SVCHost infected

Scavengre · August 10, 2012

Recently I went to open Adobe Illustrator and was hit with a BSOD.

PAGE_FAULT_IN_NONPAGED_AREA

Stop:0x00000050 ( 0xFFFFFA60F04CAC20, 0X0000000000000001, 0XFFFFFA8007D4A2E6, 0X0000000000000005)

Then my AVM software detected SVCHost infected.

Malwarebytes was ran offline (updated with current database) with all other protection disabled

*Malwarebytes Log*

Malwarebytes Anti-Malware (Trial) 1.62.0.1300

www.malwarebytes.org

Database version: v2012.08.10.01

Windows Vista Service Pack 2 x64 NTFS

Internet Explorer 8.0.6001.19190

Blue :: BLUE-PC [administrator]

Protection: Disabled

8/9/2012 5:39:37 PM

mbam-log-2012-08-09 (17-39-37).txt

Scan type: Quick scan

Scan options disabled: P2P

Objects scanned: 245033

Time elapsed: 6 minute(s), 2 second(s)

Memory Processes Detected: 0

(No malicious items detected)

Memory Modules Detected: 0

(No malicious items detected)

Registry Keys Detected: 1

HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellIconOverlayIdentifiers\sp (TrojanProxy.Agent) -> Quarantined and deleted successfully.

Registry Values Detected: 1

HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SvcHost|netsvc (TrojanProxy.Agent) -> Data: SPService^^ -> Quarantined and deleted successfully.

Registry Data Items Detected: 0

(No malicious items detected)

Folders Detected: 0

(No malicious items detected)

Files Detected: 0

(No malicious items detected)

(end)

Computer Boots up REALLY slow, after rebooting Malwarebytes gives error dialog:

[shell_NotifyIcon] Failed to perform desired action. Error Code: 0

Steve

MrCharlie · August 10, 2012

Welcome to the forum, please start at the link below:

http://forums.malwar...?showtopic=9573

Post back the 2 logs here.....DDS.txt and Attach.txt

<====><====><====><====><====><====><====><====>

Next.......

Please remove any usb or external drives from the computer before you run this scan!

Please download and run RogueKiller to your desktop.

For Windows XP, double-click to start.

For Vista or Windows 7, do a right-click on the program, select Run as Administrator to start, & when prompted Allow to run.

Click Scan to scan the system.

When the scan completes > Close out the program > Don't Fix anything!

Don't run any other options, they're not all bad!!!!!!!

Post back the report which should be located on your desktop.

MrC

Scavengre · August 10, 2012

Online or offline? Or does it not matter with these?

MrCharlie · August 10, 2012

No it doesn't matter, MrC

Scavengre · August 10, 2012

*DDS Log*

.

DDS (Ver_2011-08-26.01) - NTFSAMD64

Internet Explorer: 8.0.6001.19190 BrowserJavaVersion: 1.6.0_31

Run by Blue at 18:45:46 on 2012-08-09

Microsoft® Windows Vista™ Home Premium 6.0.6002.2.1252.1.1033.18.6142.3547 [GMT -7:00]

.

AV: STOPzilla! *Enabled/Outdated* {17032AB1-6644-0721-EEB5-A39B8B646009}

SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

SP: STOPzilla! *Enabled/Outdated* {AC62CB55-407E-08AF-D405-98E9F0E32AB4}

.

============== Running Processes ===============

.

C:\Windows\system32\wininit.exe

C:\Windows\system32\lsm.exe

C:\Windows\system32\svchost.exe -k DcomLaunch

C:\Windows\system32\nvvsvc.exe

C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe

C:\Windows\system32\svchost.exe -k rpcss

C:\Windows\System32\svchost.exe -k secsvcs

C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted

C:\Program Files (x86)\STOPzilla!\SZServer.exe

C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted

C:\Windows\system32\svchost.exe -k netsvcs

C:\Windows\system32\AUDIODG.EXE

C:\Windows\system32\svchost.exe -k GPSvcGroup

C:\Windows\system32\SLsvc.exe

C:\Windows\system32\svchost.exe -k LocalService

C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe

C:\Windows\system32\nvvsvc.exe

C:\Windows\SYSTEM32\WISPTIS.EXE

C:\Program Files\Common Files\microsoft shared\ink\TabTip.exe

C:\Windows\system32\svchost.exe -k NetworkService

C:\Windows\System32\spoolsv.exe

C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork

C:\Windows\system32\taskeng.exe

C:\Windows\system32\Dwm.exe

C:\Program Files\ASUS\EPU\EPU.exe

C:\Windows\SYSTEM32\WISPTIS.EXE

C:\Program Files\Common Files\microsoft shared\ink\TabTip.exe

C:\Program Files (x86)\Common Files\Microsoft Shared\Ink\TabTip32.exe

C:\Windows\Explorer.EXE

D:\Program Files (x86)\Adobe\Photoshop Elements 7.0\PhotoshopElementsFileAgent.exe

C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe

C:\Program Files (x86)\ASUS\AsSysCtrlService\1.00.00\AsSysCtrlService.exe

C:\Program Files (x86)\Common Files\Autodesk Shared\Service\AdskScSrv.exe

C:\Program Files (x86)\Bonjour\mDNSResponder.exe

C:\Program Files (x86)\Workspace\offSyncService.exe

C:\Windows\SysWOW64\svchost.exe -k hpdevmgmt

C:\Program Files (x86)\Verizon\IHA_MessageCenter\Bin\Verizon_IHAMessageCenter.exe

C:\Program Files (x86)\Autodesk\3ds Max 9\mentalray\satellite\raysat_3dsmax9_32server.exe

C:\Program Files (x86)\Dragon Age\tools\toolssql\MSSQL.1\MSSQL\Binn\sqlservr.exe

C:\Windows\System32\svchost.exe -k HPZ12

C:\Windows\SysWOW64\PnkBstrA.exe

C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted

c:\Program Files\Common Files\Protexis\License Service\PsiService_2.exe

C:\ProgramData\Skype\Toolbars\Skype C2C Service\c2c_service.exe

C:\Program Files (x86)\Microsoft SQL Server\90\Shared\sqlbrowser.exe

C:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe

C:\Windows\system32\svchost.exe -k imgsvc

C:\Windows\System32\svchost.exe -k WerSvcGroup

C:\Windows\system32\SearchIndexer.exe

C:\Windows\System32\atwtusb.exe

C:\Windows\system32\atwtusb.exe

C:\Program Files (x86)\Yahoo!\SoftwareUpdate\YahooAUService.exe

C:\Program Files\NVIDIA Corporation\Display\nvtray.exe

C:\Windows\system32\svchost.exe -k HPService

C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe

C:\Windows\system32\SearchProtocolHost.exe

C:\Windows\System32\WTMKM.exe

C:\Program Files (x86)\STOPzilla!\STOPzilla.exe

C:\Program Files\Logitech\SetPointP\SetPoint.exe

C:\Windows\ehome\ehtray.exe

C:\Program Files (x86)\Skype\Phone\Skype.exe

C:\Program Files\Common Files\Microsoft Shared\Ink\InputPersonalization.exe

C:\Program Files (x86)\Workspace\workspaceupdate.exe

C:\Windows\ehome\ehmsas.exe

C:\Program Files (x86)\Trillian\trillian.exe

C:\Program Files (x86)\VIA\VIAudioi\VDeck\VDeck.exe

C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation

C:\Program Files\ASUS\TurboV\TurboV.exe

C:\Program Files (x86)\HP\Digital Imaging\bin\HpqSRmon.exe

C:\Program Files (x86)\HP\HP Software Update\hpwuschd2.exe

C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe

C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe

C:\Program Files\Common Files\LogiShrd\KHAL3\KHALMNPR.EXE

C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe

C:\Program Files\Windows Media Player\wmpnetwk.exe

C:\Windows\system32\NOTEPAD.EXE

C:\Windows\system32\msiexec.exe

c:\program files\windows defender\MpCmdRun.exe

C:\Windows\system32\wbem\wmiprvse.exe

C:\Windows\system32\FirewallControlPanel.exe

C:\Windows\system32\SearchFilterHost.exe

C:\Windows\system32\REGSVR32.exe

C:\Windows\SysWOW64\cmd.exe

C:\Windows\SysWOW64\cscript.exe

.

============== Pseudo HJT Report ===============

.

uStart Page = hxxp://wapp.verizon.net/bookmarks/bmredir.asp?region=all&bw=fiber&cd=7.0unattached&bm=ho_central

uInternet Settings,ProxyOverride = *.local

uURLSearchHooks: H - No File

mWinlogon: Userinit=c:\windows\syswow64\userinit.exe,

BHO: {02478D38-C3F9-4efb-9B51-7695ECA05670} - No File

BHO: ContributeBHO Class: {074c1dc5-9320-4a9a-947d-c042949c6216} - D:\Adobe\/Adobe Contribute CS4/contributeieplugin.dll

BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll

BHO: DivX Plus Web Player HTML5 <video>: {326e768d-4182-46fd-9c16-1449a49795f4} - C:\Program Files (x86)\DivX\DivX Plus Web Player\ie\DivXHTML5\DivXHTML5.dll

BHO: Java Plug-In SSV Helper: {761497bb-d6f0-462c-b6eb-d4daf1d92d43} - C:\Program Files (x86)\Java\jre6\bin\ssv.dll

BHO: Skype Browser Helper: {ae805869-2e5c-4ed4-8f7b-f1f7851a4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll

BHO: Java Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll

BHO: HP Smart BHO Class: {ffffffff-cf4e-4f2b-bdc2-0e72e116a856} - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll

TB: Contribute Toolbar: {517bdde4-e3a7-4570-b21e-2b52b6139fc7} - D:\Adobe\/Adobe Contribute CS4/contributeieplugin.dll

TB: {00000000-0000-0000-0000-000000000000} - No File

TB: {47833539-D0C5-4125-9FA8-0819E2EAAC93} - No File

TB: {687578B9-7132-4A7A-80E4-30EE31099E03} - No File

uRun: [steam] "C:\Program Files (x86)\Steam\steam.exe" -silent

uRun: [ehTray.exe] C:\Windows\ehome\ehTray.exe

uRun: [skype] "C:\Program Files (x86)\Skype\Phone\Skype.exe" /minimized /regrun

uRun: [starfield Updater] "C:\Program Files (x86)\Workspace\workspaceupdate.exe"

uRun: [AdobeBridge] "D:\Adobe\Adobe Bridge CS4\Bridge.exe" -stealth

mRun: [HDAudDeck] "C:\Program Files (x86)\VIA\VIAudioi\VDeck\VDeck.exe" -r

mRun: [TurboV] "C:\Program Files\ASUS\TurboV\TurboV.exe"

mRun: [QuickTime Task] "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime

mRun: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"

mRun: [hpqSRMon] C:\Program Files (x86)\HP\Digital Imaging\bin\hpqSRMon.exe

mRun: [HP Software Update] C:\Program Files (x86)\HP\HP Software Update\HPWuSchd2.exe

mRun: [<NO NAME>]

mRun: [DivXUpdate] "C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe" /CHECKNOW

mRun: [sunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"

mRun: [AdobeCS4ServiceManager] "C:\Program Files (x86)\Common Files\Adobe\CS4ServiceManager\CS4ServiceManager.exe" -launchedbylogin

mRun: [Adobe_ID0ENQBO] C:\PROGRA~2\COMMON~1\Adobe\ADOBEV~2\Server\bin\VERSIO~2.EXE

mRun: [Malwarebytes' Anti-Malware] "C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe" /starttray

StartupFolder: C:\Users\Blue\AppData\Roaming\MICROS~1\Windows\STARTM~1\Programs\Startup\Trillian.lnk - C:\Program Files (x86)\Trillian\trillian.exe

mPolicies-explorer: NoActiveDesktop = 1 (0x1)

mPolicies-explorer: NoActiveDesktopChanges = 1 (0x1)

mPolicies-explorer: BindDirectlyToPropertySetStorage = 0 (0x0)

mPolicies-system: EnableLUA = 0 (0x0)

mPolicies-system: EnableUIADesktopToggle = 0 (0x0)

IE: Append Link Target to Existing PDF - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppendSelLinks.html

IE: {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll

IE: {DDE87865-83C5-48c4-8357-2F5B1AA84522} - {DDE87865-83C5-48c4-8357-2F5B1AA84522} - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll

DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab

DPF: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab

DPF: {CAFEEFAC-0016-0000-0031-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab

DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab

DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab

TCP: DhcpNameServer = 192.168.1.1

TCP: Interfaces\{ACE086FD-E64E-4058-8B42-5DF7F25AC8C2} : DhcpNameServer = 192.168.1.1

Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll

Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~2\COMMON~1\Skype\SKYPE4~1.DLL

BHO-X64: {02478D38-C3F9-4efb-9B51-7695ECA05670} - No File

BHO-X64: 0x1 - No File

BHO-X64: ContributeBHO Class: {074C1DC5-9320-4A9A-947D-C042949C6216} - D:\Adobe\/Adobe Contribute CS4/contributeieplugin.dll

BHO-X64: Adobe PDF Link Helper: {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll

BHO-X64: AcroIEHelperStub - No File

BHO-X64: DivX Plus Web Player HTML5 <video>: {326E768D-4182-46FD-9C16-1449A49795F4} - C:\Program Files (x86)\DivX\DivX Plus Web Player\ie\DivXHTML5\DivXHTML5.dll

BHO-X64: Increase performance and video formats for your HTML5 <video> - No File

BHO-X64: Java Plug-In SSV Helper: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre6\bin\ssv.dll

BHO-X64: Skype Browser Helper: {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll

BHO-X64: SkypeIEPluginBHO - No File

BHO-X64: Java Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll

BHO-X64: HP Smart BHO Class: {FFFFFFFF-CF4E-4F2B-BDC2-0E72E116A856} - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll

BHO-X64: HP Smart BHO Class - No File

TB-X64: Contribute Toolbar: {517BDDE4-E3A7-4570-B21E-2B52B6139FC7} - D:\Adobe\/Adobe Contribute CS4/contributeieplugin.dll

TB-X64: {00000000-0000-0000-0000-000000000000} - No File

TB-X64: {47833539-D0C5-4125-9FA8-0819E2EAAC93} - No File

TB-X64: {687578B9-7132-4A7A-80E4-30EE31099E03} - No File

mRun-x64: [HDAudDeck] "C:\Program Files (x86)\VIA\VIAudioi\VDeck\VDeck.exe" -r

mRun-x64: [TurboV] "C:\Program Files\ASUS\TurboV\TurboV.exe"

mRun-x64: [QuickTime Task] "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime

mRun-x64: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"

mRun-x64: [hpqSRMon] C:\Program Files (x86)\HP\Digital Imaging\bin\hpqSRMon.exe

mRun-x64: [HP Software Update] C:\Program Files (x86)\HP\HP Software Update\HPWuSchd2.exe

mRun-x64: [(Default)]

mRun-x64: [DivXUpdate] "C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe" /CHECKNOW

mRun-x64: [sunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"

mRun-x64: [AdobeCS4ServiceManager] "C:\Program Files (x86)\Common Files\Adobe\CS4ServiceManager\CS4ServiceManager.exe" -launchedbylogin

mRun-x64: [Adobe_ID0ENQBO] C:\PROGRA~2\COMMON~1\Adobe\ADOBEV~2\Server\bin\VERSIO~2.EXE

mRun-x64: [Malwarebytes' Anti-Malware] "C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe" /starttray

.

================= FIREFOX ===================

.

FF - ProfilePath - C:\Users\Blue\AppData\Roaming\Mozilla\Firefox\Profiles\4wm73yo9.default\

FF - prefs.js: browser.search.defaulturl - hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT3072253&SearchSource=3&q={searchTerms}

FF - prefs.js: browser.search.selectedEngine - uTorrentControl2 Customized Web Search

FF - plugin: C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll

FF - plugin: C:\Program Files (x86)\DivX\DivX OVS Helper\npovshelper.dll

FF - plugin: C:\Program Files (x86)\DivX\DivX Plus Web Player\npdivx32.dll

FF - plugin: C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll

FF - plugin: C:\Program Files (x86)\Google\Update\1.3.21.115\npGoogleUpdate3.dll

FF - plugin: C:\Program Files (x86)\Java\jre6\bin\new_plugin\npdeployJava1.dll

FF - plugin: C:\Program Files (x86)\Java\jre6\bin\plugin2\npdeployJava1.dll

FF - plugin: C:\Program Files (x86)\Java\jre6\bin\plugin2\npjp2.dll

FF - plugin: C:\PROGRAM FILES (X86)\MOZILLA FIREFOX\plugins\npdeployJava1.dll

FF - plugin: C:\PROGRAM FILES (X86)\MOZILLA FIREFOX\plugins\npdnu.dll

FF - plugin: C:\PROGRAM FILES (X86)\MOZILLA FIREFOX\plugins\npdnupdater2.dll

FF - plugin: C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll

FF - plugin: C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll

FF - plugin: C:\Program Files (x86)\Virtual Earth 3D\npVE3D.dll

FF - plugin: C:\Users\Blue\AppData\Roaming\Mozilla\Firefox\Profiles\4wm73yo9.default\extensions\DeviceDetection@logitech.com\plugins\npLogitechDeviceDetection.dll

FF - plugin: C:\Users\Blue\AppData\Roaming\Mozilla\plugins\npoff.dll

FF - plugin: C:\Users\Blue\AppData\Roaming\Mozilla\Plugins\npoff.dll

FF - plugin: C:\Users\Blue\AppData\Roaming\Mozilla\Plugins\npoff64.dll

FF - plugin: C:\Users\Blue\AppData\Roaming\Mozilla\plugins\npoff64.dll

FF - plugin: C:\Users\Blue\AppData\Roaming\Mozilla\plugins\npwbe.dll

FF - plugin: C:\Users\Blue\AppData\Roaming\Mozilla\Plugins\npwbe.dll

FF - plugin: C:\Users\Blue\AppData\Roaming\Mozilla\Plugins\npwbe64.dll

FF - plugin: C:\Users\Blue\AppData\Roaming\Mozilla\plugins\npwbe64.dll

FF - plugin: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_3_300_262.dll

FF - plugin: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_3_300_268.dll

.

---- FIREFOX POLICIES ----

FF - user.js: yahoo.homepage.dontask - true

FF - user.js: browser.sessionstore.resume_from_crash - false

FF - user.js: network.protocol-handler.warn-external.dnupdate - false);user_pref(yahoo.ytff.general.dontshowhpoffer, true

============= SERVICES / DRIVERS ===============

.

R0 PxHlpa64;PxHlpa64;C:\Windows\system32\Drivers\PxHlpa64.sys --> C:\Windows\system32\Drivers\PxHlpa64.sys [?]

R1 SBRE;SBRE;\??\C:\Windows\system32\drivers\SBREdrv.sys --> C:\Windows\system32\drivers\SBREdrv.sys [?]

R2 AdobeActiveFileMonitor7.0;Adobe Active File Monitor V7;D:\Program Files (x86)\Adobe\Photoshop Elements 7.0\PhotoshopElementsFileAgent.exe [2008-9-16 169312]

R2 AdobeARMservice;Adobe Acrobat Update Service;C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe [2012-1-3 63928]

R2 AsSysCtrlService;ASUS System Control Service;C:\Program Files (x86)\ASUS\AsSysCtrlService\1.00.00\AsSysCtrlService.exe [2008-8-15 86016]

R2 File Backup;File Backup Service;C:\Program Files (x86)\Workspace\offSyncService.exe [2012-5-17 1174824]

R2 FontCache;Windows Font Cache Service;C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation [2008-1-20 21504]

R2 IHA_MessageCenter;IHA_MessageCenter;C:\Program Files (x86)\Verizon\IHA_MessageCenter\Bin\Verizon_IHAMessageCenter.exe [2012-6-11 335888]

R2 MBAMService;MBAMService;C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [2012-8-9 655944]

R2 MSSQL$BWDATOOLSET;SQL Server (BWDATOOLSET);C:\Program Files (x86)\Dragon Age\tools\toolssql\MSSQL.1\MSSQL\Binn\sqlservr.exe [2010-12-10 29293408]

R2 nvUpdatusService;NVIDIA Update Service Daemon;C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe [2012-5-8 2348352]

R2 PSI_SVC_2_x64;Protexis Licensing V2 x64;C:\Program Files\Common Files\Protexis\License Service\PsiService_2.exe [2010-11-30 336824]

R2 sbapifs;sbapifs;C:\Windows\system32\DRIVERS\sbapifs.sys --> C:\Windows\system32\DRIVERS\sbapifs.sys [?]

R2 Skype C2C Service;Skype C2C Service;C:\ProgramData\Skype\Toolbars\Skype C2C Service\c2c_service.exe [2012-4-9 3063968]

R2 Stereo Service;NVIDIA Stereoscopic 3D Driver Service;C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe [2012-2-29 382272]

R2 WTService;WTService;C:\Windows\System32\atwtusb.exe -s --> C:\Windows\System32\atwtusb.exe -s [?]

R3 MBAMProtector;MBAMProtector;\??\C:\Windows\system32\drivers\mbam.sys --> C:\Windows\system32\drivers\mbam.sys [?]

R3 usbfilter;AMD USB Filter Driver;C:\Windows\system32\DRIVERS\usbfilter.sys --> C:\Windows\system32\DRIVERS\usbfilter.sys [?]

R3 VIAHdAudAddService;VIA High Definition Audio Driver Service;C:\Windows\system32\drivers\viahduaa.sys --> C:\Windows\system32\drivers\viahduaa.sys [?]

S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]

S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-3-18 138576]

S2 gupdate;Google Update Service (gupdate);C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2009-12-21 135664]

S2 SkypeUpdate;Skype Updater;C:\Program Files (x86)\Skype\Updater\Updater.exe [2012-4-5 158856]

S3 Adobe Version Cue CS4;Adobe Version Cue CS4;C:\Program Files (x86)\Common Files\Adobe\Adobe Version Cue CS4\Server\bin\VersionCueCS4.exe [2008-8-15 288112]

S3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service;C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-4-5 250056]

S3 DAUpdaterSvc;Dragon Age: Origins - Content Updater;C:\Program Files (x86)\Dragon Age\bin_ship\daupdatersvc.service.exe [2009-12-15 25832]

S3 ENTECH64;ENTECH64;\??\C:\Windows\system32\DRIVERS\ENTECH64.sys --> C:\Windows\system32\DRIVERS\ENTECH64.sys [?]

S3 FLEXnet Licensing Service 64;FLEXnet Licensing Service 64;C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService64.exe [2012-6-30 1038088]

S3 FMS;Flash Media Server (FMS);C:\Program Files (x86)\Adobe\Flash Media Server 3.5\FMSMaster.exe [2009-11-4 2428928]

S3 FMSAdmin;Flash Media Administration Server;C:\Program Files (x86)\Adobe\Flash Media Server 3.5\FMSAdmin.exe [2009-11-4 2596864]

S3 FMSHttpd;FMSHttpd;C:\Program Files (x86)\Adobe\Flash Media Server 3.5\Apache2.2\bin\httpd.exe [2009-11-4 24635]

S3 gupdatem;Google Update Service (gupdatem);C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2009-12-21 135664]

S3 MozillaMaintenance;Mozilla Maintenance Service;C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe [2012-4-26 113120]

S3 PerfHost;Performance Counter DLL Host;C:\Windows\SysWOW64\perfhost.exe [2008-1-20 19968]

S3 PS3 Media Server;PS3 Media Server;C:\Program Files (x86)\PS3 Media Server\win32\service\wrapper.exe [2008-8-17 217088]

S3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\WPF\WPFFontCache_v0400.exe [2010-3-18 1020768]

S4 clr_optimization_v2.0.50727_64;Microsoft .NET Framework NGEN v2.0.50727_X64;C:\Windows\Microsoft.NET\Framework64\v2.0.50727\mscorsvw.exe [2009-9-10 89920]

.

=============== File Associations ===============

.

JSEFile=C:\Windows\SysWOW64\WScript.exe "%1" %*

.

=============== Created Last 30 ================

.

2012-08-10 01:45:30 69000 ----a-w- C:\ProgramData\Microsoft\Windows Defender\Definition Updates\{CF6C1A3A-80ED-4ADB-8A92-AC9BBFB3ECEA}\offreg.dll

2012-08-10 00:39:03 24904 ----a-w- C:\Windows\System32\drivers\mbam.sys

2012-08-10 00:28:57 -------- d-----w- C:\TDSSKiller_Quarantine

2012-08-10 00:10:01 74872 ----a-r- C:\Windows\System32\drivers\sbapifs.sys

2012-08-09 23:56:23 9133488 ----a-w- C:\ProgramData\Microsoft\Windows Defender\Definition Updates\{CF6C1A3A-80ED-4ADB-8A92-AC9BBFB3ECEA}\mpengine.dll

2012-08-09 21:40:33 -------- d-----w- C:\Users\Blue\AppData\Roaming\Malwarebytes

2012-08-09 21:40:18 -------- d-----w- C:\ProgramData\Malwarebytes

2012-08-09 21:40:17 -------- d-----w- C:\Program Files (x86)\Malwarebytes' Anti-Malware

2012-08-09 06:32:44 -------- d-----w- C:\ProgramData\ALM

2012-08-08 23:50:14 -------- d-----w- C:\temp

2012-08-08 23:48:21 -------- d-----w- C:\Users\Blue\AppData\Local\Trend Micro

2012-08-08 23:44:08 -------- d-----w- C:\ProgramData\Trend Micro

2012-08-08 23:43:34 -------- d-----w- C:\Program Files\Trend Micro

2012-08-08 23:10:12 -------- d-----w- C:\Program Files (x86)\Trend Micro

2012-08-08 18:27:37 -------- d-----w- C:\AdobeTemp

2012-08-07 15:29:12 23416 ----a-r- C:\Windows\SysWow64\SZIO5.dll

2012-08-07 15:29:02 546680 ----a-r- C:\Windows\SysWow64\SZComp5.dll

2012-08-07 15:28:56 497528 ----a-r- C:\Windows\SysWow64\SZBase5.dll

2012-07-17 15:36:16 29048 ----a-r- C:\Windows\SysWow64\IS3XDat5.dll

2012-07-17 15:36:16 231288 ----a-r- C:\Windows\SysWow64\IS3Win325.dll

2012-07-17 15:36:14 391032 ----a-r- C:\Windows\SysWow64\IS3UI5.dll

2012-07-17 15:36:12 100216 ----a-r- C:\Windows\SysWow64\IS3Svc5.dll

2012-07-17 15:36:06 132984 ----a-r- C:\Windows\SysWow64\IS3HTUI5.dll

2012-07-17 15:36:06 104312 ----a-r- C:\Windows\SysWow64\IS3Inet5.dll

2012-07-17 15:36:04 67448 ----a-r- C:\Windows\SysWow64\IS3Hks5.dll

2012-07-17 15:36:04 456568 ----a-r- C:\Windows\SysWow64\IS3DBA5.dll

2012-07-17 15:36:02 812920 ----a-r- C:\Windows\SysWow64\IS3Base5.dll

2012-07-14 21:51:35 -------- d-----w- C:\Users\Blue\AppData\Roaming\TechWizard

2012-07-14 21:49:20 260 ----a-w- C:\Windows\SysWow64\cmdVBS.vbs

2012-07-14 21:49:20 256 ----a-w- C:\Windows\SysWow64\MSIevent.bat

.

==================== Find3M ====================

.

2012-08-10 00:39:53 70344 ----a-w- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl

2012-08-10 00:39:53 426184 ----a-w- C:\Windows\SysWow64\FlashPlayerApp.exe

2012-07-14 19:58:05 18960 ----a-w- C:\Windows\System32\drivers\LNonPnP.sys

2012-06-30 19:57:07 86584 ----a-w- C:\Windows\SysWow64\drivers\adfs.sys

2012-06-30 19:57:07 86584 ----a-w- C:\Windows\System32\drivers\adfs.sys

2012-05-31 19:25:12 279656 ------w- C:\Windows\System32\MpSigStub.exe

.

============= FINISH: 18:46:25.38 ===============

*RogueKiller Log*

RogueKiller V7.6.5 [08/03/2012] by Tigzy

mail: tigzyRK<at>gmail<dot>com

Feedback: http://www.geekstogo.com/forum/files/file/413-roguekiller/

Blog: http://tigzyrk.blogspot.com

Operating System: Windows Vista (6.0.6002 Service Pack 2) 64 bits version

Started in : Normal mode

User: Blue [Admin rights]

Mode: Scan -- Date: 08/09/2012 18:55:11

¤¤¤ Bad processes: 1 ¤¤¤

[sUSP PATH] c2c_service.exe -- C:\ProgramData\Skype\Toolbars\Skype C2C Service\c2c_service.exe -> KILLED [TermProc]

¤¤¤ Registry Entries: 4 ¤¤¤

[HJ] HKLM\[...]\System : EnableLUA (0) -> FOUND

[HJ] HKCU\[...]\Advanced : Start_ShowPrinters (0) -> FOUND

[HJ] HKLM\[...]\NewStartPanel : {59031a47-3f72-44a7-89c5-5595fe6b30ee} (1) -> FOUND

[HJ] HKLM\[...]\NewStartPanel : {20D04FE0-3AEA-1069-A2D8-08002B30309D} (1) -> FOUND

¤¤¤ Particular Files / Folders: ¤¤¤

¤¤¤ Driver: [NOT LOADED] ¤¤¤

¤¤¤ Infection : ¤¤¤

¤¤¤ HOSTS File: ¤¤¤

127.0.0.1 localhost

::1 localhost

¤¤¤ MBR Check: ¤¤¤

+++++ PhysicalDrive0: SAMSUNG HD103UJ ATA Device +++++

--- User ---

[MBR] 9ad95bbe26b845c22155cee2f62bc4b4

[bSP] 638e5a80e020404c80f0c466e267f1f7 : Windows Vista MBR Code

Partition table:

0 - [XXXXXX] NTFS (0x07) [VISIBLE] Offset (sectors): 2048 | Size: 453868 Mo

1 - [ACTIVE] NTFS (0x07) [VISIBLE] Offset (sectors): 929523712 | Size: 499999 Mo

User = LL1 ... OK!

User = LL2 ... OK!

Finished : << RKreport[1].txt >>

RKreport[1].txt

MrCharlie · August 10, 2012

Please make sure system restore is running and create a new restore point before continuing.

XP <===> Vista & W7

XP users > please back up the registry using ERUNT.

-----------------------------------------

Please download and run TDSSKiller to your desktop as outlined below:

Doubleclick on TDSSKiller.exe to run the application, then click on Change parameters.

For Windows XP, double-click to start.

For Vista or Windows 7, do a right-click on the program, select Run as Administrator to start, & when prompted Allow to run.

-------------------------

Check the boxes beside Verify Driver Digital Signature and Detect TDLFS file system, then click OK.

------------------------

Click the Start Scan button.

-----------------------

If a suspicious object is detected, the default action will be Skip, click on Continue

If you get the warning about a file UnsignedFile.Multi.Generic or LockedFile.Multi.Generic please choose

Skip and click on Continue

----------------------

If malicious objects are found, they will show in the Scan results and offer three (3) options.

Ensure Cure is selected, then click Continue => Reboot now to finish the cleaning process.

Note: If Cure is not available, please choose Skip instead, do not choose Delete unless instructed.

--------------------

A report will be created in your root directory, (usually C:\ folder) in the form of "TDSSKiller.[Version]_[Date]_[Time]_log.txt". Please copy and paste its contents on your next reply.

Sometimes these logs can be very large, in that case please attach it or zip it up and attach it.

-------------------

Here's a summary of what to do if you would like to print it out:

If a suspicious object is detected, the default action will be Skip, click on Continue

If you get the warning about a file UnsignedFile.Multi.Generic or LockedFile.Multi.Generic please choose

Skip and click on Continue

If malicious objects are found, they will show in the Scan results and offer three (3) options.

Ensure Cure is selected, then click Continue => Reboot now to finish the cleaning process.

Note: If Cure is not available, please choose Skip instead, do not choose Delete unless instructed.

MrC

Scavengre · August 10, 2012

15 Items detected, All "Unasigned" do you want the log? No option for "Cure" was given

MrCharlie · August 10, 2012

Yes, post the log, MrC

Scavengre · August 10, 2012

*tdsskiller log*

19:13:05.0673 5960 TDSS rootkit removing tool 2.7.48.0 Jul 24 2012 13:16:32

19:13:06.0095 5960 ============================================================

19:13:06.0095 5960 Current date / time: 2012/08/09 19:13:06.0095

19:13:06.0095 5960 SystemInfo:

19:13:06.0095 5960

19:13:06.0095 5960 OS Version: 6.0.6002 ServicePack: 2.0

19:13:06.0095 5960 Product type: Workstation

19:13:06.0095 5960 ComputerName: BLUE-PC

19:13:06.0095 5960 UserName: Blue

19:13:06.0095 5960 Windows directory: C:\Windows

19:13:06.0095 5960 System windows directory: C:\Windows

19:13:06.0095 5960 Running under WOW64

19:13:06.0095 5960 Processor architecture: Intel x64

19:13:06.0095 5960 Number of processors: 4

19:13:06.0095 5960 Page size: 0x1000

19:13:06.0095 5960 Boot type: Normal boot

19:13:06.0095 5960 ============================================================

19:13:07.0171 5960 Drive \Device\Harddisk0\DR0 - Size: 0xE8E0DB6000 (931.51 Gb), SectorSize: 0x200, Cylinders: 0x1DB01, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000040

19:13:07.0171 5960 Drive \Device\Harddisk1\DR4 - Size: 0x25433D6000 (149.05 Gb), SectorSize: 0x200, Cylinders: 0x4C01, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'W'

19:13:07.0187 5960 ============================================================

19:13:07.0187 5960 \Device\Harddisk0\DR0:

19:13:07.0187 5960 MBR partitions:

19:13:07.0187 5960 \Device\Harddisk0\DR0\Partition0: MBR, Type 0x7, StartLBA 0x800, BlocksNum 0x37676000

19:13:07.0187 5960 \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x37676800, BlocksNum 0x3D08F800

19:13:07.0187 5960 \Device\Harddisk1\DR4:

19:13:07.0187 5960 MBR partitions:

19:13:07.0187 5960 \Device\Harddisk1\DR4\Partition0: MBR, Type 0x7, StartLBA 0x3F, BlocksNum 0x7E1FA80

19:13:07.0187 5960 \Device\Harddisk1\DR4\Partition1: MBR, Type 0x7, StartLBA 0x7E20000, BlocksNum 0xABF87F0

19:13:07.0187 5960 ============================================================

19:13:07.0218 5960 C: <-> \Device\Harddisk0\DR0\Partition1

19:13:07.0249 5960 D: <-> \Device\Harddisk0\DR0\Partition0

19:13:07.0265 5960 G: <-> \Device\Harddisk1\DR4\Partition0

19:13:07.0296 5960 H: <-> \Device\Harddisk1\DR4\Partition1

19:13:07.0296 5960 ============================================================

19:13:07.0296 5960 Initialize success

19:13:07.0296 5960 ============================================================

19:13:13.0645 5288 ============================================================

19:13:13.0645 5288 Scan started

19:13:13.0645 5288 Mode: Manual; SigCheck; TDLFS;

19:13:13.0645 5288 ============================================================

19:13:14.0191 5288 ACPI (1965aaffab07e3fb03c77f81beba3547) C:\Windows\system32\drivers\acpi.sys

19:13:14.0269 5288 ACPI - ok

19:13:14.0300 5288 adfs (d44bcaf639e4e45307c2bc80715273d5) C:\Windows\system32\drivers\adfs.sys

19:13:14.0363 5288 adfs - ok

19:13:14.0487 5288 Adobe Version Cue CS4 (9444a3530c2e88b7ed96a566ff9ccc13) C:\Program Files (x86)\Common Files\Adobe\Adobe Version Cue CS4\Server\bin\VersionCueCS4.exe

19:13:14.0503 5288 Adobe Version Cue CS4 - ok

19:13:14.0550 5288 AdobeActiveFileMonitor7.0 (3fd8dc2c9735c2aa70155102cfb93eda) D:\Program Files (x86)\Adobe\Photoshop Elements 7.0\PhotoshopElementsFileAgent.exe

19:13:14.0565 5288 AdobeActiveFileMonitor7.0 - ok

19:13:14.0597 5288 AdobeARMservice (62b7936f9036dd6ed36e6a7efa805dc0) C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe

19:13:14.0597 5288 AdobeARMservice - ok

19:13:14.0706 5288 AdobeFlashPlayerUpdateSvc (f19c98ad81d2c0e1bbfd8153d2c80ee8) C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe

19:13:14.0721 5288 AdobeFlashPlayerUpdateSvc - ok

19:13:14.0784 5288 adp94xx (f14215e37cf124104575073f782111d2) C:\Windows\system32\drivers\adp94xx.sys

19:13:14.0799 5288 adp94xx - ok

19:13:14.0815 5288 adpahci (7d05a75e3066861a6610f7ee04ff085c) C:\Windows\system32\drivers\adpahci.sys

19:13:14.0831 5288 adpahci - ok

19:13:14.0846 5288 adpu160m (820a201fe08a0c345b3bedbc30e1a77c) C:\Windows\system32\drivers\adpu160m.sys

19:13:14.0846 5288 adpu160m - ok

19:13:14.0877 5288 adpu320 (9b4ab6854559dc168fbb4c24fc52e794) C:\Windows\system32\drivers\adpu320.sys

19:13:14.0893 5288 adpu320 - ok

19:13:14.0924 5288 AeLookupSvc (0f421175574bfe0bf2f4d8e910a253bb) C:\Windows\System32\aelupsvc.dll

19:13:14.0955 5288 AeLookupSvc - ok

19:13:15.0018 5288 AFD (c4f6ce6087760ad70960c9eb130e7943) C:\Windows\system32\drivers\afd.sys

19:13:15.0065 5288 AFD - ok

19:13:15.0111 5288 agp440 (f6f6793b7f17b550ecfdbd3b229173f7) C:\Windows\system32\drivers\agp440.sys

19:13:15.0111 5288 agp440 - ok

19:13:15.0127 5288 aic78xx (222cb641b4b8a1d1126f8033f9fd6a00) C:\Windows\system32\drivers\djsvs.sys

19:13:15.0127 5288 aic78xx - ok

19:13:15.0205 5288 ALG (5922f4f59b7868f3d74bbbbeb7b825a3) C:\Windows\System32\alg.exe

19:13:15.0314 5288 ALG - ok

19:13:15.0345 5288 aliide (157d0898d4b73f075ce9fa26b482df98) C:\Windows\system32\drivers\aliide.sys

19:13:15.0345 5288 aliide - ok

19:13:15.0377 5288 Alpham1 (b3e801135e0c81733542c14d9aa8120a) C:\Windows\system32\DRIVERS\Alpham164.sys

19:13:15.0408 5288 Alpham1 - ok

19:13:15.0423 5288 Alpham2 (6493983fedbc49d9112703ece9b251fe) C:\Windows\system32\DRIVERS\Alpham264.sys

19:13:15.0439 5288 Alpham2 - ok

19:13:15.0439 5288 amdide (970fa5059e61e30d25307b99903e991e) C:\Windows\system32\drivers\amdide.sys

19:13:15.0439 5288 amdide - ok

19:13:15.0455 5288 AmdK8 (cdc3632a3a5ea4dbb83e46076a3165a1) C:\Windows\system32\drivers\amdk8.sys

19:13:15.0470 5288 AmdK8 - ok

19:13:15.0517 5288 Appinfo (9c37b3fd5615477cb9a0cd116cf43f5c) C:\Windows\System32\appinfo.dll

19:13:15.0533 5288 Appinfo - ok

19:13:15.0735 5288 arc (ba8417d4765f3988ff921f30f630e303) C:\Windows\system32\drivers\arc.sys

19:13:15.0751 5288 arc - ok

19:13:15.0751 5288 arcsas (9d41c435619733b34cc16a511e644b11) C:\Windows\system32\drivers\arcsas.sys

19:13:15.0767 5288 arcsas - ok

19:13:15.0813 5288 AsIO (8065a7659562005127673ac52898675f) C:\Windows\syswow64\drivers\AsIO.sys

19:13:15.0829 5288 AsIO - ok

19:13:15.0876 5288 AsSysCtrlService (edabc3fa8f941d2047da630e95e936c7) C:\Program Files (x86)\ASUS\AsSysCtrlService\1.00.00\AsSysCtrlService.exe

19:13:15.0907 5288 AsSysCtrlService ( UnsignedFile.Multi.Generic ) - warning

19:13:15.0907 5288 AsSysCtrlService - detected UnsignedFile.Multi.Generic (1)

19:13:15.0923 5288 AsyncMac (22d13ff3dafec2a80634752b1eaa2de6) C:\Windows\system32\DRIVERS\asyncmac.sys

19:13:15.0954 5288 AsyncMac - ok

19:13:15.0969 5288 atapi (e68d9b3a3905619732f7fe039466a623) C:\Windows\system32\drivers\atapi.sys

19:13:15.0985 5288 atapi - ok

19:13:15.0985 5288 AtiPcie (db0d3de15edc96e7529fc0d3f7760894) C:\Windows\system32\DRIVERS\AtiPcie.sys

19:13:15.0985 5288 AtiPcie - ok

19:13:16.0032 5288 AudioEndpointBuilder (79318c744693ec983d20e9337a2f8196) C:\Windows\System32\Audiosrv.dll

19:13:16.0047 5288 AudioEndpointBuilder - ok

19:13:16.0047 5288 AudioSrv (79318c744693ec983d20e9337a2f8196) C:\Windows\System32\Audiosrv.dll

19:13:16.0079 5288 AudioSrv - ok

19:13:16.0110 5288 Autodesk Licensing Service (17681266e789ba928cbed70dd58ee4b1) C:\Program Files (x86)\Common Files\Autodesk Shared\Service\AdskScSrv.exe

19:13:16.0125 5288 Autodesk Licensing Service ( UnsignedFile.Multi.Generic ) - warning

19:13:16.0125 5288 Autodesk Licensing Service - detected UnsignedFile.Multi.Generic (1)

19:13:16.0188 5288 Automatic LiveUpdate Scheduler (2843669c89a00950195f51dbb5db0b8e) C:\Program Files (x86)\Symantec\LiveUpdate\AluSchedulerSvc.exe

19:13:16.0203 5288 Automatic LiveUpdate Scheduler - ok

19:13:16.0235 5288 BFE (ffb96c2589ffa60473ead78b39fbde29) C:\Windows\System32\bfe.dll

19:13:16.0281 5288 BFE - ok

19:13:16.0359 5288 BITS (6d316f4859634071cc25c4fd4589ad2c) C:\Windows\System32\qmgr.dll

19:13:16.0406 5288 BITS - ok

19:13:16.0422 5288 blbdrive (79feeb40056683f8f61398d81dda65d2) C:\Windows\system32\drivers\blbdrive.sys

19:13:16.0453 5288 blbdrive - ok

19:13:16.0500 5288 Bonjour Service (3f56903e124e820aeece6d471583c6c1) C:\Program Files (x86)\Bonjour\mDNSResponder.exe

19:13:16.0515 5288 Bonjour Service - ok

19:13:16.0531 5288 bowser (2348447a80920b2493a9b582a23e81e1) C:\Windows\system32\DRIVERS\bowser.sys

19:13:16.0562 5288 bowser - ok

19:13:16.0578 5288 BrFiltLo (f09eee9edc320b5e1501f749fde686c8) C:\Windows\system32\drivers\brfiltlo.sys

19:13:16.0593 5288 BrFiltLo - ok

19:13:16.0593 5288 BrFiltUp (b114d3098e9bdb8bea8b053685831be6) C:\Windows\system32\drivers\brfiltup.sys

19:13:16.0609 5288 BrFiltUp - ok

19:13:16.0656 5288 Browser (a1b39de453433b115b4ea69ee0343816) C:\Windows\System32\browser.dll

19:13:16.0703 5288 Browser - ok

19:13:16.0718 5288 Brserid (f0f0ba4d815be446aa6a4583ca3bca9b) C:\Windows\system32\drivers\brserid.sys

19:13:16.0859 5288 Brserid - ok

19:13:16.0890 5288 BrSerWdm (a6eca2151b08a09caceca35c07f05b42) C:\Windows\system32\drivers\brserwdm.sys

19:13:16.0937 5288 BrSerWdm - ok

19:13:16.0968 5288 BrUsbMdm (b79968002c277e869cf38bd22cd61524) C:\Windows\system32\drivers\brusbmdm.sys

19:13:16.0999 5288 BrUsbMdm - ok

19:13:16.0999 5288 BrUsbSer (a87528880231c54e75ea7a44943b38bf) C:\Windows\system32\drivers\brusbser.sys

19:13:17.0030 5288 BrUsbSer - ok

19:13:17.0046 5288 BTHMODEM (e0777b34e05f8a82a21856efc900c29f) C:\Windows\system32\drivers\bthmodem.sys

19:13:17.0077 5288 BTHMODEM - ok

19:13:17.0093 5288 cdfs (b4d787db8d30793a4d4df9feed18f136) C:\Windows\system32\DRIVERS\cdfs.sys

19:13:17.0108 5288 cdfs - ok

19:13:17.0139 5288 cdrom (c025aa69be3d0d25c7a2e746ef6f94fc) C:\Windows\system32\DRIVERS\cdrom.sys

19:13:17.0155 5288 cdrom - ok

19:13:17.0171 5288 CertPropSvc (5a268127633c7ee2a7fb87f39d748d56) C:\Windows\System32\certprop.dll

19:13:17.0202 5288 CertPropSvc - ok

19:13:17.0202 5288 circlass (02ea568d498bbdd4ba55bf3fce34d456) C:\Windows\system32\drivers\circlass.sys

19:13:17.0249 5288 circlass - ok

19:13:17.0280 5288 CLFS (3dca9a18b204939cfb24bea53e31eb48) C:\Windows\system32\CLFS.sys

19:13:17.0295 5288 CLFS - ok

19:13:17.0373 5288 clr_optimization_v2.0.50727_32 (8ee772032e2fe80a924f3b8dd5082194) C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe

19:13:17.0373 5288 clr_optimization_v2.0.50727_32 - ok

19:13:17.0420 5288 clr_optimization_v2.0.50727_64 (ce07a466201096f021cd09d631b21540) C:\Windows\Microsoft.NET\Framework64\v2.0.50727\mscorsvw.exe

19:13:17.0420 5288 clr_optimization_v2.0.50727_64 - ok

19:13:17.0498 5288 clr_optimization_v4.0.30319_32 (c5a75eb48e2344abdc162bda79e16841) C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe

19:13:17.0498 5288 clr_optimization_v4.0.30319_32 - ok

19:13:17.0545 5288 clr_optimization_v4.0.30319_64 (c6f9af94dcd58122a4d7e89db6bed29d) C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe

19:13:17.0561 5288 clr_optimization_v4.0.30319_64 - ok

19:13:17.0576 5288 cmdide (e5d5499a1c50a54b5161296b6afe6192) C:\Windows\system32\drivers\cmdide.sys

19:13:17.0576 5288 cmdide - ok

19:13:17.0576 5288 Compbatt (7fb8ad01db0eabe60c8a861531a8f431) C:\Windows\system32\drivers\compbatt.sys

19:13:17.0592 5288 Compbatt - ok

19:13:17.0592 5288 COMSysApp - ok

19:13:17.0873 5288 cpuz130 - ok

19:13:17.0888 5288 crcdisk (a8585b6412253803ce8efcbd6d6dc15c) C:\Windows\system32\drivers\crcdisk.sys

19:13:17.0888 5288 crcdisk - ok

19:13:17.0935 5288 CryptSvc (18918613e63f387cde4d95ca7d49dcf7) C:\Windows\system32\cryptsvc.dll

19:13:17.0951 5288 CryptSvc - ok

19:13:17.0997 5288 DAUpdaterSvc (914a7156b0c0f10be645a02e13f576b2) C:\Program Files (x86)\Dragon Age\bin_ship\DAUpdaterSvc.Service.exe

19:13:18.0013 5288 DAUpdaterSvc - ok

19:13:18.0060 5288 DcomLaunch (cf8b9a3a5e7dc57724a89d0c3e8cf9ef) C:\Windows\system32\rpcss.dll

19:13:18.0107 5288 DcomLaunch - ok

19:13:18.0185 5288 DfsC (8b722ba35205c71e7951cdc4cdbade19) C:\Windows\system32\Drivers\dfsc.sys

19:13:18.0200 5288 DfsC - ok

19:13:18.0372 5288 DFSR (c647f468f7de343df8c143655c5557d4) C:\Windows\system32\DFSR.exe

19:13:18.0512 5288 DFSR - ok

19:13:18.0621 5288 Dhcp (3ed0321127ce70acdaabbf77e157c2a7) C:\Windows\System32\dhcpcsvc.dll

19:13:18.0637 5288 Dhcp - ok

19:13:18.0668 5288 disk (b0107e40ecdb5fa692ebf832f295d905) C:\Windows\system32\drivers\disk.sys

19:13:18.0684 5288 disk - ok

19:13:18.0699 5288 Dnscache (06230f1b721494a6df8d47fd395bb1b0) C:\Windows\System32\dnsrslvr.dll

19:13:18.0715 5288 Dnscache - ok

19:13:18.0746 5288 dot3svc (1a7156dd1e850e9914e5e991e3225b94) C:\Windows\System32\dot3svc.dll

19:13:18.0762 5288 dot3svc - ok

19:13:18.0793 5288 DPS (1583b39790db3eaec7edb0cb0140c708) C:\Windows\system32\dps.dll

19:13:18.0809 5288 DPS - ok

19:13:18.0840 5288 drmkaud (f1a78a98cfc2ee02144c6bec945447e6) C:\Windows\system32\drivers\drmkaud.sys

19:13:18.0855 5288 drmkaud - ok

19:13:18.0933 5288 DXGKrnl (b8e554e502d5123bc111f99d6a2181b4) C:\Windows\System32\drivers\dxgkrnl.sys

19:13:18.0949 5288 DXGKrnl - ok

19:13:18.0996 5288 E1G60 (264cee7b031a9d6c827f3d0cb031f2fe) C:\Windows\system32\DRIVERS\E1G6032E.sys

19:13:19.0027 5288 E1G60 - ok

19:13:19.0058 5288 EapHost (c2303883fd9be49dc36a6400643002ea) C:\Windows\System32\eapsvc.dll

19:13:19.0074 5288 EapHost - ok

19:13:19.0089 5288 Ecache (5f94962be5a62db6e447ff6470c4f48a) C:\Windows\system32\drivers\ecache.sys

19:13:19.0105 5288 Ecache - ok

19:13:19.0183 5288 ehRecvr (14ce384d2e27b64c256bda4dc39c312d) C:\Windows\ehome\ehRecvr.exe

19:13:19.0214 5288 ehRecvr - ok

19:13:19.0214 5288 ehSched (b93159c1313d66fdfbbe876f5189cd52) C:\Windows\ehome\ehsched.exe

19:13:19.0230 5288 ehSched - ok

19:13:19.0245 5288 ehstart (f5ee2527d74449868e3c3227a59bcd28) C:\Windows\ehome\ehstart.dll

19:13:19.0261 5288 ehstart - ok

19:13:19.0308 5288 elxstor (c4636d6e10469404ab5308d9fd45ed07) C:\Windows\system32\drivers\elxstor.sys

19:13:19.0308 5288 elxstor - ok

19:13:19.0355 5288 EMDMgmt (a9b18b63a4fd6baab83326706d857fab) C:\Windows\system32\emdmgmt.dll

19:13:19.0386 5288 EMDMgmt - ok

19:13:19.0401 5288 ENTECH64 (12c061d9f9621be916d58191872ec281) C:\Windows\system32\DRIVERS\ENTECH64.sys

19:13:19.0401 5288 ENTECH64 - ok

19:13:19.0417 5288 ErrDev (bc3a58e938bb277e46bf4b3003b01abd) C:\Windows\system32\drivers\errdev.sys

19:13:19.0433 5288 ErrDev - ok

19:13:19.0526 5288 EventSystem (e12f22b73f153dece721cd45ec05b4af) C:\Windows\system32\es.dll

19:13:19.0557 5288 EventSystem - ok

19:13:19.0604 5288 exfat (486844f47b6636044a42454614ed4523) C:\Windows\system32\drivers\exfat.sys

19:13:19.0620 5288 exfat - ok

19:13:19.0651 5288 fastfat (1a4bee34277784619ddaf0422c0c6e23) C:\Windows\system32\drivers\fastfat.sys

19:13:19.0682 5288 fastfat - ok

19:13:19.0682 5288 fdc (81b79b6df71fa1d2c6d688d830616e39) C:\Windows\system32\DRIVERS\fdc.sys

19:13:19.0713 5288 fdc - ok

19:13:19.0713 5288 fdPHost (bb9267acacd8b7533dd936c34a0cba5e) C:\Windows\system32\fdPHost.dll

19:13:19.0729 5288 fdPHost - ok

19:13:19.0745 5288 FDResPub (300c80931eabbe1db7591c516efe8d0f) C:\Windows\system32\fdrespub.dll

19:13:19.0791 5288 FDResPub - ok

19:13:19.0947 5288 File Backup (d9d2bfc887ac241e1a4bf019c325552c) C:\Program Files (x86)\Workspace\offSyncService.exe

19:13:19.0979 5288 File Backup - ok

19:13:19.0979 5288 FileInfo (457b7d1d533e4bd62a99aed9c7bb4c59) C:\Windows\system32\drivers\fileinfo.sys

19:13:19.0994 5288 FileInfo - ok

19:13:20.0025 5288 Filetrace (d421327fd6efccaf884a54c58e1b0d7f) C:\Windows\system32\drivers\filetrace.sys

19:13:20.0057 5288 Filetrace - ok

19:13:20.0135 5288 FLEXnet Licensing Service (1f63900e2eb00101b9aca2b7a870704e) C:\Program Files (x86)\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe

19:13:20.0166 5288 FLEXnet Licensing Service - ok

19:13:20.0353 5288 FLEXnet Licensing Service 64 (1c3fb052a0bb72edaed90785c34d6eed) C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService64.exe

19:13:20.0384 5288 FLEXnet Licensing Service 64 - ok

19:13:20.0462 5288 flpydisk (230923ea2b80f79b0f88d90f87b87ebd) C:\Windows\system32\DRIVERS\flpydisk.sys

19:13:20.0493 5288 flpydisk - ok

19:13:20.0525 5288 FltMgr (e3041bc26d6930d61f42aedb79c91720) C:\Windows\system32\drivers\fltmgr.sys

19:13:20.0525 5288 FltMgr - ok

19:13:20.0821 5288 FMS (8795fd92b624648dabe7b75129ef8002) C:\Program Files (x86)\Adobe\Flash Media Server 3.5\FMSMaster.exe

19:13:20.0961 5288 FMS ( UnsignedFile.Multi.Generic ) - warning

19:13:20.0961 5288 FMS - detected UnsignedFile.Multi.Generic (1)

19:13:21.0149 5288 FMSAdmin (2db70167c13f2339a63e694291fd1bfd) C:\Program Files (x86)\Adobe\Flash Media Server 3.5\FMSAdmin.exe

19:13:21.0211 5288 FMSAdmin ( UnsignedFile.Multi.Generic ) - warning

19:13:21.0211 5288 FMSAdmin - detected UnsignedFile.Multi.Generic (1)

19:13:21.0507 5288 FMSHttpd (8881574868e648689b7aa88a88716e17) C:\Program Files (x86)\Adobe\Flash Media Server 3.5\Apache2.2\bin\httpd.exe

19:13:21.0523 5288 FMSHttpd ( UnsignedFile.Multi.Generic ) - warning

19:13:21.0523 5288 FMSHttpd - detected UnsignedFile.Multi.Generic (1)

19:13:21.0617 5288 FontCache (be1c5bd1ca7ed015bc6fa1ae67e592c8) C:\Windows\system32\FntCache.dll

19:13:21.0648 5288 FontCache - ok

19:13:21.0741 5288 FontCache3.0.0.0 (bc5b0be5af3510b0fd8c140ee42c6d3e) C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe

19:13:21.0741 5288 FontCache3.0.0.0 - ok

19:13:21.0788 5288 Fs_Rec (29d99e860a1ca0a03c6a733fdd0da703) C:\Windows\system32\drivers\Fs_Rec.sys

19:13:21.0819 5288 Fs_Rec - ok

19:13:21.0851 5288 gagp30kx (c8e416668d3dc2be3d4fe4c79224997f) C:\Windows\system32\drivers\gagp30kx.sys

19:13:21.0866 5288 gagp30kx - ok

19:13:21.0913 5288 gpsvc (a0e1b575ba8f504968cd40c0faeb2384) C:\Windows\System32\gpsvc.dll

19:13:21.0944 5288 gpsvc - ok

19:13:21.0991 5288 gupdate (8f0de4fef8201e306f9938b0905ac96a) C:\Program Files (x86)\Google\Update\GoogleUpdate.exe

19:13:22.0007 5288 gupdate - ok

19:13:22.0007 5288 gupdatem (8f0de4fef8201e306f9938b0905ac96a) C:\Program Files (x86)\Google\Update\GoogleUpdate.exe

19:13:22.0007 5288 gupdatem - ok

19:13:22.0053 5288 HdAudAddService (df45f8142dc6df9d18c39b3effbd0409) C:\Windows\system32\drivers\HdAudio.sys

19:13:22.0085 5288 HdAudAddService - ok

19:13:22.0365 5288 HDAudBus (f942c5820205f2fb453243edfec82a3d) C:\Windows\system32\DRIVERS\HDAudBus.sys

19:13:22.0397 5288 HDAudBus - ok

19:13:22.0475 5288 HidBth (b4881c84a180e75b8c25dc1d726c375f) C:\Windows\system32\drivers\hidbth.sys

19:13:22.0521 5288 HidBth - ok

19:13:22.0537 5288 HidIr (4e77a77e2c986e8f88f996bb3e1ad829) C:\Windows\system32\drivers\hidir.sys

19:13:22.0568 5288 HidIr - ok

19:13:22.0631 5288 hidserv (59361d38a297755d46a540e450202b2a) C:\Windows\system32\hidserv.dll

19:13:22.0646 5288 hidserv - ok

19:13:22.0662 5288 HidUsb (443bdd2d30bb4f00795c797e2cf99edf) C:\Windows\system32\DRIVERS\hidusb.sys

19:13:22.0677 5288 HidUsb - ok

19:13:22.0724 5288 hkmsvc (b12f367ea39c0795fd57e31242ce1a5a) C:\Windows\system32\kmsvc.dll

19:13:22.0755 5288 hkmsvc - ok

19:13:22.0787 5288 HpCISSs (d7109a1e6bd2dfdbcba72a6bc626a13b) C:\Windows\system32\drivers\hpcisss.sys

19:13:22.0787 5288 HpCISSs - ok

19:13:22.0849 5288 hpqcxs08 (ce0fcec4d4d860f36d972759b11eaf0f) C:\Program Files (x86)\HP\Digital Imaging\bin\hpqcxs08.dll

19:13:22.0865 5288 hpqcxs08 ( UnsignedFile.Multi.Generic ) - warning

19:13:22.0865 5288 hpqcxs08 - detected UnsignedFile.Multi.Generic (1)

19:13:22.0896 5288 hpqddsvc (7da3211ac63edd90b8eca1ca1abfd43b) C:\Program Files (x86)\HP\Digital Imaging\bin\hpqddsvc.dll

19:13:22.0896 5288 hpqddsvc ( UnsignedFile.Multi.Generic ) - warning

19:13:22.0896 5288 hpqddsvc - detected UnsignedFile.Multi.Generic (1)

19:13:22.0943 5288 HPSLPSVC (298a6890a7ac415dabb35047d168f13b) C:\Program Files (x86)\HP\Digital Imaging\bin\HPSLPSVC64.DLL

19:13:22.0958 5288 HPSLPSVC ( UnsignedFile.Multi.Generic ) - warning

19:13:22.0958 5288 HPSLPSVC - detected UnsignedFile.Multi.Generic (1)

19:13:23.0067 5288 HTTP (098f1e4e5c9cb5b0063a959063631610) C:\Windows\system32\drivers\HTTP.sys

19:13:23.0099 5288 HTTP - ok

19:13:23.0099 5288 i2omp (da94c854cea5fac549d4e1f6e88349e8) C:\Windows\system32\drivers\i2omp.sys

19:13:23.0114 5288 i2omp - ok

19:13:23.0130 5288 i8042prt (cbb597659a2713ce0c9cc20c88c7591f) C:\Windows\system32\DRIVERS\i8042prt.sys

19:13:23.0145 5288 i8042prt - ok

19:13:23.0255 5288 iaStorV (3e3bf3627d886736d0b4e90054f929f6) C:\Windows\system32\drivers\iastorv.sys

19:13:23.0270 5288 iaStorV - ok

19:13:23.0348 5288 IDriverT (6f95324909b502e2651442c1548ab12f) C:\Program Files (x86)\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe

19:13:23.0364 5288 IDriverT ( UnsignedFile.Multi.Generic ) - warning

19:13:23.0364 5288 IDriverT - detected UnsignedFile.Multi.Generic (1)

19:13:23.0473 5288 idsvc (749f5f8cedca70f2a512945325fc489d) C:\Windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\infocard.exe

19:13:23.0489 5288 idsvc - ok

19:13:23.0582 5288 IHA_MessageCenter (5cab9d1ab5c9384d28dff89dbe7a72bb) C:\Program Files (x86)\Verizon\IHA_MessageCenter\Bin\Verizon_IHAMessageCenter.exe

19:13:23.0613 5288 IHA_MessageCenter ( UnsignedFile.Multi.Generic ) - warning

19:13:23.0613 5288 IHA_MessageCenter - detected UnsignedFile.Multi.Generic (1)

19:13:23.0660 5288 iirsp (8c3951ad2fe886ef76c7b5027c3125d3) C:\Windows\system32\drivers\iirsp.sys

19:13:23.0660 5288 iirsp - ok

19:13:23.0707 5288 IKEEXT (0c9ea6e654e7b0471741e343a6c671af) C:\Windows\System32\ikeext.dll

19:13:23.0723 5288 IKEEXT - ok

19:13:23.0738 5288 intelide (df797a12176f11b2d301c5b234bb200e) C:\Windows\system32\drivers\intelide.sys

19:13:23.0738 5288 intelide - ok

19:13:23.0754 5288 intelppm (bfd84af32fa1bad6231c4585cb469630) C:\Windows\system32\DRIVERS\intelppm.sys

19:13:23.0769 5288 intelppm - ok

19:13:23.0816 5288 IPBusEnum (5624bc1bc5eeb49c0ab76a8114f05ea3) C:\Windows\system32\ipbusenum.dll

19:13:23.0832 5288 IPBusEnum - ok

19:13:23.0879 5288 IpFilterDriver (d8aabc341311e4780d6fce8c73c0ad81) C:\Windows\system32\DRIVERS\ipfltdrv.sys

19:13:23.0894 5288 IpFilterDriver - ok

19:13:23.0957 5288 iphlpsvc (bf0dbfa9792c5c14fa00f61c75116c1b) C:\Windows\System32\iphlpsvc.dll

19:13:23.0972 5288 iphlpsvc - ok

19:13:23.0972 5288 IpInIp - ok

19:13:24.0050 5288 IPMIDRV (9c2ee2e6e5a7203bfae15c299475ec67) C:\Windows\system32\drivers\ipmidrv.sys

19:13:24.0066 5288 IPMIDRV - ok

19:13:24.0081 5288 IPNAT (b7e6212f581ea5f6ab0c3a6ceeeb89be) C:\Windows\system32\DRIVERS\ipnat.sys

19:13:24.0128 5288 IPNAT - ok

19:13:24.0128 5288 IRENUM (8c42ca155343a2f11d29feca67faa88d) C:\Windows\system32\drivers\irenum.sys

19:13:24.0144 5288 IRENUM - ok

19:13:24.0300 5288 is3srv (8598e4a12eaa945b35365dd2750b9777) C:\Windows\syswow64\drivers\is3srv64.sys

19:13:24.0300 5288 is3srv - ok

19:13:24.0300 5288 isapnp (0672bfcedc6fc468a2b0500d81437f4f) C:\Windows\system32\drivers\isapnp.sys

19:13:24.0315 5288 isapnp - ok

19:13:24.0347 5288 iScsiPrt (e4fdf99599f27ec25d2cf6d754243520) C:\Windows\system32\DRIVERS\msiscsi.sys

19:13:24.0362 5288 iScsiPrt - ok

19:13:24.0378 5288 iteatapi (63c766cdc609ff8206cb447a65abba4a) C:\Windows\system32\drivers\iteatapi.sys

19:13:24.0378 5288 iteatapi - ok

19:13:24.0393 5288 iteraid (1281fe73b17664631d12f643cbea3f59) C:\Windows\system32\drivers\iteraid.sys

19:13:24.0393 5288 iteraid - ok

19:13:24.0409 5288 kbdclass (423696f3ba6472dd17699209b933bc26) C:\Windows\system32\DRIVERS\kbdclass.sys

19:13:24.0409 5288 kbdclass - ok

19:13:24.0425 5288 kbdhid (dbdf75d51464fbc47d0104ec3d572c05) C:\Windows\system32\DRIVERS\kbdhid.sys

19:13:24.0440 5288 kbdhid - ok

19:13:24.0487 5288 KeyIso (260bf9c43ee12c6898a9f5aab0fb0e5d) C:\Windows\system32\lsass.exe

19:13:24.0518 5288 KeyIso - ok

19:13:24.0565 5288 KSecDD (2758d174604f597bbc8a217ff667913d) C:\Windows\system32\Drivers\ksecdd.sys

19:13:24.0581 5288 KSecDD - ok

19:13:24.0643 5288 ksthunk (1d419cf43db29396ecd7113d129d94eb) C:\Windows\system32\drivers\ksthunk.sys

19:13:24.0659 5288 ksthunk - ok

19:13:24.0690 5288 KtmRm (1faf6926f3416d3da05c5b265491bdae) C:\Windows\system32\msdtckrm.dll

19:13:24.0721 5288 KtmRm - ok

19:13:24.0768 5288 L1E (3e3d1d8dcb2ca53463d34252e99465d3) C:\Windows\system32\DRIVERS\L1E60x64.sys

19:13:24.0783 5288 L1E - ok

19:13:24.0830 5288 LanmanServer (50c7a3cb427e9bb5ed0708a669956ab5) C:\Windows\system32\srvsvc.dll

19:13:24.0846 5288 LanmanServer - ok

19:13:24.0877 5288 LanmanWorkstation (caf86fc1388be1e470f1a7b43e348adb) C:\Windows\System32\wkssvc.dll

19:13:24.0908 5288 LanmanWorkstation - ok

19:13:25.0080 5288 LBTServ (7772dfab22611050b79504e671b06e6e) C:\Program Files\Common Files\LogiShrd\Bluetooth\lbtserv.exe

19:13:25.0095 5288 LBTServ - ok

19:13:25.0127 5288 LHidFilt (241f2648adf090e2a10095bd6d6f5dcb) C:\Windows\system32\DRIVERS\LHidFilt.Sys

19:13:25.0127 5288 LHidFilt - ok

19:13:25.0345 5288 LiveUpdate (36375738dc0b3cd1f764268008e74fdf) C:\Program Files (x86)\Symantec\LiveUpdate\LuComServer_3_4.EXE

19:13:25.0423 5288 LiveUpdate - ok

19:13:25.0548 5288 lltdio (96ece2659b6654c10a0c310ae3a6d02c) C:\Windows\system32\DRIVERS\lltdio.sys

19:13:25.0579 5288 lltdio - ok

19:13:25.0610 5288 lltdsvc (961ccbd0b1ccb5675d64976fae37d092) C:\Windows\System32\lltdsvc.dll

19:13:25.0626 5288 lltdsvc - ok

19:13:25.0641 5288 lmhosts (a47f8080cacc23c91fe823ad19aa5612) C:\Windows\System32\lmhsvc.dll

19:13:25.0688 5288 lmhosts - ok

19:13:25.0704 5288 LMouFilt (342ed5a4b3326014438f36d22d803737) C:\Windows\system32\DRIVERS\LMouFilt.Sys

19:13:25.0704 5288 LMouFilt - ok

19:13:25.0751 5288 LSI_FC (acbe1af32d3123e330a07bfbc5ec4a9b) C:\Windows\system32\drivers\lsi_fc.sys

19:13:25.0766 5288 LSI_FC - ok

19:13:25.0782 5288 LSI_SAS (799ffb2fc4729fa46d2157c0065b3525) C:\Windows\system32\drivers\lsi_sas.sys

19:13:25.0782 5288 LSI_SAS - ok

19:13:25.0797 5288 LSI_SCSI (f445ff1daad8a226366bfaf42551226b) C:\Windows\system32\drivers\lsi_scsi.sys

19:13:25.0797 5288 LSI_SCSI - ok

19:13:25.0813 5288 luafv (52f87b9cc8932c2a7375c3b2a9be5e3e) C:\Windows\system32\drivers\luafv.sys

19:13:25.0829 5288 luafv - ok

19:13:25.0875 5288 MBAMProtector (dc8490812a3b72811ae534f423b4c206) C:\Windows\system32\drivers\mbam.sys

19:13:25.0891 5288 MBAMProtector - ok

19:13:25.0985 5288 MBAMService (43683e970f008c93c9429ef428147a54) C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe

19:13:26.0000 5288 MBAMService - ok

19:13:26.0031 5288 Mcx2Svc (76a58df02bd4ea29f189b82d0bef17f8) C:\Windows\system32\Mcx2Svc.dll

19:13:26.0047 5288 Mcx2Svc - ok

19:13:26.0063 5288 megasas (5c5cd6aaced32fb26c3fb34b3dcf972f) C:\Windows\system32\drivers\megasas.sys

19:13:26.0063 5288 megasas - ok

19:13:26.0078 5288 MegaSR (859bc2436b076c77c159ed694acfe8f8) C:\Windows\system32\drivers\megasr.sys

19:13:26.0094 5288 MegaSR - ok

19:13:26.0172 5288 mi-raysat_3dsmax9_32 (aa0c4a2c33ce075df2c272d678734991) C:\Program Files (x86)\Autodesk\3ds Max 9\mentalray\satellite\raysat_3dsmax9_32server.exe

19:13:26.0172 5288 mi-raysat_3dsmax9_32 ( UnsignedFile.Multi.Generic ) - warning

19:13:26.0172 5288 mi-raysat_3dsmax9_32 - detected UnsignedFile.Multi.Generic (1)

19:13:26.0187 5288 MMCSS (3cbe4995e80e13ccfbc42e5dcf3ac81a) C:\Windows\system32\mmcss.dll

19:13:26.0203 5288 MMCSS - ok

19:13:26.0219 5288 Modem (59848d5cc74606f0ee7557983bb73c2e) C:\Windows\system32\drivers\modem.sys

19:13:26.0265 5288 Modem - ok

19:13:26.0312 5288 monitor (c247cc2a57e0a0c8c6dccf7807b3e9e5) C:\Windows\system32\DRIVERS\monitor.sys

19:13:26.0328 5288 monitor - ok

19:13:26.0359 5288 mouclass (9367304e5e412b120cf5f4ea14e4e4f1) C:\Windows\system32\DRIVERS\mouclass.sys

19:13:26.0359 5288 mouclass - ok

19:13:26.0390 5288 moufiltr (21b7acea1bb49c3371dd5427bf309d6a) C:\Windows\system32\DRIVERS\moufiltr.sys

19:13:26.0406 5288 moufiltr - ok

19:13:26.0421 5288 mouhid (c2c2bd5c5ce5aaf786ddd74b75d2ac69) C:\Windows\system32\DRIVERS\mouhid.sys

19:13:26.0453 5288 mouhid - ok

19:13:26.0453 5288 MountMgr (11bc9b1e8801b01f7f6adb9ead30019b) C:\Windows\system32\drivers\mountmgr.sys

19:13:26.0468 5288 MountMgr - ok

19:13:26.0499 5288 MozillaMaintenance (46297fa8e30a6007f14118fc2b942fbc) C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe

19:13:26.0515 5288 MozillaMaintenance - ok

19:13:26.0531 5288 mpio (f8276eb8698142884498a528dfea8478) C:\Windows\system32\drivers\mpio.sys

19:13:26.0546 5288 mpio - ok

19:13:26.0562 5288 mpsdrv (c92b9abdb65a5991e00c28f13491dba2) C:\Windows\system32\drivers\mpsdrv.sys

19:13:26.0577 5288 mpsdrv - ok

19:13:26.0609 5288 MpsSvc (897e3baf68ba406a61682ae39c83900c) C:\Windows\system32\mpssvc.dll

19:13:26.0640 5288 MpsSvc - ok

19:13:26.0655 5288 Mraid35x (3c200630a89ef2c0864d515b7a75802e) C:\Windows\system32\drivers\mraid35x.sys

19:13:26.0655 5288 Mraid35x - ok

19:13:26.0702 5288 MRxDAV (7c1de4aa96dc0c071611f9e7de02a68d) C:\Windows\system32\drivers\mrxdav.sys

19:13:26.0718 5288 MRxDAV - ok

19:13:26.0733 5288 mrxsmb (1485811b320ff8c7edad1caebb1c6c2b) C:\Windows\system32\DRIVERS\mrxsmb.sys

19:13:26.0765 5288 mrxsmb - ok

19:13:26.0811 5288 mrxsmb10 (3b929a60c833fc615fd97fba82bc7632) C:\Windows\system32\DRIVERS\mrxsmb10.sys

19:13:26.0827 5288 mrxsmb10 - ok

19:13:26.0827 5288 mrxsmb20 (c64ab3e1f53b4f5b5bb6d796b2d7bec3) C:\Windows\system32\DRIVERS\mrxsmb20.sys

19:13:26.0843 5288 mrxsmb20 - ok

19:13:26.0843 5288 msahci (1ac860612b85d8e85ee257d372e39f4d) C:\Windows\system32\drivers\msahci.sys

19:13:26.0858 5288 msahci - ok

19:13:26.0874 5288 msdsm (264bbb4aaf312a485f0e44b65a6b7202) C:\Windows\system32\drivers\msdsm.sys

19:13:26.0874 5288 msdsm - ok

19:13:26.0905 5288 MSDTC (7ec02ce772f068ed0beafa3da341a9bc) C:\Windows\System32\msdtc.exe

19:13:26.0921 5288 MSDTC - ok

19:13:26.0952 5288 Msfs (704f59bfc4512d2bb0146aec31b10a7c) C:\Windows\system32\drivers\Msfs.sys

19:13:26.0967 5288 Msfs - ok

19:13:26.0983 5288 msisadrv (00ebc952961664780d43dca157e79b27) C:\Windows\system32\drivers\msisadrv.sys

19:13:26.0983 5288 msisadrv - ok

19:13:27.0030 5288 MSiSCSI (366b0c1f4478b519c181e37d43dcda32) C:\Windows\system32\iscsiexe.dll

19:13:27.0061 5288 MSiSCSI - ok

19:13:27.0061 5288 msiserver - ok

19:13:27.0077 5288 MSKSSRV (0ea73e498f53b96d83dbfca074ad4cf8) C:\Windows\system32\drivers\MSKSSRV.sys

19:13:27.0092 5288 MSKSSRV - ok

19:13:27.0108 5288 MSPCLOCK (52e59b7e992a58e740aa63f57edbae8b) C:\Windows\system32\drivers\MSPCLOCK.sys

19:13:27.0123 5288 MSPCLOCK - ok

19:13:27.0139 5288 MSPQM (49084a75bae043ae02d5b44d02991bb2) C:\Windows\system32\drivers\MSPQM.sys

19:13:27.0155 5288 MSPQM - ok

19:13:27.0186 5288 MsRPC (dc6ccf440cdede4293db41c37a5060a5) C:\Windows\system32\drivers\MsRPC.sys

19:13:27.0201 5288 MsRPC - ok

19:13:27.0217 5288 mssmbios (855796e59df77ea93af46f20155bf55b) C:\Windows\system32\DRIVERS\mssmbios.sys

19:13:27.0217 5288 mssmbios - ok

19:13:27.0264 5288 MSSQL$BWDATOOLSET - ok

19:13:27.0279 5288 MSSQLServerADHelper (1d89eb4e2a99cabd4e81225f4f4c4b25) C:\Program Files (x86)\Microsoft SQL Server\90\Shared\sqladhlp90.exe

19:13:27.0295 5288 MSSQLServerADHelper - ok

19:13:27.0295 5288 MSTEE (86d632d75d05d5b7c7c043fa3564ae86) C:\Windows\system32\drivers\MSTEE.sys

19:13:27.0311 5288 MSTEE - ok

19:13:27.0373 5288 MTsensor (6936198f2cc25b39cf5262436c80df46) C:\Windows\system32\DRIVERS\ASACPI.sys

19:13:27.0389 5288 MTsensor - ok

19:13:27.0529 5288 Mup (0cc49f78d8aca0877d885f149084e543) C:\Windows\system32\Drivers\mup.sys

19:13:27.0529 5288 Mup - ok

19:13:27.0607 5288 napagent (a5b10c845e7538c60c0f5d87a57cb3f5) C:\Windows\system32\qagentRT.dll

19:13:27.0623 5288 napagent - ok

19:13:27.0654 5288 NativeWifiP (2007b826c4acd94ae32232b41f0842b9) C:\Windows\system32\DRIVERS\nwifi.sys

19:13:27.0669 5288 NativeWifiP - ok

19:13:27.0701 5288 NDIS (65950e07329fcee8e6516b17c8d0abb6) C:\Windows\system32\drivers\ndis.sys

19:13:27.0716 5288 NDIS - ok

19:13:27.0716 5288 NdisTapi (64df698a425478e321981431ac171334) C:\Windows\system32\DRIVERS\ndistapi.sys

19:13:27.0732 5288 NdisTapi - ok

19:13:27.0810 5288 Ndisuio (8baa43196d7b5bb972c9a6b2bbf61a19) C:\Windows\system32\DRIVERS\ndisuio.sys

19:13:27.0825 5288 Ndisuio - ok

19:13:27.0872 5288 NdisWan (f8158771905260982ce724076419ef19) C:\Windows\system32\DRIVERS\ndiswan.sys

19:13:27.0888 5288 NdisWan - ok

19:13:27.0903 5288 NDProxy (9cb77ed7cb72850253e973a2d6afdf49) C:\Windows\system32\drivers\NDProxy.sys

19:13:27.0919 5288 NDProxy - ok

19:13:27.0950 5288 Net Driver HPZ12 (bd94210175c488f18add3e189ee9304c) C:\Windows\system32\HPZinw12.dll

19:13:27.0950 5288 Net Driver HPZ12 ( UnsignedFile.Multi.Generic ) - warning

19:13:27.0950 5288 Net Driver HPZ12 - detected UnsignedFile.Multi.Generic (1)

19:13:27.0966 5288 NetBIOS (a499294f5029a7862adc115bda7371ce) C:\Windows\system32\DRIVERS\netbios.sys

19:13:27.0981 5288 NetBIOS - ok

19:13:28.0013 5288 netbt (fc2c792ebddc8e28df939d6a92c83d61) C:\Windows\system32\DRIVERS\netbt.sys

19:13:28.0028 5288 netbt - ok

19:13:28.0044 5288 Netlogon (260bf9c43ee12c6898a9f5aab0fb0e5d) C:\Windows\system32\lsass.exe

19:13:28.0059 5288 Netlogon - ok

19:13:28.0091 5288 Netman (9b63b29defc0f3115a559d2597bf5d75) C:\Windows\System32\netman.dll

19:13:28.0122 5288 Netman - ok

19:13:28.0169 5288 netprofm (7846d0136cc2b264926a73047ba7688a) C:\Windows\System32\netprofm.dll

19:13:28.0200 5288 netprofm - ok

19:13:28.0247 5288 NetTcpPortSharing (74751dda198165947fd7454d83f49825) C:\Windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\SMSvcHost.exe

19:13:28.0262 5288 NetTcpPortSharing - ok

19:13:28.0262 5288 nfrd960 (4ac08bd6af2df42e0c3196d826c8aea7) C:\Windows\system32\drivers\nfrd960.sys

19:13:28.0262 5288 nfrd960 - ok

19:13:28.0309 5288 NlaSvc (f145bf4c4668e7e312069f81ef847cfc) C:\Windows\System32\nlasvc.dll

19:13:28.0340 5288 NlaSvc - ok

19:13:28.0356 5288 Npfs (b298874f8e0ea93f06ec40aa8d146478) C:\Windows\system32\drivers\Npfs.sys

19:13:28.0371 5288 Npfs - ok

19:13:28.0403 5288 nsi (acb62baa1c319b17752553df3026eeeb) C:\Windows\system32\nsisvc.dll

19:13:28.0418 5288 nsi - ok

19:13:28.0434 5288 nsiproxy (1523af19ee8b030ba682f7a53537eaeb) C:\Windows\system32\drivers\nsiproxy.sys

19:13:28.0465 5288 nsiproxy - ok

19:13:28.0543 5288 Ntfs (bac869dfb98e499ba4d9bb1fb43270e1) C:\Windows\system32\drivers\Ntfs.sys

19:13:28.0559 5288 Ntfs - ok

19:13:28.0699 5288 Null (dd5d684975352b85b52e3fd5347c20cb) C:\Windows\system32\drivers\Null.sys

19:13:28.0715 5288 Null - ok

19:13:29.0339 5288 nvlddmkm (0eb204639119370f5f8f2871fbf4e14b) C:\Windows\system32\DRIVERS\nvlddmkm.sys

19:13:29.0822 5288 nvlddmkm - ok

19:13:29.0947 5288 nvraid (2c040b7ada5b06f6facadac8514aa034) C:\Windows\system32\drivers\nvraid.sys

19:13:29.0947 5288 nvraid - ok

19:13:29.0963 5288 nvstor (f7ea0fe82842d05eda3efdd376dbfdba) C:\Windows\system32\drivers\nvstor.sys

19:13:29.0963 5288 nvstor - ok

19:13:30.0025 5288 nvsvc (32ff8ee6dcee5c0cb91ff892fb1ca364) C:\Windows\system32\nvvsvc.exe

19:13:30.0041 5288 nvsvc - ok

19:13:30.0181 5288 nvUpdatusService (bd012dc22c78be1071bc21eb125d782f) C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe

19:13:30.0228 5288 nvUpdatusService - ok

19:13:30.0259 5288 nv_agp (19067ca93075ef4823e3938a686f532f) C:\Windows\system32\drivers\nv_agp.sys

19:13:30.0275 5288 nv_agp - ok

19:13:30.0275 5288 NwlnkFlt - ok

19:13:30.0275 5288 NwlnkFwd - ok

19:13:30.0384 5288 ohci1394 (b5b1ce65ac15bbd11c0619e3ef7cfc28) C:\Windows\system32\DRIVERS\ohci1394.sys

19:13:30.0415 5288 ohci1394 - ok

19:13:30.0477 5288 p2pimsvc (9ae31d2e1d15c10d91318e0ec149ceac) C:\Windows\system32\p2psvc.dll

19:13:30.0509 5288 p2pimsvc - ok

19:13:30.0524 5288 p2psvc (9ae31d2e1d15c10d91318e0ec149ceac) C:\Windows\system32\p2psvc.dll

19:13:30.0540 5288 p2psvc - ok

19:13:30.0571 5288 Parport (aecd57f94c887f58919f307c35498ea0) C:\Windows\system32\drivers\parport.sys

19:13:30.0602 5288 Parport - ok

19:13:30.0680 5288 partmgr (f9b5eda4c17a2be7663f064dbf0fe254) C:\Windows\system32\drivers\partmgr.sys

19:13:30.0680 5288 partmgr - ok

19:13:30.0758 5288 PcaSvc (9ab157b374192ff276c1628fbdba2b0e) C:\Windows\System32\pcasvc.dll

19:13:30.0774 5288 PcaSvc - ok

19:13:30.0789 5288 pci (47ab1e0fc9d0e12bb53ba246e3a0906d) C:\Windows\system32\drivers\pci.sys

19:13:30.0805 5288 pci - ok

19:13:30.0836 5288 pciide (2657f6c0b78c36d95034be109336e382) C:\Windows\system32\drivers\pciide.sys

19:13:30.0836 5288 pciide - ok

19:13:30.0852 5288 pcmcia (037661f3d7c507c9993b7010ceee6288) C:\Windows\system32\drivers\pcmcia.sys

19:13:30.0852 5288 pcmcia - ok

19:13:30.0883 5288 PEAUTH (58865916f53592a61549b04941bfd80d) C:\Windows\system32\drivers\peauth.sys

19:13:30.0930 5288 PEAUTH - ok

19:13:31.0008 5288 PerfHost (0ed8727ea0172860f47258456c06caea) C:\Windows\SysWow64\perfhost.exe

19:13:31.0023 5288 PerfHost - ok

19:13:31.0164 5288 pla (e9e68c1a0f25cf4a7ac966eea74ee89e) C:\Windows\system32\pla.dll

19:13:31.0195 5288 pla - ok

19:13:31.0242 5288 PlugPlay (fe6b0f59215c9fd9f9d26539c58c8b82) C:\Windows\system32\umpnpmgr.dll

19:13:31.0257 5288 PlugPlay - ok

19:13:31.0304 5288 Pml Driver HPZ12 (7fe2afb17d91cf39843d6766ea31cfc7) C:\Windows\system32\HPZipm12.dll

19:13:31.0304 5288 Pml Driver HPZ12 ( UnsignedFile.Multi.Generic ) - warning

19:13:31.0304 5288 Pml Driver HPZ12 - detected UnsignedFile.Multi.Generic (1)

19:13:31.0304 5288 PnkBstrA - ok

19:13:31.0367 5288 PNRPAutoReg (9ae31d2e1d15c10d91318e0ec149ceac) C:\Windows\system32\p2psvc.dll

19:13:31.0382 5288 PNRPAutoReg - ok

19:13:31.0398 5288 PNRPsvc (9ae31d2e1d15c10d91318e0ec149ceac) C:\Windows\system32\p2psvc.dll

19:13:31.0413 5288 PNRPsvc - ok

19:13:31.0491 5288 PolicyAgent (89a5560671c2d8b4a4b51f3e1aa069d8) C:\Windows\System32\ipsecsvc.dll

19:13:31.0523 5288 PolicyAgent - ok

19:13:31.0585 5288 PptpMiniport (23386e9952025f5f21c368971e2e7301) C:\Windows\system32\DRIVERS\raspptp.sys

19:13:31.0601 5288 PptpMiniport - ok

19:13:31.0663 5288 Processor (5080e59ecee0bc923f14018803aa7a01) C:\Windows\system32\DRIVERS\processr.sys

19:13:31.0694 5288 Processor - ok

19:13:31.0741 5288 ProfSvc (e058ce4fc2449d8bfa14739c83b7ff2a) C:\Windows\system32\profsvc.dll

19:13:31.0757 5288 ProfSvc - ok

19:13:31.0788 5288 ProtectedStorage (260bf9c43ee12c6898a9f5aab0fb0e5d) C:\Windows\system32\lsass.exe

19:13:31.0803 5288 ProtectedStorage - ok

19:13:31.0913 5288 PS3 Media Server (eb21a4f28e4135498b3ce981883a0a44) C:\Program Files (x86)\PS3 Media Server\win32\service\wrapper.exe

19:13:31.0944 5288 PS3 Media Server ( UnsignedFile.Multi.Generic ) - warning

19:13:31.0944 5288 PS3 Media Server - detected UnsignedFile.Multi.Generic (1)

19:13:31.0959 5288 PSched (c5ab7f0809392d0da027f4a2a81bfa31) C:\Windows\system32\DRIVERS\pacer.sys

19:13:31.0975 5288 PSched - ok

19:13:32.0069 5288 PSI_SVC_2_x64 (788cb65d49d1162c5ee6814afe5b0a70) c:\Program Files\Common Files\Protexis\License Service\PsiService_2.exe

19:13:32.0069 5288 PSI_SVC_2_x64 - ok

19:13:32.0100 5288 PxHlpa64 (87b04878a6d59d6c79251dc960c674c1) C:\Windows\system32\Drivers\PxHlpa64.sys

19:13:32.0100 5288 PxHlpa64 - ok

19:13:32.0162 5288 ql2300 (0b83f4e681062f3839be2ec1d98fd94a) C:\Windows\system32\drivers\ql2300.sys

19:13:32.0193 5288 ql2300 - ok

19:13:32.0225 5288 ql40xx (e1c80f8d4d1e39ef9595809c1369bf2a) C:\Windows\system32\drivers\ql40xx.sys

19:13:32.0240 5288 ql40xx - ok

19:13:32.0271 5288 QWAVE (90574842c3da781e279061a3eff91f07) C:\Windows\system32\qwave.dll

19:13:32.0287 5288 QWAVE - ok

19:13:32.0287 5288 QWAVEdrv (e8d76edab77ec9c634c27b8eac33adc5) C:\Windows\system32\drivers\qwavedrv.sys

19:13:32.0303 5288 QWAVEdrv - ok

19:13:32.0334 5288 RasAcd (1013b3b663a56d3ddd784f581c1bd005) C:\Windows\system32\DRIVERS\rasacd.sys

19:13:32.0365 5288 RasAcd - ok

19:13:32.0427 5288 RasAuto (b2ae18f847d07f0044404ddf7cb04497) C:\Windows\System32\rasauto.dll

19:13:32.0443 5288 RasAuto - ok

19:13:32.0474 5288 Rasl2tp (ac7bc4d42a7e558718dfdec599bbfc2c) C:\Windows\system32\DRIVERS\rasl2tp.sys

19:13:32.0490 5288 Rasl2tp - ok

19:13:32.0505 5288 RasMan (3ad83e4046c43be510de681588acb8af) C:\Windows\System32\rasmans.dll

19:13:32.0521 5288 RasMan - ok

19:13:32.0552 5288 RasPppoe (4517fbf8b42524afe4ede1de102aae3e) C:\Windows\system32\DRIVERS\raspppoe.sys

19:13:32.0568 5288 RasPppoe - ok

19:13:32.0646 5288 RasSstp (c6a593b51f34c33e5474539544072527) C:\Windows\system32\DRIVERS\rassstp.sys

19:13:32.0661 5288 RasSstp - ok

19:13:32.0693 5288 rdbss (322db5c6b55e8d8ee8d6f358b2aaabb1) C:\Windows\system32\DRIVERS\rdbss.sys

19:13:32.0708 5288 rdbss - ok

19:13:32.0708 5288 RDPCDD (603900cc05f6be65ccbf373800af3716) C:\Windows\system32\DRIVERS\RDPCDD.sys

19:13:32.0724 5288 RDPCDD - ok

19:13:32.0755 5288 rdpdr (c045d1fb111c28df0d1be8d4bda22c06) C:\Windows\system32\drivers\rdpdr.sys

19:13:32.0771 5288 rdpdr - ok

19:13:32.0786 5288 RDPENCDD (cab9421daf3d97b33d0d055858e2c3ab) C:\Windows\system32\drivers\rdpencdd.sys

19:13:32.0802 5288 RDPENCDD - ok

19:13:32.0833 5288 RDPWD (5c141fc457f1ac833664789235aca673) C:\Windows\system32\drivers\RDPWD.sys

19:13:32.0849 5288 RDPWD - ok

19:13:32.0864 5288 RemoteAccess (c612b9557da73f70d41f8a6fbc8e5344) C:\Windows\System32\mprdim.dll

19:13:32.0895 5288 RemoteAccess - ok

19:13:32.0911 5288 RemoteRegistry (44b9d8ec2f3ef3a0efb00857af70d861) C:\Windows\system32\regsvc.dll

19:13:32.0927 5288 RemoteRegistry - ok

19:13:32.0942 5288 RpcLocator (f46c457840d4b7a4daafee739ce04102) C:\Windows\system32\locator.exe

19:13:32.0958 5288 RpcLocator - ok

19:13:33.0020 5288 RpcSs (cf8b9a3a5e7dc57724a89d0c3e8cf9ef) C:\Windows\system32\rpcss.dll

19:13:33.0036 5288 RpcSs - ok

19:13:33.0051 5288 rspndr (22a9cb08b1a6707c1550c6bf099aae73) C:\Windows\system32\DRIVERS\rspndr.sys

19:13:33.0083 5288 rspndr - ok

19:13:33.0129 5288 SamSs (260bf9c43ee12c6898a9f5aab0fb0e5d) C:\Windows\system32\lsass.exe

19:13:33.0129 5288 SamSs - ok

19:13:33.0161 5288 sbapifs (6e342316e72f4b6fa39c99e06373a1a3) C:\Windows\system32\DRIVERS\sbapifs.sys

19:13:33.0161 5288 sbapifs - ok

19:13:33.0176 5288 sbp2port (cd9c693589c60ad59bbbcfb0e524e01b) C:\Windows\system32\drivers\sbp2port.sys

19:13:33.0192 5288 sbp2port - ok

19:13:33.0223 5288 SBRE (9aceb2a2362fc87a3825963e61ba9076) C:\Windows\system32\drivers\SBREdrv.sys

19:13:33.0223 5288 SBRE - ok

19:13:33.0239 5288 SCardSvr (fd1cdcf108d5ef3366f00d18b70fb89b) C:\Windows\System32\SCardSvr.dll

19:13:33.0254 5288 SCardSvr - ok

19:13:33.0363 5288 Schedule (0f838c811ad295d2a4489b9993096c63) C:\Windows\system32\schedsvc.dll

19:13:33.0410 5288 Schedule - ok

19:13:33.0426 5288 SCPolicySvc (5a268127633c7ee2a7fb87f39d748d56) C:\Windows\System32\certprop.dll

19:13:33.0457 5288 SCPolicySvc - ok

19:13:33.0519 5288 SDRSVC (4ff71b076a7760fe75ea5ae2d0ee0018) C:\Windows\System32\SDRSVC.dll

19:13:33.0535 5288 SDRSVC - ok

19:13:33.0551 5288 secdrv (3ea8a16169c26afbeb544e0e48421186) C:\Windows\system32\drivers\secdrv.sys

19:13:33.0582 5288 secdrv - ok

19:13:33.0597 5288 seclogon (5acdcbc67fcf894a1815b9f96d704490) C:\Windows\system32\seclogon.dll

19:13:33.0613 5288 seclogon - ok

19:13:33.0629 5288 SENS (90973a64b96cd647ff81c79443618eed) C:\Windows\System32\sens.dll

19:13:33.0644 5288 SENS - ok

19:13:33.0660 5288 Serenum (2449316316411d65bd2c761a6ffb2ce2) C:\Windows\system32\DRIVERS\serenum.sys

19:13:33.0675 5288 Serenum - ok

19:13:33.0707 5288 Serial (4b438170be2fc8e0bd35ee87a960f84f) C:\Windows\system32\DRIVERS\serial.sys

19:13:33.0722 5288 Serial - ok

19:13:33.0738 5288 sermouse (a842f04833684bceea7336211be478df) C:\Windows\system32\drivers\sermouse.sys

19:13:33.0753 5288 sermouse - ok

19:13:33.0769 5288 SessionEnv (a8e4a4407a09f35dccc3771af590b0c4) C:\Windows\system32\sessenv.dll

19:13:33.0800 5288 SessionEnv - ok

19:13:33.0800 5288 sffdisk (14d4b4465193a87c127933978e8c4106) C:\Windows\system32\drivers\sffdisk.sys

19:13:33.0831 5288 sffdisk - ok

19:13:33.0831 5288 sffp_mmc (7073aee3f82f3d598e3825962aa98ab2) C:\Windows\system32\drivers\sffp_mmc.sys

19:13:33.0878 5288 sffp_mmc - ok

19:13:33.0878 5288 sffp_sd (35e59ebe4a01a0532ed67975161c7b82) C:\Windows\system32\drivers\sffp_sd.sys

19:13:33.0909 5288 sffp_sd - ok

19:13:33.0909 5288 sfloppy (6b7838c94135768bd455cbdc23e39e5f) C:\Windows\system32\drivers\sfloppy.sys

19:13:33.0941 5288 sfloppy - ok

19:13:33.0987 5288 SharedAccess (4c5aee179da7e1ee9a9ccb9da289af34) C:\Windows\System32\ipnathlp.dll

19:13:34.0034 5288 SharedAccess - ok

19:13:34.0112 5288 ShellHWDetection (56793271ecdedd350c5add305603e963) C:\Windows\System32\shsvcs.dll

19:13:34.0128 5288 ShellHWDetection - ok

19:13:34.0128 5288 SiSRaid2 (7a5de502aeb719d4594c6471060a78b3) C:\Windows\system32\drivers\sisraid2.sys

19:13:34.0143 5288 SiSRaid2 - ok

19:13:34.0159 5288 SiSRaid4 (3a2f769fab9582bc720e11ea1dfb184d) C:\Windows\system32\drivers\sisraid4.sys

19:13:34.0159 5288 SiSRaid4 - ok

19:13:34.0362 5288 Skype C2C Service (192d93ee7ae6a3c599c96cd8d736e914) C:\ProgramData\Skype\Toolbars\Skype C2C Service\c2c_service.exe

19:13:34.0424 5288 Skype C2C Service - ok

19:13:34.0565 5288 SkypeUpdate (68ea68d03bf58389fe6ad2b38fad798c) C:\Program Files (x86)\Skype\Updater\Updater.exe

19:13:34.0565 5288 SkypeUpdate - ok

19:13:34.0736 5288 slsvc (a9a27a8e257b45a604fdad4f26fe7241) C:\Windows\system32\SLsvc.exe

19:13:34.0799 5288 slsvc - ok

19:13:34.0861 5288 SLUINotify (fd74b4b7c2088e390a30c85a896fc3af) C:\Windows\system32\SLUINotify.dll

19:13:34.0892 5288 SLUINotify - ok

19:13:34.0955 5288 Smb (290b6f6a0ec4fcdfc90f5cb6d7020473) C:\Windows\system32\DRIVERS\smb.sys

19:13:34.0970 5288 Smb - ok

19:13:34.0986 5288 SNMPTRAP (f8f47f38909823b1af28d60b96340cff) C:\Windows\System32\snmptrap.exe

19:13:35.0001 5288 SNMPTRAP - ok

19:13:35.0017 5288 spldr (386c3c63f00a7040c7ec5e384217e89d) C:\Windows\system32\drivers\spldr.sys

19:13:35.0017 5288 spldr - ok

19:13:35.0048 5288 Spooler (f66ff751e7efc816d266977939ef5dc3) C:\Windows\System32\spoolsv.exe

19:13:35.0079 5288 Spooler - ok

19:13:35.0126 5288 SQLBrowser (86ebd8b1f23e743aad21f4d5b4d40985) C:\Program Files (x86)\Microsoft SQL Server\90\Shared\sqlbrowser.exe

19:13:35.0126 5288 SQLBrowser - ok

19:13:35.0157 5288 SQLWriter (3c432a96363097870995e2a3c8b66abd) C:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe

19:13:35.0157 5288 SQLWriter - ok

19:13:35.0189 5288 srv (880a57fccb571ebd063d4dd50e93e46d) C:\Windows\system32\DRIVERS\srv.sys

19:13:35.0220 5288 srv - ok

19:13:35.0267 5288 srv2 (a1ad14a6d7a37891fffeca35ebbb0730) C:\Windows\system32\DRIVERS\srv2.sys

19:13:35.0282 5288 srv2 - ok

19:13:35.0313 5288 srvnet (4bed62f4fa4d8300973f1151f4c4d8a7) C:\Windows\system32\DRIVERS\srvnet.sys

19:13:35.0313 5288 srvnet - ok

19:13:35.0329 5288 SSDPSRV (192c74646ec5725aef3f80d19ff75f6a) C:\Windows\System32\ssdpsrv.dll

19:13:35.0360 5288 SSDPSRV - ok

19:13:35.0360 5288 SstpSvc (2ee3fa0308e6185ba64a9a7f2e74332b) C:\Windows\system32\sstpsvc.dll

19:13:35.0391 5288 SstpSvc - ok

19:13:35.0423 5288 Steam Client Service - ok

19:13:35.0469 5288 Stereo Service (fc0a58529a02b1eed55ddc58696b7908) C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe

19:13:35.0469 5288 Stereo Service - ok

19:13:35.0501 5288 StillCam (14b4db4381e4a55f570d8bb699b791d6) C:\Windows\system32\DRIVERS\serscan.sys

19:13:35.0516 5288 StillCam - ok

19:13:35.0579 5288 stisvc (15825c1fbfb8779992cb65087f316af5) C:\Windows\System32\wiaservc.dll

19:13:35.0594 5288 stisvc - ok

19:13:35.0594 5288 swenum (8a851ca908b8b974f89c50d2e18d4f0c) C:\Windows\system32\DRIVERS\swenum.sys

19:13:35.0594 5288 swenum - ok

19:13:35.0672 5288 swprv (6de37f4de19d4efd9c48c43addbc949a) C:\Windows\System32\swprv.dll

19:13:35.0688 5288 swprv - ok

19:13:35.0735 5288 Symc8xx (2f26a2c6fc96b29beff5d8ed74e6625b) C:\Windows\system32\drivers\symc8xx.sys

19:13:35.0735 5288 Symc8xx - ok

19:13:35.0750 5288 Sym_hi (a909667976d3bccd1df813fed517d837) C:\Windows\system32\drivers\sym_hi.sys

19:13:35.0750 5288 Sym_hi - ok

19:13:35.0766 5288 Sym_u3 (36887b56ec2d98b9c362f6ae4de5b7b0) C:\Windows\system32\drivers\sym_u3.sys

19:13:35.0766 5288 Sym_u3 - ok

19:13:35.0828 5288 SysMain (92d7a8b0f87b036f17d25885937897a6) C:\Windows\system32\sysmain.dll

19:13:35.0875 5288 SysMain - ok

19:13:35.0984 5288 szkg5 (8598e4a12eaa945b35365dd2750b9777) C:\Windows\syswow64\DRIVERS\szkg64.sys

19:13:35.0984 5288 szkg5 - ok

19:13:36.0062 5288 szserver (67f86bef497c02a765ab439495599717) C:\Program Files (x86)\STOPzilla!\SZServer.exe

19:13:36.0078 5288 szserver - ok

19:13:36.0187 5288 TabletInputService (005ce42567f9113a3bccb3b20073b029) C:\Windows\System32\TabSvc.dll

19:13:36.0203 5288 TabletInputService - ok

19:13:36.0249 5288 TapiSrv (cc2562b4d55e0b6a4758c65407f63b79) C:\Windows\System32\tapisrv.dll

19:13:36.0265 5288 TapiSrv - ok

19:13:36.0296 5288 TBS (cdbe8d7c1e201b911cdc346d06617fb5) C:\Windows\System32\tbssvc.dll

19:13:36.0359 5288 TBS - ok

19:13:36.0483 5288 Tcpip (2cc45d932bd193cd4117321d469ad6b2) C:\Windows\system32\drivers\tcpip.sys

19:13:36.0515 5288 Tcpip - ok

19:13:36.0624 5288 Tcpip6 (2cc45d932bd193cd4117321d469ad6b2) C:\Windows\system32\DRIVERS\tcpip.sys

19:13:36.0655 5288 Tcpip6 - ok

19:13:36.0873 5288 tcpipreg (c7e72a4071ee0200e3c075dacfb2b334) C:\Windows\system32\drivers\tcpipreg.sys

19:13:36.0889 5288 tcpipreg - ok

19:13:36.0920 5288 TDPIPE (1d8bf4aaa5fb7a2761475781dc1195bc) C:\Windows\system32\drivers\tdpipe.sys

19:13:36.0951 5288 TDPIPE - ok

19:13:36.0998 5288 TDTCP (7f7e00cdf609df657f4cda02dd1c9bb1) C:\Windows\system32\drivers\tdtcp.sys

19:13:37.0014 5288 TDTCP - ok

19:13:37.0029 5288 tdx (458919c8c42e398dc4802178d5ffee27) C:\Windows\system32\DRIVERS\tdx.sys

19:13:37.0045 5288 tdx - ok

19:13:37.0092 5288 TermDD (8c19678d22649ec002ef2282eae92f98) C:\Windows\system32\DRIVERS\termdd.sys

19:13:37.0092 5288 TermDD - ok

19:13:37.0170 5288 TermService (5cdd30bc217082dac71a9878d9bfd566) C:\Windows\System32\termsrv.dll

19:13:37.0185 5288 TermService - ok

19:13:37.0217 5288 Themes (56793271ecdedd350c5add305603e963) C:\Windows\system32\shsvcs.dll

19:13:37.0232 5288 Themes - ok

19:13:37.0248 5288 THREADORDER (3cbe4995e80e13ccfbc42e5dcf3ac81a) C:\Windows\system32\mmcss.dll

19:13:37.0263 5288 THREADORDER - ok

19:13:37.0295 5288 TrkWks (f4689f05af472a651a7b1b7b02d200e7) C:\Windows\System32\trkwks.dll

19:13:37.0326 5288 TrkWks - ok

19:13:37.0419 5288 TrustedInstaller (66328b08ef5a9305d8ede36b93930369) C:\Windows\servicing\TrustedInstaller.exe

19:13:37.0451 5288 TrustedInstaller - ok

19:13:37.0451 5288 tssecsrv (9e5409cd17c8bef193aad498f3bc2cb8) C:\Windows\system32\DRIVERS\tssecsrv.sys

19:13:37.0482 5288 tssecsrv - ok

19:13:37.0482 5288 tunmp (89ec74a9e602d16a75a4170511029b3c) C:\Windows\system32\DRIVERS\tunmp.sys

19:13:37.0544 5288 tunmp - ok

19:13:37.0560 5288 tunnel (30a9b3f45ad081bffc3bcaa9c812b609) C:\Windows\system32\DRIVERS\tunnel.sys

19:13:37.0560 5288 tunnel - ok

19:13:37.0607 5288 uagp35 (fec266ef401966311744bd0f359f7f56) C:\Windows\system32\drivers\uagp35.sys

19:13:37.0607 5288 uagp35 - ok

19:13:37.0653 5288 udfs (faf2640a2a76ed03d449e443194c4c34) C:\Windows\system32\DRIVERS\udfs.sys

19:13:37.0669 5288 udfs - ok

19:13:37.0669 5288 UI0Detect (060507c4113391394478f6953a79eedc) C:\Windows\system32\UI0Detect.exe

19:13:37.0700 5288 UI0Detect - ok

19:13:37.0700 5288 uliagpkx (4ec9447ac3ab462647f60e547208ca00) C:\Windows\system32\drivers\uliagpkx.sys

19:13:37.0716 5288 uliagpkx - ok

19:13:37.0731 5288 uliahci (697f0446134cdc8f99e69306184fbbb4) C:\Windows\system32\drivers\uliahci.sys

19:13:37.0747 5288 uliahci - ok

19:13:37.0763 5288 UlSata (31707f09846056651ea2c37858f5ddb0) C:\Windows\system32\drivers\ulsata.sys

19:13:37.0763 5288 UlSata - ok

19:13:37.0778 5288 ulsata2 (85e5e43ed5b48c8376281bab519271b7) C:\Windows\system32\drivers\ulsata2.sys

19:13:37.0794 5288 ulsata2 - ok

19:13:37.0809 5288 umbus (46e9a994c4fed537dd951f60b86ad3f4) C:\Windows\system32\DRIVERS\umbus.sys

19:13:37.0841 5288 umbus - ok

19:13:37.0841 5288 UMPass (01abe05c401e70795b43a8933b44831e) C:\Windows\system32\DRIVERS\umpass.sys

19:13:37.0872 5288 UMPass - ok

19:13:37.0887 5288 upnphost (7093799ff80e9deca0680d2e3535be60) C:\Windows\System32\upnphost.dll

19:13:37.0919 5288 upnphost - ok

19:13:37.0981 5288 usbaudio (c6ba890de6e41857fbe84175519cae7d) C:\Windows\system32\drivers\usbaudio.sys

19:13:37.0997 5288 usbaudio - ok

19:13:38.0012 5288 usbccgp (07e3498fc60834219d2356293da0fecc) C:\Windows\system32\DRIVERS\usbccgp.sys

19:13:38.0043 5288 usbccgp - ok

19:13:38.0059 5288 usbcir (9247f7e0b65852c1f6631480984d6ed2) C:\Windows\system32\drivers\usbcir.sys

19:13:38.0090 5288 usbcir - ok

19:13:38.0199 5288 usbehci (827e44de934a736ea31e91d353eb126f) C:\Windows\system32\DRIVERS\usbehci.sys

19:13:38.0215 5288 usbehci - ok

19:13:38.0246 5288 usbfilter (db07f39cb6f36b46ea681e754a0ec588) C:\Windows\system32\DRIVERS\usbfilter.sys

19:13:38.0246 5288 usbfilter - ok

19:13:38.0277 5288 usbhub (bb35cd80a2ececfadc73569b3d70c7d1) C:\Windows\system32\DRIVERS\usbhub.sys

19:13:38.0293 5288 usbhub - ok

19:13:38.0309 5288 usbohci (e406b003a354776d317762694956b0fc) C:\Windows\system32\DRIVERS\usbohci.sys

19:13:38.0324 5288 usbohci - ok

19:13:38.0324 5288 usbprint (acfee697af477021bb3ec78c5431fed2) C:\Windows\system32\drivers\usbprint.sys

19:13:38.0355 5288 usbprint - ok

19:13:38.0371 5288 USBSTOR (b854c1558fca0c269a38663e8b59b581) C:\Windows\system32\DRIVERS\USBSTOR.SYS

19:13:38.0387 5288 USBSTOR - ok

19:13:38.0387 5288 usbuhci (b2872cbf9f47316abd0e0c74a1aba507) C:\Windows\system32\DRIVERS\usbuhci.sys

19:13:38.0418 5288 usbuhci - ok

19:13:38.0433 5288 UxSms (d76e231e4850bb3f88a3d9a78df191e3) C:\Windows\System32\uxsms.dll

19:13:38.0449 5288 UxSms - ok

19:13:38.0496 5288 vds (294945381dfa7ce58cecf0a9896af327) C:\Windows\System32\vds.exe

19:13:38.0511 5288 vds - ok

19:13:38.0511 5288 vga (916b94bcf1e09873fff2d5fb11767bbc) C:\Windows\system32\DRIVERS\vgapnp.sys

19:13:38.0543 5288 vga - ok

19:13:38.0543 5288 VgaSave (b83ab16b51feda65dd81b8c59d114d63) C:\Windows\System32\drivers\vga.sys

19:13:38.0574 5288 VgaSave - ok

19:13:38.0589 5288 vhidmini (c2c95d62c90ca809240112b41c1765f2) C:\Windows\system32\DRIVERS\walvhid.sys

19:13:38.0621 5288 vhidmini - ok

19:13:38.0683 5288 VIAHdAudAddService (4a441cef86dd95692984fce11d8fd530) C:\Windows\system32\drivers\viahduaa.sys

19:13:38.0777 5288 VIAHdAudAddService - ok

19:13:38.0777 5288 viaide (8294b6c3fdb6c33f24e150de647ecdaa) C:\Windows\system32\drivers\viaide.sys

19:13:38.0792 5288 viaide - ok

19:13:38.0792 5288 volmgr (2b7e885ed951519a12c450d24535dfca) C:\Windows\system32\drivers\volmgr.sys

19:13:38.0792 5288 volmgr - ok

19:13:38.0823 5288 volmgrx (cec5ac15277d75d9e5dec2e1c6eaf877) C:\Windows\system32\drivers\volmgrx.sys

19:13:38.0839 5288 volmgrx - ok

19:13:38.0901 5288 volsnap (5280aada24ab36b01a84a6424c475c8d) C:\Windows\system32\drivers\volsnap.sys

19:13:38.0917 5288 volsnap - ok

19:13:38.0933 5288 vsmraid (a68f455ed2673835209318dd61bfbb0e) C:\Windows\system32\drivers\vsmraid.sys

19:13:38.0933 5288 vsmraid - ok

19:13:39.0011 5288 VSS (b75232dad33bfd95bf6f0a3e6bff51e1) C:\Windows\system32\vssvc.exe

19:13:39.0042 5288 VSS - ok

19:13:39.0182 5288 W32Time (f14a7de2ea41883e250892e1e5230a9a) C:\Windows\system32\w32time.dll

19:13:39.0198 5288 W32Time - ok

19:13:39.0213 5288 WacomPen (fef8fe5923fead2cee4dfabfce3393a7) C:\Windows\system32\drivers\wacompen.sys

19:13:39.0245 5288 WacomPen - ok

19:13:39.0338 5288 Wanarp (b8e7049622300d20ba6d8be0c47c0cfd) C:\Windows\system32\DRIVERS\wanarp.sys

19:13:39.0354 5288 Wanarp - ok

19:13:39.0354 5288 Wanarpv6 (b8e7049622300d20ba6d8be0c47c0cfd) C:\Windows\system32\DRIVERS\wanarp.sys

19:13:39.0369 5288 Wanarpv6 - ok

19:13:39.0401 5288 wcncsvc (b4e4c37d0aa6100090a53213ee2bf1c1) C:\Windows\System32\wcncsvc.dll

19:13:39.0416 5288 wcncsvc - ok

19:13:39.0479 5288 WcsPlugInService (ea4b369560e986f19d93f45a881484ac) C:\Windows\System32\WcsPlugInService.dll

19:13:39.0494 5288 WcsPlugInService - ok

19:13:39.0494 5288 Wd (0c17a0816f65b89e362e682ad5e7266e) C:\Windows\system32\drivers\wd.sys

19:13:39.0510 5288 Wd - ok

19:13:39.0557 5288 Wdf01000 (d02e7e4567da1e7582fbf6a91144b0df) C:\Windows\system32\drivers\Wdf01000.sys

19:13:39.0588 5288 Wdf01000 - ok

19:13:39.0603 5288 WdiServiceHost (c5efda73ebfca8b02a094898de0a9276) C:\Windows\system32\wdi.dll

19:13:39.0635 5288 WdiServiceHost - ok

19:13:39.0635 5288 WdiSystemHost (c5efda73ebfca8b02a094898de0a9276) C:\Windows\system32\wdi.dll

19:13:39.0650 5288 WdiSystemHost - ok

19:13:39.0713 5288 WebClient (3e6d05381cf35f75ebb055544a8ed9ac) C:\Windows\System32\webclnt.dll

19:13:39.0728 5288 WebClient - ok

19:13:39.0759 5288 Wecsvc (8d40bc587993f876658bf9fb0f7d3462) C:\Windows\system32\wecsvc.dll

19:13:39.0775 5288 Wecsvc - ok

19:13:39.0822 5288 wercplsupport (9c980351d7e96288ea0c23ae232bd065) C:\Windows\System32\wercplsupport.dll

19:13:39.0853 5288 wercplsupport - ok

19:13:39.0869 5288 WerSvc (66b9ecebc46683f47edc06333c075fef) C:\Windows\System32\WerSvc.dll

19:13:39.0884 5288 WerSvc - ok

19:13:39.0915 5288 WinDefend - ok

19:13:39.0915 5288 WinHttpAutoProxySvc - ok

19:13:39.0962 5288 Winmgmt (d2e7296ed1bd26d8db2799770c077a02) C:\Windows\system32\wbem\WMIsvc.dll

19:13:39.0978 5288 Winmgmt - ok

19:13:40.0118 5288 WinRM (6cbb0c68f13b9c2ec1b16f5fa5e7c869) C:\Windows\system32\WsmSvc.dll

19:13:40.0149 5288 WinRM - ok

19:13:40.0290 5288 Wlansvc (ec339c8115e91baed835957e9a677f16) C:\Windows\System32\wlansvc.dll

19:13:40.0337 5288 Wlansvc - ok

19:13:40.0368 5288 WmiAcpi (e18aebaaa5a773fe11aa2c70f65320f5) C:\Windows\system32\DRIVERS\wmiacpi.sys

19:13:40.0383 5288 WmiAcpi - ok

19:13:40.0461 5288 wmiApSrv (21fa389e65a852698b6a1341f36ee02d) C:\Windows\system32\wbem\WmiApSrv.exe

19:13:40.0477 5288 wmiApSrv - ok

19:13:40.0477 5288 WMPNetworkSvc - ok

19:13:40.0508 5288 WPCSvc (cbc156c913f099e6680d1df9307db7a8) C:\Windows\System32\wpcsvc.dll

19:13:40.0524 5288 WPCSvc - ok

19:13:40.0555 5288 WPDBusEnum (490a18b4e4d53dc10879deaa8e8b70d9) C:\Windows\system32\wpdbusenum.dll

19:13:40.0571 5288 WPDBusEnum - ok

19:13:40.0602 5288 WpdUsb (5e2401b3fc1089c90e081291357371a9) C:\Windows\system32\DRIVERS\wpdusb.sys

19:13:40.0617 5288 WpdUsb - ok

19:13:40.0742 5288 WPFFontCache_v0400 (991e2c2cf3bc204c2bb2ee1476149e4e) C:\Windows\Microsoft.NET\Framework64\v4.0.30319\WPF\WPFFontCache_v0400.exe

19:13:40.0758 5288 WPFFontCache_v0400 - ok

19:13:40.0758 5288 WPRO_40_1340 - ok

19:13:40.0773 5288 ws2ifsl (8a900348370e359b6bff6a550e4649e1) C:\Windows\system32\drivers\ws2ifsl.sys

19:13:40.0789 5288 ws2ifsl - ok

19:13:40.0820 5288 wscsvc (9ea3e6d0ef7a5c2b9181961052a4b01a) C:\Windows\System32\wscsvc.dll

19:13:40.0836 5288 wscsvc - ok

19:13:40.0836 5288 WSearch - ok

19:13:40.0836 5288 WTService - ok

19:13:41.0039 5288 wuauserv (fb3796754fe00f0bdc87a36f164a5f4d) C:\Windows\system32\wuaueng.dll

19:13:41.0085 5288 wuauserv - ok

19:13:41.0210 5288 WUDFRd (501a65252617b495c0f1832f908d54d8) C:\Windows\system32\DRIVERS\WUDFRd.sys

19:13:41.0241 5288 WUDFRd - ok

19:13:41.0257 5288 wudfsvc (6cbd51ff913c851d56ed9dc7f2a27dde) C:\Windows\System32\WUDFSvc.dll

19:13:41.0288 5288 wudfsvc - ok

19:13:41.0304 5288 xusb21 (38f55d07b1d3391065c40ec065f984e2) C:\Windows\system32\DRIVERS\xusb21.sys

19:13:41.0319 5288 xusb21 - ok

19:13:41.0413 5288 YahooAUService (dd0042f0c3b606a6a8b92d49afb18ad6) C:\Program Files (x86)\Yahoo!\SoftwareUpdate\YahooAUService.exe

19:13:41.0429 5288 YahooAUService - ok

19:13:41.0475 5288 MBR (0x1B8) (5c616939100b85e558da92b899a0fc36) \Device\Harddisk0\DR0

19:13:41.0787 5288 \Device\Harddisk0\DR0 ( TDSS File System ) - warning

19:13:41.0787 5288 \Device\Harddisk0\DR0 - detected TDSS File System (1)

19:13:41.0819 5288 MBR (0x1B8) (8f558eb6672622401da993e1e865c861) \Device\Harddisk1\DR4

19:13:42.0489 5288 \Device\Harddisk1\DR4 - ok

19:13:42.0505 5288 Boot (0x1200) (2f103581a4010648c7d6a790f2dc42e4) \Device\Harddisk0\DR0\Partition0

19:13:42.0521 5288 \Device\Harddisk0\DR0\Partition0 - ok

19:13:42.0521 5288 Boot (0x1200) (424ec361e96ec87e3f8bf7c2fd5b45b2) \Device\Harddisk0\DR0\Partition1

19:13:42.0521 5288 \Device\Harddisk0\DR0\Partition1 - ok

19:13:42.0521 5288 Boot (0x1200) (905ff5c8808d549532c4f558f0d43674) \Device\Harddisk1\DR4\Partition0

19:13:42.0521 5288 \Device\Harddisk1\DR4\Partition0 - ok

19:13:42.0536 5288 Boot (0x1200) (eab693952dfc164a5355ceef9f082bde) \Device\Harddisk1\DR4\Partition1

19:13:42.0552 5288 \Device\Harddisk1\DR4\Partition1 - ok

19:13:42.0552 5288 ============================================================

19:13:42.0552 5288 Scan finished

19:13:42.0552 5288 ============================================================

19:13:42.0552 4028 Detected object count: 15

19:13:42.0552 4028 Actual detected object count: 15

19:14:23.0580 4028 AsSysCtrlService ( UnsignedFile.Multi.Generic ) - skipped by user

19:14:23.0580 4028 AsSysCtrlService ( UnsignedFile.Multi.Generic ) - User select action: Skip

19:14:23.0580 4028 Autodesk Licensing Service ( UnsignedFile.Multi.Generic ) - skipped by user

19:14:23.0580 4028 Autodesk Licensing Service ( UnsignedFile.Multi.Generic ) - User select action: Skip

19:14:23.0580 4028 FMS ( UnsignedFile.Multi.Generic ) - skipped by user

19:14:23.0580 4028 FMS ( UnsignedFile.Multi.Generic ) - User select action: Skip

19:14:23.0580 4028 FMSAdmin ( UnsignedFile.Multi.Generic ) - skipped by user

19:14:23.0580 4028 FMSAdmin ( UnsignedFile.Multi.Generic ) - User select action: Skip

19:14:23.0595 4028 FMSHttpd ( UnsignedFile.Multi.Generic ) - skipped by user

19:14:23.0595 4028 FMSHttpd ( UnsignedFile.Multi.Generic ) - User select action: Skip

19:14:23.0595 4028 hpqcxs08 ( UnsignedFile.Multi.Generic ) - skipped by user

19:14:23.0595 4028 hpqcxs08 ( UnsignedFile.Multi.Generic ) - User select action: Skip

19:14:23.0595 4028 hpqddsvc ( UnsignedFile.Multi.Generic ) - skipped by user

19:14:23.0595 4028 hpqddsvc ( UnsignedFile.Multi.Generic ) - User select action: Skip

19:14:23.0595 4028 HPSLPSVC ( UnsignedFile.Multi.Generic ) - skipped by user

19:14:23.0595 4028 HPSLPSVC ( UnsignedFile.Multi.Generic ) - User select action: Skip

19:14:23.0595 4028 IDriverT ( UnsignedFile.Multi.Generic ) - skipped by user

19:14:23.0595 4028 IDriverT ( UnsignedFile.Multi.Generic ) - User select action: Skip

19:14:23.0595 4028 IHA_MessageCenter ( UnsignedFile.Multi.Generic ) - skipped by user

19:14:23.0595 4028 IHA_MessageCenter ( UnsignedFile.Multi.Generic ) - User select action: Skip

19:14:23.0595 4028 mi-raysat_3dsmax9_32 ( UnsignedFile.Multi.Generic ) - skipped by user

19:14:23.0595 4028 mi-raysat_3dsmax9_32 ( UnsignedFile.Multi.Generic ) - User select action: Skip

19:14:23.0595 4028 Net Driver HPZ12 ( UnsignedFile.Multi.Generic ) - skipped by user

19:14:23.0595 4028 Net Driver HPZ12 ( UnsignedFile.Multi.Generic ) - User select action: Skip

19:14:23.0595 4028 Pml Driver HPZ12 ( UnsignedFile.Multi.Generic ) - skipped by user

19:14:23.0595 4028 Pml Driver HPZ12 ( UnsignedFile.Multi.Generic ) - User select action: Skip

19:14:23.0595 4028 PS3 Media Server ( UnsignedFile.Multi.Generic ) - skipped by user

19:14:23.0595 4028 PS3 Media Server ( UnsignedFile.Multi.Generic ) - User select action: Skip

19:14:23.0595 4028 \Device\Harddisk0\DR0 ( TDSS File System ) - skipped by user

19:14:23.0595 4028 \Device\Harddisk0\DR0 ( TDSS File System ) - User select action: Skip

MrCharlie · August 10, 2012

Run TDSSKiller again and just delete this one:

9:14:23.0595 4028 \Device\Harddisk0\DR0 ( TDSS File System ) - skipped by user
19:14:23.0595 4028 \Device\Harddisk0\DR0 ( TDSS File System ) - User select action: Skip

~~~~~~~~~~~~~

Then.........

Please download and run ComboFix.

The most important things to remember when running it is to disable all your malware programs and run Combofix from your desktop.

Please visit this webpage for download links, and instructions for running ComboFix

http://www.bleepingc...to-use-combofix

Ensure you have disabled all anti virus and anti malware programs so they do not interfere with the running of ComboFix.

Information on disabling your malware programs can be found Here.

Make sure you run ComboFix from your desktop.

Give it at least 30-45 minutes to finish if needed.

Please include the C:\ComboFix.txt in your next reply for further review.

---------->NOTE<----------

If you get the message Illegal operation attempted on registry key that has been marked for deletion after you run ComboFix....please reboot the computer, this should resolve the problem. You may have to do this several times if needed.

Gone for tonight...be back tomorrow am, MrC

Scavengre · August 10, 2012

*ComboFix Log*

ComboFix 12-08-09.01 - Blue 08/09/2012 19:47:58.1.4 - x64

Microsoft® Windows Vista™ Home Premium 6.0.6002.2.1252.1.1033.18.6142.3420 [GMT -7:00]

Running from: c:\users\Blue\Desktop\ComboFix.exe

AV: STOPzilla! *Disabled/Outdated* {17032AB1-6644-0721-EEB5-A39B8B646009}

SP: STOPzilla! *Disabled/Outdated* {AC62CB55-407E-08AF-D405-98E9F0E32AB4}

SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))

.

c:\programdata\D74DBDC444.sys

c:\users\Blue\AppData\Local\assembly\tmp

c:\users\Blue\AppData\Roaming\Microsoft\Windows\Recent\Aquaria.url

c:\users\Blue\AppData\Roaming\Microsoft\Windows\Recent\Dungeons of Dredmor.url

c:\windows\SysWow64\SETEF10.tmp

.

((((((((((((((((((((((((( Files Created from 2012-07-10 to 2012-08-10 )))))))))))))))))))))))))))))))

.

2012-08-10 03:09 . 2012-08-10 03:15 -------- d-----w- c:\users\Blue\AppData\Local\Temp

2012-08-10 03:06 . 2012-08-10 03:06 -------- d-----w- c:\users\UpdatusUser\AppData\Local\temp

2012-08-10 00:39 . 2012-07-03 20:46 24904 ----a-w- c:\windows\system32\drivers\mbam.sys

2012-08-10 00:28 . 2012-08-10 02:40 -------- d-----w- C:\TDSSKiller_Quarantine

2012-08-10 00:10 . 2012-01-12 16:28 74872 ----a-r- c:\windows\system32\drivers\sbapifs.sys

2012-08-09 23:56 . 2012-06-29 10:04 9133488 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{CF6C1A3A-80ED-4ADB-8A92-AC9BBFB3ECEA}\mpengine.dll

2012-08-09 21:40 . 2012-08-09 21:40 -------- d-----w- c:\users\Blue\AppData\Roaming\Malwarebytes

2012-08-09 21:40 . 2012-08-09 21:40 -------- d-----w- c:\programdata\Malwarebytes

2012-08-09 21:40 . 2012-08-10 00:39 -------- d-----w- c:\program files (x86)\Malwarebytes' Anti-Malware

2012-08-09 06:32 . 2012-08-09 06:32 -------- d-----w- c:\programdata\ALM

2012-08-08 23:50 . 2012-08-08 23:50 -------- d-----w- C:\temp

2012-08-08 23:48 . 2012-08-08 23:48 -------- d-----w- c:\users\Blue\AppData\Local\Trend Micro

2012-08-08 23:44 . 2012-08-08 23:57 -------- d-----w- c:\programdata\Trend Micro

2012-08-08 23:43 . 2012-08-08 23:43 -------- d-----w- c:\program files\Trend Micro

2012-08-08 23:10 . 2012-08-09 07:46 -------- d-----w- c:\program files (x86)\Trend Micro

2012-08-08 18:27 . 2012-08-08 18:54 -------- d-----w- C:\AdobeTemp

2012-08-07 15:29 . 2012-08-07 15:29 23416 ----a-r- c:\windows\SysWow64\SZIO5.dll

2012-08-07 15:29 . 2012-08-07 15:29 546680 ----a-r- c:\windows\SysWow64\SZComp5.dll

2012-08-07 15:28 . 2012-08-07 15:28 497528 ----a-r- c:\windows\SysWow64\SZBase5.dll

2012-07-17 15:36 . 2012-07-17 15:36 29048 ----a-r- c:\windows\SysWow64\IS3XDat5.dll

2012-07-17 15:36 . 2012-07-17 15:36 231288 ----a-r- c:\windows\SysWow64\IS3Win325.dll

2012-07-17 15:36 . 2012-07-17 15:36 391032 ----a-r- c:\windows\SysWow64\IS3UI5.dll

2012-07-17 15:36 . 2012-07-17 15:36 100216 ----a-r- c:\windows\SysWow64\IS3Svc5.dll

2012-07-17 15:36 . 2012-07-17 15:36 132984 ----a-r- c:\windows\SysWow64\IS3HTUI5.dll

2012-07-17 15:36 . 2012-07-17 15:36 104312 ----a-r- c:\windows\SysWow64\IS3Inet5.dll

2012-07-17 15:36 . 2012-07-17 15:36 67448 ----a-r- c:\windows\SysWow64\IS3Hks5.dll

2012-07-17 15:36 . 2012-07-17 15:36 456568 ----a-r- c:\windows\SysWow64\IS3DBA5.dll

2012-07-17 15:36 . 2012-07-17 15:36 812920 ----a-r- c:\windows\SysWow64\IS3Base5.dll

2012-07-14 21:51 . 2012-07-14 21:53 -------- d-----w- c:\users\Blue\AppData\Roaming\TechWizard

2012-07-14 21:49 . 2012-07-14 21:49 260 ----a-w- c:\windows\SysWow64\cmdVBS.vbs

2012-07-14 21:49 . 2012-07-14 21:49 256 ----a-w- c:\windows\SysWow64\MSIevent.bat

.

(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))

.

2012-08-10 00:39 . 2012-04-05 17:48 426184 ----a-w- c:\windows\SysWow64\FlashPlayerApp.exe

2012-08-10 00:39 . 2011-05-22 17:27 70344 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl

2012-07-14 19:58 . 2012-06-12 23:50 18960 ----a-w- c:\windows\system32\drivers\LNonPnP.sys

2012-06-30 19:57 . 2008-08-14 14:57 86584 ----a-w- c:\windows\SysWow64\drivers\adfs.sys

2012-06-30 19:57 . 2008-06-27 14:51 86584 ----a-w- c:\windows\system32\drivers\adfs.sys

2012-06-28 01:07 . 2012-06-28 01:07 677136 ----a-w- c:\programdata\Microsoft\eHome\Packages\MCESpotlight\MCESpotlight\SpotlightResources.dll

2012-06-12 23:50 . 2012-06-12 23:50 53248 ----a-r- c:\users\Blue\AppData\Roaming\Microsoft\Installer\{3EE9BCAE-E9A9-45E5-9B1C-83A4D357E05C}\ARPPRODUCTICON.exe

2012-05-31 19:25 . 2009-10-22 20:15 279656 ------w- c:\windows\system32\MpSigStub.exe

.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))

.

*Note* empty entries & legit default entries are not shown

REGEDIT4

.

[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt1]

@="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}"

[HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}]

2011-02-18 05:12 94208 ----a-w- c:\users\Blue\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll

.

[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt2]

@="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}"

[HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}]

2011-02-18 05:12 94208 ----a-w- c:\users\Blue\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll

.

[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt3]

@="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}"

[HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}]

2011-02-18 05:12 94208 ----a-w- c:\users\Blue\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll

.

[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt4]

@="{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}"

[HKEY_CLASSES_ROOT\CLSID\{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}]

2011-02-18 05:12 94208 ----a-w- c:\users\Blue\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll

.

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"Steam"="c:\program files (x86)\Steam\steam.exe" [2012-08-09 1353080]

"ehTray.exe"="c:\windows\ehome\ehTray.exe" [2008-01-21 138240]

"Skype"="c:\program files (x86)\Skype\Phone\Skype.exe" [2012-05-03 17355912]

"Starfield Updater"="c:\program files (x86)\Workspace\workspaceupdate.exe" [2012-06-29 34496]

"AdobeBridge"="d:\adobe\Adobe Bridge CS4\Bridge.exe" [2008-08-29 13145448]

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]

"HDAudDeck"="c:\program files (x86)\VIA\VIAudioi\VDeck\VDeck.exe" [2008-12-30 17713152]

"TurboV"="c:\program files\ASUS\TurboV\TurboV.exe" [2009-01-03 5381632]

"QuickTime Task"="c:\program files (x86)\QuickTime\QTTask.exe" [2010-11-30 421888]

"Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2012-01-03 843712]

"hpqSRMon"="c:\program files (x86)\HP\Digital Imaging\bin\hpqSRMon.exe" [2008-08-20 150016]

"HP Software Update"="c:\program files (x86)\HP\HP Software Update\HPWuSchd2.exe" [2011-05-10 49208]

"DivXUpdate"="c:\program files (x86)\DivX\DivX Update\DivXUpdate.exe" [2011-07-28 1259376]

"SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe" [2012-01-18 254696]

"AdobeCS4ServiceManager"="c:\program files (x86)\Common Files\Adobe\CS4ServiceManager\CS4ServiceManager.exe" [2012-06-30 611712]

"Malwarebytes' Anti-Malware"="c:\program files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe" [2012-07-03 462920]

.

c:\users\Blue\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\

Trillian.lnk - c:\program files (x86)\Trillian\trillian.exe [2012-7-27 2088400]

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]

"EnableLUA"= 0 (0x0)

"EnableUIADesktopToggle"= 0 (0x0)

.

[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\drivers32]

"aux1"=wdmaud.drv

.

R3 Adobe Version Cue CS4;Adobe Version Cue CS4;c:\program files (x86)\Common Files\Adobe\Adobe Version Cue CS4\Server\bin\VersionCueCS4.exe [2012-06-30 288112]

R3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service;c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-08-10 250056]

S2 AdobeActiveFileMonitor7.0;Adobe Active File Monitor V7;d:\program files (x86)\Adobe\Photoshop Elements 7.0\PhotoshopElementsFileAgent.exe [2008-09-16 169312]

S2 AdobeARMservice;Adobe Acrobat Update Service;c:\program files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe [2012-01-03 63928]

.

--- Other Services/Drivers In Memory ---

.

*NewlyCreated* - WS2IFSL

.

[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\svchost]

hpdevmgmt REG_MULTI_SZ hpqcxs08 hpqddsvc

.

HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows NT\CurrentVersion\Svchost - NetSvcs

Themes

.

Contents of the 'Scheduled Tasks' folder

.

2012-08-10 c:\windows\Tasks\Adobe Flash Player Updater.job

- c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-04-05 00:39]

.

2012-08-10 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job

- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2009-12-21 21:48]

.

2012-08-10 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job

- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2009-12-21 21:48]

.

--------- X64 Entries -----------

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt1]

@="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}"

[HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}]

2011-02-18 05:12 97792 ----a-w- c:\users\Blue\AppData\Roaming\Dropbox\bin\DropboxExt64.14.dll

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt2]

@="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}"

[HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}]

2011-02-18 05:12 97792 ----a-w- c:\users\Blue\AppData\Roaming\Dropbox\bin\DropboxExt64.14.dll

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt3]

@="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}"

[HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}]

2011-02-18 05:12 97792 ----a-w- c:\users\Blue\AppData\Roaming\Dropbox\bin\DropboxExt64.14.dll

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt4]

@="{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}"

[HKEY_CLASSES_ROOT\CLSID\{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}]

2011-02-18 05:12 97792 ----a-w- c:\users\Blue\AppData\Roaming\Dropbox\bin\DropboxExt64.14.dll

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\off0]

@="{8E33AEC3-C5F2-43C4-B048-9E3EB19B1DD5}"

[HKEY_CLASSES_ROOT\CLSID\{8E33AEC3-C5F2-43C4-B048-9E3EB19B1DD5}]

2012-06-29 16:02 1308432 ----a-w- c:\program files (x86)\Workspace\offsyncext64.dll

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\off1]

@="{8E33AEC4-C5F2-43C4-B048-9E3EB19B1DD5}"

[HKEY_CLASSES_ROOT\CLSID\{8E33AEC4-C5F2-43C4-B048-9E3EB19B1DD5}]

2012-06-29 16:02 1308432 ----a-w- c:\program files (x86)\Workspace\offsyncext64.dll

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"MacroKeyManager"="WTMKM.exe" [2009-11-04 6103784]

"EvtMgr6"="c:\program files\Logitech\SetPointP\SetPoint.exe" [2011-10-07 1744152]

.

[hkey_local_machine\software\microsoft\windows\currentversion\explorer\SharedTaskScheduler]

"{1984DD45-52CF-49cd-AB77-18F378FEA264}"= "c:\program files (x86)\Stardock\Fences\FencesMenu64.dll" [2010-06-22 253288]

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]

"LoadAppInit_DLLs"=0x1

"AppInit_DLLs"=c:\windows\System32\acaptuser64.dll

.

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost - NetSvcs

oracleorahome90agent

.

------- Supplementary Scan -------

.

uLocal Page = c:\windows\system32\blank.htm

uStart Page = hxxp://wapp.verizon.net/bookmarks/bmredir.asp?region=all&bw=fiber&cd=7.0unattached&bm=ho_central

mLocal Page = c:\windows\SysWOW64\blank.htm

uInternet Settings,ProxyOverride = *.local

IE: Append Link Target to Existing PDF - c:\program files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppendSelLinks.html

TCP: DhcpNameServer = 192.168.1.1

CLSID: {603d3801-bd81-11d0-a3a5-00c04fd706ec} - %SystemRoot%\SysWow64\browseui.dll

FF - ProfilePath - c:\users\Blue\AppData\Roaming\Mozilla\Firefox\Profiles\4wm73yo9.default\

FF - prefs.js: browser.search.defaulturl - hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT3072253&SearchSource=3&q={searchTerms}

FF - prefs.js: browser.search.selectedEngine - uTorrentControl2 Customized Web Search

FF - user.js: yahoo.homepage.dontask - true

FF - user.js: browser.sessionstore.resume_from_crash - false

FF - user.js: network.protocol-handler.warn-external.dnupdate - false);user_pref(yahoo.ytff.general.dontshowhpoffer, true

.

- - - - ORPHANS REMOVED - - - -

.

URLSearchHooks-{81017EA9-9AA8-4A6A-9734-7AF40E7D593F} - (no file)

URLSearchHooks-{ba14329e-9550-4989-b3f2-9732e92d17cc} - (no file)

URLSearchHooks-{88c7f2aa-f93f-432c-8f0e-b7d85967a527} - (no file)

URLSearchHooks-{687578b9-7132-4a7a-80e4-30ee31099e03} - (no file)

WebBrowser-{687578B9-7132-4A7A-80E4-30EE31099E03} - (no file)

HKLM-Run-(Default) - (no file)

AddRemove-Adobe Shockwave Player - c:\windows\system32\Adobe\Shockwave 11\uninstaller.exe

AddRemove-PunkBusterSvc - c:\windows\system32\pbsvc.exe

AddRemove-{7B63B2922B174135AFC0E1377DD81EC2} - c:\program files (x86)\DivX\DivXCodecUninstall.exe

AddRemove-{8ADFC4160D694100B5B8A22DE9DCABD9} - c:\program files (x86)\DivX\DivXPlayerUninstall.exe

.

--------------------- LOCKED REGISTRY KEYS ---------------------

.

[HKEY_USERS\S-1-5-21-2352975200-1827147773-36085273-1000\Software\SecuROM\License information*]

"datasecu"=hex:de,e5,1a,e2,41,8f,71,f9,cb,81,3b,8f,81,91,18,bb,ec,06,84,60,89,

fc,e4,45,60,98,df,81,4f,35,44,32,b4,90,cd,42,0b,0a,93,99,c4,af,03,07,eb,cf,\

"rkeysecu"=hex:ea,1b,ce,8d,bb,25,7d,63,d6,3d,38,67,66,f2,25,ba

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]

@Denied: (A 2) (Everyone)

@="FlashBroker"

"LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_3_300_270_ActiveX.exe,-101"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]

"Enabled"=dword:00000001

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]

@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_3_300_270_ActiveX.exe"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]

@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]

@Denied: (A 2) (Everyone)

@="Shockwave Flash Object"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]

@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_3_300_270.ocx"

"ThreadingModel"="Apartment"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]

@="0"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]

@="ShockwaveFlash.ShockwaveFlash.11"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]

@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_3_300_270.ocx, 1"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]

@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]

@="1.0"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]

@="ShockwaveFlash.ShockwaveFlash"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]

@Denied: (A 2) (Everyone)

@="Macromedia Flash Factory Object"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]

@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_3_300_270.ocx"

"ThreadingModel"="Apartment"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]

@="FlashFactory.FlashFactory.1"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]

@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_3_300_270.ocx, 1"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]

@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]

@="1.0"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]

@="FlashFactory.FlashFactory"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]

@Denied: (A 2) (Everyone)

@="IFlashBroker4"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]

@="{00020424-0000-0000-C000-000000000046}"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]

@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"

"Version"="1.0"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\TypeLib\{D27CDB6B-AE6D-11CF-96B8-444553540000}]

@Denied: (A 2) (Everyone)

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\TypeLib\{D27CDB6B-AE6D-11CF-96B8-444553540000}\1.0]

@="Shockwave Flash"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\TypeLib\{FAB3E735-69C7-453B-A446-B6823C6DF1C9}]

@Denied: (A 2) (Everyone)

@=""

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\TypeLib\{FAB3E735-69C7-453B-A446-B6823C6DF1C9}\1.0]

@="FlashBroker"

.

[HKEY_LOCAL_MACHINE\software\Wow6432Node\Classes]

"SymbolicLinkValue"=hex(6):5c,00,52,00,45,00,47,00,49,00,53,00,54,00,52,00,59,

00,5c,00,4d,00,41,00,43,00,48,00,49,00,4e,00,45,00,5c,00,53,00,4f,00,46,00,\

.

[HKEY_LOCAL_MACHINE\software\Wow6432Node\Microsoft\DbgagD\1*]

"value"="?\04\01\1e\1344?"

.

------------------------ Other Running Processes ------------------------

.

c:\program files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe

c:\program files (x86)\Common Files\Microsoft Shared\Ink\TabTip32.exe

c:\program files\ASUS\EPU\EPU.exe

c:\program files (x86)\ASUS\AsSysCtrlService\1.00.00\AsSysCtrlService.exe

c:\program files (x86)\Common Files\Autodesk Shared\Service\AdskScSrv.exe

c:\program files (x86)\Bonjour\mDNSResponder.exe

c:\program files (x86)\Workspace\offSyncService.exe

c:\program files (x86)\Autodesk\3ds Max 9\mentalray\satellite\raysat_3dsmax9_32server.exe

c:\program files (x86)\Dragon Age\tools\toolssql\MSSQL.1\MSSQL\Binn\sqlservr.exe

c:\windows\SysWOW64\PnkBstrA.exe

c:\programdata\Skype\Toolbars\Skype C2C Service\c2c_service.exe

c:\program files (x86)\Microsoft SQL Server\90\Shared\sqlbrowser.exe

c:\program files (x86)\Yahoo!\SoftwareUpdate\YahooAUService.exe

c:\program files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe

c:\program files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe

.

**************************************************************************

.

Completion time: 2012-08-09 20:22:07 - machine was rebooted

ComboFix-quarantined-files.txt 2012-08-10 03:22

.

Pre-Run: 226,197,213,184 bytes free

Post-Run: 226,189,844,480 bytes free

.

- - End Of File - - 721C15E12E8566FF2DC33EAD1EB7FF23

Scavengre · August 10, 2012

BTW MrCharlie, Thank you for your help with this, its been most appreciated

-Steve

MrCharlie · August 10, 2012

Please Update and run a Quick Scan with MBAM, post the report.

Make sure that everything is checked, and click Remove Selected.

Please let me know how computer is running now, MrC

Scavengre · August 10, 2012

Malwarebytes Anti-Malware (Trial) 1.62.0.1300

www.malwarebytes.org

Database version: v2012.08.10.01

Windows Vista Service Pack 2 x64 NTFS

Internet Explorer 8.0.6001.19190

Blue :: BLUE-PC [administrator]

Protection: Disabled

8/10/2012 8:14:32 AM

mbam-log-2012-08-10 (08-14-32).txt

Scan type: Quick scan

Scan options disabled: P2P

Objects scanned: 248071

Time elapsed: 5 minute(s), 57 second(s)

Memory Processes Detected: 0

(No malicious items detected)

Memory Modules Detected: 0

(No malicious items detected)

Registry Keys Detected: 0

(No malicious items detected)

Registry Values Detected: 0

(No malicious items detected)

Registry Data Items Detected: 0

(No malicious items detected)

Folders Detected: 0

(No malicious items detected)

Files Detected: 0

(No malicious items detected)

(end)

Looks clean

MrCharlie · August 10, 2012

How is it?? MrC

Scavengre · August 10, 2012

seems to be running fine. Heavy resource programs are initializing quickly and functioning well. No adverse effects noticable

Scavengre · August 10, 2012

Ran FutureMark (Benchmark Software to task my PC) and rebooted to verify startup.

MrCharlie · August 10, 2012

Great

A little clean up to do....

Please Uninstall ComboFix: (if you used it)

Press the Windows logo key + R to bring up the "run box"

Copy and paste next command in the field:

ComboFix /uninstall

Make sure there's a space between Combofix and /

Then hit enter.

This will uninstall Combofix, delete its related folders and files, hide file extensions, hide the system/hidden files and clears System Restore cache and create new Restore point

(If that doesn't work.....you can simply rename ComboFix.exe to Uninstall.exe and double click it to complete the uninstall)

---------------------------------

Please download OTL from one of the links below: (you may already have OTL on the system)

http://oldtimer.geekstogo.com/OTL.exe

http://oldtimer.geekstogo.com/OTL.com

http://www.itxassoci...T-Tools/OTL.exe

Save it to your desktop.

Run OTL and hit the CleanUp button. (This will cleanup the tools and logs used including itself)

Any other programs or logs you can manually delete.

IE: RogueKiller.exe, RKreport.txt, RK_Quarantine folder, etc....

-------------------------------

Any questions...please post back.

If you think I've helped you, please leave a comment > click on my avatar picture > click Profile Feed.

Take a look at My Preventive Maintenance to avoid being infected again.

Good Luck and Thanks for using the forum, MrC

Scavengre · August 10, 2012

Thanks, would it be wise of me to pack them up into a Zip to keep for future reference?

Scavengre · August 10, 2012

Nevermind, I just realized that I have them on a thumb drive so I can just archive them there

MrCharlie · August 10, 2012

If you're talking about the tools, no...they're undated often so what you save is already outdated, MrC

Scavengre · August 10, 2012

ah ok, Well again Thank You very much for the assistance.

Scavengre · August 10, 2012

Problem Resolved

Please Close thread

MrCharlie You are the MAN!

Maurice Naggar · August 11, 2012

Glad we could help.

If you need this topic reopened, please send a Private Message to any one of the moderating team members. Please include a link to this thread with your request. This applies only to the originator of this thread.

Other members who need assistance please start your own topic in a new thread. Thanks!

SVCHost infected

Recommended Posts

Link to post

Share on other sites

Link to post

Share on other sites

Link to post

Share on other sites

Link to post

Share on other sites

Link to post

Share on other sites

Link to post

Share on other sites

Link to post

Share on other sites

Link to post

Share on other sites

Link to post

Share on other sites

Link to post

Share on other sites

Link to post

Share on other sites

Link to post

Share on other sites

Link to post

Share on other sites

Link to post

Share on other sites

Link to post

Share on other sites

Link to post

Share on other sites

Link to post

Share on other sites

Link to post

Share on other sites

Link to post

Share on other sites

Link to post

Share on other sites

Link to post

Share on other sites

Link to post

Share on other sites

Link to post

Share on other sites

Link to post

Share on other sites

Recently Browsing 0 members

Important Information