381A15355A3982216F7172F545DE1 ] AppIDSvc C:\Windows\System32\appidsvc.dll
08:21:57.0251 2704 AppIDSvc - ok
08:21:57.0259 2704 [ 3977D4A871CA0D4F2ED1E7DB46829731 ] Appinfo C:\Windows\System32\appinfo.dll
08:21:57.0261 2704 Appinfo - ok
08:21:57.0328 2704 [ 3DEBBECF665DCDDE3A95D9B902010817 ] Apple Mobile Device C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
08:21:57.0330 2704 Apple Mobile Device - ok
08:21:57.0361 2704 [ 6BE11AD81D4527D299F0CB5F3731AABC ] AppleCharger C:\Windows\system32\DRIVERS\AppleCharger.sys
08:21:57.0362 2704 AppleCharger - ok
08:21:57.0380 2704 [ 95EF7247C50C7241FDAE39A9B3AFF4AE ] AppleChargerSrv C:\Windows\system32\AppleChargerSrv.exe
08:21:57.0380 2704 AppleChargerSrv - ok
08:21:57.0415 2704 [ 4ABA3E75A76195A3E38ED2766C962899 ] AppMgmt C:\Windows\System32\appmgmts.dll
08:21:57.0418 2704 AppMgmt - ok
08:21:57.0442 2704 [ C484F8CEB1717C540242531DB7845C4E ] arc C:\Windows\system32\drivers\arc.sys
08:21:57.0443 2704 arc - ok
08:21:57.0467 2704 [ 019AF6924AEFE7839F61C830227FE79C ] arcsas C:\Windows\system32\drivers\arcsas.sys
08:21:57.0469 2704 arcsas - ok
08:21:57.0561 2704 [ 9217D874131AE6FF8F642F124F00A555 ] aspnet_state C:\Windows\Microsoft.NET\Framework64\v4.0.30319\aspnet_state.exe
08:21:57.0562 2704 aspnet_state - ok
08:21:57.0580 2704 [ 769765CE2CC62867468CEA93969B2242 ] AsyncMac C:\Windows\system32\DRIVERS\asyncmac.sys
08:21:57.0580 2704 AsyncMac - ok
08:21:57.0591 2704 [ 02062C0B390B7729EDC9E69C680A6F3C ] atapi C:\Windows\system32\drivers\atapi.sys
08:21:57.0591 2704 atapi - ok
08:21:57.0628 2704 [ F23FEF6D569FCE88671949894A8BECF1 ] AudioEndpointBuilder C:\Windows\System32\Audiosrv.dll
08:21:57.0635 2704 AudioEndpointBuilder - ok
08:21:57.0644 2704 [ F23FEF6D569FCE88671949894A8BECF1 ] AudioSrv C:\Windows\System32\Audiosrv.dll
08:21:57.0648 2704 AudioSrv - ok
08:21:57.0674 2704 [ A6BF31A71B409DFA8CAC83159E1E2AFF ] AxInstSV C:\Windows\System32\AxInstSV.dll
08:21:57.0676 2704 AxInstSV - ok
08:21:57.0714 2704 [ 3E5B191307609F7514148C6832BB0842 ] b06bdrv C:\Windows\system32\drivers\bxvbda.sys
08:21:57.0719 2704 b06bdrv - ok
08:21:57.0743 2704 [ B5ACE6968304A3900EEB1EBFD9622DF2 ] b57nd60a C:\Windows\system32\DRIVERS\b57nd60a.sys
08:21:57.0747 2704 b57nd60a - ok
08:21:57.0765 2704 [ FDE360167101B4E45A96F939F388AEB0 ] BDESVC C:\Windows\System32\bdesvc.dll
08:21:57.0767 2704 BDESVC - ok
08:21:57.0786 2704 [ 16A47CE2DECC9B099349A5F840654746 ] Beep C:\Windows\system32\drivers\Beep.sys
08:21:57.0786 2704 Beep - ok
08:21:57.0822 2704 [ 82974D6A2FD19445CC5171FC378668A4 ] BFE C:\Windows\System32\bfe.dll
08:21:57.0832 2704 BFE - ok
08:21:57.0866 2704 [ 1EA7969E3271CBC59E1730697DC74682 ] BITS C:\Windows\system32\qmgr.dll
08:21:57.0872 2704 BITS - ok
08:21:57.0905 2704 [ 61583EE3C3A17003C4ACD0475646B4D3 ] blbdrive C:\Windows\system32\DRIVERS\blbdrive.sys
08:21:57.0907 2704 blbdrive - ok
08:21:57.0970 2704 [ EBBCD5DFBB1DE70E8F4AF8FA59E401FD ] Bonjour Service C:\Program Files\Bonjour\mDNSResponder.exe
08:21:57.0976 2704 Bonjour Service - ok
08:21:58.0001 2704 [ 6C02A83164F5CC0A262F4199F0871CF5 ] bowser C:\Windows\system32\DRIVERS\bowser.sys
08:21:58.0002 2704 bowser - ok
08:21:58.0016 2704 [ F09EEE9EDC320B5E1501F749FDE686C8 ] BrFiltLo C:\Windows\system32\drivers\BrFiltLo.sys
08:21:58.0017 2704 BrFiltLo - ok
08:21:58.0024 2704 [ B114D3098E9BDB8BEA8B053685831BE6 ] BrFiltUp C:\Windows\system32\drivers\BrFiltUp.sys
08:21:58.0025 2704 BrFiltUp - ok
08:21:58.0051 2704 [ 5C2F352A4E961D72518261257AAE204B ] Bridge C:\Windows\system32\DRIVERS\bridge.sys
08:21:58.0052 2704 Bridge - ok
08:21:58.0056 2704 [ 5C2F352A4E961D72518261257AAE204B ] BridgeMP C:\Windows\system32\DRIVERS\bridge.sys
08:21:58.0056 2704 BridgeMP - ok
08:21:58.0075 2704 [ 8EF0D5C41EC907751B8429162B1239ED ] Browser C:\Windows\System32\browser.dll
08:21:58.0076 2704 Browser - ok
08:21:58.0097 2704 [ 43BEA8D483BF1870F018E2D02E06A5BD ] Brserid C:\Windows\System32\Drivers\Brserid.sys
08:21:58.0102 2704 Brserid - ok
08:21:58.0118 2704 [ A6ECA2151B08A09CACECA35C07F05B42 ] BrSerWdm C:\Windows\System32\Drivers\BrSerWdm.sys
08:21:58.0120 2704 BrSerWdm - ok
08:21:58.0128 2704 [ B79968002C277E869CF38BD22CD61524 ] BrUsbMdm C:\Windows\System32\Drivers\BrUsbMdm.sys
08:21:58.0129 2704 BrUsbMdm - ok
08:21:58.0137 2704 [ A87528880231C54E75EA7A44943B38BF ] BrUsbSer C:\Windows\System32\Drivers\BrUsbSer.sys
08:21:58.0138 2704 BrUsbSer - ok
08:21:58.0161 2704 [ 9DA669F11D1F894AB4EB69BF546A42E8 ] BTHMODEM C:\Windows\system32\drivers\bthmodem.sys
08:21:58.0162 2704 BTHMODEM - ok
08:21:58.0185 2704 [ 95F9C2976059462CBBF227F7AAB10DE9 ] bthserv C:\Windows\system32\bthserv.dll
08:21:58.0186 2704 bthserv - ok
08:21:58.0203 2704 catchme - ok
08:21:58.0231 2704 [ B8BD2BB284668C84865658C77574381A ] cdfs C:\Windows\system32\DRIVERS\cdfs.sys
08:21:58.0232 2704 cdfs - ok
08:21:58.0247 2704 [ F036CE71586E93D94DAB220D7BDF4416 ] cdrom C:\Windows\system32\DRIVERS\cdrom.sys
08:21:58.0249 2704 cdrom - ok
08:21:58.0270 2704 [ F17D1D393BBC69C5322FBFAFACA28C7F ] CertPropSvc C:\Windows\System32\certprop.dll
08:21:58.0271 2704 CertPropSvc - ok
08:21:58.0295 2704 [ D7CD5C4E1B71FA62050515314CFB52CF ] circlass C:\Windows\system32\drivers\circlass.sys
08:21:58.0296 2704 circlass - ok
08:21:58.0327 2704 [ FE1EC06F2253F691FE36217C592A0206 ] CLFS C:\Windows\system32\CLFS.sys
08:21:58.0331 2704 CLFS - ok
08:21:58.0390 2704 [ D88040F816FDA31C3B466F0FA0918F29 ] clr_optimization_v2.0.50727_32 C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
08:21:58.0391 2704 clr_optimization_v2.0.50727_32 - ok
08:21:58.0424 2704 [ D1CEEA2B47CB998321C579651CE3E4F8 ] clr_optimization_v2.0.50727_64 C:\Windows\Microsoft.NET\Framework64\v2.0.50727\mscorsvw.exe
08:21:58.0426 2704 clr_optimization_v2.0.50727_64 - ok
08:21:58.0484 2704 [ C5A75EB48E2344ABDC162BDA79E16841 ] clr_optimization_v4.0.30319_32 C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
08:21:58.0487 2704 clr_optimization_v4.0.30319_32 - ok
08:21:58.0524 2704 [ C6F9AF94DCD58122A4D7E89DB6BED29D ] clr_optimization_v4.0.30319_64 C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe
08:21:58.0526 2704 clr_optimization_v4.0.30319_64 - ok
08:21:58.0561 2704 [ 0840155D0BDDF1190F84A663C284BD33 ] CmBatt C:\Windows\system32\drivers\CmBatt.sys
08:21:58.0562 2704 CmBatt - ok
08:21:58.0573 2704 [ E19D3F095812725D88F9001985B94EDD ] cmdide C:\Windows\system32\drivers\cmdide.sys
08:21:58.0574 2704 cmdide - ok
08:21:58.0612 2704 [ C4943B6C962E4B82197542447AD599F4 ] CNG C:\Windows\system32\Drivers\cng.sys
08:21:58.0618 2704 CNG - ok
08:21:58.0636 2704 [ 102DE219C3F61415F964C88E9085AD14 ] Compbatt C:\Windows\system32\drivers\compbatt.sys
08:21:58.0637 2704 Compbatt - ok
08:21:58.0663 2704 [ 03EDB043586CCEBA243D689BDDA370A8 ] CompositeBus C:\Windows\system32\DRIVERS\CompositeBus.sys
08:21:58.0664 2704 CompositeBus - ok
08:21:58.0667 2704 COMSysApp - ok
08:21:58.0776 2704 [ D0C84B2AA91741521FE4854CE6FCCC3E ] cpextender C:\Program Files (x86)\CheckPoint\SSL Network Extender\slimsvc.exe
08:21:58.0781 2704 cpextender - ok
08:21:58.0821 2704 [ 1C827878A998C18847245FE1F34EE597 ] crcdisk C:\Windows\system32\drivers\crcdisk.sys
08:21:58.0822 2704 crcdisk - ok
08:21:58.0857 2704 [ 15597883FBE9B056F276ADA3AD87D9AF ] CryptSvc C:\Windows\system32\cryptsvc.dll
08:21:58.0859 2704 CryptSvc - ok
08:21:58.0921 2704 [ 54DA3DFD29ED9F1619B6F53F3CE55E49 ] CSC C:\Windows\system32\drivers\csc.sys
08:21:58.0936 2704 CSC - ok
08:21:58.0969 2704 [ 3AB183AB4D2C79DCF459CD2C1266B043 ] CscService C:\Windows\System32\cscsvc.dll
08:21:58.0977 2704 CscService - ok
08:21:59.0013 2704 [ 7AF9DAC504FBD047CBC3E64AE52C92BF ] dc3d C:\Windows\system32\DRIVERS\dc3d.sys
08:21:59.0014 2704 dc3d - ok
08:21:59.0046 2704 [ 5C627D1B1138676C0A7AB2C2C190D123 ] DcomLaunch C:\Windows\system32\rpcss.dll
08:21:59.0051 2704 DcomLaunch - ok
08:21:59.0073 2704 [ 3CEC7631A84943677AA8FA8EE5B6B43D ] defragsvc C:\Windows\System32\defragsvc.dll
08:21:59.0077 2704 defragsvc - ok
08:21:59.0124 2704 [ FDC0C5ADDE1CDE6EDB0BEF78F0699AF3 ] DES2 Service C:\Program Files (x86)\GIGABYTE\EnergySaver2\des2svr.exe
08:21:59.0125 2704 DES2 Service - ok
08:21:59.0147 2704 [ 9BB2EF44EAA163B29C4A4587887A0FE4 ] DfsC C:\Windows\system32\Drivers\dfsc.sys
08:21:59.0148 2704 DfsC - ok
08:21:59.0176 2704 [ 43D808F5D9E1A18E5EEB5EBC83969E4E ] Dhcp C:\Windows\system32\dhcpcore.dll
08:21:59.0181 2704 Dhcp - ok
08:21:59.0203 2704 [ 13096B05847EC78F0977F2C0F79E9AB3 ] discache C:\Windows\system32\drivers\discache.sys
08:21:59.0203 2704 discache - ok
08:21:59.0229 2704 [ 9819EEE8B5EA3784EC4AF3B137A5244C ] Disk C:\Windows\system32\drivers\disk.sys
08:21:59.0230 2704 Disk - ok
08:21:59.0258 2704 [ 5DB085A8A6600BE6401F2B24EECB5415 ] dmvsc C:\Windows\system32\drivers\dmvsc.sys
08:21:59.0260 2704 dmvsc - ok
08:21:59.0295 2704 [ 16835866AAA693C7D7FCEBA8FFF706E4 ] Dnscache C:\Windows\System32\dnsrslvr.dll
08:21:59.0298 2704 Dnscache - ok
08:21:59.0319 2704 [ B1FB3DDCA0FDF408750D5843591AFBC6 ] dot3svc C:\Windows\System32\dot3svc.dll
08:21:59.0323 2704 dot3svc - ok
08:21:59.0331 2704 [ B26F4F737E8F9DF4F31AF6CF31D05820 ] DPS C:\Windows\system32\dps.dll
08:21:59.0334 2704 DPS - ok
08:21:59.0362 2704 [ 9B19F34400D24DF84C858A421C205754 ] drmkaud C:\Windows\system32\drivers\drmkaud.sys
08:21:59.0363 2704 drmkaud - ok
08:21:59.0405 2704 [ F5BEE30450E18E6B83A5012C100616FD ] DXGKrnl C:\Windows\System32\drivers\dxgkrnl.sys
08:21:59.0410 2704 DXGKrnl - ok
08:21:59.0419 2704 [ E2DDA8726DA9CB5B2C4000C9018A9633 ] EapHost C:\Windows\System32\eapsvc.dll
08:21:59.0420 2704 EapHost - ok
08:21:59.0501 2704 [ DC5D737F51BE844D8C82C695EB17372F ] ebdrv C:\Windows\system32\drivers\evbda.sys
08:21:59.0559 2704 ebdrv - ok
08:21:59.0609 2704 [ C118A82CD78818C29AB228366EBF81C3 ] EFS C:\Windows\System32\lsass.exe
08:21:59.0611 2704 EFS - ok
08:21:59.0653 2704 [ C4002B6B41975F057D98C439030CEA07 ] ehRecvr C:\Windows\ehome\ehRecvr.exe
08:21:59.0662 2704 ehRecvr - ok
08:21:59.0673 2704 [ 4705E8EF9934482C5BB488CE28AFC681 ] ehSched C:\Windows\ehome\ehsched.exe
08:21:59.0675 2704 ehSched - ok
08:21:59.0717 2704 [ 0E5DA5369A0FCAEA12456DD852545184 ] elxstor C:\Windows\system32\drivers\elxstor.sys
08:21:59.0723 2704 elxstor - ok
08:21:59.0733 2704 [ 34A3C54752046E79A126E15C51DB409B ] ErrDev C:\Windows\system32\drivers\errdev.sys
08:21:59.0734 2704 ErrDev - ok
08:21:59.0776 2704 [ 84486624268E078255BC7AA47F0960BC ] etdrv C:\Windows\etdrv.sys
08:21:59.0776 2704 etdrv - ok
08:21:59.0797 2704 [ 6C17A702399B0205AB7836C2B45CD806 ] EtronHub3 C:\Windows\system32\Drivers\EtronHub3.sys
08:21:59.0798 2704 EtronHub3 - ok
08:21:59.0804 2704 [ B5348A55CC9541FFA930E30BB0CC8EF6 ] EtronXHCI C:\Windows\system32\Drivers\EtronXHCI.sys
08:21:59.0805 2704 EtronXHCI - ok
08:21:59.0827 2704 [ 4166F82BE4D24938977DD1746BE9B8A0 ] EventSystem C:\Windows\system32\es.dll
08:21:59.0829 2704 EventSystem - ok
08:21:59.0859 2704 [ A510C654EC00C1E9BDD91EEB3A59823B ] exfat C:\Windows\system32\drivers\exfat.sys
08:21:59.0862 2704 exfat - ok
08:21:59.0881 2704 [ 0ADC83218B66A6DB380C330836F3E36D ] fastfat C:\Windows\system32\drivers\fastfat.sys
08:21:59.0884 2704 fastfat - ok
08:21:59.0922 2704 [ DBEFD454F8318A0EF691FDD2EAAB44EB ] Fax C:\Windows\system32\fxssvc.exe
08:21:59.0930 2704 Fax - ok
08:21:59.0946 2704 [ D765D19CD8EF61F650C384F62FAC00AB ] fdc C:\Windows\system32\drivers\fdc.sys
08:21:59.0946 2704 fdc - ok
08:21:59.0959 2704 [ 0438CAB2E03F4FB61455A7956026FE86 ] fdPHost C:\Windows\system32\fdPHost.dll
08:21:59.0960 2704 fdPHost - ok
08:21:59.0965 2704 [ 802496CB59A30349F9A6DD22D6947644 ] FDResPub C:\Windows\system32\fdrespub.dll
08:21:59.0966 2704 FDResPub - ok
08:21:59.0991 2704 [ 655661BE46B5F5F3FD454E2C3095B930 ] FileInfo C:\Windows\system32\drivers\fileinfo.sys
08:21:59.0992 2704 FileInfo - ok
08:22:00.0004 2704 [ 5F671AB5BC87EEA04EC38A6CD5962A47 ] Filetrace C:\Windows\system32\drivers\filetrace.sys
08:22:00.0005 2704 Filetrace - ok
08:22:00.0018 2704 [ C172A0F53008EAEB8EA33FE10E177AF5 ] flpydisk C:\Windows\system32\drivers\flpydisk.sys
08:22:00.0019 2704 flpydisk - ok
08:22:00.0034 2704 [ DA6B67270FD9DB3697B20FCE94950741 ] FltMgr C:\Windows\system32\drivers\fltmgr.sys
08:22:00.0037 2704 FltMgr - ok
08:22:00.0097 2704 [ 5C4CB4086FB83115B153E47ADD961A0C ] FontCache C:\Windows\system32\FntCache.dll
08:22:00.0109 2704 FontCache - ok
08:22:00.0142 2704 [ A8B7F3818AB65695E3A0BB3279F6DCE6 ] FontCache3.0.0.0 C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe
08:22:00.0143 2704 FontCache3.0.0.0 - ok
08:22:00.0159 2704 [ D43703496149971890703B4B1B723EAC ] FsDepends C:\Windows\system32\drivers\FsDepends.sys
08:22:00.0160 2704 FsDepends - ok
08:22:00.0177 2704 [ E95EF8547DE20CF0603557C0CF7A9462 ] Fs_Rec C:\Windows\system32\drivers\Fs_Rec.sys
08:22:00.0178 2704 Fs_Rec - ok
08:22:00.0202 2704 [ 1F7B25B858FA27015169FE95E54108ED ] fvevol C:\Windows\system32\DRIVERS\fvevol.sys
08:22:00.0204 2704 fvevol - ok
08:22:00.0229 2704 [ 8C778D335C9D272CFD3298AB02ABE3B6 ] gagp30kx C:\Windows\system32\drivers\gagp30kx.sys
08:22:00.0230 2704 gagp30kx - ok
08:22:00.0268 2704 [ 7907E14F9BCF3A4689C9A74A1A873CB6 ] gdrv C:\Windows\gdrv.sys
08:22:00.0269 2704 gdrv - ok
08:22:00.0316 2704 [ E403AACF8C7BB11375122D2464560311 ] GEARAspiWDM C:\Windows\system32\DRIVERS\GEARAspiWDM.sys
08:22:00.0317 2704 GEARAspiWDM - ok
08:22:00.0355 2704 [ 277BBC7E1AA1EE957F573A10ECA7EF3A ] gpsvc C:\Windows\System32\gpsvc.dll
08:22:00.0362 2704 gpsvc - ok
08:22:00.0465 2704 [ F02A533F517EB38333CB12A9E8963773 ] gupdate C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
08:22:00.0467 2704 gupdate - ok
08:22:00.0469 2704 [ F02A533F517EB38333CB12A9E8963773 ] gupdatem C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
08:22:00.0470 2704 gupdatem - ok
08:22:00.0501 2704 [ 8126331FBD4ED29EB3B356F9C905064D ] GVTDrv64 C:\Windows\GVTDrv64.sys
08:22:00.0502 2704 GVTDrv64 - ok
08:22:00.0527 2704 [ F2523EF6460FC42405B12248338AB2F0 ] hcw85cir C:\Windows\system32\drivers\hcw85cir.sys
08:22:00.0528 2704 hcw85cir - ok
08:22:00.0562 2704 [ 975761C778E33CD22498059B91E7373A ] HdAudAddService C:\Windows\system32\drivers\HdAudio.sys
08:22:00.0566 2704 HdAudAddService - ok
08:22:00.0612 2704 [ 97BFED39B6B79EB12CDDBFEED51F56BB ] HDAudBus C:\Windows\system32\DRIVERS\HDAudBus.sys
08:22:00.0614 2704 HDAudBus - ok
08:22:00.0616 2704 [ 78E86380454A7B10A5EB255DC44A355F ] HidBatt C:\Windows\system32\drivers\HidBatt.sys
08:22:00.0616 2704 HidBatt - ok
08:22:00.0619 2704 [ 7FD2A313F7AFE5C4DAB14798C48DD104 ] HidBth C:\Windows\system32\drivers\hidbth.sys
08:22:00.0620 2704 HidBth - ok
08:22:00.0635 2704 [ 0A77D29F311B88CFAE3B13F9C1A73825 ] HidIr C:\Windows\system32\drivers\hidir.sys
08:22:00.0636 2704 HidIr - ok
08:22:00.0650 2704 [ BD9EB3958F213F96B97B1D897DEE006D ] hidserv C:\Windows\System32\hidserv.dll
08:22:00.0651 2704 hidserv - ok
08:22:00.0655 2704 [ 9592090A7E2B61CD582B612B6DF70536 ] HidUsb C:\Windows\system32\DRIVERS\hidusb.sys
08:22:00.0656 2704 HidUsb - ok
08:22:00.0674 2704 [ 387E72E739E15E3D37907A86D9FF98E2 ] hkmsvc C:\Windows\system32\kmsvc.dll
08:22:00.0676 2704 hkmsvc - ok
08:22:00.0688 2704 [ EFDFB3DD38A4376F93E7985173813ABD ] HomeGroupListener C:\Windows\system32\ListSvc.dll
08:22:00.0692 2704 HomeGroupListener - ok
08:22:00.0718 2704 [ 908ACB1F594274965A53926B10C81E89 ] HomeGroupProvider C:\Windows\system32\provsvc.dll
08:22:00.0721 2704 HomeGroupProvider - ok
08:22:00.0744 2704 [ 39D2ABCD392F3D8A6DCE7B60AE7B8EFC ] HpSAMD C:\Windows\system32\drivers\HpSAMD.sys
08:22:00.0745 2704 HpSAMD - ok
08:22:00.0773 2704 [ 0EA7DE1ACB728DD5A369FD742D6EEE28 ] HTTP C:\Windows\system32\drivers\HTTP.sys
08:22:00.0780 2704 HTTP - ok
08:22:00.0801 2704 [ A5462BD6884960C9DC85ED49D34FF392 ] hwpolicy C:\Windows\system32\drivers\hwpolicy.sys
08:22:00.0802 2704 hwpolicy - ok
08:22:00.0816 2704 [ FA55C73D4AFFA7EE23AC4BE53B4592D3 ] i8042prt C:\Windows\system32\drivers\i8042prt.sys
08:22:00.0817 2704 i8042prt - ok
08:22:00.0844 2704 [ AAAF44DB3BD0B9D1FB6969B23ECC8366 ] iaStorV C:\Windows\system32\drivers\iaStorV.sys
08:22:00.0849 2704 iaStorV - ok
08:22:00.0884 2704 [ 1CF03C69B49ACB70C722DF92755C0C8C ] IDriverT C:\Program Files (x86)\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
08:22:00.0885 2704 IDriverT - ok
08:22:00.0919 2704 [ 5988FC40F8DB5B0739CD1E3A5D0D78BD ] idsvc C:\Windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\infocard.exe
08:22:00.0927 2704 idsvc - ok
08:22:00.0963 2704 [ 5C18831C61933628F5BB0EA2675B9D21 ] iirsp C:\Windows\system32\drivers\iirsp.sys
08:22:00.0964 2704 iirsp - ok
08:22:01.0025 2704 [ FCD84C381E0140AF901E58D48882D26B ] IKEEXT C:\Windows\System32\ikeext.dll
08:22:01.0033 2704 IKEEXT - ok
08:22:01.0089 2704 [ 03076F51AF9F78A272CCCDE03E9340CE ] IntcAzAudAddService C:\Windows\system32\drivers\RTKVHD64.sys
08:22:01.0099 2704 IntcAzAudAddService - ok
08:22:01.0114 2704 [ F00F20E70C6EC3AA366910083A0518AA ] intelide C:\Windows\system32\drivers\intelide.sys
08:22:01.0115 2704 intelide - ok
08:22:01.0134 2704 [ ADA036632C664CAA754079041CF1F8C1 ] intelppm C:\Windows\system32\DRIVERS\intelppm.sys
08:22:01.0134 2704 intelppm - ok
08:22:01.0143 2704 [ 098A91C54546A3B878DAD6A7E90A455B ] IPBusEnum C:\Windows\system32\ipbusenum.dll
08:22:01.0145 2704 IPBusEnum - ok
08:22:01.0156 2704 [ C9F0E1BD74365A8771590E9008D22AB6 ] IpFilterDriver C:\Windows\system32\DRIVERS\ipfltdrv.sys
08:22:01.0157 2704 IpFilterDriver - ok
08:22:01.0192 2704 [ A34A587FFFD45FA649FBA6D03784D257 ] iphlpsvc C:\Windows\System32\iphlpsvc.dll
08:22:01.0197 2704 iphlpsvc - ok
08:22:01.0213 2704 [ 0FC1AEA580957AA8817B8F305D18CA3A ] IPMIDRV C:\Windows\system32\drivers\IPMIDrv.sys
08:22:01.0214 2704 IPMIDRV - ok
08:22:01.0226 2704 [ AF9B39A7E7B6CAA203B3862582E9F2D0 ] IPNAT C:\Windows\system32\drivers\ipnat.sys
08:22:01.0228 2704 IPNAT - ok
08:22:01.0263 2704 [ EE4C2A137C7088911A8919EFFC9812E7 ] iPod Service C:\Program Files\iPod\bin\iPodService.exe
08:22:01.0271 2704 iPod Service - ok
08:22:01.0296 2704 [ 3ABF5E7213EB28966D55D58B515D5CE9 ] IRENUM C:\Windows\system32\drivers\irenum.sys
08:22:01.0296 2704 IRENUM - ok
08:22:01.0327 2704 [ 2F7B28DC3E1183E5EB418DF55C204F38 ] isapnp C:\Windows\system32\drivers\isapnp.sys
08:22:01.0328 2704 isapnp - ok
08:22:01.0350 2704 [ D931D7309DEB2317035B07C9F9E6B0BD ] iScsiPrt C:\Windows\system32\drivers\msiscsi.sys
08:22:01.0353 2704 iScsiPrt - ok
08:22:01.0366 2704 [ BC02336F1CBA7DCC7D1213BB588A68A5 ] kbdclass C:\Windows\system32\DRIVERS\kbdclass.sys
08:22:01.0367 2704 kbdclass - ok
08:22:01.0382 2704 [ 0705EFF5B42A9DB58548EEC3B26BB484 ] kbdhid C:\Windows\system32\DRIVERS\kbdhid.sys
08:22:01.0382 2704 kbdhid - ok
08:22:01.0392 2704 [ C118A82CD78818C29AB228366EBF81C3 ] KeyIso C:\Windows\system32\lsass.exe
08:22:01.0393 2704 KeyIso - ok
08:22:01.0415 2704 [ DA1E991A61CFDD755A589E206B97644B ] KSecDD C:\Windows\system32\Drivers\ksecdd.sys
08:22:01.0416 2704 KSecDD - ok
08:22:01.0436 2704 [ 7E33198D956943A4F11A5474C1E9106F ] KSecPkg C:\Windows\system32\Drivers\ksecpkg.sys
08:22:01.0437 2704 KSecPkg - ok
08:22:01.0461 2704 [ 6869281E78CB31A43E969F06B57347C4 ] ksthunk C:\Windows\system32\drivers\ksthunk.sys
08:22:01.0462 2704 ksthunk - ok
08:22:01.0504 2704 [ 6AB66E16AA859232F64DEB66887A8C9C ] KtmRm C:\Windows\system32\msdtckrm.dll
08:22:01.0509 2704 KtmRm - ok
08:22:01.0535 2704 [ D9F42719019740BAA6D1C6D536CBDAA6 ] LanmanServer C:\Windows\System32\srvsvc.dll
08:22:01.0538 2704 LanmanServer - ok
08:22:01.0554 2704 [ 851A1382EED3E3A7476DB004F4EE3E1A ] LanmanWorkstation C:\Windows\System32\wkssvc.dll
08:22:01.0556 2704 LanmanWorkstation - ok
08:22:01.0573 2704 [ 1538831CF8AD2979A04C423779465827 ] lltdio C:\Windows\system32\DRIVERS\lltdio.sys
08:22:01.0574 2704 lltdio - ok
08:22:01.0608 2704 [ C1185803384AB3FEED115F79F109427F ] lltdsvc C:\Windows\System32\lltdsvc.dll
08:22:01.0612 2704 lltdsvc - ok
08:22:01.0629 2704 [ F993A32249B66C9D622EA5592A8B76B8 ] lmhosts C:\Windows\System32\lmhsvc.dll
08:22:01.0630 2704 lmhosts - ok
08:22:01.0695 2704 [ 98B0FCC176DFB711B67651BECB88C445 ] LMIGuardianSvc C:\Program Files (x86)\LogMeIn\x64\LMIGuardianSvc.exe
08:22:01.0696 2704 LMIGuardianSvc - ok
08:22:01.0724 2704 [ 0317335B15FF3BDA8E10197E3434CFC0 ] LMIInfo C:\Program Files (x86)\LogMeIn\x64\RaInfo.sys
08:22:01.0725 2704 LMIInfo - ok
08:22:01.0759 2704 [ B712511029CBD68645A90A241FD6AE43 ] LMIMaint C:\Program Files (x86)\LogMeIn\x64\RaMaint.exe
08:22:01.0760 2704 LMIMaint - ok
08:22:01.0768 2704 [ 413ECDCFAD9A82804D3674C8D7EEC24E ] lmimirr C:\Windows\system32\DRIVERS\lmimirr.sys
08:22:01.0768 2704 lmimirr - ok
08:22:01.0778 2704 LMIRfsClientNP - ok
08:22:01.0793 2704 [ C57D3FAA50E6F395759FFB7C709BD944 ] LMIRfsDriver C:\Windows\system32\drivers\LMIRfsDriver.sys
08:22:01.0793 2704 LMIRfsDriver - ok
08:22:01.0828 2704 [ 0803906D607A9B83184447B75B60ECC2 ] LMS C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe
08:22:01.0831 2704 LMS - ok
08:22:01.0855 2704 [ D3760BC17E1755091B7120CF32DBF56B ] LogMeIn C:\Program Files (x86)\LogMeIn\x64\LogMeIn.exe
08:22:01.0857 2704 LogMeIn - ok
08:22:01.0882 2704 [ 1A93E54EB0ECE102495A51266DCDB6A6 ] LSI_FC C:\Windows\system32\drivers\lsi_fc.sys
08:22:01.0884 2704 LSI_FC - ok
08:22:01.0904 2704 [ 1047184A9FDC8BDBFF857175875EE810 ] LSI_SAS C:\Windows\system32\drivers\lsi_sas.sys
08:22:01.0906 2704 LSI_SAS - ok
08:22:01.0919 2704 [ 30F5C0DE1EE8B5BC9306C1F0E4A75F93 ] LSI_SAS2 C:\Windows\system32\drivers\lsi_sas2.sys
08:22:01.0921 2704 LSI_SAS2 - ok
08:22:01.0934 2704 [ 0504EACAFF0D3C8AED161C4B0D369D4A ] LSI_SCSI C:\Windows\system32\drivers\lsi_scsi.sys
08:22:01.0936 2704 LSI_SCSI - ok
08:22:01.0951 2704 [ 43D0F98E1D56CCDDB0D5254CFF7B356E ] luafv C:\Windows\system32\drivers\luafv.sys
08:22:01.0952 2704 luafv - ok
08:22:01.0974 2704 [ 0BE09CD858ABF9DF6ED259D57A1A1663 ] Mcx2Svc C:\Windows\system32\Mcx2Svc.dll
08:22:01.0975 2704 Mcx2Svc - ok
08:22:01.0984 2704 [ A55805F747C6EDB6A9080D7C633BD0F4 ] megasas C:\Windows\system32\drivers\megasas.sys
08:22:01.0984 2704 megasas - ok
08:22:01.0998 2704 [ BAF74CE0072480C3B6B7C13B2A94D6B3 ] MegaSR C:\Windows\system32\drivers\MegaSR.sys
08:22:02.0001 2704 MegaSR - ok
08:22:02.0031 2704 [ A6518DCC42F7A6E999BB3BEA8FD87567 ] MEIx64 C:\Windows\system32\DRIVERS\HECIx64.sys
08:22:02.0032 2704 MEIx64 - ok
08:22:02.0076 2704 Microsoft SharePoint Workspace Audit Service - ok
08:22:02.0113 2704 [ E40E80D0304A73E8D269F7141D77250B ] MMCSS C:\Windows\system32\mmcss.dll
08:22:02.0114 2704 MMCSS - ok
08:22:02.0131 2704 [ 800BA92F7010378B09F9ED9270F07137 ] Modem C:\Windows\system32\drivers\modem.sys
08:22:02.0132 2704 Modem - ok
08:22:02.0173 2704 [ B03D591DC7DA45ECE20B3B467E6AADAA ] monitor C:\Windows\system32\DRIVERS\monitor.sys
08:22:02.0173 2704 monitor - ok
08:22:02.0195 2704 [ 7D27EA49F3C1F687D357E77A470AEA99 ] mouclass C:\Windows\system32\DRIVERS\mouclass.sys
08:22:02.0195 2704 mouclass - ok
08:22:02.0216 2704 [ D3BF052C40B0C4166D9FD86A4288C1E6 ] mouhid C:\Windows\system32\DRIVERS\mouhid.sys
08:22:02.0217 2704 mouhid - ok
08:22:02.0228 2704 [ 32E7A3D591D671A6DF2DB515A5CBE0FA ] mountmgr C:\Windows\system32\drivers\mountmgr.sys
08:22:02.0229 2704 mountmgr - ok
08:22:02.0283 2704 [ 94C66EDEDCDB6A126880472F9A704D8E ] MpFilter C:\Windows\system32\DRIVERS\MpFilter.sys
08:22:02.0285 2704 MpFilter - ok
08:22:02.0298 2704 [ A44B420D30BD56E145D6A2BC8768EC58 ] mpio C:\Windows\system32\drivers\mpio.sys
08:22:02.0300 2704 mpio - ok
08:22:02.0311 2704 [ 6C38C9E45AE0EA2FA5E551F2ED5E978F ] mpsdrv C:\Windows\system32\drivers\mpsdrv.sys
08:22:02.0312 2704 mpsdrv - ok
08:22:02.0349 2704 [ 54FFC9C8898113ACE189D4AA7199D2C1 ] MpsSvc C:\Windows\system32\mpssvc.dll
08:22:02.0360 2704 MpsSvc - ok
08:22:02.0371 2704 [ DC722758B8261E1ABAFD31A3C0A66380 ] MRxDAV C:\Windows\system32\drivers\mrxdav.sys
08:22:02.0374 2704 MRxDAV - ok
08:22:02.0414 2704 [ A5D9106A73DC88564C825D317CAC68AC ] mrxsmb C:\Windows\system32\DRIVERS\mrxsmb.sys
08:22:02.0415 2704 mrxsmb - ok
08:22:02.0433 2704 [ D711B3C1D5F42C0C2415687BE09FC163 ] mrxsmb10 C:\Windows\system32\DRIVERS\mrxsmb10.sys
08:22:02.0436 2704 mrxsmb10 - ok
08:22:02.0444 2704 [ 9423E9D355C8D303E76B8CFBD8A5C30C ] mrxsmb20 C:\Windows\system32\DRIVERS\mrxsmb20.sys
08:22:02.0445 2704 mrxsmb20 - ok
08:22:02.0465 2704 [ C25F0BAFA182CBCA2DD3C851C2E75796 ] msahci C:\Windows\system32\drivers\msahci.sys
08:22:02.0466 2704 msahci - ok
08:22:02.0476 2704 [ DB801A638D011B9633829EB6F663C900 ] msdsm C:\Windows\system32\drivers\msdsm.sys
08:22:02.0479 2704 msdsm - ok
08:22:02.0499 2704 [ DE0ECE52236CFA3ED2DBFC03F28253A8 ] MSDTC C:\Windows\System32\msdtc.exe
08:22:02.0502 2704 MSDTC - ok
08:22:02.0529 2704 [ AA3FB40E17CE1388FA1BEDAB50EA8F96 ] Msfs C:\Windows\system32\drivers\Msfs.sys
08:22:02.0529 2704 Msfs - ok
08:22:02.0548 2704 [ F9D215A46A8B9753F61767FA72A20326 ] mshidkmdf C:\Windows\System32\drivers\mshidkmdf.sys
08:22:02.0548 2704 mshidkmdf - ok
08:22:02.0557 2704 [ D916874BBD4F8B07BFB7FA9B3CCAE29D ] msisadrv C:\Windows\system32\drivers\msisadrv.sys
08:22:02.0558 2704 msisadrv - ok
08:22:02.0582 2704 [ 808E98FF49B155C522E6400953177B08 ] MSiSCSI C:\Windows\system32\iscsiexe.dll
08:22:02.0584 2704 MSiSCSI - ok
08:22:02.0587 2704 msiserver - ok
08:22:02.0618 2704 [ 49CCF2C4FEA34FFAD8B1B59D49439366 ] MSKSSRV C:\Windows\system32\drivers\MSKSSRV.sys
08:22:02.0619 2704 MSKSSRV - ok
08:22:02.0659 2704 [ 59FAAF2C83C8169EA20F9E335E418907 ] MsMpSvc c:\Program Files\Microsoft Security Client\MsMpEng.exe
08:22:02.0660 2704 MsMpSvc - ok
08:22:02.0679 2704 [ BDD71ACE35A232104DDD349EE70E1AB3 ] MSPCLOCK C:\Windows\system32\drivers\MSPCLOCK.sys
08:22:02.0680 2704 MSPCLOCK - ok
08:22:02.0691 2704 [ 4ED981241DB27C3383D72092B618A1D0 ] MSPQM C:\Windows\system32\drivers\MSPQM.sys
08:22:02.0692 2704 MSPQM - ok
08:22:02.0710 2704 [ 759A9EEB0FA9ED79DA1FB7D4EF78866D ] MsRPC C:\Windows\system32\drivers\MsRPC.sys
08:22:02.0715 2704 MsRPC - ok
08:22:02.0727 2704 [ 0EED230E37515A0EAEE3C2E1BC97B288 ] mssmbios C:\Windows\system32\DRIVERS\mssmbios.sys
08:22:02.0728 2704 mssmbios - ok
08:22:02.0832 2704 [ 3AE13C9869B7CE1135BCF21C0AAA68ED ] MSSQL$MSTRACK c:\Program Files\Microsoft SQL Server\MSSQL11.MSTRACK\MSSQL\Binn\sqlservr.exe
08:22:02.0834 2704 MSSQL$MSTRACK - ok
08:22:02.0854 2704 [ 2E66F9ECB30B4221A318C92AC2250779 ] MSTEE C:\Windows\system32\drivers\MSTEE.sys
08:22:02.0855 2704 MSTEE - ok
08:22:02.0863 2704 [ 7EA404308934E675BFFDE8EDF0757BCD ] MTConfig C:\Windows\system32\drivers\MTConfig.sys
08:22:02.0864 2704 MTConfig - ok
08:22:02.0889 2704 [ F9A18612FD3526FE473C1BDA678D61C8 ] Mup C:\Windows\system32\Drivers\mup.sys
08:22:02.0890 2704 Mup - ok
08:22:02.0919 2704 [ 582AC6D9873E31DFA28A4547270862DD ] napagent C:\Windows\system32\qagentRT.dll
08:22:02.0927 2704 napagent - ok
08:22:02.0948 2704 [ 1EA3749C4114DB3E3161156FFFFA6B33 ] NativeWifiP C:\Windows\system32\DRIVERS\nwifi.sys
08:22:02.0953 2704 NativeWifiP - ok
08:22:02.0994 2704 [ 79B47FD40D9A817E932F9D26FAC0A81C ] NDIS C:\Windows\system32\drivers\ndis.sys
08:22:03.0000 2704 NDIS - ok
08:22:03.0009 2704 [ 9F9A1F53AAD7DA4D6FEF5BB73AB811AC ] NdisCap C:\Windows\system32\DRIVERS\ndiscap.sys
08:22:03.0010 2704 NdisCap - ok
08:22:03.0028 2704 [ 30639C932D9FEF22B31268FE25A1B6E5 ] NdisTapi C:\Windows\system32\DRIVERS\ndistapi.sys
08:22:03.0028 2704 NdisTapi - ok
08:22:03.0040 2704 [ 136185F9FB2CC61E573E676AA5402356 ] Ndisuio C:\Windows\system32\DRIVERS\ndisuio.sys
08:22:03.0041 2704 Ndisuio - ok
08:22:03.0064 2704 [ 53F7305169863F0A2BDDC49E116C2E11 ] NdisWan C:\Windows\system32\DRIVERS\ndiswan.sys
08:22:03.0066 2704 NdisWan - ok
08:22:03.0078 2704 [ 015C0D8E0E0421B4CFD48CFFE2825879 ] NDProxy C:\Windows\system32\drivers\NDProxy.sys
08:22:03.0080 2704 NDProxy - ok
08:22:03.0131 2704 [ 2C723E42FC8D7B0209492828F921FB50 ] Net Driver HPZ12 C:\Windows\system32\HPZinw12.dll
08:22:03.0133 2704 Net Driver HPZ12 - ok
08:22:03.0182 2704 [ 6F4607E2333FE21E9E3FF8133A88B35B ] Netaapl C:\Windows\system32\DRIVERS\netaapl64.sys
08:22:03.0183 2704 Netaapl - ok
08:22:03.0204 2704 [ 86743D9F5D2B1048062B14B1D84501C4 ] NetBIOS C:\Windows\system32\DRIVERS\netbios.sys
08:22:03.0205 2704 NetBIOS - ok
08:22:03.0214 2704 [ 09594D1089C523423B32A4229263F068 ] NetBT C:\Windows\system32\DRIVERS\netbt.sys
08:22:03.0217 2704 NetBT - ok
08:22:03.0233 2704 [ C118A82CD78818C29AB228366EBF81C3 ] Netlogon C:\Windows\system32\lsass.exe
08:22:03.0235 2704 Netlogon - ok
08:22:03.0265 2704 [ 847D3AE376C0817161A14A82C8922A9E ] Netman C:\Windows\System32\netman.dll
08:22:03.0269 2704 Netman - ok
08:22:03.0300 2704 [ D22CD77D4F0D63D1169BB35911BFF12D ] NetMsmqActivator C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
08:22:03.0302 2704 NetMsmqActivator - ok
08:22:03.0307 2704 [ D22CD77D4F0D63D1169BB35911BFF12D ] NetPipeActivator C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
08:22:03.0309 2704 NetPipeActivator - ok
08:22:03.0335 2704 [ 5F28111C648F1E24F7DBC87CDEB091B8 ] netprofm C:\Windows\System32\netprofm.dll
08:22:03.0342 2704 netprofm - ok
08:22:03.0345 2704 [ D22CD77D4F0D63D1169BB35911BFF12D ] NetTcpActivator C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
08:22:03.0346 2704 NetTcpActivator - ok
08:22:03.0349 2704 [ D22CD77D4F0D63D1169BB35911BFF12D ] NetTcpPortSharing C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
08:22:03.0350 2704 NetTcpPortSharing - ok
08:22:03.0376 2704 [ 77889813BE4D166CDAB78DDBA990DA92 ] nfrd960 C:\Windows\system32\drivers\nfrd960.sys
08:22:03.0377 2704 nfrd960 - ok
08:22:03.0412 2704 [ 91B4E0273D2F6C24EF845F2B41311289 ] NisDrv C:\Windows\system32\DRIVERS\NisDrvWFP.sys
08:22:03.0414 2704 NisDrv - ok
08:22:03.0446 2704 [ 10A43829A9E606AF3EEF25A1C1665923 ] NisSrv c:\Program Files\Microsoft Security Client\NisSrv.exe
08:22:03.0449 2704 NisSrv - ok
08:22:03.0469 2704 [ 1EE99A89CC788ADA662441D1E9830529 ] NlaSvc C:\Windows\System32\nlasvc.dll
08:22:03.0475 2704 NlaSvc - ok
08:22:03.0486 2704 [ 1E4C4AB5C9B8DD13179BBDC75A2A01F7 ] Npfs C:\Windows\system32\drivers\Npfs.sys
08:22:03.0487 2704 Npfs - ok
08:22:03.0510 2704 [ D54BFDF3E0C953F823B3D0BFE4732528 ] nsi C:\Windows\system32\nsisvc.dll
08:22:03.0512 2704 nsi - ok
08:22:03.0523 2704 [ E7F5AE18AF4168178A642A9247C63001 ] nsiproxy C:\Windows\system32\drivers\nsiproxy.sys
08:22:03.0524 2704 nsiproxy - ok
08:22:03.0574 2704 [ A2F74975097F52A00745F9637451FDD8 ] Ntfs C:\Windows\system32\drivers\Ntfs.sys
08:22:03.0585 2704 Ntfs - ok
08:22:03.0618 2704 [ 317020D31F1696334679B9D0416EB62E ] NuidFltr C:\Windows\system32\DRIVERS\NuidFltr.sys
08:22:03.0619 2704 NuidFltr - ok
08:22:03.0640 2704 [ 9899284589F75FA8724FF3D16AED75C1 ] Null C:\Windows\system32\drivers\Null.sys
08:22:03.0640 2704 Null - ok
08:22:03.0669 2704 [ 7C5B642380B9ADE6734721057C03F900 ] NVHDA C:\Windows\system32\drivers\nvhda64v.sys
08:22:03.0671 2704 NVHDA - ok
08:22:03.0901 2704 [ B34E9BFBD9C61048EF6281C3E7EC210A ] nvlddmkm C:\Windows\system32\DRIVERS\nvlddmkm.sys
08:22:03.0946 2704 nvlddmkm - ok
08:22:03.0967 2704 [ 0A92CB65770442ED0DC44834632F66AD ] nvraid C:\Windows\system32\drivers\nvraid.sys
08:22:03.0969 2704 nvraid - ok
08:22:03.0994 2704 [ DAB0E87525C10052BF65F06152F37E4A ] nvstor C:\Windows\system32\drivers\nvstor.sys
08:22:03.0996 2704 nvstor - ok
08:22:04.0040 2704 [ DFDA089BB2CD0FF7E789E2EF6BA1E4BA ] NVSvc C:\Windows\system32\nvvsvc.exe
08:22:04.0054 2704 NVSvc - ok
08:22:04.0145 2704 [ E7818CD4FB51284C948D68A7A85A69B8 ] nvUpdatusService C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe
08:22:04.0171 2704 nvUpdatusService - ok
08:22:04.0223 2704 [ 270D7CD42D6E3979F6DD0146650F0E05 ] nv_agp C:\Windows\system32\drivers\nv_agp.sys
08:22:04.0225 2704 nv_agp - ok
08:22:04.0257 2704 [ 3589478E4B22CE21B41FA1BFC0B8B8A0 ] ohci1394 C:\Windows\system32\drivers\ohci1394.sys
08:22:04.0259 2704 ohci1394 - ok
08:22:04.0305 2704 [ 5A432A042DAE460ABE7199B758E8606C ] ose C:\Program Files (x86)\Common Files\Microsoft Shared\Source Engine\OSE.EXE
08:22:04.0307 2704 ose - ok
08:22:04.0384 2704 [ 4965B005492CBA7719E82B71E3245495 ] ose64 C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE
08:22:04.0387 2704 ose64 - ok
08:22:04.0599 2704 [ 61BFFB5F57AD12F83AB64B7181829B34 ] osppsvc C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE
08:22:04.0638 2704 osppsvc - ok
08:22:04.0662 2704 [ 3EAC4455472CC2C97107B5291E0DCAFE ] p2pimsvc C:\Windows\system32\pnrpsvc.dll
08:22:04.0666 2704 p2pimsvc - ok
08:22:04.0678 2704 [ 927463ECB02179F88E4B9A17568C63C3 ] p2psvc C:\Windows\system32\p2psvc.dll
08:22:04.0683 2704 p2psvc - ok
08:22:04.0698 2704 [ 0086431C29C35BE1DBC43F52CC273887 ] Parport C:\Windows\system32\drivers\parport.sys
08:22:04.0699 2704 Parport - ok
08:22:04.0715 2704 [ 871EADAC56B0A4C6512BBE32753CCF79 ] partmgr C:\Windows\system32\drivers\partmgr.sys
08:22:04.0715 2704 partmgr - ok
08:22:04.0728 2704 [ 3AEAA8B561E63452C655DC0584922257 ] PcaSvc C:\Windows\System32\pcasvc.dll
08:22:04.0731 2704 PcaSvc - ok
08:22:04.0743 2704 [ 94575C0571D1462A0F70BDE6BD6EE6B3 ] pci C:\Windows\system32\drivers\pci.sys
08:22:04.0745 2704 pci - ok
08:22:04.0766 2704 [ B5B8B5EF2E5CB34DF8DCF8831E3534FA ] pciide C:\Windows\system32\drivers\pciide.sys
08:22:04.0767 2704 pciide - ok
08:22:04.0783 2704 [ B2E81D4E87CE48589F98CB8C05B01F2F ] pcmcia C:\Windows\system32\drivers\pcmcia.sys
08:22:04.0786 2704 pcmcia - ok
08:22:04.0804 2704 [ D6B9C2E1A11A3A4B26A182FFEF18F603 ] pcw C:\Windows\system32\drivers\pcw.sys
08:22:04.0805 2704 pcw - ok
08:22:04.0824 2704 [ 68769C3356B3BE5D1C732C97B9A80D6E ] PEAUTH C:\Windows\system32\drivers\peauth.sys
08:22:04.0831 2704 PEAUTH - ok
08:22:04.0879 2704 [ B9B0A4299DD2D76A4243F75FD54DC680 ] PeerDistSvc C:\Windows\system32\peerdistsvc.dll
08:22:04.0896 2704 PeerDistSvc - ok
08:22:04.0957 2704 [ E495E408C93141E8FC72DC0C6046DDFA ] PerfHost C:\Windows\SysWow64\perfhost.exe
08:22:04.0958 2704 PerfHost - ok
08:22:05.0009 2704 [ C7CF6A6E137463219E1259E3F0F0DD6C ] pla C:\Windows\system32\pla.dll
08:22:05.0026 2704 pla - ok
08:22:05.0058 2704 [ 25FBDEF06C4D92815B353F6E792C8129 ] PlugPlay C:\Windows\system32\umpnpmgr.dll
08:22:05.0064 2704 PlugPlay - ok
08:22:05.0085 2704 [ 171E6D91A20AAC8D02172A64E82CE90B ] Pml Driver HPZ12 C:\Windows\system32\HPZipm12.dll
08:22:05.0087 2704 Pml Driver HPZ12 - ok
08:22:05.0097 2704 [ 7195581CEC9BB7D12ABE54036ACC2E38 ] PNRPAutoReg C:\Windows\system32\pnrpauto.dll
08:22:05.0099 2704 PNRPAutoReg - ok
08:22:05.0112 2704 [ 3EAC4455472CC2C97107B5291E0DCAFE ] PNRPsvc C:\Windows\system32\pnrpsvc.dll
08:22:05.0115 2704 PNRPsvc - ok
08:22:05.0137 2704 [ 4F0878FD62D5F7444C5F1C4C66D9D293 ] Point64 C:\Windows\system32\DRIVERS\point64.sys
08:22:05.0138 2704 Point64 - ok
08:22:05.0164 2704 [ 4F15D75ADF6156BF56ECED6D4A55C389 ] PolicyAgent C:\Windows\System32\ipsecsvc.dll
08:22:05.0171 2704 PolicyAgent - ok
08:22:05.0197 2704 [ 6BA9D927DDED70BD1A9CADED45F8B184 ] Power C:\Windows\system32\umpo.dll
08:22:05.0200 2704 Power - ok
08:22:05.0233 2704 [ F92A2C41117A11A00BE01CA01A7FCDE9 ] PptpMiniport C:\Windows\system32\DRIVERS\raspptp.sys
08:22:05.0234 2704 PptpMiniport - ok
08:22:05.0249 2704 [ 0D922E23C041EFB1C3FAC2A6F943C9BF ] Processor C:\Windows\system32\drivers\processr.sys
08:22:05.0250 2704 Processor - ok
08:22:05.0271 2704 [ 5C78838B4D166D1A27DB3A8A820C799A ] ProfSvc C:\Windows\system32\profsvc.dll
08:22:05.0275 2704 ProfSvc - ok
08:22:05.0284 2704 [ C118A82CD78818C29AB228366EBF81C3 ] ProtectedStorage C:\Windows\system32\lsass.exe
08:22:05.0286 2704 ProtectedStorage - ok
08:22:05.0306 2704 [ 0557CF5A2556BD58E26384169D72438D ] Psched C:\Windows\system32\DRIVERS\pacer.sys
08:22:05.0307 2704 Psched - ok
08:22:05.0359 2704 [ 543A4EF0923BF70D126625B034EF25AF ] PSI_SVC_2 c:\Program Files (x86)\Common Files\Protexis\License Service\PsiService_2.exe
08:22:05.0361 2704 PSI_SVC_2 - ok
08:22:05.0452 2704 [ EEF3CAEADBA9EFD5BA8C92B8AE484BD4 ] QBCFMonitorService C:\Program Files (x86)\Common Files\Intuit\QuickBooks\QBCFMonitorService.exe
08:22:05.0452 2704 QBCFMonitorService - ok
08:22:05.0518 2704 [ 2241EAF40E472C471CB80CF6B97CCA11 ] QBFCService C:\Program Files (x86)\Common Files\Intuit\QuickBooks\FCS\Intuit.QuickBooks.FCS.exe
08:22:05.0519 2704 QBFCService - ok
08:22:05.0580 2704 [ A53A15A11EBFD21077463EE2C7AFEEF0 ] ql2300 C:\Windows\system32\drivers\ql2300.sys
08:22:05.0597 2704 ql2300 - ok
08:22:05.0609 2704 [ 4F6D12B51DE1AAEFF7DC58C4D75423C8 ] ql40xx C:\Windows\system32\drivers\ql40xx.sys
08:22:05.0611 2704 ql40xx - ok
08:22:05.0635 2704 [ 906191634E99AEA92C4816150BDA3732 ] QWAVE C:\Windows\system32\qwave.dll
08:22:05.0639 2704 QWAVE - ok
08:22:05.0649 2704 [ 76707BB36430888D9CE9D705398ADB6C ] QWAVEdrv C:\Windows\system32\drivers\qwavedrv.sys
08:22:05.0650 2704 QWAVEdrv - ok
08:22:05.0665 2704 [ 5A0DA8AD5762FA2D91678A8A01311704 ] RasAcd C:\Windows\system32\DRIVERS\rasacd.sys
08:22:05.0666 2704 RasAcd - ok
08:22:05.0680 2704 [ 7ECFF9B22276B73F43A99A15A6094E90 ] RasAgileVpn C:\Windows\system32\DRIVERS\AgileVpn.sys
08:22:05.0681 2704 RasAgileVpn - ok
08:22:05.0688 2704 [ 8F26510C5383B8DBE976DE1CD00FC8C7 ] RasAuto C:\Windows\System32\rasauto.dll
08:22:05.0690 2704 RasAuto - ok
08:22:05.0702 2704 [ 471815800AE33E6F1C32FB1B97C490CA ] Rasl2tp C:\Windows\system32\DRIVERS\rasl2tp.sys
08:22:05.0704 2704 Rasl2tp - ok
08:22:05.0721 2704 [ EE867A0870FC9E4972BA9EAAD35651E2 ] RasMan C:\Windows\System32\rasmans.dll
08:22:05.0726 2704 RasMan - ok
08:22:05.0733 2704 [ 855C9B1CD4756C5E9A2AA58A15F58C25 ] RasPppoe C:\Windows\system32\DRIVERS\raspppoe.sys
08:22:05.0735 2704 RasPppoe - ok
08:22:05.0758 2704 [ E8B1E447B008D07FF47D016C2B0EEECB ] RasSstp C:\Windows\system32\DRIVERS\rassstp.sys
08:22:05.0760 2704 RasSstp - ok
08:22:05.0776 2704 [ 77F665941019A1594D887A74F301FA2F ] rdbss C:\Windows\system32\DRIVERS\rdbss.sys
08:22:05.0780 2704 rdbss - ok
08:22:05.0797 2704 [ 302DA2A0539F2CF54D7C6CC30C1F2D8D ] rdpbus C:\Windows\system32\DRIVERS\rdpbus.sys
08:22:05.0798 2704 rdpbus - ok
08:22:05.0821 2704 [ CEA6CC257FC9B7715F1C2B4849286D24 ] RDPCDD C:\Windows\system32\DRIVERS\RDPCDD.sys
08:22:05.0821 2704 RDPCDD - ok
08:22:05.0847 2704 [ 1B6163C503398B23FF8B939C67747683 ] RDPDR C:\Windows\system32\drivers\rdpdr.sys
08:22:05.0850 2704 RDPDR - ok
08:22:05.0858 2704 [ BB5971A4F00659529A5C44831AF22365 ] RDPENCDD C:\Windows\system32\drivers\rdpencdd.sys
08:22:05.0859 2704 RDPENCDD - ok
08:22:05.0864 2704 [ 216F3FA57533D98E1F74DED70113177A ] RDPREFMP C:\Windows\system32\drivers\rdprefmp.sys
08:22:05.0864 2704 RDPREFMP - ok
08:22:05.0887 2704 [ 70CBA1A0C98600A2AA1863479B35CB90 ] RdpVideoMiniport C:\Windows\system32\drivers\rdpvideominiport.sys
08:22:05.0888 2704 RdpVideoMiniport - ok
08:22:05.0923 2704 [ 6D76E6433574B058ADCB0C50DF834492 ] RDPWD C:\Windows\system32\drivers\RDPWD.sys
08:22:05.0926 2704 RDPWD - ok
08:22:05.0943 2704 [ 34ED295FA0121C241BFEF24764FC4520 ] rdyboost C:\Windows\system32\drivers\rdyboost.sys
08:22:05.0946 2704 rdyboost - ok
08:22:05.0968 2704 [ 254FB7A22D74E5511C73A3F6D802F192 ] RemoteAccess C:\Windows\System32\mprdim.dll
08:22:05.0971 2704 RemoteAccess - ok
08:22:05.0990 2704 [ E4D94F24081440B5FC5AA556C7C62702 ] RemoteRegistry C:\Windows\system32\regsvc.dll
08:22:05.0993 2704 RemoteRegistry - ok
08:22:06.0011 2704 [ E4DC58CF7B3EA515AE917FF0D402A7BB ] RpcEptMapper C:\Windows\System32\RpcEpMap.dll
08:22:06.0014 2704 RpcEptMapper - ok
08:22:06.0031 2704 [ D5BA242D4CF8E384DB90E6A8ED850B8C ] RpcLocator C:\Windows\system32\locator.exe
08:22:06.0032 2704 RpcLocator - ok
08:22:06.0047 2704 [ 5C627D1B1138676C0A7AB2C2C190D123 ] RpcSs C:\Windows\system32\rpcss.dll
08:22:06.0052 2704 RpcSs - ok
08:22:06.0096 2704 [ 5AA85332CB1694871B2F0704E0FC9113 ] RsFx0200 C:\Windows\system32\DRIVERS\RsFx0200.sys
08:22:06.0101 2704 RsFx0200 - ok
08:22:06.0140 2704 [ DDC86E4F8E7456261E637E3552E804FF ] rspndr C:\Windows\system32\DRIVERS\rspndr.sys
08:22:06.0142 2704 rspndr - ok
08:22:06.0175 2704 [ 712944C0A377E9B8743F95BD83E882D4 ] RTL8167 C:\Windows\system32\DRIVERS\Rt64win7.sys
08:22:06.0178 2704 RTL8167 - ok
08:22:06.0204 2704 [ E60C0A09F997826C7627B244195AB581 ] s3cap C:\Windows\system32\drivers\vms3cap.sys
08:22:06.0205 2704 s3cap - ok
08:22:06.0217 2704 [ C118A82CD78818C29AB228366EBF81C3 ] SamSs C:\Windows\system32\lsass.exe
08:22:06.0219 2704 SamSs - ok
08:22:06.0230 2704 [ AC03AF3329579FFFB455AA2DAABBE22B ] sbp2port C:\Windows\system32\drivers\sbp2port.sys
08:22:06.0232 2704 sbp2port - ok
08:22:06.0249 2704 [ 9B7395789E3791A3B6D000FE6F8B131E ] SCardSvr C:\Windows\System32\SCardSvr.dll
08:22:06.0253 2704 SCardSvr - ok
08:22:06.0258 2704 [ 253F38D0D7074C02FF8DEB9836C97D2B ] scfilter C:\Windows\system32\DRIVERS\scfilter.sys
08:22:06.0259 2704 scfilter - ok
08:22:06.0287 2704 [ 262F6592C3299C005FD6BEC90FC4463A ] Schedule C:\Windows\system32\schedsvc.dll
08:22:06.0294 2704 Schedule - ok
08:22:06.0311 2704 [ F17D1D393BBC69C5322FBFAFACA28C7F ] SCPolicySvc C:\Windows\System32\certprop.dll
08:22:06.0312 2704 SCPolicySvc - ok
08:22:06.0319 2704 [ 6EA4234DC55346E0709560FE7C2C1972 ] SDRSVC C:\Windows\System32\SDRSVC.dll
08:22:06.0322 2704 SDRSVC - ok
08:22:06.0346 2704 [ 3EA8A16169C26AFBEB544E0E48421186 ] secdrv C:\Windows\system32\drivers\secdrv.sys
08:22:06.0347 2704 secdrv - ok
08:22:06.0355 2704 [ BC617A4E1B4FA8DF523A061739A0BD87 ] seclogon C:\Windows\system32\seclogon.dll
08:22:06.0356 2704 seclogon - ok
08:22:06.0368 2704 [ C32AB8FA018EF34C0F113BD501436D21 ] SENS C:\Windows\system32\sens.dll
08:22:06.0370 2704 SENS - ok
08:22:06.0373 2704 [ 0336CFFAFAAB87A11541F1CF1594B2B2 ] SensrSvc C:\Windows\system32\sensrsvc.dll
08:22:06.0374 2704 SensrSvc - ok
08:22:06.0412 2704 [ 3DC3EC72952BD60C438E397781FF0572 ] Ser2pl C:\Windows\system32\DRIVERS\ser2pl64.sys
08:22:06.0414 2704 Ser2pl - ok
08:22:06.0426 2704 [ CB624C0035412AF0DEBEC78C41F5CA1B ] Serenum C:\Windows\system32\DRIVERS\serenum.sys
08:22:06.0427 2704 Serenum - ok
08:22:06.0453 2704 [ C1D8E28B2C2ADFAEC4BA89E9FDA69BD6 ] Serial C:\Windows\system32\DRIVERS\serial.sys
08:22:06.0454 2704 Serial - ok
08:22:06.0473 2704 [ 1C545A7D0691CC4A027396535691C3E3 ] sermouse C:\Windows\system32\drivers\sermouse.sys
08:22:06.0474 2704 sermouse - ok
08:22:06.0497 2704 [ 0B6231BF38174A1628C4AC812CC75804 ] SessionEnv C:\Windows\system32\sessenv.dll
08:22:06.0500 2704 SessionEnv - ok
08:22:06.0509 2704 [ A554811BCD09279536440C964AE35BBF ] sffdisk C:\Windows\system32\drivers\sffdisk.sys
08:22:06.0509 2704 sffdisk - ok
08:22:06.0512 2704 [ FF414F0BAEFEBA59BC6C04B3DB0B87BF ] sffp_mmc C:\Windows\system32\drivers\sffp_mmc.sys
08:22:06.0512 2704 sffp_mmc - ok
08:22:06.0527 2704 [ DD85B78243A19B59F0637DCF284DA63C ] sffp_sd C:\Windows\system32\drivers\sffp_sd.sys
08:22:06.0528 2704 sffp_sd - ok
08:22:06.0538 2704 [ A9D601643A1647211A1EE2EC4E433FF4 ] sfloppy C:\Windows\system32\drivers\sfloppy.sys
08:22:06.0539 2704 sfloppy - ok
08:22:06.0586 2704 [ B95F6501A2F8B2E78C697FEC401970CE ] SharedAccess C:\Windows\System32\ipnathlp.dll
08:22:06.0591 2704 SharedAccess - ok
08:22:06.0603 2704 [ AAF932B4011D14052955D4B212A4DA8D ] ShellHWDetection C:\Windows\System32\shsvcs.dll
08:22:06.0607 2704 ShellHWDetection - ok
08:22:06.0625 2704 [ 843CAF1E5FDE1FFD5FF768F23A51E2E1 ] SiSRaid2 C:\Windows\system32\drivers\SiSRaid2.sys
08:22:06.0626 2704 SiSRaid2 - ok
08:22:06.0641 2704 [ 6A6C106D42E9FFFF8B9FCB4F754F6DA4 ] SiSRaid4 C:\Windows\system32\drivers\sisraid4.sys
08:22:06.0643 2704 SiSRaid4 - ok
08:22:06.0786 2704 [ 753D254205E0A62100A050BD8B458D06 ] Skype C2C Service C:\ProgramData\Skype\Toolbars\Skype C2C Service\c2c_service.exe
08:22:06.0813 2704 Skype C2C Service - ok
08:22:06.0836 2704 [ DDAA5F4A6B958FC313EBD02DD925752F ] SkypeUpdate C:\Program Files (x86)\Skype\Updater\Updater.exe
08:22:06.0837 2704 SkypeUpdate - ok
08:22:06.0910 2704 [ 101556F6216E97F1258D87C38203695F ] Smart TimeLock C:\Program Files (x86)\GIGABYTE\Smart6\Timelock\TimeMgmtDaemon.exe
08:22:06.0911 2704 Smart TimeLock - ok
08:22:06.0935 2704 [ 548260A7B8654E024DC30BF8A7C5BAA4 ] Smb C:\Windows\system32\DRIVERS\smb.sys
08:22:06.0937 2704 Smb - ok
08:22:06.0962 2704 [ 6313F223E817CC09AA41811DAA7F541D ] SNMPTRAP C:\Windows\System32\snmptrap.exe
08:22:06.0963 2704 SNMPTRAP - ok
08:22:06.0969 2704 [ B9E31E5CACDFE584F34F730A677803F9 ] spldr C:\Windows\system32\drivers\spldr.sys
08:22:06.0970 2704 spldr - ok
08:22:06.0982 2704 [ B96C17B5DC1424D56EEA3A99E97428CD ] Spooler C:\Windows\System32\spoolsv.exe
08:22:06.0986 2704 Spooler - ok
08:22:07.0054 2704 [ E17E0188BB90FAE42D83E98707EFA59C ] sppsvc C:\Windows\system32\sppsvc.exe
08:22:07.0091 2704 sppsvc - ok
08:22:07.0106 2704 [ 93D7D61317F3D4BC4F4E9F8A96A7DE45 ] sppuinotify C:\Windows\system32\sppuinotify.dll
08:22:07.0108 2704 sppuinotify - ok
08:22:07.0167 2704 [ B70FAF0C7C5737AA6973E14B45477730 ] SQLAgent$MSTRACK c:\Program Files\Microsoft SQL Server\MSSQL11.MSTRACK\MSSQL\Binn\SQLAGENT.EXE
08:22:07.0175 2704 SQLAgent$MSTRACK - ok
08:22:07.0261 2704 [ E9254892A2D74E537BAD3092F0F8EE40 ] SQLBrowser c:\Program Files (x86)\Microsoft SQL Server\90\Shared\sqlbrowser.exe
08:22:07.0265 2704 SQLBrowser - ok
08:22:07.0327 2704 [ EAD5300C93946B0250A309E2BF2BE4CF ] SQLWriter c:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe
08:22:07.0329 2704 SQLWriter - ok
08:22:07.0352 2704 [ 441FBA48BFF01FDB9D5969EBC1838F0B ] srv C:\Windows\system32\DRIVERS\srv.sys
08:22:07.0357 2704 srv - ok
08:22:07.0370 2704 [ B4ADEBBF5E3677CCE9651E0F01F7CC28 ] srv2 C:\Windows\system32\DRIVERS\srv2.sys
08:22:07.0375 2704 srv2 - ok
08:22:07.0387 2704 [ 27E461F0BE5BFF5FC737328F749538C3 ] srvnet C:\Windows\system32\DRIVERS\srvnet.sys
08:22:07.0389 2704 srvnet - ok
08:22:07.0408 2704 [ 51B52FBD583CDE8AA9BA62B8B4298F33 ] SSDPSRV C:\Windows\System32\ssdpsrv.dll
08:22:07.0410 2704 SSDPSRV - ok
08:22:07.0419 2704 [ AB7AEBF58DAD8DAAB7A6C45E6A8885CB ] SstpSvc C:\Windows\system32\sstpsvc.dll
08:22:07.0421 2704 SstpSvc - ok
08:22:07.0450 2704 [ 44B199D7C03F5234B05B3A93C964A57E ] Stereo Service C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
08:22:07.0454 2704 Stereo Service - ok
08:22:07.0476 2704 [ F3817967ED533D08327DC73BC4D5542A ] stexstor C:\Windows\system32\drivers\stexstor.sys
08:22:07.0477 2704 stexstor - ok
08:22:07.0504 2704 [ 8DD52E8E6128F4B2DA92CE27402871C1 ] stisvc C:\Windows\System32\wiaservc.dll
08:22:07.0511 2704 stisvc - ok
08:22:07.0529 2704 [ 7785DC213270D2FC066538DAF94087E7 ] storflt C:\Windows\system32\drivers\vmstorfl.sys
08:22:07.0530 2704 storflt - ok
08:22:07.0560 2704 [ D34E4943D5AC096C8EDEEBFD80D76E23 ] storvsc C:\Windows\system32\drivers\storvsc.sys
08:22:07.0560 2704 storvsc - ok
08:22:07.0573 2704 [ D01EC09B6711A5F8E7E6564A4D0FBC90 ] swenum C:\Windows\system32\DRIVERS\swenum.sys
08:22:07.0573 2704 swenum - ok
08:22:07.0600 2704 [ E08E46FDD841B7184194011CA1955A0B ] swprv C:\Windows\System32\swprv.dll
08:22:07.0606 2704 swprv - ok
08:22:07.0616 2704 [ C3A39C4079305480972D29C44B868C78 ] Synth3dVsc C:\Windows\system32\drivers\synth3dvsc.sys
08:22:07.0617 2704 Synth3dVsc - ok
08:22:07.0650 2704 [ BF9CCC0BF39B418C8D0AE8B05CF95B7D ] SysMain C:\Windows\system32\sysmain.dll
08:22:07.0665 2704 SysMain - ok
08:22:07.0677 2704 [ E3C61FD7B7C2557E1F1B0B4CEC713585 ] TabletInputService C:\Windows\System32\TabSvc.dll
08:22:07.0679 2704 TabletInputService - ok
08:22:07.0689 2704 [ 40F0849F65D13EE87B9A9AE3C1DD6823 ] TapiSrv C:\Windows\System32\tapisrv.dll
08:22:07.0691 2704 TapiSrv - ok
08:22:07.0701 2704 [ 1BE03AC720F4D302EA01D40F588162F6 ] TBS C:\Windows\System32\tbssvc.dll
08:22:07.0702 2704 TBS - ok
08:22:07.0757 2704 [ FC62769E7BFF2896035AEED399108162 ] Tcpip C:\Windows\system32\drivers\tcpip.sys
08:22:07.0764 2704 Tcpip - ok
08:22:07.0792 2704 [ FC62769E7BFF2896035AEED399108162 ] TCPIP6 C:\Windows\system32\DRIVERS\tcpip.sys
08:22:07.0799 2704 TCPIP6 - ok
08:22:07.0812 2704 [ DF687E3D8836BFB04FCC0615BF15A519 ] tcpipreg C:\Windows\system32\drivers\tcpipreg.sys
08:22:07.0813 2704 tcpipreg - ok
08:22:07.0821 2704 [ 3371D21011695B16333A3934340C4E7C ] TDPIPE C:\Windows\system32\drivers\tdpipe.sys
08:22:07.0822 2704 TDPIPE - ok
08:22:07.0855 2704 [ 51C5ECEB1CDEE2468A1748BE550CFBC8 ] TDTCP C:\Windows\system32\drivers\tdtcp.sys
08:22:07.0856 2704 TDTCP - ok
08:22:07.0879 2704 [ DDAD5A7AB24D8B65F8D724F5C20FD806 ] tdx C:\Windows\system32\DRIVERS\tdx.sys
08:22:07.0880 2704 tdx - ok
08:22:07.0997 2704 [ 2BBB318EA9F34FDC508CEA4AAB98D770 ] TeamViewer7 C:\Program Files (x86)\TeamViewer\Version7\TeamViewer_Service.exe
08:22:08.0007 2704 TeamViewer7 - ok
08:22:08.0015 2704 [ 561E7E1F06895D78DE991E01DD0FB6E5 ] TermDD C:\Windows\system32\DRIVERS\termdd.sys
08:22:08.0015 2704 TermDD - ok
08:22:08.0039 2704 [ 2B5BDFF688EC9871D7EC5837833374E9 ] terminpt C:\Windows\system32\drivers\terminpt.sys
08:22:08.0039 2704 terminpt - ok
08:22:08.0067 2704 [ 2E648163254233755035B46DD7B89123 ] TermService C:\Windows\System32\termsrv.dll
08:22:08.0070 2704 TermService - ok
08:22:08.0082 2704 [ F0344071948D1A1FA732231785A0664C ] Themes C:\Windows\system32\themeservice.dll
08:22:08.0083 2704 Themes - ok
08:22:08.0104 2704 [ E40E80D0304A73E8D269F7141D77250B ] THREADORDER C:\Windows\system32\mmcss.dll
08:22:08.0105 2704 THREADORDER - ok
08:22:08.0130 2704 [ 7E7AFD841694F6AC397E99D75CEAD49D ] TrkWks C:\Windows\System32\trkwks.dll
08:22:08.0132 2704 TrkWks - ok
08:22:08.0169 2704 [ 773212B2AAA24C1E31F10246B15B276C ] TrustedInstaller C:\Windows\servicing\TrustedInstaller.exe
08:22:08.0171 2704 TrustedInstaller - ok
08:22:08.0196 2704 [ CE18B2CDFC837C99E5FAE9CA6CBA5D30 ] tssecsrv C:\Windows\system32\DRIVERS\tssecsrv.sys
08:22:08.0196 2704 tssecsrv - ok
08:22:08.0213 2704 [ D11C783E3EF9A3C52C0EBE83CC5000E9 ] TsUsbFlt C:\Windows\system32\drivers\tsusbflt.sys
08:22:08.0214 2704 TsUsbFlt - ok
08:22:08.0216 2704 [ 9CC2CCAE8A84820EAECB886D477CBCB8 ] TsUsbGD C:\Windows\system32\drivers\TsUsbGD.sys
08:22:08.0217 2704 TsUsbGD - ok
08:22:08.0237 2704 [ E1748D04AE40118B62BC18AC86032192 ] tsusbhub C:\Windows\system32\drivers\tsusbhub.sys
08:22:08.0238 2704 tsusbhub - ok
08:22:08.0262 2704 [ 3566A8DAAFA27AF944F5D705EAA64894 ] tunnel C:\Windows\system32\DRIVERS\tunnel.sys
08:22:08.0263 2704 tunnel - ok
08:22:08.0266 2704 [ B4DD609BD7E282BFC683CEC7EAAAAD67 ] uagp35 C:\Windows\system32\drivers\uagp35.sys
08:22:08.0267 2704 uagp35 - ok
08:22:08.0290 2704 [ FF4232A1A64012BAA1FD97C7B67DF593 ] udfs C:\Windows\system32\DRIVERS\udfs.sys
08:22:08.0294 2704 udfs - ok
08:22:08.0321 2704 [ 3CBDEC8D06B9968ABA702EBA076364A1 ] UI0Detect C:\Windows\system32\UI0Detect.exe
08:22:08.0323 2704 UI0Detect - ok
08:22:08.0334 2704 [ 4BFE1BC28391222894CBF1E7D0E42320 ] uliagpkx C:\Windows\system32\drivers\uliagpkx.sys
08:22:08.0335 2704 uliagpkx - ok
08:22:08.0365 2704 [ DC54A574663A895C8763AF0FA1FF7561 ] umbus C:\Windows\system32\DRIVERS\umbus.sys
08:22:08.0366 2704 umbus - ok
08:22:08.0387 2704 [ B2E8E8CB557B156DA5493BBDDCC1474D ] UmPass C:\Windows\system32\drivers\umpass.sys
08:22:08.0387 2704 UmPass - ok
08:22:08.0407 2704 [ A293DCD756D04D8492A750D03B9A297C ] UmRdpService C:\Windows\System32\umrdp.dll
08:22:08.0409 2704 UmRdpService - ok
08:22:08.0472 2704 [ EB79C6C91A99930015EF29AE7FA802D1 ] UNS C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe
08:22:08.0493 2704 UNS - ok
08:22:08.0539 2704 [ D47EC6A8E81633DD18D2436B19BAF6DE ] upnphost C:\Windows\System32\upnphost.dll
08:22:08.0544 2704 upnphost - ok
08:22:08.0597 2704 [ AA33FC47ED58C34E6E9261E4F850B7EB ] USBAAPL64 C:\Windows\system32\Drivers\usbaapl64.sys
08:22:08.0598 2704 USBAAPL64 - ok
08:22:08.0636 2704 [ 82E8F44688E6FAC57B5B7C6FC7ADBC2A ] usbaudio C:\Windows\system32\drivers\usbaudio.sys
08:22:08.0638 2704 usbaudio - ok
08:22:08.0659 2704 [ 6F1A3157A1C89435352CEB543CDB359C ] usbccgp C:\Windows\system32\DRIVERS\usbccgp.sys
08:22:08.0660 2704 usbccgp - ok
08:22:08.0684 2704 [ AF0892A803FDDA7492F595368E3B68E7 ] usbcir C:\Windows\system32\drivers\usbcir.sys
08:22:08.0686 2704 usbcir - ok
08:22:08.0704 2704 [ C025055FE7B87701EB042095DF1A2D7B ] usbehci C:\Windows\system32\drivers\usbehci.sys
08:22:08.0705 2704 usbehci - ok
08:22:08.0735 2704 [ 287C6C9410B111B68B52CA298F7B8C24 ] usbhub C:\Windows\system32\DRIVERS\usbhub.sys
08:22:08.0739 2704 usbhub - ok
08:22:08.0761 2704 [ 9840FC418B4CBD632D3D0A667A725C31 ] usbohci C:\Windows\system32\drivers\usbohci.sys
08:22:08.0762 2704 usbohci - ok
08:22:08.0772 2704 [ 73188F58FB384E75C4063D29413CEE3D ] usbprint C:\Windows\system32\drivers\usbprint.sys
08:22:08.0772 2704 usbprint - ok
08:22:08.0781 2704 [ FED648B01349A3C8395A5169DB5FB7D6 ] USBSTOR C:\Windows\system32\DRIVERS\USBSTOR.SYS
08:22:08.0783 2704 USBSTOR - ok
08:22:08.0789 2704 [ 62069A34518BCF9C1FD9E74B3F6DB7CD ] usbuhci C:\Windows\system32\drivers\usbuhci.sys
08:22:08.0790 2704 usbuhci - ok
08:22:08.0814 2704 [ EDBB23CBCF2CDF727D64FF9B51A6070E ] UxSms C:\Windows\System32\uxsms.dll
08:22:08.0816 2704 UxSms - ok
08:22:08.0833 2704 [ C118A82CD78818C29AB228366EBF81C3 ] VaultSvc C:\Windows\system32\lsass.exe
08:22:08.0834 2704 VaultSvc - ok
08:22:08.0860 2704 [ C5C876CCFC083FF3B128F933823E87BD ] vdrvroot C:\Windows\system32\drivers\vdrvroot.sys
08:22:08.0860 2704 vdrvroot - ok
08:22:08.0877 2704 [ 8D6B481601D01A456E75C3210F1830BE ] vds C:\Windows\System32\vds.exe
08:22:08.0884 2704 vds - ok
08:22:08.0908 2704 [ DA4DA3F5E02943C2DC8C6ED875DE68DD ] vga C:\Windows\system32\DRIVERS\vgapnp.sys
08:22:08.0908 2704 vga - ok
08:22:08.0919 2704 [ 53E92A310193CB3C03BEA963DE7D9CFC ] VgaSave C:\Windows\System32\drivers\vga.sys
08:22:08.0920 2704 VgaSave - ok
08:22:08.0922 2704 VGPU - ok
08:22:08.0939 2704 [ 2CE2DF28C83AEAF30084E1B1EB253CBB ] vhdmp C:\Windows\system32\drivers\vhdmp.sys
08:22:08.0942 2704 vhdmp - ok
08:22:08.0954 2704 [ E5689D93FFE4E5D66C0178761240DD54 ] viaide C:\Windows\system32\drivers\viaide.sys
08:22:08.0954 2704 viaide - ok
08:22:08.0975 2704 [ 86EA3E79AE350FEA5331A1303054005F ] vmbus C:\Windows\system32\drivers\vmbus.sys
08:22:08.0978 2704 vmbus - ok
08:22:08.0994 2704 [ 7DE90B48F210D29649380545DB45A187 ] VMBusHID C:\Windows\system32\drivers\VMBusHID.sys
08:22:08.0995 2704 VMBusHID - ok
08:22:09.0041 2704 [ A96AFA32F73C065B9AE9D1554CDD00FC ] VNA C:\Windows\system32\DRIVERS\vna.sys
08:22:09.0042 2704 VNA - ok
08:22:09.0057 2704 [ D2AAFD421940F640B407AEFAAEBD91B0 ] volmgr C:\Windows\system32\drivers\volmgr.sys
08:22:09.0058 2704 volmgr - ok
08:22:09.0068 2704 [ A255814907C89BE58B79EF2F189B843B ] volmgrx C:\Windows\system32\drivers\volmgrx.sys
08:22:09.0071 2704 volmgrx - ok
08:22:09.0084 2704 [ 0D08D2F3B3FF84E433346669B5E0F639 ] volsnap C:\Windows\system32\drivers\volsnap.sys
08:22:09.0087 2704 volsnap - ok
08:22:09.0107 2704 [ 5E2016EA6EBACA03C04FEAC5F330D997 ] vsmraid C:\Windows\system32\drivers\vsmraid.sys
08:22:09.0109 2704 vsmraid - ok
08:22:09.0149 2704 [ B60BA0BC31B0CB414593E169F6F21CC2 ] VSS C:\Windows\system32\vssvc.exe
08:22:09.0163 2704 VSS - ok
08:22:09.0180 2704 [ 36D4720B72B5C5D9CB2B9C29E9DF67A1 ] vwifibus C:\Windows\System32\drivers\vwifibus.sys
08:22:09.0181 2704 vwifibus - ok
08:22:09.0196 2704 [ 1C9D80CC3849B3788048078C26486E1A ] W32Time C:\Windows\system32\w32time.dll
08:22:09.0201 2704 W32Time - ok
08:22:09.0211 2704 [ 4E9440F4F152A7B944CB1663D3935A3E ] WacomPen C:\Windows\system32\drivers\wacompen.sys
08:22:09.0212 2704 WacomPen - ok
08:22:09.0237 2704 [ 356AFD78A6ED4457169241AC3965230C ] WANARP C:\Windows\system32\DRIVERS\wanarp.sys
08:22:09.0238 2704 WANARP - ok
08:22:09.0240 2704 [ 356AFD78A6ED4457169241AC3965230C ] Wanarpv6 C:\Windows\system32\DRIVERS\wanarp.sys
08:22:09.0241 2704 Wanarpv6 - ok
08:22:09.0282 2704 [ 3CEC96DE223E49EAAE3651FCF8FAEA6C ] WatAdminSvc C:\Windows\system32\Wat\WatAdminSvc.exe
08:22:09.0292 2704 WatAdminSvc - ok
08:22:09.0330 2704 [ 78F4E7F5C56CB9716238EB57DA4B6A75 ] wbengine C:\Windows\system32\wbengine.exe
08:22:09.0342 2704 wbengine - ok
08:22:09.0356 2704 [ 3AA101E8EDAB2DB4131333F4325C76A3 ] WbioSrvc C:\Windows\System32\wbiosrvc.dll
08:22:09.0359 2704 WbioSrvc - ok
08:22:09.0376 2704 [ 7368A2AFD46E5A4481D1DE9D14848EDD ] wcncsvc C:\Windows\System32\wcncsvc.dll
08:22:09.0381 2704 wcncsvc - ok
08:22:09.0390 2704 [ 20F7441334B18CEE52027661DF4A6129 ] WcsPlugInService C:\Windows\System32\WcsPlugInService.dll
08:22:09.0391 2704 WcsPlugInService - ok
08:22:09.0408 2704 [ 72889E16FF12BA0F235467D6091B17DC ] Wd C:\Windows\system32\drivers\wd.sys
08:22:09.0409 2704 Wd - ok
08:22:09.0462 2704 [ A3D04EBF5227886029B4532F20D026F7 ] WDC_SAM C:\Windows\system32\DRIVERS\wdcsam64.sys
08:22:09.0462 2704 WDC_SAM - ok
08:22:09.0488 2704 [ 441BD2D7B4F98134C3A4F9FA570FD250 ] Wdf01000 C:\Windows\system32\drivers\Wdf01000.sys
08:22:09.0495 2704 Wdf01000 - ok
08:22:09.0513 2704 [ BF1FC3F79B863C914687A737C2F3D681 ] WdiServiceHost C:\Windows\system32\wdi.dll
08:22:09.0524 2704 WdiServiceHost - ok
08:22:09.0543 2704 [ BF1FC3F79B863C914687A737C2F3D681 ] WdiSystemHost C:\Windows\system32\wdi.dll
08:22:09.0546 2704 WdiSystemHost - ok
08:22:09.0580 2704 [ 3DB6D04E1C64272F8B14EB8BC4616280 ] WebClient C:\Windows\System32\webclnt.dll
08:22:09.0596 2704 WebClient - ok
08:22:09.0615 2704 [ C749025A679C5103E575E3B48E092C43 ] Wecsvc C:\Windows\system32\wecsvc.dll
08:22:09.0620 2704 Wecsvc - ok
08:22:09.0635 2704 [ 7E591867422DC788B9E5BD337A669A08 ] wercplsupport C:\Windows\System32\wercplsupport.dll
08:22:09.0638 2704 wercplsupport - ok
08:22:09.0657 2704 [ 6D137963730144698CBD10F202E9F251 ] WerSvc C:\Windows\System32\WerSvc.dll
08:22:09.0660 2704 WerSvc - ok
08:22:09.0691 2704 [ 611B23304BF067451A9FDEE01FBDD725 ] WfpLwf C:\Windows\system32\DRIVERS\wfplwf.sys
08:22:09.0692 2704 WfpLwf - ok
08:22:09.0709 2704 [ 05ECAEC3E4529A7153B3136CEB49F0EC ] WIMMount C:\Windows\system32\drivers\wimmount.sys
08:22:09.0710 2704 WIMMount - ok
08:22:09.0737 2704 WinDefend - ok
08:22:09.0744 2704 WinHttpAutoProxySvc - ok
08:22:09.0781 2704 [ 19B07E7E8915D701225DA41CB3877306 ] Winmgmt C:\Windows\system32\wbem\WMIsvc.dll
08:22:09.0785 2704 Winmgmt - ok
08:22:09.0835 2704 [ BCB1310604AA415C4508708975B3931E ] WinRM C:\Windows\system32\WsmSvc.dll
08:22:09.0857 2704 WinRM - ok
08:22:09.0918 2704 [ FE88B288356E7B47B74B13372ADD906D ] WinUsb C:\Windows\system32\DRIVERS\WinUsb.sys
08:22:09.0920 2704 WinUsb - ok
08:22:09.0948 2704 [ 4FADA86E62F18A1B2F42BA18AE24E6AA ] Wlansvc C:\Windows\System32\wlansvc.dll
08:22:09.0961 2704 Wlansvc - ok
08:22:09.0986 2704 [ F6FF8944478594D0E414D3F048F0D778 ] WmiAcpi C:\Windows\system32\drivers\wmiacpi.sys
08:22:09.0987 2704 WmiAcpi - ok
08:22:10.0013 2704 [ 38B84C94C5A8AF291ADFEA478AE54F93 ] wmiApSrv C:\Windows\system32\wbem\WmiApSrv.exe
08:22:10.0016 2704 wmiApSrv - ok
08:22:10.0046 2704 WMPNetworkSvc - ok
08:22:10.0085 2704 [ B5BD872122A2CE82D196ABF2D5D8D80A ] WMSVC C:\Windows\system32\inetsrv\wmsvc.exe
08:22:10.0085 2704 WMSVC - ok
08:22:10.0104 2704 [ 96C6E7100D724C69FCF9E7BF590D1DCA ] WPCSvc C:\Windows\System32\wpcsvc.dll
08:22:10.0107 2704 WPCSvc - ok
08:22:10.0118 2704 [ 93221146D4EBBF314C29B23CD6CC391D ] WPDBusEnum C:\Windows\system32\wpdbusenum.dll
08:22:10.0122 2704 WPDBusEnum - ok
08:22:10.0129 2704 [ 6BCC1D7D2FD2453957C5479A32364E52 ] ws2ifsl C:\Windows\system32\drivers\ws2ifsl.sys
08:22:10.0130 2704 ws2ifsl - ok
08:22:10.0155 2704 [ E8B1FE6669397D1772D8196DF0E57A9E ] wscsvc C:\Windows\system32\wscsvc.dll
08:22:10.0159 2704 wscsvc - ok
08:22:10.0162 2704 WSearch - ok
08:22:10.0210 2704 [ 9DF12EDBC698B0BC353B3EF84861E430 ] wuauserv C:\Windows\system32\wuaueng.dll
08:22:10.0236 2704 wuauserv - ok
08:22:10.0257 2704 [ D3381DC54C34D79B22CEE0D65BA91B7C ] WudfPf C:\Windows\system32\drivers\WudfPf.sys
08:22:10.0259 2704 WudfPf - ok
08:22:10.0286 2704 [ CF8D590BE3373029D57AF80914190682 ] WUDFRd C:\Windows\system32\DRIVERS\WUDFRd.sys
08:22:10.0290 2704 WUDFRd - ok
08:22:10.0308 2704 [ 7A95C95B6C4CF292D689106BCAE49543 ] wudfsvc C:\Windows\System32\WUDFSvc.dll
08:22:10.0311 2704 wudfsvc - ok
08:22:10.0321 2704 [ 9A3452B3C2A46C073166C5CF49FAD1AE ] WwanSvc C:\Windows\System32\wwansvc.dll
08:22:10.0326 2704 WwanSvc - ok
08:22:10.0358 2704 ================ Scan global ===============================
08:22:10.0372 2704 [ BA0CD8C393E8C9F83354106093832C7B ] C:\Windows\system32\basesrv.dll
08:22:10.0395 2704 [ EB6A48CC998E1090E44E8E7F1009A640 ] C:\Windows\system32\winsrv.dll
08:22:10.0405 2704 [ EB6A48CC998E1090E44E8E7F1009A640 ] C:\Windows\system32\winsrv.dll
08:22:10.0427 2704 [ D6160F9D869BA3AF0B787F971DB56368 ] C:\Windows\system32\sxssrv.dll
08:22:10.0458 2704 [ 24ACB7E5BE595468E3B9AA488B9B4FCB ] C:\Windows\system32\services.exe
08:22:10.0460 2704 [Global] - ok
08:22:10.0460 2704 ================ Scan MBR ==================================
08:22:10.0469 2704 [ A36C5E4F47E84449FF07ED3517B43A31 ] \Device\Harddisk0\DR0
08:22:10.0631 2704 \Device\Harddisk0\DR0 - ok
08:22:10.0631 2704 ================ Scan VBR ==================================
08:22:10.0633 2704 [ 89D0B485DF0672E73F91E7FBC50C8FCC ] \Device\Harddisk0\DR0\Partition1
08:22:10.0634 2704 \Device\Harddisk0\DR0\Partition1 - ok
08:22:10.0645 2704 [ 7F3ACB2C060FCC70EE82ADBDD196228E ] \Device\Harddisk0\DR0\Partition2
08:22:10.0646 2704 \Device\Harddisk0\DR0\Partition2 - ok
08:22:10.0646 2704 ============================================================
08:22:10.0646 2704 Scan finished
08:22:10.0646 2704 ============================================================
08:22:10.0653 5364 Detected object count: 0
08:22:10.0653 5364 Actual detected object count: 0

#12 GarethD

GarethD
  • Topic Starter

  • Members
  • 11 posts
  • OFFLINE
  •  
  • Local time:01:03 PM

Posted 28 September 2012 - 02:49 AM

aswMBR works for about 10 mins then crashes out, error box reas avast! Antirootkit has stopped working.

#13 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:01:03 PM

Posted 28 September 2012 - 12:25 PM

Greetings GarethD

At this time I would like you to run this script for me and it is a good time to check out the computer to see if there is anything else that needs to be addressed.

:Run CFScript:

Open Notepad and copy/paste the text in the box into the window:

ClearJavaCache::

Save it to your desktop as CFScript.txt

Refering to the picture above, drag CFScript.txt into ComboFix.exe
Posted Image
This will let ComboFix run again.
Restart if you have to.
Save the produced logfile to your desktop.

Note: Do not mouseclick combofix's window whilst it's running. That may cause it to stall

Note 2: If you recieve an error "Illegal operation attempted on a registery key that has been marked for deletion." Please restart the computer

"information and logs"

  • In your next post I need the following

  • report from Combofix
  • let me know of any problems you may have had
  • How is the computer doing now after running the script?

Gringo

I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#14 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:01:03 PM

Posted 02 October 2012 - 02:12 AM

Greetings


I have not heard from you in a couple of days so I am coming by to check on you to see if you are having problems or you just need some more time.

Also to remind you that it is very important that we finish the process completely so as to not get reinfected. I will let you know when we are complete and I will ask to remove our tools




Gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#15 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:01:03 PM

Posted 05 October 2012 - 05:33 AM

Hello

48 Hour bump

It has been more than 48 hours since my last post.

  • do you still need help with this?
  • do you need more time?
  • are you having problems following my instructions?
  • if after 48hrs you have not replied to this thread then it will have to be closed!

Gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users