27 replies to this topic

[lifethezero]

Last week I noticed my computer running slow and just generally seeming off. I located some malware, which was some sort of trojan originating from an svchost file. I tried multiple times using mbam and spybot to remove the malware, and each time both programs removed threats but they pretty much regenerated each time and the same problems persisted. I finally got on this forum and after reading through a few threads relating to the same sort of problem involving svchost trojans I followed the steps outlined in another thread titled something to the effect of "svchost trojan - search redirects". FYI, it seemed to be combofix that eventually corrected the problem. I should mention I fully understand that a recurring theme from the experts on this forum seems to be that you shouldn't remove any files, etc., without being specifically directed to do so by said experts. That said, I proceeded anyway and everything seemed to work out alright considering. Anyway best I can tell all traces of the malware were removed, spybot and mbam both come up clear plus i ran tdsskiller again and it found 1 threat but it didn't seem to be actual malware.

The reason I am posting is that even though I can't find any remaining malware some problems seem to persist. First of all when I restart I get two error messages at startup, one says there was a problem starting c:\windows\TEMP\wiavmg.dll and the other is the same except it is apatdm.dll. Also I tried to run a system restore a few times from a few different points after the malware was removed and it failed each time. Also I notice my browser still runs slower than before than malware. There are various other minor issues I'm noticing as well. I have to assume that these error messages are likely the result of me removing files I shouldn't have without being instructed to do so, but either way I'm not really sure. Any help would be appreciated and here is the mbam log if that helps any:

Malwarebytes Anti-Malware 1.60.1.1000
www.malwarebytes.org
Database version: v2012.04.07.05
Windows 7 Service Pack 1 x64 NTFS
Internet Explorer 9.0.8112.16421
Owner :: OWNER-PC [administrator]
4/11/2012 3:53:02 PM
mbam-log-2012-04-11 (15-53-02).txt
Scan type: Quick scan
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
Scan options disabled: P2P
Objects scanned: 200780
Time elapsed: 6 minute(s), 51 second(s)
Memory Processes Detected: 0
(No malicious items detected)
Memory Modules Detected: 0
(No malicious items detected)
Registry Keys Detected: 0
(No malicious items detected)
Registry Values Detected: 0
(No malicious items detected)
Registry Data Items Detected: 0
(No malicious items detected)
Folders Detected: 0
(No malicious items detected)
Files Detected: 0
(No malicious items detected)
(end)

[MrCharlie]

Welcome to the forum, please start at the link below:

http://forums.malwar...?showtopic=9573

Post back the 2 logs.

----------------------------------

Next....

Please download and run RogueKiller.
For Windows XP, double-click to start.
For Vista or Windows 7, do a right-click on the program, select Run as Administrator to start, & when prompted Allow to run.
Click Scan to scan the system (don't run any other options)
Post back the report.

MrC

[MrCharlie]

How are we doing??

Do you still need help or can I close this post??

MrC

[lifethezero]

Yeah, I'm still having the same issues. Here is the dds log:

.
DDS (Ver_2011-08-26.01) - NTFSAMD64
Internet Explorer: 9.0.8112.16421 BrowserJavaVersion: 1.6.0_30
Run by Owner at 22:17:40 on 2012-04-17
Microsoft Windows 7 Home Premium 6.1.7601.1.1252.1.1033.18.2812.1902 [GMT -5:00]
.
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
============== Running Processes ===============
.
C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\svchost.exe -k RPCSS
C:\Windows\system32\atiesrxx.exe
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\atieclxx.exe
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\system32\WLANExt.exe
C:\Windows\system32\conhost.exe
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Program Files\Acer\Acer ePower Management\ePowerSvc.exe
C:\Program Files (x86)\Acer\Registration\GregHSRW.exe
C:\Program Files (x86)\NewTech Infosystems\NTI Backup Now 5\SchedulerSvc.exe
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Windows\system32\taskhost.exe
C:\Windows\system32\svchost.exe -k imgsvc
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Program Files\Acer\Acer Updater\UpdaterService.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
C:\Program Files (x86)\Spybot - Search & Destroy\SDWinSec.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe
C:\Windows\system32\SearchIndexer.exe
C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\Windows\System32\svchost.exe -k LocalServicePeerNet
C:\Windows\system32\DllHost.exe
C:\Windows\system32\taskeng.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Windows\system32\SearchProtocolHost.exe
C:\Windows\system32\taskhost.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Windows\system32\DllHost.exe
C:\Windows\system32\DllHost.exe
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\conhost.exe
C:\Windows\SysWOW64\cscript.exe
.
============== Pseudo HJT Report ===============
.
uStart Page = hxxp://www.yahoo.com/
mStart Page = hxxp://homepage.acer.com/rdr.aspx?b=ACAW&l=0409&m=aspire_5532&r=27360210d525l04g4z145t4402x242
BHO: MRI_DISABLED - No File
BHO: {02478D38-C3F9-4efb-9B51-7695ECA05670} - No File
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
BHO: DivX Plus Web Player HTML5 <video>: {326e768d-4182-46fd-9c16-1449a49795f4} - C:\Program Files (x86)\DivX\DivX Plus Web Player\ie\DivXHTML5\DivXHTML5.dll
BHO: Spybot-S&D IE Protection: {53707962-6f74-2d53-2644-206d7942484f} - C:\PROGRA~2\SPYBOT~1\SDHelper.dll
BHO: Java™ Plug-In SSV Helper: {761497bb-d6f0-462c-b6eb-d4daf1d92d43} - C:\Program Files (x86)\Java\jre6\bin\ssv.dll
BHO: Windows Live ID Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
BHO: Java™ Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll
TB: {32099AAC-C132-4136-9E9A-4E364A424E17} - No File
uRun: [NortonOnlineBackupReminder] "C:\Program Files (x86)\Symantec\Norton Online Backup\Activation\NobuActivation.exe" UNATTENDED
uRun: [SpybotSD TeaTimer] C:\Program Files (x86)\Spybot - Search & Destroy\TeaTimer.exe
mRun: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
mRun: [DivXUpdate] "C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe" /CHECKNOW
mRun: [Adobe Reader Speed Launcher] "C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe"
mRun: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
mRun: [QuickTime Task] "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime
uPolicies-explorer: NoDesktopCleanupWizard = 1 (0x1)
mPolicies-system: ConsentPromptBehaviorAdmin = 5 (0x5)
mPolicies-system: ConsentPromptBehaviorUser = 3 (0x3)
mPolicies-system: EnableUIADesktopToggle = 0 (0x0)
IE: E&xport to Microsoft Excel - C:\PROGRA~2\MICROS~1\Office12\EXCEL.EXE/3000
IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll
IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - C:\PROGRA~2\MICROS~1\Office12\ONBttnIE.dll
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - C:\PROGRA~2\MICROS~1\Office12\REFIEBAR.DLL
IE: {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~2\SPYBOT~1\SDHelper.dll
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_30-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0030-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_30-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_30-windows-i586.cab
DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
TCP: DhcpNameServer = 192.168.1.1
TCP: Interfaces\{7C35DC11-42C9-41FB-87DE-61E1D3F282C5} : DhcpNameServer = 192.168.1.1
TCP: Interfaces\{7C35DC11-42C9-41FB-87DE-61E1D3F282C5}\37771696D6 : DhcpNameServer = 192.168.1.1
TCP: Interfaces\{7C35DC11-42C9-41FB-87DE-61E1D3F282C5}\C696E6B6379737 : DhcpNameServer = 68.87.68.166 68.87.74.166
TCP: Interfaces\{7C35DC11-42C9-41FB-87DE-61E1D3F282C5}\E4544574541425 : DhcpNameServer = 192.168.1.1
Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files (x86)\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll
BHO-X64: MRI_DISABLED - No File
BHO-X64: AcroIEHelperStub - No File
BHO-X64: Google Dictionary Compression sdch - No File
BHO-X64: {02478D38-C3F9-4efb-9B51-7695ECA05670} - No File
BHO-X64: 0x1 - No File
BHO-X64: Adobe PDF Link Helper: {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
BHO-X64: AcroIEHelperStub - No File
BHO-X64: DivX Plus Web Player HTML5 <video>: {326E768D-4182-46FD-9C16-1449A49795F4} - C:\Program Files (x86)\DivX\DivX Plus Web Player\ie\DivXHTML5\DivXHTML5.dll
BHO-X64: Increase performance and video formats for your HTML5 <video> - No File
BHO-X64: Spybot-S&D IE Protection: {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~2\SPYBOT~1\SDHelper.dll
BHO-X64: Java™ Plug-In SSV Helper: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre6\bin\ssv.dll
BHO-X64: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
BHO-X64: Java™ Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll
TB-X64: {32099AAC-C132-4136-9E9A-4E364A424E17} - No File
mRun-x64: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
mRun-x64: [DivXUpdate] "C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe" /CHECKNOW
mRun-x64: [Adobe Reader Speed Launcher] "C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe"
mRun-x64: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
mRun-x64: [QuickTime Task] "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime
.
================= FIREFOX ===================
.
FF - ProfilePath - C:\Users\Owner\AppData\Roaming\Mozilla\Firefox\Profiles\00u66hgm.default\
FF - prefs.js: browser.startup.homepage - hxxp://mp3tubetoolbar.com/?tmp=toolbar_Mp3Tube_homepage&prt=pinballtbfour04ff&clid=e5053b451ed44eeaa08e2adcc000a661&subid=
FF - prefs.js: keyword.URL - hxxp://mp3tubetoolbar.com/?tmp=nemo_results_removelink2&q=
FF - Ext: Default: {972ce4c6-7e08-4474-a285-3208198ce6fd} - C:\Program Files (x86)\Mozilla Firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA} - C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA} - C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA} - C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA} - C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA} - C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA} - C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0030-ABCDEFFEDCBA} - C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0030-ABCDEFFEDCBA}
FF - Ext: Move Media Player: moveplayer@movenetworks.com - C:\Users\Owner\AppData\Roaming\Move Networks
FF - Ext: DivX Plus Web Player HTML5 &lt;video&gt;: {23fcfd51-4958-4f00-80a3-ae97e717ed8b} - C:\Program Files (x86)\DivX\DivX Plus Web Player\firefox\DivXHTML5
.
---- FIREFOX POLICIES ----
FF - user.js: keyword.URL - hxxp://mp3tubetoolbar.com/?tmp=nemo_results_removelink2&q=
FF - user.js: keyword.enabled - 1
.
============= SERVICES / DRIVERS ===============
.
R1 mwlPSDFilter;mwlPSDFilter;C:\Windows\system32\DRIVERS\mwlPSDFilter.sys --> C:\Windows\system32\DRIVERS\mwlPSDFilter.sys [?]
R1 mwlPSDNServ;mwlPSDNServ;C:\Windows\system32\DRIVERS\mwlPSDNServ.sys --> C:\Windows\system32\DRIVERS\mwlPSDNServ.sys [?]
R1 mwlPSDVDisk;mwlPSDVDisk;C:\Windows\system32\DRIVERS\mwlPSDVDisk.sys --> C:\Windows\system32\DRIVERS\mwlPSDVDisk.sys [?]
R1 vwififlt;Virtual WiFi Filter Driver;C:\Windows\system32\DRIVERS\vwififlt.sys --> C:\Windows\system32\DRIVERS\vwififlt.sys [?]
R2 AMD External Events Utility;AMD External Events Utility;C:\Windows\system32\atiesrxx.exe --> C:\Windows\system32\atiesrxx.exe [?]
R2 ePowerSvc;Acer ePower Service;C:\Program Files\Acer\Acer ePower Management\ePowerSvc.exe [2009-11-5 844320]
R2 Greg_Service;GRegService;C:\Program Files (x86)\Acer\Registration\GregHSRW.exe [2009-8-28 1150496]
R2 NTISchedulerSvc;NTI Backup Now 5 Scheduler Service;C:\Program Files (x86)\NewTech Infosystems\NTI Backup Now 5\SchedulerSvc.exe [2009-6-17 144640]
R2 SBSDWSCService;SBSD Security Center Service;C:\Program Files (x86)\Spybot - Search & Destroy\SDWinSec.exe [2011-8-21 1153368]
R2 Updater Service;Updater Service;C:\Program Files\Acer\Acer Updater\UpdaterService.exe [2009-11-5 240160]
R3 L1C;NDIS Miniport Driver for Atheros AR813x/AR815x PCI-E Ethernet Controller;C:\Windows\system32\DRIVERS\L1C62x64.sys --> C:\Windows\system32\DRIVERS\L1C62x64.sys [?]
R3 usbfilter;AMD USB Filter Driver;C:\Windows\system32\DRIVERS\usbfilter.sys --> C:\Windows\system32\DRIVERS\usbfilter.sys [?]
R3 vwifimp;Microsoft Virtual WiFi Miniport Service;C:\Windows\system32\DRIVERS\vwifimp.sys --> C:\Windows\system32\DRIVERS\vwifimp.sys [?]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-3-18 138576]
S2 McShield;McAfee Real-time Scanner;C:\PROGRA~1\McAfee\VIRUSS~1\mcshield.exe --> C:\PROGRA~1\McAfee\VIRUSS~1\mcshield.exe [?]
S3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service;C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-4-5 253600]
S3 McSysmon;McAfee SystemGuards;C:\PROGRA~2\McAfee\VIRUSS~1\mcsysmon.exe --> C:\PROGRA~2\McAfee\VIRUSS~1\mcsysmon.exe [?]
S3 MWLService;MyWinLocker Service;C:\Program Files (x86)\EgisTec\MyWinLocker 3\x86\MWLService.exe [2009-9-10 305448]
S3 NTIBackupSvc;NTI Backup Now 5 Backup Service;C:\Program Files (x86)\NewTech Infosystems\NTI Backup Now 5\BackupSvc.exe [2009-6-17 50432]
S3 RSUSBSTOR;RtsUStor.Sys Realtek USB Card Reader;C:\Windows\system32\Drivers\RtsUStor.sys --> C:\Windows\system32\Drivers\RtsUStor.sys [?]
S3 TsUsbFlt;TsUsbFlt;C:\Windows\system32\drivers\tsusbflt.sys --> C:\Windows\system32\drivers\tsusbflt.sys [?]
S3 WatAdminSvc;Windows Activation Technologies Service;C:\Windows\system32\Wat\WatAdminSvc.exe --> C:\Windows\system32\Wat\WatAdminSvc.exe [?]
S3 WDC_SAM;WD SCSI Pass Thru driver;C:\Windows\system32\DRIVERS\wdcsam64.sys --> C:\Windows\system32\DRIVERS\wdcsam64.sys [?]
S3 WSDPrintDevice;WSD Print Support via UMB;C:\Windows\system32\DRIVERS\WSDPrint.sys --> C:\Windows\system32\DRIVERS\WSDPrint.sys [?]
S3 WSDScan;WSD Scan Support via UMB;C:\Windows\system32\DRIVERS\WSDScan.sys --> C:\Windows\system32\DRIVERS\WSDScan.sys [?]
.
=============== Created Last 30 ================
.
2012-04-12 19:26:01 8669240 ------w- C:\ProgramData\Microsoft\Windows Defender\Definition Updates\Updates\mpengine.dll
2012-04-11 03:54:37 81408 ----a-w- C:\Windows\System32\imagehlp.dll
2012-04-11 03:54:37 23408 ----a-w- C:\Windows\System32\drivers\fs_rec.sys
2012-04-11 03:54:36 5120 ----a-w- C:\Windows\SysWow64\wmi.dll
2012-04-11 03:54:36 5120 ----a-w- C:\Windows\System32\wmi.dll
2012-04-11 03:54:36 220672 ----a-w- C:\Windows\System32\wintrust.dll
2012-04-11 03:54:36 172544 ----a-w- C:\Windows\SysWow64\wintrust.dll
2012-04-11 03:54:36 159232 ----a-w- C:\Windows\SysWow64\imagehlp.dll
2012-04-07 16:36:39 8669240 ------w- C:\ProgramData\Microsoft\Windows Defender\Definition Updates\{F96F4DC7-E96F-419B-9720-A3E3BA2AE2C1}\mpengine.dll
2012-04-07 16:31:44 -------- d-sh--w- C:\$RECYCLE.BIN
2012-04-07 04:58:05 -------- d-----w- C:\Users\Owner\AppData\Local\{4E816686-82DD-46C8-B9F8-D25B2CDA7D1F}
2012-04-06 03:27:22 -------- d-----w- C:\Users\Owner\AppData\Local\{E7B6953F-7F5E-11E1-826D-B8AC6F996F26}
2012-04-05 20:55:49 -------- d-----w- C:\Users\Owner\AppData\Roaming\Lyihyv
2012-04-05 20:55:49 -------- d-----w- C:\Users\Owner\AppData\Roaming\Ciwiku
2012-04-05 13:50:57 418464 ----a-w- C:\Windows\SysWow64\FlashPlayerApp.exe
2012-04-05 13:47:59 -------- d-----w- C:\Users\Owner\AppData\Local\{BA0C1109-60F6-4D13-8E44-1C52FBE9071E}
2012-03-26 15:41:34 103864 ----a-w- C:\Program Files (x86)\Mozilla Firefox\plugins\nppdf32.dll
2012-03-26 15:41:34 103864 ----a-w- C:\Program Files (x86)\Internet Explorer\Plugins\nppdf32.dll
2012-03-25 06:59:42 -------- d-----w- C:\Users\Owner\AppData\Local\{EA2522B7-0677-458A-BCD4-34184FF906EE}
2012-03-25 06:59:29 -------- d-----w- C:\Users\Owner\AppData\Local\{5D763051-1A12-42BD-B3E1-766B86A48FE3}
.
==================== Find3M ====================
.
2012-04-05 13:50:57 70304 ----a-w- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl
2012-03-06 06:53:37 5559152 ----a-w- C:\Windows\System32\ntoskrnl.exe
2012-03-06 05:59:47 3968368 ----a-w- C:\Windows\SysWow64\ntkrnlpa.exe
2012-03-06 05:59:41 3913072 ----a-w- C:\Windows\SysWow64\ntoskrnl.exe
2012-02-28 06:56:48 2311168 ----a-w- C:\Windows\System32\jscript9.dll
2012-02-28 06:49:56 1390080 ----a-w- C:\Windows\System32\wininet.dll
2012-02-28 06:48:57 1493504 ----a-w- C:\Windows\System32\inetcpl.cpl
2012-02-28 06:42:55 2382848 ----a-w- C:\Windows\System32\mshtml.tlb
2012-02-28 01:18:55 1799168 ----a-w- C:\Windows\SysWow64\jscript9.dll
2012-02-28 01:11:21 1427456 ----a-w- C:\Windows\SysWow64\inetcpl.cpl
2012-02-28 01:11:07 1127424 ----a-w- C:\Windows\SysWow64\wininet.dll
2012-02-28 01:03:16 2382848 ----a-w- C:\Windows\SysWow64\mshtml.tlb
2012-02-23 15:18:36 279656 ------w- C:\Windows\System32\MpSigStub.exe
2012-02-17 06:38:26 1031680 ----a-w- C:\Windows\System32\rdpcore.dll
2012-02-17 05:34:22 826880 ----a-w- C:\Windows\SysWow64\rdpcore.dll
2012-02-17 04:58:24 210944 ----a-w- C:\Windows\System32\drivers\rdpwd.sys
2012-02-17 04:57:32 23552 ----a-w- C:\Windows\System32\drivers\tdtcp.sys
2012-02-10 06:36:07 1544192 ----a-w- C:\Windows\System32\DWrite.dll
2012-02-10 05:38:43 1077248 ----a-w- C:\Windows\SysWow64\DWrite.dll
2012-02-07 16:02:40 1070352 ----a-w- C:\Windows\SysWow64\MSCOMCTL.OCX
2012-02-03 04:34:34 3145728 ----a-w- C:\Windows\System32\win32k.sys
2012-01-25 06:38:39 77312 ----a-w- C:\Windows\System32\rdpwsx.dll
2012-01-25 06:38:38 149504 ----a-w- C:\Windows\System32\rdpcorekmts.dll
2012-01-25 06:33:30 9216 ----a-w- C:\Windows\System32\rdrmemptylst.exe
.
============= FINISH: 22:18:57.75 ===============



And I just ran another mbam quick scan, here is the log:

Malwarebytes Anti-Malware 1.61.0.1400
www.malwarebytes.org
Database version: v2012.04.04.08
Windows 7 Service Pack 1 x64 NTFS
Internet Explorer 9.0.8112.16421
Owner :: OWNER-PC [administrator]
4/17/2012 10:28:32 PM
mbam-log-2012-04-17 (22-28-32).txt
Scan type: Quick scan
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
Scan options disabled: P2P
Objects scanned: 200657
Time elapsed: 4 minute(s), 14 second(s)
Memory Processes Detected: 0
(No malicious items detected)
Memory Modules Detected: 0
(No malicious items detected)
Registry Keys Detected: 0
(No malicious items detected)
Registry Values Detected: 0
(No malicious items detected)
Registry Data Items Detected: 0
(No malicious items detected)
Folders Detected: 0
(No malicious items detected)
Files Detected: 0
(No malicious items detected)
(end)


I'll have the rogue killer log here in just a few...

[lifethezero]

Ok here is the rogue killer log:

RogueKiller V7.3.2 [03/20/2012] by Tigzy
mail: tigzyRK<at>gmail<dot>com
Feedback: http://www.geekstogo...13-roguekiller/
Blog: http://tigzyrk.blogspot.com
Operating System: Windows 7 (6.1.7601 Service Pack 1) 64 bits version
Started in : Normal mode
User: Owner [Admin rights]
Mode: Scan -- Date: 04/17/2012 22:38:27
¤¤¤ Bad processes: 0 ¤¤¤
¤¤¤ Registry Entries: 8 ¤¤¤
[BLACKLIST DLL] HKLM\[...]\Run : wiavmg (rundll32.exe "C:\Windows\TEMP\wiavmg.dll",CreateRenderToEnvMap) -> FOUND
[BLACKLIST DLL] HKLM\[...]\Run : apatdm (rundll32.exe "C:\Windows\TEMP\apatdm.dll",GetObjectHandleByName) -> FOUND
[SUSP PATH] HKLM\[...]\Wow6432Node\RunOnce : InnoSetupRegFile.0000000001 ("C:\Windows\is-K9V0O.exe" /REG /REGSVRMODE) -> FOUND
[SCRSV] HKCU\[...]\Desktop : SCRNSAVE.EXE (C:\Windows\WLXPGSS.SCR) -> FOUND
[HJ] HKLM\[...]\NewStartPanel : {59031a47-3f72-44a7-89c5-5595fe6b30ee} (1) -> FOUND
[HJ] HKLM\[...]\NewStartPanel : {20D04FE0-3AEA-1069-A2D8-08002B30309D} (1) -> FOUND
[HJ] HKCU\[...]\ClassicStartMenu : {20D04FE0-3AEA-1069-A2D8-08002B30309D} (1) -> FOUND
[HJ] HKCU\[...]\ClassicStartMenu : {645FF040-5081-101B-9F08-00AA002F954E} (1) -> FOUND
¤¤¤ Particular Files / Folders: ¤¤¤
¤¤¤ Driver: [NOT LOADED] ¤¤¤
¤¤¤ Infection : ¤¤¤
¤¤¤ HOSTS File: ¤¤¤
127.0.0.1 localhost

¤¤¤ MBR Check: ¤¤¤
+++++ PhysicalDrive0: TOSHIBA MK1655GSX ATA Device +++++
--- User ---
[MBR] 51285b765106bd65cdefb00e44957e7a
[BSP] a47b25ecd3d5cdee75dbfe1af51495d0 : Windows 7 MBR Code
Partition table:
0 - [XXXXXX] ACER (0x27) [VISIBLE] Offset (sectors): 63 | Size: 12291 Mo
1 - [ACTIVE] NTFS (0x07) [VISIBLE] Offset (sectors): 25173855 | Size: 101 Mo
2 - [XXXXXX] NTFS (0x07) [VISIBLE] Offset (sectors): 25382700 | Size: 140232 Mo
User = LL1 ... OK!
User = LL2 ... OK!
Finished : << RKreport[1].txt >>
RKreport[1].txt


I really appreciate any help you can provide here.

[MrCharlie]

Please run RogueKiller again and click Scan, when the scan is done.....

Click on the Registry Entries tab and put a check next to these and uncheck the rest, then click Delete on the right hand column:

Quote

[BLACKLIST DLL] HKLM\[...]\Run : wiavmg (rundll32.exe "C:\Windows\TEMP\wiavmg.dll",CreateRenderToEnvMap) -> FOUND

[BLACKLIST DLL] HKLM\[...]\Run : apatdm (rundll32.exe "C:\Windows\TEMP\apatdm.dll",GetObjectHandleByName) -> FOUND

[SUSP PATH] HKLM\[...]\Wow6432Node\RunOnce : InnoSetupRegFile.0000000001 ("C:\Windows\is-K9V0O.exe" /REG /REGSVRMODE) -> FOUND

-----------------------------------------

Please make sure system restore is running and create a new restore point before continuing.

Please download and run TDSSKiller to your desktop as outlined below:

Doubleclick on TDSSKiller.exe to run the application, then click on Change parameters.



-------------------------

Check the boxes beside Verify Driver Digital Signature and Detect TDLFS file system, then click OK.



------------------------

Click the Start Scan button.



-----------------------

If a suspicious object is detected, the default action will be Skip, click on Continue
If you get the warning about a file UnsignedFile.Multi.Generic or LockedFile.Multi.Generic please choose
Skip and click on Continue

Any entries like this: \Device\Harddisk0\DR0 ( TDSS File System ) - please choose delete.



----------------------

If malicious objects are found, they will show in the Scan results and offer three (3) options.

Ensure Cure is selected, then click Continue => Reboot now to finish the cleaning process.
Note: If Cure is not available, please choose Skip instead, do not choose Delete unless instructed.





--------------------

A report will be created in your root directory, (usually C:\ folder) in the form of "TDSSKiller.[Version]_[Date]_[Time]_log.txt". Please copy and paste its contents on your next reply.

MrC

[lifethezero]

The only warning was one of the locked file ones you mentioned, I just skipped that. Anyway, here is the tdss log:

08:29:15.0737 6752 TDSS rootkit removing tool 2.7.28.0 Apr 10 2012 16:54:05
08:29:16.0080 6752 ============================================================
08:29:16.0080 6752 Current date / time: 2012/04/18 08:29:16.0080
08:29:16.0080 6752 SystemInfo:
08:29:16.0080 6752
08:29:16.0080 6752 OS Version: 6.1.7601 ServicePack: 1.0
08:29:16.0080 6752 Product type: Workstation
08:29:16.0080 6752 ComputerName: OWNER-PC
08:29:16.0080 6752 UserName: Owner
08:29:16.0080 6752 Windows directory: C:\Windows
08:29:16.0080 6752 System windows directory: C:\Windows
08:29:16.0080 6752 Running under WOW64
08:29:16.0080 6752 Processor architecture: Intel x64
08:29:16.0080 6752 Number of processors: 1
08:29:16.0080 6752 Page size: 0x1000
08:29:16.0080 6752 Boot type: Normal boot
08:29:16.0080 6752 ============================================================
08:29:18.0108 6752 Drive \Device\Harddisk0\DR0 - Size: 0x25433D6000 (149.05 Gb), SectorSize: 0x200, Cylinders: 0x4C01, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000040
08:29:18.0124 6752 \Device\Harddisk0\DR0:
08:29:18.0124 6752 MBR used
08:29:18.0124 6752 \Device\Harddisk0\DR0\Partition0: MBR, Type 0x7, StartLBA 0x1801F5F, BlocksNum 0x32FCD
08:29:18.0124 6752 \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x1834F2C, BlocksNum 0x111E4784
08:29:18.0155 6752 Initialize success
08:29:18.0155 6752 ============================================================
08:30:00.0587 1104 ============================================================
08:30:00.0587 1104 Scan started
08:30:00.0587 1104 Mode: Manual; SigCheck; TDLFS;
08:30:00.0587 1104 ============================================================
08:30:01.0414 1104 1394ohci (a87d604aea360176311474c87a63bb88) C:\Windows\system32\drivers\1394ohci.sys
08:30:01.0679 1104 1394ohci - ok
08:30:01.0835 1104 ACPI (d81d9e70b8a6dd14d42d7b4efa65d5f2) C:\Windows\system32\drivers\ACPI.sys
08:30:01.0866 1104 ACPI - ok
08:30:02.0038 1104 AcpiPmi (99f8e788246d495ce3794d7e7821d2ca) C:\Windows\system32\drivers\acpipmi.sys
08:30:02.0163 1104 AcpiPmi - ok
08:30:02.0334 1104 AdobeFlashPlayerUpdateSvc (0d4c486a24a711a45fd83acdf4d18506) C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
08:30:02.0350 1104 AdobeFlashPlayerUpdateSvc - ok
08:30:02.0506 1104 adp94xx (2f6b34b83843f0c5118b63ac634f5bf4) C:\Windows\system32\DRIVERS\adp94xx.sys
08:30:02.0553 1104 adp94xx - ok
08:30:02.0989 1104 adpahci (597f78224ee9224ea1a13d6350ced962) C:\Windows\system32\DRIVERS\adpahci.sys
08:30:03.0036 1104 adpahci - ok
08:30:03.0161 1104 adpu320 (e109549c90f62fb570b9540c4b148e54) C:\Windows\system32\DRIVERS\adpu320.sys
08:30:03.0192 1104 adpu320 - ok
08:30:03.0301 1104 AeLookupSvc (4b78b431f225fd8624c5655cb1de7b61) C:\Windows\System32\aelupsvc.dll
08:30:03.0473 1104 AeLookupSvc - ok
08:30:03.0613 1104 AFD (1c7857b62de5994a75b054a9fd4c3825) C:\Windows\system32\drivers\afd.sys
08:30:03.0676 1104 AFD - ok
08:30:03.0832 1104 agp440 (608c14dba7299d8cb6ed035a68a15799) C:\Windows\system32\drivers\agp440.sys
08:30:03.0863 1104 agp440 - ok
08:30:03.0972 1104 ALG (3290d6946b5e30e70414990574883ddb) C:\Windows\System32\alg.exe
08:30:04.0035 1104 ALG - ok
08:30:04.0175 1104 aliide (5812713a477a3ad7363c7438ca2ee038) C:\Windows\system32\drivers\aliide.sys
08:30:04.0191 1104 aliide - ok
08:30:04.0300 1104 AMD External Events Utility (f238be4fa4e55eb67f17281fadf69851) C:\Windows\system32\atiesrxx.exe
08:30:04.0456 1104 AMD External Events Utility - ok
08:30:04.0565 1104 amdide (1ff8b4431c353ce385c875f194924c0c) C:\Windows\system32\drivers\amdide.sys
08:30:04.0581 1104 amdide - ok
08:30:04.0705 1104 AmdK8 (7024f087cff1833a806193ef9d22cda9) C:\Windows\system32\DRIVERS\amdk8.sys
08:30:04.0799 1104 AmdK8 - ok
08:30:04.0924 1104 AmdPPM (1e56388b3fe0d031c44144eb8c4d6217) C:\Windows\system32\DRIVERS\amdppm.sys
08:30:05.0002 1104 AmdPPM - ok
08:30:05.0142 1104 amdsata (d4121ae6d0c0e7e13aa221aa57ef2d49) C:\Windows\system32\drivers\amdsata.sys
08:30:05.0158 1104 amdsata - ok
08:30:05.0283 1104 amdsbs (f67f933e79241ed32ff46a4f29b5120b) C:\Windows\system32\DRIVERS\amdsbs.sys
08:30:05.0314 1104 amdsbs - ok
08:30:05.0454 1104 amdxata (540daf1cea6094886d72126fd7c33048) C:\Windows\system32\drivers\amdxata.sys
08:30:05.0485 1104 amdxata - ok
08:30:05.0610 1104 AppID (89a69c3f2f319b43379399547526d952) C:\Windows\system32\drivers\appid.sys
08:30:05.0829 1104 AppID - ok
08:30:05.0953 1104 AppIDSvc (0bc381a15355a3982216f7172f545de1) C:\Windows\System32\appidsvc.dll
08:30:06.0063 1104 AppIDSvc - ok
08:30:06.0203 1104 Appinfo (3977d4a871ca0d4f2ed1e7db46829731) C:\Windows\System32\appinfo.dll
08:30:06.0297 1104 Appinfo - ok
08:30:06.0437 1104 arc (c484f8ceb1717c540242531db7845c4e) C:\Windows\system32\DRIVERS\arc.sys
08:30:06.0484 1104 arc - ok
08:30:06.0593 1104 arcsas (019af6924aefe7839f61c830227fe79c) C:\Windows\system32\DRIVERS\arcsas.sys
08:30:06.0609 1104 arcsas - ok
08:30:06.0733 1104 AsyncMac (769765ce2cc62867468cea93969b2242) C:\Windows\system32\DRIVERS\asyncmac.sys
08:30:06.0827 1104 AsyncMac - ok
08:30:06.0967 1104 atapi (02062c0b390b7729edc9e69c680a6f3c) C:\Windows\system32\drivers\atapi.sys
08:30:06.0983 1104 atapi - ok
08:30:07.0139 1104 athr (0acc06fcf46f64ed4f11e57ee461c1f4) C:\Windows\system32\DRIVERS\athrx.sys
08:30:07.0311 1104 athr - ok
08:30:07.0591 1104 atikmdag (2db9047aac9d981f59ce06d04d70c4d8) C:\Windows\system32\DRIVERS\atikmdag.sys
08:30:07.0857 1104 atikmdag - ok
08:30:08.0044 1104 AtiPcie (7c5d273e29dcc5505469b299c6f29163) C:\Windows\system32\DRIVERS\AtiPcie.sys
08:30:08.0122 1104 AtiPcie - ok
08:30:08.0262 1104 AudioEndpointBuilder (f23fef6d569fce88671949894a8becf1) C:\Windows\System32\Audiosrv.dll
08:30:08.0356 1104 AudioEndpointBuilder - ok
08:30:08.0418 1104 AudioSrv (f23fef6d569fce88671949894a8becf1) C:\Windows\System32\Audiosrv.dll
08:30:08.0481 1104 AudioSrv - ok
08:30:08.0621 1104 AxInstSV (a6bf31a71b409dfa8cac83159e1e2aff) C:\Windows\System32\AxInstSV.dll
08:30:08.0761 1104 AxInstSV - ok
08:30:08.0902 1104 b06bdrv (3e5b191307609f7514148c6832bb0842) C:\Windows\system32\DRIVERS\bxvbda.sys
08:30:08.0980 1104 b06bdrv - ok
08:30:09.0120 1104 b57nd60a (b5ace6968304a3900eeb1ebfd9622df2) C:\Windows\system32\DRIVERS\b57nd60a.sys
08:30:09.0183 1104 b57nd60a - ok
08:30:09.0401 1104 BCM43XX (b44879610f2dc4a046b14befa3ae72de) C:\Windows\system32\DRIVERS\bcmwl664.sys
08:30:09.0495 1104 BCM43XX - ok
08:30:09.0619 1104 BDESVC (fde360167101b4e45a96f939f388aeb0) C:\Windows\System32\bdesvc.dll
08:30:09.0697 1104 BDESVC - ok
08:30:09.0822 1104 Beep (16a47ce2decc9b099349a5f840654746) C:\Windows\system32\drivers\Beep.sys
08:30:09.0885 1104 Beep - ok
08:30:10.0056 1104 BFE (82974d6a2fd19445cc5171fc378668a4) C:\Windows\System32\bfe.dll
08:30:10.0181 1104 BFE - ok
08:30:10.0337 1104 BITS (1ea7969e3271cbc59e1730697dc74682) C:\Windows\system32\qmgr.dll
08:30:10.0415 1104 BITS - ok
08:30:10.0555 1104 blbdrive (61583ee3c3a17003c4acd0475646b4d3) C:\Windows\system32\DRIVERS\blbdrive.sys
08:30:10.0587 1104 blbdrive - ok
08:30:10.0727 1104 bowser (6c02a83164f5cc0a262f4199f0871cf5) C:\Windows\system32\DRIVERS\bowser.sys
08:30:10.0743 1104 bowser - ok
08:30:10.0852 1104 BrFiltLo (f09eee9edc320b5e1501f749fde686c8) C:\Windows\system32\DRIVERS\BrFiltLo.sys
08:30:10.0961 1104 BrFiltLo - ok
08:30:11.0070 1104 BrFiltUp (b114d3098e9bdb8bea8b053685831be6) C:\Windows\system32\DRIVERS\BrFiltUp.sys
08:30:11.0101 1104 BrFiltUp - ok
08:30:11.0226 1104 BridgeMP (5c2f352a4e961d72518261257aae204b) C:\Windows\system32\DRIVERS\bridge.sys
08:30:11.0304 1104 BridgeMP - ok
08:30:11.0445 1104 Browser (8ef0d5c41ec907751b8429162b1239ed) C:\Windows\System32\browser.dll
08:30:11.0554 1104 Browser - ok
08:30:11.0663 1104 Brserid (43bea8d483bf1870f018e2d02e06a5bd) C:\Windows\System32\Drivers\Brserid.sys
08:30:11.0741 1104 Brserid - ok
08:30:11.0850 1104 BrSerWdm (a6eca2151b08a09caceca35c07f05b42) C:\Windows\System32\Drivers\BrSerWdm.sys
08:30:11.0928 1104 BrSerWdm - ok
08:30:12.0037 1104 BrUsbMdm (b79968002c277e869cf38bd22cd61524) C:\Windows\System32\Drivers\BrUsbMdm.sys
08:30:12.0100 1104 BrUsbMdm - ok
08:30:12.0209 1104 BrUsbSer (a87528880231c54e75ea7a44943b38bf) C:\Windows\System32\Drivers\BrUsbSer.sys
08:30:12.0256 1104 BrUsbSer - ok
08:30:12.0412 1104 BTHMODEM (9da669f11d1f894ab4eb69bf546a42e8) C:\Windows\system32\DRIVERS\bthmodem.sys
08:30:12.0459 1104 BTHMODEM - ok
08:30:12.0568 1104 bthserv (95f9c2976059462cbbf227f7aab10de9) C:\Windows\system32\bthserv.dll
08:30:12.0646 1104 bthserv - ok
08:30:12.0771 1104 cdfs (b8bd2bb284668c84865658c77574381a) C:\Windows\system32\DRIVERS\cdfs.sys
08:30:12.0849 1104 cdfs - ok
08:30:12.0989 1104 cdrom (f036ce71586e93d94dab220d7bdf4416) C:\Windows\system32\drivers\cdrom.sys
08:30:13.0051 1104 cdrom - ok
08:30:13.0192 1104 CertPropSvc (f17d1d393bbc69c5322fbfafaca28c7f) C:\Windows\System32\certprop.dll
08:30:13.0285 1104 CertPropSvc - ok
08:30:13.0395 1104 circlass (d7cd5c4e1b71fa62050515314cfb52cf) C:\Windows\system32\DRIVERS\circlass.sys
08:30:13.0441 1104 circlass - ok
08:30:13.0582 1104 CLFS (fe1ec06f2253f691fe36217c592a0206) C:\Windows\system32\CLFS.sys
08:30:13.0613 1104 CLFS - ok
08:30:13.0738 1104 clr_optimization_v2.0.50727_32 (d88040f816fda31c3b466f0fa0918f29) C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
08:30:13.0753 1104 clr_optimization_v2.0.50727_32 - ok
08:30:13.0878 1104 clr_optimization_v2.0.50727_64 (d1ceea2b47cb998321c579651ce3e4f8) C:\Windows\Microsoft.NET\Framework64\v2.0.50727\mscorsvw.exe
08:30:13.0894 1104 clr_optimization_v2.0.50727_64 - ok
08:30:14.0065 1104 clr_optimization_v4.0.30319_32 (c5a75eb48e2344abdc162bda79e16841) C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
08:30:14.0097 1104 clr_optimization_v4.0.30319_32 - ok
08:30:14.0237 1104 clr_optimization_v4.0.30319_64 (c6f9af94dcd58122a4d7e89db6bed29d) C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe
08:30:14.0268 1104 clr_optimization_v4.0.30319_64 - ok
08:30:14.0377 1104 CmBatt (0840155d0bddf1190f84a663c284bd33) C:\Windows\system32\DRIVERS\CmBatt.sys
08:30:14.0409 1104 CmBatt - ok
08:30:14.0533 1104 cmdide (e19d3f095812725d88f9001985b94edd) C:\Windows\system32\drivers\cmdide.sys
08:30:14.0565 1104 cmdide - ok
08:30:14.0658 1104 CNG (c4943b6c962e4b82197542447ad599f4) C:\Windows\system32\Drivers\cng.sys
08:30:14.0705 1104 CNG - ok
08:30:14.0830 1104 Compbatt (102de219c3f61415f964c88e9085ad14) C:\Windows\system32\DRIVERS\compbatt.sys
08:30:14.0845 1104 Compbatt - ok
08:30:14.0986 1104 CompositeBus (03edb043586cceba243d689bdda370a8) C:\Windows\system32\drivers\CompositeBus.sys
08:30:15.0048 1104 CompositeBus - ok
08:30:15.0157 1104 COMSysApp - ok
08:30:15.0189 1104 crcdisk (1c827878a998c18847245fe1f34ee597) C:\Windows\system32\DRIVERS\crcdisk.sys
08:30:15.0220 1104 crcdisk - ok
08:30:15.0376 1104 CryptSvc (15597883fbe9b056f276ada3ad87d9af) C:\Windows\system32\cryptsvc.dll
08:30:15.0516 1104 CryptSvc - ok
08:30:15.0657 1104 DcomLaunch (5c627d1b1138676c0a7ab2c2c190d123) C:\Windows\system32\rpcss.dll
08:30:15.0735 1104 DcomLaunch - ok
08:30:15.0875 1104 defragsvc (3cec7631a84943677aa8fa8ee5b6b43d) C:\Windows\System32\defragsvc.dll
08:30:15.0969 1104 defragsvc - ok
08:30:16.0125 1104 DfsC (9bb2ef44eaa163b29c4a4587887a0fe4) C:\Windows\system32\Drivers\dfsc.sys
08:30:16.0203 1104 DfsC - ok
08:30:16.0359 1104 Dhcp (43d808f5d9e1a18e5eeb5ebc83969e4e) C:\Windows\system32\dhcpcore.dll
08:30:16.0421 1104 Dhcp - ok
08:30:16.0515 1104 discache (13096b05847ec78f0977f2c0f79e9ab3) C:\Windows\system32\drivers\discache.sys
08:30:16.0593 1104 discache - ok
08:30:16.0733 1104 Disk (9819eee8b5ea3784ec4af3b137a5244c) C:\Windows\system32\DRIVERS\disk.sys
08:30:16.0764 1104 Disk - ok
08:30:16.0905 1104 DKbFltr (d5bcb77be83cf99f508943945d46343d) C:\Windows\syswow64\Drivers\DKbFltr.sys
08:30:16.0905 1104 DKbFltr - ok
08:30:17.0045 1104 Dnscache (16835866aaa693c7d7fceba8fff706e4) C:\Windows\System32\dnsrslvr.dll
08:30:17.0139 1104 Dnscache - ok
08:30:17.0263 1104 dot3svc (b1fb3ddca0fdf408750d5843591afbc6) C:\Windows\System32\dot3svc.dll
08:30:17.0357 1104 dot3svc - ok
08:30:17.0497 1104 DPS (b26f4f737e8f9df4f31af6cf31d05820) C:\Windows\system32\dps.dll
08:30:17.0575 1104 DPS - ok
08:30:17.0716 1104 drmkaud (9b19f34400d24df84c858a421c205754) C:\Windows\system32\drivers\drmkaud.sys
08:30:17.0794 1104 drmkaud - ok
08:30:17.0934 1104 DXGKrnl (f5bee30450e18e6b83a5012c100616fd) C:\Windows\System32\drivers\dxgkrnl.sys
08:30:17.0981 1104 DXGKrnl - ok
08:30:18.0090 1104 EapHost (e2dda8726da9cb5b2c4000c9018a9633) C:\Windows\System32\eapsvc.dll
08:30:18.0168 1104 EapHost - ok
08:30:18.0371 1104 ebdrv (dc5d737f51be844d8c82c695eb17372f) C:\Windows\system32\DRIVERS\evbda.sys
08:30:18.0480 1104 ebdrv - ok
08:30:18.0589 1104 EFS (c118a82cd78818c29ab228366ebf81c3) C:\Windows\System32\lsass.exe
08:30:18.0667 1104 EFS - ok
08:30:18.0808 1104 ehRecvr (c4002b6b41975f057d98c439030cea07) C:\Windows\ehome\ehRecvr.exe
08:30:18.0901 1104 ehRecvr - ok
08:30:18.0995 1104 ehSched (4705e8ef9934482c5bb488ce28afc681) C:\Windows\ehome\ehsched.exe
08:30:19.0042 1104 ehSched - ok
08:30:19.0167 1104 elxstor (0e5da5369a0fcaea12456dd852545184) C:\Windows\system32\DRIVERS\elxstor.sys
08:30:19.0213 1104 elxstor - ok
08:30:19.0323 1104 ePowerSvc (8e910f796f5f30281cdd24aba47ddea2) C:\Program Files\Acer\Acer ePower Management\ePowerSvc.exe
08:30:19.0369 1104 ePowerSvc - ok
08:30:19.0479 1104 ErrDev (34a3c54752046e79a126e15c51db409b) C:\Windows\system32\drivers\errdev.sys
08:30:19.0525 1104 ErrDev - ok
08:30:19.0666 1104 EventSystem (4166f82be4d24938977dd1746be9b8a0) C:\Windows\system32\es.dll
08:30:19.0775 1104 EventSystem - ok
08:30:19.0900 1104 exfat (a510c654ec00c1e9bdd91eeb3a59823b) C:\Windows\system32\drivers\exfat.sys
08:30:19.0978 1104 exfat - ok
08:30:20.0103 1104 fastfat (0adc83218b66a6db380c330836f3e36d) C:\Windows\system32\drivers\fastfat.sys
08:30:20.0181 1104 fastfat - ok
08:30:20.0337 1104 Fax (dbefd454f8318a0ef691fdd2eaab44eb) C:\Windows\system32\fxssvc.exe
08:30:20.0415 1104 Fax - ok
08:30:20.0508 1104 fdc (d765d19cd8ef61f650c384f62fac00ab) C:\Windows\system32\DRIVERS\fdc.sys
08:30:20.0571 1104 fdc - ok
08:30:20.0711 1104 fdPHost (0438cab2e03f4fb61455a7956026fe86) C:\Windows\system32\fdPHost.dll
08:30:20.0789 1104 fdPHost - ok
08:30:21.0148 1104 FDResPub (802496cb59a30349f9a6dd22d6947644) C:\Windows\system32\fdrespub.dll
08:30:21.0366 1104 FDResPub - ok
08:30:21.0475 1104 FileInfo (655661be46b5f5f3fd454e2c3095b930) C:\Windows\system32\drivers\fileinfo.sys
08:30:21.0507 1104 FileInfo - ok
08:30:21.0600 1104 Filetrace (5f671ab5bc87eea04ec38a6cd5962a47) C:\Windows\system32\drivers\filetrace.sys
08:30:21.0678 1104 Filetrace - ok
08:30:21.0803 1104 flpydisk (c172a0f53008eaeb8ea33fe10e177af5) C:\Windows\system32\DRIVERS\flpydisk.sys
08:30:21.0850 1104 flpydisk - ok
08:30:21.0975 1104 FltMgr (da6b67270fd9db3697b20fce94950741) C:\Windows\system32\drivers\fltmgr.sys
08:30:22.0006 1104 FltMgr - ok
08:30:22.0131 1104 FontCache (5c4cb4086fb83115b153e47add961a0c) C:\Windows\system32\FntCache.dll
08:30:22.0193 1104 FontCache - ok
08:30:22.0333 1104 FontCache3.0.0.0 (a8b7f3818ab65695e3a0bb3279f6dce6) C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe
08:30:22.0349 1104 FontCache3.0.0.0 - ok
08:30:22.0458 1104 FsDepends (d43703496149971890703b4b1b723eac) C:\Windows\system32\drivers\FsDepends.sys
08:30:22.0474 1104 FsDepends - ok
08:30:22.0599 1104 Fs_Rec (6bd9295cc032dd3077c671fccf579a7b) C:\Windows\system32\drivers\Fs_Rec.sys
08:30:22.0661 1104 Fs_Rec - ok
08:30:22.0833 1104 fvevol (1f7b25b858fa27015169fe95e54108ed) C:\Windows\system32\DRIVERS\fvevol.sys
08:30:22.0848 1104 fvevol - ok
08:30:22.0957 1104 gagp30kx (8c778d335c9d272cfd3298ab02abe3b6) C:\Windows\system32\DRIVERS\gagp30kx.sys
08:30:22.0989 1104 gagp30kx - ok
08:30:23.0098 1104 gpsvc (277bbc7e1aa1ee957f573a10eca7ef3a) C:\Windows\System32\gpsvc.dll
08:30:23.0191 1104 gpsvc - ok
08:30:23.0332 1104 Greg_Service (816fd5a6f3c2f3d600900096632fc60e) C:\Program Files (x86)\Acer\Registration\GregHSRW.exe
08:30:23.0379 1104 Greg_Service - ok
08:30:23.0488 1104 hcw85cir (f2523ef6460fc42405b12248338ab2f0) C:\Windows\system32\drivers\hcw85cir.sys
08:30:23.0535 1104 hcw85cir - ok
08:30:23.0675 1104 HdAudAddService (975761c778e33cd22498059b91e7373a) C:\Windows\system32\drivers\HdAudio.sys
08:30:23.0722 1104 HdAudAddService - ok
08:30:23.0878 1104 HDAudBus (97bfed39b6b79eb12cddbfeed51f56bb) C:\Windows\system32\drivers\HDAudBus.sys
08:30:23.0940 1104 HDAudBus - ok
08:30:24.0065 1104 HidBatt (78e86380454a7b10a5eb255dc44a355f) C:\Windows\system32\DRIVERS\HidBatt.sys
08:30:24.0096 1104 HidBatt - ok
08:30:24.0205 1104 HidBth (7fd2a313f7afe5c4dab14798c48dd104) C:\Windows\system32\DRIVERS\hidbth.sys
08:30:24.0268 1104 HidBth - ok
08:30:24.0393 1104 HidIr (0a77d29f311b88cfae3b13f9c1a73825) C:\Windows\system32\DRIVERS\hidir.sys
08:30:24.0439 1104 HidIr - ok
08:30:24.0549 1104 hidserv (bd9eb3958f213f96b97b1d897dee006d) C:\Windows\System32\hidserv.dll
08:30:24.0627 1104 hidserv - ok
08:30:24.0783 1104 HidUsb (9592090a7e2b61cd582b612b6df70536) C:\Windows\system32\drivers\hidusb.sys
08:30:24.0814 1104 HidUsb - ok
08:30:24.0923 1104 hkmsvc (387e72e739e15e3d37907a86d9ff98e2) C:\Windows\system32\kmsvc.dll
08:30:25.0017 1104 hkmsvc - ok
08:30:25.0157 1104 HomeGroupListener (efdfb3dd38a4376f93e7985173813abd) C:\Windows\system32\ListSvc.dll
08:30:25.0251 1104 HomeGroupListener - ok
08:30:25.0360 1104 HomeGroupProvider (908acb1f594274965a53926b10c81e89) C:\Windows\system32\provsvc.dll
08:30:25.0407 1104 HomeGroupProvider - ok
08:30:25.0563 1104 HpSAMD (39d2abcd392f3d8a6dce7b60ae7b8efc) C:\Windows\system32\drivers\HpSAMD.sys
08:30:25.0578 1104 HpSAMD - ok
08:30:25.0734 1104 HTTP (0ea7de1acb728dd5a369fd742d6eee28) C:\Windows\system32\drivers\HTTP.sys
08:30:25.0828 1104 HTTP - ok
08:30:25.0968 1104 hwpolicy (a5462bd6884960c9dc85ed49d34ff392) C:\Windows\system32\drivers\hwpolicy.sys
08:30:25.0984 1104 hwpolicy - ok
08:30:26.0124 1104 i8042prt (fa55c73d4affa7ee23ac4be53b4592d3) C:\Windows\system32\drivers\i8042prt.sys
08:30:26.0155 1104 i8042prt - ok
08:30:26.0296 1104 iaStorV (aaaf44db3bd0b9d1fb6969b23ecc8366) C:\Windows\system32\drivers\iaStorV.sys
08:30:26.0327 1104 iaStorV - ok
08:30:26.0545 1104 idsvc (5988fc40f8db5b0739cd1e3a5d0d78bd) C:\Windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\infocard.exe
08:30:26.0592 1104 idsvc - ok
08:30:26.0701 1104 iirsp (5c18831c61933628f5bb0ea2675b9d21) C:\Windows\system32\DRIVERS\iirsp.sys
08:30:26.0717 1104 iirsp - ok
08:30:26.0873 1104 IKEEXT (fcd84c381e0140af901e58d48882d26b) C:\Windows\System32\ikeext.dll
08:30:26.0935 1104 IKEEXT - ok
08:30:27.0107 1104 IntcAzAudAddService (0c3cf4b3bae28e121a1689e3538f8712) C:\Windows\system32\drivers\RTKVHD64.sys
08:30:27.0185 1104 IntcAzAudAddService - ok
08:30:27.0279 1104 intelide (f00f20e70c6ec3aa366910083a0518aa) C:\Windows\system32\drivers\intelide.sys
08:30:27.0294 1104 intelide - ok
08:30:27.0419 1104 intelppm (ada036632c664caa754079041cf1f8c1) C:\Windows\system32\DRIVERS\intelppm.sys
08:30:27.0450 1104 intelppm - ok
08:30:27.0591 1104 IPBusEnum (098a91c54546a3b878dad6a7e90a455b) C:\Windows\system32\ipbusenum.dll
08:30:27.0715 1104 IPBusEnum - ok
08:30:27.0840 1104 IpFilterDriver (c9f0e1bd74365a8771590e9008d22ab6) C:\Windows\system32\DRIVERS\ipfltdrv.sys
08:30:27.0918 1104 IpFilterDriver - ok
08:30:28.0105 1104 iphlpsvc (a34a587fffd45fa649fba6d03784d257) C:\Windows\System32\iphlpsvc.dll
08:30:28.0199 1104 iphlpsvc - ok
08:30:28.0339 1104 IPMIDRV (0fc1aea580957aa8817b8f305d18ca3a) C:\Windows\system32\drivers\IPMIDrv.sys
08:30:28.0371 1104 IPMIDRV - ok
08:30:28.0480 1104 IPNAT (af9b39a7e7b6caa203b3862582e9f2d0) C:\Windows\system32\drivers\ipnat.sys
08:30:28.0589 1104 IPNAT - ok
08:30:28.0698 1104 IRENUM (3abf5e7213eb28966d55d58b515d5ce9) C:\Windows\system32\drivers\irenum.sys
08:30:28.0792 1104 IRENUM - ok
08:30:28.0917 1104 isapnp (2f7b28dc3e1183e5eb418df55c204f38) C:\Windows\system32\drivers\isapnp.sys
08:30:28.0948 1104 isapnp - ok
08:30:29.0057 1104 iScsiPrt (d931d7309deb2317035b07c9f9e6b0bd) C:\Windows\system32\drivers\msiscsi.sys
08:30:29.0088 1104 iScsiPrt - ok
08:30:29.0229 1104 kbdclass (bc02336f1cba7dcc7d1213bb588a68a5) C:\Windows\system32\drivers\kbdclass.sys
08:30:29.0244 1104 kbdclass - ok
08:30:29.0369 1104 kbdhid (0705eff5b42a9db58548eec3b26bb484) C:\Windows\system32\drivers\kbdhid.sys
08:30:29.0431 1104 kbdhid - ok
08:30:29.0556 1104 KeyIso (c118a82cd78818c29ab228366ebf81c3) C:\Windows\system32\lsass.exe
08:30:29.0572 1104 KeyIso - ok
08:30:29.0681 1104 KSecDD (da1e991a61cfdd755a589e206b97644b) C:\Windows\system32\Drivers\ksecdd.sys
08:30:29.0697 1104 KSecDD - ok
08:30:29.0821 1104 KSecPkg (7e33198d956943a4f11a5474c1e9106f) C:\Windows\system32\Drivers\ksecpkg.sys
08:30:29.0853 1104 KSecPkg - ok
08:30:29.0962 1104 ksthunk (6869281e78cb31a43e969f06b57347c4) C:\Windows\system32\drivers\ksthunk.sys
08:30:30.0055 1104 ksthunk - ok
08:30:30.0180 1104 KtmRm (6ab66e16aa859232f64deb66887a8c9c) C:\Windows\system32\msdtckrm.dll
08:30:30.0305 1104 KtmRm - ok
08:30:30.0430 1104 L1C (9c46a5421de9d116c47155317cabb522) C:\Windows\system32\DRIVERS\L1C62x64.sys
08:30:30.0508 1104 L1C - ok
08:30:30.0633 1104 LanmanServer (d9f42719019740baa6d1c6d536cbdaa6) C:\Windows\System32\srvsvc.dll
08:30:30.0757 1104 LanmanServer - ok
08:30:30.0882 1104 LanmanWorkstation (851a1382eed3e3a7476db004f4ee3e1a) C:\Windows\System32\wkssvc.dll
08:30:30.0960 1104 LanmanWorkstation - ok
08:30:31.0116 1104 lltdio (1538831cf8ad2979a04c423779465827) C:\Windows\system32\DRIVERS\lltdio.sys
08:30:31.0194 1104 lltdio - ok
08:30:31.0335 1104 lltdsvc (c1185803384ab3feed115f79f109427f) C:\Windows\System32\lltdsvc.dll
08:30:31.0428 1104 lltdsvc - ok
08:30:31.0537 1104 lmhosts (f993a32249b66c9d622ea5592a8b76b8) C:\Windows\System32\lmhsvc.dll
08:30:31.0615 1104 lmhosts - ok
08:30:31.0740 1104 LSI_FC (1a93e54eb0ece102495a51266dcdb6a6) C:\Windows\system32\DRIVERS\lsi_fc.sys
08:30:31.0756 1104 LSI_FC - ok
08:30:31.0865 1104 LSI_SAS (1047184a9fdc8bdbff857175875ee810) C:\Windows\system32\DRIVERS\lsi_sas.sys
08:30:31.0896 1104 LSI_SAS - ok
08:30:32.0021 1104 LSI_SAS2 (30f5c0de1ee8b5bc9306c1f0e4a75f93) C:\Windows\system32\DRIVERS\lsi_sas2.sys
08:30:32.0037 1104 LSI_SAS2 - ok
08:30:32.0161 1104 LSI_SCSI (0504eacaff0d3c8aed161c4b0d369d4a) C:\Windows\system32\DRIVERS\lsi_scsi.sys
08:30:32.0177 1104 LSI_SCSI - ok
08:30:32.0302 1104 luafv (43d0f98e1d56ccddb0d5254cff7b356e) C:\Windows\system32\drivers\luafv.sys
08:30:32.0364 1104 luafv - ok
08:30:32.0427 1104 McShield - ok
08:30:32.0473 1104 McSysmon - ok
08:30:32.0598 1104 Mcx2Svc (0be09cd858abf9df6ed259d57a1a1663) C:\Windows\system32\Mcx2Svc.dll
08:30:32.0645 1104 Mcx2Svc - ok
08:30:32.0754 1104 megasas (a55805f747c6edb6a9080d7c633bd0f4) C:\Windows\system32\DRIVERS\megasas.sys
08:30:32.0785 1104 megasas - ok
08:30:32.0941 1104 MegaSR (baf74ce0072480c3b6b7c13b2a94d6b3) C:\Windows\system32\DRIVERS\MegaSR.sys
08:30:32.0973 1104 MegaSR - ok
08:30:33.0097 1104 MMCSS (e40e80d0304a73e8d269f7141d77250b) C:\Windows\system32\mmcss.dll
08:30:33.0175 1104 MMCSS - ok
08:30:33.0285 1104 Modem (800ba92f7010378b09f9ed9270f07137) C:\Windows\system32\drivers\modem.sys
08:30:33.0394 1104 Modem - ok
08:30:33.0519 1104 monitor (b03d591dc7da45ece20b3b467e6aadaa) C:\Windows\system32\DRIVERS\monitor.sys
08:30:33.0565 1104 monitor - ok
08:30:33.0706 1104 mouclass (7d27ea49f3c1f687d357e77a470aea99) C:\Windows\system32\drivers\mouclass.sys
08:30:33.0737 1104 mouclass - ok
08:30:33.0862 1104 mouhid (d3bf052c40b0c4166d9fd86a4288c1e6) C:\Windows\system32\DRIVERS\mouhid.sys
08:30:33.0909 1104 mouhid - ok
08:30:34.0033 1104 mountmgr (32e7a3d591d671a6df2db515a5cbe0fa) C:\Windows\system32\drivers\mountmgr.sys
08:30:34.0065 1104 mountmgr - ok
08:30:34.0174 1104 mpio (a44b420d30bd56e145d6a2bc8768ec58) C:\Windows\system32\drivers\mpio.sys
08:30:34.0205 1104 mpio - ok
08:30:34.0314 1104 mpsdrv (6c38c9e45ae0ea2fa5e551f2ed5e978f) C:\Windows\system32\drivers\mpsdrv.sys
08:30:34.0377 1104 mpsdrv - ok
08:30:34.0564 1104 MpsSvc (54ffc9c8898113ace189d4aa7199d2c1) C:\Windows\system32\mpssvc.dll
08:30:34.0657 1104 MpsSvc - ok
08:30:34.0798 1104 MRxDAV (dc722758b8261e1abafd31a3c0a66380) C:\Windows\system32\drivers\mrxdav.sys
08:30:34.0860 1104 MRxDAV - ok
08:30:34.0985 1104 mrxsmb (a5d9106a73dc88564c825d317cac68ac) C:\Windows\system32\DRIVERS\mrxsmb.sys
08:30:35.0047 1104 mrxsmb - ok
08:30:35.0172 1104 mrxsmb10 (d711b3c1d5f42c0c2415687be09fc163) C:\Windows\system32\DRIVERS\mrxsmb10.sys
08:30:35.0235 1104 mrxsmb10 - ok
08:30:35.0359 1104 mrxsmb20 (9423e9d355c8d303e76b8cfbd8a5c30c) C:\Windows\system32\DRIVERS\mrxsmb20.sys
08:30:35.0391 1104 mrxsmb20 - ok
08:30:35.0500 1104 msahci (c25f0bafa182cbca2dd3c851c2e75796) C:\Windows\system32\drivers\msahci.sys
08:30:35.0515 1104 msahci - ok
08:30:35.0656 1104 msdsm (db801a638d011b9633829eb6f663c900) C:\Windows\system32\drivers\msdsm.sys
08:30:35.0687 1104 msdsm - ok
08:30:35.0812 1104 MSDTC (de0ece52236cfa3ed2dbfc03f28253a8) C:\Windows\System32\msdtc.exe
08:30:35.0843 1104 MSDTC - ok
08:30:35.0968 1104 Msfs (aa3fb40e17ce1388fa1bedab50ea8f96) C:\Windows\system32\drivers\Msfs.sys
08:30:36.0015 1104 Msfs - ok
08:30:36.0124 1104 mshidkmdf (f9d215a46a8b9753f61767fa72a20326) C:\Windows\System32\drivers\mshidkmdf.sys
08:30:36.0202 1104 mshidkmdf - ok
08:30:36.0342 1104 msisadrv (d916874bbd4f8b07bfb7fa9b3ccae29d) C:\Windows\system32\drivers\msisadrv.sys
08:30:36.0358 1104 msisadrv - ok
08:30:36.0467 1104 MSiSCSI (808e98ff49b155c522e6400953177b08) C:\Windows\system32\iscsiexe.dll
08:30:36.0529 1104 MSiSCSI - ok
08:30:36.0623 1104 msiserver - ok
08:30:36.0748 1104 MSKSSRV (49ccf2c4fea34ffad8b1b59d49439366) C:\Windows\system32\drivers\MSKSSRV.sys
08:30:36.0857 1104 MSKSSRV - ok
08:30:36.0982 1104 MSPCLOCK (bdd71ace35a232104ddd349ee70e1ab3) C:\Windows\system32\drivers\MSPCLOCK.sys
08:30:37.0060 1104 MSPCLOCK - ok
08:30:37.0185 1104 MSPQM (4ed981241db27c3383d72092b618a1d0) C:\Windows\system32\drivers\MSPQM.sys
08:30:37.0278 1104 MSPQM - ok
08:30:37.0419 1104 MsRPC (759a9eeb0fa9ed79da1fb7d4ef78866d) C:\Windows\system32\drivers\MsRPC.sys
08:30:37.0450 1104 MsRPC - ok
08:30:37.0590 1104 mssmbios (0eed230e37515a0eaee3c2e1bc97b288) C:\Windows\system32\drivers\mssmbios.sys
08:30:37.0621 1104 mssmbios - ok
08:30:37.0746 1104 MSTEE (2e66f9ecb30b4221a318c92ac2250779) C:\Windows\system32\drivers\MSTEE.sys
08:30:37.0824 1104 MSTEE - ok
08:30:37.0949 1104 MTConfig (7ea404308934e675bffde8edf0757bcd) C:\Windows\system32\DRIVERS\MTConfig.sys
08:30:37.0965 1104 MTConfig - ok
08:30:38.0058 1104 Mup (f9a18612fd3526fe473c1bda678d61c8) C:\Windows\system32\Drivers\mup.sys
08:30:38.0105 1104 Mup - ok
08:30:38.0152 1104 mwlPSDFilter (6ffecc25b39dc7652a0cec0ada9db589) C:\Windows\system32\DRIVERS\mwlPSDFilter.sys
08:30:38.0167 1104 mwlPSDFilter - ok
08:30:38.0277 1104 mwlPSDNServ (0befe32ca56d6ee89d58175725596a85) C:\Windows\system32\DRIVERS\mwlPSDNServ.sys
08:30:38.0292 1104 mwlPSDNServ - ok
08:30:38.0417 1104 mwlPSDVDisk (d43bc633b8660463e446e28e14a51262) C:\Windows\system32\DRIVERS\mwlPSDVDisk.sys
08:30:38.0448 1104 mwlPSDVDisk - ok
08:30:38.0589 1104 MWLService (2f139207f618ec2933830227eeffddb4) C:\Program Files (x86)\EgisTec\MyWinLocker 3\x86\\MWLService.exe
08:30:38.0620 1104 MWLService - ok
08:30:38.0760 1104 napagent (582ac6d9873e31dfa28a4547270862dd) C:\Windows\system32\qagentRT.dll
08:30:38.0854 1104 napagent - ok
08:30:39.0010 1104 NativeWifiP (1ea3749c4114db3e3161156ffffa6b33) C:\Windows\system32\DRIVERS\nwifi.sys
08:30:39.0072 1104 NativeWifiP - ok
08:30:39.0244 1104 NDIS (79b47fd40d9a817e932f9d26fac0a81c) C:\Windows\system32\drivers\ndis.sys
08:30:39.0275 1104 NDIS - ok
08:30:39.0400 1104 NdisCap (9f9a1f53aad7da4d6fef5bb73ab811ac) C:\Windows\system32\DRIVERS\ndiscap.sys
08:30:39.0478 1104 NdisCap - ok
08:30:39.0587 1104 NdisTapi (30639c932d9fef22b31268fe25a1b6e5) C:\Windows\system32\DRIVERS\ndistapi.sys
08:30:39.0649 1104 NdisTapi - ok
08:30:39.0790 1104 Ndisuio (136185f9fb2cc61e573e676aa5402356) C:\Windows\system32\DRIVERS\ndisuio.sys
08:30:39.0868 1104 Ndisuio - ok
08:30:40.0008 1104 NdisWan (53f7305169863f0a2bddc49e116c2e11) C:\Windows\system32\DRIVERS\ndiswan.sys
08:30:40.0086 1104 NdisWan - ok
08:30:40.0227 1104 NDProxy (015c0d8e0e0421b4cfd48cffe2825879) C:\Windows\system32\drivers\NDProxy.sys
08:30:40.0289 1104 NDProxy - ok
08:30:40.0414 1104 NetBIOS (86743d9f5d2b1048062b14b1d84501c4) C:\Windows\system32\DRIVERS\netbios.sys
08:30:40.0476 1104 NetBIOS - ok
08:30:40.0617 1104 NetBT (09594d1089c523423b32a4229263f068) C:\Windows\system32\DRIVERS\netbt.sys
08:30:40.0710 1104 NetBT - ok
08:30:40.0835 1104 Netlogon (c118a82cd78818c29ab228366ebf81c3) C:\Windows\system32\lsass.exe
08:30:40.0851 1104 Netlogon - ok
08:30:40.0975 1104 Netman (847d3ae376c0817161a14a82c8922a9e) C:\Windows\System32\netman.dll
08:30:41.0053 1104 Netman - ok
08:30:41.0178 1104 netprofm (5f28111c648f1e24f7dbc87cdeb091b8) C:\Windows\System32\netprofm.dll
08:30:41.0287 1104 netprofm - ok
08:30:41.0412 1104 NetTcpPortSharing (3e5a36127e201ddf663176b66828fafe) C:\Windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\SMSvcHost.exe
08:30:41.0428 1104 NetTcpPortSharing - ok
08:30:41.0553 1104 nfrd960 (77889813be4d166cdab78ddba990da92) C:\Windows\system32\DRIVERS\nfrd960.sys
08:30:41.0584 1104 nfrd960 - ok
08:30:41.0724 1104 NlaSvc (1ee99a89cc788ada662441d1e9830529) C:\Windows\System32\nlasvc.dll
08:30:41.0818 1104 NlaSvc - ok
08:30:41.0927 1104 Npfs (1e4c4ab5c9b8dd13179bbdc75a2a01f7) C:\Windows\system32\drivers\Npfs.sys
08:30:42.0021 1104 Npfs - ok
08:30:42.0130 1104 nsi (d54bfdf3e0c953f823b3d0bfe4732528) C:\Windows\system32\nsisvc.dll
08:30:42.0192 1104 nsi - ok
08:30:42.0301 1104 nsiproxy (e7f5ae18af4168178a642a9247c63001) C:\Windows\system32\drivers\nsiproxy.sys
08:30:42.0379 1104 nsiproxy - ok
08:30:42.0567 1104 Ntfs (a2f74975097f52a00745f9637451fdd8) C:\Windows\system32\drivers\Ntfs.sys
08:30:42.0629 1104 Ntfs - ok
08:30:42.0723 1104 NTIBackupSvc (fd324cce1d4d5bb5af65f8e55b462c7e) C:\Program Files (x86)\NewTech Infosystems\NTI Backup Now 5\BackupSvc.exe
08:30:42.0769 1104 NTIBackupSvc - ok
08:30:42.0894 1104 NTIDrvr (64ddd0dee976302f4bd93e5efcc2f013) C:\Windows\system32\drivers\NTIDrvr.sys
08:30:42.0910 1104 NTIDrvr - ok
08:30:43.0035 1104 NTISchedulerSvc (3f6268a2ec33cd38cf75c880af8ded42) C:\Program Files (x86)\NewTech Infosystems\NTI Backup Now 5\SchedulerSvc.exe
08:30:43.0081 1104 NTISchedulerSvc - ok
08:30:43.0222 1104 Null (9899284589f75fa8724ff3d16aed75c1) C:\Windows\system32\drivers\Null.sys
08:30:43.0284 1104 Null - ok
08:30:43.0425 1104 nvraid (0a92cb65770442ed0dc44834632f66ad) C:\Windows\system32\drivers\nvraid.sys
08:30:43.0471 1104 nvraid - ok
08:30:43.0596 1104 nvstor (dab0e87525c10052bf65f06152f37e4a) C:\Windows\system32\drivers\nvstor.sys
08:30:43.0612 1104 nvstor - ok
08:30:43.0752 1104 nv_agp (270d7cd42d6e3979f6dd0146650f0e05) C:\Windows\system32\drivers\nv_agp.sys
08:30:43.0768 1104 nv_agp - ok
08:30:43.0908 1104 odserv (785f487a64950f3cb8e9f16253ba3b7b) C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE12\ODSERV.EXE
08:30:43.0955 1104 odserv - ok
08:30:44.0064 1104 ohci1394 (3589478e4b22ce21b41fa1bfc0b8b8a0) C:\Windows\system32\drivers\ohci1394.sys
08:30:44.0127 1104 ohci1394 - ok
08:30:44.0251 1104 ose (5a432a042dae460abe7199b758e8606c) C:\Program Files (x86)\Common Files\Microsoft Shared\Source Engine\OSE.EXE
08:30:44.0267 1104 ose - ok
08:30:44.0392 1104 p2pimsvc (3eac4455472cc2c97107b5291e0dcafe) C:\Windows\system32\pnrpsvc.dll
08:30:44.0454 1104 p2pimsvc - ok
08:30:44.0579 1104 p2psvc (927463ecb02179f88e4b9a17568c63c3) C:\Windows\system32\p2psvc.dll
08:30:44.0610 1104 p2psvc - ok
08:30:44.0704 1104 Parport (0086431c29c35be1dbc43f52cc273887) C:\Windows\system32\DRIVERS\parport.sys
08:30:44.0719 1104 Parport - ok
08:30:44.0844 1104 partmgr (871eadac56b0a4c6512bbe32753ccf79) C:\Windows\system32\drivers\partmgr.sys
08:30:44.0891 1104 partmgr - ok
08:30:45.0000 1104 PcaSvc (3aeaa8b561e63452c655dc0584922257) C:\Windows\System32\pcasvc.dll
08:30:45.0047 1104 PcaSvc - ok
08:30:45.0187 1104 pci (94575c0571d1462a0f70bde6bd6ee6b3) C:\Windows\system32\drivers\pci.sys
08:30:45.0203 1104 pci - ok
08:30:45.0328 1104 pciide (b5b8b5ef2e5cb34df8dcf8831e3534fa) C:\Windows\system32\drivers\pciide.sys
08:30:45.0359 1104 pciide - ok
08:30:45.0468 1104 pcmcia (b2e81d4e87ce48589f98cb8c05b01f2f) C:\Windows\system32\DRIVERS\pcmcia.sys
08:30:45.0499 1104 pcmcia - ok
08:30:45.0593 1104 pcw (d6b9c2e1a11a3a4b26a182ffef18f603) C:\Windows\system32\drivers\pcw.sys
08:30:45.0624 1104 pcw - ok
08:30:45.0765 1104 PEAUTH (68769c3356b3be5d1c732c97b9a80d6e) C:\Windows\system32\drivers\peauth.sys
08:30:45.0874 1104 PEAUTH - ok
08:30:45.0983 1104 PerfHost (e495e408c93141e8fc72dc0c6046ddfa) C:\Windows\SysWow64\perfhost.exe
08:30:46.0030 1104 PerfHost - ok
08:30:46.0217 1104 pla (c7cf6a6e137463219e1259e3f0f0dd6c) C:\Windows\system32\pla.dll
08:30:46.0326 1104 pla - ok
08:30:46.0482 1104 PlugPlay (25fbdef06c4d92815b353f6e792c8129) C:\Windows\system32\umpnpmgr.dll
08:30:46.0560 1104 PlugPlay - ok
08:30:46.0685 1104 PNRPAutoReg (7195581cec9bb7d12abe54036acc2e38) C:\Windows\system32\pnrpauto.dll
08:30:46.0716 1104 PNRPAutoReg - ok
08:30:46.0872 1104 PNRPsvc (3eac4455472cc2c97107b5291e0dcafe) C:\Windows\system32\pnrpsvc.dll
08:30:46.0888 1104 PNRPsvc - ok
08:30:47.0013 1104 PolicyAgent (4f15d75adf6156bf56eced6d4a55c389) C:\Windows\System32\ipsecsvc.dll
08:30:47.0106 1104 PolicyAgent - ok
08:30:47.0231 1104 Power (6ba9d927dded70bd1a9caded45f8b184) C:\Windows\system32\umpo.dll
08:30:47.0356 1104 Power - ok
08:30:47.0496 1104 PptpMiniport (f92a2c41117a11a00be01ca01a7fcde9) C:\Windows\system32\DRIVERS\raspptp.sys
08:30:47.0574 1104 PptpMiniport - ok
08:30:47.0699 1104 Processor (0d922e23c041efb1c3fac2a6f943c9bf) C:\Windows\system32\DRIVERS\processr.sys
08:30:47.0746 1104 Processor - ok
08:30:47.0886 1104 ProfSvc (5c78838b4d166d1a27db3a8a820c799a) C:\Windows\system32\profsvc.dll
08:30:47.0964 1104 ProfSvc - ok
08:30:48.0089 1104 ProtectedStorage (c118a82cd78818c29ab228366ebf81c3) C:\Windows\system32\lsass.exe
08:30:48.0120 1104 ProtectedStorage - ok
08:30:48.0245 1104 Psched (0557cf5a2556bd58e26384169d72438d) C:\Windows\system32\DRIVERS\pacer.sys
08:30:48.0323 1104 Psched - ok
08:30:48.0495 1104 ql2300 (a53a15a11ebfd21077463ee2c7afeef0) C:\Windows\system32\DRIVERS\ql2300.sys
08:30:48.0557 1104 ql2300 - ok
08:30:48.0666 1104 ql40xx (4f6d12b51de1aaeff7dc58c4d75423c8) C:\Windows\system32\DRIVERS\ql40xx.sys
08:30:48.0682 1104 ql40xx - ok
08:30:48.0791 1104 QWAVE (906191634e99aea92c4816150bda3732) C:\Windows\system32\qwave.dll
08:30:48.0822 1104 QWAVE - ok
08:30:48.0931 1104 QWAVEdrv (76707bb36430888d9ce9d705398adb6c) C:\Windows\system32\drivers\qwavedrv.sys
08:30:48.0994 1104 QWAVEdrv - ok
08:30:49.0103 1104 RasAcd (5a0da8ad5762fa2d91678a8a01311704) C:\Windows\system32\DRIVERS\rasacd.sys
08:30:49.0165 1104 RasAcd - ok
08:30:49.0306 1104 RasAgileVpn (7ecff9b22276b73f43a99a15a6094e90) C:\Windows\system32\DRIVERS\AgileVpn.sys
08:30:49.0384 1104 RasAgileVpn - ok
08:30:49.0477 1104 RasAuto (8f26510c5383b8dbe976de1cd00fc8c7) C:\Windows\System32\rasauto.dll
08:30:49.0571 1104 RasAuto - ok
08:30:49.0711 1104 Rasl2tp (471815800ae33e6f1c32fb1b97c490ca) C:\Windows\system32\DRIVERS\rasl2tp.sys
08:30:49.0789 1104 Rasl2tp - ok
08:30:49.0914 1104 RasMan (ee867a0870fc9e4972ba9eaad35651e2) C:\Windows\System32\rasmans.dll
08:30:50.0008 1104 RasMan - ok
08:30:50.0133 1104 RasPppoe (855c9b1cd4756c5e9a2aa58a15f58c25) C:\Windows\system32\DRIVERS\raspppoe.sys
08:30:50.0226 1104 RasPppoe - ok
08:30:50.0335 1104 RasSstp (e8b1e447b008d07ff47d016c2b0eeecb) C:\Windows\system32\DRIVERS\rassstp.sys
08:30:50.0429 1104 RasSstp - ok
08:30:50.0569 1104 rdbss (77f665941019a1594d887a74f301fa2f) C:\Windows\system32\DRIVERS\rdbss.sys
08:30:50.0679 1104 rdbss - ok
08:30:50.0788 1104 rdpbus (302da2a0539f2cf54d7c6cc30c1f2d8d) C:\Windows\system32\DRIVERS\rdpbus.sys
08:30:50.0835 1104 rdpbus - ok
08:30:50.0959 1104 RDPCDD (cea6cc257fc9b7715f1c2b4849286d24) C:\Windows\system32\DRIVERS\RDPCDD.sys
08:30:51.0037 1104 RDPCDD - ok
08:30:51.0162 1104 RDPENCDD (bb5971a4f00659529a5c44831af22365) C:\Windows\system32\drivers\rdpencdd.sys
08:30:51.0271 1104 RDPENCDD - ok
08:30:51.0381 1104 RDPREFMP (216f3fa57533d98e1f74ded70113177a) C:\Windows\system32\drivers\rdprefmp.sys
08:30:51.0443 1104 RDPREFMP - ok
08:30:51.0568 1104 RDPWD (6d76e6433574b058adcb0c50df834492) C:\Windows\system32\drivers\RDPWD.sys
08:30:51.0661 1104 RDPWD - ok
08:30:51.0817 1104 rdyboost (34ed295fa0121c241bfef24764fc4520) C:\Windows\system32\drivers\rdyboost.sys
08:30:51.0833 1104 rdyboost - ok
08:30:51.0942 1104 RemoteAccess (254fb7a22d74e5511c73a3f6d802f192) C:\Windows\System32\mprdim.dll
08:30:52.0036 1104 RemoteAccess - ok
08:30:52.0145 1104 RemoteRegistry (e4d94f24081440b5fc5aa556c7c62702) C:\Windows\system32\regsvc.dll
08:30:52.0254 1104 RemoteRegistry - ok
08:30:52.0379 1104 RimUsb (5790bca445cc40df8b38c2c48608aac2) C:\Windows\system32\Drivers\RimUsb_AMD64.sys
08:30:52.0441 1104 RimUsb - ok
08:30:52.0551 1104 RpcEptMapper (e4dc58cf7b3ea515ae917ff0d402a7bb) C:\Windows\System32\RpcEpMap.dll
08:30:52.0660 1104 RpcEptMapper - ok
08:30:52.0769 1104 RpcLocator (d5ba242d4cf8e384db90e6a8ed850b8c) C:\Windows\system32\locator.exe
08:30:52.0816 1104 RpcLocator - ok
08:30:52.0956 1104 RpcSs (5c627d1b1138676c0a7ab2c2c190d123) C:\Windows\system32\rpcss.dll
08:30:53.0019 1104 RpcSs - ok
08:30:53.0143 1104 rspndr (ddc86e4f8e7456261e637e3552e804ff) C:\Windows\system32\DRIVERS\rspndr.sys
08:30:53.0221 1104 rspndr - ok
08:30:53.0362 1104 RSUSBSTOR (e220d85daaa8318736f9b6b92f109146) C:\Windows\system32\Drivers\RtsUStor.sys
08:30:53.0377 1104 RSUSBSTOR - ok
08:30:53.0487 1104 RtsUIR - ok
08:30:53.0549 1104 SamSs (c118a82cd78818c29ab228366ebf81c3) C:\Windows\system32\lsass.exe
08:30:53.0580 1104 SamSs - ok
08:30:53.0705 1104 sbp2port (ac03af3329579fffb455aa2daabbe22b) C:\Windows\system32\drivers\sbp2port.sys
08:30:53.0721 1104 sbp2port - ok
08:30:53.0845 1104 SBSDWSCService (794d4b48dfb6e999537c7c3947863463) C:\Program Files (x86)\Spybot - Search & Destroy\SDWinSec.exe
08:30:53.0892 1104 SBSDWSCService - ok
08:30:54.0001 1104 SCardSvr (9b7395789e3791a3b6d000fe6f8b131e) C:\Windows\System32\SCardSvr.dll
08:30:54.0064 1104 SCardSvr - ok
08:30:54.0189 1104 scfilter (253f38d0d7074c02ff8deb9836c97d2b) C:\Windows\system32\DRIVERS\scfilter.sys
08:30:54.0267 1104 scfilter - ok
08:30:54.0438 1104 Schedule (262f6592c3299c005fd6bec90fc4463a) C:\Windows\system32\schedsvc.dll
08:30:54.0547 1104 Schedule - ok
08:30:54.0688 1104 SCPolicySvc (f17d1d393bbc69c5322fbfafaca28c7f) C:\Windows\System32\certprop.dll
08:30:54.0750 1104 SCPolicySvc - ok
08:30:54.0875 1104 SDRSVC (6ea4234dc55346e0709560fe7c2c1972) C:\Windows\System32\SDRSVC.dll
08:30:54.0953 1104 SDRSVC - ok
08:30:55.0062 1104 secdrv (3ea8a16169c26afbeb544e0e48421186) C:\Windows\system32\drivers\secdrv.sys
08:30:55.0140 1104 secdrv - ok
08:30:55.0296 1104 seclogon (bc617a4e1b4fa8df523a061739a0bd87) C:\Windows\system32\seclogon.dll
08:30:55.0359 1104 seclogon - ok
08:30:55.0452 1104 SENS (c32ab8fa018ef34c0f113bd501436d21) C:\Windows\system32\sens.dll
08:30:55.0499 1104 SENS - ok
08:30:55.0608 1104 SensrSvc (0336cffafaab87a11541f1cf1594b2b2) C:\Windows\system32\sensrsvc.dll
08:30:55.0686 1104 SensrSvc - ok
08:30:55.0811 1104 Serenum (cb624c0035412af0debec78c41f5ca1b) C:\Windows\system32\DRIVERS\serenum.sys
08:30:55.0858 1104 Serenum - ok
08:30:55.0983 1104 Serial (c1d8e28b2c2adfaec4ba89e9fda69bd6) C:\Windows\system32\DRIVERS\serial.sys
08:30:55.0998 1104 Serial - ok
08:30:56.0123 1104 sermouse (1c545a7d0691cc4a027396535691c3e3) C:\Windows\system32\DRIVERS\sermouse.sys
08:30:56.0154 1104 sermouse - ok
08:30:56.0295 1104 SessionEnv (0b6231bf38174a1628c4ac812cc75804) C:\Windows\system32\sessenv.dll
08:30:56.0373 1104 SessionEnv - ok
08:30:56.0497 1104 sffdisk (a554811bcd09279536440c964ae35bbf) C:\Windows\system32\drivers\sffdisk.sys
08:30:56.0560 1104 sffdisk - ok
08:30:56.0685 1104 sffp_mmc (ff414f0baefeba59bc6c04b3db0b87bf) C:\Windows\system32\drivers\sffp_mmc.sys
08:30:56.0747 1104 sffp_mmc - ok
08:30:56.0887 1104 sffp_sd (dd85b78243a19b59f0637dcf284da63c) C:\Windows\system32\drivers\sffp_sd.sys
08:30:56.0950 1104 sffp_sd - ok
08:30:57.0075 1104 sfloppy (a9d601643a1647211a1ee2ec4e433ff4) C:\Windows\system32\DRIVERS\sfloppy.sys
08:30:57.0106 1104 sfloppy - ok
08:30:57.0262 1104 SharedAccess (b95f6501a2f8b2e78c697fec401970ce) C:\Windows\System32\ipnathlp.dll
08:30:57.0340 1104 SharedAccess - ok
08:30:57.0480 1104 ShellHWDetection (aaf932b4011d14052955d4b212a4da8d) C:\Windows\System32\shsvcs.dll
08:30:57.0574 1104 ShellHWDetection - ok
08:30:57.0699 1104 SiSRaid2 (843caf1e5fde1ffd5ff768f23a51e2e1) C:\Windows\system32\DRIVERS\SiSRaid2.sys
08:30:57.0714 1104 SiSRaid2 - ok
08:30:57.0823 1104 SiSRaid4 (6a6c106d42e9ffff8b9fcb4f754f6da4) C:\Windows\system32\DRIVERS\sisraid4.sys
08:30:57.0870 1104 SiSRaid4 - ok
08:30:57.0995 1104 Smb (548260a7b8654e024dc30bf8a7c5baa4) C:\Windows\system32\DRIVERS\smb.sys
08:30:58.0057 1104 Smb - ok
08:30:58.0198 1104 SNMPTRAP (6313f223e817cc09aa41811daa7f541d) C:\Windows\System32\snmptrap.exe
08:30:58.0229 1104 SNMPTRAP - ok
08:30:58.0369 1104 spldr (b9e31e5cacdfe584f34f730a677803f9) C:\Windows\system32\drivers\spldr.sys
08:30:58.0401 1104 spldr - ok
08:30:58.0525 1104 Spooler (b96c17b5dc1424d56eea3a99e97428cd) C:\Windows\System32\spoolsv.exe
08:30:58.0588 1104 Spooler - ok
08:30:58.0822 1104 sppsvc (e17e0188bb90fae42d83e98707efa59c) C:\Windows\system32\sppsvc.exe
08:30:59.0025 1104 sppsvc - ok
08:30:59.0134 1104 sppuinotify (93d7d61317f3d4bc4f4e9f8a96a7de45) C:\Windows\system32\sppuinotify.dll
08:30:59.0227 1104 sppuinotify - ok
08:30:59.0368 1104 sptd (602884696850c86434530790b110e8eb) C:\Windows\system32\Drivers\sptd.sys
08:30:59.0368 1104 Suspicious file (NoAccess): C:\Windows\system32\Drivers\sptd.sys. md5: 602884696850c86434530790b110e8eb
08:30:59.0368 1104 sptd ( LockedFile.Multi.Generic ) - warning
08:30:59.0368 1104 sptd - detected LockedFile.Multi.Generic (1)
08:30:59.0508 1104 srv (441fba48bff01fdb9d5969ebc1838f0b) C:\Windows\system32\DRIVERS\srv.sys
08:30:59.0571 1104 srv - ok
08:30:59.0727 1104 srv2 (b4adebbf5e3677cce9651e0f01f7cc28) C:\Windows\system32\DRIVERS\srv2.sys
08:30:59.0773 1104 srv2 - ok
08:30:59.0898 1104 srvnet (27e461f0be5bff5fc737328f749538c3) C:\Windows\system32\DRIVERS\srvnet.sys
08:30:59.0945 1104 srvnet - ok
08:31:00.0070 1104 SSDPSRV (51b52fbd583cde8aa9ba62b8b4298f33) C:\Windows\System32\ssdpsrv.dll
08:31:00.0132 1104 SSDPSRV - ok
08:31:00.0241 1104 SstpSvc (ab7aebf58dad8daab7a6c45e6a8885cb) C:\Windows\system32\sstpsvc.dll
08:31:00.0335 1104 SstpSvc - ok
08:31:00.0444 1104 stexstor (f3817967ed533d08327dc73bc4d5542a) C:\Windows\system32\DRIVERS\stexstor.sys
08:31:00.0460 1104 stexstor - ok
08:31:00.0585 1104 stisvc (8dd52e8e6128f4b2da92ce27402871c1) C:\Windows\System32\wiaservc.dll
08:31:00.0647 1104 stisvc - ok
08:31:00.0865 1104 swenum (d01ec09b6711a5f8e7e6564a4d0fbc90) C:\Windows\system32\drivers\swenum.sys
08:31:00.0897 1104 swenum - ok
08:31:01.0037 1104 swprv (e08e46fdd841b7184194011ca1955a0b) C:\Windows\System32\swprv.dll
08:31:01.0131 1104 swprv - ok
08:31:01.0271 1104 SynTP (bcf305959b53b200ceb2ad25ad22f8a7) C:\Windows\system32\DRIVERS\SynTP.sys
08:31:01.0318 1104 SynTP - ok
08:31:01.0474 1104 SysMain (bf9ccc0bf39b418c8d0ae8b05cf95b7d) C:\Windows\system32\sysmain.dll
08:31:01.0567 1104 SysMain - ok
08:31:01.0692 1104 TabletInputService (e3c61fd7b7c2557e1f1b0b4cec713585) C:\Windows\System32\TabSvc.dll
08:31:01.0770 1104 TabletInputService - ok
08:31:01.0911 1104 TapiSrv (40f0849f65d13ee87b9a9ae3c1dd6823) C:\Windows\System32\tapisrv.dll
08:31:02.0004 1104 TapiSrv - ok
08:31:02.0129 1104 TBS (1be03ac720f4d302ea01d40f588162f6) C:\Windows\System32\tbssvc.dll
08:31:02.0191 1104 TBS - ok
08:31:02.0347 1104 Tcpip (fc62769e7bff2896035aeed399108162) C:\Windows\system32\drivers\tcpip.sys
08:31:02.0410 1104 Tcpip - ok
08:31:02.0566 1104 TCPIP6 (fc62769e7bff2896035aeed399108162) C:\Windows\system32\DRIVERS\tcpip.sys
08:31:02.0628 1104 TCPIP6 - ok
08:31:02.0753 1104 tcpipreg (df687e3d8836bfb04fcc0615bf15a519) C:\Windows\system32\drivers\tcpipreg.sys
08:31:02.0847 1104 tcpipreg - ok
08:31:02.0956 1104 TDPIPE (3371d21011695b16333a3934340c4e7c) C:\Windows\system32\drivers\tdpipe.sys
08:31:03.0003 1104 TDPIPE - ok
08:31:03.0127 1104 TDTCP (51c5eceb1cdee2468a1748be550cfbc8) C:\Windows\system32\drivers\tdtcp.sys
08:31:03.0190 1104 TDTCP - ok
08:31:03.0315 1104 tdx (ddad5a7ab24d8b65f8d724f5c20fd806) C:\Windows\system32\DRIVERS\tdx.sys
08:31:03.0377 1104 tdx - ok
08:31:03.0486 1104 TermDD (561e7e1f06895d78de991e01dd0fb6e5) C:\Windows\system32\drivers\termdd.sys
08:31:03.0533 1104 TermDD - ok
08:31:03.0689 1104 TermService (2e648163254233755035b46dd7b89123) C:\Windows\System32\termsrv.dll
08:31:03.0783 1104 TermService - ok
08:31:03.0907 1104 Themes (f0344071948d1a1fa732231785a0664c) C:\Windows\system32\themeservice.dll
08:31:03.0954 1104 Themes - ok
08:31:04.0095 1104 THREADORDER (e40e80d0304a73e8d269f7141d77250b) C:\Windows\system32\mmcss.dll
08:31:04.0157 1104 THREADORDER - ok
08:31:04.0251 1104 TrkWks (7e7afd841694f6ac397e99d75cead49d) C:\Windows\System32\trkwks.dll
08:31:04.0329 1104 TrkWks - ok
08:31:04.0453 1104 TrustedInstaller (773212b2aaa24c1e31f10246b15b276c) C:\Windows\servicing\TrustedInstaller.exe
08:31:04.0563 1104 TrustedInstaller - ok
08:31:04.0703 1104 tssecsrv (ce18b2cdfc837c99e5fae9ca6cba5d30) C:\Windows\system32\DRIVERS\tssecsrv.sys
08:31:04.0765 1104 tssecsrv - ok
08:31:04.0906 1104 TsUsbFlt (d11c783e3ef9a3c52c0ebe83cc5000e9) C:\Windows\system32\drivers\tsusbflt.sys
08:31:04.0968 1104 TsUsbFlt - ok
08:31:05.0093 1104 tunnel (3566a8daafa27af944f5d705eaa64894) C:\Windows\system32\DRIVERS\tunnel.sys
08:31:05.0171 1104 tunnel - ok
08:31:05.0296 1104 uagp35 (b4dd609bd7e282bfc683cec7eaaaad67) C:\Windows\system32\DRIVERS\uagp35.sys
08:31:05.0327 1104 uagp35 - ok
08:31:05.0436 1104 UBHelper (2e22c1fd397a5a9ffef55e9d1fc96c00) C:\Windows\system32\drivers\UBHelper.sys
08:31:05.0452 1104 UBHelper - ok
08:31:05.0577 1104 udfs (ff4232a1a64012baa1fd97c7b67df593) C:\Windows\system32\DRIVERS\udfs.sys
08:31:05.0655 1104 udfs - ok
08:31:05.0795 1104 UI0Detect (3cbdec8d06b9968aba702eba076364a1) C:\Windows\system32\UI0Detect.exe
08:31:05.0842 1104 UI0Detect - ok
08:31:05.0967 1104 uliagpkx (4bfe1bc28391222894cbf1e7d0e42320) C:\Windows\system32\drivers\uliagpkx.sys
08:31:05.0982 1104 uliagpkx - ok
08:31:06.0107 1104 umbus (dc54a574663a895c8763af0fa1ff7561) C:\Windows\system32\drivers\umbus.sys
08:31:06.0169 1104 umbus - ok
08:31:06.0294 1104 UmPass (b2e8e8cb557b156da5493bbddcc1474d) C:\Windows\system32\DRIVERS\umpass.sys
08:31:06.0341 1104 UmPass - ok
08:31:06.0435 1104 Updater Service (70dde3a86dbeb1d6c3c30ad687b1877a) C:\Program Files\Acer\Acer Updater\UpdaterService.exe
08:31:06.0450 1104 Updater Service - ok
08:31:06.0559 1104 upnphost (d47ec6a8e81633dd18d2436b19baf6de) C:\Windows\System32\upnphost.dll
08:31:06.0637 1104 upnphost - ok
08:31:06.0778 1104 usbccgp (6f1a3157a1c89435352ceb543cdb359c) C:\Windows\system32\drivers\usbccgp.sys
08:31:06.0840 1104 usbccgp - ok
08:31:06.0934 1104 USBCCID - ok
08:31:07.0059 1104 usbcir (af0892a803fdda7492f595368e3b68e7) C:\Windows\system32\drivers\usbcir.sys
08:31:07.0090 1104 usbcir - ok
08:31:07.0215 1104 usbehci (c025055fe7b87701eb042095df1a2d7b) C:\Windows\system32\DRIVERS\usbehci.sys
08:31:07.0261 1104 usbehci - ok
08:31:07.0371 1104 usbfilter (6648c6d7323a2ce0c4776c36cefbcb14) C:\Windows\system32\DRIVERS\usbfilter.sys
08:31:07.0386 1104 usbfilter - ok
08:31:07.0527 1104 usbhub (287c6c9410b111b68b52ca298f7b8c24) C:\Windows\system32\DRIVERS\usbhub.sys
08:31:07.0573 1104 usbhub - ok
08:31:07.0714 1104 usbohci (9840fc418b4cbd632d3d0a667a725c31) C:\Windows\system32\DRIVERS\usbohci.sys
08:31:07.0776 1104 usbohci - ok
08:31:07.0901 1104 usbprint (73188f58fb384e75c4063d29413cee3d) C:\Windows\system32\DRIVERS\usbprint.sys
08:31:07.0948 1104 usbprint - ok
08:31:08.0088 1104 USBSTOR (fed648b01349a3c8395a5169db5fb7d6) C:\Windows\system32\drivers\USBSTOR.SYS
08:31:08.0151 1104 USBSTOR - ok
08:31:08.0275 1104 usbuhci (62069a34518bcf9c1fd9e74b3f6db7cd) C:\Windows\system32\drivers\usbuhci.sys
08:31:08.0338 1104 usbuhci - ok
08:31:08.0494 1104 usbvideo (454800c2bc7f3927ce030141ee4f4c50) C:\Windows\System32\Drivers\usbvideo.sys
08:31:08.0541 1104 usbvideo - ok
08:31:08.0650 1104 UxSms (edbb23cbcf2cdf727d64ff9b51a6070e) C:\Windows\System32\uxsms.dll
08:31:08.0728 1104 UxSms - ok
08:31:08.0868 1104 VaultSvc (c118a82cd78818c29ab228366ebf81c3) C:\Windows\system32\lsass.exe
08:31:08.0899 1104 VaultSvc - ok
08:31:09.0055 1104 vdrvroot (c5c876ccfc083ff3b128f933823e87bd) C:\Windows\system32\drivers\vdrvroot.sys
08:31:09.0071 1104 vdrvroot - ok
08:31:09.0196 1104 vds (8d6b481601d01a456e75c3210f1830be) C:\Windows\System32\vds.exe
08:31:09.0258 1104 vds - ok
08:31:09.0399 1104 vga (da4da3f5e02943c2dc8c6ed875de68dd) C:\Windows\system32\DRIVERS\vgapnp.sys
08:31:09.0414 1104 vga - ok
08:31:09.0523 1104 VgaSave (53e92a310193cb3c03bea963de7d9cfc) C:\Windows\System32\drivers\vga.sys
08:31:09.0601 1104 VgaSave - ok
08:31:09.0742 1104 vhdmp (2ce2df28c83aeaf30084e1b1eb253cbb) C:\Windows\system32\drivers\vhdmp.sys
08:31:09.0789 1104 vhdmp - ok
08:31:09.0898 1104 viaide (e5689d93ffe4e5d66c0178761240dd54) C:\Windows\system32\drivers\viaide.sys
08:31:09.0913 1104 viaide - ok
08:31:10.0054 1104 volmgr (d2aafd421940f640b407aefaaebd91b0) C:\Windows\system32\drivers\volmgr.sys
08:31:10.0069 1104 volmgr - ok
08:31:10.0210 1104 volmgrx (a255814907c89be58b79ef2f189b843b) C:\Windows\system32\drivers\volmgrx.sys
08:31:10.0241 1104 volmgrx - ok
08:31:10.0381 1104 volsnap (0d08d2f3b3ff84e433346669b5e0f639) C:\Windows\system32\drivers\volsnap.sys
08:31:10.0397 1104 volsnap - ok
08:31:10.0522 1104 vsmraid (5e2016ea6ebaca03c04feac5f330d997) C:\Windows\system32\DRIVERS\vsmraid.sys
08:31:10.0553 1104 vsmraid - ok
08:31:10.0725 1104 VSS (b60ba0bc31b0cb414593e169f6f21cc2) C:\Windows\system32\vssvc.exe
08:31:10.0849 1104 VSS - ok
08:31:10.0974 1104 vwifibus (36d4720b72b5c5d9cb2b9c29e9df67a1) C:\Windows\system32\DRIVERS\vwifibus.sys
08:31:11.0021 1104 vwifibus - ok
08:31:11.0146 1104 vwififlt (6a3d66263414ff0d6fa754c646612f3f) C:\Windows\system32\DRIVERS\vwififlt.sys
08:31:11.0208 1104 vwififlt - ok
08:31:11.0364 1104 vwifimp (6a638fc4bfddc4d9b186c28c91bd1a01) C:\Windows\system32\DRIVERS\vwifimp.sys
08:31:11.0380 1104 vwifimp - ok
08:31:11.0489 1104 W32Time (1c9d80cc3849b3788048078c26486e1a) C:\Windows\system32\w32time.dll
08:31:11.0551 1104 W32Time - ok
08:31:11.0676 1104 WacomPen (4e9440f4f152a7b944cb1663d3935a3e) C:\Windows\system32\DRIVERS\wacompen.sys
08:31:11.0754 1104 WacomPen - ok
08:31:11.0895 1104 WANARP (356afd78a6ed4457169241ac3965230c) C:\Windows\system32\DRIVERS\wanarp.sys
08:31:11.0957 1104 WANARP - ok
08:31:12.0051 1104 Wanarpv6 (356afd78a6ed4457169241ac3965230c) C:\Windows\system32\DRIVERS\wanarp.sys
08:31:12.0097 1104 Wanarpv6 - ok
08:31:12.0316 1104 WatAdminSvc (3cec96de223e49eaae3651fcf8faea6c) C:\Windows\system32\Wat\WatAdminSvc.exe
08:31:12.0363 1104 WatAdminSvc - ok
08:31:12.0519 1104 wbengine (78f4e7f5c56cb9716238eb57da4b6a75) C:\Windows\system32\wbengine.exe
08:31:12.0612 1104 wbengine - ok
08:31:12.0784 1104 WbioSrvc (3aa101e8edab2db4131333f4325c76a3) C:\Windows\System32\wbiosrvc.dll
08:31:12.0831 1104 WbioSrvc - ok
08:31:12.0987 1104 wcncsvc (7368a2afd46e5a4481d1de9d14848edd) C:\Windows\System32\wcncsvc.dll
08:31:13.0033 1104 wcncsvc - ok
08:31:13.0158 1104 WcsPlugInService (20f7441334b18cee52027661df4a6129) C:\Windows\System32\WcsPlugInService.dll
08:31:13.0252 1104 WcsPlugInService - ok
08:31:13.0345 1104 Wd (72889e16ff12ba0f235467d6091b17dc) C:\Windows\system32\DRIVERS\wd.sys
08:31:13.0377 1104 Wd - ok
08:31:13.0486 1104 WDC_SAM (a3d04ebf5227886029b4532f20d026f7) C:\Windows\system32\DRIVERS\wdcsam64.sys
08:31:13.0548 1104 WDC_SAM - ok
08:31:13.0689 1104 Wdf01000 (441bd2d7b4f98134c3a4f9fa570fd250) C:\Windows\system32\drivers\Wdf01000.sys
08:31:13.0720 1104 Wdf01000 - ok
08:31:13.0829 1104 WdiServiceHost (bf1fc3f79b863c914687a737c2f3d681) C:\Windows\system32\wdi.dll
08:31:13.0923 1104 WdiServiceHost - ok
08:31:13.0954 1104 WdiSystemHost (bf1fc3f79b863c914687a737c2f3d681) C:\Windows\system32\wdi.dll
08:31:13.0985 1104 WdiSystemHost - ok
08:31:14.0110 1104 WebClient (3db6d04e1c64272f8b14eb8bc4616280) C:\Windows\System32\webclnt.dll
08:31:14.0157 1104 WebClient - ok
08:31:14.0281 1104 Wecsvc (c749025a679c5103e575e3b48e092c43) C:\Windows\system32\wecsvc.dll
08:31:14.0344 1104 Wecsvc - ok
08:31:14.0437 1104 wercplsupport (7e591867422dc788b9e5bd337a669a08) C:\Windows\System32\wercplsupport.dll
08:31:14.0515 1104 wercplsupport - ok
08:31:14.0625 1104 WerSvc (6d137963730144698cbd10f202e9f251) C:\Windows\System32\WerSvc.dll
08:31:14.0718 1104 WerSvc - ok
08:31:14.0859 1104 WfpLwf (611b23304bf067451a9fdee01fbdd725) C:\Windows\system32\DRIVERS\wfplwf.sys
08:31:14.0937 1104 WfpLwf - ok
08:31:15.0046 1104 WIMMount (05ecaec3e4529a7153b3136ceb49f0ec) C:\Windows\system32\drivers\wimmount.sys
08:31:15.0061 1104 WIMMount - ok
08:31:15.0108 1104 WinDefend - ok
08:31:15.0124 1104 WinHttpAutoProxySvc - ok
08:31:15.0264 1104 Winmgmt (19b07e7e8915d701225da41cb3877306) C:\Windows\system32\wbem\WMIsvc.dll
08:31:15.0358 1104 Winmgmt - ok
08:31:15.0529 1104 WinRM (bcb1310604aa415c4508708975b3931e) C:\Windows\system32\WsmSvc.dll
08:31:15.0623 1104 WinRM - ok
08:31:15.0795 1104 WinUsb (fe88b288356e7b47b74b13372add906d) C:\Windows\system32\drivers\WinUsb.sys
08:31:15.0873 1104 WinUsb - ok
08:31:16.0013 1104 Wlansvc (4fada86e62f18a1b2f42ba18ae24e6aa) C:\Windows\System32\wlansvc.dll
08:31:16.0075 1104 Wlansvc - ok
08:31:16.0294 1104 wlidsvc (7e47c328fc4768cb8beafbcfafa70362) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
08:31:16.0356 1104 wlidsvc - ok
08:31:16.0497 1104 WmiAcpi (f6ff8944478594d0e414d3f048f0d778) C:\Windows\system32\drivers\wmiacpi.sys
08:31:16.0528 1104 WmiAcpi - ok
08:31:16.0684 1104 wmiApSrv (38b84c94c5a8af291adfea478ae54f93) C:\Windows\system32\wbem\WmiApSrv.exe
08:31:16.0746 1104 wmiApSrv - ok
08:31:16.0824 1104 WMPNetworkSvc - ok
08:31:16.0918 1104 WPCSvc (96c6e7100d724c69fcf9e7bf590d1dca) C:\Windows\System32\wpcsvc.dll
08:31:16.0949 1104 WPCSvc - ok
08:31:17.0074 1104 WPDBusEnum (93221146d4ebbf314c29b23cd6cc391d) C:\Windows\system32\wpdbusenum.dll
08:31:17.0136 1104 WPDBusEnum - ok
08:31:17.0261 1104 ws2ifsl (6bcc1d7d2fd2453957c5479a32364e52) C:\Windows\system32\drivers\ws2ifsl.sys
08:31:17.0323 1104 ws2ifsl - ok
08:31:17.0433 1104 wscsvc (e8b1fe6669397d1772d8196df0e57a9e) C:\Windows\system32\wscsvc.dll
08:31:17.0495 1104 wscsvc - ok
08:31:17.0635 1104 WSDPrintDevice (8d918b1db190a4d9b1753a66fa8c96e8) C:\Windows\system32\DRIVERS\WSDPrint.sys
08:31:17.0698 1104 WSDPrintDevice - ok
08:31:17.0823 1104 WSDScan (4a2a5c50dd1a63577d3aca94269fbc7f) C:\Windows\system32\DRIVERS\WSDScan.sys
08:31:17.0838 1104 WSDScan - ok
08:31:17.0932 1104 WSearch - ok
08:31:18.0057 1104 wuauserv (9df12edbc698b0bc353b3ef84861e430) C:\Windows\system32\wuaueng.dll
08:31:18.0213 1104 wuauserv - ok
08:31:18.0337 1104 WudfPf (d3381dc54c34d79b22cee0d65ba91b7c) C:\Windows\system32\drivers\WudfPf.sys
08:31:18.0415 1104 WudfPf - ok
08:31:18.0571 1104 WUDFRd (cf8d590be3373029d57af80914190682) C:\Windows\system32\drivers\WUDFRd.sys
08:31:18.0649 1104 WUDFRd - ok
08:31:18.0774 1104 wudfsvc (7a95c95b6c4cf292d689106bcae49543) C:\Windows\System32\WUDFSvc.dll
08:31:18.0837 1104 wudfsvc - ok
08:31:18.0961 1104 WwanSvc (9a3452b3c2a46c073166c5cf49fad1ae) C:\Windows\System32\wwansvc.dll
08:31:19.0039 1104 WwanSvc - ok
08:31:19.0133 1104 MBR (0x1B8) (a36c5e4f47e84449ff07ed3517b43a31) \Device\Harddisk0\DR0
08:31:20.0038 1104 \Device\Harddisk0\DR0 - ok
08:31:20.0085 1104 Boot (0x1200) (f67454094dbee62345d515d41a46a235) \Device\Harddisk0\DR0\Partition0
08:31:20.0085 1104 \Device\Harddisk0\DR0\Partition0 - ok
08:31:20.0100 1104 Boot (0x1200) (a4c049075905b6f92957382b9d33b553) \Device\Harddisk0\DR0\Partition1
08:31:20.0100 1104 \Device\Harddisk0\DR0\Partition1 - ok
08:31:20.0116 1104 ============================================================
08:31:20.0116 1104 Scan finished
08:31:20.0116 1104 ============================================================
08:31:20.0131 5516 Detected object count: 1
08:31:20.0131 5516 Actual detected object count: 1
08:32:36.0915 5516 sptd ( LockedFile.Multi.Generic ) - skipped by user
08:32:36.0915 5516 sptd ( LockedFile.Multi.Generic ) - User select action: Skip
08:32:47.0648 3588 Deinitialize success

[lifethezero]

Oh and I did delete the three files you specified with roguekiller.

[MrCharlie]

Please download and run ComboFix.
The most important things to remember when running it is to disable all your malware programs and run Combofix from your desktop.

Please visit this webpage for download links, and instructions for running ComboFix

http://www.bleepingc...to-use-combofix

Ensure you have disabled all anti virus and anti malware programs so they do not interfere with the running of ComboFix.

Information on disabling your malware programs can be found Here.

Make sure you run ComboFix from your desktop.

Please include the C:\ComboFix.txt in your next reply for further review.

Note:
If you get the message Illegal operation attempted on registry key that has been marked for deletion. after you run ComboFix....please reboot the computer, this should resolve the problem. You may have to do this several times if needed.
MrC

[lifethezero]

Ok, here is the combofix log:

ComboFix 12-04-18.01 - Owner 04/18/2012 11:26:21.3.1 - x64
Microsoft Windows 7 Home Premium 6.1.7601.1.1252.1.1033.18.2812.1699 [GMT -5:00]
Running from: c:\users\Owner\Desktop\ComboFix.exe
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
((((((((((((((((((((((((( Files Created from 2012-03-18 to 2012-04-18 )))))))))))))))))))))))))))))))
.
.
2012-04-18 16:33 . 2012-04-18 16:33 -------- d-----w- c:\users\Default\AppData\Local\temp
2012-04-18 03:27 . 2012-04-18 03:27 711240 ----a-w- c:\windows\is-K9V0O.exe
2012-04-11 03:54 . 2012-03-01 06:46 23408 ----a-w- c:\windows\system32\drivers\fs_rec.sys
2012-04-11 03:54 . 2012-03-01 06:33 81408 ----a-w- c:\windows\system32\imagehlp.dll
2012-04-11 03:54 . 2012-03-01 06:38 220672 ----a-w- c:\windows\system32\wintrust.dll
2012-04-11 03:54 . 2012-03-01 06:28 5120 ----a-w- c:\windows\system32\wmi.dll
2012-04-11 03:54 . 2012-03-01 05:37 172544 ----a-w- c:\windows\SysWow64\wintrust.dll
2012-04-11 03:54 . 2012-03-01 05:33 159232 ----a-w- c:\windows\SysWow64\imagehlp.dll
2012-04-11 03:54 . 2012-03-01 05:29 5120 ----a-w- c:\windows\SysWow64\wmi.dll
2012-04-07 16:36 . 2012-03-14 03:27 8669240 ------w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{F96F4DC7-E96F-419B-9720-A3E3BA2AE2C1}\mpengine.dll
2012-04-06 03:27 . 2012-04-06 03:27 -------- d-----w- c:\users\Owner\AppData\Local\{E7B6953F-7F5E-11E1-826D-B8AC6F996F26}
2012-04-05 20:55 . 2012-04-07 14:14 -------- d-----w- c:\users\Owner\AppData\Roaming\Ciwiku
2012-04-05 20:55 . 2012-04-05 20:55 -------- d-----w- c:\users\Owner\AppData\Roaming\Lyihyv
2012-04-05 20:55 . 2012-04-05 20:55 182784 ----a-w- c:\users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\StartUp\otne.exe
2012-04-05 13:50 . 2012-04-05 13:50 418464 ----a-w- c:\windows\SysWow64\FlashPlayerApp.exe
2012-03-26 15:41 . 2012-03-26 15:41 103864 ----a-w- c:\program files (x86)\Mozilla Firefox\plugins\nppdf32.dll
2012-03-26 15:41 . 2012-03-26 15:41 103864 ----a-w- c:\program files (x86)\Internet Explorer\Plugins\nppdf32.dll
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-04-05 13:50 . 2011-07-26 20:42 70304 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl
2012-04-04 20:56 . 2010-03-21 03:59 24904 ----a-w- c:\windows\system32\drivers\mbam.sys
2012-02-23 15:18 . 2010-02-21 08:07 279656 ------w- c:\windows\system32\MpSigStub.exe
2012-02-17 06:38 . 2012-03-13 22:42 1031680 ----a-w- c:\windows\system32\rdpcore.dll
2012-02-17 05:34 . 2012-03-13 22:42 826880 ----a-w- c:\windows\SysWow64\rdpcore.dll
2012-02-17 04:58 . 2012-03-13 22:42 210944 ----a-w- c:\windows\system32\drivers\rdpwd.sys
2012-02-17 04:57 . 2012-03-13 22:42 23552 ----a-w- c:\windows\system32\drivers\tdtcp.sys
2012-02-10 06:36 . 2012-03-14 04:25 1544192 ----a-w- c:\windows\system32\DWrite.dll
2012-02-10 05:38 . 2012-03-14 04:25 1077248 ----a-w- c:\windows\SysWow64\DWrite.dll
2012-02-07 16:02 . 2012-02-07 16:02 1070352 ----a-w- c:\windows\SysWow64\MSCOMCTL.OCX
2012-02-03 04:34 . 2012-03-14 04:25 3145728 ----a-w- c:\windows\system32\win32k.sys
2012-01-25 06:38 . 2012-03-13 22:42 77312 ----a-w- c:\windows\system32\rdpwsx.dll
2012-01-25 06:38 . 2012-03-13 22:42 149504 ----a-w- c:\windows\system32\rdpcorekmts.dll
2012-01-25 06:33 . 2012-03-13 22:42 9216 ----a-w- c:\windows\system32\rdrmemptylst.exe
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\egisPSDP]
@="{30A0A3F6-38AC-4C53-BB8B-0D95238E25BA}"
[HKEY_CLASSES_ROOT\CLSID\{30A0A3F6-38AC-4C53-BB8B-0D95238E25BA}]
2009-09-10 13:41 120104 ----a-w- c:\program files (x86)\EgisTec\MyWinLocker 3\x86\PSDProtect.dll
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"NortonOnlineBackupReminder"="c:\program files (x86)\Symantec\Norton Online Backup\Activation\NobuActivation.exe" [2009-07-25 588648]
"SpybotSD TeaTimer"="c:\program files (x86)\Spybot - Search & Destroy\TeaTimer.exe" [2009-03-05 2260480]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe" [2011-04-08 254696]
"DivXUpdate"="c:\program files (x86)\DivX\DivX Update\DivXUpdate.exe" [2011-07-28 1259376]
"Adobe Reader Speed Launcher"="c:\program files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2012-03-27 37296]
"Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2012-01-02 843712]
"QuickTime Task"="c:\program files (x86)\QuickTime\QTTask.exe" [2010-03-18 421888]
.
c:\users\Default User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
otne.exe [2012-4-5 182784]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\drivers32]
"aux"=wdmaud.drv
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
Security Packages REG_MULTI_SZ kerberos msv1_0 schannel wdigest tspkg pku2u livessp
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Acer Assist Launcher]
2007-11-19 22:17 1261568 ----a-w- c:\program files (x86)\Acer\Acer Assist\launcher.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher]
2012-03-27 12:41 37296 ----a-w- c:\program files (x86)\Adobe\Reader 9.0\Reader\reader_sl.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\EgisTecLiveUpdate]
2009-08-04 05:09 199464 ----a-w- c:\program files (x86)\EgisTec Egis Software Update\EgisUpdate.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LManager]
2009-08-18 09:42 1157128 ----a-w- c:\program files (x86)\Launch Manager\LManager.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NortonOnlineBackupReminder]
2009-07-25 00:31 588648 ----a-w- c:\program files (x86)\Symantec\Norton Online Backup\Activation\NobuActivation.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\StartCCC]
2009-07-30 06:20 98304 ----a-w- c:\program files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe
.
R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]
R3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service;c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-04-05 253600]
R3 MWLService;MyWinLocker Service;c:\program files (x86)\EgisTec\MyWinLocker 3\x86\\MWLService.exe [2009-09-10 305448]
R3 NTIBackupSvc;NTI Backup Now 5 Backup Service;c:\program files (x86)\NewTech Infosystems\NTI Backup Now 5\BackupSvc.exe [2009-06-18 50432]
R3 RSUSBSTOR;RtsUStor.Sys Realtek USB Card Reader;c:\windows\system32\Drivers\RtsUStor.sys [x]
R3 RtsUIR;Realtek IR Driver;c:\windows\system32\DRIVERS\Rts516xIR.sys [x]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [x]
R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe [x]
R3 WDC_SAM;WD SCSI Pass Thru driver;c:\windows\system32\DRIVERS\wdcsam64.sys [x]
R3 WSDPrintDevice;WSD Print Support via UMB;c:\windows\system32\DRIVERS\WSDPrint.sys [x]
R3 WSDScan;WSD Scan Support via UMB;c:\windows\system32\DRIVERS\WSDScan.sys [x]
S0 sptd;sptd;c:\windows\System32\Drivers\sptd.sys [x]
S1 mwlPSDFilter;mwlPSDFilter;c:\windows\system32\DRIVERS\mwlPSDFilter.sys [x]
S1 mwlPSDNServ;mwlPSDNServ;c:\windows\system32\DRIVERS\mwlPSDNServ.sys [x]
S1 mwlPSDVDisk;mwlPSDVDisk;c:\windows\system32\DRIVERS\mwlPSDVDisk.sys [x]
S1 vwififlt;Virtual WiFi Filter Driver;c:\windows\system32\DRIVERS\vwififlt.sys [x]
S2 AMD External Events Utility;AMD External Events Utility;c:\windows\system32\atiesrxx.exe [x]
S2 ePowerSvc;Acer ePower Service;c:\program files\Acer\Acer ePower Management\ePowerSvc.exe [2009-10-29 844320]
S2 Greg_Service;GRegService;c:\program files (x86)\Acer\Registration\GregHSRW.exe [2009-08-28 1150496]
S2 NTISchedulerSvc;NTI Backup Now 5 Scheduler Service;c:\program files (x86)\NewTech Infosystems\NTI Backup Now 5\SchedulerSvc.exe [2009-06-18 144640]
S2 SBSDWSCService;SBSD Security Center Service;c:\program files (x86)\Spybot - Search & Destroy\SDWinSec.exe [2009-01-26 1153368]
S2 Updater Service;Updater Service;c:\program files\Acer\Acer Updater\UpdaterService.exe [2009-07-04 240160]
S3 L1C;NDIS Miniport Driver for Atheros AR813x/AR815x PCI-E Ethernet Controller;c:\windows\system32\DRIVERS\L1C62x64.sys [x]
S3 usbfilter;AMD USB Filter Driver;c:\windows\system32\DRIVERS\usbfilter.sys [x]
S3 vwifimp;Microsoft Virtual WiFi Miniport Service;c:\windows\system32\DRIVERS\vwifimp.sys [x]
.
.
Contents of the 'Scheduled Tasks' folder
.
2012-04-18 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-04-05 13:50]
.
.
--------- x86-64 -----------
.
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\egisPSDP]
@="{30A0A3F6-38AC-4C53-BB8B-0D95238E25BA}"
[HKEY_CLASSES_ROOT\CLSID\{30A0A3F6-38AC-4C53-BB8B-0D95238E25BA}]
2009-09-10 13:44 137512 ----a-w- c:\program files (x86)\EgisTec\MyWinLocker 3\x64\PSDProtect.dll
.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost - NetSvcs
lxrsii1s
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.yahoo.com/
uLocal Page = c:\windows\system32\blank.htm
mStart Page = hxxp://homepage.acer.com/rdr.aspx?b=ACAW&l=0409&m=aspire_5532&r=27360210d525l04g4z145t4402x242
mLocal Page = c:\windows\SysWOW64\blank.htm
IE: E&xport to Microsoft Excel - c:\progra~2\MICROS~1\Office12\EXCEL.EXE/3000
TCP: DhcpNameServer = 192.168.1.1
FF - ProfilePath - c:\users\Owner\AppData\Roaming\Mozilla\Firefox\Profiles\00u66hgm.default\
FF - prefs.js: browser.startup.homepage - hxxp://mp3tubetoolbar.com/?tmp=toolbar_Mp3Tube_homepage&prt=pinballtbfour04ff&clid=e5053b451ed44eeaa08e2adcc000a661&subid=
FF - prefs.js: keyword.URL - hxxp://mp3tubetoolbar.com/?tmp=nemo_results_removelink2&q=
FF - Ext: Default: {972ce4c6-7e08-4474-a285-3208198ce6fd} - c:\program files (x86)\Mozilla Firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA} - c:\program files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA} - c:\program files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA} - c:\program files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA} - c:\program files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA} - c:\program files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA} - c:\program files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0030-ABCDEFFEDCBA} - c:\program files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0030-ABCDEFFEDCBA}
FF - Ext: Move Media Player: moveplayer@movenetworks.com - c:\users\Owner\AppData\Roaming\Move Networks
FF - Ext: DivX Plus Web Player HTML5 &lt;video&gt;: {23fcfd51-4958-4f00-80a3-ae97e717ed8b} - c:\program files (x86)\DivX\DivX Plus Web Player\firefox\DivXHTML5
FF - user.js: keyword.URL - hxxp://mp3tubetoolbar.com/?tmp=nemo_results_removelink2&q=
FF - user.js: keyword.enabled - 1
.
- - - - ORPHANS REMOVED - - - -
.
Toolbar-Locked - (no file)
MSConfigStartUp-ArcadeDeluxeAgent - c:\program files (x86)\Acer Arcade Deluxe\Acer Arcade Deluxe\ArcadeDeluxeAgent.exe
MSConfigStartUp-mcagent_exe - c:\program files (x86)\McAfee.com\Agent\mcagent.exe
MSConfigStartUp-PlayMovie - c:\program files (x86)\Acer Arcade Deluxe\PlayMovie\PMVService.exe
HKLM-Run-SynTPEnh - c:\program files (x86)\Synaptics\SynTP\SynTPEnh.exe
.
.
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_USERS\S-1-5-21-2270189555-2747501707-2644376415-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.eml\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="WindowsLiveMail.Email.1"
.
[HKEY_USERS\S-1-5-21-2270189555-2747501707-2644376415-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.vcf\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="WindowsLiveMail.VCard.1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_2_202_228_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_2_202_228_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_2_202_228.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.11"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_2_202_228.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_2_202_228.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_2_202_228.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]
@Denied: (A 2) (Everyone)
@="IFlashBroker4"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
Completion time: 2012-04-18 11:38:20
ComboFix-quarantined-files.txt 2012-04-18 16:38
.
Pre-Run: 19,858,268,160 bytes free
Post-Run: 19,798,257,664 bytes free
.
- - End Of File - - 65573C8BDF2E9362767C8F609A0AF8D9

[MrCharlie]

Please delete these two folders:
You may have to enable hidden files to see them:
http://www.bleepingc...s-in-windows-7/

c:\users\Owner\AppData\Roaming\Ciwiku
c:\users\Owner\AppData\Roaming\Lyihyv

----------------------------

Do you know what this file is for?
c:\users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\StartUp\otne.exe

-----------------------------------------------

Download TFC to your desktop
Close any open windows.
Double click the TFC icon to run the program
TFC will close all open programs itself in order to run,
Click the Start button to begin the process.
Allow TFC to run uninterrupted.
The program should not take long to finish it's job
Once its finished it should automatically reboot your machine,
if it doesn't, manually reboot to ensure a complete clean

--------------------------------------

Then.....

Please Update and run a Quick Scan with MBAM, post the report.

Make sure that everything is checked, and click Remove Selected.

Please let me know how it is, MrC

[lifethezero]

Ok I deleted the two folders you mentioned, and as far as the otne.exe file I have no idea. Under the properties it says it was created about a week and a half ago, around the same time I noticed the trojan in the first place. I haven't added any programs aside from the malware programs I used through this site.

I ran TFC, rebooted and ran mbam again, didn't find anything but here is the log:

Malwarebytes Anti-Malware 1.61.0.1400
www.malwarebytes.org
Database version: v2012.04.18.05
Windows 7 Service Pack 1 x64 NTFS
Internet Explorer 9.0.8112.16421
Owner :: OWNER-PC [administrator]
4/18/2012 12:33:24 PM
mbam-log-2012-04-18 (12-33-24).txt
Scan type: Quick scan
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
Scan options disabled: P2P
Objects scanned: 199475
Time elapsed: 4 minute(s), 11 second(s)
Memory Processes Detected: 0
(No malicious items detected)
Memory Modules Detected: 0
(No malicious items detected)
Registry Keys Detected: 0
(No malicious items detected)
Registry Values Detected: 0
(No malicious items detected)
Registry Data Items Detected: 0
(No malicious items detected)
Folders Detected: 0
(No malicious items detected)
Files Detected: 0
(No malicious items detected)
(end)

[MrCharlie]

Can you manually delete that file?

How's the computer running?? MrC

[lifethezero]

Yes, I deleted it and removed it from the recycle bin then restarted. Seems to be running better overall, the error messages stopped and some of the random minor issues seem to be corrected. Browser speed seems to have improved, but still not sure if it's quite at its original speed. Of course that is just from browsing for a few minutes just to see how it was doing, so difficult to say at this point.

Also noticed that the DDS log showed some svchost processes still running, and those are no longer showing up on the task manager.

[lifethezero]

BTW, should I turn my firewall back on now or leave it off for the time being?

[MrCharlie]

Quote

Also noticed that the DDS log showed some svchost processes still running, and those are no longer showing up on the task manager.

Several svchost processes running is not unusually.

Quote

BTW, should I turn my firewall back on now or leave it off for the time being?

Turn it back on.

We still have some clean up to do, MrC

[lifethezero]

Ok the firewall is back on.

[MrCharlie]

OK...........

Please Uninstall ComboFix:

Press the Windows logo key + R to bring up the "run box"

Copy and paste next command in the field:

ComboFix /uninstall

Make sure there's a space between Combofix and /



Then hit enter.
This will uninstall Combofix, delete its related folders and files, hide file extensions, hide the system/hidden files and clears System Restore cache and create new Restore point

---------------------------------

Please download OTL from one of the links below:
http://oldtimer.geekstogo.com/OTL.exe
http://oldtimer.geekstogo.com/OTL.com

Save it to your desktop.

Run OTL and hit the CleanUp button. (This will cleanup the tools and logs used including itself)

Any other programs or logs you can manually delete.

-------------------------------

You have out date Java on the system, older versions are vulnerable to malware.

Please go to your control panel > Java > Update Tab > Update Now

Should be Java™ 6 Update 31, not 30


http://www.java.com/...d/installed.jsp <---verify your Java

-----------------------------------

Any questions...please post back.

If you think I've helped you, please leave a comment > click on my avatar picture > click Profile Feed.

Take a look at My Preventive Maintenance to avoid being infected again.

Good Luck and Thanks for using the forum, MrC

[lifethezero]

Ok I removed all the tools and ran the java update, I'm running a little short on time right now though, I'll be away from my computer for a bit. I will definitely run the java test and post back, probably be tomorrow morning though.

In the meantime I really appreciate the help, thanks a lot man.

[MrCharlie]

OK, let me know, MrC