Jump to content

Recommended Posts

Hi,

An "FBI" Virus has locked down my desktop (Windows Vista OS) as of today. I am currently in SafeMode with Networking while writing this.

I successfully updated Malwarebytes Anti-Malware PRO, today, and the result was No Threats Found. The log is attached. mbam-log-2012-07-03 (07-31-56).txt

The other two attachments are from running DDS.COM which I read to do on another post.

attach.txt

dds.txt

Please let me know what else you need. Thanks, Mindy

Link to post
Share on other sites

Here is the result of MBAM full scan. Thanks.

_____________________________________

Malwarebytes Anti-Malware (PRO) 1.61.0.1400

www.malwarebytes.org

Database version: v2012.07.03.04

Windows Vista Service Pack 2 x64 NTFS (Safe Mode/Networking)

Internet Explorer 9.0.8112.16421

Mindy :: HOME-PC [administrator]

Protection: Disabled

7/3/2012 7:39:04 AM

mbam-log-2012-07-03 (07-39-04).txt

Scan type: Full scan

Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM | P2P

Scan options disabled:

Objects scanned: 502599

Time elapsed: 1 hour(s), 34 minute(s), 50 second(s)

Memory Processes Detected: 0

(No malicious items detected)

Memory Modules Detected: 0

(No malicious items detected)

Registry Keys Detected: 0

(No malicious items detected)

Registry Values Detected: 0

(No malicious items detected)

Registry Data Items Detected: 0

(No malicious items detected)

Folders Detected: 0

(No malicious items detected)

Files Detected: 0

(No malicious items detected)

(end)

Link to post
Share on other sites

  • Staff

Hi and welcome to Malwarebytes.

Can you elaborate on what you mean by "FBI virus?"

In the future, please post all logs directly into your reply instead of attaching them unless otherwise indicated. With that said, please update MBAM, run a Quick Scan, and post its log.

Next, run DDS again and post DDS.txt directly in your reply.

Link to post
Share on other sites

Thank you for your reply. Sorry about posting those files.

This "FBI Virus" filled up the laptop screen as hubby downloaded a small file from internet. The "virus" refers to Federal Bureau of Investigations, turns on the webcam and states it is recording the user, then warns toward bottom how we need to pay $100. I didn't read it entirely since I knew it was a scam/virus. All processes looked familiar under Task Manager so proceeded to Safe Mode with Networking to run MBAM, as previously mentioned. My Windows Account is completely locked; however we are able to switch to a different account that "appears" to be working fine, but I don't trust entirely.

Malwarebytes Anti-Malware (PRO) 1.61.0.1400

www.malwarebytes.org

Database version: v2012.07.03.06

Windows Vista Service Pack 2 x64 NTFS

Internet Explorer 9.0.8112.16421

Chris :: HOME-PC [administrator]

Protection: Enabled

7/3/2012 3:27:01 PM

mbam-log-2012-07-03 (15-27-01).txt

Scan type: Quick scan

Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM | P2P

Scan options disabled:

Objects scanned: 259488

Time elapsed: 4 minute(s), 9 second(s)

Memory Processes Detected: 0

(No malicious items detected)

Memory Modules Detected: 0

(No malicious items detected)

Registry Keys Detected: 0

(No malicious items detected)

Registry Values Detected: 0

(No malicious items detected)

Registry Data Items Detected: 0

(No malicious items detected)

Folders Detected: 0

(No malicious items detected)

Files Detected: 0

(No malicious items detected)

(end)

Link to post
Share on other sites

.

DDS (Ver_2011-08-26.01) - NTFSAMD64

Internet Explorer: 9.0.8112.16421 BrowserJavaVersion: 10.4.1

Run by Chris at 15:55:37 on 2012-07-03

Microsoft® Windows Vista™ Home Premium 6.0.6002.2.1252.1.1033.18.3998.1963 [GMT -4:00]

.

AV: Microsoft Security Essentials *Disabled/Updated* {108DAC43-C256-20B7-BB05-914135DA5160}

SP: Microsoft Security Essentials *Disabled/Updated* {ABEC4DA7-E46C-2F39-81B5-AA334E5D1BDD}

SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

.

============== Running Processes ===============

.

C:\Windows\system32\wininit.exe

C:\Windows\system32\lsm.exe

C:\Windows\system32\svchost.exe -k DcomLaunch

C:\Windows\system32\svchost.exe -k rpcss

C:\Windows\System32\svchost.exe -k secsvcs

C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted

C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted

C:\Windows\system32\svchost.exe -k netsvcs

C:\Windows\system32\svchost.exe -k GPSvcGroup

C:\Windows\system32\SLsvc.exe

C:\Windows\system32\svchost.exe -k LocalService

C:\Windows\system32\svchost.exe -k NetworkService

C:\Windows\system32\WLANExt.exe

C:\Windows\System32\spoolsv.exe

C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork

C:\Windows\SysWOW64\svchost.exe -k Akamai

C:\Windows\system32\taskeng.exe

C:\Windows\system32\Dwm.exe

C:\Windows\system32\svchost.exe -k apphost

C:\Windows\system32\taskeng.exe

C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe

C:\Windows\Explorer.EXE

C:\Program Files\Bonjour\mDNSResponder.exe

C:\Program Files (x86)\Hewlett-Packard\Shared\HPDrvMntSvc.exe

C:\Program Files (x86)\Common Files\LightScribe\LSSrvc.exe

C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted

C:\Program Files (x86)\SMINST\BLService.exe

C:\Program Files (x86)\CyberLink\Shared files\RichVideo.exe

C:\Windows\system32\svchost.exe -k imgsvc

C:\Windows\system32\svchost.exe -k iissvcs

C:\Windows\System32\svchost.exe -k WerSvcGroup

C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE

C:\Windows\System32\wpcumi.exe

C:\Windows\System32\igfxtray.exe

C:\Windows\System32\hkcmd.exe

C:\Windows\System32\igfxpers.exe

C:\Windows\system32\SearchIndexer.exe

C:\Program Files (x86)\Common Files\LightScribe\LightScribeControlPanel.exe

C:\Program Files\Windows Sidebar\sidebar.exe

C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe

C:\Windows\ehome\ehtray.exe

C:\Windows\system32\DRIVERS\xaudio64.exe

C:\Program Files (x86)\Yahoo!\SoftwareUpdate\YahooAUService.exe

C:\Windows\system32\igfxsrvc.exe

C:\Program Files (x86)\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe

C:\Program Files (x86)\Hp\QuickPlay\QPService.exe

C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe

C:\Program Files (x86)\iTunes\iTunesHelper.exe

C:\Program Files\iPod\bin\iPodService.exe

C:\Windows\system32\wbem\wmiprvse.exe

C:\Windows\ehome\ehmsas.exe

C:\Program Files (x86)\Hewlett-Packard\Shared\hpqWmiEx.exe

C:\Program Files (x86)\OpenOffice.org 3\program\soffice.exe

c:\Program Files\Microsoft Security Client\Antimalware\NisSrv.exe

C:\Program Files (x86)\OpenOffice.org 3\program\soffice.bin

C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation

C:\Program Files (x86)\Hewlett-Packard\Shared\hpqToaster.exe

C:\Program Files (x86)\Hewlett-Packard\Shared\hpCaslNotification.exe

C:\Program Files (x86)\Hewlett-Packard\HP Health Check\hphc_service.exe

C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe

c:\program files\windows defender\MpCmdRun.exe

C:\Windows\system32\wuauclt.exe

C:\Program Files (x86)\Mozilla Firefox\firefox.exe

C:\Program Files (x86)\Mozilla Firefox\plugin-container.exe

C:\Windows\system32\SearchProtocolHost.exe

C:\Windows\system32\SearchFilterHost.exe

C:\Windows\system32\DllHost.exe

C:\Windows\system32\DllHost.exe

C:\Windows\SysWOW64\cmd.exe

C:\Windows\SysWOW64\cscript.exe

C:\Windows\system32\wbem\wmiprvse.exe

.

============== Pseudo HJT Report ===============

.

uStart Page = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=en_us&c=91&bd=Pavilion&pf=cnnb

uDefault_Page_URL = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=en_us&c=91&bd=Pavilion&pf=cnnb

uSearch Bar =

mStart Page = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=en_us&c=91&bd=Pavilion&pf=cnnb

mDefault_Page_URL = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=en_us&c=91&bd=Pavilion&pf=cnnb

uURLSearchHooks: YTNavAssist.YTNavAssistPlugin Class: {81017ea9-9aa8-4a6a-9734-7af40e7d593f} - C:\Program Files (x86)\Yahoo!\Companion\Installs\cpn0\YTNavAssist.dll

mWinlogon: Userinit=userinit.exe,

BHO: &Yahoo! Toolbar Helper: {02478d38-c3f9-4efb-9b51-7695eca05670} - C:\Program Files (x86)\Yahoo!\Companion\Installs\cpn0\yt.dll

BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll

BHO: Groove GFS Browser Helper: {72853161-30c5-4d22-b7f9-0bbc1d38a37e} - C:\PROGRA~2\MICROS~2\Office14\GROOVEEX.DLL

BHO: Java Plug-In SSV Helper: {761497bb-d6f0-462c-b6eb-d4daf1d92d43} - C:\Program Files (x86)\Oracle\JavaFX 2.1 Runtime\bin\ssv.dll

BHO: Windows Live ID Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll

BHO: Windows Live Messenger Companion Helper: {9fdde16b-836f-4806-ab1f-1455cbeff289} - C:\Program Files (x86)\Windows Live\Companion\companioncore.dll

BHO: Office Document Cache Handler: {b4f3a835-0e21-4959-ba22-42b3008e02ff} - C:\PROGRA~2\MICROS~2\Office14\URLREDIR.DLL

BHO: Java Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - C:\Program Files (x86)\Oracle\JavaFX 2.1 Runtime\bin\jp2ssv.dll

BHO: SingleInstance Class: {fdad4da1-61a2-4fd8-9c17-86f7ac245081} - C:\Program Files (x86)\Yahoo!\Companion\Installs\cpn0\YTSingleInstance.dll

TB: Yahoo! Toolbar: {ef99bd32-c1fb-11d2-892f-0090271d4f88} - C:\Program Files (x86)\Yahoo!\Companion\Installs\cpn0\yt.dll

TB: {604BC32A-9680-40D1-9AC6-E06B23A1BA4C} - No File

TB: {D4027C7F-154A-4066-A1AD-4243D8127440} - No File

EB: {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - No File

uRun: [HPADVISOR] C:\Program Files (x86)\Hewlett-Packard\HP Advisor\HPAdvisor.exe autorun=AUTORUN

uRun: [LightScribe Control Panel] C:\Program Files (x86)\Common Files\LightScribe\LightScribeControlPanel.exe -hidden

uRun: [sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun

uRun: [ehTray.exe] C:\Windows\ehome\ehTray.exe

mRun: [updatePSTShortCut] "C:\Program Files (x86)\CyberLink\DVD Suite\MUITransfer\MUIStartMenu.exe" "C:\Program Files (x86)\CyberLink\DVD Suite" UpdateWithCreateOnce "Software\CyberLink\PowerStarter"

mRun: [updateP2GoShortCut] "C:\Program Files (x86)\CyberLink\Power2Go\MUITransfer\MUIStartMenu.exe" "C:\Program Files (x86)\CyberLink\Power2Go" UpdateWithCreateOnce "SOFTWARE\CyberLink\Power2Go\6.0"

mRun: [updatePDIRShortCut] "C:\Program Files (x86)\CyberLink\PowerDirector\MUITransfer\MUIStartMenu.exe" "C:\Program Files (x86)\CyberLink\PowerDirector" UpdateWithCreateOnce "SOFTWARE\CyberLink\PowerDirector\7.0"

mRun: [sSBkgdUpdate] "C:\Program Files (x86)\Common Files\Scansoft Shared\SSBkgdUpdate\SSBkgdupdate.exe" -Embedding -boot

mRun: [WirelessAssistant] C:\Program Files (x86)\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe

mRun: [uCam_Menu] "C:\Program Files (x86)\CyberLink\YouCam\MUITransfer\MUIStartMenu.exe" "C:\Program Files (x86)\CyberLink\YouCam" UpdateWithCreateOnce "Software\CyberLink\YouCam\2.0"

mRun: [QPService] "C:\Program Files (x86)\HP\QuickPlay\QPService.exe"

mRun: [bCSSync] "C:\Program Files (x86)\Microsoft Office\Office14\BCSSync.exe" /DelayServices

mRun: [APSDaemon] "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe"

mRun: [Malwarebytes' Anti-Malware] "C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe" /starttray

mRun: [Adobe Reader Speed Launcher] "C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe"

mRun: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"

mRun: [iTunesHelper] "C:\Program Files (x86)\iTunes\iTunesHelper.exe"

mRun: [QuickTime Task] "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime

StartupFolder: C:\Users\Chris\AppData\Roaming\MICROS~1\Windows\STARTM~1\Programs\Startup\OPENOF~1.LNK - C:\Program Files (x86)\OpenOffice.org 3\program\quickstart.exe

StartupFolder: C:\Users\Chris\AppData\Roaming\MICROS~1\Windows\STARTM~1\Programs\Startup\OPENOF~2.LNK - C:\Program Files (x86)\OpenOffice.org 3\program\quickstart.exe

mPolicies-explorer: NoActiveDesktop = 1 (0x1)

mPolicies-explorer: NoActiveDesktopChanges = 1 (0x1)

mPolicies-explorer: BindDirectlyToPropertySetStorage = 0 (0x0)

mPolicies-system: EnableUIADesktopToggle = 0 (0x0)

IE: Add to Google Photos Screensa&ver - C:\Windows\system32\GPhotos.scr/200

IE: E&xport to Microsoft Excel - C:\PROGRA~2\MICROS~2\Office12\EXCEL.EXE/3000

IE: {0000036B-C524-4050-81A0-243669A86B9F} - {B63DBA5F-523F-4B9C-A43D-65DF1977EAD3} - C:\Program Files (x86)\Windows Live\Companion\companioncore.dll

IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll

IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIE.dll

IE: {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - {FFFDC614-B694-4AE6-AB38-5D6374584B52} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIELinkedNotes.dll

LSP: C:\Windows\system32\wpclsp.dll

Trusted Zone: adobe.com\kb2

Trusted Zone: amazon.com\www

Trusted Zone: dorchestercounty.net\www

Trusted Zone: facebook.com\apps

Trusted Zone: facebook.com\login

Trusted Zone: facebook.com\www

Trusted Zone: iwin.com\www

Trusted Zone: java.com

Trusted Zone: myspace.com\www

Trusted Zone: pogo.com\clubgames

Trusted Zone: pogo.com\www

Trusted Zone: shockwave.com\www

DPF: {166B1BCA-3F9C-11CF-8075-444553540000} - hxxp://download.macromedia.com/pub/shockwave/cabs/director/sw.cab

DPF: {195B4BBF-E1E4-4020-9773-0A8C6F65EA35} - hxxp://www.shockwave.com/content/cookingdash/sis/CookingDashWeb.1.0.0.9.cab

DPF: {233C1507-6A77-46A4-9443-F871F945D258} - hxxp://download.macromedia.com/pub/shockwave/cabs/director/sw.cab

DPF: {38AB6A6C-CC4C-4F9E-A3DD-3C5681EF18A1} - hxxp://www-cdn.freerealms.com/gamedata/plugins/1.0.3.83/FreeRealmsInstaller.cab?v=1031

DPF: {8100D56A-5661-482C-BEE8-AFECE305D968} - hxxp://upload.facebook.com/controls/2009.07.28_v5.5.8.1/FacebookPhotoUploader55.cab

DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.7.0/jinstall-1_7_0_04-windows-i586.cab

DPF: {AB6633A8-60A9-4F5D-B66C-ABE268CC3227} - hxxp://www.solidworks.com/sw/support/subscription/sldimdownload.cab

DPF: {CAFEEFAC-0017-0000-0004-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.7.0/jinstall-1_7_0_04-windows-i586.cab

DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.7.0/jinstall-1_7_0_04-windows-i586.cab

DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab

TCP: DhcpNameServer = 192.168.1.1

TCP: Interfaces\{5E123B90-4CD8-4BE5-B235-A40E7FF343F1} : DhcpNameServer = 192.168.1.1

TCP: Interfaces\{963B448B-CC77-4C70-B271-41A19B3FF28B} : DhcpNameServer = 209.18.47.61 209.18.47.62

Filter: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - C:\Program Files (x86)\Common Files\microsoft shared\OFFICE14\MSOXMLMF.DLL

Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files (x86)\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll

SEH: Groove GFS Stub Execution Hook: {b5a7f190-dda6-4420-b3ba-52453494e6cd} - C:\PROGRA~2\MICROS~2\Office14\GROOVEEX.DLL

mASetup: {10880D85-AAD9-4558-ABDC-2AB1552D831F} - "C:\Program Files (x86)\Common Files\LightScribe\LSRunOnce.exe"

BHO-X64: &Yahoo! Toolbar Helper: {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Program Files (x86)\Yahoo!\Companion\Installs\cpn0\yt.dll

BHO-X64: 0x1 - No File

BHO-X64: Adobe PDF Link Helper: {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll

BHO-X64: AcroIEHelperStub - No File

BHO-X64: Groove GFS Browser Helper: {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\PROGRA~2\MICROS~2\Office14\GROOVEEX.DLL

BHO-X64: Java Plug-In SSV Helper: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Oracle\JavaFX 2.1 Runtime\bin\ssv.dll

BHO-X64: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll

BHO-X64: Windows Live Messenger Companion Helper: {9FDDE16B-836F-4806-AB1F-1455CBEFF289} - C:\Program Files (x86)\Windows Live\Companion\companioncore.dll

BHO-X64: Office Document Cache Handler: {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\PROGRA~2\MICROS~2\Office14\URLREDIR.DLL

BHO-X64: URLRedirectionBHO - No File

BHO-X64: Java Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Oracle\JavaFX 2.1 Runtime\bin\jp2ssv.dll

BHO-X64: SingleInstance Class: {FDAD4DA1-61A2-4FD8-9C17-86F7AC245081} - C:\Program Files (x86)\Yahoo!\Companion\Installs\cpn0\YTSingleInstance.dll

TB-X64: Yahoo! Toolbar: {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files (x86)\Yahoo!\Companion\Installs\cpn0\yt.dll

TB-X64: {604BC32A-9680-40D1-9AC6-E06B23A1BA4C} - No File

TB-X64: {D4027C7F-154A-4066-A1AD-4243D8127440} - No File

EB-X64: {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - No File

mRun-x64: [updatePSTShortCut] "C:\Program Files (x86)\CyberLink\DVD Suite\MUITransfer\MUIStartMenu.exe" "C:\Program Files (x86)\CyberLink\DVD Suite" UpdateWithCreateOnce "Software\CyberLink\PowerStarter"

mRun-x64: [updateP2GoShortCut] "C:\Program Files (x86)\CyberLink\Power2Go\MUITransfer\MUIStartMenu.exe" "C:\Program Files (x86)\CyberLink\Power2Go" UpdateWithCreateOnce "SOFTWARE\CyberLink\Power2Go\6.0"

mRun-x64: [updatePDIRShortCut] "C:\Program Files (x86)\CyberLink\PowerDirector\MUITransfer\MUIStartMenu.exe" "C:\Program Files (x86)\CyberLink\PowerDirector" UpdateWithCreateOnce "SOFTWARE\CyberLink\PowerDirector\7.0"

mRun-x64: [sSBkgdUpdate] "C:\Program Files (x86)\Common Files\Scansoft Shared\SSBkgdUpdate\SSBkgdupdate.exe" -Embedding -boot

mRun-x64: [WirelessAssistant] C:\Program Files (x86)\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe

mRun-x64: [uCam_Menu] "C:\Program Files (x86)\CyberLink\YouCam\MUITransfer\MUIStartMenu.exe" "C:\Program Files (x86)\CyberLink\YouCam" UpdateWithCreateOnce "Software\CyberLink\YouCam\2.0"

mRun-x64: [QPService] "C:\Program Files (x86)\HP\QuickPlay\QPService.exe"

mRun-x64: [bCSSync] "C:\Program Files (x86)\Microsoft Office\Office14\BCSSync.exe" /DelayServices

mRun-x64: [APSDaemon] "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe"

mRun-x64: [Malwarebytes' Anti-Malware] "C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe" /starttray

mRun-x64: [Adobe Reader Speed Launcher] "C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe"

mRun-x64: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"

mRun-x64: [iTunesHelper] "C:\Program Files (x86)\iTunes\iTunesHelper.exe"

mRun-x64: [QuickTime Task] "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime

SEH-X64: Groove GFS Stub Execution Hook: {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\PROGRA~2\MICROS~2\Office14\GROOVEEX.DLL

.

================= FIREFOX ===================

.

FF - ProfilePath - C:\Users\Chris\AppData\Roaming\Mozilla\Firefox\Profiles\t4nbulxp.default\

FF - prefs.js: network.proxy.type - 0

FF - plugin: C:\PROGRA~2\MICROS~2\Office14\NPAUTHZ.DLL

FF - plugin: C:\PROGRA~2\MICROS~2\Office14\NPSPWRAP.DLL

FF - plugin: C:\Program Files (x86)\Adobe\Reader 9.0\Reader\AIR\nppdf32.dll

FF - plugin: C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll

FF - plugin: C:\Program Files (x86)\Google\Picasa3\npPicasa3.dll

FF - plugin: C:\Program Files (x86)\Google\Update\1.3.21.111\npGoogleUpdate3.dll

FF - plugin: c:\Program Files (x86)\Microsoft Silverlight\4.1.10329.0\npctrlui.dll

FF - plugin: C:\Program Files (x86)\Oracle\JavaFX 2.1 Runtime\bin\plugin2\npjp2.dll

FF - plugin: C:\Program Files (x86)\Sony Online Entertainment\npsoe.dll

FF - plugin: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll

FF - plugin: C:\Windows\SysWOW64\Adobe\Director\np32dsw.dll

FF - plugin: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_2_202_235.dll

FF - plugin: C:\Windows\SysWOW64\npDeployJava1.dll

FF - plugin: C:\Windows\SysWOW64\npmproxy.dll

.

============= SERVICES / DRIVERS ===============

.

R1 MpFilter;Microsoft Malware Protection Driver;C:\Windows\system32\DRIVERS\MpFilter.sys --> C:\Windows\system32\DRIVERS\MpFilter.sys [?]

R2 Akamai;Akamai NetSession Interface;C:\Windows\System32\svchost.exe -k Akamai [2008-1-20 21504]

R2 FontCache;Windows Font Cache Service;C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation [2008-1-20 21504]

R2 HPDrvMntSvc.exe;HP Quick Synchronization Service;C:\Program Files (x86)\Hewlett-Packard\Shared\HPDrvMntSvc.exe [2011-1-25 92216]

R2 MBAMService;MBAMService;C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [2011-12-17 654408]

R2 Recovery Service for Windows;Recovery Service for Windows;C:\Program Files (x86)\SMINST\BLService.exe [2009-4-20 365952]

R3 CAXHWAZL;CAXHWAZL;C:\Windows\system32\DRIVERS\CAXHWAZL.sys --> C:\Windows\system32\DRIVERS\CAXHWAZL.sys [?]

R3 IntcHdmiAddService;Intel® High Definition Audio HDMI;C:\Windows\system32\drivers\IntcHdmi.sys --> C:\Windows\system32\drivers\IntcHdmi.sys [?]

R3 MBAMProtector;MBAMProtector;\??\C:\Windows\system32\drivers\mbam.sys --> C:\Windows\system32\drivers\mbam.sys [?]

R3 MpNWMon;Microsoft Malware Protection Network Driver;C:\Windows\system32\DRIVERS\MpNWMon.sys --> C:\Windows\system32\DRIVERS\MpNWMon.sys [?]

R3 NisDrv;Microsoft Network Inspection System;C:\Windows\system32\DRIVERS\NisDrvWFP.sys --> C:\Windows\system32\DRIVERS\NisDrvWFP.sys [?]

R3 NisSrv;Microsoft Network Inspection;C:\Program Files\Microsoft Security Client\Antimalware\NisSrv.exe [2011-4-27 288272]

S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]

S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-3-18 138576]

S2 gupdate;Google Update Service (gupdate);C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2011-1-2 136176]

S2 Lavasoft Ad-Aware Service;Lavasoft Ad-Aware Service;"C:\Program Files (x86)\Lavasoft\Ad-Aware\AAWService.exe" --> C:\Program Files (x86)\Lavasoft\Ad-Aware\AAWService.exe [?]

S3 FLEXnet Licensing Service 64;FLEXnet Licensing Service 64;C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService64.exe [2009-12-24 1030600]

S3 fssfltr;FssFltr;C:\Windows\system32\DRIVERS\fssfltr.sys --> C:\Windows\system32\DRIVERS\fssfltr.sys [?]

S3 fsssvc;Windows Live Family Safety Service;C:\Program Files (x86)\Windows Live\Family Safety\fsssvc.exe [2010-9-23 1493352]

S3 GKUPRO2D;GKUPRO2D;C:\Windows\system32\Drivers\GKUPRO2D.sys --> C:\Windows\system32\Drivers\GKUPRO2D.sys [?]

S3 gupdatem;Google Update Service (gupdatem);C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2011-1-2 136176]

S3 Microsoft SharePoint Workspace Audit Service;Microsoft SharePoint Workspace Audit Service;C:\Program Files (x86)\Microsoft Office\Office14\GROOVE.EXE [2011-6-12 31125880]

S3 MozillaMaintenance;Mozilla Maintenance Service;C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe [2012-4-26 113120]

S3 NETw3v64;Intel® PRO/Wireless 3945ABG Adapter Driver for Windows Vista 64 Bit;C:\Windows\system32\DRIVERS\NETw3v64.sys --> C:\Windows\system32\DRIVERS\NETw3v64.sys [?]

S3 npggsvc;nProtect GameGuard Service;C:\Windows\system32\GameMon.des -service --> C:\Windows\system32\GameMon.des -service [?]

S3 osppsvc;Office Software Protection Platform;C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE [2010-1-9 4925184]

S3 PerfHost;Performance Counter DLL Host;C:\Windows\SysWOW64\perfhost.exe [2008-1-20 19968]

S3 USBAAPL64;Apple Mobile USB Driver;C:\Windows\system32\Drivers\usbaapl64.sys --> C:\Windows\system32\Drivers\usbaapl64.sys [?]

S3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\WPF\WPFFontCache_v0400.exe [2010-3-18 1020768]

S3 yukonx64;NDIS6.0 Miniport Driver for Marvell Yukon Ethernet Controller;C:\Windows\system32\DRIVERS\yk60x64.sys --> C:\Windows\system32\DRIVERS\yk60x64.sys [?]

S4 clr_optimization_v2.0.50727_64;Microsoft .NET Framework NGEN v2.0.50727_X64;C:\Windows\Microsoft.NET\Framework64\v2.0.50727\mscorsvw.exe [2009-12-3 89920]

S4 wlcrasvc;Windows Live Mesh remote connections service;C:\Program Files\Windows Live\Mesh\wlcrasvc.exe [2010-9-22 57184]

.

=============== File Associations ===============

.

JSEFile=C:\Windows\SysWOW64\WScript.exe "%1" %*

.

=============== Created Last 30 ================

.

2012-07-03 17:40:28 69000 ----a-w- C:\ProgramData\Microsoft\Windows Defender\Definition Updates\{DDA3A25B-461B-42D1-A90D-22D5EFD452F2}\offreg.dll

2012-07-03 17:35:11 9013136 ----a-w- C:\ProgramData\Microsoft\Windows Defender\Definition Updates\{DDA3A25B-461B-42D1-A90D-22D5EFD452F2}\mpengine.dll

2012-07-03 13:58:19 -------- d-----w- C:\TDSSKiller_Quarantine

2012-07-03 02:50:29 -------- d-----w- C:\Users\Chris\AppData\Local\Adobe

2012-07-03 01:14:42 -------- d-----w- C:\Users\Chris\AppData\Local\Apple

2012-07-03 01:13:45 -------- d-----w- C:\Users\Chris\AppData\Local\Apple Computer

2012-07-02 22:56:55 -------- d-----w- C:\Users\Chris\AppData\Local\Mozilla

2012-07-02 22:41:38 -------- d-----w- C:\Users\Chris\AppData\Roaming\Malwarebytes

2012-06-18 04:04:31 18912 ----a-w- C:\Program Files (x86)\Mozilla Firefox\AccessibleMarshal.dll

2012-06-18 04:04:30 85472 ----a-w- C:\Program Files (x86)\Mozilla Firefox\components\browsercomps.dll

2012-06-18 04:04:30 2106216 ----a-w- C:\Program Files (x86)\Mozilla Firefox\D3DCompiler_43.dll

2012-06-18 04:04:30 117728 ----a-w- C:\Program Files (x86)\Mozilla Firefox\crashreporter.exe

2012-06-18 04:04:26 770384 ----a-w- C:\Program Files (x86)\Mozilla Firefox\msvcr100.dll

2012-06-18 04:04:26 421200 ----a-w- C:\Program Files (x86)\Mozilla Firefox\msvcp100.dll

2012-06-13 01:22:37 209920 ----a-w- C:\Windows\System32\drivers\rdpwd.sys

2012-06-13 01:22:35 2767360 ----a-w- C:\Windows\System32\win32k.sys

2012-06-13 01:22:18 984064 ----a-w- C:\Windows\SysWow64\crypt32.dll

2012-06-13 01:22:18 132096 ----a-w- C:\Windows\System32\cryptnet.dll

2012-06-13 01:22:18 1267200 ----a-w- C:\Windows\System32\crypt32.dll

2012-06-13 01:22:17 98304 ----a-w- C:\Windows\SysWow64\cryptnet.dll

2012-06-13 01:22:17 174592 ----a-w- C:\Windows\System32\cryptsvc.dll

2012-06-13 01:22:17 133120 ----a-w- C:\Windows\SysWow64\cryptsvc.dll

2012-06-08 23:49:31 2622464 ----a-w- C:\Windows\System32\wucltux.dll

2012-06-08 23:48:48 99840 ----a-w- C:\Windows\System32\wudriver.dll

2012-06-08 23:48:48 88576 ----a-w- C:\Windows\SysWow64\wudriver.dll

2012-06-08 23:48:32 36864 ----a-w- C:\Windows\System32\wuapp.exe

2012-06-08 23:48:32 33792 ----a-w- C:\Windows\SysWow64\wuapp.exe

2012-06-08 23:48:32 186752 ----a-w- C:\Windows\System32\wuwebv.dll

2012-06-08 23:48:32 171904 ----a-w- C:\Windows\SysWow64\wuwebv.dll

.

==================== Find3M ====================

.

2012-05-29 19:40:13 70304 ----a-w- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl

2012-05-29 19:40:13 419488 ----a-w- C:\Windows\SysWow64\FlashPlayerApp.exe

2012-05-21 13:42:47 8769696 ----a-w- C:\Windows\SysWow64\FlashPlayerInstaller.exe

2012-05-18 02:06:48 2311680 ----a-w- C:\Windows\System32\jscript9.dll

2012-05-18 01:59:14 1392128 ----a-w- C:\Windows\System32\wininet.dll

2012-05-18 01:58:39 1494528 ----a-w- C:\Windows\System32\inetcpl.cpl

2012-05-18 01:55:22 173056 ----a-w- C:\Windows\System32\ieUnatt.exe

2012-05-18 01:51:30 2382848 ----a-w- C:\Windows\System32\mshtml.tlb

2012-05-17 22:45:37 1800192 ----a-w- C:\Windows\SysWow64\jscript9.dll

2012-05-17 22:35:47 1129472 ----a-w- C:\Windows\SysWow64\wininet.dll

2012-05-17 22:35:39 1427968 ----a-w- C:\Windows\SysWow64\inetcpl.cpl

2012-05-17 22:29:45 142848 ----a-w- C:\Windows\SysWow64\ieUnatt.exe

2012-05-17 22:24:45 2382848 ----a-w- C:\Windows\SysWow64\mshtml.tlb

2012-04-19 00:56:30 94208 ----a-w- C:\Windows\SysWow64\QuickTimeVR.qtx

2012-04-19 00:56:30 69632 ----a-w- C:\Windows\SysWow64\QuickTime.qts

2012-04-04 22:47:08 772504 ----a-w- C:\Windows\SysWow64\npDeployJava1.dll

2012-04-04 22:47:02 687504 ----a-w- C:\Windows\SysWow64\deployJava1.dll

2012-04-04 19:56:40 24904 ----a-w- C:\Windows\System32\drivers\mbam.sys

.

============= FINISH: 15:56:45.39 ===============

Link to post
Share on other sites

  • Staff

Hi,

  • Download the file TDSSKiller.zip and extract it into a folder on the infected PC.
  • Execute the file TDSSKiller.exe by double-clicking on it.
  • Wait for the scan and disinfection process to be over.
  • When its work is over, the utility prompts for a reboot to complete the disinfection.

By default, the utility outputs runtime log into the system disk root directory (the disk where the operating system is installed, C:\ as a rule).

The log is like UtilityName.Version_Date_Time_log.txt.

for example, C:\TDSSKiller.2.2.0_20.12.2009_15.31.43_log.txt.

Please post that log here.

Please visit this webpage for instructions for running ComboFix:

http://www.bleepingc...to-use-combofix

  • When the tool is finished, it will produce a report for you.
  • Please post the C:\ComboFix.txt along with a new DDS log so we may continue cleaning the system.

-screen317

Link to post
Share on other sites

Here you go. TDSSKill Log. Mindy

17:01:21.0625 2880 TDSS rootkit removing tool 2.7.44.0 Jul 2 2012 20:01:08

17:01:21.0940 2880 ============================================================

17:01:21.0940 2880 Current date / time: 2012/07/03 17:01:21.0940

17:01:21.0941 2880 SystemInfo:

17:01:21.0941 2880

17:01:21.0941 2880 OS Version: 6.0.6002 ServicePack: 2.0

17:01:21.0941 2880 Product type: Workstation

17:01:21.0941 2880 ComputerName: HOME-PC

17:01:21.0941 2880 UserName: Chris

17:01:21.0941 2880 Windows directory: C:\Windows

17:01:21.0941 2880 System windows directory: C:\Windows

17:01:21.0941 2880 Running under WOW64

17:01:21.0941 2880 Processor architecture: Intel x64

17:01:21.0941 2880 Number of processors: 2

17:01:21.0941 2880 Page size: 0x1000

17:01:21.0941 2880 Boot type: Normal boot

17:01:21.0941 2880 ============================================================

17:01:22.0866 2880 Drive \Device\Harddisk0\DR0 - Size: 0x4A85D56000 (298.09 Gb), SectorSize: 0x200, Cylinders: 0x9801, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000040

17:01:22.0875 2880 ============================================================

17:01:22.0875 2880 \Device\Harddisk0\DR0:

17:01:22.0875 2880 MBR partitions:

17:01:22.0875 2880 \Device\Harddisk0\DR0\Partition0: MBR, Type 0x7, StartLBA 0x800, BlocksNum 0x23B9C800

17:01:22.0875 2880 \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x23B9D000, BlocksNum 0x1890000

17:01:22.0875 2880 ============================================================

17:01:22.0915 2880 C: <-> \Device\Harddisk0\DR0\Partition0

17:01:23.0033 2880 D: <-> \Device\Harddisk0\DR0\Partition1

17:01:23.0033 2880 ============================================================

17:01:23.0033 2880 Initialize success

17:01:23.0033 2880 ============================================================

17:01:37.0047 5080 ============================================================

17:01:37.0047 5080 Scan started

17:01:37.0047 5080 Mode: Manual;

17:01:37.0047 5080 ============================================================

17:01:37.0920 5080 ACPI (1965aaffab07e3fb03c77f81beba3547) C:\Windows\system32\drivers\acpi.sys

17:01:37.0923 5080 ACPI - ok

17:01:37.0987 5080 adp94xx (f14215e37cf124104575073f782111d2) C:\Windows\system32\drivers\adp94xx.sys

17:01:37.0990 5080 adp94xx - ok

17:01:38.0058 5080 adpahci (7d05a75e3066861a6610f7ee04ff085c) C:\Windows\system32\drivers\adpahci.sys

17:01:38.0060 5080 adpahci - ok

17:01:38.0072 5080 adpu160m (820a201fe08a0c345b3bedbc30e1a77c) C:\Windows\system32\drivers\adpu160m.sys

17:01:38.0073 5080 adpu160m - ok

17:01:38.0133 5080 adpu320 (9b4ab6854559dc168fbb4c24fc52e794) C:\Windows\system32\drivers\adpu320.sys

17:01:38.0134 5080 adpu320 - ok

17:01:38.0163 5080 AeLookupSvc (0f421175574bfe0bf2f4d8e910a253bb) C:\Windows\System32\aelupsvc.dll

17:01:38.0164 5080 AeLookupSvc - ok

17:01:38.0275 5080 AFD (c4f6ce6087760ad70960c9eb130e7943) C:\Windows\system32\drivers\afd.sys

17:01:38.0277 5080 AFD - ok

17:01:38.0337 5080 agp440 (f6f6793b7f17b550ecfdbd3b229173f7) C:\Windows\system32\drivers\agp440.sys

17:01:38.0337 5080 agp440 - ok

17:01:38.0375 5080 aic78xx (222cb641b4b8a1d1126f8033f9fd6a00) C:\Windows\system32\drivers\djsvs.sys

17:01:38.0376 5080 aic78xx - ok

17:01:38.0745 5080 Akamai (c775d704feb2b600a5bf7b0b088546af) c:\program files (x86)\common files\akamai/netsession_win_80c2ffa.dll

17:01:38.0745 5080 Suspicious file (Hidden): c:\program files (x86)\common files\akamai/netsession_win_80c2ffa.dll. md5: c775d704feb2b600a5bf7b0b088546af

17:01:38.0753 5080 Akamai ( HiddenFile.Multi.Generic ) - warning

17:01:38.0753 5080 Akamai - detected HiddenFile.Multi.Generic (1)

17:01:38.0850 5080 ALG (5922f4f59b7868f3d74bbbbeb7b825a3) C:\Windows\System32\alg.exe

17:01:38.0851 5080 ALG - ok

17:01:38.0895 5080 aliide (e0ca5bb8e6c79533dc6b1da7361a201e) C:\Windows\system32\drivers\aliide.sys

17:01:38.0895 5080 aliide - ok

17:01:38.0904 5080 amdide (7034f8d1b9703d711d3f92c95deb377d) C:\Windows\system32\drivers\amdide.sys

17:01:38.0905 5080 amdide - ok

17:01:38.0932 5080 AmdK8 (cdc3632a3a5ea4dbb83e46076a3165a1) C:\Windows\system32\drivers\amdk8.sys

17:01:38.0933 5080 AmdK8 - ok

17:01:39.0022 5080 AppHostSvc (b11291cbc71231c373743055fb7f5b48) C:\Windows\system32\inetsrv\apphostsvc.dll

17:01:39.0022 5080 AppHostSvc - ok

17:01:39.0101 5080 Appinfo (9c37b3fd5615477cb9a0cd116cf43f5c) C:\Windows\System32\appinfo.dll

17:01:39.0101 5080 Appinfo - ok

17:01:39.0255 5080 Apple Mobile Device (7ef47644b74ebe721cc32211d3c35e76) C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe

17:01:39.0257 5080 Apple Mobile Device - ok

17:01:39.0285 5080 arc (ba8417d4765f3988ff921f30f630e303) C:\Windows\system32\drivers\arc.sys

17:01:39.0286 5080 arc - ok

17:01:39.0317 5080 arcsas (9d41c435619733b34cc16a511e644b11) C:\Windows\system32\drivers\arcsas.sys

17:01:39.0319 5080 arcsas - ok

17:01:39.0350 5080 AsyncMac (22d13ff3dafec2a80634752b1eaa2de6) C:\Windows\system32\DRIVERS\asyncmac.sys

17:01:39.0350 5080 AsyncMac - ok

17:01:39.0396 5080 atapi (e68d9b3a3905619732f7fe039466a623) C:\Windows\system32\drivers\atapi.sys

17:01:39.0396 5080 atapi - ok

17:01:39.0542 5080 athr (4dc266425cd870b8116594545cb8e812) C:\Windows\system32\DRIVERS\athrx.sys

17:01:39.0551 5080 athr - ok

17:01:39.0705 5080 AudioEndpointBuilder (79318c744693ec983d20e9337a2f8196) C:\Windows\System32\Audiosrv.dll

17:01:39.0708 5080 AudioEndpointBuilder - ok

17:01:39.0717 5080 AudioSrv (79318c744693ec983d20e9337a2f8196) C:\Windows\System32\Audiosrv.dll

17:01:39.0722 5080 AudioSrv - ok

17:01:39.0835 5080 BFE (ffb96c2589ffa60473ead78b39fbde29) C:\Windows\System32\bfe.dll

17:01:39.0838 5080 BFE - ok

17:01:39.0997 5080 BITS (6d316f4859634071cc25c4fd4589ad2c) C:\Windows\System32\qmgr.dll

17:01:40.0005 5080 BITS - ok

17:01:40.0082 5080 blbdrive (79feeb40056683f8f61398d81dda65d2) C:\Windows\system32\drivers\blbdrive.sys

17:01:40.0083 5080 blbdrive - ok

17:01:40.0200 5080 Bonjour Service (ebbcd5dfbb1de70e8f4af8fa59e401fd) C:\Program Files\Bonjour\mDNSResponder.exe

17:01:40.0203 5080 Bonjour Service - ok

17:01:40.0283 5080 bowser (2348447a80920b2493a9b582a23e81e1) C:\Windows\system32\DRIVERS\bowser.sys

17:01:40.0283 5080 bowser - ok

17:01:40.0315 5080 BrFiltLo (f09eee9edc320b5e1501f749fde686c8) C:\Windows\system32\drivers\brfiltlo.sys

17:01:40.0316 5080 BrFiltLo - ok

17:01:40.0335 5080 BrFiltUp (b114d3098e9bdb8bea8b053685831be6) C:\Windows\system32\drivers\brfiltup.sys

17:01:40.0336 5080 BrFiltUp - ok

17:01:40.0382 5080 Browser (a1b39de453433b115b4ea69ee0343816) C:\Windows\System32\browser.dll

17:01:40.0383 5080 Browser - ok

17:01:40.0406 5080 Brserid (f0f0ba4d815be446aa6a4583ca3bca9b) C:\Windows\system32\drivers\brserid.sys

17:01:40.0407 5080 Brserid - ok

17:01:40.0421 5080 BrSerWdm (a6eca2151b08a09caceca35c07f05b42) C:\Windows\system32\drivers\brserwdm.sys

17:01:40.0422 5080 BrSerWdm - ok

17:01:40.0436 5080 BrUsbMdm (b79968002c277e869cf38bd22cd61524) C:\Windows\system32\drivers\brusbmdm.sys

17:01:40.0436 5080 BrUsbMdm - ok

17:01:40.0457 5080 BrUsbSer (a87528880231c54e75ea7a44943b38bf) C:\Windows\system32\drivers\brusbser.sys

17:01:40.0458 5080 BrUsbSer - ok

17:01:40.0496 5080 BTHMODEM (e0777b34e05f8a82a21856efc900c29f) C:\Windows\system32\drivers\bthmodem.sys

17:01:40.0497 5080 BTHMODEM - ok

17:01:40.0569 5080 CAXHWAZL (942bd3cb0933febd194b42d4e489c246) C:\Windows\system32\DRIVERS\CAXHWAZL.sys

17:01:40.0571 5080 CAXHWAZL - ok

17:01:40.0605 5080 cdfs (b4d787db8d30793a4d4df9feed18f136) C:\Windows\system32\DRIVERS\cdfs.sys

17:01:40.0606 5080 cdfs - ok

17:01:40.0651 5080 cdrom (c025aa69be3d0d25c7a2e746ef6f94fc) C:\Windows\system32\DRIVERS\cdrom.sys

17:01:40.0652 5080 cdrom - ok

17:01:40.0700 5080 CertPropSvc (5a268127633c7ee2a7fb87f39d748d56) C:\Windows\System32\certprop.dll

17:01:40.0701 5080 CertPropSvc - ok

17:01:40.0728 5080 circlass (02ea568d498bbdd4ba55bf3fce34d456) C:\Windows\system32\drivers\circlass.sys

17:01:40.0729 5080 circlass - ok

17:01:40.0843 5080 CLFS (3dca9a18b204939cfb24bea53e31eb48) C:\Windows\system32\CLFS.sys

17:01:40.0845 5080 CLFS - ok

17:01:40.0924 5080 clr_optimization_v2.0.50727_32 (8ee772032e2fe80a924f3b8dd5082194) C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe

17:01:40.0925 5080 clr_optimization_v2.0.50727_32 - ok

17:01:41.0000 5080 clr_optimization_v2.0.50727_64 (ce07a466201096f021cd09d631b21540) C:\Windows\Microsoft.NET\Framework64\v2.0.50727\mscorsvw.exe

17:01:41.0001 5080 clr_optimization_v2.0.50727_64 - ok

17:01:41.0097 5080 clr_optimization_v4.0.30319_32 (c5a75eb48e2344abdc162bda79e16841) C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe

17:01:41.0098 5080 clr_optimization_v4.0.30319_32 - ok

17:01:41.0180 5080 clr_optimization_v4.0.30319_64 (c6f9af94dcd58122a4d7e89db6bed29d) C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe

17:01:41.0181 5080 clr_optimization_v4.0.30319_64 - ok

17:01:41.0218 5080 CmBatt (b52d9a14ce4101577900a364ba86f3df) C:\Windows\system32\DRIVERS\CmBatt.sys

17:01:41.0219 5080 CmBatt - ok

17:01:41.0230 5080 cmdide (8c6aa24c1d7273a02284588426ab8ce3) C:\Windows\system32\drivers\cmdide.sys

17:01:41.0230 5080 cmdide - ok

17:01:41.0292 5080 CnxtHdAudService (d760753a9b2489a317d722133ce67efc) C:\Windows\system32\drivers\CHDRT64.sys

17:01:41.0294 5080 CnxtHdAudService - ok

17:01:41.0304 5080 Compbatt (7fb8ad01db0eabe60c8a861531a8f431) C:\Windows\system32\DRIVERS\compbatt.sys

17:01:41.0305 5080 Compbatt - ok

17:01:41.0311 5080 COMSysApp - ok

17:01:41.0345 5080 crcdisk (a8585b6412253803ce8efcbd6d6dc15c) C:\Windows\system32\drivers\crcdisk.sys

17:01:41.0345 5080 crcdisk - ok

17:01:41.0431 5080 CryptSvc (62740b9d2a137e8ced41a9e4239a7a31) C:\Windows\system32\cryptsvc.dll

17:01:41.0432 5080 CryptSvc - ok

17:01:41.0523 5080 DcomLaunch (cf8b9a3a5e7dc57724a89d0c3e8cf9ef) C:\Windows\system32\rpcss.dll

17:01:41.0534 5080 DcomLaunch - ok

17:01:41.0594 5080 DfsC (8b722ba35205c71e7951cdc4cdbade19) C:\Windows\system32\Drivers\dfsc.sys

17:01:41.0595 5080 DfsC - ok

17:01:41.0926 5080 DFSR (c647f468f7de343df8c143655c5557d4) C:\Windows\system32\DFSR.exe

17:01:41.0948 5080 DFSR - ok

17:01:42.0119 5080 Dhcp (3ed0321127ce70acdaabbf77e157c2a7) C:\Windows\System32\dhcpcsvc.dll

17:01:42.0122 5080 Dhcp - ok

17:01:42.0163 5080 disk (b0107e40ecdb5fa692ebf832f295d905) C:\Windows\system32\drivers\disk.sys

17:01:42.0164 5080 disk - ok

17:01:42.0196 5080 Dnscache (06230f1b721494a6df8d47fd395bb1b0) C:\Windows\System32\dnsrslvr.dll

17:01:42.0197 5080 Dnscache - ok

17:01:42.0256 5080 dot3svc (1a7156dd1e850e9914e5e991e3225b94) C:\Windows\System32\dot3svc.dll

17:01:42.0258 5080 dot3svc - ok

17:01:42.0302 5080 DPS (1583b39790db3eaec7edb0cb0140c708) C:\Windows\system32\dps.dll

17:01:42.0304 5080 DPS - ok

17:01:42.0347 5080 drmkaud (f1a78a98cfc2ee02144c6bec945447e6) C:\Windows\system32\drivers\drmkaud.sys

17:01:42.0348 5080 drmkaud - ok

17:01:42.0367 5080 duikbfgh - ok

17:01:42.0417 5080 dump_wmimmc - ok

17:01:42.0529 5080 DXGKrnl (b8e554e502d5123bc111f99d6a2181b4) C:\Windows\System32\drivers\dxgkrnl.sys

17:01:42.0535 5080 DXGKrnl - ok

17:01:42.0582 5080 E1G60 (264cee7b031a9d6c827f3d0cb031f2fe) C:\Windows\system32\DRIVERS\E1G6032E.sys

17:01:42.0584 5080 E1G60 - ok

17:01:42.0615 5080 EapHost (c2303883fd9be49dc36a6400643002ea) C:\Windows\System32\eapsvc.dll

17:01:42.0616 5080 EapHost - ok

17:01:42.0707 5080 Ecache (5f94962be5a62db6e447ff6470c4f48a) C:\Windows\system32\drivers\ecache.sys

17:01:42.0708 5080 Ecache - ok

17:01:42.0778 5080 ehRecvr (14ce384d2e27b64c256bda4dc39c312d) C:\Windows\ehome\ehRecvr.exe

17:01:42.0781 5080 ehRecvr - ok

17:01:42.0795 5080 ehSched (b93159c1313d66fdfbbe876f5189cd52) C:\Windows\ehome\ehsched.exe

17:01:42.0796 5080 ehSched - ok

17:01:42.0817 5080 ehstart (f5ee2527d74449868e3c3227a59bcd28) C:\Windows\ehome\ehstart.dll

17:01:42.0817 5080 ehstart - ok

17:01:42.0868 5080 elxstor (c4636d6e10469404ab5308d9fd45ed07) C:\Windows\system32\drivers\elxstor.sys

17:01:42.0871 5080 elxstor - ok

17:01:42.0961 5080 EMDMgmt (a9b18b63a4fd6baab83326706d857fab) C:\Windows\system32\emdmgmt.dll

17:01:42.0964 5080 EMDMgmt - ok

17:01:42.0984 5080 ErrDev (bc3a58e938bb277e46bf4b3003b01abd) C:\Windows\system32\drivers\errdev.sys

17:01:42.0984 5080 ErrDev - ok

17:01:43.0069 5080 EventSystem (e12f22b73f153dece721cd45ec05b4af) C:\Windows\system32\es.dll

17:01:43.0072 5080 EventSystem - ok

17:01:43.0128 5080 exfat (486844f47b6636044a42454614ed4523) C:\Windows\system32\drivers\exfat.sys

17:01:43.0130 5080 exfat - ok

17:01:43.0178 5080 fastfat (1a4bee34277784619ddaf0422c0c6e23) C:\Windows\system32\drivers\fastfat.sys

17:01:43.0180 5080 fastfat - ok

17:01:43.0229 5080 fdc (81b79b6df71fa1d2c6d688d830616e39) C:\Windows\system32\DRIVERS\fdc.sys

17:01:43.0230 5080 fdc - ok

17:01:43.0254 5080 fdPHost (bb9267acacd8b7533dd936c34a0cba5e) C:\Windows\system32\fdPHost.dll

17:01:43.0255 5080 fdPHost - ok

17:01:43.0269 5080 FDResPub (300c80931eabbe1db7591c516efe8d0f) C:\Windows\system32\fdrespub.dll

17:01:43.0270 5080 FDResPub - ok

17:01:43.0304 5080 FileInfo (457b7d1d533e4bd62a99aed9c7bb4c59) C:\Windows\system32\drivers\fileinfo.sys

17:01:43.0304 5080 FileInfo - ok

17:01:43.0326 5080 Filetrace (d421327fd6efccaf884a54c58e1b0d7f) C:\Windows\system32\drivers\filetrace.sys

17:01:43.0327 5080 Filetrace - ok

17:01:43.0455 5080 FLEXnet Licensing Service 64 (259dc094e2d3f08654c8fb73d8ecc0f5) C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService64.exe

17:01:43.0462 5080 FLEXnet Licensing Service 64 - ok

17:01:43.0509 5080 flpydisk (230923ea2b80f79b0f88d90f87b87ebd) C:\Windows\system32\DRIVERS\flpydisk.sys

17:01:43.0509 5080 flpydisk - ok

17:01:43.0600 5080 FltMgr (e3041bc26d6930d61f42aedb79c91720) C:\Windows\system32\drivers\fltmgr.sys

17:01:43.0602 5080 FltMgr - ok

17:01:43.0799 5080 FontCache (be1c5bd1ca7ed015bc6fa1ae67e592c8) C:\Windows\system32\FntCache.dll

17:01:43.0809 5080 FontCache - ok

17:01:43.0875 5080 FontCache3.0.0.0 (bc5b0be5af3510b0fd8c140ee42c6d3e) C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe

17:01:43.0876 5080 FontCache3.0.0.0 - ok

17:01:43.0975 5080 fssfltr (6c06701bf1db05405804d7eb610991ce) C:\Windows\system32\DRIVERS\fssfltr.sys

17:01:43.0975 5080 fssfltr - ok

17:01:44.0294 5080 fsssvc (4ce9dac1518ff7e77bd213e6394b9d77) C:\Program Files (x86)\Windows Live\Family Safety\fsssvc.exe

17:01:44.0303 5080 fsssvc - ok

17:01:44.0427 5080 Fs_Rec (5779b86cd8b32519fbecb136394d946a) C:\Windows\system32\drivers\Fs_Rec.sys

17:01:44.0427 5080 Fs_Rec - ok

17:01:44.0472 5080 gagp30kx (c8e416668d3dc2be3d4fe4c79224997f) C:\Windows\system32\drivers\gagp30kx.sys

17:01:44.0472 5080 gagp30kx - ok

17:01:44.0528 5080 GEARAspiWDM (e403aacf8c7bb11375122d2464560311) C:\Windows\system32\DRIVERS\GEARAspiWDM.sys

17:01:44.0529 5080 GEARAspiWDM - ok

17:01:44.0609 5080 GKUPRO2D (78df6b481a14c0c6532bcc9e6bd3b259) C:\Windows\system32\Drivers\GKUPRO2D.sys

17:01:44.0610 5080 GKUPRO2D - ok

17:01:44.0713 5080 gpsvc (a0e1b575ba8f504968cd40c0faeb2384) C:\Windows\System32\gpsvc.dll

17:01:44.0718 5080 gpsvc - ok

17:01:44.0896 5080 gupdate (f02a533f517eb38333cb12a9e8963773) C:\Program Files (x86)\Google\Update\GoogleUpdate.exe

17:01:44.0897 5080 gupdate - ok

17:01:44.0924 5080 gupdatem (f02a533f517eb38333cb12a9e8963773) C:\Program Files (x86)\Google\Update\GoogleUpdate.exe

17:01:44.0925 5080 gupdatem - ok

17:01:44.0982 5080 gusvc (c1b577b2169900f4cf7190c39f085794) C:\Program Files (x86)\Google\Common\Google Updater\GoogleUpdaterService.exe

17:01:44.0983 5080 gusvc - ok

17:01:45.0034 5080 HdAudAddService (df45f8142dc6df9d18c39b3effbd0409) C:\Windows\system32\drivers\HdAudio.sys

17:01:45.0036 5080 HdAudAddService - ok

17:01:45.0161 5080 HDAudBus (f942c5820205f2fb453243edfec82a3d) C:\Windows\system32\DRIVERS\HDAudBus.sys

17:01:45.0167 5080 HDAudBus - ok

17:01:45.0199 5080 HidBth (b4881c84a180e75b8c25dc1d726c375f) C:\Windows\system32\drivers\hidbth.sys

17:01:45.0199 5080 HidBth - ok

17:01:45.0217 5080 HidIr (4e77a77e2c986e8f88f996bb3e1ad829) C:\Windows\system32\drivers\hidir.sys

17:01:45.0220 5080 HidIr - ok

17:01:45.0268 5080 hidserv (59361d38a297755d46a540e450202b2a) C:\Windows\system32\hidserv.dll

17:01:45.0269 5080 hidserv - ok

17:01:45.0281 5080 HidUsb (59a7b5e13356c20d67983868242167c5) C:\Windows\system32\DRIVERS\hidusb.sys

17:01:45.0283 5080 HidUsb - ok

17:01:45.0303 5080 hkmsvc (b12f367ea39c0795fd57e31242ce1a5a) C:\Windows\system32\kmsvc.dll

17:01:45.0306 5080 hkmsvc - ok

17:01:45.0431 5080 HP Health Check Service (45a12cacb97b4f15858fcfd59355a1e9) C:\Program Files (x86)\Hewlett-Packard\HP Health Check\hphc_service.exe

17:01:45.0432 5080 HP Health Check Service - ok

17:01:45.0473 5080 HpCISSs (d7109a1e6bd2dfdbcba72a6bc626a13b) C:\Windows\system32\drivers\hpcisss.sys

17:01:45.0474 5080 HpCISSs - ok

17:01:45.0542 5080 HPDrvMntSvc.exe (f55442690a70a0278a7eed4faaebf576) C:\Program Files (x86)\Hewlett-Packard\Shared\HPDrvMntSvc.exe

17:01:45.0544 5080 HPDrvMntSvc.exe - ok

17:01:45.0588 5080 HpqKbFiltr (0ecc54fd34d6a089c300846b011e81d6) C:\Windows\system32\DRIVERS\HpqKbFiltr.sys

17:01:45.0589 5080 HpqKbFiltr - ok

17:01:45.0707 5080 hpqwmiex (640e51db253265c3eac075866b3d2b33) C:\Program Files (x86)\Hewlett-Packard\Shared\hpqWmiEx.exe

17:01:45.0712 5080 hpqwmiex - ok

17:01:45.0875 5080 HSF_DPV (dda869537ae9ce501954cb7793134d96) C:\Windows\system32\DRIVERS\CAX_DPV.sys

17:01:45.0886 5080 HSF_DPV - ok

17:01:46.0040 5080 HTTP (098f1e4e5c9cb5b0063a959063631610) C:\Windows\system32\drivers\HTTP.sys

17:01:46.0049 5080 HTTP - ok

17:01:46.0069 5080 i2omp (da94c854cea5fac549d4e1f6e88349e8) C:\Windows\system32\drivers\i2omp.sys

17:01:46.0070 5080 i2omp - ok

17:01:46.0106 5080 i8042prt (cbb597659a2713ce0c9cc20c88c7591f) C:\Windows\system32\DRIVERS\i8042prt.sys

17:01:46.0107 5080 i8042prt - ok

17:01:46.0149 5080 iaStorV (3e3bf3627d886736d0b4e90054f929f6) C:\Windows\system32\drivers\iastorv.sys

17:01:46.0153 5080 iaStorV - ok

17:01:46.0245 5080 IDriverT (6f95324909b502e2651442c1548ab12f) C:\Program Files (x86)\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe

17:01:46.0249 5080 IDriverT - ok

17:01:46.0371 5080 idsvc (749f5f8cedca70f2a512945325fc489d) C:\Windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\infocard.exe

17:01:46.0384 5080 idsvc - ok

17:01:47.0147 5080 igfx (c6238c6abd6ac99f5d152da4e9439a3d) C:\Windows\system32\DRIVERS\igdkmd64.sys

17:01:47.0352 5080 igfx - ok

17:01:47.0468 5080 iirsp (8c3951ad2fe886ef76c7b5027c3125d3) C:\Windows\system32\drivers\iirsp.sys

17:01:47.0470 5080 iirsp - ok

17:01:47.0544 5080 IKEEXT (0c9ea6e654e7b0471741e343a6c671af) C:\Windows\System32\ikeext.dll

17:01:47.0551 5080 IKEEXT - ok

17:01:47.0592 5080 IntcHdmiAddService (bd37227c07179b1040a8896b9c0c146b) C:\Windows\system32\drivers\IntcHdmi.sys

17:01:47.0594 5080 IntcHdmiAddService - ok

17:01:47.0623 5080 intelide (475490caf376e55e6e8b37bbdfeb2e81) C:\Windows\system32\drivers\intelide.sys

17:01:47.0624 5080 intelide - ok

17:01:47.0656 5080 intelppm (bfd84af32fa1bad6231c4585cb469630) C:\Windows\system32\DRIVERS\intelppm.sys

17:01:47.0657 5080 intelppm - ok

17:01:47.0682 5080 IPBusEnum (5624bc1bc5eeb49c0ab76a8114f05ea3) C:\Windows\system32\ipbusenum.dll

17:01:47.0684 5080 IPBusEnum - ok

17:01:47.0748 5080 IpFilterDriver (d8aabc341311e4780d6fce8c73c0ad81) C:\Windows\system32\DRIVERS\ipfltdrv.sys

17:01:47.0750 5080 IpFilterDriver - ok

17:01:47.0790 5080 iphlpsvc (bf0dbfa9792c5c14fa00f61c75116c1b) C:\Windows\System32\iphlpsvc.dll

17:01:47.0794 5080 iphlpsvc - ok

17:01:47.0798 5080 IpInIp - ok

17:01:47.0818 5080 IPMIDRV (9c2ee2e6e5a7203bfae15c299475ec67) C:\Windows\system32\drivers\ipmidrv.sys

17:01:47.0819 5080 IPMIDRV - ok

17:01:47.0840 5080 IPNAT (b7e6212f581ea5f6ab0c3a6ceeeb89be) C:\Windows\system32\DRIVERS\ipnat.sys

17:01:47.0841 5080 IPNAT - ok

17:01:48.0018 5080 iPod Service (50d6ccc6ff5561f9f56946b3e6164fb8) C:\Program Files\iPod\bin\iPodService.exe

17:01:48.0033 5080 iPod Service - ok

17:01:48.0058 5080 IRENUM (8c42ca155343a2f11d29feca67faa88d) C:\Windows\system32\drivers\irenum.sys

17:01:48.0059 5080 IRENUM - ok

17:01:48.0084 5080 isapnp (0672bfcedc6fc468a2b0500d81437f4f) C:\Windows\system32\drivers\isapnp.sys

17:01:48.0086 5080 isapnp - ok

17:01:48.0144 5080 iScsiPrt (e4fdf99599f27ec25d2cf6d754243520) C:\Windows\system32\DRIVERS\msiscsi.sys

17:01:48.0147 5080 iScsiPrt - ok

17:01:48.0163 5080 iteatapi (63c766cdc609ff8206cb447a65abba4a) C:\Windows\system32\drivers\iteatapi.sys

17:01:48.0165 5080 iteatapi - ok

17:01:48.0191 5080 iteraid (1281fe73b17664631d12f643cbea3f59) C:\Windows\system32\drivers\iteraid.sys

17:01:48.0192 5080 iteraid - ok

17:01:48.0209 5080 kbdclass (423696f3ba6472dd17699209b933bc26) C:\Windows\system32\DRIVERS\kbdclass.sys

17:01:48.0210 5080 kbdclass - ok

17:01:48.0221 5080 kbdhid (dbdf75d51464fbc47d0104ec3d572c05) C:\Windows\system32\DRIVERS\kbdhid.sys

17:01:48.0222 5080 kbdhid - ok

17:01:48.0262 5080 KeyIso (260bf9c43ee12c6898a9f5aab0fb0e5d) C:\Windows\system32\lsass.exe

17:01:48.0265 5080 KeyIso - ok

17:01:48.0376 5080 KSecDD (2758d174604f597bbc8a217ff667913d) C:\Windows\system32\Drivers\ksecdd.sys

17:01:48.0386 5080 KSecDD - ok

17:01:48.0408 5080 ksthunk (1d419cf43db29396ecd7113d129d94eb) C:\Windows\system32\drivers\ksthunk.sys

17:01:48.0410 5080 ksthunk - ok

17:01:48.0492 5080 KtmRm (1faf6926f3416d3da05c5b265491bdae) C:\Windows\system32\msdtckrm.dll

17:01:48.0500 5080 KtmRm - ok

17:01:48.0554 5080 LanmanServer (50c7a3cb427e9bb5ed0708a669956ab5) C:\Windows\system32\srvsvc.dll

17:01:48.0559 5080 LanmanServer - ok

17:01:48.0584 5080 LanmanWorkstation (caf86fc1388be1e470f1a7b43e348adb) C:\Windows\System32\wkssvc.dll

17:01:48.0589 5080 LanmanWorkstation - ok

17:01:48.0659 5080 Lavasoft Ad-Aware Service - ok

17:01:48.0729 5080 LightScribeService (abf90fc5a127f481219b873c1b8dfc1c) C:\Program Files (x86)\Common Files\LightScribe\LSSrvc.exe

17:01:48.0730 5080 LightScribeService - ok

17:01:48.0743 5080 lltdio (96ece2659b6654c10a0c310ae3a6d02c) C:\Windows\system32\DRIVERS\lltdio.sys

17:01:48.0745 5080 lltdio - ok

17:01:48.0797 5080 lltdsvc (961ccbd0b1ccb5675d64976fae37d092) C:\Windows\System32\lltdsvc.dll

17:01:48.0803 5080 lltdsvc - ok

17:01:48.0831 5080 lmhosts (a47f8080cacc23c91fe823ad19aa5612) C:\Windows\System32\lmhsvc.dll

17:01:48.0832 5080 lmhosts - ok

17:01:48.0852 5080 LSI_FC (acbe1af32d3123e330a07bfbc5ec4a9b) C:\Windows\system32\drivers\lsi_fc.sys

17:01:48.0854 5080 LSI_FC - ok

17:01:48.0870 5080 LSI_SAS (799ffb2fc4729fa46d2157c0065b3525) C:\Windows\system32\drivers\lsi_sas.sys

17:01:48.0872 5080 LSI_SAS - ok

17:01:48.0894 5080 LSI_SCSI (f445ff1daad8a226366bfaf42551226b) C:\Windows\system32\drivers\lsi_scsi.sys

17:01:48.0896 5080 LSI_SCSI - ok

17:01:48.0913 5080 luafv (52f87b9cc8932c2a7375c3b2a9be5e3e) C:\Windows\system32\drivers\luafv.sys

17:01:48.0915 5080 luafv - ok

17:01:48.0984 5080 MBAMProtector (dbc08862a71459e74f7538b432c114cc) C:\Windows\system32\drivers\mbam.sys

17:01:48.0985 5080 MBAMProtector - ok

17:01:49.0110 5080 MBAMService (ba400ed640bca1eae5c727ae17c10207) C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe

17:01:49.0120 5080 MBAMService - ok

17:01:49.0159 5080 Mcx2Svc (76a58df02bd4ea29f189b82d0bef17f8) C:\Windows\system32\Mcx2Svc.dll

17:01:49.0161 5080 Mcx2Svc - ok

17:01:49.0180 5080 mdmxsdk (e4f44ec214b3e381e1fc844a02926666) C:\Windows\system32\DRIVERS\mdmxsdk.sys

17:01:49.0181 5080 mdmxsdk - ok

17:01:49.0212 5080 megasas (5c5cd6aaced32fb26c3fb34b3dcf972f) C:\Windows\system32\drivers\megasas.sys

17:01:49.0213 5080 megasas - ok

17:01:49.0260 5080 MegaSR (859bc2436b076c77c159ed694acfe8f8) C:\Windows\system32\drivers\megasr.sys

17:01:49.0267 5080 MegaSR - ok

17:01:49.0388 5080 Microsoft SharePoint Workspace Audit Service - ok

17:01:49.0437 5080 MMCSS (3cbe4995e80e13ccfbc42e5dcf3ac81a) C:\Windows\system32\mmcss.dll

17:01:49.0440 5080 MMCSS - ok

17:01:49.0451 5080 Modem (59848d5cc74606f0ee7557983bb73c2e) C:\Windows\system32\drivers\modem.sys

17:01:49.0453 5080 Modem - ok

17:01:49.0483 5080 monitor (c247cc2a57e0a0c8c6dccf7807b3e9e5) C:\Windows\system32\DRIVERS\monitor.sys

17:01:49.0484 5080 monitor - ok

17:01:49.0501 5080 mouclass (9367304e5e412b120cf5f4ea14e4e4f1) C:\Windows\system32\DRIVERS\mouclass.sys

17:01:49.0502 5080 mouclass - ok

17:01:49.0532 5080 mouhid (c2c2bd5c5ce5aaf786ddd74b75d2ac69) C:\Windows\system32\DRIVERS\mouhid.sys

17:01:49.0533 5080 mouhid - ok

17:01:49.0548 5080 MountMgr (11bc9b1e8801b01f7f6adb9ead30019b) C:\Windows\system32\drivers\mountmgr.sys

17:01:49.0550 5080 MountMgr - ok

17:01:49.0637 5080 MozillaMaintenance (15d5398eed42c2504bb3d4fc875c15d1) C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe

17:01:49.0639 5080 MozillaMaintenance - ok

17:01:49.0687 5080 MpFilter (c177a7ebf5e8a0b596f618870516cab8) C:\Windows\system32\DRIVERS\MpFilter.sys

17:01:49.0690 5080 MpFilter - ok

17:01:49.0719 5080 mpio (f8276eb8698142884498a528dfea8478) C:\Windows\system32\drivers\mpio.sys

17:01:49.0722 5080 mpio - ok

17:01:49.0733 5080 MpNWMon (8fbf6b31fe8af1833d93c5913d5b4d55) C:\Windows\system32\DRIVERS\MpNWMon.sys

17:01:49.0735 5080 MpNWMon - ok

17:01:49.0761 5080 mpsdrv (c92b9abdb65a5991e00c28f13491dba2) C:\Windows\system32\drivers\mpsdrv.sys

17:01:49.0764 5080 mpsdrv - ok

17:01:49.0843 5080 MpsSvc (897e3baf68ba406a61682ae39c83900c) C:\Windows\system32\mpssvc.dll

17:01:49.0852 5080 MpsSvc - ok

17:01:49.0865 5080 Mraid35x (3c200630a89ef2c0864d515b7a75802e) C:\Windows\system32\drivers\mraid35x.sys

17:01:49.0866 5080 Mraid35x - ok

17:01:49.0937 5080 MRxDAV (7c1de4aa96dc0c071611f9e7de02a68d) C:\Windows\system32\drivers\mrxdav.sys

17:01:49.0939 5080 MRxDAV - ok

17:01:50.0001 5080 mrxsmb (1485811b320ff8c7edad1caebb1c6c2b) C:\Windows\system32\DRIVERS\mrxsmb.sys

17:01:50.0004 5080 mrxsmb - ok

17:01:50.0070 5080 mrxsmb10 (3b929a60c833fc615fd97fba82bc7632) C:\Windows\system32\DRIVERS\mrxsmb10.sys

17:01:50.0074 5080 mrxsmb10 - ok

17:01:50.0126 5080 mrxsmb20 (c64ab3e1f53b4f5b5bb6d796b2d7bec3) C:\Windows\system32\DRIVERS\mrxsmb20.sys

17:01:50.0128 5080 mrxsmb20 - ok

17:01:50.0195 5080 msahci (aa459f2ab3ab603c357ff117cae3d818) C:\Windows\system32\drivers\msahci.sys

17:01:50.0196 5080 msahci - ok

17:01:50.0223 5080 msdsm (264bbb4aaf312a485f0e44b65a6b7202) C:\Windows\system32\drivers\msdsm.sys

17:01:50.0225 5080 msdsm - ok

17:01:50.0293 5080 MSDTC (7ec02ce772f068ed0beafa3da341a9bc) C:\Windows\System32\msdtc.exe

17:01:50.0296 5080 MSDTC - ok

17:01:50.0327 5080 Msfs (704f59bfc4512d2bb0146aec31b10a7c) C:\Windows\system32\drivers\Msfs.sys

17:01:50.0328 5080 Msfs - ok

17:01:50.0352 5080 msisadrv (00ebc952961664780d43dca157e79b27) C:\Windows\system32\drivers\msisadrv.sys

17:01:50.0353 5080 msisadrv - ok

17:01:50.0380 5080 MSiSCSI (366b0c1f4478b519c181e37d43dcda32) C:\Windows\system32\iscsiexe.dll

17:01:50.0383 5080 MSiSCSI - ok

17:01:50.0393 5080 msiserver - ok

17:01:50.0428 5080 MSKSSRV (0ea73e498f53b96d83dbfca074ad4cf8) C:\Windows\system32\drivers\MSKSSRV.sys

17:01:50.0429 5080 MSKSSRV - ok

17:01:50.0517 5080 MsMpSvc (157e9e498206a3366baa7e4697bdd947) c:\Program Files\Microsoft Security Client\Antimalware\MsMpEng.exe

17:01:50.0519 5080 MsMpSvc - ok

17:01:50.0536 5080 MSPCLOCK (52e59b7e992a58e740aa63f57edbae8b) C:\Windows\system32\drivers\MSPCLOCK.sys

17:01:50.0537 5080 MSPCLOCK - ok

17:01:50.0551 5080 MSPQM (49084a75bae043ae02d5b44d02991bb2) C:\Windows\system32\drivers\MSPQM.sys

17:01:50.0552 5080 MSPQM - ok

17:01:50.0635 5080 MsRPC (dc6ccf440cdede4293db41c37a5060a5) C:\Windows\system32\drivers\MsRPC.sys

17:01:50.0640 5080 MsRPC - ok

17:01:50.0723 5080 mssmbios (855796e59df77ea93af46f20155bf55b) C:\Windows\system32\DRIVERS\mssmbios.sys

17:01:50.0725 5080 mssmbios - ok

17:01:50.0741 5080 MSTEE (86d632d75d05d5b7c7c043fa3564ae86) C:\Windows\system32\drivers\MSTEE.sys

17:01:50.0742 5080 MSTEE - ok

17:01:50.0802 5080 Mup (0cc49f78d8aca0877d885f149084e543) C:\Windows\system32\Drivers\mup.sys

17:01:50.0803 5080 Mup - ok

17:01:50.0920 5080 napagent (a5b10c845e7538c60c0f5d87a57cb3f5) C:\Windows\system32\qagentRT.dll

17:01:50.0928 5080 napagent - ok

17:01:50.0989 5080 NativeWifiP (2007b826c4acd94ae32232b41f0842b9) C:\Windows\system32\DRIVERS\nwifi.sys

17:01:50.0992 5080 NativeWifiP - ok

17:01:51.0170 5080 NDIS (65950e07329fcee8e6516b17c8d0abb6) C:\Windows\system32\drivers\ndis.sys

17:01:51.0198 5080 NDIS - ok

17:01:51.0219 5080 NdisTapi (64df698a425478e321981431ac171334) C:\Windows\system32\DRIVERS\ndistapi.sys

17:01:51.0220 5080 NdisTapi - ok

17:01:51.0243 5080 Ndisuio (8baa43196d7b5bb972c9a6b2bbf61a19) C:\Windows\system32\DRIVERS\ndisuio.sys

17:01:51.0244 5080 Ndisuio - ok

17:01:51.0299 5080 NdisWan (f8158771905260982ce724076419ef19) C:\Windows\system32\DRIVERS\ndiswan.sys

17:01:51.0302 5080 NdisWan - ok

17:01:51.0329 5080 NDProxy (9cb77ed7cb72850253e973a2d6afdf49) C:\Windows\system32\drivers\NDProxy.sys

17:01:51.0330 5080 NDProxy - ok

17:01:51.0354 5080 NetBIOS (a499294f5029a7862adc115bda7371ce) C:\Windows\system32\DRIVERS\netbios.sys

17:01:51.0355 5080 NetBIOS - ok

17:01:51.0440 5080 netbt (fc2c792ebddc8e28df939d6a92c83d61) C:\Windows\system32\DRIVERS\netbt.sys

17:01:51.0457 5080 netbt - ok

17:01:51.0570 5080 Netlogon (260bf9c43ee12c6898a9f5aab0fb0e5d) C:\Windows\system32\lsass.exe

17:01:51.0572 5080 Netlogon - ok

17:01:51.0624 5080 Netman (9b63b29defc0f3115a559d2597bf5d75) C:\Windows\System32\netman.dll

17:01:51.0630 5080 Netman - ok

17:01:51.0945 5080 netprofm (7846d0136cc2b264926a73047ba7688a) C:\Windows\System32\netprofm.dll

17:01:51.0998 5080 netprofm - ok

17:01:52.0194 5080 NetTcpPortSharing (74751dda198165947fd7454d83f49825) C:\Windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\SMSvcHost.exe

17:01:52.0196 5080 NetTcpPortSharing - ok

17:01:52.0707 5080 NETw3v64 (c86984aee87900c1eeb6942ede3bf4b6) C:\Windows\system32\DRIVERS\NETw3v64.sys

17:01:52.0748 5080 NETw3v64 - ok

17:01:52.0905 5080 nfrd960 (4ac08bd6af2df42e0c3196d826c8aea7) C:\Windows\system32\drivers\nfrd960.sys

17:01:52.0906 5080 nfrd960 - ok

17:01:53.0005 5080 NisDrv (5f7d72cbcdd025af1f38fdeee5646968) C:\Windows\system32\DRIVERS\NisDrvWFP.sys

17:01:53.0006 5080 NisDrv - ok

17:01:53.0101 5080 NisSrv (566ddd5d82520da01d75f81428ac4c38) c:\Program Files\Microsoft Security Client\Antimalware\NisSrv.exe

17:01:53.0105 5080 NisSrv - ok

17:01:53.0188 5080 NlaSvc (f145bf4c4668e7e312069f81ef847cfc) C:\Windows\System32\nlasvc.dll

17:01:53.0209 5080 NlaSvc - ok

17:01:53.0262 5080 Npfs (b298874f8e0ea93f06ec40aa8d146478) C:\Windows\system32\drivers\Npfs.sys

17:01:53.0264 5080 Npfs - ok

17:01:53.0267 5080 npggsvc - ok

17:01:53.0273 5080 NPPTNT2 - ok

17:01:53.0298 5080 nsi (acb62baa1c319b17752553df3026eeeb) C:\Windows\system32\nsisvc.dll

17:01:53.0300 5080 nsi - ok

17:01:53.0325 5080 nsiproxy (1523af19ee8b030ba682f7a53537eaeb) C:\Windows\system32\drivers\nsiproxy.sys

17:01:53.0326 5080 nsiproxy - ok

17:01:53.0543 5080 Ntfs (bac869dfb98e499ba4d9bb1fb43270e1) C:\Windows\system32\drivers\Ntfs.sys

17:01:53.0563 5080 Ntfs - ok

17:01:53.0685 5080 Null (dd5d684975352b85b52e3fd5347c20cb) C:\Windows\system32\drivers\Null.sys

17:01:53.0686 5080 Null - ok

17:01:53.0703 5080 nvraid (2c040b7ada5b06f6facadac8514aa034) C:\Windows\system32\drivers\nvraid.sys

17:01:53.0705 5080 nvraid - ok

17:01:53.0737 5080 nvstor (f7ea0fe82842d05eda3efdd376dbfdba) C:\Windows\system32\drivers\nvstor.sys

17:01:53.0738 5080 nvstor - ok

17:01:53.0768 5080 nv_agp (19067ca93075ef4823e3938a686f532f) C:\Windows\system32\drivers\nv_agp.sys

17:01:53.0770 5080 nv_agp - ok

17:01:53.0774 5080 NwlnkFlt - ok

17:01:53.0781 5080 NwlnkFwd - ok

17:01:53.0813 5080 ohci1394 (1b30103fde512915a9214b108b6e7a9c) C:\Windows\system32\DRIVERS\ohci1394.sys

17:01:53.0815 5080 ohci1394 - ok

17:01:53.0894 5080 ose (9d10f99a6712e28f8acd5641e3a7ea6b) C:\Program Files (x86)\Common Files\Microsoft Shared\Source Engine\OSE.EXE

17:01:53.0897 5080 ose - ok

17:01:54.0469 5080 osppsvc (61bffb5f57ad12f83ab64b7181829b34) C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE

17:01:54.0565 5080 osppsvc - ok

17:01:54.0840 5080 p2pimsvc (9ae31d2e1d15c10d91318e0ec149ceac) C:\Windows\system32\p2psvc.dll

17:01:54.0852 5080 p2pimsvc - ok

17:01:54.0862 5080 p2psvc (9ae31d2e1d15c10d91318e0ec149ceac) C:\Windows\system32\p2psvc.dll

17:01:54.0868 5080 p2psvc - ok

17:01:54.0909 5080 Parport (aecd57f94c887f58919f307c35498ea0) C:\Windows\system32\drivers\parport.sys

17:01:54.0911 5080 Parport - ok

17:01:54.0989 5080 partmgr (b43751085e2abe389da466bc62a4b987) C:\Windows\system32\drivers\partmgr.sys

17:01:54.0992 5080 partmgr - ok

17:01:55.0031 5080 PcaSvc (9ab157b374192ff276c1628fbdba2b0e) C:\Windows\System32\pcasvc.dll

17:01:55.0034 5080 PcaSvc - ok

17:01:55.0112 5080 pci (47ab1e0fc9d0e12bb53ba246e3a0906d) C:\Windows\system32\drivers\pci.sys

17:01:55.0115 5080 pci - ok

17:01:55.0164 5080 pciide (15e5c3f89a3452efbda3b39816dbc4ee) C:\Windows\system32\drivers\pciide.sys

17:01:55.0165 5080 pciide - ok

17:01:55.0215 5080 pcmcia (037661f3d7c507c9993b7010ceee6288) C:\Windows\system32\drivers\pcmcia.sys

17:01:55.0219 5080 pcmcia - ok

17:01:55.0292 5080 PEAUTH (58865916f53592a61549b04941bfd80d) C:\Windows\system32\drivers\peauth.sys

17:01:55.0302 5080 PEAUTH - ok

17:01:55.0411 5080 PerfHost (0ed8727ea0172860f47258456c06caea) C:\Windows\SysWow64\perfhost.exe

17:01:55.0413 5080 PerfHost - ok

17:01:55.0594 5080 pla (e9e68c1a0f25cf4a7ac966eea74ee89e) C:\Windows\system32\pla.dll

17:01:55.0616 5080 pla - ok

17:01:55.0682 5080 PlugPlay (fe6b0f59215c9fd9f9d26539c58c8b82) C:\Windows\system32\umpnpmgr.dll

17:01:55.0688 5080 PlugPlay - ok

17:01:55.0800 5080 PNRPAutoReg (9ae31d2e1d15c10d91318e0ec149ceac) C:\Windows\system32\p2psvc.dll

17:01:55.0806 5080 PNRPAutoReg - ok

17:01:55.0815 5080 PNRPsvc (9ae31d2e1d15c10d91318e0ec149ceac) C:\Windows\system32\p2psvc.dll

17:01:55.0821 5080 PNRPsvc - ok

17:01:55.0913 5080 PolicyAgent (89a5560671c2d8b4a4b51f3e1aa069d8) C:\Windows\System32\ipsecsvc.dll

17:01:55.0922 5080 PolicyAgent - ok

17:01:56.0014 5080 PptpMiniport (23386e9952025f5f21c368971e2e7301) C:\Windows\system32\DRIVERS\raspptp.sys

17:01:56.0016 5080 PptpMiniport - ok

17:01:56.0049 5080 Processor (5080e59ecee0bc923f14018803aa7a01) C:\Windows\system32\drivers\processr.sys

17:01:56.0050 5080 Processor - ok

17:01:56.0117 5080 ProfSvc (e058ce4fc2449d8bfa14739c83b7ff2a) C:\Windows\system32\profsvc.dll

17:01:56.0121 5080 ProfSvc - ok

17:01:56.0192 5080 ProtectedStorage (260bf9c43ee12c6898a9f5aab0fb0e5d) C:\Windows\system32\lsass.exe

17:01:56.0193 5080 ProtectedStorage - ok

17:01:56.0253 5080 PSched (c5ab7f0809392d0da027f4a2a81bfa31) C:\Windows\system32\DRIVERS\pacer.sys

17:01:56.0255 5080 PSched - ok

17:01:56.0371 5080 ql2300 (0b83f4e681062f3839be2ec1d98fd94a) C:\Windows\system32\drivers\ql2300.sys

17:01:56.0388 5080 ql2300 - ok

17:01:56.0402 5080 ql40xx (e1c80f8d4d1e39ef9595809c1369bf2a) C:\Windows\system32\drivers\ql40xx.sys

17:01:56.0404 5080 ql40xx - ok

17:01:56.0439 5080 QWAVE (90574842c3da781e279061a3eff91f07) C:\Windows\system32\qwave.dll

17:01:56.0444 5080 QWAVE - ok

17:01:56.0456 5080 QWAVEdrv (e8d76edab77ec9c634c27b8eac33adc5) C:\Windows\system32\drivers\qwavedrv.sys

17:01:56.0457 5080 QWAVEdrv - ok

17:01:56.0470 5080 RasAcd (1013b3b663a56d3ddd784f581c1bd005) C:\Windows\system32\DRIVERS\rasacd.sys

17:01:56.0471 5080 RasAcd - ok

17:01:56.0501 5080 RasAuto (b2ae18f847d07f0044404ddf7cb04497) C:\Windows\System32\rasauto.dll

17:01:56.0504 5080 RasAuto - ok

17:01:56.0596 5080 Rasl2tp (ac7bc4d42a7e558718dfdec599bbfc2c) C:\Windows\system32\DRIVERS\rasl2tp.sys

17:01:56.0598 5080 Rasl2tp - ok

17:01:56.0641 5080 RasMan (3ad83e4046c43be510de681588acb8af) C:\Windows\System32\rasmans.dll

17:01:56.0647 5080 RasMan - ok

17:01:56.0691 5080 RasPppoe (4517fbf8b42524afe4ede1de102aae3e) C:\Windows\system32\DRIVERS\raspppoe.sys

17:01:56.0692 5080 RasPppoe - ok

17:01:56.0751 5080 RasSstp (c6a593b51f34c33e5474539544072527) C:\Windows\system32\DRIVERS\rassstp.sys

17:01:56.0753 5080 RasSstp - ok

17:01:56.0829 5080 rdbss (322db5c6b55e8d8ee8d6f358b2aaabb1) C:\Windows\system32\DRIVERS\rdbss.sys

17:01:56.0833 5080 rdbss - ok

17:01:56.0863 5080 RDPCDD (603900cc05f6be65ccbf373800af3716) C:\Windows\system32\DRIVERS\RDPCDD.sys

17:01:56.0864 5080 RDPCDD - ok

17:01:56.0916 5080 rdpdr (c045d1fb111c28df0d1be8d4bda22c06) C:\Windows\system32\drivers\rdpdr.sys

17:01:56.0921 5080 rdpdr - ok

17:01:56.0925 5080 RDPENCDD (cab9421daf3d97b33d0d055858e2c3ab) C:\Windows\system32\drivers\rdpencdd.sys

17:01:56.0926 5080 RDPENCDD - ok

17:01:56.0967 5080 RDPWD (ae4bd9e1c33d351d8e607fc81f15160c) C:\Windows\system32\drivers\RDPWD.sys

17:01:56.0971 5080 RDPWD - ok

17:01:57.0131 5080 Recovery Service for Windows (0d362785bef9bdf5a6e1f4628d06716d) C:\Program Files (x86)\SMINST\BLService.exe

17:01:57.0136 5080 Recovery Service for Windows - ok

17:01:57.0161 5080 RemoteAccess (c612b9557da73f70d41f8a6fbc8e5344) C:\Windows\System32\mprdim.dll

17:01:57.0164 5080 RemoteAccess - ok

17:01:57.0224 5080 RemoteRegistry (44b9d8ec2f3ef3a0efb00857af70d861) C:\Windows\system32\regsvc.dll

17:01:57.0229 5080 RemoteRegistry - ok

17:01:57.0233 5080 rffxouuu - ok

17:01:57.0313 5080 RichVideo (805ae1f90c64758d19aaa001cf8cba12) C:\Program Files (x86)\CyberLink\Shared files\RichVideo.exe

17:01:57.0316 5080 RichVideo - ok

17:01:57.0333 5080 RpcLocator (f46c457840d4b7a4daafee739ce04102) C:\Windows\system32\locator.exe

17:01:57.0334 5080 RpcLocator - ok

17:01:57.0425 5080 RpcSs (cf8b9a3a5e7dc57724a89d0c3e8cf9ef) C:\Windows\system32\rpcss.dll

17:01:57.0431 5080 RpcSs - ok

17:01:57.0453 5080 rspndr (22a9cb08b1a6707c1550c6bf099aae73) C:\Windows\system32\DRIVERS\rspndr.sys

17:01:57.0455 5080 rspndr - ok

17:01:57.0513 5080 RTL8169 (170a66dfaaa22358e08d6f4b38c8f3df) C:\Windows\system32\DRIVERS\Rtlh64.sys

17:01:57.0517 5080 RTL8169 - ok

17:01:57.0542 5080 RTSTOR (4ad8464fece8ebe276d4a7d75e418452) C:\Windows\system32\drivers\RTSTOR64.SYS

17:01:57.0544 5080 RTSTOR - ok

17:01:57.0584 5080 SamSs (260bf9c43ee12c6898a9f5aab0fb0e5d) C:\Windows\system32\lsass.exe

17:01:57.0586 5080 SamSs - ok

17:01:57.0609 5080 sbp2port (cd9c693589c60ad59bbbcfb0e524e01b) C:\Windows\system32\drivers\sbp2port.sys

17:01:57.0610 5080 sbp2port - ok

17:01:57.0698 5080 SCardSvr (fd1cdcf108d5ef3366f00d18b70fb89b) C:\Windows\System32\SCardSvr.dll

17:01:57.0702 5080 SCardSvr - ok

17:01:57.0854 5080 Schedule (0f838c811ad295d2a4489b9993096c63) C:\Windows\system32\schedsvc.dll

17:01:57.0867 5080 Schedule - ok

17:01:57.0911 5080 SCPolicySvc (5a268127633c7ee2a7fb87f39d748d56) C:\Windows\System32\certprop.dll

17:01:57.0911 5080 SCPolicySvc - ok

17:01:57.0945 5080 sdbus (b42ee50f7d24f837f925332eb349eca5) C:\Windows\system32\DRIVERS\sdbus.sys

17:01:57.0947 5080 sdbus - ok

17:01:57.0980 5080 SDRSVC (4ff71b076a7760fe75ea5ae2d0ee0018) C:\Windows\System32\SDRSVC.dll

17:01:57.0984 5080 SDRSVC - ok

17:01:58.0017 5080 secdrv (3ea8a16169c26afbeb544e0e48421186) C:\Windows\system32\drivers\secdrv.sys

17:01:58.0018 5080 secdrv - ok

17:01:58.0034 5080 seclogon (5acdcbc67fcf894a1815b9f96d704490) C:\Windows\system32\seclogon.dll

17:01:58.0036 5080 seclogon - ok

17:01:58.0054 5080 SENS (90973a64b96cd647ff81c79443618eed) C:\Windows\System32\sens.dll

17:01:58.0057 5080 SENS - ok

17:01:58.0071 5080 Serenum (f71bfe7ac6c52273b7c82cbf1bb2a222) C:\Windows\system32\drivers\serenum.sys

17:01:58.0073 5080 Serenum - ok

17:01:58.0096 5080 Serial (e62fac91ee288db29a9696a9d279929c) C:\Windows\system32\drivers\serial.sys

17:01:58.0098 5080 Serial - ok

17:01:58.0117 5080 sermouse (a842f04833684bceea7336211be478df) C:\Windows\system32\drivers\sermouse.sys

17:01:58.0118 5080 sermouse - ok

17:01:58.0145 5080 SessionEnv (a8e4a4407a09f35dccc3771af590b0c4) C:\Windows\system32\sessenv.dll

17:01:58.0148 5080 SessionEnv - ok

17:01:58.0178 5080 sffdisk (14d4b4465193a87c127933978e8c4106) C:\Windows\system32\drivers\sffdisk.sys

17:01:58.0179 5080 sffdisk - ok

17:01:58.0188 5080 sffp_mmc (7073aee3f82f3d598e3825962aa98ab2) C:\Windows\system32\drivers\sffp_mmc.sys

17:01:58.0189 5080 sffp_mmc - ok

17:01:58.0207 5080 sffp_sd (35e59ebe4a01a0532ed67975161c7b82) C:\Windows\system32\drivers\sffp_sd.sys

17:01:58.0209 5080 sffp_sd - ok

17:01:58.0223 5080 sfloppy (6b7838c94135768bd455cbdc23e39e5f) C:\Windows\system32\drivers\sfloppy.sys

17:01:58.0224 5080 sfloppy - ok

17:01:58.0298 5080 SharedAccess (4c5aee179da7e1ee9a9ccb9da289af34) C:\Windows\System32\ipnathlp.dll

17:01:58.0306 5080 SharedAccess - ok

17:01:58.0370 5080 ShellHWDetection (56793271ecdedd350c5add305603e963) C:\Windows\System32\shsvcs.dll

17:01:58.0377 5080 ShellHWDetection - ok

17:01:58.0397 5080 SiSRaid2 (7a5de502aeb719d4594c6471060a78b3) C:\Windows\system32\drivers\sisraid2.sys

17:01:58.0399 5080 SiSRaid2 - ok

17:01:58.0415 5080 SiSRaid4 (3a2f769fab9582bc720e11ea1dfb184d) C:\Windows\system32\drivers\sisraid4.sys

17:01:58.0417 5080 SiSRaid4 - ok

17:01:58.0819 5080 slsvc (a9a27a8e257b45a604fdad4f26fe7241) C:\Windows\system32\SLsvc.exe

17:01:58.0886 5080 slsvc - ok

17:01:59.0056 5080 SLUINotify (fd74b4b7c2088e390a30c85a896fc3af) C:\Windows\system32\SLUINotify.dll

17:01:59.0059 5080 SLUINotify - ok

17:01:59.0138 5080 Smb (290b6f6a0ec4fcdfc90f5cb6d7020473) C:\Windows\system32\DRIVERS\smb.sys

17:01:59.0140 5080 Smb - ok

17:01:59.0187 5080 SNMPTRAP (f8f47f38909823b1af28d60b96340cff) C:\Windows\System32\snmptrap.exe

17:01:59.0189 5080 SNMPTRAP - ok

17:01:59.0495 5080 SolidWorks Licensing Service (4945020bc094c322571184a6e8056b3a) C:\Program Files (x86)\Common Files\SolidWorks Shared\Service\SolidWorksLicensing.exe

17:01:59.0497 5080 SolidWorks Licensing Service - ok

17:01:59.0579 5080 spldr (386c3c63f00a7040c7ec5e384217e89d) C:\Windows\system32\drivers\spldr.sys

17:01:59.0590 5080 spldr - ok

17:01:59.0664 5080 Spooler (f66ff751e7efc816d266977939ef5dc3) C:\Windows\System32\spoolsv.exe

17:01:59.0670 5080 Spooler - ok

17:01:59.0966 5080 srv (880a57fccb571ebd063d4dd50e93e46d) C:\Windows\system32\DRIVERS\srv.sys

17:02:00.0010 5080 srv - ok

17:02:00.0262 5080 srv2 (a1ad14a6d7a37891fffeca35ebbb0730) C:\Windows\system32\DRIVERS\srv2.sys

17:02:00.0294 5080 srv2 - ok

17:02:00.0515 5080 srvnet (4bed62f4fa4d8300973f1151f4c4d8a7) C:\Windows\system32\DRIVERS\srvnet.sys

17:02:00.0518 5080 srvnet - ok

17:02:00.0562 5080 SSDPSRV (192c74646ec5725aef3f80d19ff75f6a) C:\Windows\System32\ssdpsrv.dll

17:02:00.0568 5080 SSDPSRV - ok

17:02:00.0623 5080 SstpSvc (2ee3fa0308e6185ba64a9a7f2e74332b) C:\Windows\system32\sstpsvc.dll

17:02:00.0628 5080 SstpSvc - ok

17:02:00.0976 5080 stisvc (15825c1fbfb8779992cb65087f316af5) C:\Windows\System32\wiaservc.dll

17:02:01.0023 5080 stisvc - ok

17:02:01.0044 5080 swenum (8a851ca908b8b974f89c50d2e18d4f0c) C:\Windows\system32\DRIVERS\swenum.sys

17:02:01.0046 5080 swenum - ok

17:02:01.0789 5080 swprv (6de37f4de19d4efd9c48c43addbc949a) C:\Windows\System32\swprv.dll

17:02:01.0821 5080 swprv - ok

17:02:01.0879 5080 Symc8xx (2f26a2c6fc96b29beff5d8ed74e6625b) C:\Windows\system32\drivers\symc8xx.sys

17:02:01.0881 5080 Symc8xx - ok

17:02:01.0899 5080 Sym_hi (a909667976d3bccd1df813fed517d837) C:\Windows\system32\drivers\sym_hi.sys

17:02:01.0900 5080 Sym_hi - ok

17:02:01.0917 5080 Sym_u3 (36887b56ec2d98b9c362f6ae4de5b7b0) C:\Windows\system32\drivers\sym_u3.sys

17:02:01.0918 5080 Sym_u3 - ok

17:02:01.0969 5080 SynTP (e33b57c4aa60288e9971277d88ce9b67) C:\Windows\system32\DRIVERS\SynTP.sys

17:02:01.0976 5080 SynTP - ok

17:02:02.0135 5080 SysMain (92d7a8b0f87b036f17d25885937897a6) C:\Windows\system32\sysmain.dll

17:02:02.0154 5080 SysMain - ok

17:02:02.0181 5080 TabletInputService (005ce42567f9113a3bccb3b20073b029) C:\Windows\System32\TabSvc.dll

17:02:02.0186 5080 TabletInputService - ok

17:02:02.0436 5080 TapiSrv (cc2562b4d55e0b6a4758c65407f63b79) C:\Windows\System32\tapisrv.dll

17:02:02.0451 5080 TapiSrv - ok

17:02:02.0476 5080 TBS (cdbe8d7c1e201b911cdc346d06617fb5) C:\Windows\System32\tbssvc.dll

17:02:02.0479 5080 TBS - ok

17:02:03.0026 5080 Tcpip (ac8d5728e6ad6a7c4819d9a67008337a) C:\Windows\system32\drivers\tcpip.sys

17:02:03.0068 5080 Tcpip - ok

17:02:04.0469 5080 Tcpip6 (ac8d5728e6ad6a7c4819d9a67008337a) C:\Windows\system32\DRIVERS\tcpip.sys

17:02:04.0481 5080 Tcpip6 - ok

17:02:05.0383 5080 tcpipreg (fd8fde859e38e40a20085ebb0c22b416) C:\Windows\system32\drivers\tcpipreg.sys

17:02:05.0385 5080 tcpipreg - ok

17:02:05.0420 5080 TDPIPE (1d8bf4aaa5fb7a2761475781dc1195bc) C:\Windows\system32\drivers\tdpipe.sys

17:02:05.0421 5080 TDPIPE - ok

17:02:05.0445 5080 TDTCP (7f7e00cdf609df657f4cda02dd1c9bb1) C:\Windows\system32\drivers\tdtcp.sys

17:02:05.0447 5080 TDTCP - ok

17:02:05.0756 5080 tdx (458919c8c42e398dc4802178d5ffee27) C:\Windows\system32\DRIVERS\tdx.sys

17:02:05.0759 5080 tdx - ok

17:02:05.0801 5080 TermDD (8c19678d22649ec002ef2282eae92f98) C:\Windows\system32\DRIVERS\termdd.sys

17:02:05.0802 5080 TermDD - ok

17:02:05.0996 5080 TermService (5cdd30bc217082dac71a9878d9bfd566) C:\Windows\System32\termsrv.dll

17:02:06.0005 5080 TermService - ok

17:02:06.0057 5080 Themes (56793271ecdedd350c5add305603e963) C:\Windows\system32\shsvcs.dll

17:02:06.0061 5080 Themes - ok

17:02:06.0081 5080 THREADORDER (3cbe4995e80e13ccfbc42e5dcf3ac81a) C:\Windows\system32\mmcss.dll

17:02:06.0083 5080 THREADORDER - ok

17:02:06.0123 5080 TPM (270308efb59976157755c768b8544b5f) C:\Windows\system32\drivers\tpm.sys

17:02:06.0124 5080 TPM - ok

17:02:06.0213 5080 TrkWks (f4689f05af472a651a7b1b7b02d200e7) C:\Windows\System32\trkwks.dll

17:02:06.0217 5080 TrkWks - ok

17:02:06.0445 5080 TrustedInstaller (66328b08ef5a9305d8ede36b93930369) C:\Windows\servicing\TrustedInstaller.exe

17:02:06.0466 5080 TrustedInstaller - ok

17:02:06.0514 5080 tssecsrv (9e5409cd17c8bef193aad498f3bc2cb8) C:\Windows\system32\DRIVERS\tssecsrv.sys

17:02:06.0515 5080 tssecsrv - ok

17:02:06.0535 5080 tunmp (89ec74a9e602d16a75a4170511029b3c) C:\Windows\system32\DRIVERS\tunmp.sys

17:02:06.0536 5080 tunmp - ok

17:02:06.0584 5080 tunnel (30a9b3f45ad081bffc3bcaa9c812b609) C:\Windows\system32\DRIVERS\tunnel.sys

17:02:06.0585 5080 tunnel - ok

17:02:06.0603 5080 uagp35 (fec266ef401966311744bd0f359f7f56) C:\Windows\system32\drivers\uagp35.sys

17:02:06.0605 5080 uagp35 - ok

17:02:06.0669 5080 udfs (faf2640a2a76ed03d449e443194c4c34) C:\Windows\system32\DRIVERS\udfs.sys

17:02:06.0674 5080 udfs - ok

17:02:06.0824 5080 UI0Detect (060507c4113391394478f6953a79eedc) C:\Windows\system32\UI0Detect.exe

17:02:06.0826 5080 UI0Detect - ok

17:02:06.0871 5080 uliagpkx (4ec9447ac3ab462647f60e547208ca00) C:\Windows\system32\drivers\uliagpkx.sys

17:02:06.0873 5080 uliagpkx - ok

17:02:06.0912 5080 uliahci (697f0446134cdc8f99e69306184fbbb4) C:\Windows\system32\drivers\uliahci.sys

17:02:06.0917 5080 uliahci - ok

17:02:06.0931 5080 UlSata (31707f09846056651ea2c37858f5ddb0) C:\Windows\system32\drivers\ulsata.sys

17:02:06.0935 5080 UlSata - ok

17:02:06.0956 5080 ulsata2 (85e5e43ed5b48c8376281bab519271b7) C:\Windows\system32\drivers\ulsata2.sys

17:02:06.0959 5080 ulsata2 - ok

17:02:06.0966 5080 umbus (46e9a994c4fed537dd951f60b86ad3f4) C:\Windows\system32\DRIVERS\umbus.sys

17:02:06.0968 5080 umbus - ok

17:02:07.0011 5080 upnphost (7093799ff80e9deca0680d2e3535be60) C:\Windows\System32\upnphost.dll

17:02:07.0019 5080 upnphost - ok

17:02:07.0081 5080 USBAAPL64 (fb251567f41bc61988b26731dec19e4b) C:\Windows\system32\Drivers\usbaapl64.sys

17:02:07.0082 5080 USBAAPL64 - ok

17:02:07.0135 5080 usbaudio (c6ba890de6e41857fbe84175519cae7d) C:\Windows\system32\drivers\usbaudio.sys

17:02:07.0147 5080 usbaudio - ok

17:02:07.0188 5080 usbccgp (07e3498fc60834219d2356293da0fecc) C:\Windows\system32\DRIVERS\usbccgp.sys

17:02:07.0191 5080 usbccgp - ok

17:02:07.0232 5080 USBCCID (f8e1cb9b8da037219953190cd2aca358) C:\Windows\system32\DRIVERS\usbccid.sys

17:02:07.0233 5080 USBCCID - ok

17:02:07.0518 5080 usbcir (9247f7e0b65852c1f6631480984d6ed2) C:\Windows\system32\drivers\usbcir.sys

17:02:07.0520 5080 usbcir - ok

17:02:07.0589 5080 usbehci (827e44de934a736ea31e91d353eb126f) C:\Windows\system32\DRIVERS\usbehci.sys

17:02:07.0591 5080 usbehci - ok

17:02:07.0692 5080 usbhub (bb35cd80a2ececfadc73569b3d70c7d1) C:\Windows\system32\DRIVERS\usbhub.sys

17:02:07.0696 5080 usbhub - ok

17:02:07.0726 5080 usbohci (eba14ef0c07cec233f1529c698d0d154) C:\Windows\system32\drivers\usbohci.sys

17:02:07.0727 5080 usbohci - ok

17:02:07.0750 5080 usbprint (28b693b6d31e7b9332c1bdcefef228c1) C:\Windows\system32\DRIVERS\usbprint.sys

17:02:07.0751 5080 usbprint - ok

17:02:07.0787 5080 usbscan (ea0bf666868964fbe8cb10e50c97b9f1) C:\Windows\system32\DRIVERS\usbscan.sys

17:02:07.0789 5080 usbscan - ok

17:02:07.0927 5080 USBSTOR (b854c1558fca0c269a38663e8b59b581) C:\Windows\system32\DRIVERS\USBSTOR.SYS

17:02:07.0930 5080 USBSTOR - ok

17:02:07.0971 5080 usbuhci (b2872cbf9f47316abd0e0c74a1aba507) C:\Windows\system32\DRIVERS\usbuhci.sys

17:02:07.0973 5080 usbuhci - ok

17:02:08.0060 5080 usbvideo (fc33099877790d51b0927b7039059855) C:\Windows\system32\Drivers\usbvideo.sys

17:02:08.0063 5080 usbvideo - ok

17:02:08.0156 5080 UxSms (d76e231e4850bb3f88a3d9a78df191e3) C:\Windows\System32\uxsms.dll

17:02:08.0162 5080 UxSms - ok

17:02:08.0603 5080 vds (294945381dfa7ce58cecf0a9896af327) C:\Windows\System32\vds.exe

17:02:08.0635 5080 vds - ok

17:02:08.0671 5080 vga (916b94bcf1e09873fff2d5fb11767bbc) C:\Windows\system32\DRIVERS\vgapnp.sys

17:02:08.0672 5080 vga - ok

17:02:08.0691 5080 VgaSave (b83ab16b51feda65dd81b8c59d114d63) C:\Windows\System32\drivers\vga.sys

17:02:08.0692 5080 VgaSave - ok

17:02:08.0709 5080 viaide (4f964e6828156f0ef3fa8d3a9a7895de) C:\Windows\system32\drivers\viaide.sys

17:02:08.0710 5080 viaide - ok

17:02:08.0758 5080 volmgr (2b7e885ed951519a12c450d24535dfca) C:\Windows\system32\drivers\volmgr.sys

17:02:08.0778 5080 volmgr - ok

17:02:09.0093 5080 volmgrx (cec5ac15277d75d9e5dec2e1c6eaf877) C:\Windows\system32\drivers\volmgrx.sys

17:02:09.0114 5080 volmgrx - ok

17:02:09.0166 5080 volsnap (5280aada24ab36b01a84a6424c475c8d) C:\Windows\system32\drivers\volsnap.sys

17:02:09.0170 5080 volsnap - ok

17:02:09.0174 5080 vqioviue - ok

17:02:09.0542 5080 vsmraid (a68f455ed2673835209318dd61bfbb0e) C:\Windows\system32\drivers\vsmraid.sys

17:02:09.0548 5080 vsmraid - ok

17:02:11.0809 5080 VSS (b75232dad33bfd95bf6f0a3e6bff51e1) C:\Windows\system32\vssvc.exe

17:02:11.0854 5080 VSS - ok

17:02:13.0100 5080 W32Time (f14a7de2ea41883e250892e1e5230a9a) C:\Windows\system32\w32time.dll

17:02:13.0131 5080 W32Time - ok

17:02:13.0485 5080 W3SVC (1ed89751bbc0b2a050b6367a613c1c51) C:\Windows\system32\inetsrv\iisw3adm.dll

17:02:13.0496 5080 W3SVC - ok

17:02:13.0582 5080 WacomPen (fef8fe5923fead2cee4dfabfce3393a7) C:\Windows\system32\drivers\wacompen.sys

17:02:13.0603 5080 WacomPen - ok

17:02:13.0653 5080 Wanarp (b8e7049622300d20ba6d8be0c47c0cfd) C:\Windows\system32\DRIVERS\wanarp.sys

17:02:13.0655 5080 Wanarp - ok

17:02:13.0658 5080 Wanarpv6 (b8e7049622300d20ba6d8be0c47c0cfd) C:\Windows\system32\DRIVERS\wanarp.sys

17:02:13.0659 5080 Wanarpv6 - ok

17:02:13.0669 5080 WAS (1ed89751bbc0b2a050b6367a613c1c51) C:\Windows\system32\inetsrv\iisw3adm.dll

17:02:13.0672 5080 WAS - ok

17:02:13.0768 5080 wcncsvc (b4e4c37d0aa6100090a53213ee2bf1c1) C:\Windows\System32\wcncsvc.dll

17:02:13.0778 5080 wcncsvc - ok

17:02:13.0808 5080 WcsPlugInService (ea4b369560e986f19d93f45a881484ac) C:\Windows\System32\WcsPlugInService.dll

17:02:13.0811 5080 WcsPlugInService - ok

17:02:13.0831 5080 Wd (0c17a0816f65b89e362e682ad5e7266e) C:\Windows\system32\drivers\wd.sys

17:02:13.0833 5080 Wd - ok

17:02:13.0949 5080 Wdf01000 (d02e7e4567da1e7582fbf6a91144b0df) C:\Windows\system32\drivers\Wdf01000.sys

17:02:13.0963 5080 Wdf01000 - ok

17:02:14.0030 5080 WdiServiceHost (c5efda73ebfca8b02a094898de0a9276) C:\Windows\system32\wdi.dll

17:02:14.0033 5080 WdiServiceHost - ok

17:02:14.0037 5080 WdiSystemHost (c5efda73ebfca8b02a094898de0a9276) C:\Windows\system32\wdi.dll

17:02:14.0041 5080 WdiSystemHost - ok

17:02:14.0158 5080 WebClient (3e6d05381cf35f75ebb055544a8ed9ac) C:\Windows\System32\webclnt.dll

17:02:14.0164 5080 WebClient - ok

17:02:14.0515 5080 Wecsvc (8d40bc587993f876658bf9fb0f7d3462) C:\Windows\system32\wecsvc.dll

17:02:14.0529 5080 Wecsvc - ok

17:02:14.0564 5080 wercplsupport (9c980351d7e96288ea0c23ae232bd065) C:\Windows\System32\wercplsupport.dll

17:02:14.0567 5080 wercplsupport - ok

17:02:14.0591 5080 WerSvc (66b9ecebc46683f47edc06333c075fef) C:\Windows\System32\WerSvc.dll

17:02:14.0595 5080 WerSvc - ok

17:02:15.0001 5080 winachsf (590812dd01a4fe83c6e92fdb701e59a6) C:\Windows\system32\DRIVERS\CAX_CNXT.sys

17:02:15.0030 5080 winachsf - ok

17:02:15.0045 5080 WinDefend - ok

17:02:15.0053 5080 WinHttpAutoProxySvc - ok

17:02:15.0246 5080 Winmgmt (d2e7296ed1bd26d8db2799770c077a02) C:\Windows\system32\wbem\WMIsvc.dll

17:02:15.0251 5080 Winmgmt - ok

17:02:15.0542 5080 WinRM (6cbb0c68f13b9c2ec1b16f5fa5e7c869) C:\Windows\system32\WsmSvc.dll

17:02:15.0592 5080 WinRM - ok

17:02:15.0812 5080 Wlansvc (ec339c8115e91baed835957e9a677f16) C:\Windows\System32\wlansvc.dll

17:02:15.0823 5080 Wlansvc - ok

17:02:15.0941 5080 wlcrasvc (06c8fa1cf39de6a735b54d906ba791c6) C:\Program Files\Windows Live\Mesh\wlcrasvc.exe

17:02:15.0942 5080 wlcrasvc - ok

17:02:16.0168 5080 wlidsvc (7e47c328fc4768cb8beafbcfafa70362) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE

17:02:16.0199 5080 wlidsvc - ok

17:02:16.0319 5080 WmiAcpi (e18aebaaa5a773fe11aa2c70f65320f5) C:\Windows\system32\DRIVERS\wmiacpi.sys

17:02:16.0320 5080 WmiAcpi - ok

17:02:16.0401 5080 wmiApSrv (21fa389e65a852698b6a1341f36ee02d) C:\Windows\system32\wbem\WmiApSrv.exe

17:02:16.0404 5080 wmiApSrv - ok

17:02:16.0432 5080 WMPNetworkSvc - ok

17:02:16.0465 5080 WPCSvc (cbc156c913f099e6680d1df9307db7a8) C:\Windows\System32\wpcsvc.dll

17:02:16.0469 5080 WPCSvc - ok

17:02:16.0517 5080 WPDBusEnum (490a18b4e4d53dc10879deaa8e8b70d9) C:\Windows\system32\wpdbusenum.dll

17:02:16.0521 5080 WPDBusEnum - ok

17:02:16.0547 5080 WpdUsb (5e2401b3fc1089c90e081291357371a9) C:\Windows\system32\DRIVERS\wpdusb.sys

17:02:16.0548 5080 WpdUsb - ok

17:02:16.0765 5080 WPFFontCache_v0400 (991e2c2cf3bc204c2bb2ee1476149e4e) C:\Windows\Microsoft.NET\Framework64\v4.0.30319\WPF\WPFFontCache_v0400.exe

17:02:16.0779 5080 WPFFontCache_v0400 - ok

17:02:16.0801 5080 ws2ifsl (8a900348370e359b6bff6a550e4649e1) C:\Windows\system32\drivers\ws2ifsl.sys

17:02:16.0802 5080 ws2ifsl - ok

17:02:16.0859 5080 wscsvc (9ea3e6d0ef7a5c2b9181961052a4b01a) C:\Windows\System32\wscsvc.dll

17:02:16.0863 5080 wscsvc - ok

17:02:16.0867 5080 WSearch - ok

17:02:17.0112 5080 wuauserv (d9ef901dca379cfe914e9fa13b73b4c4) C:\Windows\system32\wuaueng.dll

17:02:17.0147 5080 wuauserv - ok

17:02:17.0293 5080 WUDFRd (501a65252617b495c0f1832f908d54d8) C:\Windows\system32\DRIVERS\WUDFRd.sys

17:02:17.0295 5080 WUDFRd - ok

17:02:17.0327 5080 wudfsvc (6cbd51ff913c851d56ed9dc7f2a27dde) C:\Windows\System32\WUDFSvc.dll

17:02:17.0330 5080 wudfsvc - ok

17:02:17.0362 5080 XAudio (f22e443518bc599d12888daf292a56d8) C:\Windows\system32\DRIVERS\xaudio64.sys

17:02:17.0363 5080 XAudio - ok

17:02:17.0424 5080 XAudioService (963c27034bba4ac52a13f7a3c657c708) C:\Windows\system32\DRIVERS\xaudio64.exe

17:02:17.0431 5080 XAudioService - ok

17:02:17.0605 5080 YahooAUService (dd0042f0c3b606a6a8b92d49afb18ad6) C:\Program Files (x86)\Yahoo!\SoftwareUpdate\YahooAUService.exe

17:02:17.0627 5080 YahooAUService - ok

17:02:17.0677 5080 yukonx64 (07f7285220307aafb755d890295f0f9a) C:\Windows\system32\DRIVERS\yk60x64.sys

17:02:17.0681 5080 yukonx64 - ok

17:02:17.0709 5080 MBR (0x1B8) (588ae8f0c685c02ba11f30d9cd7e61a0) \Device\Harddisk0\DR0

17:02:17.0819 5080 \Device\Harddisk0\DR0 - ok

17:02:17.0823 5080 Boot (0x1200) (1a350d6a4c2ffdd54f83768a7121ac5d) \Device\Harddisk0\DR0\Partition0

17:02:17.0825 5080 \Device\Harddisk0\DR0\Partition0 - ok

17:02:17.0830 5080 Boot (0x1200) (8eea3ae57de8495f0632450ea47e7e92) \Device\Harddisk0\DR0\Partition1

17:02:17.0832 5080 \Device\Harddisk0\DR0\Partition1 - ok

17:02:17.0833 5080 ============================================================

17:02:17.0833 5080 Scan finished

17:02:17.0833 5080 ============================================================

17:02:17.0846 4080 Detected object count: 1

17:02:17.0846 4080 Actual detected object count: 1

17:26:11.0025 4080 Akamai ( HiddenFile.Multi.Generic ) - skipped by user

17:26:11.0025 4080 Akamai ( HiddenFile.Multi.Generic ) - User select action: Skip

17:26:14.0169 0208 Deinitialize success

Link to post
Share on other sites

Here is the log for Combofix. Thanks

ComboFix 12-07-02.01 - Chris 07/03/2012 18:46:34.2.2 - x64

Microsoft® Windows Vista™ Home Premium 6.0.6002.2.1252.1.1033.18.3998.2139 [GMT -4:00]

Running from: c:\users\Chris\Desktop\ComboFix.exe

AV: Microsoft Security Essentials *Disabled/Updated* {108DAC43-C256-20B7-BB05-914135DA5160}

SP: Microsoft Security Essentials *Disabled/Updated* {ABEC4DA7-E46C-2F39-81B5-AA334E5D1BDD}

SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

.

.

((((((((((((((((((((((((( Files Created from 2012-06-03 to 2012-07-03 )))))))))))))))))))))))))))))))

.

.

2012-07-03 23:00 . 2012-07-03 23:00 -------- d-----w- c:\windows\system32\config\systemprofile\AppData\Local\temp

2012-07-03 23:00 . 2012-07-03 23:00 -------- d-----w- c:\users\Mindy\AppData\Local\temp

2012-07-03 23:00 . 2012-07-03 23:00 -------- d-----w- c:\users\Default\AppData\Local\temp

2012-07-03 23:00 . 2012-07-03 23:00 -------- d-----w- c:\users\Ben\AppData\Local\temp

2012-07-03 20:55 . 2012-07-03 20:55 116016 ----a-w- c:\windows\system32\drivers\08277209.sys

2012-07-03 17:35 . 2012-05-31 04:04 9013136 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{DDA3A25B-461B-42D1-A90D-22D5EFD452F2}\mpengine.dll

2012-07-03 13:58 . 2012-07-03 13:58 -------- d-----w- C:\TDSSKiller_Quarantine

2012-07-03 02:50 . 2012-07-03 17:12 -------- d-----w- c:\users\Chris\AppData\Local\Adobe

2012-07-03 01:14 . 2012-07-03 01:14 -------- d-----w- c:\users\Chris\AppData\Local\Apple

2012-07-03 01:13 . 2012-07-03 01:13 -------- d-----w- c:\users\Chris\AppData\Local\Apple Computer

2012-07-02 22:56 . 2012-07-02 22:56 -------- d-----w- c:\users\Chris\AppData\Local\Mozilla

2012-07-02 22:55 . 2012-07-02 22:55 -------- d-----w- c:\users\Chris\AppData\Roaming\Yahoo!

2012-07-02 22:41 . 2012-07-02 22:41 -------- d-----w- c:\users\Chris\AppData\Roaming\Malwarebytes

2012-06-18 04:04 . 2012-06-18 04:04 18912 ----a-w- c:\program files (x86)\Mozilla Firefox\AccessibleMarshal.dll

2012-06-18 04:04 . 2012-06-18 04:04 2106216 ----a-w- c:\program files (x86)\Mozilla Firefox\D3DCompiler_43.dll

2012-06-18 04:04 . 2012-06-18 04:04 85472 ----a-w- c:\program files (x86)\Mozilla Firefox\components\browsercomps.dll

2012-06-18 04:04 . 2012-06-18 04:04 117728 ----a-w- c:\program files (x86)\Mozilla Firefox\crashreporter.exe

2012-06-18 04:04 . 2012-06-18 04:04 770384 ----a-w- c:\program files (x86)\Mozilla Firefox\msvcr100.dll

2012-06-18 04:04 . 2012-06-18 04:04 421200 ----a-w- c:\program files (x86)\Mozilla Firefox\msvcp100.dll

2012-06-18 02:27 . 2012-06-18 02:27 -------- d-----w- c:\users\Mindy\AppData\Roaming\.mono

2012-06-18 02:21 . 2012-06-18 02:26 -------- d-----w- c:\users\Mindy\AppData\Roaming\Pokémon Trading Card Game Online

2012-06-13 01:22 . 2012-05-01 14:29 209920 ----a-w- c:\windows\system32\drivers\rdpwd.sys

2012-06-13 01:22 . 2012-05-15 20:15 2767360 ----a-w- c:\windows\system32\win32k.sys

2012-06-13 01:22 . 2012-04-23 16:25 132096 ----a-w- c:\windows\system32\cryptnet.dll

2012-06-13 01:22 . 2012-04-23 16:25 1267200 ----a-w- c:\windows\system32\crypt32.dll

2012-06-13 01:22 . 2012-04-23 16:00 984064 ----a-w- c:\windows\SysWow64\crypt32.dll

2012-06-13 01:22 . 2012-04-23 16:25 174592 ----a-w- c:\windows\system32\cryptsvc.dll

2012-06-13 01:22 . 2012-04-23 16:00 98304 ----a-w- c:\windows\SysWow64\cryptnet.dll

2012-06-13 01:22 . 2012-04-23 16:00 133120 ----a-w- c:\windows\SysWow64\cryptsvc.dll

2012-06-08 23:49 . 2012-06-02 22:19 57880 ----a-w- c:\windows\system32\wuauclt.exe

2012-06-08 23:49 . 2012-06-02 22:19 44056 ----a-w- c:\windows\system32\wups2.dll

2012-06-08 23:49 . 2012-06-02 22:15 2622464 ----a-w- c:\windows\system32\wucltux.dll

2012-06-08 23:49 . 2012-06-02 22:19 2428952 ----a-w- c:\windows\system32\wuaueng.dll

2012-06-08 23:48 . 2012-06-02 22:19 38424 ----a-w- c:\windows\system32\wups.dll

2012-06-08 23:48 . 2012-06-02 22:19 35864 ----a-w- c:\windows\SysWow64\wups.dll

2012-06-08 23:48 . 2012-06-02 22:19 701976 ----a-w- c:\windows\system32\wuapi.dll

2012-06-08 23:48 . 2012-06-02 22:19 577048 ----a-w- c:\windows\SysWow64\wuapi.dll

2012-06-08 23:48 . 2012-06-02 22:15 99840 ----a-w- c:\windows\system32\wudriver.dll

2012-06-08 23:48 . 2012-06-02 22:12 88576 ----a-w- c:\windows\SysWow64\wudriver.dll

2012-06-08 23:48 . 2012-06-02 19:19 186752 ----a-w- c:\windows\system32\wuwebv.dll

2012-06-08 23:48 . 2012-06-02 19:19 171904 ----a-w- c:\windows\SysWow64\wuwebv.dll

2012-06-08 23:48 . 2012-06-02 19:15 36864 ----a-w- c:\windows\system32\wuapp.exe

2012-06-08 23:48 . 2012-06-02 19:12 33792 ----a-w- c:\windows\SysWow64\wuapp.exe

.

.

.

(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))

.

2012-05-29 19:40 . 2012-05-27 02:59 70304 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl

2012-05-29 19:40 . 2012-05-27 02:59 419488 ----a-w- c:\windows\SysWow64\FlashPlayerApp.exe

2012-05-21 13:42 . 2012-05-21 13:42 8769696 ----a-w- c:\windows\SysWow64\FlashPlayerInstaller.exe

2012-05-08 17:02 . 2012-05-27 23:55 8955792 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{1DE8CB20-B046-487E-B2E6-CA40D3A0123A}\mpengine.dll

2012-05-08 17:02 . 2012-05-27 23:55 8955792 ------w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\Updates\mpengine.dll

2012-04-19 00:56 . 2012-04-19 00:56 94208 ----a-w- c:\windows\SysWow64\QuickTimeVR.qtx

2012-04-19 00:56 . 2012-04-19 00:56 69632 ----a-w- c:\windows\SysWow64\QuickTime.qts

2012-04-13 08:46 . 2011-12-08 08:45 8917360 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\Backup\mpengine.dll

.

.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))

.

.

*Note* empty entries & legit default entries are not shown

REGEDIT4

.

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks]

"{81017EA9-9AA8-4A6A-9734-7AF40E7D593F}"= "c:\program files (x86)\Yahoo!\Companion\Installs\cpn0\YTNavAssist.dll" [2011-01-21 213816]

.

[HKEY_CLASSES_ROOT\clsid\{81017ea9-9aa8-4a6a-9734-7af40e7d593f}]

[HKEY_CLASSES_ROOT\YTNavAssist.YTNavAssistPlugin.1]

[HKEY_CLASSES_ROOT\TypeLib\{A31F34A1-EBD2-45A2-BF6D-231C1B987CC8}]

[HKEY_CLASSES_ROOT\YTNavAssist.YTNavAssistPlugin]

.

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"LightScribe Control Panel"="c:\program files (x86)\Common Files\LightScribe\LightScribeControlPanel.exe" [2008-06-09 2363392]

"Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2009-04-11 1555968]

"ehTray.exe"="c:\windows\ehome\ehTray.exe" [2008-01-21 138240]

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]

"UpdatePSTShortCut"="c:\program files (x86)\CyberLink\DVD Suite\MUITransfer\MUIStartMenu.exe" [2008-10-07 210216]

"UpdateP2GoShortCut"="c:\program files (x86)\CyberLink\Power2Go\MUITransfer\MUIStartMenu.exe" [2008-06-14 210216]

"UpdatePDIRShortCut"="c:\program files (x86)\CyberLink\PowerDirector\MUITransfer\MUIStartMenu.exe" [2008-06-14 210216]

"SSBkgdUpdate"="c:\program files (x86)\Common Files\Scansoft Shared\SSBkgdUpdate\SSBkgdupdate.exe" [2006-10-25 210472]

"WirelessAssistant"="c:\program files (x86)\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe" [2009-07-23 498744]

"UCam_Menu"="c:\program files (x86)\CyberLink\YouCam\MUITransfer\MUIStartMenu.exe" [2008-11-15 218408]

"QPService"="c:\program files (x86)\HP\QuickPlay\QPService.exe" [2009-03-11 468264]

"BCSSync"="c:\program files (x86)\Microsoft Office\Office14\BCSSync.exe" [2010-03-13 91520]

"APSDaemon"="c:\program files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2012-02-21 59240]

"Malwarebytes' Anti-Malware"="c:\program files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe" [2012-04-04 462408]

"Adobe Reader Speed Launcher"="c:\program files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2012-03-27 37296]

"Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2012-01-02 843712]

"iTunesHelper"="c:\program files (x86)\iTunes\iTunesHelper.exe" [2012-03-27 421736]

"QuickTime Task"="c:\program files (x86)\QuickTime\QTTask.exe" [2012-04-19 421888]

.

c:\users\Mindy\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\

OneNote 2010 Screen Clipper and Launcher.lnk - c:\program files (x86)\Microsoft Office\Office14\ONENOTEM.EXE [2011-9-2 227712]

OneNote Table Of Contents.onetoc2 [2009-9-14 3656]

OpenOffice.org 3.3.lnk - c:\program files (x86)\OpenOffice.org 3\program\quickstart.exe [2010-12-13 1198592]

.

c:\users\Chris\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\

OpenOffice.org 3.2.lnk - c:\program files (x86)\OpenOffice.org 3\program\quickstart.exe [2010-12-13 1198592]

OpenOffice.org 3.3.lnk - c:\program files (x86)\OpenOffice.org 3\program\quickstart.exe [2010-12-13 1198592]

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]

"EnableUIADesktopToggle"= 0 (0x0)

.

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MsMpSvc]

@="Service"

.

[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\svchost]

Akamai REG_MULTI_SZ Akamai

iissvcs REG_MULTI_SZ w3svc was

apphost REG_MULTI_SZ apphostsvc

.

HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows NT\CurrentVersion\Svchost - NetSvcs

Themes

.

[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\active setup\installed components\{10880D85-AAD9-4558-ABDC-2AB1552D831F}]

2008-06-09 17:14 451872 ----a-w- c:\program files (x86)\Common Files\LightScribe\LSRunOnce.exe

.

Contents of the 'Scheduled Tasks' folder

.

2012-07-03 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job

- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2011-01-02 21:02]

.

2012-07-03 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job

- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2011-01-02 21:02]

.

2012-07-02 c:\windows\Tasks\HPCeeScheduleForMindy.job

- c:\program files (x86)\Hewlett-Packard\HP Ceement\HPCEE.exe [2009-10-07 08:22]

.

2012-07-03 c:\windows\Tasks\User_Feed_Synchronization-{28F47F48-E8BF-4C27-AAB8-A5BB9963506B}.job

- c:\windows\system32\msfeedssync.exe [2011-12-15 03:08]

.

2011-04-28 c:\windows\Tasks\User_Feed_Synchronization-{A87259A7-4772-4F83-B126-90A5A49B8273}.job

- c:\windows\system32\msfeedssync.exe [2011-12-15 03:08]

.

.

--------- X64 Entries -----------

.

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"WPCUMI"="c:\windows\system32\WpcUmi.exe" [2006-11-02 182784]

"IgfxTray"="c:\windows\system32\igfxtray.exe" [2011-02-11 162328]

"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2011-02-11 386584]

"Persistence"="c:\windows\system32\igfxpers.exe" [2011-02-11 417304]

.

------- Supplementary Scan -------

.

uStart Page = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=en_us&c=91&bd=Pavilion&pf=cnnb

uLocal Page = c:\windows\system32\blank.htm

mStart Page = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=en_us&c=91&bd=Pavilion&pf=cnnb

mLocal Page = c:\windows\SysWOW64\blank.htm

IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200

IE: E&xport to Microsoft Excel - c:\progra~2\MICROS~2\Office12\EXCEL.EXE/3000

LSP: c:\windows\system32\wpclsp.dll

Trusted Zone: adobe.com\kb2

Trusted Zone: amazon.com\www

Trusted Zone: dorchestercounty.net\www

Trusted Zone: facebook.com\apps

Trusted Zone: facebook.com\login

Trusted Zone: facebook.com\www

Trusted Zone: iwin.com\www

Trusted Zone: java.com

Trusted Zone: myspace.com\www

Trusted Zone: pogo.com\clubgames

Trusted Zone: pogo.com\www

Trusted Zone: shockwave.com\www

TCP: DhcpNameServer = 192.168.1.1

DPF: {AB6633A8-60A9-4F5D-B66C-ABE268CC3227} - hxxp://www.solidworks.com/sw/support/subscription/sldimdownload.cab

CLSID: {603d3801-bd81-11d0-a3a5-00c04fd706ec} - %SystemRoot%\SysWow64\browseui.dll

FF - ProfilePath - c:\users\Chris\AppData\Roaming\Mozilla\Firefox\Profiles\t4nbulxp.default\

FF - prefs.js: network.proxy.type - 0

.

- - - - ORPHANS REMOVED - - - -

.

WebBrowser-{D4027C7F-154A-4066-A1AD-4243D8127440} - (no file)

.

.

.

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\Akamai]

"ServiceDll"="c:\program files (x86)\common files\akamai/netsession_win_80c2ffa.dll"

.

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\npggsvc]

"ImagePath"="c:\windows\system32\GameMon.des -service"

.

--------------------- LOCKED REGISTRY KEYS ---------------------

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]

@Denied: (A 2) (Everyone)

@="FlashBroker"

"LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_2_202_235_ActiveX.exe,-101"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]

"Enabled"=dword:00000001

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]

@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_2_202_235_ActiveX.exe"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]

@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]

@Denied: (A 2) (Everyone)

@="Shockwave Flash Object"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]

@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_2_202_235.ocx"

"ThreadingModel"="Apartment"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]

@="0"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]

@="ShockwaveFlash.ShockwaveFlash.11"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]

@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_2_202_235.ocx, 1"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]

@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]

@="1.0"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]

@="ShockwaveFlash.ShockwaveFlash"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]

@Denied: (A 2) (Everyone)

@="Macromedia Flash Factory Object"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]

@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_2_202_235.ocx"

"ThreadingModel"="Apartment"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]

@="FlashFactory.FlashFactory.1"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]

@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_2_202_235.ocx, 1"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]

@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]

@="1.0"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]

@="FlashFactory.FlashFactory"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]

@Denied: (A 2) (Everyone)

@="IFlashBroker4"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]

@="{00020424-0000-0000-C000-000000000046}"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]

@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"

"Version"="1.0"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\TypeLib\{D27CDB6B-AE6D-11CF-96B8-444553540000}]

@Denied: (A 2) (Everyone)

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\TypeLib\{D27CDB6B-AE6D-11CF-96B8-444553540000}\1.0]

@="Shockwave Flash"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\TypeLib\{FAB3E735-69C7-453B-A446-B6823C6DF1C9}]

@Denied: (A 2) (Everyone)

@=""

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\TypeLib\{FAB3E735-69C7-453B-A446-B6823C6DF1C9}\1.0]

@="FlashBroker"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Classes]

"SymbolicLinkValue"=hex(6):5c,00,52,00,45,00,47,00,49,00,53,00,54,00,52,00,59,

00,5c,00,4d,00,41,00,43,00,48,00,49,00,4e,00,45,00,5c,00,53,00,4f,00,46,00,\

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Office\Common\Smart Tag\Actions\{B7EFF951-E52F-45CC-9EF7-57124F2177CC}]

@Denied: (A) (Everyone)

"Solution"="{15727DE6-F92D-4E46-ACB4-0E2C58B31A18}"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Schema Library\ActionsPane3]

@Denied: (A) (Everyone)

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Schema Library\ActionsPane3\0]

"Key"="ActionsPane3"

"Location"="c:\\Program Files (x86)\\Common Files\\Microsoft Shared\\VSTO\\ActionsPane3.xsd"

.

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]

@Denied: (A) (Users)

@Denied: (A) (Everyone)

@Allowed: (B 1 2 3 4 5) (S-1-5-20)

"BlindDial"=dword:00000000

.

Completion time: 2012-07-03 19:03:46

ComboFix-quarantined-files.txt 2012-07-03 23:03

ComboFix2.txt 2012-07-03 22:17

.

Pre-Run: 91,276,922,880 bytes free

Post-Run: 91,237,056,512 bytes free

.

- - End Of File - - 62E666920517FA7FA6C4DAEA8145B2F5

Link to post
Share on other sites

2012/07/05 10:27:26 -0400 HOME-PC Chris MESSAGE Executing scheduled update: Flash Scan | Daily

2012/07/05 10:27:37 -0400 HOME-PC Chris MESSAGE Starting database refresh

2012/07/05 10:27:37 -0400 HOME-PC Chris MESSAGE Scheduled update executed successfully: database updated from version v2012.07.04.04 to version v2012.07.05.05

2012/07/05 10:27:40 -0400 HOME-PC Chris MESSAGE Executing scheduled scan: Flash Scan | -terminate

2012/07/05 10:27:40 -0400 HOME-PC Chris MESSAGE Scheduled scan executed successfully

2012/07/05 10:27:56 -0400 HOME-PC Chris MESSAGE Database refreshed successfully

2012/07/05 17:30:34 -0400 HOME-PC Chris DETECTION C:\Users\Chris\AppData\Local\meqjbi.exe Trojan.Lameshield ALLOW

Link to post
Share on other sites

Oops, I think this is the one you need. Thank you again.

Malwarebytes Anti-Malware (PRO) 1.61.0.1400

www.malwarebytes.org

Database version: v2012.07.05.05

Windows Vista Service Pack 2 x64 NTFS

Internet Explorer 9.0.8112.16421

Chris :: HOME-PC [administrator]

Protection: Enabled

7/6/2012 10:17:06 AM

mbam-log-2012-07-06 (10-17-06).txt

Scan type: Quick scan

Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM | P2P

Scan options disabled:

Objects scanned: 252796

Time elapsed: 3 minute(s), 34 second(s)

Memory Processes Detected: 0

(No malicious items detected)

Memory Modules Detected: 0

(No malicious items detected)

Registry Keys Detected: 0

(No malicious items detected)

Registry Values Detected: 0

(No malicious items detected)

Registry Data Items Detected: 0

(No malicious items detected)

Folders Detected: 0

(No malicious items detected)

Files Detected: 2

C:\Users\Chris\Local Settings\meqjbi.exe (Trojan.Lameshield) -> Quarantined and deleted successfully.

C:\Users\Chris\Local Settings\Application Data\meqjbi.exe (Trojan.Lameshield) -> Quarantined and deleted successfully.

(end)

Link to post
Share on other sites

  • Staff

Great!

Uninstall the Yahoo! Toolbar.

Run TFC by OldTimer to clear temporary files:

  • Please download TFC from here and save it to your desktop.
  • Close any open programs and Internet browsers.
  • Double click TFC.exe to run it and once it opens click on the Start button on the lower left of the program to allow it to begin cleaning.
  • Please be patient as clearing out temp files may take a while.
  • Once it completes you may be prompted to restart your computer, please do so.
  • Once it's finished you may delete TFC.exe from your Desktop or save it for later use for the cleaning of temporary files.

Next, please run a free online scan with the ESET Online Scanner

Note: You will need to use Internet Explorer for this scan.

  1. Tick the box next to YES, I accept the Terms of Use.
  2. Click Start
  3. When asked, allow the ActiveX control to install
  4. Click Start
  5. Make sure that the options Remove found threats and the option Scan unwanted applications is checked
  6. Click Scan
    Wait for the scan to finish
  7. Use Notepad to open the logfile located at C:\Program Files\EsetOnlineScanner\log.txt
  8. Copy and paste that log as a reply to this topic

Next, download my Security Check from here or here.

  • Save it to your Desktop.
  • Double click SecurityCheck.exe and follow the onscreen instructions inside of the black box.
  • A Notepad document should open automatically called checkup.txt; please post the contents of that document.

Let me know how things are running now and what issues remain.

-screen317

Link to post
Share on other sites

  • 2 weeks later...
  • Staff

Due to the lack of feedback this topic is closed to prevent others from posting here. If you need this topic reopened, please send a Private Message to any one of the moderating team members. Please include a link to this thread with your request. This applies only to the originator of this thread.

Other members who need assistance please start your own topic in a new thread. Thanks!

Link to post
Share on other sites

Guest
This topic is now closed to further replies.
  • Recently Browsing   0 members

    • No registered users viewing this page.
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.