Windows Update Not Available

Dell / Inspiron 531
March 10, 2013 at 15:33:25
Specs: Windows Vista
I cannot access windows update. I get the message:

Windows Update cannot currently check for updates, because the service is not running. You may need to restart your computer.

I can only seem to find answers for Window 7, not 32bit Vista.

Any ideas?


See More: Windows Update Not Available

Report •

#1
March 10, 2013 at 19:00:45
Run the ESET Services Repair tool.
Download the ESET Services Repair tool and extract it to your desktop, run servicesrepair.exe and allow it to make repairs.
http://kb.eset.com/library/ESET/KB%...
Please post the content of the log it creates which can be found in the folder the tool will have created on your desktop.

Report •

#2
March 11, 2013 at 00:03:45
Hi there, I use ESET as my anti virus and a full scan picked up no problems. I also ran Malwarebytes with the same end answer.

Report •

#3
March 11, 2013 at 00:13:18
Run the ESET Services Repair tool.
Download the ESET Services Repair tool and extract it to your desktop, run servicesrepair.exe and allow it to make repairs.
http://kb.eset.com/library/ESET/KB%...
Please post the content of the log it creates which can be found in the folder the tool will have created on your desktop.

Report •

Related Solutions

#4
March 11, 2013 at 11:27:49
I've tried that tool a few times.

I right click, admin user and it tells me it has to reinstall some files, then reboot.

I've done that twice now and never does anything different.


Report •

#5
March 11, 2013 at 12:49:54
To lose those services, you either have been or still are infected.

Run RogueKiller
http://www.softpedia.com/get/Securi...
http://www.softpedia.com/progScreen...
http://majorgeeks.com/RogueKiller_d...
http://www.geekstogo.com/forum/file...
http://www.sur-la-toile.com/RogueKi...
http://www.sur-la-toile.com/RogueKi...
Download & SAVE to your Desktop.
Quit all programs that you may have started.
Please disconnect any USB or external drives from the computer before you run this scan!
For Vista or Windows 7, right-click and select "Run as Administrator to start"
For Windows XP, double-click to start.
Wait until Prescan has finished ...
Then Click on "Scan" button
Wait until the Status box shows "Scan Finished"
click on "delete"
Wait until the Status box shows "Deleting Finished"
Click on "Report" and copy/paste the content of the Notepad into your next reply.
The log should be found in RKreport[1].txt on your Desktop
Exit/Close RogueKiller.


Report •

#6
March 11, 2013 at 12:53:09
Here is a fix, if needed, after you run RogueKiller.

http://brianmorristech.com/?p=980

Go to the Vista section on this link.

http://www.smartestcomputing.us.com...


Report •

#7
March 11, 2013 at 13:41:52
Thanks. Here is the report:

RogueKiller V8.5.2 [Mar 9 2013] by Tigzy
mail : tigzyRK<at>gmail<dot>com
Feedback : http://www.geekstogo.com/forum/file...
Website : http://tigzy.geekstogo.com/roguekil...
Blog : http://tigzyrk.blogspot.com/

Operating System : Windows Vista (6.0.6000 ) 32 bits version
Started in : Normal mode
User : Rkane [Admin rights]
Mode : Remove -- Date : 02/27/2013 04:20:12
| ARK || FAK || MBR |

¤¤¤ Bad processes : 0 ¤¤¤

¤¤¤ Registry Entries : 9 ¤¤¤
[TASK][SUSP PATH] task28615731 : C:\Users\Rkane\AppData\Local\Temp\Ntfs_Clean.exe [x] -> DELETED
[HJPOL] HKLM\[...]\System : DisableRegistryTools (0) -> DELETED
[HJ SMENU] HKCU\[...]\Advanced : Start_ShowPrinters (0) -> REPLACED (1)
[HJ DESK] HKCU\[...]\ClassicStartMenu : {59031a47-3f72-44a7-89c5-5595fe6b30ee} (1) -> REPLACED (0)
[HJ DESK] HKCU\[...]\NewStartPanel : {59031a47-3f72-44a7-89c5-5595fe6b30ee} (1) -> REPLACED (0)
[HJ DESK] HKCU\[...]\ClassicStartMenu : {20D04FE0-3AEA-1069-A2D8-08002B30309D} (1) -> REPLACED (0)
[HJ DESK] HKCU\[...]\NewStartPanel : {20D04FE0-3AEA-1069-A2D8-08002B30309D} (1) -> REPLACED (0)
[HJ DESK] HKLM\[...]\NewStartPanel : {59031a47-3f72-44a7-89c5-5595fe6b30ee} (1) -> REPLACED (0)
[HJ DESK] HKLM\[...]\NewStartPanel : {20D04FE0-3AEA-1069-A2D8-08002B30309D} (1) -> REPLACED (0)

¤¤¤ Particular Files / Folders: ¤¤¤
[ZeroAccess][FILE] @ : C:\$recycle.bin\S-1-5-18\$d3ff38bbde30750541203b112cc952af\@ [-] --> REMOVED
[ZeroAccess][FILE] @ : C:\$recycle.bin\S-1-5-21-3947676820-3080918530-3524232594-1000\$d3ff38bbde30750541203b112cc952af\@ [-] --> REMOVED
[ZeroAccess][FOLDER] ROOT : C:\$recycle.bin\S-1-5-18\$d3ff38bbde30750541203b112cc952af\U --> REMOVED
[ZeroAccess][FOLDER] ROOT : C:\$recycle.bin\S-1-5-21-3947676820-3080918530-3524232594-1000\$d3ff38bbde30750541203b112cc952af\U --> REMOVED
[Del.Parent][FILE] 00000004.@ : C:\$recycle.bin\S-1-5-18\$d3ff38bbde30750541203b112cc952af\L\00000004.@ [-] --> REMOVED
[Del.Parent][FILE] 201d3dde : C:\$recycle.bin\S-1-5-18\$d3ff38bbde30750541203b112cc952af\L\201d3dde [-] --> REMOVED
[ZeroAccess][FOLDER] ROOT : C:\$recycle.bin\S-1-5-18\$d3ff38bbde30750541203b112cc952af\L --> REMOVED
[ZeroAccess][FOLDER] ROOT : C:\$recycle.bin\S-1-5-21-3947676820-3080918530-3524232594-1000\$d3ff38bbde30750541203b112cc952af\L --> REMOVED

¤¤¤ Driver : [LOADED] ¤¤¤
SSDT[116] : NtDebugActiveProcess @ 0x829760AA -> HOOKED (Unknown @ 0x8BE34200)
SSDT[129] : NtDuplicateObject @ 0x829F1FA7 -> HOOKED (Unknown @ 0x8BE342F0)
SSDT[255] : NtQueueApcThread @ 0x82A1A705 -> HOOKED (Unknown @ 0x8BE340E0)
SSDT[310] : NtSetInformationThread @ 0x82A18477 -> HOOKED (Unknown @ 0x8BE33D90)
SSDT[334] : NtSuspendProcess @ 0x82A1D2C3 -> HOOKED (Unknown @ 0x8BE33B90)
SSDT[362] : NtWriteVirtualMemory @ 0x829D6FFB -> HOOKED (Unknown @ 0x8BE346D0)

¤¤¤ Extern Hives: ¤¤¤
-> D:\windows\system32\config\SOFTWARE
-> D:\windows\system32\config\SYSTEM
-> D:\Users\Default\NTUSER.DAT

¤¤¤ Infection : ZeroAccess ¤¤¤

¤¤¤ HOSTS File: ¤¤¤
--> C:\Windows\system32\drivers\etc\hosts

127.0.0.1 localhost
::1 localhost


¤¤¤ MBR Check: ¤¤¤

+++++ PhysicalDrive0: ST325031 0AS SCSI Disk Device +++++
--- User ---
[MBR] cd3ed054e06212f6dd7bce9306e17c7c
[BSP] 12363dafc8b1110c9583683a9ba0f769 : Windows Vista MBR Code
Partition table:
0 - [XXXXXX] DELL-UTIL (0xde) [VISIBLE] Offset (sectors): 63 | Size: 54 Mo
1 - [XXXXXX] NTFS (0x07) [VISIBLE] Offset (sectors): 112640 | Size: 10240 Mo
2 - [ACTIVE] NTFS (0x07) [VISIBLE] Offset (sectors): 21084160 | Size: 228122 Mo
User = LL1 ... OK!
Error reading LL2 MBR!

Finished : << RKreport[2]_D_02272013_02d0420.txt >>
RKreport[1]_S_02272013_02d0403.txt ; RKreport[2]_D_02272013_02d0420.txt


Report •

#8
March 11, 2013 at 16:46:23
Yep, infected big time, we shall have to break the infection down bit by bit.

2: Run ComboFix & post the contents of the log please.
http://www.bleepingcomputer.com/dow...
http://download.bleepingcomputer.co...
http://www.techsupportforum.com/sec...
http://www.forospyware.com/sUBs/Com...
A guide and tutorial on using ComboFix
http://www.bleepingcomputer.com/com...
Note:
Do not mouseclick combofix's window while it is running. That may cause it to stall.
If after running Combofix you discover none of your programs will open up, and you recieve the following error: "Illegal operation attempted on a registry key that has been marked for deletion". Then the answer is to REBOOT the machine, and all will be corrected.
Can't Install an Antivirus - Windows Security Center still detects previous AV
http://www.experts-exchange.com/Vir...
We are almost ready to start ComboFix, but before we do so, we need to take some preventative measures so that there are no conflicts with other programs when running ComboFix. At this point you should do the following:
* Close all open Windows including this one.
* Close or disable all running Antivirus, Antispyware, and Firewall programs as they may interfere with the proper running of ComboFix. Instructions on disabling these type of programs can be found in this topic.
http://www.bleepingcomputer.com/for...
Once these two steps have been completed, double-click on the ComboFix icon found on your desktop. Please note, that once you start ComboFix you should not click anywhere on the ComboFix window as it can cause the program to stall. In fact, when ComboFix is running, do not touch your computer at all. The scan could take a while, so please be patient.


Report •

#9
March 12, 2013 at 12:44:11
I downloaded Comobofix, turned off my Eset settings, ran combofix and it set up...but nothing afterwards.

The PC froze shortly after and I had to reboot. DL it again and it froze half way through setting up.

Rebooted again. So I haven't been able to run Combofix.


Report •

#10
March 12, 2013 at 13:09:29
We have to outsmart the virus, try Combofix in Safe mode.

Report •

#11
March 12, 2013 at 13:28:01
Here is some extra info, basically it's what the tutorial says.

NOTE:
ComboFix will check to see if the Microsoft Windows Recovery Console is installed.
***It's strongly recommended to have the Recovery Console installed before doing any malware removal.***

**Please note: If the Microsoft Windows Recovery Console is already installed, ComboFix will automatically proceed with its scan.

The Recovery Console provides a recovery/repair mode should a problem occur during a Combofix run.

Allow ComboFix to download the Recovery Console.
Accept the End-User License Agreement.
The Recovery Console will be installed.
You will then get this next prompt that asks if you want to continue the malware scan, select yes.


Report •

#12
March 12, 2013 at 13:52:48
It runs through the back up process and doesn't ask permission to download the Recovery Console. If it had, I would've said yes.

I ran combofix again in safemode and same result. Leading to a freeze, turning off etc.


Report •

#13
March 12, 2013 at 13:58:38
"I ran combofix again in safemode and same result. Leading to a freeze, turning off etc."

Ok, that's the virus doing it's job, uninstall Combofix & try the the rename trick ( this can be used on any tool that won't run )
Download a new copy of Combofix.

Uninstall ComboFix.
Start > Run, Copy and Paste > ComboFix /uninstall and click OK.

Rename Combofix.exe as you download it to winlogon.exe
Notes:
It is very important that save the newly renamed EXE file to your desktop.
You must rename Combofixe.exe as you download it and not after it is on your computer.
You may have to modify your browser settings if you use Firefox, so you can rename Combofix.exe as you download it. To do that:
Open Firefox
Click Tools -> Options -> Main
Under the downloads section check the button that says "Always ask me where to save files".
Click OK
For Internet Explorer:
Choose to save, not open the file
When prompted - save the file to your desktop, and rename it winlogon.exe.


Report •

#14
March 12, 2013 at 14:04:44
is that only in normal mode, because nothing appears in safe?

Report •

#15
March 12, 2013 at 14:09:32
"is that only in normal mode, because nothing appears in safe?"
Don't know what you are talking about.

Report •

#16
March 12, 2013 at 14:15:28
sorry, when i enter that uninstall search, i get no results in safe mode.

i'll switch back to normal mode and try.


Report •

#17
March 12, 2013 at 14:18:45
"i'll switch back to normal mode and try"
If nothing happens, that is telling you nothing got installed, proceed with the rename trick in Normal mode.

Report •

#18
March 12, 2013 at 15:25:16
Great. That rename done the trick. Here is the log:

ComboFix 13-03-11.01 - SYSTEM 27/02/2013 12:47:43.5.2 - x86 NETWORK
Microsoft® Windows Vista™ Home Basic 6.0.6000.0.1252.44.1033.18.958.536 [GMT 0:00]
Running from: c:\windows\System32\config\systemprofile\Desktop\ComboFix.exe
* Created a new restore point
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\programdata\Bcool
c:\programdata\Bcool\background.html
c:\programdata\Bcool\beajpgnfmbkfjmagcmgmijjklaihahnc.crx
c:\programdata\Bcool\content.js
c:\programdata\Bcool\settings.ini
c:\programdata\E45FA9C640.sys
c:\users\Kasem\AppData\Roaming\Velu
c:\users\Kasem\AppData\Roaming\Velu\ytqui.upy
c:\users\Kasem\AppData\Roaming\Xove
c:\users\Kasem\AppData\Roaming\Xove\ifwi.goe
c:\windows\system32\40C6A95FE4.dll
.
.
((((((((((((((((((((((((( Files Created from 2013-01-27 to 2013-02-27 )))))))))))))))))))))))))))))))
.
.
2013-02-27 13:00 . 2013-02-27 13:00 -------- d-----w- c:\users\Rkane\AppData\Local\temp
2013-02-27 13:00 . 2013-02-27 13:00 -------- d-----w- c:\users\Public\AppData\Local\temp
2013-02-27 13:00 . 2013-02-27 13:00 -------- d-----w- c:\users\Me\AppData\Local\temp
2013-02-27 13:00 . 2013-02-27 13:00 -------- d-----w- c:\users\Kasem\AppData\Local\temp
2013-02-27 13:00 . 2013-02-27 13:00 -------- d-----w- c:\users\Default\AppData\Local\temp
2013-02-25 23:42 . 2013-02-25 23:42 40776 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2013-02-23 15:02 . 2013-02-23 15:02 -------- d-----w- c:\users\Rkane\AppData\Local\Research In Motion
2013-02-23 15:02 . 2013-02-23 15:05 -------- d-----w- c:\users\Rkane\AppData\Roaming\Research In Motion
2013-02-23 14:59 . 2011-07-20 14:13 35328 ----a-w- c:\windows\system32\drivers\RimSerial.sys
2013-02-23 14:56 . 2013-02-23 14:56 -------- d-----w- c:\programdata\Research In Motion
2013-02-23 14:54 . 2013-02-23 14:56 -------- d-----w- c:\program files\Common Files\Research In Motion
2013-02-23 14:54 . 2013-02-23 14:56 -------- d-----w- c:\program files\Common Files\XCPCSync.OEM
2013-02-15 02:15 . 2013-02-15 02:15 -------- d-----w- c:\users\Kasem\AppData\Local\Facebook
2013-02-02 13:28 . 2013-02-26 02:59 -------- d-----w- c:\program files\TNod User & Password Finder
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2013-02-21 01:36 . 2012-10-03 21:32 71024 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2013-02-21 01:36 . 2012-10-03 21:32 691568 ----a-w- c:\windows\system32\FlashPlayerApp.exe
2012-12-14 16:49 . 2010-12-15 19:50 21104 ----a-w- c:\windows\system32\drivers\mbam.sys
2013-02-25 03:54 . 2013-02-25 03:54 263064 ----a-w- c:\program files\mozilla firefox\components\browsercomps.dll
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"WPCUMI"="c:\windows\system32\WpcUmi.exe" [2006-11-02 176128]
"egui"="c:\program files\ESET\ESET NOD32 Antivirus\egui.exe" [2012-09-09 2029640]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2012-12-03 946352]
"RIMBBLaunchAgent.exe"="c:\program files\Common Files\Research In Motion\USB Drivers\RIMBBLaunchAgent.exe" [2011-11-02 90448]
.
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
EDUP WLan Utility.lnk - c:\program files\EDUP Technology Corporation\EDUP_802.11g_Utility\ZDWlan.exe [2009-8-18 499712]
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\hitmanpro36]
@=""
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\hitmanpro36.sys]
@=""
.
[HKLM\~\startupfolder\C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^Audible Download Manager.lnk]
path=c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\Audible Download Manager.lnk
backup=c:\windows\pss\Audible Download Manager.lnk.CommonStartup
backupExtension=.CommonStartup
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AdobeCS4ServiceManager]
2008-08-14 06:58 611712 ----a-w- c:\program files\Common Files\Adobe\CS4ServiceManager\CS4ServiceManager.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\APSDaemon]
2011-11-01 23:25 59240 ----a-w- c:\program files\Common Files\Apple\Apple Application Support\APSDaemon.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Ask and Record FLV Service]
2009-09-22 18:09 156672 ----a-w- c:\program files\Replay Media Catcher\FLVSrvc.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\dellsupportcenter]
2008-08-13 17:32 206064 ----a-w- c:\program files\Dell Support Center\bin\sprtcmd.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\dscactivate]
2007-11-15 09:24 16384 ----a-w- c:\program files\Dell Support Center\gs_agent\custom\dsca.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\GrooveMonitor]
2009-02-26 17:36 30040 ----a-w- c:\program files\Microsoft Office\Office12\GrooveMonitor.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ISUSScheduler]
2005-06-10 02:44 81920 ------r- c:\program files\Common Files\InstallShield\UpdateService\issch.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper]
2012-01-16 17:22 421736 ----a-w- c:\program files\iTunes\iTunesHelper.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Malwarebytes' Anti-Malware (reboot)]
2012-12-14 16:49 824232 ----a-w- c:\program files\Malwarebytes' Anti-Malware\mbam.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MsnMsgr]
2010-04-16 21:12 3872080 ----a-w- c:\program files\Windows Live\Messenger\msnmsgr.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PDVDDXSrv]
2006-10-20 17:23 118784 ------w- c:\program files\CyberLink\PowerDVD DX\PDVDDXSrv.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
2010-11-29 16:38 421888 ----a-w- c:\program files\QuickTime\QTTask.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RoxWatchTray]
2006-11-05 11:22 221184 ----a-w- c:\program files\Common Files\Roxio Shared\9.0\SharedCOM\RoxWatchTray9.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RtHDVCpl]
2007-09-24 09:41 4452352 ----a-w- c:\windows\RtHDVCpl.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TkBellExe]
2008-04-28 23:57 185896 ----a-w- c:\program files\Common Files\Real\Update_OB\realsched.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\UnlockerAssistant]
2008-05-02 04:15 15872 ----a-w- c:\program files\Unlocker\UnlockerAssistant.exe
.
--- Other Services/Drivers In Memory ---
.
*NewlyCreated* - ECACHE
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
LocalServiceNoNetwork REG_MULTI_SZ PLA DPS BFE mpssvc
.
Contents of the 'Scheduled Tasks' folder
.
2013-02-27 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2012-10-03 01:36]
.
2013-02-26 c:\windows\Tasks\FacebookUpdateTaskUserS-1-5-21-3947676820-3080918530-3524232594-1001Core.job
- c:\users\Kasem\AppData\Local\Facebook\Update\FacebookUpdate.exe [2013-02-15 02:15]
.
2013-02-27 c:\windows\Tasks\FacebookUpdateTaskUserS-1-5-21-3947676820-3080918530-3524232594-1001UA.job
- c:\users\Kasem\AppData\Local\Facebook\Update\FacebookUpdate.exe [2013-02-15 02:15]
.
.
------- Supplementary Scan -------
.
mStart Page = about:blank
mLocal Page = about:blank
uInternet Settings,ProxyOverride = local
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~3\Office12\EXCEL.EXE/3000
LSP: c:\windows\system32\wpclsp.dll
TCP: DhcpNameServer = 192.168.0.1
FF - ProfilePath -
.
- - - - ORPHANS REMOVED - - - -
.
SafeBoot-79438929.sys
MSConfigStartUp-Adobe Reader Speed Launcher - c:\program files\Adobe\Reader 8.0\Reader\Reader_sl.exe
MSConfigStartUp-AdobeUpdater - c:\program files\Common Files\Adobe\Updater5\AdobeUpdater.exe
MSConfigStartUp-DAEMON Tools Lite - c:\program files\DAEMON Tools Lite\DTLite.exe
MSConfigStartUp-sqlncli - c:\windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\675\sqlncli.exe
MSConfigStartUp-SunJavaUpdateSched - c:\program files\Common Files\Java\Java Update\jusched.exe
.
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2013-02-27 13:01
Windows 6.0.6000 NTFS
.
scanning hidden processes ...
.
scanning hidden autostart entries ...
.
scanning hidden files ...
.
scan completed successfully
hidden files: 0
.
**************************************************************************
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
"MSCurrentCountry"=dword:00000000
.
Completion time: 2013-02-27 13:05:52
ComboFix-quarantined-files.txt 2013-02-27 13:05
ComboFix2.txt 2011-07-22 12:14
ComboFix3.txt 2011-05-23 01:45
.
Pre-Run: 63,651,016,704 bytes free
Post-Run: 64,282,656,768 bytes free
.
- - End Of File - - 7B5843A11B56296BDC5ECB6A8034BB87


Report •

#19
March 12, 2013 at 15:28:16
That got heaps.

"Hi there, I use ESET as my anti virus and a full scan picked up no problems. I also ran Malwarebytes with the same end answer."

Now rerun Malwarebytes (MBAM) & your anti virus (AV), both in Quick scan mode.


Report •

#20
March 12, 2013 at 15:43:37
Will do now. However I'm still in Safe Mode as when I logged back into normal, it was still freezing and taking an age to do simple tasks.

Report •

#21
March 12, 2013 at 15:49:33
"However I'm still in Safe Mode"
That's fine, anything is better than nothing, bit by bit.

Make sure you update both programs before running.


Report •

#22
March 12, 2013 at 16:18:36
Nothing showing up in either of those scans, both clear.

Report •

#23
March 12, 2013 at 16:25:25
Run AdwCleaner
http://www.softpedia.com/get/Antivi...
http://www.softpedia.com/progScreen...
http://general-changelog-team.fr/en...
http://www.raymond.cc/blog/adwclean...
Please download AdwCleaner by Xplode onto your desktop.
Close all open programs and internet browsers.
Double click on AdwCleaner.exe to run the tool.
Click on Delete.
Confirm each time with Ok.
Your computer will be rebooted automatically. A text file will open after the restart.
Please post the content of that logfile with your next answer.
You can find the logfile at C:\AdwCleaner[S1].txt as well.

Run Junkware Removal Tool
http://www.bleepingcomputer.com/dow...
http://thisisudax.blogspot.com.au/2...
Download Junkware Removal Tool to your desktop.
Warning! Once the scan is complete JRT will shut down your browser with NO warning.
Shut down your protection software now to avoid potential conflicts.
Temporarily disable your antivirus and any antispyware real time protection before performing a scan. Click this link to see a list of security programs that should be disabled and how to disable them. http://www.bleepingcomputer.com/for...
Run the tool by double-clicking it. If you are using Windows Vista or Windows 7, right-click JRT and select Run as Administrator
The tool will open and start scanning your system.
Please be patient as this can take a while to complete depending on your system's specifications.
On completion, a log (JRT.txt) is saved to your desktop and will automatically open.
Copy and Paste the JRT.txt log into your next message.


Report •

#24
March 12, 2013 at 17:11:04
AdwCleaner worked ok, however JRT not so well. I DL'd normally into Safe Mode and ran, only a small window flicked open for a millisecond then closed, then nothing else.

I DL'd again trying the name change trick, but with the same result. I also tried it in normal mode with Eset turned off.


Report •

#25
March 12, 2013 at 17:14:30
"AdwCleaner worked ok"
Log please.

Report •

#26
March 12, 2013 at 17:17:11
Here is the ADW log:

# AdwCleaner v2.114 - Logfile created 02/27/2013 at 14:30:06
# Updated 05/03/2013 by Xplode
# Operating system : Windows Vista (TM) Home Basic (32 bits)
# User : Rkane - RKANE-PC
# Boot Mode : Safe mode with networking
# Running from : C:\Windows\System32\config\systemprofile\Desktop\adwcleaner.exe
# Option [Delete]


***** [Services] *****


***** [Files / Folders] *****

Folder Deleted : C:\ProgramData\GboxUpdater
Folder Deleted : C:\ProgramData\InstallMate
Folder Deleted : C:\ProgramData\Premium

***** [Registry] *****

Key Deleted : HKLM\SOFTWARE\Classes\AppID\NCTAudioCDGrabber2.DLL
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{CADAF6BE-BF50-4669-8BFD-C27BD4E6181B}
Key Deleted : HKLM\SOFTWARE\Classes\Conduit.Engine
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{0194532A-A99C-4337-937E-2A452C8957BE}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{66EEF543-A9AC-4A9D-AA3C-1ED148AC8EEE}
Key Deleted : HKLM\SOFTWARE\Classes\Toolbar.CT1060933
Key Deleted : HKLM\SOFTWARE\Classes\Toolbar.CT2504091
Key Deleted : HKLM\SOFTWARE\Classes\Toolbar.CT2653012
Key Deleted : HKLM\SOFTWARE\Classes\Toolbar.CT2786678
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{11549FE4-7C5A-4C17-9FC3-56FC5162A994}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{92E5039E-FF1E-4AFB-8F24-87592D20C383}
Key Deleted : HKLM\Software\Conduit
Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{AFDBDDAA-5D3F-42EE-B79C-185A7020515B}
Key Deleted : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\063A857434EDED11A893800002C0A966

***** [Internet Browsers] *****

-\\ Internet Explorer v7.0.6000.16945

[OK] Registry is clean.

-\\ Mozilla Firefox v19.0.2 (en-GB)

File : C:\Windows\system32\config\systemprofile\AppData\Roaming\Mozilla\Firefox\Profiles\ktf4ffge.default\prefs.js

[OK] File is clean.

File : C:\Windows\system32\config\systemprofile\AppData\Roaming\Mozilla\Firefox\Profiles\ktf4ffge.default\prefs.js

[OK] File is clean.

File : C:\Windows\system32\config\systemprofile\AppData\Roaming\Mozilla\Firefox\Profiles\ktf4ffge.default\prefs.js

[OK] File is clean.

File : C:\Windows\system32\config\systemprofile\AppData\Roaming\Mozilla\Firefox\Profiles\ktf4ffge.default\prefs.js

[OK] File is clean.

*************************

AdwCleaner[R1].txt - [2420 octets] - [27/02/2013 14:29:51]
AdwCleaner[S1].txt - [2387 octets] - [27/02/2013 14:30:06]

########## EOF - \AdwCleaner[S1].txt - [2447 octets] ##########


Report •

#27
March 12, 2013 at 17:20:08
Download & run Unhide
http://www.bleepingcomputer.com/for...
http://download.bleepingcomputer.co...
A introduction as to what this program does.
http://www.bleepingcomputer.com/for...
For those of you who no longer have the %Temp%\Smtmp folder, you will not be able to use Unhide to restore your Start Menu items. With this in mind, I have created some scripts to restore the default Start Menu for specific versions of Windows that I have access to. You can view the available versions below. I will be adding more as time goes on.
Once the program has been downloaded, double-click on the Unhide.exe icon on your desktop and allow the program to run, it does take some time, be patient. This program will remove the +H, or hidden, attribute from all the files on your hard drives. If there are any files that were purposely hidden by you, you will need to hide them again after this tool is run.

Reboot

Run TDSSKiller & post the contents of the log.
http://www.softpedia.com/get/Antivi...
http://www.softpedia.com/progScreen...
http://support.kaspersky.com/faq/?q...
http://support.kaspersky.com/viruse...
Anti-rootkit utility TDSSKiller
http://support.kaspersky.com/faq/?q...
If TDSS dos'nt run, use FixTDSS
http://www.symantec.com/content/en/...
Download FixTDSS and save it to your desktop.
Double click on the FixTDSS.exe icon to run it.
Click the "I Accept" button, then the "Proceed" button to begin
The tool will restart your computer automatically - click OK to allow it to do so
The tool will begin it's scan on reboot > click "run" to begin
It will report if an infected MBR is found > click the "repair" button


Report •

#28
March 12, 2013 at 17:38:18
I tried to post TDSS log but got an error message saying it was too large?

The scan came back completely clean.


Report •

#29
March 12, 2013 at 17:47:42
"I tried to post TDSS log but got an error message saying it was too large?"
Break it up into 2 parts or upload it to a site of your choosing please.

Did Unhide do anything & leave a log?


Report •

#30
March 12, 2013 at 17:53:00
What country & town/city are you?

I'm here.

http://www.timeanddate.com/worldclo...


Report •

#31
March 12, 2013 at 17:53:03
Unhide said it changed a couple of things but no log.

Here is TDSS log (first part):

15:22:04.0731 3432 TDSS rootkit removing tool 2.8.16.0 Feb 11 2013 18:50:42
15:22:05.0090 3432 ============================================================
15:22:05.0090 3432 Current date / time: 2013/02/27 15:22:05.0090
15:22:05.0090 3432 SystemInfo:
15:22:05.0090 3432
15:22:05.0090 3432 OS Version: 6.0.6000 ServicePack: 0.0
15:22:05.0090 3432 Product type: Workstation
15:22:05.0090 3432 ComputerName: RKANE-PC
15:22:05.0090 3432 UserName: Rkane
15:22:05.0090 3432 Windows directory: C:\Windows
15:22:05.0090 3432 System windows directory: C:\Windows
15:22:05.0090 3432 Processor architecture: Intel x86
15:22:05.0090 3432 Number of processors: 2
15:22:05.0090 3432 Page size: 0x1000
15:22:05.0090 3432 Boot type: Normal boot
15:22:05.0090 3432 ============================================================
15:22:07.0617 3432 Drive \Device\Harddisk0\DR0 - Size: 0x3A35294400 (232.83 Gb), SectorSize: 0x200, Cylinders: 0x76BA, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000050
15:22:07.0680 3432 ============================================================
15:22:07.0680 3432 \Device\Harddisk0\DR0:
15:22:07.0695 3432 MBR partitions:
15:22:07.0695 3432 \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x1B800, BlocksNum 0x1400000
15:22:07.0695 3432 \Device\Harddisk0\DR0\Partition2: MBR, Type 0x7, StartLBA 0x141B800, BlocksNum 0x1BD8D000
15:22:07.0695 3432 ============================================================
15:22:07.0758 3432 C: <-> \Device\Harddisk0\DR0\Partition2
15:22:07.0789 3432 D: <-> \Device\Harddisk0\DR0\Partition1
15:22:07.0805 3432 ============================================================
15:22:07.0805 3432 Initialize success
15:22:07.0805 3432 ============================================================
15:22:14.0279 2472 ============================================================
15:22:14.0279 2472 Scan started
15:22:14.0279 2472 Mode: Manual;
15:22:14.0279 2472 ============================================================
15:22:16.0868 2472 ================ Scan system memory ========================
15:22:16.0868 2472 System memory - ok
15:22:16.0868 2472 ================ Scan services =============================
15:22:17.0804 2472 [ 84FC6DF81212D16BE5C4F441682FECCC ] ACPI C:\Windows\system32\drivers\acpi.sys
15:22:17.0820 2472 ACPI - ok
15:22:17.0929 2472 [ 3927397AC60D943DAF8808AFFED582B7 ] AdobeARMservice C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe
15:22:17.0945 2472 AdobeARMservice - ok
15:22:18.0147 2472 [ 9942DC4CC265CDA00486504444EF521D ] AdobeFlashPlayerUpdateSvc C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe
15:22:18.0179 2472 AdobeFlashPlayerUpdateSvc - ok
15:22:18.0241 2472 [ 2EDC5BBAC6C651ECE337BDE8ED97C9FB ] adp94xx C:\Windows\system32\drivers\adp94xx.sys
15:22:18.0319 2472 adp94xx - ok
15:22:18.0350 2472 [ B84088CA3CDCA97DA44A984C6CE1CCAD ] adpahci C:\Windows\system32\drivers\adpahci.sys
15:22:18.0444 2472 adpahci - ok
15:22:18.0459 2472 [ 7880C67BCCC27C86FD05AA2AFB5EA469 ] adpu160m C:\Windows\system32\drivers\adpu160m.sys
15:22:18.0475 2472 adpu160m - ok
15:22:18.0506 2472 [ 9AE713F8E30EFC2ABCCD84904333DF4D ] adpu320 C:\Windows\system32\drivers\adpu320.sys
15:22:18.0537 2472 adpu320 - ok
15:22:18.0584 2472 [ 9D1FDA9E086BA64E3C93C9DE32461BCF ] AeLookupSvc C:\Windows\System32\aelupsvc.dll
15:22:18.0584 2472 AeLookupSvc - ok
15:22:18.0615 2472 [ 5D24CAF8EFD924A875698FF28384DB8B ] AFD C:\Windows\system32\drivers\afd.sys
15:22:18.0647 2472 AFD - ok
15:22:18.0709 2472 [ A971E522F55D8E28339AEBFB7A9D601A ] agentcd C:\Windows\system32\agentcd.sys
15:22:18.0725 2472 agentcd - ok
15:22:18.0959 2472 [ 8B10CE1C1F9F1D47E4DEB1A547A00CD4 ] agp440 C:\Windows\system32\drivers\agp440.sys
15:22:18.0990 2472 agp440 - ok
15:22:19.0021 2472 [ AE1FDF7BF7BB6C6A70F67699D880592A ] aic78xx C:\Windows\system32\drivers\djsvs.sys
15:22:19.0052 2472 aic78xx - ok
15:22:19.0099 2472 [ E69FB0E3112C40FDC0EF7D21A52DC951 ] ALG C:\Windows\System32\alg.exe
15:22:19.0099 2472 ALG - ok
15:22:19.0115 2472 [ DC67A153FDB8105B25D05334B5E1D8E2 ] aliide C:\Windows\system32\drivers\aliide.sys
15:22:19.0130 2472 aliide - ok
15:22:19.0177 2472 [ EC5EFB3C60F1B624648344A328BCE596 ] amacpi C:\Windows\system32\DRIVERS\null.sys
15:22:19.0193 2472 amacpi - ok
15:22:19.0239 2472 [ 848F27E5B27C1C253F6CEFDC1A5D8F21 ] amdagp C:\Windows\system32\drivers\amdagp.sys
15:22:19.0302 2472 amdagp - ok
15:22:19.0317 2472 [ 835C4C3355088298A5EBD818FA31430F ] amdide C:\Windows\system32\drivers\amdide.sys
15:22:19.0349 2472 amdide - ok
15:22:19.0380 2472 [ DC487885BCEF9F28EECE6FAC0E5DDFC5 ] AmdK7 C:\Windows\system32\drivers\amdk7.sys
15:22:19.0411 2472 AmdK7 - ok
15:22:19.0442 2472 [ 0CA0071DA4315B00FC1328CA86B425DA ] AmdK8 C:\Windows\system32\DRIVERS\amdk8.sys
15:22:19.0442 2472 AmdK8 - ok
15:22:19.0489 2472 [ CFA455816879F06F1C4E5BBF9E8AEF7D ] Appinfo C:\Windows\System32\appinfo.dll
15:22:19.0489 2472 Appinfo - ok
15:22:19.0707 2472 [ 3DEBBECF665DCDDE3A95D9B902010817 ] Apple Mobile Device C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
15:22:19.0707 2472 Apple Mobile Device - ok
15:22:19.0739 2472 appliandMP - ok
15:22:19.0785 2472 [ 5F673180268BB1FDB69C99B6619FE379 ] arc C:\Windows\system32\drivers\arc.sys
15:22:19.0848 2472 arc - ok
15:22:19.0879 2472 [ 957F7540B5E7F602E44648C7DE5A1C05 ] arcsas C:\Windows\system32\drivers\arcsas.sys
15:22:19.0910 2472 arcsas - ok
15:22:19.0957 2472 [ E86CF7CE67D5DE898F27EF884DC357D8 ] AsyncMac C:\Windows\system32\DRIVERS\asyncmac.sys
15:22:19.0988 2472 AsyncMac - ok
15:22:20.0019 2472 [ E03E8C99D15D0381E02743C36AFC7C6F ] atapi C:\Windows\system32\drivers\atapi.sys
15:22:20.0051 2472 atapi - ok
15:22:20.0238 2472 [ 44FA26470D4C8123CCF71F4200B782D3 ] athrusb C:\Windows\system32\DRIVERS\athrusb.sys
15:22:20.0285 2472 athrusb - ok
15:22:20.0347 2472 [ D4ED96AC2FAFEE2C697436B9A2871CD3 ] ATITool C:\Windows\system32\DRIVERS\ATITool.sys
15:22:20.0378 2472 ATITool - ok
15:22:20.0425 2472 [ E760FC1BD68F7F6F1B17EB4E8D9480B0 ] AudioEndpointBuilder C:\Windows\System32\Audiosrv.dll
15:22:20.0425 2472 AudioEndpointBuilder - ok
15:22:20.0441 2472 [ E760FC1BD68F7F6F1B17EB4E8D9480B0 ] Audiosrv C:\Windows\System32\Audiosrv.dll
15:22:20.0441 2472 Audiosrv - ok
15:22:20.0487 2472 [ AC3DD1708B22761EBD7CBE14DCC3B5D7 ] Beep C:\Windows\system32\drivers\Beep.sys
15:22:20.0519 2472 Beep - ok
15:22:20.0565 2472 [ DA551697E34D2B9943C8B1C8EAFFE89A ] BITS C:\Windows\system32\qmgr.dll
15:22:20.0581 2472 BITS - ok
15:22:20.0597 2472 blbdrive - ok
15:22:20.0659 2472 [ DB5BEA73EDAF19AC68B2C0FAD0F92B1A ] Bonjour Service C:\Program Files\Bonjour\mDNSResponder.exe
15:22:20.0675 2472 Bonjour Service - ok
15:22:20.0706 2472 [ 913CD06FBE9105CE6077E90FD4418561 ] bowser C:\Windows\system32\DRIVERS\bowser.sys
15:22:20.0753 2472 bowser - ok
15:22:20.0784 2472 [ 9F9ACC7F7CCDE8A15C282D3F88B43309 ] BrFiltLo C:\Windows\system32\drivers\brfiltlo.sys
15:22:20.0799 2472 BrFiltLo - ok
15:22:20.0815 2472 [ 56801AD62213A41F6497F96DEE83755A ] BrFiltUp C:\Windows\system32\drivers\brfiltup.sys
15:22:20.0831 2472 BrFiltUp - ok
15:22:20.0862 2472 [ BEB6470532B7461D7BB426E3FACB424F ] Browser C:\Windows\System32\browser.dll
15:22:20.0877 2472 Browser - ok
15:22:20.0893 2472 [ B304E75CFF293029EDDF094246747113 ] Brserid C:\Windows\system32\drivers\brserid.sys
15:22:20.0893 2472 Brserid - ok
15:22:20.0909 2472 [ 203F0B1E73ADADBBB7B7B1FABD901F6B ] BrSerWdm C:\Windows\system32\drivers\brserwdm.sys
15:22:20.0924 2472 BrSerWdm - ok
15:22:20.0924 2472 [ BD456606156BA17E60A04E18016AE54B ] BrUsbMdm C:\Windows\system32\drivers\brusbmdm.sys
15:22:20.0940 2472 BrUsbMdm - ok
15:22:20.0940 2472 [ AF72ED54503F717A43268B3CC5FAEC2E ] BrUsbSer C:\Windows\system32\drivers\brusbser.sys
15:22:20.0955 2472 BrUsbSer - ok
15:22:20.0971 2472 [ AD07C1EC6665B8B35741AB91200C6B68 ] BTHMODEM C:\Windows\system32\drivers\bthmodem.sys
15:22:21.0018 2472 BTHMODEM - ok
15:22:21.0174 2472 catchme - ok
15:22:21.0205 2472 [ 6C3A437FC873C6F6A4FC620B6888CB86 ] cdfs C:\Windows\system32\DRIVERS\cdfs.sys
15:22:21.0252 2472 cdfs - ok
15:22:21.0299 2472 [ 8D1866E61AF096AE8B582454F5E4D303 ] cdrom C:\Windows\system32\DRIVERS\cdrom.sys
15:22:21.0345 2472 cdrom - ok
15:22:21.0392 2472 [ 0600E04315FE543802A379D5D23C8BE0 ] CertPropSvc C:\Windows\System32\certprop.dll
15:22:21.0408 2472 CertPropSvc - ok
15:22:21.0423 2472 [ DA8E0AFC7BAA226C538EF53AC2F90897 ] circlass C:\Windows\system32\drivers\circlass.sys
15:22:21.0626 2472 circlass - ok
15:22:21.0673 2472 [ 1B84FD0937D3B99AF9BA38DDFF3DAF54 ] CLFS C:\Windows\system32\CLFS.sys
15:22:21.0704 2472 CLFS - ok
15:22:21.0798 2472 [ D87ACAED61E417BBA546CED5E7E36D9C ] clr_optimization_v2.0.50727_32 C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
15:22:21.0813 2472 clr_optimization_v2.0.50727_32 - ok
15:22:21.0845 2472 [ E79CBB2195E965F6E3256E2C1B23FD1C ] cmdide C:\Windows\system32\drivers\cmdide.sys
15:22:21.0891 2472 cmdide - ok
15:22:21.0923 2472 [ 722936AFB75A7F509662B69B5632F48A ] Compbatt C:\Windows\system32\drivers\compbatt.sys
15:22:21.0923 2472 Compbatt - ok
15:22:21.0954 2472 COMSysApp - ok
15:22:21.0969 2472 [ 2A213AE086BBEC5E937553C7D9A2B22C ] crcdisk C:\Windows\system32\drivers\crcdisk.sys
15:22:22.0016 2472 crcdisk - ok
15:22:22.0032 2472 [ 22A7F883508176489F559EE745B5BF5D ] Crusoe C:\Windows\system32\drivers\crusoe.sys
15:22:22.0063 2472 Crusoe - ok
15:22:22.0110 2472 [ 1C26FB097170A2A91066D1E3A24366E3 ] CryptSvc C:\Windows\system32\cryptsvc.dll
15:22:22.0110 2472 CryptSvc - ok
15:22:22.0188 2472 [ 7B981222A257D076885BFFB66F19B7CE ] DcomLaunch C:\Windows\system32\rpcss.dll
15:22:22.0203 2472 DcomLaunch - ok
15:22:22.0219 2472 [ A7179DE59AE269AB70345527894CCD7C ] DfsC C:\Windows\system32\Drivers\dfsc.sys
15:22:22.0235 2472 DfsC - ok
15:22:22.0359 2472 [ E0D584AA76C7D845BA9F3A788260528F ] DFSR C:\Windows\system32\DFSR.exe
15:22:22.0437 2472 DFSR - ok
15:22:22.0484 2472 [ DC45739BC22D528D2B3E50D3F6761750 ] Dhcp C:\Windows\System32\dhcpcsvc.dll
15:22:22.0484 2472 Dhcp - ok
15:22:22.0531 2472 [ 841AF4C4D41D3E3B2F244E976B0F7963 ] disk C:\Windows\system32\drivers\disk.sys
15:22:22.0547 2472 disk - ok
15:22:22.0578 2472 [ EECBA1DD142BF8693C476BE8F32FE253 ] Dnscache C:\Windows\System32\dnsrslvr.dll
15:22:22.0578 2472 Dnscache - ok
15:22:22.0609 2472 [ BE3D1E84378DE1F4C448FD59541581E9 ] dot3svc C:\Windows\System32\dot3svc.dll
15:22:22.0609 2472 dot3svc - ok
15:22:22.0656 2472 [ 032C90AD677BF7B7A8013D6087C7A921 ] DPS C:\Windows\system32\dps.dll
15:22:22.0671 2472 DPS - ok
15:22:22.0703 2472 [ EE472CD2C01F6F8E8AA1FA06FFEF61B6 ] drmkaud C:\Windows\system32\drivers\drmkaud.sys
15:22:22.0718 2472 drmkaud - ok
15:22:22.0765 2472 [ 2893B158FC5D98A42D0B2F4D7C22C788 ] DrmRAudio C:\Windows\system32\drivers\DrmRAudio.sys
15:22:22.0796 2472 DrmRAudio - ok
15:22:22.0952 2472 [ B95202EFD0464D226E7542C1E319C028 ] DXGKrnl C:\Windows\System32\drivers\dxgkrnl.sys
15:22:22.0983 2472 DXGKrnl - ok
15:22:23.0046 2472 [ 7505290504C8E2D172FA378CC0497BCC ] e1express C:\Windows\system32\DRIVERS\e1e6032.sys
15:22:23.0093 2472 e1express - ok
15:22:23.0108 2472 [ F88FB26547FD2CE6D0A5AF2985892C48 ] E1G60 C:\Windows\system32\DRIVERS\E1G60I32.sys
15:22:23.0139 2472 E1G60 - ok
15:22:23.0186 2472 [ E31464CE787E3A0FFEA55BAA591897F0 ] eamon C:\Windows\system32\DRIVERS\eamon.sys
15:22:23.0217 2472 eamon - ok
15:22:23.0264 2472 [ 90A0A875642E18618010645311B4E89E ] EapHost C:\Windows\System32\eapsvc.dll
15:22:23.0264 2472 EapHost - ok
15:22:23.0327 2472 [ 0EFC7531B936EE57FDB4E837664C509F ] Ecache C:\Windows\system32\drivers\ecache.sys
15:22:23.0342 2472 Ecache - ok
15:22:23.0405 2472 [ 2C95A7A87E4272C1FFF9BAF579677DB3 ] ehdrv C:\Windows\system32\DRIVERS\ehdrv.sys
15:22:23.0420 2472 ehdrv - ok
15:22:23.0483 2472 [ 5E245B6C66122614000ADDFCD41CEDCE ] EhttpSrv C:\Program Files\ESET\ESET NOD32 Antivirus\EHttpSrv.exe
15:22:23.0498 2472 EhttpSrv - ok
15:22:23.0561 2472 [ A5F63285C1B6C4B396D9ACE0DFFC88EF ] ekrn C:\Program Files\ESET\ESET NOD32 Antivirus\ekrn.exe
15:22:23.0607 2472 ekrn - ok
15:22:23.0654 2472 [ 178CC9403816C082D22A1D47FA1F9C85 ] ElbyCDIO C:\Windows\system32\Drivers\ElbyCDIO.sys
15:22:23.0670 2472 ElbyCDIO - ok
15:22:23.0717 2472 [ E8F3F21A71720C84BCF423B80028359F ] elxstor C:\Windows\system32\drivers\elxstor.sys
15:22:23.0795 2472 elxstor - ok
15:22:23.0857 2472 [ 3226FDA08988526E819E364E8CCE4CEE ] EMDMgmt C:\Windows\system32\emdmgmt.dll
15:22:23.0857 2472 EMDMgmt - ok
15:22:23.0919 2472 [ 4699A50183B792D994BE657C68F18E9E ] epfwtdir C:\Windows\system32\DRIVERS\epfwtdir.sys
15:22:23.0966 2472 epfwtdir - ok
15:22:24.0060 2472 [ 7B4971C3D43525175A4EA0D143E0412E ] EventSystem C:\Windows\system32\es.dll
15:22:24.0138 2472 EventSystem - ok
15:22:24.0185 2472 [ 84A317CB0B3954D3768CDCD018DBF670 ] fastfat C:\Windows\system32\drivers\fastfat.sys
15:22:24.0200 2472 fastfat - ok
15:22:24.0231 2472 [ 63BDADA84951B9C03E641800E176898A ] fdc C:\Windows\system32\DRIVERS\fdc.sys
15:22:24.0278 2472 fdc - ok
15:22:24.0325 2472 [ E43BCE1A77D6FD4ED5F8E0482B9E7DF1 ] fdPHost C:\Windows\system32\fdPHost.dll
15:22:24.0325 2472 fdPHost - ok
15:22:24.0341 2472 [ 89ED56DCE8E47AF40892778A5BD31FD2 ] FDResPub C:\Windows\system32\fdrespub.dll
15:22:24.0341 2472 FDResPub - ok
15:22:24.0372 2472 [ 65773D6115C037FFD7EF8280AE85EB9D ] FileInfo C:\Windows\system32\drivers\fileinfo.sys
15:22:24.0419 2472 FileInfo - ok
15:22:24.0450 2472 [ C226DD0DE060745F3E042F58DCF78402 ] Filetrace C:\Windows\system32\drivers\filetrace.sys
15:22:24.0481 2472 Filetrace - ok
15:22:24.0824 2472 [ 1F63900E2EB00101B9ACA2B7A870704E ] FLEXnet Licensing Service C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
15:22:24.0933 2472 FLEXnet Licensing Service - ok
15:22:24.0965 2472 [ 6603957EFF5EC62D25075EA8AC27DE68 ] flpydisk C:\Windows\system32\DRIVERS\flpydisk.sys
15:22:24.0980 2472 flpydisk - ok
15:22:25.0011 2472 [ A6A8DA7AE4D53394AB22AC3AB6D3F5D3 ] FltMgr C:\Windows\system32\drivers\fltmgr.sys
15:22:25.0058 2472 FltMgr - ok
15:22:25.0121 2472 [ C9BE08664611DDAF98E2331E9288B00B ] FontCache3.0.0.0 C:\Windows\Microsoft.Net\Framework\v3.0\WPF\PresentationFontCache.exe
15:22:25.0152 2472 FontCache3.0.0.0 - ok
15:22:25.0167 2472 [ 66A078591208BAA210C7634B11EB392C ] Fs_Rec C:\Windows\system32\drivers\Fs_Rec.sys
15:22:25.0183 2472 Fs_Rec - ok
15:22:25.0214 2472 [ 4E1CD0A45C50A8882616CAE5BF82F3C5 ] gagp30kx C:\Windows\system32\drivers\gagp30kx.sys
15:22:25.0261 2472 gagp30kx - ok
15:22:25.0277 2472 [ 8182FF89C65E4D38B2DE4BB0FB18564E ] GEARAspiWDM C:\Windows\system32\Drivers\GEARAspiWDM.sys
15:22:25.0292 2472 GEARAspiWDM - ok
15:22:25.0308 2472 [ BCF6589C42D8F6A20F33EF133FFE0524 ] gpsvc C:\Windows\System32\gpsvc.dll
15:22:25.0339 2472 gpsvc - ok
15:22:25.0386 2472 [ ED32D389F8B0E74E400932E020BCFBDF ] Hardlock C:\Windows\system32\drivers\hardlock.sys
15:22:25.0448 2472 Hardlock - ok
15:22:25.0479 2472 [ 0DB613A7E427B5663563677796FD5258 ] HDAudBus C:\Windows\system32\DRIVERS\HDAudBus.sys
15:22:25.0479 2472 HDAudBus - ok
15:22:25.0495 2472 [ 1338520E78D90154ED6BE8F84DE5FCEB ] HidBth C:\Windows\system32\drivers\hidbth.sys
15:22:25.0526 2472 HidBth - ok
15:22:25.0526 2472 [ FF3160C3A2445128C5A6D9B076DA519E ] HidIr C:\Windows\system32\drivers\hidir.sys
15:22:25.0557 2472 HidIr - ok
15:22:25.0573 2472 [ 8FA640195279ACE21BEA91396A0054FC ] hidserv C:\Windows\System32\hidserv.dll
15:22:25.0573 2472 hidserv - ok
15:22:25.0604 2472 [ 3C64042B95E583B366BA4E5D2450235E ] HidUsb C:\Windows\system32\DRIVERS\hidusb.sys
15:22:25.0620 2472 HidUsb - ok
15:22:25.0729 2472 [ D40AA05E29BF6ED29B139F044B461E9B ] hkmsvc C:\Windows\system32\kmsvc.dll
15:22:25.0745 2472 hkmsvc - ok
15:22:25.0776 2472 [ DF353B401001246853763C4B7AAA6F50 ] HpCISSs C:\Windows\system32\drivers\hpcisss.sys
15:22:25.0823 2472 HpCISSs - ok
15:22:25.0979 2472 [ 3C3CBA3CE1A66439A960D4531A167C39 ] HTTP C:\Windows\system32\drivers\HTTP.sys
15:22:26.0025 2472 HTTP - ok
15:22:26.0057 2472 [ 324C2152FF2C61ABAE92D09F3CCA4D63 ] i2omp C:\Windows\system32\drivers\i2omp.sys
15:22:26.0119 2472 i2omp - ok
15:22:26.0166 2472 [ 1C9EE072BAA3ABB460B91D7EE9152660 ] i8042prt C:\Windows\system32\DRIVERS\i8042prt.sys
15:22:26.0228 2472 i8042prt - ok
15:22:26.0291 2472 [ C957BF4B5D80B46C5017BF0101E6C906 ] iaStorV C:\Windows\system32\drivers\iastorv.sys
15:22:26.0353 2472 iaStorV - ok
15:22:26.0587 2472 [ DAF66902F08796F9C694901660E5A64A ] IDriverT C:\Program Files\Common Files\InstallShield\Driver\1150\Intel 32\IDriverT.exe
15:22:26.0603 2472 IDriverT - ok
15:22:26.0712 2472 [ 7B630ACAED64FEF0C3E1CF255CB56686 ] idsvc C:\Windows\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe
15:22:26.0977 2472 idsvc - ok
15:22:27.0071 2472 [ 2D077BF86E843F901D8DB709C95B49A5 ] iirsp C:\Windows\system32\drivers\iirsp.sys
15:22:27.0102 2472 iirsp - ok
15:22:27.0258 2472 [ 0C6B7E077C51AD175A135CC75CFEE657 ] IKEEXT C:\Windows\System32\ikeext.dll
15:22:27.0289 2472 IKEEXT - ok
15:22:27.0429 2472 [ E26BD63077D804D0FC71D29A71151010 ] IntcAzAudAddService C:\Windows\system32\drivers\RTKVHDA.sys
15:22:27.0632 2472 IntcAzAudAddService - ok
15:22:27.0835 2472 [ 0084046C084D68E494F8CF36BCF08186 ] intelide C:\Windows\system32\drivers\intelide.sys
15:22:27.0866 2472 intelide - ok
15:22:27.0913 2472 [ CE44CC04262F28216DD4341E9E36A16F ] intelppm C:\Windows\system32\DRIVERS\intelppm.sys
15:22:27.0929 2472 intelppm - ok
15:22:27.0991 2472 [ 88CF5281ED9880D74DC9011CF8B5262D ] IPBusEnum C:\Windows\system32\ipbusenum.dll
15:22:27.0991 2472 IPBusEnum - ok
15:22:28.0007 2472 [ 880C6F86CC3F551B8FEA2C11141268C0 ] IpFilterDriver C:\Windows\system32\DRIVERS\ipfltdrv.sys
15:22:28.0022 2472 IpFilterDriver - ok
15:22:28.0038 2472 IpInIp - ok
15:22:28.0085 2472 [ 40F34F8ABA2A015D780E4B09138B6C17 ] IPMIDRV C:\Windows\system32\drivers\ipmidrv.sys
15:22:28.0100 2472 IPMIDRV - ok
15:22:28.0131 2472 [ 10077C35845101548037DF04FD1A420B ] IPNAT C:\Windows\system32\DRIVERS\ipnat.sys
15:22:28.0178 2472 IPNAT - ok
15:22:28.0256 2472 [ 49918803B661367023BF325CF602AFDC ] iPod Service C:\Program Files\iPod\bin\iPodService.exe
15:22:28.0287 2472 iPod Service - ok
15:22:28.0319 2472 [ A82F328F4792304184642D6D397BB1E3 ] IRENUM C:\Windows\system32\drivers\irenum.sys
15:22:28.0334 2472 IRENUM - ok
15:22:28.0365 2472 [ 2F8ECE2699E7E2070545E9B0960A8ED2 ] isapnp C:\Windows\system32\drivers\isapnp.sys
15:22:28.0412 2472 isapnp - ok
15:22:28.0506 2472 [ 4DCA456D4D5723F8FA9C6760D240B0DF ] iScsiPrt C:\Windows\system32\DRIVERS\msiscsi.sys
15:22:28.0506 2472 iScsiPrt - ok
15:22:28.0537 2472 [ BCED60D16156E428F8DF8CF27B0DF150 ] iteatapi C:\Windows\system32\drivers\iteatapi.sys
15:22:28.0568 2472 iteatapi - ok
15:22:28.0599 2472 [ 06FA654504A498C30ADCA8BEC4E87E7E ] iteraid C:\Windows\system32\drivers\iteraid.sys
15:22:28.0631 2472 iteraid - ok
15:22:28.0662 2472 [ B076B2AB806B3F696DAB21375389101C ] kbdclass C:\Windows\system32\DRIVERS\kbdclass.sys
15:22:28.0693 2472 kbdclass - ok
15:22:28.0740 2472 [ ED61DBC6603F612B7338283EDBACBC4B ] kbdhid C:\Windows\system32\DRIVERS\kbdhid.sys
15:22:28.0755 2472 kbdhid - ok
15:22:28.0771 2472 [ C731B1FE449D4E9CEA358C9D55B69BE9 ] KeyIso C:\Windows\system32\lsass.exe
15:22:28.0787 2472 KeyIso - ok
15:22:28.0896 2472 [ 0A829977B078DEA11641FC2AF87CEADE ] KSecDD C:\Windows\system32\Drivers\ksecdd.sys
15:22:28.0943 2472 KSecDD - ok
15:22:28.0989 2472 [ 45C537FE5DDE9A0146AEFF76E615737D ] KtmRm C:\Windows\system32\msdtckrm.dll
15:22:29.0005 2472 KtmRm - ok
15:22:29.0036 2472 [ 53D1482FC1AA36AC015A85E6CF2146BD ] LanmanServer C:\Windows\System32\srvsvc.dll
15:22:29.0036 2472 LanmanServer - ok
15:22:29.0067 2472 [ 435F0F6DC87A4B5DA78F1FA309884189 ] LanmanWorkstation C:\Windows\System32\wkssvc.dll
15:22:29.0067 2472 LanmanWorkstation - ok
15:22:29.0114 2472 [ FD015B4F95DAA2B712F0E372A116FBAD ] lltdio C:\Windows\system32\DRIVERS\lltdio.sys
15:22:29.0145 2472 lltdio - ok
15:22:29.0239 2472 [ 7450DBCF754391DD6363FFFD5EF0E789 ] lltdsvc C:\Windows\System32\lltdsvc.dll
15:22:29.0255 2472 lltdsvc - ok
15:22:29.0270 2472 [ 35D40113E4A5B961B6CE5C5857702518 ] lmhosts C:\Windows\System32\lmhsvc.dll
15:22:29.0270 2472 lmhosts - ok
15:22:29.0301 2472 [ A2262FB9F28935E862B4DB46438C80D2 ] LSI_FC C:\Windows\system32\drivers\lsi_fc.sys
15:22:29.0317 2472 LSI_FC - ok
15:22:29.0333 2472 [ 30D73327D390F72A62F32C103DAF1D6D ] LSI_SAS C:\Windows\system32\drivers\lsi_sas.sys
15:22:29.0348 2472 LSI_SAS - ok
15:22:29.0364 2472 [ E1E36FEFD45849A95F1AB81DE0159FE3 ] LSI_SCSI C:\Windows\system32\drivers\lsi_scsi.sys
15:22:29.0395 2472 LSI_SCSI - ok
15:22:29.0411 2472 [ 42885BB44B6E065B8575A8DD6C430C52 ] luafv C:\Windows\system32\drivers\luafv.sys
15:22:29.0442 2472 luafv - ok
15:22:29.0504 2472 [ D153B14FC6598EAE8422A2037553ADCE ] megasas C:\Windows\system32\drivers\megasas.sys
15:22:29.0535 2472 megasas - ok
15:22:29.0676 2472 [ 123271BD5237AB991DC5C21FDF8835EB ] Microsoft Office Groove Audit Service C:\Program Files\Microsoft Office\Office12\GrooveAuditService.exe
15:22:29.0801 2472 Microsoft Office Groove Audit Service - ok
15:22:29.0910 2472 [ 9DFA3A459AF0954AA85B4F7622AD87BB ] MMCSS C:\Windows\system32\mmcss.dll
15:22:29.0910 2472 MMCSS - ok
15:22:29.0925 2472 [ 21755967298A46FB6ADFEC9DB6012211 ] Modem C:\Windows\system32\drivers\modem.sys
15:22:29.0957 2472 Modem - ok
15:22:30.0066 2472 [ 7446E104A5FE5987CA9E4983FBAC4F97 ] monitor C:\Windows\system32\DRIVERS\monitor.sys
15:22:30.0066 2472 monitor - ok
15:22:30.0113 2472 [ 5FBA13C1A1841B0885D316ED3589489D ] mouclass C:\Windows\system32\DRIVERS\mouclass.sys
15:22:30.0159 2472 mouclass - ok
15:22:30.0175 2472 [ B569B5C5D3BDE545DF3A6AF512CCCDBA ] mouhid C:\Windows\system32\DRIVERS\mouhid.sys
15:22:30.0191 2472 mouhid - ok
15:22:30.0222 2472 [ 01F1E5A3E4877C931CBB31613FEC16A6 ] MountMgr C:\Windows\system32\drivers\mountmgr.sys
15:22:30.0237 2472 MountMgr - ok
15:22:30.0300 2472 [ 8A7C8F4C713E70D73946833D76B77035 ] MozillaMaintenance C:\Program Files\Mozilla Maintenance Service\maintenanceservice.exe
15:22:30.0300 2472 MozillaMaintenance - ok
15:22:30.0347 2472 [ 583A41F26278D9E0EA548163D6139397 ] mpio C:\Windows\system32\drivers\mpio.sys
15:22:30.0378 2472 mpio - ok
15:22:30.0409 2472 [ 6E7A7F0C1193EE5648443FE2D4B789EC ] mpsdrv C:\Windows\system32\drivers\mpsdrv.sys
15:22:30.0440 2472 mpsdrv - ok
15:22:30.0503 2472 [ 4FBBB70D30FD20EC51F80061703B001E ] Mraid35x C:\Windows\system32\drivers\mraid35x.sys
15:22:30.0518 2472 Mraid35x - ok
15:22:30.0565 2472 [ 1D8828B98EE309D65E006F0829E280E5 ] MRxDAV C:\Windows\system32\drivers\mrxdav.sys
15:22:30.0596 2472 MRxDAV - ok
15:22:30.0627 2472 [ 529B64F9735D27FEF1B8EA1678F8C79E ] mrxsmb C:\Windows\system32\DRIVERS\mrxsmb.sys
15:22:30.0659 2472 mrxsmb - ok
15:22:30.0690 2472 [ 2BBD3970018270D2C6A0B069F568154E ] mrxsmb10 C:\Windows\system32\DRIVERS\mrxsmb10.sys
15:22:30.0721 2472 mrxsmb10 - ok
15:22:30.0783 2472 [ 30A67C7D8B80281028916DED6A64AEC9 ] mrxsmb20 C:\Windows\system32\DRIVERS\mrxsmb20.sys
15:22:30.0815 2472 mrxsmb20 - ok
15:22:30.0846 2472 [ D420BC42A637AC3CC4F411220549C0DC ] msahci C:\Windows\system32\drivers\msahci.sys
15:22:30.0908 2472 msahci - ok
15:22:31.0095 2472 [ 8E46A7BAC823DD82D4FB2A34C3DF4C1D ] MSCSPTISRV C:\Program Files\Common Files\Sony Shared\AVLib\MSCSPTISRV.exe
15:22:31.0095 2472 MSCSPTISRV - ok
15:22:31.0111 2472 [ 3FC82A2AE4CC149165A94699183D3028 ] msdsm C:\Windows\system32\drivers\msdsm.sys
15:22:31.0158 2472 msdsm - ok
15:22:31.0189 2472 [ BC64A92D821EFEA8BAB8E8CAF1B668BC ] MSDTC C:\Windows\System32\msdtc.exe
15:22:31.0205 2472 MSDTC - ok
15:22:31.0236 2472 [ 729EAFEFD4E7417165F353A18DBE947D ] Msfs C:\Windows\system32\drivers\Msfs.sys
15:22:31.0251 2472 Msfs - ok
15:22:31.0283 2472 [ 207DF26DBB2537C20276DA0E15892274 ] msisadrv C:\Windows\system32\drivers\msisadrv.sys
15:22:31.0314 2472 msisadrv - ok
15:22:31.0329 2472 [ 8ACF956D9154E893E789881430C12632 ] MSiSCSI C:\Windows\system32\iscsiexe.dll
15:22:31.0345 2472 MSiSCSI - ok
15:22:31.0361 2472 msiserver - ok
15:22:31.0376 2472 [ 892CEDEFA7E0FFE7BE8DA651B651D047 ] MSKSSRV C:\Windows\system32\drivers\MSKSSRV.sys
15:22:31.0407 2472 MSKSSRV - ok
15:22:31.0439 2472 [ AE2CB1DA69B2676B4CEE2A501AF5871C ] MSPCLOCK C:\Windows\system32\drivers\MSPCLOCK.sys
15:22:31.0454 2472 MSPCLOCK - ok
15:22:31.0454 2472 [ F910DA84FA90C44A3ADDB7CD874463FD ] MSPQM C:\Windows\system32\drivers\MSPQM.sys
15:22:31.0470 2472 MSPQM - ok
15:22:31.0485 2472 [ 84571C0AE07647BA38D493F5F0015DF7 ] MsRPC C:\Windows\system32\drivers\MsRPC.sys
15:22:31.0501 2472 MsRPC - ok
15:22:31.0517 2472 [ 7DBAA028F625AA46B95DDA4FBE4B602B ] mssmbios C:\Windows\system32\DRIVERS\mssmbios.sys
15:22:31.0517 2472 mssmbios - ok
15:22:31.0595 2472 MSSQL$ACT7 - ok
15:22:31.0657 2472 [ C06EA83F6FC2959E897C117255B6B1D5 ] MSSQLServerADHelper C:\Program Files\Microsoft SQL Server\90\Shared\sqladhlp90.exe
15:22:31.0673 2472 MSSQLServerADHelper - ok
15:22:31.0704 2472 [ C826DD1373F38AFD9CA46EC3C436A14E ] MSTEE C:\Windows\system32\drivers\MSTEE.sys
15:22:31.0751 2472 MSTEE - ok
15:22:31.0751 2472 [ FA7AA70050CF5E2D15DE00941E5665E5 ] Mup C:\Windows\system32\Drivers\mup.sys
15:22:31.0813 2472 Mup - ok
15:22:31.0907 2472 [ 1CDBB5D002FE2BC5300AA20550D8A52E ] napagent C:\Windows\system32\qagentRT.dll
15:22:31.0922 2472 napagent - ok
15:22:31.0969 2472 [ 1D162E52FB691EB555A476B04B4BFF3F ] NativeWifiP C:\Windows\system32\DRIVERS\nwifi.sys
15:22:32.0063 2472 NativeWifiP - ok
15:22:32.0203 2472 [ 227C11E1E7CF6EF8AFB2A238D209760C ] NDIS C:\Windows\system32\drivers\ndis.sys
15:22:32.0359 2472 NDIS - ok
15:22:32.0390 2472 [ 81659CDCBD0F9A9E07E6878AD8C78D3F ] NdisTapi C:\Windows\system32\DRIVERS\ndistapi.sys
15:22:32.0421 2472 NdisTapi - ok
15:22:32.0484 2472 [ 5DE5EE546BF40838EBE0E01CB629DF64 ] Ndisuio C:\Windows\system32\DRIVERS\ndisuio.sys
15:22:32.0499 2472 Ndisuio - ok
15:22:32.0515 2472 [ 397402ADCBB8946223A1950101F6CD94 ] NdisWan C:\Windows\system32\DRIVERS\ndiswan.sys
15:22:32.0531 2472 NdisWan - ok
15:22:32.0546 2472 [ 1B24FA907AF283199A81B3BB37E5E526 ] NDProxy C:\Windows\system32\drivers\NDProxy.sys
15:22:32.0577 2472 NDProxy - ok
15:22:32.0593 2472 [ 356DBB9F98E8DC1028DD3092FCEEB877 ] NetBIOS C:\Windows\system32\DRIVERS\netbios.sys
15:22:32.0609 2472 NetBIOS - ok
15:22:32.0624 2472 [ E3A168912E7EEFC3BD3B814720D68B41 ] netbt C:\Windows\system32\DRIVERS\netbt.sys
15:22:32.0671 2472 netbt - ok
15:22:32.0671 2472 [ C731B1FE449D4E9CEA358C9D55B69BE9 ] Netlogon C:\Windows\system32\lsass.exe
15:22:32.0671 2472 Netlogon - ok
15:22:32.0702 2472 [ 90A4DAE28B94497F83BEA0F2A3B77092 ] Netman C:\Windows\System32\netman.dll
15:22:32.0718 2472 Netman - ok
15:22:32.0749 2472 [ 0AD5876EF4E9EB77C8F93EB5B2FFF386 ] NetMsmqActivator C:\Windows\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe
15:22:32.0765 2472 NetMsmqActivator - ok
15:22:32.0780 2472 [ 0AD5876EF4E9EB77C8F93EB5B2FFF386 ] NetPipeActivator C:\Windows\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe
15:22:32.0780 2472 NetPipeActivator - ok
15:22:32.0796 2472 [ 7C5C3D9CEEE838856B828AB6F98A2857 ] netprofm C:\Windows\System32\netprofm.dll
15:22:32.0811 2472 netprofm - ok
15:22:32.0827 2472 [ 0AD5876EF4E9EB77C8F93EB5B2FFF386 ] NetTcpActivator C:\Windows\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe
15:22:32.0827 2472 NetTcpActivator - ok
15:22:32.0843 2472 [ 0AD5876EF4E9EB77C8F93EB5B2FFF386 ] NetTcpPortSharing C:\Windows\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe
15:22:32.0843 2472 NetTcpPortSharing - ok
15:22:32.0889 2472 [ 2E7FB731D4790A1BC6270ACCEFACB36E ] nfrd960 C:\Windows\system32\drivers\nfrd960.sys
15:22:32.0952 2472 nfrd960 - ok
15:22:33.0030 2472 [ C424117A562F2DE37A42266894C79AEB ] NlaSvc C:\Windows\System32\nlasvc.dll
15:22:33.0030 2472 NlaSvc - ok
15:22:33.0077 2472 NMIndexingService - ok
15:22:33.0092 2472 nmwcd - ok


Report •

#32
March 12, 2013 at 17:53:39
TDSS (Second part):

15:22:33.0155 2472 [ B9730495E0CF674680121E34BD95A73B ] NPF C:\Windows\system32\drivers\npf.sys
15:22:33.0155 2472 NPF - ok
15:22:33.0186 2472 [ 4F9832BEB9FAFD8CEB0E541F1323B26E ] Npfs C:\Windows\system32\drivers\Npfs.sys
15:22:33.0201 2472 Npfs - ok
15:22:33.0217 2472 [ 23B8201A363DE0E649FC75EE9874DEE2 ] nsi C:\Windows\system32\nsisvc.dll
15:22:33.0233 2472 nsi - ok
15:22:33.0279 2472 [ B488DFEC274DE1FC9D653870EF2587BE ] nsiproxy C:\Windows\system32\drivers\nsiproxy.sys
15:22:33.0311 2472 nsiproxy - ok
15:22:33.0591 2472 [ 37430AA7A66D7A63407ADC2C0D05E9F6 ] Ntfs C:\Windows\system32\drivers\Ntfs.sys
15:22:33.0654 2472 Ntfs - ok
15:22:33.0701 2472 [ E875C093AEC0C978A90F30C9E0DFBB72 ] ntrigdigi C:\Windows\system32\drivers\ntrigdigi.sys
15:22:33.0747 2472 ntrigdigi - ok
15:22:33.0794 2472 [ EC5EFB3C60F1B624648344A328BCE596 ] Null C:\Windows\system32\drivers\Null.sys
15:22:33.0794 2472 Null - ok
15:22:33.0888 2472 [ C7859D19648D45EE888666C044ECAB23 ] NVENETFD C:\Windows\system32\DRIVERS\nvmfdx32.sys
15:22:33.0950 2472 NVENETFD - ok
15:22:34.0715 2472 [ E572EBF0A86A76E7CFCAAB00648F0F83 ] nvlddmkm C:\Windows\system32\DRIVERS\nvlddmkm.sys
15:22:35.0151 2472 nvlddmkm - ok
15:22:35.0214 2472 [ E69E946F80C1C31C53003BFBF50CBB7C ] nvraid C:\Windows\system32\drivers\nvraid.sys
15:22:35.0292 2472 nvraid - ok
15:22:35.0323 2472 [ 4A5FCAB82D9BF6AF8A023A66802FE9E9 ] nvstor C:\Windows\system32\drivers\nvstor.sys
15:22:35.0370 2472 nvstor - ok
15:22:35.0417 2472 [ 5FBF62A83B551F757112B4A0C27432EC ] nvstor32 C:\Windows\system32\DRIVERS\nvstor32.sys
15:22:35.0417 2472 nvstor32 - ok
15:22:35.0479 2472 [ F397A6FA4B83D243AD25A1DC401237A0 ] nvsvc C:\Windows\system32\nvvsvc.exe
15:22:35.0510 2472 nvsvc - ok
15:22:35.0526 2472 [ 055081FD5076401C1EE1BCAB08D81911 ] nv_agp C:\Windows\system32\drivers\nv_agp.sys
15:22:35.0573 2472 nv_agp - ok
15:22:35.0588 2472 NwlnkFlt - ok
15:22:35.0619 2472 NwlnkFwd - ok
15:22:35.0760 2472 [ 785F487A64950F3CB8E9F16253BA3B7B ] odserv C:\Program Files\Common Files\Microsoft Shared\OFFICE12\ODSERV.EXE
15:22:35.0807 2472 odserv - ok
15:22:35.0853 2472 [ BE32DA025A0BE1878F0EE8D6D9386CD5 ] ohci1394 C:\Windows\system32\drivers\ohci1394.sys
15:22:35.0869 2472 ohci1394 - ok
15:22:35.0916 2472 [ 5A432A042DAE460ABE7199B758E8606C ] ose C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE
15:22:35.0916 2472 ose - ok
15:22:35.0963 2472 [ 4CDADEC3DC1300EE1D313EA5494E6472 ] ovt519 C:\Windows\system32\Drivers\ov519vid.sys
15:22:35.0994 2472 ovt519 - ok
15:22:36.0384 2472 [ F646E128BE4C7FAD952E7876C97984D6 ] P17 C:\Windows\system32\drivers\P17.sys
15:22:36.0462 2472 P17 - ok
15:22:36.0509 2472 [ 016D01D3B8FB976A193C7434BED8DCCF ] p2pimsvc C:\Windows\system32\p2psvc.dll
15:22:36.0540 2472 p2pimsvc - ok
15:22:36.0602 2472 [ 016D01D3B8FB976A193C7434BED8DCCF ] p2psvc C:\Windows\system32\p2psvc.dll
15:22:36.0602 2472 p2psvc - ok
15:22:36.0633 2472 [ 753A8F339F231D2B857E2CCD51A6E6CA ] PACSPTISVR C:\Program Files\Common Files\Sony Shared\AVLib\PACSPTISVR.exe
15:22:36.0649 2472 PACSPTISVR - ok
15:22:36.0711 2472 [ 0FA9B5055484649D63C303FE404E5F4D ] Parport C:\Windows\system32\drivers\parport.sys
15:22:36.0743 2472 Parport - ok
15:22:36.0774 2472 [ 84BE786F33FDBD8765E05DF3B7F5B9E6 ] partmgr C:\Windows\system32\drivers\partmgr.sys
15:22:36.0805 2472 partmgr - ok
15:22:36.0836 2472 [ 4F9A6A8A31413180D0FCB279AD5D8112 ] Parvdm C:\Windows\system32\drivers\parvdm.sys
15:22:36.0867 2472 Parvdm - ok
15:22:36.0945 2472 [ D8C5C215C932233A4F1D7F368F4E4E65 ] PcaSvc C:\Windows\System32\pcasvc.dll
15:22:36.0961 2472 PcaSvc - ok
15:22:36.0992 2472 [ BDD96F9CF34D58958AFF1BE6EF4C8020 ] pci C:\Windows\system32\drivers\pci.sys
15:22:37.0055 2472 pci - ok
15:22:37.0086 2472 [ B2FC76090EF1003463CCB07CABB35CFF ] pciide C:\Windows\system32\drivers\pciide.sys
15:22:37.0117 2472 pciide - ok
15:22:37.0164 2472 [ E6F3FB1B86AA519E7698AD05E58B04E5 ] pcmcia C:\Windows\system32\drivers\pcmcia.sys
15:22:37.0195 2472 pcmcia - ok
15:22:37.0242 2472 [ 6349F6ED9C623B44B52EA3C63C831A92 ] PEAUTH C:\Windows\system32\drivers\peauth.sys
15:22:37.0304 2472 PEAUTH - ok
15:22:37.0460 2472 [ CD05A38D166BEADE18030BAFC0C0A939 ] pla C:\Windows\system32\pla.dll
15:22:37.0538 2472 pla - ok
15:22:37.0647 2472 [ 747BB4C31F3B6E8D1B5ED0AD61518CB5 ] PlugPlay C:\Windows\system32\umpnpmgr.dll
15:22:37.0663 2472 PlugPlay - ok
15:22:37.0710 2472 [ 016D01D3B8FB976A193C7434BED8DCCF ] PNRPAutoReg C:\Windows\system32\p2psvc.dll
15:22:37.0725 2472 PNRPAutoReg - ok
15:22:37.0819 2472 [ 016D01D3B8FB976A193C7434BED8DCCF ] PNRPsvc C:\Windows\system32\p2psvc.dll
15:22:37.0835 2472 PNRPsvc - ok
15:22:37.0959 2472 [ 5EBDEC613BD377CE9A85382BE5C6B83B ] PolicyAgent C:\Windows\System32\ipsecsvc.dll
15:22:37.0975 2472 PolicyAgent - ok
15:22:38.0022 2472 [ C04DEC5ACE67C5247B150C4223970BB7 ] PptpMiniport C:\Windows\system32\DRIVERS\raspptp.sys
15:22:38.0100 2472 PptpMiniport - ok
15:22:38.0131 2472 [ 0E3CEF5D28B40CF273281D620C50700A ] Processor C:\Windows\system32\drivers\processr.sys
15:22:38.0193 2472 Processor - ok
15:22:38.0225 2472 [ 213112E152E68F0E4705E36F052A2880 ] ProfSvc C:\Windows\system32\profsvc.dll
15:22:38.0225 2472 ProfSvc - ok
15:22:38.0240 2472 [ C731B1FE449D4E9CEA358C9D55B69BE9 ] ProtectedStorage C:\Windows\system32\lsass.exe
15:22:38.0240 2472 ProtectedStorage - ok
15:22:38.0271 2472 [ 2C8BAE55247C4E09352E870292E4D1AB ] PSched C:\Windows\system32\DRIVERS\pacer.sys
15:22:38.0318 2472 PSched - ok
15:22:38.0349 2472 [ 1962166E0CEB740704F30FA55AD3D509 ] PxHelp20 C:\Windows\system32\Drivers\PxHelp20.sys
15:22:38.0381 2472 PxHelp20 - ok
15:22:38.0552 2472 [ CCDAC889326317792480C0A67156A1EC ] ql2300 C:\Windows\system32\drivers\ql2300.sys
15:22:38.0630 2472 ql2300 - ok
15:22:38.0646 2472 [ 81A7E5C076E59995D54BC1ED3A16E60B ] ql40xx C:\Windows\system32\drivers\ql40xx.sys
15:22:38.0677 2472 ql40xx - ok
15:22:38.0724 2472 [ CA61BDFD3713A7CE75F2812AFC431594 ] QWAVE C:\Windows\system32\qwave.dll
15:22:38.0849 2472 QWAVE - ok
15:23:39.0408 2472 [ D2B3E2B7426DC23E185FBC73C8936C12 ] QWAVEdrv C:\Windows\system32\drivers\qwavedrv.sys
15:23:39.0798 2472 QWAVEdrv - ok
15:23:42.0637 2472 [ E642B131FB74CAF4BB8A014F31113142 ] R300 C:\Windows\system32\DRIVERS\atikmdag.sys
15:23:44.0197 2472 R300 - ok
15:23:44.0915 2472 [ 9054C4B91761773F0EFA59BED70C54B6 ] RapportCerberus_42020 C:\ProgramData\Trusteer\Rapport\store\exts\RapportCerberus\baseline\RapportCerberus32_42020.sys
15:23:44.0961 2472 RapportCerberus_42020 - ok
15:23:45.0117 2472 [ 032C53D286711390505A2DA074B36401 ] RapportEI C:\Program Files\Trusteer\Rapport\bin\RapportEI.sys
15:23:45.0180 2472 RapportEI - ok
15:23:45.0273 2472 [ 35199EC35EDC7DCBA71FDA711DFB05C0 ] RapportIaso c:\programdata\trusteer\rapport\store\exts\rapportms\39624\rapportiaso.sys
15:23:45.0367 2472 RapportIaso - ok
15:23:45.0414 2472 [ 91FBC51EAC56DF03A8FE409C5CAF260D ] RapportKELL C:\Windows\system32\Drivers\RapportKELL.sys
15:23:45.0461 2472 RapportKELL - ok
15:23:45.0570 2472 [ 57195D4E4E6F2F9E38BA586C37ACD83A ] RapportPG C:\Program Files\Trusteer\Rapport\bin\RapportPG.sys
15:23:45.0601 2472 RapportPG - ok
15:23:45.0617 2472 [ BD7B30F55B3649506DD8B3D38F571D2A ] RasAcd C:\Windows\system32\DRIVERS\rasacd.sys
15:23:45.0632 2472 RasAcd - ok
15:23:45.0663 2472 [ F14F4AAB9F54D099FE99192BDB100AC9 ] RasAuto C:\Windows\System32\rasauto.dll
15:23:45.0679 2472 RasAuto - ok
15:23:45.0710 2472 [ 68B0019FEE429EC49D29017AF937E482 ] Rasl2tp C:\Windows\system32\DRIVERS\rasl2tp.sys
15:23:45.0741 2472 Rasl2tp - ok
15:23:45.0773 2472 [ 11D65E29BC9D1E4114D18FE68194394C ] RasMan C:\Windows\System32\rasmans.dll
15:23:45.0851 2472 RasMan - ok
15:23:45.0882 2472 [ CCF4E9C6CBBAC81437F88CB2AE0B6C96 ] RasPppoe C:\Windows\system32\DRIVERS\raspppoe.sys
15:23:45.0913 2472 RasPppoe - ok
15:23:45.0991 2472 [ 54129C5D9581BBEC8BD1EBD3BA813F47 ] rdbss C:\Windows\system32\DRIVERS\rdbss.sys
15:23:46.0007 2472 rdbss - ok
15:23:46.0038 2472 [ 794585276B5D7FCA9F3FC15543F9F0B9 ] RDPCDD C:\Windows\system32\DRIVERS\RDPCDD.sys
15:23:46.0053 2472 RDPCDD - ok
15:23:46.0116 2472 [ 0245418224CFA77BF4B41C2FE0622258 ] rdpdr C:\Windows\system32\drivers\rdpdr.sys
15:23:46.0163 2472 rdpdr - ok
15:23:46.0163 2472 [ 980B56E2E273E19D3A9D72D5C420F008 ] RDPENCDD C:\Windows\system32\drivers\rdpencdd.sys
15:23:46.0194 2472 RDPENCDD - ok
15:23:46.0256 2472 [ E2AFAC98FC6CA2AD2D09F2DE1BC71AD9 ] RDPWD C:\Windows\system32\drivers\RDPWD.sys
15:23:46.0319 2472 RDPWD - ok
15:23:46.0350 2472 [ 6C1A43C589EE8011A1EBFD51C01B77CE ] RemoteAccess C:\Windows\System32\mprdim.dll
15:23:46.0397 2472 RemoteAccess - ok
15:23:46.0537 2472 [ 9A043808667C8C1893DA7275AF373F0E ] RemoteRegistry C:\Windows\system32\regsvc.dll
15:23:46.0615 2472 RemoteRegistry - ok
15:23:46.0693 2472 [ 4F4A4C09CC5BE58A76CAC1C337E004E6 ] RimUsb C:\Windows\system32\Drivers\RimUsb.sys
15:23:46.0755 2472 RimUsb - ok
15:23:46.0818 2472 [ 3A5633AD615E2B15291BD0B1B97CCD8A ] RimVSerPort C:\Windows\system32\DRIVERS\RimSerial.sys
15:23:46.0833 2472 RimVSerPort - ok
15:23:46.0880 2472 [ D49D61312B273DE069584D48C81C8B1D ] ROOTMODEM C:\Windows\system32\Drivers\RootMdm.sys
15:23:46.0911 2472 ROOTMODEM - ok
15:23:47.0067 2472 [ EBCDE8B48FADC6479D96A56D0A432160 ] RoxMediaDB9 C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxMediaDB9.exe
15:23:47.0192 2472 RoxMediaDB9 - ok
15:23:47.0223 2472 [ AB2B1DE1C8F31EFCE2384B14B3DC4260 ] RoxWatch9 C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxWatch9.exe
15:23:47.0239 2472 RoxWatch9 - ok
15:23:47.0348 2472 [ A780D3EAA74582EA1DEB6BD9C7A3D9C9 ] rpcapd C:\Program Files\WinPcap\rpcapd.exe
15:23:47.0379 2472 rpcapd - ok
15:23:47.0442 2472 [ 5123F83CBC4349D065534EEB6BBDC42B ] RpcLocator C:\Windows\system32\locator.exe
15:23:47.0457 2472 RpcLocator - ok
15:23:47.0645 2472 [ 7B981222A257D076885BFFB66F19B7CE ] RpcSs C:\Windows\System32\rpcss.dll
15:23:47.0660 2472 RpcSs - ok
15:23:47.0676 2472 [ 97E939D2128FEC5D5A3E6E79B290A2F4 ] rspndr C:\Windows\system32\DRIVERS\rspndr.sys
15:23:47.0723 2472 rspndr - ok
15:23:47.0847 2472 [ C731B1FE449D4E9CEA358C9D55B69BE9 ] SamSs C:\Windows\system32\lsass.exe
15:23:47.0847 2472 SamSs - ok
15:23:47.0941 2472 [ 3CE8F073A557E172B330109436984E30 ] sbp2port C:\Windows\system32\drivers\sbp2port.sys
15:23:47.0988 2472 sbp2port - ok
15:23:48.0050 2472 [ 565B4B9E5AD2F2F18A4F8AAFA6C06BBB ] SCardSvr C:\Windows\System32\SCardSvr.dll
15:23:48.0050 2472 SCardSvr - ok
15:23:48.0113 2472 [ 886CEC884B5BE29AB9828B8AB46B11F7 ] Schedule C:\Windows\system32\schedsvc.dll
15:23:48.0144 2472 Schedule - ok
15:23:48.0144 2472 [ 0600E04315FE543802A379D5D23C8BE0 ] SCPolicySvc C:\Windows\System32\certprop.dll
15:23:48.0159 2472 SCPolicySvc - ok
15:23:48.0175 2472 [ F7B6BF02240D0A764ADF8C8966735552 ] SDRSVC C:\Windows\System32\SDRSVC.dll
15:23:48.0222 2472 SDRSVC - ok
15:23:48.0237 2472 [ 90A3935D05B494A5A39D37E71F09A677 ] secdrv C:\Windows\system32\drivers\secdrv.sys
15:23:48.0269 2472 secdrv - ok
15:23:48.0269 2472 [ 8388C4133DDBE62AD7BC3EC9F14271ED ] seclogon C:\Windows\system32\seclogon.dll
15:23:48.0269 2472 seclogon - ok
15:23:48.0284 2472 [ 34350AE2C1D33D21C7305F861BD8DAD8 ] SENS C:\Windows\system32\sens.dll
15:23:48.0300 2472 SENS - ok
15:23:48.0331 2472 [ 68E44E331D46F0FB38F0863A84CD1A31 ] Serenum C:\Windows\system32\drivers\serenum.sys
15:23:48.0362 2472 Serenum - ok
15:23:48.0378 2472 [ C70D69A918B178D3C3B06339B40C2E1B ] Serial C:\Windows\system32\drivers\serial.sys
15:23:48.0409 2472 Serial - ok
15:23:48.0409 2472 [ 450ACCD77EC5CEA720C1CDB9E26B953B ] sermouse C:\Windows\system32\drivers\sermouse.sys
15:23:48.0471 2472 sermouse - ok
15:23:48.0503 2472 [ 78878235DA4DF0D116E86837A0A21DF8 ] SessionEnv C:\Windows\system32\sessenv.dll
15:23:48.0518 2472 SessionEnv - ok
15:23:48.0534 2472 [ B7018644E132A8DFB12ED90106E06739 ] sfdrv01 C:\Windows\system32\drivers\sfdrv01.sys
15:23:48.0581 2472 sfdrv01 - ok
15:23:48.0612 2472 [ 51CF56AA8BCC241F134B420B8F850406 ] sffdisk C:\Windows\system32\drivers\sffdisk.sys
15:23:48.0627 2472 sffdisk - ok
15:23:48.0643 2472 [ 96DED8B20C734AC41641CE275250E55D ] sffp_mmc C:\Windows\system32\drivers\sffp_mmc.sys
15:23:48.0674 2472 sffp_mmc - ok
15:23:48.0674 2472 [ 8B08CAB1267B2C377883FC9E56981F90 ] sffp_sd C:\Windows\system32\drivers\sffp_sd.sys
15:23:48.0721 2472 sffp_sd - ok
15:23:48.0752 2472 [ DAAD4C099EBF5094D32C373AC1AC0F3C ] sfhlp02 C:\Windows\system32\drivers\sfhlp02.sys
15:23:48.0783 2472 sfhlp02 - ok
15:23:48.0799 2472 [ 46ED8E91793B2E6F848015445A0AC188 ] sfloppy C:\Windows\system32\drivers\sfloppy.sys
15:23:48.0846 2472 sfloppy - ok
15:23:48.0893 2472 [ EDE558E6C29BFDC46DA852EC3B51DF99 ] sfsync03 C:\Windows\system32\drivers\sfsync03.sys
15:23:48.0939 2472 sfsync03 - ok
15:23:49.0173 2472 [ 9A82BF4C90B00A63150A606A1E2FD82B ] SharedAccess C:\Windows\System32\ipnathlp.dll
15:23:49.0189 2472 SharedAccess - ok
15:23:49.0470 2472 [ B264DFA21677728613267FE63802B332 ] ShellHWDetection C:\Windows\System32\shsvcs.dll
15:23:49.0501 2472 ShellHWDetection - ok
15:23:49.0517 2472 [ 08072B2FB92477FC813271A84B3A8698 ] sisagp C:\Windows\system32\drivers\sisagp.sys
15:23:49.0595 2472 sisagp - ok
15:23:49.0610 2472 [ CEDD6F4E7D84E9F98B34B3FE988373AA ] SiSRaid2 C:\Windows\system32\drivers\sisraid2.sys
15:23:49.0657 2472 SiSRaid2 - ok
15:23:49.0657 2472 [ DF843C528C4F69D12CE41CE462E973A7 ] SiSRaid4 C:\Windows\system32\drivers\sisraid4.sys
15:23:49.0688 2472 SiSRaid4 - ok
15:23:49.0766 2472 [ A1DCD30534835CB67733AD00175125A6 ] slsvc C:\Windows\system32\SLsvc.exe
15:23:49.0875 2472 slsvc - ok
15:23:49.0907 2472 [ 56DA296E7B376A727E7BDC5AC7FBEE02 ] SLUINotify C:\Windows\system32\SLUINotify.dll
15:23:49.0938 2472 SLUINotify - ok
15:23:49.0969 2472 [ 46BAF398809A0F3B2D3300A1760E4B91 ] Smb C:\Windows\system32\DRIVERS\smb.sys
15:23:49.0985 2472 Smb - ok
15:23:50.0016 2472 [ 2A146A055B4401C16EE62D18B8E2A032 ] SNMPTRAP C:\Windows\System32\snmptrap.exe
15:23:50.0031 2472 SNMPTRAP - ok
15:23:50.0047 2472 [ 426F9B029AA9162CECCF65369457D046 ] spldr C:\Windows\system32\drivers\spldr.sys
15:23:50.0078 2472 spldr - ok
15:23:50.0109 2472 [ DA612EF2556776DF2630B68BF2D48935 ] Spooler C:\Windows\System32\spoolsv.exe
15:23:50.0125 2472 Spooler - ok
15:23:50.0156 2472 sprtsvc_dellsupportcenter - ok
15:23:50.0187 2472 [ E3E6C96B0EF4492C3C8FD0DEEF4E35A1 ] SPTISRV C:\Program Files\Common Files\Sony Shared\AVLib\SPTISRV.exe
15:23:50.0203 2472 SPTISRV - ok
15:23:50.0219 2472 [ B2EC3E1DEAC5F0A764BD3486D213A0AF ] SQLBrowser C:\Program Files\Microsoft SQL Server\90\Shared\sqlbrowser.exe
15:23:50.0250 2472 SQLBrowser - ok
15:23:50.0297 2472 [ D2F4F32B59440011174B4F8137AF4E0C ] SQLWriter C:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe
15:23:50.0297 2472 SQLWriter - ok
15:23:50.0390 2472 [ C962E98179E54B769028C025C7E470A5 ] srv C:\Windows\system32\DRIVERS\srv.sys
15:23:50.0421 2472 srv - ok
15:23:50.0453 2472 [ 6971A757AF8CB5E2CBCBB76CC530DB6C ] srv2 C:\Windows\system32\DRIVERS\srv2.sys
15:23:50.0484 2472 srv2 - ok
15:23:50.0499 2472 [ CD11A0767E82DD8B1A3A26D305DBEC0F ] srvnet C:\Windows\system32\DRIVERS\srvnet.sys
15:23:50.0515 2472 srvnet - ok
15:23:50.0624 2472 [ 8D3E4BAFF8B3997138C38EB1B600519A ] SSDPSRV C:\Windows\System32\ssdpsrv.dll
15:23:50.0687 2472 SSDPSRV - ok
15:23:50.0733 2472 [ DF5C19F053EFF7F8BA25D73AEA899656 ] ssm_bus C:\Windows\system32\DRIVERS\ssm_bus.sys
15:23:50.0765 2472 ssm_bus - ok
15:23:50.0780 2472 [ 5347169FA449EABC4D0728AE39FAB926 ] ssm_mdfl C:\Windows\system32\DRIVERS\ssm_mdfl.sys
15:23:50.0811 2472 ssm_mdfl - ok
15:23:50.0827 2472 [ 7AAE23DD105EED15C4F45FC269FA42A9 ] ssm_mdm C:\Windows\system32\DRIVERS\ssm_mdm.sys
15:23:50.0858 2472 ssm_mdm - ok
15:23:51.0045 2472 [ A941E099EF46E3CC12F898CBE1C39910 ] stisvc C:\Windows\System32\wiaservc.dll
15:23:51.0092 2472 stisvc - ok
15:23:51.0155 2472 [ 51778FD315C9882F1CBD932743E62A72 ] stllssvr C:\Program Files\Common Files\SureThing Shared\stllssvr.exe
15:23:51.0155 2472 stllssvr - ok
15:23:51.0201 2472 [ 3B80B4383C9BCE13279C8482734B32B2 ] swenum C:\Windows\system32\DRIVERS\swenum.sys
15:23:51.0217 2472 swenum - ok
15:23:51.0311 2472 [ 749ADA8D6C18A08ADFEDE69CBF5DB2E0 ] swprv C:\Windows\System32\swprv.dll
15:23:51.0342 2472 swprv - ok
15:23:51.0357 2472 [ 192AA3AC01DF071B541094F251DEED10 ] Symc8xx C:\Windows\system32\drivers\symc8xx.sys
15:23:51.0404 2472 Symc8xx - ok
15:23:51.0435 2472 [ 8C8EB8C76736EBAF3B13B633B2E64125 ] Sym_hi C:\Windows\system32\drivers\sym_hi.sys
15:23:51.0467 2472 Sym_hi - ok
15:23:51.0482 2472 [ 8072AF52B5FD103BBBA387A1E49F62CB ] Sym_u3 C:\Windows\system32\drivers\sym_u3.sys
15:23:51.0498 2472 Sym_u3 - ok
15:23:51.0529 2472 [ 8F2B5FEDE18BD3C4C926CBF88E6F1264 ] SysMain C:\Windows\system32\sysmain.dll
15:23:51.0560 2472 SysMain - ok
15:23:51.0591 2472 [ 2DCA225EAE15F42C0933E998EE0231C3 ] TabletInputService C:\Windows\System32\TabSvc.dll
15:23:51.0591 2472 TabletInputService - ok
15:23:51.0607 2472 [ EF3DD33C740FC2F82E7E4622F1C49289 ] TapiSrv C:\Windows\System32\tapisrv.dll
15:23:51.0607 2472 TapiSrv - ok
15:23:51.0638 2472 [ 5D8C820E2D885C25FFC6BBC5D4FE073C ] tbhsd C:\Windows\system32\drivers\tbhsd.sys
15:23:51.0654 2472 tbhsd - ok
15:23:51.0669 2472 [ 68FA52794AE9ACC61BDE16FE0956B414 ] TBS C:\Windows\System32\tbssvc.dll
15:23:51.0669 2472 TBS - ok
15:23:51.0716 2472 [ 2512B4D1353370D6688B1AF1F5AFA1CF ] Tcpip C:\Windows\system32\drivers\tcpip.sys
15:23:51.0747 2472 Tcpip - ok
15:23:51.0779 2472 [ 2512B4D1353370D6688B1AF1F5AFA1CF ] Tcpip6 C:\Windows\system32\DRIVERS\tcpip.sys
15:23:51.0779 2472 Tcpip6 - ok
15:23:51.0810 2472 [ 5CE0C4A7B12D0067DAD527D72B68C726 ] tcpipreg C:\Windows\system32\drivers\tcpipreg.sys
15:23:51.0841 2472 tcpipreg - ok
15:23:51.0872 2472 [ 964248AEF49C31FA6A93201A73FFAF50 ] TDPIPE C:\Windows\system32\drivers\tdpipe.sys
15:23:51.0903 2472 TDPIPE - ok
15:23:52.0028 2472 [ 7D2C1AE1648A60FCE4AA0F7982E419D3 ] TDTCP C:\Windows\system32\drivers\tdtcp.sys
15:23:52.0044 2472 TDTCP - ok
15:23:52.0075 2472 [ AB4FDE8AF4A0270A46A001C08CBCE1C2 ] tdx C:\Windows\system32\DRIVERS\tdx.sys
15:23:52.0106 2472 tdx - ok
15:23:52.0106 2472 [ 849ED71967D45F15C3E0ABFC633FDF2A ] TermDD C:\Windows\system32\DRIVERS\termdd.sys
15:23:52.0137 2472 TermDD - ok
15:23:52.0200 2472 [ FAD71C1E8E4047B154E899AE31EB8CAA ] TermService C:\Windows\System32\termsrv.dll
15:23:52.0215 2472 TermService - ok
15:23:52.0231 2472 [ B264DFA21677728613267FE63802B332 ] Themes C:\Windows\system32\shsvcs.dll
15:23:52.0231 2472 Themes - ok
15:23:52.0247 2472 [ 9DFA3A459AF0954AA85B4F7622AD87BB ] THREADORDER C:\Windows\system32\mmcss.dll
15:23:52.0247 2472 THREADORDER - ok
15:23:52.0309 2472 [ 6BBA0582C0025D43729A1112D3B57897 ] TrkWks C:\Windows\System32\trkwks.dll
15:23:52.0340 2472 TrkWks - ok
15:23:52.0371 2472 [ 34E388A395FEDBA1D0511ED39BBF4074 ] TrustedInstaller C:\Windows\servicing\TrustedInstaller.exe
15:23:52.0387 2472 TrustedInstaller - ok
15:23:52.0403 2472 [ 29F0ECA726F0D51F7E048BDB0B372F29 ] tssecsrv C:\Windows\system32\DRIVERS\tssecsrv.sys
15:23:52.0434 2472 tssecsrv - ok
15:23:52.0465 2472 [ A858917785681743C512950FDFA14DB7 ] tunmp C:\Windows\system32\DRIVERS\tunmp.sys
15:23:52.0496 2472 tunmp - ok
15:23:52.0512 2472 [ 29F1D1D888EE61D20D5662E72AA34129 ] tunnel C:\Windows\system32\DRIVERS\tunnel.sys
15:23:52.0527 2472 tunnel - ok
15:23:52.0559 2472 [ C3ADE15414120033A36C0F293D4A4121 ] uagp35 C:\Windows\system32\drivers\uagp35.sys
15:23:52.0605 2472 uagp35 - ok
15:23:52.0652 2472 [ 6348DA98707CEDA8A0DFB05820E17732 ] udfs C:\Windows\system32\DRIVERS\udfs.sys
15:23:52.0668 2472 udfs - ok
15:23:52.0730 2472 [ 24A333F4F14DCFB6FF6D5A1B9E5D79DD ] UI0Detect C:\Windows\system32\UI0Detect.exe
15:23:52.0730 2472 UI0Detect - ok
15:23:52.0746 2472 [ 6D72EF05921ABDF59FC45C7EBFE7E8DD ] uliagpkx C:\Windows\system32\drivers\uliagpkx.sys
15:23:52.0777 2472 uliagpkx - ok
15:23:52.0824 2472 [ 3CD4EA35A6221B85DCC25DAA46313F8D ] uliahci C:\Windows\system32\drivers\uliahci.sys
15:23:52.0839 2472 uliahci - ok
15:23:52.0902 2472 [ 8514D0E5CD0534467C5FC61BE94A569F ] UlSata C:\Windows\system32\drivers\ulsata.sys
15:23:52.0964 2472 UlSata - ok
15:23:52.0980 2472 [ 38C3C6E62B157A6BC46594FADA45C62B ] ulsata2 C:\Windows\system32\drivers\ulsata2.sys
15:23:53.0011 2472 ulsata2 - ok
15:23:53.0027 2472 [ 3FB78F1D1DD86D87BECECD9DFFA24DD9 ] umbus C:\Windows\system32\DRIVERS\umbus.sys
15:23:53.0042 2472 umbus - ok
15:23:53.0120 2472 [ 8EB871A3DEB6B3D5A85EB6DDFC390B59 ] upnphost C:\Windows\System32\upnphost.dll
15:23:53.0120 2472 upnphost - ok
15:23:53.0261 2472 [ F6BF998AE33E3FB6C7D27F0560F1173F ] usbaudio C:\Windows\system32\drivers\usbaudio.sys
15:23:53.0339 2472 usbaudio - ok
15:23:53.0385 2472 usbbus - ok
15:23:53.0401 2472 [ B0BA9CAFFE9B0555EC0317F30CB79CD2 ] usbccgp C:\Windows\system32\DRIVERS\usbccgp.sys
15:23:53.0432 2472 usbccgp - ok
15:23:53.0463 2472 [ E9476E6C486E76BC4898074768FB7131 ] usbcir C:\Windows\system32\drivers\usbcir.sys
15:23:53.0479 2472 usbcir - ok
15:23:53.0495 2472 UsbDiag - ok
15:23:53.0526 2472 [ C9FCD05B0A80EA08C2768E5A279B14DE ] usbehci C:\Windows\system32\DRIVERS\usbehci.sys
15:23:53.0588 2472 usbehci - ok
15:23:53.0619 2472 [ 5E44F7D957F7560DA06BFE6B84B58A35 ] usbhub C:\Windows\system32\DRIVERS\usbhub.sys
15:23:53.0666 2472 usbhub - ok
15:23:53.0666 2472 USBModem - ok
15:23:53.0697 2472 [ 9333E482A173938788CBDE8F81EC52FB ] usbohci C:\Windows\system32\DRIVERS\usbohci.sys
15:23:53.0729 2472 usbohci - ok
15:23:53.0744 2472 [ B51E52ACF758BE00EF3A58EA452FE360 ] usbprint C:\Windows\system32\drivers\usbprint.sys
15:23:53.0775 2472 usbprint - ok
15:23:53.0791 2472 [ 7887CE56934E7F104E98C975F47353C5 ] USBSTOR C:\Windows\system32\DRIVERS\USBSTOR.SYS
15:23:53.0822 2472 USBSTOR - ok
15:23:53.0838 2472 [ 325DBBACB8A36AF9988CCF40EAC228CC ] usbuhci C:\Windows\system32\DRIVERS\usbuhci.sys
15:23:53.0869 2472 usbuhci - ok
15:23:53.0916 2472 [ F79D0D7C9004474CB42746D9B2C30A2B ] UxSms C:\Windows\System32\uxsms.dll
15:23:53.0931 2472 UxSms - ok
15:23:53.0963 2472 [ 2CC2660B3EC3434C88D2C808DD7937D4 ] VClone C:\Windows\system32\DRIVERS\VClone.sys
15:23:54.0009 2472 VClone - ok
15:23:54.0087 2472 [ C9D0BAFEE0D0A2681F048CA61BC0DA96 ] vds C:\Windows\System32\vds.exe
15:23:54.0150 2472 vds - ok
15:23:54.0197 2472 [ 7D92BE0028ECDEDEC74617009084B5EF ] vga C:\Windows\system32\DRIVERS\vgapnp.sys
15:23:54.0228 2472 vga - ok
15:23:54.0259 2472 [ 17A8F877314E4067F8C8172CC6D9101C ] VgaSave C:\Windows\System32\drivers\vga.sys
15:23:54.0337 2472 VgaSave - ok
15:23:54.0368 2472 [ D5929A28BDFF4367A12CAF06AF901971 ] viaagp C:\Windows\system32\drivers\viaagp.sys
15:23:54.0399 2472 viaagp - ok
15:23:54.0415 2472 [ 56A4DE5F02F2E88182B0981119B4DD98 ] ViaC7 C:\Windows\system32\drivers\viac7.sys
15:23:54.0431 2472 ViaC7 - ok
15:23:54.0446 2472 [ F3B4762EB85A2AFF4999401F14C3262B ] viaide C:\Windows\system32\drivers\viaide.sys
15:23:54.0462 2472 viaide - ok
15:23:54.0477 2472 [ FD16FAC15F9F165AC19A618E7B391F5C ] volmgr C:\Windows\system32\drivers\volmgr.sys
15:23:54.0477 2472 volmgr - ok
15:23:54.0555 2472 [ 420C48E593B9520C2DEE45D671F923E1 ] volmgrx C:\Windows\system32\drivers\volmgrx.sys
15:23:54.0587 2472 volmgrx - ok
15:23:54.0602 2472 [ 80DC0C9BCB579ED9815001A4D37CBFD5 ] volsnap C:\Windows\system32\drivers\volsnap.sys
15:23:54.0665 2472 volsnap - ok
15:23:54.0743 2472 [ D984439746D42B30FC65A4C3546C6829 ] vsmraid C:\Windows\system32\drivers\vsmraid.sys
15:23:54.0758 2472 vsmraid - ok
15:23:54.0961 2472 [ E0E29D9EF2524ABD11749C7C2FD7F607 ] VSS C:\Windows\system32\vssvc.exe
15:23:55.0101 2472 VSS - ok
15:23:55.0179 2472 [ 62B0D0F6F5580D9D0DFA5E0B466FF2ED ] W32Time C:\Windows\system32\w32time.dll
15:23:55.0211 2472 W32Time - ok
15:23:55.0226 2472 [ 48DFEE8F1AF7C8235D4E626F0C4FE031 ] WacomPen C:\Windows\system32\drivers\wacompen.sys
15:23:55.0242 2472 WacomPen - ok
15:23:55.0273 2472 [ 6798C1209A53B5A0DED8D437C45145FF ] Wanarp C:\Windows\system32\DRIVERS\wanarp.sys
15:23:55.0289 2472 Wanarp - ok
15:23:55.0304 2472 [ 6798C1209A53B5A0DED8D437C45145FF ] Wanarpv6 C:\Windows\system32\DRIVERS\wanarp.sys
15:23:55.0304 2472 Wanarpv6 - ok
15:23:55.0351 2472 [ C1B19162E0509CEAB4CDF664E139D956 ] wcncsvc C:\Windows\System32\wcncsvc.dll
15:23:55.0351 2472 wcncsvc - ok
15:23:55.0367 2472 [ 11BCB7AFCDD7AADACB5746F544D3A9C7 ] WcsPlugInService C:\Windows\System32\WcsPlugInService.dll
15:23:55.0382 2472 WcsPlugInService - ok
15:23:55.0398 2472 [ AFC5AD65B991C1E205CF25CFDBF7A6F4 ] Wd C:\Windows\system32\drivers\wd.sys
15:23:55.0445 2472 Wd - ok
15:23:55.0507 2472 [ 7B5F66E4A2219C7D9DAF9E738480E534 ] Wdf01000 C:\Windows\system32\drivers\Wdf01000.sys
15:23:55.0569 2472 Wdf01000 - ok
15:23:55.0601 2472 [ 2A424B89B14EF17A3D06BCB5A8F79601 ] WdiServiceHost C:\Windows\system32\wdi.dll
15:23:55.0601 2472 WdiServiceHost - ok
15:23:55.0616 2472 [ 2A424B89B14EF17A3D06BCB5A8F79601 ] WdiSystemHost C:\Windows\system32\wdi.dll
15:23:55.0616 2472 WdiSystemHost - ok
15:23:55.0632 2472 [ 01E41C264EEDCB827820A1909162579F ] WebClient C:\Windows\System32\webclnt.dll
15:23:55.0647 2472 WebClient - ok
15:23:55.0679 2472 [ 9CF67FF7F8D34CBF115D0C278B9F74AA ] Wecsvc C:\Windows\system32\wecsvc.dll
15:23:55.0679 2472 Wecsvc - ok
15:23:55.0694 2472 [ B68CAB45DB1DAB59D92ACADFAD6364A8 ] wercplsupport C:\Windows\System32\wercplsupport.dll
15:23:55.0694 2472 wercplsupport - ok
15:23:55.0725 2472 [ 36BA0707680EF4236FD752BEE982CC25 ] WerSvc C:\Windows\System32\WerSvc.dll
15:23:55.0725 2472 WerSvc - ok
15:23:55.0897 2472 [ 0D5AD0E71FF5DDAC5DD2F443B499ABD0 ] WinDefend C:\Program Files\Windows Defender\mpsvc.dll
15:23:55.0913 2472 WinDefend - ok
15:23:55.0913 2472 WinHttpAutoProxySvc - ok
15:23:56.0069 2472 [ 38A7B89DE4E3417C122317949667FDD8 ] Winmgmt C:\Windows\system32\wbem\WMIsvc.dll
15:23:56.0069 2472 Winmgmt - ok
15:23:56.0100 2472 [ 3F6823040030C3E4DA1CF11CD40B7534 ] WinRM C:\Windows\system32\WsmSvc.dll
15:23:56.0115 2472 WinRM - ok
15:23:56.0147 2472 [ B410476A00961BF3FC368A346D8EA6A7 ] Wlansvc C:\Windows\System32\wlansvc.dll
15:23:56.0178 2472 Wlansvc - ok
15:23:56.0193 2472 [ 17EAC0D023A65FA9B02114CC2BAACAD5 ] WmiAcpi C:\Windows\system32\drivers\wmiacpi.sys
15:23:56.0209 2472 WmiAcpi - ok
15:23:56.0271 2472 [ A279323BEE5FFFAFDA222910BCE92132 ] wmiApSrv C:\Windows\system32\wbem\WmiApSrv.exe
15:23:56.0271 2472 wmiApSrv - ok
15:23:56.0318 2472 [ ACB2E63D50157E3EA7140F29D9E76A48 ] WMPNetworkSvc C:\Program Files\Windows Media Player\wmpnetwk.exe
15:23:56.0334 2472 WMPNetworkSvc - ok
15:23:56.0349 2472 [ 3D3B3B80C12ABE506F56930C46422C28 ] WPCSvc C:\Windows\System32\wpcsvc.dll
15:23:56.0365 2472 WPCSvc - ok
15:23:56.0381 2472 [ C24844A1D0D9528B19D5BC266B8CD572 ] WPDBusEnum C:\Windows\system32\wpdbusenum.dll
15:23:56.0381 2472 WPDBusEnum - ok
15:23:56.0427 2472 [ 2D27171B16A577EF14C1273668753485 ] WpdUsb C:\Windows\system32\DRIVERS\wpdusb.sys
15:23:56.0459 2472 WpdUsb - ok
15:23:56.0537 2472 WPFFontCache_v0400 - ok
15:23:56.0568 2472 [ 84620AECDCFD2A7A14E6263927D8C0ED ] ws2ifsl C:\Windows\system32\drivers\ws2ifsl.sys
15:23:56.0599 2472 ws2ifsl - ok
15:23:56.0630 2472 [ F97CBB919AF6D0A6643D1A59C15014D1 ] wscsvc C:\Windows\system32\wscsvc.dll
15:23:56.0646 2472 wscsvc - ok
15:23:56.0646 2472 WSearch - ok
15:23:56.0755 2472 [ 6298277B73C77FA99106B271A7525163 ] wuauserv C:\Windows\system32\wuaueng.dll
15:23:56.0849 2472 wuauserv - ok
15:23:56.0895 2472 [ A2AAFCC8A204736296D937C7C545B53F ] WUDFRd C:\Windows\system32\DRIVERS\WUDFRd.sys
15:23:56.0895 2472 WUDFRd - ok
15:23:56.0927 2472 [ DB5BF5AAB72B1B99B5331231D09EBB26 ] wudfsvc C:\Windows\System32\WUDFSvc.dll
15:23:56.0942 2472 wudfsvc - ok
15:23:56.0958 2472 ZDPSp60 - ok
15:23:56.0973 2472 ================ Scan global ===============================
15:23:57.0036 2472 [ 8CD98A8EC9CADAF4E051CDCAC15C96C4 ] C:\Windows\system32\basesrv.dll
15:23:57.0083 2472 [ E3F137ADC0A9D7F3A2E4F557272FE6B3 ] C:\Windows\system32\winsrv.dll
15:23:57.0129 2472 [ E3F137ADC0A9D7F3A2E4F557272FE6B3 ] C:\Windows\system32\winsrv.dll
15:23:57.0223 2472 [ 329CF3C97CE4C19375C8ABCABAE258B0 ] C:\Windows\system32\services.exe
15:23:57.0239 2472 [Global] - ok
15:23:57.0239 2472 ================ Scan MBR ==================================
15:23:57.0254 2472 [ 5C616939100B85E558DA92B899A0FC36 ] \Device\Harddisk0\DR0
15:23:57.0956 2472 \Device\Harddisk0\DR0 - ok
15:23:57.0956 2472 ================ Scan VBR ==================================
15:23:58.0003 2472 [ 1574A412577293FEA901996F423F642B ] \Device\Harddisk0\DR0\Partition1
15:23:58.0019 2472 \Device\Harddisk0\DR0\Partition1 - ok
15:23:58.0050 2472 [ 00A5EB0C70DA1DA7835BFEA273926EFC ] \Device\Harddisk0\DR0\Partition2
15:23:58.0050 2472 \Device\Harddisk0\DR0\Partition2 - ok
15:23:58.0050 2472 ============================================================
15:23:58.0050 2472 Scan finished
15:23:58.0050 2472 ============================================================
15:23:58.0081 2712 Detected object count: 0
15:23:58.0081 2712 Actual detected object count: 0


Report •

#33
March 12, 2013 at 17:56:06
Thanks for the TDSS logs, they may reveal further clues.

Even though you have ESET installed, I want you to run their online scan, it will not compromise your installed version.

Run ESET Online Scanner, Copy & Paste the contents of the log please. This scan may take a very long while, so please be patient. Start it before going to work or bed.
http://www.eset.com/us/online-scann...
http://www.eset.com/home/products/o...
You may have to download ESET from a good computer, put it on a thumb drive & run it from there, if your comp is unbootable, or won't let you download.
Create a ESET SysRescue CD or USB drive
http://kb.eset.com/esetkb/index?pag...
How do I use my ESET SysRescue CD or USB flash drive to scan and clean my system?
http://kb.eset.com/esetkb/index?pag...
Configure ESET this way & disable your AV.
http://i.imgur.com/3U7YC.gif
How to Temporarily Disable your Anti-virus
http://www.bleepingcomputer.com/for...
Why Would I Ever Need an Online Virus Scanner?
I already have an antivirus program installed, isn't that enough?
http://www.squidoo.com/the-best-fre...
Once onto a machine, malware can disable antivirus programs, prevent antimalware programs from downloading updates, or prevent a user from running antivirus scans or installing new antivirus software or malware removal tools. At this point even though you are aware the computer is infected, removal is very difficult.
5: Why does the ESET Online Scanner run slowly on my computer?
If you have other antivirus, antispyware or anti-malware programs running on your computer, they may intercept the scan being performed by the ESET Online Scanner and hinder performance. You may wish to disable the real-time protection components of your other security software before running the ESET Online Scanner. Remember to turn them back on after you are finished.
17: How can I view the log file from ESET Online Scanner?
http://kb.eset.com/esetkb/index?pag...
http://www.eset.com/home/products/o...
The ESET Online Scanner saves a log file after running, which can be examined or sent in to ESET for further analysis. The path to the log file is "C:\Program Files\EsetOnlineScanner\log.txt". You can view this file by navigating to the directory and double-clicking on it in Windows Explorer, or by copying and pasting the path specification above (including the quotation marks) into the Start ? Run dialog box from the Start Menu on the desktop.
If no threats are found, you will simply see an information window that no threats were found.
http://www.trishtech.com/security/s...


Report •

#34
March 13, 2013 at 12:07:48
Here is the ESET log, all clean:

ESETSmartInstaller@High as downloader log:
all ok
ESETSmartInstaller@High as downloader log:
all ok
# version=7
# OnlineScannerApp.exe=1.0.0.1
# OnlineScanner.ocx=1.0.0.6427
# api_version=3.0.2
# EOSSerial=2d9dbdd9bb9f10449dd55a002fc99925
# end=finished
# remove_checked=true
# archives_checked=false
# unwanted_checked=true
# unsafe_checked=true
# antistealth_checked=true
# utc_time=2011-05-20 11:16:25
# local_time=2011-05-20 12:16:25 (+0000, GMT Daylight Time)
# country="United Kingdom"
# lang=1033
# osver=6.0.6000 NT
# compatibility_mode=5892 16776574 100 100 51117734 143418068 0 0
# compatibility_mode=8199 39157222 100 100 0 63569632 0 0
# scanned=211168
# found=5
# cleaned=5
# scan_time=4889
# nod_component=V3 Build:0x30000000
C:\1a8110607310a144b88dc6\readme\de-de\readmesp.htm Win32/Ramnit.A virus (cleaned - quarantined) 00000000000000000000000000000000 C
C:\1a8110607310a144b88dc6\readme\en-us\readmesp.htm Win32/Ramnit.A virus (cleaned - quarantined) 00000000000000000000000000000000 C
C:\1a8110607310a144b88dc6\readme\es-es\readmesp.htm Win32/Ramnit.A virus (cleaned - quarantined) 00000000000000000000000000000000 C
C:\1a8110607310a144b88dc6\readme\fr-fr\readmesp.htm Win32/Ramnit.A virus (cleaned - quarantined) 00000000000000000000000000000000 C
C:\Users\Rkane\Desktop\Audio\TNod 1.4.0 Final Portable\TNODUP.exe Win32/HackAV.DM application (cleaned by deleting - quarantined) 00000000000000000000000000000000 C
ESETSmartInstaller@High as downloader log:
all ok
esets_scanner_update returned -1 esets_gle=53251
# version=7
# OnlineScannerApp.exe=1.0.0.1
# OnlineScanner.ocx=1.0.0.6427
# api_version=3.0.2
# EOSSerial=2d9dbdd9bb9f10449dd55a002fc99925
# end=finished
# remove_checked=true
# archives_checked=false
# unwanted_checked=true
# unsafe_checked=true
# antistealth_checked=true
# utc_time=2011-05-20 12:47:14
# local_time=2011-05-20 01:47:14 (+0000, GMT Daylight Time)
# country="United Kingdom"
# lang=1033
# osver=6.0.6000 NT
# compatibility_mode=5892 16776574 100 100 51123069 143423403 0 0
# compatibility_mode=8199 39157222 100 100 0 63574967 0 0
# scanned=210985
# found=0
# cleaned=0
# scan_time=5002
# nod_component=V3 Build:0x30000000
ESETSmartInstaller@High as downloader log:
all ok
ESETSmartInstaller@High as downloader log:
all ok
# version=8
# OnlineScannerApp.exe=1.0.0.1
# OnlineScanner.ocx=1.0.0.6920
# api_version=3.0.2
# EOSSerial=2d9dbdd9bb9f10449dd55a002fc99925
# engine=13369
# end=finished
# remove_checked=false
# archives_checked=false
# unwanted_checked=false
# unsafe_checked=false
# antistealth_checked=true
# utc_time=2013-02-27 05:32:21
# local_time=2013-02-27 05:32:21 (+0000, GMT Standard Time)
# country="United Kingdom"
# lang=1033
# osver=6.0.6000 NT
# compatibility_mode=5892 16776574 100 100 107218779 199519113 0 0
# scanned=244012
# found=0
# cleaned=0
# scan_time=6289
# nod_component=V3 Build:0x30000000


Report •

#35
March 13, 2013 at 12:08:21
I am finding some blue screens taking place whilst still impossible to work in normal mode.

Report •

#36
March 13, 2013 at 14:25:03
"Here is the ESET log, all clean"
You have one of the worst infections (Win32/Ramnit.A virus) & your computer has been compromised.

Very Important: Malware infections can possibly lead to identity theft, stolen bank funds, misuse of credit card information etc.
The use of the computer is the primary factor in the decision whether to re-format and re-install, or just disinfect.
http://www.dslreports.com/faq/10063
How to report ID theft, fraud, drive-by installs, hijacking and malware?
http://www.dslreports.com/faq/10451
Change your router password if it is not strong or still uses the default one.
Hack lets intruders sneak into home routers
http://tinyurl.com/4pz64fc
http://compnetworking.about.com/od/...


Report •

#37
March 13, 2013 at 14:30:09
Please download and run ListParts by Farbar (for 32-bit system):
http://download.bleepingcomputer.co...

Click on the Scan button.
The scan results will open in Notepad.
Post those contents in your next reply.


Report •

#38
March 13, 2013 at 14:46:12
Ah. Not so clean then.

Here's the log:( I didn't hit Fix button?)

ListParts by Farbar Version: 10-03-2013
Ran by Rkane (administrator) on 28-02-2013 at 02:47:38
Windows Vista (X86)
Running From: C:\Windows\System32\config\systemprofile\Desktop
Language: 0409
************************************************************

========================= Memory info ======================

Percentage of memory in use: 54%
Total physical RAM: 957.88 MB
Available physical RAM: 434.22 MB
Total Pagefile: 2160.95 MB
Available Pagefile: 1758.76 MB
Total Virtual: 2047.88 MB
Available Virtual: 1993.87 MB

======================= Partitions =========================

1 Drive c: (OS) (Fixed) (Total:222.78 GB) (Free:59.61 GB) NTFS ==>[System with boot components (obtained from reading drive)]
2 Drive d: (RECOVERY) (Fixed) (Total:10 GB) (Free:6.5 GB) NTFS

============================== MBR Partition Table ==================


****** End Of Log ******


Report •

#39
March 13, 2013 at 15:03:50
Think time for me, got to clear my head.

Are you in the UK & it is just after 10pm?


Report •

#40
March 13, 2013 at 15:06:25
Yes - but I'll be around for a couple more hours.

Thanks for all this help btw.


Report •

#41
March 13, 2013 at 15:07:13
Do you have an Vista CD?


Report •

#42
March 13, 2013 at 15:08:43
"Yes - but I'll be around for a couple more hours"
Thanks, let me know when you have had enough.

Report •

#43
March 13, 2013 at 15:10:54
Yes I have a Vista CD

Report •

#44
March 13, 2013 at 15:27:02
Ok, if that is a Microsoft CD ( not a Dell CD ) just in case you get fed up with trying to fix the comp & decide to format, here is what you have to do.

If you don't have the MS CD, you can borrow another CD ( as long as it is the same as yours > Home Basic ) & use your Product number.

You left yourself very vulnerable, by not installing the Service Packs, SP1 & SP2.

Make sure when you reinstall, you delete ALL partitions & format to NTFS.

Vista - Drive options (advanced)
http://www.vistax64.com/tutorials/1...

Here are some examples of why you delete all partitions.
http://forums.spybot.info/showthrea...
http://forums.whatthetech.com/index...
http://blog.eset.com/2011/10/18/tdl...


Report •

#45
March 13, 2013 at 15:29:20
ah, i've only got a Dell CD. So basically the only option is to reformat and start again?

For some reason I've never been able to DL and install the service packs, they always have failed.


Report •

#46
March 13, 2013 at 15:36:35
"So basically the only option is to reformat and start again?"

No, only if you get fed up.

It's a long process, you can update & run all the tools we have been trying.

Start here. Download & run the new version Junkware Removal Tool 4.7.0 ( did you right click on it last time & select > Run as administrator )


Report •

#47
March 13, 2013 at 15:39:46
To use Combofix, you have to uninstall it & download the latest version.

Report •

#48
March 13, 2013 at 15:46:34
JRT only flicks up for a second then nothing when RC+admin.

It does create a file in my C drive but I'm not sure what that is for.


Report •

#49
March 13, 2013 at 15:48:55
As you saw I also pasted the Combofix log earlier, yet when I search to uninstall it, it cannot be found. The .exe file is still sitting on my desktop in Safe Mode.

Report •

#50
March 13, 2013 at 15:54:49
Uninstall ComboFix.

Try this way.

Start > All Programs > Accessories > Command Prompt, Copy and Paste > ComboFix /uninstall and hit > Enter.


Report •

#51
March 13, 2013 at 16:10:48
No luck, CMD doesn't recognise Comobfix as a prompt

Report •

#52
March 13, 2013 at 16:13:22
What name do you have on the file?

You said you got it to work by renaming it.

To use the uninstall command, the name must match the file.


Report •

#53
March 13, 2013 at 16:53:34
This is the latest combofix log:

ComboFix 13-03-13.02 - SYSTEM 28/02/2013 4:24.5.2 - x86 NETWORK
Microsoft® Windows Vista™ Home Basic 6.0.6000.0.1252.44.1033.18.958.515 [GMT 0:00]
Running from: c:\windows\System32\config\systemprofile\Desktop\ComboFix.exe
.
.
((((((((((((((((((((((((( Files Created from 2013-01-28 to 2013-02-28 )))))))))))))))))))))))))))))))
.
.
2013-02-28 04:38 . 2013-02-28 04:38 -------- d-----w- c:\users\Rkane\AppData\Local\temp
2013-02-28 04:38 . 2013-02-28 04:38 -------- d-----w- c:\users\Public\AppData\Local\temp
2013-02-28 04:38 . 2013-02-28 04:38 -------- d-----w- c:\users\Me\AppData\Local\temp
2013-02-28 04:38 . 2013-02-28 04:38 -------- d-----w- c:\users\Kasem\AppData\Local\temp
2013-02-28 04:38 . 2013-02-28 04:38 -------- d-----w- c:\users\Default\AppData\Local\temp
2013-02-27 14:47 . 2013-02-28 03:47 -------- d-----w- C:\JRT
2013-02-23 15:02 . 2013-02-23 15:02 -------- d-----w- c:\users\Rkane\AppData\Local\Research In Motion
2013-02-23 15:02 . 2013-02-23 15:05 -------- d-----w- c:\users\Rkane\AppData\Roaming\Research In Motion
2013-02-23 14:59 . 2011-07-20 14:13 35328 ----a-w- c:\windows\system32\drivers\RimSerial.sys
2013-02-23 14:56 . 2013-02-23 14:56 -------- d-----w- c:\programdata\Research In Motion
2013-02-23 14:54 . 2013-02-23 14:56 -------- d-----w- c:\program files\Common Files\Research In Motion
2013-02-23 14:54 . 2013-02-23 14:56 -------- d-----w- c:\program files\Common Files\XCPCSync.OEM
2013-02-15 02:15 . 2013-02-15 02:15 -------- d-----w- c:\users\Kasem\AppData\Local\Facebook
2013-02-02 13:28 . 2013-02-26 02:59 -------- d-----w- c:\program files\TNod User & Password Finder
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2013-02-21 01:36 . 2012-10-03 21:32 71024 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2013-02-21 01:36 . 2012-10-03 21:32 691568 ----a-w- c:\windows\system32\FlashPlayerApp.exe
2012-12-14 16:49 . 2010-12-15 19:50 21104 ----a-w- c:\windows\system32\drivers\mbam.sys
2013-02-25 03:54 . 2013-02-25 03:54 263064 ----a-w- c:\program files\mozilla firefox\components\browsercomps.dll
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"WPCUMI"="c:\windows\system32\WpcUmi.exe" [2006-11-02 176128]
"egui"="c:\program files\ESET\ESET NOD32 Antivirus\egui.exe" [2012-09-09 2029640]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2012-12-03 946352]
"RIMBBLaunchAgent.exe"="c:\program files\Common Files\Research In Motion\USB Drivers\RIMBBLaunchAgent.exe" [2011-11-02 90448]
.
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
EDUP WLan Utility.lnk - c:\program files\EDUP Technology Corporation\EDUP_802.11g_Utility\ZDWlan.exe [2009-8-18 499712]
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\hitmanpro36]
@=""
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\hitmanpro36.sys]
@=""
.
[HKLM\~\startupfolder\C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^Audible Download Manager.lnk]
path=c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\Audible Download Manager.lnk
backup=c:\windows\pss\Audible Download Manager.lnk.CommonStartup
backupExtension=.CommonStartup
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AdobeCS4ServiceManager]
2008-08-14 06:58 611712 ----a-w- c:\program files\Common Files\Adobe\CS4ServiceManager\CS4ServiceManager.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\APSDaemon]
2011-11-01 23:25 59240 ----a-w- c:\program files\Common Files\Apple\Apple Application Support\APSDaemon.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Ask and Record FLV Service]
2009-09-22 18:09 156672 ----a-w- c:\program files\Replay Media Catcher\FLVSrvc.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\dellsupportcenter]
2008-08-13 17:32 206064 ----a-w- c:\program files\Dell Support Center\bin\sprtcmd.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\dscactivate]
2007-11-15 09:24 16384 ----a-w- c:\program files\Dell Support Center\gs_agent\custom\dsca.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\GrooveMonitor]
2009-02-26 17:36 30040 ----a-w- c:\program files\Microsoft Office\Office12\GrooveMonitor.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ISUSScheduler]
2005-06-10 02:44 81920 ------r- c:\program files\Common Files\InstallShield\UpdateService\issch.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper]
2012-01-16 17:22 421736 ----a-w- c:\program files\iTunes\iTunesHelper.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Malwarebytes' Anti-Malware (reboot)]
2012-12-14 16:49 824232 ----a-w- c:\program files\Malwarebytes' Anti-Malware\mbam.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MsnMsgr]
2010-04-16 21:12 3872080 ----a-w- c:\program files\Windows Live\Messenger\msnmsgr.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PDVDDXSrv]
2006-10-20 17:23 118784 ------w- c:\program files\CyberLink\PowerDVD DX\PDVDDXSrv.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
2010-11-29 16:38 421888 ----a-w- c:\program files\QuickTime\QTTask.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RoxWatchTray]
2006-11-05 11:22 221184 ----a-w- c:\program files\Common Files\Roxio Shared\9.0\SharedCOM\RoxWatchTray9.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RtHDVCpl]
2007-09-24 09:41 4452352 ----a-w- c:\windows\RtHDVCpl.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TkBellExe]
2008-04-28 23:57 185896 ----a-w- c:\program files\Common Files\Real\Update_OB\realsched.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\UnlockerAssistant]
2008-05-02 04:15 15872 ----a-w- c:\program files\Unlocker\UnlockerAssistant.exe
.
--- Other Services/Drivers In Memory ---
.
*NewlyCreated* - ECACHE
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
LocalServiceNoNetwork REG_MULTI_SZ PLA DPS BFE mpssvc
.
Contents of the 'Scheduled Tasks' folder
.
2013-02-27 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2012-10-03 01:36]
.
2013-02-26 c:\windows\Tasks\FacebookUpdateTaskUserS-1-5-21-3947676820-3080918530-3524232594-1001Core.job
- c:\users\Kasem\AppData\Local\Facebook\Update\FacebookUpdate.exe [2013-02-15 02:15]
.
2013-02-27 c:\windows\Tasks\FacebookUpdateTaskUserS-1-5-21-3947676820-3080918530-3524232594-1001UA.job
- c:\users\Kasem\AppData\Local\Facebook\Update\FacebookUpdate.exe [2013-02-15 02:15]
.
.
------- Supplementary Scan -------
.
mStart Page = about:blank
mLocal Page = about:blank
uInternet Settings,ProxyOverride = local
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~3\Office12\EXCEL.EXE/3000
LSP: c:\windows\system32\wpclsp.dll
TCP: DhcpNameServer = 192.168.0.1
FF - ProfilePath -
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2013-02-28 04:38
Windows 6.0.6000 NTFS
.
scanning hidden processes ...
.
scanning hidden autostart entries ...
.
scanning hidden files ...
.
scan completed successfully
hidden files: 0
.
**************************************************************************
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
"MSCurrentCountry"=dword:00000000
.
Completion time: 2013-02-28 04:41:21
ComboFix-quarantined-files.txt 2013-02-28 04:41
ComboFix2.txt 2013-02-27 13:05
ComboFix3.txt 2011-07-22 12:14
ComboFix4.txt 2011-05-23 01:45
.
Pre-Run: 63,989,260,288 bytes free
Post-Run: 63,960,530,944 bytes free
.
- - End Of File - - 0A6B06AB965740BDA93E38BCBB1866C0


Report •

#54
Report •

#55
March 13, 2013 at 17:17:40
Download DDS. Copy & paste 2 logs.
DDS which will create a Pseudo HJT Report as part of its log.
http://www.bleepingcomputer.com/for...
http://download.bleepingcomputer.co...
DDS will now start scanning your computer and compiling a variety of information about what programs are starting on your computer, what files have been recently created, and the general configuration of your computer. When DDS has finished scanning, all of this information will be compiled and be displayed in two Notepad windows named dds.txt and attach.txt as shown below.

Report •

#56
March 13, 2013 at 17:25:56
Stinger logfile:

McAfee(r) Labs Stinger(tm) Version 10.2.0.1019 built on Mar 13 2013
Copyright (c) 2012 McAfee, Inc. All Rights Reserved.
Virus data file v1000.0000 created on Mar 13 2013.
Ready to scan for 6180 viruses, trojans and variants.

Scan initiated on Thu Feb 28 05:17:13 2013
Rootkit scan result : Clean


Master Boot Record(s):....1
Possibly Infected:.............0
Boot Sector(s):.................2
Possibly Infected: ............0

Number of clean files: 35584


Report •

#57
March 13, 2013 at 17:32:02
DDS Attach log:

.
UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
IF REQUESTED, ZIP IT UP & ATTACH IT
.
DDS (Ver_2012-11-20.01)
.
Microsoft® Windows Vista™ Home Basic
Boot Device: \Device\HarddiskVolume3
Install Date: 04/02/2008 22:55:57
System Uptime: 28/02/2013 04:53:37 (1 hours ago)
.
Motherboard: Dell Inc. | | 0RY206
Processor: AMD Athlon(tm) 64 X2 Dual Core Processor 4400+ | Socket AM2 | 2310/200mhz
.
==== Disk Partitions =========================
.
C: is FIXED (NTFS) - 223 GiB total, 59.398 GiB free.
D: is FIXED (NTFS) - 10 GiB total, 6.501 GiB free.
E: is CDROM ()
F: is Removable
G: is Removable
H: is Removable
I: is Removable
N: is CDROM ()
.
==== Disabled Device Manager Items =============
.
==== System Restore Points ===================
.
.
==== Installed Programs ======================
.
.
==== End Of File ===========================


Report •

#58
March 13, 2013 at 17:32:55
DDS txt log:

DDS (Ver_2012-11-20.01) - NTFS_x86 NETWORK
Internet Explorer: 7.0.6000.16945
Run by SYSTEM at 5:29:28 on 2013-02-28
Microsoft® Windows Vista™ Home Basic 6.0.6000.0.1252.44.1033.18.958.270 [GMT 0:00]
.
.
============== Running Processes ================
.
C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Windows\Explorer.EXE
C:\Program Files\Windows Media Player\wmpnscfg.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Mozilla Firefox\plugin-container.exe
C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_6_602_171.exe
C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_6_602_171.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\svchost.exe -k rpcss
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\system32\svchost.exe -k LocalService
.
============== Pseudo HJT Report ===============
.
mStart Page = about:blank
mLocal Page = about:blank
uProxyOverride = local
uURLSearchHooks: {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - <orphaned>
mURLSearchHooks: <No Name>: - LocalServer32 - <no file>
dURLSearchHooks: {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - <orphaned>
BHO: Adobe PDF Link Helper: {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll
BHO: {27B4851A-3207-45A2-B947-BE8AFE6163AB} - <orphaned>
BHO: {5C255C8A-E604-49b4-9D64-90988571CECB} - <orphaned>
BHO: Groove GFS Browser Helper: {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - c:\program files\microsoft office\office12\GrooveShellExtensions.dll
BHO: Windows Live Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - c:\program files\common files\microsoft shared\windows live\WindowsLiveLogin.dll
BHO: CBrowserHelperObject Object: {CA6319C0-31B7-401E-A518-A07C3DB8F777} - c:\program files\dell\bae\BAE.dll
mRun: [WPCUMI] c:\windows\system32\WpcUmi.exe
mRun: [egui] "c:\program files\eset\eset nod32 antivirus\egui.exe" /hide /waitservice
mRun: [Adobe ARM] "c:\program files\common files\adobe\arm\1.0\AdobeARM.exe"
mRun: [RIMBBLaunchAgent.exe] c:\program files\common files\research in motion\usb drivers\RIMBBLaunchAgent.exe
StartupFolder: c:\progra~2\micros~1\windows\startm~1\programs\startup\edupwl~1.lnk - c:\program files\edup technology corporation\edup_802.11g_utility\ZDWlan.exe
mPolicies-Explorer: NoDrives = dword:0
IE: E&xport to Microsoft Excel - c:\progra~1\micros~3\office12\EXCEL.EXE/3000
IE: {08E730A4-FB02-45BD-A900-01E4AD8016F6} - http://www.sky.com
IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - c:\program files\microsoft office\office12\ONBttnIE.dll
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503}
DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} - hxxp://fpdownload.macromedia.com/get/flashplayer/current/ultrashim.cab
DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
TCP: NameServer = 192.168.0.1
TCP: Interfaces\{63994B06-D001-4B76-9BED-D17920C7F173} : DHCPNameServer = 192.168.0.1
Handler: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - c:\program files\microsoft office\office12\GrooveSystemServices.dll
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - c:\program files\common files\skype\Skype4COM.dll
SEH: Groove GFS Stub Execution Hook - {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - c:\program files\microsoft office\office12\GrooveShellExtensions.dll
LSA: Security Packages = kerberos msv1_0 schannel wdigest tspkg
.
================= FIREFOX ===================
.
FF - ProfilePath -
.
============= SERVICES / DRIVERS ===============
.
R0 amacpi;Microsoft Away Mode System;c:\windows\system32\drivers\null.sys [2006-11-2 4608]
R0 sfsync03;StarForce Protection Synchronization Driver (version 3.x);c:\windows\system32\drivers\sfsync03.sys [2006-7-11 42392]
R1 epfwtdir;epfwtdir;c:\windows\system32\drivers\epfwtdir.sys [2009-5-14 94360]
S0 RapportKELL;RapportKELL;c:\windows\system32\drivers\RapportKELL.sys [2012-9-22 65848]
S1 ehdrv;ehdrv;c:\windows\system32\drivers\ehdrv.sys [2009-5-14 107256]
S1 RapportCerberus_42020;RapportCerberus_42020;c:\programdata\trusteer\rapport\store\exts\rapportcerberus\baseline\RapportCerberus32_42020.sys [2012-8-8 228376]
S1 RapportEI;RapportEI;c:\program files\trusteer\rapport\bin\RapportEI.sys [2012-9-22 71480]
S1 RapportPG;RapportPG;c:\program files\trusteer\rapport\bin\RapportPG.sys [2012-9-22 166840]
S2 agentcd;DriverAgent Class Driver;c:\windows\system32\AgentCD.sys [2009-4-7 117760]
S2 ekrn;ESET Service;c:\program files\eset\eset nod32 antivirus\ekrn.exe [2009-5-14 731840]
S2 mfevtp;McAfee Validation Trust Protection Service;"c:\windows\system32\mfevtps.exe" --> c:\windows\system32\mfevtps.exe [?]
S2 MSSQL$ACT7;SQL Server (ACT7);c:\program files\microsoft sql server\mssql.1\mssql\binn\sqlservr.exe [2009-5-27 29262680]
S3 athrusb;Atheros Wireless LAN USB device driver;c:\windows\system32\drivers\athrusb.sys [2008-7-29 904192]
S3 DrmRAudio;DrmRAudio;c:\windows\system32\drivers\DrmRAudio.sys [2010-9-22 23096]
S3 NPF;NetGroup Packet Filter Driver;c:\windows\system32\drivers\npf.sys [2009-10-20 50704]
S3 RapportIaso;RapportIaso;c:\programdata\trusteer\rapport\store\exts\rapportms\39624\RapportIaso.sys [2012-5-27 21520]
SUnknown WPFFontCache_v0400;WPFFontCache_v0400; [x]
.
=============== File Associations ===============
.
.js: <filetype is not registered>
.
=============== Created Last 30 ================
.
2013-02-28 05:17:17 167344 ----a-w- c:\windows\system32\mfevtps.exe.261e.deleteme
2013-02-28 05:16:39 -------- d-----w- c:\program files\stinger
2013-02-28 04:40:53 -------- d-sh--w- C:\$RECYCLE.BIN
2013-02-28 04:40:53 -------- d-sh--w- \$RECYCLE.BIN
2013-02-27 14:47:40 -------- d-----w- C:\JRT
2013-02-27 14:47:40 -------- d-----w- \JRT
2013-02-23 14:59:00 35328 ----a-w- c:\windows\system32\drivers\RimSerial.sys
2013-02-23 14:56:07 -------- d-----w- c:\programdata\Research In Motion
2013-02-23 14:54:22 -------- d-----w- c:\program files\common files\XCPCSync.OEM
2013-02-23 14:54:22 -------- d-----w- c:\program files\common files\Research In Motion
2013-02-02 13:28:50 -------- d-----w- c:\program files\TNod User & Password Finder
.
==================== Find3M ====================
.
2013-02-21 01:36:00 71024 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2013-02-21 01:36:00 691568 ----a-w- c:\windows\system32\FlashPlayerApp.exe
2012-12-14 16:49:28 21104 ----a-w- c:\windows\system32\drivers\mbam.sys
.
============= FINISH: 5:32:15.38 ===============


Report •

#59
March 13, 2013 at 17:44:50
Thanks for the DDS logs, before you go to bed, to make sure the ESET online scan Ramnit deletions stuck, run it again.

When you run it, it will first of all, do updates if available.

Do a reboot before you run.

I shall now need time to go through the two logs named dds.txt and attach.txt.


Report •

#60
March 13, 2013 at 17:51:38
That's great, thanks again. I'll run it overnight and post tomorrow morning (my time) for whenever you're ready.

Report •

#61
March 13, 2013 at 17:57:05
Whilst waiting for me, you can run pretty well run everything again, check for new versions first.

I know Rougekiller has a new version for starters.


Report •

#62
March 13, 2013 at 23:42:59
Here is the latest ESET scan log:

ESETSmartInstaller@High as downloader log:
all ok
ESETSmartInstaller@High as downloader log:
all ok
# version=7
# OnlineScannerApp.exe=1.0.0.1
# OnlineScanner.ocx=1.0.0.6427
# api_version=3.0.2
# EOSSerial=2d9dbdd9bb9f10449dd55a002fc99925
# end=finished
# remove_checked=true
# archives_checked=false
# unwanted_checked=true
# unsafe_checked=true
# antistealth_checked=true
# utc_time=2011-05-20 11:16:25
# local_time=2011-05-20 12:16:25 (+0000, GMT Daylight Time)
# country="United Kingdom"
# lang=1033
# osver=6.0.6000 NT
# compatibility_mode=5892 16776574 100 100 51117734 143418068 0 0
# compatibility_mode=8199 39157222 100 100 0 63569632 0 0
# scanned=211168
# found=5
# cleaned=5
# scan_time=4889
# nod_component=V3 Build:0x30000000
C:\1a8110607310a144b88dc6\readme\de-de\readmesp.htm Win32/Ramnit.A virus (cleaned - quarantined) 00000000000000000000000000000000 C
C:\1a8110607310a144b88dc6\readme\en-us\readmesp.htm Win32/Ramnit.A virus (cleaned - quarantined) 00000000000000000000000000000000 C
C:\1a8110607310a144b88dc6\readme\es-es\readmesp.htm Win32/Ramnit.A virus (cleaned - quarantined) 00000000000000000000000000000000 C
C:\1a8110607310a144b88dc6\readme\fr-fr\readmesp.htm Win32/Ramnit.A virus (cleaned - quarantined) 00000000000000000000000000000000 C
C:\Users\Rkane\Desktop\Audio\TNod 1.4.0 Final Portable\TNODUP.exe Win32/HackAV.DM application (cleaned by deleting - quarantined) 00000000000000000000000000000000 C
ESETSmartInstaller@High as downloader log:
all ok
esets_scanner_update returned -1 esets_gle=53251
# version=7
# OnlineScannerApp.exe=1.0.0.1
# OnlineScanner.ocx=1.0.0.6427
# api_version=3.0.2
# EOSSerial=2d9dbdd9bb9f10449dd55a002fc99925
# end=finished
# remove_checked=true
# archives_checked=false
# unwanted_checked=true
# unsafe_checked=true
# antistealth_checked=true
# utc_time=2011-05-20 12:47:14
# local_time=2011-05-20 01:47:14 (+0000, GMT Daylight Time)
# country="United Kingdom"
# lang=1033
# osver=6.0.6000 NT
# compatibility_mode=5892 16776574 100 100 51123069 143423403 0 0
# compatibility_mode=8199 39157222 100 100 0 63574967 0 0
# scanned=210985
# found=0
# cleaned=0
# scan_time=5002
# nod_component=V3 Build:0x30000000
ESETSmartInstaller@High as downloader log:
all ok
ESETSmartInstaller@High as downloader log:
all ok
# version=8
# OnlineScannerApp.exe=1.0.0.1
# OnlineScanner.ocx=1.0.0.6920
# api_version=3.0.2
# EOSSerial=2d9dbdd9bb9f10449dd55a002fc99925
# engine=13369
# end=finished
# remove_checked=false
# archives_checked=false
# unwanted_checked=false
# unsafe_checked=false
# antistealth_checked=true
# utc_time=2013-02-27 05:32:21
# local_time=2013-02-27 05:32:21 (+0000, GMT Standard Time)
# country="United Kingdom"
# lang=1033
# osver=6.0.6000 NT
# compatibility_mode=5892 16776574 100 100 107218779 199519113 0 0
# scanned=244012
# found=0
# cleaned=0
# scan_time=6289
# nod_component=V3 Build:0x30000000
ESETSmartInstaller@High as downloader log:
all ok
# version=8
# OnlineScannerApp.exe=1.0.0.1
# OnlineScanner.ocx=1.0.0.6920
# api_version=3.0.2
# EOSSerial=2d9dbdd9bb9f10449dd55a002fc99925
# engine=13383
# end=finished
# remove_checked=false
# archives_checked=false
# unwanted_checked=false
# unsafe_checked=false
# antistealth_checked=true
# utc_time=2013-02-28 07:40:24
# local_time=2013-02-28 07:40:24 (+0000, GMT Standard Time)
# country="United Kingdom"
# lang=1033
# osver=6.0.6000 NT
# compatibility_mode=5892 16776574 100 100 107269662 199569996 0 0
# scanned=245593
# found=0
# cleaned=0
# scan_time=6335
# nod_component=V3 Build:0x30000000


Report •

#63
March 14, 2013 at 00:10:38
Once you have removed all the viruses, you can do a in-place upgrade of your vista system. You have the disc, pop it in, and run the upgrade. All your files and programs will still be there when it's done. The upgrade will replace the windows files and corrupted files and the winsxs stores. Just make sure that you chose the same version of vista that you already have. Once your done with the upgrade download and installed SP1 and SP2.

Report •

#64
March 14, 2013 at 00:52:52
Not good Kane, this is the problem with the ramnit virus, it is super hard to remove, it gets into everything & as soon as you reboot it's back.

Are you still getting the blue screen?

Run these scans.
http://www.microsoft.com/security/s...
http://www.kaspersky.com/security-scan


Report •

#65
March 14, 2013 at 01:00:51
No progression made at all?

I'm back in work so won't be back to this for another 10 or so hours.

I take it you are on the West coast?


Report •

#66
March 14, 2013 at 01:09:00
Aslo, can I use the Dell disc to try the upgrade - if I decide to go that route?

Report •

#67
March 14, 2013 at 01:13:56
"No progression made at all?"
Even though we have done a huge amount of work, the ramnit virus is still there.

These links give you an idea of what problems the ramnit virus cause.
http://www.microsoft.com/security/p...
http://www.malware-analysis.net/
http://www.bleepingcomputer.com/for...

"I take it you are on the West coast?"
Yes, 12 miles East of Perth, in the hills.

We were over in UK last year, rented a house for a month in Frome.


Report •

#68
March 14, 2013 at 01:23:10
"Aslo, can I use the Dell disc to try the upgrade - if I decide to go that route?"

You can try, but as per my post #44, this is what is really needed.

Whilst you are at work, ask everybody if they have your version of Vista on CD.

Also, when you get home, check your Dell CD & see if it has i386 ( about 450mb ) on it. I can then detail how to use it.

I think there may be other ways as well, lets see how you go with the above first.


Report •

#69
March 14, 2013 at 01:23:54
Frome? Never been there but supposed to be a nice town.

So when I'm going at this at night in England, you're cracking on in the morning??

Ok, I'll get back to this later today, thanks.


Report •

#70
March 14, 2013 at 01:27:29
"Would you recommend the in-place upgrade?"
No, not on an infected comp.

"For some reason I've never been able to DL and install the service packs, they always have failed"
Service packs can only be installed when there are no glitches of any form.


Report •

#71
March 14, 2013 at 01:32:49
Can I ask why I can't use the Dell disk? Wouldn't a reinstall on that do the same thing?

Report •

#72
March 14, 2013 at 01:41:27
"Can I ask why I can't use the Dell disk? Wouldn't a reinstall on that do the same thing?"
I was just about to research ( Google ) that now.

Report •

#73
March 14, 2013 at 01:55:17
Got an electrical storm going on here, just lost the internet for 15 mins.

This gives a very clear write up of installing on a new drive.

Do you know how to delete all your partitions & get back to factory. I other words, like a new drive.

http://techtips.salon.com/use-dell-...


Report •

#74
March 14, 2013 at 02:10:30
I think this is looking more of a sensible route to be honest.

So to confirm, this will mean wiping everything on the PC and starting from scratch again?


Report •

#75
March 14, 2013 at 03:12:11
Had to shutdown the comp, switch off the power to everything, electrical storm got on top of us.

"So to confirm, this will mean wiping everything on the PC and starting from scratch again?"
Yep, everything gone, back to factory.

Make sure all your thumb/external drives are not infected.

Doubt if anything on your infected HD can be trusted.

Also go back to my earlier post, re your modem/router, that has to be fully reset & a stronger password put in.

In other words, Admin + Admin is not good enough.


Report •

#76
March 14, 2013 at 03:29:07
You get those storms much? We just have miserable grey skies 365!

The only drives I have are the ones on the PC, or do you mean USBs etc too?


Report •

#77
March 14, 2013 at 03:39:14
"You get those storms much?"
No, we are in a temperate zone, 8 months of sunshine a year.

"or do you mean USBs etc too?"
Yep.


Report •

#78
March 14, 2013 at 03:42:15
More info.

Malware Prevention
http://www.malwarevault.com/prevent...
"There is no magic involved. The majority of malware is installed by the user themselves"


Report •

#79
March 14, 2013 at 03:46:59
Damn. 8 months a year. I feel even worse now!

Ok, I'll get cracking on this later tonight and come back once done to update.


Report •

#80
March 14, 2013 at 04:06:14
" come back once done to update"

I turn Auto Updates off.

Do the Service packs first, you have to install SP1 & then SP2.

How to obtain the latest Windows Vista service pack.
http://support.microsoft.com/kb/935791


Report •

#81
March 14, 2013 at 04:12:55
if you open up a cmd prompt "run as administrator" run SFC /SCANNOW it will output your cvs.log That log will have the list corrupted files in your winsxs store. The number one reason that you can't install service packs is because of corruption of the winsxs, also the reason why some windows updates fail. Also, the in-place upgrade does work well, but you should make sure that you are free of viruses first. Also I have been using MBAR a lot recently as TDSSkiller has been ineffective. Give that a shot and see what it finds.

http://www.bleepingcomputer.com/dow...

and directions

http://www.bleepingcomputer.com/vir...


Report •

#82
March 14, 2013 at 17:36:50
Ok, so I restored back to the factory image and have a new windows set up. SP1 and SP2 have been installed. All other updates installed too, 80 of them.

All seemed to be going well until I got a McAfee pop up for Svchost.exe looking to make a registry change to IE.

That can be a rootkit virus right? So I may not of got rid of it at all?


Report •

#83
March 14, 2013 at 17:47:14
"That can be a rootkit virus right? So I may not of got rid of it at all?"
Sounds like it.You can run ESET online again as we know it picks up most infections, even if it can't remove some of them. That way you will know where you stand.

When I was googling Ramnit, the 2 links I gave you in post #64 came up as able to remove some ramnit versions. Start with the microsoft one first.


Report •

#84
March 14, 2013 at 17:52:37
Running them now. However, as I am just setting up, could it just be IE asking permission from McAfee to perform certain actions i.e. completely innocent?

I've read Svchost.exe is also a standard windows function too.

It popped up after I started setting up Parental controls for my son.


Report •

#85
March 14, 2013 at 17:57:41
No viruses from Microsoft scan.

Report •

#86
March 14, 2013 at 18:01:29
"could it just be IE asking permission from McAfee"
How did McAfee get on the scene, ESET was your AV.

Report •

#87
March 14, 2013 at 18:03:42
It comes free with windows set up, 30 day trial. I've not long just got up and running again so will sort out ESET licience tomorrow and get rid of McAfee.

Having looked on the net, I can see that Parental Controls does link into Svchost.


Report •

#88
March 14, 2013 at 18:07:11
Kaspersky has come back clean too. I think all is ok. No other issues in terms of performance etc.

Report •

#89
March 14, 2013 at 18:16:19
Good news.

I use the Free AV Microsoft Security Essentials ( MSE ) with the Windows firewall.

What happens with most AV's, they ask too many questions, the average person, say's to themselves, what does that mean, click, click.
MSE sorts out everything.

http://www.softpedia.com/get/Antivi...
http://www.softpedia.com/progScreen...
http://www.techsupportalert.com/bes...
http://windows.microsoft.com/en-US/...
System requirements
http://www.microsoft.com/en-us/secu...
Can Microsoft Security Essentials ( MSE ) protect me from online banking and shopping.
http://answers.microsoft.com/en-us/...
If you choose to use Security Essentials, please follow the steps in this thread first, especially the part about removing all existing realtime antimalware:
http://kb.eset.com/esetkb/index?pag...


Report •

#90
March 14, 2013 at 18:21:17
I'll look into that tomorrow. That is also the reason I like ESET, as it sits quietly in the background and isn't as 'heavy' as McAfee/Norton etc taking up process space with crap. It rarely bothers you and updates quietly in the background.

Anyway, thanks so much for all of your help, persistance and patience with me over this - all very much appreciated.

I hope NOT to be back here asking the same stuff anytime soon!

All the best John


Report •

#91
March 14, 2013 at 18:26:02
Thanks Kane, very late night for you.

Report •

Ask Question