PING.EXE (100% CPU)

[BlackenBlue]

Hello! Never tried the forum bit but here goes, I've read several posts of users having similar issues to what I'm seeing with my machine, as all of them were delighted with the results I'm highly inclined to seek your assistance.

It seems whenever I plug my computer into its internet connection the CPU usage goes full on, upon opening the WTM to find the culprit I see that PING.EXE begins with a nominal percentage before (in seconds) exponentially rocketing up to 100% causing the machine to freeze absolutely. However, no sooner than the cable has been disconnected, all returns to a stable operating state. Manually stopping ping.exe and the searchindexer.exe tree works temporarily but they soon revitalize and the issue resumes, svchost.exe also has a high CPU and memory usage but I've not tried stopping any of those. The few times I ventured online google.com would not work, where other sites would. I thought myself a fairly proficient a user when it comes to macro software processes but am bewildered by the Windows components and really don't want to deadline my machine.

I defer to the knowledge and experience of this forums admins, moderators, experts, and trusted advisors, Please Help!

Thankyou

Attach.txt

DDS.txt

[D-FRED-BROWN]

Hello BlackenBlue and welcome to Malwarebytes!

I am D-FRED-BROWN and I will be helping you.

Please print or save this topic: it will make it easier for you to follow the instructions and complete all of the necessary steps.

-------------

Please download to your Desktop:

• TDSSKiller.zip from here and extract it (right click on it => "Extract here").
  

>>> TDSSKiller: Double-click on TDSSKiller.exe to run the application.

• Click on the Start Scan button and wait for the scan and disinfection process to be over.
  
• If an infected file is detected, the default action will be Cure, click on Continue
  
• If a suspicious file is detected, the default action will be Skip, click on Continue
  
• If you are asked to reboot the computer to complete the process, click on the Reboot Now button. A report will be automatically saved at the root of the System drive ((usually C:\) in the form of "TDSSKiller.[Version]_[Date]_[Time]_log.txt" (for example, C:\TDSSKiller.2.2.0_20.12.2009_15.31.43_log.txt). Please copy and paste the contents of that file here.
  
• If no reboot is required, click on Report. A log file will appear. Please copy and paste the contents of that file in your next reply.
  

In your next reply, please include the following (you may need to use two posts to get it all in):

• TDSSKiller_log.txt
  

how the PC is running now?

-------------

Please download ComboFix.exe. Please visit this webpage for download links, and instructions for running the tool:

http://www.bleepingc...to-use-combofix

***IMPORTANT: save ComboFix to your Desktop***

* Ensure you have disabled all anti virus and anti malware programs so they do not interfere with the running of ComboFix.

Please go here to see a list of programs that should be disabled.

**Note: Do not mouseclick ComboFix's window while it's running. That may cause it to stall**

Please include the C:\ComboFix.txt in your next reply for further review.

Also, please let me know if any problems still remain.

-------------

Please download Security Check by screen317 from here or here.

• Save it to your Desktop.
  
• Double click SecurityCheck.exe and follow the onscreen instructions inside of the black box.
  
• A Notepad document should open automatically called checkup.txt; please post the contents of that document.
  

-------------

In your next reply, please include:

• TDSSKiller logfile
  
• C:\ComboFix.txt
  
• Security Check checkup.txt
  

How is your computer running now?

[BlackenBlue]

Hey D-FRED-BROWN thanks for the help, enclosed are the results requested.

00:34:54.0473 3440 TDSS rootkit removing tool 2.7.37.0 May 23 2012 08:15:30

00:34:54.0530 3440 ============================================================

00:34:54.0530 3440 Current date / time: 2012/05/25 00:34:54.0530

00:34:54.0530 3440 SystemInfo:

00:34:54.0530 3440

00:34:54.0530 3440 OS Version: 6.0.6000 ServicePack: 0.0

00:34:54.0530 3440 Product type: Workstation

00:34:54.0530 3440 ComputerName: SHOESCIFER-DESK

00:34:54.0530 3440 UserName: Shoescifer

00:34:54.0530 3440 Windows directory: C:\Windows

00:34:54.0530 3440 System windows directory: C:\Windows

00:34:54.0530 3440 Processor architecture: Intel x86

00:34:54.0530 3440 Number of processors: 2

00:34:54.0530 3440 Page size: 0x1000

00:34:54.0530 3440 Boot type: Normal boot

00:34:54.0530 3440 ============================================================

00:34:55.0104 3440 Drive \Device\Harddisk1\DR1 - Size: 0xDFBDD4000 (55.94 Gb), SectorSize: 0x200, Cylinders: 0x1E4E, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xF0, Type 'K0', Flags 0x00000050

00:34:55.0112 3440 Drive \Device\Harddisk0\DR0 - Size: 0x25433D6000 (149.05 Gb), SectorSize: 0x200, Cylinders: 0x4C01, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000050

00:34:55.0118 3440 Drive \Device\Harddisk2\DR2 - Size: 0x15D50F66000 (1397.27 Gb), SectorSize: 0x200, Cylinders: 0x2F509, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xF0, Type 'K0', Flags 0x00000050

00:34:55.0121 3440 ============================================================

00:34:55.0122 3440 \Device\Harddisk1\DR1:

00:34:55.0122 3440 MBR partitions:

00:34:55.0122 3440 \Device\Harddisk1\DR1\Partition0: MBR, Type 0x7, StartLBA 0x3F, BlocksNum 0x6FDA391

00:34:55.0122 3440 \Device\Harddisk0\DR0:

00:34:55.0145 3440 MBR partitions:

00:34:55.0145 3440 \Device\Harddisk0\DR0\Partition0: MBR, Type 0x7, StartLBA 0x800, BlocksNum 0x12A18800

00:34:55.0145 3440 \Device\Harddisk2\DR2:

00:34:55.0145 3440 MBR partitions:

00:34:55.0150 3440 \Device\Harddisk2\DR2\Partition0: MBR, Type 0x7, StartLBA 0x3F00, BlocksNum 0xAEA82841

00:34:55.0150 3440 ============================================================

00:34:55.0189 3440 C: <-> \Device\Harddisk0\DR0\Partition0

00:34:55.0219 3440 E: <-> \Device\Harddisk1\DR1\Partition0

00:34:55.0229 3440 G: <-> \Device\Harddisk2\DR2\Partition0

00:34:55.0229 3440 ============================================================

00:34:55.0229 3440 Initialize success

00:34:55.0229 3440 ============================================================

00:35:15.0553 2948 ============================================================

00:35:15.0554 2948 Scan started

00:35:15.0554 2948 Mode: Manual;

00:35:15.0554 2948 ============================================================

00:35:21.0089 2948 ACPI (84fc6df81212d16be5c4f441682feccc) C:\Windows\system32\drivers\acpi.sys

00:35:21.0092 2948 ACPI - ok

00:35:21.0137 2948 adp94xx (2edc5bbac6c651ece337bde8ed97c9fb) C:\Windows\system32\drivers\adp94xx.sys

00:35:21.0143 2948 adp94xx - ok

00:35:21.0169 2948 adpahci (b84088ca3cdca97da44a984c6ce1ccad) C:\Windows\system32\drivers\adpahci.sys

00:35:21.0173 2948 adpahci - ok

00:35:21.0194 2948 adpu160m (7880c67bccc27c86fd05aa2afb5ea469) C:\Windows\system32\drivers\adpu160m.sys

00:35:21.0195 2948 adpu160m - ok

00:35:21.0218 2948 adpu320 (9ae713f8e30efc2abccd84904333df4d) C:\Windows\system32\drivers\adpu320.sys

00:35:21.0220 2948 adpu320 - ok

00:35:21.0267 2948 AeLookupSvc (9d1fda9e086ba64e3c93c9de32461bcf) C:\Windows\System32\aelupsvc.dll

00:35:21.0268 2948 AeLookupSvc - ok

00:35:21.0299 2948 AFD (fc5251a1d0b16e75144b44f961805889) C:\Windows\system32\drivers\afd.sys

00:35:21.0307 2948 AFD ( Virus.Win32.ZAccess.h ) - infected

00:35:21.0307 2948 AFD - detected Virus.Win32.ZAccess.h (0)

00:35:21.0331 2948 agp440 (ef23439cdd587f64c2c1b8825cead7d8) C:\Windows\system32\drivers\agp440.sys

00:35:21.0332 2948 agp440 - ok

00:35:21.0351 2948 aic78xx (ae1fdf7bf7bb6c6a70f67699d880592a) C:\Windows\system32\drivers\djsvs.sys

00:35:21.0352 2948 aic78xx - ok

00:35:21.0390 2948 ALG (e69fb0e3112c40fdc0ef7d21a52dc951) C:\Windows\System32\alg.exe

00:35:21.0392 2948 ALG - ok

00:35:21.0407 2948 aliide (90395b64600ebb4552e26e178c94b2e4) C:\Windows\system32\drivers\aliide.sys

00:35:21.0408 2948 aliide - ok

00:35:21.0425 2948 amdagp (2b13e304c9dfdfa5eb582f6a149fa2c7) C:\Windows\system32\drivers\amdagp.sys

00:35:21.0426 2948 amdagp - ok

00:35:21.0444 2948 amdide (0577df1d323fe75a739c787893d300ea) C:\Windows\system32\drivers\amdide.sys

00:35:21.0444 2948 amdide - ok

00:35:21.0460 2948 AmdK7 (dc487885bcef9f28eece6fac0e5ddfc5) C:\Windows\system32\drivers\amdk7.sys

00:35:21.0461 2948 AmdK7 - ok

00:35:21.0504 2948 AmdK8 (0ca0071da4315b00fc1328ca86b425da) C:\Windows\system32\DRIVERS\amdk8.sys

00:35:21.0505 2948 AmdK8 - ok

00:35:21.0532 2948 Appinfo (cfa455816879f06f1c4e5bbf9e8aef7d) C:\Windows\System32\appinfo.dll

00:35:21.0533 2948 Appinfo - ok

00:35:21.0557 2948 AppMgmt (051e86735b71e8402aebc1d662f26ba2) C:\Windows\System32\appmgmts.dll

00:35:21.0560 2948 AppMgmt - ok

00:35:21.0586 2948 arc (5f673180268bb1fdb69c99b6619fe379) C:\Windows\system32\drivers\arc.sys

00:35:21.0587 2948 arc - ok

00:35:21.0609 2948 arcsas (957f7540b5e7f602e44648c7de5a1c05) C:\Windows\system32\drivers\arcsas.sys

00:35:21.0610 2948 arcsas - ok

00:35:21.0641 2948 AsyncMac (e86cf7ce67d5de898f27ef884dc357d8) C:\Windows\system32\DRIVERS\asyncmac.sys

00:35:21.0642 2948 AsyncMac - ok

00:35:21.0666 2948 atapi (b35cfcef838382ab6490b321c87edf17) C:\Windows\system32\drivers\atapi.sys

00:35:21.0667 2948 atapi - ok

00:35:21.0699 2948 AudioEndpointBuilder (e760fc1bd68f7f6f1b17eb4e8d9480b0) C:\Windows\System32\Audiosrv.dll

00:35:21.0703 2948 AudioEndpointBuilder - ok

00:35:21.0714 2948 Audiosrv (e760fc1bd68f7f6f1b17eb4e8d9480b0) C:\Windows\System32\Audiosrv.dll

00:35:21.0719 2948 Audiosrv - ok

00:35:21.0755 2948 Beep (ac3dd1708b22761ebd7cbe14dcc3b5d7) C:\Windows\system32\drivers\Beep.sys

00:35:21.0756 2948 Beep - ok

00:35:21.0826 2948 BITS (da551697e34d2b9943c8b1c8eaffe89a) C:\Windows\System32\qmgr.dll

00:35:21.0835 2948 BITS - ok

00:35:21.0843 2948 blbdrive - ok

00:35:21.0864 2948 bowser (913cd06fbe9105ce6077e90fd4418561) C:\Windows\system32\DRIVERS\bowser.sys

00:35:21.0866 2948 bowser - ok

00:35:21.0893 2948 BrFiltLo (9f9acc7f7ccde8a15c282d3f88b43309) C:\Windows\system32\drivers\brfiltlo.sys

00:35:21.0894 2948 BrFiltLo - ok

00:35:21.0910 2948 BrFiltUp (56801ad62213a41f6497f96dee83755a) C:\Windows\system32\drivers\brfiltup.sys

00:35:21.0911 2948 BrFiltUp - ok

00:35:21.0938 2948 Browser (beb6470532b7461d7bb426e3facb424f) C:\Windows\System32\browser.dll

00:35:21.0941 2948 Browser - ok

00:35:21.0959 2948 Brserid (b304e75cff293029eddf094246747113) C:\Windows\system32\drivers\brserid.sys

00:35:21.0960 2948 Brserid - ok

00:35:21.0978 2948 BrSerWdm (203f0b1e73adadbbb7b7b1fabd901f6b) C:\Windows\system32\drivers\brserwdm.sys

00:35:21.0979 2948 BrSerWdm - ok

00:35:22.0001 2948 BrUsbMdm (bd456606156ba17e60a04e18016ae54b) C:\Windows\system32\drivers\brusbmdm.sys

00:35:22.0002 2948 BrUsbMdm - ok

00:35:22.0020 2948 BrUsbSer (af72ed54503f717a43268b3cc5faec2e) C:\Windows\system32\drivers\brusbser.sys

00:35:22.0022 2948 BrUsbSer - ok

00:35:22.0038 2948 BTHMODEM (ad07c1ec6665b8b35741ab91200c6b68) C:\Windows\system32\drivers\bthmodem.sys

00:35:22.0039 2948 BTHMODEM - ok

00:35:22.0057 2948 cdfs (6c3a437fc873c6f6a4fc620b6888cb86) C:\Windows\system32\DRIVERS\cdfs.sys

00:35:22.0059 2948 cdfs - ok

00:35:22.0077 2948 cdrom (8d1866e61af096ae8b582454f5e4d303) C:\Windows\system32\DRIVERS\cdrom.sys

00:35:22.0078 2948 cdrom - ok

00:35:22.0104 2948 CertPropSvc (0600e04315fe543802a379d5d23c8be0) C:\Windows\System32\certprop.dll

00:35:22.0106 2948 CertPropSvc - ok

00:35:22.0122 2948 circlass (da8e0afc7baa226c538ef53ac2f90897) C:\Windows\system32\drivers\circlass.sys

00:35:22.0123 2948 circlass - ok

00:35:22.0177 2948 CLFS (1b84fd0937d3b99af9ba38ddff3daf54) C:\Windows\system32\CLFS.sys

00:35:22.0181 2948 CLFS - ok

00:35:22.0238 2948 clr_optimization_v2.0.50727_32 (d87acaed61e417bba546ced5e7e36d9c) C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe

00:35:22.0240 2948 clr_optimization_v2.0.50727_32 - ok

00:35:22.0269 2948 cmdide (45201046c776ffdaf3fc8a0029c581c8) C:\Windows\system32\drivers\cmdide.sys

00:35:22.0269 2948 cmdide - ok

00:35:22.0292 2948 Compbatt (82b8c91d327cfecf76cb58716f7d4997) C:\Windows\system32\drivers\compbatt.sys

00:35:22.0292 2948 Compbatt - ok

00:35:22.0299 2948 COMSysApp - ok

00:35:22.0330 2948 crcdisk (2a213ae086bbec5e937553c7d9a2b22c) C:\Windows\system32\drivers\crcdisk.sys

00:35:22.0332 2948 crcdisk - ok

00:35:22.0402 2948 Creative Audio Engine Licensing Service (c0ead9f8ab83d41ff07303c75589c2b8) C:\Program Files\Common Files\Creative Labs Shared\Service\CTAELicensing.exe

00:35:22.0404 2948 Creative Audio Engine Licensing Service - ok

00:35:22.0418 2948 Crusoe (22a7f883508176489f559ee745b5bf5d) C:\Windows\system32\drivers\crusoe.sys

00:35:22.0420 2948 Crusoe - ok

00:35:22.0455 2948 CryptSvc (1c26fb097170a2a91066d1e3a24366e3) C:\Windows\system32\cryptsvc.dll

00:35:22.0457 2948 CryptSvc - ok

00:35:22.0492 2948 CSC (ee95a5f89766f199557e5900ce6b2d7d) C:\Windows\system32\drivers\csc.sys

00:35:22.0496 2948 CSC - ok

00:35:22.0535 2948 CscService (68131a9a8e3f0ab5136bf386f02a3fc7) C:\Windows\System32\cscsvc.dll

00:35:22.0541 2948 CscService - ok

00:35:22.0657 2948 CTAudSvcService (69cdba2b9c397e349a04fa70dd9170a2) C:\Program Files\Creative\Shared Files\CTAudSvc.exe

00:35:22.0661 2948 CTAudSvcService - ok

00:35:22.0727 2948 DcomLaunch (7b981222a257d076885bffb66f19b7ce) C:\Windows\system32\rpcss.dll

00:35:22.0735 2948 DcomLaunch - ok

00:35:22.0782 2948 DfsC (a7179de59ae269ab70345527894ccd7c) C:\Windows\system32\Drivers\dfsc.sys

00:35:22.0784 2948 DfsC - ok

00:35:22.0889 2948 DFSR (e0d584aa76c7d845ba9f3a788260528f) C:\Windows\system32\DFSR.exe

00:35:22.0923 2948 DFSR - ok

00:35:23.0010 2948 Dhcp (dc45739bc22d528d2b3e50d3f6761750) C:\Windows\System32\dhcpcsvc.dll

00:35:23.0014 2948 Dhcp - ok

00:35:23.0050 2948 disk (841af4c4d41d3e3b2f244e976b0f7963) C:\Windows\system32\drivers\disk.sys

00:35:23.0051 2948 disk - ok

00:35:23.0092 2948 DNIMp50 (2782a4549cc6558c52b0753126b2a833) C:\Windows\system32\Drivers\DNIMp50.sys

00:35:23.0093 2948 DNIMp50 - ok

00:35:23.0107 2948 DNISp50 (b222622709a919c91cb54a90cf7ceefc) C:\Windows\system32\Drivers\DNISp50.sys

00:35:23.0108 2948 DNISp50 - ok

00:35:23.0148 2948 Dnscache (eecba1dd142bf8693c476be8f32fe253) C:\Windows\System32\dnsrslvr.dll

00:35:23.0150 2948 Dnscache - ok

00:35:23.0182 2948 dot3svc (1f795d214820e496bf1124434a6db546) C:\Windows\System32\dot3svc.dll

00:35:23.0185 2948 dot3svc - ok

00:35:23.0228 2948 DPS (032c90ad677bf7b7a8013d6087c7a921) C:\Windows\system32\dps.dll

00:35:23.0230 2948 DPS - ok

00:35:23.0265 2948 drmkaud (ee472cd2c01f6f8e8aa1fa06ffef61b6) C:\Windows\system32\drivers\drmkaud.sys

00:35:23.0266 2948 drmkaud - ok

00:35:23.0290 2948 DualCoreCenter - ok

00:35:23.0340 2948 DXGKrnl (334988883de69adb27e2cf9f9715bbdb) C:\Windows\System32\drivers\dxgkrnl.sys

00:35:23.0347 2948 DXGKrnl - ok

00:35:23.0390 2948 E1G60 (f88fb26547fd2ce6d0a5af2985892c48) C:\Windows\system32\DRIVERS\E1G60I32.sys

00:35:23.0391 2948 E1G60 - ok

00:35:23.0419 2948 EapHost (90a0a875642e18618010645311b4e89e) C:\Windows\System32\eapsvc.dll

00:35:23.0422 2948 EapHost - ok

00:35:23.0444 2948 Ecache (0efc7531b936ee57fdb4e837664c509f) C:\Windows\system32\drivers\ecache.sys

00:35:23.0446 2948 Ecache - ok

00:35:23.0456 2948 ehoaikia - ok

00:35:23.0507 2948 ehRecvr (b4580122b0a7b263b6ee9acba69c8013) C:\Windows\ehome\ehRecvr.exe

00:35:23.0512 2948 ehRecvr - ok

00:35:23.0534 2948 ehSched (ad1870c8e5d6dd340c829e6074bf3c3f) C:\Windows\ehome\ehsched.exe

00:35:23.0537 2948 ehSched - ok

00:35:23.0553 2948 ehstart (c27c4ee8926e74aa72efcab24c5242c3) C:\Windows\ehome\ehstart.dll

00:35:23.0554 2948 ehstart - ok

00:35:23.0604 2948 elxstor (e8f3f21a71720c84bcf423b80028359f) C:\Windows\system32\drivers\elxstor.sys

00:35:23.0608 2948 elxstor - ok

00:35:23.0665 2948 EMDMgmt (3226fda08988526e819e364e8cce4cee) C:\Windows\system32\emdmgmt.dll

00:35:23.0671 2948 EMDMgmt - ok

00:35:23.0703 2948 eqkukhxvoevxkcj - ok

00:35:23.0775 2948 EventSystem (7b4971c3d43525175a4ea0d143e0412e) C:\Windows\system32\es.dll

00:35:23.0779 2948 EventSystem - ok

00:35:23.0928 2948 fastfat (84a317cb0b3954d3768cdcd018dbf670) C:\Windows\system32\drivers\fastfat.sys

00:35:23.0929 2948 fastfat - ok

00:35:23.0967 2948 Fax (93f75490b02033df8edf4d7089c7e1d8) C:\Windows\system32\fxssvc.exe

00:35:23.0973 2948 Fax - ok

00:35:23.0996 2948 fdc (63bdada84951b9c03e641800e176898a) C:\Windows\system32\DRIVERS\fdc.sys

00:35:23.0996 2948 fdc - ok

00:35:24.0021 2948 fdPHost (e43bce1a77d6fd4ed5f8e0482b9e7df1) C:\Windows\system32\fdPHost.dll

00:35:24.0023 2948 fdPHost - ok

00:35:24.0039 2948 FDResPub (89ed56dce8e47af40892778a5bd31fd2) C:\Windows\system32\fdrespub.dll

00:35:24.0040 2948 FDResPub - ok

00:35:24.0050 2948 FileInfo (65773d6115c037ffd7ef8280ae85eb9d) C:\Windows\system32\drivers\fileinfo.sys

00:35:24.0052 2948 FileInfo - ok

00:35:24.0075 2948 Filetrace (c226dd0de060745f3e042f58dcf78402) C:\Windows\system32\drivers\filetrace.sys

00:35:24.0076 2948 Filetrace - ok

00:35:24.0091 2948 flpydisk (6603957eff5ec62d25075ea8ac27de68) C:\Windows\system32\DRIVERS\flpydisk.sys

00:35:24.0092 2948 flpydisk - ok

00:35:24.0119 2948 FltMgr (a6a8da7ae4d53394ab22ac3ab6d3f5d3) C:\Windows\system32\drivers\fltmgr.sys

00:35:24.0122 2948 FltMgr - ok

00:35:24.0193 2948 FontCache3.0.0.0 (c9be08664611ddaf98e2331e9288b00b) C:\Windows\Microsoft.Net\Framework\v3.0\WPF\PresentationFontCache.exe

00:35:24.0195 2948 FontCache3.0.0.0 - ok

00:35:24.0226 2948 Fs_Rec (66a078591208baa210c7634b11eb392c) C:\Windows\system32\drivers\Fs_Rec.sys

00:35:24.0227 2948 Fs_Rec - ok

00:35:24.0259 2948 fvevol (06a1cf72fbe3b50035fbff428c8d84b4) C:\Windows\system32\DRIVERS\fvevol.sys

00:35:24.0261 2948 fvevol - ok

00:35:24.0290 2948 gagp30kx (4e1cd0a45c50a8882616cae5bf82f3c5) C:\Windows\system32\drivers\gagp30kx.sys

00:35:24.0291 2948 gagp30kx - ok

00:35:24.0332 2948 GEARAspiWDM (8182ff89c65e4d38b2de4bb0fb18564e) C:\Windows\system32\DRIVERS\GEARAspiWDM.sys

00:35:24.0333 2948 GEARAspiWDM - ok

00:35:24.0341 2948 GMSIPCI - ok

00:35:24.0392 2948 gpsvc (bcf6589c42d8f6a20f33ef133ffe0524) C:\Windows\System32\gpsvc.dll

00:35:24.0399 2948 gpsvc - ok

00:35:24.0415 2948 HDAudBus (5fd053f305b77ebe97f284b20d89dc1c) C:\Windows\system32\drivers\hdaudbus.sys

00:35:24.0416 2948 HDAudBus - ok

00:35:24.0432 2948 HidBth (1338520e78d90154ed6be8f84de5fceb) C:\Windows\system32\drivers\hidbth.sys

00:35:24.0433 2948 HidBth - ok

00:35:24.0450 2948 HidIr (ff3160c3a2445128c5a6d9b076da519e) C:\Windows\system32\drivers\hidir.sys

00:35:24.0451 2948 HidIr - ok

00:35:24.0470 2948 hidserv (8fa640195279ace21bea91396a0054fc) C:\Windows\system32\hidserv.dll

00:35:24.0473 2948 hidserv - ok

00:35:24.0496 2948 HidUsb (3c64042b95e583b366ba4e5d2450235e) C:\Windows\system32\DRIVERS\hidusb.sys

00:35:24.0496 2948 HidUsb - ok

00:35:24.0519 2948 hkmsvc (d40aa05e29bf6ed29b139f044b461e9b) C:\Windows\system32\kmsvc.dll

00:35:24.0522 2948 hkmsvc - ok

00:35:24.0538 2948 HpCISSs (df353b401001246853763c4b7aaa6f50) C:\Windows\system32\drivers\hpcisss.sys

00:35:24.0539 2948 HpCISSs - ok

00:35:24.0597 2948 HTTP (ea24fe637d974a8a31bc650f478e3533) C:\Windows\system32\drivers\HTTP.sys

00:35:24.0602 2948 HTTP - ok

00:35:24.0619 2948 i2omp (324c2152ff2c61abae92d09f3cca4d63) C:\Windows\system32\drivers\i2omp.sys

00:35:24.0619 2948 i2omp - ok

00:35:24.0642 2948 i8042prt (1c9ee072baa3abb460b91d7ee9152660) C:\Windows\system32\DRIVERS\i8042prt.sys

00:35:24.0643 2948 i8042prt - ok

00:35:24.0666 2948 iaStorV (c957bf4b5d80b46c5017bf0101e6c906) C:\Windows\system32\drivers\iastorv.sys

00:35:24.0669 2948 iaStorV - ok

00:35:24.0762 2948 idsvc (7b630acaed64fef0c3e1cf255cb56686) C:\Windows\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe

00:35:24.0776 2948 idsvc - ok

00:35:24.0803 2948 iirsp (2d077bf86e843f901d8db709c95b49a5) C:\Windows\system32\drivers\iirsp.sys

00:35:24.0804 2948 iirsp - ok

00:35:24.0852 2948 IKEEXT (35662fe4d8622f667aa5a5568f7f1b40) C:\Windows\System32\ikeext.dll

00:35:24.0858 2948 IKEEXT - ok

00:35:24.0889 2948 intelide (97469037714070e45194ed318d636401) C:\Windows\system32\drivers\intelide.sys

00:35:24.0890 2948 intelide - ok

00:35:24.0908 2948 intelppm (ce44cc04262f28216dd4341e9e36a16f) C:\Windows\system32\DRIVERS\intelppm.sys

00:35:24.0910 2948 intelppm - ok

00:35:24.0930 2948 IPBusEnum (88cf5281ed9880d74dc9011cf8b5262d) C:\Windows\system32\ipbusenum.dll

00:35:24.0932 2948 IPBusEnum - ok

00:35:24.0952 2948 IpFilterDriver (880c6f86cc3f551b8fea2c11141268c0) C:\Windows\system32\DRIVERS\ipfltdrv.sys

00:35:24.0954 2948 IpFilterDriver - ok

00:35:24.0963 2948 IpInIp - ok

00:35:24.0983 2948 IPMIDRV (40f34f8aba2a015d780e4b09138b6c17) C:\Windows\system32\drivers\ipmidrv.sys

00:35:24.0986 2948 IPMIDRV - ok

00:35:25.0019 2948 IPNAT (10077c35845101548037df04fd1a420b) C:\Windows\system32\DRIVERS\ipnat.sys

00:35:25.0021 2948 IPNAT - ok

00:35:25.0104 2948 iPod Service (f62c69376a95795fe7cdb1c778edaca4) C:\Program Files\iPod\bin\iPodService.exe

00:35:25.0117 2948 iPod Service - ok

00:35:25.0139 2948 iprip (03d54e7bcf9b77ceaf34dc0057420352) C:\Windows\System32\iprip.dll

00:35:25.0141 2948 iprip - ok

00:35:25.0158 2948 IRENUM (a82f328f4792304184642d6d397bb1e3) C:\Windows\system32\drivers\irenum.sys

00:35:25.0159 2948 IRENUM - ok

00:35:25.0191 2948 isapnp (350fca7e73cf65bcef43fae1e4e91293) C:\Windows\system32\drivers\isapnp.sys

00:35:25.0192 2948 isapnp - ok

00:35:25.0212 2948 iScsiPrt (4dca456d4d5723f8fa9c6760d240b0df) C:\Windows\system32\DRIVERS\msiscsi.sys

00:35:25.0214 2948 iScsiPrt - ok

00:35:25.0235 2948 iteatapi (bced60d16156e428f8df8cf27b0df150) C:\Windows\system32\drivers\iteatapi.sys

00:35:25.0237 2948 iteatapi - ok

00:35:25.0259 2948 iteraid (06fa654504a498c30adca8bec4e87e7e) C:\Windows\system32\drivers\iteraid.sys

00:35:25.0260 2948 iteraid - ok

00:35:25.0278 2948 katkrzgd - ok

00:35:25.0308 2948 kbdclass (b076b2ab806b3f696dab21375389101c) C:\Windows\system32\DRIVERS\kbdclass.sys

00:35:25.0308 2948 kbdclass - ok

00:35:25.0324 2948 kbdhid (ed61dbc6603f612b7338283edbacbc4b) C:\Windows\system32\DRIVERS\kbdhid.sys

00:35:25.0325 2948 kbdhid - ok

00:35:25.0368 2948 KeyIso (c731b1fe449d4e9cea358c9d55b69be9) C:\Windows\system32\lsass.exe

00:35:25.0370 2948 KeyIso - ok

00:35:25.0409 2948 KSecDD (0a829977b078dea11641fc2af87ceade) C:\Windows\system32\Drivers\ksecdd.sys

00:35:25.0414 2948 KSecDD - ok

00:35:25.0453 2948 KtmRm (45c537fe5dde9a0146aeff76e615737d) C:\Windows\system32\msdtckrm.dll

00:35:25.0458 2948 KtmRm - ok

00:35:25.0492 2948 LanmanServer (53d1482fc1aa36ac015a85e6cf2146bd) C:\Windows\system32\srvsvc.dll

00:35:25.0496 2948 LanmanServer - ok

00:35:25.0545 2948 LanmanWorkstation (435f0f6dc87a4b5da78f1fa309884189) C:\Windows\System32\wkssvc.dll

00:35:25.0549 2948 LanmanWorkstation - ok

00:35:25.0577 2948 lltdio (fd015b4f95daa2b712f0e372a116fbad) C:\Windows\system32\DRIVERS\lltdio.sys

00:35:25.0579 2948 lltdio - ok

00:35:25.0617 2948 lltdsvc (7450dbcf754391dd6363fffd5ef0e789) C:\Windows\System32\lltdsvc.dll

00:35:25.0622 2948 lltdsvc - ok

00:35:25.0640 2948 lmhosts (35d40113e4a5b961b6ce5c5857702518) C:\Windows\System32\lmhsvc.dll

00:35:25.0642 2948 lmhosts - ok

00:35:25.0665 2948 LSI_FC (a2262fb9f28935e862b4db46438c80d2) C:\Windows\system32\drivers\lsi_fc.sys

00:35:25.0666 2948 LSI_FC - ok

00:35:25.0687 2948 LSI_SAS (30d73327d390f72a62f32c103daf1d6d) C:\Windows\system32\drivers\lsi_sas.sys

00:35:25.0689 2948 LSI_SAS - ok

00:35:25.0704 2948 LSI_SCSI (e1e36fefd45849a95f1ab81de0159fe3) C:\Windows\system32\drivers\lsi_scsi.sys

00:35:25.0706 2948 LSI_SCSI - ok

00:35:25.0723 2948 luafv (42885bb44b6e065b8575a8dd6c430c52) C:\Windows\system32\drivers\luafv.sys

00:35:25.0724 2948 luafv - ok

00:35:26.0019 2948 LVUVC (a240e42a7402e927a71b6e8aa4629b13) C:\Windows\system32\DRIVERS\lvuvc.sys

00:35:26.0091 2948 LVUVC - ok

00:35:26.0186 2948 MBAMProtector (fb097bbc1a18f044bd17bd2fccf97865) C:\Windows\system32\drivers\mbam.sys

00:35:26.0188 2948 MBAMProtector - ok

00:35:26.0266 2948 MBAMService (ba400ed640bca1eae5c727ae17c10207) C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe

00:35:26.0275 2948 MBAMService - ok

00:35:26.0300 2948 Mcx2Svc (e93c1ad58e88a0846eaee10671c2a8f3) C:\Windows\system32\Mcx2Svc.dll

00:35:26.0302 2948 Mcx2Svc - ok

00:35:26.0331 2948 megasas (d153b14fc6598eae8422a2037553adce) C:\Windows\system32\drivers\megasas.sys

00:35:26.0332 2948 megasas - ok

00:35:26.0355 2948 MMCSS (9dfa3a459af0954aa85b4f7622ad87bb) C:\Windows\system32\mmcss.dll

00:35:26.0358 2948 MMCSS - ok

00:35:26.0374 2948 Modem (21755967298a46fb6adfec9db6012211) C:\Windows\system32\drivers\modem.sys

00:35:26.0375 2948 Modem - ok

00:35:26.0401 2948 monitor (7446e104a5fe5987ca9e4983fbac4f97) C:\Windows\system32\DRIVERS\monitor.sys

00:35:26.0402 2948 monitor - ok

00:35:26.0434 2948 mouclass (5fba13c1a1841b0885d316ed3589489d) C:\Windows\system32\DRIVERS\mouclass.sys

00:35:26.0435 2948 mouclass - ok

00:35:26.0449 2948 mouhid (b569b5c5d3bde545df3a6af512cccdba) C:\Windows\system32\DRIVERS\mouhid.sys

00:35:26.0451 2948 mouhid - ok

00:35:26.0474 2948 MountMgr (01f1e5a3e4877c931cbb31613fec16a6) C:\Windows\system32\drivers\mountmgr.sys

00:35:26.0475 2948 MountMgr - ok

00:35:26.0502 2948 mpio (583a41f26278d9e0ea548163d6139397) C:\Windows\system32\drivers\mpio.sys

00:35:26.0504 2948 mpio - ok

00:35:26.0546 2948 mpsdrv (6e7a7f0c1193ee5648443fe2d4b789ec) C:\Windows\system32\drivers\mpsdrv.sys

00:35:26.0548 2948 mpsdrv - ok

00:35:26.0565 2948 Mraid35x (4fbbb70d30fd20ec51f80061703b001e) C:\Windows\system32\drivers\mraid35x.sys

00:35:26.0566 2948 Mraid35x - ok

00:35:26.0593 2948 MRxDAV (1d8828b98ee309d65e006f0829e280e5) C:\Windows\system32\drivers\mrxdav.sys

00:35:26.0596 2948 MRxDAV - ok

00:35:26.0652 2948 mrxsmb (8af705ce1bb907932157fab821170f27) C:\Windows\system32\DRIVERS\mrxsmb.sys

00:35:26.0653 2948 mrxsmb - ok

00:35:26.0702 2948 mrxsmb10 (47e13ab23371be3279eef22bbfa2c1be) C:\Windows\system32\DRIVERS\mrxsmb10.sys

00:35:26.0704 2948 mrxsmb10 - ok

00:35:26.0716 2948 mrxsmb20 (90b3fc7bd6b3d7ee7635debba2187f66) C:\Windows\system32\DRIVERS\mrxsmb20.sys

00:35:26.0718 2948 mrxsmb20 - ok

00:35:26.0761 2948 msahci (742aed7939e734c36b7e8d6228ce26b7) C:\Windows\system32\drivers\msahci.sys

00:35:26.0762 2948 msahci - ok

00:35:26.0785 2948 msdsm (3fc82a2ae4cc149165a94699183d3028) C:\Windows\system32\drivers\msdsm.sys

00:35:26.0787 2948 msdsm - ok

00:35:26.0817 2948 MSDTC (bc64a92d821efea8bab8e8caf1b668bc) C:\Windows\System32\msdtc.exe

00:35:26.0820 2948 MSDTC - ok

00:35:26.0843 2948 Msfs (729eafefd4e7417165f353a18dbe947d) C:\Windows\system32\drivers\Msfs.sys

00:35:26.0844 2948 Msfs - ok

00:35:26.0857 2948 msisadrv (5f454a16a5146cd91a176d70f0cfa3ec) C:\Windows\system32\drivers\msisadrv.sys

00:35:26.0858 2948 msisadrv - ok

00:35:26.0890 2948 MSiSCSI (8acf956d9154e893e789881430c12632) C:\Windows\system32\iscsiexe.dll

00:35:26.0893 2948 MSiSCSI - ok

00:35:26.0908 2948 msiserver - ok

00:35:26.0939 2948 MSKSSRV (892cedefa7e0ffe7be8da651b651d047) C:\Windows\system32\drivers\MSKSSRV.sys

00:35:26.0940 2948 MSKSSRV - ok

00:35:26.0967 2948 MSPCLOCK (ae2cb1da69b2676b4cee2a501af5871c) C:\Windows\system32\drivers\MSPCLOCK.sys

00:35:26.0968 2948 MSPCLOCK - ok

00:35:26.0983 2948 MSPQM (f910da84fa90c44a3addb7cd874463fd) C:\Windows\system32\drivers\MSPQM.sys

00:35:26.0984 2948 MSPQM - ok

00:35:27.0009 2948 MsRPC (84571c0ae07647ba38d493f5f0015df7) C:\Windows\system32\drivers\MsRPC.sys

00:35:27.0011 2948 MsRPC - ok

00:35:27.0037 2948 mssmbios (4385c80ede885e25492d408cad91bd6f) C:\Windows\system32\DRIVERS\mssmbios.sys

00:35:27.0038 2948 mssmbios - ok

00:35:27.0057 2948 MSTEE (c826dd1373f38afd9ca46ec3c436a14e) C:\Windows\system32\drivers\MSTEE.sys

00:35:27.0058 2948 MSTEE - ok

00:35:27.0075 2948 Mup (fa7aa70050cf5e2d15de00941e5665e5) C:\Windows\system32\Drivers\mup.sys

00:35:27.0076 2948 Mup - ok

00:35:27.0121 2948 napagent (1cdbb5d002fe2bc5300aa20550d8a52e) C:\Windows\system32\qagentRT.dll

00:35:27.0126 2948 napagent - ok

00:35:27.0154 2948 NativeWifiP (6da4a0fc7c0e83df0cb3cfd0a514c3bc) C:\Windows\system32\DRIVERS\nwifi.sys

00:35:27.0157 2948 NativeWifiP - ok

00:35:27.0200 2948 NDIS (227c11e1e7cf6ef8afb2a238d209760c) C:\Windows\system32\drivers\ndis.sys

00:35:27.0207 2948 NDIS - ok

00:35:27.0237 2948 NdisTapi (81659cdcbd0f9a9e07e6878ad8c78d3f) C:\Windows\system32\DRIVERS\ndistapi.sys

00:35:27.0239 2948 NdisTapi - ok

00:35:27.0263 2948 Ndisuio (5de5ee546bf40838ebe0e01cb629df64) C:\Windows\system32\DRIVERS\ndisuio.sys

00:35:27.0264 2948 Ndisuio - ok

00:35:27.0294 2948 NdisWan (397402adcbb8946223a1950101f6cd94) C:\Windows\system32\DRIVERS\ndiswan.sys

00:35:27.0296 2948 NdisWan - ok

00:35:27.0316 2948 NDProxy (1b24fa907af283199a81b3bb37e5e526) C:\Windows\system32\drivers\NDProxy.sys

00:35:27.0317 2948 NDProxy - ok

00:35:27.0334 2948 NetBIOS (356dbb9f98e8dc1028dd3092fceeb877) C:\Windows\system32\DRIVERS\netbios.sys

00:35:27.0335 2948 NetBIOS - ok

00:35:27.0362 2948 netbt (e3a168912e7eefc3bd3b814720d68b41) C:\Windows\system32\DRIVERS\netbt.sys

00:35:27.0365 2948 netbt - ok

00:35:27.0409 2948 Netlogon (c731b1fe449d4e9cea358c9d55b69be9) C:\Windows\system32\lsass.exe

00:35:27.0411 2948 Netlogon - ok

00:35:27.0449 2948 Netman (90a4dae28b94497f83bea0f2a3b77092) C:\Windows\System32\netman.dll

00:35:27.0454 2948 Netman - ok

00:35:27.0517 2948 NetMsmqActivator (0ad5876ef4e9eb77c8f93eb5b2fff386) C:\Windows\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe

00:35:27.0519 2948 NetMsmqActivator - ok

00:35:27.0528 2948 NetPipeActivator (0ad5876ef4e9eb77c8f93eb5b2fff386) C:\Windows\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe

00:35:27.0531 2948 NetPipeActivator - ok

00:35:27.0564 2948 netprofm (7c5c3d9ceee838856b828ab6f98a2857) C:\Windows\System32\netprofm.dll

00:35:27.0568 2948 netprofm - ok

00:35:27.0578 2948 NetTcpActivator (0ad5876ef4e9eb77c8f93eb5b2fff386) C:\Windows\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe

00:35:27.0580 2948 NetTcpActivator - ok

00:35:27.0598 2948 NetTcpPortSharing (0ad5876ef4e9eb77c8f93eb5b2fff386) C:\Windows\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe

00:35:27.0600 2948 NetTcpPortSharing - ok

00:35:27.0635 2948 nfrd960 (2e7fb731d4790a1bc6270accefacb36e) C:\Windows\system32\drivers\nfrd960.sys

00:35:27.0636 2948 nfrd960 - ok

00:35:27.0659 2948 NfsClnt (cecdd49e0779e555e62308e1c00f986a) C:\Windows\system32\nfsclnt.exe

00:35:27.0661 2948 NfsClnt - ok

00:35:27.0693 2948 NfsRdr (237946dee679df0991c4f2d4965c6ddd) C:\Windows\system32\drivers\nfsrdr.sys

00:35:27.0695 2948 NfsRdr - ok

00:35:27.0725 2948 NlaSvc (c424117a562f2de37a42266894c79aeb) C:\Windows\System32\nlasvc.dll

00:35:27.0729 2948 NlaSvc - ok

00:35:27.0745 2948 Npfs (4f9832beb9fafd8ceb0e541f1323b26e) C:\Windows\system32\drivers\Npfs.sys

00:35:27.0747 2948 Npfs - ok

00:35:27.0764 2948 nsi (23b8201a363de0e649fc75ee9874dee2) C:\Windows\system32\nsisvc.dll

00:35:27.0767 2948 nsi - ok

00:35:27.0786 2948 nsiproxy (b488dfec274de1fc9d653870ef2587be) C:\Windows\system32\drivers\nsiproxy.sys

00:35:27.0788 2948 nsiproxy - ok

00:35:27.0795 2948 NTACCESS - ok

00:35:27.0876 2948 Ntfs (37430aa7a66d7a63407adc2c0d05e9f6) C:\Windows\system32\drivers\Ntfs.sys

00:35:27.0886 2948 Ntfs - ok

00:35:27.0901 2948 ntrigdigi (e875c093aec0c978a90f30c9e0dfbb72) C:\Windows\system32\drivers\ntrigdigi.sys

00:35:27.0902 2948 ntrigdigi - ok

00:35:27.0970 2948 NuidFltr (cf7e041663119e09d2e118521ada9300) C:\Windows\system32\DRIVERS\NuidFltr.sys

00:35:27.0970 2948 NuidFltr - ok

00:35:27.0983 2948 Null (ec5efb3c60f1b624648344a328bce596) C:\Windows\system32\drivers\Null.sys

00:35:27.0984 2948 Null - ok

00:35:28.0027 2948 NVENETFD (1657f3fbd9061526c14ff37e79306f98) C:\Windows\system32\DRIVERS\nvm60x32.sys

00:35:28.0032 2948 NVENETFD - ok

00:35:28.0461 2948 nvlddmkm (847b1755f7757f825305a1ffe6dac3e9) C:\Windows\system32\DRIVERS\nvlddmkm.sys

00:35:28.0567 2948 nvlddmkm - ok

00:35:28.0668 2948 nvraid (e69e946f80c1c31c53003bfbf50cbb7c) C:\Windows\system32\drivers\nvraid.sys

00:35:28.0669 2948 nvraid - ok

00:35:28.0691 2948 nvstor (9e0ba19a28c498a6d323d065db76dffc) C:\Windows\system32\drivers\nvstor.sys

00:35:28.0692 2948 nvstor - ok

00:35:28.0736 2948 nvsvc (7c732aff202dcd06c3d262966d71604c) C:\Windows\system32\nvvsvc.exe

00:35:28.0744 2948 nvsvc - ok

00:35:28.0883 2948 nvUpdatusService (262d2fbf211a88dcb84249df0f6ef6e7) C:\Program Files\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe

00:35:28.0910 2948 nvUpdatusService - ok

00:35:28.0983 2948 nv_agp (07c186427eb8fcc3d8d7927187f260f7) C:\Windows\system32\drivers\nv_agp.sys

00:35:28.0985 2948 nv_agp - ok

00:35:28.0995 2948 NwlnkFlt - ok

00:35:29.0011 2948 NwlnkFwd - ok

00:35:29.0038 2948 ohci1394 (be32da025a0be1878f0ee8d6d9386cd5) C:\Windows\system32\DRIVERS\ohci1394.sys

00:35:29.0039 2948 ohci1394 - ok

00:35:29.0123 2948 P17 (f2519d547a6ac2afe0df0dc826a085a7) C:\Windows\system32\drivers\P17.sys

00:35:29.0134 2948 P17 - ok

00:35:29.0182 2948 p2pimsvc (016d01d3b8fb976a193c7434bed8dccf) C:\Windows\system32\p2psvc.dll

00:35:29.0190 2948 p2pimsvc - ok

00:35:29.0206 2948 p2psvc (016d01d3b8fb976a193c7434bed8dccf) C:\Windows\system32\p2psvc.dll

00:35:29.0215 2948 p2psvc - ok

00:35:29.0259 2948 Parport (0fa9b5055484649d63c303fe404e5f4d) C:\Windows\system32\drivers\parport.sys

00:35:29.0261 2948 Parport - ok

00:35:29.0281 2948 partmgr (555a5b2c8022983bc7467bc925b222ee) C:\Windows\system32\drivers\partmgr.sys

00:35:29.0283 2948 partmgr - ok

00:35:29.0298 2948 Parvdm (4f9a6a8a31413180d0fcb279ad5d8112) C:\Windows\system32\drivers\parvdm.sys

00:35:29.0299 2948 Parvdm - ok

00:35:29.0330 2948 PcaSvc (d8c5c215c932233a4f1d7f368f4e4e65) C:\Windows\System32\pcasvc.dll

00:35:29.0333 2948 PcaSvc - ok

00:35:29.0359 2948 pci (1085d75657807e0e8b32f9e19a1647c3) C:\Windows\system32\drivers\pci.sys

00:35:29.0361 2948 pci - ok

00:35:29.0389 2948 pciide (caba65e9c41cd2900d4c92d4f825c5f8) C:\Windows\system32\drivers\pciide.sys

00:35:29.0390 2948 pciide - ok

00:35:29.0421 2948 pcmcia (e6f3fb1b86aa519e7698ad05e58b04e5) C:\Windows\system32\drivers\pcmcia.sys

00:35:29.0424 2948 pcmcia - ok

00:35:29.0477 2948 PEAUTH (6349f6ed9c623b44b52ea3c63c831a92) C:\Windows\system32\drivers\peauth.sys

00:35:29.0485 2948 PEAUTH - ok

00:35:29.0627 2948 pla (cd05a38d166beade18030bafc0c0a939) C:\Windows\system32\pla.dll

00:35:29.0643 2948 pla - ok

00:35:29.0742 2948 PlugPlay (747bb4c31f3b6e8d1b5ed0ad61518cb5) C:\Windows\system32\umpnpmgr.dll

00:35:29.0746 2948 PlugPlay - ok

00:35:29.0790 2948 PNRPAutoReg (016d01d3b8fb976a193c7434bed8dccf) C:\Windows\system32\p2psvc.dll

00:35:29.0799 2948 PNRPAutoReg - ok

00:35:29.0814 2948 PNRPsvc (016d01d3b8fb976a193c7434bed8dccf) C:\Windows\system32\p2psvc.dll

00:35:29.0823 2948 PNRPsvc - ok

00:35:29.0883 2948 PolicyAgent (5ebdec613bd377ce9a85382be5c6b83b) C:\Windows\System32\ipsecsvc.dll

00:35:29.0889 2948 PolicyAgent - ok

00:35:29.0931 2948 PptpMiniport (6c359ac71d7b550a0d41f9db4563ce05) C:\Windows\system32\DRIVERS\raspptp.sys

00:35:29.0932 2948 PptpMiniport - ok

00:35:29.0958 2948 Processor (0e3cef5d28b40cf273281d620c50700a) C:\Windows\system32\drivers\processr.sys

00:35:29.0959 2948 Processor - ok

00:35:29.0979 2948 ProfSvc (213112e152e68f0e4705e36f052a2880) C:\Windows\system32\profsvc.dll

00:35:29.0982 2948 ProfSvc - ok

00:35:30.0018 2948 ProtectedStorage (c731b1fe449d4e9cea358c9d55b69be9) C:\Windows\system32\lsass.exe

00:35:30.0020 2948 ProtectedStorage - ok

00:35:30.0045 2948 PSched (2c8bae55247c4e09352e870292e4d1ab) C:\Windows\system32\DRIVERS\pacer.sys

00:35:30.0046 2948 PSched - ok

00:35:30.0098 2948 ql2300 (ccdac889326317792480c0a67156a1ec) C:\Windows\system32\drivers\ql2300.sys

00:35:30.0106 2948 ql2300 - ok

00:35:30.0126 2948 ql40xx (81a7e5c076e59995d54bc1ed3a16e60b) C:\Windows\system32\drivers\ql40xx.sys

00:35:30.0128 2948 ql40xx - ok

00:35:30.0160 2948 QWAVE (ca61bdfd3713a7ce75f2812afc431594) C:\Windows\system32\qwave.dll

00:35:30.0165 2948 QWAVE - ok

00:35:30.0180 2948 QWAVEdrv (d2b3e2b7426dc23e185fbc73c8936c12) C:\Windows\system32\drivers\qwavedrv.sys

00:35:30.0181 2948 QWAVEdrv - ok

00:35:30.0283 2948 R300 (e642b131fb74caf4bb8a014f31113142) C:\Windows\system32\DRIVERS\atikmdag.sys

00:35:30.0303 2948 R300 - ok

00:35:30.0391 2948 RasAcd (bd7b30f55b3649506dd8b3d38f571d2a) C:\Windows\system32\DRIVERS\rasacd.sys

00:35:30.0392 2948 RasAcd - ok

00:35:30.0418 2948 RasAuto (f14f4aab9f54d099fe99192bdb100ac9) C:\Windows\System32\rasauto.dll

00:35:30.0423 2948 RasAuto - ok

00:35:30.0441 2948 Rasl2tp (88587dd843e2059848995b407b67f6cf) C:\Windows\system32\DRIVERS\rasl2tp.sys

00:35:30.0442 2948 Rasl2tp - ok

00:35:30.0467 2948 RasMan (11d65e29bc9d1e4114d18fe68194394c) C:\Windows\System32\rasmans.dll

00:35:30.0472 2948 RasMan - ok

00:35:30.0488 2948 RasPppoe (ccf4e9c6cbbac81437f88cb2ae0b6c96) C:\Windows\system32\DRIVERS\raspppoe.sys

00:35:30.0489 2948 RasPppoe - ok

00:35:30.0526 2948 rdbss (54129c5d9581bbec8bd1ebd3ba813f47) C:\Windows\system32\DRIVERS\rdbss.sys

00:35:30.0529 2948 rdbss - ok

00:35:30.0543 2948 RDPCDD (794585276b5d7fca9f3fc15543f9f0b9) C:\Windows\system32\DRIVERS\RDPCDD.sys

00:35:30.0544 2948 RDPCDD - ok

00:35:30.0586 2948 rdpdr (e8bd98d46f2ed77132ba927fccb47d8b) C:\Windows\system32\DRIVERS\rdpdr.sys

00:35:30.0590 2948 rdpdr - ok

00:35:30.0601 2948 RDPENCDD (980b56e2e273e19d3a9d72d5c420f008) C:\Windows\system32\drivers\rdpencdd.sys

00:35:30.0603 2948 RDPENCDD - ok

00:35:30.0641 2948 RDPWD (8830e790a74a96605faba74f9665bb3c) C:\Windows\system32\drivers\RDPWD.sys

00:35:30.0643 2948 RDPWD - ok

00:35:30.0667 2948 RemoteAccess (6c1a43c589ee8011a1ebfd51c01b77ce) C:\Windows\System32\mprdim.dll

00:35:30.0671 2948 RemoteAccess - ok

00:35:30.0692 2948 RemoteRegistry (9a043808667c8c1893da7275af373f0e) C:\Windows\system32\regsvc.dll

00:35:30.0696 2948 RemoteRegistry - ok

00:35:30.0711 2948 RpcLocator (5123f83cbc4349d065534eeb6bbdc42b) C:\Windows\system32\locator.exe

00:35:30.0713 2948 RpcLocator - ok

00:35:30.0779 2948 RpcSs (7b981222a257d076885bffb66f19b7ce) C:\Windows\system32\rpcss.dll

00:35:30.0786 2948 RpcSs - ok

00:35:30.0810 2948 RpcXdr (a20b57599e08205a2270bdc2e8f15e6e) C:\Windows\system32\drivers\rpcxdr.sys

00:35:30.0811 2948 RpcXdr - ok

00:35:30.0831 2948 rspndr (97e939d2128fec5d5a3e6e79b290a2f4) C:\Windows\system32\DRIVERS\rspndr.sys

00:35:30.0832 2948 rspndr - ok

00:35:30.0880 2948 RT73 (7436bfd3a542cf6ff55097200031b293) C:\Windows\system32\DRIVERS\rt73.sys

00:35:30.0884 2948 RT73 - ok

00:35:30.0926 2948 SamSs (c731b1fe449d4e9cea358c9d55b69be9) C:\Windows\system32\lsass.exe

00:35:30.0928 2948 SamSs - ok

00:35:30.0942 2948 sbp2port (3ce8f073a557e172b330109436984e30) C:\Windows\system32\drivers\sbp2port.sys

00:35:30.0943 2948 sbp2port - ok

00:35:31.0033 2948 SBSDWSCService (794d4b48dfb6e999537c7c3947863463) C:\Program Files\Spybot - Search & Destroy\SDWinSec.exe

00:35:31.0052 2948 SBSDWSCService - ok

00:35:31.0077 2948 SCardSvr (565b4b9e5ad2f2f18a4f8aafa6c06bbb) C:\Windows\System32\SCardSvr.dll

00:35:31.0080 2948 SCardSvr - ok

00:35:31.0139 2948 Schedule (886cec884b5be29ab9828b8ab46b11f7) C:\Windows\system32\schedsvc.dll

00:35:31.0146 2948 Schedule - ok

00:35:31.0169 2948 SCPolicySvc (0600e04315fe543802a379d5d23c8be0) C:\Windows\System32\certprop.dll

00:35:31.0171 2948 SCPolicySvc - ok

00:35:31.0193 2948 SDRSVC (f7b6bf02240d0a764adf8c8966735552) C:\Windows\System32\SDRSVC.dll

00:35:31.0197 2948 SDRSVC - ok

00:35:31.0232 2948 secdrv (90a3935d05b494a5a39d37e71f09a677) C:\Windows\system32\drivers\secdrv.sys

00:35:31.0233 2948 secdrv - ok

00:35:31.0259 2948 seclogon (8388c4133ddbe62ad7bc3ec9f14271ed) C:\Windows\system32\seclogon.dll

00:35:31.0262 2948 seclogon - ok

00:35:31.0295 2948 SENS (34350ae2c1d33d21c7305f861bd8dad8) C:\Windows\System32\sens.dll

00:35:31.0298 2948 SENS - ok

00:35:31.0318 2948 Serenum (68e44e331d46f0fb38f0863a84cd1a31) C:\Windows\system32\drivers\serenum.sys

00:35:31.0319 2948 Serenum - ok

00:35:31.0343 2948 Serial (c70d69a918b178d3c3b06339b40c2e1b) C:\Windows\system32\drivers\serial.sys

00:35:31.0344 2948 Serial - ok

00:35:31.0359 2948 sermouse (450accd77ec5cea720c1cdb9e26b953b) C:\Windows\system32\drivers\sermouse.sys

00:35:31.0360 2948 sermouse - ok

00:35:31.0397 2948 SessionEnv (78878235da4df0d116e86837a0a21df8) C:\Windows\system32\sessenv.dll

00:35:31.0400 2948 SessionEnv - ok

00:35:31.0408 2948 SetupNTGLM7X - ok

00:35:31.0448 2948 sfdrv01 (b659e4af7534e3516ddc0b820db8f910) C:\Windows\system32\drivers\sfdrv01.sys

00:35:31.0449 2948 sfdrv01 - ok

00:35:31.0476 2948 sffdisk (103b79418da647736ee95645f305f68a) C:\Windows\system32\drivers\sffdisk.sys

00:35:31.0477 2948 sffdisk - ok

00:35:31.0494 2948 sffp_mmc (8fd08a310645fe872eeec6e08c6bf3ee) C:\Windows\system32\drivers\sffp_mmc.sys

00:35:31.0495 2948 sffp_mmc - ok

00:35:31.0514 2948 sffp_sd (9cfa05fcfcb7124e69cfc812b72f9614) C:\Windows\system32\drivers\sffp_sd.sys

00:35:31.0515 2948 sffp_sd - ok

00:35:31.0529 2948 sfhlp02 (64b9ab76f1b16eb059cb6cdd906c067a) C:\Windows\system32\drivers\sfhlp02.sys

00:35:31.0531 2948 sfhlp02 - ok

00:35:31.0552 2948 sfloppy (46ed8e91793b2e6f848015445a0ac188) C:\Windows\system32\drivers\sfloppy.sys

00:35:31.0552 2948 sfloppy - ok

00:35:31.0570 2948 sfsync02 (3fcb3fe43737b0ef6fe759fc0b886a69) C:\Windows\system32\drivers\sfsync02.sys

00:35:31.0572 2948 sfsync02 - ok

00:35:31.0623 2948 SharedAccess (9a82bf4c90b00a63150a606a1e2fd82b) C:\Windows\System32\ipnathlp.dll

00:35:31.0627 2948 SharedAccess - ok

00:35:31.0661 2948 ShellHWDetection (b264dfa21677728613267fe63802b332) C:\Windows\System32\shsvcs.dll

00:35:31.0666 2948 ShellHWDetection - ok

00:35:31.0705 2948 simptcp (e3181367c11a1e44dde621991e319c9c) C:\Windows\System32\tcpsvcs.exe

00:35:31.0708 2948 simptcp - ok

00:35:31.0725 2948 sisagp (d2a595d6eebeeaf4334f8e50efbc9931) C:\Windows\system32\drivers\sisagp.sys

00:35:31.0726 2948 sisagp - ok

00:35:31.0751 2948 SiSRaid2 (cedd6f4e7d84e9f98b34b3fe988373aa) C:\Windows\system32\drivers\sisraid2.sys

00:35:31.0752 2948 SiSRaid2 - ok

00:35:31.0786 2948 SiSRaid4 (df843c528c4f69d12ce41ce462e973a7) C:\Windows\system32\drivers\sisraid4.sys

00:35:31.0788 2948 SiSRaid4 - ok

00:35:31.0918 2948 slsvc (a1dcd30534835cb67733ad00175125a6) C:\Windows\system32\SLsvc.exe

00:35:31.0944 2948 slsvc - ok

00:35:32.0022 2948 SLUINotify (56da296e7b376a727e7bdc5ac7fbee02) C:\Windows\system32\SLUINotify.dll

00:35:32.0025 2948 SLUINotify - ok

00:35:32.0056 2948 Smb (ac0d90738adb51a6fd12ff00874a2162) C:\Windows\system32\DRIVERS\smb.sys

00:35:32.0057 2948 Smb - ok

00:35:32.0084 2948 SNMPTRAP (2a146a055b4401c16ee62d18b8e2a032) C:\Windows\System32\snmptrap.exe

00:35:32.0088 2948 SNMPTRAP - ok

00:35:32.0110 2948 spldr (426f9b029aa9162ceccf65369457d046) C:\Windows\system32\drivers\spldr.sys

00:35:32.0111 2948 spldr - ok

00:35:32.0129 2948 Spooler (da612ef2556776df2630b68bf2d48935) C:\Windows\System32\spoolsv.exe

00:35:32.0134 2948 Spooler - ok

00:35:32.0201 2948 sptd (71e276f6d189413266ea22171806597b) C:\Windows\system32\Drivers\sptd.sys

00:35:32.0202 2948 Suspicious file (NoAccess): C:\Windows\system32\Drivers\sptd.sys. md5: 71e276f6d189413266ea22171806597b

00:35:32.0206 2948 sptd ( LockedFile.Multi.Generic ) - warning

00:35:32.0206 2948 sptd - detected LockedFile.Multi.Generic (1)

00:35:32.0270 2948 srv (038579c35f7cad4a4bbf735dbf83277d) C:\Windows\system32\DRIVERS\srv.sys

00:35:32.0274 2948 srv - ok

00:35:32.0326 2948 srv2 (6971a757af8cb5e2cbcbb76cc530db6c) C:\Windows\system32\DRIVERS\srv2.sys

00:35:32.0328 2948 srv2 - ok

00:35:32.0348 2948 srvnet (9e1a4603b874eebce0298113951abefb) C:\Windows\system32\DRIVERS\srvnet.sys

00:35:32.0349 2948 srvnet - ok

00:35:32.0396 2948 sscdbus (d5dffeaa1e15d4effabb9d9a3068ac5b) C:\Windows\system32\DRIVERS\sscdbus.sys

00:35:32.0397 2948 sscdbus - ok

00:35:32.0432 2948 SSDPSRV (8d3e4baff8b3997138c38eb1b600519a) C:\Windows\System32\ssdpsrv.dll

00:35:32.0436 2948 SSDPSRV - ok

00:35:32.0479 2948 Steam Client Service - ok

00:35:32.0560 2948 stisvc (a941e099ef46e3cc12f898cbe1c39910) C:\Windows\System32\wiaservc.dll

00:35:32.0570 2948 stisvc - ok

00:35:32.0592 2948 swenum (1379bdb336f8158c176a465e30759f57) C:\Windows\system32\DRIVERS\swenum.sys

00:35:32.0593 2948 swenum - ok

00:35:32.0625 2948 swprv (749ada8d6c18a08adfede69cbf5db2e0) C:\Windows\System32\swprv.dll

00:35:32.0633 2948 swprv - ok

00:35:32.0656 2948 Symc8xx (192aa3ac01df071b541094f251deed10) C:\Windows\system32\drivers\symc8xx.sys

00:35:32.0658 2948 Symc8xx - ok

00:35:32.0680 2948 Sym_hi (8c8eb8c76736ebaf3b13b633b2e64125) C:\Windows\system32\drivers\sym_hi.sys

00:35:32.0681 2948 Sym_hi - ok

00:35:32.0699 2948 Sym_u3 (8072af52b5fd103bbba387a1e49f62cb) C:\Windows\system32\drivers\sym_u3.sys

00:35:32.0700 2948 Sym_u3 - ok

00:35:32.0753 2948 SysMain (8f2b5fede18bd3c4c926cbf88e6f1264) C:\Windows\system32\sysmain.dll

00:35:32.0762 2948 SysMain - ok

00:35:32.0786 2948 TabletInputService (2dca225eae15f42c0933e998ee0231c3) C:\Windows\System32\TabSvc.dll

00:35:32.0790 2948 TabletInputService - ok

00:35:32.0815 2948 TapiSrv (ef3dd33c740fc2f82e7e4622f1c49289) C:\Windows\System32\tapisrv.dll

00:35:32.0820 2948 TapiSrv - ok

00:35:32.0842 2948 TBS (68fa52794ae9acc61bde16fe0956b414) C:\Windows\System32\tbssvc.dll

00:35:32.0845 2948 TBS - ok

00:35:32.0917 2948 Tcpip (4a82fa8f0df67aa354580c3faaf8bde3) C:\Windows\system32\drivers\tcpip.sys

00:35:32.0925 2948 Tcpip - ok

00:35:32.0946 2948 Tcpip6 (4a82fa8f0df67aa354580c3faaf8bde3) C:\Windows\system32\DRIVERS\tcpip.sys

00:35:32.0955 2948 Tcpip6 - ok

00:35:32.0973 2948 tcpipreg (5ce0c4a7b12d0067dad527d72b68c726) C:\Windows\system32\drivers\tcpipreg.sys

00:35:32.0974 2948 tcpipreg - ok

00:35:32.0990 2948 TDPIPE (964248aef49c31fa6a93201a73ffaf50) C:\Windows\system32\drivers\tdpipe.sys

00:35:32.0991 2948 TDPIPE - ok

00:35:33.0007 2948 TDTCP (7d2c1ae1648a60fce4aa0f7982e419d3) C:\Windows\system32\drivers\tdtcp.sys

00:35:33.0008 2948 TDTCP - ok

00:35:33.0018 2948 tdx (ab4fde8af4a0270a46a001c08cbce1c2) C:\Windows\system32\DRIVERS\tdx.sys

00:35:33.0021 2948 tdx - ok

00:35:33.0069 2948 TermDD (0de31723082f9b177beab9ca33365016) C:\Windows\system32\DRIVERS\termdd.sys

00:35:33.0072 2948 TermDD - ok

00:35:33.0112 2948 TermService (fad71c1e8e4047b154e899ae31eb8caa) C:\Windows\System32\termsrv.dll

00:35:33.0119 2948 TermService - ok

00:35:33.0153 2948 Themes (b264dfa21677728613267fe63802b332) C:\Windows\system32\shsvcs.dll

00:35:33.0159 2948 Themes - ok

00:35:33.0186 2948 THREADORDER (9dfa3a459af0954aa85b4f7622ad87bb) C:\Windows\system32\mmcss.dll

00:35:33.0188 2948 THREADORDER - ok

00:35:33.0236 2948 tifsfilter (b0b3122bff3910e0ba97014045467778) C:\Windows\system32\DRIVERS\tifsfilt.sys

00:35:33.0238 2948 tifsfilter - ok

00:35:33.0277 2948 timounter (13bfe330880ac0ce8672d00aa5aff738) C:\Windows\system32\DRIVERS\timntr.sys

00:35:33.0282 2948 timounter - ok

00:35:33.0309 2948 TlntSvr (18720b71393ad23954d69a361e500f47) C:\Windows\System32\tlntsvr.exe

00:35:33.0313 2948 TlntSvr - ok

00:35:33.0338 2948 TrkWks (6bba0582c0025d43729a1112d3b57897) C:\Windows\System32\trkwks.dll

00:35:33.0342 2948 TrkWks - ok

00:35:33.0392 2948 TrustedInstaller (34e388a395fedba1d0511ed39bbf4074) C:\Windows\servicing\TrustedInstaller.exe

00:35:33.0394 2948 TrustedInstaller - ok

00:35:33.0423 2948 tssecsrv (29f0eca726f0d51f7e048bdb0b372f29) C:\Windows\system32\DRIVERS\tssecsrv.sys

00:35:33.0425 2948 tssecsrv - ok

00:35:33.0462 2948 tunmp (65e953bc0084d44498b51f59784d2a82) C:\Windows\system32\DRIVERS\tunmp.sys

00:35:33.0463 2948 tunmp - ok

00:35:33.0484 2948 tunnel (4a39bda5e0fd30bdf4884f9d33ae6105) C:\Windows\system32\DRIVERS\tunnel.sys

00:35:33.0485 2948 tunnel - ok

00:35:33.0521 2948 uagp35 (c3ade15414120033a36c0f293d4a4121) C:\Windows\system32\drivers\uagp35.sys

00:35:33.0522 2948 uagp35 - ok

00:35:33.0549 2948 udfs (6348da98707ceda8a0dfb05820e17732) C:\Windows\system32\DRIVERS\udfs.sys

00:35:33.0552 2948 udfs - ok

00:35:33.0599 2948 UI0Detect (24a333f4f14dcfb6ff6d5a1b9e5d79dd) C:\Windows\system32\UI0Detect.exe

00:35:33.0603 2948 UI0Detect - ok

00:35:33.0627 2948 uliagpkx (75e6890ebfce0841d3291b02e7a8bdb0) C:\Windows\system32\drivers\uliagpkx.sys

00:35:33.0629 2948 uliagpkx - ok

00:35:33.0659 2948 uliahci (3cd4ea35a6221b85dcc25daa46313f8d) C:\Windows\system32\drivers\uliahci.sys

00:35:33.0662 2948 uliahci - ok

00:35:33.0677 2948 UlSata (8514d0e5cd0534467c5fc61be94a569f) C:\Windows\system32\drivers\ulsata.sys

00:35:33.0678 2948 UlSata - ok

00:35:33.0703 2948 ulsata2 (38c3c6e62b157a6bc46594fada45c62b) C:\Windows\system32\drivers\ulsata2.sys

00:35:33.0706 2948 ulsata2 - ok

00:35:33.0722 2948 umbus (3fb78f1d1dd86d87bececd9dffa24dd9) C:\Windows\system32\DRIVERS\umbus.sys

00:35:33.0723 2948 umbus - ok

00:35:33.0750 2948 UmRdpService (cfbb746c889b9223d2ac268cf283a93e) C:\Windows\System32\umrdp.dll

00:35:33.0756 2948 UmRdpService - ok

00:35:33.0781 2948 upnphost (8eb871a3deb6b3d5a85eb6ddfc390b59) C:\Windows\System32\upnphost.dll

00:35:33.0786 2948 upnphost - ok

00:35:33.0833 2948 usbaudio (f6bf998ae33e3fb6c7d27f0560f1173f) C:\Windows\system32\drivers\usbaudio.sys

00:35:33.0835 2948 usbaudio - ok

00:35:33.0861 2948 usbccgp (b0ba9caffe9b0555ec0317f30cb79cd2) C:\Windows\system32\DRIVERS\usbccgp.sys

00:35:33.0863 2948 usbccgp - ok

00:35:33.0885 2948 USBCCID (68ab390b18a743aab32c669167aa6a61) C:\Windows\system32\DRIVERS\usbccid.sys

00:35:33.0887 2948 USBCCID - ok

00:35:33.0917 2948 usbcir (e9476e6c486e76bc4898074768fb7131) C:\Windows\system32\drivers\usbcir.sys

00:35:33.0919 2948 usbcir - ok

00:35:33.0951 2948 usbehci (c9fcd05b0a80ea08c2768e5a279b14de) C:\Windows\system32\DRIVERS\usbehci.sys

00:35:33.0952 2948 usbehci - ok

00:35:33.0978 2948 usbhub (5e44f7d957f7560da06bfe6b84b58a35) C:\Windows\system32\DRIVERS\usbhub.sys

00:35:33.0981 2948 usbhub - ok

00:35:34.0000 2948 usbohci (9333e482a173938788cbde8f81ec52fb) C:\Windows\system32\DRIVERS\usbohci.sys

00:35:34.0001 2948 usbohci - ok

00:35:34.0078 2948 USBPNPA (41b758cff0a3c10a69e088f440677399) C:\Windows\system32\drivers\CM108.sys

00:35:34.0090 2948 USBPNPA - ok

00:35:34.0119 2948 usbprint (b51e52acf758be00ef3a58ea452fe360) C:\Windows\system32\DRIVERS\usbprint.sys

00:35:34.0120 2948 usbprint - ok

00:35:34.0172 2948 USBSTOR (7887ce56934e7f104e98c975f47353c5) C:\Windows\system32\DRIVERS\USBSTOR.SYS

00:35:34.0174 2948 USBSTOR - ok

00:35:34.0190 2948 usbuhci (325dbbacb8a36af9988ccf40eac228cc) C:\Windows\system32\DRIVERS\usbuhci.sys

00:35:34.0191 2948 usbuhci - ok

00:35:34.0224 2948 usbvideo (0a6b81f01bc86399482e27e6fda7b33b) C:\Windows\system32\Drivers\usbvideo.sys

00:35:34.0226 2948 usbvideo - ok

00:35:34.0256 2948 UxSms (f79d0d7c9004474cb42746d9b2c30a2b) C:\Windows\System32\uxsms.dll

00:35:34.0259 2948 UxSms - ok

00:35:34.0302 2948 vds (c9d0bafee0d0a2681f048ca61bc0da96) C:\Windows\System32\vds.exe

00:35:34.0311 2948 vds - ok

00:35:34.0339 2948 vga (7d92be0028ecdedec74617009084b5ef) C:\Windows\system32\DRIVERS\vgapnp.sys

00:35:34.0341 2948 vga - ok

00:35:34.0357 2948 VgaSave (17a8f877314e4067f8c8172cc6d9101c) C:\Windows\System32\drivers\vga.sys

00:35:34.0358 2948 VgaSave - ok

00:35:34.0376 2948 viaagp (045d9961e591cf0674a920b6ba3ba5cb) C:\Windows\system32\drivers\viaagp.sys

00:35:34.0377 2948 viaagp - ok

00:35:34.0392 2948 ViaC7 (56a4de5f02f2e88182b0981119b4dd98) C:\Windows\system32\drivers\viac7.sys

00:35:34.0393 2948 ViaC7 - ok

00:35:34.0409 2948 viaide (fd2e3175fcada350c7ab4521dca187ec) C:\Windows\system32\drivers\viaide.sys

00:35:34.0410 2948 viaide - ok

00:35:34.0430 2948 volmgr (103e84c95832d0ed93507997cc7b54e8) C:\Windows\system32\drivers\volmgr.sys

00:35:34.0431 2948 volmgr - ok

00:35:34.0459 2948 volmgrx (294da8d3f965f6a8db934a83c7b461ff) C:\Windows\system32\drivers\volmgrx.sys

00:35:34.0463 2948 volmgrx - ok

00:35:34.0493 2948 volsnap (80dc0c9bcb579ed9815001a4d37cbfd5) C:\Windows\system32\drivers\volsnap.sys

00:35:34.0496 2948 volsnap - ok

00:35:34.0532 2948 vsmraid (d984439746d42b30fc65a4c3546c6829) C:\Windows\system32\drivers\vsmraid.sys

00:35:34.0534 2948 vsmraid - ok

00:35:34.0592 2948 VSS (e0e29d9ef2524abd11749c7c2fd7f607) C:\Windows\system32\vssvc.exe

00:35:34.0609 2948 VSS - ok

00:35:34.0633 2948 W32Time (62b0d0f6f5580d9d0dfa5e0b466ff2ed) C:\Windows\system32\w32time.dll

00:35:34.0639 2948 W32Time - ok

00:35:34.0671 2948 WacomPen (48dfee8f1af7c8235d4e626f0c4fe031) C:\Windows\system32\drivers\wacompen.sys

00:35:34.0672 2948 WacomPen - ok

00:35:34.0704 2948 Wanarp (6798c1209a53b5a0ded8d437c45145ff) C:\Windows\system32\DRIVERS\wanarp.sys

00:35:34.0706 2948 Wanarp - ok

00:35:34.0713 2948 Wanarpv6 (6798c1209a53b5a0ded8d437c45145ff) C:\Windows\system32\DRIVERS\wanarp.sys

00:35:34.0715 2948 Wanarpv6 - ok

00:35:34.0779 2948 WAS (c797ba5f4300e1c62f3663a40755aced) C:\Windows\system32\inetsrv\iisw3adm.dll

00:35:34.0785 2948 WAS - ok

00:35:34.0830 2948 wbengine (6d2f099d4ce88777e46cb1808c87b132) C:\Windows\system32\wbengine.exe

00:35:34.0841 2948 wbengine - ok

00:35:34.0865 2948 wcncsvc (c1b19162e0509ceab4cdf664e139d956) C:\Windows\System32\wcncsvc.dll

00:35:34.0871 2948 wcncsvc - ok

00:35:34.0890 2948 WcsPlugInService (11bcb7afcdd7aadacb5746f544d3a9c7) C:\Windows\System32\WcsPlugInService.dll

00:35:34.0893 2948 WcsPlugInService - ok

00:35:34.0922 2948 Wd (afc5ad65b991c1e205cf25cfdbf7a6f4) C:\Windows\system32\drivers\wd.sys

00:35:34.0923 2948 Wd - ok

00:35:34.0983 2948 Wdf01000 (dea0bf2354eb609c33f5f1bed41fd0e4) C:\Windows\system32\drivers\Wdf01000.sys

00:35:34.0991 2948 Suspicious file (Forged): C:\Windows\system32\drivers\Wdf01000.sys. Real md5: dea0bf2354eb609c33f5f1bed41fd0e4, Fake md5: 7b5f66e4a2219c7d9daf9e738480e534

00:35:34.0996 2948 Wdf01000 ( Virus.Win32.Rloader.a ) - infected

00:35:34.0996 2948 Wdf01000 - detected Virus.Win32.Rloader.a (0)

00:35:35.0010 2948 WdiServiceHost (2a424b89b14ef17a3d06bcb5a8f79601) C:\Windows\system32\wdi.dll

00:35:35.0013 2948 WdiServiceHost - ok

00:35:35.0023 2948 WdiSystemHost (2a424b89b14ef17a3d06bcb5a8f79601) C:\Windows\system32\wdi.dll

00:35:35.0028 2948 WdiSystemHost - ok

00:35:35.0082 2948 WebClient (01e41c264eedcb827820a1909162579f) C:\Windows\System32\webclnt.dll

00:35:35.0087 2948 WebClient - ok

00:35:35.0111 2948 Wecsvc (9cf67ff7f8d34cbf115d0c278b9f74aa) C:\Windows\system32\wecsvc.dll

00:35:35.0115 2948 Wecsvc - ok

00:35:35.0133 2948 wercplsupport (b68cab45db1dab59d92acadfad6364a8) C:\Windows\System32\wercplsupport.dll

00:35:35.0137 2948 wercplsupport - ok

00:35:35.0155 2948 WerSvc (36ba0707680ef4236fd752bee982cc25) C:\Windows\System32\WerSvc.dll

00:35:35.0161 2948 WerSvc - ok

00:35:35.0174 2948 WG111T - ok

00:35:35.0193 2948 WinHttpAutoProxySvc - ok

00:35:35.0263 2948 Winmgmt (38a7b89de4e3417c122317949667fdd8) C:\Windows\system32\wbem\WMIsvc.dll

00:35:35.0266 2948 Winmgmt - ok

00:35:35.0310 2948 WinRM (3f6823040030c3e4da1cf11cd40b7534) C:\Windows\system32\WsmSvc.dll

00:35:35.0317 2948 WinRM - ok

00:35:35.0394 2948 Wlansvc (7640acea41348bfef34b76e245501261) C:\Windows\System32\wlansvc.dll

00:35:35.0402 2948 Wlansvc - ok

00:35:35.0560 2948 wlidsvc (5144ae67d60ec653f97ddf3feed29e77) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE

00:35:35.0574 2948 wlidsvc - ok

00:35:35.0639 2948 WmiAcpi (701a9f884a294327e9141d73746ee279) C:\Windows\system32\drivers\wmiacpi.sys

00:35:35.0641 2948 WmiAcpi - ok

00:35:35.0709 2948 wmiApSrv (a279323bee5fffafda222910bce92132) C:\Windows\system32\wbem\WmiApSrv.exe

00:35:35.0712 2948 wmiApSrv - ok

00:35:35.0788 2948 WMPNetworkSvc (acb2e63d50157e3ea7140f29d9e76a48) C:\Program Files\Windows Media Player\wmpnetwk.exe

00:35:35.0797 2948 WMPNetworkSvc - ok

00:35:35.0828 2948 WPCSvc (3d3b3b80c12abe506f56930c46422c28) C:\Windows\System32\wpcsvc.dll

00:35:35.0832 2948 WPCSvc - ok

00:35:35.0859 2948 WPDBusEnum (c24844a1d0d9528b19d5bc266b8cd572) C:\Windows\system32\wpdbusenum.dll

00:35:35.0863 2948 WPDBusEnum - ok

00:35:35.0905 2948 WpdUsb (2d27171b16a577ef14c1273668753485) C:\Windows\system32\DRIVERS\wpdusb.sys

00:35:35.0906 2948 WpdUsb - ok

00:35:35.0931 2948 ws2ifsl (84620aecdcfd2a7a14e6263927d8c0ed) C:\Windows\system32\drivers\ws2ifsl.sys

00:35:35.0932 2948 ws2ifsl - ok

00:35:35.0942 2948 WSearch - ok

00:35:36.0070 2948 wuauserv (6298277b73c77fa99106b271a7525163) C:\Windows\system32\wuaueng.dll

00:35:36.0090 2948 wuauserv - ok

00:35:36.0187 2948 WUDFRd (a2aafcc8a204736296d937c7c545b53f) C:\Windows\system32\DRIVERS\WUDFRd.sys

00:35:36.0189 2948 WUDFRd - ok

00:35:36.0215 2948 wudfsvc (db5bf5aab72b1b99b5331231d09ebb26) C:\Windows\System32\WUDFSvc.dll

00:35:36.0218 2948 wudfsvc - ok

00:35:36.0245 2948 zchtfzvv - ok

00:35:36.0318 2948 MBR (0x1B8) (8f558eb6672622401da993e1e865c861) \Device\Harddisk1\DR1

00:35:36.0529 2948 \Device\Harddisk1\DR1 - ok

00:35:36.0546 2948 MBR (0x1B8) (8f558eb6672622401da993e1e865c861) \Device\Harddisk0\DR0

00:35:36.0716 2948 \Device\Harddisk0\DR0 - ok

00:35:36.0740 2948 MBR (0x1B8) (5fb38429d5d77768867c76dcbdb35194) \Device\Harddisk2\DR2

00:35:36.0771 2948 \Device\Harddisk2\DR2 - ok

00:35:36.0784 2948 Boot (0x1200) (254cf9751bc918afacfd12854f9c3ae2) \Device\Harddisk1\DR1\Partition0

00:35:36.0786 2948 \Device\Harddisk1\DR1\Partition0 - ok

00:35:36.0794 2948 Boot (0x1200) (f877bf7de6a56bb348643c6bdbd191f0) \Device\Harddisk0\DR0\Partition0

00:35:36.0795 2948 \Device\Harddisk0\DR0\Partition0 - ok

00:35:36.0807 2948 Boot (0x1200) (ec32dd878858ca703d0f86f050a7a619) \Device\Harddisk2\DR2\Partition0

00:35:36.0809 2948 \Device\Harddisk2\DR2\Partition0 - ok

00:35:36.0813 2948 ============================================================

00:35:36.0813 2948 Scan finished

00:35:36.0813 2948 ============================================================

00:35:36.0844 1404 Detected object count: 3

00:35:36.0844 1404 Actual detected object count: 3

00:36:48.0477 1404 C:\Windows\system32\drivers\afd.sys - copied to quarantine

00:36:48.0523 1404 C:\Windows\$NtUninstallKB17535$\3211131674\@ - copied to quarantine

00:36:48.0525 1404 C:\Windows\$NtUninstallKB17535$\3211131674\bckfg.tmp - copied to quarantine

00:36:48.0561 1404 C:\Windows\$NtUninstallKB17535$\3211131674\cfg.ini - copied to quarantine

00:36:48.0568 1404 C:\Windows\$NtUninstallKB17535$\3211131674\Desktop.ini - copied to quarantine

00:36:48.0569 1404 C:\Windows\$NtUninstallKB17535$\3211131674\keywords - copied to quarantine

00:36:48.0615 1404 C:\Windows\$NtUninstallKB17535$\3211131674\kwrd.dll - copied to quarantine

00:36:48.0661 1404 C:\Windows\$NtUninstallKB17535$\3211131674\L\fomtmfeh - copied to quarantine

00:36:48.0676 1404 C:\Windows\$NtUninstallKB17535$\3211131674\lsflt7.ver - copied to quarantine

00:36:48.0692 1404 C:\Windows\$NtUninstallKB17535$\3211131674\U\00000001.@ - copied to quarantine

00:36:48.0756 1404 C:\Windows\$NtUninstallKB17535$\3211131674\U\00000002.@ - copied to quarantine

00:36:48.0781 1404 C:\Windows\$NtUninstallKB17535$\3211131674\U\00000004.@ - copied to quarantine

00:36:48.0798 1404 C:\Windows\$NtUninstallKB17535$\3211131674\U\80000000.@ - copied to quarantine

00:36:48.0799 1404 C:\Windows\$NtUninstallKB17535$\3211131674\U\80000004.@ - copied to quarantine

00:36:48.0820 1404 C:\Windows\$NtUninstallKB17535$\3211131674\U\80000032.@ - copied to quarantine

00:36:48.0844 1404 VerifyFileNameVersionInfo: GetFileVersionInfoSizeW(C:\Windows\system32\drivers\afd.sys) error 1813

00:36:52.0272 1404 Backup copy not found, trying to cure infected file..

00:36:52.0276 1404 Cure success, using it..

00:36:52.0285 1404 C:\Windows\system32\drivers\afd.sys - will be cured on reboot

00:36:55.0089 1404 C:\Windows\$NtUninstallKB17535$\3211131674\@ - will be deleted on reboot

00:36:55.0089 1404 C:\Windows\$NtUninstallKB17535$\3211131674\bckfg.tmp - will be deleted on reboot

00:36:55.0090 1404 C:\Windows\$NtUninstallKB17535$\3211131674\cfg.ini - will be deleted on reboot

00:36:55.0090 1404 C:\Windows\$NtUninstallKB17535$\3211131674\Desktop.ini - will be deleted on reboot

00:36:55.0090 1404 C:\Windows\$NtUninstallKB17535$\3211131674\keywords - will be deleted on reboot

00:36:55.0090 1404 C:\Windows\$NtUninstallKB17535$\3211131674\kwrd.dll - will be deleted on reboot

00:36:55.0091 1404 C:\Windows\$NtUninstallKB17535$\3211131674\lsflt7.ver - will be deleted on reboot

00:36:55.0092 1404 C:\Windows\$NtUninstallKB17535$\3211131674\U\00000001.@ - will be deleted on reboot

00:36:55.0092 1404 C:\Windows\$NtUninstallKB17535$\3211131674\U\00000002.@ - will be deleted on reboot

00:36:55.0092 1404 C:\Windows\$NtUninstallKB17535$\3211131674\U\00000004.@ - will be deleted on reboot

00:36:55.0092 1404 C:\Windows\$NtUninstallKB17535$\3211131674\U\80000000.@ - will be deleted on reboot

00:36:55.0092 1404 C:\Windows\$NtUninstallKB17535$\3211131674\U\80000004.@ - will be deleted on reboot

00:36:55.0093 1404 C:\Windows\$NtUninstallKB17535$\3211131674\U\80000032.@ - will be deleted on reboot

00:36:55.0093 1404 C:\Windows\$NtUninstallKB17535$\342316488 - will be deleted on reboot

00:36:55.0095 1404 AFD ( Virus.Win32.ZAccess.h ) - User select action: Cure

00:36:55.0276 1404 C:\Windows\system32\Drivers\sptd.sys - copied to quarantine

00:36:55.0277 1404 sptd ( LockedFile.Multi.Generic ) - User select action: Quarantine

00:36:55.0453 1404 C:\Windows\system32\drivers\Wdf01000.sys - copied to quarantine

00:36:55.0572 1404 Backup copy not found, trying to cure infected file..

00:36:55.0578 1404 Cure success, using it..

00:36:55.0619 1404 C:\Windows\system32\drivers\Wdf01000.sys - will be cured on reboot

00:36:55.0620 1404 Wdf01000 ( Virus.Win32.Rloader.a ) - User select action: Cure

00:37:18.0693 3884 Deinitialize success

ComboFix 12-05-25.01 - Shoescifer 05/25/2012 1:30.2.2 - x86

Microsoft® Windows Vista™ Ultimate 6.0.6000.0.1252.1.1033.18.2046.1276 [GMT -5:00]

Running from: c:\users\Shoescifer\Desktop\ComboFix.exe

.

.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))

.

.

c:\users\Shoescifer\AppData\Roaming\install

c:\windows\system32\roboot.exe

.

.

((((((((((((((((((((((((( Files Created from 2012-04-25 to 2012-05-25 )))))))))))))))))))))))))))))))

.

.

2012-05-25 06:40 . 2012-05-25 06:40 -------- d-----w- c:\users\Shoescifer\AppData\Local\temp

2012-05-25 06:40 . 2012-05-25 06:40 -------- d-----w- c:\users\UpdatusUser\AppData\Local\temp

2012-05-25 06:40 . 2012-05-25 06:40 -------- d-----w- c:\users\Default\AppData\Local\temp

2012-05-25 05:36 . 2012-05-25 05:41 -------- d-----w- C:\TDSSKiller_Quarantine

2012-05-22 04:17 . 2012-05-22 04:17 -------- d-----w- C:\perflogs

.

.

.

(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))

.

2012-05-25 05:38 . 2010-04-09 03:32 495160 ----a-w- c:\windows\system32\drivers\Wdf01000.sys

2012-05-25 05:38 . 2006-11-02 08:58 270336 ----a-w- c:\windows\system32\drivers\afd.sys

2012-04-04 20:56 . 2010-10-31 00:50 22344 ----a-w- c:\windows\system32\drivers\mbam.sys

2010-01-16 02:26 . 2010-01-16 02:26 800544 ----a-w- c:\program files\jre-6u17-windows-i586-iftw-rv.exe

.

.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))

.

.

*Note* empty entries & legit default entries are not shown

REGEDIT4

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"P17RunE"="P17RunE.dll" [2008-03-28 14848]

"UpdReg"="c:\windows\UpdReg.EXE" [2000-05-11 90112]

"Launch LGDCore"="c:\program files\Common Files\Logitech\G-series Software\LGDCore.exe" [2006-07-23 1126400]

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]

"EnableLUA"= 0 (0x0)

.

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\99010816.sys]

@=""

.

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run-]

"DAEMON Tools Lite"="c:\program files\DAEMON Tools Lite\daemon.exe" -autorun

"Sidebar"=c:\program files\Windows Sidebar\sidebar.exe /autoRun

"Google Update"="c:\users\Shoescifer\AppData\Local\Google\Update\GoogleUpdate.exe" /c

"SpybotSD TeaTimer"=c:\program files\Spybot - Search & Destroy\TeaTimer.exe

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-]

"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe"

"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe"

"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe"

"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" -atboottime

"Malwarebytes' Anti-Malware"="c:\program files\Malwarebytes' Anti-Malware\mbamgui.exe" /starttray

.

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Svc]

"AntiVirusOverride"=dword:00000001

"AntiSpywareOverride"=dword:00000001

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]

LPDService REG_MULTI_SZ

ipripsvc REG_MULTI_SZ iprip

.

[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{7070D8E0-650A-46b3-B03C-9497582E6A74}]

2008-04-11 22:23 38400 ----a-w- c:\windows\System32\SoundSchemes.exe

.

[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{B3688A53-AB2A-4b1d-8CEF-8F93D8C51C24}]

2008-08-28 15:50 30720 ----a-w- c:\windows\System32\soundschemes2.exe

.

Contents of the 'Scheduled Tasks' folder

.

2012-05-25 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-840902920-1704781909-3159423318-1000Core.job

- c:\users\Shoescifer\AppData\Local\Google\Update\GoogleUpdate.exe [2008-09-06 10:01]

.

2012-05-25 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-840902920-1704781909-3159423318-1000UA.job

- c:\users\Shoescifer\AppData\Local\Google\Update\GoogleUpdate.exe [2008-09-06 10:01]

.

2012-05-25 c:\windows\Tasks\User_Feed_Synchronization-{9DE75119-81A1-4BA2-A9F4-CAF78063A6EA}.job

- c:\windows\system32\msfeedssync.exe [2006-11-02 09:45]

.

.

------- Supplementary Scan -------

.

uStart Page = hxxp://google.com/

Trusted Zone: malwarebytes.org\forums

TCP: DhcpNameServer = 10.0.0.1

DPF: {8D7624E2-F8CB-412B-9132-FD571DBA78FB}

.

.

------- File Associations -------

.

.txt=GetDiz.Document

.

.

**************************************************************************

.

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net

Rootkit scan 2012-05-25 01:40

Windows 6.0.6000 NTFS

.

scanning hidden processes ...

.

scanning hidden autostart entries ...

.

scanning hidden files ...

.

scan completed successfully

hidden files: 0

.

**************************************************************************

.

[HKEY_LOCAL_MACHINE\system\ControlSet003\Services\eqkukhxvoevxkcj]

"imagepath"="\??\c:\windows\TEMP\EC08.tmp"

.

--------------------- LOCKED REGISTRY KEYS ---------------------

.

[HKEY_USERS\S-1-5-21-840902920-1704781909-3159423318-1000\Software\SecuROM\!CAUTION! NEVER A OR CHANGE ANY KEY*]

"??"=hex:38,b8,14,9e,15,6d,db,d8,eb,95,d0,e1,08,e8,3f,16,24,c7,c4,3f,8b,51,e8,

41,d1,f4,3c,0b,d2,d6,b2,f8,c0,f2,52,df,5d,c9,b2,bb,c0,f6,b0,a4,66,7b,8a,15,\

"??"=hex:5d,2e,bc,00,9b,07,bc,9c,34,34,87,88,c9,ab,ca,0d

.

[HKEY_USERS\S-1-5-21-840902920-1704781909-3159423318-1000\Software\SecuROM\License information*]

"datasecu"=hex:82,5f,4e,37,f7,b5,e9,84,f4,8c,49,0e,5e,e9,e2,c3,e2,44,9c,b7,87,

b2,36,e8,8f,7e,bc,1d,8f,1c,43,01,db,f2,de,38,89,6e,ab,1d,d4,20,69,45,eb,38,\

"rkeysecu"=hex:dc,44,49,72,7d,37,2a,e1,3b,1d,55,01,31,75,e2,de

.

Completion time: 2012-05-25 01:43:01

ComboFix-quarantined-files.txt 2012-05-25 06:42

ComboFix2.txt 2012-05-25 06:18

.

Pre-Run: 33,627,086,848 bytes free

Post-Run: 33,462,693,888 bytes free

.

- - End Of File - - E457B5D828F3BC80CBCB95BCAD02482D

Results of screen317's Security Check version 0.99.38

Windows Vista x86 (UAC is disabled!)

Out of date service pack!!

Internet Explorer 7 Out of date!

``````````````````````````````

Antivirus/Firewall Check:

Windows Firewall Enabled!

WMI entry may not exist for antivirus; attempting automatic update.

```````````````````````````````

Anti-malware/Other Utilities Check:

Spybot - Search & Destroy

Malwarebytes Anti-Malware version 1.61.0.1400

Java 6 Update 30

Java version out of date!

Adobe Flash Player 10 Flash Player out of date!

Adobe Flash Player 10.1.102.64 Flash Player out of Date!

````````````````````````````````

Process Check:

objlist.exe by Laurent

Malwarebytes Anti-Malware mbamservice.exe

Spybot Teatimer.exe is disabled!

``````````End of Log````````````

Thanks again for your time.

-BlackenBlue-

[D-FRED-BROWN]

We've got a little more fixing to do :

First,

BackupYour Registry with ERUNT

• Please go here, scroll down to ERUNT, and download.
  
• For version with the Installer:
  Use the setup program to install ERUNT on your computer
  
• For the zipped version:
  Unzip all the files into a folder of your choice.
  

Click Erunt.exe to backup your Registry to the folder of your choice.

Note: To restore your Registry, go to the folder and start ERDNT.exe

--------

Please do the following:

1. Close any open browsers.

2. Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.

3. Open notepad and copy/paste the text in the quotebox below into it:

KILLALL::

Driver::

99010816

eqkukhxvoevxkcj

File::

C:\Windows\System32\Drivers\99010816.sys

c:\windows\TEMP\EC08.tmp

Registry::

[-HKEY_LOCAL_MACHINE\system\ControlSet003\Services\eqkukhxvoevxkcj]

Reboot::

Save this as CFScript.txt, in the same location as ComboFix.exe

Refering to the picture above, drag CFScript into ComboFix.exe

When finished, it shall produce a log for you at C:\ComboFix.txt which I shall require in your next reply.

Note: Do not mouseclick combofix's window whilst it's running. That may cause it to stall.

Please include the newly-created C:\ComboFix.txt in your next reply, and let me know how things are running now

--------

Go ahead and run TDSSKiller one more time and post its log as well.

[BlackenBlue]

Computer seems to be running fairly well after all that, biggest change in usage occured after the initial run of TDSSKiller, during the first run of combofix it picked up on the Rootkit, ZeroAccess, pretty well certain they've been taken care of through the course of this cleansing. Here are the most recent combofix (post script) and TDSSKiller logs.

ComboFix 12-05-25.01 - Shoescifer 05/25/2012 12:41:33.3.2 - x86

Microsoft® Windows Vista™ Ultimate 6.0.6000.0.1252.1.1033.18.2046.1241 [GMT -5:00]

Running from: c:\users\Shoescifer\Desktop\ComboFix.exe

Command switches used :: c:\users\Shoescifer\Desktop\CFScript.txt

.

FILE ::

"c:\windows\System32\Drivers\99010816.sys"

"c:\windows\TEMP\EC08.tmp"

.

.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))

.

.

.

((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))

.

.

-------\Legacy_99010816

-------\Service_eqkukhxvoevxkcj

.

.

((((((((((((((((((((((((( Files Created from 2012-04-25 to 2012-05-25 )))))))))))))))))))))))))))))))

.

.

2012-05-25 17:49 . 2012-05-25 17:49 -------- d-----w- c:\users\UpdatusUser\AppData\Local\temp

2012-05-25 17:49 . 2012-05-25 17:49 -------- d-----w- c:\users\Default\AppData\Local\temp

2012-05-25 17:30 . 2012-05-25 17:31 -------- d-----w- c:\program files\ERUNT

2012-05-25 07:26 . 2012-05-25 17:37 3993600 ----a-w- c:\program files\GUT7E0A.tmp

2012-05-25 07:26 . 2012-05-25 07:26 -------- d-----w- c:\program files\GUM7E09.tmp

2012-05-25 06:43 . 2012-05-25 17:52 -------- d-----w- c:\users\Shoescifer\AppData\Local\temp

2012-05-25 05:36 . 2012-05-25 05:41 -------- d-----w- C:\TDSSKiller_Quarantine

2012-05-22 04:17 . 2012-05-22 04:17 -------- d-----w- C:\perflogs

.

.

.

(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))

.

2012-05-25 05:38 . 2010-04-09 03:32 495160 ----a-w- c:\windows\system32\drivers\Wdf01000.sys

2012-05-25 05:38 . 2006-11-02 08:58 270336 ----a-w- c:\windows\system32\drivers\afd.sys

2012-04-04 20:56 . 2010-10-31 00:50 22344 ----a-w- c:\windows\system32\drivers\mbam.sys

2010-01-16 02:26 . 2010-01-16 02:26 800544 ----a-w- c:\program files\jre-6u17-windows-i586-iftw-rv.exe

.

.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))

.

.

*Note* empty entries & legit default entries are not shown

REGEDIT4

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"P17RunE"="P17RunE.dll" [2008-03-28 14848]

"UpdReg"="c:\windows\UpdReg.EXE" [2000-05-11 90112]

"Launch LGDCore"="c:\program files\Common Files\Logitech\G-series Software\LGDCore.exe" [2006-07-23 1126400]

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]

"EnableLUA"= 0 (0x0)

.

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\99010816.sys]

@=""

.

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run-]

"DAEMON Tools Lite"="c:\program files\DAEMON Tools Lite\daemon.exe" -autorun

"Sidebar"=c:\program files\Windows Sidebar\sidebar.exe /autoRun

"Google Update"="c:\users\Shoescifer\AppData\Local\Google\Update\GoogleUpdate.exe" /c

"SpybotSD TeaTimer"=c:\program files\Spybot - Search & Destroy\TeaTimer.exe

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-]

"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe"

"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe"

"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe"

"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" -atboottime

"Malwarebytes' Anti-Malware"="c:\program files\Malwarebytes' Anti-Malware\mbamgui.exe" /starttray

.

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Svc]

"AntiVirusOverride"=dword:00000001

"AntiSpywareOverride"=dword:00000001

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]

LPDService REG_MULTI_SZ

ipripsvc REG_MULTI_SZ iprip

.

[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{7070D8E0-650A-46b3-B03C-9497582E6A74}]

2008-04-11 22:23 38400 ----a-w- c:\windows\System32\SoundSchemes.exe

.

[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{B3688A53-AB2A-4b1d-8CEF-8F93D8C51C24}]

2008-08-28 15:50 30720 ----a-w- c:\windows\System32\soundschemes2.exe

.

Contents of the 'Scheduled Tasks' folder

.

2012-05-25 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-840902920-1704781909-3159423318-1000Core.job

- c:\users\Shoescifer\AppData\Local\Google\Update\GoogleUpdate.exe [2008-09-06 10:01]

.

2012-05-25 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-840902920-1704781909-3159423318-1000UA.job

- c:\users\Shoescifer\AppData\Local\Google\Update\GoogleUpdate.exe [2008-09-06 10:01]

.

2012-05-25 c:\windows\Tasks\User_Feed_Synchronization-{9DE75119-81A1-4BA2-A9F4-CAF78063A6EA}.job

- c:\windows\system32\msfeedssync.exe [2006-11-02 09:45]

.

.

------- Supplementary Scan -------

.

uStart Page = hxxp://google.com/

Trusted Zone: malwarebytes.org\forums

TCP: DhcpNameServer = 10.0.0.1

DPF: {8D7624E2-F8CB-412B-9132-FD571DBA78FB}

.

.

**************************************************************************

.

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net

Rootkit scan 2012-05-25 12:52

Windows 6.0.6000 NTFS

.

scanning hidden processes ...

.

scanning hidden autostart entries ...

.

scanning hidden files ...

.

scan completed successfully

hidden files: 0

.

**************************************************************************

.

--------------------- LOCKED REGISTRY KEYS ---------------------

.

[HKEY_USERS\S-1-5-21-840902920-1704781909-3159423318-1000\Software\SecuROM\!CAUTION! NEVER A OR CHANGE ANY KEY*]

"??"=hex:38,b8,14,9e,15,6d,db,d8,eb,95,d0,e1,08,e8,3f,16,24,c7,c4,3f,8b,51,e8,

41,d1,f4,3c,0b,d2,d6,b2,f8,c0,f2,52,df,5d,c9,b2,bb,c0,f6,b0,a4,66,7b,8a,15,\

"??"=hex:5d,2e,bc,00,9b,07,bc,9c,34,34,87,88,c9,ab,ca,0d

.

[HKEY_USERS\S-1-5-21-840902920-1704781909-3159423318-1000\Software\SecuROM\License information*]

"datasecu"=hex:82,5f,4e,37,f7,b5,e9,84,f4,8c,49,0e,5e,e9,e2,c3,e2,44,9c,b7,87,

b2,36,e8,8f,7e,bc,1d,8f,1c,43,01,db,f2,de,38,89,6e,ab,1d,d4,20,69,45,eb,38,\

"rkeysecu"=hex:dc,44,49,72,7d,37,2a,e1,3b,1d,55,01,31,75,e2,de

.

------------------------ Other Running Processes ------------------------

.

c:\windows\system32\nvvsvc.exe

c:\program files\Creative\Shared Files\CTAudSvc.exe

c:\program files\NVIDIA Corporation\Display\nvxdsync.exe

c:\windows\system32\nvvsvc.exe

c:\windows\System32\tcpsvcs.exe

c:\program files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE

c:\program files\Spybot - Search & Destroy\SDWinSec.exe

c:\windows\system32\nfsclnt.exe

c:\program files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe

c:\windows\System32\rundll32.exe

c:\program files\Windows Media Player\wmpnscfg.exe

c:\windows\system32\wbem\unsecapp.exe

c:\program files\Windows Media Player\wmpnetwk.exe

c:\program files\Malwarebytes' Anti-Malware\mbamservice.exe

c:\program files\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe

.

**************************************************************************

.

Completion time: 2012-05-25 12:59:12 - machine was rebooted

ComboFix-quarantined-files.txt 2012-05-25 17:59

ComboFix2.txt 2012-05-25 06:43

ComboFix3.txt 2012-05-25 06:18

.

Pre-Run: 32,238,739,456 bytes free

Post-Run: 31,922,102,272 bytes free

.

- - End Of File - - 78D282FDC4373CD30098F47CB53FEB94

13:00:11.0134 3756 TDSS rootkit removing tool 2.7.37.0 May 23 2012 08:15:30

13:00:11.0485 3756 ============================================================

13:00:11.0485 3756 Current date / time: 2012/05/25 13:00:11.0485

13:00:11.0485 3756 SystemInfo:

13:00:11.0485 3756

13:00:11.0485 3756 OS Version: 6.0.6000 ServicePack: 0.0

13:00:11.0485 3756 Product type: Workstation

13:00:11.0485 3756 ComputerName: SHOESCIFER-DESK

13:00:11.0485 3756 UserName: Shoescifer

13:00:11.0485 3756 Windows directory: C:\Windows

13:00:11.0485 3756 System windows directory: C:\Windows

13:00:11.0485 3756 Processor architecture: Intel x86

13:00:11.0485 3756 Number of processors: 2

13:00:11.0485 3756 Page size: 0x1000

13:00:11.0485 3756 Boot type: Normal boot

13:00:11.0485 3756 ============================================================

13:00:12.0060 3756 Drive \Device\Harddisk0\DR0 - Size: 0xDFBDD4000 (55.94 Gb), SectorSize: 0x200, Cylinders: 0x1E4E, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xF0, Type 'K0', Flags 0x00000050

13:00:12.0067 3756 Drive \Device\Harddisk1\DR1 - Size: 0x25433D6000 (149.05 Gb), SectorSize: 0x200, Cylinders: 0x4C01, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000050

13:00:12.0087 3756 Drive \Device\Harddisk2\DR2 - Size: 0x15D50F66000 (1397.27 Gb), SectorSize: 0x200, Cylinders: 0x2F509, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xF0, Type 'K0', Flags 0x00000050

13:00:12.0091 3756 ============================================================

13:00:12.0091 3756 \Device\Harddisk0\DR0:

13:00:12.0091 3756 MBR partitions:

13:00:12.0091 3756 \Device\Harddisk0\DR0\Partition0: MBR, Type 0x7, StartLBA 0x3F, BlocksNum 0x6FDA391

13:00:12.0091 3756 \Device\Harddisk1\DR1:

13:00:12.0091 3756 MBR partitions:

13:00:12.0091 3756 \Device\Harddisk1\DR1\Partition0: MBR, Type 0x7, StartLBA 0x800, BlocksNum 0x12A18800

13:00:12.0091 3756 \Device\Harddisk2\DR2:

13:00:12.0091 3756 MBR partitions:

13:00:12.0095 3756 \Device\Harddisk2\DR2\Partition0: MBR, Type 0x7, StartLBA 0x3F00, BlocksNum 0xAEA82841

13:00:12.0095 3756 ============================================================

13:00:12.0220 3756 C: <-> \Device\Harddisk1\DR1\Partition0

13:00:12.0251 3756 E: <-> \Device\Harddisk0\DR0\Partition0

13:00:12.0255 3756 G: <-> \Device\Harddisk2\DR2\Partition0

13:00:12.0255 3756 ============================================================

13:00:12.0255 3756 Initialize success

13:00:12.0255 3756 ============================================================

13:00:14.0489 1584 ============================================================

13:00:14.0489 1584 Scan started

13:00:14.0489 1584 Mode: Manual;

13:00:14.0489 1584 ============================================================

13:00:15.0407 1584 ACPI (84fc6df81212d16be5c4f441682feccc) C:\Windows\system32\drivers\acpi.sys

13:00:15.0431 1584 ACPI - ok

13:00:15.0485 1584 adp94xx (2edc5bbac6c651ece337bde8ed97c9fb) C:\Windows\system32\drivers\adp94xx.sys

13:00:15.0493 1584 adp94xx - ok

13:00:15.0528 1584 adpahci (b84088ca3cdca97da44a984c6ce1ccad) C:\Windows\system32\drivers\adpahci.sys

13:00:15.0536 1584 adpahci - ok

13:00:15.0575 1584 adpu160m (7880c67bccc27c86fd05aa2afb5ea469) C:\Windows\system32\drivers\adpu160m.sys

13:00:15.0579 1584 adpu160m - ok

13:00:15.0618 1584 adpu320 (9ae713f8e30efc2abccd84904333df4d) C:\Windows\system32\drivers\adpu320.sys

13:00:15.0622 1584 adpu320 - ok

13:00:15.0692 1584 AeLookupSvc (9d1fda9e086ba64e3c93c9de32461bcf) C:\Windows\System32\aelupsvc.dll

13:00:15.0696 1584 AeLookupSvc - ok

13:00:15.0845 1584 AFD (5d24caf8efd924a875698ff28384db8b) C:\Windows\system32\drivers\afd.sys

13:00:15.0849 1584 AFD - ok

13:00:16.0099 1584 agp440 (ef23439cdd587f64c2c1b8825cead7d8) C:\Windows\system32\drivers\agp440.sys

13:00:16.0099 1584 agp440 - ok

13:00:16.0450 1584 aic78xx (ae1fdf7bf7bb6c6a70f67699d880592a) C:\Windows\system32\drivers\djsvs.sys

13:00:16.0482 1584 aic78xx - ok

13:00:16.0603 1584 ALG (e69fb0e3112c40fdc0ef7d21a52dc951) C:\Windows\System32\alg.exe

13:00:16.0614 1584 ALG - ok

13:00:16.0673 1584 aliide (90395b64600ebb4552e26e178c94b2e4) C:\Windows\system32\drivers\aliide.sys

13:00:16.0677 1584 aliide - ok

13:00:16.0790 1584 amdagp (2b13e304c9dfdfa5eb582f6a149fa2c7) C:\Windows\system32\drivers\amdagp.sys

13:00:16.0794 1584 amdagp - ok

13:00:16.0814 1584 amdide (0577df1d323fe75a739c787893d300ea) C:\Windows\system32\drivers\amdide.sys

13:00:16.0817 1584 amdide - ok

13:00:16.0853 1584 AmdK7 (dc487885bcef9f28eece6fac0e5ddfc5) C:\Windows\system32\drivers\amdk7.sys

13:00:16.0853 1584 AmdK7 - ok

13:00:16.0981 1584 AmdK8 (0ca0071da4315b00fc1328ca86b425da) C:\Windows\system32\DRIVERS\amdk8.sys

13:00:16.0985 1584 AmdK8 - ok

13:00:17.0060 1584 Appinfo (cfa455816879f06f1c4e5bbf9e8aef7d) C:\Windows\System32\appinfo.dll

13:00:17.0060 1584 Appinfo - ok

13:00:17.0083 1584 AppMgmt (051e86735b71e8402aebc1d662f26ba2) C:\Windows\System32\appmgmts.dll

13:00:17.0087 1584 AppMgmt - ok

13:00:17.0134 1584 arc (5f673180268bb1fdb69c99b6619fe379) C:\Windows\system32\drivers\arc.sys

13:00:17.0138 1584 arc - ok

13:00:17.0169 1584 arcsas (957f7540b5e7f602e44648c7de5a1c05) C:\Windows\system32\drivers\arcsas.sys

13:00:17.0173 1584 arcsas - ok

13:00:17.0212 1584 AsyncMac (e86cf7ce67d5de898f27ef884dc357d8) C:\Windows\system32\DRIVERS\asyncmac.sys

13:00:17.0212 1584 AsyncMac - ok

13:00:17.0267 1584 atapi (b35cfcef838382ab6490b321c87edf17) C:\Windows\system32\drivers\atapi.sys

13:00:17.0267 1584 atapi - ok

13:00:17.0646 1584 AudioEndpointBuilder (e760fc1bd68f7f6f1b17eb4e8d9480b0) C:\Windows\System32\Audiosrv.dll

13:00:17.0677 1584 AudioEndpointBuilder - ok

13:00:17.0685 1584 Audiosrv (e760fc1bd68f7f6f1b17eb4e8d9480b0) C:\Windows\System32\Audiosrv.dll

13:00:17.0692 1584 Audiosrv - ok

13:00:17.0759 1584 Beep (ac3dd1708b22761ebd7cbe14dcc3b5d7) C:\Windows\system32\drivers\Beep.sys

13:00:17.0759 1584 Beep - ok

13:00:17.0810 1584 BFE (98ebdffb824a7c265337d68dd480e45c) C:\Windows\System32\bfe.dll

13:00:17.0821 1584 BFE - ok

13:00:17.0981 1584 BITS (da551697e34d2b9943c8b1c8eaffe89a) C:\Windows\system32\qmgr.dll

13:00:17.0993 1584 BITS - ok

13:00:18.0005 1584 blbdrive - ok

13:00:18.0040 1584 bowser (913cd06fbe9105ce6077e90fd4418561) C:\Windows\system32\DRIVERS\bowser.sys

13:00:18.0040 1584 bowser - ok

13:00:18.0146 1584 BrFiltLo (9f9acc7f7ccde8a15c282d3f88b43309) C:\Windows\system32\drivers\brfiltlo.sys

13:00:18.0146 1584 BrFiltLo - ok

13:00:18.0177 1584 BrFiltUp (56801ad62213a41f6497f96dee83755a) C:\Windows\system32\drivers\brfiltup.sys

13:00:18.0181 1584 BrFiltUp - ok

13:00:18.0224 1584 Browser (beb6470532b7461d7bb426e3facb424f) C:\Windows\System32\browser.dll

13:00:18.0224 1584 Browser - ok

13:00:18.0259 1584 Brserid (b304e75cff293029eddf094246747113) C:\Windows\system32\drivers\brserid.sys

13:00:18.0259 1584 Brserid - ok

13:00:18.0298 1584 BrSerWdm (203f0b1e73adadbbb7b7b1fabd901f6b) C:\Windows\system32\drivers\brserwdm.sys

13:00:18.0298 1584 BrSerWdm - ok

13:00:18.0337 1584 BrUsbMdm (bd456606156ba17e60a04e18016ae54b) C:\Windows\system32\drivers\brusbmdm.sys

13:00:18.0337 1584 BrUsbMdm - ok

13:00:18.0356 1584 BrUsbSer (af72ed54503f717a43268b3cc5faec2e) C:\Windows\system32\drivers\brusbser.sys

13:00:18.0356 1584 BrUsbSer - ok

13:00:18.0380 1584 BTHMODEM (ad07c1ec6665b8b35741ab91200c6b68) C:\Windows\system32\drivers\bthmodem.sys

13:00:18.0384 1584 BTHMODEM - ok

13:00:18.0626 1584 catchme - ok

13:00:18.0696 1584 cdfs (6c3a437fc873c6f6a4fc620b6888cb86) C:\Windows\system32\DRIVERS\cdfs.sys

13:00:18.0700 1584 cdfs - ok

13:00:18.0728 1584 cdrom (8d1866e61af096ae8b582454f5e4d303) C:\Windows\system32\DRIVERS\cdrom.sys

13:00:18.0731 1584 cdrom - ok

13:00:18.0767 1584 CertPropSvc (0600e04315fe543802a379d5d23c8be0) C:\Windows\System32\certprop.dll

13:00:18.0767 1584 CertPropSvc - ok

13:00:18.0798 1584 circlass (da8e0afc7baa226c538ef53ac2f90897) C:\Windows\system32\drivers\circlass.sys

13:00:18.0798 1584 circlass - ok

13:00:18.0872 1584 CLFS (1b84fd0937d3b99af9ba38ddff3daf54) C:\Windows\system32\CLFS.sys

13:00:18.0876 1584 CLFS - ok

13:00:18.0946 1584 clr_optimization_v2.0.50727_32 (d87acaed61e417bba546ced5e7e36d9c) C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe

13:00:18.0950 1584 clr_optimization_v2.0.50727_32 - ok

13:00:18.0978 1584 cmdide (45201046c776ffdaf3fc8a0029c581c8) C:\Windows\system32\drivers\cmdide.sys

13:00:18.0981 1584 cmdide - ok

13:00:19.0001 1584 Compbatt (82b8c91d327cfecf76cb58716f7d4997) C:\Windows\system32\drivers\compbatt.sys

13:00:19.0005 1584 Compbatt - ok

13:00:19.0017 1584 COMSysApp - ok

13:00:19.0040 1584 crcdisk (2a213ae086bbec5e937553c7d9a2b22c) C:\Windows\system32\drivers\crcdisk.sys

13:00:19.0040 1584 crcdisk - ok

13:00:19.0126 1584 Creative Audio Engine Licensing Service (c0ead9f8ab83d41ff07303c75589c2b8) C:\Program Files\Common Files\Creative Labs Shared\Service\CTAELicensing.exe

13:00:19.0126 1584 Creative Audio Engine Licensing Service - ok

13:00:19.0149 1584 Crusoe (22a7f883508176489f559ee745b5bf5d) C:\Windows\system32\drivers\crusoe.sys

13:00:19.0149 1584 Crusoe - ok

13:00:19.0188 1584 CryptSvc (1c26fb097170a2a91066d1e3a24366e3) C:\Windows\system32\cryptsvc.dll

13:00:19.0192 1584 CryptSvc - ok

13:00:19.0267 1584 CSC (ee95a5f89766f199557e5900ce6b2d7d) C:\Windows\system32\drivers\csc.sys

13:00:19.0274 1584 CSC - ok

13:00:19.0313 1584 CscService (68131a9a8e3f0ab5136bf386f02a3fc7) C:\Windows\System32\cscsvc.dll

13:00:19.0341 1584 CscService - ok

13:00:19.0638 1584 CTAudSvcService (69cdba2b9c397e349a04fa70dd9170a2) C:\Program Files\Creative\Shared Files\CTAudSvc.exe

13:00:19.0665 1584 CTAudSvcService - ok

13:00:19.0763 1584 DcomLaunch (7b981222a257d076885bffb66f19b7ce) C:\Windows\system32\rpcss.dll

13:00:19.0771 1584 DcomLaunch - ok

13:00:19.0954 1584 DfsC (a7179de59ae269ab70345527894ccd7c) C:\Windows\system32\Drivers\dfsc.sys

13:00:19.0966 1584 DfsC - ok

13:00:20.0618 1584 DFSR (e0d584aa76c7d845ba9f3a788260528f) C:\Windows\system32\DFSR.exe

13:00:20.0700 1584 DFSR - ok

13:00:21.0126 1584 Dhcp (dc45739bc22d528d2b3e50d3f6761750) C:\Windows\System32\dhcpcsvc.dll

13:00:21.0153 1584 Dhcp - ok

13:00:21.0243 1584 disk (841af4c4d41d3e3b2f244e976b0f7963) C:\Windows\system32\drivers\disk.sys

13:00:21.0247 1584 disk - ok

13:00:21.0321 1584 DNIMp50 (2782a4549cc6558c52b0753126b2a833) C:\Windows\system32\Drivers\DNIMp50.sys

13:00:21.0325 1584 DNIMp50 - ok

13:00:21.0349 1584 DNISp50 (b222622709a919c91cb54a90cf7ceefc) C:\Windows\system32\Drivers\DNISp50.sys

13:00:21.0349 1584 DNISp50 - ok

13:00:21.0392 1584 Dnscache (eecba1dd142bf8693c476be8f32fe253) C:\Windows\System32\dnsrslvr.dll

13:00:21.0392 1584 Dnscache - ok

13:00:21.0450 1584 dot3svc (1f795d214820e496bf1124434a6db546) C:\Windows\System32\dot3svc.dll

13:00:21.0454 1584 dot3svc - ok

13:00:21.0560 1584 DPS (032c90ad677bf7b7a8013d6087c7a921) C:\Windows\system32\dps.dll

13:00:21.0563 1584 DPS - ok

13:00:21.0642 1584 drmkaud (ee472cd2c01f6f8e8aa1fa06ffef61b6) C:\Windows\system32\drivers\drmkaud.sys

13:00:21.0642 1584 drmkaud - ok

13:00:21.0685 1584 DualCoreCenter - ok

13:00:21.0825 1584 DXGKrnl (334988883de69adb27e2cf9f9715bbdb) C:\Windows\System32\drivers\dxgkrnl.sys

13:00:21.0837 1584 DXGKrnl - ok

13:00:21.0868 1584 E1G60 (f88fb26547fd2ce6d0a5af2985892c48) C:\Windows\system32\DRIVERS\E1G60I32.sys

13:00:21.0872 1584 E1G60 - ok

13:00:21.0915 1584 EapHost (90a0a875642e18618010645311b4e89e) C:\Windows\System32\eapsvc.dll

13:00:21.0919 1584 EapHost - ok

13:00:21.0935 1584 Ecache (0efc7531b936ee57fdb4e837664c509f) C:\Windows\system32\drivers\ecache.sys

13:00:21.0938 1584 Ecache - ok

13:00:21.0950 1584 ehoaikia - ok

13:00:22.0017 1584 ehRecvr (b4580122b0a7b263b6ee9acba69c8013) C:\Windows\ehome\ehRecvr.exe

13:00:22.0024 1584 ehRecvr - ok

13:00:22.0067 1584 ehSched (ad1870c8e5d6dd340c829e6074bf3c3f) C:\Windows\ehome\ehsched.exe

13:00:22.0071 1584 ehSched - ok

13:00:22.0095 1584 ehstart (c27c4ee8926e74aa72efcab24c5242c3) C:\Windows\ehome\ehstart.dll

13:00:22.0099 1584 ehstart - ok

13:00:22.0145 1584 elxstor (e8f3f21a71720c84bcf423b80028359f) C:\Windows\system32\drivers\elxstor.sys

13:00:22.0153 1584 elxstor - ok

13:00:22.0231 1584 EMDMgmt (3226fda08988526e819e364e8cce4cee) C:\Windows\system32\emdmgmt.dll

13:00:22.0243 1584 EMDMgmt - ok

13:00:22.0497 1584 EventSystem (7b4971c3d43525175a4ea0d143e0412e) C:\Windows\system32\es.dll

13:00:22.0501 1584 EventSystem - ok

13:00:22.0751 1584 fastfat (84a317cb0b3954d3768cdcd018dbf670) C:\Windows\system32\drivers\fastfat.sys

13:00:22.0888 1584 fastfat - ok

13:00:22.0962 1584 Fax (93f75490b02033df8edf4d7089c7e1d8) C:\Windows\system32\fxssvc.exe

13:00:22.0974 1584 Fax - ok

13:00:23.0001 1584 fdc (63bdada84951b9c03e641800e176898a) C:\Windows\system32\DRIVERS\fdc.sys

13:00:23.0001 1584 fdc - ok

13:00:23.0017 1584 fdPHost (e43bce1a77d6fd4ed5f8e0482b9e7df1) C:\Windows\system32\fdPHost.dll

13:00:23.0017 1584 fdPHost - ok

13:00:23.0032 1584 FDResPub (89ed56dce8e47af40892778a5bd31fd2) C:\Windows\system32\fdrespub.dll

13:00:23.0036 1584 FDResPub - ok

13:00:23.0048 1584 FileInfo (65773d6115c037ffd7ef8280ae85eb9d) C:\Windows\system32\drivers\fileinfo.sys

13:00:23.0052 1584 FileInfo - ok

13:00:23.0075 1584 Filetrace (c226dd0de060745f3e042f58dcf78402) C:\Windows\system32\drivers\filetrace.sys

13:00:23.0079 1584 Filetrace - ok

13:00:23.0091 1584 flpydisk (6603957eff5ec62d25075ea8ac27de68) C:\Windows\system32\DRIVERS\flpydisk.sys

13:00:23.0095 1584 flpydisk - ok

13:00:23.0134 1584 FltMgr (a6a8da7ae4d53394ab22ac3ab6d3f5d3) C:\Windows\system32\drivers\fltmgr.sys

13:00:23.0138 1584 FltMgr - ok

13:00:23.0235 1584 FontCache3.0.0.0 (c9be08664611ddaf98e2331e9288b00b) C:\Windows\Microsoft.Net\Framework\v3.0\WPF\PresentationFontCache.exe

13:00:23.0239 1584 FontCache3.0.0.0 - ok

13:00:23.0329 1584 Fs_Rec (66a078591208baa210c7634b11eb392c) C:\Windows\system32\drivers\Fs_Rec.sys

13:00:23.0333 1584 Fs_Rec - ok

13:00:23.0368 1584 fvevol (06a1cf72fbe3b50035fbff428c8d84b4) C:\Windows\system32\DRIVERS\fvevol.sys

13:00:23.0372 1584 fvevol - ok

13:00:23.0450 1584 gagp30kx (4e1cd0a45c50a8882616cae5bf82f3c5) C:\Windows\system32\drivers\gagp30kx.sys

13:00:23.0454 1584 gagp30kx - ok

13:00:23.0501 1584 GEARAspiWDM (8182ff89c65e4d38b2de4bb0fb18564e) C:\Windows\system32\DRIVERS\GEARAspiWDM.sys

13:00:23.0501 1584 GEARAspiWDM - ok

13:00:23.0517 1584 GMSIPCI - ok

13:00:23.0638 1584 gpsvc (bcf6589c42d8f6a20f33ef133ffe0524) C:\Windows\System32\gpsvc.dll

13:00:23.0653 1584 gpsvc - ok

13:00:23.0712 1584 HDAudBus (5fd053f305b77ebe97f284b20d89dc1c) C:\Windows\system32\drivers\hdaudbus.sys

13:00:23.0712 1584 HDAudBus - ok

13:00:23.0731 1584 HidBth (1338520e78d90154ed6be8f84de5fceb) C:\Windows\system32\drivers\hidbth.sys

13:00:23.0735 1584 HidBth - ok

13:00:23.0759 1584 HidIr (ff3160c3a2445128c5a6d9b076da519e) C:\Windows\system32\drivers\hidir.sys

13:00:23.0763 1584 HidIr - ok

13:00:23.0806 1584 hidserv (8fa640195279ace21bea91396a0054fc) C:\Windows\System32\hidserv.dll

13:00:23.0806 1584 hidserv - ok

13:00:23.0821 1584 HidUsb (3c64042b95e583b366ba4e5d2450235e) C:\Windows\system32\DRIVERS\hidusb.sys

13:00:23.0825 1584 HidUsb - ok

13:00:23.0852 1584 hkmsvc (d40aa05e29bf6ed29b139f044b461e9b) C:\Windows\system32\kmsvc.dll

13:00:23.0856 1584 hkmsvc - ok

13:00:23.0884 1584 HpCISSs (df353b401001246853763c4b7aaa6f50) C:\Windows\system32\drivers\hpcisss.sys

13:00:23.0888 1584 HpCISSs - ok

13:00:23.0950 1584 HTTP (ea24fe637d974a8a31bc650f478e3533) C:\Windows\system32\drivers\HTTP.sys

13:00:23.0958 1584 HTTP - ok

13:00:23.0985 1584 i2omp (324c2152ff2c61abae92d09f3cca4d63) C:\Windows\system32\drivers\i2omp.sys

13:00:23.0989 1584 i2omp - ok

13:00:24.0024 1584 i8042prt (1c9ee072baa3abb460b91d7ee9152660) C:\Windows\system32\DRIVERS\i8042prt.sys

13:00:24.0028 1584 i8042prt - ok

13:00:24.0056 1584 iaStorV (c957bf4b5d80b46c5017bf0101e6c906) C:\Windows\system32\drivers\iastorv.sys

13:00:24.0060 1584 iaStorV - ok

13:00:24.0243 1584 idsvc (7b630acaed64fef0c3e1cf255cb56686) C:\Windows\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe

13:00:24.0259 1584 idsvc - ok

13:00:24.0407 1584 iirsp (2d077bf86e843f901d8db709c95b49a5) C:\Windows\system32\drivers\iirsp.sys

13:00:24.0415 1584 iirsp - ok

13:00:24.0477 1584 IKEEXT (35662fe4d8622f667aa5a5568f7f1b40) C:\Windows\System32\ikeext.dll

13:00:24.0489 1584 IKEEXT - ok

13:00:24.0532 1584 intelide (97469037714070e45194ed318d636401) C:\Windows\system32\drivers\intelide.sys

13:00:24.0532 1584 intelide - ok

13:00:24.0567 1584 intelppm (ce44cc04262f28216dd4341e9e36a16f) C:\Windows\system32\DRIVERS\intelppm.sys

13:00:24.0567 1584 intelppm - ok

13:00:24.0591 1584 IPBusEnum (88cf5281ed9880d74dc9011cf8b5262d) C:\Windows\system32\ipbusenum.dll

13:00:24.0591 1584 IPBusEnum - ok

13:00:24.0622 1584 IpFilterDriver (880c6f86cc3f551b8fea2c11141268c0) C:\Windows\system32\DRIVERS\ipfltdrv.sys

13:00:24.0622 1584 IpFilterDriver - ok

13:00:24.0786 1584 iphlpsvc (ecc9ad72cfc4ab41cf6a9bcc11f9fef6) C:\Windows\System32\iphlpsvc.dll

13:00:24.0790 1584 iphlpsvc - ok

13:00:24.0798 1584 IpInIp - ok

13:00:24.0833 1584 IPMIDRV (40f34f8aba2a015d780e4b09138b6c17) C:\Windows\system32\drivers\ipmidrv.sys

13:00:24.0837 1584 IPMIDRV - ok

13:00:24.0864 1584 IPNAT (10077c35845101548037df04fd1a420b) C:\Windows\system32\DRIVERS\ipnat.sys

13:00:24.0868 1584 IPNAT - ok

13:00:25.0239 1584 iPod Service (f62c69376a95795fe7cdb1c778edaca4) C:\Program Files\iPod\bin\iPodService.exe

13:00:25.0286 1584 iPod Service - ok

13:00:25.0384 1584 iprip (03d54e7bcf9b77ceaf34dc0057420352) C:\Windows\System32\iprip.dll

13:00:25.0384 1584 iprip - ok

13:00:25.0399 1584 IRENUM (a82f328f4792304184642d6d397bb1e3) C:\Windows\system32\drivers\irenum.sys

13:00:25.0403 1584 IRENUM - ok

13:00:25.0450 1584 isapnp (350fca7e73cf65bcef43fae1e4e91293) C:\Windows\system32\drivers\isapnp.sys

13:00:25.0450 1584 isapnp - ok

13:00:25.0497 1584 iScsiPrt (4dca456d4d5723f8fa9c6760d240b0df) C:\Windows\system32\DRIVERS\msiscsi.sys

13:00:25.0497 1584 iScsiPrt - ok

13:00:25.0794 1584 iteatapi (bced60d16156e428f8df8cf27b0df150) C:\Windows\system32\drivers\iteatapi.sys

13:00:25.0810 1584 iteatapi - ok

13:00:25.0880 1584 iteraid (06fa654504a498c30adca8bec4e87e7e) C:\Windows\system32\drivers\iteraid.sys

13:00:25.0884 1584 iteraid - ok

13:00:25.0892 1584 katkrzgd - ok

13:00:25.0966 1584 kbdclass (b076b2ab806b3f696dab21375389101c) C:\Windows\system32\DRIVERS\kbdclass.sys

13:00:25.0966 1584 kbdclass - ok

13:00:25.0985 1584 kbdhid (ed61dbc6603f612b7338283edbacbc4b) C:\Windows\system32\DRIVERS\kbdhid.sys

13:00:25.0985 1584 kbdhid - ok

13:00:26.0028 1584 KeyIso (c731b1fe449d4e9cea358c9d55b69be9) C:\Windows\system32\lsass.exe

13:00:26.0032 1584 KeyIso - ok

13:00:26.0071 1584 KSecDD (0a829977b078dea11641fc2af87ceade) C:\Windows\system32\Drivers\ksecdd.sys

13:00:26.0079 1584 KSecDD - ok

13:00:26.0122 1584 KtmRm (45c537fe5dde9a0146aeff76e615737d) C:\Windows\system32\msdtckrm.dll

13:00:26.0130 1584 KtmRm - ok

13:00:26.0212 1584 LanmanServer (53d1482fc1aa36ac015a85e6cf2146bd) C:\Windows\System32\srvsvc.dll

13:00:26.0216 1584 LanmanServer - ok

13:00:26.0341 1584 LanmanWorkstation (435f0f6dc87a4b5da78f1fa309884189) C:\Windows\System32\wkssvc.dll

13:00:26.0349 1584 LanmanWorkstation - ok

13:00:26.0419 1584 lltdio (fd015b4f95daa2b712f0e372a116fbad) C:\Windows\system32\DRIVERS\lltdio.sys

13:00:26.0423 1584 lltdio - ok

13:00:26.0474 1584 lltdsvc (7450dbcf754391dd6363fffd5ef0e789) C:\Windows\System32\lltdsvc.dll

13:00:26.0477 1584 lltdsvc - ok

13:00:26.0517 1584 lmhosts (35d40113e4a5b961b6ce5c5857702518) C:\Windows\System32\lmhsvc.dll

13:00:26.0520 1584 lmhosts - ok

13:00:26.0559 1584 LSI_FC (a2262fb9f28935e862b4db46438c80d2) C:\Windows\system32\drivers\lsi_fc.sys

13:00:26.0559 1584 LSI_FC - ok

13:00:26.0583 1584 LSI_SAS (30d73327d390f72a62f32c103daf1d6d) C:\Windows\system32\drivers\lsi_sas.sys

13:00:26.0583 1584 LSI_SAS - ok

13:00:26.0606 1584 LSI_SCSI (e1e36fefd45849a95f1ab81de0159fe3) C:\Windows\system32\drivers\lsi_scsi.sys

13:00:26.0606 1584 LSI_SCSI - ok

13:00:26.0634 1584 luafv (42885bb44b6e065b8575a8dd6c430c52) C:\Windows\system32\drivers\luafv.sys

13:00:26.0634 1584 luafv - ok

13:00:27.0599 1584 LVUVC (a240e42a7402e927a71b6e8aa4629b13) C:\Windows\system32\DRIVERS\lvuvc.sys

13:00:27.0755 1584 LVUVC - ok

13:00:27.0981 1584 MBAMProtector (fb097bbc1a18f044bd17bd2fccf97865) C:\Windows\system32\drivers\mbam.sys

13:00:27.0985 1584 MBAMProtector - ok

13:00:28.0091 1584 MBAMService (ba400ed640bca1eae5c727ae17c10207) C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe

13:00:28.0102 1584 MBAMService - ok

13:00:28.0126 1584 Mcx2Svc (e93c1ad58e88a0846eaee10671c2a8f3) C:\Windows\system32\Mcx2Svc.dll

13:00:28.0130 1584 Mcx2Svc - ok

13:00:28.0149 1584 megasas (d153b14fc6598eae8422a2037553adce) C:\Windows\system32\drivers\megasas.sys

13:00:28.0153 1584 megasas - ok

13:00:28.0181 1584 MMCSS (9dfa3a459af0954aa85b4f7622ad87bb) C:\Windows\system32\mmcss.dll

13:00:28.0184 1584 MMCSS - ok

13:00:28.0267 1584 Modem (21755967298a46fb6adfec9db6012211) C:\Windows\system32\drivers\modem.sys

13:00:28.0270 1584 Modem - ok

13:00:28.0309 1584 monitor (7446e104a5fe5987ca9e4983fbac4f97) C:\Windows\system32\DRIVERS\monitor.sys

13:00:28.0313 1584 monitor - ok

13:00:28.0352 1584 mouclass (5fba13c1a1841b0885d316ed3589489d) C:\Windows\system32\DRIVERS\mouclass.sys

13:00:28.0352 1584 mouclass - ok

13:00:28.0376 1584 mouhid (b569b5c5d3bde545df3a6af512cccdba) C:\Windows\system32\DRIVERS\mouhid.sys

13:00:28.0380 1584 mouhid - ok

13:00:28.0438 1584 MountMgr (01f1e5a3e4877c931cbb31613fec16a6) C:\Windows\system32\drivers\mountmgr.sys

13:00:28.0446 1584 MountMgr - ok

13:00:28.0481 1584 mpio (583a41f26278d9e0ea548163d6139397) C:\Windows\system32\drivers\mpio.sys

13:00:28.0481 1584 mpio - ok

13:00:28.0563 1584 mpsdrv (6e7a7f0c1193ee5648443fe2d4b789ec) C:\Windows\system32\drivers\mpsdrv.sys

13:00:28.0567 1584 mpsdrv - ok

13:00:28.0653 1584 MpsSvc (563ed845885c6a7c09a7715d8bd0585c) C:\Windows\system32\mpssvc.dll

13:00:28.0661 1584 MpsSvc - ok

13:00:28.0692 1584 Mraid35x (4fbbb70d30fd20ec51f80061703b001e) C:\Windows\system32\drivers\mraid35x.sys

13:00:28.0692 1584 Mraid35x - ok

13:00:28.0747 1584 MRxDAV (1d8828b98ee309d65e006f0829e280e5) C:\Windows\system32\drivers\mrxdav.sys

13:00:28.0751 1584 MRxDAV - ok

13:00:28.0813 1584 mrxsmb (8af705ce1bb907932157fab821170f27) C:\Windows\system32\DRIVERS\mrxsmb.sys

13:00:28.0817 1584 mrxsmb - ok

13:00:28.0852 1584 mrxsmb10 (47e13ab23371be3279eef22bbfa2c1be) C:\Windows\system32\DRIVERS\mrxsmb10.sys

13:00:28.0856 1584 mrxsmb10 - ok

13:00:28.0891 1584 mrxsmb20 (90b3fc7bd6b3d7ee7635debba2187f66) C:\Windows\system32\DRIVERS\mrxsmb20.sys

13:00:28.0895 1584 mrxsmb20 - ok

13:00:28.0938 1584 msahci (742aed7939e734c36b7e8d6228ce26b7) C:\Windows\system32\drivers\msahci.sys

13:00:28.0938 1584 msahci - ok

13:00:28.0966 1584 msdsm (3fc82a2ae4cc149165a94699183d3028) C:\Windows\system32\drivers\msdsm.sys

13:00:28.0966 1584 msdsm - ok

13:00:29.0005 1584 MSDTC (bc64a92d821efea8bab8e8caf1b668bc) C:\Windows\System32\msdtc.exe

13:00:29.0009 1584 MSDTC - ok

13:00:29.0036 1584 Msfs (729eafefd4e7417165f353a18dbe947d) C:\Windows\system32\drivers\Msfs.sys

13:00:29.0040 1584 Msfs - ok

13:00:29.0067 1584 msisadrv (5f454a16a5146cd91a176d70f0cfa3ec) C:\Windows\system32\drivers\msisadrv.sys

13:00:29.0067 1584 msisadrv - ok

13:00:29.0102 1584 MSiSCSI (8acf956d9154e893e789881430c12632) C:\Windows\system32\iscsiexe.dll

13:00:29.0106 1584 MSiSCSI - ok

13:00:29.0118 1584 msiserver - ok

13:00:29.0141 1584 MSKSSRV (892cedefa7e0ffe7be8da651b651d047) C:\Windows\system32\drivers\MSKSSRV.sys

13:00:29.0141 1584 MSKSSRV - ok

13:00:29.0161 1584 MSPCLOCK (ae2cb1da69b2676b4cee2a501af5871c) C:\Windows\system32\drivers\MSPCLOCK.sys

13:00:29.0161 1584 MSPCLOCK - ok

13:00:29.0184 1584 MSPQM (f910da84fa90c44a3addb7cd874463fd) C:\Windows\system32\drivers\MSPQM.sys

13:00:29.0184 1584 MSPQM - ok

13:00:29.0212 1584 MsRPC (84571c0ae07647ba38d493f5f0015df7) C:\Windows\system32\drivers\MsRPC.sys

13:00:29.0216 1584 MsRPC - ok

13:00:29.0239 1584 mssmbios (4385c80ede885e25492d408cad91bd6f) C:\Windows\system32\DRIVERS\mssmbios.sys

13:00:29.0239 1584 mssmbios - ok

13:00:29.0259 1584 MSTEE (c826dd1373f38afd9ca46ec3c436a14e) C:\Windows\system32\drivers\MSTEE.sys

13:00:29.0266 1584 MSTEE - ok

13:00:29.0294 1584 Mup (fa7aa70050cf5e2d15de00941e5665e5) C:\Windows\system32\Drivers\mup.sys

13:00:29.0298 1584 Mup - ok

13:00:29.0329 1584 napagent (1cdbb5d002fe2bc5300aa20550d8a52e) C:\Windows\system32\qagentRT.dll

13:00:29.0337 1584 napagent - ok

13:00:29.0372 1584 NativeWifiP (6da4a0fc7c0e83df0cb3cfd0a514c3bc) C:\Windows\system32\DRIVERS\nwifi.sys

13:00:29.0376 1584 NativeWifiP - ok

13:00:29.0419 1584 NDIS (227c11e1e7cf6ef8afb2a238d209760c) C:\Windows\system32\drivers\ndis.sys

13:00:29.0427 1584 NDIS - ok

13:00:29.0466 1584 NdisTapi (81659cdcbd0f9a9e07e6878ad8c78d3f) C:\Windows\system32\DRIVERS\ndistapi.sys

13:00:29.0466 1584 NdisTapi - ok

13:00:29.0532 1584 Ndisuio (5de5ee546bf40838ebe0e01cb629df64) C:\Windows\system32\DRIVERS\ndisuio.sys

13:00:29.0532 1584 Ndisuio - ok

13:00:29.0567 1584 NdisWan (397402adcbb8946223a1950101f6cd94) C:\Windows\system32\DRIVERS\ndiswan.sys

13:00:29.0567 1584 NdisWan - ok

13:00:29.0595 1584 NDProxy (1b24fa907af283199a81b3bb37e5e526) C:\Windows\system32\drivers\NDProxy.sys

13:00:29.0599 1584 NDProxy - ok

13:00:29.0673 1584 NetBIOS (356dbb9f98e8dc1028dd3092fceeb877) C:\Windows\system32\DRIVERS\netbios.sys

13:00:29.0677 1584 NetBIOS - ok

13:00:29.0731 1584 netbt (e3a168912e7eefc3bd3b814720d68b41) C:\Windows\system32\DRIVERS\netbt.sys

13:00:29.0739 1584 netbt - ok

13:00:29.0786 1584 Netlogon (c731b1fe449d4e9cea358c9d55b69be9) C:\Windows\system32\lsass.exe

13:00:29.0790 1584 Netlogon - ok

13:00:30.0009 1584 Netman (90a4dae28b94497f83bea0f2a3b77092) C:\Windows\System32\netman.dll

13:00:30.0016 1584 Netman - ok

13:00:30.0224 1584 NetMsmqActivator (0ad5876ef4e9eb77c8f93eb5b2fff386) C:\Windows\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe

13:00:30.0227 1584 NetMsmqActivator - ok

13:00:30.0235 1584 NetPipeActivator (0ad5876ef4e9eb77c8f93eb5b2fff386) C:\Windows\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe

13:00:30.0239 1584 NetPipeActivator - ok

13:00:30.0380 1584 netprofm (7c5c3d9ceee838856b828ab6f98a2857) C:\Windows\System32\netprofm.dll

13:00:30.0391 1584 netprofm - ok

13:00:30.0403 1584 NetTcpActivator (0ad5876ef4e9eb77c8f93eb5b2fff386) C:\Windows\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe

13:00:30.0403 1584 NetTcpActivator - ok

13:00:30.0423 1584 NetTcpPortSharing (0ad5876ef4e9eb77c8f93eb5b2fff386) C:\Windows\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe

13:00:30.0423 1584 NetTcpPortSharing - ok

13:00:30.0501 1584 nfrd960 (2e7fb731d4790a1bc6270accefacb36e) C:\Windows\system32\drivers\nfrd960.sys

13:00:30.0501 1584 nfrd960 - ok

13:00:30.0536 1584 NfsClnt (cecdd49e0779e555e62308e1c00f986a) C:\Windows\system32\nfsclnt.exe

13:00:30.0536 1584 NfsClnt - ok

13:00:30.0571 1584 NfsRdr (237946dee679df0991c4f2d4965c6ddd) C:\Windows\system32\drivers\nfsrdr.sys

13:00:30.0575 1584 NfsRdr - ok

13:00:30.0626 1584 NlaSvc (c424117a562f2de37a42266894c79aeb) C:\Windows\System32\nlasvc.dll

13:00:30.0630 1584 NlaSvc - ok

13:00:30.0665 1584 Npfs (4f9832beb9fafd8ceb0e541f1323b26e) C:\Windows\system32\drivers\Npfs.sys

13:00:30.0665 1584 Npfs - ok

13:00:30.0684 1584 nsi (23b8201a363de0e649fc75ee9874dee2) C:\Windows\system32\nsisvc.dll

13:00:30.0684 1584 nsi - ok

13:00:30.0716 1584 nsiproxy (b488dfec274de1fc9d653870ef2587be) C:\Windows\system32\drivers\nsiproxy.sys

13:00:30.0716 1584 nsiproxy - ok

13:00:30.0724 1584 NTACCESS - ok

13:00:30.0981 1584 Ntfs (37430aa7a66d7a63407adc2c0d05e9f6) C:\Windows\system32\drivers\Ntfs.sys

13:00:30.0993 1584 Ntfs - ok

13:00:31.0138 1584 ntrigdigi (e875c093aec0c978a90f30c9e0dfbb72) C:\Windows\system32\drivers\ntrigdigi.sys

13:00:31.0138 1584 ntrigdigi - ok

13:00:31.0227 1584 NuidFltr (cf7e041663119e09d2e118521ada9300) C:\Windows\system32\DRIVERS\NuidFltr.sys

13:00:31.0227 1584 NuidFltr - ok

13:00:31.0259 1584 Null (ec5efb3c60f1b624648344a328bce596) C:\Windows\system32\drivers\Null.sys

13:00:31.0259 1584 Null - ok

13:00:31.0403 1584 NVENETFD (1657f3fbd9061526c14ff37e79306f98) C:\Windows\system32\DRIVERS\nvm60x32.sys

13:00:31.0411 1584 NVENETFD - ok

13:00:35.0114 1584 nvlddmkm (847b1755f7757f825305a1ffe6dac3e9) C:\Windows\system32\DRIVERS\nvlddmkm.sys

13:00:35.0235 1584 nvlddmkm - ok

13:00:35.0751 1584 nvraid (e69e946f80c1c31c53003bfbf50cbb7c) C:\Windows\system32\drivers\nvraid.sys

13:00:35.0755 1584 nvraid - ok

13:00:35.0876 1584 nvstor (9e0ba19a28c498a6d323d065db76dffc) C:\Windows\system32\drivers\nvstor.sys

13:00:35.0876 1584 nvstor - ok

13:00:36.0079 1584 nvsvc (7c732aff202dcd06c3d262966d71604c) C:\Windows\system32\nvvsvc.exe

13:00:36.0114 1584 nvsvc - ok

13:00:37.0102 1584 nvUpdatusService (262d2fbf211a88dcb84249df0f6ef6e7) C:\Program Files\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe

13:00:37.0161 1584 nvUpdatusService - ok

13:00:37.0852 1584 nv_agp (07c186427eb8fcc3d8d7927187f260f7) C:\Windows\system32\drivers\nv_agp.sys

13:00:37.0856 1584 nv_agp - ok

13:00:37.0872 1584 NwlnkFlt - ok

13:00:37.0915 1584 NwlnkFwd - ok

13:00:37.0950 1584 ohci1394 (be32da025a0be1878f0ee8d6d9386cd5) C:\Windows\system32\DRIVERS\ohci1394.sys

13:00:37.0950 1584 ohci1394 - ok

13:00:38.0430 1584 P17 (f2519d547a6ac2afe0df0dc826a085a7) C:\Windows\system32\drivers\P17.sys

13:00:38.0450 1584 P17 - ok

13:00:38.0532 1584 p2pimsvc (016d01d3b8fb976a193c7434bed8dccf) C:\Windows\system32\p2psvc.dll

13:00:38.0559 1584 p2pimsvc - ok

13:00:38.0575 1584 p2psvc (016d01d3b8fb976a193c7434bed8dccf) C:\Windows\system32\p2psvc.dll

13:00:38.0587 1584 p2psvc - ok

13:00:38.0762 1584 Parport (0fa9b5055484649d63c303fe404e5f4d) C:\Windows\system32\drivers\parport.sys

13:00:38.0766 1584 Parport - ok

13:00:38.0790 1584 partmgr (555a5b2c8022983bc7467bc925b222ee) C:\Windows\system32\drivers\partmgr.sys

13:00:38.0794 1584 partmgr - ok

13:00:38.0903 1584 Parvdm (4f9a6a8a31413180d0fcb279ad5d8112) C:\Windows\system32\drivers\parvdm.sys

13:00:38.0907 1584 Parvdm - ok

13:00:38.0950 1584 PcaSvc (d8c5c215c932233a4f1d7f368f4e4e65) C:\Windows\System32\pcasvc.dll

13:00:38.0954 1584 PcaSvc - ok

13:00:38.0969 1584 pci (1085d75657807e0e8b32f9e19a1647c3) C:\Windows\system32\drivers\pci.sys

13:00:38.0973 1584 pci - ok

13:00:39.0012 1584 pciide (caba65e9c41cd2900d4c92d4f825c5f8) C:\Windows\system32\drivers\pciide.sys

13:00:39.0040 1584 pciide - ok

13:00:39.0083 1584 pcmcia (e6f3fb1b86aa519e7698ad05e58b04e5) C:\Windows\system32\drivers\pcmcia.sys

13:00:39.0087 1584 pcmcia - ok

13:00:39.0149 1584 PEAUTH (6349f6ed9c623b44b52ea3c63c831a92) C:\Windows\system32\drivers\peauth.sys

13:00:39.0165 1584 PEAUTH - ok

13:00:40.0298 1584 pla (cd05a38d166beade18030bafc0c0a939) C:\Windows\system32\pla.dll

13:00:40.0344 1584 pla - ok

13:00:40.0809 1584 PlugPlay (747bb4c31f3b6e8d1b5ed0ad61518cb5) C:\Windows\system32\umpnpmgr.dll

13:00:40.0817 1584 PlugPlay - ok

13:00:41.0262 1584 PNRPAutoReg (016d01d3b8fb976a193c7434bed8dccf) C:\Windows\system32\p2psvc.dll

13:00:41.0270 1584 PNRPAutoReg - ok

13:00:41.0290 1584 PNRPsvc (016d01d3b8fb976a193c7434bed8dccf) C:\Windows\system32\p2psvc.dll

13:00:41.0301 1584 PNRPsvc - ok

13:00:41.0708 1584 PolicyAgent (5ebdec613bd377ce9a85382be5c6b83b) C:\Windows\System32\ipsecsvc.dll

13:00:41.0727 1584 PolicyAgent - ok

13:00:41.0837 1584 PptpMiniport (6c359ac71d7b550a0d41f9db4563ce05) C:\Windows\system32\DRIVERS\raspptp.sys

13:00:41.0841 1584 PptpMiniport - ok

13:00:41.0895 1584 Processor (0e3cef5d28b40cf273281d620c50700a) C:\Windows\system32\drivers\processr.sys

13:00:41.0895 1584 Processor - ok

13:00:41.0934 1584 ProfSvc (213112e152e68f0e4705e36f052a2880) C:\Windows\system32\profsvc.dll

13:00:41.0973 1584 ProfSvc - ok

13:00:42.0051 1584 ProtectedStorage (c731b1fe449d4e9cea358c9d55b69be9) C:\Windows\system32\lsass.exe

13:00:42.0055 1584 ProtectedStorage - ok

13:00:42.0118 1584 PSched (2c8bae55247c4e09352e870292e4d1ab) C:\Windows\system32\DRIVERS\pacer.sys

13:00:42.0122 1584 PSched - ok

13:00:42.0290 1584 ql2300 (ccdac889326317792480c0a67156a1ec) C:\Windows\system32\drivers\ql2300.sys

13:00:42.0301 1584 ql2300 - ok

13:00:42.0337 1584 ql40xx (81a7e5c076e59995d54bc1ed3a16e60b) C:\Windows\system32\drivers\ql40xx.sys

13:00:42.0337 1584 ql40xx - ok

13:00:42.0407 1584 QWAVE (ca61bdfd3713a7ce75f2812afc431594) C:\Windows\system32\qwave.dll

13:00:42.0430 1584 QWAVE - ok

13:00:42.0458 1584 QWAVEdrv (d2b3e2b7426dc23e185fbc73c8936c12) C:\Windows\system32\drivers\qwavedrv.sys

13:00:42.0458 1584 QWAVEdrv - ok

13:00:44.0516 1584 R300 (e642b131fb74caf4bb8a014f31113142) C:\Windows\system32\DRIVERS\atikmdag.sys

13:00:44.0540 1584 R300 - ok

13:00:45.0399 1584 RasAcd (bd7b30f55b3649506dd8b3d38f571d2a) C:\Windows\system32\DRIVERS\rasacd.sys

13:00:45.0399 1584 RasAcd - ok

13:00:45.0442 1584 RasAuto (f14f4aab9f54d099fe99192bdb100ac9) C:\Windows\System32\rasauto.dll

13:00:45.0446 1584 RasAuto - ok

13:00:45.0473 1584 Rasl2tp (88587dd843e2059848995b407b67f6cf) C:\Windows\system32\DRIVERS\rasl2tp.sys

13:00:45.0477 1584 Rasl2tp - ok

13:00:45.0524 1584 RasMan (11d65e29bc9d1e4114d18fe68194394c) C:\Windows\System32\rasmans.dll

13:00:45.0532 1584 RasMan - ok

13:00:45.0555 1584 RasPppoe (ccf4e9c6cbbac81437f88cb2ae0b6c96) C:\Windows\system32\DRIVERS\raspppoe.sys

13:00:45.0555 1584 RasPppoe - ok

13:00:45.0587 1584 rdbss (54129c5d9581bbec8bd1ebd3ba813f47) C:\Windows\system32\DRIVERS\rdbss.sys

13:00:45.0594 1584 rdbss - ok

13:00:45.0626 1584 RDPCDD (794585276b5d7fca9f3fc15543f9f0b9) C:\Windows\system32\DRIVERS\RDPCDD.sys

13:00:45.0630 1584 RDPCDD - ok

13:00:45.0688 1584 rdpdr (e8bd98d46f2ed77132ba927fccb47d8b) C:\Windows\system32\DRIVERS\rdpdr.sys

13:00:45.0692 1584 rdpdr - ok

13:00:45.0708 1584 RDPENCDD (980b56e2e273e19d3a9d72d5c420f008) C:\Windows\system32\drivers\rdpencdd.sys

13:00:45.0712 1584 RDPENCDD - ok

13:00:45.0743 1584 RDPWD (8830e790a74a96605faba74f9665bb3c) C:\Windows\system32\drivers\RDPWD.sys

13:00:45.0743 1584 RDPWD - ok

13:00:45.0774 1584 RemoteAccess (6c1a43c589ee8011a1ebfd51c01b77ce) C:\Windows\System32\mprdim.dll

13:00:45.0782 1584 RemoteAccess - ok

13:00:45.0801 1584 RemoteRegistry (9a043808667c8c1893da7275af373f0e) C:\Windows\system32\regsvc.dll

13:00:45.0805 1584 RemoteRegistry - ok

13:00:45.0829 1584 RpcLocator (5123f83cbc4349d065534eeb6bbdc42b) C:\Windows\system32\locator.exe

13:00:45.0833 1584 RpcLocator - ok

13:00:45.0985 1584 RpcSs (7b981222a257d076885bffb66f19b7ce) C:\Windows\system32\rpcss.dll

13:00:45.0997 1584 RpcSs - ok

13:00:46.0208 1584 RpcXdr (a20b57599e08205a2270bdc2e8f15e6e) C:\Windows\system32\drivers\rpcxdr.sys

13:00:46.0212 1584 RpcXdr - ok

13:00:46.0270 1584 rspndr (97e939d2128fec5d5a3e6e79b290a2f4) C:\Windows\system32\DRIVERS\rspndr.sys

13:00:46.0274 1584 rspndr - ok

13:00:46.0380 1584 RT73 (7436bfd3a542cf6ff55097200031b293) C:\Windows\system32\DRIVERS\rt73.sys

13:00:46.0387 1584 RT73 - ok

13:00:46.0434 1584 SamSs (c731b1fe449d4e9cea358c9d55b69be9) C:\Windows\system32\lsass.exe

13:00:46.0438 1584 SamSs - ok

13:00:46.0465 1584 sbp2port (3ce8f073a557e172b330109436984e30) C:\Windows\system32\drivers\sbp2port.sys

13:00:46.0469 1584 sbp2port - ok

13:00:46.0626 1584 SBSDWSCService (794d4b48dfb6e999537c7c3947863463) C:\Program Files\Spybot - Search & Destroy\SDWinSec.exe

13:00:46.0641 1584 SBSDWSCService - ok

13:00:46.0680 1584 SCardSvr (565b4b9e5ad2f2f18a4f8aafa6c06bbb) C:\Windows\System32\SCardSvr.dll

13:00:46.0688 1584 SCardSvr - ok

13:00:46.0778 1584 Schedule (886cec884b5be29ab9828b8ab46b11f7) C:\Windows\system32\schedsvc.dll

13:00:46.0786 1584 Schedule - ok

13:00:46.0903 1584 SCPolicySvc (0600e04315fe543802a379d5d23c8be0) C:\Windows\System32\certprop.dll

13:00:46.0903 1584 SCPolicySvc - ok

13:00:47.0012 1584 SDRSVC (f7b6bf02240d0a764adf8c8966735552) C:\Windows\System32\SDRSVC.dll

13:00:47.0020 1584 SDRSVC - ok

13:00:47.0106 1584 secdrv (90a3935d05b494a5a39d37e71f09a677) C:\Windows\system32\drivers\secdrv.sys

13:00:47.0110 1584 secdrv - ok

13:00:47.0161 1584 seclogon (8388c4133ddbe62ad7bc3ec9f14271ed) C:\Windows\system32\seclogon.dll

13:00:47.0161 1584 seclogon - ok

13:00:47.0196 1584 SENS (34350ae2c1d33d21c7305f861bd8dad8) C:\Windows\system32\sens.dll

13:00:47.0200 1584 SENS - ok

13:00:48.0090 1584 Serenum (68e44e331d46f0fb38f0863a84cd1a31) C:\Windows\system32\drivers\serenum.sys

13:00:48.0090 1584 Serenum - ok

13:00:48.0149 1584 Serial (c70d69a918b178d3c3b06339b40c2e1b) C:\Windows\system32\drivers\serial.sys

13:00:48.0153 1584 Serial - ok

13:00:48.0176 1584 sermouse (450accd77ec5cea720c1cdb9e26b953b) C:\Windows\system32\drivers\sermouse.sys

13:00:48.0176 1584 sermouse - ok

13:00:48.0305 1584 SessionEnv (78878235da4df0d116e86837a0a21df8) C:\Windows\system32\sessenv.dll

13:00:48.0309 1584 SessionEnv - ok

13:00:48.0325 1584 SetupNTGLM7X - ok

13:00:48.0399 1584 sfdrv01 (b659e4af7534e3516ddc0b820db8f910) C:\Windows\system32\drivers\sfdrv01.sys

13:00:48.0403 1584 sfdrv01 - ok

13:00:48.0434 1584 sffdisk (103b79418da647736ee95645f305f68a) C:\Windows\system32\drivers\sffdisk.sys

13:00:48.0438 1584 sffdisk - ok

13:00:48.0520 1584 sffp_mmc (8fd08a310645fe872eeec6e08c6bf3ee) C:\Windows\system32\drivers\sffp_mmc.sys

13:00:48.0520 1584 sffp_mmc - ok

13:00:48.0649 1584 sffp_sd (9cfa05fcfcb7124e69cfc812b72f9614) C:\Windows\system32\drivers\sffp_sd.sys

13:00:48.0653 1584 sffp_sd - ok

13:00:48.0688 1584 sfhlp02 (64b9ab76f1b16eb059cb6cdd906c067a) C:\Windows\system32\drivers\sfhlp02.sys

13:00:48.0692 1584 sfhlp02 - ok

13:00:48.0751 1584 sfloppy (46ed8e91793b2e6f848015445a0ac188) C:\Windows\system32\drivers\sfloppy.sys

13:00:48.0751 1584 sfloppy - ok

13:00:48.0805 1584 sfsync02 (3fcb3fe43737b0ef6fe759fc0b886a69) C:\Windows\system32\drivers\sfsync02.sys

13:00:48.0805 1584 sfsync02 - ok

13:00:49.0278 1584 SharedAccess (9a82bf4c90b00a63150a606a1e2fd82b) C:\Windows\System32\ipnathlp.dll

13:00:49.0286 1584 SharedAccess - ok

13:00:49.0606 1584 ShellHWDetection (b264dfa21677728613267fe63802b332) C:\Windows\System32\shsvcs.dll

13:00:49.0610 1584 ShellHWDetection - ok

13:00:49.0747 1584 simptcp (e3181367c11a1e44dde621991e319c9c) C:\Windows\System32\tcpsvcs.exe

13:00:49.0751 1584 simptcp - ok

13:00:49.0872 1584 sisagp (d2a595d6eebeeaf4334f8e50efbc9931) C:\Windows\system32\drivers\sisagp.sys

13:00:49.0872 1584 sisagp - ok

13:00:49.0934 1584 SiSRaid2 (cedd6f4e7d84e9f98b34b3fe988373aa) C:\Windows\system32\drivers\sisraid2.sys

13:00:49.0934 1584 SiSRaid2 - ok

13:00:49.0977 1584 SiSRaid4 (df843c528c4f69d12ce41ce462e973a7) C:\Windows\system32\drivers\sisraid4.sys

13:00:49.0981 1584 SiSRaid4 - ok

13:00:50.0567 1584 slsvc (a1dcd30534835cb67733ad00175125a6) C:\Windows\system32\SLsvc.exe

13:00:50.0641 1584 slsvc - ok

13:00:51.0294 1584 SLUINotify (56da296e7b376a727e7bdc5ac7fbee02) C:\Windows\system32\SLUINotify.dll

13:00:51.0301 1584 SLUINotify - ok

13:00:51.0587 1584 Smb (ac0d90738adb51a6fd12ff00874a2162) C:\Windows\system32\DRIVERS\smb.sys

13:00:51.0590 1584 Smb - ok

13:00:51.0657 1584 SNMPTRAP (2a146a055b4401c16ee62d18b8e2a032) C:\Windows\System32\snmptrap.exe

13:00:51.0661 1584 SNMPTRAP - ok

13:00:51.0700 1584 spldr (426f9b029aa9162ceccf65369457d046) C:\Windows\system32\drivers\spldr.sys

13:00:51.0704 1584 spldr - ok

13:00:51.0946 1584 Spooler (da612ef2556776df2630b68bf2d48935) C:\Windows\System32\spoolsv.exe

13:00:51.0950 1584 Spooler - ok

13:00:52.0270 1584 sptd (71e276f6d189413266ea22171806597b) C:\Windows\system32\Drivers\sptd.sys

13:00:52.0270 1584 Suspicious file (NoAccess): C:\Windows\system32\Drivers\sptd.sys. md5: 71e276f6d189413266ea22171806597b

13:00:52.0274 1584 sptd ( LockedFile.Multi.Generic ) - warning

13:00:52.0274 1584 sptd - detected LockedFile.Multi.Generic (1)

13:00:52.0434 1584 srv (038579c35f7cad4a4bbf735dbf83277d) C:\Windows\system32\DRIVERS\srv.sys

13:00:52.0458 1584 srv - ok

13:00:52.0520 1584 srv2 (6971a757af8cb5e2cbcbb76cc530db6c) C:\Windows\system32\DRIVERS\srv2.sys

13:00:52.0524 1584 srv2 - ok

13:00:52.0641 1584 srvnet (9e1a4603b874eebce0298113951abefb) C:\Windows\system32\DRIVERS\srvnet.sys

13:00:52.0645 1584 srvnet - ok

13:00:52.0700 1584 sscdbus (d5dffeaa1e15d4effabb9d9a3068ac5b) C:\Windows\system32\DRIVERS\sscdbus.sys

13:00:52.0704 1584 sscdbus - ok

13:00:52.0766 1584 SSDPSRV (8d3e4baff8b3997138c38eb1b600519a) C:\Windows\System32\ssdpsrv.dll

13:00:52.0770 1584 SSDPSRV - ok

13:00:52.0856 1584 Steam Client Service - ok

13:00:53.0192 1584 stisvc (a941e099ef46e3cc12f898cbe1c39910) C:\Windows\System32\wiaservc.dll

13:00:53.0200 1584 stisvc - ok

13:00:53.0274 1584 swenum (1379bdb336f8158c176a465e30759f57) C:\Windows\system32\DRIVERS\swenum.sys

13:00:53.0278 1584 swenum - ok

13:00:53.0360 1584 swprv (749ada8d6c18a08adfede69cbf5db2e0) C:\Windows\System32\swprv.dll

13:00:53.0364 1584 swprv - ok

13:00:53.0442 1584 Symc8xx (192aa3ac01df071b541094f251deed10) C:\Windows\system32\drivers\symc8xx.sys

13:00:53.0442 1584 Symc8xx - ok

13:00:53.0520 1584 Sym_hi (8c8eb8c76736ebaf3b13b633b2e64125) C:\Windows\system32\drivers\sym_hi.sys

13:00:53.0524 1584 Sym_hi - ok

13:00:53.0547 1584 Sym_u3 (8072af52b5fd103bbba387a1e49f62cb) C:\Windows\system32\drivers\sym_u3.sys

13:00:53.0551 1584 Sym_u3 - ok

13:00:54.0309 1584 SysMain (8f2b5fede18bd3c4c926cbf88e6f1264) C:\Windows\system32\sysmain.dll

13:00:54.0352 1584 SysMain - ok

13:00:54.0536 1584 TabletInputService (2dca225eae15f42c0933e998ee0231c3) C:\Windows\System32\TabSvc.dll

13:00:54.0551 1584 TabletInputService - ok

13:00:54.0598 1584 TapiSrv (ef3dd33c740fc2f82e7e4622f1c49289) C:\Windows\System32\tapisrv.dll

13:00:54.0602 1584 TapiSrv - ok

13:00:54.0903 1584 TBS (68fa52794ae9acc61bde16fe0956b414) C:\Windows\System32\tbssvc.dll

13:00:54.0911 1584 TBS - ok

13:00:55.0215 1584 Tcpip (4a82fa8f0df67aa354580c3faaf8bde3) C:\Windows\system32\drivers\tcpip.sys

13:00:55.0223 1584 Tcpip - ok

13:00:55.0274 1584 Tcpip6 (4a82fa8f0df67aa354580c3faaf8bde3) C:\Windows\system32\DRIVERS\tcpip.sys

13:00:55.0286 1584 Tcpip6 - ok

13:00:55.0364 1584 tcpipreg (5ce0c4a7b12d0067dad527d72b68c726) C:\Windows\system32\drivers\tcpipreg.sys

13:00:55.0364 1584 tcpipreg - ok

13:00:55.0430 1584 TDPIPE (964248aef49c31fa6a93201a73ffaf50) C:\Windows\system32\drivers\tdpipe.sys

13:00:55.0430 1584 TDPIPE - ok

13:00:55.0438 1584 TDTCP (7d2c1ae1648a60fce4aa0f7982e419d3) C:\Windows\system32\drivers\tdtcp.sys

13:00:55.0442 1584 TDTCP - ok

13:00:55.0485 1584 tdx (ab4fde8af4a0270a46a001c08cbce1c2) C:\Windows\system32\DRIVERS\tdx.sys

13:00:55.0485 1584 tdx - ok

13:00:55.0571 1584 TermDD (0de31723082f9b177beab9ca33365016) C:\Windows\system32\DRIVERS\termdd.sys

13:00:55.0575 1584 TermDD - ok

13:00:55.0719 1584 TermService (fad71c1e8e4047b154e899ae31eb8caa) C:\Windows\System32\termsrv.dll

13:00:55.0727 1584 TermService - ok

13:00:55.0997 1584 Themes (b264dfa21677728613267fe63802b332) C:\Windows\system32\shsvcs.dll

13:00:56.0001 1584 Themes - ok

13:00:56.0051 1584 THREADORDER (9dfa3a459af0954aa85b4f7622ad87bb) C:\Windows\system32\mmcss.dll

13:00:56.0055 1584 THREADORDER - ok

13:00:56.0126 1584 tifsfilter (b0b3122bff3910e0ba97014045467778) C:\Windows\system32\DRIVERS\tifsfilt.sys

13:00:56.0126 1584 tifsfilter - ok

13:00:56.0286 1584 timounter (13bfe330880ac0ce8672d00aa5aff738) C:\Windows\system32\DRIVERS\timntr.sys

13:00:56.0309 1584 timounter - ok

13:00:56.0340 1584 TlntSvr (18720b71393ad23954d69a361e500f47) C:\Windows\System32\tlntsvr.exe

13:00:56.0348 1584 TlntSvr - ok

13:00:56.0379 1584 TrkWks (6bba0582c0025d43729a1112d3b57897) C:\Windows\System32\trkwks.dll

13:00:56.0383 1584 TrkWks - ok

13:00:56.0442 1584 TrustedInstaller (34e388a395fedba1d0511ed39bbf4074) C:\Windows\servicing\TrustedInstaller.exe

13:00:56.0442 1584 TrustedInstaller - ok

13:00:56.0512 1584 tssecsrv (29f0eca726f0d51f7e048bdb0b372f29) C:\Windows\system32\DRIVERS\tssecsrv.sys

13:00:56.0516 1584 tssecsrv - ok

13:00:56.0598 1584 tunmp (65e953bc0084d44498b51f59784d2a82) C:\Windows\system32\DRIVERS\tunmp.sys

13:00:56.0598 1584 tunmp - ok

13:00:56.0641 1584 tunnel (4a39bda5e0fd30bdf4884f9d33ae6105) C:\Windows\system32\DRIVERS\tunnel.sys

13:00:56.0641 1584 tunnel - ok

13:00:56.0696 1584 uagp35 (c3ade15414120033a36c0f293d4a4121) C:\Windows\system32\drivers\uagp35.sys

13:00:56.0700 1584 uagp35 - ok

13:00:56.0922 1584 udfs (6348da98707ceda8a0dfb05820e17732) C:\Windows\system32\DRIVERS\udfs.sys

13:00:56.0946 1584 udfs - ok

13:00:57.0024 1584 UI0Detect (24a333f4f14dcfb6ff6d5a1b9e5d79dd) C:\Windows\system32\UI0Detect.exe

13:00:57.0028 1584 UI0Detect - ok

13:00:57.0086 1584 uliagpkx (75e6890ebfce0841d3291b02e7a8bdb0) C:\Windows\system32\drivers\uliagpkx.sys

13:00:57.0086 1584 uliagpkx - ok

13:00:57.0141 1584 uliahci (3cd4ea35a6221b85dcc25daa46313f8d) C:\Windows\system32\drivers\uliahci.sys

13:00:57.0149 1584 uliahci - ok

13:00:57.0243 1584 UlSata (8514d0e5cd0534467c5fc61be94a569f) C:\Windows\system32\drivers\ulsata.sys

13:00:57.0243 1584 UlSata - ok

13:00:57.0317 1584 ulsata2 (38c3c6e62b157a6bc46594fada45c62b) C:\Windows\system32\drivers\ulsata2.sys

13:00:57.0321 1584 ulsata2 - ok

13:00:57.0387 1584 umbus (3fb78f1d1dd86d87bececd9dffa24dd9) C:\Windows\system32\DRIVERS\umbus.sys

13:00:57.0387 1584 umbus - ok

13:00:57.0559 1584 UmRdpService (cfbb746c889b9223d2ac268cf283a93e) C:\Windows\System32\umrdp.dll

13:00:57.0567 1584 UmRdpService - ok

13:00:57.0653 1584 upnphost (8eb871a3deb6b3d5a85eb6ddfc390b59) C:\Windows\System32\upnphost.dll

13:00:57.0661 1584 upnphost - ok

13:00:57.0797 1584 usbaudio (f6bf998ae33e3fb6c7d27f0560f1173f) C:\Windows\system32\drivers\usbaudio.sys

13:00:57.0801 1584 usbaudio - ok

13:00:57.0887 1584 usbccgp (b0ba9caffe9b0555ec0317f30cb79cd2) C:\Windows\system32\DRIVERS\usbccgp.sys

13:00:57.0887 1584 usbccgp - ok

13:00:57.0911 1584 USBCCID (68ab390b18a743aab32c669167aa6a61) C:\Windows\system32\DRIVERS\usbccid.sys

13:00:57.0911 1584 USBCCID - ok

13:00:57.0965 1584 usbcir (e9476e6c486e76bc4898074768fb7131) C:\Windows\system32\drivers\usbcir.sys

13:00:57.0969 1584 usbcir - ok

13:00:58.0016 1584 usbehci (c9fcd05b0a80ea08c2768e5a279b14de) C:\Windows\system32\DRIVERS\usbehci.sys

13:00:58.0020 1584 usbehci - ok

13:00:58.0118 1584 usbhub (5e44f7d957f7560da06bfe6b84b58a35) C:\Windows\system32\DRIVERS\usbhub.sys

13:00:58.0125 1584 usbhub - ok

13:00:58.0176 1584 usbohci (9333e482a173938788cbde8f81ec52fb) C:\Windows\system32\DRIVERS\usbohci.sys

13:00:58.0176 1584 usbohci - ok

13:00:58.0297 1584 USBPNPA (41b758cff0a3c10a69e088f440677399) C:\Windows\system32\drivers\CM108.sys

13:00:58.0317 1584 USBPNPA - ok

13:00:58.0352 1584 usbprint (b51e52acf758be00ef3a58ea452fe360) C:\Windows\system32\DRIVERS\usbprint.sys

13:00:58.0352 1584 usbprint - ok

13:00:58.0407 1584 USBSTOR (7887ce56934e7f104e98c975f47353c5) C:\Windows\system32\DRIVERS\USBSTOR.SYS

13:00:58.0407 1584 USBSTOR - ok

13:00:58.0422 1584 usbuhci (325dbbacb8a36af9988ccf40eac228cc) C:\Windows\system32\DRIVERS\usbuhci.sys

13:00:58.0426 1584 usbuhci - ok

13:00:58.0485 1584 usbvideo (0a6b81f01bc86399482e27e6fda7b33b) C:\Windows\system32\Drivers\usbvideo.sys

13:00:58.0489 1584 usbvideo - ok

13:00:58.0536 1584 UxSms (f79d0d7c9004474cb42746d9b2c30a2b) C:\Windows\System32\uxsms.dll

13:00:58.0540 1584 UxSms - ok

13:00:58.0965 1584 vds (c9d0bafee0d0a2681f048ca61bc0da96) C:\Windows\System32\vds.exe

13:00:58.0997 1584 vds - ok

13:00:59.0047 1584 vga (7d92be0028ecdedec74617009084b5ef) C:\Windows\system32\DRIVERS\vgapnp.sys

13:00:59.0051 1584 vga - ok

13:00:59.0083 1584 VgaSave (17a8f877314e4067f8c8172cc6d9101c) C:\Windows\System32\drivers\vga.sys

13:00:59.0083 1584 VgaSave - ok

13:00:59.0102 1584 viaagp (045d9961e591cf0674a920b6ba3ba5cb) C:\Windows\system32\drivers\viaagp.sys

13:00:59.0102 1584 viaagp - ok

13:00:59.0118 1584 ViaC7 (56a4de5f02f2e88182b0981119b4dd98) C:\Windows\system32\drivers\viac7.sys

13:00:59.0122 1584 ViaC7 - ok

13:00:59.0133 1584 viaide (fd2e3175fcada350c7ab4521dca187ec) C:\Windows\system32\drivers\viaide.sys

13:00:59.0133 1584 viaide - ok

13:00:59.0153 1584 volmgr (103e84c95832d0ed93507997cc7b54e8) C:\Windows\system32\drivers\volmgr.sys

13:00:59.0157 1584 volmgr - ok

13:00:59.0184 1584 volmgrx (294da8d3f965f6a8db934a83c7b461ff) C:\Windows\system32\drivers\volmgrx.sys

13:00:59.0192 1584 volmgrx - ok

13:00:59.0235 1584 volsnap (80dc0c9bcb579ed9815001a4d37cbfd5) C:\Windows\system32\drivers\volsnap.sys

13:00:59.0243 1584 volsnap - ok

13:00:59.0286 1584 vsmraid (d984439746d42b30fc65a4c3546c6829) C:\Windows\system32\drivers\vsmraid.sys

13:00:59.0286 1584 vsmraid - ok

13:00:59.0747 1584 VSS (e0e29d9ef2524abd11749c7c2fd7f607) C:\Windows\system32\vssvc.exe

13:00:59.0887 1584 VSS - ok

13:00:59.0954 1584 W32Time (62b0d0f6f5580d9d0dfa5e0b466ff2ed) C:\Windows\system32\w32time.dll

13:00:59.0958 1584 W32Time - ok

13:01:00.0129 1584 WacomPen (48dfee8f1af7c8235d4e626f0c4fe031) C:\Windows\system32\drivers\wacompen.sys

13:01:00.0133 1584 WacomPen - ok

13:01:00.0329 1584 Wanarp (6798c1209a53b5a0ded8d437c45145ff) C:\Windows\system32\DRIVERS\wanarp.sys

13:01:00.0329 1584 Wanarp - ok

13:01:00.0336 1584 Wanarpv6 (6798c1209a53b5a0ded8d437c45145ff) C:\Windows\system32\DRIVERS\wanarp.sys

13:01:00.0340 1584 Wanarpv6 - ok

13:01:00.0422 1584 WAS (c797ba5f4300e1c62f3663a40755aced) C:\Windows\system32\inetsrv\iisw3adm.dll

13:01:00.0430 1584 WAS - ok

13:01:00.0528 1584 wbengine (6d2f099d4ce88777e46cb1808c87b132) C:\Windows\system32\wbengine.exe

13:01:00.0571 1584 wbengine - ok

13:01:00.0719 1584 wcncsvc (c1b19162e0509ceab4cdf664e139d956) C:\Windows\System32\wcncsvc.dll

13:01:00.0829 1584 wcncsvc - ok

13:01:00.0872 1584 WcsPlugInService (11bcb7afcdd7aadacb5746f544d3a9c7) C:\Windows\System32\WcsPlugInService.dll

13:01:00.0875 1584 WcsPlugInService - ok

13:01:00.0922 1584 Wd (afc5ad65b991c1e205cf25cfdbf7a6f4) C:\Windows\system32\drivers\wd.sys

13:01:00.0922 1584 Wd - ok

13:01:01.0024 1584 Wdf01000 (7b5f66e4a2219c7d9daf9e738480e534) C:\Windows\system32\drivers\Wdf01000.sys

13:01:01.0067 1584 Wdf01000 - ok

13:01:01.0118 1584 WdiServiceHost (2a424b89b14ef17a3d06bcb5a8f79601) C:\Windows\system32\wdi.dll

13:01:01.0122 1584 WdiServiceHost - ok

13:01:01.0129 1584 WdiSystemHost (2a424b89b14ef17a3d06bcb5a8f79601) C:\Windows\system32\wdi.dll

13:01:01.0137 1584 WdiSystemHost - ok

13:01:01.0204 1584 WebClient (01e41c264eedcb827820a1909162579f) C:\Windows\System32\webclnt.dll

13:01:01.0207 1584 WebClient - ok

13:01:01.0247 1584 Wecsvc (9cf67ff7f8d34cbf115d0c278b9f74aa) C:\Windows\system32\wecsvc.dll

13:01:01.0305 1584 Wecsvc - ok

13:01:01.0340 1584 wercplsupport (b68cab45db1dab59d92acadfad6364a8) C:\Windows\System32\wercplsupport.dll

13:01:01.0344 1584 wercplsupport - ok

13:01:01.0387 1584 WerSvc (36ba0707680ef4236fd752bee982cc25) C:\Windows\System32\WerSvc.dll

13:01:01.0395 1584 WerSvc - ok

13:01:01.0415 1584 WG111T - ok

13:01:01.0805 1584 WinDefend (0d5ad0e71ff5ddac5dd2f443b499abd0) C:\Program Files\Windows Defender\mpsvc.dll

13:01:01.0836 1584 WinDefend - ok

13:01:01.0852 1584 WinHttpAutoProxySvc - ok

13:01:02.0266 1584 Winmgmt (38a7b89de4e3417c122317949667fdd8) C:\Windows\system32\wbem\WMIsvc.dll

13:01:02.0270 1584 Winmgmt - ok

13:01:02.0676 1584 WinRM (3f6823040030c3e4da1cf11cd40b7534) C:\Windows\system32\WsmSvc.dll

13:01:02.0735 1584 WinRM - ok

13:01:02.0852 1584 Wlansvc (7640acea41348bfef34b76e245501261) C:\Windows\System32\wlansvc.dll

13:01:02.0879 1584 Wlansvc - ok

13:01:03.0649 1584 wlidsvc (5144ae67d60ec653f97ddf3feed29e77) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE

13:01:03.0692 1584 wlidsvc - ok

13:01:04.0739 1584 WmiAcpi (701a9f884a294327e9141d73746ee279) C:\Windows\system32\drivers\wmiacpi.sys

13:01:04.0739 1584 WmiAcpi - ok

13:01:04.0817 1584 wmiApSrv (a279323bee5fffafda222910bce92132) C:\Windows\system32\wbem\WmiApSrv.exe

13:01:04.0821 1584 wmiApSrv - ok

13:01:05.0536 1584 WMPNetworkSvc (acb2e63d50157e3ea7140f29d9e76a48) C:\Program Files\Windows Media Player\wmpnetwk.exe

13:01:05.0551 1584 WMPNetworkSvc - ok

13:01:05.0676 1584 WPCSvc (3d3b3b80c12abe506f56930c46422c28) C:\Windows\System32\wpcsvc.dll

13:01:05.0680 1584 WPCSvc - ok

13:01:05.0965 1584 WPDBusEnum (c24844a1d0d9528b19d5bc266b8cd572) C:\Windows\system32\wpdbusenum.dll

13:01:05.0977 1584 WPDBusEnum - ok

13:01:06.0079 1584 WpdUsb (2d27171b16a577ef14c1273668753485) C:\Windows\system32\DRIVERS\wpdusb.sys

13:01:06.0079 1584 WpdUsb - ok

13:01:06.0129 1584 ws2ifsl (84620aecdcfd2a7a14e6263927d8c0ed) C:\Windows\system32\drivers\ws2ifsl.sys

13:01:06.0129 1584 ws2ifsl - ok

13:01:06.0446 1584 wscsvc (f97cbb919af6d0a6643d1a59c15014d1) C:\Windows\system32\wscsvc.dll

13:01:06.0450 1584 wscsvc - ok

13:01:06.0461 1584 WSearch - ok

13:01:06.0957 1584 wuauserv (6298277b73c77fa99106b271a7525163) C:\Windows\system32\wuaueng.dll

13:01:07.0004 1584 wuauserv - ok

13:01:07.0461 1584 WUDFRd (a2aafcc8a204736296d937c7c545b53f) C:\Windows\system32\DRIVERS\WUDFRd.sys

13:01:07.0461 1584 WUDFRd - ok

13:01:07.0637 1584 wudfsvc (db5bf5aab72b1b99b5331231d09ebb26) C:\Windows\System32\WUDFSvc.dll

13:01:07.0645 1584 wudfsvc - ok

13:01:07.0657 1584 zchtfzvv - ok

13:01:07.0715 1584 MBR (0x1B8) (8f558eb6672622401da993e1e865c861) \Device\Harddisk0\DR0

13:01:07.0903 1584 \Device\Harddisk0\DR0 - ok

13:01:07.0930 1584 MBR (0x1B8) (8f558eb6672622401da993e1e865c861) \Device\Harddisk1\DR1

13:01:08.0707 1584 \Device\Harddisk1\DR1 - ok

13:01:08.0715 1584 MBR (0x1B8) (5fb38429d5d77768867c76dcbdb35194) \Device\Harddisk2\DR2

13:01:08.0735 1584 \Device\Harddisk2\DR2 - ok

13:01:08.0746 1584 Boot (0x1200) (254cf9751bc918afacfd12854f9c3ae2) \Device\Harddisk0\DR0\Partition0

13:01:08.0750 1584 \Device\Harddisk0\DR0\Partition0 - ok

13:01:08.0782 1584 Boot (0x1200) (f877bf7de6a56bb348643c6bdbd191f0) \Device\Harddisk1\DR1\Partition0

13:01:08.0848 1584 \Device\Harddisk1\DR1\Partition0 - ok

13:01:08.0856 1584 Boot (0x1200) (ec32dd878858ca703d0f86f050a7a619) \Device\Harddisk2\DR2\Partition0

13:01:08.0856 1584 \Device\Harddisk2\DR2\Partition0 - ok

13:01:08.0860 1584 ============================================================

13:01:08.0860 1584 Scan finished

13:01:08.0860 1584 ============================================================

13:01:08.0891 3624 Detected object count: 1

13:01:08.0891 3624 Actual detected object count: 1

13:01:18.0723 3624 C:\Windows\system32\Drivers\sptd.sys - copied to quarantine

13:01:18.0727 3624 sptd ( LockedFile.Multi.Generic ) - User select action: Quarantine

13:01:27.0992 2032 Deinitialize success

I believe that constitutes all quiet on the western front, what do you think?

[D-FRED-BROWN]

I believe that constitutes all quiet on the western front, what do you think?

Your logs are looking good, but let's run an online scan to verify that there's no traces left that we may have missed :

Please run a free online scan with the ESET Online Scanner

Note: You will need to use Internet Explorer for this scan.

1. Tick the box next to YES, I accept the Terms of Use.
   
2. Click Start
   
3. When asked, allow the ActiveX control to install
   
4. Click Start
   
5. Make sure that the options Remove found threats is Unchecked and the option Scan unwanted applications is checked
   
6. Click Scan
   Wait for the scan to finish
   
7. Use Notepad to open the logfile located at C:\Program Files\EsetOnlineScanner\log.txt
   
8. Copy and paste that log as a reply to this topic
   

Please post that log in your next reply, and let me know how things go .

[BlackenBlue]

Hello again, finished the scan, it found 10 issues most of which it seems are in quarantine.

ESETSmartInstaller@High as CAB hook log:

OnlineScanner.ocx - registred OK

# version=7

# iexplore.exe=7.00.6000.16386 (vista_rtm.061101-2205)

# OnlineScanner.ocx=1.0.0.6583

# api_version=3.0.2

# EOSSerial=4a51f8b896a0194cac9fff1372166688

# end=finished

# remove_checked=false

# archives_checked=false

# unwanted_checked=true

# unsafe_checked=false

# antistealth_checked=true

# utc_time=2012-05-26 12:44:11

# local_time=2012-05-25 07:44:11 (-0600, Central Daylight Time)

# country="United States"

# lang=1033

# osver=6.0.6000 NT

# compatibility_mode=crash

# scanned=315250

# found=10

# cleaned=0

# scan_time=6504

C:\System Volume Information\SystemRestore\FRStaging\Windows\$NtUninstallKB17535$\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\RLN5MUVM\hotelsaleprices_biz[1].htm HTML/Iframe.B.Gen virus (unable to clean) 00000000000000000000000000000000 I

C:\TDSSKiller_Quarantine\25.05.2012_00.34.54\rtkt0000\svc0000\tsk0000.dta a variant of Win32/Rootkit.Kryptik.HJ trojan (unable to clean) 00000000000000000000000000000000 I

C:\TDSSKiller_Quarantine\25.05.2012_00.34.54\rtkt0000\zafs0000\tsk0003.dta Win32/Sirefef.DN trojan (unable to clean) 00000000000000000000000000000000 I

C:\TDSSKiller_Quarantine\25.05.2012_00.34.54\rtkt0000\zafs0000\tsk0012.dta Win32/Sirefef.ET trojan (unable to clean) 00000000000000000000000000000000 I

C:\TDSSKiller_Quarantine\25.05.2012_00.34.54\rtkt0000\zafs0000\tsk0013.dta probably a variant of Win32/Olmarik.AVQ trojan (unable to clean) 00000000000000000000000000000000 I

C:\TDSSKiller_Quarantine\25.05.2012_00.34.54\rtkt0001\svc0000\tsk0000.dta Win32/Agent.SUC.Gen trojan (unable to clean) 00000000000000000000000000000000 I

C:\Users\Public\Documents\task32.dll Win32/Bamital.EZ trojan (unable to clean) 00000000000000000000000000000000 I

C:\Users\Shoescifer\Documents\Downloads\jZipV1c.exe multiple threats (unable to clean) 00000000000000000000000000000000 I

C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\RLN5MUVM\hotelsaleprices_biz[1].htm HTML/Iframe.B.Gen virus (unable to clean) 00000000000000000000000000000000 I

E:\Program Files\AskSBar\SrchAstt\1.bin\A2SRCHAS.DLL Win32/Toolbar.AskSBar application (unable to clean) 00000000000000000000000000000000 I

[D-FRED-BROWN]

Go ahead and run it again, but this time, select the option to "clean" the files it detects.

[BlackenBlue]

Ok scan complete, all issues cleaned including quarantine

C:\System Volume Information\SystemRestore\FRStaging\Windows\$NtUninstallKB17535$\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\RLN5MUVM\hotelsaleprices_biz[1].htm HTML/Iframe.B.Gen virus deleted - quarantined

C:\TDSSKiller_Quarantine\25.05.2012_00.34.54\rtkt0000\svc0000\tsk0000.dta a variant of Win32/Rootkit.Kryptik.HJ trojan cleaned by deleting - quarantined

C:\TDSSKiller_Quarantine\25.05.2012_00.34.54\rtkt0000\zafs0000\tsk0003.dta Win32/Sirefef.DN trojan cleaned by deleting - quarantined

C:\TDSSKiller_Quarantine\25.05.2012_00.34.54\rtkt0000\zafs0000\tsk0012.dta Win32/Sirefef.ET trojan cleaned by deleting - quarantined

C:\TDSSKiller_Quarantine\25.05.2012_00.34.54\rtkt0000\zafs0000\tsk0013.dta probably a variant of Win32/Olmarik.AVQ trojan cleaned by deleting - quarantined

C:\TDSSKiller_Quarantine\25.05.2012_00.34.54\rtkt0001\svc0000\tsk0000.dta Win32/Agent.SUC.Gen trojan deleted - quarantined

C:\Users\Public\Documents\task32.dll Win32/Bamital.EZ trojan cleaned by deleting - quarantined

C:\Users\Shoescifer\Documents\Downloads\jZipV1c.exe multiple threats deleted - quarantined

E:\Program Files\AskSBar\SrchAstt\1.bin\A2SRCHAS.DLL Win32/Toolbar.AskSBar application cleaned by deleting - quarantined

I don't want to get my hopes up prematurely, but this feels good, and have encountered no physical manifestations. Whats next boss

[D-FRED-BROWN]

Looking good!

Before we move on, let's update some of your programs.

Program updates are a crucial step in preventing malware, as outdated applications are often used by the cybercriminals to gain a foothold on your system.

First,

I see you have User Accounts Control (UAC) disabled.

This is an important security feature which helps prevent malware and other unwanted software from being installed on your computer.

I strongly suggest you keep it enabled. See this link for instructions on how to enable it: http://windows.microsoft.com/en-US/windows-vista/Turn-User-Account-Control-on-or-off

-----------

Please consider updating to Windows Vista Service Pack 2 (SP2).

Windows Vista Service Pack 2 (SP2) contains all the updates released since SP1 plus support for new types of hardware and emerging hardware standards.

It is now available via Windows Update or as a standalone installation here.

-----------

You are using Internet Explorer version 7. Since you are using Windows Vista, you qualify forthe latest version, which is 9. Using an outdated version of a web browser leaves you extremley vulnerable to malware!

Please see this link to download the latest version: http://windows.microsoft.com/en-US/internet-explorer/products/ie/home

-----------

Java is out of date and older versions contain vulnerabilities. Please update to the newest version.

Download the newest version from here http://www.oracle.com/technetwork/java/javase/downloads/index.html.

It's important to remove older versions of Java since it does not do so automatically and old versions still leave you vulnerable.

Go to Start > Control Panel and open Add or Remove Programs.

Search in the list for all previous installed versions of Java. (J2SE Runtime Environment).

They will have this icon next to them:

Select each in turn and click Remove.

Once old versions are gone, please install the newest version.

-----------

Your Flash Player is out of date!

To make sure you have the latest version of Adobe Flash Player installed:

1. To uninstall an older version, visit this link: uninstall_flash_player.exe

2. Quit ALL running applications, including all Internet Explorer or other browser windows, and messenger applications (like AOL Instant Messenger, Yahoo Messenger, MSN Messenger).

3. Double-click on the file you've downloaded to uninstall Flash.

4. If uninstalled successfully, go to this site: Install Adobe Flash Player, and choose Agree and install now. This will install the newest version of Flash for your browser (note: Flash plugins for IE and Firefox must be installed separately).

Note: I recommend you uncheck an optional install (Free McAfee Security Scan or Free Google Toolbar).

-----------

Let me know how the program updates go, as failed updates may be a sign of additional malware.

[BlackenBlue]

Bloody hell, this is very bad. Re-enabled UAC, Turned on the windows auto updater again, it downloaded the Win SP1 and got to part 2/3 of the install and Blue Screened on the restart. Tried to boot into safe mode w/ networking to give it another shot but the second the Windows 'loading' screen (after POST check before BIOS) came up it BSOD'd again, stop message as follows:

Technical Information

STOP: 0x0000007E (0xC0000005, 0x807A9887, 0x88F63C38, 0x88F63934)

partmgr.sys - Address 807A9887 base at 807A7000

I fuggin hate blue screens but of all the ones ive encountered this is a new one... Help?!

[D-FRED-BROWN]

Bugger- I hate when that happens. It's an existing issue with the automatic downloader... usually when you just download the update directly from their site, it works fine.

Are you able to access any of the Advanced Boot Options? See if you can access System Restore- if you're successful, choose only the most recent restore point to restore from.

Instructions for using System Restore can be found here: http://windows.micro...n-windows-vista

EDIT: It's 1AM here so I'll probably head to bed. I'll try to check back first thing in the morning to see how things are going. Keep me posed.

[BlackenBlue]

heheh I knew there was a reason I kept all my system disks handy. Sadly enough that was the reason I disabled AutoUpdate, it kept bugging me about frivolous stuff and then trying to force incompatible software... sadly enough I had my own little internal debate on whether to do it manually (cause I do know my sys specs just not the version of the SP I had) censored me Right?

Anyway, reverted back to literally right before the SP1 install attempt, resuming the updates, I'll be doing these manually and leaving the bloody auto updates off after that.

It's getting pretty late here as well, probably won't get through all of em before retiring, but since you've been quick to respond I wanted to keep you up-to-date.

Thanks again,

-BlackenBlue-

[D-FRED-BROWN]

Glad to hear you're up and running again . Let me know when you've finished updating things.

Also, you may want to run this System Update Readiness tool provided by Microsoft before you manually update to SP2 : http://www.microsoft.com/downloads/details.aspx?FamilyID=0435684b-8d12-4028-9cb0-b2903257f1fd

Let me know how things go.

[BlackenBlue]

ok tried several times to manually update, (this is a 32bit OS and there are only two options 5 lang. and all tried both)same thing happens install looks like its going well, goes to restart and the same BSOD pops up I assume from incompatibility, roll back everything to right before it happened and each time I'm left two hours later, right where I started. tried installing the Sys. Upd. Read. tool but it hung on the install and wont reinitialize now because it detects a partial file of the same name...

Also it may be worth noting that everytime I open a new tab/window in IE a UAC window pops up telling me that Java runtime is out of date. Now I know this is true but the persistence and frequency seems too obnoxious to be legitimate.

In any case I dont think the SP update is going to work

[D-FRED-BROWN]

Hmmm. Go ahead and update Java for now, then let me know if you're still getting those weird messages:

Download the newest version from here http://www.oracle.co...oads/index.html.

It's important to remove older versions of Java since it does not do so automatically and old versions still leave you vulnerable.

Go to Start > Control Panel and open Add or Remove Programs.

Search in the list for all previous installed versions of Java. (J2SE Runtime Environment).

They will have this icon next to them:

Select each in turn and click Remove.

Once old versions are gone, please install the newest version.

-----------------

Let's try something:

Please download WVCheck from here.

• Double click WVCheck.exe. (If you downloaded the zipped version you will need to extract it.)
  
• As indicated by the prompt, This program can take a while depending on your hard drive space.
  
• Once the program is done, copy the contents of the notepad file as a reply.
  

[BlackenBlue]

WVCheck's Registry Check Check

-----------------------

Antiwpa: Not Found

-----------------------

Chew7Hale: Not Found

-----------------------

WVCheck's File Dump

-----------------------

C:\Windows\SoftwareDistribution\Download\c91af43e301542f65a88d59517636d32\x86_microsoft-windows-security-licensing-wga_31bf3856ad364e35_6.0.6001.18000_none_4e4769e7f9aab897\slwga.dll

Size: 12288 bytes

Creation; 26/5/2012 5:9:45

Modification; 19/1/2008 1:36:30

MD5; 7269a928bc18dafbddcffb96b6e987f1

Matched: slwga.dll

-----------------------

C:\Windows\System32\slwga.dll

Size: 12288 bytes

Creation; 2/11/2006 3:44:14

Modification; 2/11/2006 4:46:13

MD5; b39f1844ad6c656f64acd32caee72caa

Matched: slwga.dll

-----------------------

C:\Windows\winsxs\x86_microsoft-windows-security-licensing-wga_31bf3856ad364e35_6.0.6000.16386_none_4c10a7ebfcbfa7c3\slwga.dll

Size: 12288 bytes

Creation; 2/11/2006 3:44:14

Modification; 2/11/2006 4:46:13

MD5; b39f1844ad6c656f64acd32caee72caa

Matched: slwga.dll

-----------------------

WVCheck's Dir Dump

-----------------------

WVCheck found no known bad directories.

WVCheck's Missing File Check

-----------------------

WVCheck found no missing Windows files.

WVCheck's MBAM Quarantine Check

-----------------------

There were no bad files quarantined by MBAM.

WVCheck's HOSTS File Check

-----------------------

WVCheck found no bad lines in the hosts file.

Hi, updated Java np, Chrome working fine, here are results

WVCheck's MD5 Check

EXPERIMENTAL!!

-----------------------

user32.dll - 63b4f59d7c89b1bf5277f1ffefd491cd

-------- End of File, program close at 1649_27-05-2012 --------

[D-FRED-BROWN]

So when you ran the Readiness Tool, it said partmgr.sys was corrupt or something?

[BlackenBlue]

Not quite, it opens, says its installing, (no green loading bar, stays completely blank) then about 30 min later it pops up with install complete (I may have buggered the initial install of the readiness tool because I'm a dumb-ass, would rolling back to the most recent failed SP install and trying the tool again work?). When I tried installing SP2 it said I needed SP1 when I try SP1 I get the stop error.

[D-FRED-BROWN]

Go ahead and do a System Restore to right before you attempted to install Service Pack 2.

Then, run Security Check:

Please download Security Check by screen317 from here or here.

• Save it to your Desktop.
  
• Double click SecurityCheck.exe and follow the onscreen instructions inside of the black box.
  
• A Notepad document should open automatically called checkup.txt; please post the contents of that document.

Also, run the Readiness Tool, but don't install any Service Pack yet.

[D-FRED-BROWN]

I'll be out for most of tonight but I'll be back here as soon as possible.

[BlackenBlue]

No worries man you've been awesome, restored to earlier point, redid the Java update, reran the readiness tool, heres the scan results

Results of screen317's Security Check version 0.99.39

Windows Vista x86 (UAC is enabled)

Out of date service pack!!

Internet Explorer 7 Out of date!

``````````````Antivirus/Firewall Check:``````````````

Windows Firewall Enabled!

WMI entry may not exist for antivirus; attempting automatic update.

`````````Anti-malware/Other Utilities Check:`````````

Spybot - Search & Destroy

Malwarebytes Anti-Malware version 1.61.0.1400

JavaFX 2.1.0

JavaFX 2.1.0 SDK

Java 7 Update 4

Java SE Development Kit 7 Update 4

Adobe Flash Player 10 Flash Player out of date!

Adobe Flash Player 10.1.102.64 Flash Player out of Date!

Adobe Flash Player 10.1.102.64

````````Process Check: objlist.exe by Laurent````````

Malwarebytes Anti-Malware mbamservice.exe

Spybot Teatimer.exe is disabled!

`````````````````System Health check`````````````````

Total Fragmentation on Drive C: 6 % Defragment your hard drive soon!

````````````````````End of Log``````````````````````

[D-FRED-BROWN]

No worries man you've been awesome, restored to earlier point, redid the Java update, reran the readiness tool, heres the scan results

Thank you, I appreciate it.

We can worry about the application updates (Java, Flash, etc.) later. Right now, let's see if we can get you on the latest Service Pack.

Before we do anything, did you encounter any issues with the Readiness Tool this time? Any particular errors, messages, etc.? Please let me know, I'd like to make sure we correct any underlying issues before we attempt to update again.

[BlackenBlue]

it popped up as it has (every time save the first) with the box saying that it was installing part 1 of 1, however (unlike the first) the green progress bar never showed up, although after about thirty minutes it proclaimed that the installation had been completed.

[D-FRED-BROWN]

You're running from an Administrator account, right?