Advertisement

There's no such thing as a stupid question, but they're the easiest to answer.
Login
Search

Advertisement

Virus & Other Malware Removal Virus & Other Malware Removal
Search Search
Search for:
Tech Support Guy > > >

Solved: Ads running in background


(!)

flavallee's Avatar
flavallee   (Frank) flavallee is offline flavallee is a Trusted Advisor with special permissions. flavallee has a Profile Picture
Computer Specs
Trusted Advisor with 55,581 posts.
 
Join Date: May 2002
Location: Hillsborough county, Florida
Experience: Advanced
29-Jun-2012, 06:34 PM #16
Jeff is a removal specialist and is here to help you, so please follow his instructions from here on.

---------------------------------------------------------
jeffce's Avatar
jeffce   (Jeff) jeffce is offline jeffce is authorized to help remove malware.
jeffce has a Photo Album
Malware Removal Specialist with 1,727 posts.
 
Join Date: May 2011
29-Jun-2012, 06:48 PM #17
Thanks flavallee!

Quote:
Won't be able to pick this up til Sunday, but honestly thought I had done all as requested
That is not a problem. If for some reason I overlook your post be sure to PM me (I doubt I miss it though). Also be sure to post the log created by aswMBR as I believe we are dealing with an infection of your Master Boot Record.
Notnatsyuggy's Avatar
Notnatsyuggy Notnatsyuggy is offline
Computer Specs
Member with 27 posts.
THREAD STARTER
 
Join Date: Jun 2012
Experience: Beginner
01-Jul-2012, 04:32 PM #18
Hi Jeffce,

I tried to do as post no:9 requested again by Flavalee , but none of the log entries were listed in the scan?

Anyway, I've done as you requested in your last post, here's the log file from aswMBR....

aswMBR version 0.9.9.1665 Copyright(c) 2011 AVAST Software
Run date: 2012-07-01 21:25:39
-----------------------------
21:25:39.477 OS Version: Windows 6.0.6002 Service Pack 2
21:25:39.477 Number of processors: 1 586 0x1601
21:25:39.477 ComputerName: GUY-PC UserName: Guy
21:26:08.010 Initialze error 0
21:27:18.407 AVAST engine defs: 12070101
21:27:26.659 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IAAStorageDevice-0
21:27:26.662 Disk 0 Vendor: Size: 0MB BusType: 0
21:27:26.667 Device \Driver\iaStor -> DriverStartIo 868f80ae
21:27:26.705 Disk 0 MBR read successfully
21:27:26.709 Disk 0 MBR scan
21:27:26.897 Disk 0 unknown MBR code
21:27:26.904 Disk 0 MBR hidden
21:27:27.095 Disk 0 Partition 1 80 (A) 07 HPFS/NTFS NTFS 67463 MB offset 63
21:27:27.170 Disk 0 Partition 2 00 07 HPFS/NTFS NTFS 7261 MB offset 138166272
21:27:27.204 Disk 0 Partition 3 00 07 HPFS/NTFS NTFS 1589 MB offset 153044992
21:27:27.226 Disk 0 scanning C:\Windows\system32\drivers
21:27:27.230 Service scanning
21:27:28.984 Modules scanning
21:27:31.067 Disk 0 trace - called modules:
21:27:31.107 ntkrnlpa.exe >>UNKNOWN [0x868f7a2e]<<
21:27:31.114 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0x859cd300]
21:27:31.120 \Driver\disk[0x859cdf38] -> IRP_MJ_READ -> 0x868f7a2e
21:27:31.662 AVAST engine scan C:\Windows
21:27:31.673 AVAST engine scan C:\Windows\system32
21:27:31.687 AVAST engine scan C:\Windows\system32\drivers
21:27:31.698 AVAST engine scan C:\Users\Guy
21:27:31.708 AVAST engine scan C:\ProgramData
21:27:31.718 Scan finished successfully
21:27:48.362 Disk 0 MBR has been saved successfully to "C:\Users\Guy\Desktop\MBR.dat"
21:27:48.402 The log file has been saved successfully to "C:\Users\Guy\Desktop\aswMBR.txt"

Thanks
jeffce's Avatar
jeffce   (Jeff) jeffce is offline jeffce is authorized to help remove malware.
jeffce has a Photo Album
Malware Removal Specialist with 1,727 posts.
 
Join Date: May 2011
01-Jul-2012, 05:08 PM #19
Hi,

Please download TDSSKiller.zip
  • Extract it to your desktop
  • Double click TDSSKiller.exe
  • when the window opens, click on Change Parameters
  • under ”Additional options”, put a check mark in the box next to “Detect TDLFS File System”
  • click OK
  • Press Start Scan
    • Only if Malicious objects are found then ensure Cure is selected
    • Then click Continue > Reboot now
  • Attach the log in your next reply
    • A copy of the log will be saved automatically to the root of the drive (typically C:\)
----------
Notnatsyuggy's Avatar
Notnatsyuggy Notnatsyuggy is offline
Computer Specs
Member with 27 posts.
THREAD STARTER
 
Join Date: Jun 2012
Experience: Beginner
02-Jul-2012, 04:30 PM #20
Hi,

Done as requested, here's the log from TDSSKiller.....


21:21:32.0517 4176 TDSS rootkit removing tool 2.7.43.0 Jun 29 2012 17:54:22
21:21:32.0671 4176 ============================================================
21:21:32.0671 4176 Current date / time: 2012/07/02 21:21:32.0671
21:21:32.0671 4176 SystemInfo:
21:21:32.0671 4176
21:21:32.0671 4176 OS Version: 6.0.6002 ServicePack: 2.0
21:21:32.0671 4176 Product type: Workstation
21:21:32.0671 4176 ComputerName: GUY-PC
21:21:32.0672 4176 UserName: Guy
21:21:32.0672 4176 Windows directory: C:\Windows
21:21:32.0672 4176 System windows directory: C:\Windows
21:21:32.0672 4176 Processor architecture: Intel x86
21:21:32.0672 4176 Number of processors: 1
21:21:32.0672 4176 Page size: 0x1000
21:21:32.0672 4176 Boot type: Normal boot
21:21:32.0672 4176 ============================================================
21:21:34.0610 4176 Drive \Device\Harddisk0\DR0 - Size: 0x12A1F16000 (74.53 Gb), SectorSize: 0x200, Cylinders: 0x2601, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000050
21:21:34.0639 4176 ============================================================
21:21:34.0639 4176 \Device\Harddisk0\DR0:
21:21:34.0646 4176 MBR partitions:
21:21:34.0649 4176 \Device\Harddisk0\DR0\Partition0: MBR, Type 0x7, StartLBA 0x3F, BlocksNum 0x83C3FC1
21:21:34.0649 4176 \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x83C4000, BlocksNum 0xE2E800
21:21:34.0649 4176 \Device\Harddisk0\DR0\Partition2: MBR, Type 0x7, StartLBA 0x91F4800, BlocksNum 0x31A800
21:21:34.0649 4176 ============================================================
21:21:34.0676 4176 C: <-> \Device\Harddisk0\DR0\Partition0
21:21:34.0811 4176 E: <-> \Device\Harddisk0\DR0\Partition2
21:21:34.0872 4176 F: <-> \Device\Harddisk0\DR0\Partition1
21:21:34.0872 4176 ============================================================
21:21:34.0872 4176 Initialize success
21:21:34.0872 4176 ============================================================
21:22:11.0560 4424 ============================================================
21:22:11.0560 4424 Scan started
21:22:11.0560 4424 Mode: Manual; TDLFS;
21:22:11.0560 4424 ============================================================
21:22:13.0728 4424 !SASCORE (c0393eb99a6c72c6bef9bfc4a72b33a6) C:\Program Files\SUPERAntiSpyware\SASCORE.EXE
21:22:13.0765 4424 !SASCORE - ok
21:22:14.0838 4424 ACPI (82b296ae1892fe3dbee00c9cf92f8ac7) C:\Windows\system32\drivers\acpi.sys
21:22:14.0843 4424 ACPI - ok
21:22:15.0006 4424 ADIHdAudAddService (b30ee77d621a08891089b7d9712d8cd4) C:\Windows\system32\drivers\ADIHdAud.sys
21:22:15.0011 4424 ADIHdAudAddService - ok
21:22:15.0297 4424 AdobeARMservice (62b7936f9036dd6ed36e6a7efa805dc0) C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe
21:22:15.0345 4424 AdobeARMservice - ok
21:22:15.0444 4424 adp94xx (2edc5bbac6c651ece337bde8ed97c9fb) C:\Windows\system32\drivers\adp94xx.sys
21:22:15.0457 4424 adp94xx - ok
21:22:15.0773 4424 adpahci (b84088ca3cdca97da44a984c6ce1ccad) C:\Windows\system32\drivers\adpahci.sys
21:22:15.0804 4424 adpahci - ok
21:22:15.0833 4424 adpu160m (7880c67bccc27c86fd05aa2afb5ea469) C:\Windows\system32\drivers\adpu160m.sys
21:22:15.0836 4424 adpu160m - ok
21:22:15.0973 4424 adpu320 (9ae713f8e30efc2abccd84904333df4d) C:\Windows\system32\drivers\adpu320.sys
21:22:16.0075 4424 adpu320 - ok
21:22:16.0284 4424 AEADIFilters (12d23758621b00b8d3134095ec3325fd) C:\Windows\system32\AEADISRV.EXE
21:22:16.0385 4424 AEADIFilters - ok
21:22:16.0415 4424 AeLookupSvc (9d1fda9e086ba64e3c93c9de32461bcf) C:\Windows\System32\aelupsvc.dll
21:22:16.0423 4424 AeLookupSvc - ok
21:22:16.0530 4424 AFD (3911b972b55fea0478476b2e777b29fa) C:\Windows\system32\drivers\afd.sys
21:22:16.0551 4424 AFD - ok
21:22:16.0650 4424 AgereModemAudio (39e435c90c9c4f780fa0ed05ca3c3a1b) C:\Windows\system32\agrsmsvc.exe
21:22:16.0657 4424 AgereModemAudio - ok
21:22:16.0837 4424 AgereSoftModem (2e3abaacbf547abbb5e73a504a56d05a) C:\Windows\system32\DRIVERS\AGRSM.sys
21:22:16.0951 4424 AgereSoftModem - ok
21:22:17.0058 4424 agp440 (ef23439cdd587f64c2c1b8825cead7d8) C:\Windows\system32\drivers\agp440.sys
21:22:17.0080 4424 agp440 - ok
21:22:17.0278 4424 aic78xx (ae1fdf7bf7bb6c6a70f67699d880592a) C:\Windows\system32\drivers\djsvs.sys
21:22:17.0330 4424 aic78xx - ok
21:22:17.0472 4424 ALG (a1545b731579895d8cc44fc0481c1192) C:\Windows\System32\alg.exe
21:22:17.0473 4424 ALG - ok
21:22:17.0556 4424 aliide (90395b64600ebb4552e26e178c94b2e4) C:\Windows\system32\drivers\aliide.sys
21:22:17.0651 4424 aliide - ok
21:22:17.0885 4424 amdagp (2b13e304c9dfdfa5eb582f6a149fa2c7) C:\Windows\system32\drivers\amdagp.sys
21:22:17.0917 4424 amdagp - ok
21:22:17.0948 4424 amdide (0577df1d323fe75a739c787893d300ea) C:\Windows\system32\drivers\amdide.sys
21:22:17.0963 4424 amdide - ok
21:22:18.0135 4424 AmdK7 (dc487885bcef9f28eece6fac0e5ddfc5) C:\Windows\system32\drivers\amdk7.sys
21:22:18.0151 4424 AmdK7 - ok
21:22:18.0229 4424 AmdK8 (0ca0071da4315b00fc1328ca86b425da) C:\Windows\system32\DRIVERS\amdk8.sys
21:22:18.0260 4424 AmdK8 - ok
21:22:18.0400 4424 Appinfo (c6d704c7f0434dc791aac37cac4b6e14) C:\Windows\System32\appinfo.dll
21:22:18.0416 4424 Appinfo - ok
21:22:18.0884 4424 Apple Mobile Device (7ef47644b74ebe721cc32211d3c35e76) C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
21:22:18.0931 4424 Apple Mobile Device - ok
21:22:19.0196 4424 arc (5f673180268bb1fdb69c99b6619fe379) C:\Windows\system32\drivers\arc.sys
21:22:19.0211 4424 arc - ok
21:22:19.0414 4424 arcsas (957f7540b5e7f602e44648c7de5a1c05) C:\Windows\system32\drivers\arcsas.sys
21:22:19.0461 4424 arcsas - ok
21:22:19.0835 4424 AsyncMac (53b202abee6455406254444303e87be1) C:\Windows\system32\DRIVERS\asyncmac.sys
21:22:19.0851 4424 AsyncMac - ok
21:22:19.0929 4424 atapi (1f05b78ab91c9075565a9d8a4b880bc4) C:\Windows\system32\drivers\atapi.sys
21:22:19.0960 4424 atapi - ok
21:22:20.0225 4424 AudioEndpointBuilder (68e2a1a0407a66cf50da0300852424ab) C:\Windows\System32\Audiosrv.dll
21:22:20.0319 4424 AudioEndpointBuilder - ok
21:22:20.0413 4424 Audiosrv (68e2a1a0407a66cf50da0300852424ab) C:\Windows\System32\Audiosrv.dll
21:22:20.0413 4424 Audiosrv - ok
21:22:20.0553 4424 b57nd60x (8e287eb3a52fd30c999482c576f4a61b) C:\Windows\system32\DRIVERS\b57nd60x.sys
21:22:20.0678 4424 b57nd60x - ok
21:22:21.0005 4424 BCM43XV (8c7cda904c8990b6309ed109add3e97b) C:\Windows\system32\DRIVERS\bcmwl6.sys
21:22:21.0005 4424 BCM43XV - ok
21:22:21.0052 4424 BCM43XX (8c7cda904c8990b6309ed109add3e97b) C:\Windows\system32\DRIVERS\bcmwl6.sys
21:22:21.0068 4424 BCM43XX - ok
21:22:21.0146 4424 Beep (67e506b75bd5326a3ec7b70bd014dfb6) C:\Windows\system32\drivers\Beep.sys
21:22:21.0146 4424 Beep - ok
21:22:21.0255 4424 BFE (c789af0f724fda5852fb9a7d3a432381) C:\Windows\System32\bfe.dll
21:22:21.0333 4424 BFE - ok
21:22:21.0520 4424 BITS (93952506c6d67330367f7e7934b6a02f) C:\Windows\System32\qmgr.dll
21:22:21.0536 4424 BITS - ok
21:22:21.0598 4424 blbdrive - ok
21:22:21.0817 4424 Bonjour Service (db5bea73edaf19ac68b2c0fad0f92b1a) C:\Program Files\Bonjour\mDNSResponder.exe
21:22:21.0817 4424 Bonjour Service - ok
21:22:21.0926 4424 bowser (35f376253f687bde63976ccb3f2108ca) C:\Windows\system32\DRIVERS\bowser.sys
21:22:21.0926 4424 bowser - ok
21:22:22.0051 4424 BrFiltLo (9f9acc7f7ccde8a15c282d3f88b43309) C:\Windows\system32\drivers\brfiltlo.sys
21:22:22.0051 4424 BrFiltLo - ok
21:22:22.0113 4424 BrFiltUp (56801ad62213a41f6497f96dee83755a) C:\Windows\system32\drivers\brfiltup.sys
21:22:22.0113 4424 BrFiltUp - ok
21:22:22.0269 4424 Browser (a3629a0c4226f9e9c72faaeebc3ad33c) C:\Windows\System32\browser.dll
21:22:22.0285 4424 Browser - ok
21:22:22.0347 4424 Brserid (b304e75cff293029eddf094246747113) C:\Windows\system32\drivers\brserid.sys
21:22:22.0363 4424 Brserid - ok
21:22:22.0409 4424 BrSerWdm (203f0b1e73adadbbb7b7b1fabd901f6b) C:\Windows\system32\drivers\brserwdm.sys
21:22:22.0409 4424 BrSerWdm - ok
21:22:22.0441 4424 BrUsbMdm (bd456606156ba17e60a04e18016ae54b) C:\Windows\system32\drivers\brusbmdm.sys
21:22:22.0441 4424 BrUsbMdm - ok
21:22:22.0519 4424 BrUsbSer (af72ed54503f717a43268b3cc5faec2e) C:\Windows\system32\drivers\brusbser.sys
21:22:22.0519 4424 BrUsbSer - ok
21:22:22.0612 4424 BthEnum (6d39c954799b63ba866910234cf7d726) C:\Windows\system32\DRIVERS\BthEnum.sys
21:22:22.0628 4424 BthEnum - ok
21:22:22.0721 4424 BTHMODEM (ad07c1ec6665b8b35741ab91200c6b68) C:\Windows\system32\drivers\bthmodem.sys
21:22:22.0721 4424 BTHMODEM - ok
21:22:23.0002 4424 BthPan (5904efa25f829bf84ea6fb045134a1d8) C:\Windows\system32\DRIVERS\bthpan.sys
21:22:23.0002 4424 BthPan - ok
21:22:24.0578 4424 BTHPORT (611ff3f2f095c8d4a6d4cfd9dcc09793) C:\Windows\system32\Drivers\BTHport.sys
21:22:24.0687 4424 BTHPORT - ok
21:22:24.0827 4424 BthServ (a4c8377fa4a994e07075107dbe2e3dce) C:\Windows\System32\bthserv.dll
21:22:24.0843 4424 BthServ - ok
21:22:25.0857 4424 BTHUSB (d330803eab2a15caec7f011f1d4cb30e) C:\Windows\system32\Drivers\BTHUSB.sys
21:22:25.0919 4424 BTHUSB - ok
21:22:26.0263 4424 BVRPMPR5 (6598d078d5446197aed6b46c6a2a3431) C:\Windows\system32\drivers\BVRPMPR5.SYS
21:22:26.0372 4424 BVRPMPR5 - ok
21:22:26.0653 4424 cdfs (7add03e75beb9e6dd102c3081d29840a) C:\Windows\system32\DRIVERS\cdfs.sys
21:22:26.0653 4424 cdfs - ok
21:22:26.0887 4424 cdrom (6b4bffb9becd728097024276430db314) C:\Windows\system32\DRIVERS\cdrom.sys
21:22:26.0887 4424 cdrom - ok
21:22:27.0136 4424 CertPropSvc (312ec3e37a0a1f2006534913e37b4423) C:\Windows\System32\certprop.dll
21:22:27.0245 4424 CertPropSvc - ok
21:22:27.0479 4424 circlass (da8e0afc7baa226c538ef53ac2f90897) C:\Windows\system32\drivers\circlass.sys
21:22:27.0479 4424 circlass - ok
21:22:28.0493 4424 CLFS (d7659d3b5b92c31e84e53c1431f35132) C:\Windows\system32\CLFS.sys
21:22:28.0613 4424 CLFS - ok
21:22:28.0983 4424 clr_optimization_v2.0.50727_32 (8ee772032e2fe80a924f3b8dd5082194) C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
21:22:29.0003 4424 clr_optimization_v2.0.50727_32 - ok
21:22:29.0603 4424 clr_optimization_v4.0.30319_32 (c5a75eb48e2344abdc162bda79e16841) C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
21:22:30.0183 4424 clr_optimization_v4.0.30319_32 - ok
21:22:30.0333 4424 CmBatt (99afc3795b58cc478fbbbcdc658fcb56) C:\Windows\system32\DRIVERS\CmBatt.sys
21:22:30.0343 4424 CmBatt - ok
21:22:30.0443 4424 cmdide (45201046c776ffdaf3fc8a0029c581c8) C:\Windows\system32\drivers\cmdide.sys
21:22:30.0483 4424 cmdide - ok
21:22:30.0883 4424 Com4Qlb (d8774ace03b46c9b01a49818055f9ad4) C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\Com4Qlb.exe
21:22:30.0993 4424 Com4Qlb - ok
21:22:31.0133 4424 Compbatt (6afef0b60fa25de07c0968983ee4f60a) C:\Windows\system32\DRIVERS\compbatt.sys
21:22:31.0133 4424 Compbatt - ok
21:22:31.0143 4424 COMSysApp - ok
21:22:31.0273 4424 crcdisk (2a213ae086bbec5e937553c7d9a2b22c) C:\Windows\system32\drivers\crcdisk.sys
21:22:31.0283 4424 crcdisk - ok
21:22:31.0473 4424 Crusoe (22a7f883508176489f559ee745b5bf5d) C:\Windows\system32\drivers\crusoe.sys
21:22:31.0573 4424 Crusoe - ok
21:22:31.0843 4424 CryptSvc (75c6a297e364014840b48eccd7525e30) C:\Windows\system32\cryptsvc.dll
21:22:31.0843 4424 CryptSvc - ok
21:22:32.0073 4424 DAMDrv (5d5984255a4bfaa4262fb750df7cd537) C:\Windows\system32\DRIVERS\DAMDrv.sys
21:22:32.0193 4424 DAMDrv - ok
21:22:32.0403 4424 DCamUSBET (619f52e53e20e839cdb2a83b7ec8e5ef) C:\Windows\system32\DRIVERS\etDevice.sys
21:22:32.0473 4424 DCamUSBET - ok
21:22:34.0143 4424 DcomLaunch (3b5b4d53fec14f7476ca29a20cc31ac9) C:\Windows\system32\rpcss.dll
21:22:34.0573 4424 DcomLaunch - ok
21:22:34.0973 4424 DfsC (622c41a07ca7e6dd91770f50d532cb6c) C:\Windows\system32\Drivers\dfsc.sys
21:22:34.0973 4424 DfsC - ok
21:22:35.0553 4424 DFSR (2cc3dcfb533a1035b13dcab6160ab38b) C:\Windows\system32\DFSR.exe
21:22:36.0163 4424 DFSR - ok
21:22:36.0903 4424 Dhcp (9028559c132146fb75eb7acf384b086a) C:\Windows\System32\dhcpcsvc.dll
21:22:36.0963 4424 Dhcp - ok
21:22:37.0213 4424 disk (5d4aefc3386920236a548271f8f1af6a) C:\Windows\system32\drivers\disk.sys
21:22:37.0213 4424 disk - ok
21:22:37.0513 4424 Dnscache (57d762f6f5974af0da2be88a3349baaa) C:\Windows\System32\dnsrslvr.dll
21:22:37.0553 4424 Dnscache - ok
21:22:37.0703 4424 dot3svc (324fd74686b1ef5e7c19a8af49e748f6) C:\Windows\System32\dot3svc.dll
21:22:37.0753 4424 dot3svc - ok
21:22:38.0023 4424 DPS (a622e888f8aa2f6b49e9bc466f0e5def) C:\Windows\system32\dps.dll
21:22:38.0053 4424 DPS - ok
21:22:38.0193 4424 drmkaud (97fef831ab90bee128c9af390e243f80) C:\Windows\system32\drivers\drmkaud.sys
21:22:38.0203 4424 drmkaud - ok
21:22:40.0163 4424 DXGKrnl (c68ac676b0ef30cfbb1080adce49eb1f) C:\Windows\System32\drivers\dxgkrnl.sys
21:22:40.0163 4424 DXGKrnl - ok
21:22:40.0383 4424 e1express (9636e42b3114b66ce6edfb34b9d8e81b) C:\Windows\system32\DRIVERS\e1e6032.sys
21:22:40.0383 4424 e1express - ok
21:22:40.0933 4424 E1G60 (f88fb26547fd2ce6d0a5af2985892c48) C:\Windows\system32\DRIVERS\E1G60I32.sys
21:22:40.0993 4424 E1G60 - ok
21:22:41.0233 4424 EapHost (c0b95e40d85cd807d614e264248a45b9) C:\Windows\System32\eapsvc.dll
21:22:41.0273 4424 EapHost - ok
21:22:42.0073 4424 Ecache (7f64ea048dcfac7acf8b4d7b4e6fe371) C:\Windows\system32\drivers\ecache.sys
21:22:42.0093 4424 Ecache - ok
21:22:42.0913 4424 elxstor (e8f3f21a71720c84bcf423b80028359f) C:\Windows\system32\drivers\elxstor.sys
21:22:43.0033 4424 elxstor - ok
21:22:44.0003 4424 EMDMgmt (4e6b23dfc917ea39306b529b773950f4) C:\Windows\system32\emdmgmt.dll
21:22:44.0393 4424 EMDMgmt - ok
21:22:44.0633 4424 EventSystem (67058c46504bc12d821f38cf99b7b28f) C:\Windows\system32\es.dll
21:22:44.0633 4424 EventSystem - ok
21:22:45.0033 4424 exfat (22b408651f9123527bcee54b4f6c5cae) C:\Windows\system32\drivers\exfat.sys
21:22:45.0043 4424 exfat - ok
21:22:45.0342 4424 fastfat (1e9b9a70d332103c52995e957dc09ef8) C:\Windows\system32\drivers\fastfat.sys
21:22:45.0404 4424 fastfat - ok
21:22:45.0498 4424 fdc (63bdada84951b9c03e641800e176898a) C:\Windows\system32\DRIVERS\fdc.sys
21:22:45.0498 4424 fdc - ok
21:22:45.0685 4424 fdPHost (6629b5f0e98151f4afdd87567ea32ba3) C:\Windows\system32\fdPHost.dll
21:22:45.0685 4424 fdPHost - ok
21:22:45.0841 4424 FDResPub (89ed56dce8e47af40892778a5bd31fd2) C:\Windows\system32\fdrespub.dll
21:22:45.0841 4424 FDResPub - ok
21:22:46.0122 4424 FileInfo (a8c0139a884861e3aae9cfe73b208a9f) C:\Windows\system32\drivers\fileinfo.sys
21:22:46.0122 4424 FileInfo - ok
21:22:46.0215 4424 Filetrace (0ae429a696aecbc5970e3cf2c62635ae) C:\Windows\system32\drivers\filetrace.sys
21:22:46.0215 4424 Filetrace - ok
21:22:46.0418 4424 FiltUSBET (9c185169e998942df28a760ae231f9b7) C:\Windows\system32\DRIVERS\etFilter.sys
21:22:46.0434 4424 FiltUSBET - ok
21:22:46.0933 4424 FLCDLOCK (224138e0ccdf7ce3281298473f6fd1d2) C:\Windows\system32\flcdlock.exe
21:22:47.0089 4424 FLCDLOCK - ok
21:22:47.0198 4424 flpydisk (6603957eff5ec62d25075ea8ac27de68) C:\Windows\system32\DRIVERS\flpydisk.sys
21:22:47.0214 4424 flpydisk - ok
21:22:48.0072 4424 FltMgr (01334f9ea68e6877c4ef05d3ea8abb05) C:\Windows\system32\drivers\fltmgr.sys
21:22:48.0103 4424 FltMgr - ok
21:22:49.0723 4424 FontCache (8ce364388c8eca59b14b539179276d44) C:\Windows\system32\FntCache.dll
21:22:49.0973 4424 FontCache - ok
21:22:50.0299 4424 FontCache3.0.0.0 (c7fbdd1ed42f82bfa35167a5c9803ea3) C:\Windows\Microsoft.Net\Framework\v3.0\WPF\PresentationFontCache.exe
21:22:50.0330 4424 FontCache3.0.0.0 - ok
21:22:50.0783 4424 Fs_Rec (b972a66758577e0bfd1de0f91aaa27b5) C:\Windows\system32\drivers\Fs_Rec.sys
21:22:50.0954 4424 Fs_Rec - ok
21:22:51.0157 4424 gagp30kx (4e1cd0a45c50a8882616cae5bf82f3c5) C:\Windows\system32\drivers\gagp30kx.sys
21:22:51.0204 4424 gagp30kx - ok
21:22:51.0407 4424 GEARAspiWDM (8182ff89c65e4d38b2de4bb0fb18564e) C:\Windows\system32\DRIVERS\GEARAspiWDM.sys
21:22:51.0407 4424 GEARAspiWDM - ok
21:22:52.0124 4424 gpsvc (cd5d0aeee35dfd4e986a5aa1500a6e66) C:\Windows\System32\gpsvc.dll
21:22:52.0358 4424 gpsvc - ok
21:22:52.0795 4424 gupdate (f02a533f517eb38333cb12a9e8963773) C:\Program Files\Google\Update\GoogleUpdate.exe
21:22:52.0826 4424 gupdate - ok
21:22:52.0826 4424 gupdatem (f02a533f517eb38333cb12a9e8963773) C:\Program Files\Google\Update\GoogleUpdate.exe
21:22:52.0826 4424 gupdatem - ok
21:22:52.0933 4424 HBtnKey (de15777902a5d9121857d155873a1d1b) C:\Windows\system32\DRIVERS\cpqbttn.sys
21:22:52.0933 4424 HBtnKey - ok
21:22:53.0423 4424 HdAudAddService (cb04c744be0a61b1d648faed182c3b59) C:\Windows\system32\drivers\HdAudio.sys
21:22:53.0593 4424 HdAudAddService - ok
21:22:55.0153 4424 HDAudBus (062452b7ffd68c8c042a6261fe8dff4a) C:\Windows\system32\DRIVERS\HDAudBus.sys
21:22:55.0233 4424 HDAudBus - ok
21:22:55.0283 4424 HidBth (1338520e78d90154ed6be8f84de5fceb) C:\Windows\system32\drivers\hidbth.sys
21:22:55.0293 4424 HidBth - ok
21:22:55.0393 4424 HidIr (ff3160c3a2445128c5a6d9b076da519e) C:\Windows\system32\drivers\hidir.sys
21:22:55.0393 4424 HidIr - ok
21:22:55.0523 4424 hidserv (84067081f3318162797385e11a8f0582) C:\Windows\system32\hidserv.dll
21:22:55.0523 4424 hidserv - ok
21:22:55.0593 4424 HidUsb (3c64042b95e583b366ba4e5d2450235e) C:\Windows\system32\drivers\hidusb.sys
21:22:55.0603 4424 HidUsb - ok
21:22:55.0743 4424 hkmsvc (d8ad255b37da92434c26e4876db7d418) C:\Windows\system32\kmsvc.dll
21:22:55.0753 4424 hkmsvc - ok
21:22:56.0133 4424 HP Health Check Service (a19b0bb5a7eb6df2dd4a0711d36955ee) c:\Program Files\Hewlett-Packard\HP Health Check\hphc_service.exe
21:22:56.0163 4424 HP Health Check Service - ok
21:22:56.0283 4424 HpCISSs (df353b401001246853763c4b7aaa6f50) C:\Windows\system32\drivers\hpcisss.sys
21:22:56.0303 4424 HpCISSs - ok
21:22:56.0363 4424 HpqKbFiltr (35956140e686d53bf676cf0c778880fc) C:\Windows\system32\DRIVERS\HpqKbFiltr.sys
21:22:56.0373 4424 HpqKbFiltr - ok
21:22:57.0043 4424 hpqwmiex (f8968c9778f25a90a35755c3c97c7f62) C:\Program Files\Hewlett-Packard\Shared\hpqwmiex.exe
21:22:57.0043 4424 hpqwmiex - ok
21:22:57.0453 4424 HSFHWAZL (46d67209550973257601a533e2ac5785) C:\Windows\system32\DRIVERS\VSTAZL3.SYS
21:22:57.0523 4424 HSFHWAZL - ok
21:22:58.0939 4424 HSF_DPV (ec36f1d542ed4252390d446bf6d4dfd0) C:\Windows\system32\DRIVERS\VSTDPV3.SYS
21:22:59.0350 4424 HSF_DPV - ok
21:22:59.0465 4424 HTCAND32 (cbd09ed9cf6822177ee85aea4d8816a2) C:\Windows\system32\Drivers\ANDROIDUSB.sys
21:22:59.0467 4424 HTCAND32 - ok
21:22:59.0591 4424 htcnprot (52395a94c127c0266d1c0f3cce8a4345) C:\Windows\system32\DRIVERS\htcnprot.sys
21:22:59.0611 4424 htcnprot - ok
21:23:00.0168 4424 HTTP (0eeeca26c8d4bde2a4664db058a81937) C:\Windows\system32\drivers\HTTP.sys
21:23:00.0396 4424 HTTP - ok
21:23:00.0490 4424 i2omp (324c2152ff2c61abae92d09f3cca4d63) C:\Windows\system32\drivers\i2omp.sys
21:23:00.0522 4424 i2omp - ok
21:23:00.0711 4424 i8042prt (22d56c8184586b7a1f6fa60be5f5a2bd) C:\Windows\system32\DRIVERS\i8042prt.sys
21:23:00.0728 4424 i8042prt - ok
21:23:01.0490 4424 iaStor (997e8f5939f2d12cd9f2e6b395724c16) C:\Windows\system32\drivers\iastor.sys
21:23:01.0493 4424 iaStor - ok
21:23:02.0075 4424 iaStorV (c957bf4b5d80b46c5017bf0101e6c906) C:\Windows\system32\drivers\iastorv.sys
21:23:02.0187 4424 iaStorV - ok
21:23:02.0977 4424 IDriverT (6f95324909b502e2651442c1548ab12f) C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
21:23:02.0997 4424 IDriverT - ok
21:23:03.0852 4424 idsvc (98477b08e61945f974ed9fdc4cb6bdab) C:\Windows\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe
21:23:04.0042 4424 idsvc - ok
21:23:05.0131 4424 igfx (bbace0293b73bf8c7cb591f2d06f26fa) C:\Windows\system32\DRIVERS\igdkmd32.sys
21:23:05.0308 4424 igfx - ok
21:23:06.0147 4424 iirsp (2d077bf86e843f901d8db709c95b49a5) C:\Windows\system32\drivers\iirsp.sys
21:23:06.0163 4424 iirsp - ok
21:23:06.0553 4424 IKEEXT (9908d8a397b76cd8d31d0d383c5773c9) C:\Windows\System32\ikeext.dll
21:23:06.0600 4424 IKEEXT - ok
21:23:07.0941 4424 intelide (97469037714070e45194ed318d636401) C:\Windows\system32\drivers\intelide.sys
21:23:08.0191 4424 intelide - ok
21:23:08.0253 4424 intelppm (224191001e78c89dfa78924c3ea595ff) C:\Windows\system32\DRIVERS\intelppm.sys
21:23:08.0253 4424 intelppm - ok
21:23:08.0518 4424 IPBusEnum (9ac218c6e6105477484c6fdbe7d409a4) C:\Windows\system32\ipbusenum.dll
21:23:08.0534 4424 IPBusEnum - ok
21:23:08.0674 4424 IpFilterDriver (62c265c38769b864cb25b4bcf62df6c3) C:\Windows\system32\DRIVERS\ipfltdrv.sys
21:23:08.0706 4424 IpFilterDriver - ok
21:23:09.0376 4424 iphlpsvc (1998bd97f950680bb55f55a7244679c2) C:\Windows\System32\iphlpsvc.dll
21:23:09.0595 4424 iphlpsvc - ok
21:23:09.0610 4424 IpInIp - ok
21:23:09.0807 4424 IPMIDRV (40f34f8aba2a015d780e4b09138b6c17) C:\Windows\system32\drivers\ipmidrv.sys
21:23:09.0837 4424 IPMIDRV - ok
21:23:10.0247 4424 IPNAT (8793643a67b42cec66490b2a0cf92d68) C:\Windows\system32\DRIVERS\ipnat.sys
21:23:10.0247 4424 IPNAT - ok
21:23:10.0407 4424 IRENUM (109c0dfb82c3632fbd11949b73aeeac9) C:\Windows\system32\drivers\irenum.sys
21:23:10.0417 4424 IRENUM - ok
21:23:10.0527 4424 isapnp (350fca7e73cf65bcef43fae1e4e91293) C:\Windows\system32\drivers\isapnp.sys
21:23:10.0537 4424 isapnp - ok
21:23:11.0517 4424 iScsiPrt (232fa340531d940aac623b121a595034) C:\Windows\system32\DRIVERS\msiscsi.sys
21:23:11.0517 4424 iScsiPrt - ok
21:23:11.0723 4424 iteatapi (bced60d16156e428f8df8cf27b0df150) C:\Windows\system32\drivers\iteatapi.sys
21:23:11.0738 4424 iteatapi - ok
21:23:11.0832 4424 iteraid (06fa654504a498c30adca8bec4e87e7e) C:\Windows\system32\drivers\iteraid.sys
21:23:11.0832 4424 iteraid - ok
21:23:12.0596 4424 IviRegMgr (213822072085b5bbad9af30ab577d817) C:\Program Files\Common Files\InterVideo\RegMgr\iviRegMgr.exe
21:23:12.0596 4424 IviRegMgr - ok
21:23:12.0659 4424 kbdclass (37605e0a8cf00cbba538e753e4344c6e) C:\Windows\system32\DRIVERS\kbdclass.sys
21:23:12.0659 4424 kbdclass - ok
21:23:12.0752 4424 kbdhid (ede59ec70e25c24581add1fbec7325f7) C:\Windows\system32\DRIVERS\kbdhid.sys
21:23:12.0752 4424 kbdhid - ok
21:23:12.0862 4424 KeyIso (a3e186b4b935905b829219502557314e) C:\Windows\system32\lsass.exe
21:23:13.0049 4424 KeyIso - ok
21:23:14.0032 4424 KSecDD (2b2f1638466e8cb091400c9019cc730e) C:\Windows\system32\Drivers\ksecdd.sys
21:23:14.0281 4424 KSecDD - ok
21:23:14.0780 4424 KtmRm (8078f8f8f7a79e2e6b494523a828c585) C:\Windows\system32\msdtckrm.dll
21:23:14.0952 4424 KtmRm - ok
21:23:15.0326 4424 LanmanServer (1bf5eebfd518dd7298434d8c862f825d) C:\Windows\system32\srvsvc.dll
21:23:15.0326 4424 LanmanServer - ok
21:23:15.0670 4424 LanmanWorkstation (1db69705b695b987082c8baec0c6b34f) C:\Windows\System32\wkssvc.dll
21:23:15.0685 4424 LanmanWorkstation - ok
21:23:16.0403 4424 LightScribeService (31d8b705dcd5f2366186e731f87c7a71) C:\Program Files\Common Files\LightScribe\LSSrvc.exe
21:23:16.0450 4424 LightScribeService - ok
21:23:16.0603 4424 lltdio (d1c5883087a0c3f1344d9d55a44901f6) C:\Windows\system32\DRIVERS\lltdio.sys
21:23:16.0613 4424 lltdio - ok
21:23:17.0143 4424 lltdsvc (2d5a428872f1442631d0959a34abff63) C:\Windows\System32\lltdsvc.dll
21:23:17.0203 4424 lltdsvc - ok
21:23:17.0323 4424 lmhosts (35d40113e4a5b961b6ce5c5857702518) C:\Windows\System32\lmhsvc.dll
21:23:17.0323 4424 lmhosts - ok
21:23:17.0483 4424 LSI_FC (a2262fb9f28935e862b4db46438c80d2) C:\Windows\system32\drivers\lsi_fc.sys
21:23:17.0483 4424 LSI_FC - ok
21:23:17.0653 4424 LSI_SAS (30d73327d390f72a62f32c103daf1d6d) C:\Windows\system32\drivers\lsi_sas.sys
21:23:17.0673 4424 LSI_SAS - ok
21:23:17.0793 4424 LSI_SCSI (e1e36fefd45849a95f1ab81de0159fe3) C:\Windows\system32\drivers\lsi_scsi.sys
21:23:17.0793 4424 LSI_SCSI - ok
21:23:18.0163 4424 luafv (8f5c7426567798e62a3b3614965d62cc) C:\Windows\system32\drivers\luafv.sys
21:23:18.0173 4424 luafv - ok
21:23:18.0283 4424 megasas (d153b14fc6598eae8422a2037553adce) C:\Windows\system32\drivers\megasas.sys
21:23:18.0293 4424 megasas - ok
21:23:18.0653 4424 Microsoft SharePoint Workspace Audit Service - ok
21:23:18.0753 4424 MMCSS (1076ffcffaae8385fd62dfcb25ac4708) C:\Windows\system32\mmcss.dll
21:23:18.0763 4424 MMCSS - ok
21:23:18.0883 4424 Modem (e13b5ea0f51ba5b1512ec671393d09ba) C:\Windows\system32\drivers\modem.sys
21:23:18.0953 4424 Modem - ok
21:23:19.0233 4424 monitor (0a9bb33b56e294f686abb7c1e4e2d8a8) C:\Windows\system32\DRIVERS\monitor.sys
21:23:19.0233 4424 monitor - ok
21:23:19.0433 4424 mouclass (5bf6a1326a335c5298477754a506d263) C:\Windows\system32\DRIVERS\mouclass.sys
21:23:19.0433 4424 mouclass - ok
21:23:19.0500 4424 mouhid (a3a6dff7e9e757db3df51a833bc28885) C:\Windows\system32\drivers\mouhid.sys
21:23:19.0531 4424 mouhid - ok
21:23:19.0672 4424 MountMgr (bdafc88aa6b92f7842416ea6a48e1600) C:\Windows\system32\drivers\mountmgr.sys
21:23:19.0703 4424 MountMgr - ok
21:23:20.0249 4424 MpFilter (d993bea500e7382dc4e760bf4f35efcb) C:\Windows\system32\DRIVERS\MpFilter.sys
21:23:20.0280 4424 MpFilter - ok
21:23:20.0467 4424 mpio (583a41f26278d9e0ea548163d6139397) C:\Windows\system32\drivers\mpio.sys
21:23:20.0498 4424 mpio - ok
21:23:21.0044 4424 MpKsl1494745d (a69630d039c38018689190234f866d77) c:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{35FF0FD5-746E-4B2B-A2FF-90FC43055FEF}\MpKsl1494745d.sys
21:23:21.0044 4424 MpKsl1494745d - ok
21:23:21.0292 4424 mpsdrv (22241feba9b2defa669c8cb0a8dd7d2e) C:\Windows\system32\drivers\mpsdrv.sys
21:23:21.0312 4424 mpsdrv - ok
21:23:22.0369 4424 MpsSvc (5de62c6e9108f14f6794060a9bdecaec) C:\Windows\system32\mpssvc.dll
21:23:22.0541 4424 MpsSvc - ok
21:23:22.0712 4424 Mraid35x (4fbbb70d30fd20ec51f80061703b001e) C:\Windows\system32\drivers\mraid35x.sys
21:23:22.0728 4424 Mraid35x - ok
21:23:23.0274 4424 MRxDAV (82cea0395524aacfeb58ba1448e8325c) C:\Windows\system32\drivers\mrxdav.sys
21:23:23.0305 4424 MRxDAV - ok
21:23:23.0570 4424 mrxsmb (1e94971c4b446ab2290deb71d01cf0c2) C:\Windows\system32\DRIVERS\mrxsmb.sys
21:23:23.0602 4424 mrxsmb - ok
21:23:23.0789 4424 mrxsmb10 (4fccb34d793b116423209c0f8b7a3b03) C:\Windows\system32\DRIVERS\mrxsmb10.sys
21:23:23.0804 4424 mrxsmb10 - ok
21:23:24.0007 4424 mrxsmb20 (c3cb1b40ad4a0124d617a1199b0b9d7c) C:\Windows\system32\DRIVERS\mrxsmb20.sys
21:23:24.0023 4424 mrxsmb20 - ok
21:23:24.0070 4424 msahci (742aed7939e734c36b7e8d6228ce26b7) C:\Windows\system32\drivers\msahci.sys
21:23:24.0070 4424 msahci - ok
21:23:24.0241 4424 msdsm (3fc82a2ae4cc149165a94699183d3028) C:\Windows\system32\drivers\msdsm.sys
21:23:24.0257 4424 msdsm - ok
21:23:24.0616 4424 MSDTC (fd7520cc3a80c5fc8c48852bb24c6ded) C:\Windows\System32\msdtc.exe
21:23:24.0662 4424 MSDTC - ok
21:23:24.0865 4424 Msfs (a9927f4a46b816c92f461acb90cf8515) C:\Windows\system32\drivers\Msfs.sys
21:23:24.0865 4424 Msfs - ok
21:23:24.0990 4424 msisadrv (0f400e306f385c56317357d6dea56f62) C:\Windows\system32\drivers\msisadrv.sys
21:23:25.0006 4424 msisadrv - ok
21:23:25.0084 4424 MSiSCSI (85466c0757a23d9a9aecdc0755203cb2) C:\Windows\system32\iscsiexe.dll
21:23:25.0084 4424 MSiSCSI - ok
21:23:25.0115 4424 msiserver - ok
21:23:25.0208 4424 MSKSSRV (d8c63d34d9c9e56c059e24ec7185cc07) C:\Windows\system32\drivers\MSKSSRV.sys
21:23:25.0240 4424 MSKSSRV - ok
21:23:25.0505 4424 MsMpSvc (24516bf4e12a46cb67302e2cdcb8cddf) c:\Program Files\Microsoft Security Client\MsMpEng.exe
21:23:25.0505 4424 MsMpSvc - ok
21:23:25.0739 4424 MSPCLOCK (1d373c90d62ddb641d50e55b9e78d65e) C:\Windows\system32\drivers\MSPCLOCK.sys
21:23:25.0848 4424 MSPCLOCK - ok
21:23:25.0957 4424 MSPQM (b572da05bf4e098d4bba3a4734fb505b) C:\Windows\system32\drivers\MSPQM.sys
21:23:26.0020 4424 MSPQM - ok
21:23:26.0378 4424 MsRPC (b49456d70555de905c311bcda6ec6adb) C:\Windows\system32\drivers\MsRPC.sys
21:23:26.0410 4424 MsRPC - ok
21:23:26.0519 4424 mssmbios (e384487cb84be41d09711c30ca79646c) C:\Windows\system32\DRIVERS\mssmbios.sys
21:23:26.0519 4424 mssmbios - ok
21:23:26.0597 4424 MSTEE (7199c1eec1e4993caf96b8c0a26bd58a) C:\Windows\system32\drivers\MSTEE.sys
21:23:26.0612 4424 MSTEE - ok
21:23:26.0768 4424 Mup (6a57b5733d4cb702c8ea4542e836b96c) C:\Windows\system32\Drivers\mup.sys
21:23:26.0768 4424 Mup - ok
21:23:26.0940 4424 napagent (e4eaf0c5c1b41b5c83386cf212ca9584) C:\Windows\system32\qagentRT.dll
21:23:26.0940 4424 napagent - ok
21:23:27.0564 4424 NativeWifiP (85c44fdff9cf7e72a40dcb7ec06a4416) C:\Windows\system32\DRIVERS\nwifi.sys
21:23:27.0626 4424 NativeWifiP - ok
21:23:28.0796 4424 NDIS (1357274d1883f68300aeadd15d7bbb42) C:\Windows\system32\drivers\ndis.sys
21:23:28.0906 4424 NDIS - ok
21:23:29.0592 4424 NdisTapi (0e186e90404980569fb449ba7519ae61) C:\Windows\system32\DRIVERS\ndistapi.sys
21:23:29.0608 4424 NdisTapi - ok
21:23:29.0701 4424 Ndisuio (d6973aa34c4d5d76c0430b181c3cd389) C:\Windows\system32\DRIVERS\ndisuio.sys
21:23:29.0732 4424 Ndisuio - ok
21:23:29.0873 4424 NdisWan (818f648618ae34f729fdb47ec68345c3) C:\Windows\system32\DRIVERS\ndiswan.sys
21:23:29.0920 4424 NdisWan - ok
21:23:30.0076 4424 NDProxy (71dab552b41936358f3b541ae5997fb3) C:\Windows\system32\drivers\NDProxy.sys
21:23:30.0091 4424 NDProxy - ok
21:23:30.0668 4424 NetBIOS (bcd093a5a6777cf626434568dc7dba78) C:\Windows\system32\DRIVERS\netbios.sys
21:23:30.0668 4424 NetBIOS - ok
21:23:30.0762 4424 netbt (ecd64230a59cbd93c85f1cd1cab9f3f6) C:\Windows\system32\DRIVERS\netbt.sys
21:23:30.0778 4424 netbt - ok
21:23:30.0856 4424 Netlogon (a3e186b4b935905b829219502557314e) C:\Windows\system32\lsass.exe
21:23:30.0856 4424 Netlogon - ok
21:23:31.0480 4424 Netman (c8052711daecc48b982434c5116ca401) C:\Windows\System32\netman.dll
21:23:31.0495 4424 Netman - ok
21:23:31.0620 4424 netprofm (2ef3bbe22e5a5acd1428ee387a0d0172) C:\Windows\System32\netprofm.dll
21:23:31.0636 4424 netprofm - ok
21:23:31.0854 4424 NetTcpPortSharing (d6c4e4a39a36029ac0813d476fbd0248) C:\Windows\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe
21:23:31.0870 4424 NetTcpPortSharing - ok
21:23:31.0994 4424 nfrd960 (2e7fb731d4790a1bc6270accefacb36e) C:\Windows\system32\drivers\nfrd960.sys
21:23:31.0994 4424 nfrd960 - ok
21:23:32.0088 4424 NisDrv (b52f26bade7d7e4a79706e3fd91834cd) C:\Windows\system32\DRIVERS\NisDrvWFP.sys
21:23:32.0088 4424 NisDrv - ok
21:23:32.0684 4424 NisSrv (290c0d4c4889398797f8df3be00b9698) c:\Program Files\Microsoft Security Client\NisSrv.exe
21:23:32.0834 4424 NisSrv - ok
21:23:33.0604 4424 NlaSvc (2997b15415f9bbe05b5a4c1c85e0c6a2) C:\Windows\System32\nlasvc.dll
21:23:33.0614 4424 NlaSvc - ok
21:23:33.0874 4424 Npfs (d36f239d7cce1931598e8fb90a0dbc26) C:\Windows\system32\drivers\Npfs.sys
21:23:33.0904 4424 Npfs - ok
21:23:33.0994 4424 nsi (8bb86f0c7eea2bded6fe095d0b4ca9bd) C:\Windows\system32\nsisvc.dll
21:23:34.0004 4424 nsi - ok
21:23:34.0104 4424 nsiproxy (609773e344a97410ce4ebf74a8914fcf) C:\Windows\system32\drivers\nsiproxy.sys
21:23:34.0184 4424 nsiproxy - ok
21:23:37.0463 4424 Ntfs (6a4a98cee84cf9e99564510dda4baa47) C:\Windows\system32\drivers\Ntfs.sys
21:23:37.0633 4424 Ntfs - ok
21:23:37.0923 4424 ntrigdigi (e875c093aec0c978a90f30c9e0dfbb72) C:\Windows\system32\drivers\ntrigdigi.sys
21:23:37.0963 4424 ntrigdigi - ok
21:23:38.0103 4424 Null (c5dbbcda07d780bda9b685df333bb41e) C:\Windows\system32\drivers\Null.sys
21:23:38.0123 4424 Null - ok
21:23:38.0233 4424 nvraid (e69e946f80c1c31c53003bfbf50cbb7c) C:\Windows\system32\drivers\nvraid.sys
21:23:38.0253 4424 nvraid - ok
21:23:38.0383 4424 nvstor (9e0ba19a28c498a6d323d065db76dffc) C:\Windows\system32\drivers\nvstor.sys
21:23:38.0393 4424 nvstor - ok
21:23:38.0603 4424 nv_agp (07c186427eb8fcc3d8d7927187f260f7) C:\Windows\system32\drivers\nv_agp.sys
21:23:38.0633 4424 nv_agp - ok
21:23:38.0643 4424 NwlnkFlt - ok
21:23:38.0653 4424 NwlnkFwd - ok
21:23:38.0933 4424 ohci1394 (be32da025a0be1878f0ee8d6d9386cd5) C:\Windows\system32\DRIVERS\ohci1394.sys
21:23:38.0943 4424 ohci1394 - ok
21:23:39.0563 4424 ose (9d10f99a6712e28f8acd5641e3a7ea6b) C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE
21:23:39.0583 4424 ose - ok
21:23:48.0002 4424 osppsvc (358a9cca612c68eb2f07ddad4ce1d8d7) C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE
21:23:49.0532 4424 osppsvc - ok
21:23:52.0632 4424 p2pimsvc (0c8e8e61ad1eb0b250b846712c917506) C:\Windows\system32\p2psvc.dll
21:23:52.0902 4424 p2pimsvc - ok
21:23:52.0922 4424 p2psvc (0c8e8e61ad1eb0b250b846712c917506) C:\Windows\system32\p2psvc.dll
21:23:52.0932 4424 p2psvc - ok
21:23:53.0552 4424 Parport (0fa9b5055484649d63c303fe404e5f4d) C:\Windows\system32\DRIVERS\parport.sys
21:23:53.0572 4424 Parport - ok
21:23:53.0752 4424 partmgr (b9c2b89f08670e159f7181891e449cd9) C:\Windows\system32\drivers\partmgr.sys
21:23:53.0762 4424 partmgr - ok
21:23:53.0832 4424 Parvdm (4f9a6a8a31413180d0fcb279ad5d8112) C:\Windows\system32\DRIVERS\parvdm.sys
21:23:53.0842 4424 Parvdm - ok
21:23:54.0322 4424 PassThru Service (39b9dcd7040654c2e57d7396736c718e) C:\Program Files\HTC\Internet Pass-Through\PassThruSvr.exe
21:23:54.0412 4424 PassThru Service - ok
21:23:54.0552 4424 PcaSvc (c6276ad11f4bb49b58aa1ed88537f14a) C:\Windows\System32\pcasvc.dll
21:23:54.0562 4424 PcaSvc - ok
21:23:54.0702 4424 pccsmcfd (fd2041e9ba03db7764b2248f02475079) C:\Windows\system32\DRIVERS\pccsmcfd.sys
21:23:54.0712 4424 pccsmcfd - ok
21:23:55.0092 4424 pci (941dc1d19e7e8620f40bbc206981efdb) C:\Windows\system32\drivers\pci.sys
21:23:55.0112 4424 pci - ok
21:23:55.0212 4424 pciide (1636d43f10416aeb483bc6001097b26c) C:\Windows\system32\DRIVERS\pciide.sys
21:23:55.0212 4424 pciide - ok
21:23:55.0582 4424 pcmcia (e6f3fb1b86aa519e7698ad05e58b04e5) C:\Windows\system32\DRIVERS\pcmcia.sys
21:23:55.0622 4424 pcmcia - ok
21:23:55.0692 4424 pdfcDispatcher - ok
21:23:56.0942 4424 PEAUTH (6349f6ed9c623b44b52ea3c63c831a92) C:\Windows\system32\drivers\peauth.sys
21:23:56.0982 4424 PEAUTH - ok
21:23:59.0749 4424 pla (b1689df169143f57053f795390c99db3) C:\Windows\system32\pla.dll
21:23:59.0883 4424 pla - ok
21:24:01.0943 4424 PlugPlay (c5e7f8a996ec0a82d508fd9064a5569e) C:\Windows\system32\umpnpmgr.dll
21:24:01.0993 4424 PlugPlay - ok
21:24:02.0973 4424 PNRPAutoReg (0c8e8e61ad1eb0b250b846712c917506) C:\Windows\system32\p2psvc.dll
21:24:02.0973 4424 PNRPAutoReg - ok
21:24:02.0993 4424 PNRPsvc (0c8e8e61ad1eb0b250b846712c917506) C:\Windows\system32\p2psvc.dll
21:24:03.0003 4424 PNRPsvc - ok
21:24:03.0473 4424 PolicyAgent (d0494460421a03cd5225cca0059aa146) C:\Windows\System32\ipsecsvc.dll
21:24:03.0653 4424 PolicyAgent - ok
21:24:03.0983 4424 PptpMiniport (ecfffaec0c1ecd8dbc77f39070ea1db1) C:\Windows\system32\DRIVERS\raspptp.sys
21:24:04.0043 4424 PptpMiniport - ok
21:24:04.0183 4424 Processor (0e3cef5d28b40cf273281d620c50700a) C:\Windows\system32\drivers\processr.sys
21:24:04.0183 4424 Processor - ok
21:24:04.0533 4424 ProfSvc (0508faa222d28835310b7bfca7a77346) C:\Windows\system32\profsvc.dll
21:24:04.0563 4424 ProfSvc - ok
21:24:04.0633 4424 ProtectedStorage (a3e186b4b935905b829219502557314e) C:\Windows\system32\lsass.exe
21:24:04.0633 4424 ProtectedStorage - ok
21:24:04.0723 4424 PSched (99514faa8df93d34b5589187db3aa0ba) C:\Windows\system32\DRIVERS\pacer.sys
21:24:04.0738 4424 PSched - ok
21:24:04.0816 4424 PxHelp20 (d86b4a68565e444d76457f14172c875a) C:\Windows\system32\Drivers\PxHelp20.sys
21:24:04.0816 4424 PxHelp20 - ok
21:24:06.0189 4424 ql2300 (ccdac889326317792480c0a67156a1ec) C:\Windows\system32\drivers\ql2300.sys
21:24:06.0267 4424 ql2300 - ok
21:24:06.0532 4424 ql40xx (81a7e5c076e59995d54bc1ed3a16e60b) C:\Windows\system32\drivers\ql40xx.sys
21:24:06.0564 4424 ql40xx - ok
21:24:07.0153 4424 QWAVE (e9ecae663f47e6cb43962d18ab18890f) C:\Windows\system32\qwave.dll
21:24:07.0253 4424 QWAVE - ok
21:24:07.0533 4424 QWAVEdrv (9f5e0e1926014d17486901c88eca2db7) C:\Windows\system32\drivers\qwavedrv.sys
21:24:07.0553 4424 QWAVEdrv - ok
21:24:10.0683 4424 R300 (e642b131fb74caf4bb8a014f31113142) C:\Windows\system32\DRIVERS\atikmdag.sys
21:24:11.0163 4424 R300 - ok
21:24:13.0093 4424 RasAcd (147d7f9c556d259924351feb0de606c3) C:\Windows\system32\DRIVERS\rasacd.sys
21:24:13.0093 4424 RasAcd - ok
21:24:13.0405 4424 RasAuto (f6a452eb4ceadbb51c9e0ee6b3ecef0f) C:\Windows\System32\rasauto.dll
21:24:13.0420 4424 RasAuto - ok
21:24:13.0654 4424 Rasl2tp (a214adbaf4cb47dd2728859ef31f26b0) C:\Windows\system32\DRIVERS\rasl2tp.sys
21:24:13.0670 4424 Rasl2tp - ok
21:24:14.0216 4424 RasMan (75d47445d70ca6f9f894b032fbc64fcf) C:\Windows\System32\rasmans.dll
21:24:14.0232 4424 RasMan - ok
21:24:14.0310 4424 RasPppoe (509a98dd18af4375e1fc40bc175f1def) C:\Windows\system32\DRIVERS\raspppoe.sys
21:24:14.0310 4424 RasPppoe - ok
21:24:14.0559 4424 RasSstp (2005f4a1e05fa09389ac85840f0a9e4d) C:\Windows\system32\DRIVERS\rassstp.sys
21:24:14.0575 4424 RasSstp - ok
21:24:14.0979 4424 rdbss (b14c9d5b9add2f84f70570bbbfaa7935) C:\Windows\system32\DRIVERS\rdbss.sys
21:24:15.0119 4424 rdbss - ok
21:24:15.0209 4424 RDPCDD (89e59be9a564262a3fb6c4f4f1cd9899) C:\Windows\system32\DRIVERS\RDPCDD.sys
21:24:15.0219 4424 RDPCDD - ok
21:24:15.0459 4424 rdpdr (e8bd98d46f2ed77132ba927fccb47d8b) C:\Windows\system32\drivers\rdpdr.sys
21:24:15.0469 4424 rdpdr - ok
21:24:15.0529 4424 RDPENCDD (9d91fe5286f748862ecffa05f8a0710c) C:\Windows\system32\drivers\rdpencdd.sys
21:24:15.0529 4424 RDPENCDD - ok
21:24:15.0979 4424 RDPWD (c127ebd5afab31524662c48dfceb773a) C:\Windows\system32\drivers\RDPWD.sys
21:24:16.0079 4424 RDPWD - ok
21:24:16.0449 4424 RemoteAccess (bcdd6b4804d06b1f7ebf29e53a57ece9) C:\Windows\System32\mprdim.dll
21:24:16.0469 4424 RemoteAccess - ok
21:24:16.0749 4424 RemoteRegistry (9e6894ea18daff37b63e1005f83ae4ab) C:\Windows\system32\regsvc.dll
21:24:16.0799 4424 RemoteRegistry - ok
21:24:17.0416 4424 RFCOMM (6482707f9f4da0ecbab43b2e0398a101) C:\Windows\system32\DRIVERS\rfcomm.sys
21:24:17.0525 4424 RFCOMM - ok
21:24:17.0900 4424 RoxMediaDB9 (229933ce97a9421f5f1673a20473726f) c:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxMediaDB9.exe
21:24:17.0915 4424 RoxMediaDB9 - ok
21:24:18.0019 4424 RpcLocator (5123f83cbc4349d065534eeb6bbdc42b) C:\Windows\system32\locator.exe
21:24:18.0069 4424 RpcLocator - ok
21:24:18.0269 4424 RpcSs (3b5b4d53fec14f7476ca29a20cc31ac9) C:\Windows\system32\rpcss.dll
21:24:18.0269 4424 RpcSs - ok
21:24:18.0419 4424 rspndr (9c508f4074a39e8b4b31d27198146fad) C:\Windows\system32\DRIVERS\rspndr.sys
21:24:18.0479 4424 rspndr - ok
21:24:18.0589 4424 SamSs (a3e186b4b935905b829219502557314e) C:\Windows\system32\lsass.exe
21:24:18.0589 4424 SamSs - ok
21:24:18.0849 4424 SASDIFSV (39763504067962108505bff25f024345) C:\Program Files\SUPERAntiSpyware\SASDIFSV.SYS
21:24:18.0849 4424 SASDIFSV - ok
21:24:18.0899 4424 SASKUTIL (77b9fc20084b48408ad3e87570eb4a85) C:\Program Files\SUPERAntiSpyware\SASKUTIL.SYS
21:24:18.0949 4424 SASKUTIL - ok
21:24:19.0049 4424 sbp2port (3ce8f073a557e172b330109436984e30) C:\Windows\system32\drivers\sbp2port.sys
21:24:19.0079 4424 sbp2port - ok
21:24:19.0179 4424 ScanUSBET (f6b34d346e907d7a07a573f19088491a) C:\Windows\system32\DRIVERS\etScan.sys
21:24:19.0199 4424 ScanUSBET - ok
21:24:19.0319 4424 SCardSvr (77b7a11a0c3d78d3386398fbbea1b632) C:\Windows\System32\SCardSvr.dll
21:24:19.0359 4424 SCardSvr - ok
21:24:19.0609 4424 Schedule (1a58069db21d05eb2ab58ee5753ebe8d) C:\Windows\system32\schedsvc.dll
21:24:19.0649 4424 Schedule - ok
21:24:19.0759 4424 SCPolicySvc (312ec3e37a0a1f2006534913e37b4423) C:\Windows\System32\certprop.dll
21:24:19.0759 4424 SCPolicySvc - ok
21:24:19.0889 4424 sdbus (4339a2585708c7d9b0c0ce5aad3dd6ff) C:\Windows\system32\DRIVERS\sdbus.sys
21:24:19.0899 4424 sdbus - ok
21:24:20.0109 4424 SDRSVC (716313d9f6b0529d03f726d5aaf6f191) C:\Windows\System32\SDRSVC.dll
21:24:20.0189 4424 SDRSVC - ok
21:24:20.0239 4424 secdrv (90a3935d05b494a5a39d37e71f09a677) C:\Windows\system32\drivers\secdrv.sys
21:24:20.0249 4424 secdrv - ok
21:24:20.0389 4424 seclogon (fd5199d4d8a521005e4b5ee7fe00fa9b) C:\Windows\system32\seclogon.dll
21:24:20.0409 4424 seclogon - ok
21:24:20.0569 4424 SENS (a9bbab5759771e523f55563d6cbe140f) C:\Windows\System32\sens.dll
21:24:20.0569 4424 SENS - ok
21:24:20.0609 4424 Serenum (68e44e331d46f0fb38f0863a84cd1a31) C:\Windows\system32\drivers\serenum.sys
21:24:20.0619 4424 Serenum - ok
21:24:20.0699 4424 Serial (c70d69a918b178d3c3b06339b40c2e1b) C:\Windows\system32\drivers\serial.sys
21:24:20.0759 4424 Serial - ok
21:24:20.0866 4424 sermouse (8af3d28a879bf75db53a0ee7a4289624) C:\Windows\system32\drivers\sermouse.sys
21:24:20.0912 4424 sermouse - ok
21:24:21.0264 4424 ServiceLayer (8988d1f32f56b3cd3f0f6c39f8a91a98) C:\Program Files\PC Connectivity Solution\ServiceLayer.exe
21:24:21.0424 4424 ServiceLayer - ok
21:24:21.0654 4424 SessionEnv (d2193326f729b163125610dbf3e17d57) C:\Windows\system32\sessenv.dll
21:24:21.0654 4424 SessionEnv - ok
21:24:21.0844 4424 sffdisk (51cf56aa8bcc241f134b420b8f850406) C:\Windows\system32\drivers\sffdisk.sys
21:24:21.0894 4424 sffdisk - ok
21:24:21.0984 4424 sffp_mmc (96ded8b20c734ac41641ce275250e55d) C:\Windows\system32\drivers\sffp_mmc.sys
21:24:21.0994 4424 sffp_mmc - ok
21:24:22.0064 4424 sffp_sd (8b08cab1267b2c377883fc9e56981f90) C:\Windows\system32\drivers\sffp_sd.sys
21:24:22.0134 4424 sffp_sd - ok
21:24:22.0214 4424 sfloppy (c33bfbd6e9e41fcd9ffef9729e9faed6) C:\Windows\system32\DRIVERS\sfloppy.sys
21:24:22.0224 4424 sfloppy - ok
21:24:22.0264 4424 SharedAccess (e1499bd0ff76b1b2fbbf1af339d91165) C:\Windows\System32\ipnathlp.dll
21:24:22.0274 4424 SharedAccess - ok
21:24:22.0384 4424 ShellHWDetection (c7230fbee14437716701c15be02c27b8) C:\Windows\System32\shsvcs.dll
21:24:22.0404 4424 ShellHWDetection - ok
21:24:22.0584 4424 sisagp (d2a595d6eebeeaf4334f8e50efbc9931) C:\Windows\system32\drivers\sisagp.sys
21:24:22.0604 4424 sisagp - ok
21:24:22.0734 4424 SiSRaid2 (cedd6f4e7d84e9f98b34b3fe988373aa) C:\Windows\system32\drivers\sisraid2.sys
21:24:22.0774 4424 SiSRaid2 - ok
21:24:22.0844 4424 SiSRaid4 (df843c528c4f69d12ce41ce462e973a7) C:\Windows\system32\drivers\sisraid4.sys
21:24:22.0914 4424 SiSRaid4 - ok
21:24:23.0404 4424 Skype C2C Service (2a99850c2a6edd6c6602e822c716edaf) C:\ProgramData\Skype\Toolbars\Skype C2C Service\c2c_service.exe
21:24:23.0594 4424 Skype C2C Service - ok
21:24:23.0814 4424 SkypeUpdate (ddaa5f4a6b958fc313ebd02dd925752f) C:\Program Files\Skype\Updater\Updater.exe
21:24:23.0834 4424 SkypeUpdate - ok
21:24:24.0534 4424 slsvc (862bb4cbc05d80c5b45be430e5ef872f) C:\Windows\system32\SLsvc.exe
21:24:24.0654 4424 slsvc - ok
21:24:24.0974 4424 SLUINotify (6edc422215cd78aa8a9cde6b30abbd35) C:\Windows\system32\SLUINotify.dll
21:24:24.0974 4424 SLUINotify - ok
21:24:25.0064 4424 Smb (7b75299a4d201d6a6533603d6914ab04) C:\Windows\system32\DRIVERS\smb.sys
21:24:25.0104 4424 Smb - ok
21:24:25.0314 4424 SNMPTRAP (2a146a055b4401c16ee62d18b8e2a032) C:\Windows\System32\snmptrap.exe
21:24:25.0354 4424 SNMPTRAP - ok
21:24:28.0518 4424 SNP2UVC (a1a7acf56747dc31aba892ca7690143a) C:\Windows\system32\DRIVERS\snp2uvc.sys
21:24:29.0344 4424 SNP2UVC - ok
21:24:30.0530 4424 spldr (7aebdeef071fe28b0eef2cdd69102bff) C:\Windows\system32\drivers\spldr.sys
21:24:30.0530 4424 spldr - ok
21:24:30.0639 4424 Spooler (8554097e5136c3bf9f69fe578a1b35f4) C:\Windows\System32\spoolsv.exe
21:24:30.0639 4424 Spooler - ok
21:24:31.0045 4424 SQLWriter (d2f4f32b59440011174b4f8137af4e0c) c:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe
21:24:31.0045 4424 SQLWriter - ok
21:24:31.0653 4424 srv (41987f9fc0e61adf54f581e15029ad91) C:\Windows\system32\DRIVERS\srv.sys
21:24:31.0762 4424 srv - ok
21:24:31.0981 4424 srv2 (ff33aff99564b1aa534f58868cbe41ef) C:\Windows\system32\DRIVERS\srv2.sys
21:24:32.0043 4424 srv2 - ok
21:24:32.0215 4424 srvnet (7605c0e1d01a08f3ecd743f38b834a44) C:\Windows\system32\DRIVERS\srvnet.sys
21:24:32.0246 4424 srvnet - ok
21:24:32.0480 4424 SSDPSRV (03d50b37234967433a5ea5ba72bc0b62) C:\Windows\System32\ssdpsrv.dll
21:24:32.0480 4424 SSDPSRV - ok
21:24:32.0698 4424 SstpSvc (6f1a32e7b7b30f004d9a20afadb14944) C:\Windows\system32\sstpsvc.dll
21:24:32.0714 4424 SstpSvc - ok
21:24:33.0525 4424 stisvc (5de7d67e49b88f5f07f3e53c4b92a352) C:\Windows\System32\wiaservc.dll
21:24:33.0619 4424 stisvc - ok
21:24:34.0009 4424 stllssvr (e5ff667e416dac99bff16b626234a379) c:\Program Files\Common Files\SureThing Shared\stllssvr.exe
21:24:34.0087 4424 stllssvr - ok
21:24:34.0196 4424 swenum (7ba58ecf0c0a9a69d44b3dca62becf56) C:\Windows\system32\DRIVERS\swenum.sys
21:24:34.0212 4424 swenum - ok
21:24:34.0820 4424 swprv (f21fd248040681cca1fb6c9a03aaa93d) C:\Windows\System32\swprv.dll
21:24:34.0960 4424 swprv - ok
21:24:35.0101 4424 Symc8xx (192aa3ac01df071b541094f251deed10) C:\Windows\system32\drivers\symc8xx.sys
21:24:35.0116 4424 Symc8xx - ok
21:24:35.0257 4424 Sym_hi (8c8eb8c76736ebaf3b13b633b2e64125) C:\Windows\system32\drivers\sym_hi.sys
21:24:35.0272 4424 Sym_hi - ok
21:24:35.0366 4424 Sym_u3 (8072af52b5fd103bbba387a1e49f62cb) C:\Windows\system32\drivers\sym_u3.sys
21:24:35.0366 4424 Sym_u3 - ok
21:24:35.0912 4424 SynTP (8419484b09db15f6d627cf3ce0eb192c) C:\Windows\system32\DRIVERS\SynTP.sys
21:24:35.0928 4424 SynTP - ok
21:24:36.0536 4424 SysMain (9a51b04e9886aa4ee90093586b0ba88d) C:\Windows\system32\sysmain.dll
21:24:36.0630 4424 SysMain - ok
21:24:36.0973 4424 TabletInputService (2dca225eae15f42c0933e998ee0231c3) C:\Windows\System32\TabSvc.dll
21:24:36.0988 4424 TabletInputService - ok
21:24:37.0675 4424 TapiSrv (d7673e4b38ce21ee54c59eeeb65e2483) C:\Windows\System32\tapisrv.dll
21:24:37.0753 4424 TapiSrv - ok
21:24:38.0065 4424 TBS (cb05822cd9cc6c688168e113c603dbe7) C:\Windows\System32\tbssvc.dll
21:24:38.0065 4424 TBS - ok
21:24:38.0829 4424 Tcpip (ee7e10bed85c312c1d5d30c435bdda9f) C:\Windows\system32\drivers\tcpip.sys
21:24:38.0876 4424 Tcpip - ok
21:24:38.0892 4424 Tcpip6 (ee7e10bed85c312c1d5d30c435bdda9f) C:\Windows\system32\DRIVERS\tcpip.sys
21:24:38.0907 4424 Tcpip6 - ok
21:24:39.0063 4424 tcpipreg (2c2d4cff5e09c73908f9b5af49a51365) C:\Windows\system32\drivers\tcpipreg.sys
21:24:39.0063 4424 tcpipreg - ok
21:24:39.0204 4424 TDPIPE (5dcf5e267be67a1ae926f2df77fbcc56) C:\Windows\system32\drivers\tdpipe.sys
21:24:39.0204 4424 TDPIPE - ok
21:24:39.0874 4424 TDTCP (389c63e32b3cefed425b61ed92d3f021) C:\Windows\system32\drivers\tdtcp.sys
21:24:39.0906 4424 TDTCP - ok
21:24:40.0124 4424 tdx (76b06eb8a01fc8624d699e7045303e54) C:\Windows\system32\DRIVERS\tdx.sys
21:24:40.0140 4424 tdx - ok
21:24:40.0280 4424 TermDD (3cad38910468eab9a6479e2f01db43c7) C:\Windows\system32\DRIVERS\termdd.sys
21:24:40.0280 4424 TermDD - ok
21:24:41.0481 4424 TermService (bb95da09bef6e7a131bff3ba5032090d) C:\Windows\System32\termsrv.dll
21:24:41.0590 4424 TermService - ok
21:24:42.0012 4424 Themes (c7230fbee14437716701c15be02c27b8) C:\Windows\system32\shsvcs.dll
21:24:42.0012 4424 Themes - ok
21:24:42.0121 4424 THREADORDER (1076ffcffaae8385fd62dfcb25ac4708) C:\Windows\system32\mmcss.dll
21:24:42.0121 4424 THREADORDER - ok
21:24:42.0292 4424 TPM (6d9ad3534a9cf7e4b86c6eae8bc335f6) C:\Windows\system32\drivers\tpm.sys
21:24:42.0308 4424 TPM - ok
21:24:42.0604 4424 TrkWks (ec74e77d0eb004bd3a809b5f8fb8c2ce) C:\Windows\System32\trkwks.dll
21:24:42.0620 4424 TrkWks - ok
21:24:42.0823 4424 TrustedInstaller (97d9d6a04e3ad9b6c626b9931db78dba) C:\Windows\servicing\TrustedInstaller.exe
21:24:42.0838 4424 TrustedInstaller - ok
21:24:42.0932 4424 tssecsrv (dcf0f056a2e4f52287264f5ab29cf206) C:\Windows\system32\DRIVERS\tssecsrv.sys
21:24:42.0932 4424 tssecsrv - ok
21:24:43.0057 4424 tunmp (caecc0120ac49e3d2f758b9169872d38) C:\Windows\system32\DRIVERS\tunmp.sys
21:24:43.0057 4424 tunmp - ok
21:24:43.0197 4424 tunnel (300db877ac094feab0be7688c3454a9c) C:\Windows\system32\DRIVERS\tunnel.sys
21:24:43.0197 4424 tunnel - ok
21:24:43.0369 4424 uagp35 (c3ade15414120033a36c0f293d4a4121) C:\Windows\system32\drivers\uagp35.sys
21:24:43.0416 4424 uagp35 - ok
21:24:44.0086 4424 udfs (d9728af68c4c7693cb100b8441cbdec6) C:\Windows\system32\DRIVERS\udfs.sys
21:24:44.0133 4424 udfs - ok
21:24:44.0289 4424 UI0Detect (ecef404f62863755951e09c802c94ad5) C:\Windows\system32\UI0Detect.exe
21:24:44.0289 4424 UI0Detect - ok
21:24:44.0554 4424 uliagpkx (75e6890ebfce0841d3291b02e7a8bdb0) C:\Windows\system32\drivers\uliagpkx.sys
21:24:44.0570 4424 uliagpkx - ok
21:24:45.0241 4424 uliahci (3cd4ea35a6221b85dcc25daa46313f8d) C:\Windows\system32\drivers\uliahci.sys
21:24:45.0303 4424 uliahci - ok
21:24:45.0506 4424 UlSata (8514d0e5cd0534467c5fc61be94a569f) C:\Windows\system32\drivers\ulsata.sys
21:24:45.0522 4424 UlSata - ok
21:24:45.0662 4424 ulsata2 (38c3c6e62b157a6bc46594fada45c62b) C:\Windows\system32\drivers\ulsata2.sys
21:24:45.0662 4424 ulsata2 - ok
21:24:45.0818 4424 umbus (32cff9f809ae9aed85464492bf3e32d2) C:\Windows\system32\DRIVERS\umbus.sys
21:24:45.0818 4424 umbus - ok
21:24:46.0348 4424 upnphost (68308183f4ae0be7bf8ecd07cb297999) C:\Windows\System32\upnphost.dll
21:24:46.0442 4424 upnphost - ok
21:24:46.0473 4424 upperdev - ok
21:24:46.0582 4424 USBAAPL (83cafcb53201bbac04d822f32438e244) C:\Windows\system32\Drivers\usbaapl.sys
21:24:46.0629 4424 USBAAPL - ok
21:24:46.0801 4424 usbaudio (32db9517628ff0d070682aab61e688f0) C:\Windows\system32\drivers\usbaudio.sys
21:24:46.0816 4424 usbaudio - ok
21:24:47.0035 4424 usbccgp (caf811ae4c147ffcd5b51750c7f09142) C:\Windows\system32\DRIVERS\usbccgp.sys
21:24:47.0066 4424 usbccgp - ok
21:24:47.0347 4424 usbcir (e9476e6c486e76bc4898074768fb7131) C:\Windows\system32\drivers\usbcir.sys
21:24:47.0378 4424 usbcir - ok
21:24:47.0565 4424 usbehci (79e96c23a97ce7b8f14d310da2db0c9b) C:\Windows\system32\DRIVERS\usbehci.sys
21:24:47.0565 4424 usbehci - ok
21:24:48.0033 4424 usbhub (4673bbcb006af60e7abddbe7a130ba42) C:\Windows\system32\DRIVERS\usbhub.sys
21:24:48.0096 4424 usbhub - ok
21:24:48.0189 4424 usbohci (38dbc7dd6cc5a72011f187425384388b) C:\Windows\system32\DRIVERS\usbohci.sys
21:24:48.0220 4424 usbohci - ok
21:24:48.0314 4424 usbprint (b51e52acf758be00ef3a58ea452fe360) C:\Windows\system32\drivers\usbprint.sys
21:24:48.0330 4424 usbprint - ok
21:24:48.0610 4424 USBSTOR (be3da31c191bc222d9ad503c5224f2ad) C:\Windows\system32\DRIVERS\USBSTOR.SYS
21:24:48.0642 4424 USBSTOR - ok
21:24:48.0766 4424 usbuhci (814d653efc4d48be3b04a307eceff56f) C:\Windows\system32\DRIVERS\usbuhci.sys
21:24:48.0782 4424 usbuhci - ok
21:24:49.0209 4424 usbvideo (e67998e8f14cb0627a769f6530bcb352) C:\Windows\system32\Drivers\usbvideo.sys
21:24:49.0254 4424 usbvideo - ok
21:24:49.0456 4424 UxSms (1509e705f3ac1d474c92454a5c2dd81f) C:\Windows\System32\uxsms.dll
21:24:49.0470 4424 UxSms - ok
21:24:50.0297 4424 vds (cd88d1b7776dc17a119049742ec07eb4) C:\Windows\System32\vds.exe
21:24:50.0404 4424 vds - ok
21:24:50.0565 4424 vga (7d92be0028ecdedec74617009084b5ef) C:\Windows\system32\DRIVERS\vgapnp.sys
21:24:50.0611 4424 vga - ok
21:24:50.0758 4424 VgaSave (2e93ac0a1d8c79d019db6c51f036636c) C:\Windows\System32\drivers\vga.sys
21:24:50.0767 4424 VgaSave - ok
21:24:50.0923 4424 viaagp (045d9961e591cf0674a920b6ba3ba5cb) C:\Windows\system32\drivers\viaagp.sys
21:24:50.0927 4424 viaagp - ok
21:24:51.0059 4424 ViaC7 (56a4de5f02f2e88182b0981119b4dd98) C:\Windows\system32\drivers\viac7.sys
21:24:51.0068 4424 ViaC7 - ok
21:24:51.0144 4424 viaide (fd2e3175fcada350c7ab4521dca187ec) C:\Windows\system32\drivers\viaide.sys
21:24:51.0156 4424 viaide - ok
21:24:51.0336 4424 volmgr (69503668ac66c77c6cd7af86fbdf8c43) C:\Windows\system32\drivers\volmgr.sys
21:24:51.0343 4424 volmgr - ok
21:24:52.0091 4424 volmgrx (23e41b834759917bfd6b9a0d625d0c28) C:\Windows\system32\drivers\volmgrx.sys
21:24:52.0193 4424 volmgrx - ok
21:24:52.0807 4424 volsnap (147281c01fcb1df9252de2a10d5e7093) C:\Windows\system32\drivers\volsnap.sys
21:24:52.0870 4424 volsnap - ok
21:24:53.0143 4424 vsmraid (d984439746d42b30fc65a4c3546c6829) C:\Windows\system32\drivers\vsmraid.sys
21:24:53.0156 4424 vsmraid - ok
21:24:54.0878 4424 VSS (db3d19f850c6eb32bdcb9bc0836acddb) C:\Windows\system32\vssvc.exe
21:24:55.0067 4424 VSS - ok
21:24:55.0847 4424 W32Time (96ea68b9eb310a69c25ebb0282b2b9de) C:\Windows\system32\w32time.dll
21:24:55.0910 4424 W32Time - ok
21:24:56.0050 4424 WacomPen (48dfee8f1af7c8235d4e626f0c4fe031) C:\Windows\system32\drivers\wacompen.sys
21:24:56.0081 4424 WacomPen - ok
21:24:56.0206 4424 Wanarp (55201897378cca7af8b5efd874374a26) C:\Windows\system32\DRIVERS\wanarp.sys
21:24:56.0206 4424 Wanarp - ok
21:24:56.0206 4424 Wanarpv6 (55201897378cca7af8b5efd874374a26) C:\Windows\system32\DRIVERS\wanarp.sys
21:24:56.0206 4424 Wanarpv6 - ok
21:24:57.0251 4424 wcncsvc (a3cd60fd826381b49f03832590e069af) C:\Windows\System32\wcncsvc.dll
21:24:57.0485 4424 wcncsvc - ok
21:24:57.0704 4424 WcsPlugInService (11bcb7afcdd7aadacb5746f544d3a9c7) C:\Windows\System32\WcsPlugInService.dll
21:24:57.0704 4424 WcsPlugInService - ok
21:24:57.0766 4424 Wd (afc5ad65b991c1e205cf25cfdbf7a6f4) C:\Windows\system32\drivers\wd.sys
21:24:57.0766 4424 Wd - ok
21:24:58.0515 4424 Wdf01000 (b6f0a7ad6d4bd325fbcd8bac96cd8d96) C:\Windows\system32\drivers\Wdf01000.sys
21:24:58.0546 4424 Wdf01000 - ok
21:24:58.0858 4424 WdiServiceHost (abfc76b48bb6c96e3338d8943c5d93b5) C:\Windows\system32\wdi.dll
21:24:58.0889 4424 WdiServiceHost - ok
21:24:58.0905 4424 WdiSystemHost (abfc76b48bb6c96e3338d8943c5d93b5) C:\Windows\system32\wdi.dll
21:24:58.0921 4424 WdiSystemHost - ok
21:24:59.0685 4424 WebClient (04c37d8107320312fbae09926103d5e2) C:\Windows\System32\webclnt.dll
21:24:59.0763 4424 WebClient - ok
21:25:00.0044 4424 Wecsvc (ae3736e7e8892241c23e4ebbb7453b60) C:\Windows\system32\wecsvc.dll
21:25:00.0075 4424 Wecsvc - ok
21:25:00.0309 4424 wercplsupport (670ff720071ed741206d69bd995ea453) C:\Windows\System32\wercplsupport.dll
21:25:00.0325 4424 wercplsupport - ok
21:25:00.0496 4424 WerSvc (32b88481d3b326da6deb07b1d03481e7) C:\Windows\System32\WerSvc.dll
21:25:00.0496 4424 WerSvc - ok
21:25:00.0637 4424 WimFltr (f9ad3a5e3fd7e0bdb18b8202b0fdd4e4) C:\Windows\system32\DRIVERS\wimfltr.sys
21:25:00.0637 4424 WimFltr - ok
21:25:01.0744 4424 winachsf (5c7bdcf5864db00323fe2d90fa26a8a2) C:\Windows\system32\DRIVERS\VSTCNXT3.SYS
21:25:01.0885 4424 winachsf - ok
21:25:02.0571 4424 WinDefend (4575aa12561c5648483403541d0d7f2b) C:\Program Files\Windows Defender\mpsvc.dll
21:25:02.0743 4424 WinDefend - ok
21:25:02.0761 4424 WinHttpAutoProxySvc - ok
21:25:03.0436 4424 Winmgmt (6b2a1d0e80110e3d04e6863c6e62fd8a) C:\Windows\system32\wbem\WMIsvc.dll
21:25:03.0469 4424 Winmgmt - ok
21:25:05.0399 4424 WinRM (7cfe68bdc065e55aa5e8421607037511) C:\Windows\system32\WsmSvc.dll
21:25:05.0727 4424 WinRM - ok
21:25:06.0600 4424 Wlansvc (c008405e4feeb069e30da1d823910234) C:\Windows\System32\wlansvc.dll
21:25:06.0741 4424 Wlansvc - ok
21:25:06.0912 4424 WmiAcpi (2e7255d172df0b8283cdfb7b433b864e) C:\Windows\system32\DRIVERS\wmiacpi.sys
21:25:06.0928 4424 WmiAcpi - ok
21:25:07.0334 4424 wmiApSrv (43be3875207dcb62a85c8c49970b66cc) C:\Windows\system32\wbem\WmiApSrv.exe
21:25:07.0365 4424 wmiApSrv - ok
21:25:08.0519 4424 WMPNetworkSvc (3978704576a121a9204f8cc49a301a9b) C:\Program Files\Windows Media Player\wmpnetwk.exe
21:25:08.0675 4424 WMPNetworkSvc - ok
21:25:09.0003 4424 WPCSvc (cfc5a04558f5070cee3e3a7809f3ff52) C:\Windows\System32\wpcsvc.dll
21:25:09.0034 4424 WPCSvc - ok
21:25:09.0221 4424 WPDBusEnum (801fbdb89d472b3c467eb112a0fc9246) C:\Windows\system32\wpdbusenum.dll
21:25:09.0221 4424 WPDBusEnum - ok
21:25:10.0001 4424 WPFFontCache_v0400 (dcf3e3edf5109ee8bc02fe6e1f045795) C:\Windows\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe
21:25:10.0173 4424 WPFFontCache_v0400 - ok
21:25:10.0594 4424 ws2ifsl (e3a3cb253c0ec2494d4a61f5e43a389c) C:\Windows\system32\drivers\ws2ifsl.sys
21:25:10.0594 4424 ws2ifsl - ok
21:25:10.0812 4424 wscsvc (1ca6c40261ddc0425987980d0cd2aaab) C:\Windows\System32\wscsvc.dll
21:25:10.0812 4424 wscsvc - ok
21:25:10.0828 4424 WSearch - ok
21:25:11.0889 4424 wuauserv (fc3ec24fce372c89423e015a2ac1a31e) C:\Windows\system32\wuaueng.dll
21:25:11.0982 4424 wuauserv - ok
21:25:12.0528 4424 wudfsvc (575a4190d989f64732119e4114045a4f) C:\Windows\System32\WUDFSvc.dll
21:25:12.0528 4424 wudfsvc - ok
21:25:12.0622 4424 MBR (0x1B8) (3dfbd33517922022aab2367021b4bbec) \Device\Harddisk0\DR0
21:25:12.0700 4424 \Device\Harddisk0\DR0 ( Rootkit.Boot.Wistler.a ) - infected
21:25:12.0700 4424 \Device\Harddisk0\DR0 - detected Rootkit.Boot.Wistler.a (0)
21:25:12.0856 4424 Boot (0x1200) (1c14ad3a6fe0bf5769bb192cb204400f) \Device\Harddisk0\DR0\Partition0
21:25:12.0887 4424 \Device\Harddisk0\DR0\Partition0 - ok
21:25:12.0950 4424 Boot (0x1200) (e287197b0a15b0ddbf7e7bee0f2bb16b) \Device\Harddisk0\DR0\Partition1
21:25:12.0950 4424 \Device\Harddisk0\DR0\Partition1 - ok
21:25:12.0965 4424 Boot (0x1200) (6a438de8fd549d183687556504a7f330) \Device\Harddisk0\DR0\Partition2
21:25:12.0981 4424 \Device\Harddisk0\DR0\Partition2 - ok
21:25:12.0981 4424 ============================================================
21:25:12.0981 4424 Scan finished
21:25:12.0981 4424 ============================================================
21:25:12.0996 4416 Detected object count: 1
21:25:12.0996 4416 Actual detected object count: 1
21:25:36.0311 4416 \Device\Harddisk0\DR0\# - copied to quarantine
21:25:37.0122 4416 \Device\Harddisk0\DR0 - copied to quarantine
21:25:39.0212 4416 \Device\Harddisk0\DR0 ( Rootkit.Boot.Wistler.a ) - will be cured on reboot
21:25:39.0213 4416 \Device\Harddisk0\DR0 - ok
21:25:39.0213 4416 \Device\Harddisk0\DR0 ( Rootkit.Boot.Wistler.a ) - User select action: Cure
21:25:44.0781 4168 Deinitialize success


Thanks
jeffce's Avatar
jeffce   (Jeff) jeffce is offline jeffce is authorized to help remove malware.
jeffce has a Photo Album
Malware Removal Specialist with 1,727 posts.
 
Join Date: May 2011
02-Jul-2012, 06:22 PM #21
Hi,

Good job. Got rid of a really nasty one there.

Please run a fresh scan with DDS and post both of the logs created.
-----------

Download Combofix from the link below, and save it to your desktop.
Link

**Note: It is important that it is saved directly to your desktop**
If you get a message saying "Illegal operation attempted on a registry key that has been marked for deletion", please restart your computer.


--------------------------------------------------------------------

IMPORTANT - Disable your AntiVirus and AntiSpyware applications, usually via a right click on the System Tray icon. They may otherwise interfere with our tools. If you have difficulty properly disabling your protective programs, refer to this link here

--------------------------------------------------------------------

Right-Click and Run as Administrator on ComboFix.exe & follow the prompts.
  • When finished, it will produce a report for you.
  • Please post the C:\ComboFix.txt for further review.

In your next reply please post the new logs made by DDS and ComboFix.
Notnatsyuggy's Avatar
Notnatsyuggy Notnatsyuggy is offline
Computer Specs
Member with 27 posts.
THREAD STARTER
 
Join Date: Jun 2012
Experience: Beginner
03-Jul-2012, 02:30 PM #22
Just about to do the above, when I disable Antivirus and AntiSpyware (before running Combofix) should I make sure I am disconnected to the internet? Should I disable Windows firewall as well?

And finally should I run Combofix whilst also being disconnected from the internet?

Sorry for all the questions, don't really want to mess this up!
jeffce's Avatar
jeffce   (Jeff) jeffce is offline jeffce is authorized to help remove malware.
jeffce has a Photo Album
Malware Removal Specialist with 1,727 posts.
 
Join Date: May 2011
03-Jul-2012, 02:35 PM #23
Hi,

You can just disable your antivirus and firewall and that should be fine. Please stay connected to the internet if possible as well.
Notnatsyuggy's Avatar
Notnatsyuggy Notnatsyuggy is offline
Computer Specs
Member with 27 posts.
THREAD STARTER
 
Join Date: Jun 2012
Experience: Beginner
03-Jul-2012, 02:51 PM #24
Ok will do, was just concerned about re-infection if disabled these and stayed connected to the internet!

Will leave connection up and disable them.
Notnatsyuggy's Avatar
Notnatsyuggy Notnatsyuggy is offline
Computer Specs
Member with 27 posts.
THREAD STARTER
 
Join Date: Jun 2012
Experience: Beginner
03-Jul-2012, 03:29 PM #25
Hi here's the DDS log....

.
DDS (Ver_2011-08-26.01) - NTFSx86
Internet Explorer: 9.0.8112.16421
Run by Guy at 20:25:16 on 2012-07-03
Microsoft® Windows Vista™ Home Basic 6.0.6002.2.1252.44.1033.18.2039.812 [GMT 1:00]
.
AV: Microsoft Security Essentials *Disabled/Updated* {9765EA51-0D3C-7DFB-6091-10E4E1F341F6}
SP: Windows Defender *Disabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
SP: Microsoft Security Essentials *Disabled/Updated* {2C040BB5-2B06-7275-5A21-2B969A740B4B}
.
============== Running Processes ===============
.
C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\svchost.exe -k rpcss
c:\Program Files\Microsoft Security Client\MsMpEng.exe
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k GPSvcGroup
C:\Windows\system32\SLsvc.exe
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\system32\WLANExt.exe
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Program Files\SUPERAntiSpyware\SASCORE.EXE
C:\Windows\system32\AEADISRV.EXE
C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
C:\Windows\system32\svchost.exe -k bthsvcs
C:\Program Files\Common Files\LightScribe\LSSrvc.exe
C:\Program Files\HTC\Internet Pass-Through\PassThruSvr.exe
C:\Program Files\PDF Complete\pdfsvc.exe
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\Windows\system32\svchost.exe -k imgsvc
C:\Windows\System32\svchost.exe -k WerSvcGroup
C:\Windows\system32\SearchIndexer.exe
C:\Windows\System32\alg.exe
C:\Windows\system32\taskeng.exe
C:\Windows\system32\taskeng.exe
C:\Windows\system32\Dwm.exe
C:\Windows\SMINST\scheduler.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Program Files\PDF Complete\pdfsty.exe
C:\Program Files\Hewlett-Packard\HP ProtectTools Security Manager\pthosttr.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe
C:\Program Files\Hewlett-Packard\HP Wireless Assistant\WiFiMsg.exe
C:\Program Files\Windows Media Player\wmpnscfg.exe
C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\QLBCTRL.exe
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\Windows\tsnp2uvc.exe
C:\Program Files\Analog Devices\Core\smax4pnp.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Program Files\Common Files\InstallShield\UpdateService\ISUSPM.exe
C:\Program Files\Spotify\Data\SpotifyWebHelper.exe
C:\Program Files\Hewlett-Packard\Shared\hpqwmiex.exe
C:\Program Files\Hewlett-Packard\Shared\HpqToaster.exe
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE
C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE
C:\Program Files\Google\Chrome\Application\chrome.exe
C:\Program Files\Google\Chrome\Application\chrome.exe
C:\Program Files\Google\Chrome\Application\chrome.exe
C:\Program Files\Google\Chrome\Application\chrome.exe
C:\Windows\system32\notepad.exe
C:\Windows\system32\SearchProtocolHost.exe
C:\Windows\explorer.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Windows\system32\wbem\wmiprvse.exe
.
============== Pseudo HJT Report ===============
.
uStart Page = https://www.google.co.uk/
mStart Page = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=EN_GB&c=74&bd=smb&pf=laptop
uInternet Settings,ProxyOverride = *.local
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll
BHO: Groove GFS Browser Helper: {72853161-30c5-4d22-b7f9-0bbc1d38a37e} - c:\progra~1\micros~2\office14\GROOVEEX.DLL
BHO: Java(tm) Plug-In SSV Helper: {761497bb-d6f0-462c-b6eb-d4daf1d92d43} - c:\program files\java\jre6\bin\ssv.dll
BHO: Skype Browser Helper: {ae805869-2e5c-4ed4-8f7b-f1f7851a4497} - c:\program files\skype\toolbars\internet explorer\skypeieplugin.dll
BHO: Office Document Cache Handler: {b4f3a835-0e21-4959-ba22-42b3008e02ff} - c:\progra~1\micros~2\office14\URLREDIR.DLL
BHO: Java(tm) Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
uRun: [Sidebar] c:\program files\windows sidebar\sidebar.exe /autoRun
uRun: [ISUSPM] "c:\program files\common files\installshield\updateservice\ISUSPM.exe" -scheduler
uRun: [WMPNSCFG] c:\program files\windows media player\WMPNSCFG.exe
uRun: [Spotify Web Helper] "c:\program files\spotify\data\SpotifyWebHelper.exe"
mRun: [PDF Complete] "c:\program files\pdf complete\pdfsty.exe"
mRun: [PTHOSTTR] c:\program files\hewlett-packard\hp protecttools security manager\PTHOSTTR.EXE /Start
mRun: [SynTPEnh] c:\program files\synaptics\syntp\SynTPEnh.exe
mRun: [hpWirelessAssistant] %ProgramFiles%\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe
mRun: [WAWifiMessage] %ProgramFiles%\Hewlett-Packard\HP Wireless Assistant\WiFiMsg.exe
mRun: [QlbCtrl] %ProgramFiles%\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe /Start
mRun: [FixCamera] c:\windows\FixCamera.exe
mRun: [snp2uvc] c:\windows\vsnp2uvc.exe
mRun: [tsnp2uvc] c:\windows\tsnp2uvc.exe
mRun: [SoundMAXPnP] c:\program files\analog devices\core\smax4pnp.exe
mRun: [MSC] "c:\program files\microsoft security client\msseces.exe" -hide -runkey
mRun: [APSDaemon] "c:\program files\common files\apple\apple application support\APSDaemon.exe"
mRun: [iTunesHelper] "c:\program files\itunes\iTunesHelper.exe"
mRunOnce: [AvgUninstallURL] cmd.exe /c start http://www.avg.com/ww.special-uninstallation-feedback-appf?lic=NFVWSzItQUxZTUYtU0xLTFUtQVoyVUItNkdPS0ItSkhGTkg"&"inst=NzctNDc1OTE wOTA4LVQxMS1VODUrMS1CQSsxLUtWMys3LVhMKzEtRlA5Mis2LUJBUjlPKzEtVEI5KzItRkwrOS 1GMTBNKzUtUUlYMSszLUIy"&"prod=90"&"ver=10.0.1170
mRunOnce: [ST Recovery Launcher] %WINDIR%\SMINST\launcher.exe
mPolicies-explorer: BindDirectlyToPropertySetStorage = 0 (0x0)
mPolicies-system: EnableUIADesktopToggle = 0 (0x0)
IE: E&xport to Microsoft Excel - c:\progra~1\micros~2\office14\EXCEL.EXE/3000
IE: Se&nd to OneNote - c:\progra~1\micros~2\office14\ONBttnIE.dll/105
IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - c:\program files\microsoft office\office14\ONBttnIE.dll
IE: {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - {FFFDC614-B694-4AE6-AB38-5D6374584B52} - c:\program files\microsoft office\office14\ONBttnIELinkedNotes.dll
IE: {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - c:\program files\skype\toolbars\internet explorer\skypeieplugin.dll
Trusted Zone: cobent.net\cip2
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_33-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0033-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_33-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_33-windows-i586.cab
TCP: DhcpNameServer = 192.168.1.1
TCP: Interfaces\{188B6533-56B2-48EF-A1DF-2E0EB53C9AD1} : DhcpNameServer = 192.168.1.1
TCP: Interfaces\{82219D9D-A331-458A-BD62-81D8D46BF9C0} : DhcpNameServer = 192.168.1.1
Filter: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - c:\program files\common files\microsoft shared\office14\MSOXMLMF.DLL
Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - c:\program files\skype\toolbars\internet explorer\skypeieplugin.dll
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - c:\progra~1\common~1\skype\SKYPE4~1.DLL
Notify: !SASWinLogon - c:\program files\superantispyware\SASWINLO.DLL
Notify: DeviceNP - DeviceNP.dll
Notify: igfxcui - igfxdev.dll
SEH: Groove GFS Stub Execution Hook: {b5a7f190-dda6-4420-b3ba-52453494e6cd} - c:\progra~1\micros~2\office14\GROOVEEX.DLL
SEH: SABShellExecuteHook Class: {5ae067d3-9afb-48e0-853a-ebb7f4a000da} - c:\program files\superantispyware\SASSEH.DLL
mASetup: {10880D85-AAD9-4558-ABDC-2AB1552D831F} - "c:\program files\common files\lightscribe\LSRunOnce.exe"
.
============= SERVICES / DRIVERS ===============
.
R0 MpFilter;Microsoft Malware Protection Driver;c:\windows\system32\drivers\MpFilter.sys [2012-3-20 171064]
R1 SASDIFSV;SASDIFSV;c:\program files\superantispyware\sasdifsv.sys [2011-7-22 12880]
R1 SASKUTIL;SASKUTIL;c:\program files\superantispyware\SASKUTIL.SYS [2011-7-12 67664]
R2 !SASCORE;SAS Core Service;c:\program files\superantispyware\SASCore.exe [2011-8-12 116608]
R2 FontCache;Windows Font Cache Service;c:\windows\system32\svchost.exe -k LocalServiceAndNoImpersonation [2008-10-12 21504]
R2 NisDrv;Microsoft Network Inspection System;c:\windows\system32\drivers\NisDrvWFP.sys [2012-3-20 74112]
R2 PassThru Service;Internet Pass-Through Service;c:\program files\htc\internet pass-through\PassThruSvr.exe [2011-9-15 88576]
R2 pdfcDispatcher;PDF Document Manager;c:\program files\pdf complete\pdfsvc.exe [2007-12-11 540448]
R3 osppsvc;Office Software Protection Platform;c:\program files\common files\microsoft shared\officesoftwareprotectionplatform\OSPPSVC.EXE [2010-1-9 4640000]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\microsoft.net\framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
S2 Skype C2C Service;Skype C2C Service;c:\programdata\skype\toolbars\skype c2c service\c2c_service.exe [2012-6-19 3048136]
S3 AdobeARMservice;Adobe Acrobat Update Service;c:\program files\common files\adobe\arm\1.0\armsvc.exe [2012-1-3 63928]
S3 b57nd60x;Broadcom NetXtreme Gigabit Ethernet - NDIS 6.0;c:\windows\system32\drivers\b57nd60x.sys [2006-11-2 167936]
S3 DAMDrv;DAMDrv;c:\windows\system32\drivers\DAMDrv.sys [2007-12-11 30008]
S3 DCamUSBET;ET USB 2710 Camera;c:\windows\system32\drivers\etDevice.sys [2007-7-20 471808]
S3 FiltUSBET;ET USB Device Lower Filter;c:\windows\system32\drivers\etFilter.sys [2007-6-14 201216]
S3 FLCDLOCK;HP ProtectTools Device Locking / Auditing;c:\windows\system32\flcdlock.exe [2007-6-8 172131]
S3 gupdate;Google Update Service (gupdate);c:\program files\google\update\GoogleUpdate.exe [2012-2-16 136176]
S3 gupdatem;Google Update Service (gupdatem);c:\program files\google\update\GoogleUpdate.exe [2012-2-16 136176]
S3 HTCAND32;HTC Device Driver;c:\windows\system32\drivers\ANDROIDUSB.sys [2009-6-10 24576]
S3 htcnprot;HTC NDIS Protocol Driver;c:\windows\system32\drivers\htcnprot.sys [2010-6-23 23040]
S3 Microsoft SharePoint Workspace Audit Service;Microsoft SharePoint Workspace Audit Service;c:\program files\microsoft office\office14\GROOVE.EXE [2011-6-12 31125880]
S3 NisSrv;Microsoft Network Inspection;c:\program files\microsoft security client\NisSrv.exe [2012-3-26 214952]
S3 ScanUSBET;ET USB Still Image Capture Device;c:\windows\system32\drivers\etScan.sys [2007-7-23 6656]
S3 SkypeUpdate;Skype Updater;c:\program files\skype\updater\Updater.exe [2012-6-7 160944]
S3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;c:\windows\microsoft.net\framework\v4.0.30319\wpf\WPFFontCache_v040 0.exe [2010-3-18 753504]
.
=============== Created Last 30 ================
.
2012-07-03 19:24:43 -------- d-sh--w- C:\$RECYCLE.BIN
2012-07-03 18:54:49 98816 ----a-w- c:\windows\sed.exe
2012-07-03 18:54:49 518144 ----a-w- c:\windows\SWREG.exe
2012-07-03 18:54:49 256000 ----a-w- c:\windows\PEV.exe
2012-07-03 18:54:49 208896 ----a-w- c:\windows\MBR.exe
2012-07-02 20:55:36 -------- d-----w- c:\program files\iPod
2012-07-02 20:55:31 -------- d-----w- c:\program files\iTunes
2012-07-02 20:39:54 6762896 ----a-w- c:\programdata\microsoft\microsoft antimalware\definition updates\{6bdbdb65-87fc-4de9-bfc7-ac535c9d737d}\mpengine.dll
2012-07-02 20:25:35 -------- d-----w- C:\TDSSKiller_Quarantine
2012-07-01 20:26:25 6762896 ----a-w- c:\programdata\microsoft\microsoft antimalware\definition updates\backup\mpengine.dll
2012-06-25 19:21:58 476936 ----a-w- c:\windows\system32\npdeployJava1.dll
2012-06-22 14:21:27 -------- d-----w- c:\users\guy\appdata\roaming\SUPERAntiSpyware.com
2012-06-22 14:20:51 -------- d-----w- c:\programdata\SUPERAntiSpyware.com
2012-06-22 14:20:51 -------- d-----w- c:\program files\SUPERAntiSpyware
2012-06-22 10:51:24 2422272 ----a-w- c:\windows\system32\wucltux.dll
2012-06-22 10:50:27 88576 ----a-w- c:\windows\system32\wudriver.dll
2012-06-22 10:50:00 171904 ----a-w- c:\windows\system32\wuwebv.dll
2012-06-22 10:49:59 33792 ----a-w- c:\windows\system32\wuapp.exe
2012-06-20 05:02:49 -------- d-----w- c:\users\guy\appdata\roaming\Malwarebytes
2012-06-20 05:01:50 -------- d-----w- c:\programdata\Malwarebytes
2012-06-20 05:01:42 22344 ----a-w- c:\windows\system32\drivers\mbam.sys
2012-06-20 05:01:42 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2012-06-13 20:43:57 713784 ------w- c:\programdata\microsoft\microsoft antimalware\definition updates\{6f82f550-2ed4-4390-a531-74aec5993555}\gapaengine.dll
2012-06-13 19:44:20 984064 ----a-w- c:\windows\system32\crypt32.dll
2012-06-13 19:44:19 98304 ----a-w- c:\windows\system32\cryptnet.dll
2012-06-13 19:44:19 133120 ----a-w- c:\windows\system32\cryptsvc.dll
2012-06-13 19:43:23 180736 ----a-w- c:\windows\system32\drivers\rdpwd.sys
2012-06-13 19:42:46 2045440 ----a-w- c:\windows\system32\win32k.sys
2012-06-07 19:30:36 -------- d-----w- C:\896d513f30571b57754d
.
==================== Find3M ====================
.
2012-06-25 19:21:37 472840 ----a-w- c:\windows\system32\deployJava1.dll
2012-06-13 19:32:50 70344 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2012-06-13 19:32:50 426184 ----a-w- c:\windows\system32\FlashPlayerApp.exe
2012-05-17 22:45:37 1800192 ----a-w- c:\windows\system32\jscript9.dll
2012-05-17 22:35:47 1129472 ----a-w- c:\windows\system32\wininet.dll
2012-05-17 22:35:39 1427968 ----a-w- c:\windows\system32\inetcpl.cpl
2012-05-17 22:29:45 142848 ----a-w- c:\windows\system32\ieUnatt.exe
2012-05-17 22:24:45 2382848 ----a-w- c:\windows\system32\mshtml.tlb
.
============= FINISH: 20:25:38.35 ===============

and here's the Combofix...

ComboFix 12-07-02.01 - Guy 03/07/2012 19:57:31.1.1 - x86
Microsoft® Windows Vista™ Home Basic 6.0.6002.2.1252.44.1033.18.2039.902 [GMT 1:00]
Running from: c:\users\Guy\Desktop\ComboFix.exe
AV: Microsoft Security Essentials *Disabled/Updated* {9765EA51-0D3C-7DFB-6091-10E4E1F341F6}
SP: Microsoft Security Essentials *Disabled/Updated* {2C040BB5-2B06-7275-5A21-2B969A740B4B}
SP: Windows Defender *Disabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\windows\system32\drivers\etc\hosts.ics
F:\Autorun.inf
.
.
((((((((((((((((((((((((( Files Created from 2012-06-03 to 2012-07-03 )))))))))))))))))))))))))))))))
.
.
2012-07-03 19:09 . 2012-07-03 19:09 -------- d-----w- c:\users\Default\AppData\Local\temp
2012-07-03 19:09 . 2012-07-03 19:09 -------- d-----w- c:\users\Immy\AppData\Local\temp
2012-07-02 20:55 . 2012-07-02 20:55 -------- d-----w- c:\program files\iPod
2012-07-02 20:55 . 2012-07-02 20:58 -------- d-----w- c:\program files\iTunes
2012-07-02 20:39 . 2012-05-31 03:41 6762896 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{6BDBDB65-87FC-4DE9-BFC7-AC535C9D737D}\mpengine.dll
2012-07-02 20:25 . 2012-07-02 20:25 -------- d-----w- C:\TDSSKiller_Quarantine
2012-07-01 20:26 . 2012-05-31 03:41 6762896 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\Backup\mpengine.dll
2012-06-25 19:22 . 2012-06-25 19:22 -------- d-----w- c:\program files\Common Files\Java
2012-06-25 19:21 . 2012-06-25 19:21 476936 ----a-w- c:\windows\system32\npdeployJava1.dll
2012-06-25 19:21 . 2012-06-25 19:21 -------- d-----w- c:\program files\Java
2012-06-22 14:21 . 2012-06-22 14:21 -------- d-----w- c:\users\Guy\AppData\Roaming\SUPERAntiSpyware.com
2012-06-22 14:20 . 2012-06-22 14:21 -------- d-----w- c:\program files\SUPERAntiSpyware
2012-06-22 14:20 . 2012-06-22 14:20 -------- d-----w- c:\programdata\SUPERAntiSpyware.com
2012-06-22 10:51 . 2012-06-02 22:19 53784 ----a-w- c:\windows\system32\wuauclt.exe
2012-06-22 10:51 . 2012-06-02 22:19 45080 ----a-w- c:\windows\system32\wups2.dll
2012-06-22 10:51 . 2012-06-02 22:12 2422272 ----a-w- c:\windows\system32\wucltux.dll
2012-06-22 10:51 . 2012-06-02 22:19 1933848 ----a-w- c:\windows\system32\wuaueng.dll
2012-06-22 10:50 . 2012-06-02 22:19 35864 ----a-w- c:\windows\system32\wups.dll
2012-06-22 10:50 . 2012-06-02 22:19 577048 ----a-w- c:\windows\system32\wuapi.dll
2012-06-22 10:50 . 2012-06-02 22:12 88576 ----a-w- c:\windows\system32\wudriver.dll
2012-06-22 10:50 . 2012-06-02 14:19 171904 ----a-w- c:\windows\system32\wuwebv.dll
2012-06-22 10:49 . 2012-06-02 14:12 33792 ----a-w- c:\windows\system32\wuapp.exe
2012-06-20 05:02 . 2012-06-20 05:02 -------- d-----w- c:\users\Guy\AppData\Roaming\Malwarebytes
2012-06-20 05:01 . 2012-06-20 05:01 -------- d-----w- c:\programdata\Malwarebytes
2012-06-20 05:01 . 2012-06-20 05:02 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2012-06-20 05:01 . 2012-04-04 14:56 22344 ----a-w- c:\windows\system32\drivers\mbam.sys
2012-06-13 20:43 . 2012-02-10 21:11 713784 ------w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{6F82F550-2ED4-4390-A531-74AEC5993555}\gapaengine.dll
2012-06-13 19:44 . 2012-04-23 16:00 984064 ----a-w- c:\windows\system32\crypt32.dll
2012-06-13 19:44 . 2012-04-23 16:00 98304 ----a-w- c:\windows\system32\cryptnet.dll
2012-06-13 19:44 . 2012-04-23 16:00 133120 ----a-w- c:\windows\system32\cryptsvc.dll
2012-06-13 19:43 . 2012-05-01 14:03 180736 ----a-w- c:\windows\system32\drivers\rdpwd.sys
2012-06-13 19:42 . 2012-05-15 19:51 2045440 ----a-w- c:\windows\system32\win32k.sys
2012-06-07 20:01 . 2012-06-07 20:01 -------- d-----w- c:\program files\QuickTime
2012-06-07 19:30 . 2012-06-07 19:35 -------- d-----w- C:\896d513f30571b57754d
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-06-25 19:21 . 2010-05-31 19:11 472840 ----a-w- c:\windows\system32\deployJava1.dll
2012-06-13 19:32 . 2012-03-29 05:17 426184 ----a-w- c:\windows\system32\FlashPlayerApp.exe
2012-06-13 19:32 . 2011-05-14 06:18 70344 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2009-04-11 1233920]
"ISUSPM"="c:\program files\Common Files\InstallShield\UpdateService\ISUSPM.exe" [2006-09-11 218032]
"WMPNSCFG"="c:\program files\Windows Media Player\WMPNSCFG.exe" [2008-01-19 202240]
"Spotify Web Helper"="c:\program files\Spotify\Data\SpotifyWebHelper.exe" [2012-05-30 932528]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"PDF Complete"="c:\program files\PDF Complete\pdfsty.exe" [2007-05-08 331552]
"PTHOSTTR"="c:\program files\Hewlett-Packard\HP ProtectTools Security Manager\PTHOSTTR.EXE" [2007-01-09 145184]
"SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2007-06-07 833072]
"hpWirelessAssistant"="c:\program files\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe" [2007-05-11 472632]
"WAWifiMessage"="c:\program files\Hewlett-Packard\HP Wireless Assistant\WiFiMsg.exe" [2007-01-11 317128]
"QlbCtrl"="c:\program files\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe" [2007-11-06 177456]
"FixCamera"="c:\windows\FixCamera.exe" [2008-08-21 188928]
"snp2uvc"="c:\windows\vsnp2uvc.exe" [2008-08-01 675840]
"tsnp2uvc"="c:\windows\tsnp2uvc.exe" [2009-11-13 320512]
"SoundMAXPnP"="c:\program files\Analog Devices\Core\smax4pnp.exe" [2007-02-21 1183744]
"MSC"="c:\program files\Microsoft Security Client\msseces.exe" [2012-03-26 931200]
"APSDaemon"="c:\program files\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2012-05-30 59280]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2012-06-07 421776]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce]
"AvgUninstallURL"="start http://www.avg.com/ww.special-uninstallation-feedback-appf?lic=NFVWSzItQUxZTUYtU0xLTFUtQVoyVUItNkdPS0ItSkhGTkg&inst=NzctNDc1OTEwO TA4LVQxMS1VODUrMS1CQSsxLUtWMys3LVhMKzEtRlA5Mis2LUJBUjlPKzEtVEI5KzItRkwrOS1G MTBNKzUtUUlYMSszLUIy&prod=90&ver=10.0.1170" [?]
"ST Recovery Launcher"="c:\windows\SMINST\launcher.exe" [2007-06-06 44168]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\syste m]
"EnableUIADesktopToggle"= 0 (0x0)
.
[hkey_local_machine\software\microsoft\windows\currentversion\explorer\Shell ExecuteHooks]
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= "c:\program files\SUPERAntiSpyware\SASSEH.DLL" [2011-07-19 113024]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]
2011-05-04 17:54 551296 ----a-w- c:\program files\SUPERAntiSpyware\SASWINLO.DLL
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\DeviceNP]
2007-06-08 17:04 49152 ----a-r- c:\windows\System32\DeviceNP.dll
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\!SASCO RE]
@=""
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MsMpSv c]
@="Service"
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf010 00.sys]
@="Driver"
.
[HKLM\~\startupfolder\C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^DVD Check.lnk]
path=c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\DVD Check.lnk
backup=c:\windows\pss\DVD Check.lnk.CommonStartup
backupExtension=.CommonStartup
.
[HKLM\~\startupfolder\C:^Users^Guy^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^OneNote 2010 Screen Clipper and Launcher.lnk]
path=c:\users\Guy\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OneNote 2010 Screen Clipper and Launcher.lnk
backup=c:\windows\pss\OneNote 2010 Screen Clipper and Launcher.lnk.Startup
backupExtension=.Startup
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe ARM]
2012-01-03 07:37 843712 ----a-w- c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\APSDaemon]
2012-05-30 19:06 59280 ----a-w- c:\program files\Common Files\Apple\Apple Application Support\APSDaemon.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BCSSync]
2010-03-13 14:54 91520 ----a-w- c:\program files\Microsoft Office\Office14\BCSSync.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HotKeysCmds]
2007-09-24 14:44 154136 ----a-w- c:\windows\System32\hkcmd.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HP Health Check Scheduler]
2008-10-09 06:58 75008 ----a-w- c:\program files\Hewlett-Packard\HP Health Check\HPHC_Scheduler.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HP Software Update]
2011-02-18 13:49 49208 ----a-w- c:\program files\Hp\HP Software Update\hpwuschd2.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HTC Sync Loader]
2012-04-17 14:05 651264 ----a-w- c:\program files\HTC\HTC Sync 3.0\htcUPCTLoader.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\IgfxTray]
2007-09-24 14:44 141848 ----a-w- c:\windows\System32\igfxtray.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper]
2012-06-07 18:33 421776 ----a-w- c:\program files\iTunes\iTunesHelper.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LightScribe Control Panel]
2007-04-19 21:26 484904 ----a-w- c:\program files\Common Files\LightScribe\LightScribeControlPanel.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\OfficeSyncProcess]
2011-07-21 23:07 718720 ----a-w- c:\program files\Microsoft Office\Office14\MSOSYNC.EXE
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Persistence]
2007-09-24 14:44 129560 ----a-w- c:\windows\System32\igfxpers.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Spotify Web Helper]
2012-05-30 20:00 932528 ----a-w- c:\program files\Spotify\Data\SpotifyWebHelper.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]
2012-01-18 13:02 254696 ----a-w- c:\program files\Common Files\Java\Java Update\jusched.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SUPERAntiSpyware]
2012-06-11 16:26 3905408 ----a-w- c:\program files\SUPERAntiSpyware\SUPERAntiSpyware.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WatchDog]
2007-05-23 10:00 192512 ----a-w- c:\program files\InterVideo\DVD Check\DVDCheck.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Windows Defender]
2008-01-19 07:38 1008184 ----a-w- c:\program files\Windows Defender\MSASCui.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring]
"DisableMonitoring"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
"DisableMonitoring"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
"DisableMonitoring"=dword:00000001
.
R3 AdobeARMservice;Adobe Acrobat Update Service;c:\program files\Common Files\Adobe\ARM\1.0\armsvc.exe [x]
S2 !SASCORE;SAS Core Service;c:\program files\SUPERAntiSpyware\SASCORE.EXE [x]
.
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
LocalServiceNoNetwork REG_MULTI_SZ PLA DPS BFE mpssvc
bthsvcs REG_MULTI_SZ BthServ
LocalServiceAndNoImpersonation REG_MULTI_SZ FontCache
.
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{10880D85-AAD9-4558-ABDC-2AB1552D831F}]
2007-04-19 21:23 452136 ----a-w- c:\program files\Common Files\LightScribe\LSRunOnce.exe
.
Contents of the 'Scheduled Tasks' folder
.
2012-07-03 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2012-02-16 13:21]
.
2012-07-03 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2012-02-16 13:21]
.
.
------- Supplementary Scan -------
.
uStart Page = https://www.google.co.uk/
mStart Page = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=EN_GB&c=74&bd=smb&pf=laptop
uInternet Settings,ProxyOverride = *.local
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\Office14\EXCEL.EXE/3000
IE: Se&nd to OneNote - c:\progra~1\MICROS~2\Office14\ONBttnIE.dll/105
Trusted Zone: cobent.net\cip2
TCP: DhcpNameServer = 192.168.1.1
.
- - - - ORPHANS REMOVED - - - -
.
WebBrowser-{1392B8D2-5C05-419F-A8F6-B9F15A596612} - (no file)
WebBrowser-{BF7380FA-E3B4-4DB2-AF3E-9D8783A45BFC} - (no file)
HKLM-Run-etMonitor - c:\windows\etMon.exe
HKU-Default-RunOnce-FlashPlayerUpdate - c:\windows\system32\Macromed\Flash\FlashUtil32_11_2_202_235_ActiveX.exe
MSConfigStartUp-Freecorder FLV Service - c:\program files\Freecorder\FLVSrvc.exe
MSConfigStartUp-MyWebSearch Email Plugin - c:\progra~1\MYWEBS~1\bar\1.bin\mwsoemon.exe
MSConfigStartUp-QuickTime Task - c:\program files\QuickTime\QTTask.exe
MSConfigStartUp-Symantec PIF AlertEng - c:\program files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe
AddRemove-Freecorder5.02 - c:\program files\Freecorder\uninstall.exe
AddRemove-Freecorder5.11 - c:\program files\Freecorder\uninstall.exe
.
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2012-07-03 20:15
Windows 6.0.6002 Service Pack 2 NTFS
.
scanning hidden processes ...
.
scanning hidden autostart entries ...
.
scanning hidden files ...
.
scan completed successfully
hidden files: 0
.
**************************************************************************
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\pdfcDispatcher]
"ImagePath"="c:\program files\PDF Complete\pdfsvc.exe /startedbyscm:66B66708-40E2BE4D-pdfcService"
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_USERS\.Default\Software\Microsoft\Internet Explorer\Approved Extensions]
@Denied: (2) (LocalSystem)
"{18DF081C-E8AD-4283-A596-FA578C2EBDC3}"=hex:51,66,7a,6c,4c,1d,38,12,72,0b,cc,
1c,9f,a6,ed,07,da,80,b9,17,89,70,f9,d7
"{72853161-30C5-4D22-B7F9-0BBC1D38A37E}"=hex:51,66,7a,6c,4c,1d,38,12,0f,32,96,
76,f7,7e,4c,08,c8,ef,48,fc,18,66,e7,6a
"{761497BB-D6F0-462C-B6EB-D4DAF1D92D43}"=hex:51,66,7a,6c,4c,1d,38,12,d5,94,07,
72,c2,98,42,03,c9,fd,97,9a,f4,87,69,57
"{AE805869-2E5C-4ED4-8F7B-F1F7851A4497}"=hex:51,66,7a,6c,4c,1d,38,12,07,5b,93,
aa,6e,60,ba,0b,f0,6d,b2,b7,80,44,00,83
"{B4F3A835-0E21-4959-BA22-42B3008E02FF}"=hex:51,66,7a,6c,4c,1d,38,12,5b,ab,e0,
b0,13,40,37,0c,c5,34,01,f3,05,d0,46,eb
"{DBC80044-A445-435B-BC74-9C25C1C588A9}"=hex:51,66,7a,6c,4c,1d,38,12,2a,03,db,
df,77,ea,35,06,c3,62,df,65,c4,9b,cc,bd
"{2A541AE1-5BF6-4665-A8A3-CFA9672E4291}"=hex:51,66,7a,6c,4c,1d,38,12,8f,19,47,
2e,c4,15,0b,03,d7,b5,8c,e9,62,70,06,85
.
[HKEY_USERS\.Default\Software\Microsoft\Internet Explorer\ApprovedExtensionsMigration]
@Denied: (2) (LocalSystem)
"Timestamp"=hex:77,b3,d1,7a,31,fe,cc,01
.
[HKEY_USERS\.Default\Software\Microsoft\Internet Explorer\User Preferences]
@Denied: (2) (LocalSystem)
"88D7D0879DAB32E14DE5B3A805A34F98AFF34F5977"=hex:01,00,00,00,d0,8c,9d,df,01 ,15,
d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,0c,2c,62,f4,d1,ad,b9,46,a5,8b,89, \
"2D53CFFC5C1A3DD2E97B7979AC2A92BD59BC839E81"=hex:01,00,00,00,d0,8c,9d,df,01 ,15,
d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,0c,2c,62,f4,d1,ad,b9,46,a5,8b,89, \
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
"MSCurrentCountry"=dword:000000b5
.
Completion time: 2012-07-03 20:24:18
ComboFix-quarantined-files.txt 2012-07-03 19:24
.
Pre-Run: 6,456,324,096 bytes free
Post-Run: 8,868,839,424 bytes free
.
- - End Of File - - F6A9D3E9FEBA323085A0BA5A29A6DC4D
jeffce's Avatar
jeffce   (Jeff) jeffce is offline jeffce is authorized to help remove malware.
jeffce has a Photo Album
Malware Removal Specialist with 1,727 posts.
 
Join Date: May 2011
03-Jul-2012, 03:32 PM #26
Between running ComboFix you can re-enable your antivirus and firewall. I will return as quick as I can after looking over your malware logs.
jeffce's Avatar
jeffce   (Jeff) jeffce is offline jeffce is authorized to help remove malware.
jeffce has a Photo Album
Malware Removal Specialist with 1,727 posts.
 
Join Date: May 2011
03-Jul-2012, 03:38 PM #27
Hi,

I need some information on some unidentified files. We will use Virustotal to do this. Please submit the file(s) for analysis.

To submit a file to virustotal, please click VirusTotal

Press Choose File and then browse to the following file: (one at a time if more than one file is listed)

c:\windows\FixCamera.exe

Once you locate the file select it and press Open now press Scan it!.

Now Copy/Paste the link to the results showing in the web browser bar to your next reply so that I can take a look at the results.

Please note that sometimes the scans take a few minutes. Please ensure that the scan has completed and the results are complete before submitting the next sample. Also please make sure each result is clearly identified as to which sample they belong to.
----------
Notnatsyuggy's Avatar
Notnatsyuggy Notnatsyuggy is offline
Computer Specs
Member with 27 posts.
THREAD STARTER
 
Join Date: Jun 2012
Experience: Beginner
03-Jul-2012, 03:50 PM #28
Hi,

Did you just want the URL? If not I've still got the window open if you need more info.

https://www.virustotal.com/file/56cd...is/1341344861/

Thanks again!
jeffce's Avatar
jeffce   (Jeff) jeffce is offline jeffce is authorized to help remove malware.
jeffce has a Photo Album
Malware Removal Specialist with 1,727 posts.
 
Join Date: May 2011
03-Jul-2012, 03:57 PM #29
No that works just fine.
jeffce's Avatar
jeffce   (Jeff) jeffce is offline jeffce is authorized to help remove malware.
jeffce has a Photo Album
Malware Removal Specialist with 1,727 posts.
 
Join Date: May 2011
03-Jul-2012, 04:00 PM #30
Hi,

Please download Malwarebytes' Anti-Malware to your desktop.
  • Right-click and Run as Administrator mbam-setup.exe and follow the prompts to install the program.
  • At the end, be sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes' Anti-Malware, then click Finish.
  • If an update is found, it will download and install the latest version.
  • Once the program has loaded, select Perform quick scan, then click Scan as shown below.


  • When the scan is complete, click OK, then Show Results to view the results.
  • Be sure that everything is checked, and click Remove Selected.
  • When completed, a log will open in Notepad. Please save it to a convenient location and post the results.


The log can also be found here:
C:\Documents and Settings\<User name>\Application Data\Malwarebytes\Malwarebytes' Anti-Malware\Logs\mbam-log-date (time).txt
----------

Please run a free online scan with the ESET Online Scanner
Note: You will need to use Internet Explorer for this scan
  • Tick the box next to YES, I accept the Terms of Use
  • Click Start
  • When asked, allow the ActiveX control to install
  • Click Start
  • Make sure that the options Remove found threats is NOT selected and the option Scan unwanted applications is selected.
  • Click Scan (This scan can take several hours, so please be patient)
  • If there are threats that are found, please press List of found threats and then in the next window that opens press Export to text file...
  • Copy and paste/or attach that log as a reply to this topic
**Note** If not threats are found there will not be a log created.
----------

In your next reply please post the logs made by Malwarebytes and ESET online scanner.
As Seen On

BBC, Reader's Digest, PC Magazine, Today Show, Money Magazine
WELCOME TO TECH SUPPORT GUY!

Are you looking for the solution to your computer problem? Join our site today to ask your question. This site is completely free -- paid for by advertisers and donations.

If you're not already familiar with forums, watch our Welcome Guide to get started.


(clock)
THIS THREAD HAS EXPIRED.
Are you having the same problem? We have volunteers ready to answer your question, but first you'll have to join for free. Need help getting started? Check out our Welcome Guide.

Search Tech Support Guy

Find the solution to your
computer problem!




Currently Active Users Viewing This Thread: 1 (0 members and 1 guests)
 
Thread Tools


WELCOME
You Are Using: Server ID
Trusted Website Back to the Top ↑