1. Computer problem? Tech Support Guy is completely free -- paid for by advertisers and donations. Click here to join today! If you're new to Tech Support Guy, we highly recommend that you visit our Guide for New Members.

Win32/olmarik.TDL4 trojan

Discussion in 'Virus & Other Malware Removal' started by WasntMe, Aug 4, 2012.

Thread Status:
Not open for further replies.
Advertisement
  1. WasntMe

    WasntMe Thread Starter

    Joined:
    Feb 28, 2009
    Messages:
    9
    Hello everyone
    My laptop is experiencing extreme sluggishness. and Firefox google refuses to search. Eset upon startup says that there is a trojan that it is unable to clean. and its listed as Win32/olmarik.TLD4 trojan
    I am running windows7 ultimate. With service pack1. and its a 32bit system.
    I am posting and attaching the required logs

    Thanks in advance for any assistance
    Rob

    Logfile of Trend Micro HijackThis v2.0.4
    Scan saved at 1:37:08 PM, on 8/4/2012
    Platform: Windows 7 SP1 (WinNT 6.00.3505)
    MSIE: Internet Explorer v9.00 (9.00.8112.16447)
    Boot mode: Normal

    Running processes:
    C:\Windows\system32\taskhost.exe
    C:\Windows\system32\Dwm.exe
    C:\Windows\Explorer.EXE
    C:\Program Files\Motorola\MotoHelper\MotoHelperAgent.exe
    C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe
    C:\Program Files\QuickTime\QTTask.exe
    C:\Program Files\iTunes\iTunesHelper.exe
    C:\Program Files\Common Files\Apple\Internet Services\ubd.exe
    C:\Program Files\Common Files\Apple\Apple Application Support\distnoted.exe
    C:\Windows\system32\conhost.exe
    C:\Program Files\Trend Micro\HiJackThis\HiJackThis.exe

    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
    R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
    R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
    R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
    R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local;192.168.*.*
    R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
    O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
    O2 - BHO: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
    O2 - BHO: Windows Live Messenger Companion Helper - {9FDDE16B-836F-4806-AB1F-1455CBEFF289} - C:\Program Files\Windows Live\Companion\companioncore.dll
    O2 - BHO: SkypeIEPluginBHO - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
    O2 - BHO: Bing Bar Helper - {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - "C:\Program Files\Microsoft\BingBar\BingExt.dll" (file missing)
    O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
    O3 - Toolbar: Bing Bar - {8dcb7100-df86-4384-8842-8fa844297b3f} - "C:\Program Files\Microsoft\BingBar\BingExt.dll" (file missing)
    O4 - HKLM\..\Run: [egui] "C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe" /hide /waitservice
    O4 - HKLM\..\Run: [AMD AVT] Cmd.exe /c start "AMD Accelerated Video Transcoding device initialization" /min "C:\Program Files\AMD AVT\bin\kdbsync.exe" aml
    O4 - HKLM\..\Run: [APSDaemon] "C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe"
    O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
    O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
    O4 - HKCU\..\Run: [MobileDocuments] C:\Program Files\Common Files\Apple\Internet Services\ubd.exe
    O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'LOCAL SERVICE')
    O4 - HKUS\S-1-5-19\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'LOCAL SERVICE')
    O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'NETWORK SERVICE')
    O4 - HKUS\S-1-5-20\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'NETWORK SERVICE')
    O9 - Extra button: @C:\Program Files\Windows Live\Companion\companionlang.dll,-600 - {0000036B-C524-4050-81A0-243669A86B9F} - C:\Program Files\Windows Live\Companion\companioncore.dll
    O9 - Extra button: @C:\Program Files\Windows Live\Writer\WindowsLiveWriterShortcuts.dll,-1004 - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
    O9 - Extra 'Tools' menuitem: @C:\Program Files\Windows Live\Writer\WindowsLiveWriterShortcuts.dll,-1003 - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
    O9 - Extra button: HP Smart Print - {22CC3EBD-C286-43aa-B8E6-06B115F74162} - C:\Program Files\Hewlett-Packard\SmartPrint\smartprintsetup.exe
    O9 - Extra 'Tools' menuitem: SmartPrint - {22CC3EBD-C286-43aa-B8E6-06B115F74162} - C:\Program Files\Hewlett-Packard\SmartPrint\smartprintsetup.exe
    O9 - Extra button: Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
    O9 - Extra 'Tools' menuitem: Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
    O10 - Unknown file in Winsock LSP: c:\program files\common files\microsoft shared\windows live\wlidnsp.dll
    O10 - Unknown file in Winsock LSP: c:\program files\common files\microsoft shared\windows live\wlidnsp.dll
    O11 - Options group: [ACCELERATED_GRAPHICS] Accelerated graphics
    O16 - DPF: {0E5F0222-96B9-11D3-8997-00104BD12D94} (PCPitstop Utility) - http://www.pcpitstop.com/betapit/PCPitStop.CAB
    O18 - Protocol: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
    O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
    O18 - Protocol: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll
    O23 - Service: Adobe Acrobat Update Service (AdobeARMservice) - Adobe Systems Incorporated - C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe
    O23 - Service: AMD External Events Utility - AMD - C:\Windows\system32\atiesrxx.exe
    O23 - Service: AOL Connectivity Service (AOL ACS) - AOL LLC - C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe
    O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
    O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
    O23 - Service: ESET HTTP Server (EhttpSrv) - ESET - C:\Program Files\ESET\ESET NOD32 Antivirus\EHttpSrv.exe
    O23 - Service: ESET Service (ekrn) - ESET - C:\Program Files\ESET\ESET NOD32 Antivirus\ekrn.exe
    O23 - Service: Intel(R) PROSet/Wireless Event Log (EvtEng) - Intel(R) Corporation - C:\Program Files\Intel\WiFi\bin\EvtEng.exe
    O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
    O23 - Service: MotoHelper Service (MotoHelper) - Unknown owner - C:\Program Files\Motorola\MotoHelper\MotoHelperService.exe
    O23 - Service: Mozilla Maintenance Service (MozillaMaintenance) - Mozilla Foundation - C:\Program Files\Mozilla Maintenance Service\maintenanceservice.exe
    O23 - Service: Intel(R) PROSet/Wireless Registry Service (RegSrvc) - Intel(R) Corporation - C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe
    O23 - Service: UMVPFSrv - Logitech Inc. - C:\Program Files\Common Files\logishrd\LVMVFM\UMVPFSrv.exe
    O23 - Service: Intel(R) PROSet/Wireless Zero Configuration Service (ZeroConfigService) - Intel® Corporation - C:\Program Files\Intel\WiFi\bin\ZeroConfigService.exe

    --
    End of file - 7518 bytes



    .
    DDS (Ver_2011-08-26.01) - NTFSx86
    Internet Explorer: 9.0.8112.16421 BrowserJavaVersion: 1.6.0_29
    Run by wasntme at 13:38:24 on 2012-08-04
    Microsoft Windows 7 Ultimate 6.1.7601.1.1252.1.1033.18.2046.926 [GMT -7:00]
    .
    AV: ESET NOD32 Antivirus 4.0 *Disabled/Updated* {CB0F8167-5331-BA19-698E-64816B6801A5}
    SP: ESET NOD32 Antivirus 4.0 *Disabled/Updated* {706E6083-750B-B597-533E-5FF310EF4B18}
    SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
    .
    ============== Running Processes ===============
    .
    C:\Windows\system32\wininit.exe
    C:\Windows\system32\lsm.exe
    C:\Windows\system32\svchost.exe -k DcomLaunch
    C:\Windows\system32\svchost.exe -k RPCSS
    C:\Windows\system32\atiesrxx.exe
    C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
    C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
    C:\Windows\system32\svchost.exe -k netsvcs
    C:\Program Files\Common Files\logishrd\LVMVFM\UMVPFSrv.exe
    C:\Windows\system32\AUDIODG.EXE
    C:\Windows\system32\atieclxx.exe
    C:\Windows\system32\svchost.exe -k LocalService
    C:\Windows\system32\svchost.exe -k NetworkService
    C:\Windows\system32\WLANExt.exe
    C:\Windows\system32\conhost.exe
    C:\Windows\System32\spoolsv.exe
    C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
    C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
    C:\Program Files\Bonjour\mDNSResponder.exe
    C:\Program Files\ESET\ESET NOD32 Antivirus\ekrn.exe
    C:\Program Files\Intel\WiFi\bin\EvtEng.exe
    C:\Program Files\Motorola\MotoHelper\MotoHelperService.exe
    C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe
    C:\Program Files\Microsoft\BingBar\SeaPort.EXE
    C:\Windows\system32\svchost.exe -k imgsvc
    C:\Windows\system32\svchost.exe -k LocalSystemNetworkRestricted
    C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
    C:\Program Files\Intel\WiFi\bin\ZeroConfigService.exe
    C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
    C:\Windows\system32\taskhost.exe
    C:\Windows\system32\Dwm.exe
    C:\Windows\Explorer.EXE
    C:\Program Files\Motorola\MotoHelper\MotoHelperAgent.exe
    C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe
    C:\Program Files\QuickTime\QTTask.exe
    C:\Program Files\iTunes\iTunesHelper.exe
    C:\Program Files\Common Files\Apple\Internet Services\ubd.exe
    C:\Program Files\Common Files\Apple\Apple Application Support\distnoted.exe
    C:\Windows\system32\conhost.exe
    C:\Program Files\iPod\bin\iPodService.exe
    C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
    C:\Windows\system32\SearchIndexer.exe
    C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
    C:\Windows\System32\svchost.exe -k LocalServicePeerNet
    C:\Windows\system32\wbem\unsecapp.exe
    C:\Windows\system32\wbem\wmiprvse.exe
    C:\Program Files\Windows Media Player\wmpnetwk.exe
    C:\Windows\system32\DllHost.exe
    C:\Windows\System32\svchost.exe -k secsvcs
    C:\Windows\system32\wbem\wmiprvse.exe
    C:\Windows\system32\SearchProtocolHost.exe
    C:\Windows\system32\SearchFilterHost.exe
    C:\Windows\system32\NOTEPAD.EXE
    C:\Windows\system32\DllHost.exe
    C:\Windows\system32\conhost.exe
    .
    ============== Pseudo HJT Report ===============
    .
    uInternet Settings,ProxyOverride = *.local;192.168.*.*
    BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll
    BHO: Windows Live ID Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - c:\program files\common files\microsoft shared\windows live\WindowsLiveLogin.dll
    BHO: Windows Live Messenger Companion Helper: {9fdde16b-836f-4806-ab1f-1455cbeff289} - c:\program files\windows live\companion\companioncore.dll
    BHO: Skype Browser Helper: {ae805869-2e5c-4ed4-8f7b-f1f7851a4497} - c:\program files\skype\toolbars\internet explorer\skypeieplugin.dll
    BHO: Bing Bar Helper: {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - "c:\program files\microsoft\bingbar\BingExt.dll"
    BHO: Java(tm) Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
    TB: Bing Bar: {8dcb7100-df86-4384-8842-8fa844297b3f} - "c:\program files\microsoft\bingbar\BingExt.dll"
    uRun: [MobileDocuments] c:\program files\common files\apple\internet services\ubd.exe
    mRun: [<NO NAME>]
    mRun: [egui] "c:\program files\eset\eset nod32 antivirus\egui.exe" /hide /waitservice
    mRun: [AMD AVT] Cmd.exe /c start "AMD Accelerated Video Transcoding device initialization" /min "c:\program files\amd avt\bin\kdbsync.exe" aml
    mRun: [APSDaemon] "c:\program files\common files\apple\apple application support\APSDaemon.exe"
    mRun: [QuickTime Task] "c:\program files\quicktime\QTTask.exe" -atboottime
    mRun: [iTunesHelper] "c:\program files\itunes\iTunesHelper.exe"
    mPolicies-system: ConsentPromptBehaviorAdmin = 5 (0x5)
    mPolicies-system: ConsentPromptBehaviorUser = 3 (0x3)
    mPolicies-system: EnableUIADesktopToggle = 0 (0x0)
    IE: {22CC3EBD-C286-43aa-B8E6-06B115F74162} - c:\program files\hewlett-packard\smartprint\smartprintsetup.exe
    IE: {0000036B-C524-4050-81A0-243669A86B9F} - {B63DBA5F-523F-4B9C-A43D-65DF1977EAD3} - c:\program files\windows live\companion\companioncore.dll
    IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - c:\program files\windows live\writer\WriterBrowserExtension.dll
    IE: {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - c:\program files\skype\toolbars\internet explorer\skypeieplugin.dll
    DPF: {0E5F0222-96B9-11D3-8997-00104BD12D94} - hxxp://www.pcpitstop.com/betapit/PCPitStop.CAB
    DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab
    DPF: {CAFEEFAC-0016-0000-0029-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab
    DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab
    TCP: DhcpNameServer = 192.168.1.254
    TCP: Interfaces\{ED3D7410-4C03-4DF5-9E3A-B85CC5332018} : DhcpNameServer = 192.168.1.254
    TCP: Interfaces\{ED3D7410-4C03-4DF5-9E3A-B85CC5332018}\2375942554137303 : DhcpNameServer = 192.168.1.254
    Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - c:\program files\skype\toolbars\internet explorer\skypeieplugin.dll
    Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - c:\progra~1\common~1\skype\SKYPE4~1.DLL
    Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - c:\program files\windows live\photo gallery\AlbumDownloadProtocolHandler.dll
    .
    ================= FIREFOX ===================
    .
    FF - ProfilePath - c:\users\wasntme\appdata\roaming\mozilla\firefox\profiles\85mqh4kk.default\
    FF - prefs.js: browser.startup.homepage - hxxp://www.google.com/
    FF - prefs.js: network.proxy.type - 0
    FF - plugin: c:\program files\adobe\reader 10.0\reader\air\nppdf32.dll
    FF - plugin: c:\program files\java\jre6\bin\new_plugin\npdeployJava1.dll
    FF - plugin: c:\program files\microsoft silverlight\5.1.10411.0\npctrlui.dll
    FF - plugin: c:\program files\viewpoint\viewpoint experience technology\npViewpoint.dll
    FF - plugin: c:\program files\windows live\photo gallery\NPWLPG.dll
    FF - plugin: c:\windows\system32\macromed\flash\NPSWF32_11_3_300_257.dll
    .
    ============= SERVICES / DRIVERS ===============
    .
    R0 O2MDRDR;O2MDRDR;c:\windows\system32\drivers\o2media.sys [2005-11-14 34176]
    R1 vwififlt;Virtual WiFi Filter Driver;c:\windows\system32\drivers\vwififlt.sys [2009-7-13 48128]
    R2 AMD External Events Utility;AMD External Events Utility;c:\windows\system32\atiesrxx.exe [2012-4-5 217600]
    R2 ekrn;ESET Service;c:\program files\eset\eset nod32 antivirus\ekrn.exe [2009-2-6 727720]
    R2 epfwwfpr;epfwwfpr;c:\windows\system32\drivers\epfwwfpr.sys [2009-2-6 92800]
    R2 MotoHelper;MotoHelper Service;c:\program files\motorola\motohelper\MotoHelperService.exe [2011-12-6 214896]
    R2 UMVPFSrv;UMVPFSrv;c:\program files\common files\logishrd\lvmvfm\UMVPFSrv.exe [2012-1-17 450848]
    R2 ZeroConfigService;Intel(R) PROSet/Wireless Zero Configuration Service;c:\program files\intel\wifi\bin\ZeroConfigService.exe [2012-4-17 2326288]
    R3 amdkmdag;amdkmdag;c:\windows\system32\drivers\atikmdag.sys [2012-4-5 9334784]
    R3 amdkmdap;amdkmdap;c:\windows\system32\drivers\atikmpag.sys [2012-4-5 275968]
    R3 AMPPAL;Intel® Centrino® Wireless Bluetooth® + High Speed Virtual Adapter;c:\windows\system32\drivers\AmpPal.sys [2012-3-1 141312]
    R3 ATSwpWDF;AuthenTec TruePrint USB WBF WDF Driver;c:\windows\system32\drivers\ATSwpWDF.sys [2009-12-3 625224]
    R3 FUJ02E3;Fujitsu FUJ02E3 Device Driver;c:\windows\system32\drivers\fuj02e3.sys [2004-1-18 4864]
    R3 NETwLv32; Intel(R) Wireless WiFi Link 5000 Series Adapter Driver for Windows Vista 32 Bit;c:\windows\system32\drivers\NETwLv32.sys [2010-10-7 6639616]
    R3 yukonw7;NDIS6.2 Miniport Driver for Marvell Yukon Ethernet Controller;c:\windows\system32\drivers\yk62x86.sys [2009-7-13 311296]
    S2 .EsetTrialReset;Eset Trial Reset;c:\windows\system32\regedt32.exe [2009-7-13 9216]
    S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\microsoft.net\framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
    S3 AdobeARMservice;Adobe Acrobat Update Service;c:\program files\common files\adobe\arm\1.0\armsvc.exe [2012-1-3 63928]
    S3 AMPPALP;Intel® Centrino® Wireless Bluetooth® + High Speed Protocol;c:\windows\system32\drivers\AmpPal.sys [2012-3-1 141312]
    S3 b57nd60x;Broadcom NetXtreme Gigabit Ethernet - NDIS 6.0;c:\windows\system32\drivers\b57nd60x.sys [2009-7-13 229888]
    S3 fssfltr;fssfltr;c:\windows\system32\drivers\fssfltr.sys [2011-12-25 39272]
    S3 fsssvc;Windows Live Family Safety Service;c:\program files\windows live\family safety\fsssvc.exe [2011-5-13 1492840]
    S3 MozillaMaintenance;Mozilla Maintenance Service;c:\program files\mozilla maintenance service\maintenanceservice.exe [2012-4-25 113120]
    S3 Netaapl;Apple Mobile Device Ethernet Service;c:\windows\system32\drivers\netaapl.sys [2011-8-2 18432]
    S3 netr73;RT73 USB Extensible Wireless LAN Card Driver;c:\windows\system32\drivers\netr73.sys [2011-10-5 564800]
    S3 netw5v32;Intel(R) Wireless WiFi Link 5000 Series Adapter Driver for Windows Vista 32 Bit;c:\windows\system32\drivers\netw5v32.sys [2009-6-10 4231168]
    S3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;c:\windows\system32\drivers\rdpvideominiport.sys [2011-12-23 15872]
    S3 RecFltr;Reclusa Keyboard;c:\windows\system32\drivers\RecFltr.sys [2007-1-18 41984]
    S3 rt70x86;Belkin Wireless G USB Network Adapter Driver for Vista;c:\windows\system32\drivers\netr70.sys [2007-10-9 291840]
    S3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\TsUsbFlt.sys [2011-12-23 52224]
    S3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\wat\WatAdminSvc.exe [2011-12-23 1343400]
    S3 WDC_SAM;WD SCSI Pass Thru driver;c:\windows\system32\drivers\wdcsam.sys [2008-5-6 11520]
    S3 WSDPrintDevice;WSD Print Support via UMB;c:\windows\system32\drivers\WSDPrint.sys [2009-7-13 17920]
    S4 AMPPALR3;Intel® Centrino® Wireless Bluetooth® + High Speed Service;c:\program files\intel\bluetoothhs\BTHSAmpPalService.exe [2012-3-1 509448]
    S4 BBSvc;Bing Bar Update Service;c:\program files\microsoft\bingbar\BBSvc.EXE [2011-4-1 183560]
    S4 BTHSSecurityMgr;Intel(R) Centrino(R) Wireless Bluetooth(R) + High Speed Security Service;c:\program files\intel\bluetoothhs\BTHSSecurityMgr.exe [2012-3-8 104208]
    S4 wlcrasvc;Windows Live Mesh remote connections service;c:\program files\windows live\mesh\wlcrasvc.exe [2010-9-22 51040]
    .
    =============== Created Last 30 ================
    .
    2012-08-04 20:30:07 56200 ----a-w- c:\programdata\microsoft\windows defender\definition updates\{1c2f43d7-67b4-419c-986e-66d82211a440}\offreg.dll
    2012-08-04 20:14:12 388096 ----a-r- c:\users\wasntme\appdata\roaming\microsoft\installer\{45a66726-69bc-466b-a7a4-12fcba4883d7}\HiJackThis.exe
    2012-08-04 20:14:12 -------- d-----w- c:\program files\Trend Micro
    2012-08-04 19:08:53 6891424 ----a-w- c:\programdata\microsoft\windows defender\definition updates\{1c2f43d7-67b4-419c-986e-66d82211a440}\mpengine.dll
    2012-08-03 02:59:39 22344 ----a-w- c:\windows\system32\drivers\mbam.sys
    2012-08-03 02:59:39 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
    2012-08-03 02:01:02 -------- d-----w- c:\users\wasntme\appdata\roaming\Malwarebytes
    2012-08-03 02:01:02 -------- d-----w- c:\programdata\Malwarebytes
    2012-08-01 01:47:59 544616 ------w- c:\windows\system32\HPDiscoPM5912.dll
    2012-08-01 01:47:09 -------- d-----w- c:\program files\HP
    2012-08-01 01:45:39 -------- d-----w- c:\users\wasntme\appdata\local\HP
    2012-07-31 01:20:00 110080 ----a-w- c:\programdata\microsoft\windows\drm\B9FB.tmp
    2012-07-17 09:06:23 514560 ----a-w- c:\windows\system32\qdvd.dll
    2012-07-12 04:06:32 2345984 ----a-w- c:\windows\system32\win32k.sys
    .
    ==================== Find3M ====================
    .
    2012-06-23 16:57:42 70344 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
    2012-06-23 16:57:42 426184 ----a-w- c:\windows\system32\FlashPlayerApp.exe
    2012-06-06 05:05:52 1390080 ----a-w- c:\windows\system32\msxml6.dll
    2012-06-06 05:05:52 1236992 ----a-w- c:\windows\system32\msxml3.dll
    2012-06-06 05:03:06 805376 ----a-w- c:\windows\system32\cdosys.dll
    2012-06-02 22:19:42 171904 ----a-w- c:\windows\system32\wuwebv.dll
    2012-06-02 22:12:32 2422272 ----a-w- c:\windows\system32\wucltux.dll
    2012-06-02 22:12:20 33792 ----a-w- c:\windows\system32\wuapp.exe
    2012-06-02 22:12:13 88576 ----a-w- c:\windows\system32\wudriver.dll
    2012-06-02 08:33:25 1800192 ----a-w- c:\windows\system32\jscript9.dll
    2012-06-02 08:25:08 1129472 ----a-w- c:\windows\system32\wininet.dll
    2012-06-02 08:25:03 1427968 ----a-w- c:\windows\system32\inetcpl.cpl
    2012-06-02 08:20:33 142848 ----a-w- c:\windows\system32\ieUnatt.exe
    2012-06-02 08:16:52 2382848 ----a-w- c:\windows\system32\mshtml.tlb
    2012-06-02 04:45:04 67440 ----a-w- c:\windows\system32\drivers\ksecdd.sys
    2012-06-02 04:45:03 134000 ----a-w- c:\windows\system32\drivers\ksecpkg.sys
    2012-06-02 04:40:59 369336 ----a-w- c:\windows\system32\drivers\cng.sys
    2012-06-02 04:40:39 225280 ----a-w- c:\windows\system32\schannel.dll
    2012-06-02 04:39:10 219136 ----a-w- c:\windows\system32\ncrypt.dll
    2012-05-31 19:25:14 237072 ------w- c:\windows\system32\MpSigStub.exe
    .
    ============= FINISH: 13:40:13.72 ===============


    GMER 1.0.15.15641 - http://www.gmer.net
    Rootkit scan 2012-08-04 13:50:18
    Windows 6.1.7601 Service Pack 1 Harddisk1\DR1 -> \Device\Ide\IdePort4 WDC_WD7500BPVT-00HXZT0 rev.01.01A01
    Running: 11fy4yfi.exe; Driver: C:\Users\wasntme\AppData\Local\Temp\fgdiyfog.sys


    ---- Kernel code sections - GMER 1.0.15 ----

    .text ntkrnlpa.exe!ZwRollbackEnlistment + 140D 82E443C9 1 Byte [06]
    .text ntkrnlpa.exe!KiDispatchInterrupt + 5A2 82E7DD52 19 Bytes [E0, 0F, BA, F0, 07, 73, 09, ...] {LOOPNZ 0x11; MOV EDX, 0x97307f0; MOV CR4, EAX; OR AL, 0x80; MOV CR4, EAX; RET ; MOV ECX, CR3}
    ? System32\Drivers\spuh.sys The system cannot find the path specified. !
    PAGE ataport.SYS!DllUnload + 1 88FCBAD7 4 Bytes JMP 85F291D9
    .text C:\Windows\system32\DRIVERS\atikmdag.sys section is writeable [0x90217000, 0x3DBAA0, 0xE8000020]
    .text USBPORT.SYS!DllUnload 90BD3DB9 5 Bytes JMP 865E81D8
    ? C:\Users\wasntme\AppData\Local\Temp\mbr.sys The system cannot find the file specified. !

    ---- User code sections - GMER 1.0.15 ----

    .text C:\Windows\system32\svchost.exe[1016] ntdll.dll!NtWriteFile 77886A68 5 Bytes JMP 00013E39
    .text C:\Windows\system32\svchost.exe[1016] kernel32.dll!SetUnhandledExceptionFilter 7654F4FB 5 Bytes [33, C0, C2, 04, 00] {XOR EAX, EAX; RET 0x4}
    .text C:\Windows\system32\svchost.exe[1016] USER32.dll!GetCursorPos 7682C198 5 Bytes JMP 000147A7
    .text C:\Windows\system32\svchost.exe[1016] USER32.dll!GetForegroundWindow 7683565D 5 Bytes JMP 00014856
    .text C:\Windows\system32\svchost.exe[1016] USER32.dll!IsWindowVisible 76836939 5 Bytes JMP 0001487D
    .text C:\Windows\system32\svchost.exe[1016] USER32.dll!WindowFromPoint 76856D0C 5 Bytes JMP 000147F6
    .text C:\Windows\system32\svchost.exe[1016] USER32.dll!MessageBoxIndirectW 7687E9C3 6 Bytes [33, C0, 40, C2, 04, 00] {XOR EAX, EAX; INC EAX; RET 0x4}
    .text C:\Windows\system32\svchost.exe[1016] WS2_32.dll!GetAddrInfoW 765E4889 5 Bytes JMP 00014743
    .text C:\Windows\system32\svchost.exe[1016] ole32.dll!CoGetClassObject 76AC54AD 5 Bytes JMP 0001494A
    .text C:\Windows\system32\svchost.exe[1016] ole32.dll!CoCreateInstance 76AD9D0B 5 Bytes JMP 00014974
    .text C:\Program Files\ESET\ESET NOD32 Antivirus\ekrn.exe[1840] kernel32.dll!SetUnhandledExceptionFilter 7654F4FB 4 Bytes [C2, 04, 00, 00]

    ---- Devices - GMER 1.0.15 ----

    Device \FileSystem\Ntfs \Ntfs 85F301F8
    Device \Driver\volmgr \Device\VolMgrControl 85F2B1F8
    Device \Driver\NetBT \Device\NetBT_Tcpip_{ED3D7410-4C03-4DF5-9E3A-B85CC5332018} 863D71F8
    Device \Driver\usbuhci \Device\USBPDO-0 865E91F8
    Device \Driver\usbuhci \Device\USBPDO-1 865E91F8
    Device \Driver\usbehci \Device\USBPDO-2 865F4500
    Device \Driver\usbuhci \Device\USBPDO-3 865E91F8
    Device \Driver\usbuhci \Device\USBPDO-4 865E91F8
    Device \Driver\usbuhci \Device\USBPDO-5 865E91F8
    Device \Driver\usbehci \Device\USBPDO-6 865F4500
    Device \Driver\volmgr \Device\HarddiskVolume1 85F2B1F8

    AttachedDevice \Driver\volmgr \Device\HarddiskVolume1 fvevol.sys (BitLocker Drive Encryption Driver/Microsoft Corporation)
    AttachedDevice \Driver\volmgr \Device\HarddiskVolume1 rdyboost.sys (ReadyBoost Driver/Microsoft Corporation)

    Device \Driver\volmgr \Device\HarddiskVolume2 85F2B1F8

    AttachedDevice \Driver\volmgr \Device\HarddiskVolume2 fvevol.sys (BitLocker Drive Encryption Driver/Microsoft Corporation)
    AttachedDevice \Driver\volmgr \Device\HarddiskVolume2 rdyboost.sys (ReadyBoost Driver/Microsoft Corporation)

    Device \Driver\cdrom \Device\CdRom0 863991F8
    Device \Driver\volmgr \Device\HarddiskVolume3 85F2B1F8

    AttachedDevice \Driver\volmgr \Device\HarddiskVolume3 fvevol.sys (BitLocker Drive Encryption Driver/Microsoft Corporation)
    AttachedDevice \Driver\volmgr \Device\HarddiskVolume3 rdyboost.sys (ReadyBoost Driver/Microsoft Corporation)

    Device \Driver\atapi \Device\Ide\IdeDeviceP0T0L0-0 85F2D1F8
    Device \Driver\atapi \Device\Ide\IdePort0 85F2D1F8
    Device \Driver\atapi \Device\Ide\IdeDeviceP2T0L0-4 85F2D1F8
    Device \Driver\atapi \Device\Ide\IdePort1 85F2D1F8
    Device \Driver\atapi \Device\Ide\IdePort2 85F2D1F8
    Device \Driver\atapi \Device\Ide\IdePort3 85F2D1F8
    Device \Driver\atapi \Device\Ide\IdePort4 85F2D1F8
    Device \Driver\msahci \Device\Ide\PciIde1Channel0 85F2E1F8
    Device \Driver\msahci \Device\Ide\PciIde1Channel1 85F2E1F8
    Device \Driver\msahci \Device\Ide\PciIde1Channel2 85F2E1F8
    Device \Driver\atapi \Device\Ide\IdeDeviceP4T0L0-6 85F2D1F8
    Device \Driver\volmgr \Device\HarddiskVolume4 85F2B1F8

    AttachedDevice \Driver\volmgr \Device\HarddiskVolume4 fvevol.sys (BitLocker Drive Encryption Driver/Microsoft Corporation)
    AttachedDevice \Driver\volmgr \Device\HarddiskVolume4 rdyboost.sys (ReadyBoost Driver/Microsoft Corporation)

    Device \Driver\volmgr \Device\HarddiskVolume5 85F2B1F8

    AttachedDevice \Driver\volmgr \Device\HarddiskVolume5 fvevol.sys (BitLocker Drive Encryption Driver/Microsoft Corporation)
    AttachedDevice \Driver\volmgr \Device\HarddiskVolume5 rdyboost.sys (ReadyBoost Driver/Microsoft Corporation)

    Device \Driver\NetBT \Device\NetBT_Tcpip_{BCFF2DEE-2FF3-4F9E-8E9B-8BF50D5F5B04} 863D71F8
    Device \Driver\NetBT \Device\NetBt_Wins_Export 863D71F8
    Device \Driver\ACPI_HAL \Device\0000004f halmacpi.dll (Hardware Abstraction Layer DLL/Microsoft Corporation)
    Device \Driver\usbuhci \Device\USBFDO-0 865E91F8
    Device \Driver\usbuhci \Device\USBFDO-1 865E91F8
    Device \Driver\usbehci \Device\USBFDO-2 865F4500
    Device \Driver\usbuhci \Device\USBFDO-3 865E91F8
    Device \Driver\usbuhci \Device\USBFDO-4 865E91F8
    Device \Driver\usbuhci \Device\USBFDO-5 865E91F8
    Device \Driver\usbehci \Device\USBFDO-6 865F4500

    ---- Registry - GMER 1.0.15 ----

    Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg@s1 771343423
    Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg@s2 285507792
    Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg@h0 1
    Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC
    Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@u0 0x00 0x00 0x00 0x00 ...
    Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@h0 0
    Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@hdf12 0x6D 0x91 0xA5 0x51 ...
    Reg HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC (not active ControlSet)
    Reg HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@u0 0x00 0x00 0x00 0x00 ...
    Reg HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@h0 0
    Reg HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@hdf12 0x6D 0x91 0xA5 0x51 ...
    Reg HKLM\SOFTWARE\Microsoft\Windows Media Player NSS\3.0\Servers\956B3AC2-685A-48CA-82E9-C49F60F507C3@IPAddress 127.0.0.1
    Reg HKLM\SOFTWARE\Microsoft\Windows Search\UsnNotifier\Windows\Catalogs\SystemIndex@{1EFCF485-2DA1-11E1-A00B-806E6F6E6963} 6699068464
    Reg HKCU\Software\Microsoft\Windows NT\CurrentVersion\AppCompatFlags\Compatibility Assistant\Persisted@C:\Users\wasntme\AppData\Local\Logitech\xae Webcam Software\Logishrd\LU2.0\LogitechUpdate.exe 1

    ---- Disk sectors - GMER 1.0.15 ----

    Disk \Device\Harddisk1\DR1 sector 00: rootkit-like behavior

    ---- EOF - GMER 1.0.15 ----


    Hope this helps
    thanks again
     

    Attached Files:

  2. WasntMe

    WasntMe Thread Starter

    Joined:
    Feb 28, 2009
    Messages:
    9
    anyone!?
     
  3. Mark1956

    Mark1956 Malware Specialist

    Joined:
    May 7, 2011
    Messages:
    14,142
    Hi WasntMe, my name is Mark and I will be helping you.

    GMER is showing you have a Rootkit. Please follow the instructions below and post the log.

    Please follow the instructions exactly as written, deviating from the instructions and trying to fix anything before I have seen the logs may make your PC unbootable. If TDSSKiller does not offer the Cure option DO NOT select delete as you may remove files needed for the system to operate.
    Please download Kaspersky's TDSSKiller and save it to your Desktop. <-Important!
    -- The tool is frequently updated...if you used TDSSKiller before, delete that version and download the most current one before using again.
    Be sure to print out and follow the instructions for performing a scan.
    • Extract (unzip) the file to your desktop and make sure TDSSKiller.exe (the contents of the zipped file) is on the Desktop itself, not within a folder on the Desktop.
    • Alternatively, you can download TDSSKiller.exe and use that instead.
    • Double-click on TDSSKiller.exe to run the tool for known TDSS variants.
      Vista/Windows 7 users right-click and select Run As Administrator.
    • If an update is available, TDSSKiller will prompt you to update and download the most current version. Click Load Update. Close TDSSKiller and start again.
    • When the program opens, click the Change parameters.
      [​IMG]
    • Under "Additional options", check the boxes next to Verify file digital signatures and Detect TDLFS file system, then click OK.
      [​IMG]
    • Click the Start Scan button.
      [​IMG]
    • Do not use the computer during the scan
    • If the scan completes with nothing found, click Close to exit.
    • If 'Suspicious objects' are detected, the default action will be Skip. Leave the default set to Skip and click on Continue.
    • If Malicious objects are detected, they will show in the Scan results - Select action for found objects and offer three options.
      [​IMG]
    • Ensure Cure is selected...then click Continue -> Reboot computer for cure completion.
      [​IMG]
    • Important! -> If Cure is not available, please choose Skip instead. Do not choose Delete unless instructed. If you choose Delete you may remove critical system files and make your PC unstable or possibly unbootable.
    • A log file named TDSSKiller_version_date_time_log.txt will be created and saved to the root directory (usually Local Disk C: ).
    • Copy and paste the contents of that file in your next reply.
    -- If TDSSKiller does not run, try renaming it. To do this, right-click on TDSSKiller.exe, select Rename and give it a random name with the .com file extension (i.e. 123abc.com). If you do not see the file extension, please refer to these instructions. In some cases it may be necessary to redownload TDSSKiller and randomly rename it to something else before beginning the download and saving to the computer or to perform the scan in "safe mode".
     
  4. WasntMe

    WasntMe Thread Starter

    Joined:
    Feb 28, 2009
    Messages:
    9
    thanks for the reply Mark.
    I ran TDSSKiller in administration mode and here is the log

    04:00:03.0023 2772 TDSS rootkit removing tool 2.7.48.0 Jul 24 2012 13:16:32
    04:00:04.0012 2772 ============================================================
    04:00:04.0012 2772 Current date / time: 2012/08/07 04:00:04.0012
    04:00:04.0012 2772 SystemInfo:
    04:00:04.0012 2772
    04:00:04.0012 2772 OS Version: 6.1.7601 ServicePack: 1.0
    04:00:04.0012 2772 Product type: Workstation
    04:00:04.0012 2772 ComputerName: WASNTME-PC
    04:00:04.0012 2772 UserName: wasntme
    04:00:04.0013 2772 Windows directory: C:\Windows
    04:00:04.0013 2772 System windows directory: C:\Windows
    04:00:04.0013 2772 Processor architecture: Intel x86
    04:00:04.0013 2772 Number of processors: 2
    04:00:04.0013 2772 Page size: 0x1000
    04:00:04.0013 2772 Boot type: Normal boot
    04:00:04.0013 2772 ============================================================
    04:00:06.0296 2772 Drive \Device\Harddisk1\DR1 - Size: 0xAEA8CDE000 (698.64 Gb), SectorSize: 0x200, Cylinders: 0x16441, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000050
    04:00:06.0296 2772 Drive \Device\Harddisk0\DR0 - Size: 0x2E93E36000 (186.31 Gb), SectorSize: 0x200, Cylinders: 0x5F01, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000050
    04:00:06.0299 2772 ============================================================
    04:00:06.0299 2772 \Device\Harddisk1\DR1:
    04:00:06.0299 2772 MBR partitions:
    04:00:06.0299 2772 \Device\Harddisk1\DR1\Partition0: MBR, Type 0x7, StartLBA 0x300BC4, BlocksNum 0x171A10BE
    04:00:06.0299 2772 \Device\Harddisk1\DR1\Partition1: MBR, Type 0x7, StartLBA 0x174A2000, BlocksNum 0x400A3800
    04:00:06.0299 2772 \Device\Harddisk0\DR0:
    04:00:06.0299 2772 MBR partitions:
    04:00:06.0299 2772 \Device\Harddisk0\DR0\Partition0: MBR, Type 0x7, StartLBA 0x300800, BlocksNum 0x1719E000
    04:00:06.0299 2772 ============================================================
    04:00:06.0326 2772 C: <-> \Device\Harddisk1\DR1\Partition0
    04:00:06.0345 2772 D: <-> \Device\Harddisk1\DR1\Partition1
    04:00:06.0346 2772 F: <-> \Device\Harddisk0\DR0\Partition0
    04:00:06.0346 2772 ============================================================
    04:00:06.0346 2772 Initialize success
    04:00:06.0346 2772 ============================================================
    04:01:34.0969 0540 ============================================================
    04:01:34.0969 0540 Scan started
    04:01:34.0969 0540 Mode: Manual; SigCheck; TDLFS;
    04:01:34.0969 0540 ============================================================
    04:01:36.0482 0540 .EsetTrialReset - ok
    04:01:36.0576 0540 1394ohci (1b133875b8aa8ac48969bd3458afe9f5) C:\Windows\system32\drivers\1394ohci.sys
    04:01:36.0654 0540 1394ohci - ok
    04:01:36.0701 0540 61883 (beb5e6a8c17c3c7485563281e0f9e77e) C:\Windows\system32\DRIVERS\61883.sys
    04:01:36.0747 0540 61883 - ok
    04:01:36.0810 0540 ACPI (cea80c80bed809aa0da6febc04733349) C:\Windows\system32\drivers\ACPI.sys
    04:01:36.0825 0540 ACPI - ok
    04:01:36.0857 0540 AcpiPmi (1efbc664abff416d1d07db115dcb264f) C:\Windows\system32\drivers\acpipmi.sys
    04:01:36.0919 0540 AcpiPmi - ok
    04:01:37.0028 0540 AdobeARMservice (62b7936f9036dd6ed36e6a7efa805dc0) C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe
    04:01:37.0028 0540 AdobeARMservice - ok
    04:01:37.0106 0540 adp94xx (21e785ebd7dc90a06391141aac7892fb) C:\Windows\system32\DRIVERS\adp94xx.sys
    04:01:37.0122 0540 adp94xx - ok
    04:01:37.0184 0540 adpahci (0c676bc278d5b59ff5abd57bbe9123f2) C:\Windows\system32\DRIVERS\adpahci.sys
    04:01:37.0247 0540 adpahci - ok
    04:01:37.0293 0540 adpu320 (7c7b5ee4b7b822ec85321fe23a27db33) C:\Windows\system32\DRIVERS\adpu320.sys
    04:01:37.0309 0540 adpu320 - ok
    04:01:37.0340 0540 AeLookupSvc (8b5eefeec1e6d1a72a06c526628ad161) C:\Windows\System32\aelupsvc.dll
    04:01:37.0418 0540 AeLookupSvc - ok
    04:01:37.0481 0540 AFD (9ebbba55060f786f0fcaa3893bfa2806) C:\Windows\system32\drivers\afd.sys
    04:01:37.0605 0540 AFD - ok
    04:01:37.0699 0540 AgereSoftModem (7e10e3bb9b258ad8a9300f91214d67b9) C:\Windows\system32\DRIVERS\AGRSM.sys
    04:01:37.0761 0540 AgereSoftModem - ok
    04:01:37.0793 0540 agp440 (507812c3054c21cef746b6ee3d04dd6e) C:\Windows\system32\drivers\agp440.sys
    04:01:37.0808 0540 agp440 - ok
    04:01:37.0839 0540 aic78xx (8b30250d573a8f6b4bd23195160d8707) C:\Windows\system32\DRIVERS\djsvs.sys
    04:01:37.0855 0540 aic78xx - ok
    04:01:37.0886 0540 ALG (18a54e132947cd98fea9accc57f98f13) C:\Windows\System32\alg.exe
    04:01:37.0933 0540 ALG - ok
    04:01:37.0949 0540 aliide (0d40bcf52ea90fc7df2aeab6503dea44) C:\Windows\system32\drivers\aliide.sys
    04:01:37.0964 0540 aliide - ok
    04:01:38.0042 0540 AMD External Events Utility (50ebbb86e493bd9ab7ddf914a90eef8e) C:\Windows\system32\atiesrxx.exe
    04:01:38.0073 0540 AMD External Events Utility - ok
    04:01:38.0089 0540 amdagp (3c6600a0696e90a463771c7422e23ab5) C:\Windows\system32\drivers\amdagp.sys
    04:01:38.0105 0540 amdagp - ok
    04:01:38.0105 0540 amdide (cd5914170297126b6266860198d1d4f0) C:\Windows\system32\drivers\amdide.sys
    04:01:38.0120 0540 amdide - ok
    04:01:38.0183 0540 AmdK8 (00dda200d71bac534bf56a9db5dfd666) C:\Windows\system32\DRIVERS\amdk8.sys
    04:01:38.0214 0540 AmdK8 - ok
    04:01:38.0651 0540 amdkmdag (70eb74785ab7fc603fef19d87b7a7946) C:\Windows\system32\DRIVERS\atikmdag.sys
    04:01:38.0807 0540 amdkmdag - ok
    04:01:39.0010 0540 amdkmdap (ba99833bbde9c4ff389fc8114fb14843) C:\Windows\system32\DRIVERS\atikmpag.sys
    04:01:39.0041 0540 amdkmdap - ok
    04:01:39.0041 0540 AmdPPM (3cbf30f5370fda40dd3e87df38ea53b6) C:\Windows\system32\DRIVERS\amdppm.sys
    04:01:39.0072 0540 AmdPPM - ok
    04:01:39.0134 0540 amdsata (d320bf87125326f996d4904fe24300fc) C:\Windows\system32\drivers\amdsata.sys
    04:01:39.0150 0540 amdsata - ok
    04:01:39.0228 0540 amdsbs (ea43af0c423ff267355f74e7a53bdaba) C:\Windows\system32\DRIVERS\amdsbs.sys
    04:01:39.0244 0540 amdsbs - ok
    04:01:39.0259 0540 amdxata (46387fb17b086d16dea267d5be23a2f2) C:\Windows\system32\drivers\amdxata.sys
    04:01:39.0275 0540 amdxata - ok
    04:01:39.0306 0540 AMPPAL (943b78a8f57464a471f0fe4340c7a072) C:\Windows\system32\DRIVERS\AMPPAL.sys
    04:01:39.0337 0540 AMPPAL - ok
    04:01:39.0353 0540 AMPPALP (943b78a8f57464a471f0fe4340c7a072) C:\Windows\system32\DRIVERS\amppal.sys
    04:01:39.0353 0540 AMPPALP - ok
    04:01:39.0493 0540 AMPPALR3 (c1b58a0ea189dd8bf931f6219c8e416e) C:\Program Files\Intel\BluetoothHS\BTHSAmpPalService.exe
    04:01:39.0509 0540 AMPPALR3 - ok
    04:01:39.0649 0540 AOL ACS (85180cf88c5ebad73b452a43a004ca51) C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe
    04:01:39.0680 0540 AOL ACS - ok
    04:01:39.0743 0540 AppID (aea177f783e20150ace5383ee368da19) C:\Windows\system32\drivers\appid.sys
    04:01:39.0790 0540 AppID - ok
    04:01:39.0852 0540 AppIDSvc (62a9c86cb6085e20db4823e4e97826f5) C:\Windows\System32\appidsvc.dll
    04:01:39.0883 0540 AppIDSvc - ok
    04:01:39.0914 0540 Appinfo (fb1959012294d6ad43e5304df65e3c26) C:\Windows\System32\appinfo.dll
    04:01:39.0946 0540 Appinfo - ok
    04:01:40.0024 0540 Apple Mobile Device (f401929ee0cc92bfe7f15161ca535383) C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
    04:01:40.0024 0540 Apple Mobile Device - ok
    04:01:40.0117 0540 AppMgmt (a45d184df6a8803da13a0b329517a64a) C:\Windows\System32\appmgmts.dll
    04:01:40.0133 0540 AppMgmt - ok
    04:01:40.0195 0540 arc (2932004f49677bd84dbc72edb754ffb3) C:\Windows\system32\DRIVERS\arc.sys
    04:01:40.0211 0540 arc - ok
    04:01:40.0242 0540 arcsas (5d6f36c46fd283ae1b57bd2e9feb0bc7) C:\Windows\system32\DRIVERS\arcsas.sys
    04:01:40.0258 0540 arcsas - ok
    04:01:40.0304 0540 AsyncMac (add2ade1c2b285ab8378d2daaf991481) C:\Windows\system32\DRIVERS\asyncmac.sys
    04:01:40.0351 0540 AsyncMac - ok
    04:01:40.0367 0540 atapi (338c86357871c167a96ab976519bf59e) C:\Windows\system32\drivers\atapi.sys
    04:01:40.0382 0540 atapi - ok
    04:01:40.0835 0540 atikmdag (70eb74785ab7fc603fef19d87b7a7946) C:\Windows\system32\DRIVERS\atikmdag.sys
    04:01:40.0975 0540 atikmdag - ok
    04:01:41.0178 0540 ATSwpWDF (befe54e9bc648a3c79c917a63b6ee7da) C:\Windows\system32\Drivers\ATSwpWDF.sys
    04:01:41.0194 0540 ATSwpWDF - ok
    04:01:41.0256 0540 AudioEndpointBuilder (ce3b4e731638d2ef62fcb419be0d39f0) C:\Windows\System32\Audiosrv.dll
    04:01:41.0303 0540 AudioEndpointBuilder - ok
    04:01:41.0318 0540 Audiosrv (ce3b4e731638d2ef62fcb419be0d39f0) C:\Windows\System32\Audiosrv.dll
    04:01:41.0350 0540 Audiosrv - ok
    04:01:41.0412 0540 Avc (c44bdd77e06053cf5afe046f3a47c16b) C:\Windows\system32\DRIVERS\avc.sys
    04:01:41.0428 0540 Avc - ok
    04:01:41.0490 0540 AxInstSV (6e30d02aac9cac84f421622e3a2f6178) C:\Windows\System32\AxInstSV.dll
    04:01:41.0537 0540 AxInstSV - ok
    04:01:41.0615 0540 b06bdrv (1a231abec60fd316ec54c66715543cec) C:\Windows\system32\DRIVERS\bxvbdx.sys
    04:01:41.0693 0540 b06bdrv - ok
    04:01:41.0755 0540 b57nd60x (bd8869eb9cde6bbe4508d869929869ee) C:\Windows\system32\DRIVERS\b57nd60x.sys
    04:01:41.0771 0540 b57nd60x - ok
    04:01:41.0880 0540 BBSvc (0d1ea7509f394d8b705b239ee71f5118) C:\Program Files\Microsoft\BingBar\BBSvc.EXE
    04:01:41.0911 0540 BBSvc - ok
    04:01:41.0942 0540 BDESVC (ee1e9c3bb8228ae423dd38db69128e71) C:\Windows\System32\bdesvc.dll
    04:01:41.0974 0540 BDESVC - ok
    04:01:41.0989 0540 Beep (505506526a9d467307b3c393dedaf858) C:\Windows\system32\drivers\Beep.sys
    04:01:42.0036 0540 Beep - ok
    04:01:42.0114 0540 BFE (1e2bac209d184bb851e1a187d8a29136) C:\Windows\System32\bfe.dll
    04:01:42.0176 0540 BFE - ok
    04:01:42.0239 0540 BITS (e585445d5021971fae10393f0f1c3961) C:\Windows\system32\qmgr.dll
    04:01:42.0317 0540 BITS - ok
    04:01:42.0348 0540 blbdrive (2287078ed48fcfc477b05b20cf38f36f) C:\Windows\system32\DRIVERS\blbdrive.sys
    04:01:42.0379 0540 blbdrive - ok
    04:01:42.0473 0540 Bonjour Service (db5bea73edaf19ac68b2c0fad0f92b1a) C:\Program Files\Bonjour\mDNSResponder.exe
    04:01:42.0488 0540 Bonjour Service - ok
    04:01:42.0520 0540 bowser (8f2da3028d5fcbd1a060a3de64cd6506) C:\Windows\system32\DRIVERS\bowser.sys
    04:01:42.0535 0540 bowser - ok
    04:01:42.0551 0540 BrFiltLo (9f9acc7f7ccde8a15c282d3f88b43309) C:\Windows\system32\DRIVERS\BrFiltLo.sys
    04:01:42.0566 0540 BrFiltLo - ok
    04:01:42.0582 0540 BrFiltUp (56801ad62213a41f6497f96dee83755a) C:\Windows\system32\DRIVERS\BrFiltUp.sys
    04:01:42.0613 0540 BrFiltUp - ok
    04:01:42.0676 0540 BridgeMP (77361d72a04f18809d0efb6cceb74d4b) C:\Windows\system32\DRIVERS\bridge.sys
    04:01:42.0707 0540 BridgeMP - ok
    04:01:42.0769 0540 Browser (6e11f33d14d020f58d5e02e4d67dfa19) C:\Windows\System32\browser.dll
    04:01:42.0816 0540 Browser - ok
    04:01:42.0863 0540 Brserid (845b8ce732e67f3b4133164868c666ea) C:\Windows\System32\Drivers\Brserid.sys
    04:01:42.0878 0540 Brserid - ok
    04:01:42.0878 0540 BrSerWdm (203f0b1e73adadbbb7b7b1fabd901f6b) C:\Windows\System32\Drivers\BrSerWdm.sys
    04:01:42.0910 0540 BrSerWdm - ok
    04:01:42.0925 0540 BrUsbMdm (bd456606156ba17e60a04e18016ae54b) C:\Windows\System32\Drivers\BrUsbMdm.sys
    04:01:42.0956 0540 BrUsbMdm - ok
    04:01:42.0972 0540 BrUsbSer (af72ed54503f717a43268b3cc5faec2e) C:\Windows\System32\Drivers\BrUsbSer.sys
    04:01:42.0988 0540 BrUsbSer - ok
    04:01:43.0003 0540 BTHMODEM (ed3df7c56ce0084eb2034432fc56565a) C:\Windows\system32\DRIVERS\bthmodem.sys
    04:01:43.0034 0540 BTHMODEM - ok
    04:01:43.0097 0540 bthserv (1df19c96eef6c29d1c3e1a8678e07190) C:\Windows\system32\bthserv.dll
    04:01:43.0144 0540 bthserv - ok
    04:01:43.0206 0540 BTHSSecurityMgr (f92248c0253b92ecf3da5a2041763b9f) C:\Program Files\Intel\BluetoothHS\BTHSSecurityMgr.exe
    04:01:43.0222 0540 BTHSSecurityMgr - ok
    04:01:43.0424 0540 catchme - ok
    04:01:43.0471 0540 cdfs (77ea11b065e0a8ab902d78145ca51e10) C:\Windows\system32\DRIVERS\cdfs.sys
    04:01:43.0502 0540 cdfs - ok
    04:01:43.0580 0540 cdrom (be167ed0fdb9c1fa1133953c18d5a6c9) C:\Windows\system32\DRIVERS\cdrom.sys
    04:01:43.0596 0540 cdrom - ok
    04:01:43.0690 0540 CertPropSvc (319c6b309773d063541d01df8ac6f55f) C:\Windows\System32\certprop.dll
    04:01:43.0736 0540 CertPropSvc - ok
    04:01:43.0752 0540 circlass (3fe3fe94a34df6fb06e6418d0f6a0060) C:\Windows\system32\DRIVERS\circlass.sys
    04:01:43.0768 0540 circlass - ok
    04:01:43.0814 0540 CLFS (635181e0e9bbf16871bf5380d71db02d) C:\Windows\system32\CLFS.sys
    04:01:43.0830 0540 CLFS - ok
    04:01:43.0924 0540 clr_optimization_v2.0.50727_32 (d88040f816fda31c3b466f0fa0918f29) C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
    04:01:43.0924 0540 clr_optimization_v2.0.50727_32 - ok
    04:01:44.0048 0540 clr_optimization_v4.0.30319_32 (c5a75eb48e2344abdc162bda79e16841) C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
    04:01:44.0048 0540 clr_optimization_v4.0.30319_32 - ok
    04:01:44.0064 0540 CmBatt (dea805815e587dad1dd2c502220b5616) C:\Windows\system32\DRIVERS\CmBatt.sys
    04:01:44.0080 0540 CmBatt - ok
    04:01:44.0111 0540 cmdide (c537b1db64d495b9b4717b4d6d9edbf2) C:\Windows\system32\drivers\cmdide.sys
    04:01:44.0126 0540 cmdide - ok
    04:01:44.0189 0540 CNG (247b4ce2dab1160cd422d532d5241e1f) C:\Windows\system32\Drivers\cng.sys
    04:01:44.0251 0540 CNG - ok
    04:01:44.0282 0540 Compbatt (a6023d3823c37043986713f118a89bee) C:\Windows\system32\DRIVERS\compbatt.sys
    04:01:44.0298 0540 Compbatt - ok
    04:01:44.0314 0540 CompositeBus (cbe8c58a8579cfe5fccf809e6f114e89) C:\Windows\system32\drivers\CompositeBus.sys
    04:01:44.0345 0540 CompositeBus - ok
    04:01:44.0360 0540 COMSysApp - ok
    04:01:44.0376 0540 crcdisk (2c4ebcfc84a9b44f209dff6c6e6c61d1) C:\Windows\system32\DRIVERS\crcdisk.sys
    04:01:44.0376 0540 crcdisk - ok
    04:01:44.0438 0540 CryptSvc (06e771aa596b8761107ab57e99f128d7) C:\Windows\system32\cryptsvc.dll
    04:01:44.0532 0540 CryptSvc - ok
    04:01:44.0563 0540 CSC (3c2177a897b4ca2788c6fb0c3fd81d4b) C:\Windows\system32\drivers\csc.sys
    04:01:44.0610 0540 CSC - ok
    04:01:44.0672 0540 CscService (15f93b37f6801943360d9eb42485d5d3) C:\Windows\System32\cscsvc.dll
    04:01:44.0704 0540 CscService - ok
    04:01:44.0735 0540 DcomLaunch (7660f01d3b38aca1747e397d21d790af) C:\Windows\system32\rpcss.dll
    04:01:44.0766 0540 DcomLaunch - ok
    04:01:44.0813 0540 defragsvc (8d6e10a2d9a5eed59562d9b82cf804e1) C:\Windows\System32\defragsvc.dll
    04:01:44.0875 0540 defragsvc - ok
    04:01:44.0922 0540 DfsC (f024449c97ec1e464aaffda18593db88) C:\Windows\system32\Drivers\dfsc.sys
    04:01:44.0969 0540 DfsC - ok
    04:01:45.0047 0540 Dhcp (e9e01eb683c132f7fa27cd607b8a2b63) C:\Windows\system32\dhcpcore.dll
    04:01:45.0094 0540 Dhcp - ok
    04:01:45.0109 0540 discache (1a050b0274bfb3890703d490f330c0da) C:\Windows\system32\drivers\discache.sys
    04:01:45.0140 0540 discache - ok
    04:01:45.0218 0540 Disk (565003f326f99802e68ca78f2a68e9ff) C:\Windows\system32\DRIVERS\disk.sys
    04:01:45.0234 0540 Disk - ok
    04:01:45.0265 0540 Dnscache (33ef4861f19a0736b11314aad9ae28d0) C:\Windows\System32\dnsrslvr.dll
    04:01:45.0312 0540 Dnscache - ok
    04:01:45.0359 0540 dot3svc (366ba8fb4b7bb7435e3b9eacb3843f67) C:\Windows\System32\dot3svc.dll
    04:01:45.0406 0540 dot3svc - ok
    04:01:45.0437 0540 DPS (8ec04ca86f1d68da9e11952eb85973d6) C:\Windows\system32\dps.dll
    04:01:45.0484 0540 DPS - ok
    04:01:45.0546 0540 drmkaud (b918e7c5f9bf77202f89e1a9539f2eb4) C:\Windows\system32\drivers\drmkaud.sys
    04:01:45.0577 0540 drmkaud - ok
    04:01:45.0640 0540 DXGKrnl (23f5d28378a160352ba8f817bd8c71cb) C:\Windows\System32\drivers\dxgkrnl.sys
    04:01:45.0686 0540 DXGKrnl - ok
    04:01:45.0749 0540 eamon (59d9e5dbcfef1e0e3dbac1b55c718f2d) C:\Windows\system32\DRIVERS\eamon.sys
    04:01:45.0749 0540 eamon - ok
    04:01:45.0796 0540 EapHost (8600142fa91c1b96367d3300ad0f3f3a) C:\Windows\System32\eapsvc.dll
    04:01:45.0842 0540 EapHost - ok
    04:01:46.0108 0540 ebdrv (024e1b5cac09731e4d868e64dbfb4ab0) C:\Windows\system32\DRIVERS\evbdx.sys
    04:01:46.0217 0540 ebdrv - ok
    04:01:46.0326 0540 EFS (81951f51e318aecc2d68559e47485cc4) C:\Windows\System32\lsass.exe
    04:01:46.0357 0540 EFS - ok
    04:01:46.0451 0540 ehdrv (3bd67a869964bf57266cbbd1dca38c6a) C:\Windows\system32\DRIVERS\ehdrv.sys
    04:01:46.0466 0540 ehdrv - ok
    04:01:46.0560 0540 ehRecvr (a8c362018efc87beb013ee28f29c0863) C:\Windows\ehome\ehRecvr.exe
    04:01:46.0607 0540 ehRecvr - ok
    04:01:46.0638 0540 ehSched (d389bff34f80caede417bf9d1507996a) C:\Windows\ehome\ehsched.exe
    04:01:46.0685 0540 ehSched - ok
    04:01:46.0794 0540 EhttpSrv (96fc9ad2c1b008424093f5367ca1ae3e) C:\Program Files\ESET\ESET NOD32 Antivirus\EHttpSrv.exe
    04:01:46.0794 0540 EhttpSrv - ok
    04:01:46.0872 0540 ekrn (d543e7e8bcae3f5d256335eee809adf5) C:\Program Files\ESET\ESET NOD32 Antivirus\ekrn.exe
    04:01:46.0903 0540 ekrn - ok
    04:01:47.0044 0540 elxstor (0ed67910c8c326796faa00b2bf6d9d3c) C:\Windows\system32\DRIVERS\elxstor.sys
    04:01:47.0059 0540 elxstor - ok
    04:01:47.0075 0540 epfwwfpr (e765465a526dccd9fd7ad29d602e150a) C:\Windows\system32\DRIVERS\epfwwfpr.sys
    04:01:47.0090 0540 epfwwfpr - ok
    04:01:47.0137 0540 ErrDev (8fc3208352dd3912c94367a206ab3f11) C:\Windows\system32\drivers\errdev.sys
    04:01:47.0200 0540 ErrDev - ok
    04:01:47.0278 0540 EventSystem (f6916efc29d9953d5d0df06882ae8e16) C:\Windows\system32\es.dll
    04:01:47.0371 0540 EventSystem - ok
    04:01:47.0512 0540 EvtEng (1d819278f825140655e77961bad07262) C:\Program Files\Intel\WiFi\bin\EvtEng.exe
    04:01:47.0527 0540 EvtEng - ok
    04:01:47.0574 0540 exfat (2dc9108d74081149cc8b651d3a26207f) C:\Windows\system32\drivers\exfat.sys
    04:01:47.0605 0540 exfat - ok
    04:01:47.0652 0540 fastfat (7e0ab74553476622fb6ae36f73d97d35) C:\Windows\system32\drivers\fastfat.sys
    04:01:47.0683 0540 fastfat - ok
    04:01:47.0746 0540 Fax (967ea5b213e9984cbe270205df37755b) C:\Windows\system32\fxssvc.exe
    04:01:47.0824 0540 Fax - ok
    04:01:47.0839 0540 fdc (e817a017f82df2a1f8cfdbda29388b29) C:\Windows\system32\DRIVERS\fdc.sys
    04:01:47.0886 0540 fdc - ok
    04:01:47.0902 0540 fdPHost (f3222c893bd2f5821a0179e5c71e88fb) C:\Windows\system32\fdPHost.dll
    04:01:47.0948 0540 fdPHost - ok
    04:01:47.0964 0540 FDResPub (7dbe8cbfe79efbdeb98c9fb08d3a9a5b) C:\Windows\system32\fdrespub.dll
    04:01:47.0995 0540 FDResPub - ok
    04:01:48.0011 0540 FileInfo (6cf00369c97f3cf563be99be983d13d8) C:\Windows\system32\drivers\fileinfo.sys
    04:01:48.0026 0540 FileInfo - ok
    04:01:48.0042 0540 Filetrace (42c51dc94c91da21cb9196eb64c45db9) C:\Windows\system32\drivers\filetrace.sys
    04:01:48.0058 0540 Filetrace - ok
    04:01:48.0089 0540 flpydisk (87907aa70cb3c56600f1c2fb8841579b) C:\Windows\system32\DRIVERS\flpydisk.sys
    04:01:48.0104 0540 flpydisk - ok
    04:01:48.0136 0540 FltMgr (7520ec808e0c35e0ee6f841294316653) C:\Windows\system32\drivers\fltmgr.sys
    04:01:48.0151 0540 FltMgr - ok
    04:01:48.0229 0540 FontCache (b3a5ec6b6b6673db7e87c2bcdbddc074) C:\Windows\system32\FntCache.dll
    04:01:48.0510 0540 FontCache - ok
    04:01:48.0962 0540 FontCache3.0.0.0 (e56f39f6b7fda0ac77a79b0fd3de1a2f) C:\Windows\Microsoft.Net\Framework\v3.0\WPF\PresentationFontCache.exe
    04:01:48.0962 0540 FontCache3.0.0.0 - ok
    04:01:48.0978 0540 FsDepends (1a16b57943853e598cff37fe2b8cbf1d) C:\Windows\system32\drivers\FsDepends.sys
    04:01:48.0994 0540 FsDepends - ok
    04:01:49.0040 0540 fssfltr (bfaaa92861526bb0adcd01e964ab6609) C:\Windows\system32\DRIVERS\fssfltr.sys
    04:01:49.0056 0540 fssfltr - ok
    04:01:49.0274 0540 fsssvc (40cdfad174b3d5e80f95dda003c0b97f) C:\Program Files\Windows Live\Family Safety\fsssvc.exe
    04:01:49.0352 0540 fsssvc - ok
    04:01:49.0477 0540 Fs_Rec (7dae5ebcc80e45d3253f4923dc424d05) C:\Windows\system32\drivers\Fs_Rec.sys
    04:01:49.0493 0540 Fs_Rec - ok
    04:01:49.0540 0540 FUJ02E3 (ef9f310f86fd504afcdcedf8280091fb) C:\Windows\system32\DRIVERS\FUJ02E3.sys
    04:01:49.0571 0540 FUJ02E3 - ok
    04:01:49.0649 0540 fvevol (8a73e79089b282100b9393b644cb853b) C:\Windows\system32\DRIVERS\fvevol.sys
    04:01:49.0664 0540 fvevol - ok
    04:01:49.0727 0540 gagp30kx (65ee0c7a58b65e74ae05637418153938) C:\Windows\system32\DRIVERS\gagp30kx.sys
    04:01:49.0727 0540 gagp30kx - ok
    04:01:49.0789 0540 GEARAspiWDM (8182ff89c65e4d38b2de4bb0fb18564e) C:\Windows\system32\DRIVERS\GEARAspiWDM.sys
    04:01:49.0805 0540 GEARAspiWDM - ok
    04:01:49.0867 0540 gpsvc (e897eaf5ed6ba41e081060c9b447a673) C:\Windows\System32\gpsvc.dll
    04:01:49.0914 0540 gpsvc - ok
    04:01:49.0930 0540 hcw85cir (c44e3c2bab6837db337ddee7544736db) C:\Windows\system32\drivers\hcw85cir.sys
    04:01:49.0961 0540 hcw85cir - ok
    04:01:50.0054 0540 HdAudAddService (a5ef29d5315111c80a5c1abad14c8972) C:\Windows\system32\drivers\HdAudio.sys
    04:01:50.0086 0540 HdAudAddService - ok
    04:01:50.0148 0540 HDAudBus (9036377b8a6c15dc2eec53e489d159b5) C:\Windows\system32\drivers\HDAudBus.sys
    04:01:50.0179 0540 HDAudBus - ok
    04:01:50.0210 0540 HidBatt (1d58a7f3e11a9731d0eaaaa8405acc36) C:\Windows\system32\DRIVERS\HidBatt.sys
    04:01:50.0226 0540 HidBatt - ok
    04:01:50.0257 0540 HidBth (89448f40e6df260c206a193a4683ba78) C:\Windows\system32\DRIVERS\hidbth.sys
    04:01:50.0273 0540 HidBth - ok
    04:01:50.0304 0540 HidIr (cf50b4cf4a4f229b9f3c08351f99ca5e) C:\Windows\system32\DRIVERS\hidir.sys
    04:01:50.0320 0540 HidIr - ok
    04:01:50.0351 0540 hidserv (2bc6f6a1992b3a77f5f41432ca6b3b6b) C:\Windows\System32\hidserv.dll
    04:01:50.0398 0540 hidserv - ok
    04:01:50.0429 0540 HidUsb (10c19f8290891af023eaec0832e1eb4d) C:\Windows\system32\DRIVERS\hidusb.sys
    04:01:50.0460 0540 HidUsb - ok
    04:01:50.0491 0540 hkmsvc (196b4e3f4cccc24af836ce58facbb699) C:\Windows\system32\kmsvc.dll
    04:01:50.0522 0540 hkmsvc - ok
    04:01:50.0538 0540 HomeGroupListener (6658f4404de03d75fe3ba09f7aba6a30) C:\Windows\system32\ListSvc.dll
    04:01:50.0616 0540 HomeGroupListener - ok
    04:01:50.0647 0540 HomeGroupProvider (dbc02d918fff1cad628acbe0c0eaa8e8) C:\Windows\system32\provsvc.dll
    04:01:50.0741 0540 HomeGroupProvider - ok
    04:01:50.0819 0540 HpSAMD (295fdc419039090eb8b49ffdbb374549) C:\Windows\system32\drivers\HpSAMD.sys
    04:01:50.0834 0540 HpSAMD - ok
    04:01:50.0897 0540 HTTP (871917b07a141bff43d76d8844d48106) C:\Windows\system32\drivers\HTTP.sys
    04:01:50.0928 0540 HTTP - ok
    04:01:50.0975 0540 hwpolicy (0c4e035c7f105f1299258c90886c64c5) C:\Windows\system32\drivers\hwpolicy.sys
    04:01:50.0975 0540 hwpolicy - ok
    04:01:51.0037 0540 i8042prt (f151f0bdc47f4a28b1b20a0818ea36d6) C:\Windows\system32\drivers\i8042prt.sys
    04:01:51.0053 0540 i8042prt - ok
    04:01:51.0115 0540 iaStorV (5cd5f9a5444e6cdcb0ac89bd62d8b76e) C:\Windows\system32\drivers\iaStorV.sys
    04:01:51.0131 0540 iaStorV - ok
    04:01:51.0287 0540 idsvc (c521d7eb6497bb1af6afa89e322fb43c) C:\Windows\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe
    04:01:51.0302 0540 idsvc - ok
    04:01:51.0349 0540 iirsp (4173ff5708f3236cf25195fecd742915) C:\Windows\system32\DRIVERS\iirsp.sys
    04:01:51.0365 0540 iirsp - ok
    04:01:51.0427 0540 IKEEXT (f95622f161474511b8d80d6b093aa610) C:\Windows\System32\ikeext.dll
    04:01:51.0458 0540 IKEEXT - ok
    04:01:51.0474 0540 intelide (a0f12f2c9ba6c72f3987ce780e77c130) C:\Windows\system32\drivers\intelide.sys
    04:01:51.0490 0540 intelide - ok
    04:01:51.0505 0540 intelppm (3b514d27bfc4accb4037bc6685f766e0) C:\Windows\system32\DRIVERS\intelppm.sys
    04:01:51.0536 0540 intelppm - ok
    04:01:51.0583 0540 IPBusEnum (acb364b9075a45c0736e5c47be5cae19) C:\Windows\system32\ipbusenum.dll
    04:01:51.0630 0540 IPBusEnum - ok
    04:01:51.0646 0540 IpFilterDriver (709d1761d3b19a932ff0238ea6d50200) C:\Windows\system32\DRIVERS\ipfltdrv.sys
    04:01:51.0677 0540 IpFilterDriver - ok
    04:01:51.0739 0540 iphlpsvc (4d65a07b795d6674312f879d09aa7663) C:\Windows\System32\iphlpsvc.dll
    04:01:51.0770 0540 iphlpsvc - ok
    04:01:51.0786 0540 IPMIDRV (4bd7134618c1d2a27466a099062547bf) C:\Windows\system32\drivers\IPMIDrv.sys
    04:01:51.0817 0540 IPMIDRV - ok
    04:01:51.0848 0540 IPNAT (a5fa468d67abcdaa36264e463a7bb0cd) C:\Windows\system32\drivers\ipnat.sys
    04:01:51.0864 0540 IPNAT - ok
    04:01:52.0020 0540 iPod Service (e6be7a41a28d8f2db174957454d32448) C:\Program Files\iPod\bin\iPodService.exe
    04:01:52.0036 0540 iPod Service - ok
    04:01:52.0051 0540 IRENUM (42996cff20a3084a56017b7902307e9f) C:\Windows\system32\drivers\irenum.sys
    04:01:52.0098 0540 IRENUM - ok
    04:01:52.0129 0540 isapnp (1f32bb6b38f62f7df1a7ab7292638a35) C:\Windows\system32\drivers\isapnp.sys
    04:01:52.0145 0540 isapnp - ok
    04:01:52.0176 0540 iScsiPrt (cb7a9abb12b8415bce5d74994c7ba3ae) C:\Windows\system32\drivers\msiscsi.sys
    04:01:52.0192 0540 iScsiPrt - ok
    04:01:52.0238 0540 kbdclass (adef52ca1aeae82b50df86b56413107e) C:\Windows\system32\DRIVERS\kbdclass.sys
    04:01:52.0254 0540 kbdclass - ok
    04:01:52.0301 0540 kbdhid (9e3ced91863e6ee98c24794d05e27a71) C:\Windows\system32\DRIVERS\kbdhid.sys
    04:01:52.0332 0540 kbdhid - ok
    04:01:52.0410 0540 KeyIso (81951f51e318aecc2d68559e47485cc4) C:\Windows\system32\lsass.exe
    04:01:52.0426 0540 KeyIso - ok
    04:01:52.0457 0540 KSecDD (b7895b4182c0d16f6efadeb8081e8d36) C:\Windows\system32\Drivers\ksecdd.sys
    04:01:52.0472 0540 KSecDD - ok
    04:01:52.0504 0540 KSecPkg (d30159ac9237519fbc62c6ec247d2d46) C:\Windows\system32\Drivers\ksecpkg.sys
    04:01:52.0519 0540 KSecPkg - ok
    04:01:52.0582 0540 KtmRm (89a7b9cc98d0d80c6f31b91c0a310fcd) C:\Windows\system32\msdtckrm.dll
    04:01:52.0628 0540 KtmRm - ok
    04:01:52.0660 0540 LanmanServer (d64af876d53eca3668bb97b51b4e70ab) C:\Windows\System32\srvsvc.dll
    04:01:52.0706 0540 LanmanServer - ok
    04:01:52.0753 0540 LanmanWorkstation (58405e4f68ba8e4057c6e914f326aba2) C:\Windows\System32\wkssvc.dll
    04:01:52.0800 0540 LanmanWorkstation - ok
    04:01:52.0831 0540 lltdio (f7611ec07349979da9b0ae1f18ccc7a6) C:\Windows\system32\DRIVERS\lltdio.sys
    04:01:52.0862 0540 lltdio - ok
    04:01:52.0909 0540 lltdsvc (5700673e13a2117fa3b9020c852c01e2) C:\Windows\System32\lltdsvc.dll
    04:01:52.0972 0540 lltdsvc - ok
    04:01:53.0050 0540 lmhosts (55ca01ba19d0006c8f2639b6c045e08b) C:\Windows\System32\lmhsvc.dll
    04:01:53.0081 0540 lmhosts - ok
    04:01:53.0128 0540 LSI_FC (eb119a53ccf2acc000ac71b065b78fef) C:\Windows\system32\DRIVERS\lsi_fc.sys
    04:01:53.0143 0540 LSI_FC - ok
    04:01:53.0159 0540 LSI_SAS (8ade1c877256a22e49b75d1cc9161f9c) C:\Windows\system32\DRIVERS\lsi_sas.sys
    04:01:53.0174 0540 LSI_SAS - ok
    04:01:53.0190 0540 LSI_SAS2 (dc9dc3d3daa0e276fd2ec262e38b11e9) C:\Windows\system32\DRIVERS\lsi_sas2.sys
    04:01:53.0206 0540 LSI_SAS2 - ok
    04:01:53.0237 0540 LSI_SCSI (0a036c7d7cab643a7f07135ac47e0524) C:\Windows\system32\DRIVERS\lsi_scsi.sys
    04:01:53.0252 0540 LSI_SCSI - ok
    04:01:53.0268 0540 luafv (6703e366cc18d3b6e534f5cf7df39cee) C:\Windows\system32\drivers\luafv.sys
    04:01:53.0315 0540 luafv - ok
    04:01:53.0393 0540 LVRS (ed643e777ba3f7151ef3f0fb6be4f7f0) C:\Windows\system32\DRIVERS\lvrs.sys
    04:01:53.0408 0540 LVRS - ok
    04:01:53.0658 0540 LVUVC (5bc80451109a8dd7f2ddd35bce2929a3) C:\Windows\system32\DRIVERS\lvuvc.sys
    04:01:53.0736 0540 LVUVC - ok
    04:01:53.0876 0540 Mcx2Svc (bfb9ee8ee977efe85d1a3105abef6dd1) C:\Windows\system32\Mcx2Svc.dll
    04:01:53.0892 0540 Mcx2Svc - ok
    04:01:54.0017 0540 megasas (0fff5b045293002ab38eb1fd1fc2fb74) C:\Windows\system32\DRIVERS\megasas.sys
    04:01:54.0032 0540 megasas - ok
    04:01:54.0048 0540 MegaSR (dcbab2920c75f390caf1d29f675d03d6) C:\Windows\system32\DRIVERS\MegaSR.sys
    04:01:54.0064 0540 MegaSR - ok
    04:01:54.0079 0540 MMCSS (146b6f43a673379a3c670e86d89be5ea) C:\Windows\system32\mmcss.dll
    04:01:54.0126 0540 MMCSS - ok
    04:01:54.0142 0540 Modem (f001861e5700ee84e2d4e52c712f4964) C:\Windows\system32\drivers\modem.sys
    04:01:54.0188 0540 Modem - ok
    04:01:54.0235 0540 monitor (79d10964de86b292320e9dfe02282a23) C:\Windows\system32\DRIVERS\monitor.sys
    04:01:54.0266 0540 monitor - ok
    04:01:54.0407 0540 MotoHelper (9dfd34e6841c460b5d992a1c5327ae69) C:\Program Files\Motorola\MotoHelper\MotoHelperService.exe
    04:01:54.0422 0540 MotoHelper - ok
    04:01:54.0454 0540 mouclass (fb18cc1d4c2e716b6b903b0ac0cc0609) C:\Windows\system32\DRIVERS\mouclass.sys
    04:01:54.0469 0540 mouclass - ok
    04:01:54.0516 0540 mouhid (2c388d2cd01c9042596cf3c8f3c7b24d) C:\Windows\system32\DRIVERS\mouhid.sys
    04:01:54.0547 0540 mouhid - ok
    04:01:54.0610 0540 mountmgr (fc8771f45ecccfd89684e38842539b9b) C:\Windows\system32\drivers\mountmgr.sys
    04:01:54.0625 0540 mountmgr - ok
    04:01:54.0750 0540 MozillaMaintenance (46297fa8e30a6007f14118fc2b942fbc) C:\Program Files\Mozilla Maintenance Service\maintenanceservice.exe
    04:01:54.0766 0540 MozillaMaintenance - ok
    04:01:54.0812 0540 mpio (2d699fb6e89ce0d8da14ecc03b3edfe0) C:\Windows\system32\drivers\mpio.sys
    04:01:54.0828 0540 mpio - ok
    04:01:54.0828 0540 mpsdrv (ad2723a7b53dd1aacae6ad8c0bfbf4d0) C:\Windows\system32\drivers\mpsdrv.sys
    04:01:54.0875 0540 mpsdrv - ok
    04:01:54.0922 0540 MpsSvc (9835584e999d25004e1ee8e5f3e3b881) C:\Windows\system32\mpssvc.dll
    04:01:54.0984 0540 MpsSvc - ok
    04:01:55.0000 0540 MRxDAV (ceb46ab7c01c9f825f8cc6babc18166a) C:\Windows\system32\drivers\mrxdav.sys
    04:01:55.0031 0540 MRxDAV - ok
    04:01:55.0078 0540 mrxsmb (5d16c921e3671636c0eba3bbaac5fd25) C:\Windows\system32\DRIVERS\mrxsmb.sys
    04:01:55.0140 0540 mrxsmb - ok
    04:01:55.0156 0540 mrxsmb10 (6d17a4791aca19328c685d256349fefc) C:\Windows\system32\DRIVERS\mrxsmb10.sys
    04:01:55.0171 0540 mrxsmb10 - ok
    04:01:55.0234 0540 mrxsmb20 (b81f204d146000be76651a50670a5e9e) C:\Windows\system32\DRIVERS\mrxsmb20.sys
    04:01:55.0249 0540 mrxsmb20 - ok
    04:01:55.0296 0540 msahci (012c5f4e9349e711e11e0f19a8589f0a) C:\Windows\system32\drivers\msahci.sys
    04:01:55.0296 0540 msahci - ok
    04:01:55.0327 0540 msdsm (55055f8ad8be27a64c831322a780a228) C:\Windows\system32\drivers\msdsm.sys
    04:01:55.0343 0540 msdsm - ok
    04:01:55.0390 0540 MSDTC (e1bce74a3bd9902b72599c0192a07e27) C:\Windows\System32\msdtc.exe
    04:01:55.0421 0540 MSDTC - ok
    04:01:55.0483 0540 MSDV (114b67c324d64c8195fd3bf93b4df02a) C:\Windows\system32\DRIVERS\msdv.sys
    04:01:55.0499 0540 MSDV - ok
    04:01:55.0530 0540 Msfs (daefb28e3af5a76abcc2c3078c07327f) C:\Windows\system32\drivers\Msfs.sys
    04:01:55.0561 0540 Msfs - ok
    04:01:55.0577 0540 mshidkmdf (3e1e5767043c5af9367f0056295e9f84) C:\Windows\System32\drivers\mshidkmdf.sys
    04:01:55.0592 0540 mshidkmdf - ok
    04:01:55.0624 0540 msisadrv (0a4e5757ae09fa9622e3158cc1aef114) C:\Windows\system32\drivers\msisadrv.sys
    04:01:55.0624 0540 msisadrv - ok
    04:01:55.0686 0540 MSiSCSI (90f7d9e6b6f27e1a707d4a297f077828) C:\Windows\system32\iscsiexe.dll
    04:01:55.0717 0540 MSiSCSI - ok
    04:01:55.0717 0540 msiserver - ok
    04:01:55.0748 0540 MSKSSRV (8c0860d6366aaffb6c5bb9df9448e631) C:\Windows\system32\drivers\MSKSSRV.sys
    04:01:55.0795 0540 MSKSSRV - ok
    04:01:55.0842 0540 MSPCLOCK (3ea8b949f963562cedbb549eac0c11ce) C:\Windows\system32\drivers\MSPCLOCK.sys
    04:01:55.0889 0540 MSPCLOCK - ok
    04:01:55.0920 0540 MSPQM (f456e973590d663b1073e9c463b40932) C:\Windows\system32\drivers\MSPQM.sys
    04:01:55.0951 0540 MSPQM - ok
    04:01:55.0967 0540 MsRPC (0e008fc4819d238c51d7c93e7b41e560) C:\Windows\system32\drivers\MsRPC.sys
    04:01:55.0982 0540 MsRPC - ok
    04:01:55.0998 0540 mssmbios (fc6b9ff600cc585ea38b12589bd4e246) C:\Windows\system32\drivers\mssmbios.sys
    04:01:56.0014 0540 mssmbios - ok
    04:01:56.0029 0540 MSTEE (b42c6b921f61a6e55159b8be6cd54a36) C:\Windows\system32\drivers\MSTEE.sys
    04:01:56.0060 0540 MSTEE - ok
    04:01:56.0076 0540 MTConfig (33599130f44e1f34631cea241de8ac84) C:\Windows\system32\DRIVERS\MTConfig.sys
    04:01:56.0107 0540 MTConfig - ok
    04:01:56.0138 0540 Mup (159fad02f64e6381758c990f753bcc80) C:\Windows\system32\Drivers\mup.sys
    04:01:56.0154 0540 Mup - ok
    04:01:56.0201 0540 napagent (61d57a5d7c6d9afe10e77dae6e1b445e) C:\Windows\system32\qagentRT.dll
    04:01:56.0263 0540 napagent - ok
    04:01:56.0310 0540 NativeWifiP (26384429fcd85d83746f63e798ab1480) C:\Windows\system32\DRIVERS\nwifi.sys
    04:01:56.0326 0540 NativeWifiP - ok
    04:01:56.0404 0540 NDIS (e7c54812a2aaf43316eb6930c1ffa108) C:\Windows\system32\drivers\ndis.sys
    04:01:56.0435 0540 NDIS - ok
    04:01:56.0466 0540 NdisCap (0e1787aa6c9191d3d319e8bafe86f80c) C:\Windows\system32\DRIVERS\ndiscap.sys
    04:01:56.0497 0540 NdisCap - ok
    04:01:56.0544 0540 NdisTapi (e4a8aec125a2e43a9e32afeea7c9c888) C:\Windows\system32\DRIVERS\ndistapi.sys
    04:01:56.0575 0540 NdisTapi - ok
    04:01:56.0622 0540 Ndisuio (d8a65dafb3eb41cbb622745676fcd072) C:\Windows\system32\DRIVERS\ndisuio.sys
    04:01:56.0653 0540 Ndisuio - ok
    04:01:56.0684 0540 NdisWan (38fbe267e7e6983311179230facb1017) C:\Windows\system32\DRIVERS\ndiswan.sys
    04:01:56.0700 0540 NdisWan - ok
    04:01:56.0731 0540 NDProxy (a4bdc541e69674fbff1a8ff00be913f2) C:\Windows\system32\drivers\NDProxy.sys
    04:01:56.0762 0540 NDProxy - ok
    04:01:56.0794 0540 Netaapl (1352e1648213551923a0a822e441553c) C:\Windows\system32\DRIVERS\netaapl.sys
    04:01:56.0840 0540 Netaapl - ok
    04:01:56.0856 0540 NetBIOS (80b275b1ce3b0e79909db7b39af74d51) C:\Windows\system32\DRIVERS\netbios.sys
    04:01:56.0887 0540 NetBIOS - ok
    04:01:56.0934 0540 NetBT (280122ddcf04b378edd1ad54d71c1e54) C:\Windows\system32\DRIVERS\netbt.sys
    04:01:56.0965 0540 NetBT - ok
    04:01:56.0996 0540 Netlogon (81951f51e318aecc2d68559e47485cc4) C:\Windows\system32\lsass.exe
    04:01:57.0012 0540 Netlogon - ok
    04:01:57.0106 0540 Netman (7cccfca7510684768da22092d1fa4db2) C:\Windows\System32\netman.dll
    04:01:57.0184 0540 Netman - ok
    04:01:57.0230 0540 netprofm (8c338238c16777a802d6a9211eb2ba50) C:\Windows\System32\netprofm.dll
    04:01:57.0262 0540 netprofm - ok
    04:01:57.0340 0540 netr73 (b8dee9e7e8f55138f9bc886519c617c4) C:\Windows\system32\DRIVERS\netr73.sys
    04:01:57.0371 0540 netr73 - ok
    04:01:57.0511 0540 NetTcpPortSharing (f476ec40033cdb91efbe73eb99b8362d) C:\Windows\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe
    04:01:57.0511 0540 NetTcpPortSharing - ok
    04:01:57.0792 0540 netw5v32 (58218ec6b61b1169cf54aab0d00f5fe2) C:\Windows\system32\DRIVERS\netw5v32.sys
    04:01:57.0870 0540 netw5v32 - ok
    04:01:58.0338 0540 NETwLv32 (d4ef7a9767c05905500ec312cb29ef46) C:\Windows\system32\DRIVERS\NETwLv32.sys
    04:01:58.0510 0540 NETwLv32 - ok
    04:01:58.0603 0540 nfrd960 (1d85c4b390b0ee09c7a46b91efb2c097) C:\Windows\system32\DRIVERS\nfrd960.sys
    04:01:58.0619 0540 nfrd960 - ok
    04:01:58.0666 0540 NlaSvc (912084381d30d8b89ec4e293053f4710) C:\Windows\System32\nlasvc.dll
    04:01:58.0712 0540 NlaSvc - ok
    04:01:58.0728 0540 Npfs (1db262a9f8c087e8153d89bef3d2235f) C:\Windows\system32\drivers\Npfs.sys
    04:01:58.0759 0540 Npfs - ok
    04:01:58.0790 0540 nsi (ba387e955e890c8a88306d9b8d06bf17) C:\Windows\system32\nsisvc.dll
    04:01:58.0822 0540 nsi - ok
    04:01:58.0837 0540 nsiproxy (e9a0a4d07e53d8fea2bb8387a3293c58) C:\Windows\system32\drivers\nsiproxy.sys
    04:01:58.0884 0540 nsiproxy - ok
    04:01:58.0993 0540 Ntfs (81189c3d7763838e55c397759d49007a) C:\Windows\system32\drivers\Ntfs.sys
    04:01:59.0056 0540 Ntfs - ok
    04:01:59.0071 0540 Null (f9756a98d69098dca8945d62858a812c) C:\Windows\system32\drivers\Null.sys
    04:01:59.0102 0540 Null - ok
    04:01:59.0165 0540 nvraid (b3e25ee28883877076e0e1ff877d02e0) C:\Windows\system32\drivers\nvraid.sys
    04:01:59.0180 0540 nvraid - ok
    04:01:59.0305 0540 nvstor (4380e59a170d88c4f1022eff6719a8a4) C:\Windows\system32\drivers\nvstor.sys
    04:01:59.0321 0540 nvstor - ok
    04:01:59.0383 0540 nv_agp (5a0983915f02bae73267cc2a041f717d) C:\Windows\system32\drivers\nv_agp.sys
    04:01:59.0399 0540 nv_agp - ok
    04:01:59.0477 0540 O2MDRDR (634ff60f418792906887b3d6ceecb431) C:\Windows\system32\DRIVERS\o2media.sys
    04:01:59.0508 0540 O2MDRDR - ok
    04:01:59.0539 0540 ohci1394 (08a70a1f2cdde9bb49b885cb817a66eb) C:\Windows\system32\drivers\ohci1394.sys
    04:01:59.0555 0540 ohci1394 - ok
    04:01:59.0602 0540 p2pimsvc (82a8521ddc60710c3d3d3e7325209bec) C:\Windows\system32\pnrpsvc.dll
    04:01:59.0648 0540 p2pimsvc - ok
    04:01:59.0695 0540 p2psvc (59c3ddd501e39e006dac31bf55150d91) C:\Windows\system32\p2psvc.dll
    04:01:59.0773 0540 p2psvc - ok
    04:01:59.0820 0540 Parport (2ea877ed5dd9713c5ac74e8ea7348d14) C:\Windows\system32\DRIVERS\parport.sys
    04:01:59.0836 0540 Parport - ok
    04:01:59.0867 0540 partmgr (3f34a1b4c5f6475f320c275e63afce9b) C:\Windows\system32\drivers\partmgr.sys
    04:01:59.0882 0540 partmgr - ok
    04:01:59.0898 0540 Parvdm (eb0a59f29c19b86479d36b35983daadc) C:\Windows\system32\DRIVERS\parvdm.sys
    04:01:59.0914 0540 Parvdm - ok
    04:01:59.0945 0540 PcaSvc (358ab7956d3160000726574083dfc8a6) C:\Windows\System32\pcasvc.dll
    04:01:59.0960 0540 PcaSvc - ok
    04:01:59.0992 0540 pci (673e55c3498eb970088e812ea820aa8f) C:\Windows\system32\drivers\pci.sys
    04:02:00.0007 0540 pci - ok
    04:02:00.0038 0540 pciide (afe86f419014db4e5593f69ffe26ce0a) C:\Windows\system32\drivers\pciide.sys
    04:02:00.0054 0540 pciide - ok
    04:02:00.0070 0540 pcmcia (f396431b31693e71e8a80687ef523506) C:\Windows\system32\DRIVERS\pcmcia.sys
    04:02:00.0085 0540 pcmcia - ok
    04:02:00.0101 0540 pcw (250f6b43d2b613172035c6747aeeb19f) C:\Windows\system32\drivers\pcw.sys
    04:02:00.0116 0540 pcw - ok
    04:02:00.0194 0540 PEAUTH (9e0104ba49f4e6973749a02bf41344ed) C:\Windows\system32\drivers\peauth.sys
    04:02:00.0226 0540 PEAUTH - ok
    04:02:00.0350 0540 PeerDistSvc (af4d64d2a57b9772cf3801950b8058a6) C:\Windows\system32\peerdistsvc.dll
    04:02:00.0397 0540 PeerDistSvc - ok
    04:02:00.0538 0540 pla (414bba67a3ded1d28437eb66aeb8a720) C:\Windows\system32\pla.dll
    04:02:00.0600 0540 pla - ok
    04:02:00.0756 0540 PlugPlay (ec7bc28d207da09e79b3e9faf8b232ca) C:\Windows\system32\umpnpmgr.dll
    04:02:00.0818 0540 PlugPlay - ok
    04:02:00.0850 0540 PNRPAutoReg (63ff8572611249931eb16bb8eed6afc8) C:\Windows\system32\pnrpauto.dll
    04:02:00.0881 0540 PNRPAutoReg - ok
    04:02:00.0912 0540 PNRPsvc (82a8521ddc60710c3d3d3e7325209bec) C:\Windows\system32\pnrpsvc.dll
    04:02:00.0943 0540 PNRPsvc - ok
    04:02:00.0974 0540 PolicyAgent (53946b69ba0836bd95b03759530c81ec) C:\Windows\System32\ipsecsvc.dll
    04:02:01.0037 0540 PolicyAgent - ok
    04:02:01.0068 0540 Power (f87d30e72e03d579a5199ccb3831d6ea) C:\Windows\system32\umpo.dll
    04:02:01.0115 0540 Power - ok
    04:02:01.0193 0540 PptpMiniport (631e3e205ad6d86f2aed6a4a8e69f2db) C:\Windows\system32\DRIVERS\raspptp.sys
    04:02:01.0240 0540 PptpMiniport - ok
    04:02:01.0255 0540 Processor (85b1e3a0c7585bc4aae6899ec6fcf011) C:\Windows\system32\DRIVERS\processr.sys
    04:02:01.0271 0540 Processor - ok
    04:02:01.0302 0540 ProfSvc (cadefac453040e370a1bdff3973be00d) C:\Windows\system32\profsvc.dll
    04:02:01.0333 0540 ProfSvc - ok
    04:02:01.0396 0540 ProtectedStorage (81951f51e318aecc2d68559e47485cc4) C:\Windows\system32\lsass.exe
    04:02:01.0411 0540 ProtectedStorage - ok
    04:02:01.0442 0540 Psched (6270ccae2a86de6d146529fe55b3246a) C:\Windows\system32\DRIVERS\pacer.sys
    04:02:01.0474 0540 Psched - ok
    04:02:01.0567 0540 ql2300 (ab95ecf1f6659a60ddc166d8315b0751) C:\Windows\system32\DRIVERS\ql2300.sys
    04:02:01.0614 0540 ql2300 - ok
    04:02:01.0770 0540 ql40xx (b4dd51dd25182244b86737dc51af2270) C:\Windows\system32\DRIVERS\ql40xx.sys
    04:02:01.0786 0540 ql40xx - ok
    04:02:01.0832 0540 QWAVE (31ac809e7707eb580b2bdb760390765a) C:\Windows\system32\qwave.dll
    04:02:01.0848 0540 QWAVE - ok
    04:02:01.0864 0540 QWAVEdrv (584078ca1b95ca72df2a27c336f9719d) C:\Windows\system32\drivers\qwavedrv.sys
    04:02:01.0879 0540 QWAVEdrv - ok
    04:02:01.0895 0540 RasAcd (30a81b53c766d0133bb86d234e5556ab) C:\Windows\system32\DRIVERS\rasacd.sys
    04:02:01.0926 0540 RasAcd - ok
    04:02:01.0988 0540 RasAgileVpn (57ec4aef73660166074d8f7f31c0d4fd) C:\Windows\system32\DRIVERS\AgileVpn.sys
    04:02:02.0020 0540 RasAgileVpn - ok
    04:02:02.0051 0540 RasAuto (a60f1839849c0c00739787fd5ec03f13) C:\Windows\System32\rasauto.dll
    04:02:02.0082 0540 RasAuto - ok
    04:02:02.0129 0540 Rasl2tp (d9f91eafec2815365cbe6d167e4e332a) C:\Windows\system32\DRIVERS\rasl2tp.sys
    04:02:02.0160 0540 Rasl2tp - ok
    04:02:02.0207 0540 RasMan (cb9e04dc05eacf5b9a36ca276d475006) C:\Windows\System32\rasmans.dll
    04:02:02.0254 0540 RasMan - ok
    04:02:02.0285 0540 RasPppoe (0fe8b15916307a6ac12bfb6a63e45507) C:\Windows\system32\DRIVERS\raspppoe.sys
    04:02:02.0316 0540 RasPppoe - ok
    04:02:02.0347 0540 RasSstp (44101f495a83ea6401d886e7fd70096b) C:\Windows\system32\DRIVERS\rassstp.sys
    04:02:02.0425 0540 RasSstp - ok
    04:02:02.0441 0540 rdbss (d528bc58a489409ba40334ebf96a311b) C:\Windows\system32\DRIVERS\rdbss.sys
    04:02:02.0488 0540 rdbss - ok
    04:02:02.0503 0540 rdpbus (0d8f05481cb76e70e1da06ee9f0da9df) C:\Windows\system32\DRIVERS\rdpbus.sys
    04:02:02.0519 0540 rdpbus - ok
    04:02:02.0550 0540 RDPCDD (23dae03f29d253ae74c44f99e515f9a1) C:\Windows\system32\DRIVERS\RDPCDD.sys
    04:02:02.0581 0540 RDPCDD - ok
    04:02:02.0612 0540 RDPDR (b973fcfc50dc1434e1970a146f7e3885) C:\Windows\system32\drivers\rdpdr.sys
    04:02:02.0659 0540 RDPDR - ok
    04:02:02.0706 0540 RDPENCDD (5a53ca1598dd4156d44196d200c94b8a) C:\Windows\system32\drivers\rdpencdd.sys
    04:02:02.0737 0540 RDPENCDD - ok
    04:02:02.0768 0540 RDPREFMP (44b0a53cd4f27d50ed461dae0c0b4e1f) C:\Windows\system32\drivers\rdprefmp.sys
    04:02:02.0815 0540 RDPREFMP - ok
    04:02:02.0924 0540 RdpVideoMiniport (68a0387f58e226deee23d9715955572a) C:\Windows\system32\drivers\rdpvideominiport.sys
    04:02:02.0956 0540 RdpVideoMiniport - ok
    04:02:02.0987 0540 RDPWD (f031683e6d1fea157abb2ff260b51e61) C:\Windows\system32\drivers\RDPWD.sys
    04:02:03.0034 0540 RDPWD - ok
    04:02:03.0096 0540 rdyboost (518395321dc96fe2c9f0e96ac743b656) C:\Windows\system32\drivers\rdyboost.sys
    04:02:03.0112 0540 rdyboost - ok
    04:02:03.0174 0540 RecFltr (c7775140fade828e746ff8f93d2dcca0) C:\Windows\system32\Drivers\RecFltr.sys
    04:02:03.0236 0540 RecFltr - ok
    04:02:03.0330 0540 RegSrvc (1d435126c431a05e9d44d2a5d970598a) C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe
    04:02:03.0346 0540 RegSrvc - ok
    04:02:03.0455 0540 RemoteAccess (7b5e1419717fac363a31cc302895217a) C:\Windows\System32\mprdim.dll
    04:02:03.0486 0540 RemoteAccess - ok
    04:02:03.0533 0540 RemoteRegistry (cb9a8683f4ef2bf99e123d79950d7935) C:\Windows\system32\regsvc.dll
    04:02:03.0564 0540 RemoteRegistry - ok
    04:02:03.0611 0540 RpcEptMapper (78d072f35bc45d9e4e1b61895c152234) C:\Windows\System32\RpcEpMap.dll
    04:02:03.0642 0540 RpcEptMapper - ok
    04:02:03.0689 0540 RpcLocator (94d36c0e44677dd26981d2bfeef2a29d) C:\Windows\system32\locator.exe
    04:02:03.0704 0540 RpcLocator - ok
    04:02:03.0751 0540 RpcSs (7660f01d3b38aca1747e397d21d790af) C:\Windows\system32\rpcss.dll
    04:02:03.0782 0540 RpcSs - ok
    04:02:03.0829 0540 rspndr (032b0d36ad92b582d869879f5af5b928) C:\Windows\system32\DRIVERS\rspndr.sys
    04:02:03.0860 0540 rspndr - ok
    04:02:03.0907 0540 rt70x86 (ca30e52ada0cab3a29dde5c146644eec) C:\Windows\system32\DRIVERS\netr70.sys
    04:02:03.0923 0540 rt70x86 - ok
    04:02:03.0970 0540 s3cap (7fa7f2e249a5dcbb7970630e15e1f482) C:\Windows\system32\drivers\vms3cap.sys
    04:02:04.0001 0540 s3cap - ok
    04:02:04.0016 0540 SamSs (81951f51e318aecc2d68559e47485cc4) C:\Windows\system32\lsass.exe
    04:02:04.0032 0540 SamSs - ok
    04:02:04.0094 0540 sbp2port (05d860da1040f111503ac416ccef2bca) C:\Windows\system32\drivers\sbp2port.sys
    04:02:04.0094 0540 sbp2port - ok
    04:02:04.0110 0540 SCardSvr (8fc518ffe9519c2631d37515a68009c4) C:\Windows\System32\SCardSvr.dll
    04:02:04.0141 0540 SCardSvr - ok
    04:02:04.0172 0540 scfilter (0693b5ec673e34dc147e195779a4dcf6) C:\Windows\system32\DRIVERS\scfilter.sys
    04:02:04.0204 0540 scfilter - ok
    04:02:04.0282 0540 Schedule (a04bb13f8a72f8b6e8b4071723e4e336) C:\Windows\system32\schedsvc.dll
    04:02:04.0328 0540 Schedule - ok
    04:02:04.0360 0540 SCPolicySvc (319c6b309773d063541d01df8ac6f55f) C:\Windows\System32\certprop.dll
    04:02:04.0391 0540 SCPolicySvc - ok
    04:02:04.0469 0540 sdbus (0328be1c7f1cba23848179f8762e391c) C:\Windows\system32\drivers\sdbus.sys
    04:02:04.0469 0540 sdbus - ok
    04:02:04.0516 0540 SDRSVC (08236c4bce5edd0a0318a438af28e0f7) C:\Windows\System32\SDRSVC.dll
    04:02:04.0578 0540 SDRSVC - ok
    04:02:04.0687 0540 SeaPort (78779ee07231c658b483b1f38b5088df) C:\Program Files\Microsoft\BingBar\SeaPort.EXE
    04:02:04.0703 0540 SeaPort - ok
    04:02:04.0750 0540 secdrv (90a3935d05b494a5a39d37e71f09a677) C:\Windows\system32\drivers\secdrv.sys
    04:02:04.0796 0540 secdrv - ok
    04:02:04.0812 0540 seclogon (a59b3a4442c52060cc7a85293aa3546f) C:\Windows\system32\seclogon.dll
    04:02:04.0843 0540 seclogon - ok
    04:02:04.0874 0540 SENS (dcb7fcdcc97f87360f75d77425b81737) C:\Windows\system32\sens.dll
    04:02:04.0906 0540 SENS - ok
    04:02:04.0937 0540 SensrSvc (50087fe1ee447009c9cc2997b90de53f) C:\Windows\system32\sensrsvc.dll
    04:02:04.0984 0540 SensrSvc - ok
    04:02:04.0999 0540 Serenum (9ad8b8b515e3df6acd4212ef465de2d1) C:\Windows\system32\DRIVERS\serenum.sys
    04:02:05.0015 0540 Serenum - ok
    04:02:05.0030 0540 Serial (5fb7fcea0490d821f26f39cc5ea3d1e2) C:\Windows\system32\DRIVERS\serial.sys
    04:02:05.0077 0540 Serial - ok
    04:02:05.0124 0540 sermouse (79bffb520327ff916a582dfea17aa813) C:\Windows\system32\DRIVERS\sermouse.sys
    04:02:05.0140 0540 sermouse - ok
    04:02:05.0202 0540 SessionEnv (4ae380f39a0032eab7dd953030b26d28) C:\Windows\system32\sessenv.dll
    04:02:05.0233 0540 SessionEnv - ok
    04:02:05.0280 0540 sffdisk (9f976e1eb233df46fce808d9dea3eb9c) C:\Windows\system32\DRIVERS\sffdisk.sys
    04:02:05.0311 0540 sffdisk - ok
    04:02:05.0327 0540 sffp_mmc (932a68ee27833cfd57c1639d375f2731) C:\Windows\system32\drivers\sffp_mmc.sys
    04:02:05.0358 0540 sffp_mmc - ok
    04:02:05.0374 0540 sffp_sd (6d4ccaedc018f1cf52866bbbaa235982) C:\Windows\system32\DRIVERS\sffp_sd.sys
    04:02:05.0405 0540 sffp_sd - ok
    04:02:05.0405 0540 sfloppy (db96666cc8312ebc45032f30b007a547) C:\Windows\system32\DRIVERS\sfloppy.sys
    04:02:05.0436 0540 sfloppy - ok
    04:02:05.0498 0540 SharedAccess (d1a079a0de2ea524513b6930c24527a2) C:\Windows\System32\ipnathlp.dll
    04:02:05.0561 0540 SharedAccess - ok
    04:02:05.0623 0540 ShellHWDetection (414da952a35bf5d50192e28263b40577) C:\Windows\System32\shsvcs.dll
    04:02:05.0654 0540 ShellHWDetection - ok
    04:02:05.0686 0540 sisagp (2565cac0dc9fe0371bdce60832582b2e) C:\Windows\system32\drivers\sisagp.sys
    04:02:05.0701 0540 sisagp - ok
    04:02:05.0717 0540 SiSRaid2 (a9f0486851becb6dda1d89d381e71055) C:\Windows\system32\DRIVERS\SiSRaid2.sys
    04:02:05.0732 0540 SiSRaid2 - ok
    04:02:05.0748 0540 SiSRaid4 (3727097b55738e2f554972c3be5bc1aa) C:\Windows\system32\DRIVERS\sisraid4.sys
    04:02:05.0764 0540 SiSRaid4 - ok
    04:02:05.0810 0540 Smb (3e21c083b8a01cb70ba1f09303010fce) C:\Windows\system32\DRIVERS\smb.sys
    04:02:05.0842 0540 Smb - ok
    04:02:05.0920 0540 SNMPTRAP (6a984831644eca1a33ffeae4126f4f37) C:\Windows\System32\snmptrap.exe
    04:02:05.0935 0540 SNMPTRAP - ok
    04:02:05.0966 0540 spldr (95cf1ae7527fb70f7816563cbc09d942) C:\Windows\system32\drivers\spldr.sys
    04:02:05.0966 0540 spldr - ok
    04:02:05.0998 0540 Spooler (866a43013535dc8587c258e43579c764) C:\Windows\System32\spoolsv.exe
    04:02:06.0044 0540 Spooler - ok
    04:02:06.0247 0540 sppsvc (cf87a1de791347e75b98885214ced2b8) C:\Windows\system32\sppsvc.exe
    04:02:06.0325 0540 sppsvc - ok
    04:02:06.0450 0540 sppuinotify (b0180b20b065d89232a78a40fe56eaa6) C:\Windows\system32\sppuinotify.dll
    04:02:06.0481 0540 sppuinotify - ok
    04:02:06.0637 0540 sptd (cdddec541bc3c96f91ecb48759673505) C:\Windows\system32\Drivers\sptd.sys
    04:02:06.0637 0540 Suspicious file (NoAccess): C:\Windows\system32\Drivers\sptd.sys. md5: cdddec541bc3c96f91ecb48759673505
    04:02:06.0637 0540 sptd ( LockedFile.Multi.Generic ) - warning
    04:02:06.0637 0540 sptd - detected LockedFile.Multi.Generic (1)
    04:02:06.0684 0540 srv (e4c2764065d66ea1d2d3ebc28fe99c46) C:\Windows\system32\DRIVERS\srv.sys
    04:02:06.0715 0540 srv - ok
    04:02:06.0762 0540 srv2 (03f0545bd8d4c77fa0ae1ceedfcc71ab) C:\Windows\system32\DRIVERS\srv2.sys
    04:02:06.0809 0540 srv2 - ok
    04:02:06.0840 0540 srvnet (be6bd660caa6f291ae06a718a4fa8abc) C:\Windows\system32\DRIVERS\srvnet.sys
    04:02:06.0871 0540 srvnet - ok
    04:02:06.0918 0540 SSDPSRV (d887c9fd02ac9fa880f6e5027a43e118) C:\Windows\System32\ssdpsrv.dll
    04:02:06.0949 0540 SSDPSRV - ok
    04:02:06.0965 0540 SstpSvc (d318f23be45d5e3a107469eb64815b50) C:\Windows\system32\sstpsvc.dll
    04:02:06.0996 0540 SstpSvc - ok
    04:02:07.0027 0540 stexstor (db32d325c192b801df274bfd12a7e72b) C:\Windows\system32\DRIVERS\stexstor.sys
    04:02:07.0043 0540 stexstor - ok
    04:02:07.0105 0540 StillCam (edb05bd63148796f23ea78506404a538) C:\Windows\system32\DRIVERS\serscan.sys
    04:02:07.0121 0540 StillCam - ok
    04:02:07.0183 0540 StiSvc (e1fb3706030fb4578a0d72c2fc3689e4) C:\Windows\System32\wiaservc.dll
    04:02:07.0214 0540 StiSvc - ok
    04:02:07.0277 0540 storflt (472af0311073dceceaa8fa18ba2bdf89) C:\Windows\system32\drivers\vmstorfl.sys
    04:02:07.0292 0540 storflt - ok
    04:02:07.0308 0540 storvsc (dcaffd62259e0bdb433dd67b5bb37619) C:\Windows\system32\drivers\storvsc.sys
    04:02:07.0324 0540 storvsc - ok
    04:02:07.0339 0540 swenum (e58c78a848add9610a4db6d214af5224) C:\Windows\system32\drivers\swenum.sys
    04:02:07.0355 0540 swenum - ok
    04:02:07.0386 0540 swprv (a28bd92df340e57b024ba433165d34d7) C:\Windows\System32\swprv.dll
    04:02:07.0433 0540 swprv - ok
    04:02:07.0464 0540 Synth3dVsc - ok
    04:02:07.0558 0540 SysMain (36650d618ca34c9d357dfd3d89b2c56f) C:\Windows\system32\sysmain.dll
    04:02:07.0604 0540 SysMain - ok
    04:02:07.0636 0540 TabletInputService (763fecdc3d30c815fe72dd57936c6cd1) C:\Windows\System32\TabSvc.dll
    04:02:07.0667 0540 TabletInputService - ok
    04:02:07.0714 0540 TapiSrv (613bf4820361543956909043a265c6ac) C:\Windows\System32\tapisrv.dll
    04:02:07.0745 0540 TapiSrv - ok
    04:02:07.0760 0540 TBS (b799d9fdb26111737f58288d8dc172d9) C:\Windows\System32\tbssvc.dll
    04:02:07.0792 0540 TBS - ok
    04:02:07.0916 0540 Tcpip (7fa2e0f8b072bd04b77b421480b6cc22) C:\Windows\system32\drivers\tcpip.sys
    04:02:07.0948 0540 Tcpip - ok
    04:02:07.0979 0540 TCPIP6 (7fa2e0f8b072bd04b77b421480b6cc22) C:\Windows\system32\DRIVERS\tcpip.sys
    04:02:08.0010 0540 TCPIP6 - ok
    04:02:08.0041 0540 tcpipreg (cca24162e055c3714ce5a88b100c64ed) C:\Windows\system32\drivers\tcpipreg.sys
    04:02:08.0088 0540 tcpipreg - ok
    04:02:08.0119 0540 TDPIPE (1cb91b2bd8f6dd367dfc2ef26fd751b2) C:\Windows\system32\drivers\tdpipe.sys
    04:02:08.0150 0540 TDPIPE - ok
    04:02:08.0182 0540 TDTCP (2c2c5afe7ee4f620d69c23c0617651a8) C:\Windows\system32\drivers\tdtcp.sys
    04:02:08.0213 0540 TDTCP - ok
    04:02:08.0228 0540 tdx (b459575348c20e8121d6039da063c704) C:\Windows\system32\DRIVERS\tdx.sys
    04:02:08.0260 0540 tdx - ok
    04:02:08.0369 0540 TermDD (04dbf4b01ea4bf25a9a3e84affac9b20) C:\Windows\system32\drivers\termdd.sys
    04:02:08.0384 0540 TermDD - ok
    04:02:08.0447 0540 TermService (382c804c92811be57829d8e550a900e2) C:\Windows\System32\termsrv.dll
    04:02:08.0478 0540 TermService - ok
    04:02:08.0494 0540 Themes (42fb6afd6b79d9fe07381609172e7ca4) C:\Windows\system32\themeservice.dll
    04:02:08.0509 0540 Themes - ok
    04:02:08.0540 0540 THREADORDER (146b6f43a673379a3c670e86d89be5ea) C:\Windows\system32\mmcss.dll
    04:02:08.0572 0540 THREADORDER - ok
    04:02:08.0618 0540 TrkWks (4792c0378db99a9bc2ae2de6cfff0c3a) C:\Windows\System32\trkwks.dll
    04:02:08.0665 0540 TrkWks - ok
    04:02:08.0712 0540 TrustedInstaller (2c49b175aee1d4364b91b531417fe583) C:\Windows\servicing\TrustedInstaller.exe
    04:02:08.0743 0540 TrustedInstaller - ok
    04:02:08.0774 0540 tssecsrv (254bb140eee3c59d6114c1a86b636877) C:\Windows\system32\DRIVERS\tssecsrv.sys
    04:02:08.0790 0540 tssecsrv - ok
    04:02:08.0806 0540 TsUsbFlt (fd1d6c73e6333be727cbcc6054247654) C:\Windows\system32\drivers\tsusbflt.sys
    04:02:08.0821 0540 TsUsbFlt - ok
    04:02:08.0821 0540 tsusbhub - ok
    04:02:08.0915 0540 tunnel (b2fa25d9b17a68bb93d58b0556e8c90d) C:\Windows\system32\DRIVERS\tunnel.sys
    04:02:08.0946 0540 tunnel - ok
    04:02:08.0977 0540 uagp35 (750fbcb269f4d7dd2e420c56b795db6d) C:\Windows\system32\DRIVERS\uagp35.sys
    04:02:08.0993 0540 uagp35 - ok
    04:02:09.0040 0540 udfs (ee43346c7e4b5e63e54f927babbb32ff) C:\Windows\system32\DRIVERS\udfs.sys
    04:02:09.0071 0540 udfs - ok
    04:02:09.0102 0540 UI0Detect (8344fd4fce927880aa1aa7681d4927e5) C:\Windows\system32\UI0Detect.exe
    04:02:09.0118 0540 UI0Detect - ok
    04:02:09.0180 0540 uliagpkx (44e8048ace47befbfdc2e9be4cbc8880) C:\Windows\system32\drivers\uliagpkx.sys
    04:02:09.0196 0540 uliagpkx - ok
    04:02:09.0227 0540 umbus (d295bed4b898f0fd999fcfa9b32b071b) C:\Windows\system32\DRIVERS\umbus.sys
    04:02:09.0242 0540 umbus - ok
    04:02:09.0274 0540 UmPass (7550ad0c6998ba1cb4843e920ee0feac) C:\Windows\system32\DRIVERS\umpass.sys
    04:02:09.0289 0540 UmPass - ok
    04:02:09.0352 0540 UmRdpService (409994a8eaceee4e328749c0353527a0) C:\Windows\System32\umrdp.dll
    04:02:09.0383 0540 UmRdpService - ok
    04:02:09.0617 0540 UMVPFSrv (67a95b9d129ed5399e7965cd09cf30e7) C:\Program Files\Common Files\logishrd\LVMVFM\UMVPFSrv.exe
    04:02:09.0632 0540 UMVPFSrv - ok
    04:02:09.0679 0540 upnphost (833fbb672460efce8011d262175fad33) C:\Windows\System32\upnphost.dll
    04:02:09.0710 0540 upnphost - ok
    04:02:09.0773 0540 USBAAPL (eafe1e00739afe6c51487a050e772e17) C:\Windows\system32\Drivers\usbaapl.sys
    04:02:09.0804 0540 USBAAPL - ok
    04:02:09.0851 0540 usbaudio (1d9f2bd026e8e2d45033a4df3f16b78c) C:\Windows\system32\drivers\usbaudio.sys
    04:02:09.0866 0540 usbaudio - ok
    04:02:09.0882 0540 usbccgp (bd9c55d7023c5de374507acc7a14e2ac) C:\Windows\system32\DRIVERS\usbccgp.sys
    04:02:09.0898 0540 usbccgp - ok
    04:02:09.0944 0540 usbcir (04ec7cec62ec3b6d9354eee93327fc82) C:\Windows\system32\drivers\usbcir.sys
    04:02:09.0960 0540 usbcir - ok
    04:02:09.0991 0540 usbehci (f92de757e4b7ce9c07c5e65423f3ae3b) C:\Windows\system32\DRIVERS\usbehci.sys
    04:02:10.0007 0540 usbehci - ok
    04:02:10.0054 0540 usbhub (8dc94aec6a7e644a06135ae7506dc2e9) C:\Windows\system32\DRIVERS\usbhub.sys
    04:02:10.0069 0540 usbhub - ok
    04:02:10.0085 0540 usbohci (e185d44fac515a18d9deddc23c2cdf44) C:\Windows\system32\drivers\usbohci.sys
    04:02:10.0116 0540 usbohci - ok
    04:02:10.0147 0540 usbprint (797d862fe0875e75c7cc4c1ad7b30252) C:\Windows\system32\DRIVERS\usbprint.sys
    04:02:10.0163 0540 usbprint - ok
    04:02:10.0178 0540 USBSTOR (f991ab9cc6b908db552166768176896a) C:\Windows\system32\DRIVERS\USBSTOR.SYS
    04:02:10.0194 0540 USBSTOR - ok
    04:02:10.0210 0540 usbuhci (68df884cf41cdada664beb01daf67e3d) C:\Windows\system32\DRIVERS\usbuhci.sys
    04:02:10.0225 0540 usbuhci - ok
    04:02:10.0241 0540 UxSms (081e6e1c91aec36758902a9f727cd23c) C:\Windows\System32\uxsms.dll
    04:02:10.0272 0540 UxSms - ok
    04:02:10.0288 0540 VaultSvc (81951f51e318aecc2d68559e47485cc4) C:\Windows\system32\lsass.exe
    04:02:10.0303 0540 VaultSvc - ok
    04:02:10.0334 0540 vdrvroot (a059c4c3edb09e07d21a8e5c0aabd3cb) C:\Windows\system32\drivers\vdrvroot.sys
    04:02:10.0350 0540 vdrvroot - ok
    04:02:10.0428 0540 vds (c3cd30495687c2a2f66a65ca6fd89be9) C:\Windows\System32\vds.exe
    04:02:10.0475 0540 vds - ok
    04:02:10.0475 0540 vga (17c408214ea61696cec9c66e388b14f3) C:\Windows\system32\DRIVERS\vgapnp.sys
    04:02:10.0506 0540 vga - ok
    04:02:10.0522 0540 VgaSave (8e38096ad5c8570a6f1570a61e251561) C:\Windows\System32\drivers\vga.sys
    04:02:10.0553 0540 VgaSave - ok
    04:02:10.0553 0540 VGPU - ok
    04:02:10.0584 0540 vhdmp (5461686cca2fda57b024547733ab42e3) C:\Windows\system32\drivers\vhdmp.sys
    04:02:10.0600 0540 vhdmp - ok
    04:02:10.0646 0540 viaagp (c829317a37b4bea8f39735d4b076e923) C:\Windows\system32\drivers\viaagp.sys
    04:02:10.0662 0540 viaagp - ok
    04:02:10.0693 0540 ViaC7 (e02f079a6aa107f06b16549c6e5c7b74) C:\Windows\system32\DRIVERS\viac7.sys
    04:02:10.0709 0540 ViaC7 - ok
    04:02:10.0740 0540 viaide (e43574f6a56a0ee11809b48c09e4fd3c) C:\Windows\system32\drivers\viaide.sys
    04:02:10.0756 0540 viaide - ok
    04:02:10.0787 0540 vmbus (c2f2911156fdc7817c52829c86da494e) C:\Windows\system32\drivers\vmbus.sys
    04:02:10.0802 0540 vmbus - ok
    04:02:10.0818 0540 VMBusHID (d4d77455211e204f370d08f4963063ce) C:\Windows\system32\drivers\VMBusHID.sys
    04:02:10.0834 0540 VMBusHID - ok
    04:02:10.0865 0540 volmgr (4c63e00f2f4b5f86ab48a58cd990f212) C:\Windows\system32\drivers\volmgr.sys
    04:02:10.0880 0540 volmgr - ok
    04:02:10.0896 0540 volmgrx (b5bb72067ddddbbfb04b2f89ff8c3c87) C:\Windows\system32\drivers\volmgrx.sys
    04:02:10.0912 0540 volmgrx - ok
    04:02:10.0958 0540 volsnap (f497f67932c6fa693d7de2780631cfe7) C:\Windows\system32\drivers\volsnap.sys
    04:02:10.0974 0540 volsnap - ok
    04:02:11.0005 0540 vsmraid (9dfa0cc2f8855a04816729651175b631) C:\Windows\system32\DRIVERS\vsmraid.sys
    04:02:11.0021 0540 vsmraid - ok
    04:02:11.0099 0540 VSS (209a3b1901b83aeb8527ed211cce9e4c) C:\Windows\system32\vssvc.exe
    04:02:11.0146 0540 VSS - ok
    04:02:11.0161 0540 vwifibus (90567b1e658001e79d7c8bbd3dde5aa6) C:\Windows\system32\DRIVERS\vwifibus.sys
    04:02:11.0192 0540 vwifibus - ok
    04:02:11.0239 0540 vwififlt (7090d3436eeb4e7da3373090a23448f7) C:\Windows\system32\DRIVERS\vwififlt.sys
    04:02:11.0255 0540 vwififlt - ok
    04:02:11.0333 0540 W32Time (55187fd710e27d5095d10a472c8baf1c) C:\Windows\system32\w32time.dll
    04:02:11.0364 0540 W32Time - ok
    04:02:11.0364 0540 WacomPen (de3721e89c653aa281428c8a69745d90) C:\Windows\system32\DRIVERS\wacompen.sys
    04:02:11.0395 0540 WacomPen - ok
    04:02:11.0458 0540 WANARP (3c3c78515f5ab448b022bdf5b8ffdd2e) C:\Windows\system32\DRIVERS\wanarp.sys
    04:02:11.0489 0540 WANARP - ok
    04:02:11.0504 0540 Wanarpv6 (3c3c78515f5ab448b022bdf5b8ffdd2e) C:\Windows\system32\DRIVERS\wanarp.sys
    04:02:11.0520 0540 Wanarpv6 - ok
    04:02:11.0551 0540 wanatw (0a716c08cb13c3a8f4f51e882dbf7416) C:\Windows\system32\DRIVERS\wanatw4.sys
    04:02:11.0582 0540 wanatw - ok
    04:02:11.0707 0540 WatAdminSvc (353a04c273ec58475d8633e75ccd5604) C:\Windows\system32\Wat\WatAdminSvc.exe
    04:02:11.0754 0540 WatAdminSvc - ok
    04:02:11.0848 0540 wbengine (691e3285e53dca558e1a84667f13e15a) C:\Windows\system32\wbengine.exe
    04:02:11.0910 0540 wbengine - ok
    04:02:11.0926 0540 WbioSrvc (9614b5d29dc76ac3c29f6d2d3aa70e67) C:\Windows\System32\wbiosrvc.dll
    04:02:11.0941 0540 WbioSrvc - ok
    04:02:12.0004 0540 wcncsvc (34eee0dfaadb4f691d6d5308a51315dc) C:\Windows\System32\wcncsvc.dll
    04:02:12.0035 0540 wcncsvc - ok
    04:02:12.0050 0540 WcsPlugInService (5d930b6357a6d2af4d7653bdabbf352f) C:\Windows\System32\WcsPlugInService.dll
    04:02:12.0097 0540 WcsPlugInService - ok
    04:02:12.0160 0540 Wd (1112a9badacb47b7c0bb0392e3158dff) C:\Windows\system32\DRIVERS\wd.sys
    04:02:12.0175 0540 Wd - ok
    04:02:12.0238 0540 WDC_SAM (d6efaf429fd30c5df613d220e344cce7) C:\Windows\system32\DRIVERS\wdcsam.sys
    04:02:12.0269 0540 WDC_SAM - ok
    04:02:12.0316 0540 Wdf01000 (9950e3d0f08141c7e89e64456ae7dc73) C:\Windows\system32\drivers\Wdf01000.sys
    04:02:12.0331 0540 Wdf01000 - ok
    04:02:12.0362 0540 WdiServiceHost (46ef9dc96265fd0b423db72e7c38c2a5) C:\Windows\system32\wdi.dll
    04:02:12.0409 0540 WdiServiceHost - ok
    04:02:12.0409 0540 WdiSystemHost (46ef9dc96265fd0b423db72e7c38c2a5) C:\Windows\system32\wdi.dll
    04:02:12.0425 0540 WdiSystemHost - ok
    04:02:12.0456 0540 WebClient (a9d880f97530d5b8fee278923349929d) C:\Windows\System32\webclnt.dll
    04:02:12.0487 0540 WebClient - ok
    04:02:12.0518 0540 Wecsvc (760f0afe937a77cff27153206534f275) C:\Windows\system32\wecsvc.dll
    04:02:12.0534 0540 Wecsvc - ok
    04:02:12.0550 0540 wercplsupport (ac804569bb2364fb6017370258a4091b) C:\Windows\System32\wercplsupport.dll
    04:02:12.0581 0540 wercplsupport - ok
    04:02:12.0643 0540 WerSvc (08e420d873e4fd85241ee2421b02c4a4) C:\Windows\System32\WerSvc.dll
    04:02:12.0674 0540 WerSvc - ok
    04:02:12.0721 0540 WfpLwf (8b9a943f3b53861f2bfaf6c186168f79) C:\Windows\system32\DRIVERS\wfplwf.sys
    04:02:12.0752 0540 WfpLwf - ok
    04:02:12.0768 0540 WIMMount (5cf95b35e59e2a38023836fff31be64c) C:\Windows\system32\drivers\wimmount.sys
    04:02:12.0784 0540 WIMMount - ok
    04:02:12.0908 0540 WinDefend (3fae8f94296001c32eab62cd7d82e0fd) C:\Program Files\Windows Defender\mpsvc.dll
    04:02:12.0940 0540 WinDefend - ok
    04:02:12.0955 0540 WinHttpAutoProxySvc - ok
    04:02:13.0018 0540 Winmgmt (f62e510b6ad4c21eb9fe8668ed251826) C:\Windows\system32\wbem\WMIsvc.dll
    04:02:13.0049 0540 Winmgmt - ok
    04:02:13.0142 0540 WinRM (1b91cd34ea3a90ab6a4ef0550174f4cc) C:\Windows\system32\WsmSvc.dll
    04:02:13.0267 0540 WinRM - ok
    04:02:13.0439 0540 WinUsb (a67e5f9a400f3bd1be3d80613b45f708) C:\Windows\system32\DRIVERS\WinUsb.sys
    04:02:13.0454 0540 WinUsb - ok
    04:02:13.0517 0540 Wlansvc (16935c98ff639d185086a3529b1f2067) C:\Windows\System32\wlansvc.dll
    04:02:13.0548 0540 Wlansvc - ok
    04:02:13.0657 0540 wlcrasvc (6067acef367e79914af628fa1e9b5330) C:\Program Files\Windows Live\Mesh\wlcrasvc.exe
    04:02:13.0673 0540 wlcrasvc - ok
    04:02:13.0813 0540 wlidsvc (fb01d4ae207b9efdbabfc55dc95c7e31) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
    04:02:13.0891 0540 wlidsvc - ok
    04:02:14.0016 0540 WmiAcpi (0217679b8fca58714c3bf2726d2ca84e) C:\Windows\system32\drivers\wmiacpi.sys
    04:02:14.0032 0540 WmiAcpi - ok
    04:02:14.0110 0540 wmiApSrv (6eb6b66517b048d87dc1856ddf1f4c3f) C:\Windows\system32\wbem\WmiApSrv.exe
    04:02:14.0125 0540 wmiApSrv - ok
    04:02:14.0266 0540 WMPNetworkSvc (3b40d3a61aa8c21b88ae57c58ab3122e) C:\Program Files\Windows Media Player\wmpnetwk.exe
    04:02:14.0359 0540 WMPNetworkSvc - ok
    04:02:14.0375 0540 WNDA3100 - ok
    04:02:14.0406 0540 WPCSvc (a2f0ec770a92f2b3f9de6d518e11409c) C:\Windows\System32\wpcsvc.dll
    04:02:14.0437 0540 WPCSvc - ok
    04:02:14.0468 0540 WPDBusEnum (aa53356d60af47eacc85bc617a4f3f66) C:\Windows\system32\wpdbusenum.dll
    04:02:14.0515 0540 WPDBusEnum - ok
    04:02:14.0562 0540 ws2ifsl (6db3276587b853bf886b69528fdb048c) C:\Windows\system32\drivers\ws2ifsl.sys
    04:02:14.0609 0540 ws2ifsl - ok
    04:02:14.0624 0540 wscsvc (6f5d49efe0e7164e03ae773a3fe25340) C:\Windows\system32\wscsvc.dll
    04:02:14.0640 0540 wscsvc - ok
    04:02:14.0687 0540 WSDPrintDevice (553f6ccd7c58eb98d4a8fbdaf283d7a9) C:\Windows\system32\DRIVERS\WSDPrint.sys
    04:02:14.0702 0540 WSDPrintDevice - ok
    04:02:14.0702 0540 WSearch - ok
    04:02:14.0858 0540 wuauserv (fc3ec24fce372c89423e015a2ac1a31e) C:\Windows\system32\wuaueng.dll
    04:02:14.0905 0540 wuauserv - ok
    04:02:15.0030 0540 WudfPf (e714a1c0354636837e20ccbf00888ee7) C:\Windows\system32\drivers\WudfPf.sys
    04:02:15.0061 0540 WudfPf - ok
    04:02:15.0124 0540 WUDFRd (1023ee888c9b47178c5293ed5336ab69) C:\Windows\system32\DRIVERS\WUDFRd.sys
    04:02:15.0155 0540 WUDFRd - ok
    04:02:15.0170 0540 wudfsvc (8d1e1e529a2c9e9b6a85b55a345f7629) C:\Windows\System32\WUDFSvc.dll
    04:02:15.0202 0540 wudfsvc - ok
    04:02:15.0217 0540 WwanSvc (ff2d745b560f7c71b31f30f4d49f73d2) C:\Windows\System32\wwansvc.dll
    04:02:15.0248 0540 WwanSvc - ok
    04:02:15.0311 0540 yukonw7 (b07c5b7efdf936ff93d4f540938725be) C:\Windows\system32\DRIVERS\yk62x86.sys
    04:02:15.0326 0540 yukonw7 - ok
    04:02:15.0560 0540 ZeroConfigService (fafc9563c64cd7997e7382d2bc30c76c) C:\Program Files\Intel\WiFi\bin\ZeroConfigService.exe
    04:02:15.0607 0540 ZeroConfigService - ok
    04:02:15.0716 0540 MBR (0x1B8) (a36c5e4f47e84449ff07ed3517b43a31) \Device\Harddisk1\DR1
    04:02:16.0122 0540 \Device\Harddisk1\DR1 - ok
    04:02:16.0465 0540 MBR (0x1B8) (a36c5e4f47e84449ff07ed3517b43a31) \Device\Harddisk0\DR0
    04:02:16.0871 0540 \Device\Harddisk0\DR0 - ok
    04:02:16.0871 0540 Boot (0x1200) (326764a9f1d0884f3842285042957ea4) \Device\Harddisk1\DR1\Partition0
    04:02:16.0871 0540 \Device\Harddisk1\DR1\Partition0 - ok
    04:02:16.0902 0540 Boot (0x1200) (07bb3b29bbecf12950cc14d425d494df) \Device\Harddisk1\DR1\Partition1
    04:02:16.0902 0540 \Device\Harddisk1\DR1\Partition1 - ok
    04:02:16.0902 0540 Boot (0x1200) (96bb0fc3cdacb77d251e827cd7d4c396) \Device\Harddisk0\DR0\Partition0
    04:02:16.0902 0540 \Device\Harddisk0\DR0\Partition0 - ok
    04:02:16.0902 0540 ============================================================
    04:02:16.0902 0540 Scan finished
    04:02:16.0902 0540 ============================================================
    04:02:16.0918 4952 Detected object count: 1
    04:02:16.0918 4952 Actual detected object count: 1
    04:03:08.0054 4952 sptd ( LockedFile.Multi.Generic ) - skipped by user
    04:03:08.0054 4952 sptd ( LockedFile.Multi.Generic ) - User select action: Skip
     
  5. Mark1956

    Mark1956 Malware Specialist

    Joined:
    May 7, 2011
    Messages:
    14,142
    That log is clean which I did not expect, lets try a full system scan with Malwarebytes which I see you already have on your system.

    Please run Malwarebytes and post the log as follows:
    • Open Malwarebytes and allow it to update with the latest definitions, then run a Full Scan.
    • When finished, a message box will say "The scan completed successfully. Click Show Results to display all objects found".
    • Click OK to close the message box, then click the Show Results button to see a list of any malware that was found.
    • Make sure that everything is checked and then click Remove Selected.
    • When removal is completed, a log report will open in Notepad.
    • The log is automatically saved and can be viewed by clicking the Logs tab .
    • Copy and paste the contents of that report in your next reply. Be sure to post the complete log to include the top portion which shows the database version and your operating system.
    • Exit Malwarebytes when done.
    If Malwarebytes encounters a file that is difficult to remove, you will be asked to reboot your computer so it can proceed with the disinfection process. If asked to restart the computer, please do so immediately. Failure to reboot normally will prevent Malwarebytes from removing all the malware.
     
  6. WasntMe

    WasntMe Thread Starter

    Joined:
    Feb 28, 2009
    Messages:
    9
    ok Mark
    Here is the malwarebytes log. I checked remove selected and restarted to complete the removal.


    Malwarebytes Anti-Malware 1.62.0.1300
    www.malwarebytes.org

    Database version: v2012.08.07.05

    Windows 7 Service Pack 1 x86 NTFS
    Internet Explorer 9.0.8112.16421
    wasntme :: WASNTME-PC [administrator]

    8/7/2012 8:32:46 AM
    mbam-log-2012-08-07 (08-32-46).txt

    Scan type: Full scan (C:\|)
    Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
    Scan options disabled: P2P
    Objects scanned: 317685
    Time elapsed: 1 hour(s), 6 minute(s), 42 second(s)

    Memory Processes Detected: 0
    (No malicious items detected)

    Memory Modules Detected: 0
    (No malicious items detected)

    Registry Keys Detected: 0
    (No malicious items detected)

    Registry Values Detected: 0
    (No malicious items detected)

    Registry Data Items Detected: 0
    (No malicious items detected)

    Folders Detected: 0
    (No malicious items detected)

    Files Detected: 2
    C:\ProgramData\Microsoft\Windows\DRM\B9FB.tmp (Rootkit.TDSS.EXPD1) -> Quarantined and deleted successfully.
    C:\Users\wasntme\AppData\Roaming\Thinstall\Inside Out Intermediate\40000024600002i\MoorhuhnPiraten.exe (Trojan.IRCBot) -> Quarantined and deleted successfully.

    (end)


    Thanks again
    Rob
     
  7. Mark1956

    Mark1956 Malware Specialist

    Joined:
    May 7, 2011
    Messages:
    14,142
    Looks like Malwarebytes has found the problem. This is a nasty virus and to be on the safe side you should change your passwords for any financial institutions that you log into with this PC on a clean machine and do not use this PC to log into them again until we can be sure it is clean.

    Please now reboot the PC, if you have not done so already, and run Malwarebytes again and post the log.
     
  8. WasntMe

    WasntMe Thread Starter

    Joined:
    Feb 28, 2009
    Messages:
    9
    Here ya go mark
    and thanks again for all your help

    Malwarebytes Anti-Malware 1.62.0.1300
    www.malwarebytes.org

    Database version: v2012.08.09.02

    Windows 7 Service Pack 1 x86 NTFS
    Internet Explorer 9.0.8112.16421
    wasntme :: WASNTME-PC [administrator]

    8/8/2012 10:00:29 PM
    mbam-log-2012-08-08 (22-00-29).txt

    Scan type: Full scan (C:\|)
    Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
    Scan options disabled: P2P
    Objects scanned: 320071
    Time elapsed: 59 minute(s), 32 second(s)

    Memory Processes Detected: 0
    (No malicious items detected)

    Memory Modules Detected: 0
    (No malicious items detected)

    Registry Keys Detected: 0
    (No malicious items detected)

    Registry Values Detected: 0
    (No malicious items detected)

    Registry Data Items Detected: 0
    (No malicious items detected)

    Folders Detected: 0
    (No malicious items detected)

    Files Detected: 0
    (No malicious items detected)

    (end)
     
  9. Mark1956

    Mark1956 Malware Specialist

    Joined:
    May 7, 2011
    Messages:
    14,142
    So far so good, now please run Combofix as follows. Also please run the Security Check.

    STEP 1
    NOTE: If you have already used Combofix please delete the icon from your desktop.
    • Please download DeFogger and save it to your desktop.
    • Once downloaded, double-click on the DeFogger icon to start the tool.
    • The application window will appear.
    • You should now click on the Disable button to disable your CD Emulation drivers.
    • When it prompts you whether or not you want to continue, please click on the Yes button to continue.
    • When the program has completed you will see a Finished! message. Click on the OK button to exit the program.
    • If CD Emulation programs are present and have been disabled, DeFogger will now ask you to reboot the machine. Please allow it to do so by clicking on the OK button.
    STEP 2
    Please download ComboFix [​IMG] from one of the locations below and save it to your Desktop. <-Important!!!
    Be sure to print out and follow these instructions: A guide and tutorial on using ComboFix
    Vista/Windows 7 users can skip the Recovery Console instructions and use the Windows DVD to boot into the Vista Recovery Environment or Windows 7 System Recovery Options if something goes awry. If you do not have a Windows 7 DVD then please create a Windows 7 Repair Disc. XP users need to install the Recovery Console first.
    • Temporarily disable your anti-virus, script blocking and any anti-malware real-time protection before performing a scan. They can interfere with ComboFix or remove some of its embedded files which may cause "unpredictable results". Click this link to see a list of such programs and how to disable them.
    • If ComboFix detects an older version of itself, you will be asked to update the program.
    • ComboFix will begin by showing a Disclaimer. Read it and click I Agree if you want to continue.
    • Follow the prompts and click on Yes to continue scanning for malware.
    • If using Windows 7 or Vista and you receive a UAC prompt asking if you want to continue running the program, you should press the Continue button.
    • When finished, please copy and paste the contents of C:\ComboFix.txt (which will open after reboot) in your next reply.
    • Be sure to re-enable your anti-virus and other security programs.
    -- Do not touch your mouse/keyboard until the ComboFix scan has completed, as this may cause the process to stall or the computer to lock.
    -- ComboFix will temporarily disable your desktop, and if interrupted may leave it disabled. If this occurs, please reboot to restore it.
    -- ComboFix disables autorun of all CD, floppy and USB devices to assist with malware removal and increase security.

    If you no longer have access to your Internet connection after running ComboFix, please reboot to restore it. If that does not restore the connection, then follow the instructions for Manually restoring the Internet connection provided in the "How to Guide" you printed out earlier.
    _____________________________________________________________

    Download Security Check by screen317 from Here or Here.
    Save it to your Desktop.
    Double click SecurityCheck.exe (Vista or Windows 7 users right click and select "Run as Administrator") and follow the onscreen instructions inside of the black box. Press any key when asked.
    A Notepad document should open automatically called checkup.txt; please post the contents of that document.
     
  10. WasntMe

    WasntMe Thread Starter

    Joined:
    Feb 28, 2009
    Messages:
    9
    here ya go Mark
    Sorry for the delayed response. Work has been swamping me lately.
    anyways here is the combo fix and security check logs

    ComboFix 12-08-09.01 - wasntme 08/10/2012 20:37:01.2.2 - x86
    Microsoft Windows 7 Ultimate 6.1.7601.1.1252.1.1033.18.2046.1261 [GMT -7:00]
    Running from: c:\users\wasntme\Desktop\ComboFix.exe
    AV: ESET NOD32 Antivirus 4.0 *Disabled/Updated* {CB0F8167-5331-BA19-698E-64816B6801A5}
    SP: ESET NOD32 Antivirus 4.0 *Disabled/Updated* {706E6083-750B-B597-533E-5FF310EF4B18}
    SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
    .
    .
    ((((((((((((((((((((((((( Files Created from 2012-07-11 to 2012-08-11 )))))))))))))))))))))))))))))))
    .
    .
    2012-08-11 03:47 . 2012-08-11 03:47 -------- d-----w- c:\users\Default\AppData\Local\temp
    2012-08-07 06:49 . 2012-08-07 07:15 -------- d-----w- C:\TDSSKiller_Quarantine
    2012-08-04 20:14 . 2012-08-04 20:14 388096 ----a-r- c:\users\wasntme\AppData\Roaming\Microsoft\Installer\{45A66726-69BC-466B-A7A4-12FCBA4883D7}\HiJackThis.exe
    2012-08-04 20:14 . 2012-08-04 20:14 -------- d-----w- c:\program files\Trend Micro
    2012-08-03 02:59 . 2012-08-03 02:59 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
    2012-08-03 02:59 . 2012-07-03 20:46 22344 ----a-w- c:\windows\system32\drivers\mbam.sys
    2012-08-03 02:01 . 2012-08-03 02:01 -------- d-----w- c:\users\wasntme\AppData\Roaming\Malwarebytes
    2012-08-03 02:01 . 2012-08-03 02:01 -------- d-----w- c:\programdata\Malwarebytes
    2012-08-01 01:48 . 2012-08-01 01:48 -------- d-----w- c:\program files\Hewlett-Packard
    2012-08-01 01:47 . 2011-09-09 22:53 544616 ------w- c:\windows\system32\HPDiscoPM5912.dll
    2012-08-01 01:47 . 2012-08-01 01:47 -------- d-----w- c:\programdata\HP
    2012-08-01 01:47 . 2012-08-01 01:48 -------- d-----w- c:\program files\HP
    2012-08-01 01:45 . 2012-08-01 01:50 -------- d-----w- c:\users\wasntme\AppData\Local\HP
    2012-07-17 09:06 . 2012-05-04 09:59 514560 ----a-w- c:\windows\system32\qdvd.dll
    2012-07-12 04:06 . 2012-06-12 02:40 2345984 ----a-w- c:\windows\system32\win32k.sys
    .
    .
    .
    (((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
    .
    2012-08-07 15:20 . 2012-04-16 07:40 426184 ----a-w- c:\windows\system32\FlashPlayerApp.exe
    2012-08-07 15:20 . 2011-12-23 23:31 70344 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
    2012-06-06 05:05 . 2012-07-11 06:37 1390080 ----a-w- c:\windows\system32\msxml6.dll
    2012-06-06 05:05 . 2012-07-11 06:37 1236992 ----a-w- c:\windows\system32\msxml3.dll
    2012-06-06 05:03 . 2012-07-11 06:37 805376 ----a-w- c:\windows\system32\cdosys.dll
    2012-06-02 22:19 . 2012-06-26 18:50 171904 ----a-w- c:\windows\system32\wuwebv.dll
    2012-06-02 22:19 . 2012-06-26 18:51 53784 ----a-w- c:\windows\system32\wuauclt.exe
    2012-06-02 22:19 . 2012-06-26 18:51 45080 ----a-w- c:\windows\system32\wups2.dll
    2012-06-02 22:19 . 2012-06-26 18:51 35864 ----a-w- c:\windows\system32\wups.dll
    2012-06-02 22:19 . 2012-06-26 18:51 577048 ----a-w- c:\windows\system32\wuapi.dll
    2012-06-02 22:19 . 2012-06-26 18:51 1933848 ----a-w- c:\windows\system32\wuaueng.dll
    2012-06-02 22:12 . 2012-06-26 18:51 2422272 ----a-w- c:\windows\system32\wucltux.dll
    2012-06-02 22:12 . 2012-06-26 18:50 33792 ----a-w- c:\windows\system32\wuapp.exe
    2012-06-02 22:12 . 2012-06-26 18:51 88576 ----a-w- c:\windows\system32\wudriver.dll
    2012-06-02 04:45 . 2012-07-11 06:37 67440 ----a-w- c:\windows\system32\drivers\ksecdd.sys
    2012-06-02 04:45 . 2012-07-11 06:37 134000 ----a-w- c:\windows\system32\drivers\ksecpkg.sys
    2012-06-02 04:40 . 2012-07-11 06:37 369336 ----a-w- c:\windows\system32\drivers\cng.sys
    2012-06-02 04:40 . 2012-07-11 06:37 225280 ----a-w- c:\windows\system32\schannel.dll
    2012-06-02 04:39 . 2012-07-11 06:37 219136 ----a-w- c:\windows\system32\ncrypt.dll
    2012-05-31 19:25 . 2011-12-23 20:49 237072 ------w- c:\windows\system32\MpSigStub.exe
    2012-07-18 07:29 . 2011-12-23 20:51 136672 ----a-w- c:\program files\mozilla firefox\components\browsercomps.dll
    .
    .
    ------- Sigcheck -------
    Note: Unsigned files aren't necessarily malware.
    .
    [-] 2012-01-25 . 7BD7F45FF37FA0669CD32CA0EF46E22C . 811520 . . [6.1.7601.17514] . . c:\windows\System32\user32.dll
    [7] 2010-11-20 . F1DD3ACAEE5E6B4BBC69BC6DF75CEF66 . 811520 . . [6.1.7601.17514] . . c:\windows\winsxs\x86_microsoft-windows-user32_31bf3856ad364e35_6.1.7601.17514_none_cf3fd62ccb9e983d\user32.dll
    [7] 2009-07-14 . 34B7E222E81FAFA885F0C5F2CFA56861 . 811520 . . [6.1.7600.16385] . . c:\windows\winsxs\x86_microsoft-windows-user32_31bf3856ad364e35_6.1.7600.16385_none_cd0ec264ceb014a3\user32.dll
    .
    ((((((((((((((((((((((((((((( SnapShot@2012-08-07_07.37.35 )))))))))))))))))))))))))))))))))))))))))
    .
    + 2011-12-23 23:13 . 2012-08-10 04:04 32628 c:\windows\System32\wdi\ShutdownPerformanceDiagnostics_SystemData.bin
    + 2009-07-14 04:55 . 2012-08-11 03:32 43524 c:\windows\System32\wdi\BootPerformanceDiagnostics_SystemData.bin
    + 2011-12-23 23:05 . 2012-08-11 03:32 11608 c:\windows\System32\wdi\{86432a0b-3c7d-4ddf-a89c-172faa90485d}\S-1-5-21-3190065716-4020189722-302772351-1000_UserData.bin
    - 2009-07-14 04:50 . 2012-08-01 01:47 86016 c:\windows\System32\DriverStore\infpub.dat
    + 2009-07-14 04:50 . 2012-08-07 15:19 86016 c:\windows\System32\DriverStore\infpub.dat
    - 2012-08-07 06:50 . 2012-08-07 06:50 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive1.dat
    + 2012-08-10 04:00 . 2012-08-11 03:30 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive1.dat
    + 2012-08-10 04:00 . 2012-08-11 03:30 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat
    - 2012-08-07 06:50 . 2012-08-07 06:50 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat
    + 2011-12-24 06:54 . 2012-08-10 22:45 250936 c:\windows\System32\wdi\SuspendPerformanceDiagnostics_SystemData_S3.bin
    + 2012-08-07 15:20 . 2012-08-07 15:20 686792 c:\windows\System32\Macromed\Flash\FlashUtil32_11_3_300_268_Plugin.exe
    + 2012-04-16 07:40 . 2012-08-07 15:20 250056 c:\windows\System32\Macromed\Flash\FlashPlayerUpdateService.exe
    - 2009-07-14 04:50 . 2012-08-01 01:47 143360 c:\windows\System32\DriverStore\infstrng.dat
    + 2009-07-14 04:50 . 2012-08-07 15:19 143360 c:\windows\System32\DriverStore\infstrng.dat
    + 2009-07-14 04:50 . 2012-08-07 15:19 143360 c:\windows\System32\DriverStore\infstor.dat
    - 2009-07-14 04:50 . 2012-08-01 01:47 143360 c:\windows\System32\DriverStore\infstor.dat
    + 2011-12-23 20:18 . 2012-08-07 17:19 131072 c:\windows\System32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
    - 2011-12-23 20:18 . 2012-08-07 06:29 131072 c:\windows\System32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
    + 2009-07-14 04:47 . 2012-08-10 03:59 228720 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-System.dat
    - 2009-07-14 04:47 . 2012-08-07 06:49 228720 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-System.dat
    + 2012-08-07 15:20 . 2012-08-07 15:20 9465032 c:\windows\System32\Macromed\Flash\NPSWF32_11_3_300_268.dll
    + 2012-08-07 15:20 . 2012-08-07 15:20 1536712 c:\windows\System32\Macromed\Flash\FlashPlayerPlugin_11_3_300_268.exe
    + 2011-12-23 20:18 . 2012-08-07 17:19 2703360 c:\windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
    - 2011-12-23 20:18 . 2012-08-07 06:29 2703360 c:\windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
    - 2009-07-14 04:41 . 2012-08-07 06:29 6406144 c:\windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
    + 2009-07-14 04:41 . 2012-08-07 17:19 6406144 c:\windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
    - 2011-12-25 17:50 . 2012-08-03 07:24 1355747 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-S-1-5-21-3190065716-4020189722-302772351-1000-4096.dat
    + 2011-12-25 17:50 . 2012-08-10 03:59 1355747 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-S-1-5-21-3190065716-4020189722-302772351-1000-4096.dat
    - 2011-12-25 16:07 . 2012-07-29 21:22 1203744 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-S-1-5-21-3190065716-4020189722-302772351-1000-12288.dat
    + 2011-12-25 16:07 . 2012-08-07 21:01 1203744 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-S-1-5-21-3190065716-4020189722-302772351-1000-12288.dat
    + 2011-12-23 23:15 . 2012-08-10 03:59 12606152 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-S-1-5-21-3190065716-4020189722-302772351-1000-8192.dat
    .
    ((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
    .
    .
    *Note* empty entries & legit default entries are not shown
    REGEDIT4
    .
    [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "MobileDocuments"="c:\program files\Common Files\Apple\Internet Services\ubd.exe" [2012-02-23 59240]
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "AMD AVT"="start AMD Accelerated Video Transcoding device initialization" [X]
    "egui"="c:\program files\ESET\ESET NOD32 Antivirus\egui.exe" [2009-02-06 2021400]
    "APSDaemon"="c:\program files\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2012-05-31 59280]
    "QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2012-04-19 421888]
    "iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2012-06-08 421776]
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
    "ConsentPromptBehaviorAdmin"= 5 (0x5)
    "ConsentPromptBehaviorUser"= 3 (0x3)
    "EnableUIADesktopToggle"= 0 (0x0)
    .
    [HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
    Security Packages REG_MULTI_SZ kerberos msv1_0 schannel wdigest tspkg pku2u livessp
    .
    [HKLM\~\startupfolder\C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^NETGEAR WNDA3100 Smart Wizard.lnk]
    path=c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\NETGEAR WNDA3100 Smart Wizard.lnk
    backup=c:\windows\pss\NETGEAR WNDA3100 Smart Wizard.lnk.CommonStartup
    backupExtension=.CommonStartup
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe ARM]
    2012-01-03 07:37 843712 ----a-w- c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AOL Fast Start]
    2011-04-25 21:52 42320 ----a-w- c:\program files\AOL Desktop 9.6\aol.exe
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\APSDaemon]
    2012-05-31 03:06 59280 ----a-w- c:\program files\Common Files\Apple\Apple Application Support\APSDaemon.exe
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HostManager]
    2010-03-08 07:27 41800 ----a-w- c:\program files\Common Files\AOL\1325483727\ee\aolsoftware.exe
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper]
    2012-06-08 02:33 421776 ----a-w- c:\program files\iTunes\iTunesHelper.exe
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LWS]
    2011-11-11 22:08 205336 ----a-w- c:\program files\Logitech\LWS\Webcam Software\LWS.exe
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Messenger (Yahoo!)]
    2012-02-23 03:49 6591800 ----a-w- c:\progra~1\Yahoo!\MESSEN~1\YahooMessenger.exe
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\msnmsgr]
    2011-05-14 00:03 4283256 ----a-w- c:\program files\Windows Live\Messenger\msnmsgr.exe
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Skype]
    2011-10-13 19:55 19979400 ----a-r- c:\program files\Skype\Phone\Skype.exe
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\StartCCC]
    2012-04-06 08:24 641664 ----a-w- c:\program files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]
    2011-06-09 21:06 254696 ----a-w- c:\program files\Common Files\Java\Java Update\jusched.exe
    .
    R2 .EsetTrialReset;Eset Trial Reset;c:\windows\system32\regedt32.exe [x]
    R3 AdobeARMservice;Adobe Acrobat Update Service;c:\program files\Common Files\Adobe\ARM\1.0\armsvc.exe [x]
    R3 AMPPALP;Intel® Centrino® Wireless Bluetooth® + High Speed Protocol;c:\windows\system32\DRIVERS\amppal.sys [x]
    R3 MozillaMaintenance;Mozilla Maintenance Service;c:\program files\Mozilla Maintenance Service\maintenanceservice.exe [x]
    R3 Netaapl;Apple Mobile Device Ethernet Service;c:\windows\system32\DRIVERS\netaapl.sys [x]
    R3 netr73;RT73 USB Extensible Wireless LAN Card Driver;c:\windows\system32\DRIVERS\netr73.sys [x]
    R3 netw5v32;Intel(R) Wireless WiFi Link 5000 Series Adapter Driver for Windows Vista 32 Bit;c:\windows\system32\DRIVERS\netw5v32.sys [x]
    R3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;c:\windows\system32\drivers\rdpvideominiport.sys [x]
    R3 RecFltr;Reclusa Keyboard;c:\windows\system32\Drivers\RecFltr.sys [x]
    R3 rt70x86;Belkin Wireless G USB Network Adapter Driver for Vista;c:\windows\system32\DRIVERS\netr70.sys [x]
    R3 Synth3dVsc;Synth3dVsc;c:\windows\system32\drivers\synth3dvsc.sys [x]
    R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [x]
    R3 tsusbhub;tsusbhub;c:\windows\system32\drivers\tsusbhub.sys [x]
    R3 VGPU;VGPU;c:\windows\system32\drivers\rdvgkmd.sys [x]
    R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe [x]
    R3 WDC_SAM;WD SCSI Pass Thru driver;c:\windows\system32\DRIVERS\wdcsam.sys [x]
    R3 WNDA3100;NETGEAR WNDA3100 USB2.0 Wireless Card Service;c:\windows\system32\DRIVERS\WNDA31v.sys [x]
    R4 AMPPALR3;Intel® Centrino® Wireless Bluetooth® + High Speed Service;c:\program files\Intel\BluetoothHS\BTHSAmpPalService.exe [x]
    R4 BBSvc;Bing Bar Update Service;c:\program files\Microsoft\BingBar\BBSvc.EXE [x]
    R4 BTHSSecurityMgr;Intel(R) Centrino(R) Wireless Bluetooth(R) + High Speed Security Service;c:\program files\Intel\BluetoothHS\BTHSSecurityMgr.exe [x]
    R4 sptd;sptd;c:\windows\System32\Drivers\sptd.sys [x]
    R4 wlcrasvc;Windows Live Mesh remote connections service;c:\program files\Windows Live\Mesh\wlcrasvc.exe [x]
    S0 O2MDRDR;O2MDRDR;c:\windows\system32\DRIVERS\o2media.sys [x]
    S1 ehdrv;ehdrv;c:\windows\system32\DRIVERS\ehdrv.sys [x]
    S1 vwififlt;Virtual WiFi Filter Driver;c:\windows\system32\DRIVERS\vwififlt.sys [x]
    S2 AMD External Events Utility;AMD External Events Utility;c:\windows\system32\atiesrxx.exe [x]
    S2 ekrn;ESET Service;c:\program files\ESET\ESET NOD32 Antivirus\ekrn.exe [x]
    S2 epfwwfpr;epfwwfpr;c:\windows\system32\DRIVERS\epfwwfpr.sys [x]
    S2 UMVPFSrv;UMVPFSrv;c:\program files\Common Files\logishrd\LVMVFM\UMVPFSrv.exe [x]
    S2 ZeroConfigService;Intel(R) PROSet/Wireless Zero Configuration Service;c:\program files\Intel\WiFi\bin\ZeroConfigService.exe [x]
    S3 amdkmdag;amdkmdag;c:\windows\system32\DRIVERS\atikmdag.sys [x]
    S3 amdkmdap;amdkmdap;c:\windows\system32\DRIVERS\atikmpag.sys [x]
    S3 AMPPAL;Intel® Centrino® Wireless Bluetooth® + High Speed Virtual Adapter;c:\windows\system32\DRIVERS\AMPPAL.sys [x]
    S3 ATSwpWDF;AuthenTec TruePrint USB WBF WDF Driver;c:\windows\system32\Drivers\ATSwpWDF.sys [x]
    S3 FUJ02E3;Fujitsu FUJ02E3 Device Driver;c:\windows\system32\DRIVERS\FUJ02E3.sys [x]
    S3 NETwLv32; Intel(R) Wireless WiFi Link 5000 Series Adapter Driver for Windows Vista 32 Bit;c:\windows\system32\DRIVERS\NETwLv32.sys [x]
    S3 WSDPrintDevice;WSD Print Support via UMB;c:\windows\system32\DRIVERS\WSDPrint.sys [x]
    S3 yukonw7;NDIS6.2 Miniport Driver for Marvell Yukon Ethernet Controller;c:\windows\system32\DRIVERS\yk62x86.sys [x]
    .
    .
    .
    ------- Supplementary Scan -------
    .
    uInternet Settings,ProxyOverride = *.local;192.168.*.*
    TCP: DhcpNameServer = 10.0.0.1
    TCP: Interfaces\{ED3D7410-4C03-4DF5-9E3A-B85CC5332018}: DhcpNameServer = 10.0.0.1
    TCP: Interfaces\{ED3D7410-4C03-4DF5-9E3A-B85CC5332018}\2375942554137303: DhcpNameServer = 192.168.1.254
    FF - ProfilePath - c:\users\wasntme\AppData\Roaming\Mozilla\Firefox\Profiles\85mqh4kk.default\
    FF - prefs.js: browser.startup.homepage - hxxp://www.google.com/
    FF - prefs.js: network.proxy.type - 0
    .
    .
    --------------------- LOCKED REGISTRY KEYS ---------------------
    .
    [HKEY_USERS\S-1-5-21-3190065716-4020189722-302772351-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.eml\UserChoice]
    @Denied: (2) (LocalSystem)
    "Progid"="WindowsLiveMail.Email.1"
    .
    [HKEY_USERS\S-1-5-21-3190065716-4020189722-302772351-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.vcf\UserChoice]
    @Denied: (2) (LocalSystem)
    "Progid"="WindowsLiveMail.VCard.1"
    .
    [HKEY_USERS\S-1-5-21-3190065716-4020189722-302772351-1000\Software\SecuROM\!CAUTION! NEVER A OR CHANGE ANY KEY*]
    "??"=hex:84,03,8b,19,c0,1a,c8,d5,ea,13,a2,1d,f2,d7,f9,7b,cb,a0,b3,80,73,1d,9a,
    47,97,c4,40,51,1e,ba,d8,41,3a,bc,57,f8,72,29,af,a2,0d,50,64,13,71,53,3a,bb,\
    "??"=hex:ab,99,f5,9e,db,2a,1b,df,41,bf,45,de,04,72,7a,9e
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
    @Denied: (A) (Users)
    @Denied: (A) (Everyone)
    @Allowed: (B 1 2 3 4 5) (S-1-5-20)
    "BlindDial"=dword:00000000
    "MSCurrentCountry"=dword:000000b5
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
    @Denied: (Full) (Everyone)
    .
    Completion time: 2012-08-10 20:53:43
    ComboFix-quarantined-files.txt 2012-08-11 03:53
    .
    Pre-Run: 129,239,609,344 bytes free
    Post-Run: 128,818,417,664 bytes free
    .
    - - End Of File - - A699F662515BA1A26C9250C6FF1B2547




    Results of screen317's Security Check version 0.99.43
    Windows 7 Service Pack 1 x86 (UAC is enabled)
    Internet Explorer 9
    ``````````````Antivirus/Firewall Check:``````````````
    Windows Firewall Enabled!
    ESET NOD32 Antivirus 4.0
    Antivirus up to date! (On Access scanning disabled!)
    `````````Anti-malware/Other Utilities Check:`````````
    Malwarebytes Anti-Malware version 1.62.0.1300
    Java(TM) 6 Update 29
    Java version out of Date!
    Adobe Flash Player 11.3.300.268
    Adobe Reader X (10.1.3)
    Mozilla Firefox (14.0.1)
    ````````Process Check: objlist.exe by Laurent````````
    `````````````````System Health check`````````````````
    Total Fragmentation on Drive C:
    ````````````````````End of Log``````````````````````


    Thanks again Mark
    Rob
     
  11. Mark1956

    Mark1956 Malware Specialist

    Joined:
    May 7, 2011
    Messages:
    14,142
    Your Java version is out of date, but we will deal with that once the following is done.

    Your log indicates there are critical files which have failed File Signature Verification. Files which fail signature verification are those which do not appear to be original and may have been altered by malware infection so ComboFix flags them.
    We are now going to run ComboFix a different way so that we can replace them.
    As with the first Combofix scan, disconnect from the internet and disable script blocking and all your security software.
    Open Notepad by clicking [​IMG] and in the search box type: Notepad.exe and hit Enter
    Then copy and paste everything in the code box below into it.
    -- Note: Make sure Word Wrap is unchecked in Notepad by clicking on Format in the top menu.
    Code:
    FCopy::
    c:\windows\winsxs\x86_microsoft-windows-user32_31bf3856ad364e35_6.1.7601.17514_none_cf3fd62ccb9e983d\user32.dll | c:\windows\System32\user32.dll
    Reboot::
    
    
    • Save the file as CFScript.txt by choosing Save As... in the File Menu, and save it to your Desktop where the ComboFix icon is also located.
    • Close your browser and disconnect from the Internet.
    • Now use your mouse to drag, then drop the CFScript.txt file on top of ComboFix.exe as seen in the image below.
      [​IMG]
      This will start ComboFix again and launch the script.
    • ComboFix may reboot your system when it finishes. This is normal.
    • A log with be created just as before and saved to C:\ComboFix.txt. Please copy and paste the contents of ComboFix.txt in your next reply.
    • Be sure to re-enable your anti-virus and other security programs after the scan is complete.
     
  12. WasntMe

    WasntMe Thread Starter

    Joined:
    Feb 28, 2009
    Messages:
    9
    Here ya go Mark
    the current Combofix log

    ComboFix 12-08-09.01 - wasntme 08/11/2012 23:50:36.3.2 - x86
    Microsoft Windows 7 Ultimate 6.1.7601.1.1252.1.1033.18.2046.1249 [GMT -7:00]
    Running from: c:\users\wasntme\Desktop\ComboFix.exe
    Command switches used :: c:\users\wasntme\Desktop\CFScript.txt
    AV: ESET NOD32 Antivirus 4.0 *Disabled/Updated* {CB0F8167-5331-BA19-698E-64816B6801A5}
    SP: ESET NOD32 Antivirus 4.0 *Disabled/Updated* {706E6083-750B-B597-533E-5FF310EF4B18}
    SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
    .
    .
    ((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
    .
    .
    .
    --------------- FCopy ---------------
    .
    c:\windows\winsxs\x86_microsoft-windows-user32_31bf3856ad364e35_6.1.7601.17514_none_cf3fd62ccb9e983d\user32.dll --> c:\windows\System32\user32.dll
    .
    ((((((((((((((((((((((((( Files Created from 2012-07-12 to 2012-08-12 )))))))))))))))))))))))))))))))
    .
    .
    2012-08-12 06:59 . 2012-08-12 06:59 -------- d-----w- c:\users\Default\AppData\Local\temp
    2012-08-10 10:44 . 2012-08-12 07:02 56200 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{8EC38333-5F56-4055-88D0-216A087BAEE8}\offreg.dll
    2012-08-10 10:43 . 2012-06-29 08:44 6891424 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{8EC38333-5F56-4055-88D0-216A087BAEE8}\mpengine.dll
    2012-08-07 06:49 . 2012-08-07 07:15 -------- d-----w- C:\TDSSKiller_Quarantine
    2012-08-04 20:14 . 2012-08-04 20:14 388096 ----a-r- c:\users\wasntme\AppData\Roaming\Microsoft\Installer\{45A66726-69BC-466B-A7A4-12FCBA4883D7}\HiJackThis.exe
    2012-08-04 20:14 . 2012-08-04 20:14 -------- d-----w- c:\program files\Trend Micro
    2012-08-03 02:59 . 2012-08-03 02:59 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
    2012-08-03 02:59 . 2012-07-03 20:46 22344 ----a-w- c:\windows\system32\drivers\mbam.sys
    2012-08-03 02:01 . 2012-08-03 02:01 -------- d-----w- c:\users\wasntme\AppData\Roaming\Malwarebytes
    2012-08-03 02:01 . 2012-08-03 02:01 -------- d-----w- c:\programdata\Malwarebytes
    2012-08-01 01:48 . 2012-08-01 01:48 -------- d-----w- c:\program files\Hewlett-Packard
    2012-08-01 01:47 . 2011-09-09 22:53 544616 ------w- c:\windows\system32\HPDiscoPM5912.dll
    2012-08-01 01:47 . 2012-08-01 01:47 -------- d-----w- c:\programdata\HP
    2012-08-01 01:47 . 2012-08-01 01:48 -------- d-----w- c:\program files\HP
    2012-08-01 01:45 . 2012-08-01 01:50 -------- d-----w- c:\users\wasntme\AppData\Local\HP
    2012-07-17 09:06 . 2012-05-04 09:59 514560 ----a-w- c:\windows\system32\qdvd.dll
    .
    .
    .
    (((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
    .
    2012-08-07 15:20 . 2012-04-16 07:40 426184 ----a-w- c:\windows\system32\FlashPlayerApp.exe
    2012-08-07 15:20 . 2011-12-23 23:31 70344 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
    2012-06-12 02:40 . 2012-07-12 04:06 2345984 ----a-w- c:\windows\system32\win32k.sys
    2012-06-06 05:05 . 2012-07-11 06:37 1390080 ----a-w- c:\windows\system32\msxml6.dll
    2012-06-06 05:05 . 2012-07-11 06:37 1236992 ----a-w- c:\windows\system32\msxml3.dll
    2012-06-06 05:03 . 2012-07-11 06:37 805376 ----a-w- c:\windows\system32\cdosys.dll
    2012-06-02 22:19 . 2012-06-26 18:50 171904 ----a-w- c:\windows\system32\wuwebv.dll
    2012-06-02 22:19 . 2012-06-26 18:51 53784 ----a-w- c:\windows\system32\wuauclt.exe
    2012-06-02 22:19 . 2012-06-26 18:51 45080 ----a-w- c:\windows\system32\wups2.dll
    2012-06-02 22:19 . 2012-06-26 18:51 35864 ----a-w- c:\windows\system32\wups.dll
    2012-06-02 22:19 . 2012-06-26 18:51 577048 ----a-w- c:\windows\system32\wuapi.dll
    2012-06-02 22:19 . 2012-06-26 18:51 1933848 ----a-w- c:\windows\system32\wuaueng.dll
    2012-06-02 22:12 . 2012-06-26 18:51 2422272 ----a-w- c:\windows\system32\wucltux.dll
    2012-06-02 22:12 . 2012-06-26 18:50 33792 ----a-w- c:\windows\system32\wuapp.exe
    2012-06-02 22:12 . 2012-06-26 18:51 88576 ----a-w- c:\windows\system32\wudriver.dll
    2012-06-02 08:33 . 2012-07-12 04:09 1800192 ----a-w- c:\windows\system32\jscript9.dll
    2012-06-02 08:25 . 2012-07-12 04:09 1129472 ----a-w- c:\windows\system32\wininet.dll
    2012-06-02 08:25 . 2012-07-12 04:09 1427968 ----a-w- c:\windows\system32\inetcpl.cpl
    2012-06-02 08:20 . 2012-07-12 04:09 142848 ----a-w- c:\windows\system32\ieUnatt.exe
    2012-06-02 08:16 . 2012-07-12 04:09 2382848 ----a-w- c:\windows\system32\mshtml.tlb
    2012-06-02 04:45 . 2012-07-11 06:37 67440 ----a-w- c:\windows\system32\drivers\ksecdd.sys
    2012-06-02 04:45 . 2012-07-11 06:37 134000 ----a-w- c:\windows\system32\drivers\ksecpkg.sys
    2012-06-02 04:40 . 2012-07-11 06:37 369336 ----a-w- c:\windows\system32\drivers\cng.sys
    2012-06-02 04:40 . 2012-07-11 06:37 225280 ----a-w- c:\windows\system32\schannel.dll
    2012-06-02 04:39 . 2012-07-11 06:37 219136 ----a-w- c:\windows\system32\ncrypt.dll
    2012-05-31 19:25 . 2011-12-23 20:49 237072 ------w- c:\windows\system32\MpSigStub.exe
    2012-07-18 07:29 . 2011-12-23 20:51 136672 ----a-w- c:\program files\mozilla firefox\components\browsercomps.dll
    .
    .
    ((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
    .
    .
    *Note* empty entries & legit default entries are not shown
    REGEDIT4
    .
    [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "MobileDocuments"="c:\program files\Common Files\Apple\Internet Services\ubd.exe" [2012-02-23 59240]
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "AMD AVT"="start AMD Accelerated Video Transcoding device initialization" [X]
    "egui"="c:\program files\ESET\ESET NOD32 Antivirus\egui.exe" [2009-02-06 2021400]
    "APSDaemon"="c:\program files\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2012-05-31 59280]
    "QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2012-04-19 421888]
    "iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2012-06-08 421776]
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
    "ConsentPromptBehaviorAdmin"= 5 (0x5)
    "ConsentPromptBehaviorUser"= 3 (0x3)
    "EnableUIADesktopToggle"= 0 (0x0)
    .
    [HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
    Security Packages REG_MULTI_SZ kerberos msv1_0 schannel wdigest tspkg pku2u livessp
    .
    [HKLM\~\startupfolder\C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^NETGEAR WNDA3100 Smart Wizard.lnk]
    path=c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\NETGEAR WNDA3100 Smart Wizard.lnk
    backup=c:\windows\pss\NETGEAR WNDA3100 Smart Wizard.lnk.CommonStartup
    backupExtension=.CommonStartup
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe ARM]
    2012-01-03 07:37 843712 ----a-w- c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AOL Fast Start]
    2011-04-25 21:52 42320 ----a-w- c:\program files\AOL Desktop 9.6\aol.exe
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\APSDaemon]
    2012-05-31 03:06 59280 ----a-w- c:\program files\Common Files\Apple\Apple Application Support\APSDaemon.exe
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HostManager]
    2010-03-08 07:27 41800 ----a-w- c:\program files\Common Files\AOL\1325483727\ee\aolsoftware.exe
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper]
    2012-06-08 02:33 421776 ----a-w- c:\program files\iTunes\iTunesHelper.exe
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LWS]
    2011-11-11 22:08 205336 ----a-w- c:\program files\Logitech\LWS\Webcam Software\LWS.exe
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Messenger (Yahoo!)]
    2012-02-23 03:49 6591800 ----a-w- c:\progra~1\Yahoo!\MESSEN~1\YahooMessenger.exe
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\msnmsgr]
    2011-05-14 00:03 4283256 ----a-w- c:\program files\Windows Live\Messenger\msnmsgr.exe
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Skype]
    2011-10-13 19:55 19979400 ----a-r- c:\program files\Skype\Phone\Skype.exe
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\StartCCC]
    2012-04-06 08:24 641664 ----a-w- c:\program files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]
    2011-06-09 21:06 254696 ----a-w- c:\program files\Common Files\Java\Java Update\jusched.exe
    .
    R2 .EsetTrialReset;Eset Trial Reset;c:\windows\system32\regedt32.exe [x]
    R3 AdobeARMservice;Adobe Acrobat Update Service;c:\program files\Common Files\Adobe\ARM\1.0\armsvc.exe [x]
    R3 AMPPALP;Intel® Centrino® Wireless Bluetooth® + High Speed Protocol;c:\windows\system32\DRIVERS\amppal.sys [x]
    R3 MozillaMaintenance;Mozilla Maintenance Service;c:\program files\Mozilla Maintenance Service\maintenanceservice.exe [x]
    R3 Netaapl;Apple Mobile Device Ethernet Service;c:\windows\system32\DRIVERS\netaapl.sys [x]
    R3 netr73;RT73 USB Extensible Wireless LAN Card Driver;c:\windows\system32\DRIVERS\netr73.sys [x]
    R3 netw5v32;Intel(R) Wireless WiFi Link 5000 Series Adapter Driver for Windows Vista 32 Bit;c:\windows\system32\DRIVERS\netw5v32.sys [x]
    R3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;c:\windows\system32\drivers\rdpvideominiport.sys [x]
    R3 RecFltr;Reclusa Keyboard;c:\windows\system32\Drivers\RecFltr.sys [x]
    R3 rt70x86;Belkin Wireless G USB Network Adapter Driver for Vista;c:\windows\system32\DRIVERS\netr70.sys [x]
    R3 Synth3dVsc;Synth3dVsc;c:\windows\system32\drivers\synth3dvsc.sys [x]
    R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [x]
    R3 tsusbhub;tsusbhub;c:\windows\system32\drivers\tsusbhub.sys [x]
    R3 VGPU;VGPU;c:\windows\system32\drivers\rdvgkmd.sys [x]
    R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe [x]
    R3 WDC_SAM;WD SCSI Pass Thru driver;c:\windows\system32\DRIVERS\wdcsam.sys [x]
    R3 WNDA3100;NETGEAR WNDA3100 USB2.0 Wireless Card Service;c:\windows\system32\DRIVERS\WNDA31v.sys [x]
    R3 WSDPrintDevice;WSD Print Support via UMB;c:\windows\system32\DRIVERS\WSDPrint.sys [x]
    R4 AMPPALR3;Intel® Centrino® Wireless Bluetooth® + High Speed Service;c:\program files\Intel\BluetoothHS\BTHSAmpPalService.exe [x]
    R4 BBSvc;Bing Bar Update Service;c:\program files\Microsoft\BingBar\BBSvc.EXE [x]
    R4 BTHSSecurityMgr;Intel(R) Centrino(R) Wireless Bluetooth(R) + High Speed Security Service;c:\program files\Intel\BluetoothHS\BTHSSecurityMgr.exe [x]
    R4 sptd;sptd;c:\windows\System32\Drivers\sptd.sys [x]
    R4 wlcrasvc;Windows Live Mesh remote connections service;c:\program files\Windows Live\Mesh\wlcrasvc.exe [x]
    S0 O2MDRDR;O2MDRDR;c:\windows\system32\DRIVERS\o2media.sys [x]
    S1 ehdrv;ehdrv;c:\windows\system32\DRIVERS\ehdrv.sys [x]
    S1 vwififlt;Virtual WiFi Filter Driver;c:\windows\system32\DRIVERS\vwififlt.sys [x]
    S2 AMD External Events Utility;AMD External Events Utility;c:\windows\system32\atiesrxx.exe [x]
    S2 ekrn;ESET Service;c:\program files\ESET\ESET NOD32 Antivirus\ekrn.exe [x]
    S2 epfwwfpr;epfwwfpr;c:\windows\system32\DRIVERS\epfwwfpr.sys [x]
    S2 UMVPFSrv;UMVPFSrv;c:\program files\Common Files\logishrd\LVMVFM\UMVPFSrv.exe [x]
    S2 ZeroConfigService;Intel(R) PROSet/Wireless Zero Configuration Service;c:\program files\Intel\WiFi\bin\ZeroConfigService.exe [x]
    S3 amdkmdag;amdkmdag;c:\windows\system32\DRIVERS\atikmdag.sys [x]
    S3 amdkmdap;amdkmdap;c:\windows\system32\DRIVERS\atikmpag.sys [x]
    S3 AMPPAL;Intel® Centrino® Wireless Bluetooth® + High Speed Virtual Adapter;c:\windows\system32\DRIVERS\AMPPAL.sys [x]
    S3 ATSwpWDF;AuthenTec TruePrint USB WBF WDF Driver;c:\windows\system32\Drivers\ATSwpWDF.sys [x]
    S3 FUJ02E3;Fujitsu FUJ02E3 Device Driver;c:\windows\system32\DRIVERS\FUJ02E3.sys [x]
    S3 NETwLv32; Intel(R) Wireless WiFi Link 5000 Series Adapter Driver for Windows Vista 32 Bit;c:\windows\system32\DRIVERS\NETwLv32.sys [x]
    S3 yukonw7;NDIS6.2 Miniport Driver for Marvell Yukon Ethernet Controller;c:\windows\system32\DRIVERS\yk62x86.sys [x]
    .
    .
    .
    ------- Supplementary Scan -------
    .
    uInternet Settings,ProxyOverride = *.local;192.168.*.*
    TCP: DhcpNameServer = 192.168.1.254
    TCP: Interfaces\{ED3D7410-4C03-4DF5-9E3A-B85CC5332018}\2375942554137303: DhcpNameServer = 192.168.1.254
    TCP: Interfaces\{ED3D7410-4C03-4DF5-9E3A-B85CC5332018}\E45445745414256323: DhcpNameServer = 10.0.0.1
    FF - ProfilePath - c:\users\wasntme\AppData\Roaming\Mozilla\Firefox\Profiles\85mqh4kk.default\
    FF - prefs.js: browser.startup.homepage - hxxp://www.google.com/
    FF - prefs.js: network.proxy.type - 0
    .
    .
    --------------------- LOCKED REGISTRY KEYS ---------------------
    .
    [HKEY_USERS\S-1-5-21-3190065716-4020189722-302772351-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.eml\UserChoice]
    @Denied: (2) (LocalSystem)
    "Progid"="WindowsLiveMail.Email.1"
    .
    [HKEY_USERS\S-1-5-21-3190065716-4020189722-302772351-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.vcf\UserChoice]
    @Denied: (2) (LocalSystem)
    "Progid"="WindowsLiveMail.VCard.1"
    .
    [HKEY_USERS\S-1-5-21-3190065716-4020189722-302772351-1000\Software\SecuROM\!CAUTION! NEVER A OR CHANGE ANY KEY*]
    "??"=hex:84,03,8b,19,c0,1a,c8,d5,ea,13,a2,1d,f2,d7,f9,7b,cb,a0,b3,80,73,1d,9a,
    47,97,c4,40,51,1e,ba,d8,41,3a,bc,57,f8,72,29,af,a2,0d,50,64,13,71,53,3a,bb,\
    "??"=hex:ab,99,f5,9e,db,2a,1b,df,41,bf,45,de,04,72,7a,9e
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
    @Denied: (A) (Users)
    @Denied: (A) (Everyone)
    @Allowed: (B 1 2 3 4 5) (S-1-5-20)
    "BlindDial"=dword:00000000
    "MSCurrentCountry"=dword:000000b5
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
    @Denied: (Full) (Everyone)
    .
    ------------------------ Other Running Processes ------------------------
    .
    c:\windows\system32\atieclxx.exe
    c:\windows\system32\WLANExt.exe
    c:\windows\system32\conhost.exe
    c:\program files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
    c:\program files\Bonjour\mDNSResponder.exe
    c:\program files\Intel\WiFi\bin\EvtEng.exe
    c:\program files\Common Files\Intel\WirelessCommon\RegSrvc.exe
    c:\program files\Microsoft\BingBar\SeaPort.EXE
    c:\program files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
    c:\program files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
    c:\windows\system32\wbem\unsecapp.exe
    c:\program files\Windows Media Player\wmpnetwk.exe
    c:\windows\system32\taskhost.exe
    c:\windows\system32\conhost.exe
    c:\program files\Common Files\Apple\Apple Application Support\distnoted.exe
    c:\windows\system32\conhost.exe
    c:\program files\iPod\bin\iPodService.exe
    c:\windows\system32\DllHost.exe
    c:\windows\system32\taskhost.exe
    .
    **************************************************************************
    .
    Completion time: 2012-08-12 00:12:57 - machine was rebooted
    ComboFix-quarantined-files.txt 2012-08-12 07:12
    ComboFix2.txt 2012-08-11 03:53
    .
    Pre-Run: 128,977,920,000 bytes free
    Post-Run: 128,923,017,216 bytes free
    .
    - - End Of File - - 2D41C265A5312CB855AFFB5A0BBE4734

    thanks Again
    Rob
     
  13. Mark1956

    Mark1956 Malware Specialist

    Joined:
    May 7, 2011
    Messages:
    14,142
    All appears to be good in that last log, how well is the system running now, any further issues?
     
  14. WasntMe

    WasntMe Thread Starter

    Joined:
    Feb 28, 2009
    Messages:
    9
    Mark
    Everything seems to be running great. Hats off to you hoss. and again thaank you so much for your help and attention
    Rob
     
  15. Mark1956

    Mark1956 Malware Specialist

    Joined:
    May 7, 2011
    Messages:
    14,142
    Ok, just to be sure there are no other infections please run the following.

    Once this is done there will be a few other things to attend to and we will be finished.


    Eset online scan instructions.
    IMPORTANT ---> Please make sure you follow the instruction to uncheck the box next to Remove found threats. Eset will detect anything that looks even remotely suspicious, this can include legitimate program files. If you do not uncheck the box, as instructed, Eset will automatically remove all suspect files which could leave some of your software inoperative. If you make a mistake these files can be restored from quarantine, but it would be preferable not to add any extra work to the clean up of your system.
    • Disable your existing Anti Virus following these instructions.
    • Please go here to use the Eset Online Scanner.
    • When the web page opens click on this button [​IMG]
    • If you are not using Internet Explorer you will see a message box open asking you to to download the ESET Smart Installer, click on the link and allow it to download and then run it. Accept the Terms of use and click on Start. The required components will download.
    • If using Internet Explorer the Terms of use box will open immediately, accept it and click on Start.
    • After the download is complete the Computer scan settings window will open, IMPORTANT ----> uncheck the box next to Remove found threats and click on Start. The virus signature database will then download which may take some time depending on the speed of your internet connection. The scan will automatically start when the download is complete.
    • This is a very thorough scan and may take several hours to complete depending on how much data you have on your hard drive. Do not interrupt it, be patient and let it finish.
    • A Scan Results window will appear at the end of the scan. If it lists any number of Infected Files click on List of found threats. Click on Copy to clipboard, come back to this thread and right click on the message box. Select Paste and the report will appear, add any comments you have and post the reply.
    • Back on the Eset window, click the Back button and then click on Finish.
     
  16. Sponsor

As Seen On
As Seen On...

Welcome to Tech Support Guy!

Are you looking for the solution to your computer problem? Join our site today to ask your question. This site is completely free -- paid for by advertisers and donations.

If you're not already familiar with forums, watch our Welcome Guide to get started.

Join over 733,556 other people just like you!

Loading...
Thread Status:
Not open for further replies.

Short URL to this thread: https://techguy.org/1063830