[A] Browser will not allow Google.com url. and running slow

Inactive
By reddog1992000
Mar 15, 2012
Topic Status:
Not open for further replies.
  1. My issue is that when I try to go to google.com I am sent to the local browser that is through the internet provider. I have free version AVG running and it is able to be used as a search engine. But still some websites that use Google search engine are inaccessible. I completed the 5 step processes here are the logs:

    Malwarebytes Anti-Malware 1.60.1.1000
    www.malwarebytes.org

    Database version: v2012.03.15.07

    Windows 7 x86 NTFS
    Internet Explorer 8.0.7600.16385
    Bertha :: BERTHA-PC [administrator]

    03/15/2012 2:25:56 PM
    mbam-log-2012-03-15 (14-25-56).txt

    Scan type: Quick scan
    Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
    Scan options disabled: P2P
    Objects scanned: 214758
    Time elapsed: 20 minute(s), 48 second(s)

    Memory Processes Detected: 1
    C:\Program Files\RecipeHub_2j\bar\1.bin\2jbrmon.exe (PUP.MyWebSearch) -> 3256 -> Delete on reboot.

    Memory Modules Detected: 5
    C:\Program Files\RecipeHub_2j\bar\1.bin\2jbrstub.dll (PUP.MyWebSearch) -> Delete on reboot.
    C:\Program Files\RecipeHub_2j\bar\1.bin\2jauxstb.dll (PUP.MyWebSearch) -> Delete on reboot.
    C:\Program Files\RecipeHub_2j\bar\1.bin\2jSrcAs.dll (PUP.MyWebSearch) -> Delete on reboot.
    C:\Program Files\RecipeHub_2j\bar\1.bin\2jdlghk.dll (PUP.MyWebSearch) -> Delete on reboot.
    C:\Program Files\RecipeHub_2j\bar\1.bin\2jieovr.dll (PUP.MyWebSearch) -> Delete on reboot.

    Registry Keys Detected: 21
    HKLM\SYSTEM\CurrentControlSet\Services\RecipeHub_2jService (PUP.MyWebSearch) -> Quarantined and deleted successfully.
    HKCR\CLSID\{b7acdf9c-c4f9-4d5d-998e-b147866b4d4c} (PUP.MyWebSearch) -> Quarantined and deleted successfully.
    HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{B7ACDF9C-C4F9-4D5D-998E-B147866B4D4C} (PUP.MyWebSearch) -> Quarantined and deleted successfully.
    HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Settings\{B7ACDF9C-C4F9-4D5D-998E-B147866B4D4C} (PUP.MyWebSearch) -> Quarantined and deleted successfully.
    HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{B7ACDF9C-C4F9-4D5D-998E-B147866B4D4C} (PUP.MyWebSearch) -> Quarantined and deleted successfully.
    HKCR\CLSID\{51653395-fe70-4b72-ba08-3c64b44f5d43} (PUP.MyWebSearch) -> Quarantined and deleted successfully.
    HKCR\TypeLib\{e7fc6003-06e8-4c2d-8756-a30fe9c95c73} (PUP.MyWebSearch) -> Quarantined and deleted successfully.
    HKCR\Interface\{DE67D450-2D67-4AE5-8D7A-43642382855B} (PUP.MyWebSearch) -> Quarantined and deleted successfully.
    HKCR\CLSID\{06e3475c-5521-4de8-bb12-50720f21631c} (PUP.MyWebSearch) -> Quarantined and deleted successfully.
    HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{06E3475C-5521-4DE8-BB12-50720F21631C} (PUP.MyWebSearch) -> Quarantined and deleted successfully.
    HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Settings\{06E3475C-5521-4DE8-BB12-50720F21631C} (PUP.MyWebSearch) -> Quarantined and deleted successfully.
    HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{06E3475C-5521-4DE8-BB12-50720F21631C} (PUP.MyWebSearch) -> Quarantined and deleted successfully.
    HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\RecipeHub_2jbar Uninstall (PUP.MyWebSearch) -> Quarantined and deleted successfully.
    HKCR\CLSID\{D9291F9E-7010-4D7A-8DF6-455DEEF8EF51} (PUP.LivingPlay) -> Quarantined and deleted successfully.
    HKCR\TypeLib\{8006F89E-63A1-402A-8DB7-08A4C58F95AA} (PUP.LivingPlay) -> Quarantined and deleted successfully.
    HKCR\Interface\{D4256C66-8177-4E19-8A13-2D43B2282D0D} (PUP.LivingPlay) -> Quarantined and deleted successfully.
    HKCR\lptlIE.TextLinks.1 (PUP.LivingPlay) -> Quarantined and deleted successfully.
    HKCR\lptlIE.TextLinks (PUP.LivingPlay) -> Quarantined and deleted successfully.
    HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{D9291F9E-7010-4D7A-8DF6-455DEEF8EF51} (PUP.LivingPlay) -> Quarantined and deleted successfully.
    HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Settings\{D9291F9E-7010-4D7A-8DF6-455DEEF8EF51} (PUP.LivingPlay) -> Quarantined and deleted successfully.
    HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{D9291F9E-7010-4D7A-8DF6-455DEEF8EF51} (PUP.LivingPlay) -> Quarantined and deleted successfully.

    Registry Values Detected: 2
    HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run|RecipeHub_2j Browser Plugin Loader (PUP.MyWebSearch) -> Data: C:\PROGRA~1\RECIPE~2\bar\1.bin\2jbrmon.exe -> Quarantined and deleted successfully.
    HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run|Recipe Hub Search Scope Monitor (PUP.MyWebSearch) -> Data: "C:\PROGRA~1\RECIPE~2\bar\1.bin\2jsrchmn.exe" /m=2 /w /h -> Quarantined and deleted successfully.

    Registry Data Items Detected: 0
    (No malicious items detected)

    Folders Detected: 3
    C:\Users\Bertha\AppData\Roaming\FunWebProducts (PUP.MyWebSearch) -> Quarantined and deleted successfully.
    C:\Users\Bertha\AppData\Roaming\FunWebProducts\Data (PUP.MyWebSearch) -> Quarantined and deleted successfully.
    C:\Users\Bertha\AppData\Roaming\FunWebProducts\Data\Bertha (PUP.MyWebSearch) -> Quarantined and deleted successfully.

    Files Detected: 18
    C:\Program Files\RecipeHub_2j\bar\1.bin\2jbrstub.dll (PUP.MyWebSearch) -> Delete on reboot.
    C:\Program Files\RecipeHub_2j\bar\1.bin\2jbarsvc.exe (PUP.MyWebSearch) -> Delete on reboot.
    C:\Program Files\RecipeHub_2j\bar\1.bin\2jbrmon.exe (PUP.MyWebSearch) -> Delete on reboot.
    C:\Program Files\RecipeHub_2j\bar\1.bin\2jauxstb.dll (PUP.MyWebSearch) -> Delete on reboot.
    C:\Program Files\RecipeHub_2j\bar\1.bin\2jSrcAs.dll (PUP.MyWebSearch) -> Delete on reboot.
    C:\Program Files\RecipeHub_2j\bar\1.bin\2jdlghk.dll (PUP.MyWebSearch) -> Delete on reboot.
    C:\Program Files\RecipeHub_2j\bar\1.bin\2jieovr.dll (PUP.MyWebSearch) -> Delete on reboot.
    C:\Program Files\RecipeHub_2j\bar\1.bin\2jSrchMn.exe (PUP.MyWebSearch) -> Quarantined and deleted successfully.
    C:\Program Files\RecipeHub_2j\bar\1.bin\2jbar.dll (PUP.MyWebSearch) -> Quarantined and deleted successfully.
    C:\Program Files\LivingPlay\lplaytl.dll (PUP.LivingPlay) -> Quarantined and deleted successfully.
    C:\$Recycle.Bin\S-1-5-21-262933362-4071809552-10700770-1000\$RXC4DVN.exe (PUP.BundleOffers.IIQ) -> Quarantined and deleted successfully.
    C:\Windows\Temp\hdgfsh.exe (Trojan.FakeAlert) -> Quarantined and deleted successfully.
    C:\Windows\Temp\nobffjnn.exe (Trojan.FakeAlert) -> Quarantined and deleted successfully.
    C:\Windows\Temp\xsrmaencow.exe (Rootkit.0Access) -> Quarantined and deleted successfully.
    C:\Windows\Temp\yr0.14940496277050175.exe (Trojan.FakeAlert) -> Quarantined and deleted successfully.
    C:\Users\Bertha\AppData\Roaming\FunWebProducts\Data\Bertha\avatar.dat (PUP.MyWebSearch) -> Quarantined and deleted successfully.
    C:\Users\Bertha\AppData\Roaming\FunWebProducts\Data\Bertha\register.dat (PUP.MyWebSearch) -> Quarantined and deleted successfully.
    C:\Users\Bertha\AppData\Roaming\FunWebProducts\Data\Bertha\zbucks.dat (PUP.MyWebSearch) -> Quarantined and deleted successfully.

    (end)

    GMER 1.0.15.15641 - http://www.gmer.net
    Rootkit quick scan 2012-03-15 15:03:42
    Windows 6.1.7600 Harddisk0\DR0 -> \Device\Ide\IAAStorageDevice-1 WDC_WD25 rev.02.0
    Running: sok3sxj8.exe; Driver: C:\Users\Bertha\AppData\Local\Temp\kwdiipow.sys


    ---- Disk sectors - GMER 1.0.15 ----

    Disk \Device\Harddisk0\DR0 MBR read error
    Disk \Device\Harddisk0\DR0 MBR BIOS signature not found 0

    ---- Devices - GMER 1.0.15 ----

    AttachedDevice \FileSystem\Ntfs \Ntfs AVGIDSFilter.Sys (IDS Application Activity Monitor Filter Driver./AVG Technologies CZ, s.r.o. )
    AttachedDevice \FileSystem\fastfat \Fat fltmgr.sys (Microsoft Filesystem Filter Manager/Microsoft Corporation)
    AttachedDevice \FileSystem\fastfat \Fat AVGIDSFilter.Sys (IDS Application Activity Monitor Filter Driver./AVG Technologies CZ, s.r.o. )
    AttachedDevice \Driver\tdx \Device\Ip avgtdix.sys (AVG Network connection watcher/AVG Technologies CZ, s.r.o.)
    AttachedDevice \Driver\tdx \Device\Tcp avgtdix.sys (AVG Network connection watcher/AVG Technologies CZ, s.r.o.)
    AttachedDevice \Driver\tdx \Device\Tcp tmtdi.sys (Trend Micro TDI Driver (i386-fre)/Trend Micro Inc.)
    AttachedDevice \Driver\tdx \Device\Udp avgtdix.sys (AVG Network connection watcher/AVG Technologies CZ, s.r.o.)
    AttachedDevice \Driver\tdx \Device\Udp tmtdi.sys (Trend Micro TDI Driver (i386-fre)/Trend Micro Inc.)
    AttachedDevice \Driver\tdx \Device\RawIp avgtdix.sys (AVG Network connection watcher/AVG Technologies CZ, s.r.o.)
    AttachedDevice \Driver\tdx \Device\RawIp tmtdi.sys (Trend Micro TDI Driver (i386-fre)/Trend Micro Inc.)

    ---- EOF - GMER 1.0.15 ----

    .
    DDS (Ver_2011-08-26.01) - NTFSx86
    Internet Explorer: 8.0.7600.16385
    Run by Bertha at 15:04:23 on 2012-03-15
    Microsoft Windows 7 Home Premium 6.1.7600.0.1252.1.1033.18.3036.1113 [GMT -7:00]
    .
    AV: AVG Anti-Virus Free Edition 2012 *Enabled/Updated* {5A2746B1-DEE9-F85A-FBCD-ADB11639C5F0}
    SP: AVG Anti-Virus Free Edition 2012 *Enabled/Updated* {E146A755-F8D3-F7D4-C17D-96C36DBE8F4D}
    SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
    FW: Trend Micro Personal Firewall *Enabled* {70A91CD9-303D-A217-A80E-6DEE136EDB2B}
    .
    ============== Running Processes ===============
    .
    C:\PROGRA~1\AVG\AVG2012\avgrsx.exe
    C:\Program Files\AVG\AVG2012\avgcsrvx.exe
    C:\Windows\system32\wininit.exe
    C:\Windows\system32\lsm.exe
    C:\Windows\system32\svchost.exe -k DcomLaunch
    C:\Windows\system32\svchost.exe -k RPCSS
    C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
    C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
    C:\Windows\system32\svchost.exe -k netsvcs
    C:\Windows\system32\svchost.exe -k LocalService
    C:\Windows\system32\svchost.exe -k NetworkService
    C:\Program Files\Common Files\SPBA\upeksvr.exe
    C:\Windows\System32\spoolsv.exe
    C:\Windows\System32\svchost.exe -k LocalServiceAndNoImpersonation
    C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
    C:\Program Files\Dell\Dell Data Protection\Access\Advanced\Wave\Trusted Drive Manager\TdmService.exe
    C:\Program Files\AVG\AVG2012\avgwdsvc.exe
    C:\Windows\system32\svchost.exe -k HsfXAudioService
    C:\Program Files\Kodak\AiO\Center\EKAiOHostService.exe
    C:\Program Files\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe
    C:\Windows\System32\svchost.exe -k HPZ12
    c:\Program Files\Trend Micro\Client Server Security Agent\ntrtscan.exe
    C:\Program Files\AVG\AVG2012\avgnsx.exe
    C:\Windows\System32\svchost.exe -k HPZ12
    C:\Program Files\Microsoft Application Virtualization Client\sftvsa.exe
    C:\Program Files\Microsoft SQL Server\90\Shared\sqlbrowser.exe
    C:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe
    C:\Windows\system32\svchost.exe -k imgsvc
    C:\Program Files\Common Files\AVG Secure Search\vToolbarUpdater\10.2.0\ToolbarUpdater.exe
    C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
    C:\Program Files\Microsoft Application Virtualization Client\sftlist.exe
    C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
    C:\Windows\system32\wbem\unsecapp.exe
    c:\Program Files\Trend Micro\Client Server Security Agent\HostedAgent\svcGenericHost.exe
    c:\Program Files\Trend Micro\Client Server Security Agent\tmlisten.exe
    C:\Windows\system32\wbem\wmiprvse.exe
    c:\Program Files\Trend Micro\Client Server Security Agent\HostedAgent\HostedAgent.exe
    C:\Program Files\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE
    C:\Windows\system32\conhost.exe
    C:\Program Files\AVG\AVG2012\AVGIDSAgent.exe
    C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
    c:\Program Files\Trend Micro\BM\TMBMSRV.exe
    C:\Windows\system32\WUDFHost.exe
    c:\Program Files\Trend Micro\Client Server Security Agent\TmPfw.exe
    c:\Program Files\Trend Micro\Client Server Security Agent\CNTAoSMgr.exe
    C:\Windows\system32\conhost.exe
    C:\Windows\system32\taskhost.exe
    C:\Windows\system32\Dwm.exe
    C:\Windows\Explorer.EXE
    C:\Windows\system32\SearchIndexer.exe
    C:\Program Files\Analog Devices\Core\smax4pnp.exe
    C:\Windows\System32\igfxtray.exe
    C:\Windows\System32\hkcmd.exe
    C:\Windows\System32\igfxpers.exe
    C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe
    C:\Program Files\CyberLink\PowerDVD9\PDVD9Serv.exe
    C:\Program Files\Roxio\OEM\Roxio Burn\RoxioBurnLauncher.exe
    C:\Program Files\Trend Micro\Client Server Security Agent\PccNTMon.exe
    C:\Program Files\Adobe\Acrobat 10.0\Acrobat\acrotray.exe
    C:\dell\DBRM\Reminder\DbrmTrayicon.exe
    C:\Program Files\Hewlett-Packard\HP PrecisionScan\PrecisionScan\HPLamp.exe
    C:\Windows\System32\spool\drivers\w32x86\3\EKAiO2MUI.exe
    C:\Program Files\AVG\AVG2012\avgtray.exe
    C:\Program Files\AVG Secure Search\vprot.exe
    C:\Program Files\Digital Line Detect\DLG.exe
    C:\Program Files\Windows Media Player\wmpnetwk.exe
    C:\Program Files\Internet Explorer\iexplore.exe
    C:\Program Files\Internet Explorer\iexplore.exe
    C:\Windows\system32\Macromed\Flash\FlashUtil10p_ActiveX.exe
    C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe
    C:\Windows\system32\sppsvc.exe
    C:\Program Files\Internet Explorer\iexplore.exe
    C:\Windows\system32\wuauclt.exe
    \\?\C:\Windows\system32\wbem\WMIADAP.EXE
    C:\Windows\system32\wbem\wmiprvse.exe
    C:\Windows\system32\SearchProtocolHost.exe
    C:\Windows\system32\SearchFilterHost.exe
    C:\Windows\system32\DllHost.exe
    C:\Windows\system32\DllHost.exe
    C:\Windows\system32\conhost.exe
    .
    ============== Pseudo HJT Report ===============
    .
    uURLSearchHooks: N/A: {cc8ae5b8-005b-4b1a-a27d-307eddffe5c8} - c:\program files\recipehub_2j\bar\1.bin\2jSrcAs.dll
    BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll
    BHO: TmIEPlugInBHO Class: {1ca1377b-dc1d-4a52-9585-6e06050fac53} - c:\program files\trend micro\client server security agent\bho\1009\TmIEPlg.dll
    BHO: AVG Safe Search: {3ca2f312-6f6e-4b53-a66e-4e65e497c8c0} - c:\program files\avg\avg2012\avgssie.dll
    BHO: ALOT Appbar Helper: {85f5cf95-ec8f-49fc-bb3f-38c79455cba2} - c:\program files\alotappbar\bin\bho\ALOTHelperBHO.dll
    BHO: Windows Live ID Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - c:\program files\common files\microsoft shared\windows live\WindowsLiveLogin.dll
    BHO: AVG Security Toolbar: {95b7759c-8c7f-4bf1-b163-73684a933233} - c:\program files\avg secure search\10.2.0.3\AVG Secure Search_toolbar.dll
    BHO: Windows Live Messenger Companion Helper: {9fdde16b-836f-4806-ab1f-1455cbeff289} - c:\program files\windows live\companion\companioncore.dll
    BHO: Adobe PDF Conversion Toolbar Helper: {ae7cd045-e861-484f-8273-0445ee161910} - c:\program files\common files\adobe\acrobat\activex\AcroIEFavClient.dll
    BHO: Office Document Cache Handler: {b4f3a835-0e21-4959-ba22-42b3008e02ff} - c:\progra~1\micros~4\office14\URLREDIR.DLL
    BHO: Dogpile Bundle Toolbar BHO: {bfe4b5cb-63f7-4a51-9266-6167655d5b4f} - c:\program files\dogpile bundle toolbar\Toolbar.dll
    BHO: Inbox Toolbar: {d3d233d5-9f6d-436c-b6c7-e63f77503b30} - c:\progra~1\inboxt~1\Inbox.dll
    BHO: Java(tm) Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
    BHO: SmartSelect Class: {f4971ee7-daa0-4053-9964-665d8ee6a077} - c:\program files\common files\adobe\acrobat\activex\AcroIEFavClient.dll
    TB: Adobe PDF: {47833539-d0c5-4125-9fa8-0819e2eaac93} - c:\program files\common files\adobe\acrobat\activex\AcroIEFavClient.dll
    TB: Dogpile Bundle Toolbar: {c80bdeb2-8735-44c6-bd55-a1ccd555667a} - c:\program files\dogpile bundle toolbar\Toolbar.dll
    TB: ALOT Appbar: {a531d99c-5a22-449b-83da-872725c6d0ed} - c:\program files\alotappbar\bin\ALOTHelper.dll
    TB: Recipe Hub: {cf51de5b-eb36-4114-bb69-84df63fbadb4} - c:\program files\recipehub_2j\bar\1.bin\2jbar.dll
    TB: AVG Security Toolbar: {95b7759c-8c7f-4bf1-b163-73684a933233} - c:\program files\avg secure search\10.2.0.3\AVG Secure Search_toolbar.dll
    TB: &Inbox Toolbar: {d7e97865-918f-41e4-9cd0-25ab1c574ce8} - c:\progra~1\inboxt~1\Inbox.dll
    TB: {BF7380FA-E3B4-4DB2-AF3E-9D8783A45BFC} - No File
    TB: {D4027C7F-154A-4066-A1AD-4243D8127440} - No File
    {e7df6bff-55a5-4eb7-a673-4ed3e9456d39}
    uRun: [DW6] "c:\program files\the weather channel fw\desktop\DesktopWeather.exe"
    uRun: [DW7] "c:\program files\the weather channel\the weather channel app\TWCApp.exe"
    mRun: [SoundMAXPnP] c:\program files\analog devices\core\smax4pnp.exe
    mRun: [IgfxTray] c:\windows\system32\igfxtray.exe
    mRun: [HotKeysCmds] c:\windows\system32\hkcmd.exe
    mRun: [Persistence] c:\windows\system32\igfxpers.exe
    mRun: [IAStorIcon] c:\program files\intel\intel(r) rapid storage technology\IAStorIcon.exe
    mRun: [RemoteControl9] "c:\program files\cyberlink\powerdvd9\PDVD9Serv.exe"
    mRun: [PDVD9LanguageShortcut] "c:\program files\cyberlink\powerdvd9\language\Language.exe"
    mRun: [RoxWatchTray] "c:\program files\common files\roxio shared\oem\12.0\sharedcom\RoxWatchTray12OEM.exe"
    mRun: [Desktop Disc Tool] "c:\program files\roxio\oem\roxio burn\RoxioBurnLauncher.exe"
    mRun: [OfficeScanNT Monitor] "c:\program files\trend micro\client server security agent\pccntmon.exe" -HideWindow
    mRun: [Adobe ARM] "c:\program files\common files\adobe\arm\1.0\AdobeARM.exe"
    mRun: [Adobe Acrobat Speed Launcher] "c:\program files\adobe\acrobat 10.0\acrobat\Acrobat_sl.exe"
    mRun: [Acrobat Assistant 8.0] "c:\program files\adobe\acrobat 10.0\acrobat\Acrotray.exe"
    mRun: [DBRMTray] c:\dell\dbrm\reminder\DbrmTrayIcon.exe
    mRun: [BCSSync] "c:\program files\microsoft office\office14\BCSSync.exe" /DelayServices
    mRun: [hpsjbmgr] c:\program files\hewlett-packard\hp precisionscan\precisionscan\hpsjbmgr.exe
    mRun: [HP Lamp] c:\program files\hewlett-packard\hp precisionscan\precisionscan\HPLamp.exe
    mRun: [Conime] %windir%\system32\conime.exe
    mRun: [EKAiO2StatusMonitor] c:\windows\system32\spool\drivers\w32x86\3\EKAiO2MUI.exe
    mRun: [AVG_TRAY] "c:\program files\avg\avg2012\avgtray.exe"
    mRun: [vProt] "c:\program files\avg secure search\vprot.exe"
    mRun: [ROC_roc_dec12] "c:\program files\avg secure search\ROC_roc_dec12.exe" /PROMPT /CMPID=roc_dec12
    mRun: [<NO NAME>]
    dRunOnce: [KodakHomeCenter] "c:\program files\kodak\aio\center\AiOHomeCenter.exe"
    StartupFolder: c:\progra~2\micros~1\windows\startm~1\programs\startup\digita~1.lnk - c:\program files\digital line detect\DLG.exe
    mPolicies-system: ConsentPromptBehaviorAdmin = 5 (0x5)
    mPolicies-system: ConsentPromptBehaviorUser = 3 (0x3)
    mPolicies-system: EnableUIADesktopToggle = 0 (0x0)
    mPolicies-system: DisableCAD = 1 (0x1)
    IE: Append Link Target to Existing PDF - c:\program files\common files\adobe\acrobat\activex\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
    IE: Append to Existing PDF - c:\program files\common files\adobe\acrobat\activex\AcroIEFavClient.dll/AcroIEAppend.html
    IE: Convert Link Target to Adobe PDF - c:\program files\common files\adobe\acrobat\activex\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
    IE: Convert to Adobe PDF - c:\program files\common files\adobe\acrobat\activex\AcroIEFavClient.dll/AcroIECapture.html
    IE: E&xport to Microsoft Excel - c:\progra~1\micros~4\office14\EXCEL.EXE/3000
    IE: Se&nd to OneNote - c:\progra~1\micros~4\office14\ONBttnIE.dll/105
    IE: {0000036B-C524-4050-81A0-243669A86B9F} - {B63DBA5F-523F-4B9C-A43D-65DF1977EAD3} - c:\program files\windows live\companion\companioncore.dll
    IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - c:\program files\windows live\writer\WriterBrowserExtension.dll
    IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - c:\program files\microsoft office\office14\ONBttnIE.dll
    IE: {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - {FFFDC614-B694-4AE6-AB38-5D6374584B52} - c:\program files\microsoft office\office14\ONBttnIELinkedNotes.dll
    IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~4\office12\REFIEBAR.DLL
    DPF: {17492023-C23A-453E-A040-C7C580BBF700} - hxxp://download.microsoft.com/download/E/5/6/E5611B10-0D6D-4117-8430-A67417AA88CD/LegitCheckControl.cab
    TCP: DhcpNameServer = 192.168.0.254
    TCP: Interfaces\{F1364B53-028A-497F-8521-A23C855D6DCC} : DhcpNameServer = 192.168.0.254
    Handler: inbox - {37540F19-DD4C-478B-B2DF-C19281BCAF27} - c:\progra~1\inboxt~1\Inbox.dll
    Handler: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - c:\program files\avg\avg2012\avgpp.dll
    Handler: tmpx - {0E526CB5-7446-41D1-A403-19BFE95E8C23} - c:\program files\trend micro\client server security agent\bho\1009\TmIEPlg.dll
    Handler: viprotocol - {B658800C-F66E-4EF3-AB85-6C0C227862A9} - c:\program files\common files\avg secure search\viprotocolinstaller\10.2.0\ViProtocol.dll
    Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - c:\program files\windows live\photo gallery\AlbumDownloadProtocolHandler.dll
    Notify: igfxcui - igfxdev.dll
    Notify: spba - c:\program files\common files\spba\homefus2.dll
    LSA: Authentication Packages = msv1_0 wvauth
    .
    ============= SERVICES / DRIVERS ===============
    .
    R0 AVGIDSEH;AVGIDSEH;c:\windows\system32\drivers\AVGIDSEH.sys [2011-7-11 23120]
    R0 Avgrkx86;AVG Anti-Rootkit Driver;c:\windows\system32\drivers\avgrkx86.sys [2011-9-13 32592]
    R1 Avgldx86;AVG AVI Loader Driver;c:\windows\system32\drivers\avgldx86.sys [2011-10-7 230608]
    R1 Avgmfx86;AVG Mini-Filter Resident Anti-Virus Shield;c:\windows\system32\drivers\avgmfx86.sys [2011-8-8 40016]
    R1 Avgtdix;AVG TDI Driver;c:\windows\system32\drivers\avgtdix.sys [2011-7-11 295248]
    R1 tmlwf;Trend Micro NDIS 6.0 Filter Driver;c:\windows\system32\drivers\tmlwf.sys [2009-7-15 146448]
    R2 AVGIDSAgent;AVGIDSAgent;c:\program files\avg\avg2012\AVGIDSAgent.exe [2011-10-12 4433248]
    R2 avgwd;AVG WatchDog;c:\program files\avg\avg2012\avgwdsvc.exe [2011-8-2 192776]
    R2 cvhsvc;Client Virtualization Handler;c:\program files\common files\microsoft shared\virtualization handler\CVHSVC.EXE [2012-1-4 822624]
    R2 HsfXAudioService;HsfXAudioService;c:\windows\system32\svchost.exe -k HsfXAudioService [2009-7-13 20992]
    R2 IAStorDataMgrSvc;Intel(R) Rapid Storage Technology;c:\program files\intel\intel(r) rapid storage technology\IAStorDataMgrSvc.exe [2011-4-4 13336]
    R2 Kodak AiO Network Discovery Service;Kodak AiO Network Discovery Service;c:\program files\kodak\aio\center\EKAiOHostService.exe [2011-12-19 394672]
    R2 MSSQL$CHURCHWINDOWS;SQL Server (CHURCHWINDOWS);c:\program files\microsoft sql server\mssql.1\mssql\binn\sqlservr.exe [2010-12-10 29293408]
    R2 sftlist;Application Virtualization Client;c:\program files\microsoft application virtualization client\sftlist.exe [2011-10-1 508776]
    R2 svcGenericHost;Trend Micro Client/Server Security Agent;c:\program files\trend micro\client server security agent\hostedagent\svcGenericHost.exe [2010-7-5 45056]
    R2 TmFilter;Trend Micro Filter;c:\program files\trend micro\client server security agent\TmXPFlt.sys [2010-5-10 230928]
    R2 TmPreFilter;Trend Micro PreFilter;c:\program files\trend micro\client server security agent\tmpreflt.sys [2010-5-10 36368]
    R2 tmwfp;Trend Micro WFP Callout Driver;c:\windows\system32\drivers\tmwfp.sys [2009-7-15 283152]
    R2 vToolbarUpdater10.2.0;vToolbarUpdater10.2.0;c:\program files\common files\avg secure search\vtoolbarupdater\10.2.0\ToolbarUpdater.exe [2012-3-12 918880]
    R3 AVGIDSDriver;AVGIDSDriver;c:\windows\system32\drivers\AVGIDSDriver.sys [2011-7-11 134736]
    R3 AVGIDSFilter;AVGIDSFilter;c:\windows\system32\drivers\AVGIDSFilter.sys [2011-7-11 24272]
    R3 AVGIDSShim;AVGIDSShim;c:\windows\system32\drivers\AVGIDSShim.sys [2011-10-4 16720]
    R3 e1kexpress;Intel(R) PRO/1000 PCI Express Network Connection Driver K;c:\windows\system32\drivers\e1k6232.sys [2011-4-5 224424]
    R3 Sftfs;Sftfs;c:\windows\system32\drivers\Sftfslh.sys [2011-10-1 579944]
    R3 Sftplay;Sftplay;c:\windows\system32\drivers\Sftplaylh.sys [2011-10-1 194408]
    R3 Sftredir;Sftredir;c:\windows\system32\drivers\Sftredirlh.sys [2011-10-1 21864]
    R3 Sftvol;Sftvol;c:\windows\system32\drivers\Sftvollh.sys [2011-10-1 19304]
    R3 sftvsa;Application Virtualization Service Agent;c:\program files\microsoft application virtualization client\sftvsa.exe [2011-10-1 219496]
    R3 tmevtmgr;tmevtmgr;c:\windows\system32\drivers\tmevtmgr.sys --> c:\windows\system32\drivers\tmevtmgr.sys [?]
    R3 TmPfw;Trend Micro Client/Server Security Agent Personal Firewall;c:\program files\trend micro\client server security agent\TmPfw.exe [2009-7-15 497008]
    S0 epstwnt;epstwnt;c:\windows\system32\drivers\epstwnt.mpd [2011-6-30 84480]
    S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\microsoft.net\framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
    S2 RoxWatch12;Roxio Hard Drive Watcher 12;c:\program files\common files\roxio shared\oem\12.0\sharedcom\RoxWatch12OEM.exe [2010-11-25 219632]
    S2 SHARSHTL;Shuttle Sharer;c:\windows\system32\drivers\Sharshtl.sys [2011-6-30 18432]
    S3 b57nd60x;Broadcom NetXtreme Gigabit Ethernet - NDIS 6.0;c:\windows\system32\drivers\b57nd60x.sys [2009-7-13 229888]
    S3 osppsvc;Office Software Protection Platform;c:\program files\common files\microsoft shared\officesoftwareprotectionplatform\OSPPSVC.EXE [2010-1-9 4640000]
    S3 RoxMediaDB12OEM;RoxMediaDB12OEM;c:\program files\common files\roxio shared\oem\12.0\sharedcom\RoxMediaDB12OEM.exe [2010-11-25 1116656]
    S3 TmProxy;Trend Micro Client/Server Security Agent Proxy Service;c:\program files\trend micro\client server security agent\TmProxy.exe [2009-7-15 689416]
    S3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\wat\WatAdminSvc.exe [2011-4-12 1343400]
    S4 wlcrasvc;Windows Live Mesh remote connections service;c:\program files\windows live\mesh\wlcrasvc.exe [2010-9-22 51040]
    .
    =============== Created Last 30 ================
    .
    2012-03-15 21:24:33 -------- d-----w- c:\users\bertha\appdata\roaming\Malwarebytes
    2012-03-15 21:24:26 -------- d-----w- c:\programdata\Malwarebytes
    2012-03-15 21:24:25 20464 ----a-w- c:\windows\system32\drivers\mbam.sys
    2012-03-15 21:24:25 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
    2012-03-06 18:26:53 -------- d-----w- c:\program files\The Weather Channel
    2012-02-18 03:56:33 -------- d-sh--w- C:\found.000
    .
    ==================== Find3M ====================
    .
    2012-01-03 13:10:50 47512 ----a-w- c:\windows\system32\AdobePDF.dll
    2012-01-03 13:10:48 22936 ----a-w- c:\windows\system32\AdobePDFUI.dll
    .
    ============= FINISH: 15:08:04.49 ===============
  2. Broni

    Broni Malware Annihilator Posts: 46,177   +251

    Welcome aboard [​IMG]

    Please, observe following rules:
    • Read all of my instructions very carefully. Your mistakes during cleaning process may have very serious consequences, like unbootable computer.
    • If you're stuck, or you're not sure about certain step, always ask before doing anything else.
    • Please refrain from running tools or applying updates other than those I suggest.
    • Never run more than one scan at a time.
    • Keep updating me regarding your computer behavior, good, or bad.
    • The cleaning process, once started, has to be completed. Even if your computer appears to act better, it may still be infected. Once the computer is totally clean, I'll certainly let you know.
    • If you leave the topic without explanation in the middle of a cleaning process, you may not be eligible to receive any more help in malware removal forum.
    • I close my topics if you have not replied in 5 days. If you need more time, simply let me know. If I closed your topic and you need it to be reopened, simply PM me.

    ==================================================================

    I still need Attach.txt part of DDS so please provide that.

    Then....

    Download TDSSKiller and save it to your desktop.
    • Extract (unzip) its contents to your desktop.
    • Open the TDSSKiller folder and doubleclick on TDSSKiller.exe to run the application, then on Start Scan.
    • If an infected file is detected, the default action will be Cure, click on Continue.
    • If a suspicious file is detected, the default action will be Skip, click on Continue.
    • It may ask you to reboot the computer to complete the process. Click on Reboot Now.
    • If no reboot is require, click on Report. A log file should appear. Please copy and paste the contents of that file here.
    • If a reboot is required, the report can also be found in your root directory (usually C:\ folder) in the form of TDSSKiller_xxxx_log.txt. Please copy and paste the contents of that file here.
  3. reddog1992000

    reddog1992000 Newcomer, in training Topic Starter

    DDS

    Here is the DDS file

    Attached Files:

    • DDS.txt
      File size:
      17.4 KB
      Views:
      1
  4. reddog1992000

    reddog1992000 Newcomer, in training Topic Starter

    TDSSKiller Results

    It wouldn't let me open the file, so I ran the computer in SafeMode and was able to run the application. Here are the results:

    11:35:14.0184 1696 TDSS rootkit removing tool 2.7.20.0 Mar 9 2012 17:10:43
    11:35:14.0199 1696 ============================================================
    11:35:14.0199 1696 Current date / time: 2012/03/18 11:35:14.0199
    11:35:14.0199 1696 SystemInfo:
    11:35:14.0199 1696
    11:35:14.0199 1696 OS Version: 6.1.7600 ServicePack: 0.0
    11:35:14.0199 1696 Product type: Workstation
    11:35:14.0199 1696 ComputerName: BERTHA-PC
    11:35:14.0199 1696 UserName: Bertha
    11:35:14.0199 1696 Windows directory: C:\Windows
    11:35:14.0199 1696 System windows directory: C:\Windows
    11:35:14.0199 1696 Processor architecture: Intel x86
    11:35:14.0199 1696 Number of processors: 2
    11:35:14.0199 1696 Page size: 0x1000
    11:35:14.0199 1696 Boot type: Safe boot
    11:35:14.0199 1696 ============================================================
    11:35:15.0572 1696 Drive \Device\Harddisk0\DR0 - Size: 0x3A35294400 (232.83 Gb), SectorSize: 0x200, Cylinders: 0x76BA, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000050
    11:35:15.0603 1696 \Device\Harddisk0\DR0:
    11:35:15.0603 1696 MBR used
    11:35:15.0603 1696 \Device\Harddisk0\DR0\Partition0: MBR, Type 0x7, StartLBA 0x14000, BlocksNum 0x1947000
    11:35:15.0603 1696 \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x195B000, BlocksNum 0x1B84D800
    11:35:15.0666 1696 Initialize success
    11:35:15.0666 1696 ============================================================
    11:35:17.0896 1732 ============================================================
    11:35:17.0896 1732 Scan started
    11:35:17.0896 1732 Mode: Manual;
    11:35:17.0896 1732 ============================================================
    11:35:19.0035 1732 1394ohci (d01e0b1cef9ee82100c2bb07294880ef) C:\Windows\system32\DRIVERS\1394ohci.sys
    11:35:19.0035 1732 1394ohci - ok
    11:35:19.0129 1732 ACPI (f0e07d144c8685b8774bc32fc8da4df0) C:\Windows\system32\DRIVERS\ACPI.sys
    11:35:19.0129 1732 ACPI - ok
    11:35:19.0332 1732 AcpiPmi (98d81ca942d19f7d9153b095162ac013) C:\Windows\system32\DRIVERS\acpipmi.sys
    11:35:19.0332 1732 AcpiPmi - ok
    11:35:19.0425 1732 ADIHdAudAddService (9ae87d8e973b18b0cda4a6ac69943ba5) C:\Windows\system32\drivers\ADIHdAud.sys
    11:35:19.0425 1732 ADIHdAudAddService - ok
    11:35:19.0534 1732 adp94xx (21e785ebd7dc90a06391141aac7892fb) C:\Windows\system32\DRIVERS\adp94xx.sys
    11:35:19.0550 1732 adp94xx - ok
    11:35:19.0706 1732 adpahci (0c676bc278d5b59ff5abd57bbe9123f2) C:\Windows\system32\DRIVERS\adpahci.sys
    11:35:19.0706 1732 adpahci - ok
    11:35:19.0909 1732 adpu320 (7c7b5ee4b7b822ec85321fe23a27db33) C:\Windows\system32\DRIVERS\adpu320.sys
    11:35:19.0909 1732 adpu320 - ok
    11:35:20.0080 1732 AFD (0db7a48388d54d154ebec120461a0fcd) C:\Windows\system32\drivers\afd.sys
    11:35:20.0096 1732 AFD - ok
    11:35:20.0236 1732 agp440 (507812c3054c21cef746b6ee3d04dd6e) C:\Windows\system32\DRIVERS\agp440.sys
    11:35:20.0236 1732 agp440 - ok
    11:35:20.0361 1732 aic78xx (8b30250d573a8f6b4bd23195160d8707) C:\Windows\system32\DRIVERS\djsvs.sys
    11:35:20.0361 1732 aic78xx - ok
    11:35:20.0533 1732 aliide (0d40bcf52ea90fc7df2aeab6503dea44) C:\Windows\system32\DRIVERS\aliide.sys
    11:35:20.0533 1732 aliide - ok
    11:35:20.0658 1732 amdagp (3c6600a0696e90a463771c7422e23ab5) C:\Windows\system32\DRIVERS\amdagp.sys
    11:35:20.0673 1732 amdagp - ok
    11:35:21.0079 1732 amdide (cd5914170297126b6266860198d1d4f0) C:\Windows\system32\DRIVERS\amdide.sys
    11:35:21.0079 1732 amdide - ok
    11:35:21.0204 1732 AmdK8 (00dda200d71bac534bf56a9db5dfd666) C:\Windows\system32\DRIVERS\amdk8.sys
    11:35:21.0204 1732 AmdK8 - ok
    11:35:21.0375 1732 AmdPPM (3cbf30f5370fda40dd3e87df38ea53b6) C:\Windows\system32\DRIVERS\amdppm.sys
    11:35:21.0375 1732 AmdPPM - ok
    11:35:21.0625 1732 amdsata (19ce906b4cdc11fc4fef5745f33a63b6) C:\Windows\system32\drivers\amdsata.sys
    11:35:21.0625 1732 amdsata - ok
    11:35:21.0781 1732 amdsbs (ea43af0c423ff267355f74e7a53bdaba) C:\Windows\system32\DRIVERS\amdsbs.sys
    11:35:21.0796 1732 amdsbs - ok
    11:35:21.0968 1732 amdxata (869e67d66be326a5a9159fba8746fa70) C:\Windows\system32\drivers\amdxata.sys
    11:35:21.0968 1732 amdxata - ok
    11:35:22.0108 1732 AppID (feb834c02ce1e84b6a38f953ca067706) C:\Windows\system32\drivers\appid.sys
    11:35:22.0108 1732 AppID - ok
    11:35:22.0483 1732 arc (2932004f49677bd84dbc72edb754ffb3) C:\Windows\system32\DRIVERS\arc.sys
    11:35:22.0483 1732 arc - ok
    11:35:22.0623 1732 arcsas (5d6f36c46fd283ae1b57bd2e9feb0bc7) C:\Windows\system32\DRIVERS\arcsas.sys
    11:35:22.0623 1732 arcsas - ok
    11:35:22.0779 1732 Aspi32 (20d04091eba710f6988f710507d85868) C:\Windows\system32\drivers\Aspi32.sys
    11:35:22.0779 1732 Aspi32 - ok
    11:35:22.0920 1732 AsyncMac (add2ade1c2b285ab8378d2daaf991481) C:\Windows\system32\DRIVERS\asyncmac.sys
    11:35:22.0920 1732 AsyncMac - ok
    11:35:23.0013 1732 atapi (338c86357871c167a96ab976519bf59e) C:\Windows\system32\DRIVERS\atapi.sys
    11:35:23.0013 1732 atapi - ok
    11:35:23.0216 1732 AVGIDSDriver (f6878b90a8a9795116bce335238e65af) C:\Windows\system32\DRIVERS\AVGIDSDriver.Sys
    11:35:23.0216 1732 AVGIDSDriver - ok
    11:35:23.0310 1732 AVGIDSEH (19a08a6728a6e02099d64268218cd799) C:\Windows\system32\DRIVERS\AVGIDSEH.Sys
    11:35:23.0310 1732 AVGIDSEH - ok
    11:35:23.0481 1732 AVGIDSFilter (f8927ab1dd086edeff2924a64dc89869) C:\Windows\system32\DRIVERS\AVGIDSFilter.Sys
    11:35:23.0481 1732 AVGIDSFilter - ok
    11:35:23.0684 1732 AVGIDSShim (dadca567891033dcf2ec4a3f9da46ae4) C:\Windows\system32\DRIVERS\AVGIDSShim.Sys
    11:35:23.0684 1732 AVGIDSShim - ok
    11:35:23.0778 1732 Avgldx86 (bf8118cd5e2255387b715b534d64acd1) C:\Windows\system32\DRIVERS\avgldx86.sys
    11:35:23.0778 1732 Avgldx86 - ok
    11:35:23.0934 1732 Avgmfx86 (1c77ef67f196466adc9924cb288afe87) C:\Windows\system32\DRIVERS\avgmfx86.sys
    11:35:23.0934 1732 Avgmfx86 - ok
    11:35:24.0339 1732 Avgrkx86 (f2038ed7284b79dcef581468121192a9) C:\Windows\system32\DRIVERS\avgrkx86.sys
    11:35:24.0355 1732 Avgrkx86 - ok
    11:35:24.0448 1732 Avgtdix (a6d562b612216d8d02a35ebeb92366bd) C:\Windows\system32\DRIVERS\avgtdix.sys
    11:35:24.0448 1732 Avgtdix - ok
    11:35:24.0542 1732 b06bdrv (1a231abec60fd316ec54c66715543cec) C:\Windows\system32\DRIVERS\bxvbdx.sys
    11:35:24.0542 1732 b06bdrv - ok
    11:35:24.0776 1732 b57nd60x (bd8869eb9cde6bbe4508d869929869ee) C:\Windows\system32\DRIVERS\b57nd60x.sys
    11:35:24.0776 1732 b57nd60x - ok
    11:35:24.0854 1732 Beep (505506526a9d467307b3c393dedaf858) C:\Windows\system32\drivers\Beep.sys
    11:35:24.0854 1732 Beep - ok
    11:35:24.0948 1732 blbdrive (2287078ed48fcfc477b05b20cf38f36f) C:\Windows\system32\DRIVERS\blbdrive.sys
    11:35:24.0948 1732 blbdrive - ok
    11:35:25.0135 1732 bowser (9a5c671b7fbae4865149bb11f59b91b2) C:\Windows\system32\DRIVERS\bowser.sys
    11:35:25.0135 1732 bowser - ok
    11:35:25.0306 1732 BrFiltLo (9f9acc7f7ccde8a15c282d3f88b43309) C:\Windows\system32\DRIVERS\BrFiltLo.sys
    11:35:25.0306 1732 BrFiltLo - ok
    11:35:25.0384 1732 BrFiltUp (56801ad62213a41f6497f96dee83755a) C:\Windows\system32\DRIVERS\BrFiltUp.sys
    11:35:25.0384 1732 BrFiltUp - ok
    11:35:25.0462 1732 Brserid (845b8ce732e67f3b4133164868c666ea) C:\Windows\System32\Drivers\Brserid.sys
    11:35:25.0462 1732 Brserid - ok
    11:35:25.0681 1732 BrSerWdm (203f0b1e73adadbbb7b7b1fabd901f6b) C:\Windows\System32\Drivers\BrSerWdm.sys
    11:35:25.0681 1732 BrSerWdm - ok
    11:35:25.0946 1732 BrUsbMdm (bd456606156ba17e60a04e18016ae54b) C:\Windows\System32\Drivers\BrUsbMdm.sys
    11:35:25.0946 1732 BrUsbMdm - ok
    11:35:26.0024 1732 BrUsbSer (af72ed54503f717a43268b3cc5faec2e) C:\Windows\System32\Drivers\BrUsbSer.sys
    11:35:26.0024 1732 BrUsbSer - ok
    11:35:26.0086 1732 BTHMODEM (ed3df7c56ce0084eb2034432fc56565a) C:\Windows\system32\DRIVERS\bthmodem.sys
    11:35:26.0102 1732 BTHMODEM - ok
    11:35:26.0258 1732 cdfs (77ea11b065e0a8ab902d78145ca51e10) C:\Windows\system32\DRIVERS\cdfs.sys
    11:35:26.0258 1732 cdfs - ok
    11:35:26.0336 1732 cdrom (ba6e70aa0e6091bc39de29477d866a77) C:\Windows\system32\DRIVERS\cdrom.sys
    11:35:26.0336 1732 cdrom - ok
    11:35:26.0414 1732 circlass (3fe3fe94a34df6fb06e6418d0f6a0060) C:\Windows\system32\DRIVERS\circlass.sys
    11:35:26.0414 1732 circlass - ok
    11:35:26.0476 1732 CLFS (635181e0e9bbf16871bf5380d71db02d) C:\Windows\system32\CLFS.sys
    11:35:26.0476 1732 CLFS - ok
    11:35:26.0586 1732 CmBatt (dea805815e587dad1dd2c502220b5616) C:\Windows\system32\DRIVERS\CmBatt.sys
    11:35:26.0586 1732 CmBatt - ok
    11:35:26.0632 1732 cmdide (c537b1db64d495b9b4717b4d6d9edbf2) C:\Windows\system32\DRIVERS\cmdide.sys
    11:35:26.0632 1732 cmdide - ok
    11:35:26.0710 1732 CNG (36c252e474b2ffa0f0fbbff20d92a640) C:\Windows\system32\Drivers\cng.sys
    11:35:26.0710 1732 CNG - ok
    11:35:27.0069 1732 Compbatt (a6023d3823c37043986713f118a89bee) C:\Windows\system32\DRIVERS\compbatt.sys
    11:35:27.0069 1732 Compbatt - ok
    11:35:27.0116 1732 CompositeBus (f1724ba27e97d627f808fb0ba77a28a6) C:\Windows\system32\DRIVERS\CompositeBus.sys
    11:35:27.0116 1732 CompositeBus - ok
    11:35:27.0210 1732 crcdisk (2c4ebcfc84a9b44f209dff6c6e6c61d1) C:\Windows\system32\DRIVERS\crcdisk.sys
    11:35:27.0210 1732 crcdisk - ok
    11:35:27.0412 1732 DfsC (83d1ecea8faae75604c0fa49ac7ad996) C:\Windows\system32\Drivers\dfsc.sys
    11:35:27.0412 1732 DfsC - ok
    11:35:27.0490 1732 discache (1a050b0274bfb3890703d490f330c0da) C:\Windows\system32\drivers\discache.sys
    11:35:27.0490 1732 discache - ok
    11:35:27.0568 1732 Disk (565003f326f99802e68ca78f2a68e9ff) C:\Windows\system32\DRIVERS\disk.sys
    11:35:27.0568 1732 Disk - ok
    11:35:27.0834 1732 drmkaud (b918e7c5f9bf77202f89e1a9539f2eb4) C:\Windows\system32\drivers\drmkaud.sys
    11:35:27.0834 1732 drmkaud - ok
    11:35:27.0912 1732 DXGKrnl (1679a4669326cb1a67cc95658d273234) C:\Windows\System32\drivers\dxgkrnl.sys
    11:35:27.0912 1732 DXGKrnl - ok
    11:35:28.0005 1732 e1kexpress (19e30c3c80d8ce29944b3f30ff9c8b76) C:\Windows\system32\DRIVERS\e1k6232.sys
    11:35:28.0005 1732 e1kexpress - ok
    11:35:28.0208 1732 ebdrv (024e1b5cac09731e4d868e64dbfb4ab0) C:\Windows\system32\DRIVERS\evbdx.sys
    11:35:28.0255 1732 ebdrv - ok
    11:35:28.0551 1732 elxstor (0ed67910c8c326796faa00b2bf6d9d3c) C:\Windows\system32\DRIVERS\elxstor.sys
    11:35:28.0567 1732 elxstor - ok
    11:35:28.0879 1732 epstwnt (e7587c11022880a9a6eabd534bfe90d0) C:\Windows\system32\Drivers\epstwnt.mpd
    11:35:28.0879 1732 epstwnt - ok
    11:35:28.0941 1732 ErrDev (8fc3208352dd3912c94367a206ab3f11) C:\Windows\system32\DRIVERS\errdev.sys
    11:35:28.0941 1732 ErrDev - ok
    11:35:29.0394 1732 exfat (2dc9108d74081149cc8b651d3a26207f) C:\Windows\system32\drivers\exfat.sys
    11:35:29.0394 1732 exfat - ok
    11:35:29.0534 1732 fastfat (7e0ab74553476622fb6ae36f73d97d35) C:\Windows\system32\drivers\fastfat.sys
    11:35:29.0534 1732 fastfat - ok
    11:35:29.0659 1732 fdc (e817a017f82df2a1f8cfdbda29388b29) C:\Windows\system32\DRIVERS\fdc.sys
    11:35:29.0659 1732 fdc - ok
    11:35:29.0940 1732 FileInfo (6cf00369c97f3cf563be99be983d13d8) C:\Windows\system32\drivers\fileinfo.sys
    11:35:29.0940 1732 FileInfo - ok
    11:35:30.0002 1732 Filetrace (42c51dc94c91da21cb9196eb64c45db9) C:\Windows\system32\drivers\filetrace.sys
    11:35:30.0002 1732 Filetrace - ok
    11:35:30.0080 1732 flpydisk (87907aa70cb3c56600f1c2fb8841579b) C:\Windows\system32\DRIVERS\flpydisk.sys
    11:35:30.0080 1732 flpydisk - ok
    11:35:30.0298 1732 FltMgr (7520ec808e0c35e0ee6f841294316653) C:\Windows\system32\drivers\fltmgr.sys
    11:35:30.0298 1732 FltMgr - ok
    11:35:30.0376 1732 FsDepends (1a16b57943853e598cff37fe2b8cbf1d) C:\Windows\system32\drivers\FsDepends.sys
    11:35:30.0376 1732 FsDepends - ok
    11:35:30.0439 1732 Fs_Rec (a574b4360e438977038aae4bf60d79a2) C:\Windows\system32\drivers\Fs_Rec.sys
    11:35:30.0439 1732 Fs_Rec - ok
    11:35:30.0517 1732 fvevol (dafbd9fe39197495aed6d51f3b85b5d2) C:\Windows\system32\DRIVERS\fvevol.sys
    11:35:30.0532 1732 fvevol - ok
    11:35:30.0595 1732 gagp30kx (65ee0c7a58b65e74ae05637418153938) C:\Windows\system32\DRIVERS\gagp30kx.sys
    11:35:30.0595 1732 gagp30kx - ok
    11:35:30.0798 1732 hcw85cir (c44e3c2bab6837db337ddee7544736db) C:\Windows\system32\drivers\hcw85cir.sys
    11:35:30.0813 1732 hcw85cir - ok
    11:35:30.0922 1732 HDAudBus (717a2207fd6f13ad3e664c7d5a43c7bf) C:\Windows\system32\DRIVERS\HDAudBus.sys
    11:35:30.0922 1732 HDAudBus - ok
    11:35:30.0985 1732 HidBatt (1d58a7f3e11a9731d0eaaaa8405acc36) C:\Windows\system32\DRIVERS\HidBatt.sys
    11:35:30.0985 1732 HidBatt - ok
    11:35:31.0063 1732 HidBth (89448f40e6df260c206a193a4683ba78) C:\Windows\system32\DRIVERS\hidbth.sys
    11:35:31.0063 1732 HidBth - ok
    11:35:31.0141 1732 HidIr (cf50b4cf4a4f229b9f3c08351f99ca5e) C:\Windows\system32\DRIVERS\hidir.sys
    11:35:31.0141 1732 HidIr - ok
    11:35:31.0234 1732 HidUsb (25072fb35ac90b25f9e4e3bacf774102) C:\Windows\system32\DRIVERS\hidusb.sys
    11:35:31.0234 1732 HidUsb - ok
    11:35:31.0531 1732 HpSAMD (295fdc419039090eb8b49ffdbb374549) C:\Windows\system32\DRIVERS\HpSAMD.sys
    11:35:31.0531 1732 HpSAMD - ok
    11:35:31.0624 1732 HSF_DPV (227c3ba25012752bb7450235392c719f) C:\Windows\system32\DRIVERS\HSX_DPV.sys
    11:35:31.0640 1732 HSF_DPV - ok
    11:35:31.0765 1732 HSXHWBS2 (186c11d0ca0e53b1ee266633b9d8b393) C:\Windows\system32\DRIVERS\HSXHWBS2.sys
    11:35:31.0765 1732 HSXHWBS2 - ok
    11:35:31.0827 1732 HTTP (c531c7fd9e8b62021112787c4e2c5a5a) C:\Windows\system32\drivers\HTTP.sys
    11:35:31.0827 1732 HTTP - ok
    11:35:31.0890 1732 hwpolicy (8305f33cde89ad6c7a0763ed0b5a8d42) C:\Windows\system32\drivers\hwpolicy.sys
    11:35:31.0890 1732 hwpolicy - ok
    11:35:31.0968 1732 i8042prt (f151f0bdc47f4a28b1b20a0818ea36d6) C:\Windows\system32\DRIVERS\i8042prt.sys
    11:35:31.0968 1732 i8042prt - ok
    11:35:32.0046 1732 iaStor (26541a068572f650a2fa490726fe81be) C:\Windows\system32\DRIVERS\iaStor.sys
    11:35:32.0046 1732 iaStor - ok
    11:35:32.0170 1732 iaStorV (71f1a494fedf4b33c02c4a6a28d6d9e9) C:\Windows\system32\drivers\iaStorV.sys
    11:35:32.0170 1732 iaStorV - ok
    11:35:32.0592 1732 igfx (0202fbccd44a92e3a8205123b2d4e8d8) C:\Windows\system32\DRIVERS\igdkmd32.sys
    11:35:32.0748 1732 igfx - ok
    11:35:32.0904 1732 iirsp (4173ff5708f3236cf25195fecd742915) C:\Windows\system32\DRIVERS\iirsp.sys
    11:35:32.0904 1732 iirsp - ok
    11:35:32.0966 1732 intelide (a0f12f2c9ba6c72f3987ce780e77c130) C:\Windows\system32\DRIVERS\intelide.sys
    11:35:32.0966 1732 intelide - ok
    11:35:33.0028 1732 intelppm (3b514d27bfc4accb4037bc6685f766e0) C:\Windows\system32\DRIVERS\intelppm.sys
    11:35:33.0028 1732 intelppm - ok
    11:35:33.0216 1732 IpFilterDriver (709d1761d3b19a932ff0238ea6d50200) C:\Windows\system32\DRIVERS\ipfltdrv.sys
    11:35:33.0216 1732 IpFilterDriver - ok
    11:35:33.0434 1732 IPMIDRV (e4454b6c37d7ffd5649611f6496308a7) C:\Windows\system32\DRIVERS\IPMIDrv.sys
    11:35:33.0434 1732 IPMIDRV - ok
    11:35:33.0496 1732 IPNAT (a5fa468d67abcdaa36264e463a7bb0cd) C:\Windows\system32\drivers\ipnat.sys
    11:35:33.0496 1732 IPNAT - ok
    11:35:33.0574 1732 IRENUM (42996cff20a3084a56017b7902307e9f) C:\Windows\system32\drivers\irenum.sys
    11:35:33.0574 1732 IRENUM - ok
    11:35:33.0980 1732 isapnp (1f32bb6b38f62f7df1a7ab7292638a35) C:\Windows\system32\DRIVERS\isapnp.sys
    11:35:33.0980 1732 isapnp - ok
    11:35:34.0058 1732 iScsiPrt (ed46c223ae46c6866ab77cdc41c404b7) C:\Windows\system32\DRIVERS\msiscsi.sys
    11:35:34.0058 1732 iScsiPrt - ok
    11:35:34.0136 1732 kbdclass (adef52ca1aeae82b50df86b56413107e) C:\Windows\system32\DRIVERS\kbdclass.sys
    11:35:34.0136 1732 kbdclass - ok
    11:35:34.0245 1732 kbdhid (3d9f0ebf350edcfd6498057301455964) C:\Windows\system32\DRIVERS\kbdhid.sys
    11:35:34.0245 1732 kbdhid - ok
    11:35:34.0495 1732 KSecDD (0263364acb9c834ace52fb85c2c064ec) C:\Windows\system32\Drivers\ksecdd.sys
    11:35:34.0495 1732 KSecDD - ok
    11:35:34.0604 1732 KSecPkg (27391db553be2a4e2b0adeea2873b2af) C:\Windows\system32\Drivers\ksecpkg.sys
    11:35:34.0604 1732 KSecPkg - ok
    11:35:34.0729 1732 lltdio (f7611ec07349979da9b0ae1f18ccc7a6) C:\Windows\system32\DRIVERS\lltdio.sys
    11:35:34.0729 1732 lltdio - ok
    11:35:34.0978 1732 LSI_FC (eb119a53ccf2acc000ac71b065b78fef) C:\Windows\system32\DRIVERS\lsi_fc.sys
    11:35:34.0978 1732 LSI_FC - ok
    11:35:35.0056 1732 LSI_SAS (8ade1c877256a22e49b75d1cc9161f9c) C:\Windows\system32\DRIVERS\lsi_sas.sys
    11:35:35.0072 1732 LSI_SAS - ok
    11:35:35.0134 1732 LSI_SAS2 (dc9dc3d3daa0e276fd2ec262e38b11e9) C:\Windows\system32\DRIVERS\lsi_sas2.sys
    11:35:35.0134 1732 LSI_SAS2 - ok
    11:35:35.0181 1732 LSI_SCSI (0a036c7d7cab643a7f07135ac47e0524) C:\Windows\system32\DRIVERS\lsi_scsi.sys
    11:35:35.0181 1732 LSI_SCSI - ok
    11:35:35.0244 1732 luafv (6703e366cc18d3b6e534f5cf7df39cee) C:\Windows\system32\drivers\luafv.sys
    11:35:35.0244 1732 luafv - ok
    11:35:35.0337 1732 mdmxsdk (0cea2d0d3fa284b85ed5b68365114f76) C:\Windows\system32\DRIVERS\mdmxsdk.sys
    11:35:35.0337 1732 mdmxsdk - ok
    11:35:35.0400 1732 megasas (0fff5b045293002ab38eb1fd1fc2fb74) C:\Windows\system32\DRIVERS\megasas.sys
    11:35:35.0415 1732 megasas - ok
    11:35:35.0493 1732 MegaSR (dcbab2920c75f390caf1d29f675d03d6) C:\Windows\system32\DRIVERS\MegaSR.sys
    11:35:35.0493 1732 MegaSR - ok
    11:35:35.0509 1732 Modem (f001861e5700ee84e2d4e52c712f4964) C:\Windows\system32\drivers\modem.sys
    11:35:35.0524 1732 Modem - ok
    11:35:35.0634 1732 monitor (79d10964de86b292320e9dfe02282a23) C:\Windows\system32\DRIVERS\monitor.sys
    11:35:35.0634 1732 monitor - ok
    11:35:35.0758 1732 mouclass (fb18cc1d4c2e716b6b903b0ac0cc0609) C:\Windows\system32\DRIVERS\mouclass.sys
    11:35:35.0758 1732 mouclass - ok
    11:35:35.0836 1732 mouhid (2c388d2cd01c9042596cf3c8f3c7b24d) C:\Windows\system32\DRIVERS\mouhid.sys
    11:35:35.0836 1732 mouhid - ok
    11:35:35.0899 1732 mountmgr (921c18727c5920d6c0300736646931c2) C:\Windows\system32\drivers\mountmgr.sys
    11:35:35.0914 1732 mountmgr - ok
    11:35:35.0977 1732 mpio (2af5997438c55fb79d33d015c30e1974) C:\Windows\system32\DRIVERS\mpio.sys
    11:35:35.0992 1732 mpio - ok
    11:35:36.0055 1732 mpsdrv (ad2723a7b53dd1aacae6ad8c0bfbf4d0) C:\Windows\system32\drivers\mpsdrv.sys
    11:35:36.0055 1732 mpsdrv - ok
    11:35:36.0086 1732 MRxDAV (b1be47008d20e43da3adc37c24cdb89d) C:\Windows\system32\drivers\mrxdav.sys
    11:35:36.0102 1732 MRxDAV - ok
    11:35:36.0226 1732 mrxsmb (ca7570e42522e24324a12161db14ec02) C:\Windows\system32\DRIVERS\mrxsmb.sys
    11:35:36.0226 1732 mrxsmb - ok
    11:35:36.0367 1732 mrxsmb10 (f965c3ab2b2ae5c378f4562486e35051) C:\Windows\system32\DRIVERS\mrxsmb10.sys
    11:35:36.0367 1732 mrxsmb10 - ok
    11:35:36.0523 1732 mrxsmb20 (25c38264a3c72594dd21d355d70d7a5d) C:\Windows\system32\DRIVERS\mrxsmb20.sys
    11:35:36.0523 1732 mrxsmb20 - ok
    11:35:36.0585 1732 msahci (cb5d37e91135b0f15cee64d1f1ba5de5) C:\Windows\system32\DRIVERS\msahci.sys
    11:35:36.0585 1732 msahci - ok
    11:35:36.0616 1732 msdsm (455029c7174a2dbb03dba8a0d8bddd9a) C:\Windows\system32\DRIVERS\msdsm.sys
    11:35:36.0616 1732 msdsm - ok
    11:35:36.0741 1732 Msfs (daefb28e3af5a76abcc2c3078c07327f) C:\Windows\system32\drivers\Msfs.sys
    11:35:36.0741 1732 Msfs - ok
    11:35:36.0804 1732 mshidkmdf (3e1e5767043c5af9367f0056295e9f84) C:\Windows\System32\drivers\mshidkmdf.sys
    11:35:36.0804 1732 mshidkmdf - ok
    11:35:36.0835 1732 msisadrv (0a4e5757ae09fa9622e3158cc1aef114) C:\Windows\system32\DRIVERS\msisadrv.sys
    11:35:36.0835 1732 msisadrv - ok
    11:35:36.0944 1732 MSKSSRV (8c0860d6366aaffb6c5bb9df9448e631) C:\Windows\system32\drivers\MSKSSRV.sys
    11:35:36.0944 1732 MSKSSRV - ok
    11:35:37.0022 1732 MSPCLOCK (3ea8b949f963562cedbb549eac0c11ce) C:\Windows\system32\drivers\MSPCLOCK.sys
    11:35:37.0022 1732 MSPCLOCK - ok
    11:35:37.0084 1732 MSPQM (f456e973590d663b1073e9c463b40932) C:\Windows\system32\drivers\MSPQM.sys
    11:35:37.0084 1732 MSPQM - ok
    11:35:37.0131 1732 MsRPC (0e008fc4819d238c51d7c93e7b41e560) C:\Windows\system32\drivers\MsRPC.sys
    11:35:37.0131 1732 MsRPC - ok
    11:35:37.0209 1732 mssmbios (fc6b9ff600cc585ea38b12589bd4e246) C:\Windows\system32\DRIVERS\mssmbios.sys
    11:35:37.0209 1732 mssmbios - ok
    11:35:37.0287 1732 MSTEE (b42c6b921f61a6e55159b8be6cd54a36) C:\Windows\system32\drivers\MSTEE.sys
    11:35:37.0303 1732 MSTEE - ok
    11:35:37.0318 1732 MTConfig (33599130f44e1f34631cea241de8ac84) C:\Windows\system32\DRIVERS\MTConfig.sys
    11:35:37.0318 1732 MTConfig - ok
    11:35:37.0459 1732 Mup (159fad02f64e6381758c990f753bcc80) C:\Windows\system32\Drivers\mup.sys
    11:35:37.0459 1732 Mup - ok
    11:35:37.0599 1732 NAL (428c611928df3e96538a482117e659f7) C:\Windows\system32\Drivers\iqvw32.sys
    11:35:37.0615 1732 NAL - ok
    11:35:37.0693 1732 NativeWifiP (26384429fcd85d83746f63e798ab1480) C:\Windows\system32\DRIVERS\nwifi.sys
    11:35:37.0693 1732 NativeWifiP - ok
    11:35:37.0818 1732 NDIS (23759d175a0a9baaf04d05047bc135a8) C:\Windows\system32\drivers\ndis.sys
    11:35:37.0833 1732 NDIS - ok
    11:35:37.0927 1732 NdisCap (0e1787aa6c9191d3d319e8bafe86f80c) C:\Windows\system32\DRIVERS\ndiscap.sys
    11:35:37.0927 1732 NdisCap - ok
    11:35:37.0974 1732 NdisTapi (e4a8aec125a2e43a9e32afeea7c9c888) C:\Windows\system32\DRIVERS\ndistapi.sys
    11:35:37.0974 1732 NdisTapi - ok
    11:35:38.0098 1732 Ndisuio (b30ae7f2b6d7e343b0df32e6c08fce75) C:\Windows\system32\DRIVERS\ndisuio.sys
    11:35:38.0098 1732 Ndisuio - ok
    11:35:38.0161 1732 NdisWan (267c415eadcbe53c9ca873dee39cf3a4) C:\Windows\system32\DRIVERS\ndiswan.sys
    11:35:38.0161 1732 NdisWan - ok
    11:35:38.0208 1732 NDProxy (af7e7c63dcef3f8772726f86039d6eb4) C:\Windows\system32\drivers\NDProxy.sys
    11:35:38.0208 1732 NDProxy - ok
    11:35:38.0301 1732 NetBIOS (80b275b1ce3b0e79909db7b39af74d51) C:\Windows\system32\DRIVERS\netbios.sys
    11:35:38.0301 1732 NetBIOS - ok
    11:35:38.0332 1732 NetBT (dd52a733bf4ca5af84562a5e2f963b91) C:\Windows\system32\DRIVERS\netbt.sys
    11:35:38.0332 1732 NetBT - ok
    11:35:38.0520 1732 nfrd960 (1d85c4b390b0ee09c7a46b91efb2c097) C:\Windows\system32\DRIVERS\nfrd960.sys
    11:35:38.0520 1732 nfrd960 - ok
    11:35:38.0582 1732 Npfs (1db262a9f8c087e8153d89bef3d2235f) C:\Windows\system32\drivers\Npfs.sys
    11:35:38.0582 1732 Npfs - ok
    11:35:38.0644 1732 nsiproxy (e9a0a4d07e53d8fea2bb8387a3293c58) C:\Windows\system32\drivers\nsiproxy.sys
    11:35:38.0644 1732 nsiproxy - ok
    11:35:38.0785 1732 Ntfs (187002ce05693c306f43c873f821381f) C:\Windows\system32\drivers\Ntfs.sys
    11:35:38.0816 1732 Ntfs - ok
    11:35:38.0910 1732 Null (f9756a98d69098dca8945d62858a812c) C:\Windows\system32\drivers\Null.sys
    11:35:38.0910 1732 Null - ok
    11:35:38.0956 1732 nvraid (f1b0bed906f97e16f6d0c3629d2f21c6) C:\Windows\system32\drivers\nvraid.sys
    11:35:38.0956 1732 nvraid - ok
    11:35:39.0112 1732 nvstor (4520b63899e867f354ee012d34e11536) C:\Windows\system32\drivers\nvstor.sys
    11:35:39.0112 1732 nvstor - ok
    11:35:39.0190 1732 nv_agp (5a0983915f02bae73267cc2a041f717d) C:\Windows\system32\DRIVERS\nv_agp.sys
    11:35:39.0190 1732 nv_agp - ok
    11:35:39.0315 1732 ohci1394 (08a70a1f2cdde9bb49b885cb817a66eb) C:\Windows\system32\DRIVERS\ohci1394.sys
    11:35:39.0315 1732 ohci1394 - ok
    11:35:39.0424 1732 Parport (2ea877ed5dd9713c5ac74e8ea7348d14) C:\Windows\system32\DRIVERS\parport.sys
    11:35:39.0424 1732 Parport - ok
    11:35:39.0440 1732 partmgr (ff4218952b51de44fe910953a3e686b9) C:\Windows\system32\drivers\partmgr.sys
    11:35:39.0456 1732 partmgr - ok
    11:35:39.0534 1732 Parvdm (eb0a59f29c19b86479d36b35983daadc) C:\Windows\system32\DRIVERS\parvdm.sys
    11:35:39.0534 1732 Parvdm - ok
    11:35:39.0596 1732 PBADRV (4088c1ecd1f54281a92fa663b0fdc36f) C:\Windows\system32\DRIVERS\PBADRV.sys
    11:35:39.0596 1732 PBADRV - ok
    11:35:39.0674 1732 pci (c858cb77c577780ecc456a892e7e7d0f) C:\Windows\system32\DRIVERS\pci.sys
    11:35:39.0674 1732 pci - ok
    11:35:39.0752 1732 pciide (afe86f419014db4e5593f69ffe26ce0a) C:\Windows\system32\DRIVERS\pciide.sys
    11:35:39.0752 1732 pciide - ok
    11:35:39.0830 1732 pcmcia (f396431b31693e71e8a80687ef523506) C:\Windows\system32\DRIVERS\pcmcia.sys
    11:35:39.0830 1732 pcmcia - ok
    11:35:39.0939 1732 pcw (250f6b43d2b613172035c6747aeeb19f) C:\Windows\system32\drivers\pcw.sys
    11:35:39.0939 1732 pcw - ok
    11:35:40.0017 1732 PEAUTH (9e0104ba49f4e6973749a02bf41344ed) C:\Windows\system32\drivers\peauth.sys
    11:35:40.0033 1732 PEAUTH - ok
    11:35:40.0579 1732 PptpMiniport (631e3e205ad6d86f2aed6a4a8e69f2db) C:\Windows\system32\DRIVERS\raspptp.sys
    11:35:40.0594 1732 PptpMiniport - ok
    11:35:40.0704 1732 Processor (85b1e3a0c7585bc4aae6899ec6fcf011) C:\Windows\system32\DRIVERS\processr.sys
    11:35:40.0704 1732 Processor - ok
    11:35:40.0828 1732 Psched (6270ccae2a86de6d146529fe55b3246a) C:\Windows\system32\DRIVERS\pacer.sys
    11:35:40.0828 1732 Psched - ok
    11:35:40.0906 1732 PxHelp20 (e42e3433dbb4cffe8fdd91eab29aea8e) C:\Windows\system32\Drivers\PxHelp20.sys
    11:35:40.0906 1732 PxHelp20 - ok
    11:35:41.0000 1732 ql2300 (ab95ecf1f6659a60ddc166d8315b0751) C:\Windows\system32\DRIVERS\ql2300.sys
    11:35:41.0031 1732 ql2300 - ok
    11:35:41.0187 1732 ql40xx (b4dd51dd25182244b86737dc51af2270) C:\Windows\system32\DRIVERS\ql40xx.sys
    11:35:41.0187 1732 ql40xx - ok
    11:35:41.0265 1732 QWAVEdrv (584078ca1b95ca72df2a27c336f9719d) C:\Windows\system32\drivers\qwavedrv.sys
    11:35:41.0265 1732 QWAVEdrv - ok
    11:35:41.0343 1732 RasAcd (30a81b53c766d0133bb86d234e5556ab) C:\Windows\system32\DRIVERS\rasacd.sys
    11:35:41.0343 1732 RasAcd - ok
    11:35:41.0421 1732 RasAgileVpn (57ec4aef73660166074d8f7f31c0d4fd) C:\Windows\system32\DRIVERS\AgileVpn.sys
    11:35:41.0421 1732 RasAgileVpn - ok
    11:35:41.0499 1732 Rasl2tp (d9f91eafec2815365cbe6d167e4e332a) C:\Windows\system32\DRIVERS\rasl2tp.sys
    11:35:41.0499 1732 Rasl2tp - ok
    11:35:41.0577 1732 RasPppoe (0fe8b15916307a6ac12bfb6a63e45507) C:\Windows\system32\DRIVERS\raspppoe.sys
    11:35:41.0577 1732 RasPppoe - ok
    11:35:41.0718 1732 RasSstp (44101f495a83ea6401d886e7fd70096b) C:\Windows\system32\DRIVERS\rassstp.sys
    11:35:41.0733 1732 RasSstp - ok
    11:35:41.0796 1732 rdbss (835d7e81bf517a3b72384bdcc85e1ce6) C:\Windows\system32\DRIVERS\rdbss.sys
    11:35:41.0796 1732 rdbss - ok
    11:35:41.0858 1732 rdpbus (0d8f05481cb76e70e1da06ee9f0da9df) C:\Windows\system32\DRIVERS\rdpbus.sys
    11:35:41.0858 1732 rdpbus - ok
    11:35:41.0920 1732 RDPCDD (1e016846895b15a99f9a176a05029075) C:\Windows\system32\DRIVERS\RDPCDD.sys
    11:35:41.0920 1732 RDPCDD - ok
    11:35:42.0014 1732 RDPENCDD (5a53ca1598dd4156d44196d200c94b8a) C:\Windows\system32\drivers\rdpencdd.sys
    11:35:42.0014 1732 RDPENCDD - ok
    11:35:42.0092 1732 RDPREFMP (44b0a53cd4f27d50ed461dae0c0b4e1f) C:\Windows\system32\drivers\rdprefmp.sys
    11:35:42.0092 1732 RDPREFMP - ok
    11:35:42.0232 1732 RDPWD (801371ba9782282892d00aadb08ee367) C:\Windows\system32\drivers\RDPWD.sys
    11:35:42.0232 1732 RDPWD - ok
    11:35:42.0404 1732 rdyboost (4ea225bf1cf05e158853f30a99ca29a7) C:\Windows\system32\drivers\rdyboost.sys
    11:35:42.0404 1732 rdyboost - ok
    11:35:42.0732 1732 rspndr (032b0d36ad92b582d869879f5af5b928) C:\Windows\system32\DRIVERS\rspndr.sys
    11:35:42.0732 1732 rspndr - ok
    11:35:42.0794 1732 sbp2port (34ee0c44b724e3e4ce2eff29126de5b5) C:\Windows\system32\DRIVERS\sbp2port.sys
    11:35:42.0810 1732 sbp2port - ok
    11:35:42.0888 1732 scfilter (a95c54b2ac3cc9c73fcdf9e51a1d6b51) C:\Windows\system32\DRIVERS\scfilter.sys
    11:35:42.0888 1732 scfilter - ok
    11:35:42.0966 1732 secdrv (90a3935d05b494a5a39d37e71f09a677) C:\Windows\system32\drivers\secdrv.sys
    11:35:42.0981 1732 secdrv - ok
    11:35:43.0075 1732 Serenum (9ad8b8b515e3df6acd4212ef465de2d1) C:\Windows\system32\DRIVERS\serenum.sys
    11:35:43.0075 1732 Serenum - ok
    11:35:43.0137 1732 Serial (5fb7fcea0490d821f26f39cc5ea3d1e2) C:\Windows\system32\DRIVERS\serial.sys
    11:35:43.0137 1732 Serial - ok
    11:35:43.0215 1732 sermouse (79bffb520327ff916a582dfea17aa813) C:\Windows\system32\DRIVERS\sermouse.sys
    11:35:43.0215 1732 sermouse - ok
    11:35:44.0307 1732 sffdisk (9f976e1eb233df46fce808d9dea3eb9c) C:\Windows\system32\DRIVERS\sffdisk.sys
    11:35:44.0307 1732 sffdisk - ok
    11:35:44.0385 1732 sffp_mmc (932a68ee27833cfd57c1639d375f2731) C:\Windows\system32\DRIVERS\sffp_mmc.sys
    11:35:44.0385 1732 sffp_mmc - ok
    11:35:44.0463 1732 sffp_sd (a0708bbd07d245c06ff9de549ca47185) C:\Windows\system32\DRIVERS\sffp_sd.sys
    11:35:44.0463 1732 sffp_sd - ok
    11:35:44.0713 1732 sfloppy (db96666cc8312ebc45032f30b007a547) C:\Windows\system32\DRIVERS\sfloppy.sys
    11:35:44.0713 1732 sfloppy - ok
    11:35:45.0212 1732 Sftfs (d9b734638dd8dba9d59aad3189cd0fad) C:\Windows\system32\DRIVERS\Sftfslh.sys
    11:35:45.0212 1732 Sftfs - ok
    11:35:46.0086 1732 Sftplay (2f61bd46c0bff4eb36e1e359ca17bfc5) C:\Windows\system32\DRIVERS\Sftplaylh.sys
    11:35:46.0086 1732 Sftplay - ok
    11:35:46.0398 1732 Sftredir (518bac0179f94304f422696b47c0ec12) C:\Windows\system32\DRIVERS\Sftredirlh.sys
    11:35:46.0398 1732 Sftredir - ok
    11:35:46.0538 1732 Sftvol (747325236d88b3f05ffd27ff9ec711c5) C:\Windows\system32\DRIVERS\Sftvollh.sys
    11:35:46.0538 1732 Sftvol - ok
    11:35:46.0912 1732 SHARSHTL (0a988950f625145a0730ba717f9c1c05) C:\Windows\System32\Drivers\sharshtl.sys
    11:35:46.0912 1732 SHARSHTL - ok
    11:35:46.0975 1732 sisagp (2565cac0dc9fe0371bdce60832582b2e) C:\Windows\system32\DRIVERS\sisagp.sys
    11:35:46.0975 1732 sisagp - ok
    11:35:47.0037 1732 SiSRaid2 (a9f0486851becb6dda1d89d381e71055) C:\Windows\system32\DRIVERS\SiSRaid2.sys
    11:35:47.0053 1732 SiSRaid2 - ok
    11:35:47.0068 1732 SiSRaid4 (3727097b55738e2f554972c3be5bc1aa) C:\Windows\system32\DRIVERS\sisraid4.sys
    11:35:47.0068 1732 SiSRaid4 - ok
    11:35:47.0162 1732 Smb (3e21c083b8a01cb70ba1f09303010fce) C:\Windows\system32\DRIVERS\smb.sys
    11:35:47.0162 1732 Smb - ok
    11:35:47.0396 1732 spldr (95cf1ae7527fb70f7816563cbc09d942) C:\Windows\system32\drivers\spldr.sys
    11:35:47.0396 1732 spldr - ok
    11:35:48.0348 1732 srv (c4a027b8c0bd3fc0699f41fa5e9e0c87) C:\Windows\system32\DRIVERS\srv.sys
    11:35:48.0348 1732 srv - ok
    11:35:48.0441 1732 srv2 (414bb592cad8a79649d01f9d94318fb3) C:\Windows\system32\DRIVERS\srv2.sys
    11:35:48.0441 1732 srv2 - ok
    11:35:48.0519 1732 srvnet (ff207d67700aa18242aaf985d3e7d8f4) C:\Windows\system32\DRIVERS\srvnet.sys
    11:35:48.0519 1732 srvnet - ok
    11:35:48.0894 1732 sscdbus (d5dffeaa1e15d4effabb9d9a3068ac5b) C:\Windows\system32\DRIVERS\sscdbus.sys
    11:35:48.0894 1732 sscdbus - ok
    11:35:49.0081 1732 sscdmdfl (8a1be0c347814f482f493aea619d57f6) C:\Windows\system32\DRIVERS\sscdmdfl.sys
    11:35:49.0081 1732 sscdmdfl - ok
    11:35:49.0330 1732 sscdmdm (5ab0b1987f682a59b15b78f84c6ad7d0) C:\Windows\system32\DRIVERS\sscdmdm.sys
    11:35:49.0330 1732 sscdmdm - ok
    11:35:49.0518 1732 sscdserd (751e66eb32efa80633b80f5d7ff0a1d8) C:\Windows\system32\DRIVERS\sscdserd.sys
    11:35:49.0518 1732 sscdserd - ok
    11:35:49.0908 1732 stexstor (db32d325c192b801df274bfd12a7e72b) C:\Windows\system32\DRIVERS\stexstor.sys
    11:35:49.0908 1732 stexstor - ok
    11:35:49.0986 1732 swenum (e58c78a848add9610a4db6d214af5224) C:\Windows\system32\DRIVERS\swenum.sys
    11:35:49.0986 1732 swenum - ok
    11:35:50.0313 1732 Tcpip (56c198ac82efa622dd93e9e43575f79c) C:\Windows\system32\drivers\tcpip.sys
    11:35:50.0344 1732 Tcpip - ok
    11:35:50.0656 1732 TCPIP6 (56c198ac82efa622dd93e9e43575f79c) C:\Windows\system32\DRIVERS\tcpip.sys
    11:35:50.0672 1732 TCPIP6 - ok
    11:35:50.0828 1732 tcpipreg (e64444523add154f86567c469bc0b17f) C:\Windows\system32\drivers\tcpipreg.sys
    11:35:50.0828 1732 tcpipreg - ok
    11:35:50.0922 1732 TDPIPE (1875c1490d99e70e449e3afae9fcbadf) C:\Windows\system32\drivers\tdpipe.sys
    11:35:50.0922 1732 TDPIPE - ok
    11:35:50.0984 1732 TDTCP (7551e91ea999ee9a8e9c331d5a9c31f3) C:\Windows\system32\drivers\tdtcp.sys
    11:35:50.0984 1732 TDTCP - ok
    11:35:51.0062 1732 tdx (cb39e896a2a83702d1737bfd402b3542) C:\Windows\system32\DRIVERS\tdx.sys
    11:35:51.0062 1732 tdx - ok
    11:35:51.0124 1732 TermDD (c36f41ee20e6999dbf4b0425963268a5) C:\Windows\system32\DRIVERS\termdd.sys
    11:35:51.0124 1732 TermDD - ok
    11:35:51.0358 1732 tmactmon (ca9e9c2c04a198ed345c1752222a5f3e) C:\Windows\system32\DRIVERS\tmactmon.sys
    11:35:51.0358 1732 tmactmon - ok
    11:35:52.0060 1732 tmcomm (a31246180e61140ad7ff9dd7edf1f6a1) C:\Windows\system32\DRIVERS\tmcomm.sys
    11:35:52.0076 1732 tmcomm - ok
    11:35:52.0185 1732 tmevtmgr (21f215e54770c4bf93efaf63f58fe57e) C:\Windows\system32\DRIVERS\tmevtmgr.sys
    11:35:52.0185 1732 tmevtmgr - ok
    11:35:52.0232 1732 TmFilter (1d84c335eb869bbe64543c6945a1f3c9) c:\Program Files\Trend Micro\Client Server Security Agent\TmXPFlt.sys
    11:35:52.0232 1732 TmFilter - ok
    11:35:52.0310 1732 tmlwf (4e87d02e56e9b1af831c5d521597d629) C:\Windows\system32\DRIVERS\tmlwf.sys
    11:35:52.0310 1732 tmlwf - ok
    11:35:52.0357 1732 TmPreFilter (7aab3fef8b19ae023ee05386f1b0a5dd) c:\Program Files\Trend Micro\Client Server Security Agent\TmPreFlt.sys
    11:35:52.0372 1732 TmPreFilter - ok
    11:35:52.0435 1732 tmtdi (44c262c1b2412ded35078b6166d2acc2) C:\Windows\system32\DRIVERS\tmtdi.sys
    11:35:52.0435 1732 tmtdi - ok
    11:35:52.0544 1732 tmwfp (d9882fd91b7c4c35acaa8498d1f3cd68) C:\Windows\system32\DRIVERS\tmwfp.sys
    11:35:52.0544 1732 tmwfp - ok
    11:35:52.0622 1732 tssecsrv (98ae6fa07d12cb4ec5cf4a9bfa5f4242) C:\Windows\system32\DRIVERS\tssecsrv.sys
    11:35:52.0622 1732 tssecsrv - ok
    11:35:52.0747 1732 tunnel (3e461d890a97f9d4c168f5fda36e1d00) C:\Windows\system32\DRIVERS\tunnel.sys
    11:35:52.0747 1732 tunnel - ok
    11:35:52.0809 1732 uagp35 (750fbcb269f4d7dd2e420c56b795db6d) C:\Windows\system32\DRIVERS\uagp35.sys
    11:35:52.0809 1732 uagp35 - ok
    11:35:52.0887 1732 udfs (eb0a7bd4d471ac3ce55564a4c55b9d8e) C:\Windows\system32\DRIVERS\udfs.sys
    11:35:52.0887 1732 udfs - ok
    11:35:52.0981 1732 uliagpkx (44e8048ace47befbfdc2e9be4cbc8880) C:\Windows\system32\DRIVERS\uliagpkx.sys
    11:35:52.0996 1732 uliagpkx - ok
    11:35:53.0074 1732 umbus (049b3a50b3d646baeeee9eec9b0668dc) C:\Windows\system32\DRIVERS\umbus.sys
    11:35:53.0074 1732 umbus - ok
    11:35:53.0152 1732 UmPass (7550ad0c6998ba1cb4843e920ee0feac) C:\Windows\system32\DRIVERS\umpass.sys
    11:35:53.0152 1732 UmPass - ok
    11:35:53.0262 1732 usbccgp (5c233aefb566ee78c1efbc0493fb066a) C:\Windows\system32\DRIVERS\usbccgp.sys
    11:35:53.0262 1732 usbccgp - ok
    11:35:53.0371 1732 usbcir (04ec7cec62ec3b6d9354eee93327fc82) C:\Windows\system32\DRIVERS\usbcir.sys
    11:35:53.0371 1732 usbcir - ok
    11:35:53.0620 1732 usbehci (5b71019a6aca0116fd21b368f19c0b91) C:\Windows\system32\DRIVERS\usbehci.sys
    11:35:53.0620 1732 usbehci - ok
    11:35:53.0714 1732 usbhub (5823d3965c2a4f6f785ed1a3b403f3b8) C:\Windows\system32\DRIVERS\usbhub.sys
    11:35:53.0714 1732 usbhub - ok
    11:35:53.0854 1732 usbohci (e753ed6c49da13967ebabf9ea616454a) C:\Windows\system32\drivers\usbohci.sys
    11:35:53.0854 1732 usbohci - ok
    11:35:53.0979 1732 usbprint (797d862fe0875e75c7cc4c1ad7b30252) C:\Windows\system32\DRIVERS\usbprint.sys
    11:35:53.0979 1732 usbprint - ok
    11:35:54.0073 1732 usbscan (576096ccbc07e7c4ea4f5e6686d6888f) C:\Windows\system32\DRIVERS\usbscan.sys
    11:35:54.0073 1732 usbscan - ok
    11:35:54.0166 1732 USBSTOR (1c4287739a93594e57e2a9e6a3ed7353) C:\Windows\system32\DRIVERS\USBSTOR.SYS
    11:35:54.0166 1732 USBSTOR - ok
    11:35:54.0244 1732 usbuhci (6a30928a469ce802600e1ea8c0f2f53f) C:\Windows\system32\DRIVERS\usbuhci.sys
    11:35:54.0244 1732 usbuhci - ok
    11:35:54.0400 1732 vdrvroot (a059c4c3edb09e07d21a8e5c0aabd3cb) C:\Windows\system32\DRIVERS\vdrvroot.sys
    11:35:54.0400 1732 vdrvroot - ok
    11:35:54.0603 1732 vga (17c408214ea61696cec9c66e388b14f3) C:\Windows\system32\DRIVERS\vgapnp.sys
    11:35:54.0603 1732 vga - ok
    11:35:54.0681 1732 VgaSave (8e38096ad5c8570a6f1570a61e251561) C:\Windows\System32\drivers\vga.sys
    11:35:54.0681 1732 VgaSave - ok
    11:35:54.0744 1732 vhdmp (3be6e1f3a4f1afec8cee0d7883f93583) C:\Windows\system32\DRIVERS\vhdmp.sys
    11:35:54.0759 1732 vhdmp - ok
    11:35:54.0900 1732 viaagp (c829317a37b4bea8f39735d4b076e923) C:\Windows\system32\DRIVERS\viaagp.sys
    11:35:54.0900 1732 viaagp - ok
    11:35:54.0978 1732 ViaC7 (e02f079a6aa107f06b16549c6e5c7b74) C:\Windows\system32\DRIVERS\viac7.sys
    11:35:54.0978 1732 ViaC7 - ok
    11:35:55.0040 1732 viaide (e43574f6a56a0ee11809b48c09e4fd3c) C:\Windows\system32\DRIVERS\viaide.sys
    11:35:55.0040 1732 viaide - ok
    11:35:55.0352 1732 volmgr (384e5a2aa49934295171e499f86ba6f3) C:\Windows\system32\DRIVERS\volmgr.sys
    11:35:55.0368 1732 volmgr - ok
    11:35:55.0508 1732 volmgrx (b5bb72067ddddbbfb04b2f89ff8c3c87) C:\Windows\system32\drivers\volmgrx.sys
    11:35:55.0508 1732 volmgrx - ok
    11:35:55.0851 1732 volsnap (58df9d2481a56edde167e51b334d44fd) C:\Windows\system32\DRIVERS\volsnap.sys
    11:35:55.0851 1732 volsnap - ok
    11:35:55.0929 1732 VSApiNt (8b9325c1d1167a703042986df758d799) c:\Program Files\Trend Micro\Client Server Security Agent\VSApiNt.sys
    11:35:55.0945 1732 VSApiNt - ok
    11:35:56.0070 1732 vsmraid (9dfa0cc2f8855a04816729651175b631) C:\Windows\system32\DRIVERS\vsmraid.sys
    11:35:56.0070 1732 vsmraid - ok
    11:35:56.0241 1732 vwifibus (90567b1e658001e79d7c8bbd3dde5aa6) C:\Windows\System32\drivers\vwifibus.sys
    11:35:56.0241 1732 vwifibus - ok
    11:35:56.0288 1732 WacomPen (de3721e89c653aa281428c8a69745d90) C:\Windows\system32\DRIVERS\wacompen.sys
    11:35:56.0288 1732 WacomPen - ok
    11:35:56.0366 1732 WANARP (692a712062146e96d28ba0b7d75de31b) C:\Windows\system32\DRIVERS\wanarp.sys
    11:35:56.0366 1732 WANARP - ok
    11:35:56.0382 1732 Wanarpv6 (692a712062146e96d28ba0b7d75de31b) C:\Windows\system32\DRIVERS\wanarp.sys
    11:35:56.0382 1732 Wanarpv6 - ok
    11:35:56.0506 1732 Wd (1112a9badacb47b7c0bb0392e3158dff) C:\Windows\system32\DRIVERS\wd.sys
    11:35:56.0506 1732 Wd - ok
    11:35:56.0662 1732 Wdf01000 (9950e3d0f08141c7e89e64456ae7dc73) C:\Windows\system32\drivers\Wdf01000.sys
    11:35:56.0678 1732 Wdf01000 - ok
    11:35:56.0865 1732 WfpLwf (8b9a943f3b53861f2bfaf6c186168f79) C:\Windows\system32\DRIVERS\wfplwf.sys
    11:35:56.0865 1732 WfpLwf - ok
    11:35:56.0928 1732 WIMMount (5cf95b35e59e2a38023836fff31be64c) C:\Windows\system32\drivers\wimmount.sys
    11:35:56.0928 1732 WIMMount - ok
    11:35:56.0974 1732 winachsf (8b976d4ca270110111df4f313da0e6e8) C:\Windows\system32\DRIVERS\HSX_CNXT.sys
    11:35:56.0974 1732 winachsf - ok
    11:35:57.0146 1732 WinUsb (b5ba3cc19d00f2eba92f1cfbebb5d650) C:\Windows\system32\DRIVERS\WinUsb.sys
    11:35:57.0146 1732 WinUsb - ok
    11:35:57.0318 1732 WmiAcpi (0217679b8fca58714c3bf2726d2ca84e) C:\Windows\system32\DRIVERS\wmiacpi.sys
    11:35:57.0318 1732 WmiAcpi - ok
    11:35:57.0489 1732 ws2ifsl (6db3276587b853bf886b69528fdb048c) C:\Windows\system32\drivers\ws2ifsl.sys
    11:35:57.0489 1732 ws2ifsl - ok
    11:35:57.0598 1732 WudfPf (a52494b107afc92ddca21f0b64f83376) C:\Windows\system32\drivers\WudfPf.sys
    11:35:57.0598 1732 WudfPf - ok
    11:35:57.0676 1732 WUDFRd (90a541c607da0025ae75f0f3673945fe) C:\Windows\system32\DRIVERS\WUDFRd.sys
    11:35:57.0676 1732 WUDFRd - ok
    11:35:57.0754 1732 XAudio (894f963be999ba9db5aac3aed55b115d) C:\Windows\system32\DRIVERS\XAudio32.sys
    11:35:57.0754 1732 XAudio - ok
    11:35:57.0786 1732 MBR (0x1B8) (ae8fa489bdbabb7f15572f885c9ff9ae) \Device\Harddisk0\DR0
    11:35:57.0957 1732 \Device\Harddisk0\DR0 ( Rootkit.Boot.Pihar.b ) - infected
    11:35:57.0957 1732 \Device\Harddisk0\DR0 - detected Rootkit.Boot.Pihar.b (0)
    11:35:58.0004 1732 Boot (0x1200) (79e4795f4801e1263b5e55f9d1f254a6) \Device\Harddisk0\DR0\Partition0
    11:35:58.0004 1732 \Device\Harddisk0\DR0\Partition0 - ok
    11:35:58.0020 1732 Boot (0x1200) (285251a26d3ce7351a367df76d8dded3) \Device\Harddisk0\DR0\Partition1
    11:35:58.0020 1732 \Device\Harddisk0\DR0\Partition1 - ok
    11:35:58.0020 1732 ============================================================
    11:35:58.0020 1732 Scan finished
    11:35:58.0020 1732 ============================================================
    11:35:58.0035 1724 Detected object count: 1
    11:35:58.0035 1724 Actual detected object count: 1
    11:36:11.0607 1724 \Device\Harddisk0\DR0\# - copied to quarantine
    11:36:11.0607 1724 \Device\Harddisk0\DR0 - copied to quarantine
    11:36:11.0982 1724 \Device\Harddisk0\DR0\TDLFS\phm - copied to quarantine
    11:36:11.0997 1724 \Device\Harddisk0\DR0\TDLFS\ph.dll - copied to quarantine
    11:36:11.0997 1724 \Device\Harddisk0\DR0\TDLFS\phx.dll - copied to quarantine
    11:36:11.0997 1724 \Device\Harddisk0\DR0\TDLFS\xh.dll - copied to quarantine
    11:36:12.0013 1724 \Device\Harddisk0\DR0\TDLFS\phd - copied to quarantine
    11:36:12.0013 1724 \Device\Harddisk0\DR0\TDLFS\phdx - copied to quarantine
    11:36:12.0621 1724 \Device\Harddisk0\DR0\TDLFS\phs - copied to quarantine
    11:36:12.0637 1724 \Device\Harddisk0\DR0\TDLFS\phdata - copied to quarantine
    11:36:12.0637 1724 \Device\Harddisk0\DR0\TDLFS\phld - copied to quarantine
    11:36:12.0637 1724 \Device\Harddisk0\DR0\TDLFS\phln - copied to quarantine
    11:36:12.0637 1724 \Device\Harddisk0\DR0\TDLFS\phlx - copied to quarantine
    11:36:13.0292 1724 \Device\Harddisk0\DR0 ( Rootkit.Boot.Pihar.b ) - will be cured on reboot
    11:36:13.0292 1724 \Device\Harddisk0\DR0 - ok
    11:36:13.0355 1724 \Device\Harddisk0\DR0 ( Rootkit.Boot.Pihar.b ) - User select action: Cure
  5. Broni

    Broni Malware Annihilator Posts: 46,177   +251

    Please observe forum's rules.
    All logs have to be pasted not attached.
    I need Attach.txt log not DDS.txt log which you posted already.
  6. reddog1992000

    reddog1992000 Newcomer, in training Topic Starter

    I apoligize for my misunderstanding. I'll have it posted tomorrow.
    BTW I truly appreciate your help! :)
  7. Broni

    Broni Malware Annihilator Posts: 46,177   +251

    No problem :)
  8. reddog1992000

    reddog1992000 Newcomer, in training Topic Starter

    DDS and Attach Logs

    Hi, I could not locate the attach log! I rescanned and am posting the logs here for DDS and Attach, I apologize my initial overlook of the attach log

    .
    DDS (Ver_2011-08-26.01) - NTFSx86
    Internet Explorer: 9.0.8112.16421
    Run by Bertha at 13:20:03 on 2012-03-19
    Microsoft Windows 7 Home Premium 6.1.7600.0.1252.1.1033.18.3036.1493 [GMT -7:00]
    .
    AV: AVG Anti-Virus Free Edition 2012 *Enabled/Updated* {5A2746B1-DEE9-F85A-FBCD-ADB11639C5F0}
    SP: AVG Anti-Virus Free Edition 2012 *Enabled/Updated* {E146A755-F8D3-F7D4-C17D-96C36DBE8F4D}
    SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
    FW: Trend Micro Personal Firewall *Enabled* {70A91CD9-303D-A217-A80E-6DEE136EDB2B}
    .
    ============== Running Processes ===============
    .
    C:\PROGRA~1\AVG\AVG2012\avgrsx.exe
    C:\Program Files\AVG\AVG2012\avgcsrvx.exe
    C:\Windows\system32\wininit.exe
    C:\Windows\system32\lsm.exe
    C:\Windows\system32\svchost.exe -k DcomLaunch
    C:\Windows\system32\svchost.exe -k RPCSS
    C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
    C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
    C:\Windows\system32\svchost.exe -k netsvcs
    C:\Windows\system32\svchost.exe -k LocalService
    C:\Windows\system32\svchost.exe -k NetworkService
    C:\Windows\System32\spoolsv.exe
    C:\Windows\System32\svchost.exe -k LocalServiceAndNoImpersonation
    C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
    C:\Program Files\Dell\Dell Data Protection\Access\Advanced\Wave\Trusted Drive Manager\TdmService.exe
    C:\Program Files\AVG\AVG2012\avgwdsvc.exe
    C:\Windows\system32\svchost.exe -k HsfXAudioService
    C:\Program Files\Kodak\AiO\Center\EKAiOHostService.exe
    C:\Program Files\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe
    C:\Windows\System32\svchost.exe -k HPZ12
    c:\Program Files\Trend Micro\Client Server Security Agent\ntrtscan.exe
    C:\Windows\System32\svchost.exe -k HPZ12
    C:\Program Files\Microsoft Application Virtualization Client\sftvsa.exe
    C:\Program Files\Microsoft SQL Server\90\Shared\sqlbrowser.exe
    C:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe
    C:\Program Files\Common Files\AVG Secure Search\vToolbarUpdater\10.2.0\ToolbarUpdater.exe
    C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
    C:\Program Files\Microsoft Application Virtualization Client\sftlist.exe
    C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
    C:\Program Files\AVG\AVG2012\avgnsx.exe
    c:\Program Files\Trend Micro\Client Server Security Agent\HostedAgent\svcGenericHost.exe
    c:\Program Files\Trend Micro\Client Server Security Agent\tmlisten.exe
    C:\Windows\system32\wbem\unsecapp.exe
    C:\Windows\system32\wbem\wmiprvse.exe
    c:\Program Files\Trend Micro\Client Server Security Agent\HostedAgent\HostedAgent.exe
    C:\Program Files\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE
    C:\Windows\system32\conhost.exe
    C:\Program Files\AVG\AVG2012\AVGIDSAgent.exe
    C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
    c:\Program Files\Trend Micro\BM\TMBMSRV.exe
    C:\Windows\system32\WUDFHost.exe
    C:\Windows\system32\SearchIndexer.exe
    C:\Program Files\Common Files\SPBA\upeksvr.exe
    c:\Program Files\Trend Micro\Client Server Security Agent\TmPfw.exe
    c:\Program Files\Trend Micro\Client Server Security Agent\CNTAoSMgr.exe
    C:\Windows\system32\conhost.exe
    C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe
    C:\Windows\system32\taskhost.exe
    C:\Windows\system32\Dwm.exe
    C:\Windows\Explorer.EXE
    C:\Program Files\Analog Devices\Core\smax4pnp.exe
    C:\Windows\System32\igfxtray.exe
    C:\Windows\System32\hkcmd.exe
    C:\Windows\System32\igfxpers.exe
    C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe
    C:\Program Files\CyberLink\PowerDVD9\PDVD9Serv.exe
    C:\Program Files\Roxio\OEM\Roxio Burn\RoxioBurnLauncher.exe
    C:\Program Files\Trend Micro\Client Server Security Agent\PccNTMon.exe
    C:\Program Files\Adobe\Acrobat 10.0\Acrobat\acrotray.exe
    C:\dell\DBRM\Reminder\DbrmTrayicon.exe
    C:\Program Files\Hewlett-Packard\HP PrecisionScan\PrecisionScan\HPLamp.exe
    C:\Windows\System32\spool\drivers\w32x86\3\EKAiO2MUI.exe
    C:\Program Files\AVG\AVG2012\avgtray.exe
    C:\Program Files\AVG Secure Search\vprot.exe
    C:\Program Files\The Weather Channel\The Weather Channel App\TWCApp.exe
    C:\Program Files\Digital Line Detect\DLG.exe
    C:\Windows\system32\svchost.exe -k imgsvc
    C:\Program Files\Windows Media Player\wmpnetwk.exe
    C:\Windows\system32\wuauclt.exe
    C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE
    C:\Program Files\Internet Explorer\iexplore.exe
    C:\Program Files\Internet Explorer\iexplore.exe
    C:\Windows\system32\Macromed\Flash\FlashUtil10p_ActiveX.exe
    C:\Program Files\Internet Explorer\iexplore.exe
    C:\Windows\system32\SearchProtocolHost.exe
    C:\Windows\system32\SearchFilterHost.exe
    C:\Windows\system32\DllHost.exe
    C:\Windows\system32\DllHost.exe
    C:\Windows\system32\conhost.exe
    .
    ============== Pseudo HJT Report ===============
    .
    uURLSearchHooks: N/A: {cc8ae5b8-005b-4b1a-a27d-307eddffe5c8} - c:\program files\recipehub_2j\bar\1.bin\2jSrcAs.dll
    BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll
    BHO: TmIEPlugInBHO Class: {1ca1377b-dc1d-4a52-9585-6e06050fac53} - c:\program files\trend micro\client server security agent\bho\1009\TmIEPlg.dll
    BHO: AVG Safe Search: {3ca2f312-6f6e-4b53-a66e-4e65e497c8c0} - c:\program files\avg\avg2012\avgssie.dll
    BHO: ALOT Appbar Helper: {85f5cf95-ec8f-49fc-bb3f-38c79455cba2} - c:\program files\alotappbar\bin\bho\ALOTHelperBHO.dll
    BHO: Windows Live ID Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - c:\program files\common files\microsoft shared\windows live\WindowsLiveLogin.dll
    BHO: AVG Security Toolbar: {95b7759c-8c7f-4bf1-b163-73684a933233} - c:\program files\avg secure search\10.2.0.3\AVG Secure Search_toolbar.dll
    BHO: Windows Live Messenger Companion Helper: {9fdde16b-836f-4806-ab1f-1455cbeff289} - c:\program files\windows live\companion\companioncore.dll
    BHO: Adobe PDF Conversion Toolbar Helper: {ae7cd045-e861-484f-8273-0445ee161910} - c:\program files\common files\adobe\acrobat\activex\AcroIEFavClient.dll
    BHO: Office Document Cache Handler: {b4f3a835-0e21-4959-ba22-42b3008e02ff} - c:\progra~1\micros~4\office14\URLREDIR.DLL
    BHO: Dogpile Bundle Toolbar BHO: {bfe4b5cb-63f7-4a51-9266-6167655d5b4f} - c:\program files\dogpile bundle toolbar\Toolbar.dll
    BHO: Inbox Toolbar: {d3d233d5-9f6d-436c-b6c7-e63f77503b30} - c:\progra~1\inboxt~1\Inbox.dll
    BHO: Java(tm) Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
    BHO: SmartSelect Class: {f4971ee7-daa0-4053-9964-665d8ee6a077} - c:\program files\common files\adobe\acrobat\activex\AcroIEFavClient.dll
    TB: Adobe PDF: {47833539-d0c5-4125-9fa8-0819e2eaac93} - c:\program files\common files\adobe\acrobat\activex\AcroIEFavClient.dll
    TB: Dogpile Bundle Toolbar: {c80bdeb2-8735-44c6-bd55-a1ccd555667a} - c:\program files\dogpile bundle toolbar\Toolbar.dll
    TB: ALOT Appbar: {a531d99c-5a22-449b-83da-872725c6d0ed} - c:\program files\alotappbar\bin\ALOTHelper.dll
    TB: Recipe Hub: {cf51de5b-eb36-4114-bb69-84df63fbadb4} - c:\program files\recipehub_2j\bar\1.bin\2jbar.dll
    TB: AVG Security Toolbar: {95b7759c-8c7f-4bf1-b163-73684a933233} - c:\program files\avg secure search\10.2.0.3\AVG Secure Search_toolbar.dll
    TB: &Inbox Toolbar: {d7e97865-918f-41e4-9cd0-25ab1c574ce8} - c:\progra~1\inboxt~1\Inbox.dll
    TB: {BF7380FA-E3B4-4DB2-AF3E-9D8783A45BFC} - No File
    TB: {D4027C7F-154A-4066-A1AD-4243D8127440} - No File
    {e7df6bff-55a5-4eb7-a673-4ed3e9456d39}
    uRun: [DW6] "c:\program files\the weather channel fw\desktop\DesktopWeather.exe"
    uRun: [DW7] "c:\program files\the weather channel\the weather channel app\TWCApp.exe"
    mRun: [SoundMAXPnP] c:\program files\analog devices\core\smax4pnp.exe
    mRun: [IgfxTray] c:\windows\system32\igfxtray.exe
    mRun: [HotKeysCmds] c:\windows\system32\hkcmd.exe
    mRun: [Persistence] c:\windows\system32\igfxpers.exe
    mRun: [IAStorIcon] c:\program files\intel\intel(r) rapid storage technology\IAStorIcon.exe
    mRun: [RemoteControl9] "c:\program files\cyberlink\powerdvd9\PDVD9Serv.exe"
    mRun: [PDVD9LanguageShortcut] "c:\program files\cyberlink\powerdvd9\language\Language.exe"
    mRun: [RoxWatchTray] "c:\program files\common files\roxio shared\oem\12.0\sharedcom\RoxWatchTray12OEM.exe"
    mRun: [Desktop Disc Tool] "c:\program files\roxio\oem\roxio burn\RoxioBurnLauncher.exe"
    mRun: [OfficeScanNT Monitor] "c:\program files\trend micro\client server security agent\pccntmon.exe" -HideWindow
    mRun: [Adobe ARM] "c:\program files\common files\adobe\arm\1.0\AdobeARM.exe"
    mRun: [Adobe Acrobat Speed Launcher] "c:\program files\adobe\acrobat 10.0\acrobat\Acrobat_sl.exe"
    mRun: [Acrobat Assistant 8.0] "c:\program files\adobe\acrobat 10.0\acrobat\Acrotray.exe"
    mRun: [DBRMTray] c:\dell\dbrm\reminder\DbrmTrayIcon.exe
    mRun: [BCSSync] "c:\program files\microsoft office\office14\BCSSync.exe" /DelayServices
    mRun: [hpsjbmgr] c:\program files\hewlett-packard\hp precisionscan\precisionscan\hpsjbmgr.exe
    mRun: [HP Lamp] c:\program files\hewlett-packard\hp precisionscan\precisionscan\HPLamp.exe
    mRun: [Conime] %windir%\system32\conime.exe
    mRun: [EKAiO2StatusMonitor] c:\windows\system32\spool\drivers\w32x86\3\EKAiO2MUI.exe
    mRun: [AVG_TRAY] "c:\program files\avg\avg2012\avgtray.exe"
    mRun: [vProt] "c:\program files\avg secure search\vprot.exe"
    mRun: [ROC_roc_dec12] "c:\program files\avg secure search\ROC_roc_dec12.exe" /PROMPT /CMPID=roc_dec12
    mRun: [<NO NAME>]
    dRunOnce: [KodakHomeCenter] "c:\program files\kodak\aio\center\AiOHomeCenter.exe"
    StartupFolder: c:\progra~2\micros~1\windows\startm~1\programs\startup\digita~1.lnk - c:\program files\digital line detect\DLG.exe
    mPolicies-system: ConsentPromptBehaviorAdmin = 5 (0x5)
    mPolicies-system: ConsentPromptBehaviorUser = 3 (0x3)
    mPolicies-system: EnableUIADesktopToggle = 0 (0x0)
    mPolicies-system: DisableCAD = 1 (0x1)
    IE: Append Link Target to Existing PDF - c:\program files\common files\adobe\acrobat\activex\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
    IE: Append to Existing PDF - c:\program files\common files\adobe\acrobat\activex\AcroIEFavClient.dll/AcroIEAppend.html
    IE: Convert Link Target to Adobe PDF - c:\program files\common files\adobe\acrobat\activex\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
    IE: Convert to Adobe PDF - c:\program files\common files\adobe\acrobat\activex\AcroIEFavClient.dll/AcroIECapture.html
    IE: E&xport to Microsoft Excel - c:\progra~1\micros~4\office14\EXCEL.EXE/3000
    IE: Se&nd to OneNote - c:\progra~1\micros~4\office14\ONBttnIE.dll/105
    IE: {0000036B-C524-4050-81A0-243669A86B9F} - {B63DBA5F-523F-4B9C-A43D-65DF1977EAD3} - c:\program files\windows live\companion\companioncore.dll
    IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - c:\program files\windows live\writer\WriterBrowserExtension.dll
    IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - c:\program files\microsoft office\office14\ONBttnIE.dll
    IE: {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - {FFFDC614-B694-4AE6-AB38-5D6374584B52} - c:\program files\microsoft office\office14\ONBttnIELinkedNotes.dll
    IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~4\office12\REFIEBAR.DLL
    DPF: {17492023-C23A-453E-A040-C7C580BBF700} - hxxp://download.microsoft.com/download/E/5/6/E5611B10-0D6D-4117-8430-A67417AA88CD/LegitCheckControl.cab
    TCP: DhcpNameServer = 192.168.0.254
    TCP: Interfaces\{F1364B53-028A-497F-8521-A23C855D6DCC} : DhcpNameServer = 192.168.0.254
    Handler: inbox - {37540F19-DD4C-478B-B2DF-C19281BCAF27} - c:\progra~1\inboxt~1\Inbox.dll
    Handler: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - c:\program files\avg\avg2012\avgpp.dll
    Handler: tmpx - {0E526CB5-7446-41D1-A403-19BFE95E8C23} - c:\program files\trend micro\client server security agent\bho\1009\TmIEPlg.dll
    Handler: viprotocol - {B658800C-F66E-4EF3-AB85-6C0C227862A9} - c:\program files\common files\avg secure search\viprotocolinstaller\10.2.0\ViProtocol.dll
    Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - c:\program files\windows live\photo gallery\AlbumDownloadProtocolHandler.dll
    Notify: igfxcui - igfxdev.dll
    Notify: spba - c:\program files\common files\spba\homefus2.dll
    LSA: Authentication Packages = msv1_0 wvauth
    .
    ============= SERVICES / DRIVERS ===============
    .
    R0 AVGIDSEH;AVGIDSEH;c:\windows\system32\drivers\AVGIDSEH.sys [2011-7-11 23120]
    R0 Avgrkx86;AVG Anti-Rootkit Driver;c:\windows\system32\drivers\avgrkx86.sys [2011-9-13 32592]
    R1 Avgldx86;AVG AVI Loader Driver;c:\windows\system32\drivers\avgldx86.sys [2011-10-7 230608]
    R1 Avgmfx86;AVG Mini-Filter Resident Anti-Virus Shield;c:\windows\system32\drivers\avgmfx86.sys [2011-8-8 40016]
    R1 Avgtdix;AVG TDI Driver;c:\windows\system32\drivers\avgtdix.sys [2011-7-11 295248]
    R1 tmlwf;Trend Micro NDIS 6.0 Filter Driver;c:\windows\system32\drivers\tmlwf.sys [2009-7-15 146448]
    R2 AVGIDSAgent;AVGIDSAgent;c:\program files\avg\avg2012\AVGIDSAgent.exe [2011-10-12 4433248]
    R2 avgwd;AVG WatchDog;c:\program files\avg\avg2012\avgwdsvc.exe [2011-8-2 192776]
    R2 cvhsvc;Client Virtualization Handler;c:\program files\common files\microsoft shared\virtualization handler\CVHSVC.EXE [2012-1-4 822624]
    R2 HsfXAudioService;HsfXAudioService;c:\windows\system32\svchost.exe -k HsfXAudioService [2009-7-13 20992]
    R2 IAStorDataMgrSvc;Intel(R) Rapid Storage Technology;c:\program files\intel\intel(r) rapid storage technology\IAStorDataMgrSvc.exe [2011-4-4 13336]
    R2 Kodak AiO Network Discovery Service;Kodak AiO Network Discovery Service;c:\program files\kodak\aio\center\EKAiOHostService.exe [2011-12-19 394672]
    R2 MSSQL$CHURCHWINDOWS;SQL Server (CHURCHWINDOWS);c:\program files\microsoft sql server\mssql.1\mssql\binn\sqlservr.exe [2010-12-10 29293408]
    R2 sftlist;Application Virtualization Client;c:\program files\microsoft application virtualization client\sftlist.exe [2011-10-1 508776]
    R2 svcGenericHost;Trend Micro Client/Server Security Agent;c:\program files\trend micro\client server security agent\hostedagent\svcGenericHost.exe [2010-7-5 45056]
    R2 TmFilter;Trend Micro Filter;c:\program files\trend micro\client server security agent\TmXPFlt.sys [2010-5-10 230928]
    R2 TmPreFilter;Trend Micro PreFilter;c:\program files\trend micro\client server security agent\tmpreflt.sys [2010-5-10 36368]
    R2 tmwfp;Trend Micro WFP Callout Driver;c:\windows\system32\drivers\tmwfp.sys [2009-7-15 283152]
    R2 vToolbarUpdater10.2.0;vToolbarUpdater10.2.0;c:\program files\common files\avg secure search\vtoolbarupdater\10.2.0\ToolbarUpdater.exe [2012-3-12 918880]
    R3 AVGIDSDriver;AVGIDSDriver;c:\windows\system32\drivers\AVGIDSDriver.sys [2011-7-11 134736]
    R3 AVGIDSFilter;AVGIDSFilter;c:\windows\system32\drivers\AVGIDSFilter.sys [2011-7-11 24272]
    R3 AVGIDSShim;AVGIDSShim;c:\windows\system32\drivers\AVGIDSShim.sys [2011-10-4 16720]
    R3 e1kexpress;Intel(R) PRO/1000 PCI Express Network Connection Driver K;c:\windows\system32\drivers\e1k6232.sys [2011-4-5 224424]
    R3 osppsvc;Office Software Protection Platform;c:\program files\common files\microsoft shared\officesoftwareprotectionplatform\OSPPSVC.EXE [2010-1-9 4640000]
    R3 Sftfs;Sftfs;c:\windows\system32\drivers\Sftfslh.sys [2011-10-1 579944]
    R3 Sftplay;Sftplay;c:\windows\system32\drivers\Sftplaylh.sys [2011-10-1 194408]
    R3 Sftredir;Sftredir;c:\windows\system32\drivers\Sftredirlh.sys [2011-10-1 21864]
    R3 Sftvol;Sftvol;c:\windows\system32\drivers\Sftvollh.sys [2011-10-1 19304]
    R3 sftvsa;Application Virtualization Service Agent;c:\program files\microsoft application virtualization client\sftvsa.exe [2011-10-1 219496]
    R3 tmevtmgr;tmevtmgr;c:\windows\system32\drivers\tmevtmgr.sys --> c:\windows\system32\drivers\tmevtmgr.sys [?]
    R3 TmPfw;Trend Micro Client/Server Security Agent Personal Firewall;c:\program files\trend micro\client server security agent\TmPfw.exe [2009-7-15 497008]
    S0 epstwnt;epstwnt;c:\windows\system32\drivers\epstwnt.mpd [2011-6-30 84480]
    S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\microsoft.net\framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
    S2 RoxWatch12;Roxio Hard Drive Watcher 12;c:\program files\common files\roxio shared\oem\12.0\sharedcom\RoxWatch12OEM.exe [2010-11-25 219632]
    S2 SHARSHTL;Shuttle Sharer;c:\windows\system32\drivers\Sharshtl.sys [2011-6-30 18432]
    S3 b57nd60x;Broadcom NetXtreme Gigabit Ethernet - NDIS 6.0;c:\windows\system32\drivers\b57nd60x.sys [2009-7-13 229888]
    S3 RoxMediaDB12OEM;RoxMediaDB12OEM;c:\program files\common files\roxio shared\oem\12.0\sharedcom\RoxMediaDB12OEM.exe [2010-11-25 1116656]
    S3 TmProxy;Trend Micro Client/Server Security Agent Proxy Service;c:\program files\trend micro\client server security agent\TmProxy.exe [2009-7-15 689416]
    S3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\wat\WatAdminSvc.exe [2011-4-12 1343400]
    S4 wlcrasvc;Windows Live Mesh remote connections service;c:\program files\windows live\mesh\wlcrasvc.exe [2010-9-22 51040]
    .
    =============== Created Last 30 ================
    .
    2012-03-19 10:06:19 2341376 ----a-w- c:\windows\system32\win32k.sys
    2012-03-19 10:00:25 3971440 ----a-w- c:\windows\system32\ntkrnlpa.exe
    2012-03-19 10:00:25 3915632 ----a-w- c:\windows\system32\ntoskrnl.exe
    2012-03-18 18:36:10 -------- d-----w- C:\TDSSKiller_Quarantine
    2012-03-15 21:24:33 -------- d-----w- c:\users\bertha\appdata\roaming\Malwarebytes
    2012-03-15 21:24:26 -------- d-----w- c:\programdata\Malwarebytes
    2012-03-15 21:24:25 20464 ----a-w- c:\windows\system32\drivers\mbam.sys
    2012-03-15 21:24:25 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
    2012-03-06 18:26:53 -------- d-----w- c:\program files\The Weather Channel
    .
    ==================== Find3M ====================
    .
    2012-01-03 13:10:50 47512 ----a-w- c:\windows\system32\AdobePDF.dll
    2012-01-03 13:10:48 22936 ----a-w- c:\windows\system32\AdobePDFUI.dll
    .
    ============= FINISH: 13:20:50.36 ===============


    .
    UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
    IF REQUESTED, ZIP IT UP & ATTACH IT
    .
    DDS (Ver_2011-08-26.01)
    .
    Microsoft Windows 7 Home Premium
    Boot Device: \Device\HarddiskVolume2
    Install Date: 04/11/2011 10:51:40 AM
    System Uptime: 03/19/2012 3:22:22 AM (10 hours ago)
    .
    Motherboard: Dell Inc. | | 0200DY
    Processor: Intel(R) Core(TM)2 Duo CPU E7500 @ 2.93GHz | CPU | 2933/1066mhz
    .
    ==== Disk Partitions =========================
    .
    C: is FIXED (NTFS) - 220 GiB total, 161.563 GiB free.
    D: is CDROM ()
    E: is Removable
    F: is Removable
    G: is Removable
    H: is Removable
    I: is Removable
    .
    ==== Disabled Device Manager Items =============
    .
    ==== System Restore Points ===================
    .
    RP203: 03/18/2012 8:50:16 AM - Windows Update
    RP204: 03/19/2012 3:00:11 AM - Windows Update
    .
    ==== Installed Programs ======================
    .
    Update for Microsoft Office 2007 (KB2508958)
    µTorrent
    32 Bit HP CIO Components Installer
    Adobe Acrobat X Standard - English, Français, Deutsch
    Adobe Flash Player 10 ActiveX
    aioprnt
    aioscnnr
    ALOT Appbar
    AudibleManager
    AVG 2012
    BioAPI Framework
    C4USelfUpdater
    center
    Church Windows (C:\CW\)
    Church Windows Payroll (C:\CWPay\)
    Conexant D850 PCI V.92 Modem
    Custom
    CutePDF Writer 2.8
    CyberLink PowerDVD 9.5
    D3DX10
    Definition Update for Microsoft Office 2010 (KB982726) 32-Bit Edition
    Dell Backup and Recovery Manager
    Dell Data Protection | Access
    Dell Data Protection | Access | Drivers
    Dell Data Protection | Access | Middleware
    Dell Edoc Viewer
    DellAccess
    Digital Line Detect
    DirectX 9 Runtime
    Dogpile Bundle Toolbar
    EMBASSY Security Center
    essentials
    FastStone Image Viewer 4.6
    Gemalto
    HP PrecisionScan
    Inbox Toolbar
    Intel(R) Control Center
    Intel(R) Graphics Media Accelerator Driver
    Intel(R) Network Connections 15.2.89.0
    Intel(R) Rapid Storage Technology
    Junk Mail filter update
    K-Lite Codec Pack 7.0.0 (Standard)
    Kodak AIO Printer
    KODAK AiO Software
    LivingPlay
    Malwarebytes Anti-Malware version 1.60.1.1000
    MDIConverter 3.0
    MDIViewer 3.0
    Mesh Runtime
    Messenger Companion
    Microsoft .NET Framework 4 Client Profile
    Microsoft .NET Framework 4 Extended
    Microsoft Application Error Reporting
    Microsoft Office 2007 Service Pack 2 (SP2)
    Microsoft Office 2010 Service Pack 1 (SP1)
    Microsoft Office Access MUI (English) 2010
    Microsoft Office Access Setup Metadata MUI (English) 2010
    Microsoft Office Click-to-Run 2010
    Microsoft Office Excel MUI (English) 2010
    Microsoft Office Home and Student 2010
    Microsoft Office OneNote MUI (English) 2010
    Microsoft Office Outlook 2010
    Microsoft Office Outlook MUI (English) 2010
    Microsoft Office PowerPoint MUI (English) 2010
    Microsoft Office Proof (English) 2007
    Microsoft Office Proof (English) 2010
    Microsoft Office Proof (French) 2007
    Microsoft Office Proof (French) 2010
    Microsoft Office Proof (Spanish) 2007
    Microsoft Office Proof (Spanish) 2010
    Microsoft Office Proofing (English) 2007
    Microsoft Office Proofing (English) 2010
    Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
    Microsoft Office Publisher 2010
    Microsoft Office Publisher MUI (English) 2010
    Microsoft Office Shared MUI (English) 2007
    Microsoft Office Shared MUI (English) 2010
    Microsoft Office Shared Setup Metadata MUI (English) 2007
    Microsoft Office Shared Setup Metadata MUI (English) 2010
    Microsoft Office SharePoint Designer 2007
    Microsoft Office SharePoint Designer 2007 Service Pack 2 (SP2)
    Microsoft Office SharePoint Designer MUI (English) 2007
    Microsoft Office Single Image 2010
    Microsoft Office Word MUI (English) 2010
    Microsoft Outlook 2010
    Microsoft Publisher 2010
    Microsoft Silverlight
    Microsoft SQL Server 2005
    Microsoft SQL Server 2005 Compact Edition [ENU]
    Microsoft SQL Server 2005 Express Edition (CHURCHWINDOWS)
    Microsoft SQL Server Native Client
    Microsoft SQL Server Setup Support Files (English)
    Microsoft SQL Server VSS Writer
    Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
    Microsoft Visual C++ 2005 Redistributable
    Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148
    Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570
    Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022
    Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
    Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
    Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
    Modem Diagnostic Tool
    MSVCRT
    MSXML 4.0 SP2 (KB954430)
    MSXML 4.0 SP2 (KB973688)
    Netwaiting
    NTRU TCG Software Stack
    ocr
    Open Freely
    PC-CCID
    PhotoShowExpress
    Preboot Manager
    PreReq
    Private Information Manager
    Roxio Activation Module
    Roxio BackOnTrack
    Roxio Burn
    Roxio Creator Starter
    Roxio Express Labeler 3
    Roxio File Backup
    Security Update for 2007 Microsoft Office System (KB2288621)
    Security Update for 2007 Microsoft Office System (KB2288931)
    Security Update for 2007 Microsoft Office System (KB2345043)
    Security Update for 2007 Microsoft Office System (KB2553089)
    Security Update for 2007 Microsoft Office System (KB2553090)
    Security Update for 2007 Microsoft Office System (KB2584063)
    Security Update for 2007 Microsoft Office System (KB969559)
    Security Update for 2007 Microsoft Office System (KB976321)
    Security Update for Microsoft .NET Framework 4 Client Profile (KB2446708)
    Security Update for Microsoft .NET Framework 4 Client Profile (KB2478663)
    Security Update for Microsoft .NET Framework 4 Client Profile (KB2518870)
    Security Update for Microsoft .NET Framework 4 Client Profile (KB2539636)
    Security Update for Microsoft .NET Framework 4 Client Profile (KB2572078)
    Security Update for Microsoft .NET Framework 4 Client Profile (KB2633870)
    Security Update for Microsoft .NET Framework 4 Client Profile (KB2656351)
    Security Update for Microsoft .NET Framework 4 Extended (KB2487367)
    Security Update for Microsoft .NET Framework 4 Extended (KB2656351)
    Security Update for Microsoft Office 2007 suites (KB2596785) 32-Bit Edition
    Security Update for Microsoft Office 2010 (KB2553091)
    Security Update for Microsoft Office 2010 (KB2553096)
    Security Update for Microsoft Office 2010 (KB2589320) 32-Bit Edition
    Security Update for Microsoft Office system 2007 (972581)
    Security Update for Microsoft Office system 2007 (KB974234)
    Security Update for Microsoft PowerPoint 2010 (KB2553185) 32-Bit Edition
    Security Update for Microsoft Visio Viewer 2010 (KB2597170) 32-Bit Edition
    Sonic CinePlayer Decoder Pack
    SPBA 5.9
    The Weather Channel App
    The Weather Channel Desktop 6
    Trend Micro Client/Server Security Agent
    Trusted Drive Manager
    Update for 2007 Microsoft Office System (KB967642)
    Update for Microsoft .NET Framework 4 Client Profile (KB2468871)
    Update for Microsoft .NET Framework 4 Client Profile (KB2533523)
    Update for Microsoft .NET Framework 4 Extended (KB2468871)
    Update for Microsoft .NET Framework 4 Extended (KB2533523)
    Update for Microsoft Excel 2010 (KB2553439) 32-Bit Edition
    Update for Microsoft Office 2007 Help for Common Features (KB963673)
    Update for Microsoft Office 2007 System (KB2539530)
    Update for Microsoft Office 2010 (KB2494150)
    Update for Microsoft Office 2010 (KB2553065)
    Update for Microsoft Office 2010 (KB2553181) 32-Bit Edition
    Update for Microsoft Office 2010 (KB2553270) 32-Bit Edition
    Update for Microsoft Office 2010 (KB2553310) 32-Bit Edition
    Update for Microsoft Office 2010 (KB2553385) 32-Bit Edition
    Update for Microsoft Office 2010 (KB2566458)
    Update for Microsoft Office 2010 (KB2596964) 32-Bit Edition
    Update for Microsoft Office 2010 (KB2597091) 32-Bit Edition
    Update for Microsoft Office Script Editor Help (KB963671)
    Update for Microsoft Office Sharepoint Designer 2007 Help (KB963675)
    Update for Microsoft OneNote 2010 (KB2553290) 32-Bit Edition
    Update for Microsoft Outlook 2010 (KB2553323) 32-Bit Edition
    Update for Microsoft Outlook Social Connector (KB2583935)
    Upek Touchchip Fingerprint Reader
    Wave Infrastructure Installer
    Wave Support Software Installer
    Windows Driver Package - Dell Inc. PBADRV System (09/11/2009 1.0.1.6)
    Windows Live Communications Platform
    Windows Live Essentials
    Windows Live ID Sign-in Assistant
    Windows Live Installer
    Windows Live Mail
    Windows Live Mesh
    Windows Live Mesh ActiveX Control for Remote Connections
    Windows Live Messenger
    Windows Live Messenger Companion Core
    Windows Live MIME IFilter
    Windows Live Movie Maker
    Windows Live Photo Common
    Windows Live Photo Gallery
    Windows Live PIMT Platform
    Windows Live Remote Client
    Windows Live Remote Client Resources
    Windows Live Remote Service
    Windows Live Remote Service Resources
    Windows Live SOXE
    Windows Live SOXE Definitions
    Windows Live UX Platform
    Windows Live UX Platform Language Pack
    Windows Live Writer
    Windows Live Writer Resources
    .
    ==== Event Viewer Messages From Past Week ========
    .
    03/19/2012 3:23:48 AM, Error: Microsoft-Windows-DNS-Client [1012] - There was an error while attempting to read the local hosts file.
    03/19/2012 3:23:22 AM, Error: Service Control Manager [7001] - The NTRU TSS v1.2.1.34 TCS service depends on the TPM Base Services service which failed to start because of the following error: The operation completed successfully.
    03/18/2012 8:53:45 AM, Error: Microsoft-Windows-WindowsUpdateClient [20] - Installation Failure: Windows failed to install the following update with error 0x80070643: Update for Windows 7 (KB2639308).
    03/18/2012 8:46:44 AM, Error: Service Control Manager [7022] - The Application Virtualization Client service hung on starting.
    03/18/2012 8:46:44 AM, Error: Service Control Manager [7001] - The Client Virtualization Handler service depends on the Application Virtualization Client service which failed to start because of the following error: After starting, the service hung in a start-pending state.
    03/18/2012 11:35:09 AM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service TdmService with arguments "" in order to run the server: {285E95B2-ACD5-4405-8D24-2D73E65DD047}
    03/18/2012 11:35:04 AM, Error: Service Control Manager [7001] - The Network List Service service depends on the Network Location Awareness service which failed to start because of the following error: The dependency service or group failed to start.
    03/18/2012 11:35:01 AM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service WSearch with arguments "" in order to run the server: {7D096C5F-AC08-4F1F-BEB7-5C22C517CE39}
    03/18/2012 11:35:01 AM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1068" attempting to start the service netprofm with arguments "" in order to run the server: {A47979D2-C419-11D9-A5B4-001185AD2B89}
    03/18/2012 11:35:01 AM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1068" attempting to start the service netman with arguments "" in order to run the server: {BA126AD1-2166-11D1-B1D0-00805FC1270E}
    03/18/2012 11:35:00 AM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service WSearch with arguments "" in order to run the server: {9E175B6D-F52A-11D8-B9A5-505054503030}
    03/18/2012 11:34:59 AM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service EventSystem with arguments "" in order to run the server: {1BE1F766-5536-11D1-B726-00C04FB926AF}
    03/18/2012 11:34:48 AM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service ShellHWDetection with arguments "" in order to run the server: {DD522ACC-F821-461A-A407-50B198B896DC}
    03/18/2012 11:34:41 AM, Error: Service Control Manager [7026] - The following boot-start or system-start driver(s) failed to load: AFD Avgldx86 Avgmfx86 Avgtdix DfsC discache NetBIOS NetBT nsiproxy Psched rdbss spldr tdx tmlwf tmtdi Wanarpv6 WfpLwf
    03/18/2012 11:34:41 AM, Error: Service Control Manager [7001] - The Workstation service depends on the Network Store Interface Service service which failed to start because of the following error: The dependency service or group failed to start.
    03/18/2012 11:34:41 AM, Error: Service Control Manager [7001] - The Trend Micro Client/Server Security Agent service depends on the Network Connections service which failed to start because of the following error: The dependency service or group failed to start.
    03/18/2012 11:34:41 AM, Error: Service Control Manager [7001] - The Trend Micro Client/Server Security Agent Listener service depends on the Network Connections service which failed to start because of the following error: The dependency service or group failed to start.
    03/18/2012 11:34:41 AM, Error: Service Control Manager [7001] - The TCP/IP NetBIOS Helper service depends on the Ancillary Function Driver for Winsock service which failed to start because of the following error: A device attached to the system is not functioning.
    03/18/2012 11:34:41 AM, Error: Service Control Manager [7001] - The SMB MiniRedirector Wrapper and Engine service depends on the Redirected Buffering Sub Sysytem service which failed to start because of the following error: A device attached to the system is not functioning.
    03/18/2012 11:34:41 AM, Error: Service Control Manager [7001] - The SMB 2.0 MiniRedirector service depends on the SMB MiniRedirector Wrapper and Engine service which failed to start because of the following error: The dependency service or group failed to start.
    03/18/2012 11:34:41 AM, Error: Service Control Manager [7001] - The SMB 1.x MiniRedirector service depends on the SMB MiniRedirector Wrapper and Engine service which failed to start because of the following error: The dependency service or group failed to start.
    03/18/2012 11:34:41 AM, Error: Service Control Manager [7001] - The Network Store Interface Service service depends on the NSI proxy service driver. service which failed to start because of the following error: A device attached to the system is not functioning.
    03/18/2012 11:34:41 AM, Error: Service Control Manager [7001] - The Network Location Awareness service depends on the Network Store Interface Service service which failed to start because of the following error: The dependency service or group failed to start.
    03/18/2012 11:34:41 AM, Error: Service Control Manager [7001] - The Network Connections service depends on the Network Store Interface Service service which failed to start because of the following error: The dependency service or group failed to start.
    03/18/2012 11:34:41 AM, Error: Service Control Manager [7001] - The IP Helper service depends on the Network Store Interface Service service which failed to start because of the following error: The dependency service or group failed to start.
    03/18/2012 11:34:41 AM, Error: Service Control Manager [7001] - The DNS Client service depends on the NetIO Legacy TDI Support Driver service which failed to start because of the following error: A device attached to the system is not functioning.
    03/18/2012 11:34:41 AM, Error: Service Control Manager [7001] - The DHCP Client service depends on the Ancillary Function Driver for Winsock service which failed to start because of the following error: A device attached to the system is not functioning.
    03/18/2012 11:34:41 AM, Error: Service Control Manager [7001] - The Client Virtualization Handler service depends on the Application Virtualization Client service which failed to start because of the following error: The dependency service or group failed to start.
    03/18/2012 11:33:20 AM, Error: Service Control Manager [7043] - The Group Policy Client service did not shut down properly after receiving a preshutdown control.
    03/18/2012 11:32:47 AM, Error: Service Control Manager [7043] - The Windows Update service did not shut down properly after receiving a preshutdown control.
    03/18/2012 11:32:10 AM, Error: Service Control Manager [7000] - The Multimedia Class Scheduler service failed to start due to the following error: A thread could not be created for the service.
    03/18/2012 11:31:25 AM, Error: Service Control Manager [7000] - The Application Experience service failed to start due to the following error: A thread could not be created for the service.
    03/18/2012 11:30:31 AM, Error: Service Control Manager [7000] - The Application Information service failed to start due to the following error: A thread could not be created for the service.
    03/16/2012 9:42:04 AM, Error: Disk [11] - The driver detected a controller error on \Device\Harddisk6\DR6.
    03/16/2012 9:41:38 AM, Error: Microsoft-Windows-WMPNSS-Service [14332] - Service 'WMPNetworkSvc' did not start correctly because CoCreateInstance(CLSID_UPnPDeviceFinder) encountered error '0x80004005'. Verify that the UPnPHost service is running and that the UPnPHost component of Windows is installed properly.
    03/16/2012 9:40:31 AM, Error: Microsoft-Windows-WER-SystemErrorReporting [1001] - The computer has rebooted from a bugcheck. The bugcheck was: 0x00000050 (0x9b9c5000, 0x00000000, 0x82a5c343, 0x00000000). A dump was saved in: C:\Windows\MEMORY.DMP. Report Id: 031612-33259-01.
    03/16/2012 11:17:56 AM, Error: Service Control Manager [7023] - The Multimedia Class Scheduler service terminated with the following error: Not enough storage is available to process this command.
    03/16/2012 11:17:41 AM, Error: Service Control Manager [7011] - A timeout (30000 milliseconds) was reached while waiting for a transaction response from the MMCSS service.
    03/16/2012 11:17:41 AM, Error: Service Control Manager [7000] - The Multimedia Class Scheduler service failed to start due to the following error: The service did not respond to the start or control request in a timely fashion.
    03/16/2012 10:04:22 AM, Error: volsnap [14] - The shadow copies of volume C: were aborted because of an IO failure on volume C:.
    03/15/2012 9:24:09 AM, Error: Service Control Manager [7011] - A timeout (30000 milliseconds) was reached while waiting for a transaction response from the ShellHWDetection service.
    03/15/2012 2:55:29 PM, Error: Service Control Manager [7023] - The Server service terminated with the following error: The data is invalid.
    03/15/2012 2:55:29 PM, Error: Service Control Manager [7023] - The Computer Browser service terminated with the following error: A system shutdown is in progress.
    03/15/2012 2:55:17 PM, Error: Service Control Manager [7001] - The Client Virtualization Handler service depends on the Application Virtualization Client service which failed to start because of the following error: The service did not respond to the start or control request in a timely fashion.
    03/15/2012 2:54:52 PM, Error: Service Control Manager [7009] - A timeout was reached (30000 milliseconds) while waiting for the Application Virtualization Client service to connect.
    03/15/2012 2:54:52 PM, Error: Service Control Manager [7000] - The Application Virtualization Client service failed to start due to the following error: The service did not respond to the start or control request in a timely fashion.
    03/15/2012 2:54:22 PM, Error: Service Control Manager [7009] - A timeout was reached (30000 milliseconds) while waiting for the Windows Live ID Sign-in Assistant service to connect.
    03/15/2012 2:54:22 PM, Error: Service Control Manager [7000] - The Windows Live ID Sign-in Assistant service failed to start due to the following error: The service did not respond to the start or control request in a timely fashion.
    03/15/2012 2:53:03 PM, Error: Service Control Manager [7009] - A timeout was reached (30000 milliseconds) while waiting for the Trend Micro Client/Server Security Agent RealTime Scan service to connect.
    03/15/2012 2:53:03 PM, Error: Service Control Manager [7000] - The Trend Micro Client/Server Security Agent RealTime Scan service failed to start due to the following error: The service did not respond to the start or control request in a timely fashion.
    03/15/2012 2:51:31 PM, Error: Service Control Manager [7009] - A timeout was reached (30000 milliseconds) while waiting for the SQL Server (CHURCHWINDOWS) service to connect.
    03/15/2012 2:51:31 PM, Error: Service Control Manager [7000] - The SQL Server (CHURCHWINDOWS) service failed to start due to the following error: The service did not respond to the start or control request in a timely fashion.
    03/15/2012 10:11:24 AM, Error: Service Control Manager [7022] - The Windows Update service hung on starting.
    03/15/2012 10:06:52 AM, Error: Service Control Manager [7022] - The IKE and AuthIP IPsec Keying Modules service hung on starting.
    03/15/2012 10:04:48 AM, Error: Service Control Manager [7022] - The Task Scheduler service hung on starting.
    03/14/2012 12:38:06 PM, Error: AeLookupSvc [1] - The Application Experience Lookup service failed to initialize.
    03/12/2012 3:11:23 PM, Error: Service Control Manager [7001] - The Windows Image Acquisition (WIA) service depends on the Shell Hardware Detection service which failed to start because of the following error: A thread could not be created for the service.
    03/12/2012 10:46:45 AM, Error: Service Control Manager [7032] - The Service Control Manager tried to take a corrective action (Restart the service) after the unexpected termination of the Windows Management Instrumentation service, but this action failed with the following error: An instance of the service is already running.
    03/12/2012 10:46:44 AM, Error: Service Control Manager [7032] - The Service Control Manager tried to take a corrective action (Restart the service) after the unexpected termination of the IKE and AuthIP IPsec Keying Modules service, but this action failed with the following error: An instance of the service is already running.
    03/12/2012 10:46:44 AM, Error: Service Control Manager [7032] - The Service Control Manager tried to take a corrective action (Restart the service) after the unexpected termination of the Computer Browser service, but this action failed with the following error: An instance of the service is already running.
    03/12/2012 10:45:44 AM, Error: Service Control Manager [7032] - The Service Control Manager tried to take a corrective action (Restart the service) after the unexpected termination of the Server service, but this action failed with the following error: An instance of the service is already running.
    03/12/2012 10:44:45 AM, Error: Service Control Manager [7031] - The Windows Update service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 60000 milliseconds: Restart the service.
    03/12/2012 10:44:45 AM, Error: Service Control Manager [7031] - The Windows Management Instrumentation service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 120000 milliseconds: Restart the service.
    03/12/2012 10:44:45 AM, Error: Service Control Manager [7031] - The Themes service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 60000 milliseconds: Restart the service.
    03/12/2012 10:44:44 AM, Error: Service Control Manager [7031] - The User Profile Service service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 120000 milliseconds: Restart the service.
    03/12/2012 10:44:44 AM, Error: Service Control Manager [7031] - The Task Scheduler service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 60000 milliseconds: Restart the service.
    03/12/2012 10:44:44 AM, Error: Service Control Manager [7031] - The System Event Notification Service service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 120000 milliseconds: Restart the service.
    03/12/2012 10:44:44 AM, Error: Service Control Manager [7031] - The Shell Hardware Detection service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 60000 milliseconds: Restart the service.
    03/12/2012 10:44:44 AM, Error: Service Control Manager [7031] - The Server service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 60000 milliseconds: Restart the service.
    03/12/2012 10:44:44 AM, Error: Service Control Manager [7031] - The IP Helper service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 120000 milliseconds: Restart the service.
    03/12/2012 10:44:44 AM, Error: Service Control Manager [7031] - The IKE and AuthIP IPsec Keying Modules service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 120000 milliseconds: Restart the service.
    03/12/2012 10:44:44 AM, Error: Service Control Manager [7031] - The Group Policy Client service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 120000 milliseconds: Restart the service.
    03/12/2012 10:44:44 AM, Error: Service Control Manager [7031] - The Computer Browser service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 120000 milliseconds: Restart the service.
    03/12/2012 10:44:44 AM, Error: Service Control Manager [7031] - The Background Intelligent Transfer Service service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 60000 milliseconds: Restart the service.
    03/12/2012 1:51:13 PM, Error: Service Control Manager [7023] - The Application Experience service terminated with the following error: Not enough storage is available to process this command.
    03/12/2012 1:48:17 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1068" attempting to start the service stisvc with arguments "" in order to run the server: {A1F4E726-8CF1-11D1-BF92-0060081ED811}
    .
    ==== End Of File ===========================
  9. Broni

    Broni Malware Annihilator Posts: 46,177   +251

    Download aswMBR to your desktop.
    Double click the aswMBR.exe to run it.
    If you see this question: Would you like to download latest Avast! virus definitions?" say "Yes".
    Click the "Scan" button to start scan.
    On completion of the scan click "Save log", save it to your desktop and post in your next reply.

    NOTE. aswMBR will create MBR.dat file on your desktop. This is a copy of your MBR. Do NOT delete it.

    =====================================================================

    Download Bootkit Remover to your desktop.

    • Unzip downloaded file to your Desktop.
    • Double-click on boot_cleaner.exe to run the program (Vista/7 users,right click on boot_cleaner.exe and click Run As Administrator).
    • It will show a Black screen with some data on it.
    • Right click on the screen and click Select All.
    • Press CTRL+C
    • Open a Notepad and press CTRL+V
    • Post the output back here.
  10. reddog1992000

    reddog1992000 Newcomer, in training Topic Starter

    is it okay that after the scan i click "FixMBR"?
  11. reddog1992000

    reddog1992000 Newcomer, in training Topic Starter

    I chose not to click "FixMBR" and second would like to ask where is the "any" key that bootkit remover mentioned..... j/k
    Here are the logs

    aswMBR version 0.9.9.1665 Copyright(c) 2011 AVAST Software
    Run date: 2012-03-20 13:29:47
    -----------------------------
    13:29:47.762 OS Version: Windows 6.1.7600
    13:29:47.762 Number of processors: 2 586 0x170A
    13:29:47.762 ComputerName: BERTHA-PC UserName: Bertha
    13:29:48.417 Initialize success
    13:32:18.802 AVAST engine defs: 12032000
    13:32:48.055 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IAAStorageDevice-1
    13:32:48.055 Disk 0 Vendor: WDC_WD25 02.0 Size: 238418MB BusType: 8
    13:32:48.071 Disk 0 MBR read successfully
    13:32:48.071 Disk 0 MBR scan
    13:32:48.086 Disk 0 Windows VISTA default MBR code
    13:32:48.086 Disk 0 Partition 1 00 DE Dell Utility Dell 8.0 39 MB offset 63
    13:32:48.102 Disk 0 Partition 2 80 (A) 07 HPFS/NTFS NTFS 12942 MB offset 81920
    13:32:48.118 Disk 0 Partition 3 00 07 HPFS/NTFS NTFS 225435 MB offset 26587136
    13:32:48.118 Disk 0 scanning sectors +488278016
    13:32:48.196 Disk 0 scanning C:\Windows\system32\drivers
    13:32:56.183 Service scanning
    13:33:10.566 Service tmactmon C:\Windows\system32\DRIVERS\tmactmon.sys **LOCKED** 5
    13:33:11.081 Service tmcomm C:\Windows\system32\DRIVERS\tmcomm.sys **LOCKED** 5
    13:33:11.596 Service tmevtmgr C:\Windows\system32\DRIVERS\tmevtmgr.sys **LOCKED** 5
    13:33:15.761 Modules scanning
    13:33:19.910 Disk 0 trace - called modules:
    13:33:19.942 ntkrnlpa.exe CLASSPNP.SYS disk.sys iaStor.sys halmacpi.dll
    13:33:19.942 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0x87b575f0]
    13:33:19.942 3 CLASSPNP.SYS[8b78959e] -> nt!IofCallDriver -> \Device\Ide\IAAStorageDevice-1[0x85362028]
    13:33:21.002 AVAST engine scan C:\Windows
    13:33:22.718 AVAST engine scan C:\Windows\system32
    13:35:50.898 AVAST engine scan C:\Windows\system32\drivers
    13:36:01.272 AVAST engine scan C:\Users\Bertha
    13:38:33.458 Disk 0 MBR has been saved successfully to "C:\Users\Bertha\Desktop\MBR.dat"
    13:38:33.474 The log file has been saved successfully to "C:\Users\Bertha\Desktop\aswMBR.txt"


    Bootkit Remover
    (c) 2009 Esage Lab
    www.esagelab.com

    Program version: 1.2.0.1
    OS Version: Microsoft Windows 7 Home Premium Edition (build 7600), 32-bit

    System volume is \\.\C:
    \\.\C: -> \\.\PhysicalDrive0 at offset 0x00000003`2b600000
    Boot sector MD5 is: fe5642739ba66ba18c128543669678a2

    Size Device Name MBR Status
    --------------------------------------------
    232 GB \\.\PhysicalDrive0 Unknown boot code

    Unknown boot code has been found on some of your physical disks.
    To inspect the boot code manually, dump the master boot sector:
    remover.exe dump <device_name> [output_file]
    To disinfect the master boot sector, use the following command:
    remover.exe fix <device_name>


    Done;
    Press any key to quit...
     
  12. reddog1992000

    reddog1992000 Newcomer, in training Topic Starter

    BTW Google.com is now accessible
  13. Broni

    Broni Malware Annihilator Posts: 46,177   +251

    Please download ComboFix from Here or Here to your Desktop.

    **Note: In the event you already have Combofix, this is a new version that I need you to download. It is important that it is saved directly to your desktop**
    • Never rename Combofix unless instructed.
    • Close any open browsers.
    • Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.
    • Very Important! Temporarily disable your anti-virus, script blocking and any anti-malware real-time protection before performing a scan. They can interfere with ComboFix or remove some of its embedded files which may cause "unpredictable results".
    • Click on this link to see a list of programs that should be disabled. The list is not all inclusive. If yours is not listed and you don't know how to disable it, please ask.
    • Close any open browsers.
    • WARNING: Combofix will disconnect your machine from the Internet as soon as it starts
    • Please do not attempt to re-connect your machine back to the Internet until Combofix has completely finished.
    • If there is no internet connection after running Combofix, then restart your computer to restore back your connection.
    • Double click on combofix.exe & follow the prompts.

    • NOTE1. If Combofix asks you to install Recovery Console, please allow it.
      NOTE 2. If Combofix asks you to update the program, always do so.
    • When finished, it will produce a report for you.
    • Please post the "C:\ComboFix.txt"
    **Note 1: Do not mouseclick combofix's window while it's running. That may cause it to stall
    **Note 2 for AVG and CA Internet Security users: ComboFix will not run until AVG/CA Internet Security is uninstalled as a protective measure against the anti-virus. This is because AVG/CA Internet Security "falsely" detects ComboFix (or its embedded files) as a threat and may remove them resulting in the tool not working correctly which in turn can cause "unpredictable results". Since AVG/CA Internet Security cannot be effectively disabled before running ComboFix, the author recommends you to uninstall AVG/CA Internet Security first.
    Use AppRemover to uninstall it: http://www.appremover.com/
    We can reinstall it when we're done with CF.
    **Note 3: If you receive an error "Illegal operation attempted on a registery key that has been marked for deletion", restart computer to fix the issue.
    **Note 4: Some infections may take some significant time to be cured. As long as your computer clock is running Combofix is still working. Be patient.


    Make sure, you re-enable your security programs, when you're done with Combofix.

    ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
    ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

    NOTE.
    If, for some reason, Combofix refuses to run, try one of the following:

    1. Run Combofix from Safe Mode.

    2. Delete Combofix file, download fresh one, but rename combofix.exe to your_name.exe BEFORE saving it to your desktop.
    Do NOT run it yet.
    Please download and run the below tool named Rkill (courtesy of BleepingComputer.com) which may help allow other programs to run.
    There are 4 different versions. If one of them won't run then download and try to run the other one.
    Vista and Win7 users need to right click Rkill and choose Run as Administrator
    You only need to get one of these to run, not all of them. You may get warnings from your antivirus about this tool, ignore them or shutdown your antivirus.

    * Rkill.com
    * Rkill.scr
    * Rkill.exe
    • Double-click on the Rkill icon to run the tool.
    • If using Vista or Windows 7 right-click on it and choose Run As Administrator.
    • A black DOS box will briefly flash and then disappear. This is normal and indicates the tool ran successfully.
    • If not, delete the file, then download and use the one provided in Link 2.
    • If it does not work, repeat the process and attempt to use one of the remaining links until the tool runs.
    • Do not reboot until instructed.
    • If the tool does not run from any of the links provided, please let me know.
    Once you've gotten one of them to run, immediately run your_name.exe by double clicking on it.

    If normal mode still doesn't work, run BOTH tools from safe mode.

    In case #2, please post BOTH logs, rKill and Combofix.

    DO NOT make any other changes to your computer (like installing programs, using other cleaning tools, etc.), until it's officially declared clean!!!
  14. reddog1992000

    reddog1992000 Newcomer, in training Topic Starter

    combofix results

    ComboFix 12-03-21.02 - Bertha 03/22/2012 15:18:12.1.2 - x86
    Microsoft Windows 7 Home Premium 6.1.7600.0.1252.1.1033.18.3036.2018 [GMT -7:00]
    Running from: c:\users\Bertha\Desktop\ComboFix.exe
    AV: avast! Antivirus *Enabled/Updated* {2B2D1395-420B-D5C9-657E-930FE358FC3C}
    FW: Trend Micro Personal Firewall *Enabled* {70A91CD9-303D-A217-A80E-6DEE136EDB2B}
    SP: avast! Antivirus *Enabled/Updated* {904CF271-6431-DA47-5FCE-A87D98DFB681}
    SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
    .
    .
    ((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
    .
    .
    C:\install.exe
    c:\users\Bertha\AppData\Roaming\HbTools
    c:\users\Bertha\AppData\Roaming\HbTools\v3.0\HbTools\static\2\btntrans.idx
    c:\users\Bertha\AppData\Roaming\Microsoft\Windows\Recent\img-525100617-0001.pdf
    c:\users\Bertha\AppData\Roaming\PriceGong
    c:\users\Bertha\AppData\Roaming\PriceGong\Data\1.xml
    c:\users\Bertha\AppData\Roaming\PriceGong\Data\a.xml
    c:\users\Bertha\AppData\Roaming\PriceGong\Data\b.xml
    c:\users\Bertha\AppData\Roaming\PriceGong\Data\c.xml
    c:\users\Bertha\AppData\Roaming\PriceGong\Data\d.xml
    c:\users\Bertha\AppData\Roaming\PriceGong\Data\e.xml
    c:\users\Bertha\AppData\Roaming\PriceGong\Data\f.xml
    c:\users\Bertha\AppData\Roaming\PriceGong\Data\g.xml
    c:\users\Bertha\AppData\Roaming\PriceGong\Data\h.xml
    c:\users\Bertha\AppData\Roaming\PriceGong\Data\i.xml
    c:\users\Bertha\AppData\Roaming\PriceGong\Data\J.xml
    c:\users\Bertha\AppData\Roaming\PriceGong\Data\k.xml
    c:\users\Bertha\AppData\Roaming\PriceGong\Data\l.xml
    c:\users\Bertha\AppData\Roaming\PriceGong\Data\m.xml
    c:\users\Bertha\AppData\Roaming\PriceGong\Data\mru.xml
    c:\users\Bertha\AppData\Roaming\PriceGong\Data\n.xml
    c:\users\Bertha\AppData\Roaming\PriceGong\Data\o.xml
    c:\users\Bertha\AppData\Roaming\PriceGong\Data\p.xml
    c:\users\Bertha\AppData\Roaming\PriceGong\Data\q.xml
    c:\users\Bertha\AppData\Roaming\PriceGong\Data\r.xml
    c:\users\Bertha\AppData\Roaming\PriceGong\Data\s.xml
    c:\users\Bertha\AppData\Roaming\PriceGong\Data\t.xml
    c:\users\Bertha\AppData\Roaming\PriceGong\Data\u.xml
    c:\users\Bertha\AppData\Roaming\PriceGong\Data\v.xml
    c:\users\Bertha\AppData\Roaming\PriceGong\Data\w.xml
    c:\users\Bertha\AppData\Roaming\PriceGong\Data\x.xml
    c:\users\Bertha\AppData\Roaming\PriceGong\Data\y.xml
    c:\users\Bertha\AppData\Roaming\PriceGong\Data\z.xml
    c:\windows\system32\SET107E.tmp
    c:\windows\system32\SET39F9.tmp
    c:\windows\system32\spool\prtprocs\w32x86\Xrpp_b.dll
    .
    .
    ((((((((((((((((((((((((( Files Created from 2012-02-22 to 2012-03-22 )))))))))))))))))))))))))))))))
    .
    .
    2012-03-22 22:35 . 2012-03-22 22:37 -------- d-----w- c:\users\Bertha\AppData\Local\temp
    2012-03-22 22:35 . 2012-03-22 22:35 -------- d-----w- c:\users\Default\AppData\Local\temp
    2012-03-22 22:23 . 2012-03-22 22:23 56200 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{134A95C3-3B8B-4D64-9369-30D6A84A71EB}\offreg.dll
    2012-03-21 15:38 . 2012-03-01 21:34 6552120 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{134A95C3-3B8B-4D64-9369-30D6A84A71EB}\mpengine.dll
    2012-03-20 21:07 . 2012-03-20 21:08 -------- d-----w- c:\program files\Google
    2012-03-20 21:07 . 2012-03-20 21:07 -------- d-----w- c:\users\Bertha\AppData\Local\Deployment
    2012-03-20 20:50 . 2012-03-06 23:03 337880 ----a-w- c:\windows\system32\drivers\aswSP.sys
    2012-03-20 20:50 . 2012-03-06 23:01 20696 ----a-w- c:\windows\system32\drivers\aswFsBlk.sys
    2012-03-20 20:50 . 2012-03-06 23:02 44376 ----a-w- c:\windows\system32\drivers\aswRdr2.sys
    2012-03-20 20:50 . 2012-03-06 23:03 612184 ----a-w- c:\windows\system32\drivers\aswSnx.sys
    2012-03-20 20:50 . 2012-03-06 23:01 53848 ----a-w- c:\windows\system32\drivers\aswTdi.sys
    2012-03-20 20:50 . 2012-03-06 23:01 57688 ----a-w- c:\windows\system32\drivers\aswMonFlt.sys
    2012-03-20 20:50 . 2012-03-06 23:15 41184 ----a-w- c:\windows\avastSS.scr
    2012-03-20 20:50 . 2012-03-06 23:15 201352 ----a-w- c:\windows\system32\aswBoot.exe
    2012-03-20 20:50 . 2012-03-20 20:50 -------- d-----w- c:\programdata\AVAST Software
    2012-03-20 20:50 . 2012-03-20 20:50 -------- d-----w- c:\program files\AVAST Software
    2012-03-19 10:06 . 2012-02-03 04:01 2341376 ----a-w- c:\windows\system32\win32k.sys
    2012-03-19 10:00 . 2011-11-19 11:24 3971440 ----a-w- c:\windows\system32\ntkrnlpa.exe
    2012-03-19 10:00 . 2011-11-19 11:24 3915632 ----a-w- c:\windows\system32\ntoskrnl.exe
    2012-03-15 21:24 . 2012-03-15 21:24 -------- d-----w- c:\users\Bertha\AppData\Roaming\Malwarebytes
    2012-03-15 21:24 . 2012-03-15 21:58 -------- d-----w- c:\programdata\Malwarebytes
    .
    .
    .
    (((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
    .
    2012-02-23 16:18 . 2011-04-11 18:09 237072 ------w- c:\windows\system32\MpSigStub.exe
    2012-01-03 13:10 . 2012-01-03 13:10 47512 ----a-w- c:\windows\system32\AdobePDF.dll
    2012-01-03 13:10 . 2012-01-03 13:10 22936 ----a-w- c:\windows\system32\AdobePDFUI.dll
    2011-12-29 17:23 . 2011-09-08 16:21 800824 ----a-w- c:\users\Default\AppData\Roaming\DPInst.exe
    2011-12-29 17:23 . 2011-09-08 16:21 36352 ----a-w- c:\users\Default\AppData\Roaming\PnPutil.exe
    2011-12-29 17:23 . 2011-09-08 16:21 106496 ----a-w- c:\users\Default\AppData\Roaming\gacutil.exe
    .
    .
    ((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
    .
    .
    *Note* empty entries & legit default entries are not shown
    REGEDIT4
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\00avast]
    @="{472083B0-C522-11CF-8763-00608CC02F24}"
    [HKEY_CLASSES_ROOT\CLSID\{472083B0-C522-11CF-8763-00608CC02F24}]
    2012-03-06 23:15 123536 ----a-w- c:\program files\AVAST Software\Avast\ashShell.dll
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\EnabledUnlockedFDEIconOverlay]
    @="{30D3C2AF-9709-4D05-9CF4-13335F3C1E4A}"
    [HKEY_CLASSES_ROOT\CLSID\{30D3C2AF-9709-4D05-9CF4-13335F3C1E4A}]
    2010-10-16 21:10 119664 ----a-w- c:\program files\Dell\Dell Data Protection\Access\Advanced\Wave\Trusted Drive Manager\TdmIconOverlay.dll
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\UninitializedFdeIconOverlay]
    @="{CF08DA3E-C97D-4891-A66B-E39B28DD270F}"
    [HKEY_CLASSES_ROOT\CLSID\{CF08DA3E-C97D-4891-A66B-E39B28DD270F}]
    2010-10-16 21:10 119664 ----a-w- c:\program files\Dell\Dell Data Protection\Access\Advanced\Wave\Trusted Drive Manager\TdmIconOverlay.dll
    .
    [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2012-03-20 39408]
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "IAStorIcon"="c:\program files\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe" [2010-03-04 284696]
    "OfficeScanNT Monitor"="c:\program files\Trend Micro\Client Server Security Agent\pccntmon.exe" [2010-06-25 1099088]
    "BCSSync"="c:\program files\Microsoft Office\Office14\BCSSync.exe" [2010-03-13 91520]
    "hpsjbmgr"="c:\program files\Hewlett-Packard\HP PrecisionScan\PrecisionScan\hpsjbmgr.exe" [1998-11-24 162816]
    "HP Lamp"="c:\program files\Hewlett-Packard\HP PrecisionScan\PrecisionScan\HPLamp.exe" [1998-11-24 43520]
    "avast"="c:\program files\AVAST Software\Avast\avastUI.exe" [2012-03-06 4241512]
    .
    [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\RunOnce]
    "KodakHomeCenter"="c:\program files\Kodak\AiO\Center\AiOHomeCenter.exe" [2011-12-12 2234288]
    .
    c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
    Digital Line Detect.lnk - c:\program files\Digital Line Detect\DLG.exe [2011-4-4 50688]
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
    "ConsentPromptBehaviorAdmin"= 5 (0x5)
    "ConsentPromptBehaviorUser"= 3 (0x3)
    "EnableUIADesktopToggle"= 0 (0x0)
    "DisableCAD"= 1 (0x1)
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\spba]
    2010-09-15 16:11 1971536 ----a-w- c:\program files\Common Files\SPBA\homefus2.dll
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
    "aux"=wdmaud.drv
    .
    [HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
    Security Packages REG_MULTI_SZ kerberos msv1_0 schannel wdigest tspkg pku2u livessp
    Authentication Packages REG_MULTI_SZ msv1_0 wvauth
    .
    R0 epstwnt;epstwnt;c:\windows\System32\Drivers\epstwnt.mpd [1998-10-28 84480]
    R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]
    R2 gupdate;Google Update Service (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [2012-03-20 136176]
    R2 RoxWatch12;Roxio Hard Drive Watcher 12;c:\program files\Common Files\Roxio Shared\OEM\12.0\SharedCOM\RoxWatch12OEM.exe [2010-11-25 219632]
    R2 SHARSHTL;Shuttle Sharer;c:\windows\System32\Drivers\sharshtl.sys [1998-08-12 18432]
    R3 gupdatem;Google Update Service (gupdatem);c:\program files\Google\Update\GoogleUpdate.exe [2012-03-20 136176]
    R3 osppsvc;Office Software Protection Platform;c:\program files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE [2010-01-10 4640000]
    R3 RoxMediaDB12OEM;RoxMediaDB12OEM;c:\program files\Common Files\Roxio Shared\OEM\12.0\SharedCOM\RoxMediaDB12OEM.exe [2010-11-25 1116656]
    R3 TmProxy;Trend Micro Client/Server Security Agent Proxy Service;c:\program files\Trend Micro\Client Server Security Agent\TmProxy.exe [2009-07-15 689416]
    R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe [2011-04-12 1343400]
    R4 wlcrasvc;Windows Live Mesh remote connections service;c:\program files\Windows Live\Mesh\wlcrasvc.exe [2010-09-22 51040]
    S1 aswSnx;aswSnx; [x]
    S1 aswSP;aswSP; [x]
    S1 tmlwf;Trend Micro NDIS 6.0 Filter Driver;c:\windows\system32\DRIVERS\tmlwf.sys [2009-07-15 146448]
    S2 aswFsBlk;aswFsBlk; [x]
    S2 aswMonFlt;aswMonFlt;c:\windows\system32\drivers\aswMonFlt.sys [2012-03-06 57688]
    S2 cvhsvc;Client Virtualization Handler;c:\program files\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE [2012-01-04 822624]
    S2 HsfXAudioService;HsfXAudioService;c:\windows\system32\svchost.exe [2009-07-14 20992]
    S2 IAStorDataMgrSvc;Intel(R) Rapid Storage Technology;c:\program files\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe [2010-03-04 13336]
    S2 Kodak AiO Network Discovery Service;Kodak AiO Network Discovery Service;c:\program files\Kodak\AiO\Center\EKAiOHostService.exe [2011-12-20 394672]
    S2 MSSQL$CHURCHWINDOWS;SQL Server (CHURCHWINDOWS);c:\program files\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe [2010-12-11 29293408]
    S2 sftlist;Application Virtualization Client;c:\program files\Microsoft Application Virtualization Client\sftlist.exe [2011-10-01 508776]
    S2 svcGenericHost;Trend Micro Client/Server Security Agent;c:\program files\Trend Micro\Client Server Security Agent\HostedAgent\svcGenericHost.exe [2010-07-05 45056]
    S2 TmFilter;Trend Micro Filter;c:\program files\Trend Micro\Client Server Security Agent\TmXPFlt.sys [2010-05-11 230928]
    S2 TmPreFilter;Trend Micro PreFilter;c:\program files\Trend Micro\Client Server Security Agent\TmPreFlt.sys [2010-05-11 36368]
    S2 tmwfp;Trend Micro WFP Callout Driver;c:\windows\system32\DRIVERS\tmwfp.sys [2009-07-15 283152]
    S2 vToolbarUpdater10.2.0;vToolbarUpdater10.2.0;c:\program files\Common Files\AVG Secure Search\vToolbarUpdater\10.2.0\ToolbarUpdater.exe [2012-03-12 918880]
    S3 e1kexpress;Intel(R) PRO/1000 PCI Express Network Connection Driver K;c:\windows\system32\DRIVERS\e1k6232.sys [2010-04-06 224424]
    S3 Sftfs;Sftfs;c:\windows\system32\DRIVERS\Sftfslh.sys [2011-10-01 579944]
    S3 Sftplay;Sftplay;c:\windows\system32\DRIVERS\Sftplaylh.sys [2011-10-01 194408]
    S3 Sftredir;Sftredir;c:\windows\system32\DRIVERS\Sftredirlh.sys [2011-10-01 21864]
    S3 Sftvol;Sftvol;c:\windows\system32\DRIVERS\Sftvollh.sys [2011-10-01 19304]
    S3 sftvsa;Application Virtualization Service Agent;c:\program files\Microsoft Application Virtualization Client\sftvsa.exe [2011-10-01 219496]
    S3 tmevtmgr;tmevtmgr;c:\windows\system32\DRIVERS\tmevtmgr.sys [x]
    S3 TmPfw;Trend Micro Client/Server Security Agent Personal Firewall;c:\program files\Trend Micro\Client Server Security Agent\TmPfw.exe [2009-07-15 497008]
    .
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
    HsfXAudioService REG_MULTI_SZ HsfXAudioService
    HPZ12 REG_MULTI_SZ Pml Driver HPZ12 Net Driver HPZ12
    .
    Contents of the 'Scheduled Tasks' folder
    .
    2012-03-22 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
    - c:\program files\Google\Update\GoogleUpdate.exe [2012-03-20 21:07]
    .
    2012-03-22 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
    - c:\program files\Google\Update\GoogleUpdate.exe [2012-03-20 21:07]
    .
    .
    ------- Supplementary Scan -------
    .
    IE: Append Link Target to Existing PDF - c:\program files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
    IE: Append to Existing PDF - c:\program files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppend.html
    IE: Convert Link Target to Adobe PDF - c:\program files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
    IE: Convert to Adobe PDF - c:\program files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIECapture.html
    IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~4\Office14\EXCEL.EXE/3000
    IE: Se&nd to OneNote - c:\progra~1\MICROS~4\Office14\ONBttnIE.dll/105
    TCP: DhcpNameServer = 192.168.0.254
    Handler: viprotocol - {B658800C-F66E-4EF3-AB85-6C0C227862A9} - c:\program files\Common Files\AVG Secure Search\ViProtocolInstaller\10.2.0\ViProtocol.dll
    .
    - - - - ORPHANS REMOVED - - - -
    .
    URLSearchHooks-{cc8ae5b8-005b-4b1a-a27d-307eddffe5c8} - c:\program files\RecipeHub_2j\bar\1.bin\2jSrcAs.dll
    BHO-{85F5CF95-EC8F-49fc-BB3F-38C79455CBA2} - c:\program files\alotappbar\bin\BHO\ALOTHelperBHO.dll
    BHO-{95B7759C-8C7F-4BF1-B163-73684A933233} - c:\program files\AVG Secure Search\10.2.0.3\AVG Secure Search_toolbar.dll
    BHO-{BFE4B5CB-63F7-4A51-9266-6167655D5B4F} - c:\program files\Dogpile Bundle Toolbar\Toolbar.dll
    Toolbar-Locked - (no file)
    Toolbar-{C80BDEB2-8735-44C6-BD55-A1CCD555667A} - c:\program files\Dogpile Bundle Toolbar\Toolbar.dll
    Toolbar-{A531D99C-5A22-449b-83DA-872725C6D0ED} - c:\program files\alotappbar\bin\ALOTHelper.dll
    Toolbar-{95B7759C-8C7F-4BF1-B163-73684A933233} - c:\program files\AVG Secure Search\10.2.0.3\AVG Secure Search_toolbar.dll
    WebBrowser-{BF7380FA-E3B4-4DB2-AF3E-9D8783A45BFC} - (no file)
    WebBrowser-{D4027C7F-154A-4066-A1AD-4243D8127440} - (no file)
    WebBrowser-{C80BDEB2-8735-44C6-BD55-A1CCD555667A} - c:\program files\Dogpile Bundle Toolbar\Toolbar.dll
    WebBrowser-{E7DF6BFF-55A5-4EB7-A673-4ED3E9456D39} - (no file)
    HKLM-Run-Conime - c:\windows\system32\conime.exe
    AddRemove-9512AA21B791B05A54E27065C45BBC417AB282DF - c:\progra~1\DIFX\25C232B9F73C1237\DPInst.exe
    .
    .
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\epstwnt]
    "ImagePath"="System32\Drivers\epstwnt.mpd"
    .
    --------------------- LOCKED REGISTRY KEYS ---------------------
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
    @Denied: (A) (Users)
    @Denied: (A) (Everyone)
    @Allowed: (B 1 2 3 4 5) (S-1-5-20)
    "BlindDial"=dword:00000000
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings]
    @Denied: (A) (Users)
    @Denied: (A) (Everyone)
    @Allowed: (B 1 2 3 4 5) (S-1-5-20)
    "BlindDial"=dword:00000000
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
    @Denied: (Full) (Everyone)
    .
    --------------------- DLLs Loaded Under Running Processes ---------------------
    .
    - - - - - - - > 'lsass.exe'(636)
    c:\windows\system32\wvauth.DLL
    .
    Completion time: 2012-03-22 15:51:04
    ComboFix-quarantined-files.txt 2012-03-22 22:50
    .
    Pre-Run: 170,219,970,560 bytes free
    Post-Run: 175,495,925,760 bytes free
    .
    - - End Of File - - 5CC49B52A33D1FAD4CA37D5BB1EB40E7
  15. reddog1992000

    reddog1992000 Newcomer, in training Topic Starter

    This log file is located at C:\rkill.log.
    Please post this only if requested to by the person helping you.
    Otherwise you can close this log when you wish.

    Rkill was run on 03/22/2012 at 15:16:43.
    Operating System: Windows 7 Home Premium


    Processes terminated by Rkill or while it was running:



    Rkill completed on 03/22/2012 at 15:17:51.
  16. Broni

    Broni Malware Annihilator Posts: 46,177   +251

    Looks good.

    How is computer doing?

    Download OTL to your Desktop.

    • Double click on the icon to run it. Make sure all other windows are closed and to let it run uninterrupted.
    • Click the Scan All Users checkbox.
    • Under the Custom Scan box paste this in:


    netsvcs
    drivers32
    %SYSTEMDRIVE%\*.*
    %systemroot%\Fonts\*.com
    %systemroot%\Fonts\*.dll
    %systemroot%\Fonts\*.ini
    %systemroot%\Fonts\*.ini2
    %systemroot%\Fonts\*.exe
    %systemroot%\system32\spool\prtprocs\w32x86\*.*
    %systemroot%\REPAIR\*.bak1
    %systemroot%\REPAIR\*.ini
    %systemroot%\system32\*.jpg
    %systemroot%\*.jpg
    %systemroot%\*.png
    %systemroot%\*.scr
    %systemroot%\*._sy
    %APPDATA%\Adobe\Update\*.*
    %ALLUSERSPROFILE%\Favorites\*.*
    %APPDATA%\Microsoft\*.*
    %PROGRAMFILES%\*.*
    %APPDATA%\Update\*.*
    %systemroot%\*. /mp /s
    CREATERESTOREPOINT
    %systemroot%\System32\config\*.sav
    %PROGRAMFILES%\bak. /s
    %systemroot%\system32\bak. /s
    %ALLUSERSPROFILE%\Start Menu\*.lnk /x
    %systemroot%\system32\config\systemprofile\*.dat /x
    %systemroot%\*.config
    %systemroot%\system32\*.db
    %APPDATA%\Microsoft\Internet Explorer\Quick Launch\*.lnk /x
    %USERPROFILE%\Desktop\*.exe
    %PROGRAMFILES%\Common Files\*.*
    %systemroot%\*.src
    %systemroot%\install\*.*
    %systemroot%\system32\DLL\*.*
    %systemroot%\system32\HelpFiles\*.*
    %systemroot%\tasks\*.*
    %systemroot%\system32\rundll\*.*
    %systemroot%\winn32\*.*
    %systemroot%\Java\*.*
    %systemroot%\system32\test\*.*
    %systemroot%\system32\Rundll32\*.*
    %systemroot%\AppPatch\Custom\*.*
    %APPDATA%\Roaming\Microsoft\Windows\Recent\*.lnk /x
    %PROGRAMFILES%\PC-Doctor\Downloads\*.*
    %PROGRAMFILES%\Internet Explorer\*.tmp
    %PROGRAMFILES%\Internet Explorer\*.dat
    %USERPROFILE%\My Documents\*.exe
    %USERPROFILE%\*.exe
    %systemroot%\ADDINS\*.*
    %systemroot%\assembly\*.bak2
    %systemroot%\Config\*.*
    %systemroot%\REPAIR\*.bak2
    %systemroot%\SECURITY\Database\*.sdb /x
    %systemroot%\SYSTEM\*.bak2
    %systemroot%\Web\*.bak2
    %systemroot%\Driver Cache\*.*
    %PROGRAMFILES%\Mozilla Firefox\0*.exe
    %ProgramFiles%\Microsoft Common\*.*
    %ProgramFiles%\TinyProxy.
    %USERPROFILE%\Favorites\*.url /x
    %systemroot%\system32\*.bk
    %systemroot%\*.te
    %systemroot%\system32\system32\*.*
    %ALLUSERSPROFILE%\*.dat /x
    %systemroot%\system32\drivers\*.rmv
    dir /b "%systemroot%\system32\*.exe" | find /i " " /c
    dir /b "%systemroot%\*.exe" | find /i " " /c
    %PROGRAMFILES%\Microsoft\*.*
    %systemroot%\System32\Wbem\proquota.exe
    %PROGRAMFILES%\Mozilla Firefox\*.dat
    %USERPROFILE%\Cookies\*.txt /x
    %SystemRoot%\system32\fonts\*.*
    %systemroot%\system32\winlog\*.*
    %systemroot%\system32\Language\*.*
    %systemroot%\system32\Settings\*.*
    %systemroot%\system32\*.quo
    %SYSTEMROOT%\AppPatch\*.exe
    %SYSTEMROOT%\inf\*.exe
    %SYSTEMROOT%\Installer\*.exe
    %systemroot%\system32\config\*.bak2
    %systemroot%\system32\Computers\*.*
    %SystemRoot%\system32\Sound\*.*
    %SystemRoot%\system32\SpecialImg\*.*
    %SystemRoot%\system32\code\*.*
    %SystemRoot%\system32\draft\*.*
    %SystemRoot%\system32\MSSSys\*.*
    %ProgramFiles%\Javascript\*.*
    %systemroot%\pchealth\helpctr\System\*.exe /s
    %systemroot%\Web\*.exe
    %systemroot%\system32\msn\*.*
    %systemroot%\system32\*.tro
    %AppData%\Microsoft\Installer\msupdates\*.*
    %ProgramFiles%\Messenger\*.*
    %systemroot%\system32\systhem32\*.*
    %systemroot%\system\*.exe
    HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate\AU
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\Auto Update\Results\Install|LastSuccessTime /rs
    /md5start
    /md5stop


    • Click the Quick Scan button. Do not change any settings unless otherwise told to do so. The scan wont take long.
    • When the scan completes, it will open two notepad windows: OTL.txt and Extras.txt. These are saved in the same location as OTL.
    • Please copy (Edit->Select All, Edit->Copy) the contents of these files, one at a time, and post them back here.
  17. reddog1992000

    reddog1992000 Newcomer, in training Topic Starter

    Computer has been running wayyy better since last Sunday! Thank you!


    OTL Extras logfile created on: 03/25/2012 11:37:09 AM - Run 1
    OTL by OldTimer - Version 3.2.39.2 Folder = C:\Users\Bertha\Desktop
    Home Premium Edition (Version = 6.1.7600) - Type = NTWorkstation
    Internet Explorer (Version = 9.0.8112.16421)
    Locale: 00000409 | Country: United States | Language: ENU | Date Format: MM/dd/yyyy

    2.96 Gb Total Physical Memory | 1.98 Gb Available Physical Memory | 66.76% Memory free
    5.93 Gb Paging File | 4.74 Gb Available in Paging File | 79.93% Paging File free
    Paging file location(s): ?:\pagefile.sys [binary data]

    %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
    Drive C: | 220.15 Gb Total Space | 160.51 Gb Free Space | 72.91% Space Free | Partition Type: NTFS

    Computer Name: BERTHA-PC | User Name: Bertha | Logged in as Administrator.
    Boot Mode: Normal | Scan Mode: All users | Quick Scan
    Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

    ========== Extra Registry (SafeList) ==========


    ========== File Associations ==========

    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
    .cpl [@ = cplfile] -- C:\Windows\System32\control.exe (Microsoft Corporation)
    .hlp [@ = hlpfile] -- C:\Windows\winhlp32.exe (Microsoft Corporation)

    ========== Shell Spawning ==========

    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
    batfile [open] -- "%1" %*
    cmdfile [open] -- "%1" %*
    comfile [open] -- "%1" %*
    cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
    exefile [open] -- "%1" %*
    helpfile [open] -- Reg Error: Key error.
    hlpfile [open] -- %SystemRoot%\winhlp32.exe %1 (Microsoft Corporation)
    htmlfile [edit] -- "C:\Program Files\Microsoft Office\Office14\msohtmed.exe" %1 (Microsoft Corporation)
    piffile [open] -- "%1" %*
    regfile [merge] -- Reg Error: Key error.
    scrfile [config] -- "%1"
    scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
    scrfile [open] -- "%1" /S
    txtfile [edit] -- Reg Error: Key error.
    Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
    Directory [Browse with FastStone] -- "C:\Program Files\FastStone Image Viewer\FSViewer.exe" "%1" ()
    Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
    Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
    Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
    Folder [explore] -- Reg Error: Value error.
    Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

    ========== Security Center Settings ==========

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
    "cval" = 1
    "FirewallDisableNotify" = 0
    "AntiVirusDisableNotify" = 0
    "UpdatesDisableNotify" = 0

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
    "VistaSp1" = Reg Error: Unknown registry data type -- File not found
    "AntiVirusOverride" = 0
    "AntiSpywareOverride" = 0
    "FirewallOverride" = 0

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]

    ========== System Restore Settings ==========

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]
    "DisableSR" = 0

    ========== Firewall Settings ==========

    [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\StandardProfile]

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
    "DisableNotifications" = 0
    "EnableFirewall" = 0

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
    "DisableNotifications" = 0
    "EnableFirewall" = 1

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
    "DisableNotifications" = 0
    "EnableFirewall" = 1

    ========== Authorized Applications List ==========

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]


    ========== HKEY_LOCAL_MACHINE Uninstall List ==========

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
    "{002D9D5E-29BA-3E6D-9BC4-3D7D6DBC735C}" = Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148
    "{0645A454-AD44-4F0D-99CF-6B762735AD1F}" = aioprnt
    "{07D618CD-B016-438A-ADC9-A75BD23F85CE}" = Wave Support Software Installer
    "{0A0CADCF-78DA-33C4-A350-CD51849B9702}" = Microsoft .NET Framework 4 Extended
    "{0B0A2153-58A6-4244-B458-25EDF5FCD809}" = Private Information Manager
    "{0B0F231F-CE6A-483D-AA23-77B364F75917}" = Windows Live Installer
    "{0CCAF47C-E428-48C2-82B2-5F25CE1D67DA}" = Gemalto
    "{17504ED4-DB08-40A8-81C2-27D8C01581DA}" = Windows Live Remote Service Resources
    "{18455581-E099-4BA8-BC6B-F34B2F06600C}" = Google Toolbar for Internet Explorer
    "{19A4A990-5343-4FF7-B3B5-6F046C091EDF}" = Windows Live Remote Client
    "{19BA08F7-C728-469C-8A35-BFBD3633BE08}" = Windows Live Movie Maker
    "{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
    "{1F6AB0E7-8CDD-4B93-8A23-AA9EB2FEFCE4}" = Junk Mail filter update
    "{200FEC62-3C34-4D60-9CE8-EC372E01C08F}" = Windows Live SOXE Definitions
    "{227E8782-B2F4-4E97-B0EE-49DE9CC1C0C0}" = Windows Live Remote Service
    "{2318C2B1-4965-11d4-9B18-009027A5CD4F}" = Google Toolbar for Internet Explorer
    "{27EF8E7F-88D1-4ec5-ADE2-7E447FDF114E}" = Kodak AIO Printer
    "{2902F983-B4C1-44BA-B85D-5C6D52E2C441}" = Windows Live Mesh ActiveX Control for Remote Connections
    "{294EAADF-E50F-4DD8-AD8D-19587EA10512}" = Modem Diagnostic Tool
    "{2AFFFDD7-ED85-4A90-8C52-5DA9EBDC9B8F}" = Microsoft SQL Server 2005 Express Edition (CHURCHWINDOWS)
    "{2EECD5EF-5095-467C-B80C-4AB3096EFD60}" = SPBA 5.9
    "{3138EAD3-700B-4A10-B617-B3F8096EE30D}" = Dell Edoc Viewer
    "{3250260C-7A95-4632-893B-89657EB5545B}" = PhotoShowExpress
    "{3336F667-9049-4D46-98B6-4C743EEBC5B1}" = Windows Live Photo Gallery
    "{34F4D9A4-42C2-4348-BEF4-E553C84549E7}" = Windows Live Photo Gallery
    "{376348C2-E372-48BC-A138-E896757BD86A}" = aioscnnr
    "{3A6BE9F4-5FC8-44BB-BE7B-32A29607FEF6}" = Preboot Manager
    "{3C3901C5-3455-3E0A-A214-0B093A5070A6}" = Microsoft .NET Framework 4 Client Profile
    "{3E29EE6C-963A-4aae-86C1-DC237C4A49FC}" = Intel(R) Rapid Storage Technology
    "{3F92ABBB-6BBF-11D5-B229-002078017FBF}" = Netwaiting
    "{464B3406-A4D0-4914-910F-7CA4380DCC13}" = Windows Live Remote Client Resources
    "{4688EB75-28E2-4731-9BCB-55E624F7CD45}" = Dell Backup and Recovery Manager
    "{48B41C3A-9A92-4B81-B653-C97FEB85C910}" = C4USelfUpdater
    "{4E4E65EE-C456-45AC-B5AD-C62C3A325BD0}" = Dell Data Protection | Access | Drivers
    "{4E60E212-3177-4B16-BCB3-616CCC52357D}" = Upek Touchchip Fingerprint Reader
    "{50816F92-1652-4A7C-B9BC-48F682742C4B}" = Messenger Companion
    "{53F5C3EE-05ED-4830-994B-50B2F0D50FCE}" = Microsoft SQL Server Setup Support Files (English)
    "{56BA241F-580C-43D2-8403-947241AAE633}" = center
    "{579684A4-DDD5-4CA3-9EA8-7BE7D9593DB4}" = Windows Live UX Platform Language Pack
    "{5A06423A-210C-49FB-950E-CB0EB8C5CEC7}" = Roxio BackOnTrack
    "{60B2315F-680F-4EB3-B8DD-CCDC86A7CCAB}" = Roxio File Backup
    "{612AD33D-9824-4E87-8396-92374E91C4BB}_is1" = Inbox Toolbar
    "{61AD15B2-50DB-4686-A739-14FE180D4429}" = Windows Live ID Sign-in Assistant
    "{6675CA7F-E51B-4F6A-99D4-F8F0124C6EAA}" = Roxio Express Labeler 3
    "{682B3E4F-696A-42DE-A41C-4C07EA1678B4}" = Windows Live SOXE
    "{6AC87FB3-ACFC-4416-890C-8976D5A9B371}" = Trusted Drive Manager
    "{6F0BBEFE-BE1C-419B-BA1F-D36C9E7915BC}" = Roxio Creator Starter
    "{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable
    "{7206B668-FEE0-455B-BB1F-9B5A2E0EC94A}" = Custom
    "{75E0B85A-085F-4BA3-B2BF-1995AFD8024D}" = NTRU TCG Software Stack
    "{7670D32F-DAE6-4E49-8C8B-B3F08B5B1686}" = Microsoft SQL Server Native Client
    "{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
    "{7746BFAA-2B5D-4FFD-A0E8-4558F4668105}" = Roxio Burn
    "{78A96B4C-A643-4D0F-98C2-A8E16A6669F9}" = Windows Live Messenger Companion Core
    "{7AAA00C4-26E6-4EC0-8069-955B0A9D6009}" = Intel(R) Network Connections 15.2.89.0
    "{80956555-A512-4190-9CAD-B000C36D6B6B}" = Windows Live Messenger
    "{83C292B7-38A5-440B-A731-07070E81A64F}" = Windows Live PIMT Platform
    "{841CBDD5-4BB5-403E-AEE3-2FADC3890BE8}" = Dell Data Protection | Access | Middleware
    "{85D468B9-D074-4BC5-BAFD-121ED3D83657}" = Church Windows Payroll (C:\CWPay\)
    "{86CE85E6-DBAC-3FFD-B977-E4B79F83C909}" = Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570
    "{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
    "{8C6D6116-B724-4810-8F2D-D047E6B7D68E}" = Mesh Runtime
    "{8DD46C6A-0056-4FEC-B70A-28BB16A1F11F}" = MSVCRT
    "{90120000-0017-0000-0000-0000000FF1CE}" = Microsoft Office SharePoint Designer 2007
    "{90120000-0017-0000-0000-0000000FF1CE}_SharePointDesigner_{4B4DF6E2-5E40-422B-82DD-205FD7E79226}" = Microsoft Office SharePoint Designer 2007 Service Pack 3 (SP3)
    "{90120000-0017-0409-0000-0000000FF1CE}" = Microsoft Office SharePoint Designer MUI (English) 2007
    "{90120000-0017-0409-0000-0000000FF1CE}_SharePointDesigner_{C00A9857-850C-4C68-A583-2EF4F24706F5}" = Microsoft Office SharePoint Designer 2007 Service Pack 3 (SP3)
    "{90120000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2007
    "{90120000-001F-0409-0000-0000000FF1CE}_SharePointDesigner_{1FF96026-A04A-4C3E-B50A-BB7022654D0F}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
    "{90120000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2007
    "{90120000-001F-040C-0000-0000000FF1CE}_SharePointDesigner_{71F055E8-E2C6-4214-BB3D-BFE03561B89E}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
    "{90120000-001F-0C0A-0000-0000000FF1CE}" = Microsoft Office Proof (Spanish) 2007
    "{90120000-001F-0C0A-0000-0000000FF1CE}_SharePointDesigner_{2314F9A1-126F-45CC-8A5E-DFAF866F3FBC}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
    "{90120000-002C-0409-0000-0000000FF1CE}" = Microsoft Office Proofing (English) 2007
    "{90120000-006E-0409-0000-0000000FF1CE}" = Microsoft Office Shared MUI (English) 2007
    "{90120000-006E-0409-0000-0000000FF1CE}_SharePointDesigner_{98333358-268C-4164-B6D4-C96DF5153727}" = Microsoft Office 2007 Service Pack 3 (SP3)
    "{90120000-0115-0409-0000-0000000FF1CE}" = Microsoft Office Shared Setup Metadata MUI (English) 2007
    "{90120000-0115-0409-0000-0000000FF1CE}_SharePointDesigner_{98333358-268C-4164-B6D4-C96DF5153727}" = Microsoft Office 2007 Service Pack 3 (SP3)
    "{90140000-0015-0409-0000-0000000FF1CE}" = Microsoft Office Access MUI (English) 2010
    "{90140000-0015-0409-0000-0000000FF1CE}_Office14.SingleImage_{6BD185A0-E67F-4F77-8BCD-E34EA6AE76DF}" = Microsoft Office 2010 Service Pack 1 (SP1)
    "{90140000-0016-0409-0000-0000000FF1CE}" = Microsoft Office Excel MUI (English) 2010
    "{90140000-0016-0409-0000-0000000FF1CE}_Office14.SingleImage_{6BD185A0-E67F-4F77-8BCD-E34EA6AE76DF}" = Microsoft Office 2010 Service Pack 1 (SP1)
    "{90140000-0018-0409-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (English) 2010
    "{90140000-0018-0409-0000-0000000FF1CE}_Office14.SingleImage_{6BD185A0-E67F-4F77-8BCD-E34EA6AE76DF}" = Microsoft Office 2010 Service Pack 1 (SP1)
    "{90140000-0019-0409-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (English) 2010
    "{90140000-0019-0409-0000-0000000FF1CE}_Office14.PUBLISHERR_{6BD185A0-E67F-4F77-8BCD-E34EA6AE76DF}" = Microsoft Office 2010 Service Pack 1 (SP1)
    "{90140000-0019-0409-0000-0000000FF1CE}_Office14.SingleImage_{6BD185A0-E67F-4F77-8BCD-E34EA6AE76DF}" = Microsoft Office 2010 Service Pack 1 (SP1)
    "{90140000-001A-0409-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (English) 2010
    "{90140000-001A-0409-0000-0000000FF1CE}_Office14.OUTLOOKR_{6BD185A0-E67F-4F77-8BCD-E34EA6AE76DF}" = Microsoft Office 2010 Service Pack 1 (SP1)
    "{90140000-001A-0409-0000-0000000FF1CE}_Office14.SingleImage_{6BD185A0-E67F-4F77-8BCD-E34EA6AE76DF}" = Microsoft Office 2010 Service Pack 1 (SP1)
    "{90140000-001B-0409-0000-0000000FF1CE}" = Microsoft Office Word MUI (English) 2010
    "{90140000-001B-0409-0000-0000000FF1CE}_Office14.SingleImage_{6BD185A0-E67F-4F77-8BCD-E34EA6AE76DF}" = Microsoft Office 2010 Service Pack 1 (SP1)
    "{90140000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2010
    "{90140000-001F-0409-0000-0000000FF1CE}_Office14.OUTLOOKR_{99ACCA38-6DD3-48A8-96AE-A283C9759279}" = Microsoft Office 2010 Service Pack 1 (SP1)
    "{90140000-001F-0409-0000-0000000FF1CE}_Office14.PUBLISHERR_{99ACCA38-6DD3-48A8-96AE-A283C9759279}" = Microsoft Office 2010 Service Pack 1 (SP1)
    "{90140000-001F-0409-0000-0000000FF1CE}_Office14.SingleImage_{99ACCA38-6DD3-48A8-96AE-A283C9759279}" = Microsoft Office 2010 Service Pack 1 (SP1)
    "{90140000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2010
    "{90140000-001F-040C-0000-0000000FF1CE}_Office14.OUTLOOKR_{46298F6A-1E7E-4D4A-B5F5-106A4F0E48C6}" = Microsoft Office 2010 Service Pack 1 (SP1)
    "{90140000-001F-040C-0000-0000000FF1CE}_Office14.PUBLISHERR_{46298F6A-1E7E-4D4A-B5F5-106A4F0E48C6}" = Microsoft Office 2010 Service Pack 1 (SP1)
    "{90140000-001F-040C-0000-0000000FF1CE}_Office14.SingleImage_{46298F6A-1E7E-4D4A-B5F5-106A4F0E48C6}" = Microsoft Office 2010 Service Pack 1 (SP1)
    "{90140000-001F-0C0A-0000-0000000FF1CE}" = Microsoft Office Proof (Spanish) 2010
    "{90140000-001F-0C0A-0000-0000000FF1CE}_Office14.OUTLOOKR_{DEA87BE2-FFCC-4F33-9946-FCBE55A1E998}" = Microsoft Office 2010 Service Pack 1 (SP1)
    "{90140000-001F-0C0A-0000-0000000FF1CE}_Office14.PUBLISHERR_{DEA87BE2-FFCC-4F33-9946-FCBE55A1E998}" = Microsoft Office 2010 Service Pack 1 (SP1)
    "{90140000-001F-0C0A-0000-0000000FF1CE}_Office14.SingleImage_{DEA87BE2-FFCC-4F33-9946-FCBE55A1E998}" = Microsoft Office 2010 Service Pack 1 (SP1)
    "{90140000-002C-0409-0000-0000000FF1CE}" = Microsoft Office Proofing (English) 2010
    "{90140000-002C-0409-0000-0000000FF1CE}_Office14.OUTLOOKR_{7CA93DF4-8902-449E-A42E-4C5923CFBDE3}" = Microsoft Office 2010 Service Pack 1 (SP1)
    "{90140000-002C-0409-0000-0000000FF1CE}_Office14.PUBLISHERR_{7CA93DF4-8902-449E-A42E-4C5923CFBDE3}" = Microsoft Office 2010 Service Pack 1 (SP1)
    "{90140000-002C-0409-0000-0000000FF1CE}_Office14.SingleImage_{7CA93DF4-8902-449E-A42E-4C5923CFBDE3}" = Microsoft Office 2010 Service Pack 1 (SP1)
    "{90140000-003D-0000-0000-0000000FF1CE}" = Microsoft Office Single Image 2010
    "{90140000-003D-0000-0000-0000000FF1CE}_Office14.SingleImage_{047B0968-E622-4FAA-9B4B-121FA109EDDE}" = Microsoft Office 2010 Service Pack 1 (SP1)
    "{90140000-006D-0409-0000-0000000FF1CE}" = Microsoft Office Click-to-Run 2010
    "{90140000-006E-0409-0000-0000000FF1CE}" = Microsoft Office Shared MUI (English) 2010
    "{90140000-006E-0409-0000-0000000FF1CE}_Office14.OUTLOOKR_{4560037C-E356-444A-A015-D21F487D809E}" = Microsoft Office 2010 Service Pack 1 (SP1)
    "{90140000-006E-0409-0000-0000000FF1CE}_Office14.PUBLISHERR_{4560037C-E356-444A-A015-D21F487D809E}" = Microsoft Office 2010 Service Pack 1 (SP1)
    "{90140000-006E-0409-0000-0000000FF1CE}_Office14.SingleImage_{4560037C-E356-444A-A015-D21F487D809E}" = Microsoft Office 2010 Service Pack 1 (SP1)
    "{90140000-00A1-0409-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (English) 2010
    "{90140000-00A1-0409-0000-0000000FF1CE}_Office14.SingleImage_{6BD185A0-E67F-4F77-8BCD-E34EA6AE76DF}" = Microsoft Office 2010 Service Pack 1 (SP1)
    "{90140000-0115-0409-0000-0000000FF1CE}" = Microsoft Office Shared Setup Metadata MUI (English) 2010
    "{90140000-0115-0409-0000-0000000FF1CE}_Office14.OUTLOOKR_{4560037C-E356-444A-A015-D21F487D809E}" = Microsoft Office 2010 Service Pack 1 (SP1)
    "{90140000-0115-0409-0000-0000000FF1CE}_Office14.PUBLISHERR_{4560037C-E356-444A-A015-D21F487D809E}" = Microsoft Office 2010 Service Pack 1 (SP1)
    "{90140000-0115-0409-0000-0000000FF1CE}_Office14.SingleImage_{4560037C-E356-444A-A015-D21F487D809E}" = Microsoft Office 2010 Service Pack 1 (SP1)
    "{90140000-0117-0409-0000-0000000FF1CE}" = Microsoft Office Access Setup Metadata MUI (English) 2010
    "{90140000-0117-0409-0000-0000000FF1CE}_Office14.SingleImage_{6BD185A0-E67F-4F77-8BCD-E34EA6AE76DF}" = Microsoft Office 2010 Service Pack 1 (SP1)
    "{91140000-0019-0000-0000-0000000FF1CE}" = Microsoft Office Publisher 2010
    "{91140000-0019-0000-0000-0000000FF1CE}_Office14.PUBLISHERR_{047B0968-E622-4FAA-9B4B-121FA109EDDE}" = Microsoft Office 2010 Service Pack 1 (SP1)
    "{91140000-001A-0000-0000-0000000FF1CE}" = Microsoft Office Outlook 2010
    "{91140000-001A-0000-0000-0000000FF1CE}_Office14.OUTLOOKR_{047B0968-E622-4FAA-9B4B-121FA109EDDE}" = Microsoft Office 2010 Service Pack 1 (SP1)
    "{92EA4134-10D1-418A-91E1-5A0453131A38}" = Windows Live Movie Maker
    "{95120000-00B9-0409-0000-0000000FF1CE}" = Microsoft Application Error Reporting
    "{9A00EC4E-27E1-42C4-98DD-662F32AC8870}" = Sonic CinePlayer Decoder Pack
    "{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
    "{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
    "{9D56775A-93F3-44A3-8092-840E3826DE30}" = Windows Live Mail
    "{9DAED4FC-2B0E-4F3F-8141-F2ABF02CCFCB}" = BioAPI Framework
    "{A0C91188-C88F-4E86-93E6-CD7C9A266649}" = Windows Live Mesh
    "{A121EEDE-C68F-461D-91AA-D48BA226AF1C}" = Roxio Activation Module
    "{A32F592F-AA0E-49AF-8E85-A0A25AF83314}" = Wave Infrastructure Installer
    "{A726AE06-AAA3-43D1-87E3-70F510314F04}" = Windows Live Writer
    "{A7D91856-258D-4C87-8041-B170851CE432}" = Dell Data Protection | Access
    "{A8516AC9-AAF1-47F9-9766-03E2D4CDBCF8}" = CyberLink PowerDVD 9.5
    "{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
    "{A9BDCA6B-3653-467B-AC83-94367DA3BFE3}" = Windows Live Photo Common
    "{AAAFC670-569B-4A2F-82B4-42945E0DE3EF}" = Windows Live Writer
    "{AAF454FC-82CA-4F29-AB31-6A109485E76E}" = Windows Live Writer
    "{ABBA2EA4-740E-4052-902B-9CA70B081E3F}" = Dell Data Protection | Access
    "{AC76BA86-1033-F400-BA7E-000000000005}" = Adobe Acrobat X Standard - English, Français, Deutsch
    "{AF844339-2F8A-4593-81B3-9F4C54038C4E}" = Windows Live MIME IFilter
    "{AF9E97C1-7431-426D-A8D5-ABE40995C0B1}" = DirectX 9 Runtime
    "{BD3068DE-D53B-4CE8-B2BC-32E1323441CD}" = PC-CCID
    "{BE94C681-68E2-4561-8ABC-8D2E799168B4}" = essentials
    "{BED0B8A2-2986-49F8-90D6-FA008D37A3D2}" = Trend Micro Client/Server Security Agent
    "{BFBCF96F-7361-486A-965C-54B17AC35421}" = ocr
    "{C66824E4-CBB3-4851-BB3F-E8CFD6350923}" = Windows Live Mail
    "{CE95A79E-E4FC-4FFF-8A75-29F04B942FF2}" = Windows Live UX Platform
    "{D436F577-1695-4D2F-8B44-AC76C99E0002}" = Windows Live Photo Common
    "{D45240D3-B6B3-4FF9-B243-54ECE3E10066}" = Windows Live Communications Platform
    "{D7EC8A27-CDA2-46AE-8A26-4104A04FA5BE}" = 32 Bit HP CIO Components Installer
    "{DA5BDB2A-12F0-4343-8351-21AAEB293990}" = PreReq
    "{DDC8BDEE-DCAC-404D-8257-3E8D4B782467}" = Windows Live Writer Resources
    "{DECDCB7C-58CC-4865-91AF-627F9798FE48}" = Windows Live Mesh
    "{E09C4DB7-630C-4F06-A631-8EA7239923AF}" = D3DX10
    "{E0F274B7-592B-4669-8FB8-8D9825A09858}" = KODAK AiO Software
    "{E646DCF0-5A68-11D5-B229-002078017FBF}" = Digital Line Detect
    "{E7084B89-69E0-46B3-A118-8F99D06988CD}" = Microsoft SQL Server VSS Writer
    "{EA75D2C2-9804-4CBA-A3A3-4332BBED6C1F}" = Church Windows (C:\CW\)
    "{EB4DF488-AAEF-406F-A341-CB2AAA315B90}" = Windows Live Messenger
    "{EEAFE1E5-076B-430A-96D9-B567792AFA88}" = EMBASSY Security Center
    "{EF53BFAB-4C10-40DB-A82D-9B07111715C6}" = aioscnnr
    "{EF56258E-0326-48C5-A86C-3BAC26FC15DF}" = Roxio Creator Starter
    "{F06B5C4C-8D2E-4B24-9D43-7A45EEC6C878}" = Roxio Creator Starter
    "{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}" = Microsoft SQL Server 2005 Compact Edition [ENU]
    "{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}" = Intel(R) Graphics Media Accelerator Driver
    "{F839C6BD-E92E-48FA-9CE6-7BFAF94F7096}" = DellAccess
    "{F8A9085D-4C7A-41a9-8A77-C8998A96C421}" = Intel(R) Control Center
    "{FE044230-9CA5-43F7-9B58-5AC5A28A1F33}" = Windows Live Essentials
    "{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022
    "Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX
    "AudibleManager" = AudibleManager
    "avast" = avast! Free Antivirus
    "CNXT_MODEM_PCI_HSF" = Conexant D850 PCI V.92 Modem
    "CutePDF Writer Installation" = CutePDF Writer 2.8
    "FastStone Image Viewer" = FastStone Image Viewer 4.6
    "HP PrecisionScan" = HP PrecisionScan
    "InstallShield_{A8516AC9-AAF1-47F9-9766-03E2D4CDBCF8}" = CyberLink PowerDVD 9.5
    "KLiteCodecPack_is1" = K-Lite Codec Pack 7.0.0 (Standard)
    "MDI Converter_is1" = MDIConverter 3.0
    "MDI Viewer_is1" = MDIViewer 3.0
    "Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
    "Microsoft .NET Framework 4 Extended" = Microsoft .NET Framework 4 Extended
    "Microsoft SQL Server 2005" = Microsoft SQL Server 2005
    "Office14.Click2Run" = Microsoft Office Click-to-Run 2010
    "Office14.OUTLOOKR" = Microsoft Outlook 2010
    "Office14.PUBLISHERR" = Microsoft Publisher 2010
    "Office14.SingleImage" = Microsoft Office Home and Student 2010
    "PROSetDX" = Intel(R) Network Connections 15.2.89.0
    "SharePointDesigner" = Microsoft Office SharePoint Designer 2007
    "WinLiveSuite" = Windows Live Essentials

    ========== HKEY_USERS Uninstall List ==========

    [HKEY_USERS\S-1-5-21-262933362-4071809552-10700770-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]

    ========== Last 10 Event Log Errors ==========

    [ Application Events ]
    Error - 03/15/2012 6:02:14 PM | Computer Name = Bertha-PC | Source = .NET Runtime | ID = 1026
    Description =

    Error - 03/15/2012 6:02:16 PM | Computer Name = Bertha-PC | Source = Application Error | ID = 1000
    Description = Faulting application name: TWCApp.exe, version: 7.1.1.0, time stamp:
    0x4ee635ea Faulting module name: KERNELBASE.dll, version: 6.1.7600.16850, time stamp:
    0x4e21132b Exception code: 0xe0434352 Fault offset: 0x00009673 Faulting process id:
    0x1d8c Faulting application start time: 0x01cd02f7473abe87 Faulting application path:
    C:\Program Files\The Weather Channel\The Weather Channel App\TWCApp.exe Faulting
    module path: C:\Windows\system32\KERNELBASE.dll Report Id: 86ae574a-6eea-11e1-ab4e-bc305bb0b2db

    Error - 03/16/2012 11:39:37 AM | Computer Name = Bertha-PC | Source = Application Hang | ID = 1002
    Description = The program OUTLOOK.EXE version 14.0.6109.5005 stopped interacting
    with Windows and was closed. To see if more information about the problem is available,
    check the problem history in the Action Center control panel. Process ID: 1d94 Start
    Time: 01cd038abd580243 Termination Time: 40 Application Path: C:\PROGRA~1\MICROS~4\Office14\OUTLOOK.EXE

    Report
    Id: 23588968-6f7e-11e1-b7b6-bc305bb0b2db

    Error - 03/16/2012 11:47:32 AM | Computer Name = Bertha-PC | Source = Microsoft Office 14 | ID = 2000
    Description = Microsoft Word: Accepted Safe Mode action : Word failed to start correctly
    last time. Starting Word in safe mode will help you correct or isolate a startup
    problem in order to successfully start the program. Some functionality may be
    disabled in this mode. Do you want to start Word in safe mode?.

    Error - 03/16/2012 12:42:32 PM | Computer Name = Bertha-PC | Source = Microsoft Office 14 | ID = 2000
    Description = Microsoft PowerPoint: Accepted Safe Mode action : PowerPoint failed
    to start correctly last time. Starting PowerPoint in safe mode will help you correct
    or isolate a startup problem in order to successfully start the program. Some
    functionality may be disabled in this mode. Do you want to start PowerPoint in safe
    mode?.

    Error - 03/22/2012 5:47:10 PM | Computer Name = Bertha-PC | Source = System Restore | ID = 8193
    Description =

    Error - 03/22/2012 5:47:28 PM | Computer Name = Bertha-PC | Source = System Restore | ID = 8193
    Description =

    Error - 03/22/2012 5:47:31 PM | Computer Name = Bertha-PC | Source = System Restore | ID = 8193
    Description =

    Error - 03/22/2012 5:47:38 PM | Computer Name = Bertha-PC | Source = System Restore | ID = 8193
    Description =

    Error - 03/22/2012 5:47:47 PM | Computer Name = Bertha-PC | Source = System Restore | ID = 8193
    Description =

    [ Media Center Events ]
    Error - 07/27/2011 3:29:49 PM | Computer Name = Bertha-PC | Source = MCUpdate | ID = 0
    Description = 12:29:48 PM - Error connecting to the internet. 12:29:48 PM - Unable
    to contact server..

    Error - 07/27/2011 3:29:59 PM | Computer Name = Bertha-PC | Source = MCUpdate | ID = 0
    Description = 12:29:55 PM - Error connecting to the internet. 12:29:55 PM - Unable
    to contact server..

    [ System Events ]
    Error - 02/16/2012 5:23:34 PM | Computer Name = Bertha-PC | Source = Service Control Manager | ID = 7000
    Description = The Multimedia Class Scheduler service failed to start due to the
    following error: %%1054

    Error - 02/16/2012 5:23:34 PM | Computer Name = Bertha-PC | Source = Service Control Manager | ID = 7000
    Description = The Multimedia Class Scheduler service failed to start due to the
    following error: %%1054

    Error - 02/16/2012 5:23:34 PM | Computer Name = Bertha-PC | Source = Service Control Manager | ID = 7000
    Description = The Multimedia Class Scheduler service failed to start due to the
    following error: %%1054

    Error - 02/16/2012 5:23:34 PM | Computer Name = Bertha-PC | Source = Service Control Manager | ID = 7000
    Description = The Multimedia Class Scheduler service failed to start due to the
    following error: %%1054

    Error - 02/16/2012 5:23:34 PM | Computer Name = Bertha-PC | Source = Service Control Manager | ID = 7000
    Description = The Multimedia Class Scheduler service failed to start due to the
    following error: %%1054

    Error - 02/16/2012 5:23:34 PM | Computer Name = Bertha-PC | Source = Service Control Manager | ID = 7000
    Description = The Multimedia Class Scheduler service failed to start due to the
    following error: %%1054

    Error - 02/16/2012 5:23:34 PM | Computer Name = Bertha-PC | Source = Service Control Manager | ID = 7000
    Description = The Multimedia Class Scheduler service failed to start due to the
    following error: %%1054

    Error - 02/16/2012 5:23:34 PM | Computer Name = Bertha-PC | Source = Service Control Manager | ID = 7000
    Description = The Multimedia Class Scheduler service failed to start due to the
    following error: %%1054

    Error - 02/16/2012 5:23:34 PM | Computer Name = Bertha-PC | Source = Service Control Manager | ID = 7000
    Description = The Multimedia Class Scheduler service failed to start due to the
    following error: %%1054

    Error - 02/16/2012 5:23:34 PM | Computer Name = Bertha-PC | Source = Service Control Manager | ID = 7000
    Description = The Multimedia Class Scheduler service failed to start due to the
    following error: %%1054


    < End of report >
  18. reddog1992000

    reddog1992000 Newcomer, in training Topic Starter

    OTL logfile created on: 03/25/2012 11:37:09 AM - Run 1
    OTL by OldTimer - Version 3.2.39.2 Folder = C:\Users\Bertha\Desktop
    Home Premium Edition (Version = 6.1.7600) - Type = NTWorkstation
    Internet Explorer (Version = 9.0.8112.16421)
    Locale: 00000409 | Country: United States | Language: ENU | Date Format: MM/dd/yyyy

    2.96 Gb Total Physical Memory | 1.98 Gb Available Physical Memory | 66.76% Memory free
    5.93 Gb Paging File | 4.74 Gb Available in Paging File | 79.93% Paging File free
    Paging file location(s): ?:\pagefile.sys [binary data]

    %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
    Drive C: | 220.15 Gb Total Space | 160.51 Gb Free Space | 72.91% Space Free | Partition Type: NTFS

    Computer Name: BERTHA-PC | User Name: Bertha | Logged in as Administrator.
    Boot Mode: Normal | Scan Mode: All users | Quick Scan
    Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

    ========== Processes (SafeList) ==========

    PRC - [2012/03/25 08:51:12 | 000,593,920 | ---- | M] (OldTimer Tools) -- C:\Users\Bertha\Desktop\OTL.exe
    PRC - [2012/03/12 08:37:50 | 000,918,880 | ---- | M] () -- C:\Program Files\Common Files\AVG Secure Search\vToolbarUpdater\10.2.0\ToolbarUpdater.exe
    PRC - [2012/03/06 16:15:17 | 004,241,512 | ---- | M] (AVAST Software) -- C:\Program Files\AVAST Software\Avast\AvastUI.exe
    PRC - [2012/03/06 16:15:14 | 000,044,768 | ---- | M] (AVAST Software) -- C:\Program Files\AVAST Software\Avast\AvastSvc.exe
    PRC - [2011/12/19 17:32:26 | 000,394,672 | ---- | M] (Eastman Kodak Company) -- C:\Program Files\Kodak\AiO\Center\EKAiOHostService.exe
    PRC - [2011/12/10 11:22:20 | 002,756,608 | ---- | M] (Eastman Kodak Company) -- C:\Windows\System32\spool\drivers\w32x86\3\EKAiO2MUI.exe
    PRC - [2011/10/01 09:30:42 | 000,219,496 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Microsoft Application Virtualization Client\sftvsa.exe
    PRC - [2011/10/01 09:30:36 | 000,508,776 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Microsoft Application Virtualization Client\sftlist.exe
    PRC - [2011/07/15 21:31:12 | 000,271,360 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\conhost.exe
    PRC - [2011/04/19 08:37:26 | 000,235,168 | ---- | M] (Adobe Systems, Inc.) -- C:\Windows\System32\Macromed\Flash\FlashUtil10p_ActiveX.exe
    PRC - [2011/02/25 22:33:07 | 002,614,784 | ---- | M] (Microsoft Corporation) -- C:\Windows\explorer.exe
    PRC - [2010/10/16 14:10:52 | 002,336,104 | ---- | M] (Wave Systems Corp.) -- C:\Program Files\Dell\Dell Data Protection\Access\Advanced\Wave\Trusted Drive Manager\TdmService.exe
    PRC - [2010/09/15 09:14:36 | 000,057,168 | ---- | M] (UPEK Inc.) -- C:\Program Files\Common Files\SPBA\upeksvr.exe
    PRC - [2010/07/05 11:37:32 | 000,045,056 | ---- | M] (Trend Micro Inc.) -- c:\Program Files\Trend Micro\Client Server Security Agent\HostedAgent\svcGenericHost.exe
    PRC - [2010/07/05 11:37:28 | 000,017,920 | ---- | M] (Trend Micro Inc.) -- c:\Program Files\Trend Micro\Client Server Security Agent\HostedAgent\HostedAgent.exe
    PRC - [2010/06/25 11:13:18 | 001,099,088 | ---- | M] (Trend Micro Inc.) -- C:\Program Files\Trend Micro\Client Server Security Agent\PccNTMon.exe
    PRC - [2010/06/22 11:27:38 | 001,358,160 | ---- | M] (Trend Micro Inc.) -- c:\Program Files\Trend Micro\Client Server Security Agent\TmListen.exe
    PRC - [2010/06/22 11:18:46 | 001,323,912 | ---- | M] (Trend Micro Inc.) -- c:\Program Files\Trend Micro\Client Server Security Agent\NTRtScan.exe
    PRC - [2010/03/03 18:16:06 | 000,013,336 | ---- | M] (Intel Corporation) -- C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe
    PRC - [2010/03/03 18:16:04 | 000,284,696 | ---- | M] (Intel Corporation) -- C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe
    PRC - [2009/12/01 09:13:12 | 000,345,352 | ---- | M] () -- c:\Program Files\Trend Micro\BM\TMBMSRV.exe
    PRC - [2009/07/15 15:39:06 | 000,497,008 | ---- | M] (Trend Micro Inc.) -- c:\Program Files\Trend Micro\Client Server Security Agent\TmPfw.exe
    PRC - [2009/07/13 18:14:42 | 000,049,152 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\taskhost.exe
    PRC - [2009/05/15 17:44:06 | 000,435,584 | ---- | M] (Trend Micro Inc.) -- c:\Program Files\Trend Micro\Client Server Security Agent\CNTAoSMgr.exe
    PRC - [1998/11/24 02:00:00 | 000,043,520 | ---- | M] () -- C:\Program Files\Hewlett-Packard\HP PrecisionScan\PrecisionScan\HPLamp.exe


    ========== Modules (No Company Name) ==========

    MOD - [2012/03/20 10:36:20 | 000,452,608 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\IAStorUtil\966a138f3aed60400472ac415bd16bc8\IAStorUtil.ni.dll
    MOD - [2012/03/20 08:45:38 | 011,824,128 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Web\2df79ab909c782d3796e4107d040327d\System.Web.ni.dll
    MOD - [2012/03/20 08:45:31 | 000,771,584 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Runtime.Remo#\0a894f77b9aa64acbd3ce791916357d8\System.Runtime.Remoting.ni.dll
    MOD - [2012/03/20 08:45:02 | 012,431,360 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\ff30db6905f8ec024fc808ed8779c0f3\System.Windows.Forms.ni.dll
    MOD - [2012/03/20 08:44:55 | 001,586,688 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Drawing\a09ee392fa90849f2e9313a1ebbe0279\System.Drawing.ni.dll
    MOD - [2012/03/20 08:44:41 | 003,325,952 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\WindowsBase\585ac5899ab444221c8b41df13b194bc\WindowsBase.ni.dll
    MOD - [2012/03/20 08:44:34 | 005,452,800 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Xml\d49f4cb0755ccc34cd35ff96dc2ef9e3\System.Xml.ni.dll
    MOD - [2012/03/20 08:44:31 | 000,971,264 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Configuration\15742b3597258ce67cbe219005c197e5\System.Configuration.ni.dll
    MOD - [2012/03/20 08:44:05 | 007,952,384 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System\1f14b3e1ee0847f8662f513e67f92547\System.ni.dll
    MOD - [2012/03/19 03:05:41 | 011,490,304 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\1b31ced9bb880d94fff1c6d47c16a81e\mscorlib.ni.dll
    MOD - [1998/11/24 02:00:00 | 000,043,520 | ---- | M] () -- C:\Program Files\Hewlett-Packard\HP PrecisionScan\PrecisionScan\HPLamp.exe


    ========== Win32 Services (SafeList) ==========

    SRV - [2012/03/12 08:37:50 | 000,918,880 | ---- | M] () [Auto | Running] -- C:\Program Files\Common Files\AVG Secure Search\vToolbarUpdater\10.2.0\ToolbarUpdater.exe -- (vToolbarUpdater10.2.0)
    SRV - [2012/03/06 16:15:14 | 000,044,768 | ---- | M] (AVAST Software) [Auto | Running] -- C:\Program Files\AVAST Software\Avast\AvastSvc.exe -- (avast! Antivirus)
    SRV - [2011/12/19 17:32:26 | 000,394,672 | ---- | M] (Eastman Kodak Company) [Auto | Running] -- C:\Program Files\Kodak\AiO\Center\EKAiOHostService.exe -- (Kodak AiO Network Discovery Service)
    SRV - [2011/10/01 09:30:42 | 000,219,496 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Program Files\Microsoft Application Virtualization Client\sftvsa.exe -- (sftvsa)
    SRV - [2011/10/01 09:30:36 | 000,508,776 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Microsoft Application Virtualization Client\sftlist.exe -- (sftlist)
    SRV - [2011/04/12 02:00:32 | 001,343,400 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\Wat\WatAdminSvc.exe -- (WatAdminSvc)
    SRV - [2010/11/25 03:34:18 | 000,219,632 | ---- | M] (Sonic Solutions) [Auto | Stopped] -- C:\Program Files\Common Files\Roxio Shared\OEM\12.0\SharedCOM\RoxWatch12OEM.exe -- (RoxWatch12)
    SRV - [2010/11/25 03:33:18 | 001,116,656 | ---- | M] (Sonic Solutions) [On_Demand | Stopped] -- C:\Program Files\Common Files\Roxio Shared\OEM\12.0\SharedCOM\RoxMediaDB12OEM.exe -- (RoxMediaDB12OEM)
    SRV - [2010/11/03 14:12:58 | 001,477,632 | ---- | M] (Wave Systems Corp.) [On_Demand | Stopped] -- C:\Program Files\Dell\Dell Data Protection\Access\Advanced\Wave\Secure Storage Manager\SecureStorageService.exe -- (SecureStorageService)
    SRV - [2010/10/16 14:10:52 | 002,336,104 | ---- | M] (Wave Systems Corp.) [Auto | Running] -- C:\Program Files\Dell\Dell Data Protection\Access\Advanced\Wave\Trusted Drive Manager\TdmService.exe -- (TdmService)
    SRV - [2010/07/13 12:02:32 | 001,629,696 | ---- | M] () [Auto | Stopped] -- C:\Program Files\NTRU Cryptosystems\NTRU TCG Software Stack\bin\tcsd_win32.exe -- (tcsd_win32.exe)
    SRV - [2010/07/05 11:37:32 | 000,045,056 | ---- | M] (Trend Micro Inc.) [Auto | Running] -- c:\Program Files\Trend Micro\Client Server Security Agent\HostedAgent\svcGenericHost.exe -- (svcGenericHost)
    SRV - [2010/06/22 11:27:38 | 001,358,160 | ---- | M] (Trend Micro Inc.) [Auto | Running] -- c:\Program Files\Trend Micro\Client Server Security Agent\TmListen.exe -- (tmlisten)
    SRV - [2010/06/22 11:18:46 | 001,323,912 | ---- | M] (Trend Micro Inc.) [Auto | Running] -- c:\Program Files\Trend Micro\Client Server Security Agent\NTRtScan.exe -- (ntrtscan)
    SRV - [2010/03/03 18:16:06 | 000,013,336 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe -- (IAStorDataMgrSvc) Intel(R)
    SRV - [2009/12/01 09:13:12 | 000,345,352 | ---- | M] () [On_Demand | Running] -- c:\Program Files\Trend Micro\BM\TMBMSRV.exe -- (TMBMServer)
    SRV - [2009/07/15 15:39:06 | 000,497,008 | ---- | M] (Trend Micro Inc.) [On_Demand | Running] -- c:\Program Files\Trend Micro\Client Server Security Agent\TmPfw.exe -- (TmPfw)
    SRV - [2009/07/15 15:37:18 | 000,689,416 | ---- | M] (Trend Micro Inc.) [On_Demand | Stopped] -- c:\Program Files\Trend Micro\Client Server Security Agent\TmProxy.exe -- (TmProxy)
    SRV - [2009/07/13 18:16:13 | 000,025,088 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\sensrsvc.dll -- (SensrSvc)
    SRV - [2009/07/13 18:15:41 | 000,680,960 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
    SRV - [2009/04/29 12:21:04 | 000,410,624 | ---- | M] (Conexant Systems, Inc.) [Auto | Running] -- C:\Windows\System32\XAudio32.dll -- (HsfXAudioService)


    ========== Driver Services (SafeList) ==========

    DRV - File not found [Kernel | On_Demand | Stopped] -- C:\Users\Bertha\AppData\Local\Temp\catchme.sys -- (catchme)
    DRV - [2012/03/06 16:03:51 | 000,612,184 | ---- | M] (AVAST Software) [File_System | System | Running] -- C:\Windows\System32\drivers\aswSnx.sys -- (aswSnx)
    DRV - [2012/03/06 16:03:38 | 000,337,880 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\Windows\System32\drivers\aswSP.sys -- (aswSP)
    DRV - [2012/03/06 16:02:14 | 000,044,376 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\Windows\System32\drivers\aswRdr2.sys -- (aswRdr)
    DRV - [2012/03/06 16:01:53 | 000,053,848 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\Windows\System32\drivers\aswTdi.sys -- (aswTdi)
    DRV - [2012/03/06 16:01:48 | 000,057,688 | ---- | M] (AVAST Software) [File_System | Auto | Running] -- C:\Windows\System32\drivers\aswMonFlt.sys -- (aswMonFlt)
    DRV - [2012/03/06 16:01:30 | 000,020,696 | ---- | M] (AVAST Software) [File_System | Auto | Running] -- C:\Windows\System32\drivers\aswFsBlk.sys -- (aswFsBlk)
    DRV - [2011/10/01 09:30:42 | 000,019,304 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\Sftvollh.sys -- (Sftvol)
    DRV - [2011/10/01 09:30:40 | 000,021,864 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Running] -- C:\Windows\System32\drivers\Sftredirlh.sys -- (Sftredir)
    DRV - [2011/10/01 09:30:38 | 000,194,408 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\Sftplaylh.sys -- (Sftplay)
    DRV - [2011/10/01 09:30:36 | 000,579,944 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\Sftfslh.sys -- (Sftfs)
    DRV - [2011/06/20 21:09:00 | 000,200,976 | ---- | M] () [Kernel | Auto | Running] -- C:\Windows\System32\DRIVERS\tmcomm.sys -- (tmcomm)
    DRV - [2011/04/05 01:42:15 | 000,035,840 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\winusb.sys -- (WinUsb)
    DRV - [2010/07/19 17:03:10 | 000,059,472 | ---- | M] () [Kernel | On_Demand | Running] -- C:\Windows\System32\DRIVERS\tmactmon.sys -- (tmactmon)
    DRV - [2010/07/19 17:03:00 | 000,051,792 | ---- | M] () [Kernel | On_Demand | Running] -- C:\Windows\System32\DRIVERS\tmevtmgr.sys -- (tmevtmgr)
    DRV - [2010/05/10 21:03:32 | 000,230,928 | ---- | M] (Trend Micro Inc.) [Kernel | Auto | Running] -- c:\Program Files\Trend Micro\Client Server Security Agent\TmXPFlt.sys -- (TmFilter)
    DRV - [2010/05/10 21:02:44 | 000,036,368 | ---- | M] (Trend Micro Inc.) [Kernel | Auto | Running] -- c:\Program Files\Trend Micro\Client Server Security Agent\tmpreflt.sys -- (TmPreFilter)
    DRV - [2010/05/10 20:41:54 | 001,322,808 | ---- | M] (Trend Micro Inc.) [Kernel | Auto | Running] -- c:\Program Files\Trend Micro\Client Server Security Agent\vsapiNT.sys -- (VSApiNt)
    DRV - [2010/04/06 01:36:20 | 000,224,424 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\e1k6232.sys -- (e1kexpress) Intel(R)
    DRV - [2010/02/02 22:10:32 | 000,030,880 | ---- | M] (Intel Corporation ) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\iqvw32.sys -- (NAL)
    DRV - [2009/07/15 15:38:14 | 000,283,152 | ---- | M] (Trend Micro Inc.) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\tmwfp.sys -- (tmwfp)
    DRV - [2009/07/15 15:38:04 | 000,146,448 | ---- | M] (Trend Micro Inc.) [Kernel | System | Running] -- C:\Windows\System32\drivers\tmlwf.sys -- (tmlwf)
    DRV - [2009/07/15 15:37:40 | 000,089,872 | ---- | M] (Trend Micro Inc.) [Kernel | System | Running] -- C:\Windows\System32\drivers\tmtdi.sys -- (tmtdi)
    DRV - [2009/04/29 12:20:56 | 000,008,704 | ---- | M] (Conexant Systems, Inc.) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\XAudio32.sys -- (XAudio)
    DRV - [2009/02/13 14:58:30 | 000,266,752 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\HSXHWBS2.sys -- (HSXHWBS2)
    DRV - [2008/06/04 11:14:00 | 000,026,608 | ---- | M] (Dell Inc) [Kernel | Boot | Running] -- C:\Windows\System32\drivers\PBADRV.sys -- (PBADRV)
    DRV - [2005/08/17 08:47:48 | 000,073,696 | ---- | M] (MCCI) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\sscdserd.sys -- (sscdserd) SAMSUNG CDMA Modem Diagnostic Serial Port (WDM)
    DRV - [2005/08/17 08:46:26 | 000,093,872 | ---- | M] (MCCI) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\sscdmdm.sys -- (sscdmdm)
    DRV - [2005/08/17 08:46:20 | 000,008,272 | ---- | M] (MCCI) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\sscdmdfl.sys -- (sscdmdfl)
    DRV - [2005/08/17 08:45:00 | 000,058,352 | ---- | M] (MCCI) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\sscdbus.sys -- (sscdbus) SAMSUNG USB Composite Device driver (WDM)
    DRV - [1998/10/28 12:49:02 | 000,084,480 | ---- | M] (Shuttle Technology. ) [Kernel | Boot | Stopped] -- C:\Windows\System32\drivers\epstwnt.mpd -- (epstwnt)
    DRV - [1998/08/12 02:41:02 | 000,018,432 | ---- | M] (Shuttle Technology) [Kernel | Auto | Stopped] -- C:\Windows\System32\drivers\Sharshtl.sys -- (SHARSHTL)
    DRV - [1997/12/22 18:02:46 | 000,023,936 | ---- | M] (Adaptec) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\aspi32.sys -- (Aspi32)


    ========== Standard Registry (SafeList) ==========


    ========== Internet Explorer ==========

    IE - HKLM\..\SearchScopes,DefaultScope = {6A1806CD-94D4-4689-BA73-E35EA1EA9990}
    IE - HKLM\..\SearchScopes\{267D48CE-A942-49A3-9EC5-2753220560B1}: "URL" = http://www.bing.com/search?q={searchTerms}&form=DLRDF8&pc=MDDR&src=IE-SearchBox
    IE - HKLM\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = http://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7
    IE - HKLM\..\SearchScopes\{9230cb90-79de-4945-88a4-762244a25bc8}: "URL" = http://search.mywebsearch.com/mywebsearch/GGmain.jhtml?id=YKxdm069YYus&ptb=2BC5418F-7F3C-4D25-858D-81D94048019F&ind=2011121312&ptnrS=YKxdm069YYus&si=&n=77df46a0&psa=&st=sb&searchfor={searchTerms}
    IE - HKLM\..\SearchScopes\{afdbddaa-5d3f-42ee-b79c-185a7020515b}: "URL" = http://search.conduit.com/ResultsExt.aspx?q={searchTerms}&SearchSource=4&ctid=CT2786678


    IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

    IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0



    IE - HKU\S-1-5-21-262933362-4071809552-10700770-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.msn.com/
    IE - HKU\S-1-5-21-262933362-4071809552-10700770-1000\..\SearchScopes,DefaultScope = {F2BBD450-7955-4E04-BC27-0E533824C9BA}
    IE - HKU\S-1-5-21-262933362-4071809552-10700770-1000\..\SearchScopes\{6CE70BD6-2ECB-4DA3-9568-B216DBAC642F}: "URL" = http://ws.infospace.com/playsushi_tbar/ws/redir?_iceUrl=true& user_id=%userid&tool_id=60231&qkw={searchTerms}
    IE - HKU\S-1-5-21-262933362-4071809552-10700770-1000\..\SearchScopes\{869B363F-0D11-44AC-AE0A-68A4ECF8322D}: "URL" = http://websearch.ask.com/redirect?client=ie&tb=LPY&o=100000042&src=crm&q={searchTerms}&locale=en_US&apn_ptnrs=V8&apn_dtid=YYYYYYT3US&apn_uid=7494971a-514f-467c-bbaa-9d6367c2ea56&apn_sauid=B68AB7A8-B384-4506-B55E-A46EBAEC7BC4
    IE - HKU\S-1-5-21-262933362-4071809552-10700770-1000\..\SearchScopes\{90182B2A-2920-411D-9895-9366069869D0}: "URL" = http://search.yahoo.com/search?p={searchterms}&ei=UTF-8&fr=w3i&type=W3i_DS,136,0_0,Search,20120103,6901,0,8,0
    IE - HKU\S-1-5-21-262933362-4071809552-10700770-1000\..\SearchScopes\{9230cb90-79de-4945-88a4-762244a25bc8}: "URL" = http://search.mywebsearch.com/mywebsearch/GGmain.jhtml?id=YKxdm069YYus&ptb=2BC5418F-7F3C-4D25-858D-81D94048019F&ind=2011121312&ptnrS=YKxdm069YYus&si=&n=77df46a0&psa=&st=sb&searchfor={searchTerms}
    IE - HKU\S-1-5-21-262933362-4071809552-10700770-1000\..\SearchScopes\{95B7759C-8C7F-4BF1-B163-73684A933233}: "URL" = http://isearch.avg.com/search?cid={99D386B2-1BB9-44F1-B069-B666F5974332}&mid=6fc58cab693f47d1b4dc6d791d545b28-57ddfc3f80ff2485c85e0a113ed33d66c2f49748&lang=en&ds=AVG&pr=fr&d=2012-01-04 14:41:27&v=10.0.0.7&sap=dsp&q={searchTerms}
    IE - HKU\S-1-5-21-262933362-4071809552-10700770-1000\..\SearchScopes\{A531D99C-5A22-449b-83DA-872725C6D0ED}: "URL" = http://search.alot.com/web?q={searchTerms}&pr=prov&client_id=8AC4374001CC6281005C844D&install_time=2011-08-24T17:16:03Z&src_id=30046&camp_id=3057&tb_version=1.1.0000.2(B)
    IE - HKU\S-1-5-21-262933362-4071809552-10700770-1000\..\SearchScopes\{afdbddaa-5d3f-42ee-b79c-185a7020515b}: "URL" = http://search.conduit.com/ResultsExt.aspx?q={searchTerms}&SearchSource=4&ctid=CT2786678
    IE - HKU\S-1-5-21-262933362-4071809552-10700770-1000\..\SearchScopes\{F2BBD450-7955-4E04-BC27-0E533824C9BA}: "URL" = http://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:{language}:{referrer:source}&ie={inputEncoding?}&oe={outputEncoding?}&rlz=1I7GGNI_enUS476
    IE - HKU\S-1-5-21-262933362-4071809552-10700770-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

    ========== FireFox ==========

    FF - prefs.js..browser.search.defaultenginename: "AVG Secure Search"
    FF - prefs.js..browser.search.defaulturl: "http://www.google.com/search?lr=&ie=UTF-8&oe=UTF-8&q="
    FF - prefs.js..browser.search.selectedEngine: "AVG Secure Search"
    FF - user.js - File not found

    FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
    FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\4.1.10111.0\npctrl.dll ( Microsoft Corporation)
    FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0: C:\PROGRA~1\MICROS~4\Office14\NPAUTHZ.DLL (Microsoft Corporation)
    FF - HKLM\Software\MozillaPlugins\@microsoft.com/SharePoint,version=14.0: C:\PROGRA~1\MICROS~4\Office14\NPSPWRAP.DLL (Microsoft Corporation)
    FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3502.0922: C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
    FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3508.1109: C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
    FF - HKLM\Software\MozillaPlugins\@RecipeHub_2j.com/Plugin: C:\Program Files\RecipeHub_2j\bar\1.bin\NP2jStub.dll (MindSpark)
    FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files\Google\Update\1.3.21.111\npGoogleUpdate3.dll (Google Inc.)
    FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files\Google\Update\1.3.21.111\npGoogleUpdate3.dll (Google Inc.)
    FF - HKLM\Software\MozillaPlugins\Adobe Acrobat: C:\Program Files\Adobe\Acrobat 10.0\Acrobat\Air\nppdf32.dll (Adobe Systems Inc.)
    FF - HKLM\Software\MozillaPlugins\npDisplayEngine: C:\Program Files\LivingPlay\nplplaypop.dll File not found

    FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{22C7F6C6-8D67-4534-92B5-529A0EC09405}: c:\Program Files\Trend Micro\Client Server Security Agent\bho\1009\FirefoxExtension [2011/04/04 23:09:57 | 000,000,000 | ---D | M]
    FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\web2pdfextension@web2pdf.adobedotcom: C:\Program Files\Adobe\Acrobat 10.0\Acrobat\Browser\WCFirefoxExtn [2012/02/09 09:34:58 | 000,000,000 | ---D | M]
    FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\2jffxtbr@RecipeHub_2j.com: C:\Program Files\RecipeHub_2j\bar\1.bin [2012/03/15 14:50:31 | 000,000,000 | ---D | M]
    FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\avg@toolbar: C:\ProgramData\AVG Secure Search\10.2.0.3\ [2012/03/12 08:37:57 | 000,000,000 | ---D | M]

    [2011/07/19 09:03:20 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Bertha\AppData\Roaming\Mozilla\Extensions
    [2012/01/20 13:22:47 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Bertha\AppData\Roaming\Mozilla\Firefox\Profiles\jw6ovv8n.default\extensions
    [2011/04/12 08:16:23 | 000,000,000 | ---D | M] (Google Toolbar for Firefox) -- C:\Users\Bertha\AppData\Roaming\Mozilla\Firefox\Profiles\jw6ovv8n.default\extensions\{3112ca9c-de6d-4884-a869-9855de68056c}
    [2011/06/21 13:23:51 | 000,000,000 | ---D | M] (uTorrentBar Community Toolbar) -- C:\Users\Bertha\AppData\Roaming\Mozilla\Firefox\Profiles\jw6ovv8n.default\extensions\{bf7380fa-e3b4-4db2-af3e-9d8783a45bfc}
    [2011/12/13 10:05:22 | 000,000,000 | ---D | M] (Recipe Hub) -- C:\Users\Bertha\AppData\Roaming\Mozilla\Firefox\Profiles\jw6ovv8n.default\extensions\2jffxtbr@RecipeHub_2j.com
    [2011/06/21 13:23:51 | 000,000,000 | ---D | M] (Conduit Engine) -- C:\Users\Bertha\AppData\Roaming\Mozilla\Firefox\Profiles\jw6ovv8n.default\extensions\engine@conduit.com
    [2012/01/20 13:22:47 | 000,000,000 | ---D | M] ("Inbox Toolbar") -- C:\Users\Bertha\AppData\Roaming\Mozilla\Firefox\Profiles\jw6ovv8n.default\extensions\inboxcomtoolbar@inbox.com
    [2011/04/12 08:16:23 | 000,000,000 | ---D | M] (We-Care Reminder) -- C:\Users\Bertha\AppData\Roaming\Mozilla\Firefox\Profiles\jw6ovv8n.default\extensions\wecarereminder@bryan
    [2011/05/17 13:12:44 | 000,002,333 | ---- | M] () -- C:\Users\Bertha\AppData\Roaming\Mozilla\Firefox\Profiles\jw6ovv8n.default\searchplugins\askcom.xml

    Hosts file not found
    O2 - BHO: (TmIEPlugInBHO Class) - {1CA1377B-DC1D-4A52-9585-6E06050FAC53} - c:\Program Files\Trend Micro\Client Server Security Agent\bho\1009\TmIEPlg.dll (Trend Micro Inc.)
    O2 - BHO: (avast! WebRep) - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software)
    O2 - BHO: (Adobe PDF Conversion Toolbar Helper) - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
    O2 - BHO: (Office Document Cache Handler) - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation)
    O2 - BHO: (Inbox Toolbar) - {D3D233D5-9F6D-436C-B6C7-E63F77503B30} - C:\Program Files\Inbox Toolbar\Inbox.dll (Inbox.com, Inc.)
    O2 - BHO: (SmartSelect Class) - {F4971EE7-DAA0-4053-9964-665D8EE6A077} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
    O3 - HKLM\..\Toolbar: (Adobe PDF) - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
    O3 - HKLM\..\Toolbar: (avast! WebRep) - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software)
    O3 - HKLM\..\Toolbar: (&Inbox Toolbar) - {D7E97865-918F-41E4-9CD0-25AB1C574CE8} - C:\Program Files\Inbox Toolbar\Inbox.dll (Inbox.com, Inc.)
    O3 - HKU\S-1-5-21-262933362-4071809552-10700770-1000\..\Toolbar\WebBrowser: (Adobe PDF) - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
    O3 - HKU\S-1-5-21-262933362-4071809552-10700770-1000\..\Toolbar\WebBrowser: (&Inbox Toolbar) - {D7E97865-918F-41E4-9CD0-25AB1C574CE8} - C:\Program Files\Inbox Toolbar\Inbox.dll (Inbox.com, Inc.)
    O4 - HKLM..\Run: [avast] C:\Program Files\AVAST Software\Avast\avastUI.exe (AVAST Software)
    O4 - HKLM..\Run: [BCSSync] C:\Program Files\Microsoft Office\Office14\BCSSync.exe (Microsoft Corporation)
    O4 - HKLM..\Run: [Conime] %windir%\system32\conime.exe File not found
    O4 - HKLM..\Run: [HP Lamp] C:\Program Files\Hewlett-Packard\HP PrecisionScan\PrecisionScan\HPLamp.exe ()
    O4 - HKLM..\Run: [hpsjbmgr] C:\Program Files\Hewlett-Packard\HP PrecisionScan\PrecisionScan\hpsjbmgr.exe (Hewlett-Packard)
    O4 - HKLM..\Run: [IAStorIcon] C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe (Intel Corporation)
    O4 - HKLM..\Run: [OfficeScanNT Monitor] c:\Program Files\Trend Micro\Client Server Security Agent\pccntmon.exe (Trend Micro Inc.)
    O4 - HKU\.DEFAULT..\RunOnce: [KodakHomeCenter] C:\Program Files\Kodak\AiO\Center\AiOHomeCenter.exe (Eastman Kodak Company)
    O4 - HKU\S-1-5-18..\RunOnce: [KodakHomeCenter] C:\Program Files\Kodak\AiO\Center\AiOHomeCenter.exe (Eastman Kodak Company)
    O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
    O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
    O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
    O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: DisableCAD = 1
    O7 - HKU\.DEFAULT\Software\Policies\Microsoft\Internet Explorer\Control Panel present
    O7 - HKU\S-1-5-18\Software\Policies\Microsoft\Internet Explorer\Control Panel present
    O7 - HKU\S-1-5-19\Software\Policies\Microsoft\Internet Explorer\Control Panel present
    O7 - HKU\S-1-5-20\Software\Policies\Microsoft\Internet Explorer\Control Panel present
    O7 - HKU\S-1-5-21-262933362-4071809552-10700770-1000\Software\Policies\Microsoft\Internet Explorer\Control Panel present
    O8 - Extra context menu item: Append Link Target to Existing PDF - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
    O8 - Extra context menu item: Append to Existing PDF - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
    O8 - Extra context menu item: Convert Link Target to Adobe PDF - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
    O8 - Extra context menu item: Convert to Adobe PDF - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
    O8 - Extra context menu item: E&xport to Microsoft Excel - C:\Program Files\Microsoft Office\Office14\EXCEL.EXE (Microsoft Corporation)
    O8 - Extra context menu item: Se&nd to OneNote - C:\Program Files\Microsoft Office\Office14\ONBttnIE.dll (Microsoft Corporation)
    O9 - Extra Button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office\Office14\ONBttnIE.dll (Microsoft Corporation)
    O9 - Extra 'Tools' menuitem : Se&nd to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office\Office14\ONBttnIE.dll (Microsoft Corporation)
    O9 - Extra Button: OneNote Lin&ked Notes - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files\Microsoft Office\Office14\ONBttnIELinkedNotes.dll (Microsoft Corporation)
    O9 - Extra 'Tools' menuitem : OneNote Lin&ked Notes - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files\Microsoft Office\Office14\ONBttnIELinkedNotes.dll (Microsoft Corporation)
    O13 - gopher Prefix: missing
    O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} http://download.microsoft.com/downl...-4117-8430-A67417AA88CD/LegitCheckControl.cab (Windows Genuine Advantage Validation Tool)
    O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.0.254
    O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{F1364B53-028A-497F-8521-A23C855D6DCC}: DhcpNameServer = 192.168.0.254
    O18 - Protocol\Handler\inbox {37540F19-DD4C-478B-B2DF-C19281BCAF27} - C:\Program Files\Inbox Toolbar\Inbox.dll (Inbox.com, Inc.)
    O18 - Protocol\Handler\tmpx {0E526CB5-7446-41D1-A403-19BFE95E8C23} - c:\Program Files\Trend Micro\Client Server Security Agent\bho\1009\TmIEPlg.dll (Trend Micro Inc.)
    O18 - Protocol\Handler\viprotocol {B658800C-F66E-4EF3-AB85-6C0C227862A9} - C:\Program Files\Common Files\AVG Secure Search\ViProtocolInstaller\10.2.0\ViProtocol.dll ()
    O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
    O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\System32\userinit.exe (Microsoft Corporation)
    O20 - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\System32\SystemPropertiesPerformance.exe (Microsoft Corporation)
    O20 - HKLM Winlogon: VMApplet - (/pagefile) - File not found
    O20 - Winlogon\Notify\spba: DllName - (C:\Program Files\Common Files\SPBA\homefus2.dll) - C:\Program Files\Common Files\SPBA\homefus2.dll (UPEK Inc.)
    O30 - LSA: Authentication Packages - (wvauth) - C:\Windows\System32\wvauth.dll (Wave Systems Corp.)
    O32 - HKLM CDRom: AutoRun - 1
    O32 - AutoRun File - [2009/06/10 14:42:20 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
    O34 - HKLM BootExecute: (autocheck autochk *)
    O35 - HKLM\..comfile [open] -- "%1" %*
    O35 - HKLM\..exefile [open] -- "%1" %*
    O37 - HKLM\...com [@ = ComFile] -- "%1" %*
    O37 - HKLM\...exe [@ = exefile] -- "%1" %*

    NetSvcs: FastUserSwitchingCompatibility - File not found
    NetSvcs: Ias - C:\Windows\System32\ias.dll (Microsoft Corporation)
    NetSvcs: Nla - File not found
    NetSvcs: Ntmssvc - File not found
    NetSvcs: NWCWorkstation - File not found
    NetSvcs: Nwsapagent - File not found
    NetSvcs: SRService - File not found
    NetSvcs: WmdmPmSp - File not found
    NetSvcs: LogonHours - File not found
    NetSvcs: PCAudit - File not found
    NetSvcs: helpsvc - File not found
    NetSvcs: uploadmgr - File not found

    Drivers32: msacm.l3acm - C:\Windows\System32\l3codeca.acm (Fraunhofer Institut Integrierte Schaltungen IIS)
    Drivers32: vidc.cvid - C:\Windows\System32\iccvid.dll (Radius Inc.)

    CREATERESTOREPOINT
    Restore point Set: OTL Restore Point

    ========== Files/Folders - Created Within 30 Days ==========

    [2012/03/25 08:51:10 | 000,593,920 | ---- | C] (OldTimer Tools) -- C:\Users\Bertha\Desktop\OTL.exe
    [2012/03/25 08:49:54 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Trend Micro Client-Server Security Agent
    [2012/03/23 11:38:34 | 000,000,000 | ---D | C] -- C:\Users\Bertha\Documents\Roxio Projects
    [2012/03/22 15:51:37 | 000,000,000 | -HSD | C] -- C:\$RECYCLE.BIN
    [2012/03/22 15:51:25 | 000,000,000 | ---D | C] -- C:\Users\Bertha\AppData\Local\temp
    [2012/03/22 15:35:31 | 000,000,000 | ---D | C] -- C:\Windows\temp
    [2012/03/22 15:15:15 | 000,518,144 | ---- | C] (SteelWerX) -- C:\Windows\SWREG.exe
    [2012/03/22 15:15:15 | 000,406,528 | ---- | C] (SteelWerX) -- C:\Windows\SWSC.exe
    [2012/03/22 15:15:15 | 000,060,416 | ---- | C] (NirSoft) -- C:\Windows\NIRCMD.exe
    [2012/03/22 14:53:45 | 000,000,000 | ---D | C] -- C:\Windows\ERDNT
    [2012/03/22 14:47:42 | 000,000,000 | ---D | C] -- C:\Qoobox
    [2012/03/21 13:17:43 | 004,442,391 | R--- | C] (Swearware) -- C:\Users\Bertha\Desktop\ComboFix.exe
    [2012/03/20 14:07:55 | 000,000,000 | ---D | C] -- C:\Program Files\Google
    [2012/03/20 14:07:41 | 000,000,000 | ---D | C] -- C:\Users\Bertha\AppData\Local\Deployment
    [2012/03/20 13:50:58 | 000,337,880 | ---- | C] (AVAST Software) -- C:\Windows\System32\drivers\aswSP.sys
    [2012/03/20 13:50:58 | 000,020,696 | ---- | C] (AVAST Software) -- C:\Windows\System32\drivers\aswFsBlk.sys
    [2012/03/20 13:50:58 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\avast! Free Antivirus
    [2012/03/20 13:50:54 | 000,044,376 | ---- | C] (AVAST Software) -- C:\Windows\System32\drivers\aswRdr2.sys
    [2012/03/20 13:50:53 | 000,612,184 | ---- | C] (AVAST Software) -- C:\Windows\System32\drivers\aswSnx.sys
    [2012/03/20 13:50:53 | 000,053,848 | ---- | C] (AVAST Software) -- C:\Windows\System32\drivers\aswTdi.sys
    [2012/03/20 13:50:48 | 000,057,688 | ---- | C] (AVAST Software) -- C:\Windows\System32\drivers\aswMonFlt.sys
    [2012/03/20 13:50:11 | 000,201,352 | ---- | C] (AVAST Software) -- C:\Windows\System32\aswBoot.exe
    [2012/03/20 13:50:11 | 000,041,184 | ---- | C] (AVAST Software) -- C:\Windows\avastSS.scr
    [2012/03/20 13:50:01 | 000,000,000 | ---D | C] -- C:\ProgramData\AVAST Software
    [2012/03/20 13:50:00 | 000,000,000 | ---D | C] -- C:\Program Files\AVAST Software
    [2012/03/15 14:24:33 | 000,000,000 | ---D | C] -- C:\Users\Bertha\AppData\Roaming\Malwarebytes
    [2012/03/15 14:24:26 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes
    [2012/03/08 15:14:38 | 000,000,000 | ---D | C] -- C:\Users\Bertha\Desktop\backups
    [1 C:\Windows\System32\*.tmp files -> C:\Windows\System32\*.tmp -> ]

    ========== Files - Modified Within 30 Days ==========

    [2012/03/25 11:17:00 | 000,000,886 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
    [2012/03/25 09:17:00 | 000,000,882 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
    [2012/03/25 08:55:24 | 000,014,240 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
    [2012/03/25 08:55:24 | 000,014,240 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
    [2012/03/25 08:51:12 | 000,593,920 | ---- | M] (OldTimer Tools) -- C:\Users\Bertha\Desktop\OTL.exe
    [2012/03/25 08:49:51 | 000,000,031 | ---- | M] () -- C:\tmuninst.ini
    [2012/03/25 08:47:56 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
    [2012/03/25 08:47:51 | 2387,288,064 | -HS- | M] () -- C:\hiberfil.sys
    [2012/03/23 11:48:40 | 000,732,386 | ---- | M] () -- C:\Windows\System32\perfh009.dat
    [2012/03/23 11:48:40 | 000,147,086 | ---- | M] () -- C:\Windows\System32\perfc009.dat
    [2012/03/23 11:44:02 | 000,000,000 | ---- | M] () -- C:\Users\Bertha\AppData\Local\rx_image32.Cache
    [2012/03/22 08:47:10 | 000,393,838 | ---- | M] () -- C:\Users\Bertha\AppData\Local\census.cache
    [2012/03/22 08:47:09 | 000,160,371 | ---- | M] () -- C:\Users\Bertha\AppData\Local\ars.cache
    [2012/03/22 08:41:54 | 000,000,036 | ---- | M] () -- C:\Users\Bertha\AppData\Local\housecall.guid.cache
    [2012/03/21 13:17:53 | 004,442,391 | R--- | M] (Swearware) -- C:\Users\Bertha\Desktop\ComboFix.exe
    [2012/03/20 13:50:58 | 000,001,992 | ---- | M] () -- C:\Users\Public\Desktop\avast! Free Antivirus.lnk
    [2012/03/20 13:50:48 | 000,002,577 | ---- | M] () -- C:\Windows\System32\config.nt
    [2012/03/19 08:38:54 | 000,001,405 | ---- | M] () -- C:\Users\Bertha\Application Data\Microsoft\Internet Explorer\Quick Launch\Launch Internet Explorer Browser.lnk
    [2012/03/19 03:23:30 | 000,461,168 | ---- | M] () -- C:\Windows\System32\FNTCACHE.DAT
    [2012/03/19 03:05:18 | 000,072,822 | ---- | M] () -- C:\Windows\System32\ieuinit.inf
    [2012/03/16 09:40:17 | 245,818,503 | ---- | M] () -- C:\Windows\MEMORY.DMP
    [2012/03/06 16:15:19 | 000,041,184 | ---- | M] (AVAST Software) -- C:\Windows\avastSS.scr
    [2012/03/06 16:15:14 | 000,201,352 | ---- | M] (AVAST Software) -- C:\Windows\System32\aswBoot.exe
    [2012/03/06 16:03:51 | 000,612,184 | ---- | M] (AVAST Software) -- C:\Windows\System32\drivers\aswSnx.sys
    [2012/03/06 16:03:38 | 000,337,880 | ---- | M] (AVAST Software) -- C:\Windows\System32\drivers\aswSP.sys
    [2012/03/06 16:02:14 | 000,044,376 | ---- | M] (AVAST Software) -- C:\Windows\System32\drivers\aswRdr2.sys
    [2012/03/06 16:01:53 | 000,053,848 | ---- | M] (AVAST Software) -- C:\Windows\System32\drivers\aswTdi.sys
    [2012/03/06 16:01:48 | 000,057,688 | ---- | M] (AVAST Software) -- C:\Windows\System32\drivers\aswMonFlt.sys
    [2012/03/06 16:01:30 | 000,020,696 | ---- | M] (AVAST Software) -- C:\Windows\System32\drivers\aswFsBlk.sys
    [1 C:\Windows\System32\*.tmp files -> C:\Windows\System32\*.tmp -> ]

    ========== Files Created - No Company Name ==========

    [2012/03/23 11:44:02 | 000,000,000 | ---- | C] () -- C:\Users\Bertha\AppData\Local\rx_image32.Cache
    [2012/03/22 15:15:15 | 000,256,000 | ---- | C] () -- C:\Windows\PEV.exe
    [2012/03/22 15:15:15 | 000,208,896 | ---- | C] () -- C:\Windows\MBR.exe
    [2012/03/22 15:15:15 | 000,098,816 | ---- | C] () -- C:\Windows\sed.exe
    [2012/03/22 15:15:15 | 000,080,412 | ---- | C] () -- C:\Windows\grep.exe
    [2012/03/22 15:15:15 | 000,068,096 | ---- | C] () -- C:\Windows\zip.exe
    [2012/03/20 14:07:59 | 000,000,886 | ---- | C] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
    [2012/03/20 14:07:59 | 000,000,882 | ---- | C] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
    [2012/03/20 13:50:58 | 000,001,992 | ---- | C] () -- C:\Users\Public\Desktop\avast! Free Antivirus.lnk
    [2012/03/19 03:05:18 | 000,072,822 | ---- | C] () -- C:\Windows\System32\ieuinit.inf
    [2012/03/08 14:37:45 | 000,393,838 | ---- | C] () -- C:\Users\Bertha\AppData\Local\census.cache
    [2012/03/08 14:37:25 | 000,160,371 | ---- | C] () -- C:\Users\Bertha\AppData\Local\ars.cache
    [2012/01/19 14:49:37 | 000,165,376 | ---- | C] () -- C:\Windows\System32\unrar.dll
    [2011/08/09 15:14:30 | 000,087,552 | ---- | C] () -- C:\Windows\System32\cpwmon2k.dll
    [2011/07/25 12:29:59 | 000,000,928 | ---- | C] () -- C:\Windows\System32\hpsj1695.dll
    [2011/06/30 10:55:34 | 000,024,576 | ---- | C] () -- C:\Windows\System32\drivers\Sharshtw.exe
    [2011/06/30 10:55:30 | 000,306,688 | ---- | C] () -- C:\Windows\System32\Lffpx7.dll
    [2011/06/30 10:55:30 | 000,095,232 | ---- | C] () -- C:\Windows\System32\Lfkodak.dll
    [2011/04/27 12:54:04 | 000,007,597 | ---- | C] () -- C:\Users\Bertha\AppData\Local\resmon.resmoncfg
    [2011/04/12 12:29:58 | 000,000,000 | ---- | C] () -- C:\Windows\HPMProp.INI
    [2011/04/05 01:35:37 | 000,982,240 | ---- | C] () -- C:\Windows\System32\igkrng500.bin
    [2011/04/05 01:35:36 | 000,439,308 | ---- | C] () -- C:\Windows\System32\igcompkrng500.bin
    [2011/04/05 01:35:36 | 000,092,356 | ---- | C] () -- C:\Windows\System32\igfcg500m.bin
    [2011/04/05 01:35:36 | 000,004,096 | ---- | C] ( ) -- C:\Windows\System32\IGFXDEVLib.dll
    [2011/04/05 01:35:35 | 000,000,151 | ---- | C] () -- C:\Windows\System32\GfxUI.exe.config
    [2011/04/04 22:59:25 | 000,080,368 | ---- | C] () -- C:\Windows\System32\pbadrvdll.dll
    [2010/10/21 09:53:51 | 000,001,940 | ---- | C] () -- C:\Users\Bertha\AppData\Local\{96C87F53-AC72-4604-A9CC-186A49F17F3C}.ini
    [2010/10/01 13:56:28 | 000,087,040 | ---- | C] () -- C:\Windows\System32\Internationalization_th.dll
    [2010/10/01 13:56:28 | 000,074,752 | ---- | C] () -- C:\Windows\System32\Internationalization_zh-HK.dll
    [2010/10/01 13:56:26 | 000,089,088 | ---- | C] () -- C:\Windows\System32\Internationalization_sl.dll
    [2010/10/01 13:56:24 | 000,089,088 | ---- | C] () -- C:\Windows\System32\Internationalization_sk.dll
    [2010/10/01 13:56:22 | 000,090,112 | ---- | C] () -- C:\Windows\System32\Internationalization_hr.dll
    [2010/10/01 13:56:20 | 000,088,064 | ---- | C] () -- C:\Windows\System32\Internationalization_tr.dll
    [2010/10/01 13:56:18 | 000,091,648 | ---- | C] () -- C:\Windows\System32\Internationalization_ro.dll
    [2010/10/01 13:56:18 | 000,091,648 | ---- | C] () -- C:\Windows\System32\Internationalization_pt-BR.dll
    [2010/10/01 13:56:16 | 000,091,136 | ---- | C] () -- C:\Windows\System32\Internationalization_hu.dll
    [2010/10/01 13:56:14 | 000,084,480 | ---- | C] () -- C:\Windows\System32\Internationalization_he.dll
    [2010/10/01 13:56:12 | 000,089,088 | ---- | C] () -- C:\Windows\System32\Internationalization_fi.dll
    [2010/10/01 13:56:10 | 000,095,744 | ---- | C] () -- C:\Windows\System32\Internationalization_el.dll
    [2010/10/01 13:56:10 | 000,090,112 | ---- | C] () -- C:\Windows\System32\Internationalization_cs.dll
    [2010/10/01 13:56:08 | 000,086,016 | ---- | C] () -- C:\Windows\System32\Internationalization_ar.dll
    [2010/10/01 13:56:06 | 000,074,752 | ---- | C] () -- C:\Windows\System32\Internationalization_zh-CHT.dll
    [2010/10/01 13:56:06 | 000,074,240 | ---- | C] () -- C:\Windows\System32\Internationalization_zh-CHS.dll
    [2010/10/01 13:56:04 | 000,090,624 | ---- | C] () -- C:\Windows\System32\Internationalization_sv.dll
    [2010/10/01 13:56:02 | 000,090,112 | ---- | C] () -- C:\Windows\System32\Internationalization_ru.dll
    [2010/10/01 13:56:00 | 000,093,184 | ---- | C] () -- C:\Windows\System32\Internationalization_pt.dll
    [2010/10/01 13:56:00 | 000,092,160 | ---- | C] () -- C:\Windows\System32\Internationalization_pl.dll
    [2010/10/01 13:55:58 | 000,088,576 | ---- | C] () -- C:\Windows\System32\Internationalization_no.dll
    [2010/10/01 13:55:56 | 000,096,256 | ---- | C] () -- C:\Windows\System32\Internationalization_nl.dll
    [2010/10/01 13:55:56 | 000,078,848 | ---- | C] () -- C:\Windows\System32\Internationalization_ko.dll
    [2010/10/01 13:55:54 | 000,080,384 | ---- | C] () -- C:\Windows\System32\Internationalization_ja.dll
    [2010/10/01 13:55:52 | 000,093,696 | ---- | C] () -- C:\Windows\System32\Internationalization_it.dll
    [2010/10/01 13:55:50 | 000,093,696 | ---- | C] () -- C:\Windows\System32\Internationalization_fr.dll
    [2010/10/01 13:55:50 | 000,093,184 | ---- | C] () -- C:\Windows\System32\Internationalization_es.dll
    [2010/10/01 13:55:46 | 000,094,720 | ---- | C] () -- C:\Windows\System32\Internationalization_de.dll
    [2010/10/01 13:55:44 | 000,091,648 | ---- | C] () -- C:\Windows\System32\Internationalization_da.dll
    [2010/09/30 06:49:10 | 000,012,800 | ---- | C] () -- C:\Windows\System32\Wavx_ESC_Logging.dll
    [2010/08/19 15:18:20 | 001,008,640 | ---- | C] () -- C:\Windows\System32\DemoLicense.dll
    [2010/07/07 10:20:10 | 000,000,036 | ---- | C] () -- C:\Users\Bertha\AppData\Local\housecall.guid.cache

    ========== LOP Check ==========]
  19. reddog1992000

    reddog1992000 Newcomer, in training Topic Starter

    [2008/05/27 08:13:54 | 000,000,000 | ---D | M] -- C:\Users\Bertha\AppData\Roaming\cs
    [2011/04/12 08:16:18 | 000,000,000 | ---D | M] -- C:\Users\Bertha\AppData\Roaming\Leadertech
    [2011/04/12 08:16:24 | 000,000,000 | ---D | M] -- C:\Users\Bertha\AppData\Roaming\Printer Info Cache
    [2011/06/30 10:35:13 | 000,000,000 | ---D | M] -- C:\Users\Bertha\AppData\Roaming\SoftGrid Client
    [2011/07/27 12:23:12 | 000,000,000 | ---D | M] -- C:\Users\Bertha\AppData\Roaming\Temp
    [2011/04/12 12:07:33 | 000,000,000 | ---D | M] -- C:\Users\Bertha\AppData\Roaming\TP
    [2012/03/05 16:17:32 | 000,000,000 | ---D | M] -- C:\Users\Bertha\AppData\Roaming\uTorrent
    [2011/04/12 08:16:39 | 000,000,000 | ---D | M] -- C:\Users\Bertha\AppData\Roaming\Wal-Mart Digital Photo Manager
    [2011/04/12 08:16:39 | 000,000,000 | ---D | M] -- C:\Users\Bertha\AppData\Roaming\Wal-Mart Digital Photo Viewer
    [2011/04/12 08:16:39 | 000,000,000 | ---D | M] -- C:\Users\Bertha\AppData\Roaming\Xerox
    [2011/09/08 09:21:16 | 000,000,000 | ---D | M] -- C:\Users\Default\AppData\Roaming\Temp
    [2011/09/08 09:21:16 | 000,000,000 | ---D | M] -- C:\Users\Default User\AppData\Roaming\Temp
    [2012/03/12 10:44:40 | 000,032,542 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT

    ========== Purity Check ==========



    ========== Custom Scans ==========

    < %SYSTEMDRIVE%\*.* >
    [2009/06/10 14:42:20 | 000,000,024 | ---- | M] () -- C:\autoexec.bat
    [2012/03/22 15:51:12 | 000,016,232 | ---- | M] () -- C:\ComboFix.txt
    [2009/06/10 14:42:20 | 000,000,010 | ---- | M] () -- C:\config.sys
    [2011/04/05 01:43:21 | 000,026,994 | RH-- | M] () -- C:\dell.sdr
    [2007/11/07 06:00:40 | 000,017,734 | ---- | M] () -- C:\eula.1028.txt
    [2007/11/07 06:00:40 | 000,017,734 | ---- | M] () -- C:\eula.1031.txt
    [2007/11/07 06:00:40 | 000,010,134 | ---- | M] () -- C:\eula.1033.txt
    [2007/11/07 06:00:40 | 000,017,734 | ---- | M] () -- C:\eula.1036.txt
    [2007/11/07 06:00:40 | 000,017,734 | ---- | M] () -- C:\eula.1040.txt
    [2007/11/07 06:00:40 | 000,000,118 | ---- | M] () -- C:\eula.1041.txt
    [2007/11/07 06:00:40 | 000,017,734 | ---- | M] () -- C:\eula.1042.txt
    [2007/11/07 06:00:40 | 000,017,734 | ---- | M] () -- C:\eula.2052.txt
    [2007/11/07 06:00:40 | 000,017,734 | ---- | M] () -- C:\eula.3082.txt
    [2007/11/07 06:00:40 | 000,001,110 | ---- | M] () -- C:\globdata.ini
    [2012/03/25 08:47:51 | 2387,288,064 | -HS- | M] () -- C:\hiberfil.sys
    [2007/11/07 06:00:40 | 000,000,843 | ---- | M] () -- C:\install.ini
    [2007/11/07 06:03:18 | 000,076,304 | ---- | M] (Microsoft Corporation) -- C:\install.res.1028.dll
    [2007/11/07 06:03:18 | 000,096,272 | ---- | M] (Microsoft Corporation) -- C:\install.res.1031.dll
    [2007/11/07 06:03:18 | 000,091,152 | ---- | M] (Microsoft Corporation) -- C:\install.res.1033.dll
    [2007/11/07 06:03:18 | 000,097,296 | ---- | M] (Microsoft Corporation) -- C:\install.res.1036.dll
    [2007/11/07 06:03:18 | 000,095,248 | ---- | M] (Microsoft Corporation) -- C:\install.res.1040.dll
    [2007/11/07 06:03:18 | 000,081,424 | ---- | M] (Microsoft Corporation) -- C:\install.res.1041.dll
    [2007/11/07 06:03:18 | 000,079,888 | ---- | M] (Microsoft Corporation) -- C:\install.res.1042.dll
    [2007/11/07 06:03:18 | 000,075,792 | ---- | M] (Microsoft Corporation) -- C:\install.res.2052.dll
    [2007/11/07 06:03:18 | 000,096,272 | ---- | M] (Microsoft Corporation) -- C:\install.res.3082.dll
    [2011/06/30 10:54:21 | 000,000,000 | RHS- | M] () -- C:\IO.SYS
    [2011/06/30 10:54:21 | 000,000,000 | RHS- | M] () -- C:\MSDOS.SYS
    [2012/03/25 08:48:32 | 3183,050,752 | -HS- | M] () -- C:\pagefile.sys
    [2012/03/22 15:57:51 | 000,000,361 | ---- | M] () -- C:\rkill.log
    [2012/03/18 11:36:56 | 000,085,356 | ---- | M] () -- C:\TDSSKiller.2.7.20.0_18.03.2012_11.35.14_log.txt
    [2012/03/25 08:49:51 | 000,000,031 | ---- | M] () -- C:\tmuninst.ini
    [2007/11/07 06:00:40 | 000,005,686 | ---- | M] () -- C:\vcredist.bmp
    [2007/11/07 06:09:22 | 001,442,522 | ---- | M] () -- C:\VC_RED.cab
    [2007/11/07 06:12:28 | 000,232,960 | ---- | M] () -- C:\VC_RED.MSI

    < %systemroot%\Fonts\*.com >
    [2009/07/13 21:52:25 | 000,026,040 | ---- | M] () -- C:\Windows\Fonts\GlobalMonospace.CompositeFont
    [2009/07/13 21:52:25 | 000,026,489 | ---- | M] () -- C:\Windows\Fonts\GlobalSansSerif.CompositeFont
    [2009/07/13 21:52:25 | 000,029,779 | ---- | M] () -- C:\Windows\Fonts\GlobalSerif.CompositeFont
    [2009/07/13 21:52:25 | 000,043,318 | ---- | M] () -- C:\Windows\Fonts\GlobalUserInterface.CompositeFont

    < %systemroot%\Fonts\*.dll >

    < %systemroot%\Fonts\*.ini >
    [2009/06/10 14:31:19 | 000,000,065 | ---- | M] () -- C:\Windows\Fonts\desktop.ini

    < %systemroot%\Fonts\*.ini2 >

    < %systemroot%\Fonts\*.exe >

    < %systemroot%\system32\spool\prtprocs\w32x86\*.* >
    [2011/02/09 11:24:32 | 000,314,880 | ---- | M] (Hewlett-Packard Corporation) -- C:\Windows\system32\spool\prtprocs\w32x86\hpcpp112.dll
    [2009/07/13 18:15:35 | 000,022,528 | ---- | M] (Microsoft Corporation) -- C:\Windows\system32\spool\prtprocs\w32x86\jnwppr.dll
    [2006/10/26 20:58:12 | 000,030,512 | ---- | M] (Microsoft Corporation) -- C:\Windows\system32\spool\prtprocs\w32x86\mdippr.dll
    [2009/07/13 18:16:19 | 000,029,696 | ---- | M] (Microsoft Corporation) -- C:\Windows\system32\spool\prtprocs\w32x86\winprint.dll
    [2009/07/17 09:07:52 | 000,011,264 | ---- | M] (Xerox Corporation) -- C:\Windows\system32\spool\prtprocs\w32x86\Xrprt_b.dll

    < %systemroot%\REPAIR\*.bak1 >

    < %systemroot%\REPAIR\*.ini >

    < %systemroot%\system32\*.jpg >

    < %systemroot%\*.jpg >

    < %systemroot%\*.png >

    < %systemroot%\*.scr >
    [2012/03/06 16:15:19 | 000,041,184 | ---- | M] (AVAST Software) -- C:\Windows\avastSS.scr
    [2010/11/10 00:28:46 | 000,301,936 | ---- | M] (Microsoft Corporation) -- C:\Windows\WLXPGSS.SCR

    < %systemroot%\*._sy >

    < %APPDATA%\Adobe\Update\*.* >

    < %ALLUSERSPROFILE%\Favorites\*.* >

    < %APPDATA%\Microsoft\*.* >

    < %PROGRAMFILES%\*.* >
    [2009/07/13 21:41:57 | 000,000,174 | -HS- | M] () -- C:\Program Files\desktop.ini

    < %APPDATA%\Update\*.* >

    < %systemroot%\*. /mp /s >

    < %systemroot%\System32\config\*.sav >

    < %PROGRAMFILES%\bak. /s >

    < %systemroot%\system32\bak. /s >

    < %ALLUSERSPROFILE%\Start Menu\*.lnk /x >

    < %systemroot%\system32\config\systemprofile\*.dat /x >

    < %systemroot%\*.config >

    < %systemroot%\system32\*.db >

    < %APPDATA%\Microsoft\Internet Explorer\Quick Launch\*.lnk /x >
    [2012/03/19 08:38:54 | 000,000,221 | -HS- | M] () -- C:\Users\Bertha\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\desktop.ini
    [2003/11/11 13:22:11 | 000,000,079 | ---- | M] () -- C:\Users\Bertha\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Show Desktop.scf

    < %USERPROFILE%\Desktop\*.exe >
    [2012/03/21 13:17:53 | 004,442,391 | R--- | M] (Swearware) -- C:\Users\Bertha\Desktop\ComboFix.exe
    [2012/01/05 15:11:59 | 377,624,640 | ---- | M] (Computer Helper Publishing ) -- C:\Users\Bertha\Desktop\cw15111Full.exe
    [2012/01/19 14:49:16 | 001,501,401 | ---- | M] () -- C:\Users\Bertha\Desktop\Loki_2.0.exe
    [2012/03/25 08:51:12 | 000,593,920 | ---- | M] (OldTimer Tools) -- C:\Users\Bertha\Desktop\OTL.exe

    < %PROGRAMFILES%\Common Files\*.* >

    < %systemroot%\*.src >

    < %systemroot%\install\*.* >

    < %systemroot%\system32\DLL\*.* >

    < %systemroot%\system32\HelpFiles\*.* >

    < %systemroot%\tasks\*.* >
    [2012/03/25 09:17:00 | 000,000,882 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
    [2012/03/25 11:17:00 | 000,000,886 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
    [2012/03/25 08:48:01 | 000,000,006 | -H-- | M] () -- C:\Windows\tasks\SA.DAT
    [2012/03/12 10:44:40 | 000,032,542 | ---- | M] () -- C:\Windows\tasks\SCHEDLGU.TXT

    < %systemroot%\system32\rundll\*.* >

    < %systemroot%\winn32\*.* >

    < %systemroot%\Java\*.* >

    < %systemroot%\system32\test\*.* >

    < %systemroot%\system32\Rundll32\*.* >

    < %systemroot%\AppPatch\Custom\*.* >

    < %APPDATA%\Roaming\Microsoft\Windows\Recent\*.lnk /x >

    < %PROGRAMFILES%\PC-Doctor\Downloads\*.* >

    < %PROGRAMFILES%\Internet Explorer\*.tmp >

    < %PROGRAMFILES%\Internet Explorer\*.dat >

    < %USERPROFILE%\My Documents\*.exe >

    < %USERPROFILE%\*.exe >

    < %systemroot%\ADDINS\*.* >
    [2009/06/10 14:20:04 | 000,000,802 | ---- | M] () -- C:\Windows\ADDINS\FXSEXT.ecf

    < %systemroot%\assembly\*.bak2 >

    < %systemroot%\Config\*.* >

    < %systemroot%\REPAIR\*.bak2 >

    < %systemroot%\SECURITY\Database\*.sdb /x >

    < %systemroot%\SYSTEM\*.bak2 >

    < %systemroot%\Web\*.bak2 >

    < %systemroot%\Driver Cache\*.* >

    < %PROGRAMFILES%\Mozilla Firefox\0*.exe >

    < %ProgramFiles%\Microsoft Common\*.* >

    < %ProgramFiles%\TinyProxy. >

    < %USERPROFILE%\Favorites\*.url /x >
    [2012/03/20 08:43:23 | 000,000,402 | -HS- | M] () -- C:\Users\Bertha\Favorites\desktop.ini

    < %systemroot%\system32\*.bk >

    < %systemroot%\*.te >

    < %systemroot%\system32\system32\*.* >

    < %ALLUSERSPROFILE%\*.dat /x >
    [2002/09/03 13:26:20 | 000,000,062 | -HS- | M] () -- C:\ProgramData\DESKTOP.INI
    [2009/06/15 10:27:24 | 000,006,520 | ---- | M] () -- C:\ProgramData\N360BUOptions.ini

    < %systemroot%\system32\drivers\*.rmv >

    < dir /b "%systemroot%\system32\*.exe" | find /i " " /c >

    < dir /b "%systemroot%\*.exe" | find /i " " /c >

    < %PROGRAMFILES%\Microsoft\*.* >

    < %systemroot%\System32\Wbem\proquota.exe >

    < %PROGRAMFILES%\Mozilla Firefox\*.dat >

    < %USERPROFILE%\Cookies\*.txt /x >

    < %SystemRoot%\system32\fonts\*.* >

    < %systemroot%\system32\winlog\*.* >

    < %systemroot%\system32\Language\*.* >

    < %systemroot%\system32\Settings\*.* >

    < %systemroot%\system32\*.quo >

    < %SYSTEMROOT%\AppPatch\*.exe >

    < %SYSTEMROOT%\inf\*.exe >

    < %SYSTEMROOT%\Installer\*.exe >

    < %systemroot%\system32\config\*.bak2 >

    < %systemroot%\system32\Computers\*.* >

    < %SystemRoot%\system32\Sound\*.* >

    < %SystemRoot%\system32\SpecialImg\*.* >

    < %SystemRoot%\system32\code\*.* >

    < %SystemRoot%\system32\draft\*.* >

    < %SystemRoot%\system32\MSSSys\*.* >

    < %ProgramFiles%\Javascript\*.* >

    < %systemroot%\pchealth\helpctr\System\*.exe /s >

    < %systemroot%\Web\*.exe >

    < %systemroot%\system32\msn\*.* >

    < %systemroot%\system32\*.tro >

    < %AppData%\Microsoft\Installer\msupdates\*.* >

    < %ProgramFiles%\Messenger\*.* >

    < %systemroot%\system32\systhem32\*.* >

    < %systemroot%\system\*.exe >
    [1997/12/22 17:23:36 | 000,004,672 | ---- | M] (Adaptec) -- C:\Windows\system\wowpost.exe

    < HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate\AU >

    < HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\ Auto Update\Results\Install|LastSuccessTime /rs >

    < End of report >
  20. Broni

    Broni Malware Annihilator Posts: 46,177   +251

    Good news :)

    You used to have AVG as an AV program and TrendMicro as a firewall>
    I can see Avast running now.
    What happened?
  21. reddog1992000

    reddog1992000 Newcomer, in training Topic Starter

    I share this computer with another and they had a buddy do some clean up when I wasn't there. The guy thought that the Trend Micro program would be enough protection and uninstalled AVG. You guys seem to like Avast so I installed that on there as added protection.

    I know that drives you crazy :) But it happened.
  22. Broni

    Broni Malware Annihilator Posts: 46,177   +251

    Does TrendMicro include an AV part or a firewall only?
  23. reddog1992000

    reddog1992000 Newcomer, in training Topic Starter

    You can buy the actual AV, but the product we put on it is for scanning the computer daily.
  24. Broni

    Broni Malware Annihilator Posts: 46,177   +251

    Uninstall TrendMicro and post new OTL log.
    Only one log will be produced.
Topic Status:
Not open for further replies.


Add New Comment

TechSpot Members
Login or sign up for free,
it takes about 30 seconds.
You may also...


Get complete access to the TechSpot community. Join thousands of technology enthusiasts that contribute and share knowledge in our forum. Get a private inbox, upload your own photo gallery and more.