Advertisement

There's no such thing as a stupid question, but they're the easiest to answer.
Login
Search

Advertisement

Virus & Other Malware Removal Virus & Other Malware Removal
Go to first new post WmiPrvSE.exe hogging CPU 30 - 50%
Go to first new post windows XP OBJECT DELAY LOAD
Go to first new post Trojan virus
Go to first new post Files keep deleting themselves! NEED HEL ...
Go to first new post bitcoin miner infected on my PC
Go to first new post Ransomware encrypted my files. All files ...
Go to first new post After virus: CMD loads before desktop
Go to first new post YellowMoxie Redirect
Go to first new post Firefox -> google -> url hijack
Go to first new post Browser & other programs running slo ...
Go to first new post Unable to run malware programs, Proxy Se ...
Go to first new post Not sure if my computer is infected
Go to first new post Laptop is acting weird
Go to first new post How many free anti-virus programs are ne ...
Go to first new post Fubar virus?
Search Search
Search for:
Tech Support Guy Forums > > >

Solved: Win32/olmarik.TDL4 trojan


(!)

Reply
Page 1 of 2 1 2
WasntMe's Avatar
Member with 9 posts.
THREAD STARTER
  
Join Date: Feb 2009
04-Aug-2012, 05:05 PM #1
Win32/olmarik.TDL4 trojan
Hello everyone
My laptop is experiencing extreme sluggishness. and Firefox google refuses to search. Eset upon startup says that there is a trojan that it is unable to clean. and its listed as Win32/olmarik.TLD4 trojan
I am running windows7 ultimate. With service pack1. and its a 32bit system.
I am posting and attaching the required logs

Thanks in advance for any assistance
Rob

Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 1:37:08 PM, on 8/4/2012
Platform: Windows 7 SP1 (WinNT 6.00.3505)
MSIE: Internet Explorer v9.00 (9.00.8112.16447)
Boot mode: Normal

Running processes:
C:\Windows\system32\taskhost.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Program Files\Motorola\MotoHelper\MotoHelperAgent.exe
C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe
C:\Program Files\QuickTime\QTTask.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Common Files\Apple\Internet Services\ubd.exe
C:\Program Files\Common Files\Apple\Apple Application Support\distnoted.exe
C:\Windows\system32\conhost.exe
C:\Program Files\Trend Micro\HiJackThis\HiJackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local;192.168.*.*
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Windows Live Messenger Companion Helper - {9FDDE16B-836F-4806-AB1F-1455CBEFF289} - C:\Program Files\Windows Live\Companion\companioncore.dll
O2 - BHO: SkypeIEPluginBHO - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
O2 - BHO: Bing Bar Helper - {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - "C:\Program Files\Microsoft\BingBar\BingExt.dll" (file missing)
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O3 - Toolbar: Bing Bar - {8dcb7100-df86-4384-8842-8fa844297b3f} - "C:\Program Files\Microsoft\BingBar\BingExt.dll" (file missing)
O4 - HKLM\..\Run: [egui] "C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe" /hide /waitservice
O4 - HKLM\..\Run: [AMD AVT] Cmd.exe /c start "AMD Accelerated Video Transcoding device initialization" /min "C:\Program Files\AMD AVT\bin\kdbsync.exe" aml
O4 - HKLM\..\Run: [APSDaemon] "C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKCU\..\Run: [MobileDocuments] C:\Program Files\Common Files\Apple\Internet Services\ubd.exe
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-19\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-20\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'NETWORK SERVICE')
O9 - Extra button: @C:\Program Files\Windows Live\Companion\companionlang.dll,-600 - {0000036B-C524-4050-81A0-243669A86B9F} - C:\Program Files\Windows Live\Companion\companioncore.dll
O9 - Extra button: @C:\Program Files\Windows Live\Writer\WindowsLiveWriterShortcuts.dll,-1004 - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra 'Tools' menuitem: @C:\Program Files\Windows Live\Writer\WindowsLiveWriterShortcuts.dll,-1003 - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra button: HP Smart Print - {22CC3EBD-C286-43aa-B8E6-06B115F74162} - C:\Program Files\Hewlett-Packard\SmartPrint\smartprintsetup.exe
O9 - Extra 'Tools' menuitem: SmartPrint - {22CC3EBD-C286-43aa-B8E6-06B115F74162} - C:\Program Files\Hewlett-Packard\SmartPrint\smartprintsetup.exe
O9 - Extra button: Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
O9 - Extra 'Tools' menuitem: Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
O10 - Unknown file in Winsock LSP: c:\program files\common files\microsoft shared\windows live\wlidnsp.dll
O10 - Unknown file in Winsock LSP: c:\program files\common files\microsoft shared\windows live\wlidnsp.dll
O11 - Options group: [ACCELERATED_GRAPHICS] Accelerated graphics
O16 - DPF: {0E5F0222-96B9-11D3-8997-00104BD12D94} (PCPitstop Utility) - http://www.pcpitstop.com/betapit/PCPitStop.CAB
O18 - Protocol: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O18 - Protocol: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll
O23 - Service: Adobe Acrobat Update Service (AdobeARMservice) - Adobe Systems Incorporated - C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe
O23 - Service: AMD External Events Utility - AMD - C:\Windows\system32\atiesrxx.exe
O23 - Service: AOL Connectivity Service (AOL ACS) - AOL LLC - C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: ESET HTTP Server (EhttpSrv) - ESET - C:\Program Files\ESET\ESET NOD32 Antivirus\EHttpSrv.exe
O23 - Service: ESET Service (ekrn) - ESET - C:\Program Files\ESET\ESET NOD32 Antivirus\ekrn.exe
O23 - Service: Intel(R) PROSet/Wireless Event Log (EvtEng) - Intel(R) Corporation - C:\Program Files\Intel\WiFi\bin\EvtEng.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: MotoHelper Service (MotoHelper) - Unknown owner - C:\Program Files\Motorola\MotoHelper\MotoHelperService.exe
O23 - Service: Mozilla Maintenance Service (MozillaMaintenance) - Mozilla Foundation - C:\Program Files\Mozilla Maintenance Service\maintenanceservice.exe
O23 - Service: Intel(R) PROSet/Wireless Registry Service (RegSrvc) - Intel(R) Corporation - C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe
O23 - Service: UMVPFSrv - Logitech Inc. - C:\Program Files\Common Files\logishrd\LVMVFM\UMVPFSrv.exe
O23 - Service: Intel(R) PROSet/Wireless Zero Configuration Service (ZeroConfigService) - Intel® Corporation - C:\Program Files\Intel\WiFi\bin\ZeroConfigService.exe

--
End of file - 7518 bytes



.
DDS (Ver_2011-08-26.01) - NTFSx86
Internet Explorer: 9.0.8112.16421 BrowserJavaVersion: 1.6.0_29
Run by wasntme at 13:38:24 on 2012-08-04
Microsoft Windows 7 Ultimate 6.1.7601.1.1252.1.1033.18.2046.926 [GMT -7:00]
.
AV: ESET NOD32 Antivirus 4.0 *Disabled/Updated* {CB0F8167-5331-BA19-698E-64816B6801A5}
SP: ESET NOD32 Antivirus 4.0 *Disabled/Updated* {706E6083-750B-B597-533E-5FF310EF4B18}
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
============== Running Processes ===============
.
C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\svchost.exe -k RPCSS
C:\Windows\system32\atiesrxx.exe
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Program Files\Common Files\logishrd\LVMVFM\UMVPFSrv.exe
C:\Windows\system32\AUDIODG.EXE
C:\Windows\system32\atieclxx.exe
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\system32\WLANExt.exe
C:\Windows\system32\conhost.exe
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\ESET\ESET NOD32 Antivirus\ekrn.exe
C:\Program Files\Intel\WiFi\bin\EvtEng.exe
C:\Program Files\Motorola\MotoHelper\MotoHelperService.exe
C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe
C:\Program Files\Microsoft\BingBar\SeaPort.EXE
C:\Windows\system32\svchost.exe -k imgsvc
C:\Windows\system32\svchost.exe -k LocalSystemNetworkRestricted
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
C:\Program Files\Intel\WiFi\bin\ZeroConfigService.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
C:\Windows\system32\taskhost.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Program Files\Motorola\MotoHelper\MotoHelperAgent.exe
C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe
C:\Program Files\QuickTime\QTTask.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Common Files\Apple\Internet Services\ubd.exe
C:\Program Files\Common Files\Apple\Apple Application Support\distnoted.exe
C:\Windows\system32\conhost.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Windows\system32\SearchIndexer.exe
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalServicePeerNet
C:\Windows\system32\wbem\unsecapp.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\Windows\system32\DllHost.exe
C:\Windows\System32\svchost.exe -k secsvcs
C:\Windows\system32\wbem\wmiprvse.exe
C:\Windows\system32\SearchProtocolHost.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Windows\system32\NOTEPAD.EXE
C:\Windows\system32\DllHost.exe
C:\Windows\system32\conhost.exe
.
============== Pseudo HJT Report ===============
.
uInternet Settings,ProxyOverride = *.local;192.168.*.*
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll
BHO: Windows Live ID Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - c:\program files\common files\microsoft shared\windows live\WindowsLiveLogin.dll
BHO: Windows Live Messenger Companion Helper: {9fdde16b-836f-4806-ab1f-1455cbeff289} - c:\program files\windows live\companion\companioncore.dll
BHO: Skype Browser Helper: {ae805869-2e5c-4ed4-8f7b-f1f7851a4497} - c:\program files\skype\toolbars\internet explorer\skypeieplugin.dll
BHO: Bing Bar Helper: {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - "c:\program files\microsoft\bingbar\BingExt.dll"
BHO: Java(tm) Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
TB: Bing Bar: {8dcb7100-df86-4384-8842-8fa844297b3f} - "c:\program files\microsoft\bingbar\BingExt.dll"
uRun: [MobileDocuments] c:\program files\common files\apple\internet services\ubd.exe
mRun: [<NO NAME>]
mRun: [egui] "c:\program files\eset\eset nod32 antivirus\egui.exe" /hide /waitservice
mRun: [AMD AVT] Cmd.exe /c start "AMD Accelerated Video Transcoding device initialization" /min "c:\program files\amd avt\bin\kdbsync.exe" aml
mRun: [APSDaemon] "c:\program files\common files\apple\apple application support\APSDaemon.exe"
mRun: [QuickTime Task] "c:\program files\quicktime\QTTask.exe" -atboottime
mRun: [iTunesHelper] "c:\program files\itunes\iTunesHelper.exe"
mPolicies-system: ConsentPromptBehaviorAdmin = 5 (0x5)
mPolicies-system: ConsentPromptBehaviorUser = 3 (0x3)
mPolicies-system: EnableUIADesktopToggle = 0 (0x0)
IE: {22CC3EBD-C286-43aa-B8E6-06B115F74162} - c:\program files\hewlett-packard\smartprint\smartprintsetup.exe
IE: {0000036B-C524-4050-81A0-243669A86B9F} - {B63DBA5F-523F-4B9C-A43D-65DF1977EAD3} - c:\program files\windows live\companion\companioncore.dll
IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - c:\program files\windows live\writer\WriterBrowserExtension.dll
IE: {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - c:\program files\skype\toolbars\internet explorer\skypeieplugin.dll
DPF: {0E5F0222-96B9-11D3-8997-00104BD12D94} - hxxp://www.pcpitstop.com/betapit/PCPitStop.CAB
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0029-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab
TCP: DhcpNameServer = 192.168.1.254
TCP: Interfaces\{ED3D7410-4C03-4DF5-9E3A-B85CC5332018} : DhcpNameServer = 192.168.1.254
TCP: Interfaces\{ED3D7410-4C03-4DF5-9E3A-B85CC5332018}\2375942554137303 : DhcpNameServer = 192.168.1.254
Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - c:\program files\skype\toolbars\internet explorer\skypeieplugin.dll
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - c:\progra~1\common~1\skype\SKYPE4~1.DLL
Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - c:\program files\windows live\photo gallery\AlbumDownloadProtocolHandler.dll
.
================= FIREFOX ===================
.
FF - ProfilePath - c:\users\wasntme\appdata\roaming\mozilla\firefox\profiles\85mqh4kk.default\
FF - prefs.js: browser.startup.homepage - hxxp://www.google.com/
FF - prefs.js: network.proxy.type - 0
FF - plugin: c:\program files\adobe\reader 10.0\reader\air\nppdf32.dll
FF - plugin: c:\program files\java\jre6\bin\new_plugin\npdeployJava1.dll
FF - plugin: c:\program files\microsoft silverlight\5.1.10411.0\npctrlui.dll
FF - plugin: c:\program files\viewpoint\viewpoint experience technology\npViewpoint.dll
FF - plugin: c:\program files\windows live\photo gallery\NPWLPG.dll
FF - plugin: c:\windows\system32\macromed\flash\NPSWF32_11_3_300_257.dll
.
============= SERVICES / DRIVERS ===============
.
R0 O2MDRDR;O2MDRDR;c:\windows\system32\drivers\o2media.sys [2005-11-14 34176]
R1 vwififlt;Virtual WiFi Filter Driver;c:\windows\system32\drivers\vwififlt.sys [2009-7-13 48128]
R2 AMD External Events Utility;AMD External Events Utility;c:\windows\system32\atiesrxx.exe [2012-4-5 217600]
R2 ekrn;ESET Service;c:\program files\eset\eset nod32 antivirus\ekrn.exe [2009-2-6 727720]
R2 epfwwfpr;epfwwfpr;c:\windows\system32\drivers\epfwwfpr.sys [2009-2-6 92800]
R2 MotoHelper;MotoHelper Service;c:\program files\motorola\motohelper\MotoHelperService.exe [2011-12-6 214896]
R2 UMVPFSrv;UMVPFSrv;c:\program files\common files\logishrd\lvmvfm\UMVPFSrv.exe [2012-1-17 450848]
R2 ZeroConfigService;Intel(R) PROSet/Wireless Zero Configuration Service;c:\program files\intel\wifi\bin\ZeroConfigService.exe [2012-4-17 2326288]
R3 amdkmdag;amdkmdag;c:\windows\system32\drivers\atikmdag.sys [2012-4-5 9334784]
R3 amdkmdap;amdkmdap;c:\windows\system32\drivers\atikmpag.sys [2012-4-5 275968]
R3 AMPPAL;Intel® Centrino® Wireless Bluetooth® + High Speed Virtual Adapter;c:\windows\system32\drivers\AmpPal.sys [2012-3-1 141312]
R3 ATSwpWDF;AuthenTec TruePrint USB WBF WDF Driver;c:\windows\system32\drivers\ATSwpWDF.sys [2009-12-3 625224]
R3 FUJ02E3;Fujitsu FUJ02E3 Device Driver;c:\windows\system32\drivers\fuj02e3.sys [2004-1-18 4864]
R3 NETwLv32; Intel(R) Wireless WiFi Link 5000 Series Adapter Driver for Windows Vista 32 Bit;c:\windows\system32\drivers\NETwLv32.sys [2010-10-7 6639616]
R3 yukonw7;NDIS6.2 Miniport Driver for Marvell Yukon Ethernet Controller;c:\windows\system32\drivers\yk62x86.sys [2009-7-13 311296]
S2 .EsetTrialReset;Eset Trial Reset;c:\windows\system32\regedt32.exe [2009-7-13 9216]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\microsoft.net\framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
S3 AdobeARMservice;Adobe Acrobat Update Service;c:\program files\common files\adobe\arm\1.0\armsvc.exe [2012-1-3 63928]
S3 AMPPALP;Intel® Centrino® Wireless Bluetooth® + High Speed Protocol;c:\windows\system32\drivers\AmpPal.sys [2012-3-1 141312]
S3 b57nd60x;Broadcom NetXtreme Gigabit Ethernet - NDIS 6.0;c:\windows\system32\drivers\b57nd60x.sys [2009-7-13 229888]
S3 fssfltr;fssfltr;c:\windows\system32\drivers\fssfltr.sys [2011-12-25 39272]
S3 fsssvc;Windows Live Family Safety Service;c:\program files\windows live\family safety\fsssvc.exe [2011-5-13 1492840]
S3 MozillaMaintenance;Mozilla Maintenance Service;c:\program files\mozilla maintenance service\maintenanceservice.exe [2012-4-25 113120]
S3 Netaapl;Apple Mobile Device Ethernet Service;c:\windows\system32\drivers\netaapl.sys [2011-8-2 18432]
S3 netr73;RT73 USB Extensible Wireless LAN Card Driver;c:\windows\system32\drivers\netr73.sys [2011-10-5 564800]
S3 netw5v32;Intel(R) Wireless WiFi Link 5000 Series Adapter Driver for Windows Vista 32 Bit;c:\windows\system32\drivers\netw5v32.sys [2009-6-10 4231168]
S3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;c:\windows\system32\drivers\rdpvideominiport.sys [2011-12-23 15872]
S3 RecFltr;Reclusa Keyboard;c:\windows\system32\drivers\RecFltr.sys [2007-1-18 41984]
S3 rt70x86;Belkin Wireless G USB Network Adapter Driver for Vista;c:\windows\system32\drivers\netr70.sys [2007-10-9 291840]
S3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\TsUsbFlt.sys [2011-12-23 52224]
S3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\wat\WatAdminSvc.exe [2011-12-23 1343400]
S3 WDC_SAM;WD SCSI Pass Thru driver;c:\windows\system32\drivers\wdcsam.sys [2008-5-6 11520]
S3 WSDPrintDevice;WSD Print Support via UMB;c:\windows\system32\drivers\WSDPrint.sys [2009-7-13 17920]
S4 AMPPALR3;Intel® Centrino® Wireless Bluetooth® + High Speed Service;c:\program files\intel\bluetoothhs\BTHSAmpPalService.exe [2012-3-1 509448]
S4 BBSvc;Bing Bar Update Service;c:\program files\microsoft\bingbar\BBSvc.EXE [2011-4-1 183560]
S4 BTHSSecurityMgr;Intel(R) Centrino(R) Wireless Bluetooth(R) + High Speed Security Service;c:\program files\intel\bluetoothhs\BTHSSecurityMgr.exe [2012-3-8 104208]
S4 wlcrasvc;Windows Live Mesh remote connections service;c:\program files\windows live\mesh\wlcrasvc.exe [2010-9-22 51040]
.
=============== Created Last 30 ================
.
2012-08-04 20:30:07 56200 ----a-w- c:\programdata\microsoft\windows defender\definition updates\{1c2f43d7-67b4-419c-986e-66d82211a440}\offreg.dll
2012-08-04 20:14:12 388096 ----a-r- c:\users\wasntme\appdata\roaming\microsoft\installer\{45a66726-69bc-466b-a7a4-12fcba4883d7}\HiJackThis.exe
2012-08-04 20:14:12 -------- d-----w- c:\program files\Trend Micro
2012-08-04 19:08:53 6891424 ----a-w- c:\programdata\microsoft\windows defender\definition updates\{1c2f43d7-67b4-419c-986e-66d82211a440}\mpengine.dll
2012-08-03 02:59:39 22344 ----a-w- c:\windows\system32\drivers\mbam.sys
2012-08-03 02:59:39 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2012-08-03 02:01:02 -------- d-----w- c:\users\wasntme\appdata\roaming\Malwarebytes
2012-08-03 02:01:02 -------- d-----w- c:\programdata\Malwarebytes
2012-08-01 01:47:59 544616 ------w- c:\windows\system32\HPDiscoPM5912.dll
2012-08-01 01:47:09 -------- d-----w- c:\program files\HP
2012-08-01 01:45:39 -------- d-----w- c:\users\wasntme\appdata\local\HP
2012-07-31 01:20:00 110080 ----a-w- c:\programdata\microsoft\windows\drm\B9FB.tmp
2012-07-17 09:06:23 514560 ----a-w- c:\windows\system32\qdvd.dll
2012-07-12 04:06:32 2345984 ----a-w- c:\windows\system32\win32k.sys
.
==================== Find3M ====================
.
2012-06-23 16:57:42 70344 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2012-06-23 16:57:42 426184 ----a-w- c:\windows\system32\FlashPlayerApp.exe
2012-06-06 05:05:52 1390080 ----a-w- c:\windows\system32\msxml6.dll
2012-06-06 05:05:52 1236992 ----a-w- c:\windows\system32\msxml3.dll
2012-06-06 05:03:06 805376 ----a-w- c:\windows\system32\cdosys.dll
2012-06-02 22:19:42 171904 ----a-w- c:\windows\system32\wuwebv.dll
2012-06-02 22:12:32 2422272 ----a-w- c:\windows\system32\wucltux.dll
2012-06-02 22:12:20 33792 ----a-w- c:\windows\system32\wuapp.exe
2012-06-02 22:12:13 88576 ----a-w- c:\windows\system32\wudriver.dll
2012-06-02 08:33:25 1800192 ----a-w- c:\windows\system32\jscript9.dll
2012-06-02 08:25:08 1129472 ----a-w- c:\windows\system32\wininet.dll
2012-06-02 08:25:03 1427968 ----a-w- c:\windows\system32\inetcpl.cpl
2012-06-02 08:20:33 142848 ----a-w- c:\windows\system32\ieUnatt.exe
2012-06-02 08:16:52 2382848 ----a-w- c:\windows\system32\mshtml.tlb
2012-06-02 04:45:04 67440 ----a-w- c:\windows\system32\drivers\ksecdd.sys
2012-06-02 04:45:03 134000 ----a-w- c:\windows\system32\drivers\ksecpkg.sys
2012-06-02 04:40:59 369336 ----a-w- c:\windows\system32\drivers\cng.sys
2012-06-02 04:40:39 225280 ----a-w- c:\windows\system32\schannel.dll
2012-06-02 04:39:10 219136 ----a-w- c:\windows\system32\ncrypt.dll
2012-05-31 19:25:14 237072 ------w- c:\windows\system32\MpSigStub.exe
.
============= FINISH: 13:40:13.72 ===============


GMER 1.0.15.15641 - http://www.gmer.net
Rootkit scan 2012-08-04 13:50:18
Windows 6.1.7601 Service Pack 1 Harddisk1\DR1 -> \Device\Ide\IdePort4 WDC_WD7500BPVT-00HXZT0 rev.01.01A01
Running: 11fy4yfi.exe; Driver: C:\Users\wasntme\AppData\Local\Temp\fgdiyfog.sys


---- Kernel code sections - GMER 1.0.15 ----

.text ntkrnlpa.exe!ZwRollbackEnlistment + 140D 82E443C9 1 Byte [06]
.text ntkrnlpa.exe!KiDispatchInterrupt + 5A2 82E7DD52 19 Bytes [E0, 0F, BA, F0, 07, 73, 09, ...] {LOOPNZ 0x11; MOV EDX, 0x97307f0; MOV CR4, EAX; OR AL, 0x80; MOV CR4, EAX; RET ; MOV ECX, CR3}
? System32\Drivers\spuh.sys The system cannot find the path specified. !
PAGE ataport.SYS!DllUnload + 1 88FCBAD7 4 Bytes JMP 85F291D9
.text C:\Windows\system32\DRIVERS\atikmdag.sys section is writeable [0x90217000, 0x3DBAA0, 0xE8000020]
.text USBPORT.SYS!DllUnload 90BD3DB9 5 Bytes JMP 865E81D8
? C:\Users\wasntme\AppData\Local\Temp\mbr.sys The system cannot find the file specified. !

---- User code sections - GMER 1.0.15 ----

.text C:\Windows\system32\svchost.exe[1016] ntdll.dll!NtWriteFile 77886A68 5 Bytes JMP 00013E39
.text C:\Windows\system32\svchost.exe[1016] kernel32.dll!SetUnhandledExceptionFilter 7654F4FB 5 Bytes [33, C0, C2, 04, 00] {XOR EAX, EAX; RET 0x4}
.text C:\Windows\system32\svchost.exe[1016] USER32.dll!GetCursorPos 7682C198 5 Bytes JMP 000147A7
.text C:\Windows\system32\svchost.exe[1016] USER32.dll!GetForegroundWindow 7683565D 5 Bytes JMP 00014856
.text C:\Windows\system32\svchost.exe[1016] USER32.dll!IsWindowVisible 76836939 5 Bytes JMP 0001487D
.text C:\Windows\system32\svchost.exe[1016] USER32.dll!WindowFromPoint 76856D0C 5 Bytes JMP 000147F6
.text C:\Windows\system32\svchost.exe[1016] USER32.dll!MessageBoxIndirectW 7687E9C3 6 Bytes [33, C0, 40, C2, 04, 00] {XOR EAX, EAX; INC EAX; RET 0x4}
.text C:\Windows\system32\svchost.exe[1016] WS2_32.dll!GetAddrInfoW 765E4889 5 Bytes JMP 00014743
.text C:\Windows\system32\svchost.exe[1016] ole32.dll!CoGetClassObject 76AC54AD 5 Bytes JMP 0001494A
.text C:\Windows\system32\svchost.exe[1016] ole32.dll!CoCreateInstance 76AD9D0B 5 Bytes JMP 00014974
.text C:\Program Files\ESET\ESET NOD32 Antivirus\ekrn.exe[1840] kernel32.dll!SetUnhandledExceptionFilter 7654F4FB 4 Bytes [C2, 04, 00, 00]

---- Devices - GMER 1.0.15 ----

Device \FileSystem\Ntfs \Ntfs 85F301F8
Device \Driver\volmgr \Device\VolMgrControl 85F2B1F8
Device \Driver\NetBT \Device\NetBT_Tcpip_{ED3D7410-4C03-4DF5-9E3A-B85CC5332018} 863D71F8
Device \Driver\usbuhci \Device\USBPDO-0 865E91F8
Device \Driver\usbuhci \Device\USBPDO-1 865E91F8
Device \Driver\usbehci \Device\USBPDO-2 865F4500
Device \Driver\usbuhci \Device\USBPDO-3 865E91F8
Device \Driver\usbuhci \Device\USBPDO-4 865E91F8
Device \Driver\usbuhci \Device\USBPDO-5 865E91F8
Device \Driver\usbehci \Device\USBPDO-6 865F4500
Device \Driver\volmgr \Device\HarddiskVolume1 85F2B1F8

AttachedDevice \Driver\volmgr \Device\HarddiskVolume1 fvevol.sys (BitLocker Drive Encryption Driver/Microsoft Corporation)
AttachedDevice \Driver\volmgr \Device\HarddiskVolume1 rdyboost.sys (ReadyBoost Driver/Microsoft Corporation)

Device \Driver\volmgr \Device\HarddiskVolume2 85F2B1F8

AttachedDevice \Driver\volmgr \Device\HarddiskVolume2 fvevol.sys (BitLocker Drive Encryption Driver/Microsoft Corporation)
AttachedDevice \Driver\volmgr \Device\HarddiskVolume2 rdyboost.sys (ReadyBoost Driver/Microsoft Corporation)

Device \Driver\cdrom \Device\CdRom0 863991F8
Device \Driver\volmgr \Device\HarddiskVolume3 85F2B1F8

AttachedDevice \Driver\volmgr \Device\HarddiskVolume3 fvevol.sys (BitLocker Drive Encryption Driver/Microsoft Corporation)
AttachedDevice \Driver\volmgr \Device\HarddiskVolume3 rdyboost.sys (ReadyBoost Driver/Microsoft Corporation)

Device \Driver\atapi \Device\Ide\IdeDeviceP0T0L0-0 85F2D1F8
Device \Driver\atapi \Device\Ide\IdePort0 85F2D1F8
Device \Driver\atapi \Device\Ide\IdeDeviceP2T0L0-4 85F2D1F8
Device \Driver\atapi \Device\Ide\IdePort1 85F2D1F8
Device \Driver\atapi \Device\Ide\IdePort2 85F2D1F8
Device \Driver\atapi \Device\Ide\IdePort3 85F2D1F8
Device \Driver\atapi \Device\Ide\IdePort4 85F2D1F8
Device \Driver\msahci \Device\Ide\PciIde1Channel0 85F2E1F8
Device \Driver\msahci \Device\Ide\PciIde1Channel1 85F2E1F8
Device \Driver\msahci \Device\Ide\PciIde1Channel2 85F2E1F8
Device \Driver\atapi \Device\Ide\IdeDeviceP4T0L0-6 85F2D1F8
Device \Driver\volmgr \Device\HarddiskVolume4 85F2B1F8

AttachedDevice \Driver\volmgr \Device\HarddiskVolume4 fvevol.sys (BitLocker Drive Encryption Driver/Microsoft Corporation)
AttachedDevice \Driver\volmgr \Device\HarddiskVolume4 rdyboost.sys (ReadyBoost Driver/Microsoft Corporation)

Device \Driver\volmgr \Device\HarddiskVolume5 85F2B1F8

AttachedDevice \Driver\volmgr \Device\HarddiskVolume5 fvevol.sys (BitLocker Drive Encryption Driver/Microsoft Corporation)
AttachedDevice \Driver\volmgr \Device\HarddiskVolume5 rdyboost.sys (ReadyBoost Driver/Microsoft Corporation)

Device \Driver\NetBT \Device\NetBT_Tcpip_{BCFF2DEE-2FF3-4F9E-8E9B-8BF50D5F5B04} 863D71F8
Device \Driver\NetBT \Device\NetBt_Wins_Export 863D71F8
Device \Driver\ACPI_HAL \Device\0000004f halmacpi.dll (Hardware Abstraction Layer DLL/Microsoft Corporation)
Device \Driver\usbuhci \Device\USBFDO-0 865E91F8
Device \Driver\usbuhci \Device\USBFDO-1 865E91F8
Device \Driver\usbehci \Device\USBFDO-2 865F4500
Device \Driver\usbuhci \Device\USBFDO-3 865E91F8
Device \Driver\usbuhci \Device\USBFDO-4 865E91F8
Device \Driver\usbuhci \Device\USBFDO-5 865E91F8
Device \Driver\usbehci \Device\USBFDO-6 865F4500

---- Registry - GMER 1.0.15 ----

Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg@s1 771343423
Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg@s2 285507792
Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg@h0 1
Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A 64CEC
Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A 64CEC@u0 0x00 0x00 0x00 0x00 ...
Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A 64CEC@h0 0
Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A 64CEC@hdf12 0x6D 0x91 0xA5 0x51 ...
Reg HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CE C (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CE C@u0 0x00 0x00 0x00 0x00 ...
Reg HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CE C@h0 0
Reg HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CE C@hdf12 0x6D 0x91 0xA5 0x51 ...
Reg HKLM\SOFTWARE\Microsoft\Windows Media Player NSS\3.0\Servers\956B3AC2-685A-48CA-82E9-C49F60F507C3@IPAddress 127.0.0.1
Reg HKLM\SOFTWARE\Microsoft\Windows Search\UsnNotifier\Windows\Catalogs\SystemIndex@{1EFCF485-2DA1-11E1-A00B-806E6F6E6963} 6699068464
Reg HKCU\Software\Microsoft\Windows NT\CurrentVersion\AppCompatFlags\Compatibility Assistant\Persisted@C:\Users\wasntme\AppData\Local\Logitech\xae Webcam Software\Logishrd\LU2.0\LogitechUpdate.exe 1

---- Disk sectors - GMER 1.0.15 ----

Disk \Device\Harddisk1\DR1 sector 00: rootkit-like behavior

---- EOF - GMER 1.0.15 ----


Hope this helps
thanks again
Attachment Blocked
Attachments in the HJT forum are often designed to solve a specific issue and not meant to be used without instructions specific to your computer. If you want help specific to your computer, please post a HiJackThis Log. If you started this thread, please make sure you are logged in to be able to view attachments.
WasntMe's Avatar
Member with 9 posts.
THREAD STARTER
  
Join Date: Feb 2009
07-Aug-2012, 02:42 AM #2
anyone!?
Mark1956's Avatar
Malware Removal Specialist with 8,281 posts.
  
Join Date: May 2011
Location: Spain
Experience: Advanced
07-Aug-2012, 06:50 AM #3
Hi WasntMe, my name is Mark and I will be helping you.

GMER is showing you have a Rootkit. Please follow the instructions below and post the log.

Please follow the instructions exactly as written, deviating from the instructions and trying to fix anything before I have seen the logs may make your PC unbootable. If TDSSKiller does not offer the Cure option DO NOT select delete as you may remove files needed for the system to operate.
Please download Kaspersky's TDSSKiller and save it to your Desktop. <-Important!
-- The tool is frequently updated...if you used TDSSKiller before, delete that version and download the most current one before using again.
Be sure to print out and follow the instructions for performing a scan.
  • Extract (unzip) the file to your desktop and make sure TDSSKiller.exe (the contents of the zipped file) is on the Desktop itself, not within a folder on the Desktop.
  • Alternatively, you can download TDSSKiller.exe and use that instead.
  • Double-click on TDSSKiller.exe to run the tool for known TDSS variants.
    Vista/Windows 7 users right-click and select Run As Administrator.
  • If an update is available, TDSSKiller will prompt you to update and download the most current version. Click Load Update. Close TDSSKiller and start again.
  • When the program opens, click the Change parameters.

  • Under "Additional options", check the boxes next to Verify file digital signatures and Detect TDLFS file system, then click OK.

  • Click the Start Scan button.

  • Do not use the computer during the scan
  • If the scan completes with nothing found, click Close to exit.
  • If 'Suspicious objects' are detected, the default action will be Skip. Leave the default set to Skip and click on Continue.
  • If Malicious objects are detected, they will show in the Scan results - Select action for found objects and offer three options.

  • Ensure Cure is selected...then click Continue -> Reboot computer for cure completion.

  • Important! -> If Cure is not available, please choose Skip instead. Do not choose Delete unless instructed. If you choose Delete you may remove critical system files and make your PC unstable or possibly unbootable.
  • A log file named TDSSKiller_version_date_time_log.txt will be created and saved to the root directory (usually Local Disk C: ).
  • Copy and paste the contents of that file in your next reply.
-- If TDSSKiller does not run, try renaming it. To do this, right-click on TDSSKiller.exe, select Rename and give it a random name with the .com file extension (i.e. 123abc.com). If you do not see the file extension, please refer to these instructions. In some cases it may be necessary to redownload TDSSKiller and randomly rename it to something else before beginning the download and saving to the computer or to perform the scan in "safe mode".
WasntMe's Avatar
Member with 9 posts.
THREAD STARTER
  
Join Date: Feb 2009
07-Aug-2012, 07:10 AM #4
thanks for the reply Mark.
I ran TDSSKiller in administration mode and here is the log

04:00:03.0023 2772 TDSS rootkit removing tool 2.7.48.0 Jul 24 2012 13:16:32
04:00:04.0012 2772 ============================================================
04:00:04.0012 2772 Current date / time: 2012/08/07 04:00:04.0012
04:00:04.0012 2772 SystemInfo:
04:00:04.0012 2772
04:00:04.0012 2772 OS Version: 6.1.7601 ServicePack: 1.0
04:00:04.0012 2772 Product type: Workstation
04:00:04.0012 2772 ComputerName: WASNTME-PC
04:00:04.0012 2772 UserName: wasntme
04:00:04.0013 2772 Windows directory: C:\Windows
04:00:04.0013 2772 System windows directory: C:\Windows
04:00:04.0013 2772 Processor architecture: Intel x86
04:00:04.0013 2772 Number of processors: 2
04:00:04.0013 2772 Page size: 0x1000
04:00:04.0013 2772 Boot type: Normal boot
04:00:04.0013 2772 ============================================================
04:00:06.0296 2772 Drive \Device\Harddisk1\DR1 - Size: 0xAEA8CDE000 (698.64 Gb), SectorSize: 0x200, Cylinders: 0x16441, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000050
04:00:06.0296 2772 Drive \Device\Harddisk0\DR0 - Size: 0x2E93E36000 (186.31 Gb), SectorSize: 0x200, Cylinders: 0x5F01, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000050
04:00:06.0299 2772 ============================================================
04:00:06.0299 2772 \Device\Harddisk1\DR1:
04:00:06.0299 2772 MBR partitions:
04:00:06.0299 2772 \Device\Harddisk1\DR1\Partition0: MBR, Type 0x7, StartLBA 0x300BC4, BlocksNum 0x171A10BE
04:00:06.0299 2772 \Device\Harddisk1\DR1\Partition1: MBR, Type 0x7, StartLBA 0x174A2000, BlocksNum 0x400A3800
04:00:06.0299 2772 \Device\Harddisk0\DR0:
04:00:06.0299 2772 MBR partitions:
04:00:06.0299 2772 \Device\Harddisk0\DR0\Partition0: MBR, Type 0x7, StartLBA 0x300800, BlocksNum 0x1719E000
04:00:06.0299 2772 ============================================================
04:00:06.0326 2772 C: <-> \Device\Harddisk1\DR1\Partition0
04:00:06.0345 2772 D: <-> \Device\Harddisk1\DR1\Partition1
04:00:06.0346 2772 F: <-> \Device\Harddisk0\DR0\Partition0
04:00:06.0346 2772 ============================================================
04:00:06.0346 2772 Initialize success
04:00:06.0346 2772 ============================================================
04:01:34.0969 0540 ============================================================
04:01:34.0969 0540 Scan started
04:01:34.0969 0540 Mode: Manual; SigCheck; TDLFS;
04:01:34.0969 0540 ============================================================
04:01:36.0482 0540 .EsetTrialReset - ok
04:01:36.0576 0540 1394ohci (1b133875b8aa8ac48969bd3458afe9f5) C:\Windows\system32\drivers\1394ohci.sys
04:01:36.0654 0540 1394ohci - ok
04:01:36.0701 0540 61883 (beb5e6a8c17c3c7485563281e0f9e77e) C:\Windows\system32\DRIVERS\61883.sys
04:01:36.0747 0540 61883 - ok
04:01:36.0810 0540 ACPI (cea80c80bed809aa0da6febc04733349) C:\Windows\system32\drivers\ACPI.sys
04:01:36.0825 0540 ACPI - ok
04:01:36.0857 0540 AcpiPmi (1efbc664abff416d1d07db115dcb264f) C:\Windows\system32\drivers\acpipmi.sys
04:01:36.0919 0540 AcpiPmi - ok
04:01:37.0028 0540 AdobeARMservice (62b7936f9036dd6ed36e6a7efa805dc0) C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe
04:01:37.0028 0540 AdobeARMservice - ok
04:01:37.0106 0540 adp94xx (21e785ebd7dc90a06391141aac7892fb) C:\Windows\system32\DRIVERS\adp94xx.sys
04:01:37.0122 0540 adp94xx - ok
04:01:37.0184 0540 adpahci (0c676bc278d5b59ff5abd57bbe9123f2) C:\Windows\system32\DRIVERS\adpahci.sys
04:01:37.0247 0540 adpahci - ok
04:01:37.0293 0540 adpu320 (7c7b5ee4b7b822ec85321fe23a27db33) C:\Windows\system32\DRIVERS\adpu320.sys
04:01:37.0309 0540 adpu320 - ok
04:01:37.0340 0540 AeLookupSvc (8b5eefeec1e6d1a72a06c526628ad161) C:\Windows\System32\aelupsvc.dll
04:01:37.0418 0540 AeLookupSvc - ok
04:01:37.0481 0540 AFD (9ebbba55060f786f0fcaa3893bfa2806) C:\Windows\system32\drivers\afd.sys
04:01:37.0605 0540 AFD - ok
04:01:37.0699 0540 AgereSoftModem (7e10e3bb9b258ad8a9300f91214d67b9) C:\Windows\system32\DRIVERS\AGRSM.sys
04:01:37.0761 0540 AgereSoftModem - ok
04:01:37.0793 0540 agp440 (507812c3054c21cef746b6ee3d04dd6e) C:\Windows\system32\drivers\agp440.sys
04:01:37.0808 0540 agp440 - ok
04:01:37.0839 0540 aic78xx (8b30250d573a8f6b4bd23195160d8707) C:\Windows\system32\DRIVERS\djsvs.sys
04:01:37.0855 0540 aic78xx - ok
04:01:37.0886 0540 ALG (18a54e132947cd98fea9accc57f98f13) C:\Windows\System32\alg.exe
04:01:37.0933 0540 ALG - ok
04:01:37.0949 0540 aliide (0d40bcf52ea90fc7df2aeab6503dea44) C:\Windows\system32\drivers\aliide.sys
04:01:37.0964 0540 aliide - ok
04:01:38.0042 0540 AMD External Events Utility (50ebbb86e493bd9ab7ddf914a90eef8e) C:\Windows\system32\atiesrxx.exe
04:01:38.0073 0540 AMD External Events Utility - ok
04:01:38.0089 0540 amdagp (3c6600a0696e90a463771c7422e23ab5) C:\Windows\system32\drivers\amdagp.sys
04:01:38.0105 0540 amdagp - ok
04:01:38.0105 0540 amdide (cd5914170297126b6266860198d1d4f0) C:\Windows\system32\drivers\amdide.sys
04:01:38.0120 0540 amdide - ok
04:01:38.0183 0540 AmdK8 (00dda200d71bac534bf56a9db5dfd666) C:\Windows\system32\DRIVERS\amdk8.sys
04:01:38.0214 0540 AmdK8 - ok
04:01:38.0651 0540 amdkmdag (70eb74785ab7fc603fef19d87b7a7946) C:\Windows\system32\DRIVERS\atikmdag.sys
04:01:38.0807 0540 amdkmdag - ok
04:01:39.0010 0540 amdkmdap (ba99833bbde9c4ff389fc8114fb14843) C:\Windows\system32\DRIVERS\atikmpag.sys
04:01:39.0041 0540 amdkmdap - ok
04:01:39.0041 0540 AmdPPM (3cbf30f5370fda40dd3e87df38ea53b6) C:\Windows\system32\DRIVERS\amdppm.sys
04:01:39.0072 0540 AmdPPM - ok
04:01:39.0134 0540 amdsata (d320bf87125326f996d4904fe24300fc) C:\Windows\system32\drivers\amdsata.sys
04:01:39.0150 0540 amdsata - ok
04:01:39.0228 0540 amdsbs (ea43af0c423ff267355f74e7a53bdaba) C:\Windows\system32\DRIVERS\amdsbs.sys
04:01:39.0244 0540 amdsbs - ok
04:01:39.0259 0540 amdxata (46387fb17b086d16dea267d5be23a2f2) C:\Windows\system32\drivers\amdxata.sys
04:01:39.0275 0540 amdxata - ok
04:01:39.0306 0540 AMPPAL (943b78a8f57464a471f0fe4340c7a072) C:\Windows\system32\DRIVERS\AMPPAL.sys
04:01:39.0337 0540 AMPPAL - ok
04:01:39.0353 0540 AMPPALP (943b78a8f57464a471f0fe4340c7a072) C:\Windows\system32\DRIVERS\amppal.sys
04:01:39.0353 0540 AMPPALP - ok
04:01:39.0493 0540 AMPPALR3 (c1b58a0ea189dd8bf931f6219c8e416e) C:\Program Files\Intel\BluetoothHS\BTHSAmpPalService.exe
04:01:39.0509 0540 AMPPALR3 - ok
04:01:39.0649 0540 AOL ACS (85180cf88c5ebad73b452a43a004ca51) C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe
04:01:39.0680 0540 AOL ACS - ok
04:01:39.0743 0540 AppID (aea177f783e20150ace5383ee368da19) C:\Windows\system32\drivers\appid.sys
04:01:39.0790 0540 AppID - ok
04:01:39.0852 0540 AppIDSvc (62a9c86cb6085e20db4823e4e97826f5) C:\Windows\System32\appidsvc.dll
04:01:39.0883 0540 AppIDSvc - ok
04:01:39.0914 0540 Appinfo (fb1959012294d6ad43e5304df65e3c26) C:\Windows\System32\appinfo.dll
04:01:39.0946 0540 Appinfo - ok
04:01:40.0024 0540 Apple Mobile Device (f401929ee0cc92bfe7f15161ca535383) C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
04:01:40.0024 0540 Apple Mobile Device - ok
04:01:40.0117 0540 AppMgmt (a45d184df6a8803da13a0b329517a64a) C:\Windows\System32\appmgmts.dll
04:01:40.0133 0540 AppMgmt - ok
04:01:40.0195 0540 arc (2932004f49677bd84dbc72edb754ffb3) C:\Windows\system32\DRIVERS\arc.sys
04:01:40.0211 0540 arc - ok
04:01:40.0242 0540 arcsas (5d6f36c46fd283ae1b57bd2e9feb0bc7) C:\Windows\system32\DRIVERS\arcsas.sys
04:01:40.0258 0540 arcsas - ok
04:01:40.0304 0540 AsyncMac (add2ade1c2b285ab8378d2daaf991481) C:\Windows\system32\DRIVERS\asyncmac.sys
04:01:40.0351 0540 AsyncMac - ok
04:01:40.0367 0540 atapi (338c86357871c167a96ab976519bf59e) C:\Windows\system32\drivers\atapi.sys
04:01:40.0382 0540 atapi - ok
04:01:40.0835 0540 atikmdag (70eb74785ab7fc603fef19d87b7a7946) C:\Windows\system32\DRIVERS\atikmdag.sys
04:01:40.0975 0540 atikmdag - ok
04:01:41.0178 0540 ATSwpWDF (befe54e9bc648a3c79c917a63b6ee7da) C:\Windows\system32\Drivers\ATSwpWDF.sys
04:01:41.0194 0540 ATSwpWDF - ok
04:01:41.0256 0540 AudioEndpointBuilder (ce3b4e731638d2ef62fcb419be0d39f0) C:\Windows\System32\Audiosrv.dll
04:01:41.0303 0540 AudioEndpointBuilder - ok
04:01:41.0318 0540 Audiosrv (ce3b4e731638d2ef62fcb419be0d39f0) C:\Windows\System32\Audiosrv.dll
04:01:41.0350 0540 Audiosrv - ok
04:01:41.0412 0540 Avc (c44bdd77e06053cf5afe046f3a47c16b) C:\Windows\system32\DRIVERS\avc.sys
04:01:41.0428 0540 Avc - ok
04:01:41.0490 0540 AxInstSV (6e30d02aac9cac84f421622e3a2f6178) C:\Windows\System32\AxInstSV.dll
04:01:41.0537 0540 AxInstSV - ok
04:01:41.0615 0540 b06bdrv (1a231abec60fd316ec54c66715543cec) C:\Windows\system32\DRIVERS\bxvbdx.sys
04:01:41.0693 0540 b06bdrv - ok
04:01:41.0755 0540 b57nd60x (bd8869eb9cde6bbe4508d869929869ee) C:\Windows\system32\DRIVERS\b57nd60x.sys
04:01:41.0771 0540 b57nd60x - ok
04:01:41.0880 0540 BBSvc (0d1ea7509f394d8b705b239ee71f5118) C:\Program Files\Microsoft\BingBar\BBSvc.EXE
04:01:41.0911 0540 BBSvc - ok
04:01:41.0942 0540 BDESVC (ee1e9c3bb8228ae423dd38db69128e71) C:\Windows\System32\bdesvc.dll
04:01:41.0974 0540 BDESVC - ok
04:01:41.0989 0540 Beep (505506526a9d467307b3c393dedaf858) C:\Windows\system32\drivers\Beep.sys
04:01:42.0036 0540 Beep - ok
04:01:42.0114 0540 BFE (1e2bac209d184bb851e1a187d8a29136) C:\Windows\System32\bfe.dll
04:01:42.0176 0540 BFE - ok
04:01:42.0239 0540 BITS (e585445d5021971fae10393f0f1c3961) C:\Windows\system32\qmgr.dll
04:01:42.0317 0540 BITS - ok
04:01:42.0348 0540 blbdrive (2287078ed48fcfc477b05b20cf38f36f) C:\Windows\system32\DRIVERS\blbdrive.sys
04:01:42.0379 0540 blbdrive - ok
04:01:42.0473 0540 Bonjour Service (db5bea73edaf19ac68b2c0fad0f92b1a) C:\Program Files\Bonjour\mDNSResponder.exe
04:01:42.0488 0540 Bonjour Service - ok
04:01:42.0520 0540 bowser (8f2da3028d5fcbd1a060a3de64cd6506) C:\Windows\system32\DRIVERS\bowser.sys
04:01:42.0535 0540 bowser - ok
04:01:42.0551 0540 BrFiltLo (9f9acc7f7ccde8a15c282d3f88b43309) C:\Windows\system32\DRIVERS\BrFiltLo.sys
04:01:42.0566 0540 BrFiltLo - ok
04:01:42.0582 0540 BrFiltUp (56801ad62213a41f6497f96dee83755a) C:\Windows\system32\DRIVERS\BrFiltUp.sys
04:01:42.0613 0540 BrFiltUp - ok
04:01:42.0676 0540 BridgeMP (77361d72a04f18809d0efb6cceb74d4b) C:\Windows\system32\DRIVERS\bridge.sys
04:01:42.0707 0540 BridgeMP - ok
04:01:42.0769 0540 Browser (6e11f33d14d020f58d5e02e4d67dfa19) C:\Windows\System32\browser.dll
04:01:42.0816 0540 Browser - ok
04:01:42.0863 0540 Brserid (845b8ce732e67f3b4133164868c666ea) C:\Windows\System32\Drivers\Brserid.sys
04:01:42.0878 0540 Brserid - ok
04:01:42.0878 0540 BrSerWdm (203f0b1e73adadbbb7b7b1fabd901f6b) C:\Windows\System32\Drivers\BrSerWdm.sys
04:01:42.0910 0540 BrSerWdm - ok
04:01:42.0925 0540 BrUsbMdm (bd456606156ba17e60a04e18016ae54b) C:\Windows\System32\Drivers\BrUsbMdm.sys
04:01:42.0956 0540 BrUsbMdm - ok
04:01:42.0972 0540 BrUsbSer (af72ed54503f717a43268b3cc5faec2e) C:\Windows\System32\Drivers\BrUsbSer.sys
04:01:42.0988 0540 BrUsbSer - ok
04:01:43.0003 0540 BTHMODEM (ed3df7c56ce0084eb2034432fc56565a) C:\Windows\system32\DRIVERS\bthmodem.sys
04:01:43.0034 0540 BTHMODEM - ok
04:01:43.0097 0540 bthserv (1df19c96eef6c29d1c3e1a8678e07190) C:\Windows\system32\bthserv.dll
04:01:43.0144 0540 bthserv - ok
04:01:43.0206 0540 BTHSSecurityMgr (f92248c0253b92ecf3da5a2041763b9f) C:\Program Files\Intel\BluetoothHS\BTHSSecurityMgr.exe
04:01:43.0222 0540 BTHSSecurityMgr - ok
04:01:43.0424 0540 catchme - ok
04:01:43.0471 0540 cdfs (77ea11b065e0a8ab902d78145ca51e10) C:\Windows\system32\DRIVERS\cdfs.sys
04:01:43.0502 0540 cdfs - ok
04:01:43.0580 0540 cdrom (be167ed0fdb9c1fa1133953c18d5a6c9) C:\Windows\system32\DRIVERS\cdrom.sys
04:01:43.0596 0540 cdrom - ok
04:01:43.0690 0540 CertPropSvc (319c6b309773d063541d01df8ac6f55f) C:\Windows\System32\certprop.dll
04:01:43.0736 0540 CertPropSvc - ok
04:01:43.0752 0540 circlass (3fe3fe94a34df6fb06e6418d0f6a0060) C:\Windows\system32\DRIVERS\circlass.sys
04:01:43.0768 0540 circlass - ok
04:01:43.0814 0540 CLFS (635181e0e9bbf16871bf5380d71db02d) C:\Windows\system32\CLFS.sys
04:01:43.0830 0540 CLFS - ok
04:01:43.0924 0540 clr_optimization_v2.0.50727_32 (d88040f816fda31c3b466f0fa0918f29) C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
04:01:43.0924 0540 clr_optimization_v2.0.50727_32 - ok
04:01:44.0048 0540 clr_optimization_v4.0.30319_32 (c5a75eb48e2344abdc162bda79e16841) C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
04:01:44.0048 0540 clr_optimization_v4.0.30319_32 - ok
04:01:44.0064 0540 CmBatt (dea805815e587dad1dd2c502220b5616) C:\Windows\system32\DRIVERS\CmBatt.sys
04:01:44.0080 0540 CmBatt - ok
04:01:44.0111 0540 cmdide (c537b1db64d495b9b4717b4d6d9edbf2) C:\Windows\system32\drivers\cmdide.sys
04:01:44.0126 0540 cmdide - ok
04:01:44.0189 0540 CNG (247b4ce2dab1160cd422d532d5241e1f) C:\Windows\system32\Drivers\cng.sys
04:01:44.0251 0540 CNG - ok
04:01:44.0282 0540 Compbatt (a6023d3823c37043986713f118a89bee) C:\Windows\system32\DRIVERS\compbatt.sys
04:01:44.0298 0540 Compbatt - ok
04:01:44.0314 0540 CompositeBus (cbe8c58a8579cfe5fccf809e6f114e89) C:\Windows\system32\drivers\CompositeBus.sys
04:01:44.0345 0540 CompositeBus - ok
04:01:44.0360 0540 COMSysApp - ok
04:01:44.0376 0540 crcdisk (2c4ebcfc84a9b44f209dff6c6e6c61d1) C:\Windows\system32\DRIVERS\crcdisk.sys
04:01:44.0376 0540 crcdisk - ok
04:01:44.0438 0540 CryptSvc (06e771aa596b8761107ab57e99f128d7) C:\Windows\system32\cryptsvc.dll
04:01:44.0532 0540 CryptSvc - ok
04:01:44.0563 0540 CSC (3c2177a897b4ca2788c6fb0c3fd81d4b) C:\Windows\system32\drivers\csc.sys
04:01:44.0610 0540 CSC - ok
04:01:44.0672 0540 CscService (15f93b37f6801943360d9eb42485d5d3) C:\Windows\System32\cscsvc.dll
04:01:44.0704 0540 CscService - ok
04:01:44.0735 0540 DcomLaunch (7660f01d3b38aca1747e397d21d790af) C:\Windows\system32\rpcss.dll
04:01:44.0766 0540 DcomLaunch - ok
04:01:44.0813 0540 defragsvc (8d6e10a2d9a5eed59562d9b82cf804e1) C:\Windows\System32\defragsvc.dll
04:01:44.0875 0540 defragsvc - ok
04:01:44.0922 0540 DfsC (f024449c97ec1e464aaffda18593db88) C:\Windows\system32\Drivers\dfsc.sys
04:01:44.0969 0540 DfsC - ok
04:01:45.0047 0540 Dhcp (e9e01eb683c132f7fa27cd607b8a2b63) C:\Windows\system32\dhcpcore.dll
04:01:45.0094 0540 Dhcp - ok
04:01:45.0109 0540 discache (1a050b0274bfb3890703d490f330c0da) C:\Windows\system32\drivers\discache.sys
04:01:45.0140 0540 discache - ok
04:01:45.0218 0540 Disk (565003f326f99802e68ca78f2a68e9ff) C:\Windows\system32\DRIVERS\disk.sys
04:01:45.0234 0540 Disk - ok
04:01:45.0265 0540 Dnscache (33ef4861f19a0736b11314aad9ae28d0) C:\Windows\System32\dnsrslvr.dll
04:01:45.0312 0540 Dnscache - ok
04:01:45.0359 0540 dot3svc (366ba8fb4b7bb7435e3b9eacb3843f67) C:\Windows\System32\dot3svc.dll
04:01:45.0406 0540 dot3svc - ok
04:01:45.0437 0540 DPS (8ec04ca86f1d68da9e11952eb85973d6) C:\Windows\system32\dps.dll
04:01:45.0484 0540 DPS - ok
04:01:45.0546 0540 drmkaud (b918e7c5f9bf77202f89e1a9539f2eb4) C:\Windows\system32\drivers\drmkaud.sys
04:01:45.0577 0540 drmkaud - ok
04:01:45.0640 0540 DXGKrnl (23f5d28378a160352ba8f817bd8c71cb) C:\Windows\System32\drivers\dxgkrnl.sys
04:01:45.0686 0540 DXGKrnl - ok
04:01:45.0749 0540 eamon (59d9e5dbcfef1e0e3dbac1b55c718f2d) C:\Windows\system32\DRIVERS\eamon.sys
04:01:45.0749 0540 eamon - ok
04:01:45.0796 0540 EapHost (8600142fa91c1b96367d3300ad0f3f3a) C:\Windows\System32\eapsvc.dll
04:01:45.0842 0540 EapHost - ok
04:01:46.0108 0540 ebdrv (024e1b5cac09731e4d868e64dbfb4ab0) C:\Windows\system32\DRIVERS\evbdx.sys
04:01:46.0217 0540 ebdrv - ok
04:01:46.0326 0540 EFS (81951f51e318aecc2d68559e47485cc4) C:\Windows\System32\lsass.exe
04:01:46.0357 0540 EFS - ok
04:01:46.0451 0540 ehdrv (3bd67a869964bf57266cbbd1dca38c6a) C:\Windows\system32\DRIVERS\ehdrv.sys
04:01:46.0466 0540 ehdrv - ok
04:01:46.0560 0540 ehRecvr (a8c362018efc87beb013ee28f29c0863) C:\Windows\ehome\ehRecvr.exe
04:01:46.0607 0540 ehRecvr - ok
04:01:46.0638 0540 ehSched (d389bff34f80caede417bf9d1507996a) C:\Windows\ehome\ehsched.exe
04:01:46.0685 0540 ehSched - ok
04:01:46.0794 0540 EhttpSrv (96fc9ad2c1b008424093f5367ca1ae3e) C:\Program Files\ESET\ESET NOD32 Antivirus\EHttpSrv.exe
04:01:46.0794 0540 EhttpSrv - ok
04:01:46.0872 0540 ekrn (d543e7e8bcae3f5d256335eee809adf5) C:\Program Files\ESET\ESET NOD32 Antivirus\ekrn.exe
04:01:46.0903 0540 ekrn - ok
04:01:47.0044 0540 elxstor (0ed67910c8c326796faa00b2bf6d9d3c) C:\Windows\system32\DRIVERS\elxstor.sys
04:01:47.0059 0540 elxstor - ok
04:01:47.0075 0540 epfwwfpr (e765465a526dccd9fd7ad29d602e150a) C:\Windows\system32\DRIVERS\epfwwfpr.sys
04:01:47.0090 0540 epfwwfpr - ok
04:01:47.0137 0540 ErrDev (8fc3208352dd3912c94367a206ab3f11) C:\Windows\system32\drivers\errdev.sys
04:01:47.0200 0540 ErrDev - ok
04:01:47.0278 0540 EventSystem (f6916efc29d9953d5d0df06882ae8e16) C:\Windows\system32\es.dll
04:01:47.0371 0540 EventSystem - ok
04:01:47.0512 0540 EvtEng (1d819278f825140655e77961bad07262) C:\Program Files\Intel\WiFi\bin\EvtEng.exe
04:01:47.0527 0540 EvtEng - ok
04:01:47.0574 0540 exfat (2dc9108d74081149cc8b651d3a26207f) C:\Windows\system32\drivers\exfat.sys
04:01:47.0605 0540 exfat - ok
04:01:47.0652 0540 fastfat (7e0ab74553476622fb6ae36f73d97d35) C:\Windows\system32\drivers\fastfat.sys
04:01:47.0683 0540 fastfat - ok
04:01:47.0746 0540 Fax (967ea5b213e9984cbe270205df37755b) C:\Windows\system32\fxssvc.exe
04:01:47.0824 0540 Fax - ok
04:01:47.0839 0540 fdc (e817a017f82df2a1f8cfdbda29388b29) C:\Windows\system32\DRIVERS\fdc.sys
04:01:47.0886 0540 fdc - ok
04:01:47.0902 0540 fdPHost (f3222c893bd2f5821a0179e5c71e88fb) C:\Windows\system32\fdPHost.dll
04:01:47.0948 0540 fdPHost - ok
04:01:47.0964 0540 FDResPub (7dbe8cbfe79efbdeb98c9fb08d3a9a5b) C:\Windows\system32\fdrespub.dll
04:01:47.0995 0540 FDResPub - ok
04:01:48.0011 0540 FileInfo (6cf00369c97f3cf563be99be983d13d8) C:\Windows\system32\drivers\fileinfo.sys
04:01:48.0026 0540 FileInfo - ok
04:01:48.0042 0540 Filetrace (42c51dc94c91da21cb9196eb64c45db9) C:\Windows\system32\drivers\filetrace.sys
04:01:48.0058 0540 Filetrace - ok
04:01:48.0089 0540 flpydisk (87907aa70cb3c56600f1c2fb8841579b) C:\Windows\system32\DRIVERS\flpydisk.sys
04:01:48.0104 0540 flpydisk - ok
04:01:48.0136 0540 FltMgr (7520ec808e0c35e0ee6f841294316653) C:\Windows\system32\drivers\fltmgr.sys
04:01:48.0151 0540 FltMgr - ok
04:01:48.0229 0540 FontCache (b3a5ec6b6b6673db7e87c2bcdbddc074) C:\Windows\system32\FntCache.dll
04:01:48.0510 0540 FontCache - ok
04:01:48.0962 0540 FontCache3.0.0.0 (e56f39f6b7fda0ac77a79b0fd3de1a2f) C:\Windows\Microsoft.Net\Framework\v3.0\WPF\PresentationFontCache.exe
04:01:48.0962 0540 FontCache3.0.0.0 - ok
04:01:48.0978 0540 FsDepends (1a16b57943853e598cff37fe2b8cbf1d) C:\Windows\system32\drivers\FsDepends.sys
04:01:48.0994 0540 FsDepends - ok
04:01:49.0040 0540 fssfltr (bfaaa92861526bb0adcd01e964ab6609) C:\Windows\system32\DRIVERS\fssfltr.sys
04:01:49.0056 0540 fssfltr - ok
04:01:49.0274 0540 fsssvc (40cdfad174b3d5e80f95dda003c0b97f) C:\Program Files\Windows Live\Family Safety\fsssvc.exe
04:01:49.0352 0540 fsssvc - ok
04:01:49.0477 0540 Fs_Rec (7dae5ebcc80e45d3253f4923dc424d05) C:\Windows\system32\drivers\Fs_Rec.sys
04:01:49.0493 0540 Fs_Rec - ok
04:01:49.0540 0540 FUJ02E3 (ef9f310f86fd504afcdcedf8280091fb) C:\Windows\system32\DRIVERS\FUJ02E3.sys
04:01:49.0571 0540 FUJ02E3 - ok
04:01:49.0649 0540 fvevol (8a73e79089b282100b9393b644cb853b) C:\Windows\system32\DRIVERS\fvevol.sys
04:01:49.0664 0540 fvevol - ok
04:01:49.0727 0540 gagp30kx (65ee0c7a58b65e74ae05637418153938) C:\Windows\system32\DRIVERS\gagp30kx.sys
04:01:49.0727 0540 gagp30kx - ok
04:01:49.0789 0540 GEARAspiWDM (8182ff89c65e4d38b2de4bb0fb18564e) C:\Windows\system32\DRIVERS\GEARAspiWDM.sys
04:01:49.0805 0540 GEARAspiWDM - ok
04:01:49.0867 0540 gpsvc (e897eaf5ed6ba41e081060c9b447a673) C:\Windows\System32\gpsvc.dll
04:01:49.0914 0540 gpsvc - ok
04:01:49.0930 0540 hcw85cir (c44e3c2bab6837db337ddee7544736db) C:\Windows\system32\drivers\hcw85cir.sys
04:01:49.0961 0540 hcw85cir - ok
04:01:50.0054 0540 HdAudAddService (a5ef29d5315111c80a5c1abad14c8972) C:\Windows\system32\drivers\HdAudio.sys
04:01:50.0086 0540 HdAudAddService - ok
04:01:50.0148 0540 HDAudBus (9036377b8a6c15dc2eec53e489d159b5) C:\Windows\system32\drivers\HDAudBus.sys
04:01:50.0179 0540 HDAudBus - ok
04:01:50.0210 0540 HidBatt (1d58a7f3e11a9731d0eaaaa8405acc36) C:\Windows\system32\DRIVERS\HidBatt.sys
04:01:50.0226 0540 HidBatt - ok
04:01:50.0257 0540 HidBth (89448f40e6df260c206a193a4683ba78) C:\Windows\system32\DRIVERS\hidbth.sys
04:01:50.0273 0540 HidBth - ok
04:01:50.0304 0540 HidIr (cf50b4cf4a4f229b9f3c08351f99ca5e) C:\Windows\system32\DRIVERS\hidir.sys
04:01:50.0320 0540 HidIr - ok
04:01:50.0351 0540 hidserv (2bc6f6a1992b3a77f5f41432ca6b3b6b) C:\Windows\System32\hidserv.dll
04:01:50.0398 0540 hidserv - ok
04:01:50.0429 0540 HidUsb (10c19f8290891af023eaec0832e1eb4d) C:\Windows\system32\DRIVERS\hidusb.sys
04:01:50.0460 0540 HidUsb - ok
04:01:50.0491 0540 hkmsvc (196b4e3f4cccc24af836ce58facbb699) C:\Windows\system32\kmsvc.dll
04:01:50.0522 0540 hkmsvc - ok
04:01:50.0538 0540 HomeGroupListener (6658f4404de03d75fe3ba09f7aba6a30) C:\Windows\system32\ListSvc.dll
04:01:50.0616 0540 HomeGroupListener - ok
04:01:50.0647 0540 HomeGroupProvider (dbc02d918fff1cad628acbe0c0eaa8e8) C:\Windows\system32\provsvc.dll
04:01:50.0741 0540 HomeGroupProvider - ok
04:01:50.0819 0540 HpSAMD (295fdc419039090eb8b49ffdbb374549) C:\Windows\system32\drivers\HpSAMD.sys
04:01:50.0834 0540 HpSAMD - ok
04:01:50.0897 0540 HTTP (871917b07a141bff43d76d8844d48106) C:\Windows\system32\drivers\HTTP.sys
04:01:50.0928 0540 HTTP - ok
04:01:50.0975 0540 hwpolicy (0c4e035c7f105f1299258c90886c64c5) C:\Windows\system32\drivers\hwpolicy.sys
04:01:50.0975 0540 hwpolicy - ok
04:01:51.0037 0540 i8042prt (f151f0bdc47f4a28b1b20a0818ea36d6) C:\Windows\system32\drivers\i8042prt.sys
04:01:51.0053 0540 i8042prt - ok
04:01:51.0115 0540 iaStorV (5cd5f9a5444e6cdcb0ac89bd62d8b76e) C:\Windows\system32\drivers\iaStorV.sys
04:01:51.0131 0540 iaStorV - ok
04:01:51.0287 0540 idsvc (c521d7eb6497bb1af6afa89e322fb43c) C:\Windows\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe
04:01:51.0302 0540 idsvc - ok
04:01:51.0349 0540 iirsp (4173ff5708f3236cf25195fecd742915) C:\Windows\system32\DRIVERS\iirsp.sys
04:01:51.0365 0540 iirsp - ok
04:01:51.0427 0540 IKEEXT (f95622f161474511b8d80d6b093aa610) C:\Windows\System32\ikeext.dll
04:01:51.0458 0540 IKEEXT - ok
04:01:51.0474 0540 intelide (a0f12f2c9ba6c72f3987ce780e77c130) C:\Windows\system32\drivers\intelide.sys
04:01:51.0490 0540 intelide - ok
04:01:51.0505 0540 intelppm (3b514d27bfc4accb4037bc6685f766e0) C:\Windows\system32\DRIVERS\intelppm.sys
04:01:51.0536 0540 intelppm - ok
04:01:51.0583 0540 IPBusEnum (acb364b9075a45c0736e5c47be5cae19) C:\Windows\system32\ipbusenum.dll
04:01:51.0630 0540 IPBusEnum - ok
04:01:51.0646 0540 IpFilterDriver (709d1761d3b19a932ff0238ea6d50200) C:\Windows\system32\DRIVERS\ipfltdrv.sys
04:01:51.0677 0540 IpFilterDriver - ok
04:01:51.0739 0540 iphlpsvc (4d65a07b795d6674312f879d09aa7663) C:\Windows\System32\iphlpsvc.dll
04:01:51.0770 0540 iphlpsvc - ok
04:01:51.0786 0540 IPMIDRV (4bd7134618c1d2a27466a099062547bf) C:\Windows\system32\drivers\IPMIDrv.sys
04:01:51.0817 0540 IPMIDRV - ok
04:01:51.0848 0540 IPNAT (a5fa468d67abcdaa36264e463a7bb0cd) C:\Windows\system32\drivers\ipnat.sys
04:01:51.0864 0540 IPNAT - ok
04:01:52.0020 0540 iPod Service (e6be7a41a28d8f2db174957454d32448) C:\Program Files\iPod\bin\iPodService.exe
04:01:52.0036 0540 iPod Service - ok
04:01:52.0051 0540 IRENUM (42996cff20a3084a56017b7902307e9f) C:\Windows\system32\drivers\irenum.sys
04:01:52.0098 0540 IRENUM - ok
04:01:52.0129 0540 isapnp (1f32bb6b38f62f7df1a7ab7292638a35) C:\Windows\system32\drivers\isapnp.sys
04:01:52.0145 0540 isapnp - ok
04:01:52.0176 0540 iScsiPrt (cb7a9abb12b8415bce5d74994c7ba3ae) C:\Windows\system32\drivers\msiscsi.sys
04:01:52.0192 0540 iScsiPrt - ok
04:01:52.0238 0540 kbdclass (adef52ca1aeae82b50df86b56413107e) C:\Windows\system32\DRIVERS\kbdclass.sys
04:01:52.0254 0540 kbdclass - ok
04:01:52.0301 0540 kbdhid (9e3ced91863e6ee98c24794d05e27a71) C:\Windows\system32\DRIVERS\kbdhid.sys
04:01:52.0332 0540 kbdhid - ok
04:01:52.0410 0540 KeyIso (81951f51e318aecc2d68559e47485cc4) C:\Windows\system32\lsass.exe
04:01:52.0426 0540 KeyIso - ok
04:01:52.0457 0540 KSecDD (b7895b4182c0d16f6efadeb8081e8d36) C:\Windows\system32\Drivers\ksecdd.sys
04:01:52.0472 0540 KSecDD - ok
04:01:52.0504 0540 KSecPkg (d30159ac9237519fbc62c6ec247d2d46) C:\Windows\system32\Drivers\ksecpkg.sys
04:01:52.0519 0540 KSecPkg - ok
04:01:52.0582 0540 KtmRm (89a7b9cc98d0d80c6f31b91c0a310fcd) C:\Windows\system32\msdtckrm.dll
04:01:52.0628 0540 KtmRm - ok
04:01:52.0660 0540 LanmanServer (d64af876d53eca3668bb97b51b4e70ab) C:\Windows\System32\srvsvc.dll
04:01:52.0706 0540 LanmanServer - ok
04:01:52.0753 0540 LanmanWorkstation (58405e4f68ba8e4057c6e914f326aba2) C:\Windows\System32\wkssvc.dll
04:01:52.0800 0540 LanmanWorkstation - ok
04:01:52.0831 0540 lltdio (f7611ec07349979da9b0ae1f18ccc7a6) C:\Windows\system32\DRIVERS\lltdio.sys
04:01:52.0862 0540 lltdio - ok
04:01:52.0909 0540 lltdsvc (5700673e13a2117fa3b9020c852c01e2) C:\Windows\System32\lltdsvc.dll
04:01:52.0972 0540 lltdsvc - ok
04:01:53.0050 0540 lmhosts (55ca01ba19d0006c8f2639b6c045e08b) C:\Windows\System32\lmhsvc.dll
04:01:53.0081 0540 lmhosts - ok
04:01:53.0128 0540 LSI_FC (eb119a53ccf2acc000ac71b065b78fef) C:\Windows\system32\DRIVERS\lsi_fc.sys
04:01:53.0143 0540 LSI_FC - ok
04:01:53.0159 0540 LSI_SAS (8ade1c877256a22e49b75d1cc9161f9c) C:\Windows\system32\DRIVERS\lsi_sas.sys
04:01:53.0174 0540 LSI_SAS - ok
04:01:53.0190 0540 LSI_SAS2 (dc9dc3d3daa0e276fd2ec262e38b11e9) C:\Windows\system32\DRIVERS\lsi_sas2.sys
04:01:53.0206 0540 LSI_SAS2 - ok
04:01:53.0237 0540 LSI_SCSI (0a036c7d7cab643a7f07135ac47e0524) C:\Windows\system32\DRIVERS\lsi_scsi.sys
04:01:53.0252 0540 LSI_SCSI - ok
04:01:53.0268 0540 luafv (6703e366cc18d3b6e534f5cf7df39cee) C:\Windows\system32\drivers\luafv.sys
04:01:53.0315 0540 luafv - ok
04:01:53.0393 0540 LVRS (ed643e777ba3f7151ef3f0fb6be4f7f0) C:\Windows\system32\DRIVERS\lvrs.sys
04:01:53.0408 0540 LVRS - ok
04:01:53.0658 0540 LVUVC (5bc80451109a8dd7f2ddd35bce2929a3) C:\Windows\system32\DRIVERS\lvuvc.sys
04:01:53.0736 0540 LVUVC - ok
04:01:53.0876 0540 Mcx2Svc (bfb9ee8ee977efe85d1a3105abef6dd1) C:\Windows\system32\Mcx2Svc.dll
04:01:53.0892 0540 Mcx2Svc - ok
04:01:54.0017 0540 megasas (0fff5b045293002ab38eb1fd1fc2fb74) C:\Windows\system32\DRIVERS\megasas.sys
04:01:54.0032 0540 megasas - ok
04:01:54.0048 0540 MegaSR (dcbab2920c75f390caf1d29f675d03d6) C:\Windows\system32\DRIVERS\MegaSR.sys
04:01:54.0064 0540 MegaSR - ok
04:01:54.0079 0540 MMCSS (146b6f43a673379a3c670e86d89be5ea) C:\Windows\system32\mmcss.dll
04:01:54.0126 0540 MMCSS - ok
04:01:54.0142 0540 Modem (f001861e5700ee84e2d4e52c712f4964) C:\Windows\system32\drivers\modem.sys
04:01:54.0188 0540 Modem - ok
04:01:54.0235 0540 monitor (79d10964de86b292320e9dfe02282a23) C:\Windows\system32\DRIVERS\monitor.sys
04:01:54.0266 0540 monitor - ok
04:01:54.0407 0540 MotoHelper (9dfd34e6841c460b5d992a1c5327ae69) C:\Program Files\Motorola\MotoHelper\MotoHelperService.exe
04:01:54.0422 0540 MotoHelper - ok
04:01:54.0454 0540 mouclass (fb18cc1d4c2e716b6b903b0ac0cc0609) C:\Windows\system32\DRIVERS\mouclass.sys
04:01:54.0469 0540 mouclass - ok
04:01:54.0516 0540 mouhid (2c388d2cd01c9042596cf3c8f3c7b24d) C:\Windows\system32\DRIVERS\mouhid.sys
04:01:54.0547 0540 mouhid - ok
04:01:54.0610 0540 mountmgr (fc8771f45ecccfd89684e38842539b9b) C:\Windows\system32\drivers\mountmgr.sys
04:01:54.0625 0540 mountmgr - ok
04:01:54.0750 0540 MozillaMaintenance (46297fa8e30a6007f14118fc2b942fbc) C:\Program Files\Mozilla Maintenance Service\maintenanceservice.exe
04:01:54.0766 0540 MozillaMaintenance - ok
04:01:54.0812 0540 mpio (2d699fb6e89ce0d8da14ecc03b3edfe0) C:\Windows\system32\drivers\mpio.sys
04:01:54.0828 0540 mpio - ok
04:01:54.0828 0540 mpsdrv (ad2723a7b53dd1aacae6ad8c0bfbf4d0) C:\Windows\system32\drivers\mpsdrv.sys
04:01:54.0875 0540 mpsdrv - ok
04:01:54.0922 0540 MpsSvc (9835584e999d25004e1ee8e5f3e3b881) C:\Windows\system32\mpssvc.dll
04:01:54.0984 0540 MpsSvc - ok
04:01:55.0000 0540 MRxDAV (ceb46ab7c01c9f825f8cc6babc18166a) C:\Windows\system32\drivers\mrxdav.sys
04:01:55.0031 0540 MRxDAV - ok
04:01:55.0078 0540 mrxsmb (5d16c921e3671636c0eba3bbaac5fd25) C:\Windows\system32\DRIVERS\mrxsmb.sys
04:01:55.0140 0540 mrxsmb - ok
04:01:55.0156 0540 mrxsmb10 (6d17a4791aca19328c685d256349fefc) C:\Windows\system32\DRIVERS\mrxsmb10.sys
04:01:55.0171 0540 mrxsmb10 - ok
04:01:55.0234 0540 mrxsmb20 (b81f204d146000be76651a50670a5e9e) C:\Windows\system32\DRIVERS\mrxsmb20.sys
04:01:55.0249 0540 mrxsmb20 - ok
04:01:55.0296 0540 msahci (012c5f4e9349e711e11e0f19a8589f0a) C:\Windows\system32\drivers\msahci.sys
04:01:55.0296 0540 msahci - ok
04:01:55.0327 0540 msdsm (55055f8ad8be27a64c831322a780a228) C:\Windows\system32\drivers\msdsm.sys
04:01:55.0343 0540 msdsm - ok
04:01:55.0390 0540 MSDTC (e1bce74a3bd9902b72599c0192a07e27) C:\Windows\System32\msdtc.exe
04:01:55.0421 0540 MSDTC - ok
04:01:55.0483 0540 MSDV (114b67c324d64c8195fd3bf93b4df02a) C:\Windows\system32\DRIVERS\msdv.sys
04:01:55.0499 0540 MSDV - ok
04:01:55.0530 0540 Msfs (daefb28e3af5a76abcc2c3078c07327f) C:\Windows\system32\drivers\Msfs.sys
04:01:55.0561 0540 Msfs - ok
04:01:55.0577 0540 mshidkmdf (3e1e5767043c5af9367f0056295e9f84) C:\Windows\System32\drivers\mshidkmdf.sys
04:01:55.0592 0540 mshidkmdf - ok
04:01:55.0624 0540 msisadrv (0a4e5757ae09fa9622e3158cc1aef114) C:\Windows\system32\drivers\msisadrv.sys
04:01:55.0624 0540 msisadrv - ok
04:01:55.0686 0540 MSiSCSI (90f7d9e6b6f27e1a707d4a297f077828) C:\Windows\system32\iscsiexe.dll
04:01:55.0717 0540 MSiSCSI - ok
04:01:55.0717 0540 msiserver - ok
04:01:55.0748 0540 MSKSSRV (8c0860d6366aaffb6c5bb9df9448e631) C:\Windows\system32\drivers\MSKSSRV.sys
04:01:55.0795 0540 MSKSSRV - ok
04:01:55.0842 0540 MSPCLOCK (3ea8b949f963562cedbb549eac0c11ce) C:\Windows\system32\drivers\MSPCLOCK.sys
04:01:55.0889 0540 MSPCLOCK - ok
04:01:55.0920 0540 MSPQM (f456e973590d663b1073e9c463b40932) C:\Windows\system32\drivers\MSPQM.sys
04:01:55.0951 0540 MSPQM - ok
04:01:55.0967 0540 MsRPC (0e008fc4819d238c51d7c93e7b41e560) C:\Windows\system32\drivers\MsRPC.sys
04:01:55.0982 0540 MsRPC - ok
04:01:55.0998 0540 mssmbios (fc6b9ff600cc585ea38b12589bd4e246) C:\Windows\system32\drivers\mssmbios.sys
04:01:56.0014 0540 mssmbios - ok
04:01:56.0029 0540 MSTEE (b42c6b921f61a6e55159b8be6cd54a36) C:\Windows\system32\drivers\MSTEE.sys
04:01:56.0060 0540 MSTEE - ok
04:01:56.0076 0540 MTConfig (33599130f44e1f34631cea241de8ac84) C:\Windows\system32\DRIVERS\MTConfig.sys
04:01:56.0107 0540 MTConfig - ok
04:01:56.0138 0540 Mup (159fad02f64e6381758c990f753bcc80) C:\Windows\system32\Drivers\mup.sys
04:01:56.0154 0540 Mup - ok
04:01:56.0201 0540 napagent (61d57a5d7c6d9afe10e77dae6e1b445e) C:\Windows\system32\qagentRT.dll
04:01:56.0263 0540 napagent - ok
04:01:56.0310 0540 NativeWifiP (26384429fcd85d83746f63e798ab1480) C:\Windows\system32\DRIVERS\nwifi.sys
04:01:56.0326 0540 NativeWifiP - ok
04:01:56.0404 0540 NDIS (e7c54812a2aaf43316eb6930c1ffa108) C:\Windows\system32\drivers\ndis.sys
04:01:56.0435 0540 NDIS - ok
04:01:56.0466 0540 NdisCap (0e1787aa6c9191d3d319e8bafe86f80c) C:\Windows\system32\DRIVERS\ndiscap.sys
04:01:56.0497 0540 NdisCap - ok
04:01:56.0544 0540 NdisTapi (e4a8aec125a2e43a9e32afeea7c9c888) C:\Windows\system32\DRIVERS\ndistapi.sys
04:01:56.0575 0540 NdisTapi - ok
04:01:56.0622 0540 Ndisuio (d8a65dafb3eb41cbb622745676fcd072) C:\Windows\system32\DRIVERS\ndisuio.sys
04:01:56.0653 0540 Ndisuio - ok
04:01:56.0684 0540 NdisWan (38fbe267e7e6983311179230facb1017) C:\Windows\system32\DRIVERS\ndiswan.sys
04:01:56.0700 0540 NdisWan - ok
04:01:56.0731 0540 NDProxy (a4bdc541e69674fbff1a8ff00be913f2) C:\Windows\system32\drivers\NDProxy.sys
04:01:56.0762 0540 NDProxy - ok
04:01:56.0794 0540 Netaapl (1352e1648213551923a0a822e441553c) C:\Windows\system32\DRIVERS\netaapl.sys
04:01:56.0840 0540 Netaapl - ok
04:01:56.0856 0540 NetBIOS (80b275b1ce3b0e79909db7b39af74d51) C:\Windows\system32\DRIVERS\netbios.sys
04:01:56.0887 0540 NetBIOS - ok
04:01:56.0934 0540 NetBT (280122ddcf04b378edd1ad54d71c1e54) C:\Windows\system32\DRIVERS\netbt.sys
04:01:56.0965 0540 NetBT - ok
04:01:56.0996 0540 Netlogon (81951f51e318aecc2d68559e47485cc4) C:\Windows\system32\lsass.exe
04:01:57.0012 0540 Netlogon - ok
04:01:57.0106 0540 Netman (7cccfca7510684768da22092d1fa4db2) C:\Windows\System32\netman.dll
04:01:57.0184 0540 Netman - ok
04:01:57.0230 0540 netprofm (8c338238c16777a802d6a9211eb2ba50) C:\Windows\System32\netprofm.dll
04:01:57.0262 0540 netprofm - ok
04:01:57.0340 0540 netr73 (b8dee9e7e8f55138f9bc886519c617c4) C:\Windows\system32\DRIVERS\netr73.sys
04:01:57.0371 0540 netr73 - ok
04:01:57.0511 0540 NetTcpPortSharing (f476ec40033cdb91efbe73eb99b8362d) C:\Windows\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe
04:01:57.0511 0540 NetTcpPortSharing - ok
04:01:57.0792 0540 netw5v32 (58218ec6b61b1169cf54aab0d00f5fe2) C:\Windows\system32\DRIVERS\netw5v32.sys
04:01:57.0870 0540 netw5v32 - ok
04:01:58.0338 0540 NETwLv32 (d4ef7a9767c05905500ec312cb29ef46) C:\Windows\system32\DRIVERS\NETwLv32.sys
04:01:58.0510 0540 NETwLv32 - ok
04:01:58.0603 0540 nfrd960 (1d85c4b390b0ee09c7a46b91efb2c097) C:\Windows\system32\DRIVERS\nfrd960.sys
04:01:58.0619 0540 nfrd960 - ok
04:01:58.0666 0540 NlaSvc (912084381d30d8b89ec4e293053f4710) C:\Windows\System32\nlasvc.dll
04:01:58.0712 0540 NlaSvc - ok
04:01:58.0728 0540 Npfs (1db262a9f8c087e8153d89bef3d2235f) C:\Windows\system32\drivers\Npfs.sys
04:01:58.0759 0540 Npfs - ok
04:01:58.0790 0540 nsi (ba387e955e890c8a88306d9b8d06bf17) C:\Windows\system32\nsisvc.dll
04:01:58.0822 0540 nsi - ok
04:01:58.0837 0540 nsiproxy (e9a0a4d07e53d8fea2bb8387a3293c58) C:\Windows\system32\drivers\nsiproxy.sys
04:01:58.0884 0540 nsiproxy - ok
04:01:58.0993 0540 Ntfs (81189c3d7763838e55c397759d49007a) C:\Windows\system32\drivers\Ntfs.sys
04:01:59.0056 0540 Ntfs - ok
04:01:59.0071 0540 Null (f9756a98d69098dca8945d62858a812c) C:\Windows\system32\drivers\Null.sys
04:01:59.0102 0540 Null - ok
04:01:59.0165 0540 nvraid (b3e25ee28883877076e0e1ff877d02e0) C:\Windows\system32\drivers\nvraid.sys
04:01:59.0180 0540 nvraid - ok
04:01:59.0305 0540 nvstor (4380e59a170d88c4f1022eff6719a8a4) C:\Windows\system32\drivers\nvstor.sys
04:01:59.0321 0540 nvstor - ok
04:01:59.0383 0540 nv_agp (5a0983915f02bae73267cc2a041f717d) C:\Windows\system32\drivers\nv_agp.sys
04:01:59.0399 0540 nv_agp - ok
04:01:59.0477 0540 O2MDRDR (634ff60f418792906887b3d6ceecb431) C:\Windows\system32\DRIVERS\o2media.sys
04:01:59.0508 0540 O2MDRDR - ok
04:01:59.0539 0540 ohci1394 (08a70a1f2cdde9bb49b885cb817a66eb) C:\Windows\system32\drivers\ohci1394.sys
04:01:59.0555 0540 ohci1394 - ok
04:01:59.0602 0540 p2pimsvc (82a8521ddc60710c3d3d3e7325209bec) C:\Windows\system32\pnrpsvc.dll
04:01:59.0648 0540 p2pimsvc - ok
04:01:59.0695 0540 p2psvc (59c3ddd501e39e006dac31bf55150d91) C:\Windows\system32\p2psvc.dll
04:01:59.0773 0540 p2psvc - ok
04:01:59.0820 0540 Parport (2ea877ed5dd9713c5ac74e8ea7348d14) C:\Windows\system32\DRIVERS\parport.sys
04:01:59.0836 0540 Parport - ok
04:01:59.0867 0540 partmgr (3f34a1b4c5f6475f320c275e63afce9b) C:\Windows\system32\drivers\partmgr.sys
04:01:59.0882 0540 partmgr - ok
04:01:59.0898 0540 Parvdm (eb0a59f29c19b86479d36b35983daadc) C:\Windows\system32\DRIVERS\parvdm.sys
04:01:59.0914 0540 Parvdm - ok
04:01:59.0945 0540 PcaSvc (358ab7956d3160000726574083dfc8a6) C:\Windows\System32\pcasvc.dll
04:01:59.0960 0540 PcaSvc - ok
04:01:59.0992 0540 pci (673e55c3498eb970088e812ea820aa8f) C:\Windows\system32\drivers\pci.sys
04:02:00.0007 0540 pci - ok
04:02:00.0038 0540 pciide (afe86f419014db4e5593f69ffe26ce0a) C:\Windows\system32\drivers\pciide.sys
04:02:00.0054 0540 pciide - ok
04:02:00.0070 0540 pcmcia (f396431b31693e71e8a80687ef523506) C:\Windows\system32\DRIVERS\pcmcia.sys
04:02:00.0085 0540 pcmcia - ok
04:02:00.0101 0540 pcw (250f6b43d2b613172035c6747aeeb19f) C:\Windows\system32\drivers\pcw.sys
04:02:00.0116 0540 pcw - ok
04:02:00.0194 0540 PEAUTH (9e0104ba49f4e6973749a02bf41344ed) C:\Windows\system32\drivers\peauth.sys
04:02:00.0226 0540 PEAUTH - ok
04:02:00.0350 0540 PeerDistSvc (af4d64d2a57b9772cf3801950b8058a6) C:\Windows\system32\peerdistsvc.dll
04:02:00.0397 0540 PeerDistSvc - ok
04:02:00.0538 0540 pla (414bba67a3ded1d28437eb66aeb8a720) C:\Windows\system32\pla.dll
04:02:00.0600 0540 pla - ok
04:02:00.0756 0540 PlugPlay (ec7bc28d207da09e79b3e9faf8b232ca) C:\Windows\system32\umpnpmgr.dll
04:02:00.0818 0540 PlugPlay - ok
04:02:00.0850 0540 PNRPAutoReg (63ff8572611249931eb16bb8eed6afc8) C:\Windows\system32\pnrpauto.dll
04:02:00.0881 0540 PNRPAutoReg - ok
04:02:00.0912 0540 PNRPsvc (82a8521ddc60710c3d3d3e7325209bec) C:\Windows\system32\pnrpsvc.dll
04:02:00.0943 0540 PNRPsvc - ok
04:02:00.0974 0540 PolicyAgent (53946b69ba0836bd95b03759530c81ec) C:\Windows\System32\ipsecsvc.dll
04:02:01.0037 0540 PolicyAgent - ok
04:02:01.0068 0540 Power (f87d30e72e03d579a5199ccb3831d6ea) C:\Windows\system32\umpo.dll
04:02:01.0115 0540 Power - ok
04:02:01.0193 0540 PptpMiniport (631e3e205ad6d86f2aed6a4a8e69f2db) C:\Windows\system32\DRIVERS\raspptp.sys
04:02:01.0240 0540 PptpMiniport - ok
04:02:01.0255 0540 Processor (85b1e3a0c7585bc4aae6899ec6fcf011) C:\Windows\system32\DRIVERS\processr.sys
04:02:01.0271 0540 Processor - ok
04:02:01.0302 0540 ProfSvc (cadefac453040e370a1bdff3973be00d) C:\Windows\system32\profsvc.dll
04:02:01.0333 0540 ProfSvc - ok
04:02:01.0396 0540 ProtectedStorage (81951f51e318aecc2d68559e47485cc4) C:\Windows\system32\lsass.exe
04:02:01.0411 0540 ProtectedStorage - ok
04:02:01.0442 0540 Psched (6270ccae2a86de6d146529fe55b3246a) C:\Windows\system32\DRIVERS\pacer.sys
04:02:01.0474 0540 Psched - ok
04:02:01.0567 0540 ql2300 (ab95ecf1f6659a60ddc166d8315b0751) C:\Windows\system32\DRIVERS\ql2300.sys
04:02:01.0614 0540 ql2300 - ok
04:02:01.0770 0540 ql40xx (b4dd51dd25182244b86737dc51af2270) C:\Windows\system32\DRIVERS\ql40xx.sys
04:02:01.0786 0540 ql40xx - ok
04:02:01.0832 0540 QWAVE (31ac809e7707eb580b2bdb760390765a) C:\Windows\system32\qwave.dll
04:02:01.0848 0540 QWAVE - ok
04:02:01.0864 0540 QWAVEdrv (584078ca1b95ca72df2a27c336f9719d) C:\Windows\system32\drivers\qwavedrv.sys
04:02:01.0879 0540 QWAVEdrv - ok
04:02:01.0895 0540 RasAcd (30a81b53c766d0133bb86d234e5556ab) C:\Windows\system32\DRIVERS\rasacd.sys
04:02:01.0926 0540 RasAcd - ok
04:02:01.0988 0540 RasAgileVpn (57ec4aef73660166074d8f7f31c0d4fd) C:\Windows\system32\DRIVERS\AgileVpn.sys
04:02:02.0020 0540 RasAgileVpn - ok
04:02:02.0051 0540 RasAuto (a60f1839849c0c00739787fd5ec03f13) C:\Windows\System32\rasauto.dll
04:02:02.0082 0540 RasAuto - ok
04:02:02.0129 0540 Rasl2tp (d9f91eafec2815365cbe6d167e4e332a) C:\Windows\system32\DRIVERS\rasl2tp.sys
04:02:02.0160 0540 Rasl2tp - ok
04:02:02.0207 0540 RasMan (cb9e04dc05eacf5b9a36ca276d475006) C:\Windows\System32\rasmans.dll
04:02:02.0254 0540 RasMan - ok
04:02:02.0285 0540 RasPppoe (0fe8b15916307a6ac12bfb6a63e45507) C:\Windows\system32\DRIVERS\raspppoe.sys
04:02:02.0316 0540 RasPppoe - ok
04:02:02.0347 0540 RasSstp (44101f495a83ea6401d886e7fd70096b) C:\Windows\system32\DRIVERS\rassstp.sys
04:02:02.0425 0540 RasSstp - ok
04:02:02.0441 0540 rdbss (d528bc58a489409ba40334ebf96a311b) C:\Windows\system32\DRIVERS\rdbss.sys
04:02:02.0488 0540 rdbss - ok
04:02:02.0503 0540 rdpbus (0d8f05481cb76e70e1da06ee9f0da9df) C:\Windows\system32\DRIVERS\rdpbus.sys
04:02:02.0519 0540 rdpbus - ok
04:02:02.0550 0540 RDPCDD (23dae03f29d253ae74c44f99e515f9a1) C:\Windows\system32\DRIVERS\RDPCDD.sys
04:02:02.0581 0540 RDPCDD - ok
04:02:02.0612 0540 RDPDR (b973fcfc50dc1434e1970a146f7e3885) C:\Windows\system32\drivers\rdpdr.sys
04:02:02.0659 0540 RDPDR - ok
04:02:02.0706 0540 RDPENCDD (5a53ca1598dd4156d44196d200c94b8a) C:\Windows\system32\drivers\rdpencdd.sys
04:02:02.0737 0540 RDPENCDD - ok
04:02:02.0768 0540 RDPREFMP (44b0a53cd4f27d50ed461dae0c0b4e1f) C:\Windows\system32\drivers\rdprefmp.sys
04:02:02.0815 0540 RDPREFMP - ok
04:02:02.0924 0540 RdpVideoMiniport (68a0387f58e226deee23d9715955572a) C:\Windows\system32\drivers\rdpvideominiport.sys
04:02:02.0956 0540 RdpVideoMiniport - ok
04:02:02.0987 0540 RDPWD (f031683e6d1fea157abb2ff260b51e61) C:\Windows\system32\drivers\RDPWD.sys
04:02:03.0034 0540 RDPWD - ok
04:02:03.0096 0540 rdyboost (518395321dc96fe2c9f0e96ac743b656) C:\Windows\system32\drivers\rdyboost.sys
04:02:03.0112 0540 rdyboost - ok
04:02:03.0174 0540 RecFltr (c7775140fade828e746ff8f93d2dcca0) C:\Windows\system32\Drivers\RecFltr.sys
04:02:03.0236 0540 RecFltr - ok
04:02:03.0330 0540 RegSrvc (1d435126c431a05e9d44d2a5d970598a) C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe
04:02:03.0346 0540 RegSrvc - ok
04:02:03.0455 0540 RemoteAccess (7b5e1419717fac363a31cc302895217a) C:\Windows\System32\mprdim.dll
04:02:03.0486 0540 RemoteAccess - ok
04:02:03.0533 0540 RemoteRegistry (cb9a8683f4ef2bf99e123d79950d7935) C:\Windows\system32\regsvc.dll
04:02:03.0564 0540 RemoteRegistry - ok
04:02:03.0611 0540 RpcEptMapper (78d072f35bc45d9e4e1b61895c152234) C:\Windows\System32\RpcEpMap.dll
04:02:03.0642 0540 RpcEptMapper - ok
04:02:03.0689 0540 RpcLocator (94d36c0e44677dd26981d2bfeef2a29d) C:\Windows\system32\locator.exe
04:02:03.0704 0540 RpcLocator - ok
04:02:03.0751 0540 RpcSs (7660f01d3b38aca1747e397d21d790af) C:\Windows\system32\rpcss.dll
04:02:03.0782 0540 RpcSs - ok
04:02:03.0829 0540 rspndr (032b0d36ad92b582d869879f5af5b928) C:\Windows\system32\DRIVERS\rspndr.sys
04:02:03.0860 0540 rspndr - ok
04:02:03.0907 0540 rt70x86 (ca30e52ada0cab3a29dde5c146644eec) C:\Windows\system32\DRIVERS\netr70.sys
04:02:03.0923 0540 rt70x86 - ok
04:02:03.0970 0540 s3cap (7fa7f2e249a5dcbb7970630e15e1f482) C:\Windows\system32\drivers\vms3cap.sys
04:02:04.0001 0540 s3cap - ok
04:02:04.0016 0540 SamSs (81951f51e318aecc2d68559e47485cc4) C:\Windows\system32\lsass.exe
04:02:04.0032 0540 SamSs - ok
04:02:04.0094 0540 sbp2port (05d860da1040f111503ac416ccef2bca) C:\Windows\system32\drivers\sbp2port.sys
04:02:04.0094 0540 sbp2port - ok
04:02:04.0110 0540 SCardSvr (8fc518ffe9519c2631d37515a68009c4) C:\Windows\System32\SCardSvr.dll
04:02:04.0141 0540 SCardSvr - ok
04:02:04.0172 0540 scfilter (0693b5ec673e34dc147e195779a4dcf6) C:\Windows\system32\DRIVERS\scfilter.sys
04:02:04.0204 0540 scfilter - ok
04:02:04.0282 0540 Schedule (a04bb13f8a72f8b6e8b4071723e4e336) C:\Windows\system32\schedsvc.dll
04:02:04.0328 0540 Schedule - ok
04:02:04.0360 0540 SCPolicySvc (319c6b309773d063541d01df8ac6f55f) C:\Windows\System32\certprop.dll
04:02:04.0391 0540 SCPolicySvc - ok
04:02:04.0469 0540 sdbus (0328be1c7f1cba23848179f8762e391c) C:\Windows\system32\drivers\sdbus.sys
04:02:04.0469 0540 sdbus - ok
04:02:04.0516 0540 SDRSVC (08236c4bce5edd0a0318a438af28e0f7) C:\Windows\System32\SDRSVC.dll
04:02:04.0578 0540 SDRSVC - ok
04:02:04.0687 0540 SeaPort (78779ee07231c658b483b1f38b5088df) C:\Program Files\Microsoft\BingBar\SeaPort.EXE
04:02:04.0703 0540 SeaPort - ok
04:02:04.0750 0540 secdrv (90a3935d05b494a5a39d37e71f09a677) C:\Windows\system32\drivers\secdrv.sys
04:02:04.0796 0540 secdrv - ok
04:02:04.0812 0540 seclogon (a59b3a4442c52060cc7a85293aa3546f) C:\Windows\system32\seclogon.dll
04:02:04.0843 0540 seclogon - ok
04:02:04.0874 0540 SENS (dcb7fcdcc97f87360f75d77425b81737) C:\Windows\system32\sens.dll
04:02:04.0906 0540 SENS - ok
04:02:04.0937 0540 SensrSvc (50087fe1ee447009c9cc2997b90de53f) C:\Windows\system32\sensrsvc.dll
04:02:04.0984 0540 SensrSvc - ok
04:02:04.0999 0540 Serenum (9ad8b8b515e3df6acd4212ef465de2d1) C:\Windows\system32\DRIVERS\serenum.sys
04:02:05.0015 0540 Serenum - ok
04:02:05.0030 0540 Serial (5fb7fcea0490d821f26f39cc5ea3d1e2) C:\Windows\system32\DRIVERS\serial.sys
04:02:05.0077 0540 Serial - ok
04:02:05.0124 0540 sermouse (79bffb520327ff916a582dfea17aa813) C:\Windows\system32\DRIVERS\sermouse.sys
04:02:05.0140 0540 sermouse - ok
04:02:05.0202 0540 SessionEnv (4ae380f39a0032eab7dd953030b26d28) C:\Windows\system32\sessenv.dll
04:02:05.0233 0540 SessionEnv - ok
04:02:05.0280 0540 sffdisk (9f976e1eb233df46fce808d9dea3eb9c) C:\Windows\system32\DRIVERS\sffdisk.sys
04:02:05.0311 0540 sffdisk - ok
04:02:05.0327 0540 sffp_mmc (932a68ee27833cfd57c1639d375f2731) C:\Windows\system32\drivers\sffp_mmc.sys
04:02:05.0358 0540 sffp_mmc - ok
04:02:05.0374 0540 sffp_sd (6d4ccaedc018f1cf52866bbbaa235982) C:\Windows\system32\DRIVERS\sffp_sd.sys
04:02:05.0405 0540 sffp_sd - ok
04:02:05.0405 0540 sfloppy (db96666cc8312ebc45032f30b007a547) C:\Windows\system32\DRIVERS\sfloppy.sys
04:02:05.0436 0540 sfloppy - ok
04:02:05.0498 0540 SharedAccess (d1a079a0de2ea524513b6930c24527a2) C:\Windows\System32\ipnathlp.dll
04:02:05.0561 0540 SharedAccess - ok
04:02:05.0623 0540 ShellHWDetection (414da952a35bf5d50192e28263b40577) C:\Windows\System32\shsvcs.dll
04:02:05.0654 0540 ShellHWDetection - ok
04:02:05.0686 0540 sisagp (2565cac0dc9fe0371bdce60832582b2e) C:\Windows\system32\drivers\sisagp.sys
04:02:05.0701 0540 sisagp - ok
04:02:05.0717 0540 SiSRaid2 (a9f0486851becb6dda1d89d381e71055) C:\Windows\system32\DRIVERS\SiSRaid2.sys
04:02:05.0732 0540 SiSRaid2 - ok
04:02:05.0748 0540 SiSRaid4 (3727097b55738e2f554972c3be5bc1aa) C:\Windows\system32\DRIVERS\sisraid4.sys
04:02:05.0764 0540 SiSRaid4 - ok
04:02:05.0810 0540 Smb (3e21c083b8a01cb70ba1f09303010fce) C:\Windows\system32\DRIVERS\smb.sys
04:02:05.0842 0540 Smb - ok
04:02:05.0920 0540 SNMPTRAP (6a984831644eca1a33ffeae4126f4f37) C:\Windows\System32\snmptrap.exe
04:02:05.0935 0540 SNMPTRAP - ok
04:02:05.0966 0540 spldr (95cf1ae7527fb70f7816563cbc09d942) C:\Windows\system32\drivers\spldr.sys
04:02:05.0966 0540 spldr - ok
04:02:05.0998 0540 Spooler (866a43013535dc8587c258e43579c764) C:\Windows\System32\spoolsv.exe
04:02:06.0044 0540 Spooler - ok
04:02:06.0247 0540 sppsvc (cf87a1de791347e75b98885214ced2b8) C:\Windows\system32\sppsvc.exe
04:02:06.0325 0540 sppsvc - ok
04:02:06.0450 0540 sppuinotify (b0180b20b065d89232a78a40fe56eaa6) C:\Windows\system32\sppuinotify.dll
04:02:06.0481 0540 sppuinotify - ok
04:02:06.0637 0540 sptd (cdddec541bc3c96f91ecb48759673505) C:\Windows\system32\Drivers\sptd.sys
04:02:06.0637 0540 Suspicious file (NoAccess): C:\Windows\system32\Drivers\sptd.sys. md5: cdddec541bc3c96f91ecb48759673505
04:02:06.0637 0540 sptd ( LockedFile.Multi.Generic ) - warning
04:02:06.0637 0540 sptd - detected LockedFile.Multi.Generic (1)
04:02:06.0684 0540 srv (e4c2764065d66ea1d2d3ebc28fe99c46) C:\Windows\system32\DRIVERS\srv.sys
04:02:06.0715 0540 srv - ok
04:02:06.0762 0540 srv2 (03f0545bd8d4c77fa0ae1ceedfcc71ab) C:\Windows\system32\DRIVERS\srv2.sys
04:02:06.0809 0540 srv2 - ok
04:02:06.0840 0540 srvnet (be6bd660caa6f291ae06a718a4fa8abc) C:\Windows\system32\DRIVERS\srvnet.sys
04:02:06.0871 0540 srvnet - ok
04:02:06.0918 0540 SSDPSRV (d887c9fd02ac9fa880f6e5027a43e118) C:\Windows\System32\ssdpsrv.dll
04:02:06.0949 0540 SSDPSRV - ok
04:02:06.0965 0540 SstpSvc (d318f23be45d5e3a107469eb64815b50) C:\Windows\system32\sstpsvc.dll
04:02:06.0996 0540 SstpSvc - ok
04:02:07.0027 0540 stexstor (db32d325c192b801df274bfd12a7e72b) C:\Windows\system32\DRIVERS\stexstor.sys
04:02:07.0043 0540 stexstor - ok
04:02:07.0105 0540 StillCam (edb05bd63148796f23ea78506404a538) C:\Windows\system32\DRIVERS\serscan.sys
04:02:07.0121 0540 StillCam - ok
04:02:07.0183 0540 StiSvc (e1fb3706030fb4578a0d72c2fc3689e4) C:\Windows\System32\wiaservc.dll
04:02:07.0214 0540 StiSvc - ok
04:02:07.0277 0540 storflt (472af0311073dceceaa8fa18ba2bdf89) C:\Windows\system32\drivers\vmstorfl.sys
04:02:07.0292 0540 storflt - ok
04:02:07.0308 0540 storvsc (dcaffd62259e0bdb433dd67b5bb37619) C:\Windows\system32\drivers\storvsc.sys
04:02:07.0324 0540 storvsc - ok
04:02:07.0339 0540 swenum (e58c78a848add9610a4db6d214af5224) C:\Windows\system32\drivers\swenum.sys
04:02:07.0355 0540 swenum - ok
04:02:07.0386 0540 swprv (a28bd92df340e57b024ba433165d34d7) C:\Windows\System32\swprv.dll
04:02:07.0433 0540 swprv - ok
04:02:07.0464 0540 Synth3dVsc - ok
04:02:07.0558 0540 SysMain (36650d618ca34c9d357dfd3d89b2c56f) C:\Windows\system32\sysmain.dll
04:02:07.0604 0540 SysMain - ok
04:02:07.0636 0540 TabletInputService (763fecdc3d30c815fe72dd57936c6cd1) C:\Windows\System32\TabSvc.dll
04:02:07.0667 0540 TabletInputService - ok
04:02:07.0714 0540 TapiSrv (613bf4820361543956909043a265c6ac) C:\Windows\System32\tapisrv.dll
04:02:07.0745 0540 TapiSrv - ok
04:02:07.0760 0540 TBS (b799d9fdb26111737f58288d8dc172d9) C:\Windows\System32\tbssvc.dll
04:02:07.0792 0540 TBS - ok
04:02:07.0916 0540 Tcpip (7fa2e0f8b072bd04b77b421480b6cc22) C:\Windows\system32\drivers\tcpip.sys
04:02:07.0948 0540 Tcpip - ok
04:02:07.0979 0540 TCPIP6 (7fa2e0f8b072bd04b77b421480b6cc22) C:\Windows\system32\DRIVERS\tcpip.sys
04:02:08.0010 0540 TCPIP6 - ok
04:02:08.0041 0540 tcpipreg (cca24162e055c3714ce5a88b100c64ed) C:\Windows\system32\drivers\tcpipreg.sys
04:02:08.0088 0540 tcpipreg - ok
04:02:08.0119 0540 TDPIPE (1cb91b2bd8f6dd367dfc2ef26fd751b2) C:\Windows\system32\drivers\tdpipe.sys
04:02:08.0150 0540 TDPIPE - ok
04:02:08.0182 0540 TDTCP (2c2c5afe7ee4f620d69c23c0617651a8) C:\Windows\system32\drivers\tdtcp.sys
04:02:08.0213 0540 TDTCP - ok
04:02:08.0228 0540 tdx (b459575348c20e8121d6039da063c704) C:\Windows\system32\DRIVERS\tdx.sys
04:02:08.0260 0540 tdx - ok
04:02:08.0369 0540 TermDD (04dbf4b01ea4bf25a9a3e84affac9b20) C:\Windows\system32\drivers\termdd.sys
04:02:08.0384 0540 TermDD - ok
04:02:08.0447 0540 TermService (382c804c92811be57829d8e550a900e2) C:\Windows\System32\termsrv.dll
04:02:08.0478 0540 TermService - ok
04:02:08.0494 0540 Themes (42fb6afd6b79d9fe07381609172e7ca4) C:\Windows\system32\themeservice.dll
04:02:08.0509 0540 Themes - ok
04:02:08.0540 0540 THREADORDER (146b6f43a673379a3c670e86d89be5ea) C:\Windows\system32\mmcss.dll
04:02:08.0572 0540 THREADORDER - ok
04:02:08.0618 0540 TrkWks (4792c0378db99a9bc2ae2de6cfff0c3a) C:\Windows\System32\trkwks.dll
04:02:08.0665 0540 TrkWks - ok
04:02:08.0712 0540 TrustedInstaller (2c49b175aee1d4364b91b531417fe583) C:\Windows\servicing\TrustedInstaller.exe
04:02:08.0743 0540 TrustedInstaller - ok
04:02:08.0774 0540 tssecsrv (254bb140eee3c59d6114c1a86b636877) C:\Windows\system32\DRIVERS\tssecsrv.sys
04:02:08.0790 0540 tssecsrv - ok
04:02:08.0806 0540 TsUsbFlt (fd1d6c73e6333be727cbcc6054247654) C:\Windows\system32\drivers\tsusbflt.sys
04:02:08.0821 0540 TsUsbFlt - ok
04:02:08.0821 0540 tsusbhub - ok
04:02:08.0915 0540 tunnel (b2fa25d9b17a68bb93d58b0556e8c90d) C:\Windows\system32\DRIVERS\tunnel.sys
04:02:08.0946 0540 tunnel - ok
04:02:08.0977 0540 uagp35 (750fbcb269f4d7dd2e420c56b795db6d) C:\Windows\system32\DRIVERS\uagp35.sys
04:02:08.0993 0540 uagp35 - ok
04:02:09.0040 0540 udfs (ee43346c7e4b5e63e54f927babbb32ff) C:\Windows\system32\DRIVERS\udfs.sys
04:02:09.0071 0540 udfs - ok
04:02:09.0102 0540 UI0Detect (8344fd4fce927880aa1aa7681d4927e5) C:\Windows\system32\UI0Detect.exe
04:02:09.0118 0540 UI0Detect - ok
04:02:09.0180 0540 uliagpkx (44e8048ace47befbfdc2e9be4cbc8880) C:\Windows\system32\drivers\uliagpkx.sys
04:02:09.0196 0540 uliagpkx - ok
04:02:09.0227 0540 umbus (d295bed4b898f0fd999fcfa9b32b071b) C:\Windows\system32\DRIVERS\umbus.sys
04:02:09.0242 0540 umbus - ok
04:02:09.0274 0540 UmPass (7550ad0c6998ba1cb4843e920ee0feac) C:\Windows\system32\DRIVERS\umpass.sys
04:02:09.0289 0540 UmPass - ok
04:02:09.0352 0540 UmRdpService (409994a8eaceee4e328749c0353527a0) C:\Windows\System32\umrdp.dll
04:02:09.0383 0540 UmRdpService - ok
04:02:09.0617 0540 UMVPFSrv (67a95b9d129ed5399e7965cd09cf30e7) C:\Program Files\Common Files\logishrd\LVMVFM\UMVPFSrv.exe
04:02:09.0632 0540 UMVPFSrv - ok
04:02:09.0679 0540 upnphost (833fbb672460efce8011d262175fad33) C:\Windows\System32\upnphost.dll
04:02:09.0710 0540 upnphost - ok
04:02:09.0773 0540 USBAAPL (eafe1e00739afe6c51487a050e772e17) C:\Windows\system32\Drivers\usbaapl.sys
04:02:09.0804 0540 USBAAPL - ok
04:02:09.0851 0540 usbaudio (1d9f2bd026e8e2d45033a4df3f16b78c) C:\Windows\system32\drivers\usbaudio.sys
04:02:09.0866 0540 usbaudio - ok
04:02:09.0882 0540 usbccgp (bd9c55d7023c5de374507acc7a14e2ac) C:\Windows\system32\DRIVERS\usbccgp.sys
04:02:09.0898 0540 usbccgp - ok
04:02:09.0944 0540 usbcir (04ec7cec62ec3b6d9354eee93327fc82) C:\Windows\system32\drivers\usbcir.sys
04:02:09.0960 0540 usbcir - ok
04:02:09.0991 0540 usbehci (f92de757e4b7ce9c07c5e65423f3ae3b) C:\Windows\system32\DRIVERS\usbehci.sys
04:02:10.0007 0540 usbehci - ok
04:02:10.0054 0540 usbhub (8dc94aec6a7e644a06135ae7506dc2e9) C:\Windows\system32\DRIVERS\usbhub.sys
04:02:10.0069 0540 usbhub - ok
04:02:10.0085 0540 usbohci (e185d44fac515a18d9deddc23c2cdf44) C:\Windows\system32\drivers\usbohci.sys
04:02:10.0116 0540 usbohci - ok
04:02:10.0147 0540 usbprint (797d862fe0875e75c7cc4c1ad7b30252) C:\Windows\system32\DRIVERS\usbprint.sys
04:02:10.0163 0540 usbprint - ok
04:02:10.0178 0540 USBSTOR (f991ab9cc6b908db552166768176896a) C:\Windows\system32\DRIVERS\USBSTOR.SYS
04:02:10.0194 0540 USBSTOR - ok
04:02:10.0210 0540 usbuhci (68df884cf41cdada664beb01daf67e3d) C:\Windows\system32\DRIVERS\usbuhci.sys
04:02:10.0225 0540 usbuhci - ok
04:02:10.0241 0540 UxSms (081e6e1c91aec36758902a9f727cd23c) C:\Windows\System32\uxsms.dll
04:02:10.0272 0540 UxSms - ok
04:02:10.0288 0540 VaultSvc (81951f51e318aecc2d68559e47485cc4) C:\Windows\system32\lsass.exe
04:02:10.0303 0540 VaultSvc - ok
04:02:10.0334 0540 vdrvroot (a059c4c3edb09e07d21a8e5c0aabd3cb) C:\Windows\system32\drivers\vdrvroot.sys
04:02:10.0350 0540 vdrvroot - ok
04:02:10.0428 0540 vds (c3cd30495687c2a2f66a65ca6fd89be9) C:\Windows\System32\vds.exe
04:02:10.0475 0540 vds - ok
04:02:10.0475 0540 vga (17c408214ea61696cec9c66e388b14f3) C:\Windows\system32\DRIVERS\vgapnp.sys
04:02:10.0506 0540 vga - ok
04:02:10.0522 0540 VgaSave (8e38096ad5c8570a6f1570a61e251561) C:\Windows\System32\drivers\vga.sys
04:02:10.0553 0540 VgaSave - ok
04:02:10.0553 0540 VGPU - ok
04:02:10.0584 0540 vhdmp (5461686cca2fda57b024547733ab42e3) C:\Windows\system32\drivers\vhdmp.sys
04:02:10.0600 0540 vhdmp - ok
04:02:10.0646 0540 viaagp (c829317a37b4bea8f39735d4b076e923) C:\Windows\system32\drivers\viaagp.sys
04:02:10.0662 0540 viaagp - ok
04:02:10.0693 0540 ViaC7 (e02f079a6aa107f06b16549c6e5c7b74) C:\Windows\system32\DRIVERS\viac7.sys
04:02:10.0709 0540 ViaC7 - ok
04:02:10.0740 0540 viaide (e43574f6a56a0ee11809b48c09e4fd3c) C:\Windows\system32\drivers\viaide.sys
04:02:10.0756 0540 viaide - ok
04:02:10.0787 0540 vmbus (c2f2911156fdc7817c52829c86da494e) C:\Windows\system32\drivers\vmbus.sys
04:02:10.0802 0540 vmbus - ok
04:02:10.0818 0540 VMBusHID (d4d77455211e204f370d08f4963063ce) C:\Windows\system32\drivers\VMBusHID.sys
04:02:10.0834 0540 VMBusHID - ok
04:02:10.0865 0540 volmgr (4c63e00f2f4b5f86ab48a58cd990f212) C:\Windows\system32\drivers\volmgr.sys
04:02:10.0880 0540 volmgr - ok
04:02:10.0896 0540 volmgrx (b5bb72067ddddbbfb04b2f89ff8c3c87) C:\Windows\system32\drivers\volmgrx.sys
04:02:10.0912 0540 volmgrx - ok
04:02:10.0958 0540 volsnap (f497f67932c6fa693d7de2780631cfe7) C:\Windows\system32\drivers\volsnap.sys
04:02:10.0974 0540 volsnap - ok
04:02:11.0005 0540 vsmraid (9dfa0cc2f8855a04816729651175b631) C:\Windows\system32\DRIVERS\vsmraid.sys
04:02:11.0021 0540 vsmraid - ok
04:02:11.0099 0540 VSS (209a3b1901b83aeb8527ed211cce9e4c) C:\Windows\system32\vssvc.exe
04:02:11.0146 0540 VSS - ok
04:02:11.0161 0540 vwifibus (90567b1e658001e79d7c8bbd3dde5aa6) C:\Windows\system32\DRIVERS\vwifibus.sys
04:02:11.0192 0540 vwifibus - ok
04:02:11.0239 0540 vwififlt (7090d3436eeb4e7da3373090a23448f7) C:\Windows\system32\DRIVERS\vwififlt.sys
04:02:11.0255 0540 vwififlt - ok
04:02:11.0333 0540 W32Time (55187fd710e27d5095d10a472c8baf1c) C:\Windows\system32\w32time.dll
04:02:11.0364 0540 W32Time - ok
04:02:11.0364 0540 WacomPen (de3721e89c653aa281428c8a69745d90) C:\Windows\system32\DRIVERS\wacompen.sys
04:02:11.0395 0540 WacomPen - ok
04:02:11.0458 0540 WANARP (3c3c78515f5ab448b022bdf5b8ffdd2e) C:\Windows\system32\DRIVERS\wanarp.sys
04:02:11.0489 0540 WANARP - ok
04:02:11.0504 0540 Wanarpv6 (3c3c78515f5ab448b022bdf5b8ffdd2e) C:\Windows\system32\DRIVERS\wanarp.sys
04:02:11.0520 0540 Wanarpv6 - ok
04:02:11.0551 0540 wanatw (0a716c08cb13c3a8f4f51e882dbf7416) C:\Windows\system32\DRIVERS\wanatw4.sys
04:02:11.0582 0540 wanatw - ok
04:02:11.0707 0540 WatAdminSvc (353a04c273ec58475d8633e75ccd5604) C:\Windows\system32\Wat\WatAdminSvc.exe
04:02:11.0754 0540 WatAdminSvc - ok
04:02:11.0848 0540 wbengine (691e3285e53dca558e1a84667f13e15a) C:\Windows\system32\wbengine.exe
04:02:11.0910 0540 wbengine - ok
04:02:11.0926 0540 WbioSrvc (9614b5d29dc76ac3c29f6d2d3aa70e67) C:\Windows\System32\wbiosrvc.dll
04:02:11.0941 0540 WbioSrvc - ok
04:02:12.0004 0540 wcncsvc (34eee0dfaadb4f691d6d5308a51315dc) C:\Windows\System32\wcncsvc.dll
04:02:12.0035 0540 wcncsvc - ok
04:02:12.0050 0540 WcsPlugInService (5d930b6357a6d2af4d7653bdabbf352f) C:\Windows\System32\WcsPlugInService.dll
04:02:12.0097 0540 WcsPlugInService - ok
04:02:12.0160 0540 Wd (1112a9badacb47b7c0bb0392e3158dff) C:\Windows\system32\DRIVERS\wd.sys
04:02:12.0175 0540 Wd - ok
04:02:12.0238 0540 WDC_SAM (d6efaf429fd30c5df613d220e344cce7) C:\Windows\system32\DRIVERS\wdcsam.sys
04:02:12.0269 0540 WDC_SAM - ok
04:02:12.0316 0540 Wdf01000 (9950e3d0f08141c7e89e64456ae7dc73) C:\Windows\system32\drivers\Wdf01000.sys
04:02:12.0331 0540 Wdf01000 - ok
04:02:12.0362 0540 WdiServiceHost (46ef9dc96265fd0b423db72e7c38c2a5) C:\Windows\system32\wdi.dll
04:02:12.0409 0540 WdiServiceHost - ok
04:02:12.0409 0540 WdiSystemHost (46ef9dc96265fd0b423db72e7c38c2a5) C:\Windows\system32\wdi.dll
04:02:12.0425 0540 WdiSystemHost - ok
04:02:12.0456 0540 WebClient (a9d880f97530d5b8fee278923349929d) C:\Windows\System32\webclnt.dll
04:02:12.0487 0540 WebClient - ok
04:02:12.0518 0540 Wecsvc (760f0afe937a77cff27153206534f275) C:\Windows\system32\wecsvc.dll
04:02:12.0534 0540 Wecsvc - ok
04:02:12.0550 0540 wercplsupport (ac804569bb2364fb6017370258a4091b) C:\Windows\System32\wercplsupport.dll
04:02:12.0581 0540 wercplsupport - ok
04:02:12.0643 0540 WerSvc (08e420d873e4fd85241ee2421b02c4a4) C:\Windows\System32\WerSvc.dll
04:02:12.0674 0540 WerSvc - ok
04:02:12.0721 0540 WfpLwf (8b9a943f3b53861f2bfaf6c186168f79) C:\Windows\system32\DRIVERS\wfplwf.sys
04:02:12.0752 0540 WfpLwf - ok
04:02:12.0768 0540 WIMMount (5cf95b35e59e2a38023836fff31be64c) C:\Windows\system32\drivers\wimmount.sys
04:02:12.0784 0540 WIMMount - ok
04:02:12.0908 0540 WinDefend (3fae8f94296001c32eab62cd7d82e0fd) C:\Program Files\Windows Defender\mpsvc.dll
04:02:12.0940 0540 WinDefend - ok
04:02:12.0955 0540 WinHttpAutoProxySvc - ok
04:02:13.0018 0540 Winmgmt (f62e510b6ad4c21eb9fe8668ed251826) C:\Windows\system32\wbem\WMIsvc.dll
04:02:13.0049 0540 Winmgmt - ok
04:02:13.0142 0540 WinRM (1b91cd34ea3a90ab6a4ef0550174f4cc) C:\Windows\system32\WsmSvc.dll
04:02:13.0267 0540 WinRM - ok
04:02:13.0439 0540 WinUsb (a67e5f9a400f3bd1be3d80613b45f708) C:\Windows\system32\DRIVERS\WinUsb.sys
04:02:13.0454 0540 WinUsb - ok
04:02:13.0517 0540 Wlansvc (16935c98ff639d185086a3529b1f2067) C:\Windows\System32\wlansvc.dll
04:02:13.0548 0540 Wlansvc - ok
04:02:13.0657 0540 wlcrasvc (6067acef367e79914af628fa1e9b5330) C:\Program Files\Windows Live\Mesh\wlcrasvc.exe
04:02:13.0673 0540 wlcrasvc - ok
04:02:13.0813 0540 wlidsvc (fb01d4ae207b9efdbabfc55dc95c7e31) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
04:02:13.0891 0540 wlidsvc - ok
04:02:14.0016 0540 WmiAcpi (0217679b8fca58714c3bf2726d2ca84e) C:\Windows\system32\drivers\wmiacpi.sys
04:02:14.0032 0540 WmiAcpi - ok
04:02:14.0110 0540 wmiApSrv (6eb6b66517b048d87dc1856ddf1f4c3f) C:\Windows\system32\wbem\WmiApSrv.exe
04:02:14.0125 0540 wmiApSrv - ok
04:02:14.0266 0540 WMPNetworkSvc (3b40d3a61aa8c21b88ae57c58ab3122e) C:\Program Files\Windows Media Player\wmpnetwk.exe
04:02:14.0359 0540 WMPNetworkSvc - ok
04:02:14.0375 0540 WNDA3100 - ok
04:02:14.0406 0540 WPCSvc (a2f0ec770a92f2b3f9de6d518e11409c) C:\Windows\System32\wpcsvc.dll
04:02:14.0437 0540 WPCSvc - ok
04:02:14.0468 0540 WPDBusEnum (aa53356d60af47eacc85bc617a4f3f66) C:\Windows\system32\wpdbusenum.dll
04:02:14.0515 0540 WPDBusEnum - ok
04:02:14.0562 0540 ws2ifsl (6db3276587b853bf886b69528fdb048c) C:\Windows\system32\drivers\ws2ifsl.sys
04:02:14.0609 0540 ws2ifsl - ok
04:02:14.0624 0540 wscsvc (6f5d49efe0e7164e03ae773a3fe25340) C:\Windows\system32\wscsvc.dll
04:02:14.0640 0540 wscsvc - ok
04:02:14.0687 0540 WSDPrintDevice (553f6ccd7c58eb98d4a8fbdaf283d7a9) C:\Windows\system32\DRIVERS\WSDPrint.sys
04:02:14.0702 0540 WSDPrintDevice - ok
04:02:14.0702 0540 WSearch - ok
04:02:14.0858 0540 wuauserv (fc3ec24fce372c89423e015a2ac1a31e) C:\Windows\system32\wuaueng.dll
04:02:14.0905 0540 wuauserv - ok
04:02:15.0030 0540 WudfPf (e714a1c0354636837e20ccbf00888ee7) C:\Windows\system32\drivers\WudfPf.sys
04:02:15.0061 0540 WudfPf - ok
04:02:15.0124 0540 WUDFRd (1023ee888c9b47178c5293ed5336ab69) C:\Windows\system32\DRIVERS\WUDFRd.sys
04:02:15.0155 0540 WUDFRd - ok
04:02:15.0170 0540 wudfsvc (8d1e1e529a2c9e9b6a85b55a345f7629) C:\Windows\System32\WUDFSvc.dll
04:02:15.0202 0540 wudfsvc - ok
04:02:15.0217 0540 WwanSvc (ff2d745b560f7c71b31f30f4d49f73d2) C:\Windows\System32\wwansvc.dll
04:02:15.0248 0540 WwanSvc - ok
04:02:15.0311 0540 yukonw7 (b07c5b7efdf936ff93d4f540938725be) C:\Windows\system32\DRIVERS\yk62x86.sys
04:02:15.0326 0540 yukonw7 - ok
04:02:15.0560 0540 ZeroConfigService (fafc9563c64cd7997e7382d2bc30c76c) C:\Program Files\Intel\WiFi\bin\ZeroConfigService.exe
04:02:15.0607 0540 ZeroConfigService - ok
04:02:15.0716 0540 MBR (0x1B8) (a36c5e4f47e84449ff07ed3517b43a31) \Device\Harddisk1\DR1
04:02:16.0122 0540 \Device\Harddisk1\DR1 - ok
04:02:16.0465 0540 MBR (0x1B8) (a36c5e4f47e84449ff07ed3517b43a31) \Device\Harddisk0\DR0
04:02:16.0871 0540 \Device\Harddisk0\DR0 - ok
04:02:16.0871 0540 Boot (0x1200) (326764a9f1d0884f3842285042957ea4) \Device\Harddisk1\DR1\Partition0
04:02:16.0871 0540 \Device\Harddisk1\DR1\Partition0 - ok
04:02:16.0902 0540 Boot (0x1200) (07bb3b29bbecf12950cc14d425d494df) \Device\Harddisk1\DR1\Partition1
04:02:16.0902 0540 \Device\Harddisk1\DR1\Partition1 - ok
04:02:16.0902 0540 Boot (0x1200) (96bb0fc3cdacb77d251e827cd7d4c396) \Device\Harddisk0\DR0\Partition0
04:02:16.0902 0540 \Device\Harddisk0\DR0\Partition0 - ok
04:02:16.0902 0540 ============================================================
04:02:16.0902 0540 Scan finished
04:02:16.0902 0540 ============================================================
04:02:16.0918 4952 Detected object count: 1
04:02:16.0918 4952 Actual detected object count: 1
04:03:08.0054 4952 sptd ( LockedFile.Multi.Generic ) - skipped by user
04:03:08.0054 4952 sptd ( LockedFile.Multi.Generic ) - User select action: Skip
Mark1956's Avatar
Malware Removal Specialist with 8,281 posts.
  
Join Date: May 2011
Location: Spain
Experience: Advanced
07-Aug-2012, 08:42 AM #5
That log is clean which I did not expect, lets try a full system scan with Malwarebytes which I see you already have on your system.

Please run Malwarebytes and post the log as follows:
  • Open Malwarebytes and allow it to update with the latest definitions, then run a Full Scan.
  • When finished, a message box will say "The scan completed successfully. Click Show Results to display all objects found".
  • Click OK to close the message box, then click the Show Results button to see a list of any malware that was found.
  • Make sure that everything is checked and then click Remove Selected.
  • When removal is completed, a log report will open in Notepad.
  • The log is automatically saved and can be viewed by clicking the Logs tab .
  • Copy and paste the contents of that report in your next reply. Be sure to post the complete log to include the top portion which shows the database version and your operating system.
  • Exit Malwarebytes when done.
If Malwarebytes encounters a file that is difficult to remove, you will be asked to reboot your computer so it can proceed with the disinfection process. If asked to restart the computer, please do so immediately. Failure to reboot normally will prevent Malwarebytes from removing all the malware.
WasntMe's Avatar
Member with 9 posts.
THREAD STARTER
  
Join Date: Feb 2009
07-Aug-2012, 07:15 PM #6
ok Mark
Here is the malwarebytes log. I checked remove selected and restarted to complete the removal.


Malwarebytes Anti-Malware 1.62.0.1300
www.malwarebytes.org

Database version: v2012.08.07.05

Windows 7 Service Pack 1 x86 NTFS
Internet Explorer 9.0.8112.16421
wasntme :: WASNTME-PC [administrator]

8/7/2012 8:32:46 AM
mbam-log-2012-08-07 (08-32-46).txt

Scan type: Full scan (C:\|)
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
Scan options disabled: P2P
Objects scanned: 317685
Time elapsed: 1 hour(s), 6 minute(s), 42 second(s)

Memory Processes Detected: 0
(No malicious items detected)

Memory Modules Detected: 0
(No malicious items detected)

Registry Keys Detected: 0
(No malicious items detected)

Registry Values Detected: 0
(No malicious items detected)

Registry Data Items Detected: 0
(No malicious items detected)

Folders Detected: 0
(No malicious items detected)

Files Detected: 2
C:\ProgramData\Microsoft\Windows\DRM\B9FB.tmp (Rootkit.TDSS.EXPD1) -> Quarantined and deleted successfully.
C:\Users\wasntme\AppData\Roaming\Thinstall\Inside Out Intermediate\40000024600002i\MoorhuhnPiraten.exe (Trojan.IRCBot) -> Quarantined and deleted successfully.

(end)


Thanks again
Rob
Mark1956's Avatar
Malware Removal Specialist with 8,281 posts.
  
Join Date: May 2011
Location: Spain
Experience: Advanced
08-Aug-2012, 04:14 AM #7
Looks like Malwarebytes has found the problem. This is a nasty virus and to be on the safe side you should change your passwords for any financial institutions that you log into with this PC on a clean machine and do not use this PC to log into them again until we can be sure it is clean.

Please now reboot the PC, if you have not done so already, and run Malwarebytes again and post the log.
WasntMe's Avatar
Member with 9 posts.
THREAD STARTER
  
Join Date: Feb 2009
09-Aug-2012, 02:49 AM #8
Here ya go mark
and thanks again for all your help

Malwarebytes Anti-Malware 1.62.0.1300
www.malwarebytes.org

Database version: v2012.08.09.02

Windows 7 Service Pack 1 x86 NTFS
Internet Explorer 9.0.8112.16421
wasntme :: WASNTME-PC [administrator]

8/8/2012 10:00:29 PM
mbam-log-2012-08-08 (22-00-29).txt

Scan type: Full scan (C:\|)
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
Scan options disabled: P2P
Objects scanned: 320071
Time elapsed: 59 minute(s), 32 second(s)

Memory Processes Detected: 0
(No malicious items detected)

Memory Modules Detected: 0
(No malicious items detected)

Registry Keys Detected: 0
(No malicious items detected)

Registry Values Detected: 0
(No malicious items detected)

Registry Data Items Detected: 0
(No malicious items detected)

Folders Detected: 0
(No malicious items detected)

Files Detected: 0
(No malicious items detected)

(end)
Mark1956's Avatar
Malware Removal Specialist with 8,281 posts.
  
Join Date: May 2011
Location: Spain
Experience: Advanced
09-Aug-2012, 04:45 AM #9
So far so good, now please run Combofix as follows. Also please run the Security Check.

STEP 1
NOTE: If you have already used Combofix please delete the icon from your desktop.
  • Please download DeFogger and save it to your desktop.
  • Once downloaded, double-click on the DeFogger icon to start the tool.
  • The application window will appear.
  • You should now click on the Disable button to disable your CD Emulation drivers.
  • When it prompts you whether or not you want to continue, please click on the Yes button to continue.
  • When the program has completed you will see a Finished! message. Click on the OK button to exit the program.
  • If CD Emulation programs are present and have been disabled, DeFogger will now ask you to reboot the machine. Please allow it to do so by clicking on the OK button.
STEP 2
Please download ComboFix from one of the locations below and save it to your Desktop. <-Important!!!Be sure to print out and follow these instructions: A guide and tutorial on using ComboFix
Vista/Windows 7 users can skip the Recovery Console instructions and use the Windows DVD to boot into the Vista Recovery Environment or Windows 7 System Recovery Options if something goes awry. If you do not have a Windows 7 DVD then please create a Windows 7 Repair Disc. XP users need to install the Recovery Console first.
  • Temporarily disable your anti-virus, script blocking and any anti-malware real-time protection before performing a scan. They can interfere with ComboFix or remove some of its embedded files which may cause "unpredictable results". Click this link to see a list of such programs and how to disable them.
  • If ComboFix detects an older version of itself, you will be asked to update the program.
  • ComboFix will begin by showing a Disclaimer. Read it and click I Agree if you want to continue.
  • Follow the prompts and click on Yes to continue scanning for malware.
  • If using Windows 7 or Vista and you receive a UAC prompt asking if you want to continue running the program, you should press the Continue button.
  • When finished, please copy and paste the contents of C:\ComboFix.txt (which will open after reboot) in your next reply.
  • Be sure to re-enable your anti-virus and other security programs.
-- Do not touch your mouse/keyboard until the ComboFix scan has completed, as this may cause the process to stall or the computer to lock.
-- ComboFix will temporarily disable your desktop, and if interrupted may leave it disabled. If this occurs, please reboot to restore it.
-- ComboFix disables autorun of all CD, floppy and USB devices to assist with malware removal and increase security.
If you no longer have access to your Internet connection after running ComboFix, please reboot to restore it. If that does not restore the connection, then follow the instructions for Manually restoring the Internet connection provided in the "How to Guide" you printed out earlier.
Quote:
Do NOT use ComboFix unless you have been instructed to do so by a Malware Removal Expert. It is a powerful tool intended by its creator to be used under the guidance and supervision of an expert, NOT for general public or personal use. Using this tool incorrectly could lead to serious problems with your operating system such as preventing it from ever starting again. This site, sUBs and myself will not be responsible for any damage caused to your machine by misusing or running ComboFix on your own. Please read ComboFix's Disclaimer.
_____________________________________________________________

Download Security Check by screen317 from Here or Here.
Save it to your Desktop.
Double click SecurityCheck.exe (Vista or Windows 7 users right click and select "Run as Administrator") and follow the onscreen instructions inside of the black box. Press any key when asked.
A Notepad document should open automatically called checkup.txt; please post the contents of that document.
WasntMe's Avatar
Member with 9 posts.
THREAD STARTER
  
Join Date: Feb 2009
11-Aug-2012, 12:03 AM #10
here ya go Mark
Sorry for the delayed response. Work has been swamping me lately.
anyways here is the combo fix and security check logs

ComboFix 12-08-09.01 - wasntme 08/10/2012 20:37:01.2.2 - x86
Microsoft Windows 7 Ultimate 6.1.7601.1.1252.1.1033.18.2046.1261 [GMT -7:00]
Running from: c:\users\wasntme\Desktop\ComboFix.exe
AV: ESET NOD32 Antivirus 4.0 *Disabled/Updated* {CB0F8167-5331-BA19-698E-64816B6801A5}
SP: ESET NOD32 Antivirus 4.0 *Disabled/Updated* {706E6083-750B-B597-533E-5FF310EF4B18}
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
((((((((((((((((((((((((( Files Created from 2012-07-11 to 2012-08-11 )))))))))))))))))))))))))))))))
.
.
2012-08-11 03:47 . 2012-08-11 03:47 -------- d-----w- c:\users\Default\AppData\Local\temp
2012-08-07 06:49 . 2012-08-07 07:15 -------- d-----w- C:\TDSSKiller_Quarantine
2012-08-04 20:14 . 2012-08-04 20:14 388096 ----a-r- c:\users\wasntme\AppData\Roaming\Microsoft\Installer\{45A66726-69BC-466B-A7A4-12FCBA4883D7}\HiJackThis.exe
2012-08-04 20:14 . 2012-08-04 20:14 -------- d-----w- c:\program files\Trend Micro
2012-08-03 02:59 . 2012-08-03 02:59 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2012-08-03 02:59 . 2012-07-03 20:46 22344 ----a-w- c:\windows\system32\drivers\mbam.sys
2012-08-03 02:01 . 2012-08-03 02:01 -------- d-----w- c:\users\wasntme\AppData\Roaming\Malwarebytes
2012-08-03 02:01 . 2012-08-03 02:01 -------- d-----w- c:\programdata\Malwarebytes
2012-08-01 01:48 . 2012-08-01 01:48 -------- d-----w- c:\program files\Hewlett-Packard
2012-08-01 01:47 . 2011-09-09 22:53 544616 ------w- c:\windows\system32\HPDiscoPM5912.dll
2012-08-01 01:47 . 2012-08-01 01:47 -------- d-----w- c:\programdata\HP
2012-08-01 01:47 . 2012-08-01 01:48 -------- d-----w- c:\program files\HP
2012-08-01 01:45 . 2012-08-01 01:50 -------- d-----w- c:\users\wasntme\AppData\Local\HP
2012-07-17 09:06 . 2012-05-04 09:59 514560 ----a-w- c:\windows\system32\qdvd.dll
2012-07-12 04:06 . 2012-06-12 02:40 2345984 ----a-w- c:\windows\system32\win32k.sys
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-08-07 15:20 . 2012-04-16 07:40 426184 ----a-w- c:\windows\system32\FlashPlayerApp.exe
2012-08-07 15:20 . 2011-12-23 23:31 70344 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2012-06-06 05:05 . 2012-07-11 06:37 1390080 ----a-w- c:\windows\system32\msxml6.dll
2012-06-06 05:05 . 2012-07-11 06:37 1236992 ----a-w- c:\windows\system32\msxml3.dll
2012-06-06 05:03 . 2012-07-11 06:37 805376 ----a-w- c:\windows\system32\cdosys.dll
2012-06-02 22:19 . 2012-06-26 18:50 171904 ----a-w- c:\windows\system32\wuwebv.dll
2012-06-02 22:19 . 2012-06-26 18:51 53784 ----a-w- c:\windows\system32\wuauclt.exe
2012-06-02 22:19 . 2012-06-26 18:51 45080 ----a-w- c:\windows\system32\wups2.dll
2012-06-02 22:19 . 2012-06-26 18:51 35864 ----a-w- c:\windows\system32\wups.dll
2012-06-02 22:19 . 2012-06-26 18:51 577048 ----a-w- c:\windows\system32\wuapi.dll
2012-06-02 22:19 . 2012-06-26 18:51 1933848 ----a-w- c:\windows\system32\wuaueng.dll
2012-06-02 22:12 . 2012-06-26 18:51 2422272 ----a-w- c:\windows\system32\wucltux.dll
2012-06-02 22:12 . 2012-06-26 18:50 33792 ----a-w- c:\windows\system32\wuapp.exe
2012-06-02 22:12 . 2012-06-26 18:51 88576 ----a-w- c:\windows\system32\wudriver.dll
2012-06-02 04:45 . 2012-07-11 06:37 67440 ----a-w- c:\windows\system32\drivers\ksecdd.sys
2012-06-02 04:45 . 2012-07-11 06:37 134000 ----a-w- c:\windows\system32\drivers\ksecpkg.sys
2012-06-02 04:40 . 2012-07-11 06:37 369336 ----a-w- c:\windows\system32\drivers\cng.sys
2012-06-02 04:40 . 2012-07-11 06:37 225280 ----a-w- c:\windows\system32\schannel.dll
2012-06-02 04:39 . 2012-07-11 06:37 219136 ----a-w- c:\windows\system32\ncrypt.dll
2012-05-31 19:25 . 2011-12-23 20:49 237072 ------w- c:\windows\system32\MpSigStub.exe
2012-07-18 07:29 . 2011-12-23 20:51 136672 ----a-w- c:\program files\mozilla firefox\components\browsercomps.dll
.
.
------- Sigcheck -------
Note: Unsigned files aren't necessarily malware.
.
[-] 2012-01-25 . 7BD7F45FF37FA0669CD32CA0EF46E22C . 811520 . . [6.1.7601.17514] . . c:\windows\System32\user32.dll
[7] 2010-11-20 . F1DD3ACAEE5E6B4BBC69BC6DF75CEF66 . 811520 . . [6.1.7601.17514] . . c:\windows\winsxs\x86_microsoft-windows-user32_31bf3856ad364e35_6.1.7601.17514_none_cf3fd62ccb9e983d\user32.dll
[7] 2009-07-14 . 34B7E222E81FAFA885F0C5F2CFA56861 . 811520 . . [6.1.7600.16385] . . c:\windows\winsxs\x86_microsoft-windows-user32_31bf3856ad364e35_6.1.7600.16385_none_cd0ec264ceb014a3\user32.dll
.
((((((((((((((((((((((((((((( SnapShot@2012-08-07_07.37.35 )))))))))))))))))))))))))))))))))))))))))
.
+ 2011-12-23 23:13 . 2012-08-10 04:04 32628 c:\windows\System32\wdi\ShutdownPerformanceDiagnostics_SystemData.bin
+ 2009-07-14 04:55 . 2012-08-11 03:32 43524 c:\windows\System32\wdi\BootPerformanceDiagnostics_SystemData.bin
+ 2011-12-23 23:05 . 2012-08-11 03:32 11608 c:\windows\System32\wdi\{86432a0b-3c7d-4ddf-a89c-172faa90485d}\S-1-5-21-3190065716-4020189722-302772351-1000_UserData.bin
- 2009-07-14 04:50 . 2012-08-01 01:47 86016 c:\windows\System32\DriverStore\infpub.dat
+ 2009-07-14 04:50 . 2012-08-07 15:19 86016 c:\windows\System32\DriverStore\infpub.dat
- 2012-08-07 06:50 . 2012-08-07 06:50 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive1.dat
+ 2012-08-10 04:00 . 2012-08-11 03:30 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive1.dat
+ 2012-08-10 04:00 . 2012-08-11 03:30 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat
- 2012-08-07 06:50 . 2012-08-07 06:50 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat
+ 2011-12-24 06:54 . 2012-08-10 22:45 250936 c:\windows\System32\wdi\SuspendPerformanceDiagnostics_SystemData_S3.bin
+ 2012-08-07 15:20 . 2012-08-07 15:20 686792 c:\windows\System32\Macromed\Flash\FlashUtil32_11_3_300_268_Plugin.exe
+ 2012-04-16 07:40 . 2012-08-07 15:20 250056 c:\windows\System32\Macromed\Flash\FlashPlayerUpdateService.exe
- 2009-07-14 04:50 . 2012-08-01 01:47 143360 c:\windows\System32\DriverStore\infstrng.dat
+ 2009-07-14 04:50 . 2012-08-07 15:19 143360 c:\windows\System32\DriverStore\infstrng.dat
+ 2009-07-14 04:50 . 2012-08-07 15:19 143360 c:\windows\System32\DriverStore\infstor.dat
- 2009-07-14 04:50 . 2012-08-01 01:47 143360 c:\windows\System32\DriverStore\infstor.dat
+ 2011-12-23 20:18 . 2012-08-07 17:19 131072 c:\windows\System32\config\systemprofile\AppData\Roaming\Microsoft\Windows\ Cookies\index.dat
- 2011-12-23 20:18 . 2012-08-07 06:29 131072 c:\windows\System32\config\systemprofile\AppData\Roaming\Microsoft\Windows\ Cookies\index.dat
+ 2009-07-14 04:47 . 2012-08-10 03:59 228720 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-System.dat
- 2009-07-14 04:47 . 2012-08-07 06:49 228720 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-System.dat
+ 2012-08-07 15:20 . 2012-08-07 15:20 9465032 c:\windows\System32\Macromed\Flash\NPSWF32_11_3_300_268.dll
+ 2012-08-07 15:20 . 2012-08-07 15:20 1536712 c:\windows\System32\Macromed\Flash\FlashPlayerPlugin_11_3_300_268.exe
+ 2011-12-23 20:18 . 2012-08-07 17:19 2703360 c:\windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Te mporary Internet Files\Content.IE5\index.dat
- 2011-12-23 20:18 . 2012-08-07 06:29 2703360 c:\windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Te mporary Internet Files\Content.IE5\index.dat
- 2009-07-14 04:41 . 2012-08-07 06:29 6406144 c:\windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Hi story\History.IE5\index.dat
+ 2009-07-14 04:41 . 2012-08-07 17:19 6406144 c:\windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Hi story\History.IE5\index.dat
- 2011-12-25 17:50 . 2012-08-03 07:24 1355747 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-S-1-5-21-3190065716-4020189722-302772351-1000-4096.dat
+ 2011-12-25 17:50 . 2012-08-10 03:59 1355747 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-S-1-5-21-3190065716-4020189722-302772351-1000-4096.dat
- 2011-12-25 16:07 . 2012-07-29 21:22 1203744 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-S-1-5-21-3190065716-4020189722-302772351-1000-12288.dat
+ 2011-12-25 16:07 . 2012-08-07 21:01 1203744 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-S-1-5-21-3190065716-4020189722-302772351-1000-12288.dat
+ 2011-12-23 23:15 . 2012-08-10 03:59 12606152 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-S-1-5-21-3190065716-4020189722-302772351-1000-8192.dat
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"MobileDocuments"="c:\program files\Common Files\Apple\Internet Services\ubd.exe" [2012-02-23 59240]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"AMD AVT"="start AMD Accelerated Video Transcoding device initialization" [X]
"egui"="c:\program files\ESET\ESET NOD32 Antivirus\egui.exe" [2009-02-06 2021400]
"APSDaemon"="c:\program files\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2012-05-31 59280]
"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2012-04-19 421888]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2012-06-08 421776]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\syste m]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
Security Packages REG_MULTI_SZ kerberos msv1_0 schannel wdigest tspkg pku2u livessp
.
[HKLM\~\startupfolder\C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^NETGEAR WNDA3100 Smart Wizard.lnk]
path=c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\NETGEAR WNDA3100 Smart Wizard.lnk
backup=c:\windows\pss\NETGEAR WNDA3100 Smart Wizard.lnk.CommonStartup
backupExtension=.CommonStartup
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe ARM]
2012-01-03 07:37 843712 ----a-w- c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AOL Fast Start]
2011-04-25 21:52 42320 ----a-w- c:\program files\AOL Desktop 9.6\aol.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\APSDaemon]
2012-05-31 03:06 59280 ----a-w- c:\program files\Common Files\Apple\Apple Application Support\APSDaemon.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HostManager]
2010-03-08 07:27 41800 ----a-w- c:\program files\Common Files\AOL\1325483727\ee\aolsoftware.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper]
2012-06-08 02:33 421776 ----a-w- c:\program files\iTunes\iTunesHelper.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LWS]
2011-11-11 22:08 205336 ----a-w- c:\program files\Logitech\LWS\Webcam Software\LWS.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Messenger (Yahoo!)]
2012-02-23 03:49 6591800 ----a-w- c:\progra~1\Yahoo!\MESSEN~1\YahooMessenger.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\msnmsgr]
2011-05-14 00:03 4283256 ----a-w- c:\program files\Windows Live\Messenger\msnmsgr.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Skype]
2011-10-13 19:55 19979400 ----a-r- c:\program files\Skype\Phone\Skype.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\StartCCC]
2012-04-06 08:24 641664 ----a-w- c:\program files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]
2011-06-09 21:06 254696 ----a-w- c:\program files\Common Files\Java\Java Update\jusched.exe
.
R2 .EsetTrialReset;Eset Trial Reset;c:\windows\system32\regedt32.exe [x]
R3 AdobeARMservice;Adobe Acrobat Update Service;c:\program files\Common Files\Adobe\ARM\1.0\armsvc.exe [x]
R3 AMPPALP;Intel® Centrino® Wireless Bluetooth® + High Speed Protocol;c:\windows\system32\DRIVERS\amppal.sys [x]
R3 MozillaMaintenance;Mozilla Maintenance Service;c:\program files\Mozilla Maintenance Service\maintenanceservice.exe [x]
R3 Netaapl;Apple Mobile Device Ethernet Service;c:\windows\system32\DRIVERS\netaapl.sys [x]
R3 netr73;RT73 USB Extensible Wireless LAN Card Driver;c:\windows\system32\DRIVERS\netr73.sys [x]
R3 netw5v32;Intel(R) Wireless WiFi Link 5000 Series Adapter Driver for Windows Vista 32 Bit;c:\windows\system32\DRIVERS\netw5v32.sys [x]
R3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;c:\windows\system32\drivers\rdpvideominiport.sys [x]
R3 RecFltr;Reclusa Keyboard;c:\windows\system32\Drivers\RecFltr.sys [x]
R3 rt70x86;Belkin Wireless G USB Network Adapter Driver for Vista;c:\windows\system32\DRIVERS\netr70.sys [x]
R3 Synth3dVsc;Synth3dVsc;c:\windows\system32\drivers\synth3dvsc.sys [x]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [x]
R3 tsusbhub;tsusbhub;c:\windows\system32\drivers\tsusbhub.sys [x]
R3 VGPU;VGPU;c:\windows\system32\drivers\rdvgkmd.sys [x]
R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe [x]
R3 WDC_SAM;WD SCSI Pass Thru driver;c:\windows\system32\DRIVERS\wdcsam.sys [x]
R3 WNDA3100;NETGEAR WNDA3100 USB2.0 Wireless Card Service;c:\windows\system32\DRIVERS\WNDA31v.sys [x]
R4 AMPPALR3;Intel® Centrino® Wireless Bluetooth® + High Speed Service;c:\program files\Intel\BluetoothHS\BTHSAmpPalService.exe [x]
R4 BBSvc;Bing Bar Update Service;c:\program files\Microsoft\BingBar\BBSvc.EXE [x]
R4 BTHSSecurityMgr;Intel(R) Centrino(R) Wireless Bluetooth(R) + High Speed Security Service;c:\program files\Intel\BluetoothHS\BTHSSecurityMgr.exe [x]
R4 sptd;sptd;c:\windows\System32\Drivers\sptd.sys [x]
R4 wlcrasvc;Windows Live Mesh remote connections service;c:\program files\Windows Live\Mesh\wlcrasvc.exe [x]
S0 O2MDRDR;O2MDRDR;c:\windows\system32\DRIVERS\o2media.sys [x]
S1 ehdrv;ehdrv;c:\windows\system32\DRIVERS\ehdrv.sys [x]
S1 vwififlt;Virtual WiFi Filter Driver;c:\windows\system32\DRIVERS\vwififlt.sys [x]
S2 AMD External Events Utility;AMD External Events Utility;c:\windows\system32\atiesrxx.exe [x]
S2 ekrn;ESET Service;c:\program files\ESET\ESET NOD32 Antivirus\ekrn.exe [x]
S2 epfwwfpr;epfwwfpr;c:\windows\system32\DRIVERS\epfwwfpr.sys [x]
S2 UMVPFSrv;UMVPFSrv;c:\program files\Common Files\logishrd\LVMVFM\UMVPFSrv.exe [x]
S2 ZeroConfigService;Intel(R) PROSet/Wireless Zero Configuration Service;c:\program files\Intel\WiFi\bin\ZeroConfigService.exe [x]
S3 amdkmdag;amdkmdag;c:\windows\system32\DRIVERS\atikmdag.sys [x]
S3 amdkmdap;amdkmdap;c:\windows\system32\DRIVERS\atikmpag.sys [x]
S3 AMPPAL;Intel® Centrino® Wireless Bluetooth® + High Speed Virtual Adapter;c:\windows\system32\DRIVERS\AMPPAL.sys [x]
S3 ATSwpWDF;AuthenTec TruePrint USB WBF WDF Driver;c:\windows\system32\Drivers\ATSwpWDF.sys [x]
S3 FUJ02E3;Fujitsu FUJ02E3 Device Driver;c:\windows\system32\DRIVERS\FUJ02E3.sys [x]
S3 NETwLv32; Intel(R) Wireless WiFi Link 5000 Series Adapter Driver for Windows Vista 32 Bit;c:\windows\system32\DRIVERS\NETwLv32.sys [x]
S3 WSDPrintDevice;WSD Print Support via UMB;c:\windows\system32\DRIVERS\WSDPrint.sys [x]
S3 yukonw7;NDIS6.2 Miniport Driver for Marvell Yukon Ethernet Controller;c:\windows\system32\DRIVERS\yk62x86.sys [x]
.
.
.
------- Supplementary Scan -------
.
uInternet Settings,ProxyOverride = *.local;192.168.*.*
TCP: DhcpNameServer = 10.0.0.1
TCP: Interfaces\{ED3D7410-4C03-4DF5-9E3A-B85CC5332018}: DhcpNameServer = 10.0.0.1
TCP: Interfaces\{ED3D7410-4C03-4DF5-9E3A-B85CC5332018}\2375942554137303: DhcpNameServer = 192.168.1.254
FF - ProfilePath - c:\users\wasntme\AppData\Roaming\Mozilla\Firefox\Profiles\85mqh4kk.default\
FF - prefs.js: browser.startup.homepage - hxxp://www.google.com/
FF - prefs.js: network.proxy.type - 0
.
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_USERS\S-1-5-21-3190065716-4020189722-302772351-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.eml\UserC hoice]
@Denied: (2) (LocalSystem)
"Progid"="WindowsLiveMail.Email.1"
.
[HKEY_USERS\S-1-5-21-3190065716-4020189722-302772351-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.vcf\UserC hoice]
@Denied: (2) (LocalSystem)
"Progid"="WindowsLiveMail.VCard.1"
.
[HKEY_USERS\S-1-5-21-3190065716-4020189722-302772351-1000\Software\SecuROM\!CAUTION! NEVER A OR CHANGE ANY KEY*]
"??"=hex:84,03,8b,19,c0,1a,c8,d5,ea,13,a2,1d,f2,d7,f9,7b,cb,a0,b3,80,73,1d, 9a,
47,97,c4,40,51,1e,ba,d8,41,3a,bc,57,f8,72,29,af,a2,0d,50,64,13,71,53,3a,bb, \
"??"=hex:ab,99,f5,9e,db,2a,1b,df,41,bf,45,de,04,72,7a,9e
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
"MSCurrentCountry"=dword:000000b5
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
Completion time: 2012-08-10 20:53:43
ComboFix-quarantined-files.txt 2012-08-11 03:53
.
Pre-Run: 129,239,609,344 bytes free
Post-Run: 128,818,417,664 bytes free
.
- - End Of File - - A699F662515BA1A26C9250C6FF1B2547




Results of screen317's Security Check version 0.99.43
Windows 7 Service Pack 1 x86 (UAC is enabled)
Internet Explorer 9
``````````````Antivirus/Firewall Check:``````````````
Windows Firewall Enabled!
ESET NOD32 Antivirus 4.0
Antivirus up to date! (On Access scanning disabled!)
`````````Anti-malware/Other Utilities Check:`````````
Malwarebytes Anti-Malware version 1.62.0.1300
Java(TM) 6 Update 29
Java version out of Date!
Adobe Flash Player 11.3.300.268
Adobe Reader X (10.1.3)
Mozilla Firefox (14.0.1)
````````Process Check: objlist.exe by Laurent````````
`````````````````System Health check`````````````````
Total Fragmentation on Drive C:
````````````````````End of Log``````````````````````


Thanks again Mark
Rob
Mark1956's Avatar
Malware Removal Specialist with 8,281 posts.
  
Join Date: May 2011
Location: Spain
Experience: Advanced
11-Aug-2012, 07:34 AM #11
Your Java version is out of date, but we will deal with that once the following is done.

Your log indicates there are critical files which have failed File Signature Verification. Files which fail signature verification are those which do not appear to be original and may have been altered by malware infection so ComboFix flags them.
We are now going to run ComboFix a different way so that we can replace them.
As with the first Combofix scan, disconnect from the internet and disable script blocking and all your security software.
Open Notepad by clicking and in the search box type: Notepad.exe and hit Enter
Then copy and paste everything in the code box below into it.
-- Note: Make sure Word Wrap is unchecked in Notepad by clicking on Format in the top menu.
Code:
FCopy::
c:\windows\winsxs\x86_microsoft-windows-user32_31bf3856ad364e35_6.1.7601.17514_none_cf3fd62ccb9e983d\user32.dll | c:\windows\System32\user32.dll
Reboot::
  • Save the file as CFScript.txt by choosing Save As... in the File Menu, and save it to your Desktop where the ComboFix icon is also located.
  • Close your browser and disconnect from the Internet.
  • Now use your mouse to drag, then drop the CFScript.txt file on top of ComboFix.exe as seen in the image below.

    This will start ComboFix again and launch the script.
  • ComboFix may reboot your system when it finishes. This is normal.
  • A log with be created just as before and saved to C:\ComboFix.txt. Please copy and paste the contents of ComboFix.txt in your next reply.
  • Be sure to re-enable your anti-virus and other security programs after the scan is complete.
WasntMe's Avatar
Member with 9 posts.
THREAD STARTER
  
Join Date: Feb 2009
12-Aug-2012, 03:20 AM #12
Here ya go Mark
the current Combofix log

ComboFix 12-08-09.01 - wasntme 08/11/2012 23:50:36.3.2 - x86
Microsoft Windows 7 Ultimate 6.1.7601.1.1252.1.1033.18.2046.1249 [GMT -7:00]
Running from: c:\users\wasntme\Desktop\ComboFix.exe
Command switches used :: c:\users\wasntme\Desktop\CFScript.txt
AV: ESET NOD32 Antivirus 4.0 *Disabled/Updated* {CB0F8167-5331-BA19-698E-64816B6801A5}
SP: ESET NOD32 Antivirus 4.0 *Disabled/Updated* {706E6083-750B-B597-533E-5FF310EF4B18}
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
.
--------------- FCopy ---------------
.
c:\windows\winsxs\x86_microsoft-windows-user32_31bf3856ad364e35_6.1.7601.17514_none_cf3fd62ccb9e983d\user32.dll --> c:\windows\System32\user32.dll
.
((((((((((((((((((((((((( Files Created from 2012-07-12 to 2012-08-12 )))))))))))))))))))))))))))))))
.
.
2012-08-12 06:59 . 2012-08-12 06:59 -------- d-----w- c:\users\Default\AppData\Local\temp
2012-08-10 10:44 . 2012-08-12 07:02 56200 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{8EC38333-5F56-4055-88D0-216A087BAEE8}\offreg.dll
2012-08-10 10:43 . 2012-06-29 08:44 6891424 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{8EC38333-5F56-4055-88D0-216A087BAEE8}\mpengine.dll
2012-08-07 06:49 . 2012-08-07 07:15 -------- d-----w- C:\TDSSKiller_Quarantine
2012-08-04 20:14 . 2012-08-04 20:14 388096 ----a-r- c:\users\wasntme\AppData\Roaming\Microsoft\Installer\{45A66726-69BC-466B-A7A4-12FCBA4883D7}\HiJackThis.exe
2012-08-04 20:14 . 2012-08-04 20:14 -------- d-----w- c:\program files\Trend Micro
2012-08-03 02:59 . 2012-08-03 02:59 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2012-08-03 02:59 . 2012-07-03 20:46 22344 ----a-w- c:\windows\system32\drivers\mbam.sys
2012-08-03 02:01 . 2012-08-03 02:01 -------- d-----w- c:\users\wasntme\AppData\Roaming\Malwarebytes
2012-08-03 02:01 . 2012-08-03 02:01 -------- d-----w- c:\programdata\Malwarebytes
2012-08-01 01:48 . 2012-08-01 01:48 -------- d-----w- c:\program files\Hewlett-Packard
2012-08-01 01:47 . 2011-09-09 22:53 544616 ------w- c:\windows\system32\HPDiscoPM5912.dll
2012-08-01 01:47 . 2012-08-01 01:47 -------- d-----w- c:\programdata\HP
2012-08-01 01:47 . 2012-08-01 01:48 -------- d-----w- c:\program files\HP
2012-08-01 01:45 . 2012-08-01 01:50 -------- d-----w- c:\users\wasntme\AppData\Local\HP
2012-07-17 09:06 . 2012-05-04 09:59 514560 ----a-w- c:\windows\system32\qdvd.dll
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-08-07 15:20 . 2012-04-16 07:40 426184 ----a-w- c:\windows\system32\FlashPlayerApp.exe
2012-08-07 15:20 . 2011-12-23 23:31 70344 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2012-06-12 02:40 . 2012-07-12 04:06 2345984 ----a-w- c:\windows\system32\win32k.sys
2012-06-06 05:05 . 2012-07-11 06:37 1390080 ----a-w- c:\windows\system32\msxml6.dll
2012-06-06 05:05 . 2012-07-11 06:37 1236992 ----a-w- c:\windows\system32\msxml3.dll
2012-06-06 05:03 . 2012-07-11 06:37 805376 ----a-w- c:\windows\system32\cdosys.dll
2012-06-02 22:19 . 2012-06-26 18:50 171904 ----a-w- c:\windows\system32\wuwebv.dll
2012-06-02 22:19 . 2012-06-26 18:51 53784 ----a-w- c:\windows\system32\wuauclt.exe
2012-06-02 22:19 . 2012-06-26 18:51 45080 ----a-w- c:\windows\system32\wups2.dll
2012-06-02 22:19 . 2012-06-26 18:51 35864 ----a-w- c:\windows\system32\wups.dll
2012-06-02 22:19 . 2012-06-26 18:51 577048 ----a-w- c:\windows\system32\wuapi.dll
2012-06-02 22:19 . 2012-06-26 18:51 1933848 ----a-w- c:\windows\system32\wuaueng.dll
2012-06-02 22:12 . 2012-06-26 18:51 2422272 ----a-w- c:\windows\system32\wucltux.dll
2012-06-02 22:12 . 2012-06-26 18:50 33792 ----a-w- c:\windows\system32\wuapp.exe
2012-06-02 22:12 . 2012-06-26 18:51 88576 ----a-w- c:\windows\system32\wudriver.dll
2012-06-02 08:33 . 2012-07-12 04:09 1800192 ----a-w- c:\windows\system32\jscript9.dll
2012-06-02 08:25 . 2012-07-12 04:09 1129472 ----a-w- c:\windows\system32\wininet.dll
2012-06-02 08:25 . 2012-07-12 04:09 1427968 ----a-w- c:\windows\system32\inetcpl.cpl
2012-06-02 08:20 . 2012-07-12 04:09 142848 ----a-w- c:\windows\system32\ieUnatt.exe
2012-06-02 08:16 . 2012-07-12 04:09 2382848 ----a-w- c:\windows\system32\mshtml.tlb
2012-06-02 04:45 . 2012-07-11 06:37 67440 ----a-w- c:\windows\system32\drivers\ksecdd.sys
2012-06-02 04:45 . 2012-07-11 06:37 134000 ----a-w- c:\windows\system32\drivers\ksecpkg.sys
2012-06-02 04:40 . 2012-07-11 06:37 369336 ----a-w- c:\windows\system32\drivers\cng.sys
2012-06-02 04:40 . 2012-07-11 06:37 225280 ----a-w- c:\windows\system32\schannel.dll
2012-06-02 04:39 . 2012-07-11 06:37 219136 ----a-w- c:\windows\system32\ncrypt.dll
2012-05-31 19:25 . 2011-12-23 20:49 237072 ------w- c:\windows\system32\MpSigStub.exe
2012-07-18 07:29 . 2011-12-23 20:51 136672 ----a-w- c:\program files\mozilla firefox\components\browsercomps.dll
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"MobileDocuments"="c:\program files\Common Files\Apple\Internet Services\ubd.exe" [2012-02-23 59240]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"AMD AVT"="start AMD Accelerated Video Transcoding device initialization" [X]
"egui"="c:\program files\ESET\ESET NOD32 Antivirus\egui.exe" [2009-02-06 2021400]
"APSDaemon"="c:\program files\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2012-05-31 59280]
"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2012-04-19 421888]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2012-06-08 421776]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\syste m]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
Security Packages REG_MULTI_SZ kerberos msv1_0 schannel wdigest tspkg pku2u livessp
.
[HKLM\~\startupfolder\C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^NETGEAR WNDA3100 Smart Wizard.lnk]
path=c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\NETGEAR WNDA3100 Smart Wizard.lnk
backup=c:\windows\pss\NETGEAR WNDA3100 Smart Wizard.lnk.CommonStartup
backupExtension=.CommonStartup
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe ARM]
2012-01-03 07:37 843712 ----a-w- c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AOL Fast Start]
2011-04-25 21:52 42320 ----a-w- c:\program files\AOL Desktop 9.6\aol.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\APSDaemon]
2012-05-31 03:06 59280 ----a-w- c:\program files\Common Files\Apple\Apple Application Support\APSDaemon.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HostManager]
2010-03-08 07:27 41800 ----a-w- c:\program files\Common Files\AOL\1325483727\ee\aolsoftware.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper]
2012-06-08 02:33 421776 ----a-w- c:\program files\iTunes\iTunesHelper.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LWS]
2011-11-11 22:08 205336 ----a-w- c:\program files\Logitech\LWS\Webcam Software\LWS.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Messenger (Yahoo!)]
2012-02-23 03:49 6591800 ----a-w- c:\progra~1\Yahoo!\MESSEN~1\YahooMessenger.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\msnmsgr]
2011-05-14 00:03 4283256 ----a-w- c:\program files\Windows Live\Messenger\msnmsgr.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Skype]
2011-10-13 19:55 19979400 ----a-r- c:\program files\Skype\Phone\Skype.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\StartCCC]
2012-04-06 08:24 641664 ----a-w- c:\program files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]
2011-06-09 21:06 254696 ----a-w- c:\program files\Common Files\Java\Java Update\jusched.exe
.
R2 .EsetTrialReset;Eset Trial Reset;c:\windows\system32\regedt32.exe [x]
R3 AdobeARMservice;Adobe Acrobat Update Service;c:\program files\Common Files\Adobe\ARM\1.0\armsvc.exe [x]
R3 AMPPALP;Intel® Centrino® Wireless Bluetooth® + High Speed Protocol;c:\windows\system32\DRIVERS\amppal.sys [x]
R3 MozillaMaintenance;Mozilla Maintenance Service;c:\program files\Mozilla Maintenance Service\maintenanceservice.exe [x]
R3 Netaapl;Apple Mobile Device Ethernet Service;c:\windows\system32\DRIVERS\netaapl.sys [x]
R3 netr73;RT73 USB Extensible Wireless LAN Card Driver;c:\windows\system32\DRIVERS\netr73.sys [x]
R3 netw5v32;Intel(R) Wireless WiFi Link 5000 Series Adapter Driver for Windows Vista 32 Bit;c:\windows\system32\DRIVERS\netw5v32.sys [x]
R3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;c:\windows\system32\drivers\rdpvideominiport.sys [x]
R3 RecFltr;Reclusa Keyboard;c:\windows\system32\Drivers\RecFltr.sys [x]
R3 rt70x86;Belkin Wireless G USB Network Adapter Driver for Vista;c:\windows\system32\DRIVERS\netr70.sys [x]
R3 Synth3dVsc;Synth3dVsc;c:\windows\system32\drivers\synth3dvsc.sys [x]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [x]
R3 tsusbhub;tsusbhub;c:\windows\system32\drivers\tsusbhub.sys [x]
R3 VGPU;VGPU;c:\windows\system32\drivers\rdvgkmd.sys [x]
R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe [x]
R3 WDC_SAM;WD SCSI Pass Thru driver;c:\windows\system32\DRIVERS\wdcsam.sys [x]
R3 WNDA3100;NETGEAR WNDA3100 USB2.0 Wireless Card Service;c:\windows\system32\DRIVERS\WNDA31v.sys [x]
R3 WSDPrintDevice;WSD Print Support via UMB;c:\windows\system32\DRIVERS\WSDPrint.sys [x]
R4 AMPPALR3;Intel® Centrino® Wireless Bluetooth® + High Speed Service;c:\program files\Intel\BluetoothHS\BTHSAmpPalService.exe [x]
R4 BBSvc;Bing Bar Update Service;c:\program files\Microsoft\BingBar\BBSvc.EXE [x]
R4 BTHSSecurityMgr;Intel(R) Centrino(R) Wireless Bluetooth(R) + High Speed Security Service;c:\program files\Intel\BluetoothHS\BTHSSecurityMgr.exe [x]
R4 sptd;sptd;c:\windows\System32\Drivers\sptd.sys [x]
R4 wlcrasvc;Windows Live Mesh remote connections service;c:\program files\Windows Live\Mesh\wlcrasvc.exe [x]
S0 O2MDRDR;O2MDRDR;c:\windows\system32\DRIVERS\o2media.sys [x]
S1 ehdrv;ehdrv;c:\windows\system32\DRIVERS\ehdrv.sys [x]
S1 vwififlt;Virtual WiFi Filter Driver;c:\windows\system32\DRIVERS\vwififlt.sys [x]
S2 AMD External Events Utility;AMD External Events Utility;c:\windows\system32\atiesrxx.exe [x]
S2 ekrn;ESET Service;c:\program files\ESET\ESET NOD32 Antivirus\ekrn.exe [x]
S2 epfwwfpr;epfwwfpr;c:\windows\system32\DRIVERS\epfwwfpr.sys [x]
S2 UMVPFSrv;UMVPFSrv;c:\program files\Common Files\logishrd\LVMVFM\UMVPFSrv.exe [x]
S2 ZeroConfigService;Intel(R) PROSet/Wireless Zero Configuration Service;c:\program files\Intel\WiFi\bin\ZeroConfigService.exe [x]
S3 amdkmdag;amdkmdag;c:\windows\system32\DRIVERS\atikmdag.sys [x]
S3 amdkmdap;amdkmdap;c:\windows\system32\DRIVERS\atikmpag.sys [x]
S3 AMPPAL;Intel® Centrino® Wireless Bluetooth® + High Speed Virtual Adapter;c:\windows\system32\DRIVERS\AMPPAL.sys [x]
S3 ATSwpWDF;AuthenTec TruePrint USB WBF WDF Driver;c:\windows\system32\Drivers\ATSwpWDF.sys [x]
S3 FUJ02E3;Fujitsu FUJ02E3 Device Driver;c:\windows\system32\DRIVERS\FUJ02E3.sys [x]
S3 NETwLv32; Intel(R) Wireless WiFi Link 5000 Series Adapter Driver for Windows Vista 32 Bit;c:\windows\system32\DRIVERS\NETwLv32.sys [x]
S3 yukonw7;NDIS6.2 Miniport Driver for Marvell Yukon Ethernet Controller;c:\windows\system32\DRIVERS\yk62x86.sys [x]
.
.
.
------- Supplementary Scan -------
.
uInternet Settings,ProxyOverride = *.local;192.168.*.*
TCP: DhcpNameServer = 192.168.1.254
TCP: Interfaces\{ED3D7410-4C03-4DF5-9E3A-B85CC5332018}\2375942554137303: DhcpNameServer = 192.168.1.254
TCP: Interfaces\{ED3D7410-4C03-4DF5-9E3A-B85CC5332018}\E45445745414256323: DhcpNameServer = 10.0.0.1
FF - ProfilePath - c:\users\wasntme\AppData\Roaming\Mozilla\Firefox\Profiles\85mqh4kk.default\
FF - prefs.js: browser.startup.homepage - hxxp://www.google.com/
FF - prefs.js: network.proxy.type - 0
.
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_USERS\S-1-5-21-3190065716-4020189722-302772351-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.eml\UserC hoice]
@Denied: (2) (LocalSystem)
"Progid"="WindowsLiveMail.Email.1"
.
[HKEY_USERS\S-1-5-21-3190065716-4020189722-302772351-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.vcf\UserC hoice]
@Denied: (2) (LocalSystem)
"Progid"="WindowsLiveMail.VCard.1"
.
[HKEY_USERS\S-1-5-21-3190065716-4020189722-302772351-1000\Software\SecuROM\!CAUTION! NEVER A OR CHANGE ANY KEY*]
"??"=hex:84,03,8b,19,c0,1a,c8,d5,ea,13,a2,1d,f2,d7,f9,7b,cb,a0,b3,80,73,1d, 9a,
47,97,c4,40,51,1e,ba,d8,41,3a,bc,57,f8,72,29,af,a2,0d,50,64,13,71,53,3a,bb, \
"??"=hex:ab,99,f5,9e,db,2a,1b,df,41,bf,45,de,04,72,7a,9e
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
"MSCurrentCountry"=dword:000000b5
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
------------------------ Other Running Processes ------------------------
.
c:\windows\system32\atieclxx.exe
c:\windows\system32\WLANExt.exe
c:\windows\system32\conhost.exe
c:\program files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
c:\program files\Bonjour\mDNSResponder.exe
c:\program files\Intel\WiFi\bin\EvtEng.exe
c:\program files\Common Files\Intel\WirelessCommon\RegSrvc.exe
c:\program files\Microsoft\BingBar\SeaPort.EXE
c:\program files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
c:\program files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
c:\windows\system32\wbem\unsecapp.exe
c:\program files\Windows Media Player\wmpnetwk.exe
c:\windows\system32\taskhost.exe
c:\windows\system32\conhost.exe
c:\program files\Common Files\Apple\Apple Application Support\distnoted.exe
c:\windows\system32\conhost.exe
c:\program files\iPod\bin\iPodService.exe
c:\windows\system32\DllHost.exe
c:\windows\system32\taskhost.exe
.
**************************************************************************
.
Completion time: 2012-08-12 00:12:57 - machine was rebooted
ComboFix-quarantined-files.txt 2012-08-12 07:12
ComboFix2.txt 2012-08-11 03:53
.
Pre-Run: 128,977,920,000 bytes free
Post-Run: 128,923,017,216 bytes free
.
- - End Of File - - 2D41C265A5312CB855AFFB5A0BBE4734

thanks Again
Rob
Mark1956's Avatar
Malware Removal Specialist with 8,281 posts.
  
Join Date: May 2011
Location: Spain
Experience: Advanced
12-Aug-2012, 04:11 AM #13
All appears to be good in that last log, how well is the system running now, any further issues?
WasntMe's Avatar
Member with 9 posts.
THREAD STARTER
  
Join Date: Feb 2009
12-Aug-2012, 02:43 PM #14
Mark
Everything seems to be running great. Hats off to you hoss. and again thaank you so much for your help and attention
Rob
Mark1956's Avatar
Malware Removal Specialist with 8,281 posts.
  
Join Date: May 2011
Location: Spain
Experience: Advanced
12-Aug-2012, 05:00 PM #15
Ok, just to be sure there are no other infections please run the following.

Once this is done there will be a few other things to attend to and we will be finished.


Eset online scan instructions.
IMPORTANT ---> Please make sure you follow the instruction to uncheck the box next to Remove found threats. Eset will detect anything that looks even remotely suspicious, this can include legitimate program files. If you do not uncheck the box, as instructed, Eset will automatically remove all suspect files which could leave some of your software inoperative. If you make a mistake these files can be restored from quarantine, but it would be preferable not to add any extra work to the clean up of your system.
  • Disable your existing Anti Virus following these instructions.
  • Please go here to use the Eset Online Scanner.
  • When the web page opens click on this button
  • If you are not using Internet Explorer you will see a message box open asking you to to download the ESET Smart Installer, click on the link and allow it to download and then run it. Accept the Terms of use and click on Start. The required components will download.
  • If using Internet Explorer the Terms of use box will open immediately, accept it and click on Start.
  • After the download is complete the Computer scan settings window will open, IMPORTANT ----> uncheck the box next to Remove found threats and click on Start. The virus signature database will then download which may take some time depending on the speed of your internet connection. The scan will automatically start when the download is complete.
  • This is a very thorough scan and may take several hours to complete depending on how much data you have on your hard drive. Do not interrupt it, be patient and let it finish.
  • A Scan Results window will appear at the end of the scan. If it lists any number of Infected Files click on List of found threats. Click on Copy to clipboard, come back to this thread and right click on the message box. Select Paste and the report will appear, add any comments you have and post the reply.
  • Back on the Eset window, click the Back button and then click on Finish.
Email This Email  Print This Print  Tweet This Send to Facebook Send to MySpace Send to StumbleUpon Digg This | More Services More
Reply
Page 1 of 2 1 2
As Seen On

BBC, Reader's Digest, PC Magazine, Today Show, Money Magazine
WELCOME TO TECH SUPPORT GUY!

Are you looking for the solution to your computer problem? Join our site today to ask your question. This site is completely free -- paid for by advertisers and donations.

If you're not already familiar with forums, watch our Welcome Guide to get started.

Join Today!

(clock)
THIS THREAD HAS EXPIRED.
Are you having the same problem? We have volunteers ready to answer your question, but first you'll have to join for free. Need help getting started? Check out our Welcome Guide.

Search Tech Support Guy

Find the solution to your
computer problem!

« Previous Thread | Virus & Other Malware Removal | Next Thread »

Currently Active Users Viewing This Thread: 1 (0 members and 1 guests)
 
Thread Tools


TECH SUPPORT GUY
WELCOME
FOLLOW US
 
You Are Using: Server ID
All times are GMT -4. The time now is 05:03 PM.
Advertisements do not imply our endorsement of that product or service.
Copyright © 1996 - 2013 TechGuy, Inc. All rights reserved. Privacy & Terms.

Trusted Website Back to the Top ↑