1. Computer problem? Tech Support Guy is completely free -- paid for by advertisers and donations. Click here to join today! If you're new to Tech Support Guy, we highly recommend that you visit our Guide for New Members.

Ads running in background

Discussion in 'Virus & Other Malware Removal' started by Notnatsyuggy, Jun 22, 2012.

Thread Status:
Not open for further replies.
Advertisement
  1. flavallee

    flavallee Frank Trusted Advisor

    Joined:
    May 12, 2002
    Messages:
    63,682
    Jeff is a removal specialist and is here to help you, so please follow his instructions from here on.

    ---------------------------------------------------------
     
  2. jeffce

    jeffce Malware Specialist

    Joined:
    May 10, 2011
    Messages:
    1,727
    Thanks flavallee!

    That is not a problem. If for some reason I overlook your post be sure to PM me (I doubt I miss it though). Also be sure to post the log created by aswMBR as I believe we are dealing with an infection of your Master Boot Record.
     
  3. Notnatsyuggy

    Notnatsyuggy Thread Starter

    Joined:
    Jun 22, 2012
    Messages:
    27
    Hi Jeffce,

    I tried to do as post no:9 requested again by Flavalee , but none of the log entries were listed in the scan?

    Anyway, I've done as you requested in your last post, here's the log file from aswMBR....

    aswMBR version 0.9.9.1665 Copyright(c) 2011 AVAST Software
    Run date: 2012-07-01 21:25:39
    -----------------------------
    21:25:39.477 OS Version: Windows 6.0.6002 Service Pack 2
    21:25:39.477 Number of processors: 1 586 0x1601
    21:25:39.477 ComputerName: GUY-PC UserName: Guy
    21:26:08.010 Initialze error 0
    21:27:18.407 AVAST engine defs: 12070101
    21:27:26.659 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IAAStorageDevice-0
    21:27:26.662 Disk 0 Vendor: Size: 0MB BusType: 0
    21:27:26.667 Device \Driver\iaStor -> DriverStartIo 868f80ae
    21:27:26.705 Disk 0 MBR read successfully
    21:27:26.709 Disk 0 MBR scan
    21:27:26.897 Disk 0 unknown MBR code
    21:27:26.904 Disk 0 MBR hidden
    21:27:27.095 Disk 0 Partition 1 80 (A) 07 HPFS/NTFS NTFS 67463 MB offset 63
    21:27:27.170 Disk 0 Partition 2 00 07 HPFS/NTFS NTFS 7261 MB offset 138166272
    21:27:27.204 Disk 0 Partition 3 00 07 HPFS/NTFS NTFS 1589 MB offset 153044992
    21:27:27.226 Disk 0 scanning C:\Windows\system32\drivers
    21:27:27.230 Service scanning
    21:27:28.984 Modules scanning
    21:27:31.067 Disk 0 trace - called modules:
    21:27:31.107 ntkrnlpa.exe >>UNKNOWN [0x868f7a2e]<<
    21:27:31.114 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0x859cd300]
    21:27:31.120 \Driver\disk[0x859cdf38] -> IRP_MJ_READ -> 0x868f7a2e
    21:27:31.662 AVAST engine scan C:\Windows
    21:27:31.673 AVAST engine scan C:\Windows\system32
    21:27:31.687 AVAST engine scan C:\Windows\system32\drivers
    21:27:31.698 AVAST engine scan C:\Users\Guy
    21:27:31.708 AVAST engine scan C:\ProgramData
    21:27:31.718 Scan finished successfully
    21:27:48.362 Disk 0 MBR has been saved successfully to "C:\Users\Guy\Desktop\MBR.dat"
    21:27:48.402 The log file has been saved successfully to "C:\Users\Guy\Desktop\aswMBR.txt"

    Thanks
     
  4. jeffce

    jeffce Malware Specialist

    Joined:
    May 10, 2011
    Messages:
    1,727
    Hi,

    Please download TDSSKiller.zip
    • Extract it to your desktop
    • Double click TDSSKiller.exe
    • when the window opens, click on Change Parameters
    • under ”Additional options”, put a check mark in the box next to “Detect TDLFS File System”
    • click OK
    • Press Start Scan
      • Only if Malicious objects are found then ensure Cure is selected
      • Then click Continue > Reboot now
    • Attach the log in your next reply
      • A copy of the log will be saved automatically to the root of the drive (typically C:\)
    ----------
     
  5. Notnatsyuggy

    Notnatsyuggy Thread Starter

    Joined:
    Jun 22, 2012
    Messages:
    27
    Hi,

    Done as requested, here's the log from TDSSKiller.....


    21:21:32.0517 4176 TDSS rootkit removing tool 2.7.43.0 Jun 29 2012 17:54:22
    21:21:32.0671 4176 ============================================================
    21:21:32.0671 4176 Current date / time: 2012/07/02 21:21:32.0671
    21:21:32.0671 4176 SystemInfo:
    21:21:32.0671 4176
    21:21:32.0671 4176 OS Version: 6.0.6002 ServicePack: 2.0
    21:21:32.0671 4176 Product type: Workstation
    21:21:32.0671 4176 ComputerName: GUY-PC
    21:21:32.0672 4176 UserName: Guy
    21:21:32.0672 4176 Windows directory: C:\Windows
    21:21:32.0672 4176 System windows directory: C:\Windows
    21:21:32.0672 4176 Processor architecture: Intel x86
    21:21:32.0672 4176 Number of processors: 1
    21:21:32.0672 4176 Page size: 0x1000
    21:21:32.0672 4176 Boot type: Normal boot
    21:21:32.0672 4176 ============================================================
    21:21:34.0610 4176 Drive \Device\Harddisk0\DR0 - Size: 0x12A1F16000 (74.53 Gb), SectorSize: 0x200, Cylinders: 0x2601, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000050
    21:21:34.0639 4176 ============================================================
    21:21:34.0639 4176 \Device\Harddisk0\DR0:
    21:21:34.0646 4176 MBR partitions:
    21:21:34.0649 4176 \Device\Harddisk0\DR0\Partition0: MBR, Type 0x7, StartLBA 0x3F, BlocksNum 0x83C3FC1
    21:21:34.0649 4176 \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x83C4000, BlocksNum 0xE2E800
    21:21:34.0649 4176 \Device\Harddisk0\DR0\Partition2: MBR, Type 0x7, StartLBA 0x91F4800, BlocksNum 0x31A800
    21:21:34.0649 4176 ============================================================
    21:21:34.0676 4176 C: <-> \Device\Harddisk0\DR0\Partition0
    21:21:34.0811 4176 E: <-> \Device\Harddisk0\DR0\Partition2
    21:21:34.0872 4176 F: <-> \Device\Harddisk0\DR0\Partition1
    21:21:34.0872 4176 ============================================================
    21:21:34.0872 4176 Initialize success
    21:21:34.0872 4176 ============================================================
    21:22:11.0560 4424 ============================================================
    21:22:11.0560 4424 Scan started
    21:22:11.0560 4424 Mode: Manual; TDLFS;
    21:22:11.0560 4424 ============================================================
    21:22:13.0728 4424 !SASCORE (c0393eb99a6c72c6bef9bfc4a72b33a6) C:\Program Files\SUPERAntiSpyware\SASCORE.EXE
    21:22:13.0765 4424 !SASCORE - ok
    21:22:14.0838 4424 ACPI (82b296ae1892fe3dbee00c9cf92f8ac7) C:\Windows\system32\drivers\acpi.sys
    21:22:14.0843 4424 ACPI - ok
    21:22:15.0006 4424 ADIHdAudAddService (b30ee77d621a08891089b7d9712d8cd4) C:\Windows\system32\drivers\ADIHdAud.sys
    21:22:15.0011 4424 ADIHdAudAddService - ok
    21:22:15.0297 4424 AdobeARMservice (62b7936f9036dd6ed36e6a7efa805dc0) C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe
    21:22:15.0345 4424 AdobeARMservice - ok
    21:22:15.0444 4424 adp94xx (2edc5bbac6c651ece337bde8ed97c9fb) C:\Windows\system32\drivers\adp94xx.sys
    21:22:15.0457 4424 adp94xx - ok
    21:22:15.0773 4424 adpahci (b84088ca3cdca97da44a984c6ce1ccad) C:\Windows\system32\drivers\adpahci.sys
    21:22:15.0804 4424 adpahci - ok
    21:22:15.0833 4424 adpu160m (7880c67bccc27c86fd05aa2afb5ea469) C:\Windows\system32\drivers\adpu160m.sys
    21:22:15.0836 4424 adpu160m - ok
    21:22:15.0973 4424 adpu320 (9ae713f8e30efc2abccd84904333df4d) C:\Windows\system32\drivers\adpu320.sys
    21:22:16.0075 4424 adpu320 - ok
    21:22:16.0284 4424 AEADIFilters (12d23758621b00b8d3134095ec3325fd) C:\Windows\system32\AEADISRV.EXE
    21:22:16.0385 4424 AEADIFilters - ok
    21:22:16.0415 4424 AeLookupSvc (9d1fda9e086ba64e3c93c9de32461bcf) C:\Windows\System32\aelupsvc.dll
    21:22:16.0423 4424 AeLookupSvc - ok
    21:22:16.0530 4424 AFD (3911b972b55fea0478476b2e777b29fa) C:\Windows\system32\drivers\afd.sys
    21:22:16.0551 4424 AFD - ok
    21:22:16.0650 4424 AgereModemAudio (39e435c90c9c4f780fa0ed05ca3c3a1b) C:\Windows\system32\agrsmsvc.exe
    21:22:16.0657 4424 AgereModemAudio - ok
    21:22:16.0837 4424 AgereSoftModem (2e3abaacbf547abbb5e73a504a56d05a) C:\Windows\system32\DRIVERS\AGRSM.sys
    21:22:16.0951 4424 AgereSoftModem - ok
    21:22:17.0058 4424 agp440 (ef23439cdd587f64c2c1b8825cead7d8) C:\Windows\system32\drivers\agp440.sys
    21:22:17.0080 4424 agp440 - ok
    21:22:17.0278 4424 aic78xx (ae1fdf7bf7bb6c6a70f67699d880592a) C:\Windows\system32\drivers\djsvs.sys
    21:22:17.0330 4424 aic78xx - ok
    21:22:17.0472 4424 ALG (a1545b731579895d8cc44fc0481c1192) C:\Windows\System32\alg.exe
    21:22:17.0473 4424 ALG - ok
    21:22:17.0556 4424 aliide (90395b64600ebb4552e26e178c94b2e4) C:\Windows\system32\drivers\aliide.sys
    21:22:17.0651 4424 aliide - ok
    21:22:17.0885 4424 amdagp (2b13e304c9dfdfa5eb582f6a149fa2c7) C:\Windows\system32\drivers\amdagp.sys
    21:22:17.0917 4424 amdagp - ok
    21:22:17.0948 4424 amdide (0577df1d323fe75a739c787893d300ea) C:\Windows\system32\drivers\amdide.sys
    21:22:17.0963 4424 amdide - ok
    21:22:18.0135 4424 AmdK7 (dc487885bcef9f28eece6fac0e5ddfc5) C:\Windows\system32\drivers\amdk7.sys
    21:22:18.0151 4424 AmdK7 - ok
    21:22:18.0229 4424 AmdK8 (0ca0071da4315b00fc1328ca86b425da) C:\Windows\system32\DRIVERS\amdk8.sys
    21:22:18.0260 4424 AmdK8 - ok
    21:22:18.0400 4424 Appinfo (c6d704c7f0434dc791aac37cac4b6e14) C:\Windows\System32\appinfo.dll
    21:22:18.0416 4424 Appinfo - ok
    21:22:18.0884 4424 Apple Mobile Device (7ef47644b74ebe721cc32211d3c35e76) C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
    21:22:18.0931 4424 Apple Mobile Device - ok
    21:22:19.0196 4424 arc (5f673180268bb1fdb69c99b6619fe379) C:\Windows\system32\drivers\arc.sys
    21:22:19.0211 4424 arc - ok
    21:22:19.0414 4424 arcsas (957f7540b5e7f602e44648c7de5a1c05) C:\Windows\system32\drivers\arcsas.sys
    21:22:19.0461 4424 arcsas - ok
    21:22:19.0835 4424 AsyncMac (53b202abee6455406254444303e87be1) C:\Windows\system32\DRIVERS\asyncmac.sys
    21:22:19.0851 4424 AsyncMac - ok
    21:22:19.0929 4424 atapi (1f05b78ab91c9075565a9d8a4b880bc4) C:\Windows\system32\drivers\atapi.sys
    21:22:19.0960 4424 atapi - ok
    21:22:20.0225 4424 AudioEndpointBuilder (68e2a1a0407a66cf50da0300852424ab) C:\Windows\System32\Audiosrv.dll
    21:22:20.0319 4424 AudioEndpointBuilder - ok
    21:22:20.0413 4424 Audiosrv (68e2a1a0407a66cf50da0300852424ab) C:\Windows\System32\Audiosrv.dll
    21:22:20.0413 4424 Audiosrv - ok
    21:22:20.0553 4424 b57nd60x (8e287eb3a52fd30c999482c576f4a61b) C:\Windows\system32\DRIVERS\b57nd60x.sys
    21:22:20.0678 4424 b57nd60x - ok
    21:22:21.0005 4424 BCM43XV (8c7cda904c8990b6309ed109add3e97b) C:\Windows\system32\DRIVERS\bcmwl6.sys
    21:22:21.0005 4424 BCM43XV - ok
    21:22:21.0052 4424 BCM43XX (8c7cda904c8990b6309ed109add3e97b) C:\Windows\system32\DRIVERS\bcmwl6.sys
    21:22:21.0068 4424 BCM43XX - ok
    21:22:21.0146 4424 Beep (67e506b75bd5326a3ec7b70bd014dfb6) C:\Windows\system32\drivers\Beep.sys
    21:22:21.0146 4424 Beep - ok
    21:22:21.0255 4424 BFE (c789af0f724fda5852fb9a7d3a432381) C:\Windows\System32\bfe.dll
    21:22:21.0333 4424 BFE - ok
    21:22:21.0520 4424 BITS (93952506c6d67330367f7e7934b6a02f) C:\Windows\System32\qmgr.dll
    21:22:21.0536 4424 BITS - ok
    21:22:21.0598 4424 blbdrive - ok
    21:22:21.0817 4424 Bonjour Service (db5bea73edaf19ac68b2c0fad0f92b1a) C:\Program Files\Bonjour\mDNSResponder.exe
    21:22:21.0817 4424 Bonjour Service - ok
    21:22:21.0926 4424 bowser (35f376253f687bde63976ccb3f2108ca) C:\Windows\system32\DRIVERS\bowser.sys
    21:22:21.0926 4424 bowser - ok
    21:22:22.0051 4424 BrFiltLo (9f9acc7f7ccde8a15c282d3f88b43309) C:\Windows\system32\drivers\brfiltlo.sys
    21:22:22.0051 4424 BrFiltLo - ok
    21:22:22.0113 4424 BrFiltUp (56801ad62213a41f6497f96dee83755a) C:\Windows\system32\drivers\brfiltup.sys
    21:22:22.0113 4424 BrFiltUp - ok
    21:22:22.0269 4424 Browser (a3629a0c4226f9e9c72faaeebc3ad33c) C:\Windows\System32\browser.dll
    21:22:22.0285 4424 Browser - ok
    21:22:22.0347 4424 Brserid (b304e75cff293029eddf094246747113) C:\Windows\system32\drivers\brserid.sys
    21:22:22.0363 4424 Brserid - ok
    21:22:22.0409 4424 BrSerWdm (203f0b1e73adadbbb7b7b1fabd901f6b) C:\Windows\system32\drivers\brserwdm.sys
    21:22:22.0409 4424 BrSerWdm - ok
    21:22:22.0441 4424 BrUsbMdm (bd456606156ba17e60a04e18016ae54b) C:\Windows\system32\drivers\brusbmdm.sys
    21:22:22.0441 4424 BrUsbMdm - ok
    21:22:22.0519 4424 BrUsbSer (af72ed54503f717a43268b3cc5faec2e) C:\Windows\system32\drivers\brusbser.sys
    21:22:22.0519 4424 BrUsbSer - ok
    21:22:22.0612 4424 BthEnum (6d39c954799b63ba866910234cf7d726) C:\Windows\system32\DRIVERS\BthEnum.sys
    21:22:22.0628 4424 BthEnum - ok
    21:22:22.0721 4424 BTHMODEM (ad07c1ec6665b8b35741ab91200c6b68) C:\Windows\system32\drivers\bthmodem.sys
    21:22:22.0721 4424 BTHMODEM - ok
    21:22:23.0002 4424 BthPan (5904efa25f829bf84ea6fb045134a1d8) C:\Windows\system32\DRIVERS\bthpan.sys
    21:22:23.0002 4424 BthPan - ok
    21:22:24.0578 4424 BTHPORT (611ff3f2f095c8d4a6d4cfd9dcc09793) C:\Windows\system32\Drivers\BTHport.sys
    21:22:24.0687 4424 BTHPORT - ok
    21:22:24.0827 4424 BthServ (a4c8377fa4a994e07075107dbe2e3dce) C:\Windows\System32\bthserv.dll
    21:22:24.0843 4424 BthServ - ok
    21:22:25.0857 4424 BTHUSB (d330803eab2a15caec7f011f1d4cb30e) C:\Windows\system32\Drivers\BTHUSB.sys
    21:22:25.0919 4424 BTHUSB - ok
    21:22:26.0263 4424 BVRPMPR5 (6598d078d5446197aed6b46c6a2a3431) C:\Windows\system32\drivers\BVRPMPR5.SYS
    21:22:26.0372 4424 BVRPMPR5 - ok
    21:22:26.0653 4424 cdfs (7add03e75beb9e6dd102c3081d29840a) C:\Windows\system32\DRIVERS\cdfs.sys
    21:22:26.0653 4424 cdfs - ok
    21:22:26.0887 4424 cdrom (6b4bffb9becd728097024276430db314) C:\Windows\system32\DRIVERS\cdrom.sys
    21:22:26.0887 4424 cdrom - ok
    21:22:27.0136 4424 CertPropSvc (312ec3e37a0a1f2006534913e37b4423) C:\Windows\System32\certprop.dll
    21:22:27.0245 4424 CertPropSvc - ok
    21:22:27.0479 4424 circlass (da8e0afc7baa226c538ef53ac2f90897) C:\Windows\system32\drivers\circlass.sys
    21:22:27.0479 4424 circlass - ok
    21:22:28.0493 4424 CLFS (d7659d3b5b92c31e84e53c1431f35132) C:\Windows\system32\CLFS.sys
    21:22:28.0613 4424 CLFS - ok
    21:22:28.0983 4424 clr_optimization_v2.0.50727_32 (8ee772032e2fe80a924f3b8dd5082194) C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
    21:22:29.0003 4424 clr_optimization_v2.0.50727_32 - ok
    21:22:29.0603 4424 clr_optimization_v4.0.30319_32 (c5a75eb48e2344abdc162bda79e16841) C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
    21:22:30.0183 4424 clr_optimization_v4.0.30319_32 - ok
    21:22:30.0333 4424 CmBatt (99afc3795b58cc478fbbbcdc658fcb56) C:\Windows\system32\DRIVERS\CmBatt.sys
    21:22:30.0343 4424 CmBatt - ok
    21:22:30.0443 4424 cmdide (45201046c776ffdaf3fc8a0029c581c8) C:\Windows\system32\drivers\cmdide.sys
    21:22:30.0483 4424 cmdide - ok
    21:22:30.0883 4424 Com4Qlb (d8774ace03b46c9b01a49818055f9ad4) C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\Com4Qlb.exe
    21:22:30.0993 4424 Com4Qlb - ok
    21:22:31.0133 4424 Compbatt (6afef0b60fa25de07c0968983ee4f60a) C:\Windows\system32\DRIVERS\compbatt.sys
    21:22:31.0133 4424 Compbatt - ok
    21:22:31.0143 4424 COMSysApp - ok
    21:22:31.0273 4424 crcdisk (2a213ae086bbec5e937553c7d9a2b22c) C:\Windows\system32\drivers\crcdisk.sys
    21:22:31.0283 4424 crcdisk - ok
    21:22:31.0473 4424 Crusoe (22a7f883508176489f559ee745b5bf5d) C:\Windows\system32\drivers\crusoe.sys
    21:22:31.0573 4424 Crusoe - ok
    21:22:31.0843 4424 CryptSvc (75c6a297e364014840b48eccd7525e30) C:\Windows\system32\cryptsvc.dll
    21:22:31.0843 4424 CryptSvc - ok
    21:22:32.0073 4424 DAMDrv (5d5984255a4bfaa4262fb750df7cd537) C:\Windows\system32\DRIVERS\DAMDrv.sys
    21:22:32.0193 4424 DAMDrv - ok
    21:22:32.0403 4424 DCamUSBET (619f52e53e20e839cdb2a83b7ec8e5ef) C:\Windows\system32\DRIVERS\etDevice.sys
    21:22:32.0473 4424 DCamUSBET - ok
    21:22:34.0143 4424 DcomLaunch (3b5b4d53fec14f7476ca29a20cc31ac9) C:\Windows\system32\rpcss.dll
    21:22:34.0573 4424 DcomLaunch - ok
    21:22:34.0973 4424 DfsC (622c41a07ca7e6dd91770f50d532cb6c) C:\Windows\system32\Drivers\dfsc.sys
    21:22:34.0973 4424 DfsC - ok
    21:22:35.0553 4424 DFSR (2cc3dcfb533a1035b13dcab6160ab38b) C:\Windows\system32\DFSR.exe
    21:22:36.0163 4424 DFSR - ok
    21:22:36.0903 4424 Dhcp (9028559c132146fb75eb7acf384b086a) C:\Windows\System32\dhcpcsvc.dll
    21:22:36.0963 4424 Dhcp - ok
    21:22:37.0213 4424 disk (5d4aefc3386920236a548271f8f1af6a) C:\Windows\system32\drivers\disk.sys
    21:22:37.0213 4424 disk - ok
    21:22:37.0513 4424 Dnscache (57d762f6f5974af0da2be88a3349baaa) C:\Windows\System32\dnsrslvr.dll
    21:22:37.0553 4424 Dnscache - ok
    21:22:37.0703 4424 dot3svc (324fd74686b1ef5e7c19a8af49e748f6) C:\Windows\System32\dot3svc.dll
    21:22:37.0753 4424 dot3svc - ok
    21:22:38.0023 4424 DPS (a622e888f8aa2f6b49e9bc466f0e5def) C:\Windows\system32\dps.dll
    21:22:38.0053 4424 DPS - ok
    21:22:38.0193 4424 drmkaud (97fef831ab90bee128c9af390e243f80) C:\Windows\system32\drivers\drmkaud.sys
    21:22:38.0203 4424 drmkaud - ok
    21:22:40.0163 4424 DXGKrnl (c68ac676b0ef30cfbb1080adce49eb1f) C:\Windows\System32\drivers\dxgkrnl.sys
    21:22:40.0163 4424 DXGKrnl - ok
    21:22:40.0383 4424 e1express (9636e42b3114b66ce6edfb34b9d8e81b) C:\Windows\system32\DRIVERS\e1e6032.sys
    21:22:40.0383 4424 e1express - ok
    21:22:40.0933 4424 E1G60 (f88fb26547fd2ce6d0a5af2985892c48) C:\Windows\system32\DRIVERS\E1G60I32.sys
    21:22:40.0993 4424 E1G60 - ok
    21:22:41.0233 4424 EapHost (c0b95e40d85cd807d614e264248a45b9) C:\Windows\System32\eapsvc.dll
    21:22:41.0273 4424 EapHost - ok
    21:22:42.0073 4424 Ecache (7f64ea048dcfac7acf8b4d7b4e6fe371) C:\Windows\system32\drivers\ecache.sys
    21:22:42.0093 4424 Ecache - ok
    21:22:42.0913 4424 elxstor (e8f3f21a71720c84bcf423b80028359f) C:\Windows\system32\drivers\elxstor.sys
    21:22:43.0033 4424 elxstor - ok
    21:22:44.0003 4424 EMDMgmt (4e6b23dfc917ea39306b529b773950f4) C:\Windows\system32\emdmgmt.dll
    21:22:44.0393 4424 EMDMgmt - ok
    21:22:44.0633 4424 EventSystem (67058c46504bc12d821f38cf99b7b28f) C:\Windows\system32\es.dll
    21:22:44.0633 4424 EventSystem - ok
    21:22:45.0033 4424 exfat (22b408651f9123527bcee54b4f6c5cae) C:\Windows\system32\drivers\exfat.sys
    21:22:45.0043 4424 exfat - ok
    21:22:45.0342 4424 fastfat (1e9b9a70d332103c52995e957dc09ef8) C:\Windows\system32\drivers\fastfat.sys
    21:22:45.0404 4424 fastfat - ok
    21:22:45.0498 4424 fdc (63bdada84951b9c03e641800e176898a) C:\Windows\system32\DRIVERS\fdc.sys
    21:22:45.0498 4424 fdc - ok
    21:22:45.0685 4424 fdPHost (6629b5f0e98151f4afdd87567ea32ba3) C:\Windows\system32\fdPHost.dll
    21:22:45.0685 4424 fdPHost - ok
    21:22:45.0841 4424 FDResPub (89ed56dce8e47af40892778a5bd31fd2) C:\Windows\system32\fdrespub.dll
    21:22:45.0841 4424 FDResPub - ok
    21:22:46.0122 4424 FileInfo (a8c0139a884861e3aae9cfe73b208a9f) C:\Windows\system32\drivers\fileinfo.sys
    21:22:46.0122 4424 FileInfo - ok
    21:22:46.0215 4424 Filetrace (0ae429a696aecbc5970e3cf2c62635ae) C:\Windows\system32\drivers\filetrace.sys
    21:22:46.0215 4424 Filetrace - ok
    21:22:46.0418 4424 FiltUSBET (9c185169e998942df28a760ae231f9b7) C:\Windows\system32\DRIVERS\etFilter.sys
    21:22:46.0434 4424 FiltUSBET - ok
    21:22:46.0933 4424 FLCDLOCK (224138e0ccdf7ce3281298473f6fd1d2) C:\Windows\system32\flcdlock.exe
    21:22:47.0089 4424 FLCDLOCK - ok
    21:22:47.0198 4424 flpydisk (6603957eff5ec62d25075ea8ac27de68) C:\Windows\system32\DRIVERS\flpydisk.sys
    21:22:47.0214 4424 flpydisk - ok
    21:22:48.0072 4424 FltMgr (01334f9ea68e6877c4ef05d3ea8abb05) C:\Windows\system32\drivers\fltmgr.sys
    21:22:48.0103 4424 FltMgr - ok
    21:22:49.0723 4424 FontCache (8ce364388c8eca59b14b539179276d44) C:\Windows\system32\FntCache.dll
    21:22:49.0973 4424 FontCache - ok
    21:22:50.0299 4424 FontCache3.0.0.0 (c7fbdd1ed42f82bfa35167a5c9803ea3) C:\Windows\Microsoft.Net\Framework\v3.0\WPF\PresentationFontCache.exe
    21:22:50.0330 4424 FontCache3.0.0.0 - ok
    21:22:50.0783 4424 Fs_Rec (b972a66758577e0bfd1de0f91aaa27b5) C:\Windows\system32\drivers\Fs_Rec.sys
    21:22:50.0954 4424 Fs_Rec - ok
    21:22:51.0157 4424 gagp30kx (4e1cd0a45c50a8882616cae5bf82f3c5) C:\Windows\system32\drivers\gagp30kx.sys
    21:22:51.0204 4424 gagp30kx - ok
    21:22:51.0407 4424 GEARAspiWDM (8182ff89c65e4d38b2de4bb0fb18564e) C:\Windows\system32\DRIVERS\GEARAspiWDM.sys
    21:22:51.0407 4424 GEARAspiWDM - ok
    21:22:52.0124 4424 gpsvc (cd5d0aeee35dfd4e986a5aa1500a6e66) C:\Windows\System32\gpsvc.dll
    21:22:52.0358 4424 gpsvc - ok
    21:22:52.0795 4424 gupdate (f02a533f517eb38333cb12a9e8963773) C:\Program Files\Google\Update\GoogleUpdate.exe
    21:22:52.0826 4424 gupdate - ok
    21:22:52.0826 4424 gupdatem (f02a533f517eb38333cb12a9e8963773) C:\Program Files\Google\Update\GoogleUpdate.exe
    21:22:52.0826 4424 gupdatem - ok
    21:22:52.0933 4424 HBtnKey (de15777902a5d9121857d155873a1d1b) C:\Windows\system32\DRIVERS\cpqbttn.sys
    21:22:52.0933 4424 HBtnKey - ok
    21:22:53.0423 4424 HdAudAddService (cb04c744be0a61b1d648faed182c3b59) C:\Windows\system32\drivers\HdAudio.sys
    21:22:53.0593 4424 HdAudAddService - ok
    21:22:55.0153 4424 HDAudBus (062452b7ffd68c8c042a6261fe8dff4a) C:\Windows\system32\DRIVERS\HDAudBus.sys
    21:22:55.0233 4424 HDAudBus - ok
    21:22:55.0283 4424 HidBth (1338520e78d90154ed6be8f84de5fceb) C:\Windows\system32\drivers\hidbth.sys
    21:22:55.0293 4424 HidBth - ok
    21:22:55.0393 4424 HidIr (ff3160c3a2445128c5a6d9b076da519e) C:\Windows\system32\drivers\hidir.sys
    21:22:55.0393 4424 HidIr - ok
    21:22:55.0523 4424 hidserv (84067081f3318162797385e11a8f0582) C:\Windows\system32\hidserv.dll
    21:22:55.0523 4424 hidserv - ok
    21:22:55.0593 4424 HidUsb (3c64042b95e583b366ba4e5d2450235e) C:\Windows\system32\drivers\hidusb.sys
    21:22:55.0603 4424 HidUsb - ok
    21:22:55.0743 4424 hkmsvc (d8ad255b37da92434c26e4876db7d418) C:\Windows\system32\kmsvc.dll
    21:22:55.0753 4424 hkmsvc - ok
    21:22:56.0133 4424 HP Health Check Service (a19b0bb5a7eb6df2dd4a0711d36955ee) c:\Program Files\Hewlett-Packard\HP Health Check\hphc_service.exe
    21:22:56.0163 4424 HP Health Check Service - ok
    21:22:56.0283 4424 HpCISSs (df353b401001246853763c4b7aaa6f50) C:\Windows\system32\drivers\hpcisss.sys
    21:22:56.0303 4424 HpCISSs - ok
    21:22:56.0363 4424 HpqKbFiltr (35956140e686d53bf676cf0c778880fc) C:\Windows\system32\DRIVERS\HpqKbFiltr.sys
    21:22:56.0373 4424 HpqKbFiltr - ok
    21:22:57.0043 4424 hpqwmiex (f8968c9778f25a90a35755c3c97c7f62) C:\Program Files\Hewlett-Packard\Shared\hpqwmiex.exe
    21:22:57.0043 4424 hpqwmiex - ok
    21:22:57.0453 4424 HSFHWAZL (46d67209550973257601a533e2ac5785) C:\Windows\system32\DRIVERS\VSTAZL3.SYS
    21:22:57.0523 4424 HSFHWAZL - ok
    21:22:58.0939 4424 HSF_DPV (ec36f1d542ed4252390d446bf6d4dfd0) C:\Windows\system32\DRIVERS\VSTDPV3.SYS
    21:22:59.0350 4424 HSF_DPV - ok
    21:22:59.0465 4424 HTCAND32 (cbd09ed9cf6822177ee85aea4d8816a2) C:\Windows\system32\Drivers\ANDROIDUSB.sys
    21:22:59.0467 4424 HTCAND32 - ok
    21:22:59.0591 4424 htcnprot (52395a94c127c0266d1c0f3cce8a4345) C:\Windows\system32\DRIVERS\htcnprot.sys
    21:22:59.0611 4424 htcnprot - ok
    21:23:00.0168 4424 HTTP (0eeeca26c8d4bde2a4664db058a81937) C:\Windows\system32\drivers\HTTP.sys
    21:23:00.0396 4424 HTTP - ok
    21:23:00.0490 4424 i2omp (324c2152ff2c61abae92d09f3cca4d63) C:\Windows\system32\drivers\i2omp.sys
    21:23:00.0522 4424 i2omp - ok
    21:23:00.0711 4424 i8042prt (22d56c8184586b7a1f6fa60be5f5a2bd) C:\Windows\system32\DRIVERS\i8042prt.sys
    21:23:00.0728 4424 i8042prt - ok
    21:23:01.0490 4424 iaStor (997e8f5939f2d12cd9f2e6b395724c16) C:\Windows\system32\drivers\iastor.sys
    21:23:01.0493 4424 iaStor - ok
    21:23:02.0075 4424 iaStorV (c957bf4b5d80b46c5017bf0101e6c906) C:\Windows\system32\drivers\iastorv.sys
    21:23:02.0187 4424 iaStorV - ok
    21:23:02.0977 4424 IDriverT (6f95324909b502e2651442c1548ab12f) C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
    21:23:02.0997 4424 IDriverT - ok
    21:23:03.0852 4424 idsvc (98477b08e61945f974ed9fdc4cb6bdab) C:\Windows\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe
    21:23:04.0042 4424 idsvc - ok
    21:23:05.0131 4424 igfx (bbace0293b73bf8c7cb591f2d06f26fa) C:\Windows\system32\DRIVERS\igdkmd32.sys
    21:23:05.0308 4424 igfx - ok
    21:23:06.0147 4424 iirsp (2d077bf86e843f901d8db709c95b49a5) C:\Windows\system32\drivers\iirsp.sys
    21:23:06.0163 4424 iirsp - ok
    21:23:06.0553 4424 IKEEXT (9908d8a397b76cd8d31d0d383c5773c9) C:\Windows\System32\ikeext.dll
    21:23:06.0600 4424 IKEEXT - ok
    21:23:07.0941 4424 intelide (97469037714070e45194ed318d636401) C:\Windows\system32\drivers\intelide.sys
    21:23:08.0191 4424 intelide - ok
    21:23:08.0253 4424 intelppm (224191001e78c89dfa78924c3ea595ff) C:\Windows\system32\DRIVERS\intelppm.sys
    21:23:08.0253 4424 intelppm - ok
    21:23:08.0518 4424 IPBusEnum (9ac218c6e6105477484c6fdbe7d409a4) C:\Windows\system32\ipbusenum.dll
    21:23:08.0534 4424 IPBusEnum - ok
    21:23:08.0674 4424 IpFilterDriver (62c265c38769b864cb25b4bcf62df6c3) C:\Windows\system32\DRIVERS\ipfltdrv.sys
    21:23:08.0706 4424 IpFilterDriver - ok
    21:23:09.0376 4424 iphlpsvc (1998bd97f950680bb55f55a7244679c2) C:\Windows\System32\iphlpsvc.dll
    21:23:09.0595 4424 iphlpsvc - ok
    21:23:09.0610 4424 IpInIp - ok
    21:23:09.0807 4424 IPMIDRV (40f34f8aba2a015d780e4b09138b6c17) C:\Windows\system32\drivers\ipmidrv.sys
    21:23:09.0837 4424 IPMIDRV - ok
    21:23:10.0247 4424 IPNAT (8793643a67b42cec66490b2a0cf92d68) C:\Windows\system32\DRIVERS\ipnat.sys
    21:23:10.0247 4424 IPNAT - ok
    21:23:10.0407 4424 IRENUM (109c0dfb82c3632fbd11949b73aeeac9) C:\Windows\system32\drivers\irenum.sys
    21:23:10.0417 4424 IRENUM - ok
    21:23:10.0527 4424 isapnp (350fca7e73cf65bcef43fae1e4e91293) C:\Windows\system32\drivers\isapnp.sys
    21:23:10.0537 4424 isapnp - ok
    21:23:11.0517 4424 iScsiPrt (232fa340531d940aac623b121a595034) C:\Windows\system32\DRIVERS\msiscsi.sys
    21:23:11.0517 4424 iScsiPrt - ok
    21:23:11.0723 4424 iteatapi (bced60d16156e428f8df8cf27b0df150) C:\Windows\system32\drivers\iteatapi.sys
    21:23:11.0738 4424 iteatapi - ok
    21:23:11.0832 4424 iteraid (06fa654504a498c30adca8bec4e87e7e) C:\Windows\system32\drivers\iteraid.sys
    21:23:11.0832 4424 iteraid - ok
    21:23:12.0596 4424 IviRegMgr (213822072085b5bbad9af30ab577d817) C:\Program Files\Common Files\InterVideo\RegMgr\iviRegMgr.exe
    21:23:12.0596 4424 IviRegMgr - ok
    21:23:12.0659 4424 kbdclass (37605e0a8cf00cbba538e753e4344c6e) C:\Windows\system32\DRIVERS\kbdclass.sys
    21:23:12.0659 4424 kbdclass - ok
    21:23:12.0752 4424 kbdhid (ede59ec70e25c24581add1fbec7325f7) C:\Windows\system32\DRIVERS\kbdhid.sys
    21:23:12.0752 4424 kbdhid - ok
    21:23:12.0862 4424 KeyIso (a3e186b4b935905b829219502557314e) C:\Windows\system32\lsass.exe
    21:23:13.0049 4424 KeyIso - ok
    21:23:14.0032 4424 KSecDD (2b2f1638466e8cb091400c9019cc730e) C:\Windows\system32\Drivers\ksecdd.sys
    21:23:14.0281 4424 KSecDD - ok
    21:23:14.0780 4424 KtmRm (8078f8f8f7a79e2e6b494523a828c585) C:\Windows\system32\msdtckrm.dll
    21:23:14.0952 4424 KtmRm - ok
    21:23:15.0326 4424 LanmanServer (1bf5eebfd518dd7298434d8c862f825d) C:\Windows\system32\srvsvc.dll
    21:23:15.0326 4424 LanmanServer - ok
    21:23:15.0670 4424 LanmanWorkstation (1db69705b695b987082c8baec0c6b34f) C:\Windows\System32\wkssvc.dll
    21:23:15.0685 4424 LanmanWorkstation - ok
    21:23:16.0403 4424 LightScribeService (31d8b705dcd5f2366186e731f87c7a71) C:\Program Files\Common Files\LightScribe\LSSrvc.exe
    21:23:16.0450 4424 LightScribeService - ok
    21:23:16.0603 4424 lltdio (d1c5883087a0c3f1344d9d55a44901f6) C:\Windows\system32\DRIVERS\lltdio.sys
    21:23:16.0613 4424 lltdio - ok
    21:23:17.0143 4424 lltdsvc (2d5a428872f1442631d0959a34abff63) C:\Windows\System32\lltdsvc.dll
    21:23:17.0203 4424 lltdsvc - ok
    21:23:17.0323 4424 lmhosts (35d40113e4a5b961b6ce5c5857702518) C:\Windows\System32\lmhsvc.dll
    21:23:17.0323 4424 lmhosts - ok
    21:23:17.0483 4424 LSI_FC (a2262fb9f28935e862b4db46438c80d2) C:\Windows\system32\drivers\lsi_fc.sys
    21:23:17.0483 4424 LSI_FC - ok
    21:23:17.0653 4424 LSI_SAS (30d73327d390f72a62f32c103daf1d6d) C:\Windows\system32\drivers\lsi_sas.sys
    21:23:17.0673 4424 LSI_SAS - ok
    21:23:17.0793 4424 LSI_SCSI (e1e36fefd45849a95f1ab81de0159fe3) C:\Windows\system32\drivers\lsi_scsi.sys
    21:23:17.0793 4424 LSI_SCSI - ok
    21:23:18.0163 4424 luafv (8f5c7426567798e62a3b3614965d62cc) C:\Windows\system32\drivers\luafv.sys
    21:23:18.0173 4424 luafv - ok
    21:23:18.0283 4424 megasas (d153b14fc6598eae8422a2037553adce) C:\Windows\system32\drivers\megasas.sys
    21:23:18.0293 4424 megasas - ok
    21:23:18.0653 4424 Microsoft SharePoint Workspace Audit Service - ok
    21:23:18.0753 4424 MMCSS (1076ffcffaae8385fd62dfcb25ac4708) C:\Windows\system32\mmcss.dll
    21:23:18.0763 4424 MMCSS - ok
    21:23:18.0883 4424 Modem (e13b5ea0f51ba5b1512ec671393d09ba) C:\Windows\system32\drivers\modem.sys
    21:23:18.0953 4424 Modem - ok
    21:23:19.0233 4424 monitor (0a9bb33b56e294f686abb7c1e4e2d8a8) C:\Windows\system32\DRIVERS\monitor.sys
    21:23:19.0233 4424 monitor - ok
    21:23:19.0433 4424 mouclass (5bf6a1326a335c5298477754a506d263) C:\Windows\system32\DRIVERS\mouclass.sys
    21:23:19.0433 4424 mouclass - ok
    21:23:19.0500 4424 mouhid (a3a6dff7e9e757db3df51a833bc28885) C:\Windows\system32\drivers\mouhid.sys
    21:23:19.0531 4424 mouhid - ok
    21:23:19.0672 4424 MountMgr (bdafc88aa6b92f7842416ea6a48e1600) C:\Windows\system32\drivers\mountmgr.sys
    21:23:19.0703 4424 MountMgr - ok
    21:23:20.0249 4424 MpFilter (d993bea500e7382dc4e760bf4f35efcb) C:\Windows\system32\DRIVERS\MpFilter.sys
    21:23:20.0280 4424 MpFilter - ok
    21:23:20.0467 4424 mpio (583a41f26278d9e0ea548163d6139397) C:\Windows\system32\drivers\mpio.sys
    21:23:20.0498 4424 mpio - ok
    21:23:21.0044 4424 MpKsl1494745d (a69630d039c38018689190234f866d77) c:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{35FF0FD5-746E-4B2B-A2FF-90FC43055FEF}\MpKsl1494745d.sys
    21:23:21.0044 4424 MpKsl1494745d - ok
    21:23:21.0292 4424 mpsdrv (22241feba9b2defa669c8cb0a8dd7d2e) C:\Windows\system32\drivers\mpsdrv.sys
    21:23:21.0312 4424 mpsdrv - ok
    21:23:22.0369 4424 MpsSvc (5de62c6e9108f14f6794060a9bdecaec) C:\Windows\system32\mpssvc.dll
    21:23:22.0541 4424 MpsSvc - ok
    21:23:22.0712 4424 Mraid35x (4fbbb70d30fd20ec51f80061703b001e) C:\Windows\system32\drivers\mraid35x.sys
    21:23:22.0728 4424 Mraid35x - ok
    21:23:23.0274 4424 MRxDAV (82cea0395524aacfeb58ba1448e8325c) C:\Windows\system32\drivers\mrxdav.sys
    21:23:23.0305 4424 MRxDAV - ok
    21:23:23.0570 4424 mrxsmb (1e94971c4b446ab2290deb71d01cf0c2) C:\Windows\system32\DRIVERS\mrxsmb.sys
    21:23:23.0602 4424 mrxsmb - ok
    21:23:23.0789 4424 mrxsmb10 (4fccb34d793b116423209c0f8b7a3b03) C:\Windows\system32\DRIVERS\mrxsmb10.sys
    21:23:23.0804 4424 mrxsmb10 - ok
    21:23:24.0007 4424 mrxsmb20 (c3cb1b40ad4a0124d617a1199b0b9d7c) C:\Windows\system32\DRIVERS\mrxsmb20.sys
    21:23:24.0023 4424 mrxsmb20 - ok
    21:23:24.0070 4424 msahci (742aed7939e734c36b7e8d6228ce26b7) C:\Windows\system32\drivers\msahci.sys
    21:23:24.0070 4424 msahci - ok
    21:23:24.0241 4424 msdsm (3fc82a2ae4cc149165a94699183d3028) C:\Windows\system32\drivers\msdsm.sys
    21:23:24.0257 4424 msdsm - ok
    21:23:24.0616 4424 MSDTC (fd7520cc3a80c5fc8c48852bb24c6ded) C:\Windows\System32\msdtc.exe
    21:23:24.0662 4424 MSDTC - ok
    21:23:24.0865 4424 Msfs (a9927f4a46b816c92f461acb90cf8515) C:\Windows\system32\drivers\Msfs.sys
    21:23:24.0865 4424 Msfs - ok
    21:23:24.0990 4424 msisadrv (0f400e306f385c56317357d6dea56f62) C:\Windows\system32\drivers\msisadrv.sys
    21:23:25.0006 4424 msisadrv - ok
    21:23:25.0084 4424 MSiSCSI (85466c0757a23d9a9aecdc0755203cb2) C:\Windows\system32\iscsiexe.dll
    21:23:25.0084 4424 MSiSCSI - ok
    21:23:25.0115 4424 msiserver - ok
    21:23:25.0208 4424 MSKSSRV (d8c63d34d9c9e56c059e24ec7185cc07) C:\Windows\system32\drivers\MSKSSRV.sys
    21:23:25.0240 4424 MSKSSRV - ok
    21:23:25.0505 4424 MsMpSvc (24516bf4e12a46cb67302e2cdcb8cddf) c:\Program Files\Microsoft Security Client\MsMpEng.exe
    21:23:25.0505 4424 MsMpSvc - ok
    21:23:25.0739 4424 MSPCLOCK (1d373c90d62ddb641d50e55b9e78d65e) C:\Windows\system32\drivers\MSPCLOCK.sys
    21:23:25.0848 4424 MSPCLOCK - ok
    21:23:25.0957 4424 MSPQM (b572da05bf4e098d4bba3a4734fb505b) C:\Windows\system32\drivers\MSPQM.sys
    21:23:26.0020 4424 MSPQM - ok
    21:23:26.0378 4424 MsRPC (b49456d70555de905c311bcda6ec6adb) C:\Windows\system32\drivers\MsRPC.sys
    21:23:26.0410 4424 MsRPC - ok
    21:23:26.0519 4424 mssmbios (e384487cb84be41d09711c30ca79646c) C:\Windows\system32\DRIVERS\mssmbios.sys
    21:23:26.0519 4424 mssmbios - ok
    21:23:26.0597 4424 MSTEE (7199c1eec1e4993caf96b8c0a26bd58a) C:\Windows\system32\drivers\MSTEE.sys
    21:23:26.0612 4424 MSTEE - ok
    21:23:26.0768 4424 Mup (6a57b5733d4cb702c8ea4542e836b96c) C:\Windows\system32\Drivers\mup.sys
    21:23:26.0768 4424 Mup - ok
    21:23:26.0940 4424 napagent (e4eaf0c5c1b41b5c83386cf212ca9584) C:\Windows\system32\qagentRT.dll
    21:23:26.0940 4424 napagent - ok
    21:23:27.0564 4424 NativeWifiP (85c44fdff9cf7e72a40dcb7ec06a4416) C:\Windows\system32\DRIVERS\nwifi.sys
    21:23:27.0626 4424 NativeWifiP - ok
    21:23:28.0796 4424 NDIS (1357274d1883f68300aeadd15d7bbb42) C:\Windows\system32\drivers\ndis.sys
    21:23:28.0906 4424 NDIS - ok
    21:23:29.0592 4424 NdisTapi (0e186e90404980569fb449ba7519ae61) C:\Windows\system32\DRIVERS\ndistapi.sys
    21:23:29.0608 4424 NdisTapi - ok
    21:23:29.0701 4424 Ndisuio (d6973aa34c4d5d76c0430b181c3cd389) C:\Windows\system32\DRIVERS\ndisuio.sys
    21:23:29.0732 4424 Ndisuio - ok
    21:23:29.0873 4424 NdisWan (818f648618ae34f729fdb47ec68345c3) C:\Windows\system32\DRIVERS\ndiswan.sys
    21:23:29.0920 4424 NdisWan - ok
    21:23:30.0076 4424 NDProxy (71dab552b41936358f3b541ae5997fb3) C:\Windows\system32\drivers\NDProxy.sys
    21:23:30.0091 4424 NDProxy - ok
    21:23:30.0668 4424 NetBIOS (bcd093a5a6777cf626434568dc7dba78) C:\Windows\system32\DRIVERS\netbios.sys
    21:23:30.0668 4424 NetBIOS - ok
    21:23:30.0762 4424 netbt (ecd64230a59cbd93c85f1cd1cab9f3f6) C:\Windows\system32\DRIVERS\netbt.sys
    21:23:30.0778 4424 netbt - ok
    21:23:30.0856 4424 Netlogon (a3e186b4b935905b829219502557314e) C:\Windows\system32\lsass.exe
    21:23:30.0856 4424 Netlogon - ok
    21:23:31.0480 4424 Netman (c8052711daecc48b982434c5116ca401) C:\Windows\System32\netman.dll
    21:23:31.0495 4424 Netman - ok
    21:23:31.0620 4424 netprofm (2ef3bbe22e5a5acd1428ee387a0d0172) C:\Windows\System32\netprofm.dll
    21:23:31.0636 4424 netprofm - ok
    21:23:31.0854 4424 NetTcpPortSharing (d6c4e4a39a36029ac0813d476fbd0248) C:\Windows\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe
    21:23:31.0870 4424 NetTcpPortSharing - ok
    21:23:31.0994 4424 nfrd960 (2e7fb731d4790a1bc6270accefacb36e) C:\Windows\system32\drivers\nfrd960.sys
    21:23:31.0994 4424 nfrd960 - ok
    21:23:32.0088 4424 NisDrv (b52f26bade7d7e4a79706e3fd91834cd) C:\Windows\system32\DRIVERS\NisDrvWFP.sys
    21:23:32.0088 4424 NisDrv - ok
    21:23:32.0684 4424 NisSrv (290c0d4c4889398797f8df3be00b9698) c:\Program Files\Microsoft Security Client\NisSrv.exe
    21:23:32.0834 4424 NisSrv - ok
    21:23:33.0604 4424 NlaSvc (2997b15415f9bbe05b5a4c1c85e0c6a2) C:\Windows\System32\nlasvc.dll
    21:23:33.0614 4424 NlaSvc - ok
    21:23:33.0874 4424 Npfs (d36f239d7cce1931598e8fb90a0dbc26) C:\Windows\system32\drivers\Npfs.sys
    21:23:33.0904 4424 Npfs - ok
    21:23:33.0994 4424 nsi (8bb86f0c7eea2bded6fe095d0b4ca9bd) C:\Windows\system32\nsisvc.dll
    21:23:34.0004 4424 nsi - ok
    21:23:34.0104 4424 nsiproxy (609773e344a97410ce4ebf74a8914fcf) C:\Windows\system32\drivers\nsiproxy.sys
    21:23:34.0184 4424 nsiproxy - ok
    21:23:37.0463 4424 Ntfs (6a4a98cee84cf9e99564510dda4baa47) C:\Windows\system32\drivers\Ntfs.sys
    21:23:37.0633 4424 Ntfs - ok
    21:23:37.0923 4424 ntrigdigi (e875c093aec0c978a90f30c9e0dfbb72) C:\Windows\system32\drivers\ntrigdigi.sys
    21:23:37.0963 4424 ntrigdigi - ok
    21:23:38.0103 4424 Null (c5dbbcda07d780bda9b685df333bb41e) C:\Windows\system32\drivers\Null.sys
    21:23:38.0123 4424 Null - ok
    21:23:38.0233 4424 nvraid (e69e946f80c1c31c53003bfbf50cbb7c) C:\Windows\system32\drivers\nvraid.sys
    21:23:38.0253 4424 nvraid - ok
    21:23:38.0383 4424 nvstor (9e0ba19a28c498a6d323d065db76dffc) C:\Windows\system32\drivers\nvstor.sys
    21:23:38.0393 4424 nvstor - ok
    21:23:38.0603 4424 nv_agp (07c186427eb8fcc3d8d7927187f260f7) C:\Windows\system32\drivers\nv_agp.sys
    21:23:38.0633 4424 nv_agp - ok
    21:23:38.0643 4424 NwlnkFlt - ok
    21:23:38.0653 4424 NwlnkFwd - ok
    21:23:38.0933 4424 ohci1394 (be32da025a0be1878f0ee8d6d9386cd5) C:\Windows\system32\DRIVERS\ohci1394.sys
    21:23:38.0943 4424 ohci1394 - ok
    21:23:39.0563 4424 ose (9d10f99a6712e28f8acd5641e3a7ea6b) C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE
    21:23:39.0583 4424 ose - ok
    21:23:48.0002 4424 osppsvc (358a9cca612c68eb2f07ddad4ce1d8d7) C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE
    21:23:49.0532 4424 osppsvc - ok
    21:23:52.0632 4424 p2pimsvc (0c8e8e61ad1eb0b250b846712c917506) C:\Windows\system32\p2psvc.dll
    21:23:52.0902 4424 p2pimsvc - ok
    21:23:52.0922 4424 p2psvc (0c8e8e61ad1eb0b250b846712c917506) C:\Windows\system32\p2psvc.dll
    21:23:52.0932 4424 p2psvc - ok
    21:23:53.0552 4424 Parport (0fa9b5055484649d63c303fe404e5f4d) C:\Windows\system32\DRIVERS\parport.sys
    21:23:53.0572 4424 Parport - ok
    21:23:53.0752 4424 partmgr (b9c2b89f08670e159f7181891e449cd9) C:\Windows\system32\drivers\partmgr.sys
    21:23:53.0762 4424 partmgr - ok
    21:23:53.0832 4424 Parvdm (4f9a6a8a31413180d0fcb279ad5d8112) C:\Windows\system32\DRIVERS\parvdm.sys
    21:23:53.0842 4424 Parvdm - ok
    21:23:54.0322 4424 PassThru Service (39b9dcd7040654c2e57d7396736c718e) C:\Program Files\HTC\Internet Pass-Through\PassThruSvr.exe
    21:23:54.0412 4424 PassThru Service - ok
    21:23:54.0552 4424 PcaSvc (c6276ad11f4bb49b58aa1ed88537f14a) C:\Windows\System32\pcasvc.dll
    21:23:54.0562 4424 PcaSvc - ok
    21:23:54.0702 4424 pccsmcfd (fd2041e9ba03db7764b2248f02475079) C:\Windows\system32\DRIVERS\pccsmcfd.sys
    21:23:54.0712 4424 pccsmcfd - ok
    21:23:55.0092 4424 pci (941dc1d19e7e8620f40bbc206981efdb) C:\Windows\system32\drivers\pci.sys
    21:23:55.0112 4424 pci - ok
    21:23:55.0212 4424 pciide (1636d43f10416aeb483bc6001097b26c) C:\Windows\system32\DRIVERS\pciide.sys
    21:23:55.0212 4424 pciide - ok
    21:23:55.0582 4424 pcmcia (e6f3fb1b86aa519e7698ad05e58b04e5) C:\Windows\system32\DRIVERS\pcmcia.sys
    21:23:55.0622 4424 pcmcia - ok
    21:23:55.0692 4424 pdfcDispatcher - ok
    21:23:56.0942 4424 PEAUTH (6349f6ed9c623b44b52ea3c63c831a92) C:\Windows\system32\drivers\peauth.sys
    21:23:56.0982 4424 PEAUTH - ok
    21:23:59.0749 4424 pla (b1689df169143f57053f795390c99db3) C:\Windows\system32\pla.dll
    21:23:59.0883 4424 pla - ok
    21:24:01.0943 4424 PlugPlay (c5e7f8a996ec0a82d508fd9064a5569e) C:\Windows\system32\umpnpmgr.dll
    21:24:01.0993 4424 PlugPlay - ok
    21:24:02.0973 4424 PNRPAutoReg (0c8e8e61ad1eb0b250b846712c917506) C:\Windows\system32\p2psvc.dll
    21:24:02.0973 4424 PNRPAutoReg - ok
    21:24:02.0993 4424 PNRPsvc (0c8e8e61ad1eb0b250b846712c917506) C:\Windows\system32\p2psvc.dll
    21:24:03.0003 4424 PNRPsvc - ok
    21:24:03.0473 4424 PolicyAgent (d0494460421a03cd5225cca0059aa146) C:\Windows\System32\ipsecsvc.dll
    21:24:03.0653 4424 PolicyAgent - ok
    21:24:03.0983 4424 PptpMiniport (ecfffaec0c1ecd8dbc77f39070ea1db1) C:\Windows\system32\DRIVERS\raspptp.sys
    21:24:04.0043 4424 PptpMiniport - ok
    21:24:04.0183 4424 Processor (0e3cef5d28b40cf273281d620c50700a) C:\Windows\system32\drivers\processr.sys
    21:24:04.0183 4424 Processor - ok
    21:24:04.0533 4424 ProfSvc (0508faa222d28835310b7bfca7a77346) C:\Windows\system32\profsvc.dll
    21:24:04.0563 4424 ProfSvc - ok
    21:24:04.0633 4424 ProtectedStorage (a3e186b4b935905b829219502557314e) C:\Windows\system32\lsass.exe
    21:24:04.0633 4424 ProtectedStorage - ok
    21:24:04.0723 4424 PSched (99514faa8df93d34b5589187db3aa0ba) C:\Windows\system32\DRIVERS\pacer.sys
    21:24:04.0738 4424 PSched - ok
    21:24:04.0816 4424 PxHelp20 (d86b4a68565e444d76457f14172c875a) C:\Windows\system32\Drivers\PxHelp20.sys
    21:24:04.0816 4424 PxHelp20 - ok
    21:24:06.0189 4424 ql2300 (ccdac889326317792480c0a67156a1ec) C:\Windows\system32\drivers\ql2300.sys
    21:24:06.0267 4424 ql2300 - ok
    21:24:06.0532 4424 ql40xx (81a7e5c076e59995d54bc1ed3a16e60b) C:\Windows\system32\drivers\ql40xx.sys
    21:24:06.0564 4424 ql40xx - ok
    21:24:07.0153 4424 QWAVE (e9ecae663f47e6cb43962d18ab18890f) C:\Windows\system32\qwave.dll
    21:24:07.0253 4424 QWAVE - ok
    21:24:07.0533 4424 QWAVEdrv (9f5e0e1926014d17486901c88eca2db7) C:\Windows\system32\drivers\qwavedrv.sys
    21:24:07.0553 4424 QWAVEdrv - ok
    21:24:10.0683 4424 R300 (e642b131fb74caf4bb8a014f31113142) C:\Windows\system32\DRIVERS\atikmdag.sys
    21:24:11.0163 4424 R300 - ok
    21:24:13.0093 4424 RasAcd (147d7f9c556d259924351feb0de606c3) C:\Windows\system32\DRIVERS\rasacd.sys
    21:24:13.0093 4424 RasAcd - ok
    21:24:13.0405 4424 RasAuto (f6a452eb4ceadbb51c9e0ee6b3ecef0f) C:\Windows\System32\rasauto.dll
    21:24:13.0420 4424 RasAuto - ok
    21:24:13.0654 4424 Rasl2tp (a214adbaf4cb47dd2728859ef31f26b0) C:\Windows\system32\DRIVERS\rasl2tp.sys
    21:24:13.0670 4424 Rasl2tp - ok
    21:24:14.0216 4424 RasMan (75d47445d70ca6f9f894b032fbc64fcf) C:\Windows\System32\rasmans.dll
    21:24:14.0232 4424 RasMan - ok
    21:24:14.0310 4424 RasPppoe (509a98dd18af4375e1fc40bc175f1def) C:\Windows\system32\DRIVERS\raspppoe.sys
    21:24:14.0310 4424 RasPppoe - ok
    21:24:14.0559 4424 RasSstp (2005f4a1e05fa09389ac85840f0a9e4d) C:\Windows\system32\DRIVERS\rassstp.sys
    21:24:14.0575 4424 RasSstp - ok
    21:24:14.0979 4424 rdbss (b14c9d5b9add2f84f70570bbbfaa7935) C:\Windows\system32\DRIVERS\rdbss.sys
    21:24:15.0119 4424 rdbss - ok
    21:24:15.0209 4424 RDPCDD (89e59be9a564262a3fb6c4f4f1cd9899) C:\Windows\system32\DRIVERS\RDPCDD.sys
    21:24:15.0219 4424 RDPCDD - ok
    21:24:15.0459 4424 rdpdr (e8bd98d46f2ed77132ba927fccb47d8b) C:\Windows\system32\drivers\rdpdr.sys
    21:24:15.0469 4424 rdpdr - ok
    21:24:15.0529 4424 RDPENCDD (9d91fe5286f748862ecffa05f8a0710c) C:\Windows\system32\drivers\rdpencdd.sys
    21:24:15.0529 4424 RDPENCDD - ok
    21:24:15.0979 4424 RDPWD (c127ebd5afab31524662c48dfceb773a) C:\Windows\system32\drivers\RDPWD.sys
    21:24:16.0079 4424 RDPWD - ok
    21:24:16.0449 4424 RemoteAccess (bcdd6b4804d06b1f7ebf29e53a57ece9) C:\Windows\System32\mprdim.dll
    21:24:16.0469 4424 RemoteAccess - ok
    21:24:16.0749 4424 RemoteRegistry (9e6894ea18daff37b63e1005f83ae4ab) C:\Windows\system32\regsvc.dll
    21:24:16.0799 4424 RemoteRegistry - ok
    21:24:17.0416 4424 RFCOMM (6482707f9f4da0ecbab43b2e0398a101) C:\Windows\system32\DRIVERS\rfcomm.sys
    21:24:17.0525 4424 RFCOMM - ok
    21:24:17.0900 4424 RoxMediaDB9 (229933ce97a9421f5f1673a20473726f) c:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxMediaDB9.exe
    21:24:17.0915 4424 RoxMediaDB9 - ok
    21:24:18.0019 4424 RpcLocator (5123f83cbc4349d065534eeb6bbdc42b) C:\Windows\system32\locator.exe
    21:24:18.0069 4424 RpcLocator - ok
    21:24:18.0269 4424 RpcSs (3b5b4d53fec14f7476ca29a20cc31ac9) C:\Windows\system32\rpcss.dll
    21:24:18.0269 4424 RpcSs - ok
    21:24:18.0419 4424 rspndr (9c508f4074a39e8b4b31d27198146fad) C:\Windows\system32\DRIVERS\rspndr.sys
    21:24:18.0479 4424 rspndr - ok
    21:24:18.0589 4424 SamSs (a3e186b4b935905b829219502557314e) C:\Windows\system32\lsass.exe
    21:24:18.0589 4424 SamSs - ok
    21:24:18.0849 4424 SASDIFSV (39763504067962108505bff25f024345) C:\Program Files\SUPERAntiSpyware\SASDIFSV.SYS
    21:24:18.0849 4424 SASDIFSV - ok
    21:24:18.0899 4424 SASKUTIL (77b9fc20084b48408ad3e87570eb4a85) C:\Program Files\SUPERAntiSpyware\SASKUTIL.SYS
    21:24:18.0949 4424 SASKUTIL - ok
    21:24:19.0049 4424 sbp2port (3ce8f073a557e172b330109436984e30) C:\Windows\system32\drivers\sbp2port.sys
    21:24:19.0079 4424 sbp2port - ok
    21:24:19.0179 4424 ScanUSBET (f6b34d346e907d7a07a573f19088491a) C:\Windows\system32\DRIVERS\etScan.sys
    21:24:19.0199 4424 ScanUSBET - ok
    21:24:19.0319 4424 SCardSvr (77b7a11a0c3d78d3386398fbbea1b632) C:\Windows\System32\SCardSvr.dll
    21:24:19.0359 4424 SCardSvr - ok
    21:24:19.0609 4424 Schedule (1a58069db21d05eb2ab58ee5753ebe8d) C:\Windows\system32\schedsvc.dll
    21:24:19.0649 4424 Schedule - ok
    21:24:19.0759 4424 SCPolicySvc (312ec3e37a0a1f2006534913e37b4423) C:\Windows\System32\certprop.dll
    21:24:19.0759 4424 SCPolicySvc - ok
    21:24:19.0889 4424 sdbus (4339a2585708c7d9b0c0ce5aad3dd6ff) C:\Windows\system32\DRIVERS\sdbus.sys
    21:24:19.0899 4424 sdbus - ok
    21:24:20.0109 4424 SDRSVC (716313d9f6b0529d03f726d5aaf6f191) C:\Windows\System32\SDRSVC.dll
    21:24:20.0189 4424 SDRSVC - ok
    21:24:20.0239 4424 secdrv (90a3935d05b494a5a39d37e71f09a677) C:\Windows\system32\drivers\secdrv.sys
    21:24:20.0249 4424 secdrv - ok
    21:24:20.0389 4424 seclogon (fd5199d4d8a521005e4b5ee7fe00fa9b) C:\Windows\system32\seclogon.dll
    21:24:20.0409 4424 seclogon - ok
    21:24:20.0569 4424 SENS (a9bbab5759771e523f55563d6cbe140f) C:\Windows\System32\sens.dll
    21:24:20.0569 4424 SENS - ok
    21:24:20.0609 4424 Serenum (68e44e331d46f0fb38f0863a84cd1a31) C:\Windows\system32\drivers\serenum.sys
    21:24:20.0619 4424 Serenum - ok
    21:24:20.0699 4424 Serial (c70d69a918b178d3c3b06339b40c2e1b) C:\Windows\system32\drivers\serial.sys
    21:24:20.0759 4424 Serial - ok
    21:24:20.0866 4424 sermouse (8af3d28a879bf75db53a0ee7a4289624) C:\Windows\system32\drivers\sermouse.sys
    21:24:20.0912 4424 sermouse - ok
    21:24:21.0264 4424 ServiceLayer (8988d1f32f56b3cd3f0f6c39f8a91a98) C:\Program Files\PC Connectivity Solution\ServiceLayer.exe
    21:24:21.0424 4424 ServiceLayer - ok
    21:24:21.0654 4424 SessionEnv (d2193326f729b163125610dbf3e17d57) C:\Windows\system32\sessenv.dll
    21:24:21.0654 4424 SessionEnv - ok
    21:24:21.0844 4424 sffdisk (51cf56aa8bcc241f134b420b8f850406) C:\Windows\system32\drivers\sffdisk.sys
    21:24:21.0894 4424 sffdisk - ok
    21:24:21.0984 4424 sffp_mmc (96ded8b20c734ac41641ce275250e55d) C:\Windows\system32\drivers\sffp_mmc.sys
    21:24:21.0994 4424 sffp_mmc - ok
    21:24:22.0064 4424 sffp_sd (8b08cab1267b2c377883fc9e56981f90) C:\Windows\system32\drivers\sffp_sd.sys
    21:24:22.0134 4424 sffp_sd - ok
    21:24:22.0214 4424 sfloppy (c33bfbd6e9e41fcd9ffef9729e9faed6) C:\Windows\system32\DRIVERS\sfloppy.sys
    21:24:22.0224 4424 sfloppy - ok
    21:24:22.0264 4424 SharedAccess (e1499bd0ff76b1b2fbbf1af339d91165) C:\Windows\System32\ipnathlp.dll
    21:24:22.0274 4424 SharedAccess - ok
    21:24:22.0384 4424 ShellHWDetection (c7230fbee14437716701c15be02c27b8) C:\Windows\System32\shsvcs.dll
    21:24:22.0404 4424 ShellHWDetection - ok
    21:24:22.0584 4424 sisagp (d2a595d6eebeeaf4334f8e50efbc9931) C:\Windows\system32\drivers\sisagp.sys
    21:24:22.0604 4424 sisagp - ok
    21:24:22.0734 4424 SiSRaid2 (cedd6f4e7d84e9f98b34b3fe988373aa) C:\Windows\system32\drivers\sisraid2.sys
    21:24:22.0774 4424 SiSRaid2 - ok
    21:24:22.0844 4424 SiSRaid4 (df843c528c4f69d12ce41ce462e973a7) C:\Windows\system32\drivers\sisraid4.sys
    21:24:22.0914 4424 SiSRaid4 - ok
    21:24:23.0404 4424 Skype C2C Service (2a99850c2a6edd6c6602e822c716edaf) C:\ProgramData\Skype\Toolbars\Skype C2C Service\c2c_service.exe
    21:24:23.0594 4424 Skype C2C Service - ok
    21:24:23.0814 4424 SkypeUpdate (ddaa5f4a6b958fc313ebd02dd925752f) C:\Program Files\Skype\Updater\Updater.exe
    21:24:23.0834 4424 SkypeUpdate - ok
    21:24:24.0534 4424 slsvc (862bb4cbc05d80c5b45be430e5ef872f) C:\Windows\system32\SLsvc.exe
    21:24:24.0654 4424 slsvc - ok
    21:24:24.0974 4424 SLUINotify (6edc422215cd78aa8a9cde6b30abbd35) C:\Windows\system32\SLUINotify.dll
    21:24:24.0974 4424 SLUINotify - ok
    21:24:25.0064 4424 Smb (7b75299a4d201d6a6533603d6914ab04) C:\Windows\system32\DRIVERS\smb.sys
    21:24:25.0104 4424 Smb - ok
    21:24:25.0314 4424 SNMPTRAP (2a146a055b4401c16ee62d18b8e2a032) C:\Windows\System32\snmptrap.exe
    21:24:25.0354 4424 SNMPTRAP - ok
    21:24:28.0518 4424 SNP2UVC (a1a7acf56747dc31aba892ca7690143a) C:\Windows\system32\DRIVERS\snp2uvc.sys
    21:24:29.0344 4424 SNP2UVC - ok
    21:24:30.0530 4424 spldr (7aebdeef071fe28b0eef2cdd69102bff) C:\Windows\system32\drivers\spldr.sys
    21:24:30.0530 4424 spldr - ok
    21:24:30.0639 4424 Spooler (8554097e5136c3bf9f69fe578a1b35f4) C:\Windows\System32\spoolsv.exe
    21:24:30.0639 4424 Spooler - ok
    21:24:31.0045 4424 SQLWriter (d2f4f32b59440011174b4f8137af4e0c) c:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe
    21:24:31.0045 4424 SQLWriter - ok
    21:24:31.0653 4424 srv (41987f9fc0e61adf54f581e15029ad91) C:\Windows\system32\DRIVERS\srv.sys
    21:24:31.0762 4424 srv - ok
    21:24:31.0981 4424 srv2 (ff33aff99564b1aa534f58868cbe41ef) C:\Windows\system32\DRIVERS\srv2.sys
    21:24:32.0043 4424 srv2 - ok
    21:24:32.0215 4424 srvnet (7605c0e1d01a08f3ecd743f38b834a44) C:\Windows\system32\DRIVERS\srvnet.sys
    21:24:32.0246 4424 srvnet - ok
    21:24:32.0480 4424 SSDPSRV (03d50b37234967433a5ea5ba72bc0b62) C:\Windows\System32\ssdpsrv.dll
    21:24:32.0480 4424 SSDPSRV - ok
    21:24:32.0698 4424 SstpSvc (6f1a32e7b7b30f004d9a20afadb14944) C:\Windows\system32\sstpsvc.dll
    21:24:32.0714 4424 SstpSvc - ok
    21:24:33.0525 4424 stisvc (5de7d67e49b88f5f07f3e53c4b92a352) C:\Windows\System32\wiaservc.dll
    21:24:33.0619 4424 stisvc - ok
    21:24:34.0009 4424 stllssvr (e5ff667e416dac99bff16b626234a379) c:\Program Files\Common Files\SureThing Shared\stllssvr.exe
    21:24:34.0087 4424 stllssvr - ok
    21:24:34.0196 4424 swenum (7ba58ecf0c0a9a69d44b3dca62becf56) C:\Windows\system32\DRIVERS\swenum.sys
    21:24:34.0212 4424 swenum - ok
    21:24:34.0820 4424 swprv (f21fd248040681cca1fb6c9a03aaa93d) C:\Windows\System32\swprv.dll
    21:24:34.0960 4424 swprv - ok
    21:24:35.0101 4424 Symc8xx (192aa3ac01df071b541094f251deed10) C:\Windows\system32\drivers\symc8xx.sys
    21:24:35.0116 4424 Symc8xx - ok
    21:24:35.0257 4424 Sym_hi (8c8eb8c76736ebaf3b13b633b2e64125) C:\Windows\system32\drivers\sym_hi.sys
    21:24:35.0272 4424 Sym_hi - ok
    21:24:35.0366 4424 Sym_u3 (8072af52b5fd103bbba387a1e49f62cb) C:\Windows\system32\drivers\sym_u3.sys
    21:24:35.0366 4424 Sym_u3 - ok
    21:24:35.0912 4424 SynTP (8419484b09db15f6d627cf3ce0eb192c) C:\Windows\system32\DRIVERS\SynTP.sys
    21:24:35.0928 4424 SynTP - ok
    21:24:36.0536 4424 SysMain (9a51b04e9886aa4ee90093586b0ba88d) C:\Windows\system32\sysmain.dll
    21:24:36.0630 4424 SysMain - ok
    21:24:36.0973 4424 TabletInputService (2dca225eae15f42c0933e998ee0231c3) C:\Windows\System32\TabSvc.dll
    21:24:36.0988 4424 TabletInputService - ok
    21:24:37.0675 4424 TapiSrv (d7673e4b38ce21ee54c59eeeb65e2483) C:\Windows\System32\tapisrv.dll
    21:24:37.0753 4424 TapiSrv - ok
    21:24:38.0065 4424 TBS (cb05822cd9cc6c688168e113c603dbe7) C:\Windows\System32\tbssvc.dll
    21:24:38.0065 4424 TBS - ok
    21:24:38.0829 4424 Tcpip (ee7e10bed85c312c1d5d30c435bdda9f) C:\Windows\system32\drivers\tcpip.sys
    21:24:38.0876 4424 Tcpip - ok
    21:24:38.0892 4424 Tcpip6 (ee7e10bed85c312c1d5d30c435bdda9f) C:\Windows\system32\DRIVERS\tcpip.sys
    21:24:38.0907 4424 Tcpip6 - ok
    21:24:39.0063 4424 tcpipreg (2c2d4cff5e09c73908f9b5af49a51365) C:\Windows\system32\drivers\tcpipreg.sys
    21:24:39.0063 4424 tcpipreg - ok
    21:24:39.0204 4424 TDPIPE (5dcf5e267be67a1ae926f2df77fbcc56) C:\Windows\system32\drivers\tdpipe.sys
    21:24:39.0204 4424 TDPIPE - ok
    21:24:39.0874 4424 TDTCP (389c63e32b3cefed425b61ed92d3f021) C:\Windows\system32\drivers\tdtcp.sys
    21:24:39.0906 4424 TDTCP - ok
    21:24:40.0124 4424 tdx (76b06eb8a01fc8624d699e7045303e54) C:\Windows\system32\DRIVERS\tdx.sys
    21:24:40.0140 4424 tdx - ok
    21:24:40.0280 4424 TermDD (3cad38910468eab9a6479e2f01db43c7) C:\Windows\system32\DRIVERS\termdd.sys
    21:24:40.0280 4424 TermDD - ok
    21:24:41.0481 4424 TermService (bb95da09bef6e7a131bff3ba5032090d) C:\Windows\System32\termsrv.dll
    21:24:41.0590 4424 TermService - ok
    21:24:42.0012 4424 Themes (c7230fbee14437716701c15be02c27b8) C:\Windows\system32\shsvcs.dll
    21:24:42.0012 4424 Themes - ok
    21:24:42.0121 4424 THREADORDER (1076ffcffaae8385fd62dfcb25ac4708) C:\Windows\system32\mmcss.dll
    21:24:42.0121 4424 THREADORDER - ok
    21:24:42.0292 4424 TPM (6d9ad3534a9cf7e4b86c6eae8bc335f6) C:\Windows\system32\drivers\tpm.sys
    21:24:42.0308 4424 TPM - ok
    21:24:42.0604 4424 TrkWks (ec74e77d0eb004bd3a809b5f8fb8c2ce) C:\Windows\System32\trkwks.dll
    21:24:42.0620 4424 TrkWks - ok
    21:24:42.0823 4424 TrustedInstaller (97d9d6a04e3ad9b6c626b9931db78dba) C:\Windows\servicing\TrustedInstaller.exe
    21:24:42.0838 4424 TrustedInstaller - ok
    21:24:42.0932 4424 tssecsrv (dcf0f056a2e4f52287264f5ab29cf206) C:\Windows\system32\DRIVERS\tssecsrv.sys
    21:24:42.0932 4424 tssecsrv - ok
    21:24:43.0057 4424 tunmp (caecc0120ac49e3d2f758b9169872d38) C:\Windows\system32\DRIVERS\tunmp.sys
    21:24:43.0057 4424 tunmp - ok
    21:24:43.0197 4424 tunnel (300db877ac094feab0be7688c3454a9c) C:\Windows\system32\DRIVERS\tunnel.sys
    21:24:43.0197 4424 tunnel - ok
    21:24:43.0369 4424 uagp35 (c3ade15414120033a36c0f293d4a4121) C:\Windows\system32\drivers\uagp35.sys
    21:24:43.0416 4424 uagp35 - ok
    21:24:44.0086 4424 udfs (d9728af68c4c7693cb100b8441cbdec6) C:\Windows\system32\DRIVERS\udfs.sys
    21:24:44.0133 4424 udfs - ok
    21:24:44.0289 4424 UI0Detect (ecef404f62863755951e09c802c94ad5) C:\Windows\system32\UI0Detect.exe
    21:24:44.0289 4424 UI0Detect - ok
    21:24:44.0554 4424 uliagpkx (75e6890ebfce0841d3291b02e7a8bdb0) C:\Windows\system32\drivers\uliagpkx.sys
    21:24:44.0570 4424 uliagpkx - ok
    21:24:45.0241 4424 uliahci (3cd4ea35a6221b85dcc25daa46313f8d) C:\Windows\system32\drivers\uliahci.sys
    21:24:45.0303 4424 uliahci - ok
    21:24:45.0506 4424 UlSata (8514d0e5cd0534467c5fc61be94a569f) C:\Windows\system32\drivers\ulsata.sys
    21:24:45.0522 4424 UlSata - ok
    21:24:45.0662 4424 ulsata2 (38c3c6e62b157a6bc46594fada45c62b) C:\Windows\system32\drivers\ulsata2.sys
    21:24:45.0662 4424 ulsata2 - ok
    21:24:45.0818 4424 umbus (32cff9f809ae9aed85464492bf3e32d2) C:\Windows\system32\DRIVERS\umbus.sys
    21:24:45.0818 4424 umbus - ok
    21:24:46.0348 4424 upnphost (68308183f4ae0be7bf8ecd07cb297999) C:\Windows\System32\upnphost.dll
    21:24:46.0442 4424 upnphost - ok
    21:24:46.0473 4424 upperdev - ok
    21:24:46.0582 4424 USBAAPL (83cafcb53201bbac04d822f32438e244) C:\Windows\system32\Drivers\usbaapl.sys
    21:24:46.0629 4424 USBAAPL - ok
    21:24:46.0801 4424 usbaudio (32db9517628ff0d070682aab61e688f0) C:\Windows\system32\drivers\usbaudio.sys
    21:24:46.0816 4424 usbaudio - ok
    21:24:47.0035 4424 usbccgp (caf811ae4c147ffcd5b51750c7f09142) C:\Windows\system32\DRIVERS\usbccgp.sys
    21:24:47.0066 4424 usbccgp - ok
    21:24:47.0347 4424 usbcir (e9476e6c486e76bc4898074768fb7131) C:\Windows\system32\drivers\usbcir.sys
    21:24:47.0378 4424 usbcir - ok
    21:24:47.0565 4424 usbehci (79e96c23a97ce7b8f14d310da2db0c9b) C:\Windows\system32\DRIVERS\usbehci.sys
    21:24:47.0565 4424 usbehci - ok
    21:24:48.0033 4424 usbhub (4673bbcb006af60e7abddbe7a130ba42) C:\Windows\system32\DRIVERS\usbhub.sys
    21:24:48.0096 4424 usbhub - ok
    21:24:48.0189 4424 usbohci (38dbc7dd6cc5a72011f187425384388b) C:\Windows\system32\DRIVERS\usbohci.sys
    21:24:48.0220 4424 usbohci - ok
    21:24:48.0314 4424 usbprint (b51e52acf758be00ef3a58ea452fe360) C:\Windows\system32\drivers\usbprint.sys
    21:24:48.0330 4424 usbprint - ok
    21:24:48.0610 4424 USBSTOR (be3da31c191bc222d9ad503c5224f2ad) C:\Windows\system32\DRIVERS\USBSTOR.SYS
    21:24:48.0642 4424 USBSTOR - ok
    21:24:48.0766 4424 usbuhci (814d653efc4d48be3b04a307eceff56f) C:\Windows\system32\DRIVERS\usbuhci.sys
    21:24:48.0782 4424 usbuhci - ok
    21:24:49.0209 4424 usbvideo (e67998e8f14cb0627a769f6530bcb352) C:\Windows\system32\Drivers\usbvideo.sys
    21:24:49.0254 4424 usbvideo - ok
    21:24:49.0456 4424 UxSms (1509e705f3ac1d474c92454a5c2dd81f) C:\Windows\System32\uxsms.dll
    21:24:49.0470 4424 UxSms - ok
    21:24:50.0297 4424 vds (cd88d1b7776dc17a119049742ec07eb4) C:\Windows\System32\vds.exe
    21:24:50.0404 4424 vds - ok
    21:24:50.0565 4424 vga (7d92be0028ecdedec74617009084b5ef) C:\Windows\system32\DRIVERS\vgapnp.sys
    21:24:50.0611 4424 vga - ok
    21:24:50.0758 4424 VgaSave (2e93ac0a1d8c79d019db6c51f036636c) C:\Windows\System32\drivers\vga.sys
    21:24:50.0767 4424 VgaSave - ok
    21:24:50.0923 4424 viaagp (045d9961e591cf0674a920b6ba3ba5cb) C:\Windows\system32\drivers\viaagp.sys
    21:24:50.0927 4424 viaagp - ok
    21:24:51.0059 4424 ViaC7 (56a4de5f02f2e88182b0981119b4dd98) C:\Windows\system32\drivers\viac7.sys
    21:24:51.0068 4424 ViaC7 - ok
    21:24:51.0144 4424 viaide (fd2e3175fcada350c7ab4521dca187ec) C:\Windows\system32\drivers\viaide.sys
    21:24:51.0156 4424 viaide - ok
    21:24:51.0336 4424 volmgr (69503668ac66c77c6cd7af86fbdf8c43) C:\Windows\system32\drivers\volmgr.sys
    21:24:51.0343 4424 volmgr - ok
    21:24:52.0091 4424 volmgrx (23e41b834759917bfd6b9a0d625d0c28) C:\Windows\system32\drivers\volmgrx.sys
    21:24:52.0193 4424 volmgrx - ok
    21:24:52.0807 4424 volsnap (147281c01fcb1df9252de2a10d5e7093) C:\Windows\system32\drivers\volsnap.sys
    21:24:52.0870 4424 volsnap - ok
    21:24:53.0143 4424 vsmraid (d984439746d42b30fc65a4c3546c6829) C:\Windows\system32\drivers\vsmraid.sys
    21:24:53.0156 4424 vsmraid - ok
    21:24:54.0878 4424 VSS (db3d19f850c6eb32bdcb9bc0836acddb) C:\Windows\system32\vssvc.exe
    21:24:55.0067 4424 VSS - ok
    21:24:55.0847 4424 W32Time (96ea68b9eb310a69c25ebb0282b2b9de) C:\Windows\system32\w32time.dll
    21:24:55.0910 4424 W32Time - ok
    21:24:56.0050 4424 WacomPen (48dfee8f1af7c8235d4e626f0c4fe031) C:\Windows\system32\drivers\wacompen.sys
    21:24:56.0081 4424 WacomPen - ok
    21:24:56.0206 4424 Wanarp (55201897378cca7af8b5efd874374a26) C:\Windows\system32\DRIVERS\wanarp.sys
    21:24:56.0206 4424 Wanarp - ok
    21:24:56.0206 4424 Wanarpv6 (55201897378cca7af8b5efd874374a26) C:\Windows\system32\DRIVERS\wanarp.sys
    21:24:56.0206 4424 Wanarpv6 - ok
    21:24:57.0251 4424 wcncsvc (a3cd60fd826381b49f03832590e069af) C:\Windows\System32\wcncsvc.dll
    21:24:57.0485 4424 wcncsvc - ok
    21:24:57.0704 4424 WcsPlugInService (11bcb7afcdd7aadacb5746f544d3a9c7) C:\Windows\System32\WcsPlugInService.dll
    21:24:57.0704 4424 WcsPlugInService - ok
    21:24:57.0766 4424 Wd (afc5ad65b991c1e205cf25cfdbf7a6f4) C:\Windows\system32\drivers\wd.sys
    21:24:57.0766 4424 Wd - ok
    21:24:58.0515 4424 Wdf01000 (b6f0a7ad6d4bd325fbcd8bac96cd8d96) C:\Windows\system32\drivers\Wdf01000.sys
    21:24:58.0546 4424 Wdf01000 - ok
    21:24:58.0858 4424 WdiServiceHost (abfc76b48bb6c96e3338d8943c5d93b5) C:\Windows\system32\wdi.dll
    21:24:58.0889 4424 WdiServiceHost - ok
    21:24:58.0905 4424 WdiSystemHost (abfc76b48bb6c96e3338d8943c5d93b5) C:\Windows\system32\wdi.dll
    21:24:58.0921 4424 WdiSystemHost - ok
    21:24:59.0685 4424 WebClient (04c37d8107320312fbae09926103d5e2) C:\Windows\System32\webclnt.dll
    21:24:59.0763 4424 WebClient - ok
    21:25:00.0044 4424 Wecsvc (ae3736e7e8892241c23e4ebbb7453b60) C:\Windows\system32\wecsvc.dll
    21:25:00.0075 4424 Wecsvc - ok
    21:25:00.0309 4424 wercplsupport (670ff720071ed741206d69bd995ea453) C:\Windows\System32\wercplsupport.dll
    21:25:00.0325 4424 wercplsupport - ok
    21:25:00.0496 4424 WerSvc (32b88481d3b326da6deb07b1d03481e7) C:\Windows\System32\WerSvc.dll
    21:25:00.0496 4424 WerSvc - ok
    21:25:00.0637 4424 WimFltr (f9ad3a5e3fd7e0bdb18b8202b0fdd4e4) C:\Windows\system32\DRIVERS\wimfltr.sys
    21:25:00.0637 4424 WimFltr - ok
    21:25:01.0744 4424 winachsf (5c7bdcf5864db00323fe2d90fa26a8a2) C:\Windows\system32\DRIVERS\VSTCNXT3.SYS
    21:25:01.0885 4424 winachsf - ok
    21:25:02.0571 4424 WinDefend (4575aa12561c5648483403541d0d7f2b) C:\Program Files\Windows Defender\mpsvc.dll
    21:25:02.0743 4424 WinDefend - ok
    21:25:02.0761 4424 WinHttpAutoProxySvc - ok
    21:25:03.0436 4424 Winmgmt (6b2a1d0e80110e3d04e6863c6e62fd8a) C:\Windows\system32\wbem\WMIsvc.dll
    21:25:03.0469 4424 Winmgmt - ok
    21:25:05.0399 4424 WinRM (7cfe68bdc065e55aa5e8421607037511) C:\Windows\system32\WsmSvc.dll
    21:25:05.0727 4424 WinRM - ok
    21:25:06.0600 4424 Wlansvc (c008405e4feeb069e30da1d823910234) C:\Windows\System32\wlansvc.dll
    21:25:06.0741 4424 Wlansvc - ok
    21:25:06.0912 4424 WmiAcpi (2e7255d172df0b8283cdfb7b433b864e) C:\Windows\system32\DRIVERS\wmiacpi.sys
    21:25:06.0928 4424 WmiAcpi - ok
    21:25:07.0334 4424 wmiApSrv (43be3875207dcb62a85c8c49970b66cc) C:\Windows\system32\wbem\WmiApSrv.exe
    21:25:07.0365 4424 wmiApSrv - ok
    21:25:08.0519 4424 WMPNetworkSvc (3978704576a121a9204f8cc49a301a9b) C:\Program Files\Windows Media Player\wmpnetwk.exe
    21:25:08.0675 4424 WMPNetworkSvc - ok
    21:25:09.0003 4424 WPCSvc (cfc5a04558f5070cee3e3a7809f3ff52) C:\Windows\System32\wpcsvc.dll
    21:25:09.0034 4424 WPCSvc - ok
    21:25:09.0221 4424 WPDBusEnum (801fbdb89d472b3c467eb112a0fc9246) C:\Windows\system32\wpdbusenum.dll
    21:25:09.0221 4424 WPDBusEnum - ok
    21:25:10.0001 4424 WPFFontCache_v0400 (dcf3e3edf5109ee8bc02fe6e1f045795) C:\Windows\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe
    21:25:10.0173 4424 WPFFontCache_v0400 - ok
    21:25:10.0594 4424 ws2ifsl (e3a3cb253c0ec2494d4a61f5e43a389c) C:\Windows\system32\drivers\ws2ifsl.sys
    21:25:10.0594 4424 ws2ifsl - ok
    21:25:10.0812 4424 wscsvc (1ca6c40261ddc0425987980d0cd2aaab) C:\Windows\System32\wscsvc.dll
    21:25:10.0812 4424 wscsvc - ok
    21:25:10.0828 4424 WSearch - ok
    21:25:11.0889 4424 wuauserv (fc3ec24fce372c89423e015a2ac1a31e) C:\Windows\system32\wuaueng.dll
    21:25:11.0982 4424 wuauserv - ok
    21:25:12.0528 4424 wudfsvc (575a4190d989f64732119e4114045a4f) C:\Windows\System32\WUDFSvc.dll
    21:25:12.0528 4424 wudfsvc - ok
    21:25:12.0622 4424 MBR (0x1B8) (3dfbd33517922022aab2367021b4bbec) \Device\Harddisk0\DR0
    21:25:12.0700 4424 \Device\Harddisk0\DR0 ( Rootkit.Boot.Wistler.a ) - infected
    21:25:12.0700 4424 \Device\Harddisk0\DR0 - detected Rootkit.Boot.Wistler.a (0)
    21:25:12.0856 4424 Boot (0x1200) (1c14ad3a6fe0bf5769bb192cb204400f) \Device\Harddisk0\DR0\Partition0
    21:25:12.0887 4424 \Device\Harddisk0\DR0\Partition0 - ok
    21:25:12.0950 4424 Boot (0x1200) (e287197b0a15b0ddbf7e7bee0f2bb16b) \Device\Harddisk0\DR0\Partition1
    21:25:12.0950 4424 \Device\Harddisk0\DR0\Partition1 - ok
    21:25:12.0965 4424 Boot (0x1200) (6a438de8fd549d183687556504a7f330) \Device\Harddisk0\DR0\Partition2
    21:25:12.0981 4424 \Device\Harddisk0\DR0\Partition2 - ok
    21:25:12.0981 4424 ============================================================
    21:25:12.0981 4424 Scan finished
    21:25:12.0981 4424 ============================================================
    21:25:12.0996 4416 Detected object count: 1
    21:25:12.0996 4416 Actual detected object count: 1
    21:25:36.0311 4416 \Device\Harddisk0\DR0\# - copied to quarantine
    21:25:37.0122 4416 \Device\Harddisk0\DR0 - copied to quarantine
    21:25:39.0212 4416 \Device\Harddisk0\DR0 ( Rootkit.Boot.Wistler.a ) - will be cured on reboot
    21:25:39.0213 4416 \Device\Harddisk0\DR0 - ok
    21:25:39.0213 4416 \Device\Harddisk0\DR0 ( Rootkit.Boot.Wistler.a ) - User select action: Cure
    21:25:44.0781 4168 Deinitialize success


    Thanks
     
  6. jeffce

    jeffce Malware Specialist

    Joined:
    May 10, 2011
    Messages:
    1,727
    Hi,

    Good job. Got rid of a really nasty one there.

    Please run a fresh scan with DDS and post both of the logs created.
    -----------

    Download Combofix from the link below, and save it to your desktop.
    Link

    **Note: It is important that it is saved directly to your desktop**
    If you get a message saying "Illegal operation attempted on a registry key that has been marked for deletion", please restart your computer.


    --------------------------------------------------------------------

    IMPORTANT - Disable your AntiVirus and AntiSpyware applications, usually via a right click on the System Tray icon. They may otherwise interfere with our tools. If you have difficulty properly disabling your protective programs, refer to this link here

    --------------------------------------------------------------------

    Right-Click and Run as Administrator on ComboFix.exe & follow the prompts.
    • When finished, it will produce a report for you.
    • Please post the C:\ComboFix.txt for further review.

    In your next reply please post the new logs made by DDS and ComboFix. :)
     
  7. Notnatsyuggy

    Notnatsyuggy Thread Starter

    Joined:
    Jun 22, 2012
    Messages:
    27
    Just about to do the above, when I disable Antivirus and AntiSpyware (before running Combofix) should I make sure I am disconnected to the internet? Should I disable Windows firewall as well?

    And finally should I run Combofix whilst also being disconnected from the internet?

    Sorry for all the questions, don't really want to mess this up!
     
  8. jeffce

    jeffce Malware Specialist

    Joined:
    May 10, 2011
    Messages:
    1,727
    Hi,

    You can just disable your antivirus and firewall and that should be fine. Please stay connected to the internet if possible as well. :)
     
  9. Notnatsyuggy

    Notnatsyuggy Thread Starter

    Joined:
    Jun 22, 2012
    Messages:
    27
    Ok will do, was just concerned about re-infection if disabled these and stayed connected to the internet!

    Will leave connection up and disable them.
     
  10. Notnatsyuggy

    Notnatsyuggy Thread Starter

    Joined:
    Jun 22, 2012
    Messages:
    27
    Hi here's the DDS log....

    .
    DDS (Ver_2011-08-26.01) - NTFSx86
    Internet Explorer: 9.0.8112.16421
    Run by Guy at 20:25:16 on 2012-07-03
    Microsoft® Windows Vista&#8482; Home Basic 6.0.6002.2.1252.44.1033.18.2039.812 [GMT 1:00]
    .
    AV: Microsoft Security Essentials *Disabled/Updated* {9765EA51-0D3C-7DFB-6091-10E4E1F341F6}
    SP: Windows Defender *Disabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
    SP: Microsoft Security Essentials *Disabled/Updated* {2C040BB5-2B06-7275-5A21-2B969A740B4B}
    .
    ============== Running Processes ===============
    .
    C:\Windows\system32\wininit.exe
    C:\Windows\system32\lsm.exe
    C:\Windows\system32\svchost.exe -k DcomLaunch
    C:\Windows\system32\svchost.exe -k rpcss
    c:\Program Files\Microsoft Security Client\MsMpEng.exe
    C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
    C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
    C:\Windows\system32\svchost.exe -k netsvcs
    C:\Windows\system32\svchost.exe -k GPSvcGroup
    C:\Windows\system32\SLsvc.exe
    C:\Windows\system32\svchost.exe -k LocalService
    C:\Windows\system32\svchost.exe -k NetworkService
    C:\Windows\system32\WLANExt.exe
    C:\Windows\System32\spoolsv.exe
    C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
    C:\Program Files\SUPERAntiSpyware\SASCORE.EXE
    C:\Windows\system32\AEADISRV.EXE
    C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
    C:\Windows\system32\svchost.exe -k bthsvcs
    C:\Program Files\Common Files\LightScribe\LSSrvc.exe
    C:\Program Files\HTC\Internet Pass-Through\PassThruSvr.exe
    C:\Program Files\PDF Complete\pdfsvc.exe
    C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
    C:\Windows\system32\svchost.exe -k imgsvc
    C:\Windows\System32\svchost.exe -k WerSvcGroup
    C:\Windows\system32\SearchIndexer.exe
    C:\Windows\System32\alg.exe
    C:\Windows\system32\taskeng.exe
    C:\Windows\system32\taskeng.exe
    C:\Windows\system32\Dwm.exe
    C:\Windows\SMINST\scheduler.exe
    C:\Windows\system32\wbem\wmiprvse.exe
    C:\Program Files\PDF Complete\pdfsty.exe
    C:\Program Files\Hewlett-Packard\HP ProtectTools Security Manager\pthosttr.exe
    C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
    C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe
    C:\Program Files\Hewlett-Packard\HP Wireless Assistant\WiFiMsg.exe
    C:\Program Files\Windows Media Player\wmpnscfg.exe
    C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\QLBCTRL.exe
    C:\Program Files\Windows Media Player\wmpnetwk.exe
    C:\Windows\tsnp2uvc.exe
    C:\Program Files\Analog Devices\Core\smax4pnp.exe
    C:\Program Files\iTunes\iTunesHelper.exe
    C:\Program Files\Windows Sidebar\sidebar.exe
    C:\Program Files\Common Files\InstallShield\UpdateService\ISUSPM.exe
    C:\Program Files\Spotify\Data\SpotifyWebHelper.exe
    C:\Program Files\Hewlett-Packard\Shared\hpqwmiex.exe
    C:\Program Files\Hewlett-Packard\Shared\HpqToaster.exe
    C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
    C:\Program Files\iPod\bin\iPodService.exe
    C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE
    C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE
    C:\Program Files\Google\Chrome\Application\chrome.exe
    C:\Program Files\Google\Chrome\Application\chrome.exe
    C:\Program Files\Google\Chrome\Application\chrome.exe
    C:\Program Files\Google\Chrome\Application\chrome.exe
    C:\Windows\system32\notepad.exe
    C:\Windows\system32\SearchProtocolHost.exe
    C:\Windows\explorer.exe
    C:\Windows\system32\SearchFilterHost.exe
    C:\Windows\system32\wbem\wmiprvse.exe
    .
    ============== Pseudo HJT Report ===============
    .
    uStart Page = https://www.google.co.uk/
    mStart Page = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=EN_GB&c=74&bd=smb&pf=laptop
    uInternet Settings,ProxyOverride = *.local
    BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll
    BHO: Groove GFS Browser Helper: {72853161-30c5-4d22-b7f9-0bbc1d38a37e} - c:\progra~1\micros~2\office14\GROOVEEX.DLL
    BHO: Java(tm) Plug-In SSV Helper: {761497bb-d6f0-462c-b6eb-d4daf1d92d43} - c:\program files\java\jre6\bin\ssv.dll
    BHO: Skype Browser Helper: {ae805869-2e5c-4ed4-8f7b-f1f7851a4497} - c:\program files\skype\toolbars\internet explorer\skypeieplugin.dll
    BHO: Office Document Cache Handler: {b4f3a835-0e21-4959-ba22-42b3008e02ff} - c:\progra~1\micros~2\office14\URLREDIR.DLL
    BHO: Java(tm) Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
    uRun: [Sidebar] c:\program files\windows sidebar\sidebar.exe /autoRun
    uRun: [ISUSPM] "c:\program files\common files\installshield\updateservice\ISUSPM.exe" -scheduler
    uRun: [WMPNSCFG] c:\program files\windows media player\WMPNSCFG.exe
    uRun: [Spotify Web Helper] "c:\program files\spotify\data\SpotifyWebHelper.exe"
    mRun: [PDF Complete] "c:\program files\pdf complete\pdfsty.exe"
    mRun: [PTHOSTTR] c:\program files\hewlett-packard\hp protecttools security manager\PTHOSTTR.EXE /Start
    mRun: [SynTPEnh] c:\program files\synaptics\syntp\SynTPEnh.exe
    mRun: [hpWirelessAssistant] %ProgramFiles%\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe
    mRun: [WAWifiMessage] %ProgramFiles%\Hewlett-Packard\HP Wireless Assistant\WiFiMsg.exe
    mRun: [QlbCtrl] %ProgramFiles%\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe /Start
    mRun: [FixCamera] c:\windows\FixCamera.exe
    mRun: [snp2uvc] c:\windows\vsnp2uvc.exe
    mRun: [tsnp2uvc] c:\windows\tsnp2uvc.exe
    mRun: [SoundMAXPnP] c:\program files\analog devices\core\smax4pnp.exe
    mRun: [MSC] "c:\program files\microsoft security client\msseces.exe" -hide -runkey
    mRun: [APSDaemon] "c:\program files\common files\apple\apple application support\APSDaemon.exe"
    mRun: [iTunesHelper] "c:\program files\itunes\iTunesHelper.exe"
    mRunOnce: [AvgUninstallURL] cmd.exe /c start http://www.avg.com/ww.special-uninstallation-feedback-appf?lic=NFVWSzItQUxZTUYtU0xLTFUtQVoyVUItNkdPS0ItSkhGTkg"&"inst=NzctNDc1OTEwOTA4LVQxMS1VODUrMS1CQSsxLUtWMys3LVhMKzEtRlA5Mis2LUJBUjlPKzEtVEI5KzItRkwrOS1GMTBNKzUtUUlYMSszLUIy"&"prod=90"&"ver=10.0.1170
    mRunOnce: [ST Recovery Launcher] %WINDIR%\SMINST\launcher.exe
    mPolicies-explorer: BindDirectlyToPropertySetStorage = 0 (0x0)
    mPolicies-system: EnableUIADesktopToggle = 0 (0x0)
    IE: E&xport to Microsoft Excel - c:\progra~1\micros~2\office14\EXCEL.EXE/3000
    IE: Se&nd to OneNote - c:\progra~1\micros~2\office14\ONBttnIE.dll/105
    IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - c:\program files\microsoft office\office14\ONBttnIE.dll
    IE: {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - {FFFDC614-B694-4AE6-AB38-5D6374584B52} - c:\program files\microsoft office\office14\ONBttnIELinkedNotes.dll
    IE: {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - c:\program files\skype\toolbars\internet explorer\skypeieplugin.dll
    Trusted Zone: cobent.net\cip2
    DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_33-windows-i586.cab
    DPF: {CAFEEFAC-0016-0000-0033-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_33-windows-i586.cab
    DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_33-windows-i586.cab
    TCP: DhcpNameServer = 192.168.1.1
    TCP: Interfaces\{188B6533-56B2-48EF-A1DF-2E0EB53C9AD1} : DhcpNameServer = 192.168.1.1
    TCP: Interfaces\{82219D9D-A331-458A-BD62-81D8D46BF9C0} : DhcpNameServer = 192.168.1.1
    Filter: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - c:\program files\common files\microsoft shared\office14\MSOXMLMF.DLL
    Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - c:\program files\skype\toolbars\internet explorer\skypeieplugin.dll
    Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - c:\progra~1\common~1\skype\SKYPE4~1.DLL
    Notify: !SASWinLogon - c:\program files\superantispyware\SASWINLO.DLL
    Notify: DeviceNP - DeviceNP.dll
    Notify: igfxcui - igfxdev.dll
    SEH: Groove GFS Stub Execution Hook: {b5a7f190-dda6-4420-b3ba-52453494e6cd} - c:\progra~1\micros~2\office14\GROOVEEX.DLL
    SEH: SABShellExecuteHook Class: {5ae067d3-9afb-48e0-853a-ebb7f4a000da} - c:\program files\superantispyware\SASSEH.DLL
    mASetup: {10880D85-AAD9-4558-ABDC-2AB1552D831F} - "c:\program files\common files\lightscribe\LSRunOnce.exe"
    .
    ============= SERVICES / DRIVERS ===============
    .
    R0 MpFilter;Microsoft Malware Protection Driver;c:\windows\system32\drivers\MpFilter.sys [2012-3-20 171064]
    R1 SASDIFSV;SASDIFSV;c:\program files\superantispyware\sasdifsv.sys [2011-7-22 12880]
    R1 SASKUTIL;SASKUTIL;c:\program files\superantispyware\SASKUTIL.SYS [2011-7-12 67664]
    R2 !SASCORE;SAS Core Service;c:\program files\superantispyware\SASCore.exe [2011-8-12 116608]
    R2 FontCache;Windows Font Cache Service;c:\windows\system32\svchost.exe -k LocalServiceAndNoImpersonation [2008-10-12 21504]
    R2 NisDrv;Microsoft Network Inspection System;c:\windows\system32\drivers\NisDrvWFP.sys [2012-3-20 74112]
    R2 PassThru Service;Internet Pass-Through Service;c:\program files\htc\internet pass-through\PassThruSvr.exe [2011-9-15 88576]
    R2 pdfcDispatcher;PDF Document Manager;c:\program files\pdf complete\pdfsvc.exe [2007-12-11 540448]
    R3 osppsvc;Office Software Protection Platform;c:\program files\common files\microsoft shared\officesoftwareprotectionplatform\OSPPSVC.EXE [2010-1-9 4640000]
    S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\microsoft.net\framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
    S2 Skype C2C Service;Skype C2C Service;c:\programdata\skype\toolbars\skype c2c service\c2c_service.exe [2012-6-19 3048136]
    S3 AdobeARMservice;Adobe Acrobat Update Service;c:\program files\common files\adobe\arm\1.0\armsvc.exe [2012-1-3 63928]
    S3 b57nd60x;Broadcom NetXtreme Gigabit Ethernet - NDIS 6.0;c:\windows\system32\drivers\b57nd60x.sys [2006-11-2 167936]
    S3 DAMDrv;DAMDrv;c:\windows\system32\drivers\DAMDrv.sys [2007-12-11 30008]
    S3 DCamUSBET;ET USB 2710 Camera;c:\windows\system32\drivers\etDevice.sys [2007-7-20 471808]
    S3 FiltUSBET;ET USB Device Lower Filter;c:\windows\system32\drivers\etFilter.sys [2007-6-14 201216]
    S3 FLCDLOCK;HP ProtectTools Device Locking / Auditing;c:\windows\system32\flcdlock.exe [2007-6-8 172131]
    S3 gupdate;Google Update Service (gupdate);c:\program files\google\update\GoogleUpdate.exe [2012-2-16 136176]
    S3 gupdatem;Google Update Service (gupdatem);c:\program files\google\update\GoogleUpdate.exe [2012-2-16 136176]
    S3 HTCAND32;HTC Device Driver;c:\windows\system32\drivers\ANDROIDUSB.sys [2009-6-10 24576]
    S3 htcnprot;HTC NDIS Protocol Driver;c:\windows\system32\drivers\htcnprot.sys [2010-6-23 23040]
    S3 Microsoft SharePoint Workspace Audit Service;Microsoft SharePoint Workspace Audit Service;c:\program files\microsoft office\office14\GROOVE.EXE [2011-6-12 31125880]
    S3 NisSrv;Microsoft Network Inspection;c:\program files\microsoft security client\NisSrv.exe [2012-3-26 214952]
    S3 ScanUSBET;ET USB Still Image Capture Device;c:\windows\system32\drivers\etScan.sys [2007-7-23 6656]
    S3 SkypeUpdate;Skype Updater;c:\program files\skype\updater\Updater.exe [2012-6-7 160944]
    S3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;c:\windows\microsoft.net\framework\v4.0.30319\wpf\WPFFontCache_v0400.exe [2010-3-18 753504]
    .
    =============== Created Last 30 ================
    .
    2012-07-03 19:24:43 -------- d-sh--w- C:\$RECYCLE.BIN
    2012-07-03 18:54:49 98816 ----a-w- c:\windows\sed.exe
    2012-07-03 18:54:49 518144 ----a-w- c:\windows\SWREG.exe
    2012-07-03 18:54:49 256000 ----a-w- c:\windows\PEV.exe
    2012-07-03 18:54:49 208896 ----a-w- c:\windows\MBR.exe
    2012-07-02 20:55:36 -------- d-----w- c:\program files\iPod
    2012-07-02 20:55:31 -------- d-----w- c:\program files\iTunes
    2012-07-02 20:39:54 6762896 ----a-w- c:\programdata\microsoft\microsoft antimalware\definition updates\{6bdbdb65-87fc-4de9-bfc7-ac535c9d737d}\mpengine.dll
    2012-07-02 20:25:35 -------- d-----w- C:\TDSSKiller_Quarantine
    2012-07-01 20:26:25 6762896 ----a-w- c:\programdata\microsoft\microsoft antimalware\definition updates\backup\mpengine.dll
    2012-06-25 19:21:58 476936 ----a-w- c:\windows\system32\npdeployJava1.dll
    2012-06-22 14:21:27 -------- d-----w- c:\users\guy\appdata\roaming\SUPERAntiSpyware.com
    2012-06-22 14:20:51 -------- d-----w- c:\programdata\SUPERAntiSpyware.com
    2012-06-22 14:20:51 -------- d-----w- c:\program files\SUPERAntiSpyware
    2012-06-22 10:51:24 2422272 ----a-w- c:\windows\system32\wucltux.dll
    2012-06-22 10:50:27 88576 ----a-w- c:\windows\system32\wudriver.dll
    2012-06-22 10:50:00 171904 ----a-w- c:\windows\system32\wuwebv.dll
    2012-06-22 10:49:59 33792 ----a-w- c:\windows\system32\wuapp.exe
    2012-06-20 05:02:49 -------- d-----w- c:\users\guy\appdata\roaming\Malwarebytes
    2012-06-20 05:01:50 -------- d-----w- c:\programdata\Malwarebytes
    2012-06-20 05:01:42 22344 ----a-w- c:\windows\system32\drivers\mbam.sys
    2012-06-20 05:01:42 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
    2012-06-13 20:43:57 713784 ------w- c:\programdata\microsoft\microsoft antimalware\definition updates\{6f82f550-2ed4-4390-a531-74aec5993555}\gapaengine.dll
    2012-06-13 19:44:20 984064 ----a-w- c:\windows\system32\crypt32.dll
    2012-06-13 19:44:19 98304 ----a-w- c:\windows\system32\cryptnet.dll
    2012-06-13 19:44:19 133120 ----a-w- c:\windows\system32\cryptsvc.dll
    2012-06-13 19:43:23 180736 ----a-w- c:\windows\system32\drivers\rdpwd.sys
    2012-06-13 19:42:46 2045440 ----a-w- c:\windows\system32\win32k.sys
    2012-06-07 19:30:36 -------- d-----w- C:\896d513f30571b57754d
    .
    ==================== Find3M ====================
    .
    2012-06-25 19:21:37 472840 ----a-w- c:\windows\system32\deployJava1.dll
    2012-06-13 19:32:50 70344 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
    2012-06-13 19:32:50 426184 ----a-w- c:\windows\system32\FlashPlayerApp.exe
    2012-05-17 22:45:37 1800192 ----a-w- c:\windows\system32\jscript9.dll
    2012-05-17 22:35:47 1129472 ----a-w- c:\windows\system32\wininet.dll
    2012-05-17 22:35:39 1427968 ----a-w- c:\windows\system32\inetcpl.cpl
    2012-05-17 22:29:45 142848 ----a-w- c:\windows\system32\ieUnatt.exe
    2012-05-17 22:24:45 2382848 ----a-w- c:\windows\system32\mshtml.tlb
    .
    ============= FINISH: 20:25:38.35 ===============

    and here's the Combofix...

    ComboFix 12-07-02.01 - Guy 03/07/2012 19:57:31.1.1 - x86
    Microsoft® Windows Vista&#8482; Home Basic 6.0.6002.2.1252.44.1033.18.2039.902 [GMT 1:00]
    Running from: c:\users\Guy\Desktop\ComboFix.exe
    AV: Microsoft Security Essentials *Disabled/Updated* {9765EA51-0D3C-7DFB-6091-10E4E1F341F6}
    SP: Microsoft Security Essentials *Disabled/Updated* {2C040BB5-2B06-7275-5A21-2B969A740B4B}
    SP: Windows Defender *Disabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
    .
    .
    ((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
    .
    .
    c:\windows\system32\drivers\etc\hosts.ics
    F:\Autorun.inf
    .
    .
    ((((((((((((((((((((((((( Files Created from 2012-06-03 to 2012-07-03 )))))))))))))))))))))))))))))))
    .
    .
    2012-07-03 19:09 . 2012-07-03 19:09 -------- d-----w- c:\users\Default\AppData\Local\temp
    2012-07-03 19:09 . 2012-07-03 19:09 -------- d-----w- c:\users\Immy\AppData\Local\temp
    2012-07-02 20:55 . 2012-07-02 20:55 -------- d-----w- c:\program files\iPod
    2012-07-02 20:55 . 2012-07-02 20:58 -------- d-----w- c:\program files\iTunes
    2012-07-02 20:39 . 2012-05-31 03:41 6762896 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{6BDBDB65-87FC-4DE9-BFC7-AC535C9D737D}\mpengine.dll
    2012-07-02 20:25 . 2012-07-02 20:25 -------- d-----w- C:\TDSSKiller_Quarantine
    2012-07-01 20:26 . 2012-05-31 03:41 6762896 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\Backup\mpengine.dll
    2012-06-25 19:22 . 2012-06-25 19:22 -------- d-----w- c:\program files\Common Files\Java
    2012-06-25 19:21 . 2012-06-25 19:21 476936 ----a-w- c:\windows\system32\npdeployJava1.dll
    2012-06-25 19:21 . 2012-06-25 19:21 -------- d-----w- c:\program files\Java
    2012-06-22 14:21 . 2012-06-22 14:21 -------- d-----w- c:\users\Guy\AppData\Roaming\SUPERAntiSpyware.com
    2012-06-22 14:20 . 2012-06-22 14:21 -------- d-----w- c:\program files\SUPERAntiSpyware
    2012-06-22 14:20 . 2012-06-22 14:20 -------- d-----w- c:\programdata\SUPERAntiSpyware.com
    2012-06-22 10:51 . 2012-06-02 22:19 53784 ----a-w- c:\windows\system32\wuauclt.exe
    2012-06-22 10:51 . 2012-06-02 22:19 45080 ----a-w- c:\windows\system32\wups2.dll
    2012-06-22 10:51 . 2012-06-02 22:12 2422272 ----a-w- c:\windows\system32\wucltux.dll
    2012-06-22 10:51 . 2012-06-02 22:19 1933848 ----a-w- c:\windows\system32\wuaueng.dll
    2012-06-22 10:50 . 2012-06-02 22:19 35864 ----a-w- c:\windows\system32\wups.dll
    2012-06-22 10:50 . 2012-06-02 22:19 577048 ----a-w- c:\windows\system32\wuapi.dll
    2012-06-22 10:50 . 2012-06-02 22:12 88576 ----a-w- c:\windows\system32\wudriver.dll
    2012-06-22 10:50 . 2012-06-02 14:19 171904 ----a-w- c:\windows\system32\wuwebv.dll
    2012-06-22 10:49 . 2012-06-02 14:12 33792 ----a-w- c:\windows\system32\wuapp.exe
    2012-06-20 05:02 . 2012-06-20 05:02 -------- d-----w- c:\users\Guy\AppData\Roaming\Malwarebytes
    2012-06-20 05:01 . 2012-06-20 05:01 -------- d-----w- c:\programdata\Malwarebytes
    2012-06-20 05:01 . 2012-06-20 05:02 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
    2012-06-20 05:01 . 2012-04-04 14:56 22344 ----a-w- c:\windows\system32\drivers\mbam.sys
    2012-06-13 20:43 . 2012-02-10 21:11 713784 ------w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{6F82F550-2ED4-4390-A531-74AEC5993555}\gapaengine.dll
    2012-06-13 19:44 . 2012-04-23 16:00 984064 ----a-w- c:\windows\system32\crypt32.dll
    2012-06-13 19:44 . 2012-04-23 16:00 98304 ----a-w- c:\windows\system32\cryptnet.dll
    2012-06-13 19:44 . 2012-04-23 16:00 133120 ----a-w- c:\windows\system32\cryptsvc.dll
    2012-06-13 19:43 . 2012-05-01 14:03 180736 ----a-w- c:\windows\system32\drivers\rdpwd.sys
    2012-06-13 19:42 . 2012-05-15 19:51 2045440 ----a-w- c:\windows\system32\win32k.sys
    2012-06-07 20:01 . 2012-06-07 20:01 -------- d-----w- c:\program files\QuickTime
    2012-06-07 19:30 . 2012-06-07 19:35 -------- d-----w- C:\896d513f30571b57754d
    .
    .
    .
    (((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
    .
    2012-06-25 19:21 . 2010-05-31 19:11 472840 ----a-w- c:\windows\system32\deployJava1.dll
    2012-06-13 19:32 . 2012-03-29 05:17 426184 ----a-w- c:\windows\system32\FlashPlayerApp.exe
    2012-06-13 19:32 . 2011-05-14 06:18 70344 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
    .
    .
    ((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
    .
    .
    *Note* empty entries & legit default entries are not shown
    REGEDIT4
    .
    [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2009-04-11 1233920]
    "ISUSPM"="c:\program files\Common Files\InstallShield\UpdateService\ISUSPM.exe" [2006-09-11 218032]
    "WMPNSCFG"="c:\program files\Windows Media Player\WMPNSCFG.exe" [2008-01-19 202240]
    "Spotify Web Helper"="c:\program files\Spotify\Data\SpotifyWebHelper.exe" [2012-05-30 932528]
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "PDF Complete"="c:\program files\PDF Complete\pdfsty.exe" [2007-05-08 331552]
    "PTHOSTTR"="c:\program files\Hewlett-Packard\HP ProtectTools Security Manager\PTHOSTTR.EXE" [2007-01-09 145184]
    "SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2007-06-07 833072]
    "hpWirelessAssistant"="c:\program files\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe" [2007-05-11 472632]
    "WAWifiMessage"="c:\program files\Hewlett-Packard\HP Wireless Assistant\WiFiMsg.exe" [2007-01-11 317128]
    "QlbCtrl"="c:\program files\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe" [2007-11-06 177456]
    "FixCamera"="c:\windows\FixCamera.exe" [2008-08-21 188928]
    "snp2uvc"="c:\windows\vsnp2uvc.exe" [2008-08-01 675840]
    "tsnp2uvc"="c:\windows\tsnp2uvc.exe" [2009-11-13 320512]
    "SoundMAXPnP"="c:\program files\Analog Devices\Core\smax4pnp.exe" [2007-02-21 1183744]
    "MSC"="c:\program files\Microsoft Security Client\msseces.exe" [2012-03-26 931200]
    "APSDaemon"="c:\program files\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2012-05-30 59280]
    "iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2012-06-07 421776]
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce]
    "AvgUninstallURL"="start http://www.avg.com/ww.special-uninstallation-feedback-appf?lic=NFVWSzItQUxZTUYtU0xLTFUtQVoyVUItNkdPS0ItSkhGTkg&inst=NzctNDc1OTEwOTA4LVQxMS1VODUrMS1CQSsxLUtWMys3LVhMKzEtRlA5Mis2LUJBUjlPKzEtVEI5KzItRkwrOS1GMTBNKzUtUUlYMSszLUIy&prod=90&ver=10.0.1170" [?]
    "ST Recovery Launcher"="c:\windows\SMINST\launcher.exe" [2007-06-06 44168]
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
    "EnableUIADesktopToggle"= 0 (0x0)
    .
    [hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
    "{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= "c:\program files\SUPERAntiSpyware\SASSEH.DLL" [2011-07-19 113024]
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]
    2011-05-04 17:54 551296 ----a-w- c:\program files\SUPERAntiSpyware\SASWINLO.DLL
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\DeviceNP]
    2007-06-08 17:04 49152 ----a-r- c:\windows\System32\DeviceNP.dll
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\!SASCORE]
    @=""
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MsMpSvc]
    @="Service"
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]
    @="Driver"
    .
    [HKLM\~\startupfolder\C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^DVD Check.lnk]
    path=c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\DVD Check.lnk
    backup=c:\windows\pss\DVD Check.lnk.CommonStartup
    backupExtension=.CommonStartup
    .
    [HKLM\~\startupfolder\C:^Users^Guy^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^OneNote 2010 Screen Clipper and Launcher.lnk]
    path=c:\users\Guy\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OneNote 2010 Screen Clipper and Launcher.lnk
    backup=c:\windows\pss\OneNote 2010 Screen Clipper and Launcher.lnk.Startup
    backupExtension=.Startup
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe ARM]
    2012-01-03 07:37 843712 ----a-w- c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\APSDaemon]
    2012-05-30 19:06 59280 ----a-w- c:\program files\Common Files\Apple\Apple Application Support\APSDaemon.exe
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BCSSync]
    2010-03-13 14:54 91520 ----a-w- c:\program files\Microsoft Office\Office14\BCSSync.exe
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HotKeysCmds]
    2007-09-24 14:44 154136 ----a-w- c:\windows\System32\hkcmd.exe
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HP Health Check Scheduler]
    2008-10-09 06:58 75008 ----a-w- c:\program files\Hewlett-Packard\HP Health Check\HPHC_Scheduler.exe
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HP Software Update]
    2011-02-18 13:49 49208 ----a-w- c:\program files\Hp\HP Software Update\hpwuschd2.exe
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HTC Sync Loader]
    2012-04-17 14:05 651264 ----a-w- c:\program files\HTC\HTC Sync 3.0\htcUPCTLoader.exe
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\IgfxTray]
    2007-09-24 14:44 141848 ----a-w- c:\windows\System32\igfxtray.exe
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper]
    2012-06-07 18:33 421776 ----a-w- c:\program files\iTunes\iTunesHelper.exe
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LightScribe Control Panel]
    2007-04-19 21:26 484904 ----a-w- c:\program files\Common Files\LightScribe\LightScribeControlPanel.exe
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\OfficeSyncProcess]
    2011-07-21 23:07 718720 ----a-w- c:\program files\Microsoft Office\Office14\MSOSYNC.EXE
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Persistence]
    2007-09-24 14:44 129560 ----a-w- c:\windows\System32\igfxpers.exe
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Spotify Web Helper]
    2012-05-30 20:00 932528 ----a-w- c:\program files\Spotify\Data\SpotifyWebHelper.exe
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]
    2012-01-18 13:02 254696 ----a-w- c:\program files\Common Files\Java\Java Update\jusched.exe
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SUPERAntiSpyware]
    2012-06-11 16:26 3905408 ----a-w- c:\program files\SUPERAntiSpyware\SUPERAntiSpyware.exe
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WatchDog]
    2007-05-23 10:00 192512 ----a-w- c:\program files\InterVideo\DVD Check\DVDCheck.exe
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Windows Defender]
    2008-01-19 07:38 1008184 ----a-w- c:\program files\Windows Defender\MSASCui.exe
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring]
    "DisableMonitoring"=dword:00000001
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
    "DisableMonitoring"=dword:00000001
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
    "DisableMonitoring"=dword:00000001
    .
    R3 AdobeARMservice;Adobe Acrobat Update Service;c:\program files\Common Files\Adobe\ARM\1.0\armsvc.exe [x]
    S2 !SASCORE;SAS Core Service;c:\program files\SUPERAntiSpyware\SASCORE.EXE [x]
    .
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
    LocalServiceNoNetwork REG_MULTI_SZ PLA DPS BFE mpssvc
    bthsvcs REG_MULTI_SZ BthServ
    LocalServiceAndNoImpersonation REG_MULTI_SZ FontCache
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{10880D85-AAD9-4558-ABDC-2AB1552D831F}]
    2007-04-19 21:23 452136 ----a-w- c:\program files\Common Files\LightScribe\LSRunOnce.exe
    .
    Contents of the 'Scheduled Tasks' folder
    .
    2012-07-03 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
    - c:\program files\Google\Update\GoogleUpdate.exe [2012-02-16 13:21]
    .
    2012-07-03 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
    - c:\program files\Google\Update\GoogleUpdate.exe [2012-02-16 13:21]
    .
    .
    ------- Supplementary Scan -------
    .
    uStart Page = https://www.google.co.uk/
    mStart Page = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=EN_GB&c=74&bd=smb&pf=laptop
    uInternet Settings,ProxyOverride = *.local
    IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\Office14\EXCEL.EXE/3000
    IE: Se&nd to OneNote - c:\progra~1\MICROS~2\Office14\ONBttnIE.dll/105
    Trusted Zone: cobent.net\cip2
    TCP: DhcpNameServer = 192.168.1.1
    .
    - - - - ORPHANS REMOVED - - - -
    .
    WebBrowser-{1392B8D2-5C05-419F-A8F6-B9F15A596612} - (no file)
    WebBrowser-{BF7380FA-E3B4-4DB2-AF3E-9D8783A45BFC} - (no file)
    HKLM-Run-etMonitor - c:\windows\etMon.exe
    HKU-Default-RunOnce-FlashPlayerUpdate - c:\windows\system32\Macromed\Flash\FlashUtil32_11_2_202_235_ActiveX.exe
    MSConfigStartUp-Freecorder FLV Service - c:\program files\Freecorder\FLVSrvc.exe
    MSConfigStartUp-MyWebSearch Email Plugin - c:\progra~1\MYWEBS~1\bar\1.bin\mwsoemon.exe
    MSConfigStartUp-QuickTime Task - c:\program files\QuickTime\QTTask.exe
    MSConfigStartUp-Symantec PIF AlertEng - c:\program files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe
    AddRemove-Freecorder5.02 - c:\program files\Freecorder\uninstall.exe
    AddRemove-Freecorder5.11 - c:\program files\Freecorder\uninstall.exe
    .
    .
    .
    **************************************************************************
    .
    catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
    Rootkit scan 2012-07-03 20:15
    Windows 6.0.6002 Service Pack 2 NTFS
    .
    scanning hidden processes ...
    .
    scanning hidden autostart entries ...
    .
    scanning hidden files ...
    .
    scan completed successfully
    hidden files: 0
    .
    **************************************************************************
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\pdfcDispatcher]
    "ImagePath"="c:\program files\PDF Complete\pdfsvc.exe /startedbyscm:66B66708-40E2BE4D-pdfcService"
    .
    --------------------- LOCKED REGISTRY KEYS ---------------------
    .
    [HKEY_USERS\.Default\Software\Microsoft\Internet Explorer\Approved Extensions]
    @Denied: (2) (LocalSystem)
    "{18DF081C-E8AD-4283-A596-FA578C2EBDC3}"=hex:51,66,7a,6c,4c,1d,38,12,72,0b,cc,
    1c,9f,a6,ed,07,da,80,b9,17,89,70,f9,d7
    "{72853161-30C5-4D22-B7F9-0BBC1D38A37E}"=hex:51,66,7a,6c,4c,1d,38,12,0f,32,96,
    76,f7,7e,4c,08,c8,ef,48,fc,18,66,e7,6a
    "{761497BB-D6F0-462C-B6EB-D4DAF1D92D43}"=hex:51,66,7a,6c,4c,1d,38,12,d5,94,07,
    72,c2,98,42,03,c9,fd,97,9a,f4,87,69,57
    "{AE805869-2E5C-4ED4-8F7B-F1F7851A4497}"=hex:51,66,7a,6c,4c,1d,38,12,07,5b,93,
    aa,6e,60,ba,0b,f0,6d,b2,b7,80,44,00,83
    "{B4F3A835-0E21-4959-BA22-42B3008E02FF}"=hex:51,66,7a,6c,4c,1d,38,12,5b,ab,e0,
    b0,13,40,37,0c,c5,34,01,f3,05,d0,46,eb
    "{DBC80044-A445-435B-BC74-9C25C1C588A9}"=hex:51,66,7a,6c,4c,1d,38,12,2a,03,db,
    df,77,ea,35,06,c3,62,df,65,c4,9b,cc,bd
    "{2A541AE1-5BF6-4665-A8A3-CFA9672E4291}"=hex:51,66,7a,6c,4c,1d,38,12,8f,19,47,
    2e,c4,15,0b,03,d7,b5,8c,e9,62,70,06,85
    .
    [HKEY_USERS\.Default\Software\Microsoft\Internet Explorer\ApprovedExtensionsMigration]
    @Denied: (2) (LocalSystem)
    "Timestamp"=hex:77,b3,d1,7a,31,fe,cc,01
    .
    [HKEY_USERS\.Default\Software\Microsoft\Internet Explorer\User Preferences]
    @Denied: (2) (LocalSystem)
    "88D7D0879DAB32E14DE5B3A805A34F98AFF34F5977"=hex:01,00,00,00,d0,8c,9d,df,01,15,
    d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,0c,2c,62,f4,d1,ad,b9,46,a5,8b,89,\
    "2D53CFFC5C1A3DD2E97B7979AC2A92BD59BC839E81"=hex:01,00,00,00,d0,8c,9d,df,01,15,
    d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,0c,2c,62,f4,d1,ad,b9,46,a5,8b,89,\
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
    @Denied: (A) (Users)
    @Denied: (A) (Everyone)
    @Allowed: (B 1 2 3 4 5) (S-1-5-20)
    "BlindDial"=dword:00000000
    "MSCurrentCountry"=dword:000000b5
    .
    Completion time: 2012-07-03 20:24:18
    ComboFix-quarantined-files.txt 2012-07-03 19:24
    .
    Pre-Run: 6,456,324,096 bytes free
    Post-Run: 8,868,839,424 bytes free
    .
    - - End Of File - - F6A9D3E9FEBA323085A0BA5A29A6DC4D
     
  11. jeffce

    jeffce Malware Specialist

    Joined:
    May 10, 2011
    Messages:
    1,727
    Between running ComboFix you can re-enable your antivirus and firewall. I will return as quick as I can after looking over your malware logs.
     
  12. jeffce

    jeffce Malware Specialist

    Joined:
    May 10, 2011
    Messages:
    1,727
    Hi,

    I need some information on some unidentified files. We will use Virustotal to do this. Please submit the file(s) for analysis.

    To submit a file to virustotal, please click VirusTotal

    Press Choose File and then browse to the following file: (one at a time if more than one file is listed)

    c:\windows\FixCamera.exe

    Once you locate the file select it and press Open now press Scan it!.

    Now Copy/Paste the link to the results showing in the web browser bar to your next reply so that I can take a look at the results.

    Please note that sometimes the scans take a few minutes. Please ensure that the scan has completed and the results are complete before submitting the next sample. Also please make sure each result is clearly identified as to which sample they belong to.
    ----------
     
  13. Notnatsyuggy

    Notnatsyuggy Thread Starter

    Joined:
    Jun 22, 2012
    Messages:
    27
  14. jeffce

    jeffce Malware Specialist

    Joined:
    May 10, 2011
    Messages:
    1,727
    No that works just fine. :)
     
  15. jeffce

    jeffce Malware Specialist

    Joined:
    May 10, 2011
    Messages:
    1,727
    Hi,

    Please download Malwarebytes' Anti-Malware to your desktop.

    • Right-click and Run as Administrator mbam-setup.exe and follow the prompts to install the program.
    • At the end, be sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes' Anti-Malware, then click Finish.
    • If an update is found, it will download and install the latest version.
    • Once the program has loaded, select Perform quick scan, then click Scan as shown below.

      [​IMG]
    • When the scan is complete, click OK, then Show Results to view the results.
    • Be sure that everything is checked, and click Remove Selected.
    • When completed, a log will open in Notepad. Please save it to a convenient location and post the results.


    The log can also be found here:
    C:\Documents and Settings\<User name>\Application Data\Malwarebytes\Malwarebytes' Anti-Malware\Logs\mbam-log-date (time).txt
    ----------

    Please run a free online scan with the ESET Online Scanner
    Note: You will need to use Internet Explorer for this scan
    • Tick the box next to YES, I accept the Terms of Use
    • Click Start
    • When asked, allow the ActiveX control to install
    • Click Start
    • Make sure that the options Remove found threats is NOT selected and the option Scan unwanted applications is selected.
    • Click Scan (This scan can take several hours, so please be patient)
    • If there are threats that are found, please press List of found threats and then in the next window that opens press Export to text file...
    • Copy and paste/or attach that log as a reply to this topic
    **Note** If not threats are found there will not be a log created.
    ----------

    In your next reply please post the logs made by Malwarebytes and ESET online scanner.
     
As Seen On
As Seen On...

Welcome to Tech Support Guy!

Are you looking for the solution to your computer problem? Join our site today to ask your question. This site is completely free -- paid for by advertisers and donations.

If you're not already familiar with forums, watch our Welcome Guide to get started.

Join over 733,556 other people just like you!

Loading...
Thread Status:
Not open for further replies.

Short URL to this thread: https://techguy.org/1058121