mindy3
-
Posts
13 -
Joined
-
Last visited
-
Oops, I think this is the one you need. Thank you again. Malwarebytes Anti-Malware (PRO) 1.61.0.1400 www.malwarebytes.org Database version: v2012.07.05.05 Windows Vista Service Pack 2 x64 NTFS Internet Explorer 9.0.8112.16421 Chris :: HOME-PC [administrator] Protection: Enabled 7/6/2012 10:17:06 AM mbam-log-2012-07-06 (10-17-06).txt Scan type: Quick scan Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM | P2P Scan options disabled: Objects scanned: 252796 Time elapsed: 3 minute(s), 34 second(s) Memory Processes Detected: 0 (No malicious items detected) Memory Modules Detected: 0 (No malicious items detected) Registry Keys Detected: 0 (No malicious items detected) Registry Values Detected: 0 (No malicious items detected) Registry Data Items Detected: 0 (No malicious items detected) Folders Detected: 0 (No malicious items detected) Files Detected: 2 C:\Users\Chris\Local Settings\meqjbi.exe (Trojan.Lameshield) -> Quarantined and deleted successfully. C:\Users\Chris\Local Settings\Application Data\meqjbi.exe (Trojan.Lameshield) -> Quarantined and deleted successfully. (end)
-
2012/07/05 10:27:26 -0400 HOME-PC Chris MESSAGE Executing scheduled update: Flash Scan | Daily 2012/07/05 10:27:37 -0400 HOME-PC Chris MESSAGE Starting database refresh 2012/07/05 10:27:37 -0400 HOME-PC Chris MESSAGE Scheduled update executed successfully: database updated from version v2012.07.04.04 to version v2012.07.05.05 2012/07/05 10:27:40 -0400 HOME-PC Chris MESSAGE Executing scheduled scan: Flash Scan | -terminate 2012/07/05 10:27:40 -0400 HOME-PC Chris MESSAGE Scheduled scan executed successfully 2012/07/05 10:27:56 -0400 HOME-PC Chris MESSAGE Database refreshed successfully 2012/07/05 17:30:34 -0400 HOME-PC Chris DETECTION C:\Users\Chris\AppData\Local\meqjbi.exe Trojan.Lameshield ALLOW
-
Looks like it is fixed. MBAM updated successfully and found 2 Trojan files. Thank you very much!!
-
so is there anything to do next? thx
-
Here is the log for Combofix. Thanks ComboFix 12-07-02.01 - Chris 07/03/2012 18:46:34.2.2 - x64 Microsoft® Windows Vista™ Home Premium 6.0.6002.2.1252.1.1033.18.3998.2139 [GMT -4:00] Running from: c:\users\Chris\Desktop\ComboFix.exe AV: Microsoft Security Essentials *Disabled/Updated* {108DAC43-C256-20B7-BB05-914135DA5160} SP: Microsoft Security Essentials *Disabled/Updated* {ABEC4DA7-E46C-2F39-81B5-AA334E5D1BDD} SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46} . . ((((((((((((((((((((((((( Files Created from 2012-06-03 to 2012-07-03 ))))))))))))))))))))))))))))))) . . 2012-07-03 23:00 . 2012-07-03 23:00 -------- d-----w- c:\windows\system32\config\systemprofile\AppData\Local\temp 2012-07-03 23:00 . 2012-07-03 23:00 -------- d-----w- c:\users\Mindy\AppData\Local\temp 2012-07-03 23:00 . 2012-07-03 23:00 -------- d-----w- c:\users\Default\AppData\Local\temp 2012-07-03 23:00 . 2012-07-03 23:00 -------- d-----w- c:\users\Ben\AppData\Local\temp 2012-07-03 20:55 . 2012-07-03 20:55 116016 ----a-w- c:\windows\system32\drivers\08277209.sys 2012-07-03 17:35 . 2012-05-31 04:04 9013136 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{DDA3A25B-461B-42D1-A90D-22D5EFD452F2}\mpengine.dll 2012-07-03 13:58 . 2012-07-03 13:58 -------- d-----w- C:\TDSSKiller_Quarantine 2012-07-03 02:50 . 2012-07-03 17:12 -------- d-----w- c:\users\Chris\AppData\Local\Adobe 2012-07-03 01:14 . 2012-07-03 01:14 -------- d-----w- c:\users\Chris\AppData\Local\Apple 2012-07-03 01:13 . 2012-07-03 01:13 -------- d-----w- c:\users\Chris\AppData\Local\Apple Computer 2012-07-02 22:56 . 2012-07-02 22:56 -------- d-----w- c:\users\Chris\AppData\Local\Mozilla 2012-07-02 22:55 . 2012-07-02 22:55 -------- d-----w- c:\users\Chris\AppData\Roaming\Yahoo! 2012-07-02 22:41 . 2012-07-02 22:41 -------- d-----w- c:\users\Chris\AppData\Roaming\Malwarebytes 2012-06-18 04:04 . 2012-06-18 04:04 18912 ----a-w- c:\program files (x86)\Mozilla Firefox\AccessibleMarshal.dll 2012-06-18 04:04 . 2012-06-18 04:04 2106216 ----a-w- c:\program files (x86)\Mozilla Firefox\D3DCompiler_43.dll 2012-06-18 04:04 . 2012-06-18 04:04 85472 ----a-w- c:\program files (x86)\Mozilla Firefox\components\browsercomps.dll 2012-06-18 04:04 . 2012-06-18 04:04 117728 ----a-w- c:\program files (x86)\Mozilla Firefox\crashreporter.exe 2012-06-18 04:04 . 2012-06-18 04:04 770384 ----a-w- c:\program files (x86)\Mozilla Firefox\msvcr100.dll 2012-06-18 04:04 . 2012-06-18 04:04 421200 ----a-w- c:\program files (x86)\Mozilla Firefox\msvcp100.dll 2012-06-18 02:27 . 2012-06-18 02:27 -------- d-----w- c:\users\Mindy\AppData\Roaming\.mono 2012-06-18 02:21 . 2012-06-18 02:26 -------- d-----w- c:\users\Mindy\AppData\Roaming\Pokémon Trading Card Game Online 2012-06-13 01:22 . 2012-05-01 14:29 209920 ----a-w- c:\windows\system32\drivers\rdpwd.sys 2012-06-13 01:22 . 2012-05-15 20:15 2767360 ----a-w- c:\windows\system32\win32k.sys 2012-06-13 01:22 . 2012-04-23 16:25 132096 ----a-w- c:\windows\system32\cryptnet.dll 2012-06-13 01:22 . 2012-04-23 16:25 1267200 ----a-w- c:\windows\system32\crypt32.dll 2012-06-13 01:22 . 2012-04-23 16:00 984064 ----a-w- c:\windows\SysWow64\crypt32.dll 2012-06-13 01:22 . 2012-04-23 16:25 174592 ----a-w- c:\windows\system32\cryptsvc.dll 2012-06-13 01:22 . 2012-04-23 16:00 98304 ----a-w- c:\windows\SysWow64\cryptnet.dll 2012-06-13 01:22 . 2012-04-23 16:00 133120 ----a-w- c:\windows\SysWow64\cryptsvc.dll 2012-06-08 23:49 . 2012-06-02 22:19 57880 ----a-w- c:\windows\system32\wuauclt.exe 2012-06-08 23:49 . 2012-06-02 22:19 44056 ----a-w- c:\windows\system32\wups2.dll 2012-06-08 23:49 . 2012-06-02 22:15 2622464 ----a-w- c:\windows\system32\wucltux.dll 2012-06-08 23:49 . 2012-06-02 22:19 2428952 ----a-w- c:\windows\system32\wuaueng.dll 2012-06-08 23:48 . 2012-06-02 22:19 38424 ----a-w- c:\windows\system32\wups.dll 2012-06-08 23:48 . 2012-06-02 22:19 35864 ----a-w- c:\windows\SysWow64\wups.dll 2012-06-08 23:48 . 2012-06-02 22:19 701976 ----a-w- c:\windows\system32\wuapi.dll 2012-06-08 23:48 . 2012-06-02 22:19 577048 ----a-w- c:\windows\SysWow64\wuapi.dll 2012-06-08 23:48 . 2012-06-02 22:15 99840 ----a-w- c:\windows\system32\wudriver.dll 2012-06-08 23:48 . 2012-06-02 22:12 88576 ----a-w- c:\windows\SysWow64\wudriver.dll 2012-06-08 23:48 . 2012-06-02 19:19 186752 ----a-w- c:\windows\system32\wuwebv.dll 2012-06-08 23:48 . 2012-06-02 19:19 171904 ----a-w- c:\windows\SysWow64\wuwebv.dll 2012-06-08 23:48 . 2012-06-02 19:15 36864 ----a-w- c:\windows\system32\wuapp.exe 2012-06-08 23:48 . 2012-06-02 19:12 33792 ----a-w- c:\windows\SysWow64\wuapp.exe . . . (((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2012-05-29 19:40 . 2012-05-27 02:59 70304 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl 2012-05-29 19:40 . 2012-05-27 02:59 419488 ----a-w- c:\windows\SysWow64\FlashPlayerApp.exe 2012-05-21 13:42 . 2012-05-21 13:42 8769696 ----a-w- c:\windows\SysWow64\FlashPlayerInstaller.exe 2012-05-08 17:02 . 2012-05-27 23:55 8955792 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{1DE8CB20-B046-487E-B2E6-CA40D3A0123A}\mpengine.dll 2012-05-08 17:02 . 2012-05-27 23:55 8955792 ------w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\Updates\mpengine.dll 2012-04-19 00:56 . 2012-04-19 00:56 94208 ----a-w- c:\windows\SysWow64\QuickTimeVR.qtx 2012-04-19 00:56 . 2012-04-19 00:56 69632 ----a-w- c:\windows\SysWow64\QuickTime.qts 2012-04-13 08:46 . 2011-12-08 08:45 8917360 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\Backup\mpengine.dll . . ((((((((((((((((((((((((((((((((((((( Reg Loading Points )))))))))))))))))))))))))))))))))))))))))))))))))) . . *Note* empty entries & legit default entries are not shown REGEDIT4 . [HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks] "{81017EA9-9AA8-4A6A-9734-7AF40E7D593F}"= "c:\program files (x86)\Yahoo!\Companion\Installs\cpn0\YTNavAssist.dll" [2011-01-21 213816] . [HKEY_CLASSES_ROOT\clsid\{81017ea9-9aa8-4a6a-9734-7af40e7d593f}] [HKEY_CLASSES_ROOT\YTNavAssist.YTNavAssistPlugin.1] [HKEY_CLASSES_ROOT\TypeLib\{A31F34A1-EBD2-45A2-BF6D-231C1B987CC8}] [HKEY_CLASSES_ROOT\YTNavAssist.YTNavAssistPlugin] . [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "LightScribe Control Panel"="c:\program files (x86)\Common Files\LightScribe\LightScribeControlPanel.exe" [2008-06-09 2363392] "Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2009-04-11 1555968] "ehTray.exe"="c:\windows\ehome\ehTray.exe" [2008-01-21 138240] . [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run] "UpdatePSTShortCut"="c:\program files (x86)\CyberLink\DVD Suite\MUITransfer\MUIStartMenu.exe" [2008-10-07 210216] "UpdateP2GoShortCut"="c:\program files (x86)\CyberLink\Power2Go\MUITransfer\MUIStartMenu.exe" [2008-06-14 210216] "UpdatePDIRShortCut"="c:\program files (x86)\CyberLink\PowerDirector\MUITransfer\MUIStartMenu.exe" [2008-06-14 210216] "SSBkgdUpdate"="c:\program files (x86)\Common Files\Scansoft Shared\SSBkgdUpdate\SSBkgdupdate.exe" [2006-10-25 210472] "WirelessAssistant"="c:\program files (x86)\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe" [2009-07-23 498744] "UCam_Menu"="c:\program files (x86)\CyberLink\YouCam\MUITransfer\MUIStartMenu.exe" [2008-11-15 218408] "QPService"="c:\program files (x86)\HP\QuickPlay\QPService.exe" [2009-03-11 468264] "BCSSync"="c:\program files (x86)\Microsoft Office\Office14\BCSSync.exe" [2010-03-13 91520] "APSDaemon"="c:\program files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2012-02-21 59240] "Malwarebytes' Anti-Malware"="c:\program files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe" [2012-04-04 462408] "Adobe Reader Speed Launcher"="c:\program files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2012-03-27 37296] "Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2012-01-02 843712] "iTunesHelper"="c:\program files (x86)\iTunes\iTunesHelper.exe" [2012-03-27 421736] "QuickTime Task"="c:\program files (x86)\QuickTime\QTTask.exe" [2012-04-19 421888] . c:\users\Mindy\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\ OneNote 2010 Screen Clipper and Launcher.lnk - c:\program files (x86)\Microsoft Office\Office14\ONENOTEM.EXE [2011-9-2 227712] OneNote Table Of Contents.onetoc2 [2009-9-14 3656] OpenOffice.org 3.3.lnk - c:\program files (x86)\OpenOffice.org 3\program\quickstart.exe [2010-12-13 1198592] . c:\users\Chris\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\ OpenOffice.org 3.2.lnk - c:\program files (x86)\OpenOffice.org 3\program\quickstart.exe [2010-12-13 1198592] OpenOffice.org 3.3.lnk - c:\program files (x86)\OpenOffice.org 3\program\quickstart.exe [2010-12-13 1198592] . [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system] "EnableUIADesktopToggle"= 0 (0x0) . [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MsMpSvc] @="Service" . [HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\svchost] Akamai REG_MULTI_SZ Akamai iissvcs REG_MULTI_SZ w3svc was apphost REG_MULTI_SZ apphostsvc . HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows NT\CurrentVersion\Svchost - NetSvcs Themes . [HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\active setup\installed components\{10880D85-AAD9-4558-ABDC-2AB1552D831F}] 2008-06-09 17:14 451872 ----a-w- c:\program files (x86)\Common Files\LightScribe\LSRunOnce.exe . Contents of the 'Scheduled Tasks' folder . 2012-07-03 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job - c:\program files (x86)\Google\Update\GoogleUpdate.exe [2011-01-02 21:02] . 2012-07-03 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job - c:\program files (x86)\Google\Update\GoogleUpdate.exe [2011-01-02 21:02] . 2012-07-02 c:\windows\Tasks\HPCeeScheduleForMindy.job - c:\program files (x86)\Hewlett-Packard\HP Ceement\HPCEE.exe [2009-10-07 08:22] . 2012-07-03 c:\windows\Tasks\User_Feed_Synchronization-{28F47F48-E8BF-4C27-AAB8-A5BB9963506B}.job - c:\windows\system32\msfeedssync.exe [2011-12-15 03:08] . 2011-04-28 c:\windows\Tasks\User_Feed_Synchronization-{A87259A7-4772-4F83-B126-90A5A49B8273}.job - c:\windows\system32\msfeedssync.exe [2011-12-15 03:08] . . --------- X64 Entries ----------- . . [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "WPCUMI"="c:\windows\system32\WpcUmi.exe" [2006-11-02 182784] "IgfxTray"="c:\windows\system32\igfxtray.exe" [2011-02-11 162328] "HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2011-02-11 386584] "Persistence"="c:\windows\system32\igfxpers.exe" [2011-02-11 417304] . ------- Supplementary Scan ------- . uStart Page = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=en_us&c=91&bd=Pavilion&pf=cnnb uLocal Page = c:\windows\system32\blank.htm mStart Page = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=en_us&c=91&bd=Pavilion&pf=cnnb mLocal Page = c:\windows\SysWOW64\blank.htm IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200 IE: E&xport to Microsoft Excel - c:\progra~2\MICROS~2\Office12\EXCEL.EXE/3000 LSP: c:\windows\system32\wpclsp.dll Trusted Zone: adobe.com\kb2 Trusted Zone: amazon.com\www Trusted Zone: dorchestercounty.net\www Trusted Zone: facebook.com\apps Trusted Zone: facebook.com\login Trusted Zone: facebook.com\www Trusted Zone: iwin.com\www Trusted Zone: java.com Trusted Zone: myspace.com\www Trusted Zone: pogo.com\clubgames Trusted Zone: pogo.com\www Trusted Zone: shockwave.com\www TCP: DhcpNameServer = 192.168.1.1 DPF: {AB6633A8-60A9-4F5D-B66C-ABE268CC3227} - hxxp://www.solidworks.com/sw/support/subscription/sldimdownload.cab CLSID: {603d3801-bd81-11d0-a3a5-00c04fd706ec} - %SystemRoot%\SysWow64\browseui.dll FF - ProfilePath - c:\users\Chris\AppData\Roaming\Mozilla\Firefox\Profiles\t4nbulxp.default\ FF - prefs.js: network.proxy.type - 0 . - - - - ORPHANS REMOVED - - - - . WebBrowser-{D4027C7F-154A-4066-A1AD-4243D8127440} - (no file) . . . [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\Akamai] "ServiceDll"="c:\program files (x86)\common files\akamai/netsession_win_80c2ffa.dll" . [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\npggsvc] "ImagePath"="c:\windows\system32\GameMon.des -service" . --------------------- LOCKED REGISTRY KEYS --------------------- . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}] @Denied: (A 2) (Everyone) @="FlashBroker" "LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_2_202_235_ActiveX.exe,-101" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation] "Enabled"=dword:00000001 . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32] @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_2_202_235_ActiveX.exe" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib] @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}] @Denied: (A 2) (Everyone) @="Shockwave Flash Object" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32] @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_2_202_235.ocx" "ThreadingModel"="Apartment" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus] @="0" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID] @="ShockwaveFlash.ShockwaveFlash.11" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32] @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_2_202_235.ocx, 1" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib] @="{D27CDB6B-AE6D-11cf-96B8-444553540000}" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version] @="1.0" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID] @="ShockwaveFlash.ShockwaveFlash" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}] @Denied: (A 2) (Everyone) @="Macromedia Flash Factory Object" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32] @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_2_202_235.ocx" "ThreadingModel"="Apartment" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID] @="FlashFactory.FlashFactory.1" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32] @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_2_202_235.ocx, 1" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib] @="{D27CDB6B-AE6D-11cf-96B8-444553540000}" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version] @="1.0" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID] @="FlashFactory.FlashFactory" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}] @Denied: (A 2) (Everyone) @="IFlashBroker4" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32] @="{00020424-0000-0000-C000-000000000046}" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib] @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}" "Version"="1.0" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\TypeLib\{D27CDB6B-AE6D-11CF-96B8-444553540000}] @Denied: (A 2) (Everyone) . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\TypeLib\{D27CDB6B-AE6D-11CF-96B8-444553540000}\1.0] @="Shockwave Flash" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\TypeLib\{FAB3E735-69C7-453B-A446-B6823C6DF1C9}] @Denied: (A 2) (Everyone) @="" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\TypeLib\{FAB3E735-69C7-453B-A446-B6823C6DF1C9}\1.0] @="FlashBroker" . [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Classes] "SymbolicLinkValue"=hex(6):5c,00,52,00,45,00,47,00,49,00,53,00,54,00,52,00,59, 00,5c,00,4d,00,41,00,43,00,48,00,49,00,4e,00,45,00,5c,00,53,00,4f,00,46,00,\ . [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Office\Common\Smart Tag\Actions\{B7EFF951-E52F-45CC-9EF7-57124F2177CC}] @Denied: (A) (Everyone) "Solution"="{15727DE6-F92D-4E46-ACB4-0E2C58B31A18}" . [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Schema Library\ActionsPane3] @Denied: (A) (Everyone) . [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Schema Library\ActionsPane3\0] "Key"="ActionsPane3" "Location"="c:\\Program Files (x86)\\Common Files\\Microsoft Shared\\VSTO\\ActionsPane3.xsd" . [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings] @Denied: (A) (Users) @Denied: (A) (Everyone) @Allowed: (B 1 2 3 4 5) (S-1-5-20) "BlindDial"=dword:00000000 . Completion time: 2012-07-03 19:03:46 ComboFix-quarantined-files.txt 2012-07-03 23:03 ComboFix2.txt 2012-07-03 22:17 . Pre-Run: 91,276,922,880 bytes free Post-Run: 91,237,056,512 bytes free . - - End Of File - - 62E666920517FA7FA6C4DAEA8145B2F5
-
Here you go. TDSSKill Log. Mindy 17:01:21.0625 2880 TDSS rootkit removing tool 2.7.44.0 Jul 2 2012 20:01:08 17:01:21.0940 2880 ============================================================ 17:01:21.0940 2880 Current date / time: 2012/07/03 17:01:21.0940 17:01:21.0941 2880 SystemInfo: 17:01:21.0941 2880 17:01:21.0941 2880 OS Version: 6.0.6002 ServicePack: 2.0 17:01:21.0941 2880 Product type: Workstation 17:01:21.0941 2880 ComputerName: HOME-PC 17:01:21.0941 2880 UserName: Chris 17:01:21.0941 2880 Windows directory: C:\Windows 17:01:21.0941 2880 System windows directory: C:\Windows 17:01:21.0941 2880 Running under WOW64 17:01:21.0941 2880 Processor architecture: Intel x64 17:01:21.0941 2880 Number of processors: 2 17:01:21.0941 2880 Page size: 0x1000 17:01:21.0941 2880 Boot type: Normal boot 17:01:21.0941 2880 ============================================================ 17:01:22.0866 2880 Drive \Device\Harddisk0\DR0 - Size: 0x4A85D56000 (298.09 Gb), SectorSize: 0x200, Cylinders: 0x9801, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000040 17:01:22.0875 2880 ============================================================ 17:01:22.0875 2880 \Device\Harddisk0\DR0: 17:01:22.0875 2880 MBR partitions: 17:01:22.0875 2880 \Device\Harddisk0\DR0\Partition0: MBR, Type 0x7, StartLBA 0x800, BlocksNum 0x23B9C800 17:01:22.0875 2880 \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x23B9D000, BlocksNum 0x1890000 17:01:22.0875 2880 ============================================================ 17:01:22.0915 2880 C: <-> \Device\Harddisk0\DR0\Partition0 17:01:23.0033 2880 D: <-> \Device\Harddisk0\DR0\Partition1 17:01:23.0033 2880 ============================================================ 17:01:23.0033 2880 Initialize success 17:01:23.0033 2880 ============================================================ 17:01:37.0047 5080 ============================================================ 17:01:37.0047 5080 Scan started 17:01:37.0047 5080 Mode: Manual; 17:01:37.0047 5080 ============================================================ 17:01:37.0920 5080 ACPI (1965aaffab07e3fb03c77f81beba3547) C:\Windows\system32\drivers\acpi.sys 17:01:37.0923 5080 ACPI - ok 17:01:37.0987 5080 adp94xx (f14215e37cf124104575073f782111d2) C:\Windows\system32\drivers\adp94xx.sys 17:01:37.0990 5080 adp94xx - ok 17:01:38.0058 5080 adpahci (7d05a75e3066861a6610f7ee04ff085c) C:\Windows\system32\drivers\adpahci.sys 17:01:38.0060 5080 adpahci - ok 17:01:38.0072 5080 adpu160m (820a201fe08a0c345b3bedbc30e1a77c) C:\Windows\system32\drivers\adpu160m.sys 17:01:38.0073 5080 adpu160m - ok 17:01:38.0133 5080 adpu320 (9b4ab6854559dc168fbb4c24fc52e794) C:\Windows\system32\drivers\adpu320.sys 17:01:38.0134 5080 adpu320 - ok 17:01:38.0163 5080 AeLookupSvc (0f421175574bfe0bf2f4d8e910a253bb) C:\Windows\System32\aelupsvc.dll 17:01:38.0164 5080 AeLookupSvc - ok 17:01:38.0275 5080 AFD (c4f6ce6087760ad70960c9eb130e7943) C:\Windows\system32\drivers\afd.sys 17:01:38.0277 5080 AFD - ok 17:01:38.0337 5080 agp440 (f6f6793b7f17b550ecfdbd3b229173f7) C:\Windows\system32\drivers\agp440.sys 17:01:38.0337 5080 agp440 - ok 17:01:38.0375 5080 aic78xx (222cb641b4b8a1d1126f8033f9fd6a00) C:\Windows\system32\drivers\djsvs.sys 17:01:38.0376 5080 aic78xx - ok 17:01:38.0745 5080 Akamai (c775d704feb2b600a5bf7b0b088546af) c:\program files (x86)\common files\akamai/netsession_win_80c2ffa.dll 17:01:38.0745 5080 Suspicious file (Hidden): c:\program files (x86)\common files\akamai/netsession_win_80c2ffa.dll. md5: c775d704feb2b600a5bf7b0b088546af 17:01:38.0753 5080 Akamai ( HiddenFile.Multi.Generic ) - warning 17:01:38.0753 5080 Akamai - detected HiddenFile.Multi.Generic (1) 17:01:38.0850 5080 ALG (5922f4f59b7868f3d74bbbbeb7b825a3) C:\Windows\System32\alg.exe 17:01:38.0851 5080 ALG - ok 17:01:38.0895 5080 aliide (e0ca5bb8e6c79533dc6b1da7361a201e) C:\Windows\system32\drivers\aliide.sys 17:01:38.0895 5080 aliide - ok 17:01:38.0904 5080 amdide (7034f8d1b9703d711d3f92c95deb377d) C:\Windows\system32\drivers\amdide.sys 17:01:38.0905 5080 amdide - ok 17:01:38.0932 5080 AmdK8 (cdc3632a3a5ea4dbb83e46076a3165a1) C:\Windows\system32\drivers\amdk8.sys 17:01:38.0933 5080 AmdK8 - ok 17:01:39.0022 5080 AppHostSvc (b11291cbc71231c373743055fb7f5b48) C:\Windows\system32\inetsrv\apphostsvc.dll 17:01:39.0022 5080 AppHostSvc - ok 17:01:39.0101 5080 Appinfo (9c37b3fd5615477cb9a0cd116cf43f5c) C:\Windows\System32\appinfo.dll 17:01:39.0101 5080 Appinfo - ok 17:01:39.0255 5080 Apple Mobile Device (7ef47644b74ebe721cc32211d3c35e76) C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe 17:01:39.0257 5080 Apple Mobile Device - ok 17:01:39.0285 5080 arc (ba8417d4765f3988ff921f30f630e303) C:\Windows\system32\drivers\arc.sys 17:01:39.0286 5080 arc - ok 17:01:39.0317 5080 arcsas (9d41c435619733b34cc16a511e644b11) C:\Windows\system32\drivers\arcsas.sys 17:01:39.0319 5080 arcsas - ok 17:01:39.0350 5080 AsyncMac (22d13ff3dafec2a80634752b1eaa2de6) C:\Windows\system32\DRIVERS\asyncmac.sys 17:01:39.0350 5080 AsyncMac - ok 17:01:39.0396 5080 atapi (e68d9b3a3905619732f7fe039466a623) C:\Windows\system32\drivers\atapi.sys 17:01:39.0396 5080 atapi - ok 17:01:39.0542 5080 athr (4dc266425cd870b8116594545cb8e812) C:\Windows\system32\DRIVERS\athrx.sys 17:01:39.0551 5080 athr - ok 17:01:39.0705 5080 AudioEndpointBuilder (79318c744693ec983d20e9337a2f8196) C:\Windows\System32\Audiosrv.dll 17:01:39.0708 5080 AudioEndpointBuilder - ok 17:01:39.0717 5080 AudioSrv (79318c744693ec983d20e9337a2f8196) C:\Windows\System32\Audiosrv.dll 17:01:39.0722 5080 AudioSrv - ok 17:01:39.0835 5080 BFE (ffb96c2589ffa60473ead78b39fbde29) C:\Windows\System32\bfe.dll 17:01:39.0838 5080 BFE - ok 17:01:39.0997 5080 BITS (6d316f4859634071cc25c4fd4589ad2c) C:\Windows\System32\qmgr.dll 17:01:40.0005 5080 BITS - ok 17:01:40.0082 5080 blbdrive (79feeb40056683f8f61398d81dda65d2) C:\Windows\system32\drivers\blbdrive.sys 17:01:40.0083 5080 blbdrive - ok 17:01:40.0200 5080 Bonjour Service (ebbcd5dfbb1de70e8f4af8fa59e401fd) C:\Program Files\Bonjour\mDNSResponder.exe 17:01:40.0203 5080 Bonjour Service - ok 17:01:40.0283 5080 bowser (2348447a80920b2493a9b582a23e81e1) C:\Windows\system32\DRIVERS\bowser.sys 17:01:40.0283 5080 bowser - ok 17:01:40.0315 5080 BrFiltLo (f09eee9edc320b5e1501f749fde686c8) C:\Windows\system32\drivers\brfiltlo.sys 17:01:40.0316 5080 BrFiltLo - ok 17:01:40.0335 5080 BrFiltUp (b114d3098e9bdb8bea8b053685831be6) C:\Windows\system32\drivers\brfiltup.sys 17:01:40.0336 5080 BrFiltUp - ok 17:01:40.0382 5080 Browser (a1b39de453433b115b4ea69ee0343816) C:\Windows\System32\browser.dll 17:01:40.0383 5080 Browser - ok 17:01:40.0406 5080 Brserid (f0f0ba4d815be446aa6a4583ca3bca9b) C:\Windows\system32\drivers\brserid.sys 17:01:40.0407 5080 Brserid - ok 17:01:40.0421 5080 BrSerWdm (a6eca2151b08a09caceca35c07f05b42) C:\Windows\system32\drivers\brserwdm.sys 17:01:40.0422 5080 BrSerWdm - ok 17:01:40.0436 5080 BrUsbMdm (b79968002c277e869cf38bd22cd61524) C:\Windows\system32\drivers\brusbmdm.sys 17:01:40.0436 5080 BrUsbMdm - ok 17:01:40.0457 5080 BrUsbSer (a87528880231c54e75ea7a44943b38bf) C:\Windows\system32\drivers\brusbser.sys 17:01:40.0458 5080 BrUsbSer - ok 17:01:40.0496 5080 BTHMODEM (e0777b34e05f8a82a21856efc900c29f) C:\Windows\system32\drivers\bthmodem.sys 17:01:40.0497 5080 BTHMODEM - ok 17:01:40.0569 5080 CAXHWAZL (942bd3cb0933febd194b42d4e489c246) C:\Windows\system32\DRIVERS\CAXHWAZL.sys 17:01:40.0571 5080 CAXHWAZL - ok 17:01:40.0605 5080 cdfs (b4d787db8d30793a4d4df9feed18f136) C:\Windows\system32\DRIVERS\cdfs.sys 17:01:40.0606 5080 cdfs - ok 17:01:40.0651 5080 cdrom (c025aa69be3d0d25c7a2e746ef6f94fc) C:\Windows\system32\DRIVERS\cdrom.sys 17:01:40.0652 5080 cdrom - ok 17:01:40.0700 5080 CertPropSvc (5a268127633c7ee2a7fb87f39d748d56) C:\Windows\System32\certprop.dll 17:01:40.0701 5080 CertPropSvc - ok 17:01:40.0728 5080 circlass (02ea568d498bbdd4ba55bf3fce34d456) C:\Windows\system32\drivers\circlass.sys 17:01:40.0729 5080 circlass - ok 17:01:40.0843 5080 CLFS (3dca9a18b204939cfb24bea53e31eb48) C:\Windows\system32\CLFS.sys 17:01:40.0845 5080 CLFS - ok 17:01:40.0924 5080 clr_optimization_v2.0.50727_32 (8ee772032e2fe80a924f3b8dd5082194) C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe 17:01:40.0925 5080 clr_optimization_v2.0.50727_32 - ok 17:01:41.0000 5080 clr_optimization_v2.0.50727_64 (ce07a466201096f021cd09d631b21540) C:\Windows\Microsoft.NET\Framework64\v2.0.50727\mscorsvw.exe 17:01:41.0001 5080 clr_optimization_v2.0.50727_64 - ok 17:01:41.0097 5080 clr_optimization_v4.0.30319_32 (c5a75eb48e2344abdc162bda79e16841) C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe 17:01:41.0098 5080 clr_optimization_v4.0.30319_32 - ok 17:01:41.0180 5080 clr_optimization_v4.0.30319_64 (c6f9af94dcd58122a4d7e89db6bed29d) C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe 17:01:41.0181 5080 clr_optimization_v4.0.30319_64 - ok 17:01:41.0218 5080 CmBatt (b52d9a14ce4101577900a364ba86f3df) C:\Windows\system32\DRIVERS\CmBatt.sys 17:01:41.0219 5080 CmBatt - ok 17:01:41.0230 5080 cmdide (8c6aa24c1d7273a02284588426ab8ce3) C:\Windows\system32\drivers\cmdide.sys 17:01:41.0230 5080 cmdide - ok 17:01:41.0292 5080 CnxtHdAudService (d760753a9b2489a317d722133ce67efc) C:\Windows\system32\drivers\CHDRT64.sys 17:01:41.0294 5080 CnxtHdAudService - ok 17:01:41.0304 5080 Compbatt (7fb8ad01db0eabe60c8a861531a8f431) C:\Windows\system32\DRIVERS\compbatt.sys 17:01:41.0305 5080 Compbatt - ok 17:01:41.0311 5080 COMSysApp - ok 17:01:41.0345 5080 crcdisk (a8585b6412253803ce8efcbd6d6dc15c) C:\Windows\system32\drivers\crcdisk.sys 17:01:41.0345 5080 crcdisk - ok 17:01:41.0431 5080 CryptSvc (62740b9d2a137e8ced41a9e4239a7a31) C:\Windows\system32\cryptsvc.dll 17:01:41.0432 5080 CryptSvc - ok 17:01:41.0523 5080 DcomLaunch (cf8b9a3a5e7dc57724a89d0c3e8cf9ef) C:\Windows\system32\rpcss.dll 17:01:41.0534 5080 DcomLaunch - ok 17:01:41.0594 5080 DfsC (8b722ba35205c71e7951cdc4cdbade19) C:\Windows\system32\Drivers\dfsc.sys 17:01:41.0595 5080 DfsC - ok 17:01:41.0926 5080 DFSR (c647f468f7de343df8c143655c5557d4) C:\Windows\system32\DFSR.exe 17:01:41.0948 5080 DFSR - ok 17:01:42.0119 5080 Dhcp (3ed0321127ce70acdaabbf77e157c2a7) C:\Windows\System32\dhcpcsvc.dll 17:01:42.0122 5080 Dhcp - ok 17:01:42.0163 5080 disk (b0107e40ecdb5fa692ebf832f295d905) C:\Windows\system32\drivers\disk.sys 17:01:42.0164 5080 disk - ok 17:01:42.0196 5080 Dnscache (06230f1b721494a6df8d47fd395bb1b0) C:\Windows\System32\dnsrslvr.dll 17:01:42.0197 5080 Dnscache - ok 17:01:42.0256 5080 dot3svc (1a7156dd1e850e9914e5e991e3225b94) C:\Windows\System32\dot3svc.dll 17:01:42.0258 5080 dot3svc - ok 17:01:42.0302 5080 DPS (1583b39790db3eaec7edb0cb0140c708) C:\Windows\system32\dps.dll 17:01:42.0304 5080 DPS - ok 17:01:42.0347 5080 drmkaud (f1a78a98cfc2ee02144c6bec945447e6) C:\Windows\system32\drivers\drmkaud.sys 17:01:42.0348 5080 drmkaud - ok 17:01:42.0367 5080 duikbfgh - ok 17:01:42.0417 5080 dump_wmimmc - ok 17:01:42.0529 5080 DXGKrnl (b8e554e502d5123bc111f99d6a2181b4) C:\Windows\System32\drivers\dxgkrnl.sys 17:01:42.0535 5080 DXGKrnl - ok 17:01:42.0582 5080 E1G60 (264cee7b031a9d6c827f3d0cb031f2fe) C:\Windows\system32\DRIVERS\E1G6032E.sys 17:01:42.0584 5080 E1G60 - ok 17:01:42.0615 5080 EapHost (c2303883fd9be49dc36a6400643002ea) C:\Windows\System32\eapsvc.dll 17:01:42.0616 5080 EapHost - ok 17:01:42.0707 5080 Ecache (5f94962be5a62db6e447ff6470c4f48a) C:\Windows\system32\drivers\ecache.sys 17:01:42.0708 5080 Ecache - ok 17:01:42.0778 5080 ehRecvr (14ce384d2e27b64c256bda4dc39c312d) C:\Windows\ehome\ehRecvr.exe 17:01:42.0781 5080 ehRecvr - ok 17:01:42.0795 5080 ehSched (b93159c1313d66fdfbbe876f5189cd52) C:\Windows\ehome\ehsched.exe 17:01:42.0796 5080 ehSched - ok 17:01:42.0817 5080 ehstart (f5ee2527d74449868e3c3227a59bcd28) C:\Windows\ehome\ehstart.dll 17:01:42.0817 5080 ehstart - ok 17:01:42.0868 5080 elxstor (c4636d6e10469404ab5308d9fd45ed07) C:\Windows\system32\drivers\elxstor.sys 17:01:42.0871 5080 elxstor - ok 17:01:42.0961 5080 EMDMgmt (a9b18b63a4fd6baab83326706d857fab) C:\Windows\system32\emdmgmt.dll 17:01:42.0964 5080 EMDMgmt - ok 17:01:42.0984 5080 ErrDev (bc3a58e938bb277e46bf4b3003b01abd) C:\Windows\system32\drivers\errdev.sys 17:01:42.0984 5080 ErrDev - ok 17:01:43.0069 5080 EventSystem (e12f22b73f153dece721cd45ec05b4af) C:\Windows\system32\es.dll 17:01:43.0072 5080 EventSystem - ok 17:01:43.0128 5080 exfat (486844f47b6636044a42454614ed4523) C:\Windows\system32\drivers\exfat.sys 17:01:43.0130 5080 exfat - ok 17:01:43.0178 5080 fastfat (1a4bee34277784619ddaf0422c0c6e23) C:\Windows\system32\drivers\fastfat.sys 17:01:43.0180 5080 fastfat - ok 17:01:43.0229 5080 fdc (81b79b6df71fa1d2c6d688d830616e39) C:\Windows\system32\DRIVERS\fdc.sys 17:01:43.0230 5080 fdc - ok 17:01:43.0254 5080 fdPHost (bb9267acacd8b7533dd936c34a0cba5e) C:\Windows\system32\fdPHost.dll 17:01:43.0255 5080 fdPHost - ok 17:01:43.0269 5080 FDResPub (300c80931eabbe1db7591c516efe8d0f) C:\Windows\system32\fdrespub.dll 17:01:43.0270 5080 FDResPub - ok 17:01:43.0304 5080 FileInfo (457b7d1d533e4bd62a99aed9c7bb4c59) C:\Windows\system32\drivers\fileinfo.sys 17:01:43.0304 5080 FileInfo - ok 17:01:43.0326 5080 Filetrace (d421327fd6efccaf884a54c58e1b0d7f) C:\Windows\system32\drivers\filetrace.sys 17:01:43.0327 5080 Filetrace - ok 17:01:43.0455 5080 FLEXnet Licensing Service 64 (259dc094e2d3f08654c8fb73d8ecc0f5) C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService64.exe 17:01:43.0462 5080 FLEXnet Licensing Service 64 - ok 17:01:43.0509 5080 flpydisk (230923ea2b80f79b0f88d90f87b87ebd) C:\Windows\system32\DRIVERS\flpydisk.sys 17:01:43.0509 5080 flpydisk - ok 17:01:43.0600 5080 FltMgr (e3041bc26d6930d61f42aedb79c91720) C:\Windows\system32\drivers\fltmgr.sys 17:01:43.0602 5080 FltMgr - ok 17:01:43.0799 5080 FontCache (be1c5bd1ca7ed015bc6fa1ae67e592c8) C:\Windows\system32\FntCache.dll 17:01:43.0809 5080 FontCache - ok 17:01:43.0875 5080 FontCache3.0.0.0 (bc5b0be5af3510b0fd8c140ee42c6d3e) C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe 17:01:43.0876 5080 FontCache3.0.0.0 - ok 17:01:43.0975 5080 fssfltr (6c06701bf1db05405804d7eb610991ce) C:\Windows\system32\DRIVERS\fssfltr.sys 17:01:43.0975 5080 fssfltr - ok 17:01:44.0294 5080 fsssvc (4ce9dac1518ff7e77bd213e6394b9d77) C:\Program Files (x86)\Windows Live\Family Safety\fsssvc.exe 17:01:44.0303 5080 fsssvc - ok 17:01:44.0427 5080 Fs_Rec (5779b86cd8b32519fbecb136394d946a) C:\Windows\system32\drivers\Fs_Rec.sys 17:01:44.0427 5080 Fs_Rec - ok 17:01:44.0472 5080 gagp30kx (c8e416668d3dc2be3d4fe4c79224997f) C:\Windows\system32\drivers\gagp30kx.sys 17:01:44.0472 5080 gagp30kx - ok 17:01:44.0528 5080 GEARAspiWDM (e403aacf8c7bb11375122d2464560311) C:\Windows\system32\DRIVERS\GEARAspiWDM.sys 17:01:44.0529 5080 GEARAspiWDM - ok 17:01:44.0609 5080 GKUPRO2D (78df6b481a14c0c6532bcc9e6bd3b259) C:\Windows\system32\Drivers\GKUPRO2D.sys 17:01:44.0610 5080 GKUPRO2D - ok 17:01:44.0713 5080 gpsvc (a0e1b575ba8f504968cd40c0faeb2384) C:\Windows\System32\gpsvc.dll 17:01:44.0718 5080 gpsvc - ok 17:01:44.0896 5080 gupdate (f02a533f517eb38333cb12a9e8963773) C:\Program Files (x86)\Google\Update\GoogleUpdate.exe 17:01:44.0897 5080 gupdate - ok 17:01:44.0924 5080 gupdatem (f02a533f517eb38333cb12a9e8963773) C:\Program Files (x86)\Google\Update\GoogleUpdate.exe 17:01:44.0925 5080 gupdatem - ok 17:01:44.0982 5080 gusvc (c1b577b2169900f4cf7190c39f085794) C:\Program Files (x86)\Google\Common\Google Updater\GoogleUpdaterService.exe 17:01:44.0983 5080 gusvc - ok 17:01:45.0034 5080 HdAudAddService (df45f8142dc6df9d18c39b3effbd0409) C:\Windows\system32\drivers\HdAudio.sys 17:01:45.0036 5080 HdAudAddService - ok 17:01:45.0161 5080 HDAudBus (f942c5820205f2fb453243edfec82a3d) C:\Windows\system32\DRIVERS\HDAudBus.sys 17:01:45.0167 5080 HDAudBus - ok 17:01:45.0199 5080 HidBth (b4881c84a180e75b8c25dc1d726c375f) C:\Windows\system32\drivers\hidbth.sys 17:01:45.0199 5080 HidBth - ok 17:01:45.0217 5080 HidIr (4e77a77e2c986e8f88f996bb3e1ad829) C:\Windows\system32\drivers\hidir.sys 17:01:45.0220 5080 HidIr - ok 17:01:45.0268 5080 hidserv (59361d38a297755d46a540e450202b2a) C:\Windows\system32\hidserv.dll 17:01:45.0269 5080 hidserv - ok 17:01:45.0281 5080 HidUsb (59a7b5e13356c20d67983868242167c5) C:\Windows\system32\DRIVERS\hidusb.sys 17:01:45.0283 5080 HidUsb - ok 17:01:45.0303 5080 hkmsvc (b12f367ea39c0795fd57e31242ce1a5a) C:\Windows\system32\kmsvc.dll 17:01:45.0306 5080 hkmsvc - ok 17:01:45.0431 5080 HP Health Check Service (45a12cacb97b4f15858fcfd59355a1e9) C:\Program Files (x86)\Hewlett-Packard\HP Health Check\hphc_service.exe 17:01:45.0432 5080 HP Health Check Service - ok 17:01:45.0473 5080 HpCISSs (d7109a1e6bd2dfdbcba72a6bc626a13b) C:\Windows\system32\drivers\hpcisss.sys 17:01:45.0474 5080 HpCISSs - ok 17:01:45.0542 5080 HPDrvMntSvc.exe (f55442690a70a0278a7eed4faaebf576) C:\Program Files (x86)\Hewlett-Packard\Shared\HPDrvMntSvc.exe 17:01:45.0544 5080 HPDrvMntSvc.exe - ok 17:01:45.0588 5080 HpqKbFiltr (0ecc54fd34d6a089c300846b011e81d6) C:\Windows\system32\DRIVERS\HpqKbFiltr.sys 17:01:45.0589 5080 HpqKbFiltr - ok 17:01:45.0707 5080 hpqwmiex (640e51db253265c3eac075866b3d2b33) C:\Program Files (x86)\Hewlett-Packard\Shared\hpqWmiEx.exe 17:01:45.0712 5080 hpqwmiex - ok 17:01:45.0875 5080 HSF_DPV (dda869537ae9ce501954cb7793134d96) C:\Windows\system32\DRIVERS\CAX_DPV.sys 17:01:45.0886 5080 HSF_DPV - ok 17:01:46.0040 5080 HTTP (098f1e4e5c9cb5b0063a959063631610) C:\Windows\system32\drivers\HTTP.sys 17:01:46.0049 5080 HTTP - ok 17:01:46.0069 5080 i2omp (da94c854cea5fac549d4e1f6e88349e8) C:\Windows\system32\drivers\i2omp.sys 17:01:46.0070 5080 i2omp - ok 17:01:46.0106 5080 i8042prt (cbb597659a2713ce0c9cc20c88c7591f) C:\Windows\system32\DRIVERS\i8042prt.sys 17:01:46.0107 5080 i8042prt - ok 17:01:46.0149 5080 iaStorV (3e3bf3627d886736d0b4e90054f929f6) C:\Windows\system32\drivers\iastorv.sys 17:01:46.0153 5080 iaStorV - ok 17:01:46.0245 5080 IDriverT (6f95324909b502e2651442c1548ab12f) C:\Program Files (x86)\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe 17:01:46.0249 5080 IDriverT - ok 17:01:46.0371 5080 idsvc (749f5f8cedca70f2a512945325fc489d) C:\Windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\infocard.exe 17:01:46.0384 5080 idsvc - ok 17:01:47.0147 5080 igfx (c6238c6abd6ac99f5d152da4e9439a3d) C:\Windows\system32\DRIVERS\igdkmd64.sys 17:01:47.0352 5080 igfx - ok 17:01:47.0468 5080 iirsp (8c3951ad2fe886ef76c7b5027c3125d3) C:\Windows\system32\drivers\iirsp.sys 17:01:47.0470 5080 iirsp - ok 17:01:47.0544 5080 IKEEXT (0c9ea6e654e7b0471741e343a6c671af) C:\Windows\System32\ikeext.dll 17:01:47.0551 5080 IKEEXT - ok 17:01:47.0592 5080 IntcHdmiAddService (bd37227c07179b1040a8896b9c0c146b) C:\Windows\system32\drivers\IntcHdmi.sys 17:01:47.0594 5080 IntcHdmiAddService - ok 17:01:47.0623 5080 intelide (475490caf376e55e6e8b37bbdfeb2e81) C:\Windows\system32\drivers\intelide.sys 17:01:47.0624 5080 intelide - ok 17:01:47.0656 5080 intelppm (bfd84af32fa1bad6231c4585cb469630) C:\Windows\system32\DRIVERS\intelppm.sys 17:01:47.0657 5080 intelppm - ok 17:01:47.0682 5080 IPBusEnum (5624bc1bc5eeb49c0ab76a8114f05ea3) C:\Windows\system32\ipbusenum.dll 17:01:47.0684 5080 IPBusEnum - ok 17:01:47.0748 5080 IpFilterDriver (d8aabc341311e4780d6fce8c73c0ad81) C:\Windows\system32\DRIVERS\ipfltdrv.sys 17:01:47.0750 5080 IpFilterDriver - ok 17:01:47.0790 5080 iphlpsvc (bf0dbfa9792c5c14fa00f61c75116c1b) C:\Windows\System32\iphlpsvc.dll 17:01:47.0794 5080 iphlpsvc - ok 17:01:47.0798 5080 IpInIp - ok 17:01:47.0818 5080 IPMIDRV (9c2ee2e6e5a7203bfae15c299475ec67) C:\Windows\system32\drivers\ipmidrv.sys 17:01:47.0819 5080 IPMIDRV - ok 17:01:47.0840 5080 IPNAT (b7e6212f581ea5f6ab0c3a6ceeeb89be) C:\Windows\system32\DRIVERS\ipnat.sys 17:01:47.0841 5080 IPNAT - ok 17:01:48.0018 5080 iPod Service (50d6ccc6ff5561f9f56946b3e6164fb8) C:\Program Files\iPod\bin\iPodService.exe 17:01:48.0033 5080 iPod Service - ok 17:01:48.0058 5080 IRENUM (8c42ca155343a2f11d29feca67faa88d) C:\Windows\system32\drivers\irenum.sys 17:01:48.0059 5080 IRENUM - ok 17:01:48.0084 5080 isapnp (0672bfcedc6fc468a2b0500d81437f4f) C:\Windows\system32\drivers\isapnp.sys 17:01:48.0086 5080 isapnp - ok 17:01:48.0144 5080 iScsiPrt (e4fdf99599f27ec25d2cf6d754243520) C:\Windows\system32\DRIVERS\msiscsi.sys 17:01:48.0147 5080 iScsiPrt - ok 17:01:48.0163 5080 iteatapi (63c766cdc609ff8206cb447a65abba4a) C:\Windows\system32\drivers\iteatapi.sys 17:01:48.0165 5080 iteatapi - ok 17:01:48.0191 5080 iteraid (1281fe73b17664631d12f643cbea3f59) C:\Windows\system32\drivers\iteraid.sys 17:01:48.0192 5080 iteraid - ok 17:01:48.0209 5080 kbdclass (423696f3ba6472dd17699209b933bc26) C:\Windows\system32\DRIVERS\kbdclass.sys 17:01:48.0210 5080 kbdclass - ok 17:01:48.0221 5080 kbdhid (dbdf75d51464fbc47d0104ec3d572c05) C:\Windows\system32\DRIVERS\kbdhid.sys 17:01:48.0222 5080 kbdhid - ok 17:01:48.0262 5080 KeyIso (260bf9c43ee12c6898a9f5aab0fb0e5d) C:\Windows\system32\lsass.exe 17:01:48.0265 5080 KeyIso - ok 17:01:48.0376 5080 KSecDD (2758d174604f597bbc8a217ff667913d) C:\Windows\system32\Drivers\ksecdd.sys 17:01:48.0386 5080 KSecDD - ok 17:01:48.0408 5080 ksthunk (1d419cf43db29396ecd7113d129d94eb) C:\Windows\system32\drivers\ksthunk.sys 17:01:48.0410 5080 ksthunk - ok 17:01:48.0492 5080 KtmRm (1faf6926f3416d3da05c5b265491bdae) C:\Windows\system32\msdtckrm.dll 17:01:48.0500 5080 KtmRm - ok 17:01:48.0554 5080 LanmanServer (50c7a3cb427e9bb5ed0708a669956ab5) C:\Windows\system32\srvsvc.dll 17:01:48.0559 5080 LanmanServer - ok 17:01:48.0584 5080 LanmanWorkstation (caf86fc1388be1e470f1a7b43e348adb) C:\Windows\System32\wkssvc.dll 17:01:48.0589 5080 LanmanWorkstation - ok 17:01:48.0659 5080 Lavasoft Ad-Aware Service - ok 17:01:48.0729 5080 LightScribeService (abf90fc5a127f481219b873c1b8dfc1c) C:\Program Files (x86)\Common Files\LightScribe\LSSrvc.exe 17:01:48.0730 5080 LightScribeService - ok 17:01:48.0743 5080 lltdio (96ece2659b6654c10a0c310ae3a6d02c) C:\Windows\system32\DRIVERS\lltdio.sys 17:01:48.0745 5080 lltdio - ok 17:01:48.0797 5080 lltdsvc (961ccbd0b1ccb5675d64976fae37d092) C:\Windows\System32\lltdsvc.dll 17:01:48.0803 5080 lltdsvc - ok 17:01:48.0831 5080 lmhosts (a47f8080cacc23c91fe823ad19aa5612) C:\Windows\System32\lmhsvc.dll 17:01:48.0832 5080 lmhosts - ok 17:01:48.0852 5080 LSI_FC (acbe1af32d3123e330a07bfbc5ec4a9b) C:\Windows\system32\drivers\lsi_fc.sys 17:01:48.0854 5080 LSI_FC - ok 17:01:48.0870 5080 LSI_SAS (799ffb2fc4729fa46d2157c0065b3525) C:\Windows\system32\drivers\lsi_sas.sys 17:01:48.0872 5080 LSI_SAS - ok 17:01:48.0894 5080 LSI_SCSI (f445ff1daad8a226366bfaf42551226b) C:\Windows\system32\drivers\lsi_scsi.sys 17:01:48.0896 5080 LSI_SCSI - ok 17:01:48.0913 5080 luafv (52f87b9cc8932c2a7375c3b2a9be5e3e) C:\Windows\system32\drivers\luafv.sys 17:01:48.0915 5080 luafv - ok 17:01:48.0984 5080 MBAMProtector (dbc08862a71459e74f7538b432c114cc) C:\Windows\system32\drivers\mbam.sys 17:01:48.0985 5080 MBAMProtector - ok 17:01:49.0110 5080 MBAMService (ba400ed640bca1eae5c727ae17c10207) C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe 17:01:49.0120 5080 MBAMService - ok 17:01:49.0159 5080 Mcx2Svc (76a58df02bd4ea29f189b82d0bef17f8) C:\Windows\system32\Mcx2Svc.dll 17:01:49.0161 5080 Mcx2Svc - ok 17:01:49.0180 5080 mdmxsdk (e4f44ec214b3e381e1fc844a02926666) C:\Windows\system32\DRIVERS\mdmxsdk.sys 17:01:49.0181 5080 mdmxsdk - ok 17:01:49.0212 5080 megasas (5c5cd6aaced32fb26c3fb34b3dcf972f) C:\Windows\system32\drivers\megasas.sys 17:01:49.0213 5080 megasas - ok 17:01:49.0260 5080 MegaSR (859bc2436b076c77c159ed694acfe8f8) C:\Windows\system32\drivers\megasr.sys 17:01:49.0267 5080 MegaSR - ok 17:01:49.0388 5080 Microsoft SharePoint Workspace Audit Service - ok 17:01:49.0437 5080 MMCSS (3cbe4995e80e13ccfbc42e5dcf3ac81a) C:\Windows\system32\mmcss.dll 17:01:49.0440 5080 MMCSS - ok 17:01:49.0451 5080 Modem (59848d5cc74606f0ee7557983bb73c2e) C:\Windows\system32\drivers\modem.sys 17:01:49.0453 5080 Modem - ok 17:01:49.0483 5080 monitor (c247cc2a57e0a0c8c6dccf7807b3e9e5) C:\Windows\system32\DRIVERS\monitor.sys 17:01:49.0484 5080 monitor - ok 17:01:49.0501 5080 mouclass (9367304e5e412b120cf5f4ea14e4e4f1) C:\Windows\system32\DRIVERS\mouclass.sys 17:01:49.0502 5080 mouclass - ok 17:01:49.0532 5080 mouhid (c2c2bd5c5ce5aaf786ddd74b75d2ac69) C:\Windows\system32\DRIVERS\mouhid.sys 17:01:49.0533 5080 mouhid - ok 17:01:49.0548 5080 MountMgr (11bc9b1e8801b01f7f6adb9ead30019b) C:\Windows\system32\drivers\mountmgr.sys 17:01:49.0550 5080 MountMgr - ok 17:01:49.0637 5080 MozillaMaintenance (15d5398eed42c2504bb3d4fc875c15d1) C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe 17:01:49.0639 5080 MozillaMaintenance - ok 17:01:49.0687 5080 MpFilter (c177a7ebf5e8a0b596f618870516cab8) C:\Windows\system32\DRIVERS\MpFilter.sys 17:01:49.0690 5080 MpFilter - ok 17:01:49.0719 5080 mpio (f8276eb8698142884498a528dfea8478) C:\Windows\system32\drivers\mpio.sys 17:01:49.0722 5080 mpio - ok 17:01:49.0733 5080 MpNWMon (8fbf6b31fe8af1833d93c5913d5b4d55) C:\Windows\system32\DRIVERS\MpNWMon.sys 17:01:49.0735 5080 MpNWMon - ok 17:01:49.0761 5080 mpsdrv (c92b9abdb65a5991e00c28f13491dba2) C:\Windows\system32\drivers\mpsdrv.sys 17:01:49.0764 5080 mpsdrv - ok 17:01:49.0843 5080 MpsSvc (897e3baf68ba406a61682ae39c83900c) C:\Windows\system32\mpssvc.dll 17:01:49.0852 5080 MpsSvc - ok 17:01:49.0865 5080 Mraid35x (3c200630a89ef2c0864d515b7a75802e) C:\Windows\system32\drivers\mraid35x.sys 17:01:49.0866 5080 Mraid35x - ok 17:01:49.0937 5080 MRxDAV (7c1de4aa96dc0c071611f9e7de02a68d) C:\Windows\system32\drivers\mrxdav.sys 17:01:49.0939 5080 MRxDAV - ok 17:01:50.0001 5080 mrxsmb (1485811b320ff8c7edad1caebb1c6c2b) C:\Windows\system32\DRIVERS\mrxsmb.sys 17:01:50.0004 5080 mrxsmb - ok 17:01:50.0070 5080 mrxsmb10 (3b929a60c833fc615fd97fba82bc7632) C:\Windows\system32\DRIVERS\mrxsmb10.sys 17:01:50.0074 5080 mrxsmb10 - ok 17:01:50.0126 5080 mrxsmb20 (c64ab3e1f53b4f5b5bb6d796b2d7bec3) C:\Windows\system32\DRIVERS\mrxsmb20.sys 17:01:50.0128 5080 mrxsmb20 - ok 17:01:50.0195 5080 msahci (aa459f2ab3ab603c357ff117cae3d818) C:\Windows\system32\drivers\msahci.sys 17:01:50.0196 5080 msahci - ok 17:01:50.0223 5080 msdsm (264bbb4aaf312a485f0e44b65a6b7202) C:\Windows\system32\drivers\msdsm.sys 17:01:50.0225 5080 msdsm - ok 17:01:50.0293 5080 MSDTC (7ec02ce772f068ed0beafa3da341a9bc) C:\Windows\System32\msdtc.exe 17:01:50.0296 5080 MSDTC - ok 17:01:50.0327 5080 Msfs (704f59bfc4512d2bb0146aec31b10a7c) C:\Windows\system32\drivers\Msfs.sys 17:01:50.0328 5080 Msfs - ok 17:01:50.0352 5080 msisadrv (00ebc952961664780d43dca157e79b27) C:\Windows\system32\drivers\msisadrv.sys 17:01:50.0353 5080 msisadrv - ok 17:01:50.0380 5080 MSiSCSI (366b0c1f4478b519c181e37d43dcda32) C:\Windows\system32\iscsiexe.dll 17:01:50.0383 5080 MSiSCSI - ok 17:01:50.0393 5080 msiserver - ok 17:01:50.0428 5080 MSKSSRV (0ea73e498f53b96d83dbfca074ad4cf8) C:\Windows\system32\drivers\MSKSSRV.sys 17:01:50.0429 5080 MSKSSRV - ok 17:01:50.0517 5080 MsMpSvc (157e9e498206a3366baa7e4697bdd947) c:\Program Files\Microsoft Security Client\Antimalware\MsMpEng.exe 17:01:50.0519 5080 MsMpSvc - ok 17:01:50.0536 5080 MSPCLOCK (52e59b7e992a58e740aa63f57edbae8b) C:\Windows\system32\drivers\MSPCLOCK.sys 17:01:50.0537 5080 MSPCLOCK - ok 17:01:50.0551 5080 MSPQM (49084a75bae043ae02d5b44d02991bb2) C:\Windows\system32\drivers\MSPQM.sys 17:01:50.0552 5080 MSPQM - ok 17:01:50.0635 5080 MsRPC (dc6ccf440cdede4293db41c37a5060a5) C:\Windows\system32\drivers\MsRPC.sys 17:01:50.0640 5080 MsRPC - ok 17:01:50.0723 5080 mssmbios (855796e59df77ea93af46f20155bf55b) C:\Windows\system32\DRIVERS\mssmbios.sys 17:01:50.0725 5080 mssmbios - ok 17:01:50.0741 5080 MSTEE (86d632d75d05d5b7c7c043fa3564ae86) C:\Windows\system32\drivers\MSTEE.sys 17:01:50.0742 5080 MSTEE - ok 17:01:50.0802 5080 Mup (0cc49f78d8aca0877d885f149084e543) C:\Windows\system32\Drivers\mup.sys 17:01:50.0803 5080 Mup - ok 17:01:50.0920 5080 napagent (a5b10c845e7538c60c0f5d87a57cb3f5) C:\Windows\system32\qagentRT.dll 17:01:50.0928 5080 napagent - ok 17:01:50.0989 5080 NativeWifiP (2007b826c4acd94ae32232b41f0842b9) C:\Windows\system32\DRIVERS\nwifi.sys 17:01:50.0992 5080 NativeWifiP - ok 17:01:51.0170 5080 NDIS (65950e07329fcee8e6516b17c8d0abb6) C:\Windows\system32\drivers\ndis.sys 17:01:51.0198 5080 NDIS - ok 17:01:51.0219 5080 NdisTapi (64df698a425478e321981431ac171334) C:\Windows\system32\DRIVERS\ndistapi.sys 17:01:51.0220 5080 NdisTapi - ok 17:01:51.0243 5080 Ndisuio (8baa43196d7b5bb972c9a6b2bbf61a19) C:\Windows\system32\DRIVERS\ndisuio.sys 17:01:51.0244 5080 Ndisuio - ok 17:01:51.0299 5080 NdisWan (f8158771905260982ce724076419ef19) C:\Windows\system32\DRIVERS\ndiswan.sys 17:01:51.0302 5080 NdisWan - ok 17:01:51.0329 5080 NDProxy (9cb77ed7cb72850253e973a2d6afdf49) C:\Windows\system32\drivers\NDProxy.sys 17:01:51.0330 5080 NDProxy - ok 17:01:51.0354 5080 NetBIOS (a499294f5029a7862adc115bda7371ce) C:\Windows\system32\DRIVERS\netbios.sys 17:01:51.0355 5080 NetBIOS - ok 17:01:51.0440 5080 netbt (fc2c792ebddc8e28df939d6a92c83d61) C:\Windows\system32\DRIVERS\netbt.sys 17:01:51.0457 5080 netbt - ok 17:01:51.0570 5080 Netlogon (260bf9c43ee12c6898a9f5aab0fb0e5d) C:\Windows\system32\lsass.exe 17:01:51.0572 5080 Netlogon - ok 17:01:51.0624 5080 Netman (9b63b29defc0f3115a559d2597bf5d75) C:\Windows\System32\netman.dll 17:01:51.0630 5080 Netman - ok 17:01:51.0945 5080 netprofm (7846d0136cc2b264926a73047ba7688a) C:\Windows\System32\netprofm.dll 17:01:51.0998 5080 netprofm - ok 17:01:52.0194 5080 NetTcpPortSharing (74751dda198165947fd7454d83f49825) C:\Windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\SMSvcHost.exe 17:01:52.0196 5080 NetTcpPortSharing - ok 17:01:52.0707 5080 NETw3v64 (c86984aee87900c1eeb6942ede3bf4b6) C:\Windows\system32\DRIVERS\NETw3v64.sys 17:01:52.0748 5080 NETw3v64 - ok 17:01:52.0905 5080 nfrd960 (4ac08bd6af2df42e0c3196d826c8aea7) C:\Windows\system32\drivers\nfrd960.sys 17:01:52.0906 5080 nfrd960 - ok 17:01:53.0005 5080 NisDrv (5f7d72cbcdd025af1f38fdeee5646968) C:\Windows\system32\DRIVERS\NisDrvWFP.sys 17:01:53.0006 5080 NisDrv - ok 17:01:53.0101 5080 NisSrv (566ddd5d82520da01d75f81428ac4c38) c:\Program Files\Microsoft Security Client\Antimalware\NisSrv.exe 17:01:53.0105 5080 NisSrv - ok 17:01:53.0188 5080 NlaSvc (f145bf4c4668e7e312069f81ef847cfc) C:\Windows\System32\nlasvc.dll 17:01:53.0209 5080 NlaSvc - ok 17:01:53.0262 5080 Npfs (b298874f8e0ea93f06ec40aa8d146478) C:\Windows\system32\drivers\Npfs.sys 17:01:53.0264 5080 Npfs - ok 17:01:53.0267 5080 npggsvc - ok 17:01:53.0273 5080 NPPTNT2 - ok 17:01:53.0298 5080 nsi (acb62baa1c319b17752553df3026eeeb) C:\Windows\system32\nsisvc.dll 17:01:53.0300 5080 nsi - ok 17:01:53.0325 5080 nsiproxy (1523af19ee8b030ba682f7a53537eaeb) C:\Windows\system32\drivers\nsiproxy.sys 17:01:53.0326 5080 nsiproxy - ok 17:01:53.0543 5080 Ntfs (bac869dfb98e499ba4d9bb1fb43270e1) C:\Windows\system32\drivers\Ntfs.sys 17:01:53.0563 5080 Ntfs - ok 17:01:53.0685 5080 Null (dd5d684975352b85b52e3fd5347c20cb) C:\Windows\system32\drivers\Null.sys 17:01:53.0686 5080 Null - ok 17:01:53.0703 5080 nvraid (2c040b7ada5b06f6facadac8514aa034) C:\Windows\system32\drivers\nvraid.sys 17:01:53.0705 5080 nvraid - ok 17:01:53.0737 5080 nvstor (f7ea0fe82842d05eda3efdd376dbfdba) C:\Windows\system32\drivers\nvstor.sys 17:01:53.0738 5080 nvstor - ok 17:01:53.0768 5080 nv_agp (19067ca93075ef4823e3938a686f532f) C:\Windows\system32\drivers\nv_agp.sys 17:01:53.0770 5080 nv_agp - ok 17:01:53.0774 5080 NwlnkFlt - ok 17:01:53.0781 5080 NwlnkFwd - ok 17:01:53.0813 5080 ohci1394 (1b30103fde512915a9214b108b6e7a9c) C:\Windows\system32\DRIVERS\ohci1394.sys 17:01:53.0815 5080 ohci1394 - ok 17:01:53.0894 5080 ose (9d10f99a6712e28f8acd5641e3a7ea6b) C:\Program Files (x86)\Common Files\Microsoft Shared\Source Engine\OSE.EXE 17:01:53.0897 5080 ose - ok 17:01:54.0469 5080 osppsvc (61bffb5f57ad12f83ab64b7181829b34) C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE 17:01:54.0565 5080 osppsvc - ok 17:01:54.0840 5080 p2pimsvc (9ae31d2e1d15c10d91318e0ec149ceac) C:\Windows\system32\p2psvc.dll 17:01:54.0852 5080 p2pimsvc - ok 17:01:54.0862 5080 p2psvc (9ae31d2e1d15c10d91318e0ec149ceac) C:\Windows\system32\p2psvc.dll 17:01:54.0868 5080 p2psvc - ok 17:01:54.0909 5080 Parport (aecd57f94c887f58919f307c35498ea0) C:\Windows\system32\drivers\parport.sys 17:01:54.0911 5080 Parport - ok 17:01:54.0989 5080 partmgr (b43751085e2abe389da466bc62a4b987) C:\Windows\system32\drivers\partmgr.sys 17:01:54.0992 5080 partmgr - ok 17:01:55.0031 5080 PcaSvc (9ab157b374192ff276c1628fbdba2b0e) C:\Windows\System32\pcasvc.dll 17:01:55.0034 5080 PcaSvc - ok 17:01:55.0112 5080 pci (47ab1e0fc9d0e12bb53ba246e3a0906d) C:\Windows\system32\drivers\pci.sys 17:01:55.0115 5080 pci - ok 17:01:55.0164 5080 pciide (15e5c3f89a3452efbda3b39816dbc4ee) C:\Windows\system32\drivers\pciide.sys 17:01:55.0165 5080 pciide - ok 17:01:55.0215 5080 pcmcia (037661f3d7c507c9993b7010ceee6288) C:\Windows\system32\drivers\pcmcia.sys 17:01:55.0219 5080 pcmcia - ok 17:01:55.0292 5080 PEAUTH (58865916f53592a61549b04941bfd80d) C:\Windows\system32\drivers\peauth.sys 17:01:55.0302 5080 PEAUTH - ok 17:01:55.0411 5080 PerfHost (0ed8727ea0172860f47258456c06caea) C:\Windows\SysWow64\perfhost.exe 17:01:55.0413 5080 PerfHost - ok 17:01:55.0594 5080 pla (e9e68c1a0f25cf4a7ac966eea74ee89e) C:\Windows\system32\pla.dll 17:01:55.0616 5080 pla - ok 17:01:55.0682 5080 PlugPlay (fe6b0f59215c9fd9f9d26539c58c8b82) C:\Windows\system32\umpnpmgr.dll 17:01:55.0688 5080 PlugPlay - ok 17:01:55.0800 5080 PNRPAutoReg (9ae31d2e1d15c10d91318e0ec149ceac) C:\Windows\system32\p2psvc.dll 17:01:55.0806 5080 PNRPAutoReg - ok 17:01:55.0815 5080 PNRPsvc (9ae31d2e1d15c10d91318e0ec149ceac) C:\Windows\system32\p2psvc.dll 17:01:55.0821 5080 PNRPsvc - ok 17:01:55.0913 5080 PolicyAgent (89a5560671c2d8b4a4b51f3e1aa069d8) C:\Windows\System32\ipsecsvc.dll 17:01:55.0922 5080 PolicyAgent - ok 17:01:56.0014 5080 PptpMiniport (23386e9952025f5f21c368971e2e7301) C:\Windows\system32\DRIVERS\raspptp.sys 17:01:56.0016 5080 PptpMiniport - ok 17:01:56.0049 5080 Processor (5080e59ecee0bc923f14018803aa7a01) C:\Windows\system32\drivers\processr.sys 17:01:56.0050 5080 Processor - ok 17:01:56.0117 5080 ProfSvc (e058ce4fc2449d8bfa14739c83b7ff2a) C:\Windows\system32\profsvc.dll 17:01:56.0121 5080 ProfSvc - ok 17:01:56.0192 5080 ProtectedStorage (260bf9c43ee12c6898a9f5aab0fb0e5d) C:\Windows\system32\lsass.exe 17:01:56.0193 5080 ProtectedStorage - ok 17:01:56.0253 5080 PSched (c5ab7f0809392d0da027f4a2a81bfa31) C:\Windows\system32\DRIVERS\pacer.sys 17:01:56.0255 5080 PSched - ok 17:01:56.0371 5080 ql2300 (0b83f4e681062f3839be2ec1d98fd94a) C:\Windows\system32\drivers\ql2300.sys 17:01:56.0388 5080 ql2300 - ok 17:01:56.0402 5080 ql40xx (e1c80f8d4d1e39ef9595809c1369bf2a) C:\Windows\system32\drivers\ql40xx.sys 17:01:56.0404 5080 ql40xx - ok 17:01:56.0439 5080 QWAVE (90574842c3da781e279061a3eff91f07) C:\Windows\system32\qwave.dll 17:01:56.0444 5080 QWAVE - ok 17:01:56.0456 5080 QWAVEdrv (e8d76edab77ec9c634c27b8eac33adc5) C:\Windows\system32\drivers\qwavedrv.sys 17:01:56.0457 5080 QWAVEdrv - ok 17:01:56.0470 5080 RasAcd (1013b3b663a56d3ddd784f581c1bd005) C:\Windows\system32\DRIVERS\rasacd.sys 17:01:56.0471 5080 RasAcd - ok 17:01:56.0501 5080 RasAuto (b2ae18f847d07f0044404ddf7cb04497) C:\Windows\System32\rasauto.dll 17:01:56.0504 5080 RasAuto - ok 17:01:56.0596 5080 Rasl2tp (ac7bc4d42a7e558718dfdec599bbfc2c) C:\Windows\system32\DRIVERS\rasl2tp.sys 17:01:56.0598 5080 Rasl2tp - ok 17:01:56.0641 5080 RasMan (3ad83e4046c43be510de681588acb8af) C:\Windows\System32\rasmans.dll 17:01:56.0647 5080 RasMan - ok 17:01:56.0691 5080 RasPppoe (4517fbf8b42524afe4ede1de102aae3e) C:\Windows\system32\DRIVERS\raspppoe.sys 17:01:56.0692 5080 RasPppoe - ok 17:01:56.0751 5080 RasSstp (c6a593b51f34c33e5474539544072527) C:\Windows\system32\DRIVERS\rassstp.sys 17:01:56.0753 5080 RasSstp - ok 17:01:56.0829 5080 rdbss (322db5c6b55e8d8ee8d6f358b2aaabb1) C:\Windows\system32\DRIVERS\rdbss.sys 17:01:56.0833 5080 rdbss - ok 17:01:56.0863 5080 RDPCDD (603900cc05f6be65ccbf373800af3716) C:\Windows\system32\DRIVERS\RDPCDD.sys 17:01:56.0864 5080 RDPCDD - ok 17:01:56.0916 5080 rdpdr (c045d1fb111c28df0d1be8d4bda22c06) C:\Windows\system32\drivers\rdpdr.sys 17:01:56.0921 5080 rdpdr - ok 17:01:56.0925 5080 RDPENCDD (cab9421daf3d97b33d0d055858e2c3ab) C:\Windows\system32\drivers\rdpencdd.sys 17:01:56.0926 5080 RDPENCDD - ok 17:01:56.0967 5080 RDPWD (ae4bd9e1c33d351d8e607fc81f15160c) C:\Windows\system32\drivers\RDPWD.sys 17:01:56.0971 5080 RDPWD - ok 17:01:57.0131 5080 Recovery Service for Windows (0d362785bef9bdf5a6e1f4628d06716d) C:\Program Files (x86)\SMINST\BLService.exe 17:01:57.0136 5080 Recovery Service for Windows - ok 17:01:57.0161 5080 RemoteAccess (c612b9557da73f70d41f8a6fbc8e5344) C:\Windows\System32\mprdim.dll 17:01:57.0164 5080 RemoteAccess - ok 17:01:57.0224 5080 RemoteRegistry (44b9d8ec2f3ef3a0efb00857af70d861) C:\Windows\system32\regsvc.dll 17:01:57.0229 5080 RemoteRegistry - ok 17:01:57.0233 5080 rffxouuu - ok 17:01:57.0313 5080 RichVideo (805ae1f90c64758d19aaa001cf8cba12) C:\Program Files (x86)\CyberLink\Shared files\RichVideo.exe 17:01:57.0316 5080 RichVideo - ok 17:01:57.0333 5080 RpcLocator (f46c457840d4b7a4daafee739ce04102) C:\Windows\system32\locator.exe 17:01:57.0334 5080 RpcLocator - ok 17:01:57.0425 5080 RpcSs (cf8b9a3a5e7dc57724a89d0c3e8cf9ef) C:\Windows\system32\rpcss.dll 17:01:57.0431 5080 RpcSs - ok 17:01:57.0453 5080 rspndr (22a9cb08b1a6707c1550c6bf099aae73) C:\Windows\system32\DRIVERS\rspndr.sys 17:01:57.0455 5080 rspndr - ok 17:01:57.0513 5080 RTL8169 (170a66dfaaa22358e08d6f4b38c8f3df) C:\Windows\system32\DRIVERS\Rtlh64.sys 17:01:57.0517 5080 RTL8169 - ok 17:01:57.0542 5080 RTSTOR (4ad8464fece8ebe276d4a7d75e418452) C:\Windows\system32\drivers\RTSTOR64.SYS 17:01:57.0544 5080 RTSTOR - ok 17:01:57.0584 5080 SamSs (260bf9c43ee12c6898a9f5aab0fb0e5d) C:\Windows\system32\lsass.exe 17:01:57.0586 5080 SamSs - ok 17:01:57.0609 5080 sbp2port (cd9c693589c60ad59bbbcfb0e524e01b) C:\Windows\system32\drivers\sbp2port.sys 17:01:57.0610 5080 sbp2port - ok 17:01:57.0698 5080 SCardSvr (fd1cdcf108d5ef3366f00d18b70fb89b) C:\Windows\System32\SCardSvr.dll 17:01:57.0702 5080 SCardSvr - ok 17:01:57.0854 5080 Schedule (0f838c811ad295d2a4489b9993096c63) C:\Windows\system32\schedsvc.dll 17:01:57.0867 5080 Schedule - ok 17:01:57.0911 5080 SCPolicySvc (5a268127633c7ee2a7fb87f39d748d56) C:\Windows\System32\certprop.dll 17:01:57.0911 5080 SCPolicySvc - ok 17:01:57.0945 5080 sdbus (b42ee50f7d24f837f925332eb349eca5) C:\Windows\system32\DRIVERS\sdbus.sys 17:01:57.0947 5080 sdbus - ok 17:01:57.0980 5080 SDRSVC (4ff71b076a7760fe75ea5ae2d0ee0018) C:\Windows\System32\SDRSVC.dll 17:01:57.0984 5080 SDRSVC - ok 17:01:58.0017 5080 secdrv (3ea8a16169c26afbeb544e0e48421186) C:\Windows\system32\drivers\secdrv.sys 17:01:58.0018 5080 secdrv - ok 17:01:58.0034 5080 seclogon (5acdcbc67fcf894a1815b9f96d704490) C:\Windows\system32\seclogon.dll 17:01:58.0036 5080 seclogon - ok 17:01:58.0054 5080 SENS (90973a64b96cd647ff81c79443618eed) C:\Windows\System32\sens.dll 17:01:58.0057 5080 SENS - ok 17:01:58.0071 5080 Serenum (f71bfe7ac6c52273b7c82cbf1bb2a222) C:\Windows\system32\drivers\serenum.sys 17:01:58.0073 5080 Serenum - ok 17:01:58.0096 5080 Serial (e62fac91ee288db29a9696a9d279929c) C:\Windows\system32\drivers\serial.sys 17:01:58.0098 5080 Serial - ok 17:01:58.0117 5080 sermouse (a842f04833684bceea7336211be478df) C:\Windows\system32\drivers\sermouse.sys 17:01:58.0118 5080 sermouse - ok 17:01:58.0145 5080 SessionEnv (a8e4a4407a09f35dccc3771af590b0c4) C:\Windows\system32\sessenv.dll 17:01:58.0148 5080 SessionEnv - ok 17:01:58.0178 5080 sffdisk (14d4b4465193a87c127933978e8c4106) C:\Windows\system32\drivers\sffdisk.sys 17:01:58.0179 5080 sffdisk - ok 17:01:58.0188 5080 sffp_mmc (7073aee3f82f3d598e3825962aa98ab2) C:\Windows\system32\drivers\sffp_mmc.sys 17:01:58.0189 5080 sffp_mmc - ok 17:01:58.0207 5080 sffp_sd (35e59ebe4a01a0532ed67975161c7b82) C:\Windows\system32\drivers\sffp_sd.sys 17:01:58.0209 5080 sffp_sd - ok 17:01:58.0223 5080 sfloppy (6b7838c94135768bd455cbdc23e39e5f) C:\Windows\system32\drivers\sfloppy.sys 17:01:58.0224 5080 sfloppy - ok 17:01:58.0298 5080 SharedAccess (4c5aee179da7e1ee9a9ccb9da289af34) C:\Windows\System32\ipnathlp.dll 17:01:58.0306 5080 SharedAccess - ok 17:01:58.0370 5080 ShellHWDetection (56793271ecdedd350c5add305603e963) C:\Windows\System32\shsvcs.dll 17:01:58.0377 5080 ShellHWDetection - ok 17:01:58.0397 5080 SiSRaid2 (7a5de502aeb719d4594c6471060a78b3) C:\Windows\system32\drivers\sisraid2.sys 17:01:58.0399 5080 SiSRaid2 - ok 17:01:58.0415 5080 SiSRaid4 (3a2f769fab9582bc720e11ea1dfb184d) C:\Windows\system32\drivers\sisraid4.sys 17:01:58.0417 5080 SiSRaid4 - ok 17:01:58.0819 5080 slsvc (a9a27a8e257b45a604fdad4f26fe7241) C:\Windows\system32\SLsvc.exe 17:01:58.0886 5080 slsvc - ok 17:01:59.0056 5080 SLUINotify (fd74b4b7c2088e390a30c85a896fc3af) C:\Windows\system32\SLUINotify.dll 17:01:59.0059 5080 SLUINotify - ok 17:01:59.0138 5080 Smb (290b6f6a0ec4fcdfc90f5cb6d7020473) C:\Windows\system32\DRIVERS\smb.sys 17:01:59.0140 5080 Smb - ok 17:01:59.0187 5080 SNMPTRAP (f8f47f38909823b1af28d60b96340cff) C:\Windows\System32\snmptrap.exe 17:01:59.0189 5080 SNMPTRAP - ok 17:01:59.0495 5080 SolidWorks Licensing Service (4945020bc094c322571184a6e8056b3a) C:\Program Files (x86)\Common Files\SolidWorks Shared\Service\SolidWorksLicensing.exe 17:01:59.0497 5080 SolidWorks Licensing Service - ok 17:01:59.0579 5080 spldr (386c3c63f00a7040c7ec5e384217e89d) C:\Windows\system32\drivers\spldr.sys 17:01:59.0590 5080 spldr - ok 17:01:59.0664 5080 Spooler (f66ff751e7efc816d266977939ef5dc3) C:\Windows\System32\spoolsv.exe 17:01:59.0670 5080 Spooler - ok 17:01:59.0966 5080 srv (880a57fccb571ebd063d4dd50e93e46d) C:\Windows\system32\DRIVERS\srv.sys 17:02:00.0010 5080 srv - ok 17:02:00.0262 5080 srv2 (a1ad14a6d7a37891fffeca35ebbb0730) C:\Windows\system32\DRIVERS\srv2.sys 17:02:00.0294 5080 srv2 - ok 17:02:00.0515 5080 srvnet (4bed62f4fa4d8300973f1151f4c4d8a7) C:\Windows\system32\DRIVERS\srvnet.sys 17:02:00.0518 5080 srvnet - ok 17:02:00.0562 5080 SSDPSRV (192c74646ec5725aef3f80d19ff75f6a) C:\Windows\System32\ssdpsrv.dll 17:02:00.0568 5080 SSDPSRV - ok 17:02:00.0623 5080 SstpSvc (2ee3fa0308e6185ba64a9a7f2e74332b) C:\Windows\system32\sstpsvc.dll 17:02:00.0628 5080 SstpSvc - ok 17:02:00.0976 5080 stisvc (15825c1fbfb8779992cb65087f316af5) C:\Windows\System32\wiaservc.dll 17:02:01.0023 5080 stisvc - ok 17:02:01.0044 5080 swenum (8a851ca908b8b974f89c50d2e18d4f0c) C:\Windows\system32\DRIVERS\swenum.sys 17:02:01.0046 5080 swenum - ok 17:02:01.0789 5080 swprv (6de37f4de19d4efd9c48c43addbc949a) C:\Windows\System32\swprv.dll 17:02:01.0821 5080 swprv - ok 17:02:01.0879 5080 Symc8xx (2f26a2c6fc96b29beff5d8ed74e6625b) C:\Windows\system32\drivers\symc8xx.sys 17:02:01.0881 5080 Symc8xx - ok 17:02:01.0899 5080 Sym_hi (a909667976d3bccd1df813fed517d837) C:\Windows\system32\drivers\sym_hi.sys 17:02:01.0900 5080 Sym_hi - ok 17:02:01.0917 5080 Sym_u3 (36887b56ec2d98b9c362f6ae4de5b7b0) C:\Windows\system32\drivers\sym_u3.sys 17:02:01.0918 5080 Sym_u3 - ok 17:02:01.0969 5080 SynTP (e33b57c4aa60288e9971277d88ce9b67) C:\Windows\system32\DRIVERS\SynTP.sys 17:02:01.0976 5080 SynTP - ok 17:02:02.0135 5080 SysMain (92d7a8b0f87b036f17d25885937897a6) C:\Windows\system32\sysmain.dll 17:02:02.0154 5080 SysMain - ok 17:02:02.0181 5080 TabletInputService (005ce42567f9113a3bccb3b20073b029) C:\Windows\System32\TabSvc.dll 17:02:02.0186 5080 TabletInputService - ok 17:02:02.0436 5080 TapiSrv (cc2562b4d55e0b6a4758c65407f63b79) C:\Windows\System32\tapisrv.dll 17:02:02.0451 5080 TapiSrv - ok 17:02:02.0476 5080 TBS (cdbe8d7c1e201b911cdc346d06617fb5) C:\Windows\System32\tbssvc.dll 17:02:02.0479 5080 TBS - ok 17:02:03.0026 5080 Tcpip (ac8d5728e6ad6a7c4819d9a67008337a) C:\Windows\system32\drivers\tcpip.sys 17:02:03.0068 5080 Tcpip - ok 17:02:04.0469 5080 Tcpip6 (ac8d5728e6ad6a7c4819d9a67008337a) C:\Windows\system32\DRIVERS\tcpip.sys 17:02:04.0481 5080 Tcpip6 - ok 17:02:05.0383 5080 tcpipreg (fd8fde859e38e40a20085ebb0c22b416) C:\Windows\system32\drivers\tcpipreg.sys 17:02:05.0385 5080 tcpipreg - ok 17:02:05.0420 5080 TDPIPE (1d8bf4aaa5fb7a2761475781dc1195bc) C:\Windows\system32\drivers\tdpipe.sys 17:02:05.0421 5080 TDPIPE - ok 17:02:05.0445 5080 TDTCP (7f7e00cdf609df657f4cda02dd1c9bb1) C:\Windows\system32\drivers\tdtcp.sys 17:02:05.0447 5080 TDTCP - ok 17:02:05.0756 5080 tdx (458919c8c42e398dc4802178d5ffee27) C:\Windows\system32\DRIVERS\tdx.sys 17:02:05.0759 5080 tdx - ok 17:02:05.0801 5080 TermDD (8c19678d22649ec002ef2282eae92f98) C:\Windows\system32\DRIVERS\termdd.sys 17:02:05.0802 5080 TermDD - ok 17:02:05.0996 5080 TermService (5cdd30bc217082dac71a9878d9bfd566) C:\Windows\System32\termsrv.dll 17:02:06.0005 5080 TermService - ok 17:02:06.0057 5080 Themes (56793271ecdedd350c5add305603e963) C:\Windows\system32\shsvcs.dll 17:02:06.0061 5080 Themes - ok 17:02:06.0081 5080 THREADORDER (3cbe4995e80e13ccfbc42e5dcf3ac81a) C:\Windows\system32\mmcss.dll 17:02:06.0083 5080 THREADORDER - ok 17:02:06.0123 5080 TPM (270308efb59976157755c768b8544b5f) C:\Windows\system32\drivers\tpm.sys 17:02:06.0124 5080 TPM - ok 17:02:06.0213 5080 TrkWks (f4689f05af472a651a7b1b7b02d200e7) C:\Windows\System32\trkwks.dll 17:02:06.0217 5080 TrkWks - ok 17:02:06.0445 5080 TrustedInstaller (66328b08ef5a9305d8ede36b93930369) C:\Windows\servicing\TrustedInstaller.exe 17:02:06.0466 5080 TrustedInstaller - ok 17:02:06.0514 5080 tssecsrv (9e5409cd17c8bef193aad498f3bc2cb8) C:\Windows\system32\DRIVERS\tssecsrv.sys 17:02:06.0515 5080 tssecsrv - ok 17:02:06.0535 5080 tunmp (89ec74a9e602d16a75a4170511029b3c) C:\Windows\system32\DRIVERS\tunmp.sys 17:02:06.0536 5080 tunmp - ok 17:02:06.0584 5080 tunnel (30a9b3f45ad081bffc3bcaa9c812b609) C:\Windows\system32\DRIVERS\tunnel.sys 17:02:06.0585 5080 tunnel - ok 17:02:06.0603 5080 uagp35 (fec266ef401966311744bd0f359f7f56) C:\Windows\system32\drivers\uagp35.sys 17:02:06.0605 5080 uagp35 - ok 17:02:06.0669 5080 udfs (faf2640a2a76ed03d449e443194c4c34) C:\Windows\system32\DRIVERS\udfs.sys 17:02:06.0674 5080 udfs - ok 17:02:06.0824 5080 UI0Detect (060507c4113391394478f6953a79eedc) C:\Windows\system32\UI0Detect.exe 17:02:06.0826 5080 UI0Detect - ok 17:02:06.0871 5080 uliagpkx (4ec9447ac3ab462647f60e547208ca00) C:\Windows\system32\drivers\uliagpkx.sys 17:02:06.0873 5080 uliagpkx - ok 17:02:06.0912 5080 uliahci (697f0446134cdc8f99e69306184fbbb4) C:\Windows\system32\drivers\uliahci.sys 17:02:06.0917 5080 uliahci - ok 17:02:06.0931 5080 UlSata (31707f09846056651ea2c37858f5ddb0) C:\Windows\system32\drivers\ulsata.sys 17:02:06.0935 5080 UlSata - ok 17:02:06.0956 5080 ulsata2 (85e5e43ed5b48c8376281bab519271b7) C:\Windows\system32\drivers\ulsata2.sys 17:02:06.0959 5080 ulsata2 - ok 17:02:06.0966 5080 umbus (46e9a994c4fed537dd951f60b86ad3f4) C:\Windows\system32\DRIVERS\umbus.sys 17:02:06.0968 5080 umbus - ok 17:02:07.0011 5080 upnphost (7093799ff80e9deca0680d2e3535be60) C:\Windows\System32\upnphost.dll 17:02:07.0019 5080 upnphost - ok 17:02:07.0081 5080 USBAAPL64 (fb251567f41bc61988b26731dec19e4b) C:\Windows\system32\Drivers\usbaapl64.sys 17:02:07.0082 5080 USBAAPL64 - ok 17:02:07.0135 5080 usbaudio (c6ba890de6e41857fbe84175519cae7d) C:\Windows\system32\drivers\usbaudio.sys 17:02:07.0147 5080 usbaudio - ok 17:02:07.0188 5080 usbccgp (07e3498fc60834219d2356293da0fecc) C:\Windows\system32\DRIVERS\usbccgp.sys 17:02:07.0191 5080 usbccgp - ok 17:02:07.0232 5080 USBCCID (f8e1cb9b8da037219953190cd2aca358) C:\Windows\system32\DRIVERS\usbccid.sys 17:02:07.0233 5080 USBCCID - ok 17:02:07.0518 5080 usbcir (9247f7e0b65852c1f6631480984d6ed2) C:\Windows\system32\drivers\usbcir.sys 17:02:07.0520 5080 usbcir - ok 17:02:07.0589 5080 usbehci (827e44de934a736ea31e91d353eb126f) C:\Windows\system32\DRIVERS\usbehci.sys 17:02:07.0591 5080 usbehci - ok 17:02:07.0692 5080 usbhub (bb35cd80a2ececfadc73569b3d70c7d1) C:\Windows\system32\DRIVERS\usbhub.sys 17:02:07.0696 5080 usbhub - ok 17:02:07.0726 5080 usbohci (eba14ef0c07cec233f1529c698d0d154) C:\Windows\system32\drivers\usbohci.sys 17:02:07.0727 5080 usbohci - ok 17:02:07.0750 5080 usbprint (28b693b6d31e7b9332c1bdcefef228c1) C:\Windows\system32\DRIVERS\usbprint.sys 17:02:07.0751 5080 usbprint - ok 17:02:07.0787 5080 usbscan (ea0bf666868964fbe8cb10e50c97b9f1) C:\Windows\system32\DRIVERS\usbscan.sys 17:02:07.0789 5080 usbscan - ok 17:02:07.0927 5080 USBSTOR (b854c1558fca0c269a38663e8b59b581) C:\Windows\system32\DRIVERS\USBSTOR.SYS 17:02:07.0930 5080 USBSTOR - ok 17:02:07.0971 5080 usbuhci (b2872cbf9f47316abd0e0c74a1aba507) C:\Windows\system32\DRIVERS\usbuhci.sys 17:02:07.0973 5080 usbuhci - ok 17:02:08.0060 5080 usbvideo (fc33099877790d51b0927b7039059855) C:\Windows\system32\Drivers\usbvideo.sys 17:02:08.0063 5080 usbvideo - ok 17:02:08.0156 5080 UxSms (d76e231e4850bb3f88a3d9a78df191e3) C:\Windows\System32\uxsms.dll 17:02:08.0162 5080 UxSms - ok 17:02:08.0603 5080 vds (294945381dfa7ce58cecf0a9896af327) C:\Windows\System32\vds.exe 17:02:08.0635 5080 vds - ok 17:02:08.0671 5080 vga (916b94bcf1e09873fff2d5fb11767bbc) C:\Windows\system32\DRIVERS\vgapnp.sys 17:02:08.0672 5080 vga - ok 17:02:08.0691 5080 VgaSave (b83ab16b51feda65dd81b8c59d114d63) C:\Windows\System32\drivers\vga.sys 17:02:08.0692 5080 VgaSave - ok 17:02:08.0709 5080 viaide (4f964e6828156f0ef3fa8d3a9a7895de) C:\Windows\system32\drivers\viaide.sys 17:02:08.0710 5080 viaide - ok 17:02:08.0758 5080 volmgr (2b7e885ed951519a12c450d24535dfca) C:\Windows\system32\drivers\volmgr.sys 17:02:08.0778 5080 volmgr - ok 17:02:09.0093 5080 volmgrx (cec5ac15277d75d9e5dec2e1c6eaf877) C:\Windows\system32\drivers\volmgrx.sys 17:02:09.0114 5080 volmgrx - ok 17:02:09.0166 5080 volsnap (5280aada24ab36b01a84a6424c475c8d) C:\Windows\system32\drivers\volsnap.sys 17:02:09.0170 5080 volsnap - ok 17:02:09.0174 5080 vqioviue - ok 17:02:09.0542 5080 vsmraid (a68f455ed2673835209318dd61bfbb0e) C:\Windows\system32\drivers\vsmraid.sys 17:02:09.0548 5080 vsmraid - ok 17:02:11.0809 5080 VSS (b75232dad33bfd95bf6f0a3e6bff51e1) C:\Windows\system32\vssvc.exe 17:02:11.0854 5080 VSS - ok 17:02:13.0100 5080 W32Time (f14a7de2ea41883e250892e1e5230a9a) C:\Windows\system32\w32time.dll 17:02:13.0131 5080 W32Time - ok 17:02:13.0485 5080 W3SVC (1ed89751bbc0b2a050b6367a613c1c51) C:\Windows\system32\inetsrv\iisw3adm.dll 17:02:13.0496 5080 W3SVC - ok 17:02:13.0582 5080 WacomPen (fef8fe5923fead2cee4dfabfce3393a7) C:\Windows\system32\drivers\wacompen.sys 17:02:13.0603 5080 WacomPen - ok 17:02:13.0653 5080 Wanarp (b8e7049622300d20ba6d8be0c47c0cfd) C:\Windows\system32\DRIVERS\wanarp.sys 17:02:13.0655 5080 Wanarp - ok 17:02:13.0658 5080 Wanarpv6 (b8e7049622300d20ba6d8be0c47c0cfd) C:\Windows\system32\DRIVERS\wanarp.sys 17:02:13.0659 5080 Wanarpv6 - ok 17:02:13.0669 5080 WAS (1ed89751bbc0b2a050b6367a613c1c51) C:\Windows\system32\inetsrv\iisw3adm.dll 17:02:13.0672 5080 WAS - ok 17:02:13.0768 5080 wcncsvc (b4e4c37d0aa6100090a53213ee2bf1c1) C:\Windows\System32\wcncsvc.dll 17:02:13.0778 5080 wcncsvc - ok 17:02:13.0808 5080 WcsPlugInService (ea4b369560e986f19d93f45a881484ac) C:\Windows\System32\WcsPlugInService.dll 17:02:13.0811 5080 WcsPlugInService - ok 17:02:13.0831 5080 Wd (0c17a0816f65b89e362e682ad5e7266e) C:\Windows\system32\drivers\wd.sys 17:02:13.0833 5080 Wd - ok 17:02:13.0949 5080 Wdf01000 (d02e7e4567da1e7582fbf6a91144b0df) C:\Windows\system32\drivers\Wdf01000.sys 17:02:13.0963 5080 Wdf01000 - ok 17:02:14.0030 5080 WdiServiceHost (c5efda73ebfca8b02a094898de0a9276) C:\Windows\system32\wdi.dll 17:02:14.0033 5080 WdiServiceHost - ok 17:02:14.0037 5080 WdiSystemHost (c5efda73ebfca8b02a094898de0a9276) C:\Windows\system32\wdi.dll 17:02:14.0041 5080 WdiSystemHost - ok 17:02:14.0158 5080 WebClient (3e6d05381cf35f75ebb055544a8ed9ac) C:\Windows\System32\webclnt.dll 17:02:14.0164 5080 WebClient - ok 17:02:14.0515 5080 Wecsvc (8d40bc587993f876658bf9fb0f7d3462) C:\Windows\system32\wecsvc.dll 17:02:14.0529 5080 Wecsvc - ok 17:02:14.0564 5080 wercplsupport (9c980351d7e96288ea0c23ae232bd065) C:\Windows\System32\wercplsupport.dll 17:02:14.0567 5080 wercplsupport - ok 17:02:14.0591 5080 WerSvc (66b9ecebc46683f47edc06333c075fef) C:\Windows\System32\WerSvc.dll 17:02:14.0595 5080 WerSvc - ok 17:02:15.0001 5080 winachsf (590812dd01a4fe83c6e92fdb701e59a6) C:\Windows\system32\DRIVERS\CAX_CNXT.sys 17:02:15.0030 5080 winachsf - ok 17:02:15.0045 5080 WinDefend - ok 17:02:15.0053 5080 WinHttpAutoProxySvc - ok 17:02:15.0246 5080 Winmgmt (d2e7296ed1bd26d8db2799770c077a02) C:\Windows\system32\wbem\WMIsvc.dll 17:02:15.0251 5080 Winmgmt - ok 17:02:15.0542 5080 WinRM (6cbb0c68f13b9c2ec1b16f5fa5e7c869) C:\Windows\system32\WsmSvc.dll 17:02:15.0592 5080 WinRM - ok 17:02:15.0812 5080 Wlansvc (ec339c8115e91baed835957e9a677f16) C:\Windows\System32\wlansvc.dll 17:02:15.0823 5080 Wlansvc - ok 17:02:15.0941 5080 wlcrasvc (06c8fa1cf39de6a735b54d906ba791c6) C:\Program Files\Windows Live\Mesh\wlcrasvc.exe 17:02:15.0942 5080 wlcrasvc - ok 17:02:16.0168 5080 wlidsvc (7e47c328fc4768cb8beafbcfafa70362) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE 17:02:16.0199 5080 wlidsvc - ok 17:02:16.0319 5080 WmiAcpi (e18aebaaa5a773fe11aa2c70f65320f5) C:\Windows\system32\DRIVERS\wmiacpi.sys 17:02:16.0320 5080 WmiAcpi - ok 17:02:16.0401 5080 wmiApSrv (21fa389e65a852698b6a1341f36ee02d) C:\Windows\system32\wbem\WmiApSrv.exe 17:02:16.0404 5080 wmiApSrv - ok 17:02:16.0432 5080 WMPNetworkSvc - ok 17:02:16.0465 5080 WPCSvc (cbc156c913f099e6680d1df9307db7a8) C:\Windows\System32\wpcsvc.dll 17:02:16.0469 5080 WPCSvc - ok 17:02:16.0517 5080 WPDBusEnum (490a18b4e4d53dc10879deaa8e8b70d9) C:\Windows\system32\wpdbusenum.dll 17:02:16.0521 5080 WPDBusEnum - ok 17:02:16.0547 5080 WpdUsb (5e2401b3fc1089c90e081291357371a9) C:\Windows\system32\DRIVERS\wpdusb.sys 17:02:16.0548 5080 WpdUsb - ok 17:02:16.0765 5080 WPFFontCache_v0400 (991e2c2cf3bc204c2bb2ee1476149e4e) C:\Windows\Microsoft.NET\Framework64\v4.0.30319\WPF\WPFFontCache_v0400.exe 17:02:16.0779 5080 WPFFontCache_v0400 - ok 17:02:16.0801 5080 ws2ifsl (8a900348370e359b6bff6a550e4649e1) C:\Windows\system32\drivers\ws2ifsl.sys 17:02:16.0802 5080 ws2ifsl - ok 17:02:16.0859 5080 wscsvc (9ea3e6d0ef7a5c2b9181961052a4b01a) C:\Windows\System32\wscsvc.dll 17:02:16.0863 5080 wscsvc - ok 17:02:16.0867 5080 WSearch - ok 17:02:17.0112 5080 wuauserv (d9ef901dca379cfe914e9fa13b73b4c4) C:\Windows\system32\wuaueng.dll 17:02:17.0147 5080 wuauserv - ok 17:02:17.0293 5080 WUDFRd (501a65252617b495c0f1832f908d54d8) C:\Windows\system32\DRIVERS\WUDFRd.sys 17:02:17.0295 5080 WUDFRd - ok 17:02:17.0327 5080 wudfsvc (6cbd51ff913c851d56ed9dc7f2a27dde) C:\Windows\System32\WUDFSvc.dll 17:02:17.0330 5080 wudfsvc - ok 17:02:17.0362 5080 XAudio (f22e443518bc599d12888daf292a56d8) C:\Windows\system32\DRIVERS\xaudio64.sys 17:02:17.0363 5080 XAudio - ok 17:02:17.0424 5080 XAudioService (963c27034bba4ac52a13f7a3c657c708) C:\Windows\system32\DRIVERS\xaudio64.exe 17:02:17.0431 5080 XAudioService - ok 17:02:17.0605 5080 YahooAUService (dd0042f0c3b606a6a8b92d49afb18ad6) C:\Program Files (x86)\Yahoo!\SoftwareUpdate\YahooAUService.exe 17:02:17.0627 5080 YahooAUService - ok 17:02:17.0677 5080 yukonx64 (07f7285220307aafb755d890295f0f9a) C:\Windows\system32\DRIVERS\yk60x64.sys 17:02:17.0681 5080 yukonx64 - ok 17:02:17.0709 5080 MBR (0x1B8) (588ae8f0c685c02ba11f30d9cd7e61a0) \Device\Harddisk0\DR0 17:02:17.0819 5080 \Device\Harddisk0\DR0 - ok 17:02:17.0823 5080 Boot (0x1200) (1a350d6a4c2ffdd54f83768a7121ac5d) \Device\Harddisk0\DR0\Partition0 17:02:17.0825 5080 \Device\Harddisk0\DR0\Partition0 - ok 17:02:17.0830 5080 Boot (0x1200) (8eea3ae57de8495f0632450ea47e7e92) \Device\Harddisk0\DR0\Partition1 17:02:17.0832 5080 \Device\Harddisk0\DR0\Partition1 - ok 17:02:17.0833 5080 ============================================================ 17:02:17.0833 5080 Scan finished 17:02:17.0833 5080 ============================================================ 17:02:17.0846 4080 Detected object count: 1 17:02:17.0846 4080 Actual detected object count: 1 17:26:11.0025 4080 Akamai ( HiddenFile.Multi.Generic ) - skipped by user 17:26:11.0025 4080 Akamai ( HiddenFile.Multi.Generic ) - User select action: Skip 17:26:14.0169 0208 Deinitialize success
-
Thanks...rebooting now.
-
Screen317, If it helps, the file it found is c:/program files (x86)\common files\akamai\netsession_win_80c2ffa.dll. Please advise. Thank you.
-
Do I need to Skip, Copy to Quarantine or Delete the 1 threat found by TDSSKiller so it can continue?
-
. DDS (Ver_2011-08-26.01) - NTFSAMD64 Internet Explorer: 9.0.8112.16421 BrowserJavaVersion: 10.4.1 Run by Chris at 15:55:37 on 2012-07-03 Microsoft® Windows Vista™ Home Premium 6.0.6002.2.1252.1.1033.18.3998.1963 [GMT -4:00] . AV: Microsoft Security Essentials *Disabled/Updated* {108DAC43-C256-20B7-BB05-914135DA5160} SP: Microsoft Security Essentials *Disabled/Updated* {ABEC4DA7-E46C-2F39-81B5-AA334E5D1BDD} SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46} . ============== Running Processes =============== . C:\Windows\system32\wininit.exe C:\Windows\system32\lsm.exe C:\Windows\system32\svchost.exe -k DcomLaunch C:\Windows\system32\svchost.exe -k rpcss C:\Windows\System32\svchost.exe -k secsvcs C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted C:\Windows\system32\svchost.exe -k netsvcs C:\Windows\system32\svchost.exe -k GPSvcGroup C:\Windows\system32\SLsvc.exe C:\Windows\system32\svchost.exe -k LocalService C:\Windows\system32\svchost.exe -k NetworkService C:\Windows\system32\WLANExt.exe C:\Windows\System32\spoolsv.exe C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork C:\Windows\SysWOW64\svchost.exe -k Akamai C:\Windows\system32\taskeng.exe C:\Windows\system32\Dwm.exe C:\Windows\system32\svchost.exe -k apphost C:\Windows\system32\taskeng.exe C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe C:\Windows\Explorer.EXE C:\Program Files\Bonjour\mDNSResponder.exe C:\Program Files (x86)\Hewlett-Packard\Shared\HPDrvMntSvc.exe C:\Program Files (x86)\Common Files\LightScribe\LSSrvc.exe C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted C:\Program Files (x86)\SMINST\BLService.exe C:\Program Files (x86)\CyberLink\Shared files\RichVideo.exe C:\Windows\system32\svchost.exe -k imgsvc C:\Windows\system32\svchost.exe -k iissvcs C:\Windows\System32\svchost.exe -k WerSvcGroup C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE C:\Windows\System32\wpcumi.exe C:\Windows\System32\igfxtray.exe C:\Windows\System32\hkcmd.exe C:\Windows\System32\igfxpers.exe C:\Windows\system32\SearchIndexer.exe C:\Program Files (x86)\Common Files\LightScribe\LightScribeControlPanel.exe C:\Program Files\Windows Sidebar\sidebar.exe C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe C:\Windows\ehome\ehtray.exe C:\Windows\system32\DRIVERS\xaudio64.exe C:\Program Files (x86)\Yahoo!\SoftwareUpdate\YahooAUService.exe C:\Windows\system32\igfxsrvc.exe C:\Program Files (x86)\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe C:\Program Files (x86)\Hp\QuickPlay\QPService.exe C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe C:\Program Files (x86)\iTunes\iTunesHelper.exe C:\Program Files\iPod\bin\iPodService.exe C:\Windows\system32\wbem\wmiprvse.exe C:\Windows\ehome\ehmsas.exe C:\Program Files (x86)\Hewlett-Packard\Shared\hpqWmiEx.exe C:\Program Files (x86)\OpenOffice.org 3\program\soffice.exe c:\Program Files\Microsoft Security Client\Antimalware\NisSrv.exe C:\Program Files (x86)\OpenOffice.org 3\program\soffice.bin C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation C:\Program Files (x86)\Hewlett-Packard\Shared\hpqToaster.exe C:\Program Files (x86)\Hewlett-Packard\Shared\hpCaslNotification.exe C:\Program Files (x86)\Hewlett-Packard\HP Health Check\hphc_service.exe C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe c:\program files\windows defender\MpCmdRun.exe C:\Windows\system32\wuauclt.exe C:\Program Files (x86)\Mozilla Firefox\firefox.exe C:\Program Files (x86)\Mozilla Firefox\plugin-container.exe C:\Windows\system32\SearchProtocolHost.exe C:\Windows\system32\SearchFilterHost.exe C:\Windows\system32\DllHost.exe C:\Windows\system32\DllHost.exe C:\Windows\SysWOW64\cmd.exe C:\Windows\SysWOW64\cscript.exe C:\Windows\system32\wbem\wmiprvse.exe . ============== Pseudo HJT Report =============== . uStart Page = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=en_us&c=91&bd=Pavilion&pf=cnnb uDefault_Page_URL = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=en_us&c=91&bd=Pavilion&pf=cnnb uSearch Bar = mStart Page = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=en_us&c=91&bd=Pavilion&pf=cnnb mDefault_Page_URL = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=en_us&c=91&bd=Pavilion&pf=cnnb uURLSearchHooks: YTNavAssist.YTNavAssistPlugin Class: {81017ea9-9aa8-4a6a-9734-7af40e7d593f} - C:\Program Files (x86)\Yahoo!\Companion\Installs\cpn0\YTNavAssist.dll mWinlogon: Userinit=userinit.exe, BHO: &Yahoo! Toolbar Helper: {02478d38-c3f9-4efb-9b51-7695eca05670} - C:\Program Files (x86)\Yahoo!\Companion\Installs\cpn0\yt.dll BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll BHO: Groove GFS Browser Helper: {72853161-30c5-4d22-b7f9-0bbc1d38a37e} - C:\PROGRA~2\MICROS~2\Office14\GROOVEEX.DLL BHO: Java Plug-In SSV Helper: {761497bb-d6f0-462c-b6eb-d4daf1d92d43} - C:\Program Files (x86)\Oracle\JavaFX 2.1 Runtime\bin\ssv.dll BHO: Windows Live ID Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll BHO: Windows Live Messenger Companion Helper: {9fdde16b-836f-4806-ab1f-1455cbeff289} - C:\Program Files (x86)\Windows Live\Companion\companioncore.dll BHO: Office Document Cache Handler: {b4f3a835-0e21-4959-ba22-42b3008e02ff} - C:\PROGRA~2\MICROS~2\Office14\URLREDIR.DLL BHO: Java Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - C:\Program Files (x86)\Oracle\JavaFX 2.1 Runtime\bin\jp2ssv.dll BHO: SingleInstance Class: {fdad4da1-61a2-4fd8-9c17-86f7ac245081} - C:\Program Files (x86)\Yahoo!\Companion\Installs\cpn0\YTSingleInstance.dll TB: Yahoo! Toolbar: {ef99bd32-c1fb-11d2-892f-0090271d4f88} - C:\Program Files (x86)\Yahoo!\Companion\Installs\cpn0\yt.dll TB: {604BC32A-9680-40D1-9AC6-E06B23A1BA4C} - No File TB: {D4027C7F-154A-4066-A1AD-4243D8127440} - No File EB: {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - No File uRun: [HPADVISOR] C:\Program Files (x86)\Hewlett-Packard\HP Advisor\HPAdvisor.exe autorun=AUTORUN uRun: [LightScribe Control Panel] C:\Program Files (x86)\Common Files\LightScribe\LightScribeControlPanel.exe -hidden uRun: [sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun uRun: [ehTray.exe] C:\Windows\ehome\ehTray.exe mRun: [updatePSTShortCut] "C:\Program Files (x86)\CyberLink\DVD Suite\MUITransfer\MUIStartMenu.exe" "C:\Program Files (x86)\CyberLink\DVD Suite" UpdateWithCreateOnce "Software\CyberLink\PowerStarter" mRun: [updateP2GoShortCut] "C:\Program Files (x86)\CyberLink\Power2Go\MUITransfer\MUIStartMenu.exe" "C:\Program Files (x86)\CyberLink\Power2Go" UpdateWithCreateOnce "SOFTWARE\CyberLink\Power2Go\6.0" mRun: [updatePDIRShortCut] "C:\Program Files (x86)\CyberLink\PowerDirector\MUITransfer\MUIStartMenu.exe" "C:\Program Files (x86)\CyberLink\PowerDirector" UpdateWithCreateOnce "SOFTWARE\CyberLink\PowerDirector\7.0" mRun: [sSBkgdUpdate] "C:\Program Files (x86)\Common Files\Scansoft Shared\SSBkgdUpdate\SSBkgdupdate.exe" -Embedding -boot mRun: [WirelessAssistant] C:\Program Files (x86)\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe mRun: [uCam_Menu] "C:\Program Files (x86)\CyberLink\YouCam\MUITransfer\MUIStartMenu.exe" "C:\Program Files (x86)\CyberLink\YouCam" UpdateWithCreateOnce "Software\CyberLink\YouCam\2.0" mRun: [QPService] "C:\Program Files (x86)\HP\QuickPlay\QPService.exe" mRun: [bCSSync] "C:\Program Files (x86)\Microsoft Office\Office14\BCSSync.exe" /DelayServices mRun: [APSDaemon] "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe" mRun: [Malwarebytes' Anti-Malware] "C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe" /starttray mRun: [Adobe Reader Speed Launcher] "C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe" mRun: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" mRun: [iTunesHelper] "C:\Program Files (x86)\iTunes\iTunesHelper.exe" mRun: [QuickTime Task] "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime StartupFolder: C:\Users\Chris\AppData\Roaming\MICROS~1\Windows\STARTM~1\Programs\Startup\OPENOF~1.LNK - C:\Program Files (x86)\OpenOffice.org 3\program\quickstart.exe StartupFolder: C:\Users\Chris\AppData\Roaming\MICROS~1\Windows\STARTM~1\Programs\Startup\OPENOF~2.LNK - C:\Program Files (x86)\OpenOffice.org 3\program\quickstart.exe mPolicies-explorer: NoActiveDesktop = 1 (0x1) mPolicies-explorer: NoActiveDesktopChanges = 1 (0x1) mPolicies-explorer: BindDirectlyToPropertySetStorage = 0 (0x0) mPolicies-system: EnableUIADesktopToggle = 0 (0x0) IE: Add to Google Photos Screensa&ver - C:\Windows\system32\GPhotos.scr/200 IE: E&xport to Microsoft Excel - C:\PROGRA~2\MICROS~2\Office12\EXCEL.EXE/3000 IE: {0000036B-C524-4050-81A0-243669A86B9F} - {B63DBA5F-523F-4B9C-A43D-65DF1977EAD3} - C:\Program Files (x86)\Windows Live\Companion\companioncore.dll IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIE.dll IE: {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - {FFFDC614-B694-4AE6-AB38-5D6374584B52} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIELinkedNotes.dll LSP: C:\Windows\system32\wpclsp.dll Trusted Zone: adobe.com\kb2 Trusted Zone: amazon.com\www Trusted Zone: dorchestercounty.net\www Trusted Zone: facebook.com\apps Trusted Zone: facebook.com\login Trusted Zone: facebook.com\www Trusted Zone: iwin.com\www Trusted Zone: java.com Trusted Zone: myspace.com\www Trusted Zone: pogo.com\clubgames Trusted Zone: pogo.com\www Trusted Zone: shockwave.com\www DPF: {166B1BCA-3F9C-11CF-8075-444553540000} - hxxp://download.macromedia.com/pub/shockwave/cabs/director/sw.cab DPF: {195B4BBF-E1E4-4020-9773-0A8C6F65EA35} - hxxp://www.shockwave.com/content/cookingdash/sis/CookingDashWeb.1.0.0.9.cab DPF: {233C1507-6A77-46A4-9443-F871F945D258} - hxxp://download.macromedia.com/pub/shockwave/cabs/director/sw.cab DPF: {38AB6A6C-CC4C-4F9E-A3DD-3C5681EF18A1} - hxxp://www-cdn.freerealms.com/gamedata/plugins/1.0.3.83/FreeRealmsInstaller.cab?v=1031 DPF: {8100D56A-5661-482C-BEE8-AFECE305D968} - hxxp://upload.facebook.com/controls/2009.07.28_v5.5.8.1/FacebookPhotoUploader55.cab DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.7.0/jinstall-1_7_0_04-windows-i586.cab DPF: {AB6633A8-60A9-4F5D-B66C-ABE268CC3227} - hxxp://www.solidworks.com/sw/support/subscription/sldimdownload.cab DPF: {CAFEEFAC-0017-0000-0004-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.7.0/jinstall-1_7_0_04-windows-i586.cab DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.7.0/jinstall-1_7_0_04-windows-i586.cab DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab TCP: DhcpNameServer = 192.168.1.1 TCP: Interfaces\{5E123B90-4CD8-4BE5-B235-A40E7FF343F1} : DhcpNameServer = 192.168.1.1 TCP: Interfaces\{963B448B-CC77-4C70-B271-41A19B3FF28B} : DhcpNameServer = 209.18.47.61 209.18.47.62 Filter: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - C:\Program Files (x86)\Common Files\microsoft shared\OFFICE14\MSOXMLMF.DLL Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files (x86)\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll SEH: Groove GFS Stub Execution Hook: {b5a7f190-dda6-4420-b3ba-52453494e6cd} - C:\PROGRA~2\MICROS~2\Office14\GROOVEEX.DLL mASetup: {10880D85-AAD9-4558-ABDC-2AB1552D831F} - "C:\Program Files (x86)\Common Files\LightScribe\LSRunOnce.exe" BHO-X64: &Yahoo! Toolbar Helper: {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Program Files (x86)\Yahoo!\Companion\Installs\cpn0\yt.dll BHO-X64: 0x1 - No File BHO-X64: Adobe PDF Link Helper: {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll BHO-X64: AcroIEHelperStub - No File BHO-X64: Groove GFS Browser Helper: {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\PROGRA~2\MICROS~2\Office14\GROOVEEX.DLL BHO-X64: Java Plug-In SSV Helper: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Oracle\JavaFX 2.1 Runtime\bin\ssv.dll BHO-X64: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll BHO-X64: Windows Live Messenger Companion Helper: {9FDDE16B-836F-4806-AB1F-1455CBEFF289} - C:\Program Files (x86)\Windows Live\Companion\companioncore.dll BHO-X64: Office Document Cache Handler: {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\PROGRA~2\MICROS~2\Office14\URLREDIR.DLL BHO-X64: URLRedirectionBHO - No File BHO-X64: Java Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Oracle\JavaFX 2.1 Runtime\bin\jp2ssv.dll BHO-X64: SingleInstance Class: {FDAD4DA1-61A2-4FD8-9C17-86F7AC245081} - C:\Program Files (x86)\Yahoo!\Companion\Installs\cpn0\YTSingleInstance.dll TB-X64: Yahoo! Toolbar: {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files (x86)\Yahoo!\Companion\Installs\cpn0\yt.dll TB-X64: {604BC32A-9680-40D1-9AC6-E06B23A1BA4C} - No File TB-X64: {D4027C7F-154A-4066-A1AD-4243D8127440} - No File EB-X64: {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - No File mRun-x64: [updatePSTShortCut] "C:\Program Files (x86)\CyberLink\DVD Suite\MUITransfer\MUIStartMenu.exe" "C:\Program Files (x86)\CyberLink\DVD Suite" UpdateWithCreateOnce "Software\CyberLink\PowerStarter" mRun-x64: [updateP2GoShortCut] "C:\Program Files (x86)\CyberLink\Power2Go\MUITransfer\MUIStartMenu.exe" "C:\Program Files (x86)\CyberLink\Power2Go" UpdateWithCreateOnce "SOFTWARE\CyberLink\Power2Go\6.0" mRun-x64: [updatePDIRShortCut] "C:\Program Files (x86)\CyberLink\PowerDirector\MUITransfer\MUIStartMenu.exe" "C:\Program Files (x86)\CyberLink\PowerDirector" UpdateWithCreateOnce "SOFTWARE\CyberLink\PowerDirector\7.0" mRun-x64: [sSBkgdUpdate] "C:\Program Files (x86)\Common Files\Scansoft Shared\SSBkgdUpdate\SSBkgdupdate.exe" -Embedding -boot mRun-x64: [WirelessAssistant] C:\Program Files (x86)\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe mRun-x64: [uCam_Menu] "C:\Program Files (x86)\CyberLink\YouCam\MUITransfer\MUIStartMenu.exe" "C:\Program Files (x86)\CyberLink\YouCam" UpdateWithCreateOnce "Software\CyberLink\YouCam\2.0" mRun-x64: [QPService] "C:\Program Files (x86)\HP\QuickPlay\QPService.exe" mRun-x64: [bCSSync] "C:\Program Files (x86)\Microsoft Office\Office14\BCSSync.exe" /DelayServices mRun-x64: [APSDaemon] "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe" mRun-x64: [Malwarebytes' Anti-Malware] "C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe" /starttray mRun-x64: [Adobe Reader Speed Launcher] "C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe" mRun-x64: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" mRun-x64: [iTunesHelper] "C:\Program Files (x86)\iTunes\iTunesHelper.exe" mRun-x64: [QuickTime Task] "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime SEH-X64: Groove GFS Stub Execution Hook: {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\PROGRA~2\MICROS~2\Office14\GROOVEEX.DLL . ================= FIREFOX =================== . FF - ProfilePath - C:\Users\Chris\AppData\Roaming\Mozilla\Firefox\Profiles\t4nbulxp.default\ FF - prefs.js: network.proxy.type - 0 FF - plugin: C:\PROGRA~2\MICROS~2\Office14\NPAUTHZ.DLL FF - plugin: C:\PROGRA~2\MICROS~2\Office14\NPSPWRAP.DLL FF - plugin: C:\Program Files (x86)\Adobe\Reader 9.0\Reader\AIR\nppdf32.dll FF - plugin: C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll FF - plugin: C:\Program Files (x86)\Google\Picasa3\npPicasa3.dll FF - plugin: C:\Program Files (x86)\Google\Update\1.3.21.111\npGoogleUpdate3.dll FF - plugin: c:\Program Files (x86)\Microsoft Silverlight\4.1.10329.0\npctrlui.dll FF - plugin: C:\Program Files (x86)\Oracle\JavaFX 2.1 Runtime\bin\plugin2\npjp2.dll FF - plugin: C:\Program Files (x86)\Sony Online Entertainment\npsoe.dll FF - plugin: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll FF - plugin: C:\Windows\SysWOW64\Adobe\Director\np32dsw.dll FF - plugin: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_2_202_235.dll FF - plugin: C:\Windows\SysWOW64\npDeployJava1.dll FF - plugin: C:\Windows\SysWOW64\npmproxy.dll . ============= SERVICES / DRIVERS =============== . R1 MpFilter;Microsoft Malware Protection Driver;C:\Windows\system32\DRIVERS\MpFilter.sys --> C:\Windows\system32\DRIVERS\MpFilter.sys [?] R2 Akamai;Akamai NetSession Interface;C:\Windows\System32\svchost.exe -k Akamai [2008-1-20 21504] R2 FontCache;Windows Font Cache Service;C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation [2008-1-20 21504] R2 HPDrvMntSvc.exe;HP Quick Synchronization Service;C:\Program Files (x86)\Hewlett-Packard\Shared\HPDrvMntSvc.exe [2011-1-25 92216] R2 MBAMService;MBAMService;C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [2011-12-17 654408] R2 Recovery Service for Windows;Recovery Service for Windows;C:\Program Files (x86)\SMINST\BLService.exe [2009-4-20 365952] R3 CAXHWAZL;CAXHWAZL;C:\Windows\system32\DRIVERS\CAXHWAZL.sys --> C:\Windows\system32\DRIVERS\CAXHWAZL.sys [?] R3 IntcHdmiAddService;Intel® High Definition Audio HDMI;C:\Windows\system32\drivers\IntcHdmi.sys --> C:\Windows\system32\drivers\IntcHdmi.sys [?] R3 MBAMProtector;MBAMProtector;\??\C:\Windows\system32\drivers\mbam.sys --> C:\Windows\system32\drivers\mbam.sys [?] R3 MpNWMon;Microsoft Malware Protection Network Driver;C:\Windows\system32\DRIVERS\MpNWMon.sys --> C:\Windows\system32\DRIVERS\MpNWMon.sys [?] R3 NisDrv;Microsoft Network Inspection System;C:\Windows\system32\DRIVERS\NisDrvWFP.sys --> C:\Windows\system32\DRIVERS\NisDrvWFP.sys [?] R3 NisSrv;Microsoft Network Inspection;C:\Program Files\Microsoft Security Client\Antimalware\NisSrv.exe [2011-4-27 288272] S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384] S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-3-18 138576] S2 gupdate;Google Update Service (gupdate);C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2011-1-2 136176] S2 Lavasoft Ad-Aware Service;Lavasoft Ad-Aware Service;"C:\Program Files (x86)\Lavasoft\Ad-Aware\AAWService.exe" --> C:\Program Files (x86)\Lavasoft\Ad-Aware\AAWService.exe [?] S3 FLEXnet Licensing Service 64;FLEXnet Licensing Service 64;C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService64.exe [2009-12-24 1030600] S3 fssfltr;FssFltr;C:\Windows\system32\DRIVERS\fssfltr.sys --> C:\Windows\system32\DRIVERS\fssfltr.sys [?] S3 fsssvc;Windows Live Family Safety Service;C:\Program Files (x86)\Windows Live\Family Safety\fsssvc.exe [2010-9-23 1493352] S3 GKUPRO2D;GKUPRO2D;C:\Windows\system32\Drivers\GKUPRO2D.sys --> C:\Windows\system32\Drivers\GKUPRO2D.sys [?] S3 gupdatem;Google Update Service (gupdatem);C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2011-1-2 136176] S3 Microsoft SharePoint Workspace Audit Service;Microsoft SharePoint Workspace Audit Service;C:\Program Files (x86)\Microsoft Office\Office14\GROOVE.EXE [2011-6-12 31125880] S3 MozillaMaintenance;Mozilla Maintenance Service;C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe [2012-4-26 113120] S3 NETw3v64;Intel® PRO/Wireless 3945ABG Adapter Driver for Windows Vista 64 Bit;C:\Windows\system32\DRIVERS\NETw3v64.sys --> C:\Windows\system32\DRIVERS\NETw3v64.sys [?] S3 npggsvc;nProtect GameGuard Service;C:\Windows\system32\GameMon.des -service --> C:\Windows\system32\GameMon.des -service [?] S3 osppsvc;Office Software Protection Platform;C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE [2010-1-9 4925184] S3 PerfHost;Performance Counter DLL Host;C:\Windows\SysWOW64\perfhost.exe [2008-1-20 19968] S3 USBAAPL64;Apple Mobile USB Driver;C:\Windows\system32\Drivers\usbaapl64.sys --> C:\Windows\system32\Drivers\usbaapl64.sys [?] S3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\WPF\WPFFontCache_v0400.exe [2010-3-18 1020768] S3 yukonx64;NDIS6.0 Miniport Driver for Marvell Yukon Ethernet Controller;C:\Windows\system32\DRIVERS\yk60x64.sys --> C:\Windows\system32\DRIVERS\yk60x64.sys [?] S4 clr_optimization_v2.0.50727_64;Microsoft .NET Framework NGEN v2.0.50727_X64;C:\Windows\Microsoft.NET\Framework64\v2.0.50727\mscorsvw.exe [2009-12-3 89920] S4 wlcrasvc;Windows Live Mesh remote connections service;C:\Program Files\Windows Live\Mesh\wlcrasvc.exe [2010-9-22 57184] . =============== File Associations =============== . JSEFile=C:\Windows\SysWOW64\WScript.exe "%1" %* . =============== Created Last 30 ================ . 2012-07-03 17:40:28 69000 ----a-w- C:\ProgramData\Microsoft\Windows Defender\Definition Updates\{DDA3A25B-461B-42D1-A90D-22D5EFD452F2}\offreg.dll 2012-07-03 17:35:11 9013136 ----a-w- C:\ProgramData\Microsoft\Windows Defender\Definition Updates\{DDA3A25B-461B-42D1-A90D-22D5EFD452F2}\mpengine.dll 2012-07-03 13:58:19 -------- d-----w- C:\TDSSKiller_Quarantine 2012-07-03 02:50:29 -------- d-----w- C:\Users\Chris\AppData\Local\Adobe 2012-07-03 01:14:42 -------- d-----w- C:\Users\Chris\AppData\Local\Apple 2012-07-03 01:13:45 -------- d-----w- C:\Users\Chris\AppData\Local\Apple Computer 2012-07-02 22:56:55 -------- d-----w- C:\Users\Chris\AppData\Local\Mozilla 2012-07-02 22:41:38 -------- d-----w- C:\Users\Chris\AppData\Roaming\Malwarebytes 2012-06-18 04:04:31 18912 ----a-w- C:\Program Files (x86)\Mozilla Firefox\AccessibleMarshal.dll 2012-06-18 04:04:30 85472 ----a-w- C:\Program Files (x86)\Mozilla Firefox\components\browsercomps.dll 2012-06-18 04:04:30 2106216 ----a-w- C:\Program Files (x86)\Mozilla Firefox\D3DCompiler_43.dll 2012-06-18 04:04:30 117728 ----a-w- C:\Program Files (x86)\Mozilla Firefox\crashreporter.exe 2012-06-18 04:04:26 770384 ----a-w- C:\Program Files (x86)\Mozilla Firefox\msvcr100.dll 2012-06-18 04:04:26 421200 ----a-w- C:\Program Files (x86)\Mozilla Firefox\msvcp100.dll 2012-06-13 01:22:37 209920 ----a-w- C:\Windows\System32\drivers\rdpwd.sys 2012-06-13 01:22:35 2767360 ----a-w- C:\Windows\System32\win32k.sys 2012-06-13 01:22:18 984064 ----a-w- C:\Windows\SysWow64\crypt32.dll 2012-06-13 01:22:18 132096 ----a-w- C:\Windows\System32\cryptnet.dll 2012-06-13 01:22:18 1267200 ----a-w- C:\Windows\System32\crypt32.dll 2012-06-13 01:22:17 98304 ----a-w- C:\Windows\SysWow64\cryptnet.dll 2012-06-13 01:22:17 174592 ----a-w- C:\Windows\System32\cryptsvc.dll 2012-06-13 01:22:17 133120 ----a-w- C:\Windows\SysWow64\cryptsvc.dll 2012-06-08 23:49:31 2622464 ----a-w- C:\Windows\System32\wucltux.dll 2012-06-08 23:48:48 99840 ----a-w- C:\Windows\System32\wudriver.dll 2012-06-08 23:48:48 88576 ----a-w- C:\Windows\SysWow64\wudriver.dll 2012-06-08 23:48:32 36864 ----a-w- C:\Windows\System32\wuapp.exe 2012-06-08 23:48:32 33792 ----a-w- C:\Windows\SysWow64\wuapp.exe 2012-06-08 23:48:32 186752 ----a-w- C:\Windows\System32\wuwebv.dll 2012-06-08 23:48:32 171904 ----a-w- C:\Windows\SysWow64\wuwebv.dll . ==================== Find3M ==================== . 2012-05-29 19:40:13 70304 ----a-w- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl 2012-05-29 19:40:13 419488 ----a-w- C:\Windows\SysWow64\FlashPlayerApp.exe 2012-05-21 13:42:47 8769696 ----a-w- C:\Windows\SysWow64\FlashPlayerInstaller.exe 2012-05-18 02:06:48 2311680 ----a-w- C:\Windows\System32\jscript9.dll 2012-05-18 01:59:14 1392128 ----a-w- C:\Windows\System32\wininet.dll 2012-05-18 01:58:39 1494528 ----a-w- C:\Windows\System32\inetcpl.cpl 2012-05-18 01:55:22 173056 ----a-w- C:\Windows\System32\ieUnatt.exe 2012-05-18 01:51:30 2382848 ----a-w- C:\Windows\System32\mshtml.tlb 2012-05-17 22:45:37 1800192 ----a-w- C:\Windows\SysWow64\jscript9.dll 2012-05-17 22:35:47 1129472 ----a-w- C:\Windows\SysWow64\wininet.dll 2012-05-17 22:35:39 1427968 ----a-w- C:\Windows\SysWow64\inetcpl.cpl 2012-05-17 22:29:45 142848 ----a-w- C:\Windows\SysWow64\ieUnatt.exe 2012-05-17 22:24:45 2382848 ----a-w- C:\Windows\SysWow64\mshtml.tlb 2012-04-19 00:56:30 94208 ----a-w- C:\Windows\SysWow64\QuickTimeVR.qtx 2012-04-19 00:56:30 69632 ----a-w- C:\Windows\SysWow64\QuickTime.qts 2012-04-04 22:47:08 772504 ----a-w- C:\Windows\SysWow64\npDeployJava1.dll 2012-04-04 22:47:02 687504 ----a-w- C:\Windows\SysWow64\deployJava1.dll 2012-04-04 19:56:40 24904 ----a-w- C:\Windows\System32\drivers\mbam.sys . ============= FINISH: 15:56:45.39 ===============
-
Thank you for your reply. Sorry about posting those files. This "FBI Virus" filled up the laptop screen as hubby downloaded a small file from internet. The "virus" refers to Federal Bureau of Investigations, turns on the webcam and states it is recording the user, then warns toward bottom how we need to pay $100. I didn't read it entirely since I knew it was a scam/virus. All processes looked familiar under Task Manager so proceeded to Safe Mode with Networking to run MBAM, as previously mentioned. My Windows Account is completely locked; however we are able to switch to a different account that "appears" to be working fine, but I don't trust entirely. Malwarebytes Anti-Malware (PRO) 1.61.0.1400 www.malwarebytes.org Database version: v2012.07.03.06 Windows Vista Service Pack 2 x64 NTFS Internet Explorer 9.0.8112.16421 Chris :: HOME-PC [administrator] Protection: Enabled 7/3/2012 3:27:01 PM mbam-log-2012-07-03 (15-27-01).txt Scan type: Quick scan Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM | P2P Scan options disabled: Objects scanned: 259488 Time elapsed: 4 minute(s), 9 second(s) Memory Processes Detected: 0 (No malicious items detected) Memory Modules Detected: 0 (No malicious items detected) Registry Keys Detected: 0 (No malicious items detected) Registry Values Detected: 0 (No malicious items detected) Registry Data Items Detected: 0 (No malicious items detected) Folders Detected: 0 (No malicious items detected) Files Detected: 0 (No malicious items detected) (end)
-
Here is the result of MBAM full scan. Thanks. _____________________________________ Malwarebytes Anti-Malware (PRO) 1.61.0.1400 www.malwarebytes.org Database version: v2012.07.03.04 Windows Vista Service Pack 2 x64 NTFS (Safe Mode/Networking) Internet Explorer 9.0.8112.16421 Mindy :: HOME-PC [administrator] Protection: Disabled 7/3/2012 7:39:04 AM mbam-log-2012-07-03 (07-39-04).txt Scan type: Full scan Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM | P2P Scan options disabled: Objects scanned: 502599 Time elapsed: 1 hour(s), 34 minute(s), 50 second(s) Memory Processes Detected: 0 (No malicious items detected) Memory Modules Detected: 0 (No malicious items detected) Registry Keys Detected: 0 (No malicious items detected) Registry Values Detected: 0 (No malicious items detected) Registry Data Items Detected: 0 (No malicious items detected) Folders Detected: 0 (No malicious items detected) Files Detected: 0 (No malicious items detected) (end)
-
Hi, An "FBI" Virus has locked down my desktop (Windows Vista OS) as of today. I am currently in SafeMode with Networking while writing this. I successfully updated Malwarebytes Anti-Malware PRO, today, and the result was No Threats Found. The log is attached. mbam-log-2012-07-03 (07-31-56).txt The other two attachments are from running DDS.COM which I read to do on another post. attach.txt dds.txt Please let me know what else you need. Thanks, Mindy