[Another Olmarik.TDL4 trojan problem]

The AVP tool cleared a couple things. I couldn't get the report to save. Things seem to be working normally; I think I'm ok. Thanks.

[Another Olmarik.TDL4 trojan problem]

ESET Anti-virus was not finding the trojan any more, though now it's getting hung up and not completing scans.

[Another Olmarik.TDL4 trojan problem]

The log is attached. I'll be out of town for a couple days; back on Saturday. Thanks!

TDSSKiller log.doc

[Another Olmarik.TDL4 trojan problem]

The anti-virus scan doesn't find the trojan. Here's the TDSSKiller log:

10:01:13.0598 1940 TDSS rootkit removing tool 2.7.46.0 Jul 16 2012 22:10:11

10:01:13.0863 1940 ============================================================

10:01:13.0863 1940 Current date / time: 2012/07/18 10:01:13.0863

10:01:13.0863 1940 SystemInfo:

10:01:13.0863 1940

10:01:13.0863 1940 OS Version: 6.0.6002 ServicePack: 2.0

10:01:13.0863 1940 Product type: Workstation

10:01:13.0863 1940 ComputerName: ALAN-PC

10:01:13.0863 1940 UserName: Alan

10:01:13.0863 1940 Windows directory: C:\Windows

10:01:13.0863 1940 System windows directory: C:\Windows

10:01:13.0863 1940 Running under WOW64

10:01:13.0863 1940 Processor architecture: Intel x64

10:01:13.0863 1940 Number of processors: 2

10:01:13.0863 1940 Page size: 0x1000

10:01:13.0863 1940 Boot type: Normal boot

10:01:13.0863 1940 ============================================================

10:01:14.0269 1940 Drive \Device\Harddisk0\DR0 - Size: 0x7470C06000 (465.76 Gb), SectorSize: 0x200, Cylinders: 0xED81, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000040

10:01:14.0409 1940 Drive \Device\Harddisk6\DR6 - Size: 0x778800000 (29.88 Gb), SectorSize: 0x200, Cylinders: 0xF3C, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'W'

10:01:14.0409 1940 ============================================================

10:01:14.0409 1940 \Device\Harddisk0\DR0:

10:01:14.0409 1940 MBR partitions:

10:01:14.0409 1940 \Device\Harddisk0\DR0\Partition0: MBR, Type 0x7, StartLBA 0x1400800, BlocksNum 0x38F85030

10:01:14.0409 1940 \Device\Harddisk6\DR6:

10:01:14.0409 1940 MBR partitions:

10:01:14.0409 1940 \Device\Harddisk6\DR6\Partition0: MBR, Type 0xC, StartLBA 0x20, BlocksNum 0x3BC3FE0

10:01:14.0409 1940 ============================================================

10:01:14.0425 1940 C: <-> \Device\Harddisk0\DR0\Partition0

10:01:14.0425 1940 ============================================================

10:01:14.0425 1940 Initialize success

10:01:14.0425 1940 ============================================================

10:01:25.0625 3832 ============================================================

10:01:25.0625 3832 Scan started

10:01:25.0625 3832 Mode: Manual; SigCheck; TDLFS;

10:01:25.0625 3832 ============================================================

10:01:25.0953 3832 ACPI (1965aaffab07e3fb03c77f81beba3547) C:\Windows\system32\drivers\acpi.sys

10:01:26.0078 3832 ACPI - ok

10:01:26.0140 3832 AdobeARMservice (62b7936f9036dd6ed36e6a7efa805dc0) C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe

10:01:26.0156 3832 AdobeARMservice - ok

10:01:26.0203 3832 adp94xx (f14215e37cf124104575073f782111d2) C:\Windows\system32\drivers\adp94xx.sys

10:01:26.0265 3832 adp94xx - ok

10:01:26.0312 3832 adpahci (7d05a75e3066861a6610f7ee04ff085c) C:\Windows\system32\drivers\adpahci.sys

10:01:26.0374 3832 adpahci - ok

10:01:26.0390 3832 adpu160m (820a201fe08a0c345b3bedbc30e1a77c) C:\Windows\system32\drivers\adpu160m.sys

10:01:26.0437 3832 adpu160m - ok

10:01:26.0452 3832 adpu320 (9b4ab6854559dc168fbb4c24fc52e794) C:\Windows\system32\drivers\adpu320.sys

10:01:26.0468 3832 adpu320 - ok

10:01:26.0499 3832 AeLookupSvc (0f421175574bfe0bf2f4d8e910a253bb) C:\Windows\System32\aelupsvc.dll

10:01:26.0639 3832 AeLookupSvc - ok

10:01:26.0686 3832 AFD (c4f6ce6087760ad70960c9eb130e7943) C:\Windows\system32\drivers\afd.sys

10:01:26.0749 3832 AFD - ok

10:01:26.0780 3832 agp440 (f6f6793b7f17b550ecfdbd3b229173f7) C:\Windows\system32\drivers\agp440.sys

10:01:26.0795 3832 agp440 - ok

10:01:26.0827 3832 aic78xx (222cb641b4b8a1d1126f8033f9fd6a00) C:\Windows\system32\drivers\djsvs.sys

10:01:26.0842 3832 aic78xx - ok

10:01:26.0873 3832 ALG (5922f4f59b7868f3d74bbbbeb7b825a3) C:\Windows\System32\alg.exe

10:01:26.0936 3832 ALG - ok

10:01:26.0951 3832 aliide (157d0898d4b73f075ce9fa26b482df98) C:\Windows\system32\drivers\aliide.sys

10:01:26.0983 3832 aliide - ok

10:01:26.0998 3832 amdide (970fa5059e61e30d25307b99903e991e) C:\Windows\system32\drivers\amdide.sys

10:01:27.0029 3832 amdide - ok

10:01:27.0045 3832 AmdK8 (cdc3632a3a5ea4dbb83e46076a3165a1) C:\Windows\system32\drivers\amdk8.sys

10:01:27.0107 3832 AmdK8 - ok

10:01:27.0139 3832 Appinfo (9c37b3fd5615477cb9a0cd116cf43f5c) C:\Windows\System32\appinfo.dll

10:01:27.0170 3832 Appinfo - ok

10:01:27.0232 3832 Apple Mobile Device (7ef47644b74ebe721cc32211d3c35e76) C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe

10:01:27.0248 3832 Apple Mobile Device - ok

10:01:27.0279 3832 arc (ba8417d4765f3988ff921f30f630e303) C:\Windows\system32\drivers\arc.sys

10:01:27.0310 3832 arc - ok

10:01:27.0357 3832 arcsas (9d41c435619733b34cc16a511e644b11) C:\Windows\system32\drivers\arcsas.sys

10:01:27.0388 3832 arcsas - ok

10:01:27.0404 3832 AsyncMac (22d13ff3dafec2a80634752b1eaa2de6) C:\Windows\system32\DRIVERS\asyncmac.sys

10:01:27.0451 3832 AsyncMac - ok

10:01:27.0482 3832 atapi (e68d9b3a3905619732f7fe039466a623) C:\Windows\system32\drivers\atapi.sys

10:01:27.0513 3832 atapi - ok

10:01:27.0560 3832 AudioEndpointBuilder (79318c744693ec983d20e9337a2f8196) C:\Windows\System32\Audiosrv.dll

10:01:27.0638 3832 AudioEndpointBuilder - ok

10:01:27.0638 3832 AudioSrv (79318c744693ec983d20e9337a2f8196) C:\Windows\System32\Audiosrv.dll

10:01:27.0669 3832 AudioSrv - ok

10:01:27.0700 3832 Beep - ok

10:01:27.0747 3832 BFE (ffb96c2589ffa60473ead78b39fbde29) C:\Windows\System32\bfe.dll

10:01:27.0825 3832 BFE - ok

10:01:27.0903 3832 BITS (6d316f4859634071cc25c4fd4589ad2c) C:\Windows\system32\qmgr.dll

10:01:28.0012 3832 BITS - ok

10:01:28.0059 3832 blbdrive (79feeb40056683f8f61398d81dda65d2) C:\Windows\system32\drivers\blbdrive.sys

10:01:28.0106 3832 blbdrive - ok

10:01:28.0371 3832 Bonjour Service (ebbcd5dfbb1de70e8f4af8fa59e401fd) C:\Program Files\Bonjour\mDNSResponder.exe

10:01:28.0387 3832 Bonjour Service - ok

10:01:28.0433 3832 bowser (2348447a80920b2493a9b582a23e81e1) C:\Windows\system32\DRIVERS\bowser.sys

10:01:28.0511 3832 bowser - ok

10:01:28.0574 3832 BrFiltLo (f09eee9edc320b5e1501f749fde686c8) C:\Windows\system32\drivers\brfiltlo.sys

10:01:28.0636 3832 BrFiltLo - ok

10:01:28.0652 3832 BrFiltUp (b114d3098e9bdb8bea8b053685831be6) C:\Windows\system32\drivers\brfiltup.sys

10:01:28.0699 3832 BrFiltUp - ok

10:01:28.0886 3832 Brother XP spl Service (c711ed965009bdcff9aa62ceb6ff1aad) C:\Windows\SysWOW64\brsvc01a.exe

10:01:28.0917 3832 Brother XP spl Service - ok

10:01:28.0948 3832 Browser (a1b39de453433b115b4ea69ee0343816) C:\Windows\System32\browser.dll

10:01:29.0026 3832 Browser - ok

10:01:29.0057 3832 Brserid (f0f0ba4d815be446aa6a4583ca3bca9b) C:\Windows\system32\drivers\brserid.sys

10:01:29.0291 3832 Brserid - ok

10:01:29.0307 3832 BrSerWdm (a6eca2151b08a09caceca35c07f05b42) C:\Windows\system32\drivers\brserwdm.sys

10:01:29.0432 3832 BrSerWdm - ok

10:01:29.0463 3832 BrUsbMdm (b79968002c277e869cf38bd22cd61524) C:\Windows\system32\drivers\brusbmdm.sys

10:01:29.0588 3832 BrUsbMdm - ok

10:01:29.0603 3832 BrUsbSer (a87528880231c54e75ea7a44943b38bf) C:\Windows\system32\drivers\brusbser.sys

10:01:29.0697 3832 BrUsbSer - ok

10:01:29.0728 3832 BTHMODEM (e0777b34e05f8a82a21856efc900c29f) C:\Windows\system32\drivers\bthmodem.sys

10:01:29.0806 3832 BTHMODEM - ok

10:01:29.0853 3832 catchme - ok

10:01:29.0900 3832 CAXHWBS2 (797c36e597f9fc4efd88e6e0e98abe37) C:\Windows\system32\DRIVERS\CAXHWBS2.sys

10:01:29.0978 3832 CAXHWBS2 - ok

10:01:30.0025 3832 cdfs (b4d787db8d30793a4d4df9feed18f136) C:\Windows\system32\DRIVERS\cdfs.sys

10:01:30.0071 3832 cdfs - ok

10:01:30.0103 3832 cdrom (c025aa69be3d0d25c7a2e746ef6f94fc) C:\Windows\system32\DRIVERS\cdrom.sys

10:01:30.0134 3832 cdrom - ok

10:01:30.0165 3832 CertPropSvc (5a268127633c7ee2a7fb87f39d748d56) C:\Windows\System32\certprop.dll

10:01:30.0196 3832 CertPropSvc - ok

10:01:30.0196 3832 circlass (02ea568d498bbdd4ba55bf3fce34d456) C:\Windows\system32\DRIVERS\circlass.sys

10:01:30.0243 3832 circlass - ok

10:01:30.0274 3832 CLFS (3dca9a18b204939cfb24bea53e31eb48) C:\Windows\system32\CLFS.sys

10:01:30.0321 3832 CLFS - ok

10:01:30.0383 3832 clr_optimization_v2.0.50727_32 (8ee772032e2fe80a924f3b8dd5082194) C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe

10:01:30.0399 3832 clr_optimization_v2.0.50727_32 - ok

10:01:30.0446 3832 clr_optimization_v2.0.50727_64 (ce07a466201096f021cd09d631b21540) C:\Windows\Microsoft.NET\Framework64\v2.0.50727\mscorsvw.exe

10:01:30.0461 3832 clr_optimization_v2.0.50727_64 - ok

10:01:30.0508 3832 clr_optimization_v4.0.30319_32 (c5a75eb48e2344abdc162bda79e16841) C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe

10:01:30.0524 3832 clr_optimization_v4.0.30319_32 - ok

10:01:30.0555 3832 clr_optimization_v4.0.30319_64 (c6f9af94dcd58122a4d7e89db6bed29d) C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe

10:01:30.0571 3832 clr_optimization_v4.0.30319_64 - ok

10:01:30.0586 3832 cmdide (e5d5499a1c50a54b5161296b6afe6192) C:\Windows\system32\drivers\cmdide.sys

10:01:30.0617 3832 cmdide - ok

10:01:30.0649 3832 Compbatt (7fb8ad01db0eabe60c8a861531a8f431) C:\Windows\system32\DRIVERS\compbatt.sys

10:01:30.0664 3832 Compbatt - ok

10:01:30.0664 3832 COMSysApp - ok

10:01:30.0680 3832 crcdisk (a8585b6412253803ce8efcbd6d6dc15c) C:\Windows\system32\drivers\crcdisk.sys

10:01:30.0711 3832 crcdisk - ok

10:01:30.0758 3832 CryptSvc (62740b9d2a137e8ced41a9e4239a7a31) C:\Windows\system32\cryptsvc.dll

10:01:30.0789 3832 CryptSvc - ok

10:01:30.0836 3832 DcomLaunch (cf8b9a3a5e7dc57724a89d0c3e8cf9ef) C:\Windows\system32\rpcss.dll

10:01:30.0929 3832 DcomLaunch - ok

10:01:30.0961 3832 DfsC (8b722ba35205c71e7951cdc4cdbade19) C:\Windows\system32\Drivers\dfsc.sys

10:01:31.0007 3832 DfsC - ok

10:01:31.0210 3832 DFSR (c647f468f7de343df8c143655c5557d4) C:\Windows\system32\DFSR.exe

10:01:31.0397 3832 DFSR - ok

10:01:31.0507 3832 Dhcp (3ed0321127ce70acdaabbf77e157c2a7) C:\Windows\System32\dhcpcsvc.dll

10:01:31.0553 3832 Dhcp - ok

10:01:31.0600 3832 disk (b0107e40ecdb5fa692ebf832f295d905) C:\Windows\system32\drivers\disk.sys

10:01:31.0616 3832 disk - ok

10:01:31.0663 3832 Dnscache (06230f1b721494a6df8d47fd395bb1b0) C:\Windows\System32\dnsrslvr.dll

10:01:31.0694 3832 Dnscache - ok

10:01:31.0709 3832 dot3svc (1a7156dd1e850e9914e5e991e3225b94) C:\Windows\System32\dot3svc.dll

10:01:31.0772 3832 dot3svc - ok

10:01:31.0803 3832 DPS (1583b39790db3eaec7edb0cb0140c708) C:\Windows\system32\dps.dll

10:01:31.0865 3832 DPS - ok

10:01:31.0881 3832 drmkaud (f1a78a98cfc2ee02144c6bec945447e6) C:\Windows\system32\drivers\drmkaud.sys

10:01:31.0975 3832 drmkaud - ok

10:01:32.0037 3832 DXGKrnl (b8e554e502d5123bc111f99d6a2181b4) C:\Windows\System32\drivers\dxgkrnl.sys

10:01:32.0115 3832 DXGKrnl - ok

10:01:32.0193 3832 E1G60 (264cee7b031a9d6c827f3d0cb031f2fe) C:\Windows\system32\DRIVERS\E1G6032E.sys

10:01:32.0302 3832 E1G60 - ok

10:01:32.0333 3832 eamon (a183851333985c6de08dade07b074d0d) C:\Windows\system32\DRIVERS\eamon.sys

10:01:32.0427 3832 eamon - ok

10:01:32.0443 3832 EapHost (c2303883fd9be49dc36a6400643002ea) C:\Windows\System32\eapsvc.dll

10:01:32.0521 3832 EapHost - ok

10:01:32.0552 3832 easdrv (4db13a6a158c160b01971e0eab4b6fa8) C:\Windows\system32\DRIVERS\easdrv.sys

10:01:32.0599 3832 easdrv - ok

10:01:32.0645 3832 Ecache (5f94962be5a62db6e447ff6470c4f48a) C:\Windows\system32\drivers\ecache.sys

10:01:32.0708 3832 Ecache - ok

10:01:32.0739 3832 ehRecvr (14ce384d2e27b64c256bda4dc39c312d) C:\Windows\ehome\ehRecvr.exe

10:01:32.0801 3832 ehRecvr - ok

10:01:32.0817 3832 ehSched (b93159c1313d66fdfbbe876f5189cd52) C:\Windows\ehome\ehsched.exe

10:01:32.0864 3832 ehSched - ok

10:01:32.0879 3832 ehstart (f5ee2527d74449868e3c3227a59bcd28) C:\Windows\ehome\ehstart.dll

10:01:32.0926 3832 ehstart - ok

10:01:32.0973 3832 EhttpSrv (40ddb5654b9fb14aa3fa00b116efbbdd) C:\Program Files\ESET\ESET NOD32 Antivirus\EHttpSrv.exe

10:01:32.0989 3832 EhttpSrv - ok

10:01:33.0067 3832 ekrn (49485fa5c3a8a5ce866b281e75e99f24) C:\Program Files\ESET\ESET NOD32 Antivirus\x86\ekrn.exe

10:01:33.0082 3832 ekrn - ok

10:01:33.0145 3832 elxstor (c4636d6e10469404ab5308d9fd45ed07) C:\Windows\system32\drivers\elxstor.sys

10:01:33.0223 3832 elxstor - ok

10:01:33.0269 3832 EMDMgmt (a9b18b63a4fd6baab83326706d857fab) C:\Windows\system32\emdmgmt.dll

10:01:33.0347 3832 EMDMgmt - ok

10:01:33.0379 3832 epfwtdir (bb0e86ba3336ccc7c885e1b47d9c4675) C:\Windows\system32\DRIVERS\epfwtdir.sys

10:01:33.0457 3832 epfwtdir - ok

10:01:33.0472 3832 ErrDev (bc3a58e938bb277e46bf4b3003b01abd) C:\Windows\system32\drivers\errdev.sys

10:01:33.0535 3832 ErrDev - ok

10:01:33.0581 3832 ETService (6b1f9c8c3757622824705a32bf721e8a) C:\Program Files\GATEWAY\Gateway Recovery Management\Service\ETService.exe

10:01:33.0597 3832 ETService ( UnsignedFile.Multi.Generic ) - warning

10:01:33.0597 3832 ETService - detected UnsignedFile.Multi.Generic (1)

10:01:33.0628 3832 EventSystem (e12f22b73f153dece721cd45ec05b4af) C:\Windows\system32\es.dll

10:01:33.0691 3832 EventSystem - ok

10:01:33.0722 3832 exfat (486844f47b6636044a42454614ed4523) C:\Windows\system32\drivers\exfat.sys

10:01:33.0769 3832 exfat - ok

10:01:33.0800 3832 fastfat (1a4bee34277784619ddaf0422c0c6e23) C:\Windows\system32\drivers\fastfat.sys

10:01:33.0878 3832 fastfat - ok

10:01:33.0893 3832 fdc (81b79b6df71fa1d2c6d688d830616e39) C:\Windows\system32\DRIVERS\fdc.sys

10:01:33.0940 3832 fdc - ok

10:01:33.0956 3832 fdPHost (bb9267acacd8b7533dd936c34a0cba5e) C:\Windows\system32\fdPHost.dll

10:01:33.0987 3832 fdPHost - ok

10:01:34.0003 3832 FDResPub (300c80931eabbe1db7591c516efe8d0f) C:\Windows\system32\fdrespub.dll

10:01:34.0049 3832 FDResPub - ok

10:01:34.0081 3832 FileInfo (457b7d1d533e4bd62a99aed9c7bb4c59) C:\Windows\system32\drivers\fileinfo.sys

10:01:34.0096 3832 FileInfo - ok

10:01:34.0127 3832 Filetrace (d421327fd6efccaf884a54c58e1b0d7f) C:\Windows\system32\drivers\filetrace.sys

10:01:34.0159 3832 Filetrace - ok

10:01:34.0190 3832 flpydisk (230923ea2b80f79b0f88d90f87b87ebd) C:\Windows\system32\DRIVERS\flpydisk.sys

10:01:34.0237 3832 flpydisk - ok

10:01:34.0268 3832 FltMgr (e3041bc26d6930d61f42aedb79c91720) C:\Windows\system32\drivers\fltmgr.sys

10:01:34.0283 3832 FltMgr - ok

10:01:34.0377 3832 FontCache (be1c5bd1ca7ed015bc6fa1ae67e592c8) C:\Windows\system32\FntCache.dll

10:01:34.0471 3832 FontCache - ok

10:01:34.0517 3832 FontCache3.0.0.0 (bc5b0be5af3510b0fd8c140ee42c6d3e) C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe

10:01:34.0533 3832 FontCache3.0.0.0 - ok

10:01:34.0564 3832 Fs_Rec (5779b86cd8b32519fbecb136394d946a) C:\Windows\system32\drivers\Fs_Rec.sys

10:01:34.0611 3832 Fs_Rec - ok

10:01:34.0627 3832 gagp30kx (c8e416668d3dc2be3d4fe4c79224997f) C:\Windows\system32\drivers\gagp30kx.sys

10:01:34.0689 3832 gagp30kx - ok

10:01:34.0705 3832 GEARAspiWDM (e403aacf8c7bb11375122d2464560311) C:\Windows\system32\DRIVERS\GEARAspiWDM.sys

10:01:34.0720 3832 GEARAspiWDM - ok

10:01:34.0767 3832 gpsvc (a0e1b575ba8f504968cd40c0faeb2384) C:\Windows\System32\gpsvc.dll

10:01:34.0814 3832 gpsvc - ok

10:01:34.0907 3832 gupdate (f02a533f517eb38333cb12a9e8963773) C:\Program Files (x86)\Google\Update\GoogleUpdate.exe

10:01:34.0923 3832 gupdate - ok

10:01:34.0939 3832 gupdatem (f02a533f517eb38333cb12a9e8963773) C:\Program Files (x86)\Google\Update\GoogleUpdate.exe

10:01:34.0954 3832 gupdatem - ok

10:01:35.0001 3832 HdAudAddService (df45f8142dc6df9d18c39b3effbd0409) C:\Windows\system32\drivers\HdAudio.sys

10:01:35.0126 3832 HdAudAddService - ok

10:01:35.0188 3832 HDAudBus (f942c5820205f2fb453243edfec82a3d) C:\Windows\system32\DRIVERS\HDAudBus.sys

10:01:35.0282 3832 HDAudBus - ok

10:01:35.0313 3832 HidBatt (68214c82fa6222591873677a72df2a66) C:\Windows\system32\DRIVERS\HidBatt.sys

10:01:35.0422 3832 HidBatt - ok

10:01:35.0438 3832 HidBth (b4881c84a180e75b8c25dc1d726c375f) C:\Windows\system32\drivers\hidbth.sys

10:01:35.0578 3832 HidBth - ok

10:01:35.0594 3832 HidIr (5f47839455d01ff6403b008d481a6f5b) C:\Windows\system32\DRIVERS\hidir.sys

10:01:35.0641 3832 HidIr - ok

10:01:35.0672 3832 hidserv (59361d38a297755d46a540e450202b2a) C:\Windows\System32\hidserv.dll

10:01:35.0703 3832 hidserv - ok

10:01:35.0734 3832 HidUsb (443bdd2d30bb4f00795c797e2cf99edf) C:\Windows\system32\DRIVERS\hidusb.sys

10:01:35.0765 3832 HidUsb - ok

10:01:35.0781 3832 hkmsvc (b12f367ea39c0795fd57e31242ce1a5a) C:\Windows\system32\kmsvc.dll

10:01:35.0812 3832 hkmsvc - ok

10:01:35.0843 3832 HpCISSs (d7109a1e6bd2dfdbcba72a6bc626a13b) C:\Windows\system32\drivers\hpcisss.sys

10:01:35.0875 3832 HpCISSs - ok

10:01:35.0953 3832 HSF_DPV (1e260b33f6555146a0b826f047238c00) C:\Windows\system32\DRIVERS\CAX_DPV.sys

10:01:36.0062 3832 HSF_DPV - ok

10:01:36.0171 3832 HTTP (098f1e4e5c9cb5b0063a959063631610) C:\Windows\system32\drivers\HTTP.sys

10:01:36.0296 3832 HTTP - ok

10:01:36.0311 3832 i2omp (da94c854cea5fac549d4e1f6e88349e8) C:\Windows\system32\drivers\i2omp.sys

10:01:36.0327 3832 i2omp - ok

10:01:36.0358 3832 i8042prt (cbb597659a2713ce0c9cc20c88c7591f) C:\Windows\system32\DRIVERS\i8042prt.sys

10:01:36.0421 3832 i8042prt - ok

10:01:36.0467 3832 iaStorV (3e3bf3627d886736d0b4e90054f929f6) C:\Windows\system32\drivers\iastorv.sys

10:01:36.0577 3832 iaStorV - ok

10:01:36.0670 3832 idsvc (749f5f8cedca70f2a512945325fc489d) C:\Windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\infocard.exe

10:01:36.0717 3832 idsvc - ok

10:01:36.0748 3832 iirsp (8c3951ad2fe886ef76c7b5027c3125d3) C:\Windows\system32\drivers\iirsp.sys

10:01:36.0748 3832 iirsp - ok

10:01:36.0795 3832 IKEEXT (0c9ea6e654e7b0471741e343a6c671af) C:\Windows\System32\ikeext.dll

10:01:36.0873 3832 IKEEXT - ok

10:01:36.0920 3832 int15 (8c7fa71cb1ebcd3ede8958d27b1bf0b4) C:\Windows\SysWOW64\drivers\int15_64.sys

10:01:36.0935 3832 int15 - ok

10:01:37.0029 3832 IntcAzAudAddService (f737c4e44fb41524978709274da24b2e) C:\Windows\system32\drivers\RTKVHD64.sys

10:01:37.0107 3832 IntcAzAudAddService - ok

10:01:37.0169 3832 intelide (df797a12176f11b2d301c5b234bb200e) C:\Windows\system32\drivers\intelide.sys

10:01:37.0201 3832 intelide - ok

10:01:37.0216 3832 intelppm (bfd84af32fa1bad6231c4585cb469630) C:\Windows\system32\DRIVERS\intelppm.sys

10:01:37.0263 3832 intelppm - ok

10:01:37.0279 3832 IPBusEnum (5624bc1bc5eeb49c0ab76a8114f05ea3) C:\Windows\system32\ipbusenum.dll

10:01:37.0341 3832 IPBusEnum - ok

10:01:37.0357 3832 IpFilterDriver (d8aabc341311e4780d6fce8c73c0ad81) C:\Windows\system32\DRIVERS\ipfltdrv.sys

10:01:37.0435 3832 IpFilterDriver - ok

10:01:37.0466 3832 iphlpsvc (bf0dbfa9792c5c14fa00f61c75116c1b) C:\Windows\System32\iphlpsvc.dll

10:01:37.0513 3832 iphlpsvc - ok

10:01:37.0513 3832 IpInIp - ok

10:01:37.0544 3832 IPMIDRV (9c2ee2e6e5a7203bfae15c299475ec67) C:\Windows\system32\drivers\ipmidrv.sys

10:01:37.0653 3832 IPMIDRV - ok

10:01:37.0684 3832 IPNAT (b7e6212f581ea5f6ab0c3a6ceeeb89be) C:\Windows\system32\DRIVERS\ipnat.sys

10:01:37.0778 3832 IPNAT - ok

10:01:37.0871 3832 iPod Service (50d6ccc6ff5561f9f56946b3e6164fb8) C:\Program Files\iPod\bin\iPodService.exe

10:01:37.0934 3832 iPod Service - ok

10:01:37.0965 3832 IRENUM (8c42ca155343a2f11d29feca67faa88d) C:\Windows\system32\drivers\irenum.sys

10:01:38.0043 3832 IRENUM - ok

10:01:38.0059 3832 isapnp (0672bfcedc6fc468a2b0500d81437f4f) C:\Windows\system32\drivers\isapnp.sys

10:01:38.0090 3832 isapnp - ok

10:01:38.0152 3832 iScsiPrt (e4fdf99599f27ec25d2cf6d754243520) C:\Windows\system32\DRIVERS\msiscsi.sys

10:01:38.0168 3832 iScsiPrt - ok

10:01:38.0199 3832 iteatapi (63c766cdc609ff8206cb447a65abba4a) C:\Windows\system32\drivers\iteatapi.sys

10:01:38.0199 3832 iteatapi - ok

10:01:38.0246 3832 iteraid (1281fe73b17664631d12f643cbea3f59) C:\Windows\system32\drivers\iteraid.sys

10:01:38.0246 3832 iteraid - ok

10:01:38.0277 3832 kbdclass (423696f3ba6472dd17699209b933bc26) C:\Windows\system32\DRIVERS\kbdclass.sys

10:01:38.0308 3832 kbdclass - ok

10:01:38.0324 3832 kbdhid (dbdf75d51464fbc47d0104ec3d572c05) C:\Windows\system32\DRIVERS\kbdhid.sys

10:01:38.0371 3832 kbdhid - ok

10:01:38.0371 3832 KeyIso (260bf9c43ee12c6898a9f5aab0fb0e5d) C:\Windows\system32\lsass.exe

10:01:38.0402 3832 KeyIso - ok

10:01:38.0449 3832 KSecDD (88956ad9fa510848ad176777a6c6c1f5) C:\Windows\system32\Drivers\ksecdd.sys

10:01:38.0480 3832 KSecDD - ok

10:01:38.0495 3832 ksthunk (1d419cf43db29396ecd7113d129d94eb) C:\Windows\system32\drivers\ksthunk.sys

10:01:38.0542 3832 ksthunk - ok

10:01:38.0589 3832 KtmRm (1faf6926f3416d3da05c5b265491bdae) C:\Windows\system32\msdtckrm.dll

10:01:38.0651 3832 KtmRm - ok

10:01:38.0667 3832 LanmanServer (50c7a3cb427e9bb5ed0708a669956ab5) C:\Windows\System32\srvsvc.dll

10:01:38.0714 3832 LanmanServer - ok

10:01:38.0745 3832 LanmanWorkstation (caf86fc1388be1e470f1a7b43e348adb) C:\Windows\System32\wkssvc.dll

10:01:38.0776 3832 LanmanWorkstation - ok

10:01:38.0807 3832 LGDDCDevice - ok

10:01:38.0807 3832 LGII2CDevice - ok

10:01:38.0839 3832 lltdio (96ece2659b6654c10a0c310ae3a6d02c) C:\Windows\system32\DRIVERS\lltdio.sys

10:01:38.0901 3832 lltdio - ok

10:01:38.0932 3832 lltdsvc (961ccbd0b1ccb5675d64976fae37d092) C:\Windows\System32\lltdsvc.dll

10:01:38.0979 3832 lltdsvc - ok

10:01:38.0995 3832 lmhosts (a47f8080cacc23c91fe823ad19aa5612) C:\Windows\System32\lmhsvc.dll

10:01:39.0026 3832 lmhosts - ok

10:01:39.0057 3832 LSI_FC (acbe1af32d3123e330a07bfbc5ec4a9b) C:\Windows\system32\drivers\lsi_fc.sys

10:01:39.0073 3832 LSI_FC - ok

10:01:39.0104 3832 LSI_SAS (799ffb2fc4729fa46d2157c0065b3525) C:\Windows\system32\drivers\lsi_sas.sys

10:01:39.0166 3832 LSI_SAS - ok

10:01:39.0182 3832 LSI_SCSI (f445ff1daad8a226366bfaf42551226b) C:\Windows\system32\drivers\lsi_scsi.sys

10:01:39.0229 3832 LSI_SCSI - ok

10:01:39.0244 3832 luafv (52f87b9cc8932c2a7375c3b2a9be5e3e) C:\Windows\system32\drivers\luafv.sys

10:01:39.0291 3832 luafv - ok

10:01:39.0307 3832 Mcx2Svc (76a58df02bd4ea29f189b82d0bef17f8) C:\Windows\system32\Mcx2Svc.dll

10:01:39.0338 3832 Mcx2Svc - ok

10:01:39.0353 3832 mdmxsdk (e4f44ec214b3e381e1fc844a02926666) C:\Windows\system32\DRIVERS\mdmxsdk.sys

10:01:39.0369 3832 mdmxsdk - ok

10:01:39.0400 3832 megasas (5c5cd6aaced32fb26c3fb34b3dcf972f) C:\Windows\system32\drivers\megasas.sys

10:01:39.0447 3832 megasas - ok

10:01:39.0494 3832 MegaSR (859bc2436b076c77c159ed694acfe8f8) C:\Windows\system32\drivers\megasr.sys

10:01:39.0541 3832 MegaSR - ok

10:01:39.0556 3832 MMCSS (3cbe4995e80e13ccfbc42e5dcf3ac81a) C:\Windows\system32\mmcss.dll

10:01:39.0603 3832 MMCSS - ok

10:01:39.0619 3832 Modem (59848d5cc74606f0ee7557983bb73c2e) C:\Windows\system32\drivers\modem.sys

10:01:39.0697 3832 Modem - ok

10:01:39.0712 3832 monitor (c247cc2a57e0a0c8c6dccf7807b3e9e5) C:\Windows\system32\DRIVERS\monitor.sys

10:01:39.0759 3832 monitor - ok

10:01:39.0775 3832 mouclass (9367304e5e412b120cf5f4ea14e4e4f1) C:\Windows\system32\DRIVERS\mouclass.sys

10:01:39.0806 3832 mouclass - ok

10:01:39.0837 3832 mouhid (c2c2bd5c5ce5aaf786ddd74b75d2ac69) C:\Windows\system32\DRIVERS\mouhid.sys

10:01:39.0868 3832 mouhid - ok

10:01:39.0884 3832 MountMgr (11bc9b1e8801b01f7f6adb9ead30019b) C:\Windows\system32\drivers\mountmgr.sys

10:01:39.0946 3832 MountMgr - ok

10:01:40.0024 3832 mozybackup (4559f45671297fe955b3b6de1bdf26ce) C:\Program Files\MozyHome\mozybackup.exe

10:01:40.0024 3832 mozybackup - ok

10:01:40.0055 3832 mozyFilter (792e9d1d6160df481dea44d8171b8e25) C:\Windows\system32\DRIVERS\mozy.sys

10:01:40.0087 3832 mozyFilter - ok

10:01:40.0118 3832 mpio (f8276eb8698142884498a528dfea8478) C:\Windows\system32\drivers\mpio.sys

10:01:40.0149 3832 mpio - ok

10:01:40.0149 3832 mpsdrv (c92b9abdb65a5991e00c28f13491dba2) C:\Windows\system32\drivers\mpsdrv.sys

10:01:40.0211 3832 mpsdrv - ok

10:01:40.0258 3832 MpsSvc (897e3baf68ba406a61682ae39c83900c) C:\Windows\system32\mpssvc.dll

10:01:40.0305 3832 MpsSvc - ok

10:01:40.0352 3832 mr97310c (637650a42fd23947d837053fac789d38) C:\Windows\system32\DRIVERS\mr97310c.sys

10:01:40.0399 3832 mr97310c - ok

10:01:40.0430 3832 Mraid35x (3c200630a89ef2c0864d515b7a75802e) C:\Windows\system32\drivers\mraid35x.sys

10:01:40.0430 3832 Mraid35x - ok

10:01:40.0477 3832 MRxDAV (7c1de4aa96dc0c071611f9e7de02a68d) C:\Windows\system32\drivers\mrxdav.sys

10:01:40.0508 3832 MRxDAV - ok

10:01:40.0539 3832 mrxsmb (1485811b320ff8c7edad1caebb1c6c2b) C:\Windows\system32\DRIVERS\mrxsmb.sys

10:01:40.0586 3832 mrxsmb - ok

10:01:40.0617 3832 mrxsmb10 (3b929a60c833fc615fd97fba82bc7632) C:\Windows\system32\DRIVERS\mrxsmb10.sys

10:01:40.0664 3832 mrxsmb10 - ok

10:01:40.0679 3832 mrxsmb20 (c64ab3e1f53b4f5b5bb6d796b2d7bec3) C:\Windows\system32\DRIVERS\mrxsmb20.sys

10:01:40.0711 3832 mrxsmb20 - ok

10:01:40.0742 3832 msahci (1ac860612b85d8e85ee257d372e39f4d) C:\Windows\system32\drivers\msahci.sys

10:01:40.0773 3832 msahci - ok

10:01:40.0804 3832 msdsm (264bbb4aaf312a485f0e44b65a6b7202) C:\Windows\system32\drivers\msdsm.sys

10:01:40.0851 3832 msdsm - ok

10:01:40.0882 3832 MSDTC (7ec02ce772f068ed0beafa3da341a9bc) C:\Windows\System32\msdtc.exe

10:01:40.0929 3832 MSDTC - ok

10:01:40.0960 3832 Msfs (704f59bfc4512d2bb0146aec31b10a7c) C:\Windows\system32\drivers\Msfs.sys

10:01:41.0038 3832 Msfs - ok

10:01:41.0054 3832 msisadrv (00ebc952961664780d43dca157e79b27) C:\Windows\system32\drivers\msisadrv.sys

10:01:41.0069 3832 msisadrv - ok

10:01:41.0101 3832 MSiSCSI (366b0c1f4478b519c181e37d43dcda32) C:\Windows\system32\iscsiexe.dll

10:01:41.0179 3832 MSiSCSI - ok

10:01:41.0179 3832 msiserver - ok

10:01:41.0210 3832 MSKSSRV (0ea73e498f53b96d83dbfca074ad4cf8) C:\Windows\system32\drivers\MSKSSRV.sys

10:01:41.0272 3832 MSKSSRV - ok

10:01:41.0288 3832 MSPCLOCK (52e59b7e992a58e740aa63f57edbae8b) C:\Windows\system32\drivers\MSPCLOCK.sys

10:01:41.0350 3832 MSPCLOCK - ok

10:01:41.0366 3832 MSPQM (49084a75bae043ae02d5b44d02991bb2) C:\Windows\system32\drivers\MSPQM.sys

10:01:41.0413 3832 MSPQM - ok

10:01:41.0444 3832 MsRPC (dc6ccf440cdede4293db41c37a5060a5) C:\Windows\system32\drivers\MsRPC.sys

10:01:41.0459 3832 MsRPC - ok

10:01:41.0491 3832 mssmbios (855796e59df77ea93af46f20155bf55b) C:\Windows\system32\DRIVERS\mssmbios.sys

10:01:41.0522 3832 mssmbios - ok

10:01:41.0537 3832 MSTEE (86d632d75d05d5b7c7c043fa3564ae86) C:\Windows\system32\drivers\MSTEE.sys

10:01:41.0615 3832 MSTEE - ok

10:01:41.0631 3832 Mup (0cc49f78d8aca0877d885f149084e543) C:\Windows\system32\Drivers\mup.sys

10:01:41.0662 3832 Mup - ok

10:01:41.0709 3832 napagent (a5b10c845e7538c60c0f5d87a57cb3f5) C:\Windows\system32\qagentRT.dll

10:01:41.0787 3832 napagent - ok

10:01:41.0818 3832 NativeWifiP (2007b826c4acd94ae32232b41f0842b9) C:\Windows\system32\DRIVERS\nwifi.sys

10:01:41.0881 3832 NativeWifiP - ok

10:01:41.0943 3832 NDIS (65950e07329fcee8e6516b17c8d0abb6) C:\Windows\system32\drivers\ndis.sys

10:01:41.0990 3832 NDIS - ok

10:01:42.0021 3832 NdisTapi (64df698a425478e321981431ac171334) C:\Windows\system32\DRIVERS\ndistapi.sys

10:01:42.0052 3832 NdisTapi - ok

10:01:42.0083 3832 Ndisuio (8baa43196d7b5bb972c9a6b2bbf61a19) C:\Windows\system32\DRIVERS\ndisuio.sys

10:01:42.0161 3832 Ndisuio - ok

10:01:42.0177 3832 NdisWan (f8158771905260982ce724076419ef19) C:\Windows\system32\DRIVERS\ndiswan.sys

10:01:42.0255 3832 NdisWan - ok

10:01:42.0271 3832 NDProxy (9cb77ed7cb72850253e973a2d6afdf49) C:\Windows\system32\drivers\NDProxy.sys

10:01:42.0333 3832 NDProxy - ok

10:01:42.0349 3832 NetBIOS (a499294f5029a7862adc115bda7371ce) C:\Windows\system32\DRIVERS\netbios.sys

10:01:42.0395 3832 NetBIOS - ok

10:01:42.0411 3832 netbt (fc2c792ebddc8e28df939d6a92c83d61) C:\Windows\system32\DRIVERS\netbt.sys

10:01:42.0458 3832 netbt - ok

10:01:42.0473 3832 Netlogon (260bf9c43ee12c6898a9f5aab0fb0e5d) C:\Windows\system32\lsass.exe

10:01:42.0489 3832 Netlogon - ok

10:01:42.0536 3832 Netman (9b63b29defc0f3115a559d2597bf5d75) C:\Windows\System32\netman.dll

10:01:42.0614 3832 Netman - ok

10:01:42.0645 3832 netprofm (7846d0136cc2b264926a73047ba7688a) C:\Windows\System32\netprofm.dll

10:01:42.0692 3832 netprofm - ok

10:01:42.0739 3832 NetTcpPortSharing (74751dda198165947fd7454d83f49825) C:\Windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\SMSvcHost.exe

10:01:42.0754 3832 NetTcpPortSharing - ok

10:01:42.0770 3832 nfrd960 (4ac08bd6af2df42e0c3196d826c8aea7) C:\Windows\system32\drivers\nfrd960.sys

10:01:42.0832 3832 nfrd960 - ok

10:01:42.0863 3832 NlaSvc (f145bf4c4668e7e312069f81ef847cfc) C:\Windows\System32\nlasvc.dll

10:01:42.0926 3832 NlaSvc - ok

10:01:42.0941 3832 Npfs (b298874f8e0ea93f06ec40aa8d146478) C:\Windows\system32\drivers\Npfs.sys

10:01:43.0004 3832 Npfs - ok

10:01:43.0019 3832 nsi (acb62baa1c319b17752553df3026eeeb) C:\Windows\system32\nsisvc.dll

10:01:43.0082 3832 nsi - ok

10:01:43.0082 3832 nsiproxy (1523af19ee8b030ba682f7a53537eaeb) C:\Windows\system32\drivers\nsiproxy.sys

10:01:43.0129 3832 nsiproxy - ok

10:01:43.0222 3832 Ntfs (bac869dfb98e499ba4d9bb1fb43270e1) C:\Windows\system32\drivers\Ntfs.sys

10:01:43.0285 3832 Ntfs - ok

10:01:43.0347 3832 Null (dd5d684975352b85b52e3fd5347c20cb) C:\Windows\system32\drivers\Null.sys

10:01:43.0409 3832 Null - ok

10:01:43.0503 3832 NVENETFD (98350606682594521d56eccb5d01ecf7) C:\Windows\system32\DRIVERS\nvmfdx64.sys

10:01:43.0565 3832 NVENETFD - ok

10:01:43.0675 3832 NVHDA (87a7e98a682b0b20820be781c7758b94) C:\Windows\system32\drivers\nvhda64v.sys

10:01:43.0690 3832 NVHDA - ok

10:01:44.0392 3832 nvlddmkm (b34e9bfbd9c61048ef6281c3e7ec210a) C:\Windows\system32\DRIVERS\nvlddmkm.sys

10:01:45.0016 3832 nvlddmkm - ok

10:01:45.0110 3832 nvraid (2c040b7ada5b06f6facadac8514aa034) C:\Windows\system32\drivers\nvraid.sys

10:01:45.0125 3832 nvraid - ok

10:01:45.0157 3832 nvrd64 (081601b398ded2fbc6ff62ae2042c38a) C:\Windows\system32\drivers\nvrd64.sys

10:01:45.0172 3832 nvrd64 - ok

10:01:45.0203 3832 nvsmu (f6c6d8298dd85507f680437ec2e6899c) C:\Windows\system32\DRIVERS\nvsmu.sys

10:01:45.0219 3832 nvsmu - ok

10:01:45.0235 3832 nvstor (f7ea0fe82842d05eda3efdd376dbfdba) C:\Windows\system32\drivers\nvstor.sys

10:01:45.0266 3832 nvstor - ok

10:01:45.0297 3832 nvstor64 (1f27f53013b40565c8bd1d787ea5ec6a) C:\Windows\system32\drivers\nvstor64.sys

10:01:45.0313 3832 nvstor64 - ok

10:01:45.0391 3832 nvsvc (dfda089bb2cd0ff7e789e2ef6ba1e4ba) C:\Windows\system32\nvvsvc.exe

10:01:45.0437 3832 nvsvc - ok

10:01:45.0625 3832 nvUpdatusService (e7818cd4fb51284c948d68a7a85a69b8) C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe

10:01:45.0703 3832 nvUpdatusService - ok

10:01:45.0781 3832 nv_agp (19067ca93075ef4823e3938a686f532f) C:\Windows\system32\drivers\nv_agp.sys

10:01:45.0812 3832 nv_agp - ok

10:01:45.0812 3832 NwlnkFlt - ok

10:01:45.0827 3832 NwlnkFwd - ok

10:01:45.0874 3832 ohci1394 (7b58953e2f263421fdbb09a192712a85) C:\Windows\system32\drivers\ohci1394.sys

10:01:45.0968 3832 ohci1394 - ok

10:01:46.0015 3832 OMSI download service (da345de3b450e9e1691e7b9956d8ffc3) C:\Program Files (x86)\Sony Ericsson\Sony Ericsson PC Suite\SupServ.exe

10:01:46.0030 3832 OMSI download service ( UnsignedFile.Multi.Generic ) - warning

10:01:46.0030 3832 OMSI download service - detected UnsignedFile.Multi.Generic (1)

10:01:46.0093 3832 p2pimsvc (9ae31d2e1d15c10d91318e0ec149ceac) C:\Windows\system32\p2psvc.dll

10:01:46.0171 3832 p2pimsvc - ok

10:01:46.0186 3832 p2psvc (9ae31d2e1d15c10d91318e0ec149ceac) C:\Windows\system32\p2psvc.dll

10:01:46.0233 3832 p2psvc - ok

10:01:46.0264 3832 Parport (aecd57f94c887f58919f307c35498ea0) C:\Windows\system32\drivers\parport.sys

10:01:46.0342 3832 Parport - ok

10:01:46.0358 3832 partmgr (b43751085e2abe389da466bc62a4b987) C:\Windows\system32\drivers\partmgr.sys

10:01:46.0389 3832 partmgr - ok

10:01:46.0405 3832 PcaSvc (9ab157b374192ff276c1628fbdba2b0e) C:\Windows\System32\pcasvc.dll

10:01:46.0436 3832 PcaSvc - ok

10:01:46.0467 3832 pci (47ab1e0fc9d0e12bb53ba246e3a0906d) C:\Windows\system32\drivers\pci.sys

10:01:46.0498 3832 pci - ok

10:01:46.0514 3832 pciide (2657f6c0b78c36d95034be109336e382) C:\Windows\system32\drivers\pciide.sys

10:01:46.0529 3832 pciide - ok

10:01:46.0576 3832 pcmcia (037661f3d7c507c9993b7010ceee6288) C:\Windows\system32\drivers\pcmcia.sys

10:01:46.0623 3832 pcmcia - ok

10:01:46.0685 3832 PEAUTH (58865916f53592a61549b04941bfd80d) C:\Windows\system32\drivers\peauth.sys

10:01:46.0810 3832 PEAUTH - ok

10:01:46.0873 3832 PerfHost (0ed8727ea0172860f47258456c06caea) C:\Windows\SysWow64\perfhost.exe

10:01:46.0919 3832 PerfHost - ok

10:01:47.0029 3832 pla (e9e68c1a0f25cf4a7ac966eea74ee89e) C:\Windows\system32\pla.dll

10:01:47.0138 3832 pla - ok

10:01:47.0169 3832 PlugPlay (fe6b0f59215c9fd9f9d26539c58c8b82) C:\Windows\system32\umpnpmgr.dll

10:01:47.0216 3832 PlugPlay - ok

10:01:47.0278 3832 PNRPAutoReg (9ae31d2e1d15c10d91318e0ec149ceac) C:\Windows\system32\p2psvc.dll

10:01:47.0309 3832 PNRPAutoReg - ok

10:01:47.0325 3832 PNRPsvc (9ae31d2e1d15c10d91318e0ec149ceac) C:\Windows\system32\p2psvc.dll

10:01:47.0356 3832 PNRPsvc - ok

10:01:47.0419 3832 PolicyAgent (89a5560671c2d8b4a4b51f3e1aa069d8) C:\Windows\System32\ipsecsvc.dll

10:01:47.0512 3832 PolicyAgent - ok

10:01:47.0621 3832 ppped (d483893aa28f060d2b2cdb69586d1cdb) C:\Program Files (x86)\CyberPower PowerPanel Personal Edition\ppped.exe

10:01:47.0668 3832 ppped - ok

10:01:47.0746 3832 PptpMiniport (23386e9952025f5f21c368971e2e7301) C:\Windows\system32\DRIVERS\raspptp.sys

10:01:47.0840 3832 PptpMiniport - ok

10:01:47.0855 3832 Processor (5080e59ecee0bc923f14018803aa7a01) C:\Windows\system32\drivers\processr.sys

10:01:47.0965 3832 Processor - ok

10:01:47.0996 3832 ProfSvc (e058ce4fc2449d8bfa14739c83b7ff2a) C:\Windows\system32\profsvc.dll

10:01:48.0027 3832 ProfSvc - ok

10:01:48.0043 3832 ProtectedStorage (260bf9c43ee12c6898a9f5aab0fb0e5d) C:\Windows\system32\lsass.exe

10:01:48.0058 3832 ProtectedStorage - ok

10:01:48.0074 3832 PSched (c5ab7f0809392d0da027f4a2a81bfa31) C:\Windows\system32\DRIVERS\pacer.sys

10:01:48.0121 3832 PSched - ok

10:01:48.0199 3832 ql2300 (0b83f4e681062f3839be2ec1d98fd94a) C:\Windows\system32\drivers\ql2300.sys

10:01:48.0261 3832 ql2300 - ok

10:01:48.0292 3832 ql40xx (e1c80f8d4d1e39ef9595809c1369bf2a) C:\Windows\system32\drivers\ql40xx.sys

10:01:48.0323 3832 ql40xx - ok

10:01:48.0355 3832 QWAVE (90574842c3da781e279061a3eff91f07) C:\Windows\system32\qwave.dll

10:01:48.0386 3832 QWAVE - ok

10:01:48.0401 3832 QWAVEdrv (e8d76edab77ec9c634c27b8eac33adc5) C:\Windows\system32\drivers\qwavedrv.sys

10:01:48.0448 3832 QWAVEdrv - ok

10:01:48.0464 3832 RasAcd (1013b3b663a56d3ddd784f581c1bd005) C:\Windows\system32\DRIVERS\rasacd.sys

10:01:48.0511 3832 RasAcd - ok

10:01:48.0542 3832 RasAuto (b2ae18f847d07f0044404ddf7cb04497) C:\Windows\System32\rasauto.dll

10:01:48.0589 3832 RasAuto - ok

10:01:48.0620 3832 Rasl2tp (ac7bc4d42a7e558718dfdec599bbfc2c) C:\Windows\system32\DRIVERS\rasl2tp.sys

10:01:48.0667 3832 Rasl2tp - ok

10:01:48.0698 3832 RasMan (3ad83e4046c43be510de681588acb8af) C:\Windows\System32\rasmans.dll

10:01:48.0745 3832 RasMan - ok

10:01:48.0760 3832 RasPppoe (4517fbf8b42524afe4ede1de102aae3e) C:\Windows\system32\DRIVERS\raspppoe.sys

10:01:48.0823 3832 RasPppoe - ok

10:01:48.0838 3832 RasSstp (c6a593b51f34c33e5474539544072527) C:\Windows\system32\DRIVERS\rassstp.sys

10:01:48.0901 3832 RasSstp - ok

10:01:48.0932 3832 rdbss (322db5c6b55e8d8ee8d6f358b2aaabb1) C:\Windows\system32\DRIVERS\rdbss.sys

10:01:48.0994 3832 rdbss - ok

10:01:48.0994 3832 RDPCDD (603900cc05f6be65ccbf373800af3716) C:\Windows\system32\DRIVERS\RDPCDD.sys

10:01:49.0057 3832 RDPCDD - ok

10:01:49.0088 3832 rdpdr (c045d1fb111c28df0d1be8d4bda22c06) C:\Windows\system32\drivers\rdpdr.sys

10:01:49.0166 3832 rdpdr - ok

10:01:49.0181 3832 RDPENCDD (cab9421daf3d97b33d0d055858e2c3ab) C:\Windows\system32\drivers\rdpencdd.sys

10:01:49.0228 3832 RDPENCDD - ok

10:01:49.0275 3832 RDPWD (ae4bd9e1c33d351d8e607fc81f15160c) C:\Windows\system32\drivers\RDPWD.sys

10:01:49.0322 3832 RDPWD - ok

10:01:49.0353 3832 RemoteAccess (c612b9557da73f70d41f8a6fbc8e5344) C:\Windows\System32\mprdim.dll

10:01:49.0415 3832 RemoteAccess - ok

10:01:49.0447 3832 RemoteRegistry (44b9d8ec2f3ef3a0efb00857af70d861) C:\Windows\system32\regsvc.dll

10:01:49.0493 3832 RemoteRegistry - ok

10:01:49.0509 3832 RpcLocator (f46c457840d4b7a4daafee739ce04102) C:\Windows\system32\locator.exe

10:01:49.0556 3832 RpcLocator - ok

10:01:49.0603 3832 RpcSs (cf8b9a3a5e7dc57724a89d0c3e8cf9ef) C:\Windows\system32\rpcss.dll

10:01:49.0649 3832 RpcSs - ok

10:01:49.0649 3832 rspndr (22a9cb08b1a6707c1550c6bf099aae73) C:\Windows\system32\DRIVERS\rspndr.sys

10:01:49.0774 3832 rspndr - ok

10:01:49.0790 3832 RTSTOR (fe1d4924e1680a192f9617c5eca19c93) C:\Windows\system32\drivers\RTSTOR64.SYS

10:01:49.0852 3832 RTSTOR - ok

10:01:49.0899 3832 s117bus (6c90231046fb9fc4123c42179832817f) C:\Windows\system32\DRIVERS\s117bus.sys

10:01:49.0946 3832 s117bus - ok

10:01:49.0961 3832 s117mdfl (3279341c90ef8f226af77623039f4495) C:\Windows\system32\DRIVERS\s117mdfl.sys

10:01:49.0993 3832 s117mdfl - ok

10:01:50.0024 3832 s117mdm (73e331f555279e753b312675ddaf4516) C:\Windows\system32\DRIVERS\s117mdm.sys

10:01:50.0102 3832 s117mdm - ok

10:01:50.0117 3832 s117mgmt (d420731fd2880f0f40f20771efaad671) C:\Windows\system32\DRIVERS\s117mgmt.sys

10:01:50.0149 3832 s117mgmt - ok

10:01:50.0180 3832 s117nd5 (98236ca5a9a77d0983ac3f6d6527c796) C:\Windows\system32\DRIVERS\s117nd5.sys

10:01:50.0211 3832 s117nd5 - ok

10:01:50.0227 3832 s117obex (1dd613909477ae298c98e86617ec356b) C:\Windows\system32\DRIVERS\s117obex.sys

10:01:50.0273 3832 s117obex - ok

10:01:50.0305 3832 s117unic (9a22df5fe9b6be279d820776a6adb56f) C:\Windows\system32\DRIVERS\s117unic.sys

10:01:50.0336 3832 s117unic - ok

10:01:50.0351 3832 SamSs (260bf9c43ee12c6898a9f5aab0fb0e5d) C:\Windows\system32\lsass.exe

10:01:50.0367 3832 SamSs - ok

10:01:50.0398 3832 sbp2port (cd9c693589c60ad59bbbcfb0e524e01b) C:\Windows\system32\drivers\sbp2port.sys

10:01:50.0445 3832 sbp2port - ok

10:01:50.0554 3832 SBSDWSCService (794d4b48dfb6e999537c7c3947863463) C:\Program Files (x86)\Spybot - Search & Destroy\SDWinSec.exe

10:01:50.0585 3832 SBSDWSCService - ok

10:01:50.0632 3832 SCardSvr (fd1cdcf108d5ef3366f00d18b70fb89b) C:\Windows\System32\SCardSvr.dll

10:01:50.0679 3832 SCardSvr - ok

10:01:50.0741 3832 Schedule (0f838c811ad295d2a4489b9993096c63) C:\Windows\system32\schedsvc.dll

10:01:50.0819 3832 Schedule - ok

10:01:50.0851 3832 SCPolicySvc (5a268127633c7ee2a7fb87f39d748d56) C:\Windows\System32\certprop.dll

10:01:50.0866 3832 SCPolicySvc - ok

10:01:50.0897 3832 SDRSVC (4ff71b076a7760fe75ea5ae2d0ee0018) C:\Windows\System32\SDRSVC.dll

10:01:50.0944 3832 SDRSVC - ok

10:01:50.0991 3832 secdrv (3ea8a16169c26afbeb544e0e48421186) C:\Windows\system32\drivers\secdrv.sys

10:01:51.0085 3832 secdrv - ok

10:01:51.0100 3832 seclogon (5acdcbc67fcf894a1815b9f96d704490) C:\Windows\system32\seclogon.dll

10:01:51.0163 3832 seclogon - ok

10:01:51.0194 3832 seehcri (ede7a1d2715aac2190d51dc07afd44e3) C:\Windows\system32\DRIVERS\seehcri.sys

10:01:51.0225 3832 seehcri - ok

10:01:51.0241 3832 SENS (90973a64b96cd647ff81c79443618eed) C:\Windows\system32\sens.dll

10:01:51.0287 3832 SENS - ok

10:01:51.0303 3832 Serenum (2449316316411d65bd2c761a6ffb2ce2) C:\Windows\system32\DRIVERS\serenum.sys

10:01:51.0350 3832 Serenum - ok

10:01:51.0381 3832 Serial (4b438170be2fc8e0bd35ee87a960f84f) C:\Windows\system32\DRIVERS\serial.sys

10:01:51.0428 3832 Serial - ok

10:01:51.0443 3832 sermouse (a842f04833684bceea7336211be478df) C:\Windows\system32\drivers\sermouse.sys

10:01:51.0506 3832 sermouse - ok

10:01:51.0521 3832 SessionEnv (a8e4a4407a09f35dccc3771af590b0c4) C:\Windows\system32\sessenv.dll

10:01:51.0553 3832 SessionEnv - ok

10:01:51.0568 3832 sffdisk (14d4b4465193a87c127933978e8c4106) C:\Windows\system32\drivers\sffdisk.sys

10:01:51.0615 3832 sffdisk - ok

10:01:51.0615 3832 sffp_mmc (7073aee3f82f3d598e3825962aa98ab2) C:\Windows\system32\drivers\sffp_mmc.sys

10:01:51.0662 3832 sffp_mmc - ok

10:01:51.0677 3832 sffp_sd (35e59ebe4a01a0532ed67975161c7b82) C:\Windows\system32\drivers\sffp_sd.sys

10:01:51.0724 3832 sffp_sd - ok

10:01:51.0740 3832 sfloppy (6b7838c94135768bd455cbdc23e39e5f) C:\Windows\system32\drivers\sfloppy.sys

10:01:51.0802 3832 sfloppy - ok

10:01:51.0833 3832 SharedAccess (4c5aee179da7e1ee9a9ccb9da289af34) C:\Windows\System32\ipnathlp.dll

10:01:51.0896 3832 SharedAccess - ok

10:01:51.0943 3832 ShellHWDetection (56793271ecdedd350c5add305603e963) C:\Windows\System32\shsvcs.dll

10:01:51.0974 3832 ShellHWDetection - ok

10:01:51.0989 3832 SiSRaid2 (7a5de502aeb719d4594c6471060a78b3) C:\Windows\system32\drivers\sisraid2.sys

10:01:52.0005 3832 SiSRaid2 - ok

10:01:52.0036 3832 SiSRaid4 (3a2f769fab9582bc720e11ea1dfb184d) C:\Windows\system32\drivers\sisraid4.sys

10:01:52.0067 3832 SiSRaid4 - ok

10:01:52.0208 3832 slsvc (a9a27a8e257b45a604fdad4f26fe7241) C:\Windows\system32\SLsvc.exe

10:01:52.0364 3832 slsvc - ok

10:01:52.0426 3832 SLUINotify (fd74b4b7c2088e390a30c85a896fc3af) C:\Windows\system32\SLUINotify.dll

10:01:52.0473 3832 SLUINotify - ok

10:01:52.0504 3832 Smb (290b6f6a0ec4fcdfc90f5cb6d7020473) C:\Windows\system32\DRIVERS\smb.sys

10:01:52.0567 3832 Smb - ok

10:01:52.0598 3832 SNMPTRAP (f8f47f38909823b1af28d60b96340cff) C:\Windows\System32\snmptrap.exe

10:01:52.0613 3832 SNMPTRAP - ok

10:01:52.0629 3832 spldr (386c3c63f00a7040c7ec5e384217e89d) C:\Windows\system32\drivers\spldr.sys

10:01:52.0660 3832 spldr - ok

10:01:52.0691 3832 Spooler (f66ff751e7efc816d266977939ef5dc3) C:\Windows\System32\spoolsv.exe

10:01:52.0738 3832 Spooler - ok

10:01:52.0769 3832 srv (880a57fccb571ebd063d4dd50e93e46d) C:\Windows\system32\DRIVERS\srv.sys

10:01:52.0879 3832 srv - ok

10:01:52.0910 3832 srv2 (a1ad14a6d7a37891fffeca35ebbb0730) C:\Windows\system32\DRIVERS\srv2.sys

10:01:52.0988 3832 srv2 - ok

10:01:53.0003 3832 srvnet (4bed62f4fa4d8300973f1151f4c4d8a7) C:\Windows\system32\DRIVERS\srvnet.sys

10:01:53.0050 3832 srvnet - ok

10:01:53.0066 3832 SSDPSRV (192c74646ec5725aef3f80d19ff75f6a) C:\Windows\System32\ssdpsrv.dll

10:01:53.0113 3832 SSDPSRV - ok

10:01:53.0159 3832 SstpSvc (2ee3fa0308e6185ba64a9a7f2e74332b) C:\Windows\system32\sstpsvc.dll

10:01:53.0191 3832 SstpSvc - ok

10:01:53.0237 3832 stisvc (15825c1fbfb8779992cb65087f316af5) C:\Windows\System32\wiaservc.dll

10:01:53.0269 3832 stisvc - ok

10:01:53.0300 3832 swenum (8a851ca908b8b974f89c50d2e18d4f0c) C:\Windows\system32\DRIVERS\swenum.sys

10:01:53.0315 3832 swenum - ok

10:01:53.0362 3832 swprv (6de37f4de19d4efd9c48c43addbc949a) C:\Windows\System32\swprv.dll

10:01:53.0425 3832 swprv - ok

10:01:53.0503 3832 Symantec RemoteAssist (267c914667c94e5f47d342311c1c577f) C:\Program Files (x86)\Common Files\Symantec Shared\Support Controls\ssrc.exe

10:01:53.0518 3832 Symantec RemoteAssist - ok

10:01:53.0534 3832 Symc8xx (2f26a2c6fc96b29beff5d8ed74e6625b) C:\Windows\system32\drivers\symc8xx.sys

10:01:53.0581 3832 Symc8xx - ok

10:01:53.0581 3832 Sym_hi (a909667976d3bccd1df813fed517d837) C:\Windows\system32\drivers\sym_hi.sys

10:01:53.0627 3832 Sym_hi - ok

10:01:53.0643 3832 Sym_u3 (36887b56ec2d98b9c362f6ae4de5b7b0) C:\Windows\system32\drivers\sym_u3.sys

10:01:53.0690 3832 Sym_u3 - ok

10:01:53.0752 3832 SysMain (92d7a8b0f87b036f17d25885937897a6) C:\Windows\system32\sysmain.dll

10:01:53.0830 3832 SysMain - ok

10:01:53.0861 3832 TabletInputService (005ce42567f9113a3bccb3b20073b029) C:\Windows\System32\TabSvc.dll

10:01:53.0893 3832 TabletInputService - ok

10:01:53.0924 3832 TapiSrv (cc2562b4d55e0b6a4758c65407f63b79) C:\Windows\System32\tapisrv.dll

10:01:53.0971 3832 TapiSrv - ok

10:01:53.0986 3832 TBS (cdbe8d7c1e201b911cdc346d06617fb5) C:\Windows\System32\tbssvc.dll

10:01:54.0049 3832 TBS - ok

10:01:54.0158 3832 Tcpip (46d448e9117464e4d3bbf36d7e3fa48e) C:\Windows\system32\drivers\tcpip.sys

10:01:54.0236 3832 Tcpip - ok

10:01:54.0376 3832 Tcpip6 (46d448e9117464e4d3bbf36d7e3fa48e) C:\Windows\system32\DRIVERS\tcpip.sys

10:01:54.0439 3832 Tcpip6 - ok

10:01:54.0485 3832 tcpipreg (c7e72a4071ee0200e3c075dacfb2b334) C:\Windows\system32\drivers\tcpipreg.sys

10:01:54.0563 3832 tcpipreg - ok

10:01:54.0595 3832 TDPIPE (1d8bf4aaa5fb7a2761475781dc1195bc) C:\Windows\system32\drivers\tdpipe.sys

10:01:54.0688 3832 TDPIPE - ok

10:01:54.0704 3832 TDTCP (7f7e00cdf609df657f4cda02dd1c9bb1) C:\Windows\system32\drivers\tdtcp.sys

10:01:54.0797 3832 TDTCP - ok

10:01:54.0829 3832 tdx (458919c8c42e398dc4802178d5ffee27) C:\Windows\system32\DRIVERS\tdx.sys

10:01:54.0922 3832 tdx - ok

10:01:54.0938 3832 TermDD (8c19678d22649ec002ef2282eae92f98) C:\Windows\system32\DRIVERS\termdd.sys

10:01:54.0985 3832 TermDD - ok

10:01:55.0031 3832 TermService (5cdd30bc217082dac71a9878d9bfd566) C:\Windows\System32\termsrv.dll

10:01:55.0125 3832 TermService - ok

10:01:55.0156 3832 Themes (56793271ecdedd350c5add305603e963) C:\Windows\system32\shsvcs.dll

10:01:55.0172 3832 Themes - ok

10:01:55.0187 3832 THREADORDER (3cbe4995e80e13ccfbc42e5dcf3ac81a) C:\Windows\system32\mmcss.dll

10:01:55.0219 3832 THREADORDER - ok

10:01:55.0265 3832 TomTomHOMEService (efef22b9577e5051057fde1ae381b50c) C:\Program Files (x86)\TomTom HOME 2\TomTomHOMEService.exe

10:01:55.0281 3832 TomTomHOMEService - ok

10:01:55.0312 3832 TrkWks (f4689f05af472a651a7b1b7b02d200e7) C:\Windows\System32\trkwks.dll

10:01:55.0343 3832 TrkWks - ok

10:01:55.0390 3832 TrustedInstaller (66328b08ef5a9305d8ede36b93930369) C:\Windows\servicing\TrustedInstaller.exe

10:01:55.0421 3832 TrustedInstaller - ok

10:01:55.0437 3832 tssecsrv (9e5409cd17c8bef193aad498f3bc2cb8) C:\Windows\system32\DRIVERS\tssecsrv.sys

10:01:55.0484 3832 tssecsrv - ok

10:01:55.0499 3832 tunmp (89ec74a9e602d16a75a4170511029b3c) C:\Windows\system32\DRIVERS\tunmp.sys

10:01:55.0546 3832 tunmp - ok

10:01:55.0577 3832 tunnel (30a9b3f45ad081bffc3bcaa9c812b609) C:\Windows\system32\DRIVERS\tunnel.sys

10:01:55.0624 3832 tunnel - ok

10:01:55.0640 3832 uagp35 (fec266ef401966311744bd0f359f7f56) C:\Windows\system32\drivers\uagp35.sys

10:01:55.0687 3832 uagp35 - ok

10:01:55.0733 3832 udfs (faf2640a2a76ed03d449e443194c4c34) C:\Windows\system32\DRIVERS\udfs.sys

10:01:55.0796 3832 udfs - ok

10:01:55.0827 3832 UI0Detect (060507c4113391394478f6953a79eedc) C:\Windows\system32\UI0Detect.exe

10:01:55.0874 3832 UI0Detect - ok

10:01:55.0889 3832 uliagpkx (4ec9447ac3ab462647f60e547208ca00) C:\Windows\system32\drivers\uliagpkx.sys

10:01:55.0921 3832 uliagpkx - ok

10:01:55.0952 3832 uliahci (697f0446134cdc8f99e69306184fbbb4) C:\Windows\system32\drivers\uliahci.sys

10:01:55.0983 3832 uliahci - ok

10:01:56.0030 3832 UlSata (31707f09846056651ea2c37858f5ddb0) C:\Windows\system32\drivers\ulsata.sys

10:01:56.0061 3832 UlSata - ok

10:01:56.0092 3832 ulsata2 (85e5e43ed5b48c8376281bab519271b7) C:\Windows\system32\drivers\ulsata2.sys

10:01:56.0123 3832 ulsata2 - ok

10:01:56.0155 3832 umbus (46e9a994c4fed537dd951f60b86ad3f4) C:\Windows\system32\DRIVERS\umbus.sys

10:01:56.0186 3832 umbus - ok

10:01:56.0217 3832 UMPass (01abe05c401e70795b43a8933b44831e) C:\Windows\system32\DRIVERS\umpass.sys

10:01:56.0248 3832 UMPass - ok

10:01:56.0279 3832 upnphost (7093799ff80e9deca0680d2e3535be60) C:\Windows\System32\upnphost.dll

10:01:56.0326 3832 upnphost - ok

10:01:56.0373 3832 USBAAPL64 (fb251567f41bc61988b26731dec19e4b) C:\Windows\system32\Drivers\usbaapl64.sys

10:01:56.0404 3832 USBAAPL64 - ok

10:01:56.0435 3832 usbccgp (07e3498fc60834219d2356293da0fecc) C:\Windows\system32\DRIVERS\usbccgp.sys

10:01:56.0529 3832 usbccgp - ok

10:01:56.0529 3832 usbcir (8c39d53e1a343f4c47ee8f3c052126d8) C:\Windows\system32\DRIVERS\usbcir.sys

10:01:56.0576 3832 usbcir - ok

10:01:56.0591 3832 usbehci (827e44de934a736ea31e91d353eb126f) C:\Windows\system32\DRIVERS\usbehci.sys

10:01:56.0654 3832 usbehci - ok

10:01:56.0669 3832 usbhub (bb35cd80a2ececfadc73569b3d70c7d1) C:\Windows\system32\DRIVERS\usbhub.sys

10:01:56.0732 3832 usbhub - ok

10:01:56.0747 3832 usbohci (e406b003a354776d317762694956b0fc) C:\Windows\system32\DRIVERS\usbohci.sys

10:01:56.0794 3832 usbohci - ok

10:01:56.0810 3832 usbprint (28b693b6d31e7b9332c1bdcefef228c1) C:\Windows\system32\DRIVERS\usbprint.sys

10:01:56.0872 3832 usbprint - ok

10:01:56.0888 3832 usbscan (ea0bf666868964fbe8cb10e50c97b9f1) C:\Windows\system32\DRIVERS\usbscan.sys

10:01:56.0935 3832 usbscan - ok

10:01:56.0966 3832 USBSTOR (b854c1558fca0c269a38663e8b59b581) C:\Windows\system32\DRIVERS\USBSTOR.SYS

10:01:57.0013 3832 USBSTOR - ok

10:01:57.0044 3832 usbuhci (b2872cbf9f47316abd0e0c74a1aba507) C:\Windows\system32\DRIVERS\usbuhci.sys

10:01:57.0091 3832 usbuhci - ok

10:01:57.0106 3832 UxSms (d76e231e4850bb3f88a3d9a78df191e3) C:\Windows\System32\uxsms.dll

10:01:57.0137 3832 UxSms - ok

10:01:57.0169 3832 vds (294945381dfa7ce58cecf0a9896af327) C:\Windows\System32\vds.exe

10:01:57.0215 3832 vds - ok

10:01:57.0247 3832 vga (916b94bcf1e09873fff2d5fb11767bbc) C:\Windows\system32\DRIVERS\vgapnp.sys

10:01:57.0309 3832 vga - ok

10:01:57.0325 3832 VgaSave (b83ab16b51feda65dd81b8c59d114d63) C:\Windows\System32\drivers\vga.sys

10:01:57.0387 3832 VgaSave - ok

10:01:57.0403 3832 viaide (8294b6c3fdb6c33f24e150de647ecdaa) C:\Windows\system32\drivers\viaide.sys

10:01:57.0434 3832 viaide - ok

10:01:57.0449 3832 volmgr (2b7e885ed951519a12c450d24535dfca) C:\Windows\system32\drivers\volmgr.sys

10:01:57.0496 3832 volmgr - ok

10:01:57.0512 3832 volmgrx (cec5ac15277d75d9e5dec2e1c6eaf877) C:\Windows\system32\drivers\volmgrx.sys

10:01:57.0559 3832 volmgrx - ok

10:01:57.0605 3832 volsnap (5280aada24ab36b01a84a6424c475c8d) C:\Windows\system32\drivers\volsnap.sys

10:01:57.0621 3832 volsnap - ok

10:01:57.0637 3832 vsmraid (a68f455ed2673835209318dd61bfbb0e) C:\Windows\system32\drivers\vsmraid.sys

10:01:57.0668 3832 vsmraid - ok

10:01:57.0761 3832 VSS (b75232dad33bfd95bf6f0a3e6bff51e1) C:\Windows\system32\vssvc.exe

10:01:57.0824 3832 VSS - ok

10:01:57.0917 3832 W32Time (f14a7de2ea41883e250892e1e5230a9a) C:\Windows\system32\w32time.dll

10:01:57.0964 3832 W32Time - ok

10:01:57.0995 3832 WacomPen (fef8fe5923fead2cee4dfabfce3393a7) C:\Windows\system32\drivers\wacompen.sys

10:01:58.0042 3832 WacomPen - ok

10:01:58.0058 3832 Wanarp (b8e7049622300d20ba6d8be0c47c0cfd) C:\Windows\system32\DRIVERS\wanarp.sys

10:01:58.0136 3832 Wanarp - ok

10:01:58.0136 3832 Wanarpv6 (b8e7049622300d20ba6d8be0c47c0cfd) C:\Windows\system32\DRIVERS\wanarp.sys

10:01:58.0167 3832 Wanarpv6 - ok

10:01:58.0198 3832 wcncsvc (b4e4c37d0aa6100090a53213ee2bf1c1) C:\Windows\System32\wcncsvc.dll

10:01:58.0229 3832 wcncsvc - ok

10:01:58.0276 3832 WcsPlugInService (ea4b369560e986f19d93f45a881484ac) C:\Windows\System32\WcsPlugInService.dll

10:01:58.0307 3832 WcsPlugInService - ok

10:01:58.0323 3832 Wd (0c17a0816f65b89e362e682ad5e7266e) C:\Windows\system32\drivers\wd.sys

10:01:58.0354 3832 Wd - ok

10:01:58.0417 3832 Wdf01000 (d02e7e4567da1e7582fbf6a91144b0df) C:\Windows\system32\drivers\Wdf01000.sys

10:01:58.0448 3832 Wdf01000 - ok

10:01:58.0463 3832 WdiServiceHost (c5efda73ebfca8b02a094898de0a9276) C:\Windows\system32\wdi.dll

10:01:58.0495 3832 WdiServiceHost - ok

10:01:58.0510 3832 WdiSystemHost (c5efda73ebfca8b02a094898de0a9276) C:\Windows\system32\wdi.dll

10:01:58.0541 3832 WdiSystemHost - ok

10:01:58.0557 3832 WebClient (3e6d05381cf35f75ebb055544a8ed9ac) C:\Windows\System32\webclnt.dll

10:01:58.0588 3832 WebClient - ok

10:01:58.0604 3832 Wecsvc (8d40bc587993f876658bf9fb0f7d3462) C:\Windows\system32\wecsvc.dll

10:01:58.0635 3832 Wecsvc - ok

10:01:58.0651 3832 wercplsupport (9c980351d7e96288ea0c23ae232bd065) C:\Windows\System32\wercplsupport.dll

10:01:58.0682 3832 wercplsupport - ok

10:01:58.0697 3832 WerSvc (66b9ecebc46683f47edc06333c075fef) C:\Windows\System32\WerSvc.dll

10:01:58.0729 3832 WerSvc - ok

10:01:58.0807 3832 winachsf (cbdeb4b3b5cf8c49acc221d45f1c50c1) C:\Windows\system32\DRIVERS\CAX_CNXT.sys

10:01:58.0853 3832 winachsf - ok

10:01:58.0900 3832 WinDefend - ok

10:01:58.0916 3832 WinHttpAutoProxySvc - ok

10:01:58.0963 3832 Winmgmt (d2e7296ed1bd26d8db2799770c077a02) C:\Windows\system32\wbem\WMIsvc.dll

10:01:59.0009 3832 Winmgmt - ok

10:01:59.0119 3832 WinRM (6cbb0c68f13b9c2ec1b16f5fa5e7c869) C:\Windows\system32\WsmSvc.dll

10:01:59.0243 3832 WinRM - ok

10:01:59.0368 3832 Wlansvc (ec339c8115e91baed835957e9a677f16) C:\Windows\System32\wlansvc.dll

10:01:59.0446 3832 Wlansvc - ok

10:01:59.0618 3832 wlidsvc (98f138897ef4246381d197cb81846d62) c:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE

10:01:59.0759 3832 wlidsvc - ok

10:01:59.0837 3832 WmiAcpi (e18aebaaa5a773fe11aa2c70f65320f5) C:\Windows\system32\DRIVERS\wmiacpi.sys

10:01:59.0884 3832 WmiAcpi - ok

10:01:59.0931 3832 wmiApSrv (21fa389e65a852698b6a1341f36ee02d) C:\Windows\system32\wbem\WmiApSrv.exe

10:01:59.0962 3832 wmiApSrv - ok

10:01:59.0993 3832 WMPNetworkSvc - ok

10:02:00.0024 3832 WPCSvc (cbc156c913f099e6680d1df9307db7a8) C:\Windows\System32\wpcsvc.dll

10:02:00.0056 3832 WPCSvc - ok

10:02:00.0102 3832 WPDBusEnum (490a18b4e4d53dc10879deaa8e8b70d9) C:\Windows\system32\wpdbusenum.dll

10:02:00.0134 3832 WPDBusEnum - ok

10:02:00.0165 3832 WpdUsb (5e2401b3fc1089c90e081291357371a9) C:\Windows\system32\DRIVERS\wpdusb.sys

10:02:00.0196 3832 WpdUsb - ok

10:02:00.0321 3832 WPFFontCache_v0400 (991e2c2cf3bc204c2bb2ee1476149e4e) C:\Windows\Microsoft.NET\Framework64\v4.0.30319\WPF\WPFFontCache_v0400.exe

10:02:00.0368 3832 WPFFontCache_v0400 - ok

10:02:00.0399 3832 ws2ifsl (8a900348370e359b6bff6a550e4649e1) C:\Windows\system32\drivers\ws2ifsl.sys

10:02:00.0477 3832 ws2ifsl - ok

10:02:00.0492 3832 wscsvc (9ea3e6d0ef7a5c2b9181961052a4b01a) C:\Windows\system32\wscsvc.dll

10:02:00.0524 3832 wscsvc - ok

10:02:00.0524 3832 WSearch - ok

10:02:00.0664 3832 wuauserv (d9ef901dca379cfe914e9fa13b73b4c4) C:\Windows\system32\wuaueng.dll

10:02:00.0804 3832 wuauserv - ok

10:02:00.0898 3832 WUDFRd (501a65252617b495c0f1832f908d54d8) C:\Windows\system32\DRIVERS\WUDFRd.sys

10:02:00.0976 3832 WUDFRd - ok

10:02:00.0992 3832 wudfsvc (6cbd51ff913c851d56ed9dc7f2a27dde) C:\Windows\System32\WUDFSvc.dll

10:02:01.0038 3832 wudfsvc - ok

10:02:01.0070 3832 XAudio (2f2ce5e47b014f52bc722ae28b19cbf3) C:\Windows\system32\DRIVERS\xaudio64.sys

10:02:01.0085 3832 XAudio - ok

10:02:01.0116 3832 XAudioService (a337887a4e3396a3ea5d6e54fa431c84) C:\Windows\system32\DRIVERS\xaudio64.exe

10:02:01.0148 3832 XAudioService - ok

10:02:01.0179 3832 MBR (0x1B8) (8c9f9e03865c35f0f3829a23cda42f5d) \Device\Harddisk0\DR0

10:02:03.0675 3832 \Device\Harddisk0\DR0 - ok

10:02:03.0675 3832 MBR (0x1B8) (8f558eb6672622401da993e1e865c861) \Device\Harddisk6\DR6

10:02:06.0077 3832 \Device\Harddisk6\DR6 - ok

10:02:06.0108 3832 Boot (0x1200) (aca8d8eee4ecbf8a2bc078dc82da69f2) \Device\Harddisk0\DR0\Partition0

10:02:06.0108 3832 \Device\Harddisk0\DR0\Partition0 - ok

10:02:06.0108 3832 Boot (0x1200) (784211be52d4ccd8801ebdd7adc95aaa) \Device\Harddisk6\DR6\Partition0

10:02:06.0124 3832 \Device\Harddisk6\DR6\Partition0 - ok

10:02:06.0124 3832 ============================================================

10:02:06.0124 3832 Scan finished

10:02:06.0124 3832 ============================================================

10:02:06.0140 1312 Detected object count: 2

10:02:06.0140 1312 Actual detected object count: 2

10:02:14.0938 1312 ETService ( UnsignedFile.Multi.Generic ) - skipped by user

10:02:14.0938 1312 ETService ( UnsignedFile.Multi.Generic ) - User select action: Skip

10:02:14.0954 1312 OMSI download service ( UnsignedFile.Multi.Generic ) - skipped by user

10:02:14.0954 1312 OMSI download service ( UnsignedFile.Multi.Generic ) - User select action: Skip

[Another Olmarik.TDL4 trojan problem]

ESET didn't find anythimg. TDSSKiller ran and identified the two objects that were skipped when I'd run it from the website.

[Another Olmarik.TDL4 trojan problem]

TDSSKiller ran from the desktop this time. Here's the log from the ESET scan:

ESETSmartInstaller@High as CAB hook log:

OnlineScanner64.ocx - registred OK

OnlineScanner.ocx - registred OK

[Another Olmarik.TDL4 trojan problem]

Well, I think maybe I got it. I started to download TDSSKiller again but instead of saving it to the desktop I just ran it from the website. I followed the instructions you'd given for running it and I believe it grabbed the trojan; one object was cured and one deleted. I rebooted and ran an ESET scan that didn't find the Olmarik.TDL4 bugger. Any further advice? Thanks so much for your patient help.

[Another Olmarik.TDL4 trojan problem]

Also, when I initiated Chameleon after running rkill, Malwarebytes updated itself and ran a scan that didn't find anything.

[Another Olmarik.TDL4 trojan problem]

rkill ran. TDSSKiller didn't. rkill log below.

This log file is located at C:\rkill.log.

Please post this only if requested to by the person helping you.

Otherwise you can close this log when you wish.

Rkill was run on 07/17/2012 at 13:36:48.

Operating System: Windows Vista Home Premium

Processes terminated by Rkill or while it was running:

C:\Users\Alan\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe

C:\Windows\SysWOW64\rundll32.exe

C:\Windows\SysWOW64\grpconv.exe

Rkill completed on 07/17/2012 at 13:38:21.

[Another Olmarik.TDL4 trojan problem]

Yep.

[Another Olmarik.TDL4 trojan problem]

BTW I was able to cut and paste TDSSKiller into the Chameleon folder now, but it still wouldn't run on two attempts.

[Another Olmarik.TDL4 trojan problem]

Sorry, still won't run.

[Another Olmarik.TDL4 trojan problem]

Here's the ComboFix report:

ComboFix 12-07-16.01 - Alan 07/16/2012 21:23:32.1.2 - x64

Microsoft® Windows Vista™ Home Premium 6.0.6002.2.1252.1.1033.18.3838.1903 [GMT -4:00]

Running from: c:\users\Alan\Desktop\ComboFix.exe

AV: ESET NOD32 Antivirus 3.0 *Disabled/Updated* {CB0F8167-5331-BA19-698E-64816B6801A5}

SP: ESET NOD32 Antivirus 3.0 *Disabled/Updated* {706E6083-750B-B597-533E-5FF310EF4B18}

SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

.

.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))

.

.

c:\programdata\hpe319A.dll

c:\users\Alan\AppData\Roaming\AD ON Multimedia

c:\windows\SysWow64\spool\prtprocs\w32x86\ppbiPr.dll

.

.

((((((((((((((((((((((((( Files Created from 2012-06-17 to 2012-07-17 )))))))))))))))))))))))))))))))

.

.

2012-07-17 02:05 . 2012-07-17 02:10 -------- d-----w- c:\users\Alan\AppData\Local\temp

2012-07-17 02:05 . 2012-07-17 02:05 -------- d-----w- c:\users\UpdatusUser\AppData\Local\temp

2012-07-17 02:05 . 2012-07-17 02:05 -------- d-----w- c:\users\Default\AppData\Local\temp

2012-07-16 15:54 . 2012-07-16 15:54 -------- d-----w- c:\users\Alan\AppData\Local\Zoom_Downloader

2012-07-16 15:54 . 2012-07-16 15:54 247 ----a-w- C:\user.js

2012-07-16 15:54 . 2012-07-16 15:54 -------- d-----w- c:\program files (x86)\BabylonToolbar

2012-07-16 15:54 . 2012-07-16 15:54 -------- d-----w- c:\programdata\Babylon

2012-07-14 00:03 . 2012-07-14 00:03 69000 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{3AC2850D-BD0B-416C-B786-AAFED5E587F8}\offreg.dll

2012-07-13 16:08 . 2012-06-18 07:12 9013136 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{3AC2850D-BD0B-416C-B786-AAFED5E587F8}\mpengine.dll

2012-07-11 07:02 . 2012-06-13 13:58 2769408 ----a-w- c:\windows\system32\win32k.sys

2012-06-27 00:24 . 2012-06-27 01:04 -------- d-----w- c:\program files (x86)\Cisco Systems

2012-06-20 02:55 . 2012-06-20 02:55 6429 ----a-w- c:\programdata\Microsoft\IdentityCRL\production\temp\wlidui_WLIDSVC(64)\UICORE.JS

2012-06-17 11:19 . 2011-07-27 20:22 66552 ----a-w- c:\windows\system32\drivers\mozy.sys

.

.

.

(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))

.

2012-07-03 17:46 . 2011-11-21 19:15 24904 ----a-w- c:\windows\system32\drivers\mbam.sys

2012-06-22 21:27 . 2012-04-11 20:28 426184 ----a-w- c:\windows\SysWow64\FlashPlayerApp.exe

2012-06-22 21:27 . 2011-06-03 21:34 70344 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl

2012-05-05 02:06 . 2012-04-13 21:48 8769696 ----a-w- c:\windows\SysWow64\FlashPlayerInstaller.exe

2012-05-01 14:29 . 2012-06-13 00:12 209920 ----a-w- c:\windows\system32\drivers\rdpwd.sys

2012-04-23 16:25 . 2012-06-13 00:11 1267200 ----a-w- c:\windows\system32\crypt32.dll

2012-04-23 16:25 . 2012-06-13 00:11 174592 ----a-w- c:\windows\system32\cryptsvc.dll

2012-04-23 16:25 . 2012-06-13 00:11 132096 ----a-w- c:\windows\system32\cryptnet.dll

2012-04-23 16:00 . 2012-06-13 00:11 984064 ----a-w- c:\windows\SysWow64\crypt32.dll

2012-04-23 16:00 . 2012-06-13 00:11 133120 ----a-w- c:\windows\SysWow64\cryptsvc.dll

2012-04-23 16:00 . 2012-06-13 00:11 98304 ----a-w- c:\windows\SysWow64\cryptnet.dll

2012-04-19 00:56 . 2012-04-19 00:56 94208 ----a-w- c:\windows\SysWow64\QuickTimeVR.qtx

2012-04-19 00:56 . 2012-04-19 00:56 69632 ----a-w- c:\windows\SysWow64\QuickTime.qts

.

.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))

.

.

*Note* empty entries & legit default entries are not shown

REGEDIT4

.

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2009-04-11 1555968]

"ISUSPM Startup"="c:\progra~2\COMMON~1\INSTAL~1\UPDATE~1\isuspm.exe" [2004-04-17 196608]

"SpybotSD TeaTimer"="c:\program files (x86)\Spybot - Search & Destroy\TeaTimer.exe" [2009-03-05 2260480]

"TomTomHOME.exe"="c:\program files (x86)\TomTom HOME 2\TomTomHOMERunner.exe" [2011-04-22 247728]

"QuickenScheduledUpdates"="c:\program files (x86)\Quicken\bagent.exe" [2010-06-02 77656]

"Spotify Web Helper"="c:\users\Alan\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe" [2012-06-29 932528]

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]

"LchDrvKey"="LchDrvKey.exe" [2007-03-29 36864]

"LedKey"="CNYHKey.exe" [2008-04-24 339968]

"Smart Copy"="c:\program files (x86)\IOI\Smart Copy\ButtonMonitor.exe" [2008-05-11 49152]

"PaperPort PTD"="c:\program files (x86)\ScanSoft\PaperPort\pptd40nt.exe" [2004-04-14 57393]

"IndexSearch"="c:\program files (x86)\ScanSoft\PaperPort\IndexSearch.exe" [2004-04-14 40960]

"BrMfcWnd"="c:\program files (x86)\Brother\Brmfcmon\BrMfcWnd.exe" [2007-03-08 622592]

"ControlCenter3"="c:\program files (x86)\Brother\ControlCenter3\brctrcen.exe" [2006-07-19 65536]

"Microsoft Default Manager"="c:\program files (x86)\Microsoft\Search Enhancement Pack\Default Manager\DefMgr.exe" [2009-07-17 288080]

"ISUSScheduler"="c:\program files (x86)\Common Files\InstallShield\UpdateService\issch.exe" [2004-04-13 69632]

"APSDaemon"="c:\program files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2012-02-21 59240]

"PowerPanel Personal Edition User Interaction"="c:\program files (x86)\CyberPower PowerPanel Personal Edition\pppeuser.exe" [2010-04-10 316864]

"Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2012-01-03 843712]

"iTunesHelper"="c:\program files (x86)\iTunes\iTunesHelper.exe" [2012-03-27 421736]

"QuickTime Task"="c:\program files (x86)\QuickTime\QTTask.exe" [2012-04-19 421888]

.

c:\users\Alan\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\

Jacquie Lawson Village Advent Calendar.lnk - c:\users\Alan\Desktop\Jacquie Lawson Village Advent Calendar\Jacquie Lawson Village Advent Calendar.exe [N/A]

.

c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\

EasySetPackage.lnk - c:\program files (x86)\LG Soft India\EasySetPackage\bin\EasySetPackage.exe [2010-12-20 159744]

Microsoft Office.lnk - c:\program files (x86)\Microsoft Office\Office10\OSA.EXE [2001-2-13 83360]

MozyHome Status.lnk - c:\program files\MozyHome\mozystat.exe [2012-6-4 6271376]

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]

"EnableUIADesktopToggle"= 0 (0x0)

.

[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\drivers32]

"aux"=wdmaud.drv

.

S2 AdobeARMservice;Adobe Acrobat Update Service;c:\program files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe [2012-01-03 63928]

.

.

--- Other Services/Drivers In Memory ---

.

*NewlyCreated* - WS2IFSL

.

HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows NT\CurrentVersion\Svchost - NetSvcs

Themes

.

Contents of the 'Scheduled Tasks' folder

.

2012-07-17 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job

- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2010-08-31 21:20]

.

2012-07-17 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job

- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2010-08-31 21:20]

.

.

--------- X64 Entries -----------

.

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\mozy2]

@="{747E722C-CB46-4a9d-BDFE-192AAD5099B1}"

[HKEY_CLASSES_ROOT\CLSID\{747E722C-CB46-4a9d-BDFE-192AAD5099B1}]

2012-06-04 20:17 6301584 ----a-w- c:\program files\MozyHome\mozyshell.dll

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\mozy3]

@="{EE6F5A00-7898-40f7-AB77-51FF9D6DEB20}"

[HKEY_CLASSES_ROOT\CLSID\{EE6F5A00-7898-40f7-AB77-51FF9D6DEB20}]

2012-06-04 20:17 6301584 ----a-w- c:\program files\MozyHome\mozyshell.dll

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"RtHDVCpl"="RAVCpl64.exe" [2008-04-17 5445120]

"Skytel"="Skytel.exe" [2008-04-17 1826816]

"egui"="c:\program files\ESET\ESET NOD32 Antivirus\egui.exe" [2009-10-07 1923640]

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]

"LoadAppInit_DLLs"=0x0

.

------- Supplementary Scan -------

.

uLocal Page = c:\windows\system32\blank.htm

mStart Page = hxxp://www.gateway.com/g/startpage.html?Ch=Retail&SubCH=&Br=GTW&Loc=ENG_US&Sys=DTP&M=DX4640-UB201A

mLocal Page = c:\windows\SysWOW64\blank.htm

uInternet Settings,ProxyOverride = localhost;*.local

IE: E&xport to Microsoft Excel - c:\progra~2\MICROS~2\Office12\EXCEL.EXE/3000

Trusted Zone: intuit.com\ttlc

TCP: DhcpNameServer = 209.18.47.61 209.18.47.62 192.168.1.1

DPF: {6A4F3A11-99B7-4BD1-AF88-B7354D1DAECD} - hxxp://www.freehandmusic.com/update/soleromusiccontrol.cab

CLSID: {603d3801-bd81-11d0-a3a5-00c04fd706ec} - %SystemRoot%\SysWow64\browseui.dll

FF - ProfilePath - c:\users\Alan\AppData\Roaming\Mozilla\Firefox\Profiles\9hgrmdzq.default\

FF - prefs.js: keyword.URL - hxxp://search.babylon.com/?affID=113959&tt=2912_7&babsrc=KW_ss&mntrId=2e93e7b0000000000000002185cdd9d9&q=

FF - prefs.js: browser.search.selectedEngine - Search the web (Babylon)

FF - prefs.js: browser.startup.homepage - hxxp://search.babylon.com/?affID=113959&tt=2912_7&babsrc=HP_ss&mntrId=2e93e7b0000000000000002185cdd9d9

FF - Ext: Default: {972ce4c6-7e08-4474-a285-3208198ce6fd} - c:\program files (x86)\Mozilla Firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}

FF - Ext: Java Console: {CAFEEFAC-0016-0000-0011-ABCDEFFEDCBA} - c:\program files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0011-ABCDEFFEDCBA}

FF - Ext: Java Console: {CAFEEFAC-0016-0000-0013-ABCDEFFEDCBA} - c:\program files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0013-ABCDEFFEDCBA}

FF - Ext: Java Console: {CAFEEFAC-0016-0000-0015-ABCDEFFEDCBA} - c:\program files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0015-ABCDEFFEDCBA}

FF - Ext: Java Console: {CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA} - c:\program files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA}

FF - Ext: Java Console: {CAFEEFAC-0016-0000-0019-ABCDEFFEDCBA} - c:\program files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0019-ABCDEFFEDCBA}

FF - Ext: Java Console: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA} - c:\program files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}

FF - Ext: Java Console: {CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA} - c:\program files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}

FF - Ext: Java Console: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA} - c:\program files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}

FF - Ext: Java Console: {CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA} - c:\program files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA}

FF - Ext: Java Console: {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA} - c:\program files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA}

FF - Ext: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension

FF - Ext: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - %profile%\extensions\{20a82645-c095-46ed-80e3-08825760534b}

FF - user.js: extensions.BabylonToolbar_i.id - 2e93e7b0000000000000002185cdd9d9

FF - user.js: extensions.BabylonToolbar_i.hardId - 2e93e7b0000000000000002185cdd9d9

FF - user.js: extensions.BabylonToolbar_i.instlDay - 15537

FF - user.js: extensions.BabylonToolbar_i.vrsn - 1.5.3.17

FF - user.js: extensions.BabylonToolbar_i.vrsni - 1.5.3.17

FF - user.js: extensions.BabylonToolbar_i.vrsnTs - 1.5.3.1711:54

FF - user.js: extensions.BabylonToolbar_i.prtnrId - babylon

FF - user.js: extensions.BabylonToolbar_i.prdct - BabylonToolbar

FF - user.js: extensions.BabylonToolbar_i.aflt - babsst

FF - user.js: extensions.BabylonToolbar_i.smplGrp - none

FF - user.js: extensions.BabylonToolbar_i.tlbrId - base

FF - user.js: extensions.BabylonToolbar_i.newTab - false

FF - user.js: extensions.BabylonToolbar_i.babTrack - affID=113959&tt=2912_7

FF - user.js: extensions.BabylonToolbar_i.babExt -

FF - user.js: extensions.BabylonToolbar_i.srcExt - ss

FF - user.js: extensions.BabylonToolbar_i.instlRef - sst

.

- - - - ORPHANS REMOVED - - - -

.

Wow6432Node-HKLM-Run-eRecoveryService - (no file)

HKLM-Run-Windows Defender - c:\program files (x86)\Windows Defender\MSASCui.exe

.

.

.

--------------------- LOCKED REGISTRY KEYS ---------------------

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]

@Denied: (A 2) (Everyone)

@="FlashBroker"

"LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_3_300_257_ActiveX.exe,-101"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]

"Enabled"=dword:00000001

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]

@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_3_300_257_ActiveX.exe"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]

@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]

@Denied: (A 2) (Everyone)

@="Shockwave Flash Object"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]

@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_3_300_257.ocx"

"ThreadingModel"="Apartment"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]

@="0"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]

@="ShockwaveFlash.ShockwaveFlash.11"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]

@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_3_300_257.ocx, 1"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]

@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]

@="1.0"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]

@="ShockwaveFlash.ShockwaveFlash"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]

@Denied: (A 2) (Everyone)

@="Macromedia Flash Factory Object"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]

@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_3_300_257.ocx"

"ThreadingModel"="Apartment"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]

@="FlashFactory.FlashFactory.1"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]

@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_3_300_257.ocx, 1"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]

@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]

@="1.0"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]

@="FlashFactory.FlashFactory"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]

@Denied: (A 2) (Everyone)

@="IFlashBroker4"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]

@="{00020424-0000-0000-C000-000000000046}"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]

@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"

"Version"="1.0"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\TypeLib\{D27CDB6B-AE6D-11CF-96B8-444553540000}]

@Denied: (A 2) (Everyone)

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\TypeLib\{D27CDB6B-AE6D-11CF-96B8-444553540000}\1.0]

@="Shockwave Flash"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\TypeLib\{FAB3E735-69C7-453B-A446-B6823C6DF1C9}]

@Denied: (A 2) (Everyone)

@=""

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\TypeLib\{FAB3E735-69C7-453B-A446-B6823C6DF1C9}\1.0]

@="FlashBroker"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Classes]

"SymbolicLinkValue"=hex(6):5c,00,52,00,45,00,47,00,49,00,53,00,54,00,52,00,59,

00,5c,00,4d,00,41,00,43,00,48,00,49,00,4e,00,45,00,5c,00,53,00,4f,00,46,00,\

.

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]

@Denied: (A) (Users)

@Denied: (A) (Everyone)

@Allowed: (B 1 2 3 4 5) (S-1-5-20)

"BlindDial"=dword:00000000

"MSCurrentCountry"=dword:000000b5

.

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings]

@Denied: (A) (Users)

@Denied: (A) (Everyone)

@Allowed: (B 1 2 3 4 5) (S-1-5-20)

"BlindDial"=dword:00000000

.

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0002\AllUserSettings]

@Denied: (A) (Users)

@Denied: (A) (Everyone)

@Allowed: (B 1 2 3 4 5) (S-1-5-20)

"BlindDial"=dword:00000000

.

------------------------ Other Running Processes ------------------------

.

c:\windows\SysWOW64\brsvc01a.exe

c:\windows\SysWOW64\brss01a.exe

c:\program files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe

c:\program files\ESET\ESET NOD32 Antivirus\x86\ekrn.exe

c:\program files (x86)\Sony Ericsson\Sony Ericsson PC Suite\SupServ.exe

c:\program files (x86)\CyberPower PowerPanel Personal Edition\ppped.exe

c:\program files (x86)\TomTom HOME 2\TomTomHOMEService.exe

c:\program files (x86)\Spybot - Search & Destroy\SDWinSec.exe

c:\windows\CNYHKey.exe

c:\program files (x86)\Brother\ControlCenter3\brccMCtl.exe

c:\program files (x86)\Brother\Brmfcmon\BrMfcmon.exe

c:\windows\ModLedKey.exe

c:\program files (x86)\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe

.

**************************************************************************

.

Completion time: 2012-07-16 22:32:17 - machine was rebooted

ComboFix-quarantined-files.txt 2012-07-17 02:32

.

Pre-Run: 349,160,742,912 bytes free

Post-Run: 349,330,866,176 bytes free

.

- - End Of File - - 22FFF755E51F50F1BB504F92DDC1122B

[Another Olmarik.TDL4 trojan problem]

Yes.

[Another Olmarik.TDL4 trojan problem]

I keep getting a "Destination Folder Access Denied" message that says "You need permission to perform this action."

[Another Olmarik.TDL4 trojan problem]

I'm not sure how to cut and pasteTDSSKiller.exe into the Chameleon folder.

[Another Olmarik.TDL4 trojan problem]

Won't open in safe mode or after several renamings.

[Another Olmarik.TDL4 trojan problem]

TDSSKiller won't open.

[Another Olmarik.TDL4 trojan problem]

Thanks for the prompt response! Those programs downloaded in an attempt to install tdsskiller.exe earlier today, which I read about in another post in this forum. Here's the RogueKiller report:

RogueKiller V7.6.3 [07/08/2012] by Tigzy

mail: tigzyRK<at>gmail<dot>com

Feedback: http://www.geekstogo.com/forum/files/file/413-roguekiller/

Blog: http://tigzyrk.blogspot.com

Operating System: Windows Vista (6.0.6002 Service Pack 2) 64 bits version

Started in : Normal mode

User: Alan [Admin rights]

Mode: Scan -- Date: 07/16/2012 14:22:20

¤¤¤ Bad processes: 2 ¤¤¤

[sUSP PATH] CNYHKey.exe -- C:\Windows\CNYHKey.exe -> KILLED [TermProc]

[sUSP PATH] ModLEDKey.exe -- C:\Windows\ModLedKey.exe -> KILLED [TermProc]

¤¤¤ Registry Entries: 11 ¤¤¤

[bLACKLIST DLL] HKUS\S-1-5-19[...]\Run : Update (rundll32.exe "C:\Users\Alan\AppData\Roaming\JLAdventCalendarClassic2011\JLAdventCalendarClassic2011\zchvwceaw.dll",DllRegisterServer) -> FOUND

[bLACKLIST DLL] HKUS\S-1-5-20[...]\Run : Update (rundll32.exe "C:\Users\Alan\AppData\Roaming\JLAdventCalendarClassic2011\JLAdventCalendarClassic2011\zchvwceaw.dll",DllRegisterServer) -> FOUND

[bLACKLIST DLL] HKUS\S-1-5-21-1243219318-89580929-75616085-1001[...]\Run : Update (rundll32.exe "C:\Users\Alan\AppData\Roaming\JLAdventCalendarClassic2011\JLAdventCalendarClassic2011\zchvwceaw.dll",DllRegisterServer) -> FOUND

[sUSP PATH] Jacquie Lawson Village Advent Calendar.lnk @Alan : C:\Users\Alan\Desktop\Jacquie Lawson Village Advent Calendar\Jacquie Lawson Village Advent Calendar.exe -> FOUND

[HJ] HKCU\[...]\Advanced : Start_TrackProgs (0) -> FOUND

[HJ] HKLM\[...]\NewStartPanel : {59031a47-3f72-44a7-89c5-5595fe6b30ee} (1) -> FOUND

[HJ] HKLM\[...]\NewStartPanel : {20D04FE0-3AEA-1069-A2D8-08002B30309D} (1) -> FOUND

[HJ] HKCU\[...]\ClassicStartMenu : {20D04FE0-3AEA-1069-A2D8-08002B30309D} (1) -> FOUND

[HJ] HKCU\[...]\NewStartPanel : {20D04FE0-3AEA-1069-A2D8-08002B30309D} (1) -> FOUND

[HJ] HKCU\[...]\ClassicStartMenu : {645FF040-5081-101B-9F08-00AA002F954E} (1) -> FOUND

[HJ] HKCU\[...]\NewStartPanel : {645FF040-5081-101B-9F08-00AA002F954E} (1) -> FOUND

¤¤¤ Particular Files / Folders: ¤¤¤

¤¤¤ Driver: [NOT LOADED] ¤¤¤

¤¤¤ Infection : ¤¤¤

¤¤¤ HOSTS File: ¤¤¤

127.0.0.1 localhost

::1 localhost

127.0.0.1 www.007guard.com

127.0.0.1 007guard.com

127.0.0.1 008i.com

127.0.0.1 www.008k.com

127.0.0.1 008k.com

127.0.0.1 www.00hq.com

127.0.0.1 00hq.com

127.0.0.1 010402.com

127.0.0.1 www.032439.com

127.0.0.1 032439.com

127.0.0.1 www.0scan.com

127.0.0.1 0scan.com

127.0.0.1 1000gratisproben.com

127.0.0.1 www.1000gratisproben.com

127.0.0.1 1001namen.com

127.0.0.1 www.1001namen.com

127.0.0.1 100888290cs.com

127.0.0.1 www.100888290cs.com

[...]

¤¤¤ MBR Check: ¤¤¤

+++++ PhysicalDrive0: WDC WD50 00AAKS-22A7B SCSI Disk Device +++++

--- User ---

[MBR] 3e5d085e84e52ce2901a5a71d916248e

[bSP] c100825321e2909ab506e122820da424 : Acer tatooed MBR Code

Partition table:

0 - [XXXXXX] ACER (0x27) [VISIBLE] Offset (sectors): 2048 | Size: 10240 Mo

1 - [ACTIVE] NTFS (0x07) [VISIBLE] Offset (sectors): 20973568 | Size: 466698 Mo

User = LL1 ... OK!

Error reading LL2 MBR!

Finished : << RKreport[1].txt >>

RKreport[1].txt

[Another Olmarik.TDL4 trojan problem]

I posted on this topic a couple weeks ago before a five day power outage and other assorted distractions. My ESET antivirus program found this Olmarik.TDL4 malware but can't fix it. Any help much appreciated. DDS and Attach files attached.

DDS.txt

Attach.txt

[Another Olmarik.TDL4 trojan problem]

I read the other forum posts on this issue and gather I should seek individual guidance with it. My computer has shown signs of infection (runs slow, re-directed web pages). ESET found numerous items that Spybot and Malwarebytes (free version) did not and cleared them all except this one. Any help much appreciated.

[Another Olmarik.TDL4 trojan problem]

I read the other forum posts on this issue and gather I should seek individual guidance with it. My computer has shown signs of infection (runs slow, re-directed web pages). ESET found numerous items that Spybot and Malwarebytes (free version) did not and cleared them all except this one. Any help much appreciated.