Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

I believe I am infected with zeroaccess among others...


  • This topic is locked This topic is locked
12 replies to this topic

#1 teemell

teemell

  • Members
  • 11 posts
  • OFFLINE
  •  
  • Local time:08:45 PM

Posted 27 March 2014 - 01:58 PM

Hello

 

I am running a 32 bit Windows XP machine, that I believe is infected with zero access.

The computer is very slow and sometimes shuts downs.  Sometimes programs will not open either.

I have run certain tools to correct this, but I still believe there is a problem.  When I run Rkill it clearly states that there are symptoms of zero access, that is why I think that is the problem.

 

Any help will be greatly appreciated!!

 

 

 

Here is the DDS.txt:

 

DDS (Ver_2012-11-20.01) - NTFS_x86 
Internet Explorer: 8.0.6001.18702
Run by Administrator at 13:53:06 on 2014-03-27
Microsoft Windows XP Professional  5.1.2600.3.1252.1.1033.18.3475.2270 [GMT -5:00]
.
AV: Trend Micro Core Protection Module *Enabled/Updated* {4CA5B9AB-4295-4D4C-9664-0EBE85AE0525}
.
============== Running Processes ================
.
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\BigFix Enterprise\BES Client\BESClient.exe
C:\Program Files\Canon\imagePROGRAFStatusMonitor\cnwisam.exe
C:\Program Files\Common Files\EFI\EFI ES-1000 Service\ES1000Service.exe
C:\Program Files\EFI\OFASQ\lmgrd.exe
C:\Program Files\Common Files\EFI\EFI ES-1000 Service\ES1000Server.exe
C:\Program Files\Fiery\Applications3\Fiery Bridge\x86\MailboxSyncService.exe
C:\Program Files\EFI\OFASQ\lmgrd.exe
C:\Program Files\Intel\iCLS Client\HeciServer.exe
C:\WINDOWS\system32\IProsetMonitor.exe
C:\Program Files\ISS\Bin\App\ISSERSRouterShim.exe
C:\Program Files\ISS\Bin\App\ERSRouterHelper.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\Intel\Intel® Management Engine Components\DAL\jhi_service.exe
C:\Program Files\Common Files\LightScribe\LSSrvc.exe
C:\Program Files\LogMeIn\x86\LMIGuardianSvc.exe
C:\Program Files\LogMeIn\x86\RaMaint.exe
C:\Program Files\Intel\Intel® Management Engine Components\LMS\LMS.exe
C:\Program Files\Microsoft SQL Server\MSSQL$MBE\Binn\sqlservr.exe
C:\Program Files\Trend Micro\OfficeScan Client\ntrtscan.exe
C:\Program Files\EFI\OFASQ\ofaApp.exe
C:\Program Files\Common Files\Intuit\QuickBooks\QBCFMonitorService.exe
C:\Program Files\Common Files\Intuit\DataProtect\QBIDPService.exe
C:\Program Files\Trend Micro\Core Protection Module\TMCPMAdapter.exe
C:\WINDOWS\system32\wdfmgr.exe
C:\Program Files\Intel\Intel® Management Engine Components\UNS\UNS.exe
C:\WINDOWS\system32\wbem\wmiapsrv.exe
C:\WINDOWS\system32\SearchIndexer.exe
C:\Program Files\LogMeIn\x86\LogMeIn.exe
C:\Program Files\Trend Micro\OfficeScan Client\tmlisten.exe
C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
C:\Program Files\ISS Trace\Bin\ISSTraceMonitorHost.exe
C:\WINDOWS\System32\alg.exe
C:\Program Files\ISS Trace\Bin\ISSRetailTraceServer.exe
C:\Program Files\ISS Messaging\Bin\ISS.Messaging.Shell.NTService.exe
C:\Program Files\Trend Micro\OfficeScan Client\CNTAoSMgr.exe
C:\WINDOWS\system32\wscntfy.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\hkcmd.exe
C:\Program Files\Adobe\Acrobat 11.0\Acrobat\Acrotray.exe
C:\Program Files\Canon\imagePROGRAFStatusMonitor\cnwida.exe
C:\Program Files\LogMeIn\x86\LogMeInSystray.exe
C:\Program Files\Trend Micro\OfficeScan Client\TmProxy.exe
C:\Program Files\Trend Micro\OfficeScan Client\pccntmon.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Documents and Settings\Administrator\Local Settings\Application Data\VNT\vntldr.exe
C:\Program Files\ISS\bin\system\service_start.exe
C:\Program Files\BigFix Enterprise\BES Client\BESClientUI.exe
C:\Program Files\ISS\Bin\System\ISSTraceServer.exe
C:\Program Files\ISS\Bin\System\CheckPrimaryStatus.exe
C:\Program Files\Common Files\Intuit\QuickBooks\QBUpdate\qbupdate.exe
C:\Program Files\MBE\TaskMgr\TaskComplete.exe
C:\Program Files\Windows Desktop Search\WindowsSearch.exe
C:\Program Files\Evernote\Evernote\EvernoteClipper.exe
C:\Program Files\ISS\Bin\App\ISSQIPC1Service.exe
C:\Program Files\ISS\Bin\App\ISSQIPC3Service.exe
C:\Program Files\ISS\Bin\App\ISSEncryptionService.exe
C:\Program Files\ISS\Bin\App\Watcher.exe
C:\PROGRAM FILES\ISS\BIN\APP\TASKLISTENER.EXE
C:\Program Files\ISS Trace\Bin\ISSTraceFileMaintenance.exe
C:\Program Files\ISS\Bin\App\ISSHealthCheck.exe
C:\Program Files\Trend Micro\BM\TMBMSRV.exe
C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE
C:\WINDOWS\system32\dllhost.exe
C:\WINDOWS\system32\msdtc.exe
C:\Program Files\Google\Chrome\Application\chrome.exe
C:\Program Files\Google\Chrome\Application\chrome.exe
C:\Program Files\Google\Chrome\Application\chrome.exe
C:\Program Files\Google\Chrome\Application\chrome.exe
C:\Program Files\Google\Chrome\Application\chrome.exe
C:\WINDOWS\system32\SearchProtocolHost.exe
C:\WINDOWS\system32\SearchFilterHost.exe
C:\WINDOWS\system32\wbem\wmiprvse.exe
C:\WINDOWS\system32\svchost.exe -k DcomLaunch
C:\WINDOWS\system32\svchost.exe -k rpcss
C:\WINDOWS\System32\svchost.exe -k netsvcs
C:\WINDOWS\system32\svchost.exe -k NetworkService
C:\WINDOWS\system32\svchost.exe -k LocalService
C:\WINDOWS\system32\svchost.exe -k LocalService
C:\WINDOWS\system32\svchost.exe -k imgsvc
C:\WINDOWS\system32\svchost.exe -k netsvcs
C:\WINDOWS\System32\svchost.exe -k HTTPFilter
C:\WINDOWS\system32\svchost.exe -k p2psvc
.
============== Pseudo HJT Report ===============
.
uStart Page = about:blank
mStart Page = about:blank
uInternet Connection Wizard,ShellNext = wmplayer.exe //ICWLaunch
BHO: Java™ Plug-In SSV Helper: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - c:\program files\java\jre6\bin\ssv.dll
BHO: Evernote extension: {92EF2EAD-A7CE-4424-B0DB-499CF856608E} - c:\program files\evernote\evernote\EvernoteIE.dll
BHO: Adobe Acrobat Create PDF Helper: {AE7CD045-E861-484f-8273-0445EE161910} - c:\program files\common files\adobe\acrobat\wcieactivex\AcroIEFavClient.dll
BHO: Office Document Cache Handler: {B4F3A835-0E21-4959-BA22-42B3008E02FF} - c:\program files\microsoft office\office14\URLREDIR.DLL
BHO: Java™ Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - c:\program files\java\jre6\bin\jp2ssv.dll
BHO: JQSIEStartDetectorImpl Class: {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - c:\program files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
BHO: Adobe Acrobat Create PDF from Selection: {F4971EE7-DAA0-4053-9964-665D8EE6A077} - c:\program files\common files\adobe\acrobat\wcieactivex\AcroIEFavClient.dll
TB: Adobe Acrobat Create PDF Toolbar: {47833539-D0C5-4125-9FA8-0819E2EAAC93} - c:\program files\common files\adobe\acrobat\wcieactivex\AcroIEFavClient.dll
TB: Adobe Acrobat Create PDF Toolbar: {47833539-D0C5-4125-9FA8-0819E2EAAC93} - c:\program files\common files\adobe\acrobat\wcieactivex\AcroIEFavClient.dll
uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe
mRun: [IMSS] "c:\program files\intel\intel® management engine components\imss\PIconStartup.exe"
mRun: [HotKeysCmds] c:\windows\system32\hkcmd.exe
mRun: [Intuit SyncManager] c:\program files\common files\intuit\sync\IntuitSyncManager.exe  startup
mRun: [AdobeAAMUpdater-1.0] "c:\program files\common files\adobe\oobe\pdapp\uwa\UpdaterStartupUtility.exe"
mRun: [Adobe ARM] "c:\program files\common files\adobe\arm\1.0\AdobeARM.exe"
mRun: [Acrobat Assistant 8.0] "c:\program files\adobe\acrobat 11.0\acrobat\Acrotray.exe"
mRun: [POSStartUp] cmd /c start /min cscript.exe /nologo "\Program Files\ISS\Bin\App\BackofficeStartup.vbs"
mRun: [CnwiDeviceAgent] c:\program files\canon\imageprografstatusmonitor\cnwida.exe
mRun: [SunJavaUpdateSched] "c:\program files\common files\java\java update\jusched.exe"
mRun: [LogMeIn GUI] "c:\program files\logmein\x86\LogMeInSystray.exe"
mRun: [BCSSync] "c:\program files\microsoft office\office14\BCSSync.exe" /DelayServices
mRun: [OfficeScanNT Monitor] "c:\program files\trend micro\officescan client\pccntmon.exe" -HideWindow
mRun: [VNT] c:\program files\vnt\vntldr.exe
StartupFolder: c:\docume~1\admini~1\startm~1\programs\startup\everno~1.lnk - c:\program files\evernote\evernote\EvernoteClipper.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\imagep~1.lnk - c:\program files\canon\imageprografstatusmonitor\cnwism.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\intuit~1.lnk - c:\program files\common files\intuit\dataprotect\IntuitDataProtect.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\quickb~2.lnk - c:\program files\common files\intuit\quickbooks\qbupdate\qbupdate.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\quickb~1.lnk - c:\program files\intuit\quickbooks 2012\QBW32.EXE
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\taskco~1.lnk - c:\windows\installer\{a40b873d-3c31-4831-a3a9-c24d82854936}\_B4081805E577118B335947.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\window~1.lnk - c:\program files\windows desktop search\WindowsSearch.exe
uPolicies-Explorer: NoDriveTypeAutoRun = dword:323
uPolicies-Explorer: NoDriveAutoRun = dword:67108863
uPolicies-Explorer: NoDrives = dword:0
mPolicies-Explorer: NoDriveAutoRun = dword:67108863
mPolicies-Explorer: NoDriveTypeAutoRun = dword:323
mPolicies-Explorer: NoDrives = dword:0
mPolicies-Explorer: NoDriveTypeAutoRun = dword:323
mPolicies-Explorer: NoDriveAutoRun = dword:67108863
IE: Append Link Target to Existing PDF - c:\program files\common files\adobe\acrobat\wcieactivex\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
IE: Append to Existing PDF - c:\program files\common files\adobe\acrobat\wcieactivex\AcroIEFavClient.dll/AcroIEAppend.html
IE: Clip Image - c:\program files\evernote\evernote\\evernoteieres\Clip.html?clipAction=4
IE: Clip selection - c:\program files\evernote\evernote\\evernoteieres\Clip.html?clipAction=3
IE: Clip this page - c:\program files\evernote\evernote\\evernoteieres\Clip.html?clipAction=1
IE: Clip URL - c:\program files\evernote\evernote\\evernoteieres\Clip.html?clipAction=0
IE: Convert Link Target to Adobe PDF - c:\program files\common files\adobe\acrobat\wcieactivex\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
IE: Convert to Adobe PDF - c:\program files\common files\adobe\acrobat\wcieactivex\AcroIEFavClient.dll/AcroIECapture.html
IE: E&xport to Microsoft Excel - c:\progra~1\micros~3\office14\EXCEL.EXE/3000
IE: New Note - c:\program files\evernote\evernote\\evernoteieres\NewNote.html
IE: Se&nd to OneNote - c:\progra~1\micros~3\office14\ONBttnIE.dll/105
IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - c:\program files\microsoft office\office14\ONBttnIE.dll
IE: {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - {FFFDC614-B694-4AE6-AB38-5D6374584B52} - c:\program files\microsoft office\office14\ONBttnIELinkedNotes.dll
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503}
IE: {A95fe080-8f5d-11d2-a20b-00aa003c157a} - c:\program files\evernote\evernote\\evernoteieres\AddNote.html
IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
Trusted Zone: adobe.com
Trusted Zone: hpeprintservice.com
Trusted Zone: iship.com
Trusted Zone: mbe.com
Trusted Zone: adobe.com
Trusted Zone: hpeprintservice.com
Trusted Zone: iship.com
Trusted Zone: mbe.com
DPF: Microsoft XML Parser for Java - file:///C:/WINDOWS/Java/classes/xmldso.cab
DPF: {4392B188-CBA7-4CA8-A24F-31B378B3F4B5} - hxxps://iship.com/pss013081/cabbin/msi_axm.cab
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_35-windows-i586.cab
DPF: {B25AB9F1-B8A2-4072-8964-00C7EDF99750} - hxxps://share.thecdmgroup.com/COM/MOVEitUploadWizard7.0.0.ocx
DPF: {CAFEEFAC-0016-0000-0035-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_35-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_35-windows-i586.cab
DPF: {D25A9538-F962-4501-9E68-D7C3DDECB148} - hxxp://12.219.81.160/template/xWebView2.cab
DPF: {E06E2E99-0AA1-11D4-ABA6-0060082AA75C} - hxxps://paychexeservices.webex.com/client/WBXclient-T28L10NSP10EP1-16277/training/ieatgpc.cab
DPF: {FD0B6769-6490-4A91-AA0A-B5AE0DC75AC9} - hxxps://secure.logmein.com//activex/ractrl.cab?lmi=1058
TCP: Interfaces\{993938FD-99B0-42FF-8158-B9D82041B8D9} : NameServer = 4.2.2.1,8.8.8.8
Filter: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - c:\program files\common files\microsoft shared\office14\MSOXMLMF.DLL
Handler: intu-help-qb5 - {867FCB77-9823-4cd6-8210-D85F968D466F} - c:\program files\intuit\quickbooks 2012\HelpAsyncPluggableProtocol.dll
Handler: qbwc - {FC598A64-626C-4447-85B8-53150405FD57} - 
Notify: GoToAssist - c:\program files\citrix\gotoassist\822\G2AWinLogon.dll
Notify: igfxcui - igfxdev.dll
Notify: LMIinit - LMIinit.dll
SEH: Windows Desktop Search Namespace Manager - {56F9679E-7826-4C84-81F3-532071A8BCC5} - c:\program files\windows desktop search\MSNLNamespaceMgr.dll
mASetup: {10880D85-AAD9-4558-ABDC-2AB1552D831F} - "c:\program files\common files\lightscribe\LSRunOnce.exe"
mASetup: {8A69D345-D564-463c-AFF1-A69D9E530F96} - "c:\program files\google\chrome\application\33.0.1750.154\installer\chrmstp.exe" --configure-user-settings --verbose-logging --system-level --multi-install --chrome
.
============= SERVICES / DRIVERS ===============
.
R2 Canon imagePROGRAF Status Monitor;Canon imagePROGRAF Status Monitor;c:\program files\canon\imageprografstatusmonitor\cnwisam.exe -service --> c:\program files\canon\imageprografstatusmonitor\cnwisam.exe -service [?]
R2 EFI ES1000;EFI ES1000;c:\program files\common files\efi\efi es-1000 service\ES1000Service.exe [2012-12-21 11776]
R2 EFI License Manager;EFI License Manager;c:\program files\efi\ofasq\lmgrd.exe [2012-12-21 1406800]
R2 Fiery Bridge Mailbox Synchronization;Fiery Bridge Mailbox Synchronization;c:\program files\fiery\applications3\fiery bridge\x86\MailboxSyncService.exe [2012-12-21 114688]
R2 Intel® Capability Licensing Service Interface;Intel® Capability Licensing Service Interface;c:\program files\intel\icls client\HeciServer.exe [2012-2-3 458464]
R2 Intel® PROSet Monitoring Service;Intel® PROSet Monitoring Service;c:\windows\system32\IPROSetMonitor.exe [2012-8-1 132768]
R2 ISSERSRouterShim;ISS ERS Router Shim;c:\program files\iss\bin\app\ISSERSRouterShim.exe [2005-4-12 8704]
R2 jhi_service;Intel® Dynamic Application Loader Host Interface Service;c:\program files\intel\intel® management engine components\dal\Jhi_service.exe [2012-8-1 161560]
R2 LMIGuardianSvc;LMIGuardianSvc;c:\program files\logmein\x86\LMIGuardianSvc.exe [2012-12-18 375120]
R2 LMIInfo;LogMeIn Kernel Information Provider;c:\program files\logmein\x86\rainfo.sys [2012-11-29 13624]
R2 LMIRfsDriver;LogMeIn Remote File System Driver;c:\windows\system32\drivers\LMIRfsDriver.sys [2012-12-28 47640]
R2 MSSQL$MBE;MSSQL$MBE;c:\program files\microsoft sql server\mssql$mbe\binn\sqlservr.exe -smbe --> c:\program files\microsoft sql server\mssql$mbe\binn\sqlservr.exe -sMBE [?]
R2 ofaApp;ofaApp;c:\program files\efi\ofasq\ofaApp.exe [2012-12-21 2233856]
R2 QBVSS;QBIDPService;c:\program files\common files\intuit\dataprotect\QBIDPService.exe [2011-12-6 1248256]
R2 TMAdptrSvr;Trend Micro Adapter Service;c:\program files\trend micro\core protection module\TMCPMAdapter.exe [2013-2-5 1092880]
R2 tmevtmgr;tmevtmgr;c:\windows\system32\drivers\tmevtmgr.sys [2013-5-16 62728]
R2 TmFilter;Trend Micro Filter;c:\program files\trend micro\officescan client\TmXpflt.sys [2012-11-2 263968]
R2 TmPreFilter;Trend Micro PreFilter;c:\program files\trend micro\officescan client\TmPreflt.sys [2012-11-2 36128]
R2 UNS;Intel® Management and Security Application User Notification Service;c:\program files\intel\intel® management engine components\uns\UNS.exe [2012-8-1 363800]
R3 IFXTPM;IFXTPM;c:\windows\system32\drivers\ifxtpm.sys [2008-7-23 44800]
R3 IntcDAud;Intel® Display Audio;c:\windows\system32\drivers\IntcDAud.sys [2012-8-1 270080]
R3 ISSLoader;ISSLoader;c:\program files\iss\bin\system\Service_Start.exe [2004-3-4 57344]
R3 ISSMessaging;ISS Messaging Service;c:\program files\iss messaging\bin\ISS.Messaging.Shell.NTService.exe [2006-5-10 20480]
R3 ISSTracing;ISS Retail Trace Server;c:\program files\iss trace\bin\ISSRetailTraceServer.exe [2006-4-24 36864]
R3 ISSTracingMaint;ISS Trace File Maintenance;c:\program files\iss trace\bin\ISSTraceFileMaintenance.exe [2004-4-23 28672]
R3 ISSTracingMon;ISS Trace Monitor Host;c:\program files\iss trace\bin\ISSTraceMonitorHost.exe [2004-4-2 24576]
R3 MEI;Intel® Management Engine Interface ;c:\windows\system32\drivers\HECI.sys [2012-8-1 46080]
R3 TmProxy;OfficeScan NT Proxy Service;c:\program files\trend micro\officescan client\TmProxy.exe [2012-8-8 689712]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\microsoft.net\framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
S2 ISSStartServices;ISSStartServices;c:\program files\iss\bin\system\StartServices.exe [2004-11-9 65536]
S3 hasplms;Sentinel HASP License Manager;c:\windows\system32\hasplms.exe  -run --> c:\windows\system32\hasplms.exe  -run [?]
S3 MBE Service Host_Customer;MBE Service Host_Customer;c:\program files\mbe\service host\Mbe.Wcf.Services.Host.exe [2009-8-12 32768]
S3 MBE Service Host_MBMService;MBE Service Host_MBMService;c:\program files\mbe\service host\Mbe.Wcf.Services.Host.exe [2009-8-12 32768]
S3 RoxMediaDB10;RoxMediaDB10;c:\program files\common files\roxio shared\10.0\sharedcom\RoxMediaDB10.exe [2009-6-13 1120752]
S3 SQLAgent$MBE;SQLAgent$MBE;c:\program files\microsoft sql server\mssql$mbe\binn\sqlagent.exe -i mbe --> c:\program files\microsoft sql server\mssql$mbe\binn\sqlagent.EXE -i MBE [?]
S3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;c:\windows\microsoft.net\framework\v4.0.30319\wpf\WPFFontCache_v0400.exe [2010-3-18 753504]
S4 LMIRfsClientNP;LMIRfsClientNP; [x]
.
=============== Created Last 30 ================
.
2014-03-27 14:22:26 -------- d-s---w- C:\peanuts
2014-03-26 01:17:42 -------- d-----w- C:\ComboFix
2014-03-25 22:51:47 -------- d-----w- C:\AdwCleaner
2014-03-25 19:19:30 -------- d-----w- c:\documents and settings\all users\application data\SMR410
2014-03-25 19:19:19 -------- d-----w- c:\documents and settings\all users\application data\Norton
2014-03-25 19:19:19 -------- d-----w- c:\documents and settings\administrator\local settings\application data\NPE
2014-03-25 15:58:37 -------- d-----w- c:\windows\ERUNT
2014-03-25 15:40:06 107736 ----a-w- c:\windows\system32\drivers\MBAMSwissArmy.sys
2014-03-17 16:26:36 5632 ----a-w- c:\windows\system32\ptpusb.dll
2014-03-17 16:26:36 159232 ----a-w- c:\windows\system32\ptpusd.dll
.
==================== Find3M  ====================
.
2014-03-25 23:16:41 290376 ----a-w- c:\windows\system32\drivers\tmcomm.sys
2014-02-24 11:46:36 920064 ----a-w- c:\windows\system32\wininet.dll
2014-02-24 11:45:58 43520 ----a-w- c:\windows\system32\licmgr10.dll
2014-02-24 11:45:57 1469440 ----a-w- c:\windows\system32\inetcpl.cpl
2014-02-24 11:45:42 18944 ----a-w- c:\windows\system32\corpol.dll
2014-02-24 10:54:21 385024 ----a-w- c:\windows\system32\html.iec
2014-02-07 02:01:37 1879040 ----a-w- c:\windows\system32\win32k.sys
2014-02-05 08:55:04 562688 ----a-w- c:\windows\system32\qedit.dll
2014-01-22 19:07:55 86888 ----a-w- c:\windows\system32\LMIRfsClientNP.dll
2014-01-22 19:07:55 53064 ----a-w- c:\windows\system32\spool\prtprocs\w32x86\LMIproc.dll
2014-01-22 19:07:54 85832 ----a-w- c:\windows\system32\LMIinit.dll
2014-01-22 19:07:54 31560 ----a-w- c:\windows\system32\LMIport.dll
2014-01-04 03:13:05 420864 ----a-w- c:\windows\system32\vbscript.dll
.
============= FINISH: 13:53:26.51 ===============
 

 

Attached Files



BC AdBot (Login to Remove)

 


#2 RPMcMurphy

RPMcMurphy

    Bleeping *^#@%~


  • Malware Response Team
  • 3,970 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:09:45 PM

Posted 28 March 2014 - 06:29 PM

Hello and welcome.  Please follow these guidelines while we work on your PC:

  • Malware removal is a sometimes lengthy and tedious process. Please stick with the thread until I’ve given you the “All clear.”  Absence of symptoms does not mean your machine is clean!
  • Please do not run any scans or install/uninstall any applications without being directed to do so.
  • Please note that the forum is very busy and if I don't hear from you within five days this thread will be closed.

icon11.gif   Please download Farbar Recovery Scan Tool and save it to your desktop.

Note: You need to run the version compatibale with your system. If you are not sure which version applies to your system download both of them and try to run them. Only one of them will run on your system, that will be the right version.
  • Double-click to run it. When the tool opens click Yes to disclaimer.
  • Press Scan button.
  • It will make a log (FRST.txt) in the same directory the tool is run. Please copy and paste it to your reply.
  • The first time the tool is run, it makes also another log (Addition.txt). Please attach it to your reply.


Threads are closed after 5 days of inactivity.

ASAP & UNITE Member


The help you receive here is free. If you wish to show your appreciation, then you may btn_donate_SM.gif


#3 teemell

teemell
  • Topic Starter

  • Members
  • 11 posts
  • OFFLINE
  •  
  • Local time:08:45 PM

Posted 30 March 2014 - 11:10 PM

Thank you for your help.  I will not be back at this computer until Tuesday, but I will be back!



#4 teemell

teemell
  • Topic Starter

  • Members
  • 11 posts
  • OFFLINE
  •  
  • Local time:08:45 PM

Posted 01 April 2014 - 12:07 PM

Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version: 13-03-2014  01
Ran by Administrator (administrator) on BOM5905A on 01-04-2014 12:02:25
Running from C:\Documents and Settings\Administrator\Desktop
Microsoft Windows XP Professional Service Pack 3 (X86) OS Language: English(US)
Internet Explorer Version 8
Boot Mode: Normal
 
The only official download link for FRST:
Download link from any site other than Bleeping Computer is unpermitted or outdated.
 
==================== Processes (Whitelisted) =================
 
(IBM Corp.) C:\Program Files\BigFix Enterprise\BES Client\BESClient.exe
(CANON INC) C:\Program Files\Canon\imagePROGRAFStatusMonitor\cnwisam.exe
(Electronics for Imaging, Inc.) C:\Program Files\Common Files\EFI\EFI ES-1000 Service\ES1000Service.exe
(Flexera Software, Inc.) C:\Program Files\EFI\OFASQ\lmgrd.exe
(Electronics for Imaging, Inc.) C:\Program Files\Common Files\EFI\EFI ES-1000 Service\ES1000Server.exe
(Electronics For Imaging) C:\Program Files\Fiery\Applications3\Fiery Bridge\x86\MailboxSyncService.exe
(Flexera Software, Inc.) C:\Program Files\EFI\OFASQ\lmgrd.exe
(Intel® Corporation) C:\Program Files\Intel\iCLS Client\HeciServer.exe
(Intel Corporation) C:\WINDOWS\system32\IProsetMonitor.exe
(ISS Retail, Inc.) C:\Program Files\ISS\Bin\App\ISSERSRouterShim.exe
(ISS Retail, Inc.) C:\Program Files\ISS\Bin\App\ERSRouterHelper.exe
(Sun Microsystems, Inc.) C:\Program Files\Java\jre6\bin\jqs.exe
(Intel Corporation) C:\Program Files\Intel\Intel® Management Engine Components\DAL\jhi_service.exe
(Hewlett-Packard Company) C:\Program Files\Common Files\LightScribe\LSSrvc.exe
(LogMeIn, Inc.) C:\Program Files\LogMeIn\x86\LMIGuardianSvc.exe
(LogMeIn, Inc.) C:\Program Files\LogMeIn\x86\RaMaint.exe
(Intel Corporation) C:\Program Files\Intel\Intel® Management Engine Components\LMS\LMS.exe
(Microsoft Corporation) C:\Program Files\Microsoft SQL Server\MSSQL$MBE\Binn\sqlservr.exe
(Trend Micro Inc.) C:\Program Files\Trend Micro\OfficeScan Client\ntrtscan.exe
() C:\Program Files\EFI\OFASQ\ofaApp.exe
(Intuit) C:\Program Files\Common Files\Intuit\QuickBooks\QBCFMonitorService.exe
(Intuit Inc.) C:\Program Files\Common Files\Intuit\DataProtect\QBIDPService.exe
(Trend Micro Inc.) C:\Program Files\Trend Micro\Core Protection Module\TMCPMAdapter.exe
(Intel Corporation) C:\Program Files\Intel\Intel® Management Engine Components\UNS\UNS.exe
(Microsoft Corporation) C:\WINDOWS\system32\wscntfy.exe
(LogMeIn, Inc.) C:\Program Files\LogMeIn\x86\LogMeIn.exe
(Trend Micro Inc.) C:\Program Files\Trend Micro\OfficeScan Client\tmlisten.exe
(Intel Corporation) C:\WINDOWS\system32\hkcmd.exe
(Adobe Systems Inc.) C:\Program Files\Adobe\Acrobat 11.0\Acrobat\Acrotray.exe
(CANON INC.) C:\Program Files\Canon\imagePROGRAFStatusMonitor\cnwida.exe
(LogMeIn, Inc.) C:\Program Files\LogMeIn\x86\LogMeInSystray.exe
(Trend Micro Inc.) C:\Program Files\Trend Micro\OfficeScan Client\pccntmon.exe
(IBM Corp.) C:\Program Files\BigFix Enterprise\BES Client\BESClientUI.exe
(APN LLC.) C:\Documents and Settings\Administrator\Local Settings\Application Data\VNT\vntldr.exe
(Intuit Inc.) C:\Program Files\Common Files\Intuit\QuickBooks\QBUpdate\qbupdate.exe
(MBE - The UPS Store) C:\Program Files\MBE\TaskMgr\TaskComplete.exe
(Microsoft Corporation) C:\Program Files\Windows Desktop Search\WindowsSearch.exe
(Evernote Corp., 305 Walnut Street, Redwood City, CA 94063) C:\Program Files\Evernote\Evernote\EvernoteClipper.exe
(Flexera Software, Inc.) C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
(ISS Retail, Inc.) C:\Program Files\ISS Trace\Bin\ISSTraceMonitorHost.exe
() C:\Program Files\ISS\bin\system\service_start.exe
() C:\Program Files\ISS\Bin\System\ISSTraceServer.exe
( iss retail) C:\Program Files\ISS\Bin\System\CheckPrimaryStatus.exe
( ) C:\Program Files\ISS\Bin\App\ISSQIPC1Service.exe
(ISS Retail, Inc.) C:\Program Files\ISS\Bin\App\ISSQIPC3Service.exe
( ) C:\Program Files\ISS\Bin\App\ISSEncryptionService.exe
(ISS Retail, Inc.) C:\Program Files\ISS Trace\Bin\ISSRetailTraceServer.exe
(ISS Retail, Inc.) C:\Program Files\ISS\Bin\App\Watcher.exe
(ISS Retail, Inc.) C:\Program Files\ISS Messaging\Bin\ISS.Messaging.Shell.NTService.exe
(ISS Retail, Inc.) C:\PROGRAM FILES\ISS\BIN\APP\TASKLISTENER.EXE
(Trend Micro Inc.) C:\Program Files\Trend Micro\OfficeScan Client\CNTAoSMgr.exe
(Trend Micro Inc.) C:\Program Files\Trend Micro\OfficeScan Client\TmProxy.exe
(ISS Retail, Inc.) C:\Program Files\ISS Trace\Bin\ISSTraceFileMaintenance.exe
(ISS Retail, Inc.) C:\Program Files\ISS\Bin\App\ISSHealthCheck.exe
(Trend Micro Inc.) C:\Program Files\Trend Micro\BM\TMBMSRV.exe
(Microsoft Corporation) C:\Program Files\Microsoft Office\Office14\OUTLOOK.EXE
(Microsoft Corporation) C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE
(Microsoft Corporation) C:\WINDOWS\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe
(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
(Microsoft Corporation) C:\WINDOWS\system32\mshta.exe
(iShip, Inc.) c:\iship\olp\pss013\cabbin\ishipgatewayserver.exe
(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
 
 
==================== Registry (Whitelisted) ==================
 
HKLM\...\Run: [IMSS] - C:\Program Files\Intel\Intel® Management Engine Components\IMSS\PIconStartup.exe [133400 2012-02-21] (Intel Corporation)
HKLM\...\Run: [Intuit SyncManager] - C:\Program Files\Common Files\Intuit\Sync\IntuitSyncManager.exe [2643320 2012-10-25] (Intuit Inc. All rights reserved.)
HKLM\...\Run: [AdobeAAMUpdater-1.0] - C:\Program Files\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe [444904 2012-09-20] (Adobe Systems Incorporated)
HKLM\...\Run: [Adobe ARM] - C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe [959904 2013-11-21] (Adobe Systems Incorporated)
HKLM\...\Run: [Acrobat Assistant 8.0] - C:\Program Files\Adobe\Acrobat 11.0\Acrobat\Acrotray.exe [3478392 2013-12-21] (Adobe Systems Inc.)
HKLM\...\Run: [POSStartUp] - cmd /c start /min cscript.exe /nologo "\Program Files\ISS\Bin\App\BackofficeStartup.vbs"
HKLM\...\Run: [CnwiDeviceAgent] - C:\Program Files\Canon\imagePROGRAFStatusMonitor\cnwida.exe [66648 2013-05-17] (CANON INC.)
HKLM\...\Run: [SunJavaUpdateSched] - C:\Program Files\Common Files\Java\Java Update\jusched.exe [254696 2012-01-18] (Sun Microsystems, Inc.)
HKLM\...\Run: [LogMeIn GUI] - C:\Program Files\LogMeIn\x86\LogMeInSystray.exe [63048 2012-11-29] (LogMeIn, Inc.)
HKLM\...\Run: [BCSSync] - C:\Program Files\Microsoft Office\Office14\BCSSync.exe [91520 2010-03-13] (Microsoft Corporation)
HKLM\...\Run: [OfficeScanNT Monitor] - C:\Program Files\Trend Micro\OfficeScan Client\pccntmon.exe [1496656 2013-01-25] (Trend Micro Inc.)
HKLM\...\Run: [VNT] - C:\Program Files\VNT\vntldr.exe [195536 2014-02-13] (APN LLC.)
Winlogon\Notify\GoToAssist: C:\Program Files\Citrix\GoToAssist\822\G2AWinLogon.dll (Citrix Online, a division of Citrix Systems, Inc.)
Winlogon\Notify\LMIinit: C:\WINDOWS\system32\LMIinit.dll (LogMeIn, Inc.)
HKLM\...\Policies\Explorer: [NoCDBurning] 0
Startup: C:\Documents and Settings\Administrator\Start Menu\Programs\Startup\EvernoteClipper.lnk
ShortcutTarget: EvernoteClipper.lnk -> C:\Program Files\Evernote\Evernote\EvernoteClipper.exe (Evernote Corp., 305 Walnut Street, Redwood City, CA 94063)
Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\imagePROGRAF Status Monitor.lnk
ShortcutTarget: imagePROGRAF Status Monitor.lnk -> C:\Program Files\Canon\imagePROGRAFStatusMonitor\cnwism.exe (CANON INC.)
Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Intuit Data Protect.lnk
ShortcutTarget: Intuit Data Protect.lnk -> C:\Program Files\Common Files\Intuit\DataProtect\IntuitDataProtect.exe (Intuit Inc.)
Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\QuickBooks Update Agent.lnk
ShortcutTarget: QuickBooks Update Agent.lnk -> C:\Program Files\Common Files\Intuit\QuickBooks\QBUpdate\qbupdate.exe (Intuit Inc.)
Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\QuickBooks_Standard_21.lnk
ShortcutTarget: QuickBooks_Standard_21.lnk -> C:\Program Files\Intuit\QuickBooks 2012\QBW32.EXE (Intuit Inc.)
Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Task Complete!.lnk
ShortcutTarget: Task Complete!.lnk -> C:\WINDOWS\Installer\{A40B873D-3C31-4831-A3A9-C24D82854936}\_B4081805E577118B335947.exe ()
Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Windows Search.lnk
ShortcutTarget: Windows Search.lnk -> C:\Program Files\Windows Desktop Search\WindowsSearch.exe (Microsoft Corporation)
GroupPolicy: Group Policy on Chrome detected <======= ATTENTION
 
==================== Internet (Whitelisted) ====================
 
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
SearchScopes: HKLM - DefaultScope value is missing.
SearchScopes: HKCU - {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = http://www.bing.com/search
BHO: Java™ Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll (Sun Microsystems, Inc.)
BHO: Evernote extension - {92EF2EAD-A7CE-4424-B0DB-499CF856608E} - C:\Program Files\Evernote\Evernote\EvernoteIE.dll (Evernote Corp., 305 Walnut Street, Redwood City, CA 94063)
BHO: Adobe Acrobat Create PDF Helper - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files\Common Files\Adobe\Acrobat\WCIEActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
BHO: Office Document Cache Handler - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation)
BHO: Java™ Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll (Sun Microsystems, Inc.)
BHO: JQSIEStartDetectorImpl Class - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll (Sun Microsystems, Inc.)
BHO: Adobe Acrobat Create PDF from Selection - {F4971EE7-DAA0-4053-9964-665D8EE6A077} - C:\Program Files\Common Files\Adobe\Acrobat\WCIEActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
Toolbar: HKLM - Adobe Acrobat Create PDF Toolbar - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Common Files\Adobe\Acrobat\WCIEActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
Toolbar: HKCU - Adobe Acrobat Create PDF Toolbar - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Common Files\Adobe\Acrobat\WCIEActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
DPF: {4392B188-CBA7-4CA8-A24F-31B378B3F4B5} https://iship.com/pss013081/cabbin/msi_axm.cab
DPF: {B25AB9F1-B8A2-4072-8964-00C7EDF99750} https://share.thecdmgroup.com/COM/MOVEitUploadWizard7.0.0.ocx
DPF: {D25A9538-F962-4501-9E68-D7C3DDECB148} http://12.219.81.160/template/xWebView2.cab
DPF: {FD0B6769-6490-4A91-AA0A-B5AE0DC75AC9} https://secure.logmein.com//activex/ractrl.cab?lmi=1058
Handler: intu-help-qb5 - {867FCB77-9823-4cd6-8210-D85F968D466F} - C:\Program Files\Intuit\QuickBooks 2012\HelpAsyncPluggableProtocol.dll (Intuit, Inc.)
Handler: qbwc - {FC598A64-626C-4447-85B8-53150405FD57} - C:\WINDOWS\system32\mscoree.dll (Microsoft Corporation)
ShellExecuteHooks: Windows Desktop Search Namespace Manager - {56F9679E-7826-4C84-81F3-532071A8BCC5} - C:\Program Files\Windows Desktop Search\MSNLNamespaceMgr.dll [304128 2008-05-26] (Microsoft Corporation)
Winsock: Catalog5 04 C:\WINDOWS\system32\pnrpnsp.dll [58880] (Microsoft Corporation)
Winsock: Catalog5 05 C:\WINDOWS\system32\pnrpnsp.dll [58880] (Microsoft Corporation)
Tcpip\..\Interfaces\{993938FD-99B0-42FF-8158-B9D82041B8D9}: [NameServer]4.2.2.1,8.8.8.8
 
Chrome: 
=======
CHR Plugin: (Shockwave Flash) - C:\Program Files\Google\Chrome\Application\33.0.1750.154\PepperFlash\pepflashplayer.dll ()
CHR Plugin: (Chrome Remote Desktop Viewer) - internal-remoting-viewer
CHR Plugin: (Native Client) - C:\Program Files\Google\Chrome\Application\33.0.1750.154\ppGoogleNaClPluginChrome.dll ()
CHR Plugin: (Chrome PDF Viewer) - C:\Program Files\Google\Chrome\Application\33.0.1750.154\pdf.dll ()
CHR Plugin: (Adobe Acrobat) - C:\Program Files\Adobe\Reader 11.0\Reader\Browser\nppdf32.dll (Adobe Systems Inc.)
CHR Plugin: (Microsoft® DRM) - C:\Program Files\Windows Media Player\npdrmv2.dll (Microsoft Corporation)
CHR Plugin: (Windows Media Player Plug-in Dynamic Link Library) - C:\Program Files\Windows Media Player\npdsplay.dll (Microsoft Corporation (written by Digital Renaissance Inc.))
CHR Plugin: (Microsoft® DRM) - C:\Program Files\Windows Media Player\npwmsdrm.dll (Microsoft Corporation)
CHR Plugin: (Microsoft Office 2010) - C:\PROGRA~1\MICROS~3\Office14\NPAUTHZ.DLL (Microsoft Corporation)
CHR Plugin: (Microsoft Office 2010) - C:\PROGRA~1\MICROS~3\Office14\NPSPWRAP.DLL (Microsoft Corporation)
CHR Plugin: (AdobeAAMDetect) - C:\Program Files\Common Files\Adobe\OOBE\PDApp\CCM\Utilities\npAdobeAAMDetect32.dll (Adobe Systems)
CHR Plugin: (Google Update) - C:\Program Files\Google\Update\1.3.21.153\npGoogleUpdate3.dll No File
CHR Plugin: (Intel® Identity Protection Technology) - C:\Program Files\Intel\Intel® Management Engine Components\IPT\npIntelWebAPIIPT.dll (Intel Corporation)
CHR Plugin: (Intel® Identity Protection Technology) - C:\Program Files\Intel\Intel® Management Engine Components\IPT\npIntelWebAPIUpdater.dll (Intel Corporation)
CHR Plugin: (Java™ Platform SE 6 U35) - C:\Program Files\Java\jre6\bin\plugin2\npjp2.dll (Sun Microsystems, Inc.)
CHR Plugin: (Windows Presentation Foundation) - C:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
CHR Plugin: (Java Deployment Toolkit 6.0.350.10) - C:\WINDOWS\system32\npdeployJava1.dll (Sun Microsystems, Inc.)
CHR Extension: (Google Docs) - C:\Documents and Settings\Administrator\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2013-07-16]
CHR Extension: (Google Drive) - C:\Documents and Settings\Administrator\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2013-07-16]
CHR Extension: (YouTube) - C:\Documents and Settings\Administrator\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2013-07-16]
CHR Extension: (Google Search) - C:\Documents and Settings\Administrator\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2013-07-16]
CHR Extension: (Adobe Acrobat - Create PDF) - C:\Documents and Settings\Administrator\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\efaidnbmnnnibpcajpcglclefindmkaj [2013-07-16]
CHR Extension: (Legacy Browser Support) - C:\Documents and Settings\Administrator\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\heildphpnddilhkemkielfhnkaagiabh [2014-03-26]
CHR Extension: (Google Wallet) - C:\Documents and Settings\Administrator\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2013-08-21]
CHR Extension: (Gmail) - C:\Documents and Settings\Administrator\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2013-07-16]
CHR HKLM\...\Chrome\Extension: [aaaaigmelgfmkfjicbbgbkcbagedejhj] - C:\Documents and Settings\All Users\Application Data\AskPartnerNetwork\Toolbar\AVRV7\CRX\ToolbarCR.crx [2013-07-16]
CHR HKLM\...\Chrome\Extension: [efaidnbmnnnibpcajpcglclefindmkaj] - C:\Program Files\Adobe\Acrobat 11.0\Acrobat\Browser\WCChromeExtn\WCChromeExtn.crx [2013-12-21]
CHR HKLM\SOFTWARE\Policies\Google: Policy restriction <======= ATTENTION
 
========================== Services (Whitelisted) =================
 
R2 6to4; C:\WINDOWS\System32\6to4svc.dll [100864 2010-02-11] (Microsoft Corporation)
R2 BESClient; C:\Program Files\BigFix Enterprise\BES Client\BESClient.exe [4792768 2012-08-03] (IBM Corp.)
R2 Canon imagePROGRAF Status Monitor; C:\Program Files\Canon\imagePROGRAFStatusMonitor\cnwisam.exe [725592 2013-05-17] (CANON INC)
R2 EFI ES1000; C:\Program Files\Common Files\EFI\EFI ES-1000 Service\ES1000Service.exe [11776 2009-10-19] (Electronics for Imaging, Inc.)
R2 EFI License Manager; C:\Program Files\EFI\OFASQ\lmgrd.exe [1406800 2012-12-21] (Flexera Software, Inc.)
R2 Fiery Bridge Mailbox Synchronization; C:\Program Files\Fiery\Applications3\Fiery Bridge\x86\MailboxSyncService.exe [114688 2012-06-22] (Electronics For Imaging)
R3 FLEXnet Licensing Service; C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe [1044816 2012-12-21] (Flexera Software, Inc.)
S3 hasplms; C:\WINDOWS\system32\hasplms.exe [4180576 2010-09-27] (SafeNet Inc.)
R2 Intel® Capability Licensing Service Interface; C:\Program Files\Intel\iCLS Client\HeciServer.exe [458464 2012-02-03] (Intel® Corporation)
R2 Intel® PROSet Monitoring Service; C:\WINDOWS\system32\IProsetMonitor.exe [132768 2011-11-09] (Intel Corporation)
R2 ISSERSRouterShim; C:\Program Files\ISS\Bin\App\ISSERSRouterShim.exe [8704 2005-04-12] (ISS Retail, Inc.)
R3 ISSLoader; C:\Program Files\ISS\bin\system\service_start.exe [57344 2004-03-04] ()
R3 ISSMessaging; C:\Program Files\ISS Messaging\Bin\ISS.Messaging.Shell.NTService.exe [20480 2006-05-10] (ISS Retail, Inc.)
S2 ISSStartServices; C:\Program Files\ISS\bin\system\StartServices.exe [65536 2004-11-09] ()
R3 ISSTracing; C:\Program Files\ISS Trace\Bin\ISSRetailTraceServer.exe [36864 2006-04-24] (ISS Retail, Inc.)
R3 ISSTracingMaint; C:\Program Files\ISS Trace\Bin\ISSTraceFileMaintenance.exe [28672 2004-04-23] (ISS Retail, Inc.)
R3 ISSTracingMon; C:\Program Files\ISS Trace\Bin\ISSTraceMonitorHost.exe [24576 2004-04-02] (ISS Retail, Inc.)
R2 JavaQuickStarterService; C:\Program Files\Java\jre6\bin\jqs.exe [153584 2012-12-21] (Sun Microsystems, Inc.)
R2 jhi_service; C:\Program Files\Intel\Intel® Management Engine Components\DAL\jhi_service.exe [161560 2012-02-21] (Intel Corporation)
S3 MBE Service Host_Customer; C:\Program Files\MBE\Service Host\Mbe.Wcf.Services.Host.exe [32768 2009-08-12] (MBE, A UPS Company)
S3 MBE Service Host_MBMService; C:\Program Files\MBE\Service Host\Mbe.Wcf.Services.Host.exe [32768 2009-08-12] (MBE, A UPS Company)
R2 MSSQL$MBE; C:\Program Files\Microsoft SQL Server\MSSQL$MBE\Binn\sqlservr.exe [7520337 2002-12-17] (Microsoft Corporation)
S3 MSSQLServerADHelper; C:\Program Files\Microsoft SQL Server\80\Tools\Binn\sqladhlp.exe [66112 2002-12-17] (Microsoft Corporation)
R2 ntrtscan; C:\Program Files\Trend Micro\OfficeScan Client\ntrtscan.exe [2073456 2013-02-04] (Trend Micro Inc.)
R2 ofaApp; C:\Program Files\EFI\OFASQ\ofaApp.exe [2233856 2012-12-21] ()
S3 p2pgasvc; C:\WINDOWS\system32\p2pgasvc.dll [105472 2008-04-14] (Microsoft Corporation)
R2 QBVSS; C:\Program Files\Common Files\Intuit\DataProtect\QBIDPService.exe [1248256 2011-12-06] (Intuit Inc.)
S3 SQLAgent$MBE; C:\Program Files\Microsoft SQL Server\MSSQL$MBE\Binn\sqlagent.EXE [311872 2002-12-17] (Microsoft Corporation)
R2 TMAdptrSvr; C:\Program Files\Trend Micro\Core Protection Module\TMCPMAdapter.exe [1092880 2013-02-05] (Trend Micro Inc.)
R3 TMBMServer; C:\Program Files\Trend Micro\BM\TMBMSRV.exe [345648 2012-10-30] (Trend Micro Inc.)
R2 tmlisten; C:\Program Files\Trend Micro\OfficeScan Client\tmlisten.exe [2062376 2013-02-04] (Trend Micro Inc.)
R3 TmProxy; C:\Program Files\Trend Micro\OfficeScan Client\TmProxy.exe [689712 2012-08-08] (Trend Micro Inc.)
 
==================== Drivers (Whitelisted) ====================
 
R2 aksfridge; C:\WINDOWS\system32\drivers\aksfridge.sys [356864 2010-09-27] (SafeNet Inc.)
R3 e1cexpress; C:\WINDOWS\System32\DRIVERS\e1c5132.sys [203944 2012-01-11] (Intel Corporation)
R2 hardlock; C:\WINDOWS\system32\drivers\hardlock.sys [588800 2009-12-09] (SafeNet Inc.)
R3 IFXTPM; C:\WINDOWS\System32\DRIVERS\IFXTPM.SYS [44800 2008-07-23] (Infineon Technologies AG)
R3 MEI; C:\WINDOWS\System32\DRIVERS\HECI.sys [46080 2011-11-10] (Intel Corporation)
S3 NAL; C:\WINDOWS\system32\Drivers\iqvw32.sys [30368 2011-11-09] (Intel Corporation )
R1 Tcpip6; C:\WINDOWS\System32\DRIVERS\tcpip6.sys [226880 2010-02-11] (Microsoft Corporation)
R2 tmactmon; C:\WINDOWS\system32\drivers\tmactmon.sys [74600 2012-10-30] (Trend Micro Inc.)
R2 tmcomm; C:\WINDOWS\system32\drivers\tmcomm.sys [290376 2014-03-25] (Trend Micro Inc.)
R2 tmevtmgr; C:\WINDOWS\system32\drivers\tmevtmgr.sys [62728 2012-10-30] (Trend Micro Inc.)
R2 TmFilter; C:\Program Files\Trend Micro\OfficeScan Client\TmXPFlt.sys [263968 2013-08-14] (Trend Micro Inc.)
R2 TmPreFilter; C:\Program Files\Trend Micro\OfficeScan Client\TmPreFlt.sys [36128 2013-08-14] (Trend Micro Inc.)
R1 tmtdi; C:\WINDOWS\System32\DRIVERS\tmtdi.sys [90712 2013-01-09] (Trend Micro Inc.)
R2 VSApiNt; C:\Program Files\Trend Micro\OfficeScan Client\VSApiNt.sys [1517600 2013-08-14] (Trend Micro Inc.)
S3 catchme; \??\C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\catchme.sys [X]
S4 IntelIde; No ImagePath
S4 LMIRfsClientNP; No ImagePath
S3 ProcObsrv; \??\c:\SvcTools\pkg\SLM-Usage\ProcObsrv.sys [X]
S3 Teefer2; system32\DRIVERS\teefer2.sys [X]
 
==================== NetSvcs (Whitelisted) ===================
 
 
==================== One Month Created Files and Folders ========
 
2014-04-01 12:02 - 2014-04-01 12:02 - 00022753 _____ () C:\Documents and Settings\Administrator\Desktop\FRST.txt
2014-04-01 12:02 - 2014-04-01 12:02 - 00000000 ____D () C:\FRST
2014-04-01 12:00 - 2014-04-01 12:01 - 01145856 _____ (Farbar) C:\Documents and Settings\Administrator\Desktop\FRST.exe
2014-03-28 12:11 - 2014-03-28 12:11 - 00000000 ____D () C:\Program Files\Malwarebytes' Anti-Malware
2014-03-28 12:11 - 2014-03-28 12:11 - 00000000 ____D () C:\Documents and Settings\All Users\Start Menu\Programs\Malwarebytes' Anti-Malware
2014-03-28 12:11 - 2013-04-04 14:50 - 00022856 _____ (Malwarebytes Corporation) C:\WINDOWS\system32\Drivers\mbam.sys
2014-03-27 13:53 - 2014-03-27 13:53 - 00022270 _____ () C:\Documents and Settings\Administrator\Desktop\attach.txt
2014-03-27 13:53 - 2014-03-27 13:53 - 00019250 _____ () C:\Documents and Settings\Administrator\Desktop\dds.txt
2014-03-27 10:08 - 2014-03-27 10:05 - 04289558 _____ () C:\Documents and Settings\Administrator\Desktop\postal_training.pptx
2014-03-27 09:22 - 2014-03-27 09:23 - 00000000 ___SD () C:\peanuts
2014-03-27 09:09 - 2014-03-28 12:10 - 00003682 _____ () C:\Documents and Settings\Administrator\Desktop\Rkill.txt
2014-03-25 20:17 - 2014-03-25 20:28 - 00000000 ____D () C:\ComboFix
2014-03-25 19:37 - 2014-03-25 19:37 - 00090112 _____ () C:\WINDOWS\Minidump\Mini032514-01.dmp
2014-03-25 19:37 - 2014-03-25 19:37 - 00000000 ____D () C:\WINDOWS\Minidump
2014-03-25 17:51 - 2014-03-28 12:31 - 00000000 ____D () C:\AdwCleaner
2014-03-25 17:45 - 2014-03-04 09:59 - 00000000 ____D () C:\Documents and Settings\Administrator\Desktop\Waybills
2014-03-25 16:26 - 2014-03-25 16:26 - 00000000 ____D () C:\Documents and Settings\Administrator\My Documents\Terry
2014-03-25 14:19 - 2014-03-25 19:57 - 00000000 ____D () C:\Documents and Settings\Administrator\Local Settings\Application Data\NPE
2014-03-25 14:19 - 2014-03-25 14:19 - 00000000 ____D () C:\Documents and Settings\All Users\Application Data\SMR410
2014-03-25 14:19 - 2014-03-25 14:19 - 00000000 ____D () C:\Documents and Settings\All Users\Application Data\Norton
2014-03-25 10:58 - 2014-03-25 10:58 - 00000000 ____D () C:\WINDOWS\ERUNT
2014-03-20 22:35 - 2014-03-20 22:36 - 00010105 _____ () C:\WINDOWS\KB2930275.log
2014-03-20 22:35 - 2014-03-20 22:36 - 00000000 __HDC () C:\WINDOWS\$NtUninstallKB2930275$
2014-03-20 22:24 - 2014-03-20 22:25 - 00009349 _____ () C:\WINDOWS\KB2929961.log
2014-03-20 22:24 - 2014-03-20 22:24 - 00000000 __HDC () C:\WINDOWS\$NtUninstallKB2929961$
2014-03-20 22:11 - 2014-03-20 22:13 - 00012438 _____ () C:\WINDOWS\KB2925418-IE8.log
2014-03-20 08:52 - 2014-03-20 08:52 - 00027148 _____ () C:\Documents and Settings\Administrator\Desktop\Amber Hauch Prints.xlsx
2014-03-17 11:26 - 2008-04-14 05:42 - 00159232 _____ (Microsoft Corporation) C:\WINDOWS\system32\ptpusd.dll
2014-03-17 11:26 - 2001-08-17 22:36 - 00005632 _____ (Microsoft Corporation) C:\WINDOWS\system32\ptpusb.dll
2014-03-14 10:31 - 2014-03-14 10:31 - 00042496 _____ () C:\Documents and Settings\Administrator\Desktop\3.24-30 - Chicago(1).xls
 
==================== One Month Modified Files and Folders =======
 
2014-04-01 12:02 - 2014-04-01 12:02 - 00022753 _____ () C:\Documents and Settings\Administrator\Desktop\FRST.txt
2014-04-01 12:02 - 2014-04-01 12:02 - 00000000 ____D () C:\FRST
2014-04-01 12:01 - 2014-04-01 12:00 - 01145856 _____ (Farbar) C:\Documents and Settings\Administrator\Desktop\FRST.exe
2014-04-01 12:00 - 2012-12-20 14:24 - 00000326 _____ () C:\WINDOWS\Tasks\ISS Midday DB Log Backup.job
2014-04-01 12:00 - 2012-09-17 12:30 - 00000178 ___SH () C:\Documents and Settings\WMIAdmin\ntuser.ini
2014-04-01 11:49 - 2013-07-16 10:22 - 00000900 _____ () C:\WINDOWS\Tasks\GoogleUpdateTaskMachineUA.job
2014-04-01 11:45 - 2012-09-18 12:15 - 00000830 _____ () C:\WINDOWS\Tasks\Adobe Flash Player Updater.job
2014-04-01 11:43 - 2012-12-28 11:53 - 00000000 ____D () C:\Documents and Settings\All Users\Application Data\LogMeIn
2014-04-01 11:39 - 2012-12-20 14:06 - 00000000 ____D () C:\Documents and Settings\Administrator\My Documents\Outlook Files
2014-04-01 11:01 - 2012-12-28 11:58 - 00000074 _____ () C:\WINDOWS\ISHIP.INI
2014-04-01 09:23 - 2012-12-21 12:18 - 00000000 ____D () C:\Documents and Settings\All Users\Documents\Scans
2014-04-01 09:14 - 2014-01-02 13:25 - 00013126 _____ () C:\Documents and Settings\Administrator\Desktop\Hotel Monthly Billing.xlsx
2014-04-01 08:00 - 2013-05-16 22:47 - 00008295 _____ () C:\WINDOWS\cfgall.ini
2014-04-01 08:00 - 2013-05-16 22:46 - 14943790 _____ () C:\WINDOWS\system32\TmInstall.log
2014-04-01 07:42 - 2012-09-17 17:52 - 00002399 _____ () C:\Documents and Settings\All Users\Desktop\Mailbox Manager.lnk
2014-04-01 07:39 - 2012-12-21 12:29 - 00001524 _____ () C:\Documents and Settings\Administrator\Desktop\Counter Manifest System.lnk
2014-04-01 07:07 - 2013-01-22 21:10 - 00002507 _____ () C:\Documents and Settings\Administrator\Desktop\Microsoft Outlook 2010.lnk
2014-04-01 06:00 - 2012-12-26 10:49 - 00000338 _____ () C:\WINDOWS\Tasks\ISS Daily Task.job
2014-04-01 05:59 - 2012-08-01 17:36 - 00000000 ____D () C:\WINDOWS\Registration
2014-04-01 05:57 - 2012-08-01 17:37 - 02002506 _____ () C:\WINDOWS\WindowsUpdate.log
2014-04-01 05:53 - 2014-01-22 14:09 - 00000735 _____ () C:\Documents and Settings\All Users\Start Menu\Programs\LogMeIn Client.lnk
2014-04-01 05:53 - 2013-07-16 10:22 - 00000896 _____ () C:\WINDOWS\Tasks\GoogleUpdateTaskMachineCore.job
2014-04-01 05:53 - 2012-08-01 17:40 - 00000006 ____H () C:\WINDOWS\Tasks\SA.DAT
2014-04-01 05:53 - 2012-08-01 10:35 - 00000159 _____ () C:\WINDOWS\wiadebug.log
2014-04-01 05:53 - 2012-08-01 10:35 - 00000048 _____ () C:\WINDOWS\wiaservc.log
2014-04-01 05:52 - 2012-12-20 13:57 - 00131072 _____ () C:\WINDOWS\system32\config\OAlerts.evt
2014-04-01 05:52 - 2012-08-01 17:43 - 00000178 ___SH () C:\Documents and Settings\Administrator\ntuser.ini
2014-04-01 05:52 - 2012-08-01 17:40 - 00032500 _____ () C:\WINDOWS\SchedLgU.Txt
2014-04-01 03:33 - 2012-12-20 14:24 - 00000308 _____ () C:\WINDOWS\Tasks\MBE_Time_Synchronization.job
2014-03-31 23:00 - 2012-12-26 10:49 - 00000336 _____ () C:\WINDOWS\Tasks\Auto HCM Batch Release.job
2014-03-31 19:47 - 2012-09-17 16:04 - 00000000 ____D () C:\backups
2014-03-31 07:23 - 2012-12-26 11:02 - 00002311 _____ () C:\Documents and Settings\All Users\Desktop\MBE Task Complete!.lnk
2014-03-31 05:56 - 2012-08-01 17:43 - 00000000 ____D () C:\Documents and Settings\Administrator
2014-03-31 01:56 - 2013-05-16 22:51 - 00000774 _____ () C:\WINDOWS\cfgrs.ini
2014-03-31 01:56 - 2013-05-16 22:51 - 00000104 _____ () C:\WINDOWS\cfgrs_ex.ini
2014-03-30 08:25 - 2012-12-21 12:43 - 00000000 ____D () C:\Documents and Settings\Administrator\My Documents\Forms
2014-03-30 08:25 - 2012-08-01 10:33 - 00676454 _____ () C:\WINDOWS\system32\PerfStringBackup.INI
2014-03-29 08:54 - 2013-11-30 14:30 - 00472972 _____ () C:\WINDOWS\setupapi.log
2014-03-29 03:31 - 2014-02-24 23:47 - 00006260 __RSH () C:\Documents and Settings\All Users\ntuser.pol
2014-03-28 12:31 - 2014-03-25 17:51 - 00000000 ____D () C:\AdwCleaner
2014-03-28 12:11 - 2014-03-28 12:11 - 00000000 ____D () C:\Program Files\Malwarebytes' Anti-Malware
2014-03-28 12:11 - 2014-03-28 12:11 - 00000000 ____D () C:\Documents and Settings\All Users\Start Menu\Programs\Malwarebytes' Anti-Malware
2014-03-28 12:11 - 2013-08-12 11:37 - 00000000 ____D () C:\Documents and Settings\All Users\Application Data\Malwarebytes
2014-03-28 12:11 - 2013-08-12 11:37 - 00000000 ____D () C:\Documents and Settings\Administrator\Application Data\Malwarebytes
2014-03-28 12:10 - 2014-03-27 09:09 - 00003682 _____ () C:\Documents and Settings\Administrator\Desktop\Rkill.txt
2014-03-27 18:30 - 2014-01-14 13:55 - 00000000 ____D () C:\Documents and Settings\Administrator\Desktop\Mail Box Signatures
2014-03-27 14:03 - 2012-08-01 17:38 - 00001607 _____ () C:\Documents and Settings\All Users\Start Menu\Set Program Access and Defaults.lnk
2014-03-27 13:53 - 2014-03-27 13:53 - 00022270 _____ () C:\Documents and Settings\Administrator\Desktop\attach.txt
2014-03-27 13:53 - 2014-03-27 13:53 - 00019250 _____ () C:\Documents and Settings\Administrator\Desktop\dds.txt
2014-03-27 10:12 - 2013-07-16 10:22 - 00000000 ____D () C:\Program Files\Google
2014-03-27 10:12 - 2013-07-16 10:22 - 00000000 ____D () C:\Documents and Settings\Administrator\Local Settings\Application Data\Google
2014-03-27 10:05 - 2014-03-27 10:08 - 04289558 _____ () C:\Documents and Settings\Administrator\Desktop\postal_training.pptx
2014-03-27 09:23 - 2014-03-27 09:22 - 00000000 ___SD () C:\peanuts
2014-03-27 09:22 - 2013-09-05 15:52 - 00000000 ____D () C:\Qoobox
2014-03-26 13:06 - 2012-08-01 17:39 - 00000000 __SHD () C:\Documents and Settings\NetworkService
2014-03-26 07:09 - 2014-01-13 14:00 - 00000000 ____D () C:\Documents and Settings\Administrator\Local Settings\Application Data\VNT
2014-03-25 20:28 - 2014-03-25 20:17 - 00000000 ____D () C:\ComboFix
2014-03-25 20:26 - 2008-04-14 07:00 - 00000227 ____N () C:\WINDOWS\system.ini
2014-03-25 19:57 - 2014-03-25 14:19 - 00000000 ____D () C:\Documents and Settings\Administrator\Local Settings\Application Data\NPE
2014-03-25 19:42 - 2012-08-01 17:42 - 00026844 _____ () C:\WINDOWS\ntbtlog.txt.bak
2014-03-25 19:37 - 2014-03-25 19:37 - 00090112 _____ () C:\WINDOWS\Minidump\Mini032514-01.dmp
2014-03-25 19:37 - 2014-03-25 19:37 - 00000000 ____D () C:\WINDOWS\Minidump
2014-03-25 19:37 - 2012-09-17 12:13 - 00000000 __SHD () C:\WINDOWS\CSC
2014-03-25 18:16 - 2013-05-16 22:46 - 00290376 _____ (Trend Micro Inc.) C:\WINDOWS\system32\Drivers\tmcomm.sys
2014-03-25 16:26 - 2014-03-25 16:26 - 00000000 ____D () C:\Documents and Settings\Administrator\My Documents\Terry
2014-03-25 14:19 - 2014-03-25 14:19 - 00000000 ____D () C:\Documents and Settings\All Users\Application Data\SMR410
2014-03-25 14:19 - 2014-03-25 14:19 - 00000000 ____D () C:\Documents and Settings\All Users\Application Data\Norton
2014-03-25 14:19 - 2012-08-01 10:32 - 00000336 __RSH () C:\boot.ini
2014-03-25 11:57 - 2014-01-13 14:00 - 00000000 ____D () C:\Program Files\VNT
2014-03-25 11:04 - 2012-08-01 17:57 - 00000000 ____D () C:\WINDOWS\Microsoft.NET
2014-03-25 10:58 - 2014-03-25 10:58 - 00000000 ____D () C:\WINDOWS\ERUNT
2014-03-21 14:51 - 2012-08-01 10:28 - 00000000 ____D () C:\WINDOWS\security
2014-03-21 03:01 - 2012-08-01 10:33 - 00431360 _____ () C:\WINDOWS\system32\FNTCACHE.DAT
2014-03-20 22:36 - 2014-03-20 22:35 - 00010105 _____ () C:\WINDOWS\KB2930275.log
2014-03-20 22:36 - 2014-03-20 22:35 - 00000000 __HDC () C:\WINDOWS\$NtUninstallKB2930275$
2014-03-20 22:36 - 2012-08-01 10:34 - 01765083 _____ () C:\WINDOWS\iis6.log
2014-03-20 22:36 - 2012-08-01 10:34 - 01535988 _____ () C:\WINDOWS\FaxSetup.log
2014-03-20 22:36 - 2012-08-01 10:34 - 00762906 _____ () C:\WINDOWS\ocgen.log
2014-03-20 22:36 - 2012-08-01 10:34 - 00715243 _____ () C:\WINDOWS\tsoc.log
2014-03-20 22:36 - 2012-08-01 10:34 - 00528846 _____ () C:\WINDOWS\comsetup.log
2014-03-20 22:36 - 2012-08-01 10:34 - 00487674 _____ () C:\WINDOWS\msmqinst.log
2014-03-20 22:36 - 2012-08-01 10:34 - 00320316 _____ () C:\WINDOWS\ntdtcsetup.log
2014-03-20 22:36 - 2012-08-01 10:34 - 00270281 _____ () C:\WINDOWS\netfxocm.log
2014-03-20 22:36 - 2012-08-01 10:34 - 00107187 _____ () C:\WINDOWS\MedCtrOC.log
2014-03-20 22:36 - 2012-08-01 10:34 - 00086134 _____ () C:\WINDOWS\ocmsn.log
2014-03-20 22:36 - 2012-08-01 10:34 - 00077663 _____ () C:\WINDOWS\msgsocm.log
2014-03-20 22:36 - 2012-08-01 10:34 - 00077489 _____ () C:\WINDOWS\tabletoc.log
2014-03-20 22:36 - 2012-08-01 10:34 - 00001809 _____ () C:\WINDOWS\imsins.log
2014-03-20 22:25 - 2014-03-20 22:24 - 00009349 _____ () C:\WINDOWS\KB2929961.log
2014-03-20 22:25 - 2012-08-01 10:34 - 00001809 _____ () C:\WINDOWS\imsins.BAK
2014-03-20 22:24 - 2014-03-20 22:24 - 00000000 __HDC () C:\WINDOWS\$NtUninstallKB2929961$
2014-03-20 22:13 - 2014-03-20 22:11 - 00012438 _____ () C:\WINDOWS\KB2925418-IE8.log
2014-03-20 22:13 - 2012-08-01 18:03 - 00099746 _____ () C:\WINDOWS\updspapi.log
2014-03-20 22:11 - 2012-09-17 13:02 - 00000000 ____D () C:\WINDOWS\ie8updates
2014-03-20 08:52 - 2014-03-20 08:52 - 00027148 _____ () C:\Documents and Settings\Administrator\Desktop\Amber Hauch Prints.xlsx
2014-03-18 11:46 - 2012-12-21 12:43 - 00000000 ____D () C:\Documents and Settings\Administrator\My Documents\loren_files
2014-03-17 11:26 - 2012-08-01 17:36 - 00000000 ___RD () C:\Documents and Settings\All Users\Start Menu\Programs\Accessories
2014-03-15 11:46 - 2013-07-16 10:22 - 00001813 _____ () C:\Documents and Settings\All Users\Desktop\Google Chrome.lnk
2014-03-14 10:31 - 2014-03-14 10:31 - 00042496 _____ () C:\Documents and Settings\Administrator\Desktop\3.24-30 - Chicago(1).xls
2014-03-12 13:13 - 2013-04-05 11:46 - 00000000 ____D () C:\Documents and Settings\Administrator\My Documents\Mailbox Forms
2014-03-11 16:05 - 2012-12-20 14:12 - 00002413 _____ () C:\Documents and Settings\All Users\Start Menu\Programs\Adobe Acrobat XI Standard.lnk
2014-03-11 16:05 - 2012-12-20 14:12 - 00001758 _____ () C:\Documents and Settings\All Users\Start Menu\Programs\Adobe Acrobat Distiller XI.lnk
2014-03-05 20:01 - 2012-09-17 16:00 - 00000000 ____D () C:\Program Files\ISS Messaging
2014-03-04 09:59 - 2014-03-25 17:45 - 00000000 ____D () C:\Documents and Settings\Administrator\Desktop\Waybills
2014-03-04 06:56 - 2012-12-20 16:29 - 05933630 _____ () C:\Documents and Settings\LocalService\Local Settings\Application Data\WPFFontCache_v0400-S-1-5-21-2410244668-621330714-2260601614-500-0.dat
2014-03-04 06:56 - 2012-12-20 16:29 - 00381518 _____ () C:\Documents and Settings\LocalService\Local Settings\Application Data\WPFFontCache_v0400-System.dat
2014-03-03 12:42 - 2012-09-18 12:02 - 00000000 ____D () C:\Documents and Settings\All Users\Application Data\Sonic
2014-03-02 16:30 - 2008-04-14 07:00 - 00001170 _____ () C:\WINDOWS\system32\wpa.dbl
 
Some content of TEMP:
====================
C:\Documents and Settings\Administrator\Local Settings\Temp\Quarantine.exe
 
 
==================== Bamital & volsnap Check =================
 
C:\WINDOWS\explorer.exe => MD5 is legit
C:\WINDOWS\system32\winlogon.exe => MD5 is legit
C:\WINDOWS\system32\svchost.exe => MD5 is legit
C:\WINDOWS\system32\services.exe => MD5 is legit
C:\WINDOWS\system32\User32.dll => MD5 is legit
C:\WINDOWS\system32\userinit.exe => MD5 is legit
C:\WINDOWS\system32\rpcss.dll => MD5 is legit
C:\WINDOWS\system32\Drivers\volsnap.sys => MD5 is legit
 
==================== End Of Log ============================

Attached Files



#5 RPMcMurphy

RPMcMurphy

    Bleeping *^#@%~


  • Malware Response Team
  • 3,970 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:09:45 PM

Posted 02 April 2014 - 05:11 PM

Please do this next:

icon11.gif   Open notepad. Please copy the contents of the code box below. To do this highlight the contents of the box and right click on it. Paste this into the open notepad. Save it in the same location as FRST (usually your desktop) as fixlist.txt

GroupPolicy: Group Policy on Chrome detected <======= ATTENTION
CHR HKLM\SOFTWARE\Policies\Google: Policy restriction <======= ATTENTION
NOTICE: This script was written specifically for this user, for use on that particular machine. Running this on another machine may cause damage to your operating system

Now run FRST again.
  • When the tool opens click Yes to disclaimer.
  • Press the Fix button just once and wait.
  • The tool will make a log (Fixlog.txt) please post it to your reply.

icon11.gif  Download TDSSKiller.zip and extract TDSSKiller.exe to your desktop
  • Execute TDSSKiller.exe by doubleclicking on it.
  • when the window opens, click on Change Parameters
  • under ”Additional options”, put a check mark in the box next to “Detect TDLFS File System”
  • click OK
  • Press Start Scan
  • If Malicious objects are found then ensure Cure is selected.  Important - If there is no option to "Cure" it is critical that you select "Skip"
  • Then click Continue > Reboot now
  • Once complete, a log will be produced in c:\. It will be named for example, TDSSKiller.2.7.1.0_19.01.2012_17.24.26_log.txt
  • Post that log, please.

Please include the following in your next post:
  • Fixlog.txt Report
  • TDSSKiller log

Threads are closed after 5 days of inactivity.

ASAP & UNITE Member


The help you receive here is free. If you wish to show your appreciation, then you may btn_donate_SM.gif


#6 teemell

teemell
  • Topic Starter

  • Members
  • 11 posts
  • OFFLINE
  •  
  • Local time:08:45 PM

Posted 03 April 2014 - 09:15 AM

Fixlog:

 

Fix result of Farbar Recovery Tool (FRST written by Farbar) (x86) Version: 13-03-2014  01
Ran by Administrator at 2014-04-03 09:03:23 Run:1
Running from C:\Documents and Settings\Administrator\Desktop
Boot Mode: Normal
 
==============================================
 
Content of fixlist:
*****************
GroupPolicy: Group Policy on Chrome detected <======= ATTENTION
CHR HKLM\SOFTWARE\Policies\Google: Policy restriction <======= ATTENTION
*****************
 
C:\WINDOWS\system32\GroupPolicy\Machine => Moved successfully.
C:\WINDOWS\system32\GroupPolicy\GPT.ini => Moved successfully.
HKLM\SOFTWARE\Policies\Google => Key deleted successfully.
 
 
The system needed a reboot. 
 
==== End of Fixlog ====
 
TDSS log:
 
09:11:59.0437 0x07f8  TDSS rootkit removing tool 3.0.0.26 Mar 24 2014 07:28:43
09:12:05.0968 0x07f8  ============================================================
09:12:05.0968 0x07f8  Current date / time: 2014/04/03 09:12:05.0968
09:12:05.0968 0x07f8  SystemInfo:
09:12:05.0968 0x07f8  
09:12:05.0968 0x07f8  OS Version: 5.1.2600 ServicePack: 3.0
09:12:05.0968 0x07f8  Product type: Workstation
09:12:05.0968 0x07f8  ComputerName: BOM5905A
09:12:05.0968 0x07f8  UserName: Administrator
09:12:05.0968 0x07f8  Windows directory: C:\WINDOWS
09:12:05.0968 0x07f8  System windows directory: C:\WINDOWS
09:12:05.0968 0x07f8  Processor architecture: Intel x86
09:12:05.0968 0x07f8  Number of processors: 4
09:12:05.0968 0x07f8  Page size: 0x1000
09:12:05.0968 0x07f8  Boot type: Normal boot
09:12:05.0968 0x07f8  ============================================================
09:12:08.0578 0x07f8  KLMD registered as C:\WINDOWS\system32\drivers\44152830.sys
09:12:08.0781 0x07f8  System UUID: {4D43666D-3982-A050-345E-F00F8456E967}
09:12:09.0468 0x07f8  Drive \Device\Harddisk0\DR0 - Size: 0x3A38B2E000 (232.89 Gb), SectorSize: 0x200, Cylinders: 0x76C1, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000050
09:12:09.0500 0x07f8  ============================================================
09:12:09.0500 0x07f8  \Device\Harddisk0\DR0:
09:12:09.0500 0x07f8  MBR partitions:
09:12:09.0500 0x07f8  \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x800, BlocksNum 0x1D1C4970
09:12:09.0500 0x07f8  ============================================================
09:12:09.0515 0x07f8  C: <-> \Device\Harddisk0\DR0\Partition1
09:12:09.0609 0x07f8  ============================================================
09:12:09.0609 0x07f8  Initialize success
09:12:09.0609 0x07f8  ============================================================
09:12:37.0453 0x1350  ============================================================
09:12:37.0453 0x1350  Scan started
09:12:37.0453 0x1350  Mode: Manual; TDLFS; 
09:12:37.0453 0x1350  ============================================================
09:12:37.0453 0x1350  KSN ping started
09:12:39.0781 0x1350  KSN ping finished: true
09:12:39.0968 0x1350  ================ Scan system memory ========================
09:12:42.0281 0x1350  System memory - ok
09:12:42.0281 0x1350  ================ Scan services =============================
09:12:42.0359 0x1350  [ C07D5197410AAB28D0D93F943F59656D, 482164BA2B57C7026A7DF3213E0AC59B752A898D9B880BC0629F9CADD05D2894 ] 6to4            C:\WINDOWS\System32\6to4svc.dll
09:12:42.0359 0x1350  6to4 - ok
09:12:42.0453 0x1350  Abiosdsk - ok
09:12:42.0468 0x1350  abp480n5 - ok
09:12:42.0500 0x1350  [ 8FD99680A539792A30E97944FDAECF17, 594F8E0C3695400B0C09A797AF6BDFAC6F750ECD67D0EE803914C572B1DCC43C ] ACPI            C:\WINDOWS\system32\DRIVERS\ACPI.sys
09:12:42.0500 0x1350  ACPI - ok
09:12:42.0515 0x1350  [ 9859C0F6936E723E4892D7141B1327D5, 5E8F6A2FC4DF2E5E92A1D66ECC2810E08B42B64E9CD0DF4AD3F78EA8558B90AF ] ACPIEC          C:\WINDOWS\system32\drivers\ACPIEC.sys
09:12:42.0531 0x1350  ACPIEC - ok
09:12:42.0609 0x1350  [ 24A0876D07EF356DCBC1D7A7929354AB, 765653E856EC5841DB851363E7C7CFC332D3605789ECD0998762F60ADD56A0D8 ] AdobeFlashPlayerUpdateSvc C:\WINDOWS\system32\Macromed\Flash\FlashPlayerUpdateService.exe
09:12:42.0640 0x1350  AdobeFlashPlayerUpdateSvc - ok
09:12:42.0640 0x1350  adpu160m - ok
09:12:42.0671 0x1350  [ 8BED39E3C35D6A489438B8141717A557, 1B5796E56B0927360CE0759641B1151828BC0A9E45620D2B2D880491F5CE33D0 ] aec             C:\WINDOWS\system32\drivers\aec.sys
09:12:42.0703 0x1350  aec - ok
09:12:42.0734 0x1350  [ 1E44BC1E83D8FD2305F8D452DB109CF9, CF5EC07E0B589FA2A4701C6CFD69E893FC3ABF274AD57AE3C13FFE49063B02C8 ] AFD             C:\WINDOWS\System32\drivers\afd.sys
09:12:42.0750 0x1350  AFD - ok
09:12:42.0765 0x1350  Aha154x - ok
09:12:42.0765 0x1350  aic78u2 - ok
09:12:42.0765 0x1350  aic78xx - ok
09:12:42.0796 0x1350  [ 11F424D02AEA63A3A53445087072FDD0, 134AC357035EE976403656402DE81AA35194F2195BAEE82D59A389628A19E5FE ] aksfridge       C:\WINDOWS\system32\drivers\aksfridge.sys
09:12:42.0843 0x1350  aksfridge - ok
09:12:42.0859 0x1350  [ A9A3DAA780CA6C9671A19D52456705B4, 67C959144B57AE0BBF1D82DBED197F32CDB06FECD883A80C441A0202FE83FAB4 ] Alerter         C:\WINDOWS\system32\alrsvc.dll
09:12:42.0875 0x1350  Alerter - ok
09:12:42.0890 0x1350  [ 8C515081584A38AA007909CD02020B3D, A5E13CA10F702928E0DE84C74D0EA8ACCB117FD76FBABC55220C75C4FFD596DC ] ALG             C:\WINDOWS\System32\alg.exe
09:12:42.0890 0x1350  ALG - ok
09:12:42.0890 0x1350  AliIde - ok
09:12:42.0890 0x1350  amsint - ok
09:12:42.0906 0x1350  [ D8849F77C0B66226335A59D26CB4EDC6, 4990031453204C57E36E850252A39B05D6ECDAB9E71A8136FB4900F17E59C9CA ] AppMgmt         C:\WINDOWS\System32\appmgmts.dll
09:12:42.0921 0x1350  AppMgmt - ok
09:12:42.0921 0x1350  asc - ok
09:12:42.0937 0x1350  asc3350p - ok
09:12:42.0937 0x1350  asc3550 - ok
09:12:43.0015 0x1350  [ 776ACEFA0CA9DF0FAA51A5FB2F435705, 72DF7ED6B085BC468994F5B3189506FD726A9A17A9C42ACA1E420D787691361D ] aspnet_state    C:\WINDOWS\Microsoft.NET\Framework\v4.0.30319\aspnet_state.exe
09:12:43.0031 0x1350  aspnet_state - ok
09:12:43.0046 0x1350  [ B153AFFAC761E7F5FCFA822B9C4E97BC, 7E60F572A6B3C6219E3C86225AA37243AFFD74337DB7F108B04778042E5CC959 ] AsyncMac        C:\WINDOWS\system32\DRIVERS\asyncmac.sys
09:12:43.0062 0x1350  AsyncMac - ok
09:12:43.0109 0x1350  [ 9F3A2F5AA6875C72BF062C712CFA2674, B4DF1D2C56A593C6B54DE57395E3B51D288F547842893B32B0F59228A0CF70B9 ] atapi           C:\WINDOWS\system32\drivers\atapi.sys
09:12:43.0140 0x1350  atapi - ok
09:12:43.0140 0x1350  Atdisk - ok
09:12:43.0156 0x1350  [ 9916C1225104BA14794209CFA8012159, 5D6F05F715C52A16D05CAE15C3DFE77A139A7F27F7AE710EC9A10F9EE05115A1 ] Atmarpc         C:\WINDOWS\system32\DRIVERS\atmarpc.sys
09:12:43.0171 0x1350  Atmarpc - ok
09:12:43.0187 0x1350  [ DEF7A7882BEC100FE0B2CE2549188F9D, 462C95B63D0A1058291A2DC8CBFCB13D7D74CCD1CA43B613A7EB43D49E3276F8 ] AudioSrv        C:\WINDOWS\System32\audiosrv.dll
09:12:43.0218 0x1350  AudioSrv - ok
09:12:43.0234 0x1350  [ D9F724AA26C010A217C97606B160ED68, 329B5118F2409731D06FDAE85B6ADD64A048292801BCB3546651CEB303111695 ] audstub         C:\WINDOWS\system32\DRIVERS\audstub.sys
09:12:43.0234 0x1350  audstub - ok
09:12:43.0265 0x1350  [ DA1F27D85E0D1525F6621372E7B685E9, 5A81A46A3BDD19DAFC6C87D277267A5D44F3A1B5302F2CC1111D84B7BAD5610D ] Beep            C:\WINDOWS\system32\drivers\Beep.sys
09:12:43.0265 0x1350  Beep - ok
09:12:43.0421 0x1350  [ A6CCAD3747262154F6C43C23BC880C05, FB24BD28BCF87DD1DA10E8CE3AA2C59FB7D054ACE2BDEBF1726E0759B6DC4CEF ] BESClient       C:\Program Files\BigFix Enterprise\BES Client\BESClient.exe
09:12:43.0484 0x1350  BESClient - ok
09:12:43.0531 0x1350  [ 574738F61FCA2935F5265DC4E5691314, 3C7CCF064397186C3A3863DD2370AB6414A61B330097DCA4F299CA7BBAA3D1B4 ] BITS            C:\WINDOWS\system32\qmgr.dll
09:12:43.0562 0x1350  BITS - ok
09:12:43.0625 0x1350  [ CFD4E51402DA9838B5A04AE680AF54A0, 5378F42B195B5832B00A05AD64E00473A45FFB86AC25C57241F26EA82B149FE1 ] Browser         C:\WINDOWS\System32\browser.dll
09:12:43.0656 0x1350  Browser - ok
09:12:43.0703 0x1350  Canon imagePROGRAF Status Monitor - ok
09:12:43.0750 0x1350  catchme - ok
09:12:43.0765 0x1350  [ 90A673FC8E12A79AFBED2576F6A7AAF9, BDE7858A3457DB979FEDD8577FA6321BF72848E4A7BF9F173C78A6A10CBB3EBE ] cbidf2k         C:\WINDOWS\system32\drivers\cbidf2k.sys
09:12:43.0781 0x1350  cbidf2k - ok
09:12:43.0781 0x1350  cd20xrnt - ok
09:12:43.0796 0x1350  [ C1B486A7658353D33A10CC15211A873B, AA4DD9E7AAE5AAB1146B360B17001F975D2F29A1281CF7B13E7136480410F347 ] Cdaudio         C:\WINDOWS\system32\drivers\Cdaudio.sys
09:12:43.0812 0x1350  Cdaudio - ok
09:12:43.0843 0x1350  [ C885B02847F5D2FD45A24E219ED93B32, B26B2F8E3A831E2B65EB0C5195B0645CD50E22615CE79C9B0B391CD563B121DB ] Cdfs            C:\WINDOWS\system32\drivers\Cdfs.sys
09:12:43.0859 0x1350  Cdfs - ok
09:12:43.0875 0x1350  [ 1F4260CC5B42272D71F79E570A27A4FE, B51C2A3ED3C309953D0EA45869C8E464C10F2533DADE9E0286AF674979098D1D ] Cdrom           C:\WINDOWS\system32\DRIVERS\cdrom.sys
09:12:43.0906 0x1350  Cdrom - ok
09:12:43.0906 0x1350  Changer - ok
09:12:43.0921 0x1350  [ 1CFE720EB8D93A7158A4EBC3AB178BDE, 65D2A9D9A88F38D4AF323134C151BA0F4B3CD0F6A134AF86E7AC9D07319F1726 ] CiSvc           C:\WINDOWS\system32\cisvc.exe
09:12:43.0921 0x1350  CiSvc - ok
09:12:43.0937 0x1350  [ 34CBE729F38138217F9C80212A2A0C82, A9FD7A758D12E0818A11BEEF1CE772FEFA8373E92EF6C0DA8628CD4572CC9A43 ] ClipSrv         C:\WINDOWS\system32\clipsrv.exe
09:12:43.0953 0x1350  ClipSrv - ok
09:12:44.0015 0x1350  [ D87ACAED61E417BBA546CED5E7E36D9C, 14AC6034A5BC0FB2A1AFDAD42BEF4DE641556E54AD30D0C46765660A4BE55462 ] clr_optimization_v2.0.50727_32 C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
09:12:44.0031 0x1350  clr_optimization_v2.0.50727_32 - ok
09:12:44.0062 0x1350  [ C5A75EB48E2344ABDC162BDA79E16841, 6070A8AAFD38FBC6A68A2B10C20117612354DF21B4492D90CA522BFB6870D726 ] clr_optimization_v4.0.30319_32 C:\WINDOWS\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
09:12:44.0093 0x1350  clr_optimization_v4.0.30319_32 - ok
09:12:44.0093 0x1350  CmdIde - ok
09:12:44.0093 0x1350  COMSysApp - ok
09:12:44.0093 0x1350  Cpqarray - ok
09:12:44.0156 0x1350  [ 3D4E199942E29207970E04315D02AD3B, 0825960894CF9C86CC8775BDD2A262948A09CA495AA7FE9F210FAF49E7086383 ] CryptSvc        C:\WINDOWS\System32\cryptsvc.dll
09:12:44.0171 0x1350  CryptSvc - ok
09:12:44.0171 0x1350  dac2w2k - ok
09:12:44.0171 0x1350  dac960nt - ok
09:12:44.0203 0x1350  [ 6B27A5C03DFB94B4245739065431322C, 6AEAC16AB4E0DFD25123AAF4D4181FEE1B919B7B2793117006CE8CF30E826CFD ] DcomLaunch      C:\WINDOWS\system32\rpcss.dll
09:12:44.0203 0x1350  DcomLaunch - ok
09:12:44.0234 0x1350  [ 5E38D7684A49CACFB752B046357E0589, F192AD4190BCFB6939A5CBC91648FE63168AF79A5E227A111DEAD6A92E42AB8D ] Dhcp            C:\WINDOWS\System32\dhcpcsvc.dll
09:12:44.0234 0x1350  Dhcp - ok
09:12:44.0250 0x1350  [ 044452051F3E02E7963599FC8F4F3E25, 584BDDB074618BE76454CF90E74829CFF588B5B5FAEB793E2F7AAD26352DD689 ] Disk            C:\WINDOWS\system32\DRIVERS\disk.sys
09:12:44.0265 0x1350  Disk - ok
09:12:44.0265 0x1350  dmadmin - ok
09:12:44.0296 0x1350  [ D992FE1274BDE0F84AD826ACAE022A41, C82BD6561A14F2932A761F5883A787B99031250EE5E9B7B5714AA045545C9B99 ] dmboot          C:\WINDOWS\system32\drivers\dmboot.sys
09:12:44.0375 0x1350  dmboot - ok
09:12:44.0390 0x1350  [ 7C824CF7BBDE77D95C08005717A95F6F, A73CB323B7A6410C3D3F258BF204E716ADF8C84C9E4F6562C57AB73DAED8CCDE ] dmio            C:\WINDOWS\system32\drivers\dmio.sys
09:12:44.0421 0x1350  dmio - ok
09:12:44.0421 0x1350  [ E9317282A63CA4D188C0DF5E09C6AC5F, D41E002F555FE9015EF620975255F58BB79198CA1FF0E09EC950CB450FF77CF7 ] dmload          C:\WINDOWS\system32\drivers\dmload.sys
09:12:44.0437 0x1350  dmload - ok
09:12:44.0437 0x1350  [ 57EDEC2E5F59F0335E92F35184BC8631, 61F6F0DC2D1A6C61D5EF0D5CC4BE0FFC217F1E61FDA3EA9F704709293656600F ] dmserver        C:\WINDOWS\System32\dmserver.dll
09:12:44.0453 0x1350  dmserver - ok
09:12:44.0484 0x1350  [ 8A208DFCF89792A484E76C40E5F50B45, 4E40E2EB38C6254E7CAA488200E89EE7DEBBBA773890BC6A84313CC68178D54F ] DMusic          C:\WINDOWS\system32\drivers\DMusic.sys
09:12:44.0515 0x1350  DMusic - ok
09:12:44.0531 0x1350  [ 5F7E24FA9EAB896051FFB87F840730D2, 356EEFDCD54DECAD0170B34B993E4BF80DD039E2B2922D7A8D09B84031E9FC7A ] Dnscache        C:\WINDOWS\System32\dnsrslvr.dll
09:12:44.0546 0x1350  Dnscache - ok
09:12:44.0562 0x1350  [ 0F0F6E687E5E15579EF4DA8DD6945814, 5C32D88119EB1465B2D719BEE2E05888D1A73454B5E33F2D4928DA710F8BFBA3 ] Dot3svc         C:\WINDOWS\System32\dot3svc.dll
09:12:44.0578 0x1350  Dot3svc - ok
09:12:44.0578 0x1350  dpti2o - ok
09:12:44.0593 0x1350  [ 8F5FCFF8E8848AFAC920905FBD9D33C8, C8C6FB97AB0871C8C88A2201525A5CF10D5131CB6980D32692ED7A8F58399AD5 ] drmkaud         C:\WINDOWS\system32\drivers\drmkaud.sys
09:12:44.0593 0x1350  drmkaud - ok
09:12:44.0625 0x1350  [ 42B98CBADA8A3989D7689D41A8BBE612, B56F5EB36C319088342097A122090039D32F1E65FF2CA73FBCDC69365E9FE762 ] e1cexpress      C:\WINDOWS\system32\DRIVERS\e1c5132.sys
09:12:44.0640 0x1350  e1cexpress - ok
09:12:44.0656 0x1350  [ 2187855A7703ADEF0CEF9EE4285182CC, 8233CC11F637866C0074043835A785EA2B616739B6B1181B143A253CF2508CFD ] EapHost         C:\WINDOWS\System32\eapsvc.dll
09:12:44.0671 0x1350  EapHost - ok
09:12:44.0718 0x1350  [ 7D10CB5A6CDC761A0FAA7730053A83D8, DA751228485FE95413F0F3DFDBAB9BF3A26B60E0D02E0032374B414F75EE9D44 ] EFI ES1000      C:\Program Files\Common Files\EFI\EFI ES-1000 Service\ES1000Service.exe
09:12:44.0734 0x1350  EFI ES1000 - ok
09:12:44.0812 0x1350  [ 6FA23D2BEDF2D1686B5D345CEACB269E, 5676E821B7CBAD7AEB86C6CFF49B7C47FEA01341C1B77AAEA33D7F85C5A687FE ] EFI License Manager C:\Program Files\EFI\OFASQ\lmgrd.exe
09:12:44.0906 0x1350  EFI License Manager - ok
09:12:44.0921 0x1350  [ BC93B4A066477954555966D77FEC9ECB, 27F5B780175EF46DA102EE33F7F33559C8B40C077EEA4405D579D9507F4B1C23 ] ERSvc           C:\WINDOWS\System32\ersvc.dll
09:12:44.0937 0x1350  ERSvc - ok
09:12:44.0984 0x1350  [ 65DF52F5B8B6E9BBD183505225C37315, 59C606977DB40A3443DFF0BE2A4C761824881B22C9FDB3D23F6486DB580E92A4 ] Eventlog        C:\WINDOWS\system32\services.exe
09:12:44.0984 0x1350  Eventlog - ok
09:12:45.0000 0x1350  [ D4991D98F2DB73C60D042F1AEF79EFAE, 58AF949EAEBF4FF3E3314DFB66CE4198BF65F0836B68CD27A6ED319742CCCCD2 ] EventSystem     C:\WINDOWS\system32\es.dll
09:12:45.0015 0x1350  EventSystem - ok
09:12:45.0031 0x1350  [ 38D332A6D56AF32635675F132548343E, E6909DB836AF679B4F4D62C7396D6C82769CC7ABB8C919C2AABFE934FCE268F6 ] Fastfat         C:\WINDOWS\system32\drivers\Fastfat.sys
09:12:45.0046 0x1350  Fastfat - ok
09:12:45.0062 0x1350  [ 1926899BF9FFE2602B63074971700412, F5C48EDBE5C6507527630B49C95BAA9F1E47EACC5A910F2B9A4528733E81A966 ] FastUserSwitchingCompatibility C:\WINDOWS\System32\shsvcs.dll
09:12:45.0093 0x1350  FastUserSwitchingCompatibility - ok
09:12:45.0109 0x1350  [ 92CDD60B6730B9F50F6A1A0C1F8CDC81, 8307A532AB4D05CBBCE206DC2759497708BF5AAA880BD00F0E4F281D8578A1F5 ] Fdc             C:\WINDOWS\system32\drivers\Fdc.sys
09:12:45.0125 0x1350  Fdc - ok
09:12:45.0156 0x1350  [ C311E32E72B27017310FFDB26B0D05D7, 72624A890E37B24D3F007AF38197C2B9BA17B5A6013047B7E2E8D2EAEC8F20F2 ] Fiery Bridge Mailbox Synchronization C:\Program Files\Fiery\Applications3\Fiery Bridge\x86\MailboxSyncService.exe
09:12:45.0171 0x1350  Fiery Bridge Mailbox Synchronization - ok
09:12:45.0171 0x1350  [ D45926117EB9FA946A6AF572FBE1CAA3, 4C94EF009D778BE0BDF8F812F026B96F91F641BE30AA2531427A5E63DBD280DA ] Fips            C:\WINDOWS\system32\drivers\Fips.sys
09:12:45.0203 0x1350  Fips - ok
09:12:45.0234 0x1350  [ ACEFEEA621DCA62EFB7A7EEA59F5E91B, 1D998E25B2C4C2DB51BF5E76BD0EFCA172CFC9BC16AFE7044BFC7A9FCF346154 ] FLEXnet Licensing Service C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
09:12:45.0250 0x1350  FLEXnet Licensing Service - ok
09:12:45.0250 0x1350  [ 9D27E7B80BFCDF1CDD9B555862D5E7F0, 69C271AD5BCEBFD8AE5A769BDD7EC51256DA3A8ADAD5D12E5C0D13F4E82D8805 ] Flpydisk        C:\WINDOWS\system32\drivers\Flpydisk.sys
09:12:45.0265 0x1350  Flpydisk - ok
09:12:45.0281 0x1350  [ B2CF4B0786F8212CB92ED2B50C6DB6B0, 280F5CF8A90F7BEDE73ADD0DD0F8952088133A7CA9A3D3B7041957E33B36845D ] FltMgr          C:\WINDOWS\system32\DRIVERS\fltMgr.sys
09:12:45.0312 0x1350  FltMgr - ok
09:12:45.0484 0x1350  [ 8BA7C024070F2B7FDD98ED8A4BA41789, 47585006F86B2C6016EC54250A416794792D1E4024FF229C120BC25B684AF66A ] FontCache3.0.0.0 c:\WINDOWS\Microsoft.NET\Framework\v3.0\WPF\PresentationFontCache.exe
09:12:45.0546 0x1350  FontCache3.0.0.0 - ok
09:12:45.0562 0x1350  [ 3E1E2BD4F39B0E2B7DC4F4D2BCC2779A, EC635E071201A766845D48973772CBE0958942B4162F3F5F70660D114CC877E0 ] Fs_Rec          C:\WINDOWS\system32\drivers\Fs_Rec.sys
09:12:45.0593 0x1350  Fs_Rec - ok
09:12:45.0609 0x1350  [ 6AC26732762483366C3969C9E4D2259D, FF2C9A23CC17F380093F0BEA955B1925794271C2FEA16B9B7639668E6999BAE3 ] Ftdisk          C:\WINDOWS\system32\DRIVERS\ftdisk.sys
09:12:45.0656 0x1350  Ftdisk - ok
09:12:45.0750 0x1350  [ 80D6EA9C46904608CEA146C4996A824A, 07CF290A052413982D764E9C1282A4C3FECA8E4DF4CD1E1862F474A55CA30D82 ] GoToAssist      C:\Program Files\Citrix\GoToAssist\822\g2aservice.exe
09:12:45.0765 0x1350  GoToAssist - ok
09:12:45.0796 0x1350  [ 0A02C63C8B144BD8C86B103DEE7C86A2, 7A3235DD3E1995DD72B212FAEB3ECA2A974434DE9BF6D269EA11BA65A80E7E50 ] Gpc             C:\WINDOWS\system32\DRIVERS\msgpc.sys
09:12:45.0812 0x1350  Gpc - ok
09:12:45.0828 0x1350  [ 506708142BC63DABA64F2D3AD1DCD5BF, 9C36A08D9E7932FF4DA7B5F24E6B42C92F28685B8ABE964C870E8D7670FD531A ] gupdate         C:\Program Files\Google\Update\GoogleUpdate.exe
09:12:45.0859 0x1350  gupdate - ok
09:12:45.0859 0x1350  [ 506708142BC63DABA64F2D3AD1DCD5BF, 9C36A08D9E7932FF4DA7B5F24E6B42C92F28685B8ABE964C870E8D7670FD531A ] gupdatem        C:\Program Files\Google\Update\GoogleUpdate.exe
09:12:45.0859 0x1350  gupdatem - ok
09:12:45.0890 0x1350  [ 995178A443B07FA9EEAEA041D7B4B5CA, 02E409360BFA5EA5C4FBF05BB58465223BCD3EE657E32473935770883A9F9907 ] hardlock        C:\WINDOWS\system32\drivers\hardlock.sys
09:12:45.0968 0x1350  hardlock - ok
09:12:45.0968 0x1350  hasplms - ok
09:12:46.0015 0x1350  [ 573C7D0A32852B48F3058CFD8026F511, BC384BBA394AFDCDA1A9ABC858C692AA84A1F0A31AF3DDF7F38D120C027927FB ] HDAudBus        C:\WINDOWS\system32\DRIVERS\HDAudBus.sys
09:12:46.0031 0x1350  HDAudBus - ok
09:12:46.0093 0x1350  [ 4FCCA060DFE0C51A09DD5C3843888BCD, D82417706B517F2610DDF7C86BE03A72EFA9A2A389DF5C8F8ADEAB8144E2C80A ] helpsvc         C:\WINDOWS\PCHealth\HelpCtr\Binaries\pchsvc.dll
09:12:46.0109 0x1350  helpsvc - ok
09:12:46.0109 0x1350  HidServ - ok
09:12:46.0140 0x1350  [ CCF82C5EC8A7326C3066DE870C06DAF1, 93395FA4C26B2E82DC8B7025ED3BCF583885E5D8C5F60CD6EEAA6335D6A126EC ] HidUsb          C:\WINDOWS\system32\DRIVERS\hidusb.sys
09:12:46.0140 0x1350  HidUsb - ok
09:12:46.0171 0x1350  [ 8878BD685E490239777BFE51320B88E9, C5C3ECF6B049B6736E35B39518A8F830B45C45A88FFE8E3A6B7922AD946597E2 ] hkmsvc          C:\WINDOWS\System32\kmsvc.dll
09:12:46.0187 0x1350  hkmsvc - ok
09:12:46.0187 0x1350  hpn - ok
09:12:46.0203 0x1350  [ F6AACF5BCE2893E0C1754AFEB672E5C9, 62A7A70515B5570A649DC30A3A122B1302F6839A63927C8B29EBE04ABA654892 ] HTTP            C:\WINDOWS\system32\Drivers\HTTP.sys
09:12:46.0218 0x1350  HTTP - ok
09:12:46.0234 0x1350  [ 6100A808600F44D999CEBDEF8841C7A3, 61A75118C327812C60622010985A2E80E79B6FD9030A5732390EE5426E4AF6C9 ] HTTPFilter      C:\WINDOWS\System32\w3ssl.dll
09:12:46.0250 0x1350  HTTPFilter - ok
09:12:46.0250 0x1350  i2omgmt - ok
09:12:46.0250 0x1350  i2omp - ok
09:12:46.0265 0x1350  [ 4A0B06AA8943C1E332520F7440C0AA30, DB2452390CCFE67E0C5FEB4FD42CA24ABE2DDD40D0B22DD5F5B8F70416863918 ] i8042prt        C:\WINDOWS\system32\DRIVERS\i8042prt.sys
09:12:46.0296 0x1350  i8042prt - ok
09:12:46.0359 0x1350  [ 5642D568D57D6DFB99B1B0D931F09C96, A9595DE79E556F67E6FAFB9BA3C8C2F3E6D7C4476913185BF7D07EEA89C733C1 ] ialm            C:\WINDOWS\system32\DRIVERS\igxpmp32.sys
09:12:46.0468 0x1350  ialm - ok
09:12:46.0500 0x1350  [ E64665E2A6CAEB52C8AE6E5EB6F3FD7C, 3D123E673F334B47A7F90B6F462C0A3DF5684D51F6F87163F3F9D34CF5CAD62F ] iaStor          C:\WINDOWS\system32\drivers\iaStor.sys
09:12:46.0515 0x1350  iaStor - ok
09:12:46.0609 0x1350  [ C01AC32DC5C03076CFB852CB5DA5229C, A4D7749220B5BC965D96A267F1E02FE8284A230BA249109207BD4B9EA8DFAC96 ] idsvc           C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe
09:12:46.0656 0x1350  idsvc - ok
09:12:46.0687 0x1350  [ 91C5E9F49F32110CED27E2F902FAD607, 9B5F1B0996FA7E92DF02214470C77046BF35F13E21CA4AEFC2019B1191248A5E ] IFXTPM          C:\WINDOWS\system32\DRIVERS\IFXTPM.SYS
09:12:46.0703 0x1350  IFXTPM - ok
09:12:46.0703 0x1350  [ 083A052659F5310DD8B6A6CB05EDCF8E, 48D39B03FFB6FAA1529B774443BA12618AE3982D9F65A7B9D18F2269F78B31F4 ] Imapi           C:\WINDOWS\system32\DRIVERS\imapi.sys
09:12:46.0718 0x1350  Imapi - ok
09:12:46.0750 0x1350  [ 30DEAF54A9755BB8546168CFE8A6B5E1, 3936228CD3125C763ABFCB93E86E4B43838202BCC0913A28E84AC0263B43EE0D ] ImapiService    C:\WINDOWS\system32\imapi.exe
09:12:46.0781 0x1350  ImapiService - ok
09:12:46.0781 0x1350  ini910u - ok
09:12:46.0937 0x1350  [ EB136D3B2883512DFF677C2FA98309BC, F3DE5CAAFEAC70BB5E579A49218D269732E845B862D9D0A434873F2A623CF4EB ] IntcAzAudAddService C:\WINDOWS\system32\drivers\RtkHDAud.sys
09:12:47.0109 0x1350  IntcAzAudAddService - ok
09:12:47.0140 0x1350  [ F4804891676F2EFAA81CBF5F2393AD2A, E4F226D78B10327521FFDA8EAAAC0791B38BC81C7CCCD939A3A882C880A24C7F ] IntcDAud        C:\WINDOWS\system32\DRIVERS\IntcDAud.sys
09:12:47.0187 0x1350  IntcDAud - ok
09:12:47.0218 0x1350  [ C86A9AA1CBC4C3C2C5C9DD0F6D939926, E8D3C2BA7679895AC4836FA9568B8264E5512C1163CFFF4E9E14C406CDF60059 ] Intel® Capability Licensing Service Interface C:\Program Files\Intel\iCLS Client\HeciServer.exe
09:12:47.0281 0x1350  Intel® Capability Licensing Service Interface - ok
09:12:47.0296 0x1350  [ 386F3F1AD783F3312C057FB8699AE09B, 8C046B9300C981EFEDA7EB0606BE3D527D243C390AD683EA0C571702F2ED7BF3 ] Intel® PROSet Monitoring Service C:\WINDOWS\system32\IProsetMonitor.exe
09:12:47.0312 0x1350  Intel® PROSet Monitoring Service - ok
09:12:47.0312 0x1350  IntelIde - ok
09:12:47.0343 0x1350  [ 8C953733D8F36EB2133F5BB58808B66B, 555868F246D73652E998B0B1296476E42FCEDED30D646CC000F31ECE4EBC25E6 ] intelppm        C:\WINDOWS\system32\DRIVERS\intelppm.sys
09:12:47.0359 0x1350  intelppm - ok
09:12:47.0375 0x1350  [ 3BB22519A194418D5FEC05D800A19AD0, F6662F440950596DC1382DD1DB5D7891CCEA30A6062BEA942C18445B5F0D8B16 ] Ip6Fw           C:\WINDOWS\system32\DRIVERS\Ip6Fw.sys
09:12:47.0390 0x1350  Ip6Fw - ok
09:12:47.0406 0x1350  [ 731F22BA402EE4B62748ADAF6363C182, 5C3BEBD008A5BE4DC2F92076FF41A10DDC01E10EC7E6552213CFA11970811848 ] IpFilterDriver  C:\WINDOWS\system32\DRIVERS\ipfltdrv.sys
09:12:47.0421 0x1350  IpFilterDriver - ok
09:12:47.0437 0x1350  [ B87AB476DCF76E72010632B5550955F5, E6E74D3A86A7917A8BAED44F8E97CCD2EB171E4E4B27E9907F60D1523FAF319A ] IpInIp          C:\WINDOWS\system32\DRIVERS\ipinip.sys
09:12:47.0453 0x1350  IpInIp - ok
09:12:47.0453 0x1350  [ CC748EA12C6EFFDE940EE98098BF96BB, AF523E21C25D9A1715EFEA573E4F52AF5D4FC9F28A2D613F5DB629C186C439E0 ] IpNat           C:\WINDOWS\system32\DRIVERS\ipnat.sys
09:12:47.0484 0x1350  IpNat - ok
09:12:47.0500 0x1350  [ 23C74D75E36E7158768DD63D92789A91, 394D296F38E7D8EFD91A6EEC301D9CE6AF910E35EB9819F1A9E3363863AEDFDC ] IPSec           C:\WINDOWS\system32\DRIVERS\ipsec.sys
09:12:47.0531 0x1350  IPSec - ok
09:12:47.0546 0x1350  [ C93C9FF7B04D772627A3646D89F7BF89, 805FA48E7A46D4F10240BF880A2468F53DEA36E83004399228AB70DB7D20544A ] IRENUM          C:\WINDOWS\system32\DRIVERS\irenum.sys
09:12:47.0562 0x1350  IRENUM - ok
09:12:47.0593 0x1350  [ 05A299EC56E52649B1CF2FC52D20F2D7, 2654619DB3E6D6C385B63AB02F87D4241C4F0250CC31383D1B3586917166C2DC ] isapnp          C:\WINDOWS\system32\DRIVERS\isapnp.sys
09:12:47.0625 0x1350  isapnp - ok
09:12:47.0687 0x1350  [ 174AD2B5AF15A55F949F9F89ED8095EE, 7C4C97460D8A869E3313B874629148B5A96BA64DB0F78C8D453DA31F825F2E33 ] ISSERSRouterShim C:\Program Files\ISS\Bin\App\ISSERSRouterShim.exe
09:12:47.0687 0x1350  ISSERSRouterShim - ok
09:12:47.0718 0x1350  [ B6337B3B3FEC383D932CE4612831CC80, 8A12CD68DD6DAF50241E5059B09C22EF82B4A880464C2235262E2845F649C220 ] ISSLoader       C:\Program Files\ISS\bin\system\service_start.exe
09:12:47.0718 0x1350  ISSLoader - ok
09:12:47.0750 0x1350  [ BC074FB508B38C76A275BEC67171AECD, BAA3BD6F27AD0E9F1C1EE5EDE4D38C699C3B5CD04CCD36F7E83654BEA66E2056 ] ISSMessaging    C:\Program Files\ISS Messaging\Bin\ISS.Messaging.Shell.NTService.exe
09:12:47.0750 0x1350  ISSMessaging - ok
09:12:47.0765 0x1350  [ 4633F628BBE891C58AEAE1B06C87F293, A763E1006D7CEADBB3BA40FA8EDCF160BC8D1C6FFD6ACE0E8EA219C34B0F5B66 ] ISSStartServices C:\Program Files\ISS\bin\system\StartServices.exe
09:12:47.0765 0x1350  ISSStartServices - ok
09:12:47.0796 0x1350  [ 7F2211B05D2B4C38384B2CCAAD3D313B, 869CA59D74B4BC44D6040F36D7EAA265E3BA5BB23EB00C6B5C94D7155BE5F473 ] ISSTracing      C:\Program Files\ISS Trace\Bin\ISSRetailTraceServer.exe
09:12:47.0796 0x1350  ISSTracing - ok
09:12:47.0796 0x1350  [ 85BC73F874E4EE703D339ACDAD4B608D, D8965BAF34FED39DEB25E5AC3011682763509DECB78BCCFADCB9B6243EABE004 ] ISSTracingMaint C:\Program Files\ISS Trace\Bin\ISSTraceFileMaintenance.exe
09:12:47.0796 0x1350  ISSTracingMaint - ok
09:12:47.0796 0x1350  [ B2A76AB622D65BE3A69F13FD8D8E75FE, 7967B9DB8507D4980BAA9D96C069EB9FA06E9AD0CAD98EC1F432A24E83533BE3 ] ISSTracingMon   C:\Program Files\ISS Trace\Bin\ISSTraceMonitorHost.exe
09:12:47.0796 0x1350  ISSTracingMon - ok
09:12:47.0812 0x1350  [ 0E410EDC8D0527801B899CF29E60597C, CF8BDCA6BF91BC33187B2D01BF378988AFCE821A70A4727500DAACC5C80EEBD6 ] JavaQuickStarterService C:\Program Files\Java\jre6\bin\jqs.exe
09:12:47.0843 0x1350  JavaQuickStarterService - ok
09:12:47.0875 0x1350  [ 46FFD238D2FBA90186CE064D7B9FD58A, 1FF7170181FA5EC80D8AF5B72A844F2E38CE002C1DB0AB656FE8A47250C684CD ] jhi_service     C:\Program Files\Intel\Intel® Management Engine Components\DAL\jhi_service.exe
09:12:47.0906 0x1350  jhi_service - ok
09:12:47.0921 0x1350  [ 463C1EC80CD17420A542B7F36A36F128, E3B11BA26AFEAFB50B0FC168EA07F6049DA6B88BCDDEEE20310602D7FC27A3A7 ] Kbdclass        C:\WINDOWS\system32\DRIVERS\kbdclass.sys
09:12:47.0937 0x1350  Kbdclass - ok
09:12:47.0968 0x1350  [ 9EF487A186DEA361AA06913A75B3FA99, B94EBA4EC6D85E11C81AF9927E9EF0AF2E6FE134CFF1FDB0535B7C5A794B4261 ] kbdhid          C:\WINDOWS\system32\DRIVERS\kbdhid.sys
09:12:47.0984 0x1350  kbdhid - ok
09:12:48.0000 0x1350  [ 692BCF44383D056AED41B045A323D378, 1A99DEE83FFAF64E73067FC049C0A4CE07D94E4AE31EFA17B38CEFA9E41D67DC ] kmixer          C:\WINDOWS\system32\drivers\kmixer.sys
09:12:48.0000 0x1350  kmixer - ok
09:12:48.0015 0x1350  [ 1705745D900DABF2D89F90EBADDC7517, FE90589415BDB3BA482D3EBE1A87A7BF1429791E8F18BCB66BF8874631CC8B2C ] KSecDD          C:\WINDOWS\system32\drivers\KSecDD.sys
09:12:48.0031 0x1350  KSecDD - ok
09:12:48.0046 0x1350  [ F385F4B02C535BFFE1D70CAB80838123, A1695E161673BCB77CE150C2D98A07FCB454C53F10EEBECD754D2CC40DEAA1E0 ] LanmanServer    C:\WINDOWS\System32\srvsvc.dll
09:12:48.0062 0x1350  LanmanServer - ok
09:12:48.0093 0x1350  [ A8888A5327621856C0CEC4E385F69309, B08B63300D824E35E31EEEA2C4C086DFA2C2A964CEDAE512E74D3D88AADAA2C1 ] lanmanworkstation C:\WINDOWS\System32\wkssvc.dll
09:12:48.0109 0x1350  lanmanworkstation - ok
09:12:48.0109 0x1350  lbrtfdc - ok
09:12:48.0156 0x1350  [ 83D8BE94E1CBCBE2EA8372DB1A95A159, 28D18C7B93EFB6C83023D39A54489DDE98DE578AFCC06DD0712D00DE7CD48968 ] LightScribeService C:\Program Files\Common Files\LightScribe\LSSrvc.exe
09:12:48.0171 0x1350  LightScribeService - ok
09:12:48.0187 0x1350  [ A7DB739AE99A796D91580147E919CC59, EDF4E039BA277B0E6D66FEB0B28096E67D682C09DFC18ECECF062D9DCFB75ACF ] LmHosts         C:\WINDOWS\System32\lmhsvc.dll
09:12:48.0203 0x1350  LmHosts - ok
09:12:48.0250 0x1350  [ DD08D34C632065F0020A71D0F598F657, 251EFECB9769D0F26B124735B57F6E465F2ECF1431B831C4FD8D36E78DDB65A1 ] LMIGuardianSvc  C:\Program Files\LogMeIn\x86\LMIGuardianSvc.exe
09:12:48.0281 0x1350  LMIGuardianSvc - ok
09:12:48.0312 0x1350  [ 26E3BEC8F2F0CFAF9FFE4C7AEF1BC049, CFB86B860FF4F856DA75EB132E06B77C71DC5D994799C08EDC01F2CA8B47AB44 ] LMIInfo         C:\Program Files\LogMeIn\x86\rainfo.sys
09:12:48.0328 0x1350  LMIInfo - ok
09:12:48.0328 0x1350  [ 21EA89518E56E269DCC50A31CD4F4EB7, 67A5114022BB25AEEBE6D2BD43126109DBAF5D2FDFC8F77FFE182AA9976DA3F5 ] LMIMaint        C:\Program Files\LogMeIn\x86\RaMaint.exe
09:12:48.0359 0x1350  LMIMaint - ok
09:12:48.0375 0x1350  [ 4477689E2D8AE6B78BA34C9AF4CC1ED1, 0BC8AF546901E6C20611C5250BD65ACD0C4A8613BD8F8835F0D4680B5777F051 ] lmimirr         C:\WINDOWS\system32\DRIVERS\lmimirr.sys
09:12:48.0390 0x1350  lmimirr - ok
09:12:48.0390 0x1350  LMIRfsClientNP - ok
09:12:48.0406 0x1350  [ 3FAA563DDF853320F90259D455A01D79, D81B5FCC0CBCF9CE18E44A31071D357B12F5016159E24954E50E68D80C9F61B8 ] LMIRfsDriver    C:\WINDOWS\system32\drivers\LMIRfsDriver.sys
09:12:48.0421 0x1350  LMIRfsDriver - ok
09:12:48.0453 0x1350  [ 8142C947D6CC909A448AF95F4221B314, EF725E80C9E74A8FCC8323B222A77CD5CDE8BC1B6ADC89FF8AFDD12ADD0FB59A ] LMS             C:\Program Files\Intel\Intel® Management Engine Components\LMS\LMS.exe
09:12:48.0484 0x1350  LMS - ok
09:12:48.0515 0x1350  [ 432618FA75B61059D2C57D6A7E55147A, 0E7D771AE9F98667A68C8C07A664D70B71B78EC08D7FEA92AD979E1E049EC0B1 ] LogMeIn         C:\Program Files\LogMeIn\x86\LogMeIn.exe
09:12:48.0546 0x1350  LogMeIn - ok
09:12:48.0578 0x1350  [ BB94B136444E753EB8A8BFF7D5136A89, 169C8A10A61F18BE014DA10B64F0429B435DF642DF2A15EBDE8DA757FF2880DA ] MBE Service Host_Customer C:\Program Files\MBE\Service Host\Mbe.Wcf.Services.Host.exe
09:12:48.0609 0x1350  MBE Service Host_Customer - ok
09:12:48.0609 0x1350  [ BB94B136444E753EB8A8BFF7D5136A89, 169C8A10A61F18BE014DA10B64F0429B435DF642DF2A15EBDE8DA757FF2880DA ] MBE Service Host_MBMService C:\Program Files\MBE\Service Host\Mbe.Wcf.Services.Host.exe
09:12:48.0609 0x1350  MBE Service Host_MBMService - ok
09:12:48.0640 0x1350  [ 240D715CFE4FB8F4CDA76F6863E62334, B410C88F0D4749AB843E03BB8BA215A8E3F291404C1B68824A5963A2381188FB ] MEI             C:\WINDOWS\system32\DRIVERS\HECI.sys
09:12:48.0671 0x1350  MEI - ok
09:12:48.0671 0x1350  [ 986B1FF5814366D71E0AC5755C88F2D3, E6AF051174531C24B38E73987755D366ABEC595476C6D17793E8DCCC73F55340 ] Messenger       C:\WINDOWS\System32\msgsvc.dll
09:12:48.0703 0x1350  Messenger - ok
09:12:48.0718 0x1350  [ 4AE068242760A1FB6E1A44BF4E16AFA6, 1FB771162B96AAF787AC24867B818DF8511F0780BB094FA9A38C11D8DBFE68BC ] mnmdd           C:\WINDOWS\system32\drivers\mnmdd.sys
09:12:48.0718 0x1350  mnmdd - ok
09:12:48.0750 0x1350  [ D18F1F0C101D06A1C1ADF26EED16FCDD, BA0837C7780BD8262E143E2935AFA63BE59C3C39EF56CB8608EED0F50AF070D4 ] mnmsrvc         C:\WINDOWS\system32\mnmsrvc.exe
09:12:48.0765 0x1350  mnmsrvc - ok
09:12:48.0796 0x1350  [ DFCBAD3CEC1C5F964962AE10E0BCC8E1, B342CC9EC3729AB1AB4B5E2E99F890C1E0CA649162DE91F6768AB857B719E97B ] Modem           C:\WINDOWS\system32\drivers\Modem.sys
09:12:48.0812 0x1350  Modem - ok
09:12:48.0812 0x1350  [ 35C9E97194C8CFB8430125F8DBC34D04, 0C0FCE6B0A23FB0ECB92E1663E1C72D2DD5B177D82E04782957690B69530DB39 ] Mouclass        C:\WINDOWS\system32\DRIVERS\mouclass.sys
09:12:48.0828 0x1350  Mouclass - ok
09:12:48.0843 0x1350  [ B1C303E17FB9D46E87A98E4BA6769685, 161A45488522055D0F0474ABEDA04DDD0B5DAC2411AF9154B15190BBD66E7153 ] mouhid          C:\WINDOWS\system32\DRIVERS\mouhid.sys
09:12:48.0859 0x1350  mouhid - ok
09:12:48.0859 0x1350  [ A80B9A0BAD1B73637DBCBBA7DF72D3FD, 2A5E15ED2C24C6C65EF2F7E1FD93374774076C9D8D451E4422561F4D269C012F ] MountMgr        C:\WINDOWS\system32\drivers\MountMgr.sys
09:12:48.0890 0x1350  MountMgr - ok
09:12:48.0890 0x1350  mraid35x - ok
09:12:48.0890 0x1350  [ 11D42BB6206F33FBB3BA0288D3EF81BD, 76ABCFB62C5AC549F58C231F72A99882CDEB74928104B77FE52554765C2B1A22 ] MRxDAV          C:\WINDOWS\system32\DRIVERS\mrxdav.sys
09:12:48.0921 0x1350  MRxDAV - ok
09:12:48.0937 0x1350  [ 7D304A5EB4344EBEEAB53A2FE3FFB9F0, DB9B186F7076D7B94F45041AF7B77C1AD2CAB504D683B459C6CB1C22840ED170 ] MRxSmb          C:\WINDOWS\system32\DRIVERS\mrxsmb.sys
09:12:48.0953 0x1350  MRxSmb - ok
09:12:48.0984 0x1350  [ A137F1470499A205ABBB9AAFB3B6F2B1, FB4951727543030D9E6ED74149C3FAACE2CA9DA8C1B5F616301B30B858C724E8 ] MSDTC           C:\WINDOWS\system32\msdtc.exe
09:12:48.0984 0x1350  MSDTC - ok
09:12:49.0000 0x1350  [ C941EA2454BA8350021D774DAF0F1027, C940E978C7B66A713A0FDAB54B5F995DF59D089AFCD96221DD3222948CD49BBD ] Msfs            C:\WINDOWS\system32\drivers\Msfs.sys
09:12:49.0015 0x1350  Msfs - ok
09:12:49.0015 0x1350  MSIServer - ok
09:12:49.0031 0x1350  [ D1575E71568F4D9E14CA56B7B0453BF1, 4ABE0E24786C0D39FA2B885447E56204CA6942FB175E534DCE675D7BCF0B176A ] MSKSSRV         C:\WINDOWS\system32\drivers\MSKSSRV.sys
09:12:49.0031 0x1350  MSKSSRV - ok
09:12:49.0062 0x1350  [ 325BB26842FC7CCC1FCCE2C457317F3E, C07BE560513B1FB91D756494F0BA4AEEB2E1998DE0E1C21EE83DB1183B0CEE91 ] MSPCLOCK        C:\WINDOWS\system32\drivers\MSPCLOCK.sys
09:12:49.0078 0x1350  MSPCLOCK - ok
09:12:49.0078 0x1350  [ BAD59648BA099DA4A17680B39730CB3D, 9AD4C7C94C186C8815D0BC75DCAFB962158DA6935A244BA243EDDDEB33F9816C ] MSPQM           C:\WINDOWS\system32\drivers\MSPQM.sys
09:12:49.0093 0x1350  MSPQM - ok
09:12:49.0109 0x1350  [ AF5F4F3F14A8EA2C26DE30F7A1E17136, AC93A1E4ABB0D038B772E429015567E44CC2EDB66C54DBE23A5F98176FAC1520 ] mssmbios        C:\WINDOWS\system32\DRIVERS\mssmbios.sys
09:12:49.0125 0x1350  mssmbios - ok
09:12:49.0156 0x1350  MSSQL$MBE - ok
09:12:49.0203 0x1350  [ CB7524C21727404BD3140DCA32DEB7DE, 5B1F111FADC31CD1E6F0345E2F9F989D9E63D64C9F20EFEFAC7A86BD82B8484C ] MSSQLServerADHelper C:\Program Files\Microsoft SQL Server\80\Tools\Binn\sqladhlp.exe
09:12:49.0531 0x1350  MSSQLServerADHelper - ok
09:12:49.0546 0x1350  [ DE6A75F5C270E756C5508D94B6CF68F5, FCC972DDC36C2C44D836913F10004C2C33B11C54DEFFF0C63E0FDF901D2F9261 ] Mup             C:\WINDOWS\system32\drivers\Mup.sys
09:12:49.0578 0x1350  Mup - ok
09:12:49.0609 0x1350  [ F6E75901DDB5F54005CFCE9EDF2EC237, 5049CF7F70232487AA32AFC2D6CCE9530BD0BDCC0D7BC2C4B9243C215F2B1F43 ] NAL             C:\WINDOWS\system32\Drivers\iqvw32.sys
09:12:49.0625 0x1350  NAL - ok
09:12:49.0656 0x1350  [ 0102140028FAD045756796E1C685D695, 5335B8278418CA200E2772124F0602C3E15A5CAF2D5CC59F6785DFAABF339B09 ] napagent        C:\WINDOWS\System32\qagentrt.dll
09:12:49.0703 0x1350  napagent - ok
09:12:49.0703 0x1350  [ 1DF7F42665C94B825322FAE71721130D, FE0DCB728471465B39A42A7511F4133021FBA5DF88F88BCB5FE2FF34CFD713F9 ] NDIS            C:\WINDOWS\system32\drivers\NDIS.sys
09:12:49.0734 0x1350  NDIS - ok
09:12:49.0750 0x1350  [ 0109C4F3850DFBAB279542515386AE22, 4F6DB1E499AC853FD36FD603FBB6D3AC9BDCEB298C7FE1FB59A9236CB46729B2 ] NdisTapi        C:\WINDOWS\system32\DRIVERS\ndistapi.sys
09:12:49.0765 0x1350  NdisTapi - ok
09:12:49.0781 0x1350  [ F927A4434C5028758A842943EF1A3849, B1AA3AF150C05307461774925901789456B0CCCD03A5E71ADA4AB58455962BEE ] Ndisuio         C:\WINDOWS\system32\DRIVERS\ndisuio.sys
09:12:49.0796 0x1350  Ndisuio - ok
09:12:49.0796 0x1350  [ EDC1531A49C80614B2CFDA43CA8659AB, 494042F790F33721328B4451E79842E21919681CC421A4F9633EC4D383E06097 ] NdisWan         C:\WINDOWS\system32\DRIVERS\ndiswan.sys
09:12:49.0828 0x1350  NdisWan - ok
09:12:49.0859 0x1350  [ 2F597BB467E05B1FE3830EABD821B8E0, 141497F5A49D47CCE3C9289644F4BD838DCB238F6D8E847FC006652E21FE02AC ] NDProxy         C:\WINDOWS\system32\drivers\NDProxy.sys
09:12:49.0875 0x1350  NDProxy - ok
09:12:49.0890 0x1350  [ 5D81CF9A2F1A3A756B66CF684911CDF0, 7989C36607CAEA17AFA2C1C9904145CA0714A54B9F712D9D4C1AB140D0B2CC0C ] NetBIOS         C:\WINDOWS\system32\DRIVERS\netbios.sys
09:12:49.0906 0x1350  NetBIOS - ok
09:12:49.0921 0x1350  [ 74B2B2F5BEA5E9A3DC021D685551BD3D, 7932B71F98B4122BE88F576BF6D745A757AE378A48924B7F4358837B75640A82 ] NetBT           C:\WINDOWS\system32\DRIVERS\netbt.sys
09:12:49.0953 0x1350  NetBT - ok
09:12:49.0984 0x1350  [ B857BA82860D7FF85AE29B095645563B, 86FF0E4CDD9C394E8BABD93A4D57E73FF9A779261717DEC6E9CDE99F1C6B0F4C ] NetDDE          C:\WINDOWS\system32\netdde.exe
09:12:50.0015 0x1350  NetDDE - ok
09:12:50.0015 0x1350  [ B857BA82860D7FF85AE29B095645563B, 86FF0E4CDD9C394E8BABD93A4D57E73FF9A779261717DEC6E9CDE99F1C6B0F4C ] NetDDEdsdm      C:\WINDOWS\system32\netdde.exe
09:12:50.0015 0x1350  NetDDEdsdm - ok
09:12:50.0046 0x1350  [ BF2466B3E18E970D8A976FB95FC1CA85, F7794B5D12DC5D820A162850F4388E2AA80426AD07CB221799CF941C682AB501 ] Netlogon        C:\WINDOWS\system32\lsass.exe
09:12:50.0062 0x1350  Netlogon - ok
09:12:50.0078 0x1350  [ 13E67B55B3ABD7BF3FE7AAE5A0F9A9DE, 4E0A67B3CC897E80D4B342FFE8B7B4CC4F6CA2EF2D34C136027A098B2E1C6166 ] Netman          C:\WINDOWS\System32\netman.dll
09:12:50.0078 0x1350  Netman - ok
09:12:50.0093 0x1350  [ D22CD77D4F0D63D1169BB35911BFF12D, 85B1FDFA02E1B8EA4FCB9B7EEB687C5C448697FC7EC9D178C5A2F64D2C9CFEE8 ] NetTcpPortSharing C:\WINDOWS\Microsoft.NET\Framework\v4.0.30319\SMSvcHost.exe
09:12:50.0125 0x1350  NetTcpPortSharing - ok
09:12:50.0140 0x1350  [ 943337D786A56729263071623BBB9DE5, B631B47C869FE4ACF46E4AA272435D9A9CA536E3349E3FFBB8602636FEE7AFD4 ] Nla             C:\WINDOWS\System32\mswsock.dll
09:12:50.0140 0x1350  Nla - ok
09:12:50.0156 0x1350  [ 3182D64AE053D6FB034F44B6DEF8034A, 4ADFC76965BA2A5F488E71789A4E4EA702A74AF42725F72130D1CA919406CF19 ] Npfs            C:\WINDOWS\system32\drivers\Npfs.sys
09:12:50.0171 0x1350  Npfs - ok
09:12:50.0187 0x1350  [ 78A08DD6A8D65E697C18E1DB01C5CDCA, E0E6F3ED05068E32F1D5C2D2B38CDEF4536B8656DB6756C66CF6B40B60C8F3DA ] Ntfs            C:\WINDOWS\system32\drivers\Ntfs.sys
09:12:50.0250 0x1350  Ntfs - ok
09:12:50.0250 0x1350  [ BF2466B3E18E970D8A976FB95FC1CA85, F7794B5D12DC5D820A162850F4388E2AA80426AD07CB221799CF941C682AB501 ] NtLmSsp         C:\WINDOWS\system32\lsass.exe
09:12:50.0250 0x1350  NtLmSsp - ok
09:12:50.0265 0x1350  [ 156F64A3345BD23C600655FB4D10BC08, 9611BE411586E068D9297D77102DB3BE48AA67F1BAD6F61A84F83FC3043FA9CD ] NtmsSvc         C:\WINDOWS\system32\ntmssvc.dll
09:12:50.0312 0x1350  NtmsSvc - ok
09:12:50.0406 0x1350  [ 762C5F11A331EFCF170C22B0813A19C3, C286ABFAD35AFF3F28E28D4805088AA6A5D7FC79296DEF07B7767D673A9F6C8D ] ntrtscan        C:\Program Files\Trend Micro\OfficeScan Client\ntrtscan.exe
09:12:50.0437 0x1350  ntrtscan - ok
09:12:50.0453 0x1350  [ 73C1E1F395918BC2C6DD67AF7591A3AD, B21133A75253EC15E2DFF66D3B480AB1A7E1A2360476C810E7AA55D0F0EB08D4 ] Null            C:\WINDOWS\system32\drivers\Null.sys
09:12:50.0453 0x1350  Null - ok
09:12:50.0468 0x1350  [ B305F3FAD35083837EF46A0BBCE2FC57, 9D0E0E666D652D0FC9EAB97280A5D67AAF61D6B21929DF7CF8ED72A367720464 ] NwlnkFlt        C:\WINDOWS\system32\DRIVERS\nwlnkflt.sys
09:12:50.0484 0x1350  NwlnkFlt - ok
09:12:50.0515 0x1350  [ C99B3415198D1AAB7227F2C88FD664B9, DD8DA4B5E804F134AB9233859544C025062902DFC3E8FB8A09A67337A4E73F55 ] NwlnkFwd        C:\WINDOWS\system32\DRIVERS\nwlnkfwd.sys
09:12:50.0531 0x1350  NwlnkFwd - ok
09:12:50.0609 0x1350  [ 2DB952AF708622F64E94C645E9E65D52, 20E7EF49CF87082983547F1E456360B215D6A9F859D630F1F8583F8A73906679 ] ofaApp          C:\Program Files\EFI\OFASQ\ofaApp.exe
09:12:50.0718 0x1350  ofaApp - ok
09:12:50.0765 0x1350  [ 9D10F99A6712E28F8ACD5641E3A7EA6B, 70964A0ED9011EA94044E15FA77EDD9CF535CC79ED8E03A3721FF007E69595CC ] ose             C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE
09:12:50.0781 0x1350  ose - ok
09:12:50.0937 0x1350  [ 358A9CCA612C68EB2F07DDAD4CE1D8D7, F342100E2E9001F11FDF93F856B50FA43F9B85D2C6B5706EC0433E77206498DA ] osppsvc         C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE
09:12:51.0203 0x1350  osppsvc - ok
09:12:51.0234 0x1350  [ 937A02981F11B2CE96B1D493C95AED2B, C619E1B6593E4BF740E631CC5A886C8E10D8796145C0A38417F9C599C2F54191 ] p2pgasvc        C:\WINDOWS\system32\p2pgasvc.dll
09:12:51.0265 0x1350  p2pgasvc - ok
09:12:51.0296 0x1350  [ 4A1035CB8F0D57BE41873B5183D96CF4, D6F53EEEA56C724BF3F7DABC2DD7E1E995B07BE32CB0AF0F77EB6651B741F050 ] p2pimsvc        C:\WINDOWS\system32\p2psvc.dll
09:12:51.0328 0x1350  p2pimsvc - ok
09:12:51.0359 0x1350  [ 4A1035CB8F0D57BE41873B5183D96CF4, D6F53EEEA56C724BF3F7DABC2DD7E1E995B07BE32CB0AF0F77EB6651B741F050 ] p2psvc          C:\WINDOWS\system32\p2psvc.dll
09:12:51.0359 0x1350  p2psvc - ok
09:12:51.0390 0x1350  [ 5575FAF8F97CE5E713D108C2A58D7C7C, 96D4595D19A78CCBE8B325A08780AC077AE5CC99642ACD72FB47AEAE8D344D3B ] Parport         C:\WINDOWS\system32\drivers\Parport.sys
09:12:51.0406 0x1350  Parport - ok
09:12:51.0421 0x1350  [ BEB3BA25197665D82EC7065B724171C6, 7E71C13BA30CD95CEE8A9CC85E6F48A01F30EDEAADEE69D80AE828BF97E5A5CA ] PartMgr         C:\WINDOWS\system32\drivers\PartMgr.sys
09:12:51.0437 0x1350  PartMgr - ok
09:12:51.0484 0x1350  [ 70E98B3FD8E963A6A46A2E6247E0BEA1, 6771313EC41B3B5BFD398F60706E40BE71617046880CC352DD110B001AFC22A1 ] ParVdm          C:\WINDOWS\system32\drivers\ParVdm.sys
09:12:51.0500 0x1350  ParVdm - ok
09:12:51.0500 0x1350  [ A219903CCF74233761D92BEF471A07B1, D4E6C360A1D2FCA4D17C991B834D68BF20F5111DD06B1FAB8B22984804CEC269 ] PCI             C:\WINDOWS\system32\DRIVERS\pci.sys
09:12:51.0531 0x1350  PCI - ok
09:12:51.0531 0x1350  PCIDump - ok
09:12:51.0531 0x1350  PCIIde - ok
09:12:51.0546 0x1350  [ 9E89EF60E9EE05E3F2EEF2DA7397F1C1, 0BA3DB21DC7C641C181E2635B5C9B73965FDCDCD3EBBBE48FCFEC1C8C987F617 ] Pcmcia          C:\WINDOWS\system32\drivers\Pcmcia.sys
09:12:51.0562 0x1350  Pcmcia - ok
09:12:51.0578 0x1350  PDCOMP - ok
09:12:51.0578 0x1350  PDFRAME - ok
09:12:51.0578 0x1350  PDRELI - ok
09:12:51.0578 0x1350  PDRFRAME - ok
09:12:51.0578 0x1350  perc2 - ok
09:12:51.0578 0x1350  perc2hib - ok
09:12:51.0609 0x1350  [ 65DF52F5B8B6E9BBD183505225C37315, 59C606977DB40A3443DFF0BE2A4C761824881B22C9FDB3D23F6486DB580E92A4 ] PlugPlay        C:\WINDOWS\system32\services.exe
09:12:51.0609 0x1350  PlugPlay - ok
09:12:51.0609 0x1350  [ 4A1035CB8F0D57BE41873B5183D96CF4, D6F53EEEA56C724BF3F7DABC2DD7E1E995B07BE32CB0AF0F77EB6651B741F050 ] PNRPSvc         C:\WINDOWS\system32\p2psvc.dll
09:12:51.0625 0x1350  PNRPSvc - ok
09:12:51.0625 0x1350  [ BF2466B3E18E970D8A976FB95FC1CA85, F7794B5D12DC5D820A162850F4388E2AA80426AD07CB221799CF941C682AB501 ] PolicyAgent     C:\WINDOWS\system32\lsass.exe
09:12:51.0625 0x1350  PolicyAgent - ok
09:12:51.0640 0x1350  [ EFEEC01B1D3CF84F16DDD24D9D9D8F99, C5F0C8C66A3AF7E7BB04CEDE4AC5306F8387AB384A2107DC5BE413AAE968EFF1 ] PptpMiniport    C:\WINDOWS\system32\DRIVERS\raspptp.sys
09:12:51.0656 0x1350  PptpMiniport - ok
09:12:51.0656 0x1350  ProcObsrv - ok
09:12:51.0671 0x1350  [ BF2466B3E18E970D8A976FB95FC1CA85, F7794B5D12DC5D820A162850F4388E2AA80426AD07CB221799CF941C682AB501 ] ProtectedStorage C:\WINDOWS\system32\lsass.exe
09:12:51.0671 0x1350  ProtectedStorage - ok
09:12:51.0671 0x1350  [ 09298EC810B07E5D582CB3A3F9255424, 35473A1BE25AC289474090EB0806AC6B3035DC33D1F3DF97A14BF1E361AC6AC3 ] PSched          C:\WINDOWS\system32\DRIVERS\psched.sys
09:12:51.0687 0x1350  PSched - ok
09:12:51.0687 0x1350  [ 80D317BD1C3DBC5D4FE7B1678C60CADD, DA76804B55D0CAB3DDD01EFC06673764AE4860693375C658B6063FB14AF7F12C ] Ptilink         C:\WINDOWS\system32\DRIVERS\ptilink.sys
09:12:51.0718 0x1350  Ptilink - ok
09:12:51.0718 0x1350  [ 40FEDD328F98245AD201CF5F9F311724, CE1582652B6A7CACE46D8B492CAA8E51EA46C3890EF640E8C5E1E053731A4D74 ] PxHelp20        C:\WINDOWS\system32\Drivers\PxHelp20.sys
09:12:51.0750 0x1350  PxHelp20 - ok
09:12:51.0781 0x1350  [ C8DA4746D1C87FE3E5DCC3CE86218B62, 27D9BEDCF58E337CC7F09D0F8625D7767ACED464439D2ED658B3D9FF4BE93E20 ] QBCFMonitorService C:\Program Files\Common Files\Intuit\QuickBooks\QBCFMonitorService.exe
09:12:51.0796 0x1350  QBCFMonitorService - ok
09:12:51.0812 0x1350  [ 6BEE1814470DC12FA20C53DFC3C97EBB, 91E8C22E54A090966E9B96395392B2C03A32DB1AF8DB2289E2EA9460F0A76C0F ] QBFCService     C:\Program Files\Common Files\Intuit\QuickBooks\FCS\Intuit.QuickBooks.FCS.exe
09:12:51.0843 0x1350  QBFCService - ok
09:12:51.0890 0x1350  [ 0C7B65C8743442A37152FCFAC5F7D16A, 7F237B886EAA69A0098204247DAA408E719DA23DDC3201723CCC1291FBC39E61 ] QBVSS           C:\Program Files\Common Files\Intuit\DataProtect\QBIDPService.exe
09:12:51.0953 0x1350  QBVSS - ok
09:12:51.0953 0x1350  ql1080 - ok
09:12:51.0953 0x1350  Ql10wnt - ok
09:12:51.0953 0x1350  ql12160 - ok
09:12:51.0953 0x1350  ql1240 - ok
09:12:51.0953 0x1350  ql1280 - ok
09:12:51.0968 0x1350  [ FE0D99D6F31E4FAD8159F690D68DED9C, 998685622ABE631984B7E4DBF91AB3594B1F574378D75EB9F6265F4650470692 ] RasAcd          C:\WINDOWS\system32\DRIVERS\rasacd.sys
09:12:51.0984 0x1350  RasAcd - ok
09:12:52.0000 0x1350  [ AD188BE7BDF94E8DF4CA0A55C00A5073, C7D76CB579FAEBCCC2873499441BACDD6BD6668ACF5ED7F31862656E96E2B20C ] RasAuto         C:\WINDOWS\System32\rasauto.dll
09:12:52.0031 0x1350  RasAuto - ok
09:12:52.0046 0x1350  [ 11B4A627BC9614B885C4969BFA5FF8A6, EAE0A412A2B0F68919C32A96B3A08CC1A06585E4998819F5C9051745F63FF5AD ] Rasl2tp         C:\WINDOWS\system32\DRIVERS\rasl2tp.sys
09:12:52.0062 0x1350  Rasl2tp - ok
09:12:52.0078 0x1350  [ 76A9A3CBEADD68CC57CDA5E1D7448235, 4AFD048C5D2306AB8DE46F3AA60AC0213333DDA3B09A9E91F7585DB6EB978EC8 ] RasMan          C:\WINDOWS\System32\rasmans.dll
09:12:52.0093 0x1350  RasMan - ok
09:12:52.0109 0x1350  [ 5BC962F2654137C9909C3D4603587DEE, A5CE5653D0105240F5E86CFAAB89E7917D42D939E2F27A5A7D6979289CA651B8 ] RasPppoe        C:\WINDOWS\system32\DRIVERS\raspppoe.sys
09:12:52.0125 0x1350  RasPppoe - ok
09:12:52.0125 0x1350  [ FDBB1D60066FCFBB7452FD8F9829B242, 10A2DACF944BD000032EBA8C095CB3D879CC55B28C377ADF6E52E508E47444DB ] Raspti          C:\WINDOWS\system32\DRIVERS\raspti.sys
09:12:52.0140 0x1350  Raspti - ok
09:12:52.0156 0x1350  [ 7AD224AD1A1437FE28D89CF22B17780A, 6645235CA27D671954E3557FA37082881C3D7D47492C71264CD8CB8D108EC801 ] Rdbss           C:\WINDOWS\system32\DRIVERS\rdbss.sys
09:12:52.0187 0x1350  Rdbss - ok
09:12:52.0187 0x1350  [ 4912D5B403614CE99C28420F75353332, 975341ECD660209987B5E5171B8315E032439E408CBE8A5986E67AF767F373BB ] RDPCDD          C:\WINDOWS\system32\DRIVERS\RDPCDD.sys
09:12:52.0203 0x1350  RDPCDD - ok
09:12:52.0218 0x1350  [ 15CABD0F7C00C47C70124907916AF3F1, 66B5C978B7FB6359AD8BAC9F568FE9D469E358FEAB07B1F129BA9E85F1DF723E ] rdpdr           C:\WINDOWS\system32\DRIVERS\rdpdr.sys
09:12:52.0250 0x1350  rdpdr - ok
09:12:52.0281 0x1350  [ 43AF5212BD8FB5BA6EED9754358BD8F7, AF330F61CECA4AFA359CEABC5EB3227E6B56A9A2DCE50701381D665122D7356D ] RDPWD           C:\WINDOWS\system32\drivers\RDPWD.sys
09:12:52.0281 0x1350  RDPWD - ok
09:12:52.0296 0x1350  [ 3C37BF86641BDA977C3BF8A840F3B7FA, AB9A6E54DBA3F4561CD4837372BECCE0D73943D02E3288F944333039375AC08C ] RDSessMgr       C:\WINDOWS\system32\sessmgr.exe
09:12:52.0328 0x1350  RDSessMgr - ok
09:12:52.0343 0x1350  [ F828DD7E1419B6653894A8F97A0094C5, E6150E1F598BA4CFEDB8FF075BC0D576518C331B864388F1CAE8812EFF106ECF ] redbook         C:\WINDOWS\system32\DRIVERS\redbook.sys
09:12:52.0375 0x1350  redbook - ok
09:12:52.0390 0x1350  [ 7E699FF5F59B5D9DE5390E3C34C67CF5, 3FCF0442D80AB181FED4303E570378736AA1F8718C0B8B70F689A1E45200FFE4 ] RemoteAccess    C:\WINDOWS\System32\mprdim.dll
09:12:52.0406 0x1350  RemoteAccess - ok
09:12:52.0421 0x1350  [ 5B19B557B0C188210A56A6B699D90B8F, 0FA880B81AE615206FD1738B83428AAA491D54B24168339DE6E87FDE8C6C14B0 ] RemoteRegistry  C:\WINDOWS\system32\regsvc.dll
09:12:52.0437 0x1350  RemoteRegistry - ok
09:12:52.0546 0x1350  [ 85F9924FB26D924C4A10DC620AE2C350, 52DC870426EF36851D5037EB244B156F66CE2D661E0378232E12F635DDFE3D1A ] RoxMediaDB10    C:\Program Files\Common Files\Roxio Shared\10.0\SharedCOM\RoxMediaDB10.exe
09:12:52.0625 0x1350  RoxMediaDB10 - ok
09:12:52.0640 0x1350  [ AAED593F84AFA419BBAE8572AF87CF6A, CC0FFC5A69394C8830DC66320DA01A820BBF41AD7E57D0FC343561DC5EF9A360 ] RpcLocator      C:\WINDOWS\system32\locator.exe
09:12:52.0656 0x1350  RpcLocator - ok
09:12:52.0687 0x1350  [ 6B27A5C03DFB94B4245739065431322C, 6AEAC16AB4E0DFD25123AAF4D4181FEE1B919B7B2793117006CE8CF30E826CFD ] RpcSs           C:\WINDOWS\System32\rpcss.dll
09:12:52.0687 0x1350  RpcSs - ok
09:12:52.0703 0x1350  [ 471B3F9741D762ABE75E9DEEA4787E47, D9ADE42965EC22AEB4B2AD21D429C3C8232A60AA9853DEFDA7AED86A13FE8623 ] RSVP            C:\WINDOWS\system32\rsvp.exe
09:12:52.0734 0x1350  RSVP - ok
09:12:52.0750 0x1350  [ BF2466B3E18E970D8A976FB95FC1CA85, F7794B5D12DC5D820A162850F4388E2AA80426AD07CB221799CF941C682AB501 ] SamSs           C:\WINDOWS\system32\lsass.exe
09:12:52.0750 0x1350  SamSs - ok
09:12:52.0781 0x1350  [ 86D007E7A654B9A71D1D7D856B104353, 7B1DE53D637A5FC9619D5D07C48927AFEC89D959207F6F2E2F45DD054EEA04C7 ] SCardSvr        C:\WINDOWS\System32\SCardSvr.exe
09:12:52.0812 0x1350  SCardSvr - ok
09:12:52.0828 0x1350  [ 0A9A7365A1CA4319AA7C1D6CD8E4EAFA, 0B582F47BD70732BAC48B8B86E5D06CE7F299A20E8177F3F2E6F28217C3FB605 ] Schedule        C:\WINDOWS\system32\schedsvc.dll
09:12:52.0859 0x1350  Schedule - ok
09:12:52.0859 0x1350  [ 90A3935D05B494A5A39D37E71F09A677, F72733A69BC6E1A2BB91D7632FF3463C12563F60FDCC00A2CDD67FF20D479952 ] Secdrv          C:\WINDOWS\system32\DRIVERS\secdrv.sys
09:12:52.0875 0x1350  Secdrv - ok
09:12:52.0890 0x1350  [ CBE612E2BB6A10E3563336191EDA1250, C331797DC3569F0E715766561DE2562F60B924378842246C35D2B1CF867E9D96 ] seclogon        C:\WINDOWS\System32\seclogon.dll
09:12:52.0906 0x1350  seclogon - ok
09:12:52.0906 0x1350  [ 7FDD5D0684ECA8C1F68B4D99D124DCD0, 7105B026F966A992430F86C3698ABE15EC73E4772F1A3E362E29FD5247A5DCA6 ] SENS            C:\WINDOWS\system32\sens.dll
09:12:52.0921 0x1350  SENS - ok
09:12:52.0937 0x1350  [ 0F29512CCD6BEAD730039FB4BD2C85CE, 4F98AE390D1B14A755700DD6CEFB9CF921F0404AF2145D2D7E5F52394F87C6A5 ] serenum         C:\WINDOWS\system32\DRIVERS\serenum.sys
09:12:52.0953 0x1350  serenum - ok
09:12:52.0953 0x1350  [ CCA207A8896D4C6A0C9CE29A4AE411A7, 5999B39242283CD803319AADCA171CCCC6E2A40FB2FAFA51B1D29F3FF2DD8D6C ] Serial          C:\WINDOWS\system32\DRIVERS\serial.sys
09:12:52.0984 0x1350  Serial - ok
09:12:53.0000 0x1350  [ 8E6B8C671615D126FDC553D1E2DE5562, CEEC0067514555D5CA489F50E3D7562FCA8DB8E952C3C878604C9277FC77959F ] Sfloppy         C:\WINDOWS\system32\DRIVERS\sfloppy.sys
09:12:53.0015 0x1350  Sfloppy - ok
09:12:53.0046 0x1350  [ 83F41D0D89645D7235C051AB1D9523AC, B681F33EEAA511D6A2DCB9FBAA407B739184C9FF6067C6B7E51F1FC37E9D4DD7 ] SharedAccess    C:\WINDOWS\System32\ipnathlp.dll
09:12:53.0062 0x1350  SharedAccess - ok
09:12:53.0078 0x1350  [ 1926899BF9FFE2602B63074971700412, F5C48EDBE5C6507527630B49C95BAA9F1E47EACC5A910F2B9A4528733E81A966 ] ShellHWDetection C:\WINDOWS\System32\shsvcs.dll
09:12:53.0078 0x1350  ShellHWDetection - ok
09:12:53.0078 0x1350  Simbad - ok
09:12:53.0093 0x1350  Sparrow - ok
09:12:53.0109 0x1350  [ AB8B92451ECB048A4D1DE7C3FFCB4A9F, DD17733CBB370FCA08F0296704D7CBEACA3C8F76D0ABE4761C3B1FFDF7481D9E ] splitter        C:\WINDOWS\system32\drivers\splitter.sys
09:12:53.0125 0x1350  splitter - ok
09:12:53.0140 0x1350  [ 60784F891563FB1B767F70117FC2428F, E0B07F08E60FFBAD36C2E58180F4B2A16DCA47716044CBE0213DF7B74D742F1F ] Spooler         C:\WINDOWS\system32\spoolsv.exe
09:12:53.0140 0x1350  Spooler - ok
09:12:53.0140 0x1350  SQLAgent$MBE - ok
09:12:53.0156 0x1350  [ 76BB022C2FB6902FD5BDD4F78FC13A5D, 6031CB2344D7277FC703480EB43CF856A0F8F818EA98FF26A2CA532336CD2DFA ] sr              C:\WINDOWS\system32\DRIVERS\sr.sys
09:12:53.0187 0x1350  sr - ok
09:12:53.0203 0x1350  [ 3805DF0AC4296A34BA4BF93B346CC378, B57A14F1B7B0997E619DDD62B73157AA2399A9852166FB58139CBB358A88F6F3 ] srservice       C:\WINDOWS\system32\srsvc.dll
09:12:53.0218 0x1350  srservice - ok
09:12:53.0234 0x1350  [ 47DDFC2F003F7F9F0592C6874962A2E7, 17C643BD4EB09B5666FE41817DC785BE04A6E491CE79E8E5A702CDBD98E1BDD7 ] Srv             C:\WINDOWS\system32\DRIVERS\srv.sys
09:12:53.0250 0x1350  Srv - ok
09:12:53.0265 0x1350  [ 0A5679B3714EDAB99E357057EE88FCA6, 01E1A101FFF48402C77E385A78FEF27876E04533B60EB1C18558A737E57E5FA8 ] SSDPSRV         C:\WINDOWS\System32\ssdpsrv.dll
09:12:53.0281 0x1350  SSDPSRV - ok
09:12:53.0296 0x1350  [ 8BAD69CBAC032D4BBACFCE0306174C30, 2AA0DA710FCBFF38FE8DA91EE02E7A4503269347E61F8D3246FCA3384BBA2305 ] stisvc          C:\WINDOWS\system32\wiaservc.dll
09:12:53.0328 0x1350  stisvc - ok
09:12:53.0359 0x1350  [ FF5EB78AF7DFB68C2FB363537AAF753E, BF34EBC28A18D31ADA21098FCD2F2D5FACE7AA9B49DB1AFA4AD248B2A58FE86E ] stllssvr        C:\Program Files\Common Files\SureThing Shared\stllssvr.exe
09:12:53.0375 0x1350  stllssvr - ok
09:12:53.0406 0x1350  [ 3941D127AEF12E93ADDF6FE6EE027E0F, EA1F0E32E1C5E90FA4AAC421DEBBE086512340758D3217A6334E886BCE638B51 ] swenum          C:\WINDOWS\system32\DRIVERS\swenum.sys
09:12:53.0406 0x1350  swenum - ok
09:12:53.0421 0x1350  [ 8CE882BCC6CF8A62F2B2323D95CB3D01, B408550A581F3DA222355964AFA4E976AD8471F0AA37573C42C4948AE5A23A3B ] swmidi          C:\WINDOWS\system32\drivers\swmidi.sys
09:12:53.0437 0x1350  swmidi - ok
09:12:53.0453 0x1350  SwPrv - ok
09:12:53.0453 0x1350  symc810 - ok
09:12:53.0453 0x1350  symc8xx - ok
09:12:53.0453 0x1350  sym_hi - ok
09:12:53.0453 0x1350  sym_u3 - ok
09:12:53.0468 0x1350  [ 8B83F3ED0F1688B4958F77CD6D2BF290, 546D3602183702B4F53E84413CFA2C933D64C8540378E54A8DCD148F3F36A2DA ] sysaudio        C:\WINDOWS\system32\drivers\sysaudio.sys
09:12:53.0484 0x1350  sysaudio - ok
09:12:53.0515 0x1350  [ C7ABBC59B43274B1109DF6B24D617051, 4384CA0AA6CE9B603CF7DB775A3C721E46715D5B120B94FB57DEADAADE18535B ] SysmonLog       C:\WINDOWS\system32\smlogsvc.exe
09:12:53.0546 0x1350  SysmonLog - ok
09:12:53.0578 0x1350  [ 3CB78C17BB664637787C9A1C98F79C38, F35C31F6B7F366CB949D1044B357C76DEC9170441C5E559802794F62B72FD255 ] TapiSrv         C:\WINDOWS\System32\tapisrv.dll
09:12:53.0609 0x1350  TapiSrv - ok
09:12:53.0656 0x1350  [ 9AEFA14BD6B182D61E3119FA5F436D3D, EA29E49434585409272E7901AF89771FE9D6E911A7DC44AB3C7020CFF8A44552 ] Tcpip           C:\WINDOWS\system32\DRIVERS\tcpip.sys
09:12:53.0656 0x1350  Tcpip - ok
09:12:53.0671 0x1350  [ 4E53BBCC4BE37D7A4BD6EF1098C89FF7, D084EFE07AC200672A1CE7BB8AE736612B3E353271188D26E29EC973E26E1F5F ] Tcpip6          C:\WINDOWS\system32\DRIVERS\tcpip6.sys
09:12:53.0703 0x1350  Tcpip6 - ok
09:12:53.0734 0x1350  [ 6471A66807F5E104E4885F5B67349397, F35CBFFB8BB235CCE30EF94A5273333900DD49FD506BF9D55D99A320B8A53A5A ] TDPIPE          C:\WINDOWS\system32\drivers\TDPIPE.sys
09:12:53.0750 0x1350  TDPIPE - ok
09:12:53.0750 0x1350  [ C56B6D0402371CF3700EB322EF3AAF61, 7743FA4C734BCE38EFB1CA69BC17364D8421E2CD172F856F7E38E7AE1EE93F2F ] TDTCP           C:\WINDOWS\system32\drivers\TDTCP.sys
09:12:53.0765 0x1350  TDTCP - ok
09:12:53.0765 0x1350  Teefer2 - ok
09:12:53.0781 0x1350  [ 88155247177638048422893737429D9E, B6D4E8691917946332C2208D01F8C8281978C1AD1E9951C5D99DF0D49AC34B3B ] TermDD          C:\WINDOWS\system32\DRIVERS\termdd.sys
09:12:53.0796 0x1350  TermDD - ok
09:12:53.0812 0x1350  [ FF3477C03BE7201C294C35F684B3479F, D6246521539BA4ACD022D26983182F5E323D2EF1EA7C54265A248C43A1CE5202 ] TermService     C:\WINDOWS\System32\termsrv.dll
09:12:53.0843 0x1350  TermService - ok
09:12:53.0859 0x1350  [ 1926899BF9FFE2602B63074971700412, F5C48EDBE5C6507527630B49C95BAA9F1E47EACC5A910F2B9A4528733E81A966 ] Themes          C:\WINDOWS\System32\shsvcs.dll
09:12:53.0859 0x1350  Themes - ok
09:12:53.0875 0x1350  [ DB7205804759FF62C34E3EFD8A4CC76A, 13A4248F528CE98ACA66898E56822E4FC49B11F491FF1F61A687BA601BF0A802 ] TlntSvr         C:\WINDOWS\system32\tlntsvr.exe
09:12:53.0906 0x1350  TlntSvr - ok
09:12:53.0921 0x1350  [ 028E02E1621466B5B4DC0525BC071B09, 4BC8C267F32F474319D440344FD314D7C7349AF388044EDC2EF96241E9CE4327 ] tmactmon        C:\WINDOWS\system32\drivers\tmactmon.sys
09:12:53.0937 0x1350  tmactmon - ok
09:12:54.0015 0x1350  [ CB3426726DACEA83C6C9619B00C0407D, 10283D838896FC5742322250A9D81A96A46CC63DC98D62E3F3D9C2A97BB08261 ] TMAdptrSvr      C:\Program Files\Trend Micro\Core Protection Module\TMCPMAdapter.exe
09:12:54.0031 0x1350  TMAdptrSvr - ok
09:12:54.0062 0x1350  [ 3001E1CB1BFBB9A907A81A7ECF89657F, BE27AC36B8D44C10D42B121AEED1350287A50F2C27186BA1F9F7A8FBA210CBBB ] TMBMServer      C:\Program Files\Trend Micro\BM\TMBMSRV.exe
09:12:54.0078 0x1350  TMBMServer - ok
09:12:54.0093 0x1350  [ D3F2E51059A1B807DC0C6B3726C8C4AC, FDEF54CB4F49CDB8C25D8D47D9FB56D9F69D004200433C9E94FA06EDE38E9420 ] tmcomm          C:\WINDOWS\system32\drivers\tmcomm.sys
09:12:54.0125 0x1350  tmcomm - ok
09:12:54.0125 0x1350  [ 65E50CCFD60A2BCAF7F15BBE8A456157, 7D26970DB080A2F37841820B4F5316F02B04DA81FB337CA238507E8B0464B6F4 ] tmevtmgr        C:\WINDOWS\system32\drivers\tmevtmgr.sys
09:12:54.0156 0x1350  tmevtmgr - ok
09:12:54.0187 0x1350  [ 12D284F4D7AD82C0B94B652C092ED107, D4FDAE9FD2156ADFC2DD54BB6106DC1FCCAFBD0A7AA1BFD012B15546C3B886DB ] TmFilter        C:\Program Files\Trend Micro\OfficeScan Client\TmXPFlt.sys
09:12:54.0218 0x1350  TmFilter - ok
09:12:54.0296 0x1350  [ 05BA147B7230B3A785759732B8FDC99D, 71885017C5818F883B018941F66A31C227956E8532957306D56E199801DDA1C9 ] tmlisten        C:\Program Files\Trend Micro\OfficeScan Client\tmlisten.exe
09:12:54.0328 0x1350  tmlisten - ok
09:12:54.0343 0x1350  [ A5B33B1AEEC3C4B227BD9F98A6B39674, 3B9093924E49BD5285DB01F3AF25B5CBD9EA14401452EBAF414AD9EB43755552 ] TmPreFilter     C:\Program Files\Trend Micro\OfficeScan Client\TmPreFlt.sys
09:12:54.0359 0x1350  TmPreFilter - ok
09:12:54.0390 0x1350  [ 68299FFDFAEBBCA1B4B8D4E81AD1695F, 1E5B2B08E0E8575E92F078E2D55766E264E9F8223B13EFC0EE3ED2DC7C31516B ] TmProxy         C:\Program Files\Trend Micro\OfficeScan Client\TmProxy.exe
09:12:54.0406 0x1350  TmProxy - ok
09:12:54.0421 0x1350  [ E70EB577845B05DB02779A150E4A92E7, F51CD7820CEA980FBF19290CA2354AF09C95DF0FEE565EE22E6CE73030B057D8 ] tmtdi           C:\WINDOWS\system32\DRIVERS\tmtdi.sys
09:12:54.0453 0x1350  tmtdi - ok
09:12:54.0453 0x1350  TosIde - ok
09:12:54.0484 0x1350  [ 55BCA12F7F523D35CA3CB833C725F54E, 849FB1AE31B143B14B298BBC0D91230693D41DEB95F46516878F53A7F4186C38 ] TrkWks          C:\WINDOWS\system32\trkwks.dll
09:12:54.0500 0x1350  TrkWks - ok
09:12:54.0531 0x1350  [ 8F861EDA21C05857EB8197300A92501C, 374FF9464F273610A051B9220C8D20F01FD4DD029095A7BE37244E20C5C8B5BB ] tunmp           C:\WINDOWS\system32\DRIVERS\tunmp.sys
09:12:54.0546 0x1350  tunmp - ok
09:12:54.0562 0x1350  [ 5787B80C2E3C5E2F56C2A233D91FA2C9, 3774905CF77954DFCECDA5BCC7CDE3D0ED72712BFAAD85ADAE5246306447E46C ] Udfs            C:\WINDOWS\system32\drivers\Udfs.sys
09:12:54.0593 0x1350  Udfs - ok
09:12:54.0593 0x1350  ultra - ok
09:12:54.0625 0x1350  [ AB0A7CA90D9E3D6A193905DC1715DED0, CA764A2B92E727E3398134CD50D5622B4EC387436A3644063DA1D114CE63BD64 ] UMWdf           C:\WINDOWS\system32\wdfmgr.exe
09:12:54.0625 0x1350  UMWdf - ok
09:12:54.0640 0x1350  [ 27CA59DBA52900789F194B97BD45B681, 09E32B37B0324BC17AE8F0DA9EF538BFF9D8C25406B903DB38545C1173D14BA6 ] UNS             C:\Program Files\Intel\Intel® Management Engine Components\UNS\UNS.exe
09:12:54.0640 0x1350  UNS - ok
09:12:54.0671 0x1350  [ 402DDC88356B1BAC0EE3DD1580C76A31, 32A686595710336A6BFD54C03F552AE39439611662F84EF5D24193AE5665C6F3 ] Update          C:\WINDOWS\system32\DRIVERS\update.sys
09:12:54.0718 0x1350  Update - ok
09:12:54.0734 0x1350  [ 1EBAFEB9A3FBDC41B8D9C7F0F687AD91, 7746916DB48E3F5B243B63C066596AD9037A494BF1AD935946DD04AC85D983DF ] upnphost        C:\WINDOWS\System32\upnphost.dll
09:12:54.0765 0x1350  upnphost - ok
09:12:54.0781 0x1350  [ 05365FB38FCA1E98F7A566AAAF5D1815, 16843048CEEC3DAA3B953A12FF1EE339E86783A08F2A56DA7F94AD9F9717D77D ] UPS             C:\WINDOWS\System32\ups.exe
09:12:54.0796 0x1350  UPS - ok
09:12:54.0828 0x1350  [ 1B611611C28D2DF25BC057D79C6F13FC, B0D86F63E44B40413BBAE6402CC088046CFAE082D41BBC2ED5A916293356B846 ] usbccgp         C:\WINDOWS\system32\DRIVERS\usbccgp.sys
09:12:54.0843 0x1350  usbccgp - ok
09:12:54.0859 0x1350  [ 4BAC8DF07F1D8434FC640E677A62204E, 76C1351AF6752224BF59DEEE0F8665FE699F3DFD679F5BCD01C7D9383E6402A4 ] usbehci         C:\WINDOWS\system32\DRIVERS\usbehci.sys
09:12:54.0875 0x1350  usbehci - ok
09:12:54.0890 0x1350  [ 1AB3CDDE553B6E064D2E754EFE20285C, A99C4528C4227B1E96847614745AAFACD3C5F1BDFE435214DBF78740FFB300FE ] usbhub          C:\WINDOWS\system32\DRIVERS\usbhub.sys
09:12:54.0906 0x1350  usbhub - ok
09:12:54.0937 0x1350  [ F8EDE2B6928970DCE3D5614C27D9E7F6, 6E5EBBC8B70C1D593634DAF0C190DEADFDA18C3CBC8F552A76F156F3869EF05B ] usbscan         C:\WINDOWS\system32\DRIVERS\usbscan.sys
09:12:54.0953 0x1350  usbscan - ok
09:12:54.0968 0x1350  [ A32426D9B14A089EAA1D922E0C5801A9, ED1DC52EE45F8EAD3AEC4B1F817BB25634141CF48295494C5947DCE6CF7A9817 ] usbstor         C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS
09:12:55.0000 0x1350  usbstor - ok
09:12:55.0015 0x1350  [ 0D3A8FAFCEACD8B7625CD549757A7DF1, B9CFDEFCD66AA139F3DC2F967B184669532922563AD5A71769BABDC4370D065E ] VgaSave         C:\WINDOWS\System32\drivers\vga.sys
09:12:55.0031 0x1350  VgaSave - ok
09:12:55.0031 0x1350  ViaIde - ok
09:12:55.0031 0x1350  [ 4C8FCB5CC53AAB716D810740FE59D025, 010EAC43DBED700B73E4FC908FAAF9F6A0168EBBD5D86751E49BC33AAA18BFA4 ] VolSnap         C:\WINDOWS\system32\drivers\VolSnap.sys
09:12:55.0062 0x1350  VolSnap - ok
09:12:55.0109 0x1350  [ ED5BDF9FB592E7978C65CFCF7A3269A8, A70EC4A693952316D1F9F34A7B03910BFFF6464990C511BB1392C76C05BA5B5D ] VSApiNt         C:\Program Files\Trend Micro\OfficeScan Client\VSApiNt.sys
09:12:55.0156 0x1350  VSApiNt - ok
09:12:55.0187 0x1350  [ 7A9DB3A67C333BF0BD42E42B8596854B, D31A9A3B1AAAB373EDD73B674102395212FCB616F829E938B7B2B7BE7D4752C5 ] VSS             C:\WINDOWS\System32\vssvc.exe
09:12:55.0218 0x1350  VSS - ok
09:12:55.0250 0x1350  [ 54AF4B1D5459500EF0937F6D33B1914F, FA1876888BCB9C72A92369DBED4FF1A8666784523FB41E618FA0919490FCDDB9 ] W32Time         C:\WINDOWS\system32\w32time.dll
09:12:55.0281 0x1350  W32Time - ok
09:12:55.0281 0x1350  [ E20B95BAEDB550F32DD489265C1DA1F6, 5589B2067E6C9FBA290D8C5EADDC198EBAF39C50C3CD7D2BC5CDA7CBFBC445E5 ] Wanarp          C:\WINDOWS\system32\DRIVERS\wanarp.sys
09:12:55.0312 0x1350  Wanarp - ok
09:12:55.0312 0x1350  WDICA - ok
09:12:55.0312 0x1350  [ 6768ACF64B18196494413695F0C3A00F, 3A8F8586F1D997D19A8478345338D2AECD785AEABDB61531DD3F92003D3230A5 ] wdmaud          C:\WINDOWS\system32\drivers\wdmaud.sys
09:12:55.0343 0x1350  wdmaud - ok
09:12:55.0390 0x1350  [ 77A354E28153AD2D5E120A5A8687BC06, 8B2D37A4443501C0A8E70BC2079BE27F0A36FD07B561E6F68B40A72EABBC2DFE ] WebClient       C:\WINDOWS\System32\webclnt.dll
09:12:55.0406 0x1350  WebClient - ok
09:12:55.0656 0x1350  [ 2D0E4ED081963804CCC196A0929275B5, E1D75C7D7233D81DFDE13160B0C80138DF8B35230D04FB79B367A52FACF69BF8 ] winmgmt         C:\WINDOWS\system32\wbem\WMIsvc.dll
09:12:55.0671 0x1350  winmgmt - ok
09:12:55.0718 0x1350  [ 140EF97B64F560FD78643CAE2CDAD838, 1DEA8005220A3EFEC6E32A7DE4386026CCC1E5328E2FDCB82B1FB335905D1962 ] WmdmPmSN        C:\WINDOWS\system32\MsPMSNSv.dll
09:12:55.0734 0x1350  WmdmPmSN - ok
09:12:55.0750 0x1350  [ E76F8807070ED04E7408A86D6D3A6137, BFCF5361B7335760A7AE4B6958DE516A27AC60AA09135A46F0B49F588FAFE3A0 ] Wmi             C:\WINDOWS\System32\advapi32.dll
09:12:55.0765 0x1350  Wmi - ok
09:12:55.0765 0x1350  [ C42584FD66CE9E17403AEBCA199F7BDB, E3F2E1066F36AE5D33D4482239B2E556BE0C137923C9A120DFB36EC82F2E77B0 ] WmiAcpi         C:\WINDOWS\system32\DRIVERS\wmiacpi.sys
09:12:55.0781 0x1350  WmiAcpi - ok
09:12:55.0812 0x1350  [ E0673F1106E62A68D2257E376079F821, 12992F18C9653050B10DC61D12988067933FCFDF02123D3A7EF5DE607A785DDC ] WmiApSrv        C:\WINDOWS\system32\wbem\wmiapsrv.exe
09:12:55.0812 0x1350  WmiApSrv - ok
09:12:55.0828 0x1350  [ 1385E5AA9C9821790D33A9563B8D2DD0, 35248DA1BBB6E88D6C7706B81A48F7EA4E4F2673228D69E622525D478B8E7220 ] WpdUsb          C:\WINDOWS\system32\Drivers\wpdusb.sys
09:12:55.0843 0x1350  WpdUsb - ok
09:12:55.0906 0x1350  [ DCF3E3EDF5109EE8BC02FE6E1F045795, 4B8E14B1CFB095982D34DAEC336114F5039D7793080FB787DC95A63B6B945DD0 ] WPFFontCache_v0400 C:\WINDOWS\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe
09:12:55.0968 0x1350  WPFFontCache_v0400 - ok
09:12:56.0000 0x1350  [ 6ABE6E225ADB5A751622A9CC3BC19CE8, 4061C5D0F051DFF1730E2A3BFC1CCA97B29602FC50F10F6B44D93B0D28F42024 ] WS2IFSL         C:\WINDOWS\System32\drivers\ws2ifsl.sys
09:12:56.0015 0x1350  WS2IFSL - ok
09:12:56.0031 0x1350  [ 7C278E6408D1DCE642230C0585A854D5, DA46079A04F6E8E3441E4AE454AEAC02B3E935DE29CE7F6D4476F57867FCC12A ] wscsvc          C:\WINDOWS\system32\wscsvc.dll
09:12:56.0062 0x1350  wscsvc - ok
09:12:56.0062 0x1350  WSearch - ok
09:12:56.0078 0x1350  [ 35321FB577CDC98CE3EB3A3EB9E4610A, C9A6F5CF282D8FCB3CDFCC4B306013480E78E1B664E1A60A4E27B161F9FFD4CD ] wuauserv        C:\WINDOWS\system32\wuauserv.dll
09:12:56.0093 0x1350  wuauserv - ok
09:12:56.0125 0x1350  [ 81DC3F549F44B1C1FFF022DEC9ECF30B, 3D14BFEA539F9CEB16555BD56C5E3C7C8F6692FC62C2789F8AAEA1C042E63940 ] WZCSVC          C:\WINDOWS\System32\wzcsvc.dll
09:12:56.0125 0x1350  WZCSVC - ok
09:12:56.0140 0x1350  [ 295D21F14C335B53CB8154E5B1F892B9, 9418477C2E3EA93E93D931A4EDD4500DA568FAD6040204B5201D1080203B0BBC ] xmlprov         C:\WINDOWS\System32\xmlprov.dll
09:12:56.0156 0x1350  xmlprov - ok
09:12:56.0171 0x1350  ================ Scan global ===============================
09:12:56.0187 0x1350  [ 42F1F4C0AFB08410E5F02D4B13EBB623, 924C30587C51C0D1E1F47991969AF492A644552E15F2480EA991DCB74A3E68D5 ] C:\WINDOWS\system32\basesrv.dll
09:12:56.0218 0x1350  [ 69AE2B2E6968C316536E5B10B9702E63, D9C5DA7A20DDE69D91E72400C3F06F3CB099DEF42EA6C53FCE076258A0C22391 ] C:\WINDOWS\system32\winsrv.dll
09:12:56.0250 0x1350  [ 69AE2B2E6968C316536E5B10B9702E63, D9C5DA7A20DDE69D91E72400C3F06F3CB099DEF42EA6C53FCE076258A0C22391 ] C:\WINDOWS\system32\winsrv.dll
09:12:56.0281 0x1350  [ 65DF52F5B8B6E9BBD183505225C37315, 59C606977DB40A3443DFF0BE2A4C761824881B22C9FDB3D23F6486DB580E92A4 ] C:\WINDOWS\system32\services.exe
09:12:56.0281 0x1350  [ Global ] - ok
09:12:56.0281 0x1350  ================ Scan MBR ==================================
09:12:56.0296 0x1350  [ 8F558EB6672622401DA993E1E865C861 ] \Device\Harddisk0\DR0
09:12:56.0609 0x1350  \Device\Harddisk0\DR0 - ok
09:12:56.0609 0x1350  ================ Scan VBR ==================================
09:12:56.0640 0x1350  [ F170F946F7AC09434152C78C3C56C0B4 ] \Device\Harddisk0\DR0\Partition1
09:12:56.0671 0x1350  \Device\Harddisk0\DR0\Partition1 - ok
09:12:56.0671 0x1350  Waiting for KSN requests completion. In queue: 212
09:12:57.0671 0x1350  Waiting for KSN requests completion. In queue: 212
09:12:58.0671 0x1350  Waiting for KSN requests completion. In queue: 212
09:12:59.0750 0x1350  AV detected via SS1: Trend Micro Core Protection Module, 10.6, enabled, updated
09:12:59.0750 0x1350  Win FW state via NFM: enabled
09:13:02.0187 0x1350  ============================================================
09:13:02.0187 0x1350  Scan finished
09:13:02.0187 0x1350  ============================================================
09:13:02.0203 0x12b4  Detected object count: 0
09:13:02.0203 0x12b4  Actual detected object count: 0
09:13:42.0078 0x1690  Deinitialize success
 


#7 RPMcMurphy

RPMcMurphy

    Bleeping *^#@%~


  • Malware Response Team
  • 3,970 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:09:45 PM

Posted 04 April 2014 - 10:55 AM

Please do this next:

icon11.gif  Download Combofix from HERE, and save it to your desktop.  

**Note:  It is important that it is saved directly to your desktop**

--------------------------------------------------------------------
IMPORTANT - Disable your AntiVirus and AntiSpyware applications, usually via a right click on the System Tray icon. They may otherwise interfere with our tools. If you have difficulty properly disabling your protective programs, refer to this link
--------------------------------------------------------------------

Double click on ComboFix.exe & follow the prompts.

  • If you have trouble, stop and post back.  Do not try to repeatedly run comboFix!
  • When finished, it will produce a report for you.
.
Note: If after running ComboFix you receive a message stating, "Illegal Operation Attempted on a registry key that has been marked for deletion" rebooting your computer will resolve the problem.

Please include the following in your next post:
  • ComboFix log


Threads are closed after 5 days of inactivity.

ASAP & UNITE Member


The help you receive here is free. If you wish to show your appreciation, then you may btn_donate_SM.gif


#8 teemell

teemell
  • Topic Starter

  • Members
  • 11 posts
  • OFFLINE
  •  
  • Local time:08:45 PM

Posted 08 April 2014 - 12:31 PM

Thank you again for your help.  I will be back at this computer Thursday.

I have not left!  Thanks!



#9 teemell

teemell
  • Topic Starter

  • Members
  • 11 posts
  • OFFLINE
  •  
  • Local time:08:45 PM

Posted 10 April 2014 - 09:47 AM

Hello
 
I am having trouble disabling the Trend Micro Core Protection.  It is not listed in the link that you provided, and I see no other way to disable it.
My company's remote tech support controls those settings.  They do not help with virus issues however.
I am currently having trouble even opening 'Microsoft Security Center'
This virus appears to be blocking me from doing that.
 
Any help?
 
thank you!!
 
Edit: My company's external tech support refuses to tell me how to turn off the Trend Micro, and will not do it for me.

Edited by teemell, 10 April 2014 - 10:03 AM.


#10 RPMcMurphy

RPMcMurphy

    Bleeping *^#@%~


  • Malware Response Team
  • 3,970 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:09:45 PM

Posted 10 April 2014 - 01:12 PM

Try running it from the safe mode - that will take your AV out of play.


Threads are closed after 5 days of inactivity.

ASAP & UNITE Member


The help you receive here is free. If you wish to show your appreciation, then you may btn_donate_SM.gif


#11 teemell

teemell
  • Topic Starter

  • Members
  • 11 posts
  • OFFLINE
  •  
  • Local time:08:45 PM

Posted 10 April 2014 - 02:04 PM

It took me multiple attempts to get my computer to start in Safe Mode.  It would begin to start in safe mode then restart in normal mode.

But, I was able to finally make it stay in safe mode.  I ran combofix, but it stated that the Trend Micro Core Protection was still on.  I tried to X out of combofix but it started to run anyway so I just let it.

 

Here is the log:

 

 

ComboFix 14-04-09.02 - Administrator 04/10/2014  13:47:10.3.4 - x86 NETWORK
Microsoft Windows XP Professional  5.1.2600.3.1252.1.1033.18.3475.3178 [GMT -5:00]
Running from: c:\documents and settings\Administrator\Desktop\ComboFix.exe
AV: Trend Micro Core Protection Module *Enabled/Updated* {4CA5B9AB-4295-4D4C-9664-0EBE85AE0525}
.
.
(((((((((((((((((((((((((((((((((((((((   Other Deletions   )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\documents and settings\Administrator\Local Settings\Application Data\assembly\tmp
.
.
(((((((((((((((((((((((((   Files Created from 2014-03-10 to 2014-04-10  )))))))))))))))))))))))))))))))
.
.
2014-04-01 17:02 . 2014-04-03 14:03 -------- d-----w- C:\FRST
2014-03-28 17:11 . 2014-03-28 17:11 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2014-03-28 17:11 . 2013-04-04 19:50 22856 ----a-w- c:\windows\system32\drivers\mbam.sys
2014-03-25 22:51 . 2014-03-28 17:31 -------- d-----w- C:\AdwCleaner
2014-03-25 19:19 . 2014-03-25 19:19 -------- d-----w- c:\documents and settings\All Users\Application Data\SMR410
2014-03-25 19:19 . 2014-03-26 00:57 -------- d-----w- c:\documents and settings\Administrator\Local Settings\Application Data\NPE
2014-03-25 19:19 . 2014-03-25 19:19 -------- d-----w- c:\documents and settings\All Users\Application Data\Norton
2014-03-25 15:58 . 2014-03-25 15:58 -------- d-----w- c:\windows\ERUNT
2014-03-17 16:26 . 2008-04-14 10:42 159232 ----a-w- c:\windows\system32\ptpusd.dll
2014-03-17 16:26 . 2001-08-18 03:36 5632 ----a-w- c:\windows\system32\ptpusb.dll
.
.
.
((((((((((((((((((((((((((((((((((((((((   Find3M Report   ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2014-03-25 23:16 . 2013-05-17 03:46 290376 ----a-w- c:\windows\system32\drivers\tmcomm.sys
2014-02-24 11:46 . 2008-04-14 12:00 920064 ----a-w- c:\windows\system32\wininet.dll
2014-02-24 11:45 . 2008-04-14 12:00 43520 ----a-w- c:\windows\system32\licmgr10.dll
2014-02-24 11:45 . 2008-04-14 12:00 1469440 ----a-w- c:\windows\system32\inetcpl.cpl
2014-02-24 11:45 . 2008-04-14 12:00 18944 ----a-w- c:\windows\system32\corpol.dll
2014-02-24 10:54 . 2008-04-14 12:00 385024 ----a-w- c:\windows\system32\html.iec
2014-02-07 02:01 . 2008-04-14 12:00 1879040 ----a-w- c:\windows\system32\win32k.sys
2014-02-05 08:55 . 2008-04-14 12:00 562688 ----a-w- c:\windows\system32\qedit.dll
2014-01-22 19:07 . 2012-12-28 16:53 53064 ----a-w- c:\windows\system32\Spool\prtprocs\w32x86\LMIproc.dll
2014-01-22 19:07 . 2012-12-28 16:53 86888 ----a-w- c:\windows\system32\LMIRfsClientNP.dll
2014-01-22 19:07 . 2012-12-28 16:53 31560 ----a-w- c:\windows\system32\LMIport.dll
2014-01-22 19:07 . 2012-12-28 16:53 85832 ----a-w- c:\windows\system32\LMIinit.dll
.
.
(((((((((((((((((((((((((((((((((((((   Reg Loading Points   ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown 
REGEDIT4
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"POSStartUp"="start" [X]
"IMSS"="c:\program files\Intel\Intel® Management Engine Components\IMSS\PIconStartup.exe" [2012-02-21 133400]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2012-05-25 181568]
"Intuit SyncManager"="c:\program files\Common Files\Intuit\Sync\IntuitSyncManager.exe" [2012-10-26 2643320]
"AdobeAAMUpdater-1.0"="c:\program files\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe" [2012-09-20 444904]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2013-11-21 959904]
"Acrobat Assistant 8.0"="c:\program files\Adobe\Acrobat 11.0\Acrobat\Acrotray.exe" [2013-12-21 3478392]
"CnwiDeviceAgent"="c:\program files\Canon\imagePROGRAFStatusMonitor\cnwida.exe" [2013-05-17 66648]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2012-01-18 254696]
"LogMeIn GUI"="c:\program files\LogMeIn\x86\LogMeInSystray.exe" [2012-11-29 63048]
"BCSSync"="c:\program files\Microsoft Office\Office14\BCSSync.exe" [2010-03-13 91520]
"OfficeScanNT Monitor"="c:\program files\Trend Micro\OfficeScan Client\pccntmon.exe" [2013-01-25 1496656]
"VNT"="c:\program files\VNT\vntldr.exe" [2014-02-13 195536]
.
c:\documents and settings\Administrator\Start Menu\Programs\Startup\
EvernoteClipper.lnk - c:\program files\Evernote\Evernote\EvernoteClipper.exe [2013-7-23 1089888]
.
c:\documents and settings\All Users\Start Menu\Programs\Startup\
imagePROGRAF Status Monitor.lnk - c:\program files\Canon\imagePROGRAFStatusMonitor\cnwism.exe /w [2012-12-21 462936]
Intuit Data Protect.lnk - c:\program files\Common Files\Intuit\DataProtect\IntuitDataProtect.exe /Startup [2012-12-6 6186872]
QuickBooks Update Agent.lnk - c:\program files\Common Files\Intuit\QuickBooks\QBUpdate\qbupdate.exe [2012-12-6 1176464]
QuickBooks_Standard_21.lnk - c:\program files\Intuit\QuickBooks 2012\QBW32.EXE -silent [2012-12-6 1181584]
Task Complete!.lnk - c:\windows\Installer\{A40B873D-3C31-4831-A3A9-C24D82854936}\_B4081805E577118B335947.exe -min [2012-12-26 188478]
Windows Search.lnk - c:\program files\Windows Desktop Search\WindowsSearch.exe  /startup [2008-5-26 123904]
.
[HKEY_LOCAL_MACHINE\software\policies\microsoft\windows\windowsupdate\au]
"NoAutoUpdate"= 1 (0x1)
.
[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
"{56F9679E-7826-4C84-81F3-532071A8BCC5}"= "c:\program files\Windows Desktop Search\MSNLNamespaceMgr.dll" [2008-05-27 304128]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\GoToAssist]
2012-12-26 15:38 13672 ----a-w- c:\program files\Citrix\GoToAssist\822\g2awinlogon.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\LMIinit]
2014-01-22 19:07 85832 ----a-w- c:\windows\system32\LMIinit.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\TrendAntiVirus]
"DisableMonitoring"=dword:00000001
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\ISS\\Bin\\App\\TaskListener.exe"=
"c:\\Program Files\\MBE\\TaskMgr\\TaskComplete.exe"=
"c:\\Program Files\\MBE\\Mailbox Manager\\bin\\MBMApp.exe"=
"c:\\ISHIP\\OLP\\pss013\\cabbin\\ishipgatewayserver.exe"=
"\\??\\c:\\WINDOWS\\system32\\winlogon.exe"=
"c:\\Program Files\\ISS\\Bin\\App\\SendZControl.exe"=
"c:\\Program Files\\ISS\\Bin\\App\\RoyaltyReport.exe"=
"c:\\Program Files\\Canon\\imagePROGRAFStatusMonitor\\cnwism.exe"=
"c:\\Program Files\\Canon\\imagePROGRAFStatusMonitor\\cnwida.exe"=
"c:\\Program Files\\ISS\\Bin\\App\\StoreConfigMaint.exe"=
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"21112:TCP"= 21112:TCP:Trend Micro OfficeScan Listener
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\IcmpSettings]
"AllowInboundEchoRequest"= 1 (0x1)
.
R3 IFXTPM;IFXTPM;c:\windows\system32\drivers\ifxtpm.sys [7/23/2008 1:31 PM 44800]
R3 MEI;Intel® Management Engine Interface ;c:\windows\system32\drivers\HECI.sys [8/1/2012 6:09 PM 46080]
S2 Canon imagePROGRAF Status Monitor;Canon imagePROGRAF Status Monitor;c:\program files\Canon\imagePROGRAFStatusMonitor\cnwisam.exe -service --> c:\program files\Canon\imagePROGRAFStatusMonitor\cnwisam.exe -service [?]
S2 EFI ES1000;EFI ES1000;c:\program files\Common Files\EFI\EFI ES-1000 Service\ES1000Service.exe [12/21/2012 1:36 PM 11776]
S2 EFI License Manager;EFI License Manager;c:\program files\EFI\OFASQ\lmgrd.exe [12/21/2012 1:45 PM 1406800]
S2 Fiery Bridge Mailbox Synchronization;Fiery Bridge Mailbox Synchronization;c:\program files\Fiery\Applications3\Fiery Bridge\x86\MailboxSyncService.exe [12/21/2012 1:44 PM 114688]
S2 Intel® Capability Licensing Service Interface;Intel® Capability Licensing Service Interface;c:\program files\Intel\iCLS Client\HeciServer.exe [2/3/2012 12:25 AM 458464]
S2 Intel® PROSet Monitoring Service;Intel® PROSet Monitoring Service;c:\windows\system32\IPROSetMonitor.exe [8/1/2012 6:13 PM 132768]
S2 ISSERSRouterShim;ISS ERS Router Shim;c:\program files\ISS\Bin\App\ISSERSRouterShim.exe [4/12/2005 1:44 AM 8704]
S2 ISSStartServices;ISSStartServices;c:\program files\ISS\Bin\System\StartServices.exe [11/9/2004 5:20 PM 65536]
S2 jhi_service;Intel® Dynamic Application Loader Host Interface Service;c:\program files\Intel\Intel® Management Engine Components\DAL\Jhi_service.exe [8/1/2012 6:09 PM 161560]
S2 LMIGuardianSvc;LMIGuardianSvc;c:\program files\LogMeIn\x86\LMIGuardianSvc.exe [12/18/2012 10:32 AM 375120]
S2 LMIInfo;LogMeIn Kernel Information Provider;c:\program files\LogMeIn\x86\rainfo.sys [11/29/2012 12:56 PM 13624]
S2 MSSQL$MBE;MSSQL$MBE;c:\program files\Microsoft SQL Server\MSSQL$MBE\Binn\sqlservr.exe -sMBE --> c:\program files\Microsoft SQL Server\MSSQL$MBE\Binn\sqlservr.exe -sMBE [?]
S2 ofaApp;ofaApp;c:\program files\EFI\OFASQ\ofaApp.exe [12/21/2012 1:45 PM 2233856]
S2 QBVSS;QBIDPService;c:\program files\Common Files\Intuit\DataProtect\QBIDPService.exe [12/6/2011 7:40 AM 1248256]
S2 TMAdptrSvr;Trend Micro Adapter Service;c:\program files\Trend Micro\Core Protection Module\TMCPMAdapter.exe [2/5/2013 1:57 AM 1092880]
S2 tmevtmgr;tmevtmgr;c:\windows\system32\drivers\tmevtmgr.sys [5/16/2013 10:46 PM 62728]
S2 TmFilter;Trend Micro Filter;c:\program files\Trend Micro\OfficeScan Client\TmXpflt.sys [11/2/2012 4:29 PM 263968]
S2 TmPreFilter;Trend Micro PreFilter;c:\program files\Trend Micro\OfficeScan Client\TmPreflt.sys [11/2/2012 4:29 PM 36128]
S2 UNS;Intel® Management and Security Application User Notification Service;c:\program files\Intel\Intel® Management Engine Components\UNS\UNS.exe [8/1/2012 6:09 PM 363800]
S3 hasplms;Sentinel HASP License Manager;c:\windows\system32\hasplms.exe  -run --> c:\windows\system32\hasplms.exe  -run [?]
S3 IntcDAud;Intel® Display Audio;c:\windows\system32\drivers\IntcDAud.sys [8/1/2012 6:17 PM 270080]
S3 ISSLoader;ISSLoader;c:\program files\ISS\Bin\System\Service_Start.exe [3/4/2004 3:12 PM 57344]
S3 ISSMessaging;ISS Messaging Service;c:\program files\ISS Messaging\Bin\ISS.Messaging.Shell.NTService.exe [5/10/2006 6:17 PM 20480]
S3 ISSTracing;ISS Retail Trace Server;c:\program files\ISS Trace\Bin\ISSRetailTraceServer.exe [4/24/2006 4:38 PM 36864]
S3 ISSTracingMaint;ISS Trace File Maintenance;c:\program files\ISS Trace\Bin\ISSTraceFileMaintenance.exe [4/23/2004 5:15 PM 28672]
S3 ISSTracingMon;ISS Trace Monitor Host;c:\program files\ISS Trace\Bin\ISSTraceMonitorHost.exe [4/2/2004 6:56 PM 24576]
S3 MBE Service Host_Customer;MBE Service Host_Customer;c:\program files\MBE\Service Host\Mbe.Wcf.Services.Host.exe [8/12/2009 4:07 PM 32768]
S3 MBE Service Host_MBMService;MBE Service Host_MBMService;c:\program files\MBE\Service Host\Mbe.Wcf.Services.Host.exe [8/12/2009 4:07 PM 32768]
S3 RoxMediaDB10;RoxMediaDB10;c:\program files\Common Files\Roxio Shared\10.0\SharedCOM\RoxMediaDB10.exe [6/13/2009 10:13 AM 1120752]
S3 SQLAgent$MBE;SQLAgent$MBE;c:\program files\Microsoft SQL Server\MSSQL$MBE\Binn\sqlagent.EXE -i MBE --> c:\program files\Microsoft SQL Server\MSSQL$MBE\Binn\sqlagent.EXE -i MBE [?]
S3 TmProxy;OfficeScan NT Proxy Service;c:\program files\Trend Micro\OfficeScan Client\TmProxy.exe [8/8/2012 6:30 PM 689712]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
p2psvc REG_MULTI_SZ   p2psvc p2pimsvc p2pgasvc PNRPSvc
.
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{10880D85-AAD9-4558-ABDC-2AB1552D831F}]
2009-06-17 03:11 451872 ----a-w- c:\program files\Common Files\LightScribe\LSRunOnce.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{8A69D345-D564-463c-AFF1-A69D9E530F96}]
2014-04-10 17:50 1077576 ----a-w- c:\program files\Google\Chrome\Application\34.0.1847.116\Installer\chrmstp.exe
.
Contents of the 'Scheduled Tasks' folder
.
2014-04-10 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2012-09-18 11:30]
.
2014-04-10 c:\windows\Tasks\Auto HCM Batch Release.job
- c:\program files\iss\bin\app\BatchReleaseEODCheck.exe [2011-07-01 15:38]
.
2014-04-10 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2013-07-16 15:22]
.
2014-04-10 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2013-07-16 15:22]
.
2014-04-10 c:\windows\Tasks\ISS Daily Task.job
- c:\program files\iss\bin\app\ISSDailyScheduledTask.vbs [2006-11-09 21:26]
.
2014-04-10 c:\windows\Tasks\ISS Midday DB Log Backup.job
- c:\program files\ISS\Bin\App\MiddayLogBackup.vbs [2006-11-03 22:08]
.
2014-04-10 c:\windows\Tasks\MBE_Time_Synchronization.job
- c:\progra~1\MailBo~1\TimeSy~1\sync.bat [2005-06-24 17:21]
.
.
------- Supplementary Scan -------
.
uStart Page = about:blank
mStart Page = about:blank
uInternet Connection Wizard,ShellNext = wmplayer.exe //ICWLaunch
IE: Append Link Target to Existing PDF - c:\program files\Common Files\Adobe\Acrobat\WCIEActiveX\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
IE: Append to Existing PDF - c:\program files\Common Files\Adobe\Acrobat\WCIEActiveX\AcroIEFavClient.dll/AcroIEAppend.html
IE: Clip Image - c:\program files\Evernote\Evernote\\EvernoteIERes\Clip.html?clipAction=4
IE: Clip selection - c:\program files\Evernote\Evernote\\EvernoteIERes\Clip.html?clipAction=3
IE: Clip this page - c:\program files\Evernote\Evernote\\EvernoteIERes\Clip.html?clipAction=1
IE: Clip URL - c:\program files\Evernote\Evernote\\EvernoteIERes\Clip.html?clipAction=0
IE: Convert Link Target to Adobe PDF - c:\program files\Common Files\Adobe\Acrobat\WCIEActiveX\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
IE: Convert to Adobe PDF - c:\program files\Common Files\Adobe\Acrobat\WCIEActiveX\AcroIEFavClient.dll/AcroIECapture.html
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~3\Office14\EXCEL.EXE/3000
IE: New Note - c:\program files\Evernote\Evernote\\EvernoteIERes\NewNote.html
IE: Se&nd to OneNote - c:\progra~1\MICROS~3\Office14\ONBttnIE.dll/105
Trusted Zone: adobe.com
Trusted Zone: atdoner.com\mhc
Trusted Zone: hpeprintservice.com
Trusted Zone: iship.com
Trusted Zone: mbe.com
Trusted Zone: adobe.com
Trusted Zone: atdoner.com\mhc
Trusted Zone: hpeprintservice.com
Trusted Zone: iship.com
Trusted Zone: mbe.com
TCP: Interfaces\{993938FD-99B0-42FF-8158-B9D82041B8D9}: NameServer = 4.2.2.1,8.8.8.8
DPF: Microsoft XML Parser for Java - file:///C:/WINDOWS/Java/classes/xmldso.cab
DPF: {4392B188-CBA7-4CA8-A24F-31B378B3F4B5} - hxxps://iship.com/pss013081/cabbin/msi_axm.cab
DPF: {B25AB9F1-B8A2-4072-8964-00C7EDF99750} - hxxps://share.thecdmgroup.com/COM/MOVEitUploadWizard7.0.0.ocx
DPF: {D25A9538-F962-4501-9E68-D7C3DDECB148} - hxxp://12.219.81.160/template/xWebView2.cab
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2014-04-10 13:54
Windows 5.1.2600 Service Pack 3 NTFS
.
scanning hidden processes ...  
.
scanning hidden autostart entries ... 
.
scanning hidden files ...  
.
scan completed successfully
hidden files: 0
.
**************************************************************************
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_USERS\S-1-5-21-2410244668-621330714-2260601614-500\Software\Microsoft\Internet Explorer\User Preferences]
@Denied: (2) (Administrator)
"88D7D0879DAB32E14DE5B3A805A34F98AFF34F5977"=hex:01,00,00,00,d0,8c,9d,df,01,15,
   d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,2b,5c,90,5a,99,f0,79,45,90,dc,22,\
"2D53CFFC5C1A3DD2E97B7979AC2A92BD59BC839E81"=hex:01,00,00,00,d0,8c,9d,df,01,15,
   d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,6a,ea,42,02,7d,fc,67,4f,ae,32,a1,\
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil32_11_8_800_175_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
@="c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil32_11_8_800_175_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="IFlashBroker5"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
--------------------- DLLs Loaded Under Running Processes ---------------------
.
- - - - - - - > 'winlogon.exe'(756)
c:\program files\Citrix\GoToAssist\822\G2AWinLogon.dll
c:\windows\system32\LMIinit.dll
.
- - - - - - - > 'explorer.exe'(704)
c:\windows\system32\WININET.dll
.
Completion time: 2014-04-10  13:55:34
ComboFix-quarantined-files.txt  2014-04-10 18:55
ComboFix2.txt  2014-03-26 01:27
ComboFix3.txt  2013-09-05 21:09
.
Pre-Run: 207,192,502,272 bytes free
Post-Run: 207,223,590,912 bytes free
.
- - End Of File - - A2508B902EA2FA10C0163D964DFC9697


#12 RPMcMurphy

RPMcMurphy

    Bleeping *^#@%~


  • Malware Response Team
  • 3,970 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:09:45 PM

Posted 13 April 2014 - 09:39 AM

Please do this next:

icon11.gif   Please download AdwCleaner by Xplode and save to your Desktop.

  • Double click on AdwCleaner.exe to run the tool.
    Vista/Windows 7/8 users right-click and select Run As Administrator.
  • Click on the Scan button.
  • AdwCleaner will begin...be patient as the scan may take some time to complete.
  • After the scan has finished, click on the Report button...a logfile (AdwCleaner[R0].txt) will open in Notepad for review.
  • The contents of the log file may be confusing. Unless you see a program name that you know should not be removed, don't worry about it. If you see an entry you want to keep, let me know about it.
  • Copy and paste the contents of that logfile in your next reply.
  • A copy of all logfiles are saved in the C:\AdwCleaner folder which was created when running the tool.

icon11.gif Please download Malwarebytes Anti-Malware to your desktop.
  • Double-click mb3-setup-1878.1878-3.5.1.2522.exe and follow the prompts to install the program.
  • At the end, be sure a checkmark is placed next to the following:
    • Launch Malwarebytes Anti-Malware
    • A 14 day trial of the Premium features is pre-selected. You may deselect this if you wish, and it will not diminish the scanning and removal capabilities of the program.
  • Click Finish.
  • On the Dashboard, click the 'Update Now >>' link
  • After the update completes, click the 'Scan Now >>' button.
  • Or, on the Dashboard, click the Scan Now >> button.
  • If an update is available, click the Update Now button.
  • A Threat Scan will begin.
  • When the scan is complete, if there have been detections, click Apply Actions to allow MBAM to clean what was detected.
  • In most cases, a restart will be required.
  • Wait for the prompt to restart the computer to appear, then click on Yes.

Please include the following in your next post:
  • adwCleaner log
  • MBAM log


Threads are closed after 5 days of inactivity.

ASAP & UNITE Member


The help you receive here is free. If you wish to show your appreciation, then you may btn_donate_SM.gif


#13 RPMcMurphy

RPMcMurphy

    Bleeping *^#@%~


  • Malware Response Team
  • 3,970 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:09:45 PM

Posted 16 April 2014 - 10:20 AM

Due to the lack of feedback, this topic is now closed.

In the event you still have problems, please send me or any Moderator a Private Message and ask them to reopen this topic within the next 5 days.

Please include a link to your topic in the Private Message. Thank you.

Threads are closed after 5 days of inactivity.

ASAP & UNITE Member


The help you receive here is free. If you wish to show your appreciation, then you may btn_donate_SM.gif





0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users