Trojan.Win32.Generic!BT / Cannot connect to SSL secure sites

[spencerp]

Hello all,

The issue started about week ago, this computer was bought new about a month or so ago.. and just the other week, I think I accidentally downloaded a bad "Adobe Flasher Player" program and installed it, and it's been hell ever since. Was having TONS of spammer / malware cookies in my registry, redirecting going on in Google search, my facebook account was hacked, and someone sent a few porn links to friends/ family and i had to change my facebook password quick, and etc. The computer originally came with a 160GB HDD... and I took my 500GB HDD out of the other tower, and had added it in here in this tower... I basically was just using the 500GB as a backup storage... I moved all my necessary files / etc from the 500GB to the 160GB which contained my Windows 7 Home Premium on it. The 500GB HDD basically was cleaned/formatted..

The fake "Adobe Flash Player" was installed the 160GB HDD which originally had the OS on... I tried running all kinds of anti-spyware programs... Super Anti-spyware, Ad-Aware, Spybot, CCleaner to keep removing temp files/folders... cookies and etc... I tried doing the ComboFix.. as well as other "fixes" / scans that I've seen posted in here before... The computer was just at a dragging hault... So I swapped places for the Hard Drives... Made the 500GB a new/fresh install of Windows 7... just had the 160GB as a storage hard drive.. Installed the OS/WIN 7 on the 500GB... Everything was fine... moved over some normal files from the 160GB to the 500GB.. but I think some traces of trojans are back! I installed the ESET Antivirus 5... Spyware Blaster ... Super Antispyware and Ad-aware again. And the Ad-Aware / ESET picked up some things.... I have some logs for here... from ComboFix, DDS, OTL, MBR Check, Catchme...The TDSSKiller log is too big to attach lmao... But I can later if need be.

Also, I'm not sure which programs were doing it, but I can't connect to SSL secure sites... when logging in to them... like Facebook.com, Deviantart.com... my email client Thunderbird... won't connect to get me my emails... Any ideas? Thanks.. I was thinking about moving all my "important files" back to the 160GB drive .. that I also formatted and etc... The hidden RECYCLE.BIN folder said it was "corrupted" before the formatting of that drive and I did a diskcheck on it.. appeared fine. I could just move my files to that drive... remove it from tower... then do a fresh install of Windows 7 again? If so, how would I totally remove / format this C:\ drive again of windows and replace it? I just want to have my files on here yet.

I ran RemoveIt Pro SE Pro trial... it found 70 to 79 viruses and trojans... and only removed like 50 some of them... Not sure what to do.. except maybe move important files to my other Sata Hard Drive again... and do another fresh install of windows 7... ugh!!

[D-FRED-BROWN]

Hello spencerp and welcome to Malwarebytes!

I am D-FRED-BROWN and I will be helping you.

Please print or save this topic: it will make it easier for you to follow the instructions and complete all of the necessary steps.

Note: I suggest you hold off on moving anything to the "storage drive" until we can verify that it's safe to do so. As you saw, there may have been traces left that caused your "new" hard drive to become infected as well. I'd leave things as they are for now.

-------------

First,

Please download to your Desktop:

• TDSSKiller.zip from here and extract it (right click on it => "Extract here").
  

>>> TDSSKiller: Double-click on TDSSKiller.exe to run the application.

• Click on the Start Scan button and wait for the scan and disinfection process to be over.
  
• If an infected file is detected, the default action will be Cure, click on Continue
  
• If a suspicious file is detected, the default action will be Skip, click on Continue
  
• If you are asked to reboot the computer to complete the process, click on the Reboot Now button. A report will be automatically saved at the root of the System drive ((usually C:\) in the form of "TDSSKiller.[Version]_[Date]_[Time]_log.txt" (for example, C:\TDSSKiller.2.2.0_20.12.2009_15.31.43_log.txt). Please copy and paste the contents of that file here.
  
• If no reboot is required, click on Report. A log file will appear. Please copy and paste the contents of that file in your next reply.
  

In your next reply, please include the following (you may need to use two posts to get it all in):

• TDSSKiller_log.txt
  

how the PC is running now?

-------------

Please download ComboFix.exe. Please visit this webpage for download links, and instructions for running the tool:

http://www.bleepingc...to-use-combofix

***IMPORTANT: save ComboFix to your Desktop***

* Ensure you have disabled all anti virus and anti malware programs so they do not interfere with the running of ComboFix.

Please go here to see a list of programs that should be disabled.

**Note: Do not mouseclick ComboFix's window while it's running. That may cause it to stall**

Please include the C:\ComboFix.txt in your next reply for further review.

Also, please let me know if any problems still remain.

-------------

Please download Security Check by screen317 from here or here.

• Save it to your Desktop.
  
• Double click SecurityCheck.exe and follow the onscreen instructions inside of the black box.
  
• A Notepad document should open automatically called checkup.txt; please post the contents of that document.
  

-------------

In your next reply, please include:

• TDSSKiller logfile
  
• C:\ComboFix.txt
  
• Security Check checkup.txt
  

How is your computer running now?

[D-FRED-BROWN]

(bump)

Are you still with me? If your problems still persist, let me know and we'll go about fixing them.

If not, please let me know so I can close this topic.

-DFB

[spencerp]

Hello, I'm still here! Sorry, I was on Bleepingcomputer.com more, since I originally started my issue threads there... Since I posted here, I basically deleted volume on main primary HDD a few times, and did several reinstalls of Windows 7... The one guy on bleepingcomputer.com thinks I have motherboard issue... I think I have HDD issue, as some bad sectors were found. I ordered a brand new 750GB Seagate HDD and motherboard exactly like I have now... Dell Desktop Optiplex 755... Waiting on those parts to arrive here to replace lol.

Um, currently... the only thing I'm worried and wondering about are these IP blocks I got from Malwarebytes...

2012/06/01 15:17:58 -0400 SPENCER-PC spencer IP-BLOCK 85.159.232.159 (Type: outgoing, Port: 51338, Process: chrome.exe)

2012/06/01 15:17:58 -0400 SPENCER-PC spencer IP-BLOCK 85.159.232.159 (Type: outgoing, Port: 51339, Process: chrome.exe)

2012/06/01 15:17:58 -0400 SPENCER-PC spencer IP-BLOCK 85.159.232.159 (Type: outgoing, Port: 51340, Process: chrome.exe)

2012/06/01 15:19:02 -0400 SPENCER-PC spencer IP-BLOCK 85.159.232.159 (Type: outgoing, Port: 51486, Process: chrome.exe)

2012/06/01 15:19:02 -0400 SPENCER-PC spencer IP-BLOCK 85.159.232.159 (Type: outgoing, Port: 51487, Process: chrome.exe)

2012/06/01 16:38:00 -0400 SPENCER-PC spencer IP-BLOCK 85.159.232.159 (Type: outgoing, Port: 54411, Process: chrome.exe)

2012/06/01 16:38:00 -0400 SPENCER-PC spencer IP-BLOCK 85.159.232.159 (Type: outgoing, Port: 54412, Process: chrome.exe)

2012/06/01 16:38:00 -0400 SPENCER-PC spencer IP-BLOCK 85.159.232.159 (Type: outgoing, Port: 54413, Process: chrome.exe)

The guy on Bleepingcomputer.com says...

That IP is behind the following domain:

https://www.nforce.com/

Tracing route to 85.159.232.159 over a maximum of 30 hops

1 <1 ms <1 ms <1 ms 192.168.1.1

2 5 ms 4 ms 5 ms L300.BLTMMD-VFTTP-60.verizon-gni.net [96.244.69.1]

3 6 ms 6 ms 5 ms G0-5-0-1.BLTMMD-LCR-22.verizon-gni.net [130.81.185.252]

4 9 ms 9 ms 9 ms so-6-1-0-0.PHIL-BB-RTR2.verizon-gni.net [130.81.199.4]

5 15 ms 14 ms 16 ms 0.xe-3-0-1.XL4.IAD8.ALTER.NET [152.63.3.69]

6 16 ms 16 ms 16 ms GigabitEthernet5-0-0.GW8.IAD8.ALTER.NET [152.63.33.97]

7 11 ms 12 ms 10 ms tinet-gw.customer.alter.net [152.179.50.30]

8 103 ms 102 ms 101 ms xe-10-2-0.ams12.ip4.tinet.net [89.149.180.114]

9 101 ms 102 ms 99 ms nforce-gw.ip4.tinet.net [77.67.90.86]

10 106 ms 105 ms 105 ms 30-239-159-85.rtr1.b06-s02-az16.gsa.nl.nforce.com [85.159.239.30]

11 102 ms 104 ms 103 ms 5-239-159-85.rtr1.dbn.nl.nforce.com [85.159.239.5]

12 104 ms 111 ms 104 ms 85.159.232.159

Trace complete.

C:\Users\cryptodan>

Seems to be a streaming service.

My original thread over there is: http://www.bleepingcomputer.com/forums/topic455377.html/

I'll run more scans, if you think I should? I already ran Microsoft Security Essentials, ESET Anti-Virus 6 Beta, Super Anti-spyware, Malwarebytes Free Trial and etc... Nothing was found, but that block of that IP has me wondering/worried...

[spencerp]

Here's the TDSSKiller log

17:39:15.0582 5424 TDSS rootkit removing tool 2.7.36.0 May 21 2012 16:40:16

17:39:15.0972 5424 ============================================================

17:39:15.0972 5424 Current date / time: 2012/06/01 17:39:15.0972

17:39:15.0972 5424 SystemInfo:

17:39:15.0972 5424

17:39:15.0972 5424 OS Version: 6.1.7601 ServicePack: 1.0

17:39:15.0972 5424 Product type: Workstation

17:39:15.0972 5424 ComputerName: SPENCER-PC

17:39:15.0972 5424 UserName: spencer

17:39:15.0972 5424 Windows directory: C:\Windows

17:39:15.0972 5424 System windows directory: C:\Windows

17:39:15.0972 5424 Processor architecture: Intel x86

17:39:15.0972 5424 Number of processors: 2

17:39:15.0972 5424 Page size: 0x1000

17:39:15.0972 5424 Boot type: Normal boot

17:39:15.0972 5424 ============================================================

17:39:16.0752 5424 Drive \Device\Harddisk1\DR1 - Size: 0x7470C06000 (465.76 Gb), SectorSize: 0x200, Cylinders: 0xCF0156, SectorsPerTrack: 0x4, TracksPerCylinder: 0x12, Type 'K0', Flags 0x00000050

17:39:16.0767 5424 Drive \Device\Harddisk0\DR0 - Size: 0x2658AE0000 (153.39 Gb), SectorSize: 0x200, Cylinders: 0x16E1F, SectorsPerTrack: 0x34, TracksPerCylinder: 0x42, Type 'K0', Flags 0x00000050

17:39:16.0767 5424 ============================================================

17:39:16.0767 5424 \Device\Harddisk1\DR1:

17:39:16.0767 5424 MBR partitions:

17:39:16.0767 5424 \Device\Harddisk1\DR1\Partition0: MBR, Type 0x7, StartLBA 0x800, BlocksNum 0x32000

17:39:16.0767 5424 \Device\Harddisk1\DR1\Partition1: MBR, Type 0x7, StartLBA 0x32800, BlocksNum 0x3A353000

17:39:16.0767 5424 \Device\Harddisk0\DR0:

17:39:16.0767 5424 MBR partitions:

17:39:16.0767 5424 \Device\Harddisk0\DR0\Partition0: MBR, Type 0x7, StartLBA 0x800, BlocksNum 0x132C4000

17:39:16.0767 5424 ============================================================

17:39:16.0798 5424 C: <-> \Device\Harddisk1\DR1\Partition1

17:39:16.0830 5424 D: <-> \Device\Harddisk0\DR0\Partition0

17:39:16.0830 5424 ============================================================

17:39:16.0830 5424 Initialize success

17:39:16.0830 5424 ============================================================

17:39:21.0884 0932 ============================================================

17:39:21.0884 0932 Scan started

17:39:21.0884 0932 Mode: Manual; SigCheck; TDLFS;

17:39:21.0884 0932 ============================================================

17:39:22.0414 0932 !SASCORE (c0393eb99a6c72c6bef9bfc4a72b33a6) C:\Program Files\SUPERAntiSpyware\SASCORE.EXE

17:39:22.0461 0932 !SASCORE - ok

17:39:22.0570 0932 1394ohci (1b133875b8aa8ac48969bd3458afe9f5) C:\Windows\system32\drivers\1394ohci.sys

17:39:22.0602 0932 1394ohci - ok

17:39:22.0633 0932 ACPI (cea80c80bed809aa0da6febc04733349) C:\Windows\system32\drivers\ACPI.sys

17:39:22.0648 0932 ACPI - ok

17:39:22.0664 0932 AcpiPmi (1efbc664abff416d1d07db115dcb264f) C:\Windows\system32\drivers\acpipmi.sys

17:39:22.0680 0932 AcpiPmi - ok

17:39:22.0726 0932 AdobeARMservice (62b7936f9036dd6ed36e6a7efa805dc0) C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe

17:39:22.0726 0932 AdobeARMservice - ok

17:39:22.0758 0932 AdobeFlashPlayerUpdateSvc (76d5a3d2a50402a0b9b6ed13c4371e79) C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe

17:39:22.0773 0932 AdobeFlashPlayerUpdateSvc - ok

17:39:22.0804 0932 adp94xx (21e785ebd7dc90a06391141aac7892fb) C:\Windows\system32\drivers\adp94xx.sys

17:39:22.0820 0932 adp94xx - ok

17:39:22.0836 0932 adpahci (0c676bc278d5b59ff5abd57bbe9123f2) C:\Windows\system32\drivers\adpahci.sys

17:39:22.0851 0932 adpahci - ok

17:39:22.0867 0932 adpu320 (7c7b5ee4b7b822ec85321fe23a27db33) C:\Windows\system32\drivers\adpu320.sys

17:39:22.0914 0932 adpu320 - ok

17:39:22.0929 0932 AeLookupSvc (8b5eefeec1e6d1a72a06c526628ad161) C:\Windows\System32\aelupsvc.dll

17:39:22.0992 0932 AeLookupSvc - ok

17:39:23.0038 0932 AFD (9ebbba55060f786f0fcaa3893bfa2806) C:\Windows\system32\drivers\afd.sys

17:39:23.0054 0932 AFD - ok

17:39:23.0070 0932 agp440 (507812c3054c21cef746b6ee3d04dd6e) C:\Windows\system32\drivers\agp440.sys

17:39:23.0085 0932 agp440 - ok

17:39:23.0116 0932 aic78xx (8b30250d573a8f6b4bd23195160d8707) C:\Windows\system32\drivers\djsvs.sys

17:39:23.0116 0932 aic78xx - ok

17:39:23.0148 0932 ALG (18a54e132947cd98fea9accc57f98f13) C:\Windows\System32\alg.exe

17:39:23.0163 0932 ALG - ok

17:39:23.0163 0932 aliide (0d40bcf52ea90fc7df2aeab6503dea44) C:\Windows\system32\drivers\aliide.sys

17:39:23.0179 0932 aliide - ok

17:39:23.0194 0932 amdagp (3c6600a0696e90a463771c7422e23ab5) C:\Windows\system32\drivers\amdagp.sys

17:39:23.0194 0932 amdagp - ok

17:39:23.0210 0932 amdide (cd5914170297126b6266860198d1d4f0) C:\Windows\system32\drivers\amdide.sys

17:39:23.0210 0932 amdide - ok

17:39:23.0226 0932 AmdK8 (00dda200d71bac534bf56a9db5dfd666) C:\Windows\system32\drivers\amdk8.sys

17:39:23.0241 0932 AmdK8 - ok

17:39:23.0257 0932 AmdPPM (3cbf30f5370fda40dd3e87df38ea53b6) C:\Windows\system32\drivers\amdppm.sys

17:39:23.0257 0932 AmdPPM - ok

17:39:23.0288 0932 amdsata (d320bf87125326f996d4904fe24300fc) C:\Windows\system32\drivers\amdsata.sys

17:39:23.0304 0932 amdsata - ok

17:39:23.0319 0932 amdsbs (ea43af0c423ff267355f74e7a53bdaba) C:\Windows\system32\drivers\amdsbs.sys

17:39:23.0335 0932 amdsbs - ok

17:39:23.0350 0932 amdxata (46387fb17b086d16dea267d5be23a2f2) C:\Windows\system32\drivers\amdxata.sys

17:39:23.0366 0932 amdxata - ok

17:39:23.0382 0932 AppID (aea177f783e20150ace5383ee368da19) C:\Windows\system32\drivers\appid.sys

17:39:23.0413 0932 AppID - ok

17:39:23.0428 0932 AppIDSvc (62a9c86cb6085e20db4823e4e97826f5) C:\Windows\System32\appidsvc.dll

17:39:23.0460 0932 AppIDSvc - ok

17:39:23.0475 0932 Appinfo (fb1959012294d6ad43e5304df65e3c26) C:\Windows\System32\appinfo.dll

17:39:23.0506 0932 Appinfo - ok

17:39:23.0522 0932 arc (2932004f49677bd84dbc72edb754ffb3) C:\Windows\system32\drivers\arc.sys

17:39:23.0522 0932 arc - ok

17:39:23.0538 0932 arcsas (5d6f36c46fd283ae1b57bd2e9feb0bc7) C:\Windows\system32\drivers\arcsas.sys

17:39:23.0553 0932 arcsas - ok

17:39:23.0553 0932 AsyncMac (add2ade1c2b285ab8378d2daaf991481) C:\Windows\system32\DRIVERS\asyncmac.sys

17:39:23.0616 0932 AsyncMac - ok

17:39:23.0631 0932 atapi (338c86357871c167a96ab976519bf59e) C:\Windows\system32\drivers\atapi.sys

17:39:23.0631 0932 atapi - ok

17:39:23.0678 0932 AudioEndpointBuilder (ce3b4e731638d2ef62fcb419be0d39f0) C:\Windows\System32\Audiosrv.dll

17:39:23.0709 0932 AudioEndpointBuilder - ok

17:39:23.0725 0932 Audiosrv (ce3b4e731638d2ef62fcb419be0d39f0) C:\Windows\System32\Audiosrv.dll

17:39:23.0756 0932 Audiosrv - ok

17:39:23.0787 0932 AxInstSV (6e30d02aac9cac84f421622e3a2f6178) C:\Windows\System32\AxInstSV.dll

17:39:23.0803 0932 AxInstSV - ok

17:39:23.0834 0932 b06bdrv (1a231abec60fd316ec54c66715543cec) C:\Windows\system32\drivers\bxvbdx.sys

17:39:23.0865 0932 b06bdrv - ok

17:39:23.0881 0932 b57nd60x (bd8869eb9cde6bbe4508d869929869ee) C:\Windows\system32\DRIVERS\b57nd60x.sys

17:39:23.0912 0932 b57nd60x - ok

17:39:23.0912 0932 BDESVC (ee1e9c3bb8228ae423dd38db69128e71) C:\Windows\System32\bdesvc.dll

17:39:23.0943 0932 BDESVC - ok

17:39:23.0959 0932 Beep (505506526a9d467307b3c393dedaf858) C:\Windows\system32\drivers\Beep.sys

17:39:23.0990 0932 Beep - ok

17:39:24.0021 0932 BFE (1e2bac209d184bb851e1a187d8a29136) C:\Windows\System32\bfe.dll

17:39:24.0052 0932 BFE - ok

17:39:24.0099 0932 BITS (e585445d5021971fae10393f0f1c3961) C:\Windows\System32\qmgr.dll

17:39:24.0130 0932 BITS - ok

17:39:24.0146 0932 blbdrive (2287078ed48fcfc477b05b20cf38f36f) C:\Windows\system32\DRIVERS\blbdrive.sys

17:39:24.0162 0932 blbdrive - ok

17:39:24.0177 0932 bowser (8f2da3028d5fcbd1a060a3de64cd6506) C:\Windows\system32\DRIVERS\bowser.sys

17:39:24.0208 0932 bowser - ok

17:39:24.0208 0932 BrFiltLo (9f9acc7f7ccde8a15c282d3f88b43309) C:\Windows\system32\drivers\BrFiltLo.sys

17:39:24.0224 0932 BrFiltLo - ok

17:39:24.0240 0932 BrFiltUp (56801ad62213a41f6497f96dee83755a) C:\Windows\system32\drivers\BrFiltUp.sys

17:39:24.0255 0932 BrFiltUp - ok

17:39:24.0271 0932 Browser (6e11f33d14d020f58d5e02e4d67dfa19) C:\Windows\System32\browser.dll

17:39:24.0286 0932 Browser - ok

17:39:24.0318 0932 Brserid (845b8ce732e67f3b4133164868c666ea) C:\Windows\System32\Drivers\Brserid.sys

17:39:24.0349 0932 Brserid - ok

17:39:24.0349 0932 BrSerWdm (203f0b1e73adadbbb7b7b1fabd901f6b) C:\Windows\System32\Drivers\BrSerWdm.sys

17:39:24.0364 0932 BrSerWdm - ok

17:39:24.0364 0932 BrUsbMdm (bd456606156ba17e60a04e18016ae54b) C:\Windows\System32\Drivers\BrUsbMdm.sys

17:39:24.0380 0932 BrUsbMdm - ok

17:39:24.0380 0932 BrUsbSer (af72ed54503f717a43268b3cc5faec2e) C:\Windows\System32\Drivers\BrUsbSer.sys

17:39:24.0411 0932 BrUsbSer - ok

17:39:24.0411 0932 BTHMODEM (ed3df7c56ce0084eb2034432fc56565a) C:\Windows\system32\drivers\bthmodem.sys

17:39:24.0442 0932 BTHMODEM - ok

17:39:24.0458 0932 bthserv (1df19c96eef6c29d1c3e1a8678e07190) C:\Windows\system32\bthserv.dll

17:39:24.0489 0932 bthserv - ok

17:39:24.0505 0932 cdfs (77ea11b065e0a8ab902d78145ca51e10) C:\Windows\system32\DRIVERS\cdfs.sys

17:39:24.0536 0932 cdfs - ok

17:39:24.0552 0932 cdrom (be167ed0fdb9c1fa1133953c18d5a6c9) C:\Windows\system32\DRIVERS\cdrom.sys

17:39:24.0567 0932 cdrom - ok

17:39:24.0583 0932 CertPropSvc (319c6b309773d063541d01df8ac6f55f) C:\Windows\System32\certprop.dll

17:39:24.0614 0932 CertPropSvc - ok

17:39:24.0630 0932 circlass (3fe3fe94a34df6fb06e6418d0f6a0060) C:\Windows\system32\drivers\circlass.sys

17:39:24.0645 0932 circlass - ok

17:39:24.0661 0932 CLFS (635181e0e9bbf16871bf5380d71db02d) C:\Windows\system32\CLFS.sys

17:39:24.0676 0932 CLFS - ok

17:39:24.0723 0932 clr_optimization_v2.0.50727_32 (d88040f816fda31c3b466f0fa0918f29) C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe

17:39:24.0739 0932 clr_optimization_v2.0.50727_32 - ok

17:39:24.0895 0932 clr_optimization_v4.0.30319_32 (c5a75eb48e2344abdc162bda79e16841) C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe

17:39:24.0910 0932 clr_optimization_v4.0.30319_32 - ok

17:39:24.0910 0932 CmBatt (dea805815e587dad1dd2c502220b5616) C:\Windows\system32\drivers\CmBatt.sys

17:39:24.0926 0932 CmBatt - ok

17:39:24.0926 0932 cmdide (c537b1db64d495b9b4717b4d6d9edbf2) C:\Windows\system32\drivers\cmdide.sys

17:39:24.0942 0932 cmdide - ok

17:39:24.0988 0932 CNG (6427525d76f61d0c519b008d3680e8e7) C:\Windows\system32\Drivers\cng.sys

17:39:25.0004 0932 CNG - ok

17:39:25.0020 0932 Compbatt (a6023d3823c37043986713f118a89bee) C:\Windows\system32\drivers\compbatt.sys

17:39:25.0035 0932 Compbatt - ok

17:39:25.0066 0932 CompFilter (9704b9c442e3ef2989746d08f80a3743) C:\Windows\system32\DRIVERS\lvbusflt.sys

17:39:25.0144 0932 CompFilter - ok

17:39:25.0160 0932 CompositeBus (cbe8c58a8579cfe5fccf809e6f114e89) C:\Windows\system32\DRIVERS\CompositeBus.sys

17:39:25.0176 0932 CompositeBus - ok

17:39:25.0191 0932 COMSysApp - ok

17:39:25.0207 0932 crcdisk (2c4ebcfc84a9b44f209dff6c6e6c61d1) C:\Windows\system32\drivers\crcdisk.sys

17:39:25.0222 0932 crcdisk - ok

17:39:25.0254 0932 CryptSvc (a585bebf7d054bd9618eda0922d5484a) C:\Windows\system32\cryptsvc.dll

17:39:25.0488 0932 CryptSvc - ok

17:39:25.0519 0932 DcomLaunch (7660f01d3b38aca1747e397d21d790af) C:\Windows\system32\rpcss.dll

17:39:25.0550 0932 DcomLaunch - ok

17:39:25.0581 0932 defragsvc (8d6e10a2d9a5eed59562d9b82cf804e1) C:\Windows\System32\defragsvc.dll

17:39:25.0612 0932 defragsvc - ok

17:39:25.0628 0932 DfsC (f024449c97ec1e464aaffda18593db88) C:\Windows\system32\Drivers\dfsc.sys

17:39:25.0659 0932 DfsC - ok

17:39:25.0675 0932 Dhcp (e9e01eb683c132f7fa27cd607b8a2b63) C:\Windows\system32\dhcpcore.dll

17:39:25.0737 0932 Dhcp - ok

17:39:25.0737 0932 discache (1a050b0274bfb3890703d490f330c0da) C:\Windows\system32\drivers\discache.sys

17:39:25.0784 0932 discache - ok

17:39:25.0800 0932 Disk (565003f326f99802e68ca78f2a68e9ff) C:\Windows\system32\drivers\disk.sys

17:39:25.0815 0932 Disk - ok

17:39:25.0831 0932 Dnscache (33ef4861f19a0736b11314aad9ae28d0) C:\Windows\System32\dnsrslvr.dll

17:39:25.0862 0932 Dnscache - ok

17:39:25.0878 0932 dot3svc (366ba8fb4b7bb7435e3b9eacb3843f67) C:\Windows\System32\dot3svc.dll

17:39:25.0924 0932 dot3svc - ok

17:39:25.0924 0932 DPS (8ec04ca86f1d68da9e11952eb85973d6) C:\Windows\system32\dps.dll

17:39:25.0971 0932 DPS - ok

17:39:25.0987 0932 drmkaud (b918e7c5f9bf77202f89e1a9539f2eb4) C:\Windows\system32\drivers\drmkaud.sys

17:39:26.0018 0932 drmkaud - ok

17:39:26.0049 0932 DXGKrnl (23f5d28378a160352ba8f817bd8c71cb) C:\Windows\System32\drivers\dxgkrnl.sys

17:39:26.0080 0932 DXGKrnl - ok

17:39:26.0112 0932 e1express (0535bfbedb9378ddd15bdf9957d57d71) C:\Windows\system32\DRIVERS\e1e6232.sys

17:39:26.0127 0932 e1express - ok

17:39:26.0158 0932 eamonm (552d8341e58ec676d6dc4f0d0841d9f2) C:\Windows\system32\DRIVERS\eamonm.sys

17:39:26.0190 0932 eamonm - ok

17:39:26.0299 0932 EAOXKRFC (be1ec15e573179919c8417a694fb4f77) C:\Users\spencer\AppData\Local\Temp\EAOXKRFC.exe

17:39:26.0314 0932 EAOXKRFC ( UnsignedFile.Multi.Generic ) - warning

17:39:26.0314 0932 EAOXKRFC - detected UnsignedFile.Multi.Generic (1)

17:39:26.0346 0932 EapHost (8600142fa91c1b96367d3300ad0f3f3a) C:\Windows\System32\eapsvc.dll

17:39:26.0361 0932 EapHost - ok

17:39:26.0517 0932 ebdrv (024e1b5cac09731e4d868e64dbfb4ab0) C:\Windows\system32\drivers\evbdx.sys

17:39:26.0611 0932 ebdrv - ok

17:39:26.0673 0932 EFS (81951f51e318aecc2d68559e47485cc4) C:\Windows\System32\lsass.exe

17:39:26.0704 0932 EFS - ok

17:39:26.0736 0932 ehdrv (bb48a9d351200df3cdb4a7fe205e05bc) C:\Windows\system32\DRIVERS\ehdrv.sys

17:39:26.0751 0932 ehdrv - ok

17:39:26.0798 0932 ehRecvr (a8c362018efc87beb013ee28f29c0863) C:\Windows\ehome\ehRecvr.exe

17:39:26.0845 0932 ehRecvr - ok

17:39:26.0860 0932 ehSched (d389bff34f80caede417bf9d1507996a) C:\Windows\ehome\ehsched.exe

17:39:26.0892 0932 ehSched - ok

17:39:27.0016 0932 ekrn (2d24e005a0326f6f0823cce22db929f7) C:\Program Files\ESET\ESET NOD32 Antivirus\ekrn.exe

17:39:27.0063 0932 ekrn - ok

17:39:27.0126 0932 elxstor (0ed67910c8c326796faa00b2bf6d9d3c) C:\Windows\system32\drivers\elxstor.sys

17:39:27.0157 0932 elxstor - ok

17:39:27.0188 0932 epfwwfpr (675aa74619c3442c9fb31ad5d1a7cad4) C:\Windows\system32\DRIVERS\epfwwfpr.sys

17:39:27.0204 0932 epfwwfpr - ok

17:39:27.0219 0932 ErrDev (8fc3208352dd3912c94367a206ab3f11) C:\Windows\system32\drivers\errdev.sys

17:39:27.0219 0932 ErrDev - ok

17:39:27.0266 0932 EventSystem (f6916efc29d9953d5d0df06882ae8e16) C:\Windows\system32\es.dll

17:39:27.0297 0932 EventSystem - ok

17:39:27.0313 0932 exfat (2dc9108d74081149cc8b651d3a26207f) C:\Windows\system32\drivers\exfat.sys

17:39:27.0344 0932 exfat - ok

17:39:27.0469 0932 EYPFNOQXCZDH (1d38bf8526f5eef95f62d2af4ce8cfae) C:\Users\spencer\AppData\Local\Temp\EYPFNOQXCZDH.exe

17:39:27.0484 0932 EYPFNOQXCZDH ( UnsignedFile.Multi.Generic ) - warning

17:39:27.0484 0932 EYPFNOQXCZDH - detected UnsignedFile.Multi.Generic (1)

17:39:27.0500 0932 fastfat (7e0ab74553476622fb6ae36f73d97d35) C:\Windows\system32\drivers\fastfat.sys

17:39:27.0531 0932 fastfat - ok

17:39:27.0578 0932 Fax (967ea5b213e9984cbe270205df37755b) C:\Windows\system32\fxssvc.exe

17:39:27.0609 0932 Fax - ok

17:39:27.0609 0932 fdc (e817a017f82df2a1f8cfdbda29388b29) C:\Windows\system32\drivers\fdc.sys

17:39:27.0625 0932 fdc - ok

17:39:27.0640 0932 fdPHost (f3222c893bd2f5821a0179e5c71e88fb) C:\Windows\system32\fdPHost.dll

17:39:27.0656 0932 fdPHost - ok

17:39:27.0672 0932 FDResPub (7dbe8cbfe79efbdeb98c9fb08d3a9a5b) C:\Windows\system32\fdrespub.dll

17:39:27.0687 0932 FDResPub - ok

17:39:27.0703 0932 FileInfo (6cf00369c97f3cf563be99be983d13d8) C:\Windows\system32\drivers\fileinfo.sys

17:39:27.0718 0932 FileInfo - ok

17:39:27.0734 0932 Filetrace (42c51dc94c91da21cb9196eb64c45db9) C:\Windows\system32\drivers\filetrace.sys

17:39:27.0765 0932 Filetrace - ok

17:39:27.0765 0932 flpydisk (87907aa70cb3c56600f1c2fb8841579b) C:\Windows\system32\drivers\flpydisk.sys

17:39:27.0781 0932 flpydisk - ok

17:39:27.0812 0932 FltMgr (7520ec808e0c35e0ee6f841294316653) C:\Windows\system32\drivers\fltmgr.sys

17:39:27.0828 0932 FltMgr - ok

17:39:27.0890 0932 FontCache (b3a5ec6b6b6673db7e87c2bcdbddc074) C:\Windows\system32\FntCache.dll

17:39:27.0937 0932 FontCache - ok

17:39:27.0999 0932 FontCache3.0.0.0 (e56f39f6b7fda0ac77a79b0fd3de1a2f) C:\Windows\Microsoft.Net\Framework\v3.0\WPF\PresentationFontCache.exe

17:39:27.0999 0932 FontCache3.0.0.0 - ok

17:39:28.0015 0932 FsDepends (1a16b57943853e598cff37fe2b8cbf1d) C:\Windows\system32\drivers\FsDepends.sys

17:39:28.0015 0932 FsDepends - ok

17:39:28.0030 0932 Fs_Rec (7dae5ebcc80e45d3253f4923dc424d05) C:\Windows\system32\drivers\Fs_Rec.sys

17:39:28.0046 0932 Fs_Rec - ok

17:39:28.0062 0932 fvevol (8a73e79089b282100b9393b644cb853b) C:\Windows\system32\DRIVERS\fvevol.sys

17:39:28.0077 0932 fvevol - ok

17:39:28.0093 0932 gagp30kx (65ee0c7a58b65e74ae05637418153938) C:\Windows\system32\drivers\gagp30kx.sys

17:39:28.0108 0932 gagp30kx - ok

17:39:28.0140 0932 gpsvc (e897eaf5ed6ba41e081060c9b447a673) C:\Windows\System32\gpsvc.dll

17:39:28.0171 0932 gpsvc - ok

17:39:28.0186 0932 hcw85cir (c44e3c2bab6837db337ddee7544736db) C:\Windows\system32\drivers\hcw85cir.sys

17:39:28.0202 0932 hcw85cir - ok

17:39:28.0233 0932 HdAudAddService (a5ef29d5315111c80a5c1abad14c8972) C:\Windows\system32\drivers\HdAudio.sys

17:39:28.0249 0932 HdAudAddService - ok

17:39:28.0264 0932 HDAudBus (9036377b8a6c15dc2eec53e489d159b5) C:\Windows\system32\DRIVERS\HDAudBus.sys

17:39:28.0280 0932 HDAudBus - ok

17:39:28.0280 0932 HidBatt (1d58a7f3e11a9731d0eaaaa8405acc36) C:\Windows\system32\drivers\HidBatt.sys

17:39:28.0296 0932 HidBatt - ok

17:39:28.0311 0932 HidBth (89448f40e6df260c206a193a4683ba78) C:\Windows\system32\drivers\hidbth.sys

17:39:28.0327 0932 HidBth - ok

17:39:28.0327 0932 HidIr (cf50b4cf4a4f229b9f3c08351f99ca5e) C:\Windows\system32\drivers\hidir.sys

17:39:28.0374 0932 HidIr - ok

17:39:28.0374 0932 hidserv (2bc6f6a1992b3a77f5f41432ca6b3b6b) C:\Windows\system32\hidserv.dll

17:39:28.0405 0932 hidserv - ok

17:39:28.0420 0932 HidUsb (10c19f8290891af023eaec0832e1eb4d) C:\Windows\system32\DRIVERS\hidusb.sys

17:39:28.0436 0932 HidUsb - ok

17:39:28.0452 0932 hkmsvc (196b4e3f4cccc24af836ce58facbb699) C:\Windows\system32\kmsvc.dll

17:39:28.0483 0932 hkmsvc - ok

17:39:28.0498 0932 HomeGroupListener (6658f4404de03d75fe3ba09f7aba6a30) C:\Windows\system32\ListSvc.dll

17:39:28.0514 0932 HomeGroupListener - ok

17:39:28.0545 0932 HomeGroupProvider (dbc02d918fff1cad628acbe0c0eaa8e8) C:\Windows\system32\provsvc.dll

17:39:28.0576 0932 HomeGroupProvider - ok

17:39:28.0592 0932 HpSAMD (295fdc419039090eb8b49ffdbb374549) C:\Windows\system32\drivers\HpSAMD.sys

17:39:28.0608 0932 HpSAMD - ok

17:39:28.0639 0932 HTTP (871917b07a141bff43d76d8844d48106) C:\Windows\system32\drivers\HTTP.sys

17:39:28.0670 0932 HTTP - ok

17:39:28.0670 0932 hwpolicy (0c4e035c7f105f1299258c90886c64c5) C:\Windows\system32\drivers\hwpolicy.sys

17:39:28.0686 0932 hwpolicy - ok

17:39:28.0686 0932 i8042prt (f151f0bdc47f4a28b1b20a0818ea36d6) C:\Windows\system32\drivers\i8042prt.sys

17:39:28.0701 0932 i8042prt - ok

17:39:28.0732 0932 iaStorV (5cd5f9a5444e6cdcb0ac89bd62d8b76e) C:\Windows\system32\drivers\iaStorV.sys

17:39:28.0748 0932 iaStorV - ok

17:39:28.0842 0932 idsvc (c521d7eb6497bb1af6afa89e322fb43c) C:\Windows\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe

17:39:28.0873 0932 idsvc - ok

17:39:29.0107 0932 igfx (9467514ea189475a6e7fdc5d7bde9d3f) C:\Windows\system32\DRIVERS\igdkmd32.sys

17:39:29.0200 0932 igfx - ok

17:39:29.0247 0932 iirsp (4173ff5708f3236cf25195fecd742915) C:\Windows\system32\drivers\iirsp.sys

17:39:29.0263 0932 iirsp - ok

17:39:29.0325 0932 IKEEXT (f95622f161474511b8d80d6b093aa610) C:\Windows\System32\ikeext.dll

17:39:29.0372 0932 IKEEXT - ok

17:39:29.0372 0932 intelide (a0f12f2c9ba6c72f3987ce780e77c130) C:\Windows\system32\drivers\intelide.sys

17:39:29.0388 0932 intelide - ok

17:39:29.0403 0932 intelppm (3b514d27bfc4accb4037bc6685f766e0) C:\Windows\system32\DRIVERS\intelppm.sys

17:39:29.0419 0932 intelppm - ok

17:39:29.0434 0932 IPBusEnum (acb364b9075a45c0736e5c47be5cae19) C:\Windows\system32\ipbusenum.dll

17:39:29.0466 0932 IPBusEnum - ok

17:39:29.0481 0932 IpFilterDriver (709d1761d3b19a932ff0238ea6d50200) C:\Windows\system32\DRIVERS\ipfltdrv.sys

17:39:29.0512 0932 IpFilterDriver - ok

17:39:29.0544 0932 iphlpsvc (4d65a07b795d6674312f879d09aa7663) C:\Windows\System32\iphlpsvc.dll

17:39:29.0590 0932 iphlpsvc - ok

17:39:29.0590 0932 IPMIDRV (4bd7134618c1d2a27466a099062547bf) C:\Windows\system32\drivers\IPMIDrv.sys

17:39:29.0606 0932 IPMIDRV - ok

17:39:29.0606 0932 IPNAT (a5fa468d67abcdaa36264e463a7bb0cd) C:\Windows\system32\drivers\ipnat.sys

17:39:29.0637 0932 IPNAT - ok

17:39:29.0653 0932 IRENUM (42996cff20a3084a56017b7902307e9f) C:\Windows\system32\drivers\irenum.sys

17:39:29.0668 0932 IRENUM - ok

17:39:29.0668 0932 isapnp (1f32bb6b38f62f7df1a7ab7292638a35) C:\Windows\system32\drivers\isapnp.sys

17:39:29.0684 0932 isapnp - ok

17:39:29.0700 0932 iScsiPrt (cb7a9abb12b8415bce5d74994c7ba3ae) C:\Windows\system32\drivers\msiscsi.sys

17:39:29.0715 0932 iScsiPrt - ok

17:39:29.0731 0932 kbdclass (adef52ca1aeae82b50df86b56413107e) C:\Windows\system32\DRIVERS\kbdclass.sys

17:39:29.0746 0932 kbdclass - ok

17:39:29.0746 0932 kbdhid (9e3ced91863e6ee98c24794d05e27a71) C:\Windows\system32\DRIVERS\kbdhid.sys

17:39:29.0762 0932 kbdhid - ok

17:39:29.0778 0932 KeyIso (81951f51e318aecc2d68559e47485cc4) C:\Windows\system32\lsass.exe

17:39:29.0793 0932 KeyIso - ok

17:39:29.0809 0932 KSecDD (f4647bb23db9038a7536cf6b68f4207f) C:\Windows\system32\Drivers\ksecdd.sys

17:39:29.0824 0932 KSecDD - ok

17:39:29.0840 0932 KSecPkg (e73cae53bbb72ba26918492c6b4c229d) C:\Windows\system32\Drivers\ksecpkg.sys

17:39:29.0856 0932 KSecPkg - ok

17:39:29.0887 0932 KtmRm (89a7b9cc98d0d80c6f31b91c0a310fcd) C:\Windows\system32\msdtckrm.dll

17:39:29.0918 0932 KtmRm - ok

17:39:29.0934 0932 LanmanServer (d64af876d53eca3668bb97b51b4e70ab) C:\Windows\system32\srvsvc.dll

17:39:29.0980 0932 LanmanServer - ok

17:39:30.0012 0932 LanmanWorkstation (58405e4f68ba8e4057c6e914f326aba2) C:\Windows\System32\wkssvc.dll

17:39:30.0027 0932 LanmanWorkstation - ok

17:39:30.0058 0932 lltdio (f7611ec07349979da9b0ae1f18ccc7a6) C:\Windows\system32\DRIVERS\lltdio.sys

17:39:30.0090 0932 lltdio - ok

17:39:30.0105 0932 lltdsvc (5700673e13a2117fa3b9020c852c01e2) C:\Windows\System32\lltdsvc.dll

17:39:30.0152 0932 lltdsvc - ok

17:39:30.0152 0932 lmhosts (55ca01ba19d0006c8f2639b6c045e08b) C:\Windows\System32\lmhsvc.dll

17:39:30.0183 0932 lmhosts - ok

17:39:30.0199 0932 LSI_FC (eb119a53ccf2acc000ac71b065b78fef) C:\Windows\system32\drivers\lsi_fc.sys

17:39:30.0214 0932 LSI_FC - ok

17:39:30.0230 0932 LSI_SAS (8ade1c877256a22e49b75d1cc9161f9c) C:\Windows\system32\drivers\lsi_sas.sys

17:39:30.0230 0932 LSI_SAS - ok

17:39:30.0246 0932 LSI_SAS2 (dc9dc3d3daa0e276fd2ec262e38b11e9) C:\Windows\system32\drivers\lsi_sas2.sys

17:39:30.0261 0932 LSI_SAS2 - ok

17:39:30.0261 0932 LSI_SCSI (0a036c7d7cab643a7f07135ac47e0524) C:\Windows\system32\drivers\lsi_scsi.sys

17:39:30.0277 0932 LSI_SCSI - ok

17:39:30.0277 0932 luafv (6703e366cc18d3b6e534f5cf7df39cee) C:\Windows\system32\drivers\luafv.sys

17:39:30.0324 0932 luafv - ok

17:39:30.0355 0932 LVRS (ed643e777ba3f7151ef3f0fb6be4f7f0) C:\Windows\system32\DRIVERS\lvrs.sys

17:39:30.0370 0932 LVRS - ok

17:39:30.0573 0932 LVUVC (5bc80451109a8dd7f2ddd35bce2929a3) C:\Windows\system32\DRIVERS\lvuvc.sys

17:39:30.0667 0932 LVUVC - ok

17:39:30.0745 0932 MBAMProtector (fb097bbc1a18f044bd17bd2fccf97865) C:\Windows\system32\drivers\mbam.sys

17:39:30.0760 0932 MBAMProtector - ok

17:39:30.0823 0932 MBAMService (ba400ed640bca1eae5c727ae17c10207) C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe

17:39:30.0838 0932 MBAMService - ok

17:39:30.0870 0932 Mcx2Svc (bfb9ee8ee977efe85d1a3105abef6dd1) C:\Windows\system32\Mcx2Svc.dll

17:39:30.0885 0932 Mcx2Svc - ok

17:39:30.0901 0932 megasas (0fff5b045293002ab38eb1fd1fc2fb74) C:\Windows\system32\drivers\megasas.sys

17:39:30.0901 0932 megasas - ok

17:39:30.0916 0932 MegaSR (dcbab2920c75f390caf1d29f675d03d6) C:\Windows\system32\drivers\MegaSR.sys

17:39:30.0932 0932 MegaSR - ok

17:39:30.0948 0932 MMCSS (146b6f43a673379a3c670e86d89be5ea) C:\Windows\system32\mmcss.dll

17:39:30.0979 0932 MMCSS - ok

17:39:30.0994 0932 Modem (f001861e5700ee84e2d4e52c712f4964) C:\Windows\system32\drivers\modem.sys

17:39:31.0026 0932 Modem - ok

17:39:31.0026 0932 monitor (79d10964de86b292320e9dfe02282a23) C:\Windows\system32\DRIVERS\monitor.sys

17:39:31.0041 0932 monitor - ok

17:39:31.0057 0932 mouclass (fb18cc1d4c2e716b6b903b0ac0cc0609) C:\Windows\system32\DRIVERS\mouclass.sys

17:39:31.0057 0932 mouclass - ok

17:39:31.0072 0932 mouhid (2c388d2cd01c9042596cf3c8f3c7b24d) C:\Windows\system32\DRIVERS\mouhid.sys

17:39:31.0088 0932 mouhid - ok

17:39:31.0088 0932 mountmgr (fc8771f45ecccfd89684e38842539b9b) C:\Windows\system32\drivers\mountmgr.sys

17:39:31.0104 0932 mountmgr - ok

17:39:31.0135 0932 MpFilter (d993bea500e7382dc4e760bf4f35efcb) C:\Windows\system32\DRIVERS\MpFilter.sys

17:39:31.0150 0932 MpFilter - ok

17:39:31.0166 0932 mpio (2d699fb6e89ce0d8da14ecc03b3edfe0) C:\Windows\system32\drivers\mpio.sys

17:39:31.0182 0932 mpio - ok

17:39:31.0228 0932 MpKsla52dafdb (a69630d039c38018689190234f866d77) c:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{1CAB7B2A-C20E-47E0-84F4-AB5820DF4150}\MpKsla52dafdb.sys

17:39:31.0244 0932 MpKsla52dafdb - ok

17:39:31.0244 0932 mpsdrv (ad2723a7b53dd1aacae6ad8c0bfbf4d0) C:\Windows\system32\drivers\mpsdrv.sys

17:39:31.0275 0932 mpsdrv - ok

17:39:31.0322 0932 MpsSvc (9835584e999d25004e1ee8e5f3e3b881) C:\Windows\system32\mpssvc.dll

17:39:31.0353 0932 MpsSvc - ok

17:39:31.0369 0932 MRxDAV (ceb46ab7c01c9f825f8cc6babc18166a) C:\Windows\system32\drivers\mrxdav.sys

17:39:31.0384 0932 MRxDAV - ok

17:39:31.0416 0932 mrxsmb (5d16c921e3671636c0eba3bbaac5fd25) C:\Windows\system32\DRIVERS\mrxsmb.sys

17:39:31.0447 0932 mrxsmb - ok

17:39:31.0462 0932 mrxsmb10 (6d17a4791aca19328c685d256349fefc) C:\Windows\system32\DRIVERS\mrxsmb10.sys

17:39:31.0494 0932 mrxsmb10 - ok

17:39:31.0509 0932 mrxsmb20 (b81f204d146000be76651a50670a5e9e) C:\Windows\system32\DRIVERS\mrxsmb20.sys

17:39:31.0509 0932 mrxsmb20 - ok

17:39:31.0525 0932 msahci (012c5f4e9349e711e11e0f19a8589f0a) C:\Windows\system32\drivers\msahci.sys

17:39:31.0540 0932 msahci - ok

17:39:31.0556 0932 msdsm (55055f8ad8be27a64c831322a780a228) C:\Windows\system32\drivers\msdsm.sys

17:39:31.0556 0932 msdsm - ok

17:39:31.0572 0932 MSDTC (e1bce74a3bd9902b72599c0192a07e27) C:\Windows\System32\msdtc.exe

17:39:31.0603 0932 MSDTC - ok

17:39:31.0618 0932 Msfs (daefb28e3af5a76abcc2c3078c07327f) C:\Windows\system32\drivers\Msfs.sys

17:39:31.0650 0932 Msfs - ok

17:39:31.0665 0932 mshidkmdf (3e1e5767043c5af9367f0056295e9f84) C:\Windows\System32\drivers\mshidkmdf.sys

17:39:31.0696 0932 mshidkmdf - ok

17:39:31.0696 0932 msisadrv (0a4e5757ae09fa9622e3158cc1aef114) C:\Windows\system32\drivers\msisadrv.sys

17:39:31.0712 0932 msisadrv - ok

17:39:31.0743 0932 MSiSCSI (90f7d9e6b6f27e1a707d4a297f077828) C:\Windows\system32\iscsiexe.dll

17:39:31.0759 0932 MSiSCSI - ok

17:39:31.0774 0932 msiserver - ok

17:39:31.0774 0932 MSKSSRV (8c0860d6366aaffb6c5bb9df9448e631) C:\Windows\system32\drivers\MSKSSRV.sys

17:39:31.0806 0932 MSKSSRV - ok

17:39:31.0868 0932 MsMpSvc (24516bf4e12a46cb67302e2cdcb8cddf) c:\Program Files\Microsoft Security Client\MsMpEng.exe

17:39:31.0884 0932 MsMpSvc - ok

17:39:31.0899 0932 MSPCLOCK (3ea8b949f963562cedbb549eac0c11ce) C:\Windows\system32\drivers\MSPCLOCK.sys

17:39:31.0930 0932 MSPCLOCK - ok

17:39:31.0930 0932 MSPQM (f456e973590d663b1073e9c463b40932) C:\Windows\system32\drivers\MSPQM.sys

17:39:31.0977 0932 MSPQM - ok

17:39:31.0993 0932 MsRPC (0e008fc4819d238c51d7c93e7b41e560) C:\Windows\system32\drivers\MsRPC.sys

17:39:31.0993 0932 MsRPC - ok

17:39:32.0008 0932 mssmbios (fc6b9ff600cc585ea38b12589bd4e246) C:\Windows\system32\DRIVERS\mssmbios.sys

17:39:32.0024 0932 mssmbios - ok

17:39:32.0024 0932 MSTEE (b42c6b921f61a6e55159b8be6cd54a36) C:\Windows\system32\drivers\MSTEE.sys

17:39:32.0040 0932 MSTEE - ok

17:39:32.0055 0932 MTConfig (33599130f44e1f34631cea241de8ac84) C:\Windows\system32\drivers\MTConfig.sys

17:39:32.0055 0932 MTConfig - ok

17:39:32.0071 0932 Mup (159fad02f64e6381758c990f753bcc80) C:\Windows\system32\Drivers\mup.sys

17:39:32.0086 0932 Mup - ok

17:39:32.0102 0932 napagent (61d57a5d7c6d9afe10e77dae6e1b445e) C:\Windows\system32\qagentRT.dll

17:39:32.0133 0932 napagent - ok

17:39:32.0164 0932 NativeWifiP (26384429fcd85d83746f63e798ab1480) C:\Windows\system32\DRIVERS\nwifi.sys

17:39:32.0180 0932 NativeWifiP - ok

17:39:32.0227 0932 NDIS (e7c54812a2aaf43316eb6930c1ffa108) C:\Windows\system32\drivers\ndis.sys

17:39:32.0242 0932 NDIS - ok

17:39:32.0258 0932 NdisCap (0e1787aa6c9191d3d319e8bafe86f80c) C:\Windows\system32\DRIVERS\ndiscap.sys

17:39:32.0274 0932 NdisCap - ok

17:39:32.0289 0932 NdisTapi (e4a8aec125a2e43a9e32afeea7c9c888) C:\Windows\system32\DRIVERS\ndistapi.sys

17:39:32.0305 0932 NdisTapi - ok

17:39:32.0320 0932 Ndisuio (d8a65dafb3eb41cbb622745676fcd072) C:\Windows\system32\DRIVERS\ndisuio.sys

17:39:32.0336 0932 Ndisuio - ok

17:39:32.0352 0932 NdisWan (38fbe267e7e6983311179230facb1017) C:\Windows\system32\DRIVERS\ndiswan.sys

17:39:32.0367 0932 NdisWan - ok

17:39:32.0383 0932 NDProxy (a4bdc541e69674fbff1a8ff00be913f2) C:\Windows\system32\drivers\NDProxy.sys

17:39:32.0398 0932 NDProxy - ok

17:39:32.0414 0932 NetBIOS (80b275b1ce3b0e79909db7b39af74d51) C:\Windows\system32\DRIVERS\netbios.sys

17:39:32.0430 0932 NetBIOS - ok

17:39:32.0445 0932 NetBT (280122ddcf04b378edd1ad54d71c1e54) C:\Windows\system32\DRIVERS\netbt.sys

17:39:32.0461 0932 NetBT - ok

17:39:32.0476 0932 Netlogon (81951f51e318aecc2d68559e47485cc4) C:\Windows\system32\lsass.exe

17:39:32.0492 0932 Netlogon - ok

17:39:32.0539 0932 Netman (7cccfca7510684768da22092d1fa4db2) C:\Windows\System32\netman.dll

17:39:32.0570 0932 Netman - ok

17:39:32.0586 0932 netprofm (8c338238c16777a802d6a9211eb2ba50) C:\Windows\System32\netprofm.dll

17:39:32.0632 0932 netprofm - ok

17:39:32.0695 0932 NetTcpPortSharing (f476ec40033cdb91efbe73eb99b8362d) C:\Windows\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe

17:39:32.0695 0932 NetTcpPortSharing - ok

17:39:32.0710 0932 nfrd960 (1d85c4b390b0ee09c7a46b91efb2c097) C:\Windows\system32\drivers\nfrd960.sys

17:39:32.0726 0932 nfrd960 - ok

17:39:32.0757 0932 NisDrv (b52f26bade7d7e4a79706e3fd91834cd) C:\Windows\system32\DRIVERS\NisDrvWFP.sys

17:39:32.0773 0932 NisDrv - ok

17:39:32.0820 0932 NisSrv (290c0d4c4889398797f8df3be00b9698) c:\Program Files\Microsoft Security Client\NisSrv.exe

17:39:32.0851 0932 NisSrv - ok

17:39:32.0866 0932 NlaSvc (912084381d30d8b89ec4e293053f4710) C:\Windows\System32\nlasvc.dll

17:39:32.0913 0932 NlaSvc - ok

17:39:32.0913 0932 Npfs (1db262a9f8c087e8153d89bef3d2235f) C:\Windows\system32\drivers\Npfs.sys

17:39:32.0944 0932 Npfs - ok

17:39:32.0960 0932 nsi (ba387e955e890c8a88306d9b8d06bf17) C:\Windows\system32\nsisvc.dll

17:39:32.0976 0932 nsi - ok

17:39:32.0991 0932 nsiproxy (e9a0a4d07e53d8fea2bb8387a3293c58) C:\Windows\system32\drivers\nsiproxy.sys

17:39:33.0007 0932 nsiproxy - ok

17:39:33.0085 0932 Ntfs (81189c3d7763838e55c397759d49007a) C:\Windows\system32\drivers\Ntfs.sys

17:39:33.0132 0932 Ntfs - ok

17:39:33.0147 0932 Null (f9756a98d69098dca8945d62858a812c) C:\Windows\system32\drivers\Null.sys

17:39:33.0163 0932 Null - ok

17:39:33.0210 0932 nvraid (b3e25ee28883877076e0e1ff877d02e0) C:\Windows\system32\drivers\nvraid.sys

17:39:33.0225 0932 nvraid - ok

17:39:33.0256 0932 nvstor (4380e59a170d88c4f1022eff6719a8a4) C:\Windows\system32\drivers\nvstor.sys

17:39:33.0272 0932 nvstor - ok

17:39:33.0303 0932 nv_agp (5a0983915f02bae73267cc2a041f717d) C:\Windows\system32\drivers\nv_agp.sys

17:39:33.0319 0932 nv_agp - ok

17:39:33.0319 0932 ohci1394 (08a70a1f2cdde9bb49b885cb817a66eb) C:\Windows\system32\drivers\ohci1394.sys

17:39:33.0334 0932 ohci1394 - ok

17:39:33.0350 0932 p2pimsvc (82a8521ddc60710c3d3d3e7325209bec) C:\Windows\system32\pnrpsvc.dll

17:39:33.0381 0932 p2pimsvc - ok

17:39:33.0412 0932 p2psvc (59c3ddd501e39e006dac31bf55150d91) C:\Windows\system32\p2psvc.dll

17:39:33.0428 0932 p2psvc - ok

17:39:33.0444 0932 Parport (2ea877ed5dd9713c5ac74e8ea7348d14) C:\Windows\system32\DRIVERS\parport.sys

17:39:33.0459 0932 Parport - ok

17:39:33.0475 0932 partmgr (3f34a1b4c5f6475f320c275e63afce9b) C:\Windows\system32\drivers\partmgr.sys

17:39:33.0490 0932 partmgr - ok

17:39:33.0506 0932 Parvdm (eb0a59f29c19b86479d36b35983daadc) C:\Windows\system32\DRIVERS\parvdm.sys

17:39:33.0506 0932 Parvdm - ok

17:39:33.0537 0932 PcaSvc (358ab7956d3160000726574083dfc8a6) C:\Windows\System32\pcasvc.dll

17:39:33.0553 0932 PcaSvc - ok

17:39:33.0553 0932 pci (673e55c3498eb970088e812ea820aa8f) C:\Windows\system32\drivers\pci.sys

17:39:33.0568 0932 pci - ok

17:39:33.0568 0932 pciide (afe86f419014db4e5593f69ffe26ce0a) C:\Windows\system32\drivers\pciide.sys

17:39:33.0584 0932 pciide - ok

17:39:33.0600 0932 pcmcia (f396431b31693e71e8a80687ef523506) C:\Windows\system32\drivers\pcmcia.sys

17:39:33.0631 0932 pcmcia - ok

17:39:33.0631 0932 pcw (250f6b43d2b613172035c6747aeeb19f) C:\Windows\system32\drivers\pcw.sys

17:39:33.0646 0932 pcw - ok

17:39:33.0678 0932 PEAUTH (9e0104ba49f4e6973749a02bf41344ed) C:\Windows\system32\drivers\peauth.sys

17:39:33.0709 0932 PEAUTH - ok

17:39:33.0802 0932 pla (414bba67a3ded1d28437eb66aeb8a720) C:\Windows\system32\pla.dll

17:39:33.0865 0932 pla - ok

17:39:33.0958 0932 PlugPlay (ec7bc28d207da09e79b3e9faf8b232ca) C:\Windows\system32\umpnpmgr.dll

17:39:33.0990 0932 PlugPlay - ok

17:39:34.0005 0932 PNRPAutoReg (63ff8572611249931eb16bb8eed6afc8) C:\Windows\system32\pnrpauto.dll

17:39:34.0021 0932 PNRPAutoReg - ok

17:39:34.0036 0932 PNRPsvc (82a8521ddc60710c3d3d3e7325209bec) C:\Windows\system32\pnrpsvc.dll

17:39:34.0052 0932 PNRPsvc - ok

17:39:34.0099 0932 Point32 (896d916de06f5502d301e8c4dc442ae8) C:\Windows\system32\DRIVERS\point32.sys

17:39:34.0114 0932 Point32 - ok

17:39:34.0146 0932 PolicyAgent (53946b69ba0836bd95b03759530c81ec) C:\Windows\System32\ipsecsvc.dll

17:39:34.0177 0932 PolicyAgent - ok

17:39:34.0208 0932 Power (f87d30e72e03d579a5199ccb3831d6ea) C:\Windows\system32\umpo.dll

17:39:34.0255 0932 Power - ok

17:39:34.0270 0932 PptpMiniport (631e3e205ad6d86f2aed6a4a8e69f2db) C:\Windows\system32\DRIVERS\raspptp.sys

17:39:34.0302 0932 PptpMiniport - ok

17:39:34.0302 0932 Processor (85b1e3a0c7585bc4aae6899ec6fcf011) C:\Windows\system32\drivers\processr.sys

17:39:34.0317 0932 Processor - ok

17:39:34.0333 0932 ProfSvc (43ca4ccc22d52fb58e8988f0198851d0) C:\Windows\system32\profsvc.dll

17:39:34.0380 0932 ProfSvc - ok

17:39:34.0395 0932 ProtectedStorage (81951f51e318aecc2d68559e47485cc4) C:\Windows\system32\lsass.exe

17:39:34.0411 0932 ProtectedStorage - ok

17:39:34.0426 0932 Psched (6270ccae2a86de6d146529fe55b3246a) C:\Windows\system32\DRIVERS\pacer.sys

17:39:34.0458 0932 Psched - ok

17:39:34.0520 0932 ql2300 (ab95ecf1f6659a60ddc166d8315b0751) C:\Windows\system32\drivers\ql2300.sys

17:39:34.0551 0932 ql2300 - ok

17:39:34.0614 0932 ql40xx (b4dd51dd25182244b86737dc51af2270) C:\Windows\system32\drivers\ql40xx.sys

17:39:34.0629 0932 ql40xx - ok

17:39:34.0645 0932 QWAVE (31ac809e7707eb580b2bdb760390765a) C:\Windows\system32\qwave.dll

17:39:34.0676 0932 QWAVE - ok

17:39:34.0692 0932 QWAVEdrv (584078ca1b95ca72df2a27c336f9719d) C:\Windows\system32\drivers\qwavedrv.sys

17:39:34.0707 0932 QWAVEdrv - ok

17:39:34.0707 0932 RasAcd (30a81b53c766d0133bb86d234e5556ab) C:\Windows\system32\DRIVERS\rasacd.sys

17:39:34.0738 0932 RasAcd - ok

17:39:34.0770 0932 RasAgileVpn (57ec4aef73660166074d8f7f31c0d4fd) C:\Windows\system32\DRIVERS\AgileVpn.sys

17:39:34.0785 0932 RasAgileVpn - ok

17:39:34.0801 0932 RasAuto (a60f1839849c0c00739787fd5ec03f13) C:\Windows\System32\rasauto.dll

17:39:34.0832 0932 RasAuto - ok

17:39:34.0848 0932 Rasl2tp (d9f91eafec2815365cbe6d167e4e332a) C:\Windows\system32\DRIVERS\rasl2tp.sys

17:39:34.0863 0932 Rasl2tp - ok

17:39:34.0894 0932 RasMan (cb9e04dc05eacf5b9a36ca276d475006) C:\Windows\System32\rasmans.dll

17:39:34.0926 0932 RasMan - ok

17:39:34.0941 0932 RasPppoe (0fe8b15916307a6ac12bfb6a63e45507) C:\Windows\system32\DRIVERS\raspppoe.sys

17:39:34.0972 0932 RasPppoe - ok

17:39:34.0972 0932 RasSstp (44101f495a83ea6401d886e7fd70096b) C:\Windows\system32\DRIVERS\rassstp.sys

17:39:35.0004 0932 RasSstp - ok

17:39:35.0019 0932 rdbss (d528bc58a489409ba40334ebf96a311b) C:\Windows\system32\DRIVERS\rdbss.sys

17:39:35.0035 0932 rdbss - ok

17:39:35.0050 0932 rdpbus (0d8f05481cb76e70e1da06ee9f0da9df) C:\Windows\system32\drivers\rdpbus.sys

17:39:35.0082 0932 rdpbus - ok

17:39:35.0082 0932 RDPCDD (23dae03f29d253ae74c44f99e515f9a1) C:\Windows\system32\DRIVERS\RDPCDD.sys

17:39:35.0113 0932 RDPCDD - ok

17:39:35.0128 0932 RDPENCDD (5a53ca1598dd4156d44196d200c94b8a) C:\Windows\system32\drivers\rdpencdd.sys

17:39:35.0144 0932 RDPENCDD - ok

17:39:35.0160 0932 RDPREFMP (44b0a53cd4f27d50ed461dae0c0b4e1f) C:\Windows\system32\drivers\rdprefmp.sys

17:39:35.0191 0932 RDPREFMP - ok

17:39:35.0206 0932 RDPWD (244c83332f44589ae98fc347f11b2693) C:\Windows\system32\drivers\RDPWD.sys

17:39:35.0238 0932 RDPWD - ok

17:39:35.0238 0932 rdyboost (518395321dc96fe2c9f0e96ac743b656) C:\Windows\system32\drivers\rdyboost.sys

17:39:35.0253 0932 rdyboost - ok

17:39:35.0284 0932 RemoteAccess (7b5e1419717fac363a31cc302895217a) C:\Windows\System32\mprdim.dll

17:39:35.0316 0932 RemoteAccess - ok

17:39:35.0347 0932 RemoteRegistry (cb9a8683f4ef2bf99e123d79950d7935) C:\Windows\system32\regsvc.dll

17:39:35.0378 0932 RemoteRegistry - ok

17:39:35.0394 0932 RpcEptMapper (78d072f35bc45d9e4e1b61895c152234) C:\Windows\System32\RpcEpMap.dll

17:39:35.0409 0932 RpcEptMapper - ok

17:39:35.0425 0932 RpcLocator (94d36c0e44677dd26981d2bfeef2a29d) C:\Windows\system32\locator.exe

17:39:35.0440 0932 RpcLocator - ok

17:39:35.0472 0932 RpcSs (7660f01d3b38aca1747e397d21d790af) C:\Windows\system32\rpcss.dll

17:39:35.0487 0932 RpcSs - ok

17:39:35.0503 0932 rspndr (032b0d36ad92b582d869879f5af5b928) C:\Windows\system32\DRIVERS\rspndr.sys

17:39:35.0518 0932 rspndr - ok

17:39:35.0534 0932 SamSs (81951f51e318aecc2d68559e47485cc4) C:\Windows\system32\lsass.exe

17:39:35.0550 0932 SamSs - ok

17:39:35.0596 0932 SASDIFSV (39763504067962108505bff25f024345) C:\Program Files\SUPERAntiSpyware\SASDIFSV.SYS

17:39:35.0596 0932 SASDIFSV - ok

17:39:35.0612 0932 SASKUTIL (77b9fc20084b48408ad3e87570eb4a85) C:\Program Files\SUPERAntiSpyware\SASKUTIL.SYS

17:39:35.0628 0932 SASKUTIL - ok

17:39:35.0643 0932 sbp2port (05d860da1040f111503ac416ccef2bca) C:\Windows\system32\drivers\sbp2port.sys

17:39:35.0643 0932 sbp2port - ok

17:39:35.0659 0932 SCardSvr (8fc518ffe9519c2631d37515a68009c4) C:\Windows\System32\SCardSvr.dll

17:39:35.0706 0932 SCardSvr - ok

17:39:35.0706 0932 scfilter (0693b5ec673e34dc147e195779a4dcf6) C:\Windows\system32\DRIVERS\scfilter.sys

17:39:35.0737 0932 scfilter - ok

17:39:35.0784 0932 Schedule (a04bb13f8a72f8b6e8b4071723e4e336) C:\Windows\system32\schedsvc.dll

17:39:35.0815 0932 Schedule - ok

17:39:35.0830 0932 SCPolicySvc (319c6b309773d063541d01df8ac6f55f) C:\Windows\System32\certprop.dll

17:39:35.0862 0932 SCPolicySvc - ok

17:39:35.0877 0932 SDRSVC (08236c4bce5edd0a0318a438af28e0f7) C:\Windows\System32\SDRSVC.dll

17:39:35.0908 0932 SDRSVC - ok

17:39:35.0908 0932 secdrv (90a3935d05b494a5a39d37e71f09a677) C:\Windows\system32\drivers\secdrv.sys

17:39:35.0940 0932 secdrv - ok

17:39:35.0955 0932 seclogon (a59b3a4442c52060cc7a85293aa3546f) C:\Windows\system32\seclogon.dll

17:39:35.0986 0932 seclogon - ok

17:39:35.0986 0932 SENS (dcb7fcdcc97f87360f75d77425b81737) C:\Windows\System32\sens.dll

17:39:36.0033 0932 SENS - ok

17:39:36.0049 0932 SensrSvc (50087fe1ee447009c9cc2997b90de53f) C:\Windows\system32\sensrsvc.dll

17:39:36.0064 0932 SensrSvc - ok

17:39:36.0080 0932 Serenum (9ad8b8b515e3df6acd4212ef465de2d1) C:\Windows\system32\DRIVERS\serenum.sys

17:39:36.0096 0932 Serenum - ok

17:39:36.0096 0932 Serial (5fb7fcea0490d821f26f39cc5ea3d1e2) C:\Windows\system32\DRIVERS\serial.sys

17:39:36.0111 0932 Serial - ok

17:39:36.0127 0932 sermouse (79bffb520327ff916a582dfea17aa813) C:\Windows\system32\drivers\sermouse.sys

17:39:36.0142 0932 sermouse - ok

17:39:36.0174 0932 SessionEnv (4ae380f39a0032eab7dd953030b26d28) C:\Windows\system32\sessenv.dll

17:39:36.0205 0932 SessionEnv - ok

17:39:36.0205 0932 sffdisk (9f976e1eb233df46fce808d9dea3eb9c) C:\Windows\system32\drivers\sffdisk.sys

17:39:36.0220 0932 sffdisk - ok

17:39:36.0220 0932 sffp_mmc (932a68ee27833cfd57c1639d375f2731) C:\Windows\system32\drivers\sffp_mmc.sys

17:39:36.0252 0932 sffp_mmc - ok

17:39:36.0252 0932 sffp_sd (6d4ccaedc018f1cf52866bbbaa235982) C:\Windows\system32\drivers\sffp_sd.sys

17:39:36.0267 0932 sffp_sd - ok

17:39:36.0283 0932 sfloppy (db96666cc8312ebc45032f30b007a547) C:\Windows\system32\drivers\sfloppy.sys

17:39:36.0298 0932 sfloppy - ok

17:39:36.0330 0932 SharedAccess (d1a079a0de2ea524513b6930c24527a2) C:\Windows\System32\ipnathlp.dll

17:39:36.0361 0932 SharedAccess - ok

17:39:36.0392 0932 ShellHWDetection (414da952a35bf5d50192e28263b40577) C:\Windows\System32\shsvcs.dll

17:39:36.0423 0932 ShellHWDetection - ok

17:39:36.0423 0932 sisagp (2565cac0dc9fe0371bdce60832582b2e) C:\Windows\system32\drivers\sisagp.sys

17:39:36.0439 0932 sisagp - ok

17:39:36.0454 0932 SiSRaid2 (a9f0486851becb6dda1d89d381e71055) C:\Windows\system32\drivers\SiSRaid2.sys

17:39:36.0470 0932 SiSRaid2 - ok

17:39:36.0470 0932 SiSRaid4 (3727097b55738e2f554972c3be5bc1aa) C:\Windows\system32\drivers\sisraid4.sys

17:39:36.0486 0932 SiSRaid4 - ok

17:39:36.0501 0932 Smb (3e21c083b8a01cb70ba1f09303010fce) C:\Windows\system32\DRIVERS\smb.sys

17:39:36.0517 0932 Smb - ok

17:39:36.0548 0932 SNMPTRAP (6a984831644eca1a33ffeae4126f4f37) C:\Windows\System32\snmptrap.exe

17:39:36.0564 0932 SNMPTRAP - ok

17:39:36.0579 0932 spldr (95cf1ae7527fb70f7816563cbc09d942) C:\Windows\system32\drivers\spldr.sys

17:39:36.0610 0932 spldr - ok

17:39:36.0642 0932 Spooler (866a43013535dc8587c258e43579c764) C:\Windows\System32\spoolsv.exe

17:39:36.0657 0932 Spooler - ok

17:39:36.0813 0932 sppsvc (cf87a1de791347e75b98885214ced2b8) C:\Windows\system32\sppsvc.exe

17:39:36.0876 0932 sppsvc - ok

17:39:36.0954 0932 sppuinotify (b0180b20b065d89232a78a40fe56eaa6) C:\Windows\system32\sppuinotify.dll

17:39:36.0985 0932 sppuinotify - ok

17:39:37.0016 0932 srv (e4c2764065d66ea1d2d3ebc28fe99c46) C:\Windows\system32\DRIVERS\srv.sys

17:39:37.0047 0932 srv - ok

17:39:37.0078 0932 srv2 (03f0545bd8d4c77fa0ae1ceedfcc71ab) C:\Windows\system32\DRIVERS\srv2.sys

17:39:37.0094 0932 srv2 - ok

17:39:37.0125 0932 srvnet (be6bd660caa6f291ae06a718a4fa8abc) C:\Windows\system32\DRIVERS\srvnet.sys

17:39:37.0141 0932 srvnet - ok

17:39:37.0172 0932 SSDPSRV (d887c9fd02ac9fa880f6e5027a43e118) C:\Windows\System32\ssdpsrv.dll

17:39:37.0188 0932 SSDPSRV - ok

17:39:37.0203 0932 SstpSvc (d318f23be45d5e3a107469eb64815b50) C:\Windows\system32\sstpsvc.dll

17:39:37.0234 0932 SstpSvc - ok

17:39:37.0250 0932 stexstor (db32d325c192b801df274bfd12a7e72b) C:\Windows\system32\drivers\stexstor.sys

17:39:37.0266 0932 stexstor - ok

17:39:37.0312 0932 StiSvc (e1fb3706030fb4578a0d72c2fc3689e4) C:\Windows\System32\wiaservc.dll

17:39:37.0328 0932 StiSvc - ok

17:39:37.0344 0932 swenum (e58c78a848add9610a4db6d214af5224) C:\Windows\system32\DRIVERS\swenum.sys

17:39:37.0359 0932 swenum - ok

17:39:37.0375 0932 swprv (a28bd92df340e57b024ba433165d34d7) C:\Windows\System32\swprv.dll

17:39:37.0422 0932 swprv - ok

17:39:37.0484 0932 SysMain (36650d618ca34c9d357dfd3d89b2c56f) C:\Windows\system32\sysmain.dll

17:39:37.0531 0932 SysMain - ok

17:39:37.0562 0932 TabletInputService (763fecdc3d30c815fe72dd57936c6cd1) C:\Windows\System32\TabSvc.dll

17:39:37.0578 0932 TabletInputService - ok

17:39:37.0593 0932 TapiSrv (613bf4820361543956909043a265c6ac) C:\Windows\System32\tapisrv.dll

17:39:37.0624 0932 TapiSrv - ok

17:39:37.0640 0932 TBS (b799d9fdb26111737f58288d8dc172d9) C:\Windows\System32\tbssvc.dll

17:39:37.0671 0932 TBS - ok

17:39:37.0765 0932 Tcpip (7fa2e0f8b072bd04b77b421480b6cc22) C:\Windows\system32\drivers\tcpip.sys

17:39:37.0812 0932 Tcpip - ok

17:39:37.0827 0932 TCPIP6 (7fa2e0f8b072bd04b77b421480b6cc22) C:\Windows\system32\DRIVERS\tcpip.sys

17:39:37.0858 0932 TCPIP6 - ok

17:39:37.0874 0932 tcpipreg (cca24162e055c3714ce5a88b100c64ed) C:\Windows\system32\drivers\tcpipreg.sys

17:39:37.0905 0932 tcpipreg - ok

17:39:37.0921 0932 TDPIPE (1cb91b2bd8f6dd367dfc2ef26fd751b2) C:\Windows\system32\drivers\tdpipe.sys

17:39:37.0936 0932 TDPIPE - ok

17:39:37.0952 0932 TDTCP (2c2c5afe7ee4f620d69c23c0617651a8) C:\Windows\system32\drivers\tdtcp.sys

17:39:37.0968 0932 TDTCP - ok

17:39:37.0968 0932 tdx (b459575348c20e8121d6039da063c704) C:\Windows\system32\DRIVERS\tdx.sys

17:39:37.0999 0932 tdx - ok

17:39:37.0999 0932 TermDD (04dbf4b01ea4bf25a9a3e84affac9b20) C:\Windows\system32\DRIVERS\termdd.sys

17:39:38.0014 0932 TermDD - ok

17:39:38.0046 0932 TermService (382c804c92811be57829d8e550a900e2) C:\Windows\System32\termsrv.dll

17:39:38.0077 0932 TermService - ok

17:39:38.0077 0932 Themes (42fb6afd6b79d9fe07381609172e7ca4) C:\Windows\system32\themeservice.dll

17:39:38.0092 0932 Themes - ok

17:39:38.0124 0932 THREADORDER (146b6f43a673379a3c670e86d89be5ea) C:\Windows\system32\mmcss.dll

17:39:38.0139 0932 THREADORDER - ok

17:39:38.0155 0932 TrkWks (4792c0378db99a9bc2ae2de6cfff0c3a) C:\Windows\System32\trkwks.dll

17:39:38.0186 0932 TrkWks - ok

17:39:38.0202 0932 TrustedInstaller (2c49b175aee1d4364b91b531417fe583) C:\Windows\servicing\TrustedInstaller.exe

17:39:38.0248 0932 TrustedInstaller - ok

17:39:38.0248 0932 tssecsrv (254bb140eee3c59d6114c1a86b636877) C:\Windows\system32\DRIVERS\tssecsrv.sys

17:39:38.0280 0932 tssecsrv - ok

17:39:38.0280 0932 TsUsbFlt (fd1d6c73e6333be727cbcc6054247654) C:\Windows\system32\drivers\tsusbflt.sys

17:39:38.0311 0932 TsUsbFlt - ok

17:39:38.0311 0932 TsUsbGD (01246f0baad7b68ec0f472aa41e33282) C:\Windows\system32\drivers\TsUsbGD.sys

17:39:38.0326 0932 TsUsbGD - ok

17:39:38.0342 0932 tunnel (b2fa25d9b17a68bb93d58b0556e8c90d) C:\Windows\system32\DRIVERS\tunnel.sys

17:39:38.0358 0932 tunnel - ok

17:39:38.0373 0932 uagp35 (750fbcb269f4d7dd2e420c56b795db6d) C:\Windows\system32\drivers\uagp35.sys

17:39:38.0389 0932 uagp35 - ok

17:39:38.0404 0932 udfs (ee43346c7e4b5e63e54f927babbb32ff) C:\Windows\system32\DRIVERS\udfs.sys

17:39:38.0420 0932 udfs - ok

17:39:38.0451 0932 UI0Detect (8344fd4fce927880aa1aa7681d4927e5) C:\Windows\system32\UI0Detect.exe

17:39:38.0467 0932 UI0Detect - ok

17:39:38.0467 0932 uliagpkx (44e8048ace47befbfdc2e9be4cbc8880) C:\Windows\system32\drivers\uliagpkx.sys

17:39:38.0482 0932 uliagpkx - ok

17:39:38.0498 0932 umbus (d295bed4b898f0fd999fcfa9b32b071b) C:\Windows\system32\DRIVERS\umbus.sys

17:39:38.0498 0932 umbus - ok

17:39:38.0514 0932 UmPass (7550ad0c6998ba1cb4843e920ee0feac) C:\Windows\system32\drivers\umpass.sys

17:39:38.0529 0932 UmPass - ok

17:39:38.0576 0932 UMVPFSrv (67a95b9d129ed5399e7965cd09cf30e7) C:\Program Files\Common Files\logishrd\LVMVFM\UMVPFSrv.exe

17:39:38.0607 0932 UMVPFSrv - ok

17:39:38.0623 0932 upnphost (833fbb672460efce8011d262175fad33) C:\Windows\System32\upnphost.dll

17:39:38.0654 0932 upnphost - ok

17:39:38.0685 0932 usbaudio (1d9f2bd026e8e2d45033a4df3f16b78c) C:\Windows\system32\drivers\usbaudio.sys

17:39:38.0701 0932 usbaudio - ok

17:39:38.0732 0932 usbccgp (bd9c55d7023c5de374507acc7a14e2ac) C:\Windows\system32\DRIVERS\usbccgp.sys

17:39:38.0763 0932 usbccgp - ok

17:39:38.0763 0932 usbcir (04ec7cec62ec3b6d9354eee93327fc82) C:\Windows\system32\drivers\usbcir.sys

17:39:38.0779 0932 usbcir - ok

17:39:38.0794 0932 usbehci (f92de757e4b7ce9c07c5e65423f3ae3b) C:\Windows\system32\DRIVERS\usbehci.sys

17:39:38.0810 0932 usbehci - ok

17:39:38.0826 0932 usbhub (8dc94aec6a7e644a06135ae7506dc2e9) C:\Windows\system32\DRIVERS\usbhub.sys

17:39:38.0841 0932 usbhub - ok

17:39:38.0857 0932 usbohci (e185d44fac515a18d9deddc23c2cdf44) C:\Windows\system32\drivers\usbohci.sys

17:39:38.0872 0932 usbohci - ok

17:39:38.0888 0932 usbprint (797d862fe0875e75c7cc4c1ad7b30252) C:\Windows\system32\drivers\usbprint.sys

17:39:38.0904 0932 usbprint - ok

17:39:38.0935 0932 USBSTOR (f991ab9cc6b908db552166768176896a) C:\Windows\system32\drivers\USBSTOR.SYS

17:39:38.0982 0932 USBSTOR - ok

17:39:38.0997 0932 usbuhci (68df884cf41cdada664beb01daf67e3d) C:\Windows\system32\DRIVERS\usbuhci.sys

17:39:39.0013 0932 usbuhci - ok

17:39:39.0028 0932 usbvideo (45f4e7bf43db40a6c6b4d92c76cbc3f2) C:\Windows\system32\Drivers\usbvideo.sys

17:39:39.0044 0932 usbvideo - ok

17:39:39.0075 0932 UxSms (081e6e1c91aec36758902a9f727cd23c) C:\Windows\System32\uxsms.dll

17:39:39.0091 0932 UxSms - ok

17:39:39.0122 0932 VaultSvc (81951f51e318aecc2d68559e47485cc4) C:\Windows\system32\lsass.exe

17:39:39.0122 0932 VaultSvc - ok

17:39:39.0138 0932 vdrvroot (a059c4c3edb09e07d21a8e5c0aabd3cb) C:\Windows\system32\drivers\vdrvroot.sys

17:39:39.0153 0932 vdrvroot - ok

17:39:39.0184 0932 vds (c3cd30495687c2a2f66a65ca6fd89be9) C:\Windows\System32\vds.exe

17:39:39.0216 0932 vds - ok

17:39:39.0231 0932 vga (17c408214ea61696cec9c66e388b14f3) C:\Windows\system32\DRIVERS\vgapnp.sys

17:39:39.0231 0932 vga - ok

17:39:39.0247 0932 VgaSave (8e38096ad5c8570a6f1570a61e251561) C:\Windows\System32\drivers\vga.sys

17:39:39.0262 0932 VgaSave - ok

17:39:39.0294 0932 vhdmp (5461686cca2fda57b024547733ab42e3) C:\Windows\system32\drivers\vhdmp.sys

17:39:39.0340 0932 vhdmp - ok

17:39:39.0356 0932 viaagp (c829317a37b4bea8f39735d4b076e923) C:\Windows\system32\drivers\viaagp.sys

17:39:39.0372 0932 viaagp - ok

17:39:39.0372 0932 ViaC7 (e02f079a6aa107f06b16549c6e5c7b74) C:\Windows\system32\drivers\viac7.sys

17:39:39.0387 0932 ViaC7 - ok

17:39:39.0403 0932 viaide (e43574f6a56a0ee11809b48c09e4fd3c) C:\Windows\system32\drivers\viaide.sys

17:39:39.0403 0932 viaide - ok

17:39:39.0418 0932 volmgr (4c63e00f2f4b5f86ab48a58cd990f212) C:\Windows\system32\drivers\volmgr.sys

17:39:39.0434 0932 volmgr - ok

17:39:39.0450 0932 volmgrx (b5bb72067ddddbbfb04b2f89ff8c3c87) C:\Windows\system32\drivers\volmgrx.sys

17:39:39.0450 0932 volmgrx - ok

17:39:39.0481 0932 volsnap (f497f67932c6fa693d7de2780631cfe7) C:\Windows\system32\drivers\volsnap.sys

17:39:39.0512 0932 volsnap - ok

17:39:39.0528 0932 vsmraid (9dfa0cc2f8855a04816729651175b631) C:\Windows\system32\drivers\vsmraid.sys

17:39:39.0543 0932 vsmraid - ok

17:39:39.0606 0932 VSS (209a3b1901b83aeb8527ed211cce9e4c) C:\Windows\system32\vssvc.exe

17:39:39.0668 0932 VSS - ok

17:39:39.0668 0932 vwifibus (90567b1e658001e79d7c8bbd3dde5aa6) C:\Windows\System32\drivers\vwifibus.sys

17:39:39.0684 0932 vwifibus - ok

17:39:39.0699 0932 W32Time (55187fd710e27d5095d10a472c8baf1c) C:\Windows\system32\w32time.dll

17:39:39.0746 0932 W32Time - ok

17:39:39.0746 0932 WacomPen (de3721e89c653aa281428c8a69745d90) C:\Windows\system32\drivers\wacompen.sys

17:39:39.0762 0932 WacomPen - ok

17:39:39.0777 0932 WANARP (3c3c78515f5ab448b022bdf5b8ffdd2e) C:\Windows\system32\DRIVERS\wanarp.sys

17:39:39.0808 0932 WANARP - ok

17:39:39.0808 0932 Wanarpv6 (3c3c78515f5ab448b022bdf5b8ffdd2e) C:\Windows\system32\DRIVERS\wanarp.sys

17:39:39.0824 0932 Wanarpv6 - ok

17:39:39.0933 0932 WatAdminSvc (353a04c273ec58475d8633e75ccd5604) C:\Windows\system32\Wat\WatAdminSvc.exe

17:39:39.0980 0932 WatAdminSvc - ok

17:39:40.0042 0932 wbengine (691e3285e53dca558e1a84667f13e15a) C:\Windows\system32\wbengine.exe

17:39:40.0089 0932 wbengine - ok

17:39:40.0120 0932 WbioSrvc (9614b5d29dc76ac3c29f6d2d3aa70e67) C:\Windows\System32\wbiosrvc.dll

17:39:40.0136 0932 WbioSrvc - ok

17:39:40.0152 0932 wcncsvc (34eee0dfaadb4f691d6d5308a51315dc) C:\Windows\System32\wcncsvc.dll

17:39:40.0167 0932 wcncsvc - ok

17:39:40.0183 0932 WcsPlugInService (5d930b6357a6d2af4d7653bdabbf352f) C:\Windows\System32\WcsPlugInService.dll

17:39:40.0214 0932 WcsPlugInService - ok

17:39:40.0245 0932 Wd (1112a9badacb47b7c0bb0392e3158dff) C:\Windows\system32\drivers\wd.sys

17:39:40.0261 0932 Wd - ok

17:39:40.0292 0932 Wdf01000 (9950e3d0f08141c7e89e64456ae7dc73) C:\Windows\system32\drivers\Wdf01000.sys

17:39:40.0308 0932 Wdf01000 - ok

17:39:40.0323 0932 WdiServiceHost (46ef9dc96265fd0b423db72e7c38c2a5) C:\Windows\system32\wdi.dll

17:39:40.0354 0932 WdiServiceHost - ok

17:39:40.0370 0932 WdiSystemHost (46ef9dc96265fd0b423db72e7c38c2a5) C:\Windows\system32\wdi.dll

17:39:40.0386 0932 WdiSystemHost - ok

17:39:40.0401 0932 WebClient (a9d880f97530d5b8fee278923349929d) C:\Windows\System32\webclnt.dll

17:39:40.0417 0932 WebClient - ok

17:39:40.0448 0932 Wecsvc (760f0afe937a77cff27153206534f275) C:\Windows\system32\wecsvc.dll

17:39:40.0479 0932 Wecsvc - ok

17:39:40.0495 0932 wercplsupport (ac804569bb2364fb6017370258a4091b) C:\Windows\System32\wercplsupport.dll

17:39:40.0526 0932 wercplsupport - ok

17:39:40.0542 0932 WerSvc (08e420d873e4fd85241ee2421b02c4a4) C:\Windows\System32\WerSvc.dll

17:39:40.0573 0932 WerSvc - ok

17:39:40.0604 0932 WfpLwf (8b9a943f3b53861f2bfaf6c186168f79) C:\Windows\system32\DRIVERS\wfplwf.sys

17:39:40.0635 0932 WfpLwf - ok

17:39:40.0635 0932 WIMMount (5cf95b35e59e2a38023836fff31be64c) C:\Windows\system32\drivers\wimmount.sys

17:39:40.0651 0932 WIMMount - ok

17:39:40.0744 0932 WinDefend (3fae8f94296001c32eab62cd7d82e0fd) C:\Program Files\Windows Defender\mpsvc.dll

17:39:40.0791 0932 WinDefend - ok

17:39:40.0791 0932 WinHttpAutoProxySvc - ok

17:39:40.0838 0932 Winmgmt (f62e510b6ad4c21eb9fe8668ed251826) C:\Windows\system32\wbem\WMIsvc.dll

17:39:40.0869 0932 Winmgmt - ok

17:39:40.0947 0932 WinRM (1b91cd34ea3a90ab6a4ef0550174f4cc) C:\Windows\system32\WsmSvc.dll

17:39:40.0994 0932 WinRM - ok

17:39:41.0056 0932 Wlansvc (16935c98ff639d185086a3529b1f2067) C:\Windows\System32\wlansvc.dll

17:39:41.0103 0932 Wlansvc - ok

17:39:41.0134 0932 WmiAcpi (0217679b8fca58714c3bf2726d2ca84e) C:\Windows\system32\drivers\wmiacpi.sys

17:39:41.0150 0932 WmiAcpi - ok

17:39:41.0166 0932 wmiApSrv (6eb6b66517b048d87dc1856ddf1f4c3f) C:\Windows\system32\wbem\WmiApSrv.exe

17:39:41.0197 0932 wmiApSrv - ok

17:39:41.0306 0932 WMPNetworkSvc (3b40d3a61aa8c21b88ae57c58ab3122e) C:\Program Files\Windows Media Player\wmpnetwk.exe

17:39:41.0337 0932 WMPNetworkSvc - ok

17:39:41.0353 0932 WPCSvc (a2f0ec770a92f2b3f9de6d518e11409c) C:\Windows\System32\wpcsvc.dll

17:39:41.0368 0932 WPCSvc - ok

17:39:41.0384 0932 WPDBusEnum (aa53356d60af47eacc85bc617a4f3f66) C:\Windows\system32\wpdbusenum.dll

17:39:41.0431 0932 WPDBusEnum - ok

17:39:41.0462 0932 ws2ifsl (6db3276587b853bf886b69528fdb048c) C:\Windows\system32\drivers\ws2ifsl.sys

17:39:41.0493 0932 ws2ifsl - ok

17:39:41.0509 0932 wscsvc (6f5d49efe0e7164e03ae773a3fe25340) C:\Windows\System32\wscsvc.dll

17:39:41.0524 0932 wscsvc - ok

17:39:41.0540 0932 WSearch - ok

17:39:41.0634 0932 wuauserv (3026418a50c5b4761befa632cedb7406) C:\Windows\system32\wuaueng.dll

17:39:41.0680 0932 wuauserv - ok

17:39:41.0743 0932 WudfPf (e714a1c0354636837e20ccbf00888ee7) C:\Windows\system32\drivers\WudfPf.sys

17:39:41.0774 0932 WudfPf - ok

17:39:41.0774 0932 WUDFRd (1023ee888c9b47178c5293ed5336ab69) C:\Windows\system32\DRIVERS\WUDFRd.sys

17:39:41.0805 0932 WUDFRd - ok

17:39:41.0821 0932 wudfsvc (8d1e1e529a2c9e9b6a85b55a345f7629) C:\Windows\System32\WUDFSvc.dll

17:39:41.0852 0932 wudfsvc - ok

17:39:41.0868 0932 WwanSvc (ff2d745b560f7c71b31f30f4d49f73d2) C:\Windows\System32\wwansvc.dll

17:39:41.0899 0932 WwanSvc - ok

17:39:41.0930 0932 MBR (0x1B8) (a36c5e4f47e84449ff07ed3517b43a31) \Device\Harddisk1\DR1

17:39:42.0133 0932 \Device\Harddisk1\DR1 - ok

17:39:42.0133 0932 MBR (0x1B8) (b61ff8cbdc1d02e8294078333c67c3d5) \Device\Harddisk0\DR0

17:39:44.0520 0932 \Device\Harddisk0\DR0 - ok

17:39:44.0535 0932 Boot (0x1200) (260ba9c1dde46b1bd1d4f7cec9c39f2a) \Device\Harddisk1\DR1\Partition0

17:39:44.0535 0932 \Device\Harddisk1\DR1\Partition0 - ok

17:39:44.0551 0932 Boot (0x1200) (6e9ebbe7354e2d4f48d9ddb6753eac62) \Device\Harddisk1\DR1\Partition1

17:39:44.0551 0932 \Device\Harddisk1\DR1\Partition1 - ok

17:39:44.0551 0932 Boot (0x1200) (2677d99ae109d651b44b6271a24b2267) \Device\Harddisk0\DR0\Partition0

17:39:44.0551 0932 \Device\Harddisk0\DR0\Partition0 - ok

17:39:44.0551 0932 ============================================================

17:39:44.0551 0932 Scan finished

17:39:44.0551 0932 ============================================================

17:39:44.0566 5368 Detected object count: 2

17:39:44.0566 5368 Actual detected object count: 2

17:40:19.0542 5368 C:\Users\spencer\AppData\Local\Temp\EAOXKRFC.exe - copied to quarantine

17:40:19.0557 5368 HKLM\SYSTEM\ControlSet001\services\EAOXKRFC - will be deleted on reboot

17:40:19.0682 5368 C:\Users\spencer\AppData\Local\Temp\EAOXKRFC.exe - will be deleted on reboot

17:40:19.0682 5368 EAOXKRFC ( UnsignedFile.Multi.Generic ) - User select action: Delete

17:40:19.0729 5368 C:\Users\spencer\AppData\Local\Temp\EYPFNOQXCZDH.exe - copied to quarantine

17:40:19.0729 5368 HKLM\SYSTEM\ControlSet001\services\EYPFNOQXCZDH - will be deleted on reboot

17:40:19.0745 5368 C:\Users\spencer\AppData\Local\Temp\EYPFNOQXCZDH.exe - will be deleted on reboot

17:40:19.0745 5368 EYPFNOQXCZDH ( UnsignedFile.Multi.Generic ) - User select action: Delete

17:41:18.0900 4220 Deinitialize success

[spencerp]

ComboFix 12-06-02.03 - spencer 06/01/2012 17:42:48.1.2 - x86

Microsoft Windows 7 Home Premium 6.1.7601.1.1252.1.1033.18.3317.1837 [GMT -4:00]

Running from: c:\users\spencer\Desktop\ComboFix.exe

AV: ESET NOD32 Antivirus 6.0 *Disabled/Updated* {77DEAFED-8149-104B-25A1-21771CA47CD1}

AV: Microsoft Security Essentials *Disabled/Updated* {9765EA51-0D3C-7DFB-6091-10E4E1F341F6}

SP: ESET NOD32 Antivirus 6.0 *Disabled/Updated* {CCBF4E09-A773-1FC5-1F11-1A056723366C}

SP: Microsoft Security Essentials *Disabled/Updated* {2C040BB5-2B06-7275-5A21-2B969A740B4B}

SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

.

.

((((((((((((((((((((((((( Files Created from 2012-05-01 to 2012-06-01 )))))))))))))))))))))))))))))))

.

.

2012-06-01 21:46 . 2012-06-01 21:46 -------- d-----w- c:\users\Default\AppData\Local\temp

2012-06-01 21:40 . 2012-06-01 21:40 98992 ----a-w- c:\windows\system32\drivers\06603290.sys

2012-06-01 21:40 . 2012-06-01 21:40 -------- d-----w- C:\TDSSKiller_Quarantine

2012-06-01 08:08 . 2012-06-01 08:08 -------- d-----w- c:\program files\ESET

2012-06-01 07:49 . 2012-06-01 07:50 -------- d-----w- c:\program files\Common Files\Adobe

2012-06-01 06:17 . 2012-06-01 06:17 -------- d-----w- c:\program files\VS Revo Group

2012-06-01 06:13 . 2010-01-10 23:40 118784 ----a-w- c:\windows\system32\MSSTDFMT.DLL

2012-06-01 06:13 . 2010-01-10 23:40 1071088 ----a-w- c:\windows\system32\MSCOMCTL.OCX

2012-06-01 06:13 . 2012-06-01 06:16 -------- d-----w- c:\program files\SpywareBlaster

2012-06-01 06:11 . 2012-06-01 06:11 -------- d-----w- c:\program files\7-Zip

2012-06-01 05:58 . 2012-06-01 05:58 -------- d-----w- C:\ie-spyad_zo

2012-06-01 05:51 . 2012-06-01 05:51 -------- d--h--w- c:\windows\msdownld.tmp

2012-05-31 23:40 . 2012-05-31 23:40 56200 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{1CAB7B2A-C20E-47E0-84F4-AB5820DF4150}\offreg.dll

2012-05-31 23:40 . 2012-05-31 23:40 29904 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{1CAB7B2A-C20E-47E0-84F4-AB5820DF4150}\MpKsla52dafdb.sys

2012-05-31 23:37 . 2012-05-31 23:37 713784 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{DB0CDB15-9EDF-4F47-965F-14C1BBAA059C}\gapaengine.dll

2012-05-31 23:37 . 2012-05-08 13:40 6737808 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{1CAB7B2A-C20E-47E0-84F4-AB5820DF4150}\mpengine.dll

2012-05-31 23:23 . 2012-05-31 23:23 -------- d-----w- c:\program files\Microsoft Security Client

2012-05-31 20:08 . 2012-05-15 05:43 6737808 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{D73FDD3D-59BF-45BD-B3F1-8A4221DD6D58}\mpengine.dll

2012-05-31 18:16 . 2012-05-31 18:16 -------- d-----w- c:\program files\Speccy

2012-05-31 05:48 . 2012-05-31 05:48 -------- d-----w- c:\program files\VideoLAN

2012-05-31 05:01 . 2012-05-31 05:01 -------- d-----w- c:\program files\ImgBurn

2012-05-31 02:29 . 2012-05-31 02:29 -------- d-----w- c:\program files\Alex Feinman

2012-05-30 17:58 . 2011-03-11 05:39 148864 ----a-w- c:\windows\system32\drivers\storport.sys

2012-05-30 17:55 . 2011-02-19 06:30 805376 ----a-w- c:\windows\system32\FntCache.dll

2012-05-30 17:55 . 2011-02-19 06:30 739840 ----a-w- c:\windows\system32\d2d1.dll

2012-05-30 17:53 . 2012-05-30 17:53 -------- d-----w- c:\program files\Microsoft.NET

2012-05-30 17:32 . 2012-05-30 17:32 -------- d-----w- c:\windows\system32\Wat

2012-05-30 17:16 . 2012-05-30 17:16 -------- d-----w- c:\program files\Microsoft IntelliPoint

2012-05-30 17:16 . 2012-05-30 17:16 -------- d-----w- c:\windows\PCHEALTH

2012-05-30 17:16 . 2012-06-01 08:10 -------- d-sh--w- c:\windows\Installer

2012-05-30 17:06 . 2012-03-01 05:46 19824 ----a-w- c:\windows\system32\drivers\fs_rec.sys

2012-05-30 17:06 . 2012-03-01 05:37 172544 ----a-w- c:\windows\system32\wintrust.dll

2012-05-30 17:06 . 2012-03-01 05:33 159232 ----a-w- c:\windows\system32\imagehlp.dll

2012-05-30 17:06 . 2012-03-01 05:29 5120 ----a-w- c:\windows\system32\wmi.dll

2012-05-30 17:03 . 2012-03-31 04:39 3968368 ----a-w- c:\windows\system32\ntkrnlpa.exe

2012-05-30 17:02 . 2011-10-15 05:38 534528 ----a-w- c:\windows\system32\EncDec.dll

2012-05-30 17:01 . 2011-01-17 05:47 161792 ----a-w- c:\windows\system32\d3d10_1.dll

2012-05-30 17:01 . 2011-02-23 04:47 69632 ----a-w- c:\windows\system32\drivers\bowser.sys

2012-05-30 17:01 . 2011-04-09 05:56 123904 ----a-w- c:\windows\system32\poqexec.exe

2012-05-30 17:00 . 2011-04-22 19:14 27008 ----a-w- c:\windows\system32\drivers\Diskdump.sys

2012-05-30 17:00 . 2011-02-03 05:54 219008 ----a-w- c:\windows\system32\drivers\dxgmms1.sys

2012-05-30 16:54 . 2012-05-30 16:54 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware

2012-05-30 16:54 . 2012-05-30 16:54 -------- d-----w- c:\programdata\Malwarebytes

2012-05-30 16:54 . 2012-04-04 19:56 22344 ----a-w- c:\windows\system32\drivers\mbam.sys

2012-05-30 16:50 . 2012-05-30 16:50 -------- d-----w- c:\program files\SUPERAntiSpyware

2012-05-30 16:50 . 2012-05-30 16:50 -------- d-----w- c:\programdata\SUPERAntiSpyware.com

2012-05-30 11:01 . 2012-05-30 07:08 -------- d-----w- c:\windows\Panther

2012-05-30 08:13 . 2012-05-30 08:13 70304 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl

2012-05-30 08:13 . 2012-05-30 08:13 419488 ----a-w- c:\windows\system32\FlashPlayerApp.exe

2012-05-30 08:13 . 2012-05-30 08:13 -------- d-----w- c:\windows\system32\Macromed

2012-05-30 07:41 . 2012-01-31 12:44 237072 ------w- c:\windows\system32\MpSigStub.exe

2012-05-30 07:13 . 2012-05-30 07:13 -------- d-----w- c:\windows\system32\x64

2012-05-30 07:13 . 2009-09-23 23:30 1002008 ----a-w- c:\windows\system32\igxpun.exe

2012-05-30 07:13 . 2012-05-30 07:13 -------- d-----w- c:\program files\Common Files\logishrd

2012-05-30 07:10 . 2012-01-25 05:32 58880 ----a-w- c:\windows\system32\rdpwsx.dll

2012-05-30 07:10 . 2012-01-25 05:32 129536 ----a-w- c:\windows\system32\rdpcorekmts.dll

2012-05-30 07:10 . 2012-01-25 05:27 8192 ----a-w- c:\windows\system32\rdrmemptylst.exe

2012-05-30 07:10 . 2012-02-17 05:34 826880 ----a-w- c:\windows\system32\rdpcore.dll

2012-05-30 07:10 . 2012-02-17 04:14 183808 ----a-w- c:\windows\system32\drivers\rdpwd.sys

2012-05-30 07:10 . 2012-02-17 04:13 24576 ----a-w- c:\windows\system32\drivers\tdtcp.sys

2012-05-30 07:08 . 2012-05-30 07:09 -------- d-----w- c:\users\spencer

2012-05-30 07:08 . 2012-05-30 07:08 -------- d-----w- C:\Recovery

.

.

.

(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))

.

2012-04-30 12:54 . 2012-04-30 12:54 104160 ----a-w- c:\windows\system32\drivers\epfwwfpr.sys

2012-04-30 12:53 . 2012-04-30 12:53 121176 ----a-w- c:\windows\system32\drivers\ehdrv.sys

2012-04-30 12:53 . 2012-04-30 12:53 171128 ----a-w- c:\windows\system32\drivers\eamonm.sys

2012-03-21 00:44 . 2012-03-21 00:44 74112 ----a-w- c:\windows\system32\drivers\NisDrvWFP.sys

2012-03-21 00:44 . 2012-03-21 00:44 171064 ----a-w- c:\windows\system32\drivers\MpFilter.sys

.

.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))

.

.

*Note* empty entries & legit default entries are not shown

REGEDIT4

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"IgfxTray"="c:\windows\system32\igfxtray.exe" [2009-09-23 141848]

"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2009-09-23 173592]

"Persistence"="c:\windows\system32\igfxpers.exe" [2009-09-23 150552]

"Malwarebytes' Anti-Malware"="c:\program files\Malwarebytes' Anti-Malware\mbamgui.exe" [2012-04-04 462408]

"IntelliPoint"="c:\program files\Microsoft IntelliPoint\ipoint.exe" [2011-08-01 1821576]

"MSC"="c:\program files\Microsoft Security Client\msseces.exe" [2012-03-26 931200]

"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2012-04-04 843712]

"egui"="c:\program files\ESET\ESET NOD32 Antivirus\egui.exe" [2012-04-30 4295664]

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]

"ConsentPromptBehaviorAdmin"= 5 (0x5)

"ConsentPromptBehaviorUser"= 3 (0x3)

"EnableUIADesktopToggle"= 0 (0x0)

.

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\!SASCORE]

@=""

.

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MsMpSvc]

@="Service"

.

R2 AdobeARMservice;Adobe Acrobat Update Service;c:\program files\Common Files\Adobe\ARM\1.0\armsvc.exe [2012-04-04 63928]

R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]

R3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service;c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2012-05-30 257696]

R3 EAOXKRFC;EAOXKRFC;c:\users\spencer\AppData\Local\Temp\EAOXKRFC.exe [x]

R3 EYPFNOQXCZDH;EYPFNOQXCZDH;c:\users\spencer\AppData\Local\Temp\EYPFNOQXCZDH.exe [x]

R3 NisDrv;Microsoft Network Inspection System;c:\windows\system32\DRIVERS\NisDrvWFP.sys [2012-03-21 74112]

R3 NisSrv;Microsoft Network Inspection;c:\program files\Microsoft Security Client\NisSrv.exe [2012-03-26 214952]

R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [2010-11-20 52224]

R3 TsUsbGD;Remote Desktop Generic USB Device;c:\windows\system32\drivers\TsUsbGD.sys [2010-11-20 27264]

R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe [2012-05-30 1343400]

S1 eamonm;eamonm;c:\windows\system32\DRIVERS\eamonm.sys [2012-04-30 171128]

S1 ehdrv;ehdrv;c:\windows\system32\DRIVERS\ehdrv.sys [2012-04-30 121176]

S1 MpKsla52dafdb;MpKsla52dafdb;c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{1CAB7B2A-C20E-47E0-84F4-AB5820DF4150}\MpKsla52dafdb.sys [2012-05-31 29904]

S1 SASDIFSV;SASDIFSV;c:\program files\SUPERAntiSpyware\SASDIFSV.SYS [2011-07-22 12880]

S1 SASKUTIL;SASKUTIL;c:\program files\SUPERAntiSpyware\SASKUTIL.SYS [2011-07-12 67664]

S2 !SASCORE;SAS Core Service;c:\program files\SUPERAntiSpyware\SASCORE.EXE [2011-08-11 116608]

S2 ekrn;ESET Service;c:\program files\ESET\ESET NOD32 Antivirus\ekrn.exe [2012-05-07 1119144]

S2 epfwwfpr;epfwwfpr;c:\windows\system32\DRIVERS\epfwwfpr.sys [2012-04-30 104160]

S2 MBAMService;MBAMService;c:\program files\Malwarebytes' Anti-Malware\mbamservice.exe [2012-04-04 654408]

S2 UMVPFSrv;UMVPFSrv;c:\program files\Common Files\logishrd\LVMVFM\UMVPFSrv.exe [2012-01-18 450848]

S3 CompFilter;UVCCompositeFilter;c:\windows\system32\DRIVERS\lvbusflt.sys [2012-01-18 22176]

S3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [2012-04-04 22344]

.

.

--- Other Services/Drivers In Memory ---

.

*NewlyCreated* - 15745396

*NewlyCreated* - CPUZ135

*NewlyCreated* - EAMONM

*NewlyCreated* - EHDRV

*NewlyCreated* - EPFWWFPR

*NewlyCreated* - MPFILTER

*NewlyCreated* - MPKSLA52DAFDB

*NewlyCreated* - RKREVEAL150

*Deregistered* - 15745396

*Deregistered* - cpuz135

*Deregistered* - RKREVEAL150

.

Contents of the 'Scheduled Tasks' folder

.

2012-06-01 c:\windows\Tasks\Adobe Flash Player Updater.job

- c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2012-05-30 08:13]

.

2012-06-01 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-50739193-1897631812-695329061-1000Core.job

- c:\users\spencer\AppData\Local\Google\Update\GoogleUpdate.exe [2012-05-31 07:38]

.

2012-06-01 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-50739193-1897631812-695329061-1000UA.job

- c:\users\spencer\AppData\Local\Google\Update\GoogleUpdate.exe [2012-05-31 07:38]

.

.

------- Supplementary Scan -------

.

TCP: DhcpNameServer = 192.168.1.1

.

- - - - ORPHANS REMOVED - - - -

.

SafeBoot-81138949.sys

.

.

.

--------------------- LOCKED REGISTRY KEYS ---------------------

.

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]

@Denied: (Full) (Everyone)

.

Completion time: 2012-06-01 17:48:36

ComboFix-quarantined-files.txt 2012-06-01 21:48

.

Pre-Run: 478,352,306,176 bytes free

Post-Run: 478,321,889,280 bytes free

.

- - End Of File - - 8CA7E9072B78171B9241A818558D3385

[spencerp]

Results of screen317's Security Check version 0.99.24

Windows 7 Service Pack 1 x86 (UAC is enabled)

Internet Explorer 9

``````````````````````````````

Antivirus/Firewall Check:

Windows Firewall Enabled!

ESET NOD32 Antivirus

Microsoft Security Essentials

WMI entry may not exist for antivirus; attempting automatic update.

```````````````````````````````

Anti-malware/Other Utilities Check:

MVPS Hosts File

SpywareBlaster 4.6

SUPERAntiSpyware

Adobe Reader X (10.1.3)

````````````````````````````````

Process Check:

objlist.exe by Laurent

Windows Defender MSMpEng.exe

Malwarebytes' Anti-Malware mbamservice.exe

Malwarebytes' Anti-Malware mbamgui.exe

Microsoft Security Essentials msseces.exe

``````````End of Log````````````

[spencerp]

I had blue screen of death other day too... been having them randomly some times...

Problem signature:

Problem Event Name: BlueScreen

OS Version: 6.1.7601.2.1.0.768.3

Locale ID: 1033

Additional information about the problem:

BCCode: 7a

BCP1: C045AF00

BCP2: C0000185

BCP3: 66788860

BCP4: 8B5E09E8

OS Version: 6_1_7601

Service Pack: 1_0

Product: 768_1

Files that help describe the problem:

C:\Windows\Minidump\053112-15927-01.dmp

C:\Users\spencer\AppData\Local\Temp\WER-23602-0.sysdata.xml

Read our privacy statement online:

http://go.microsoft.com/fwlink/?linkid=104288&clcid=0x0409

If the online privacy statement is not available, please read our privacy statement offline:

C:\Windows\system32\en-US\erofflps.txt

It's noted in that bleepingcomputer.com thread I linked above... hence that guy thinking it's motherboard issue...

[spencerp]

anyone alive? lol.. that's why i went and stayed on bleepingcomputer.com though... ya post stuff in here for help, then no one helps or no one comes back around to check and help... sigh. my as well just go to school and learn how to clean viruses myself... lol

[spencerp]

Even if the first guy/gal to offer to help isn't coming back to help immeadiately.. others should chime in to help too... >_>

[spencerp]

by the time people come around to help, period.. the computer could be in landfill .. and the victims of viruses, are spending the money they don't have to begin with..buying new computers. case in point; myself. had to reinstall windows 7 .. 5 or so times within week or two... now paid for brand new motherboard, and a HDD in hopes of starting FRESH again... so i can fall victim to trojans and virsues all over again 3 hours later!! ..

[spencerp]

alright, just forget it.. i'll just have to keep shelling out hundreds or money i don't have to buy new towers every time i get hit by crap viruses and trojans.. i keep seeing all these staff folks on here... all day, through out the day.. and none of them bother to chime in and help... i'm 40,000.00 in debt... some of that is school loans from years ago... the lady said i could use my loans towards more schooling again, so i guess i'll just invest it in schooling about removing trojans/viruses ... so i don't need to ask anyone from all these forums for help anymore.. and use money i don't have to spend on computers repeatedly... because of crap trojans and viruses censoreding up my damn censoreding computers!!! my as well tear down this forum too... because no one helps anyone here.. except who they want to help... and censored the rest in need of help... jesus censored... why bother!?!?!?

[D-FRED-BROWN]

anyone alive? lol.. that's why i went and stayed on bleepingcomputer.com though... ya post stuff in here for help, then no one helps or no one comes back around to check and help... sigh. my as well just go to school and learn how to clean viruses myself... lol

You posted a total of 5 replies to your thread 4 days after my original post, all within a matter of hours of each other.

Please understand that the Trusted Advisors, Experts, and forum Moderators at this site (as well as at BleepingComputer) have personal obligations to meet in addition to the work they do on here.

With that said, I will always reply no later than 24-48 hours when a user posts in their thread. Patience is appreciated.

Even if the first guy/gal to offer to help isn't coming back to help immeadiately.. others should chime in to help too... >_>

That's not how this forum works. If you post in the Malware Removal section here, one and only one member of the Malware Removal team will assist you with your thread. The same goes for the "Virus, Trojan, Spyware, and Malware Removal Logs" section at BleepingComputer (I am a staff member there as well).

I would also like to remind you that your tone and language is absolutely not appreciated. Please keep in mind this is a family forum, and we expect you to at least keep some level of courtesy when replying to other members on here. Foul language will not get you assistance any faster.

Since you have already receieved assistance at another website, I will have this thread closed.

Kind regards,

-DFB

[Maurice Naggar]

@spencerp

Posting to more than one anti-malware help forum is a bad drain on resources, all around. And worse, can lead to confusion.

Also, let me make you aware, many of the the Trusted advisors and Helpers volunteer their help on multiple forums, so they stay pretty busy.

Since you're being helped elsewhere, this topic is Closed.