PWS:Win 32/Sinowal.gen!Y (Password stealer)

Microsoft Security essentials keeps picking up this virus and cleaning it. Then after a restart it will pick it up again.

I ran DDS (log below) and GMER, however during the GMER scan I got a blue screen. I didn't catch much of it, "non-paged" something or other was the error.

DDS log


dds.txt
.
DDS (Ver_2011-08-26.01) - NTFSx86
Internet Explorer: 9.0.8112.16421 BrowserJavaVersion: 10.5.0
Run by Leslie at 15:52:03 on 2012-09-15
Microsoft® Windows Vista™ Home Basic 6.0.6002.2.1252.44.1033.18.893.82 [GMT 1:00]
.
AV: Microsoft Security Essentials *Enabled/Updated* {9765EA51-0D3C-7DFB-6091-10E4E1F341F6}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
SP: Microsoft Security Essentials *Enabled/Updated* {2C040BB5-2B06-7275-5A21-2B969A740B4B}
.
============== Running Processes ===============
.
C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\svchost.exe -k rpcss
c:\Program Files\Microsoft Security Client\MsMpEng.exe
C:\Windows\system32\Ati2evxx.exe
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k GPSvcGroup
C:\Windows\system32\SLsvc.exe
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\system32\Ati2evxx.exe
C:\Windows\system32\WLANExt.exe
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Windows\system32\taskeng.exe
C:\Windows\system32\Dwm.exe
C:\Windows\system32\taskeng.exe
C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\GNU\GnuPG\dirmngr.exe
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\Program Files\RALINK\Common\RalinkRegistryWriter.exe
C:\Windows\system32\svchost.exe -k imgsvc
C:\Windows\System32\svchost.exe -k WerSvcGroup
C:\Windows\system32\SearchIndexer.exe
C:\Windows\RtHDVCpl.exe
C:\Program Files\Microsoft Security Client\msseces.exe
C:\Users\Leslie\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Windows\system32\wbem\wmiprvse.exe
C:\Program Files\Apple Software Update\SoftwareUpdate.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Windows\system32\Macromed\Flash\FlashUtil32_11_4_402_265_ActiveX.exe
C:\Windows\system32\msiexec.exe
C:\Windows\explorer.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Windows\System32\mobsync.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Windows\system32\SearchProtocolHost.exe
C:\Windows\system32\DllHost.exe
C:\Windows\system32\DllHost.exe
.
============== Pseudo HJT Report ===============
.
uStart Page = hxxp://www.thetechguys.com/welcome
uDefault_Page_URL = hxxp://www.thetechguys.com/welcome
uInternet Settings,ProxyOverride = *.local
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll
BHO: Java™ Plug-In SSV Helper: {761497bb-d6f0-462c-b6eb-d4daf1d92d43} - c:\program files\java\jre7\bin\ssv.dll
BHO: {7E853D72-626A-48EC-A868-BA8D5E23E045} - No File
BHO: Windows Live Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - c:\program files\common files\microsoft shared\windows live\WindowsLiveLogin.dll
BHO: Java™ Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre7\bin\jp2ssv.dll
uRun: [Google Update] "c:\users\leslie\appdata\local\google\update\GoogleUpdate.exe" /c
uRun: [Spotify Web Helper] "c:\users\leslie\appdata\roaming\spotify\data\SpotifyWebHelper.exe"
mRun: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide
mRun: [RtHDVCpl] RtHDVCpl.exe
mRun: [Skytel] Skytel.exe
mRun: [MSC] "c:\program files\microsoft security client\msseces.exe" -hide -runkey
mRun: [APSDaemon] "c:\program files\common files\apple\apple application support\APSDaemon.exe"
mRun: [iTunesHelper] "c:\program files\itunes\iTunesHelper.exe"
StartupFolder: c:\users\leslie\appdata\roaming\micros~1\windows\startm~1\programs\startup\dropbox.lnk - c:\users\leslie\appdata\roaming\dropbox\bin\Dropbox.exe
StartupFolder: c:\progra~2\micros~1\windows\startm~1\programs\startup\ralink~1.lnk - c:\program files\ralink\common\RaUI.exe
mPolicies-explorer: BindDirectlyToPropertySetStorage = 0 (0x0)
mPolicies-system: EnableUIADesktopToggle = 0 (0x0)
IE: E&xport to Microsoft Excel - c:\progra~1\micros~4\office12\EXCEL.EXE/3000
IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - c:\program files\windows live\writer\WriterBrowserExtension.dll
IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - c:\progra~1\micros~4\office12\ONBttnIE.dll
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~4\office12\REFIEBAR.DLL
TCP: DhcpNameServer = 194.168.4.100 194.168.8.100
TCP: Interfaces\{4B45206B-9B0D-4F8E-9DA6-A0CC103BBD9D} : DhcpNameServer = 194.168.4.100 194.168.8.100
Notify: igfxcui - igfxdev.dll
.
============= SERVICES / DRIVERS ===============
.
R0 MpFilter;Microsoft Malware Protection Driver;c:\windows\system32\drivers\MpFilter.sys [2012-3-20 171064]
R1 MpKsl38d2f8ca;MpKsl38d2f8ca;c:\programdata\microsoft\microsoft antimalware\definition updates\{d8e5b1fb-8086-4bb8-9e0f-2e1a7caea143}\MpKsl38d2f8ca.sys [2012-9-15 29904]
R2 AdobeARMservice;Adobe Acrobat Update Service;c:\program files\common files\adobe\arm\1.0\armsvc.exe [2011-6-6 64952]
R2 DirMngr;DirMngr;c:\program files\gnu\gnupg\dirmngr.exe [2011-3-2 224256]
R2 FontCache;Windows Font Cache Service;c:\windows\system32\svchost.exe -k LocalServiceAndNoImpersonation [2008-1-21 21504]
R2 RalinkRegistryWriter;Ralink Registry Writer;c:\program files\ralink\common\RalinkRegistryWriter.exe [2012-1-2 69632]
R3 rt61x86;Ralink RT61 Wireless Driver for Windows Vista;c:\windows\system32\drivers\netr61.sys [2012-1-2 335872]
S1 llwmjtis;llwmjtis;c:\windows\system32\drivers\llwmjtis.sys [2012-9-15 43600]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\microsoft.net\framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
S3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service;c:\windows\system32\macromed\flash\FlashPlayerUpdateService.exe [2012-9-8 250056]
S3 NisDrv;Microsoft Network Inspection System;c:\windows\system32\drivers\NisDrvWFP.sys [2011-4-27 74112]
S3 NisSrv;Microsoft Network Inspection;c:\program files\microsoft security client\NisSrv.exe [2012-3-26 214952]
S3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;c:\windows\microsoft.net\framework\v4.0.30319\wpf\WPFFontCache_v0400.exe [2010-3-18 753504]
SUnknown widegpaq;widegpaq; [x]
.
=============== Created Last 30 ================
.
2012-09-15 14:45:48 29904 ----a-w- c:\programdata\microsoft\microsoft antimalware\definition updates\{d8e5b1fb-8086-4bb8-9e0f-2e1a7caea143}\MpKsl38d2f8ca.sys
2012-09-15 14:44:48 26840 ----a-w- c:\windows\system32\drivers\GEARAspiWDM.sys
2012-09-15 14:43:19 -------- d-----w- c:\program files\iPod
2012-09-15 14:43:01 -------- d-----w- c:\programdata\188F1432-103A-4ffb-80F1-36B633C5C9E1
2012-09-15 14:43:01 -------- d-----w- c:\program files\iTunes
2012-09-15 14:35:18 43600 ----a-w- c:\windows\system32\drivers\llwmjtis.sys
2012-09-15 14:35:00 56200 ----a-w- c:\programdata\microsoft\microsoft antimalware\definition updates\{d8e5b1fb-8086-4bb8-9e0f-2e1a7caea143}\offreg.dll
2012-09-14 21:53:59 7022536 ----a-w- c:\programdata\microsoft\microsoft antimalware\definition updates\{d8e5b1fb-8086-4bb8-9e0f-2e1a7caea143}\mpengine.dll
2012-09-14 18:13:17 -------- d-----w- c:\windows\system32\MpEngineStore
2012-09-11 22:38:34 7022536 ----a-w- c:\programdata\microsoft\microsoft antimalware\definition updates\backup\mpengine.dll
2012-09-10 20:54:52 -------- d-----w- c:\users\leslie\appdata\roaming\gnupg
2012-09-10 20:54:50 -------- d-----w- c:\programdata\GNU
2012-09-10 20:54:31 -------- d-----w- c:\program files\GNU
2012-09-10 20:44:13 -------- d-----w- c:\users\leslie\appdata\local\Microsoft Games
2012-09-09 17:03:44 -------- d-----w- c:\programdata\Windows
2012-09-08 12:58:28 426184 ----a-w- c:\windows\system32\FlashPlayerApp.exe
2012-09-04 05:23:44 2047488 ----a-w- c:\windows\system32\win32k.sys
2012-09-03 10:34:58 623616 ----a-w- c:\windows\system32\localspl.dll
.
==================== Find3M ====================
.
2012-09-08 13:32:45 70344 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2012-08-21 12:01:22 106928 ----a-w- c:\windows\system32\GEARAspi.dll
2012-06-29 00:16:58 1800704 ----a-w- c:\windows\system32\jscript9.dll
2012-06-29 00:09:01 1129472 ----a-w- c:\windows\system32\wininet.dll
2012-06-29 00:08:59 1427968 ----a-w- c:\windows\system32\inetcpl.cpl
2012-06-29 00:04:43 142848 ----a-w- c:\windows\system32\ieUnatt.exe
2012-06-29 00:00:45 2382848 ----a-w- c:\windows\system32\mshtml.tlb
2012-06-26 18:42:10 772592 ----a-w- c:\windows\system32\npDeployJava1.dll
.
============= FINISH: 15:53:23.20 ===============

Attach.txt


.
UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
IF REQUESTED, ZIP IT UP & ATTACH IT
.
DDS (Ver_2011-08-26.01)
.
Microsoft® Windows Vista™ Home Basic
Boot Device: \Device\HarddiskVolume2
Install Date: 02/01/2012 09:08:45
System Uptime: 14/09/2012 22:30:50 (17 hours ago)
.
Motherboard: Packard Bell BV | | EasyNote MZ36
Processor: Intel® Core™2 CPU T5300 @ 1.73GHz | U23 | 1733/100mhz
.
==== Disk Partitions =========================
.
C: is FIXED (NTFS) - 68 GiB total, 11.269 GiB free.
E: is CDROM ()
S: is FIXED (NTFS) - 1 GiB total, 1.417 GiB free.
.
==== Disabled Device Manager Items =============
.
==== System Restore Points ===================
.
RP133: 09/09/2012 03:24:06 - Scheduled Checkpoint
RP134: 09/09/2012 23:09:51 - Scheduled Checkpoint
RP135: 10/09/2012 22:46:14 - Windows Update
RP136: 12/09/2012 00:00:05 - Scheduled Checkpoint
RP137: 14/09/2012 19:03:20 - Windows Update
RP138: 15/09/2012 15:36:57 - Device Driver Package Install: Apple, Inc. Universal Serial Bus controllers
.
==== Installed Programs ======================
.
Update for Microsoft Office 2007 (KB2508958)
AC3Filter (remove only)
Adobe AIR
Adobe Flash Player 11 ActiveX
Adobe Flash Player 11 Plugin
Adobe Reader X (10.1.1)
Adobe Shockwave Player 11.6
Apple Application Support
Apple Mobile Device Support
Apple Software Update
ATI Catalyst Install Manager
Bitcoin
Bonjour
CCleaner
Compatibility Pack for the 2007 Office system
DivX Setup
Dropbox
GIMP 2.6.11
Google Chrome
Gpg4win (2.1.0)
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB953595)
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB958484)
iTunes
Java™ 7 Update 5
Microsoft .NET Framework 3.5 SP1
Microsoft .NET Framework 4 Client Profile
Microsoft Office 2007 Service Pack 3 (SP3)
Microsoft Office Excel MUI (English) 2007
Microsoft Office File Validation Add-In
Microsoft Office Home and Student 2007
Microsoft Office OneNote MUI (English) 2007
Microsoft Office PowerPoint MUI (English) 2007
Microsoft Office PowerPoint Viewer 2007 (English)
Microsoft Office Proof (English) 2007
Microsoft Office Proof (French) 2007
Microsoft Office Proof (Spanish) 2007
Microsoft Office Proofing (English) 2007
Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
Microsoft Office Shared MUI (English) 2007
Microsoft Office Shared Setup Metadata MUI (English) 2007
Microsoft Office Word MUI (English) 2007
Microsoft Security Client
Microsoft Security Essentials
Microsoft Silverlight
Microsoft SQL Server 2005 Compact Edition [ENU]
Microsoft Visual C++ 2005 Redistributable
Microsoft Works
OEM Logo and Information
Ralink Wireless LAN
Realtek High Definition Audio Driver
Revo Uninstaller 1.94
Security Update for Microsoft .NET Framework 3.5 SP1 (KB2604111)
Security Update for Microsoft .NET Framework 3.5 SP1 (KB2657424)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2518870)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2539636)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2572078)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2604121)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2633870)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2656351)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2656368)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2656368v2)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2656405)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2686827)
Security Update for Microsoft Office 2007 suites (KB2596615) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2596672) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2596744) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2596754) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2596785) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2596792) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2596856) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2596871) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2596880) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2597162) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2597969) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2687441) 32-Bit Edition
Security Update for Microsoft Office Excel 2007 (KB2597161) 32-Bit Edition
Security Update for Microsoft Office InfoPath 2007 (KB2596786) 32-Bit Edition
Security Update for Microsoft Office PowerPoint 2007 (KB2596764) 32-Bit Edition
Security Update for Microsoft Office PowerPoint 2007 (KB2596912) 32-Bit Edition
Security Update for Microsoft Office Word 2007 (KB2596917) 32-Bit Edition
Spotify
Update for 2007 Microsoft Office System (KB967642)
Update for Microsoft .NET Framework 3.5 SP1 (KB963707)
Update for Microsoft .NET Framework 4 Client Profile (KB2468871)
Update for Microsoft .NET Framework 4 Client Profile (KB2533523)
Update for Microsoft .NET Framework 4 Client Profile (KB2600217)
Update for Microsoft Office 2007 Help for Common Features (KB963673)
Update for Microsoft Office Excel 2007 Help (KB963678)
Update for Microsoft Office OneNote 2007 Help (KB963670)
Update for Microsoft Office Powerpoint 2007 Help (KB963669)
Update for Microsoft Office Script Editor Help (KB963671)
Update for Microsoft Office Word 2007 Help (KB963665)
VC80CRTRedist - 8.0.50727.6195
VirtualDJ Home FREE
VLC media player 1.1.11
Windows Live installer
Windows Live Mail
Windows Live Messenger
Windows Live Photo Gallery
Windows Live Sign-in Assistant
Windows Live Writer
WinRAR 4.01 (32-bit)
Xvid Video Codec
.
==== Event Viewer Messages From Past Week ========
.
15/09/2012 15:37:39, Error: Service Control Manager [7031] - The Apple Mobile Device service terminated unexpectedly. It has done this 2 time(s). The following corrective action will be taken in 60000 milliseconds: Restart the service.
15/09/2012 15:37:34, Error: Service Control Manager [7032] - The Service Control Manager tried to take a corrective action (Restart the service) after the unexpected termination of the Apple Mobile Device service, but this action failed with the following error: An instance of the service is already running.
15/09/2012 15:36:33, Error: Service Control Manager [7031] - The Apple Mobile Device service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 60000 milliseconds: Restart the service.
14/09/2012 22:39:00, Error: Service Control Manager [7000] - The Parallel port driver service failed to start due to the following error: The service cannot be started, either because it is disabled or because it has no enabled devices associated with it.
14/09/2012 22:35:17, Error: Microsoft Antimalware [2001] - Microsoft Antimalware has encountered an error trying to update signatures. New Signature Version: Previous Signature Version: 1.135.1007.0 Update Source: Microsoft Update Server Update Stage: Search Source Path: http://www.microsoft.com Signature Type: AntiVirus Update Type: Full User: NT AUTHORITY\SYSTEM Current Engine Version: Previous Engine Version: 1.1.8704.0 Error code: 0x8024001e Error description: An unexpected problem occurred while checking for updates. For information on installing or troubleshooting updates, see Help and Support.
14/09/2012 22:35:02, Error: Service Control Manager [7011] - A timeout (30000 milliseconds) was reached while waiting for a transaction response from the WSearch service.
12/09/2012 18:26:20, Error: Server [2505] - The server could not bind to the transport \Device\NetbiosSmb because another computer on the network has the same name. The server could not start.
.
==== End Of File ===========================

Thanks for taking the time to read my logs.

Any help is much appreciated!

I ran GMER again and this time it scanned successfuly.

GMER log

ark.txt

GMER 1.0.15.15641 - http://www.gmer.net
Rootkit scan 2012-09-15 17:32:20
Windows 6.0.6002 Service Pack 2 Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T0L0-0 ST980811AS rev.3.ALC
Running: 52ynvn9u.exe; Driver: C:\Users\Leslie\AppData\Local\Temp\axlirpod.sys


---- Kernel code sections - GMER 1.0.15 ----

.text C:\Windows\system32\DRIVERS\atikmdag.sys section is writeable [0x8A010000, 0x205494, 0xE8000020]

---- User code sections - GMER 1.0.15 ----

.text C:\Program Files\Internet Explorer\iexplore.exe[2992] kernel32.dll!CreateThread 7720CB2E 5 Bytes JMP 6EDD75E3 C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[2992] USER32.dll!CreateDialogParamW 75F072A2 5 Bytes JMP 6EF69250 C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[2992] USER32.dll!GetAsyncKeyState 75F0863C 5 Bytes JMP 6EDBDEDD C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[2992] USER32.dll!SetWindowsHookExW 75F087AD 5 Bytes JMP 6EE125B4 C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[2992] USER32.dll!CallNextHookEx 75F08E3B 5 Bytes JMP 6EE37FDF C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[2992] USER32.dll!UnhookWindowsHookEx 75F098DB 5 Bytes JMP 6EE5ECE0 C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[2992] USER32.dll!EnableWindow 75F0CD8B 5 Bytes JMP 6EE19EB4 C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[2992] USER32.dll!DefWindowProcA 75F0DB88 7 Bytes JMP 6EDD980D C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[2992] USER32.dll!CreateWindowExA 75F0DC2A 5 Bytes JMP 6EDE3643 C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[2992] USER32.dll!CreateWindowExW 75F11305 5 Bytes JMP 6EE403B7 C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[2992] USER32.dll!GetKeyState 75F18CB1 5 Bytes JMP 6EDBDDB3 C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[2992] USER32.dll!DefWindowProcW 75F203B4 7 Bytes JMP 6EE38042 C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[2992] USER32.dll!IsDialogMessageW 75F20745 5 Bytes JMP 6EF699AA C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[2992] USER32.dll!CreateDialogParamA 75F217AA 5 Bytes JMP 6EF69218 C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[2992] USER32.dll!IsDialogMessage 75F21847 5 Bytes JMP 6EF69982 C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[2992] USER32.dll!CreateDialogIndirectParamA 75F226F1 5 Bytes JMP 6EF69288 C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[2992] USER32.dll!CreateDialogIndirectParamW 75F29A62 5 Bytes JMP 6EF692C0 C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[2992] USER32.dll!SetKeyboardState 75F30987 5 Bytes JMP 6EF6A273 C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[2992] USER32.dll!DialogBoxParamW 75F310B0 5 Bytes JMP 6ED71893 C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[2992] USER32.dll!DialogBoxIndirectParamW 75F32EF5 5 Bytes JMP 6EF68EE6 C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[2992] USER32.dll!SendInput 75F32F75 5 Bytes JMP 6EF6A21B C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[2992] USER32.dll!EndDialog 75F3326E 5 Bytes JMP 6EF69C56 C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[2992] USER32.dll!SetCursorPos 75F46FB2 5 Bytes JMP 6EF6A2F4 C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[2992] USER32.dll!DialogBoxParamA 75F48152 5 Bytes JMP 6EF68E81 C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[2992] USER32.dll!DialogBoxIndirectParamA 75F4847D 5 Bytes JMP 6EF68F4B C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[2992] USER32.dll!MessageBoxIndirectA 75F5D4D9 5 Bytes JMP 6EF68E08 C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[2992] USER32.dll!MessageBoxIndirectW 75F5D5D3 5 Bytes JMP 6EF68D8F C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[2992] USER32.dll!MessageBoxExA 75F5D639 5 Bytes JMP 6EF68D2B C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[2992] USER32.dll!MessageBoxExW 75F5D65D 5 Bytes JMP 6EF68CC7 C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[2992] USER32.dll!keybd_event 75F5D972 5 Bytes JMP 6EF6A1D8 C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[2992] SHELL32.dll!SHRestricted + D95 760289A8 4 Bytes [CF, 01, 14, 6C] {IRET ; ADD [ESP+EBP*2], EDX}
.text C:\Program Files\Internet Explorer\iexplore.exe[2992] SHELL32.dll!SHRestricted + D9D 760289B0 8 Bytes [E0, 61, 13, 6C, 79, F7, 13, ...]
.text C:\Program Files\Internet Explorer\iexplore.exe[2992] ole32.dll!OleLoadFromStream 77091E80 5 Bytes JMP 6EF696B4 C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[3592] USER32.dll!EnableWindow 75F0CD8B 5 Bytes JMP 6EE19EB4 C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[3592] USER32.dll!DialogBoxParamW 75F310B0 5 Bytes JMP 6ED71893 C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[3592] USER32.dll!DialogBoxIndirectParamW 75F32EF5 5 Bytes JMP 6EF68EE6 C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[3592] USER32.dll!DialogBoxParamA 75F48152 5 Bytes JMP 6EF68E81 C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[3592] USER32.dll!DialogBoxIndirectParamA 75F4847D 5 Bytes JMP 6EF68F4B C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[3592] USER32.dll!MessageBoxIndirectA 75F5D4D9 5 Bytes JMP 6EF68E08 C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[3592] USER32.dll!MessageBoxIndirectW 75F5D5D3 5 Bytes JMP 6EF68D8F C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[3592] USER32.dll!MessageBoxExA 75F5D639 5 Bytes JMP 6EF68D2B C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[3592] USER32.dll!MessageBoxExW 75F5D65D 5 Bytes JMP 6EF68CC7 C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)

---- EOF - GMER 1.0.15 ----

Greetings and Welcome to The Forums!!

My name is Gringo and I'll be glad to help you with your computer problems.

I have put together somethings for you to keep in mind while I am helping you to make things go easier and faster for both of us

• Please do not run any tools unless instructed to do so.
  
  • We ask you to run different tools in a specific order to ensure the malware is completely removed from your machine, and running any additional tools may detect false positives, interfere with our tools, or cause unforeseen damage or system instability.
• Please do not attach logs or use code boxes, just copy and paste the text.
  
  • Due to the high volume of logs we receive it helps to receive everything in the same format, and code boxes make the logs very difficult to read. Also, attachments require us to download and open the reports when it is easier to just read the reports in your post.
• Please read every post completely before doing anything.
  
  • Pay special attention to the NOTE: lines, these entries identify an individual issue or important step in the cleanup process.
• Please provide feedback about your experience as we go.
  
  • A short statement describing how the computer is working helps us understand where to go next, for example: I am still getting redirected, the computer is running normally, etc. Please do not describe the computer as "the same", this requires the extra step of looking back at your previous post.

NOTE: At the top of your post, click on the Watch Topic Button, select Immediate Notification, and click on Proceed. This will send you an e-mail as soon as I reply to your topic, allowing us to resolve the issue faster.

NOTE: Backup any files that cannot be replaced. Removing malware can be unpredictable and this step can save a lot of hartaches if things don't go as planed. You can put them on a CD/DVD, external drive or a pen drive, anywhere except on the computer.

NOTE: It is good practice to copy and paste the instructions into notepad and print them in case it is necessary for you to go offline during the cleanup process. To open notepad, navigate to Start Menu > All Programs > Accessories > Notepad. Please remember to copy the entire post so you do not miss any instructions.

Security Check

• Download Security Check by screen317 from here.
• Save it to your Desktop.
• Double click SecurityCheck.exe and follow the onscreen instructions inside of the black box.
• A Notepad document should open automatically called checkup.txt; please post the contents of that document.

-AdwCleaner-

• Please download AdwCleaner by Xplode onto your desktop.
  
• Close all open programs and internet browsers.
• Double click on AdwCleaner.exe to run the tool.
• Click on Delete.
• Confirm each time with Ok.
• Your computer will be rebooted automatically. A text file will open after the restart.
• Please post the content of that logfile with your next answer.
• You can find the logfile at C:\AdwCleaner[S1].txt as well.

--RogueKiller--

• Download & SAVE to your Desktop RogueKiller or from here
  
• Quit all programs that you may have started.
• Please disconnect any USB or external drives from the computer before you run this scan!
• For Vista or Windows 7, right-click and select "Run as Administrator to start"
• For Windows XP, double-click to start.
• Wait until Prescan has finished ...
• Then Click on "Scan" button
• Wait until the Status box shows "Scan Finished"
• click on "delete"
• Wait until the Status box shows "Deleting Finished"
• Click on "Report" and copy/paste the content of the Notepad into your next reply.
• The log should be found in RKreport[1].txt on your Desktop
• Exit/Close RogueKiller+

Gringo

Hi Gringo

Security Check

Results of screen317's Security Check version 0.99.50
Windows Vista Service Pack 2 x86 (UAC is enabled)
Internet Explorer 9
``````````````Antivirus/Firewall Check:``````````````
Windows Firewall Enabled!
Microsoft Security Essentials
Antivirus up to date!
`````````Anti-malware/Other Utilities Check:`````````
CCleaner
Java™ 7 Update 5
Java version out of Date!
Adobe Flash Player 11.3.300.271
Adobe Reader X 10.1.1 Adobe Reader out of Date!
Google Chrome 20.0.1132.57
Google Chrome 21.0.1180.89
````````Process Check: objlist.exe by Laurent````````
Microsoft Security Essentials MSMpEng.exe
Microsoft Security Essentials msseces.exe
`````````````````System Health check`````````````````
Total Fragmentation on Drive C: 0 %
````````````````````End of Log``````````````````````

Adwcleaner

# AdwCleaner v2.001 - Logfile created 09/16/2012 at 17:06:35
# Updated 09/09/2012 by Xplode
# Operating system : Windows Vista ™ Home Basic Service Pack 2 (32 bits)
# User : Leslie - LESLIE-PC
# Boot Mode : Normal
# Running from : C:\Users\Leslie\Desktop\adwcleaner.exe
# Option [Delete]


***** [Services] *****


***** [Files / Folders] *****


***** [Registry] *****


***** [Internet Browsers] *****

-\\ Internet Explorer v9.0.8112.16421

Restored : [HKU\S-1-5-18\Software\Microsoft\Internet Explorer\SearchScopes - DefaultScope]
Restored : [HKU\S-1-5-19\Software\Microsoft\Internet Explorer\SearchScopes - DefaultScope]
Restored : [HKU\S-1-5-20\Software\Microsoft\Internet Explorer\SearchScopes - DefaultScope]

-\\ Google Chrome v21.0.1180.89

File : C:\Users\Leslie\AppData\Local\Google\Chrome\User Data\Default\Preferences

[OK] File is clean.

*************************

AdwCleaner[S1].txt - [918 octets] - [16/09/2012 17:06:35]

########## EOF - C:\AdwCleaner[S1].txt - [977 octets] ##########

Rogue Killer

RogueKiller V8.0.3 [09/13/2012] by Tigzy
mail: tigzyRK<at>gmail<dot>com
Feedback: http://www.geekstogo.com/forum/files/file/413-roguekiller/
Blog: http://tigzyrk.blogspot.com

Operating System: Windows Vista (6.0.6002 Service Pack 2) 32 bits version
Started in : Normal mode
User : Leslie [Admin rights]
Mode : Remove -- Date : 09/16/2012 17:16:10

¤¤¤ Bad processes : 0 ¤¤¤

¤¤¤ Registry Entries : 2 ¤¤¤
[HJ DESK] HKLM\[...]\NewStartPanel : {59031a47-3f72-44a7-89c5-5595fe6b30ee} (1) -> REPLACED (0)
[HJ DESK] HKLM\[...]\NewStartPanel : {20D04FE0-3AEA-1069-A2D8-08002B30309D} (1) -> REPLACED (0)

¤¤¤ Particular Files / Folders: ¤¤¤

¤¤¤ Driver : [LOADED] ¤¤¤

¤¤¤ Infection : ¤¤¤

¤¤¤ HOSTS File: ¤¤¤
--> C:\Windows\system32\drivers\etc\hosts

127.0.0.1 localhost
::1 localhost


¤¤¤ MBR Check: ¤¤¤

+++++ PhysicalDrive0: ST980811AS ATA Device +++++
--- User ---
[MBR] 1e65d5df2ccab595ae8308e4abf2e584
[BSP] 67481bd088ae16b9183f4d299cc85171 : Windows Vista MBR Code
Partition table:
0 - [XXXXXX] ACER (0x27) [VISIBLE] Offset (sectors): 2048 | Size: 5500 Mo
1 - [ACTIVE] NTFS (0x07) [VISIBLE] Offset (sectors): 11266048 | Size: 1500 Mo
2 - [XXXXXX] NTFS (0x07) [VISIBLE] Offset (sectors): 14338048 | Size: 69317 Mo
User = LL1 ... OK!
User = LL2 ... OK!

Finished : << RKreport[2].txt >>
RKreport[1].txt ; RKreport[2].txt

Hello

I Would like you to do the following.

Please print out or make a copy in notpad of any instructions given, as sometimes it is necessary to go offline and you will lose access to them.

Run Combofix:

You may be asked to install or update the Recovery Console (Win XP Only) if this happens please allow it to do so (you will need to be connected to the internet for this)

Before you run Combofix I will need you to turn off any security software you have running, If you do not know how to do this you can find out >here< or >here<

Combofix may need to reboot your computer more than once to do its job this is normal.

You can download Combofix from one of these links. I want you to save it to the desktop and run it from there.
Link 1
Link 2
Link 3
1. Close any open browsers or any other programs that are open.
2. Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.

Double click on combofix.exe & follow the prompts.
When finished, it will produce a report for you.

Note 1: Do not mouseclick combofix's window while it's running. That may cause it to stall

Note 2: If you recieve an error "Illegal operation attempted on a registery key that has been marked for deletion." Please restart the computer

"information and logs"

• In your next post I need the following
  
• Log from Combofix
• let me know of any problems you may have had
  
• How is the computer doing now?

Gringo

I ran Combofix (log below) but now my computer won't let me run any programs! Including chrome or ie - I'm using another laptop to write this.

I just get the error.. Illegal operation attempted on a registry key that has been marked for deletion.

ComboFix 12-09-15.02 - Leslie 16/09/2012 17:44:05.1.2 - x86
Microsoft® Windows Vista™ Home Basic 6.0.6002.2.1252.44.1033.18.893.361 [GMT 1:00]
Running from: c:\users\Leslie\Desktop\ComboFix.exe
AV: Microsoft Security Essentials *Disabled/Updated* {9765EA51-0D3C-7DFB-6091-10E4E1F341F6}
SP: Microsoft Security Essentials *Disabled/Updated* {2C040BB5-2B06-7275-5A21-2B969A740B4B}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\programdata\Windows
c:\programdata\windows\dsdd.dat
c:\programdata\Windows\nudr.dat
.
.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
-------\Service_usnjsvc
.
.
((((((((((((((((((((((((( Files Created from 2012-08-16 to 2012-09-16 )))))))))))))))))))))))))))))))
.
.
2012-09-16 16:51 . 2012-09-16 16:53 -------- d-----w- c:\users\Leslie\AppData\Local\temp
2012-09-16 15:53 . 2012-08-22 23:15 7022536 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{A4AE376F-11C1-4870-BED8-C0872AF63627}\mpengine.dll
2012-09-15 14:44 . 2012-08-21 12:01 26840 ----a-w- c:\windows\system32\drivers\GEARAspiWDM.sys
2012-09-15 14:43 . 2012-09-15 14:43 -------- d-----w- c:\program files\iPod
2012-09-15 14:43 . 2012-09-15 14:44 -------- d-----w- c:\programdata\188F1432-103A-4ffb-80F1-36B633C5C9E1
2012-09-15 14:43 . 2012-09-15 14:44 -------- d-----w- c:\program files\iTunes
2012-09-14 21:53 . 2012-08-22 23:15 7022536 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\Backup\mpengine.dll
2012-09-14 18:13 . 2012-09-14 18:17 -------- d-----w- c:\windows\system32\MpEngineStore
2012-09-10 20:54 . 2012-09-10 20:54 -------- d-----w- c:\users\Leslie\AppData\Roaming\gnupg
2012-09-10 20:54 . 2012-09-10 20:54 -------- d-----w- c:\programdata\GNU
2012-09-10 20:54 . 2012-09-10 20:54 -------- d-----w- c:\program files\GNU
2012-09-10 20:44 . 2012-09-10 20:44 -------- d-----w- c:\users\Leslie\AppData\Local\Microsoft Games
2012-09-08 13:13 . 2012-09-15 14:43 -------- d-----w- c:\programdata\Apple Computer
2012-09-08 12:58 . 2012-09-08 13:32 426184 ----a-w- c:\windows\system32\FlashPlayerApp.exe
2012-09-04 05:23 . 2012-07-04 14:02 2047488 ----a-w- c:\windows\system32\win32k.sys
2012-09-03 10:34 . 2012-05-11 15:57 623616 ----a-w- c:\windows\system32\localspl.dll
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-09-08 13:32 . 2012-01-02 12:27 70344 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2012-08-21 12:01 . 2012-01-02 12:53 106928 ----a-w- c:\windows\system32\GEARAspi.dll
2012-06-26 18:42 . 2012-06-26 18:43 772592 ----a-w- c:\windows\system32\npDeployJava1.dll
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt1]
@="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}]
2011-12-05 19:17 94208 ----a-w- c:\users\Leslie\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt2]
@="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}]
2011-12-05 19:17 94208 ----a-w- c:\users\Leslie\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt3]
@="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}]
2011-12-05 19:17 94208 ----a-w- c:\users\Leslie\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Spotify Web Helper"="c:\users\Leslie\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe" [2012-05-30 932528]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"RtHDVCpl"="RtHDVCpl.exe" [2008-05-13 6139904]
"Skytel"="Skytel.exe" [2007-11-20 1826816]
"MSC"="c:\program files\Microsoft Security Client\msseces.exe" [2012-03-26 931200]
"APSDaemon"="c:\program files\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2012-08-27 59280]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2012-09-09 421776]
.
c:\users\Leslie\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
Dropbox.lnk - c:\users\Leslie\AppData\Roaming\Dropbox\bin\Dropbox.exe [2012-5-24 27112840]
.
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
Ralink Wireless Utility.lnk - c:\program files\RALINK\Common\RaUI.exe [2012-1-2 1560576]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MsMpSvc]
@="Service"
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe ARM]
2011-06-06 12:55 937920 ----a-w- c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\APSDaemon]
2012-08-27 20:32 59280 ----a-w- c:\program files\Common Files\Apple\Apple Application Support\APSDaemon.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DivXUpdate]
2011-07-28 23:08 1259376 ----a-w- c:\program files\DivX\DivX Update\DivXUpdate.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper]
2012-09-09 22:30 421776 ----a-w- c:\program files\iTunes\iTunesHelper.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Sidebar]
2009-04-11 06:28 1233920 ----a-w- c:\program files\Windows Sidebar\sidebar.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Xvid]
2011-01-17 19:41 8192 ----a-w- c:\program files\Xvid\CheckUpdate.exe
.
R3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service;c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [x]
S2 AdobeARMservice;Adobe Acrobat Update Service;c:\program files\Common Files\Adobe\ARM\1.0\armsvc.exe [x]
.
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
LocalServiceNoNetwork REG_MULTI_SZ PLA DPS BFE mpssvc
LocalServiceAndNoImpersonation REG_MULTI_SZ FontCache
.
Contents of the 'Scheduled Tasks' folder
.
2012-09-16 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2012-09-08 13:32]
.
2012-09-15 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2188953998-82675815-1632894243-1000Core.job
- c:\users\Leslie\AppData\Local\Google\Update\GoogleUpdate.exe [2012-01-02 06:15]
.
2012-09-16 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2188953998-82675815-1632894243-1000UA.job
- c:\users\Leslie\AppData\Local\Google\Update\GoogleUpdate.exe [2012-01-02 06:15]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.thetechguys.com/welcome
uInternet Settings,ProxyOverride = *.local
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~4\Office12\EXCEL.EXE/3000
TCP: DhcpNameServer = 194.168.4.100 194.168.8.100
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2012-09-16 17:55
Windows 6.0.6002 Service Pack 2 NTFS
.
scanning hidden processes ...
.
scanning hidden autostart entries ...
.
scanning hidden files ...
.
scan completed successfully
hidden files: 0
.
**************************************************************************
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Services\msiserver]
"ImagePath"="%systemroot%\system32\msiexec /V"
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil32_11_4_402_265_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
@="c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil32_11_4_402_265_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="IFlashBroker5"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
--------------------- DLLs Loaded Under Running Processes ---------------------
.
- - - - - - - > 'Explorer.exe'(3352)
c:\users\Leslie\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll
.
------------------------ Other Running Processes ------------------------
.
c:\program files\Microsoft Security Client\MsMpEng.exe
c:\windows\system32\Ati2evxx.exe
c:\windows\system32\WLANExt.exe
c:\windows\system32\Ati2evxx.exe
c:\program files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
c:\program files\Bonjour\mDNSResponder.exe
c:\program files\GNU\GnuPG\dirmngr.exe
c:\program files\RALINK\Common\RalinkRegistryWriter.exe
.
**************************************************************************
.
Completion time: 2012-09-16 18:00:21 - machine was rebooted
ComboFix-quarantined-files.txt 2012-09-16 17:00
ComboFix2.txt 2012-06-26 20:18
.
Pre-Run: 11,613,085,696 bytes free
Post-Run: 11,295,072,256 bytes free
.
- - End Of File - - 2956BAA818D9961E4A4EA5CB524E544D

restart the comp0uter and let me know how things are doing


gringo

Okay it all seems to be working fine now.

Computer feels like it running slightly better too, no virus detections from MSE yet either!

Greetings

I want you to run these next,

tdsskiller:

Please read carefully and follow these steps.

• Download TDSSKiller and save it to your Desktop.
• doubleclick on TDSSKiller.exe to run the application, then on Start Scan.
• If an infected file is detected, the default action will be Cure, click on Continue.
• If a suspicious file is detected, the default action will be Skip, click on Continue.
• It may ask you to reboot the computer to complete the process. Click on Reboot Now.
• If no reboot is require, click on Report. A log file should appear. Please copy and paste the contents of that file here.
• If a reboot is required, the report can also be found in your root directory, (usually C:\ folder) in the form of "TDSSKiller.[Version]_[Date]_[Time]_log.txt". Please copy and paste the contents of that file here.

Please download aswMBR to your desktop.

• Double click the aswMBR.exe icon to run it
• it will ask to download extra definitions - ALLOW IT
• Click the Scan button to start the scan
• On completion of the scan, click the save log button, save it to your desktop and post it in your next reply.

If you have any problems running either one come back and let me know

please reply with the reports from TDSSKiller and aswMBR

Gringo

TDSS Killer

19:22:23.0088 1036 TDSS rootkit removing tool 2.8.8.0 Aug 24 2012 13:27:48
19:22:29.0282 1036 ============================================================
19:22:29.0282 1036 Current date / time: 2012/09/17 19:22:29.0282
19:22:29.0282 1036 SystemInfo:
19:22:29.0282 1036
19:22:29.0282 1036 OS Version: 6.0.6002 ServicePack: 2.0
19:22:29.0282 1036 Product type: Workstation
19:22:29.0282 1036 ComputerName: LESLIE-PC
19:22:29.0282 1036 UserName: Leslie
19:22:29.0282 1036 Windows directory: C:\Windows
19:22:29.0282 1036 System windows directory: C:\Windows
19:22:29.0282 1036 Processor architecture: Intel x86
19:22:29.0282 1036 Number of processors: 2
19:22:29.0282 1036 Page size: 0x1000
19:22:29.0282 1036 Boot type: Normal boot
19:22:29.0282 1036 ============================================================
19:22:30.0627 1036 Drive \Device\Harddisk0\DR0 - Size: 0x12A1F16000 (74.53 Gb), SectorSize: 0x200, Cylinders: 0x2601, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000050
19:22:30.0627 1036 ============================================================
19:22:30.0627 1036 \Device\Harddisk0\DR0:
19:22:30.0627 1036 MBR partitions:
19:22:30.0627 1036 \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0xABE800, BlocksNum 0x2EE000
19:22:30.0627 1036 \Device\Harddisk0\DR0\Partition2: MBR, Type 0x7, StartLBA 0xDAC800, BlocksNum 0x8762800
19:22:30.0627 1036 ============================================================
19:22:30.0659 1036 C: <-> \Device\Harddisk0\DR0\Partition2
19:22:30.0690 1036 S: <-> \Device\Harddisk0\DR0\Partition1
19:22:30.0690 1036 ============================================================
19:22:30.0690 1036 Initialize success
19:22:30.0690 1036 ============================================================
19:22:52.0337 2524 ============================================================
19:22:52.0337 2524 Scan started
19:22:52.0337 2524 Mode: Manual;
19:22:52.0337 2524 ============================================================
19:22:52.0979 2524 ================ Scan system memory ========================
19:22:52.0979 2524 System memory - ok
19:22:52.0979 2524 ================ Scan services =============================
19:22:54.0683 2524 [ 82B296AE1892FE3DBEE00C9CF92F8AC7 ] ACPI C:\Windows\system32\drivers\acpi.sys
19:22:54.0965 2524 ACPI - ok
19:22:55.0434 2524 [ 11A52CF7B265631DEEB24C6149309EFF ] AdobeARMservice C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe
19:22:55.0450 2524 AdobeARMservice - ok
19:22:55.0700 2524 [ A9D3B95E8466BD58EEB8A1154654E162 ] AdobeFlashPlayerUpdateSvc C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe
19:22:55.0715 2524 AdobeFlashPlayerUpdateSvc - ok
19:22:55.0856 2524 [ 04F0FCAC69C7C71A3AC4EB97FAFC8303 ] adp94xx C:\Windows\system32\drivers\adp94xx.sys
19:22:56.0044 2524 adp94xx - ok
19:22:56.0247 2524 [ 60505E0041F7751BDBB80F88BF45C2CE ] adpahci C:\Windows\system32\drivers\adpahci.sys
19:22:56.0294 2524 adpahci - ok
19:22:56.0357 2524 [ 8A42779B02AEC986EAB64ECFC98F8BD7 ] adpu160m C:\Windows\system32\drivers\adpu160m.sys
19:22:56.0404 2524 adpu160m - ok
19:22:56.0685 2524 [ 241C9E37F8CE45EF51C3DE27515CA4E5 ] adpu320 C:\Windows\system32\drivers\adpu320.sys
19:22:56.0732 2524 adpu320 - ok
19:22:56.0826 2524 [ 9D1FDA9E086BA64E3C93C9DE32461BCF ] AeLookupSvc C:\Windows\System32\aelupsvc.dll
19:22:56.0857 2524 AeLookupSvc - ok
19:22:57.0155 2524 [ 3911B972B55FEA0478476B2E777B29FA ] AFD C:\Windows\system32\drivers\afd.sys
19:22:57.0233 2524 AFD - ok
19:22:57.0420 2524 [ 13F9E33747E6B41A3FF305C37DB0D360 ] agp440 C:\Windows\system32\drivers\agp440.sys
19:22:57.0467 2524 agp440 - ok
19:22:57.0623 2524 [ AE1FDF7BF7BB6C6A70F67699D880592A ] aic78xx C:\Windows\system32\drivers\djsvs.sys
19:22:57.0702 2524 aic78xx - ok
19:22:57.0780 2524 [ A1545B731579895D8CC44FC0481C1192 ] ALG C:\Windows\System32\alg.exe
19:22:57.0827 2524 ALG - ok
19:22:57.0873 2524 [ 9EAEF5FC9B8E351AFA7E78A6FAE91F91 ] aliide C:\Windows\system32\drivers\aliide.sys
19:22:57.0920 2524 aliide - ok
19:22:58.0031 2524 [ C47344BC706E5F0B9DCE369516661578 ] amdagp C:\Windows\system32\drivers\amdagp.sys
19:22:58.0046 2524 amdagp - ok
19:22:58.0078 2524 [ 9B78A39A4C173FDBC1321E0DD659B34C ] amdide C:\Windows\system32\drivers\amdide.sys
19:22:58.0093 2524 amdide - ok
19:22:58.0156 2524 [ 18F29B49AD23ECEE3D2A826C725C8D48 ] AmdK7 C:\Windows\system32\drivers\amdk7.sys
19:22:58.0171 2524 AmdK7 - ok
19:22:58.0249 2524 [ 93AE7F7DD54AB986A6F1A1B37BE7442D ] AmdK8 C:\Windows\system32\drivers\amdk8.sys
19:22:58.0296 2524 AmdK8 - ok
19:22:58.0437 2524 [ C6D704C7F0434DC791AAC37CAC4B6E14 ] Appinfo C:\Windows\System32\appinfo.dll
19:22:58.0484 2524 Appinfo - ok
19:22:58.0921 2524 [ A5299D04ED225D64CF07A568A3E1BF8C ] Apple Mobile Device C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
19:22:59.0000 2524 Apple Mobile Device - ok
19:22:59.0172 2524 [ 5D2888182FB46632511ACEE92FDAD522 ] arc C:\Windows\system32\drivers\arc.sys
19:22:59.0188 2524 arc - ok
19:22:59.0235 2524 [ 5E2A321BD7C8B3624E41FDEC3E244945 ] arcsas C:\Windows\system32\drivers\arcsas.sys
19:22:59.0266 2524 arcsas - ok
19:22:59.0344 2524 [ 53B202ABEE6455406254444303E87BE1 ] AsyncMac C:\Windows\system32\DRIVERS\asyncmac.sys
19:22:59.0360 2524 AsyncMac - ok
19:22:59.0438 2524 [ 1F05B78AB91C9075565A9D8A4B880BC4 ] atapi C:\Windows\system32\drivers\atapi.sys
19:22:59.0438 2524 atapi - ok
19:22:59.0750 2524 [ 86FB6B8DDBCB6E025CE8A90F77AF1FF1 ] Ati External Event Utility C:\Windows\system32\Ati2evxx.exe
19:23:00.0048 2524 Ati External Event Utility - ok
19:23:01.0502 2524 [ A23EFB72057FED7128EB558866055FDF ] atikmdag C:\Windows\system32\DRIVERS\atikmdag.sys
19:23:02.0566 2524 atikmdag - ok
19:23:02.0722 2524 [ 68E2A1A0407A66CF50DA0300852424AB ] AudioEndpointBuilder C:\Windows\System32\Audiosrv.dll
19:23:02.0785 2524 AudioEndpointBuilder - ok
19:23:02.0800 2524 [ 68E2A1A0407A66CF50DA0300852424AB ] Audiosrv C:\Windows\System32\Audiosrv.dll
19:23:02.0800 2524 Audiosrv - ok
19:23:02.0894 2524 [ 67E506B75BD5326A3EC7B70BD014DFB6 ] Beep C:\Windows\system32\drivers\Beep.sys
19:23:02.0925 2524 Beep - ok
19:23:02.0972 2524 [ C789AF0F724FDA5852FB9A7D3A432381 ] BFE C:\Windows\System32\bfe.dll
19:23:03.0003 2524 BFE - ok
19:23:03.0254 2524 [ 93952506C6D67330367F7E7934B6A02F ] BITS C:\Windows\system32\qmgr.dll
19:23:03.0520 2524 BITS - ok
19:23:03.0551 2524 [ D4DF28447741FD3D953526E33A617397 ] blbdrive C:\Windows\system32\drivers\blbdrive.sys
19:23:03.0567 2524 blbdrive - ok
19:23:03.0770 2524 [ DB5BEA73EDAF19AC68B2C0FAD0F92B1A ] Bonjour Service C:\Program Files\Bonjour\mDNSResponder.exe
19:23:03.0942 2524 Bonjour Service - ok
19:23:03.0989 2524 [ 35F376253F687BDE63976CCB3F2108CA ] bowser C:\Windows\system32\DRIVERS\bowser.sys
19:23:04.0004 2524 bowser - ok
19:23:04.0075 2524 [ 9F9ACC7F7CCDE8A15C282D3F88B43309 ] BrFiltLo C:\Windows\system32\drivers\brfiltlo.sys
19:23:04.0090 2524 BrFiltLo - ok
19:23:04.0121 2524 [ 56801AD62213A41F6497F96DEE83755A ] BrFiltUp C:\Windows\system32\drivers\brfiltup.sys
19:23:04.0121 2524 BrFiltUp - ok
19:23:04.0184 2524 [ A3629A0C4226F9E9C72FAAEEBC3AD33C ] Browser C:\Windows\System32\browser.dll
19:23:04.0215 2524 Browser - ok
19:23:04.0262 2524 [ B304E75CFF293029EDDF094246747113 ] Brserid C:\Windows\system32\drivers\brserid.sys
19:23:04.0309 2524 Brserid - ok
19:23:04.0340 2524 [ 203F0B1E73ADADBBB7B7B1FABD901F6B ] BrSerWdm C:\Windows\system32\drivers\brserwdm.sys
19:23:04.0371 2524 BrSerWdm - ok
19:23:04.0403 2524 [ BD456606156BA17E60A04E18016AE54B ] BrUsbMdm C:\Windows\system32\drivers\brusbmdm.sys
19:23:04.0403 2524 BrUsbMdm - ok
19:23:04.0481 2524 [ AF72ED54503F717A43268B3CC5FAEC2E ] BrUsbSer C:\Windows\system32\drivers\brusbser.sys
19:23:04.0496 2524 BrUsbSer - ok
19:23:04.0528 2524 [ AD07C1EC6665B8B35741AB91200C6B68 ] BTHMODEM C:\Windows\system32\drivers\bthmodem.sys
19:23:04.0543 2524 BTHMODEM - ok
19:23:04.0559 2524 catchme - ok
19:23:04.0637 2524 [ 7ADD03E75BEB9E6DD102C3081D29840A ] cdfs C:\Windows\system32\DRIVERS\cdfs.sys
19:23:04.0684 2524 cdfs - ok
19:23:04.0731 2524 [ 6B4BFFB9BECD728097024276430DB314 ] cdrom C:\Windows\system32\DRIVERS\cdrom.sys
19:23:04.0762 2524 cdrom - ok
19:23:04.0856 2524 [ 312EC3E37A0A1F2006534913E37B4423 ] CertPropSvc C:\Windows\System32\certprop.dll
19:23:04.0871 2524 CertPropSvc - ok
19:23:04.0903 2524 [ E5D4133F37219DBCFE102BC61072589D ] circlass C:\Windows\system32\drivers\circlass.sys
19:23:04.0918 2524 circlass - ok
19:23:05.0028 2524 [ D7659D3B5B92C31E84E53C1431F35132 ] CLFS C:\Windows\system32\CLFS.sys
19:23:05.0060 2524 CLFS - ok
19:23:05.0482 2524 [ 8EE772032E2FE80A924F3B8DD5082194 ] clr_optimization_v2.0.50727_32 C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
19:23:05.0638 2524 clr_optimization_v2.0.50727_32 - ok
19:23:06.0248 2524 [ C5A75EB48E2344ABDC162BDA79E16841 ] clr_optimization_v4.0.30319_32 C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
19:23:06.0795 2524 clr_optimization_v4.0.30319_32 - ok
19:23:06.0920 2524 [ 99AFC3795B58CC478FBBBCDC658FCB56 ] CmBatt C:\Windows\system32\DRIVERS\CmBatt.sys
19:23:06.0920 2524 CmBatt - ok
19:23:06.0983 2524 [ 0CA25E686A4928484E9FDABD168AB629 ] cmdide C:\Windows\system32\drivers\cmdide.sys
19:23:06.0998 2524 cmdide - ok
19:23:07.0061 2524 [ 6AFEF0B60FA25DE07C0968983EE4F60A ] Compbatt C:\Windows\system32\DRIVERS\compbatt.sys
19:23:07.0093 2524 Compbatt - ok
19:23:07.0109 2524 COMSysApp - ok
19:23:07.0156 2524 [ 741E9DFF4F42D2D8477D0FC1DC0DF871 ] crcdisk C:\Windows\system32\drivers\crcdisk.sys
19:23:07.0203 2524 crcdisk - ok
19:23:07.0234 2524 [ 1F07BECDCA750766A96CDA811BA86410 ] Crusoe C:\Windows\system32\drivers\crusoe.sys
19:23:07.0249 2524 Crusoe - ok
19:23:07.0328 2524 [ 75C6A297E364014840B48ECCD7525E30 ] CryptSvc C:\Windows\system32\cryptsvc.dll
19:23:07.0343 2524 CryptSvc - ok
19:23:07.0562 2524 [ 3B5B4D53FEC14F7476CA29A20CC31AC9 ] DcomLaunch C:\Windows\system32\rpcss.dll
19:23:07.0828 2524 DcomLaunch - ok
19:23:07.0890 2524 [ 622C41A07CA7E6DD91770F50D532CB6C ] DfsC C:\Windows\system32\Drivers\dfsc.sys
19:23:07.0921 2524 DfsC - ok
19:23:08.0360 2524 [ 2CC3DCFB533A1035B13DCAB6160AB38B ] DFSR C:\Windows\system32\DFSR.exe
19:23:09.0298 2524 DFSR - ok
19:23:09.0501 2524 [ 9028559C132146FB75EB7ACF384B086A ] Dhcp C:\Windows\System32\dhcpcsvc.dll
19:23:09.0626 2524 Dhcp - ok
19:23:09.0876 2524 [ 4F26BB00747D41E7C0FE8EBB2900F862 ] DirMngr C:\Program Files\GNU\GnuPG\dirmngr.exe
19:23:09.0892 2524 DirMngr - ok
19:23:09.0986 2524 [ 5D4AEFC3386920236A548271F8F1AF6A ] disk C:\Windows\system32\drivers\disk.sys
19:23:10.0017 2524 disk - ok
19:23:10.0079 2524 [ 57D762F6F5974AF0DA2BE88A3349BAAA ] Dnscache C:\Windows\System32\dnsrslvr.dll
19:23:10.0111 2524 Dnscache - ok
19:23:10.0190 2524 [ 324FD74686B1EF5E7C19A8AF49E748F6 ] dot3svc C:\Windows\System32\dot3svc.dll
19:23:10.0252 2524 dot3svc - ok
19:23:10.0330 2524 [ A622E888F8AA2F6B49E9BC466F0E5DEF ] DPS C:\Windows\system32\dps.dll
19:23:10.0377 2524 DPS - ok
19:23:10.0487 2524 [ 97FEF831AB90BEE128C9AF390E243F80 ] drmkaud C:\Windows\system32\drivers\drmkaud.sys
19:23:10.0502 2524 drmkaud - ok
19:23:10.0612 2524 [ C68AC676B0EF30CFBB1080ADCE49EB1F ] DXGKrnl C:\Windows\System32\drivers\dxgkrnl.sys
19:23:10.0799 2524 DXGKrnl - ok
19:23:10.0846 2524 [ 5425F74AC0C1DBD96A1E04F17D63F94C ] E1G60 C:\Windows\system32\DRIVERS\E1G60I32.sys
19:23:10.0877 2524 E1G60 - ok
19:23:10.0940 2524 [ C0B95E40D85CD807D614E264248A45B9 ] EapHost C:\Windows\System32\eapsvc.dll
19:23:10.0940 2524 EapHost - ok
19:23:11.0049 2524 [ 7F64EA048DCFAC7ACF8B4D7B4E6FE371 ] Ecache C:\Windows\system32\drivers\ecache.sys
19:23:11.0175 2524 Ecache - ok
19:23:11.0347 2524 [ 23B62471681A124889978F6295B3F4C6 ] elxstor C:\Windows\system32\drivers\elxstor.sys
19:23:11.0410 2524 elxstor - ok
19:23:11.0472 2524 [ 4E6B23DFC917EA39306B529B773950F4 ] EMDMgmt C:\Windows\system32\emdmgmt.dll
19:23:11.0488 2524 EMDMgmt - ok
19:23:11.0519 2524 [ 3DB974F3935483555D7148663F726C61 ] ErrDev C:\Windows\system32\drivers\errdev.sys
19:23:11.0519 2524 ErrDev - ok
19:23:11.0644 2524 [ 67058C46504BC12D821F38CF99B7B28F ] EventSystem C:\Windows\system32\es.dll
19:23:11.0644 2524 EventSystem - ok
19:23:11.0753 2524 [ 22B408651F9123527BCEE54B4F6C5CAE ] exfat C:\Windows\system32\drivers\exfat.sys
19:23:11.0785 2524 exfat - ok
19:23:11.0831 2524 [ 1E9B9A70D332103C52995E957DC09EF8 ] fastfat C:\Windows\system32\drivers\fastfat.sys
19:23:11.0847 2524 fastfat - ok
19:23:11.0894 2524 [ AFE1E8B9782A0DD7FB46BBD88E43F89A ] fdc C:\Windows\system32\DRIVERS\fdc.sys
19:23:11.0894 2524 fdc - ok
19:23:11.0956 2524 [ 6629B5F0E98151F4AFDD87567EA32BA3 ] fdPHost C:\Windows\system32\fdPHost.dll
19:23:11.0956 2524 fdPHost - ok
19:23:11.0972 2524 [ 89ED56DCE8E47AF40892778A5BD31FD2 ] FDResPub C:\Windows\system32\fdrespub.dll
19:23:11.0972 2524 FDResPub - ok
19:23:12.0035 2524 [ A8C0139A884861E3AAE9CFE73B208A9F ] FileInfo C:\Windows\system32\drivers\fileinfo.sys
19:23:12.0035 2524 FileInfo - ok
19:23:12.0097 2524 [ 0AE429A696AECBC5970E3CF2C62635AE ] Filetrace C:\Windows\system32\drivers\filetrace.sys
19:23:12.0113 2524 Filetrace - ok
19:23:12.0144 2524 [ 85B7CF99D532820495D68D747FDA9EBD ] flpydisk C:\Windows\system32\DRIVERS\flpydisk.sys
19:23:12.0160 2524 flpydisk - ok
19:23:12.0255 2524 [ 01334F9EA68E6877C4EF05D3EA8ABB05 ] FltMgr C:\Windows\system32\drivers\fltmgr.sys
19:23:12.0286 2524 FltMgr - ok
19:23:12.0380 2524 [ 8CE364388C8ECA59B14B539179276D44 ] FontCache C:\Windows\system32\FntCache.dll
19:23:12.0740 2524 FontCache - ok
19:23:12.0865 2524 [ C7FBDD1ED42F82BFA35167A5C9803EA3 ] FontCache3.0.0.0 C:\Windows\Microsoft.Net\Framework\v3.0\WPF\PresentationFontCache.exe
19:23:12.0880 2524 FontCache3.0.0.0 - ok
19:23:12.0896 2524 [ B972A66758577E0BFD1DE0F91AAA27B5 ] Fs_Rec C:\Windows\system32\drivers\Fs_Rec.sys
19:23:12.0911 2524 Fs_Rec - ok
19:23:12.0958 2524 [ 34582A6E6573D54A07ECE5FE24A126B5 ] gagp30kx C:\Windows\system32\drivers\gagp30kx.sys
19:23:12.0974 2524 gagp30kx - ok
19:23:13.0021 2524 [ 185ADA973B5020655CEE342059A86CBB ] GEARAspiWDM C:\Windows\system32\DRIVERS\GEARAspiWDM.sys
19:23:13.0021 2524 GEARAspiWDM - ok
19:23:13.0178 2524 [ CD5D0AEEE35DFD4E986A5AA1500A6E66 ] gpsvc C:\Windows\System32\gpsvc.dll
19:23:13.0288 2524 gpsvc - ok
19:23:13.0367 2524 [ CB04C744BE0A61B1D648FAED182C3B59 ] HdAudAddService C:\Windows\system32\drivers\HdAudio.sys
19:23:13.0429 2524 HdAudAddService - ok
19:23:13.0476 2524 [ 062452B7FFD68C8C042A6261FE8DFF4A ] HDAudBus C:\Windows\system32\DRIVERS\HDAudBus.sys
19:23:13.0492 2524 HDAudBus - ok
19:23:13.0538 2524 [ 1338520E78D90154ED6BE8F84DE5FCEB ] HidBth C:\Windows\system32\drivers\hidbth.sys
19:23:13.0554 2524 HidBth - ok
19:23:13.0585 2524 [ FF3160C3A2445128C5A6D9B076DA519E ] HidIr C:\Windows\system32\drivers\hidir.sys
19:23:13.0585 2524 HidIr - ok
19:23:13.0632 2524 [ 84067081F3318162797385E11A8F0582 ] hidserv C:\Windows\System32\hidserv.dll
19:23:13.0632 2524 hidserv - ok
19:23:13.0679 2524 [ CCA4B519B17E23A00B826C55716809CC ] HidUsb C:\Windows\system32\DRIVERS\hidusb.sys
19:23:13.0679 2524 HidUsb - ok
19:23:13.0742 2524 [ D8AD255B37DA92434C26E4876DB7D418 ] hkmsvc C:\Windows\system32\kmsvc.dll
19:23:13.0757 2524 hkmsvc - ok
19:23:13.0804 2524 [ 16EE7B23A009E00D835CDB79574A91A6 ] HpCISSs C:\Windows\system32\drivers\hpcisss.sys
19:23:13.0804 2524 HpCISSs - ok
19:23:13.0882 2524 [ 0EEECA26C8D4BDE2A4664DB058A81937 ] HTTP C:\Windows\system32\drivers\HTTP.sys
19:23:13.0913 2524 HTTP - ok
19:23:13.0945 2524 [ C6B032D69650985468160FC9937CF5B4 ] i2omp C:\Windows\system32\drivers\i2omp.sys
19:23:13.0945 2524 i2omp - ok
19:23:14.0038 2524 [ 22D56C8184586B7A1F6FA60BE5F5A2BD ] i8042prt C:\Windows\system32\DRIVERS\i8042prt.sys
19:23:14.0054 2524 i8042prt - ok
19:23:14.0085 2524 ialm - ok
19:23:14.0163 2524 [ 54155EA1B0DF185878E0FC9EC3AC3A14 ] iaStorV C:\Windows\system32\drivers\iastorv.sys
19:23:14.0195 2524 iaStorV - ok
19:23:14.0290 2524 [ 98477B08E61945F974ED9FDC4CB6BDAB ] idsvc C:\Windows\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe
19:23:14.0369 2524 idsvc - ok
19:23:14.0400 2524 igfx - ok
19:23:14.0447 2524 [ 2D077BF86E843F901D8DB709C95B49A5 ] iirsp C:\Windows\system32\drivers\iirsp.sys
19:23:14.0447 2524 iirsp - ok
19:23:14.0603 2524 [ 9908D8A397B76CD8D31D0D383C5773C9 ] IKEEXT C:\Windows\System32\ikeext.dll
19:23:14.0650 2524 IKEEXT - ok
19:23:15.0056 2524 [ FBBE3F1697D393BE685CD6192B1EC95A ] IntcAzAudAddService C:\Windows\system32\drivers\RTKVHDA.sys
19:23:15.0557 2524 IntcAzAudAddService - ok
19:23:15.0588 2524 [ 83AA759F3189E6370C30DE5DC5590718 ] intelide C:\Windows\system32\drivers\intelide.sys
19:23:15.0604 2524 intelide - ok
19:23:15.0666 2524 [ 224191001E78C89DFA78924C3EA595FF ] intelppm C:\Windows\system32\DRIVERS\intelppm.sys
19:23:15.0666 2524 intelppm - ok
19:23:15.0729 2524 [ 9AC218C6E6105477484C6FDBE7D409A4 ] IPBusEnum C:\Windows\system32\ipbusenum.dll
19:23:15.0776 2524 IPBusEnum - ok
19:23:15.0807 2524 [ 62C265C38769B864CB25B4BCF62DF6C3 ] IpFilterDriver C:\Windows\system32\DRIVERS\ipfltdrv.sys
19:23:15.0823 2524 IpFilterDriver - ok
19:23:15.0870 2524 [ 1998BD97F950680BB55F55A7244679C2 ] iphlpsvc C:\Windows\System32\iphlpsvc.dll
19:23:15.0885 2524 iphlpsvc - ok
19:23:15.0901 2524 IpInIp - ok
19:23:15.0932 2524 [ B25AAF203552B7B3491139D582B39AD1 ] IPMIDRV C:\Windows\system32\drivers\ipmidrv.sys
19:23:15.0932 2524 IPMIDRV - ok
19:23:15.0979 2524 [ 8793643A67B42CEC66490B2A0CF92D68 ] IPNAT C:\Windows\system32\DRIVERS\ipnat.sys
19:23:15.0995 2524 IPNAT - ok
19:23:16.0088 2524 [ BC0EA61246F8D940FBC5F652D337D6BD ] iPod Service C:\Program Files\iPod\bin\iPodService.exe
19:23:16.0182 2524 iPod Service - ok
19:23:16.0261 2524 [ E50A95179211B12946F7E035D60AF560 ] irda C:\Windows\system32\DRIVERS\irda.sys
19:23:16.0277 2524 irda - ok
19:23:16.0324 2524 [ 109C0DFB82C3632FBD11949B73AEEAC9 ] IRENUM C:\Windows\system32\drivers\irenum.sys
19:23:16.0339 2524 IRENUM - ok
19:23:16.0370 2524 [ CBB0D940221A281BCFEAEA695BD1CDA5 ] Irmon C:\Windows\System32\irmon.dll
19:23:16.0370 2524 Irmon - ok
19:23:16.0402 2524 [ 5896B5FF6332AB2BE1582523E9656A67 ] irsir C:\Windows\system32\DRIVERS\irsir.sys
19:23:16.0402 2524 irsir - ok
19:23:16.0433 2524 [ 6C70698A3E5C4376C6AB5C7C17FB0614 ] isapnp C:\Windows\system32\drivers\isapnp.sys
19:23:16.0433 2524 isapnp - ok
19:23:16.0511 2524 [ 232FA340531D940AAC623B121A595034 ] iScsiPrt C:\Windows\system32\DRIVERS\msiscsi.sys
19:23:16.0527 2524 iScsiPrt - ok
19:23:16.0558 2524 [ BCED60D16156E428F8DF8CF27B0DF150 ] iteatapi C:\Windows\system32\drivers\iteatapi.sys
19:23:16.0558 2524 iteatapi - ok
19:23:16.0605 2524 [ 06FA654504A498C30ADCA8BEC4E87E7E ] iteraid C:\Windows\system32\drivers\iteraid.sys
19:23:16.0620 2524 iteraid - ok
19:23:16.0652 2524 [ 37605E0A8CF00CBBA538E753E4344C6E ] kbdclass C:\Windows\system32\DRIVERS\kbdclass.sys
19:23:16.0652 2524 kbdclass - ok
19:23:16.0699 2524 [ EDE59EC70E25C24581ADD1FBEC7325F7 ] kbdhid C:\Windows\system32\DRIVERS\kbdhid.sys
19:23:16.0714 2524 kbdhid - ok
19:23:16.0777 2524 [ A3E186B4B935905B829219502557314E ] KeyIso C:\Windows\system32\lsass.exe
19:23:16.0808 2524 KeyIso - ok
19:23:16.0855 2524 [ 4A1445EFA932A3BAF5BDB02D7131EE20 ] KSecDD C:\Windows\system32\Drivers\ksecdd.sys
19:23:16.0886 2524 KSecDD - ok
19:23:16.0949 2524 [ 8078F8F8F7A79E2E6B494523A828C585 ] KtmRm C:\Windows\system32\msdtckrm.dll
19:23:16.0980 2524 KtmRm - ok
19:23:17.0042 2524 [ 1BF5EEBFD518DD7298434D8C862F825D ] LanmanServer C:\Windows\System32\srvsvc.dll
19:23:17.0058 2524 LanmanServer - ok
19:23:17.0120 2524 [ 1DB69705B695B987082C8BAEC0C6B34F ] LanmanWorkstation C:\Windows\System32\wkssvc.dll
19:23:17.0199 2524 LanmanWorkstation - ok
19:23:17.0293 2524 [ D1C5883087A0C3F1344D9D55A44901F6 ] lltdio C:\Windows\system32\DRIVERS\lltdio.sys
19:23:17.0325 2524 lltdio - ok
19:23:17.0403 2524 [ 2D5A428872F1442631D0959A34ABFF63 ] lltdsvc C:\Windows\System32\lltdsvc.dll
19:23:17.0512 2524 lltdsvc - ok
19:23:17.0543 2524 [ 35D40113E4A5B961B6CE5C5857702518 ] lmhosts C:\Windows\System32\lmhsvc.dll
19:23:17.0559 2524 lmhosts - ok
19:23:17.0606 2524 [ C7E15E82879BF3235B559563D4185365 ] LSI_FC C:\Windows\system32\drivers\lsi_fc.sys
19:23:17.0606 2524 LSI_FC - ok
19:23:17.0668 2524 [ EE01EBAE8C9BF0FA072E0FF68718920A ] LSI_SAS C:\Windows\system32\drivers\lsi_sas.sys
19:23:17.0684 2524 LSI_SAS - ok
19:23:17.0762 2524 [ 912A04696E9CA30146A62AFA1463DD5C ] LSI_SCSI C:\Windows\system32\drivers\lsi_scsi.sys
19:23:17.0793 2524 LSI_SCSI - ok
19:23:17.0825 2524 [ 8F5C7426567798E62A3B3614965D62CC ] luafv C:\Windows\system32\drivers\luafv.sys
19:23:17.0840 2524 luafv - ok
19:23:17.0887 2524 [ 0001CE609D66632FA17B84705F658879 ] megasas C:\Windows\system32\drivers\megasas.sys
19:23:17.0887 2524 megasas - ok
19:23:17.0950 2524 [ C252F32CD9A49DBFC25ECF26EBD51A99 ] MegaSR C:\Windows\system32\drivers\megasr.sys
19:23:18.0028 2524 MegaSR - ok
19:23:18.0059 2524 [ 1076FFCFFAAE8385FD62DFCB25AC4708 ] MMCSS C:\Windows\system32\mmcss.dll
19:23:18.0075 2524 MMCSS - ok
19:23:18.0106 2524 [ E13B5EA0F51BA5B1512EC671393D09BA ] Modem C:\Windows\system32\drivers\modem.sys
19:23:18.0137 2524 Modem - ok
19:23:18.0168 2524 [ 0A9BB33B56E294F686ABB7C1E4E2D8A8 ] monitor C:\Windows\system32\DRIVERS\monitor.sys
19:23:18.0168 2524 monitor - ok
19:23:18.0294 2524 [ 5BF6A1326A335C5298477754A506D263 ] mouclass C:\Windows\system32\DRIVERS\mouclass.sys
19:23:18.0341 2524 mouclass - ok
19:23:18.0388 2524 [ 93B8D4869E12CFBE663915502900876F ] mouhid C:\Windows\system32\DRIVERS\mouhid.sys
19:23:18.0435 2524 mouhid - ok
19:23:18.0497 2524 [ BDAFC88AA6B92F7842416EA6A48E1600 ] MountMgr C:\Windows\system32\drivers\mountmgr.sys
19:23:18.0513 2524 MountMgr - ok
19:23:18.0747 2524 [ D993BEA500E7382DC4E760BF4F35EFCB ] MpFilter C:\Windows\system32\DRIVERS\MpFilter.sys
19:23:18.0826 2524 MpFilter - ok
19:23:18.0919 2524 [ 511D011289755DD9F9A7579FB0B064E6 ] mpio C:\Windows\system32\drivers\mpio.sys
19:23:18.0951 2524 mpio - ok
19:23:19.0232 2524 [ A69630D039C38018689190234F866D77 ] MpKsl961b3841 c:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{B339D8EB-F226-497C-92BC-0A0BDFD60BA0}\MpKsl961b3841.sys
19:23:19.0232 2524 MpKsl961b3841 - ok
19:23:19.0279 2524 [ 22241FEBA9B2DEFA669C8CB0A8DD7D2E ] mpsdrv C:\Windows\system32\drivers\mpsdrv.sys
19:23:19.0295 2524 mpsdrv - ok
19:23:19.0452 2524 [ 5DE62C6E9108F14F6794060A9BDECAEC ] MpsSvc C:\Windows\system32\mpssvc.dll
19:23:19.0483 2524 MpsSvc - ok
19:23:19.0530 2524 [ 4FBBB70D30FD20EC51F80061703B001E ] Mraid35x C:\Windows\system32\drivers\mraid35x.sys
19:23:19.0545 2524 Mraid35x - ok
19:23:19.0655 2524 [ 82CEA0395524AACFEB58BA1448E8325C ] MRxDAV C:\Windows\system32\drivers\mrxdav.sys
19:23:19.0670 2524 MRxDAV - ok
19:23:19.0748 2524 [ 1E94971C4B446AB2290DEB71D01CF0C2 ] mrxsmb C:\Windows\system32\DRIVERS\mrxsmb.sys
19:23:19.0764 2524 mrxsmb - ok
19:23:19.0827 2524 [ 4FCCB34D793B116423209C0F8B7A3B03 ] mrxsmb10 C:\Windows\system32\DRIVERS\mrxsmb10.sys
19:23:19.0858 2524 mrxsmb10 - ok
19:23:19.0905 2524 [ C3CB1B40AD4A0124D617A1199B0B9D7C ] mrxsmb20 C:\Windows\system32\DRIVERS\mrxsmb20.sys
19:23:19.0967 2524 mrxsmb20 - ok
19:23:19.0998 2524 [ 28023E86F17001F7CD9B15A5BC9AE07D ] msahci C:\Windows\system32\drivers\msahci.sys
19:23:20.0014 2524 msahci - ok
19:23:20.0061 2524 [ 4468B0F385A86ECDDAF8D3CA662EC0E7 ] msdsm C:\Windows\system32\drivers\msdsm.sys
19:23:20.0123 2524 msdsm - ok
19:23:20.0186 2524 [ FD7520CC3A80C5FC8C48852BB24C6DED ] MSDTC C:\Windows\System32\msdtc.exe
19:23:20.0248 2524 MSDTC - ok
19:23:20.0343 2524 [ A9927F4A46B816C92F461ACB90CF8515 ] Msfs C:\Windows\system32\drivers\Msfs.sys
19:23:20.0359 2524 Msfs - ok
19:23:20.0437 2524 [ 0F400E306F385C56317357D6DEA56F62 ] msisadrv C:\Windows\system32\drivers\msisadrv.sys
19:23:20.0453 2524 msisadrv - ok
19:23:20.0531 2524 [ 85466C0757A23D9A9AECDC0755203CB2 ] MSiSCSI C:\Windows\system32\iscsiexe.dll
19:23:20.0578 2524 MSiSCSI - ok
19:23:20.0593 2524 msiserver - ok
19:23:20.0656 2524 [ D8C63D34D9C9E56C059E24EC7185CC07 ] MSKSSRV C:\Windows\system32\drivers\MSKSSRV.sys
19:23:20.0671 2524 MSKSSRV - ok
19:23:20.0734 2524 [ 24516BF4E12A46CB67302E2CDCB8CDDF ] MsMpSvc c:\Program Files\Microsoft Security Client\MsMpEng.exe
19:23:20.0734 2524 MsMpSvc - ok
19:23:20.0781 2524 [ 1D373C90D62DDB641D50E55B9E78D65E ] MSPCLOCK C:\Windows\system32\drivers\MSPCLOCK.sys
19:23:20.0812 2524 MSPCLOCK - ok
19:23:20.0843 2524 [ B572DA05BF4E098D4BBA3A4734FB505B ] MSPQM C:\Windows\system32\drivers\MSPQM.sys
19:23:20.0859 2524 MSPQM - ok
19:23:20.0921 2524 [ B49456D70555DE905C311BCDA6EC6ADB ] MsRPC C:\Windows\system32\drivers\MsRPC.sys
19:23:20.0953 2524 MsRPC - ok
19:23:20.0984 2524 [ E384487CB84BE41D09711C30CA79646C ] mssmbios C:\Windows\system32\DRIVERS\mssmbios.sys
19:23:20.0999 2524 mssmbios - ok
19:23:21.0062 2524 [ 7199C1EEC1E4993CAF96B8C0A26BD58A ] MSTEE C:\Windows\system32\drivers\MSTEE.sys
19:23:21.0078 2524 MSTEE - ok
19:23:21.0124 2524 [ 6A57B5733D4CB702C8EA4542E836B96C ] Mup C:\Windows\system32\Drivers\mup.sys
19:23:21.0140 2524 Mup - ok
19:23:21.0281 2524 [ E4EAF0C5C1B41B5C83386CF212CA9584 ] napagent C:\Windows\system32\qagentRT.dll
19:23:21.0407 2524 napagent - ok
19:23:21.0532 2524 [ 85C44FDFF9CF7E72A40DCB7EC06A4416 ] NativeWifiP C:\Windows\system32\DRIVERS\nwifi.sys
19:23:21.0578 2524 NativeWifiP - ok
19:23:21.0766 2524 [ 1357274D1883F68300AEADD15D7BBB42 ] NDIS C:\Windows\system32\drivers\ndis.sys
19:23:21.0860 2524 NDIS - ok
19:23:21.0938 2524 [ 0E186E90404980569FB449BA7519AE61 ] NdisTapi C:\Windows\system32\DRIVERS\ndistapi.sys
19:23:21.0938 2524 NdisTapi - ok
19:23:22.0000 2524 [ D6973AA34C4D5D76C0430B181C3CD389 ] Ndisuio C:\Windows\system32\DRIVERS\ndisuio.sys
19:23:22.0032 2524 Ndisuio - ok
19:23:22.0078 2524 [ 818F648618AE34F729FDB47EC68345C3 ] NdisWan C:\Windows\system32\DRIVERS\ndiswan.sys
19:23:22.0094 2524 NdisWan - ok
19:23:22.0125 2524 [ 71DAB552B41936358F3B541AE5997FB3 ] NDProxy C:\Windows\system32\drivers\NDProxy.sys
19:23:22.0141 2524 NDProxy - ok
19:23:22.0203 2524 [ BCD093A5A6777CF626434568DC7DBA78 ] NetBIOS C:\Windows\system32\DRIVERS\netbios.sys
19:23:22.0250 2524 NetBIOS - ok
19:23:22.0361 2524 [ ECD64230A59CBD93C85F1CD1CAB9F3F6 ] netbt C:\Windows\system32\DRIVERS\netbt.sys
19:23:22.0470 2524 netbt - ok
19:23:22.0501 2524 [ A3E186B4B935905B829219502557314E ] Netlogon C:\Windows\system32\lsass.exe
19:23:22.0501 2524 Netlogon - ok
19:23:22.0626 2524 [ C8052711DAECC48B982434C5116CA401 ] Netman C:\Windows\System32\netman.dll
19:23:22.0783 2524 Netman - ok
19:23:22.0829 2524 [ 2EF3BBE22E5A5ACD1428EE387A0D0172 ] netprofm C:\Windows\System32\netprofm.dll
19:23:22.0845 2524 netprofm - ok
19:23:22.0908 2524 [ D6C4E4A39A36029AC0813D476FBD0248 ] NetTcpPortSharing C:\Windows\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe
19:23:22.0970 2524 NetTcpPortSharing - ok
19:23:23.0033 2524 [ 2E7FB731D4790A1BC6270ACCEFACB36E ] nfrd960 C:\Windows\system32\drivers\nfrd960.sys
19:23:23.0064 2524 nfrd960 - ok
19:23:23.0111 2524 [ B52F26BADE7D7E4A79706E3FD91834CD ] NisDrv C:\Windows\system32\DRIVERS\NisDrvWFP.sys
19:23:23.0126 2524 NisDrv - ok
19:23:23.0173 2524 [ 290C0D4C4889398797F8DF3BE00B9698 ] NisSrv c:\Program Files\Microsoft Security Client\NisSrv.exe
19:23:23.0267 2524 NisSrv - ok
19:23:23.0362 2524 [ 2997B15415F9BBE05B5A4C1C85E0C6A2 ] NlaSvc C:\Windows\System32\nlasvc.dll
19:23:23.0393 2524 NlaSvc - ok
19:23:23.0440 2524 [ D36F239D7CCE1931598E8FB90A0DBC26 ] Npfs C:\Windows\system32\drivers\Npfs.sys
19:23:23.0440 2524 Npfs - ok
19:23:23.0502 2524 [ 8BB86F0C7EEA2BDED6FE095D0B4CA9BD ] nsi C:\Windows\system32\nsisvc.dll
19:23:23.0534 2524 nsi - ok
19:23:23.0612 2524 [ 609773E344A97410CE4EBF74A8914FCF ] nsiproxy C:\Windows\system32\drivers\nsiproxy.sys
19:23:23.0690 2524 nsiproxy - ok
19:23:23.0815 2524 [ 6A4A98CEE84CF9E99564510DDA4BAA47 ] Ntfs C:\Windows\system32\drivers\Ntfs.sys
19:23:24.0315 2524 Ntfs - ok
19:23:24.0346 2524 [ E875C093AEC0C978A90F30C9E0DFBB72 ] ntrigdigi C:\Windows\system32\drivers\ntrigdigi.sys
19:23:24.0362 2524 ntrigdigi - ok
19:23:24.0460 2524 [ C5DBBCDA07D780BDA9B685DF333BB41E ] Null C:\Windows\system32\drivers\Null.sys
19:23:24.0476 2524 Null - ok
19:23:24.0523 2524 [ 2EDF9E7751554B42CBB60116DE727101 ] nvraid C:\Windows\system32\drivers\nvraid.sys
19:23:24.0554 2524 nvraid - ok
19:23:24.0601 2524 [ ABED0C09758D1D97DB0042DBB2688177 ] nvstor C:\Windows\system32\drivers\nvstor.sys
19:23:24.0617 2524 nvstor - ok
19:23:24.0663 2524 [ 18BBDF913916B71BD54575BDB6EEAC0B ] nv_agp C:\Windows\system32\drivers\nv_agp.sys
19:23:24.0695 2524 nv_agp - ok
19:23:24.0695 2524 NwlnkFlt - ok
19:23:24.0710 2524 NwlnkFwd - ok
19:23:24.0976 2524 [ 785F487A64950F3CB8E9F16253BA3B7B ] odserv C:\Program Files\Common Files\Microsoft Shared\OFFICE12\ODSERV.EXE
19:23:25.0493 2524 odserv - ok
19:23:25.0602 2524 [ BE32DA025A0BE1878F0EE8D6D9386CD5 ] ohci1394 C:\Windows\system32\drivers\ohci1394.sys
19:23:25.0680 2524 ohci1394 - ok
19:23:25.0836 2524 [ 5A432A042DAE460ABE7199B758E8606C ] ose C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE
19:23:25.0946 2524 ose - ok
19:23:26.0164 2524 [ 0C8E8E61AD1EB0B250B846712C917506 ] p2pimsvc C:\Windows\system32\p2psvc.dll
19:23:26.0587 2524 p2pimsvc - ok
19:23:26.0712 2524 [ 0C8E8E61AD1EB0B250B846712C917506 ] p2psvc C:\Windows\system32\p2psvc.dll
19:23:26.0728 2524 p2psvc - ok
19:23:26.0822 2524 [ 8A79FDF04A73428597E2CAF9D0D67850 ] Parport C:\Windows\system32\DRIVERS\parport.sys
19:23:26.0837 2524 Parport - ok
19:23:26.0884 2524 [ B9C2B89F08670E159F7181891E449CD9 ] partmgr C:\Windows\system32\drivers\partmgr.sys
19:23:26.0915 2524 partmgr - ok
19:23:26.0962 2524 [ 6C580025C81CAF3AE9E3617C22CAD00E ] Parvdm C:\Windows\system32\DRIVERS\parvdm.sys
19:23:26.0978 2524 Parvdm - ok
19:23:27.0056 2524 [ C6276AD11F4BB49B58AA1ED88537F14A ] PcaSvc C:\Windows\System32\pcasvc.dll
19:23:27.0072 2524 PcaSvc - ok
19:23:27.0228 2524 [ 941DC1D19E7E8620F40BBC206981EFDB ] pci C:\Windows\system32\drivers\pci.sys
19:23:27.0322 2524 pci - ok
19:23:27.0448 2524 [ 1636D43F10416AEB483BC6001097B26C ] pciide C:\Windows\system32\drivers\pciide.sys
19:23:27.0479 2524 pciide - ok
19:23:27.0588 2524 [ E6F3FB1B86AA519E7698AD05E58B04E5 ] pcmcia C:\Windows\system32\drivers\pcmcia.sys
19:23:27.0666 2524 pcmcia - ok
19:23:27.0916 2524 [ 6349F6ED9C623B44B52EA3C63C831A92 ] PEAUTH C:\Windows\system32\drivers\peauth.sys
19:23:28.0307 2524 PEAUTH - ok
19:23:28.0777 2524 [ B1689DF169143F57053F795390C99DB3 ] pla C:\Windows\system32\pla.dll
19:23:29.0621 2524 pla - ok
19:23:29.0950 2524 [ C5E7F8A996EC0A82D508FD9064A5569E ] PlugPlay C:\Windows\system32\umpnpmgr.dll
19:23:30.0075 2524 PlugPlay - ok
19:23:30.0278 2524 [ 0C8E8E61AD1EB0B250B846712C917506 ] PNRPAutoReg C:\Windows\system32\p2psvc.dll
19:23:30.0685 2524 PNRPAutoReg - ok
19:23:30.0904 2524 [ 0C8E8E61AD1EB0B250B846712C917506 ] PNRPsvc C:\Windows\system32\p2psvc.dll
19:23:30.0904 2524 PNRPsvc - ok
19:23:31.0091 2524 [ D0494460421A03CD5225CCA0059AA146 ] PolicyAgent C:\Windows\System32\ipsecsvc.dll
19:23:31.0169 2524 PolicyAgent - ok
19:23:31.0404 2524 [ ECFFFAEC0C1ECD8DBC77F39070EA1DB1 ] PptpMiniport C:\Windows\system32\DRIVERS\raspptp.sys
19:23:31.0419 2524 PptpMiniport - ok
19:23:31.0530 2524 [ 2027293619DD0F047C584CF2E7DF4FFD ] Processor C:\Windows\system32\drivers\processr.sys
19:23:31.0530 2524 Processor - ok
19:23:31.0592 2524 [ 0508FAA222D28835310B7BFCA7A77346 ] ProfSvc C:\Windows\system32\profsvc.dll
19:23:31.0623 2524 ProfSvc - ok
19:23:31.0655 2524 [ A3E186B4B935905B829219502557314E ] ProtectedStorage C:\Windows\system32\lsass.exe
19:23:31.0655 2524 ProtectedStorage - ok
19:23:31.0717 2524 [ 99514FAA8DF93D34B5589187DB3AA0BA ] PSched C:\Windows\system32\DRIVERS\pacer.sys
19:23:31.0733 2524 PSched - ok
19:23:32.0030 2524 [ 0A6DB55AFB7820C99AA1F3A1D270F4F6 ] ql2300 C:\Windows\system32\drivers\ql2300.sys
19:23:32.0624 2524 ql2300 - ok
19:23:32.0656 2524 [ 81A7E5C076E59995D54BC1ED3A16E60B ] ql40xx C:\Windows\system32\drivers\ql40xx.sys
19:23:32.0687 2524 ql40xx - ok
19:23:32.0765 2524 [ E9ECAE663F47E6CB43962D18AB18890F ] QWAVE C:\Windows\system32\qwave.dll
19:23:32.0890 2524 QWAVE - ok
19:23:32.0921 2524 [ 9F5E0E1926014D17486901C88ECA2DB7 ] QWAVEdrv C:\Windows\system32\drivers\qwavedrv.sys
19:23:33.0015 2524 QWAVEdrv - ok
19:23:34.0000 2524 [ A23EFB72057FED7128EB558866055FDF ] R300 C:\Windows\system32\DRIVERS\atikmdag.sys
19:23:34.0047 2524 R300 - ok
19:23:34.0157 2524 [ 5FAF80080E1F0E7244E373D48C1F09F9 ] RalinkRegistryWriter C:\Program Files\RALINK\Common\RalinkRegistryWriter.exe
19:23:34.0157 2524 RalinkRegistryWriter - ok
19:23:34.0172 2524 [ 147D7F9C556D259924351FEB0DE606C3 ] RasAcd C:\Windows\system32\DRIVERS\rasacd.sys
19:23:34.0203 2524 RasAcd - ok
19:23:34.0235 2524 [ F6A452EB4CEADBB51C9E0EE6B3ECEF0F ] RasAuto C:\Windows\System32\rasauto.dll
19:23:34.0282 2524 RasAuto - ok
19:23:34.0407 2524 [ A214ADBAF4CB47DD2728859EF31F26B0 ] Rasl2tp C:\Windows\system32\DRIVERS\rasl2tp.sys
19:23:34.0453 2524 Rasl2tp - ok
19:23:34.0516 2524 [ 75D47445D70CA6F9F894B032FBC64FCF ] RasMan C:\Windows\System32\rasmans.dll
19:23:34.0566 2524 RasMan - ok
19:23:34.0628 2524 [ 509A98DD18AF4375E1FC40BC175F1DEF ] RasPppoe C:\Windows\system32\DRIVERS\raspppoe.sys
19:23:34.0644 2524 RasPppoe - ok
19:23:34.0706 2524 [ 2005F4A1E05FA09389AC85840F0A9E4D ] RasSstp C:\Windows\system32\DRIVERS\rassstp.sys
19:23:34.0738 2524 RasSstp - ok
19:23:34.0800 2524 [ B14C9D5B9ADD2F84F70570BBBFAA7935 ] rdbss C:\Windows\system32\DRIVERS\rdbss.sys
19:23:34.0816 2524 rdbss - ok
19:23:34.0894 2524 [ 89E59BE9A564262A3FB6C4F4F1CD9899 ] RDPCDD C:\Windows\system32\DRIVERS\RDPCDD.sys
19:23:34.0910 2524 RDPCDD - ok
19:23:34.0956 2524 [ FBC0BACD9C3D7F6956853F64A66E252D ] rdpdr C:\Windows\system32\drivers\rdpdr.sys
19:23:34.0988 2524 rdpdr - ok
19:23:35.0019 2524 [ 9D91FE5286F748862ECFFA05F8A0710C ] RDPENCDD C:\Windows\system32\drivers\rdpencdd.sys
19:23:35.0019 2524 RDPENCDD - ok
19:23:35.0097 2524 [ C127EBD5AFAB31524662C48DFCEB773A ] RDPWD C:\Windows\system32\drivers\RDPWD.sys
19:23:35.0160 2524 RDPWD - ok
19:23:35.0222 2524 [ BCDD6B4804D06B1F7EBF29E53A57ECE9 ] RemoteAccess C:\Windows\System32\mprdim.dll
19:23:35.0222 2524 RemoteAccess - ok
19:23:35.0285 2524 [ 9E6894EA18DAFF37B63E1005F83AE4AB ] RemoteRegistry C:\Windows\system32\regsvc.dll
19:23:35.0316 2524 RemoteRegistry - ok
19:23:35.0363 2524 [ 5123F83CBC4349D065534EEB6BBDC42B ] RpcLocator C:\Windows\system32\locator.exe
19:23:35.0378 2524 RpcLocator - ok
19:23:35.0425 2524 [ 3B5B4D53FEC14F7476CA29A20CC31AC9 ] RpcSs C:\Windows\system32\rpcss.dll
19:23:35.0441 2524 RpcSs - ok
19:23:35.0519 2524 [ 9C508F4074A39E8B4B31D27198146FAD ] rspndr C:\Windows\system32\DRIVERS\rspndr.sys
19:23:35.0550 2524 rspndr - ok
19:23:35.0697 2524 [ 7564B99E469D8E3782F5907E3D448F03 ] rt61x86 C:\Windows\system32\DRIVERS\netr61.sys
19:23:36.0119 2524 rt61x86 - ok
19:23:36.0181 2524 [ 5C5612756B380BCEDBF566A780FF9AFE ] RTL8023xp C:\Windows\system32\DRIVERS\Rtnicxp.sys
19:23:36.0181 2524 RTL8023xp - ok
19:23:36.0228 2524 [ A3E186B4B935905B829219502557314E ] SamSs C:\Windows\system32\lsass.exe
19:23:36.0228 2524 SamSs - ok
19:23:36.0275 2524 [ 3CE8F073A557E172B330109436984E30 ] sbp2port C:\Windows\system32\drivers\sbp2port.sys
19:23:36.0306 2524 sbp2port - ok
19:23:36.0369 2524 [ 77B7A11A0C3D78D3386398FBBEA1B632 ] SCardSvr C:\Windows\System32\SCardSvr.dll
19:23:36.0400 2524 SCardSvr - ok
19:23:36.0509 2524 [ 1A58069DB21D05EB2AB58EE5753EBE8D ] Schedule C:\Windows\system32\schedsvc.dll
19:23:36.0760 2524 Schedule - ok
19:23:36.0776 2524 [ 312EC3E37A0A1F2006534913E37B4423 ] SCPolicySvc C:\Windows\System32\certprop.dll
19:23:36.0776 2524 SCPolicySvc - ok
19:23:36.0807 2524 [ 716313D9F6B0529D03F726D5AAF6F191 ] SDRSVC C:\Windows\System32\SDRSVC.dll
19:23:36.0838 2524 SDRSVC - ok
19:23:36.0885 2524 [ 90A3935D05B494A5A39D37E71F09A677 ] secdrv C:\Windows\system32\drivers\secdrv.sys
19:23:36.0901 2524 secdrv - ok
19:23:36.0932 2524 [ FD5199D4D8A521005E4B5EE7FE00FA9B ] seclogon C:\Windows\system32\seclogon.dll
19:23:36.0963 2524 seclogon - ok
19:23:37.0010 2524 [ A9BBAB5759771E523F55563D6CBE140F ] SENS C:\Windows\system32\sens.dll
19:23:37.0026 2524 SENS - ok
19:23:37.0073 2524 [ CE9EC966638EF0B10B864DDEDF62A099 ] Serenum C:\Windows\system32\DRIVERS\serenum.sys
19:23:37.0104 2524 Serenum - ok
19:23:37.0151 2524 [ 6D663022DB3E7058907784AE14B69898 ] Serial C:\Windows\system32\DRIVERS\serial.sys
19:23:37.0151 2524 Serial - ok
19:23:37.0166 2524 [ 8AF3D28A879BF75DB53A0EE7A4289624 ] sermouse C:\Windows\system32\drivers\sermouse.sys
19:23:37.0182 2524 sermouse - ok
19:23:37.0245 2524 [ D2193326F729B163125610DBF3E17D57 ] SessionEnv C:\Windows\system32\sessenv.dll
19:23:37.0245 2524 SessionEnv - ok
19:23:37.0260 2524 [ 3EFA810BDCA87F6ECC24F9832243FE86 ] sffdisk C:\Windows\system32\drivers\sffdisk.sys
19:23:37.0260 2524 sffdisk - ok
19:23:37.0307 2524 [ E95D451F7EA3E583AEC75F3B3EE42DC5 ] sffp_mmc C:\Windows\system32\drivers\sffp_mmc.sys
19:23:37.0463 2524 sffp_mmc - ok
19:23:37.0605 2524 [ 3D0EA348784B7AC9EA9BD9F317980979 ] sffp_sd C:\Windows\system32\drivers\sffp_sd.sys
19:23:37.0667 2524 sffp_sd - ok
19:23:37.0667 2524 [ 46ED8E91793B2E6F848015445A0AC188 ] sfloppy C:\Windows\system32\drivers\sfloppy.sys
19:23:37.0699 2524 sfloppy - ok
19:23:37.0870 2524 [ E1499BD0FF76B1B2FBBF1AF339D91165 ] SharedAccess C:\Windows\System32\ipnathlp.dll
19:23:37.0902 2524 SharedAccess - ok
19:23:38.0011 2524 [ C7230FBEE14437716701C15BE02C27B8 ] ShellHWDetection C:\Windows\System32\shsvcs.dll
19:23:38.0167 2524 ShellHWDetection - ok
19:23:38.0214 2524 [ 1D76624A09A054F682D746B924E2DBC3 ] sisagp C:\Windows\system32\drivers\sisagp.sys
19:23:38.0230 2524 sisagp - ok
19:23:38.0230 2524 [ 43CB7AA756C7DB280D01DA9B676CFDE2 ] SiSRaid2 C:\Windows\system32\drivers\sisraid2.sys
19:23:38.0245 2524 SiSRaid2 - ok
19:23:38.0308 2524 [ A99C6C8B0BAA970D8AA59DDC50B57F94 ] SiSRaid4 C:\Windows\system32\drivers\sisraid4.sys
19:23:38.0324 2524 SiSRaid4 - ok
19:23:38.0793 2524 [ 862BB4CBC05D80C5B45BE430E5EF872F ] slsvc C:\Windows\system32\SLsvc.exe
19:23:38.0918 2524 slsvc - ok
19:23:38.0934 2524 [ 6EDC422215CD78AA8A9CDE6B30ABBD35 ] SLUINotify C:\Windows\system32\SLUINotify.dll
19:23:38.0934 2524 SLUINotify - ok
19:23:39.0012 2524 [ 7B75299A4D201D6A6533603D6914AB04 ] Smb C:\Windows\system32\DRIVERS\smb.sys
19:23:39.0012 2524 Smb - ok
19:23:39.0059 2524 [ 2A146A055B4401C16EE62D18B8E2A032 ] SNMPTRAP C:\Windows\System32\snmptrap.exe
19:23:39.0090 2524 SNMPTRAP - ok
19:23:39.0137 2524 [ 7AEBDEEF071FE28B0EEF2CDD69102BFF ] spldr C:\Windows\system32\drivers\spldr.sys
19:23:39.0137 2524 spldr - ok
19:23:39.0215 2524 [ 8554097E5136C3BF9F69FE578A1B35F4 ] Spooler C:\Windows\System32\spoolsv.exe
19:23:39.0231 2524 Spooler - ok
19:23:39.0293 2524 [ 41987F9FC0E61ADF54F581E15029AD91 ] srv C:\Windows\system32\DRIVERS\srv.sys
19:23:39.0293 2524 srv - ok
19:23:39.0356 2524 [ FF33AFF99564B1AA534F58868CBE41EF ] srv2 C:\Windows\system32\DRIVERS\srv2.sys
19:23:39.0371 2524 srv2 - ok
19:23:39.0403 2524 [ 7605C0E1D01A08F3ECD743F38B834A44 ] srvnet C:\Windows\system32\DRIVERS\srvnet.sys
19:23:39.0403 2524 srvnet - ok
19:23:39.0450 2524 [ 03D50B37234967433A5EA5BA72BC0B62 ] SSDPSRV C:\Windows\System32\ssdpsrv.dll
19:23:39.0450 2524 SSDPSRV - ok
19:23:39.0512 2524 [ 6F1A32E7B7B30F004D9A20AFADB14944 ] SstpSvc C:\Windows\system32\sstpsvc.dll
19:23:39.0512 2524 SstpSvc - ok
19:23:39.0669 2524 [ 5DE7D67E49B88F5F07F3E53C4B92A352 ] stisvc C:\Windows\System32\wiaservc.dll
19:23:39.0685 2524 stisvc - ok
19:23:39.0716 2524 [ 7BA58ECF0C0A9A69D44B3DCA62BECF56 ] swenum C:\Windows\system32\DRIVERS\swenum.sys
19:23:39.0716 2524 swenum - ok
19:23:39.0826 2524 [ F21FD248040681CCA1FB6C9A03AAA93D ] swprv C:\Windows\System32\swprv.dll
19:23:39.0826 2524 swprv - ok
19:23:39.0857 2524 [ 192AA3AC01DF071B541094F251DEED10 ] Symc8xx C:\Windows\system32\drivers\symc8xx.sys
19:23:39.0888 2524 Symc8xx - ok
19:23:39.0935 2524 [ 8C8EB8C76736EBAF3B13B633B2E64125 ] Sym_hi C:\Windows\system32\drivers\sym_hi.sys
19:23:39.0935 2524 Sym_hi - ok
19:23:39.0951 2524 [ 8072AF52B5FD103BBBA387A1E49F62CB ] Sym_u3 C:\Windows\system32\drivers\sym_u3.sys
19:23:39.0951 2524 Sym_u3 - ok
19:23:40.0029 2524 [ 9A51B04E9886AA4EE90093586B0BA88D ] SysMain C:\Windows\system32\sysmain.dll
19:23:40.0044 2524 SysMain - ok
19:23:40.0091 2524 [ 2DCA225EAE15F42C0933E998EE0231C3 ] TabletInputService C:\Windows\System32\TabSvc.dll
19:23:40.0122 2524 TabletInputService - ok
19:23:40.0216 2524 [ D7673E4B38CE21EE54C59EEEB65E2483 ] TapiSrv C:\Windows\System32\tapisrv.dll
19:23:40.0435 2524 TapiSrv - ok
19:23:40.0482 2524 [ CB05822CD9CC6C688168E113C603DBE7 ] TBS C:\Windows\System32\tbssvc.dll
19:23:40.0497 2524 TBS - ok
19:23:40.0576 2524 [ 27D470DABC77BC60D0A3B0E4DEB6CB91 ] Tcpip C:\Windows\system32\drivers\tcpip.sys
19:23:40.0638 2524 Tcpip - ok
19:23:40.0701 2524 [ 27D470DABC77BC60D0A3B0E4DEB6CB91 ] Tcpip6 C:\Windows\system32\DRIVERS\tcpip.sys
19:23:40.0701 2524 Tcpip6 - ok
19:23:40.0779 2524 [ 608C345A255D82A6289C2D468EB41FD7 ] tcpipreg C:\Windows\system32\drivers\tcpipreg.sys
19:23:40.0794 2524 tcpipreg - ok
19:23:40.0810 2524 [ 5DCF5E267BE67A1AE926F2DF77FBCC56 ] TDPIPE C:\Windows\system32\drivers\tdpipe.sys
19:23:40.0810 2524 TDPIPE - ok
19:23:40.0841 2524 [ 389C63E32B3CEFED425B61ED92D3F021 ] TDTCP C:\Windows\system32\drivers\tdtcp.sys
19:23:40.0841 2524 TDTCP - ok
19:23:40.0888 2524 [ 76B06EB8A01FC8624D699E7045303E54 ] tdx C:\Windows\system32\DRIVERS\tdx.sys
19:23:40.0888 2524 tdx - ok
19:23:40.0904 2524 [ 3CAD38910468EAB9A6479E2F01DB43C7 ] TermDD C:\Windows\system32\DRIVERS\termdd.sys
19:23:40.0904 2524 TermDD - ok
19:23:40.0966 2524 [ BB95DA09BEF6E7A131BFF3BA5032090D ] TermService C:\Windows\System32\termsrv.dll
19:23:40.0982 2524 TermService - ok
19:23:41.0044 2524 [ C7230FBEE14437716701C15BE02C27B8 ] Themes C:\Windows\system32\shsvcs.dll
19:23:41.0060 2524 Themes - ok
19:23:41.0076 2524 [ 1076FFCFFAAE8385FD62DFCB25AC4708 ] THREADORDER C:\Windows\system32\mmcss.dll
19:23:41.0076 2524 THREADORDER - ok
19:23:41.0122 2524 [ EC74E77D0EB004BD3A809B5F8FB8C2CE ] TrkWks C:\Windows\System32\trkwks.dll
19:23:41.0122 2524 TrkWks - ok
19:23:41.0185 2524 [ 97D9D6A04E3AD9B6C626B9931DB78DBA ] TrustedInstaller C:\Windows\servicing\TrustedInstaller.exe
19:23:41.0185 2524 TrustedInstaller - ok
19:23:41.0232 2524 [ DCF0F056A2E4F52287264F5AB29CF206 ] tssecsrv C:\Windows\system32\DRIVERS\tssecsrv.sys
19:23:41.0232 2524 tssecsrv - ok
19:23:41.0247 2524 [ CAECC0120AC49E3D2F758B9169872D38 ] tunmp C:\Windows\system32\DRIVERS\tunmp.sys
19:23:41.0247 2524 tunmp - ok
19:23:41.0294 2524 [ 300DB877AC094FEAB0BE7688C3454A9C ] tunnel C:\Windows\system32\DRIVERS\tunnel.sys
19:23:41.0294 2524 tunnel - ok
19:23:41.0326 2524 [ 7D33C4DB2CE363C8518D2DFCF533941F ] uagp35 C:\Windows\system32\drivers\uagp35.sys
19:23:41.0341 2524 uagp35 - ok
19:23:41.0419 2524 [ D9728AF68C4C7693CB100B8441CBDEC6 ] udfs C:\Windows\system32\DRIVERS\udfs.sys
19:23:41.0419 2524 udfs - ok
19:23:41.0482 2524 [ ECEF404F62863755951E09C802C94AD5 ] UI0Detect C:\Windows\system32\UI0Detect.exe
19:23:41.0497 2524 UI0Detect - ok
19:23:41.0513 2524 [ B0ACFDC9E4AF279E9116C03E014B2B27 ] uliagpkx C:\Windows\system32\drivers\uliagpkx.sys
19:23:41.0513 2524 uliagpkx - ok
19:23:41.0544 2524 [ 9224BB254F591DE4CA8D572A5F0D635C ] uliahci C:\Windows\system32\drivers\uliahci.sys
19:23:41.0544 2524 uliahci - ok
19:23:41.0576 2524 [ 8514D0E5CD0534467C5FC61BE94A569F ] UlSata C:\Windows\system32\drivers\ulsata.sys
19:23:41.0576 2524 UlSata - ok
19:23:41.0607 2524 [ 38C3C6E62B157A6BC46594FADA45C62B ] ulsata2 C:\Windows\system32\drivers\ulsata2.sys
19:23:41.0607 2524 ulsata2 - ok
19:23:41.0638 2524 [ 32CFF9F809AE9AED85464492BF3E32D2 ] umbus C:\Windows\system32\DRIVERS\umbus.sys
19:23:41.0638 2524 umbus - ok
19:23:41.0686 2524 [ 68308183F4AE0BE7BF8ECD07CB297999 ] upnphost C:\Windows\System32\upnphost.dll
19:23:41.0717 2524 upnphost - ok
19:23:41.0748 2524 [ CAF811AE4C147FFCD5B51750C7F09142 ] usbccgp C:\Windows\system32\DRIVERS\usbccgp.sys
19:23:41.0873 2524 usbccgp - ok
19:23:41.0920 2524 [ E9476E6C486E76BC4898074768FB7131 ] usbcir C:\Windows\system32\drivers\usbcir.sys
19:23:41.0936 2524 usbcir - ok
19:23:41.0998 2524 [ 79E96C23A97CE7B8F14D310DA2DB0C9B ] usbehci C:\Windows\system32\DRIVERS\usbehci.sys
19:23:41.0998 2524 usbehci - ok
19:23:42.0045 2524 [ 4673BBCB006AF60E7ABDDBE7A130BA42 ] usbhub C:\Windows\system32\DRIVERS\usbhub.sys
19:23:42.0045 2524 usbhub - ok
19:23:42.0108 2524 [ CE697FEE0D479290D89BEC80DFE793B7 ] usbohci C:\Windows\system32\DRIVERS\usbohci.sys
19:23:42.0123 2524 usbohci - ok
19:23:42.0155 2524 [ B51E52ACF758BE00EF3A58EA452FE360 ] usbprint C:\Windows\system32\drivers\usbprint.sys
19:23:42.0170 2524 usbprint - ok
19:23:42.0202 2524 [ BE3DA31C191BC222D9AD503C5224F2AD ] USBSTOR C:\Windows\system32\DRIVERS\USBSTOR.SYS
19:23:42.0327 2524 USBSTOR - ok
19:23:42.0358 2524 [ 814D653EFC4D48BE3B04A307ECEFF56F ] usbuhci C:\Windows\system32\DRIVERS\usbuhci.sys
19:23:42.0373 2524 usbuhci - ok
19:23:42.0452 2524 [ 1509E705F3AC1D474C92454A5C2DD81F ] UxSms C:\Windows\System32\uxsms.dll
19:23:42.0467 2524 UxSms - ok
19:23:42.0623 2524 [ CD88D1B7776DC17A119049742EC07EB4 ] vds C:\Windows\System32\vds.exe
19:23:42.0655 2524 vds - ok
19:23:42.0703 2524 [ 87B06E1F30B749A114F74622D013F8D4 ] vga C:\Windows\system32\DRIVERS\vgapnp.sys
19:23:42.0703 2524 vga - ok
19:23:42.0718 2524 [ 2E93AC0A1D8C79D019DB6C51F036636C ] VgaSave C:\Windows\System32\drivers\vga.sys
19:23:42.0749 2524 VgaSave - ok
19:23:42.0781 2524 [ 5D7159DEF58A800D5781BA3A879627BC ] viaagp C:\Windows\system32\drivers\viaagp.sys
19:23:42.0796 2524 viaagp - ok
19:23:42.0843 2524 [ C4F3A691B5BAD343E6249BD8C2D45DEE ] ViaC7 C:\Windows\system32\drivers\viac7.sys
19:23:42.0843 2524 ViaC7 - ok
19:23:42.0890 2524 [ AADF5587A4063F52C2C3FED7887426FC ] viaide C:\Windows\system32\drivers\viaide.sys
19:23:42.0906 2524 viaide - ok
19:23:42.0953 2524 [ 69503668AC66C77C6CD7AF86FBDF8C43 ] volmgr C:\Windows\system32\drivers\volmgr.sys
19:23:42.0968 2524 volmgr - ok
19:23:43.0093 2524 [ 23E41B834759917BFD6B9A0D625D0C28 ] volmgrx C:\Windows\system32\drivers\volmgrx.sys
19:23:43.0281 2524 volmgrx - ok
19:23:43.0359 2524 [ 147281C01FCB1DF9252DE2A10D5E7093 ] volsnap C:\Windows\system32\drivers\volsnap.sys
19:23:43.0421 2524 volsnap - ok
19:23:43.0453 2524 [ 587253E09325E6BF226B299774B728A9 ] vsmraid C:\Windows\system32\drivers\vsmraid.sys
19:23:43.0468 2524 vsmraid - ok
19:23:43.0640 2524 [ DB3D19F850C6EB32BDCB9BC0836ACDDB ] VSS C:\Windows\system32\vssvc.exe
19:23:43.0687 2524 VSS - ok
19:23:43.0761 2524 [ 96EA68B9EB310A69C25EBB0282B2B9DE ] W32Time C:\Windows\system32\w32time.dll
19:23:43.0761 2524 W32Time - ok
19:23:43.0808 2524 [ 48DFEE8F1AF7C8235D4E626F0C4FE031 ] WacomPen C:\Windows\system32\drivers\wacompen.sys
19:23:43.0808 2524 WacomPen - ok
19:23:43.0824 2524 [ 55201897378CCA7AF8B5EFD874374A26 ] Wanarp C:\Windows\system32\DRIVERS\wanarp.sys
19:23:43.0824 2524 Wanarp - ok
19:23:43.0839 2524 [ 55201897378CCA7AF8B5EFD874374A26 ] Wanarpv6 C:\Windows\system32\DRIVERS\wanarp.sys
19:23:43.0839 2524 Wanarpv6 - ok
19:23:43.0902 2524 [ A3CD60FD826381B49F03832590E069AF ] wcncsvc C:\Windows\System32\wcncsvc.dll
19:23:43.0917 2524 wcncsvc - ok
19:23:43.0949 2524 [ 11BCB7AFCDD7AADACB5746F544D3A9C7 ] WcsPlugInService C:\Windows\System32\WcsPlugInService.dll
19:23:43.0949 2524 WcsPlugInService - ok
19:23:43.0980 2524 [ 78FE9542363F297B18C027B2D7E7C07F ] Wd C:\Windows\system32\drivers\wd.sys
19:23:43.0980 2524 Wd - ok
19:23:44.0105 2524 [ B6F0A7AD6D4BD325FBCD8BAC96CD8D96 ] Wdf01000 C:\Windows\system32\drivers\Wdf01000.sys
19:23:44.0183 2524 Wdf01000 - ok
19:23:44.0230 2524 [ ABFC76B48BB6C96E3338D8943C5D93B5 ] WdiServiceHost C:\Windows\system32\wdi.dll
19:23:44.0245 2524 WdiServiceHost - ok
19:23:44.0261 2524 [ ABFC76B48BB6C96E3338D8943C5D93B5 ] WdiSystemHost C:\Windows\system32\wdi.dll
19:23:44.0261 2524 WdiSystemHost - ok
19:23:44.0308 2524 [ 04C37D8107320312FBAE09926103D5E2 ] WebClient C:\Windows\System32\webclnt.dll
19:23:44.0324 2524 WebClient - ok
19:23:44.0370 2524 [ AE3736E7E8892241C23E4EBBB7453B60 ] Wecsvc C:\Windows\system32\wecsvc.dll
19:23:44.0370 2524 Wecsvc - ok
19:23:44.0417 2524 [ 670FF720071ED741206D69BD995EA453 ] wercplsupport C:\Windows\System32\wercplsupport.dll
19:23:44.0417 2524 wercplsupport - ok
19:23:44.0480 2524 [ 32B88481D3B326DA6DEB07B1D03481E7 ] WerSvc C:\Windows\System32\WerSvc.dll
19:23:44.0495 2524 WerSvc - ok
19:23:44.0542 2524 [ 4575AA12561C5648483403541D0D7F2B ] WinDefend C:\Program Files\Windows Defender\mpsvc.dll
19:23:44.0558 2524 WinDefend - ok
19:23:44.0574 2524 WinHttpAutoProxySvc - ok
19:23:44.0746 2524 [ 6B2A1D0E80110E3D04E6863C6E62FD8A ] Winmgmt C:\Windows\system32\wbem\WMIsvc.dll
19:23:44.0746 2524 Winmgmt - ok
19:23:44.0840 2524 [ 7CFE68BDC065E55AA5E8421607037511 ] WinRM C:\Windows\system32\WsmSvc.dll
19:23:44.0903 2524 WinRM - ok
19:23:45.0028 2524 [ C008405E4FEEB069E30DA1D823910234 ] Wlansvc C:\Windows\System32\wlansvc.dll
19:23:45.0043 2524 Wlansvc - ok
19:23:45.0153 2524 [ 94A85E956A065E23E0010A6A7826243B ] WLSetupSvc C:\Program Files\Windows Live\installer\WLSetupSvc.exe
19:23:45.0153 2524 WLSetupSvc - ok
19:23:45.0200 2524 [ 2E7255D172DF0B8283CDFB7B433B864E ] WmiAcpi C:\Windows\system32\drivers\wmiacpi.sys
19:23:45.0215 2524 WmiAcpi - ok
19:23:45.0262 2524 [ 43BE3875207DCB62A85C8C49970B66CC ] wmiApSrv C:\Windows\system32\wbem\WmiApSrv.exe
19:23:45.0262 2524 wmiApSrv - ok
19:23:45.0387 2524 [ 3978704576A121A9204F8CC49A301A9B ] WMPNetworkSvc C:\Program Files\Windows Media Player\wmpnetwk.exe
19:23:45.0606 2524 WMPNetworkSvc - ok
19:23:45.0637 2524 [ CFC5A04558F5070CEE3E3A7809F3FF52 ] WPCSvc C:\Windows\System32\wpcsvc.dll
19:23:45.0637 2524 WPCSvc - ok
19:23:45.0731 2524 [ 801FBDB89D472B3C467EB112A0FC9246 ] WPDBusEnum C:\Windows\system32\wpdbusenum.dll
19:23:45.0763 2524 WPDBusEnum - ok
19:23:46.0013 2524 [ DCF3E3EDF5109EE8BC02FE6E1F045795 ] WPFFontCache_v0400 C:\Windows\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe
19:23:46.0060 2524 WPFFontCache_v0400 - ok
19:23:46.0122 2524 [ E3A3CB253C0EC2494D4A61F5E43A389C ] ws2ifsl C:\Windows\system32\drivers\ws2ifsl.sys
19:23:46.0138 2524 ws2ifsl - ok
19:23:46.0201 2524 [ 1CA6C40261DDC0425987980D0CD2AAAB ] wscsvc C:\Windows\system32\wscsvc.dll
19:23:46.0216 2524 wscsvc - ok
19:23:46.0216 2524 WSearch - ok
19:23:46.0513 2524 [ FC3EC24FCE372C89423E015A2AC1A31E ] wuauserv C:\Windows\system32\wuaueng.dll
19:23:46.0607 2524 wuauserv - ok
19:23:46.0669 2524 [ AC13CB789D93412106B0FB6C7EB2BCB6 ] WUDFRd C:\Windows\system32\DRIVERS\WUDFRd.sys
19:23:46.0685 2524 WUDFRd - ok
19:23:46.0732 2524 [ 575A4190D989F64732119E4114045A4F ] wudfsvc C:\Windows\System32\WUDFSvc.dll
19:23:46.0732 2524 wudfsvc - ok
19:23:46.0795 2524 ================ Scan global ===============================
19:23:46.0842 2524 [ F31EEBC1A1C81FD04005489CC3DCDFE7 ] C:\Windows\system32\basesrv.dll
19:23:46.0920 2524 [ D2293B069E4B63DC17B2F08D45E71124 ] C:\Windows\system32\winsrv.dll
19:23:46.0967 2524 [ D2293B069E4B63DC17B2F08D45E71124 ] C:\Windows\system32\winsrv.dll
19:23:47.0077 2524 [ D4E6D91C1349B7BFB3599A6ADA56851B ] C:\Windows\system32\services.exe
19:23:47.0092 2524 [Global] - ok
19:23:47.0092 2524 ================ Scan MBR ==================================
19:23:47.0123 2524 [ 5C616939100B85E558DA92B899A0FC36 ] \Device\Harddisk0\DR0
19:23:47.0389 2524 \Device\Harddisk0\DR0 - ok
19:23:47.0389 2524 ================ Scan VBR ==================================
19:23:47.0452 2524 [ 8178CF521175004CD7599AD0988164E5 ] \Device\Harddisk0\DR0\Partition1
19:23:47.0452 2524 \Device\Harddisk0\DR0\Partition1 - ok
19:23:47.0483 2524 [ BBD55000110EC2E7FE4D9BB28ED19673 ] \Device\Harddisk0\DR0\Partition2
19:23:47.0498 2524 \Device\Harddisk0\DR0\Partition2 - ok
19:23:47.0498 2524 ============================================================
19:23:47.0498 2524 Scan finished
19:23:47.0498 2524 ============================================================
19:23:47.0530 3200 Detected object count: 0
19:23:47.0530 3200 Actual detected object count: 0

Laptop seems to be running much slower today. Still no new anti-virus notications though.

aswMBR

aswMBR version 0.9.9.1665 Copyright© 2011 AVAST Software
Run date: 2012-06-26 23:26:03
-----------------------------
23:26:03.692 OS Version: Windows 6.0.6002 Service Pack 2
23:26:03.692 Number of processors: 2 586 0xF02
23:26:03.694 ComputerName: LESLIE-PC UserName: Leslie
23:26:44.768 Initialize success
23:27:47.350 AVAST engine defs: 12062601
23:27:52.480 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T0L0-0
23:27:52.480 Disk 0 Vendor: ST980811AS 3.ALC Size: 76319MB BusType: 3
23:27:52.496 Disk 0 MBR read successfully
23:27:52.496 Disk 0 MBR scan
23:27:52.590 Disk 0 Windows VISTA default MBR code
23:27:52.605 Disk 0 Partition 1 00 27 Hidden NTFS WinRE NTFS 5500 MB offset 2048
23:27:52.652 Disk 0 Partition 2 80 (A) 07 HPFS/NTFS NTFS 1500 MB offset 11266048
23:27:52.683 Disk 0 Partition 3 00 07 HPFS/NTFS NTFS 69317 MB offset 14338048
23:27:52.730 Disk 0 scanning sectors +156299264
23:27:52.886 Disk 0 scanning C:\Windows\system32\drivers
23:28:18.627 Service scanning
23:28:36.503 Service MpKsl42d60b55 c:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{62589B36-0DFF-4131-B951-7320D47B4770}\MpKsl42d60b55.sys **LOCKED** 32
23:29:06.110 Modules scanning
23:29:12.993 Disk 0 trace - called modules:
23:29:13.400 ntoskrnl.exe CLASSPNP.SYS disk.sys acpi.sys hal.dll ataport.SYS pciide.sys PCIIDEX.SYS atapi.sys
23:29:13.400 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0x845c2478]
23:29:13.416 3 CLASSPNP.SYS[864978b3] -> nt!IofCallDriver -> [0x83f47020]
23:29:13.431 5 acpi.sys[85e496bc] -> nt!IofCallDriver -> \Device\Ide\IdeDeviceP0T0L0-0[0x835a6528]
23:29:14.009 AVAST engine scan C:\Windows
23:29:23.816 AVAST engine scan C:\Windows\system32
23:34:41.535 AVAST engine scan C:\Windows\system32\drivers
23:35:07.236 AVAST engine scan C:\Users\Leslie
23:38:34.816 Disk 0 MBR has been saved successfully to "C:\Users\Leslie\Desktop\MBR.dat"
23:38:34.832 The log file has been saved successfully to "C:\Users\Leslie\Desktop\aswMBR.txt"


aswMBR version 0.9.9.1665 Copyright© 2011 AVAST Software
Run date: 2012-09-17 19:27:21
-----------------------------
19:27:21.752 OS Version: Windows 6.0.6002 Service Pack 2
19:27:21.752 Number of processors: 2 586 0xF02
19:27:21.752 ComputerName: LESLIE-PC UserName: Leslie
19:31:18.238 Initialize success
19:34:11.189 AVAST engine defs: 12091400
19:36:24.300 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T0L0-0
19:36:24.362 Disk 0 Vendor: ST980811AS 3.ALC Size: 76319MB BusType: 3
19:36:24.425 Disk 0 MBR read successfully
19:36:24.456 Disk 0 MBR scan
19:36:24.926 Disk 0 Windows VISTA default MBR code
19:36:24.973 Disk 0 Partition 1 00 27 Hidden NTFS WinRE NTFS 5500 MB offset 2048
19:36:25.035 Disk 0 Partition 2 80 (A) 07 HPFS/NTFS NTFS 1500 MB offset 11266048
19:36:25.145 Disk 0 Partition 3 00 07 HPFS/NTFS NTFS 69317 MB offset 14338048
19:36:25.771 Disk 0 scanning sectors +156299264
19:36:25.958 Disk 0 scanning C:\Windows\system32\drivers
19:38:00.274 Service scanning
19:39:08.870 Service MpKsl961b3841 c:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{B339D8EB-F226-497C-92BC-0A0BDFD60BA0}\MpKsl961b3841.sys **LOCKED** 32
19:39:46.913 Modules scanning
19:40:05.276 Disk 0 trace - called modules:
19:40:05.338 ntoskrnl.exe CLASSPNP.SYS disk.sys acpi.sys hal.dll ataport.SYS pciide.sys
19:40:05.338 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0x8453bac8]
19:40:05.354 3 CLASSPNP.SYS[8648e8b3] -> nt!IofCallDriver -> [0x83f3af08]
19:40:05.369 5 acpi.sys[85e4b6bc] -> nt!IofCallDriver -> \Device\Ide\IdeDeviceP0T0L0-0[0x83f27b98]
19:40:07.699 AVAST engine scan C:\Windows
19:40:37.557 AVAST engine scan C:\Windows\system32
19:49:03.892 AVAST engine scan C:\Windows\system32\drivers
19:49:58.589 AVAST engine scan C:\Users\Leslie
20:05:30.086 AVAST engine scan C:\ProgramData
20:07:21.892 Scan finished successfully
20:08:02.795 Disk 0 MBR has been saved successfully to "C:\Users\Leslie\Desktop\MBR.dat"
20:08:02.826 The log file has been saved successfully to "C:\Users\Leslie\Desktop\aswMBR.txt"

Greetings

At this time I would like you to run this script for me and it is a good time to check out the computer to see if there is anything else that needs to be addressed.

:Run CFScript:

Open Notepad and copy/paste the text in the box into the window:

ClearJavaCache::

Save it to your desktop as CFScript.txt

Refering to the picture above, drag CFScript.txt into ComboFix.exe

This will let ComboFix run again.
Restart if you have to.
Save the produced logfile to your desktop.

Note: Do not mouseclick combofix's window whilst it's running. That may cause it to stall

Note 2: If you recieve an error "Illegal operation attempted on a registery key that has been marked for deletion." Please restart the computer

"information and logs"

• In your next post I need the following
  
  
• report from Combofix
• let me know of any problems you may have had
• How is the computer doing now after running the script?

Gringo

No problems aside from having to restart again. Computer seems to be running pretty smoothly.

Combofix report

ComboFix 12-09-15.02 - Leslie 17/09/2012 20:58:45.2.2 - x86
Microsoft® Windows Vista™ Home Basic 6.0.6002.2.1252.44.1033.18.893.384 [GMT 1:00]
Running from: c:\users\Leslie\Desktop\ComboFix.exe
Command switches used :: c:\users\Leslie\Desktop\CFScript.txt
AV: Microsoft Security Essentials *Disabled/Updated* {9765EA51-0D3C-7DFB-6091-10E4E1F341F6}
SP: Microsoft Security Essentials *Disabled/Updated* {2C040BB5-2B06-7275-5A21-2B969A740B4B}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
((((((((((((((((((((((((( Files Created from 2012-08-17 to 2012-09-17 )))))))))))))))))))))))))))))))
.
.
2012-09-17 20:06 . 2012-09-17 20:06 -------- d-----w- c:\users\Leslie\AppData\Local\temp
2012-09-17 20:06 . 2012-09-17 20:06 -------- d-----w- c:\users\Public\AppData\Local\temp
2012-09-17 20:06 . 2012-09-17 20:06 -------- d-----w- c:\users\Default\AppData\Local\temp
2012-09-17 19:55 . 2012-09-17 19:55 29904 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{7DFDA59C-A50B-4067-B69D-5734A21006B5}\MpKsl724b9576.sys
2012-09-17 18:39 . 2012-08-22 23:15 7022536 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{7DFDA59C-A50B-4067-B69D-5734A21006B5}\mpengine.dll
2012-09-16 18:24 . 2012-08-22 23:15 7022536 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\Backup\mpengine.dll
2012-09-15 14:44 . 2012-08-21 12:01 26840 ----a-w- c:\windows\system32\drivers\GEARAspiWDM.sys
2012-09-15 14:43 . 2012-09-15 14:43 -------- d-----w- c:\program files\iPod
2012-09-15 14:43 . 2012-09-15 14:44 -------- d-----w- c:\programdata\188F1432-103A-4ffb-80F1-36B633C5C9E1
2012-09-15 14:43 . 2012-09-15 14:44 -------- d-----w- c:\program files\iTunes
2012-09-14 18:13 . 2012-09-14 18:17 -------- d-----w- c:\windows\system32\MpEngineStore
2012-09-10 20:54 . 2012-09-10 20:54 -------- d-----w- c:\users\Leslie\AppData\Roaming\gnupg
2012-09-10 20:54 . 2012-09-10 20:54 -------- d-----w- c:\programdata\GNU
2012-09-10 20:54 . 2012-09-10 20:54 -------- d-----w- c:\program files\GNU
2012-09-10 20:44 . 2012-09-10 20:44 -------- d-----w- c:\users\Leslie\AppData\Local\Microsoft Games
2012-09-08 13:13 . 2012-09-15 14:43 -------- d-----w- c:\programdata\Apple Computer
2012-09-08 12:58 . 2012-09-08 13:32 426184 ----a-w- c:\windows\system32\FlashPlayerApp.exe
2012-09-04 05:23 . 2012-07-04 14:02 2047488 ----a-w- c:\windows\system32\win32k.sys
2012-09-03 10:34 . 2012-05-11 15:57 623616 ----a-w- c:\windows\system32\localspl.dll
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-09-08 13:32 . 2012-01-02 12:27 70344 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2012-08-21 12:01 . 2012-01-02 12:53 106928 ----a-w- c:\windows\system32\GEARAspi.dll
2012-06-26 18:42 . 2012-06-26 18:43 772592 ----a-w- c:\windows\system32\npDeployJava1.dll
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt1]
@="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}]
2011-12-05 19:17 94208 ----a-w- c:\users\Leslie\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt2]
@="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}]
2011-12-05 19:17 94208 ----a-w- c:\users\Leslie\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt3]
@="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}]
2011-12-05 19:17 94208 ----a-w- c:\users\Leslie\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Spotify Web Helper"="c:\users\Leslie\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe" [2012-05-30 932528]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"RtHDVCpl"="RtHDVCpl.exe" [2008-05-13 6139904]
"Skytel"="Skytel.exe" [2007-11-20 1826816]
"MSC"="c:\program files\Microsoft Security Client\msseces.exe" [2012-03-26 931200]
"APSDaemon"="c:\program files\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2012-08-27 59280]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2012-09-09 421776]
.
c:\users\Leslie\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
Dropbox.lnk - c:\users\Leslie\AppData\Roaming\Dropbox\bin\Dropbox.exe [2012-5-24 27112840]
.
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
Ralink Wireless Utility.lnk - c:\program files\RALINK\Common\RaUI.exe [2012-1-2 1560576]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MsMpSvc]
@="Service"
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe ARM]
2011-06-06 12:55 937920 ----a-w- c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\APSDaemon]
2012-08-27 20:32 59280 ----a-w- c:\program files\Common Files\Apple\Apple Application Support\APSDaemon.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DivXUpdate]
2011-07-28 23:08 1259376 ----a-w- c:\program files\DivX\DivX Update\DivXUpdate.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper]
2012-09-09 22:30 421776 ----a-w- c:\program files\iTunes\iTunesHelper.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Sidebar]
2009-04-11 06:28 1233920 ----a-w- c:\program files\Windows Sidebar\sidebar.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Xvid]
2011-01-17 19:41 8192 ----a-w- c:\program files\Xvid\CheckUpdate.exe
.
R3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service;c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [x]
S2 AdobeARMservice;Adobe Acrobat Update Service;c:\program files\Common Files\Adobe\ARM\1.0\armsvc.exe [x]
.
.
--- Other Services/Drivers In Memory ---
.
*NewlyCreated* - 53444135
*NewlyCreated* - MPKSL724B9576
*Deregistered* - 53444135
*Deregistered* - aswMBR
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
LocalServiceNoNetwork REG_MULTI_SZ PLA DPS BFE mpssvc
LocalServiceAndNoImpersonation REG_MULTI_SZ FontCache
.
Contents of the 'Scheduled Tasks' folder
.
2012-09-17 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2012-09-08 13:32]
.
2012-09-15 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2188953998-82675815-1632894243-1000Core.job
- c:\users\Leslie\AppData\Local\Google\Update\GoogleUpdate.exe [2012-01-02 06:15]
.
2012-09-17 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2188953998-82675815-1632894243-1000UA.job
- c:\users\Leslie\AppData\Local\Google\Update\GoogleUpdate.exe [2012-01-02 06:15]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.thetechguys.com/welcome
uInternet Settings,ProxyOverride = *.local
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~4\Office12\EXCEL.EXE/3000
TCP: DhcpNameServer = 194.168.4.100 194.168.8.100
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2012-09-17 21:06
Windows 6.0.6002 Service Pack 2 NTFS
.
scanning hidden processes ...
.
scanning hidden autostart entries ...
.
scanning hidden files ...
.
scan completed successfully
hidden files: 0
.
**************************************************************************
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Services\msiserver]
"ImagePath"="%systemroot%\system32\msiexec /V"
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil32_11_4_402_265_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
@="c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil32_11_4_402_265_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="IFlashBroker5"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
--------------------- DLLs Loaded Under Running Processes ---------------------
.
- - - - - - - > 'Explorer.exe'(3252)
c:\users\Leslie\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll
.
Completion time: 2012-09-17 21:09:37
ComboFix-quarantined-files.txt 2012-09-17 20:09
ComboFix2.txt 2012-09-16 17:00
ComboFix3.txt 2012-06-26 20:18
.
Pre-Run: 12,115,222,528 bytes free
Post-Run: 12,130,254,848 bytes free
.
- - End Of File - - 5C99F4705482B71F7B2FA3E7733D683F

These logs are looking allot better. But we still have some work to do.

Please print out these instructions, or copy them to a Notepad file. It will make it easier for you to follow the instructions and complete all of the necessary steps..

uninstall some programs

NOTE** Because of the cleanup process some of the programs I have listed may not be in add/remove anymore this is fine just move to the next item on the list.

You can remove these programs using add/remove or you can use the free uninstaller from Revo (it does allot better of a job

Programs to remove

Java™ 7 Update 5 [/list]

• Please download and install Revo Uninstaller Free
• Double click Revo Uninstaller to run it.
• From the list of programs double click on The Program to remove
• When prompted if you want to uninstall click Yes.
• Be sure the Moderate option is selected then click Next.
• The program will run, If prompted again click Yes
• when the built-in uninstaller is finished click on Next.
• Once the program has searched for leftovers click Next.
• Check/tick the bolded items only on the list then click Delete
• when prompted click on Yes and then on next.
• put a check on any folders that are found and select delete
• when prompted select yes then on next
• Once done click Finish.

.

Update Adobe Reader

Recently there have been vulnerabilities detected in older versions of Adobe Reader. It is strongly suggested that you update to the current version.

You can download it from http://www.adobe.com/products/acrobat/readstep2.html
After installing the latest Adobe Reader, uninstall all previous versions.
If you already have Adobe Photoshop® Album Starter Edition installed or do not wish to have it installed UNcheck the box which says Also Download Adobe Photoshop® Album Starter Edition.

If you don't like Adobe Reader (53 MB), you can download Foxit PDF Reader(7 MB) from here. It's a much smaller file to download and uses a lot less resources than Adobe Reader.

Note: When installing FoxitReader, be careful not to install anything to do with AskBar.
[/list]
Install Java:

Please go here to install Java

• click on the Free Java Download Button
• click on Agree and start Free download
• click on Run
• click on run again
• click on install
• when install is complete click on close

Clean Out Temp Files

• This small application you may want to keep and use once a week to keep the computer clean.
  
  Download CCleaner from here http://www.ccleaner.com/
  
  
• Run the installer to install the application.
• When it gives you the option to install Yahoo toolbar uncheck the box next to it.
• Run CCleaner. (make sure under Windows tab all the boxes of Internet Explorer and Windows explorer are checked. Under System check Empty Recycle Bin and Temporary Files. Under Application tab all the boxes should be checked).
• Click Run Cleaner.
• Close CCleaner.

: Malwarebytes' Anti-Malware :

• Please download Malwarebytes' Anti-Malware to your desktop.
  
• Double-click mbam-setup.exe and follow the prompts to install the program.
• At the end, be sure a checkmark is placed next to
  • Update Malwarebytes' Anti-Malware
  • and Launch Malwarebytes' Anti-Malware
• then click Finish.
• If an update is found, it will download and install the latest version.
• Once the program has loaded, select Perform quick scan, then click Scan.
• When the scan is complete, click OK, then Show Results to view the results.
• Be sure that everything is Checked (ticked) except items in the C:\System Volume Information folder and click on Remove Selected.
• When completed, a log will open in Notepad. please copy and paste the log into your next reply
  
  • If you accidently close it, the log file is saved here and will be named like this:
  • C:\Documents and Settings\Username\Application Data\Malwarebytes\Malwarebytes' Anti-Malware\Logs\mbam-log-date (time).txt

Note: If MBAM encounters a file that is difficult to remove, you will be presented with 1 of 2 prompts.
Click OK to either and let MBAM proceed with the disinfection process.
If asked to restart the computer, please do so immediately. Failure to reboot will prevent MBAM from removing all the malware.

Download HijackThis

If you have any problems running Hijackthis see NOTE** below (Host file not read, blank notepad ...)

• Go Here to download HijackThis Installer
• Save HijackThis Installer to your desktop.
• Double-click on the HijackThis Installer icon on your desktop. (Vista and Win 7 right click and run as admin)
• By default it will install to C:\Program Files\Trend Micro\HijackThis .
• Click on Install.
• It will create a HijackThis icon on the desktop.
• Once installed it will launch Hijackthis.
• Click on the Do a system scan and save a logfile button. It will scan and the log should open in notepad.
• Click on Edit > Select All then click on Edit > Copy to copy the entire contents of the log.
• Come back here to this thread and Paste the log in your next reply.
• DO NOT use the AnalyseThis button its findings are dangerous if misinterpreted.
• DO NOT have Hijackthis fix anything yet. Most of what it finds will be harmless or even required.

NOTE**
sometimes we have to run it like this To run HijackThis as an administrator, right-click HijackThis.exe
(located: C:\Program Files\Trend Micro\HiJackThis\HiJackThis.exe)<--32bit
(located: C:\Program Files(86)\Trend Micro\HiJackThis\HiJackThis.exe)<--64bit
and select to run as administrator

"information and logs"

• In your next post I need the following
  
  
• Log From MBAM
• report from Hijackthis
• let me know of any problems you may have had
• How is the computer doing now?

Gringo

Computer running smoothly.

MBAM log

Malwarebytes Anti-Malware (Trial) 1.65.0.1400
www.malwarebytes.org

Database version: v2012.09.17.10

Windows Vista Service Pack 2 x86 NTFS
Internet Explorer 9.0.8112.16421
Leslie :: LESLIE-PC [administrator]

Protection: Enabled

18/09/2012 00:04:11
mbam-log-2012-09-18 (00-04-11).txt

Scan type: Quick scan
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
Scan options disabled: P2P
Objects scanned: 188632
Time elapsed: 7 minute(s), 47 second(s)

Memory Processes Detected: 0
(No malicious items detected)

Memory Modules Detected: 0
(No malicious items detected)

Registry Keys Detected: 0
(No malicious items detected)

Registry Values Detected: 0
(No malicious items detected)

Registry Data Items Detected: 0
(No malicious items detected)

Folders Detected: 0
(No malicious items detected)

Files Detected: 0
(No malicious items detected)

(end)


Hijack This log

Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 00:25:24, on 18/09/2012
Platform: Windows Vista SP2 (WinNT 6.00.1906)
MSIE: Internet Explorer v9.00 (9.00.8112.16448)
Boot mode: Normal

Running processes:
C:\Windows\system32\taskeng.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Windows\RtHDVCpl.exe
C:\Program Files\Microsoft Security Client\msseces.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Users\Leslie\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe
C:\Windows\system32\taskeng.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Windows\system32\Macromed\Flash\FlashUtil32_11_4_402_265_ActiveX.exe
C:\Users\Leslie\Desktop\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.thetechguys.com/welcome
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O2 - BHO: Java™ Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre7\bin\ssv.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Java™ Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll
O4 - HKLM\..\Run: [RtHDVCpl] RtHDVCpl.exe
O4 - HKLM\..\Run: [Skytel] Skytel.exe
O4 - HKLM\..\Run: [MSC] "c:\Program Files\Microsoft Security Client\msseces.exe" -hide -runkey
O4 - HKLM\..\Run: [APSDaemon] "C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe"
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Common Files\Java\Java Update\jusched.exe"
O4 - HKLM\..\RunOnce: [Malwarebytes Anti-Malware] C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe /install /silent
O4 - HKCU\..\Run: [Spotify Web Helper] "C:\Users\Leslie\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe"
O4 - Startup: Dropbox.lnk = C:\Users\Leslie\AppData\Roaming\Dropbox\bin\Dropbox.exe
O4 - Global Startup: Ralink Wireless Utility.lnk = C:\Program Files\RALINK\Common\RaUI.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~4\Office12\EXCEL.EXE/3000
O9 - Extra button: Blog This - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra 'Tools' menuitem: &Blog This in Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~4\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~4\Office12\ONBttnIE.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~4\Office12\REFIEBAR.DLL
O11 - Options group: [ACCELERATED_GRAPHICS] Accelerated graphics
O22 - SharedTaskScheduler: Component Categories cache daemon - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\Windows\system32\browseui.dll
O23 - Service: Adobe Flash Player Update Service (AdobeFlashPlayerUpdateSvc) - Adobe Systems Incorporated - C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
O23 - Service: Ati External Event Utility - ATI Technologies Inc. - C:\Windows\system32\Ati2evxx.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: DirMngr - Unknown owner - C:\Program Files\GNU\GnuPG\dirmngr.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: MBAMScheduler - Malwarebytes Corporation - C:\Program Files\Malwarebytes' Anti-Malware\mbamscheduler.exe
O23 - Service: MBAMService - Malwarebytes Corporation - C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe
O23 - Service: Ralink Registry Writer (RalinkRegistryWriter) - Ralink Technology, Corp. - C:\Program Files\RALINK\Common\RalinkRegistryWriter.exe

--
End of file - 4908 bytes