Jump to content

ironcomputer

Honorary Members
  • Posts

    61
  • Joined

  • Last visited

Reputation

0 Neutral
  1. No threats found after running the ESET scan. I guess we're all good. I'll post again if I notice something out of the ordinary. Thank you for your help.
  2. GMER 2.1.19357 - http://www.gmer.net Rootkit scan 2014-10-07 11:09:57 Windows 6.1.7601 Service Pack 1 \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T0L0-0 SAMSUNG_HD322GJ rev.1AR10001 298.09GB Running: zb9rz5dh.exe; Driver: C:\Users\Tim\AppData\Local\Temp\pxldipow.sys ---- Devices - GMER 2.1 ---- AttachedDevice \FileSystem\fastfat \Fat fltmgr.sys ---- EOF - GMER 2.1 ---- 11:11:41.0209 0x2b2c TDSS rootkit removing tool 3.0.0.40 Jul 10 2014 12:37:58 11:11:44.0178 0x2b2c ============================================================ 11:11:44.0178 0x2b2c Current date / time: 2014/10/07 11:11:44.0178 11:11:44.0178 0x2b2c SystemInfo: 11:11:44.0178 0x2b2c 11:11:44.0178 0x2b2c OS Version: 6.1.7601 ServicePack: 1.0 11:11:44.0178 0x2b2c Product type: Workstation 11:11:44.0178 0x2b2c ComputerName: TSR 11:11:44.0178 0x2b2c UserName: Tim 11:11:44.0178 0x2b2c Windows directory: C:\Windows 11:11:44.0178 0x2b2c System windows directory: C:\Windows 11:11:44.0178 0x2b2c Processor architecture: Intel x86 11:11:44.0178 0x2b2c Number of processors: 2 11:11:44.0178 0x2b2c Page size: 0x1000 11:11:44.0178 0x2b2c Boot type: Normal boot 11:11:44.0178 0x2b2c ============================================================ 11:11:46.0274 0x2b2c KLMD registered as C:\Windows\system32\drivers\24209796.sys 11:11:46.0539 0x2b2c System UUID: {94A84F58-FFF1-144F-0E2D-6D68A3B31EEF} 11:11:47.0152 0x2b2c Drive \Device\Harddisk0\DR0 - Size: 0x4A85D56000 ( 298.09 Gb ), SectorSize: 0x200, Cylinders: 0x9801, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000050 11:11:47.0168 0x2b2c Drive \Device\Harddisk1\DR1 - Size: 0x3D800000 ( 0.96 Gb ), SectorSize: 0x200, Cylinders: 0x7D, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'W' 11:11:47.0183 0x2b2c Drive \Device\Harddisk2\DR2 - Size: 0x1E6C60000 ( 7.61 Gb ), SectorSize: 0x200, Cylinders: 0x3E0, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'W' 11:11:47.0183 0x2b2c ============================================================ 11:11:47.0183 0x2b2c \Device\Harddisk0\DR0: 11:11:47.0183 0x2b2c MBR partitions: 11:11:47.0183 0x2b2c \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x800, BlocksNum 0x32000 11:11:47.0183 0x2b2c \Device\Harddisk0\DR0\Partition2: MBR, Type 0x7, StartLBA 0x32800, BlocksNum 0x253FB800 11:11:47.0183 0x2b2c \Device\Harddisk1\DR1: 11:11:47.0183 0x2b2c MBR partitions: 11:11:47.0183 0x2b2c \Device\Harddisk1\DR1\Partition1: MBR, Type 0xE, StartLBA 0x20, BlocksNum 0x1EBFE0 11:11:47.0183 0x2b2c \Device\Harddisk2\DR2: 11:11:47.0183 0x2b2c MBR partitions: 11:11:47.0183 0x2b2c \Device\Harddisk2\DR2\Partition1: MBR, Type 0xC, StartLBA 0x38, BlocksNum 0xF362C8 11:11:47.0183 0x2b2c ============================================================ 11:11:47.0199 0x2b2c C: <-> \Device\Harddisk0\DR0\Partition2 11:11:47.0215 0x2b2c ============================================================ 11:11:47.0215 0x2b2c Initialize success 11:11:47.0215 0x2b2c ============================================================ 11:12:15.0398 0x2a78 ============================================================ 11:12:15.0398 0x2a78 Scan started 11:12:15.0398 0x2a78 Mode: Manual; 11:12:15.0398 0x2a78 ============================================================ 11:12:15.0398 0x2a78 KSN ping started 11:12:18.0243 0x2a78 KSN ping finished: true 11:12:19.0152 0x2a78 ================ Scan system memory ======================== 11:12:19.0152 0x2a78 System memory - ok 11:12:19.0152 0x2a78 ================ Scan services ============================= 11:12:19.0262 0x2a78 [ 1B133875B8AA8AC48969BD3458AFE9F5, 01753BDD47F3F9BC0E0D23A069B9C56D4AE6A6B6295BC19B95AE245D25B12744 ] 1394ohci C:\Windows\system32\drivers\1394ohci.sys 11:12:19.0277 0x2a78 1394ohci - ok 11:12:19.0324 0x2a78 [ CEA80C80BED809AA0DA6FEBC04733349, AE69C142DC2210A4AE657C23CEA4A6E7CB32C4F4EBA039414123CAC52157509B ] ACPI C:\Windows\system32\drivers\ACPI.sys 11:12:19.0324 0x2a78 ACPI - ok 11:12:19.0340 0x2a78 [ 1EFBC664ABFF416D1D07DB115DCB264F, BF94D069D692140B792DBF4FD3CB0127D27C26CC5BFB6B0C28A8B6346767EE58 ] AcpiPmi C:\Windows\system32\drivers\acpipmi.sys 11:12:19.0340 0x2a78 AcpiPmi - ok 11:12:19.0433 0x2a78 [ C5679E5186B2FC95BC76A8A9870D5456, 70AC61850B811A0A902532F098AE1D5DF4622455E56C78B89D4ABDBE4A061A48 ] AdobeARMservice C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe 11:12:19.0433 0x2a78 AdobeARMservice - ok 11:12:19.0511 0x2a78 [ 4ECFCAAE5CB380F58934F0DCF5F64E7F, D82B37E57D93484D7A3CB65470BCD54A578A695F0203A8DD441B1348C1EEA751 ] AdobeFlashPlayerUpdateSvc C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe 11:12:19.0511 0x2a78 AdobeFlashPlayerUpdateSvc - ok 11:12:19.0574 0x2a78 [ 21E785EBD7DC90A06391141AAC7892FB, A2D3D764C5E6DC0AD5AAF48485FFB8B121D2A40DC08ECF2D2CB92278A1002B25 ] adp94xx C:\Windows\system32\drivers\adp94xx.sys 11:12:19.0589 0x2a78 adp94xx - ok 11:12:19.0605 0x2a78 [ 0C676BC278D5B59FF5ABD57BBE9123F2, 339E8A433D186BAAB6FCB44C82CC9FB6FCD63C87981449494CBEB2072CB6B7BB ] adpahci C:\Windows\system32\drivers\adpahci.sys 11:12:19.0605 0x2a78 adpahci - ok 11:12:19.0636 0x2a78 [ 7C7B5EE4B7B822EC85321FE23A27DB33, A934AFB71D439555E6376DA9B34F82E8D39A300A4547BE9AC9311F6A3C36270C ] adpu320 C:\Windows\system32\drivers\adpu320.sys 11:12:19.0652 0x2a78 adpu320 - ok 11:12:19.0667 0x2a78 [ 8B5EEFEEC1E6D1A72A06C526628AD161, 026CDF4C96F4D493E7BABF79A14C4B0B5ADCCEF0B081FFFA2E3B243B2414167F ] AeLookupSvc C:\Windows\System32\aelupsvc.dll 11:12:19.0667 0x2a78 AeLookupSvc - ok 11:12:19.0730 0x2a78 [ D0B388DA1D111A34366E04EB4A5DD156, 60D226F027F4025CC032CAFF73A80FAFB5FA75445654FDCF80CA8C0419C6E938 ] AFD C:\Windows\system32\drivers\afd.sys 11:12:19.0745 0x2a78 AFD - ok 11:12:19.0761 0x2a78 [ 507812C3054C21CEF746B6EE3D04DD6E, D7E59350AC338AD229E3D10C76E32AE16D120311B263714A9CD94AB538633B0E ] agp440 C:\Windows\system32\drivers\agp440.sys 11:12:19.0761 0x2a78 agp440 - ok 11:12:19.0808 0x2a78 [ 8B30250D573A8F6B4BD23195160D8707, 64EC289AFCD63D84EAFD9D81C50D0A77BCC79A1EFF32C50B2776BB0C0151757D ] aic78xx C:\Windows\system32\drivers\djsvs.sys 11:12:19.0808 0x2a78 aic78xx - ok 11:12:19.0823 0x2a78 [ 18A54E132947CD98FEA9ACCC57F98F13, 9D39AF972785E49F0DD12C4BAEF39A79CD69F098886BF152AF1B7CCE2E902115 ] ALG C:\Windows\System32\alg.exe 11:12:19.0839 0x2a78 ALG - ok 11:12:19.0870 0x2a78 [ 0D40BCF52EA90FC7DF2AEAB6503DEA44, 1D1AA8F50935D976C29DE7A84708CADBBBDD936F0DD2C059E820F0D21367B3B6 ] aliide C:\Windows\system32\drivers\aliide.sys 11:12:19.0870 0x2a78 aliide - ok 11:12:19.0901 0x2a78 [ 3C6600A0696E90A463771C7422E23AB5, 370B33DC1C25B981628A318BAE434A78A5F0A0DA93C2896DC7A3D7B87AE1A5E7 ] amdagp C:\Windows\system32\drivers\amdagp.sys 11:12:19.0901 0x2a78 amdagp - ok 11:12:19.0917 0x2a78 [ CD5914170297126B6266860198D1D4F0, 2239FCBD1A7EC27CE4F10DA36AE6BD6CCB87E5128C82CA71B84BFE5AF5602A60 ] amdide C:\Windows\system32\drivers\amdide.sys 11:12:19.0917 0x2a78 amdide - ok 11:12:19.0948 0x2a78 [ 00DDA200D71BAC534BF56A9DB5DFD666, CA316B1FFD85BA1CF8664B3229DA1F238A5341E016059F7ED89702324CFD124B ] AmdK8 C:\Windows\system32\drivers\amdk8.sys 11:12:19.0948 0x2a78 AmdK8 - ok 11:12:19.0964 0x2a78 [ 3CBF30F5370FDA40DD3E87DF38EA53B6, 7EACF1743367BE805357B6FD10F8F99E9B1C301FE3782D77719347B13DFA65EC ] AmdPPM C:\Windows\system32\drivers\amdppm.sys 11:12:19.0964 0x2a78 AmdPPM - ok 11:12:19.0995 0x2a78 [ D320BF87125326F996D4904FE24300FC, F767D8C5C58D57202905D829F7AE1B1FF33937F407FDCE4C90E32A6638F27416 ] amdsata C:\Windows\system32\drivers\amdsata.sys 11:12:19.0995 0x2a78 amdsata - ok 11:12:20.0026 0x2a78 [ EA43AF0C423FF267355F74E7A53BDABA, 3F1335909AB0281A2FBDD7AD90E18309E091656CD32B48894B992789D8C61DB4 ] amdsbs C:\Windows\system32\drivers\amdsbs.sys 11:12:20.0026 0x2a78 amdsbs - ok 11:12:20.0042 0x2a78 [ 46387FB17B086D16DEA267D5BE23A2F2, 8B8AC61B91F154B4EB5CC6DECB5FCCEBA8B42EFE94859947136AD06681EA8ED0 ] amdxata C:\Windows\system32\drivers\amdxata.sys 11:12:20.0057 0x2a78 amdxata - ok 11:12:20.0073 0x2a78 [ AEA177F783E20150ACE5383EE368DA19, 8FA9EE27AA1F22E8B8FE33A21028CA1E0062BAA95CB132C20D55B98C03B4254F ] AppID C:\Windows\system32\drivers\appid.sys 11:12:20.0073 0x2a78 AppID - ok 11:12:20.0088 0x2a78 [ 62A9C86CB6085E20DB4823E4E97826F5, E0F840B49710022C4FB437002AD06F64B0F6B5D628B32D00F2B66765E6B97E4B ] AppIDSvc C:\Windows\System32\appidsvc.dll 11:12:20.0088 0x2a78 AppIDSvc - ok 11:12:20.0151 0x2a78 [ EACFDF31921F51C097629F1F3C9129B4, 24138755D823E69760579ECBD672421192457CDC9941B2BC499C2D34D83E86C3 ] Appinfo C:\Windows\System32\appinfo.dll 11:12:20.0151 0x2a78 Appinfo - ok 11:12:20.0182 0x2a78 [ 2932004F49677BD84DBC72EDB754FFB3, 73F84582244AC53994A2F4499A119B4A84A6BF7FD3046C29A8080C763DE540B8 ] arc C:\Windows\system32\drivers\arc.sys 11:12:20.0182 0x2a78 arc - ok 11:12:20.0198 0x2a78 [ 5D6F36C46FD283AE1B57BD2E9FEB0BC7, F7C9C3B4F2C816F57A43B2921672858C291054220BADE291044343778216F6BA ] arcsas C:\Windows\system32\drivers\arcsas.sys 11:12:20.0213 0x2a78 arcsas - ok 11:12:20.0307 0x2a78 [ 9D768C43FEF254DD50B1DBF8AD5C4C0B, A50854EA5C08605133B8BB4DFDC6090357C5665314AA72E0BFA1E07D4E451F09 ] aspnet_state C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_state.exe 11:12:20.0307 0x2a78 aspnet_state - ok 11:12:20.0338 0x2a78 [ ADD2ADE1C2B285AB8378D2DAAF991481, 7965A705F37924C0EC7A934E64E89C5DF4069816E2EEA3509E0AC90F78910519 ] AsyncMac C:\Windows\system32\DRIVERS\asyncmac.sys 11:12:20.0338 0x2a78 AsyncMac - ok 11:12:20.0354 0x2a78 [ 338C86357871C167A96AB976519BF59E, F28CC534523D1701B0552F5D7E18E88369C4218BDB1F69110C3E31D395884AD6 ] atapi C:\Windows\system32\drivers\atapi.sys 11:12:20.0354 0x2a78 atapi - ok 11:12:20.0416 0x2a78 [ CE3B4E731638D2EF62FCB419BE0D39F0, 3B98179CB0101778D9E7810D2CD46D9C0D7120E141BA11471666E7D9EB3C93CC ] AudioEndpointBuilder C:\Windows\System32\Audiosrv.dll 11:12:20.0432 0x2a78 AudioEndpointBuilder - ok 11:12:20.0447 0x2a78 [ CE3B4E731638D2EF62FCB419BE0D39F0, 3B98179CB0101778D9E7810D2CD46D9C0D7120E141BA11471666E7D9EB3C93CC ] Audiosrv C:\Windows\System32\Audiosrv.dll 11:12:20.0463 0x2a78 Audiosrv - ok 11:12:20.0478 0x2a78 [ 6E30D02AAC9CAC84F421622E3A2F6178, 229DC527C1D6C778BCA2C855A2A6F6D2C4B0F4F6DE56C886B3AAD26E3347952C ] AxInstSV C:\Windows\System32\AxInstSV.dll 11:12:20.0478 0x2a78 AxInstSV - ok 11:12:20.0510 0x2a78 [ 1A231ABEC60FD316EC54C66715543CEC, 09E2897BA80737997A286EA5408C03DD3CC0EBACD24CB391C2455B6D4BE7D67E ] b06bdrv C:\Windows\system32\drivers\bxvbdx.sys 11:12:20.0525 0x2a78 b06bdrv - ok 11:12:20.0556 0x2a78 [ BD8869EB9CDE6BBE4508D869929869EE, F4363A12EBFDBB89C69FD59B22F9EE05BADA07D477A1DF2DE01F59D6EE496543 ] b57nd60x C:\Windows\system32\DRIVERS\b57nd60x.sys 11:12:20.0572 0x2a78 b57nd60x - ok 11:12:20.0593 0x2a78 [ EE1E9C3BB8228AE423DD38DB69128E71, ED54FD9795F3A4D32F02BED6052AD9404409A05644CDBEBFF19C662D104DA95A ] BDESVC C:\Windows\System32\bdesvc.dll 11:12:20.0593 0x2a78 BDESVC - ok 11:12:20.0608 0x2a78 [ 505506526A9D467307B3C393DEDAF858, 8AD6F1492E357F57CF42261497BA29122045D4FC0DCC9669AA5AC9B2A4BABFA4 ] Beep C:\Windows\system32\drivers\Beep.sys 11:12:20.0608 0x2a78 Beep - ok 11:12:20.0639 0x2a78 [ 1E2BAC209D184BB851E1A187D8A29136, 53933C938DA5126986FFF2918C1F522ABE93ABAB460AE32E4453161C2F7B68DF ] BFE C:\Windows\System32\bfe.dll 11:12:20.0639 0x2a78 BFE - ok 11:12:20.0671 0x2a78 [ E585445D5021971FAE10393F0F1C3961, 178C008A9A0A6BFDA65EB0B98C510271360AD4474F22F13594F5EB60AA4E1CF5 ] BITS C:\Windows\System32\qmgr.dll 11:12:20.0686 0x2a78 BITS - ok 11:12:20.0795 0x2a78 [ 6E984D17526995C8FA9B65FFCE324A63, AFAB5004C333F90AC13769701D253F65EAE23D5B277DAD9C6EA8AF658374B48D ] BlackBerry Device Manager C:\Program Files\Common Files\Research In Motion\USB Drivers\BbDevMgr.exe 11:12:20.0827 0x2a78 BlackBerry Device Manager - ok 11:12:20.0827 0x2a78 [ 2287078ED48FCFC477B05B20CF38F36F, 55BCA6174E6034A8D61CBE4126B2F1989F6052BFA624BEA9C0A0A664AEC74521 ] blbdrive C:\Windows\system32\DRIVERS\blbdrive.sys 11:12:20.0827 0x2a78 blbdrive - ok 11:12:20.0873 0x2a78 [ 8F2DA3028D5FCBD1A060A3DE64CD6506, E234672E9CFE1A95AD2E78E306E41E010B870221E6EBBC0E2B0BE2FA5CE0CD76 ] bowser C:\Windows\system32\DRIVERS\bowser.sys 11:12:20.0873 0x2a78 bowser - ok 11:12:20.0889 0x2a78 [ 9F9ACC7F7CCDE8A15C282D3F88B43309, A9131334BD9CF8FD60BA9D54AA054E2DF2BE1219FB650DF1464F2787BDEAE98F ] BrFiltLo C:\Windows\system32\drivers\BrFiltLo.sys 11:12:20.0889 0x2a78 BrFiltLo - ok 11:12:20.0905 0x2a78 [ 56801AD62213A41F6497F96DEE83755A, 0DEB8318FB47DF6473C171C795C735E26A73FA12232876C6856549EA16F33361 ] BrFiltUp C:\Windows\system32\drivers\BrFiltUp.sys 11:12:20.0905 0x2a78 BrFiltUp - ok 11:12:20.0936 0x2a78 [ 77361D72A04F18809D0EFB6CCEB74D4B, 55E7DB65BB29FF421F138CDFF05E5ECFFC7C8862FAA68F6179A3BA9D6B69AE64 ] BridgeMP C:\Windows\system32\DRIVERS\bridge.sys 11:12:20.0936 0x2a78 BridgeMP - ok 11:12:20.0983 0x2a78 [ 3DAA727B5B0A45039B0E1C9A211B8400, 903B51E75F0C503A0E255120F53BF51B047B219FEC1E15F2F1D02DDD562FC73B ] Browser C:\Windows\System32\browser.dll 11:12:20.0983 0x2a78 Browser - ok 11:12:21.0014 0x2a78 [ 845B8CE732E67F3B4133164868C666EA, 9309B094CD9B5EBC46295A5EB806BED472C3CEDE3B5F6F497EBDABA496A2A27F ] Brserid C:\Windows\System32\Drivers\Brserid.sys 11:12:21.0029 0x2a78 Brserid - ok 11:12:21.0045 0x2a78 [ 203F0B1E73ADADBBB7B7B1FABD901F6B, 782FA7B26940FE479C49C9BAA2EB582CDAAAD607013E9BCFC85E6FBBB7D49A6D ] BrSerWdm C:\Windows\System32\Drivers\BrSerWdm.sys 11:12:21.0045 0x2a78 BrSerWdm - ok 11:12:21.0061 0x2a78 [ BD456606156BA17E60A04E18016AE54B, DFBDC9DA6A3EA40BACFF204BC6C55C2C122B5885D2CBF6D45054DE43EE15EC4D ] BrUsbMdm C:\Windows\System32\Drivers\BrUsbMdm.sys 11:12:21.0061 0x2a78 BrUsbMdm - ok 11:12:21.0076 0x2a78 [ AF72ED54503F717A43268B3CC5FAEC2E, 4A638669B0C30B1BDED242A8BF2015A37749570FF4D67D190BACC8D7E0C44468 ] BrUsbSer C:\Windows\System32\Drivers\BrUsbSer.sys 11:12:21.0092 0x2a78 BrUsbSer - ok 11:12:21.0107 0x2a78 [ ED3DF7C56CE0084EB2034432FC56565A, B5B75E002E7BC0209582C635CCCA26DB569BDB23C33A126634E00C6434BF941B ] BTHMODEM C:\Windows\system32\drivers\bthmodem.sys 11:12:21.0107 0x2a78 BTHMODEM - ok 11:12:21.0139 0x2a78 [ 1DF19C96EEF6C29D1C3E1A8678E07190, 1F4BB161FF3A1C5B1465BB52F3520FEDB7ACB1FAA132466F07D16DB8E394AEA5 ] bthserv C:\Windows\system32\bthserv.dll 11:12:21.0139 0x2a78 bthserv - ok 11:12:21.0170 0x2a78 [ 77EA11B065E0A8AB902D78145CA51E10, 160EB3BBE9E5F3CC4A02584E6F2576A812C7565B940D74838B983F1EE51FA73A ] cdfs C:\Windows\system32\DRIVERS\cdfs.sys 11:12:21.0170 0x2a78 cdfs - ok 11:12:21.0217 0x2a78 [ BE167ED0FDB9C1FA1133953C18D5A6C9, E26A851CA13E7300F977E5B20FA5D25FD0E1442AB6AD5DB58BBDB2DAAD87027C ] cdrom C:\Windows\system32\DRIVERS\cdrom.sys 11:12:21.0232 0x2a78 cdrom - ok 11:12:21.0263 0x2a78 [ 319C6B309773D063541D01DF8AC6F55F, 182F392FE839499D159A30A3CD04B5D0C87219930BFB1A7456880B7DA75B9820 ] CertPropSvc C:\Windows\System32\certprop.dll 11:12:21.0263 0x2a78 CertPropSvc - ok 11:12:21.0279 0x2a78 [ 3FE3FE94A34DF6FB06E6418D0F6A0060, 6B3A2A26609A75B690D4C0B3059E40822F3B3DB08943F58EC496BABDA7D0A735 ] circlass C:\Windows\system32\drivers\circlass.sys 11:12:21.0279 0x2a78 circlass - ok 11:12:21.0295 0x2a78 [ 635181E0E9BBF16871BF5380D71DB02D, 58D5150C6F3B9F1730FFDF3A8A2ABF5FF207F9785BD66C0C1E03A0F1C223A26A ] CLFS C:\Windows\system32\CLFS.sys 11:12:21.0310 0x2a78 CLFS - ok 11:12:21.0357 0x2a78 [ F13EC8A783E0CB0D6DC26A3CA848B7B8, 0809E3B71709F1343086EEB6C820543C1A7119E74EEF8AC1AEE1F81093ABEC66 ] clr_optimization_v2.0.50727_32 C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe 11:12:21.0357 0x2a78 clr_optimization_v2.0.50727_32 - ok 11:12:21.0419 0x2a78 [ E87213F37A13E2B54391E40934F071D0, 7EB221127EFB5BF158FB03D18EFDA2C55FB6CE3D1A1FE69C01D70DBED02C87E5 ] clr_optimization_v4.0.30319_32 C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe 11:12:21.0419 0x2a78 clr_optimization_v4.0.30319_32 - ok 11:12:21.0435 0x2a78 [ DEA805815E587DAD1DD2C502220B5616, 2D6A7668C95352B818F5EC59FF462894935833D34190257DA9CAC7E67FD3631C ] CmBatt C:\Windows\system32\drivers\CmBatt.sys 11:12:21.0435 0x2a78 CmBatt - ok 11:12:21.0482 0x2a78 [ C537B1DB64D495B9B4717B4D6D9EDBF2, 400EEFE662DE117C9CC956E4CBD5E98F28F962E7447CD93E8A78FDD8CA39EB4B ] cmdide C:\Windows\system32\drivers\cmdide.sys 11:12:21.0482 0x2a78 cmdide - ok 11:12:21.0544 0x2a78 [ 85449EEBE8F8EBD6481EFBF0F352B4EB, E6FF04970C5A5BFDE7297A86C1C7B9BFE2E0F976A1A1AFB874CEB488DC6151CC ] CNG C:\Windows\system32\Drivers\cng.sys 11:12:21.0544 0x2a78 CNG - ok 11:12:21.0560 0x2a78 [ A6023D3823C37043986713F118A89BEE, FAC239A7FA6251C7EDFFA34B4BAE3910B8BC0BD4A3574B6DB6931A8D691E207B ] Compbatt C:\Windows\system32\drivers\compbatt.sys 11:12:21.0560 0x2a78 Compbatt - ok 11:12:21.0575 0x2a78 [ CBE8C58A8579CFE5FCCF809E6F114E89, AC083A1C649EBA18C59FCC1772D0784B10E2B8C63094E3C14388E147DBC3F6DF ] CompositeBus C:\Windows\system32\DRIVERS\CompositeBus.sys 11:12:21.0575 0x2a78 CompositeBus - ok 11:12:21.0591 0x2a78 COMSysApp - ok 11:12:21.0607 0x2a78 [ 2C4EBCFC84A9B44F209DFF6C6E6C61D1, 6FC323217D82EF661BA0E3F949B61B05BB5235D1A69C81D24876C2153FAECEF6 ] crcdisk C:\Windows\system32\drivers\crcdisk.sys 11:12:21.0607 0x2a78 crcdisk - ok 11:12:21.0669 0x2a78 [ 7CA1BECEA5DE2643ADDAD32670E7A4C9, E3AB4CC52A97E3855D7EAB87363F807FDD2162ED8C76A036CD71549ED64E7797 ] CryptSvc C:\Windows\system32\cryptsvc.dll 11:12:21.0669 0x2a78 CryptSvc - ok 11:12:21.0716 0x2a78 [ 7660F01D3B38ACA1747E397D21D790AF, 04611B43705C064C2A8331F6D3F8E4530295694AE2C3E3EC3F62CFF4A5EFA88D ] DcomLaunch C:\Windows\system32\rpcss.dll 11:12:21.0731 0x2a78 DcomLaunch - ok 11:12:21.0763 0x2a78 [ 8D6E10A2D9A5EED59562D9B82CF804E1, 888F9650F4E872BA8F4E0C27E38A6672A561042B17EBA40E306A22357965B0AD ] defragsvc C:\Windows\System32\defragsvc.dll 11:12:21.0763 0x2a78 defragsvc - ok 11:12:21.0794 0x2a78 [ F024449C97EC1E464AAFFDA18593DB88, 7EF1E241892E098A472BCA14C724DFF1AACCF190954AF1C4A38B6D542CC74BD2 ] DfsC C:\Windows\system32\Drivers\dfsc.sys 11:12:21.0794 0x2a78 DfsC - ok 11:12:21.0825 0x2a78 [ 770471DE2550820FEEB7E5D24BF2E273, 8936056EBDED36F0ABA5889031CBB0F06428CE52A68FF215221819DF85C6D52E ] DgiVecp C:\Windows\system32\Drivers\DgiVecp.sys 11:12:21.0825 0x2a78 DgiVecp - ok 11:12:21.0841 0x2a78 [ E9E01EB683C132F7FA27CD607B8A2B63, 4D9037B458C522874619143A4176BCED42472C68933E6E83D37B67242706F3C4 ] Dhcp C:\Windows\system32\dhcpcore.dll 11:12:21.0856 0x2a78 Dhcp - ok 11:12:21.0872 0x2a78 [ 1A050B0274BFB3890703D490F330C0DA, 79D74F4679A2EE040FAAF4D0392A9311239A10A5F8A5CCB48656C6F89B6D62FB ] discache C:\Windows\system32\drivers\discache.sys 11:12:21.0872 0x2a78 discache - ok 11:12:21.0887 0x2a78 [ 565003F326F99802E68CA78F2A68E9FF, ABC42B24DBA4FFC411120E09278EF26AF56CCAB463B69B4BD6C530B4A07063D2 ] Disk C:\Windows\system32\drivers\disk.sys 11:12:21.0903 0x2a78 Disk - ok 11:12:21.0934 0x2a78 [ 33EF4861F19A0736B11314AAD9AE28D0, 4C4B84365D85758E3263B88F157D8B086B392C6F1EA5F0F3DB6BF87EF90248EC ] Dnscache C:\Windows\System32\dnsrslvr.dll 11:12:21.0934 0x2a78 Dnscache - ok 11:12:21.0965 0x2a78 [ 366BA8FB4B7BB7435E3B9EACB3843F67, 65B7C61ACF34F1F0149045AA9E09A3F917A927963237A385A914D0B80551DC31 ] dot3svc C:\Windows\System32\dot3svc.dll 11:12:21.0981 0x2a78 dot3svc - ok 11:12:22.0012 0x2a78 [ 8EC04CA86F1D68DA9E11952EB85973D6, 2E3FBC2D683D1274E8BC45EEEA87D43B77EDDCAAF0D453296D9FDA6B9D717071 ] DPS C:\Windows\system32\dps.dll 11:12:22.0012 0x2a78 DPS - ok 11:12:22.0075 0x2a78 [ B918E7C5F9BF77202F89E1A9539F2EB4, C589A37DE50BBEF22E2DAA9682EA43147F614AA1AF7DAAA942BA5FC192313A0B ] drmkaud C:\Windows\system32\drivers\drmkaud.sys 11:12:22.0075 0x2a78 drmkaud - ok 11:12:22.0153 0x2a78 [ 3583A5A8CC2E682BFFBD4630D0FEC08B, FD0F184B358FCECAA763444B414074BEF4E871EB7527D88385519FC158435C72 ] DXGKrnl C:\Windows\System32\drivers\dxgkrnl.sys 11:12:22.0168 0x2a78 DXGKrnl - ok 11:12:22.0184 0x2a78 [ 8600142FA91C1B96367D3300AD0F3F3A, 5713625E27DF11FAAFDA7AC79899A6AD813166E167088FA990EC5DE87DBE83DF ] EapHost C:\Windows\System32\eapsvc.dll 11:12:22.0184 0x2a78 EapHost - ok 11:12:22.0293 0x2a78 [ 024E1B5CAC09731E4D868E64DBFB4AB0, AB0826A74BBEE5B7A1B035861B665C79BC98305CFC7D82BEF420558FBD3EE994 ] ebdrv C:\Windows\system32\drivers\evbdx.sys 11:12:22.0355 0x2a78 ebdrv - ok 11:12:22.0402 0x2a78 [ DD17E1573651293D4ED31053795B3471, 94F7D1BB1C3B0C1FAAEED07375DB0F3BC995394FB5C26983548D946C8D229D54 ] EFS C:\Windows\System32\lsass.exe 11:12:22.0402 0x2a78 EFS - ok 11:12:22.0465 0x2a78 [ A8C362018EFC87BEB013EE28F29C0863, 07971C681FBD391C0BA0172618AF8AD77520182207F1C57F134B34D6A113857F ] ehRecvr C:\Windows\ehome\ehRecvr.exe 11:12:22.0480 0x2a78 ehRecvr - ok 11:12:22.0496 0x2a78 [ D389BFF34F80CAEDE417BF9D1507996A, 12859B9925D7A4631DE61A820922F43F56ED23C2AF014CBF36322685E5CF641E ] ehSched C:\Windows\ehome\ehsched.exe 11:12:22.0496 0x2a78 ehSched - ok 11:12:22.0527 0x2a78 [ 0ED67910C8C326796FAA00B2BF6D9D3C, 97FAA7627A162B0AEC15545E0165D13355D535B4157604BB87F8EEB72ECD24A8 ] elxstor C:\Windows\system32\drivers\elxstor.sys 11:12:22.0543 0x2a78 elxstor - ok 11:12:22.0558 0x2a78 [ 8FC3208352DD3912C94367A206AB3F11, 69B65C12BDADD4B730508674B1B77C5496612B4ACCC447DB9AFE49ADEA8CBF02 ] ErrDev C:\Windows\system32\drivers\errdev.sys 11:12:22.0558 0x2a78 ErrDev - ok 11:12:22.0610 0x2a78 [ F6916EFC29D9953D5D0DF06882AE8E16, ED41893960018D5EC2F7829B1DE4B6967D9FD074D60B11B9EB854E3E0948EC24 ] EventSystem C:\Windows\system32\es.dll 11:12:22.0610 0x2a78 EventSystem - ok 11:12:22.0626 0x2a78 [ 2DC9108D74081149CC8B651D3A26207F, 75CB47923A867DDAC512701CE71DFCFC340FC3A2E27F4255D0836A1FBC463176 ] exfat C:\Windows\system32\drivers\exfat.sys 11:12:22.0641 0x2a78 exfat - ok 11:12:22.0657 0x2a78 [ 7E0AB74553476622FB6AE36F73D97D35, 41463A255FDA1D550B3385EC7C73ABC343B1BBBE9CEE4DF9F2A8B3E7338C4947 ] fastfat C:\Windows\system32\drivers\fastfat.sys 11:12:22.0657 0x2a78 fastfat - ok 11:12:22.0688 0x2a78 [ 967EA5B213E9984CBE270205DF37755B, 43153E23210B03FAE16897D62D55B8742F834EDC695F8401EAB5DE307F62602D ] Fax C:\Windows\system32\fxssvc.exe 11:12:22.0688 0x2a78 Fax - ok 11:12:22.0704 0x2a78 [ E817A017F82DF2A1F8CFDBDA29388B29, 4CC9320A21E6FEA2D16C48D6BEA14391B695BD541A3C5FDDAEEE086A414FC837 ] fdc C:\Windows\system32\drivers\fdc.sys 11:12:22.0704 0x2a78 fdc - ok 11:12:22.0719 0x2a78 [ F3222C893BD2F5821A0179E5C71E88FB, A85B947249DBB986358CCD4B158DD58A9301F074F3C6CCCDEF2D01F432E59D1B ] fdPHost C:\Windows\system32\fdPHost.dll 11:12:22.0719 0x2a78 fdPHost - ok 11:12:22.0735 0x2a78 [ 7DBE8CBFE79EFBDEB98C9FB08D3A9A5B, 0E76C29D2A974A3F2FBFCB63D066D4136B78E02F6B1F579B1865CA7A76193987 ] FDResPub C:\Windows\system32\fdrespub.dll 11:12:22.0735 0x2a78 FDResPub - ok 11:12:22.0891 0x2a78 [ 49E2E2C62D1A8FDEA2DDFF1778190FE3, 6D6FDABA9EE723EB63433AA0265A1931137FB0971D78B478BA33FD26A502940A ] File Backup C:\Program Files\Workspace\offSyncService.exe 11:12:22.0906 0x2a78 File Backup - ok 11:12:22.0938 0x2a78 [ 6CF00369C97F3CF563BE99BE983D13D8, F65F35324A2FB9DFB533B1C4D089D990CC242218FE83414329D07B786D8EFF33 ] FileInfo C:\Windows\system32\drivers\fileinfo.sys 11:12:22.0938 0x2a78 FileInfo - ok 11:12:22.0953 0x2a78 [ 42C51DC94C91DA21CB9196EB64C45DB9, 388C68D12ECC8FFE3116FEAAF4DB7B80CF4A3F97E935788DD21C6ADE2369F635 ] Filetrace C:\Windows\system32\drivers\filetrace.sys 11:12:22.0953 0x2a78 Filetrace - ok 11:12:22.0953 0x2a78 [ 87907AA70CB3C56600F1C2FB8841579B, CA1CD82A1CD453617CE5EA431A1836997F14E3580554E8A516D9FE1E9926D979 ] flpydisk C:\Windows\system32\drivers\flpydisk.sys 11:12:22.0953 0x2a78 flpydisk - ok 11:12:22.0984 0x2a78 [ 7520EC808E0C35E0EE6F841294316653, 6EC65511B4838A7172A8F89E35C2F9DF4F0BFCE3BE12EDA790F3EB567102FF67 ] FltMgr C:\Windows\system32\drivers\fltmgr.sys 11:12:22.0984 0x2a78 FltMgr - ok 11:12:23.0031 0x2a78 [ E12C4928B32ACE04610259647F072635, B71B9C2DF45F33C4DAC88435129B08B0BCDBBE82E8C3AD0A95F00137CC8B619F ] FontCache C:\Windows\system32\FntCache.dll 11:12:23.0047 0x2a78 FontCache - ok 11:12:23.0109 0x2a78 [ E56F39F6B7FDA0AC77A79B0FD3DE1A2F, DBED26852B99B362152DA9CD4F31A1883EF6F9B496F3CF3772A197BA72DB61DA ] FontCache3.0.0.0 C:\Windows\Microsoft.Net\Framework\v3.0\WPF\PresentationFontCache.exe 11:12:23.0109 0x2a78 FontCache3.0.0.0 - ok 11:12:23.0125 0x2a78 [ 1A16B57943853E598CFF37FE2B8CBF1D, 87609F46F3B8123552141FD70866E895220B1BBD92BC2B580CAF49201AA0197E ] FsDepends C:\Windows\system32\drivers\FsDepends.sys 11:12:23.0125 0x2a78 FsDepends - ok 11:12:23.0140 0x2a78 [ 7DAE5EBCC80E45D3253F4923DC424D05, 8A2C4D5591509B0B0A44583520617A9AE34F32BB6E68A012A7D7870ED24F703A ] Fs_Rec C:\Windows\system32\drivers\Fs_Rec.sys 11:12:23.0140 0x2a78 Fs_Rec - ok 11:12:23.0187 0x2a78 [ E306A24D9694C724FA2491278BF50FDB, 1D246B9C28550640EACBF8CF9DC980FD75106B92832D392FEBEF0C7012353091 ] fvevol C:\Windows\system32\DRIVERS\fvevol.sys 11:12:23.0187 0x2a78 fvevol - ok 11:12:23.0218 0x2a78 [ 65EE0C7A58B65E74AE05637418153938, 0E1A398ADD8411AF4CCC3344D67BE1B261320C58328BD5C5855A357476FAEBEF ] gagp30kx C:\Windows\system32\drivers\gagp30kx.sys 11:12:23.0218 0x2a78 gagp30kx - ok 11:12:23.0250 0x2a78 [ E897EAF5ED6BA41E081060C9B447A673, A428DC68516F19C6C53A8B62E4BDB2587E70FB751B9D77700B6B147D347DA157 ] gpsvc C:\Windows\System32\gpsvc.dll 11:12:23.0265 0x2a78 gpsvc - ok 11:12:23.0296 0x2a78 [ C44E3C2BAB6837DB337DDEE7544736DB, 88A24FF7D2FECCEAFFD421B2039A0FB623DA47A6B220B80EF1E52DD26D9E222D ] hcw85cir C:\Windows\system32\drivers\hcw85cir.sys 11:12:23.0296 0x2a78 hcw85cir - ok 11:12:23.0328 0x2a78 [ A5EF29D5315111C80A5C1ABAD14C8972, A181DA72E946F121C3F4A19438C547B0BFD15138AB1DB5465945EC89DF1F6B0A ] HdAudAddService C:\Windows\system32\drivers\HdAudio.sys 11:12:23.0328 0x2a78 HdAudAddService - ok 11:12:23.0359 0x2a78 [ 9036377B8A6C15DC2EEC53E489D159B5, 1E56D2ACFE92E6DF96D755B05C63D580EED82C210F075C8623E138BEE6BCD41B ] HDAudBus C:\Windows\system32\DRIVERS\HDAudBus.sys 11:12:23.0359 0x2a78 HDAudBus - ok 11:12:23.0374 0x2a78 [ 1D58A7F3E11A9731D0EAAAA8405ACC36, 7056FA18B86FBD52C4A6092D80476C02553EA053D6A0BEDB01A2FA5E152D5215 ] HidBatt C:\Windows\system32\drivers\HidBatt.sys 11:12:23.0374 0x2a78 HidBatt - ok 11:12:23.0390 0x2a78 [ 89448F40E6DF260C206A193A4683BA78, 71E0FCC32AE6FF8DFF420DB0383D6A200E1EAE14BD2E32453F92CE18B31C1F3C ] HidBth C:\Windows\system32\drivers\hidbth.sys 11:12:23.0390 0x2a78 HidBth - ok 11:12:23.0406 0x2a78 [ CF50B4CF4A4F229B9F3C08351F99CA5E, B97843620AF80FF0EC8F2C438255C0A42A756C6314FAF3DEF415DE16E14C108F ] HidIr C:\Windows\system32\drivers\hidir.sys 11:12:23.0406 0x2a78 HidIr - ok 11:12:23.0421 0x2a78 [ 2BC6F6A1992B3A77F5F41432CA6B3B6B, 2AF3312F1C8C8923C0A29AA5DAE57CE269417E53DEA2F0CCCC8DB57029698FE1 ] hidserv C:\Windows\System32\hidserv.dll 11:12:23.0437 0x2a78 hidserv - ok 11:12:23.0484 0x2a78 [ 10C19F8290891AF023EAEC0832E1EB4D, E208553029488A6EE2F5216CC9FE5F93E9931A94C0D0625253BB159E30642853 ] HidUsb C:\Windows\system32\drivers\hidusb.sys 11:12:23.0484 0x2a78 HidUsb - ok 11:12:23.0515 0x2a78 [ 196B4E3F4CCCC24AF836CE58FACBB699, 7A2E1F603A073421FA0987EFB96647F1F0F2D4E0C82AA62EBC041585DA811DAF ] hkmsvc C:\Windows\system32\kmsvc.dll 11:12:23.0530 0x2a78 hkmsvc - ok 11:12:23.0546 0x2a78 [ 6658F4404DE03D75FE3BA09F7ABA6A30, E51D9C1580A283EB862F09B73AAE1B647DD683A53F3DD99834222F12DD15E40F ] HomeGroupListener C:\Windows\system32\ListSvc.dll 11:12:23.0546 0x2a78 HomeGroupListener - ok 11:12:23.0577 0x2a78 [ DBC02D918FFF1CAD628ACBE0C0EAA8E8, 02121800D9062692C102475876AE8143EBE46D855E8328B8CDCFE6A2F0D19696 ] HomeGroupProvider C:\Windows\system32\provsvc.dll 11:12:23.0577 0x2a78 HomeGroupProvider - ok 11:12:23.0593 0x2a78 [ 295FDC419039090EB8B49FFDBB374549, 670E8015FD374640C6570F56F7FE8DE4D8F92E7A8072F5D1B2B95D0BD699CEF7 ] HpSAMD C:\Windows\system32\drivers\HpSAMD.sys 11:12:23.0593 0x2a78 HpSAMD - ok 11:12:23.0624 0x2a78 [ 871917B07A141BFF43D76D8844D48106, 30C702008D0EE57D63F74864967DD19A55A268E77E42B5B3CC73037AD51D2987 ] HTTP C:\Windows\system32\drivers\HTTP.sys 11:12:23.0640 0x2a78 HTTP - ok 11:12:23.0655 0x2a78 [ 0C4E035C7F105F1299258C90886C64C5, CFB4FBE7B28058E6D3E6E508CF3C1645F6AAE0AFEB4C5364835B9C42311DF0D4 ] hwpolicy C:\Windows\system32\drivers\hwpolicy.sys 11:12:23.0655 0x2a78 hwpolicy - ok 11:12:23.0671 0x2a78 [ F151F0BDC47F4A28B1B20A0818EA36D6, 84B24B5796D9F70A8C37773F5484A4606CC7908370CCD942627ACBEDC4952D79 ] i8042prt C:\Windows\system32\drivers\i8042prt.sys 11:12:23.0671 0x2a78 i8042prt - ok 11:12:23.0718 0x2a78 [ 5CD5F9A5444E6CDCB0AC89BD62D8B76E, 72870092A80C6DAE0105025B0ED8B607E98BA81E59298364A7FE4C9C56C68FF0 ] iaStorV C:\Windows\system32\drivers\iaStorV.sys 11:12:23.0718 0x2a78 iaStorV - ok 11:12:23.0796 0x2a78 [ 3E9213A2A050BF429E91898C90F8B4E3, D80ABE5691087661B19F01927B631CB8C5291120B814B6F863F046E0D643E9E4 ] idsvc C:\Windows\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe 11:12:23.0827 0x2a78 idsvc - ok 11:12:23.0842 0x2a78 IEEtwCollectorService - ok 11:12:24.0108 0x2a78 [ DCE0B53570703CCE580D066F89EF58CD, C5C2C4F51F2DB2BB6E7F1218472AEAAD996514AB99EA84946A473CB7A64D9E15 ] igfx C:\Windows\system32\DRIVERS\igdkmd32.sys 11:12:24.0279 0x2a78 igfx - ok 11:12:24.0326 0x2a78 [ 4173FF5708F3236CF25195FECD742915, 0A9C0701DF6EAC6602BE342FC13C7950EF04BB5BDF7D96C2C5DABBD2A29AA55D ] iirsp C:\Windows\system32\drivers\iirsp.sys 11:12:24.0326 0x2a78 iirsp - ok 11:12:24.0404 0x2a78 [ B9C54120F46392100478F58F374E5709, A28EE8B0988F580D5984E815FC78DF41B169260814234AA0E453375542D0957B ] IKEEXT C:\Windows\System32\ikeext.dll 11:12:24.0420 0x2a78 IKEEXT - ok 11:12:24.0544 0x2a78 [ 53613A3F3EF4E33A640CB3B1CD9BA38B, CB2BB81C5FEFAB4190B4390824D76AB04319B8D61475318B3930E94A5D148F5E ] IntcAzAudAddService C:\Windows\system32\drivers\RTDVHDA.sys 11:12:24.0591 0x2a78 IntcAzAudAddService - ok 11:12:24.0643 0x2a78 [ A0F12F2C9BA6C72F3987CE780E77C130, 5F53DF8BE1621AA7DFB655CFD9C95E0AFA1AD3CE2E290E19D7B7FB3C6E380034 ] intelide C:\Windows\system32\drivers\intelide.sys 11:12:24.0643 0x2a78 intelide - ok 11:12:24.0659 0x2a78 [ 3B514D27BFC4ACCB4037BC6685F766E0, F12D7AC62F8550E6F33B28AD751D8413AB7FFEF963242D99FFA76CE8A48B027A ] intelppm C:\Windows\system32\DRIVERS\intelppm.sys 11:12:24.0674 0x2a78 intelppm - ok 11:12:24.0705 0x2a78 [ ACB364B9075A45C0736E5C47BE5CAE19, 202F77C659103D2D0E787B8CB0A23BE32EA5AA2E6B3B0A0F0A8DFA906AB3C0C0 ] IPBusEnum C:\Windows\system32\ipbusenum.dll 11:12:24.0705 0x2a78 IPBusEnum - ok 11:12:24.0721 0x2a78 [ 709D1761D3B19A932FF0238EA6D50200, 0A9D2C3A6E91CA45540555B40CB4E2DF3EBE98C1D164C4EECEE20C86782F5823 ] IpFilterDriver C:\Windows\system32\DRIVERS\ipfltdrv.sys 11:12:24.0721 0x2a78 IpFilterDriver - ok 11:12:24.0799 0x2a78 [ 58F67245D041FBE7AF88F4EAF79DF0FA, 67468D6A46FF4D87AD321BFEA42F2FC843D09AA292A119C76D4D795D06028F96 ] IpHlpSvc C:\Windows\System32\iphlpsvc.dll 11:12:24.0815 0x2a78 IpHlpSvc - ok 11:12:24.0830 0x2a78 [ 4BD7134618C1D2A27466A099062547BF, 20284ABEF4433A59E2981F4143CAEC67DC990864FE0B9E3DC70EE0B88539E964 ] IPMIDRV C:\Windows\system32\drivers\IPMIDrv.sys 11:12:24.0830 0x2a78 IPMIDRV - ok 11:12:24.0846 0x2a78 [ A5FA468D67ABCDAA36264E463A7BB0CD, EDB828D596E43372F97DAE1AADA46428C4C45FB80646DDC64FAD5F25C826CF63 ] IPNAT C:\Windows\system32\drivers\ipnat.sys 11:12:24.0846 0x2a78 IPNAT - ok 11:12:24.0877 0x2a78 [ 42996CFF20A3084A56017B7902307E9F, 688176DAB91BE569280E4822E4C5BDE755794D293591C53F8047AD59C441751D ] IRENUM C:\Windows\system32\drivers\irenum.sys 11:12:24.0877 0x2a78 IRENUM - ok 11:12:24.0877 0x2a78 [ 1F32BB6B38F62F7DF1A7AB7292638A35, 86522358680FBB1CEBC56B4D139290689BB0F71A3EC78CE883E4D75D0B37586F ] isapnp C:\Windows\system32\drivers\isapnp.sys 11:12:24.0877 0x2a78 isapnp - ok 11:12:24.0908 0x2a78 [ EB34CE31FABD4DC4343FD2AD16D2CAF9, D21C91227A15DA89ECF522345D0AB80B3B7FC24A230596DABDB8BD3B7554CE8C ] iScsiPrt C:\Windows\system32\drivers\msiscsi.sys 11:12:24.0908 0x2a78 iScsiPrt - ok 11:12:24.0955 0x2a78 [ 62632763D9B2B7F92D2968D40406E7AA, EC11B3CF6E0DF6515B3879E98F894A43855EE21115C4F305D9857ACAA538F6E5 ] k57nd60x C:\Windows\system32\DRIVERS\k57nd60x.sys 11:12:24.0955 0x2a78 k57nd60x - ok 11:12:24.0986 0x2a78 [ ADEF52CA1AEAE82B50DF86B56413107E, A3AE1E96B04AC81665ABBD3CB267DFB3F78376DAE18FB0DBD447908DDAAA22D2 ] kbdclass C:\Windows\system32\DRIVERS\kbdclass.sys 11:12:24.0986 0x2a78 kbdclass - ok 11:12:24.0986 0x2a78 [ 9E3CED91863E6EE98C24794D05E27A71, 90CF59F20E14E4A5A793266805E82BF7AE1F0CF4C7BAB1FD2EEF3B53C5DF770F ] kbdhid C:\Windows\system32\DRIVERS\kbdhid.sys 11:12:25.0002 0x2a78 kbdhid - ok 11:12:25.0002 0x2a78 [ DD17E1573651293D4ED31053795B3471, 94F7D1BB1C3B0C1FAAEED07375DB0F3BC995394FB5C26983548D946C8D229D54 ] KeyIso C:\Windows\system32\lsass.exe 11:12:25.0002 0x2a78 KeyIso - ok 11:12:25.0049 0x2a78 [ 4120DA10AA42A9996F4575DB9E3E6E6E, 1C6E790772EA327ACB885D731A030408160534997DD56FEE4D6CEE6929873BB8 ] KSecDD C:\Windows\system32\Drivers\ksecdd.sys 11:12:25.0049 0x2a78 KSecDD - ok 11:12:25.0080 0x2a78 [ D3964885F0A11ACF51DA3AAA776973B2, 417ED5A3201FC50FBC0D646F8F2114A1E8A91E7919A62508DCBC156C0BFB2FBA ] KSecPkg C:\Windows\system32\Drivers\ksecpkg.sys 11:12:25.0080 0x2a78 KSecPkg - ok 11:12:25.0127 0x2a78 [ 89A7B9CC98D0D80C6F31B91C0A310FCD, 4583CAEEE0D50C0C7CE955E533FDA063CDC37B69033D41EF22EF1BA242E4C747 ] KtmRm C:\Windows\system32\msdtckrm.dll 11:12:25.0127 0x2a78 KtmRm - ok 11:12:25.0158 0x2a78 [ D64AF876D53ECA3668BB97B51B4E70AB, D5C07C019BFEAFBEDC29AB5060356A3B07449712B21B50E03378BEF04AF180F9 ] LanmanServer C:\Windows\System32\srvsvc.dll 11:12:25.0173 0x2a78 LanmanServer - ok 11:12:25.0220 0x2a78 [ 58405E4F68BA8E4057C6E914F326ABA2, C3E6519A1A38F1B3597D4391E42ABFE8F1F5E86256C4B3BD876CDAD9BB68B0A6 ] LanmanWorkstation C:\Windows\System32\wkssvc.dll 11:12:25.0220 0x2a78 LanmanWorkstation - ok 11:12:25.0251 0x2a78 [ F7611EC07349979DA9B0AE1F18CCC7A6, 879AA7A391966F00761CA039C25EBC62F6712DD5461694911EEC673E12DE103E ] lltdio C:\Windows\system32\DRIVERS\lltdio.sys 11:12:25.0251 0x2a78 lltdio - ok 11:12:25.0283 0x2a78 [ 5700673E13A2117FA3B9020C852C01E2, 6684A2905EE8C438F2A64BE47E51A54D287B08DEFB8E0AE7FC2809D845EE3C5F ] lltdsvc C:\Windows\System32\lltdsvc.dll 11:12:25.0298 0x2a78 lltdsvc - ok 11:12:25.0314 0x2a78 [ 55CA01BA19D0006C8F2639B6C045E08B, 4DBBDC820C514DB18CC13F8EE178F8C4E39C295C6E3C255416C235553CE7BDC1 ] lmhosts C:\Windows\System32\lmhsvc.dll 11:12:25.0314 0x2a78 lmhosts - ok 11:12:25.0345 0x2a78 [ EB119A53CCF2ACC000AC71B065B78FEF, 1FD60735C4945AE565C223F0B47EAF9602D8777E3D15600914C1A9D761215AF9 ] LSI_FC C:\Windows\system32\drivers\lsi_fc.sys 11:12:25.0345 0x2a78 LSI_FC - ok 11:12:25.0361 0x2a78 [ 8ADE1C877256A22E49B75D1CC9161F9C, 3D64F233DC866537E50549A7C1A2B40A954055B22F0BDA39825B04C38C607CB7 ] LSI_SAS C:\Windows\system32\drivers\lsi_sas.sys 11:12:25.0361 0x2a78 LSI_SAS - ok 11:12:25.0376 0x2a78 [ DC9DC3D3DAA0E276FD2EC262E38B11E9, A264990857CBC74036799E17A087130626C0A09BE19879019BAF2D761C62AECC ] LSI_SAS2 C:\Windows\system32\drivers\lsi_sas2.sys 11:12:25.0376 0x2a78 LSI_SAS2 - ok 11:12:25.0392 0x2a78 [ 0A036C7D7CAB643A7F07135AC47E0524, 2F662D07FCB74B8D493156DB555EAA90A47E93CF14C7B30039D2FE47EB8682B8 ] LSI_SCSI C:\Windows\system32\drivers\lsi_scsi.sys 11:12:25.0392 0x2a78 LSI_SCSI - ok 11:12:25.0407 0x2a78 [ 6703E366CC18D3B6E534F5CF7DF39CEE, 7396B9AF938284D99EC51206A7B2FA4A0DC10A493DCE6707818B03A7473782C4 ] luafv C:\Windows\system32\drivers\luafv.sys 11:12:25.0407 0x2a78 luafv - ok 11:12:25.0423 0x2a78 [ BFB9EE8EE977EFE85D1A3105ABEF6DD1, D2A84EBF0C0B7A14AD432FD2EF43CC12300027AEA3FA4075659FB088AB62B588 ] Mcx2Svc C:\Windows\system32\Mcx2Svc.dll 11:12:25.0439 0x2a78 Mcx2Svc - ok 11:12:25.0439 0x2a78 [ 0FFF5B045293002AB38EB1FD1FC2FB74, 49071B565FD5B2DE43EC00D8518C3BE70843F38919E82F13104B8C1FAFB20374 ] megasas C:\Windows\system32\drivers\megasas.sys 11:12:25.0439 0x2a78 megasas - ok 11:12:25.0470 0x2a78 [ DCBAB2920C75F390CAF1D29F675D03D6, 85C3A7A010BEA5E3C6179161B295F2CB900A6A214833A5F87A4327392880E2BB ] MegaSR C:\Windows\system32\drivers\MegaSR.sys 11:12:25.0470 0x2a78 MegaSR - ok 11:12:25.0485 0x2a78 [ 146B6F43A673379A3C670E86D89BE5EA, C4412DCF80DE6B55466F399413271364F14BC0819C224AA161EDDC31A9775440 ] MMCSS C:\Windows\system32\mmcss.dll 11:12:25.0485 0x2a78 MMCSS - ok 11:12:25.0501 0x2a78 [ F001861E5700EE84E2D4E52C712F4964, F4DC5AEED6F34D76CCEF360862CC47EF71097BE0813C8CE04EE5F0DB387DFFAE ] Modem C:\Windows\system32\drivers\modem.sys 11:12:25.0501 0x2a78 Modem - ok 11:12:25.0517 0x2a78 [ 79D10964DE86B292320E9DFE02282A23, 52714827B7EEDACA55326A4E4F6158D4942DFAA3BACDE303A2F569BF3F4FAA72 ] monitor C:\Windows\system32\DRIVERS\monitor.sys 11:12:25.0517 0x2a78 monitor - ok 11:12:25.0532 0x2a78 [ FB18CC1D4C2E716B6B903B0AC0CC0609, F10CCA63493782B16DE6B96B94A27078DBE68AECEF34FDF840CFF86D2C6E3C5E ] mouclass C:\Windows\system32\DRIVERS\mouclass.sys 11:12:25.0532 0x2a78 mouclass - ok 11:12:25.0548 0x2a78 [ 2C388D2CD01C9042596CF3C8F3C7B24D, B2FB72272BB01AEDA4047B57C943B7E9BD8A6497854F8CC34672AAA592D0A703 ] mouhid C:\Windows\system32\DRIVERS\mouhid.sys 11:12:25.0548 0x2a78 mouhid - ok 11:12:25.0563 0x2a78 [ FC8771F45ECCCFD89684E38842539B9B, 806DDF2B4830CA866582FE74A521BB7DF26CA0E19013DAF584D3677FB48CC77A ] mountmgr C:\Windows\system32\drivers\mountmgr.sys 11:12:25.0563 0x2a78 mountmgr - ok 11:12:25.0641 0x2a78 [ 6460D4A5C981567E74A7AC1349DE10F5, 9C16035B9A9BE3D7077851621E9BDED223B4C6A156562076957B49B9FCAB3A05 ] MpFilter C:\Windows\system32\DRIVERS\MpFilter.sys 11:12:25.0641 0x2a78 MpFilter - ok 11:12:25.0657 0x2a78 [ 2D699FB6E89CE0D8DA14ECC03B3EDFE0, D3D903EEA465D77345AAC9B9F02CDEADF4831212EA2DE4FCA33BEE26EBB47420 ] mpio C:\Windows\system32\drivers\mpio.sys 11:12:25.0673 0x2a78 mpio - ok 11:12:25.0797 0x2a78 [ 65C34426C83EFA32D48380A97717997B, CD7EB6BFBB0BE382BA21055460D9A72323F09AF3194A22D8EDB28D5DB3BAE8E7 ] MpKsl341c4cee c:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{4299267E-6D94-4203-B94B-98F32FF07B76}\MpKsl341c4cee.sys 11:12:25.0797 0x2a78 MpKsl341c4cee - ok 11:12:25.0813 0x2a78 [ AD2723A7B53DD1AACAE6AD8C0BFBF4D0, 1D6DCFA0E56C3E55B6AED819176E751502F863BA0FCF4F0B3253A81D208141A2 ] mpsdrv C:\Windows\system32\drivers\mpsdrv.sys 11:12:25.0813 0x2a78 mpsdrv - ok 11:12:25.0875 0x2a78 [ 9835584E999D25004E1EE8E5F3E3B881, 71798B0CBE9AE69F1F29B845319019C69EC7F415CBABB3B87DDE92C360675021 ] MpsSvc C:\Windows\system32\mpssvc.dll 11:12:25.0891 0x2a78 MpsSvc - ok 11:12:25.0907 0x2a78 [ 21F4B24ACFC79A483515BD986DD9043F, 22681907E02E0B723ABE2CEF0602D36C8EF862E7E2B62A9B40A5EF582E58D7BA ] MRxDAV C:\Windows\system32\drivers\mrxdav.sys 11:12:25.0922 0x2a78 MRxDAV - ok 11:12:25.0953 0x2a78 [ 5D16C921E3671636C0EBA3BBAAC5FD25, 5BC107B95CAFC88F51FBB9F657B99944B20627A2B618F263093D7045E4FFD65C ] mrxsmb C:\Windows\system32\DRIVERS\mrxsmb.sys 11:12:25.0953 0x2a78 mrxsmb - ok 11:12:25.0969 0x2a78 [ 6D17A4791ACA19328C685D256349FEFC, 012AA3D84EEAAF53780D06D2D11B9727DFC3441F3FAD75BC9E751FB814403668 ] mrxsmb10 C:\Windows\system32\DRIVERS\mrxsmb10.sys 11:12:25.0985 0x2a78 mrxsmb10 - ok 11:12:25.0985 0x2a78 [ B81F204D146000BE76651A50670A5E9E, 78193D0F967BE9829E53F9B500342934B4B1E1F4CEFC444382959E2061BC3B17 ] mrxsmb20 C:\Windows\system32\DRIVERS\mrxsmb20.sys 11:12:25.0985 0x2a78 mrxsmb20 - ok 11:12:26.0047 0x2a78 [ 012C5F4E9349E711E11E0F19A8589F0A, 208B92DFCF7AD43202660FBBC9FF5E03AEDBEE38178FF3628EB74CB6CD37C584 ] msahci C:\Windows\system32\drivers\msahci.sys 11:12:26.0047 0x2a78 msahci - ok 11:12:26.0078 0x2a78 [ 55055F8AD8BE27A64C831322A780A228, C2C9FD1F61302997117B1CD0835E8234405BB80084065ED05363B77868397304 ] msdsm C:\Windows\system32\drivers\msdsm.sys 11:12:26.0078 0x2a78 msdsm - ok 11:12:26.0094 0x2a78 [ E1BCE74A3BD9902B72599C0192A07E27, 5162EB623FE64E9DFEAC6CA2410EFA1314E62EC13207FFBFED2D61AA887603C4 ] MSDTC C:\Windows\System32\msdtc.exe 11:12:26.0094 0x2a78 MSDTC - ok 11:12:26.0109 0x2a78 [ DAEFB28E3AF5A76ABCC2C3078C07327F, 6EB558532400B489763BAE7203538DE5F196282A8CB46A1B31D59120FC5AFCEF ] Msfs C:\Windows\system32\drivers\Msfs.sys 11:12:26.0109 0x2a78 Msfs - ok 11:12:26.0125 0x2a78 [ 3E1E5767043C5AF9367F0056295E9F84, B2EDFECD3C14E4FE1BA87D9A86334043A9BD696A554EBD186DA7EAEB2EBD4F70 ] mshidkmdf C:\Windows\System32\drivers\mshidkmdf.sys 11:12:26.0125 0x2a78 mshidkmdf - ok 11:12:26.0141 0x2a78 [ 0A4E5757AE09FA9622E3158CC1AEF114, ED574E420E57374E328C7C526504ECA569C164287966F06019EC207CB17F2C54 ] msisadrv C:\Windows\system32\drivers\msisadrv.sys 11:12:26.0141 0x2a78 msisadrv - ok 11:12:26.0156 0x2a78 [ 90F7D9E6B6F27E1A707D4A297F077828, BEFC220EAA7307849600748842ACB9254A6A91158812D9B23EFAF912C498BA7F ] MSiSCSI C:\Windows\system32\iscsiexe.dll 11:12:26.0156 0x2a78 MSiSCSI - ok 11:12:26.0172 0x2a78 msiserver - ok 11:12:26.0187 0x2a78 [ 8C0860D6366AAFFB6C5BB9DF9448E631, 949C5A14E57F2D7385543C17C3485E7ADE36EA2016F6E0A1866571D2EDE90A77 ] MSKSSRV C:\Windows\system32\drivers\MSKSSRV.sys 11:12:26.0187 0x2a78 MSKSSRV - ok 11:12:26.0281 0x2a78 [ A4B109D057E15A438CE74E5B71187417, C91568C1AE2863218988D4D7A2B64041AB2C1EE2E9DF3720407FCE513ADA056F ] MsMpSvc c:\Program Files\Microsoft Security Client\MsMpEng.exe 11:12:26.0281 0x2a78 MsMpSvc - ok 11:12:26.0297 0x2a78 [ 3EA8B949F963562CEDBB549EAC0C11CE, 1B0B2F16A1790282504F3C548D47C3281EFB440D5D9711A1EF76D6371B768D2D ] MSPCLOCK C:\Windows\system32\drivers\MSPCLOCK.sys 11:12:26.0297 0x2a78 MSPCLOCK - ok 11:12:26.0328 0x2a78 [ F456E973590D663B1073E9C463B40932, 48BA6D5580EE7B6A4C06E04772FD35B51779553FC0DD6C5C30DD8B5DEEB25B11 ] MSPQM C:\Windows\system32\drivers\MSPQM.sys 11:12:26.0328 0x2a78 MSPQM - ok 11:12:26.0343 0x2a78 [ 0E008FC4819D238C51D7C93E7B41E560, 141FCEBDD05874407EAEC35A9DCD3BB16F2A428F23E55487D6A5DBFCADBF10D2 ] MsRPC C:\Windows\system32\drivers\MsRPC.sys 11:12:26.0343 0x2a78 MsRPC - ok 11:12:26.0359 0x2a78 [ FC6B9FF600CC585EA38B12589BD4E246, F05DB01AE1955D2468CE6B51E51998B111CA3B0BDEED090EE6B99B625CBA564A ] mssmbios C:\Windows\system32\DRIVERS\mssmbios.sys 11:12:26.0359 0x2a78 mssmbios - ok 11:12:26.0390 0x2a78 [ B42C6B921F61A6E55159B8BE6CD54A36, 6BB0A7BE005B8F281E551D1B8046CE4202372BC7AE0161881C858BFAC675FE1C ] MSTEE C:\Windows\system32\drivers\MSTEE.sys 11:12:26.0406 0x2a78 MSTEE - ok 11:12:26.0421 0x2a78 [ 33599130F44E1F34631CEA241DE8AC84, E15B31D1AFDC8DC6D2B21D4215796A99ECC69EEDBB06CEED01AECC3C99A44C8B ] MTConfig C:\Windows\system32\drivers\MTConfig.sys 11:12:26.0421 0x2a78 MTConfig - ok 11:12:26.0437 0x2a78 [ 159FAD02F64E6381758C990F753BCC80, E55AB01DCFA95ECAB24A2A9656E28FF9D064BA08B3D82DC8AA42F5991BA09598 ] Mup C:\Windows\system32\Drivers\mup.sys 11:12:26.0437 0x2a78 Mup - ok 11:12:26.0468 0x2a78 [ 61D57A5D7C6D9AFE10E77DAE6E1B445E, D252248532142E9E2332DA693BC51B795102CA938B568FF04981E98B19BFBC5C ] napagent C:\Windows\system32\qagentRT.dll 11:12:26.0484 0x2a78 napagent - ok 11:12:26.0499 0x2a78 [ 26384429FCD85D83746F63E798AB1480, 957C115C263A4B4DC854558B43ECE632D8E2BCCB744E23A01EBA7476BA2E7FFB ] NativeWifiP C:\Windows\system32\DRIVERS\nwifi.sys 11:12:26.0499 0x2a78 NativeWifiP - ok 11:12:26.0593 0x2a78 [ 8C9C922D71F1CD4DEF73F186416B7896, 15FF43CD90C7913F83B35F2E7986561584588E8A45196EBD965C3A355836A9C7 ] NDIS C:\Windows\system32\drivers\ndis.sys 11:12:26.0619 0x2a78 NDIS - ok 11:12:26.0626 0x2a78 [ 0E1787AA6C9191D3D319E8BAFE86F80C, F535022747355B2C66424BDA892D7DCB820C2EB8EE05BAE5BC6D1B1D65186278 ] NdisCap C:\Windows\system32\DRIVERS\ndiscap.sys 11:12:26.0626 0x2a78 NdisCap - ok 11:12:26.0642 0x2a78 [ E4A8AEC125A2E43A9E32AFEEA7C9C888, 6EA181117126FC70B3C1DD1AC73CC26D1603A2CF49E47F66623E2C9489C49B55 ] NdisTapi C:\Windows\system32\DRIVERS\ndistapi.sys 11:12:26.0657 0x2a78 NdisTapi - ok 11:12:26.0673 0x2a78 [ D8A65DAFB3EB41CBB622745676FCD072, 874D3C3D247C4A309DA813DB1D2EDB0037D3C489824BD5FE95B0C20699764EF7 ] Ndisuio C:\Windows\system32\DRIVERS\ndisuio.sys 11:12:26.0673 0x2a78 Ndisuio - ok 11:12:26.0688 0x2a78 [ 38FBE267E7E6983311179230FACB1017, CFD1CBCA59650795C030DB30E5795B37C11C736E14003AE1DAB081BA5C0C9B14 ] NdisWan C:\Windows\system32\DRIVERS\ndiswan.sys 11:12:26.0688 0x2a78 NdisWan - ok 11:12:26.0704 0x2a78 [ A4BDC541E69674FBFF1A8FF00BE913F2, 18CCFD063E9870B8B6958715BC0414C4D920AE63528EA1E9D7E30F7138918FFA ] NDProxy C:\Windows\system32\drivers\NDProxy.sys 11:12:26.0704 0x2a78 NDProxy - ok 11:12:26.0720 0x2a78 [ 80B275B1CE3B0E79909DB7B39AF74D51, 75B406B0D9D28239D4EB2A298419A5F78A58237D88C5FD688EF1DFFAFACCF796 ] NetBIOS C:\Windows\system32\DRIVERS\netbios.sys 11:12:26.0720 0x2a78 NetBIOS - ok 11:12:26.0735 0x2a78 [ 280122DDCF04B378EDD1AD54D71C1E54, F98B2ADE34F7E67C7C06C1D0FFB80ECBC353D044D4B4784CD952910345DC2ED0 ] NetBT C:\Windows\system32\DRIVERS\netbt.sys 11:12:26.0735 0x2a78 NetBT - ok 11:12:26.0751 0x2a78 [ DD17E1573651293D4ED31053795B3471, 94F7D1BB1C3B0C1FAAEED07375DB0F3BC995394FB5C26983548D946C8D229D54 ] Netlogon C:\Windows\system32\lsass.exe 11:12:26.0751 0x2a78 Netlogon - ok 11:12:26.0782 0x2a78 [ 7CCCFCA7510684768DA22092D1FA4DB2, BB9E4F8FABBF596D888E6D303CB54A336D9DFF95B36AEA9369D2ED787DDC4B5D ] Netman C:\Windows\System32\netman.dll 11:12:26.0782 0x2a78 Netman - ok 11:12:26.0829 0x2a78 [ 21318671BCAD3ACF16638F98D4D00973, CEA6E3B6BCB4B74A9ACACBEEA12EEA967BBC2240398E2EBC04D7910109CACA11 ] NetMsmqActivator C:\Windows\Microsoft.NET\Framework\v4.0.30319\SMSvcHost.exe 11:12:26.0829 0x2a78 NetMsmqActivator - ok 11:12:26.0844 0x2a78 [ 21318671BCAD3ACF16638F98D4D00973, CEA6E3B6BCB4B74A9ACACBEEA12EEA967BBC2240398E2EBC04D7910109CACA11 ] NetPipeActivator C:\Windows\Microsoft.NET\Framework\v4.0.30319\SMSvcHost.exe 11:12:26.0844 0x2a78 NetPipeActivator - ok 11:12:26.0876 0x2a78 [ 8C338238C16777A802D6A9211EB2BA50, 0D08A47CD403EDA5E8CAD7409BBBBCDC29A9861D2DC41D42B68B22B1AA1EBDD6 ] netprofm C:\Windows\System32\netprofm.dll 11:12:26.0891 0x2a78 netprofm - ok 11:12:26.0891 0x2a78 [ 21318671BCAD3ACF16638F98D4D00973, CEA6E3B6BCB4B74A9ACACBEEA12EEA967BBC2240398E2EBC04D7910109CACA11 ] NetTcpActivator C:\Windows\Microsoft.NET\Framework\v4.0.30319\SMSvcHost.exe 11:12:26.0891 0x2a78 NetTcpActivator - ok 11:12:26.0907 0x2a78 [ 21318671BCAD3ACF16638F98D4D00973, CEA6E3B6BCB4B74A9ACACBEEA12EEA967BBC2240398E2EBC04D7910109CACA11 ] NetTcpPortSharing C:\Windows\Microsoft.NET\Framework\v4.0.30319\SMSvcHost.exe 11:12:26.0907 0x2a78 NetTcpPortSharing - ok 11:12:26.0938 0x2a78 [ 1D85C4B390B0EE09C7A46B91EFB2C097, 6A8850B151E88EE371F3CC543A946302DDF9494908D684B8B0C706A42CC54348 ] nfrd960 C:\Windows\system32\drivers\nfrd960.sys 11:12:26.0938 0x2a78 nfrd960 - ok 11:12:27.0000 0x2a78 [ 6A83B8AF342E61DEE353BAA81F67B7DA, F883A69DC57A203CEF4A264ADA3669EFA11149FE479A32FF38A37C86D24D7DE7 ] NisDrv C:\Windows\system32\DRIVERS\NisDrvWFP.sys 11:12:27.0000 0x2a78 NisDrv - ok 11:12:27.0078 0x2a78 [ 877C975D6FED8B12C445312D1286771E, 2FD5F2FE0414D00B8E4EF389E1AD11356C14F700A906770B0AB88B464D963948 ] NisSrv c:\Program Files\Microsoft Security Client\NisSrv.exe 11:12:27.0078 0x2a78 NisSrv - ok 11:12:27.0141 0x2a78 [ 374071043F9E4231EE43BE2BB48DD36D, C4FA3FC40CC49DBBB91901D14210A55D3831FAC9F9B3FF45FCA7F5CF242C9E92 ] NlaSvc C:\Windows\System32\nlasvc.dll 11:12:27.0156 0x2a78 NlaSvc - ok 11:12:27.0172 0x2a78 [ 1DB262A9F8C087E8153D89BEF3D2235F, A51EE5D5AD3CD76B74BEA9C66C462608BF3B50C53DAA4110A75DB10495A8C101 ] Npfs C:\Windows\system32\drivers\Npfs.sys 11:12:27.0172 0x2a78 Npfs - ok 11:12:27.0188 0x2a78 [ BA387E955E890C8A88306D9B8D06BF17, 3477BD9686C5777A93251C154512671AAA7533B18C536DF51F7B1D6D28E7F8A5 ] nsi C:\Windows\system32\nsisvc.dll 11:12:27.0188 0x2a78 nsi - ok 11:12:27.0203 0x2a78 [ E9A0A4D07E53D8FEA2BB8387A3293C58, 690CAD6C4E35ECC1172A2E1FD3933DF73158B3BF42CB21244269612A53DE4D7A ] nsiproxy C:\Windows\system32\drivers\nsiproxy.sys 11:12:27.0203 0x2a78 nsiproxy - ok 11:12:27.0297 0x2a78 [ C8DFF8D07755A66C7A4A738930F0FEAC, A2CC58312CE57988ABD976155BE91F558DCEC4C23481C6FBE64B361D511A36EA ] Ntfs C:\Windows\system32\drivers\Ntfs.sys 11:12:27.0312 0x2a78 Ntfs - ok 11:12:27.0328 0x2a78 [ F9756A98D69098DCA8945D62858A812C, 572ADBFCFDE2030B34A013AADC14DBC144EB3F34D06991E2464A3EA9605BC045 ] Null C:\Windows\system32\drivers\Null.sys 11:12:27.0328 0x2a78 Null - ok 11:12:27.0344 0x2a78 [ B3E25EE28883877076E0E1FF877D02E0, 402B6FED6FBBF645190396DC141141EF52DD059DABD01F8AC9CF01D23664070C ] nvraid C:\Windows\system32\drivers\nvraid.sys 11:12:27.0344 0x2a78 nvraid - ok 11:12:27.0375 0x2a78 [ 4380E59A170D88C4F1022EFF6719A8A4, 93EDB3F4CDBF53C9C1970DD29AB146E390695C568180847BA8903F5FBEABCFF2 ] nvstor C:\Windows\system32\drivers\nvstor.sys 11:12:27.0390 0x2a78 nvstor - ok 11:12:27.0390 0x2a78 [ 5A0983915F02BAE73267CC2A041F717D, D83461D74597BF2BE042FEFCC27FCD18BF63CB8135B0666D731D50951C3468A8 ] nv_agp C:\Windows\system32\drivers\nv_agp.sys 11:12:27.0406 0x2a78 nv_agp - ok 11:12:27.0406 0x2a78 [ 08A70A1F2CDDE9BB49B885CB817A66EB, 0BB98123B544124B144F3E95D77E01E973D060B8B2302503FF24ABBBE803EB63 ] ohci1394 C:\Windows\system32\drivers\ohci1394.sys 11:12:27.0406 0x2a78 ohci1394 - ok 11:12:27.0453 0x2a78 [ 7A56CF3E3F12E8AF599963B16F50FB6A, 882C82BAE96D263138D4C0D6C425458B770B7B9C8E9C1D28AC918BF6BE94A5C2 ] ose C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE 11:12:27.0453 0x2a78 ose - ok 11:12:27.0484 0x2a78 [ 82A8521DDC60710C3D3D3E7325209BEC, C4E34571EDD57C7FBB3D736B5FE8BD154624705B5C8EA2EC898F19F75B9A5942 ] p2pimsvc C:\Windows\system32\pnrpsvc.dll 11:12:27.0484 0x2a78 p2pimsvc - ok 11:12:27.0515 0x2a78 [ 59C3DDD501E39E006DAC31BF55150D91, E02B63AB7F34CF6FF3F644AF354D10004E6F50014E03172D80BD78934EF71EF1 ] p2psvc C:\Windows\system32\p2psvc.dll 11:12:27.0515 0x2a78 p2psvc - ok 11:12:27.0546 0x2a78 [ 2EA877ED5DD9713C5AC74E8EA7348D14, 14BA3722CE5F8FF07F2D97DCDD6558EB49C9B02E5E6FAD6D9F18D354733EFECE ] Parport C:\Windows\system32\DRIVERS\parport.sys 11:12:27.0546 0x2a78 Parport - ok 11:12:27.0562 0x2a78 [ 3F34A1B4C5F6475F320C275E63AFCE9B, 31295D5121C0C3F2085E0EEBA260EEE4CA003993C026E2F81986D19158036E6B ] partmgr C:\Windows\system32\drivers\partmgr.sys 11:12:27.0578 0x2a78 partmgr - ok 11:12:27.0593 0x2a78 [ EB0A59F29C19B86479D36B35983DAADC, AC09AFE7F13BE4079D01383BAC44091997E1AAF6512C9673A42B9E3780EB08A8 ] Parvdm C:\Windows\system32\DRIVERS\parvdm.sys 11:12:27.0593 0x2a78 Parvdm - ok 11:12:27.0609 0x2a78 [ 4088C1ECD1F54281A92FA663B0FDC36F, DF6EF6C6ACBF7604681D86D352773E8C11937995C512761C66D50DB126F581C2 ] PBADRV C:\Windows\system32\DRIVERS\PBADRV.sys 11:12:27.0609 0x2a78 PBADRV - ok 11:12:27.0624 0x2a78 [ 358AB7956D3160000726574083DFC8A6, 6CAFD4D1B8AB8C1D167ADC018985DDAB5AC2CBFFB3434FE6390F14AF50C19025 ] PcaSvc C:\Windows\System32\pcasvc.dll 11:12:27.0624 0x2a78 PcaSvc - ok 11:12:27.0640 0x2a78 [ 673E55C3498EB970088E812EA820AA8F, 1F81315664B8CBFDD569416C0ECCE4C6251F34577313A0858AB46609781303B5 ] pci C:\Windows\system32\drivers\pci.sys 11:12:27.0656 0x2a78 pci - ok 11:12:27.0687 0x2a78 [ AFE86F419014DB4E5593F69FFE26CE0A, CAF36E61BE7B511D3A03A65FF5A3017CEE4D2F53005B410F2D4A2AAE9FED4C00 ] pciide C:\Windows\system32\drivers\pciide.sys 11:12:27.0702 0x2a78 pciide - ok 11:12:27.0718 0x2a78 [ F396431B31693E71E8A80687EF523506, BC614FC21E029E2497F1CCE3131BBD295B827F2310762B47D5BBC7703D80554B ] pcmcia C:\Windows\system32\drivers\pcmcia.sys 11:12:27.0718 0x2a78 pcmcia - ok 11:12:27.0734 0x2a78 [ 250F6B43D2B613172035C6747AEEB19F, A91F15B133F2619912CF750E6F3662E011CD0FA4B9477CE532CE3196D23307D9 ] pcw C:\Windows\system32\drivers\pcw.sys 11:12:27.0734 0x2a78 pcw - ok 11:12:27.0780 0x2a78 [ 9E0104BA49F4E6973749A02BF41344ED, B32F39F38DB48D77FBA884DEE34112BAB81CCEF5DD2EAAA12D9589D73D2BB116 ] PEAUTH C:\Windows\system32\drivers\peauth.sys 11:12:27.0796 0x2a78 PEAUTH - ok 11:12:27.0843 0x2a78 [ 414BBA67A3DED1D28437EB66AEB8A720, D6DF254E2615FA402044824DCD9004F579FC0DF74B90E44C99D5F0253CF8AD88 ] pla C:\Windows\system32\pla.dll 11:12:27.0874 0x2a78 pla - ok 11:12:27.0921 0x2a78 [ EC7BC28D207DA09E79B3E9FAF8B232CA, A42F8F69C3CD753D787A5D558659DEA2CC306C896D75B8C82549219CF654504F ] PlugPlay C:\Windows\system32\umpnpmgr.dll 11:12:27.0921 0x2a78 PlugPlay - ok 11:12:27.0936 0x2a78 [ 63FF8572611249931EB16BB8EED6AFC8, 9732CCBCB93A7A4BEC88812B952C20244479E9BD781240C195E57F09E619EA33 ] PNRPAutoReg C:\Windows\system32\pnrpauto.dll 11:12:27.0936 0x2a78 PNRPAutoReg - ok 11:12:27.0968 0x2a78 [ 82A8521DDC60710C3D3D3E7325209BEC, C4E34571EDD57C7FBB3D736B5FE8BD154624705B5C8EA2EC898F19F75B9A5942 ] PNRPsvc C:\Windows\system32\pnrpsvc.dll 11:12:27.0968 0x2a78 PNRPsvc - ok 11:12:27.0999 0x2a78 [ 53946B69BA0836BD95B03759530C81EC, 7F14A34635354CCA0F5342C8D9DF5A6AA1B94F6A508BD8834029E9BACF252920 ] PolicyAgent C:\Windows\System32\ipsecsvc.dll 11:12:28.0014 0x2a78 PolicyAgent - ok 11:12:28.0030 0x2a78 [ F87D30E72E03D579A5199CCB3831D6EA, B09328E89954584F97908FA5946376BA990B8C650DABCBF3CA3B08719937C694 ] Power C:\Windows\system32\umpo.dll 11:12:28.0030 0x2a78 Power - ok 11:12:28.0061 0x2a78 [ 631E3E205AD6D86F2AED6A4A8E69F2DB, 1D3BF0CFC37D91A3A56246920B9CF1084E78A055D56E85A773417809C58C8065 ] PptpMiniport C:\Windows\system32\DRIVERS\raspptp.sys 11:12:28.0061 0x2a78 PptpMiniport - ok 11:12:28.0077 0x2a78 [ 85B1E3A0C7585BC4AAE6899EC6FCF011, 1E067113C146D6842D7FB04007F363D6FB7783C6BC7C9AB6614E44075C4F86C3 ] Processor C:\Windows\system32\drivers\processr.sys 11:12:28.0077 0x2a78 Processor - ok 11:12:28.0124 0x2a78 [ CADEFAC453040E370A1BDFF3973BE00D, 2E3DD8DA702468D8AB0F3CE27188B1991D4CB015FB36BAE4C6E7996B61CF49B8 ] ProfSvc C:\Windows\system32\profsvc.dll 11:12:28.0139 0x2a78 ProfSvc - ok 11:12:28.0139 0x2a78 [ DD17E1573651293D4ED31053795B3471, 94F7D1BB1C3B0C1FAAEED07375DB0F3BC995394FB5C26983548D946C8D229D54 ] ProtectedStorage C:\Windows\system32\lsass.exe 11:12:28.0155 0x2a78 ProtectedStorage - ok 11:12:28.0170 0x2a78 [ 6270CCAE2A86DE6D146529FE55B3246A, 463209CBAF1B0E269DC8FC6FBDEE5BB7E5ADB5D3F024930BFD0B97E0A9678883 ] Psched C:\Windows\system32\DRIVERS\pacer.sys 11:12:28.0170 0x2a78 Psched - ok 11:12:28.0233 0x2a78 [ 119B221670D50C82BF203B673778F2D3, FC096329405669B06239FED869CDD585566A19F54F5484987EF4FE1C51921080 ] QBCFMonitorService C:\Program Files\Common Files\Intuit\QuickBooks\QBCFMonitorService.exe 11:12:28.0233 0x2a78 QBCFMonitorService - ok 11:12:28.0264 0x2a78 [ 6BEE1814470DC12FA20C53DFC3C97EBB, 91E8C22E54A090966E9B96395392B2C03A32DB1AF8DB2289E2EA9460F0A76C0F ] QBFCService C:\Program Files\Common Files\Intuit\QuickBooks\FCS\Intuit.QuickBooks.FCS.exe 11:12:28.0264 0x2a78 QBFCService - ok 11:12:28.0358 0x2a78 [ 79F4AE25569B91AC5ACC77BF24F93C6D, 6BF658C1945D360F7E6D840F5023605C8FE7746DB17503E90A79626A83B2A206 ] QBVSS C:\Program Files\Common Files\Intuit\DataProtect\QBIDPService.exe 11:12:28.0373 0x2a78 QBVSS - ok 11:12:28.0420 0x2a78 [ AB95ECF1F6659A60DDC166D8315B0751, 0ED6D3460D28978BADF31B930DBB3298A6A10EFF8883763EABA0E36A21A0E83D ] ql2300 C:\Windows\system32\drivers\ql2300.sys 11:12:28.0451 0x2a78 ql2300 - ok 11:12:28.0467 0x2a78 [ B4DD51DD25182244B86737DC51AF2270, 7E62B04F054A6330B7F9968222523BDE8F3EE47A11D17E6C0E2D5ACDC07B9E6B ] ql40xx C:\Windows\system32\drivers\ql40xx.sys 11:12:28.0482 0x2a78 ql40xx - ok 11:12:28.0498 0x2a78 [ 31AC809E7707EB580B2BDB760390765A, A8481FD19A0F778F5591B7676F591F664ADC68B6867E663C0F9564173F4AC909 ] QWAVE C:\Windows\system32\qwave.dll 11:12:28.0514 0x2a78 QWAVE - ok 11:12:28.0514 0x2a78 [ 584078CA1B95CA72DF2A27C336F9719D, 836F115C92D343463C14A9DE39648C1EFA7C7EE4720F5C692EE0F68B84830121 ] QWAVEdrv C:\Windows\system32\drivers\qwavedrv.sys 11:12:28.0529 0x2a78 QWAVEdrv - ok 11:12:28.0529 0x2a78 [ 30A81B53C766D0133BB86D234E5556AB, 726C6B83B5ACAA84CAB1689B6DD6DDAE3199D61A57B5D7B5B5A0F62FCF838090 ] RasAcd C:\Windows\system32\DRIVERS\rasacd.sys 11:12:28.0529 0x2a78 RasAcd - ok 11:12:28.0560 0x2a78 [ 57EC4AEF73660166074D8F7F31C0D4FD, C66B425EC4DB5E7FD289AE631C9B019EB16717C55E80FAE964BB22203E4AACEF ] RasAgileVpn C:\Windows\system32\DRIVERS\AgileVpn.sys 11:12:28.0560 0x2a78 RasAgileVpn - ok 11:12:28.0576 0x2a78 [ A60F1839849C0C00739787FD5EC03F13, B210DFA5A843CF1DA73635F168E2EA5052CBED15C664F8523CDFB34CA165D0E0 ] RasAuto C:\Windows\System32\rasauto.dll 11:12:28.0576 0x2a78 RasAuto - ok 11:12:28.0592 0x2a78 [ D9F91EAFEC2815365CBE6D167E4E332A, 8350457A39D141C13807E7DB5A8D4113197C4016F7744B9993391F4AEA0C4A5C ] Rasl2tp C:\Windows\system32\DRIVERS\rasl2tp.sys 11:12:28.0592 0x2a78 Rasl2tp - ok 11:12:28.0612 0x2a78 [ CB9E04DC05EACF5B9A36CA276D475006, 4D8C0AEF1D4F84F375AD2BAF786C9F6C52316A3E655B913449E71AD7C0FCA56E ] RasMan C:\Windows\System32\rasmans.dll 11:12:28.0612 0x2a78 RasMan - ok 11:12:28.0628 0x2a78 [ 0FE8B15916307A6AC12BFB6A63E45507, 64119474DE7499E6E8B82E78BBD50074B3AA70B3E8329089FAE9B7F29919004E ] RasPppoe C:\Windows\system32\DRIVERS\raspppoe.sys 11:12:28.0628 0x2a78 RasPppoe - ok 11:12:28.0643 0x2a78 [ 44101F495A83EA6401D886E7FD70096B, 56A0CE5C89870752B9B2AB795C1A248CA28209E049B2F20CCA0308CBE2488A0A ] RasSstp C:\Windows\system32\DRIVERS\rassstp.sys 11:12:28.0643 0x2a78 RasSstp - ok 11:12:28.0659 0x2a78 [ D528BC58A489409BA40334EBF96A311B, C71E9A4B101DB6C3183B9F97B9098D73D6FE1B12C05C2EB3CE8A8041BEE6BA61 ] rdbss C:\Windows\system32\DRIVERS\rdbss.sys 11:12:28.0659 0x2a78 rdbss - ok 11:12:28.0675 0x2a78 [ 0D8F05481CB76E70E1DA06EE9F0DA9DF, 2AFCBE3237D27AFBF095F91F1FCCA63E6890F34A9E4F00E5C34C92394CDA89FB ] rdpbus C:\Windows\system32\drivers\rdpbus.sys 11:12:28.0675 0x2a78 rdpbus - ok 11:12:28.0675 0x2a78 [ 23DAE03F29D253AE74C44F99E515F9A1, 8FED93D10B2062F0526FE3508101F8FCF8F72DEB90AFB472EB7CBAE83A0EC430 ] RDPCDD C:\Windows\system32\DRIVERS\RDPCDD.sys 11:12:28.0675 0x2a78 RDPCDD - ok 11:12:28.0706 0x2a78 [ 5A53CA1598DD4156D44196D200C94B8A, 8112FE14FEC94C67B1C5BDE4171E37584F1D0098D2C557C9E4BDD3E0291E25E4 ] RDPENCDD C:\Windows\system32\drivers\rdpencdd.sys 11:12:28.0706 0x2a78 RDPENCDD - ok 11:12:28.0721 0x2a78 [ 44B0A53CD4F27D50ED461DAE0C0B4E1F, CDA80B08E67AD034081C0C920CD66147689F1844403CBC552F65005E7C011A91 ] RDPREFMP C:\Windows\system32\drivers\rdprefmp.sys 11:12:28.0721 0x2a78 RDPREFMP - ok 11:12:28.0753 0x2a78 [ F031683E6D1FEA157ABB2FF260B51E61, 83B552819A5964152882C527E1421DBCEAACC74DEB897E3C4B53F52F1467FED3 ] RDPWD C:\Windows\system32\drivers\RDPWD.sys 11:12:28.0768 0x2a78 RDPWD - ok 11:12:28.0784 0x2a78 [ 518395321DC96FE2C9F0E96AC743B656, 5F6A0880B4F3EE7196259EA362DA9554B0687B0236F9A8E5CF7A4A77F01F1776 ] rdyboost C:\Windows\system32\drivers\rdyboost.sys 11:12:28.0784 0x2a78 rdyboost - ok 11:12:28.0815 0x2a78 [ 7B5E1419717FAC363A31CC302895217A, 048B96B127CC20833948DAE53C59886D5C725ECA7A744424A01339447D2DDC32 ] RemoteAccess C:\Windows\System32\mprdim.dll 11:12:28.0815 0x2a78 RemoteAccess - ok 11:12:28.0815 0x2a78 [ CB9A8683F4EF2BF99E123D79950D7935, B9FA3E7E91E76D975CF40BFA37909E50F29CC13AB1399007884710651827E9AA ] RemoteRegistry C:\Windows\system32\regsvc.dll 11:12:28.0831 0x2a78 RemoteRegistry - ok 11:12:28.0877 0x2a78 [ B6338D50D48F5F95A31CD6E09867F56A, 1E0EB468580F980D673DE2989BBE0F58930504E7A9AC757DC44012088066D778 ] RimUsb C:\Windows\system32\Drivers\RimUsb.sys 11:12:28.0877 0x2a78 RimUsb - ok 11:12:28.0940 0x2a78 [ C4F4FCD5AE48BDD31648981DDF8EF993, B2C8586D5F09AB2FBCE8BBACC9B1C74D6E1A25A8264A4218E80354C4470C750F ] RimVSerPort C:\Windows\system32\DRIVERS\RimSerial.sys 11:12:28.0940 0x2a78 RimVSerPort - ok 11:12:28.0971 0x2a78 [ 564297827D213F52C7A3A2FF749568CA, B09A78D3B3F0BF47818BBEEDEF73BD6ACB9C5E367592BB90C85FD262BE521876 ] ROOTMODEM C:\Windows\system32\Drivers\RootMdm.sys 11:12:28.0971 0x2a78 ROOTMODEM - ok 11:12:29.0002 0x2a78 [ 78D072F35BC45D9E4E1B61895C152234, 80C924EE1156B4E3172E83DCB9C60817E87885FB9377647E0BF90153E415B1CA ] RpcEptMapper C:\Windows\System32\RpcEpMap.dll 11:12:29.0002 0x2a78 RpcEptMapper - ok 11:12:29.0018 0x2a78 [ 94D36C0E44677DD26981D2BFEEF2A29D, D77A93AC60536F3706E8A0154C0C2199E888B7748C84DB7437254FF175F4DF55 ] RpcLocator C:\Windows\system32\locator.exe 11:12:29.0018 0x2a78 RpcLocator - ok 11:12:29.0065 0x2a78 [ 7660F01D3B38ACA1747E397D21D790AF, 04611B43705C064C2A8331F6D3F8E4530295694AE2C3E3EC3F62CFF4A5EFA88D ] RpcSs C:\Windows\system32\rpcss.dll 11:12:29.0065 0x2a78 RpcSs - ok 11:12:29.0096 0x2a78 [ 032B0D36AD92B582D869879F5AF5B928, 0F8F18A6A0A689957B886D9368015889091094EDA18BE532093F06A70A7CE184 ] rspndr C:\Windows\system32\DRIVERS\rspndr.sys 11:12:29.0096 0x2a78 rspndr - ok 11:12:29.0111 0x2a78 [ DD17E1573651293D4ED31053795B3471, 94F7D1BB1C3B0C1FAAEED07375DB0F3BC995394FB5C26983548D946C8D229D54 ] SamSs C:\Windows\system32\lsass.exe 11:12:29.0111 0x2a78 SamSs - ok 11:12:29.0127 0x2a78 [ 05D860DA1040F111503AC416CCEF2BCA, DAE2F37D09A5A42F945BC8E27E4EA2303521081783A80CEE7FEE7C5A1C2CFC5E ] sbp2port C:\Windows\system32\drivers\sbp2port.sys 11:12:29.0127 0x2a78 sbp2port - ok 11:12:29.0143 0x2a78 [ 8FC518FFE9519C2631D37515A68009C4, 21E10585470CF9FC3BD1977F8A426686CD2FA6BD2094B9E3594B21C7C4541D25 ] SCardSvr C:\Windows\System32\SCardSvr.dll 11:12:29.0158 0x2a78 SCardSvr - ok 11:12:29.0174 0x2a78 [ 0693B5EC673E34DC147E195779A4DCF6, AF1B56FBF3ADABF94CD9DBA67586B8746DE135151F6B3D1B0EE315BC1E2DB670 ] scfilter C:\Windows\system32\DRIVERS\scfilter.sys 11:12:29.0174 0x2a78 scfilter - ok 11:12:29.0205 0x2a78 [ A04BB13F8A72F8B6E8B4071723E4E336, E63287FF71C39CBF64C3347C455324C8437F9CF398153E269543588B65389502 ] Schedule C:\Windows\system32\schedsvc.dll 11:12:29.0221 0x2a78 Schedule - ok 11:12:29.0236 0x2a78 [ 319C6B309773D063541D01DF8AC6F55F, 182F392FE839499D159A30A3CD04B5D0C87219930BFB1A7456880B7DA75B9820 ] SCPolicySvc C:\Windows\System32\certprop.dll 11:12:29.0236 0x2a78 SCPolicySvc - ok 11:12:29.0267 0x2a78 [ 08236C4BCE5EDD0A0318A438AF28E0F7, 77727F963F63C4CEC11E7AAD5FB3836179701D512CA9436C3170B9E6A4E5F888 ] SDRSVC C:\Windows\System32\SDRSVC.dll 11:12:29.0267 0x2a78 SDRSVC - ok 11:12:29.0283 0x2a78 [ 90A3935D05B494A5A39D37E71F09A677, F72733A69BC6E1A2BB91D7632FF3463C12563F60FDCC00A2CDD67FF20D479952 ] secdrv C:\Windows\system32\drivers\secdrv.sys 11:12:29.0283 0x2a78 secdrv - ok 11:12:29.0283 0x2a78 [ A59B3A4442C52060CC7A85293AA3546F, 1776D6DEE51991149265AAF39E17065E301C5FA1FF4068653DC0010B9B27185D ] seclogon C:\Windows\system32\seclogon.dll 11:12:29.0283 0x2a78 seclogon - ok 11:12:29.0299 0x2a78 [ DCB7FCDCC97F87360F75D77425B81737, F8289AF2C458C167038EEFE613EE5E3D6D5B3308B8784168374BC81C47891CE5 ] SENS C:\Windows\system32\sens.dll 11:12:29.0299 0x2a78 SENS - ok 11:12:29.0314 0x2a78 [ 50087FE1EE447009C9CC2997B90DE53F, B5E6CF1D991F87C29C5E28198E0962E31FFB499A46C3BD43FC20391693389959 ] SensrSvc C:\Windows\system32\sensrsvc.dll 11:12:29.0330 0x2a78 SensrSvc - ok 11:12:29.0330 0x2a78 [ 9AD8B8B515E3DF6ACD4212EF465DE2D1, E2F019BCD1446236D078D46065DD151DD068778F33BE2F1E8A0CC1EA2F954E86 ] Serenum C:\Windows\system32\DRIVERS\serenum.sys 11:12:29.0330 0x2a78 Serenum - ok 11:12:29.0345 0x2a78 [ 5FB7FCEA0490D821F26F39CC5EA3D1E2, A26DB2EB9F3E2509B4EBA949DB97595CC32332D9321DF68283BFC102E66D766F ] Serial C:\Windows\system32\DRIVERS\serial.sys 11:12:29.0345 0x2a78 Serial - ok 11:12:29.0361 0x2a78 [ 79BFFB520327FF916A582DFEA17AA813, 7A2A9D69BE02228591186A9F4453D4B5FD98837CA422C873C48040170E8BD18C ] sermouse C:\Windows\system32\drivers\sermouse.sys 11:12:29.0361 0x2a78 sermouse - ok 11:12:29.0377 0x2a78 [ 4AE380F39A0032EAB7DD953030B26D28, C8F5F2DD59574E966FDF3057867BB959A554BAB6FD5DC6F1427094A6BC2B2809 ] SessionEnv C:\Windows\system32\sessenv.dll 11:12:29.0392 0x2a78 SessionEnv - ok 11:12:29.0408 0x2a78 [ 9F976E1EB233DF46FCE808D9DEA3EB9C, 6A5C53F27F8BCA85CE206EE7D196176F67EC6FFA5D4830373A20792C149B5E75 ] sffdisk C:\Windows\system32\drivers\sffdisk.sys 11:12:29.0408 0x2a78 sffdisk - ok 11:12:29.0423 0x2a78 [ 932A68EE27833CFD57C1639D375F2731, 11D6B98FBEEE2B9C7B06EF7091857BBD3B349077997D6261D66280668FD1B5C3 ] sffp_mmc C:\Windows\system32\drivers\sffp_mmc.sys 11:12:29.0423 0x2a78 sffp_mmc - ok 11:12:29.0439 0x2a78 [ 6D4CCAEDC018F1CF52866BBBAA235982, AAC41F5C97B3FE5A3DC0838457EB8CC9BB71FCA16D3EDBB67D603F0A9D46C131 ] sffp_sd C:\Windows\system32\drivers\sffp_sd.sys 11:12:29.0439 0x2a78 sffp_sd - ok 11:12:29.0439 0x2a78 [ DB96666CC8312EBC45032F30B007A547, C3AE60FC65A36E96E0D2CC6E184481D70F91A19DC3E2E17E2873DD670A592DD7 ] sfloppy C:\Windows\system32\drivers\sfloppy.sys 11:12:29.0439 0x2a78 sfloppy - ok 11:12:29.0470 0x2a78 [ D1A079A0DE2EA524513B6930C24527A2, E2BC16DBCF38841EECD49C6FA1A9AC89C17F332F12606CA826F058E995E1B83D ] SharedAccess C:\Windows\System32\ipnathlp.dll 11:12:29.0486 0x2a78 SharedAccess - ok 11:12:29.0501 0x2a78 [ 414DA952A35BF5D50192E28263B40577, 9C9BAFB9880DA6CC728506A142BE124E186219610DCC3460657A3CA93C865DF1 ] ShellHWDetection C:\Windows\System32\shsvcs.dll 11:12:29.0501 0x2a78 ShellHWDetection - ok 11:12:29.0517 0x2a78 [ 2565CAC0DC9FE0371BDCE60832582B2E, 1A775214E86B83C2F1799F12D71077D81C89AD32734A248BA88787B7F104B79D ] sisagp C:\Windows\system32\drivers\sisagp.sys 11:12:29.0517 0x2a78 sisagp - ok 11:12:29.0548 0x2a78 [ A9F0486851BECB6DDA1D89D381E71055, 7E909538AB758C18AC2CCBFFEE17BA36FA6ED2E674AA70924AA87AC61375FF35 ] SiSRaid2 C:\Windows\system32\drivers\SiSRaid2.sys 11:12:29.0548 0x2a78 SiSRaid2 - ok 11:12:29.0579 0x2a78 [ 3727097B55738E2F554972C3BE5BC1AA, 75D52A596A298C33EC79A3B0B80F25492C08A182ABC679401502DA9597687566 ] SiSRaid4 C:\Windows\system32\drivers\sisraid4.sys 11:12:29.0579 0x2a78 SiSRaid4 - ok 11:12:29.0611 0x2a78 [ 3E21C083B8A01CB70BA1F09303010FCE, 803F8F91299C387110F34A49340E7136AAE91B418E2977A36285EA8F432FF197 ] Smb C:\Windows\system32\DRIVERS\smb.sys 11:12:29.0611 0x2a78 Smb - ok 11:12:29.0657 0x2a78 [ 6A984831644ECA1A33FFEAE4126F4F37, 753E23D2B33D47C52C05D892B052CFD96D93B97FB6E9FCB58EF1E4C4A125BF78 ] SNMPTRAP C:\Windows\System32\snmptrap.exe 11:12:29.0657 0x2a78 SNMPTRAP - ok 11:12:29.0689 0x2a78 [ 95CF1AE7527FB70F7816563CBC09D942, CE8BACB91A5A86CBCE82619C6C1873B4D7593B00CED3B522E41B8F7F6258CC65 ] spldr C:\Windows\system32\drivers\spldr.sys 11:12:29.0689 0x2a78 spldr - ok 11:12:29.0751 0x2a78 [ 9AEA093B8F9C37CF45538382CABA2475, CC63239C412067AA72318ADB8BB80BCDF2CA60DA05D814D32753C92508BC16A8 ] Spooler C:\Windows\System32\spoolsv.exe 11:12:29.0767 0x2a78 Spooler - ok 11:12:29.0876 0x2a78 [ CF87A1DE791347E75B98885214CED2B8, 7AF4E03D751C951A4E5FBA28200DABFE6B3BF055490163EEEEA84EBA4D0F368A ] sppsvc C:\Windows\system32\sppsvc.exe 11:12:29.0938 0x2a78 sppsvc - ok 11:12:29.0969 0x2a78 [ B0180B20B065D89232A78A40FE56EAA6, 4D045B23AD58A8822BE9F20119744A8D47455469D54494745CEB099951DA60FF ] sppuinotify C:\Windows\system32\sppuinotify.dll 11:12:29.0969 0x2a78 sppuinotify - ok 11:12:30.0001 0x2a78 [ E4C2764065D66EA1D2D3EBC28FE99C46, 043AEF06A23069DD17675955C834690A5FD8F1948A05B3969F977E823C4E25F5 ] srv C:\Windows\system32\DRIVERS\srv.sys 11:12:30.0001 0x2a78 srv - ok 11:12:30.0032 0x2a78 [ 03F0545BD8D4C77FA0AE1CEEDFCC71AB, 4DF31206DF8F33C2975E23C7257ED930C4EDA8BC4E246D8FDA130BB583083ED0 ] srv2 C:\Windows\system32\DRIVERS\srv2.sys 11:12:30.0047 0x2a78 srv2 - ok 11:12:30.0047 0x2a78 [ BE6BD660CAA6F291AE06A718A4FA8ABC, CD38939CFBA80B882D38099194FC1EBAE15A9D27A4D941DD03C55EC745E52E59 ] srvnet C:\Windows\system32\DRIVERS\srvnet.sys 11:12:30.0047 0x2a78 srvnet - ok 11:12:30.0079 0x2a78 [ D887C9FD02AC9FA880F6E5027A43E118, F38BAD90EC791368C37C21090302708D2DFB83ECE9096609AD9AA667B2E5592E ] SSDPSRV C:\Windows\System32\ssdpsrv.dll 11:12:30.0079 0x2a78 SSDPSRV - ok 11:12:30.0110 0x2a78 [ EF3458337D7341A05169CEFC73709264, C9D0AE966CFA02F7B72586C2A6E2AFA9818C9F4856A4E9625B79BC5A886FC193 ] SSPORT C:\Windows\system32\Drivers\SSPORT.sys 11:12:30.0110 0x2a78 SSPORT - ok 11:12:30.0125 0x2a78 [ D318F23BE45D5E3A107469EB64815B50, D74355E6FF215AA8CE53BC9DF16AF2740F2FC2FD754939478A3608BDA8C6DDA0 ] SstpSvc C:\Windows\system32\sstpsvc.dll 11:12:30.0125 0x2a78 SstpSvc - ok 11:12:30.0141 0x2a78 [ DB32D325C192B801DF274BFD12A7E72B, F089DBA719E22BC269720A6B840B873A4AF5639745DB0C3DBC8BD2F2839A1ABA ] stexstor C:\Windows\system32\drivers\stexstor.sys 11:12:30.0141 0x2a78 stexstor - ok 11:12:30.0172 0x2a78 [ E1FB3706030FB4578A0D72C2FC3689E4, A62EC9AA4514CAF2A10C0A3AEF7A36F593A7E7DA370A3F130C24E1B612E19427 ] StiSvc C:\Windows\System32\wiaservc.dll 11:12:30.0188 0x2a78 StiSvc - ok 11:12:30.0188 0x2a78 [ E58C78A848ADD9610A4DB6D214AF5224, 1575A90EB22A4FB066459BDA00C6CAC10198C3C8C74493721EC6D34B51F50426 ] swenum C:\Windows\system32\DRIVERS\swenum.sys 11:12:30.0203 0x2a78 swenum - ok 11:12:30.0219 0x2a78 [ A28BD92DF340E57B024BA433165D34D7, 889CC7FF143C3549982128473FF927CD80CF36485A347EF399C1271C8CE12CE4 ] swprv C:\Windows\System32\swprv.dll 11:12:30.0219 0x2a78 swprv - ok 11:12:30.0266 0x2a78 [ 19EC41605DADA627F15369E7581C157B, B984E0A84D328D688D308203CF2AE131C9D8EF72435A44F1BCC8AC50B134EFDA ] Sws.Agent.Service C:\Program Files\SWS\SWSAgent\Sws.Agent.Service.exe 11:12:30.0266 0x2a78 Sws.Agent.Service - ok 11:12:30.0313 0x2a78 [ 36650D618CA34C9D357DFD3D89B2C56F, 7C3774E53DCF32CB3A4B3504E32D2A651E18467FA0A6AC4C7993C696741B704B ] SysMain C:\Windows\system32\sysmain.dll 11:12:30.0328 0x2a78 SysMain - ok 11:12:30.0359 0x2a78 [ 763FECDC3D30C815FE72DD57936C6CD1, 1A62C7E63E426D56894F4121C75D9C60FC9A14469ADBD0D6F0B94B8DE48CDA3E ] TabletInputService C:\Windows\System32\TabSvc.dll 11:12:30.0359 0x2a78 TabletInputService - ok 11:12:30.0391 0x2a78 [ 613BF4820361543956909043A265C6AC, FCFF02E466D2501630B452627FB218C01E5245A0921EE3D2117E7FD63AC7E98E ] TapiSrv C:\Windows\System32\tapisrv.dll 11:12:30.0391 0x2a78 TapiSrv - ok 11:12:30.0422 0x2a78 [ B799D9FDB26111737F58288D8DC172D9, 409A60819A4305699E2E492A6190637FAAEBD19E745A5DB2A5D6977106C86591 ] TBS C:\Windows\System32\tbssvc.dll 11:12:30.0437 0x2a78 TBS - ok 11:12:30.0531 0x2a78 [ 5579DD18546999F5D0EC39D018726C6B, 82432BACEE75C34F21222D9CC1607223C2940947118A63DB239777A4B1442AD3 ] Tcpip C:\Windows\system32\drivers\tcpip.sys 11:12:30.0562 0x2a78 Tcpip - ok 11:12:30.0598 0x2a78 [ 5579DD18546999F5D0EC39D018726C6B, 82432BACEE75C34F21222D9CC1607223C2940947118A63DB239777A4B1442AD3 ] TCPIP6 C:\Windows\system32\DRIVERS\tcpip.sys 11:12:30.0614 0x2a78 TCPIP6 - ok 11:12:30.0676 0x2a78 [ 3EEBD3BD93DA46A26E89893C7AB2FF3B, 2C7204DCD2BCBC6A250FF0F6477616F327AF41FDB7CABE69E5C357361009FB4E ] tcpipreg C:\Windows\system32\drivers\tcpipreg.sys 11:12:30.0676 0x2a78 tcpipreg - ok 11:12:30.0708 0x2a78 [ 1CB91B2BD8F6DD367DFC2EF26FD751B2, 879E2827354BB21573AC6A7CCEB746D44214540687E6882FFCB4089546FBD954 ] TDPIPE C:\Windows\system32\drivers\tdpipe.sys 11:12:30.0708 0x2a78 TDPIPE - ok 11:12:30.0723 0x2a78 [ 2C2C5AFE7EE4F620D69C23C0617651A8, E828D974C3F9D7004A030C3AD448096C736FDB4C4C1707D043E567D08C845103 ] TDTCP C:\Windows\system32\drivers\tdtcp.sys 11:12:30.0723 0x2a78 TDTCP - ok 11:12:30.0739 0x2a78 [ B459575348C20E8121D6039DA063C704, 1B4328A9EA39FF5A57F258E02254D04B73455F1DF7C997C13702A8B2F12D0347 ] tdx C:\Windows\system32\DRIVERS\tdx.sys 11:12:30.0739 0x2a78 tdx - ok 11:12:30.0754 0x2a78 [ 04DBF4B01EA4BF25A9A3E84AFFAC9B20, 0D81B427720637882077C5024D738191F858FC734ED040697872D906351EF663 ] TermDD C:\Windows\system32\DRIVERS\termdd.sys 11:12:30.0754 0x2a78 TermDD - ok 11:12:30.0786 0x2a78 [ 382C804C92811BE57829D8E550A900E2, 5F52C2E7902024CF1C9CC0069F411C3F19CCA3DB209F437FA0F3932D4898EB50 ] TermService C:\Windows\System32\termsrv.dll 11:12:30.0801 0x2a78 TermService - ok 11:12:30.0817 0x2a78 [ 42FB6AFD6B79D9FE07381609172E7CA4, B57C85091209A2FAD19ED490B8FA7FC98F12911F9C9CACE9AF1E540780CE6700 ] Themes C:\Windows\system32\themeservice.dll 11:12:30.0817 0x2a78 Themes - ok 11:12:30.0832 0x2a78 [ 146B6F43A673379A3C670E86D89BE5EA, C4412DCF80DE6B55466F399413271364F14BC0819C224AA161EDDC31A9775440 ] THREADORDER C:\Windows\system32\mmcss.dll 11:12:30.0832 0x2a78 THREADORDER - ok 11:12:30.0848 0x2a78 [ 4792C0378DB99A9BC2AE2DE6CFFF0C3A, 532A3A812578B2DFD83001DE66FC73689D79EC729409EB572E07E6D65B281712 ] TrkWks C:\Windows\System32\trkwks.dll 11:12:30.0848 0x2a78 TrkWks - ok 11:12:30.0895 0x2a78 [ 2C49B175AEE1D4364B91B531417FE583, 6C7995E18F84E465C376D1D5F153C15ACB66CDEA86EE5BF186677F572E7E129B ] TrustedInstaller C:\Windows\servicing\TrustedInstaller.exe 11:12:30.0895 0x2a78 TrustedInstaller - ok 11:12:30.0942 0x2a78 [ B37B08F2E5EEB1A37E448E09BACE1101, 32CC9E06B88BAB6FAB4696B744548DFCE9199A7FD2BA8B019F269CA75895852C ] tssecsrv C:\Windows\system32\DRIVERS\tssecsrv.sys 11:12:30.0942 0x2a78 tssecsrv - ok 11:12:30.0988 0x2a78 [ C6A5FBD4977305E1FA23E02C042DB463, A6EB5E4B8051A258D40A385609E930318EAA3494C8466F48542B806FE6A7C47A ] TsUsbFlt C:\Windows\system32\drivers\tsusbflt.sys 11:12:31.0004 0x2a78 TsUsbFlt - ok 11:12:31.0035 0x2a78 [ 01246F0BAAD7B68EC0F472AA41E33282, 51F975AF029AD015576FFFA3E88F5DBB8B40C7CD30ECDEDE8AFABCB08C954199 ] TsUsbGD C:\Windows\system32\drivers\TsUsbGD.sys 11:12:31.0051 0x2a78 TsUsbGD - ok 11:12:31.0082 0x2a78 [ B2FA25D9B17A68BB93D58B0556E8C90D, 0146931B733CAB1CD87F94C35F97E110D6ED6C55EAFF03345400A29AEDE99BDE ] tunnel C:\Windows\system32\DRIVERS\tunnel.sys 11:12:31.0082 0x2a78 tunnel - ok 11:12:31.0098 0x2a78 [ 750FBCB269F4D7DD2E420C56B795DB6D, E1A95C59148FE463539C34336FD0E74B31A33B8AB2B8E34AA10349C3347471D7 ] uagp35 C:\Windows\system32\drivers\uagp35.sys 11:12:31.0098 0x2a78 uagp35 - ok 11:12:31.0129 0x2a78 [ EE43346C7E4B5E63E54F927BABBB32FF, BAD6FC3BEE45E644D5A6A0A31428F5B2AEC72A0AA0C74EF8177B1FE23EEF3AA9 ] udfs C:\Windows\system32\DRIVERS\udfs.sys 11:12:31.0129 0x2a78 udfs - ok 11:12:31.0144 0x2a78 [ 8344FD4FCE927880AA1AA7681D4927E5, 1B54EFA60A221E2B9FFE59BB41C7E7D8B5AC6826F1C5577456D81371D464255A ] UI0Detect C:\Windows\system32\UI0Detect.exe 11:12:31.0160 0x2a78 UI0Detect - ok 11:12:31.0176 0x2a78 [ 44E8048ACE47BEFBFDC2E9BE4CBC8880, 5D96D90FDF68AE470CC92CA9DF9DA2C05A53EF455A5A109DBBF7C96F3238257C ] uliagpkx C:\Windows\system32\drivers\uliagpkx.sys 11:12:31.0176 0x2a78 uliagpkx - ok 11:12:31.0191 0x2a78 [ D295BED4B898F0FD999FCFA9B32B071B, D4130DB4AE76EE6DC0B8E7A4FEF5CB8B26EBD822C21021F6FA78FD29C1E211C2 ] umbus C:\Windows\system32\DRIVERS\umbus.sys 11:12:31.0191 0x2a78 umbus - ok 11:12:31.0207 0x2a78 [ 7550AD0C6998BA1CB4843E920EE0FEAC, 24C001E422C3B3B920CDCF6003A3179CE464DE4284775403DD5122EF9780460D ] UmPass C:\Windows\system32\DRIVERS\umpass.sys 11:12:31.0222 0x2a78 UmPass - ok 11:12:31.0222 0x2a78 [ 833FBB672460EFCE8011D262175FAD33, C0C3067A305993CBF056C229771CB0593DD60C9C7AC5130FF1CA610BCA812AB5 ] upnphost C:\Windows\System32\upnphost.dll 11:12:31.0238 0x2a78 upnphost - ok 11:12:31.0254 0x2a78 [ 0803FBA9FE829D61AE26EC0BCC910C46, 30D00E2C7DFC630C99C1599587D4F9C272BC30D444E07C961AA05BF84587806B ] usbccgp C:\Windows\system32\DRIVERS\usbccgp.sys 11:12:31.0269 0x2a78 usbccgp - ok 11:12:31.0300 0x2a78 [ 2352AB5F9F8F097BF9D41D5A4718A041, 25BC7828C625B9B2A5110C25B230C5828CEC18EC97ECF9EC4745E8930CBF472C ] usbcir C:\Windows\system32\drivers\usbcir.sys 11:12:31.0300 0x2a78 usbcir - ok 11:12:31.0316 0x2a78 [ D40855F89B69305140BBD7E9A3BA2DA6, 745DC6D770666F6B19C2B6AA89C21D1A314732E291453BFA2367F9AF86F97C3C ] usbehci C:\Windows\system32\DRIVERS\usbehci.sys 11:12:31.0316 0x2a78 usbehci - ok 11:12:31.0363 0x2a78 [ EDF2DF71C4F1E13A6AC75F5224DE655A, 1764D155C6B99201774B57195349304259232A12868ECFC2069CA49443EBDC2C ] usbhub C:\Windows\system32\DRIVERS\usbhub.sys 11:12:31.0378 0x2a78 usbhub - ok 11:12:31.0394 0x2a78 [ 9828C8D14CC2676421778F0DE638CF97, 479A28211FFB85190A01FAB0283B927588805D2C0CDB03F85F8F814B88E4F453 ] usbohci C:\Windows\system32\drivers\usbohci.sys 11:12:31.0394 0x2a78 usbohci - ok 11:12:31.0441 0x2a78 [ 797D862FE0875E75C7CC4C1AD7B30252, 1BBE745E4C85F8911076F6032ACD7A35FAC048D3CB1500C64E08D8B2C70A1069 ] usbprint C:\Windows\system32\DRIVERS\usbprint.sys 11:12:31.0441 0x2a78 usbprint - ok 11:12:31.0456 0x2a78 [ FC6B21DB4B5B398AB93DBE59CBF11036, A94094C208F376405C07822A6143001EF1B12AE93205CD8002E87F6EB45F6374 ] usbscan C:\Windows\system32\DRIVERS\usbscan.sys 11:12:31.0456 0x2a78 usbscan - ok 11:12:31.0472 0x2a78 [ F991AB9CC6B908DB552166768176896A, AD8E7A16B23B244B7F834622D4E38B5844193C6E31EF96F61E0E2EA16C945026 ] USBSTOR C:\Windows\system32\DRIVERS\USBSTOR.SYS 11:12:31.0472 0x2a78 USBSTOR - ok 11:12:31.0472 0x2a78 [ 800AABFD625EEFF899F7E5496BDE37AB, 3EB7ED07760CB348FCA9A06C2B838EF79B51A83C5F70A9C9EAAEAE54480067E2 ] usbuhci C:\Windows\system32\DRIVERS\usbuhci.sys 11:12:31.0488 0x2a78 usbuhci - ok 11:12:31.0488 0x2a78 [ 081E6E1C91AEC36758902A9F727CD23C, 9FDAA17A3B99067E035E5D76305427F15FFDBC5D304B2BB78AFC6463EDDE1A75 ] UxSms C:\Windows\System32\uxsms.dll 11:12:31.0488 0x2a78 UxSms - ok 11:12:31.0503 0x2a78 [ DD17E1573651293D4ED31053795B3471, 94F7D1BB1C3B0C1FAAEED07375DB0F3BC995394FB5C26983548D946C8D229D54 ] VaultSvc C:\Windows\system32\lsass.exe 11:12:31.0503 0x2a78 VaultSvc - ok 11:12:31.0519 0x2a78 [ A059C4C3EDB09E07D21A8E5C0AABD3CB, BDD3729B49DF2E2FC72FFEF9D10235B481A671DE5A721B6B9A80873B7A343F07 ] vdrvroot C:\Windows\system32\drivers\vdrvroot.sys 11:12:31.0519 0x2a78 vdrvroot - ok 11:12:31.0534 0x2a78 [ C3CD30495687C2A2F66A65CA6FD89BE9, 582E4706C1D6A151020D14B26C7BF166F4E42BDD6E410F30EC452469270C5E9B ] vds C:\Windows\System32\vds.exe 11:12:31.0550 0x2a78 vds - ok 11:12:31.0566 0x2a78 [ 17C408214EA61696CEC9C66E388B14F3, 829C0416672E2B2DFABCFE641E7F281F41E8DBB3C0EF11C7784CB9BB94F87E97 ] vga C:\Windows\system32\DRIVERS\vgapnp.sys 11:12:31.0566 0x2a78 vga - ok 11:12:31.0566 0x2a78 [ 8E38096AD5C8570A6F1570A61E251561, 4DBA3C1397A2203548F45F006E66D99F837903F601ABBCE2304754F783CA8A39 ] VgaSave C:\Windows\System32\drivers\vga.sys 11:12:31.0566 0x2a78 VgaSave - ok 11:12:31.0581 0x2a78 [ 5461686CCA2FDA57B024547733AB42E3, 2721D0659AA890172FCAD4EC4D926B58ACD0EE4887DA51545DC7237420D5BF84 ] vhdmp C:\Windows\system32\drivers\vhdmp.sys 11:12:31.0597 0x2a78 vhdmp - ok 11:12:31.0597 0x2a78 [ C829317A37B4BEA8F39735D4B076E923, 55D1796AE750071E1E05BD7702B6C355CCFFE27B4C00E93E7044C3184732B497 ] viaagp C:\Windows\system32\drivers\viaagp.sys 11:12:31.0597 0x2a78 viaagp - ok 11:12:31.0612 0x2a78 [ E02F079A6AA107F06B16549C6E5C7B74, B530DCE3EE4F285B3D5F69F7148D17E016D54F04E6F93706B829A34567748788 ] ViaC7 C:\Windows\system32\drivers\viac7.sys 11:12:31.0612 0x2a78 ViaC7 - ok 11:12:31.0659 0x2a78 [ E43574F6A56A0EE11809B48C09E4FD3C, 3687BF638E21C00E62ABFED70D728B91ADA08F7164CA898E654F31DA196589E9 ] viaide C:\Windows\system32\drivers\viaide.sys 11:12:31.0675 0x2a78 viaide - ok 11:12:31.0690 0x2a78 [ 4C63E00F2F4B5F86AB48A58CD990F212, 9796BD4B9CFEEEAF57C5E332A732EFC2770B21F9B35301A5D202F5FC52C1E035 ] volmgr C:\Windows\system32\drivers\volmgr.sys 11:12:31.0690 0x2a78 volmgr - ok 11:12:31.0706 0x2a78 [ B5BB72067DDDDBBFB04B2F89FF8C3C87, 65B9AD55F43940A5FDD88B6EC5034A7E375DF8E6F5F1AE6519A4BD6B7E992EBC ] volmgrx C:\Windows\system32\drivers\volmgrx.sys 11:12:31.0706 0x2a78 volmgrx - ok 11:12:31.0722 0x2a78 [ F497F67932C6FA693D7DE2780631CFE7, DAE544ED99D2CF570DA31343BD87D2F856D0D13529656D38E1BF854C77F017F6 ] volsnap C:\Windows\system32\drivers\volsnap.sys 11:12:31.0737 0x2a78 volsnap - ok 11:12:31.0753 0x2a78 [ 9DFA0CC2F8855A04816729651175B631, 37FD9E43A2A3F125E94A315FB4CD8A1B5499A5FD74806EB2D1E5DA88C070D3A3 ] vsmraid C:\Windows\system32\drivers\vsmraid.sys 11:12:31.0753 0x2a78 vsmraid - ok 11:12:31.0815 0x2a78 [ 209A3B1901B83AEB8527ED211CCE9E4C, 1A431F6409F8E0531F600F8F988ECECECB902DA26BBAAF1DE74A5CAC29A7CB44 ] VSS C:\Windows\system32\vssvc.exe 11:12:31.0831 0x2a78 VSS - ok 11:12:31.0862 0x2a78 [ 90567B1E658001E79D7C8BBD3DDE5AA6, EFC23BEEA7F54A2DC56CB523DAD1AF0358D904C5278BF08873910E2DB3F13557 ] vwifibus C:\Windows\System32\drivers\vwifibus.sys 11:12:31.0862 0x2a78 vwifibus - ok 11:12:31.0878 0x2a78 [ 55187FD710E27D5095D10A472C8BAF1C, AE298E2D3BA366BCBDC092C717214C181E8843FA564A6DFB07FC3238A5A68DC3 ] W32Time C:\Windows\system32\w32time.dll 11:12:31.0878 0x2a78 W32Time - ok 11:12:31.0893 0x2a78 [ DE3721E89C653AA281428C8A69745D90, 501C78056ED4295625D8A5412025FD2F0CA24077044D3A5800BA79DF3D946516 ] WacomPen C:\Windows\system32\drivers\wacompen.sys 11:12:31.0893 0x2a78 WacomPen - ok 11:12:31.0924 0x2a78 [ 3C3C78515F5AB448B022BDF5B8FFDD2E, 35284174A42039C3C1FF8A3C8BC187A5E067C7782FC62D19749C2CB28C4E36C7 ] WANARP C:\Windows\system32\DRIVERS\wanarp.sys 11:12:31.0924 0x2a78 WANARP - ok 11:12:31.0924 0x2a78 [ 3C3C78515F5AB448B022BDF5B8FFDD2E, 35284174A42039C3C1FF8A3C8BC187A5E067C7782FC62D19749C2CB28C4E36C7 ] Wanarpv6 C:\Windows\system32\DRIVERS\wanarp.sys 11:12:31.0924 0x2a78 Wanarpv6 - ok 11:12:31.0987 0x2a78 [ 353A04C273EC58475D8633E75CCD5604, FFAE53B6B53AEFC9E8A10BF27480E072D74430276BEB532FE1D473E9616D8CE0 ] WatAdminSvc C:\Windows\system32\Wat\WatAdminSvc.exe 11:12:32.0018 0x2a78 WatAdminSvc - ok 11:12:32.0065 0x2a78 [ 691E3285E53DCA558E1A84667F13E15A, 12EDB66EF8FC100402BEA221F354D3BD5542F6DDF715B6E7D873D6BAE7E3D329 ] wbengine C:\Windows\system32\wbengine.exe 11:12:32.0096 0x2a78 wbengine - ok 11:12:32.0112 0x2a78 [ 9614B5D29DC76AC3C29F6D2D3AA70E67, A2FFB92F0030B4CD771E862DA575ECCF2F3A5B4B85858C1241A0C59262C0EC88 ] WbioSrvc C:\Windows\System32\wbiosrvc.dll 11:12:32.0112 0x2a78 WbioSrvc - ok 11:12:32.0127 0x2a78 [ 34EEE0DFAADB4F691D6D5308A51315DC, A040A03E25A0C78B9E26F86C2DF95BCAF8E7EC90183CEB295615D3265350EBEE ] wcncsvc C:\Windows\System32\wcncsvc.dll 11:12:32.0143 0x2a78 wcncsvc - ok 11:12:32.0158 0x2a78 [ 5D930B6357A6D2AF4D7653BDABBF352F, 677FF2ED14EE0B0CAA710DA81556CC16D5971DAB10E7C7432D167A87CA6F0EAA ] WcsPlugInService C:\Windows\System32\WcsPlugInService.dll 11:12:32.0158 0x2a78 WcsPlugInService - ok 11:12:32.0174 0x2a78 [ 1112A9BADACB47B7C0BB0392E3158DFF, 1AE2AFA125973571F91E6945FE8A735F63D76EBB250A0075D98C580167FD9ED4 ] Wd C:\Windows\system32\drivers\wd.sys 11:12:32.0174 0x2a78 Wd - ok 11:12:32.0236 0x2a78 [ 25944D2CC49E0A6C581D02A74B7D6645, AF8FFAFEC07F1A6A3D4008E609E8E1D705A8DFCC7995C766E3946887203F7BEE ] Wdf01000 C:\Windows\system32\drivers\Wdf01000.sys 11:12:32.0252 0x2a78 Wdf01000 - ok 11:12:32.0268 0x2a78 [ 46EF9DC96265FD0B423DB72E7C38C2A5, 43801A51FB0E45CFFC73DF6441B54A75FC2FEAF5E0424DFE7AB04FC26CF6CD16 ] WdiServiceHost C:\Windows\system32\wdi.dll 11:12:32.0268 0x2a78 WdiServiceHost - ok 11:12:32.0268 0x2a78 [ 46EF9DC96265FD0B423DB72E7C38C2A5, 43801A51FB0E45CFFC73DF6441B54A75FC2FEAF5E0424DFE7AB04FC26CF6CD16 ] WdiSystemHost C:\Windows\system32\wdi.dll 11:12:32.0283 0x2a78 WdiSystemHost - ok 11:12:32.0330 0x2a78 [ 75E8EBD7040CE238684333F97014762A, 2CA0B267FBAEB303D1F8B639D733DC0DE17BA1276CC9096035B4F2BBBED3EF7F ] WebClient C:\Windows\System32\webclnt.dll 11:12:32.0346 0x2a78 WebClient - ok 11:12:32.0377 0x2a78 [ 760F0AFE937A77CFF27153206534F275, A53940BA28854486FF18F16B98A3314B36322B0B6EFB54D08B921315BEB0ADD5 ] Wecsvc C:\Windows\system32\wecsvc.dll 11:12:32.0392 0x2a78 Wecsvc - ok 11:12:32.0408 0x2a78 [ AC804569BB2364FB6017370258A4091B, 1856F354146A5946F3E7D0DD09726FC8A3502B0F0776FEADDF10669C81CC28E2 ] wercplsupport C:\Windows\System32\wercplsupport.dll 11:12:32.0408 0x2a78 wercplsupport - ok 11:12:32.0424 0x2a78 [ 08E420D873E4FD85241EE2421B02C4A4, E1E9436EB096FF7DE9A76DA6217035257EF9FC7565DDB9016DCA3859E7F1EF0F ] WerSvc C:\Windows\System32\WerSvc.dll 11:12:32.0424 0x2a78 WerSvc - ok 11:12:32.0455 0x2a78 [ 8B9A943F3B53861F2BFAF6C186168F79, 88E2F79F32AFBA17CB8377A508B83A1EC2315E9F3A365F591C87FE4525AA6713 ] WfpLwf C:\Windows\system32\DRIVERS\wfplwf.sys 11:12:32.0455 0x2a78 WfpLwf - ok 11:12:32.0470 0x2a78 [ 5CF95B35E59E2A38023836FFF31BE64C, CEA21302B3E855EE592810D4E0DE10E47A47A393064C435463CD54598735CD8D ] WIMMount C:\Windows\system32\drivers\wimmount.sys 11:12:32.0470 0x2a78 WIMMount - ok 11:12:32.0564 0x2a78 [ 082CF481F659FAE0DE51AD060881EB47, BB67D2AF0BB9192D4CCF66C23D80CE5A1B38715556D94E2561DBF8F805FA30A5 ] WinDefend C:\Program Files\Windows Defender\mpsvc.dll 11:12:32.0580 0x2a78 WinDefend - ok 11:12:32.0616 0x2a78 WinHttpAutoProxySvc - ok 11:12:32.0647 0x2a78 [ F62E510B6AD4C21EB9FE8668ED251826, FA3E5CAC3E67E49377320CFBE4646585E6B62168292768FEA81E4623F9166890 ] Winmgmt C:\Windows\system32\wbem\WMIsvc.dll 11:12:32.0663 0x2a78 Winmgmt - ok 11:12:32.0725 0x2a78 [ 1B91CD34EA3A90AB6A4EF0550174F4CC, 5B6618615EBFBA594C945AD35F5C68DA8C6053892B6D12D626BB6120910D80DC ] WinRM C:\Windows\system32\WsmSvc.dll 11:12:32.0756 0x2a78 WinRM - ok 11:12:32.0803 0x2a78 [ 16935C98FF639D185086A3529B1F2067, E9C6B73A572A04FCE9B1B0E6815F941B10332D9A6D55B92927C2B1275F119091 ] Wlansvc C:\Windows\System32\wlansvc.dll 11:12:32.0819 0x2a78 Wlansvc - ok 11:12:32.0834 0x2a78 [ 0217679B8FCA58714C3BF2726D2CA84E, 4494984B922DCF24D37BCD0E6831CEBD07D1CA49235D04E821D17ED3DF84ED2A ] WmiAcpi C:\Windows\system32\DRIVERS\wmiacpi.sys 11:12:32.0834 0x2a78 WmiAcpi - ok 11:12:32.0850 0x2a78 [ 6EB6B66517B048D87DC1856DDF1F4C3F, EBB534C4829477C70062ADBB5626236B02FE563A544C53FA255E79F3CA170FE8 ] wmiApSrv C:\Windows\system32\wbem\WmiApSrv.exe 11:12:32.0865 0x2a78 wmiApSrv - ok 11:12:32.0928 0x2a78 [ 3B40D3A61AA8C21B88AE57C58AB3122E, 6C67DCB007C3CDF2EB0BBF5FD89C32CD7800C20F7166872F8C387BE262C5CD21 ] WMPNetworkSvc C:\Program Files\Windows Media Player\wmpnetwk.exe 11:12:32.0943 0x2a78 WMPNetworkSvc - ok 11:12:32.0959 0x2a78 [ A2F0EC770A92F2B3F9DE6D518E11409C, 6838F2148B11285E00DC449D51F8AD85AAE57694E89BA2C607B87AC1C650D845 ] WPCSvc C:\Windows\System32\wpcsvc.dll 11:12:32.0959 0x2a78 WPCSvc - ok 11:12:32.0975 0x2a78 [ AA53356D60AF47EACC85BC617A4F3F66, 155CB8112AA382D841C1891750FF29EF4F1BF716CD9CDF0F2243209E2CCCAC98 ] WPDBusEnum C:\Windows\system32\wpdbusenum.dll 11:12:32.0975 0x2a78 WPDBusEnum - ok 11:12:32.0990 0x2a78 [ 6DB3276587B853BF886B69528FDB048C, 9972FF6DF0DF6F86D1E9BCEF4C29064748B217DA196B0633C30D3D580144951C ] ws2ifsl C:\Windows\system32\drivers\ws2ifsl.sys 11:12:32.0990 0x2a78 ws2ifsl - ok 11:12:33.0006 0x2a78 [ 6F5D49EFE0E7164E03AE773A3FE25340, 15B6AFF7455538189A96F8863CC995A271E02C6FBDAC15B037D44DDA65E61339 ] wscsvc C:\Windows\system32\wscsvc.dll 11:12:33.0006 0x2a78 wscsvc - ok 11:12:33.0021 0x2a78 WSearch - ok 11:12:33.0146 0x2a78 [ D9B0134913E5EF007AF82A418C503322, 7418DD28C8E968674382F8352AAFFC4DE77887E2B71B8844D615F19432B4C55A ] wuauserv C:\Windows\system32\wuaueng.dll 11:12:33.0193 0x2a78 wuauserv - ok 11:12:33.0240 0x2a78 [ 06E6F32C8D0A3F66D956F57B43A2E070, 9A6BD96A28294B0372F16E13D652FD603308F64B74A56E41E0C68C5E8011F943 ] WudfPf C:\Windows\system32\drivers\WudfPf.sys 11:12:33.0240 0x2a78 WudfPf - ok 11:12:33.0271 0x2a78 [ 867C301E8B790040AE9CF6486E8041DF, D867D6498C987944D99508B2FAD6D6B749FA1EDFE8124B0863D4A642352F0855 ] WUDFRd C:\Windows\system32\DRIVERS\WUDFRd.sys 11:12:33.0271 0x2a78 WUDFRd - ok 11:12:33.0333 0x2a78 [ FE47B7BC8EA320C2D9B5E5BF6E303765, 34518DBD1E9EA6E5DA62273B18613761E1D9C6B4E074A93C6D639FBAF02222EA ] wudfsvc C:\Windows\System32\WUDFSvc.dll 11:12:33.0333 0x2a78 wudfsvc - ok 11:12:33.0380 0x2a78 [ 7CC38741B8F68F1E0D5D79DA6123666A, F90D2DA1C9AFB506C381CD386E1430931B5F81813FEDFD720F87FBC54E7A00DA ] WwanSvc C:\Windows\System32\wwansvc.dll 11:12:33.0380 0x2a78 WwanSvc - ok 11:12:33.0396 0x2a78 ================ Scan global =============================== 11:12:33.0427 0x2a78 [ DAB748AE0439955ED2FA22357533DDDB, 73EDD402C7479DDCE1998D0C7E99E1EC2974F64EFC33A851439CC85D09EDCDF9 ] C:\Windows\system32\basesrv.dll 11:12:33.0474 0x2a78 [ 51BB04243DF6196C06E125898127E397, E1B6C83FC6E455F6806185027C5B56F8BA9ECDF1CD69E97301EC0291F0D3466E ] C:\Windows\system32\winsrv.dll 11:12:33.0489 0x2a78 [ 51BB04243DF6196C06E125898127E397, E1B6C83FC6E455F6806185027C5B56F8BA9ECDF1CD69E97301EC0291F0D3466E ] C:\Windows\system32\winsrv.dll 11:12:33.0536 0x2a78 [ 364455805E64882844EE9ACB72522830, 906561DBBB33F744844CF27E456226044C85DF0FCFD26DE1FD11E09E2CFA6F8F ] C:\Windows\system32\sxssrv.dll 11:12:33.0552 0x2a78 [ 5F1B6A9C35D3D5CA72D6D6FDEF9747D6, D7BC4ED605B32274B45328FD9914FB0E7B90D869A38F0E6F94FB1BF4E9E2B407 ] C:\Windows\system32\services.exe 11:12:33.0567 0x2a78 [ Global ] - ok 11:12:33.0567 0x2a78 ================ Scan MBR ================================== 11:12:33.0583 0x2a78 [ A36C5E4F47E84449FF07ED3517B43A31 ] \Device\Harddisk0\DR0 11:12:33.0723 0x2a78 \Device\Harddisk0\DR0 - ok 11:12:33.0739 0x2a78 [ 65E858A8A0293BE11A920B0BC99D695E ] \Device\Harddisk1\DR1 11:12:33.0755 0x2a78 \Device\Harddisk1\DR1 - ok 11:12:33.0755 0x2a78 [ 8F558EB6672622401DA993E1E865C861 ] \Device\Harddisk2\DR2 11:12:33.0755 0x2a78 \Device\Harddisk2\DR2 - ok 11:12:33.0755 0x2a78 ================ Scan VBR ================================== 11:12:33.0755 0x2a78 [ D92B70120FD1371D3B898FCAFA8923CE ] \Device\Harddisk0\DR0\Partition1 11:12:33.0755 0x2a78 \Device\Harddisk0\DR0\Partition1 - ok 11:12:33.0770 0x2a78 [ 6BFA3E5452DAF2D35032A23DCF51EE54 ] \Device\Harddisk0\DR0\Partition2 11:12:33.0770 0x2a78 \Device\Harddisk0\DR0\Partition2 - ok 11:12:33.0770 0x2a78 [ C97CA8B9DFB240556DF088811A3D04D8 ] \Device\Harddisk1\DR1\Partition1 11:12:33.0770 0x2a78 \Device\Harddisk1\DR1\Partition1 - ok 11:12:33.0786 0x2a78 [ 4DA93CF128547665A1350119BACCDCFC ] \Device\Harddisk2\DR2\Partition1 11:12:33.0786 0x2a78 \Device\Harddisk2\DR2\Partition1 - ok 11:12:33.0786 0x2a78 ================ Scan generic autorun ====================== 11:12:33.0801 0x2a78 [ 87D78CF6365BDDACBE9D34B60FE0E23B, 4561DE7171FD9035FEDF7EEA059859732996A5E72364D0D9F230563A1A6AE3D4 ] C:\Windows\system32\hkcmd.exe 11:12:33.0801 0x2a78 HotKeysCmds - ok 11:12:33.0817 0x2a78 [ 89D3DE5E2C77DCD99C56F0E46310AEA0, 02E1B2353E5D5F65D7968698AFE079A4DF11C230F6213C07D128F47147BACA29 ] C:\Windows\system32\igfxpers.exe 11:12:33.0817 0x2a78 Persistence - ok 11:12:33.0864 0x2a78 [ 3B5F7B5048D33ACF27BFD4F34E216231, 7D879B80A3A3288BD3989BB2686A1A87991EF988FBEBA5E1DAAD23B6CB9509BD ] C:\Program Files\Xerox\Xerox WorkCentre 3220\PSU\Scan2pc.exe 11:12:33.0879 0x2a78 Stanley-H_XRX_S2P - ok 11:12:33.0957 0x2a78 [ E279E55C0D5F5DA2E1FD268EBD12F268, 06C40AF999881699DD9B73440D2ED48F404864C3FB8FF7B36560759892CAAA12 ] c:\Program Files\Microsoft Security Client\msseces.exe 11:12:33.0973 0x2a78 MSC - ok 11:12:34.0067 0x2a78 [ 47EA5F76FAB723C61AB4A0D79BAD512C, A7A38EB0A7068B160E6949945EF639F999A06AE35746F6E79C7350745798E5C9 ] C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe 11:12:34.0082 0x2a78 Adobe ARM - ok 11:12:34.0176 0x2a78 [ 07DACF8EE0581D188931E02CB7D50E1A, 4789520F8F5596CCC830D2C6B7C9592F156B298F9CA76EC9E0254D3499455367 ] C:\Program Files\Common Files\Research In Motion\USB Drivers\RIMBBLaunchAgent.exe 11:12:34.0191 0x2a78 RIMBBLaunchAgent.exe - ok 11:12:34.0332 0x2a78 [ 818DA091BF0F17AFDFA19CF39226FF0F, 3967E0C3E111EB8E0E0F7D275F9E8F2C36536474842ECEF2153C9128749CB20A ] C:\Program Files\Common Files\Intuit\Sync\IntuitSyncManager.exe 11:12:34.0394 0x2a78 Intuit SyncManager - ok 11:12:34.0457 0x2a78 [ 308F2EE28005510DE616409148CF077B, A2126CB185B0053086BDD6F0A16A503F6CA629AC677E4B7AE6D43C770061D087 ] C:\Program Files\Common Files\Java\Java Update\jusched.exe 11:12:34.0457 0x2a78 SunJavaUpdateSched - ok 11:12:34.0550 0x2a78 [ 8BBDBEBCF62898D56AB584A373A461E7, 627F24C96576C51255794DCD4DFAA39C0F0334F5E1EF69EC552DE357C2C16228 ] C:\Users\Tim\AppData\Local\Workspace\WorkspaceUpdate.exe 11:12:36.0791 0x2a78 Starfield Updater - ok 11:12:36.0947 0x2a78 [ F308D7378BF60B91DA495FCAA1C216E7, 7D67B6D1CE11685F87B3CF9689AF0B089D3340A72C7A0B9633C826AEE49B405E ] C:\Program Files\CCleaner\CCleaner.exe 11:12:37.0025 0x2a78 CCleaner Monitoring - ok 11:12:37.0025 0x2a78 Waiting for KSN requests completion. In queue: 12 11:12:38.0039 0x2a78 Waiting for KSN requests completion. In queue: 12 11:12:39.0043 0x2a78 Waiting for KSN requests completion. In queue: 12 11:12:40.0088 0x2a78 AV detected via SS2: Microsoft Security Essentials, C:\Program Files\Microsoft Security Client\msseces.exe ( 4.6.305.0 ), 0x61000 ( enabled : updated ) 11:12:40.0181 0x2a78 Win FW state via NFP2: enabled 11:12:42.0719 0x2a78 ============================================================ 11:12:42.0719 0x2a78 Scan finished 11:12:42.0719 0x2a78 ============================================================ 11:12:42.0719 0x1980 Detected object count: 0 11:12:42.0719 0x1980 Actual detected object count: 0
  3. Hello, MBAM is coming up clean but MSE occasionally pops up and tells me threats are being detected. When I check the history, Trojan:DOS/Alureon.J was detected, however, an error code of 0x80508023 says the program could not find the malware and other potentially unwanted software on the computer. A quick scan of MSE also comes up clean. Here are the logs from farbar: Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version: 01-10-2014 Ran by Tim (administrator) on TSR on 01-10-2014 14:44:59 Running from C:\Users\Tim\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\2212OU44 Loaded Profile: Tim (Available profiles: Tim) Platform: Microsoft Windows 7 Home Premium Service Pack 1 (X86) OS Language: English (United States) Internet Explorer Version 11 Boot Mode: Normal Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/ ==================== Processes (Whitelisted) ================= (If an entry is included in the fixlist, the process will be closed. The file will not be moved.) (Microsoft Corporation) C:\Program Files\Microsoft Security Client\MsMpEng.exe (Starfield Technologies) C:\Program Files\Workspace\offSyncService.exe (Intuit) C:\Program Files\Common Files\Intuit\QuickBooks\QBCFMonitorService.exe (Intuit Inc.) C:\Program Files\Common Files\Intuit\DataProtect\QBIDPService.exe (Microsoft Corporation) C:\Program Files\Microsoft Security Client\NisSrv.exe (Intel Corporation) C:\Windows\System32\hkcmd.exe (Intel Corporation) C:\Windows\System32\igfxpers.exe () C:\Program Files\Xerox\Xerox WorkCentre 3220\PSU\Scan2pc.exe (Microsoft Corporation) C:\Program Files\Microsoft Security Client\msseces.exe (Research In Motion Limited) C:\Program Files\Common Files\Research In Motion\USB Drivers\RIMBBLaunchAgent.exe (Oracle Corporation) C:\Program Files\Common Files\Java\Java Update\jusched.exe (Research In Motion Limited) C:\Program Files\Common Files\Research In Motion\USB Drivers\BbDevMgr.exe (Starfield Technologies) C:\Users\Tim\AppData\Local\Workspace\workspaceupdate.exe (Microsoft Corporation) C:\Windows\Microsoft.NET\Framework\v3.0\WPF\PresentationFontCache.exe (Southwest Securities, Inc.) C:\Program Files\SWS\SWSAgent\Sws.Agent.Service.exe (Microsoft Corporation) C:\Program Files\Internet Explorer\iexplore.exe (Microsoft Corporation) C:\Program Files\Internet Explorer\iexplore.exe (Microsoft Corporation) C:\Program Files\Internet Explorer\iexplore.exe (Microsoft Corporation) C:\Program Files\Internet Explorer\iexplore.exe (Microsoft Corporation) C:\Windows\System32\MsSpellCheckingFacility.exe (Microsoft Corporation) C:\Windows\System32\dllhost.exe (Microsoft Corporation) C:\Program Files\Internet Explorer\iexplore.exe (Microsoft Corporation) C:\Program Files\Internet Explorer\iexplore.exe (Microsoft Corporation) C:\Program Files\Internet Explorer\iexplore.exe (Microsoft Corporation) C:\Program Files\Internet Explorer\iexplore.exe ==================== Registry (Whitelisted) ================== (If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.) HKLM\...\Run: [stanley-H_XRX_S2P] => C:\Program Files\Xerox\Xerox WorkCentre 3220\PSU\Scan2pc.exe [253952 2010-01-26] () HKLM\...\Run: [MSC] => c:\Program Files\Microsoft Security Client\msseces.exe [974432 2014-08-22] (Microsoft Corporation) HKLM\...\Run: [Adobe ARM] => C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe [959176 2014-08-21] (Adobe Systems Incorporated) HKLM\...\Run: [RIMBBLaunchAgent.exe] => C:\Program Files\Common Files\Research In Motion\USB Drivers\RIMBBLaunchAgent.exe [443408 2013-09-09] (Research In Motion Limited) HKLM\...\Run: [intuit SyncManager] => C:\Program Files\Common Files\Intuit\Sync\IntuitSyncManager.exe [3761464 2013-09-30] (Intuit Inc. All rights reserved.) HKLM\...\Run: [sunJavaUpdateSched] => C:\Program Files\Common Files\Java\Java Update\jusched.exe [256896 2014-07-25] (Oracle Corporation) HKU\S-1-5-21-2371214144-1427845669-1413801427-1000\...\Run: [starfield Updater] => C:\Users\Tim\AppData\Local\Workspace\workspaceupdate.exe [35008 2013-05-15] (Starfield Technologies) HKU\S-1-5-21-2371214144-1427845669-1413801427-1000\...\Run: [CCleaner Monitoring] => C:\Program Files\CCleaner\CCleaner.exe [4811032 2014-09-26] (Piriform Ltd) ShellIconOverlayIdentifiers: [off0] -> {8E33AEC3-C5F2-43C4-B048-9E3EB19B1DD5} => C:\Program Files\Workspace\offsyncext.dll (Starfield Technologies, LLC) ShellIconOverlayIdentifiers: [off1] -> {8E33AEC4-C5F2-43C4-B048-9E3EB19B1DD5} => C:\Program Files\Workspace\offsyncext.dll (Starfield Technologies, LLC) ==================== Internet (Whitelisted) ==================== (If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.) HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch SearchScopes: HKLM - DefaultScope value is missing. BHO: Java Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files\Java\jre7\bin\ssv.dll (Oracle Corporation) BHO: Java Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files\Java\jre7\bin\jp2ssv.dll (Oracle Corporation) DPF: {A1B8A30B-8AAA-4A3E-8869-1DA509E8A011} https://reports.igrs-ips.com/crystalreportviewers10/ActiveXControls/ActiveXViewer.cab Handler: intu-help-qb4 - {ACE22922-D07C-4860-B51B-8CF472FEC2CB} - C:\Program Files\Intuit\QuickBooks 2011\HelpAsyncPluggableProtocol.dll (Intuit, Inc.) Handler: qbwc - {FC598A64-626C-4447-85B8-53150405FD57} - C:\Windows\system32\mscoree.dll (Microsoft Corporation) Tcpip\Parameters: [DhcpNameServer] 10.1.10.1 FireFox: ======== FF Plugin: @java.com/DTPlugin,version=10.67.2 -> C:\Program Files\Java\jre7\bin\dtplugin\npDeployJava1.dll (Oracle Corporation) FF Plugin: @java.com/JavaPlugin,version=10.67.2 -> C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation) FF Plugin: @microsoft.com/GENUINE -> disabled No File FF Plugin: @RIM.com/WebSLLauncher,version=1.0 -> C:\Program Files\Common Files\Research In Motion\BBWebSLLauncher\NPWebSLLauncher.dll () FF Plugin: Adobe Reader -> C:\Program Files\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.) FF Plugin HKCU: @starfield.com/off -> C:\Users\Tim\AppData\Roaming\Mozilla\Plugins\npoff.dll ( Starfield Technologies, LLC.) FF Plugin HKCU: @starfield.com/wbe -> C:\Users\Tim\AppData\Roaming\Mozilla\Plugins\npwbe.dll (Starfield Technology, LLC) FF Plugin ProgramFiles/Appdata: C:\Users\Tim\AppData\Roaming\mozilla\plugins\npoff.dll ( Starfield Technologies, LLC.) FF Plugin ProgramFiles/Appdata: C:\Users\Tim\AppData\Roaming\mozilla\plugins\npwbe.dll (Starfield Technology, LLC) FF Extension: WBE Paste - C:\Users\Tim\AppData\Roaming\Mozilla\Extensions\{ec8030f7-c20a-464f-9b0e-13a3a9e97384}\wbepaste@starfield [2013-05-15] FF Extension: Workspace Email Zoom - C:\Users\Tim\AppData\Roaming\Mozilla\Extensions\{ec8030f7-c20a-464f-9b0e-13a3a9e97384}\zoomext@starfield [2013-05-15] Chrome: ======= ========================== Services (Whitelisted) ================= (If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.) R3 BlackBerry Device Manager; C:\Program Files\Common Files\Research In Motion\USB Drivers\BbDevMgr.exe [585728 2013-09-09] (Research In Motion Limited) [File not signed] R2 File Backup; C:\Program Files\Workspace\offSyncService.exe [1187040 2013-07-22] (Starfield Technologies) R2 MsMpSvc; c:\Program Files\Microsoft Security Client\MsMpEng.exe [22192 2014-08-22] (Microsoft Corporation) R3 NisSrv; c:\Program Files\Microsoft Security Client\NisSrv.exe [288120 2014-08-22] (Microsoft Corporation) R2 QBCFMonitorService; C:\Program Files\Common Files\Intuit\QuickBooks\QBCFMonitorService.exe [45056 2014-02-04] (Intuit) [File not signed] S3 QBFCService; C:\Program Files\Common Files\Intuit\QuickBooks\FCS\Intuit.QuickBooks.FCS.exe [61440 2009-07-23] (Intuit Inc.) [File not signed] R2 QBVSS; C:\Program Files\Common Files\Intuit\DataProtect\QBIDPService.exe [1257760 2011-03-05] (Intuit Inc.) R2 Sws.Agent.Service; C:\Program Files\SWS\SWSAgent\Sws.Agent.Service.exe [50272 2012-04-24] (Southwest Securities, Inc.) ==================== Drivers (Whitelisted) ==================== (If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.) R2 DgiVecp; C:\Windows\system32\Drivers\DgiVecp.sys [41984 2008-10-28] (Samsung Electronics Co., Ltd.) [File not signed] R3 IntcAzAudAddService; C:\Windows\System32\drivers\RTDVHDA.sys [2747424 2009-09-04] (Realtek Semiconductor Corp.) R0 MpFilter; C:\Windows\System32\DRIVERS\MpFilter.sys [231800 2014-07-17] (Microsoft Corporation) R1 MpKsl02b23edc; c:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{1F574392-E885-4386-A741-A6A884B2E4AC}\MpKsl02b23edc.sys [39464 2014-10-01] (Microsoft Corporation) R0 PBADRV; C:\Windows\System32\DRIVERS\PBADRV.sys [26608 2008-06-04] (Dell Inc) R2 SSPORT; C:\Windows\system32\Drivers\SSPORT.sys [5120 2008-10-27] (Samsung Electronics) [File not signed] U5 AppMgmt; C:\Windows\system32\svchost.exe [20992 2009-07-13] (Microsoft Corporation) ==================== NetSvcs (Whitelisted) =================== (If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.) ==================== One Month Created Files and Folders ======== (If an entry is included in the fixlist, the file\folder will be moved.) 2014-10-01 14:44 - 2014-10-01 14:45 - 00000000 ____D () C:\FRST 2014-10-01 13:58 - 2014-10-01 13:58 - 00000056 _____ () C:\Windows\setupact.log 2014-10-01 13:58 - 2014-10-01 13:58 - 00000000 _____ () C:\Windows\setuperr.log 2014-10-01 11:57 - 2014-10-01 12:08 - 00000000 ____D () C:\ProgramData\Malwarebytes' Anti-Malware (portable) 2014-10-01 11:56 - 2014-10-01 12:08 - 00000000 ____D () C:\Users\Tim\Desktop\mbar 2014-10-01 11:08 - 2014-07-08 21:29 - 00006144 _____ (Microsoft Corporation) C:\Windows\system32\KBDYAK.DLL 2014-10-01 11:08 - 2014-07-08 21:29 - 00006144 _____ (Microsoft Corporation) C:\Windows\system32\KBDTAT.DLL 2014-10-01 11:08 - 2014-07-08 21:29 - 00006144 _____ (Microsoft Corporation) C:\Windows\system32\KBDRU1.DLL 2014-10-01 11:08 - 2014-07-08 21:29 - 00006144 _____ (Microsoft Corporation) C:\Windows\system32\KBDBASH.DLL 2014-10-01 11:08 - 2014-07-08 21:29 - 00005632 _____ (Microsoft Corporation) C:\Windows\system32\KBDRU.DLL 2014-10-01 11:08 - 2014-07-08 18:30 - 00419992 _____ () C:\Windows\system32\locale.nls 2014-10-01 08:17 - 2014-09-24 21:40 - 00519680 _____ (Microsoft Corporation) C:\Windows\system32\qdvd.dll 2014-09-24 08:11 - 2014-09-09 17:47 - 00002048 _____ (Microsoft Corporation) C:\Windows\system32\tzres.dll 2014-09-22 10:58 - 2014-10-01 14:03 - 00503347 _____ () C:\Windows\WindowsUpdate.log 2014-09-12 03:12 - 2014-08-19 13:39 - 00327872 _____ (Microsoft Corporation) C:\Windows\system32\iedkcs32.dll 2014-09-12 03:12 - 2014-08-18 18:26 - 17455104 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll 2014-09-12 03:12 - 2014-08-18 18:08 - 04232704 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll 2014-09-12 03:12 - 2014-08-18 17:57 - 02724864 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb 2014-09-12 03:12 - 2014-08-18 17:57 - 00004096 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollectorres.dll 2014-09-12 03:12 - 2014-08-18 17:46 - 00454656 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll 2014-09-12 03:12 - 2014-08-18 17:45 - 00061952 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll 2014-09-12 03:12 - 2014-08-18 17:44 - 00061952 _____ (Microsoft Corporation) C:\Windows\system32\MshtmlDac.dll 2014-09-12 03:12 - 2014-08-18 17:44 - 00051200 _____ (Microsoft Corporation) C:\Windows\system32\ieetwproxystub.dll 2014-09-12 03:12 - 2014-08-18 17:42 - 02185728 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll 2014-09-12 03:12 - 2014-08-18 17:39 - 00043008 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll 2014-09-12 03:12 - 2014-08-18 17:39 - 00032768 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll 2014-09-12 03:12 - 2014-08-18 17:37 - 00440320 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll 2014-09-12 03:12 - 2014-08-18 17:36 - 00112128 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe 2014-09-12 03:12 - 2014-08-18 17:36 - 00108032 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollector.exe 2014-09-12 03:12 - 2014-08-18 17:35 - 00597504 _____ (Microsoft Corporation) C:\Windows\system32\jscript9diag.dll 2014-09-12 03:12 - 2014-08-18 17:30 - 00646144 _____ (Microsoft Corporation) C:\Windows\system32\MsSpellCheckingFacility.exe 2014-09-12 03:12 - 2014-08-18 17:27 - 00365056 _____ (Microsoft Corporation) C:\Windows\system32\dxtmsft.dll 2014-09-12 03:12 - 2014-08-18 17:22 - 00060416 _____ (Microsoft Corporation) C:\Windows\system32\JavaScriptCollectionAgent.dll 2014-09-12 03:12 - 2014-08-18 17:19 - 00164864 _____ (Microsoft Corporation) C:\Windows\system32\msrating.dll 2014-09-12 03:12 - 2014-08-18 17:17 - 00243200 _____ (Microsoft Corporation) C:\Windows\system32\dxtrans.dll 2014-09-12 03:12 - 2014-08-18 17:17 - 00069632 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll 2014-09-12 03:12 - 2014-08-18 17:15 - 11769856 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll 2014-09-12 03:12 - 2014-08-18 17:09 - 00603136 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll 2014-09-12 03:12 - 2014-08-18 17:08 - 02014208 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl 2014-09-12 03:12 - 2014-08-18 17:08 - 00673792 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe 2014-09-12 03:12 - 2014-08-18 17:07 - 01068032 _____ (Microsoft Corporation) C:\Windows\system32\mshtmlmedia.dll 2014-09-12 03:12 - 2014-08-18 16:46 - 01812992 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll 2014-09-12 03:12 - 2014-08-18 16:38 - 01190400 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll 2014-09-12 03:12 - 2014-08-18 16:36 - 00678400 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dll 2014-09-12 03:11 - 2014-06-26 21:45 - 02285056 _____ (Microsoft Corporation) C:\Windows\system32\msmpeg2vdec.dll 2014-09-11 08:20 - 2014-07-06 21:40 - 01059840 _____ (Microsoft Corporation) C:\Windows\system32\lsasrv.dll 2014-09-11 08:20 - 2014-07-06 21:40 - 00550912 _____ (Microsoft Corporation) C:\Windows\system32\kerberos.dll 2014-09-11 08:19 - 2014-09-04 21:52 - 00445952 _____ (Microsoft Corporation) C:\Windows\system32\aepdu.dll 2014-09-11 08:19 - 2014-09-04 21:47 - 00302592 _____ (Microsoft Corporation) C:\Windows\system32\aeinv.dll 2014-09-11 08:19 - 2014-08-01 07:35 - 00793600 _____ (Microsoft Corporation) C:\Windows\system32\TSWorkspace.dll 2014-09-11 08:19 - 2014-06-23 22:59 - 01987584 _____ (Microsoft Corporation) C:\Windows\system32\d3d10warp.dll 2014-09-03 10:07 - 2014-09-03 10:07 - 00010176 _____ () C:\Users\Tim\Downloads\_1_0BC49F800BC48078005CA97685257D41 2014-09-02 09:20 - 2014-09-02 09:20 - 00000000 ____D () C:\Users\Tim\AppData\Local\Adobe ==================== One Month Modified Files and Folders ======= (If an entry is included in the fixlist, the file\folder will be moved.) 2014-10-01 14:11 - 2012-03-29 14:05 - 00000830 _____ () C:\Windows\Tasks\Adobe Flash Player Updater.job 2014-10-01 14:05 - 2009-07-14 00:34 - 00028352 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0 2014-10-01 14:05 - 2009-07-14 00:34 - 00028352 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0 2014-10-01 13:58 - 2009-07-14 00:53 - 00000006 ____H () C:\Windows\Tasks\SA.DAT 2014-10-01 11:57 - 2014-07-09 10:05 - 00113880 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys 2014-10-01 11:56 - 2014-07-09 10:05 - 00075480 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbamchameleon.sys 2014-10-01 11:35 - 2014-03-10 12:14 - 00022016 _____ () C:\Users\Tim\Desktop\Nanny.xls 2014-10-01 11:34 - 2009-07-14 00:33 - 00377000 _____ () C:\Windows\system32\FNTCACHE.DAT 2014-10-01 11:33 - 2013-03-24 19:46 - 00002687 _____ () C:\Users\Public\Desktop\ANICO Life Portraits ES.lnk 2014-10-01 11:33 - 2011-12-01 17:52 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Life Portraits ES 2014-10-01 11:33 - 2011-12-01 17:51 - 00000000 ____D () C:\LPES 2014-10-01 10:13 - 2011-12-01 16:15 - 00000969 _____ () C:\Users\Public\Desktop\CCleaner.lnk 2014-10-01 10:13 - 2011-12-01 16:15 - 00000000 ____D () C:\Program Files\CCleaner 2014-09-24 11:11 - 2012-03-29 14:05 - 00701104 _____ (Adobe Systems Incorporated) C:\Windows\system32\FlashPlayerApp.exe 2014-09-24 11:11 - 2011-12-01 16:12 - 00071344 _____ (Adobe Systems Incorporated) C:\Windows\system32\FlashPlayerCPLApp.cpl 2014-09-22 02:41 - 2011-12-01 15:24 - 00231568 ____N (Microsoft Corporation) C:\Windows\system32\MpSigStub.exe 2014-09-18 15:20 - 2011-12-01 17:48 - 00000000 ____D () C:\WinFlex6 2014-09-18 13:44 - 2013-01-26 16:53 - 00002441 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Reader XI.lnk 2014-09-12 08:17 - 2009-07-13 22:37 - 00000000 ____D () C:\Windows\rescache 2014-09-12 03:37 - 2009-07-13 22:37 - 00000000 ____D () C:\Windows\Microsoft.NET 2014-09-12 03:11 - 2013-08-15 03:10 - 00000000 ____D () C:\Windows\system32\MRT 2014-09-12 03:08 - 2011-12-01 15:30 - 98758480 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe 2014-09-12 03:07 - 2012-05-01 03:01 - 00002117 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Security Essentials.lnk 2014-09-12 03:07 - 2011-12-01 15:48 - 00001945 _____ () C:\Windows\epplauncher.mif 2014-09-12 03:07 - 2011-12-01 15:48 - 00000000 ____D () C:\Program Files\Microsoft Security Client 2014-09-12 03:06 - 2014-05-03 17:01 - 00000000 ___SD () C:\Windows\system32\CompatTel 2014-09-12 03:02 - 2010-11-20 17:01 - 00774592 _____ () C:\Windows\system32\PerfStringBackup.INI 2014-09-03 10:34 - 2014-08-28 12:38 - 00017920 _____ () C:\Users\Tim\Desktop\Regina Academy Census.xls 2014-09-02 11:47 - 2012-06-12 17:07 - 00000000 ____D () C:\Users\Tim\AppData\Local\Deployment ==================== Bamital & volsnap Check ================= (There is no automatic fix for files that do not pass verification.) C:\Windows\explorer.exe => File is digitally signed C:\Windows\system32\winlogon.exe => File is digitally signed C:\Windows\system32\wininit.exe => File is digitally signed C:\Windows\system32\svchost.exe => File is digitally signed C:\Windows\system32\services.exe => File is digitally signed C:\Windows\system32\User32.dll => File is digitally signed C:\Windows\system32\userinit.exe => File is digitally signed C:\Windows\system32\rpcss.dll => File is digitally signed C:\Windows\system32\Drivers\volsnap.sys => File is digitally signed LastRegBack: 2014-09-26 17:07 ==================== End Of Log ============================ Additional scan result of Farbar Recovery Scan Tool (x86) Version: 01-10-2014 Ran by Tim at 2014-10-01 14:45:51 Running from C:\Users\Tim\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\2212OU44 Boot Mode: Normal ========================================================== ==================== Security Center ======================== (If an entry is included in the fixlist, it will be removed.) AV: Microsoft Security Essentials (Enabled - Up to date) {4F35CFC4-45A3-FC37-EF17-759A02E39AB1} AS: Microsoft Security Essentials (Enabled - Up to date) {F4542E20-6399-F3B9-D5A7-4EE87964D00C} AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46} ==================== Installed Programs ====================== (Only the adware programs with "hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.) Adobe AIR (HKLM\...\Adobe AIR) (Version: 3.1.0.4880 - Adobe Systems Incorporated) Adobe AIR (Version: 3.1.0.4880 - Adobe Systems Incorporated) Hidden Adobe Flash Player 15 ActiveX (HKLM\...\Adobe Flash Player ActiveX) (Version: 15.0.0.167 - Adobe Systems Incorporated) Adobe Reader XI (11.0.09) (HKLM\...\{AC76BA86-7AD7-1033-7B44-AB0000000001}) (Version: 11.0.09 - Adobe Systems Incorporated) BioAPI Framework (Version: 1.0.1 - Dell Inc.) Hidden BlackBerry Desktop Software 7.1 (HKLM\...\BlackBerry_Desktop) (Version: 7.1.0.41 - Research In Motion Ltd.) BlackBerry Desktop Software 7.1 (Version: 7.1.0.41 - Research In Motion Ltd.) Hidden Broadcom NetXtreme-I Netlink Driver and Management Installer (HKLM\...\{2E98C5B7-D64C-4D7E-BFC3-A7D078569F28}) (Version: 12.25.02 - Broadcom Corporation) CCleaner (HKLM\...\CCleaner) (Version: 4.18 - Piriform) Cisco Connect (HKLM\...\Cisco Connect) (Version: 1.4.12068.0 - Cisco Consumer Products LLC) Compatibility Pack for the 2007 Office system (HKLM\...\{90120000-0020-0409-0000-0000000FF1CE}) (Version: 12.0.6612.1000 - Microsoft Corporation) Corporate Records Forms (HKLM\...\Corporate Records Forms) (Version: - ) CSS Bloomberg Queue Reader (HKLM\...\{6467A27F-1C62-4DCB-8CEC-391366622253}) (Version: 7.0.1534.0 - Comprehensive Software Systems, LLC) CSS Business Services Client 2.0 (HKLM\...\{ACF63D75-7B07-4428-BA56-A83C317FAE83}) (Version: 2.2.69.0 - Comprehensive Software Systems, LLC) CSS Cashiering Service Client 2.2.46.0 (HKLM\...\{393EE639-CD4B-41D2-9C6B-579B8F86E3DD}) (Version: 2.2.46.0 - Comprehensive Software Systems, LLC) CSS Cost Basis Client 7.0.1703 (HKLM\...\{FE07AAA5-660F-4133-9864-2F8EBEFB164E}) (Version: 7.0.1703 - CSS) CSS Cost Basis Reporting Services 7.0.1666 (HKLM\...\{A31A46D8-ED5E-4347-8D89-466DA56B2C2D}) (Version: 7.0.1666 - CSS) CSS Framework 1.0.36.6 (HKLM\...\{2AFBF07F-704C-437C-A29F-D88E60F740B7}) (Version: 1.36.6 - CSS) CSS Framework 2.0.30 (HKLM\...\{2B088A3C-7A0B-4FC3-A9A5-4A0BD5C2F021}) (Version: 2.0.30 - CSS) CSS Framework 3.0 (HKLM\...\{07F6C864-C098-4883-A3DE-A962D4591E80}) (Version: 3.0.49.0 - Comprehensive Software Systems, LLC) CSS LOPR Client (HKLM\...\{0B589839-CD8B-4384-8175-99C27C82CBA1}) (Version: 1.0.0 - CSS) CSS Mutual Funds Client 7.0.1790 (HKLM\...\{972E2C37-C045-4D3F-9D93-DA7D67BF28B6}) (Version: 7.0.1790 - CSS) CSS Obligation Warehouse Client 7.0.1662 (HKLM\...\{B486720E-CC16-4A6C-A60B-93B06433E6C9}) (Version: 7.0.1662 - CSS) CSS Omgeo Access (HKLM\...\{814E73BE-585F-4B90-A284-E3D618C55DDF}) (Version: 7.0.33 - CSS) CSS Omgeo Alert STP - Client (HKLM\...\{B381DA0B-2182-423C-B7F7-9414C553ED79}) (Version: 1.0.0 - CSS) CSS Operations Framework 2.0.1 (HKLM\...\{208E608F-AC7D-4E01-8D2B-A34897420A54}) (Version: 2.0.1 - CSS) CSS Review and Release Client 7.0.1348 (HKLM\...\{82A767D7-3E90-4ECA-9591-DD3122912DA6}) (Version: 7.0.1348 - CSS) CSS Segregation Management (HKLM\...\{7D135D8F-B544-4EBE-BF2A-FDD64F6455D3}) (Version: 6.0.234 - CSS) CSS Stock Record Viewer 7.0.1404 (HKLM\...\{7E727C8D-5C1D-445F-8A3D-5F48A4E68A02}) (Version: 7.0.1404 - CSS) Dell Resource CD (HKLM\...\{42929F0F-CE14-47AF-9FC7-FF297A603021}) (Version: 1.00.0000 - Dell Inc.) Dell Security Device Driver Pack (HKLM\...\{FF1DDCF4-3A28-4F7F-96D8-E3F4BD1C1702}) (Version: 1.3.039 - Dell Inc.) ESET Online Scanner v3 (HKLM\...\ESET Online Scanner) (Version: - ) GoToMeeting 5.4.0.1082 (HKCU\...\GoToMeeting) (Version: 5.4.0.1082 - CitrixOnline) Incorporation Forms (HKLM\...\Incorporation Forms) (Version: - ) Java 7 Update 67 (HKLM\...\{26A24AE4-039D-4CA4-87B4-2F03217067FF}) (Version: 7.0.670 - Oracle) Java Auto Updater (Version: 2.1.67.1 - Oracle, Inc.) Hidden Life Portraits® ES Desktop - AMN (HKLM\...\{D71EC6FC-9719-47DE-844C-D06ADDC64704}) (Version: 2.95.110 - StoneRiver, Inc) Malwarebytes Anti-Malware version 2.0.2.1012 (HKLM\...\Malwarebytes Anti-Malware_is1) (Version: 2.0.2.1012 - Malwarebytes Corporation) Microsoft .NET Framework 4.5.1 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.5.50938 - Microsoft Corporation) Microsoft .NET Framework 4.5.1 (Version: 4.5.50938 - Microsoft Corporation) Hidden Microsoft Office 2003 Primary Interop Assemblies (HKLM\...\{91490409-6000-11D3-8CFE-0150048383C9}) (Version: 11.0.6553.0 - Microsoft Corporation) Microsoft Office File Validation Add-In (HKLM\...\{90140000-2005-0000-0000-0000000FF1CE}) (Version: 14.0.5130.5003 - Microsoft Corporation) Microsoft Office Professional Edition 2003 (HKLM\...\{91110409-6000-11D3-8CFE-0150048383C9}) (Version: 11.0.8173.0 - Microsoft Corporation) Microsoft Security Client (Version: 4.6.0305.0 - Microsoft Corporation) Hidden Microsoft Security Essentials (HKLM\...\Microsoft Security Client) (Version: 4.6.305.0 - Microsoft Corporation) Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053 (HKLM\...\{770657D0-A123-3C07-8E44-1C83EC895118}) (Version: 8.0.50727.4053 - Microsoft Corporation) Microsoft Visual C++ 2005 Redistributable (HKLM\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation) Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022 (HKLM\...\{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}) (Version: 9.0.21022 - Microsoft Corporation) Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation) Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation) Microsoft Visual Studio 2005 Tools for Office Runtime (HKLM\...\Microsoft Visual Studio 2005 Tools for Office Runtime) (Version: - Microsoft Corporation) Microsoft Visual Studio 2005 Tools for Office Runtime (Version: 8.0.60940.0 - Microsoft Corporation) Hidden MSXML 4.0 SP2 (KB954430) (HKLM\...\{86493ADD-824D-4B8E-BD72-8C5DCDC52A71}) (Version: 4.20.9870.0 - Microsoft Corporation) MSXML 4.0 SP2 (KB973688) (HKLM\...\{F662A8E6-F4DC-41A2-901E-8C11F044BDEC}) (Version: 4.20.9876.0 - Microsoft Corporation) MSXML 4.0 SP2 Parser and SDK (HKLM\...\{716E0306-8318-4364-8B8F-0CC4E9376BAC}) (Version: 4.20.9818.0 - Microsoft Corporation) MSXML 4.0 SP3 Parser (HKLM\...\{196467F1-C11F-4F76-858B-5812ADC83B94}) (Version: 4.30.2100.0 - Microsoft Corporation) MSXML 4.0 SP3 Parser (KB2721691) (HKLM\...\{355B5AC0-CEEE-42C5-AD4D-7F3CFD806C36}) (Version: 4.30.2114.0 - Microsoft Corporation) MSXML 4.0 SP3 Parser (KB2758694) (HKLM\...\{1D95BA90-F4F8-47EC-A882-441C99D30C1E}) (Version: 4.30.2117.0 - Microsoft Corporation) MSXML 4.0 SP3 Parser (KB973685) (HKLM\...\{859DFA95-E4A6-48CD-B88E-A3E483E89B44}) (Version: 4.30.2107.0 - Microsoft Corporation) Mutual of Omaha - Health (HKLM\...\Mutual of Omaha - Health_is1) (Version: - Ebix Exchange, INC) Mutual of Omaha (HKLM\...\Mutual of Omaha_is1) (Version: - Ebix Exchange, INC) QuickBooks (Version: 21.0.4014.904 - Intuit Inc.) Hidden QuickBooks Pro 2011 (HKLM\...\{11E0AC7D-6822-4F67-865F-EE1C13D28C38}) (Version: 21.0.4014.904 - Intuit Inc.) Realtek High Definition Audio Driver (HKLM\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.5871 - Realtek Semiconductor Corp.) Southwest Securities Inc. - Q (HKLM\...\{BAACF1A5-EEB0-4441-BBE3-1A49D29B1521}) (Version: 6.70.0000 - Southwest Securities Inc.) UPEK TouchChip Fingerprint Reader (Version: 1.1.0 - Dell Inc.) Hidden Windows Driver Package - Dell Inc. PBADRV System (01/07/2008 1.0.1.5) (HKLM\...\9D57DE505B6D8C710EF3B74BE638DBB936EED8A3) (Version: 01/07/2008 1.0.1.5 - Dell Inc.) WinFlex 6 (HKLM\...\WinFlex 6_is1) (Version: 6.103.0.21 - Ebix Exchange, INC) Workspace Desktop (HKCU\...\workspacedesktop) (Version: - Starfield Technologies) Xerox WorkCentre 3220 (HKLM\...\Xerox WorkCentre 3220) (Version: - ) ==================== Custom CLSID (selected items): ========================== (If an entry is included in the fixlist, it will be removed from registry. Any eventual file will not be moved.) CustomCLSID: HKU\S-1-5-21-2371214144-1427845669-1413801427-1000_Classes\CLSID\{05EC5C13-D255-4592-9CCB-98615172F0D6}\InprocServer32 -> C:\Program Files\Common Files\Intuit\QuickBooks\QBObjProxy.dll (Intuit Inc.) CustomCLSID: HKU\S-1-5-21-2371214144-1427845669-1413801427-1000_Classes\CLSID\{0ADF9C35-0D5E-4B75-88DD-B64868907E17}\InprocServer32 -> C:\Program Files\Common Files\Intuit\QuickBooks\QBObjProxy.dll (Intuit Inc.) CustomCLSID: HKU\S-1-5-21-2371214144-1427845669-1413801427-1000_Classes\CLSID\{123FAF7F-3FB1-4B8F-AD18-0047401D436A}\InprocServer32 -> C:\Program Files\Common Files\Intuit\QuickBooks\QBObjProxy.dll (Intuit Inc.) CustomCLSID: HKU\S-1-5-21-2371214144-1427845669-1413801427-1000_Classes\CLSID\{1B3210AF-E236-46D4-83EF-6421F2FF543C}\InprocServer32 -> C:\Program Files\Common Files\Intuit\QuickBooks\QBDTVIEW.OCx No File CustomCLSID: HKU\S-1-5-21-2371214144-1427845669-1413801427-1000_Classes\CLSID\{1BFB1268-6353-495A-AB78-97BF7CAB4D59}\InprocServer32 -> C:\Users\Tim\AppData\Local\Workspace\gdeditwrapperax15.dll (Starfield Technologies) CustomCLSID: HKU\S-1-5-21-2371214144-1427845669-1413801427-1000_Classes\CLSID\{1E78DD72-771E-42BF-8B4B-363CEB18E07B}\InprocServer32 -> C:\Program Files\Common Files\Intuit\QuickBooks\QBDTVIEW.OCx No File CustomCLSID: HKU\S-1-5-21-2371214144-1427845669-1413801427-1000_Classes\CLSID\{20DD1B9E-87C4-11D1-8BE3-0000F8754DA1}\InprocServer32 -> C:\Windows\system32\MSCOMCT2.OCX (Microsoft Corporation) CustomCLSID: HKU\S-1-5-21-2371214144-1427845669-1413801427-1000_Classes\CLSID\{22664BE2-0806-4BA4-8643-DE40C9149176}\InprocServer32 -> C:\Program Files\Common Files\Intuit\QuickBooks\BbfDepCalc.ocx No File CustomCLSID: HKU\S-1-5-21-2371214144-1427845669-1413801427-1000_Classes\CLSID\{232E456A-87C3-11D1-8BE3-0000F8754DA1}\InprocServer32 -> C:\Windows\system32\MSCOMCT2.OCX (Microsoft Corporation) CustomCLSID: HKU\S-1-5-21-2371214144-1427845669-1413801427-1000_Classes\CLSID\{2A9EBDB5-0600-4E8C-B910-4001BEB2DD8C}\InprocServer32 -> C:\Program Files\Common Files\Intuit\QuickBooks\BbfDepCalc.ocx No File CustomCLSID: HKU\S-1-5-21-2371214144-1427845669-1413801427-1000_Classes\CLSID\{349D777D-F7A2-4AAE-967F-A54F05A7FF3B}\InprocServer32 -> C:\Program Files\Common Files\Intuit\QuickBooks\QBFinder.dll No File CustomCLSID: HKU\S-1-5-21-2371214144-1427845669-1413801427-1000_Classes\CLSID\{37A2FC00-1795-4679-94A3-A153F1A8BB54}\InprocServer32 -> C:\Program Files\Common Files\Intuit\QuickBooks\QBObjProxy.dll (Intuit Inc.) CustomCLSID: HKU\S-1-5-21-2371214144-1427845669-1413801427-1000_Classes\CLSID\{37A2FC02-1795-4679-94A3-A153F1A8BB54}\InprocServer32 -> C:\Program Files\Common Files\Intuit\QuickBooks\QBObjProxy.dll (Intuit Inc.) CustomCLSID: HKU\S-1-5-21-2371214144-1427845669-1413801427-1000_Classes\CLSID\{38911D8E-E448-11D0-84A3-00DD01104159}\InprocServer32 -> C:\Windows\system32\comct332.ocx (Microsoft Corporation ) CustomCLSID: HKU\S-1-5-21-2371214144-1427845669-1413801427-1000_Classes\CLSID\{38911D90-E448-11D0-84A3-00DD01104159}\InprocServer32 -> C:\Windows\system32\comct332.ocx (Microsoft Corporation ) CustomCLSID: HKU\S-1-5-21-2371214144-1427845669-1413801427-1000_Classes\CLSID\{38911D92-E448-11D0-84A3-00DD01104159}\InprocServer32 -> C:\Windows\system32\comct332.ocx (Microsoft Corporation ) CustomCLSID: HKU\S-1-5-21-2371214144-1427845669-1413801427-1000_Classes\CLSID\{38F58721-5F93-11D5-9F94-0008C7AA5BD9}\InprocServer32 -> C:\Program Files\Common Files\Intuit\QuickBooks\COMObjectFactory.dll No File CustomCLSID: HKU\S-1-5-21-2371214144-1427845669-1413801427-1000_Classes\CLSID\{38F58742-5F93-11D5-9F94-0008C7AA5BD9}\InprocServer32 -> C:\Program Files\Common Files\Intuit\QuickBooks\ViewSrcColumns.dll No File CustomCLSID: HKU\S-1-5-21-2371214144-1427845669-1413801427-1000_Classes\CLSID\{38F58743-5F93-11D5-9F94-0008C7AA5BD9}\InprocServer32 -> C:\Program Files\Common Files\Intuit\QuickBooks\ViewSrcColumns.dll No File CustomCLSID: HKU\S-1-5-21-2371214144-1427845669-1413801427-1000_Classes\CLSID\{38F58744-5F93-11D5-9F94-0008C7AA5BD9}\InprocServer32 -> C:\Program Files\Common Files\Intuit\QuickBooks\ViewSrcColumns.dll No File CustomCLSID: HKU\S-1-5-21-2371214144-1427845669-1413801427-1000_Classes\CLSID\{3E1A2BBD-5707-4646-B268-518B997DC94D}\localserver32 -> C:\Program Files\Intuit\QuickBooks 2011\qbw32.exe (Intuit Inc.) CustomCLSID: HKU\S-1-5-21-2371214144-1427845669-1413801427-1000_Classes\CLSID\{4716D3CE-55DB-4D2A-818C-87D912895890}\InprocServer32 -> C:\Program Files\Common Files\Intuit\QuickBooks\QBObjProxy.dll (Intuit Inc.) CustomCLSID: HKU\S-1-5-21-2371214144-1427845669-1413801427-1000_Classes\CLSID\{4844F3F7-2161-4AC4-B219-B3B4311782AA}\InprocServer32 -> C:\Program Files\Common Files\Intuit\QuickBooks\QBObjProxy.dll (Intuit Inc.) CustomCLSID: HKU\S-1-5-21-2371214144-1427845669-1413801427-1000_Classes\CLSID\{4A56F19E-9F50-4F43-93C8-050E44AA83A9}\InprocServer32 -> C:\Program Files\Common Files\Intuit\QuickBooks\QBObjProxy.dll (Intuit Inc.) CustomCLSID: HKU\S-1-5-21-2371214144-1427845669-1413801427-1000_Classes\CLSID\{4E5E74B5-8EB5-4859-A335-837EED412620}\InprocServer32 -> C:\Program Files\Common Files\Intuit\QuickBooks\QBObjProxy.dll (Intuit Inc.) CustomCLSID: HKU\S-1-5-21-2371214144-1427845669-1413801427-1000_Classes\CLSID\{5249684A-D7A2-4DBE-94F4-B90923A7BC64}\InprocServer32 -> C:\Program Files\Common Files\Intuit\QuickBooks\BbfDepCalc.ocx No File CustomCLSID: HKU\S-1-5-21-2371214144-1427845669-1413801427-1000_Classes\CLSID\{5428A9ED-6CD8-11D6-9C8A-0001023DCAA2}\InprocServer32 -> C:\Program Files\Common Files\Intuit\QuickBooks\QBObjProxy.dll (Intuit Inc.) CustomCLSID: HKU\S-1-5-21-2371214144-1427845669-1413801427-1000_Classes\CLSID\{547C8F00-5567-4AE3-8BB0-CC3CE2AB9070}\InprocServer32 -> C:\Program Files\Common Files\Intuit\QuickBooks\QBObjProxy.dll (Intuit Inc.) CustomCLSID: HKU\S-1-5-21-2371214144-1427845669-1413801427-1000_Classes\CLSID\{57D590F1-91EB-44CE-8088-AE4AE19D30A1}\InprocServer32 -> C:\Program Files\Common Files\Intuit\QuickBooks\QBObjProxy.dll (Intuit Inc.) CustomCLSID: HKU\S-1-5-21-2371214144-1427845669-1413801427-1000_Classes\CLSID\{596801D8-2C9D-4627-9C67-195CB81B655A}\InprocServer32 -> C:\Program Files\Common Files\Intuit\QuickBooks\QBObjProxy.dll (Intuit Inc.) CustomCLSID: HKU\S-1-5-21-2371214144-1427845669-1413801427-1000_Classes\CLSID\{5B7331FA-8910-4748-A8A4-60B445041F28}\InprocServer32 -> C:\Program Files\Common Files\Intuit\QuickBooks\QBObjProxy.dll (Intuit Inc.) CustomCLSID: HKU\S-1-5-21-2371214144-1427845669-1413801427-1000_Classes\CLSID\{5ED8AC89-B2DE-476D-8EEA-E170B2FCB058}\InprocServer32 -> C:\Program Files\Common Files\Intuit\QuickBooks\QBObjProxy.dll (Intuit Inc.) CustomCLSID: HKU\S-1-5-21-2371214144-1427845669-1413801427-1000_Classes\CLSID\{603C7E80-87C2-11D1-8BE3-0000F8754DA1}\InprocServer32 -> C:\Windows\system32\MSCOMCT2.OCX (Microsoft Corporation) CustomCLSID: HKU\S-1-5-21-2371214144-1427845669-1413801427-1000_Classes\CLSID\{70478C56-E77F-4134-B3E3-3B18EE036D71}\InprocServer32 -> C:\Program Files\Common Files\Intuit\QuickBooks\QBDTRatios.dll No File CustomCLSID: HKU\S-1-5-21-2371214144-1427845669-1413801427-1000_Classes\CLSID\{7694F1CD-A55B-4B7C-8820-A90892EB4E9E}\InprocServer32 -> C:\Program Files\Common Files\Intuit\QuickBooks\QBObjProxy.dll (Intuit Inc.) CustomCLSID: HKU\S-1-5-21-2371214144-1427845669-1413801427-1000_Classes\CLSID\{7DBF8260-30AD-4D1B-876A-8032B87B809F}\InprocServer32 -> C:\Program Files\Common Files\Intuit\QuickBooks\QBObjProxy.dll (Intuit Inc.) CustomCLSID: HKU\S-1-5-21-2371214144-1427845669-1413801427-1000_Classes\CLSID\{828E5386-74CF-4019-B356-C857CD028A7D}\InprocServer32 -> C:\Program Files\Common Files\Intuit\QuickBooks\QBObjProxy.dll (Intuit Inc.) CustomCLSID: HKU\S-1-5-21-2371214144-1427845669-1413801427-1000_Classes\CLSID\{82CC31B3-53B4-4161-A4E9-6B4F1290A6C8}\InprocServer32 -> C:\Program Files\Common Files\Intuit\QuickBooks\QBObjProxy.dll (Intuit Inc.) CustomCLSID: HKU\S-1-5-21-2371214144-1427845669-1413801427-1000_Classes\CLSID\{84B5A313-CD5D-4904-8BA2-AFDC81C1B309}\InprocServer32 -> C:\Program Files\Citrix\GoToMeeting\1082\G2MOutlookAddin.dll (Citrix Online, a division of Citrix Systems, Inc.) CustomCLSID: HKU\S-1-5-21-2371214144-1427845669-1413801427-1000_Classes\CLSID\{8572570D-12D9-4F2C-8BB8-EB8848178B94}\InprocServer32 -> C:\Program Files\Common Files\Intuit\QuickBooks\QBObjProxy.dll (Intuit Inc.) CustomCLSID: HKU\S-1-5-21-2371214144-1427845669-1413801427-1000_Classes\CLSID\{8E590317-1329-11D1-B70B-00805F29CD16}\localserver32 -> C:\Program Files\Intuit\QuickBooks 2011\qbw32.exe (Intuit Inc.) CustomCLSID: HKU\S-1-5-21-2371214144-1427845669-1413801427-1000_Classes\CLSID\{8FEDE364-AB37-4551-80C9-6D468E222AB2}\InprocServer32 -> C:\Program Files\Common Files\Intuit\QuickBooks\QBObjProxy.dll (Intuit Inc.) CustomCLSID: HKU\S-1-5-21-2371214144-1427845669-1413801427-1000_Classes\CLSID\{9D9B61F2-9E2B-492A-81B3-AA5A1CCFBC3A}\InprocServer32 -> C:\Program Files\Common Files\Intuit\QuickBooks\QBObjProxy.dll (Intuit Inc.) CustomCLSID: HKU\S-1-5-21-2371214144-1427845669-1413801427-1000_Classes\CLSID\{9D9B61F3-9E2B-492A-81B3-AA5A1CCFBC3A}\InprocServer32 -> C:\Program Files\Common Files\Intuit\QuickBooks\QBObjProxy.dll (Intuit Inc.) CustomCLSID: HKU\S-1-5-21-2371214144-1427845669-1413801427-1000_Classes\CLSID\{9D9B61F4-9E2B-492A-81B3-AA5A1CCFBC3A}\InprocServer32 -> C:\Program Files\Common Files\Intuit\QuickBooks\QBObjProxy.dll (Intuit Inc.) CustomCLSID: HKU\S-1-5-21-2371214144-1427845669-1413801427-1000_Classes\CLSID\{9D9B61F5-9E2B-492A-81B3-AA5A1CCFBC3A}\InprocServer32 -> C:\Program Files\Common Files\Intuit\QuickBooks\QBObjProxy.dll (Intuit Inc.) CustomCLSID: HKU\S-1-5-21-2371214144-1427845669-1413801427-1000_Classes\CLSID\{9D9B61F6-9E2B-492A-81B3-AA5A1CCFBC3A}\InprocServer32 -> C:\Program Files\Common Files\Intuit\QuickBooks\QBObjProxy.dll (Intuit Inc.) CustomCLSID: HKU\S-1-5-21-2371214144-1427845669-1413801427-1000_Classes\CLSID\{9D9B61F7-9E2B-492A-81B3-AA5A1CCFBC3A}\InprocServer32 -> C:\Program Files\Common Files\Intuit\QuickBooks\QBObjProxy.dll (Intuit Inc.) CustomCLSID: HKU\S-1-5-21-2371214144-1427845669-1413801427-1000_Classes\CLSID\{A58C4EAB-2DB8-445E-9CAE-2AE197A5C708}\InprocServer32 -> C:\Program Files\Common Files\Intuit\QuickBooks\BbfDepCalc.ocx No File CustomCLSID: HKU\S-1-5-21-2371214144-1427845669-1413801427-1000_Classes\CLSID\{A63E42D0-9C63-47B5-ABF2-0C839EC20778}\InprocServer32 -> C:\Program Files\Common Files\Intuit\QuickBooks\QBObjProxy.dll (Intuit Inc.) CustomCLSID: HKU\S-1-5-21-2371214144-1427845669-1413801427-1000_Classes\CLSID\{A63E42D2-9C63-47B5-ABF2-0C839EC20778}\InprocServer32 -> C:\Program Files\Common Files\Intuit\QuickBooks\QBObjProxy.dll (Intuit Inc.) CustomCLSID: HKU\S-1-5-21-2371214144-1427845669-1413801427-1000_Classes\CLSID\{AF5E0A13-CEAB-47CE-991D-77E82CD1BF3F}\InprocServer32 -> C:\Program Files\Common Files\Intuit\QuickBooks\QBObjProxy.dll (Intuit Inc.) CustomCLSID: HKU\S-1-5-21-2371214144-1427845669-1413801427-1000_Classes\CLSID\{B09DE715-87C1-11D1-8BE3-0000F8754DA1}\InprocServer32 -> C:\Windows\system32\MSCOMCT2.OCX (Microsoft Corporation) CustomCLSID: HKU\S-1-5-21-2371214144-1427845669-1413801427-1000_Classes\CLSID\{B10BFAC3-EFF1-40D9-ADA0-BEBE037C24CA}\InprocServer32 -> C:\Program Files\Common Files\Intuit\QuickBooks\QBObjProxy.dll (Intuit Inc.) CustomCLSID: HKU\S-1-5-21-2371214144-1427845669-1413801427-1000_Classes\CLSID\{B5B8593C-89BC-44a7-BCE3-32FE4FED7C5C}\InprocServer32 -> C:\Users\Tim\AppData\Local\Workspace\wbetoolsax.dll (Starfield Technology, LLC) CustomCLSID: HKU\S-1-5-21-2371214144-1427845669-1413801427-1000_Classes\CLSID\{B66F2BF1-91EB-44CE-8088-AE4AE19D30A1}\InprocServer32 -> C:\Program Files\Common Files\Intuit\QuickBooks\QBObjProxy.dll (Intuit Inc.) CustomCLSID: HKU\S-1-5-21-2371214144-1427845669-1413801427-1000_Classes\CLSID\{BCD594EA-15C3-4FD8-B92B-114BB9694537}\InprocServer32 -> C:\Program Files\Common Files\Intuit\QuickBooks\QBCtrIPMDS2.dll No File CustomCLSID: HKU\S-1-5-21-2371214144-1427845669-1413801427-1000_Classes\CLSID\{CE18240D-F3F8-43AE-9EA0-A0DC85A95375}\InprocServer32 -> C:\Program Files\Common Files\Intuit\QuickBooks\QBDTRatios.dll No File CustomCLSID: HKU\S-1-5-21-2371214144-1427845669-1413801427-1000_Classes\CLSID\{D14FD6B3-6A9F-4537-9460-07B836707127}\InprocServer32 -> C:\Program Files\Common Files\Intuit\QuickBooks\QBObjProxy.dll (Intuit Inc.) CustomCLSID: HKU\S-1-5-21-2371214144-1427845669-1413801427-1000_Classes\CLSID\{D4A12AAF-E15E-470B-A6B6-63032186F91F}\InprocServer32 -> C:\Program Files\Common Files\Intuit\QuickBooks\QBObjProxy.dll (Intuit Inc.) CustomCLSID: HKU\S-1-5-21-2371214144-1427845669-1413801427-1000_Classes\CLSID\{D9B9C060-0954-11D3-9E07-00104BD2BE34}\InprocServer32 -> C:\Program Files\Common Files\Intuit\QuickBooks\ViewSource.dll (Intuit, Inc.) CustomCLSID: HKU\S-1-5-21-2371214144-1427845669-1413801427-1000_Classes\CLSID\{D9BC6F81-A54B-11D4-A516-0050DA68678D}\InprocServer32 -> C:\Program Files\Common Files\Intuit\QuickBooks\cominifile.dll (Intuit, Inc.) CustomCLSID: HKU\S-1-5-21-2371214144-1427845669-1413801427-1000_Classes\CLSID\{D9BC6F84-A54B-11D4-A516-0050DA68678D}\InprocServer32 -> C:\Program Files\Common Files\Intuit\QuickBooks\cominifile.dll (Intuit, Inc.) CustomCLSID: HKU\S-1-5-21-2371214144-1427845669-1413801427-1000_Classes\CLSID\{D9BC6F87-A54B-11D4-A516-0050DA68678D}\InprocServer32 -> C:\Program Files\Common Files\Intuit\QuickBooks\cominifile.dll (Intuit, Inc.) CustomCLSID: HKU\S-1-5-21-2371214144-1427845669-1413801427-1000_Classes\CLSID\{D9BC6FA1-A54B-11D4-A516-0050DA68678D}\InprocServer32 -> C:\Program Files\Common Files\Intuit\QuickBooks\GraphSeriesCol.dll (Intuit, Inc.) CustomCLSID: HKU\S-1-5-21-2371214144-1427845669-1413801427-1000_Classes\CLSID\{D9BC6FA6-A54B-11D4-A516-0050DA68678D}\InprocServer32 -> C:\Program Files\Common Files\Intuit\QuickBooks\GraphSeriesCol.dll (Intuit, Inc.) CustomCLSID: HKU\S-1-5-21-2371214144-1427845669-1413801427-1000_Classes\CLSID\{D9BC6FB2-A54B-11D4-A516-0050DA68678D}\InprocServer32 -> C:\Program Files\Common Files\Intuit\QuickBooks\StorageClasses.dll (Intuit, Inc.) CustomCLSID: HKU\S-1-5-21-2371214144-1427845669-1413801427-1000_Classes\CLSID\{D9BC6FC1-A54B-11D4-A516-0050DA68678D}\InprocServer32 -> C:\Program Files\Common Files\Intuit\QuickBooks\ViewSrcColumns.dll No File CustomCLSID: HKU\S-1-5-21-2371214144-1427845669-1413801427-1000_Classes\CLSID\{DCB2B478-EFF6-48F6-B718-13E98876854E}\InprocServer32 -> C:\Program Files\Common Files\Intuit\QuickBooks\QBObjProxy.dll (Intuit Inc.) CustomCLSID: HKU\S-1-5-21-2371214144-1427845669-1413801427-1000_Classes\CLSID\{DFD0AF10-B86C-4AF3-B609-1348D513E565}\InprocServer32 -> C:\Program Files\Common Files\Intuit\QuickBooks\QBObjProxy.dll (Intuit Inc.) CustomCLSID: HKU\S-1-5-21-2371214144-1427845669-1413801427-1000_Classes\CLSID\{E1A173E1-D957-4C3E-A098-43756A3DB454}\InprocServer32 -> C:\Program Files\Common Files\Intuit\QuickBooks\QBObjProxy.dll (Intuit Inc.) CustomCLSID: HKU\S-1-5-21-2371214144-1427845669-1413801427-1000_Classes\CLSID\{E1A173E3-D957-4C3E-A098-43756A3DB454}\InprocServer32 -> C:\Program Files\Common Files\Intuit\QuickBooks\QBObjProxy.dll (Intuit Inc.) CustomCLSID: HKU\S-1-5-21-2371214144-1427845669-1413801427-1000_Classes\CLSID\{E6E4DF8B-17CE-43ED-B2C7-2CE10457552D}\InprocServer32 -> C:\Program Files\Common Files\Intuit\QuickBooks\BbfDepCalc.ocx No File CustomCLSID: HKU\S-1-5-21-2371214144-1427845669-1413801427-1000_Classes\CLSID\{E7D2D0F6-B754-438D-B5C9-BF848D311A0F}\InprocServer32 -> C:\Program Files\Common Files\Intuit\QuickBooks\QBDTRatios.dll No File CustomCLSID: HKU\S-1-5-21-2371214144-1427845669-1413801427-1000_Classes\CLSID\{EADA914E-5B08-4E85-8440-5A087504DF87}\InprocServer32 -> C:\Program Files\Common Files\Intuit\QuickBooks\QBObjProxy.dll (Intuit Inc.) CustomCLSID: HKU\S-1-5-21-2371214144-1427845669-1413801427-1000_Classes\CLSID\{EAEF733D-5B08-4E85-8440-5A087504DF87}\InprocServer32 -> C:\Program Files\Common Files\Intuit\QuickBooks\QBObjProxy.dll (Intuit Inc.) CustomCLSID: HKU\S-1-5-21-2371214144-1427845669-1413801427-1000_Classes\CLSID\{F2C593CC-74B2-4F71-8556-DD4D426D0409}\InprocServer32 -> C:\Program Files\Common Files\Intuit\QuickBooks\QBObjProxy.dll (Intuit Inc.) CustomCLSID: HKU\S-1-5-21-2371214144-1427845669-1413801427-1000_Classes\CLSID\{F9EF917A-E55E-4242-B205-E778395AC313}\InprocServer32 -> C:\Program Files\Common Files\Intuit\QuickBooks\BbfDepCalc.ocx No File CustomCLSID: HKU\S-1-5-21-2371214144-1427845669-1413801427-1000_Classes\CLSID\{FAC93D42-FFC2-11d1-9DEB-0008C7A08EBA}\localserver32 -> C:\Program Files\Intuit\QuickBooks 2011\qbw32.exe (Intuit Inc.) CustomCLSID: HKU\S-1-5-21-2371214144-1427845669-1413801427-1000_Classes\CLSID\{FB17915F-06D1-4214-A902-CC5EE05186E9}\InprocServer32 -> C:\Program Files\Common Files\Intuit\QuickBooks\QBObjProxy.dll (Intuit Inc.) CustomCLSID: HKU\S-1-5-21-2371214144-1427845669-1413801427-1000_Classes\CLSID\{FE38753A-44A3-11D1-B5B7-0000C09000C4}\InprocServer32 -> C:\Windows\system32\MSCOMCT2.OCX (Microsoft Corporation) ==================== Restore Points ========================= 29-08-2014 07:00:21 Windows Update 02-09-2014 12:33:33 Windows Update 05-09-2014 12:54:57 Windows Update 08-09-2014 20:47:27 Windows Update 12-09-2014 07:00:26 Windows Update 15-09-2014 12:50:29 Windows Update 18-09-2014 18:17:40 Windows Update 22-09-2014 13:02:14 Windows Update 25-09-2014 07:00:28 Windows Update 29-09-2014 13:50:27 Windows Update 01-10-2014 15:08:22 Windows Update ==================== Hosts content: ========================== (If needed Hosts: directive could be included in the fixlist to reset Hosts.) 2009-07-13 22:04 - 2013-01-26 16:37 - 00000027 ____A C:\Windows\system32\Drivers\etc\hosts 127.0.0.1 localhost ==================== Scheduled Tasks (whitelisted) ============= (If an entry is included in the fixlist, it will be removed from registry. Any associated file could be listed separately to be moved.) Task: {75E8126F-E157-4E58-8591-798F28DB0F4A} - System32\Tasks\CCleanerSkipUAC => C:\Program Files\CCleaner\CCleaner.exe [2014-09-26] (Piriform Ltd) Task: {9A85F499-DC49-47B1-9053-358C49DBFC33} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2014-09-24] (Adobe Systems Incorporated) (If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.) Task: C:\Windows\Tasks\Adobe Flash Player Updater.job => C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe ==================== Loaded Modules (whitelisted) ============= 2012-11-05 11:02 - 2012-11-05 11:02 - 00024064 _____ () C:\Windows\System32\sxs2ml3.dll 2011-12-01 16:51 - 2009-04-02 10:58 - 00094208 _____ () C:\Windows\System32\XeroxFaxPort.dll 2010-03-29 13:03 - 2010-03-29 13:03 - 00274432 _____ () C:\Windows\system32\SaMinDrv.dll 2011-12-01 16:51 - 2010-01-26 02:53 - 00253952 _____ () C:\Program Files\Xerox\Xerox WorkCentre 3220\PSU\Scan2pc.exe 2011-12-01 16:51 - 2008-10-28 02:02 - 00184320 _____ () C:\Program Files\Xerox\Xerox WorkCentre 3220\PSU\IMFilter.dll 2011-12-01 16:51 - 2008-10-28 02:03 - 01384520 _____ () C:\Program Files\Xerox\Xerox WorkCentre 3220\PSU\ssole.dll ==================== Alternate Data Streams (whitelisted) ========= (If an entry is included in the fixlist, only the Alternate Data Streams will be removed.) ==================== Safe Mode (whitelisted) =================== (If an item is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.) HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\atashost => ""="Service" ==================== EXE Association (whitelisted) ============= (If an entry is included in the fixlist, the default will be restored. None default entries will be removed.) ==================== MSCONFIG/TASK MANAGER disabled items ========= (Currently there is no automatic fix for this section.) MSCONFIG\startupfolder: C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^Intuit Data Protect.lnk => C:\Windows\pss\Intuit Data Protect.lnk.CommonStartup MSCONFIG\startupfolder: C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^QuickBooks Update Agent.lnk => C:\Windows\pss\QuickBooks Update Agent.lnk.CommonStartup MSCONFIG\startupfolder: C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^QuickBooks_Standard_21.lnk => C:\Windows\pss\QuickBooks_Standard_21.lnk.CommonStartup MSCONFIG\startupreg: Adobe ARM => "C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" MSCONFIG\startupreg: Intuit SyncManager => C:\Program Files\Common Files\Intuit\Sync\IntuitSyncManager.exe startup MSCONFIG\startupreg: RIMBBLaunchAgent.exe => C:\Program Files\Common Files\Research In Motion\USB Drivers\RIMBBLaunchAgent.exe MSCONFIG\startupreg: SunJavaUpdateSched => "C:\Program Files\Common Files\Java\Java Update\jusched.exe" ========================= Accounts: ========================== Administrator (S-1-5-21-2371214144-1427845669-1413801427-500 - Administrator - Disabled) Guest (S-1-5-21-2371214144-1427845669-1413801427-501 - Limited - Disabled) HomeGroupUser$ (S-1-5-21-2371214144-1427845669-1413801427-1002 - Limited - Enabled) Tim (S-1-5-21-2371214144-1427845669-1413801427-1000 - Administrator - Enabled) => C:\Users\Tim ==================== Faulty Device Manager Devices ============= ==================== Event log errors: ========================= Application errors: ================== Error: (10/01/2014 01:58:18 PM) (Source: Windows Search Service) (EventID: 7010) (User: ) Description: The index cannot be initialized. Details: The content index catalog is corrupt. (HRESULT : 0xc0041801) (0xc0041801) Error: (10/01/2014 01:58:18 PM) (Source: Windows Search Service) (EventID: 3058) (User: ) Description: The application cannot be initialized. Context: Windows Application Details: The content index catalog is corrupt. (HRESULT : 0xc0041801) (0xc0041801) Error: (10/01/2014 01:58:18 PM) (Source: Windows Search Service) (EventID: 3028) (User: ) Description: The gatherer object cannot be initialized. Context: Windows Application, SystemIndex Catalog Details: The content index catalog is corrupt. (HRESULT : 0xc0041801) (0xc0041801) Error: (10/01/2014 01:58:18 PM) (Source: Windows Search Service) (EventID: 3029) (User: ) Description: The plug-in in <Search.TripoliIndexer> cannot be initialized. Context: Windows Application, SystemIndex Catalog Details: Element not found. (HRESULT : 0x80070490) (0x80070490) Error: (10/01/2014 01:58:17 PM) (Source: Windows Search Service) (EventID: 3029) (User: ) Description: The plug-in in <Search.JetPropStore> cannot be initialized. Context: Windows Application, SystemIndex Catalog Details: The content index catalog is corrupt. (HRESULT : 0xc0041801) (0xc0041801) Error: (10/01/2014 01:58:17 PM) (Source: Windows Search Service) (EventID: 9002) (User: ) Description: The Windows Search Service cannot load the property store information. Context: Windows Application, SystemIndex Catalog Details: The content index database is corrupt. (HRESULT : 0xc0041800) (0xc0041800) Error: (10/01/2014 01:58:17 PM) (Source: Windows Search Service) (EventID: 7042) (User: ) Description: The Windows Search Service is being stopped because there is a problem with the indexer: The catalog is corrupt. Details: The content index catalog is corrupt. (HRESULT : 0xc0041801) (0xc0041801) Error: (10/01/2014 01:58:17 PM) (Source: Windows Search Service) (EventID: 7040) (User: ) Description: The search service has detected corrupted data files in the index {id=4700}. The service will attempt to automatically correct this problem by rebuilding the index. Details: The content index catalog is corrupt. (HRESULT : 0xc0041801) (0xc0041801) Error: (10/01/2014 01:58:17 PM) (Source: Windows Search Service) (EventID: 9000) (User: ) Description: The Windows Search Service cannot open the Jet property store. Details: 0x%08x (0xc0041800 - The content index database is corrupt. (HRESULT : 0xc0041800)) Error: (10/01/2014 01:58:17 PM) (Source: ESENT) (EventID: 455) (User: ) Description: Windows (3320) Windows: Error -1811 occurred while opening logfile C:\ProgramData\Microsoft\Search\Data\Applications\Windows\MSS0000B.log. System errors: ============= Error: (10/01/2014 01:58:18 PM) (Source: Service Control Manager) (EventID: 7031) (User: ) Description: The Windows Search service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 30000 milliseconds: Restart the service. Error: (10/01/2014 01:58:18 PM) (Source: Service Control Manager) (EventID: 7024) (User: ) Description: The Windows Search service terminated with service-specific error %%-1073473535. Error: (10/01/2014 11:21:34 AM) (Source: Service Control Manager) (EventID: 7031) (User: ) Description: The Windows Search service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 30000 milliseconds: Restart the service. Error: (10/01/2014 11:21:34 AM) (Source: Service Control Manager) (EventID: 7024) (User: ) Description: The Windows Search service terminated with service-specific error %%-1073473535. Error: (09/29/2014 01:35:47 PM) (Source: Service Control Manager) (EventID: 7011) (User: ) Description: A timeout (30000 milliseconds) was reached while waiting for a transaction response from the lmhosts service. Error: (09/23/2014 02:06:52 PM) (Source: Disk) (EventID: 7) (User: ) Description: The device, \Device\Harddisk0\DR0, has a bad block. Error: (09/23/2014 00:18:13 PM) (Source: Schannel) (EventID: 4120) (User: NT AUTHORITY) Description: The following fatal alert was generated: 40. The internal error state is 252. Error: (09/23/2014 00:18:13 PM) (Source: Schannel) (EventID: 4120) (User: NT AUTHORITY) Description: The following fatal alert was generated: 40. The internal error state is 252. Error: (09/22/2014 10:58:08 AM) (Source: Service Control Manager) (EventID: 7031) (User: ) Description: The Windows Search service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 30000 milliseconds: Restart the service. Error: (09/22/2014 10:58:08 AM) (Source: Service Control Manager) (EventID: 7024) (User: ) Description: The Windows Search service terminated with service-specific error %%-1073473535. Microsoft Office Sessions: ========================= Error: (10/01/2014 01:58:18 PM) (Source: Windows Search Service) (EventID: 7010) (User: ) Description: Details: The content index catalog is corrupt. (HRESULT : 0xc0041801) (0xc0041801) Error: (10/01/2014 01:58:18 PM) (Source: Windows Search Service) (EventID: 3058) (User: ) Description: Context: Windows Application Details: The content index catalog is corrupt. (HRESULT : 0xc0041801) (0xc0041801) Error: (10/01/2014 01:58:18 PM) (Source: Windows Search Service) (EventID: 3028) (User: ) Description: Context: Windows Application, SystemIndex Catalog Details: The content index catalog is corrupt. (HRESULT : 0xc0041801) (0xc0041801) Error: (10/01/2014 01:58:18 PM) (Source: Windows Search Service) (EventID: 3029) (User: ) Description: Context: Windows Application, SystemIndex Catalog Details: Element not found. (HRESULT : 0x80070490) (0x80070490) Search.TripoliIndexer Error: (10/01/2014 01:58:17 PM) (Source: Windows Search Service) (EventID: 3029) (User: ) Description: Context: Windows Application, SystemIndex Catalog Details: The content index catalog is corrupt. (HRESULT : 0xc0041801) (0xc0041801) Search.JetPropStore Error: (10/01/2014 01:58:17 PM) (Source: Windows Search Service) (EventID: 9002) (User: ) Description: Context: Windows Application, SystemIndex Catalog Details: The content index database is corrupt. (HRESULT : 0xc0041800) (0xc0041800) Error: (10/01/2014 01:58:17 PM) (Source: Windows Search Service) (EventID: 7042) (User: ) Description: Details: The content index catalog is corrupt. (HRESULT : 0xc0041801) (0xc0041801) The catalog is corrupt Error: (10/01/2014 01:58:17 PM) (Source: Windows Search Service) (EventID: 7040) (User: ) Description: Details: The content index catalog is corrupt. (HRESULT : 0xc0041801) (0xc0041801) 4700 Error: (10/01/2014 01:58:17 PM) (Source: Windows Search Service) (EventID: 9000) (User: ) Description: Details: 0x%08x (0xc0041800 - The content index database is corrupt. (HRESULT : 0xc0041800)) Error: (10/01/2014 01:58:17 PM) (Source: ESENT) (EventID: 455) (User: ) Description: Windows3320Windows: C:\ProgramData\Microsoft\Search\Data\Applications\Windows\MSS0000B.log-1811 CodeIntegrity Errors: =================================== Date: 2012-11-14 20:51:39.788 Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\wininet.dll because the set of per-page image hashes could not be found on the system. Date: 2012-11-14 20:43:41.525 Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\wininet.dll because the set of per-page image hashes could not be found on the system. Date: 2012-11-14 20:39:19.300 Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\wininet.dll because the set of per-page image hashes could not be found on the system. ==================== Memory info =========================== Processor: Intel® Core2 Duo CPU E7600 @ 3.06GHz Percentage of memory in use: 48% Total physical RAM: 3291.65 MB Available physical RAM: 1682.23 MB Total Pagefile: 6581.59 MB Available Pagefile: 4705.84 MB Total Virtual: 2047.88 MB Available Virtual: 1918.99 MB ==================== Drives ================================ Drive c: () (Fixed) (Total:297.99 GB) (Free:256.84 GB) NTFS Drive e: (USB20FD) (Removable) (Total:0.96 GB) (Free:0.93 GB) FAT Drive f: (USB20FD) (Removable) (Total:7.59 GB) (Free:7.46 GB) FAT32 ==================== MBR & Partition Table ================== ======================================================== Disk: 1 (Size: 984 MB) (Disk ID: 00000000) Partition: GPT Partition Type. ======================================================== Disk: 2 (MBR Code: Windows XP) (Size: 7.6 GB) (Disk ID: C3072E18) Partition 1: (Active) - (Size=7.6 GB) - (Type=0C) ==================== End Of Log ============================
  4. Hello, I seem to have an issue and I'm not quite sure if I really have an issue or if I'm, perhaps, getting a false positive. Microsoft Security Essentials occasionally pops up and says, "threats being cleaned." When I check to see what items have been detected, the listing reads: Trojan:DOS/Alureon.J with this error code, "Error code 0x80508023. The program could not find the malware and other potentially unwanted software on this computer." So, I then ran an MBAM scan and got nothing. I also ran an MSE scan and it too came back clean. Do I really have an issue? Thanks for your help.
  5. I ran the OTCleanit tool and it apprears it only deleted roguekiller as hijackthis and adwcleaner are still on the desktop. How should i go about removing these?
  6. No threats were found with the ESET Scanner.
  7. Malwarebytes Anti-Malware 1.70.0.1100 www.malwarebytes.org Database version: v2013.01.26.11 Windows 7 Service Pack 1 x86 NTFS Internet Explorer 8.0.7601.17514 Tim :: TSR [administrator] 1/26/2013 6:23:31 PM mbam-log-2013-01-26 (18-23-31).txt Scan type: Quick scan Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM Scan options disabled: P2P Objects scanned: 202630 Time elapsed: 2 minute(s), 48 second(s) Memory Processes Detected: 0 (No malicious items detected) Memory Modules Detected: 0 (No malicious items detected) Registry Keys Detected: 0 (No malicious items detected) Registry Values Detected: 0 (No malicious items detected) Registry Data Items Detected: 0 (No malicious items detected) Folders Detected: 0 (No malicious items detected) Files Detected: 0 (No malicious items detected) (end) Logfile of Trend Micro HijackThis v2.0.4 Scan saved at 6:27:43 PM, on 1/26/2013 Platform: Windows 7 SP1 (WinNT 6.00.3505) MSIE: Internet Explorer v8.00 (8.00.7601.17514) Boot mode: Normal Running processes: C:\Windows\system32\Dwm.exe C:\Windows\system32\taskhost.exe C:\Program Files\Realtek\Audio\HDA\RtDCpl.exe C:\Windows\System32\igfxtray.exe C:\Windows\System32\hkcmd.exe C:\Windows\System32\igfxpers.exe C:\Program Files\Xerox\Xerox WorkCentre 3220\PSU\Scan2pc.exe C:\Program Files\Intuit\QuickBooks 2011\qbw32.exe C:\Windows\system32\taskhost.exe C:\Windows\Explorer.exe C:\Program Files\Microsoft Security Client\msseces.exe C:\Users\Tim\Desktop\HijackThis.exe R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896 R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157 R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll O2 - BHO: Java Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre7\bin\ssv.dll O2 - BHO: Java Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll O4 - HKLM\..\Run: [RtHDVCpl] C:\Program Files\Realtek\Audio\HDA\RtDCpl.exe O4 - HKLM\..\Run: [igfxTray] C:\Windows\system32\igfxtray.exe O4 - HKLM\..\Run: [HotKeysCmds] C:\Windows\system32\hkcmd.exe O4 - HKLM\..\Run: [Persistence] C:\Windows\system32\igfxpers.exe O4 - HKLM\..\Run: [stanley-H_XRX_S2P] C:\Program Files\Xerox\Xerox WorkCentre 3220\PSU\Scan2pc.exe O4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Program Files\Common Files\Java\Java Update\jusched.exe" O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~3\OFFICE11\EXCEL.EXE/3000 O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\OFFICE11\REFIEBAR.DLL O16 - DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} (OnlineScanner Control) - http://download.eset.com/special/eos/OnlineScanner.cab O16 - DPF: {A1B8A30B-8AAA-4A3E-8869-1DA509E8A011} (Crystal ActiveX Report Viewer Control 10.0) - https://reports.igrs-ips.com/crystalreportviewers10/ActiveXControls/ActiveXViewer.cab O18 - Protocol: intu-help-qb4 - {ACE22922-D07C-4860-B51B-8CF472FEC2CB} - C:\Program Files\Intuit\QuickBooks 2011\HelpAsyncPluggableProtocol.dll O18 - Protocol: qbwc - {FC598A64-626C-4447-85B8-53150405FD57} - mscoree.dll (file missing) O23 - Service: Adobe Acrobat Update Service (AdobeARMservice) - Adobe Systems Incorporated - C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe O23 - Service: Adobe Flash Player Update Service (AdobeFlashPlayerUpdateSvc) - Adobe Systems Incorporated - C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe O23 - Service: QBCFMonitorService - Intuit - C:\Program Files\Common Files\Intuit\QuickBooks\QBCFMonitorService.exe O23 - Service: Intuit QuickBooks FCS (QBFCService) - Intuit Inc. - C:\Program Files\Common Files\Intuit\QuickBooks\FCS\Intuit.QuickBooks.FCS.exe O23 - Service: QBIDPService (QBVSS) - Intuit Inc. - C:\Program Files\Common Files\Intuit\DataProtect\QBIDPService.exe O23 - Service: Sws.Agent.Service - Southwest Securities, Inc. - C:\Program Files\SWS\SWSAgent\Sws.Agent.Service.exe -- End of file - 3806 bytes
  8. No problems thus far. I have been searching the internet and haven't had MSE show a threat was quarantined. I think we're good for now. Thanks again. Your help is much appreciated.
  9. ComboFix 13-01-26.02 - Tim 01/26/2013 16:27:47.3.2 - x86 Microsoft Windows 7 Home Premium 6.1.7601.1.1252.1.1033.18.3292.2225 [GMT -5:00] Running from: c:\users\Tim\Desktop\ComboFix.exe Command switches used :: c:\users\Tim\Desktop\CFScript.txt AV: Microsoft Security Essentials *Disabled/Updated* {B140BF4E-23BB-4198-90AB-A51A4C60A69C} SP: Microsoft Security Essentials *Disabled/Updated* {0A215EAA-0581-4E16-AA1B-9E6837E7EC21} SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46} . . ((((((((((((((((((((((((( Files Created from 2012-12-26 to 2013-01-26 ))))))))))))))))))))))))))))))) . . 2013-01-26 20:36 . 2010-11-20 21:29 108544 ----a-w- c:\windows\system32\drivers\cdrom.sys 2013-01-09 15:12 . 2012-12-07 12:20 2576384 ----a-w- c:\windows\system32\gameux.dll 2013-01-03 00:47 . 2013-01-03 00:47 -------- d-----w- c:\users\Tim\AppData\Local\Programs . . . (((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2013-01-26 20:49 . 2012-12-10 18:47 859552 ----a-w- c:\windows\system32\npDeployJava1.dll 2013-01-09 18:11 . 2012-03-29 18:05 697864 ----a-w- c:\windows\system32\FlashPlayerApp.exe 2013-01-09 18:11 . 2011-12-01 20:12 74248 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl 2012-12-16 14:13 . 2012-12-22 08:00 295424 ----a-w- c:\windows\system32\atmfd.dll 2012-12-16 14:13 . 2012-12-22 08:00 34304 ----a-w- c:\windows\system32\atmlib.dll 2012-12-14 21:49 . 2011-12-01 20:10 21104 ----a-w- c:\windows\system32\drivers\mbam.sys 2012-12-10 18:46 . 2011-12-01 20:12 746984 ----a-w- c:\windows\system32\deployJava1.dll 2012-11-28 17:06 . 2012-11-28 17:06 740840 ------w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{2936B494-2B6C-4C2E-9FED-65273CF1A707}\gapaengine.dll 2012-11-12 11:52 . 2012-12-12 13:00 1638912 ----a-w- c:\windows\system32\mshtml.tlb 2012-11-09 04:42 . 2012-12-12 13:00 2048 ----a-w- c:\windows\system32\tzres.dll 2012-11-08 16:29 . 2012-11-08 16:29 1402312 ----a-w- c:\windows\system32\msxml4.dll 2012-11-02 05:11 . 2012-12-12 13:00 376832 ----a-w- c:\windows\system32\dpnet.dll . . ((((((((((((((((((((((((((((((((((((( Reg Loading Points )))))))))))))))))))))))))))))))))))))))))))))))))) . . *Note* empty entries & legit default entries are not shown REGEDIT4 . [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "RtHDVCpl"="c:\program files\Realtek\Audio\HDA\RtDCpl.exe" [2009-08-26 2691072] "IgfxTray"="c:\windows\system32\igfxtray.exe" [2011-02-12 137752] "HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2011-02-12 171032] "Persistence"="c:\windows\system32\igfxpers.exe" [2011-02-12 172568] "Stanley-H_XRX_S2P"="c:\program files\Xerox\Xerox WorkCentre 3220\PSU\Scan2pc.exe" [2010-01-26 253952] "SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2012-07-03 252848] "Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2012-12-18 946352] . [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system] "ConsentPromptBehaviorAdmin"= 5 (0x5) "ConsentPromptBehaviorUser"= 3 (0x3) "EnableUIADesktopToggle"= 0 (0x0) . [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MsMpSvc] @="Service" . [HKLM\~\startupfolder\C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^Intuit Data Protect.lnk] path=c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\Intuit Data Protect.lnk backup=c:\windows\pss\Intuit Data Protect.lnk.CommonStartup backupExtension=.CommonStartup . [HKLM\~\startupfolder\C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^QuickBooks Update Agent.lnk] path=c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\QuickBooks Update Agent.lnk backup=c:\windows\pss\QuickBooks Update Agent.lnk.CommonStartup backupExtension=.CommonStartup . [HKLM\~\startupfolder\C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^QuickBooks_Standard_21.lnk] path=c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\QuickBooks_Standard_21.lnk backup=c:\windows\pss\QuickBooks_Standard_21.lnk.CommonStartup backupExtension=.CommonStartup . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe ARM] 2012-12-18 19:08 946352 ----a-w- c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Intuit SyncManager] 2012-10-08 17:45 2643320 ----a-w- c:\program files\Common Files\Intuit\Sync\IntuitSyncManager.exe . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RIMBBLaunchAgent.exe] 2011-11-02 07:00 90448 ----a-w- c:\program files\Common Files\Research In Motion\USB Drivers\RIMBBLaunchAgent.exe . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched] 2012-07-03 14:04 252848 ----a-w- c:\program files\Common Files\Java\Java Update\jusched.exe . R3 NisDrv;Microsoft Network Inspection System;c:\windows\system32\DRIVERS\NisDrvWFP.sys [x] R3 NisSrv;Microsoft Network Inspection;c:\program files\Microsoft Security Client\NisSrv.exe [x] R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [x] R3 TsUsbGD;Remote Desktop Generic USB Device;c:\windows\system32\drivers\TsUsbGD.sys [x] R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe [x] S2 QBVSS;QBIDPService;c:\program files\Common Files\Intuit\DataProtect\QBIDPService.exe [x] S2 SSPORT;SSPORT;c:\windows\system32\Drivers\SSPORT.sys [x] S2 Sws.Agent.Service;Sws.Agent.Service;c:\program files\SWS\SWSAgent\Sws.Agent.Service.exe [x] S3 k57nd60x;Broadcom NetLink Gigabit Ethernet - NDIS 6.0;c:\windows\system32\DRIVERS\k57nd60x.sys [x] . . Contents of the 'Scheduled Tasks' folder . 2013-01-26 c:\windows\Tasks\Adobe Flash Player Updater.job - c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2012-03-29 18:11] . . ------- Supplementary Scan ------- . uStart Page = hxxp://www.google.com/ IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~3\OFFICE11\EXCEL.EXE/3000 TCP: DhcpNameServer = 192.168.1.1 DPF: {A1B8A30B-8AAA-4A3E-8869-1DA509E8A011} - hxxps://reports.igrs-ips.com/crystalreportviewers10/ActiveXControls/ActiveXViewer.cab . . --------------------- LOCKED REGISTRY KEYS --------------------- . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}] @Denied: (A 2) (Everyone) @="FlashBroker" "LocalizedString"="@c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil32_11_5_502_146_ActiveX.exe,-101" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation] "Enabled"=dword:00000001 . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32] @="c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil32_11_5_502_146_ActiveX.exe" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib] @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}] @Denied: (A 2) (Everyone) @="IFlashBroker5" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32] @="{00020424-0000-0000-C000-000000000046}" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib] @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}" "Version"="1.0" . [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings] @Denied: (A) (Users) @Denied: (A) (Everyone) @Allowed: (B 1 2 3 4 5) (S-1-5-20) "BlindDial"=dword:00000000 . [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security] @Denied: (Full) (Everyone) . Completion time: 2013-01-26 16:31:12 ComboFix-quarantined-files.txt 2013-01-26 21:31 ComboFix2.txt 2013-01-26 21:12 ComboFix3.txt 2013-01-26 20:39 . Pre-Run: 283,218,112,512 bytes free Post-Run: 283,176,996,864 bytes free . - - End Of File - - 2DE7951E43AA37F662CC7177ACAFEA8B
  10. ComboFix 13-01-26.02 - Tim 01/26/2013 16:08:21.2.2 - x86 Microsoft Windows 7 Home Premium 6.1.7601.1.1252.1.1033.18.3292.2248 [GMT -5:00] Running from: c:\users\Tim\Desktop\ComboFix.exe Command switches used :: c:\users\Tim\Desktop\CFScript.txt AV: Microsoft Security Essentials *Enabled/Updated* {B140BF4E-23BB-4198-90AB-A51A4C60A69C} SP: Microsoft Security Essentials *Enabled/Updated* {0A215EAA-0581-4E16-AA1B-9E6837E7EC21} SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46} . . ((((((((((((((((((((((((( Files Created from 2012-12-26 to 2013-01-26 ))))))))))))))))))))))))))))))) . . 2013-01-26 20:36 . 2010-11-20 21:29 108544 ----a-w- c:\windows\system32\drivers\cdrom.sys 2013-01-09 15:12 . 2012-12-07 12:20 2576384 ----a-w- c:\windows\system32\gameux.dll 2013-01-03 00:47 . 2013-01-03 00:47 -------- d-----w- c:\users\Tim\AppData\Local\Programs . . . (((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2013-01-26 20:49 . 2012-12-10 18:47 859552 ----a-w- c:\windows\system32\npDeployJava1.dll 2013-01-09 18:11 . 2012-03-29 18:05 697864 ----a-w- c:\windows\system32\FlashPlayerApp.exe 2013-01-09 18:11 . 2011-12-01 20:12 74248 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl 2012-12-16 14:13 . 2012-12-22 08:00 295424 ----a-w- c:\windows\system32\atmfd.dll 2012-12-16 14:13 . 2012-12-22 08:00 34304 ----a-w- c:\windows\system32\atmlib.dll 2012-12-14 21:49 . 2011-12-01 20:10 21104 ----a-w- c:\windows\system32\drivers\mbam.sys 2012-12-10 18:46 . 2011-12-01 20:12 746984 ----a-w- c:\windows\system32\deployJava1.dll 2012-11-28 17:06 . 2012-11-28 17:06 740840 ------w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{2936B494-2B6C-4C2E-9FED-65273CF1A707}\gapaengine.dll 2012-11-12 11:52 . 2012-12-12 13:00 1638912 ----a-w- c:\windows\system32\mshtml.tlb 2012-11-09 04:42 . 2012-12-12 13:00 2048 ----a-w- c:\windows\system32\tzres.dll 2012-11-08 16:29 . 2012-11-08 16:29 1402312 ----a-w- c:\windows\system32\msxml4.dll 2012-11-02 05:11 . 2012-12-12 13:00 376832 ----a-w- c:\windows\system32\dpnet.dll . . ((((((((((((((((((((((((((((((((((((( Reg Loading Points )))))))))))))))))))))))))))))))))))))))))))))))))) . . *Note* empty entries & legit default entries are not shown REGEDIT4 . [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "RtHDVCpl"="c:\program files\Realtek\Audio\HDA\RtDCpl.exe" [2009-08-26 2691072] "IgfxTray"="c:\windows\system32\igfxtray.exe" [2011-02-12 137752] "HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2011-02-12 171032] "Persistence"="c:\windows\system32\igfxpers.exe" [2011-02-12 172568] "Stanley-H_XRX_S2P"="c:\program files\Xerox\Xerox WorkCentre 3220\PSU\Scan2pc.exe" [2010-01-26 253952] "SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2012-07-03 252848] "Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2012-12-18 946352] . [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system] "ConsentPromptBehaviorAdmin"= 5 (0x5) "ConsentPromptBehaviorUser"= 3 (0x3) "EnableUIADesktopToggle"= 0 (0x0) . [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MsMpSvc] @="Service" . [HKLM\~\startupfolder\C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^Intuit Data Protect.lnk] path=c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\Intuit Data Protect.lnk backup=c:\windows\pss\Intuit Data Protect.lnk.CommonStartup backupExtension=.CommonStartup . [HKLM\~\startupfolder\C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^QuickBooks Update Agent.lnk] path=c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\QuickBooks Update Agent.lnk backup=c:\windows\pss\QuickBooks Update Agent.lnk.CommonStartup backupExtension=.CommonStartup . [HKLM\~\startupfolder\C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^QuickBooks_Standard_21.lnk] path=c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\QuickBooks_Standard_21.lnk backup=c:\windows\pss\QuickBooks_Standard_21.lnk.CommonStartup backupExtension=.CommonStartup . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe ARM] 2012-12-18 19:08 946352 ----a-w- c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Intuit SyncManager] 2012-10-08 17:45 2643320 ----a-w- c:\program files\Common Files\Intuit\Sync\IntuitSyncManager.exe . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RIMBBLaunchAgent.exe] 2011-11-02 07:00 90448 ----a-w- c:\program files\Common Files\Research In Motion\USB Drivers\RIMBBLaunchAgent.exe . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched] 2012-07-03 14:04 252848 ----a-w- c:\program files\Common Files\Java\Java Update\jusched.exe . R3 NisDrv;Microsoft Network Inspection System;c:\windows\system32\DRIVERS\NisDrvWFP.sys [x] R3 NisSrv;Microsoft Network Inspection;c:\program files\Microsoft Security Client\NisSrv.exe [x] R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [x] R3 TsUsbGD;Remote Desktop Generic USB Device;c:\windows\system32\drivers\TsUsbGD.sys [x] R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe [x] S2 QBVSS;QBIDPService;c:\program files\Common Files\Intuit\DataProtect\QBIDPService.exe [x] S2 SSPORT;SSPORT;c:\windows\system32\Drivers\SSPORT.sys [x] S2 Sws.Agent.Service;Sws.Agent.Service;c:\program files\SWS\SWSAgent\Sws.Agent.Service.exe [x] S3 k57nd60x;Broadcom NetLink Gigabit Ethernet - NDIS 6.0;c:\windows\system32\DRIVERS\k57nd60x.sys [x] . . Contents of the 'Scheduled Tasks' folder . 2013-01-26 c:\windows\Tasks\Adobe Flash Player Updater.job - c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2012-03-29 18:11] . . ------- Supplementary Scan ------- . uStart Page = hxxp://www.google.com/ IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~3\OFFICE11\EXCEL.EXE/3000 TCP: DhcpNameServer = 192.168.1.1 DPF: {A1B8A30B-8AAA-4A3E-8869-1DA509E8A011} - hxxps://reports.igrs-ips.com/crystalreportviewers10/ActiveXControls/ActiveXViewer.cab . . --------------------- LOCKED REGISTRY KEYS --------------------- . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}] @Denied: (A 2) (Everyone) @="FlashBroker" "LocalizedString"="@c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil32_11_5_502_146_ActiveX.exe,-101" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation] "Enabled"=dword:00000001 . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32] @="c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil32_11_5_502_146_ActiveX.exe" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib] @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}] @Denied: (A 2) (Everyone) @="IFlashBroker5" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32] @="{00020424-0000-0000-C000-000000000046}" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib] @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}" "Version"="1.0" . [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings] @Denied: (A) (Users) @Denied: (A) (Everyone) @Allowed: (B 1 2 3 4 5) (S-1-5-20) "BlindDial"=dword:00000000 . [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security] @Denied: (Full) (Everyone) . Completion time: 2013-01-26 16:12:02 ComboFix-quarantined-files.txt 2013-01-26 21:12 ComboFix2.txt 2013-01-26 20:39 . Pre-Run: 282,942,472,192 bytes free Post-Run: 283,142,455,296 bytes free . - - End Of File - - B96F5560D9091657F1A8851B36B037E4
  11. So far so good. Thank you for your help. I appreciate it. Since running everything, I have updated Java and Adobe and turned real time protection for MSE back on. There are a few new desktop icons...in addition to the programs you had me download. There is now a user folder with title as my username as well as a folder titled RK_Quarantine. I'm guessing those were a result of running Combofix? Is there anything else you recommend I do? If not, thank you again.
  12. No problems with Combofix. The computer seems fine but I haven't done much of anything since Combofix rebooted the machine. Log below: ComboFix 13-01-26.02 - Tim 01/26/2013 15:32:45.1.2 - x86 Microsoft Windows 7 Home Premium 6.1.7601.1.1252.1.1033.18.3292.2495 [GMT -5:00] Running from: c:\users\Tim\Desktop\ComboFix.exe AV: Microsoft Security Essentials *Disabled/Updated* {B140BF4E-23BB-4198-90AB-A51A4C60A69C} SP: Microsoft Security Essentials *Disabled/Updated* {0A215EAA-0581-4E16-AA1B-9E6837E7EC21} SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46} . . ((((((((((((((((((((((((((((((((((((((( Other Deletions ))))))))))))))))))))))))))))))))))))))))))))))))) . . C:\Install.exe c:\users\Tim\g2mdlhlpx.exe c:\windows\$NtUninstallKB24664$ c:\windows\$NtUninstallKB24664$\1829991231 . c:\windows\system32\drivers\cdrom.sys was missing Restored copy from - c:\windows\System32\DriverStore\FileRepository\cdrom.inf_x86_neutral_6381e09675524225\cdrom.sys . . ((((((((((((((((((((((((((((((((((((((( Drivers/Services ))))))))))))))))))))))))))))))))))))))))))))))))) . . -------\Service_.cdrom . . ((((((((((((((((((((((((( Files Created from 2012-12-26 to 2013-01-26 ))))))))))))))))))))))))))))))) . . 2013-01-26 20:36 . 2013-01-26 20:37 -------- d-----w- c:\users\Tim\AppData\Local\temp 2013-01-26 18:43 . 2013-01-08 04:57 6991832 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{9CEFCCA0-C3F4-49DE-ABE3-1CE3F3E7F430}\mpengine.dll 2013-01-25 18:21 . 2013-01-08 04:57 6991832 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\Backup\mpengine.dll 2013-01-09 15:12 . 2012-12-07 12:20 2576384 ----a-w- c:\windows\system32\gameux.dll 2013-01-03 00:47 . 2013-01-03 00:47 -------- d-----w- c:\users\Tim\AppData\Local\Programs . . . (((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2013-01-09 18:11 . 2012-03-29 18:05 697864 ----a-w- c:\windows\system32\FlashPlayerApp.exe 2013-01-09 18:11 . 2011-12-01 20:12 74248 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl 2012-12-16 14:13 . 2012-12-22 08:00 295424 ----a-w- c:\windows\system32\atmfd.dll 2012-12-16 14:13 . 2012-12-22 08:00 34304 ----a-w- c:\windows\system32\atmlib.dll 2012-12-14 21:49 . 2011-12-01 20:10 21104 ----a-w- c:\windows\system32\drivers\mbam.sys 2012-12-10 18:47 . 2012-12-10 18:47 93672 ----a-w- c:\windows\system32\WindowsAccessBridge.dll 2012-12-10 18:46 . 2012-12-10 18:47 821736 ----a-w- c:\windows\system32\npDeployJava1.dll 2012-11-28 17:06 . 2012-11-28 17:06 740840 ------w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{2936B494-2B6C-4C2E-9FED-65273CF1A707}\gapaengine.dll 2012-11-12 11:52 . 2012-12-12 13:00 1638912 ----a-w- c:\windows\system32\mshtml.tlb 2012-11-09 04:42 . 2012-12-12 13:00 2048 ----a-w- c:\windows\system32\tzres.dll 2012-11-08 16:29 . 2012-11-08 16:29 1402312 ----a-w- c:\windows\system32\msxml4.dll 2012-11-02 05:11 . 2012-12-12 13:00 376832 ----a-w- c:\windows\system32\dpnet.dll . . ((((((((((((((((((((((((((((((((((((( Reg Loading Points )))))))))))))))))))))))))))))))))))))))))))))))))) . . *Note* empty entries & legit default entries are not shown REGEDIT4 . [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "RtHDVCpl"="c:\program files\Realtek\Audio\HDA\RtDCpl.exe" [2009-08-26 2691072] "IgfxTray"="c:\windows\system32\igfxtray.exe" [2011-02-12 137752] "HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2011-02-12 171032] "Persistence"="c:\windows\system32\igfxpers.exe" [2011-02-12 172568] "Stanley-H_XRX_S2P"="c:\program files\Xerox\Xerox WorkCentre 3220\PSU\Scan2pc.exe" [2010-01-26 253952] . [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system] "ConsentPromptBehaviorAdmin"= 5 (0x5) "ConsentPromptBehaviorUser"= 3 (0x3) "EnableUIADesktopToggle"= 0 (0x0) . [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MsMpSvc] @="Service" . [HKLM\~\startupfolder\C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^Intuit Data Protect.lnk] path=c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\Intuit Data Protect.lnk backup=c:\windows\pss\Intuit Data Protect.lnk.CommonStartup backupExtension=.CommonStartup . [HKLM\~\startupfolder\C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^QuickBooks Update Agent.lnk] path=c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\QuickBooks Update Agent.lnk backup=c:\windows\pss\QuickBooks Update Agent.lnk.CommonStartup backupExtension=.CommonStartup . [HKLM\~\startupfolder\C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^QuickBooks_Standard_21.lnk] path=c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\QuickBooks_Standard_21.lnk backup=c:\windows\pss\QuickBooks_Standard_21.lnk.CommonStartup backupExtension=.CommonStartup . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe ARM] 2012-12-03 07:35 946352 ----a-w- c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Intuit SyncManager] 2012-10-08 17:45 2643320 ----a-w- c:\program files\Common Files\Intuit\Sync\IntuitSyncManager.exe . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RIMBBLaunchAgent.exe] 2011-11-02 07:00 90448 ----a-w- c:\program files\Common Files\Research In Motion\USB Drivers\RIMBBLaunchAgent.exe . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched] 2012-07-03 14:04 252848 ----a-w- c:\program files\Common Files\Java\Java Update\jusched.exe . R3 NisDrv;Microsoft Network Inspection System;c:\windows\system32\DRIVERS\NisDrvWFP.sys [x] R3 NisSrv;Microsoft Network Inspection;c:\program files\Microsoft Security Client\NisSrv.exe [x] R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [x] R3 TsUsbGD;Remote Desktop Generic USB Device;c:\windows\system32\drivers\TsUsbGD.sys [x] R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe [x] S2 QBVSS;QBIDPService;c:\program files\Common Files\Intuit\DataProtect\QBIDPService.exe [x] S2 SSPORT;SSPORT;c:\windows\system32\Drivers\SSPORT.sys [x] S2 Sws.Agent.Service;Sws.Agent.Service;c:\program files\SWS\SWSAgent\Sws.Agent.Service.exe [x] S3 k57nd60x;Broadcom NetLink Gigabit Ethernet - NDIS 6.0;c:\windows\system32\DRIVERS\k57nd60x.sys [x] . . Contents of the 'Scheduled Tasks' folder . 2013-01-26 c:\windows\Tasks\Adobe Flash Player Updater.job - c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2012-03-29 18:11] . . ------- Supplementary Scan ------- . uStart Page = hxxp://www.google.com/ IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~3\OFFICE11\EXCEL.EXE/3000 TCP: DhcpNameServer = 192.168.1.1 DPF: {A1B8A30B-8AAA-4A3E-8869-1DA509E8A011} - hxxps://reports.igrs-ips.com/crystalreportviewers10/ActiveXControls/ActiveXViewer.cab . - - - - ORPHANS REMOVED - - - - . HKLM-Run-MSC - c:\program files\Microsoft Security Client\mssecex.exe SafeBoot-28992163.sys SafeBoot-77587963.sys MSConfigStartUp-Deployment - c:\users\Tim\AppData\Local\Diagnostics\Deployment\hcmbgmm.dll MSConfigStartUp-LifeLink Corporation - c:\users\Tim\AppData\Local\LifeLink Corporation\vcxxyqjm.dll MSConfigStartUp-mwifgr - c:\users\Tim\AppData\Roaming\mwifgr.dll MSConfigStartUp-napsv - c:\users\Tim\AppData\Roaming\napsv.dll MSConfigStartUp-Research In Motion - c:\users\Tim\AppData\Local\VirtualStore\Research In Motion\jgthd.dll MSConfigStartUp-svdwui - c:\users\Tim\AppData\Roaming\svdwui.dll . . . --------------------- LOCKED REGISTRY KEYS --------------------- . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}] @Denied: (A 2) (Everyone) @="FlashBroker" "LocalizedString"="@c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil32_11_5_502_146_ActiveX.exe,-101" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation] "Enabled"=dword:00000001 . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32] @="c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil32_11_5_502_146_ActiveX.exe" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib] @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}] @Denied: (A 2) (Everyone) @="IFlashBroker5" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32] @="{00020424-0000-0000-C000-000000000046}" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib] @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}" "Version"="1.0" . [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings] @Denied: (A) (Users) @Denied: (A) (Everyone) @Allowed: (B 1 2 3 4 5) (S-1-5-20) "BlindDial"=dword:00000000 . [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security] @Denied: (Full) (Everyone) . ------------------------ Other Running Processes ------------------------ . c:\program files\Microsoft Security Client\MsMpEng.exe c:\program files\Common Files\Adobe\ARM\1.0\armsvc.exe c:\program files\Common Files\Intuit\QuickBooks\QBCFMonitorService.exe c:\windows\system32\taskhost.exe c:\windows\system32\conhost.exe c:\windows\Microsoft.Net\Framework\v3.0\WPF\PresentationFontCache.exe c:\program files\Windows Media Player\wmpnetwk.exe . ************************************************************************** . Completion time: 2013-01-26 15:39:18 - machine was rebooted ComboFix-quarantined-files.txt 2013-01-26 20:39 . Pre-Run: 283,747,250,176 bytes free Post-Run: 283,452,850,176 bytes free . - - End Of File - - 5E784C104D3393C05A9ECF193E1D9157
  13. Results of screen317's Security Check version 0.99.57 Windows 7 Service Pack 1 x86 (UAC is enabled) Internet Explorer 8 Out of date! ``````````````Antivirus/Firewall Check:`````````````` Windows Firewall Enabled! Microsoft Security Essentials Antivirus up to date! `````````Anti-malware/Other Utilities Check:````````` Malwarebytes Anti-Malware version 1.70.0.1100 CCleaner Java 7 Update 9 Java version out of Date! Adobe Reader 10.1.5 Adobe Reader out of Date! ````````Process Check: objlist.exe by Laurent```````` Microsoft Security Essentials MSMpEng.exe Microsoft Security Essentials msseces.exe Malwarebytes Anti-Malware mbam.exe `````````````````System Health check````````````````` Total Fragmentation on Drive C: 0% ````````````````````End of Log`````````````````````` # AdwCleaner v2.108 - Logfile created 01/26/2013 at 15:09:21 # Updated 24/01/2013 by Xplode # Operating system : Windows 7 Home Premium Service Pack 1 (32 bits) # User : Tim - TSR # Boot Mode : Normal # Running from : C:\Users\Tim\Desktop\adwcleaner.exe # Option [Delete] ***** [services] ***** ***** [Files / Folders] ***** ***** [Registry] ***** ***** [internet Browsers] ***** -\\ Internet Explorer v8.0.7601.17514 [OK] Registry is clean. ************************* AdwCleaner[s2].txt - [506 octets] - [26/01/2013 15:09:21] ########## EOF - C:\AdwCleaner[s2].txt - [565 octets] ########## RogueKiller V8.4.3 [Jan 26 2013] by Tigzy mail : tigzyRK<at>gmail<dot>com Feedback : http://www.geekstogo.com/forum/files/file/413-roguekiller/ Website : http://tigzy.geekstogo.com/roguekiller.php Blog : http://tigzyrk.blogspot.com/ Operating System : Windows 7 (6.1.7601 Service Pack 1) 32 bits version Started in : Normal mode User : Tim [Admin rights] Mode : Scan -- Date : 01/26/2013 15:11:33 | ARK || MBR | ¤¤¤ Bad processes : 0 ¤¤¤ ¤¤¤ Registry Entries : 2 ¤¤¤ [HJ DESK] HKLM\[...]\NewStartPanel : {59031a47-3f72-44a7-89c5-5595fe6b30ee} (1) -> FOUND [HJ DESK] HKLM\[...]\NewStartPanel : {20D04FE0-3AEA-1069-A2D8-08002B30309D} (1) -> FOUND ¤¤¤ Particular Files / Folders: ¤¤¤ ¤¤¤ Driver : [NOT LOADED] ¤¤¤ ¤¤¤ HOSTS File: ¤¤¤ --> C:\Windows\system32\drivers\etc\hosts ¤¤¤ MBR Check: ¤¤¤ +++++ PhysicalDrive0: SAMSUNG HD322GJ ATA Device +++++ --- User --- [MBR] a6f2675f7f78c2ffafad3882aa437f27 [bSP] ababdee26d814f85065096f0c35edfec : Windows 7/8 MBR Code Partition table: 0 - [ACTIVE] NTFS (0x07) [VISIBLE] Offset (sectors): 2048 | Size: 100 Mo 1 - [XXXXXX] NTFS (0x07) [VISIBLE] Offset (sectors): 206848 | Size: 305143 Mo User = LL1 ... OK! User = LL2 ... OK! Finished : << RKreport[1]_S_01262013_02d1511.txt >> RKreport[1]_S_01262013_02d1511.txt
  14. Hello, Microsoft Security Essentials has quarantined Medfos.B almost 10 times today. A week ago Seedabutor.B was quarantined twice and hasn't popped back up since. Immediately after being quarantined, I would delelte the threat but Medfos.B always comes back. I use MBAM religiously as well as Window Firewall and nothing has been detected. Thank you for your help. DDS (Ver_2012-11-20.01) - NTFS_x86 Internet Explorer: 8.0.7601.17514 BrowserJavaVersion: 10.9.2 Run by Tim at 14:55:48 on 2013-01-26 Microsoft Windows 7 Home Premium 6.1.7601.1.1252.1.1033.18.3292.2064 [GMT -5:00] . AV: Microsoft Security Essentials *Enabled/Updated* {B140BF4E-23BB-4198-90AB-A51A4C60A69C} SP: Microsoft Security Essentials *Enabled/Updated* {0A215EAA-0581-4E16-AA1B-9E6837E7EC21} SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46} . ============== Running Processes ================ . C:\Windows\system32\wininit.exe C:\Windows\system32\lsm.exe c:\Program Files\Microsoft Security Client\MsMpEng.exe C:\Windows\System32\spoolsv.exe C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe C:\Program Files\Common Files\Intuit\QuickBooks\QBCFMonitorService.exe C:\Program Files\Common Files\Intuit\DataProtect\QBIDPService.exe C:\Program Files\SWS\SWSAgent\Sws.Agent.Service.exe C:\Windows\system32\Dwm.exe C:\Windows\Explorer.EXE C:\Windows\system32\taskhost.exe c:\Program Files\Microsoft Security Client\NisSrv.exe C:\Windows\System32\WUDFHost.exe C:\Program Files\Realtek\Audio\HDA\RtDCpl.exe C:\Windows\System32\igfxtray.exe C:\Windows\System32\hkcmd.exe C:\Windows\System32\igfxpers.exe C:\Program Files\Xerox\Xerox WorkCentre 3220\PSU\Scan2pc.exe C:\Windows\Microsoft.Net\Framework\v3.0\WPF\PresentationFontCache.exe C:\Windows\system32\SearchIndexer.exe C:\Program Files\Windows Media Player\wmpnetwk.exe C:\Program Files\Microsoft Security Client\msseces.exe C:\Windows\system32\DllHost.exe C:\Program Files\Internet Explorer\iexplore.exe C:\Program Files\Internet Explorer\iexplore.exe C:\Windows\system32\Macromed\Flash\FlashUtil32_11_5_502_146_ActiveX.exe C:\Program Files\Internet Explorer\iexplore.exe C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe C:\Program Files\Internet Explorer\iexplore.exe C:\Windows\system32\SearchProtocolHost.exe C:\Windows\system32\SearchFilterHost.exe c:\Program Files\Microsoft Security Client\MpCmdRun.exe C:\Windows\system32\DllHost.exe C:\Windows\system32\DllHost.exe C:\Windows\system32\conhost.exe C:\Windows\system32\wbem\wmiprvse.exe C:\Windows\system32\svchost.exe -k DcomLaunch C:\Windows\system32\svchost.exe -k RPCSS C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted C:\Windows\system32\svchost.exe -k netsvcs C:\Windows\system32\svchost.exe -k LocalService C:\Windows\system32\svchost.exe -k NetworkService C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted C:\Windows\system32\svchost.exe -k imgsvc C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation C:\Windows\System32\svchost.exe -k LocalServicePeerNet . ============== Pseudo HJT Report =============== . uStart Page = hxxp://www.google.com/ uDefault_Page_URL = hxxp://www.dell.com BHO: Adobe PDF Link Helper: {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll BHO: Java Plug-In SSV Helper: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - c:\program files\java\jre7\bin\ssv.dll BHO: Java Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - c:\program files\java\jre7\bin\jp2ssv.dll uRunOnce: [JavaInstallRetry] RUNONCE=1 SPONSORS=0 mRun: [RtHDVCpl] c:\program files\realtek\audio\hda\RtDCpl.exe mRun: [igfxTray] c:\windows\system32\igfxtray.exe mRun: [HotKeysCmds] c:\windows\system32\hkcmd.exe mRun: [Persistence] c:\windows\system32\igfxpers.exe mRun: [stanley-H_XRX_S2P] c:\program files\xerox\xerox workcentre 3220\psu\Scan2pc.exe mRun: [MSC] "c:\program files\microsoft security client\mssecex.exe" -hide -runkey uPolicies-Explorer: HideSCAHealth = dword:1 mPolicies-System: ConsentPromptBehaviorAdmin = dword:5 mPolicies-System: ConsentPromptBehaviorUser = dword:3 mPolicies-System: EnableUIADesktopToggle = dword:0 IE: E&xport to Microsoft Excel - c:\progra~1\micros~3\office11\EXCEL.EXE/3000 IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} - hxxp://download.eset.com/special/eos/OnlineScanner.cab DPF: {A1B8A30B-8AAA-4A3E-8869-1DA509E8A011} - hxxps://reports.igrs-ips.com/crystalreportviewers10/ActiveXControls/ActiveXViewer.cab TCP: NameServer = 192.168.1.1 TCP: Interfaces\{C85F13B5-D13E-4D87-9657-4D0BAD3BAE29} : DHCPNameServer = 192.168.1.1 Handler: intu-help-qb4 - {ACE22922-D07C-4860-B51B-8CF472FEC2CB} - c:\program files\intuit\quickbooks 2011\HelpAsyncPluggableProtocol.dll Handler: qbwc - {FC598A64-626C-4447-85B8-53150405FD57} - Notify: igfxcui - igfxdev.dll SSODL: WebCheck - <orphaned> . ============= SERVICES / DRIVERS =============== . R0 MpFilter;Microsoft Malware Protection Driver;c:\windows\system32\drivers\MpFilter.sys [2012-8-30 193552] R1 MpKsl015ddbc0;MpKsl015ddbc0;c:\programdata\microsoft\microsoft antimalware\definition updates\{9cefcca0-c3f4-49de-abe3-1ce3f3e7f430}\MpKsl015ddbc0.sys [2013-1-26 29904] R2 NisDrv;Microsoft Network Inspection System;c:\windows\system32\drivers\NisDrvWFP.sys [2011-4-27 99272] R2 QBVSS;QBIDPService;c:\program files\common files\intuit\dataprotect\QBIDPService.exe [2011-3-5 1257760] R2 SSPORT;SSPORT;c:\windows\system32\drivers\SSPORT.SYS [2008-10-27 5120] R2 Sws.Agent.Service;Sws.Agent.Service;c:\program files\sws\swsagent\Sws.Agent.Service.exe [2012-4-24 50272] R3 k57nd60x;Broadcom NetLink Gigabit Ethernet - NDIS 6.0;c:\windows\system32\drivers\k57nd60x.sys [2009-6-20 273448] R3 MBAMSwissArmy;MBAMSwissArmy;c:\windows\system32\drivers\mbamswissarmy.sys [2013-1-26 40776] R3 NisSrv;Microsoft Network Inspection;c:\program files\microsoft security client\NisSrv.exe [2012-9-12 287824] S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\microsoft.net\framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384] S3 b57nd60x;Broadcom NetXtreme Gigabit Ethernet - NDIS 6.0;c:\windows\system32\drivers\b57nd60x.sys [2009-7-13 229888] S3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\TsUsbFlt.sys [2010-11-20 52224] S3 TsUsbGD;Remote Desktop Generic USB Device;c:\windows\system32\drivers\TsUsbGD.sys [2010-11-20 27264] S3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\wat\WatAdminSvc.exe [2011-12-1 1343400] . =============== Created Last 30 ================ . 2013-01-26 19:49:45 40776 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys 2013-01-26 18:43:54 60872 ----a-w- c:\programdata\microsoft\microsoft antimalware\definition updates\{9cefcca0-c3f4-49de-abe3-1ce3f3e7f430}\offreg.dll 2013-01-26 18:43:54 29904 ----a-w- c:\programdata\microsoft\microsoft antimalware\definition updates\{9cefcca0-c3f4-49de-abe3-1ce3f3e7f430}\MpKsl015ddbc0.sys 2013-01-26 18:43:24 6991832 ----a-w- c:\programdata\microsoft\microsoft antimalware\definition updates\{9cefcca0-c3f4-49de-abe3-1ce3f3e7f430}\mpengine.dll 2013-01-25 18:21:42 6991832 ----a-w- c:\programdata\microsoft\microsoft antimalware\definition updates\backup\mpengine.dll 2013-01-09 15:12:59 46592 ----a-w- c:\windows\system32\fpb.rs 2013-01-03 00:47:22 -------- d-----w- c:\users\tim\appdata\local\Programs . ==================== Find3M ==================== . 2013-01-09 18:11:09 74248 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl 2013-01-09 18:11:09 697864 ----a-w- c:\windows\system32\FlashPlayerApp.exe 2012-12-16 14:13:28 295424 ----a-w- c:\windows\system32\atmfd.dll 2012-12-16 14:13:20 34304 ----a-w- c:\windows\system32\atmlib.dll 2012-12-14 21:49:28 21104 ----a-w- c:\windows\system32\drivers\mbam.sys 2012-12-10 18:47:02 93672 ----a-w- c:\windows\system32\WindowsAccessBridge.dll 2012-12-10 18:46:59 821736 ----a-w- c:\windows\system32\npDeployJava1.dll 2012-12-07 12:26:17 308736 ----a-w- c:\windows\system32\Wpc.dll 2012-12-07 12:20:43 2576384 ----a-w- c:\windows\system32\gameux.dll 2012-11-30 04:53:34 169984 ----a-w- c:\windows\system32\winsrv.dll 2012-11-30 04:47:45 293376 ----a-w- c:\windows\system32\KernelBase.dll 2012-11-30 02:55:25 271360 ----a-w- c:\windows\system32\conhost.exe 2012-11-30 02:38:59 6144 ---ha-w- c:\windows\system32\api-ms-win-security-base-l1-1-0.dll 2012-11-30 02:38:59 4608 ---ha-w- c:\windows\system32\api-ms-win-core-threadpool-l1-1-0.dll 2012-11-30 02:38:59 3584 ---ha-w- c:\windows\system32\api-ms-win-core-xstate-l1-1-0.dll 2012-11-30 02:38:59 3072 ---ha-w- c:\windows\system32\api-ms-win-core-util-l1-1-0.dll 2012-11-23 02:56:23 2345984 ----a-w- c:\windows\system32\win32k.sys 2012-11-23 02:48:41 49152 ----a-w- c:\windows\system32\taskhost.exe 2012-11-22 04:45:03 626688 ----a-w- c:\windows\system32\usp10.dll 2012-11-20 04:51:09 220160 ----a-w- c:\windows\system32\ncrypt.dll 2012-11-12 11:52:18 1638912 ----a-w- c:\windows\system32\mshtml.tlb 2012-11-09 04:43:04 492032 ----a-w- c:\windows\system32\win32spl.dll 2012-11-09 04:42:49 2048 ----a-w- c:\windows\system32\tzres.dll 2012-11-08 16:29:12 1402312 ----a-w- c:\windows\system32\msxml4.dll 2012-11-02 05:11:31 376832 ----a-w- c:\windows\system32\dpnet.dll 2012-11-01 04:47:54 1389568 ----a-w- c:\windows\system32\msxml6.dll . ============= FINISH: 14:55:56.17 =============== . UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG. IF REQUESTED, ZIP IT UP & ATTACH IT . DDS (Ver_2012-11-20.01) . Microsoft Windows 7 Home Premium Boot Device: \Device\HarddiskVolume1 Install Date: 12/1/2011 12:51:52 PM System Uptime: 1/26/2013 1:39:19 PM (1 hours ago) . Motherboard: Dell Inc. | | 0HN7XN Processor: Intel® Core2 Duo CPU E7600 @ 3.06GHz | CPU | 3066/1066mhz . ==== Disk Partitions ========================= . C: is FIXED (NTFS) - 298 GiB total, 264.335 GiB free. E: is Removable . ==== Disabled Device Manager Items ============= . Class GUID: {4d36e965-e325-11ce-bfc1-08002be10318} Description: CD-ROM Drive Device ID: IDE\CDROMTSSTCORP_DVD+-RW_TS-H653H_______________D800____\5&645AB4&0&1.0.0 Manufacturer: (Standard CD-ROM drives) Name: TSSTcorp DVD+-RW TS-H653H ATA Device PNP Device ID: IDE\CDROMTSSTCORP_DVD+-RW_TS-H653H_______________D800____\5&645AB4&0&1.0.0 Service: cdrom . ==== System Restore Points =================== . RP195: 12/20/2012 10:35:29 AM - Windows Update RP196: 12/22/2012 3:00:20 AM - Windows Update RP197: 12/26/2012 10:45:12 AM - Windows Update RP198: 12/29/2012 3:26:04 PM - Windows Update RP199: 1/3/2013 7:12:18 AM - Windows Update RP201: 1/4/2013 9:05:02 AM - Configured StoneRiver Life Portraits® ES RP202: 1/7/2013 10:28:35 AM - Windows Update RP203: 1/9/2013 1:45:01 PM - Windows Update RP204: 1/12/2013 4:58:17 PM - Windows Update RP205: 1/15/2013 7:22:16 PM - Windows Update RP206: 1/16/2013 3:00:20 AM - Windows Update RP207: 1/20/2013 10:29:37 AM - Windows Update RP208: 1/24/2013 10:08:45 AM - Windows Update RP209: 1/26/2013 1:47:57 PM - Removed Java 7 Update 9 RP210: 1/26/2013 1:48:59 PM - Removed Java 7 Update 9 RP211: 1/26/2013 1:51:09 PM - Removed Java 7 Update 9 . ==== Installed Programs ====================== . Adobe AIR Adobe Flash Player 11 ActiveX Adobe Reader X (10.1.5) BioAPI Framework BlackBerry Desktop Software 7.1 BlackBerry Device Software Updater Broadcom NetXtreme-I Netlink Driver and Management Installer CCleaner Cisco Connect Compatibility Pack for the 2007 Office system Corporate Records Forms CSS Cost Basis Client 7.0.1104 CSS Cost Basis Reporting Services 7.0.1114 CSS Framework 1.0.36.6 CSS Framework 2.0.30 CSS LOPR Client CSS Mutual Funds Client CSS Obligation Warehouse Client 7.0.1079 CSS Omgeo Access CSS Omgeo Alert STP - Client CSS Review and Release Client CSS Segregation Management CSS Stock Record Viewer Dell Resource CD Dell Security Device Driver Pack ESET Online Scanner v3 Incorporation Forms Java 7 Update 9 Java Auto Updater LPES Desktop - ANICO Malwarebytes Anti-Malware version 1.70.0.1100 Microsoft .NET Framework 4 Client Profile Microsoft .NET Framework 4 Extended Microsoft Office 2003 Primary Interop Assemblies Microsoft Office File Validation Add-In Microsoft Office Professional Edition 2003 Microsoft Security Client Microsoft Security Essentials Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053 Microsoft Visual C++ 2005 Redistributable Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022 Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 Microsoft Visual Studio 2005 Tools for Office Runtime MSXML 4.0 SP2 (KB954430) MSXML 4.0 SP2 (KB973688) MSXML 4.0 SP2 Parser and SDK MSXML 4.0 SP3 Parser MSXML 4.0 SP3 Parser (KB2721691) MSXML 4.0 SP3 Parser (KB2758694) MSXML 4.0 SP3 Parser (KB973685) Mutual of Omaha Mutual of Omaha - Health QuickBooks QuickBooks Pro 2011 Realtek High Definition Audio Driver Security Update for Microsoft .NET Framework 4 Client Profile (KB2478663) Security Update for Microsoft .NET Framework 4 Client Profile (KB2518870) Security Update for Microsoft .NET Framework 4 Client Profile (KB2539636) Security Update for Microsoft .NET Framework 4 Client Profile (KB2572078) Security Update for Microsoft .NET Framework 4 Client Profile (KB2604121) Security Update for Microsoft .NET Framework 4 Client Profile (KB2633870) Security Update for Microsoft .NET Framework 4 Client Profile (KB2656351) Security Update for Microsoft .NET Framework 4 Client Profile (KB2656368) Security Update for Microsoft .NET Framework 4 Client Profile (KB2656368v2) Security Update for Microsoft .NET Framework 4 Client Profile (KB2656405) Security Update for Microsoft .NET Framework 4 Client Profile (KB2686827) Security Update for Microsoft .NET Framework 4 Client Profile (KB2729449) Security Update for Microsoft .NET Framework 4 Client Profile (KB2736428) Security Update for Microsoft .NET Framework 4 Client Profile (KB2737019) Security Update for Microsoft .NET Framework 4 Client Profile (KB2742595) Security Update for Microsoft .NET Framework 4 Extended (KB2487367) Security Update for Microsoft .NET Framework 4 Extended (KB2656351) Security Update for Microsoft .NET Framework 4 Extended (KB2736428) Security Update for Microsoft .NET Framework 4 Extended (KB2742595) Southwest Securities Inc. - Q Update for Microsoft .NET Framework 4 Client Profile (KB2468871) Update for Microsoft .NET Framework 4 Client Profile (KB2533523) Update for Microsoft .NET Framework 4 Client Profile (KB2600217) Update for Microsoft .NET Framework 4 Extended (KB2468871) Update for Microsoft .NET Framework 4 Extended (KB2533523) Update for Microsoft .NET Framework 4 Extended (KB2600217) UPEK TouchChip Fingerprint Reader Windows Driver Package - Dell Inc. PBADRV System (01/07/2008 1.0.1.5) WinFlex 6 Xerox WorkCentre 3220 . ==== Event Viewer Messages From Past Week ======== . 1/26/2013 12:12:56 PM, Error: Service Control Manager [7031] - The Windows Search service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 30000 milliseconds: Restart the service. 1/26/2013 12:12:56 PM, Error: Service Control Manager [7024] - The Windows Search service terminated with service-specific error %%-1073473535. 1/26/2013 10:25:24 AM, Error: Service Control Manager [7009] - A timeout was reached (30000 milliseconds) while waiting for the Windows Search service to connect. 1/26/2013 10:25:24 AM, Error: Service Control Manager [7000] - The Windows Search service failed to start due to the following error: The service did not respond to the start or control request in a timely fashion. 1/26/2013 10:25:24 AM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1053" attempting to start the service WSearch with arguments "" in order to run the server: {7D096C5F-AC08-4F1F-BEB7-5C22C517CE39} 1/26/2013 1:39:35 PM, Error: Service Control Manager [7026] - The following boot-start or system-start driver(s) failed to load: cdrom 1/26/2013 1:05:30 PM, Error: Service Control Manager [7001] - The PnP-X IP Bus Enumerator service depends on the Function Discovery Provider Host service which failed to start because of the following error: The dependency service or group failed to start. 1/26/2013 1:03:45 PM, Error: Service Control Manager [7001] - The HomeGroup Provider service depends on the Function Discovery Provider Host service which failed to start because of the following error: The dependency service or group failed to start. 1/26/2013 1:03:45 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service WSearch with arguments "" in order to run the server: {7D096C5F-AC08-4F1F-BEB7-5C22C517CE39} 1/26/2013 1:03:44 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service WSearch with arguments "" in order to run the server: {9E175B6D-F52A-11D8-B9A5-505054503030} 1/26/2013 1:03:44 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service EventSystem with arguments "" in order to run the server: {1BE1F766-5536-11D1-B726-00C04FB926AF} 1/26/2013 1:03:38 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service ShellHWDetection with arguments "" in order to run the server: {DD522ACC-F821-461A-A407-50B198B896DC} 1/26/2013 1:03:30 PM, Error: Service Control Manager [7026] - The following boot-start or system-start driver(s) failed to load: cdrom discache MpFilter spldr Wanarpv6 1/26/2013 1:03:30 PM, Error: Service Control Manager [7001] - The Computer Browser service depends on the Server service which failed to start because of the following error: The dependency service or group failed to start. 1/26/2013 1:00:41 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service MSIServer with arguments "" in order to run the server: {000C101C-0000-0000-C000-000000000046} 1/23/2013 10:05:32 AM, Error: Schannel [36888] - The following fatal alert was generated: 10. The internal error state is 10. 1/21/2013 1:58:28 PM, Error: Microsoft-Windows-DistributedCOM [10016] - The machine-default permission settings do not grant Local Activation permission for the COM Server application with CLSID {9BA05972-F6A8-11CF-A442-00A0C90A8F39} and APPID {9BA05972-F6A8-11CF-A442-00A0C90A8F39} to the user TSR\Tim SID (S-1-5-21-2371214144-1427845669-1413801427-1000) from address LocalHost (Using LRPC). This security permission can be modified using the Component Services administrative tool. . ==== End Of File ===========================
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.