TechSpot

Hard drive clusters partly damaged virus - Help Please

Solved
By byokley
Feb 1, 2012
  1. First off, thank you. You have no idea how happy I was to find out that my hard drive is still there. I am not a computer guy so please be patient.

    I followed the instructions on the Updated 5-step Viruses/Spyware/Malware Prelim removal instructions (http://www.techspot.com/vb/topic58138.html) Below are the logs.

    Again, thanks guys, any help is very much appreciated!

    Malwarebytes log:

    Malwarebytes Anti-Malware (Trial) 1.60.1.1000
    www.malwarebytes.org

    Database version: v2012.02.01.01

    Windows 7 x86 NTFS
    Internet Explorer 8.0.7600.16385
    Brian Yokley :: BRIANYOKLEY-PC [administrator]

    Protection: Enabled

    1/31/2012 11:59:26 PM
    mbam-log-2012-01-31 (23-59-26).txt

    Scan type: Quick scan
    Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
    Scan options disabled: P2P
    Objects scanned: 171988
    Time elapsed: 15 minute(s), 2 second(s)

    Memory Processes Detected: 0
    (No malicious items detected)

    Memory Modules Detected: 0
    (No malicious items detected)

    Registry Keys Detected: 0
    (No malicious items detected)

    Registry Values Detected: 0
    (No malicious items detected)

    Registry Data Items Detected: 2
    HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced|Start_ShowMyComputer (PUM.Hijack.StartMenu) -> Bad: (0) Good: (1) -> Quarantined and repaired successfully.
    HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced|Start_ShowSearch (PUM.Hijack.StartMenu) -> Bad: (0) Good: (1) -> Quarantined and repaired successfully.

    Folders Detected: 0
    (No malicious items detected)

    Files Detected: 1
    C:\$Recycle.Bin\S-1-5-21-3546445678-3021338262-797944043-1000\$RDH8XG2.exe (PUP.BundleOffer.Downloader.S) -> Quarantined and deleted successfully.

    (end)
     
  2. byokley

    byokley TS Rookie Topic Starter

    GMER Log

    GMER Log:

    GMER 1.0.15.15641 - http://www.gmer.net
    Rootkit quick scan 2012-02-01 00:31:02
    Windows 6.1.7600 Harddisk0\DR0 -> \Device\Ide\IdeDeviceP1T0L0-2 TOSHIBA_MK2051GSY rev.LD001D
    Running: g8mqqnd1.exe; Driver: C:\Users\BRIANY~1\AppData\Local\Temp\ugtdyaog.sys


    ---- System - GMER 1.0.15 ----

    Code \SystemRoot\system32\drivers\mfehidk.sys (McAfee Link Driver/McAfee, Inc.) ZwCreateFile [0x8CB8F68D]
    Code \SystemRoot\system32\drivers\mfehidk.sys (McAfee Link Driver/McAfee, Inc.) ZwCreateProcess [0x8CB8F5E8]
    Code \SystemRoot\system32\drivers\mfehidk.sys (McAfee Link Driver/McAfee, Inc.) ZwCreateProcessEx [0x8CB8F601]
    Code \SystemRoot\system32\drivers\mfehidk.sys (McAfee Link Driver/McAfee, Inc.) ZwCreateUserProcess [0x8CB8F615]
    Code \SystemRoot\system32\drivers\mfehidk.sys (McAfee Link Driver/McAfee, Inc.) ZwMapViewOfSection [0x8CB8F6C9]
    Code \SystemRoot\system32\drivers\mfehidk.sys (McAfee Link Driver/McAfee, Inc.) ZwReplaceKey [0x8CB8F679]
    Code \SystemRoot\system32\drivers\mfehidk.sys (McAfee Link Driver/McAfee, Inc.) ZwRestoreKey [0x8CB8F665]
    Code \SystemRoot\system32\drivers\mfehidk.sys (McAfee Link Driver/McAfee, Inc.) ZwSetContextThread [0x8CB8F63D]
    Code \SystemRoot\system32\drivers\mfehidk.sys (McAfee Link Driver/McAfee, Inc.) ZwSetInformationProcess [0x8CB8F629]
    Code \SystemRoot\system32\drivers\mfehidk.sys (McAfee Link Driver/McAfee, Inc.) ZwTerminateProcess [0x8CB8F6F8]
    Code \SystemRoot\system32\drivers\mfehidk.sys (McAfee Link Driver/McAfee, Inc.) ZwUnmapViewOfSection [0x8CB8F6DF]
    Code \SystemRoot\system32\drivers\mfehidk.sys (McAfee Link Driver/McAfee, Inc.) ZwYieldExecution [0x8CB8F6B5]
    Code \SystemRoot\system32\drivers\mfehidk.sys (McAfee Link Driver/McAfee, Inc.) NtCreateFile
    Code \SystemRoot\system32\drivers\mfehidk.sys (McAfee Link Driver/McAfee, Inc.) NtMapViewOfSection
    Code \SystemRoot\system32\drivers\mfehidk.sys (McAfee Link Driver/McAfee, Inc.) NtSetInformationProcess
    Code \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software) ObMakeTemporaryObject

    ---- Devices - GMER 1.0.15 ----

    Device aswSP.SYS (avast! self protection module/AVAST Software)
    Device Ntfs.sys (NT File System Driver/Microsoft Corporation)
    Device fastfat.SYS (Fast FAT File System Driver/Microsoft Corporation)

    AttachedDevice fltmgr.sys (Microsoft Filesystem Filter Manager/Microsoft Corporation)
    AttachedDevice \Driver\tdx \Device\Tcp mfetdik.sys (Anti-Virus Mini-Firewall Driver/McAfee, Inc.)
    AttachedDevice \Driver\tdx \Device\Udp mfetdik.sys (Anti-Virus Mini-Firewall Driver/McAfee, Inc.)

    ---- Threads - GMER 1.0.15 ----

    Thread System [4:4612] 9E75EF2E

    ---- EOF - GMER 1.0.15 ----
     
  3. byokley

    byokley TS Rookie Topic Starter

    DDS Log

    DDS Log:

    .
    DDS (Ver_2011-08-26.01) - NTFSx86
    Internet Explorer: 8.0.7600.16385
    Run by Brian Yokley at 0:35:21 on 2012-02-01
    Microsoft Windows 7 Professional 6.1.7600.0.1252.1.1033.18.3582.2233 [GMT -5:00]
    .
    AV: avast! Antivirus *Disabled/Updated* {2B2D1395-420B-D5C9-657E-930FE358FC3C}
    AV: McAfee VirusScan Enterprise *Enabled/Updated* {86355677-4064-3EA7-ABB3-1B136EB04637}
    SP: avast! Antivirus *Disabled/Updated* {904CF271-6431-DA47-5FCE-A87D98DFB681}
    SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
    SP: McAfee VirusScan Enterprise Antispyware Module *Enabled/Updated* {3D54B793-665E-3129-9103-206115370C8A}
    .
    ============== Running Processes ===============
    .
    C:\Windows\system32\wininit.exe
    C:\Windows\system32\lsm.exe
    C:\Windows\system32\svchost.exe -k DcomLaunch
    C:\Windows\system32\svchost.exe -k RPCSS
    C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
    C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
    C:\Windows\system32\svchost.exe -k netsvcs
    C:\Windows\system32\svchost.exe -k LocalService
    C:\Windows\system32\WUDFHost.exe
    C:\Program Files\Cisco\Cisco AnyConnect VPN Client\vpnagent.exe
    C:\Windows\system32\svchost.exe -k NetworkService
    C:\Program Files\AVAST Software\Avast\AvastSvc.exe
    C:\Windows\system32\Dwm.exe
    C:\Windows\System32\spoolsv.exe
    C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
    C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
    C:\Program Files\McAfee\VirusScan Enterprise\engineserver.exe
    C:\Program Files\McAfee\Common Framework\FrameworkService.exe
    C:\Windows\system32\taskhost.exe
    C:\Program Files\McAfee\VirusScan Enterprise\vstskmgr.exe
    C:\Windows\system32\mfevtps.exe
    C:\Program Files\McAfee\Common Framework\naPrdMgr.exe
    C:\Windows\system32\NLSSRV32.EXE
    C:\Windows\system32\svchost.exe -k imgsvc
    C:\Program Files\McAfee\VirusScan Enterprise\mcshield.exe
    C:\Program Files\McAfee\VirusScan Enterprise\mfeann.exe
    C:\Windows\system32\conhost.exe
    C:\Windows\Explorer.EXE
    C:\Windows\system32\svchost.exe -k bthsvcs
    C:\Windows\System32\rundll32.exe
    C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe
    C:\Windows\OEM04Mon.exe
    C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe
    C:\Program Files\McAfee\Common Framework\UdaterUI.exe
    C:\Program Files\McAfee\VirusScan Enterprise\shstat.exe
    C:\Program Files\Common Files\Java\Java Update\jusched.exe
    C:\Program Files\real\realplayer\Update\realsched.exe
    C:\Program Files\AVAST Software\Avast\AvastUI.exe
    C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe
    C:\ProgramData\odFpWeGCGDBNMy.exe
    C:\Program Files\McAfee\Common Framework\McTray.exe
    C:\Windows\system32\SearchIndexer.exe
    C:\ProgramData\V3v12Zn5SU75vD.exe
    C:\Program Files\Internet Explorer\iexplore.exe
    C:\Windows\System32\svchost.exe -k LocalServicePeerNet
    C:\Program Files\Internet Explorer\iexplore.exe
    C:\Program Files\Internet Explorer\iexplore.exe
    C:\Program Files\Windows Media Player\wmpnetwk.exe
    C:\Windows\system32\Macromed\Flash\FlashUtil11e_ActiveX.exe
    C:\Windows\System32\svchost.exe -k secsvcs
    C:\Windows\servicing\TrustedInstaller.exe
    C:\Program Files\McAfee\VirusScan Enterprise\mcconsol.exe
    C:\Program Files\Internet Explorer\iexplore.exe
    C:\Users\Brian Yokley\Desktop\g8mqqnd1.exe
    C:\Program Files\Microsoft Office\Office12\OUTLOOK.EXE
    C:\Windows\system32\SearchProtocolHost.exe
    C:\Windows\system32\SearchFilterHost.exe
    C:\Windows\system32\conhost.exe
    C:\Windows\system32\wbem\wmiprvse.exe
    .
    ============== Pseudo HJT Report ===============
    .
    uStart Page = hxxp://www.google.com/
    BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll
    BHO: RealPlayer Download and Record Plugin for Internet Explorer: {3049c3e9-b461-4bc5-8870-4c09146192ca} - c:\programdata\real\realplayer\browserrecordplugin\ie\rpbrowserrecordplugin.dll
    BHO: Groove GFS Browser Helper: {72853161-30c5-4d22-b7f9-0bbc1d38a37e} - c:\program files\microsoft office\office12\GrooveShellExtensions.dll
    BHO: scriptproxy: {7db2d5a0-7241-4e79-b68d-6309f01c5231} - c:\program files\mcafee\virusscan enterprise\scriptsn.dll
    BHO: avast! WebRep: {8e5e2654-ad2d-48bf-ac2d-d17f00898d06} - c:\program files\avast software\avast\aswWebRepIE.dll
    BHO: WinZip Courier BHO: {a8fb70fa-0fdf-4601-9dc4-bfa1b357204f} - c:\progra~1\winzip~1\wzwmcie.dll
    BHO: Java(tm) Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
    TB: avast! WebRep: {8e5e2654-ad2d-48bf-ac2d-d17f00898d06} - c:\program files\avast software\avast\aswWebRepIE.dll
    uRun: [HLBackupScheduler] c:\program files\verizon v cast media manager\V CAST Backup Scheduler.exe
    uRun: [odFpWeGCGDBNMy.exe] c:\programdata\odFpWeGCGDBNMy.exe
    mRun: [OEM04Mon.exe] c:\windows\OEM04Mon.exe
    mRun: [GrooveMonitor] "c:\program files\microsoft office\office12\GrooveMonitor.exe"
    mRun: [McAfeeUpdaterUI] "c:\program files\mcafee\common framework\udaterui.exe" /StartedFromRunKey
    mRun: [ShStatEXE] "c:\program files\mcafee\virusscan enterprise\SHSTAT.EXE" /STANDALONE
    mRun: [SunJavaUpdateSched] "c:\program files\common files\java\java update\jusched.exe"
    mRun: [TkBellExe] "c:\program files\real\realplayer\update\realsched.exe" -osboot
    mRun: [Adobe Reader Speed Launcher] "c:\program files\adobe\reader 9.0\reader\Reader_sl.exe"
    mRun: [Adobe ARM] "c:\program files\common files\adobe\arm\1.0\AdobeARM.exe"
    mRun: [APSDaemon] "c:\program files\common files\apple\apple application support\APSDaemon.exe"
    mRun: [QuickTime Task] "c:\program files\quicktime\QTTask.exe" -atboottime
    mRun: [avast] "c:\program files\avast software\avast\avastUI.exe" /nogui
    mRun: [Malwarebytes' Anti-Malware] "c:\program files\malwarebytes' anti-malware\mbamgui.exe" /starttray
    StartupFolder: c:\users\briany~1\appdata\roaming\micros~1\windows\startm~1\programs\startup\onenot~1.lnk - c:\program files\microsoft office\office12\ONENOTEM.EXE
    mPolicies-system: ConsentPromptBehaviorAdmin = 5 (0x5)
    mPolicies-system: ConsentPromptBehaviorUser = 3 (0x3)
    mPolicies-system: EnableUIADesktopToggle = 0 (0x0)
    mPolicies-system: HideFastUserSwitching = 1 (0x1)
    IE: E&xport to Microsoft Excel - c:\progra~1\micros~2\office12\EXCEL.EXE/3000
    IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - c:\progra~1\micros~2\office12\ONBttnIE.dll
    IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~2\office12\REFIEBAR.DLL
    Trusted Zone: duke.edu\portal
    DPF: {02BCC737-B171-4746-94C9-0D8A0B2C0089} - hxxp://office.microsoft.com/sites/production/ieawsdc32.cab
    DPF: {036F8A56-0BC8-4607-8F98-D3231E6FF5ED} - hxxp://centra.fuqua.duke.edu/SiteRoots/main/Install/win32/CentraUpdaterAx.cab
    DPF: {166B1BCA-3F9C-11CF-8075-444553540000} - hxxp://download.macromedia.com/pub/shockwave/cabs/director/sw.cab
    DPF: {233C1507-6A77-46A4-9443-F871F945D258} - hxxp://download.macromedia.com/pub/shockwave/cabs/director/sw.cab
    DPF: {55963676-2F5E-4BAF-AC28-CF26AA587566} - hxxps://portal.duke.edu/CACHE/stc/2/binaries/vpnweb.cab
    DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab
    DPF: {CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab
    DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab
    DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
    DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
    TCP: DhcpNameServer = 192.168.1.1
    TCP: Interfaces\{1F851DBD-1A20-430F-A326-6878A46614E7} : DhcpNameServer = 192.168.1.1
    TCP: Interfaces\{1F851DBD-1A20-430F-A326-6878A46614E7}\0516373757478613 : DhcpNameServer = 192.168.2.1 192.168.1.1
    TCP: Interfaces\{1F851DBD-1A20-430F-A326-6878A46614E7}\4455B454 : DhcpNameServer = 152.3.189.18 152.3.215.25
    TCP: Interfaces\{1F851DBD-1A20-430F-A326-6878A46614E7}\465656A7E65747A7 : DhcpNameServer = 192.168.2.1 68.87.73.246 68.87.71.230
    TCP: Interfaces\{1F851DBD-1A20-430F-A326-6878A46614E7}\6457175716021323 : DhcpNameServer = 192.168.2.1
    TCP: Interfaces\{1F851DBD-1A20-430F-A326-6878A46614E7}\76275656E66796C6C656 : DhcpNameServer = 192.168.2.1
    TCP: Interfaces\{1F851DBD-1A20-430F-A326-6878A46614E7}\C4567656E646 : DhcpNameServer = 192.168.111.1
    TCP: Interfaces\{1F851DBD-1A20-430F-A326-6878A46614E7}\D6164747377716275707 : DhcpNameServer = 192.168.2.1
    TCP: Interfaces\{FAD3CB6B-AF67-4071-A15A-E998242FAC75} : DhcpNameServer = 172.20.72.47
    Handler: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - c:\program files\microsoft office\office12\GrooveSystemServices.dll
    SEH: Groove GFS Stub Execution Hook: {b5a7f190-dda6-4420-b3ba-52453494e6cd} - c:\program files\microsoft office\office12\GrooveShellExtensions.dll
    .
    ============= SERVICES / DRIVERS ===============
    .
    R0 mfehidk;McAfee Inc. mfehidk;c:\windows\system32\drivers\mfehidk.sys [2010-7-13 343920]
    R1 aswSnx;aswSnx;c:\windows\system32\drivers\aswSnx.sys [2012-1-31 435032]
    R1 aswSP;aswSP;c:\windows\system32\drivers\aswSP.sys [2012-1-31 314456]
    R2 aswFsBlk;aswFsBlk;c:\windows\system32\drivers\aswFsBlk.sys [2012-1-31 20568]
    R2 aswMonFlt;aswMonFlt;c:\windows\system32\drivers\aswMonFlt.sys [2012-1-31 55128]
    R2 avast! Antivirus;avast! Antivirus;c:\program files\avast software\avast\AvastSvc.exe [2012-1-31 44768]
    R2 MBAMService;MBAMService;c:\program files\malwarebytes' anti-malware\mbamservice.exe [2012-1-31 652360]
    R2 McAfeeEngineService;McAfee Engine Service;c:\program files\mcafee\virusscan enterprise\engineserver.exe [2010-1-6 22816]
    R2 McAfeeFramework;McAfee Framework Service;c:\program files\mcafee\common framework\FrameworkService.exe [2009-8-25 103744]
    R2 McShield;McAfee McShield;c:\program files\mcafee\virusscan enterprise\mcshield.exe [2010-1-6 147472]
    R2 McTaskManager;McAfee Task Manager;c:\program files\mcafee\virusscan enterprise\vstskmgr.exe [2010-1-6 66896]
    R2 mfevtp;McAfee Validation Trust Protection Service;c:\windows\system32\mfevtps.exe [2010-7-13 70728]
    R2 nlsX86cc;NLS Service;c:\windows\system32\NLSSRV32.EXE [2010-10-1 67904]
    R2 vpnagent;Cisco AnyConnect VPN Agent;c:\program files\cisco\cisco anyconnect vpn client\vpnagent.exe [2010-5-5 583360]
    R3 b57nd60x;Broadcom NetXtreme Gigabit Ethernet - NDIS 6.0;c:\windows\system32\drivers\b57nd60x.sys [2009-7-13 229888]
    R3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [2012-1-31 20464]
    R3 mfeavfk;McAfee Inc. mfeavfk;c:\windows\system32\drivers\mfeavfk.sys [2010-7-13 91832]
    R3 mfebopk;McAfee Inc. mfebopk;c:\windows\system32\drivers\mfebopk.sys [2010-7-13 43288]
    R3 netw5v32;Intel(R) Wireless WiFi Link 5000 Series Adapter Driver for Windows Vista 32 Bit;c:\windows\system32\drivers\netw5v32.sys [2009-6-10 4231168]
    R3 OEM04Vfx;Creative Camera OEM004 Video VFX Driver;c:\windows\system32\drivers\OEM04Vfx.sys [2007-3-5 7424]
    R3 OEM04Vid;Creative Camera OEM004 Driver;c:\windows\system32\drivers\OEM04Vid.sys [2007-10-10 234720]
    S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\microsoft.net\framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
    S3 HtcUsbMdmV32;HTC Proprietary USB Driver;c:\windows\system32\drivers\HtcUsbMdmV32.sys [2010-10-2 105984]
    S3 HtcVCom32;HTC Diagnostic Port;c:\windows\system32\drivers\HtcVComV32.sys [2010-10-2 105984]
    S3 mferkdet;McAfee Inc. mferkdet;c:\windows\system32\drivers\mferkdet.sys [2010-7-13 66600]
    S3 StorSvc;Storage Service;c:\windows\system32\svchost.exe -k LocalSystemNetworkRestricted [2009-7-13 20992]
    S3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\wat\WatAdminSvc.exe [2010-7-16 1343400]
    .
    =============== Created Last 30 ================
    .
    2012-02-01 04:58:22 -------- d--h--w- c:\users\brian yokley\appdata\roaming\Malwarebytes
    2012-02-01 04:58:07 -------- d--h--w- c:\programdata\Malwarebytes
    2012-02-01 04:58:04 20464 ----a-w- c:\windows\system32\drivers\mbam.sys
    2012-02-01 04:58:03 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
    2012-02-01 04:53:37 435032 ----a-w- c:\windows\system32\drivers\aswSnx.sys
    2012-02-01 04:53:35 55128 ----a-w- c:\windows\system32\drivers\aswMonFlt.sys
    2012-02-01 04:52:34 41184 ----a-w- c:\windows\avastSS.scr
    2012-02-01 04:52:22 -------- d--h--w- c:\programdata\AVAST Software
    2012-02-01 04:52:22 -------- d-----w- c:\program files\AVAST Software
    2012-01-31 22:04:01 340216 ---ha-w- c:\programdata\V3v12Zn5SU75vD.exe
    2012-01-31 22:00:02 430328 ---ha-w- c:\programdata\odFpWeGCGDBNMy.exe
    2012-01-31 13:33:38 -------- d--h--w- C:\42d5e9fedad7946d00744b
    2012-01-31 13:31:40 6557240 ----a-w- c:\programdata\microsoft\windows defender\definition updates\{5eab48bf-54ae-4d67-b781-c5e40080e31f}\mpengine.dll
    2012-01-31 13:25:52 -------- d--h--w- C:\6bea877153165f3ad17b86b1
    2012-01-30 18:03:05 -------- d--h--w- C:\5a87b4e619f351e05fd5de
    2012-01-27 16:37:00 -------- d--h--w- C:\3bddb1734610e4117feb8d5b
    2012-01-26 18:30:16 -------- d--h--w- C:\23b9abdeb3bc23e759979e90
    2012-01-26 04:30:33 159744 ----a-w- c:\program files\internet explorer\plugins\npqtplugin7.dll
    2012-01-26 04:30:33 159744 ----a-w- c:\program files\internet explorer\plugins\npqtplugin6.dll
    2012-01-26 04:30:33 159744 ----a-w- c:\program files\internet explorer\plugins\npqtplugin5.dll
    2012-01-26 04:30:33 159744 ----a-w- c:\program files\internet explorer\plugins\npqtplugin4.dll
    2012-01-26 04:30:33 159744 ----a-w- c:\program files\internet explorer\plugins\npqtplugin3.dll
    2012-01-26 04:30:33 159744 ----a-w- c:\program files\internet explorer\plugins\npqtplugin2.dll
    2012-01-26 04:30:33 159744 ----a-w- c:\program files\internet explorer\plugins\npqtplugin.dll
    2012-01-25 16:32:59 -------- d--h--w- C:\99fc4c09caa172c224bd
    2012-01-24 15:25:38 -------- d--h--w- C:\9f1d6f2f1d2153ace8cb33bfbca97c07
    2012-01-23 18:32:46 -------- d--h--w- C:\a9461e9bf2498b5fd197
    2012-01-19 20:54:47 -------- d--h--w- C:\f16f15f3dcf2c945c51b
    2012-01-18 13:54:05 -------- d--h--w- C:\bdf131dbe0005a936de58e90f856
    2012-01-18 00:29:43 -------- d-----w- c:\windows\system32\SPReview
    2012-01-17 20:56:49 -------- d--h--w- C:\a1be0fc31e6d6654d64e
    2012-01-16 11:05:01 1037312 ----a-w- c:\windows\system32\lsasrv.dll
    2012-01-16 11:05:00 224768 ----a-w- c:\windows\system32\schannel.dll
    2012-01-16 11:04:59 134000 ----a-w- c:\windows\system32\drivers\ksecpkg.sys
    2012-01-16 11:04:57 67440 ----a-w- c:\windows\system32\drivers\ksecdd.sys
    2012-01-16 11:04:57 369352 ----a-w- c:\windows\system32\drivers\cng.sys
    2012-01-16 11:04:55 314368 ----a-w- c:\windows\system32\webio.dll
    2012-01-16 11:04:55 22528 ----a-w- c:\windows\system32\lsass.exe
    2012-01-16 11:04:54 99840 ----a-w- c:\windows\system32\sspicli.dll
    2012-01-16 11:04:53 22016 ----a-w- c:\windows\system32\secur32.dll
    2012-01-16 11:04:52 15360 ----a-w- c:\windows\system32\sspisrv.dll
    2012-01-12 01:22:06 1288984 ----a-w- c:\windows\system32\ntdll.dll
    2012-01-12 01:22:03 67072 ----a-w- c:\windows\system32\packager.dll
    2012-01-12 01:22:01 514560 ----a-w- c:\windows\system32\qdvd.dll
    2012-01-12 01:22:01 1328640 ----a-w- c:\windows\system32\quartz.dll
    2012-01-12 01:13:39 -------- d--h--w- C:\1284a7f9e1730e7736b1e7
    2012-01-07 15:53:47 -------- d--h--w- c:\program files\Micromax
    2012-01-03 13:22:02 103864 ----a-w- c:\program files\internet explorer\plugins\nppdf32.dll
    .
    ==================== Find3M ====================
    .
    2011-12-07 15:08:58 236576 ------w- c:\windows\system32\MpSigStub.exe
    2011-11-27 20:46:13 414368 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
    2011-11-24 04:23:31 2340352 ----a-w- c:\windows\system32\win32k.sys
    2011-11-05 04:35:50 981504 ----a-w- c:\windows\system32\wininet.dll
    2011-11-05 04:34:15 44544 ----a-w- c:\windows\system32\licmgr10.dll
    2011-11-05 04:30:11 2048 ----a-w- c:\windows\system32\tzres.dll
    2011-11-05 03:28:41 386048 ----a-w- c:\windows\system32\html.iec
    2011-11-05 02:55:38 1638912 ----a-w- c:\windows\system32\mshtml.tlb
    .
    ============= FINISH: 0:36:44.12 ===============
     
  4. byokley

    byokley TS Rookie Topic Starter

    ATTACH log

    ATTACH Log:

    .
    UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
    IF REQUESTED, ZIP IT UP & ATTACH IT
    .
    DDS (Ver_2011-08-26.01)
    .
    Microsoft Windows 7 Professional
    Boot Device: \Device\HarddiskVolume3
    Install Date: 7/13/2010 5:51:15 PM
    System Uptime: 2/1/2012 12:19:03 AM (0 hours ago)
    .
    Motherboard: Dell Inc. | | 0PU073
    Processor: Intel(R) Core(TM)2 Duo CPU T9500 @ 2.60GHz | Microprocessor | 2574/200mhz
    .
    ==== Disk Partitions =========================
    .
    C: is FIXED (NTFS) - 169 GiB total, 99.523 GiB free.
    D: is FIXED (NTFS) - 15 GiB total, 9.519 GiB free.
    E: is CDROM ()
    .
    ==== Disabled Device Manager Items =============
    .
    Class GUID:
    Description: Base System Device
    Device ID: PCI\VEN_1180&DEV_0592&SUBSYS_02091028&REV_12\4&2C68880C&0&0BF0
    Manufacturer:
    Name: Base System Device
    PNP Device ID: PCI\VEN_1180&DEV_0592&SUBSYS_02091028&REV_12\4&2C68880C&0&0BF0
    Service:
    .
    Class GUID:
    Description: Base System Device
    Device ID: PCI\VEN_1180&DEV_0843&SUBSYS_02091028&REV_12\4&2C68880C&0&0AF0
    Manufacturer:
    Name: Base System Device
    PNP Device ID: PCI\VEN_1180&DEV_0843&SUBSYS_02091028&REV_12\4&2C68880C&0&0AF0
    Service:
    .
    Class GUID: {4d36e972-e325-11ce-bfc1-08002be10318}
    Description: Cisco AnyConnect VPN Virtual Miniport Adapter for Windows
    Device ID: ROOT\NET\0000
    Manufacturer: Cisco Systems
    Name: Cisco AnyConnect VPN Virtual Miniport Adapter for Windows
    PNP Device ID: ROOT\NET\0000
    Service: vpnva
    .
    ==== System Restore Points ===================
    .
    RP345: 1/25/2012 11:28:28 PM - Installed QuickTime
    RP346: 1/26/2012 1:28:29 PM - Windows Update
    RP347: 1/27/2012 11:35:06 AM - Windows Update
    RP348: 1/27/2012 11:42:34 AM - Windows Update
    RP349: 1/30/2012 1:01:17 PM - Windows Update
    RP350: 1/31/2012 8:24:21 AM - Windows Update
    RP351: 1/31/2012 8:31:05 AM - Windows Update
    RP352: 1/31/2012 8:32:47 AM - Windows Update
    RP353: 1/31/2012 11:51:58 PM - avast! Free Antivirus Setup
    .
    ==== Installed Programs ======================
    .
    Update for Microsoft Office 2007 (KB2508958)
    Adobe Flash Player 11 ActiveX
    Adobe Reader 9.5.0
    Adobe Shockwave Player 11.6
    Apple Application Support
    Apple Software Update
    avast! Free Antivirus
    Centra Client
    Cisco AnyConnect VPN Client
    Cisco AnyConnect VPN Client Start Before Login Components
    Dropbox
    Glary Utilities Pro 2.30.0.1066
    Java Auto Updater
    Java(TM) 6 Update 26
    Laptop Integrated Webcam Driver (1.03.01.1011)
    Logitech Harmony Remote Software 7
    Malwarebytes Anti-Malware version 1.60.1.1000
    McAfee Agent
    McAfee AntiSpyware Enterprise Module
    McAfee VirusScan Enterprise
    Microsoft .NET Framework 4 Client Profile
    Microsoft Office 2007 Service Pack 2 (SP2)
    Microsoft Office Access MUI (English) 2007
    Microsoft Office Access Setup Metadata MUI (English) 2007
    Microsoft Office Enterprise 2007
    Microsoft Office Excel MUI (English) 2007
    Microsoft Office File Validation Add-In
    Microsoft Office Groove MUI (English) 2007
    Microsoft Office Groove Setup Metadata MUI (English) 2007
    Microsoft Office InfoPath MUI (English) 2007
    Microsoft Office OneNote MUI (English) 2007
    Microsoft Office Outlook MUI (English) 2007
    Microsoft Office PowerPoint MUI (English) 2007
    Microsoft Office Proof (English) 2007
    Microsoft Office Proof (French) 2007
    Microsoft Office Proof (Spanish) 2007
    Microsoft Office Proofing (English) 2007
    Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
    Microsoft Office Publisher MUI (English) 2007
    Microsoft Office Shared MUI (English) 2007
    Microsoft Office Shared Setup Metadata MUI (English) 2007
    Microsoft Office Word MUI (English) 2007
    Microsoft Silverlight
    Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148
    Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570
    Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022
    Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
    Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
    OGA Notifier 2.0.0048.0
    QuickTime
    RealNetworks - Microsoft Visual C++ 2008 Runtime
    RealPlayer
    RealUpgrade 1.1
    Remote Control USB Driver
    Security Update for 2007 Microsoft Office System (KB2288621)
    Security Update for 2007 Microsoft Office System (KB2288931)
    Security Update for 2007 Microsoft Office System (KB2345043)
    Security Update for 2007 Microsoft Office System (KB2553089)
    Security Update for 2007 Microsoft Office System (KB2553090)
    Security Update for 2007 Microsoft Office System (KB2584063)
    Security Update for 2007 Microsoft Office System (KB969559)
    Security Update for 2007 Microsoft Office System (KB976321)
    Security Update for Microsoft .NET Framework 4 Client Profile (KB2446708)
    Security Update for Microsoft .NET Framework 4 Client Profile (KB2478663)
    Security Update for Microsoft .NET Framework 4 Client Profile (KB2518870)
    Security Update for Microsoft .NET Framework 4 Client Profile (KB2539636)
    Security Update for Microsoft .NET Framework 4 Client Profile (KB2572078)
    Security Update for Microsoft .NET Framework 4 Client Profile (KB2656351)
    Security Update for Microsoft Office 2007 suites (KB2596785) 32-Bit Edition
    Security Update for Microsoft Office Access 2007 (KB979440)
    Security Update for Microsoft Office Groove 2007 (KB2552997)
    Security Update for Microsoft Office InfoPath 2007 (KB2510061)
    Security Update for Microsoft Office InfoPath 2007 (KB979441)
    Security Update for Microsoft Office PowerPoint 2007 (KB2596764) 32-Bit Edition
    Security Update for Microsoft Office PowerPoint 2007 (KB2596912) 32-Bit Edition
    Security Update for Microsoft Office Publisher 2007 (KB2596705) 32-Bit Edition
    Security Update for Microsoft Office system 2007 (972581)
    Security Update for Microsoft Office system 2007 (KB974234)
    Security Update for Microsoft Office Visio Viewer 2007 (KB973709)
    Security Update for Microsoft Office Word 2007 (KB2344993)
    Skype™ 5.5
    swMSM
    Update for 2007 Microsoft Office System (KB967642)
    Update for Microsoft .NET Framework 4 Client Profile (KB2533523)
    Update for Microsoft Office 2007 Help for Common Features (KB963673)
    Update for Microsoft Office 2007 suites (KB2596651) 32-Bit Edition
    Update for Microsoft Office 2007 suites (KB2596686) 32-Bit Edition
    Update for Microsoft Office 2007 suites (KB2596789) 32-Bit Edition
    Update for Microsoft Office 2007 System (KB2539530)
    Update for Microsoft Office Access 2007 Help (KB963663)
    Update for Microsoft Office Excel 2007 (KB2596596) 32-Bit Edition
    Update for Microsoft Office Excel 2007 Help (KB963678)
    Update for Microsoft Office Infopath 2007 Help (KB963662)
    Update for Microsoft Office OneNote 2007 (KB980729)
    Update for Microsoft Office OneNote 2007 Help (KB963670)
    Update for Microsoft Office Outlook 2007 (KB2583910)
    Update for Microsoft Office Outlook 2007 Help (KB963677)
    Update for Microsoft Office Powerpoint 2007 Help (KB963669)
    Update for Microsoft Office Publisher 2007 Help (KB963667)
    Update for Microsoft Office Script Editor Help (KB963671)
    Update for Microsoft Office Word 2007 Help (KB963665)
    WinZip 15.5
    WinZip Courier
    .
    ==== Event Viewer Messages From Past Week ========
    .
    2/1/2012 12:21:15 AM, Error: Microsoft-Windows-WMPNSS-Service [14332] - Service 'WMPNetworkSvc' did not start correctly because CoCreateInstance(CLSID_UPnPDeviceFinder) encountered error '0x80004005'. Verify that the UPnPHost service is running and that the UPnPHost component of Windows is installed properly.
    1/31/2012 5:20:59 PM, Error: Service Control Manager [7034] - The McAfee McShield service terminated unexpectedly. It has done this 1 time(s).
    1/31/2012 2:31:28 PM, Error: BTHUSB [17] - The local Bluetooth adapter has failed in an undetermined manner and will not be used. The driver has been unloaded.
    1/31/2012 12:55:18 PM, Error: Service Control Manager [7043] - The Windows Update service did not shut down properly after receiving a preshutdown control.
    1/31/2012 12:54:45 PM, Error: Microsoft-Windows-WindowsUpdateClient [20] - Installation Failure: Windows failed to install the following update with error 0x80070643: Update for Microsoft .NET Framework 4 on Windows XP, Windows Server 2003, Windows Vista, Windows 7, Windows Server 2008 x86 (KB2468871).
    1/30/2012 6:37:43 PM, Error: Service Control Manager [7011] - A timeout (30000 milliseconds) was reached while waiting for a transaction response from the Netman service.
    .
    ==== End Of File ===========================
     
  5. byokley

    byokley TS Rookie Topic Starter

    btw...

    I guess I should also mention my symptoms:

    1. Bunch of pop-ups with, "Failed to save all components to file..."
    2. Message - "Hard Drive clusters are partly damamaged. Segment load failure..."
    3. Pop ups that when clicked lead me to a page that wants me to enter cc info to buy some virus cleaner
    4. Message - "RAM memory reliability is exetremely low. This problem may cause..."
    5. All desktop icons missing
    6. Background missing
    7. Apparently no C: but C: is scanned during McAfee and Avast! scans...so it must be there somewhere

    Hope this helps!
     
  6. Broni

    Broni Malware Annihilator Posts: 47,048   +256

    Welcome aboard [​IMG]

    Please, observe following rules:
    • Read all of my instructions very carefully. Your mistakes during cleaning process may have very serious consequences, like unbootable computer.
    • If you're stuck, or you're not sure about certain step, always ask before doing anything else.
    • Please refrain from running tools or applying updates other than those I suggest.
    • Never run more than one scan at a time.
    • Keep updating me regarding your computer behavior, good, or bad.
    • The cleaning process, once started, has to be completed. Even if your computer appears to act better, it may still be infected. Once the computer is totally clean, I'll certainly let you know.
    • If you leave the topic without explanation in the middle of a cleaning process, you may not be eligible to receive any more help in malware removal forum.
    • I close my topics if you have not replied in 5 days. If you need more time, simply let me know. If I closed your topic and you need it to be reopened, simply PM me.

    ==============================================================

    You're running two AV programs, MCAfee and Avast.
    One of them has to go.
    Your choice.

    When done....

    Download TDSSKiller and save it to your desktop.
    • Doubleclick on TDSSKiller.exe to run the application, then on Start Scan.
    • If an infected file is detected, the default action will be Cure, click on Continue.
    • If a suspicious file is detected, the default action will be Skip, click on Continue.
    • It may ask you to reboot the computer to complete the process. Click on Reboot Now.
    • If no reboot is require, click on Report. A log file should appear. Please copy and paste the contents of that file here.
    • If a reboot is required, the report can also be found in your root directory (usually C:\ folder) in the form of TDSSKiller_xxxx_log.txt. Please copy and paste the contents of that file here.
     
  7. byokley

    byokley TS Rookie Topic Starter

    Diabled Avast...TDSS following...thank you Broni!

    12:56:58.0381 3248 TDSS rootkit removing tool 2.7.9.0 Feb 1 2012 09:28:49
    12:56:58.0693 3248 ============================================================
    12:56:58.0693 3248 Current date / time: 2012/02/01 12:56:58.0693
    12:56:58.0693 3248 SystemInfo:
    12:56:58.0693 3248
    12:56:58.0693 3248 OS Version: 6.1.7600 ServicePack: 0.0
    12:56:58.0693 3248 Product type: Workstation
    12:56:58.0693 3248 ComputerName: BRIANYOKLEY-PC
    12:56:58.0693 3248 UserName: Brian Yokley
    12:56:58.0693 3248 Windows directory: C:\Windows
    12:56:58.0693 3248 System windows directory: C:\Windows
    12:56:58.0693 3248 Processor architecture: Intel x86
    12:56:58.0693 3248 Number of processors: 2
    12:56:58.0693 3248 Page size: 0x1000
    12:56:58.0693 3248 Boot type: Normal boot
    12:56:58.0693 3248 ============================================================
    12:57:00.0862 3248 Drive \Device\Harddisk0\DR0 - Size: 0x2E93E36000 (186.31 Gb), SectorSize: 0x200, Cylinders: 0x5F01, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000050
    12:57:00.0893 3248 \Device\Harddisk0\DR0:
    12:57:00.0908 3248 MBR used
    12:57:00.0908 3248 \Device\Harddisk0\DR0\Partition0: MBR, Type 0x7, StartLBA 0x1B800, BlocksNum 0x1E00000
    12:57:00.0908 3248 \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x1E1B800, BlocksNum 0x15182FF8
    12:57:01.0002 3248 Initialize success
    12:57:01.0002 3248 ============================================================
    12:57:02.0500 1652 ============================================================
    12:57:02.0500 1652 Scan started
    12:57:02.0500 1652 Mode: Manual;
    12:57:02.0500 1652 ============================================================
    12:57:03.0545 1652 1394ohci (6d2aca41739bfe8cb86ee8e85f29697d) C:\Windows\system32\DRIVERS\1394ohci.sys
    12:57:03.0545 1652 1394ohci - ok
    12:57:03.0576 1652 ACPI (f0e07d144c8685b8774bc32fc8da4df0) C:\Windows\system32\DRIVERS\ACPI.sys
    12:57:03.0592 1652 ACPI - ok
    12:57:03.0623 1652 AcpiPmi (98d81ca942d19f7d9153b095162ac013) C:\Windows\system32\DRIVERS\acpipmi.sys
    12:57:03.0623 1652 AcpiPmi - ok
    12:57:03.0638 1652 adp94xx (21e785ebd7dc90a06391141aac7892fb) C:\Windows\system32\DRIVERS\adp94xx.sys
    12:57:03.0654 1652 adp94xx - ok
    12:57:03.0685 1652 adpahci (0c676bc278d5b59ff5abd57bbe9123f2) C:\Windows\system32\DRIVERS\adpahci.sys
    12:57:03.0685 1652 adpahci - ok
    12:57:03.0716 1652 adpu320 (7c7b5ee4b7b822ec85321fe23a27db33) C:\Windows\system32\DRIVERS\adpu320.sys
    12:57:03.0716 1652 adpu320 - ok
    12:57:03.0841 1652 AFD (0db7a48388d54d154ebec120461a0fcd) C:\Windows\system32\drivers\afd.sys
    12:57:03.0904 1652 AFD - ok
    12:57:03.0935 1652 agp440 (507812c3054c21cef746b6ee3d04dd6e) C:\Windows\system32\DRIVERS\agp440.sys
    12:57:03.0950 1652 agp440 - ok
    12:57:03.0982 1652 aic78xx (8b30250d573a8f6b4bd23195160d8707) C:\Windows\system32\DRIVERS\djsvs.sys
    12:57:03.0982 1652 aic78xx - ok
    12:57:04.0028 1652 aliide (0d40bcf52ea90fc7df2aeab6503dea44) C:\Windows\system32\DRIVERS\aliide.sys
    12:57:04.0028 1652 aliide - ok
    12:57:04.0044 1652 amdagp (3c6600a0696e90a463771c7422e23ab5) C:\Windows\system32\DRIVERS\amdagp.sys
    12:57:04.0060 1652 amdagp - ok
    12:57:04.0153 1652 amdide (cd5914170297126b6266860198d1d4f0) C:\Windows\system32\DRIVERS\amdide.sys
    12:57:04.0153 1652 amdide - ok
    12:57:04.0184 1652 AmdK8 (00dda200d71bac534bf56a9db5dfd666) C:\Windows\system32\DRIVERS\amdk8.sys
    12:57:04.0184 1652 AmdK8 - ok
    12:57:04.0216 1652 AmdPPM (3cbf30f5370fda40dd3e87df38ea53b6) C:\Windows\system32\DRIVERS\amdppm.sys
    12:57:04.0231 1652 AmdPPM - ok
    12:57:04.0247 1652 amdsata (2101a86c25c154f8314b24ef49d7fbc2) C:\Windows\system32\DRIVERS\amdsata.sys
    12:57:04.0262 1652 amdsata - ok
    12:57:04.0278 1652 amdsbs (ea43af0c423ff267355f74e7a53bdaba) C:\Windows\system32\DRIVERS\amdsbs.sys
    12:57:04.0294 1652 amdsbs - ok
    12:57:04.0309 1652 amdxata (b81c2b5616f6420a9941ea093a92b150) C:\Windows\system32\DRIVERS\amdxata.sys
    12:57:04.0309 1652 amdxata - ok
    12:57:04.0340 1652 AppID (feb834c02ce1e84b6a38f953ca067706) C:\Windows\system32\drivers\appid.sys
    12:57:04.0340 1652 AppID - ok
    12:57:04.0450 1652 arc (2932004f49677bd84dbc72edb754ffb3) C:\Windows\system32\DRIVERS\arc.sys
    12:57:04.0465 1652 arc - ok
    12:57:04.0496 1652 arcsas (5d6f36c46fd283ae1b57bd2e9feb0bc7) C:\Windows\system32\DRIVERS\arcsas.sys
    12:57:04.0496 1652 arcsas - ok
    12:57:04.0528 1652 aswFsBlk (054df24c92b55427e0757cfff160e4f2) C:\Windows\system32\drivers\aswFsBlk.sys
    12:57:04.0621 1652 aswFsBlk - ok
    12:57:04.0668 1652 aswMonFlt (258143605e77e4008f1758481d6a977d) C:\Windows\system32\drivers\aswMonFlt.sys
    12:57:04.0777 1652 aswMonFlt - ok
    12:57:04.0871 1652 aswRdr (352d5a48ebab35a7693b048679304831) C:\Windows\system32\drivers\aswRdr.sys
    12:57:04.0949 1652 aswRdr - ok
    12:57:05.0027 1652 aswSnx (8d34d2b24297e27d93e847319abfdec4) C:\Windows\system32\drivers\aswSnx.sys
    12:57:05.0120 1652 aswSnx - ok
    12:57:05.0183 1652 aswSP (010012597333da1f46c3243f33f8409e) C:\Windows\system32\drivers\aswSP.sys
    12:57:05.0276 1652 aswSP - ok
    12:57:05.0354 1652 aswTdi (f9f84364416658e9786235904d448d37) C:\Windows\system32\drivers\aswTdi.sys
    12:57:05.0432 1652 aswTdi - ok
    12:57:05.0495 1652 AsyncMac (add2ade1c2b285ab8378d2daaf991481) C:\Windows\system32\DRIVERS\asyncmac.sys
    12:57:05.0510 1652 AsyncMac - ok
    12:57:05.0526 1652 atapi (338c86357871c167a96ab976519bf59e) C:\Windows\system32\DRIVERS\atapi.sys
    12:57:05.0526 1652 atapi - ok
    12:57:05.0588 1652 b06bdrv (1a231abec60fd316ec54c66715543cec) C:\Windows\system32\DRIVERS\bxvbdx.sys
    12:57:05.0588 1652 b06bdrv - ok
    12:57:05.0620 1652 b57nd60x (bd8869eb9cde6bbe4508d869929869ee) C:\Windows\system32\DRIVERS\b57nd60x.sys
    12:57:05.0635 1652 b57nd60x - ok
    12:57:05.0698 1652 Beep (505506526a9d467307b3c393dedaf858) C:\Windows\system32\drivers\Beep.sys
    12:57:05.0698 1652 Beep - ok
    12:57:05.0822 1652 blbdrive (2287078ed48fcfc477b05b20cf38f36f) C:\Windows\system32\DRIVERS\blbdrive.sys
    12:57:05.0869 1652 blbdrive - ok
    12:57:06.0166 1652 bowser (9a5c671b7fbae4865149bb11f59b91b2) C:\Windows\system32\DRIVERS\bowser.sys
    12:57:06.0306 1652 bowser - ok
    12:57:06.0368 1652 BrFiltLo (9f9acc7f7ccde8a15c282d3f88b43309) C:\Windows\system32\DRIVERS\BrFiltLo.sys
    12:57:06.0368 1652 BrFiltLo - ok
    12:57:06.0400 1652 BrFiltUp (56801ad62213a41f6497f96dee83755a) C:\Windows\system32\DRIVERS\BrFiltUp.sys
    12:57:06.0400 1652 BrFiltUp - ok
    12:57:06.0446 1652 Brserid (845b8ce732e67f3b4133164868c666ea) C:\Windows\System32\Drivers\Brserid.sys
    12:57:06.0446 1652 Brserid - ok
    12:57:06.0478 1652 BrSerWdm (203f0b1e73adadbbb7b7b1fabd901f6b) C:\Windows\System32\Drivers\BrSerWdm.sys
    12:57:06.0493 1652 BrSerWdm - ok
    12:57:06.0509 1652 BrUsbMdm (bd456606156ba17e60a04e18016ae54b) C:\Windows\System32\Drivers\BrUsbMdm.sys
    12:57:06.0509 1652 BrUsbMdm - ok
    12:57:06.0556 1652 BrUsbSer (af72ed54503f717a43268b3cc5faec2e) C:\Windows\System32\Drivers\BrUsbSer.sys
    12:57:06.0556 1652 BrUsbSer - ok
    12:57:06.0634 1652 BthEnum (2865a5c8e98c70c605f417908cebb3a4) C:\Windows\system32\drivers\BthEnum.sys
    12:57:06.0634 1652 BthEnum - ok
    12:57:06.0696 1652 BTHMODEM (ed3df7c56ce0084eb2034432fc56565a) C:\Windows\system32\DRIVERS\bthmodem.sys
    12:57:06.0696 1652 BTHMODEM - ok
    12:57:06.0743 1652 BthPan (ad1872e5829e8a2c3b5b4b641c3eab0e) C:\Windows\system32\DRIVERS\bthpan.sys
    12:57:06.0758 1652 BthPan - ok
    12:57:06.0790 1652 BTHPORT (88059ff1ded4472acd17eebabd393069) C:\Windows\System32\Drivers\BTHport.sys
    12:57:06.0868 1652 BTHPORT - ok
    12:57:06.0930 1652 BTHUSB (80e6384beec03b8bd45edea29802d657) C:\Windows\System32\Drivers\BTHUSB.sys
    12:57:07.0055 1652 BTHUSB - ok
    12:57:07.0117 1652 cdfs (77ea11b065e0a8ab902d78145ca51e10) C:\Windows\system32\DRIVERS\cdfs.sys
    12:57:07.0117 1652 cdfs - ok
    12:57:07.0226 1652 cdrom (ba6e70aa0e6091bc39de29477d866a77) C:\Windows\system32\DRIVERS\cdrom.sys
    12:57:07.0242 1652 cdrom - ok
    12:57:07.0273 1652 circlass (3fe3fe94a34df6fb06e6418d0f6a0060) C:\Windows\system32\DRIVERS\circlass.sys
    12:57:07.0273 1652 circlass - ok
    12:57:07.0336 1652 CLFS (635181e0e9bbf16871bf5380d71db02d) C:\Windows\system32\CLFS.sys
    12:57:07.0336 1652 CLFS - ok
    12:57:07.0414 1652 CmBatt (dea805815e587dad1dd2c502220b5616) C:\Windows\system32\DRIVERS\CmBatt.sys
    12:57:07.0414 1652 CmBatt - ok
    12:57:07.0429 1652 cmdide (c537b1db64d495b9b4717b4d6d9edbf2) C:\Windows\system32\DRIVERS\cmdide.sys
    12:57:07.0445 1652 cmdide - ok
    12:57:07.0523 1652 CNG (36c252e474b2ffa0f0fbbff20d92a640) C:\Windows\system32\Drivers\cng.sys
    12:57:07.0710 1652 CNG - ok
    12:57:07.0788 1652 Compbatt (a6023d3823c37043986713f118a89bee) C:\Windows\system32\DRIVERS\compbatt.sys
    12:57:07.0804 1652 Compbatt - ok
    12:57:07.0850 1652 CompositeBus (f1724ba27e97d627f808fb0ba77a28a6) C:\Windows\system32\DRIVERS\CompositeBus.sys
    12:57:07.0850 1652 CompositeBus - ok
    12:57:07.0913 1652 crcdisk (2c4ebcfc84a9b44f209dff6c6e6c61d1) C:\Windows\system32\DRIVERS\crcdisk.sys
    12:57:07.0928 1652 crcdisk - ok
    12:57:08.0006 1652 CSC (27c9490bdd0ae48911ab8cf1932591ed) C:\Windows\system32\drivers\csc.sys
    12:57:08.0022 1652 CSC - ok
    12:57:08.0084 1652 DfsC (83d1ecea8faae75604c0fa49ac7ad996) C:\Windows\system32\Drivers\dfsc.sys
    12:57:08.0209 1652 DfsC - ok
    12:57:08.0256 1652 discache (1a050b0274bfb3890703d490f330c0da) C:\Windows\system32\drivers\discache.sys
    12:57:08.0272 1652 discache - ok
    12:57:08.0365 1652 Disk (565003f326f99802e68ca78f2a68e9ff) C:\Windows\system32\DRIVERS\disk.sys
    12:57:08.0365 1652 Disk - ok
    12:57:08.0474 1652 drmkaud (b918e7c5f9bf77202f89e1a9539f2eb4) C:\Windows\system32\drivers\drmkaud.sys
    12:57:08.0490 1652 drmkaud - ok
    12:57:08.0537 1652 DXGKrnl (1679a4669326cb1a67cc95658d273234) C:\Windows\System32\drivers\dxgkrnl.sys
    12:57:08.0708 1652 DXGKrnl - ok
    12:57:08.0802 1652 easytether - ok
    12:57:08.0927 1652 ebdrv (024e1b5cac09731e4d868e64dbfb4ab0) C:\Windows\system32\DRIVERS\evbdx.sys
    12:57:09.0020 1652 ebdrv - ok
    12:57:09.0176 1652 elxstor (0ed67910c8c326796faa00b2bf6d9d3c) C:\Windows\system32\DRIVERS\elxstor.sys
    12:57:09.0208 1652 elxstor - ok
    12:57:09.0239 1652 ErrDev (8fc3208352dd3912c94367a206ab3f11) C:\Windows\system32\DRIVERS\errdev.sys
    12:57:09.0254 1652 ErrDev - ok
    12:57:09.0286 1652 exfat (2dc9108d74081149cc8b651d3a26207f) C:\Windows\system32\drivers\exfat.sys
    12:57:09.0301 1652 exfat - ok
    12:57:09.0332 1652 fastfat (7e0ab74553476622fb6ae36f73d97d35) C:\Windows\system32\drivers\fastfat.sys
    12:57:09.0348 1652 fastfat - ok
    12:57:09.0379 1652 fdc (e817a017f82df2a1f8cfdbda29388b29) C:\Windows\system32\DRIVERS\fdc.sys
    12:57:09.0379 1652 fdc - ok
    12:57:09.0426 1652 FileInfo (6cf00369c97f3cf563be99be983d13d8) C:\Windows\system32\drivers\fileinfo.sys
    12:57:09.0442 1652 FileInfo - ok
    12:57:09.0457 1652 Filetrace (42c51dc94c91da21cb9196eb64c45db9) C:\Windows\system32\drivers\filetrace.sys
    12:57:09.0473 1652 Filetrace - ok
    12:57:09.0566 1652 flpydisk (87907aa70cb3c56600f1c2fb8841579b) C:\Windows\system32\DRIVERS\flpydisk.sys
    12:57:09.0582 1652 flpydisk - ok
    12:57:09.0613 1652 FltMgr (7520ec808e0c35e0ee6f841294316653) C:\Windows\system32\drivers\fltmgr.sys
    12:57:09.0629 1652 FltMgr - ok
    12:57:09.0660 1652 FsDepends (1a16b57943853e598cff37fe2b8cbf1d) C:\Windows\system32\drivers\FsDepends.sys
    12:57:09.0676 1652 FsDepends - ok
    12:57:09.0707 1652 Fs_Rec (a574b4360e438977038aae4bf60d79a2) C:\Windows\system32\drivers\Fs_Rec.sys
    12:57:09.0707 1652 Fs_Rec - ok
    12:57:09.0754 1652 fvevol (dafbd9fe39197495aed6d51f3b85b5d2) C:\Windows\system32\DRIVERS\fvevol.sys
    12:57:09.0988 1652 fvevol - ok
    12:57:10.0034 1652 gagp30kx (65ee0c7a58b65e74ae05637418153938) C:\Windows\system32\DRIVERS\gagp30kx.sys
    12:57:10.0050 1652 gagp30kx - ok
    12:57:10.0066 1652 hcw85cir (c44e3c2bab6837db337ddee7544736db) C:\Windows\system32\drivers\hcw85cir.sys
    12:57:10.0081 1652 hcw85cir - ok
    12:57:10.0144 1652 HdAudAddService (3530cad25deba7dc7de8bb51632cbc5f) C:\Windows\system32\drivers\HdAudio.sys
    12:57:10.0159 1652 HdAudAddService - ok
    12:57:10.0237 1652 HDAudBus (717a2207fd6f13ad3e664c7d5a43c7bf) C:\Windows\system32\DRIVERS\HDAudBus.sys
    12:57:10.0253 1652 HDAudBus - ok
    12:57:10.0284 1652 HidBatt (1d58a7f3e11a9731d0eaaaa8405acc36) C:\Windows\system32\DRIVERS\HidBatt.sys
    12:57:10.0300 1652 HidBatt - ok
    12:57:10.0331 1652 HidBth (89448f40e6df260c206a193a4683ba78) C:\Windows\system32\DRIVERS\hidbth.sys
    12:57:10.0331 1652 HidBth - ok
    12:57:10.0362 1652 HidIr (cf50b4cf4a4f229b9f3c08351f99ca5e) C:\Windows\system32\DRIVERS\hidir.sys
    12:57:10.0378 1652 HidIr - ok
    12:57:10.0409 1652 HidUsb (25072fb35ac90b25f9e4e3bacf774102) C:\Windows\system32\DRIVERS\hidusb.sys
    12:57:10.0424 1652 HidUsb - ok
    12:57:10.0487 1652 HpSAMD (295fdc419039090eb8b49ffdbb374549) C:\Windows\system32\DRIVERS\HpSAMD.sys
    12:57:10.0502 1652 HpSAMD - ok
    12:57:10.0596 1652 HtcUsbMdmV32 (89e2296561fce84ac9f34ee7243d78ac) C:\Windows\system32\DRIVERS\HtcUsbMdmV32.sys
    12:57:10.0830 1652 HtcUsbMdmV32 - ok
    12:57:10.0892 1652 HtcVCom32 (89e2296561fce84ac9f34ee7243d78ac) C:\Windows\system32\DRIVERS\HtcVComV32.sys
    12:57:11.0126 1652 HtcVCom32 - ok
    12:57:11.0282 1652 HTTP (c531c7fd9e8b62021112787c4e2c5a5a) C:\Windows\system32\drivers\HTTP.sys
    12:57:11.0298 1652 HTTP - ok
    12:57:11.0329 1652 hwdatacard - ok
    12:57:11.0345 1652 hwpolicy (8305f33cde89ad6c7a0763ed0b5a8d42) C:\Windows\system32\drivers\hwpolicy.sys
    12:57:11.0360 1652 hwpolicy - ok
    12:57:11.0407 1652 i8042prt (f151f0bdc47f4a28b1b20a0818ea36d6) C:\Windows\system32\DRIVERS\i8042prt.sys
    12:57:11.0423 1652 i8042prt - ok
    12:57:11.0470 1652 iaStorV (934af4d7c5f457b9f0743f4299b77b67) C:\Windows\system32\DRIVERS\iaStorV.sys
    12:57:11.0485 1652 iaStorV - ok
    12:57:11.0516 1652 iirsp (4173ff5708f3236cf25195fecd742915) C:\Windows\system32\DRIVERS\iirsp.sys
    12:57:11.0532 1652 iirsp - ok
    12:57:11.0641 1652 intelide (a0f12f2c9ba6c72f3987ce780e77c130) C:\Windows\system32\DRIVERS\intelide.sys
    12:57:11.0657 1652 intelide - ok
    12:57:11.0688 1652 intelppm (3b514d27bfc4accb4037bc6685f766e0) C:\Windows\system32\DRIVERS\intelppm.sys
    12:57:11.0704 1652 intelppm - ok
    12:57:11.0735 1652 IpFilterDriver (709d1761d3b19a932ff0238ea6d50200) C:\Windows\system32\DRIVERS\ipfltdrv.sys
    12:57:11.0750 1652 IpFilterDriver - ok
    12:57:11.0782 1652 IPMIDRV (e4454b6c37d7ffd5649611f6496308a7) C:\Windows\system32\DRIVERS\IPMIDrv.sys
    12:57:11.0782 1652 IPMIDRV - ok
    12:57:11.0813 1652 IPNAT (a5fa468d67abcdaa36264e463a7bb0cd) C:\Windows\system32\drivers\ipnat.sys
    12:57:11.0828 1652 IPNAT - ok
    12:57:11.0860 1652 IRENUM (42996cff20a3084a56017b7902307e9f) C:\Windows\system32\drivers\irenum.sys
    12:57:11.0860 1652 IRENUM - ok
    12:57:11.0891 1652 isapnp (1f32bb6b38f62f7df1a7ab7292638a35) C:\Windows\system32\DRIVERS\isapnp.sys
    12:57:11.0906 1652 isapnp - ok
    12:57:11.0922 1652 iScsiPrt (ed46c223ae46c6866ab77cdc41c404b7) C:\Windows\system32\DRIVERS\msiscsi.sys
    12:57:11.0953 1652 iScsiPrt - ok
    12:57:12.0078 1652 kbdclass (adef52ca1aeae82b50df86b56413107e) C:\Windows\system32\DRIVERS\kbdclass.sys
    12:57:12.0078 1652 kbdclass - ok
    12:57:12.0109 1652 kbdhid (3d9f0ebf350edcfd6498057301455964) C:\Windows\system32\DRIVERS\kbdhid.sys
    12:57:12.0125 1652 kbdhid - ok
    12:57:12.0172 1652 KSecDD (0263364acb9c834ace52fb85c2c064ec) C:\Windows\system32\Drivers\ksecdd.sys
    12:57:12.0343 1652 KSecDD - ok
    12:57:12.0406 1652 KSecPkg (27391db553be2a4e2b0adeea2873b2af) C:\Windows\system32\Drivers\ksecpkg.sys
    12:57:12.0593 1652 KSecPkg - ok
    12:57:12.0764 1652 lltdio (f7611ec07349979da9b0ae1f18ccc7a6) C:\Windows\system32\DRIVERS\lltdio.sys
    12:57:12.0764 1652 lltdio - ok
    12:57:12.0811 1652 LSI_FC (eb119a53ccf2acc000ac71b065b78fef) C:\Windows\system32\DRIVERS\lsi_fc.sys
    12:57:12.0827 1652 LSI_FC - ok
    12:57:12.0842 1652 LSI_SAS (8ade1c877256a22e49b75d1cc9161f9c) C:\Windows\system32\DRIVERS\lsi_sas.sys
    12:57:12.0858 1652 LSI_SAS - ok
    12:57:12.0889 1652 LSI_SAS2 (dc9dc3d3daa0e276fd2ec262e38b11e9) C:\Windows\system32\DRIVERS\lsi_sas2.sys
    12:57:12.0905 1652 LSI_SAS2 - ok
    12:57:12.0936 1652 LSI_SCSI (0a036c7d7cab643a7f07135ac47e0524) C:\Windows\system32\DRIVERS\lsi_scsi.sys
    12:57:12.0936 1652 LSI_SCSI - ok
    12:57:12.0983 1652 luafv (6703e366cc18d3b6e534f5cf7df39cee) C:\Windows\system32\drivers\luafv.sys
    12:57:12.0998 1652 luafv - ok
    12:57:13.0030 1652 MBAMProtector (b7ca8cc3f978201856b6ab82f40953c3) C:\Windows\system32\drivers\mbam.sys
    12:57:13.0279 1652 MBAMProtector - ok
    12:57:13.0435 1652 megasas (0fff5b045293002ab38eb1fd1fc2fb74) C:\Windows\system32\DRIVERS\megasas.sys
    12:57:13.0451 1652 megasas - ok
    12:57:13.0482 1652 MegaSR (dcbab2920c75f390caf1d29f675d03d6) C:\Windows\system32\DRIVERS\MegaSR.sys
    12:57:13.0498 1652 MegaSR - ok
    12:57:13.0545 1652 mfeapfk (5cbf9d2fab2abc461b2f67c802f52543) C:\Windows\system32\drivers\mfeapfk.sys
    12:57:13.0669 1652 mfeapfk - ok
    12:57:13.0716 1652 mfeavfk (10718b3eeb9e98c5b4aad7c0a23a9efa) C:\Windows\system32\drivers\mfeavfk.sys
    12:57:13.0857 1652 mfeavfk - ok
    12:57:13.0888 1652 mfebopk (e665cff48e376b48d2cc84be1559f131) C:\Windows\system32\drivers\mfebopk.sys
    12:57:13.0997 1652 mfebopk - ok
    12:57:14.0028 1652 mfehidk (e2f200d38b72e47b88489e2c97dfd6d8) C:\Windows\system32\drivers\mfehidk.sys
    12:57:14.0122 1652 mfehidk - ok
    12:57:14.0169 1652 mferkdet (ef04236d1a4f9f672b5258de83e2ee35) C:\Windows\system32\drivers\mferkdet.sys
    12:57:14.0262 1652 mferkdet - ok
    12:57:14.0340 1652 mfetdik (d5a4b1ae4958ccfc66c1d17c1f42ba08) C:\Windows\system32\drivers\mfetdik.sys
    12:57:14.0434 1652 mfetdik - ok
    12:57:14.0481 1652 Modem (f001861e5700ee84e2d4e52c712f4964) C:\Windows\system32\drivers\modem.sys
    12:57:14.0496 1652 Modem - ok
    12:57:14.0527 1652 monitor (79d10964de86b292320e9dfe02282a23) C:\Windows\system32\DRIVERS\monitor.sys
    12:57:14.0527 1652 monitor - ok
    12:57:14.0559 1652 mouclass (fb18cc1d4c2e716b6b903b0ac0cc0609) C:\Windows\system32\DRIVERS\mouclass.sys
    12:57:14.0574 1652 mouclass - ok
    12:57:14.0590 1652 mouhid (2c388d2cd01c9042596cf3c8f3c7b24d) C:\Windows\system32\DRIVERS\mouhid.sys
    12:57:14.0590 1652 mouhid - ok
    12:57:14.0621 1652 mountmgr (921c18727c5920d6c0300736646931c2) C:\Windows\system32\drivers\mountmgr.sys
    12:57:14.0621 1652 mountmgr - ok
    12:57:14.0637 1652 mpio (2af5997438c55fb79d33d015c30e1974) C:\Windows\system32\DRIVERS\mpio.sys
    12:57:14.0652 1652 mpio - ok
    12:57:14.0746 1652 mpsdrv (ad2723a7b53dd1aacae6ad8c0bfbf4d0) C:\Windows\system32\drivers\mpsdrv.sys
    12:57:14.0746 1652 mpsdrv - ok
    12:57:14.0777 1652 MRxDAV (b1be47008d20e43da3adc37c24cdb89d) C:\Windows\system32\drivers\mrxdav.sys
    12:57:14.0793 1652 MRxDAV - ok
    12:57:14.0824 1652 mrxsmb (ca7570e42522e24324a12161db14ec02) C:\Windows\system32\DRIVERS\mrxsmb.sys
    12:57:15.0058 1652 mrxsmb - ok
    12:57:15.0120 1652 mrxsmb10 (f965c3ab2b2ae5c378f4562486e35051) C:\Windows\system32\DRIVERS\mrxsmb10.sys
    12:57:15.0370 1652 mrxsmb10 - ok
    12:57:15.0417 1652 mrxsmb20 (25c38264a3c72594dd21d355d70d7a5d) C:\Windows\system32\DRIVERS\mrxsmb20.sys
    12:57:15.0651 1652 mrxsmb20 - ok
    12:57:15.0713 1652 msahci (4326d168944123f38dd3b2d9c37a0b12) C:\Windows\system32\DRIVERS\msahci.sys
    12:57:15.0713 1652 msahci - ok
    12:57:15.0744 1652 msdsm (455029c7174a2dbb03dba8a0d8bddd9a) C:\Windows\system32\DRIVERS\msdsm.sys
    12:57:15.0760 1652 msdsm - ok
    12:57:15.0853 1652 Msfs (daefb28e3af5a76abcc2c3078c07327f) C:\Windows\system32\drivers\Msfs.sys
    12:57:15.0869 1652 Msfs - ok
    12:57:15.0900 1652 mshidkmdf (3e1e5767043c5af9367f0056295e9f84) C:\Windows\System32\drivers\mshidkmdf.sys
    12:57:15.0900 1652 mshidkmdf - ok
    12:57:15.0916 1652 msisadrv (0a4e5757ae09fa9622e3158cc1aef114) C:\Windows\system32\DRIVERS\msisadrv.sys
    12:57:15.0931 1652 msisadrv - ok
    12:57:15.0978 1652 MSKSSRV (8c0860d6366aaffb6c5bb9df9448e631) C:\Windows\system32\drivers\MSKSSRV.sys
    12:57:15.0994 1652 MSKSSRV - ok
    12:57:16.0009 1652 MSPCLOCK (3ea8b949f963562cedbb549eac0c11ce) C:\Windows\system32\drivers\MSPCLOCK.sys
    12:57:16.0025 1652 MSPCLOCK - ok
    12:57:16.0041 1652 MSPQM (f456e973590d663b1073e9c463b40932) C:\Windows\system32\drivers\MSPQM.sys
    12:57:16.0056 1652 MSPQM - ok
    12:57:16.0103 1652 MsRPC (0e008fc4819d238c51d7c93e7b41e560) C:\Windows\system32\drivers\MsRPC.sys
    12:57:16.0119 1652 MsRPC - ok
    12:57:16.0134 1652 mssmbios (fc6b9ff600cc585ea38b12589bd4e246) C:\Windows\system32\DRIVERS\mssmbios.sys
    12:57:16.0150 1652 mssmbios - ok
    12:57:16.0165 1652 MSTEE (b42c6b921f61a6e55159b8be6cd54a36) C:\Windows\system32\drivers\MSTEE.sys
    12:57:16.0181 1652 MSTEE - ok
    12:57:16.0197 1652 MTConfig (33599130f44e1f34631cea241de8ac84) C:\Windows\system32\DRIVERS\MTConfig.sys
    12:57:16.0197 1652 MTConfig - ok
    12:57:16.0290 1652 Mup (159fad02f64e6381758c990f753bcc80) C:\Windows\system32\Drivers\mup.sys
    12:57:16.0321 1652 Mup - ok
    12:57:16.0571 1652 NativeWifiP (26384429fcd85d83746f63e798ab1480) C:\Windows\system32\DRIVERS\nwifi.sys
    12:57:16.0602 1652 NativeWifiP - ok
    12:57:16.0696 1652 NDIS (23759d175a0a9baaf04d05047bc135a8) C:\Windows\system32\drivers\ndis.sys
    12:57:16.0727 1652 NDIS - ok
    12:57:16.0758 1652 NdisCap (0e1787aa6c9191d3d319e8bafe86f80c) C:\Windows\system32\DRIVERS\ndiscap.sys
    12:57:16.0774 1652 NdisCap - ok
    12:57:16.0805 1652 NdisTapi (e4a8aec125a2e43a9e32afeea7c9c888) C:\Windows\system32\DRIVERS\ndistapi.sys
    12:57:16.0821 1652 NdisTapi - ok
    12:57:16.0899 1652 Ndisuio (b30ae7f2b6d7e343b0df32e6c08fce75) C:\Windows\system32\DRIVERS\ndisuio.sys
    12:57:16.0914 1652 Ndisuio - ok
    12:57:16.0930 1652 NdisWan (267c415eadcbe53c9ca873dee39cf3a4) C:\Windows\system32\DRIVERS\ndiswan.sys
    12:57:16.0945 1652 NdisWan - ok
    12:57:17.0023 1652 NDProxy (af7e7c63dcef3f8772726f86039d6eb4) C:\Windows\system32\drivers\NDProxy.sys
    12:57:17.0023 1652 NDProxy - ok
    12:57:17.0055 1652 NetBIOS (80b275b1ce3b0e79909db7b39af74d51) C:\Windows\system32\DRIVERS\netbios.sys
    12:57:17.0070 1652 NetBIOS - ok
    12:57:17.0101 1652 NetBT (dd52a733bf4ca5af84562a5e2f963b91) C:\Windows\system32\DRIVERS\netbt.sys
    12:57:17.0117 1652 NetBT - ok
    12:57:17.0304 1652 netw5v32 (58218ec6b61b1169cf54aab0d00f5fe2) C:\Windows\system32\DRIVERS\netw5v32.sys
    12:57:17.0429 1652 netw5v32 - ok
    12:57:17.0538 1652 nfrd960 (1d85c4b390b0ee09c7a46b91efb2c097) C:\Windows\system32\DRIVERS\nfrd960.sys
    12:57:17.0554 1652 nfrd960 - ok
    12:57:17.0632 1652 Npfs (1db262a9f8c087e8153d89bef3d2235f) C:\Windows\system32\drivers\Npfs.sys
    12:57:17.0632 1652 Npfs - ok
    12:57:17.0663 1652 nsiproxy (e9a0a4d07e53d8fea2bb8387a3293c58) C:\Windows\system32\drivers\nsiproxy.sys
    12:57:17.0679 1652 nsiproxy - ok
    12:57:17.0741 1652 Ntfs (187002ce05693c306f43c873f821381f) C:\Windows\system32\drivers\Ntfs.sys
    12:57:17.0913 1652 Ntfs - ok
    12:57:18.0006 1652 Null (f9756a98d69098dca8945d62858a812c) C:\Windows\system32\drivers\Null.sys
    12:57:18.0006 1652 Null - ok
    12:57:18.0037 1652 nvraid (3f3d04b1d08d43c16ea7963954ec768d) C:\Windows\system32\DRIVERS\nvraid.sys
    12:57:18.0069 1652 nvraid - ok
    12:57:18.0100 1652 nvstor (c99f251a5de63c6f129cf71933aced0f) C:\Windows\system32\DRIVERS\nvstor.sys
    12:57:18.0115 1652 nvstor - ok
    12:57:18.0147 1652 nv_agp (5a0983915f02bae73267cc2a041f717d) C:\Windows\system32\DRIVERS\nv_agp.sys
    12:57:18.0147 1652 nv_agp - ok
    12:57:18.0209 1652 OEM04Vfx (86326062a90494bdd79ce383511d7d69) C:\Windows\system32\DRIVERS\OEM04Vfx.sys
    12:57:18.0318 1652 OEM04Vfx - ok
    12:57:18.0365 1652 OEM04Vid (40e9bfd9f64dfb32c1eafbaa0576c55d) C:\Windows\system32\DRIVERS\OEM04Vid.sys
    12:57:18.0490 1652 OEM04Vid - ok
    12:57:18.0505 1652 ohci1394 (08a70a1f2cdde9bb49b885cb817a66eb) C:\Windows\system32\DRIVERS\ohci1394.sys
    12:57:18.0521 1652 ohci1394 - ok
    12:57:18.0661 1652 Parport (2ea877ed5dd9713c5ac74e8ea7348d14) C:\Windows\system32\DRIVERS\parport.sys
    12:57:18.0677 1652 Parport - ok
    12:57:18.0693 1652 partmgr (ff4218952b51de44fe910953a3e686b9) C:\Windows\system32\drivers\partmgr.sys
    12:57:18.0708 1652 partmgr - ok
    12:57:18.0739 1652 Parvdm (eb0a59f29c19b86479d36b35983daadc) C:\Windows\system32\DRIVERS\parvdm.sys
    12:57:18.0739 1652 Parvdm - ok
    12:57:18.0771 1652 pci (c858cb77c577780ecc456a892e7e7d0f) C:\Windows\system32\DRIVERS\pci.sys
    12:57:18.0802 1652 pci - ok
    12:57:18.0833 1652 pciide (afe86f419014db4e5593f69ffe26ce0a) C:\Windows\system32\DRIVERS\pciide.sys
    12:57:18.0833 1652 pciide - ok
    12:57:18.0864 1652 pcmcia (f396431b31693e71e8a80687ef523506) C:\Windows\system32\DRIVERS\pcmcia.sys
    12:57:18.0880 1652 pcmcia - ok
    12:57:18.0911 1652 pcw (250f6b43d2b613172035c6747aeeb19f) C:\Windows\system32\drivers\pcw.sys
    12:57:18.0927 1652 pcw - ok
    12:57:18.0973 1652 PEAUTH (9e0104ba49f4e6973749a02bf41344ed) C:\Windows\system32\drivers\peauth.sys
    12:57:18.0989 1652 PEAUTH - ok
    12:57:19.0161 1652 PptpMiniport (631e3e205ad6d86f2aed6a4a8e69f2db) C:\Windows\system32\DRIVERS\raspptp.sys
    12:57:19.0176 1652 PptpMiniport - ok
    12:57:19.0207 1652 Processor (85b1e3a0c7585bc4aae6899ec6fcf011) C:\Windows\system32\DRIVERS\processr.sys
    12:57:19.0223 1652 Processor - ok
    12:57:19.0270 1652 Psched (6270ccae2a86de6d146529fe55b3246a) C:\Windows\system32\DRIVERS\pacer.sys
    12:57:19.0285 1652 Psched - ok
    12:57:19.0348 1652 ql2300 (ab95ecf1f6659a60ddc166d8315b0751) C:\Windows\system32\DRIVERS\ql2300.sys
    12:57:19.0395 1652 ql2300 - ok
    12:57:19.0426 1652 ql40xx (b4dd51dd25182244b86737dc51af2270) C:\Windows\system32\DRIVERS\ql40xx.sys
    12:57:19.0441 1652 ql40xx - ok
    12:57:19.0551 1652 QWAVEdrv (584078ca1b95ca72df2a27c336f9719d) C:\Windows\system32\drivers\qwavedrv.sys
    12:57:19.0551 1652 QWAVEdrv - ok
    12:57:19.0582 1652 RasAcd (30a81b53c766d0133bb86d234e5556ab) C:\Windows\system32\DRIVERS\rasacd.sys
    12:57:19.0597 1652 RasAcd - ok
    12:57:19.0644 1652 RasAgileVpn (57ec4aef73660166074d8f7f31c0d4fd) C:\Windows\system32\DRIVERS\AgileVpn.sys
    12:57:19.0660 1652 RasAgileVpn - ok
    12:57:19.0691 1652 Rasl2tp (d9f91eafec2815365cbe6d167e4e332a) C:\Windows\system32\DRIVERS\rasl2tp.sys
    12:57:19.0707 1652 Rasl2tp - ok
    12:57:19.0738 1652 RasPppoe (0fe8b15916307a6ac12bfb6a63e45507) C:\Windows\system32\DRIVERS\raspppoe.sys
    12:57:19.0753 1652 RasPppoe - ok
    12:57:19.0878 1652 RasSstp (44101f495a83ea6401d886e7fd70096b) C:\Windows\system32\DRIVERS\rassstp.sys
    12:57:19.0894 1652 RasSstp - ok
    12:57:19.0925 1652 rdbss (835d7e81bf517a3b72384bdcc85e1ce6) C:\Windows\system32\DRIVERS\rdbss.sys
    12:57:19.0941 1652 rdbss - ok
    12:57:19.0972 1652 rdpbus (0d8f05481cb76e70e1da06ee9f0da9df) C:\Windows\system32\DRIVERS\rdpbus.sys
    12:57:19.0987 1652 rdpbus - ok
    12:57:20.0003 1652 RDPCDD (1e016846895b15a99f9a176a05029075) C:\Windows\system32\DRIVERS\RDPCDD.sys
    12:57:20.0019 1652 RDPCDD - ok
    12:57:20.0050 1652 RDPDR (c5ff95883ffef704d50c40d21cfb3ab5) C:\Windows\system32\drivers\rdpdr.sys
    12:57:20.0065 1652 RDPDR - ok
    12:57:20.0097 1652 RDPENCDD (5a53ca1598dd4156d44196d200c94b8a) C:\Windows\system32\drivers\rdpencdd.sys
    12:57:20.0112 1652 RDPENCDD - ok
    12:57:20.0128 1652 RDPREFMP (44b0a53cd4f27d50ed461dae0c0b4e1f) C:\Windows\system32\drivers\rdprefmp.sys
    12:57:20.0143 1652 RDPREFMP - ok
    12:57:20.0175 1652 RDPWD (801371ba9782282892d00aadb08ee367) C:\Windows\system32\drivers\RDPWD.sys
    12:57:20.0190 1652 RDPWD - ok
    12:57:20.0299 1652 rdyboost (4ea225bf1cf05e158853f30a99ca29a7) C:\Windows\system32\drivers\rdyboost.sys
    12:57:20.0315 1652 rdyboost - ok
    12:57:20.0409 1652 RFCOMM (cb928d9e6daf51879dd6ba8d02f01321) C:\Windows\system32\DRIVERS\rfcomm.sys
    12:57:20.0424 1652 RFCOMM - ok
    12:57:20.0471 1652 rismxdp (6c1f93c0760c9f79a1869d07233df39d) C:\Windows\system32\DRIVERS\rixdptsk.sys
    12:57:20.0705 1652 rismxdp - ok
    12:57:20.0783 1652 rspndr (032b0d36ad92b582d869879f5af5b928) C:\Windows\system32\DRIVERS\rspndr.sys
    12:57:20.0799 1652 rspndr - ok
    12:57:20.0845 1652 s3cap (5423d8437051e89dd34749f242c98648) C:\Windows\system32\DRIVERS\vms3cap.sys
    12:57:20.0845 1652 s3cap - ok
    12:57:20.0970 1652 sbp2port (34ee0c44b724e3e4ce2eff29126de5b5) C:\Windows\system32\DRIVERS\sbp2port.sys
    12:57:20.0986 1652 sbp2port - ok
    12:57:21.0017 1652 scfilter (a95c54b2ac3cc9c73fcdf9e51a1d6b51) C:\Windows\system32\DRIVERS\scfilter.sys
    12:57:21.0017 1652 scfilter - ok
    12:57:21.0079 1652 sdbus (aa826e35f6d28a8e5d1efeb337f24ba2) C:\Windows\system32\DRIVERS\sdbus.sys
    12:57:21.0329 1652 sdbus - ok
    12:57:21.0360 1652 secdrv (90a3935d05b494a5a39d37e71f09a677) C:\Windows\system32\drivers\secdrv.sys
    12:57:21.0376 1652 secdrv - ok
    12:57:21.0501 1652 Serenum (9ad8b8b515e3df6acd4212ef465de2d1) C:\Windows\system32\DRIVERS\serenum.sys
    12:57:21.0532 1652 Serenum - ok
    12:57:21.0641 1652 Serial (5fb7fcea0490d821f26f39cc5ea3d1e2) C:\Windows\system32\DRIVERS\serial.sys
    12:57:21.0657 1652 Serial - ok
    12:57:21.0672 1652 sermouse (79bffb520327ff916a582dfea17aa813) C:\Windows\system32\DRIVERS\sermouse.sys
    12:57:21.0688 1652 sermouse - ok
    12:57:21.0735 1652 sffdisk (9f976e1eb233df46fce808d9dea3eb9c) C:\Windows\system32\DRIVERS\sffdisk.sys
    12:57:21.0750 1652 sffdisk - ok
    12:57:21.0781 1652 sffp_mmc (932a68ee27833cfd57c1639d375f2731) C:\Windows\system32\DRIVERS\sffp_mmc.sys
    12:57:21.0797 1652 sffp_mmc - ok
    12:57:21.0813 1652 sffp_sd (a0708bbd07d245c06ff9de549ca47185) C:\Windows\system32\DRIVERS\sffp_sd.sys
    12:57:21.0937 1652 sffp_sd - ok
    12:57:21.0969 1652 sfloppy (db96666cc8312ebc45032f30b007a547) C:\Windows\system32\DRIVERS\sfloppy.sys
    12:57:21.0969 1652 sfloppy - ok
    12:57:22.0015 1652 sisagp (2565cac0dc9fe0371bdce60832582b2e) C:\Windows\system32\DRIVERS\sisagp.sys
    12:57:22.0031 1652 sisagp - ok
    12:57:22.0062 1652 SiSRaid2 (a9f0486851becb6dda1d89d381e71055) C:\Windows\system32\DRIVERS\SiSRaid2.sys
    12:57:22.0078 1652 SiSRaid2 - ok
    12:57:22.0171 1652 SiSRaid4 (3727097b55738e2f554972c3be5bc1aa) C:\Windows\system32\DRIVERS\sisraid4.sys
    12:57:22.0187 1652 SiSRaid4 - ok
    12:57:22.0218 1652 Smb (3e21c083b8a01cb70ba1f09303010fce) C:\Windows\system32\DRIVERS\smb.sys
    12:57:22.0234 1652 Smb - ok
    12:57:22.0296 1652 spldr (95cf1ae7527fb70f7816563cbc09d942) C:\Windows\system32\drivers\spldr.sys
    12:57:22.0312 1652 spldr - ok
    12:57:22.0359 1652 srv (c4a027b8c0bd3fc0699f41fa5e9e0c87) C:\Windows\system32\DRIVERS\srv.sys
    12:57:22.0593 1652 srv - ok
    12:57:22.0795 1652 srv2 (414bb592cad8a79649d01f9d94318fb3) C:\Windows\system32\DRIVERS\srv2.sys
    12:57:22.0936 1652 srv2 - ok
    12:57:22.0967 1652 srvnet (ff207d67700aa18242aaf985d3e7d8f4) C:\Windows\system32\DRIVERS\srvnet.sys
    12:57:23.0232 1652 srvnet - ok
    12:57:23.0295 1652 stexstor (db32d325c192b801df274bfd12a7e72b) C:\Windows\system32\DRIVERS\stexstor.sys
    12:57:23.0310 1652 stexstor - ok
    12:57:23.0388 1652 storflt (957e346ca948668f2496a6ccf6ff82cc) C:\Windows\system32\DRIVERS\vmstorfl.sys
    12:57:23.0404 1652 storflt - ok
    12:57:23.0435 1652 storvsc (d5751969dc3e4b88bf482ac8ec9fe019) C:\Windows\system32\DRIVERS\storvsc.sys
    12:57:23.0435 1652 storvsc - ok
    12:57:23.0466 1652 swenum (e58c78a848add9610a4db6d214af5224) C:\Windows\system32\DRIVERS\swenum.sys
    12:57:23.0482 1652 swenum - ok
    12:57:23.0607 1652 Tcpip (56c198ac82efa622dd93e9e43575f79c) C:\Windows\system32\drivers\tcpip.sys
    12:57:23.0716 1652 Tcpip - ok
    12:57:23.0825 1652 TCPIP6 (56c198ac82efa622dd93e9e43575f79c) C:\Windows\system32\DRIVERS\tcpip.sys
    12:57:23.0841 1652 TCPIP6 - ok
    12:57:23.0887 1652 tcpipreg (e64444523add154f86567c469bc0b17f) C:\Windows\system32\drivers\tcpipreg.sys
    12:57:23.0903 1652 tcpipreg - ok
    12:57:23.0919 1652 TDPIPE (1875c1490d99e70e449e3afae9fcbadf) C:\Windows\system32\drivers\tdpipe.sys
    12:57:23.0919 1652 TDPIPE - ok
    12:57:23.0934 1652 TDTCP (7551e91ea999ee9a8e9c331d5a9c31f3) C:\Windows\system32\drivers\tdtcp.sys
    12:57:23.0950 1652 TDTCP - ok
    12:57:23.0965 1652 tdx (cb39e896a2a83702d1737bfd402b3542) C:\Windows\system32\DRIVERS\tdx.sys
    12:57:23.0981 1652 tdx - ok
    12:57:24.0012 1652 TermDD (c36f41ee20e6999dbf4b0425963268a5) C:\Windows\system32\DRIVERS\termdd.sys
    12:57:24.0012 1652 TermDD - ok
    12:57:24.0075 1652 tssecsrv (98ae6fa07d12cb4ec5cf4a9bfa5f4242) C:\Windows\system32\DRIVERS\tssecsrv.sys
    12:57:24.0075 1652 tssecsrv - ok
    12:57:24.0231 1652 tunnel (3e461d890a97f9d4c168f5fda36e1d00) C:\Windows\system32\DRIVERS\tunnel.sys
    12:57:24.0246 1652 tunnel - ok
    12:57:24.0262 1652 uagp35 (750fbcb269f4d7dd2e420c56b795db6d) C:\Windows\system32\DRIVERS\uagp35.sys
    12:57:24.0277 1652 uagp35 - ok
    12:57:24.0324 1652 udfs (09cc3e16f8e5ee7168e01cf8fcbe061a) C:\Windows\system32\DRIVERS\udfs.sys
    12:57:24.0340 1652 udfs - ok
    12:57:24.0387 1652 uliagpkx (44e8048ace47befbfdc2e9be4cbc8880) C:\Windows\system32\DRIVERS\uliagpkx.sys
    12:57:24.0402 1652 uliagpkx - ok
    12:57:24.0449 1652 umbus (049b3a50b3d646baeeee9eec9b0668dc) C:\Windows\system32\DRIVERS\umbus.sys
    12:57:24.0465 1652 umbus - ok
    12:57:24.0496 1652 UmPass (7550ad0c6998ba1cb4843e920ee0feac) C:\Windows\system32\DRIVERS\umpass.sys
    12:57:24.0511 1652 UmPass - ok
    12:57:24.0574 1652 usbaudio (2436a42aab4ad48a9b714e5b0f344627) C:\Windows\system32\drivers\usbaudio.sys
    12:57:24.0589 1652 usbaudio - ok
    12:57:24.0699 1652 usbccgp (c31ae588e403042632dc796cf09e30b0) C:\Windows\system32\DRIVERS\usbccgp.sys
    12:57:24.0823 1652 usbccgp - ok
    12:57:24.0870 1652 usbcir (04ec7cec62ec3b6d9354eee93327fc82) C:\Windows\system32\DRIVERS\usbcir.sys
    12:57:24.0886 1652 usbcir - ok
    12:57:24.0917 1652 usbehci (e4c436d914768ce965d5e659ba7eebd8) C:\Windows\system32\DRIVERS\usbehci.sys
    12:57:25.0167 1652 usbehci - ok
    12:57:25.0276 1652 usbhub (bdcd7156ec37448f08633fd899823620) C:\Windows\system32\DRIVERS\usbhub.sys
    12:57:25.0447 1652 usbhub - ok
    12:57:25.0494 1652 usbohci (eb2d819a639015253c871cda09d91d58) C:\Windows\system32\drivers\usbohci.sys
    12:57:25.0650 1652 usbohci - ok
    12:57:25.0775 1652 usbprint (797d862fe0875e75c7cc4c1ad7b30252) C:\Windows\system32\DRIVERS\usbprint.sys
    12:57:25.0775 1652 usbprint - ok
    12:57:25.0806 1652 USBSTOR (d8889d56e0d27e57ed4591837fe71d27) C:\Windows\system32\DRIVERS\USBSTOR.SYS
    12:57:25.0822 1652 USBSTOR - ok
    12:57:25.0853 1652 usbuhci (22480bf4e5a09192e5e30ba4dde79fa4) C:\Windows\system32\DRIVERS\usbuhci.sys
    12:57:26.0103 1652 usbuhci - ok
    12:57:26.0165 1652 usbvideo (b5f6a992d996282b7fae7048e50af83a) C:\Windows\System32\Drivers\usbvideo.sys
    12:57:26.0399 1652 usbvideo - ok
    12:57:26.0430 1652 vdrvroot (a059c4c3edb09e07d21a8e5c0aabd3cb) C:\Windows\system32\DRIVERS\vdrvroot.sys
    12:57:26.0430 1652 vdrvroot - ok
    12:57:26.0477 1652 vga (17c408214ea61696cec9c66e388b14f3) C:\Windows\system32\DRIVERS\vgapnp.sys
    12:57:26.0477 1652 vga - ok
    12:57:26.0508 1652 VgaSave (8e38096ad5c8570a6f1570a61e251561) C:\Windows\System32\drivers\vga.sys
    12:57:26.0508 1652 VgaSave - ok
    12:57:26.0617 1652 vhdmp (3be6e1f3a4f1afec8cee0d7883f93583) C:\Windows\system32\DRIVERS\vhdmp.sys
    12:57:26.0633 1652 vhdmp - ok
    12:57:26.0664 1652 viaagp (c829317a37b4bea8f39735d4b076e923) C:\Windows\system32\DRIVERS\viaagp.sys
    12:57:26.0680 1652 viaagp - ok
    12:57:26.0695 1652 ViaC7 (e02f079a6aa107f06b16549c6e5c7b74) C:\Windows\system32\DRIVERS\viac7.sys
    12:57:26.0711 1652 ViaC7 - ok
    12:57:26.0727 1652 viaide (e43574f6a56a0ee11809b48c09e4fd3c) C:\Windows\system32\DRIVERS\viaide.sys
    12:57:26.0727 1652 viaide - ok
    12:57:26.0758 1652 vmbus (379b349f65f453d2a6e75ea6b7448e49) C:\Windows\system32\DRIVERS\vmbus.sys
    12:57:26.0758 1652 vmbus - ok
    12:57:26.0789 1652 VMBusHID (ec2bbab4b84d0738c6c83d2234dc36fe) C:\Windows\system32\DRIVERS\VMBusHID.sys
    12:57:26.0789 1652 VMBusHID - ok
    12:57:26.0820 1652 volmgr (384e5a2aa49934295171e499f86ba6f3) C:\Windows\system32\DRIVERS\volmgr.sys
    12:57:26.0820 1652 volmgr - ok
    12:57:26.0851 1652 volmgrx (b5bb72067ddddbbfb04b2f89ff8c3c87) C:\Windows\system32\drivers\volmgrx.sys
    12:57:26.0867 1652 volmgrx - ok
    12:57:26.0976 1652 volsnap (58df9d2481a56edde167e51b334d44fd) C:\Windows\system32\DRIVERS\volsnap.sys
    12:57:26.0992 1652 volsnap - ok
    12:57:27.0023 1652 vpnva (1b7c80c66742dafaa31f98af4c3a5bc2) C:\Windows\system32\DRIVERS\vpnva.sys
    12:57:27.0117 1652 vpnva - ok
    12:57:27.0163 1652 vsmraid (9dfa0cc2f8855a04816729651175b631) C:\Windows\system32\DRIVERS\vsmraid.sys
    12:57:27.0163 1652 vsmraid - ok
    12:57:27.0179 1652 vwifibus (90567b1e658001e79d7c8bbd3dde5aa6) C:\Windows\System32\drivers\vwifibus.sys
    12:57:27.0195 1652 vwifibus - ok
    12:57:27.0210 1652 WacomPen (de3721e89c653aa281428c8a69745d90) C:\Windows\system32\DRIVERS\wacompen.sys
    12:57:27.0226 1652 WacomPen - ok
    12:57:27.0241 1652 WANARP (692a712062146e96d28ba0b7d75de31b) C:\Windows\system32\DRIVERS\wanarp.sys
    12:57:27.0257 1652 WANARP - ok
    12:57:27.0257 1652 Wanarpv6 (692a712062146e96d28ba0b7d75de31b) C:\Windows\system32\DRIVERS\wanarp.sys
    12:57:27.0257 1652 Wanarpv6 - ok
    12:57:27.0413 1652 Wd (1112a9badacb47b7c0bb0392e3158dff) C:\Windows\system32\DRIVERS\wd.sys
    12:57:27.0413 1652 Wd - ok
    12:57:27.0444 1652 Wdf01000 (9950e3d0f08141c7e89e64456ae7dc73) C:\Windows\system32\drivers\Wdf01000.sys
    12:57:27.0460 1652 Wdf01000 - ok
    12:57:27.0522 1652 WfpLwf (8b9a943f3b53861f2bfaf6c186168f79) C:\Windows\system32\DRIVERS\wfplwf.sys
    12:57:27.0522 1652 WfpLwf - ok
    12:57:27.0538 1652 WIMMount (5cf95b35e59e2a38023836fff31be64c) C:\Windows\system32\drivers\wimmount.sys
    12:57:27.0553 1652 WIMMount - ok
    12:57:27.0600 1652 WinUsb (30fc6e5448d0cbaaa95280eeef7fedae) C:\Windows\system32\DRIVERS\WinUSB.sys
    12:57:27.0616 1652 WinUsb - ok
    12:57:27.0725 1652 WmiAcpi (0217679b8fca58714c3bf2726d2ca84e) C:\Windows\system32\DRIVERS\wmiacpi.sys
    12:57:27.0741 1652 WmiAcpi - ok
    12:57:27.0772 1652 ws2ifsl (6db3276587b853bf886b69528fdb048c) C:\Windows\system32\drivers\ws2ifsl.sys
    12:57:27.0787 1652 ws2ifsl - ok
    12:57:27.0819 1652 WudfPf (6f9b6c0c93232cff47d0f72d6db1d21e) C:\Windows\system32\drivers\WudfPf.sys
    12:57:27.0819 1652 WudfPf - ok
    12:57:27.0850 1652 WUDFRd (f91ff1e51fca30b3c3981db7d5924252) C:\Windows\system32\DRIVERS\WUDFRd.sys
    12:57:27.0850 1652 WUDFRd - ok
    12:57:27.0912 1652 MBR (0x1B8) (a36c5e4f47e84449ff07ed3517b43a31) \Device\Harddisk0\DR0
    12:57:27.0959 1652 \Device\Harddisk0\DR0 - ok
    12:57:27.0975 1652 Boot (0x1200) (315985281915fbb30e85ef04644ac8de) \Device\Harddisk0\DR0\Partition0
    12:57:27.0975 1652 \Device\Harddisk0\DR0\Partition0 - ok
    12:57:27.0990 1652 Boot (0x1200) (496d79fd46eceb724670b6b2d02c71d6) \Device\Harddisk0\DR0\Partition1
    12:57:27.0990 1652 \Device\Harddisk0\DR0\Partition1 - ok
    12:57:27.0990 1652 ============================================================
    12:57:27.0990 1652 Scan finished
    12:57:27.0990 1652 ============================================================
    12:57:27.0990 4900 Detected object count: 0
    12:57:27.0990 4900 Actual detected object count: 0
     
  8. Broni

    Broni Malware Annihilator Posts: 47,048   +256

    Disabling is not enough.
    You have to uninstall it.

    ==========================================================

    Download aswMBR to your desktop.
    Double click the aswMBR.exe to run it.
    If you see this question: Would you like to download latest Avast! virus definitions?" say "Yes".
    Click the "Scan" button to start scan.
    On completion of the scan click "Save log", save it to your desktop and post in your next reply.

    NOTE. aswMBR will create MBR.dat file on your desktop. This is a copy of your MBR. Do NOT delete it.

    ============================================================

    Download Bootkit Remover to your Desktop.

    • Unzip downloaded file to your Desktop.
    • Double-click on boot_cleaner.exe to run the program (Vista/7 users,right click on boot_cleaner.exe and click Run As Administrator).
    • It will show a Black screen with some data on it.
    • Right click on the screen and click Select All.
    • Press CTRL+C
    • Open a Notepad and press CTRL+V
    • Post the output back here.
     
  9. byokley

    byokley TS Rookie Topic Starter

    Avast: Uninstalled

    MBR:

    aswMBR version 0.9.9.1532 Copyright(c) 2011 AVAST Software
    Run date: 2012-02-01 13:32:46
    -----------------------------
    13:32:46.940 OS Version: Windows 6.1.7600
    13:32:46.940 Number of processors: 2 586 0x1706
    13:32:46.940 ComputerName: BRIANYOKLEY-PC UserName: Brian Yokley
    13:32:49.467 Initialize success
    13:33:36.105 AVAST engine defs: 12020100
    13:33:44.061 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP1T0L0-2
    13:33:44.077 Disk 0 Vendor: TOSHIBA_MK2051GSY LD001D Size: 190782MB BusType: 11
    13:33:44.092 Disk 0 MBR read successfully
    13:33:44.092 Disk 0 MBR scan
    13:33:44.108 Disk 0 Windows 7 default MBR code
    13:33:44.108 Disk 0 Partition 1 00 DE Dell Utility Dell 8.0 54 MB offset 63
    13:33:44.170 Disk 0 Partition 2 00 07 HPFS/NTFS NTFS 15360 MB offset 112640
    13:33:44.202 Disk 0 Partition 3 80 (A) 07 HPFS/NTFS NTFS 172805 MB offset 31569920
    13:33:44.233 Disk 0 Partition - 00 0F Extended LBA 2560 MB offset 385476608
    13:33:44.529 Disk 0 Partition 4 00 DD MSDOS5.0 2559 MB offset 385478656
    13:33:44.623 Disk 0 scanning sectors +390719488
    13:33:44.732 Disk 0 scanning C:\Windows\system32\drivers
    13:34:17.102 Service scanning
    13:34:28.974 Modules scanning
    13:34:33.841 Disk 0 MBR has been saved successfully to "C:\Users\Brian Yokley\Desktop\MBR.dat"
    13:34:33.872 The log file has been saved successfully to "C:\Users\Brian Yokley\Desktop\aswMBR.txt"


    aswMBR version 0.9.9.1532 Copyright(c) 2011 AVAST Software
    Run date: 2012-02-01 13:32:46
    -----------------------------
    13:32:46.940 OS Version: Windows 6.1.7600
    13:32:46.940 Number of processors: 2 586 0x1706
    13:32:46.940 ComputerName: BRIANYOKLEY-PC UserName: Brian Yokley
    13:32:49.467 Initialize success
    13:33:36.105 AVAST engine defs: 12020100
    13:33:44.061 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP1T0L0-2
    13:33:44.077 Disk 0 Vendor: TOSHIBA_MK2051GSY LD001D Size: 190782MB BusType: 11
    13:33:44.092 Disk 0 MBR read successfully
    13:33:44.092 Disk 0 MBR scan
    13:33:44.108 Disk 0 Windows 7 default MBR code
    13:33:44.108 Disk 0 Partition 1 00 DE Dell Utility Dell 8.0 54 MB offset 63
    13:33:44.170 Disk 0 Partition 2 00 07 HPFS/NTFS NTFS 15360 MB offset 112640
    13:33:44.202 Disk 0 Partition 3 80 (A) 07 HPFS/NTFS NTFS 172805 MB offset 31569920
    13:33:44.233 Disk 0 Partition - 00 0F Extended LBA 2560 MB offset 385476608
    13:33:44.529 Disk 0 Partition 4 00 DD MSDOS5.0 2559 MB offset 385478656
    13:33:44.623 Disk 0 scanning sectors +390719488
    13:33:44.732 Disk 0 scanning C:\Windows\system32\drivers
    13:34:17.102 Service scanning
    13:34:28.974 Modules scanning
    13:34:33.872 Scanning: C:\Windows\system32\DRIVERS\tunnel.sys top\MBR.dat"
    13:34:33.872 The log file has been saved successfully to "C:\Users\Brian Yokley\Desktop\aswMBR.txt"
    13:34:40.686 Disk 0 trace - called modules:
    13:34:40.748 ntkrnlpa.exe CLASSPNP.SYS disk.sys ataport.SYS halmacpi.dll PCIIDEX.SYS msahci.sys
    13:34:40.764 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0x8653c948]
    13:34:40.795 3 CLASSPNP.SYS[8320459e] -> nt!IofCallDriver -> \Device\Ide\IdeDeviceP1T0L0-2[0x860b2908]
    13:34:42.292 AVAST engine scan C:\Windows
    13:34:46.785 AVAST engine scan C:\Windows\system32
    13:41:07.988 AVAST engine scan C:\Windows\system32\drivers
    13:41:36.754 AVAST engine scan C:\Users\Brian Yokley
    13:45:15.513 File: C:\Users\Brian Yokley\AppData\Local\Temp\fzyL1cuxqYNBhn.exe.tmp **INFECTED** Win32:FakeAlert-BXX [Trj]
    13:54:06.944 AVAST engine scan C:\ProgramData
    13:55:06.739 File: C:\ProgramData\odFpWeGCGDBNMy.exe **INFECTED** Win32:FakeAlert-BXX [Trj]
    13:55:14.663 File: C:\ProgramData\V3v12Zn5SU75vD.exe **INFECTED** Win32:FakeAlert-BXX [Trj]
    13:55:15.459 Scan finished successfully
    13:55:30.997 Disk 0 MBR has been saved successfully to "C:\Users\Brian Yokley\Desktop\MBR.dat"
    13:55:31.059 The log file has been saved successfully to "C:\Users\Brian Yokley\Desktop\aswMBR.txt"


    Bootkit Remover:

    Bootkit Remover
    (c) 2009 Esage Lab
    www.esagelab.com

    Program version: 1.2.0.1
    OS Version: Microsoft Windows 7 (build 7600), 32-bit

    System volume is \\.\C:
    \\.\C: -> \\.\PhysicalDrive0 at offset 0x00000003`c3700000
    Boot sector MD5 is: bb4f1627d8b9beda49ac0d010229f3ff

    Size Device Name MBR Status
    --------------------------------------------
    186 GB \\.\PhysicalDrive0 OK (DOS/Win32 Boot code found)


    Done;
    Press any key to quit...
     
  10. Broni

    Broni Malware Annihilator Posts: 47,048   +256

    Please download ComboFix from Here or Here to your Desktop.

    **Note: In the event you already have Combofix, this is a new version that I need you to download. It is important that it is saved directly to your desktop**
    1. Please, never rename Combofix unless instructed.
    2. Close any open browsers.
    3. Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.
      • Very Important! Temporarily disable your anti-virus, script blocking and any anti-malware real-time protection before performing a scan. They can interfere with ComboFix or remove some of its embedded files which may cause "unpredictable results".
      • Click on this link to see a list of programs that should be disabled. The list is not all inclusive. If yours is not listed and you don't know how to disable it, please ask.
      NOTE1. If Combofix asks you to install Recovery Console, please allow it.
      NOTE 2. If Combofix asks you to update the program, always do so.
      • Close any open browsers.
      • WARNING: Combofix will disconnect your machine from the Internet as soon as it starts
      • Please do not attempt to re-connect your machine back to the Internet until Combofix has completely finished.
      • If there is no internet connection after running Combofix, then restart your computer to restore back your connection.
    4. Double click on combofix.exe & follow the prompts.
    5. When finished, it will produce a report for you.
    6. Please post the "C:\ComboFix.txt"
    **Note 1: Do not mouseclick combofix's window while it's running. That may cause it to stall
    **Note 2 for AVG and CA Internet Security users: ComboFix will not run until AVG/CA Internet Security is uninstalled as a protective measure against the anti-virus. This is because AVG/CA Internet Security "falsely" detects ComboFix (or its embedded files) as a threat and may remove them resulting in the tool not working correctly which in turn can cause "unpredictable results". Since AVG/CA Internet Security cannot be effectively disabled before running ComboFix, the author recommends you to uninstall AVG/CA Internet Security first.
    Use AppRemover to uninstall it: http://www.appremover.com/
    We can reinstall it when we're done with CF.
    **Note 3: If you receive an error "Illegal operation attempted on a registery key that has been marked for deletion", restart computer to fix the issue.
    **Note 4: Some infections may take some significant time to be cured. As long as your computer clock is running Combofix is still working. Be patient.



    Make sure, you re-enable your security programs, when you're done with Combofix.

    ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

    NOTE.
    If, for some reason, Combofix refuses to run, try one of the following:

    1. Run Combofix from Safe Mode (How to...)

    2. Delete Combofix file, download fresh one, but rename combofix.exe to yourname.exe BEFORE saving it to your desktop.
    Do NOT run it yet.

    Please download and run the below tool named Rkill (courtesy of BleepingComputer.com) which may help allow other programs to run.

    There are 4 different versions. If one of them won't run then download and try to run the other one.

    Vista and Win7 users need to right click Rkill and choose Run as Administrator

    You only need to get one of these to run, not all of them. You may get warnings from your antivirus about this tool, ignore them or shutdown your antivirus.

    Rkill.com
    Rkill.scr
    Rkill.exe

    • Double-click on the Rkill desktop icon to run the tool.
    • If using Vista or Windows 7 right-click on it and choose Run As Administrator.
    • A black DOS box will briefly flash and then disappear. This is normal and indicates the tool ran successfully.
    • If not, delete the file, then download and use the one provided in Link 2.
    • If it does not work, repeat the process and attempt to use one of the remaining links until the tool runs.
    • Do not reboot until instructed.
    • If the tool does not run from any of the links provided, please let me know.

    Once you've gotten one of them to run, immediately run your_name.exe by double clicking on it.

    If normal mode still doesn't work, run BOTH tools from safe mode.

    In case #2, please post BOTH logs, rKill and Combofix.

    DO NOT make any other changes to your computer (like installing programs, using other cleaning tools, etc.), until it's officially declared clean!!!
     
  11. byokley

    byokley TS Rookie Topic Starter

    Everything is BACK!

    ComboFix 12-02-01.01 - Brian Yokley 02/01/2012 14:09:27.1.2 - x86
    Microsoft Windows 7 Professional 6.1.7600.0.1252.1.1033.18.3582.2624 [GMT -5:00]
    Running from: c:\users\Brian Yokley\Desktop\ComboFix.exe
    AV: McAfee VirusScan Enterprise *Disabled/Updated* {86355677-4064-3EA7-ABB3-1B136EB04637}
    SP: McAfee VirusScan Enterprise Antispyware Module *Disabled/Updated* {3D54B793-665E-3129-9103-206115370C8A}
    SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
    .
    .
    ((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
    .
    .
    C:\Install.exe
    c:\programdata\odFpWeGCGDBNMy.exe
    c:\programdata\V3v12Zn5SU75vD.exe
    c:\users\Brian Yokley\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\System Check
    c:\users\Brian Yokley\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\System Check\System Check.lnk
    c:\users\Brian Yokley\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\System Check\Uninstall System Check.lnk
    c:\users\Brian Yokley\Desktop\System Check.lnk
    .
    .
    ((((((((((((((((((((((((( Files Created from 2012-01-01 to 2012-02-01 )))))))))))))))))))))))))))))))
    .
    .
    2012-02-01 19:14 . 2012-02-01 19:14 -------- d-----w- c:\users\Default\AppData\Local\temp
    2012-02-01 04:58 . 2012-02-01 04:58 -------- d--h--w- c:\users\Brian Yokley\AppData\Roaming\Malwarebytes
    2012-02-01 04:58 . 2012-02-01 04:58 -------- d--h--w- c:\programdata\Malwarebytes
    2012-02-01 04:58 . 2011-12-10 20:24 20464 ----a-w- c:\windows\system32\drivers\mbam.sys
    2012-02-01 04:58 . 2012-02-01 04:58 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
    2012-02-01 04:52 . 2012-02-01 18:25 -------- d--h--w- c:\programdata\AVAST Software
    2012-02-01 04:52 . 2012-02-01 04:52 -------- d-----w- c:\program files\AVAST Software
    2012-01-31 13:33 . 2012-01-31 17:54 -------- d-----w- C:\42d5e9fedad7946d00744b
    2012-01-31 13:31 . 2012-01-06 04:19 6557240 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{5EAB48BF-54AE-4D67-B781-C5E40080E31F}\mpengine.dll
    2012-01-31 13:25 . 2012-01-31 13:28 -------- d-----w- C:\6bea877153165f3ad17b86b1
    2012-01-30 18:03 . 2012-01-30 18:05 -------- d-----w- C:\5a87b4e619f351e05fd5de
    2012-01-27 16:37 . 2012-01-27 16:39 -------- d-----w- C:\3bddb1734610e4117feb8d5b
    2012-01-26 18:30 . 2012-01-26 18:32 -------- d-----w- C:\23b9abdeb3bc23e759979e90
    2012-01-26 04:30 . 2012-01-26 04:30 159744 ----a-w- c:\program files\Internet Explorer\PLUGINS\npqtplugin7.dll
    2012-01-26 04:30 . 2012-01-26 04:30 159744 ----a-w- c:\program files\Internet Explorer\PLUGINS\npqtplugin6.dll
    2012-01-26 04:30 . 2012-01-26 04:30 159744 ----a-w- c:\program files\Internet Explorer\PLUGINS\npqtplugin5.dll
    2012-01-26 04:30 . 2012-01-26 04:30 159744 ----a-w- c:\program files\Internet Explorer\PLUGINS\npqtplugin4.dll
    2012-01-26 04:30 . 2012-01-26 04:30 159744 ----a-w- c:\program files\Internet Explorer\PLUGINS\npqtplugin3.dll
    2012-01-26 04:30 . 2012-01-26 04:30 159744 ----a-w- c:\program files\Internet Explorer\PLUGINS\npqtplugin2.dll
    2012-01-26 04:30 . 2012-01-26 04:30 159744 ----a-w- c:\program files\Internet Explorer\PLUGINS\npqtplugin.dll
    2012-01-26 04:29 . 2012-01-26 04:30 -------- d-----w- c:\program files\QuickTime
    2012-01-26 04:29 . 2012-01-26 04:29 -------- d--h--w- c:\programdata\Apple Computer
    2012-01-26 04:27 . 2012-01-26 04:27 -------- d-----w- c:\program files\Common Files\Apple
    2012-01-26 04:27 . 2012-01-26 04:27 -------- d-----w- c:\program files\Apple Software Update
    2012-01-25 16:32 . 2012-01-25 16:35 -------- d-----w- C:\99fc4c09caa172c224bd
    2012-01-24 15:25 . 2012-01-24 15:28 -------- d-----w- C:\9f1d6f2f1d2153ace8cb33bfbca97c07
    2012-01-23 18:32 . 2012-01-23 18:35 -------- d-----w- C:\a9461e9bf2498b5fd197
    2012-01-19 20:54 . 2012-01-19 20:56 -------- d-----w- C:\f16f15f3dcf2c945c51b
    2012-01-18 13:54 . 2012-01-18 13:56 -------- d-----w- C:\bdf131dbe0005a936de58e90f856
    2012-01-18 00:29 . 2012-01-18 00:29 -------- d-----w- c:\windows\system32\SPReview
    2012-01-17 20:56 . 2012-01-17 20:59 -------- d-----w- C:\a1be0fc31e6d6654d64e
    2012-01-16 11:05 . 2011-11-17 05:38 1037312 ----a-w- c:\windows\system32\lsasrv.dll
    2012-01-16 11:05 . 2011-11-17 05:39 224768 ----a-w- c:\windows\system32\schannel.dll
    2012-01-16 11:04 . 2011-11-17 05:48 134000 ----a-w- c:\windows\system32\drivers\ksecpkg.sys
    2012-01-16 11:04 . 2011-11-17 05:48 67440 ----a-w- c:\windows\system32\drivers\ksecdd.sys
    2012-01-16 11:04 . 2011-11-17 05:42 369352 ----a-w- c:\windows\system32\drivers\cng.sys
    2012-01-16 11:04 . 2011-11-17 05:39 314368 ----a-w- c:\windows\system32\webio.dll
    2012-01-16 11:04 . 2011-11-17 05:36 22528 ----a-w- c:\windows\system32\lsass.exe
    2012-01-16 11:04 . 2011-11-17 05:39 99840 ----a-w- c:\windows\system32\sspicli.dll
    2012-01-16 11:04 . 2011-11-17 05:39 22016 ----a-w- c:\windows\system32\secur32.dll
    2012-01-16 11:04 . 2011-11-17 05:39 15360 ----a-w- c:\windows\system32\sspisrv.dll
    2012-01-12 01:22 . 2011-11-17 05:41 1288984 ----a-w- c:\windows\system32\ntdll.dll
    2012-01-12 01:22 . 2011-11-19 14:06 67072 ----a-w- c:\windows\system32\packager.dll
    2012-01-12 01:22 . 2011-10-26 04:28 1328640 ----a-w- c:\windows\system32\quartz.dll
    2012-01-12 01:22 . 2011-10-26 04:28 514560 ----a-w- c:\windows\system32\qdvd.dll
    2012-01-12 01:13 . 2012-01-12 01:16 -------- d-----w- C:\1284a7f9e1730e7736b1e7
    2012-01-07 15:53 . 2012-01-17 20:58 -------- d--h--w- c:\program files\Micromax
    2012-01-03 13:22 . 2012-01-03 13:22 103864 ----a-w- c:\program files\Internet Explorer\PLUGINS\nppdf32.dll
    .
    .
    .
    (((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
    .
    2011-12-07 15:08 . 2010-07-13 22:16 236576 ------w- c:\windows\system32\MpSigStub.exe
    2011-11-27 20:46 . 2011-09-21 15:50 414368 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
    2011-11-24 04:23 . 2011-12-17 23:37 2340352 ----a-w- c:\windows\system32\win32k.sys
    2011-11-05 04:35 . 2011-12-17 23:38 981504 ----a-w- c:\windows\system32\wininet.dll
    2011-11-05 04:34 . 2011-12-17 23:38 44544 ----a-w- c:\windows\system32\licmgr10.dll
    2011-11-05 04:30 . 2011-12-17 23:37 2048 ----a-w- c:\windows\system32\tzres.dll
    2011-11-05 03:28 . 2011-12-17 23:38 386048 ----a-w- c:\windows\system32\html.iec
    2011-11-05 02:55 . 2011-12-17 23:38 1638912 ----a-w- c:\windows\system32\mshtml.tlb
    .
    .
    ((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
    .
    .
    *Note* empty entries & legit default entries are not shown
    REGEDIT4
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt1]
    @="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}"
    [HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}]
    2010-10-06 23:36 94208 ---ha-w- c:\users\Brian Yokley\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt2]
    @="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}"
    [HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}]
    2010-10-06 23:36 94208 ---ha-w- c:\users\Brian Yokley\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt3]
    @="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}"
    [HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}]
    2010-10-06 23:36 94208 ---ha-w- c:\users\Brian Yokley\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "OEM04Mon.exe"="c:\windows\OEM04Mon.exe" [2007-06-10 36864]
    "GrooveMonitor"="c:\program files\Microsoft Office\Office12\GrooveMonitor.exe" [2008-10-25 31072]
    "McAfeeUpdaterUI"="c:\program files\McAfee\Common Framework\udaterui.exe" [2009-08-25 136512]
    "ShStatEXE"="c:\program files\McAfee\VirusScan Enterprise\SHSTAT.EXE" [2010-01-07 124240]
    "SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2011-04-08 254696]
    "TkBellExe"="c:\program files\real\realplayer\Update\realsched.exe" [2011-09-12 273528]
    "Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2012-01-04 37296]
    "Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2012-01-02 843712]
    "APSDaemon"="c:\program files\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2011-09-27 59240]
    "QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2011-10-24 421888]
    "Malwarebytes' Anti-Malware"="c:\program files\Malwarebytes' Anti-Malware\mbamgui.exe" [2012-01-13 460872]
    .
    c:\users\Brian Yokley\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
    OneNote 2007 Screen Clipper and Launcher.lnk - c:\program files\Microsoft Office\Office12\ONENOTEM.EXE [2009-2-26 97680]
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
    "ConsentPromptBehaviorAdmin"= 5 (0x5)
    "ConsentPromptBehaviorUser"= 3 (0x3)
    "EnableUIADesktopToggle"= 0 (0x0)
    "HideFastUserSwitching"= 1 (0x1)
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\McAfeeEngineService]
    @="Service"
    .
    R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]
    R3 easytether;easytether;c:\windows\system32\DRIVERS\easytthr.sys [x]
    R3 HtcUsbMdmV32;HTC Proprietary USB Driver;c:\windows\system32\DRIVERS\HtcUsbMdmV32.sys [2009-10-27 105984]
    R3 HtcVCom32;HTC Diagnostic Port;c:\windows\system32\DRIVERS\HtcVComV32.sys [2009-10-27 105984]
    R3 mferkdet;McAfee Inc. mferkdet;c:\windows\system32\drivers\mferkdet.sys [2010-01-07 66600]
    R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe [2010-07-16 1343400]
    S2 MBAMService;MBAMService;c:\program files\Malwarebytes' Anti-Malware\mbamservice.exe [2012-01-13 652360]
    S2 McAfeeEngineService;McAfee Engine Service;c:\program files\McAfee\VirusScan Enterprise\engineserver.exe [2010-01-07 22816]
    S2 mfevtp;McAfee Validation Trust Protection Service;c:\windows\system32\mfevtps.exe [2010-01-07 70728]
    S2 nlsX86cc;NLS Service;c:\windows\system32\NLSSRV32.EXE [2010-10-01 67904]
    S2 vpnagent;Cisco AnyConnect VPN Agent;c:\program files\Cisco\Cisco AnyConnect VPN Client\vpnagent.exe [2010-05-06 583360]
    S3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [2011-12-10 20464]
    S3 netw5v32;Intel(R) Wireless WiFi Link 5000 Series Adapter Driver for Windows Vista 32 Bit;c:\windows\system32\DRIVERS\netw5v32.sys [2009-07-13 4231168]
    S3 OEM04Vfx;Creative Camera OEM004 Video VFX Driver;c:\windows\system32\DRIVERS\OEM04Vfx.sys [2007-03-05 7424]
    S3 OEM04Vid;Creative Camera OEM004 Driver;c:\windows\system32\DRIVERS\OEM04Vid.sys [2007-10-10 234720]
    .
    .
    --- Other Services/Drivers In Memory ---
    .
    *NewlyCreated* - ASWMBR
    *Deregistered* - aswMBR
    .
    Contents of the 'Scheduled Tasks' folder
    .
    2012-02-01 c:\windows\Tasks\GlaryInitialize.job
    - c:\program files\Glary Utilities\initialize.exe [2010-12-12 15:47]
    .
    .
    ------- Supplementary Scan -------
    .
    uStart Page = hxxp://www.google.com/
    IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000
    Trusted Zone: duke.edu\portal
    TCP: DhcpNameServer = 192.168.1.1
    DPF: {55963676-2F5E-4BAF-AC28-CF26AA587566} - hxxps://portal.duke.edu/CACHE/stc/2/binaries/vpnweb.cab
    .
    - - - - ORPHANS REMOVED - - - -
    .
    HKCU-Run-HLBackupScheduler - c:\program files\Verizon V CAST Media Manager\V CAST Backup Scheduler.exe
    HKCU-Run-odFpWeGCGDBNMy.exe - c:\programdata\odFpWeGCGDBNMy.exe
    .
    .
    .
    --------------------- LOCKED REGISTRY KEYS ---------------------
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
    @Denied: (A) (Users)
    @Denied: (A) (Everyone)
    @Allowed: (B 1 2 3 4 5) (S-1-5-20)
    "BlindDial"=dword:00000000
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
    @Denied: (Full) (Everyone)
    .
    Completion time: 2012-02-01 14:18:04
    ComboFix-quarantined-files.txt 2012-02-01 19:18
    .
    Pre-Run: 109,366,644,736 bytes free
    Post-Run: 110,004,580,352 bytes free
    .
    - - End Of File - - 50AE41216593D79F6C12A37ADF6EB4F1
     
     
  12. Broni

    Broni Malware Annihilator Posts: 47,048   +256

    Good news :)

    Any current issues?

    Download OTL to your Desktop.

    • Double click on the icon to run it. Make sure all other windows are closed and to let it run uninterrupted.
    • Click the Scan All Users checkbox.
    • Under the Custom Scan box paste this in:


    netsvcs
    drivers32
    %SYSTEMDRIVE%\*.*
    %systemroot%\Fonts\*.com
    %systemroot%\Fonts\*.dll
    %systemroot%\Fonts\*.ini
    %systemroot%\Fonts\*.ini2
    %systemroot%\Fonts\*.exe
    %systemroot%\system32\spool\prtprocs\w32x86\*.*
    %systemroot%\REPAIR\*.bak1
    %systemroot%\REPAIR\*.ini
    %systemroot%\system32\*.jpg
    %systemroot%\*.jpg
    %systemroot%\*.png
    %systemroot%\*.scr
    %systemroot%\*._sy
    %APPDATA%\Adobe\Update\*.*
    %ALLUSERSPROFILE%\Favorites\*.*
    %APPDATA%\Microsoft\*.*
    %PROGRAMFILES%\*.*
    %APPDATA%\Update\*.*
    %systemroot%\*. /mp /s
    CREATERESTOREPOINT
    %systemroot%\System32\config\*.sav
    %PROGRAMFILES%\bak. /s
    %systemroot%\system32\bak. /s
    %ALLUSERSPROFILE%\Start Menu\*.lnk /x
    %systemroot%\system32\config\systemprofile\*.dat /x
    %systemroot%\*.config
    %systemroot%\system32\*.db
    %APPDATA%\Microsoft\Internet Explorer\Quick Launch\*.lnk /x
    %USERPROFILE%\Desktop\*.exe
    %PROGRAMFILES%\Common Files\*.*
    %systemroot%\*.src
    %systemroot%\install\*.*
    %systemroot%\system32\DLL\*.*
    %systemroot%\system32\HelpFiles\*.*
    %systemroot%\system32\rundll\*.*
    %systemroot%\winn32\*.*
    %systemroot%\Java\*.*
    %systemroot%\system32\test\*.*
    %systemroot%\system32\Rundll32\*.*
    %systemroot%\AppPatch\Custom\*.*
    %APPDATA%\Roaming\Microsoft\Windows\Recent\*.lnk /x
    %PROGRAMFILES%\PC-Doctor\Downloads\*.*
    %PROGRAMFILES%\Internet Explorer\*.tmp
    %PROGRAMFILES%\Internet Explorer\*.dat
    %USERPROFILE%\My Documents\*.exe
    %USERPROFILE%\*.exe
    %systemroot%\ADDINS\*.*
    %systemroot%\assembly\*.bak2
    %systemroot%\Config\*.*
    %systemroot%\REPAIR\*.bak2
    %systemroot%\SECURITY\Database\*.sdb /x
    %systemroot%\SYSTEM\*.bak2
    %systemroot%\Web\*.bak2
    %systemroot%\Driver Cache\*.*
    %PROGRAMFILES%\Mozilla Firefox\0*.exe
    %ProgramFiles%\Microsoft Common\*.*
    %ProgramFiles%\TinyProxy.
    %USERPROFILE%\Favorites\*.url /x
    %systemroot%\system32\*.bk
    %systemroot%\*.te
    %systemroot%\system32\system32\*.*
    %ALLUSERSPROFILE%\*.dat /x
    %systemroot%\system32\drivers\*.rmv
    dir /b "%systemroot%\system32\*.exe" | find /i " " /c
    dir /b "%systemroot%\*.exe" | find /i " " /c
    %PROGRAMFILES%\Microsoft\*.*
    %systemroot%\System32\Wbem\proquota.exe
    %PROGRAMFILES%\Mozilla Firefox\*.dat
    %USERPROFILE%\Cookies\*.txt /x
    %SystemRoot%\system32\fonts\*.*
    %systemroot%\system32\winlog\*.*
    %systemroot%\system32\Language\*.*
    %systemroot%\system32\Settings\*.*
    %systemroot%\system32\*.quo
    %SYSTEMROOT%\AppPatch\*.exe
    %SYSTEMROOT%\inf\*.exe
    %SYSTEMROOT%\Installer\*.exe
    %systemroot%\system32\config\*.bak2
    %systemroot%\system32\Computers\*.*
    %SystemRoot%\system32\Sound\*.*
    %SystemRoot%\system32\SpecialImg\*.*
    %SystemRoot%\system32\code\*.*
    %SystemRoot%\system32\draft\*.*
    %SystemRoot%\system32\MSSSys\*.*
    %ProgramFiles%\Javascript\*.*
    %systemroot%\pchealth\helpctr\System\*.exe /s
    %systemroot%\Web\*.exe
    %systemroot%\system32\msn\*.*
    %systemroot%\system32\*.tro
    %AppData%\Microsoft\Installer\msupdates\*.*
    %ProgramFiles%\Messenger\*.*
    %systemroot%\system32\systhem32\*.*
    %systemroot%\system\*.exe
    HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate\AU
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\Auto Update\Results\Install|LastSuccessTime /rs
    /md5start
    /md5stop


    • Click the Quick Scan button. Do not change any settings unless otherwise told to do so. The scan wont take long.
    • When the scan completes, it will open two notepad windows: OTL.txt and Extras.txt. These are saved in the same location as OTL.
    • Please copy (Edit->Select All, Edit->Copy) the contents of these files, one at a time, and post them back here.
     
  13. byokley

    byokley TS Rookie Topic Starter

    OTL:

    OTL logfile created on: 2/1/2012 2:59:38 PM - Run 1
    OTL by OldTimer - Version 3.2.31.0 Folder = C:\Users\Brian Yokley\Desktop
    Professional (Version = 6.1.7600) - Type = NTWorkstation
    Internet Explorer (Version = 8.0.7600.16385)
    Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

    3.50 Gb Total Physical Memory | 2.37 Gb Available Physical Memory | 67.64% Memory free
    6.99 Gb Paging File | 5.99 Gb Available in Paging File | 85.66% Paging File free
    Paging file location(s): ?:\pagefile.sys [binary data]

    %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
    Drive C: | 168.76 Gb Total Space | 102.50 Gb Free Space | 60.74% Space Free | Partition Type: NTFS
    Drive D: | 15.00 Gb Total Space | 9.52 Gb Free Space | 63.46% Space Free | Partition Type: NTFS

    Computer Name: BRIANYOKLEY-PC | User Name: Brian Yokley | Logged in as Administrator.
    Boot Mode: Normal | Scan Mode: All users | Quick Scan
    Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

    ========== Processes (SafeList) ==========

    PRC - [2012/02/01 14:58:19 | 000,584,192 | ---- | M] (OldTimer Tools) -- C:\Users\Brian Yokley\Desktop\OTL.exe
    PRC - [2012/01/13 14:53:18 | 000,652,360 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe
    PRC - [2011/09/12 15:55:39 | 000,273,528 | ---- | M] (RealNetworks, Inc.) -- C:\Program Files\real\realplayer\Update\realsched.exe
    PRC - [2011/07/15 23:31:12 | 000,271,360 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\conhost.exe
    PRC - [2011/02/26 00:33:07 | 002,614,784 | ---- | M] (Microsoft Corporation) -- C:\Windows\explorer.exe
    PRC - [2010/10/01 01:52:50 | 000,067,904 | ---- | M] (Nalpeiron Ltd.) -- C:\Windows\System32\NLSSRV32.EXE
    PRC - [2010/05/05 20:59:38 | 000,583,360 | ---- | M] (Cisco Systems, Inc.) -- C:\Program Files\Cisco\Cisco AnyConnect VPN Client\vpnagent.exe
    PRC - [2010/01/06 19:07:00 | 000,147,472 | ---- | M] (McAfee, Inc.) -- C:\Program Files\McAfee\VirusScan Enterprise\mcshield.exe
    PRC - [2010/01/06 19:07:00 | 000,124,240 | ---- | M] (McAfee, Inc.) -- C:\Program Files\McAfee\VirusScan Enterprise\shstat.exe
    PRC - [2010/01/06 19:07:00 | 000,070,728 | ---- | M] (McAfee, Inc.) -- C:\Windows\System32\mfevtps.exe
    PRC - [2010/01/06 19:07:00 | 000,066,896 | ---- | M] (McAfee, Inc.) -- C:\Program Files\McAfee\VirusScan Enterprise\vstskmgr.exe
    PRC - [2010/01/06 19:07:00 | 000,027,960 | ---- | M] (McAfee, Inc.) -- C:\Program Files\McAfee\VirusScan Enterprise\mfeann.exe
    PRC - [2010/01/06 19:07:00 | 000,022,816 | ---- | M] (McAfee, Inc.) -- C:\Program Files\McAfee\VirusScan Enterprise\engineserver.exe
    PRC - [2009/08/25 15:00:00 | 000,226,624 | ---- | M] (McAfee, Inc.) -- C:\Program Files\McAfee\Common Framework\naPrdMgr.exe
    PRC - [2009/08/25 15:00:00 | 000,136,512 | ---- | M] (McAfee, Inc.) -- C:\Program Files\McAfee\Common Framework\UdaterUI.exe
    PRC - [2009/08/25 15:00:00 | 000,103,744 | ---- | M] (McAfee, Inc.) -- C:\Program Files\McAfee\Common Framework\FrameworkService.exe
    PRC - [2009/08/25 15:00:00 | 000,091,456 | ---- | M] (McAfee, Inc.) -- C:\Program Files\McAfee\Common Framework\McTray.exe
    PRC - [2009/07/13 20:14:42 | 000,049,152 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\taskhost.exe
    PRC - [2007/06/10 16:01:00 | 000,036,864 | ---- | M] (Creative Technology Ltd.) -- C:\Windows\OEM04Mon.exe


    ========== Modules (No Company Name) ==========

    MOD - [2011/09/27 07:23:00 | 000,087,912 | ---- | M] () -- C:\Program Files\Common Files\Apple\Apple Application Support\zlib1.dll
    MOD - [2011/09/27 07:22:40 | 001,242,472 | ---- | M] () -- C:\Program Files\Common Files\Apple\Apple Application Support\libxml2.dll
    MOD - [2005/08/22 15:38:16 | 003,264,512 | ---- | M] () -- C:\Program Files\McAfee\Common Framework\cryptocme2.dll


    ========== Win32 Services (SafeList) ==========

    SRV - [2012/01/13 14:53:18 | 000,652,360 | ---- | M] (Malwarebytes Corporation) [Auto | Running] -- C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe -- (MBAMService)
    SRV - [2010/10/01 01:52:50 | 000,067,904 | ---- | M] (Nalpeiron Ltd.) [Auto | Running] -- C:\Windows\System32\NLSSRV32.EXE -- (nlsX86cc)
    SRV - [2010/07/16 12:00:22 | 001,343,400 | ---- | M] (Microsoft Corporation) [Unknown | Stopped] -- C:\Windows\System32\Wat\WatAdminSvc.exe -- (WatAdminSvc)
    SRV - [2010/05/05 20:59:38 | 000,583,360 | ---- | M] (Cisco Systems, Inc.) [Auto | Running] -- C:\Program Files\Cisco\Cisco AnyConnect VPN Client\vpnagent.exe -- (vpnagent)
    SRV - [2010/01/06 19:07:00 | 000,147,472 | ---- | M] (McAfee, Inc.) [Auto | Paused] -- C:\Program Files\McAfee\VirusScan Enterprise\mcshield.exe -- (McShield)
    SRV - [2010/01/06 19:07:00 | 000,070,728 | ---- | M] (McAfee, Inc.) [Unknown | Running] -- C:\Windows\System32\mfevtps.exe -- (mfevtp)
    SRV - [2010/01/06 19:07:00 | 000,066,896 | ---- | M] (McAfee, Inc.) [Auto | Running] -- C:\Program Files\McAfee\VirusScan Enterprise\vstskmgr.exe -- (McTaskManager)
    SRV - [2010/01/06 19:07:00 | 000,022,816 | ---- | M] (McAfee, Inc.) [Auto | Running] -- C:\Program Files\McAfee\VirusScan Enterprise\engineserver.exe -- (McAfeeEngineService)
    SRV - [2009/08/25 15:00:00 | 000,103,744 | ---- | M] (McAfee, Inc.) [Auto | Running] -- C:\Program Files\McAfee\Common Framework\FrameworkService.exe -- (McAfeeFramework)
    SRV - [2009/07/13 20:16:15 | 000,016,384 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\StorSvc.dll -- (StorSvc)
    SRV - [2009/07/13 20:16:13 | 000,025,088 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\sensrsvc.dll -- (SensrSvc)
    SRV - [2009/07/13 20:16:12 | 001,004,544 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\PeerDistSvc.dll -- (PeerDistSvc)
    SRV - [2009/07/13 20:15:41 | 000,680,960 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)


    ========== Driver Services (SafeList) ==========

    DRV - [2011/12/10 15:24:06 | 000,020,464 | ---- | M] (Malwarebytes Corporation) [File_System | On_Demand | Running] -- C:\Windows\System32\drivers\mbam.sys -- (MBAMProtector)
    DRV - [2010/05/05 20:46:36 | 000,019,680 | ---- | M] (Cisco Systems, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\vpnva.sys -- (vpnva)
    DRV - [2010/01/06 19:07:00 | 000,343,920 | ---- | M] (McAfee, Inc.) [Kernel | Boot | Running] -- C:\Windows\system32\drivers\mfehidk.sys -- (mfehidk)
    DRV - [2010/01/06 19:07:00 | 000,091,832 | ---- | M] (McAfee, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\mfeavfk.sys -- (mfeavfk)
    DRV - [2010/01/06 19:07:00 | 000,075,704 | ---- | M] (McAfee, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\mfeapfk.sys -- (mfeapfk)
    DRV - [2010/01/06 19:07:00 | 000,066,600 | ---- | M] (McAfee, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\mferkdet.sys -- (mferkdet)
    DRV - [2010/01/06 19:07:00 | 000,064,208 | ---- | M] (McAfee, Inc.) [Kernel | System | Running] -- C:\Windows\System32\drivers\mfetdik.sys -- (mfetdik)
    DRV - [2010/01/06 19:07:00 | 000,043,288 | ---- | M] (McAfee, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\mfebopk.sys -- (mfebopk)
    DRV - [2009/10/26 19:01:06 | 000,105,984 | ---- | M] (QUALCOMM Incorporated) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\HtcVComV32.sys -- (HtcVCom32)
    DRV - [2009/10/26 19:01:06 | 000,105,984 | ---- | M] (QUALCOMM Incorporated) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\HtcUsbMdmV32.sys -- (HtcUsbMdmV32)
    DRV - [2009/07/13 20:19:10 | 000,175,824 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\vmbus.sys -- (vmbus)
    DRV - [2009/07/13 20:19:10 | 000,040,896 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\system32\DRIVERS\vmstorfl.sys -- (storflt)
    DRV - [2009/07/13 20:19:10 | 000,028,224 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\storvsc.sys -- (storvsc)
    DRV - [2009/07/13 18:51:11 | 000,034,944 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\winusb.sys -- (WinUsb)
    DRV - [2009/07/13 18:28:47 | 000,005,632 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\vms3cap.sys -- (s3cap)
    DRV - [2009/07/13 18:28:45 | 000,017,920 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\VMBusHID.sys -- (VMBusHID)
    DRV - [2009/07/13 17:02:51 | 004,231,168 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\netw5v32.sys -- (netw5v32) Intel(R)
    DRV - [2007/10/10 16:01:00 | 000,234,720 | ---- | M] (Creative Technology Ltd.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\OEM04Vid.sys -- (OEM04Vid)
    DRV - [2007/03/05 09:45:04 | 000,007,424 | ---- | M] (EyePower Games Pte. Ltd.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\OEM04Vfx.sys -- (OEM04Vfx)
    DRV - [2006/11/14 16:35:20 | 000,037,376 | ---- | M] (REDC) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\rixdptsk.sys -- (rismxdp)


    ========== Standard Registry (SafeList) ==========


    ========== Internet Explorer ==========



    IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

    IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0



    IE - HKU\S-1-5-21-3546445678-3021338262-797944043-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.com/
    IE - HKU\S-1-5-21-3546445678-3021338262-797944043-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = en-us
    IE - HKU\S-1-5-21-3546445678-3021338262-797944043-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 19 36 17 CC D6 22 CB 01 [binary data]
    IE - HKU\S-1-5-21-3546445678-3021338262-797944043-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

    FF - HKLM\Software\MozillaPlugins\@adobe.com/ShockwavePlayer: C:\Windows\system32\Adobe\Director\np32dsw.dll (Adobe Systems, Inc.)
    FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.)
    FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
    FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\4.0.60831.0\npctrl.dll ( Microsoft Corporation)
    FF - HKLM\Software\MozillaPlugins\@real.com/nppl3260;version=12.0.1.666: c:\program files\real\realplayer\Netscape6\nppl3260.dll (RealNetworks, Inc.)
    FF - HKLM\Software\MozillaPlugins\@real.com/nprjplug;version=12.0.1.666: c:\program files\real\realplayer\Netscape6\nprjplug.dll (RealNetworks, Inc.)
    FF - HKLM\Software\MozillaPlugins\@real.com/nprpchromebrowserrecordext;version=12.0.1.666: C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprpchromebrowserrecordext.dll (RealNetworks, Inc.)
    FF - HKLM\Software\MozillaPlugins\@real.com/nprphtml5videoshim;version=12.0.1.666: C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprphtml5videoshim.dll (RealNetworks, Inc.)
    FF - HKLM\Software\MozillaPlugins\@real.com/nprpjplug;version=12.0.1.666: c:\program files\real\realplayer\Netscape6\nprpjplug.dll (RealNetworks, Inc.)
    FF - HKLM\Software\MozillaPlugins\@real.com/nsJSRealPlayerPlugin;version=: File not found
    FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files\Adobe\Reader 9.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)

    FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{ABDE892B-13A8-4d1b-88E6-365A6E755758}: C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\Firefox\Ext [2011/09/12 15:56:29 | 000,000,000 | ---D | M]


    O1 HOSTS File: ([2012/02/01 14:14:58 | 000,000,027 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts
    O1 - Hosts: 127.0.0.1 localhost
    O2 - BHO: (RealPlayer Download and Record Plugin for Internet Explorer) - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\IE\rpbrowserrecordplugin.dll (RealPlayer)
    O2 - BHO: (scriptproxy) - {7DB2D5A0-7241-4E79-B68D-6309F01C5231} - C:\Program Files\McAfee\VirusScan Enterprise\scriptsn.dll (McAfee, Inc.)
    O2 - BHO: (WinZip Courier BHO) - {A8FB70FA-0FDF-4601-9DC4-BFA1B357204F} - C:\Program Files\WinZip Courier\wzwmcie.dll (WinZip Computing, S.L.)
    O4 - HKLM..\Run: [APSDaemon] C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe (Apple Inc.)
    O4 - HKLM..\Run: [Malwarebytes' Anti-Malware] C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe (Malwarebytes Corporation)
    O4 - HKLM..\Run: [McAfeeUpdaterUI] C:\Program Files\McAfee\Common Framework\udaterui.exe (McAfee, Inc.)
    O4 - HKLM..\Run: [OEM04Mon.exe] C:\Windows\OEM04Mon.exe (Creative Technology Ltd.)
    O4 - HKLM..\Run: [ShStatEXE] C:\Program Files\McAfee\VirusScan Enterprise\SHSTAT.EXE (McAfee, Inc.)
    O4 - HKLM..\Run: [TkBellExe] c:\program files\real\realplayer\Update\realsched.exe (RealNetworks, Inc.)
    O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
    O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
    O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
    O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
    O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: DisableCAD = 0
    O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: HideFastUserSwitching = 1
    O7 - HKU\.DEFAULT\Software\Policies\Microsoft\Internet Explorer\Control Panel present
    O7 - HKU\S-1-5-18\Software\Policies\Microsoft\Internet Explorer\Control Panel present
    O7 - HKU\S-1-5-19\Software\Policies\Microsoft\Internet Explorer\Control Panel present
    O7 - HKU\S-1-5-20\Software\Policies\Microsoft\Internet Explorer\Control Panel present
    O7 - HKU\S-1-5-21-3546445678-3021338262-797944043-1000\Software\Policies\Microsoft\Internet Explorer\Control Panel present
    O7 - HKU\S-1-5-21-3546445678-3021338262-797944043-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
    O15 - HKU\S-1-5-21-3546445678-3021338262-797944043-1000\..Trusted Domains: duke.edu ([portal] https in Trusted sites)
    O16 - DPF: {02BCC737-B171-4746-94C9-0D8A0B2C0089} http://office.microsoft.com/sites/production/ieawsdc32.cab (Microsoft Office Template and Media Control)
    O16 - DPF: {036F8A56-0BC8-4607-8F98-D3231E6FF5ED} http://centra.fuqua.duke.edu/SiteRoots/main/Install/win32/CentraUpdaterAx.cab (CentraUpdaterAxCtl Class)
    O16 - DPF: {166B1BCA-3F9C-11CF-8075-444553540000} http://download.macromedia.com/pub/shockwave/cabs/director/sw.cab (Shockwave ActiveX Control)
    O16 - DPF: {233C1507-6A77-46A4-9443-F871F945D258} http://download.macromedia.com/pub/shockwave/cabs/director/sw.cab (Shockwave ActiveX Control)
    O16 - DPF: {55963676-2F5E-4BAF-AC28-CF26AA587566} https://portal.duke.edu/CACHE/stc/2/binaries/vpnweb.cab (Cisco AnyConnect VPN Client Web Control)
    O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab (Java Plug-in 1.6.0_26)
    O16 - DPF: {CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab (Java Plug-in 1.6.0_26)
    O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab (Java Plug-in 1.6.0_26)
    O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab (Shockwave Flash Object)
    O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab (Reg Error: Key error.)
    O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.1
    O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{1F851DBD-1A20-430F-A326-6878A46614E7}: DhcpNameServer = 192.168.1.1
    O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{FAD3CB6B-AF67-4071-A15A-E998242FAC75}: DhcpNameServer = 172.20.72.47
    O20 - HKLM Winlogon: Shell - (Explorer.exe) -C:\Windows\explorer.exe (Microsoft Corporation)
    O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) -C:\Windows\System32\userinit.exe (Microsoft Corporation)
    O20 - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) -C:\Windows\System32\SystemPropertiesPerformance.exe (Microsoft Corporation)
    O20 - HKLM Winlogon: VMApplet - (/pagefile) - File not found
    O32 - HKLM CDRom: AutoRun - 1
    O32 - AutoRun File - [2009/06/10 16:42:20 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
    O34 - HKLM BootExecute: (autocheck autochk *)
    O35 - HKLM\..comfile [open] -- "%1" %*
    O35 - HKLM\..exefile [open] -- "%1" %*
    O37 - HKLM\...com [@ = ComFile] -- "%1" %*
    O37 - HKLM\...exe [@ = exefile] -- "%1" %*

    NetSvcs: FastUserSwitchingCompatibility - File not found
    NetSvcs: Ias - C:\Windows\System32\ias.dll (Microsoft Corporation)
    NetSvcs: Nla - File not found
    NetSvcs: Ntmssvc - File not found
    NetSvcs: NWCWorkstation - File not found
    NetSvcs: Nwsapagent - File not found
    NetSvcs: SRService - File not found
    NetSvcs: WmdmPmSp - File not found
    NetSvcs: LogonHours - File not found
    NetSvcs: PCAudit - File not found
    NetSvcs: helpsvc - File not found
    NetSvcs: uploadmgr - File not found

    Drivers32: msacm.l3acm - C:\Windows\System32\l3codeca.acm (Fraunhofer Institut Integrierte Schaltungen IIS)
    Drivers32: MSVideo8 - C:\Windows\System32\vfwwdm32.dll (Microsoft Corporation)
    Drivers32: vidc.cvid - C:\Windows\System32\iccvid.dll (Radius Inc.)

    CREATERESTOREPOINT
    Restore point Set: OTL Restore Point

    ========== Files/Folders - Created Within 30 Days ==========

    [2012/02/01 14:57:47 | 000,584,192 | ---- | C] (OldTimer Tools) -- C:\Users\Brian Yokley\Desktop\OTL.exe
    [2012/02/01 14:18:14 | 000,000,000 | -HSD | C] -- C:\$RECYCLE.BIN
    [2012/02/01 14:12:02 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\avast! Free Antivirus
    [2012/02/01 14:07:52 | 000,518,144 | ---- | C] (SteelWerX) -- C:\Windows\SWREG.exe
    [2012/02/01 14:07:52 | 000,406,528 | ---- | C] (SteelWerX) -- C:\Windows\SWSC.exe
    [2012/02/01 14:07:52 | 000,060,416 | ---- | C] (NirSoft) -- C:\Windows\NIRCMD.exe
    [2012/02/01 14:07:43 | 000,000,000 | ---D | C] -- C:\Windows\ERDNT
    [2012/02/01 14:07:34 | 000,000,000 | ---D | C] -- C:\Qoobox
    [2012/02/01 14:06:32 | 004,394,330 | R--- | C] (Swearware) -- C:\Users\Brian Yokley\Desktop\ComboFix.exe
    [2012/02/01 13:32:21 | 004,733,440 | ---- | C] (AVAST Software) -- C:\Users\Brian Yokley\Desktop\aswMBR.exe
    [2012/02/01 12:56:38 | 002,059,312 | ---- | C] (Kaspersky Lab ZAO) -- C:\Users\Brian Yokley\Desktop\tdsskiller.exe
    [2012/01/31 23:58:22 | 000,000,000 | ---D | C] -- C:\Users\Brian Yokley\AppData\Roaming\Malwarebytes
    [2012/01/31 23:58:12 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware
    [2012/01/31 23:58:07 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes
    [2012/01/31 23:58:04 | 000,020,464 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbam.sys
    [2012/01/31 23:58:03 | 000,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware
    [2012/01/31 23:53:20 | 000,607,260 | R--- | C] (Swearware) -- C:\Users\Brian Yokley\Desktop\dds.scr
    [2012/01/31 23:52:22 | 000,000,000 | ---D | C] -- C:\ProgramData\AVAST Software
    [2012/01/31 23:52:22 | 000,000,000 | ---D | C] -- C:\Program Files\AVAST Software
    [2012/01/31 23:51:58 | 009,502,424 | ---- | C] (Malwarebytes Corporation ) -- C:\Users\Brian Yokley\Desktop\mbam-setup-1.60.1.1000.exe
    [2012/01/31 08:33:38 | 000,000,000 | ---D | C] -- C:\42d5e9fedad7946d00744b
    [2012/01/31 08:25:52 | 000,000,000 | ---D | C] -- C:\6bea877153165f3ad17b86b1
    [2012/01/30 13:03:05 | 000,000,000 | ---D | C] -- C:\5a87b4e619f351e05fd5de
    [2012/01/27 11:37:00 | 000,000,000 | ---D | C] -- C:\3bddb1734610e4117feb8d5b
    [2012/01/26 13:30:16 | 000,000,000 | ---D | C] -- C:\23b9abdeb3bc23e759979e90
    [2012/01/25 23:30:16 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\QuickTime
    [2012/01/25 23:29:12 | 000,000,000 | ---D | C] -- C:\Program Files\QuickTime
    [2012/01/25 23:29:12 | 000,000,000 | ---D | C] -- C:\ProgramData\Apple Computer
    [2012/01/25 23:27:48 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Apple
    [2012/01/25 23:27:30 | 000,000,000 | ---D | C] -- C:\Program Files\Apple Software Update
    [2012/01/25 11:32:59 | 000,000,000 | ---D | C] -- C:\99fc4c09caa172c224bd
    [2012/01/24 10:25:38 | 000,000,000 | ---D | C] -- C:\9f1d6f2f1d2153ace8cb33bfbca97c07
    [2012/01/23 23:29:26 | 000,000,000 | ---D | C] -- C:\Users\Brian Yokley\Desktop\2012 Spring 1
    [2012/01/23 13:32:46 | 000,000,000 | ---D | C] -- C:\a9461e9bf2498b5fd197
    [2012/01/19 15:54:47 | 000,000,000 | ---D | C] -- C:\f16f15f3dcf2c945c51b
    [2012/01/18 08:54:05 | 000,000,000 | ---D | C] -- C:\bdf131dbe0005a936de58e90f856
    [2012/01/17 19:29:43 | 000,000,000 | ---D | C] -- C:\Windows\System32\SPReview
    [2012/01/17 16:28:45 | 000,000,000 | ---D | C] -- C:\Program Files\Adobe
    [2012/01/17 16:25:17 | 000,000,000 | ---D | C] -- C:\Users\Brian Yokley\Desktop\G-Town
    [2012/01/17 15:56:49 | 000,000,000 | ---D | C] -- C:\a1be0fc31e6d6654d64e
    [2012/01/11 20:13:39 | 000,000,000 | ---D | C] -- C:\1284a7f9e1730e7736b1e7
    [2012/01/07 10:56:37 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Airtel
    [2012/01/07 10:53:47 | 000,000,000 | ---D | C] -- C:\Program Files\Micromax
    [3 C:\Users\Brian Yokley\Desktop\*.tmp files -> C:\Users\Brian Yokley\Desktop\*.tmp -> ]
    [1 C:\Users\Brian Yokley\*.tmp files -> C:\Users\Brian Yokley\*.tmp -> ]

    ========== Files - Modified Within 30 Days ==========

    [2012/02/01 14:58:19 | 000,584,192 | ---- | M] (OldTimer Tools) -- C:\Users\Brian Yokley\Desktop\OTL.exe
    [2012/02/01 14:14:58 | 000,000,027 | ---- | M] () -- C:\Windows\System32\drivers\etc\hosts
    [2012/02/01 14:07:12 | 004,394,330 | R--- | M] (Swearware) -- C:\Users\Brian Yokley\Desktop\ComboFix.exe
    [2012/02/01 13:56:21 | 000,044,607 | ---- | M] () -- C:\Users\Brian Yokley\Desktop\bootkit_remover.zip
    [2012/02/01 13:55:31 | 000,000,512 | ---- | M] () -- C:\Users\Brian Yokley\Desktop\MBR.dat
    [2012/02/01 13:35:29 | 000,012,096 | ---- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
    [2012/02/01 13:35:29 | 000,012,096 | ---- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
    [2012/02/01 13:32:42 | 004,733,440 | ---- | M] (AVAST Software) -- C:\Users\Brian Yokley\Desktop\aswMBR.exe
    [2012/02/01 13:27:11 | 000,000,326 | ---- | M] () -- C:\Windows\tasks\GlaryInitialize.job
    [2012/02/01 13:26:54 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
    [2012/02/01 13:26:50 | 2817,032,192 | -HS- | M] () -- C:\hiberfil.sys
    [2012/02/01 12:56:54 | 002,059,312 | ---- | M] (Kaspersky Lab ZAO) -- C:\Users\Brian Yokley\Desktop\tdsskiller.exe
    [2012/02/01 00:35:17 | 000,607,260 | R--- | M] (Swearware) -- C:\Users\Brian Yokley\Desktop\dds.scr
    [2012/02/01 00:29:36 | 000,302,592 | ---- | M] () -- C:\Users\Brian Yokley\Desktop\g8mqqnd1.exe
    [2012/01/31 23:58:12 | 000,001,029 | ---- | M] () -- C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
    [2012/01/31 23:53:45 | 000,001,956 | ---- | M] () -- C:\Users\Public\Desktop\avast! Free Antivirus.lnk
    [2012/01/31 23:53:35 | 000,002,577 | ---- | M] () -- C:\Windows\System32\config.nt
    [2012/01/31 23:53:04 | 000,302,592 | ---- | M] () -- C:\Users\Brian Yokley\Desktop\p9kn6gpm.exe
    [2012/01/31 23:52:01 | 009,502,424 | ---- | M] (Malwarebytes Corporation ) -- C:\Users\Brian Yokley\Desktop\mbam-setup-1.60.1.1000.exe
    [2012/01/31 23:51:36 | 064,207,032 | ---- | M] () -- C:\Users\Brian Yokley\Desktop\setup_av_free.exe
    [2012/01/31 23:40:44 | 002,040,508 | ---- | M] () -- C:\Users\Brian Yokley\Desktop\tdsskiller.zip
    [2012/01/31 17:04:10 | 000,000,679 | ---- | M] () -- C:\Users\Brian Yokley\Application Data\Microsoft\Internet Explorer\Quick Launch\System Check.lnk
    [2012/01/18 20:19:24 | 000,620,036 | ---- | M] () -- C:\Windows\System32\perfh009.dat
    [2012/01/18 20:19:24 | 000,104,578 | ---- | M] () -- C:\Windows\System32\perfc009.dat
    [3 C:\Users\Brian Yokley\Desktop\*.tmp files -> C:\Users\Brian Yokley\Desktop\*.tmp -> ]
    [1 C:\Users\Brian Yokley\*.tmp files -> C:\Users\Brian Yokley\*.tmp -> ]

    ========== Files Created - No Company Name ==========

    [2012/02/01 14:11:59 | 000,001,515 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows Media Player.lnk
    [2012/02/01 14:11:59 | 000,001,246 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\XPS Viewer.lnk
    [2012/02/01 14:11:59 | 000,001,210 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows Fax and Scan.lnk
    [2012/02/01 14:11:58 | 000,002,519 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Apple Software Update.lnk
    [2012/02/01 14:11:58 | 000,002,441 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Reader 9.lnk
    [2012/02/01 14:11:58 | 000,001,345 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Media Center.lnk
    [2012/02/01 14:11:58 | 000,001,330 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Sidebar.lnk
    [2012/02/01 14:11:58 | 000,001,326 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows DVD Maker.lnk
    [2012/02/01 14:11:57 | 000,001,956 | ---- | C] () -- C:\Users\Public\Desktop\avast! Free Antivirus.lnk
    [2012/02/01 14:11:57 | 000,001,029 | ---- | C] () -- C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
    [2012/02/01 14:07:52 | 000,256,000 | ---- | C] () -- C:\Windows\PEV.exe
    [2012/02/01 14:07:52 | 000,208,896 | ---- | C] () -- C:\Windows\MBR.exe
    [2012/02/01 14:07:52 | 000,098,816 | ---- | C] () -- C:\Windows\sed.exe
    [2012/02/01 14:07:52 | 000,080,412 | ---- | C] () -- C:\Windows\grep.exe
    [2012/02/01 14:07:52 | 000,068,096 | ---- | C] () -- C:\Windows\zip.exe
    [2012/02/01 13:34:33 | 000,000,512 | ---- | C] () -- C:\Users\Brian Yokley\Desktop\MBR.dat
    [2012/02/01 13:32:34 | 000,044,607 | ---- | C] () -- C:\Users\Brian Yokley\Desktop\bootkit_remover.zip
    [2012/02/01 00:29:24 | 000,302,592 | ---- | C] () -- C:\Users\Brian Yokley\Desktop\g8mqqnd1.exe
    [2012/01/31 23:52:55 | 000,302,592 | ---- | C] () -- C:\Users\Brian Yokley\Desktop\p9kn6gpm.exe
    [2012/01/31 23:51:30 | 064,207,032 | ---- | C] () -- C:\Users\Brian Yokley\Desktop\setup_av_free.exe
    [2012/01/31 23:40:37 | 002,040,508 | ---- | C] () -- C:\Users\Brian Yokley\Desktop\tdsskiller.zip
    [2012/01/31 17:04:10 | 000,000,679 | ---- | C] () -- C:\Users\Brian Yokley\Application Data\Microsoft\Internet Explorer\Quick Launch\System Check.lnk
    [2011/04/12 22:46:22 | 000,008,192 | ---- | C] () -- C:\Users\Brian Yokley\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
    [2011/04/07 19:33:53 | 000,007,598 | ---- | C] () -- C:\Users\Brian Yokley\AppData\Local\Resmon.ResmonCfg
    [2011/01/07 19:55:50 | 000,000,248 | ---- | C] () -- C:\Windows\FaceFun.INI
    [2009/09/16 16:27:58 | 000,508,224 | ---- | C] () -- C:\Windows\System32\ICCProfiles.dll
    [2009/08/03 14:07:42 | 000,403,816 | ---- | C] () -- C:\Windows\System32\OGACheckControl.dll
    [2009/08/03 14:07:42 | 000,230,768 | ---- | C] () -- C:\Windows\System32\OGAEXEC.exe
    [2009/07/13 23:57:37 | 000,067,584 | --S- | C] () -- C:\Windows\bootstat.dat
    [2009/07/13 23:33:53 | 000,409,752 | ---- | C] () -- C:\Windows\System32\FNTCACHE.DAT
    [2009/07/13 21:05:48 | 000,620,036 | ---- | C] () -- C:\Windows\System32\perfh009.dat
    [2009/07/13 21:05:48 | 000,291,294 | ---- | C] () -- C:\Windows\System32\perfi009.dat
    [2009/07/13 21:05:48 | 000,104,578 | ---- | C] () -- C:\Windows\System32\perfc009.dat
    [2009/07/13 21:05:48 | 000,031,548 | ---- | C] () -- C:\Windows\System32\perfd009.dat
    [2009/07/13 21:05:05 | 000,000,741 | ---- | C] () -- C:\Windows\System32\NOISE.DAT
    [2009/07/13 21:04:11 | 000,215,943 | ---- | C] () -- C:\Windows\System32\dssec.dat
    [2009/07/13 19:19:49 | 000,066,048 | ---- | C] () -- C:\Windows\System32\PrintBrmUi.exe
    [2009/07/13 18:55:01 | 000,043,131 | ---- | C] () -- C:\Windows\mib.bin
    [2009/07/13 18:51:43 | 000,073,728 | ---- | C] () -- C:\Windows\System32\BthpanContextHandler.dll
    [2009/07/13 18:42:10 | 000,064,000 | ---- | C] () -- C:\Windows\System32\BWContextHandler.dll
    [2009/06/10 16:26:10 | 000,673,088 | ---- | C] () -- C:\Windows\System32\mlang.dat
    [2005/05/06 18:06:00 | 000,016,480 | ---- | C] () -- C:\Windows\System32\rixdicon.dll

    ========== LOP Check ==========

    [2012/01/17 15:58:31 | 000,000,000 | ---D | M] -- C:\Users\Brian Yokley\AppData\Roaming\Amazon
    [2011/01/14 19:07:06 | 000,000,000 | ---D | M] -- C:\Users\Brian Yokley\AppData\Roaming\BitTorrent
    [2010/11/07 17:37:19 | 000,000,000 | ---D | M] -- C:\Users\Brian Yokley\AppData\Roaming\Centra
    [2010/10/22 15:08:39 | 000,000,000 | ---D | M] -- C:\Users\Brian Yokley\AppData\Roaming\Downloaded Installations
    [2011/12/06 18:06:34 | 000,000,000 | ---D | M] -- C:\Users\Brian Yokley\AppData\Roaming\Dropbox
    [2010/11/16 16:44:41 | 000,000,000 | ---D | M] -- C:\Users\Brian Yokley\AppData\Roaming\EndNote
    [2011/01/17 13:07:09 | 000,000,000 | ---D | M] -- C:\Users\Brian Yokley\AppData\Roaming\FrostWire
    [2010/12/05 15:39:51 | 000,000,000 | ---D | M] -- C:\Users\Brian Yokley\AppData\Roaming\gtk-2.0
    [2010/10/22 15:18:46 | 000,000,000 | ---D | M] -- C:\Users\Brian Yokley\AppData\Roaming\Nitro PDF
    [2010/11/01 17:22:48 | 000,000,000 | ---D | M] -- C:\Users\Brian Yokley\AppData\Roaming\Registry Mechanic
    [2011/03/23 13:13:22 | 000,000,000 | ---D | M] -- C:\Users\Brian Yokley\AppData\Roaming\TravelerSafe
    [2012/02/01 13:27:11 | 000,000,326 | ---- | M] () -- C:\Windows\Tasks\GlaryInitialize.job
    [2011/10/24 22:07:25 | 000,032,644 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT

    ========== Purity Check ==========



    ========== Custom Scans ==========


    < %SYSTEMDRIVE%\*.* >
    [2009/06/10 16:42:20 | 000,000,024 | ---- | M] () -- C:\autoexec.bat
    [2009/07/13 20:38:58 | 000,383,562 | RHS- | M] () -- C:\bootmgr
    [2010/07/13 20:27:47 | 000,008,192 | RHS- | M] () -- C:\BOOTSECT.BAK
    [2012/02/01 14:18:04 | 000,012,301 | ---- | M] () -- C:\ComboFix.txt
    [2009/06/10 16:42:20 | 000,000,010 | ---- | M] () -- C:\config.sys
    [2009/05/20 12:35:06 | 000,005,356 | R--- | M] () -- C:\dell.sdr
    [2007/11/07 08:00:40 | 000,001,110 | ---- | M] () -- C:\globdata.ini
    [2012/02/01 13:26:50 | 2817,032,192 | -HS- | M] () -- C:\hiberfil.sys
    [2007/11/07 08:00:40 | 000,000,843 | ---- | M] () -- C:\install.ini
    [2007/11/07 08:03:18 | 000,076,304 | ---- | M] (Microsoft Corporation) -- C:\install.res.1028.dll
    [2007/11/07 08:03:18 | 000,096,272 | ---- | M] (Microsoft Corporation) -- C:\install.res.1031.dll
    [2007/11/07 08:03:18 | 000,091,152 | ---- | M] (Microsoft Corporation) -- C:\install.res.1033.dll
    [2007/11/07 08:03:18 | 000,097,296 | ---- | M] (Microsoft Corporation) -- C:\install.res.1036.dll
    [2007/11/07 08:03:18 | 000,095,248 | ---- | M] (Microsoft Corporation) -- C:\install.res.1040.dll
    [2007/11/07 08:03:18 | 000,081,424 | ---- | M] (Microsoft Corporation) -- C:\install.res.1041.dll
    [2007/11/07 08:03:18 | 000,079,888 | ---- | M] (Microsoft Corporation) -- C:\install.res.1042.dll
    [2007/11/07 08:03:18 | 000,075,792 | ---- | M] (Microsoft Corporation) -- C:\install.res.2052.dll
    [2007/11/07 08:03:18 | 000,096,272 | ---- | M] (Microsoft Corporation) -- C:\install.res.3082.dll
    [2009/06/05 14:12:52 | 000,000,000 | RHS- | M] () -- C:\IO.SYS
    [2009/06/05 14:12:52 | 000,000,000 | RHS- | M] () -- C:\MSDOS.SYS
    [2012/02/01 13:26:51 | 3756,044,288 | -HS- | M] () -- C:\pagefile.sys
    [2012/02/01 12:57:28 | 000,081,096 | ---- | M] () -- C:\TDSSKiller.2.7.9.0_01.02.2012_12.56.58_log.txt
    [2007/11/07 08:00:40 | 000,005,686 | ---- | M] () -- C:\vcredist.bmp
    [2007/11/07 08:09:22 | 001,442,522 | ---- | M] () -- C:\VC_RED.cab
    [2007/11/07 08:12:28 | 000,232,960 | ---- | M] () -- C:\VC_RED.MSI

    < %systemroot%\Fonts\*.com >
    [2009/07/13 23:52:25 | 000,026,040 | ---- | M] () -- C:\Windows\Fonts\GlobalMonospace.CompositeFont
    [2009/07/13 23:52:25 | 000,026,489 | ---- | M] () -- C:\Windows\Fonts\GlobalSansSerif.CompositeFont
    [2009/07/13 23:52:25 | 000,029,779 | ---- | M] () -- C:\Windows\Fonts\GlobalSerif.CompositeFont
    [2009/07/13 23:52:25 | 000,043,318 | ---- | M] () -- C:\Windows\Fonts\GlobalUserInterface.CompositeFont

    < %systemroot%\Fonts\*.dll >

    < %systemroot%\Fonts\*.ini >
    [2009/06/10 16:31:19 | 000,000,065 | ---- | M] () -- C:\Windows\Fonts\desktop.ini

    < %systemroot%\Fonts\*.ini2 >

    < %systemroot%\Fonts\*.exe >

    < %systemroot%\system32\spool\prtprocs\w32x86\*.* >
    [2009/07/13 20:15:35 | 000,022,528 | ---- | M] (Microsoft Corporation) -- C:\Windows\system32\spool\prtprocs\w32x86\jnwppr.dll
    [2009/06/22 18:08:30 | 000,090,112 | ---- | M] (Lexmark International Inc.) -- C:\Windows\system32\spool\prtprocs\w32x86\LMPRTPRC.DLL
    [2006/10/26 18:56:12 | 000,033,104 | ---- | M] (Microsoft Corporation) -- C:\Windows\system32\spool\prtprocs\w32x86\msonpppr.dll
    [2009/07/13 20:16:19 | 000,029,696 | ---- | M] (Microsoft Corporation) -- C:\Windows\system32\spool\prtprocs\w32x86\winprint.dll

    < %systemroot%\REPAIR\*.bak1 >

    < %systemroot%\REPAIR\*.ini >

    < %systemroot%\system32\*.jpg >

    < %systemroot%\*.jpg >

    < %systemroot%\*.png >

    < %systemroot%\*.scr >

    < %systemroot%\*._sy >

    < %APPDATA%\Adobe\Update\*.* >

    < %ALLUSERSPROFILE%\Favorites\*.* >

    < %APPDATA%\Microsoft\*.* >

    < %PROGRAMFILES%\*.* >
    [2009/07/13 23:41:57 | 000,000,174 | -HS- | M] () -- C:\Program Files\desktop.ini

    < %APPDATA%\Update\*.* >

    < %systemroot%\*. /mp /s >

    < %systemroot%\System32\config\*.sav >

    < %PROGRAMFILES%\bak. /s >

    < %systemroot%\system32\bak. /s >

    < %ALLUSERSPROFILE%\Start Menu\*.lnk /x >

    < %systemroot%\system32\config\systemprofile\*.dat /x >

    < %systemroot%\*.config >

    < %systemroot%\system32\*.db >

    < %APPDATA%\Microsoft\Internet Explorer\Quick Launch\*.lnk /x >
    [2010/07/13 17:00:18 | 000,000,221 | -HS- | M] () -- C:\Users\Brian Yokley\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\desktop.ini

    < %USERPROFILE%\Desktop\*.exe >
    [2012/02/01 13:32:42 | 004,733,440 | ---- | M] (AVAST Software) -- C:\Users\Brian Yokley\Desktop\aswMBR.exe
    [2011/09/20 03:02:40 | 000,083,968 | ---- | M] (Esage Lab) -- C:\Users\Brian Yokley\Desktop\boot_cleaner.exe
    [2012/02/01 14:07:12 | 004,394,330 | R--- | M] (Swearware) -- C:\Users\Brian Yokley\Desktop\ComboFix.exe
    [2012/02/01 00:29:36 | 000,302,592 | ---- | M] () -- C:\Users\Brian Yokley\Desktop\g8mqqnd1.exe
    [2012/01/31 23:52:01 | 009,502,424 | ---- | M] (Malwarebytes Corporation ) -- C:\Users\Brian Yokley\Desktop\mbam-setup-1.60.1.1000.exe
    [2012/02/01 14:58:19 | 000,584,192 | ---- | M] (OldTimer Tools) -- C:\Users\Brian Yokley\Desktop\OTL.exe
    [2012/01/31 23:53:04 | 000,302,592 | ---- | M] () -- C:\Users\Brian Yokley\Desktop\p9kn6gpm.exe
    [2012/01/31 23:51:36 | 064,207,032 | ---- | M] () -- C:\Users\Brian Yokley\Desktop\setup_av_free.exe
    [2012/02/01 12:56:54 | 002,059,312 | ---- | M] (Kaspersky Lab ZAO) -- C:\Users\Brian Yokley\Desktop\tdsskiller.exe
    [3 C:\Users\Brian Yokley\Desktop\*.tmp files -> C:\Users\Brian Yokley\Desktop\*.tmp -> ]

    < %PROGRAMFILES%\Common Files\*.* >

    < %systemroot%\*.src >

    < %systemroot%\install\*.* >

    < %systemroot%\system32\DLL\*.* >

    < %systemroot%\system32\HelpFiles\*.* >

    < %systemroot%\system32\rundll\*.* >

    < %systemroot%\winn32\*.* >

    < %systemroot%\Java\*.* >

    < %systemroot%\system32\test\*.* >

    < %systemroot%\system32\Rundll32\*.* >

    < %systemroot%\AppPatch\Custom\*.* >

    < %APPDATA%\Roaming\Microsoft\Windows\Recent\*.lnk /x >

    < %PROGRAMFILES%\PC-Doctor\Downloads\*.* >

    < %PROGRAMFILES%\Internet Explorer\*.tmp >

    < %PROGRAMFILES%\Internet Explorer\*.dat >

    < %USERPROFILE%\My Documents\*.exe >

    < %USERPROFILE%\*.exe >

    < %systemroot%\ADDINS\*.* >
    [2009/06/10 16:20:04 | 000,000,802 | ---- | M] () -- C:\Windows\ADDINS\FXSEXT.ecf

    < %systemroot%\assembly\*.bak2 >

    < %systemroot%\Config\*.* >

    < %systemroot%\REPAIR\*.bak2 >

    < %systemroot%\SECURITY\Database\*.sdb /x >
    [2010/07/14 21:28:20 | 000,008,192 | ---- | M] () -- C:\Windows\SECURITY\Database\edb.chk
    [2010/07/14 21:28:10 | 001,048,576 | ---- | M] () -- C:\Windows\SECURITY\Database\edb.log
    [2010/07/13 19:32:10 | 001,048,576 | ---- | M] () -- C:\Windows\SECURITY\Database\edbres00001.jrs
    [2010/07/13 19:32:10 | 001,048,576 | ---- | M] () -- C:\Windows\SECURITY\Database\edbres00002.jrs
    [2010/07/14 21:28:10 | 001,056,768 | ---- | M] () -- C:\Windows\SECURITY\Database\tmp.edb

    < %systemroot%\SYSTEM\*.bak2 >

    < %systemroot%\Web\*.bak2 >

    < %systemroot%\Driver Cache\*.* >

    < %PROGRAMFILES%\Mozilla Firefox\0*.exe >

    < %ProgramFiles%\Microsoft Common\*.* >

    < %ProgramFiles%\TinyProxy. >

    < %USERPROFILE%\Favorites\*.url /x >
    [2010/08/03 19:05:52 | 000,000,402 | -HS- | M] () -- C:\Users\Brian Yokley\Favorites\desktop.ini

    < %systemroot%\system32\*.bk >

    < %systemroot%\*.te >

    < %systemroot%\system32\system32\*.* >

    < %ALLUSERSPROFILE%\*.dat /x >

    < %systemroot%\system32\drivers\*.rmv >

    < dir /b "%systemroot%\system32\*.exe" | find /i " " /c >

    < dir /b "%systemroot%\*.exe" | find /i " " /c >

    < %PROGRAMFILES%\Microsoft\*.* >

    < %systemroot%\System32\Wbem\proquota.exe >

    < %PROGRAMFILES%\Mozilla Firefox\*.dat >

    < %USERPROFILE%\Cookies\*.txt /x >

    < %SystemRoot%\system32\fonts\*.* >

    < %systemroot%\system32\winlog\*.* >

    < %systemroot%\system32\Language\*.* >

    < %systemroot%\system32\Settings\*.* >

    < %systemroot%\system32\*.quo >

    < %SYSTEMROOT%\AppPatch\*.exe >

    < %SYSTEMROOT%\inf\*.exe >

    < %SYSTEMROOT%\Installer\*.exe >

    < %systemroot%\system32\config\*.bak2 >

    < %systemroot%\system32\Computers\*.* >

    < %SystemRoot%\system32\Sound\*.* >

    < %SystemRoot%\system32\SpecialImg\*.* >

    < %SystemRoot%\system32\code\*.* >

    < %SystemRoot%\system32\draft\*.* >

    < %SystemRoot%\system32\MSSSys\*.* >

    < %ProgramFiles%\Javascript\*.* >

    < %systemroot%\pchealth\helpctr\System\*.exe /s >

    < %systemroot%\Web\*.exe >

    < %systemroot%\system32\msn\*.* >

    < %systemroot%\system32\*.tro >

    < %AppData%\Microsoft\Installer\msupdates\*.* >

    < %ProgramFiles%\Messenger\*.* >

    < %systemroot%\system32\systhem32\*.* >

    < %systemroot%\system\*.exe >

    < HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate\AU >

    < HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\ Auto Update\Results\Install|LastSuccessTime /rs >


    ========== Alternate Data Streams ==========

    @Alternate Data Stream - 104 bytes -> C:\ProgramData\TEMP:D1B5B4F1

    < End of report >
     
  14. byokley

    byokley TS Rookie Topic Starter

    OTL Extras logfile created on: 2/1/2012 2:59:38 PM - Run 1
    OTL by OldTimer - Version 3.2.31.0 Folder = C:\Users\Brian Yokley\Desktop
    Professional (Version = 6.1.7600) - Type = NTWorkstation
    Internet Explorer (Version = 8.0.7600.16385)
    Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

    3.50 Gb Total Physical Memory | 2.37 Gb Available Physical Memory | 67.64% Memory free
    6.99 Gb Paging File | 5.99 Gb Available in Paging File | 85.66% Paging File free
    Paging file location(s): ?:\pagefile.sys [binary data]

    %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
    Drive C: | 168.76 Gb Total Space | 102.50 Gb Free Space | 60.74% Space Free | Partition Type: NTFS
    Drive D: | 15.00 Gb Total Space | 9.52 Gb Free Space | 63.46% Space Free | Partition Type: NTFS

    Computer Name: BRIANYOKLEY-PC | User Name: Brian Yokley | Logged in as Administrator.
    Boot Mode: Normal | Scan Mode: All users | Quick Scan
    Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

    ========== Extra Registry (SafeList) ==========


    ========== File Associations ==========

    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
    .cpl [@ = cplfile] -- C:\Windows\System32\control.exe (Microsoft Corporation)
    .hlp [@ = hlpfile] -- C:\Windows\winhlp32.exe (Microsoft Corporation)

    ========== Shell Spawning ==========

    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
    batfile [open] -- "%1" %*
    cmdfile [open] -- "%1" %*
    comfile [open] -- "%1" %*
    cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
    exefile [open] -- "%1" %*
    helpfile [open] -- Reg Error: Key error.
    hlpfile [open] -- %SystemRoot%\winhlp32.exe %1 (Microsoft Corporation)
    piffile [open] -- "%1" %*
    regfile [merge] -- Reg Error: Key error.
    scrfile [config] -- "%1"
    scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
    scrfile [open] -- "%1" /S
    txtfile [edit] -- Reg Error: Key error.
    Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
    Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
    Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
    Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
    Folder [explore] -- Reg Error: Value error.
    Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

    ========== Security Center Settings ==========

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
    "cval" = 1
    "FirewallDisableNotify" = 0
    "AntiVirusDisableNotify" = 0
    "UpdatesDisableNotify" = 0

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
    "VistaSp1" = Reg Error: Unknown registry data type -- File not found
    "AntiVirusOverride" = 0
    "AntiSpywareOverride" = 0
    "FirewallOverride" = 0

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]

    ========== System Restore Settings ==========

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]
    "DisableSR" = 0

    ========== Firewall Settings ==========

    [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\StandardProfile]

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
    "DisableNotifications" = 0
    "EnableFirewall" = 1

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
    "DisableNotifications" = 0
    "EnableFirewall" = 1

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
    "DisableNotifications" = 0
    "EnableFirewall" = 1

    ========== Authorized Applications List ==========

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]
    "C:\Program Files\Logitech\Logitech Harmony Remote Software 7\HarmonyRemote.exe" = C:\Program Files\Logitech\Logitech Harmony Remote Software 7\HarmonyRemote.exe:*:Enabled:Logitech Harmony Remote Software 7 -- ()

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
    "C:\Program Files\Logitech\Logitech Harmony Remote Software 7\HarmonyRemote.exe" = C:\Program Files\Logitech\Logitech Harmony Remote Software 7\HarmonyRemote.exe:*:Enabled:Logitech Harmony Remote Software 7 -- ()


    ========== HKEY_LOCAL_MACHINE Uninstall List ==========

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
    "{002D9D5E-29BA-3E6D-9BC4-3D7D6DBC735C}" = Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148
    "{147BCE03-C0F1-4C9F-8157-6A89B6D2D973}" = McAfee VirusScan Enterprise
    "{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
    "{26A24AE4-039D-4CA4-87B4-2F83216022FF}" = Java(TM) 6 Update 26
    "{28C2DED6-325B-4CC7-983A-1777C8F7FBAB}" = RealUpgrade 1.1
    "{3C3901C5-3455-3E0A-A214-0B093A5070A6}" = Microsoft .NET Framework 4 Client Profile
    "{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
    "{5C6F884D-680C-448B-B4C9-22296EE1B206}" = Logitech Harmony Remote Software 7
    "{612C34C7-5E90-47D8-9B5C-0F717DD82726}" = swMSM
    "{7770E71B-2D43-4800-9CB3-5B6CAAEBEBEA}" = RealNetworks - Microsoft Visual C++ 2008 Runtime
    "{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}" = Apple Software Update
    "{7BE15435-2D3E-4B58-867F-9C75BED0208C}" = QuickTime
    "{835A6F5F-BC13-48DF-BEBE-8D80B419D145}" = Cisco AnyConnect VPN Client
    "{8471021C-F529-43DE-84DF-3612E10F58C4}" = Remote Control USB Driver
    "{86CE85E6-DBAC-3FFD-B977-E4B79F83C909}" = Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570
    "{885F5AC6-4413-4D30-99A9-F4494BFA4923}" = Logitech Harmony Remote Software 7
    "{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
    "{90120000-0015-0409-0000-0000000FF1CE}" = Microsoft Office Access MUI (English) 2007
    "{90120000-0015-0409-0000-0000000FF1CE}_ENTERPRISE_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
    "{90120000-0016-0409-0000-0000000FF1CE}" = Microsoft Office Excel MUI (English) 2007
    "{90120000-0016-0409-0000-0000000FF1CE}_ENTERPRISE_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
    "{90120000-0018-0409-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (English) 2007
    "{90120000-0018-0409-0000-0000000FF1CE}_ENTERPRISE_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
    "{90120000-0019-0409-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (English) 2007
    "{90120000-0019-0409-0000-0000000FF1CE}_ENTERPRISE_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
    "{90120000-001A-0409-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (English) 2007
    "{90120000-001A-0409-0000-0000000FF1CE}_ENTERPRISE_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
    "{90120000-001B-0409-0000-0000000FF1CE}" = Microsoft Office Word MUI (English) 2007
    "{90120000-001B-0409-0000-0000000FF1CE}_ENTERPRISE_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
    "{90120000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2007
    "{90120000-001F-0409-0000-0000000FF1CE}_ENTERPRISE_{ABDDE972-355B-4AF1-89A8-DA50B7B5C045}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
    "{90120000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2007
    "{90120000-001F-040C-0000-0000000FF1CE}_ENTERPRISE_{F580DDD5-8D37-4998-968E-EBB76BB86787}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
    "{90120000-001F-0C0A-0000-0000000FF1CE}" = Microsoft Office Proof (Spanish) 2007
    "{90120000-001F-0C0A-0000-0000000FF1CE}_ENTERPRISE_{187308AB-5FA7-4F14-9AB9-D290383A10D9}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
    "{90120000-002C-0409-0000-0000000FF1CE}" = Microsoft Office Proofing (English) 2007
    "{90120000-0030-0000-0000-0000000FF1CE}" = Microsoft Office Enterprise 2007
    "{90120000-0030-0000-0000-0000000FF1CE}_ENTERPRISE_{0B36C6D6-F5D8-4EAF-BF94-4376A230AD5B}" = Microsoft Office 2007 Service Pack 2 (SP2)
    "{90120000-0030-0000-0000-0000000FF1CE}_ENTERPRISE_{3D019598-7B59-447A-80AE-815B703B84FF}" = Security Update for Microsoft Office system 2007 (972581)
    "{90120000-0044-0409-0000-0000000FF1CE}" = Microsoft Office InfoPath MUI (English) 2007
    "{90120000-0044-0409-0000-0000000FF1CE}_ENTERPRISE_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
    "{90120000-006E-0409-0000-0000000FF1CE}" = Microsoft Office Shared MUI (English) 2007
    "{90120000-006E-0409-0000-0000000FF1CE}_ENTERPRISE_{DE5A002D-8122-4278-A7EE-3121E7EA254E}" = Microsoft Office 2007 Service Pack 2 (SP2)
    "{90120000-00A1-0409-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (English) 2007
    "{90120000-00A1-0409-0000-0000000FF1CE}_ENTERPRISE_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
    "{90120000-00BA-0409-0000-0000000FF1CE}" = Microsoft Office Groove MUI (English) 2007
    "{90120000-00BA-0409-0000-0000000FF1CE}_ENTERPRISE_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
    "{90120000-0114-0409-0000-0000000FF1CE}" = Microsoft Office Groove Setup Metadata MUI (English) 2007
    "{90120000-0114-0409-0000-0000000FF1CE}_ENTERPRISE_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
    "{90120000-0115-0409-0000-0000000FF1CE}" = Microsoft Office Shared Setup Metadata MUI (English) 2007
    "{90120000-0115-0409-0000-0000000FF1CE}_ENTERPRISE_{DE5A002D-8122-4278-A7EE-3121E7EA254E}" = Microsoft Office 2007 Service Pack 2 (SP2)
    "{90120000-0117-0409-0000-0000000FF1CE}" = Microsoft Office Access Setup Metadata MUI (English) 2007
    "{90120000-0117-0409-0000-0000000FF1CE}_ENTERPRISE_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
    "{90140000-2005-0000-0000-0000000FF1CE}" = Microsoft Office File Validation Add-In
    "{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
    "{A83279FD-CA4B-4206-9535-90974DE76654}" = Apple Application Support
    "{AA59DDE4-B672-4621-A016-4C248204957A}" = Skype™ 5.5
    "{AA951B10-7089-4D60-B288-516E641F48E6}" = McAfee Agent
    "{AC76BA86-7AD7-1033-7B44-A95000000001}" = Adobe Reader 9.5.0
    "{B0931CBE-FBA6-4BB0-A959-45E2751EC169}" = Cisco AnyConnect VPN Client Start Before Login Components
    "{B2544A03-10D0-4E5E-BA69-0362FFC20D18}" = OGA Notifier 2.0.0048.0
    "{CD95F661-A5C4-11AF-B2CC-ABCD21A325B8}" = WinZip Courier
    "{CD95F661-A5C4-44F5-A6AA-ECDD91C240C2}" = WinZip 15.5
    "{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022
    "Adobe Flash Player ActiveX" = Adobe Flash Player 11 ActiveX
    "Adobe Shockwave Player" = Adobe Shockwave Player 11.6
    "CentraClient" = Centra Client
    "Creative OEM004" = Laptop Integrated Webcam Driver (1.03.01.1011)
    "ENTERPRISE" = Microsoft Office Enterprise 2007
    "Glary Utilities_is1" = Glary Utilities Pro 2.30.0.1066
    "Malwarebytes' Anti-Malware_is1" = Malwarebytes Anti-Malware version 1.60.1.1000
    "McAfee Anti-Spyware Enterprise Module" = McAfee AntiSpyware Enterprise Module
    "Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
    "RealPlayer 12.0" = RealPlayer

    ========== HKEY_USERS Uninstall List ==========

    [HKEY_USERS\S-1-5-21-3546445678-3021338262-797944043-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
    "Dropbox" = Dropbox

    ========== Last 10 Event Log Errors ==========

    [ Application Events ]
    Error - 1/31/2012 9:28:27 AM | Computer Name = BrianYokley-PC | Source = MsiInstaller | ID = 1023
    Description =

    Error - 1/31/2012 1:54:42 PM | Computer Name = BrianYokley-PC | Source = MsiInstaller | ID = 1023
    Description =

    Error - 1/31/2012 6:20:59 PM | Computer Name = BrianYokley-PC | Source = McLogEvent | ID = 5051
    Description = A thread in process C:\Program Files\McAfee\VirusScan Enterprise\mcshield.exe
    took longer than 90000 ms to complete a request. The process will be terminated.
    Thread
    id : 3576 (0xdf8) Thread address : 0x77596194 Thread message : Build VSCORE.14.1.0.524
    / 5400.1158 Object being scanned = \Device\HarddiskVolume3\ProgramData\McAfee\Common
    Framework\Current\BOCVSE__1000\BocDet_VSE.McS by C:\Program Files\McAfee\Common
    Framework\McScript_InUse.exe 4(0)(0) 4(0)(0) 7200(0)(0) 7595(0)(0) 7005(0)(0) 7004(0)(0)

    5006(0)(0) 5004(0)(0)

    Error - 1/31/2012 6:20:59 PM | Computer Name = BrianYokley-PC | Source = McLogEvent | ID = 1008
    Description = The McShield service terminated unexpectedly. Please review event 5019
    or 5051 for details. The McShield service will be restarted in 5 seconds;

    Error - 1/31/2012 9:23:30 PM | Computer Name = BrianYokley-PC | Source = McLogEvent | ID = 259
    Description = The scan found detections. Scan engine version 5400.1158 DAT version
    6606.

    Error - 2/1/2012 1:23:23 AM | Computer Name = BrianYokley-PC | Source = Application Hang | ID = 1002
    Description = The program p9kn6gpm.exe version 1.0.15.15641 stopped interacting
    with Windows and was closed. To see if more information about the problem is available,
    check the problem history in the Action Center control panel. Process ID: 1598 Start
    Time: 01cce0a18ab00978 Termination Time: 16 Application Path: C:\Users\Brian Yokley\Desktop\p9kn6gpm.exe

    Report
    Id: d56dec70-4c94-11e1-871e-001f3ad7bbd6

    Error - 2/1/2012 1:23:37 AM | Computer Name = BrianYokley-PC | Source = Application Hang | ID = 1002
    Description = The program p9kn6gpm.exe version 1.0.15.15641 stopped interacting
    with Windows and was closed. To see if more information about the problem is available,
    check the problem history in the Action Center control panel. Process ID: 1514 Start
    Time: 01cce0a1894e36cb Termination Time: 15 Application Path: C:\Users\Brian Yokley\Desktop\p9kn6gpm.exe

    Report
    Id: e2889c22-4c94-11e1-871e-001f3ad7bbd6

    Error - 2/1/2012 10:24:54 AM | Computer Name = BrianYokley-PC | Source = MsiInstaller | ID = 1023
    Description =

    Error - 2/1/2012 11:44:02 AM | Computer Name = BrianYokley-PC | Source = Application Error | ID = 1000
    Description = Faulting application name: AvastSvc.exe, version: 6.0.1367.0, time
    stamp: 0x4ed3caa7 Faulting module name: aswScan.dll, version: 6.0.1388.0, time stamp:
    0x4f22f2db Exception code: 0xc0000005 Fault offset: 0x00007333 Faulting process id:
    0x5c4 Faulting application start time: 0x01cce0a1100a2c4a Faulting application path:
    C:\Program Files\AVAST Software\Avast\AvastSvc.exe Faulting module path: C:\Program
    Files\AVAST Software\Avast\defs\12020100\aswScan.dll Report Id: 901a4604-4ceb-11e1-871e-001f3ad7bbd6

    Error - 2/1/2012 11:45:00 AM | Computer Name = BrianYokley-PC | Source = Application Error | ID = 1000
    Description = Faulting application name: AvastSvc.exe, version: 6.0.1367.0, time
    stamp: 0x4ed3caa7 Faulting module name: aswScan.dll, version: 6.0.1388.0, time stamp:
    0x4f22f2db Exception code: 0xc0000005 Fault offset: 0x00007333 Faulting process id:
    0xee4 Faulting application start time: 0x01cce0f85df68b55 Faulting application path:
    C:\Program Files\AVAST Software\Avast\AvastSvc.exe Faulting module path: C:\Program
    Files\AVAST Software\Avast\defs\12020100\aswScan.dll Report Id: b25b8549-4ceb-11e1-871e-001f3ad7bbd6

    [ Cisco AnyConnect VPN Client Events ]
    Error - 2/1/2012 1:35:31 AM | Computer Name = BrianYokley-PC | Source = vpnagent | ID = 67108866
    Description = Function: CMainThread::Notify File: .\MainThread.cpp Line: 6000 Invoked
    Function: CMainThread::processNotice Return Code: -33095647 (0xFE070021) Description:
    ROUTETABLE_ERROR_GETBESTROUTE_FAILED

    Error - 2/1/2012 2:27:03 PM | Computer Name = BrianYokley-PC | Source = vpnagent | ID = 67108866
    Description = Function: CIPv4ChangeRouteHelper::FindBestRoute File: .\IPv4ChangeRouteHelper.cpp
    Line:
    2460 Invoked Function: CIPv4RouteTable::FindMatchingRoute Return Code: -33095647
    (0xFE070021) Description: ROUTETABLE_ERROR_GETBESTROUTE_FAILED

    Error - 2/1/2012 2:27:03 PM | Computer Name = BrianYokley-PC | Source = vpnagent | ID = 67108866
    Description = Function: CIPv4ChangeRouteHelper::FindBestRoute File: .\IPv4ChangeRouteHelper.cpp
    Line:
    2460 Invoked Function: CIPv4RouteTable::FindMatchingRoute Return Code: -33095647
    (0xFE070021) Description: ROUTETABLE_ERROR_GETBESTROUTE_FAILED

    Error - 2/1/2012 2:27:03 PM | Computer Name = BrianYokley-PC | Source = vpnagent | ID = 67108866
    Description = Function: CIPv4ChangeRouteHelper::FindBestRoute File: .\IPv4ChangeRouteHelper.cpp
    Line:
    2460 Invoked Function: CIPv4RouteTable::FindMatchingRoute Return Code: -33095647
    (0xFE070021) Description: ROUTETABLE_ERROR_GETBESTROUTE_FAILED

    Error - 2/1/2012 2:27:04 PM | Computer Name = BrianYokley-PC | Source = vpnagent | ID = 67108866
    Description = Function: CIPv4ChangeRouteHelper::FindBestRoute File: .\IPv4ChangeRouteHelper.cpp
    Line:
    2460 Invoked Function: CIPv4RouteTable::FindMatchingRoute Return Code: -33095647
    (0xFE070021) Description: ROUTETABLE_ERROR_GETBESTROUTE_FAILED

    Error - 2/1/2012 2:27:04 PM | Computer Name = BrianYokley-PC | Source = vpnagent | ID = 67108866
    Description = Function: CIPv4ChangeRouteHelper::FindBestRoute File: .\IPv4ChangeRouteHelper.cpp
    Line:
    2460 Invoked Function: CIPv4RouteTable::FindMatchingRoute Return Code: -33095647
    (0xFE070021) Description: ROUTETABLE_ERROR_GETBESTROUTE_FAILED

    Error - 2/1/2012 2:27:04 PM | Computer Name = BrianYokley-PC | Source = vpnagent | ID = 67108866
    Description = Function: CIPv4ChangeRouteHelper::FindBestRoute File: .\IPv4ChangeRouteHelper.cpp
    Line:
    2460 Invoked Function: CIPv4RouteTable::FindMatchingRoute Return Code: -33095647
    (0xFE070021) Description: ROUTETABLE_ERROR_GETBESTROUTE_FAILED

    Error - 2/1/2012 2:27:04 PM | Computer Name = BrianYokley-PC | Source = vpnagent | ID = 67108866
    Description = Function: CRouteMgr::UpdatePublicAddress File: .\RouteMgr.cpp Line:
    2116 Invoked Function: CChangeRouteTable::FindBestRouteInterface Return Code: -33095647
    (0xFE070021) Description: ROUTETABLE_ERROR_GETBESTROUTE_FAILED

    Error - 2/1/2012 2:27:04 PM | Computer Name = BrianYokley-PC | Source = vpnagent | ID = 67108866
    Description = Function: CMainThread::applyHostConfigForNoVpn File: .\MainThread.cpp
    Line:
    7411 Invoked Function: CHostConfigMgr::DeterminePublicInterface Return Code: -33095647
    (0xFE070021) Description: ROUTETABLE_ERROR_GETBESTROUTE_FAILED

    Error - 2/1/2012 2:27:04 PM | Computer Name = BrianYokley-PC | Source = vpnagent | ID = 67108866
    Description = Function: CMainThread::MainLoop File: .\MainThread.cpp Line: 325 Invoked
    Function: CMainThread::applyHostConfigForNoVpn Return Code: -33095647 (0xFE070021)
    Description:
    ROUTETABLE_ERROR_GETBESTROUTE_FAILED

    [ OSession Events ]
    Error - 10/15/2010 3:23:16 AM | Computer Name = BrianYokley-PC | Source = Microsoft Office 12 Sessions | ID = 7001
    Description = ID: 1, Application Name: Microsoft Office Excel, Application Version:
    12.0.6535.5002, Microsoft Office Version: 12.0.6425.1000. This session lasted 52906
    seconds with 360 seconds of active time. This session ended with a crash.

    Error - 10/15/2010 3:23:20 AM | Computer Name = BrianYokley-PC | Source = Microsoft Office 12 Sessions | ID = 7001
    Description = ID: 1, Application Name: Microsoft Office Excel, Application Version:
    12.0.6535.5002, Microsoft Office Version: 12.0.6425.1000. This session lasted 62504
    seconds with 3660 seconds of active time. This session ended with a crash.

    Error - 11/29/2010 3:52:54 PM | Computer Name = BrianYokley-PC | Source = Microsoft Office 12 Sessions | ID = 7001
    Description = ID: 0, Application Name: Microsoft Office Word, Application Version:
    12.0.6545.5000, Microsoft Office Version: 12.0.6425.1000. This session lasted 547
    seconds with 120 seconds of active time. This session ended with a crash.

    Error - 2/21/2011 5:39:29 PM | Computer Name = BrianYokley-PC | Source = Microsoft Office 12 Sessions | ID = 7001
    Description = ID: 1, Application Name: Microsoft Office Excel, Application Version:
    12.0.6545.5000, Microsoft Office Version: 12.0.6425.1000. This session lasted 15219
    seconds with 540 seconds of active time. This session ended with a crash.

    Error - 4/12/2011 11:17:08 AM | Computer Name = BrianYokley-PC | Source = Microsoft Office 12 Sessions | ID = 7001
    Description = ID: 1, Application Name: Microsoft Office Excel, Application Version:
    12.0.6545.5000, Microsoft Office Version: 12.0.6425.1000. This session lasted 4185
    seconds with 3240 seconds of active time. This session ended with a crash.

    Error - 4/15/2011 5:44:51 PM | Computer Name = BrianYokley-PC | Source = Microsoft Office 12 Sessions | ID = 7001
    Description = ID: 1, Application Name: Microsoft Office Excel, Application Version:
    12.0.6545.5000, Microsoft Office Version: 12.0.6425.1000. This session lasted 168026
    seconds with 8040 seconds of active time. This session ended with a crash.

    Error - 4/20/2011 12:24:29 PM | Computer Name = BrianYokley-PC | Source = Microsoft Office 12 Sessions | ID = 7001
    Description = ID: 6, Application Name: Microsoft Office Outlook, Application Version:
    12.0.6550.5003, Microsoft Office Version: 12.0.6425.1000. This session lasted 43524
    seconds with 960 seconds of active time. This session ended with a crash.

    Error - 4/20/2011 4:09:19 PM | Computer Name = BrianYokley-PC | Source = Microsoft Office 12 Sessions | ID = 7001
    Description = ID: 1, Application Name: Microsoft Office Excel, Application Version:
    12.0.6550.5004, Microsoft Office Version: 12.0.6425.1000. This session lasted 7779
    seconds with 1380 seconds of active time. This session ended with a crash.

    Error - 4/20/2011 5:00:34 PM | Computer Name = BrianYokley-PC | Source = Microsoft Office 12 Sessions | ID = 7001
    Description = ID: 1, Application Name: Microsoft Office Excel, Application Version:
    12.0.6550.5004, Microsoft Office Version: 12.0.6425.1000. This session lasted 3058
    seconds with 60 seconds of active time. This session ended with a crash.

    Error - 4/24/2011 8:26:21 PM | Computer Name = BrianYokley-PC | Source = Microsoft Office 12 Sessions | ID = 7001
    Description = ID: 1, Application Name: Microsoft Office Excel, Application Version:
    12.0.6550.5004, Microsoft Office Version: 12.0.6425.1000. This session lasted 10845
    seconds with 660 seconds of active time. This session ended with a crash.

    [ System Events ]
    Error - 1/31/2012 3:31:28 PM | Computer Name = BrianYokley-PC | Source = BTHUSB | ID = 327697
    Description = The local Bluetooth adapter has failed in an undetermined manner and
    will not be used. The driver has been unloaded.

    Error - 1/31/2012 6:20:59 PM | Computer Name = BrianYokley-PC | Source = Service Control Manager | ID = 7034
    Description = The McAfee McShield service terminated unexpectedly. It has done
    this 1 time(s).

    Error - 1/31/2012 7:43:54 PM | Computer Name = BrianYokley-PC | Source = EventLog | ID = 6008
    Description = The previous system shutdown at 6:43:06 PM on ?1/?31/?2012 was unexpected.

    Error - 2/1/2012 1:21:15 AM | Computer Name = BrianYokley-PC | Source = WMPNetworkSvc | ID = 866300
    Description =

    Error - 2/1/2012 10:25:24 AM | Computer Name = BrianYokley-PC | Source = Microsoft-Windows-WindowsUpdateClient | ID = 20
    Description = Installation Failure: Windows failed to install the following update
    with error 0x80070643: Update for Microsoft .NET Framework 4 on Windows XP, Windows
    Server 2003, Windows Vista, Windows 7, Windows Server 2008 x86 (KB2468871).

    Error - 2/1/2012 11:44:16 AM | Computer Name = BrianYokley-PC | Source = Service Control Manager | ID = 7031
    Description = The avast! Antivirus service terminated unexpectedly. It has done
    this 1 time(s). The following corrective action will be taken in 5000 milliseconds:
    Restart the service.

    Error - 2/1/2012 11:45:08 AM | Computer Name = BrianYokley-PC | Source = Service Control Manager | ID = 7031
    Description = The avast! Antivirus service terminated unexpectedly. It has done
    this 2 time(s). The following corrective action will be taken in 5000 milliseconds:
    Restart the service.

    Error - 2/1/2012 3:08:57 PM | Computer Name = BrianYokley-PC | Source = Service Control Manager | ID = 7030
    Description = The PEVSystemStart service is marked as an interactive service. However,
    the system is configured to not allow interactive services. This service may not
    function properly.

    Error - 2/1/2012 3:12:06 PM | Computer Name = BrianYokley-PC | Source = Service Control Manager | ID = 7030
    Description = The PEVSystemStart service is marked as an interactive service. However,
    the system is configured to not allow interactive services. This service may not
    function properly.

    Error - 2/1/2012 3:15:01 PM | Computer Name = BrianYokley-PC | Source = Service Control Manager | ID = 7030
    Description = The PEVSystemStart service is marked as an interactive service. However,
    the system is configured to not allow interactive services. This service may not
    function properly.


    < End of report >
     
  15. Broni

    Broni Malware Annihilator Posts: 47,048   +256

    You didn't say:
    [​IMG]

    ===========================================================

    Run OTL
    • Under the Custom Scans/Fixes box at the bottom, paste in the following

      Code:
      :OTL
      O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab (Reg Error: Key error.)
      [2012/01/31 17:04:10 | 000,000,679 | ---- | C] () -- C:\Users\Brian Yokley\Application Data\Microsoft\Internet Explorer\Quick Launch\System Check.lnk
      [2010/11/01 17:22:48 | 000,000,000 | ---D | M] -- C:\Users\Brian Yokley\AppData\Roaming\Registry Mechanic
      @Alternate Data Stream - 104 bytes -> C:\ProgramData\TEMP:D1B5B4F1
      
      :Commands
      [purity]
      [emptytemp]
      [emptyjava]
      [emptyflash]
      [Reboot]
      
    • Then click the Run Fix button at the top
    • Let the program run unhindered, reboot the PC when it is done
    • You will get a log that shows the results of the fix. Please post it.

    ==============================================================

    1. Update your Java version here: http://www.java.com/en/download/installed.jsp

    Note 1: UNCHECK any pre-checked toolbar and/or software offered with the Java update. The pre-checked toolbars/software are not part of the Java update.

    Note 2: The Java Quick Starter (JQS.exe) adds a service to improve the initial startup time of Java applets and applications. If you don't want to run another extra service, go to Start > Control Panel > Java > Advanced > Miscellaneous and uncheck the box for Java Quick Starter. Click OK and restart your computer.

    2. Now, we need to remove old Java version and its remnants...

    Download JavaRa to your desktop and unzip it to its own folder
    • Run JavaRa.exe (Vista users! Right click on JavaRa.exe, click Run As Administrator), pick the language of your choice and click Select. Then click Remove Older Versions.
    • Accept any prompts.
    • Do NOT post JavaRa log.

    =============================================================

    Last scans...

    1. Download Security Check from HERE, and save it to your Desktop.
    • Double-click SecurityCheck.exe
    • Follow the onscreen instructions inside of the black box.
    • A Notepad document should open automatically called checkup.txt; please post the contents of that document.

      NOTE SecurityCheck may produce some false warning(s), so leave the results reading to me.

    2. Please download Farbar Service Scanner (FSS) and run it on the computer with the issue.
    • Make sure the following options are checked:
      • Internet Services
      • Windows Firewall
      • System Restore
      • Security Center
      • Windows Update
    • Press "Scan".
    • It will create a log (FSS.txt) in the same directory the tool is run.
    • Please copy and paste the log to your reply.


    3. Download Temp File Cleaner (TFC)
    • Double click on TFC.exe to run the program.
    • Click on Start button to begin cleaning process.
    • TFC will close all running programs, and it may ask you to restart computer.


    4. Please run a free online scan with the ESET Online Scanner

    • Disable your antivirus program
    • Tick the box next to YES, I accept the Terms of Use
    • Click Start
    • Accept any security warnings from your browser.
    • Check Scan archives
    • Click Start
    • ESET will then download updates for itself, install itself, and begin scanning your computer. Please be patient as this can take some time.
    • When the scan completes, click on List of found threats
    • Click on Export to text file , and save the file to your desktop using a unique name, such as ESETScan. Include the contents of this report in your next reply.
    • NOTE. If Eset won't find any threats, it won't produce any log.
     
  16. byokley

    byokley TS Rookie Topic Starter

    All processes killed
    ========== OTL ==========
    Starting removal of ActiveX control {E2883E8F-472F-4FB0-9522-AC9BF37916A7}
    Registry error reading value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{E2883E8F-472F-4FB0-9522-AC9BF37916A7}\DownloadInformation\\INF .
    Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{E2883E8F-472F-4FB0-9522-AC9BF37916A7}\ deleted successfully.
    Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{E2883E8F-472F-4FB0-9522-AC9BF37916A7}\ not found.
    Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{E2883E8F-472F-4FB0-9522-AC9BF37916A7}\ not found.
    Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{E2883E8F-472F-4FB0-9522-AC9BF37916A7}\ not found.
    C:\Users\Brian Yokley\Application Data\Microsoft\Internet Explorer\Quick Launch\System Check.lnk moved successfully.
    C:\Users\Brian Yokley\AppData\Roaming\Registry Mechanic folder moved successfully.
    ADS C:\ProgramData\TEMP:D1B5B4F1 deleted successfully.
    ========== COMMANDS ==========

    [EMPTYTEMP]

    User: All Users

    User: Brian Yokley
    ->Temp folder emptied: 151645 bytes
    ->Temporary Internet Files folder emptied: 501506333 bytes
    ->Java cache emptied: 4249663 bytes
    ->Flash cache emptied: 274790 bytes

    User: Default
    ->Temp folder emptied: 0 bytes
    ->Temporary Internet Files folder emptied: 67 bytes

    User: Default User
    ->Temp folder emptied: 0 bytes
    ->Temporary Internet Files folder emptied: 0 bytes

    User: Public
    ->Temp folder emptied: 0 bytes

    %systemdrive% .tmp files removed: 0 bytes
    %systemroot% .tmp files removed: 0 bytes
    %systemroot%\System32 .tmp files removed: 0 bytes
    %systemroot%\System32\drivers .tmp files removed: 0 bytes
    Windows Temp folder emptied: 0 bytes
    RecycleBin emptied: 503016 bytes

    Total Files Cleaned = 483.00 mb


    [EMPTYJAVA]

    User: All Users

    User: Brian Yokley
    ->Java cache emptied: 0 bytes

    User: Default

    User: Default User

    User: Public

    Total Java Files Cleaned = 0.00 mb


    [EMPTYFLASH]

    User: All Users

    User: Brian Yokley
    ->Flash cache emptied: 0 bytes

    User: Default

    User: Default User

    User: Public

    Total Flash Files Cleaned = 0.00 mb


    OTL by OldTimer - Version 3.2.31.0 log created on 02012012_164800

    Files\Folders moved on Reboot...
    C:\Users\Brian Yokley\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\H4C51O99\partner[3].htm moved successfully.
    C:\Users\Brian Yokley\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\H4C51O99\topic176948[1].html moved successfully.
    C:\Users\Brian Yokley\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\FRRDV46I\partner[2].htm moved successfully.
    C:\Users\Brian Yokley\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\9HUT15K2\net[5].htm moved successfully.
    C:\Users\Brian Yokley\AppData\Local\Microsoft\Windows\Temporary Internet Files\AntiPhishing\2CEDBFBC-DBA8-43AA-B1FD-CC8E6316E3E2.dat moved successfully.

    Registry entries deleted on Reboot...
     
  17. byokley

    byokley TS Rookie Topic Starter

    Security Check:
    Results of screen317's Security Check version 0.99.24
    Windows 7 x86 (UAC is enabled)
    Internet Explorer 8 Out of date!
    ``````````````````````````````
    Antivirus/Firewall Check:

    Windows Firewall Enabled!
    McAfee VirusScan Enterprise
    McAfee AntiSpyware Enterprise Module
    McAfee Agent
    WMI entry may not exist for antivirus; attempting automatic update.
    ```````````````````````````````
    Anti-malware/Other Utilities Check:

    McAfee AntiSpyware Enterprise Module
    Java(TM) 6 Update 30
    ````````````````````````````````
    Process Check:
    objlist.exe by Laurent

    Malwarebytes' Anti-Malware mbamservice.exe
    Malwarebytes' Anti-Malware mbamgui.exe
    McAfee VirusScan Enterprise engineserver.exe
    McAfee VirusScan Enterprise vstskmgr.exe
    McAfee VirusScan Enterprise mcshield.exe
    McAfee VirusScan Enterprise mfeann.exe
    McAfee VirusScan Enterprise shstat.exe
    ``````````End of Log````````````

    Farbar Service Scanner Version: 01-02-2012 03
    Ran by Brian Yokley (administrator) on 01-02-2012 at 17:33:23
    Microsoft Windows 7 Professional (X86)
    Boot Mode: Normal
    ****************************************************************

    Internet Services:
    ============

    Connection Status:
    ==============
    Localhost is accessible.
    LAN connected.
    Google IP is accessible.
    Yahoo IP is accessible.


    Windows Firewall:
    =============

    Firewall Disabled Policy:
    ==================


    System Restore:
    ============

    System Restore Disabled Policy:
    ========================


    Security Center:
    ============

    Windows Update:
    ===========
    BITS Service is not running. Checking service configuration:
    The start type of BITS service is set to Demand. The default start type is Auto.
    The ImagePath of BITS service is OK.
    The ServiceDll of BITS service is OK.


    File Check:
    ========
    C:\Windows\system32\nsisvc.dll => MD5 is legit
    C:\Windows\system32\Drivers\nsiproxy.sys => MD5 is legit
    C:\Windows\system32\dhcpcore.dll => MD5 is legit
    C:\Windows\system32\Drivers\afd.sys => MD5 is legit
    C:\Windows\system32\Drivers\tdx.sys => MD5 is legit
    C:\Windows\system32\Drivers\tcpip.sys
    [2011-11-09 11:54] - [2011-09-29 10:43] - 1285488 ____A (Microsoft Corporation) 56C198AC82EFA622DD93E9E43575F79C

    C:\Windows\system32\dnsrslvr.dll
    [2011-04-15 14:58] - [2011-03-03 00:29] - 0132608 ____A (Microsoft Corporation) B15BE77A2BACF9C3177D27518AFE26A9

    C:\Windows\system32\mpssvc.dll
    [2009-07-13 18:53] - [2009-07-13 20:15] - 0565760 ____A (Microsoft Corporation) 5CD996CECF45CBC3E8D109C86B82D69E

    C:\Windows\system32\bfe.dll
    [2009-07-13 18:54] - [2009-07-13 20:14] - 0493568 ____A (Microsoft Corporation) 85AC71C045CEB054ED48A7841AAE0C11

    C:\Windows\system32\Drivers\mpsdrv.sys => MD5 is legit
    C:\Windows\system32\SDRSVC.dll
    [2009-07-13 18:23] - [2009-07-13 20:16] - 0125952 ____A (Microsoft Corporation) 5FD90ABDBFAEE85986802622CBB03446

    C:\Windows\system32\vssvc.exe
    [2009-07-13 18:24] - [2009-07-13 20:14] - 1025536 ____A (Microsoft Corporation) 7EA2BCD94D9CFAF4C556F5CC94532A6C

    C:\Windows\system32\wscsvc.dll
    [2011-02-09 22:05] - [2010-12-21 00:38] - 0073728 ____A (Microsoft Corporation) A661A76333057B383A06E65F0073222F

    C:\Windows\system32\wbem\WMIsvc.dll => MD5 is legit
    C:\Windows\system32\wuaueng.dll
    [2009-07-13 19:15] - [2009-07-13 20:16] - 1912832 ____A (Microsoft Corporation) A33408CC036F9C08142B11BE5E93F0A1

    C:\Windows\system32\qmgr.dll
    [2009-07-13 18:30] - [2009-07-13 20:16] - 0589312 ____A (Microsoft Corporation) 53F476476F55A27F580661BDE09C4EC4

    C:\Windows\system32\es.dll => MD5 is legit
    C:\Windows\system32\cryptsvc.dll
    [2009-07-13 18:33] - [2009-07-13 20:15] - 0135680 ____A (Microsoft Corporation) 9C231178CE4FB385F4B54B0A9080B8A4

    C:\Windows\system32\svchost.exe => MD5 is legit
    C:\Windows\system32\rpcss.dll => MD5 is legit


    **** End of log ****
     
  18. byokley

    byokley TS Rookie Topic Starter

    ESET:

    C:\Qoobox\Quarantine\C\ProgramData\odFpWeGCGDBNMy.exe.vir a variant of Win32/Kryptik.ZVF trojan cleaned by deleting - quarantined
    C:\Qoobox\Quarantine\C\ProgramData\V3v12Zn5SU75vD.exe.vir a variant of Win32/Kryptik.ZVF trojan cleaned by deleting - quarantined


    The Computer is GREAT! No problems or issues AND I think that it is even a little faster than before!
     
  19. Broni

    Broni Malware Annihilator Posts: 47,048   +256

    Your computer is clean [​IMG]

    1. We need to reset system restore to prevent your computer from being accidentally reinfected by using some old restore point(s). We'll create fresh, clean restore point, using following OTL script:

    Run OTL

    • Under the Custom Scans/Fixes box at the bottom, paste in the following:

    Code:
    :OTL
    :Commands
    [purity]
    [emptytemp]
    [EMPTYFLASH]
    [emptyjava]
    [CLEARALLRESTOREPOINTS]
    [Reboot]
    • Then click the Run Fix button at the top
    • Let the program run unhindered, reboot the PC when it is done
    • Post resulting log.

    2. Now, we'll remove all tools, we used during our cleaning process

    Clean up with OTL:

    • Double-click OTL.exe to start the program.
    • Close all other programs apart from OTL as this step will require a reboot
    • On the OTL main screen, press the CLEANUP button
    • Say Yes to the prompt and then allow the program to reboot your computer.

    If you still have any tools or logs leftover on your computer you can go ahead and delete those off of your computer now.

    3. Make sure, Windows Updates are current (including Service Pack 1 installation and upgrading Internet Explorer to version 9!!!)

    4. If any Trojan was listed among your infection(s), make sure, you change all of your on-line important passwords (bank account(s), secured web sites, etc.) immediately!

    5. Download, and install WOT (Web OF Trust): http://www.mywot.com/. It'll warn you (in most cases) about dangerous web sites.

    6. Run Malwarebytes "Quick scan" once in a while to assure safety of your computer.

    7. Run Temporary File Cleaner (TFC) weekly.

    8. Download and install Secunia Personal Software Inspector (PSI): http://secunia.com/vulnerability_scanning/personal/. The Secunia PSI is a FREE security tool designed to detect vulnerable and out-dated programs and plug-ins which expose your PC to attacks. Run it weekly.

    9. (optional) If you want to keep all your programs up to date, download and install FileHippo Update Checker.
    The Update Checker will scan your computer for installed software, check the versions and then send this information to FileHippo.com to see if there are any newer releases.

    10. (Windows XP only) Run defrag at your convenience.

    11. When installing\updating ANY program, make sure you always select "Custom " installation, so you can UN-check any possible "drive-by-install" (foistware), like toolbars etc., which may try to install along with the legitimate program. Do NOT click "Next" button without looking at any given page.

    12. Read How did I get infected?, With steps so it does not happen again!: http://www.bleepingcomputer.com/forums/topic2520.html

    13. Please, let me know, how your computer is doing.
     
  20. byokley

    byokley TS Rookie Topic Starter

    Broni - Thank you! My computer is even faster than it was before. Really appreciate it!
     
  21. Broni

    Broni Malware Annihilator Posts: 47,048   +256

    Yes!! [​IMG]
    Good luck and stay safe :)
     


Add New Comment

TechSpot Members
Login or sign up for free,
it takes about 30 seconds.
You may also...


Get complete access to the TechSpot community. Join thousands of technology enthusiasts that contribute and share knowledge in our forum. Get a private inbox, upload your own photo gallery and more.