TechSpot

Combofix keeps freezing :( BSOD issues! Windows GAC/ virus

Solved
By hitstress
Sep 10, 2012
Topic Status:
Not open for further replies.
  1. Hi,

    I ran the Mbam. My log is below. I ran the rkill. My log for rkill is below. I am trying to run combofix next. I am having bsod issues. The ataport. sys is missing. Whenever I try to run combofix, sometimes I will get bsod. Actually about 85% of the time. If it starts running, it will freeze up on me, when combofix gets on the blue screen and is trying to run the startup repair. I am unable to post a combofix log. it seems to me when Malwarebytes quarantined files, they continuously kept coming back. I am trying to get a better understanding for myself, how do you get rid of the files permanently? I would like to thank you in advance for your time and help!!


    Malwarebytes Anti-Malware (Trial) 1.62.0.1300
    www.malwarebytes.org

    Database version: v2012.09.01.05

    Windows 7 Service Pack 1 x86 NTFS
    Internet Explorer 8.0.7601.17514
    stewart :: STEWART-PC [administrator]

    Protection: Disabled

    9/1/2012 12:21:01 PM
    mbam-log-2012-09-01 (12-21-01).txt

    Scan type: Quick scan
    Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
    Scan options disabled: P2P
    Objects scanned: 231630
    Time elapsed: 9 minute(s), 56 second(s)

    Memory Processes Detected: 0
    (No malicious items detected)

    Memory Modules Detected: 0
    (No malicious items detected)

    Registry Keys Detected: 0
    (No malicious items detected)

    Registry Values Detected: 0
    (No malicious items detected)

    Registry Data Items Detected: 0
    (No malicious items detected)

    Folders Detected: 0
    (No malicious items detected)

    Files Detected: 6
    E:\Windows\assembly\GAC\Desktop.ini (Trojan.0access) -> Delete on reboot.
    E:\Windows\Installer\{5cd7973e-55b3-cd4e-9b48-7bc56081e63c}\U\00000004.@ (Rootkit.Zaccess) -> Quarantined and deleted successfully.
    E:\Windows\Installer\{5cd7973e-55b3-cd4e-9b48-7bc56081e63c}\U\00000008.@ (Trojan.Dropper.BCMiner) -> Quarantined and deleted successfully.
    E:\Windows\Installer\{5cd7973e-55b3-cd4e-9b48-7bc56081e63c}\U\000000cb.@ (Rootkit.0Access) -> Quarantined and deleted successfully.
    E:\Windows\Installer\{5cd7973e-55b3-cd4e-9b48-7bc56081e63c}\U\80000000.@ (Rootkit.0Access) -> Quarantined and deleted successfully.
    E:\Windows\Installer\{5cd7973e-55b3-cd4e-9b48-7bc56081e63c}\U\80000032.@ (Rootkit.0Access) -> Quarantined and deleted successfully.

    (end)

    __________________________

    Rkill 2.3.10 by Lawrence Abrams (Grinler)
    http://www.bleepingcomputer.com/
    Copyright 2008-2012 BleepingComputer.com
    More Information about Rkill can be found at this link:
    http://www.bleepingcomputer.com/forums/topic308364.html

    Program started at: 09/09/2012 09:12:10 PM in x86 mode.
    Windows Version: Windows 7 Professional Service Pack 1

    Checking for Windows services to stop:

    * No malware services found to stop.

    Checking for processes to terminate:

    * E:\Windows\system32\services.exe (PID: 776) [SFI]

    1 proccess terminated!

    Checking Registry for malware related settings:

    * No issues found in the Registry.

    Resetting .EXE, .COM, & .BAT associations in the Windows Registry.

    Performing miscellaneous checks:

    * No issues found.

    Checking Windows Service Integrity:

    * BFE [Missing Service]
    * BITS [Missing Service]
    * iphlpsvc [Missing Service]
    * MpsSvc [Missing Service]
    * WinDefend [Missing Service]
    * wscsvc [Missing Service]
    * wuauserv [Missing Service]

    * SharedAccess [Missing ImagePath]

    Searching for Missing Digital Signatures:

    * No issues found.

    Program finished at: 09/09/2012 09:12:19 PM
    Execution time: 0 hours(s), 0 minute(s), and 8 seconds(s)
    ____________________________________
  2. Jay Pfoutz

    Jay Pfoutz Malware Helper Posts: 4,286   +49

    Hello, and welcome to TechSpot.


    [​IMG] Please see here for the board rules and other FAQ.

    Please feel free to introduce yourself, after you follow the steps below to get started.

    Information
    • From this point on, please do not make any more changes to your computer; such as install/uninstall programs, use special fix tools, delete files, edit the registry, etc. - unless advised by a malware removal helper.
    • Please do not ask for help elsewhere (in this site or other sites). Doing so can result in system changes, which may not show up in the logs you post.
    • If you have already asked for help somewhere, please post the link to the topic you were helped.
    • We try our best to reply quickly, but for any reason we do not reply in two days, please reply to this topic with the word BUMP!
    • Lastly, keep in mind that we are volunteers, so you do not have to pay for malware removal. Persist in this topic until its close, and your computer is declared clean.

    ComboFix should not be run without the guidance of a helper. It is a powerful tool and is intended by its creator to be "used under the guidance and supervision of an expert", NOT for private or regular use. Using this tool incorrectly could lead to disastrous problems with your operating system such as preventing it from ever starting again.

    See this link to get more info on why it is dangerous.


    Download Farbar Recovery Scan Tool and save it to a flash drive.

    Plug the flashdrive into the infected PC.

    Enter System Recovery Options.

    To enter System Recovery Options from the Advanced Boot Options:
    • Restart the computer.
    • As soon as the BIOS is loaded begin tapping the F8 key until Advanced Boot Options appears.
    • Use the arrow keys to select the Repair your computer menu item.
    • Choose your language settings, and then click Next.
    • Select the operating system you want to repair, and then click Next.
    • Select your user account and click Next.
    To enter System Recovery Options by using Windows installation disc:
    • Insert the installation disc.
    • Restart your computer.
    • If prompted, press any key to start Windows from the installation disc. If your computer is not configured to start from a CD or DVD, check your BIOS settings.
    • Click Repair your computer.
    • Choose your language settings, and then click Next.
    • Select the operating system you want to repair, and then click Next.
    • Select your user account an click Next.
    On the System Recovery Options menu you will get the following options:
      • Startup Repair
        System Restore
        Windows Complete PC Restore
        Windows Memory Diagnostic Tool
        Command Prompt
    • Select Command Prompt
    • In the command window type in notepad and press Enter.
    • The notepad opens. Under File menu select Open.
    • Select "Computer" and find your flash drive letter and close the notepad.
    • In the command window type e:\frst.exe and press Enter
      Note: Replace letter e with the drive letter of your flash drive.
    • The tool will start to run.
    • When the tool opens click Yes to the disclaimer.
    • Place a check next to List Drivers MD5 as well as the default check marks that are already there
    • Press Scan button. It will do its scan and save a log on your flash drive.
    • Close out of the message after that, then type in the text services.exe in to the "Search:" text box. Then, press the Search file(s) button, just as below:
      [​IMG]
      When done searching, FRST makes a log, Search.txt, on the C:\ drive or on your flash drive.
    • Type exit in the Command Prompt window and reboot the computer normally
    • FRST will make a log (FRST.txt) on the flash drive and also the search.txt logfile, please copy and paste the logs in your reply.
  3. hitstress

    hitstress TS Rookie Topic Starter

    Here is the log, thanks. Since I ran the FRST, the bsod is happening much more frequently. Once the computer boots up, I tried to open internet, and then I see the BSOD.


    Farbar Recovery Scan Tool (x86) Version: 13-09-2012
    Ran by SYSTEM at 2012-09-13 16:52:00
    Running from F:\

    ================== Search: "services.exe" ===================

    C:\Windows\winsxs\x86_microsoft-windows-s..s-servicecontroller_31bf3856ad364e35_6.1.7600.16385_none_cf36168b2e9c967b\services.exe
    [2009-07-13 15:11] - [2009-07-13 17:14] - 0259072 ____A (Microsoft Corporation) 5F1B6A9C35D3D5CA72D6D6FDEF9747D6

    C:\Windows\System32\services.exe
    [2009-07-13 15:11] - [2012-09-09 19:19] - 0259072 ____A (Microsoft Corporation) 5F1B6A9C35D3D5CA72D6D6FDEF9747D6

    === End Of Search ===
  4. Jay Pfoutz

    Jay Pfoutz Malware Helper Posts: 4,286   +49

    Do you have the FRST.txt log?

    That is the search log, which is fine, but I need the main log, as it has the info about your computer.
  5. hitstress

    hitstress TS Rookie Topic Starter

    Hi, here is the FRST log. The bsod is still affecting the computer. It states the ataport.sys file is missing. Do I need to repair it from the win operating system. Is there a way to repair it without the disk. Thank you.


    Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version: 13-09-2012
    Ran by SYSTEM at 18-09-2012 00:01:47
    Running from F:\
    Windows 7 Professional Service Pack 1 (X86) OS Language: English(US)
    The current controlset is ControlSet001

    ==================== Registry (Whitelisted) ===================

    HKLM\...\Run: [ISBMgr.exe] "E:\Program Files\Sony\ISB Utility\ISBMgr.exe" [311296 2007-09-19] (Sony Corporation)
    HKLM\...\Run: [BrMfcWnd] E:\Program Files\Brother\Brmfcmon\BrMfcWnd.exe /AUTORUN [1159168 2009-05-26] (Brother Industries, Ltd.)
    HKLM\...\Run: [ControlCenter3] E:\Program Files\Brother\ControlCenter3\brctrcen.exe /autorun [114688 2008-12-24] (Brother Industries, Ltd.)
    HKLM\...\Run: [Adobe ARM] "E:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [843712 2012-01-03] (Adobe Systems Incorporated)
    HKLM\...\Run: [APSDaemon] "E:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe" [59240 2012-02-20] (Apple Inc.)
    HKLM\...\Run: [iTunesHelper] "E:\Program Files\iTunes\iTunesHelper.exe" [421736 2012-03-06] (Apple Inc.)
    HKLM\...\Run: [SONY VGP-UPR1 (Display Adapter)] "E:\Program Files\DisplayLink Core Software\DisplayLinkUI.exe" [1149400 2012-05-15] (DisplayLink Corp.)
    HKLM\...\Run: [RtHDVCpl] RtHDVCpl.exe [x]
    HKLM\...\Run: [Skytel] Skytel.exe [x]
    HKLM\...\Run: [SunJavaUpdateSched] "E:\Program Files\Common Files\Java\Java Update\jusched.exe" [254696 2012-01-18] (Sun Microsystems, Inc.)
    HKLM\...\Run: [] [x]
    HKLM\...\Run: [ApnUpdater] "E:\Program Files\Ask.com\Updater\Updater.exe" [1391272 2012-01-03] (Ask)
    HKLM\...\Run: [DigidesignMMERefresh] E:\Program Files\Digidesign\Drivers\MMERefresh.exe [77824 2008-12-03] (Digidesign, A Division of Avid Technology, Inc.)
    HKLM\...\Run: [QuickTime Task] "E:\Program Files\QuickTime\QTTask.exe" -atboottime [421888 2011-10-24] (Apple Inc.)
    HKLM\...\Run: [Zune Launcher] "E:\Program Files\Zune\ZuneLauncher.exe" [159456 2011-08-05] (Microsoft Corporation)
    HKLM\...\Run: [GrooveMonitor] "E:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe" [31016 2006-10-26] (Microsoft Corporation)
    HKLM\...\Run: [SSDMonitor] E:\Program Files\Common Files\PC Tools\sMonitor\SSDMonitor.exe [112600 2012-06-12] (PC Tools)
    HKLM\...\Run: [AVG_TRAY] "E:\Program Files\AVG\AVG2012\avgtray.exe" [2596984 2012-07-31] (AVG Technologies CZ, s.r.o.)
    HKLM\...\Run: [vProt] "E:\Program Files\AVG Secure Search\vprot.exe" [1162848 2012-08-16] ()
    HKLM\...\Run: [ROC_roc_ssl_v12] "E:\Program Files\AVG Secure Search\ROC_roc_ssl_v12.exe" / /PROMPT /CMPID=roc_ssl_v12 [1020512 2012-08-16] ()
    HKLM\...\Run: [Malwarebytes' Anti-Malware] "E:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe" /starttray [462920 2012-07-03] (Malwarebytes Corporation)
    HKU\Default\...\Run: [NSUFloatingUI] "C:\Program Files\Sony\Network Utility\LANUtil.exe" [262144 2008-11-05] (Sony Corporation)
    HKU\Guest\...\Run: [swg] "E:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [39408 2012-04-10] (Google Inc.)
    HKU\Kids\...\Run: [swg] "E:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [39408 2012-04-10] (Google Inc.)
    HKU\Kids\...\Run: [PeerGuardian] E:\Program Files\PeerGuardian2\pg2.exe [1421824 2005-09-18] (Methlabs)
    HKU\Kids\...\Run: [laswi] rundll32.exe "E:\Users\stewart\AppData\Local\Temp\laswi.dll",MatrixRotationZ [x]
    HKU\Kids\...\Run: [anmpir] rundll32.exe "E:\Users\stewart\AppData\Local\Temp\anmpir.dll",EnumDriveModeReset [x]
    HKU\Kids\...\Policies\system: [LogonHoursAction] 2
    HKU\Kids\...\Policies\system: [DontDisplayLogonHoursWarnings] 1
    HKU\stewart\...\Run: [swg] "E:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [39408 2012-04-10] (Google Inc.)
    HKU\stewart\...\Policies\system: [LogonHoursAction] 2
    HKU\stewart\...\Policies\system: [DontDisplayLogonHoursWarnings] 1
    Winlogon\Notify\VESWinlogon: VESWinlogon.dll (Sony Corporation)
    Tcpip\Parameters: [DhcpNameServer] 192.168.1.254

    ==================== Services ================================

    2 AVGIDSAgent; "C:\Program Files\AVG\AVG2012\avgidsagent.exe" [5160568 2012-07-04] (AVG Technologies CZ, s.r.o.)
    2 avgwd; "C:\Program Files\AVG\AVG2012\avgwdsvc.exe" [193288 2012-02-14] (AVG Technologies CZ, s.r.o.)
    2 bckwfs; C:\Program Files\Blue Coat K9 Web Protection\k9filter.exe [1604880 2012-02-13] (Blue Coat Systems, Inc.)
    2 DigiRefresh; C:\Program Files\Digidesign\Drivers\MMERefresh.exe -s [77824 2008-12-03] (Digidesign, A Division of Avid Technology, Inc.)
    3 digiSPTIService; "C:\Program Files\Digidesign\Pro Tools\digiSPTIService.exe" [159744 2008-12-03] (Digidesign, A Division of Avid Technology, Inc.)
    2 DisplayLinkService; "C:\Program Files\DisplayLink Core Software\DisplayLinkManager.exe" [6953432 2012-05-15] (DisplayLink Corp.)
    3 jswpsapi; C:\Program Files\NETGEAR\WNA1100\jswpsapi.exe [960992 2010-03-22] (Atheros Communications, Inc.)
    2 MBAMService; "C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe" [655944 2012-07-03] (Malwarebytes Corporation)
    3 MozillaMaintenance; "C:\Program Files\Mozilla Maintenance Service\maintenanceservice.exe" [113120 2012-07-19] (Mozilla Foundation)
    2 NAUpdate; "C:\Program Files\Nero\Update\NASvc.exe" [503080 2010-05-04] (Nero AG)
    2 PCToolsSSDMonitorSvc; C:\Program Files\Common Files\PC Tools\sMonitor\StartManSvc.exe [632792 2012-06-12] (PC Tools)
    2 SBSDWSCService; C:\Program Files\Spybot - Search & Destroy\SDWinSec.exe [1153368 2009-01-26] (Safer Networking Ltd.)
    2 Skype C2C Service; "C:\ProgramData\Skype\Toolbars\Skype C2C Service\c2c_service.exe" [3048136 2012-06-19] (Skype Technologies S.A.)
    2 VAIO Event Service; C:\Program Files\Sony\VAIO Event Service\VESMgr.exe [182392 2007-08-14] (Sony Corporation)
    2 vToolbarUpdater12.2.0; C:\Program Files\Common Files\AVG Secure Search\vToolbarUpdater\12.2.0\ToolbarUpdater.exe [927840 2012-08-16] ()
    2 WSWNA1100; C:\Program Files\NETGEAR\WNA1100\WifiSvc.exe [297440 2011-07-28] ()

    ==================== Drivers =================================

    3 athur; C:\Windows\System32\DRIVERS\athur.sys [1564160 2010-10-10] (Atheros Communications, Inc.)
    0 AVGIDSHX; C:\Windows\System32\DRIVERS\avgidshx.sys [24896 2012-04-19] (AVG Technologies CZ, s.r.o. )
    1 Avgtdix; C:\Windows\System32\DRIVERS\avgtdix.sys [301920 2012-08-24] (AVG Technologies CZ, s.r.o.)
    1 bckd; C:\Windows\System32\drivers\bckd.sys [87312 2012-02-13] (Blue Coat Systems, Inc.)
    3 dalwdmservice; C:\Windows\System32\drivers\dalwdm.sys [97808 2008-12-04] (Digidesign, A Division of Avid Technology, Inc.)
    2 DigiNet; C:\Windows\System32\DRIVERS\diginet.sys [16400 2008-12-04] (Digidesign, A Division of Avid Technology, Inc.)
    3 MBX2DFU; C:\Windows\System32\DRIVERS\MBX2DFU.sys [21648 2008-12-04] (Digidesign, A Division of Avid Technology, Inc.)
    3 MBX2MIDK; C:\Windows\System32\drivers\mbx2midk.sys [21904 2008-12-04] (Digidesign, A Division of Avid Technology, Inc.)
    0 SCMNdisP; C:\Windows\System32\DRIVERS\scmndisp.sys [21472 2011-07-22] (Windows (R) Win 7 DDK provider)
    3 ti21sony; C:\Windows\System32\drivers\ti21sony.sys [812544 2007-04-23] (Texas Instruments)
    0 TPkd; C:\Windows\System32\Drivers\TPkd.sys [93232 2008-09-08] (PACE Anti-Piracy, Inc.)
    3 usbbus; C:\Windows\System32\DRIVERS\lgusbbus.sys [13056 2012-03-02] (LG Electronics Inc.)
    3 UsbDiag; C:\Windows\System32\DRIVERS\lgusbdiag.sys [20864 2012-03-02] (LG Electronics Inc.)
    3 USBModem; C:\Windows\System32\DRIVERS\lgusbmodem.sys [25216 2012-03-02] (LG Electronics Inc.)
    3 03650649; [x]
    1 avgtp; \??\E:\Windows\system32\drivers\avgtpx86.sys [x]
    3 MBAMProtector; \??\E:\Windows\system32\drivers\mbam.sys [x]
    3 MBAMSwissArmy; \??\E:\Windows\system32\drivers\mbamswissarmy.sys [x]

    ==================== NetSvcs (Whitelisted) =================


    ============ One Month Created Files and Folders ==============

    2012-09-17 07:10 - 2012-09-17 07:10 - 00144848 ____A C:\Windows\Minidump\091712-20888-01.dmp
    2012-09-16 04:43 - 2012-09-16 04:43 - 00144864 ____A C:\Windows\Minidump\091612-25537-01.dmp
    2012-09-15 19:19 - 2012-09-15 19:19 - 00014359 ____A C:\Users\stewart\Desktop\hlhuihil.htm
    2012-09-15 13:58 - 2012-09-15 13:58 - 00144848 ____A C:\Windows\Minidump\091512-20514-01.dmp
    2012-09-15 12:06 - 2012-09-15 12:06 - 00144848 ____A C:\Windows\Minidump\091512-21668-01.dmp
    2012-09-15 11:22 - 2012-09-15 11:22 - 00144848 ____A C:\Windows\Minidump\091512-21918-01.dmp
    2012-09-15 09:01 - 2012-09-15 09:01 - 00144856 ____A C:\Windows\Minidump\091512-22105-01.dmp
    2012-09-14 17:21 - 2012-09-14 17:21 - 00144864 ____A C:\Windows\Minidump\091412-23680-01.dmp
    2012-09-14 12:30 - 2012-09-14 12:30 - 00144856 ____A C:\Windows\Minidump\091412-20763-01.dmp
    2012-09-14 08:10 - 2012-09-14 08:10 - 00144864 ____A C:\Windows\Minidump\091412-20841-01.dmp
    2012-09-13 16:51 - 2012-09-18 00:01 - 00000000 ____D C:\FRST
    2012-09-13 03:25 - 2012-09-13 03:25 - 00144864 ____A C:\Windows\Minidump\091312-24024-01.dmp
    2012-09-13 03:14 - 2012-09-13 03:14 - 00000342 ____A C:\Windows\PFRO.log
    2012-09-10 10:07 - 2012-09-10 10:07 - 00000000 ____D C:\Windows\System32\Drivers\AVG
    2012-09-10 10:07 - 2012-09-10 10:07 - 00000000 ____D C:\AVG2012
    2012-09-09 20:35 - 2012-09-09 20:36 - 00000000 ___SD C:\ComboFix
    2012-09-09 20:35 - 2012-09-09 20:35 - 00001106 ____A C:\Users\stewart\Desktop\ComboFix - Shortcut.lnk
    2012-09-09 20:13 - 2012-09-09 20:14 - 00040776 ____A (Malwarebytes Corporation) C:\Windows\System32\Drivers\mbamswissarmy.sys
    2012-09-09 19:51 - 2012-09-09 19:51 - 00144864 ____A C:\Windows\Minidump\090912-29702-01.dmp
    2012-09-09 19:48 - 2012-09-17 07:14 - 00059073 ____A C:\Windows\WindowsUpdate.log
    2012-09-09 19:30 - 2012-09-09 19:30 - 00000000 ____D C:\Qoobox
    2012-09-09 19:30 - 2011-06-25 22:45 - 00256000 ____A C:\Windows\PEV.exe
    2012-09-09 19:30 - 2010-11-07 09:20 - 00208896 ____A C:\Windows\MBR.exe
    2012-09-09 19:30 - 2009-04-19 20:56 - 00060416 ____A (NirSoft) C:\Windows\NIRCMD.exe
    2012-09-09 19:30 - 2000-08-30 16:00 - 00518144 ____A (SteelWerX) C:\Windows\SWREG.exe
    2012-09-09 19:30 - 2000-08-30 16:00 - 00406528 ____A (SteelWerX) C:\Windows\SWSC.exe
    2012-09-09 19:30 - 2000-08-30 16:00 - 00098816 ____A C:\Windows\sed.exe
    2012-09-09 19:30 - 2000-08-30 16:00 - 00080412 ____A C:\Windows\grep.exe
    2012-09-09 19:30 - 2000-08-30 16:00 - 00068096 ____A C:\Windows\zip.exe
    2012-09-09 19:18 - 2012-09-09 19:18 - 00000000 ____D C:\Windows\erdnt
    2012-09-09 19:17 - 2012-09-09 19:28 - 04747716 ____R (Swearware) C:\Users\stewart\Downloads\ComboFix.exe
    2012-09-09 19:13 - 2012-09-09 19:13 - 00148992 ____A C:\Windows\Minidump\090912-31184-01.dmp
    2012-09-09 18:57 - 2012-09-09 18:57 - 00144856 ____A C:\Windows\Minidump\090912-24008-01.dmp
    2012-09-09 18:25 - 2012-09-09 18:25 - 00144864 ____A C:\Windows\Minidump\090912-33555-01.dmp
    2012-09-09 18:12 - 2012-09-09 18:12 - 00002470 ____A C:\Users\stewart\Desktop\Rkill.txt
    2012-09-09 18:11 - 2012-09-09 18:11 - 01629088 ____A (Bleeping Computer, LLC) C:\Users\stewart\Downloads\rkill.exe
    2012-09-09 17:52 - 2012-09-09 17:52 - 00144856 ____A C:\Windows\Minidump\090912-38719-01.dmp
    2012-09-09 17:45 - 2012-09-09 17:47 - 62856768 ____A (COMODO) C:\Users\stewart\Downloads\cav_installer_3264_29.exe
    2012-09-09 17:42 - 2012-09-09 17:43 - 00144864 ____A C:\Windows\Minidump\090912-29203-01.dmp
    2012-09-09 17:38 - 2012-09-09 17:40 - 62856768 ____A (COMODO) C:\Users\stewart\Desktop\cav_installer_3264_29.exe
    2012-09-08 19:33 - 2012-09-08 19:33 - 00144864 ____A C:\Windows\Minidump\090812-30981-01.dmp
    2012-09-08 19:30 - 2012-09-08 19:30 - 00054016 ____A C:\Windows\System32\Drivers\hwvtsa.sys
    2012-09-08 15:40 - 2012-09-08 15:40 - 00144864 ____A C:\Windows\Minidump\090812-29343-01.dmp
    2012-09-08 15:00 - 2012-09-17 07:10 - 208608200 ____A C:\Windows\MEMORY.DMP
    2012-09-08 15:00 - 2012-09-08 15:01 - 00144864 ____A C:\Windows\Minidump\090812-33165-01.dmp
    2012-09-08 14:48 - 2012-09-08 14:48 - 00000000 ____D C:\Users\stewart\Downloads\Alcohol 120 v2.0.0.1331+Patch(Works with w7) [ kk ]
    2012-09-08 14:37 - 2012-09-17 07:10 - 00004770 ____A C:\Windows\setupact.log
    2012-09-08 14:37 - 2012-09-08 14:37 - 00000000 ____A C:\Windows\setuperr.log
    2012-09-01 20:03 - 2012-09-15 20:03 - 00000000 ____D C:\Users\stewart\Desktop\Vocab
    2012-09-01 09:31 - 2012-09-01 09:31 - 00003360 ____A C:\Users\stewart\Desktop\mbam 5.txt
    2012-09-01 09:18 - 2012-09-01 09:18 - 00001067 ____A C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
    2012-09-01 09:18 - 2012-07-03 10:46 - 00022344 ____A (Malwarebytes Corporation) C:\Windows\System32\Drivers\mbam.sys
    2012-09-01 09:16 - 2012-08-27 14:29 - 10652120 ____A (Malwarebytes Corporation ) C:\Users\stewart\Desktop\mbam-setup-1.62.0.1300.exe
    2012-09-01 09:05 - 2012-09-09 19:12 - 00000000 ____D C:\TDSSKiller_Quarantine
    2012-09-01 09:03 - 2012-08-27 13:49 - 02193184 ____A C:\Users\stewart\Desktop\tdsskiller.zip
    2012-08-27 17:20 - 2012-08-27 17:20 - 00003036 ____A C:\Users\stewart\Desktop\aswMBR.txt 4.txt
    2012-08-27 14:37 - 2012-09-01 09:18 - 00000000 ____D C:\Program Files\Malwarebytes' Anti-Malware
    2012-08-27 14:37 - 2012-08-27 14:37 - 00000000 ____D C:\Users\stewart\AppData\Roaming\Malwarebytes
    2012-08-27 14:24 - 2012-08-27 17:20 - 00000512 ____A C:\Users\stewart\Desktop\MBR.dat
    2012-08-25 16:46 - 2012-09-01 12:11 - 00000000 ____D C:\Windows\4FC9DA9DF608454E8191D7EFFDCC5726.TMP
    2012-08-25 16:39 - 2012-08-25 16:39 - 00000000 ____D C:\Users\stewart\Downloads\SpyHunter 4.1.11.0 + Crack [dazz1][h33t]
    2012-08-24 12:43 - 2012-08-24 12:43 - 00301920 ____A (AVG Technologies CZ, s.r.o.) C:\Windows\System32\Drivers\avgtdix.sys
    2012-08-19 13:31 - 2012-08-19 13:31 - 00000000 ____D C:\Users\Kids\AppData\Local\AVG Secure Search

    ============ 3 Months Modified Files ========================

    2012-09-17 19:11 - 2009-07-13 20:34 - 00020656 ___AH C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
    2012-09-17 19:11 - 2009-07-13 20:34 - 00020656 ___AH C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
    2012-09-17 07:15 - 2012-04-10 21:17 - 00000884 ____A C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
    2012-09-17 07:15 - 2009-07-13 20:53 - 00032574 ____A C:\Windows\Tasks\SCHEDLGU.TXT
    2012-09-17 07:14 - 2012-09-09 19:48 - 00059073 ____A C:\Windows\WindowsUpdate.log
    2012-09-17 07:14 - 2009-07-13 20:53 - 00000006 ___AH C:\Windows\Tasks\SA.DAT
    2012-09-17 07:10 - 2012-09-17 07:10 - 00144848 ____A C:\Windows\Minidump\091712-20888-01.dmp
    2012-09-17 07:10 - 2012-09-08 15:00 - 208608200 ____A C:\Windows\MEMORY.DMP
    2012-09-17 07:10 - 2012-09-08 14:37 - 00004770 ____A C:\Windows\setupact.log
    2012-09-16 04:43 - 2012-09-16 04:43 - 00144864 ____A C:\Windows\Minidump\091612-25537-01.dmp
    2012-09-15 19:19 - 2012-09-15 19:19 - 00014359 ____A C:\Users\stewart\Desktop\hlhuihil.htm
    2012-09-15 13:58 - 2012-09-15 13:58 - 00144848 ____A C:\Windows\Minidump\091512-20514-01.dmp
    2012-09-15 12:06 - 2012-09-15 12:06 - 00144848 ____A C:\Windows\Minidump\091512-21668-01.dmp
    2012-09-15 11:22 - 2012-09-15 11:22 - 00144848 ____A C:\Windows\Minidump\091512-21918-01.dmp
    2012-09-15 09:01 - 2012-09-15 09:01 - 00144856 ____A C:\Windows\Minidump\091512-22105-01.dmp
    2012-09-14 19:56 - 2012-04-04 13:47 - 00000830 ____A C:\Windows\Tasks\Adobe Flash Player Updater.job
    2012-09-14 19:27 - 2012-04-10 21:17 - 00000888 ____A C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
    2012-09-14 17:29 - 2010-11-20 13:01 - 00713714 ____A C:\Windows\System32\PerfStringBackup.INI
    2012-09-14 17:21 - 2012-09-14 17:21 - 00144864 ____A C:\Windows\Minidump\091412-23680-01.dmp
    2012-09-14 12:30 - 2012-09-14 12:30 - 00144856 ____A C:\Windows\Minidump\091412-20763-01.dmp
    2012-09-14 08:10 - 2012-09-14 08:10 - 00144864 ____A C:\Windows\Minidump\091412-20841-01.dmp
    2012-09-13 03:25 - 2012-09-13 03:25 - 00144864 ____A C:\Windows\Minidump\091312-24024-01.dmp
    2012-09-13 03:14 - 2012-09-13 03:14 - 00000342 ____A C:\Windows\PFRO.log
    2012-09-10 10:06 - 2012-08-16 05:53 - 00000935 ____A C:\Users\Public\Desktop\AVG 2012.lnk
    2012-09-09 20:35 - 2012-09-09 20:35 - 00001106 ____A C:\Users\stewart\Desktop\ComboFix - Shortcut.lnk
    2012-09-09 20:14 - 2012-09-09 20:13 - 00040776 ____A (Malwarebytes Corporation) C:\Windows\System32\Drivers\mbamswissarmy.sys
    2012-09-09 19:51 - 2012-09-09 19:51 - 00144864 ____A C:\Windows\Minidump\090912-29702-01.dmp
    2012-09-09 19:28 - 2012-09-09 19:17 - 04747716 ____R (Swearware) C:\Users\stewart\Downloads\ComboFix.exe
    2012-09-09 19:19 - 2009-07-13 15:11 - 00259072 ____A (Microsoft Corporation) C:\Windows\System32\services.exe
    2012-09-09 19:13 - 2012-09-09 19:13 - 00148992 ____A C:\Windows\Minidump\090912-31184-01.dmp
    2012-09-09 18:57 - 2012-09-09 18:57 - 00144856 ____A C:\Windows\Minidump\090912-24008-01.dmp
    2012-09-09 18:25 - 2012-09-09 18:25 - 00144864 ____A C:\Windows\Minidump\090912-33555-01.dmp
    2012-09-09 18:12 - 2012-09-09 18:12 - 00002470 ____A C:\Users\stewart\Desktop\Rkill.txt
    2012-09-09 18:11 - 2012-09-09 18:11 - 01629088 ____A (Bleeping Computer, LLC) C:\Users\stewart\Downloads\rkill.exe
    2012-09-09 17:52 - 2012-09-09 17:52 - 00144856 ____A C:\Windows\Minidump\090912-38719-01.dmp
    2012-09-09 17:47 - 2012-09-09 17:45 - 62856768 ____A (COMODO) C:\Users\stewart\Downloads\cav_installer_3264_29.exe
    2012-09-09 17:43 - 2012-09-09 17:42 - 00144864 ____A C:\Windows\Minidump\090912-29203-01.dmp
    2012-09-09 17:40 - 2012-09-09 17:38 - 62856768 ____A (COMODO) C:\Users\stewart\Desktop\cav_installer_3264_29.exe
    2012-09-08 19:33 - 2012-09-08 19:33 - 00144864 ____A C:\Windows\Minidump\090812-30981-01.dmp
    2012-09-08 19:30 - 2012-09-08 19:30 - 00054016 ____A C:\Windows\System32\Drivers\hwvtsa.sys
    2012-09-08 15:40 - 2012-09-08 15:40 - 00144864 ____A C:\Windows\Minidump\090812-29343-01.dmp
    2012-09-08 15:01 - 2012-09-08 15:00 - 00144864 ____A C:\Windows\Minidump\090812-33165-01.dmp
    2012-09-08 14:37 - 2012-09-08 14:37 - 00000000 ____A C:\Windows\setuperr.log
    2012-09-04 07:27 - 2012-04-09 11:23 - 00000632 _RASH C:\Users\stewart\ntuser.pol
    2012-09-01 09:31 - 2012-09-01 09:31 - 00003360 ____A C:\Users\stewart\Desktop\mbam 5.txt
    2012-09-01 09:18 - 2012-09-01 09:18 - 00001067 ____A C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
    2012-08-27 17:20 - 2012-08-27 17:20 - 00003036 ____A C:\Users\stewart\Desktop\aswMBR.txt 4.txt
    2012-08-27 17:20 - 2012-08-27 14:24 - 00000512 ____A C:\Users\stewart\Desktop\MBR.dat
    2012-08-27 14:29 - 2012-09-01 09:16 - 10652120 ____A (Malwarebytes Corporation ) C:\Users\stewart\Desktop\mbam-setup-1.62.0.1300.exe
    2012-08-27 13:49 - 2012-09-01 09:03 - 02193184 ____A C:\Users\stewart\Desktop\tdsskiller.zip
    2012-08-24 19:40 - 2012-06-28 09:38 - 00000258 ____A C:\Windows\Tasks\RMSchedule.job
    2012-08-24 12:43 - 2012-08-24 12:43 - 00301920 ____A (AVG Technologies CZ, s.r.o.) C:\Windows\System32\Drivers\avgtdix.sys
    2012-08-16 05:53 - 2012-08-16 05:53 - 00027496 ____A (AVG Technologies) C:\Windows\System32\Drivers\avgtpx86.sys
    2012-08-16 05:44 - 2012-08-16 05:44 - 03897504 ____A (AVG Technologies) C:\Users\stewart\Downloads\avg_avct_stb_all_2012_1796_cm10.exe
    2012-08-15 06:56 - 2012-04-04 13:47 - 00426184 ____A (Adobe Systems Incorporated) C:\Windows\System32\FlashPlayerApp.exe
    2012-08-15 06:56 - 2012-03-20 10:41 - 00070344 ____A (Adobe Systems Incorporated) C:\Windows\System32\FlashPlayerCPLApp.cpl
    2012-08-13 10:09 - 2012-08-13 10:08 - 07314137 ____A C:\Users\stewart\Downloads\MULTIPLICATION - Award-Winning 3 Times Table Multiplication Song For Kids.mp4
    2012-08-13 10:07 - 2012-08-13 10:07 - 07342557 ____A C:\Users\stewart\Downloads\MULTIPLICATION - Award-Winning 4 Times Table Multiplication Song For Kids.mp4
    2012-08-13 10:04 - 2012-08-13 10:04 - 07371534 ____A C:\Users\stewart\Downloads\MULTIPLICATION - Award-Winning 2 Times Table Multiplication Song For Kids(1).mp4
    2012-08-13 10:03 - 2012-08-13 10:03 - 07371534 ____A C:\Users\stewart\Downloads\MULTIPLICATION - Award-Winning 2 Times Table Multiplication Song For Kids.mp4
    2012-08-13 10:01 - 2012-08-13 10:01 - 06705235 ____A C:\Users\stewart\Downloads\8 TIMES TABLE MULTIPLICATION SONG WITH NUMBEAR 8, JERRY.mp4
    2012-08-13 10:01 - 2012-08-13 10:00 - 09292402 ____A C:\Users\stewart\Downloads\Counting By Eights Song.mp4
    2012-08-12 05:59 - 2012-08-12 05:59 - 03949713 ____A C:\Users\Kids\Downloads\01 By his grace.wma
    2012-08-12 05:28 - 2012-08-12 05:28 - 03949713 ____A C:\Users\Kids\Desktop\01 By his grace.wma
    2012-08-07 21:43 - 2012-08-07 21:43 - 00000848 ____A C:\Users\Public\Desktop\NETGEAR WNA1100 Genie.lnk
    2012-07-31 18:05 - 2012-07-31 18:04 - 11003832 ____A (Acresso Software Inc. ) C:\Users\stewart\Downloads\LGUnitedMobileDriver_S4981MAN37AP22_ML_WHQL_Ver_3.7.2(1).exe
    2012-07-31 18:04 - 2012-07-31 18:04 - 11003832 ____A (Acresso Software Inc. ) C:\Users\stewart\Downloads\LGUnitedMobileDriver_S4981MAN37AP22_ML_WHQL_Ver_3.7.2.exe
    2012-07-31 16:59 - 2012-07-31 16:59 - 11782374 ____A (Joe Pham <djpham@bitpim.org> ) C:\Users\stewart\Downloads\bitpim-1.0.7-setup.exe
    2012-07-31 16:59 - 2012-07-31 16:59 - 00582872 ____A C:\Users\stewart\Downloads\Brothersoft_downloader_For_BitPIM.exe
    2012-07-31 09:36 - 2012-07-31 09:36 - 02371475 ____A C:\Users\stewart\Downloads\Drum Rudiments 3 - Single Stroke Seven - DrumRudiments.com.mp4
    2012-07-27 18:39 - 2012-03-23 08:30 - 00000022 ____A C:\Windows\Model.txt
    2012-07-27 18:33 - 2012-07-27 18:33 - 06939000 ____A C:\Users\stewart\Downloads\INDWLL-03823813-732.EXE
    2012-07-27 18:33 - 2012-07-27 18:33 - 05412656 ____A C:\Users\stewart\Downloads\INDWLL-13984300-US.EXE
    2012-07-27 18:32 - 2012-07-27 18:32 - 03864696 ____A C:\Users\stewart\Downloads\SOAOTH-00263500-1040(1).EXE
    2012-07-27 18:32 - 2012-07-27 18:32 - 03478832 ____A C:\Users\stewart\Downloads\INDWLL-76697669-32(1).EXE
    2012-07-27 18:31 - 2012-07-27 18:31 - 06560560 ____A C:\Users\stewart\Downloads\SOAOTH-00165709-US.EXE
    2012-07-27 18:29 - 2012-07-27 18:29 - 03478832 ____A C:\Users\stewart\Downloads\INDWLL-76697669-32.EXE
    2012-07-27 18:11 - 2012-07-27 18:11 - 03864696 ____A C:\Users\stewart\Downloads\SOAOTH-00263500-1040.EXE
    2012-07-27 18:08 - 2012-07-27 18:08 - 00725440 ____A (Enigma Software Group USA, LLC.) C:\Users\stewart\Downloads\SpyHunter-Installer.exe
    2012-07-26 11:15 - 2012-07-26 11:15 - 03879800 ____A (AVG Technologies) C:\Users\stewart\Downloads\avg_free_stb_all_2012_2197_cnet.exe
    2012-07-25 10:10 - 2012-07-25 10:10 - 00513204 ____A C:\Users\stewart\Downloads\6781412012-07-25-14_09_50.zip
    2012-07-25 09:59 - 2012-07-25 09:59 - 00491352 ____A C:\Users\stewart\Downloads\6812402012-07-25-13_58_56.zip
    2012-07-25 09:58 - 2012-07-25 09:58 - 00500969 ____A C:\Users\stewart\Downloads\6820702012-07-25-13_58_36.zip
    2012-07-25 09:48 - 2012-07-25 09:48 - 00615699 ____A C:\Users\stewart\Downloads\6694282012-07-25-13_47_59.zip
    2012-07-25 09:47 - 2012-07-25 09:47 - 00588839 ____A C:\Users\stewart\Downloads\6709622012-07-25-13_47_04.zip
    2012-07-14 22:47 - 2012-07-14 22:47 - 00004879 ____A C:\Users\stewart\Documents\men choir song.txt
    2012-07-14 22:47 - 2012-07-14 22:47 - 00004879 ____A C:\Users\stewart\Desktop\men choir song.txt
    2012-07-14 13:16 - 2012-07-14 13:16 - 21877880 ____A (Intel Corporation) C:\Users\stewart\Downloads\winvista_15124.exe
    2012-07-07 09:35 - 2012-07-07 09:35 - 00000005 ____A C:\Users\stewart\Documents\registration number.txt
    2012-07-06 09:02 - 2012-07-06 09:02 - 00000000 ____A C:\Windows\System32\dlumdfb9.dll
    2012-07-06 09:02 - 2012-07-06 09:02 - 00000000 ____A C:\Windows\System32\dlumdfb11.dll
    2012-07-06 09:02 - 2012-07-06 09:02 - 00000000 ____A C:\Windows\System32\dlumdfb10.dll
    2012-07-06 09:02 - 2012-07-06 09:02 - 00000000 ____A C:\Windows\System32\dlumd9.dll
    2012-07-06 09:02 - 2012-07-06 09:02 - 00000000 ____A C:\Windows\System32\dlumd11.dll
    2012-07-06 09:02 - 2012-07-06 09:02 - 00000000 ____A C:\Windows\System32\dlumd10.dll
    2012-07-06 09:01 - 2012-07-06 09:01 - 17695192 ____A (DisplayLink Corp.) C:\Users\stewart\Downloads\DisplayLink-6.3M0.exe
    2012-07-04 10:48 - 2012-07-04 10:48 - 00001216 ____A C:\Users\stewart\Desktop\Spybot - Search & Destroy.lnk
    2012-07-03 10:46 - 2012-09-01 09:18 - 00022344 ____A (Malwarebytes Corporation) C:\Windows\System32\Drivers\mbam.sys
    2012-06-30 09:50 - 2012-06-30 09:50 - 00946352 ____A (Skype Technologies S.A.) C:\Users\stewart\Downloads\SkypeSetup.exe
    2012-06-27 15:19 - 2012-06-27 15:19 - 01164592 ____A C:\Users\stewart\Downloads\TIDMSC-01549400-US.EXE
    2012-06-27 15:14 - 2012-06-27 15:12 - 49807224 ____A C:\Users\stewart\Downloads\SOACTD-00225147-1060.EXE
    2012-06-24 05:19 - 2012-03-23 09:10 - 00000828 ____A C:\Windows\Brpfx04a.ini
    2012-06-21 08:10 - 2012-06-21 08:09 - 16409960 ____A (Safer Networking Limited ) C:\Users\stewart\Downloads\spybotsd162.exe

    ZeroAccess:
    C:\Windows\Installer\{5cd7973e-55b3-cd4e-9b48-7bc56081e63c}
    C:\Windows\Installer\{5cd7973e-55b3-cd4e-9b48-7bc56081e63c}\L
    C:\Windows\Installer\{5cd7973e-55b3-cd4e-9b48-7bc56081e63c}\U
    C:\Windows\Installer\{5cd7973e-55b3-cd4e-9b48-7bc56081e63c}\L\00000004.@
    C:\Windows\Installer\{5cd7973e-55b3-cd4e-9b48-7bc56081e63c}\L\201d3dde

    ZeroAccess:
    C:\Windows\System32\config\systemprofile\AppData\Local\{5cd7973e-55b3-cd4e-9b48-7bc56081e63c}
    C:\Windows\System32\config\systemprofile\AppData\Local\{5cd7973e-55b3-cd4e-9b48-7bc56081e63c}\@
    C:\Windows\System32\config\systemprofile\AppData\Local\{5cd7973e-55b3-cd4e-9b48-7bc56081e63c}\L
    C:\Windows\System32\config\systemprofile\AppData\Local\{5cd7973e-55b3-cd4e-9b48-7bc56081e63c}\U

    ==================== Known DLLs (Whitelisted) =================


    ==================== Bamital & volsnap Check =================

    C:\Windows\explorer.exe => MD5 is legit
    C:\Windows\System32\winlogon.exe => MD5 is legit
    C:\Windows\System32\wininit.exe => MD5 is legit
    C:\Windows\System32\svchost.exe => MD5 is legit
    C:\Windows\System32\services.exe => MD5 is legit
    C:\Windows\System32\User32.dll => MD5 is legit
    C:\Windows\System32\userinit.exe => MD5 is legit
    C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit

    TDL4: custom:26000022 <===== ATTENTION!

    ==================== EXE ASSOCIATION =====================

    HKLM\...\.exe: exefile => OK
    HKLM\...\exefile\DefaultIcon: %1 => OK
    HKLM\...\exefile\open\command: "%1" %* => OK

    ==================== Restore Points =========================

    Restore point made on: 2012-07-27 18:10:31
    Restore point made on: 2012-07-27 18:38:40
    Restore point made on: 2012-07-27 18:39:25
    Restore point made on: 2012-07-28 13:01:30
    Restore point made on: 2012-07-31 17:03:52
    Restore point made on: 2012-07-31 18:05:32
    Restore point made on: 2012-08-07 21:43:36
    Restore point made on: 2012-08-16 05:49:43
    Restore point made on: 2012-08-25 16:46:50

    ==================== Memory info ===========================

    Percentage of memory in use: 19%
    Total physical RAM: 2038.41 MB
    Available physical RAM: 1638.62 MB
    Total Pagefile: 2038.41 MB
    Available Pagefile: 1645.95 MB
    Total Virtual: 2047.88 MB
    Available Virtual: 1979.19 MB

    ==================== Partitions ============================

    1 Drive c: () (Fixed) (Total:223.12 GB) (Free:136.22 GB) NTFS
    3 Drive f: (USB20FD) (Removable) (Total:7.52 GB) (Free:7.52 GB) FAT32
    4 Drive x: (Boot) (Fixed) (Total:0.03 GB) (Free:0.03 GB) NTFS
    5 Drive y: () (Fixed) (Total:9.77 GB) (Free:0.15 GB) NTFS ==>[System with boot components (obtained from reading drive)]

    Disk ### Status Size Free Dyn Gpt
    -------- ------------- ------- ------- --- ---
    Disk 0 Online 232 GB 0 B
    Disk 1 Online 7722 MB 0 B

    Partitions of Disk 0:
    ===============

    Partition ### Type Size Offset
    ------------- ---------------- ------- -------
    Partition 1 Primary 9 GB 31 KB
    Partition 2 Primary 223 GB 9 GB

    ==================================================================================

    Disk: 0
    Partition 1
    Type : 07
    Hidden: No
    Active: Yes

    Volume ### Ltr Label Fs Type Size Status Info
    ---------- --- ----------- ----- ---------- ------- --------- --------
    * Volume 1 Y NTFS Partition 9 GB Healthy

    ==================================================================================

    Disk: 0
    Partition 2
    Type : 07
    Hidden: No
    Active: No

    Volume ### Ltr Label Fs Type Size Status Info
    ---------- --- ----------- ----- ---------- ------- --------- --------
    * Volume 2 C NTFS Partition 223 GB Healthy

    ==================================================================================

    Partitions of Disk 1:
    ===============

    Partition ### Type Size Offset
    ------------- ---------------- ------- -------
    Partition 1 Primary 7719 MB 3004 KB

    ==================================================================================

    Disk: 1
    Partition 1
    Type : 0C
    Hidden: No
    Active: Yes

    Volume ### Ltr Label Fs Type Size Status Info
    ---------- --- ----------- ----- ---------- ------- --------- --------
    * Volume 3 F USB20FD FAT32 Removable 7719 MB Healthy

    ==================================================================================

    Last Boot: 2012-08-16 07:53

    ==================== End Of Log =============================
  6. Jay Pfoutz

    Jay Pfoutz Malware Helper Posts: 4,286   +49

    FRST Fixlist

    Download the attached file, please. Save it on your flash drive. Make sure it maintains its current name fixlist.txt. Save it to the same location as FRST.

    NOTICE: This script was written specifically for this user, for use on this particular machine. Running this on another machine may cause damage to your operating system

    Now, please enter System Recovery Options then select Command Prompt.

    Run FRST and press the Fix button just once and wait.
    The tool will make a log on the flashdrive (Fixlog.txt) please post it to your reply.

    Now restart, let it boot normally and tell me how it went.

    Attached Files:

  7. hitstress

    hitstress TS Rookie Topic Starter

    Thanks. I ran FRST fix. After restarting, I still receive the BSOD. It happen when I am installing software. For instance, I tried to install firefox updates, and it went to bsod. I also trie to install Alcohol, and the program pulled up, but then went to BSOD. It still states the ataport.sys file is missing. All of this was actually happening before I ran any of the FRST test. My mouse arrow has disappeared too. It was doing this before I ran FRST.

    ___________
    Fix result of Farbar Recovery Tool (FRST written by Farbar) (x86) Version: 13-09-2012
    Ran by SYSTEM at 2012-09-20 10:50:51 Run:1
    Running from F:\

    ==============================================

    HKEY_USERS\Kids\Software\Microsoft\Windows\CurrentVersion\Policies\system\\LogonHoursAction Value deleted successfully.
    HKEY_USERS\Kids\Software\Microsoft\Windows\CurrentVersion\Policies\system\\DontDisplayLogonHoursWarnings Value deleted successfully.
    HKEY_USERS\stewart\Software\Microsoft\Windows\CurrentVersion\Policies\system\\LogonHoursAction Value deleted successfully.
    HKEY_USERS\stewart\Software\Microsoft\Windows\CurrentVersion\Policies\system\\DontDisplayLogonHoursWarnings Value deleted successfully.
    HKEY_USERS\Kids\Software\Microsoft\Windows\CurrentVersion\Run\\laswi Value deleted successfully.
    HKEY_USERS\Kids\Software\Microsoft\Windows\CurrentVersion\Run\\anmpir Value deleted successfully.
    03650649 service deleted successfully.
    C:\Users\stewart\Downloads\INDWLL-03823813-732.EXE moved successfully.
    C:\Users\stewart\Downloads\INDWLL-13984300-US.EXE moved successfully.
    C:\Users\stewart\Downloads\SOAOTH-00263500-1040(1).EXE moved successfully.
    C:\Users\stewart\Downloads\INDWLL-76697669-32(1).EXE moved successfully.
    C:\Users\stewart\Downloads\SOAOTH-00165709-US.EXE moved successfully.
    C:\Users\stewart\Downloads\INDWLL-76697669-32.EXE moved successfully.
    C:\Users\stewart\Downloads\SOAOTH-00263500-1040.EXE moved successfully.
    C:\Users\stewart\Downloads\SpyHunter-Installer.exe moved successfully.
    C:\Users\stewart\Downloads\6781412012-07-25-14_09_50.zip moved successfully.
    C:\Users\stewart\Downloads\6812402012-07-25-13_58_56.zip moved successfully.
    C:\Users\stewart\Downloads\6820702012-07-25-13_58_36.zip moved successfully.
    C:\Users\stewart\Downloads\6694282012-07-25-13_47_59.zip moved successfully.
    C:\Users\stewart\Downloads\6709622012-07-25-13_47_04.zip moved successfully.
    C:\Users\stewart\Downloads\TIDMSC-01549400-US.EXE moved successfully.
    C:\Users\stewart\Downloads\SOACTD-00225147-1060.EXE moved successfully.
    C:\Users\stewart\Downloads\spybotsd162.exe moved successfully.
    C:\Windows\Installer\{5cd7973e-55b3-cd4e-9b48-7bc56081e63c} moved successfully.
    C:\Windows\System32\config\systemprofile\AppData\Local\{5cd7973e-55b3-cd4e-9b48-7bc56081e63c} moved successfully.

    The operation completed successfully.
    The operation completed successfully.

    ==== End of Fixlog ====
  8. Jay Pfoutz

    Jay Pfoutz Malware Helper Posts: 4,286   +49

    Alcohol install will give BSOD, because of driver problems.

    ComboFix

    Please download ComboFix[​IMG] by sUBs
    From BleepingComputer.com

    Please save the file to your Desktop, but rename it first to svchost.exe

    Important information about ComboFix

    Before the download:
    • Please copy and paste these instructions to Notepad and save to your Desktop, or print them - for easier access.
    • It is important to rename ComboFix before the download.
    • Please do not rename ComboFix to other names, but only the one indicated.
    After the download:
    • Close any open browsers.
    • Very Important: Temporarily disable your anti-virus, script blocking and any anti-malware real-time protection before performing a scan. They can interfere with ComboFix or remove some of its embedded files which may cause "unpredictable results". Please visit here if you don't know how.
    • WARNING: Combofix will disconnect your machine from the Internet as soon as it starts
    • Please do not attempt to re-connect your machine back to the Internet until ComboFix has completely finished.
    • If there is no Internet connection after running ComboFix, then restart your computer to restore back your connection.
    Running ComboFix:
    • Double click on svchost.exe & follow the prompts.
    • It will attempt to install the Recovery Console:
    • When ComboFix finishes, it will produce a report for you.
    • Please post the "C:\Combo-Fix.txt" in your next reply.
    Troubleshooting ComboFix

    Safe Mode:

    If you still cannot get ComboFix to run, try booting into Safe Mode, and run it there.

    (To boot into Safe Mode, tap F8 after BIOS, and just before the Windows
    logo appears. A list of options will appear, select "Safe Mode.")

    Re-downloading:

    If this doesn't work either, try the same method (above method), but try to download it again, except name
    ComboFix.exe to iexplore.exe, explorer.exe, or winlogon.exe.

    Malware is known for blocking all "user" processes, except for its whitelist of system important processes such as iexplore.exe, explorer.exe, winlogon.exe.

    NOTE: If you encounter a message "illegal operation attempted on registry key that has been marked for deletion" and no programs will run - please just reboot and that will resolve that error.
  9. Jay Pfoutz

    Jay Pfoutz Malware Helper Posts: 4,286   +49

    Hi! Are you still with us?

    Update us on the status of your computer, we'd still like to help.

    Topic marked inactive.
  10. hitstress

    hitstress TS Rookie Topic Starter

    Hi,
    I was wondering are you able to reopen my topic please? I am sorry I was away for about a week or so. I ran the combofix. The 1st time it will scan, however, it won't give me a log. I tried to run it again, and it gave me an error message.
    Error: :32788222FWJFW\Dev.3xe- Error opening file for writing. I then uninstalled combofix, and installed it again. It scanned but won't give me log so I may post to you. Also, alcohol is not installed on my computer. I was trying to install it and kept getting bsod. Thank you.
  11. Jay Pfoutz

    Jay Pfoutz Malware Helper Posts: 4,286   +49

    Let's work with RogueKiller...

    • Download RogueKiller and save it on your desktop.
    • Quit all programs
    • Start RogueKiller.exe.
    • Wait until Prescan has finished ...
    • Click on Scan
    [​IMG]

    • Wait for the end of the scan.
    • The report has been created on the desktop.
    • Click on the Delete button.
    [​IMG]

    • The report has been created on the desktop.
    • Next click on the ShortcutsFix

      [​IMG]
    • The report has been created on the desktop.
    Please post:

    All RKreport.txt text files located on your desktop.

    ===========================================


    ESET Online Scan

    Please run a free online scan with the ESET Online Scanner
    • Tick the box next to YES, I accept the Terms of Use
    • Click Start
    • When asked, allow the ActiveX control to install, or it will ask to download an installer. Please do so an install it.
    • Click Start or wait for the scanner to load.
    • Make sure that the options Remove found threats and the option Scan unwanted applications are checked.
    • Click Scan (This scan can take several hours, so please be patient)
    • Once the scan is completed, there are a couple of things to keep in mind:
    • 1. If NO threats were found, allow the scanner to Uninstall on close and then close the Window.
    • 2. If threats WERE detected, click on List of Threats Found, Export to Text File...save it as ESET-Scan-Log.txt. Click the back button/link, put a checkmark to Uninstall Application on Close and then close the window.
    • Open the logfile from wherever you saved it
    • Copy and paste the contents in your next reply.
     
  12. hitstress

    hitstress TS Rookie Topic Starter

    Thank you so much for re-opening my topic. Here are my logs as requested. I was able to run combofix and have a log!! I also posted logs of ESET and Rogue killer. About the ESET log, I did not check "delete quarantined files." Was I suppossed to have checked it? Thank you.

    RogueKiller V8.1.0 [09/28/2012] by Tigzy
    mail: tigzyRK<at>gmail<dot>com
    Feedback: http://www.geekstogo.com/forum/files/file/413-roguekiller/
    Website: http://tigzy.geekstogo.com/roguekiller.php
    Blog: http://tigzyrk.blogspot.com

    Operating System: Windows 7 (6.1.7601 Service Pack 1) 32 bits version
    Started in : Safe mode
    User : stewart [Admin rights]
    Mode : Shortcuts HJfix -- Date : 10/02/2012 00:38:57

    ¤¤¤ Bad processes : 1 ¤¤¤
    [SUSP PATH][DLL] explorer.exe -- E:\Windows\explorer.exe : E:\Users\stewart\AppData\Local\Temp\catchme.dll -> UNLOADED

    ¤¤¤ Driver : [NOT LOADED] ¤¤¤

    ¤¤¤ Extern Hives: ¤¤¤
    -> C:\windows\system32\config\SOFTWARE
    -> C:\Documents and Settings\Administrator\NTUSER.DAT
    -> C:\Documents and Settings\Default User\NTUSER.DAT
    -> C:\Documents and Settings\LocalService\NTUSER.DAT
    -> C:\Documents and Settings\NetworkService\NTUSER.DAT
    -> C:\Documents and Settings\Tarver\NTUSER.DAT
    -> C:\Documents and Settings\Tarver.STEWART-280B2DD\NTUSER.DAT

    ¤¤¤ File attributes restored: ¤¤¤
    Desktop: Success 43 / Fail 0
    Quick launch: Success 1 / Fail 0
    Programs: Success 10 / Fail 0
    Start menu: Success 1 / Fail 0
    User folder: Success 605 / Fail 0
    My documents: Success 14 / Fail 14
    My favorites: Success 0 / Fail 0
    My pictures: Success 0 / Fail 0
    My music: Success 15 / Fail 0
    My videos: Success 0 / Fail 0
    Local drives: Success 516 / Fail 0
    Backup: [NOT FOUND]

    Drives:
    [C:] \Device\HarddiskVolume1 -- 0x3 --> Restored
    [D:] \Device\CdRom0 -- 0x5 --> Skipped
    [E:] \Device\HarddiskVolume2 -- 0x3 --> Restored

    ¤¤¤ Infection : Root.MBR ¤¤¤

    Finished : << RKreport[4].txt >>
    RKreport[1].txt ; RKreport[2].txt ; RKreport[3].txt ; RKreport[4].txt

    ______________________________________________________________________

    E:\Program Files\Advanced Fix 2012\AdvancedFix.exe a variant of Win32/RegistryNuke application cleaned by deleting - quarantined
    E:\ProgramData\AVG2012\IDS\quarantine\533f8dce-26be-47d0-9e0a-d153c65727a8\53feb374-26be-47d0-9e0a-d153c65727a8 Win32/Sirefef.EZ trojan deleted - quarantined
    E:\ProgramData\AVG2012\IDS\quarantine\5ca07a7b-26bc-47d0-aadb-d153c65727a8\5f72bfcf-26bc-47d0-aadb-d153c65727a8 Win32/Sirefef.EZ trojan deleted - quarantined
    E:\ProgramData\AVG2012\IDS\quarantine\6dd8929d-2695-47d0-9e31-d155f9baa6e8\14b890d1-26ac-47d0-9e31-d153c65727a8 Win32/Sirefef.EZ trojan deleted - quarantined
    E:\ProgramData\AVG2012\IDS\quarantine\c7e3d39b-26a3-47d0-a70a-d153c65727a8\c15d2cd8-26a3-47d0-a70a-d153c65727a8 Win32/Sirefef.EZ trojan deleted - quarantined
    E:\ProgramData\Microsoft\Windows\DRM\ABEA.tmp a variant of Win32/Kryptik.AIYZ trojan cleaned by deleting - quarantined
    E:\ProgramData\Spybot - Search & Destroy\Recovery\WinChinkygen1.zip Win32/Bagle.gen.zip worm cleaned by deleting - quarantined
    E:\TDSSKiller_Quarantine\01.09.2012_12.04.27\mbr0000\tdlfs0000\tsk0001.dta Win32/Olmarik.AYI trojan cleaned by deleting - quarantined
    E:\TDSSKiller_Quarantine\01.09.2012_12.04.27\mbr0000\tdlfs0000\tsk0002.dta Win64/Olmarik.AK trojan cleaned by deleting - quarantined
    E:\TDSSKiller_Quarantine\01.09.2012_12.04.27\mbr0000\tdlfs0000\tsk0003.dta Win32/Olmarik.AYH trojan cleaned by deleting - quarantined
    E:\TDSSKiller_Quarantine\01.09.2012_12.04.27\mbr0000\tdlfs0000\tsk0004.dta Win64/Olmarik.AL trojan cleaned by deleting - quarantined
    E:\TDSSKiller_Quarantine\01.09.2012_12.04.27\mbr0000\tdlfs0000\tsk0005.dta a variant of Win32/Rootkit.Kryptik.NH trojan cleaned by deleting - quarantined
    E:\TDSSKiller_Quarantine\01.09.2012_12.04.27\mbr0000\tdlfs0000\tsk0006.dta Win64/Olmarik.AK trojan cleaned by deleting - quarantined
    E:\TDSSKiller_Quarantine\01.09.2012_12.04.27\mbr0000\tdlfs0000\tsk0010.dta Win32/Olmarik.AFK trojan cleaned by deleting - quarantined
    E:\TDSSKiller_Quarantine\01.09.2012_12.04.27\mbr0000\tdlfs0000\tsk0011.dta Win64/Olmarik.AK trojan cleaned by deleting - quarantined
    E:\TDSSKiller_Quarantine\01.09.2012_12.04.27\zasubsys0000\file0000\tsk0000.dta Win32/Sirefef.FC trojan deleted - quarantined
    E:\TDSSKiller_Quarantine\01.09.2012_12.04.27\zasubsys0000\zafs0000\tsk0000.dta Win32/Sirefef.EZ trojan deleted - quarantined
    E:\TDSSKiller_Quarantine\01.09.2012_12.04.27\zasubsys0000\zafs0000\tsk0004.dta Win32/Conedex.D trojan cleaned by deleting - quarantined
    E:\TDSSKiller_Quarantine\01.09.2012_12.04.27\zasubsys0000\zafs0000\tsk0005.dta Win32/Sirefef.FG trojan cleaned by deleting - quarantined
    E:\TDSSKiller_Quarantine\01.09.2012_12.04.27\zasubsys0000\zafs0000\tsk0006.dta Win32/Conedex.E trojan cleaned by deleting - quarantined
    E:\TDSSKiller_Quarantine\01.09.2012_12.04.27\zasubsys0000\zafs0000\tsk0007.dta a variant of Win32/Sirefef.FA trojan cleaned by deleting - quarantined
    E:\TDSSKiller_Quarantine\01.09.2012_12.04.27\zasubsys0000\zafs0000\tsk0008.dta Win32/Sirefef.FD trojan cleaned by deleting - quarantined
    E:\TDSSKiller_Quarantine\09.09.2012_22.11.00\mbr0000\tdlfs0000\tsk0001.dta Win32/Olmarik.AYI trojan cleaned by deleting - quarantined
    E:\TDSSKiller_Quarantine\09.09.2012_22.11.00\mbr0000\tdlfs0000\tsk0002.dta Win64/Olmarik.AK trojan cleaned by deleting - quarantined
    E:\TDSSKiller_Quarantine\09.09.2012_22.11.00\mbr0000\tdlfs0000\tsk0003.dta Win32/Olmarik.AYH trojan cleaned by deleting - quarantined
    E:\TDSSKiller_Quarantine\09.09.2012_22.11.00\mbr0000\tdlfs0000\tsk0004.dta Win64/Olmarik.AL trojan cleaned by deleting - quarantined
    E:\TDSSKiller_Quarantine\09.09.2012_22.11.00\mbr0000\tdlfs0000\tsk0005.dta a variant of Win32/Rootkit.Kryptik.NH trojan cleaned by deleting - quarantined
    E:\TDSSKiller_Quarantine\09.09.2012_22.11.00\mbr0000\tdlfs0000\tsk0006.dta Win64/Olmarik.AK trojan cleaned by deleting - quarantined
    E:\TDSSKiller_Quarantine\09.09.2012_22.11.00\mbr0000\tdlfs0000\tsk0010.dta Win32/Olmarik.AFK trojan cleaned by deleting - quarantined
    E:\TDSSKiller_Quarantine\09.09.2012_22.11.00\mbr0000\tdlfs0000\tsk0011.dta Win64/Olmarik.AK trojan cleaned by deleting - quarantined
    E:\TDSSKiller_Quarantine\09.09.2012_22.11.00\mbr0000\tdlfs0000\tsk0014.dta Win32/Olmarik.AYI trojan cleaned by deleting - quarantined
    E:\TDSSKiller_Quarantine\09.09.2012_22.11.00\zasubsys0000\file0000\tsk0000.dta Win32/Sirefef.FC trojan deleted - quarantined
    E:\TDSSKiller_Quarantine\09.09.2012_22.11.00\zasubsys0000\zafs0000\tsk0000.dta Win32/Sirefef.EZ trojan deleted - quarantined
    E:\TDSSKiller_Quarantine\09.09.2012_22.11.00\zasubsys0000\zafs0000\tsk0004.dta Win32/Conedex.D trojan cleaned by deleting - quarantined
    E:\TDSSKiller_Quarantine\09.09.2012_22.11.00\zasubsys0000\zafs0000\tsk0005.dta Win32/Sirefef.FG trojan cleaned by deleting - quarantined
    E:\TDSSKiller_Quarantine\09.09.2012_22.11.00\zasubsys0000\zafs0000\tsk0006.dta Win32/Conedex.E trojan cleaned by deleting - quarantined
    E:\TDSSKiller_Quarantine\09.09.2012_22.11.00\zasubsys0000\zafs0000\tsk0007.dta a variant of Win32/Sirefef.FA trojan cleaned by deleting - quarantined
    E:\TDSSKiller_Quarantine\09.09.2012_22.11.00\zasubsys0000\zafs0000\tsk0008.dta a variant of Win32/Sirefef.FD trojan cleaned by deleting - quarantined
    E:\Users\Kids\AppData\Local\{5D5FA9A8-7B57-11E1-826D-B8AC6F996F26}\chrome\content\browser.xul JS/Redirector.NIQ trojan cleaned by deleting - quarantined
    E:\Users\stewart\AppData\Local\{5D5FA9A8-7B57-11E1-826D-B8AC6F996F26}\chrome\content\browser.xul JS/Redirector.NIQ trojan cleaned by deleting - quarantined
    E:\Users\stewart\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\55\5ff1aeb7-4cd6afe8 Java/Exploit.CVE-2012-1723.AU trojan cleaned by deleting - quarantined
    E:\Users\stewart\Desktop\PCMAX_AF_ErrorsFix_Setup.exe a variant of Win32/RegistryNuke application cleaned by deleting - quarantined
    ___________________________________

    ComboFix 12-09-30.01 - stewart 10/02/2012 0:34.2.2 - x86 MINIMAL
    Microsoft Windows 7 Professional 6.1.7601.1.1252.1.1033.18.2038.1586 [GMT -5:00]
    Running from: e:\users\stewart\Desktop\ComboFix.exe
    SP: Windows Defender *Enabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
    * Created a new restore point
    .
    .
    ((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
    .
    .
    ---- Previous Run -------
    .
    E:\Autorun.inf
    E:\setup.exe
    e:\windows\system32\dlumd10.dll
    e:\windows\system32\dlumd11.dll
    e:\windows\system32\dlumd9.dll
    e:\windows\system32\dlumdfb10.dll
    e:\windows\system32\dlumdfb11.dll
    e:\windows\system32\dlumdfb9.dll
    .
    -- Previous Run --
    .
    Infected copy of e:\windows\system32\user32.dll was found and disinfected
    Restored copy from - e:\windows\winsxs\x86_microsoft-windows-user32_31bf3856ad364e35_6.1.7601.17514_none_cf3fd62ccb9e983d\user32.dll
    .
    --------
    .
    Infected copy of e:\windows\system32\userinit.exe was found and disinfected
    Restored copy from - e:\windows\winsxs\x86_microsoft-windows-userinit_31bf3856ad364e35_6.1.7601.17514_none_de3024012ff21116\userinit.exe
    .
    .
    ((((((((((((((((((((((((( Files Created from 2012-09-02 to 2012-10-02 )))))))))))))))))))))))))))))))
    .
    .
    2012-10-02 05:41 . 2012-10-02 05:41 -------- d-----w- e:\users\Kids\AppData\Local\temp
    2012-10-02 05:41 . 2012-10-02 05:41 -------- d-----w- e:\users\Guest\AppData\Local\temp
    2012-10-02 05:41 . 2012-10-02 05:41 -------- d-----w- e:\users\Default\AppData\Local\temp
    2012-10-02 05:10 . 2012-10-02 05:11 -------- d-----w- e:\program files\Advanced Fix 2012
    2012-10-01 00:14 . 2012-10-02 05:09 40776 ----a-w- e:\windows\system32\drivers\mbamswissarmy.sys
    2012-10-01 00:14 . 2012-10-01 00:14 -------- d-----w- e:\program files\Malwarebytes' Anti-Malware
    2012-10-01 00:14 . 2012-09-07 22:04 22856 ----a-w- e:\windows\system32\drivers\mbam.sys
    2012-09-29 04:56 . 2012-10-02 05:53 -------- d-----w- e:\users\stewart\AppData\Local\temp
    2012-09-14 00:51 . 2012-09-18 08:01 -------- d-----w- E:\FRST
    2012-09-10 18:07 . 2012-09-10 18:07 -------- d-----w- e:\windows\system32\drivers\AVG
    2012-09-10 18:07 . 2012-09-10 18:07 -------- d-----w- E:\AVG2012
    2012-09-09 03:30 . 2012-09-09 03:30 54016 ----a-w- e:\windows\system32\drivers\hwvtsa.sys
    .
    .
    .
    (((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
    .
    2012-09-27 05:56 . 2012-04-04 21:47 696240 ----a-w- e:\windows\system32\FlashPlayerApp.exe
    2012-09-27 05:56 . 2012-03-20 18:41 73136 ----a-w- e:\windows\system32\FlashPlayerCPLApp.cpl
    2012-09-10 03:19 . 2009-07-13 23:11 259072 ----a-w- e:\windows\system32\services.exe
    2012-07-25 22:10 . 2012-07-25 22:10 129024 ----a-w- e:\programdata\Microsoft\Windows\DRM\ABEA.tmp
    2012-09-30 22:01 . 2012-06-13 05:21 266720 ----a-w- e:\program files\mozilla firefox\components\browsercomps.dll
    .
    .
    ((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
    .
    .
    *Note* empty entries & legit default entries are not shown
    REGEDIT4
    .
    [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "swg"="e:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2012-04-11 39408]
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "ISBMgr.exe"="e:\program files\Sony\ISB Utility\ISBMgr.exe" [2007-09-19 311296]
    "BrMfcWnd"="e:\program files\Brother\Brmfcmon\BrMfcWnd.exe" [2009-05-26 1159168]
    "ControlCenter3"="e:\program files\Brother\ControlCenter3\brctrcen.exe" [2008-12-24 114688]
    "Adobe ARM"="e:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2012-01-03 843712]
    "APSDaemon"="e:\program files\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2012-02-21 59240]
    "iTunesHelper"="e:\program files\iTunes\iTunesHelper.exe" [2012-03-07 421736]
    "SONY VGP-UPR1 (Display Adapter)"="e:\program files\DisplayLink Core Software\DisplayLinkUI.exe" [2012-05-16 1149400]
    "RtHDVCpl"="RtHDVCpl.exe" [2009-07-23 6295552]
    "Skytel"="Skytel.exe" [2009-07-23 1826816]
    "SunJavaUpdateSched"="e:\program files\Common Files\Java\Java Update\jusched.exe" [2012-01-18 254696]
    "ApnUpdater"="e:\program files\Ask.com\Updater\Updater.exe" [2012-01-03 1391272]
    "DigidesignMMERefresh"="e:\program files\Digidesign\Drivers\MMERefresh.exe" [2008-12-04 77824]
    "QuickTime Task"="e:\program files\QuickTime\QTTask.exe" [2011-10-24 421888]
    "Zune Launcher"="e:\program files\Zune\ZuneLauncher.exe" [2011-08-05 159456]
    "GrooveMonitor"="e:\program files\Microsoft Office\Office12\GrooveMonitor.exe" [2006-10-27 31016]
    "SSDMonitor"="e:\program files\Common Files\PC Tools\sMonitor\SSDMonitor.exe" [2012-06-13 112600]
    "AVG_TRAY"="e:\program files\AVG\AVG2012\avgtray.exe" [2012-07-31 2596984]
    .
    e:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
    Audible Download Manager.lnk - e:\program files\Audible\Bin\AudibleDownloadHelper.exe [2011-3-14 2125472]
    NETGEAR WNA1100 Genie.lnk - e:\program files\NETGEAR\WNA1100\WNA1100.exe [2012-8-8 8247264]
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
    "ConsentPromptBehaviorAdmin"= 5 (0x5)
    "ConsentPromptBehaviorUser"= 3 (0x3)
    "EnableUIADesktopToggle"= 0 (0x0)
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\VESWinlogon]
    2007-08-15 01:05 98304 ----a-w- e:\windows\System32\VESWinlogon.dll
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
    "wave1"=Digi32.dll
    "MIDI2"=diomidi.dll
    .
    R2 AVGIDSAgent;AVGIDSAgent;e:\program files\AVG\AVG2012\avgidsagent.exe [x]
    R2 gupdate;Google Update Service (gupdate);e:\program files\Google\Update\GoogleUpdate.exe [x]
    R2 NSUService;NSUService;e:\program files\Sony\Network Utility\NSUService.exe [x]
    R2 SkypeUpdate;Skype Updater;e:\program files\Skype\Updater\Updater.exe [x]
    R3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service;e:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [x]
    R3 dalwdmservice;dal service;e:\windows\system32\drivers\dalwdm.sys [x]
    R3 dmvsc;dmvsc;e:\windows\system32\drivers\dmvsc.sys [x]
    R3 gupdatem;Google Update Service (gupdatem);e:\program files\Google\Update\GoogleUpdate.exe [x]
    R3 jswpsapi;JumpStart Wi-Fi Protected Setup;e:\program files\NETGEAR\WNA1100\jswpsapi.exe [x]
    R3 MBAMSwissArmy;MBAMSwissArmy;e:\windows\system32\drivers\mbamswissarmy.sys [x]
    R3 MBX2DFU;MBX2DFU;e:\windows\system32\DRIVERS\MBX2DFU.sys [x]
    R3 MBX2MIDK;Digidesign Mbox 2 Midi Driver;e:\windows\system32\drivers\mbx2midk.sys [x]
    R3 MozillaMaintenance;Mozilla Maintenance Service;e:\program files\Mozilla Maintenance Service\maintenanceservice.exe [x]
    R3 TsUsbFlt;TsUsbFlt;e:\windows\system32\drivers\tsusbflt.sys [x]
    R3 TsUsbGD;Remote Desktop Generic USB Device;e:\windows\system32\drivers\TsUsbGD.sys [x]
    R3 WatAdminSvc;Windows Activation Technologies Service;e:\windows\system32\Wat\WatAdminSvc.exe [x]
    R3 WMZuneComm;Zune Windows Mobile Connectivity Service;e:\program files\Zune\WMZuneComm.exe [x]
    S0 SCMNdisP;General NDIS Protocol Driver;e:\windows\system32\DRIVERS\scmndisp.sys [x]
    S1 bckd;bckd;e:\windows\system32\drivers\bckd.sys [x]
    S1 jswpslwf;JumpStart Wireless Filter Driver;e:\windows\system32\DRIVERS\jswpslwf.sys [x]
    S1 VWiFiFlt;Virtual WiFi Filter Driver;e:\windows\system32\DRIVERS\vwififlt.sys [x]
    S2 AdobeARMservice;Adobe Acrobat Update Service;e:\program files\Common Files\Adobe\ARM\1.0\armsvc.exe [x]
    S2 avgwd;AVG WatchDog;e:\program files\AVG\AVG2012\avgwdsvc.exe [x]
    S2 bckwfs;Blue Coat K9 Web Protection;e:\program files\Blue Coat K9 Web Protection\k9filter.exe [x]
    S2 DigiNet;Digidesign Ethernet Support;e:\windows\system32\DRIVERS\diginet.sys [x]
    S2 DisplayLinkService;DisplayLinkManager;e:\program files\DisplayLink Core Software\DisplayLinkManager.exe [x]
    S2 MBAMScheduler;MBAMScheduler;e:\program files\Malwarebytes' Anti-Malware\mbamscheduler.exe [x]
    S2 MBAMService;MBAMService;e:\program files\Malwarebytes' Anti-Malware\mbamservice.exe [x]
    S2 NAUpdate;Nero Update;e:\program files\Nero\Update\NASvc.exe [x]
    S2 PCToolsSSDMonitorSvc;PC Tools Startup and Shutdown Monitor service;e:\program files\Common Files\PC Tools\sMonitor\StartManSvc.exe [x]
    S2 RtkAudioService;Realtek Audio Service;e:\windows\RtkAudioService.exe [x]
    S2 SBSDWSCService;SBSD Security Center Service;e:\program files\Spybot - Search & Destroy\SDWinSec.exe [x]
    S2 Skype C2C Service;Skype C2C Service;e:\programdata\Skype\Toolbars\Skype C2C Service\c2c_service.exe [x]
    S2 WSWNA1100;WSWNA1100;e:\program files\NETGEAR\WNA1100\WifiSvc.exe [x]
    S3 athur;Atheros AR9271 Wireless Network Adapter Service;e:\windows\system32\DRIVERS\athur.sys [x]
    S3 MBAMProtector;MBAMProtector;e:\windows\system32\drivers\mbam.sys [x]
    S3 netw5v32;Intel(R) Wireless WiFi Link 5000 Series Adapter Driver for Windows Vista 32 Bit;e:\windows\system32\DRIVERS\netw5v32.sys [x]
    S3 SrvHsfHDA;SrvHsfHDA;e:\windows\system32\DRIVERS\VSTAZL3.SYS [x]
    S3 SrvHsfV92;SrvHsfV92;e:\windows\system32\DRIVERS\VSTDPV3.SYS [x]
    S3 SrvHsfWinac;SrvHsfWinac;e:\windows\system32\DRIVERS\VSTCNXT3.SYS [x]
    S3 ti21sony;ti21sony;e:\windows\system32\drivers\ti21sony.sys [x]
    S3 vwifimp;Microsoft Virtual WiFi Miniport Service;e:\windows\system32\DRIVERS\vwifimp.sys [x]
    S3 yukonw7;NDIS6.2 Miniport Driver for Marvell Yukon Ethernet Controller;e:\windows\system32\DRIVERS\yk62x86.sys [x]
    .
    .
    Contents of the 'Scheduled Tasks' folder
    .
    2012-10-02 e:\windows\Tasks\Adobe Flash Player Updater.job
    - e:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2012-04-04 05:56]
    .
    2012-09-20 e:\windows\Tasks\GoogleUpdateTaskMachineCore1cd974915cf627e.job
    - e:\program files\Google\Update\GoogleUpdate.exe [2012-04-11 05:17]
    .
    2012-10-02 e:\windows\Tasks\GoogleUpdateTaskMachineUA.job
    - e:\program files\Google\Update\GoogleUpdate.exe [2012-04-11 05:17]
    .
    2012-08-25 e:\windows\Tasks\RMSchedule.job
    - e:\program files\Registry Mechanic\RegMech.exe [2012-06-13 05:30]
    .
    .
    ------- Supplementary Scan -------
    .
    uStart Page = hxxp://www.google.com/
    uInternet Settings,ProxyOverride = *.local
    IE: E&xport to Microsoft Excel - e:\progra~1\MICROS~1\Office12\EXCEL.EXE/3000
    Trusted Zone: intuit.com\ttlc
    TCP: DhcpNameServer = 192.168.1.254
    FF - ProfilePath - e:\users\stewart\AppData\Roaming\Mozilla\Firefox\Profiles\869xn1fl.default\
    FF - prefs.js: browser.startup.homepage - hxxp://www.uskidsgolf.com/eng/localTours/redirect.cfm?sectionID=b2c/tournaments/tournamentLandingPage.cfm&type=LC
    FF - prefs.js: keyword.URL - hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT3072253&SearchSource=2&q=
    FF - prefs.js: network.proxy.type - 0
    .
    - - - - ORPHANS REMOVED - - - -
    .
    URLSearchHooks-{687578b9-7132-4a7a-80e4-30ee31099e03} - (no file)
    WebBrowser-{D4027C7F-154A-4066-A1AD-4243D8127440} - (no file)
    WebBrowser-{E7DF6BFF-55A5-4EB7-A673-4ED3E9456D39} - (no file)
    HKLM-Run-ROC_roc_ssl_v12 - e:\program files\AVG Secure Search\ROC_roc_ssl_v12.exe
    SafeBoot-09049796.sys
    .
    .
    .
    --------------------- LOCKED REGISTRY KEYS ---------------------
    .
    [HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
    @Denied: (A) (Users)
    @Denied: (A) (Everyone)
    @Allowed: (B 1 2 3 4 5) (S-1-5-20)
    "BlindDial"=dword:00000000
    .
    [HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings]
    @Denied: (A) (Users)
    @Denied: (A) (Everyone)
    @Allowed: (B 1 2 3 4 5) (S-1-5-20)
    "BlindDial"=dword:00000000
    .
    [HKEY_LOCAL_MACHINE\system\ControlSet001\Control\PCW\Security]
    @Denied: (Full) (Everyone)
    .
    --------------------- DLLs Loaded Under Running Processes ---------------------
    .
    - - - - - - - > 'Explorer.exe'(3172)
    e:\windows\System32\SyncCenter.dll
    .
    ------------------------ Other Running Processes ------------------------
    .
    e:\program files\DisplayLink Core Software\DisplayLinkUserAgent.exe
    e:\program files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
    e:\program files\Bonjour\mDNSResponder.exe
    e:\program files\Sony\VAIO Event Service\VESMgr.exe
    e:\program files\AVG\AVG2012\avgnsx.exe
    e:\windows\system32\taskhost.exe
    e:\program files\Malwarebytes' Anti-Malware\mbamgui.exe
    e:\windows\system32\sppsvc.exe
    e:\windows\system32\WUDFHost.exe
    e:\program files\Common Files\Intuit\Update Service\IntuitUpdateService.exe
    e:\windows\system32\conhost.exe
    e:\windows\system32\taskhost.exe
    e:\program files\Windows Media Player\wmpnetwk.exe
    .
    **************************************************************************
    .
    Completion time: 2012-10-02 00:58:44 - machine was rebooted
    ComboFix-quarantined-files.txt 2012-10-02 05:58
    .
    Pre-Run: 159,355,699,200 bytes free
    Post-Run: 159,275,540,480 bytes free
    .
    - - End Of File - - E042852A877FE45B5EAC8107D5B64207
  13. Jay Pfoutz

    Jay Pfoutz Malware Helper Posts: 4,286   +49

    Good job. Please delete old copy of ComboFix, download new one, run a scan, and post a log in your next reply.
  14. hitstress

    hitstress TS Rookie Topic Starter

    HI,
    I deleted combofix, and ran a new version. However, the computer won't pull up a logfile. it won't go to that step with the command prompt. I have tried several times, deleting, and downloading again. Each time, it fails to pull the command prompt window. Thank you
  15. Jay Pfoutz

    Jay Pfoutz Malware Helper Posts: 4,286   +49

    Sorry to hear that happened.... please do the following instead:

    TDSSKiller scan

    Please download and run TDSSKiller to your desktop as outlined below:

    Doubleclick on TDSSKiller.exe to run the application, then click on Change parameters.

    For Windows XP, double-click to start.
    For Vista or Windows 7, do a right-click on the program, select Run as Administrator to start, & when prompted Allow to run.

    [​IMG]

    -------------------------

    Check the boxes beside Verify Driver Digital Signature and Detect TDLFS file system, then click OK.

    [​IMG]

    ------------------------

    Click the Start Scan button.

    [​IMG]

    -----------------------

    If a suspicious object is detected, the default action will be Skip, click on Continue
    If you get the warning about a file UnsignedFile.Multi.Generic or LockedFile.Multi.Generic please choose
    Skip and click on Continue


    [​IMG]

    ----------------------

    If malicious objects are found, they will show in the Scan results and offer three (3) options.

    Ensure Cure is selected, then click Continue => Reboot now to finish the cleaning process.
    Note: If Cure is not available, please choose Skip instead, do not choose Delete unless instructed.


    [​IMG]


    --------------------

    A report will be created in your root directory, (usually C:\ folder) in the form of "TDSSKiller.[Version]_[Date]_[Time]_log.txt". Please copy and paste its contents on your next reply.
    Sometimes these logs can be very large, in that case please attach it or zip it up and attach it.

    -------------------

    Here's a summary of what to do if you would like to print it out:

    If a suspicious object is detected, the default action will be Skip, click on Continue
    If you get the warning about a file UnsignedFile.Multi.Generic or LockedFile.Multi.Generic please choose
    Skip and click on Continue

    If malicious objects are found, they will show in the Scan results and offer three (3) options.

    Ensure Cure is selected, then click Continue => Reboot now to finish the cleaning process.
    Note: If Cure is not available, please choose Skip instead, do not choose Delete unless instructed.


    ===================================


    Scan for malware

    [​IMG] Please download Malwarebytes Anti-Malware from HERE.


    Double Click mbam-setup.exe to install the application.
    • Make sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes Anti-Malware, then click Finish.
    • If an update is found, it will download and install the latest version.
    • Once the program has loaded, select "Perform Quick Scan", then click Scan.
    • The scan may take some time to finish,so please be patient.
    • When the scan is complete, click OK, then Show Results to view the results.
    • Make sure that everything is checked, and click Remove Selected.
    • When disinfection is completed, a log will open in Notepad and you may be prompted to Restart. If you are prompted to restart, please allow it to restart your computer. Failure to do this, will cause the infection to still be active on the computer.
    • Please save the log to a location you will remember.
    • The log is automatically saved by MBAM and can be viewed by clicking the Logs tab in MBAM.
    • The log can also be found at C:\Documents and Settings\Username\Application Data\Malwarebytes\Malwarebytes' Anti-Malware\Logs\log-date.txt or at C:\Program Files\Malwarebytes' Anti-Malware\Logs\log-date.txt
    • Copy and paste the entire report in your next reply.
  16. hitstress

    hitstress TS Rookie Topic Starter

    Thank you. here are the logs.

    Malwarebytes Anti-Malware 1.65.0.1400
    www.malwarebytes.org

    Database version: v2012.10.06.05

    Windows 7 Service Pack 1 x86 NTFS
    Internet Explorer 8.0.7601.17514
    stewart :: STEWART-PC [administrator]

    10/6/2012 5:38:04 PM
    mbam-log-2012-10-06 (17-38-04).txt

    Scan type: Quick scan
    Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
    Scan options disabled: P2P
    Objects scanned: 238088
    Time elapsed: 7 minute(s), 17 second(s)

    Memory Processes Detected: 0
    (No malicious items detected)

    Memory Modules Detected: 0
    (No malicious items detected)

    Registry Keys Detected: 0
    (No malicious items detected)

    Registry Values Detected: 0
    (No malicious items detected)

    Registry Data Items Detected: 0
    (No malicious items detected)

    Folders Detected: 0
    (No malicious items detected)

    Files Detected: 1
    E:\Users\stewart\Downloads\tvshows_2905.exe (PUP.BundleOffers.IIQ) -> Quarantined and deleted successfully.

    (end)
    _____________________________

    17:32:06.0566 5956 TDSS rootkit removing tool 2.8.10.0 Sep 17 2012 19:23:24
    17:32:07.0658 5956 ============================================================
    17:32:07.0658 5956 Current date / time: 2012/10/06 17:32:07.0658
    17:32:07.0658 5956 SystemInfo:
    17:32:07.0658 5956
    17:32:07.0658 5956 OS Version: 6.1.7601 ServicePack: 1.0
    17:32:07.0658 5956 Product type: Workstation
    17:32:07.0658 5956 ComputerName: STEWART-PC
    17:32:07.0658 5956 UserName: stewart
    17:32:07.0658 5956 Windows directory: E:\Windows
    17:32:07.0658 5956 System windows directory: E:\Windows
    17:32:07.0658 5956 Processor architecture: Intel x86
    17:32:07.0658 5956 Number of processors: 2
    17:32:07.0658 5956 Page size: 0x1000
    17:32:07.0658 5956 Boot type: Normal boot
    17:32:07.0658 5956 ============================================================
    17:32:13.0478 5956 BG loaded
    17:32:14.0836 5956 Drive \Device\Harddisk0\DR0 - Size: 0x3A38B2E000 (232.89 Gb), SectorSize: 0x200, Cylinders: 0x76C1, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000050
    17:32:14.0914 5956 ============================================================
    17:32:14.0914 5956 \Device\Harddisk0\DR0:
    17:32:14.0945 5956 MBR partitions:
    17:32:14.0945 5956 \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x3F, BlocksNum 0x1388AFC
    17:32:14.0945 5956 \Device\Harddisk0\DR0\Partition2: MBR, Type 0x7, StartLBA 0x1389000, BlocksNum 0x1BE3C000
    17:32:14.0945 5956 ============================================================
    17:32:15.0304 5956 C: <-> \Device\Harddisk0\DR0\Partition1
    17:32:15.0850 5956 E: <-> \Device\Harddisk0\DR0\Partition2
    17:32:15.0850 5956 ============================================================
    17:32:15.0850 5956 Initialize success
    17:32:15.0850 5956 ============================================================
    17:32:53.0388 5164 ============================================================
    17:32:53.0388 5164 Scan started
    17:32:53.0388 5164 Mode: Manual; SigCheck; TDLFS;
    17:32:53.0388 5164 ============================================================
    17:32:55.0026 5164 ================ Scan system memory ========================
    17:32:55.0026 5164 System memory - ok
    17:32:55.0026 5164 ================ Scan services =============================
    17:32:55.0400 5164 [ 1B133875B8AA8AC48969BD3458AFE9F5 ] 1394ohci E:\Windows\system32\DRIVERS\1394ohci.sys
    17:32:55.0603 5164 1394ohci - ok
    17:32:55.0666 5164 58789744 - ok
    17:32:55.0759 5164 [ CEA80C80BED809AA0DA6FEBC04733349 ] ACPI E:\Windows\system32\drivers\ACPI.sys
    17:32:55.0775 5164 ACPI - ok
    17:32:55.0853 5164 [ 1EFBC664ABFF416D1D07DB115DCB264F ] AcpiPmi E:\Windows\system32\drivers\acpipmi.sys
    17:32:55.0993 5164 AcpiPmi - ok
    17:32:56.0258 5164 [ D19C4EE2AC7C47B8F5F84FFF1A789D8A ] AdobeARMservice E:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe
    17:32:56.0274 5164 AdobeARMservice - ok
    17:32:56.0477 5164 [ E12CFCF1DDBFC50948A75E6E38793225 ] AdobeFlashPlayerUpdateSvc E:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe
    17:32:56.0492 5164 AdobeFlashPlayerUpdateSvc - ok
    17:32:56.0617 5164 [ 21E785EBD7DC90A06391141AAC7892FB ] adp94xx E:\Windows\system32\drivers\adp94xx.sys
    17:32:56.0664 5164 adp94xx - ok
    17:32:56.0726 5164 [ 0C676BC278D5B59FF5ABD57BBE9123F2 ] adpahci E:\Windows\system32\drivers\adpahci.sys
    17:32:56.0758 5164 adpahci - ok
    17:32:56.0836 5164 [ 7C7B5EE4B7B822EC85321FE23A27DB33 ] adpu320 E:\Windows\system32\drivers\adpu320.sys
    17:32:56.0867 5164 adpu320 - ok
    17:32:56.0960 5164 [ 8B5EEFEEC1E6D1A72A06C526628AD161 ] AeLookupSvc E:\Windows\System32\aelupsvc.dll
    17:32:57.0132 5164 AeLookupSvc - ok
    17:32:57.0148 5164 [ 1151FD4FB0216CFED887BFDE29EBD516 ] AFD E:\Windows\system32\drivers\afd.sys
    17:32:57.0226 5164 AFD - ok
    17:32:57.0257 5164 [ 507812C3054C21CEF746B6EE3D04DD6E ] agp440 E:\Windows\system32\drivers\agp440.sys
    17:32:57.0288 5164 agp440 - ok
    17:32:57.0366 5164 [ 8B30250D573A8F6B4BD23195160D8707 ] aic78xx E:\Windows\system32\drivers\djsvs.sys
    17:32:57.0413 5164 aic78xx - ok
    17:32:57.0631 5164 [ 18A54E132947CD98FEA9ACCC57F98F13 ] ALG E:\Windows\System32\alg.exe
    17:32:57.0678 5164 ALG - ok
    17:32:57.0725 5164 [ 0D40BCF52EA90FC7DF2AEAB6503DEA44 ] aliide E:\Windows\system32\drivers\aliide.sys
    17:32:57.0787 5164 aliide - ok
    17:32:57.0818 5164 [ 3C6600A0696E90A463771C7422E23AB5 ] amdagp E:\Windows\system32\drivers\amdagp.sys
    17:32:57.0850 5164 amdagp - ok
    17:32:57.0865 5164 [ CD5914170297126B6266860198D1D4F0 ] amdide E:\Windows\system32\drivers\amdide.sys
    17:32:57.0881 5164 amdide - ok
    17:32:57.0959 5164 [ 00DDA200D71BAC534BF56A9DB5DFD666 ] AmdK8 E:\Windows\system32\drivers\amdk8.sys
    17:32:58.0021 5164 AmdK8 - ok
    17:32:58.0052 5164 [ 3CBF30F5370FDA40DD3E87DF38EA53B6 ] AmdPPM E:\Windows\system32\drivers\amdppm.sys
    17:32:58.0115 5164 AmdPPM - ok
    17:32:58.0193 5164 [ E7F4D42D8076EC60E21715CD11743A0D ] amdsata E:\Windows\system32\drivers\amdsata.sys
    17:32:58.0224 5164 amdsata - ok
    17:32:58.0302 5164 [ EA43AF0C423FF267355F74E7A53BDABA ] amdsbs E:\Windows\system32\drivers\amdsbs.sys
    17:32:58.0349 5164 amdsbs - ok
    17:32:58.0380 5164 [ 146459D2B08BFDCBFA856D9947043C81 ] amdxata E:\Windows\system32\drivers\amdxata.sys
    17:32:58.0396 5164 amdxata - ok
    17:32:58.0458 5164 [ AEA177F783E20150ACE5383EE368DA19 ] AppID E:\Windows\system32\drivers\appid.sys
    17:32:58.0567 5164 AppID - ok
    17:32:58.0598 5164 [ 62A9C86CB6085E20DB4823E4E97826F5 ] AppIDSvc E:\Windows\System32\appidsvc.dll
    17:32:58.0692 5164 AppIDSvc - ok
    17:32:58.0754 5164 [ FB1959012294D6AD43E5304DF65E3C26 ] Appinfo E:\Windows\System32\appinfo.dll
    17:32:58.0832 5164 Appinfo - ok
    17:32:58.0910 5164 [ 7EF47644B74EBE721CC32211D3C35E76 ] Apple Mobile Device E:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
    17:32:58.0926 5164 Apple Mobile Device - ok
    17:32:59.0035 5164 [ A45D184DF6A8803DA13A0B329517A64A ] AppMgmt E:\Windows\System32\appmgmts.dll
    17:32:59.0098 5164 AppMgmt - ok
    17:32:59.0176 5164 [ 2932004F49677BD84DBC72EDB754FFB3 ] arc E:\Windows\system32\drivers\arc.sys
    17:32:59.0191 5164 arc - ok
    17:32:59.0222 5164 [ 5D6F36C46FD283AE1B57BD2E9FEB0BC7 ] arcsas E:\Windows\system32\drivers\arcsas.sys
    17:32:59.0238 5164 arcsas - ok
    17:32:59.0300 5164 [ ADD2ADE1C2B285AB8378D2DAAF991481 ] AsyncMac E:\Windows\system32\DRIVERS\asyncmac.sys
    17:32:59.0441 5164 AsyncMac - ok
    17:32:59.0472 5164 [ 338C86357871C167A96AB976519BF59E ] atapi E:\Windows\system32\drivers\atapi.sys
    17:32:59.0488 5164 atapi - ok
    17:32:59.0644 5164 [ 3426386F125DD820E0651E5833F9849B ] athur E:\Windows\system32\DRIVERS\athur.sys
    17:32:59.0706 5164 athur - ok
    17:32:59.0831 5164 [ CE3B4E731638D2EF62FCB419BE0D39F0 ] AudioEndpointBuilder E:\Windows\System32\Audiosrv.dll
    17:32:59.0893 5164 AudioEndpointBuilder - ok
    17:32:59.0924 5164 [ CE3B4E731638D2EF62FCB419BE0D39F0 ] Audiosrv E:\Windows\System32\Audiosrv.dll
    17:32:59.0971 5164 Audiosrv - ok
    17:33:00.0907 5164 [ D67719BCFDE5798F5C30D14EFED3BCAF ] AVGIDSAgent E:\Program Files\AVG\AVG2012\avgidsagent.exe
    17:33:01.0219 5164 AVGIDSAgent - ok
    17:33:01.0297 5164 [ EA1145DEBCD508FD25BD1E95C4346929 ] avgwd E:\Program Files\AVG\AVG2012\avgwdsvc.exe
    17:33:01.0344 5164 avgwd - ok
    17:33:01.0422 5164 [ 6E30D02AAC9CAC84F421622E3A2F6178 ] AxInstSV E:\Windows\System32\AxInstSV.dll
    17:33:01.0500 5164 AxInstSV - ok
    17:33:01.0640 5164 [ 1A231ABEC60FD316EC54C66715543CEC ] b06bdrv E:\Windows\system32\drivers\bxvbdx.sys
    17:33:01.0734 5164 b06bdrv - ok
    17:33:01.0828 5164 [ BD8869EB9CDE6BBE4508D869929869EE ] b57nd60x E:\Windows\system32\DRIVERS\b57nd60x.sys
    17:33:01.0874 5164 b57nd60x - ok
    17:33:01.0968 5164 [ 5E27B4D15C7DF6365C696DC9010187A4 ] bckd E:\Windows\system32\drivers\bckd.sys
    17:33:01.0984 5164 bckd - ok
    17:33:02.0155 5164 [ 2A113172238EB26D09A91578A9443846 ] bckwfs E:\Program Files\Blue Coat K9 Web Protection\k9filter.exe
    17:33:02.0202 5164 bckwfs - ok
    17:33:02.0297 5164 [ EE1E9C3BB8228AE423DD38DB69128E71 ] BDESVC E:\Windows\System32\bdesvc.dll
    17:33:02.0390 5164 BDESVC - ok
    17:33:02.0453 5164 [ 505506526A9D467307B3C393DEDAF858 ] Beep E:\Windows\system32\drivers\Beep.sys
    17:33:02.0546 5164 Beep - ok
    17:33:02.0718 5164 [ 1E2BAC209D184BB851E1A187D8A29136 ] BFE E:\Windows\System32\bfe.dll
    17:33:02.0811 5164 BFE - ok
    17:33:03.0248 5164 [ E585445D5021971FAE10393F0F1C3961 ] BITS E:\Windows\System32\qmgr.dll
    17:33:03.0311 5164 BITS - ok
    17:33:03.0357 5164 [ 2287078ED48FCFC477B05B20CF38F36F ] blbdrive E:\Windows\system32\DRIVERS\blbdrive.sys
    17:33:03.0404 5164 blbdrive - ok
    17:33:03.0576 5164 [ DB5BEA73EDAF19AC68B2C0FAD0F92B1A ] Bonjour Service E:\Program Files\Bonjour\mDNSResponder.exe
    17:33:03.0607 5164 Bonjour Service - ok
    17:33:03.0638 5164 [ FCAFAEF6798D7B51FF029F99A9898961 ] bowser E:\Windows\system32\DRIVERS\bowser.sys
    17:33:03.0716 5164 bowser - ok
    17:33:03.0763 5164 [ 9F9ACC7F7CCDE8A15C282D3F88B43309 ] BrFiltLo E:\Windows\system32\drivers\BrFiltLo.sys
    17:33:03.0810 5164 BrFiltLo - ok
    17:33:03.0857 5164 [ 56801AD62213A41F6497F96DEE83755A ] BrFiltUp E:\Windows\system32\drivers\BrFiltUp.sys
    17:33:03.0919 5164 BrFiltUp - ok
    17:33:03.0981 5164 [ 77361D72A04F18809D0EFB6CCEB74D4B ] BridgeMP E:\Windows\system32\DRIVERS\bridge.sys
    17:33:04.0059 5164 BridgeMP - ok
    17:33:04.0106 5164 [ 6E11F33D14D020F58D5E02E4D67DFA19 ] Browser E:\Windows\System32\browser.dll
    17:33:04.0184 5164 Browser - ok
    17:33:04.0231 5164 [ 845B8CE732E67F3B4133164868C666EA ] Brserid E:\Windows\System32\Drivers\Brserid.sys
    17:33:04.0278 5164 Brserid - ok
    17:33:04.0293 5164 [ 203F0B1E73ADADBBB7B7B1FABD901F6B ] BrSerWdm E:\Windows\System32\Drivers\BrSerWdm.sys
    17:33:04.0356 5164 BrSerWdm - ok
    17:33:04.0387 5164 [ BD456606156BA17E60A04E18016AE54B ] BrUsbMdm E:\Windows\System32\Drivers\BrUsbMdm.sys
    17:33:04.0481 5164 BrUsbMdm - ok
    17:33:04.0512 5164 [ AF72ED54503F717A43268B3CC5FAEC2E ] BrUsbSer E:\Windows\System32\Drivers\BrUsbSer.sys
    17:33:04.0559 5164 BrUsbSer - ok
    17:33:04.0605 5164 [ ED3DF7C56CE0084EB2034432FC56565A ] BTHMODEM E:\Windows\system32\drivers\bthmodem.sys
    17:33:04.0637 5164 BTHMODEM - ok
    17:33:04.0715 5164 [ 1DF19C96EEF6C29D1C3E1A8678E07190 ] bthserv E:\Windows\system32\bthserv.dll
    17:33:04.0793 5164 bthserv - ok
    17:33:04.0949 5164 catchme - ok
    17:33:05.0027 5164 [ 77EA11B065E0A8AB902D78145CA51E10 ] cdfs E:\Windows\system32\DRIVERS\cdfs.sys
    17:33:05.0120 5164 cdfs - ok
    17:33:05.0183 5164 [ BE167ED0FDB9C1FA1133953C18D5A6C9 ] cdrom E:\Windows\system32\DRIVERS\cdrom.sys
    17:33:05.0229 5164 cdrom - ok
    17:33:05.0307 5164 [ 319C6B309773D063541D01DF8AC6F55F ] CertPropSvc E:\Windows\System32\certprop.dll
    17:33:05.0385 5164 CertPropSvc - ok
    17:33:05.0432 5164 [ 3FE3FE94A34DF6FB06E6418D0F6A0060 ] circlass E:\Windows\system32\drivers\circlass.sys
    17:33:05.0463 5164 circlass - ok
    17:33:05.0495 5164 [ 635181E0E9BBF16871BF5380D71DB02D ] CLFS E:\Windows\system32\CLFS.sys
    17:33:05.0526 5164 CLFS - ok
    17:33:05.0838 5164 [ D88040F816FDA31C3B466F0FA0918F29 ] clr_optimization_v2.0.50727_32 E:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
    17:33:05.0853 5164 clr_optimization_v2.0.50727_32 - ok
    17:33:05.0885 5164 [ DEA805815E587DAD1DD2C502220B5616 ] CmBatt E:\Windows\system32\DRIVERS\CmBatt.sys
    17:33:05.0947 5164 CmBatt - ok
    17:33:05.0978 5164 [ C537B1DB64D495B9B4717B4D6D9EDBF2 ] cmdide E:\Windows\system32\drivers\cmdide.sys
    17:33:06.0009 5164 cmdide - ok
    17:33:06.0056 5164 [ 1B675691ED940766149C93E8F4488D68 ] CNG E:\Windows\system32\Drivers\cng.sys
    17:33:06.0150 5164 CNG - ok
    17:33:06.0228 5164 [ A6023D3823C37043986713F118A89BEE ] Compbatt E:\Windows\system32\DRIVERS\compbatt.sys
    17:33:06.0243 5164 Compbatt - ok
    17:33:06.0306 5164 [ CBE8C58A8579CFE5FCCF809E6F114E89 ] CompositeBus E:\Windows\system32\DRIVERS\CompositeBus.sys
    17:33:06.0337 5164 CompositeBus - ok
    17:33:06.0462 5164 COMSysApp - ok
    17:33:06.0493 5164 [ 2C4EBCFC84A9B44F209DFF6C6E6C61D1 ] crcdisk E:\Windows\system32\drivers\crcdisk.sys
    17:33:06.0524 5164 crcdisk - ok
    17:33:06.0649 5164 [ A585BEBF7D054BD9618EDA0922D5484A ] CryptSvc E:\Windows\system32\cryptsvc.dll
    17:33:06.0727 5164 CryptSvc - ok
    17:33:06.0836 5164 [ 3C2177A897B4CA2788C6FB0C3FD81D4B ] CSC E:\Windows\system32\drivers\csc.sys
    17:33:06.0930 5164 CSC - ok
    17:33:07.0023 5164 [ 15F93B37F6801943360D9EB42485D5D3 ] CscService E:\Windows\System32\cscsvc.dll
    17:33:07.0101 5164 CscService - ok
    17:33:07.0226 5164 [ 0732328832DE5D31A5FFAF3BA99B9DB7 ] dalwdmservice E:\Windows\system32\drivers\dalwdm.sys
    17:33:07.0242 5164 dalwdmservice - ok
    17:33:07.0320 5164 [ 7660F01D3B38ACA1747E397D21D790AF ] DcomLaunch E:\Windows\system32\rpcss.dll
    17:33:07.0445 5164 DcomLaunch - ok
    17:33:07.0491 5164 [ 8D6E10A2D9A5EED59562D9B82CF804E1 ] defragsvc E:\Windows\System32\defragsvc.dll
    17:33:07.0585 5164 defragsvc - ok
    17:33:07.0647 5164 [ F024449C97EC1E464AAFFDA18593DB88 ] DfsC E:\Windows\system32\Drivers\dfsc.sys
    17:33:07.0741 5164 DfsC - ok
    17:33:07.0850 5164 [ E9E01EB683C132F7FA27CD607B8A2B63 ] Dhcp E:\Windows\system32\dhcpcore.dll
    17:33:07.0928 5164 Dhcp - ok
    17:33:08.0053 5164 [ E70AC14F6ADDCC9589CF513AF725178C ] DigiNet E:\Windows\system32\DRIVERS\diginet.sys
    17:33:08.0053 5164 DigiNet - ok
    17:33:08.0303 5164 DigiRefresh - ok
    17:33:08.0521 5164 [ 52E112E8B13522352DB42B78AC9BAB0C ] digiSPTIService E:\Program Files\Digidesign\Pro Tools\digiSPTIService.exe
    17:33:08.0630 5164 digiSPTIService ( UnsignedFile.Multi.Generic ) - warning
    17:33:08.0630 5164 digiSPTIService - detected UnsignedFile.Multi.Generic (1)
    17:33:08.0661 5164 [ 1A050B0274BFB3890703D490F330C0DA ] discache E:\Windows\system32\drivers\discache.sys
    17:33:08.0739 5164 discache - ok
    17:33:08.0849 5164 [ 565003F326F99802E68CA78F2A68E9FF ] Disk E:\Windows\system32\drivers\disk.sys
    17:33:08.0864 5164 Disk - ok
    17:33:09.0566 5164 [ 0037AC70A244EAE245C46A89A7B446DD ] DisplayLinkService E:\Program Files\DisplayLink Core Software\DisplayLinkManager.exe
    17:33:09.0800 5164 DisplayLinkService - ok
    17:33:09.0941 5164 [ 2A958EF85DB1B61FFCA65044FA4BCE9E ] dmvsc E:\Windows\system32\drivers\dmvsc.sys
    17:33:10.0050 5164 dmvsc - ok
    17:33:10.0159 5164 [ 2FE30D71919C51131405797620E0A714 ] Dnscache E:\Windows\System32\dnsrslvr.dll
    17:33:10.0253 5164 Dnscache - ok
    17:33:10.0331 5164 [ 366BA8FB4B7BB7435E3B9EACB3843F67 ] dot3svc E:\Windows\System32\dot3svc.dll
    17:33:10.0424 5164 dot3svc - ok
    17:33:10.0471 5164 [ 8EC04CA86F1D68DA9E11952EB85973D6 ] DPS E:\Windows\system32\dps.dll
    17:33:10.0565 5164 DPS - ok
    17:33:10.0736 5164 [ B918E7C5F9BF77202F89E1A9539F2EB4 ] drmkaud E:\Windows\system32\drivers\drmkaud.sys
    17:33:10.0783 5164 drmkaud - ok
    17:33:10.0877 5164 [ 23F5D28378A160352BA8F817BD8C71CB ] DXGKrnl E:\Windows\System32\drivers\dxgkrnl.sys
    17:33:10.0923 5164 DXGKrnl - ok
    17:33:11.0017 5164 [ 8600142FA91C1B96367D3300AD0F3F3A ] EapHost E:\Windows\System32\eapsvc.dll
    17:33:11.0142 5164 EapHost - ok
    17:33:11.0469 5164 [ 024E1B5CAC09731E4D868E64DBFB4AB0 ] ebdrv E:\Windows\system32\drivers\evbdx.sys
    17:33:11.0657 5164 ebdrv - ok
    17:33:11.0797 5164 [ F42309C4191C506B71DB5D1126D26318 ] EFS E:\Windows\System32\lsass.exe
    17:33:11.0875 5164 EFS - ok
    17:33:11.0984 5164 [ A8C362018EFC87BEB013EE28F29C0863 ] ehRecvr E:\Windows\ehome\ehRecvr.exe
    17:33:12.0062 5164 ehRecvr - ok
    17:33:12.0078 5164 [ D389BFF34F80CAEDE417BF9D1507996A ] ehSched E:\Windows\ehome\ehsched.exe
    17:33:12.0499 5164 ehSched - ok
    17:33:12.0577 5164 [ 0ED67910C8C326796FAA00B2BF6D9D3C ] elxstor E:\Windows\system32\drivers\elxstor.sys
    17:33:12.0639 5164 elxstor - ok
    17:33:12.0671 5164 [ 8FC3208352DD3912C94367A206AB3F11 ] ErrDev E:\Windows\system32\drivers\errdev.sys
    17:33:12.0717 5164 ErrDev - ok
    17:33:12.0811 5164 [ F6916EFC29D9953D5D0DF06882AE8E16 ] EventSystem E:\Windows\system32\es.dll
    17:33:12.0873 5164 EventSystem - ok
    17:33:12.0936 5164 [ 2DC9108D74081149CC8B651D3A26207F ] exfat E:\Windows\system32\drivers\exfat.sys
    17:33:12.0983 5164 exfat - ok
    17:33:13.0029 5164 [ 7E0AB74553476622FB6AE36F73D97D35 ] fastfat E:\Windows\system32\drivers\fastfat.sys
    17:33:13.0107 5164 fastfat - ok
    17:33:13.0201 5164 [ 967EA5B213E9984CBE270205DF37755B ] Fax E:\Windows\system32\fxssvc.exe
    17:33:13.0295 5164 Fax - ok
    17:33:13.0357 5164 [ E817A017F82DF2A1F8CFDBDA29388B29 ] fdc E:\Windows\system32\drivers\fdc.sys
    17:33:13.0497 5164 fdc - ok
    17:33:13.0653 5164 [ F3222C893BD2F5821A0179E5C71E88FB ] fdPHost E:\Windows\system32\fdPHost.dll
    17:33:13.0747 5164 fdPHost - ok
    17:33:13.0778 5164 [ 7DBE8CBFE79EFBDEB98C9FB08D3A9A5B ] FDResPub E:\Windows\system32\fdrespub.dll
    17:33:13.0872 5164 FDResPub - ok
    17:33:13.0903 5164 [ 6CF00369C97F3CF563BE99BE983D13D8 ] FileInfo E:\Windows\system32\drivers\fileinfo.sys
    17:33:13.0981 5164 FileInfo - ok
    17:33:14.0043 5164 [ 42C51DC94C91DA21CB9196EB64C45DB9 ] Filetrace E:\Windows\system32\drivers\filetrace.sys
    17:33:14.0153 5164 Filetrace - ok
    17:33:14.0184 5164 [ 87907AA70CB3C56600F1C2FB8841579B ] flpydisk E:\Windows\system32\drivers\flpydisk.sys
    17:33:14.0246 5164 flpydisk - ok
    17:33:14.0355 5164 [ 7520EC808E0C35E0EE6F841294316653 ] FltMgr E:\Windows\system32\drivers\fltmgr.sys
    17:33:14.0511 5164 FltMgr - ok
    17:33:14.0683 5164 [ FA6C66E4364D7DA57AADE5DCC03BB999 ] FontCache E:\Windows\system32\FntCache.dll
    17:33:14.0808 5164 FontCache - ok
    17:33:14.0933 5164 [ E56F39F6B7FDA0AC77A79B0FD3DE1A2F ] FontCache3.0.0.0 E:\Windows\Microsoft.Net\Framework\v3.0\WPF\PresentationFontCache.exe
    17:33:14.0948 5164 FontCache3.0.0.0 - ok
    17:33:14.0979 5164 [ 1A16B57943853E598CFF37FE2B8CBF1D ] FsDepends E:\Windows\system32\drivers\FsDepends.sys
    17:33:14.0995 5164 FsDepends - ok
    17:33:15.0073 5164 [ A574B4360E438977038AAE4BF60D79A2 ] Fs_Rec E:\Windows\system32\drivers\Fs_Rec.sys
    17:33:15.0104 5164 Fs_Rec - ok
    17:33:15.0151 5164 [ 8A73E79089B282100B9393B644CB853B ] fvevol E:\Windows\system32\DRIVERS\fvevol.sys
    17:33:15.0182 5164 fvevol - ok
    17:33:15.0276 5164 [ 65EE0C7A58B65E74AE05637418153938 ] gagp30kx E:\Windows\system32\drivers\gagp30kx.sys
    17:33:15.0307 5164 gagp30kx - ok
    17:33:15.0401 5164 [ 8182FF89C65E4D38B2DE4BB0FB18564E ] GEARAspiWDM E:\Windows\system32\DRIVERS\GEARAspiWDM.sys
    17:33:15.0416 5164 GEARAspiWDM - ok
    17:33:15.0463 5164 [ E897EAF5ED6BA41E081060C9B447A673 ] gpsvc E:\Windows\System32\gpsvc.dll
    17:33:15.0541 5164 gpsvc - ok
    17:33:15.0635 5164 [ 506708142BC63DABA64F2D3AD1DCD5BF ] gupdate E:\Program Files\Google\Update\GoogleUpdate.exe
    17:33:15.0666 5164 gupdate - ok
    17:33:15.0681 5164 [ 506708142BC63DABA64F2D3AD1DCD5BF ] gupdatem E:\Program Files\Google\Update\GoogleUpdate.exe
    17:33:15.0697 5164 gupdatem - ok
    17:33:15.0744 5164 [ 5D4BC124FAAE6730AC002CDB67BF1A1C ] gusvc E:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
    17:33:15.0775 5164 gusvc - ok
    17:33:15.0822 5164 [ C44E3C2BAB6837DB337DDEE7544736DB ] hcw85cir E:\Windows\system32\drivers\hcw85cir.sys
    17:33:15.0853 5164 hcw85cir - ok
    17:33:15.0978 5164 [ A5EF29D5315111C80A5C1ABAD14C8972 ] HdAudAddService E:\Windows\system32\drivers\HdAudio.sys
    17:33:16.0040 5164 HdAudAddService - ok
    17:33:16.0118 5164 [ 9036377B8A6C15DC2EEC53E489D159B5 ] HDAudBus E:\Windows\system32\DRIVERS\HDAudBus.sys
    17:33:16.0165 5164 HDAudBus - ok
    17:33:16.0243 5164 [ 1D58A7F3E11A9731D0EAAAA8405ACC36 ] HidBatt E:\Windows\system32\drivers\HidBatt.sys
    17:33:16.0305 5164 HidBatt - ok
    17:33:16.0337 5164 [ 89448F40E6DF260C206A193A4683BA78 ] HidBth E:\Windows\system32\drivers\hidbth.sys
    17:33:16.0399 5164 HidBth - ok
    17:33:16.0461 5164 [ CF50B4CF4A4F229B9F3C08351F99CA5E ] HidIr E:\Windows\system32\drivers\hidir.sys
    17:33:16.0508 5164 HidIr - ok
    17:33:16.0586 5164 [ 2BC6F6A1992B3A77F5F41432CA6B3B6B ] hidserv E:\Windows\System32\hidserv.dll
    17:33:16.0664 5164 hidserv - ok
    17:33:16.0727 5164 [ 10C19F8290891AF023EAEC0832E1EB4D ] HidUsb E:\Windows\system32\DRIVERS\hidusb.sys
    17:33:16.0773 5164 HidUsb - ok
    17:33:16.0836 5164 [ 196B4E3F4CCCC24AF836CE58FACBB699 ] hkmsvc E:\Windows\system32\kmsvc.dll
    17:33:16.0883 5164 hkmsvc - ok
    17:33:16.0914 5164 [ 6658F4404DE03D75FE3BA09F7ABA6A30 ] HomeGroupListener E:\Windows\system32\ListSvc.dll
    17:33:17.0007 5164 HomeGroupListener - ok
    17:33:17.0054 5164 [ DBC02D918FFF1CAD628ACBE0C0EAA8E8 ] HomeGroupProvider E:\Windows\system32\provsvc.dll
    17:33:17.0117 5164 HomeGroupProvider - ok
    17:33:17.0210 5164 [ 295FDC419039090EB8B49FFDBB374549 ] HpSAMD E:\Windows\system32\drivers\HpSAMD.sys
    17:33:17.0226 5164 HpSAMD - ok
    17:33:17.0273 5164 [ 871917B07A141BFF43D76D8844D48106 ] HTTP E:\Windows\system32\drivers\HTTP.sys
    17:33:17.0335 5164 HTTP - ok
    17:33:17.0366 5164 [ 0C4E035C7F105F1299258C90886C64C5 ] hwpolicy E:\Windows\system32\drivers\hwpolicy.sys
    17:33:17.0382 5164 hwpolicy - ok
    17:33:17.0460 5164 [ F151F0BDC47F4A28B1B20A0818EA36D6 ] i8042prt E:\Windows\system32\DRIVERS\i8042prt.sys
    17:33:17.0491 5164 i8042prt - ok
    17:33:17.0553 5164 [ A3CAE5D281DB4CFF7CFF8233507EE5AD ] iaStorV E:\Windows\system32\drivers\iaStorV.sys
    17:33:17.0585 5164 iaStorV - ok
    17:33:17.0678 5164 [ C521D7EB6497BB1AF6AFA89E322FB43C ] idsvc E:\Windows\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe
    17:33:17.0741 5164 idsvc - ok
    17:33:18.0131 5164 [ AD626F6964F4D364D226C39E06872DD3 ] igfx E:\Windows\system32\DRIVERS\igdkmd32.sys
    17:33:18.0287 5164 igfx - ok
    17:33:18.0365 5164 [ 4173FF5708F3236CF25195FECD742915 ] iirsp E:\Windows\system32\drivers\iirsp.sys
    17:33:18.0380 5164 iirsp - ok
    17:33:18.0427 5164 [ F95622F161474511B8D80D6B093AA610 ] IKEEXT E:\Windows\System32\ikeext.dll
    17:33:18.0521 5164 IKEEXT - ok
    17:33:18.0661 5164 [ 4A0F260DF9A5333C07F4AB40CA9D4F4B ] IntcAzAudAddService E:\Windows\system32\drivers\RTKVHDA.sys
    17:33:18.0755 5164 IntcAzAudAddService - ok
    17:33:18.0786 5164 [ A0F12F2C9BA6C72F3987CE780E77C130 ] intelide E:\Windows\system32\drivers\intelide.sys
    17:33:18.0801 5164 intelide - ok
    17:33:18.0942 5164 [ 3B514D27BFC4ACCB4037BC6685F766E0 ] intelppm E:\Windows\system32\DRIVERS\intelppm.sys
    17:33:18.0957 5164 intelppm - ok
    17:33:19.0129 5164 [ 3DC635B66DD7412E1C9C3A77B8D78F25 ] IntuitUpdateService E:\Program Files\Common Files\Intuit\Update Service\IntuitUpdateService.exe
    17:33:19.0129 5164 IntuitUpdateService - ok
    17:33:19.0176 5164 [ ACB364B9075A45C0736E5C47BE5CAE19 ] IPBusEnum E:\Windows\system32\ipbusenum.dll
    17:33:19.0223 5164 IPBusEnum - ok
    17:33:19.0238 5164 [ 709D1761D3B19A932FF0238EA6D50200 ] IpFilterDriver E:\Windows\system32\DRIVERS\ipfltdrv.sys
    17:33:19.0301 5164 IpFilterDriver - ok
    17:33:19.0379 5164 [ 4D65A07B795D6674312F879D09AA7663 ] iphlpsvc E:\Windows\System32\iphlpsvc.dll
    17:33:19.0441 5164 iphlpsvc - ok
    17:33:19.0472 5164 [ 4BD7134618C1D2A27466A099062547BF ] IPMIDRV E:\Windows\system32\drivers\IPMIDrv.sys
    17:33:19.0503 5164 IPMIDRV - ok
    17:33:19.0519 5164 [ A5FA468D67ABCDAA36264E463A7BB0CD ] IPNAT E:\Windows\system32\drivers\ipnat.sys
    17:33:19.0581 5164 IPNAT - ok
    17:33:19.0659 5164 [ CE004777B92DEA56FE14EC900D20BAA4 ] iPod Service E:\Program Files\iPod\bin\iPodService.exe
    17:33:19.0706 5164 iPod Service - ok
    17:33:19.0769 5164 [ 42996CFF20A3084A56017B7902307E9F ] IRENUM E:\Windows\system32\drivers\irenum.sys
    17:33:19.0815 5164 IRENUM - ok
    17:33:19.0847 5164 [ 1F32BB6B38F62F7DF1A7AB7292638A35 ] isapnp E:\Windows\system32\drivers\isapnp.sys
    17:33:19.0878 5164 isapnp - ok
    17:33:19.0893 5164 [ CB7A9ABB12B8415BCE5D74994C7BA3AE ] iScsiPrt E:\Windows\system32\drivers\msiscsi.sys
    17:33:19.0925 5164 iScsiPrt - ok
    17:33:20.0049 5164 [ CF9BA304B8047B9582D72D9BFEF42EAE ] jswpsapi E:\Program Files\NETGEAR\WNA1100\jswpsapi.exe
    17:33:20.0112 5164 jswpsapi - ok
    17:33:20.0190 5164 [ 55C9B4252B751226B838EED2BC50BB64 ] jswpslwf E:\Windows\system32\DRIVERS\jswpslwf.sys
    17:33:20.0237 5164 jswpslwf - ok
    17:33:20.0315 5164 [ ADEF52CA1AEAE82B50DF86B56413107E ] kbdclass E:\Windows\system32\DRIVERS\kbdclass.sys
    17:33:20.0330 5164 kbdclass - ok
    17:33:20.0393 5164 [ 9E3CED91863E6EE98C24794D05E27A71 ] kbdhid E:\Windows\system32\drivers\kbdhid.sys
    17:33:20.0455 5164 kbdhid - ok
    17:33:20.0471 5164 [ F42309C4191C506B71DB5D1126D26318 ] KeyIso E:\Windows\system32\lsass.exe
    17:33:20.0502 5164 KeyIso - ok
    17:33:20.0533 5164 [ 412CEA1AA78CC02A447F5C9E62B32FF1 ] KSecDD E:\Windows\system32\Drivers\ksecdd.sys
    17:33:20.0549 5164 KSecDD - ok
    17:33:20.0580 5164 [ 26C046977E85B95036453D7B88BA1820 ] KSecPkg E:\Windows\system32\Drivers\ksecpkg.sys
    17:33:20.0595 5164 KSecPkg - ok
    17:33:20.0642 5164 [ 89A7B9CC98D0D80C6F31B91C0A310FCD ] KtmRm E:\Windows\system32\msdtckrm.dll
    17:33:20.0720 5164 KtmRm - ok
    17:33:20.0798 5164 [ D64AF876D53ECA3668BB97B51B4E70AB ] LanmanServer E:\Windows\System32\srvsvc.dll
    17:33:20.0876 5164 LanmanServer - ok
    17:33:20.0923 5164 [ 58405E4F68BA8E4057C6E914F326ABA2 ] LanmanWorkstation E:\Windows\System32\wkssvc.dll
    17:33:20.0985 5164 LanmanWorkstation - ok
    17:33:21.0063 5164 [ F7611EC07349979DA9B0AE1F18CCC7A6 ] lltdio E:\Windows\system32\DRIVERS\lltdio.sys
    17:33:21.0141 5164 lltdio - ok
    17:33:21.0188 5164 [ 5700673E13A2117FA3B9020C852C01E2 ] lltdsvc E:\Windows\System32\lltdsvc.dll
    17:33:21.0251 5164 lltdsvc - ok
    17:33:21.0282 5164 [ 55CA01BA19D0006C8F2639B6C045E08B ] lmhosts E:\Windows\System32\lmhsvc.dll
    17:33:21.0344 5164 lmhosts - ok
    17:33:21.0422 5164 [ EB119A53CCF2ACC000AC71B065B78FEF ] LSI_FC E:\Windows\system32\drivers\lsi_fc.sys
    17:33:21.0453 5164 LSI_FC - ok
    17:33:21.0485 5164 [ 8ADE1C877256A22E49B75D1CC9161F9C ] LSI_SAS E:\Windows\system32\drivers\lsi_sas.sys
    17:33:21.0500 5164 LSI_SAS - ok
    17:33:21.0531 5164 [ DC9DC3D3DAA0E276FD2EC262E38B11E9 ] LSI_SAS2 E:\Windows\system32\drivers\lsi_sas2.sys
    17:33:21.0547 5164 LSI_SAS2 - ok
    17:33:21.0578 5164 [ 0A036C7D7CAB643A7F07135AC47E0524 ] LSI_SCSI E:\Windows\system32\drivers\lsi_scsi.sys
    17:33:21.0609 5164 LSI_SCSI - ok
    17:33:21.0673 5164 [ 6703E366CC18D3B6E534F5CF7DF39CEE ] luafv E:\Windows\system32\drivers\luafv.sys
    17:33:21.0766 5164 luafv - ok
    17:33:21.0829 5164 [ 65E794E86468B61F2BC79ABC48BC4433 ] MBAMProtector E:\Windows\system32\drivers\mbam.sys
    17:33:21.0844 5164 MBAMProtector - ok
    17:33:21.0954 5164 [ 0DCF16B1449811EFA47AB52CAC84093C ] MBAMScheduler E:\Program Files\Malwarebytes' Anti-Malware\mbamscheduler.exe
    17:33:21.0969 5164 MBAMScheduler - ok
    17:33:22.0047 5164 [ 9EAABA4D601004BEA4DAA6E146E19A96 ] MBAMService E:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe
    17:33:22.0094 5164 MBAMService - ok
    17:33:22.0219 5164 [ 0DB7527DB188C7D967A37BB51BBF3963 ] MBAMSwissArmy E:\Windows\system32\drivers\mbamswissarmy.sys
    17:33:22.0266 5164 MBAMSwissArmy - ok
    17:33:22.0375 5164 [ 64753FE65431B92D6FB64CC338757E32 ] MBX2DFU E:\Windows\system32\DRIVERS\MBX2DFU.sys
    17:33:22.0390 5164 MBX2DFU - ok
    17:33:22.0453 5164 [ 0F110335DDBE99A683E6646812D23C43 ] MBX2MIDK E:\Windows\system32\drivers\mbx2midk.sys
    17:33:22.0468 5164 MBX2MIDK - ok
    17:33:22.0500 5164 [ BFB9EE8EE977EFE85D1A3105ABEF6DD1 ] Mcx2Svc E:\Windows\system32\Mcx2Svc.dll
    17:33:22.0578 5164 Mcx2Svc - ok
    17:33:22.0688 5164 [ 0FFF5B045293002AB38EB1FD1FC2FB74 ] megasas E:\Windows\system32\drivers\megasas.sys
    17:33:22.0707 5164 megasas - ok
    17:33:22.0896 5164 [ DCBAB2920C75F390CAF1D29F675D03D6 ] MegaSR E:\Windows\system32\drivers\MegaSR.sys
    17:33:22.0922 5164 MegaSR - ok
    17:33:23.0162 5164 [ FAFE367D032ED82E9332B4C741A20216 ] Microsoft Office Groove Audit Service E:\Program Files\Microsoft Office\Office12\GrooveAuditService.exe
    17:33:23.0179 5164 Microsoft Office Groove Audit Service - ok
    17:33:23.0228 5164 [ 146B6F43A673379A3C670E86D89BE5EA ] MMCSS E:\Windows\system32\mmcss.dll
    17:33:23.0323 5164 MMCSS - ok
    17:33:23.0353 5164 [ F001861E5700EE84E2D4E52C712F4964 ] Modem E:\Windows\system32\drivers\modem.sys
    17:33:23.0423 5164 Modem - ok
    17:33:23.0499 5164 [ 79D10964DE86B292320E9DFE02282A23 ] monitor E:\Windows\system32\DRIVERS\monitor.sys
    17:33:23.0551 5164 monitor - ok
    17:33:23.0621 5164 [ FB18CC1D4C2E716B6B903B0AC0CC0609 ] mouclass E:\Windows\system32\DRIVERS\mouclass.sys
    17:33:23.0652 5164 mouclass - ok
    17:33:23.0679 5164 [ 2C388D2CD01C9042596CF3C8F3C7B24D ] mouhid E:\Windows\system32\DRIVERS\mouhid.sys
    17:33:23.0726 5164 mouhid - ok
    17:33:23.0764 5164 [ FC8771F45ECCCFD89684E38842539B9B ] mountmgr E:\Windows\system32\drivers\mountmgr.sys
    17:33:23.0795 5164 mountmgr - ok
    17:33:24.0147 5164 [ 8EE7B1A0AFF41151210A8ACE8E162E33 ] MozillaMaintenance E:\Program Files\Mozilla Maintenance Service\maintenanceservice.exe
    17:33:24.0174 5164 Suspicious file (Forged): E:\Program Files\Mozilla Maintenance Service\maintenanceservice.exe. Real md5: 8EE7B1A0AFF41151210A8ACE8E162E33, Fake md5: BF161D1D4EB8A069C9B2DEF882C0E55C
    17:33:24.0175 5164 MozillaMaintenance ( ForgedFile.Multi.Generic ) - warning
    17:33:24.0175 5164 MozillaMaintenance - detected ForgedFile.Multi.Generic (1)
    17:33:24.0239 5164 [ 2D699FB6E89CE0D8DA14ECC03B3EDFE0 ] mpio E:\Windows\system32\drivers\mpio.sys
    17:33:24.0267 5164 mpio - ok
    17:33:24.0297 5164 [ AD2723A7B53DD1AACAE6AD8C0BFBF4D0 ] mpsdrv E:\Windows\system32\drivers\mpsdrv.sys
    17:33:24.0372 5164 mpsdrv - ok
    17:33:24.0403 5164 [ CEB46AB7C01C9F825F8CC6BABC18166A ] MRxDAV E:\Windows\system32\drivers\mrxdav.sys
    17:33:24.0474 5164 MRxDAV - ok
    17:33:24.0525 5164 [ B272B4C3E085EA860C12F2E4FAF2FFA2 ] mrxsmb E:\Windows\system32\DRIVERS\mrxsmb.sys
    17:33:24.0604 5164 mrxsmb - ok
    17:33:24.0638 5164 [ 9AC33EF26C8A3AD0F117D00EB7301D03 ] mrxsmb10 E:\Windows\system32\DRIVERS\mrxsmb10.sys
    17:33:24.0721 5164 mrxsmb10 - ok
    17:33:24.0750 5164 [ E0ABDB5ED7E199E242A7D028E76C1D3A ] mrxsmb20 E:\Windows\system32\DRIVERS\mrxsmb20.sys
    17:33:24.0862 5164 mrxsmb20 - ok
    17:33:24.0906 5164 [ 012C5F4E9349E711E11E0F19A8589F0A ] msahci E:\Windows\system32\drivers\msahci.sys
    17:33:24.0933 5164 msahci - ok
    17:33:24.0951 5164 [ 55055F8AD8BE27A64C831322A780A228 ] msdsm E:\Windows\system32\drivers\msdsm.sys
    17:33:25.0016 5164 msdsm - ok
    17:33:25.0051 5164 [ E1BCE74A3BD9902B72599C0192A07E27 ] MSDTC E:\Windows\System32\msdtc.exe
    17:33:25.0098 5164 MSDTC - ok
    17:33:25.0191 5164 [ DAEFB28E3AF5A76ABCC2C3078C07327F ] Msfs E:\Windows\system32\drivers\Msfs.sys
    17:33:25.0222 5164 Msfs - ok
    17:33:25.0285 5164 [ 3E1E5767043C5AF9367F0056295E9F84 ] mshidkmdf E:\Windows\System32\drivers\mshidkmdf.sys
    17:33:25.0378 5164 mshidkmdf - ok
    17:33:25.0425 5164 [ 0A4E5757AE09FA9622E3158CC1AEF114 ] msisadrv E:\Windows\system32\drivers\msisadrv.sys
    17:33:25.0441 5164 msisadrv - ok
    17:33:25.0472 5164 [ 90F7D9E6B6F27E1A707D4A297F077828 ] MSiSCSI E:\Windows\system32\iscsiexe.dll
    17:33:25.0534 5164 MSiSCSI - ok
    17:33:25.0550 5164 msiserver - ok
    17:33:25.0612 5164 [ 8C0860D6366AAFFB6C5BB9DF9448E631 ] MSKSSRV E:\Windows\system32\drivers\MSKSSRV.sys
    17:33:25.0675 5164 MSKSSRV - ok
    17:33:25.0753 5164 [ 3EA8B949F963562CEDBB549EAC0C11CE ] MSPCLOCK E:\Windows\system32\drivers\MSPCLOCK.sys
    17:33:25.0862 5164 MSPCLOCK - ok
    17:33:25.0878 5164 [ F456E973590D663B1073E9C463B40932 ] MSPQM E:\Windows\system32\drivers\MSPQM.sys
    17:33:25.0956 5164 MSPQM - ok
    17:33:26.0002 5164 [ 0E008FC4819D238C51D7C93E7B41E560 ] MsRPC E:\Windows\system32\drivers\MsRPC.sys
    17:33:26.0018 5164 MsRPC - ok
    17:33:26.0049 5164 [ FC6B9FF600CC585EA38B12589BD4E246 ] mssmbios E:\Windows\system32\DRIVERS\mssmbios.sys
    17:33:26.0065 5164 mssmbios - ok
    17:33:26.0096 5164 [ B42C6B921F61A6E55159B8BE6CD54A36 ] MSTEE E:\Windows\system32\drivers\MSTEE.sys
    17:33:26.0190 5164 MSTEE - ok
    17:33:26.0205 5164 [ 33599130F44E1F34631CEA241DE8AC84 ] MTConfig E:\Windows\system32\drivers\MTConfig.sys
    17:33:26.0252 5164 MTConfig - ok
    17:33:26.0283 5164 [ 159FAD02F64E6381758C990F753BCC80 ] Mup E:\Windows\system32\Drivers\mup.sys
    17:33:26.0314 5164 Mup - ok
    17:33:26.0346 5164 [ 61D57A5D7C6D9AFE10E77DAE6E1B445E ] napagent E:\Windows\system32\qagentRT.dll
    17:33:26.0424 5164 napagent - ok
    17:33:26.0502 5164 [ 26384429FCD85D83746F63E798AB1480 ] NativeWifiP E:\Windows\system32\DRIVERS\nwifi.sys
    17:33:26.0533 5164 NativeWifiP - ok
    17:33:26.0673 5164 [ 9D1CCE440552500DED3A62F9D779CDB4 ] NAUpdate E:\Program Files\Nero\Update\NASvc.exe
    17:33:26.0704 5164 NAUpdate - ok
    17:33:26.0782 5164 [ E7C54812A2AAF43316EB6930C1FFA108 ] NDIS E:\Windows\system32\drivers\ndis.sys
    17:33:26.0845 5164 NDIS - ok
    17:33:26.0907 5164 [ 0E1787AA6C9191D3D319E8BAFE86F80C ] NdisCap E:\Windows\system32\DRIVERS\ndiscap.sys
    17:33:26.0985 5164 NdisCap - ok
    17:33:27.0048 5164 [ E4A8AEC125A2E43A9E32AFEEA7C9C888 ] NdisTapi E:\Windows\system32\DRIVERS\ndistapi.sys
    17:33:27.0110 5164 NdisTapi - ok
    17:33:27.0157 5164 [ D8A65DAFB3EB41CBB622745676FCD072 ] Ndisuio E:\Windows\system32\DRIVERS\ndisuio.sys
    17:33:27.0219 5164 Ndisuio - ok
    17:33:27.0266 5164 [ 38FBE267E7E6983311179230FACB1017 ] NdisWan E:\Windows\system32\DRIVERS\ndiswan.sys
    17:33:27.0313 5164 NdisWan - ok
    17:33:27.0344 5164 [ A4BDC541E69674FBFF1A8FF00BE913F2 ] NDProxy E:\Windows\system32\drivers\NDProxy.sys
    17:33:27.0391 5164 NDProxy - ok
    17:33:27.0453 5164 [ 80B275B1CE3B0E79909DB7B39AF74D51 ] NetBIOS E:\Windows\system32\DRIVERS\netbios.sys
    17:33:27.0547 5164 NetBIOS - ok
    17:33:27.0578 5164 [ 280122DDCF04B378EDD1AD54D71C1E54 ] NetBT E:\Windows\system32\DRIVERS\netbt.sys
    17:33:27.0656 5164 NetBT - ok
    17:33:27.0703 5164 [ F42309C4191C506B71DB5D1126D26318 ] Netlogon E:\Windows\system32\lsass.exe
    17:33:27.0734 5164 Netlogon - ok
    17:33:27.0828 5164 [ 7CCCFCA7510684768DA22092D1FA4DB2 ] Netman E:\Windows\System32\netman.dll
    17:33:27.0890 5164 Netman - ok
    17:33:27.0906 5164 [ 8C338238C16777A802D6A9211EB2BA50 ] netprofm E:\Windows\System32\netprofm.dll
    17:33:27.0984 5164 netprofm - ok
    17:33:28.0030 5164 [ F476EC40033CDB91EFBE73EB99B8362D ] NetTcpPortSharing E:\Windows\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe
    17:33:28.0046 5164 NetTcpPortSharing - ok
    17:33:28.0327 5164 [ FEB745E4669476C8D368F6C1CA7C7442 ] netw5v32 E:\Windows\system32\DRIVERS\netw5v32.sys
    17:33:28.0670 5164 netw5v32 - ok
    17:33:28.0748 5164 [ 1D85C4B390B0EE09C7A46B91EFB2C097 ] nfrd960 E:\Windows\system32\drivers\nfrd960.sys
    17:33:28.0764 5164 nfrd960 - ok
    17:33:28.0810 5164 [ 912084381D30D8B89EC4E293053F4710 ] NlaSvc E:\Windows\System32\nlasvc.dll
    17:33:28.0888 5164 NlaSvc - ok
    17:33:28.0935 5164 [ 1DB262A9F8C087E8153D89BEF3D2235F ] Npfs E:\Windows\system32\drivers\Npfs.sys
    17:33:28.0982 5164 Npfs - ok
    17:33:28.0998 5164 [ BA387E955E890C8A88306D9B8D06BF17 ] nsi E:\Windows\system32\nsisvc.dll
    17:33:29.0060 5164 nsi - ok
    17:33:29.0091 5164 [ E9A0A4D07E53D8FEA2BB8387A3293C58 ] nsiproxy E:\Windows\system32\drivers\nsiproxy.sys
    17:33:29.0169 5164 nsiproxy - ok
    17:33:29.0434 5164 [ 42CE5E77721E60F39858FF2A35450342 ] NSUService E:\Program Files\Sony\Network Utility\NSUService.exe
    17:33:29.0512 5164 NSUService ( UnsignedFile.Multi.Generic ) - warning
    17:33:29.0512 5164 NSUService - detected UnsignedFile.Multi.Generic (1)
    17:33:29.0762 5164 [ 33C3093D09017CFE2E219F2472BFF6EB ] Ntfs E:\Windows\system32\drivers\Ntfs.sys
    17:33:29.0840 5164 Ntfs - ok
    17:33:29.0887 5164 [ F9756A98D69098DCA8945D62858A812C ] Null E:\Windows\system32\drivers\Null.sys
    17:33:29.0965 5164 Null - ok
    17:33:30.0012 5164 [ AF2EEC9580C1D32FB7EAF105D9784061 ] nvraid E:\Windows\system32\drivers\nvraid.sys
    17:33:30.0043 5164 nvraid - ok
    17:33:30.0058 5164 [ 9283C58EBAA2618F93482EB5DABCEC82 ] nvstor E:\Windows\system32\drivers\nvstor.sys
    17:33:30.0090 5164 nvstor - ok
    17:33:30.0105 5164 [ 5A0983915F02BAE73267CC2A041F717D ] nv_agp E:\Windows\system32\drivers\nv_agp.sys
    17:33:30.0136 5164 nv_agp - ok
    17:33:30.0292 5164 [ 84DE1DD996B48B05ACE31AD015FA108A ] odserv E:\Program Files\Common Files\Microsoft Shared\OFFICE12\ODSERV.EXE
    17:33:30.0324 5164 odserv - ok
    17:33:30.0355 5164 [ 08A70A1F2CDDE9BB49B885CB817A66EB ] ohci1394 E:\Windows\system32\drivers\ohci1394.sys
    17:33:30.0402 5164 ohci1394 - ok
    17:33:30.0464 5164 [ 5A432A042DAE460ABE7199B758E8606C ] ose E:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE
    17:33:30.0495 5164 ose - ok
    17:33:30.0526 5164 [ 82A8521DDC60710C3D3D3E7325209BEC ] p2pimsvc E:\Windows\system32\pnrpsvc.dll
    17:33:30.0589 5164 p2pimsvc - ok
    17:33:30.0636 5164 [ 59C3DDD501E39E006DAC31BF55150D91 ] p2psvc E:\Windows\system32\p2psvc.dll
    17:33:30.0667 5164 p2psvc - ok
    17:33:30.0682 5164 [ 2EA877ED5DD9713C5AC74E8EA7348D14 ] Parport E:\Windows\system32\drivers\parport.sys
    17:33:30.0714 5164 Parport - ok
    17:33:30.0729 5164 [ BF8F6AF06DA75B336F07E23AEF97D93B ] partmgr E:\Windows\system32\drivers\partmgr.sys
    17:33:30.0760 5164 partmgr - ok
    17:33:30.0776 5164 [ EB0A59F29C19B86479D36B35983DAADC ] Parvdm E:\Windows\system32\drivers\parvdm.sys
    17:33:30.0823 5164 Parvdm - ok
    17:33:30.0854 5164 [ 358AB7956D3160000726574083DFC8A6 ] PcaSvc E:\Windows\System32\pcasvc.dll
    17:33:30.0885 5164 PcaSvc - ok
    17:33:30.0901 5164 [ 673E55C3498EB970088E812EA820AA8F ] pci E:\Windows\system32\drivers\pci.sys
    17:33:30.0932 5164 pci - ok
    17:33:30.0948 5164 [ AFE86F419014DB4E5593F69FFE26CE0A ] pciide E:\Windows\system32\drivers\pciide.sys
    17:33:30.0963 5164 pciide - ok
    17:33:30.0994 5164 [ F396431B31693E71E8A80687EF523506 ] pcmcia E:\Windows\system32\DRIVERS\pcmcia.sys
    17:33:31.0026 5164 pcmcia - ok
    17:33:31.0166 5164 [ A0E7D752514A7D99341D5F2A834224A9 ] PCToolsSSDMonitorSvc E:\Program Files\Common Files\PC Tools\sMonitor\StartManSvc.exe
    17:33:31.0197 5164 PCToolsSSDMonitorSvc - ok
    17:33:31.0228 5164 [ 250F6B43D2B613172035C6747AEEB19F ] pcw E:\Windows\system32\drivers\pcw.sys
    17:33:31.0244 5164 pcw - ok
    17:33:31.0322 5164 [ 9E0104BA49F4E6973749A02BF41344ED ] PEAUTH E:\Windows\system32\drivers\peauth.sys
    17:33:31.0416 5164 PEAUTH - ok
    17:33:31.0478 5164 [ AF4D64D2A57B9772CF3801950B8058A6 ] PeerDistSvc E:\Windows\system32\peerdistsvc.dll
    17:33:31.0587 5164 PeerDistSvc - ok
    17:33:31.0587 5164 Scan interrupted by user!
    17:33:31.0587 5164 ================ Scan global ===============================
    17:33:31.0587 5164 Scan interrupted by user!
    17:33:31.0587 5164 ================ Scan MBR ==================================
    17:33:31.0587 5164 Scan interrupted by user!
    17:33:31.0587 5164 ================ Scan VBR ==================================
    17:33:31.0587 5164 Scan interrupted by user!
    17:33:31.0587 5164 ============================================================
    17:33:31.0587 5164 Scan finished
    17:33:31.0587 5164 ============================================================
    17:33:31.0618 4436 Detected object count: 3
    17:33:31.0618 4436 Actual detected object count: 3
    17:33:33.0553 4436 digiSPTIService ( UnsignedFile.Multi.Generic ) - skipped by user
    17:33:33.0553 4436 digiSPTIService ( UnsignedFile.Multi.Generic ) - User select action: Skip
    17:33:33.0568 4436 MozillaMaintenance ( ForgedFile.Multi.Generic ) - skipped by user
    17:33:33.0568 4436 MozillaMaintenance ( ForgedFile.Multi.Generic ) - User select action: Skip
    17:33:33.0568 4436 NSUService ( UnsignedFile.Multi.Generic ) - skipped by user
    17:33:33.0568 4436 NSUService ( UnsignedFile.Multi.Generic ) - User select action: Skip
    17:33:35.0487 5836 Deinitialize success
  17. hitstress

    hitstress TS Rookie Topic Starter

    Would you suggest I run malwarebytes as the antivirus. I also have AVG, or do you reccomend a different software? Thanks.
  18. Jay Pfoutz

    Jay Pfoutz Malware Helper Posts: 4,286   +49

    As long as AVG isn't giving you trouble, you should keep it... please do the following (hopefully) final steps...

    ESET Online Scan

    Please run a free online scan with the ESET Online Scanner
    • Tick the box next to YES, I accept the Terms of Use
    • Click Start
    • When asked, allow the ActiveX control to install, or it will ask to download an installer. Please do so an install it.
    • Click Start or wait for the scanner to load.
    • Make sure that the options Remove found threats and the option Scan unwanted applications are checked.
    • Click Scan (This scan can take several hours, so please be patient)
    • Once the scan is completed, there are a couple of things to keep in mind:
    • 1. If NO threats were found, allow the scanner to Uninstall on close and then close the Window.
    • 2. If threats WERE detected, click on List of Threats Found, Export to Text File...save it as ESET-Scan-Log.txt. Click the back button/link, put a checkmark to Uninstall Application on Close and then close the window.
    • Open the logfile from wherever you saved it
    • Copy and paste the contents in your next reply.

    Any more issues?

    We need to know any other issues that are plaguing your computer. Kindly give a summary so we know how to continue from here.

    Many of the things to note for us would be:

    • Slow computer
    • Error messages
    • Fake antivirus alerts or the icon in the system tray
    • svchost.exe running at 100%
    • System crashes or blue screen of death
  19. hitstress

    hitstress TS Rookie Topic Starter

    Thank you again. Here is the ESET log. I have noticed java update is popping up everyday. A couple of times I downloaded the update, and sure enough.... the very next day it is requesting me to download another update.


    --------------------

    E:\TDSSKiller_Quarantine\06.10.2012_16.14.12\mbr0000\tdlfs0000\tsk0001.dta a variant of Win32/Olmarik.AYI trojan cleaned by deleting - quarantined
    E:\TDSSKiller_Quarantine\06.10.2012_16.14.12\mbr0000\tdlfs0000\tsk0002.dta Win64/Olmarik.AK trojan cleaned by deleting - quarantined
    E:\TDSSKiller_Quarantine\06.10.2012_16.14.12\mbr0000\tdlfs0000\tsk0003.dta Win32/Olmarik.AYH trojan cleaned by deleting - quarantined
    E:\TDSSKiller_Quarantine\06.10.2012_16.14.12\mbr0000\tdlfs0000\tsk0004.dta Win64/Olmarik.AL trojan cleaned by deleting - quarantined
    E:\TDSSKiller_Quarantine\06.10.2012_16.14.12\mbr0000\tdlfs0000\tsk0005.dta a variant of Win32/Rootkit.Kryptik.NH trojan cleaned by deleting - quarantined
    E:\TDSSKiller_Quarantine\06.10.2012_16.14.12\mbr0000\tdlfs0000\tsk0006.dta Win64/Olmarik.AK trojan cleaned by deleting - quarantined
    E:\TDSSKiller_Quarantine\06.10.2012_16.14.12\mbr0000\tdlfs0000\tsk0010.dta Win32/Olmarik.AFK trojan cleaned by deleting - quarantined
    E:\TDSSKiller_Quarantine\06.10.2012_16.14.12\mbr0000\tdlfs0000\tsk0011.dta Win64/Olmarik.AK trojan cleaned by deleting - quarantined
    E:\TDSSKiller_Quarantine\06.10.2012_16.14.12\mbr0000\tdlfs0000\tsk0014.dta a variant of Win32/Olmarik.AYI trojan cleaned by deleting - quarantined
    E:\Users\stewart\tauobex.exe Win32/AutoRun.VB.GJ worm cleaned by deleting - quarantined
  20. Jay Pfoutz

    Jay Pfoutz Malware Helper Posts: 4,286   +49

    Download Revo: http://www.revouninstaller.com/start_freeware_download.html

    Remove Java completely, try to update it again.

    Clean up System Restore

    Now, to get you off to a clean start, we will be creating a new Restore Point, then clearing the old ones to make sure you do not get reinfected, in case you need to "restore back."

    To manually create a new Restore Point
    • Go to Control Panel and select System and Maintenance
    • Select System
    • On the left select Advance System Settings and accept the warning if you get one
    • Select System Protection Tab
    • Select Create at the bottom
    • Type in a name I.e. Clean
    • Select Create
    Now we can purge the infected ones
    • Go back to the System and Maintenance page
    • Select Performance Information and Tools
    • On the left select Open Disk Cleanup
    • Select Files from all users and accept the warning if you get one
    • In the drop down box select your main drive I.e. C
    • For a few moments the system will make some calculations:
      [​IMG]
    • Select the More Options tab
      [​IMG]
    • In the System Restore and Shadow Backups select Clean up
      [​IMG]
    • Select Delete on the pop up
    • Select OK
    • Select Delete
    Run OTC to remove our tools

    To remove all of the tools we used and the files and folders they created, please do the following:
    Please download OTC.exe by OldTimer:
    • Save it to your Desktop.
    • Double click OTC.exe.
    • Click the CleanUp! button.
    • If you are prompted to Reboot during the cleanup, select Yes.
    • The tool will delete itself once it finishes.
    Note:If any tool, file or folder (belonging to the program we have used) hasn't been deleted, please delete it manually.

    Purge old temporary files

    Download CCleaner Slim and save it to your Desktop - Alternate download link

    When the file has been saved, go to your Desktop and double-click on ccsetupxxx_slim.exe
    Follow the prompts to install the program.

    * Double-click the CCleaner shortcut on the desktop to start the program.
    * Click on the Options block on the left, then choose Cookies.
    * Under Cookies to Delete, highlight any cookies you would like to retain permanently
    * Click the right arrow > to move them to the Cookies to Keep window.
    * Go into Options > Advanced & uncheck Only delete files in Windows Temp folders older than 48 hours
    * Click Cleaner on the left then Run Cleaner on the right to run the program.
    * Important: Make sure that ALL browser windows are closed before selecting Run Cleaner

    Caution: Only use the Registry feature if you are very familiar with the registry.
    Always back up your registry before making any changes. Exit CCleaner after it has completed it's process.

    Security Check

    Please download Security Check by screen317 from SpywareInfoforum.org or Changelog.fr.
    • Save it to your Desktop.
    • Double click SecurityCheck.exe and follow the onscreen instructions inside of the black box.
    • A Notepad document should open automatically called checkup.txt; please post the contents of that document.
  21. Jay Pfoutz

    Jay Pfoutz Malware Helper Posts: 4,286   +49

    Topic marked solved. :)
Topic Status:
Not open for further replies.


Add New Comment

TechSpot Members
Login or sign up for free,
it takes about 30 seconds.
You may also...


Get complete access to the TechSpot community. Join thousands of technology enthusiasts that contribute and share knowledge in our forum. Get a private inbox, upload your own photo gallery and more.