Malware removal request

 dds.txt   11.06K   2 downloads  Ark.txt   34K   0 downloads  attach.txt   11.07K   1 downloadsI've followed the preparation for malware removal and requesting help..added attachments if i have left anything out please let me know thanks.

Greetings and Welcome to The Forums!!

My name is Gringo and I'll be glad to help you with your computer problems.

I have put together somethings for you to keep in mind while I am helping you to make things go easier and faster for both of us

• Please do not run any tools unless instructed to do so.
  
  • We ask you to run different tools in a specific order to ensure the malware is completely removed from your machine, and running any additional tools may detect false positives, interfere with our tools, or cause unforeseen damage or system instability.
• Please do not attach logs or use code boxes, just copy and paste the text.
  
  • Due to the high volume of logs we receive it helps to receive everything in the same format, and code boxes make the logs very difficult to read. Also, attachments require us to download and open the reports when it is easier to just read the reports in your post.
• Please read every post completely before doing anything.
  
  • Pay special attention to the NOTE: lines, these entries identify an individual issue or important step in the cleanup process.
• Please provide feedback about your experience as we go.
  
  • A short statement describing how the computer is working helps us understand where to go next, for example: I am still getting redirected, the computer is running normally, etc. Please do not describe the computer as "the same", this requires the extra step of looking back at your previous post.

NOTE: At the top of your post, click on the Watch Topic Button, select Immediate Notification, and click on Proceed. This will send you an e-mail as soon as I reply to your topic, allowing us to resolve the issue faster.

NOTE: Backup any files that cannot be replaced. Removing malware can be unpredictable and this step can save a lot of hartaches if things don't go as planed. You can put them on a CD/DVD, external drive or a pen drive, anywhere except on the computer.

NOTE: It is good practice to copy and paste the instructions into notepad and print them in case it is necessary for you to go offline during the cleanup process. To open notepad, navigate to Start Menu > All Programs > Accessories > Notepad. Please remember to copy the entire post so you do not miss any instructions.

Security Check

• Download Security Check by screen317 from here.
• Save it to your Desktop.
• Double click SecurityCheck.exe and follow the onscreen instructions inside of the black box.
• A Notepad document should open automatically called checkup.txt; please post the contents of that document.

Run Combofix:

You may be asked to install or update the Recovery Console (Win XP Only) if this happens please allow it to do so (you will need to be connected to the internet for this)

Before you run Combofix I will need you to turn off any security software you have running, If you do not know how to do this you can find out >here< or >here<

Combofix may need to reboot your computer more than once to do its job this is normal.

You can download Combofix from one of these links.
Link 1
Link 2
Link 3
1. Close any open browsers or any other programs that are open.
2. Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.

Double click on combofix.exe & follow the prompts.
When finished, it will produce a report for you.

Note 1: Do not mouseclick combofix's window while it's running. That may cause it to stall

Note 2: If you recieve an error "Illegal operation attempted on a registery key that has been marked for deletion." Please restart the computer

"information and logs"

• In your next post I need the following
  
• Log from Combofix
• let me know of any problems you may have had
  
• How is the computer doing now?

Gringo

Results of screen317's Security Check version 0.99.42
Windows XP Service Pack 3 x86
Internet Explorer 8
``````````````Antivirus/Firewall Check:``````````````
Windows Firewall Enabled!
ESET Online Scanner v3
Kaspersky Anti-Virus 2012
`````````Anti-malware/Other Utilities Check:`````````
SUPERAntiSpyware
Windows Defender
Secunia PSI (1.9.0.5004)
Malwarebytes Anti-Malware version 1.61.0.1400
CCleaner
Java™ 6 Update 22
Java 2 Runtime Environment, SE v1.4.2
Java version out of Date!
Adobe Flash Player 11.1.102.63
Adobe Reader 9 Adobe Reader out of Date!
Mozilla Firefox 12.0 Firefox out of Date!
````````Process Check: objlist.exe by Laurent````````
`````````````````System Health check`````````````````
Total Fragmentation on Drive C:: 4%
````````````````````End of Log``````````````````````

very good - let me have the combofix report when it is complete


gringo

combofix finds zeroaccess rootkit...shuts down pc ,then restarts..begins scan and runs for 3hrs ..is it stuck..i have no report do i let it run until i get a report

combofix does not go thru the stages

Greetings

I want you to run these next,

tdsskiller:

Please read carefully and follow these steps.

• Download TDSSKiller and save it to your Desktop.
• doubleclick on TDSSKiller.exe to run the application, then on Start Scan.
• If an infected file is detected, the default action will be Cure, click on Continue.
• If a suspicious file is detected, the default action will be Skip, click on Continue.
• It may ask you to reboot the computer to complete the process. Click on Reboot Now.
• If no reboot is require, click on Report. A log file should appear. Please copy and paste the contents of that file here.
• If a reboot is required, the report can also be found in your root directory, (usually C:\ folder) in the form of "TDSSKiller.[Version]_[Date]_[Time]_log.txt". Please copy and paste the contents of that file here.

Please download aswMBR to your desktop.

• Double click the aswMBR.exe icon to run it
• it will ask to download extra definitions - ALLOW IT
• Click the Scan button to start the scan
• On completion of the scan, click the save log button, save it to your desktop and post it in your next reply.

If you have any problems running either one come back and let me know

please reply with the reports from TDSSKiller and aswMBR

aswMBR version 0.9.9.1665 Copyright© 2011 AVAST Software
Run date: 2012-07-04 01:07:18
-----------------------------
01:07:18.453 OS Version: Windows 5.1.2600 Service Pack 3
01:07:18.453 Number of processors: 1 586 0x209
01:07:18.453 ComputerName: DFWQD341 UserName: charles
01:07:19.203 Initialize success
01:12:39.890 AVAST engine defs: 12070301
01:15:05.796 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T0L0-4
01:15:05.812 Disk 0 Vendor: ST380011A 3.16 Size: 76293MB BusType: 3
01:15:05.812 Disk 1 \Device\Harddisk1\DR1 -> \Device\Ide\IdeDeviceP0T1L0-c
01:15:05.828 Disk 1 Vendor: ST3300831A 3.03 Size: 286168MB BusType: 3
01:15:05.859 Disk 0 MBR read successfully
01:15:05.859 Disk 0 MBR scan
01:15:05.906 Disk 0 Windows XP default MBR code
01:15:05.937 Disk 0 Partition 1 00 DE Dell Utility Dell 4.1 31 MB offset 63
01:15:05.953 Disk 0 Partition 2 80 (A) 07 HPFS/NTFS NTFS 76253 MB offset 64260
01:15:05.984 Disk 0 scanning sectors +156232125
01:15:06.078 Disk 0 scanning C:\WINDOWS\system32\drivers
01:15:28.828 Service scanning
01:15:45.546 Service KL1 C:\WINDOWS\system32\DRIVERS\kl1.sys **LOCKED** 5
01:15:45.687 Service kl2 C:\WINDOWS\system32\DRIVERS\kl2.sys **LOCKED** 5
01:15:45.937 Service klim5 C:\WINDOWS\system32\DRIVERS\klim5.sys **LOCKED** 5
01:15:46.062 Service klmouflt C:\WINDOWS\system32\DRIVERS\klmouflt.sys **LOCKED** 5
01:16:10.656 Modules scanning
01:16:25.781 Disk 0 trace - called modules:
01:16:25.843 ntoskrnl.exe CLASSPNP.SYS disk.sys atapi.sys hal.dll pciide.sys PCIIDEX.SYS
01:16:25.875 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0x8ae32ab8]
01:16:25.906 3 CLASSPNP.SYS[f7637fd7] -> nt!IofCallDriver -> \Device\Ide\IdeDeviceP0T0L0-4[0x8ae11d98]
01:16:26.578 AVAST engine scan C:\WINDOWS
01:16:33.406 File: C:\WINDOWS\OLD2593.tmp **INFECTED** Win32:Patched-AIU [Trj]
01:16:35.187 File: C:\WINDOWS\OLD9614.tmp **INFECTED** Win32:Patched-AIU [Trj]
01:16:35.671 File: C:\WINDOWS\OLDFEA8.tmp **INFECTED** Win32:Patched-AIU [Trj]
01:16:35.937 File: C:\WINDOWS\OLDFF7C.tmp **INFECTED** Win32:Patched-AIU [Trj]
01:16:41.703 AVAST engine scan C:\WINDOWS\system32
01:21:43.562 AVAST engine scan C:\WINDOWS\system32\drivers
01:22:16.218 AVAST engine scan C:\Documents and Settings\charles
01:24:28.953 Disk 0 MBR has been saved successfully to "C:\Documents and Settings\charles\Desktop\MBR.dat" **************TDSSKILLER SCAN 01:01:44.0640 2936 TDSS rootkit removing tool 2.7.44.0 Jul 2 2012 20:01:08
01:01:45.0296 2936 ============================================================
01:01:45.0296 2936 Current date / time: 2012/07/04 01:01:45.0296
01:01:45.0296 2936 SystemInfo:
01:01:45.0296 2936
01:01:45.0296 2936 OS Version: 5.1.2600 ServicePack: 3.0
01:01:45.0296 2936 Product type: Workstation
01:01:45.0296 2936 ComputerName: DFWQD341
01:01:45.0296 2936 UserName: charles
01:01:45.0296 2936 Windows directory: C:\WINDOWS
01:01:45.0296 2936 System windows directory: C:\WINDOWS
01:01:45.0296 2936 Processor architecture: Intel x86
01:01:45.0296 2936 Number of processors: 1
01:01:45.0296 2936 Page size: 0x1000
01:01:45.0296 2936 Boot type: Normal boot
01:01:45.0296 2936 ============================================================
01:01:47.0125 2936 Drive \Device\Harddisk0\DR0 - Size: 0x12A05F2000 (74.51 Gb), SectorSize: 0x200, Cylinders: 0x25FE, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000054
01:01:47.0140 2936 Drive \Device\Harddisk1\DR1 - Size: 0x45DD826000 (279.46 Gb), SectorSize: 0x200, Cylinders: 0x8E81, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000054
01:01:47.0140 2936 Drive \Device\Harddisk2\DR6 - Size: 0xE8E0DB6000 (931.51 Gb), SectorSize: 0x200, Cylinders: 0x1DB01, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'W'
01:01:47.0156 2936 ============================================================
01:01:47.0156 2936 \Device\Harddisk0\DR0:
01:01:47.0156 2936 MBR partitions:
01:01:47.0156 2936 \Device\Harddisk0\DR0\Partition0: MBR, Type 0x7, StartLBA 0xFB04, BlocksNum 0x94EEEB9
01:01:47.0156 2936 \Device\Harddisk1\DR1:
01:01:47.0156 2936 MBR partitions:
01:01:47.0156 2936 \Device\Harddisk1\DR1\Partition0: MBR, Type 0x7, StartLBA 0x3AD4F, BlocksNum 0x22EAFFF2
01:01:47.0156 2936 \Device\Harddisk2\DR6:
01:01:47.0156 2936 MBR partitions:
01:01:47.0156 2936 \Device\Harddisk2\DR6\Partition0: MBR, Type 0x7, StartLBA 0x3F, BlocksNum 0x74705982
01:01:47.0156 2936 ============================================================
01:01:47.0218 2936 C: <-> \Device\Harddisk0\DR0\Partition0
01:01:47.0250 2936 D: <-> \Device\Harddisk1\DR1\Partition0
01:01:50.0859 2936 H: <-> \Device\Harddisk2\DR6\Partition0
01:01:50.0875 2936 ============================================================
01:01:50.0875 2936 Initialize success
01:01:50.0875 2936 ============================================================
01:02:09.0765 2588 ============================================================
01:02:09.0765 2588 Scan started
01:02:09.0765 2588 Mode: Manual;
01:02:09.0765 2588 ============================================================
01:02:10.0640 2588 Scan interrupted by user!
01:02:10.0640 2588 Scan interrupted by user!
01:02:10.0640 2588 Scan interrupted by user!
01:02:10.0640 2588 ============================================================
01:02:10.0640 2588 Scan finished
01:02:10.0640 2588 ============================================================
01:02:10.0671 2696 Detected object count: 0
01:02:10.0671 2696 Actual detected object count: 0
01:02:28.0531 2116 ============================================================
01:02:28.0531 2116 Scan started
01:02:28.0531 2116 Mode: Manual;
01:02:28.0531 2116 ============================================================
01:02:29.0156 2116 Scan interrupted by user!
01:02:29.0156 2116 Scan interrupted by user!
01:02:29.0156 2116 Scan interrupted by user!
01:02:29.0156 2116 ============================================================
01:02:29.0156 2116 Scan finished
01:02:29.0156 2116 ============================================================
01:02:29.0156 4012 Detected object count: 0
01:02:29.0156 4012 Actual detected object count: 0
01:02:34.0296 4072 ============================================================
01:02:34.0296 4072 Scan started
01:02:34.0296 4072 Mode: Manual;
01:02:34.0296 4072 ============================================================
01:02:34.0875 4072 !SASCORE (c0393eb99a6c72c6bef9bfc4a72b33a6) C:\Program Files\SUPERAntiSpyware\SASCORE.EXE
01:02:34.0875 4072 !SASCORE - ok
01:02:35.0109 4072 98502352 (186b54479d98e48aee0e9ada4b3c4d31) C:\WINDOWS\system32\DRIVERS\98502352.sys
01:02:35.0109 4072 98502352 - ok
01:02:35.0125 4072 Abiosdsk - ok
01:02:35.0171 4072 abp480n5 (6abb91494fe6c59089b9336452ab2ea3) C:\WINDOWS\System32\DRIVERS\ABP480N5.SYS
01:02:35.0171 4072 abp480n5 - ok
01:02:35.0218 4072 ACPI (8fd99680a539792a30e97944fdaecf17) C:\WINDOWS\system32\DRIVERS\ACPI.sys
01:02:35.0234 4072 ACPI - ok
01:02:35.0281 4072 ACPIEC (9859c0f6936e723e4892d7141b1327d5) C:\WINDOWS\system32\drivers\ACPIEC.sys
01:02:35.0281 4072 ACPIEC - ok
01:02:35.0328 4072 adpu160m (9a11864873da202c996558b2106b0bbc) C:\WINDOWS\System32\DRIVERS\adpu160m.sys
01:02:35.0328 4072 adpu160m - ok
01:02:35.0359 4072 aeaudio (11c04b17ed2abbb4833694bcd644ac90) C:\WINDOWS\system32\drivers\aeaudio.sys
01:02:35.0375 4072 aeaudio - ok
01:02:35.0390 4072 aec (8bed39e3c35d6a489438b8141717a557) C:\WINDOWS\system32\drivers\aec.sys
01:02:35.0406 4072 aec - ok
01:02:35.0437 4072 AFD (7618d5218f2a614672ec61a80d854a37) C:\WINDOWS\System32\drivers\afd.sys
01:02:35.0437 4072 AFD - ok
01:02:35.0484 4072 AFS2K (c685cc27a2e637f0dcb5a45e67cc6f74) C:\WINDOWS\system32\drivers\AFS2K.sys
01:02:35.0484 4072 AFS2K - ok
01:02:35.0515 4072 agp440 (08fd04aa961bdc77fb983f328334e3d7) C:\WINDOWS\System32\DRIVERS\agp440.sys
01:02:35.0515 4072 agp440 - ok
01:02:35.0546 4072 agpCPQ (03a7e0922acfe1b07d5db2eeb0773063) C:\WINDOWS\System32\DRIVERS\agpCPQ.sys
01:02:35.0546 4072 agpCPQ - ok
01:02:35.0578 4072 Aha154x (c23ea9b5f46c7f7910db3eab648ff013) C:\WINDOWS\System32\DRIVERS\aha154x.sys
01:02:35.0578 4072 Aha154x - ok
01:02:35.0625 4072 aic78u2 (19dd0fb48b0c18892f70e2e7d61a1529) C:\WINDOWS\System32\DRIVERS\aic78u2.sys
01:02:35.0640 4072 aic78u2 - ok
01:02:35.0656 4072 aic78xx (b7fe594a7468aa0132deb03fb8e34326) C:\WINDOWS\System32\DRIVERS\aic78xx.sys
01:02:35.0656 4072 aic78xx - ok
01:02:35.0703 4072 Alerter (a9a3daa780ca6c9671a19d52456705b4) C:\WINDOWS\system32\alrsvc.dll
01:02:35.0703 4072 Alerter - ok
01:02:35.0718 4072 ALG (8c515081584a38aa007909cd02020b3d) C:\WINDOWS\System32\alg.exe
01:02:35.0718 4072 ALG - ok
01:02:35.0781 4072 AliIde (1140ab9938809700b46bb88e46d72a96) C:\WINDOWS\System32\DRIVERS\aliide.sys
01:02:35.0781 4072 AliIde - ok
01:02:35.0828 4072 alim1541 (cb08aed0de2dd889a8a820cd8082d83c) C:\WINDOWS\System32\DRIVERS\alim1541.sys
01:02:35.0828 4072 alim1541 - ok
01:02:35.0843 4072 amdagp (95b4fb835e28aa1336ceeb07fd5b9398) C:\WINDOWS\System32\DRIVERS\amdagp.sys
01:02:35.0843 4072 amdagp - ok
01:02:35.0906 4072 amsint (79f5add8d24bd6893f2903a3e2f3fad6) C:\WINDOWS\System32\DRIVERS\amsint.sys
01:02:35.0906 4072 amsint - ok
01:02:35.0921 4072 AppMgmt - ok
01:02:35.0937 4072 asc (62d318e9a0c8fc9b780008e724283707) C:\WINDOWS\System32\DRIVERS\asc.sys
01:02:35.0937 4072 asc - ok
01:02:35.0968 4072 asc3350p (69eb0cc7714b32896ccbfd5edcbea447) C:\WINDOWS\System32\DRIVERS\asc3350p.sys
01:02:35.0968 4072 asc3350p - ok
01:02:36.0015 4072 asc3550 (5d8de112aa0254b907861e9e9c31d597) C:\WINDOWS\System32\DRIVERS\asc3550.sys
01:02:36.0015 4072 asc3550 - ok
01:02:36.0093 4072 Aspi32 (b979979ab8027f7f53fb16ec4229b7db) C:\WINDOWS\system32\drivers\Aspi32.sys
01:02:36.0093 4072 Aspi32 - ok
01:02:36.0203 4072 aspnet_state (0e5e4957549056e2bf2c49f4f6b601ad) C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe
01:02:36.0312 4072 aspnet_state - ok
01:02:36.0359 4072 AsyncMac (b153affac761e7f5fcfa822b9c4e97bc) C:\WINDOWS\system32\DRIVERS\asyncmac.sys
01:02:36.0359 4072 AsyncMac - ok
01:02:36.0437 4072 atapi (9f3a2f5aa6875c72bf062c712cfa2674) C:\WINDOWS\system32\DRIVERS\atapi.sys
01:02:36.0437 4072 atapi - ok
01:02:36.0453 4072 Atdisk - ok
01:02:36.0484 4072 Atmarpc (9916c1225104ba14794209cfa8012159) C:\WINDOWS\system32\DRIVERS\atmarpc.sys
01:02:36.0484 4072 Atmarpc - ok
01:02:36.0546 4072 AudioSrv (def7a7882bec100fe0b2ce2549188f9d) C:\WINDOWS\System32\audiosrv.dll
01:02:36.0562 4072 AudioSrv - ok
01:02:36.0609 4072 audstub (d9f724aa26c010a217c97606b160ed68) C:\WINDOWS\system32\DRIVERS\audstub.sys
01:02:36.0609 4072 audstub - ok
01:02:36.0750 4072 AVP (2718dc27571bd1e37813f5759d2dc118) C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2012\avp.exe
01:02:36.0765 4072 AVP - ok
01:02:36.0890 4072 BCMModem (2b028f4b6812bc236d9dc1b9fea9853a) C:\WINDOWS\system32\DRIVERS\BCMSM.sys
01:02:36.0937 4072 BCMModem - ok
01:02:36.0984 4072 Beep (da1f27d85e0d1525f6621372e7b685e9) C:\WINDOWS\system32\drivers\Beep.sys
01:02:36.0984 4072 Beep - ok
01:02:37.0062 4072 BITS (574738f61fca2935f5265dc4e5691314) C:\WINDOWS\system32\qmgr.dll
01:02:37.0187 4072 BITS - ok
01:02:37.0234 4072 Browser (a06ce3399d16db864f55faeb1f1927a9) C:\WINDOWS\System32\browser.dll
01:02:37.0234 4072 Browser - ok
01:02:37.0359 4072 catchme - ok
01:02:37.0421 4072 cbidf (90a673fc8e12a79afbed2576f6a7aaf9) C:\WINDOWS\System32\DRIVERS\cbidf2k.sys
01:02:37.0421 4072 cbidf - ok
01:02:37.0437 4072 cbidf2k (90a673fc8e12a79afbed2576f6a7aaf9) C:\WINDOWS\system32\drivers\cbidf2k.sys
01:02:37.0437 4072 cbidf2k - ok
01:02:37.0468 4072 CCDECODE (0be5aef125be881c4f854c554f2b025c) C:\WINDOWS\system32\DRIVERS\CCDECODE.sys
01:02:37.0484 4072 CCDECODE - ok
01:02:37.0531 4072 cd20xrnt (f3ec03299634490e97bbce94cd2954c7) C:\WINDOWS\System32\DRIVERS\cd20xrnt.sys
01:02:37.0531 4072 cd20xrnt - ok
01:02:37.0562 4072 Cdaudio (c1b486a7658353d33a10cc15211a873b) C:\WINDOWS\system32\drivers\Cdaudio.sys
01:02:37.0562 4072 Cdaudio - ok
01:02:37.0578 4072 Cdfs (c885b02847f5d2fd45a24e219ed93b32) C:\WINDOWS\system32\drivers\Cdfs.sys
01:02:37.0578 4072 Cdfs - ok
01:02:37.0609 4072 Cdrom (1f4260cc5b42272d71f79e570a27a4fe) C:\WINDOWS\system32\DRIVERS\cdrom.sys
01:02:37.0609 4072 Cdrom - ok
01:02:37.0625 4072 Changer - ok
01:02:37.0671 4072 CiSvc (1cfe720eb8d93a7158a4ebc3ab178bde) C:\WINDOWS\system32\cisvc.exe
01:02:37.0671 4072 CiSvc - ok
01:02:37.0703 4072 ClipSrv (34cbe729f38138217f9c80212a2a0c82) C:\WINDOWS\system32\clipsrv.exe
01:02:37.0703 4072 ClipSrv - ok
01:02:37.0812 4072 clr_optimization_v2.0.50727_32 (d87acaed61e417bba546ced5e7e36d9c) C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
01:02:37.0921 4072 clr_optimization_v2.0.50727_32 - ok
01:02:37.0968 4072 CmdIde (e5dcb56c533014ecbc556a8357c929d5) C:\WINDOWS\System32\DRIVERS\cmdide.sys
01:02:37.0968 4072 CmdIde - ok
01:02:37.0984 4072 COMSysApp - ok
01:02:38.0062 4072 Cpqarray (3ee529119eed34cd212a215e8c40d4b6) C:\WINDOWS\System32\DRIVERS\cpqarray.sys
01:02:38.0062 4072 Cpqarray - ok
01:02:38.0093 4072 CryptSvc (3d4e199942e29207970e04315d02ad3b) C:\WINDOWS\System32\cryptsvc.dll
01:02:38.0093 4072 CryptSvc - ok
01:02:38.0140 4072 dac2w2k (e550e7418984b65a78299d248f0a7f36) C:\WINDOWS\System32\DRIVERS\dac2w2k.sys
01:02:38.0156 4072 dac2w2k - ok
01:02:38.0187 4072 dac960nt (683789caa3864eb46125ae86ff677d34) C:\WINDOWS\System32\DRIVERS\dac960nt.sys
01:02:38.0187 4072 dac960nt - ok
01:02:38.0234 4072 DcomLaunch (6b27a5c03dfb94b4245739065431322c) C:\WINDOWS\system32\rpcss.dll
01:02:38.0250 4072 DcomLaunch - ok
01:02:38.0296 4072 Dhcp (5e38d7684a49cacfb752b046357e0589) C:\WINDOWS\System32\dhcpcsvc.dll
01:02:38.0296 4072 Dhcp - ok
01:02:38.0328 4072 Disk (044452051f3e02e7963599fc8f4f3e25) C:\WINDOWS\system32\DRIVERS\disk.sys
01:02:38.0328 4072 Disk - ok
01:02:38.0343 4072 dmadmin - ok
01:02:38.0406 4072 dmboot (d992fe1274bde0f84ad826acae022a41) C:\WINDOWS\system32\drivers\dmboot.sys
01:02:38.0437 4072 dmboot - ok
01:02:38.0484 4072 dmio (7c824cf7bbde77d95c08005717a95f6f) C:\WINDOWS\system32\drivers\dmio.sys
01:02:38.0484 4072 dmio - ok
01:02:38.0531 4072 dmload (e9317282a63ca4d188c0df5e09c6ac5f) C:\WINDOWS\system32\drivers\dmload.sys
01:02:38.0546 4072 dmload - ok
01:02:38.0593 4072 dmserver (57edec2e5f59f0335e92f35184bc8631) C:\WINDOWS\System32\dmserver.dll
01:02:38.0593 4072 dmserver - ok
01:02:38.0625 4072 DMusic (8a208dfcf89792a484e76c40e5f50b45) C:\WINDOWS\system32\drivers\DMusic.sys
01:02:38.0625 4072 DMusic - ok
01:02:38.0671 4072 Dnscache (5f7e24fa9eab896051ffb87f840730d2) C:\WINDOWS\System32\dnsrslvr.dll
01:02:38.0671 4072 Dnscache - ok
01:02:38.0718 4072 Dot3svc (0f0f6e687e5e15579ef4da8dd6945814) C:\WINDOWS\System32\dot3svc.dll
01:02:38.0718 4072 Dot3svc - ok
01:02:38.0765 4072 dpti2o (40f3b93b4e5b0126f2f5c0a7a5e22660) C:\WINDOWS\System32\DRIVERS\dpti2o.sys
01:02:38.0781 4072 dpti2o - ok
01:02:38.0796 4072 drmkaud (8f5fcff8e8848afac920905fbd9d33c8) C:\WINDOWS\system32\drivers\drmkaud.sys
01:02:38.0796 4072 drmkaud - ok
01:02:38.0843 4072 E100B (98b46b331404a951cabad8b4877e1276) C:\WINDOWS\system32\DRIVERS\e100b325.sys
01:02:38.0843 4072 E100B - ok
01:02:38.0875 4072 EapHost (2187855a7703adef0cef9ee4285182cc) C:\WINDOWS\System32\eapsvc.dll
01:02:38.0890 4072 EapHost - ok
01:02:38.0937 4072 EL90XBC (6e883bf518296a40959131c2304af714) C:\WINDOWS\system32\DRIVERS\el90xbc5.sys
01:02:38.0937 4072 EL90XBC - ok
01:02:38.0968 4072 ERSvc (bc93b4a066477954555966d77fec9ecb) C:\WINDOWS\System32\ersvc.dll
01:02:38.0968 4072 ERSvc - ok
01:02:39.0015 4072 Eventlog (65df52f5b8b6e9bbd183505225c37315) C:\WINDOWS\system32\services.exe
01:02:39.0031 4072 Eventlog - ok
01:02:39.0093 4072 EventSystem (d4991d98f2db73c60d042f1aef79efae) C:\WINDOWS\system32\es.dll
01:02:39.0109 4072 EventSystem - ok
01:02:39.0156 4072 Fastfat (38d332a6d56af32635675f132548343e) C:\WINDOWS\system32\drivers\Fastfat.sys
01:02:39.0156 4072 Fastfat - ok
01:02:39.0203 4072 FastUserSwitchingCompatibility (99bc0b50f511924348be19c7c7313bbf) C:\WINDOWS\System32\shsvcs.dll
01:02:39.0203 4072 FastUserSwitchingCompatibility - ok
01:02:39.0250 4072 Fax (e97d6a8684466df94ff3bc24fb787a07) C:\WINDOWS\system32\fxssvc.exe
01:02:39.0265 4072 Fax - ok
01:02:39.0312 4072 Fdc (92cdd60b6730b9f50f6a1a0c1f8cdc81) C:\WINDOWS\system32\DRIVERS\fdc.sys
01:02:39.0312 4072 Fdc - ok
01:02:39.0359 4072 Fips (d45926117eb9fa946a6af572fbe1caa3) C:\WINDOWS\system32\drivers\Fips.sys
01:02:39.0359 4072 Fips - ok
01:02:39.0375 4072 Flpydisk (9d27e7b80bfcdf1cdd9b555862d5e7f0) C:\WINDOWS\system32\DRIVERS\flpydisk.sys
01:02:39.0375 4072 Flpydisk - ok
01:02:39.0421 4072 FltMgr (b2cf4b0786f8212cb92ed2b50c6db6b0) C:\WINDOWS\system32\drivers\fltmgr.sys
01:02:39.0421 4072 FltMgr - ok
01:02:39.0546 4072 FontCache3.0.0.0 (8ba7c024070f2b7fdd98ed8a4ba41789) C:\WINDOWS\Microsoft.NET\Framework\v3.0\WPF\PresentationFontCache.exe
01:02:39.0546 4072 FontCache3.0.0.0 - ok
01:02:39.0593 4072 FsUsbExDisk (b07663a810e861eebfd0eac7e82ca62d) C:\WINDOWS\system32\FsUsbExDisk.SYS
01:02:39.0593 4072 FsUsbExDisk - ok
01:02:39.0640 4072 Fs_Rec (3e1e2bd4f39b0e2b7dc4f4d2bcc2779a) C:\WINDOWS\system32\drivers\Fs_Rec.sys
01:02:39.0656 4072 Fs_Rec - ok
01:02:39.0671 4072 Ftdisk (6ac26732762483366c3969c9e4d2259d) C:\WINDOWS\system32\DRIVERS\ftdisk.sys
01:02:39.0671 4072 Ftdisk - ok
01:02:39.0718 4072 Gpc (0a02c63c8b144bd8c86b103dee7c86a2) C:\WINDOWS\system32\DRIVERS\msgpc.sys
01:02:39.0718 4072 Gpc - ok
01:02:39.0843 4072 gupdate (f02a533f517eb38333cb12a9e8963773) C:\Program Files\Google\Update\GoogleUpdate.exe
01:02:39.0843 4072 gupdate - ok
01:02:39.0875 4072 gupdatem (f02a533f517eb38333cb12a9e8963773) C:\Program Files\Google\Update\GoogleUpdate.exe
01:02:39.0875 4072 gupdatem - ok
01:02:39.0921 4072 gusvc (cc839e8d766cc31a7710c9f38cf3e375) C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
01:02:39.0937 4072 gusvc - ok
01:02:40.0015 4072 helpsvc (4fcca060dfe0c51a09dd5c3843888bcd) C:\WINDOWS\PCHealth\HelpCtr\Binaries\pchsvc.dll
01:02:40.0015 4072 helpsvc - ok
01:02:40.0031 4072 HidServ - ok
01:02:40.0078 4072 HidUsb (ccf82c5ec8a7326c3066de870c06daf1) C:\WINDOWS\system32\DRIVERS\hidusb.sys
01:02:40.0078 4072 HidUsb - ok
01:02:40.0250 4072 HitmanPro36CrusaderBoot - ok
01:02:40.0296 4072 hkmsvc (8878bd685e490239777bfe51320b88e9) C:\WINDOWS\System32\kmsvc.dll
01:02:40.0296 4072 hkmsvc - ok
01:02:40.0359 4072 hpn (b028377dea0546a5fcfba928a8aefae0) C:\WINDOWS\System32\DRIVERS\hpn.sys
01:02:40.0359 4072 hpn - ok
01:02:40.0468 4072 hpqcxs08 (ce0fcec4d4d860f36d972759b11eaf0f) C:\Program Files\HP\Digital Imaging\bin\hpqcxs08.dll
01:02:40.0500 4072 hpqcxs08 - ok
01:02:40.0578 4072 hpqddsvc (7da3211ac63edd90b8eca1ca1abfd43b) C:\Program Files\HP\Digital Imaging\bin\hpqddsvc.dll
01:02:40.0593 4072 hpqddsvc - ok
01:02:40.0656 4072 HPSLPSVC (14229263aa19c704e0d6d2e7404a8455) C:\Program Files\HP\Digital Imaging\bin\HPSLPSVC32.DLL
01:02:40.0734 4072 HPSLPSVC - ok
01:02:40.0765 4072 HPZid412 (d03d10f7ded688fecf50f8fbf1ea9b8a) C:\WINDOWS\system32\DRIVERS\HPZid412.sys
01:02:40.0765 4072 HPZid412 - ok
01:02:40.0781 4072 HPZipr12 (89f41658929393487b6b7d13c8528ce3) C:\WINDOWS\system32\DRIVERS\HPZipr12.sys
01:02:40.0812 4072 HPZipr12 - ok
01:02:40.0843 4072 HPZius12 (abcb05ccdbf03000354b9553820e39f8) C:\WINDOWS\system32\DRIVERS\HPZius12.sys
01:02:40.0843 4072 HPZius12 - ok
01:02:40.0890 4072 HTTP (f80a415ef82cd06ffaf0d971528ead38) C:\WINDOWS\system32\Drivers\HTTP.sys
01:02:40.0890 4072 HTTP - ok
01:02:40.0937 4072 HTTPFilter (6100a808600f44d999cebdef8841c7a3) C:\WINDOWS\System32\w3ssl.dll
01:02:40.0937 4072 HTTPFilter - ok
01:02:40.0984 4072 i2omgmt (9368670bd426ebea5e8b18a62416ec28) C:\WINDOWS\system32\drivers\i2omgmt.sys
01:02:40.0984 4072 i2omgmt - ok
01:02:41.0000 4072 i2omp (f10863bf1ccc290babd1a09188ae49e0) C:\WINDOWS\System32\DRIVERS\i2omp.sys
01:02:41.0015 4072 i2omp - ok
01:02:41.0031 4072 i8042prt (4a0b06aa8943c1e332520f7440c0aa30) C:\WINDOWS\system32\DRIVERS\i8042prt.sys
01:02:41.0031 4072 i8042prt - ok
01:02:41.0093 4072 i81x (06b7ef73ba5f302eecc294cdf7e19702) C:\WINDOWS\system32\DRIVERS\i81xnt5.sys
01:02:41.0093 4072 i81x - ok
01:02:41.0125 4072 iAimFP0 (7b5b44efe5eb9dadfb8ee29700885d23) C:\WINDOWS\system32\DRIVERS\wADV01nt.sys
01:02:41.0125 4072 iAimFP0 - ok
01:02:41.0156 4072 iAimFP1 (eb1f6bab6c22ede0ba551b527475f7e9) C:\WINDOWS\system32\DRIVERS\wADV02NT.sys
01:02:41.0156 4072 iAimFP1 - ok
01:02:41.0171 4072 iAimFP2 (03ce989d846c1aa81145cb22fcb86d06) C:\WINDOWS\system32\DRIVERS\wADV05NT.sys
01:02:41.0171 4072 iAimFP2 - ok
01:02:41.0234 4072 iAimFP3 (525849b4469de021d5d61b4db9be3a9d) C:\WINDOWS\system32\DRIVERS\wSiINTxx.sys
01:02:41.0234 4072 iAimFP3 - ok
01:02:41.0265 4072 iAimFP4 (589c2bcdb5bd602bf7b63d210407ef8c) C:\WINDOWS\system32\DRIVERS\wVchNTxx.sys
01:02:41.0265 4072 iAimFP4 - ok
01:02:41.0296 4072 iAimTV0 (d83bdd5c059667a2f647a6be5703a4d2) C:\WINDOWS\system32\DRIVERS\wATV01nt.sys
01:02:41.0296 4072 iAimTV0 - ok
01:02:41.0312 4072 iAimTV1 (ed968d23354daa0d7c621580c012a1f6) C:\WINDOWS\system32\DRIVERS\wATV02NT.sys
01:02:41.0312 4072 iAimTV1 - ok
01:02:41.0328 4072 iAimTV2 - ok
01:02:41.0375 4072 iAimTV3 (d738273f218a224c1ddac04203f27a84) C:\WINDOWS\system32\DRIVERS\wATV04nt.sys
01:02:41.0390 4072 iAimTV3 - ok
01:02:41.0421 4072 iAimTV4 (0052d118995cbab152daabe6106d1442) C:\WINDOWS\system32\DRIVERS\wCh7xxNT.sys
01:02:41.0421 4072 iAimTV4 - ok
01:02:41.0515 4072 ialm (240d0f5d7caafd87bd8d801a97bbe041) C:\WINDOWS\system32\DRIVERS\ialmnt5.sys
01:02:41.0546 4072 ialm - ok
01:02:41.0718 4072 idsvc (c01ac32dc5c03076cfb852cb5da5229c) C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe
01:02:41.0750 4072 idsvc - ok
01:02:41.0859 4072 Imapi (083a052659f5310dd8b6a6cb05edcf8e) C:\WINDOWS\system32\DRIVERS\imapi.sys
01:02:41.0875 4072 Imapi - ok
01:02:41.0921 4072 ImapiService (30deaf54a9755bb8546168cfe8a6b5e1) C:\WINDOWS\system32\imapi.exe
01:02:41.0921 4072 ImapiService - ok
01:02:41.0984 4072 ini910u (4a40e045faee58631fd8d91afc620719) C:\WINDOWS\System32\DRIVERS\ini910u.sys
01:02:42.0000 4072 ini910u - ok
01:02:42.0109 4072 InstallShield Licensing Service (ee3b48390e5814405da2d5ecdd01d372) C:\Program Files\Common Files\InstallShield Shared\Service\InstallShield Licensing Service.exe
01:02:42.0109 4072 InstallShield Licensing Service - ok
01:02:42.0140 4072 IntelIde (b5466a9250342a7aa0cd1fba13420678) C:\WINDOWS\System32\DRIVERS\intelide.sys
01:02:42.0140 4072 IntelIde - ok
01:02:42.0171 4072 intelppm (8c953733d8f36eb2133f5bb58808b66b) C:\WINDOWS\system32\DRIVERS\intelppm.sys
01:02:42.0171 4072 intelppm - ok
01:02:42.0203 4072 ip6fw (3bb22519a194418d5fec05d800a19ad0) C:\WINDOWS\system32\drivers\ip6fw.sys
01:02:42.0203 4072 ip6fw - ok
01:02:42.0250 4072 IpFilterDriver (731f22ba402ee4b62748adaf6363c182) C:\WINDOWS\system32\DRIVERS\ipfltdrv.sys
01:02:42.0250 4072 IpFilterDriver - ok
01:02:42.0281 4072 IpInIp (b87ab476dcf76e72010632b5550955f5) C:\WINDOWS\system32\DRIVERS\ipinip.sys
01:02:42.0281 4072 IpInIp - ok
01:02:42.0328 4072 IpNat (cc748ea12c6effde940ee98098bf96bb) C:\WINDOWS\system32\DRIVERS\ipnat.sys
01:02:42.0328 4072 IpNat - ok
01:02:42.0390 4072 IPSec (23c74d75e36e7158768dd63d92789a91) C:\WINDOWS\system32\DRIVERS\ipsec.sys
01:02:42.0390 4072 IPSec - ok
01:02:42.0421 4072 IPVNMon (f60af0f89204a9177d110e3b2bd9fa0b) C:\WINDOWS\system32\drivers\IPVNMon.sys
01:02:42.0421 4072 IPVNMon - ok
01:02:42.0453 4072 IRENUM (c93c9ff7b04d772627a3646d89f7bf89) C:\WINDOWS\system32\DRIVERS\irenum.sys
01:02:42.0453 4072 IRENUM - ok
01:02:42.0625 4072 IS360service (f5cf53d41f5a6b9d66b8c49c2de43064) D:\Program Files\IObit\IObit Security 360\IS360srv.exe
01:02:42.0640 4072 IS360service - ok
01:02:42.0687 4072 isapnp (05a299ec56e52649b1cf2fc52d20f2d7) C:\WINDOWS\system32\DRIVERS\isapnp.sys
01:02:42.0687 4072 isapnp - ok
01:02:42.0781 4072 JavaQuickStarterService (bae24ea8dbd5097f92e487b26b9f7f00) C:\Program Files\Java\jre6\bin\jqs.exe
01:02:42.0781 4072 JavaQuickStarterService - ok
01:02:42.0812 4072 Kbdclass (463c1ec80cd17420a542b7f36a36f128) C:\WINDOWS\system32\DRIVERS\kbdclass.sys
01:02:42.0812 4072 Kbdclass - ok
01:02:42.0859 4072 KL1 (186b54479d98e48aee0e9ada4b3c4d31) C:\WINDOWS\system32\DRIVERS\kl1.sys
01:02:42.0859 4072 KL1 - ok
01:02:42.0875 4072 kl2 (bf485bfba13c0ab116701fd9c55324d0) C:\WINDOWS\system32\DRIVERS\kl2.sys
01:02:42.0875 4072 kl2 - ok
01:02:42.0937 4072 KLIF (5d92a03045a6a98708975b3d77b39a36) C:\WINDOWS\system32\DRIVERS\klif.sys
01:02:42.0968 4072 KLIF - ok
01:02:43.0000 4072 klim5 (96a7ec308a93da26dfe481308baac2a2) C:\WINDOWS\system32\DRIVERS\klim5.sys
01:02:43.0000 4072 klim5 - ok
01:02:43.0031 4072 klmouflt (3959530f69e19da56f1f24f2c89f1e2c) C:\WINDOWS\system32\DRIVERS\klmouflt.sys
01:02:43.0031 4072 klmouflt - ok
01:02:43.0062 4072 kmixer (692bcf44383d056aed41b045a323d378) C:\WINDOWS\system32\drivers\kmixer.sys
01:02:43.0078 4072 kmixer - ok
01:02:43.0125 4072 KSecDD (b467646c54cc746128904e1654c750c1) C:\WINDOWS\system32\drivers\KSecDD.sys
01:02:43.0125 4072 KSecDD - ok
01:02:43.0187 4072 lanmanserver (3a7c3cbe5d96b8ae96ce81f0b22fb527) C:\WINDOWS\System32\srvsvc.dll
01:02:43.0187 4072 lanmanserver - ok
01:02:43.0250 4072 lanmanworkstation (a8888a5327621856c0cec4e385f69309) C:\WINDOWS\System32\wkssvc.dll
01:02:43.0265 4072 lanmanworkstation - ok
01:02:43.0265 4072 lbrtfdc - ok
01:02:43.0328 4072 LmHosts (a7db739ae99a796d91580147e919cc59) C:\WINDOWS\System32\lmhsvc.dll
01:02:43.0328 4072 LmHosts - ok
01:02:43.0453 4072 MatSvc (ddf15a42e27e8efe27b18fd403151a86) C:\Program Files\Microsoft Fix it Center\Matsvc.exe
01:02:43.0468 4072 MatSvc - ok
01:02:43.0593 4072 McciServiceHost (eee1ea23c4777adb268a36196a631200) C:\Program Files\Common Files\Motive\McciServiceHost.exe
01:02:43.0609 4072 McciServiceHost - ok
01:02:43.0625 4072 MCSTRM - ok
01:02:43.0718 4072 Media Jukebox 14 Service (5ac6d44ccb8d5c4abac823eaa85d571d) C:\Program Files\J River\Media Jukebox 14\JRService.exe
01:02:43.0734 4072 Media Jukebox 14 Service - ok
01:02:43.0765 4072 Messenger (986b1ff5814366d71e0ac5755c88f2d3) C:\WINDOWS\System32\msgsvc.dll
01:02:43.0781 4072 Messenger - ok
01:02:43.0828 4072 mnmdd (4ae068242760a1fb6e1a44bf4e16afa6) C:\WINDOWS\system32\drivers\mnmdd.sys
01:02:43.0828 4072 mnmdd - ok
01:02:43.0859 4072 mnmsrvc (d18f1f0c101d06a1c1adf26eed16fcdd) C:\WINDOWS\System32\mnmsrvc.exe
01:02:43.0859 4072 mnmsrvc - ok
01:02:43.0906 4072 Modem (dfcbad3cec1c5f964962ae10e0bcc8e1) C:\WINDOWS\system32\drivers\Modem.sys
01:02:43.0906 4072 Modem - ok
01:02:43.0984 4072 MODEMCSA (1992e0d143b09653ab0f9c5e04b0fd65) C:\WINDOWS\system32\drivers\MODEMCSA.sys
01:02:43.0984 4072 MODEMCSA - ok
01:02:44.0000 4072 Mouclass (35c9e97194c8cfb8430125f8dbc34d04) C:\WINDOWS\system32\DRIVERS\mouclass.sys
01:02:44.0000 4072 Mouclass - ok
01:02:44.0078 4072 mouhid (b1c303e17fb9d46e87a98e4ba6769685) C:\WINDOWS\system32\DRIVERS\mouhid.sys
01:02:44.0078 4072 mouhid - ok
01:02:44.0125 4072 MountMgr (a80b9a0bad1b73637dbcbba7df72d3fd) C:\WINDOWS\system32\drivers\MountMgr.sys
01:02:44.0125 4072 MountMgr - ok
01:02:44.0187 4072 MozillaMaintenance (96aa8ba23142cc8e2b30f3cae0c80254) C:\Program Files\Mozilla Maintenance Service\maintenanceservice.exe
01:02:44.0187 4072 MozillaMaintenance - ok
01:02:44.0250 4072 mraid35x (3f4bb95e5a44f3be34824e8e7caf0737) C:\WINDOWS\System32\DRIVERS\mraid35x.sys
01:02:44.0250 4072 mraid35x - ok
01:02:44.0375 4072 MREMP50 (9bd4dcb5412921864a7aacdedfbd1923) C:\PROGRA~1\COMMON~1\Motive\MREMP50.SYS
01:02:44.0375 4072 MREMP50 - ok
01:02:44.0390 4072 MREMPR5 - ok
01:02:44.0390 4072 MRENDIS5 - ok
01:02:44.0453 4072 MRESP50 (07c02c892e8e1a72d6bf35004f0e9c5e) C:\PROGRA~1\COMMON~1\Motive\MRESP50.SYS
01:02:44.0453 4072 MRESP50 - ok
01:02:44.0484 4072 MRxDAV (11d42bb6206f33fbb3ba0288d3ef81bd) C:\WINDOWS\system32\DRIVERS\mrxdav.sys
01:02:44.0500 4072 MRxDAV - ok
01:02:44.0578 4072 MRxSmb (0ea4d8ed179b75f8afa7998ba22285ca) C:\WINDOWS\system32\DRIVERS\mrxsmb.sys
01:02:44.0640 4072 MRxSmb - ok
01:02:44.0703 4072 MSDTC (a137f1470499a205abbb9aafb3b6f2b1) C:\WINDOWS\System32\msdtc.exe
01:02:44.0703 4072 MSDTC - ok
01:02:44.0781 4072 Msfs (c941ea2454ba8350021d774daf0f1027) C:\WINDOWS\system32\drivers\Msfs.sys
01:02:44.0781 4072 Msfs - ok
01:02:44.0796 4072 MSIServer - ok
01:02:44.0828 4072 MSKSSRV (d1575e71568f4d9e14ca56b7b0453bf1) C:\WINDOWS\system32\drivers\MSKSSRV.sys
01:02:44.0843 4072 MSKSSRV - ok
01:02:44.0859 4072 MSPCLOCK (325bb26842fc7ccc1fcce2c457317f3e) C:\WINDOWS\system32\drivers\MSPCLOCK.sys
01:02:44.0859 4072 MSPCLOCK - ok
01:02:44.0921 4072 MSPQM (bad59648ba099da4a17680b39730cb3d) C:\WINDOWS\system32\drivers\MSPQM.sys
01:02:44.0921 4072 MSPQM - ok
01:02:44.0984 4072 mssmbios (af5f4f3f14a8ea2c26de30f7a1e17136) C:\WINDOWS\system32\DRIVERS\mssmbios.sys
01:02:44.0984 4072 mssmbios - ok
01:02:45.0015 4072 MSTEE (e53736a9e30c45fa9e7b5eac55056d1d) C:\WINDOWS\system32\drivers\MSTEE.sys
01:02:45.0015 4072 MSTEE - ok
01:02:45.0109 4072 Mup (2f625d11385b1a94360bfc70aaefdee1) C:\WINDOWS\system32\drivers\Mup.sys
01:02:45.0109 4072 Mup - ok
01:02:45.0140 4072 NABTSFEC (5b50f1b2a2ed47d560577b221da734db) C:\WINDOWS\system32\DRIVERS\NABTSFEC.sys
01:02:45.0156 4072 NABTSFEC - ok
01:02:45.0328 4072 napagent (0102140028fad045756796e1c685d695) C:\WINDOWS\System32\qagentrt.dll
01:02:45.0343 4072 napagent - ok
01:02:45.0421 4072 NDIS (1df7f42665c94b825322fae71721130d) C:\WINDOWS\system32\drivers\NDIS.sys
01:02:45.0437 4072 NDIS - ok
01:02:45.0468 4072 NdisIP (7ff1f1fd8609c149aa432f95a8163d97) C:\WINDOWS\system32\DRIVERS\NdisIP.sys
01:02:45.0484 4072 NdisIP - ok
01:02:45.0500 4072 NdisTapi (1ab3d00c991ab086e69db84b6c0ed78f) C:\WINDOWS\system32\DRIVERS\ndistapi.sys
01:02:45.0515 4072 NdisTapi - ok
01:02:45.0546 4072 Ndisuio (f927a4434c5028758a842943ef1a3849) C:\WINDOWS\system32\DRIVERS\ndisuio.sys
01:02:45.0546 4072 Ndisuio - ok
01:02:45.0875 4072 NdisWan (edc1531a49c80614b2cfda43ca8659ab) C:\WINDOWS\system32\DRIVERS\ndiswan.sys
01:02:45.0875 4072 NdisWan - ok
01:02:46.0000 4072 NDProxy (9282bd12dfb069d3889eb3fcc1000a9b) C:\WINDOWS\system32\drivers\NDProxy.sys
01:02:46.0000 4072 NDProxy - ok
01:02:46.0031 4072 Net Driver HPZ12 (2969d26eee289be7422aa46fc55f4e38) C:\WINDOWS\system32\HPZinw12.dll
01:02:46.0031 4072 Net Driver HPZ12 - ok
01:02:46.0062 4072 NetBIOS (5d81cf9a2f1a3a756b66cf684911cdf0) C:\WINDOWS\system32\DRIVERS\netbios.sys
01:02:46.0062 4072 NetBIOS - ok
01:02:46.0093 4072 NetBT (74b2b2f5bea5e9a3dc021d685551bd3d) C:\WINDOWS\system32\DRIVERS\netbt.sys
01:02:46.0093 4072 NetBT - ok
01:02:46.0140 4072 NetDDE (b857ba82860d7ff85ae29b095645563b) C:\WINDOWS\system32\netdde.exe
01:02:46.0156 4072 NetDDE - ok
01:02:46.0156 4072 NetDDEdsdm (b857ba82860d7ff85ae29b095645563b) C:\WINDOWS\system32\netdde.exe
01:02:46.0171 4072 NetDDEdsdm - ok
01:02:46.0203 4072 Netlogon (bf2466b3e18e970d8a976fb95fc1ca85) C:\WINDOWS\System32\lsass.exe
01:02:46.0203 4072 Netlogon - ok
01:02:46.0265 4072 Netman (13e67b55b3abd7bf3fe7aae5a0f9a9de) C:\WINDOWS\System32\netman.dll
01:02:46.0281 4072 Netman - ok
01:02:46.0453 4072 NetSvc (737351f39fef765234037770abdd72bd) C:\Program Files\Intel\NCS\Sync\NetSvc.exe
01:02:46.0453 4072 NetSvc - ok
01:02:46.0562 4072 NetTcpPortSharing (d34612c5d02d026535b3095d620626ae) C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe
01:02:46.0562 4072 NetTcpPortSharing - ok
01:02:46.0625 4072 Nla (943337d786a56729263071623bbb9de5) C:\WINDOWS\System32\mswsock.dll
01:02:46.0625 4072 Nla - ok
01:02:46.0671 4072 Npfs (3182d64ae053d6fb034f44b6def8034a) C:\WINDOWS\system32\drivers\Npfs.sys
01:02:46.0671 4072 Npfs - ok
01:02:46.0718 4072 Ntfs (78a08dd6a8d65e697c18e1db01c5cdca) C:\WINDOWS\system32\drivers\Ntfs.sys
01:02:46.0750 4072 Ntfs - ok
01:02:46.0796 4072 NtLmSsp (bf2466b3e18e970d8a976fb95fc1ca85) C:\WINDOWS\System32\lsass.exe
01:02:46.0796 4072 NtLmSsp - ok
01:02:46.0875 4072 NtmsSvc (156f64a3345bd23c600655fb4d10bc08) C:\WINDOWS\system32\ntmssvc.dll
01:02:46.0890 4072 NtmsSvc - ok
01:02:46.0968 4072 Null (73c1e1f395918bc2c6dd67af7591a3ad) C:\WINDOWS\system32\drivers\Null.sys
01:02:46.0968 4072 Null - ok
01:02:47.0125 4072 nv (2b298519edbfcf451d43e0f1e8f1006d) C:\WINDOWS\system32\DRIVERS\nv4_mini.sys
01:02:47.0203 4072 nv - ok
01:02:47.0359 4072 NwlnkFlt (b305f3fad35083837ef46a0bbce2fc57) C:\WINDOWS\system32\DRIVERS\nwlnkflt.sys
01:02:47.0359 4072 NwlnkFlt - ok
01:02:47.0390 4072 NwlnkFwd (c99b3415198d1aab7227f2c88fd664b9) C:\WINDOWS\system32\DRIVERS\nwlnkfwd.sys
01:02:47.0406 4072 NwlnkFwd - ok
01:02:47.0484 4072 omci (53d5f1278d9edb21689bbbcecc09108d) C:\WINDOWS\system32\DRIVERS\omci.sys
01:02:47.0484 4072 omci - ok
01:02:47.0531 4072 P3 (c90018bafdc7098619a4a95b046b30f3) C:\WINDOWS\system32\DRIVERS\p3.sys
01:02:47.0531 4072 P3 - ok
01:02:47.0546 4072 Parport (5575faf8f97ce5e713d108c2a58d7c7c) C:\WINDOWS\system32\DRIVERS\parport.sys
01:02:47.0546 4072 Parport - ok
01:02:47.0578 4072 PartMgr (beb3ba25197665d82ec7065b724171c6) C:\WINDOWS\system32\drivers\PartMgr.sys
01:02:47.0578 4072 PartMgr - ok
01:02:47.0640 4072 ParVdm (70e98b3fd8e963a6a46a2e6247e0bea1) C:\WINDOWS\system32\drivers\ParVdm.sys
01:02:47.0640 4072 ParVdm - ok
01:02:47.0812 4072 pcCMService (bae04007a679893e975a2b75e9e001e9) C:\Program Files\Common Files\Motive\pcCMService.exe
01:02:47.0828 4072 pcCMService - ok
01:02:47.0859 4072 PCI (a219903ccf74233761d92bef471a07b1) C:\WINDOWS\system32\DRIVERS\pci.sys
01:02:47.0859 4072 PCI - ok
01:02:47.0875 4072 PCIDump - ok
01:02:47.0921 4072 PCIIde (ccf5f451bb1a5a2a522a76e670000ff0) C:\WINDOWS\system32\DRIVERS\pciide.sys
01:02:47.0921 4072 PCIIde - ok
01:02:47.0984 4072 Pcmcia (9e89ef60e9ee05e3f2eef2da7397f1c1) C:\WINDOWS\system32\drivers\Pcmcia.sys
01:02:47.0984 4072 Pcmcia - ok
01:02:48.0000 4072 Pcouffin - ok
01:02:48.0078 4072 pcServiceHost (a792405e6c84c3debc02b1cf29a928f0) C:\Program Files\Common Files\Motive\pcServiceHost.exe
01:02:48.0078 4072 pcServiceHost - ok
01:02:48.0109 4072 PDCOMP - ok
01:02:48.0125 4072 PDFRAME - ok
01:02:48.0140 4072 PDRELI - ok
01:02:48.0156 4072 PDRFRAME - ok
01:02:48.0203 4072 perc2 (6c14b9c19ba84f73d3a86dba11133101) C:\WINDOWS\System32\DRIVERS\perc2.sys
01:02:48.0203 4072 perc2 - ok
01:02:48.0281 4072 perc2hib (f50f7c27f131afe7beba13e14a3b9416) C:\WINDOWS\System32\DRIVERS\perc2hib.sys
01:02:48.0281 4072 perc2hib - ok
01:02:48.0343 4072 PfModNT (c8a2d6ff660ac601b7bb9a9b16a5c25e) C:\WINDOWS\system32\drivers\PfModNT.sys
01:02:48.0343 4072 PfModNT - ok
01:02:48.0421 4072 PlugPlay (65df52f5b8b6e9bbd183505225c37315) C:\WINDOWS\system32\services.exe
01:02:48.0421 4072 PlugPlay - ok
01:02:48.0453 4072 Pml Driver HPZ12 (bafc9706bdf425a02b66468ab2605c59) C:\WINDOWS\system32\HPZipm12.dll
01:02:48.0453 4072 Pml Driver HPZ12 - ok
01:02:48.0500 4072 PolicyAgent (bf2466b3e18e970d8a976fb95fc1ca85) C:\WINDOWS\system32\lsass.exe
01:02:48.0500 4072 PolicyAgent - ok
01:02:48.0531 4072 PptpMiniport (efeec01b1d3cf84f16ddd24d9d9d8f99) C:\WINDOWS\system32\DRIVERS\raspptp.sys
01:02:48.0546 4072 PptpMiniport - ok
01:02:48.0562 4072 Processor (a32bebaf723557681bfc6bd93e98bd26) C:\WINDOWS\system32\DRIVERS\processr.sys
01:02:48.0562 4072 Processor - ok
01:02:48.0578 4072 ProtectedStorage (bf2466b3e18e970d8a976fb95fc1ca85) C:\WINDOWS\system32\lsass.exe
01:02:48.0578 4072 ProtectedStorage - ok
01:02:48.0609 4072 PSched (09298ec810b07e5d582cb3a3f9255424) C:\WINDOWS\system32\DRIVERS\psched.sys
01:02:48.0609 4072 PSched - ok
01:02:48.0656 4072 PSI (d24dfd16a1e2a76034df5aa18125c35d) C:\WINDOWS\system32\DRIVERS\psi_mf.sys
01:02:48.0656 4072 PSI - ok
01:02:48.0718 4072 Ptilink (80d317bd1c3dbc5d4fe7b1678c60cadd) C:\WINDOWS\system32\DRIVERS\ptilink.sys
01:02:48.0718 4072 Ptilink - ok
01:02:48.0765 4072 PxHelp20 (feffcfdc528764a04c8ed63d5fa6e711) C:\WINDOWS\system32\DRIVERS\PxHelp20.sys
01:02:48.0765 4072 PxHelp20 - ok
01:02:48.0796 4072 QCDonner (fddd1aeb9f81ef1e6e48ae1edc2a97d6) C:\WINDOWS\system32\DRIVERS\OVCD.sys
01:02:48.0796 4072 QCDonner - ok
01:02:48.0859 4072 ql1080 (0a63fb54039eb5662433caba3b26dba7) C:\WINDOWS\System32\DRIVERS\ql1080.sys
01:02:48.0859 4072 ql1080 - ok
01:02:48.0875 4072 Ql10wnt (6503449e1d43a0ff0201ad5cb1b8c706) C:\WINDOWS\System32\DRIVERS\ql10wnt.sys
01:02:48.0890 4072 Ql10wnt - ok
01:02:48.0906 4072 ql12160 (156ed0ef20c15114ca097a34a30d8a01) C:\WINDOWS\System32\DRIVERS\ql12160.sys
01:02:48.0921 4072 ql12160 - ok
01:02:48.0937 4072 ql1240 (70f016bebde6d29e864c1230a07cc5e6) C:\WINDOWS\System32\DRIVERS\ql1240.sys
01:02:48.0937 4072 ql1240 - ok
01:02:48.0953 4072 ql1280 (907f0aeea6bc451011611e732bd31fcf) C:\WINDOWS\System32\DRIVERS\ql1280.sys
01:02:48.0968 4072 ql1280 - ok
01:02:49.0015 4072 RasAcd (fe0d99d6f31e4fad8159f690d68ded9c) C:\WINDOWS\system32\DRIVERS\rasacd.sys
01:02:49.0015 4072 RasAcd - ok
01:02:49.0062 4072 RasAuto (ad188be7bdf94e8df4ca0a55c00a5073) C:\WINDOWS\System32\rasauto.dll
01:02:49.0062 4072 RasAuto - ok
01:02:49.0078 4072 Rasl2tp (11b4a627bc9614b885c4969bfa5ff8a6) C:\WINDOWS\system32\DRIVERS\rasl2tp.sys
01:02:49.0093 4072 Rasl2tp - ok
01:02:49.0140 4072 RasMan (76a9a3cbeadd68cc57cda5e1d7448235) C:\WINDOWS\System32\rasmans.dll
01:02:49.0156 4072 RasMan - ok
01:02:49.0187 4072 RasPppoe (5bc962f2654137c9909c3d4603587dee) C:\WINDOWS\system32\DRIVERS\raspppoe.sys
01:02:49.0187 4072 RasPppoe - ok
01:02:49.0203 4072 Raspti (fdbb1d60066fcfbb7452fd8f9829b242) C:\WINDOWS\system32\DRIVERS\raspti.sys
01:02:49.0203 4072 Raspti - ok
01:02:49.0234 4072 Rdbss (7ad224ad1a1437fe28d89cf22b17780a) C:\WINDOWS\system32\DRIVERS\rdbss.sys
01:02:49.0234 4072 Rdbss - ok
01:02:49.0250 4072 RDPCDD (4912d5b403614ce99c28420f75353332) C:\WINDOWS\system32\DRIVERS\RDPCDD.sys
01:02:49.0250 4072 RDPCDD - ok
01:02:49.0312 4072 rdpdr (15cabd0f7c00c47c70124907916af3f1) C:\WINDOWS\system32\DRIVERS\rdpdr.sys
01:02:49.0312 4072 rdpdr - ok
01:02:49.0406 4072 RDPWD (6728e45b66f93c08f11de2e316fc70dd) C:\WINDOWS\system32\drivers\RDPWD.sys
01:02:49.0421 4072 RDPWD - ok
01:02:49.0437 4072 RDSessMgr (3c37bf86641bda977c3bf8a840f3b7fa) C:\WINDOWS\system32\sessmgr.exe
01:02:49.0453 4072 RDSessMgr - ok
01:02:49.0468 4072 redbook (f828dd7e1419b6653894a8f97a0094c5) C:\WINDOWS\system32\DRIVERS\redbook.sys
01:02:49.0468 4072 redbook - ok
01:02:49.0531 4072 RemoteAccess (7e699ff5f59b5d9de5390e3c34c67cf5) C:\WINDOWS\System32\mprdim.dll
01:02:49.0531 4072 RemoteAccess - ok
01:02:49.0578 4072 RichVideo - ok
01:02:49.0625 4072 RpcLocator (aaed593f84afa419bbae8572af87cf6a) C:\WINDOWS\System32\locator.exe
01:02:49.0625 4072 RpcLocator - ok
01:02:49.0687 4072 RpcSs (6b27a5c03dfb94b4245739065431322c) C:\WINDOWS\system32\rpcss.dll
01:02:49.0703 4072 RpcSs - ok
01:02:49.0765 4072 RSVP (471b3f9741d762abe75e9deea4787e47) C:\WINDOWS\System32\rsvp.exe
01:02:49.0765 4072 RSVP - ok
01:02:49.0812 4072 SamSs (bf2466b3e18e970d8a976fb95fc1ca85) C:\WINDOWS\system32\lsass.exe
01:02:49.0812 4072 SamSs - ok
01:02:49.0875 4072 SASDIFSV (39763504067962108505bff25f024345) C:\Program Files\SUPERAntiSpyware\SASDIFSV.SYS
01:02:49.0875 4072 SASDIFSV - ok
01:02:49.0906 4072 SASKUTIL (77b9fc20084b48408ad3e87570eb4a85) C:\Program Files\SUPERAntiSpyware\SASKUTIL.SYS
01:02:49.0906 4072 SASKUTIL - ok
01:02:49.0937 4072 SCardSvr (86d007e7a654b9a71d1d7d856b104353) C:\WINDOWS\System32\SCardSvr.exe
01:02:49.0937 4072 SCardSvr - ok
01:02:49.0984 4072 Schedule (0a9a7365a1ca4319aa7c1d6cd8e4eafa) C:\WINDOWS\system32\schedsvc.dll
01:02:49.0984 4072 Schedule - ok
01:02:50.0062 4072 Secdrv (90a3935d05b494a5a39d37e71f09a677) C:\WINDOWS\system32\DRIVERS\secdrv.sys
01:02:50.0062 4072 Secdrv - ok
01:02:50.0109 4072 seclogon (cbe612e2bb6a10e3563336191eda1250) C:\WINDOWS\System32\seclogon.dll
01:02:50.0109 4072 seclogon - ok
01:02:50.0203 4072 Secunia PSI Agent (230ecc65882a340b56782c361d4ae44d) C:\Program Files\Secunia\PSI\PSIA.exe
01:02:50.0234 4072 Secunia PSI Agent - ok
01:02:50.0281 4072 SENS (7fdd5d0684eca8c1f68b4d99d124dcd0) C:\WINDOWS\system32\sens.dll
01:02:50.0281 4072 SENS - ok
01:02:50.0296 4072 serenum (0f29512ccd6bead730039fb4bd2c85ce) C:\WINDOWS\system32\DRIVERS\serenum.sys
01:02:50.0296 4072 serenum - ok
01:02:50.0328 4072 Serial (cca207a8896d4c6a0c9ce29a4ae411a7) C:\WINDOWS\system32\DRIVERS\serial.sys
01:02:50.0328 4072 Serial - ok
01:02:50.0406 4072 Sfloppy (8e6b8c671615d126fdc553d1e2de5562) C:\WINDOWS\system32\drivers\Sfloppy.sys
01:02:50.0406 4072 Sfloppy - ok
01:02:50.0453 4072 SharedAccess (83f41d0d89645d7235c051ab1d9523ac) C:\WINDOWS\System32\ipnathlp.dll
01:02:50.0468 4072 SharedAccess - ok
01:02:50.0531 4072 ShellHWDetection (99bc0b50f511924348be19c7c7313bbf) C:\WINDOWS\System32\shsvcs.dll
01:02:50.0531 4072 ShellHWDetection - ok
01:02:50.0546 4072 Simbad - ok
01:02:50.0593 4072 sisagp (6b33d0ebd30db32e27d1d78fe946a754) C:\WINDOWS\System32\DRIVERS\sisagp.sys
01:02:50.0593 4072 sisagp - ok
01:02:50.0625 4072 SLIP (866d538ebe33709a5c9f5c62b73b7d14) C:\WINDOWS\system32\DRIVERS\SLIP.sys
01:02:50.0625 4072 SLIP - ok
01:02:50.0671 4072 SmartDefragDriver (972dea0d8149d73c5b7a2c97b2e749e3) C:\WINDOWS\system32\Drivers\SmartDefragDriver.sys
01:02:50.0671 4072 SmartDefragDriver - ok
01:02:50.0765 4072 smwdm (5018a9db5eb62e3edb3110f82f556285) C:\WINDOWS\system32\drivers\smwdm.sys
01:02:50.0781 4072 smwdm - ok
01:02:50.0812 4072 SNMP (60c377be6b3cc83f6a8584934b181d2e) C:\WINDOWS\System32\snmp.exe
01:02:50.0812 4072 SNMP - ok
01:02:50.0859 4072 SNMPTRAP (80a050795a107a76c2b1cd4cfbe010e6) C:\WINDOWS\System32\snmptrap.exe
01:02:50.0875 4072 SNMPTRAP - ok
01:02:50.0921 4072 Sparrow (83c0f71f86d3bdaf915685f3d568b20e) C:\WINDOWS\System32\DRIVERS\sparrow.sys
01:02:50.0921 4072 Sparrow - ok
01:02:50.0968 4072 splitter (ab8b92451ecb048a4d1de7c3ffcb4a9f) C:\WINDOWS\system32\drivers\splitter.sys
01:02:50.0968 4072 splitter - ok
01:02:51.0015 4072 Spooler (60784f891563fb1b767f70117fc2428f) C:\WINDOWS\system32\spoolsv.exe
01:02:51.0015 4072 Spooler - ok
01:02:51.0046 4072 sr (76bb022c2fb6902fd5bdd4f78fc13a5d) C:\WINDOWS\system32\DRIVERS\sr.sys
01:02:51.0046 4072 sr - ok
01:02:51.0093 4072 srservice (3805df0ac4296a34ba4bf93b346cc378) C:\WINDOWS\system32\srsvc.dll
01:02:51.0093 4072 srservice - ok
01:02:51.0156 4072 Srv (47ddfc2f003f7f9f0592c6874962a2e7) C:\WINDOWS\system32\DRIVERS\srv.sys
01:02:51.0171 4072 Srv - ok
01:02:51.0218 4072 SSDPSRV (0a5679b3714edab99e357057ee88fca6) C:\WINDOWS\System32\ssdpsrv.dll
01:02:51.0218 4072 SSDPSRV - ok
01:02:51.0281 4072 stisvc (8bad69cbac032d4bbacfce0306174c30) C:\WINDOWS\system32\wiaservc.dll
01:02:51.0296 4072 stisvc - ok
01:02:51.0390 4072 stllssvr - ok
01:02:51.0437 4072 streamip (77813007ba6265c4b6098187e6ed79d2) C:\WINDOWS\system32\DRIVERS\StreamIP.sys
01:02:51.0437 4072 streamip - ok
01:02:51.0468 4072 swenum (3941d127aef12e93addf6fe6ee027e0f) C:\WINDOWS\system32\DRIVERS\swenum.sys
01:02:51.0468 4072 swenum - ok
01:02:51.0484 4072 swmidi (8ce882bcc6cf8a62f2b2323d95cb3d01) C:\WINDOWS\system32\drivers\swmidi.sys
01:02:51.0484 4072 swmidi - ok
01:02:51.0500 4072 SwPrv - ok
01:02:51.0562 4072 symc810 (1ff3217614018630d0a6758630fc698c) C:\WINDOWS\System32\DRIVERS\symc810.sys
01:02:51.0562 4072 symc810 - ok
01:02:51.0578 4072 symc8xx (070e001d95cf725186ef8b20335f933c) C:\WINDOWS\System32\DRIVERS\symc8xx.sys
01:02:51.0578 4072 symc8xx - ok
01:02:51.0609 4072 sym_hi (80ac1c4abbe2df3b738bf15517a51f2c) C:\WINDOWS\System32\DRIVERS\sym_hi.sys
01:02:51.0609 4072 sym_hi - ok
01:02:51.0656 4072 sym_u3 (bf4fab949a382a8e105f46ebb4937058) C:\WINDOWS\System32\DRIVERS\sym_u3.sys
01:02:51.0656 4072 sym_u3 - ok
01:02:51.0687 4072 sysaudio (8b83f3ed0f1688b4958f77cd6d2bf290) C:\WINDOWS\system32\drivers\sysaudio.sys
01:02:51.0687 4072 sysaudio - ok
01:02:51.0734 4072 SysmonLog (c7abbc59b43274b1109df6b24d617051) C:\WINDOWS\system32\smlogsvc.exe
01:02:51.0734 4072 SysmonLog - ok
01:02:51.0765 4072 TapiSrv (3cb78c17bb664637787c9a1c98f79c38) C:\WINDOWS\System32\tapisrv.dll
01:02:51.0781 4072 TapiSrv - ok
01:02:51.0843 4072 Tcpip (9aefa14bd6b182d61e3119fa5f436d3d) C:\WINDOWS\system32\DRIVERS\tcpip.sys
01:02:51.0859 4072 Tcpip - ok
01:02:51.0890 4072 TDPIPE (6471a66807f5e104e4885f5b67349397) C:\WINDOWS\system32\drivers\TDPIPE.sys
01:02:51.0890 4072 TDPIPE - ok
01:02:51.0921 4072 TDTCP (c56b6d0402371cf3700eb322ef3aaf61) C:\WINDOWS\system32\drivers\TDTCP.sys
01:02:51.0921 4072 TDTCP - ok
01:02:51.0953 4072 TermDD (88155247177638048422893737429d9e) C:\WINDOWS\system32\DRIVERS\termdd.sys
01:02:51.0953 4072 TermDD - ok
01:02:52.0000 4072 TermService (ff3477c03be7201c294c35f684b3479f) C:\WINDOWS\System32\termsrv.dll
01:02:52.0015 4072 TermService - ok
01:02:52.0078 4072 Themes (99bc0b50f511924348be19c7c7313bbf) C:\WINDOWS\System32\shsvcs.dll
01:02:52.0078 4072 Themes - ok
01:02:52.0140 4072 TosIde (f2790f6af01321b172aa62f8e1e187d9) C:\WINDOWS\System32\DRIVERS\toside.sys
01:02:52.0140 4072 TosIde - ok
01:02:52.0281 4072 TQKSVI - ok
01:02:52.0328 4072 TrkWks (55bca12f7f523d35ca3cb833c725f54e) C:\WINDOWS\system32\trkwks.dll
01:02:52.0328 4072 TrkWks - ok
01:02:52.0390 4072 Udfs (5787b80c2e3c5e2f56c2a233d91fa2c9) C:\WINDOWS\system32\drivers\Udfs.sys
01:02:52.0390 4072 Udfs - ok
01:02:52.0437 4072 ultra (1b698a51cd528d8da4ffaed66dfc51b9) C:\WINDOWS\System32\DRIVERS\ultra.sys
01:02:52.0453 4072 ultra - ok
01:02:52.0500 4072 Update (402ddc88356b1bac0ee3dd1580c76a31) C:\WINDOWS\system32\DRIVERS\update.sys
01:02:52.0515 4072 Update - ok
01:02:52.0562 4072 upnphost (1ebafeb9a3fbdc41b8d9c7f0f687ad91) C:\WINDOWS\System32\upnphost.dll
01:02:52.0562 4072 upnphost - ok
01:02:52.0593 4072 UPS (05365fb38fca1e98f7a566aaaf5d1815) C:\WINDOWS\System32\ups.exe
01:02:52.0609 4072 UPS - ok
01:02:52.0640 4072 usbccgp (173f317ce0db8e21322e71b7e60a27e8) C:\WINDOWS\system32\DRIVERS\usbccgp.sys
01:02:52.0640 4072 usbccgp - ok
01:02:52.0687 4072 usbehci (65dcf09d0e37d4c6b11b5b0b76d470a7) C:\WINDOWS\system32\DRIVERS\usbehci.sys
01:02:52.0687 4072 usbehci - ok
01:02:52.0718 4072 usbhub (1ab3cdde553b6e064d2e754efe20285c) C:\WINDOWS\system32\DRIVERS\usbhub.sys
01:02:52.0734 4072 usbhub - ok
01:02:52.0750 4072 usbprint (a717c8721046828520c9edf31288fc00) C:\WINDOWS\system32\DRIVERS\usbprint.sys
01:02:52.0750 4072 usbprint - ok
01:02:52.0796 4072 usbscan (a0b8cf9deb1184fbdd20784a58fa75d4) C:\WINDOWS\system32\DRIVERS\usbscan.sys
01:02:52.0796 4072 usbscan - ok
01:02:52.0828 4072 USBSTOR (a32426d9b14a089eaa1d922e0c5801a9) C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS
01:02:52.0828 4072 USBSTOR - ok
01:02:52.0859 4072 usbuhci (26496f9dee2d787fc3e61ad54821ffe6) C:\WINDOWS\system32\DRIVERS\usbuhci.sys
01:02:52.0859 4072 usbuhci - ok
01:02:52.0906 4072 VgaSave (0d3a8fafceacd8b7625cd549757a7df1) C:\WINDOWS\System32\drivers\vga.sys
01:02:52.0906 4072 VgaSave - ok
01:02:52.0953 4072 viaagp (754292ce5848b3738281b4f3607eaef4) C:\WINDOWS\System32\DRIVERS\viaagp.sys
01:02:52.0953 4072 viaagp - ok
01:02:52.0968 4072 ViaIde (3b3efcda263b8ac14fdf9cbdd0791b2e) C:\WINDOWS\System32\DRIVERS\viaide.sys
01:02:52.0968 4072 ViaIde - ok
01:02:53.0000 4072 VolSnap (4c8fcb5cc53aab716d810740fe59d025) C:\WINDOWS\system32\drivers\VolSnap.sys
01:02:53.0000 4072 VolSnap - ok
01:02:53.0046 4072 VSS (7a9db3a67c333bf0bd42e42b8596854b) C:\WINDOWS\System32\vssvc.exe
01:02:53.0078 4072 VSS - ok
01:02:53.0109 4072 w32time (54af4b1d5459500ef0937f6d33b1914f) C:\WINDOWS\system32\w32time.dll
01:02:53.0125 4072 w32time - ok
01:02:53.0156 4072 Wanarp (e20b95baedb550f32dd489265c1da1f6) C:\WINDOWS\system32\DRIVERS\wanarp.sys
01:02:53.0156 4072 Wanarp - ok
01:02:53.0187 4072 wanatw (0a716c08cb13c3a8f4f51e882dbf7416) C:\WINDOWS\system32\DRIVERS\wanatw4.sys
01:02:53.0203 4072 wanatw - ok
01:02:53.0234 4072 WANMiniportService (c46e81185f164c17dbfbd71d234beb00) C:\WINDOWS\wanmpsvc.exe
01:02:55.0640 4072 WANMiniportService - ok
01:02:55.0656 4072 WDICA - ok
01:02:55.0687 4072 wdmaud (6768acf64b18196494413695f0c3a00f) C:\WINDOWS\system32\drivers\wdmaud.sys
01:02:55.0703 4072 wdmaud - ok
01:02:55.0734 4072 WebClient (77a354e28153ad2d5e120a5a8687bc06) C:\WINDOWS\System32\webclnt.dll
01:02:55.0750 4072 WebClient - ok
01:02:55.0875 4072 WinDefend (f45dd1e1365d857dd08bc23563370d0e) C:\Program Files\Windows Defender\MsMpEng.exe
01:02:55.0875 4072 WinDefend - ok
01:02:55.0968 4072 winmgmt (2d0e4ed081963804ccc196a0929275b5) C:\WINDOWS\system32\wbem\WMIsvc.dll
01:02:55.0968 4072 winmgmt - ok
01:02:56.0046 4072 wmamp3DriverV32 (2504a70cc2ee4141edea21117dd3500f) C:\WINDOWS\system32\drivers\wmamp3DriverV32.sys
01:02:56.0062 4072 wmamp3DriverV32 - ok
01:02:56.0093 4072 WmdmPmSN (051b1bdecd6dee18c771b5d5ec7f044d) C:\WINDOWS\system32\MsPMSNSv.dll
01:02:56.0093 4072 WmdmPmSN - ok
01:02:56.0156 4072 WmiApSrv (e0673f1106e62a68d2257e376079f821) C:\WINDOWS\System32\wbem\wmiapsrv.exe
01:02:56.0156 4072 WmiApSrv - ok
01:02:56.0296 4072 WMPNetworkSvc (6bab4dc65515a098505f8b3d01fb6fe5) C:\Program Files\Windows Media Player\WMPNetwk.exe
01:02:56.0328 4072 WMPNetworkSvc - ok
01:02:56.0437 4072 WpdUsb (c60dc16d4e406810fad54b98dc92d5ec) C:\WINDOWS\system32\DRIVERS\wpdusb.sys
01:02:56.0437 4072 WpdUsb - ok
01:02:56.0500 4072 WS2IFSL (6abe6e225adb5a751622a9cc3bc19ce8) C:\WINDOWS\System32\drivers\ws2ifsl.sys
01:02:56.0500 4072 WS2IFSL - ok
01:02:56.0531 4072 WsAudio_DeviceS(1) (4160cbe59d9b5be22e4c3897e8db9d56) C:\WINDOWS\system32\drivers\WsAudio_DeviceS(1).sys
01:02:56.0531 4072 WsAudio_DeviceS(1) - ok
01:02:56.0546 4072 WsAudio_DeviceS(2) (4160cbe59d9b5be22e4c3897e8db9d56) C:\WINDOWS\system32\drivers\WsAudio_DeviceS(2).sys
01:02:56.0562 4072 WsAudio_DeviceS(2) - ok
01:02:56.0593 4072 WsAudio_DeviceS(3) (4160cbe59d9b5be22e4c3897e8db9d56) C:\WINDOWS\system32\drivers\WsAudio_DeviceS(3).sys
01:02:56.0593 4072 WsAudio_DeviceS(3) - ok
01:02:56.0625 4072 WsAudio_DeviceS(4) (4160cbe59d9b5be22e4c3897e8db9d56) C:\WINDOWS\system32\drivers\WsAudio_DeviceS(4).sys
01:02:56.0625 4072 WsAudio_DeviceS(4) - ok
01:02:56.0656 4072 WsAudio_DeviceS(5) (4160cbe59d9b5be22e4c3897e8db9d56) C:\WINDOWS\system32\drivers\WsAudio_DeviceS(5).sys
01:02:56.0656 4072 WsAudio_DeviceS(5) - ok
01:02:56.0703 4072 wscsvc (7c278e6408d1dce642230c0585a854d5) C:\WINDOWS\system32\wscsvc.dll
01:02:56.0703 4072 wscsvc - ok
01:02:56.0750 4072 WSTCODEC (c98b39829c2bbd34e454150633c62c78) C:\WINDOWS\system32\DRIVERS\WSTCODEC.SYS
01:02:56.0750 4072 WSTCODEC - ok
01:02:56.0781 4072 wuauserv (35321fb577cdc98ce3eb3a3eb9e4610a) C:\WINDOWS\system32\wuauserv.dll
01:02:56.0781 4072 wuauserv - ok
01:02:56.0812 4072 WudfPf (f15feafffbb3644ccc80c5da584e6311) C:\WINDOWS\system32\DRIVERS\WudfPf.sys
01:02:56.0828 4072 WudfPf - ok
01:02:56.0843 4072 WudfRd (28b524262bce6de1f7ef9f510ba3985b) C:\WINDOWS\system32\DRIVERS\wudfrd.sys
01:02:56.0843 4072 WudfRd - ok
01:02:56.0875 4072 WudfSvc (05231c04253c5bc30b26cbaae680ed89) C:\WINDOWS\System32\WUDFSvc.dll
01:02:56.0875 4072 WudfSvc - ok
01:02:56.0953 4072 WZCSVC (81dc3f549f44b1c1fff022dec9ecf30b) C:\WINDOWS\System32\wzcsvc.dll
01:02:57.0000 4072 WZCSVC - ok
01:02:57.0046 4072 xmlprov (295d21f14c335b53cb8154e5b1f892b9) C:\WINDOWS\System32\xmlprov.dll
01:02:57.0046 4072 xmlprov - ok
01:02:57.0109 4072 {6080A529-897E-4629-A488-ABA0C29B635E} (fd1f4e9cf06c71c8d73a24acf18d8296) C:\WINDOWS\system32\drivers\ialmsbw.sys
01:02:57.0109 4072 {6080A529-897E-4629-A488-ABA0C29B635E} - ok
01:02:57.0156 4072 {D31A0762-0CEB-444e-ACFF-B049A1F6FE91} (d4d7331d33d1fa73e588e5ce0d90a4c1) C:\WINDOWS\system32\drivers\ialmkchw.sys
01:02:57.0156 4072 {D31A0762-0CEB-444e-ACFF-B049A1F6FE91} - ok
01:02:57.0187 4072 MBR (0x1B8) (8f558eb6672622401da993e1e865c861) \Device\Harddisk0\DR0
01:02:57.0703 4072 \Device\Harddisk0\DR0 - ok
01:02:57.0734 4072 MBR (0x1B8) (8f558eb6672622401da993e1e865c861) \Device\Harddisk1\DR1
01:02:57.0890 4072 \Device\Harddisk1\DR1 - ok
01:02:57.0921 4072 MBR (0x1B8) (8f558eb6672622401da993e1e865c861) \Device\Harddisk2\DR6
01:02:57.0937 4072 \Device\Harddisk2\DR6 - ok
01:02:57.0968 4072 Boot (0x1200) (64dee8aac61cfb079cdf691352e21c4f) \Device\Harddisk0\DR0\Partition0
01:02:57.0968 4072 \Device\Harddisk0\DR0\Partition0 - ok
01:02:57.0968 4072 Boot (0x1200) (37dc99628ad3db6b02eaf57b4494fd9b) \Device\Harddisk1\DR1\Partition0
01:02:57.0984 4072 \Device\Harddisk1\DR1\Partition0 - ok
01:02:57.0984 4072 Boot (0x1200) (181efc0222b36b24131684e8f807451d) \Device\Harddisk2\DR6\Partition0
01:02:57.0984 4072 \Device\Harddisk2\DR6\Partition0 - ok
01:02:58.0000 4072 ============================================================
01:02:58.0000 4072 Scan finished
01:02:58.0000 4072 ============================================================
01:02:58.0015 0904 Detected object count: 0
01:02:58.0015 0904 Actual detected object count: 0
01:03:02.0265 0208 Deinitialize success

Hello

Ok lets try this, I want you to run combofix in safe mode but it is very important that when combofix reboots the computer for you to direct it back into safe mode so it can finish the scan.

Boot into Safe Mode

Reboot your computer in Safe Mode.

• If the computer is running, shut down Windows, and then turn off the power.
• Wait 30 seconds, and then turn the computer on.
• Start tapping the F8 key. The Windows Advanced Options Menu appears. If you begin tapping the F8 key too soon, some computers display a "keyboard error" message. To resolve this, restart the computer and try again.
• Ensure that the Safe Mode option is selected.
• Press Enter. The computer then begins to start in Safe mode.
• Login on your usual account.

after combofix has finished its scan please post the report back here.

Gringo

ComboFix 12-07-02.01 - charles 07/04/2012 13:29:18.2.1 - x86 MINIMAL
Running from: c:\documents and settings\charles\Desktop\ComboFix2.exe
* Created a new restore point
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
---- Previous Run -------
.
c:\documents and settings\All Users\Application Data\747073s32x2s4it14g
c:\documents and settings\All Users\Application Data\DirectCDUserNameE.txt
c:\documents and settings\All Users\Application Data\eavnaaa.tmp
c:\documents and settings\All Users\Application Data\ewctaaa.tmp
c:\documents and settings\All Users\Application Data\ikhtaaa.tmp
c:\documents and settings\All Users\Application Data\qspqaaa.tmp
c:\documents and settings\All Users\Application Data\TEMP\{01FB4998-33C4-4431-85ED-079E3EEFE75D}\PostBuild.exe
c:\documents and settings\All Users\Application Data\TEMP\{1FBF6C24-C1FD-4101-A42B-0C564F9E8E79}\PostBuild.exe
c:\documents and settings\All Users\Application Data\TEMP\{23F3DA62-2D9E-4A69-B8D5-BE8E9E148092}\PostBuild.exe
c:\documents and settings\All Users\Application Data\TEMP\{2BF2E31F-B8BB-40A7-B650-98D28E0F7D47}\PostBuild.exe
c:\documents and settings\All Users\Application Data\TEMP\{40BF1E83-20EB-11D8-97C5-0009C5020658}\PostBuild.exe
c:\documents and settings\All Users\Application Data\TEMP\{5DB1DF0C-AABC-4362-8A6D-CEFDFB036E41}\PostBuild.exe
c:\documents and settings\All Users\Application Data\TEMP\{B7A0CE06-068E-11D6-97FD-0050BACBF861}\PostBuild.exe
c:\documents and settings\All Users\Application Data\TEMP\{C59C179C-668D-49A9-B6EA-0121CCFC1243}\PostBuild.exe
c:\documents and settings\charles\Application Data\Microsoft\1eaadjc.dll
c:\documents and settings\charles\Application Data\Microsoft\bass.dll
c:\documents and settings\charles\Application Data\Microsoft\kfgresk.dll
c:\documents and settings\charles\Application Data\Microsoft\mjcriu.dll
c:\documents and settings\charles\Application Data\Microsoft\peaadje.dll
c:\documents and settings\charles\Application Data\Microsoft\qwadjb.dll
c:\documents and settings\charles\Application Data\Microsoft\rsaadjd.dll
c:\documents and settings\charles\Application Data\Remote\owlctx
c:\windows\IsUn0407.exe
c:\windows\OLD2593.tmp
c:\windows\OLD3F69.tmp
c:\windows\OLD59C.tmp
c:\windows\OLD8D8D.tmp
c:\windows\OLD9614.tmp
c:\windows\OLDBDF8.tmp
c:\windows\OLDFEA8.tmp
c:\windows\OLDFF7C.tmp
c:\windows\system32\c_88562.nl_
H:\WinRAR.exe
.
-- Previous Run --
.
Infected copy of c:\windows\system32\winlogon.exe was found and disinfected
Restored copy from - c:\windows\ServicePackFiles\i386\winlogon.exe
.
Infected copy of c:\windows\system32\winlogon.exe was found and disinfected
Restored copy from - c:\windows\ServicePackFiles\i386\winlogon.exe
.
Infected copy of c:\windows\system32\svchost.exe was found and disinfected
Restored copy from - c:\windows\ServicePackFiles\i386\svchost.exe
.
Infected copy of c:\windows\system32\winlogon.exe was found and disinfected
Restored copy from - c:\windows\ServicePackFiles\i386\winlogon.exe
.
Infected copy of c:\windows\system32\svchost.exe was found and disinfected
Restored copy from - c:\windows\ServicePackFiles\i386\svchost.exe
.
c:\windows\explorer.exe . . . is infected!!
.
--------
.
c:\windows\explorer.exe . . . is infected!!
.
.
((((((((((((((((((((((((( Files Created from 2012-06-04 to 2012-07-04 )))))))))))))))))))))))))))))))
.
.
2012-07-04 05:41 . 2012-07-04 05:41 335504 ----a-w- c:\windows\system32\drivers\TrufosAlt.sys
2012-07-04 05:31 . 2012-07-04 14:53 -------- d-----w- c:\documents and settings\charles\Application Data\FreeFileViewer
2012-07-04 05:30 . 2012-07-04 05:31 -------- d-----w- c:\program files\FreeFileViewer
2012-07-01 17:23 . 2008-04-14 00:12 507904 ----a-w- c:\windows\system32\winlogon.exe
2012-07-01 17:23 . 2008-04-14 00:12 14336 ----a-w- c:\windows\system32\svchost.exe
2012-07-01 17:01 . 2012-07-01 17:01 1058304 ----a-w- c:\windows\explorer.exe
2012-06-30 21:42 . 2012-06-30 21:42 -------- d-----w- c:\program files\ESET
2012-06-29 15:21 . 2012-06-29 15:21 -------- d-----w- C:\TDSSKiller_Quarantine
2012-06-29 15:16 . 2012-06-29 15:16 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2012-06-29 15:16 . 2012-04-04 19:56 22344 ----a-w- c:\windows\system32\drivers\mbam.sys
2012-06-27 20:10 . 2012-06-29 19:28 -------- d-----w- c:\documents and settings\All Users\Application Data\HitmanPro
2012-06-27 01:04 . 2012-06-27 01:04 97961 ----a-w- c:\windows\system32\drivers\klick.dat
2012-06-27 01:04 . 2012-06-27 01:04 115369 ----a-w- c:\windows\system32\drivers\klin.dat
2012-06-27 00:57 . 2012-07-03 17:24 -------- d-----w- c:\documents and settings\All Users\Application Data\Kaspersky Lab
2012-06-27 00:57 . 2012-06-27 00:57 -------- d-----w- c:\program files\Kaspersky Lab
2012-06-26 10:09 . 2012-06-26 10:09 -------- d-sh--w- c:\windows\system32\config\systemprofile\PrivacIE
2012-06-16 17:15 . 2012-06-16 17:15 -------- d-----w- c:\documents and settings\charles\Application Data\CrystalIdea Software
2012-06-16 03:24 . 2012-05-22 01:15 133208 ----a-w- c:\windows\system32\drivers\98502352.sys
2012-06-06 16:41 . 2012-06-06 16:41 -------- d-----w- c:\program files\Windows Defender
2012-06-06 12:20 . 2012-06-06 12:20 -------- d-----w- c:\program files\Microsoft Download Manager
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-06-17 08:32 . 2012-05-04 14:15 426184 ----a-w- c:\windows\system32\FlashPlayerApp.exe
2012-06-17 08:32 . 2011-09-26 16:27 70344 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2012-04-28 02:37 . 2012-03-07 20:01 97208 ----a-w- c:\program files\mozilla firefox\components\browsercomps.dll
.
.
------- Sigcheck -------
Note: Unsigned files aren't necessarily malware.
.
[-] 2012-07-01 . 20484B4DC84DC2F3A9BE90BE5EED3A8C . 1058304 . . [6.00.2900.5512] . . c:\windows\explorer.exe
[7] 2008-04-14 . 12896823FB95BFB3DC9B46BCAEDC9923 . 1033728 . . [6.00.2900.5512] . . c:\windows\ServicePackFiles\i386\explorer.exe
[7] 2004-08-04 . A0732187050030AE399B241436565E64 . 1032192 . . [6.00.2900.2180] . . c:\windows\$NtServicePackUninstall$\explorer.exe
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2010-10-03 39408]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"MMTray"="c:\program files\Musicmatch\Musicmatch Jukebox\mm_tray.exe" [2006-01-19 110592]
"QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2010-11-29 421888]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\explorer]
"NoResolveTrack"= 1 (0x1)
"NoFileAssociate"= 0 (0x0)
.
[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= "c:\program files\SUPERAntiSpyware\SASSEH.DLL" [2011-07-19 113024]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]
2011-05-04 17:54 551296 ----a-w- c:\program files\SUPERAntiSpyware\SASWINLO.DLL
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\!SASCORE]
@=""
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WinDefend]
@="Service"
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe ARM]
2012-01-02 15:07 843712 ----a-r- c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher]
2012-01-04 03:51 37296 ----a-w- c:\program files\Adobe\Reader 9.0\Reader\reader_sl.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ATT-SST_McciTrayApp]
2012-06-07 11:22 1939968 ----a-w- c:\program files\ATT-SST\pcTrayApp.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ctfmon.exe]
2008-04-14 00:12 15360 ------w- c:\windows\SYSTEM32\ctfmon.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MMTray]
2006-01-19 15:06 110592 ----a-w- c:\program files\Musicmatch\Musicmatch Jukebox\mm_tray.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
2010-11-29 22:38 421888 ----a-w- c:\program files\QuickTime\QTTask.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\swg]
2010-10-03 18:33 39408 ----a-w- c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TkBellExe]
2011-08-31 14:22 273528 ----a-w- c:\program files\Real\RealPlayer\Update\realsched.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Windows Defender]
2006-11-03 23:20 866584 ----a-w- c:\program files\Windows Defender\MSASCui.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-disabled]
"MMTray"="c:\program files\MUSICMATCH\MUSICMATCH Jukebox\mm_tray.exe"
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\KasperskyAntiVirus]
"DisableMonitoring"=dword:00000001
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\Common Files\\Motive\\McciServiceHost.exe"=
"c:\\Program Files\\Common Files\\Motive\\pcServiceHost.exe"=
"c:\\Program Files\\FreeFileViewer\\FFVCheckForUpdates.exe"=
.
R1 kl2;kl2;c:\windows\system32\DRIVERS\kl2.sys [x]
R1 SASDIFSV;SASDIFSV;c:\program files\SUPERAntiSpyware\SASDIFSV.SYS [x]
R1 SASKUTIL;SASKUTIL;c:\program files\SUPERAntiSpyware\SASKUTIL.SYS [x]
R2 gupdate;Google Update Service (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [x]
R2 HitmanPro36CrusaderBoot;HitmanPro 3.6 Crusader (Boot);c:\documents and settings\charles\Local Settings\Temporary Internet Files\Content.IE5\TM2Q9WR0\HitmanPro36[1].exe [x]
R2 IS360service;IS360service;d:\program files\IObit\IObit Security 360\IS360srv.exe [x]
R2 McciServiceHost;McciServiceHost;c:\program files\Common Files\Motive\McciServiceHost.exe [x]
R2 pcCMService;pcCMService;c:\program files\Common Files\Motive\pcCMService.exe [x]
R2 pcServiceHost;pcServiceHost;c:\program files\Common Files\Motive\pcServiceHost.exe [x]
R3 73976012;73976012; [x]
R3 FsUsbExDisk;FsUsbExDisk;c:\windows\system32\FsUsbExDisk.SYS [x]
R3 gupdatem;Google Update Service (gupdatem);c:\program files\Google\Update\GoogleUpdate.exe [x]
R3 klim5;Kaspersky Anti-Virus NDIS Filter;c:\windows\system32\DRIVERS\klim5.sys [x]
R3 klmouflt;Kaspersky Lab KLMOUFLT;c:\windows\system32\DRIVERS\klmouflt.sys [x]
R3 MatSvc;Microsoft Automated Troubleshooting Service;c:\program files\Microsoft Fix it Center\Matsvc.exe [x]
R3 Media Jukebox 14 Service;Media Jukebox 14 Service;c:\program files\J River\Media Jukebox 14\JRService.exe [x]
R3 MozillaMaintenance;Mozilla Maintenance Service;c:\program files\Mozilla Maintenance Service\maintenanceservice.exe [x]
R3 Pcouffin;Low level access layer for CD devices;c:\windows\system32\Drivers\Pcouffin.sys [x]
R3 PSI;PSI;c:\windows\system32\DRIVERS\psi_mf.sys [x]
R3 Secunia PSI Agent;Secunia PSI Agent;c:\program files\Secunia\PSI\PSIA.exe [x]
R3 wmamp3DriverV32;wmamp3DriverV32;c:\windows\system32\drivers\wmamp3DriverV32.sys [x]
R3 WsAudio_DeviceS(1);WsAudio_DeviceS(1);c:\windows\system32\drivers\WsAudio_DeviceS(1).sys [x]
R3 WsAudio_DeviceS(2);WsAudio_DeviceS(2);c:\windows\system32\drivers\WsAudio_DeviceS(2).sys [x]
R3 WsAudio_DeviceS(3);WsAudio_DeviceS(3);c:\windows\system32\drivers\WsAudio_DeviceS(3).sys [x]
R3 WsAudio_DeviceS(4);WsAudio_DeviceS(4);c:\windows\system32\drivers\WsAudio_DeviceS(4).sys [x]
R3 WsAudio_DeviceS(5);WsAudio_DeviceS(5);c:\windows\system32\drivers\WsAudio_DeviceS(5).sys [x]
R4 TQKSVI;TQKSVI;c:\docume~1\charles\LOCALS~1\Temp\TQKSVI.exe [x]
S0 98502352;98502352;c:\windows\system32\DRIVERS\98502352.sys [x]
S0 SmartDefragDriver;SmartDefragDriver;c:\windows\System32\Drivers\SmartDefragDriver.sys [x]
S2 !SASCORE;SAS Core Service;c:\program files\SUPERAntiSpyware\SASCORE.EXE [x]
S2 WinDefend;Windows Defender;c:\program files\Windows Defender\MsMpEng.exe [x]
.
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
HPZ12 REG_MULTI_SZ Pml Driver HPZ12 Net Driver HPZ12
HPService REG_MULTI_SZ HPSLPSVC
hpdevmgmt REG_MULTI_SZ hpqcxs08 hpqddsvc
.
Contents of the 'Scheduled Tasks' folder
.
2012-06-26 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2008-07-30 17:34]
.
2012-07-04 c:\windows\Tasks\FreeFileViewerUpdateChecker.job
- c:\program files\FreeFileViewer\FFVCheckForUpdates.exe [2012-07-04 18:24]
.
2012-07-04 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-10-03 18:32]
.
2012-07-04 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-10-03 18:32]
.
2012-07-04 c:\windows\Tasks\MP Scheduled Scan.job
- c:\program files\Windows Defender\MpCmdRun.exe [2006-11-03 23:20]
.
2012-07-04 c:\windows\Tasks\RealUpgradeLogonTaskS-1-5-18.job
- c:\program files\Real\RealUpgrade\realupgrade.exe [2011-08-11 19:22]
.
2012-07-04 c:\windows\Tasks\RealUpgradeLogonTaskS-1-5-21-551226075-1155661131-279371235-1007.job
- c:\program files\Real\RealUpgrade\realupgrade.exe [2011-08-11 19:22]
.
2012-06-27 c:\windows\Tasks\RealUpgradeScheduledTaskS-1-5-18.job
- c:\program files\Real\RealUpgrade\realupgrade.exe [2011-08-11 19:22]
.
2012-06-30 c:\windows\Tasks\RealUpgradeScheduledTaskS-1-5-21-551226075-1155661131-279371235-1007.job
- c:\program files\Real\RealUpgrade\realupgrade.exe [2011-08-11 19:22]
.
2011-09-28 c:\windows\Tasks\switchShakeIcon.job
- c:\program files\NCH Software\Switch\switch.exe [2011-08-31 03:09]
.
2012-07-04 c:\windows\Tasks\User_Feed_Synchronization-{3704F410-368B-4851-A6C6-81F1D7356DC6}.job
- c:\windows\system32\msfeedssync.exe [2009-03-08 08:31]
.
2012-07-04 c:\windows\Tasks\Windows Codec Update Service.job
- c:\program files\Essentials Codec Pack\WECPUpdate.exe [2011-02-21 15:52]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://att.my.yahoo.com/?.lts=1339863866
uInternet Settings,ProxyOverride = <local>
uCustomizeSearch =
uSearchURL,(Default) = hxxp://red.clientapps.yahoo.com/customize/ie/defaults/su/sbcydsl/*http://www.yahoo.com
IE: &ieSpell Options - c:\program files\ieSpell\iespell.dll/SPELLOPTION.HTM
IE: Check &Spelling - c:\program files\ieSpell\iespell.dll/SPELLCHECK.HTM
IE: Lookup on Merriam Webster - file://c:\program files\ieSpell\Merriam Webster.HTM
IE: Lookup on Wikipedia - file://c:\program files\ieSpell\wikipedia.HTM
Trusted Zone: $talisma_url$
Trusted Zone: musicmatch.com\online
TCP: DhcpNameServer = 192.168.0.1
DPF: Microsoft XML Parser for Java - file://c:\windows\Java\classes\xmldso.cab
DPF: {02AA9E0F-B4EB-4BE9-A769-FD09543FEEC2} - hxxp://personals.chocolatesingles.com/images/global/im/1/body/voice-installer.cab
FF - ProfilePath - c:\documents and settings\charles\Application Data\Mozilla\Firefox\Profiles\4njxtvg3.default\
.
- - - - ORPHANS REMOVED - - - -
.
Toolbar-Locked - (no file)
.
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2012-07-04 13:44
Windows 5.1.2600 Service Pack 3 NTFS
.
scanning hidden processes ...
.
scanning hidden autostart entries ...
.
scanning hidden files ...
.
scan completed successfully
hidden files: 0
.
**************************************************************************
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\HitmanPro36CrusaderBoot]
"ImagePath"="\"c:\documents and settings\charles\Local Settings\Temporary Internet Files\Content.IE5\TM2Q9WR0\HitmanPro36
[1].exe\" /crusader:boot"
"ImagePath"="\"c:\documents and settings\charles\Local Settings\Temporary Internet Files\Content.IE5\TM2Q9WR0\HitmanPro36
[1].exe\" /crusader:boot"
.
.
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\HitmanPro36CrusaderBoot]
"ImagePath"="\"c:\documents and settings\charles\Local Settings\Temporary Internet Files\Content.IE5\TM2Q9WR0\HitmanPro36
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_USERS\.Default\Software\Microsoft\Internet Explorer\User Preferences]
@Denied: (2) (LocalSystem)
"88D7D0879DAB32E14DE5B3A805A34F98AFF34F5977"=hex:01,00,00,00,d0,8c,9d,df,01,15,
d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,f8,56,02,9b,2b,83,8f,45,9f,8b,ef,\
"2D53CFFC5C1A3DD2E97B7979AC2A92BD59BC839E81"=hex:01,00,00,00,d0,8c,9d,df,01,15,
d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,f8,56,02,9b,2b,83,8f,45,9f,8b,ef,\
.
--------------------- DLLs Loaded Under Running Processes ---------------------
.
- - - - - - - > 'winlogon.exe'(288)
c:\program files\SUPERAntiSpyware\SASWINLO.DLL
c:\windows\system32\WININET.dll
.
- - - - - - - > 'explorer.exe'(1880)
c:\windows\system32\WININET.dll
c:\windows\system32\msi.dll
c:\windows\system32\ieframe.dll
c:\windows\WinSxS\x86_Microsoft.VC80.CRT_1fc8b3b9a1e18e3b_8.0.50727.4053_x-ww_e6967989\MSVCR80.dll
.
Completion time: 2012-07-04 13:48:50
ComboFix-quarantined-files.txt 2012-07-04 17:48
.
Pre-Run: 10,410,860,544 bytes free
Post-Run: 10,363,564,032 bytes free
.
- - End Of File - - 0EB25860027A89C2F44A3342881C7982

SystemLook:

Please download SystemLook from one of the links below and save it to your Desktop.

Download Mirror #1
Download Mirror #2

• Double-click SystemLook.exe to run it.
• Copy the content of the following codebox into the main textfield:

:filefind
explorer.exe
svchost.exe
winlogon.exe

• Click the Look button to start the scan.
• When finished, a notepad window will open with the results of the scan. Please post this log in your next reply.

Note: The log can also be found on your Desktop entitled SystemLook.txt

SystemLook 30.07.11 by jpshortstuff
Log created at 21:38 on 04/07/2012 by charles
Administrator - Elevation successful

========== filefind ==========

Searching for "explorer.exe"
C:\WINDOWS\explorer.exe --a---- 1058304 bytes [17:01 01/07/2012] [17:01 01/07/2012] 20484B4DC84DC2F3A9BE90BE5EED3A8C
C:\WINDOWS\$NtServicePackUninstall$\explorer.exe -----c- 1032192 bytes [07:16 04/09/2010] [07:56 04/08/2004] A0732187050030AE399B241436565E64
C:\WINDOWS\ServicePackFiles\i386\explorer.exe ------- 1033728 bytes [07:56 04/08/2004] [00:12 14/04/2008] 12896823FB95BFB3DC9B46BCAEDC9923

Searching for "svchost.exe"
C:\I386\SVCHOST.EXE ------- 12800 bytes [06:18 10/01/2004] [11:00 29/08/2002] 0F7D9C87B0CE1FA520473119752C6F79
C:\Program Files\Malwarebytes' Anti-Malware\Chameleon\svchost.exe --a---- 199240 bytes [15:16 29/06/2012] [19:56 04/04/2012] 097D0E812D7A9A3101CE46CB2BE0474D
C:\WINDOWS\$NtServicePackUninstall$\svchost.exe -----c- 14336 bytes [07:13 04/09/2010] [07:56 04/08/2004] 8F078AE4ED187AAABC0A305146DE6716
C:\WINDOWS\erdnt\cache\svchost.exe --a---- 14336 bytes [17:45 04/07/2012] [00:12 14/04/2008] 27C6D03BCDB8CFEB96B716F3D8BE3E18
C:\WINDOWS\ServicePackFiles\i386\svchost.exe ------- 14336 bytes [07:56 04/08/2004] [00:12 14/04/2008] 27C6D03BCDB8CFEB96B716F3D8BE3E18
C:\WINDOWS\SYSTEM32\svchost.exe --a---- 14336 bytes [17:23 01/07/2012] [00:12 14/04/2008] 27C6D03BCDB8CFEB96B716F3D8BE3E18

Searching for "winlogon.exe"
C:\I386\WINLOGON.EXE ------- 516608 bytes [06:19 10/01/2004] [11:00 29/08/2002] 2246D8D8F4714A2CEDB21AB9B1849ABB
C:\Program Files\Malwarebytes' Anti-Malware\Chameleon\winlogon.exe --a---- 199240 bytes [15:16 29/06/2012] [19:56 04/04/2012] 097D0E812D7A9A3101CE46CB2BE0474D
C:\WINDOWS\$NtServicePackUninstall$\winlogon.exe -----c- 502272 bytes [07:13 04/09/2010] [07:56 04/08/2004] 01C3346C241652F43AED8E2149881BFE
C:\WINDOWS\erdnt\cache\winlogon.exe --a---- 507904 bytes [17:45 04/07/2012] [00:12 14/04/2008] ED0EF0A136DEC83DF69F04118870003E
C:\WINDOWS\ServicePackFiles\i386\winlogon.exe ------- 507904 bytes [07:56 04/08/2004] [00:12 14/04/2008] ED0EF0A136DEC83DF69F04118870003E
C:\WINDOWS\SYSTEM32\winlogon.exe --a---- 507904 bytes [17:23 01/07/2012] [00:12 14/04/2008] ED0EF0A136DEC83DF69F04118870003E

-= EOF =-

Greetings

Lets run this now.

Blitzblank.

Download BlitzBlank and save it to your desktop. Open Blitzblank.exe

• Click OK at the warning (and take note of it, this is a VERY powerful tool!).
  
• Click the Script tab and copy/paste the following text there:

CopyFile:
C:\WINDOWS\ServicePackFiles\i386\explorer.exe C:\WINDOWS\explorer.exe
C:\WINDOWS\ServicePackFiles\i386\svchost.exe C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\ServicePackFiles\i386\winlogon.exe C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\ServicePackFiles\i386\explorer.exe C:\WINDOWS\system32\dllcache\explorer.exe
C:\WINDOWS\ServicePackFiles\i386\winlogon.exe C:\WINDOWS\system32\dllcache\winlogon.exe
C:\WINDOWS\ServicePackFiles\i386\svchost.exe C:\WINDOWS\system32\dllcache\svchost.exe

• Click Execute Now. Your computer will need to reboot in order to replace the files.
  
• When done, post me the report created by Blitzblank. you can find it at the root of the drive Normaly C:\

BlitzBlank 1.0.0.32

File/Registry Modification Engine native application
CopyFileOnReboot: sourceFile = "\??\c:\windows\servicepackfiles\i386\explorer.exe", destinationFile = "\??\c:\windows\explorer.exe"CopyFileOnReboot: sourceFile = "\??\c:\windows\servicepackfiles\i386\svchost.exe", destinationFile = "\??\c:\windows\system32\svchost.exe"CopyFileOnReboot: sourceFile = "\??\c:\windows\servicepackfiles\i386\winlogon.exe", destinationFile = "\??\c:\windows\system32\winlogon.exe"CopyFileOnReboot: sourceFile = "\??\c:\windows\servicepackfiles\i386\explorer.exe", destinationFile = "\??\c:\windows\system32\dllcache\explorer.exe"CopyFileOnReboot: sourceFile = "\??\c:\windows\servicepackfiles\i386\winlogon.exe", destinationFile = "\??\c:\windows\system32\dllcache\winlogon.exe"CopyFileOnReboot: sourceFile = "\??\c:\windows\servicepackfiles\i386\svchost.exe", destinationFile = "\??\c:\windows\system32\dllcache\svchost.exe"

Greetings

At this time I would like you to run this script for me and it is a good time to check out the computer to see if there is anything else that needs to be addressed.

:Run CFScript:

Open Notepad and copy/paste the text in the box into the window:

ClearJavaCache::

Save it to your desktop as CFScript.txt

Refering to the picture above, drag CFScript.txt into ComboFix.exe

This will let ComboFix run again.
Restart if you have to.
Save the produced logfile to your desktop.

Note: Do not mouseclick combofix's window whilst it's running. That may cause it to stall

Note 2: If you recieve an error "Illegal operation attempted on a registery key that has been marked for deletion." Please restart the computer

"information and logs"

• In your next post I need the following
  
  
• report from Combofix
• let me know of any problems you may have had
• How is the computer doing now after running the script?

Gringo