Removing "Data Recovery" - new variant?

[ms2187]

Greetings.

I'm working on my mother-in-law's laptop... she seems to have gotten some variant of the "Data Recovery" malware that MBAM can't seem to detect. Perhaps it's a new variant...

In any case, here is what I have done:

• I killed the running processes with RKill.
  
• I ran TDSSKiller and it indicates that the system is not infected with the TDSS rootkit.
  
• I downloaded, installed and updated MBAM, then ran a full scan. It detected and removed a couple of threats... I guess I assumed that one of them was the DR malware, so I let it reboot... but as soon as it did, DR came back up again.
  
• I used RKill again.
  
• I checked the registry to find where DR was, and then had MBAM scan that directory explicitly... but it indicates that nothing was found.
  

I'm pretty sure I could muddle through cleaning it manually... but since it's not my computer, and you folks are the experts , I wouldn't mind some guidance to make sure I don't mess anything up.

Logs from dds are here: Attach.txt DDS.txt.

I appreciate the assistance!

Mike

[Elise]

Hello and

Please download the TDSS Rootkit Removing Tool (TDSSKiller.exe) and save it to your Desktop. <-Important!!!

• Double-click on TDSSKiller.exe to run the tool for known TDSS variants.
  Vista/Windows 7 users right-click and select Run As Administrator.
  
• If TDSSKiller does not run, try renaming it.
  
• To do this, right-click on TDSSKiller.exe, select Rename and give it a random name with the .com file extension (i.e. 123abc.com). If you do not see the file extension, please refer to How to change the file extension.
  
• Click the Start Scan button.
  
• Do not use the computer during the scan
  
• If the scan completes with nothing found, click Close to exit.
  
• If malicious objects are found, they will show in the Scan results - Select action for found objects and offer three options.
  
• Ensure Cure (default) is selected, then click Continue > Reboot now to finish the cleaning process.
  
• A log file named TDSSKiller_version_date_time_log.txt (i.e. TDSSKiller.2.4.0.0_27.07.2010_09.o7.26_log.txt) will be created and saved to the root directory (usually Local Disk C:).
  
• Copy and paste the contents of that file in your next reply.

[ms2187]

Hi Elise,

Thanks for your assistance!

I did re-run TDSSKiller, it indicates nothing found. Results follow.

Thanks,

Mike

******************************

15:30:17.0592 2544 TDSS rootkit removing tool 2.7.33.0 Apr 24 2012 18:43:43

15:30:17.0966 2544 ============================================================

15:30:17.0966 2544 Current date / time: 2012/04/28 15:30:17.0966

15:30:17.0966 2544 SystemInfo:

15:30:17.0966 2544

15:30:17.0966 2544 OS Version: 6.1.7601 ServicePack: 1.0

15:30:17.0966 2544 Product type: Workstation

15:30:17.0966 2544 ComputerName: ISAJCICLT

15:30:17.0966 2544 UserName: Iren

15:30:17.0966 2544 Windows directory: C:\Windows

15:30:17.0966 2544 System windows directory: C:\Windows

15:30:17.0966 2544 Running under WOW64

15:30:17.0966 2544 Processor architecture: Intel x64

15:30:17.0966 2544 Number of processors: 2

15:30:17.0966 2544 Page size: 0x1000

15:30:17.0966 2544 Boot type: Normal boot

15:30:17.0966 2544 ============================================================

15:30:18.0574 2544 Drive \Device\Harddisk0\DR0 - Size: 0x7470C06000 (465.76 Gb), SectorSize: 0x200, Cylinders: 0xED81, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000040

15:30:18.0574 2544 ============================================================

15:30:18.0574 2544 \Device\Harddisk0\DR0:

15:30:18.0590 2544 MBR partitions:

15:30:18.0590 2544 \Device\Harddisk0\DR0\Partition0: MBR, Type 0x7, StartLBA 0x14000, BlocksNum 0x1D4C000

15:30:18.0590 2544 \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x1D60000, BlocksNum 0x38625830

15:30:18.0590 2544 ============================================================

15:30:18.0606 2544 C: <-> \Device\Harddisk0\DR0\Partition1

15:30:18.0606 2544 ============================================================

15:30:18.0606 2544 Initialize success

15:30:18.0606 2544 ============================================================

15:30:21.0117 5440 ============================================================

15:30:21.0117 5440 Scan started

15:30:21.0117 5440 Mode: Manual;

15:30:21.0117 5440 ============================================================

15:30:24.0019 5440 1394ohci (a87d604aea360176311474c87a63bb88) C:\Windows\system32\drivers\1394ohci.sys

15:30:24.0050 5440 1394ohci - ok

15:30:24.0144 5440 ACPI (d81d9e70b8a6dd14d42d7b4efa65d5f2) C:\Windows\system32\drivers\ACPI.sys

15:30:24.0144 5440 ACPI - ok

15:30:24.0159 5440 AcpiPmi (99f8e788246d495ce3794d7e7821d2ca) C:\Windows\system32\drivers\acpipmi.sys

15:30:24.0175 5440 AcpiPmi - ok

15:30:24.0253 5440 adp94xx (2f6b34b83843f0c5118b63ac634f5bf4) C:\Windows\system32\DRIVERS\adp94xx.sys

15:30:24.0268 5440 adp94xx - ok

15:30:24.0315 5440 adpahci (597f78224ee9224ea1a13d6350ced962) C:\Windows\system32\DRIVERS\adpahci.sys

15:30:24.0331 5440 adpahci - ok

15:30:24.0346 5440 adpu320 (e109549c90f62fb570b9540c4b148e54) C:\Windows\system32\DRIVERS\adpu320.sys

15:30:24.0346 5440 adpu320 - ok

15:30:24.0393 5440 AeLookupSvc (4b78b431f225fd8624c5655cb1de7b61) C:\Windows\System32\aelupsvc.dll

15:30:24.0393 5440 AeLookupSvc - ok

15:30:24.0456 5440 AFD (1c7857b62de5994a75b054a9fd4c3825) C:\Windows\system32\drivers\afd.sys

15:30:24.0456 5440 AFD - ok

15:30:24.0502 5440 agp440 (608c14dba7299d8cb6ed035a68a15799) C:\Windows\system32\drivers\agp440.sys

15:30:24.0502 5440 agp440 - ok

15:30:24.0534 5440 ALG (3290d6946b5e30e70414990574883ddb) C:\Windows\System32\alg.exe

15:30:24.0534 5440 ALG - ok

15:30:24.0580 5440 aliide (5812713a477a3ad7363c7438ca2ee038) C:\Windows\system32\drivers\aliide.sys

15:30:24.0580 5440 aliide - ok

15:30:24.0580 5440 amdide (1ff8b4431c353ce385c875f194924c0c) C:\Windows\system32\drivers\amdide.sys

15:30:24.0580 5440 amdide - ok

15:30:24.0612 5440 AmdK8 (7024f087cff1833a806193ef9d22cda9) C:\Windows\system32\DRIVERS\amdk8.sys

15:30:24.0612 5440 AmdK8 - ok

15:30:24.0627 5440 AmdPPM (1e56388b3fe0d031c44144eb8c4d6217) C:\Windows\system32\DRIVERS\amdppm.sys

15:30:24.0627 5440 AmdPPM - ok

15:30:24.0674 5440 amdsata (d4121ae6d0c0e7e13aa221aa57ef2d49) C:\Windows\system32\drivers\amdsata.sys

15:30:24.0674 5440 amdsata - ok

15:30:24.0721 5440 amdsbs (f67f933e79241ed32ff46a4f29b5120b) C:\Windows\system32\DRIVERS\amdsbs.sys

15:30:24.0721 5440 amdsbs - ok

15:30:24.0736 5440 amdxata (540daf1cea6094886d72126fd7c33048) C:\Windows\system32\drivers\amdxata.sys

15:30:24.0736 5440 amdxata - ok

15:30:24.0799 5440 AppID (89a69c3f2f319b43379399547526d952) C:\Windows\system32\drivers\appid.sys

15:30:24.0799 5440 AppID - ok

15:30:24.0830 5440 AppIDSvc (0bc381a15355a3982216f7172f545de1) C:\Windows\System32\appidsvc.dll

15:30:24.0830 5440 AppIDSvc - ok

15:30:24.0861 5440 Appinfo (3977d4a871ca0d4f2ed1e7db46829731) C:\Windows\System32\appinfo.dll

15:30:24.0861 5440 Appinfo - ok

15:30:24.0892 5440 arc (c484f8ceb1717c540242531db7845c4e) C:\Windows\system32\DRIVERS\arc.sys

15:30:24.0892 5440 arc - ok

15:30:24.0924 5440 arcsas (019af6924aefe7839f61c830227fe79c) C:\Windows\system32\DRIVERS\arcsas.sys

15:30:24.0924 5440 arcsas - ok

15:30:24.0939 5440 AsyncMac (769765ce2cc62867468cea93969b2242) C:\Windows\system32\DRIVERS\asyncmac.sys

15:30:24.0939 5440 AsyncMac - ok

15:30:24.0986 5440 atapi (02062c0b390b7729edc9e69c680a6f3c) C:\Windows\system32\drivers\atapi.sys

15:30:24.0986 5440 atapi - ok

15:30:25.0064 5440 AudioEndpointBuilder (f23fef6d569fce88671949894a8becf1) C:\Windows\System32\Audiosrv.dll

15:30:25.0064 5440 AudioEndpointBuilder - ok

15:30:25.0064 5440 AudioSrv (f23fef6d569fce88671949894a8becf1) C:\Windows\System32\Audiosrv.dll

15:30:25.0080 5440 AudioSrv - ok

15:30:25.0142 5440 AxInstSV (a6bf31a71b409dfa8cac83159e1e2aff) C:\Windows\System32\AxInstSV.dll

15:30:25.0142 5440 AxInstSV - ok

15:30:25.0204 5440 b06bdrv (3e5b191307609f7514148c6832bb0842) C:\Windows\system32\DRIVERS\bxvbda.sys

15:30:25.0236 5440 b06bdrv - ok

15:30:25.0267 5440 b57nd60a (b5ace6968304a3900eeb1ebfd9622df2) C:\Windows\system32\DRIVERS\b57nd60a.sys

15:30:25.0282 5440 b57nd60a - ok

15:30:25.0392 5440 BBSvc (2ed050291bc1d7f9e322e328db3aaecf) C:\Program Files (x86)\Microsoft\BingBar\BBSvc.EXE

15:30:25.0392 5440 BBSvc - ok

15:30:25.0454 5440 BBUpdate (785de7abda13309d6065305542829e76) C:\Program Files (x86)\Microsoft\BingBar\SeaPort.EXE

15:30:25.0470 5440 BBUpdate - ok

15:30:25.0485 5440 BCM42RLY (e001dd475a7c27ebe5a0db45c11bad71) C:\Windows\system32\drivers\BCM42RLY.sys

15:30:25.0485 5440 BCM42RLY - ok

15:30:25.0641 5440 BCM43XX (37394d3553e220fb732c21e217e1bd8b) C:\Windows\system32\DRIVERS\bcmwl664.sys

15:30:25.0719 5440 BCM43XX - ok

15:30:25.0844 5440 BDESVC (fde360167101b4e45a96f939f388aeb0) C:\Windows\System32\bdesvc.dll

15:30:25.0844 5440 BDESVC - ok

15:30:25.0906 5440 Beep (16a47ce2decc9b099349a5f840654746) C:\Windows\system32\drivers\Beep.sys

15:30:25.0906 5440 Beep - ok

15:30:25.0984 5440 BFE (82974d6a2fd19445cc5171fc378668a4) C:\Windows\System32\bfe.dll

15:30:25.0984 5440 BFE - ok

15:30:26.0062 5440 BITS (1ea7969e3271cbc59e1730697dc74682) C:\Windows\System32\qmgr.dll

15:30:26.0062 5440 BITS - ok

15:30:26.0109 5440 blbdrive (61583ee3c3a17003c4acd0475646b4d3) C:\Windows\system32\DRIVERS\blbdrive.sys

15:30:26.0125 5440 blbdrive - ok

15:30:26.0156 5440 bowser (6c02a83164f5cc0a262f4199f0871cf5) C:\Windows\system32\DRIVERS\bowser.sys

15:30:26.0156 5440 bowser - ok

15:30:26.0172 5440 BrFiltLo (f09eee9edc320b5e1501f749fde686c8) C:\Windows\system32\DRIVERS\BrFiltLo.sys

15:30:26.0187 5440 BrFiltLo - ok

15:30:26.0203 5440 BrFiltUp (b114d3098e9bdb8bea8b053685831be6) C:\Windows\system32\DRIVERS\BrFiltUp.sys

15:30:26.0203 5440 BrFiltUp - ok

15:30:26.0234 5440 Browser (8ef0d5c41ec907751b8429162b1239ed) C:\Windows\System32\browser.dll

15:30:26.0234 5440 Browser - ok

15:30:26.0265 5440 Brserid (43bea8d483bf1870f018e2d02e06a5bd) C:\Windows\System32\Drivers\Brserid.sys

15:30:26.0281 5440 Brserid - ok

15:30:26.0296 5440 BrSerWdm (a6eca2151b08a09caceca35c07f05b42) C:\Windows\System32\Drivers\BrSerWdm.sys

15:30:26.0296 5440 BrSerWdm - ok

15:30:26.0312 5440 BrUsbMdm (b79968002c277e869cf38bd22cd61524) C:\Windows\System32\Drivers\BrUsbMdm.sys

15:30:26.0312 5440 BrUsbMdm - ok

15:30:26.0328 5440 BrUsbSer (a87528880231c54e75ea7a44943b38bf) C:\Windows\System32\Drivers\BrUsbSer.sys

15:30:26.0328 5440 BrUsbSer - ok

15:30:26.0343 5440 BTHMODEM (9da669f11d1f894ab4eb69bf546a42e8) C:\Windows\system32\DRIVERS\bthmodem.sys

15:30:26.0343 5440 BTHMODEM - ok

15:30:26.0390 5440 bthserv (95f9c2976059462cbbf227f7aab10de9) C:\Windows\system32\bthserv.dll

15:30:26.0390 5440 bthserv - ok

15:30:26.0421 5440 cdfs (b8bd2bb284668c84865658c77574381a) C:\Windows\system32\DRIVERS\cdfs.sys

15:30:26.0421 5440 cdfs - ok

15:30:26.0484 5440 cdrom (f036ce71586e93d94dab220d7bdf4416) C:\Windows\system32\drivers\cdrom.sys

15:30:26.0484 5440 cdrom - ok

15:30:26.0530 5440 CertPropSvc (f17d1d393bbc69c5322fbfafaca28c7f) C:\Windows\System32\certprop.dll

15:30:26.0530 5440 CertPropSvc - ok

15:30:26.0562 5440 circlass (d7cd5c4e1b71fa62050515314cfb52cf) C:\Windows\system32\DRIVERS\circlass.sys

15:30:26.0577 5440 circlass - ok

15:30:26.0624 5440 CLFS (fe1ec06f2253f691fe36217c592a0206) C:\Windows\system32\CLFS.sys

15:30:26.0624 5440 CLFS - ok

15:30:26.0702 5440 clr_optimization_v2.0.50727_32 (d88040f816fda31c3b466f0fa0918f29) C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe

15:30:26.0702 5440 clr_optimization_v2.0.50727_32 - ok

15:30:26.0780 5440 clr_optimization_v2.0.50727_64 (d1ceea2b47cb998321c579651ce3e4f8) C:\Windows\Microsoft.NET\Framework64\v2.0.50727\mscorsvw.exe

15:30:26.0780 5440 clr_optimization_v2.0.50727_64 - ok

15:30:27.0201 5440 clr_optimization_v4.0.30319_32 (c5a75eb48e2344abdc162bda79e16841) C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe

15:30:27.0201 5440 clr_optimization_v4.0.30319_32 - ok

15:30:27.0232 5440 clr_optimization_v4.0.30319_64 (c6f9af94dcd58122a4d7e89db6bed29d) C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe

15:30:27.0232 5440 clr_optimization_v4.0.30319_64 - ok

15:30:27.0264 5440 CmBatt (0840155d0bddf1190f84a663c284bd33) C:\Windows\system32\DRIVERS\CmBatt.sys

15:30:27.0264 5440 CmBatt - ok

15:30:27.0279 5440 cmdide (e19d3f095812725d88f9001985b94edd) C:\Windows\system32\drivers\cmdide.sys

15:30:27.0279 5440 cmdide - ok

15:30:27.0342 5440 CNG (c4943b6c962e4b82197542447ad599f4) C:\Windows\system32\Drivers\cng.sys

15:30:27.0357 5440 CNG - ok

15:30:27.0388 5440 Compbatt (102de219c3f61415f964c88e9085ad14) C:\Windows\system32\DRIVERS\compbatt.sys

15:30:27.0388 5440 Compbatt - ok

15:30:27.0435 5440 CompositeBus (03edb043586cceba243d689bdda370a8) C:\Windows\system32\drivers\CompositeBus.sys

15:30:27.0435 5440 CompositeBus - ok

15:30:27.0451 5440 COMSysApp - ok

15:30:27.0482 5440 crcdisk (1c827878a998c18847245fe1f34ee597) C:\Windows\system32\DRIVERS\crcdisk.sys

15:30:27.0482 5440 crcdisk - ok

15:30:27.0513 5440 CryptSvc (15597883fbe9b056f276ada3ad87d9af) C:\Windows\system32\cryptsvc.dll

15:30:27.0513 5440 CryptSvc - ok

15:30:27.0560 5440 CtClsFlt (ed5cf92396a62f4c15110dcdb5e854d9) C:\Windows\system32\DRIVERS\CtClsFlt.sys

15:30:27.0560 5440 CtClsFlt - ok

15:30:27.0607 5440 DcomLaunch (5c627d1b1138676c0a7ab2c2c190d123) C:\Windows\system32\rpcss.dll

15:30:27.0607 5440 DcomLaunch - ok

15:30:27.0669 5440 defragsvc (3cec7631a84943677aa8fa8ee5b6b43d) C:\Windows\System32\defragsvc.dll

15:30:27.0685 5440 defragsvc - ok

15:30:27.0716 5440 DfsC (9bb2ef44eaa163b29c4a4587887a0fe4) C:\Windows\system32\Drivers\dfsc.sys

15:30:27.0732 5440 DfsC - ok

15:30:27.0778 5440 Dhcp (43d808f5d9e1a18e5eeb5ebc83969e4e) C:\Windows\system32\dhcpcore.dll

15:30:27.0778 5440 Dhcp - ok

15:30:27.0810 5440 discache (13096b05847ec78f0977f2c0f79e9ab3) C:\Windows\system32\drivers\discache.sys

15:30:27.0810 5440 discache - ok

15:30:27.0841 5440 Disk (9819eee8b5ea3784ec4af3b137a5244c) C:\Windows\system32\DRIVERS\disk.sys

15:30:27.0841 5440 Disk - ok

15:30:27.0888 5440 Dnscache (16835866aaa693c7d7fceba8fff706e4) C:\Windows\System32\dnsrslvr.dll

15:30:27.0888 5440 Dnscache - ok

15:30:27.0966 5440 DockLoginService (0840abbbdf438691ee65a20040635cbe) C:\Program Files\Dell\DellDock\DockLogin.exe

15:30:27.0981 5440 DockLoginService - ok

15:30:28.0012 5440 dot3svc (b1fb3ddca0fdf408750d5843591afbc6) C:\Windows\System32\dot3svc.dll

15:30:28.0012 5440 dot3svc - ok

15:30:28.0044 5440 Dot4 (b42ed0320c6e41102fde0005154849bb) C:\Windows\system32\DRIVERS\Dot4.sys

15:30:28.0059 5440 Dot4 - ok

15:30:28.0106 5440 Dot4Print (e9f5969233c5d89f3c35e3a66a52a361) C:\Windows\system32\drivers\Dot4Prt.sys

15:30:28.0106 5440 Dot4Print - ok

15:30:28.0122 5440 dot4usb (fd05a02b0370bc3000f402e543ca5814) C:\Windows\system32\DRIVERS\dot4usb.sys

15:30:28.0122 5440 dot4usb - ok

15:30:28.0168 5440 DPS (b26f4f737e8f9df4f31af6cf31d05820) C:\Windows\system32\dps.dll

15:30:28.0168 5440 DPS - ok

15:30:28.0184 5440 drmkaud (9b19f34400d24df84c858a421c205754) C:\Windows\system32\drivers\drmkaud.sys

15:30:28.0184 5440 drmkaud - ok

15:30:28.0278 5440 DXGKrnl (f5bee30450e18e6b83a5012c100616fd) C:\Windows\System32\drivers\dxgkrnl.sys

15:30:28.0324 5440 DXGKrnl - ok

15:30:28.0371 5440 EapHost (e2dda8726da9cb5b2c4000c9018a9633) C:\Windows\System32\eapsvc.dll

15:30:28.0371 5440 EapHost - ok

15:30:28.0527 5440 ebdrv (dc5d737f51be844d8c82c695eb17372f) C:\Windows\system32\DRIVERS\evbda.sys

15:30:28.0621 5440 ebdrv - ok

15:30:28.0730 5440 EFS (c118a82cd78818c29ab228366ebf81c3) C:\Windows\System32\lsass.exe

15:30:28.0746 5440 EFS - ok

15:30:28.0839 5440 ehRecvr (c4002b6b41975f057d98c439030cea07) C:\Windows\ehome\ehRecvr.exe

15:30:28.0855 5440 ehRecvr - ok

15:30:28.0870 5440 ehSched (4705e8ef9934482c5bb488ce28afc681) C:\Windows\ehome\ehsched.exe

15:30:28.0886 5440 ehSched - ok

15:30:28.0964 5440 elxstor (0e5da5369a0fcaea12456dd852545184) C:\Windows\system32\DRIVERS\elxstor.sys

15:30:28.0980 5440 elxstor - ok

15:30:28.0995 5440 ErrDev (34a3c54752046e79a126e15c51db409b) C:\Windows\system32\drivers\errdev.sys

15:30:28.0995 5440 ErrDev - ok

15:30:29.0073 5440 EventSystem (4166f82be4d24938977dd1746be9b8a0) C:\Windows\system32\es.dll

15:30:29.0073 5440 EventSystem - ok

15:30:29.0120 5440 exfat (a510c654ec00c1e9bdd91eeb3a59823b) C:\Windows\system32\drivers\exfat.sys

15:30:29.0120 5440 exfat - ok

15:30:29.0136 5440 fastfat (0adc83218b66a6db380c330836f3e36d) C:\Windows\system32\drivers\fastfat.sys

15:30:29.0136 5440 fastfat - ok

15:30:29.0214 5440 Fax (dbefd454f8318a0ef691fdd2eaab44eb) C:\Windows\system32\fxssvc.exe

15:30:29.0245 5440 Fax - ok

15:30:29.0260 5440 fdc (d765d19cd8ef61f650c384f62fac00ab) C:\Windows\system32\DRIVERS\fdc.sys

15:30:29.0276 5440 fdc - ok

15:30:29.0292 5440 fdPHost (0438cab2e03f4fb61455a7956026fe86) C:\Windows\system32\fdPHost.dll

15:30:29.0292 5440 fdPHost - ok

15:30:29.0307 5440 FDResPub (802496cb59a30349f9a6dd22d6947644) C:\Windows\system32\fdrespub.dll

15:30:29.0307 5440 FDResPub - ok

15:30:29.0338 5440 FileInfo (655661be46b5f5f3fd454e2c3095b930) C:\Windows\system32\drivers\fileinfo.sys

15:30:29.0338 5440 FileInfo - ok

15:30:29.0354 5440 Filetrace (5f671ab5bc87eea04ec38a6cd5962a47) C:\Windows\system32\drivers\filetrace.sys

15:30:29.0354 5440 Filetrace - ok

15:30:29.0370 5440 flpydisk (c172a0f53008eaeb8ea33fe10e177af5) C:\Windows\system32\DRIVERS\flpydisk.sys

15:30:29.0370 5440 flpydisk - ok

15:30:29.0432 5440 FltMgr (da6b67270fd9db3697b20fce94950741) C:\Windows\system32\drivers\fltmgr.sys

15:30:29.0448 5440 FltMgr - ok

15:30:29.0510 5440 FontCache (5c4cb4086fb83115b153e47add961a0c) C:\Windows\system32\FntCache.dll

15:30:29.0526 5440 FontCache - ok

15:30:29.0588 5440 FontCache3.0.0.0 (a8b7f3818ab65695e3a0bb3279f6dce6) C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe

15:30:29.0588 5440 FontCache3.0.0.0 - ok

15:30:29.0619 5440 FsDepends (d43703496149971890703b4b1b723eac) C:\Windows\system32\drivers\FsDepends.sys

15:30:29.0635 5440 FsDepends - ok

15:30:29.0650 5440 Fs_Rec (6bd9295cc032dd3077c671fccf579a7b) C:\Windows\system32\drivers\Fs_Rec.sys

15:30:29.0650 5440 Fs_Rec - ok

15:30:29.0682 5440 fvevol (1f7b25b858fa27015169fe95e54108ed) C:\Windows\system32\DRIVERS\fvevol.sys

15:30:29.0682 5440 fvevol - ok

15:30:29.0713 5440 gagp30kx (8c778d335c9d272cfd3298ab02abe3b6) C:\Windows\system32\DRIVERS\gagp30kx.sys

15:30:29.0713 5440 gagp30kx - ok

15:30:29.0806 5440 GoToAssist (d3316f6e3c011435f36e3d6e49b3196c) C:\Program Files (x86)\Citrix\GoToAssist\514\g2aservice.exe

15:30:29.0806 5440 GoToAssist - ok

15:30:29.0869 5440 gpsvc (277bbc7e1aa1ee957f573a10eca7ef3a) C:\Windows\System32\gpsvc.dll

15:30:29.0869 5440 gpsvc - ok

15:30:29.0884 5440 hcw85cir (f2523ef6460fc42405b12248338ab2f0) C:\Windows\system32\drivers\hcw85cir.sys

15:30:29.0900 5440 hcw85cir - ok

15:30:29.0947 5440 HDAudBus (97bfed39b6b79eb12cddbfeed51f56bb) C:\Windows\system32\drivers\HDAudBus.sys

15:30:29.0947 5440 HDAudBus - ok

15:30:29.0962 5440 HidBatt (78e86380454a7b10a5eb255dc44a355f) C:\Windows\system32\DRIVERS\HidBatt.sys

15:30:29.0962 5440 HidBatt - ok

15:30:29.0978 5440 HidBth (7fd2a313f7afe5c4dab14798c48dd104) C:\Windows\system32\DRIVERS\hidbth.sys

15:30:29.0994 5440 HidBth - ok

15:30:29.0994 5440 HidIr (0a77d29f311b88cfae3b13f9c1a73825) C:\Windows\system32\DRIVERS\hidir.sys

15:30:30.0009 5440 HidIr - ok

15:30:30.0040 5440 hidserv (bd9eb3958f213f96b97b1d897dee006d) C:\Windows\system32\hidserv.dll

15:30:30.0040 5440 hidserv - ok

15:30:30.0087 5440 HidUsb (9592090a7e2b61cd582b612b6df70536) C:\Windows\system32\drivers\hidusb.sys

15:30:30.0087 5440 HidUsb - ok

15:30:30.0118 5440 hkmsvc (387e72e739e15e3d37907a86d9ff98e2) C:\Windows\system32\kmsvc.dll

15:30:30.0118 5440 hkmsvc - ok

15:30:30.0165 5440 HomeGroupListener (efdfb3dd38a4376f93e7985173813abd) C:\Windows\system32\ListSvc.dll

15:30:30.0165 5440 HomeGroupListener - ok

15:30:30.0212 5440 HomeGroupProvider (908acb1f594274965a53926b10c81e89) C:\Windows\system32\provsvc.dll

15:30:30.0212 5440 HomeGroupProvider - ok

15:30:30.0337 5440 hpqcxs08 (0a3c6aa4a9fc38c20ba4eac2c3351c05) C:\Program Files (x86)\HP\Digital Imaging\bin\hpqcxs08.dll

15:30:30.0337 5440 hpqcxs08 - ok

15:30:30.0352 5440 hpqddsvc (f3f72a2a86c22610bca5439fa789dd52) C:\Program Files (x86)\HP\Digital Imaging\bin\hpqddsvc.dll

15:30:30.0352 5440 hpqddsvc - ok

15:30:30.0399 5440 HpSAMD (39d2abcd392f3d8a6dce7b60ae7b8efc) C:\Windows\system32\drivers\HpSAMD.sys

15:30:30.0399 5440 HpSAMD - ok

15:30:30.0446 5440 HPSLPSVC (d972f48d0ce396759b788693cd665926) C:\Program Files (x86)\HP\Digital Imaging\bin\HPSLPSVC64.DLL

15:30:30.0462 5440 HPSLPSVC - ok

15:30:30.0524 5440 HTTP (0ea7de1acb728dd5a369fd742d6eee28) C:\Windows\system32\drivers\HTTP.sys

15:30:30.0540 5440 HTTP - ok

15:30:30.0586 5440 hwpolicy (a5462bd6884960c9dc85ed49d34ff392) C:\Windows\system32\drivers\hwpolicy.sys

15:30:30.0586 5440 hwpolicy - ok

15:30:30.0633 5440 i8042prt (fa55c73d4affa7ee23ac4be53b4592d3) C:\Windows\system32\drivers\i8042prt.sys

15:30:30.0633 5440 i8042prt - ok

15:30:30.0711 5440 IAANTMON (7548066df68a8a1a56b043359f915f37) C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\IAANTMon.exe

15:30:30.0711 5440 IAANTMON - ok

15:30:30.0774 5440 iaStor (1d004cb1da6323b1f55caef7f94b61d9) C:\Windows\system32\DRIVERS\iaStor.sys

15:30:30.0774 5440 iaStor - ok

15:30:30.0820 5440 iaStorV (aaaf44db3bd0b9d1fb6969b23ecc8366) C:\Windows\system32\drivers\iaStorV.sys

15:30:30.0852 5440 iaStorV - ok

15:30:30.0961 5440 idsvc (5988fc40f8db5b0739cd1e3a5d0d78bd) C:\Windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\infocard.exe

15:30:31.0023 5440 idsvc - ok

15:30:31.0444 5440 igfx (babd5f9b2bcc82ce556a0baf1ae208a7) C:\Windows\system32\DRIVERS\igdkmd64.sys

15:30:31.0616 5440 igfx - ok

15:30:31.0710 5440 iirsp (5c18831c61933628f5bb0ea2675b9d21) C:\Windows\system32\DRIVERS\iirsp.sys

15:30:31.0725 5440 iirsp - ok

15:30:31.0788 5440 IKEEXT (fcd84c381e0140af901e58d48882d26b) C:\Windows\System32\ikeext.dll

15:30:31.0788 5440 IKEEXT - ok

15:30:31.0819 5440 intelide (f00f20e70c6ec3aa366910083a0518aa) C:\Windows\system32\drivers\intelide.sys

15:30:31.0819 5440 intelide - ok

15:30:31.0850 5440 intelppm (ada036632c664caa754079041cf1f8c1) C:\Windows\system32\DRIVERS\intelppm.sys

15:30:31.0850 5440 intelppm - ok

15:30:31.0881 5440 IPBusEnum (098a91c54546a3b878dad6a7e90a455b) C:\Windows\system32\ipbusenum.dll

15:30:31.0881 5440 IPBusEnum - ok

15:30:31.0928 5440 IpFilterDriver (c9f0e1bd74365a8771590e9008d22ab6) C:\Windows\system32\DRIVERS\ipfltdrv.sys

15:30:31.0928 5440 IpFilterDriver - ok

15:30:31.0975 5440 iphlpsvc (a34a587fffd45fa649fba6d03784d257) C:\Windows\System32\iphlpsvc.dll

15:30:31.0975 5440 iphlpsvc - ok

15:30:32.0006 5440 IPMIDRV (0fc1aea580957aa8817b8f305d18ca3a) C:\Windows\system32\drivers\IPMIDrv.sys

15:30:32.0022 5440 IPMIDRV - ok

15:30:32.0053 5440 IPNAT (af9b39a7e7b6caa203b3862582e9f2d0) C:\Windows\system32\drivers\ipnat.sys

15:30:32.0053 5440 IPNAT - ok

15:30:32.0084 5440 IRENUM (3abf5e7213eb28966d55d58b515d5ce9) C:\Windows\system32\drivers\irenum.sys

15:30:32.0084 5440 IRENUM - ok

15:30:32.0100 5440 isapnp (2f7b28dc3e1183e5eb418df55c204f38) C:\Windows\system32\drivers\isapnp.sys

15:30:32.0100 5440 isapnp - ok

15:30:32.0115 5440 iScsiPrt (d931d7309deb2317035b07c9f9e6b0bd) C:\Windows\system32\drivers\msiscsi.sys

15:30:32.0131 5440 iScsiPrt - ok

15:30:32.0162 5440 kbdclass (bc02336f1cba7dcc7d1213bb588a68a5) C:\Windows\system32\drivers\kbdclass.sys

15:30:32.0162 5440 kbdclass - ok

15:30:32.0178 5440 kbdhid (0705eff5b42a9db58548eec3b26bb484) C:\Windows\system32\drivers\kbdhid.sys

15:30:32.0178 5440 kbdhid - ok

15:30:32.0209 5440 KeyIso (c118a82cd78818c29ab228366ebf81c3) C:\Windows\system32\lsass.exe

15:30:32.0209 5440 KeyIso - ok

15:30:32.0240 5440 KSecDD (da1e991a61cfdd755a589e206b97644b) C:\Windows\system32\Drivers\ksecdd.sys

15:30:32.0240 5440 KSecDD - ok

15:30:32.0271 5440 KSecPkg (7e33198d956943a4f11a5474c1e9106f) C:\Windows\system32\Drivers\ksecpkg.sys

15:30:32.0271 5440 KSecPkg - ok

15:30:32.0302 5440 ksthunk (6869281e78cb31a43e969f06b57347c4) C:\Windows\system32\drivers\ksthunk.sys

15:30:32.0302 5440 ksthunk - ok

15:30:32.0349 5440 KtmRm (6ab66e16aa859232f64deb66887a8c9c) C:\Windows\system32\msdtckrm.dll

15:30:32.0365 5440 KtmRm - ok

15:30:32.0427 5440 LanmanServer (d9f42719019740baa6d1c6d536cbdaa6) C:\Windows\system32\srvsvc.dll

15:30:32.0427 5440 LanmanServer - ok

15:30:32.0458 5440 LanmanWorkstation (851a1382eed3e3a7476db004f4ee3e1a) C:\Windows\System32\wkssvc.dll

15:30:32.0458 5440 LanmanWorkstation - ok

15:30:32.0505 5440 lltdio (1538831cf8ad2979a04c423779465827) C:\Windows\system32\DRIVERS\lltdio.sys

15:30:32.0505 5440 lltdio - ok

15:30:32.0552 5440 lltdsvc (c1185803384ab3feed115f79f109427f) C:\Windows\System32\lltdsvc.dll

15:30:32.0552 5440 lltdsvc - ok

15:30:32.0583 5440 lmhosts (f993a32249b66c9d622ea5592a8b76b8) C:\Windows\System32\lmhsvc.dll

15:30:32.0583 5440 lmhosts - ok

15:30:32.0630 5440 LSI_FC (1a93e54eb0ece102495a51266dcdb6a6) C:\Windows\system32\DRIVERS\lsi_fc.sys

15:30:32.0630 5440 LSI_FC - ok

15:30:32.0646 5440 LSI_SAS (1047184a9fdc8bdbff857175875ee810) C:\Windows\system32\DRIVERS\lsi_sas.sys

15:30:32.0646 5440 LSI_SAS - ok

15:30:32.0646 5440 LSI_SAS2 (30f5c0de1ee8b5bc9306c1f0e4a75f93) C:\Windows\system32\DRIVERS\lsi_sas2.sys

15:30:32.0661 5440 LSI_SAS2 - ok

15:30:32.0677 5440 LSI_SCSI (0504eacaff0d3c8aed161c4b0d369d4a) C:\Windows\system32\DRIVERS\lsi_scsi.sys

15:30:32.0677 5440 LSI_SCSI - ok

15:30:32.0724 5440 luafv (43d0f98e1d56ccddb0d5254cff7b356e) C:\Windows\system32\drivers\luafv.sys

15:30:32.0724 5440 luafv - ok

15:30:32.0770 5440 MBAMProtector (dbc08862a71459e74f7538b432c114cc) C:\Windows\system32\drivers\mbam.sys

15:30:32.0770 5440 MBAMProtector - ok

15:30:32.0895 5440 MBAMService (ba400ed640bca1eae5c727ae17c10207) C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe

15:30:32.0911 5440 MBAMService - ok

15:30:33.0004 5440 McciCMService (f8b823414a22dbf3bec10dcaa5f93cd8) C:\Program Files (x86)\Common Files\Motive\McciCMService.exe

15:30:33.0004 5440 McciCMService - ok

15:30:33.0098 5440 McciCMService64 (859e5a32485178daeca06b52e2bb44b2) C:\Program Files\Common Files\Motive\McciCMService.exe

15:30:33.0098 5440 McciCMService64 - ok

15:30:33.0145 5440 McciServiceHost (46cf4d03dffa2a8b06d79e55e38de2c9) C:\Program Files (x86)\Common Files\Motive\McciServiceHost.exe

15:30:33.0145 5440 McciServiceHost - ok

15:30:33.0223 5440 Mcx2Svc (0be09cd858abf9df6ed259d57a1a1663) C:\Windows\system32\Mcx2Svc.dll

15:30:33.0238 5440 Mcx2Svc - ok

15:30:33.0270 5440 megasas (a55805f747c6edb6a9080d7c633bd0f4) C:\Windows\system32\DRIVERS\megasas.sys

15:30:33.0270 5440 megasas - ok

15:30:33.0301 5440 MegaSR (baf74ce0072480c3b6b7c13b2a94d6b3) C:\Windows\system32\DRIVERS\MegaSR.sys

15:30:33.0316 5440 MegaSR - ok

15:30:33.0363 5440 MMCSS (e40e80d0304a73e8d269f7141d77250b) C:\Windows\system32\mmcss.dll

15:30:33.0363 5440 MMCSS - ok

15:30:33.0394 5440 Modem (800ba92f7010378b09f9ed9270f07137) C:\Windows\system32\drivers\modem.sys

15:30:33.0394 5440 Modem - ok

15:30:33.0426 5440 monitor (b03d591dc7da45ece20b3b467e6aadaa) C:\Windows\system32\DRIVERS\monitor.sys

15:30:33.0426 5440 monitor - ok

15:30:33.0597 5440 mouclass (7d27ea49f3c1f687d357e77a470aea99) C:\Windows\system32\drivers\mouclass.sys

15:30:33.0597 5440 mouclass - ok

15:30:33.0628 5440 mouhid (d3bf052c40b0c4166d9fd86a4288c1e6) C:\Windows\system32\DRIVERS\mouhid.sys

15:30:33.0628 5440 mouhid - ok

15:30:33.0675 5440 mountmgr (32e7a3d591d671a6df2db515a5cbe0fa) C:\Windows\system32\drivers\mountmgr.sys

15:30:33.0675 5440 mountmgr - ok

15:30:33.0706 5440 mpio (a44b420d30bd56e145d6a2bc8768ec58) C:\Windows\system32\drivers\mpio.sys

15:30:33.0706 5440 mpio - ok

15:30:33.0722 5440 mpsdrv (6c38c9e45ae0ea2fa5e551f2ed5e978f) C:\Windows\system32\drivers\mpsdrv.sys

15:30:33.0738 5440 mpsdrv - ok

15:30:33.0800 5440 MpsSvc (54ffc9c8898113ace189d4aa7199d2c1) C:\Windows\system32\mpssvc.dll

15:30:33.0800 5440 MpsSvc - ok

15:30:33.0878 5440 MREMP50 (9bd4dcb5412921864a7aacdedfbd1923) C:\PROGRA~2\COMMON~1\Motive\MREMP50.SYS

15:30:33.0894 5440 MREMP50 - ok

15:30:33.0972 5440 MREMP50a64 (c2758df79c83a0d12a5599a040ca1818) C:\PROGRA~1\COMMON~1\Motive\MREMP50a64.SYS

15:30:33.0972 5440 MREMP50a64 - ok

15:30:33.0972 5440 MREMPR5 - ok

15:30:33.0987 5440 MRENDIS5 - ok

15:30:34.0003 5440 MRESP50 (07c02c892e8e1a72d6bf35004f0e9c5e) C:\PROGRA~2\COMMON~1\Motive\MRESP50.SYS

15:30:34.0003 5440 MRESP50 - ok

15:30:34.0018 5440 MRESP50a64 (38bd5b32e0722752be8465d2a6da43d9) C:\PROGRA~1\COMMON~1\Motive\MRESP50a64.SYS

15:30:34.0018 5440 MRESP50a64 - ok

15:30:34.0065 5440 MRxDAV (dc722758b8261e1abafd31a3c0a66380) C:\Windows\system32\drivers\mrxdav.sys

15:30:34.0065 5440 MRxDAV - ok

15:30:34.0096 5440 mrxsmb (a5d9106a73dc88564c825d317cac68ac) C:\Windows\system32\DRIVERS\mrxsmb.sys

15:30:34.0096 5440 mrxsmb - ok

15:30:34.0159 5440 mrxsmb10 (d711b3c1d5f42c0c2415687be09fc163) C:\Windows\system32\DRIVERS\mrxsmb10.sys

15:30:34.0159 5440 mrxsmb10 - ok

15:30:34.0174 5440 mrxsmb20 (9423e9d355c8d303e76b8cfbd8a5c30c) C:\Windows\system32\DRIVERS\mrxsmb20.sys

15:30:34.0190 5440 mrxsmb20 - ok

15:30:34.0206 5440 msahci (c25f0bafa182cbca2dd3c851c2e75796) C:\Windows\system32\drivers\msahci.sys

15:30:34.0206 5440 msahci - ok

15:30:34.0237 5440 msdsm (db801a638d011b9633829eb6f663c900) C:\Windows\system32\drivers\msdsm.sys

15:30:34.0252 5440 msdsm - ok

15:30:34.0284 5440 MSDTC (de0ece52236cfa3ed2dbfc03f28253a8) C:\Windows\System32\msdtc.exe

15:30:34.0284 5440 MSDTC - ok

15:30:34.0315 5440 Msfs (aa3fb40e17ce1388fa1bedab50ea8f96) C:\Windows\system32\drivers\Msfs.sys

15:30:34.0315 5440 Msfs - ok

15:30:34.0330 5440 mshidkmdf (f9d215a46a8b9753f61767fa72a20326) C:\Windows\System32\drivers\mshidkmdf.sys

15:30:34.0330 5440 mshidkmdf - ok

15:30:34.0362 5440 msisadrv (d916874bbd4f8b07bfb7fa9b3ccae29d) C:\Windows\system32\drivers\msisadrv.sys

15:30:34.0362 5440 msisadrv - ok

15:30:34.0408 5440 MSiSCSI (808e98ff49b155c522e6400953177b08) C:\Windows\system32\iscsiexe.dll

15:30:34.0408 5440 MSiSCSI - ok

15:30:34.0408 5440 msiserver - ok

15:30:34.0440 5440 MSKSSRV (49ccf2c4fea34ffad8b1b59d49439366) C:\Windows\system32\drivers\MSKSSRV.sys

15:30:34.0440 5440 MSKSSRV - ok

15:30:34.0455 5440 MSPCLOCK (bdd71ace35a232104ddd349ee70e1ab3) C:\Windows\system32\drivers\MSPCLOCK.sys

15:30:34.0455 5440 MSPCLOCK - ok

15:30:34.0471 5440 MSPQM (4ed981241db27c3383d72092b618a1d0) C:\Windows\system32\drivers\MSPQM.sys

15:30:34.0471 5440 MSPQM - ok

15:30:34.0518 5440 MsRPC (759a9eeb0fa9ed79da1fb7d4ef78866d) C:\Windows\system32\drivers\MsRPC.sys

15:30:34.0533 5440 MsRPC - ok

15:30:34.0564 5440 mssmbios (0eed230e37515a0eaee3c2e1bc97b288) C:\Windows\system32\drivers\mssmbios.sys

15:30:34.0564 5440 mssmbios - ok

15:30:34.0580 5440 MSTEE (2e66f9ecb30b4221a318c92ac2250779) C:\Windows\system32\drivers\MSTEE.sys

15:30:34.0580 5440 MSTEE - ok

15:30:34.0596 5440 MTConfig (7ea404308934e675bffde8edf0757bcd) C:\Windows\system32\DRIVERS\MTConfig.sys

15:30:34.0596 5440 MTConfig - ok

15:30:34.0611 5440 Mup (f9a18612fd3526fe473c1bda678d61c8) C:\Windows\system32\Drivers\mup.sys

15:30:34.0611 5440 Mup - ok

15:30:34.0658 5440 napagent (582ac6d9873e31dfa28a4547270862dd) C:\Windows\system32\qagentRT.dll

15:30:34.0658 5440 napagent - ok

15:30:34.0705 5440 NativeWifiP (1ea3749c4114db3e3161156ffffa6b33) C:\Windows\system32\DRIVERS\nwifi.sys

15:30:34.0720 5440 NativeWifiP - ok

15:30:34.0783 5440 NDIS (79b47fd40d9a817e932f9d26fac0a81c) C:\Windows\system32\drivers\ndis.sys

15:30:34.0783 5440 NDIS - ok

15:30:34.0814 5440 NdisCap (9f9a1f53aad7da4d6fef5bb73ab811ac) C:\Windows\system32\DRIVERS\ndiscap.sys

15:30:34.0814 5440 NdisCap - ok

15:30:34.0845 5440 NdisTapi (30639c932d9fef22b31268fe25a1b6e5) C:\Windows\system32\DRIVERS\ndistapi.sys

15:30:34.0845 5440 NdisTapi - ok

15:30:34.0892 5440 Ndisuio (136185f9fb2cc61e573e676aa5402356) C:\Windows\system32\DRIVERS\ndisuio.sys

15:30:34.0908 5440 Ndisuio - ok

15:30:34.0939 5440 NdisWan (53f7305169863f0a2bddc49e116c2e11) C:\Windows\system32\DRIVERS\ndiswan.sys

15:30:34.0939 5440 NdisWan - ok

15:30:34.0970 5440 NDProxy (015c0d8e0e0421b4cfd48cffe2825879) C:\Windows\system32\drivers\NDProxy.sys

15:30:34.0970 5440 NDProxy - ok

15:30:35.0017 5440 Net Driver HPZ12 (d5ac41ae382738483faffbd7e373d49a) C:\Windows\system32\HPZinw12.dll

15:30:35.0017 5440 Net Driver HPZ12 - ok

15:30:35.0048 5440 NetBIOS (86743d9f5d2b1048062b14b1d84501c4) C:\Windows\system32\DRIVERS\netbios.sys

15:30:35.0048 5440 NetBIOS - ok

15:30:35.0095 5440 NetBT (09594d1089c523423b32a4229263f068) C:\Windows\system32\DRIVERS\netbt.sys

15:30:35.0095 5440 NetBT - ok

15:30:35.0126 5440 Netlogon (c118a82cd78818c29ab228366ebf81c3) C:\Windows\system32\lsass.exe

15:30:35.0126 5440 Netlogon - ok

15:30:35.0188 5440 Netman (847d3ae376c0817161a14a82c8922a9e) C:\Windows\System32\netman.dll

15:30:35.0188 5440 Netman - ok

15:30:35.0220 5440 netprofm (5f28111c648f1e24f7dbc87cdeb091b8) C:\Windows\System32\netprofm.dll

15:30:35.0235 5440 netprofm - ok

15:30:35.0329 5440 NetTcpPortSharing (3e5a36127e201ddf663176b66828fafe) C:\Windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\SMSvcHost.exe

15:30:35.0344 5440 NetTcpPortSharing - ok

15:30:35.0376 5440 nfrd960 (77889813be4d166cdab78ddba990da92) C:\Windows\system32\DRIVERS\nfrd960.sys

15:30:35.0376 5440 nfrd960 - ok

15:30:35.0438 5440 NlaSvc (1ee99a89cc788ada662441d1e9830529) C:\Windows\System32\nlasvc.dll

15:30:35.0438 5440 NlaSvc - ok

15:30:35.0469 5440 Npfs (1e4c4ab5c9b8dd13179bbdc75a2a01f7) C:\Windows\system32\drivers\Npfs.sys

15:30:35.0469 5440 Npfs - ok

15:30:35.0500 5440 nsi (d54bfdf3e0c953f823b3d0bfe4732528) C:\Windows\system32\nsisvc.dll

15:30:35.0516 5440 nsi - ok

15:30:35.0532 5440 nsiproxy (e7f5ae18af4168178a642a9247c63001) C:\Windows\system32\drivers\nsiproxy.sys

15:30:35.0532 5440 nsiproxy - ok

15:30:35.0656 5440 Ntfs (a2f74975097f52a00745f9637451fdd8) C:\Windows\system32\drivers\Ntfs.sys

15:30:35.0719 5440 Ntfs - ok

15:30:35.0844 5440 Null (9899284589f75fa8724ff3d16aed75c1) C:\Windows\system32\drivers\Null.sys

15:30:35.0844 5440 Null - ok

15:30:35.0890 5440 nvraid (0a92cb65770442ed0dc44834632f66ad) C:\Windows\system32\drivers\nvraid.sys

15:30:35.0890 5440 nvraid - ok

15:30:35.0906 5440 nvstor (dab0e87525c10052bf65f06152f37e4a) C:\Windows\system32\drivers\nvstor.sys

15:30:35.0922 5440 nvstor - ok

15:30:35.0953 5440 nv_agp (270d7cd42d6e3979f6dd0146650f0e05) C:\Windows\system32\drivers\nv_agp.sys

15:30:35.0953 5440 nv_agp - ok

15:30:36.0062 5440 odserv (785f487a64950f3cb8e9f16253ba3b7b) C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE12\ODSERV.EXE

15:30:36.0078 5440 odserv - ok

15:30:36.0109 5440 ohci1394 (3589478e4b22ce21b41fa1bfc0b8b8a0) C:\Windows\system32\drivers\ohci1394.sys

15:30:36.0109 5440 ohci1394 - ok

15:30:36.0171 5440 ose (5a432a042dae460abe7199b758e8606c) C:\Program Files (x86)\Common Files\Microsoft Shared\Source Engine\OSE.EXE

15:30:36.0171 5440 ose - ok

15:30:36.0218 5440 p2pimsvc (3eac4455472cc2c97107b5291e0dcafe) C:\Windows\system32\pnrpsvc.dll

15:30:36.0218 5440 p2pimsvc - ok

15:30:36.0249 5440 p2psvc (927463ecb02179f88e4b9a17568c63c3) C:\Windows\system32\p2psvc.dll

15:30:36.0249 5440 p2psvc - ok

15:30:36.0280 5440 Parport (0086431c29c35be1dbc43f52cc273887) C:\Windows\system32\DRIVERS\parport.sys

15:30:36.0280 5440 Parport - ok

15:30:36.0327 5440 partmgr (871eadac56b0a4c6512bbe32753ccf79) C:\Windows\system32\drivers\partmgr.sys

15:30:36.0327 5440 partmgr - ok

15:30:36.0358 5440 PcaSvc (3aeaa8b561e63452c655dc0584922257) C:\Windows\System32\pcasvc.dll

15:30:36.0358 5440 PcaSvc - ok

15:30:36.0780 5440 PCDSRVC{1E208CE0-FB7451FF-06020101}_0 (7317a0b550f7ac0223b7070897670476) c:\program files\dell support center\pcdsrvc_x64.pkms

15:30:36.0780 5440 PCDSRVC{1E208CE0-FB7451FF-06020101}_0 - ok

15:30:36.0811 5440 pci (94575c0571d1462a0f70bde6bd6ee6b3) C:\Windows\system32\drivers\pci.sys

15:30:36.0811 5440 pci - ok

15:30:36.0842 5440 pciide (b5b8b5ef2e5cb34df8dcf8831e3534fa) C:\Windows\system32\drivers\pciide.sys

15:30:36.0842 5440 pciide - ok

15:30:36.0889 5440 pcmcia (b2e81d4e87ce48589f98cb8c05b01f2f) C:\Windows\system32\DRIVERS\pcmcia.sys

15:30:36.0889 5440 pcmcia - ok

15:30:36.0904 5440 pcw (d6b9c2e1a11a3a4b26a182ffef18f603) C:\Windows\system32\drivers\pcw.sys

15:30:36.0904 5440 pcw - ok

15:30:36.0951 5440 PEAUTH (68769c3356b3be5d1c732c97b9a80d6e) C:\Windows\system32\drivers\peauth.sys

15:30:36.0967 5440 PEAUTH - ok

15:30:37.0029 5440 PerfHost (e495e408c93141e8fc72dc0c6046ddfa) C:\Windows\SysWow64\perfhost.exe

15:30:37.0045 5440 PerfHost - ok

15:30:37.0138 5440 pla (c7cf6a6e137463219e1259e3f0f0dd6c) C:\Windows\system32\pla.dll

15:30:37.0201 5440 pla - ok

15:30:37.0263 5440 PlugPlay (25fbdef06c4d92815b353f6e792c8129) C:\Windows\system32\umpnpmgr.dll

15:30:37.0279 5440 PlugPlay - ok

15:30:37.0341 5440 Pml Driver HPZ12 (37f6046cdc630442d7dc087501ff6fc6) C:\Windows\system32\HPZipm12.dll

15:30:37.0341 5440 Pml Driver HPZ12 - ok

15:30:37.0372 5440 PNRPAutoReg (7195581cec9bb7d12abe54036acc2e38) C:\Windows\system32\pnrpauto.dll

15:30:37.0372 5440 PNRPAutoReg - ok

15:30:37.0404 5440 PNRPsvc (3eac4455472cc2c97107b5291e0dcafe) C:\Windows\system32\pnrpsvc.dll

15:30:37.0404 5440 PNRPsvc - ok

15:30:37.0450 5440 PolicyAgent (4f15d75adf6156bf56eced6d4a55c389) C:\Windows\System32\ipsecsvc.dll

15:30:37.0450 5440 PolicyAgent - ok

15:30:37.0482 5440 Power (6ba9d927dded70bd1a9caded45f8b184) C:\Windows\system32\umpo.dll

15:30:37.0497 5440 Power - ok

15:30:37.0560 5440 PptpMiniport (f92a2c41117a11a00be01ca01a7fcde9) C:\Windows\system32\DRIVERS\raspptp.sys

15:30:37.0560 5440 PptpMiniport - ok

15:30:37.0606 5440 Processor (0d922e23c041efb1c3fac2a6f943c9bf) C:\Windows\system32\DRIVERS\processr.sys

15:30:37.0606 5440 Processor - ok

15:30:37.0638 5440 ProfSvc (5c78838b4d166d1a27db3a8a820c799a) C:\Windows\system32\profsvc.dll

15:30:37.0653 5440 ProfSvc - ok

15:30:37.0669 5440 ProtectedStorage (c118a82cd78818c29ab228366ebf81c3) C:\Windows\system32\lsass.exe

15:30:37.0669 5440 ProtectedStorage - ok

15:30:37.0731 5440 Psched (0557cf5a2556bd58e26384169d72438d) C:\Windows\system32\DRIVERS\pacer.sys

15:30:37.0731 5440 Psched - ok

15:30:37.0747 5440 PxHlpa64 (4712cc14e720ecccc0aa16949d18aaf1) C:\Windows\system32\Drivers\PxHlpa64.sys

15:30:37.0762 5440 PxHlpa64 - ok

15:30:37.0856 5440 ql2300 (a53a15a11ebfd21077463ee2c7afeef0) C:\Windows\system32\DRIVERS\ql2300.sys

15:30:37.0918 5440 ql2300 - ok

15:30:38.0059 5440 ql40xx (4f6d12b51de1aaeff7dc58c4d75423c8) C:\Windows\system32\DRIVERS\ql40xx.sys

15:30:38.0090 5440 ql40xx - ok

15:30:38.0121 5440 QWAVE (906191634e99aea92c4816150bda3732) C:\Windows\system32\qwave.dll

15:30:38.0137 5440 QWAVE - ok

15:30:38.0152 5440 QWAVEdrv (76707bb36430888d9ce9d705398adb6c) C:\Windows\system32\drivers\qwavedrv.sys

15:30:38.0152 5440 QWAVEdrv - ok

15:30:38.0168 5440 RasAcd (5a0da8ad5762fa2d91678a8a01311704) C:\Windows\system32\DRIVERS\rasacd.sys

15:30:38.0168 5440 RasAcd - ok

15:30:38.0199 5440 RasAgileVpn (7ecff9b22276b73f43a99a15a6094e90) C:\Windows\system32\DRIVERS\AgileVpn.sys

15:30:38.0199 5440 RasAgileVpn - ok

15:30:38.0230 5440 RasAuto (8f26510c5383b8dbe976de1cd00fc8c7) C:\Windows\System32\rasauto.dll

15:30:38.0230 5440 RasAuto - ok

15:30:38.0262 5440 Rasl2tp (471815800ae33e6f1c32fb1b97c490ca) C:\Windows\system32\DRIVERS\rasl2tp.sys

15:30:38.0262 5440 Rasl2tp - ok

15:30:38.0308 5440 RasMan (ee867a0870fc9e4972ba9eaad35651e2) C:\Windows\System32\rasmans.dll

15:30:38.0324 5440 RasMan - ok

15:30:38.0340 5440 RasPppoe (855c9b1cd4756c5e9a2aa58a15f58c25) C:\Windows\system32\DRIVERS\raspppoe.sys

15:30:38.0355 5440 RasPppoe - ok

15:30:38.0371 5440 RasSstp (e8b1e447b008d07ff47d016c2b0eeecb) C:\Windows\system32\DRIVERS\rassstp.sys

15:30:38.0371 5440 RasSstp - ok

15:30:38.0402 5440 rdbss (77f665941019a1594d887a74f301fa2f) C:\Windows\system32\DRIVERS\rdbss.sys

15:30:38.0418 5440 rdbss - ok

15:30:38.0433 5440 rdpbus (302da2a0539f2cf54d7c6cc30c1f2d8d) C:\Windows\system32\DRIVERS\rdpbus.sys

15:30:38.0433 5440 rdpbus - ok

15:30:38.0449 5440 RDPCDD (cea6cc257fc9b7715f1c2b4849286d24) C:\Windows\system32\DRIVERS\RDPCDD.sys

15:30:38.0449 5440 RDPCDD - ok

15:30:38.0480 5440 RDPENCDD (bb5971a4f00659529a5c44831af22365) C:\Windows\system32\drivers\rdpencdd.sys

15:30:38.0480 5440 RDPENCDD - ok

15:30:38.0496 5440 RDPREFMP (216f3fa57533d98e1f74ded70113177a) C:\Windows\system32\drivers\rdprefmp.sys

15:30:38.0496 5440 RDPREFMP - ok

15:30:38.0527 5440 RDPWD (6d76e6433574b058adcb0c50df834492) C:\Windows\system32\drivers\RDPWD.sys

15:30:38.0527 5440 RDPWD - ok

15:30:38.0589 5440 rdyboost (34ed295fa0121c241bfef24764fc4520) C:\Windows\system32\drivers\rdyboost.sys

15:30:38.0589 5440 rdyboost - ok

15:30:38.0620 5440 RemoteAccess (254fb7a22d74e5511c73a3f6d802f192) C:\Windows\System32\mprdim.dll

15:30:38.0620 5440 RemoteAccess - ok

15:30:38.0652 5440 RemoteRegistry (e4d94f24081440b5fc5aa556c7c62702) C:\Windows\system32\regsvc.dll

15:30:38.0652 5440 RemoteRegistry - ok

15:30:38.0683 5440 RpcEptMapper (e4dc58cf7b3ea515ae917ff0d402a7bb) C:\Windows\System32\RpcEpMap.dll

15:30:38.0683 5440 RpcEptMapper - ok

15:30:38.0714 5440 RpcLocator (d5ba242d4cf8e384db90e6a8ed850b8c) C:\Windows\system32\locator.exe

15:30:38.0714 5440 RpcLocator - ok

15:30:38.0761 5440 RpcSs (5c627d1b1138676c0a7ab2c2c190d123) C:\Windows\system32\rpcss.dll

15:30:38.0776 5440 RpcSs - ok

15:30:38.0808 5440 rspndr (ddc86e4f8e7456261e637e3552e804ff) C:\Windows\system32\DRIVERS\rspndr.sys

15:30:38.0808 5440 rspndr - ok

15:30:38.0854 5440 RSUSBSTOR (4a25dc970c58104602ed274dacafd784) C:\Windows\system32\Drivers\RtsUStor.sys

15:30:38.0854 5440 RSUSBSTOR - ok

15:30:38.0901 5440 SamSs (c118a82cd78818c29ab228366ebf81c3) C:\Windows\system32\lsass.exe

15:30:38.0901 5440 SamSs - ok

15:30:39.0151 5440 SBAMSvc (e745f6fa032378f79af7f4640a525935) C:\Program Files (x86)\GFI Software\VIPRE\SBAMSvc.exe

15:30:39.0166 5440 SBAMSvc - ok

15:30:39.0322 5440 sbapifs (1a0e1786cbfee4f4f912c69ceb512607) C:\Windows\system32\DRIVERS\sbapifs.sys

15:30:39.0322 5440 sbapifs - ok

15:30:39.0400 5440 sbp2port (ac03af3329579fffb455aa2daabbe22b) C:\Windows\system32\drivers\sbp2port.sys

15:30:39.0400 5440 sbp2port - ok

15:30:39.0510 5440 SBPIMSvc (70bb55aef22fc0a14c374c6de2fcb7a0) C:\Program Files (x86)\GFI Software\VIPRE\SBPIMSvc.exe

15:30:39.0510 5440 SBPIMSvc - ok

15:30:39.0541 5440 SBRE (9aceb2a2362fc87a3825963e61ba9076) C:\Windows\system32\drivers\SBREdrv.sys

15:30:39.0541 5440 SBRE - ok

15:30:39.0588 5440 sbwtis (798ede29facb6f0e5ef49a3e8af3fc36) C:\Windows\system32\DRIVERS\sbwtis.sys

15:30:39.0588 5440 sbwtis - ok

15:30:39.0634 5440 SCardSvr (9b7395789e3791a3b6d000fe6f8b131e) C:\Windows\System32\SCardSvr.dll

15:30:39.0650 5440 SCardSvr - ok

15:30:39.0666 5440 scfilter (253f38d0d7074c02ff8deb9836c97d2b) C:\Windows\system32\DRIVERS\scfilter.sys

15:30:39.0666 5440 scfilter - ok

15:30:39.0744 5440 Schedule (262f6592c3299c005fd6bec90fc4463a) C:\Windows\system32\schedsvc.dll

15:30:39.0744 5440 Schedule - ok

15:30:39.0790 5440 SCPolicySvc (f17d1d393bbc69c5322fbfafaca28c7f) C:\Windows\System32\certprop.dll

15:30:39.0790 5440 SCPolicySvc - ok

15:30:39.0822 5440 SDRSVC (6ea4234dc55346e0709560fe7c2c1972) C:\Windows\System32\SDRSVC.dll

15:30:39.0822 5440 SDRSVC - ok

15:30:39.0868 5440 secdrv (3ea8a16169c26afbeb544e0e48421186) C:\Windows\system32\drivers\secdrv.sys

15:30:39.0868 5440 secdrv - ok

15:30:39.0978 5440 seclogon (bc617a4e1b4fa8df523a061739a0bd87) C:\Windows\system32\seclogon.dll

15:30:39.0978 5440 seclogon - ok

15:30:40.0009 5440 SENS (c32ab8fa018ef34c0f113bd501436d21) C:\Windows\System32\sens.dll

15:30:40.0009 5440 SENS - ok

15:30:40.0040 5440 SensrSvc (0336cffafaab87a11541f1cf1594b2b2) C:\Windows\system32\sensrsvc.dll

15:30:40.0056 5440 SensrSvc - ok

15:30:40.0071 5440 Serenum (cb624c0035412af0debec78c41f5ca1b) C:\Windows\system32\DRIVERS\serenum.sys

15:30:40.0071 5440 Serenum - ok

15:30:40.0102 5440 Serial (c1d8e28b2c2adfaec4ba89e9fda69bd6) C:\Windows\system32\DRIVERS\serial.sys

15:30:40.0102 5440 Serial - ok

15:30:40.0118 5440 sermouse (1c545a7d0691cc4a027396535691c3e3) C:\Windows\system32\DRIVERS\sermouse.sys

15:30:40.0118 5440 sermouse - ok

15:30:40.0149 5440 SessionEnv (0b6231bf38174a1628c4ac812cc75804) C:\Windows\system32\sessenv.dll

15:30:40.0165 5440 SessionEnv - ok

15:30:40.0180 5440 sffdisk (a554811bcd09279536440c964ae35bbf) C:\Windows\system32\drivers\sffdisk.sys

15:30:40.0180 5440 sffdisk - ok

15:30:40.0196 5440 sffp_mmc (ff414f0baefeba59bc6c04b3db0b87bf) C:\Windows\system32\drivers\sffp_mmc.sys

15:30:40.0196 5440 sffp_mmc - ok

15:30:40.0212 5440 sffp_sd (dd85b78243a19b59f0637dcf284da63c) C:\Windows\system32\drivers\sffp_sd.sys

15:30:40.0212 5440 sffp_sd - ok

15:30:40.0227 5440 sfloppy (a9d601643a1647211a1ee2ec4e433ff4) C:\Windows\system32\DRIVERS\sfloppy.sys

15:30:40.0243 5440 sfloppy - ok

15:30:40.0461 5440 SftService (e1974a92ac0914a3859359a0a8c82c68) C:\Program Files (x86)\Dell DataSafe Local Backup\sftservice.EXE

15:30:40.0461 5440 SftService - ok

15:30:40.0524 5440 SharedAccess (b95f6501a2f8b2e78c697fec401970ce) C:\Windows\System32\ipnathlp.dll

15:30:40.0539 5440 SharedAccess - ok

15:30:40.0586 5440 ShellHWDetection (aaf932b4011d14052955d4b212a4da8d) C:\Windows\System32\shsvcs.dll

15:30:40.0602 5440 ShellHWDetection - ok

15:30:40.0648 5440 SiSRaid2 (843caf1e5fde1ffd5ff768f23a51e2e1) C:\Windows\system32\DRIVERS\SiSRaid2.sys

15:30:40.0664 5440 SiSRaid2 - ok

15:30:40.0664 5440 SiSRaid4 (6a6c106d42e9ffff8b9fcb4f754f6da4) C:\Windows\system32\DRIVERS\sisraid4.sys

15:30:40.0664 5440 SiSRaid4 - ok

15:30:40.0695 5440 Smb (548260a7b8654e024dc30bf8a7c5baa4) C:\Windows\system32\DRIVERS\smb.sys

15:30:40.0711 5440 Smb - ok

15:30:40.0742 5440 SNMPTRAP (6313f223e817cc09aa41811daa7f541d) C:\Windows\System32\snmptrap.exe

15:30:40.0742 5440 SNMPTRAP - ok

15:30:40.0773 5440 spldr (b9e31e5cacdfe584f34f730a677803f9) C:\Windows\system32\drivers\spldr.sys

15:30:40.0773 5440 spldr - ok

15:30:40.0851 5440 Spooler (b96c17b5dc1424d56eea3a99e97428cd) C:\Windows\System32\spoolsv.exe

15:30:40.0851 5440 Spooler - ok

15:30:41.0023 5440 sppsvc (e17e0188bb90fae42d83e98707efa59c) C:\Windows\system32\sppsvc.exe

15:30:41.0054 5440 sppsvc - ok

15:30:41.0179 5440 sppuinotify (93d7d61317f3d4bc4f4e9f8a96a7de45) C:\Windows\system32\sppuinotify.dll

15:30:41.0179 5440 sppuinotify - ok

15:30:41.0241 5440 srv (441fba48bff01fdb9d5969ebc1838f0b) C:\Windows\system32\DRIVERS\srv.sys

15:30:41.0272 5440 srv - ok

15:30:41.0304 5440 srv2 (b4adebbf5e3677cce9651e0f01f7cc28) C:\Windows\system32\DRIVERS\srv2.sys

15:30:41.0319 5440 srv2 - ok

15:30:41.0335 5440 srvnet (27e461f0be5bff5fc737328f749538c3) C:\Windows\system32\DRIVERS\srvnet.sys

15:30:41.0350 5440 srvnet - ok

15:30:41.0382 5440 SSDPSRV (51b52fbd583cde8aa9ba62b8b4298f33) C:\Windows\System32\ssdpsrv.dll

15:30:41.0382 5440 SSDPSRV - ok

15:30:41.0413 5440 SstpSvc (ab7aebf58dad8daab7a6c45e6a8885cb) C:\Windows\system32\sstpsvc.dll

15:30:41.0413 5440 SstpSvc - ok

15:30:41.0522 5440 STacSV (444109453a2b87e6c16bcda5953e81a9) C:\Windows\System32\DriverStore\FileRepository\stwrt64.inf_amd64_neutral_afc3018f8cfedd20\STacSV64.exe

15:30:41.0522 5440 STacSV - ok

15:30:41.0553 5440 stexstor (f3817967ed533d08327dc73bc4d5542a) C:\Windows\system32\DRIVERS\stexstor.sys

15:30:41.0553 5440 stexstor - ok

15:30:41.0600 5440 STHDA (02e784fa49032f84964db90a3ed81890) C:\Windows\system32\DRIVERS\stwrt64.sys

15:30:41.0631 5440 STHDA - ok

15:30:41.0662 5440 StillCam (decacb6921ded1a38642642685d77dac) C:\Windows\system32\DRIVERS\serscan.sys

15:30:41.0662 5440 StillCam - ok

15:30:41.0709 5440 stisvc (8dd52e8e6128f4b2da92ce27402871c1) C:\Windows\System32\wiaservc.dll

15:30:41.0725 5440 stisvc - ok

15:30:41.0772 5440 swenum (d01ec09b6711a5f8e7e6564a4d0fbc90) C:\Windows\system32\drivers\swenum.sys

15:30:41.0772 5440 swenum - ok

15:30:41.0818 5440 swprv (e08e46fdd841b7184194011ca1955a0b) C:\Windows\System32\swprv.dll

15:30:41.0818 5440 swprv - ok

15:30:41.0881 5440 SynTP (3178b56219e0e4fb5f95299e49b83b44) C:\Windows\system32\DRIVERS\SynTP.sys

15:30:41.0896 5440 SynTP - ok

15:30:41.0990 5440 SysMain (bf9ccc0bf39b418c8d0ae8b05cf95b7d) C:\Windows\system32\sysmain.dll

15:30:42.0006 5440 SysMain - ok

15:30:42.0146 5440 TabletInputService (e3c61fd7b7c2557e1f1b0b4cec713585) C:\Windows\System32\TabSvc.dll

15:30:42.0146 5440 TabletInputService - ok

15:30:42.0177 5440 TapiSrv (40f0849f65d13ee87b9a9ae3c1dd6823) C:\Windows\System32\tapisrv.dll

15:30:42.0193 5440 TapiSrv - ok

15:30:42.0208 5440 TBS (1be03ac720f4d302ea01d40f588162f6) C:\Windows\System32\tbssvc.dll

15:30:42.0224 5440 TBS - ok

15:30:42.0333 5440 Tcpip (fc62769e7bff2896035aeed399108162) C:\Windows\system32\drivers\tcpip.sys

15:30:42.0411 5440 Tcpip - ok

15:30:42.0614 5440 TCPIP6 (fc62769e7bff2896035aeed399108162) C:\Windows\system32\DRIVERS\tcpip.sys

15:30:42.0630 5440 TCPIP6 - ok

15:30:42.0739 5440 tcpipreg (df687e3d8836bfb04fcc0615bf15a519) C:\Windows\system32\drivers\tcpipreg.sys

15:30:42.0739 5440 tcpipreg - ok

15:30:42.0770 5440 TDPIPE (3371d21011695b16333a3934340c4e7c) C:\Windows\system32\drivers\tdpipe.sys

15:30:42.0770 5440 TDPIPE - ok

15:30:42.0786 5440 TDTCP (51c5eceb1cdee2468a1748be550cfbc8) C:\Windows\system32\drivers\tdtcp.sys

15:30:42.0801 5440 TDTCP - ok

15:30:42.0832 5440 tdx (ddad5a7ab24d8b65f8d724f5c20fd806) C:\Windows\system32\DRIVERS\tdx.sys

15:30:42.0848 5440 tdx - ok

15:30:42.0879 5440 TermDD (561e7e1f06895d78de991e01dd0fb6e5) C:\Windows\system32\drivers\termdd.sys

15:30:42.0879 5440 TermDD - ok

15:30:42.0926 5440 TermService (2e648163254233755035b46dd7b89123) C:\Windows\System32\termsrv.dll

15:30:42.0926 5440 TermService - ok

15:30:42.0957 5440 Themes (f0344071948d1a1fa732231785a0664c) C:\Windows\system32\themeservice.dll

15:30:42.0957 5440 Themes - ok

15:30:42.0988 5440 THREADORDER (e40e80d0304a73e8d269f7141d77250b) C:\Windows\system32\mmcss.dll

15:30:42.0988 5440 THREADORDER - ok

15:30:43.0066 5440 TomTomHOMEService (efef22b9577e5051057fde1ae381b50c) C:\Program Files (x86)\TomTom HOME 2\TomTomHOMEService.exe

15:30:43.0066 5440 TomTomHOMEService - ok

15:30:43.0098 5440 TrkWks (7e7afd841694f6ac397e99d75cead49d) C:\Windows\System32\trkwks.dll

15:30:43.0113 5440 TrkWks - ok

15:30:43.0160 5440 TrustedInstaller (773212b2aaa24c1e31f10246b15b276c) C:\Windows\servicing\TrustedInstaller.exe

15:30:43.0160 5440 TrustedInstaller - ok

15:30:43.0191 5440 tssecsrv (ce18b2cdfc837c99e5fae9ca6cba5d30) C:\Windows\system32\DRIVERS\tssecsrv.sys

15:30:43.0191 5440 tssecsrv - ok

15:30:43.0254 5440 TsUsbFlt (d11c783e3ef9a3c52c0ebe83cc5000e9) C:\Windows\system32\drivers\tsusbflt.sys

15:30:43.0254 5440 TsUsbFlt - ok

15:30:43.0332 5440 tunnel (3566a8daafa27af944f5d705eaa64894) C:\Windows\system32\DRIVERS\tunnel.sys

15:30:43.0332 5440 tunnel - ok

15:30:43.0347 5440 uagp35 (b4dd609bd7e282bfc683cec7eaaaad67) C:\Windows\system32\DRIVERS\uagp35.sys

15:30:43.0347 5440 uagp35 - ok

15:30:43.0394 5440 udfs (ff4232a1a64012baa1fd97c7b67df593) C:\Windows\system32\DRIVERS\udfs.sys

15:30:43.0410 5440 udfs - ok

15:30:43.0441 5440 UI0Detect (3cbdec8d06b9968aba702eba076364a1) C:\Windows\system32\UI0Detect.exe

15:30:43.0441 5440 UI0Detect - ok

15:30:43.0472 5440 uliagpkx (4bfe1bc28391222894cbf1e7d0e42320) C:\Windows\system32\drivers\uliagpkx.sys

15:30:43.0488 5440 uliagpkx - ok

15:30:43.0628 5440 umbus (dc54a574663a895c8763af0fa1ff7561) C:\Windows\system32\drivers\umbus.sys

15:30:43.0644 5440 umbus - ok

15:30:43.0675 5440 UmPass (b2e8e8cb557b156da5493bbddcc1474d) C:\Windows\system32\DRIVERS\umpass.sys

15:30:43.0675 5440 UmPass - ok

15:30:43.0722 5440 upnphost (d47ec6a8e81633dd18d2436b19baf6de) C:\Windows\System32\upnphost.dll

15:30:43.0722 5440 upnphost - ok

15:30:43.0753 5440 usbccgp (6f1a3157a1c89435352ceb543cdb359c) C:\Windows\system32\DRIVERS\usbccgp.sys

15:30:43.0753 5440 usbccgp - ok

15:30:43.0800 5440 usbcir (af0892a803fdda7492f595368e3b68e7) C:\Windows\system32\drivers\usbcir.sys

15:30:43.0800 5440 usbcir - ok

15:30:43.0815 5440 usbehci (c025055fe7b87701eb042095df1a2d7b) C:\Windows\system32\DRIVERS\usbehci.sys

15:30:43.0815 5440 usbehci - ok

15:30:43.0846 5440 usbhub (287c6c9410b111b68b52ca298f7b8c24) C:\Windows\system32\DRIVERS\usbhub.sys

15:30:43.0862 5440 usbhub - ok

15:30:43.0878 5440 usbohci (9840fc418b4cbd632d3d0a667a725c31) C:\Windows\system32\drivers\usbohci.sys

15:30:43.0878 5440 usbohci - ok

15:30:43.0924 5440 usbprint (73188f58fb384e75c4063d29413cee3d) C:\Windows\system32\DRIVERS\usbprint.sys

15:30:43.0924 5440 usbprint - ok

15:30:43.0956 5440 usbscan (aaa2513c8aed8b54b189fd0c6b1634c0) C:\Windows\system32\DRIVERS\usbscan.sys

15:30:43.0956 5440 usbscan - ok

15:30:43.0987 5440 USBSTOR (fed648b01349a3c8395a5169db5fb7d6) C:\Windows\system32\drivers\USBSTOR.SYS

15:30:43.0987 5440 USBSTOR - ok

15:30:44.0002 5440 usbuhci (62069a34518bcf9c1fd9e74b3f6db7cd) C:\Windows\system32\DRIVERS\usbuhci.sys

15:30:44.0002 5440 usbuhci - ok

15:30:44.0049 5440 usbvideo (454800c2bc7f3927ce030141ee4f4c50) C:\Windows\System32\Drivers\usbvideo.sys

15:30:44.0049 5440 usbvideo - ok

15:30:44.0080 5440 UxSms (edbb23cbcf2cdf727d64ff9b51a6070e) C:\Windows\System32\uxsms.dll

15:30:44.0080 5440 UxSms - ok

15:30:44.0096 5440 VaultSvc (c118a82cd78818c29ab228366ebf81c3) C:\Windows\system32\lsass.exe

15:30:44.0096 5440 VaultSvc - ok

15:30:44.0127 5440 vdrvroot (c5c876ccfc083ff3b128f933823e87bd) C:\Windows\system32\drivers\vdrvroot.sys

15:30:44.0127 5440 vdrvroot - ok

15:30:44.0174 5440 vds (8d6b481601d01a456e75c3210f1830be) C:\Windows\System32\vds.exe

15:30:44.0190 5440 vds - ok

15:30:44.0221 5440 vga (da4da3f5e02943c2dc8c6ed875de68dd) C:\Windows\system32\DRIVERS\vgapnp.sys

15:30:44.0221 5440 vga - ok

15:30:44.0252 5440 VgaSave (53e92a310193cb3c03bea963de7d9cfc) C:\Windows\System32\drivers\vga.sys

15:30:44.0252 5440 VgaSave - ok

15:30:44.0283 5440 vhdmp (2ce2df28c83aeaf30084e1b1eb253cbb) C:\Windows\system32\drivers\vhdmp.sys

15:30:44.0283 5440 vhdmp - ok

15:30:44.0299 5440 viaide (e5689d93ffe4e5d66c0178761240dd54) C:\Windows\system32\drivers\viaide.sys

15:30:44.0299 5440 viaide - ok

15:30:44.0314 5440 volmgr (d2aafd421940f640b407aefaaebd91b0) C:\Windows\system32\drivers\volmgr.sys

15:30:44.0314 5440 volmgr - ok

15:30:44.0361 5440 volmgrx (a255814907c89be58b79ef2f189b843b) C:\Windows\system32\drivers\volmgrx.sys

15:30:44.0377 5440 volmgrx - ok

15:30:44.0392 5440 volsnap (0d08d2f3b3ff84e433346669b5e0f639) C:\Windows\system32\drivers\volsnap.sys

15:30:44.0408 5440 volsnap - ok

15:30:44.0455 5440 vsmraid (5e2016ea6ebaca03c04feac5f330d997) C:\Windows\system32\DRIVERS\vsmraid.sys

15:30:44.0455 5440 vsmraid - ok

15:30:44.0564 5440 VSS (b60ba0bc31b0cb414593e169f6f21cc2) C:\Windows\system32\vssvc.exe

15:30:44.0564 5440 VSS - ok

15:30:44.0704 5440 vwifibus (36d4720b72b5c5d9cb2b9c29e9df67a1) C:\Windows\system32\DRIVERS\vwifibus.sys

15:30:44.0704 5440 vwifibus - ok

15:30:44.0736 5440 vwififlt (6a3d66263414ff0d6fa754c646612f3f) C:\Windows\system32\DRIVERS\vwififlt.sys

15:30:44.0736 5440 vwififlt - ok

15:30:44.0767 5440 vwifimp (6a638fc4bfddc4d9b186c28c91bd1a01) C:\Windows\system32\DRIVERS\vwifimp.sys

15:30:44.0767 5440 vwifimp - ok

15:30:44.0798 5440 W32Time (1c9d80cc3849b3788048078c26486e1a) C:\Windows\system32\w32time.dll

15:30:44.0814 5440 W32Time - ok

15:30:44.0829 5440 WacomPen (4e9440f4f152a7b944cb1663d3935a3e) C:\Windows\system32\DRIVERS\wacompen.sys

15:30:44.0829 5440 WacomPen - ok

15:30:44.0876 5440 WANARP (356afd78a6ed4457169241ac3965230c) C:\Windows\system32\DRIVERS\wanarp.sys

15:30:44.0876 5440 WANARP - ok

15:30:44.0876 5440 Wanarpv6 (356afd78a6ed4457169241ac3965230c) C:\Windows\system32\DRIVERS\wanarp.sys

15:30:44.0876 5440 Wanarpv6 - ok

15:30:45.0001 5440 WatAdminSvc (3cec96de223e49eaae3651fcf8faea6c) C:\Windows\system32\Wat\WatAdminSvc.exe

15:30:45.0048 5440 WatAdminSvc - ok

15:30:45.0141 5440 wbengine (78f4e7f5c56cb9716238eb57da4b6a75) C:\Windows\system32\wbengine.exe

15:30:45.0204 5440 wbengine - ok

15:30:45.0344 5440 WbioSrvc (3aa101e8edab2db4131333f4325c76a3) C:\Windows\System32\wbiosrvc.dll

15:30:45.0344 5440 WbioSrvc - ok

15:30:45.0391 5440 wcncsvc (7368a2afd46e5a4481d1de9d14848edd) C:\Windows\System32\wcncsvc.dll

15:30:45.0422 5440 wcncsvc - ok

15:30:45.0438 5440 WcsPlugInService (20f7441334b18cee52027661df4a6129) C:\Windows\System32\WcsPlugInService.dll

15:30:45.0438 5440 WcsPlugInService - ok

15:30:45.0469 5440 Wd (72889e16ff12ba0f235467d6091b17dc) C:\Windows\system32\DRIVERS\wd.sys

15:30:45.0469 5440 Wd - ok

15:30:45.0500 5440 Wdf01000 (441bd2d7b4f98134c3a4f9fa570fd250) C:\Windows\system32\drivers\Wdf01000.sys

15:30:45.0531 5440 Wdf01000 - ok

15:30:45.0547 5440 WdiServiceHost (bf1fc3f79b863c914687a737c2f3d681) C:\Windows\system32\wdi.dll

15:30:45.0547 5440 WdiServiceHost - ok

15:30:45.0562 5440 WdiSystemHost (bf1fc3f79b863c914687a737c2f3d681) C:\Windows\system32\wdi.dll

15:30:45.0562 5440 WdiSystemHost - ok

15:30:45.0609 5440 WebClient (3db6d04e1c64272f8b14eb8bc4616280) C:\Windows\System32\webclnt.dll

15:30:45.0609 5440 WebClient - ok

15:30:45.0640 5440 Wecsvc (c749025a679c5103e575e3b48e092c43) C:\Windows\system32\wecsvc.dll

15:30:45.0656 5440 Wecsvc - ok

15:30:45.0672 5440 wercplsupport (7e591867422dc788b9e5bd337a669a08) C:\Windows\System32\wercplsupport.dll

15:30:45.0672 5440 wercplsupport - ok

15:30:45.0687 5440 WerSvc (6d137963730144698cbd10f202e9f251) C:\Windows\System32\WerSvc.dll

15:30:45.0703 5440 WerSvc - ok

15:30:45.0765 5440 WfpLwf (611b23304bf067451a9fdee01fbdd725) C:\Windows\system32\DRIVERS\wfplwf.sys

15:30:45.0765 5440 WfpLwf - ok

15:30:45.0796 5440 WimFltr (b14ef15bd757fa488f9c970eee9c0d35) C:\Windows\system32\DRIVERS\wimfltr.sys

15:30:45.0812 5440 WimFltr - ok

15:30:45.0812 5440 WIMMount (05ecaec3e4529a7153b3136ceb49f0ec) C:\Windows\system32\drivers\wimmount.sys

15:30:45.0828 5440 WIMMount - ok

15:30:45.0843 5440 WinDefend - ok

15:30:45.0859 5440 WinHttpAutoProxySvc - ok

15:30:45.0906 5440 Winmgmt (19b07e7e8915d701225da41cb3877306) C:\Windows\system32\wbem\WMIsvc.dll

15:30:45.0906 5440 Winmgmt - ok

15:30:46.0015 5440 WinRM (bcb1310604aa415c4508708975b3931e) C:\Windows\system32\WsmSvc.dll

15:30:46.0093 5440 WinRM - ok

15:30:46.0280 5440 Wlansvc (4fada86e62f18a1b2f42ba18ae24e6aa) C:\Windows\System32\wlansvc.dll

15:30:46.0327 5440 Wlansvc - ok

15:30:46.0514 5440 wlidsvc (7e47c328fc4768cb8beafbcfafa70362) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE

15:30:46.0530 5440 wlidsvc - ok

15:30:46.0576 5440 wltrysvc (13b0a570e1ae451c92da550085d72cf3) C:\Program Files\Dell\Dell Wireless WLAN Card\WLTRYSVC.EXE

15:30:46.0576 5440 wltrysvc - ok

15:30:46.0686 5440 WmiAcpi (f6ff8944478594d0e414d3f048f0d778) C:\Windows\system32\drivers\wmiacpi.sys

15:30:46.0686 5440 WmiAcpi - ok

15:30:46.0748 5440 wmiApSrv (38b84c94c5a8af291adfea478ae54f93) C:\Windows\system32\wbem\WmiApSrv.exe

15:30:46.0748 5440 wmiApSrv - ok

15:30:46.0779 5440 WMPNetworkSvc - ok

15:30:46.0795 5440 WPCSvc (96c6e7100d724c69fcf9e7bf590d1dca) C:\Windows\System32\wpcsvc.dll

15:30:46.0795 5440 WPCSvc - ok

15:30:46.0826 5440 WPDBusEnum (93221146d4ebbf314c29b23cd6cc391d) C:\Windows\system32\wpdbusenum.dll

15:30:46.0826 5440 WPDBusEnum - ok

15:30:46.0842 5440 ws2ifsl (6bcc1d7d2fd2453957c5479a32364e52) C:\Windows\system32\drivers\ws2ifsl.sys

15:30:46.0842 5440 ws2ifsl - ok

15:30:46.0873 5440 wscsvc (e8b1fe6669397d1772d8196df0e57a9e) C:\Windows\System32\wscsvc.dll

15:30:46.0873 5440 wscsvc - ok

15:30:46.0888 5440 WSearch - ok

15:30:47.0029 5440 wuauserv (9df12edbc698b0bc353b3ef84861e430) C:\Windows\system32\wuaueng.dll

15:30:47.0044 5440 wuauserv - ok

15:30:47.0154 5440 WudfPf (d3381dc54c34d79b22cee0d65ba91b7c) C:\Windows\system32\drivers\WudfPf.sys

15:30:47.0154 5440 WudfPf - ok

15:30:47.0185 5440 WUDFRd (cf8d590be3373029d57af80914190682) C:\Windows\system32\DRIVERS\WUDFRd.sys

15:30:47.0200 5440 WUDFRd - ok

15:30:47.0232 5440 wudfsvc (7a95c95b6c4cf292d689106bcae49543) C:\Windows\System32\WUDFSvc.dll

15:30:47.0232 5440 wudfsvc - ok

15:30:47.0263 5440 WwanSvc (9a3452b3c2a46c073166c5cf49fad1ae) C:\Windows\System32\wwansvc.dll

15:30:47.0263 5440 WwanSvc - ok

15:30:47.0310 5440 yukonw7 (79d9ce9614c955dd31aa2556b4014662) C:\Windows\system32\DRIVERS\yk62x64.sys

15:30:47.0325 5440 yukonw7 - ok

15:30:47.0341 5440 MBR (0x1B8) (5c616939100b85e558da92b899a0fc36) \Device\Harddisk0\DR0

15:30:47.0450 5440 \Device\Harddisk0\DR0 - ok

15:30:47.0466 5440 Boot (0x1200) (ce1660b4a78827026eab557be1bfe095) \Device\Harddisk0\DR0\Partition0

15:30:47.0466 5440 \Device\Harddisk0\DR0\Partition0 - ok

15:30:47.0466 5440 Boot (0x1200) (ab9b8cb3f69a4be35751de4eb1fd0cbd) \Device\Harddisk0\DR0\Partition1

15:30:47.0481 5440 \Device\Harddisk0\DR0\Partition1 - ok

15:30:47.0481 5440 ============================================================

15:30:47.0481 5440 Scan finished

15:30:47.0481 5440 ============================================================

15:30:47.0481 5428 Detected object count: 0

15:30:47.0481 5428 Actual detected object count: 0

15:30:54.0782 4224 Deinitialize success

[Elise]

Hello again,

COMBOFIX

---------------

Please download ComboFix from one of these locations:

• 
  

Bleepingcomputer
ForoSpyware

• Disable your AntiVirus and AntiSpyware applications, usually via a right click on the System Tray icon. They may otherwise interfere with our tools. (Click on this link to see a list of programs that should be disabled. The list is not all inclusive.)
  
• Double click on Combofix.exe and follow the prompts.
  
• As part of it's process, ComboFix will check to see if the Microsoft Windows Recovery Console is installed. With malware infections being as they are today, it's strongly recommended to have this pre-installed on your machine before doing any malware removal. It will allow you to boot up into a special recovery/repair mode that will allow us to more easily help you should your computer have a problem after an attempted removal of malware.
  
• Follow the prompts to allow ComboFix to download and install the Microsoft Windows Recovery Console, and when prompted, agree to the End-User License Agreement to install the Microsoft Windows Recovery Console.
  

**Please note: If the Microsoft Windows Recovery Console is already installed, or if you are running Vista, ComboFix will continue it's malware removal procedures.

Once the Microsoft Windows Recovery Console is installed using ComboFix, you should see the following message:

Click on Yes, to continue scanning for malware.

When finished, it shall produce a log for you. Please include the C:\Combofix.txt in your next reply.

[ms2187]

I ran ComboFix. (It did not need to install the recovery console.) Unfortunately, after ComboFix finished and then rebooted, I cannot run any executables... anything I try to run (iexplore.exe, exporer.exe) gives me an error message "Illegal operation attempted on a registry key that has been marked for deletion".

I did manage to copy the ComboFix log to my network so I could post from another system (I was able to get a Windows Explorer instance running by typing "C:\" directly in the run box rather than trying to run explorer.exe), and it is below.

Thanks again,

Mike

**********************************

ComboFix 12-04-28.01 - Iren 04/28/2012 15:59:20.1.2 - x64

Microsoft Windows 7 Home Premium 6.1.7601.1.1252.1.1033.18.4056.2397 [GMT -4:00]

Running from: c:\users\Iren\Desktop\ComboFix.exe

AV: GFI Software VIPRE *Disabled/Updated* {445B48C3-0FA4-6B16-8F07-6506F305D800}

SP: GFI Software VIPRE *Disabled/Updated* {FF3AA927-299E-6498-B5B7-5E74888292BD}

SP: Windows Defender *Disabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

* Created a new restore point

.

.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))

.

.

c:\programdata\aHelTFbukWq.exe

c:\programdata\PCDr\5907\Downloads\15fc9c67-6e4d-42b6-b215-fee7bb01b1c7.dll

c:\programdata\UHlOxCC7Mprf8K

c:\programdata\UHlOxCC7Mprf8K.exe

c:\users\Iren\AppData\Local\Temp\1D7F.tmp

c:\windows\SysWow64\bdaplgin.ax

c:\windows\SysWow64\cero.rs

c:\windows\SysWow64\csrr.rs

c:\windows\SysWow64\esrb.rs

c:\windows\SysWow64\g711codc.ax

c:\windows\SysWow64\grb.rs

c:\windows\SysWow64\iac25_32.ax

c:\windows\SysWow64\ir41_32.ax

c:\windows\SysWow64\ivfsrc.ax

c:\windows\SysWow64\ksproxy.ax

c:\windows\SysWow64\kstvtune.ax

c:\windows\SysWow64\Kswdmcap.ax

c:\windows\SysWow64\ksxbar.ax

c:\windows\SysWow64\Mpeg2Data.ax

c:\windows\SysWow64\mpg2splt.ax

c:\windows\SysWow64\MSDvbNP.ax

c:\windows\SysWow64\MSNP.ax

c:\windows\SysWow64\oflc.rs

c:\windows\SysWow64\pegi-fi.rs

c:\windows\SysWow64\pegi-pt.rs

c:\windows\SysWow64\pegi.rs

c:\windows\SysWow64\pegibbfc.rs

c:\windows\SysWow64\psisrndr.ax

c:\windows\SysWow64\usk.rs

c:\windows\SysWow64\VBICodec.ax

c:\windows\SysWow64\vbisurf.ax

c:\windows\SysWow64\vidcap.ax

c:\windows\SysWow64\WEB.rs

c:\windows\SysWow64\WSTPager.ax

.

.

((((((((((((((((((((((((( Files Created from 2012-03-28 to 2012-04-28 )))))))))))))))))))))))))))))))

.

.

2012-04-28 20:03 . 2012-04-28 20:03 -------- d-----w- c:\users\Default\AppData\Local\temp

2012-04-28 03:26 . 2012-04-28 03:26 -------- d--h--w- c:\users\Iren\AppData\Roaming\Malwarebytes

2012-04-28 03:26 . 2012-04-28 03:26 -------- d-----w- c:\program files (x86)\Malwarebytes' Anti-Malware

2012-04-28 03:26 . 2012-04-28 03:26 -------- d--h--w- c:\programdata\Malwarebytes

2012-04-28 03:26 . 2012-04-04 19:56 24904 ----a-w- c:\windows\system32\drivers\mbam.sys

2012-04-13 07:03 . 2012-03-06 06:53 5559152 ----a-w- c:\windows\system32\ntoskrnl.exe

2012-04-13 07:03 . 2012-03-06 05:59 3968368 ----a-w- c:\windows\SysWow64\ntkrnlpa.exe

2012-04-13 07:03 . 2012-03-06 05:59 3913072 ----a-w- c:\windows\SysWow64\ntoskrnl.exe

2012-04-13 07:00 . 2012-03-01 06:46 23408 ----a-w- c:\windows\system32\drivers\fs_rec.sys

2012-04-13 07:00 . 2012-03-01 06:33 81408 ----a-w- c:\windows\system32\imagehlp.dll

2012-04-13 07:00 . 2012-03-01 05:33 159232 ----a-w- c:\windows\SysWow64\imagehlp.dll

2012-04-13 07:00 . 2012-03-01 05:37 172544 ----a-w- c:\windows\SysWow64\wintrust.dll

2012-04-13 07:00 . 2012-03-01 06:38 220672 ----a-w- c:\windows\system32\wintrust.dll

2012-04-13 07:00 . 2012-03-01 06:28 5120 ----a-w- c:\windows\system32\wmi.dll

2012-04-13 07:00 . 2012-03-01 05:29 5120 ----a-w- c:\windows\SysWow64\wmi.dll

.

.

.

(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))

.

2012-02-17 06:38 . 2012-03-14 18:01 1031680 ----a-w- c:\windows\system32\rdpcore.dll

2012-02-17 05:34 . 2012-03-14 18:01 826880 ----a-w- c:\windows\SysWow64\rdpcore.dll

2012-02-17 04:58 . 2012-03-14 18:01 210944 ----a-w- c:\windows\system32\drivers\rdpwd.sys

2012-02-17 04:57 . 2012-03-14 18:01 23552 ----a-w- c:\windows\system32\drivers\tdtcp.sys

2012-02-10 06:36 . 2012-03-14 18:02 1544192 ----a-w- c:\windows\system32\DWrite.dll

2012-02-10 05:38 . 2012-03-14 18:02 1077248 ----a-w- c:\windows\SysWow64\DWrite.dll

2012-02-07 15:02 . 2012-02-07 15:02 1070352 ----a-w- c:\windows\SysWow64\MSCOMCTL.OCX

2012-02-03 04:34 . 2012-03-14 18:02 3145728 ----a-w- c:\windows\system32\win32k.sys

.

.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))

.

.

*Note* empty entries & legit default entries are not shown

REGEDIT4

.

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"TomTomHOME.exe"="c:\program files (x86)\TomTom HOME 2\TomTomHOMERunner.exe" [2011-04-22 247728]

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]

"Adobe Reader Speed Launcher"="c:\program files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2009-02-27 35696]

"PDVDDXSrv"="c:\program files (x86)\CyberLink\PowerDVD DX\PDVDDXSrv.exe" [2009-06-25 140520]

"Dell Webcam Central"="c:\program files (x86)\Dell Webcam\Dell Webcam Central\WebcamDell2.exe" [2009-06-24 409744]

"Desktop Disc Tool"="c:\program files (x86)\Roxio\Roxio Burn\RoxioBurnLauncher.exe" [2009-06-19 494064]

"HP Software Update"="c:\program files (x86)\HP\HP Software Update\HPWuSchd2.exe" [2007-05-08 54840]

"SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe" [2011-06-09 254696]

"SBAMTray"="c:\program files (x86)\GFI Software\VIPRE\SBAMTray.exe" [2011-11-01 3045744]

"Malwarebytes' Anti-Malware"="c:\program files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe" [2012-04-04 462408]

.

c:\users\Iren\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\

Dell Dock.lnk - c:\program files\Dell\DellDock\DellDock.exe [2009-9-21 1316192]

.

c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\

HP Digital Imaging Monitor.lnk - c:\program files (x86)\HP\Digital Imaging\bin\hpqtra08.exe [2009-5-21 275768]

.

c:\users\Default User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\

Dell Dock First Run.lnk - c:\program files\Dell\DellDock\DellDock.exe [2009-9-21 1316192]

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]

"ConsentPromptBehaviorAdmin"= 5 (0x5)

"ConsentPromptBehaviorUser"= 3 (0x3)

"EnableUIADesktopToggle"= 0 (0x0)

.

[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\drivers32]

"mixer"=wdmaud.drv

.

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]

Security Packages REG_MULTI_SZ kerberos msv1_0 schannel wdigest tspkg pku2u livessp

.

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MCODS]

@=""

.

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\SBAMSvc]

@="Service"

.

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\SBPIMSvc]

@="Service"

.

R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]

R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]

R3 BBSvc;Bing Bar Update Service;c:\program files (x86)\Microsoft\BingBar\BBSvc.EXE [2011-07-07 195336]

R3 PCDSRVC{1E208CE0-FB7451FF-06020101}_0;PCDSRVC{1E208CE0-FB7451FF-06020101}_0 - PCDR Kernel Mode Service Helper Driver;c:\program files\dell support center\pcdsrvc_x64.pkms [2012-04-10 25072]

R3 sbwtis;sbwtis;c:\windows\system32\DRIVERS\sbwtis.sys [x]

R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [x]

R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe [x]

S0 PxHlpa64;PxHlpa64;c:\windows\System32\Drivers\PxHlpa64.sys [x]

S1 SBRE;SBRE;c:\windows\system32\drivers\SBREdrv.sys [2011-10-26 57976]

S1 vwififlt;Virtual WiFi Filter Driver;c:\windows\system32\DRIVERS\vwififlt.sys [x]

S2 BBUpdate;BBUpdate;c:\program files (x86)\Microsoft\BingBar\SeaPort.EXE [2011-06-15 249648]

S2 DockLoginService;Dock Login Service;c:\program files\Dell\DellDock\DockLogin.exe [2009-06-09 155648]

S2 MBAMService;MBAMService;c:\program files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [2012-04-04 654408]

S2 McciCMService64;McciCMService64;c:\program files\Common Files\Motive\McciCMService.exe [2009-09-03 517632]

S2 McciServiceHost;McciServiceHost;c:\program files (x86)\Common Files\Motive\McciServiceHost.exe [2009-09-15 299008]

S2 SBAMSvc;VIPRE Antivirus;c:\program files (x86)\GFI Software\VIPRE\SBAMSvc.exe [2011-11-01 3287472]

S2 sbapifs;sbapifs;c:\windows\system32\DRIVERS\sbapifs.sys [x]

S2 SBPIMSvc;SB Recovery Service;c:\program files (x86)\GFI Software\VIPRE\SBPIMSvc.exe [2011-11-01 173424]

S2 SftService;SoftThinks Agent Service;c:\program files (x86)\Dell DataSafe Local Backup\sftservice.EXE [2010-08-20 689472]

S2 TomTomHOMEService;TomTomHOMEService;c:\program files (x86)\TomTom HOME 2\TomTomHOMEService.exe [2011-04-22 92592]

S3 CtClsFlt;Creative Camera Class Upper Filter Driver;c:\windows\system32\DRIVERS\CtClsFlt.sys [x]

S3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [x]

S3 RSUSBSTOR;RtsUStor.Sys Realtek USB Card Reader;c:\windows\system32\Drivers\RtsUStor.sys [x]

S3 vwifimp;Microsoft Virtual WiFi Miniport Service;c:\windows\system32\DRIVERS\vwifimp.sys [x]

S3 yukonw7;NDIS6.2 Miniport Driver for Marvell Yukon Ethernet Controller;c:\windows\system32\DRIVERS\yk62x64.sys [x]

.

.

--- Other Services/Drivers In Memory ---

.

*NewlyCreated* - WS2IFSL

.

[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\svchost]

hpdevmgmt REG_MULTI_SZ hpqcxs08 hpqddsvc

.

Contents of the 'Scheduled Tasks' folder

.

2012-04-21 c:\windows\Tasks\PCDoctorBackgroundMonitorTask.job

- c:\program files\Dell Support Center\uaclauncher.exe [2012-04-13 06:11]

.

2012-04-28 c:\windows\Tasks\SystemToolsDailyTest.job

- c:\program files\Dell Support Center\uaclauncher.exe [2012-04-13 06:11]

.

.

--------- x86-64 -----------

.

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"SysTrayApp"="c:\program files\IDT\WDM\sttray64.exe" [2009-06-29 444416]

"IgfxTray"="c:\windows\system32\igfxtray.exe" [2009-06-30 165912]

"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2009-06-30 385560]

"Persistence"="c:\windows\system32\igfxpers.exe" [2009-06-30 365080]

"Broadcom Wireless Manager UI"="c:\program files\Dell\Dell Wireless WLAN Card\WLTRAY.exe" [2009-07-17 4968960]

"QuickSet"="c:\program files\Dell\QuickSet\QuickSet.exe" [2009-07-02 3180624]

"IAAnotif"="c:\program files (x86)\Intel\Intel Matrix Storage Manager\iaanotif.exe" [2009-06-05 186904]

"ATT-SST_McciTrayApp"="c:\program files\ATT-SST\McciTrayApp.exe" [2009-09-15 3444736]

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]

"LoadAppInit_DLLs"=0x0

.

------- Supplementary Scan -------

.

uLocal Page = c:\windows\system32\blank.htm

mLocal Page = c:\windows\SysWOW64\blank.htm

IE: E&xport to Microsoft Excel - c:\progra~2\MICROS~1\Office12\EXCEL.EXE/3000

TCP: DhcpNameServer = 172.16.0.1

.

- - - - ORPHANS REMOVED - - - -

.

Toolbar-Locked - (no file)

Wow6432Node-HKCU-Run-aHelTFbukWq.exe - c:\programdata\aHelTFbukWq.exe

Wow6432Node-HKLM-Run-DellSupportCenter - c:\program files (x86)\Dell Support Center\bin\sprtcmd.exe

Toolbar-Locked - (no file)

HKLM-Run-SynTPEnh - c:\program files (x86)\Synaptics\SynTP\SynTPEnh.exe

AddRemove-Yahoo! Mail - c:\windows\system32\regsvr32

.

.

.

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\PCDSRVC{1E208CE0-FB7451FF-06020101}_0]

"ImagePath"="\??\c:\program files\dell support center\pcdsrvc_x64.pkms"

.

--------------------- LOCKED REGISTRY KEYS ---------------------

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]

@Denied: (A 2) (Everyone)

@="FlashBroker"

"LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil10l_ActiveX.exe,-101"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]

"Enabled"=dword:00000001

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]

@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil10l_ActiveX.exe"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]

@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]

@Denied: (A 2) (Everyone)

@="Shockwave Flash Object"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]

@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10l.ocx"

"ThreadingModel"="Apartment"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]

@="0"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]

@="ShockwaveFlash.ShockwaveFlash.10"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]

@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10l.ocx, 1"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]

@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]

@="1.0"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]

@="ShockwaveFlash.ShockwaveFlash"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]

@Denied: (A 2) (Everyone)

@="Macromedia Flash Factory Object"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]

@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10l.ocx"

"ThreadingModel"="Apartment"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]

@="FlashFactory.FlashFactory.1"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]

@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10l.ocx, 1"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]

@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]

@="1.0"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]

@="FlashFactory.FlashFactory"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]

@Denied: (A 2) (Everyone)

@="IFlashBroker4"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]

@="{00020424-0000-0000-C000-000000000046}"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]

@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"

"Version"="1.0"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\McAfee]

"SymbolicLinkValue"=hex(6):5c,00,72,00,65,00,67,00,69,00,73,00,74,00,72,00,79,

00,5c,00,6d,00,61,00,63,00,68,00,69,00,6e,00,65,00,5c,00,53,00,6f,00,66,00,\

.

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]

@Denied: (Full) (Everyone)

.

------------------------ Other Running Processes ------------------------

.

c:\program files (x86)\Common Files\Motive\McciCMService.exe

c:\program files (x86)\Intel\Intel Matrix Storage Manager\IAANTMon.exe

.

**************************************************************************

.

Completion time: 2012-04-28 16:11:28 - machine was rebooted

ComboFix-quarantined-files.txt 2012-04-28 20:11

.

Pre-Run: 440,916,824,064 bytes free

Post-Run: 440,772,362,240 bytes free

.

- - End Of File - - D0E6D3D6145846C9FF437A7276E8166D

[Elise]

Restart your computer once, that should fix the problem. Afterwards, let me know how everything is running and what problems you still have.

[ms2187]

Hi Elise,

Everything looks good after a reboot -- I am not seeing any problems. If anything does come up I will post about it here.

Thank you so, so much for your help!

Mike

[Elise]

Lets make sure important software is up to date as well and do a last scan to be sure.

Your version of Adobe Reader is out of date. Older versions have vulnerabilities that malicious sites can use to exploit and infect your system. Please follow these steps to remove older version Adobe components and update:

• Download the latest version of Adobe Reader Version X. and save it to your desktop.
  
• Uncheck the "Free McAfee Security plan Plus" option or any other Toolbar you are offered
  
• Click the download button at the bottom.
  
• If you use Internet Explorer and do not wish to install the ActiveX element, simply click on the click here to download link on the next page.
  
• Remove all older version of Adobe Reader: Go to Add/remove and uninstall all versions of Adobe Reader, Acrobat Reader and Adobe Acrobat.
  If you are unsure of how to use Add or Remove Programs, the please see this tutorial:How To Remove An Installed Program From Your Computer
  
• Then from your desktop double-click on Adobe Reader to install the newest version.
  If using Windows Vista and the installer refuses to launch due to insufficient user permissions, then Run As Administrator.
  
• When the "Adobe Setup - Welcome" window opens, click the Install > button.
  
• If offered to install a Toolbar, just uncheck the box before continuing unless you want it.
  

Your Adobe Reader is now up to date!

Your version of Java is out of date. Older versions have vulnerabilities that malicious sites can use to exploit and infect your system.

• Download the latest version of Java Runtime Environment (JRE) Version 7u3.
  
• Look for "JDK 7u3 (JDK or JRE).
  
• Click the "Download JRE" button at the right.
  
• Read the License Agreement, and then check the box that says: "Accept License Agreement".
  
  • Select "Windows x86 Offline" and click on jre-7-windows-i586.exe
    

  [*]Save it to your desktop

  [*]Close any programs you may have running - especially your web browser.

  [*]Uninstall all older versions of Java (any item with Java Runtime Environment, JRE or J2SE in the name).

  [*]Reboot your computer once all Java components are removed.

  [*]Install the newest version by double clicking (run as Administrator for Windows Vista/Seven) the downloaded file.

ESET ONLINE SCANNER

----------------------------

I'd like us to scan your machine with ESET OnlineScan

1. Hold down Control and click on this link to open ESET OnlineScan in a new window.
   
2. Click the button.
   
3. For alternate browsers only: (Microsoft Internet Explorer users can skip these steps)
   1. 
      
   2. Click on esetsmartinstaller_enu.exe to download the ESET Smart Installer. Save it to your desktop.
      
   3. Double click on the
      icon on your desktop.
      
      
   4. Check "YES, I accept the Terms of Use."
      
   5. Click the Start button.
      
   6. Accept any security warnings from your browser.
      
   7. Under scan settings, check "Scan Archives" and "Remove found threats"
      
   8. Click Advanced settings and select the following:
      • Scan potentially unwanted applications
        
      • Scan for potentially unsafe applications
        
      • Enable Anti-Stealth technology

[*]ESET will then download updates for itself, install itself, and begin scanning your computer. Please be patient as this can take some time.

[*]When the scan completes, click List Threats

[*]Click Export, and save the file to your desktop using a unique name, such as ESETScan. Include the contents of this report in your next reply.

[*]Click the Back button.

[*]Click the Finish button.

[ms2187]

Hi Elise,

Before I logged into the forums this morning, I dug around in the Vipre AV/AM application, and it showed that an infected PDF was detected a few days ago, and that was the source of the infection. I guess I'm facing a training issue... since it appears that the AV software did detect the threat... but my mother-in-law proceeded to do it anyway. I've adjusted the settings so she won't have a choice next time. But at any rate, at that point I looked for, and installed, the latest version of Adobe Reader... and then logged in to find that you suggested that very thing.

I did go ahead and download Java 7u4... haven't installed it yet, but I will shortly.

ESET did find a few more things -- the log is below.

Thanks again for your help!

Mike

********************************

C:\Program Files (x86)\Dell DataSafe Local Backup\hstart.exe a variant of Win32/HiddenStart.A application cleaned by deleting - quarantined

C:\Program Files (x86)\Dell DataSafe Local Backup\Components\DSUpdate\hstart.exe a variant of Win32/HiddenStart.A application cleaned by deleting - quarantined

C:\Program Files (x86)\Dell DataSafe Local Backup\Components\DSUpdate\UpdateWorkingDirectory\DSL\hstart.exe a variant of Win32/HiddenStart.A application cleaned by deleting - quarantined

C:\Program Files (x86)\Dell DataSafe Local Backup\Components\DSUpdate\UpdateWorkingDirectory\DSL\Components\DSUpdate\hstart.exe a variant of Win32/HiddenStart.A application cleaned by deleting - quarantined

C:\Qoobox\Quarantine\C\ProgramData\aHelTFbukWq.exe.vir a variant of Win32/Kryptik.AEUX trojan cleaned by deleting - quarantined

C:\Qoobox\Quarantine\C\ProgramData\UHlOxCC7Mprf8K.exe.vir a variant of Win32/Kryptik.AEUX trojan cleaned by deleting - quarantined

C:\Users\Iren\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\42\257a49ea-2e1a53a7 Java/TrojanDownloader.Agent.NDR trojan deleted - quarantined

C:\Users\Iren\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\42\292bd32a-617c3e25 multiple threats deleted - quarantined

[Elise]

Hi, if you have the pdf file, could you upload it to http://www.bleepingcomputer.com/submit-malware.php?channel=105

ALL CLEAN

--------------

Your machine appears to be clean, please take the time to read below on how to secure the machine and take the necessary steps to keep it clean

Please do the following to remove the remaining programs from your PC:

• Delete the tools used during the disinfection:
  • Click start > run and type combofix /uninstall, press enter. This will remove Combofix from your computer.
    

Please read these advices, in order to prevent reinfecting your PC:

1. Install and update the following programs regularly:
   • an outbound firewall. If you are connected to the internet through a router, you are already behind a hardware firewall and as such you do not need an extra software firewall.
     A comprehensive tutorial and a list of possible firewalls can be found here.
     
   • an AntiVirus Software
     It is imperative that you update your AntiVirus Software on regular basis.If you do not update your AntiVirus Software then it will not be able to catch the latest threats.
     
   • an Anti-Spyware program
     Malware Byte's Anti Malware is an excellent Anti-Spyware scanner. It's scan times are usually under ten minutes, and has excellent detection and removal rates.
     SUPERAntiSpyware is another good scanner with high detection and removal rates.
     Both programs are free for non commercial home use but provide a resident and do not nag if you purchase the paid versions.
     
   • Spyware Blaster
     A tutorial for Spywareblaster can be found here. If you wish, the commercial version provides automatic updating.
     

[*]Keep Windows (and your other Microsoft software) up to date!

I cannot stress how important this is enough. Often holes are found in Internet Explorer or Windows itself that require patching. Sometimes these holes will allow an attacker unrestricted access to your computer.

Therefore, please, visit the Microsoft Update Website and follow the on screen instructions to setup Microsoft Update. Also follow the instructions to update your system. Please REBOOT and repeat this process until there are no more updates to install!!

[*]Keep your other software up to date as well

Software does not need to be made by Microsoft to be insecure. You can use the Secunia Online Software occasionally to help you check for out of date software on yourmachine.

[*]Stay up to date!

The MOST IMPORTANT part of any security setup is keeping the software up to date. Malware writers release new variants every single day. If your software updates don't keep up, then the malware will always be one step ahead. Not a good thing.

Some more links you might find of interest:

• Miekies' prevention suggestions
  
• So How did I get infected?
  
• Microsoft - 'Security at home'
  
• Calendar of Updates: See which updates have been released.
  
• How to backup your Data with Cobian Backup:because you never know, when your harddisk might fail :wink:
  
• Commonly Used Freeware Replacements: a nice list of freeware programs in all categories, that are regarded as useful by the users of this forum.
  
• osalt: Find (free) open source alternatives to known commercial software.

Please reply to this topic if you have read the above information. If your computer is working fine, this topic will be closed afterwards.

[ms2187]

Hi Elise,

I have read all of the notes in your post, thank you for the information. I will pass these items on to my mother-in-law and make sure she understands the importance of keeping these items up-to-date.

Once again, thank you so much for your help!

Thanks,

Mike

[Elise]

You are most welcome Mike!

I will request this topic to be closed.

[ms2187]

Oh, and unfortunately I emptied the quarantined files, so I no longer have a copy of the PDF that started this mess. Sorry about that!

Mike

[Elise]

No problem!

[Maurice Naggar]

Glad we could help.

If you need this topic reopened, please send a Private Message to any one of the moderating team members. Please include a link to this thread with your request. This applies only to the originator of this thread.

Other members who need assistance please start your own topic in a new thread. Thanks!