TechSpot

Attempting to Follow the 6-Step Instructions, sadly failing

By ChillyDown
Oct 7, 2011
  1. Hello, my issue is specifically with the oh-so-interesting Guard Online on Windows7. I warn readers and potential advisers that I am verging on computer illiterate, so I beg for your patience (and mercy). Following the aforementioned steps, I find myself trapped at Step 3:

    I have downloaded GMER and it opens, but does not produce any information upon opening (the list implies that there will be a quick scan with some result or another). I have run it twice, and a third time in safe mode with the same result. It appears to be scanning for just a few seconds, but no pop-ups or new information shows up when it has finished (?). I was unsure if I should actually click the "Scan" button on the side as it seemed in the text that was not advisable... Or perhaps I read too much into things. I'm hoping asking too many questions is better for my computer's health than just clicking on things I think look correct.

    [I can respond with my one log from Malwarebyte if that will provide any aid. ]

    Help me, technologically-inclined humans, you're my only hope!
     
  2. Bobbye

    Bobbye Helper on the Fringe Posts: 16,335   +36

    Welcome to TechSpot! I'll be glad to help get you running.

    You are experiencing problems due to AV Guard Online, is that correct?
    This infection is classified as a rogue anti-spyware program because it uses false security alerts and fake scan results to try and trick you into thinking that your computer is infected so that you will then purchase it. It scans then goes on to display a variety of fake security alerts and warnings that are designed to make you think your computer has a serious security problem.
    ========================================
    Skip GMER for now.
    ==============================================
    Please do the following to help you run other programs:

    Boot into Safe Mode
    • Restart your computer and start pressing the F8 key on your keyboard.
    • Select the Safe Mode with Networking option when the Windows Advanced Options menu appears, using your up/down arrows to reach it and then press ENTER.

    This infection may change your Windows settings to use a proxy server that will not allow you to browse any pages on the Internet with Internet Explorer or update security software, we will first need need to fix this: Launch Internet Explorer
    • Access Internet Options through Tools> Connections tab
    • Click on the Lan Settings at the bottom
    • Proxy Server section> uncheck the box labeled 'Use a proxy server for your LAN.
    • Then click on OK> and OK again to close Internet Options.
    ===============================
    This malware frequently comes with the TDSS rootkit, so do the following:
    • Download the file TDSSKiller.zip and save to the desktop.
      (If you are unable to download the file for some reason, then TDSS may be blocking it. You would then need to download it first to a clean computer and then transfer it to the infected one using an external drive or USB flash drive.)
    • Right-click the tdsskiller.zip file> Select Extract All into a folder on the infected (or potentially infected) PC.
    • Double click on TDSSKiller.exe. to run the scan
    • When the scan is over, the utility outputs a list of detected objects with description.
      The utility automatically selects an action (Cure or Delete) for malicious objects.
      The utility prompts the user to select an action to apply to suspicious objects (Skip, by default).
    • Select the action Quarantine to quarantine detected objects.
      The default quarantine folder is in the system disk root folder, e.g.: C:\TDSSKiller_Quarantine\23.07.2010_15.31.43
    • After clicking Next, the utility applies selected actions and outputs the result.
    • A reboot is required after disinfection.
    ====================================
    If TDSSKiller requires you to reboot, please allow it to do so. After you reboot, reboot back into Safe Mode with Networking again
    ====================================
    To end the processes that belong to AV Guard Online:
    Please download and run the tool below named Rkill (courtesy of BleepingComputer.com) which may help allow other programs to run.

    There are 3 different versions. If one of them won't run then download and try to run the other one. (Vista and Win7 users need to right click Rkill and choose Run as Administrator)

    You only need to get one of these to run, not all of them. You may get warnings from your antivirus about this tool, ignore them or shutdown your antivirus.
    • Rkill.com
    • Rkill.scr
    • Rkill.exe
    • Double-click on the Rkill desktop icon to run the tool.
    • If using Vista or Windows 7 right-click on it and choose Run As Administrator.
    • A black DOS box will briefly flash and then disappear. This is normal and indicates the tool ran successfully.
    • If not, delete the file, then download and use the one provided in Link 2.
    • If it does not work, repeat the process and attempt to use one of the remaining links until the tool runs.
    • If the tool does not run from any of the links provided, please let me know.
    Do not reboot until instructed. as it will start the malware again
    ==================================
    You will run another scan with Mbam, after it updates, but this time, on the Scanner tab, make sure the the Perform Full Scan option is selected and then click on the Scan button.

    When scan has finished, you will see this image:
    [​IMG]
    • Click on OK to close box and continue.
    • Click on the Show Results button.
    • Click on the Remove Selected button to remove all the listed malware.
    • At end of malware removal, the scan log opens and displays in Notepad. Be sure to click on Format> Uncheck Word Wrap before copying the log to paste in your next reply.
    ========================================
    Now see if you can run the DDS scan. If you have any problem, let me know.

    Please paste logs for:
    TDSSKiller
    RKill
    New Malwarebytes
    2 logs from DDS
     
  3. ChillyDown

    ChillyDown TS Rookie Topic Starter

    13:53:53.0071 4320 TDSS rootkit removing tool 2.6.6.0 Oct 7 2011 12:45:24
    13:53:53.0600 4320 ============================================================
    13:53:53.0600 4320 Current date / time: 2011/10/07 13:53:53.0600
    13:53:53.0600 4320 SystemInfo:
    13:53:53.0600 4320
    13:53:53.0600 4320 OS Version: 6.1.7600 ServicePack: 0.0
    13:53:53.0600 4320 Product type: Workstation
    13:53:53.0600 4320 ComputerName: ASHER-PC
    13:53:53.0600 4320 UserName: Asher
    13:53:53.0601 4320 Windows directory: C:\Windows
    13:53:53.0601 4320 System windows directory: C:\Windows
    13:53:53.0601 4320 Running under WOW64
    13:53:53.0601 4320 Processor architecture: Intel x64
    13:53:53.0601 4320 Number of processors: 8
    13:53:53.0601 4320 Page size: 0x1000
    13:53:53.0601 4320 Boot type: Normal boot
    13:53:53.0601 4320 ============================================================
    13:53:54.0037 4320 Initialize success
    13:54:38.0880 1052 ============================================================
    13:54:38.0880 1052 Scan started
    13:54:38.0880 1052 Mode: Manual;
    13:54:38.0880 1052 ============================================================
    13:54:39.0190 1052 1394ohci (69aa89a20dee08bfa650aab6ce37bd10) C:\Windows\system32\DRIVERS\1394ohci.sys
    13:54:39.0192 1052 1394ohci - ok
    13:54:39.0215 1052 ACPI (6f11e88748cdefd2f76aa215f97ddfe5) C:\Windows\system32\DRIVERS\ACPI.sys
    13:54:39.0218 1052 ACPI - ok
    13:54:39.0237 1052 AcpiPmi (63b05a0420ce4bf0e4af6dcc7cada254) C:\Windows\system32\DRIVERS\acpipmi.sys
    13:54:39.0250 1052 AcpiPmi - ok
    13:54:39.0319 1052 adp94xx (2f6b34b83843f0c5118b63ac634f5bf4) C:\Windows\system32\DRIVERS\adp94xx.sys
    13:54:39.0340 1052 adp94xx - ok
    13:54:39.0371 1052 adpahci (597f78224ee9224ea1a13d6350ced962) C:\Windows\system32\DRIVERS\adpahci.sys
    13:54:39.0389 1052 adpahci - ok
    13:54:39.0427 1052 adpu320 (e109549c90f62fb570b9540c4b148e54) C:\Windows\system32\DRIVERS\adpu320.sys
    13:54:39.0440 1052 adpu320 - ok
    13:54:39.0506 1052 AFD (6ef20ddf3172e97d69f596fb90602f29) C:\Windows\system32\drivers\afd.sys
    13:54:39.0562 1052 AFD - ok
    13:54:39.0593 1052 agp440 (608c14dba7299d8cb6ed035a68a15799) C:\Windows\system32\DRIVERS\agp440.sys
    13:54:39.0598 1052 agp440 - ok
    13:54:39.0608 1052 aliide (5812713a477a3ad7363c7438ca2ee038) C:\Windows\system32\DRIVERS\aliide.sys
    13:54:39.0615 1052 aliide - ok
    13:54:39.0644 1052 amdide (1ff8b4431c353ce385c875f194924c0c) C:\Windows\system32\DRIVERS\amdide.sys
    13:54:39.0646 1052 amdide - ok
    13:54:39.0671 1052 AmdK8 (7024f087cff1833a806193ef9d22cda9) C:\Windows\system32\DRIVERS\amdk8.sys
    13:54:39.0681 1052 AmdK8 - ok
    13:54:39.0796 1052 amdkmdag (a497ff5ae4d0c93da2cfb98e6a355c1f) C:\Windows\system32\DRIVERS\atipmdag.sys
    13:54:39.0941 1052 amdkmdag - ok
    13:54:39.0957 1052 amdkmdap (91b89be832d436af257b91666bc32c30) C:\Windows\system32\DRIVERS\atikmpag.sys
    13:54:39.0985 1052 amdkmdap - ok
    13:54:39.0995 1052 AmdPPM (1e56388b3fe0d031c44144eb8c4d6217) C:\Windows\system32\DRIVERS\amdppm.sys
    13:54:39.0999 1052 AmdPPM - ok
    13:54:40.0041 1052 amdsata (ec7ebab00a4d8448bab68d1e49b4beb9) C:\Windows\system32\drivers\amdsata.sys
    13:54:40.0095 1052 amdsata - ok
    13:54:40.0125 1052 amdsbs (f67f933e79241ed32ff46a4f29b5120b) C:\Windows\system32\DRIVERS\amdsbs.sys
    13:54:40.0138 1052 amdsbs - ok
    13:54:40.0161 1052 amdxata (db27766102c7bf7e95140a2aa81d042e) C:\Windows\system32\drivers\amdxata.sys
    13:54:40.0162 1052 amdxata - ok
    13:54:40.0174 1052 AppID (42fd751b27fa0e9c69bb39f39e409594) C:\Windows\system32\drivers\appid.sys
    13:54:40.0183 1052 AppID - ok
    13:54:40.0226 1052 arc (c484f8ceb1717c540242531db7845c4e) C:\Windows\system32\DRIVERS\arc.sys
    13:54:40.0233 1052 arc - ok
    13:54:40.0244 1052 arcsas (019af6924aefe7839f61c830227fe79c) C:\Windows\system32\DRIVERS\arcsas.sys
    13:54:40.0255 1052 arcsas - ok
    13:54:40.0272 1052 AsyncMac (769765ce2cc62867468cea93969b2242) C:\Windows\system32\DRIVERS\asyncmac.sys
    13:54:40.0280 1052 AsyncMac - ok
    13:54:40.0292 1052 atapi (02062c0b390b7729edc9e69c680a6f3c) C:\Windows\system32\DRIVERS\atapi.sys
    13:54:40.0296 1052 atapi - ok
    13:54:40.0345 1052 athr (e0fabc10635c670bd7d89fd214a405d7) C:\Windows\system32\DRIVERS\athrx.sys
    13:54:40.0405 1052 athr - ok
    13:54:40.0441 1052 AtiHdmiService (d481083348138b4933acfe95812db71c) C:\Windows\system32\drivers\AtiHdmi.sys
    13:54:40.0489 1052 AtiHdmiService - ok
    13:54:40.0541 1052 b06bdrv (3e5b191307609f7514148c6832bb0842) C:\Windows\system32\DRIVERS\bxvbda.sys
    13:54:40.0560 1052 b06bdrv - ok
    13:54:40.0589 1052 b57nd60a (b5ace6968304a3900eeb1ebfd9622df2) C:\Windows\system32\DRIVERS\b57nd60a.sys
    13:54:40.0603 1052 b57nd60a - ok
    13:54:40.0627 1052 Beep (16a47ce2decc9b099349a5f840654746) C:\Windows\system32\drivers\Beep.sys
    13:54:40.0637 1052 Beep - ok
    13:54:40.0680 1052 blbdrive (61583ee3c3a17003c4acd0475646b4d3) C:\Windows\system32\DRIVERS\blbdrive.sys
    13:54:40.0686 1052 blbdrive - ok
    13:54:40.0721 1052 bowser (19d20159708e152267e53b66677a4995) C:\Windows\system32\DRIVERS\bowser.sys
    13:54:40.0723 1052 bowser - ok
    13:54:40.0750 1052 BrFiltLo (f09eee9edc320b5e1501f749fde686c8) C:\Windows\system32\DRIVERS\BrFiltLo.sys
    13:54:40.0759 1052 BrFiltLo - ok
    13:54:40.0769 1052 BrFiltUp (b114d3098e9bdb8bea8b053685831be6) C:\Windows\system32\DRIVERS\BrFiltUp.sys
    13:54:40.0777 1052 BrFiltUp - ok
    13:54:40.0788 1052 Brserid (43bea8d483bf1870f018e2d02e06a5bd) C:\Windows\System32\Drivers\Brserid.sys
    13:54:40.0796 1052 Brserid - ok
    13:54:40.0807 1052 BrSerWdm (a6eca2151b08a09caceca35c07f05b42) C:\Windows\System32\Drivers\BrSerWdm.sys
    13:54:40.0812 1052 BrSerWdm - ok
    13:54:40.0820 1052 BrUsbMdm (b79968002c277e869cf38bd22cd61524) C:\Windows\System32\Drivers\BrUsbMdm.sys
    13:54:40.0823 1052 BrUsbMdm - ok
    13:54:40.0833 1052 BrUsbSer (a87528880231c54e75ea7a44943b38bf) C:\Windows\System32\Drivers\BrUsbSer.sys
    13:54:40.0835 1052 BrUsbSer - ok
    13:54:40.0850 1052 BTHMODEM (9da669f11d1f894ab4eb69bf546a42e8) C:\Windows\system32\DRIVERS\bthmodem.sys
    13:54:40.0856 1052 BTHMODEM - ok
    13:54:40.0876 1052 cdfs (b8bd2bb284668c84865658c77574381a) C:\Windows\system32\DRIVERS\cdfs.sys
    13:54:40.0877 1052 cdfs - ok
    13:54:40.0904 1052 cdrom (83d2d75e1efb81b3450c18131443f7db) C:\Windows\system32\DRIVERS\cdrom.sys
    13:54:40.0912 1052 cdrom - ok
    13:54:40.0942 1052 cfwids (676535b3156fecf7133cf80b4d2f6cf7) C:\Windows\system32\drivers\cfwids.sys
    13:54:40.0993 1052 cfwids - ok
    13:54:41.0002 1052 circlass (d7cd5c4e1b71fa62050515314cfb52cf) C:\Windows\system32\DRIVERS\circlass.sys
    13:54:41.0005 1052 circlass - ok
    13:54:41.0032 1052 CLFS (fe1ec06f2253f691fe36217c592a0206) C:\Windows\system32\CLFS.sys
    13:54:41.0036 1052 CLFS - ok
    13:54:41.0052 1052 CmBatt (0840155d0bddf1190f84a663c284bd33) C:\Windows\system32\DRIVERS\CmBatt.sys
    13:54:41.0055 1052 CmBatt - ok
    13:54:41.0063 1052 cmdide (e19d3f095812725d88f9001985b94edd) C:\Windows\system32\DRIVERS\cmdide.sys
    13:54:41.0066 1052 cmdide - ok
    13:54:41.0092 1052 CNG (f95fd4cb7da00ba2a63ce9f6b5c053e1) C:\Windows\system32\Drivers\cng.sys
    13:54:41.0094 1052 CNG - ok
    13:54:41.0113 1052 Compbatt (102de219c3f61415f964c88e9085ad14) C:\Windows\system32\DRIVERS\compbatt.sys
    13:54:41.0121 1052 Compbatt - ok
    13:54:41.0140 1052 CompositeBus (f26b3a86f6fa87ca360b879581ab4123) C:\Windows\system32\DRIVERS\CompositeBus.sys
    13:54:41.0146 1052 CompositeBus - ok
    13:54:41.0157 1052 crcdisk (1c827878a998c18847245fe1f34ee597) C:\Windows\system32\DRIVERS\crcdisk.sys
    13:54:41.0161 1052 crcdisk - ok
    13:54:41.0204 1052 DfsC (9c253ce7311ca60fc11c774692a13208) C:\Windows\system32\Drivers\dfsc.sys
    13:54:41.0206 1052 DfsC - ok
    13:54:41.0225 1052 discache (13096b05847ec78f0977f2c0f79e9ab3) C:\Windows\system32\drivers\discache.sys
    13:54:41.0231 1052 discache - ok
    13:54:41.0246 1052 Disk (9819eee8b5ea3784ec4af3b137a5244c) C:\Windows\system32\DRIVERS\disk.sys
    13:54:41.0247 1052 Disk - ok
    13:54:41.0278 1052 drmkaud (9b19f34400d24df84c858a421c205754) C:\Windows\system32\drivers\drmkaud.sys
    13:54:41.0283 1052 drmkaud - ok
    13:54:41.0333 1052 DXGKrnl (1633b9abf52784a1331476397a48cbef) C:\Windows\System32\drivers\dxgkrnl.sys
    13:54:41.0393 1052 DXGKrnl - ok
    13:54:41.0462 1052 ebdrv (dc5d737f51be844d8c82c695eb17372f) C:\Windows\system32\DRIVERS\evbda.sys
    13:54:41.0521 1052 ebdrv - ok
    13:54:41.0546 1052 elxstor (0e5da5369a0fcaea12456dd852545184) C:\Windows\system32\DRIVERS\elxstor.sys
    13:54:41.0558 1052 elxstor - ok
    13:54:41.0574 1052 ErrDev (34a3c54752046e79a126e15c51db409b) C:\Windows\system32\DRIVERS\errdev.sys
    13:54:41.0581 1052 ErrDev - ok
    13:54:41.0610 1052 exfat (a510c654ec00c1e9bdd91eeb3a59823b) C:\Windows\system32\drivers\exfat.sys
    13:54:41.0622 1052 exfat - ok
    13:54:41.0647 1052 fastfat (0adc83218b66a6db380c330836f3e36d) C:\Windows\system32\drivers\fastfat.sys
    13:54:41.0648 1052 fastfat - ok
    13:54:41.0658 1052 fdc (d765d19cd8ef61f650c384f62fac00ab) C:\Windows\system32\DRIVERS\fdc.sys
    13:54:41.0662 1052 fdc - ok
    13:54:41.0675 1052 FileInfo (655661be46b5f5f3fd454e2c3095b930) C:\Windows\system32\drivers\fileinfo.sys
    13:54:41.0675 1052 FileInfo - ok
    13:54:41.0685 1052 Filetrace (5f671ab5bc87eea04ec38a6cd5962a47) C:\Windows\system32\drivers\filetrace.sys
    13:54:41.0688 1052 Filetrace - ok
    13:54:41.0706 1052 flpydisk (c172a0f53008eaeb8ea33fe10e177af5) C:\Windows\system32\DRIVERS\flpydisk.sys
    13:54:41.0712 1052 flpydisk - ok
    13:54:41.0733 1052 FltMgr (f7866af72abbaf84b1fa5aa195378c59) C:\Windows\system32\drivers\fltmgr.sys
    13:54:41.0736 1052 FltMgr - ok
    13:54:41.0761 1052 FsDepends (d43703496149971890703b4b1b723eac) C:\Windows\system32\drivers\FsDepends.sys
    13:54:41.0768 1052 FsDepends - ok
    13:54:41.0790 1052 Fs_Rec (e95ef8547de20cf0603557c0cf7a9462) C:\Windows\system32\drivers\Fs_Rec.sys
    13:54:41.0793 1052 Fs_Rec - ok
    13:54:41.0834 1052 fvevol (ae87ba80d0ec3b57126ed2cdc15b24ed) C:\Windows\system32\DRIVERS\fvevol.sys
    13:54:41.0837 1052 fvevol - ok
    13:54:41.0861 1052 gagp30kx (8c778d335c9d272cfd3298ab02abe3b6) C:\Windows\system32\DRIVERS\gagp30kx.sys
    13:54:41.0871 1052 gagp30kx - ok
    13:54:41.0922 1052 hcw85cir (f2523ef6460fc42405b12248338ab2f0) C:\Windows\system32\drivers\hcw85cir.sys
    13:54:41.0930 1052 hcw85cir - ok
    13:54:41.0973 1052 HDAudBus (0a49913402747a0b67de940fb42cbdbb) C:\Windows\system32\DRIVERS\HDAudBus.sys
    13:54:41.0975 1052 HDAudBus - ok
    13:54:41.0996 1052 HECIx64 (b6ac71aaa2b10848f57fc49d55a651af) C:\Windows\system32\DRIVERS\HECIx64.sys
    13:54:42.0031 1052 HECIx64 - ok
    13:54:42.0040 1052 HidBatt (78e86380454a7b10a5eb255dc44a355f) C:\Windows\system32\DRIVERS\HidBatt.sys
    13:54:42.0043 1052 HidBatt - ok
    13:54:42.0052 1052 HidBth (7fd2a313f7afe5c4dab14798c48dd104) C:\Windows\system32\DRIVERS\hidbth.sys
    13:54:42.0056 1052 HidBth - ok
    13:54:42.0095 1052 HidIr (0a77d29f311b88cfae3b13f9c1a73825) C:\Windows\system32\DRIVERS\hidir.sys
    13:54:42.0102 1052 HidIr - ok
    13:54:42.0122 1052 HidUsb (b3bf6b5b50006def50b66306d99fcf6f) C:\Windows\system32\DRIVERS\hidusb.sys
    13:54:42.0127 1052 HidUsb - ok
    13:54:42.0156 1052 HpSAMD (0886d440058f203eba0e1825e4355914) C:\Windows\system32\DRIVERS\HpSAMD.sys
    13:54:42.0160 1052 HpSAMD - ok
    13:54:42.0190 1052 HTTP (cee049cac4efa7f4e1e4ad014414a5d4) C:\Windows\system32\drivers\HTTP.sys
    13:54:42.0216 1052 HTTP - ok
    13:54:42.0231 1052 hwpolicy (f17766a19145f111856378df337a5d79) C:\Windows\system32\drivers\hwpolicy.sys
    13:54:42.0231 1052 hwpolicy - ok
    13:54:42.0255 1052 i8042prt (fa55c73d4affa7ee23ac4be53b4592d3) C:\Windows\system32\DRIVERS\i8042prt.sys
    13:54:42.0261 1052 i8042prt - ok
    13:54:42.0289 1052 iaStor (631fa8935163b01fc0c02966cb3adb92) C:\Windows\system32\DRIVERS\iaStor.sys
    13:54:42.0294 1052 iaStor - ok
    13:54:42.0349 1052 iaStorV (b75e45c564e944a2657167d197ab29da) C:\Windows\system32\drivers\iaStorV.sys
    13:54:42.0392 1052 iaStorV - ok
    13:54:42.0411 1052 iirsp (5c18831c61933628f5bb0ea2675b9d21) C:\Windows\system32\DRIVERS\iirsp.sys
    13:54:42.0416 1052 iirsp - ok
    13:54:42.0485 1052 IntcAzAudAddService (ee64207f2f5c20bfe5f73db2566c4601) C:\Windows\system32\drivers\RTKVHD64.sys
    13:54:42.0514 1052 IntcAzAudAddService - ok
    13:54:42.0548 1052 IntcDAud (49072edbc5c2f964917d1b585c90ed0a) C:\Windows\system32\DRIVERS\IntcDAud.sys
    13:54:42.0593 1052 IntcDAud - ok
    13:54:42.0603 1052 intelide (f00f20e70c6ec3aa366910083a0518aa) C:\Windows\system32\DRIVERS\intelide.sys
    13:54:42.0605 1052 intelide - ok
    13:54:42.0614 1052 intelppm (ada036632c664caa754079041cf1f8c1) C:\Windows\system32\DRIVERS\intelppm.sys
    13:54:42.0615 1052 intelppm - ok
    13:54:42.0631 1052 IpFilterDriver (722dd294df62483cecaae6e094b4d695) C:\Windows\system32\DRIVERS\ipfltdrv.sys
    13:54:42.0635 1052 IpFilterDriver - ok
    13:54:42.0648 1052 IPMIDRV (e2b4a4494db7cb9b89b55ca268c337c5) C:\Windows\system32\DRIVERS\IPMIDrv.sys
    13:54:42.0659 1052 IPMIDRV - ok
    13:54:42.0674 1052 IPNAT (af9b39a7e7b6caa203b3862582e9f2d0) C:\Windows\system32\drivers\ipnat.sys
    13:54:42.0680 1052 IPNAT - ok
    13:54:42.0689 1052 IRENUM (3abf5e7213eb28966d55d58b515d5ce9) C:\Windows\system32\drivers\irenum.sys
    13:54:42.0692 1052 IRENUM - ok
    13:54:42.0709 1052 isapnp (2f7b28dc3e1183e5eb418df55c204f38) C:\Windows\system32\DRIVERS\isapnp.sys
    13:54:42.0715 1052 isapnp - ok
    13:54:42.0737 1052 iScsiPrt (fa4d2557de56d45b0a346f93564be6e1) C:\Windows\system32\DRIVERS\msiscsi.sys
    13:54:42.0745 1052 iScsiPrt - ok
    13:54:42.0768 1052 k57nd60a (9d7ea8c7215d8d4ae7be110eee61085d) C:\Windows\system32\DRIVERS\k57nd60a.sys
    13:54:42.0807 1052 k57nd60a - ok
    13:54:42.0832 1052 kbdclass (bc02336f1cba7dcc7d1213bb588a68a5) C:\Windows\system32\DRIVERS\kbdclass.sys
    13:54:42.0836 1052 kbdclass - ok
    13:54:42.0853 1052 kbdhid (6def98f8541e1b5dceb2c822a11f7323) C:\Windows\system32\DRIVERS\kbdhid.sys
    13:54:42.0864 1052 kbdhid - ok
    13:54:42.0894 1052 KSecDD (e8b6fcc9c83535c67f835d407620bd27) C:\Windows\system32\Drivers\ksecdd.sys
    13:54:42.0895 1052 KSecDD - ok
    13:54:42.0912 1052 KSecPkg (a8c63880ef6f4d3fec7b616b9c060215) C:\Windows\system32\Drivers\ksecpkg.sys
    13:54:42.0913 1052 KSecPkg - ok
    13:54:42.0932 1052 ksthunk (6869281e78cb31a43e969f06b57347c4) C:\Windows\system32\drivers\ksthunk.sys
    13:54:42.0938 1052 ksthunk - ok
    13:54:42.0971 1052 lltdio (1538831cf8ad2979a04c423779465827) C:\Windows\system32\DRIVERS\lltdio.sys
    13:54:42.0976 1052 lltdio - ok
    13:54:42.0995 1052 LSI_FC (1a93e54eb0ece102495a51266dcdb6a6) C:\Windows\system32\DRIVERS\lsi_fc.sys
    13:54:43.0000 1052 LSI_FC - ok
    13:54:43.0013 1052 LSI_SAS (1047184a9fdc8bdbff857175875ee810) C:\Windows\system32\DRIVERS\lsi_sas.sys
    13:54:43.0017 1052 LSI_SAS - ok
    13:54:43.0028 1052 LSI_SAS2 (30f5c0de1ee8b5bc9306c1f0e4a75f93) C:\Windows\system32\DRIVERS\lsi_sas2.sys
    13:54:43.0031 1052 LSI_SAS2 - ok
    13:54:43.0050 1052 LSI_SCSI (0504eacaff0d3c8aed161c4b0d369d4a) C:\Windows\system32\DRIVERS\lsi_scsi.sys
    13:54:43.0065 1052 LSI_SCSI - ok
    13:54:43.0107 1052 luafv (43d0f98e1d56ccddb0d5254cff7b356e) C:\Windows\system32\drivers\luafv.sys
    13:54:43.0108 1052 luafv - ok
    13:54:43.0154 1052 MBAMProtector (23a854450dab5c9b7a42ab9be6f2e4bd) C:\Windows\system32\drivers\mbam.sys
    13:54:43.0155 1052 MBAMProtector - ok
    13:54:43.0201 1052 megasas (a55805f747c6edb6a9080d7c633bd0f4) C:\Windows\system32\DRIVERS\megasas.sys
    13:54:43.0205 1052 megasas - ok
    13:54:43.0225 1052 MegaSR (baf74ce0072480c3b6b7c13b2a94d6b3) C:\Windows\system32\DRIVERS\MegaSR.sys
    13:54:43.0235 1052 MegaSR - ok
    13:54:43.0260 1052 mfeapfk (31338e489314ae2a29534fbaa7ad2f1b) C:\Windows\system32\drivers\mfeapfk.sys
    13:54:43.0262 1052 mfeapfk - ok
    13:54:43.0291 1052 mfeavfk (5822e70233218bcf22a65fcea74d012d) C:\Windows\system32\drivers\mfeavfk.sys
    13:54:43.0342 1052 mfeavfk - ok
    13:54:43.0372 1052 mfeavfk01 - ok
    13:54:43.0399 1052 mfefirek (5a24e7c834576313d8c5eaf0825da844) C:\Windows\system32\drivers\mfefirek.sys
    13:54:43.0440 1052 mfefirek - ok
    13:54:43.0460 1052 mfehidk (a2607740bb18d631da01e01dcb81843b) C:\Windows\system32\drivers\mfehidk.sys
    13:54:43.0463 1052 mfehidk - ok
    13:54:43.0479 1052 mfenlfk (50c3a9d7465d385061c0601deefb5a8e) C:\Windows\system32\DRIVERS\mfenlfk.sys
    13:54:43.0523 1052 mfenlfk - ok
    13:54:43.0547 1052 mferkdet (edf5ee799a0b3ed6dce8bb16a51f3d1f) C:\Windows\system32\drivers\mferkdet.sys
    13:54:43.0577 1052 mferkdet - ok
    13:54:43.0599 1052 mfewfpk (9182faf9addd5ea6308d155ceb502c6f) C:\Windows\system32\drivers\mfewfpk.sys
    13:54:43.0600 1052 mfewfpk - ok
    13:54:43.0631 1052 Modem (800ba92f7010378b09f9ed9270f07137) C:\Windows\system32\drivers\modem.sys
    13:54:43.0637 1052 Modem - ok
    13:54:43.0662 1052 monitor (b03d591dc7da45ece20b3b467e6aadaa) C:\Windows\system32\DRIVERS\monitor.sys
    13:54:43.0663 1052 monitor - ok
    13:54:43.0678 1052 mouclass (7d27ea49f3c1f687d357e77a470aea99) C:\Windows\system32\DRIVERS\mouclass.sys
    13:54:43.0686 1052 mouclass - ok
    13:54:43.0722 1052 mouhid (d3bf052c40b0c4166d9fd86a4288c1e6) C:\Windows\system32\DRIVERS\mouhid.sys
    13:54:43.0731 1052 mouhid - ok
    13:54:43.0750 1052 mountmgr (791af66c4d0e7c90a3646066386fb571) C:\Windows\system32\drivers\mountmgr.sys
    13:54:43.0752 1052 mountmgr - ok
    13:54:43.0772 1052 mpio (609d1d87649ecc19796f4d76d4c15cea) C:\Windows\system32\DRIVERS\mpio.sys
    13:54:43.0780 1052 mpio - ok
    13:54:43.0804 1052 mpsdrv (6c38c9e45ae0ea2fa5e551f2ed5e978f) C:\Windows\system32\drivers\mpsdrv.sys
    13:54:43.0806 1052 mpsdrv - ok
    13:54:43.0821 1052 MRxDAV (30524261bb51d96d6fcbac20c810183c) C:\Windows\system32\drivers\mrxdav.sys
    13:54:43.0830 1052 MRxDAV - ok
    13:54:43.0886 1052 mrxsmb (040d62a9d8ad28922632137acdd984f2) C:\Windows\system32\DRIVERS\mrxsmb.sys
    13:54:43.0888 1052 mrxsmb - ok
    13:54:43.0906 1052 mrxsmb10 (f0067552f8f9b33d7c59403ab808a3cb) C:\Windows\system32\DRIVERS\mrxsmb10.sys
    13:54:43.0908 1052 mrxsmb10 - ok
    13:54:43.0920 1052 mrxsmb20 (3c142d31de9f2f193218a53fe2632051) C:\Windows\system32\DRIVERS\mrxsmb20.sys
    13:54:43.0921 1052 mrxsmb20 - ok
    13:54:43.0946 1052 msahci (bccf16d5fb1109162380e3e28dc9e4e5) C:\Windows\system32\DRIVERS\msahci.sys
    13:54:44.0000 1052 msahci - ok
    13:54:44.0031 1052 msdsm (8d27b597229aed79430fb9db3bcbfbd0) C:\Windows\system32\DRIVERS\msdsm.sys
    13:54:44.0037 1052 msdsm - ok
    13:54:44.0061 1052 Msfs (aa3fb40e17ce1388fa1bedab50ea8f96) C:\Windows\system32\drivers\Msfs.sys
    13:54:44.0062 1052 Msfs - ok
    13:54:44.0074 1052 mshidkmdf (f9d215a46a8b9753f61767fa72a20326) C:\Windows\System32\drivers\mshidkmdf.sys
    13:54:44.0084 1052 mshidkmdf - ok
    13:54:44.0109 1052 msisadrv (d916874bbd4f8b07bfb7fa9b3ccae29d) C:\Windows\system32\DRIVERS\msisadrv.sys
    13:54:44.0110 1052 msisadrv - ok
    13:54:44.0132 1052 MSKSSRV (49ccf2c4fea34ffad8b1b59d49439366) C:\Windows\system32\drivers\MSKSSRV.sys
    13:54:44.0138 1052 MSKSSRV - ok
    13:54:44.0147 1052 MSPCLOCK (bdd71ace35a232104ddd349ee70e1ab3) C:\Windows\system32\drivers\MSPCLOCK.sys
    13:54:44.0151 1052 MSPCLOCK - ok
    13:54:44.0160 1052 MSPQM (4ed981241db27c3383d72092b618a1d0) C:\Windows\system32\drivers\MSPQM.sys
    13:54:44.0162 1052 MSPQM - ok
    13:54:44.0184 1052 MsRPC (89cb141aa8616d8c6a4610fa26c60964) C:\Windows\system32\drivers\MsRPC.sys
    13:54:44.0188 1052 MsRPC - ok
    13:54:44.0209 1052 mssmbios (0eed230e37515a0eaee3c2e1bc97b288) C:\Windows\system32\DRIVERS\mssmbios.sys
    13:54:44.0210 1052 mssmbios - ok
    13:54:44.0236 1052 MSTEE (2e66f9ecb30b4221a318c92ac2250779) C:\Windows\system32\drivers\MSTEE.sys
    13:54:44.0243 1052 MSTEE - ok
    13:54:44.0255 1052 MTConfig (7ea404308934e675bffde8edf0757bcd) C:\Windows\system32\DRIVERS\MTConfig.sys
    13:54:44.0261 1052 MTConfig - ok
    13:54:44.0291 1052 Mup (f9a18612fd3526fe473c1bda678d61c8) C:\Windows\system32\Drivers\mup.sys
    13:54:44.0292 1052 Mup - ok
    13:54:44.0319 1052 NativeWifiP (1ea3749c4114db3e3161156ffffa6b33) C:\Windows\system32\DRIVERS\nwifi.sys
    13:54:44.0335 1052 NativeWifiP - ok
    13:54:44.0364 1052 NDIS (cad515dbd07d082bb317d9928ce8962c) C:\Windows\system32\drivers\ndis.sys
    13:54:44.0372 1052 NDIS - ok
    13:54:44.0400 1052 NdisCap (9f9a1f53aad7da4d6fef5bb73ab811ac) C:\Windows\system32\DRIVERS\ndiscap.sys
    13:54:44.0405 1052 NdisCap - ok
    13:54:44.0428 1052 NdisTapi (30639c932d9fef22b31268fe25a1b6e5) C:\Windows\system32\DRIVERS\ndistapi.sys
    13:54:44.0435 1052 NdisTapi - ok
    13:54:44.0455 1052 Ndisuio (f105ba1e22bf1f2ee8f005d4305e4bec) C:\Windows\system32\DRIVERS\ndisuio.sys
    13:54:44.0462 1052 Ndisuio - ok
    13:54:44.0476 1052 NdisWan (557dfab9ca1fcb036ac77564c010dad3) C:\Windows\system32\DRIVERS\ndiswan.sys
    13:54:44.0482 1052 NdisWan - ok
    13:54:44.0502 1052 NDProxy (659b74fb74b86228d6338d643cd3e3cf) C:\Windows\system32\drivers\NDProxy.sys
    13:54:44.0505 1052 NDProxy - ok
    13:54:44.0514 1052 NetBIOS (86743d9f5d2b1048062b14b1d84501c4) C:\Windows\system32\DRIVERS\netbios.sys
    13:54:44.0514 1052 NetBIOS - ok
    13:54:44.0536 1052 NetBT (9162b273a44ab9dce5b44362731d062a) C:\Windows\system32\DRIVERS\netbt.sys
    13:54:44.0543 1052 NetBT - ok
    13:54:44.0573 1052 nfrd960 (77889813be4d166cdab78ddba990da92) C:\Windows\system32\DRIVERS\nfrd960.sys
    13:54:44.0577 1052 nfrd960 - ok
    13:54:44.0600 1052 Npfs (1e4c4ab5c9b8dd13179bbdc75a2a01f7) C:\Windows\system32\drivers\Npfs.sys
    13:54:44.0601 1052 Npfs - ok
    13:54:44.0620 1052 nsiproxy (e7f5ae18af4168178a642a9247c63001) C:\Windows\system32\drivers\nsiproxy.sys
    13:54:44.0627 1052 nsiproxy - ok
    13:54:44.0692 1052 Ntfs (378e0e0dfea67d98ae6ea53adbbd76bc) C:\Windows\system32\drivers\Ntfs.sys
    13:54:44.0710 1052 Ntfs - ok
    13:54:44.0724 1052 Null (9899284589f75fa8724ff3d16aed75c1) C:\Windows\system32\drivers\Null.sys
    13:54:44.0729 1052 Null - ok
    13:54:44.0769 1052 nvraid (a4d9c9a608a97f59307c2f2600edc6a4) C:\Windows\system32\drivers\nvraid.sys
    13:54:44.0816 1052 nvraid - ok
    13:54:44.0842 1052 nvstor (6c1d5f70e7a6a3fd1c90d840edc048b9) C:\Windows\system32\drivers\nvstor.sys
    13:54:44.0874 1052 nvstor - ok
    13:54:44.0899 1052 nv_agp (270d7cd42d6e3979f6dd0146650f0e05) C:\Windows\system32\DRIVERS\nv_agp.sys
    13:54:44.0905 1052 nv_agp - ok
    13:54:44.0919 1052 ohci1394 (3589478e4b22ce21b41fa1bfc0b8b8a0) C:\Windows\system32\DRIVERS\ohci1394.sys
    13:54:44.0930 1052 ohci1394 - ok
    13:54:44.0988 1052 Parport (0086431c29c35be1dbc43f52cc273887) C:\Windows\system32\DRIVERS\parport.sys
    13:54:44.0993 1052 Parport - ok
    13:54:45.0010 1052 partmgr (7daa117143316c4a1537e074a5a9eaf0) C:\Windows\system32\drivers\partmgr.sys
    13:54:45.0012 1052 partmgr - ok
    13:54:45.0039 1052 pci (f36f6504009f2fb0dfd1b17a116ad74b) C:\Windows\system32\DRIVERS\pci.sys
    13:54:45.0041 1052 pci - ok
    13:54:45.0060 1052 pciide (b5b8b5ef2e5cb34df8dcf8831e3534fa) C:\Windows\system32\DRIVERS\pciide.sys
    13:54:45.0068 1052 pciide - ok
    13:54:45.0090 1052 pcmcia (b2e81d4e87ce48589f98cb8c05b01f2f) C:\Windows\system32\DRIVERS\pcmcia.sys
    13:54:45.0100 1052 pcmcia - ok
    13:54:45.0122 1052 pcw (d6b9c2e1a11a3a4b26a182ffef18f603) C:\Windows\system32\drivers\pcw.sys
    13:54:45.0123 1052 pcw - ok
    13:54:45.0153 1052 PEAUTH (68769c3356b3be5d1c732c97b9a80d6e) C:\Windows\system32\drivers\peauth.sys
    13:54:45.0178 1052 PEAUTH - ok
    13:54:45.0222 1052 PptpMiniport (27cc19e81ba5e3403c48302127bda717) C:\Windows\system32\DRIVERS\raspptp.sys
    13:54:45.0226 1052 PptpMiniport - ok
    13:54:45.0240 1052 Processor (0d922e23c041efb1c3fac2a6f943c9bf) C:\Windows\system32\DRIVERS\processr.sys
    13:54:45.0243 1052 Processor - ok
    13:54:45.0269 1052 Psched (ee992183bd8eaefd9973f352e587a299) C:\Windows\system32\DRIVERS\pacer.sys
    13:54:45.0271 1052 Psched - ok
    13:54:45.0292 1052 PxHlpa64 (4712cc14e720ecccc0aa16949d18aaf1) C:\Windows\system32\Drivers\PxHlpa64.sys
    13:54:45.0293 1052 PxHlpa64 - ok
    13:54:45.0348 1052 ql2300 (a53a15a11ebfd21077463ee2c7afeef0) C:\Windows\system32\DRIVERS\ql2300.sys
    13:54:45.0401 1052 ql2300 - ok
    13:54:45.0417 1052 ql40xx (4f6d12b51de1aaeff7dc58c4d75423c8) C:\Windows\system32\DRIVERS\ql40xx.sys
    13:54:45.0421 1052 ql40xx - ok
    13:54:45.0445 1052 QWAVEdrv (76707bb36430888d9ce9d705398adb6c) C:\Windows\system32\drivers\qwavedrv.sys
    13:54:45.0449 1052 QWAVEdrv - ok
    13:54:45.0459 1052 RasAcd (5a0da8ad5762fa2d91678a8a01311704) C:\Windows\system32\DRIVERS\rasacd.sys
    13:54:45.0465 1052 RasAcd - ok
    13:54:45.0501 1052 RasAgileVpn (7ecff9b22276b73f43a99a15a6094e90) C:\Windows\system32\DRIVERS\AgileVpn.sys
    13:54:45.0506 1052 RasAgileVpn - ok
    13:54:45.0529 1052 Rasl2tp (87a6e852a22991580d6d39adc4790463) C:\Windows\system32\DRIVERS\rasl2tp.sys
    13:54:45.0539 1052 Rasl2tp - ok
    13:54:45.0571 1052 RasPppoe (855c9b1cd4756c5e9a2aa58a15f58c25) C:\Windows\system32\DRIVERS\raspppoe.sys
    13:54:45.0581 1052 RasPppoe - ok
    13:54:45.0593 1052 RasSstp (e8b1e447b008d07ff47d016c2b0eeecb) C:\Windows\system32\DRIVERS\rassstp.sys
    13:54:45.0598 1052 RasSstp - ok
    13:54:45.0624 1052 rdbss (3bac8142102c15d59a87757c1d41dce5) C:\Windows\system32\DRIVERS\rdbss.sys
    13:54:45.0627 1052 rdbss - ok
    13:54:45.0645 1052 rdpbus (302da2a0539f2cf54d7c6cc30c1f2d8d) C:\Windows\system32\DRIVERS\rdpbus.sys
    13:54:45.0652 1052 rdpbus - ok
    13:54:45.0671 1052 RDPCDD (cea6cc257fc9b7715f1c2b4849286d24) C:\Windows\system32\DRIVERS\RDPCDD.sys
    13:54:45.0675 1052 RDPCDD - ok
    13:54:45.0694 1052 RDPENCDD (bb5971a4f00659529a5c44831af22365) C:\Windows\system32\drivers\rdpencdd.sys
    13:54:45.0699 1052 RDPENCDD - ok
    13:54:45.0715 1052 RDPREFMP (216f3fa57533d98e1f74ded70113177a) C:\Windows\system32\drivers\rdprefmp.sys
    13:54:45.0719 1052 RDPREFMP - ok
    13:54:45.0739 1052 RDPWD (8a3e6bea1c53ea6177fe2b6eba2c80d7) C:\Windows\system32\drivers\RDPWD.sys
    13:54:45.0755 1052 RDPWD - ok
    13:54:45.0783 1052 rdyboost (634b9a2181d98f15941236886164ec8b) C:\Windows\system32\drivers\rdyboost.sys
    13:54:45.0785 1052 rdyboost - ok
    13:54:45.0832 1052 rspndr (ddc86e4f8e7456261e637e3552e804ff) C:\Windows\system32\DRIVERS\rspndr.sys
    13:54:45.0836 1052 rspndr - ok
    13:54:45.0844 1052 RxFilter - ok
    13:54:45.0863 1052 sbp2port (e3bbb89983daf5622c1d50cf49f28227) C:\Windows\system32\DRIVERS\sbp2port.sys
    13:54:45.0872 1052 sbp2port - ok
    13:54:45.0886 1052 scfilter (c94da20c7e3ba1dca269bc8460d98387) C:\Windows\system32\DRIVERS\scfilter.sys
    13:54:45.0890 1052 scfilter - ok
    13:54:45.0916 1052 secdrv (3ea8a16169c26afbeb544e0e48421186) C:\Windows\system32\drivers\secdrv.sys
    13:54:45.0919 1052 secdrv - ok
    13:54:45.0991 1052 Serenum (cb624c0035412af0debec78c41f5ca1b) C:\Windows\system32\DRIVERS\serenum.sys
    13:54:46.0000 1052 Serenum - ok
    13:54:46.0035 1052 Serial (c1d8e28b2c2adfaec4ba89e9fda69bd6) C:\Windows\system32\DRIVERS\serial.sys
    13:54:46.0041 1052 Serial - ok
    13:54:46.0055 1052 sermouse (1c545a7d0691cc4a027396535691c3e3) C:\Windows\system32\DRIVERS\sermouse.sys
    13:54:46.0059 1052 sermouse - ok
    13:54:46.0083 1052 sffdisk (a554811bcd09279536440c964ae35bbf) C:\Windows\system32\DRIVERS\sffdisk.sys
    13:54:46.0087 1052 sffdisk - ok
    13:54:46.0097 1052 sffp_mmc (ff414f0baefeba59bc6c04b3db0b87bf) C:\Windows\system32\DRIVERS\sffp_mmc.sys
    13:54:46.0101 1052 sffp_mmc - ok
    13:54:46.0110 1052 sffp_sd (178298f767fe638c9fedcbdef58bb5e4) C:\Windows\system32\DRIVERS\sffp_sd.sys
    13:54:46.0146 1052 sffp_sd - ok
    13:54:46.0167 1052 sfloppy (a9d601643a1647211a1ee2ec4e433ff4) C:\Windows\system32\DRIVERS\sfloppy.sys
    13:54:46.0171 1052 sfloppy - ok
    13:54:46.0196 1052 SiSRaid2 (843caf1e5fde1ffd5ff768f23a51e2e1) C:\Windows\system32\DRIVERS\SiSRaid2.sys
    13:54:46.0204 1052 SiSRaid2 - ok
    13:54:46.0216 1052 SiSRaid4 (6a6c106d42e9ffff8b9fcb4f754f6da4) C:\Windows\system32\DRIVERS\sisraid4.sys
    13:54:46.0222 1052 SiSRaid4 - ok
    13:54:46.0248 1052 Smb (548260a7b8654e024dc30bf8a7c5baa4) C:\Windows\system32\DRIVERS\smb.sys
    13:54:46.0255 1052 Smb - ok
    13:54:46.0282 1052 spldr (b9e31e5cacdfe584f34f730a677803f9) C:\Windows\system32\drivers\spldr.sys
    13:54:46.0283 1052 spldr - ok
    13:54:46.0332 1052 srv (2408c0366d96bcdf63e8f1c78e4a29c5) C:\Windows\system32\DRIVERS\srv.sys
    13:54:46.0337 1052 srv - ok
    13:54:46.0365 1052 srv2 (76548f7b818881b47d8d1ae1be9c11f8) C:\Windows\system32\DRIVERS\srv2.sys
    13:54:46.0369 1052 srv2 - ok
    13:54:46.0389 1052 srvnet (0af6e19d39c70844c5caa8fb0183c36e) C:\Windows\system32\DRIVERS\srvnet.sys
    13:54:46.0391 1052 srvnet - ok
    13:54:46.0422 1052 stexstor (f3817967ed533d08327dc73bc4d5542a) C:\Windows\system32\DRIVERS\stexstor.sys
    13:54:46.0426 1052 stexstor - ok
    13:54:46.0449 1052 swenum (d01ec09b6711a5f8e7e6564a4d0fbc90) C:\Windows\system32\DRIVERS\swenum.sys
    13:54:46.0452 1052 swenum - ok
    13:54:46.0528 1052 Tcpip (b9d87c7707f058ac652a398cd28de14b) C:\Windows\system32\drivers\tcpip.sys
    13:54:46.0560 1052 Tcpip - ok
    13:54:46.0611 1052 TCPIP6 (b9d87c7707f058ac652a398cd28de14b) C:\Windows\system32\DRIVERS\tcpip.sys
    13:54:46.0627 1052 TCPIP6 - ok
    13:54:46.0642 1052 tcpipreg (76d078af6f587b162d50210f761eb9ed) C:\Windows\system32\drivers\tcpipreg.sys
    13:54:46.0645 1052 tcpipreg - ok
    13:54:46.0666 1052 TDPIPE (3371d21011695b16333a3934340c4e7c) C:\Windows\system32\drivers\tdpipe.sys
    13:54:46.0672 1052 TDPIPE - ok
    13:54:46.0682 1052 TDTCP (e4245bda3190a582d55ed09e137401a9) C:\Windows\system32\drivers\tdtcp.sys
    13:54:46.0684 1052 TDTCP - ok
    13:54:46.0703 1052 tdx (079125c4b17b01fcaeebce0bcb290c0f) C:\Windows\system32\DRIVERS\tdx.sys
    13:54:46.0713 1052 tdx - ok
    13:54:46.0736 1052 TermDD (c448651339196c0e869a355171875522) C:\Windows\system32\DRIVERS\termdd.sys
    13:54:46.0745 1052 TermDD - ok
    13:54:46.0787 1052 tssecsrv (61b96c26131e37b24e93327a0bd1fb95) C:\Windows\system32\DRIVERS\tssecsrv.sys
    13:54:46.0790 1052 tssecsrv - ok
    13:54:46.0817 1052 tunnel (3836171a2cdf3af8ef10856db9835a70) C:\Windows\system32\DRIVERS\tunnel.sys
    13:54:46.0819 1052 tunnel - ok
    13:54:46.0832 1052 uagp35 (b4dd609bd7e282bfc683cec7eaaaad67) C:\Windows\system32\DRIVERS\uagp35.sys
    13:54:46.0841 1052 uagp35 - ok
    13:54:46.0873 1052 udfs (31ba4a33afab6a69ea092b18017f737f) C:\Windows\system32\DRIVERS\udfs.sys
    13:54:46.0916 1052 udfs - ok
    13:54:46.0950 1052 uliagpkx (4bfe1bc28391222894cbf1e7d0e42320) C:\Windows\system32\DRIVERS\uliagpkx.sys
    13:54:46.0954 1052 uliagpkx - ok
    13:54:46.0974 1052 umbus (eab6c35e62b1b0db0d1b48b671d3a117) C:\Windows\system32\DRIVERS\umbus.sys
    13:54:46.0982 1052 umbus - ok
    13:54:47.0005 1052 UmPass (b2e8e8cb557b156da5493bbddcc1474d) C:\Windows\system32\DRIVERS\umpass.sys
    13:54:47.0009 1052 UmPass - ok
    13:54:47.0043 1052 usbccgp (537a4e03d7103c12d42dfd8ffdb5bdc9) C:\Windows\system32\DRIVERS\usbccgp.sys
    13:54:47.0090 1052 usbccgp - ok
    13:54:47.0108 1052 usbcir (af0892a803fdda7492f595368e3b68e7) C:\Windows\system32\DRIVERS\usbcir.sys
    13:54:47.0113 1052 usbcir - ok
    13:54:47.0129 1052 usbehci (fbb21ebe49f6d560db37ac25fbc68e66) C:\Windows\system32\drivers\usbehci.sys
    13:54:47.0157 1052 usbehci - ok
    13:54:47.0182 1052 usbhub (6b7a8a99c4a459e73c286a6763ea24cc) C:\Windows\system32\DRIVERS\usbhub.sys
    13:54:47.0214 1052 usbhub - ok
    13:54:47.0232 1052 usbohci (8c88aa7617b4cbc2e4bed61d26b33a27) C:\Windows\system32\drivers\usbohci.sys
    13:54:47.0263 1052 usbohci - ok
    13:54:47.0282 1052 usbprint (73188f58fb384e75c4063d29413cee3d) C:\Windows\system32\DRIVERS\usbprint.sys
    13:54:47.0285 1052 usbprint - ok
    13:54:47.0314 1052 USBSTOR (f39983647bc1f3e6100778ddfe9dce29) C:\Windows\system32\drivers\USBSTOR.SYS
    13:54:47.0315 1052 USBSTOR - ok
    13:54:47.0328 1052 usbuhci (0b5b3b2df3fd1709618acfa50b8392b0) C:\Windows\system32\drivers\usbuhci.sys
    13:54:47.0366 1052 usbuhci - ok
    13:54:47.0395 1052 vdrvroot (c5c876ccfc083ff3b128f933823e87bd) C:\Windows\system32\DRIVERS\vdrvroot.sys
    13:54:47.0396 1052 vdrvroot - ok
    13:54:47.0427 1052 vga (da4da3f5e02943c2dc8c6ed875de68dd) C:\Windows\system32\DRIVERS\vgapnp.sys
    13:54:47.0433 1052 vga - ok
    13:54:47.0456 1052 VgaSave (53e92a310193cb3c03bea963de7d9cfc) C:\Windows\System32\drivers\vga.sys
    13:54:47.0462 1052 VgaSave - ok
    13:54:47.0489 1052 vhdmp (c82e748660f62a242b2dfac1442f22a4) C:\Windows\system32\DRIVERS\vhdmp.sys
    13:54:47.0502 1052 vhdmp - ok
    13:54:47.0522 1052 viaide (e5689d93ffe4e5d66c0178761240dd54) C:\Windows\system32\DRIVERS\viaide.sys
    13:54:47.0530 1052 viaide - ok
    13:54:47.0584 1052 volmgr (2b1a3dae2b4e70dbba822b7a03fbd4a3) C:\Windows\system32\DRIVERS\volmgr.sys
    13:54:47.0586 1052 volmgr - ok
    13:54:47.0613 1052 volmgrx (99b0cbb569ca79acaed8c91461d765fb) C:\Windows\system32\drivers\volmgrx.sys
    13:54:47.0617 1052 volmgrx - ok
    13:54:47.0646 1052 volsnap (58f82eed8ca24b461441f9c3e4f0bf5c) C:\Windows\system32\DRIVERS\volsnap.sys
    13:54:47.0650 1052 volsnap - ok
    13:54:47.0672 1052 vsmraid (5e2016ea6ebaca03c04feac5f330d997) C:\Windows\system32\DRIVERS\vsmraid.sys
    13:54:47.0685 1052 vsmraid - ok
    13:54:47.0715 1052 vwifibus (36d4720b72b5c5d9cb2b9c29e9df67a1) C:\Windows\system32\DRIVERS\vwifibus.sys
    13:54:47.0720 1052 vwifibus - ok
    13:54:47.0743 1052 vwififlt (6a3d66263414ff0d6fa754c646612f3f) C:\Windows\system32\DRIVERS\vwififlt.sys
    13:54:47.0753 1052 vwififlt - ok
    13:54:47.0773 1052 WacomPen (4e9440f4f152a7b944cb1663d3935a3e) C:\Windows\system32\DRIVERS\wacompen.sys
    13:54:47.0777 1052 WacomPen - ok
    13:54:47.0792 1052 WANARP (47ca49400643effd3f1c9a27e1d69324) C:\Windows\system32\DRIVERS\wanarp.sys
    13:54:47.0796 1052 WANARP - ok
    13:54:47.0800 1052 Wanarpv6 (47ca49400643effd3f1c9a27e1d69324) C:\Windows\system32\DRIVERS\wanarp.sys
    13:54:47.0801 1052 Wanarpv6 - ok
    13:54:47.0821 1052 Wd (72889e16ff12ba0f235467d6091b17dc) C:\Windows\system32\DRIVERS\wd.sys
    13:54:47.0826 1052 Wd - ok
    13:54:47.0852 1052 Wdf01000 (441bd2d7b4f98134c3a4f9fa570fd250) C:\Windows\system32\drivers\Wdf01000.sys
    13:54:47.0855 1052 Wdf01000 - ok
    13:54:47.0916 1052 WfpLwf (611b23304bf067451a9fdee01fbdd725) C:\Windows\system32\DRIVERS\wfplwf.sys
    13:54:47.0928 1052 WfpLwf - ok
    13:54:47.0970 1052 WimFltr (b14ef15bd757fa488f9c970eee9c0d35) C:\Windows\system32\DRIVERS\wimfltr.sys
    13:54:48.0022 1052 WimFltr - ok
    13:54:48.0048 1052 WIMMount (05ecaec3e4529a7153b3136ceb49f0ec) C:\Windows\system32\drivers\wimmount.sys
    13:54:48.0051 1052 WIMMount - ok
    13:54:48.0076 1052 WmiAcpi (f6ff8944478594d0e414d3f048f0d778) C:\Windows\system32\DRIVERS\wmiacpi.sys
    13:54:48.0079 1052 WmiAcpi - ok
    13:54:48.0099 1052 ws2ifsl (6bcc1d7d2fd2453957c5479a32364e52) C:\Windows\system32\drivers\ws2ifsl.sys
    13:54:48.0102 1052 ws2ifsl - ok
    13:54:48.0146 1052 WudfPf (c63907207b837a5c05cf6d1606aa0008) C:\Windows\system32\drivers\WudfPf.sys
    13:54:48.0174 1052 WudfPf - ok
    13:54:48.0207 1052 WUDFRd (d885a873d733020f8b9b9ff4b1666158) C:\Windows\system32\DRIVERS\WUDFRd.sys
    13:54:48.0236 1052 WUDFRd - ok
    13:54:48.0260 1052 MBR (0x1B8) (a36c5e4f47e84449ff07ed3517b43a31) \Device\Harddisk0\DR0
    13:54:48.0269 1052 \Device\Harddisk0\DR0 - ok
    13:54:48.0277 1052 Boot (0x1200) (eb2b2f71d1764f16f5936d05b299d215) \Device\Harddisk0\DR0\Partition0
    13:54:48.0279 1052 \Device\Harddisk0\DR0\Partition0 - ok
    13:54:48.0287 1052 Boot (0x1200) (8725a6d38fdf545e2968ce1f76df3675) \Device\Harddisk0\DR0\Partition1
    13:54:48.0288 1052 \Device\Harddisk0\DR0\Partition1 - ok
    13:54:48.0288 1052 ============================================================
    13:54:48.0288 1052 Scan finished
    13:54:48.0288 1052 ============================================================
    13:54:48.0295 5860 Detected object count: 0
    13:54:48.0295 5860 Actual detected object count: 0
    13:55:01.0656 2808 Deinitialize success










    This log file is located at C:\rkill.log.
    Please post this only if requested to by the person helping you.
    Otherwise you can close this log when you wish.

    Rkill was run on 10/07/2011 at 14:00:00.
    Operating System: Windows 7 Home Premium


    Processes terminated by Rkill or while it was running:



    Rkill completed on 10/07/2011 at 14:00:01.












    Malwarebytes' Anti-Malware 1.51.2.1300
    www.malwarebytes.org

    Database version: 7896

    Windows 6.1.7600 (Safe Mode)
    Internet Explorer 8.0.7600.16385

    10/7/2011 2:19:17 PM
    mbam-log-2011-10-07 (14-19-16).txt

    Scan type: Full scan (C:\|)
    Objects scanned: 339006
    Time elapsed: 16 minute(s), 59 second(s)

    Memory Processes Infected: 0
    Memory Modules Infected: 0
    Registry Keys Infected: 0
    Registry Values Infected: 0
    Registry Data Items Infected: 0
    Folders Infected: 0
    Files Infected: 0

    Memory Processes Infected:
    (No malicious items detected)

    Memory Modules Infected:
    (No malicious items detected)

    Registry Keys Infected:
    (No malicious items detected)

    Registry Values Infected:
    (No malicious items detected)

    Registry Data Items Infected:
    (No malicious items detected)

    Folders Infected:
    (No malicious items detected)

    Files Infected:
    (No malicious items detected)
     
  4. ChillyDown

    ChillyDown TS Rookie Topic Starter

    DDS (Ver_2011-08-26.01) - NTFSAMD64 NETWORK
    Internet Explorer: 8.0.7600.16385
    Run by Asher at 14:22:48 on 2011-10-07
    Microsoft Windows 7 Home Premium 6.1.7600.0.1252.1.1033.18.8151.6527 [GMT -7:00]
    .
    AV: McAfee Anti-Virus and Anti-Spyware *Enabled/Updated* {86355677-4064-3EA7-ABB3-1B136EB04637}
    SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
    SP: McAfee Anti-Virus and Anti-Spyware *Enabled/Updated* {3D54B793-665E-3129-9103-206115370C8A}
    FW: McAfee Firewall *Disabled* {BE0ED752-0A0B-3FFF-80EC-B2269063014C}
    .
    ============== Running Processes ===============
    .
    C:\Windows\system32\wininit.exe
    C:\Windows\system32\lsm.exe
    C:\Windows\system32\svchost.exe -k DcomLaunch
    C:\Windows\system32\svchost.exe -k RPCSS
    C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
    C:\Windows\system32\svchost.exe -k netsvcs
    C:\Windows\system32\svchost.exe -k LocalSystemNetworkRestricted
    C:\Windows\system32\svchost.exe -k LocalService
    C:\Windows\system32\svchost.exe -k NetworkService
    C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
    C:\Program Files\Common Files\McAfee\SystemCore\mfevtps.exe
    C:\Program Files\Common Files\McAfee\SystemCore\mfefire.exe
    C:\Windows\Explorer.EXE
    C:\Windows\system32\ctfmon.exe
    C:\Windows\helppane.exe
    C:\Program Files (x86)\Mozilla Firefox\firefox.exe
    C:\Program Files (x86)\Mozilla Firefox\plugin-container.exe
    C:\Program Files (x86)\Mozilla Firefox\plugin-container.exe
    C:\Windows\explorer.exe
    C:\Program Files\Common Files\mcafee\McSvcHost\McSvHost.exe
    c:\PROGRA~1\mcafee.com\agent\mcagent.exe
    C:\Windows\TEMP\ICD1.tmp\FP_AX_CAB_INSTALLER64.exe
    C:\Windows\SysWOW64\ctfmon.exe
    C:\Windows\TEMP\8120.dir\InstallFlashPlayer.exe
    C:\Windows\TEMP\ICD2.tmp\FP_AX_CAB_INSTALLER64.exe
    C:\Windows\TEMP\74A2.dir\InstallFlashPlayer.exe
    C:\Windows\SysWOW64\ping.exe
    C:\Windows\system32\conhost.exe
    C:\Windows\TEMP\ICD3.tmp\FP_AX_CAB_INSTALLER64.exe
    C:\Windows\TEMP\75BB.dir\InstallFlashPlayer.exe
    C:\Windows\explorer.exe
    C:\Windows\SysWOW64\cmd.exe
    C:\Windows\system32\conhost.exe
    C:\Windows\SysWOW64\cscript.exe
    C:\Windows\system32\wbem\wmiprvse.exe
    .
    ============== Pseudo HJT Report ===============
    .
    uURLSearchHooks: uTorrentBar Toolbar: {bf7380fa-e3b4-4db2-af3e-9d8783a45bfc} - C:\Program Files (x86)\uTorrentBar\prxtbuTor.dll
    uURLSearchHooks: McAfee SiteAdvisor Toolbar: {0ebbbe48-bad4-4b4c-8e5a-516abecae064} - c:\PROGRA~2\mcafee\SITEAD~1\mcieplg.dll
    mURLSearchHooks: uTorrentBar Toolbar: {bf7380fa-e3b4-4db2-af3e-9d8783a45bfc} - C:\Program Files (x86)\uTorrentBar\prxtbuTor.dll
    mWinlogon: Userinit=userinit.exe,
    BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
    BHO: {5C255C8A-E604-49b4-9D64-90988571CECB} - No File
    BHO: Search Helper: {6ebf7485-159f-4bff-a14f-b9e3aac4465b} - C:\Program Files (x86)\Microsoft\Search Enhancement Pack\Search Helper\SearchHelper.dll
    BHO: scriptproxy: {7db2d5a0-7241-4e79-b68d-6309f01c5231} - C:\Program Files (x86)\Common Files\McAfee\SystemCore\ScriptSn.20111005193601.dll
    BHO: Windows Live Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
    BHO: Skype add-on for Internet Explorer: {ae805869-2e5c-4ed4-8f7b-f1f7851a4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
    BHO: McAfee SiteAdvisor BHO: {b164e929-a1b6-4a06-b104-2cd0e90a88ff} - c:\PROGRA~2\mcafee\SITEAD~1\mcieplg.dll
    BHO: Office Document Cache Handler: {b4f3a835-0e21-4959-ba22-42b3008e02ff} - C:\PROGRA~2\MIF5BA~1\Office14\URLREDIR.DLL
    BHO: uTorrentBar Toolbar: {bf7380fa-e3b4-4db2-af3e-9d8783a45bfc} - C:\Program Files (x86)\uTorrentBar\prxtbuTor.dll
    BHO: Java(tm) Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll
    BHO: Windows Live Toolbar Helper: {e15a8dc0-8516-42a1-81ea-dc94ec1acf10} - C:\Program Files (x86)\Windows Live\Toolbar\wltcore.dll
    TB: uTorrentBar Toolbar: {bf7380fa-e3b4-4db2-af3e-9d8783a45bfc} - C:\Program Files (x86)\uTorrentBar\prxtbuTor.dll
    TB: &Windows Live Toolbar: {21fa44ef-376d-4d53-9b0f-8a89d3229068} - C:\Program Files (x86)\Windows Live\Toolbar\wltcore.dll
    TB: McAfee SiteAdvisor Toolbar: {0ebbbe48-bad4-4b4c-8e5a-516abecae064} - c:\PROGRA~2\mcafee\SITEAD~1\mcieplg.dll
    uRun: [Pando Media Booster] C:\Program Files (x86)\Pando Networks\Media Booster\PMB.exe
    uRun: [Steam] "C:\Program Files (x86)\Steam\Steam.exe" -silent
    uRun: [msnmsgr] "C:\Program Files (x86)\Windows Live\Messenger\msnmsgr.exe" /background
    mRun: [IAStorIcon] C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe
    mRun: [ShwiconXP9106] C:\Program Files (x86)\Multimedia Card Reader(9106)\ShwiconXP9106.exe
    mRun: [StartCCC] "c:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun
    mRun: [Adobe Reader Speed Launcher] "C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe"
    mRun: [Dell DataSafe Online] "C:\Program Files (x86)\Dell DataSafe Online\DataSafeOnline.exe" /m
    mRun: [THX Audio Control Panel] "C:\Program Files (x86)\Creative\THX TruStudio PC\THXAudioCP\THXAudio.exe" /r
    mRun: [UpdReg] C:\Windows\UpdReg.EXE
    mRun: [mcui_exe] "C:\Program Files\McAfee.com\Agent\mcagent.exe" /runkey
    mRun: [DellSupportCenter] "C:\Program Files (x86)\Dell Support Center\bin\sprtcmd.exe" /P DellSupportCenter
    mRun: [Malwarebytes' Anti-Malware] "C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe" /starttray
    mRunOnce: [Launcher] C1\Program Files (x86)\Dell DataSafe Local Backup\Components\Scheduler\Launcher.exe
    mRunOnce: [DSUpdateLauncher] "C:\Program Files (x86)\Dell DataSafe Local Backup\Components\DSUpdate\hstart.exe" /NOCONSOLE /D="C:\Program Files (x86)\Dell DataSafe Local Backup\Components\DSUpdate" /RUNAS "C:\Program Files (x86)\Dell DataSafe Local Backup\Components\DSUpdate\DSUpd.exe"
    mRunOnce: [STToasterLauncher] C:\Program Files (x86)\Dell DataSafe Local Backup\toasterLauncher.exe
    mRunOnce: [GrpConv] grpconv -o
    StartupFolder: C:\Users\Asher\AppData\Roaming\MICROS~1\Windows\STARTM~1\Programs\Startup\DELLDO~1.LNK - C:\Program Files (x86)\Dell\DellDock\DellDock.exe
    mPolicies-explorer: NoActiveDesktop = 1 (0x1)
    mPolicies-system: ConsentPromptBehaviorAdmin = 5 (0x5)
    mPolicies-system: ConsentPromptBehaviorUser = 3 (0x3)
    mPolicies-system: EnableUIADesktopToggle = 0 (0x0)
    IE: E&xport to Microsoft Excel - C:\PROGRA~2\MIF5BA~1\Office14\EXCEL.EXE/3000
    IE: Se&nd to OneNote - C:\PROGRA~2\MIF5BA~1\Office14\ONBttnIE.dll/105
    IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll
    IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIE.dll
    IE: {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - {FFFDC614-B694-4AE6-AB38-5D6374584B52} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIELinkedNotes.dll
    IE: {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
    LSP: mswsock.dll
    DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab
    DPF: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab
    DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab
    TCP: DhcpNameServer = 192.168.1.254
    TCP: Interfaces\{AD2DB310-AE37-486E-9729-628AB3D875FC} : DhcpNameServer = 192.168.1.254
    Filter: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - C:\Program Files (x86)\Common Files\microsoft shared\OFFICE14\MSOXMLMF.DLL
    Handler: dssrequest - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\PROGRA~2\McAfee\SITEAD~1\McIEPlg.dll
    Handler: sacore - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\PROGRA~2\McAfee\SITEAD~1\McIEPlg.dll
    Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
    Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~2\COMMON~1\Skype\SKYPE4~1.DLL
    SubSystems: Windows = basesrv,1 winsrv:UserServerDllInitialization,3 consrv:ConServerDllInitialization,2 sxssrv,4
    BHO-X64: Adobe PDF Link Helper: {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
    BHO-X64: AcroIEHelperStub - No File
    BHO-X64: {5C255C8A-E604-49b4-9D64-90988571CECB} - No File
    BHO-X64: Search Helper: {6EBF7485-159F-4bff-A14F-B9E3AAC4465B} - C:\Program Files (x86)\Microsoft\Search Enhancement Pack\Search Helper\SearchHelper.dll
    BHO-X64: Search Helper - No File
    BHO-X64: scriptproxy: {7DB2D5A0-7241-4E79-B68D-6309F01C5231} - C:\Program Files (x86)\Common Files\McAfee\SystemCore\ScriptSn.20111005193601.dll
    BHO-X64: scriptproxy - No File
    BHO-X64: Windows Live Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
    BHO-X64: Skype add-on for Internet Explorer: {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
    BHO-X64: SkypeIEPluginBHO - No File
    BHO-X64: McAfee SiteAdvisor BHO: {B164E929-A1B6-4A06-B104-2CD0E90A88FF} - c:\PROGRA~2\mcafee\SITEAD~1\mcieplg.dll
    BHO-X64: Office Document Cache Handler: {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\PROGRA~2\MIF5BA~1\Office14\URLREDIR.DLL
    BHO-X64: URLRedirectionBHO - No File
    BHO-X64: uTorrentBar Toolbar: {bf7380fa-e3b4-4db2-af3e-9d8783a45bfc} - C:\Program Files (x86)\uTorrentBar\prxtbuTor.dll
    BHO-X64: uTorrentBar - No File
    BHO-X64: Java(tm) Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll
    BHO-X64: Windows Live Toolbar Helper: {E15A8DC0-8516-42A1-81EA-DC94EC1ACF10} - C:\Program Files (x86)\Windows Live\Toolbar\wltcore.dll
    TB-X64: uTorrentBar Toolbar: {bf7380fa-e3b4-4db2-af3e-9d8783a45bfc} - C:\Program Files (x86)\uTorrentBar\prxtbuTor.dll
    TB-X64: &Windows Live Toolbar: {21FA44EF-376D-4D53-9B0F-8A89D3229068} - C:\Program Files (x86)\Windows Live\Toolbar\wltcore.dll
    TB-X64: McAfee SiteAdvisor Toolbar: {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - c:\PROGRA~2\mcafee\SITEAD~1\mcieplg.dll
    mRun-x64: [IAStorIcon] C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe
    mRun-x64: [ShwiconXP9106] C:\Program Files (x86)\Multimedia Card Reader(9106)\ShwiconXP9106.exe
    mRun-x64: [StartCCC] "c:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun
    mRun-x64: [Adobe Reader Speed Launcher] "C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe"
    mRun-x64: [Dell DataSafe Online] "C:\Program Files (x86)\Dell DataSafe Online\DataSafeOnline.exe" /m
    mRun-x64: [THX Audio Control Panel] "C:\Program Files (x86)\Creative\THX TruStudio PC\THXAudioCP\THXAudio.exe" /r
    mRun-x64: [UpdReg] C:\Windows\UpdReg.EXE
    mRun-x64: [mcui_exe] "C:\Program Files\McAfee.com\Agent\mcagent.exe" /runkey
    mRun-x64: [DellSupportCenter] "C:\Program Files (x86)\Dell Support Center\bin\sprtcmd.exe" /P DellSupportCenter
    mRun-x64: [Malwarebytes' Anti-Malware] "C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe" /starttray
    mRunOnce-x64: [Launcher] C1\Program Files (x86)\Dell DataSafe Local Backup\Components\Scheduler\Launcher.exe
    mRunOnce-x64: [DSUpdateLauncher] "C:\Program Files (x86)\Dell DataSafe Local Backup\Components\DSUpdate\hstart.exe" /NOCONSOLE /D="C:\Program Files (x86)\Dell DataSafe Local Backup\Components\DSUpdate" /RUNAS "C:\Program Files (x86)\Dell DataSafe Local Backup\Components\DSUpdate\DSUpd.exe"
    mRunOnce-x64: [STToasterLauncher] C:\Program Files (x86)\Dell DataSafe Local Backup\toasterLauncher.exe
    mRunOnce-x64: [GrpConv] grpconv -o
    .
    ================= FIREFOX ===================
    .
    FF - ProfilePath - C:\Users\Asher\AppData\Roaming\Mozilla\Firefox\Profiles\z2v9oen1.default\
    FF - plugin: C:\PROGRA~2\MIF5BA~1\Office14\NPAUTHZ.DLL
    FF - plugin: C:\PROGRA~2\MIF5BA~1\Office14\NPSPWRAP.DLL
    FF - plugin: C:\Program Files (x86)\Java\jre6\bin\new_plugin\npdeployJava1.dll
    FF - plugin: C:\Program Files (x86)\McAfee\SiteAdvisor\NPMcFFPlg32.dll
    FF - plugin: c:\Program Files (x86)\Microsoft Silverlight\3.0.40624.0\npctrlui.dll
    FF - plugin: C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll
    FF - plugin: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll
    FF - plugin: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32.dll
    .
    ============= SERVICES / DRIVERS ===============
    .
    R0 mfehidk;McAfee Inc. mfehidk;C:\Windows\system32\drivers\mfehidk.sys --> C:\Windows\system32\drivers\mfehidk.sys [?]
    R0 mfewfpk;McAfee Inc. mfewfpk;C:\Windows\system32\drivers\mfewfpk.sys --> C:\Windows\system32\drivers\mfewfpk.sys [?]
    R0 PxHlpa64;PxHlpa64;C:\Windows\system32\Drivers\PxHlpa64.sys --> C:\Windows\system32\Drivers\PxHlpa64.sys [?]
    R1 mfenlfk;McAfee NDIS Light Filter;C:\Windows\system32\DRIVERS\mfenlfk.sys --> C:\Windows\system32\DRIVERS\mfenlfk.sys [?]
    R1 vwififlt;Virtual WiFi Filter Driver;C:\Windows\system32\DRIVERS\vwififlt.sys --> C:\Windows\system32\DRIVERS\vwififlt.sys [?]
    R2 mfefire;McAfee Firewall Core Service;C:\Program Files\Common Files\mcafee\systemcore\mfefire.exe [2010-8-31 245352]
    R2 mfevtp;McAfee Validation Trust Protection Service;C:\Program Files\Common Files\mcafee\systemcore\mfevtps.exe [2010-8-31 149032]
    R3 HECIx64;Intel(R) Management Engine Interface;C:\Windows\system32\DRIVERS\HECIx64.sys --> C:\Windows\system32\DRIVERS\HECIx64.sys [?]
    R3 k57nd60a;Broadcom NetLink (TM) Gigabit Ethernet - NDIS 6.0;C:\Windows\system32\DRIVERS\k57nd60a.sys --> C:\Windows\system32\DRIVERS\k57nd60a.sys [?]
    R3 mfefirek;McAfee Inc. mfefirek;C:\Windows\system32\drivers\mfefirek.sys --> C:\Windows\system32\drivers\mfefirek.sys [?]
    S2 AMD External Events Utility;AMD External Events Utility;C:\Windows\system32\atiesrxx.exe --> C:\Windows\system32\atiesrxx.exe [?]
    S2 DockLoginService;Dock Login Service;C:\Program Files\Dell\DellDock\DockLogin.exe [2009-6-9 155648]
    S2 IAStorDataMgrSvc;Intel(R) Rapid Storage Technology;C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe [2010-8-31 13336]
    S2 MBAMService;MBAMService;C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [2011-10-7 366152]
    S2 McAfee SiteAdvisor Service;McAfee SiteAdvisor Service;C:\Program Files\Common Files\mcafee\mcsvchost\McSvHost.exe [2011-10-5 355440]
    S2 McMPFSvc;McAfee Personal Firewall Service;C:\Program Files\Common Files\mcafee\mcsvchost\McSvHost.exe [2011-10-5 355440]
    S2 McNaiAnn;McAfee VirusScan Announcer;C:\Program Files\Common Files\mcafee\mcsvchost\McSvHost.exe [2011-10-5 355440]
    S2 McProxy;McAfee Proxy Service;C:\Program Files\Common Files\mcafee\mcsvchost\McSvHost.exe [2011-10-5 355440]
    S2 McShield;McShield;C:\Program Files\Common Files\mcafee\systemcore\mcshield.exe [2010-8-31 200056]
    S2 SessionLauncher;SessionLauncher;c:\Users\ADMINI~1\AppData\Local\Temp\DX9\SessionLauncher.exe --> c:\Users\ADMINI~1\AppData\Local\Temp\DX9\SessionLauncher.exe [?]
    S2 SftService;SoftThinks Agent Service;C:\Program Files (x86)\Dell DataSafe Local Backup\SftService.exe [2010-8-31 673088]
    S3 amdkmdag;amdkmdag;C:\Windows\system32\DRIVERS\atipmdag.sys --> C:\Windows\system32\DRIVERS\atipmdag.sys [?]
    S3 amdkmdap;amdkmdap;C:\Windows\system32\DRIVERS\atikmpag.sys --> C:\Windows\system32\DRIVERS\atikmpag.sys [?]
    S3 cfwids;McAfee Inc. cfwids;C:\Windows\system32\drivers\cfwids.sys --> C:\Windows\system32\drivers\cfwids.sys [?]
    S3 IntcDAud;Intel(R) Display Audio;C:\Windows\system32\DRIVERS\IntcDAud.sys --> C:\Windows\system32\DRIVERS\IntcDAud.sys [?]
    S3 MBAMProtector;MBAMProtector;\??\C:\Windows\system32\drivers\mbam.sys --> C:\Windows\system32\drivers\mbam.sys [?]
    S3 mfeavfk;McAfee Inc. mfeavfk;C:\Windows\system32\drivers\mfeavfk.sys --> C:\Windows\system32\drivers\mfeavfk.sys [?]
    S3 mferkdet;McAfee Inc. mferkdet;C:\Windows\system32\drivers\mferkdet.sys --> C:\Windows\system32\drivers\mferkdet.sys [?]
    S3 osppsvc;Office Software Protection Platform;C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE [2010-1-9 4925184]
    S3 RoxMediaDB10;RoxMediaDB10;C:\Program Files (x86)\Common Files\Roxio Shared\10.0\SharedCom\RoxMediaDB10.exe [2009-6-26 1124848]
    S3 WatAdminSvc;Windows Activation Technologies Service;C:\Windows\system32\Wat\WatAdminSvc.exe --> C:\Windows\system32\Wat\WatAdminSvc.exe [?]
    S4 McOobeSv;McAfee OOBE Service;C:\Program Files\Common Files\mcafee\mcsvchost\McSvHost.exe [2011-10-5 355440]
    .
    =============== Created Last 30 ================
    .
    2011-10-07 17:36:13 -------- d-----w- C:\Users\Asher\AppData\Roaming\Malwarebytes
    2011-10-07 17:36:08 -------- d-----w- C:\ProgramData\Malwarebytes
    2011-10-07 17:36:05 25416 ----a-w- C:\Windows\System32\drivers\mbam.sys
    2011-10-07 17:36:05 -------- d-----w- C:\Program Files (x86)\Malwarebytes' Anti-Malware
    2011-10-07 16:55:10 -------- d-----w- C:\Users\Asher\AppData\Roaming\Z77ffELL8gZqhCw
    2011-10-07 16:55:10 -------- d-----w- C:\Users\Asher\AppData\Roaming\oUVVrrlOBtx
    2011-10-07 16:55:04 -------- d-----w- C:\Users\Asher\AppData\Roaming\g777fEEL9gTZjYw
    2011-10-07 16:55:04 -------- d-----w- C:\Users\Asher\AppData\Roaming\cIVVrrzONtxAuc2
    2011-10-07 16:50:37 -------- d-----we C:\Windows\system64
    2011-10-07 07:47:20 4398360 ----a-w- C:\Windows\System32\d3dx9_32.dll
    2011-10-07 07:47:20 3426072 ----a-w- C:\Windows\SysWow64\d3dx9_32.dll
    2011-10-07 07:44:02 83249512 ----a-w- C:\Program Files (x86)\Common Files\Windows Live\.cache\wlc50F3.tmp
    2011-10-07 07:40:14 14744 ----a-w- C:\Users\Asher\AppData\Roaming\Microsoft\IdentityCRL\Production\ppcrlconfig.dll
    2011-10-07 07:39:45 -------- d-----w- C:\Users\Asher\Tracing
    2011-10-07 07:28:39 -------- d-----w- C:\Users\Asher\AppData\Local\Google
    2011-10-07 07:28:38 -------- d-----w- C:\Program Files (x86)\Conduit
    2011-10-07 07:28:37 -------- d-----w- C:\Users\Asher\AppData\Local\Conduit
    2011-10-07 07:28:37 -------- d-----w- C:\Program Files (x86)\uTorrentBar
    2011-10-07 07:28:03 -------- d-----w- C:\Users\Asher\AppData\Roaming\uTorrent
    2011-10-06 15:07:33 902656 ----a-w- C:\Windows\System32\d2d1.dll
    2011-10-06 15:07:33 739840 ----a-w- C:\Windows\SysWow64\d2d1.dll
    2011-10-06 15:07:33 1540608 ----a-w- C:\Windows\System32\DWrite.dll
    2011-10-06 15:07:33 1135104 ----a-w- C:\Windows\System32\FntCache.dll
    2011-10-06 15:07:33 1074176 ----a-w- C:\Windows\SysWow64\DWrite.dll
    2011-10-06 15:07:23 -------- d-----w- C:\Program Files (x86)\Common Files\Steam
    2011-10-06 15:07:22 -------- d-----w- C:\Program Files (x86)\Steam
    2011-10-06 06:40:04 -------- d-----w- C:\Windows\SysWow64\Wat
    2011-10-06 06:40:04 -------- d-----w- C:\Windows\System32\Wat
    2011-10-06 03:42:48 367104 ----a-w- C:\Windows\System32\wcncsvc.dll
    2011-10-06 03:42:48 276992 ----a-w- C:\Windows\SysWow64\wcncsvc.dll
    2011-10-06 03:37:16 -------- d-----w- C:\Program Files (x86)\MSXML 4.0
    2011-10-06 03:36:05 99176 ----a-w- C:\Windows\SysWow64\PresentationHostProxy.dll
    2011-10-06 03:36:05 49472 ----a-w- C:\Windows\SysWow64\netfxperf.dll
    2011-10-06 03:36:05 48960 ----a-w- C:\Windows\System32\netfxperf.dll
    2011-10-06 03:36:05 444752 ----a-w- C:\Windows\System32\mscoree.dll
    2011-10-06 03:36:05 320352 ----a-w- C:\Windows\System32\PresentationHost.exe
    2011-10-06 03:36:05 297808 ----a-w- C:\Windows\SysWow64\mscoree.dll
    2011-10-06 03:36:05 295264 ----a-w- C:\Windows\SysWow64\PresentationHost.exe
    2011-10-06 03:36:05 1942856 ----a-w- C:\Windows\System32\dfshim.dll
    2011-10-06 03:36:05 1130824 ----a-w- C:\Windows\SysWow64\dfshim.dll
    2011-10-06 03:36:05 109912 ----a-w- C:\Windows\System32\PresentationHostProxy.dll
    2011-10-05 17:54:23 -------- d-----w- C:\Users\Asher\AppData\Local\Adobe
    2011-10-05 15:59:06 -------- d-----w- C:\Users\Asher\riotsGamesLogs
    2011-10-05 15:58:52 -------- d-----w- C:\Users\Asher\AppData\Roaming\LolClient
    2011-10-05 15:01:59 476160 ----a-w- C:\Windows\System32\XpsGdiConverter.dll
    2011-10-05 15:00:57 1739176 ----a-w- C:\Windows\System32\ntdll.dll
    2011-10-05 04:40:25 68616 ----a-w- C:\Windows\SysWow64\XAPOFX1_1.dll
    2011-10-05 04:40:25 509448 ----a-w- C:\Windows\SysWow64\XAudio2_2.dll
    2011-10-05 04:40:25 467984 ----a-w- C:\Windows\SysWow64\d3dx10_39.dll
    2011-10-05 04:40:25 3851784 ----a-w- C:\Windows\SysWow64\D3DX9_39.dll
    2011-10-05 04:40:25 1493528 ----a-w- C:\Windows\SysWow64\D3DCompiler_39.dll
    2011-10-05 04:36:54 -------- d-----w- C:\Riot Games
    2011-10-05 02:24:48 24376 ----a-w- C:\Program Files (x86)\Mozilla Firefox\components\Scriptff.dll
    2011-10-04 22:37:21 -------- d-----w- C:\Program Files (x86)\Microsoft Analysis Services
    2011-10-04 22:37:04 -------- d-----w- C:\Users\Asher\AppData\Local\Microsoft Help
    2011-10-04 22:31:23 -------- d-----w- C:\Users\Asher\AppData\Local\PMB Files
    2011-10-04 22:31:22 -------- d-----w- C:\ProgramData\PMB Files
    2011-10-04 22:31:08 -------- d-----w- C:\Program Files (x86)\Pando Networks
    2011-10-04 22:26:09 -------- d-----w- C:\Users\Asher\AppData\Roaming\Mumble
    2011-10-04 22:25:52 -------- d-----w- C:\Program Files (x86)\Mumble
    2011-10-04 22:20:37 -------- d-----w- C:\Users\Asher\AppData\Roaming\Dell
    2011-10-04 22:20:18 -------- d-----w- C:\Users\Asher\AppData\Local\Stardock_Corporation
    2011-10-04 22:20:04 -------- d-----w- C:\Users\Asher\AppData\Local\DataSafeOnline
    2011-10-04 22:20:03 -------- d-----w- C:\Users\Asher\AppData\Roaming\Intel Corporation
    2011-10-04 22:20:02 -------- d-----w- C:\Users\Asher\AppData\Local\ATI
    2011-10-04 22:19:59 -------- d-----w- C:\Users\Asher\AppData\Local\SupportSoft
    2011-10-04 22:19:34 -------- d-sh--w- C:\$RECYCLE.BIN
    2011-10-04 22:19:33 -------- d-----w- C:\Users\Asher\AppData\Local\VirtualStore
    2011-10-04 19:52:10 -------- d-----w- C:\Windows\SMINST
    .
    ==================== Find3M ====================
    .
    2011-07-22 05:35:08 1638912 ----a-w- C:\Windows\System32\mshtml.tlb
    2011-07-22 04:56:17 1638912 ----a-w- C:\Windows\SysWow64\mshtml.tlb
    2011-07-16 05:26:54 362496 ----a-w- C:\Windows\System32\wow64win.dll
    2011-07-16 05:26:53 243200 ----a-w- C:\Windows\System32\wow64.dll
    2011-07-16 05:26:53 13312 ----a-w- C:\Windows\System32\wow64cpu.dll
    2011-07-16 05:26:18 214528 ----a-w- C:\Windows\System32\winsrv.dll
    2011-07-16 05:24:09 16384 ----a-w- C:\Windows\System32\ntvdm64.dll
    2011-07-16 05:21:32 422400 ----a-w- C:\Windows\System32\KernelBase.dll
    2011-07-16 05:17:46 338432 ----a-w- C:\Windows\System32\conhost.exe
    2011-07-16 04:36:09 14336 ----a-w- C:\Windows\SysWow64\ntvdm64.dll
    2011-07-16 04:32:14 44032 ----a-w- C:\Windows\apppatch\acwow64.dll
    2011-07-16 04:31:50 25600 ----a-w- C:\Windows\SysWow64\setup16.exe
    2011-07-16 04:30:29 5120 ----a-w- C:\Windows\SysWow64\wow32.dll
    2011-07-16 04:30:27 272384 ----a-w- C:\Windows\SysWow64\KernelBase.dll
    2011-07-16 02:26:12 7680 ----a-w- C:\Windows\SysWow64\instnm.exe
    2011-07-16 02:26:11 2048 ----a-w- C:\Windows\SysWow64\user.exe
    2011-07-16 02:21:47 6144 ---ha-w- C:\Windows\SysWow64\api-ms-win-security-base-l1-1-0.dll
    2011-07-16 02:21:47 4608 ---ha-w- C:\Windows\SysWow64\api-ms-win-core-threadpool-l1-1-0.dll
    2011-07-16 02:21:47 3584 ---ha-w- C:\Windows\SysWow64\api-ms-win-core-xstate-l1-1-0.dll
    2011-07-16 02:21:47 3072 ---ha-w- C:\Windows\SysWow64\api-ms-win-core-util-l1-1-0.dll
    .
    ============= FINISH: 14:23:07.18 ===============





















    Side note: I am unable to reactivate my McAfee scanning or Firewall.
     
  5. ChillyDown

    ChillyDown TS Rookie Topic Starter

    .
    UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
    IF REQUESTED, ZIP IT UP & ATTACH IT
    .
    DDS (Ver_2011-08-26.01)
    .
    Microsoft Windows 7 Home Premium
    Boot Device: \Device\HarddiskVolume2
    Install Date: 10/4/2011 3:16:16 PM
    System Uptime: 10/7/2011 1:57:37 PM (1 hours ago)
    .
    Motherboard: Dell Inc. | | 0G3HR7
    Processor: Intel(R) Core(TM) i7 CPU 860 @ 2.80GHz | CPU 1 | 2793/133mhz
    .
    ==== Disk Partitions =========================
    .
    C: is FIXED (NTFS) - 921 GiB total, 876.078 GiB free.
    D: is CDROM ()
    E: is Removable
    F: is Removable
    G: is Removable
    H: is Removable
    .
    ==== Disabled Device Manager Items =============
    .
    Class GUID: {8ECC055D-047F-11D1-A537-0000F8753ED1}
    Description: Security Processor Loader Driver
    Device ID: ROOT\LEGACY_SPLDR\0000
    Manufacturer:
    Name: Security Processor Loader Driver
    PNP Device ID: ROOT\LEGACY_SPLDR\0000
    Service: spldr
    .
    Class GUID: {8ECC055D-047F-11D1-A537-0000F8753ED1}
    Description: Windows Firewall Authorization Driver
    Device ID: ROOT\LEGACY_MPSDRV\0000
    Manufacturer:
    Name: Windows Firewall Authorization Driver
    PNP Device ID: ROOT\LEGACY_MPSDRV\0000
    Service: mpsdrv
    .
    ==== System Restore Points ===================
    .
    RP11: 10/4/2011 9:36:40 PM - Installed League of Legends
    RP12: 10/5/2011 8:29:52 PM - Windows Update
    RP13: 10/5/2011 11:57:28 PM - Windows Update
    RP14: 10/6/2011 8:06:08 AM - Installed Steam
    RP15: 10/6/2011 5:21:36 PM - Windows Update
    RP16: 10/7/2011 12:47:05 AM - Installed DirectX
    .
    ==== Installed Programs ======================
    .
    Adobe Flash Player 10 Plugin
    Adobe Reader 9.1.2
    ATI Catalyst Control Center
    Catalyst Control Center - Branding
    Catalyst Control Center Core Implementation
    Catalyst Control Center Graphics Full Existing
    Catalyst Control Center Graphics Full New
    Catalyst Control Center Graphics Light
    Catalyst Control Center Graphics Previews Common
    Catalyst Control Center Graphics Previews Vista
    Catalyst Control Center InstallProxy
    Catalyst Control Center Localization All
    ccc-core-static
    CCC Help Chinese Standard
    CCC Help Chinese Traditional
    CCC Help Czech
    CCC Help Danish
    CCC Help Dutch
    CCC Help English
    CCC Help Finnish
    CCC Help French
    CCC Help German
    CCC Help Greek
    CCC Help Hungarian
    CCC Help Italian
    CCC Help Japanese
    CCC Help Korean
    CCC Help Norwegian
    CCC Help Polish
    CCC Help Portuguese
    CCC Help Russian
    CCC Help Spanish
    CCC Help Swedish
    CCC Help Thai
    CCC Help Turkish
    Consumer In-Home Service Agreement
    Dell DataSafe Local Backup
    Dell DataSafe Local Backup - Support Software
    Dell DataSafe Online
    Dell Dock
    Dell Getting Started Guide
    Dell Support Center (Support Software)
    DirectXInstallService
    EMC 10 Content
    GoToAssist 8.0.0.514
    Intel(R) Control Center
    Intel(R) Rapid Storage Technology
    Java Auto Updater
    Java(TM) 6 Update 20
    Junk Mail filter update
    League of Legends
    Malwarebytes' Anti-Malware version 1.51.2.1300
    McAfee Security Center
    Microsoft Choice Guard
    Microsoft Office Access MUI (English) 2010
    Microsoft Office Access Setup Metadata MUI (English) 2010
    Microsoft Office Excel MUI (English) 2010
    Microsoft Office Home and Student 2010
    Microsoft Office OneNote MUI (English) 2010
    Microsoft Office Outlook MUI (English) 2010
    Microsoft Office PowerPoint MUI (English) 2010
    Microsoft Office Proof (English) 2010
    Microsoft Office Proof (French) 2010
    Microsoft Office Proof (Spanish) 2010
    Microsoft Office Proofing (English) 2010
    Microsoft Office Publisher MUI (English) 2010
    Microsoft Office Shared MUI (English) 2010
    Microsoft Office Shared Setup Metadata MUI (English) 2010
    Microsoft Office Single Image 2010
    Microsoft Office Word MUI (English) 2010
    Microsoft Search Enhancement Pack
    Microsoft Silverlight
    Microsoft SQL Server 2005 Compact Edition [ENU]
    Microsoft Sync Framework Runtime Native v1.0 (x86)
    Microsoft Sync Framework Services Native v1.0 (x86)
    Microsoft Visual C++ 2005 Redistributable
    Microsoft Visual C++ 2005 Redistributable - KB2467175
    Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729
    Microsoft Visual C++ 2010 x86 Redistributable - 10.0.30319
    Mozilla Firefox 7.0.1 (x86 en-US)
    MSVCRT
    MSXML 4.0 SP2 (KB954430)
    MSXML 4.0 SP2 (KB973688)
    Multimedia Card Reader
    Mumble 1.2.3
    Pando Media Booster
    Realtek High Definition Audio Driver
    Roxio Activation Module
    Roxio BackOnTrack
    Roxio Central Audio
    Roxio Central Copy
    Roxio Central Core
    Roxio Central Data
    Roxio Central Tools
    Roxio Easy CD and DVD Burning
    Roxio Express Labeler 3
    Roxio Update Manager
    Security Update for CAPICOM (KB931906)
    Skins
    Skype Toolbars
    Skype™ 4.2
    Sonic CinePlayer Decoder Pack
    Steam
    THX TruStudio PC
    uTorrentBar Toolbar
    Windows Live Call
    Windows Live Communications Platform
    Windows Live Essentials
    Windows Live Mail
    Windows Live Messenger
    Windows Live Movie Maker
    Windows Live Photo Gallery
    Windows Live Sign-in Assistant
    Windows Live Sync
    Windows Live Toolbar
    Windows Live Upload Tool
    Windows Live Writer
    .
    ==== Event Viewer Messages From Past Week ========
    .
    10/7/2011 7:48:18 AM, Error: VDS Basic Provider [1] - Unexpected failure. Error code: D@01010004
    10/7/2011 2:20:56 PM, Error: Microsoft-Windows-DNS-Client [1012] - There was an error while attempting to read the local hosts file.
    10/7/2011 2:01:55 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service McNaiAnn with arguments "" in order to run the server: {DC7EF8E1-824F-4110-AB43-1604DA9B4F40}
    10/7/2011 11:01:13 AM, Error: Service Control Manager [7001] - The Network List Service service depends on the Network Location Awareness service which failed to start because of the following error: The dependency service or group failed to start.
    10/7/2011 11:00:06 AM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1068" attempting to start the service netprofm with arguments "" in order to run the server: {A47979D2-C419-11D9-A5B4-001185AD2B89}
    10/7/2011 11:00:06 AM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1068" attempting to start the service netman with arguments "" in order to run the server: {BA126AD1-2166-11D1-B1D0-00805FC1270E}
    10/7/2011 10:59:50 AM, Error: Service Control Manager [7026] - The following boot-start or system-start driver(s) failed to load: AFD DfsC discache mfehidk mfenlfk NetBIOS NetBT nsiproxy Psched rdbss RxFilter spldr tdx vwififlt Wanarpv6 WfpLwf
    10/7/2011 10:59:50 AM, Error: Service Control Manager [7001] - The Workstation service depends on the Network Store Interface Service service which failed to start because of the following error: The dependency service or group failed to start.
    10/7/2011 10:59:50 AM, Error: Service Control Manager [7001] - The TCP/IP NetBIOS Helper service depends on the Ancillary Function Driver for Winsock service which failed to start because of the following error: A device attached to the system is not functioning.
    10/7/2011 10:59:50 AM, Error: Service Control Manager [7001] - The SMB MiniRedirector Wrapper and Engine service depends on the Redirected Buffering Sub Sysytem service which failed to start because of the following error: A device attached to the system is not functioning.
    10/7/2011 10:59:50 AM, Error: Service Control Manager [7001] - The SMB 2.0 MiniRedirector service depends on the SMB MiniRedirector Wrapper and Engine service which failed to start because of the following error: The dependency service or group failed to start.
    10/7/2011 10:59:50 AM, Error: Service Control Manager [7001] - The SMB 1.x MiniRedirector service depends on the SMB MiniRedirector Wrapper and Engine service which failed to start because of the following error: The dependency service or group failed to start.
    10/7/2011 10:59:50 AM, Error: Service Control Manager [7001] - The Network Store Interface Service service depends on the NSI proxy service driver. service which failed to start because of the following error: A device attached to the system is not functioning.
    10/7/2011 10:59:50 AM, Error: Service Control Manager [7001] - The Network Location Awareness service depends on the Network Store Interface Service service which failed to start because of the following error: The dependency service or group failed to start.
    10/7/2011 10:59:50 AM, Error: Service Control Manager [7001] - The McShield service depends on the McAfee Validation Trust Protection Service service which failed to start because of the following error: The dependency service or group failed to start.
    10/7/2011 10:59:50 AM, Error: Service Control Manager [7001] - The McAfee Validation Trust Protection Service service depends on the McAfee Inc. mfehidk service which failed to start because of the following error: A device attached to the system is not functioning.
    10/7/2011 10:59:50 AM, Error: Service Control Manager [7001] - The McAfee Proxy Service service depends on the McAfee Firewall Core Service service which failed to start because of the following error: The dependency service or group failed to start.
    10/7/2011 10:59:50 AM, Error: Service Control Manager [7001] - The McAfee Firewall Core Service service depends on the McAfee Validation Trust Protection Service service which failed to start because of the following error: The dependency service or group failed to start.
    10/7/2011 10:59:50 AM, Error: Service Control Manager [7001] - The IP Helper service depends on the Network Store Interface Service service which failed to start because of the following error: The dependency service or group failed to start.
    10/7/2011 10:59:50 AM, Error: Service Control Manager [7001] - The DNS Client service depends on the NetIO Legacy TDI Support Driver service which failed to start because of the following error: A device attached to the system is not functioning.
    10/7/2011 10:59:50 AM, Error: Service Control Manager [7001] - The DHCP Client service depends on the Ancillary Function Driver for Winsock service which failed to start because of the following error: A device attached to the system is not functioning.
    10/7/2011 1:58:09 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service McAfee SiteAdvisor Service with arguments "" in order to run the server: {5A90F5EE-16B8-4C2A-81B3-FD5329BA477C}
    10/7/2011 1:58:04 PM, Error: Service Control Manager [7001] - The HomeGroup Provider service depends on the Function Discovery Provider Host service which failed to start because of the following error: The dependency service or group failed to start.
    10/7/2011 1:58:03 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service WSearch with arguments "" in order to run the server: {7D096C5F-AC08-4F1F-BEB7-5C22C517CE39}
    10/7/2011 1:58:02 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service WSearch with arguments "" in order to run the server: {9E175B6D-F52A-11D8-B9A5-505054503030}
    10/7/2011 1:58:02 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service EventSystem with arguments "" in order to run the server: {1BE1F766-5536-11D1-B726-00C04FB926AF}
    10/7/2011 1:57:55 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service ShellHWDetection with arguments "" in order to run the server: {DD522ACC-F821-461A-A407-50B198B896DC}
    10/7/2011 1:57:54 PM, Error: Service Control Manager [7026] - The following boot-start or system-start driver(s) failed to load: discache RxFilter spldr Wanarpv6
    10/7/2011 1:57:51 PM, Error: Service Control Manager [7001] - The Windows Firewall service depends on the Windows Firewall Authorization Driver service which failed to start because of the following error: Cannot create a file when that file already exists.
    10/7/2011 1:57:51 PM, Error: Service Control Manager [7001] - The McAfee Personal Firewall Service service depends on the Windows Firewall service which failed to start because of the following error: The dependency service or group failed to start.
    10/7/2011 1:57:51 PM, Error: Service Control Manager [7000] - The Windows Firewall Authorization Driver service failed to start due to the following error: Cannot create a file when that file already exists.
    10/7/2011 1:56:54 PM, Error: Service Control Manager [7024] - The HomeGroup Listener service terminated with service-specific error %%-2147023143.
    10/7/2011 1:56:26 PM, Error: Service Control Manager [7026] - The following boot-start or system-start driver(s) failed to load: RxFilter
    10/7/2011 1:56:21 PM, Error: Service Control Manager [7000] - The SessionLauncher service failed to start due to the following error: The system cannot find the file specified.
    10/6/2011 8:08:41 AM, Error: Service Control Manager [7009] - A timeout was reached (30000 milliseconds) while waiting for the Steam Client Service service to connect.
    10/6/2011 8:08:41 AM, Error: Service Control Manager [7000] - The Steam Client Service service failed to start due to the following error: The service did not respond to the start or control request in a timely fashion.
    10/5/2011 11:42:49 PM, Error: Service Control Manager [7023] -
    .
    ==== End Of File ===========================
     
  6. Bobbye

    Bobbye Helper on the Fringe Posts: 16,335   +36

    Okay, good job! The next scan should remove some of the malware entries. After I review the log it generates, I will give you some script to run through Combofix:

    Note: The script will include entries for the uTorrentBar and Conduit Engine uTorrent has multiple entries and this can be a straight road to malware. Please don't use either during this cleaning.

    Please note: If you have previously run Combofix and it's still on the system, please uninstall it. Then download the current version and do the scan: Uninstall directions, if needed
    • Click START> then RUN
    • Now type Combofix /Uninstall in the runbox and click OK. Note the space between the X and the U, it needs to be there.
    --------------------------------------
    Download Combofix from HERE or HERE and save to the desktop
    • Double click combofix.exe & follow the prompts.
    • ComboFix will check to see if the Microsoft Windows Recovery Console is installed. It is recommended to have this pre-installed on your machine before doing any malware removal. It will allow you to boot up into a special recovery/repair mode if needed.
      **Please note: If the Microsoft Windows Recovery Console is already installed, ComboFix will continue it's malware removal procedures.
    • Follow the prompts to allow ComboFix to download and install the Microsoft Windows Recovery Console, and when prompted, agree to the End-User License Agreement to install the Microsoft Windows Recovery Console.
    • Once installed, you should see a blue screen prompt that says:
      The Recovery Console was successfully installed.
    • .Click on Yes, to continue scanning for malware
    • .If Combofix asks you to update the program, allow
    • .Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.
    • .Close any open browsers.
    • .Double click combofix.exe[​IMG] & follow the prompts to run.
    • When the scan completes , a report will be generated-it will open a text window. Please paste the C:\ComboFix.txt in next reply..
    Re-enable your Antivirus software.

    Note 1:Do not mouse-click Combofix's window while it is running. That may cause it to stall.
    Note 2: ComboFix may reset a number of Internet Explorer's settings, including making I-E the default browser.
    Note 3: Combofix prevents autorun of ALL CD, floppy and USB devices to assist with malware removal & increase security. If this is an issue or makes it difficult for you -- please tell your helper.
    Note 4: CF disconnects your machine from the internet. The connection is automatically restored before CF completes its run. If CF runs into difficulty and terminates prematurely, the connection can be manually restored by restarting your machine.
    Note 5: If you receive an error "Illegal operation attempted on a registry key that has been marked for deletion", restart computer to fix the issue.
    ========================================
    • Hold down Control and click on the following link to open ESET OnlineScan in a new window.
      ESETOnlineScan
    • For alternate browsers only: (Microsoft Internet Explorer users can skip these steps)
      [o] Click on Posted Image to download the ESET Smart Installer. Save it to your desktop.
      [o] Double click on the [​IMG]on your desktop.
    • Check 'Yes I accept terms of use.'
    • Click Start button
    • Accept any security warnings from your browser.
      [​IMG]
    • Uncheck 'Remove found threats'
    • Check 'Scan archives/
    • Leave remaining settings as is.
    • Press the Start button.
    • ESET will then download updates for itself, install itself, and begin scanning your computer. Please wait for the scan to finish.
    • When the scan completes, press List of found threats
    • Push Export of text file and save the file to your desktop using a unique name, such as ESETScan. Paste this log in your next reply.
    • Push the Back button
    • Push Finish

    Please post the entire log with heading resembling this:
    NOTE: If no malware is found then no log will be produced. Let me know if this is the case.
    ============================
    Please go on to the next reply when finished.
     
  7. Bobbye

    Bobbye Helper on the Fringe Posts: 16,335   +36

    When finished with previous directions

    Please update the Java:
    Check this site .Java Updates Stay current as most updates are for security. Uninstall any earlier versions in Add/Remove Programs as they are vulnerabilities for the system.
    --------------------------------------
    There is usually malware in the Java cache when there is an outdated version, so it needs to be cleared:
    1. . Click Start > Control Panel.
    2. . Double-click the Java icon [​IMG] in the Control Panel.
    3. . Click Settings under Temporary Internet Files.
      http://www.java.com/en/img/download/5000020303.jpg[/b]
      There are three options on this window to clear the cache.(Version dependent)
      [o]. Delete Files
      [o]. View Applications
      [o]. View Applets
      [*]. Click OK on Delete Temporary Files window.
      Note: This deletes all the Downloaded Applications and Applets from the cache.
      [*]. Click OK on Temporary Files Settings window. [/list]
      ===================================
      There are no logs for you to leave after doing the above.
     
  8. ChillyDown

    ChillyDown TS Rookie Topic Starter

    My husband thought he could fix the computer by downloading MSE while I was out... Should I uninstall that program and re-run my previous steps, or just keep in on there?

    Bit frustrating, this is. No sanctity in the "do not touch" post-it anymore. Thank you for your patience with me, sorry for taking up your time with backpeddling.
     
  9. Bobbye

    Bobbye Helper on the Fringe Posts: 16,335   +36

    Too funny! I just got finished with another member who's spouse has restored all browser settings from an infected backup on an external hard drive- unknown to him! You guy got to keep your loved one out of my threads!!:)

    Did he think to uninstall the McAfee Suite?
     
  10. ChillyDown

    ChillyDown TS Rookie Topic Starter

    Doesn't look it, seems as if McAfee is still up as well (but not doing any scanning as it was earlier).
     
  11. Bobbye

    Bobbye Helper on the Fringe Posts: 16,335   +36

    Okay, if he got MSE on the system, McAfee needs to be removed:
    Uninstall:

    [*]McAfee Removal
     

Similar Topics

Add New Comment

You need to be a member to leave a comment. Join thousands of tech enthusiasts and participate.
TechSpot Account You may also...