TechSpot

Help finishing up malware removal - Security Shield

By Deb Jones
Aug 23, 2012
  1. Hi - I have a XP Pro SP3 machine that was infected with Security Shield. It has Avira Free Anti-virus and Malwarebytes (with current database files) installed. After infection, I booted into Safe Mode and ran Malwarebytes which seemed to remove the malware. I also turned off System Restore and deleted all previous restore points, because some were shown as having been infected. Then, in regular mode I ran 'unhide.exe' to unhide all the icons and programs; I flushed my DNS cache to resolve redirected web & reapplied permissions to the user affected. The only thing that remained seemingly in my way was that Avira, Windows Update etc wouldn't restart their monitoring. I installed MS Sec Essent. and the scanned turned up nothing, but wouldn't enable auto protection, so more red flags that all was not clean. I also noticed slow login times with this user but not Admin account or in Safe Mode. Used MSCONFIG to do a clean boot and Malwarebytes found 'Disabled.Cryptsvc' upon scan. So, obviously this thing isn't finished yet. Can you provide me with assistance to finally put this thing under?! :) Thanks in advance for your assistance.
     
  2. Broni

    Broni Malware Annihilator Posts: 52,898   +344

    Welcome aboard [​IMG]

    Please, complete all steps listed here: http://www.techspot.com/vb/topic58138.html
    Make sure, you PASTE all logs. If some log exceeds 50,000 characters post limit, split it between couple of replies.
    Attached logs won't be reviewed.

    Please, observe following rules:
    • Read all of my instructions very carefully. Your mistakes during cleaning process may have very serious consequences, like unbootable computer.
    • If you're stuck, or you're not sure about certain step, always ask before doing anything else.
    • Please refrain from running any tools, fixes or applying any changes to your computer other than those I suggest.
    • Never run more than one scan at a time.
    • Keep updating me regarding your computer behavior, good, or bad.
    • The cleaning process, once started, has to be completed. Even if your computer appears to act better, it may still be infected. Once the computer is totally clean, I'll certainly let you know.
    • If you leave the topic without explanation in the middle of a cleaning process, you may not be eligible to receive any more help in malware removal forum.
    • I close my topics if you have not replied in 5 days. If you need more time, simply let me know. If I closed your topic and you need it to be reopened, simply PM me.
     
  3. Deb Jones

    Deb Jones TS Rookie Topic Starter

    Hi. Thanks again for the assist. For #1, as mentioned previously, the system uses Avira Free Antivir. It is up-to-date but won't run realtime protection.

    For #2-5, Here are the logs:

    Malwarebytes ----------

    Malwarebytes Anti-Malware 1.62.0.1300
    www.malwarebytes.org

    Database version: v2012.08.23.02

    Windows XP Service Pack 3 x86 NTFS
    Internet Explorer 8.0.6001.18702
    user1 :: PAYSON1 [administrator]

    8/23/2012 7:20:33 PM
    mbam-log-2012-08-23 (19-20-33).txt

    Scan type: Full scan (C:\|)
    Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
    Scan options disabled: P2P
    Objects scanned: 289211
    Time elapsed: 23 minute(s),

    Memory Processes Detected: 0
    (No malicious items detected)

    Memory Modules Detected: 0
    (No malicious items detected)

    Registry Keys Detected: 0
    (No malicious items detected)

    Registry Values Detected: 0
    (No malicious items detected)

    Registry Data Items Detected: 0
    (No malicious items detected)

    Folders Detected: 0
    (No malicious items detected)

    Files Detected: 0
    (No malicious items detected)

    (end)
    -----------------------------------------------------------------------------------
    GMER ------------
    GMER 1.0.15.15641 - http://www.gmer.net
    Rootkit scan 2012-08-23 19:19:45
    Windows 5.1.2600 Service Pack 3
    Running: 5l12bmuy.exe; Driver: C:\DOCUME~1\user1\LOCALS~1\Temp\uxtdapoc.sys
    ---- Services - GMER 1.0.15 ----
    Service C:\WINDOWS\System32\Drivers\c4166fec1e7746a1.sys (*** hidden *** ) [BOOT] c4166fec1e7746a1 <-- ROOTKIT !!!
    ---- EOF - GMER 1.0.15 ----
    ------------------------------------------------------------------------------------
    .
    DDS (Ver_2011-08-26.01) - NTFSx86
    Internet Explorer: 8.0.6001.18702
    Run by user1 at 19:45:35 on 2012-08-23
    Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.3037.2428 [GMT -7:00]
    .
    AV: Avira Desktop *Enabled/Updated* {AD166499-45F9-482A-A743-FDD3350758C7}
    AV: Microsoft Security Essentials *Disabled/Updated* {EDB4FA23-53B8-4AFA-8C5D-99752CCA7095}
    .
    ============== Running Processes ===============
    .
    C:\WINDOWS\system32\svchost -k DcomLaunch
    svchost.exe
    c:\Program Files\Microsoft Security Client\MsMpEng.exe
    C:\WINDOWS\System32\svchost.exe -k netsvcs
    svchost.exe
    svchost.exe
    C:\WINDOWS\system32\spoolsv.exe
    svchost.exe
    C:\Program Files\Common Files\Intuit\Update Service\IntuitUpdateService.exe
    C:\Program Files\Common Files\Intuit\Update Service v4\IntuitUpdateService.exe
    C:\WINDOWS\Explorer.EXE
    C:\Program Files\Java\jre6\bin\jqs.exe
    C:\WINDOWS\System32\svchost.exe -k HPZ12
    C:\WINDOWS\System32\svchost.exe -k HPZ12
    C:\Program Files\Common Files\Intuit\QuickBooks\QBCFMonitorService.exe
    C:\WINDOWS\system32\svchost.exe -k imgsvc
    C:\Program Files\TeamViewer\Version7\TeamViewer_Service.exe
    C:\WINDOWS\PCHealth\HelpCtr\Binaries\MSConfig.exe
    C:\Program Files\TeamViewer\Version7\TeamViewer.exe
    C:\Program Files\TeamViewer\Version7\tv_w32.exe
    C:\WINDOWS\system32\wscntfy.exe
    C:\WINDOWS\system32\dwwin.exe
    C:\Documents and Settings\user1\Application Data\U3\25846107FC518779\LaunchPad.exe
    C:\WINDOWS\system32\ctfmon.exe
    C:\WINDOWS\system32\igfxsrvc.exe
    .
    ============== Pseudo HJT Report ===============
    .
    uStart Page = hxxp://www.google.com/
    uSearch Page = hxxp://www.live.com
    BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll
    BHO: {5C255C8A-E604-49b4-9D64-90988571CECB} - No File
    BHO: Windows Live Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - c:\program files\common files\microsoft shared\windows live\WindowsLiveLogin.dll
    BHO: Adobe PDF Conversion Toolbar Helper: {ae7cd045-e861-484f-8273-0445ee161910} - c:\program files\common files\adobe\acrobat\activex\AcroIEFavClient.dll
    BHO: Java(tm) Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
    BHO: JQSIEStartDetectorImpl Class: {e7e6f031-17ce-4c07-bc86-eabfe594f69c} - c:\program files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
    BHO: SmartSelect Class: {f4971ee7-daa0-4053-9964-665d8ee6a077} - c:\program files\common files\adobe\acrobat\activex\AcroIEFavClient.dll
    TB: Adobe PDF: {47833539-d0c5-4125-9fa8-0819e2eaac93} - c:\program files\common files\adobe\acrobat\activex\AcroIEFavClient.dll
    TB: {21FA44EF-376D-4D53-9B0F-8A89D3229068} - No File
    uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe
    mRun: [MSConfig] c:\windows\pchealth\helpctr\binaries\MSConfig.exe /auto
    mRun: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
    IE: Append Link Target to Existing PDF - c:\program files\common files\adobe\acrobat\activex\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
    IE: Append to Existing PDF - c:\program files\common files\adobe\acrobat\activex\AcroIEFavClient.dll/AcroIEAppend.html
    IE: Convert Link Target to Adobe PDF - c:\program files\common files\adobe\acrobat\activex\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
    IE: Convert to Adobe PDF - c:\program files\common files\adobe\acrobat\activex\AcroIEFavClient.dll/AcroIECapture.html
    IE: E&xport to Microsoft Excel - c:\progra~1\micros~3\office12\EXCEL.EXE/3000
    IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
    IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
    IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - c:\program files\windows live\writer\WriterBrowserExtension.dll
    IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - c:\progra~1\micros~3\office12\ONBttnIE.dll
    IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~3\office12\REFIEBAR.DLL
    LSP: mswsock.dll
    Trusted Zone: intuit.com\ttlc
    DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} - hxxp://www.update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1345695779000
    DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} - hxxp://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1251171744421
    DPF: {73ECB3AA-4717-450C-A2AB-D00DAD9EE203} - hxxp://h20270.www2.hp.com/ediags/gmn2/install/HPProductDetection2.cab
    DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_13-windows-i586.cab
    DPF: {CAFEEFAC-0016-0000-0013-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_13-windows-i586.cab
    DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_13-windows-i586.cab
    TCP: DhcpNameServer = 68.105.28.12 68.105.29.12 68.105.28.11
    TCP: Interfaces\{39361717-DC82-41B4-9CCD-E17B4928A67F} : DhcpNameServer = 68.105.28.12 68.105.29.12 68.105.28.11
    Handler: intu-help-qb1 - {9B0F96C7-2E4B-433e-ABF3-043BA1B54AE3} - c:\program files\intuit\quickbooks 2008\HelpAsyncPluggableProtocol.dll
    Handler: qbwc - {FC598A64-626C-4447-85B8-53150405FD57} - c:\windows\system32\mscoree.dll
    Notify: igfxcui - igfxdev.dll
    .
    ============= SERVICES / DRIVERS ===============
    .
    R1 avkmgr;avkmgr;c:\windows\system32\drivers\avkmgr.sys [2012-8-22 36000]
    R2 IntuitUpdateServiceV4;Intuit Update Service v4;c:\program files\common files\intuit\update service v4\IntuitUpdateService.exe [2011-8-25 13672]
    R2 TeamViewer7;TeamViewer 7;c:\program files\teamviewer\version7\TeamViewer_Service.exe [2012-7-16 2673064]
    S0 MpFilter;Microsoft Malware Protection Driver;c:\windows\system32\drivers\MpFilter.sys [2012-3-20 171064]
    S2 avgntflt;avgntflt;c:\windows\system32\drivers\avgntflt.sys [2012-6-25 83392]
    S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\microsoft.net\framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
    S3 mbamchameleon;mbamchameleon;c:\windows\system32\drivers\mbamchameleon.sys [2012-8-20 35144]
    S3 MBAMSwissArmy;MBAMSwissArmy;c:\windows\system32\drivers\mbamswissarmy.sys [2012-8-20 40776]
    S3 rt2870;Ralink 802.11n USB Wireless LAN Card Driver;c:\windows\system32\drivers\rt2870.sys --> c:\windows\system32\drivers\rt2870.sys [?]
    S3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;c:\windows\microsoft.net\framework\v4.0.30319\wpf\WPFFontCache_v0400.exe [2010-3-18 753504]
    S4 AntiVirSchedulerService;Avira Scheduler;c:\program files\avira\antivir desktop\sched.exe [2012-6-25 86224]
    S4 AntiVirService;Avira Realtime Protection;c:\program files\avira\antivir desktop\avguard.exe [2012-6-25 110032]
    .
    =============== Created Last 30 ================
    .
    2012-08-23 03:47:137023536----a-w-c:\documents and settings\all users\application data\microsoft\microsoft antimalware\definition updates\{f9250f3a-1834-48a2-9fbb-13763bb957cf}\mpengine.dll
    2012-08-23 03:47:13237072------w-c:\windows\system32\MpSigStub.exe
    2012-08-23 03:43:03--------d-----w-c:\program files\Microsoft Security Client
    2012-08-23 03:35:18273408----a-w-c:\windows\system32\spool\prtprocs\w32x86\hpcpp6de.DLL
    2012-08-23 03:35:18149504----a-w-c:\windows\system32\hpcpn6de.dll
    2012-08-23 03:32:49--------d-----w-C:\HP CLJ3600 Driver
    2012-08-23 03:00:24--------d-----w-c:\documents and settings\user1\temp
    2012-08-23 01:13:5536000----a-w-c:\windows\system32\drivers\avkmgr.sys
    2012-08-22 03:59:23711240----a-w-c:\windows\isRS-000.tmp
    2012-08-22 03:13:3435144----a-w-c:\windows\system32\drivers\48230029.sys
    2012-08-20 22:52:1070528----a-w-c:\windows\system32\drivers\c4166fec1e7746a1.sys
    2012-08-20 20:10:5840776----a-w-c:\windows\system32\drivers\mbamswissarmy.sys
    2012-08-20 19:16:0335144----a-w-c:\windows\system32\drivers\mbamchameleon.sys
    .
    ==================== Find3M ====================
    .
    2012-07-06 13:58:5178336----a-w-c:\windows\system32\browser.dll
    2012-07-04 14:05:18139784---ha-w-c:\windows\system32\drivers\rdpwd.sys
    2012-07-03 20:46:4422344----a-w-c:\windows\system32\drivers\mbam.sys
    2012-07-03 13:40:181875072---ha-w-c:\windows\system32\win32k.sys
    2012-07-02 17:49:33916992----a-w-c:\windows\system32\wininet.dll
    2012-07-02 17:49:3243520----a-w-c:\windows\system32\licmgr10.dll
    2012-07-02 17:49:321469440------w-c:\windows\system32\inetcpl.cpl
    2012-07-02 12:05:43385024----a-w-c:\windows\system32\html.iec
    2012-06-25 19:10:0070344----a-w-c:\windows\system32\FlashPlayerCPLApp.cpl
    2012-06-25 19:10:00426184----a-w-c:\windows\system32\FlashPlayerApp.exe
    2012-06-25 19:04:11376832----a-w-c:\windows\system32\AegisI5Installer.exe
    2012-06-07 03:59:421070152----a-w-c:\windows\system32\MSCOMCTL.OCX
    2012-06-05 15:50:251372672----a-w-c:\windows\system32\msxml6.dll
    2012-06-05 15:50:251172480----a-w-c:\windows\system32\msxml3.dll
    2012-06-04 04:32:08152576----a-w-c:\windows\system32\schannel.dll
    2012-06-02 22:19:4422040----a-w-c:\windows\system32\wucltui.dll.mui
    2012-06-02 22:19:38219160----a-w-c:\windows\system32\wuaucpl.cpl
    2012-06-02 22:19:3815384----a-w-c:\windows\system32\wuaucpl.cpl.mui
    2012-06-02 22:19:3415384----a-w-c:\windows\system32\wuapi.dll.mui
    2012-06-02 22:19:3017944----a-w-c:\windows\system32\wuaueng.dll.mui
    2012-06-02 22:18:58275696----a-w-c:\windows\system32\mucltui.dll
    2012-06-02 22:18:58214256----a-w-c:\windows\system32\muweb.dll
    2012-06-02 22:18:5817136----a-w-c:\windows\system32\mucltui.dll.mui
    2012-05-31 13:22:09599040----a-w-c:\windows\system32\crypt32.dll
    .
    ============= FINISH: 19:51:31.53 ===============
     

    Attached Files:

  4. Broni

    Broni Malware Annihilator Posts: 52,898   +344

    Please observe forum rules.
    All logs have to be pasted not attached.
    After pasting Attach.txt log....

    Please download Rkill (courtesy of BleepingComputer.com) to your desktop.
    There are 2 different versions. If one of them won't run then download and try to run the other one.
    You only need to get one of these to run, not all of them. You may get warnings from your antivirus about this tool, ignore them or shutdown your antivirus.

    rKill.exe: http://www.bleepingcomputer.com/download/rkill/dl/10/
    iExplore.exe (renamed rKill.exe): http://www.bleepingcomputer.com/download/rkill/dl/11/

    • Double-click on the Rkill desktop icon to run the tool.
    • If using Vista or Windows 7 right-click on it and choose Run As Administrator.
    • A black DOS box will briefly flash and then disappear. This is normal and indicates the tool ran successfully.
    • If not, delete the file, then download and use the one provided in Link 2.
    • Do not reboot until instructed.
    • If the tool does not run from any of the links provided, please let me know.

    If normal mode still doesn't work, run the tool from safe mode.

    When the scan is done Notepad will open with rKill log.
    Post it in your next reply.

    NOTE. rKill.txt log will also be present on your desktop.

    =====================================

    Download aswMBR to your desktop.
    Double click the aswMBR.exe to run it.
    If you see this question: Would you like to download latest Avast! virus definitions?" say "Yes".
    Click the "Scan" button to start scan.
    On completion of the scan click "Save log", save it to your desktop and post in your next reply.

    NOTE. aswMBR will create MBR.dat file on your desktop. This is a copy of your MBR. Do NOT delete it.
     
  5. Deb Jones

    Deb Jones TS Rookie Topic Starter

    Apologies. The message at the end of DDS says *not* to paste but to attach, as well as stating the same at the beginning of the log itself. Conflicting instructions. Here is attach....

    .
    UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
    IF REQUESTED, ZIP IT UP & ATTACH IT
    .
    DDS (Ver_2011-08-26.01)
    .
    Microsoft Windows XP Professional
    Boot Device: \Device\HarddiskVolume2
    Install Date: 8/23/2009 1:18:29 PM
    System Uptime: 8/23/2012 7:14:52 PM (0 hours ago)
    .
    Motherboard: Dell Inc. | | 0U880P
    Processor: Pentium(R) Dual-Core CPU E5200 @ 2.50GHz | CPU 1 | 2493/200mhz
    .
    ==== Disk Partitions =========================
    .
    C: is FIXED (NTFS) - 456 GiB total, 430.204 GiB free.
    D: is CDROM ()
    E: is CDROM (CDFS)
    F: is Removable
    .
    ==== Disabled Device Manager Items =============
    .
    Class GUID: {4D36E96C-E325-11CE-BFC1-08002BE10318}
    Description: Microsoft Kernel Wave Audio Mixer
    Device ID: SW\{B7EAFDC0-A680-11D0-96D8-00AA0051E51D}\{9B365890-165F-11D0-A195-0020AFD156E4}
    Manufacturer: Microsoft
    Name: Microsoft Kernel Wave Audio Mixer
    PNP Device ID: SW\{B7EAFDC0-A680-11D0-96D8-00AA0051E51D}\{9B365890-165F-11D0-A195-0020AFD156E4}
    Service: kmixer
    .
    ==== System Restore Points ===================
    .
    No restore point in system.
    .
    ==== Installed Programs ======================
    .
    .
    32 Bit HP CIO Components Installer
    Acrobat.com
    Adobe Acrobat 9 Standard
    Adobe Acrobat 9.5.0 - CPSID_83708
    Adobe AIR
    Adobe Flash Player 11 ActiveX
    Adobe Reader 9.1.3
    Avira Free Antivirus
    Banctec Service Agreement
    Canon MF Toolbox 4.9.1.1.mf12
    Canon MF4200 Series
    CardMinder V2.0
    Choice Guard
    Compatibility Pack for the 2007 Office system
    Dell System Restore
    DriverTuner 3.1.0.0
    Hotfix for Microsoft .NET Framework 3.5 SP1 (KB953595)
    Hotfix for Microsoft .NET Framework 3.5 SP1 (KB958484)
    Hotfix for Windows XP (KB2158563)
    Hotfix for Windows XP (KB2443685)
    Hotfix for Windows XP (KB2570791)
    Hotfix for Windows XP (KB2633952)
    Hotfix for Windows XP (KB915800-v4)
    Hotfix for Windows XP (KB952287)
    Hotfix for Windows XP (KB953955)
    Hotfix for Windows XP (KB954434)
    Hotfix for Windows XP (KB954550-v5)
    Hotfix for Windows XP (KB954708)
    Hotfix for Windows XP (KB958347)
    Hotfix for Windows XP (KB959252)
    Hotfix for Windows XP (KB961118)
    Hotfix for Windows XP (KB970653-v3)
    Hotfix for Windows XP (KB976098-v2)
    Hotfix for Windows XP (KB979306)
    Hotfix for Windows XP (KB981793)
    HP Product Detection
    Intel(R) Graphics Media Accelerator Driver
    iSEEK AnswerWorks English Runtime
    Java(TM) 6 Update 13
    Junk Mail filter update
    Malwarebytes Anti-Malware version 1.60.1.1000
    Microsoft .NET Framework 1.1
    Microsoft .NET Framework 1.1 Security Update (KB2656353)
    Microsoft .NET Framework 1.1 Security Update (KB2656370)
    Microsoft .NET Framework 1.1 Security Update (KB979906)
    Microsoft .NET Framework 2.0 Service Pack 2
    Microsoft .NET Framework 3.0 Service Pack 2
    Microsoft .NET Framework 3.5 SP1
    Microsoft .NET Framework 4 Client Profile
    Microsoft Application Error Reporting
    Microsoft Office 2007 Service Pack 3 (SP3)
    Microsoft Office Excel MUI (English) 2007
    Microsoft Office File Validation Add-In
    Microsoft Office Home and Student 2007
    Microsoft Office OneNote MUI (English) 2007
    Microsoft Office Outlook 2007
    Microsoft Office Outlook MUI (English) 2007
    Microsoft Office PowerPoint MUI (English) 2007
    Microsoft Office PowerPoint Viewer 2007 (English)
    Microsoft Office Proof (English) 2007
    Microsoft Office Proof (French) 2007
    Microsoft Office Proof (Spanish) 2007
    Microsoft Office Proofing (English) 2007
    Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
    Microsoft Office Shared MUI (English) 2007
    Microsoft Office Shared Setup Metadata MUI (English) 2007
    Microsoft Office Word MUI (English) 2007
    Microsoft Security Client
    Microsoft Security Essentials
    Microsoft Silverlight
    Microsoft Software Update for Web Folders (English) 12
    Microsoft SQL Server 2005 Compact Edition [ENU]
    Microsoft Sync Framework Runtime Native v1.0 (x86)
    Microsoft Sync Framework Services Native v1.0 (x86)
    Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219
    MSVCRT
    MSXML 4.0 SP2 (KB954430)
    MSXML 4.0 SP2 (KB973688)
    MSXML 4.0 SP2 Parser and SDK
    MSXML 6.0 Parser (KB927977)
    OGA Notifier 2.0.0048.0
    PDF Thumbnail View
    PowerDVD
    QuickBooks Pro 2008
    Realtek High Definition Audio Driver
    Roxio Creator Audio
    Roxio Creator Copy
    Roxio Creator Data
    Roxio Creator DE
    Roxio Creator Tools
    Roxio Express Labeler 3
    Roxio Update Manager
    Security Update for Microsoft .NET Framework 3.5 SP1 (KB2604111)
    Security Update for Microsoft .NET Framework 3.5 SP1 (KB2657424)
    Security Update for Microsoft .NET Framework 4 Client Profile (KB2518870)
    Security Update for Microsoft .NET Framework 4 Client Profile (KB2539636)
    Security Update for Microsoft .NET Framework 4 Client Profile (KB2572078)
    Security Update for Microsoft .NET Framework 4 Client Profile (KB2604121)
    Security Update for Microsoft .NET Framework 4 Client Profile (KB2633870)
    Security Update for Microsoft .NET Framework 4 Client Profile (KB2656351)
    Security Update for Microsoft .NET Framework 4 Client Profile (KB2656368)
    Security Update for Microsoft .NET Framework 4 Client Profile (KB2656368v2)
    Security Update for Microsoft .NET Framework 4 Client Profile (KB2656405)
    Security Update for Microsoft .NET Framework 4 Client Profile (KB2686827)
    Security Update for Microsoft Office 2007 suites (KB2596615) 32-Bit Edition
    Security Update for Microsoft Office 2007 suites (KB2596672) 32-Bit Edition
    Security Update for Microsoft Office 2007 suites (KB2596744) 32-Bit Edition
    Security Update for Microsoft Office 2007 suites (KB2596754) 32-Bit Edition
    Security Update for Microsoft Office 2007 suites (KB2596785) 32-Bit Edition
    Security Update for Microsoft Office 2007 suites (KB2596792) 32-Bit Edition
    Security Update for Microsoft Office 2007 suites (KB2596856) 32-Bit Edition
    Security Update for Microsoft Office 2007 suites (KB2596871) 32-Bit Edition
    Security Update for Microsoft Office 2007 suites (KB2596880) 32-Bit Edition
    Security Update for Microsoft Office 2007 suites (KB2597162) 32-Bit Edition
    Security Update for Microsoft Office 2007 suites (KB2597969) 32-Bit Edition
    Security Update for Microsoft Office 2007 suites (KB2687441) 32-Bit Edition
    Security Update for Microsoft Office Excel 2007 (KB2597161) 32-Bit Edition
    Security Update for Microsoft Office InfoPath 2007 (KB2596786) 32-Bit Edition
    Security Update for Microsoft Office PowerPoint 2007 (KB2596764) 32-Bit Edition
    Security Update for Microsoft Office PowerPoint 2007 (KB2596912) 32-Bit Edition
    Security Update for Microsoft Office Word 2007 (KB2596917) 32-Bit Edition
    Security Update for Microsoft Windows (KB2564958)
    Security Update for Windows Internet Explorer 8 (KB2183461)
    Security Update for Windows Internet Explorer 8 (KB2360131)
    Security Update for Windows Internet Explorer 8 (KB2416400)
    Security Update for Windows Internet Explorer 8 (KB2482017)
    Security Update for Windows Internet Explorer 8 (KB2497640)
    Security Update for Windows Internet Explorer 8 (KB2510531)
    Security Update for Windows Internet Explorer 8 (KB2530548)
    Security Update for Windows Internet Explorer 8 (KB2544521)
    Security Update for Windows Internet Explorer 8 (KB2559049)
    Security Update for Windows Internet Explorer 8 (KB2586448)
    Security Update for Windows Internet Explorer 8 (KB2618444)
    Security Update for Windows Internet Explorer 8 (KB2647516)
    Security Update for Windows Internet Explorer 8 (KB2675157)
    Security Update for Windows Internet Explorer 8 (KB2699988)
    Security Update for Windows Internet Explorer 8 (KB2722913)
    Security Update for Windows Internet Explorer 8 (KB971961)
    Security Update for Windows Internet Explorer 8 (KB972260)
    Security Update for Windows Internet Explorer 8 (KB974455)
    Security Update for Windows Internet Explorer 8 (KB976325)
    Security Update for Windows Internet Explorer 8 (KB978207)
    Security Update for Windows Internet Explorer 8 (KB981332)
    Security Update for Windows Internet Explorer 8 (KB982381)
    Security Update for Windows Media Player (KB2378111)
    Security Update for Windows Media Player (KB952069)
    Security Update for Windows Media Player (KB954155)
    Security Update for Windows Media Player (KB968816)
    Security Update for Windows Media Player (KB973540)
    Security Update for Windows Media Player (KB975558)
    Security Update for Windows Media Player (KB978695)
    Security Update for Windows Media Player (KB979402)
    Security Update for Windows Search 4 - KB963093
    Security Update for Windows XP (KB2079403)
    Security Update for Windows XP (KB2115168)
    Security Update for Windows XP (KB2121546)
    Security Update for Windows XP (KB2160329)
    Security Update for Windows XP (KB2229593)
    Security Update for Windows XP (KB2259922)
    Security Update for Windows XP (KB2279986)
    Security Update for Windows XP (KB2286198)
    Security Update for Windows XP (KB2296011)
    Security Update for Windows XP (KB2296199)
    Security Update for Windows XP (KB2347290)
    Security Update for Windows XP (KB2360937)
    Security Update for Windows XP (KB2387149)
    Security Update for Windows XP (KB2393802)
    Security Update for Windows XP (KB2412687)
    Security Update for Windows XP (KB2419632)
    Security Update for Windows XP (KB2423089)
    Security Update for Windows XP (KB2436673)
    Security Update for Windows XP (KB2440591)
    Security Update for Windows XP (KB2443105)
    Security Update for Windows XP (KB2476490)
    Security Update for Windows XP (KB2476687)
    Security Update for Windows XP (KB2478960)
    Security Update for Windows XP (KB2478971)
    Security Update for Windows XP (KB2479628)
    Security Update for Windows XP (KB2479943)
    Security Update for Windows XP (KB2481109)
    Security Update for Windows XP (KB2483185)
    Security Update for Windows XP (KB2485376)
    Security Update for Windows XP (KB2485663)
    Security Update for Windows XP (KB2491683)
    Security Update for Windows XP (KB2503658)
    Security Update for Windows XP (KB2503665)
    Security Update for Windows XP (KB2506212)
    Security Update for Windows XP (KB2506223)
    Security Update for Windows XP (KB2507618)
    Security Update for Windows XP (KB2507938)
    Security Update for Windows XP (KB2508272)
    Security Update for Windows XP (KB2508429)
    Security Update for Windows XP (KB2509553)
    Security Update for Windows XP (KB2511455)
    Security Update for Windows XP (KB2524375)
    Security Update for Windows XP (KB2535512)
    Security Update for Windows XP (KB2536276-v2)
    Security Update for Windows XP (KB2536276)
    Security Update for Windows XP (KB2544893-v2)
    Security Update for Windows XP (KB2544893)
    Security Update for Windows XP (KB2555917)
    Security Update for Windows XP (KB2562937)
    Security Update for Windows XP (KB2566454)
    Security Update for Windows XP (KB2567053)
    Security Update for Windows XP (KB2567680)
    Security Update for Windows XP (KB2570222)
    Security Update for Windows XP (KB2570947)
    Security Update for Windows XP (KB2584146)
    Security Update for Windows XP (KB2585542)
    Security Update for Windows XP (KB2592799)
    Security Update for Windows XP (KB2598479)
    Security Update for Windows XP (KB2603381)
    Security Update for Windows XP (KB2618451)
    Security Update for Windows XP (KB2619339)
    Security Update for Windows XP (KB2620712)
    Security Update for Windows XP (KB2621440)
    Security Update for Windows XP (KB2624667)
    Security Update for Windows XP (KB2631813)
    Security Update for Windows XP (KB2633171)
    Security Update for Windows XP (KB2639417)
    Security Update for Windows XP (KB2641653)
    Security Update for Windows XP (KB2646524)
    Security Update for Windows XP (KB2647518)
    Security Update for Windows XP (KB2653956)
    Security Update for Windows XP (KB2655992)
    Security Update for Windows XP (KB2659262)
    Security Update for Windows XP (KB2660465)
    Security Update for Windows XP (KB2661637)
    Security Update for Windows XP (KB2676562)
    Security Update for Windows XP (KB2685939)
    Security Update for Windows XP (KB2686509)
    Security Update for Windows XP (KB2691442)
    Security Update for Windows XP (KB2695962)
    Security Update for Windows XP (KB2698365)
    Security Update for Windows XP (KB2705219)
    Security Update for Windows XP (KB2707511)
    Security Update for Windows XP (KB2709162)
    Security Update for Windows XP (KB2712808)
    Security Update for Windows XP (KB2718523)
    Security Update for Windows XP (KB2719985)
    Security Update for Windows XP (KB2723135)
    Security Update for Windows XP (KB2731847)
    Security Update for Windows XP (KB923561)
    Security Update for Windows XP (KB938464)
    Security Update for Windows XP (KB946648)
    Security Update for Windows XP (KB950762)
    Security Update for Windows XP (KB950974)
    Security Update for Windows XP (KB951066)
    Security Update for Windows XP (KB951376-v2)
    Security Update for Windows XP (KB951698)
    Security Update for Windows XP (KB951748)
    Security Update for Windows XP (KB952004)
    Security Update for Windows XP (KB952954)
    Security Update for Windows XP (KB954211)
    Security Update for Windows XP (KB954459)
    Security Update for Windows XP (KB954600)
    Security Update for Windows XP (KB955069)
    Security Update for Windows XP (KB956572)
    Security Update for Windows XP (KB956744)
    Security Update for Windows XP (KB956802)
    Security Update for Windows XP (KB956803)
    Security Update for Windows XP (KB956841)
    Security Update for Windows XP (KB956844)
    Security Update for Windows XP (KB957095)
    Security Update for Windows XP (KB957097)
    Security Update for Windows XP (KB958215)
    Security Update for Windows XP (KB958644)
    Security Update for Windows XP (KB958687)
    Security Update for Windows XP (KB958690)
    Security Update for Windows XP (KB958869)
    Security Update for Windows XP (KB959426)
    Security Update for Windows XP (KB960225)
    Security Update for Windows XP (KB960714)
    Security Update for Windows XP (KB960715)
    Security Update for Windows XP (KB960803)
    Security Update for Windows XP (KB960859)
    Security Update for Windows XP (KB961371-v2)
    Security Update for Windows XP (KB961373)
    Security Update for Windows XP (KB961501)
    Security Update for Windows XP (KB963027)
    Security Update for Windows XP (KB968537)
    Security Update for Windows XP (KB969059)
    Security Update for Windows XP (KB969947)
    Security Update for Windows XP (KB970238)
    Security Update for Windows XP (KB970430)
    Security Update for Windows XP (KB971468)
    Security Update for Windows XP (KB971486)
    Security Update for Windows XP (KB971557)
    Security Update for Windows XP (KB971633)
    Security Update for Windows XP (KB971657)
    Security Update for Windows XP (KB972260)
    Security Update for Windows XP (KB972270)
    Security Update for Windows XP (KB973346)
    Security Update for Windows XP (KB973354)
    Security Update for Windows XP (KB973507)
    Security Update for Windows XP (KB973525)
    Security Update for Windows XP (KB973869)
    Security Update for Windows XP (KB973904)
    Security Update for Windows XP (KB974112)
    Security Update for Windows XP (KB974318)
    Security Update for Windows XP (KB974392)
    Security Update for Windows XP (KB974571)
    Security Update for Windows XP (KB975025)
    Security Update for Windows XP (KB975467)
    Security Update for Windows XP (KB975560)
    Security Update for Windows XP (KB975561)
    Security Update for Windows XP (KB975562)
    Security Update for Windows XP (KB975713)
    Security Update for Windows XP (KB977165)
    Security Update for Windows XP (KB977816)
    Security Update for Windows XP (KB977914)
    Security Update for Windows XP (KB978037)
    Security Update for Windows XP (KB978251)
    Security Update for Windows XP (KB978262)
    Security Update for Windows XP (KB978338)
    Security Update for Windows XP (KB978542)
    Security Update for Windows XP (KB978601)
    Security Update for Windows XP (KB978706)
    Security Update for Windows XP (KB979309)
    Security Update for Windows XP (KB979482)
    Security Update for Windows XP (KB979559)
    Security Update for Windows XP (KB979683)
    Security Update for Windows XP (KB979687)
    Security Update for Windows XP (KB980195)
    Security Update for Windows XP (KB980218)
    Security Update for Windows XP (KB980232)
    Security Update for Windows XP (KB980436)
    Security Update for Windows XP (KB981322)
    Security Update for Windows XP (KB981852)
    Security Update for Windows XP (KB981957)
    Security Update for Windows XP (KB981997)
    Security Update for Windows XP (KB982132)
    Security Update for Windows XP (KB982214)
    Security Update for Windows XP (KB982665)
    Security Update for Windows XP (KB982802)
    Segoe UI
    Spelling Dictionaries Support For Adobe Reader 9
    Stamps.com
    Stamps.com Address Book Support for Microsoft Outlook 97-2010
    Stamps.com Application Support for Microsoft Outlook 2000-2010
    Stamps.com Application Support for Microsoft Word 2000-2010
    Stamps.com support for Microsoft Outlook 2000-2010
    Stamps.com support for Microsoft Outlook 97-2010
    Stamps.com support for Microsoft Word 2000-2010
    SupportSoft Assisted Service
    TeamViewer 7
    TurboTax 2009
    TurboTax 2009 waziper
    TurboTax 2009 WinPerFedFormset
    TurboTax 2009 WinPerReleaseEngine
    TurboTax 2009 WinPerTaxSupport
    TurboTax 2009 wrapper
    TurboTax 2009 wutiper
    TurboTax 2010
    TurboTax 2010 waziper
    TurboTax 2010 WinPerFedFormset
    TurboTax 2010 WinPerReleaseEngine
    TurboTax 2010 WinPerTaxSupport
    TurboTax 2010 wrapper
    TurboTax 2010 wutiper
    TurboTax 2011
    TurboTax 2011 waziper
    TurboTax 2011 WinPerFedFormset
    TurboTax 2011 WinPerReleaseEngine
    TurboTax 2011 WinPerTaxSupport
    TurboTax 2011 wrapper
    Update for 2007 Microsoft Office System (KB967642)
    Update for Microsoft .NET Framework 3.5 SP1 (KB963707)
    Update for Microsoft Office Outlook 2007 (KB2596598) 32-Bit Edition
    Update for Microsoft Office Outlook 2007 Junk Email Filter (KB2687400) 32-Bit Edition
    Update for Windows Internet Explorer 8 (KB972636)
    Update for Windows Internet Explorer 8 (KB976662)
    Update for Windows Internet Explorer 8 (KB976749)
    Update for Windows Internet Explorer 8 (KB980182)
    Update for Windows XP (KB2141007)
    Update for Windows XP (KB2345886)
    Update for Windows XP (KB2467659)
    Update for Windows XP (KB2541763)
    Update for Windows XP (KB2607712)
    Update for Windows XP (KB2616676)
    Update for Windows XP (KB2641690)
    Update for Windows XP (KB2718704)
    Update for Windows XP (KB898461)
    Update for Windows XP (KB951618-v2)
    Update for Windows XP (KB951978)
    Update for Windows XP (KB955759)
    Update for Windows XP (KB955839)
    Update for Windows XP (KB967715)
    Update for Windows XP (KB968389)
    Update for Windows XP (KB971029)
    Update for Windows XP (KB971737)
    Update for Windows XP (KB973687)
    Update for Windows XP (KB973815)
    WebFldrs XP
    Windows Genuine Advantage Notifications (KB905474)
    Windows Genuine Advantage Validation Tool (KB892130)
    Windows Internet Explorer 8
    Windows Live Call
    Windows Live Communications Platform
    Windows Live Essentials
    Windows Live Mail
    Windows Live Messenger
    Windows Live Photo Gallery
    Windows Live Sign-in Assistant
    Windows Live Sync
    Windows Live Upload Tool
    Windows Live Writer
    Windows Presentation Foundation
    XML Paper Specification Shared Components Pack 1.0
    .
    ==== Event Viewer Messages From Past Week ========
    .
    8/23/2012 7:18:01 PM, error: System Error [1003] - Error code 1000007e, parameter1 c0000005, parameter2 88a8e097, parameter3 ba4f7a90, parameter4 ba4f778c.
    8/23/2012 7:16:15 PM, error: TermService [1014] - Cannot load illegal module: C:\WINDOWS\system32\Drivers\rdpwd.SYS.
    8/23/2012 7:16:15 PM, error: Service Control Manager [7001] - The SSDP Discovery Service service depends on the HTTP service which failed to start because of the following error: Access is denied.
    8/23/2012 7:16:15 PM, error: Service Control Manager [7000] - The HTTP service failed to start due to the following error: Access is denied.
    8/23/2012 7:16:08 PM, error: System Error [1003] - Error code 1000007e, parameter1 c0000005, parameter2 88b6f097, parameter3 ba4ffa90, parameter4 ba4ff78c.
    8/23/2012 7:15:37 PM, error: Microsoft Antimalware [3002] - Microsoft Antimalware Real-Time Protection feature has encountered an error and failed.Feature: On AccessError Code: 0x8007001fError description: A device attached to the system is not functioning. Reason: The filter driver was unloaded unexpectedly.
    8/23/2012 7:15:37 PM, error: Microsoft Antimalware [3002] - Microsoft Antimalware Real-Time Protection feature has encountered an error and failed.Feature: On AccessError Code: 0x8007001fError description: A device attached to the system is not functioning. Reason: The filter driver requires an up-to-date engine in order to function. You must install the latest definition updates in order to enable real-time protection.
    8/23/2012 7:15:37 PM, error: Microsoft Antimalware [3002] - Microsoft Antimalware Real-Time Protection feature has encountered an error and failed.Feature: Behavior MonitoringError Code: 0x8007001fError description: A device attached to the system is not functioning. Reason: The filter driver was unloaded unexpectedly.
    8/23/2012 7:15:37 PM, error: Microsoft Antimalware [3002] - Microsoft Antimalware Real-Time Protection feature has encountered an error and failed.Feature: Behavior MonitoringError Code: 0x8007001fError description: A device attached to the system is not functioning. Reason: The filter driver requires an up-to-date engine in order to function. You must install the latest definition updates in order to enable real-time protection.
    8/23/2012 5:30:35 PM, error: DCOM [10005] - DCOM got error "%1058" attempting to start the service EventSystem with arguments "" in order to run the server: {1BE1F766-5536-11D1-B726-00C04FB926AF}
    8/22/2012 9:41:53 PM, error: Microsoft Antimalware [3002] - Microsoft Antimalware Real-Time Protection feature has encountered an error and failed.Feature: On AccessError Code: 0x8007001fError description: A device attached to the system is not functioning. Reason: The filter driver was unloaded unexpectedly.
    8/22/2012 9:41:53 PM, error: Microsoft Antimalware [3002] - Microsoft Antimalware Real-Time Protection feature has encountered an error and failed.Feature: On AccessError Code: 0x8007001fError description: A device attached to the system is not functioning. Reason: The filter driver requires an up-to-date engine in order to function. You must install the latest definition updates in order to enable real-time protection.
    8/22/2012 9:41:53 PM, error: Microsoft Antimalware [3002] - Microsoft Antimalware Real-Time Protection feature has encountered an error and failed.Feature: Behavior MonitoringError Code: 0x8007001fError description: A device attached to the system is not functioning. Reason: The filter driver was unloaded unexpectedly.
    8/22/2012 9:41:53 PM, error: Microsoft Antimalware [3002] - Microsoft Antimalware Real-Time Protection feature has encountered an error and failed.Feature: Behavior MonitoringError Code: 0x8007001fError description: A device attached to the system is not functioning. Reason: The filter driver requires an up-to-date engine in order to function. You must install the latest definition updates in order to enable real-time protection.
    8/22/2012 9:30:34 PM, error: Microsoft Antimalware [3002] - Microsoft Antimalware Real-Time Protection feature has encountered an error and failed.Feature: On AccessError Code: 0x8007001fError description: A device attached to the system is not functioning. Reason: The filter driver was unloaded unexpectedly.
    8/22/2012 9:30:34 PM, error: Microsoft Antimalware [3002] - Microsoft Antimalware Real-Time Protection feature has encountered an error and failed.Feature: On AccessError Code: 0x8007001fError description: A device attached to the system is not functioning. Reason: The filter driver requires an up-to-date engine in order to function. You must install the latest definition updates in order to enable real-time protection.
    8/22/2012 9:30:34 PM, error: Microsoft Antimalware [3002] - Microsoft Antimalware Real-Time Protection feature has encountered an error and failed.Feature: Behavior MonitoringError Code: 0x8007001fError description: A device attached to the system is not functioning. Reason: The filter driver was unloaded unexpectedly.
    8/22/2012 9:30:34 PM, error: Microsoft Antimalware [3002] - Microsoft Antimalware Real-Time Protection feature has encountered an error and failed.Feature: Behavior MonitoringError Code: 0x8007001fError description: A device attached to the system is not functioning. Reason: The filter driver requires an up-to-date engine in order to function. You must install the latest definition updates in order to enable real-time protection.
    8/22/2012 9:27:07 PM, error: Service Control Manager [7028] - The BITS Registry key denied access to SYSTEM account programs so the Service Control Manager took ownership of the Registry key.
    8/22/2012 9:27:01 PM, error: Service Control Manager [7028] - The wuauserv Registry key denied access to SYSTEM account programs so the Service Control Manager took ownership of the Registry key.
    8/22/2012 8:53:17 PM, error: Microsoft Antimalware [3002] - Microsoft Antimalware Real-Time Protection feature has encountered an error and failed.Feature: On AccessError Code: 0x80070006Error description: The handle is invalid. Reason: The filter driver was unloaded unexpectedly.
    8/22/2012 8:53:17 PM, error: Microsoft Antimalware [3002] - Microsoft Antimalware Real-Time Protection feature has encountered an error and failed.Feature: Behavior MonitoringError Code: 0x80070006Error description: The handle is invalid. Reason: The filter driver was unloaded unexpectedly.
    8/22/2012 8:47:50 PM, error: Microsoft Antimalware [2001] - Microsoft Antimalware has encountered an error trying to update signatures.New Signature Version: Previous Signature Version: 1.133.158.0Update Source: Microsoft Malware Protection CenterUpdate Stage: InstallSource Path: http://go.microsoft.com/fwlink/?Lin...EDB4FA23-53B8-4AFA-8C5D-99752CCA7094Signature Type: AntiVirusUpdate Type: FullUser: NT AUTHORITY\NETWORK SERVICECurrent Engine Version: Previous Engine Version: 1.1.8703.0Error code: 0x8050a003Error description: This package does not contain up-to-date definition files for this program. For more information, see Help and Support.
    8/22/2012 8:47:50 PM, error: Microsoft Antimalware [2001] - Microsoft Antimalware has encountered an error trying to update signatures.New Signature Version: Previous Signature Version: 1.133.158.0Update Source: Microsoft Malware Protection CenterUpdate Stage: InstallSource Path: http://go.microsoft.com/fwlink/?Lin...EDB4FA23-53B8-4AFA-8C5D-99752CCA7094Signature Type: AntiVirusUpdate Type: FullUser: NT AUTHORITY\NETWORK SERVICECurrent Engine Version: Previous Engine Version: 1.1.8703.0Error code: 0x8050a003Error description: This package does not contain up-to-date definition files for this program. For more information, see Help and Support.
    8/22/2012 8:47:50 PM, error: Microsoft Antimalware [2001] - Microsoft Antimalware has encountered an error trying to update signatures.New Signature Version: Previous Signature Version: 1.133.158.0Update Source: Microsoft Malware Protection CenterUpdate Stage: InstallSource Path: http://go.microsoft.com/fwlink/?Lin...EDB4FA23-53B8-4AFA-8C5D-99752CCA7094Signature Type: AntiVirusUpdate Type: FullUser: NT AUTHORITY\NETWORK SERVICECurrent Engine Version: Previous Engine Version: 1.1.8703.0Error code: 0x8050a003Error description: This package does not contain up-to-date definition files for this program. For more information, see Help and Support.
    8/22/2012 8:47:50 PM, error: Microsoft Antimalware [2001] - Microsoft Antimalware has encountered an error trying to update signatures.New Signature Version: Previous Signature Version: 1.133.158.0Update Source: Microsoft Malware Protection CenterUpdate Stage: InstallSource Path: http://go.microsoft.com/fwlink/?Lin...EDB4FA23-53B8-4AFA-8C5D-99752CCA7094Signature Type: AntiSpywareUpdate Type: FullUser: NT AUTHORITY\NETWORK SERVICECurrent Engine Version: Previous Engine Version: 1.1.8703.0Error code: 0x8050a003Error description: This package does not contain up-to-date definition files for this program. For more information, see Help and Support.
    8/22/2012 8:47:50 PM, error: Microsoft Antimalware [2001] - Microsoft Antimalware has encountered an error trying to update signatures.New Signature Version: Previous Signature Version: 1.133.158.0Update Source: Microsoft Malware Protection CenterUpdate Stage: InstallSource Path: http://go.microsoft.com/fwlink/?Lin...EDB4FA23-53B8-4AFA-8C5D-99752CCA7094Signature Type: AntiSpywareUpdate Type: FullUser: NT AUTHORITY\NETWORK SERVICECurrent Engine Version: Previous Engine Version: 1.1.8703.0Error code: 0x8050a003Error description: This package does not contain up-to-date definition files for this program. For more information, see Help and Support.
    8/22/2012 8:47:17 PM, error: Microsoft Antimalware [3002] - Microsoft Antimalware Real-Time Protection feature has encountered an error and failed.Feature: On AccessError Code: 0x8007001fError description: A device attached to the system is not functioning. Reason: The filter driver was unloaded unexpectedly.
    8/22/2012 8:47:17 PM, error: Microsoft Antimalware [3002] - Microsoft Antimalware Real-Time Protection feature has encountered an error and failed.Feature: On AccessError Code: 0x8007001fError description: A device attached to the system is not functioning. Reason: The filter driver requires an up-to-date engine in order to function. You must install the latest definition updates in order to enable real-time protection.
    8/22/2012 8:47:17 PM, error: Microsoft Antimalware [3002] - Microsoft Antimalware Real-Time Protection feature has encountered an error and failed.Feature: Behavior MonitoringError Code: 0x8007001fError description: A device attached to the system is not functioning. Reason: The filter driver was unloaded unexpectedly.
    8/22/2012 8:47:17 PM, error: Microsoft Antimalware [3002] - Microsoft Antimalware Real-Time Protection feature has encountered an error and failed.Feature: Behavior MonitoringError Code: 0x8007001fError description: A device attached to the system is not functioning. Reason: The filter driver requires an up-to-date engine in order to function. You must install the latest definition updates in order to enable real-time protection.
    8/22/2012 8:44:16 PM, error: Microsoft Antimalware [2001] - Microsoft Antimalware has encountered an error trying to update signatures.New Signature Version: Previous Signature Version: 0.0.0.0Update Source: Microsoft Update ServerUpdate Stage: SearchSource Path: Default URLSignature Type: AntiVirusUpdate Type: FullUser: NT AUTHORITY\SYSTEMCurrent Engine Version: Previous Engine Version: 0.0.0.0Error code: 0x80070424Error description: The specified service does not exist as an installed service.
    8/22/2012 8:43:23 PM, error: Microsoft Antimalware [2001] - Microsoft Antimalware has encountered an error trying to update signatures.New Signature Version: Previous Signature Version: 0.0.0.0Update Source: Microsoft Update ServerUpdate Stage: SearchSource Path: Default URLSignature Type: AntiVirusUpdate Type: FullUser: NT AUTHORITY\SYSTEMCurrent Engine Version: Previous Engine Version: 0.0.0.0Error code: 0x80070424Error description: The specified service does not exist as an installed service.
    8/22/2012 6:13:56 PM, error: Service Control Manager [7000] - The avipbb service failed to start due to the following error: Access is denied.
    8/22/2012 10:05:07 PM, error: Service Control Manager [7006] - The ScRegSetValueExW call failed for Start with the following error: Access is denied.
    8/22/2012 10:02:33 PM, error: Microsoft Antimalware [3002] - Microsoft Antimalware Real-Time Protection feature has encountered an error and failed.Feature: On AccessError Code: 0x8007001fError description: A device attached to the system is not functioning. Reason: The filter driver was unloaded unexpectedly.
    8/22/2012 10:02:33 PM, error: Microsoft Antimalware [3002] - Microsoft Antimalware Real-Time Protection feature has encountered an error and failed.Feature: On AccessError Code: 0x8007001fError description: A device attached to the system is not functioning. Reason: The filter driver requires an up-to-date engine in order to function. You must install the latest definition updates in order to enable real-time protection.
    8/22/2012 10:02:33 PM, error: Microsoft Antimalware [3002] - Microsoft Antimalware Real-Time Protection feature has encountered an error and failed.Feature: Behavior MonitoringError Code: 0x8007001fError description: A device attached to the system is not functioning. Reason: The filter driver was unloaded unexpectedly.
    8/22/2012 10:02:33 PM, error: Microsoft Antimalware [3002] - Microsoft Antimalware Real-Time Protection feature has encountered an error and failed.Feature: Behavior MonitoringError Code: 0x8007001fError description: A device attached to the system is not functioning. Reason: The filter driver requires an up-to-date engine in order to function. You must install the latest definition updates in order to enable real-time protection.
    8/21/2012 9:45:49 PM, error: Service Control Manager [7026] - The following boot-start or system-start driver(s) failed to load: AFD avipbb avkmgr Fips intelppm IPSec MRxSmb NetBIOS NetBT RasAcd Rdbss ssmdrv Tcpip
    8/21/2012 9:45:49 PM, error: Service Control Manager [7001] - The TCP/IP NetBIOS Helper service depends on the AFD service which failed to start because of the following error: A device attached to the system is not functioning.
    8/21/2012 9:45:49 PM, error: Service Control Manager [7001] - The IPSEC Services service depends on the IPSEC driver service which failed to start because of the following error: A device attached to the system is not functioning.
    8/21/2012 9:45:49 PM, error: Service Control Manager [7001] - The DNS Client service depends on the TCP/IP Protocol Driver service which failed to start because of the following error: A device attached to the system is not functioning.
    8/21/2012 9:45:49 PM, error: Service Control Manager [7001] - The DHCP Client service depends on the NetBios over Tcpip service which failed to start because of the following error: A device attached to the system is not functioning.
    8/21/2012 8:52:08 PM, error: Service Control Manager [7034] - The DNS Client service terminated unexpectedly. It has done this 2 time(s).
    8/21/2012 8:49:42 PM, error: Service Control Manager [7034] - The DNS Client service terminated unexpectedly. It has done this 1 time(s).
    8/21/2012 8:41:03 PM, error: Service Control Manager [7006] - The ScRegSetValueExW call failed for DeleteFlag with the following error: Access is denied.
    8/21/2012 8:40:56 PM, error: Service Control Manager [7026] - The following boot-start or system-start driver(s) failed to load: ssmdrv
    8/21/2012 8:40:56 PM, error: Service Control Manager [7024] - The Avira Realtime Protection service terminated with service-specific error 307 (0x133).
    8/21/2012 8:40:56 PM, error: Service Control Manager [7023] - The Computer Browser service terminated with the following error: The specified service does not exist as an installed service.
    8/21/2012 8:40:56 PM, error: Service Control Manager [7000] - The avgntflt service failed to start due to the following error: A device attached to the system is not functioning.
    8/21/2012 8:38:30 PM, error: DCOM [10005] - DCOM got error "%1084" attempting to start the service EventSystem with arguments "" in order to run the server: {1BE1F766-5536-11D1-B726-00C04FB926AF}
    8/21/2012 8:37:49 PM, error: DCOM [10005] - DCOM got error "%1084" attempting to start the service StiSvc with arguments "" in order to run the server: {A1F4E726-8CF1-11D1-BF92-0060081ED811}
    8/21/2012 7:47:30 PM, error: Service Control Manager [7026] - The following boot-start or system-start driver(s) failed to load: avipbb avkmgr Fips intelppm ssmdrv
    8/21/2012 7:46:02 PM, error: sr [1] - The System Restore filter encountered the unexpected error '0xC0000001' while processing the file '' on the volume 'HarddiskVolume2'. It has stopped monitoring the volume.
    8/20/2012 11:37:41 AM, error: System Error [1003] - Error code 1000007e, parameter1 c0000005, parameter2 89659097, parameter3 ba4fba90, parameter4 ba4fb78c.
    .
    ==== End Of File ===========================
     
  6. Deb Jones

    Deb Jones TS Rookie Topic Starter

    Please find pasted, the Rkill log. Also, the aswMBR.exe file will *not* run. I downloaded to desktop, tried double-clicking, right-clicking and running as Admin and also from the RUN command. Nothing happens. Let me know how to proceed. Many thanks.

    Rkill 2.2.1 by Lawrence Abrams (Grinler)
    http://www.bleepingcomputer.com/
    Copyright 2008-2012 BleepingComputer.com
    More Information about Rkill can be found at this link:
    http://www.bleepingcomputer.com/forums/topic308364.html

    Program started at: 08/23/2012 08:12:12 PM in x86 mode.
    Windows Version: Windows XP

    Checking for Windows services to stop.

    * No malware services found to stop.

    Checking for processes to terminate.

    * C:\Documents and Settings\user1\Application Data\U3\25846107FC518779\LaunchPad.exe (PID: 3560) [UP-HEUR]

    1 proccess terminated!

    Checking Registry for malware related settings.

    * No issues found in the Registry.

    Resetting .EXE, .COM, & .BAT associations in the Windows Registry.

    Performing miscellaneous checks.

    * SMTMP folder detected. Your machine is or has been infected with the Fake.HDD rogue anti-spyware program. Please see this link for more information about this type of rogue: http://www.bleepingcomputer.com/forums/topic405109.html
    * No issues found.

    Checking Windows Service Integrity:

    * BITS [Missing Service]
    * wuauserv [Missing Service]
    * sr => \SystemRoot\system32\DRIVERS\sr.sys [Incorrect ImagePath]

    Searching for Missing Digital Signatures:
    * No issues found.

    Program finished at: 08/23/2012 08:12:22 PM
    Execution time: 0 hours(s), 0 minute(s), and 9 seconds(s)
     
  7. Broni

    Broni Malware Annihilator Posts: 52,898   +344

    Download TDSSKiller and save it to your desktop.
    • Extract (unzip) its contents to your desktop.
    • Open the TDSSKiller folder and doubleclick on TDSSKiller.exe to run the application, then on Start Scan.
    • If an infected file is detected, the default action will be Cure, click on Continue.
    • If a suspicious file is detected, the default action will be Skip, click on Continue.
    • It may ask you to reboot the computer to complete the process. Click on Reboot Now.
    • If no reboot is require, click on Report. A log file should appear. Please copy and paste the contents of that file here.
    • If a reboot is required, the report can also be found in your root directory (usually C:\ folder) in the form of TDSSKiller_xxxx_log.txt. Please copy and paste the contents of that file here.
     
  8. Deb Jones

    Deb Jones TS Rookie Topic Starter

    OK, it found something, I rebooted and after user login, while processing the Startup, it blue screened on me. Upon second reboot, I set it into Safe Mode to see if there was something going in the Startup. Within MSCONFIG, there was an entry for "dumprep 0 -k" under startup. This keeps getting activated every time I think the machine is clear of the malware. I disabled it and restarted normally. Then ran Killer again. It again found something. Pasting each log separately:

    22:10:10.0546 2956 TDSS rootkit removing tool 2.8.8.0 Aug 24 2012 13:27:48
    22:10:10.0562 2956 ============================================================
    22:10:10.0562 2956 Current date / time: 2012/08/24 22:10:10.0562
    22:10:10.0562 2956 SystemInfo:
    22:10:10.0562 2956
    22:10:10.0562 2956 OS Version: 5.1.2600 ServicePack: 3.0
    22:10:10.0562 2956 Product type: Workstation
    22:10:10.0562 2956 ComputerName: PAYSON1
    22:10:10.0562 2956 UserName: user1
    22:10:10.0562 2956 Windows directory: C:\WINDOWS
    22:10:10.0562 2956 System windows directory: C:\WINDOWS
    22:10:10.0562 2956 Processor architecture: Intel x86
    22:10:10.0562 2956 Number of processors: 2
    22:10:10.0562 2956 Page size: 0x1000
    22:10:10.0562 2956 Boot type: Normal boot
    22:10:10.0562 2956 ============================================================
    22:10:15.0234 2956 !crdlk
    22:10:15.0250 2956 Drive \Device\Harddisk0\DR0 - Size: 0x7470C06000 (465.76 Gb), SectorSize: 0x200, Cylinders: 0xED81, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'A'
    22:10:15.0265 2956 Drive \Device\Harddisk1\DR5 - Size: 0x1DEFFFE00 (7.48 Gb), SectorSize: 0x200, Cylinders: 0x3D1, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'W'
    22:10:15.0265 2956 ============================================================
    22:10:15.0265 2956 \Device\Harddisk0\DR0:
    22:10:15.0265 2956 MBR partitions:
    22:10:15.0265 2956 \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x14000, BlocksNum 0x38FE9828
    22:10:15.0265 2956 \Device\Harddisk1\DR5:
    22:10:15.0265 2956 MBR partitions:
    22:10:15.0265 2956 \Device\Harddisk1\DR5\Partition1: MBR, Type 0xC, StartLBA 0x3F, BlocksNum 0xEF7FC0
    22:10:15.0265 2956 ============================================================
    22:10:15.0296 2956 C: <-> \Device\Harddisk0\DR0\Partition1
    22:10:15.0296 2956 ============================================================
    22:10:15.0296 2956 Initialize success
    22:10:15.0296 2956 ============================================================
    22:10:34.0468 3000 ============================================================
    22:10:34.0468 3000 Scan started
    22:10:34.0468 3000 Mode: Manual;
    22:10:34.0468 3000 ============================================================
    22:10:34.0640 3000 ================ Scan system memory ========================
    22:10:34.0640 3000 System memory - ok
    22:10:34.0640 3000 ================ Scan services =============================
    22:10:34.0796 3000 Abiosdsk - ok
    22:10:34.0843 3000 [ 6ABB91494FE6C59089B9336452AB2EA3 ] abp480n5 C:\WINDOWS\system32\DRIVERS\ABP480N5.SYS
    22:10:34.0843 3000 abp480n5 - ok
    22:10:34.0859 3000 [ 8FD99680A539792A30E97944FDAECF17 ] ACPI C:\WINDOWS\system32\DRIVERS\ACPI.sys
    22:10:34.0859 3000 ACPI - ok
    22:10:34.0859 3000 [ 9859C0F6936E723E4892D7141B1327D5 ] ACPIEC C:\WINDOWS\system32\drivers\ACPIEC.sys
    22:10:34.0859 3000 ACPIEC - ok
    22:10:34.0890 3000 [ 9A11864873DA202C996558B2106B0BBC ] adpu160m C:\WINDOWS\system32\DRIVERS\adpu160m.sys
    22:10:34.0906 3000 adpu160m - ok
    22:10:34.0968 3000 [ 8BED39E3C35D6A489438B8141717A557 ] aec C:\WINDOWS\system32\drivers\aec.sys
    22:10:34.0968 3000 aec - ok
    22:10:35.0015 3000 [ 1E44BC1E83D8FD2305F8D452DB109CF9 ] AFD C:\WINDOWS\System32\drivers\afd.sys
    22:10:35.0015 3000 AFD - ok
    22:10:35.0031 3000 [ 08FD04AA961BDC77FB983F328334E3D7 ] agp440 C:\WINDOWS\system32\DRIVERS\agp440.sys
    22:10:35.0031 3000 agp440 - ok
    22:10:35.0031 3000 [ 03A7E0922ACFE1B07D5DB2EEB0773063 ] agpCPQ C:\WINDOWS\system32\DRIVERS\agpCPQ.sys
    22:10:35.0031 3000 agpCPQ - ok
    22:10:35.0062 3000 [ C23EA9B5F46C7F7910DB3EAB648FF013 ] Aha154x C:\WINDOWS\system32\DRIVERS\aha154x.sys
    22:10:35.0062 3000 Aha154x - ok
    22:10:35.0062 3000 [ 19DD0FB48B0C18892F70E2E7D61A1529 ] aic78u2 C:\WINDOWS\system32\DRIVERS\aic78u2.sys
    22:10:35.0078 3000 aic78u2 - ok
    22:10:35.0078 3000 [ B7FE594A7468AA0132DEB03FB8E34326 ] aic78xx C:\WINDOWS\system32\DRIVERS\aic78xx.sys
    22:10:35.0078 3000 aic78xx - ok
    22:10:35.0125 3000 [ A9A3DAA780CA6C9671A19D52456705B4 ] Alerter C:\WINDOWS\system32\alrsvc.dll
    22:10:35.0125 3000 Alerter - ok
    22:10:35.0140 3000 [ 8C515081584A38AA007909CD02020B3D ] ALG C:\WINDOWS\System32\alg.exe
    22:10:35.0140 3000 ALG - ok
    22:10:35.0156 3000 [ 1140AB9938809700B46BB88E46D72A96 ] AliIde C:\WINDOWS\system32\DRIVERS\aliide.sys
    22:10:35.0156 3000 AliIde - ok
    22:10:35.0156 3000 [ CB08AED0DE2DD889A8A820CD8082D83C ] alim1541 C:\WINDOWS\system32\DRIVERS\alim1541.sys
    22:10:35.0156 3000 alim1541 - ok
    22:10:35.0171 3000 [ 95B4FB835E28AA1336CEEB07FD5B9398 ] amdagp C:\WINDOWS\system32\DRIVERS\amdagp.sys
    22:10:35.0171 3000 amdagp - ok
    22:10:35.0203 3000 [ 79F5ADD8D24BD6893F2903A3E2F3FAD6 ] amsint C:\WINDOWS\system32\DRIVERS\amsint.sys
    22:10:35.0203 3000 amsint - ok
    22:10:35.0343 3000 [ 0A1CC583E8147004E4AD4625D7FBF88C ] AntiVirSchedulerService C:\Program Files\Avira\AntiVir Desktop\sched.exe
    22:10:35.0343 3000 AntiVirSchedulerService - ok
    22:10:35.0406 3000 [ C9A36EF935ACED86AEDF93E97E606911 ] AntiVirService C:\Program Files\Avira\AntiVir Desktop\avguard.exe
    22:10:35.0406 3000 AntiVirService - ok
    22:10:35.0468 3000 [ D8849F77C0B66226335A59D26CB4EDC6 ] AppMgmt C:\WINDOWS\System32\appmgmts.dll
    22:10:35.0468 3000 AppMgmt - ok
    22:10:35.0500 3000 [ 62D318E9A0C8FC9B780008E724283707 ] asc C:\WINDOWS\system32\DRIVERS\asc.sys
    22:10:35.0500 3000 asc - ok
    22:10:35.0500 3000 [ 69EB0CC7714B32896CCBFD5EDCBEA447 ] asc3350p C:\WINDOWS\system32\DRIVERS\asc3350p.sys
    22:10:35.0500 3000 asc3350p - ok
    22:10:35.0531 3000 [ 5D8DE112AA0254B907861E9E9C31D597 ] asc3550 C:\WINDOWS\system32\DRIVERS\asc3550.sys
    22:10:35.0531 3000 asc3550 - ok
    22:10:35.0625 3000 [ 0E5E4957549056E2BF2C49F4F6B601AD ] aspnet_state C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe
    22:10:35.0656 3000 aspnet_state - ok
    22:10:35.0656 3000 [ B153AFFAC761E7F5FCFA822B9C4E97BC ] AsyncMac C:\WINDOWS\system32\DRIVERS\asyncmac.sys
    22:10:35.0656 3000 AsyncMac - ok
    22:10:35.0718 3000 [ 9F3A2F5AA6875C72BF062C712CFA2674 ] atapi C:\WINDOWS\system32\DRIVERS\atapi.sys
    22:10:35.0718 3000 atapi - ok
    22:10:35.0718 3000 Atdisk - ok
    22:10:35.0734 3000 [ 9916C1225104BA14794209CFA8012159 ] Atmarpc C:\WINDOWS\system32\DRIVERS\atmarpc.sys
    22:10:35.0734 3000 Atmarpc - ok
    22:10:35.0765 3000 [ DEF7A7882BEC100FE0B2CE2549188F9D ] AudioSrv C:\WINDOWS\System32\audiosrv.dll
    22:10:35.0765 3000 AudioSrv - ok
    22:10:35.0812 3000 [ D9F724AA26C010A217C97606B160ED68 ] audstub C:\WINDOWS\system32\DRIVERS\audstub.sys
    22:10:35.0812 3000 audstub - ok
    22:10:35.0859 3000 [ D5541F0AFB767E85FC412FC609D96A74 ] avgntflt C:\WINDOWS\system32\DRIVERS\avgntflt.sys
    22:10:35.0859 3000 avgntflt - ok
    22:10:35.0921 3000 [ 7D967A682D4694DF7FA57D63A2DB01FE ] avipbb C:\WINDOWS\system32\DRIVERS\avipbb.sys
    22:10:35.0921 3000 avipbb - ok
    22:10:35.0953 3000 [ 53E56450DA16A1A7F0D002F511113F67 ] avkmgr C:\WINDOWS\system32\DRIVERS\avkmgr.sys
    22:10:35.0953 3000 avkmgr - ok
    22:10:35.0968 3000 [ DA1F27D85E0D1525F6621372E7B685E9 ] Beep C:\WINDOWS\system32\drivers\Beep.sys
    22:10:35.0968 3000 Beep - ok
    22:10:36.0015 3000 [ CFD4E51402DA9838B5A04AE680AF54A0 ] Browser C:\WINDOWS\System32\browser.dll
    22:10:36.0031 3000 Browser - ok
    22:10:36.0031 3000 Suspicious service (NoAccess): c4166fec1e7746a1
    22:10:36.0062 3000 [ 7739E40ED6B67ECD4F9C0867653DAE1B ] c4166fec1e7746a1 C:\WINDOWS\System32\Drivers\c4166fec1e7746a1.sys
    22:10:36.0062 3000 Suspicious file (NoAccess): C:\WINDOWS\System32\Drivers\c4166fec1e7746a1.sys. md5: 7739E40ED6B67ECD4F9C0867653DAE1B
    22:10:36.0671 3000 c4166fec1e7746a1 ( Rootkit.Win32.Necurs.gen ) - infected
    22:10:36.0671 3000 c4166fec1e7746a1 - detected Rootkit.Win32.Necurs.gen (0)
    22:10:36.0718 3000 [ 90A673FC8E12A79AFBED2576F6A7AAF9 ] cbidf C:\WINDOWS\system32\DRIVERS\cbidf2k.sys
    22:10:36.0718 3000 cbidf - ok
    22:10:36.0734 3000 [ 90A673FC8E12A79AFBED2576F6A7AAF9 ] cbidf2k C:\WINDOWS\system32\drivers\cbidf2k.sys
    22:10:36.0750 3000 cbidf2k - ok
    22:10:36.0750 3000 [ F3EC03299634490E97BBCE94CD2954C7 ] cd20xrnt C:\WINDOWS\system32\DRIVERS\cd20xrnt.sys
    22:10:36.0750 3000 cd20xrnt - ok
    22:10:36.0796 3000 [ C1B486A7658353D33A10CC15211A873B ] Cdaudio C:\WINDOWS\system32\drivers\Cdaudio.sys
    22:10:36.0796 3000 Cdaudio - ok
    22:10:36.0812 3000 [ C885B02847F5D2FD45A24E219ED93B32 ] Cdfs C:\WINDOWS\system32\drivers\Cdfs.sys
    22:10:36.0812 3000 Cdfs - ok
    22:10:36.0828 3000 [ 1F4260CC5B42272D71F79E570A27A4FE ] Cdrom C:\WINDOWS\system32\DRIVERS\cdrom.sys
    22:10:36.0828 3000 Cdrom - ok
    22:10:36.0843 3000 Changer - ok
    22:10:36.0875 3000 [ 1CFE720EB8D93A7158A4EBC3AB178BDE ] CiSvc C:\WINDOWS\system32\cisvc.exe
    22:10:36.0875 3000 CiSvc - ok
    22:10:36.0906 3000 [ 34CBE729F38138217F9C80212A2A0C82 ] ClipSrv C:\WINDOWS\system32\clipsrv.exe
    22:10:36.0906 3000 ClipSrv - ok
    22:10:36.0937 3000 [ D87ACAED61E417BBA546CED5E7E36D9C ] clr_optimization_v2.0.50727_32 C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
    22:10:37.0000 3000 clr_optimization_v2.0.50727_32 - ok
    22:10:37.0109 3000 [ C5A75EB48E2344ABDC162BDA79E16841 ] clr_optimization_v4.0.30319_32 C:\WINDOWS\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
    22:10:37.0109 3000 clr_optimization_v4.0.30319_32 - ok
    22:10:37.0171 3000 [ E5DCB56C533014ECBC556A8357C929D5 ] CmdIde C:\WINDOWS\system32\DRIVERS\cmdide.sys
    22:10:37.0171 3000 CmdIde - ok
    22:10:37.0171 3000 COMSysApp - ok
    22:10:37.0203 3000 [ 3EE529119EED34CD212A215E8C40D4B6 ] Cpqarray C:\WINDOWS\system32\DRIVERS\cpqarray.sys
    22:10:37.0203 3000 Cpqarray - ok
    22:10:37.0250 3000 [ 3D4E199942E29207970E04315D02AD3B ] CryptSvc C:\WINDOWS\System32\cryptsvc.dll
    22:10:37.0250 3000 CryptSvc - ok
    22:10:37.0250 3000 [ E550E7418984B65A78299D248F0A7F36 ] dac2w2k C:\WINDOWS\system32\DRIVERS\dac2w2k.sys
    22:10:37.0265 3000 dac2w2k - ok
    22:10:37.0265 3000 [ 683789CAA3864EB46125AE86FF677D34 ] dac960nt C:\WINDOWS\system32\DRIVERS\dac960nt.sys
    22:10:37.0265 3000 dac960nt - ok
    22:10:37.0312 3000 [ 6B27A5C03DFB94B4245739065431322C ] DcomLaunch C:\WINDOWS\system32\rpcss.dll
    22:10:37.0328 3000 DcomLaunch - ok
    22:10:37.0406 3000 [ 5E38D7684A49CACFB752B046357E0589 ] Dhcp C:\WINDOWS\System32\dhcpcsvc.dll
    22:10:37.0406 3000 Dhcp - ok
    22:10:37.0453 3000 [ 044452051F3E02E7963599FC8F4F3E25 ] Disk C:\WINDOWS\system32\DRIVERS\disk.sys
    22:10:37.0453 3000 Disk - ok
    22:10:37.0468 3000 dmadmin - ok
    22:10:37.0484 3000 [ D992FE1274BDE0F84AD826ACAE022A41 ] dmboot C:\WINDOWS\system32\drivers\dmboot.sys
    22:10:37.0500 3000 dmboot - ok
    22:10:37.0515 3000 [ 7C824CF7BBDE77D95C08005717A95F6F ] dmio C:\WINDOWS\system32\drivers\dmio.sys
    22:10:37.0515 3000 dmio - ok
    22:10:37.0515 3000 [ E9317282A63CA4D188C0DF5E09C6AC5F ] dmload C:\WINDOWS\system32\drivers\dmload.sys
    22:10:37.0515 3000 dmload - ok
    22:10:37.0531 3000 [ 57EDEC2E5F59F0335E92F35184BC8631 ] dmserver C:\WINDOWS\System32\dmserver.dll
    22:10:37.0531 3000 dmserver - ok
    22:10:37.0578 3000 [ 8A208DFCF89792A484E76C40E5F50B45 ] DMusic C:\WINDOWS\system32\drivers\DMusic.sys
    22:10:37.0578 3000 DMusic - ok
    22:10:37.0609 3000 [ 5F7E24FA9EAB896051FFB87F840730D2 ] Dnscache C:\WINDOWS\System32\dnsrslvr.dll
    22:10:37.0609 3000 Dnscache - ok
    22:10:37.0640 3000 [ 0F0F6E687E5E15579EF4DA8DD6945814 ] Dot3svc C:\WINDOWS\System32\dot3svc.dll
    22:10:37.0640 3000 Dot3svc - ok
    22:10:37.0671 3000 [ 40F3B93B4E5B0126F2F5C0A7A5E22660 ] dpti2o C:\WINDOWS\system32\DRIVERS\dpti2o.sys
    22:10:37.0671 3000 dpti2o - ok
    22:10:37.0671 3000 [ 8F5FCFF8E8848AFAC920905FBD9D33C8 ] drmkaud C:\WINDOWS\system32\drivers\drmkaud.sys
    22:10:37.0671 3000 drmkaud - ok
    22:10:37.0718 3000 [ 2187855A7703ADEF0CEF9EE4285182CC ] EapHost C:\WINDOWS\System32\eapsvc.dll
    22:10:37.0718 3000 EapHost - ok
    22:10:37.0750 3000 [ BC93B4A066477954555966D77FEC9ECB ] ERSvc C:\WINDOWS\System32\ersvc.dll
    22:10:37.0750 3000 ERSvc - ok
    22:10:37.0765 3000 [ 65DF52F5B8B6E9BBD183505225C37315 ] Eventlog C:\WINDOWS\system32\services.exe
    22:10:37.0765 3000 Eventlog - ok
    22:10:37.0796 3000 [ D4991D98F2DB73C60D042F1AEF79EFAE ] EventSystem C:\WINDOWS\system32\es.dll
    22:10:37.0796 3000 EventSystem - ok
    22:10:37.0843 3000 [ 38D332A6D56AF32635675F132548343E ] Fastfat C:\WINDOWS\system32\drivers\Fastfat.sys
    22:10:37.0843 3000 Fastfat - ok
    22:10:37.0890 3000 [ 99BC0B50F511924348BE19C7C7313BBF ] FastUserSwitchingCompatibility C:\WINDOWS\System32\shsvcs.dll
    22:10:37.0890 3000 FastUserSwitchingCompatibility - ok
    22:10:37.0937 3000 [ E97D6A8684466DF94FF3BC24FB787A07 ] Fax C:\WINDOWS\system32\fxssvc.exe
    22:10:37.0953 3000 Fax - ok
    22:10:37.0953 3000 [ 92CDD60B6730B9F50F6A1A0C1F8CDC81 ] Fdc C:\WINDOWS\system32\drivers\Fdc.sys
    22:10:37.0953 3000 Fdc - ok
    22:10:37.0968 3000 [ D45926117EB9FA946A6AF572FBE1CAA3 ] Fips C:\WINDOWS\system32\drivers\Fips.sys
    22:10:37.0968 3000 Fips - ok
    22:10:38.0046 3000 [ F76D04F7413B07DAA029F6520B64B4E8 ] FLEXnet Licensing Service C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
    22:10:38.0046 3000 FLEXnet Licensing Service - ok
    22:10:38.0062 3000 [ 9D27E7B80BFCDF1CDD9B555862D5E7F0 ] Flpydisk C:\WINDOWS\system32\drivers\Flpydisk.sys
    22:10:38.0062 3000 Flpydisk - ok
    22:10:38.0078 3000 [ B2CF4B0786F8212CB92ED2B50C6DB6B0 ] FltMgr C:\WINDOWS\system32\DRIVERS\fltMgr.sys
    22:10:38.0078 3000 FltMgr - ok
    22:10:38.0171 3000 [ 8BA7C024070F2B7FDD98ED8A4BA41789 ] FontCache3.0.0.0 c:\WINDOWS\Microsoft.NET\Framework\v3.0\WPF\PresentationFontCache.exe
    22:10:38.0171 3000 FontCache3.0.0.0 - ok
    22:10:38.0187 3000 [ 3E1E2BD4F39B0E2B7DC4F4D2BCC2779A ] Fs_Rec C:\WINDOWS\system32\drivers\Fs_Rec.sys
    22:10:38.0187 3000 Fs_Rec - ok
    22:10:38.0218 3000 [ 6AC26732762483366C3969C9E4D2259D ] Ftdisk C:\WINDOWS\system32\DRIVERS\ftdisk.sys
    22:10:38.0218 3000 Ftdisk - ok
    22:10:38.0265 3000 [ 0A02C63C8B144BD8C86B103DEE7C86A2 ] Gpc C:\WINDOWS\system32\DRIVERS\msgpc.sys
    22:10:38.0265 3000 Gpc - ok
    22:10:38.0312 3000 [ 573C7D0A32852B48F3058CFD8026F511 ] HDAudBus C:\WINDOWS\system32\DRIVERS\HDAudBus.sys
    22:10:38.0312 3000 HDAudBus - ok
    22:10:38.0390 3000 [ 4FCCA060DFE0C51A09DD5C3843888BCD ] helpsvc C:\WINDOWS\PCHealth\HelpCtr\Binaries\pchsvc.dll
    22:10:38.0390 3000 helpsvc - ok
    22:10:38.0421 3000 [ DEB04DA35CC871B6D309B77E1443C796 ] HidServ C:\WINDOWS\System32\hidserv.dll
    22:10:38.0421 3000 HidServ - ok
    22:10:38.0453 3000 [ CCF82C5EC8A7326C3066DE870C06DAF1 ] hidusb C:\WINDOWS\system32\DRIVERS\hidusb.sys
    22:10:38.0453 3000 hidusb - ok
    22:10:38.0484 3000 [ 8878BD685E490239777BFE51320B88E9 ] hkmsvc C:\WINDOWS\System32\kmsvc.dll
    22:10:38.0484 3000 hkmsvc - ok
    22:10:38.0546 3000 [ B028377DEA0546A5FCFBA928A8AEFAE0 ] hpn C:\WINDOWS\system32\DRIVERS\hpn.sys
    22:10:38.0546 3000 hpn - ok
    22:10:38.0578 3000 [ F80A415EF82CD06FFAF0D971528EAD38 ] HTTP C:\WINDOWS\system32\Drivers\HTTP.sys
    22:10:38.0578 3000 HTTP - ok
    22:10:38.0609 3000 [ 6100A808600F44D999CEBDEF8841C7A3 ] HTTPFilter C:\WINDOWS\System32\w3ssl.dll
    22:10:38.0609 3000 HTTPFilter - ok
    22:10:38.0625 3000 [ 9368670BD426EBEA5E8B18A62416EC28 ] i2omgmt C:\WINDOWS\system32\drivers\i2omgmt.sys
    22:10:38.0640 3000 i2omgmt - ok
    22:10:38.0656 3000 [ F10863BF1CCC290BABD1A09188AE49E0 ] i2omp C:\WINDOWS\system32\DRIVERS\i2omp.sys
    22:10:38.0656 3000 i2omp - ok
    22:10:38.0843 3000 [ CEA8D2A9579352FFF5B01FF0A38A7B32 ] ialm C:\WINDOWS\system32\DRIVERS\igxpmp32.sys
    22:10:38.0906 3000 ialm - ok
    22:10:39.0000 3000 [ C01AC32DC5C03076CFB852CB5DA5229C ] idsvc C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe
    22:10:39.0000 3000 idsvc - ok
    22:10:39.0046 3000 [ 083A052659F5310DD8B6A6CB05EDCF8E ] Imapi C:\WINDOWS\system32\DRIVERS\imapi.sys
    22:10:39.0046 3000 Imapi - ok
    22:10:39.0093 3000 [ 30DEAF54A9755BB8546168CFE8A6B5E1 ] ImapiService C:\WINDOWS\system32\imapi.exe
    22:10:39.0093 3000 ImapiService - ok
    22:10:39.0140 3000 [ 4A40E045FAEE58631FD8D91AFC620719 ] ini910u C:\WINDOWS\system32\DRIVERS\ini910u.sys
    22:10:39.0140 3000 ini910u - ok
    22:10:39.0281 3000 [ 2FEB5BF0312E1CB76CD2CAA875CBAA5D ] IntcAzAudAddService C:\WINDOWS\system32\drivers\RtkHDAud.sys
    22:10:39.0328 3000 IntcAzAudAddService - ok
    22:10:39.0406 3000 [ B5466A9250342A7AA0CD1FBA13420678 ] IntelIde C:\WINDOWS\system32\DRIVERS\intelide.sys
    22:10:39.0406 3000 IntelIde - ok
    22:10:39.0421 3000 [ 8C953733D8F36EB2133F5BB58808B66B ] intelppm C:\WINDOWS\system32\DRIVERS\intelppm.sys
    22:10:39.0421 3000 intelppm - ok
    22:10:39.0515 3000 [ 3DC635B66DD7412E1C9C3A77B8D78F25 ] IntuitUpdateService C:\Program Files\Common Files\Intuit\Update Service\IntuitUpdateService.exe
    22:10:39.0515 3000 IntuitUpdateService - ok
    22:10:39.0562 3000 [ 1663A135865F0BA6E853353E98E67F2A ] IntuitUpdateServiceV4 C:\Program Files\Common Files\Intuit\Update Service v4\IntuitUpdateService.exe
    22:10:39.0562 3000 IntuitUpdateServiceV4 - ok
    22:10:39.0578 3000 [ 3BB22519A194418D5FEC05D800A19AD0 ] Ip6Fw C:\WINDOWS\system32\DRIVERS\Ip6Fw.sys
    22:10:39.0578 3000 Ip6Fw - ok
    22:10:39.0578 3000 [ 731F22BA402EE4B62748ADAF6363C182 ] IpFilterDriver C:\WINDOWS\system32\DRIVERS\ipfltdrv.sys
    22:10:39.0578 3000 IpFilterDriver - ok
    22:10:39.0593 3000 [ B87AB476DCF76E72010632B5550955F5 ] IpInIp C:\WINDOWS\system32\DRIVERS\ipinip.sys
    22:10:39.0593 3000 IpInIp - ok
    22:10:39.0640 3000 [ CC748EA12C6EFFDE940EE98098BF96BB ] IpNat C:\WINDOWS\system32\DRIVERS\ipnat.sys
    22:10:39.0640 3000 IpNat - ok
    22:10:39.0640 3000 [ 23C74D75E36E7158768DD63D92789A91 ] IPSec C:\WINDOWS\system32\DRIVERS\ipsec.sys
    22:10:39.0640 3000 IPSec - ok
    22:10:39.0656 3000 [ C93C9FF7B04D772627A3646D89F7BF89 ] IRENUM C:\WINDOWS\system32\DRIVERS\irenum.sys
    22:10:39.0656 3000 IRENUM - ok
    22:10:39.0703 3000 [ 05A299EC56E52649B1CF2FC52D20F2D7 ] isapnp C:\WINDOWS\system32\DRIVERS\isapnp.sys
    22:10:39.0703 3000 isapnp - ok
    22:10:39.0796 3000 [ 890369AED0DDE1A98F09F7DC239CA2BD ] JavaQuickStarterService C:\Program Files\Java\jre6\bin\jqs.exe
    22:10:39.0796 3000 JavaQuickStarterService - ok
    22:10:39.0843 3000 [ 463C1EC80CD17420A542B7F36A36F128 ] Kbdclass C:\WINDOWS\system32\DRIVERS\kbdclass.sys
    22:10:39.0843 3000 Kbdclass - ok
    22:10:39.0843 3000 [ 9EF487A186DEA361AA06913A75B3FA99 ] kbdhid C:\WINDOWS\system32\DRIVERS\kbdhid.sys
    22:10:39.0843 3000 kbdhid - ok
    22:10:39.0875 3000 [ 692BCF44383D056AED41B045A323D378 ] kmixer C:\WINDOWS\system32\drivers\kmixer.sys
    22:10:39.0875 3000 kmixer - ok
    22:10:39.0921 3000 [ B467646C54CC746128904E1654C750C1 ] KSecDD C:\WINDOWS\system32\drivers\KSecDD.sys
    22:10:39.0921 3000 KSecDD - ok
    22:10:39.0984 3000 [ 3A7C3CBE5D96B8AE96CE81F0B22FB527 ] LanmanServer C:\WINDOWS\System32\srvsvc.dll
    22:10:39.0984 3000 LanmanServer - ok
    22:10:40.0078 3000 [ A8888A5327621856C0CEC4E385F69309 ] lanmanworkstation C:\WINDOWS\System32\wkssvc.dll
    22:10:40.0078 3000 lanmanworkstation - ok
    22:10:40.0078 3000 lbrtfdc - ok
    22:10:40.0156 3000 [ A7DB739AE99A796D91580147E919CC59 ] LmHosts C:\WINDOWS\System32\lmhsvc.dll
    22:10:40.0156 3000 LmHosts - ok
    22:10:40.0203 3000 [ 6C1B3C47915A8BF6BD752C9D476B1CA5 ] mbamchameleon C:\WINDOWS\system32\drivers\mbamchameleon.sys
    22:10:40.0203 3000 mbamchameleon - ok
    22:10:40.0234 3000 [ 0DB7527DB188C7D967A37BB51BBF3963 ] MBAMSwissArmy C:\WINDOWS\system32\drivers\mbamswissarmy.sys
    22:10:40.0234 3000 MBAMSwissArmy - ok
    22:10:40.0265 3000 [ 986B1FF5814366D71E0AC5755C88F2D3 ] Messenger C:\WINDOWS\System32\msgsvc.dll
    22:10:40.0265 3000 Messenger - ok
    22:10:40.0312 3000 [ 4AE068242760A1FB6E1A44BF4E16AFA6 ] mnmdd C:\WINDOWS\system32\drivers\mnmdd.sys
    22:10:40.0312 3000 mnmdd - ok
    22:10:40.0359 3000 [ D18F1F0C101D06A1C1ADF26EED16FCDD ] mnmsrvc C:\WINDOWS\system32\mnmsrvc.exe
    22:10:40.0359 3000 mnmsrvc - ok
    22:10:40.0406 3000 [ DFCBAD3CEC1C5F964962AE10E0BCC8E1 ] Modem C:\WINDOWS\system32\drivers\Modem.sys
    22:10:40.0406 3000 Modem - ok
    22:10:40.0453 3000 [ 35C9E97194C8CFB8430125F8DBC34D04 ] Mouclass C:\WINDOWS\system32\DRIVERS\mouclass.sys
    22:10:40.0453 3000 Mouclass - ok
    22:10:40.0468 3000 [ B1C303E17FB9D46E87A98E4BA6769685 ] mouhid C:\WINDOWS\system32\DRIVERS\mouhid.sys
    22:10:40.0468 3000 mouhid - ok
    22:10:40.0468 3000 [ A80B9A0BAD1B73637DBCBBA7DF72D3FD ] MountMgr C:\WINDOWS\system32\drivers\MountMgr.sys
    22:10:40.0468 3000 MountMgr - ok
    22:10:40.0531 3000 [ D993BEA500E7382DC4E760BF4F35EFCB ] MpFilter C:\WINDOWS\system32\DRIVERS\MpFilter.sys
    22:10:40.0531 3000 MpFilter - ok
    22:10:40.0578 3000 [ 3F4BB95E5A44F3BE34824E8E7CAF0737 ] mraid35x C:\WINDOWS\system32\DRIVERS\mraid35x.sys
    22:10:40.0593 3000 mraid35x - ok
    22:10:40.0609 3000 [ 11D42BB6206F33FBB3BA0288D3EF81BD ] MRxDAV C:\WINDOWS\system32\DRIVERS\mrxdav.sys
    22:10:40.0609 3000 MRxDAV - ok
    22:10:40.0656 3000 [ 7D304A5EB4344EBEEAB53A2FE3FFB9F0 ] MRxSmb C:\WINDOWS\system32\DRIVERS\mrxsmb.sys
    22:10:40.0671 3000 MRxSmb - ok
    22:10:40.0703 3000 [ A137F1470499A205ABBB9AAFB3B6F2B1 ] MSDTC C:\WINDOWS\system32\msdtc.exe
    22:10:40.0703 3000 MSDTC - ok
    22:10:40.0734 3000 [ C941EA2454BA8350021D774DAF0F1027 ] Msfs C:\WINDOWS\system32\drivers\Msfs.sys
    22:10:40.0734 3000 Msfs - ok
    22:10:40.0734 3000 MSIServer - ok
    22:10:40.0796 3000 [ D1575E71568F4D9E14CA56B7B0453BF1 ] MSKSSRV C:\WINDOWS\system32\drivers\MSKSSRV.sys
    22:10:40.0796 3000 MSKSSRV - ok
    22:10:40.0859 3000 [ 24516BF4E12A46CB67302E2CDCB8CDDF ] MsMpSvc c:\Program Files\Microsoft Security Client\MsMpEng.exe
    22:10:40.0859 3000 MsMpSvc - ok
    22:10:40.0859 3000 [ 325BB26842FC7CCC1FCCE2C457317F3E ] MSPCLOCK C:\WINDOWS\system32\drivers\MSPCLOCK.sys
    22:10:40.0859 3000 MSPCLOCK - ok
    22:10:40.0875 3000 [ BAD59648BA099DA4A17680B39730CB3D ] MSPQM C:\WINDOWS\system32\drivers\MSPQM.sys
    22:10:40.0875 3000 MSPQM - ok
    22:10:40.0890 3000 [ AF5F4F3F14A8EA2C26DE30F7A1E17136 ] mssmbios C:\WINDOWS\system32\DRIVERS\mssmbios.sys
    22:10:40.0890 3000 mssmbios - ok
    22:10:40.0906 3000 [ DE6A75F5C270E756C5508D94B6CF68F5 ] Mup C:\WINDOWS\system32\drivers\Mup.sys
    22:10:40.0921 3000 Mup - ok
    22:10:40.0953 3000 [ 0102140028FAD045756796E1C685D695 ] napagent C:\WINDOWS\System32\qagentrt.dll
    22:10:40.0953 3000 napagent - ok
    22:10:41.0015 3000 [ 1DF7F42665C94B825322FAE71721130D ] NDIS C:\WINDOWS\system32\drivers\NDIS.sys
    22:10:41.0031 3000 NDIS - ok
    22:10:41.0062 3000 [ 0109C4F3850DFBAB279542515386AE22 ] NdisTapi C:\WINDOWS\system32\DRIVERS\ndistapi.sys
    22:10:41.0062 3000 NdisTapi - ok
    22:10:41.0109 3000 [ F927A4434C5028758A842943EF1A3849 ] Ndisuio C:\WINDOWS\system32\DRIVERS\ndisuio.sys
    22:10:41.0109 3000 Ndisuio - ok
    22:10:41.0125 3000 [ EDC1531A49C80614B2CFDA43CA8659AB ] NdisWan C:\WINDOWS\system32\DRIVERS\ndiswan.sys
    22:10:41.0125 3000 NdisWan - ok
    22:10:41.0140 3000 [ 9282BD12DFB069D3889EB3FCC1000A9B ] NDProxy C:\WINDOWS\system32\drivers\NDProxy.sys
    22:10:41.0140 3000 NDProxy - ok
    22:10:41.0218 3000 [ 2969D26EEE289BE7422AA46FC55F4E38 ] Net Driver HPZ12 C:\WINDOWS\system32\HPZinw12.dll
    22:10:41.0218 3000 Net Driver HPZ12 - ok
    22:10:41.0265 3000 [ 5D81CF9A2F1A3A756B66CF684911CDF0 ] NetBIOS C:\WINDOWS\system32\DRIVERS\netbios.sys
    22:10:41.0265 3000 NetBIOS - ok
    22:10:41.0312 3000 [ 74B2B2F5BEA5E9A3DC021D685551BD3D ] NetBT C:\WINDOWS\system32\DRIVERS\netbt.sys
    22:10:41.0312 3000 NetBT - ok
    22:10:41.0359 3000 [ B857BA82860D7FF85AE29B095645563B ] NetDDE C:\WINDOWS\system32\netdde.exe
    22:10:41.0359 3000 NetDDE - ok
    22:10:41.0375 3000 [ B857BA82860D7FF85AE29B095645563B ] NetDDEdsdm C:\WINDOWS\system32\netdde.exe
    22:10:41.0375 3000 NetDDEdsdm - ok
    22:10:41.0406 3000 [ BF2466B3E18E970D8A976FB95FC1CA85 ] Netlogon C:\WINDOWS\system32\lsass.exe
    22:10:41.0406 3000 Netlogon - ok
    22:10:41.0421 3000 [ 13E67B55B3ABD7BF3FE7AAE5A0F9A9DE ] Netman C:\WINDOWS\System32\netman.dll
    22:10:41.0421 3000 Netman - ok
    22:10:41.0468 3000 [ D34612C5D02D026535B3095D620626AE ] NetTcpPortSharing C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe
    22:10:41.0468 3000 NetTcpPortSharing - ok
    22:10:41.0515 3000 [ 943337D786A56729263071623BBB9DE5 ] Nla C:\WINDOWS\System32\mswsock.dll
    22:10:41.0515 3000 Nla - ok
    22:10:41.0546 3000 [ 3182D64AE053D6FB034F44B6DEF8034A ] Npfs C:\WINDOWS\system32\drivers\Npfs.sys
    22:10:41.0546 3000 Npfs - ok
    22:10:41.0593 3000 [ 78A08DD6A8D65E697C18E1DB01C5CDCA ] Ntfs C:\WINDOWS\system32\drivers\Ntfs.sys
    22:10:41.0593 3000 Ntfs - ok
    22:10:41.0609 3000 [ BF2466B3E18E970D8A976FB95FC1CA85 ] NtLmSsp C:\WINDOWS\system32\lsass.exe
    22:10:41.0609 3000 NtLmSsp - ok
    22:10:41.0656 3000 [ 156F64A3345BD23C600655FB4D10BC08 ] NtmsSvc C:\WINDOWS\system32\ntmssvc.dll
    22:10:41.0656 3000 NtmsSvc - ok
    22:10:41.0687 3000 [ 73C1E1F395918BC2C6DD67AF7591A3AD ] Null C:\WINDOWS\system32\drivers\Null.sys
    22:10:41.0687 3000 Null - ok
    22:10:41.0703 3000 [ B305F3FAD35083837EF46A0BBCE2FC57 ] NwlnkFlt C:\WINDOWS\system32\DRIVERS\nwlnkflt.sys
    22:10:41.0703 3000 NwlnkFlt - ok
    22:10:41.0718 3000 [ C99B3415198D1AAB7227F2C88FD664B9 ] NwlnkFwd C:\WINDOWS\system32\DRIVERS\nwlnkfwd.sys
    22:10:41.0718 3000 NwlnkFwd - ok
    22:10:41.0859 3000 [ 785F487A64950F3CB8E9F16253BA3B7B ] odserv C:\Program Files\Common Files\Microsoft Shared\OFFICE12\ODSERV.EXE
    22:10:41.0859 3000 odserv - ok
    22:10:41.0906 3000 [ 5A432A042DAE460ABE7199B758E8606C ] ose C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE
    22:10:41.0906 3000 ose - ok
    22:10:41.0953 3000 [ 5575FAF8F97CE5E713D108C2A58D7C7C ] Parport C:\WINDOWS\system32\drivers\Parport.sys
    22:10:41.0953 3000 Parport - ok
    22:10:41.0968 3000 [ BEB3BA25197665D82EC7065B724171C6 ] PartMgr C:\WINDOWS\system32\drivers\PartMgr.sys
    22:10:41.0968 3000 PartMgr - ok
    22:10:41.0968 3000 [ 70E98B3FD8E963A6A46A2E6247E0BEA1 ] ParVdm C:\WINDOWS\system32\drivers\ParVdm.sys
    22:10:41.0968 3000 ParVdm - ok
    22:10:42.0000 3000 [ A219903CCF74233761D92BEF471A07B1 ] PCI C:\WINDOWS\system32\DRIVERS\pci.sys
    22:10:42.0000 3000 PCI - ok
    22:10:42.0000 3000 PCIDump - ok
    22:10:42.0015 3000 [ CCF5F451BB1A5A2A522A76E670000FF0 ] PCIIde C:\WINDOWS\system32\DRIVERS\pciide.sys
    22:10:42.0015 3000 PCIIde - ok
    22:10:42.0015 3000 [ 9E89EF60E9EE05E3F2EEF2DA7397F1C1 ] Pcmcia C:\WINDOWS\system32\drivers\Pcmcia.sys
    22:10:42.0031 3000 Pcmcia - ok
    22:10:42.0031 3000 PDCOMP - ok
    22:10:42.0031 3000 PDFRAME - ok
    22:10:42.0046 3000 PDRELI - ok
    22:10:42.0046 3000 PDRFRAME - ok
    22:10:42.0093 3000 [ 6C14B9C19BA84F73D3A86DBA11133101 ] perc2 C:\WINDOWS\system32\DRIVERS\perc2.sys
    22:10:42.0109 3000 perc2 - ok
    22:10:42.0109 3000 [ F50F7C27F131AFE7BEBA13E14A3B9416 ] perc2hib C:\WINDOWS\system32\DRIVERS\perc2hib.sys
    22:10:42.0109 3000 perc2hib - ok
    22:10:42.0187 3000 [ 65DF52F5B8B6E9BBD183505225C37315 ] PlugPlay C:\WINDOWS\system32\services.exe
    22:10:42.0203 3000 PlugPlay - ok
    22:10:42.0218 3000 [ BAFC9706BDF425A02B66468AB2605C59 ] Pml Driver HPZ12 C:\WINDOWS\system32\HPZipm12.dll
    22:10:42.0218 3000 Pml Driver HPZ12 - ok
    22:10:42.0234 3000 [ BF2466B3E18E970D8A976FB95FC1CA85 ] PolicyAgent C:\WINDOWS\system32\lsass.exe
    22:10:42.0234 3000 PolicyAgent - ok
    22:10:42.0265 3000 [ EFEEC01B1D3CF84F16DDD24D9D9D8F99 ] PptpMiniport C:\WINDOWS\system32\DRIVERS\raspptp.sys
    22:10:42.0265 3000 PptpMiniport - ok
    22:10:42.0281 3000 [ BF2466B3E18E970D8A976FB95FC1CA85 ] ProtectedStorage C:\WINDOWS\system32\lsass.exe
    22:10:42.0281 3000 ProtectedStorage - ok
    22:10:42.0281 3000 [ 09298EC810B07E5D582CB3A3F9255424 ] PSched C:\WINDOWS\system32\DRIVERS\psched.sys
    22:10:42.0281 3000 PSched - ok
    22:10:42.0296 3000 [ 80D317BD1C3DBC5D4FE7B1678C60CADD ] Ptilink C:\WINDOWS\system32\DRIVERS\ptilink.sys
    22:10:42.0296 3000 Ptilink - ok
    22:10:42.0359 3000 [ 03E0FE281823BA64B3782F5B38950E73 ] PxHelp20 C:\WINDOWS\system32\Drivers\PxHelp20.sys
    22:10:42.0359 3000 PxHelp20 - ok
    22:10:42.0453 3000 [ F6EA2DCE39F1ACCB2C6C38D61FC79075 ] QBCFMonitorService C:\Program Files\Common Files\Intuit\QuickBooks\QBCFMonitorService.exe
    22:10:42.0453 3000 QBCFMonitorService - ok
    22:10:42.0515 3000 [ BAB30D2799754F6EA22F0B9076311793 ] QBFCService C:\Program Files\Common Files\Intuit\QuickBooks\FCS\Intuit.QuickBooks.FCS.exe
    22:10:42.0515 3000 QBFCService - ok
    22:10:42.0562 3000 [ 0A63FB54039EB5662433CABA3B26DBA7 ] ql1080 C:\WINDOWS\system32\DRIVERS\ql1080.sys
    22:10:42.0562 3000 ql1080 - ok
    22:10:42.0578 3000 [ 6503449E1D43A0FF0201AD5CB1B8C706 ] Ql10wnt C:\WINDOWS\system32\DRIVERS\ql10wnt.sys
    22:10:42.0578 3000 Ql10wnt - ok
    22:10:42.0578 3000 [ 156ED0EF20C15114CA097A34A30D8A01 ] ql12160 C:\WINDOWS\system32\DRIVERS\ql12160.sys
    22:10:42.0578 3000 ql12160 - ok
    22:10:42.0593 3000 [ 70F016BEBDE6D29E864C1230A07CC5E6 ] ql1240 C:\WINDOWS\system32\DRIVERS\ql1240.sys
    22:10:42.0593 3000 ql1240 - ok
    22:10:42.0625 3000 [ 907F0AEEA6BC451011611E732BD31FCF ] ql1280 C:\WINDOWS\system32\DRIVERS\ql1280.sys
    22:10:42.0625 3000 ql1280 - ok
    22:10:42.0656 3000 [ FE0D99D6F31E4FAD8159F690D68DED9C ] RasAcd C:\WINDOWS\system32\DRIVERS\rasacd.sys
    22:10:42.0656 3000 RasAcd - ok
    22:10:42.0703 3000 [ AD188BE7BDF94E8DF4CA0A55C00A5073 ] RasAuto C:\WINDOWS\System32\rasauto.dll
    22:10:42.0703 3000 RasAuto - ok
    22:10:42.0718 3000 [ 11B4A627BC9614B885C4969BFA5FF8A6 ] Rasl2tp C:\WINDOWS\system32\DRIVERS\rasl2tp.sys
    22:10:42.0718 3000 Rasl2tp - ok
    22:10:42.0750 3000 [ 76A9A3CBEADD68CC57CDA5E1D7448235 ] RasMan C:\WINDOWS\System32\rasmans.dll
    22:10:42.0750 3000 RasMan - ok
    22:10:42.0765 3000 [ 5BC962F2654137C9909C3D4603587DEE ] RasPppoe C:\WINDOWS\system32\DRIVERS\raspppoe.sys
    22:10:42.0765 3000 RasPppoe - ok
    22:10:42.0781 3000 [ FDBB1D60066FCFBB7452FD8F9829B242 ] Raspti C:\WINDOWS\system32\DRIVERS\raspti.sys
    22:10:42.0781 3000 Raspti - ok
    22:10:42.0796 3000 [ 7AD224AD1A1437FE28D89CF22B17780A ] Rdbss C:\WINDOWS\system32\DRIVERS\rdbss.sys
    22:10:42.0796 3000 Rdbss - ok
    22:10:42.0812 3000 [ 4912D5B403614CE99C28420F75353332 ] RDPCDD C:\WINDOWS\system32\DRIVERS\RDPCDD.sys
    22:10:42.0812 3000 RDPCDD - ok
    22:10:42.0828 3000 [ 15CABD0F7C00C47C70124907916AF3F1 ] rdpdr C:\WINDOWS\system32\DRIVERS\rdpdr.sys
    22:10:42.0828 3000 rdpdr - ok
    22:10:42.0875 3000 [ 43AF5212BD8FB5BA6EED9754358BD8F7 ] RDPWD C:\WINDOWS\system32\drivers\RDPWD.sys
    22:10:42.0875 3000 RDPWD - ok
    22:10:42.0890 3000 [ 3C37BF86641BDA977C3BF8A840F3B7FA ] RDSessMgr C:\WINDOWS\system32\sessmgr.exe
    22:10:42.0906 3000 RDSessMgr - ok
    22:10:42.0906 3000 [ F828DD7E1419B6653894A8F97A0094C5 ] redbook C:\WINDOWS\system32\DRIVERS\redbook.sys
    22:10:42.0906 3000 redbook - ok
    22:10:42.0953 3000 [ 7E699FF5F59B5D9DE5390E3C34C67CF5 ] RemoteAccess C:\WINDOWS\System32\mprdim.dll
    22:10:42.0953 3000 RemoteAccess - ok
    22:10:42.0984 3000 [ 5B19B557B0C188210A56A6B699D90B8F ] RemoteRegistry C:\WINDOWS\system32\regsvc.dll
    22:10:42.0984 3000 RemoteRegistry - ok
    22:10:43.0015 3000 [ AAED593F84AFA419BBAE8572AF87CF6A ] RpcLocator C:\WINDOWS\system32\locator.exe
    22:10:43.0015 3000 RpcLocator - ok
    22:10:43.0046 3000 [ 6B27A5C03DFB94B4245739065431322C ] RpcSs C:\WINDOWS\system32\rpcss.dll
    22:10:43.0062 3000 RpcSs - ok
    22:10:43.0078 3000 [ 471B3F9741D762ABE75E9DEEA4787E47 ] RSVP C:\WINDOWS\system32\rsvp.exe
    22:10:43.0093 3000 RSVP - ok
    22:10:43.0109 3000 rt2870 - ok
    22:10:43.0171 3000 [ CB9310A5A910648D359C99A857E22A54 ] RTLE8023xp C:\WINDOWS\system32\DRIVERS\Rtenicxp.sys
    22:10:43.0171 3000 RTLE8023xp - ok
    22:10:43.0218 3000 [ BF2466B3E18E970D8A976FB95FC1CA85 ] SamSs C:\WINDOWS\system32\lsass.exe
    22:10:43.0218 3000 SamSs - ok
    22:10:43.0265 3000 [ 86D007E7A654B9A71D1D7D856B104353 ] SCardSvr C:\WINDOWS\System32\SCardSvr.exe
    22:10:43.0265 3000 SCardSvr - ok
    22:10:43.0312 3000 [ 0A9A7365A1CA4319AA7C1D6CD8E4EAFA ] Schedule C:\WINDOWS\system32\schedsvc.dll
    22:10:43.0328 3000 Schedule - ok
    22:10:43.0359 3000 [ 90A3935D05B494A5A39D37E71F09A677 ] Secdrv C:\WINDOWS\system32\DRIVERS\secdrv.sys
    22:10:43.0359 3000 Secdrv - ok
    22:10:43.0406 3000 [ CBE612E2BB6A10E3563336191EDA1250 ] seclogon C:\WINDOWS\System32\seclogon.dll
    22:10:43.0406 3000 seclogon - ok
    22:10:43.0453 3000 [ 7FDD5D0684ECA8C1F68B4D99D124DCD0 ] SENS C:\WINDOWS\system32\sens.dll
    22:10:43.0453 3000 SENS - ok
    22:10:43.0500 3000 [ CCA207A8896D4C6A0C9CE29A4AE411A7 ] Serial C:\WINDOWS\system32\drivers\Serial.sys
    22:10:43.0500 3000 Serial - ok
    22:10:43.0531 3000 [ 8E6B8C671615D126FDC553D1E2DE5562 ] Sfloppy C:\WINDOWS\system32\drivers\Sfloppy.sys
    22:10:43.0531 3000 Sfloppy - ok
    22:10:43.0609 3000 [ 83F41D0D89645D7235C051AB1D9523AC ] SharedAccess C:\WINDOWS\System32\ipnathlp.dll
    22:10:43.0609 3000 SharedAccess - ok
    22:10:43.0625 3000 [ 99BC0B50F511924348BE19C7C7313BBF ] ShellHWDetection C:\WINDOWS\System32\shsvcs.dll
    22:10:43.0625 3000 ShellHWDetection - ok
    22:10:43.0640 3000 Simbad - ok
    22:10:43.0656 3000 [ 6B33D0EBD30DB32E27D1D78FE946A754 ] sisagp C:\WINDOWS\system32\DRIVERS\sisagp.sys
    22:10:43.0656 3000 sisagp - ok
    22:10:43.0703 3000 [ 83C0F71F86D3BDAF915685F3D568B20E ] Sparrow C:\WINDOWS\system32\DRIVERS\sparrow.sys
    22:10:43.0703 3000 Sparrow - ok
    22:10:43.0765 3000 [ AB8B92451ECB048A4D1DE7C3FFCB4A9F ] splitter C:\WINDOWS\system32\drivers\splitter.sys
    22:10:43.0765 3000 splitter - ok
    22:10:43.0812 3000 [ 60784F891563FB1B767F70117FC2428F ] Spooler C:\WINDOWS\system32\spoolsv.exe
    22:10:43.0812 3000 Spooler - ok
    22:10:43.0843 3000 [ 76BB022C2FB6902FD5BDD4F78FC13A5D ] sr C:\WINDOWS\system32\DRIVERS\sr.sys
    22:10:43.0843 3000 sr - ok
    22:10:43.0875 3000 [ 3805DF0AC4296A34BA4BF93B346CC378 ] srservice C:\WINDOWS\system32\srsvc.dll
    22:10:43.0890 3000 srservice - ok
    22:10:43.0937 3000 [ 47DDFC2F003F7F9F0592C6874962A2E7 ] Srv C:\WINDOWS\system32\DRIVERS\srv.sys
    22:10:43.0937 3000 Srv - ok
    22:10:43.0953 3000 [ 0A5679B3714EDAB99E357057EE88FCA6 ] SSDPSRV C:\WINDOWS\System32\ssdpsrv.dll
    22:10:43.0953 3000 SSDPSRV - ok
    22:10:44.0000 3000 [ A36EE93698802CD899F98BFD553D8185 ] ssmdrv C:\WINDOWS\system32\DRIVERS\ssmdrv.sys
    22:10:44.0000 3000 ssmdrv - ok
    22:10:44.0031 3000 [ 8BAD69CBAC032D4BBACFCE0306174C30 ] stisvc C:\WINDOWS\system32\wiaservc.dll
    22:10:44.0031 3000 stisvc - ok
    22:10:44.0078 3000 [ 1D0063597C3666404FCF97698ABEB019 ] stllssvr C:\Program Files\Common Files\SureThing Shared\stllssvr.exe
    22:10:44.0078 3000 stllssvr - ok
    22:10:44.0109 3000 [ 3941D127AEF12E93ADDF6FE6EE027E0F ] swenum C:\WINDOWS\system32\DRIVERS\swenum.sys
    22:10:44.0109 3000 swenum - ok
    22:10:44.0125 3000 [ 8CE882BCC6CF8A62F2B2323D95CB3D01 ] swmidi C:\WINDOWS\system32\drivers\swmidi.sys
    22:10:44.0140 3000 swmidi - ok
    22:10:44.0140 3000 SwPrv - ok
    22:10:44.0187 3000 [ 1FF3217614018630D0A6758630FC698C ] symc810 C:\WINDOWS\system32\DRIVERS\symc810.sys
    22:10:44.0187 3000 symc810 - ok
    22:10:44.0234 3000 [ 070E001D95CF725186EF8B20335F933C ] symc8xx C:\WINDOWS\system32\DRIVERS\symc8xx.sys
    22:10:44.0234 3000 symc8xx - ok
    22:10:44.0234 3000 [ 80AC1C4ABBE2DF3B738BF15517A51F2C ] sym_hi C:\WINDOWS\system32\DRIVERS\sym_hi.sys
    22:10:44.0234 3000 sym_hi - ok
    22:10:44.0250 3000 [ BF4FAB949A382A8E105F46EBB4937058 ] sym_u3 C:\WINDOWS\system32\DRIVERS\sym_u3.sys
    22:10:44.0250 3000 sym_u3 - ok
    22:10:44.0281 3000 [ 8B83F3ED0F1688B4958F77CD6D2BF290 ] sysaudio C:\WINDOWS\system32\drivers\sysaudio.sys
    22:10:44.0281 3000 sysaudio - ok
    22:10:44.0328 3000 [ C7ABBC59B43274B1109DF6B24D617051 ] SysmonLog C:\WINDOWS\system32\smlogsvc.exe
    22:10:44.0328 3000 SysmonLog - ok
    22:10:44.0375 3000 [ 3CB78C17BB664637787C9A1C98F79C38 ] TapiSrv C:\WINDOWS\System32\tapisrv.dll
    22:10:44.0390 3000 TapiSrv - ok
    22:10:44.0437 3000 [ 9AEFA14BD6B182D61E3119FA5F436D3D ] Tcpip C:\WINDOWS\system32\DRIVERS\tcpip.sys
    22:10:44.0437 3000 Tcpip - ok
    22:10:44.0453 3000 [ 6471A66807F5E104E4885F5B67349397 ] TDPIPE C:\WINDOWS\system32\drivers\TDPIPE.sys
    22:10:44.0453 3000 TDPIPE - ok
    22:10:44.0453 3000 [ C56B6D0402371CF3700EB322EF3AAF61 ] TDTCP C:\WINDOWS\system32\drivers\TDTCP.sys
    22:10:44.0468 3000 TDTCP - ok
    22:10:44.0609 3000 [ 2BBB318EA9F34FDC508CEA4AAB98D770 ] TeamViewer7 C:\Program Files\TeamViewer\Version7\TeamViewer_Service.exe
    22:10:44.0625 3000 TeamViewer7 - ok
    22:10:44.0640 3000 [ 88155247177638048422893737429D9E ] TermDD C:\WINDOWS\system32\DRIVERS\termdd.sys
    22:10:44.0640 3000 TermDD - ok
    22:10:44.0718 3000 [ FF3477C03BE7201C294C35F684B3479F ] TermService C:\WINDOWS\System32\termsrv.dll
    22:10:44.0718 3000 TermService - ok
    22:10:44.0734 3000 [ 99BC0B50F511924348BE19C7C7313BBF ] Themes C:\WINDOWS\System32\shsvcs.dll
    22:10:44.0734 3000 Themes - ok
    22:10:44.0765 3000 [ DB7205804759FF62C34E3EFD8A4CC76A ] TlntSvr C:\WINDOWS\system32\tlntsvr.exe
    22:10:44.0765 3000 TlntSvr - ok
    22:10:44.0828 3000 [ F2790F6AF01321B172AA62F8E1E187D9 ] TosIde C:\WINDOWS\system32\DRIVERS\toside.sys
    22:10:44.0828 3000 TosIde - ok
    22:10:44.0843 3000 [ 55BCA12F7F523D35CA3CB833C725F54E ] TrkWks C:\WINDOWS\system32\trkwks.dll
    22:10:44.0843 3000 TrkWks - ok
    22:10:44.0859 3000 [ 5787B80C2E3C5E2F56C2A233D91FA2C9 ] Udfs C:\WINDOWS\system32\drivers\Udfs.sys
    22:10:44.0859 3000 Udfs - ok
    22:10:44.0906 3000 [ 1B698A51CD528D8DA4FFAED66DFC51B9 ] ultra C:\WINDOWS\system32\DRIVERS\ultra.sys
    22:10:44.0906 3000 ultra - ok
    22:10:44.0921 3000 [ 402DDC88356B1BAC0EE3DD1580C76A31 ] Update C:\WINDOWS\system32\DRIVERS\update.sys
    22:10:44.0921 3000 Update - ok
    22:10:44.0953 3000 [ 1EBAFEB9A3FBDC41B8D9C7F0F687AD91 ] upnphost C:\WINDOWS\System32\upnphost.dll
    22:10:44.0953 3000 upnphost - ok
    22:10:44.0984 3000 [ 05365FB38FCA1E98F7A566AAAF5D1815 ] UPS C:\WINDOWS\System32\ups.exe
    22:10:45.0000 3000 UPS - ok
    22:10:45.0015 3000 [ 173F317CE0DB8E21322E71B7E60A27E8 ] usbccgp C:\WINDOWS\system32\DRIVERS\usbccgp.sys
    22:10:45.0015 3000 usbccgp - ok
    22:10:45.0031 3000 [ 65DCF09D0E37D4C6B11B5B0B76D470A7 ] usbehci C:\WINDOWS\system32\DRIVERS\usbehci.sys
    22:10:45.0031 3000 usbehci - ok
    22:10:45.0078 3000 [ 1AB3CDDE553B6E064D2E754EFE20285C ] usbhub C:\WINDOWS\system32\DRIVERS\usbhub.sys
    22:10:45.0109 3000 usbhub - ok
    22:10:45.0203 3000 [ A717C8721046828520C9EDF31288FC00 ] usbprint C:\WINDOWS\system32\DRIVERS\usbprint.sys
    22:10:45.0203 3000 usbprint - ok
    22:10:45.0203 3000 [ A0B8CF9DEB1184FBDD20784A58FA75D4 ] usbscan C:\WINDOWS\system32\DRIVERS\usbscan.sys
    22:10:45.0203 3000 usbscan - ok
    22:10:45.0250 3000 [ A32426D9B14A089EAA1D922E0C5801A9 ] USBSTOR C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS
    22:10:45.0250 3000 USBSTOR - ok
    22:10:45.0250 3000 [ 26496F9DEE2D787FC3E61AD54821FFE6 ] usbuhci C:\WINDOWS\system32\DRIVERS\usbuhci.sys
    22:10:45.0250 3000 usbuhci - ok
    22:10:45.0296 3000 [ 0D3A8FAFCEACD8B7625CD549757A7DF1 ] VgaSave C:\WINDOWS\System32\drivers\vga.sys
    22:10:45.0296 3000 VgaSave - ok
    22:10:45.0343 3000 [ 754292CE5848B3738281B4F3607EAEF4 ] viaagp C:\WINDOWS\system32\DRIVERS\viaagp.sys
    22:10:45.0343 3000 viaagp - ok
    22:10:45.0390 3000 [ 3B3EFCDA263B8AC14FDF9CBDD0791B2E ] ViaIde C:\WINDOWS\system32\DRIVERS\viaide.sys
    22:10:45.0390 3000 ViaIde - ok
    22:10:45.0421 3000 [ 4C8FCB5CC53AAB716D810740FE59D025 ] VolSnap C:\WINDOWS\system32\drivers\VolSnap.sys
    22:10:45.0421 3000 VolSnap - ok
    22:10:45.0468 3000 [ 7A9DB3A67C333BF0BD42E42B8596854B ] VSS C:\WINDOWS\System32\vssvc.exe
    22:10:45.0468 3000 VSS - ok
    22:10:45.0546 3000 [ 54AF4B1D5459500EF0937F6D33B1914F ] w32time C:\WINDOWS\system32\w32time.dll
    22:10:45.0546 3000 w32time - ok
    22:10:45.0578 3000 [ E20B95BAEDB550F32DD489265C1DA1F6 ] Wanarp C:\WINDOWS\system32\DRIVERS\wanarp.sys
    22:10:45.0578 3000 Wanarp - ok
    22:10:45.0593 3000 WDICA - ok
    22:10:45.0640 3000 [ 6768ACF64B18196494413695F0C3A00F ] wdmaud C:\WINDOWS\system32\drivers\wdmaud.sys
    22:10:45.0656 3000 wdmaud - ok
    22:10:45.0687 3000 [ 77A354E28153AD2D5E120A5A8687BC06 ] WebClient C:\WINDOWS\System32\webclnt.dll
    22:10:45.0687 3000 WebClient - ok
    22:10:45.0781 3000 [ 2D0E4ED081963804CCC196A0929275B5 ] winmgmt C:\WINDOWS\system32\wbem\WMIsvc.dll
    22:10:45.0781 3000 winmgmt - ok
    22:10:45.0828 3000 [ C7E39EA41233E9F5B86C8DA3A9F1E4A8 ] WmdmPmSN C:\WINDOWS\system32\mspmsnsv.dll
    22:10:45.0828 3000 WmdmPmSN - ok
    22:10:45.0890 3000 [ E76F8807070ED04E7408A86D6D3A6137 ] Wmi C:\WINDOWS\System32\advapi32.dll
    22:10:45.0890 3000 Wmi - ok
    22:10:45.0921 3000 [ E0673F1106E62A68D2257E376079F821 ] WmiApSrv C:\WINDOWS\system32\wbem\wmiapsrv.exe
    22:10:45.0921 3000 WmiApSrv - ok
    22:10:46.0031 3000 [ DCF3E3EDF5109EE8BC02FE6E1F045795 ] WPFFontCache_v0400 C:\WINDOWS\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe
    22:10:46.0031 3000 WPFFontCache_v0400 - ok
    22:10:46.0093 3000 [ 7C278E6408D1DCE642230C0585A854D5 ] wscsvc C:\WINDOWS\system32\wscsvc.dll
    22:10:46.0093 3000 wscsvc - ok
    22:10:46.0140 3000 [ 81DC3F549F44B1C1FFF022DEC9ECF30B ] WZCSVC C:\WINDOWS\System32\wzcsvc.dll
    22:10:46.0140 3000 WZCSVC - ok
    22:10:46.0171 3000 [ 295D21F14C335B53CB8154E5B1F892B9 ] xmlprov C:\WINDOWS\System32\xmlprov.dll
    22:10:46.0171 3000 xmlprov - ok
    22:10:46.0171 3000 ================ Scan global ===============================
    22:10:46.0250 3000 [ 42F1F4C0AFB08410E5F02D4B13EBB623 ] C:\WINDOWS\system32\basesrv.dll
    22:10:46.0281 3000 [ 8C7DCA4B158BF16894120786A7A5F366 ] C:\WINDOWS\system32\winsrv.dll
    22:10:46.0281 3000 [ 8C7DCA4B158BF16894120786A7A5F366 ] C:\WINDOWS\system32\winsrv.dll
    22:10:46.0312 3000 [ 65DF52F5B8B6E9BBD183505225C37315 ] C:\WINDOWS\system32\services.exe
    22:10:46.0312 3000 [Global] - ok
    22:10:46.0312 3000 ================ Scan MBR ==================================
    22:10:46.0328 3000 [ 8F558EB6672622401DA993E1E865C861 ] \Device\Harddisk0\DR0
    22:10:46.0328 3000 Suspicious mbr (Forged): \Device\Harddisk0\DR0
    22:10:46.0406 3000 \Device\Harddisk0\DR0 - ok
    22:10:46.0406 3000 [ 739B36F7A373FC81121D831231B6D311 ] \Device\Harddisk1\DR5
    22:10:46.0406 3000 \Device\Harddisk1\DR5 - ok
    22:10:46.0406 3000 ================ Scan VBR ==================================
    22:10:46.0421 3000 [ F880920779EED22960C08D5E8564EF85 ] \Device\Harddisk0\DR0\Partition1
    22:10:46.0421 3000 \Device\Harddisk0\DR0\Partition1 - ok
    22:10:46.0421 3000 [ C6E689B007AF0E16DAD00EDC192E999A ] \Device\Harddisk1\DR5\Partition1
    22:10:46.0437 3000 \Device\Harddisk1\DR5\Partition1 - ok
    22:10:46.0437 3000 ============================================================
    22:10:46.0437 3000 Scan finished
    22:10:46.0437 3000 ============================================================
    22:10:46.0437 3052 Detected object count: 1
    22:10:46.0437 3052 Actual detected object count: 1
    22:11:18.0984 3052 C:\WINDOWS\System32\Drivers\c4166fec1e7746a1.sys - copied to quarantine
    22:11:19.0015 3052 HKLM\SYSTEM\ControlSet001\services\c4166fec1e7746a1 - will be deleted on reboot
    22:11:19.0031 3052 HKLM\SYSTEM\ControlSet003\services\c4166fec1e7746a1 - will be deleted on reboot
    22:11:19.0140 3052 C:\WINDOWS\System32\Drivers\c4166fec1e7746a1.sys - will be deleted on reboot
    22:11:19.0140 3052 c4166fec1e7746a1 ( Rootkit.Win32.Necurs.gen ) - User select action: Delete
    22:11:33.0296 2812 Deinitialize success
    ----------------------------
     
  9. Deb Jones

    Deb Jones TS Rookie Topic Starter

    22:32:27.0078 2956 TDSS rootkit removing tool 2.8.8.0 Aug 24 2012 13:27:48
    22:32:27.0078 2956 ============================================================
    22:32:27.0078 2956 Current date / time: 2012/08/24 22:32:27.0078
    22:32:27.0078 2956 SystemInfo:
    22:32:27.0078 2956
    22:32:27.0078 2956 OS Version: 5.1.2600 ServicePack: 3.0
    22:32:27.0078 2956 Product type: Workstation
    22:32:27.0078 2956 ComputerName: PAYSON1
    22:32:27.0078 2956 UserName: user1
    22:32:27.0078 2956 Windows directory: C:\WINDOWS
    22:32:27.0078 2956 System windows directory: C:\WINDOWS
    22:32:27.0078 2956 Processor architecture: Intel x86
    22:32:27.0078 2956 Number of processors: 2
    22:32:27.0078 2956 Page size: 0x1000
    22:32:27.0078 2956 Boot type: Normal boot
    22:32:27.0078 2956 ============================================================
    22:32:28.0843 2956 Drive \Device\Harddisk0\DR0 - Size: 0x7470C06000 (465.76 Gb), SectorSize: 0x200, Cylinders: 0xED81, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000054
    22:32:28.0875 2956 Drive \Device\Harddisk1\DR5 - Size: 0x1DEFFFE00 (7.48 Gb), SectorSize: 0x200, Cylinders: 0x3D1, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'W'
    22:32:28.0875 2956 ============================================================
    22:32:28.0875 2956 \Device\Harddisk0\DR0:
    22:32:28.0875 2956 MBR partitions:
    22:32:28.0875 2956 \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x14000, BlocksNum 0x38FE9828
    22:32:28.0875 2956 \Device\Harddisk1\DR5:
    22:32:28.0875 2956 MBR partitions:
    22:32:28.0875 2956 \Device\Harddisk1\DR5\Partition1: MBR, Type 0xC, StartLBA 0x3F, BlocksNum 0xEF7FC0
    22:32:28.0875 2956 ============================================================
    22:32:28.0875 2956 C: <-> \Device\Harddisk0\DR0\Partition1
    22:32:28.0875 2956 ============================================================
    22:32:28.0875 2956 Initialize success
    22:32:28.0875 2956 ============================================================
    22:32:31.0593 3020 ============================================================
    22:32:31.0593 3020 Scan started
    22:32:31.0593 3020 Mode: Manual;
    22:32:31.0593 3020 ============================================================
    22:32:32.0546 3020 ================ Scan system memory ========================
    22:32:32.0546 3020 System memory - ok
    22:32:32.0546 3020 ================ Scan services =============================
    22:32:32.0859 3020 32735317 - ok
    22:32:32.0859 3020 94761388 - ok
    22:32:32.0859 3020 Abiosdsk - ok
    22:32:32.0906 3020 [ 6ABB91494FE6C59089B9336452AB2EA3 ] abp480n5 C:\WINDOWS\system32\DRIVERS\ABP480N5.SYS
    22:32:32.0906 3020 abp480n5 - ok
    22:32:32.0921 3020 [ 8FD99680A539792A30E97944FDAECF17 ] ACPI C:\WINDOWS\system32\DRIVERS\ACPI.sys
    22:32:32.0937 3020 ACPI - ok
    22:32:32.0968 3020 [ 9859C0F6936E723E4892D7141B1327D5 ] ACPIEC C:\WINDOWS\system32\drivers\ACPIEC.sys
    22:32:32.0984 3020 ACPIEC - ok
    22:32:33.0015 3020 [ 9A11864873DA202C996558B2106B0BBC ] adpu160m C:\WINDOWS\system32\DRIVERS\adpu160m.sys
    22:32:33.0062 3020 adpu160m - ok
    22:32:33.0125 3020 [ 8BED39E3C35D6A489438B8141717A557 ] aec C:\WINDOWS\system32\drivers\aec.sys
    22:32:33.0140 3020 aec - ok
    22:32:33.0187 3020 [ 1E44BC1E83D8FD2305F8D452DB109CF9 ] AFD C:\WINDOWS\System32\drivers\afd.sys
    22:32:33.0203 3020 AFD - ok
    22:32:33.0218 3020 [ 08FD04AA961BDC77FB983F328334E3D7 ] agp440 C:\WINDOWS\system32\DRIVERS\agp440.sys
    22:32:33.0218 3020 agp440 - ok
    22:32:33.0218 3020 [ 03A7E0922ACFE1B07D5DB2EEB0773063 ] agpCPQ C:\WINDOWS\system32\DRIVERS\agpCPQ.sys
    22:32:33.0218 3020 agpCPQ - ok
    22:32:33.0250 3020 [ C23EA9B5F46C7F7910DB3EAB648FF013 ] Aha154x C:\WINDOWS\system32\DRIVERS\aha154x.sys
    22:32:33.0250 3020 Aha154x - ok
    22:32:33.0281 3020 [ 19DD0FB48B0C18892F70E2E7D61A1529 ] aic78u2 C:\WINDOWS\system32\DRIVERS\aic78u2.sys
    22:32:33.0296 3020 aic78u2 - ok
    22:32:33.0296 3020 [ B7FE594A7468AA0132DEB03FB8E34326 ] aic78xx C:\WINDOWS\system32\DRIVERS\aic78xx.sys
    22:32:33.0312 3020 aic78xx - ok
    22:32:33.0343 3020 [ A9A3DAA780CA6C9671A19D52456705B4 ] Alerter C:\WINDOWS\system32\alrsvc.dll
    22:32:33.0359 3020 Alerter - ok
    22:32:33.0375 3020 [ 8C515081584A38AA007909CD02020B3D ] ALG C:\WINDOWS\System32\alg.exe
    22:32:33.0375 3020 ALG - ok
    22:32:33.0375 3020 [ 1140AB9938809700B46BB88E46D72A96 ] AliIde C:\WINDOWS\system32\DRIVERS\aliide.sys
    22:32:33.0375 3020 AliIde - ok
    22:32:33.0375 3020 [ CB08AED0DE2DD889A8A820CD8082D83C ] alim1541 C:\WINDOWS\system32\DRIVERS\alim1541.sys
    22:32:33.0390 3020 alim1541 - ok
    22:32:33.0421 3020 [ 95B4FB835E28AA1336CEEB07FD5B9398 ] amdagp C:\WINDOWS\system32\DRIVERS\amdagp.sys
    22:32:33.0437 3020 amdagp - ok
    22:32:33.0484 3020 [ 79F5ADD8D24BD6893F2903A3E2F3FAD6 ] amsint C:\WINDOWS\system32\DRIVERS\amsint.sys
    22:32:33.0500 3020 amsint - ok
    22:32:33.0625 3020 [ 0A1CC583E8147004E4AD4625D7FBF88C ] AntiVirSchedulerService C:\Program Files\Avira\AntiVir Desktop\sched.exe
    22:32:33.0640 3020 AntiVirSchedulerService - ok
    22:32:33.0703 3020 [ C9A36EF935ACED86AEDF93E97E606911 ] AntiVirService C:\Program Files\Avira\AntiVir Desktop\avguard.exe
    22:32:33.0703 3020 AntiVirService - ok
    22:32:33.0796 3020 [ D8849F77C0B66226335A59D26CB4EDC6 ] AppMgmt C:\WINDOWS\System32\appmgmts.dll
    22:32:33.0812 3020 AppMgmt - ok
    22:32:33.0875 3020 [ 62D318E9A0C8FC9B780008E724283707 ] asc C:\WINDOWS\system32\DRIVERS\asc.sys
    22:32:33.0875 3020 asc - ok
    22:32:33.0875 3020 [ 69EB0CC7714B32896CCBFD5EDCBEA447 ] asc3350p C:\WINDOWS\system32\DRIVERS\asc3350p.sys
    22:32:33.0875 3020 asc3350p - ok
    22:32:33.0968 3020 [ 5D8DE112AA0254B907861E9E9C31D597 ] asc3550 C:\WINDOWS\system32\DRIVERS\asc3550.sys
    22:32:33.0984 3020 asc3550 - ok
    22:32:34.0109 3020 [ 0E5E4957549056E2BF2C49F4F6B601AD ] aspnet_state C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe
    22:32:34.0171 3020 aspnet_state - ok
    22:32:34.0187 3020 [ B153AFFAC761E7F5FCFA822B9C4E97BC ] AsyncMac C:\WINDOWS\system32\DRIVERS\asyncmac.sys
    22:32:34.0187 3020 AsyncMac - ok
    22:32:34.0250 3020 [ 9F3A2F5AA6875C72BF062C712CFA2674 ] atapi C:\WINDOWS\system32\DRIVERS\atapi.sys
    22:32:34.0250 3020 atapi - ok
    22:32:34.0250 3020 Atdisk - ok
    22:32:34.0250 3020 [ 9916C1225104BA14794209CFA8012159 ] Atmarpc C:\WINDOWS\system32\DRIVERS\atmarpc.sys
    22:32:34.0250 3020 Atmarpc - ok
    22:32:34.0296 3020 [ DEF7A7882BEC100FE0B2CE2549188F9D ] AudioSrv C:\WINDOWS\System32\audiosrv.dll
    22:32:34.0296 3020 AudioSrv - ok
    22:32:34.0312 3020 [ D9F724AA26C010A217C97606B160ED68 ] audstub C:\WINDOWS\system32\DRIVERS\audstub.sys
    22:32:34.0312 3020 audstub - ok
    22:32:34.0343 3020 [ D5541F0AFB767E85FC412FC609D96A74 ] avgntflt C:\WINDOWS\system32\DRIVERS\avgntflt.sys
    22:32:34.0359 3020 avgntflt - ok
    22:32:34.0390 3020 [ 7D967A682D4694DF7FA57D63A2DB01FE ] avipbb C:\WINDOWS\system32\DRIVERS\avipbb.sys
    22:32:34.0390 3020 avipbb - ok
    22:32:34.0406 3020 [ 53E56450DA16A1A7F0D002F511113F67 ] avkmgr C:\WINDOWS\system32\DRIVERS\avkmgr.sys
    22:32:34.0406 3020 avkmgr - ok
    22:32:34.0453 3020 [ DA1F27D85E0D1525F6621372E7B685E9 ] Beep C:\WINDOWS\system32\drivers\Beep.sys
    22:32:34.0453 3020 Beep - ok
    22:32:34.0500 3020 [ CFD4E51402DA9838B5A04AE680AF54A0 ] Browser C:\WINDOWS\System32\browser.dll
    22:32:34.0500 3020 Browser - ok
    22:32:34.0500 3020 c4166fec1e7746a1 - ok
    22:32:34.0546 3020 [ 90A673FC8E12A79AFBED2576F6A7AAF9 ] cbidf C:\WINDOWS\system32\DRIVERS\cbidf2k.sys
    22:32:34.0546 3020 cbidf - ok
    22:32:34.0562 3020 [ 90A673FC8E12A79AFBED2576F6A7AAF9 ] cbidf2k C:\WINDOWS\system32\drivers\cbidf2k.sys
    22:32:34.0562 3020 cbidf2k - ok
    22:32:34.0562 3020 [ F3EC03299634490E97BBCE94CD2954C7 ] cd20xrnt C:\WINDOWS\system32\DRIVERS\cd20xrnt.sys
    22:32:34.0562 3020 cd20xrnt - ok
    22:32:34.0593 3020 [ C1B486A7658353D33A10CC15211A873B ] Cdaudio C:\WINDOWS\system32\drivers\Cdaudio.sys
    22:32:34.0593 3020 Cdaudio - ok
    22:32:34.0593 3020 [ C885B02847F5D2FD45A24E219ED93B32 ] Cdfs C:\WINDOWS\system32\drivers\Cdfs.sys
    22:32:34.0593 3020 Cdfs - ok
    22:32:34.0625 3020 [ 1F4260CC5B42272D71F79E570A27A4FE ] Cdrom C:\WINDOWS\system32\DRIVERS\cdrom.sys
    22:32:34.0625 3020 Cdrom - ok
    22:32:34.0625 3020 Changer - ok
    22:32:34.0671 3020 [ 1CFE720EB8D93A7158A4EBC3AB178BDE ] CiSvc C:\WINDOWS\system32\cisvc.exe
    22:32:34.0671 3020 CiSvc - ok
    22:32:34.0718 3020 [ 34CBE729F38138217F9C80212A2A0C82 ] ClipSrv C:\WINDOWS\system32\clipsrv.exe
    22:32:34.0734 3020 ClipSrv - ok
    22:32:34.0781 3020 [ D87ACAED61E417BBA546CED5E7E36D9C ] clr_optimization_v2.0.50727_32 C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
    22:32:35.0093 3020 clr_optimization_v2.0.50727_32 - ok
    22:32:35.0156 3020 [ C5A75EB48E2344ABDC162BDA79E16841 ] clr_optimization_v4.0.30319_32 C:\WINDOWS\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
    22:32:35.0156 3020 clr_optimization_v4.0.30319_32 - ok
    22:32:35.0171 3020 [ E5DCB56C533014ECBC556A8357C929D5 ] CmdIde C:\WINDOWS\system32\DRIVERS\cmdide.sys
    22:32:35.0171 3020 CmdIde - ok
    22:32:35.0187 3020 COMSysApp - ok
    22:32:35.0218 3020 [ 3EE529119EED34CD212A215E8C40D4B6 ] Cpqarray C:\WINDOWS\system32\DRIVERS\cpqarray.sys
    22:32:35.0234 3020 Cpqarray - ok
    22:32:35.0281 3020 [ 3D4E199942E29207970E04315D02AD3B ] CryptSvc C:\WINDOWS\System32\cryptsvc.dll
    22:32:35.0281 3020 CryptSvc - ok
    22:32:35.0343 3020 [ E550E7418984B65A78299D248F0A7F36 ] dac2w2k C:\WINDOWS\system32\DRIVERS\dac2w2k.sys
    22:32:35.0343 3020 dac2w2k - ok
    22:32:35.0375 3020 [ 683789CAA3864EB46125AE86FF677D34 ] dac960nt C:\WINDOWS\system32\DRIVERS\dac960nt.sys
    22:32:35.0375 3020 dac960nt - ok
    22:32:35.0421 3020 [ 6B27A5C03DFB94B4245739065431322C ] DcomLaunch C:\WINDOWS\system32\rpcss.dll
    22:32:35.0437 3020 DcomLaunch - ok
    22:32:35.0468 3020 [ 5E38D7684A49CACFB752B046357E0589 ] Dhcp C:\WINDOWS\System32\dhcpcsvc.dll
    22:32:35.0484 3020 Dhcp - ok
    22:32:35.0515 3020 [ 044452051F3E02E7963599FC8F4F3E25 ] Disk C:\WINDOWS\system32\DRIVERS\disk.sys
    22:32:35.0515 3020 Disk - ok
    22:32:35.0531 3020 dmadmin - ok
    22:32:35.0578 3020 [ D992FE1274BDE0F84AD826ACAE022A41 ] dmboot C:\WINDOWS\system32\drivers\dmboot.sys
    22:32:35.0578 3020 dmboot - ok
    22:32:35.0593 3020 [ 7C824CF7BBDE77D95C08005717A95F6F ] dmio C:\WINDOWS\system32\drivers\dmio.sys
    22:32:35.0593 3020 dmio - ok
    22:32:35.0593 3020 [ E9317282A63CA4D188C0DF5E09C6AC5F ] dmload C:\WINDOWS\system32\drivers\dmload.sys
    22:32:35.0593 3020 dmload - ok
    22:32:35.0593 3020 [ 57EDEC2E5F59F0335E92F35184BC8631 ] dmserver C:\WINDOWS\System32\dmserver.dll
    22:32:35.0593 3020 dmserver - ok
    22:32:35.0640 3020 [ 8A208DFCF89792A484E76C40E5F50B45 ] DMusic C:\WINDOWS\system32\drivers\DMusic.sys
    22:32:35.0640 3020 DMusic - ok
    22:32:35.0656 3020 [ 5F7E24FA9EAB896051FFB87F840730D2 ] Dnscache C:\WINDOWS\System32\dnsrslvr.dll
    22:32:35.0656 3020 Dnscache - ok
    22:32:35.0687 3020 [ 0F0F6E687E5E15579EF4DA8DD6945814 ] Dot3svc C:\WINDOWS\System32\dot3svc.dll
    22:32:35.0687 3020 Dot3svc - ok
    22:32:35.0703 3020 [ 40F3B93B4E5B0126F2F5C0A7A5E22660 ] dpti2o C:\WINDOWS\system32\DRIVERS\dpti2o.sys
    22:32:35.0703 3020 dpti2o - ok
    22:32:35.0718 3020 [ 8F5FCFF8E8848AFAC920905FBD9D33C8 ] drmkaud C:\WINDOWS\system32\drivers\drmkaud.sys
    22:32:35.0718 3020 drmkaud - ok
    22:32:35.0750 3020 [ 2187855A7703ADEF0CEF9EE4285182CC ] EapHost C:\WINDOWS\System32\eapsvc.dll
    22:32:35.0750 3020 EapHost - ok
    22:32:35.0765 3020 [ BC93B4A066477954555966D77FEC9ECB ] ERSvc C:\WINDOWS\System32\ersvc.dll
    22:32:35.0765 3020 ERSvc - ok
    22:32:35.0781 3020 [ 65DF52F5B8B6E9BBD183505225C37315 ] Eventlog C:\WINDOWS\system32\services.exe
    22:32:35.0781 3020 Eventlog - ok
    22:32:35.0812 3020 [ D4991D98F2DB73C60D042F1AEF79EFAE ] EventSystem C:\WINDOWS\system32\es.dll
    22:32:35.0812 3020 EventSystem - ok
    22:32:35.0843 3020 [ 38D332A6D56AF32635675F132548343E ] Fastfat C:\WINDOWS\system32\drivers\Fastfat.sys
    22:32:35.0843 3020 Fastfat - ok
    22:32:35.0890 3020 [ 99BC0B50F511924348BE19C7C7313BBF ] FastUserSwitchingCompatibility C:\WINDOWS\System32\shsvcs.dll
    22:32:35.0890 3020 FastUserSwitchingCompatibility - ok
    22:32:35.0937 3020 [ E97D6A8684466DF94FF3BC24FB787A07 ] Fax C:\WINDOWS\system32\fxssvc.exe
    22:32:35.0937 3020 Fax - ok
    22:32:35.0953 3020 [ 92CDD60B6730B9F50F6A1A0C1F8CDC81 ] Fdc C:\WINDOWS\system32\drivers\Fdc.sys
    22:32:35.0953 3020 Fdc - ok
    22:32:35.0953 3020 [ D45926117EB9FA946A6AF572FBE1CAA3 ] Fips C:\WINDOWS\system32\drivers\Fips.sys
    22:32:35.0953 3020 Fips - ok
    22:32:36.0015 3020 [ F76D04F7413B07DAA029F6520B64B4E8 ] FLEXnet Licensing Service C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
    22:32:36.0109 3020 FLEXnet Licensing Service - ok
    22:32:36.0109 3020 [ 9D27E7B80BFCDF1CDD9B555862D5E7F0 ] Flpydisk C:\WINDOWS\system32\drivers\Flpydisk.sys
    22:32:36.0109 3020 Flpydisk - ok
    22:32:36.0125 3020 [ B2CF4B0786F8212CB92ED2B50C6DB6B0 ] FltMgr C:\WINDOWS\system32\DRIVERS\fltMgr.sys
    22:32:36.0125 3020 FltMgr - ok
    22:32:36.0187 3020 [ 8BA7C024070F2B7FDD98ED8A4BA41789 ] FontCache3.0.0.0 c:\WINDOWS\Microsoft.NET\Framework\v3.0\WPF\PresentationFontCache.exe
    22:32:36.0187 3020 FontCache3.0.0.0 - ok
    22:32:36.0187 3020 [ 3E1E2BD4F39B0E2B7DC4F4D2BCC2779A ] Fs_Rec C:\WINDOWS\system32\drivers\Fs_Rec.sys
    22:32:36.0187 3020 Fs_Rec - ok
    22:32:36.0218 3020 [ 6AC26732762483366C3969C9E4D2259D ] Ftdisk C:\WINDOWS\system32\DRIVERS\ftdisk.sys
    22:32:36.0218 3020 Ftdisk - ok
    22:32:36.0234 3020 [ 0A02C63C8B144BD8C86B103DEE7C86A2 ] Gpc C:\WINDOWS\system32\DRIVERS\msgpc.sys
    22:32:36.0234 3020 Gpc - ok
    22:32:36.0281 3020 [ 573C7D0A32852B48F3058CFD8026F511 ] HDAudBus C:\WINDOWS\system32\DRIVERS\HDAudBus.sys
    22:32:36.0281 3020 HDAudBus - ok
    22:32:36.0359 3020 [ 4FCCA060DFE0C51A09DD5C3843888BCD ] helpsvc C:\WINDOWS\PCHealth\HelpCtr\Binaries\pchsvc.dll
    22:32:36.0359 3020 helpsvc - ok
    22:32:36.0359 3020 [ DEB04DA35CC871B6D309B77E1443C796 ] HidServ C:\WINDOWS\System32\hidserv.dll
    22:32:36.0359 3020 HidServ - ok
    22:32:36.0390 3020 [ CCF82C5EC8A7326C3066DE870C06DAF1 ] hidusb C:\WINDOWS\system32\DRIVERS\hidusb.sys
    22:32:36.0390 3020 hidusb - ok
    22:32:36.0437 3020 [ 8878BD685E490239777BFE51320B88E9 ] hkmsvc C:\WINDOWS\System32\kmsvc.dll
    22:32:36.0437 3020 hkmsvc - ok
    22:32:36.0468 3020 [ B028377DEA0546A5FCFBA928A8AEFAE0 ] hpn C:\WINDOWS\system32\DRIVERS\hpn.sys
    22:32:36.0468 3020 hpn - ok
    22:32:36.0500 3020 [ F80A415EF82CD06FFAF0D971528EAD38 ] HTTP C:\WINDOWS\system32\Drivers\HTTP.sys
    22:32:36.0500 3020 HTTP - ok
    22:32:36.0546 3020 [ 6100A808600F44D999CEBDEF8841C7A3 ] HTTPFilter C:\WINDOWS\System32\w3ssl.dll
    22:32:36.0562 3020 HTTPFilter - ok
    22:32:36.0562 3020 [ 9368670BD426EBEA5E8B18A62416EC28 ] i2omgmt C:\WINDOWS\system32\drivers\i2omgmt.sys
    22:32:36.0562 3020 i2omgmt - ok
    22:32:36.0593 3020 [ F10863BF1CCC290BABD1A09188AE49E0 ] i2omp C:\WINDOWS\system32\DRIVERS\i2omp.sys
    22:32:36.0593 3020 i2omp - ok
    22:32:36.0734 3020 [ CEA8D2A9579352FFF5B01FF0A38A7B32 ] ialm C:\WINDOWS\system32\DRIVERS\igxpmp32.sys
    22:32:36.0796 3020 ialm - ok
    22:32:36.0890 3020 [ C01AC32DC5C03076CFB852CB5DA5229C ] idsvc C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe
    22:32:36.0906 3020 idsvc - ok
    22:32:36.0921 3020 [ 083A052659F5310DD8B6A6CB05EDCF8E ] Imapi C:\WINDOWS\system32\DRIVERS\imapi.sys
    22:32:36.0921 3020 Imapi - ok
    22:32:36.0968 3020 [ 30DEAF54A9755BB8546168CFE8A6B5E1 ] ImapiService C:\WINDOWS\system32\imapi.exe
    22:32:36.0968 3020 ImapiService - ok
    22:32:36.0968 3020 [ 4A40E045FAEE58631FD8D91AFC620719 ] ini910u C:\WINDOWS\system32\DRIVERS\ini910u.sys
    22:32:36.0968 3020 ini910u - ok
    22:32:37.0109 3020 [ 2FEB5BF0312E1CB76CD2CAA875CBAA5D ] IntcAzAudAddService C:\WINDOWS\system32\drivers\RtkHDAud.sys
    22:32:37.0140 3020 IntcAzAudAddService - ok
    22:32:37.0156 3020 [ B5466A9250342A7AA0CD1FBA13420678 ] IntelIde C:\WINDOWS\system32\DRIVERS\intelide.sys
    22:32:37.0156 3020 IntelIde - ok
    22:32:37.0187 3020 [ 8C953733D8F36EB2133F5BB58808B66B ] intelppm C:\WINDOWS\system32\DRIVERS\intelppm.sys
    22:32:37.0187 3020 intelppm - ok
    22:32:37.0265 3020 [ 3DC635B66DD7412E1C9C3A77B8D78F25 ] IntuitUpdateService C:\Program Files\Common Files\Intuit\Update Service\IntuitUpdateService.exe
    22:32:37.0265 3020 IntuitUpdateService - ok
    22:32:37.0312 3020 [ 1663A135865F0BA6E853353E98E67F2A ] IntuitUpdateServiceV4 C:\Program Files\Common Files\Intuit\Update Service v4\IntuitUpdateService.exe
    22:32:37.0312 3020 IntuitUpdateServiceV4 - ok
    22:32:37.0328 3020 [ 3BB22519A194418D5FEC05D800A19AD0 ] Ip6Fw C:\WINDOWS\system32\DRIVERS\Ip6Fw.sys
    22:32:37.0328 3020 Ip6Fw - ok
    22:32:37.0328 3020 [ 731F22BA402EE4B62748ADAF6363C182 ] IpFilterDriver C:\WINDOWS\system32\DRIVERS\ipfltdrv.sys
    22:32:37.0328 3020 IpFilterDriver - ok
    22:32:37.0328 3020 [ B87AB476DCF76E72010632B5550955F5 ] IpInIp C:\WINDOWS\system32\DRIVERS\ipinip.sys
    22:32:37.0328 3020 IpInIp - ok
    22:32:37.0375 3020 [ CC748EA12C6EFFDE940EE98098BF96BB ] IpNat C:\WINDOWS\system32\DRIVERS\ipnat.sys
    22:32:37.0375 3020 IpNat - ok
    22:32:37.0375 3020 [ 23C74D75E36E7158768DD63D92789A91 ] IPSec C:\WINDOWS\system32\DRIVERS\ipsec.sys
    22:32:37.0375 3020 IPSec - ok
    22:32:37.0390 3020 [ C93C9FF7B04D772627A3646D89F7BF89 ] IRENUM C:\WINDOWS\system32\DRIVERS\irenum.sys
    22:32:37.0390 3020 IRENUM - ok
    22:32:37.0437 3020 [ 05A299EC56E52649B1CF2FC52D20F2D7 ] isapnp C:\WINDOWS\system32\DRIVERS\isapnp.sys
    22:32:37.0437 3020 isapnp - ok
    22:32:37.0515 3020 [ 890369AED0DDE1A98F09F7DC239CA2BD ] JavaQuickStarterService C:\Program Files\Java\jre6\bin\jqs.exe
    22:32:37.0515 3020 JavaQuickStarterService - ok
    22:32:37.0546 3020 [ 463C1EC80CD17420A542B7F36A36F128 ] Kbdclass C:\WINDOWS\system32\DRIVERS\kbdclass.sys
    22:32:37.0546 3020 Kbdclass - ok
    22:32:37.0562 3020 [ 9EF487A186DEA361AA06913A75B3FA99 ] kbdhid C:\WINDOWS\system32\DRIVERS\kbdhid.sys
    22:32:37.0562 3020 kbdhid - ok
    22:32:37.0578 3020 [ 692BCF44383D056AED41B045A323D378 ] kmixer C:\WINDOWS\system32\drivers\kmixer.sys
    22:32:37.0578 3020 kmixer - ok
    22:32:37.0609 3020 [ B467646C54CC746128904E1654C750C1 ] KSecDD C:\WINDOWS\system32\drivers\KSecDD.sys
    22:32:37.0609 3020 KSecDD - ok
    22:32:37.0640 3020 [ 3A7C3CBE5D96B8AE96CE81F0B22FB527 ] LanmanServer C:\WINDOWS\System32\srvsvc.dll
    22:32:37.0640 3020 LanmanServer - ok
    22:32:37.0656 3020 [ A8888A5327621856C0CEC4E385F69309 ] lanmanworkstation C:\WINDOWS\System32\wkssvc.dll
    22:32:37.0656 3020 lanmanworkstation - ok
    22:32:37.0656 3020 lbrtfdc - ok
    22:32:37.0718 3020 [ A7DB739AE99A796D91580147E919CC59 ] LmHosts C:\WINDOWS\System32\lmhsvc.dll
    22:32:37.0718 3020 LmHosts - ok
    22:32:37.0750 3020 [ 6C1B3C47915A8BF6BD752C9D476B1CA5 ] mbamchameleon C:\WINDOWS\system32\drivers\mbamchameleon.sys
    22:32:37.0750 3020 mbamchameleon - ok
    22:32:37.0781 3020 [ 0DB7527DB188C7D967A37BB51BBF3963 ] MBAMSwissArmy C:\WINDOWS\system32\drivers\mbamswissarmy.sys
    22:32:37.0781 3020 MBAMSwissArmy - ok
    22:32:37.0796 3020 [ 986B1FF5814366D71E0AC5755C88F2D3 ] Messenger C:\WINDOWS\System32\msgsvc.dll
    22:32:37.0796 3020 Messenger - ok
    22:32:37.0812 3020 [ 4AE068242760A1FB6E1A44BF4E16AFA6 ] mnmdd C:\WINDOWS\system32\drivers\mnmdd.sys
    22:32:37.0812 3020 mnmdd - ok
    22:32:37.0843 3020 [ D18F1F0C101D06A1C1ADF26EED16FCDD ] mnmsrvc C:\WINDOWS\system32\mnmsrvc.exe
    22:32:37.0843 3020 mnmsrvc - ok
    22:32:37.0859 3020 [ DFCBAD3CEC1C5F964962AE10E0BCC8E1 ] Modem C:\WINDOWS\system32\drivers\Modem.sys
    22:32:37.0859 3020 Modem - ok
    22:32:37.0859 3020 [ 35C9E97194C8CFB8430125F8DBC34D04 ] Mouclass C:\WINDOWS\system32\DRIVERS\mouclass.sys
    22:32:37.0859 3020 Mouclass - ok
    22:32:37.0875 3020 [ B1C303E17FB9D46E87A98E4BA6769685 ] mouhid C:\WINDOWS\system32\DRIVERS\mouhid.sys
    22:32:37.0875 3020 mouhid - ok
    22:32:37.0890 3020 [ A80B9A0BAD1B73637DBCBBA7DF72D3FD ] MountMgr C:\WINDOWS\system32\drivers\MountMgr.sys
    22:32:37.0890 3020 MountMgr - ok
    22:32:37.0937 3020 [ D993BEA500E7382DC4E760BF4F35EFCB ] MpFilter C:\WINDOWS\system32\DRIVERS\MpFilter.sys
    22:32:37.0937 3020 MpFilter - ok
    22:32:38.0046 3020 [ A69630D039C38018689190234F866D77 ] MpKsl177b78d4 c:\Documents and Settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{F9250F3A-1834-48A2-9FBB-13763BB957CF}\MpKsl177b78d4.sys
    22:32:38.0046 3020 MpKsl177b78d4 - ok
    22:32:38.0078 3020 [ 3F4BB95E5A44F3BE34824E8E7CAF0737 ] mraid35x C:\WINDOWS\system32\DRIVERS\mraid35x.sys
    22:32:38.0078 3020 mraid35x - ok
    22:32:38.0078 3020 [ 11D42BB6206F33FBB3BA0288D3EF81BD ] MRxDAV C:\WINDOWS\system32\DRIVERS\mrxdav.sys
    22:32:38.0078 3020 MRxDAV - ok
    22:32:38.0140 3020 [ 7D304A5EB4344EBEEAB53A2FE3FFB9F0 ] MRxSmb C:\WINDOWS\system32\DRIVERS\mrxsmb.sys
    22:32:38.0140 3020 MRxSmb - ok
    22:32:38.0187 3020 [ A137F1470499A205ABBB9AAFB3B6F2B1 ] MSDTC C:\WINDOWS\system32\msdtc.exe
    22:32:38.0187 3020 MSDTC - ok
    22:32:38.0187 3020 [ C941EA2454BA8350021D774DAF0F1027 ] Msfs C:\WINDOWS\system32\drivers\Msfs.sys
    22:32:38.0187 3020 Msfs - ok
    22:32:38.0203 3020 MSIServer - ok
    22:32:38.0218 3020 [ D1575E71568F4D9E14CA56B7B0453BF1 ] MSKSSRV C:\WINDOWS\system32\drivers\MSKSSRV.sys
    22:32:38.0218 3020 MSKSSRV - ok
    22:32:38.0250 3020 [ 24516BF4E12A46CB67302E2CDCB8CDDF ] MsMpSvc c:\Program Files\Microsoft Security Client\MsMpEng.exe
    22:32:38.0250 3020 MsMpSvc - ok
    22:32:38.0250 3020 [ 325BB26842FC7CCC1FCCE2C457317F3E ] MSPCLOCK C:\WINDOWS\system32\drivers\MSPCLOCK.sys
    22:32:38.0265 3020 MSPCLOCK - ok
    22:32:38.0265 3020 [ BAD59648BA099DA4A17680B39730CB3D ] MSPQM C:\WINDOWS\system32\drivers\MSPQM.sys
    22:32:38.0265 3020 MSPQM - ok
    22:32:38.0281 3020 [ AF5F4F3F14A8EA2C26DE30F7A1E17136 ] mssmbios C:\WINDOWS\system32\DRIVERS\mssmbios.sys
    22:32:38.0281 3020 mssmbios - ok
    22:32:38.0296 3020 [ DE6A75F5C270E756C5508D94B6CF68F5 ] Mup C:\WINDOWS\system32\drivers\Mup.sys
    22:32:38.0312 3020 Mup - ok
    22:32:38.0328 3020 [ 0102140028FAD045756796E1C685D695 ] napagent C:\WINDOWS\System32\qagentrt.dll
    22:32:38.0343 3020 napagent - ok
    22:32:38.0359 3020 [ 1DF7F42665C94B825322FAE71721130D ] NDIS C:\WINDOWS\system32\drivers\NDIS.sys
    22:32:38.0359 3020 NDIS - ok
    22:32:38.0406 3020 [ 0109C4F3850DFBAB279542515386AE22 ] NdisTapi C:\WINDOWS\system32\DRIVERS\ndistapi.sys
    22:32:38.0406 3020 NdisTapi - ok
    22:32:38.0421 3020 [ F927A4434C5028758A842943EF1A3849 ] Ndisuio C:\WINDOWS\system32\DRIVERS\ndisuio.sys
    22:32:38.0421 3020 Ndisuio - ok
    22:32:38.0421 3020 [ EDC1531A49C80614B2CFDA43CA8659AB ] NdisWan C:\WINDOWS\system32\DRIVERS\ndiswan.sys
    22:32:38.0421 3020 NdisWan - ok
    22:32:38.0453 3020 [ 9282BD12DFB069D3889EB3FCC1000A9B ] NDProxy C:\WINDOWS\system32\drivers\NDProxy.sys
    22:32:38.0453 3020 NDProxy - ok
    22:32:38.0484 3020 [ 2969D26EEE289BE7422AA46FC55F4E38 ] Net Driver HPZ12 C:\WINDOWS\system32\HPZinw12.dll
    22:32:38.0484 3020 Net Driver HPZ12 - ok
    22:32:38.0500 3020 [ 5D81CF9A2F1A3A756B66CF684911CDF0 ] NetBIOS C:\WINDOWS\system32\DRIVERS\netbios.sys
    22:32:38.0500 3020 NetBIOS - ok
    22:32:38.0500 3020 [ 74B2B2F5BEA5E9A3DC021D685551BD3D ] NetBT C:\WINDOWS\system32\DRIVERS\netbt.sys
    22:32:38.0515 3020 NetBT - ok
    22:32:38.0531 3020 [ B857BA82860D7FF85AE29B095645563B ] NetDDE C:\WINDOWS\system32\netdde.exe
    22:32:38.0531 3020 NetDDE - ok
    22:32:38.0531 3020 [ B857BA82860D7FF85AE29B095645563B ] NetDDEdsdm C:\WINDOWS\system32\netdde.exe
    22:32:38.0531 3020 NetDDEdsdm - ok
    22:32:38.0562 3020 [ BF2466B3E18E970D8A976FB95FC1CA85 ] Netlogon C:\WINDOWS\system32\lsass.exe
    22:32:38.0562 3020 Netlogon - ok
    22:32:38.0593 3020 [ 13E67B55B3ABD7BF3FE7AAE5A0F9A9DE ] Netman C:\WINDOWS\System32\netman.dll
    22:32:38.0593 3020 Netman - ok
    22:32:38.0640 3020 [ D34612C5D02D026535B3095D620626AE ] NetTcpPortSharing C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe
    22:32:38.0640 3020 NetTcpPortSharing - ok
    22:32:38.0687 3020 [ 943337D786A56729263071623BBB9DE5 ] Nla C:\WINDOWS\System32\mswsock.dll
    22:32:38.0687 3020 Nla - ok
    22:32:38.0703 3020 [ 3182D64AE053D6FB034F44B6DEF8034A ] Npfs C:\WINDOWS\system32\drivers\Npfs.sys
    22:32:38.0703 3020 Npfs - ok
    22:32:38.0734 3020 [ 78A08DD6A8D65E697C18E1DB01C5CDCA ] Ntfs C:\WINDOWS\system32\drivers\Ntfs.sys
    22:32:38.0750 3020 Ntfs - ok
    22:32:38.0750 3020 [ BF2466B3E18E970D8A976FB95FC1CA85 ] NtLmSsp C:\WINDOWS\system32\lsass.exe
    22:32:38.0750 3020 NtLmSsp - ok
    22:32:38.0781 3020 [ 156F64A3345BD23C600655FB4D10BC08 ] NtmsSvc C:\WINDOWS\system32\ntmssvc.dll
    22:32:38.0781 3020 NtmsSvc - ok
    22:32:38.0812 3020 [ 73C1E1F395918BC2C6DD67AF7591A3AD ] Null C:\WINDOWS\system32\drivers\Null.sys
    22:32:38.0812 3020 Null - ok
    22:32:38.0812 3020 [ B305F3FAD35083837EF46A0BBCE2FC57 ] NwlnkFlt C:\WINDOWS\system32\DRIVERS\nwlnkflt.sys
    22:32:38.0812 3020 NwlnkFlt - ok
    22:32:38.0828 3020 [ C99B3415198D1AAB7227F2C88FD664B9 ] NwlnkFwd C:\WINDOWS\system32\DRIVERS\nwlnkfwd.sys
    22:32:38.0828 3020 NwlnkFwd - ok
    22:32:38.0953 3020 [ 785F487A64950F3CB8E9F16253BA3B7B ] odserv C:\Program Files\Common Files\Microsoft Shared\OFFICE12\ODSERV.EXE
    22:32:38.0968 3020 odserv - ok
    22:32:39.0000 3020 [ 5A432A042DAE460ABE7199B758E8606C ] ose C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE
    22:32:39.0000 3020 ose - ok
    22:32:39.0031 3020 [ 5575FAF8F97CE5E713D108C2A58D7C7C ] Parport C:\WINDOWS\system32\drivers\Parport.sys
    22:32:39.0046 3020 Parport - ok
    22:32:39.0046 3020 [ BEB3BA25197665D82EC7065B724171C6 ] PartMgr C:\WINDOWS\system32\drivers\PartMgr.sys
    22:32:39.0046 3020 PartMgr - ok
    22:32:39.0046 3020 [ 70E98B3FD8E963A6A46A2E6247E0BEA1 ] ParVdm C:\WINDOWS\system32\drivers\ParVdm.sys
    22:32:39.0046 3020 ParVdm - ok
    22:32:39.0093 3020 [ A219903CCF74233761D92BEF471A07B1 ] PCI C:\WINDOWS\system32\DRIVERS\pci.sys
    22:32:39.0093 3020 PCI - ok
    22:32:39.0093 3020 PCIDump - ok
    22:32:39.0093 3020 [ CCF5F451BB1A5A2A522A76E670000FF0 ] PCIIde C:\WINDOWS\system32\DRIVERS\pciide.sys
    22:32:39.0093 3020 PCIIde - ok
    22:32:39.0109 3020 [ 9E89EF60E9EE05E3F2EEF2DA7397F1C1 ] Pcmcia C:\WINDOWS\system32\drivers\Pcmcia.sys
    22:32:39.0109 3020 Pcmcia - ok
    22:32:39.0109 3020 PDCOMP - ok
    22:32:39.0109 3020 PDFRAME - ok
    22:32:39.0109 3020 PDRELI - ok
    22:32:39.0125 3020 PDRFRAME - ok
    22:32:39.0125 3020 [ 6C14B9C19BA84F73D3A86DBA11133101 ] perc2 C:\WINDOWS\system32\DRIVERS\perc2.sys
    22:32:39.0125 3020 perc2 - ok
    22:32:39.0125 3020 [ F50F7C27F131AFE7BEBA13E14A3B9416 ] perc2hib C:\WINDOWS\system32\DRIVERS\perc2hib.sys
    22:32:39.0125 3020 perc2hib - ok
    22:32:39.0156 3020 [ 65DF52F5B8B6E9BBD183505225C37315 ] PlugPlay C:\WINDOWS\system32\services.exe
    22:32:39.0156 3020 PlugPlay - ok
    22:32:39.0171 3020 [ BAFC9706BDF425A02B66468AB2605C59 ] Pml Driver HPZ12 C:\WINDOWS\system32\HPZipm12.dll
    22:32:39.0171 3020 Pml Driver HPZ12 - ok
    22:32:39.0171 3020 [ BF2466B3E18E970D8A976FB95FC1CA85 ] PolicyAgent C:\WINDOWS\system32\lsass.exe
    22:32:39.0171 3020 PolicyAgent - ok
    22:32:39.0187 3020 [ EFEEC01B1D3CF84F16DDD24D9D9D8F99 ] PptpMiniport C:\WINDOWS\system32\DRIVERS\raspptp.sys
    22:32:39.0187 3020 PptpMiniport - ok
    22:32:39.0187 3020 [ BF2466B3E18E970D8A976FB95FC1CA85 ] ProtectedStorage C:\WINDOWS\system32\lsass.exe
    22:32:39.0187 3020 ProtectedStorage - ok
    22:32:39.0187 3020 [ 09298EC810B07E5D582CB3A3F9255424 ] PSched C:\WINDOWS\system32\DRIVERS\psched.sys
    22:32:39.0187 3020 PSched - ok
    22:32:39.0203 3020 [ 80D317BD1C3DBC5D4FE7B1678C60CADD ] Ptilink C:\WINDOWS\system32\DRIVERS\ptilink.sys
    22:32:39.0203 3020 Ptilink - ok
    22:32:39.0218 3020 [ 03E0FE281823BA64B3782F5B38950E73 ] PxHelp20 C:\WINDOWS\system32\Drivers\PxHelp20.sys
    22:32:39.0218 3020 PxHelp20 - ok
    22:32:39.0281 3020 [ F6EA2DCE39F1ACCB2C6C38D61FC79075 ] QBCFMonitorService C:\Program Files\Common Files\Intuit\QuickBooks\QBCFMonitorService.exe
    22:32:39.0281 3020 QBCFMonitorService - ok
    22:32:39.0343 3020 [ BAB30D2799754F6EA22F0B9076311793 ] QBFCService C:\Program Files\Common Files\Intuit\QuickBooks\FCS\Intuit.QuickBooks.FCS.exe
    22:32:39.0359 3020 QBFCService - ok
    22:32:39.0359 3020 [ 0A63FB54039EB5662433CABA3B26DBA7 ] ql1080 C:\WINDOWS\system32\DRIVERS\ql1080.sys
    22:32:39.0359 3020 ql1080 - ok
    22:32:39.0359 3020 [ 6503449E1D43A0FF0201AD5CB1B8C706 ] Ql10wnt C:\WINDOWS\system32\DRIVERS\ql10wnt.sys
    22:32:39.0359 3020 Ql10wnt - ok
    22:32:39.0375 3020 [ 156ED0EF20C15114CA097A34A30D8A01 ] ql12160 C:\WINDOWS\system32\DRIVERS\ql12160.sys
    22:32:39.0375 3020 ql12160 - ok
    22:32:39.0375 3020 [ 70F016BEBDE6D29E864C1230A07CC5E6 ] ql1240 C:\WINDOWS\system32\DRIVERS\ql1240.sys
    22:32:39.0375 3020 ql1240 - ok
    22:32:39.0375 3020 [ 907F0AEEA6BC451011611E732BD31FCF ] ql1280 C:\WINDOWS\system32\DRIVERS\ql1280.sys
    22:32:39.0375 3020 ql1280 - ok
    22:32:39.0406 3020 [ FE0D99D6F31E4FAD8159F690D68DED9C ] RasAcd C:\WINDOWS\system32\DRIVERS\rasacd.sys
    22:32:39.0406 3020 RasAcd - ok
    22:32:39.0437 3020 [ AD188BE7BDF94E8DF4CA0A55C00A5073 ] RasAuto C:\WINDOWS\System32\rasauto.dll
    22:32:39.0437 3020 RasAuto - ok
    22:32:39.0437 3020 [ 11B4A627BC9614B885C4969BFA5FF8A6 ] Rasl2tp C:\WINDOWS\system32\DRIVERS\rasl2tp.sys
    22:32:39.0437 3020 Rasl2tp - ok
    22:32:39.0468 3020 [ 76A9A3CBEADD68CC57CDA5E1D7448235 ] RasMan C:\WINDOWS\System32\rasmans.dll
    22:32:39.0468 3020 RasMan - ok
    22:32:39.0468 3020 [ 5BC962F2654137C9909C3D4603587DEE ] RasPppoe C:\WINDOWS\system32\DRIVERS\raspppoe.sys
    22:32:39.0468 3020 RasPppoe - ok
    22:32:39.0468 3020 [ FDBB1D60066FCFBB7452FD8F9829B242 ] Raspti C:\WINDOWS\system32\DRIVERS\raspti.sys
    22:32:39.0484 3020 Raspti - ok
    22:32:39.0515 3020 [ 7AD224AD1A1437FE28D89CF22B17780A ] Rdbss C:\WINDOWS\system32\DRIVERS\rdbss.sys
    22:32:39.0515 3020 Rdbss - ok
    22:32:39.0531 3020 [ 4912D5B403614CE99C28420F75353332 ] RDPCDD C:\WINDOWS\system32\DRIVERS\RDPCDD.sys
    22:32:39.0531 3020 RDPCDD - ok
    22:32:39.0531 3020 [ 15CABD0F7C00C47C70124907916AF3F1 ] rdpdr C:\WINDOWS\system32\DRIVERS\rdpdr.sys
    22:32:39.0531 3020 rdpdr - ok
    22:32:39.0578 3020 [ 43AF5212BD8FB5BA6EED9754358BD8F7 ] RDPWD C:\WINDOWS\system32\drivers\RDPWD.sys
    22:32:39.0593 3020 RDPWD - ok
    22:32:39.0640 3020 [ 3C37BF86641BDA977C3BF8A840F3B7FA ] RDSessMgr C:\WINDOWS\system32\sessmgr.exe
    22:32:39.0640 3020 RDSessMgr - ok
    22:32:39.0656 3020 [ F828DD7E1419B6653894A8F97A0094C5 ] redbook C:\WINDOWS\system32\DRIVERS\redbook.sys
    22:32:39.0656 3020 redbook - ok
    22:32:39.0687 3020 [ 7E699FF5F59B5D9DE5390E3C34C67CF5 ] RemoteAccess C:\WINDOWS\System32\mprdim.dll
    22:32:39.0687 3020 RemoteAccess - ok
    22:32:39.0718 3020 [ 5B19B557B0C188210A56A6B699D90B8F ] RemoteRegistry C:\WINDOWS\system32\regsvc.dll
    22:32:39.0718 3020 RemoteRegistry - ok
    22:32:39.0718 3020 [ AAED593F84AFA419BBAE8572AF87CF6A ] RpcLocator C:\WINDOWS\system32\locator.exe
    22:32:39.0718 3020 RpcLocator - ok
    22:32:39.0734 3020 [ 6B27A5C03DFB94B4245739065431322C ] RpcSs C:\WINDOWS\system32\rpcss.dll
    22:32:39.0750 3020 RpcSs - ok
    22:32:39.0765 3020 [ 471B3F9741D762ABE75E9DEEA4787E47 ] RSVP C:\WINDOWS\system32\rsvp.exe
    22:32:39.0765 3020 RSVP - ok
    22:32:39.0765 3020 rt2870 - ok
    22:32:39.0796 3020 [ CB9310A5A910648D359C99A857E22A54 ] RTLE8023xp C:\WINDOWS\system32\DRIVERS\Rtenicxp.sys
    22:32:39.0796 3020 RTLE8023xp - ok
    22:32:39.0812 3020 [ BF2466B3E18E970D8A976FB95FC1CA85 ] SamSs C:\WINDOWS\system32\lsass.exe
    22:32:39.0812 3020 SamSs - ok
    22:32:39.0812 3020 [ 86D007E7A654B9A71D1D7D856B104353 ] SCardSvr C:\WINDOWS\System32\SCardSvr.exe
    22:32:39.0812 3020 SCardSvr - ok
    22:32:39.0828 3020 [ 0A9A7365A1CA4319AA7C1D6CD8E4EAFA ] Schedule C:\WINDOWS\system32\schedsvc.dll
    22:32:39.0843 3020 Schedule - ok
    22:32:39.0875 3020 [ 90A3935D05B494A5A39D37E71F09A677 ] Secdrv C:\WINDOWS\system32\DRIVERS\secdrv.sys
    22:32:39.0875 3020 Secdrv - ok
    22:32:39.0890 3020 [ CBE612E2BB6A10E3563336191EDA1250 ] seclogon C:\WINDOWS\System32\seclogon.dll
    22:32:39.0890 3020 seclogon - ok
    22:32:39.0906 3020 [ 7FDD5D0684ECA8C1F68B4D99D124DCD0 ] SENS C:\WINDOWS\system32\sens.dll
    22:32:39.0906 3020 SENS - ok
    22:32:39.0921 3020 [ CCA207A8896D4C6A0C9CE29A4AE411A7 ] Serial C:\WINDOWS\system32\drivers\Serial.sys
    22:32:39.0921 3020 Serial - ok
    22:32:39.0937 3020 [ 8E6B8C671615D126FDC553D1E2DE5562 ] Sfloppy C:\WINDOWS\system32\drivers\Sfloppy.sys
    22:32:39.0937 3020 Sfloppy - ok
    22:32:39.0984 3020 [ 83F41D0D89645D7235C051AB1D9523AC ] SharedAccess C:\WINDOWS\System32\ipnathlp.dll
    22:32:39.0984 3020 SharedAccess - ok
    22:32:40.0000 3020 [ 99BC0B50F511924348BE19C7C7313BBF ] ShellHWDetection C:\WINDOWS\System32\shsvcs.dll
    22:32:40.0000 3020 ShellHWDetection - ok
    22:32:40.0000 3020 Simbad - ok
    22:32:40.0015 3020 [ 6B33D0EBD30DB32E27D1D78FE946A754 ] sisagp C:\WINDOWS\system32\DRIVERS\sisagp.sys
    22:32:40.0015 3020 sisagp - ok
    22:32:40.0031 3020 [ 83C0F71F86D3BDAF915685F3D568B20E ] Sparrow C:\WINDOWS\system32\DRIVERS\sparrow.sys
    22:32:40.0031 3020 Sparrow - ok
    22:32:40.0078 3020 [ AB8B92451ECB048A4D1DE7C3FFCB4A9F ] splitter C:\WINDOWS\system32\drivers\splitter.sys
    22:32:40.0078 3020 splitter - ok
    22:32:40.0109 3020 [ 60784F891563FB1B767F70117FC2428F ] Spooler C:\WINDOWS\system32\spoolsv.exe
    22:32:40.0125 3020 Spooler - ok
    22:32:40.0125 3020 [ 76BB022C2FB6902FD5BDD4F78FC13A5D ] sr C:\WINDOWS\system32\DRIVERS\sr.sys
    22:32:40.0125 3020 sr - ok
    22:32:40.0156 3020 [ 3805DF0AC4296A34BA4BF93B346CC378 ] srservice C:\WINDOWS\system32\srsvc.dll
    22:32:40.0187 3020 srservice - ok
    22:32:40.0296 3020 [ 47DDFC2F003F7F9F0592C6874962A2E7 ] Srv C:\WINDOWS\system32\DRIVERS\srv.sys
    22:32:40.0328 3020 Srv - ok
    22:32:40.0437 3020 [ 0A5679B3714EDAB99E357057EE88FCA6 ] SSDPSRV C:\WINDOWS\System32\ssdpsrv.dll
    22:32:40.0437 3020 SSDPSRV - ok
    22:32:40.0515 3020 [ A36EE93698802CD899F98BFD553D8185 ] ssmdrv C:\WINDOWS\system32\DRIVERS\ssmdrv.sys
    22:32:40.0515 3020 ssmdrv - ok
    22:32:40.0609 3020 [ 8BAD69CBAC032D4BBACFCE0306174C30 ] stisvc C:\WINDOWS\system32\wiaservc.dll
    22:32:40.0656 3020 stisvc - ok
    22:32:40.0750 3020 [ 1D0063597C3666404FCF97698ABEB019 ] stllssvr C:\Program Files\Common Files\SureThing Shared\stllssvr.exe
    22:32:40.0875 3020 stllssvr - ok
    22:32:40.0906 3020 [ 3941D127AEF12E93ADDF6FE6EE027E0F ] swenum C:\WINDOWS\system32\DRIVERS\swenum.sys
    22:32:40.0937 3020 swenum - ok
    22:32:40.0968 3020 [ 8CE882BCC6CF8A62F2B2323D95CB3D01 ] swmidi C:\WINDOWS\system32\drivers\swmidi.sys
    22:32:41.0000 3020 swmidi - ok
    22:32:41.0000 3020 SwPrv - ok
    22:32:41.0078 3020 [ 1FF3217614018630D0A6758630FC698C ] symc810 C:\WINDOWS\system32\DRIVERS\symc810.sys
    22:32:41.0078 3020 symc810 - ok
    22:32:41.0078 3020 [ 070E001D95CF725186EF8B20335F933C ] symc8xx C:\WINDOWS\system32\DRIVERS\symc8xx.sys
    22:32:41.0078 3020 symc8xx - ok
    22:32:41.0078 3020 [ 80AC1C4ABBE2DF3B738BF15517A51F2C ] sym_hi C:\WINDOWS\system32\DRIVERS\sym_hi.sys
    22:32:41.0093 3020 sym_hi - ok
    22:32:41.0093 3020 [ BF4FAB949A382A8E105F46EBB4937058 ] sym_u3 C:\WINDOWS\system32\DRIVERS\sym_u3.sys
    22:32:41.0093 3020 sym_u3 - ok
    22:32:41.0093 3020 [ 8B83F3ED0F1688B4958F77CD6D2BF290 ] sysaudio C:\WINDOWS\system32\drivers\sysaudio.sys
    22:32:41.0093 3020 sysaudio - ok
    22:32:41.0109 3020 [ C7ABBC59B43274B1109DF6B24D617051 ] SysmonLog C:\WINDOWS\system32\smlogsvc.exe
    22:32:41.0125 3020 SysmonLog - ok
    22:32:41.0125 3020 [ 3CB78C17BB664637787C9A1C98F79C38 ] TapiSrv C:\WINDOWS\System32\tapisrv.dll
    22:32:41.0140 3020 TapiSrv - ok
    22:32:41.0140 3020 [ 9AEFA14BD6B182D61E3119FA5F436D3D ] Tcpip C:\WINDOWS\system32\DRIVERS\tcpip.sys
    22:32:41.0156 3020 Tcpip - ok
    22:32:41.0171 3020 [ 6471A66807F5E104E4885F5B67349397 ] TDPIPE C:\WINDOWS\system32\drivers\TDPIPE.sys
    22:32:41.0171 3020 TDPIPE - ok
    22:32:41.0171 3020 [ C56B6D0402371CF3700EB322EF3AAF61 ] TDTCP C:\WINDOWS\system32\drivers\TDTCP.sys
    22:32:41.0171 3020 TDTCP - ok
    22:32:41.0296 3020 [ 2BBB318EA9F34FDC508CEA4AAB98D770 ] TeamViewer7 C:\Program Files\TeamViewer\Version7\TeamViewer_Service.exe
    22:32:41.0312 3020 TeamViewer7 - ok
    22:32:41.0328 3020 [ 88155247177638048422893737429D9E ] TermDD C:\WINDOWS\system32\DRIVERS\termdd.sys
    22:32:41.0328 3020 TermDD - ok
    22:32:41.0375 3020 [ FF3477C03BE7201C294C35F684B3479F ] TermService C:\WINDOWS\System32\termsrv.dll
    22:32:41.0375 3020 TermService - ok
    22:32:41.0421 3020 [ 99BC0B50F511924348BE19C7C7313BBF ] Themes C:\WINDOWS\System32\shsvcs.dll
    22:32:41.0421 3020 Themes - ok
    22:32:41.0453 3020 [ DB7205804759FF62C34E3EFD8A4CC76A ] TlntSvr C:\WINDOWS\system32\tlntsvr.exe
    22:32:41.0453 3020 TlntSvr - ok
    22:32:41.0484 3020 [ F2790F6AF01321B172AA62F8E1E187D9 ] TosIde C:\WINDOWS\system32\DRIVERS\toside.sys
    22:32:41.0484 3020 TosIde - ok
    22:32:41.0500 3020 [ 55BCA12F7F523D35CA3CB833C725F54E ] TrkWks C:\WINDOWS\system32\trkwks.dll
    22:32:41.0500 3020 TrkWks - ok
    22:32:41.0500 3020 [ 5787B80C2E3C5E2F56C2A233D91FA2C9 ] Udfs C:\WINDOWS\system32\drivers\Udfs.sys
    22:32:41.0500 3020 Udfs - ok
    22:32:41.0546 3020 [ 1B698A51CD528D8DA4FFAED66DFC51B9 ] ultra C:\WINDOWS\system32\DRIVERS\ultra.sys
    22:32:41.0546 3020 ultra - ok
    22:32:41.0562 3020 [ 402DDC88356B1BAC0EE3DD1580C76A31 ] Update C:\WINDOWS\system32\DRIVERS\update.sys
    22:32:41.0562 3020 Update - ok
    22:32:41.0625 3020 [ 1EBAFEB9A3FBDC41B8D9C7F0F687AD91 ] upnphost C:\WINDOWS\System32\upnphost.dll
    22:32:41.0625 3020 upnphost - ok
    22:32:41.0640 3020 [ 05365FB38FCA1E98F7A566AAAF5D1815 ] UPS C:\WINDOWS\System32\ups.exe
    22:32:41.0640 3020 UPS - ok
    22:32:41.0656 3020 [ 173F317CE0DB8E21322E71B7E60A27E8 ] usbccgp C:\WINDOWS\system32\DRIVERS\usbccgp.sys
    22:32:41.0656 3020 usbccgp - ok
    22:32:41.0671 3020 [ 65DCF09D0E37D4C6B11B5B0B76D470A7 ] usbehci C:\WINDOWS\system32\DRIVERS\usbehci.sys
    22:32:41.0671 3020 usbehci - ok
    22:32:41.0703 3020 [ 1AB3CDDE553B6E064D2E754EFE20285C ] usbhub C:\WINDOWS\system32\DRIVERS\usbhub.sys
    22:32:41.0703 3020 usbhub - ok
    22:32:41.0718 3020 [ A717C8721046828520C9EDF31288FC00 ] usbprint C:\WINDOWS\system32\DRIVERS\usbprint.sys
    22:32:41.0718 3020 usbprint - ok
    22:32:41.0718 3020 [ A0B8CF9DEB1184FBDD20784A58FA75D4 ] usbscan C:\WINDOWS\system32\DRIVERS\usbscan.sys
    22:32:41.0718 3020 usbscan - ok
    22:32:41.0750 3020 [ A32426D9B14A089EAA1D922E0C5801A9 ] USBSTOR C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS
    22:32:41.0750 3020 USBSTOR - ok
    22:32:41.0750 3020 [ 26496F9DEE2D787FC3E61AD54821FFE6 ] usbuhci C:\WINDOWS\system32\DRIVERS\usbuhci.sys
    22:32:41.0765 3020 usbuhci - ok
    22:32:41.0796 3020 [ 0D3A8FAFCEACD8B7625CD549757A7DF1 ] VgaSave C:\WINDOWS\System32\drivers\vga.sys
    22:32:41.0796 3020 VgaSave - ok
    22:32:41.0812 3020 [ 754292CE5848B3738281B4F3607EAEF4 ] viaagp C:\WINDOWS\system32\DRIVERS\viaagp.sys
    22:32:41.0812 3020 viaagp - ok
    22:32:41.0828 3020 [ 3B3EFCDA263B8AC14FDF9CBDD0791B2E ] ViaIde C:\WINDOWS\system32\DRIVERS\viaide.sys
    22:32:41.0828 3020 ViaIde - ok
    22:32:41.0843 3020 [ 4C8FCB5CC53AAB716D810740FE59D025 ] VolSnap C:\WINDOWS\system32\drivers\VolSnap.sys
    22:32:41.0859 3020 VolSnap - ok
    22:32:41.0875 3020 [ 7A9DB3A67C333BF0BD42E42B8596854B ] VSS C:\WINDOWS\System32\vssvc.exe
    22:32:41.0890 3020 VSS - ok
    22:32:41.0906 3020 [ 54AF4B1D5459500EF0937F6D33B1914F ] w32time C:\WINDOWS\system32\w32time.dll
    22:32:41.0906 3020 w32time - ok
    22:32:41.0921 3020 [ E20B95BAEDB550F32DD489265C1DA1F6 ] Wanarp C:\WINDOWS\system32\DRIVERS\wanarp.sys
    22:32:41.0921 3020 Wanarp - ok
    22:32:41.0921 3020 WDICA - ok
    22:32:41.0937 3020 [ 6768ACF64B18196494413695F0C3A00F ] wdmaud C:\WINDOWS\system32\drivers\wdmaud.sys
    22:32:41.0937 3020 wdmaud - ok
    22:32:41.0953 3020 [ 77A354E28153AD2D5E120A5A8687BC06 ] WebClient C:\WINDOWS\System32\webclnt.dll
    22:32:41.0953 3020 WebClient - ok
    22:32:42.0031 3020 [ 2D0E4ED081963804CCC196A0929275B5 ] winmgmt C:\WINDOWS\system32\wbem\WMIsvc.dll
    22:32:42.0046 3020 winmgmt - ok
    22:32:42.0078 3020 [ C7E39EA41233E9F5B86C8DA3A9F1E4A8 ] WmdmPmSN C:\WINDOWS\system32\mspmsnsv.dll
    22:32:42.0078 3020 WmdmPmSN - ok
    22:32:42.0125 3020 [ E76F8807070ED04E7408A86D6D3A6137 ] Wmi C:\WINDOWS\System32\advapi32.dll
    22:32:42.0140 3020 Wmi - ok
    22:32:42.0156 3020 [ E0673F1106E62A68D2257E376079F821 ] WmiApSrv C:\WINDOWS\system32\wbem\wmiapsrv.exe
    22:32:42.0156 3020 WmiApSrv - ok
    22:32:42.0250 3020 [ DCF3E3EDF5109EE8BC02FE6E1F045795 ] WPFFontCache_v0400 C:\WINDOWS\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe
    22:32:42.0265 3020 WPFFontCache_v0400 - ok
    22:32:42.0312 3020 [ 7C278E6408D1DCE642230C0585A854D5 ] wscsvc C:\WINDOWS\system32\wscsvc.dll
    22:32:42.0312 3020 wscsvc - ok
    22:32:42.0328 3020 [ 81DC3F549F44B1C1FFF022DEC9ECF30B ] WZCSVC C:\WINDOWS\System32\wzcsvc.dll
    22:32:42.0328 3020 WZCSVC - ok
    22:32:42.0359 3020 [ 295D21F14C335B53CB8154E5B1F892B9 ] xmlprov C:\WINDOWS\System32\xmlprov.dll
    22:32:42.0359 3020 xmlprov - ok
    22:32:42.0359 3020 ================ Scan global ===============================
    22:32:42.0406 3020 [ 42F1F4C0AFB08410E5F02D4B13EBB623 ] C:\WINDOWS\system32\basesrv.dll
    22:32:42.0421 3020 [ 8C7DCA4B158BF16894120786A7A5F366 ] C:\WINDOWS\system32\winsrv.dll
    22:32:42.0437 3020 [ 8C7DCA4B158BF16894120786A7A5F366 ] C:\WINDOWS\system32\winsrv.dll
    22:32:42.0453 3020 [ 65DF52F5B8B6E9BBD183505225C37315 ] C:\WINDOWS\system32\services.exe
    22:32:42.0468 3020 [Global] - ok
    22:32:42.0468 3020 ================ Scan MBR ==================================
    22:32:42.0484 3020 [ 8F558EB6672622401DA993E1E865C861 ] \Device\Harddisk0\DR0
    22:32:42.0484 3020 Suspicious mbr (Forged): \Device\Harddisk0\DR0
    22:32:42.0515 3020 \Device\Harddisk0\DR0 ( Rootkit.Boot.SST.b ) - infected
    22:32:42.0515 3020 \Device\Harddisk0\DR0 - detected Rootkit.Boot.SST.b (0)
    22:32:42.0531 3020 [ 739B36F7A373FC81121D831231B6D311 ] \Device\Harddisk1\DR5
    22:32:42.0531 3020 \Device\Harddisk1\DR5 - ok
    22:32:42.0531 3020 ================ Scan VBR ==================================
    22:32:42.0562 3020 [ F880920779EED22960C08D5E8564EF85 ] \Device\Harddisk0\DR0\Partition1
    22:32:42.0562 3020 \Device\Harddisk0\DR0\Partition1 - ok
    22:32:42.0578 3020 [ 06E061E1356086BD01E6BE4D39848F24 ] \Device\Harddisk1\DR5\Partition1
    22:32:42.0578 3020 \Device\Harddisk1\DR5\Partition1 - ok
    22:32:42.0578 3020 ============================================================
    22:32:42.0578 3020 Scan finished
    22:32:42.0578 3020 ============================================================
    22:32:42.0578 3012 Detected object count: 1
    22:32:42.0578 3012 Actual detected object count: 1
    22:33:53.0406 3012 \Device\Harddisk0\DR0\# - copied to quarantine
    22:33:53.0453 3012 \Device\Harddisk0\DR0 - copied to quarantine
    22:33:53.0531 3012 \Device\Harddisk0\DR0\TDLFS\mbr - copied to quarantine
    22:33:53.0531 3012 \Device\Harddisk0\DR0\TDLFS\vbr - copied to quarantine
    22:33:53.0531 3012 \Device\Harddisk0\DR0\TDLFS\bid - copied to quarantine
    22:33:53.0546 3012 \Device\Harddisk0\DR0\TDLFS\affid - copied to quarantine
    22:33:53.0546 3012 \Device\Harddisk0\DR0\TDLFS\boot - copied to quarantine
    22:33:53.0546 3012 \Device\Harddisk0\DR0\TDLFS\cmd32 - copied to quarantine
    22:33:53.0625 3012 \Device\Harddisk0\DR0\TDLFS\cmd64 - copied to quarantine
    22:33:53.0640 3012 \Device\Harddisk0\DR0\TDLFS\dbg32 - copied to quarantine
    22:33:53.0656 3012 \Device\Harddisk0\DR0\TDLFS\dbg64 - copied to quarantine
    22:33:53.0703 3012 \Device\Harddisk0\DR0\TDLFS\drv32 - copied to quarantine
    22:33:53.0734 3012 \Device\Harddisk0\DR0\TDLFS\drv64 - copied to quarantine
    22:33:53.0750 3012 \Device\Harddisk0\DR0\TDLFS\ldr32 - copied to quarantine
    22:33:53.0765 3012 \Device\Harddisk0\DR0\TDLFS\ldr64 - copied to quarantine
    22:33:53.0796 3012 \Device\Harddisk0\DR0\TDLFS\subid - copied to quarantine
    22:33:53.0812 3012 \Device\Harddisk0\DR0\TDLFS\tdi32 - copied to quarantine
    22:33:53.0859 3012 \Device\Harddisk0\DR0\TDLFS\tdi64 - copied to quarantine
    22:33:53.0859 3012 \Device\Harddisk0\DR0\TDLFS\main1 - copied to quarantine
    22:33:53.0875 3012 \Device\Harddisk0\DR0\TDLFS\info - copied to quarantine
    22:33:53.0875 3012 \Device\Harddisk0\DR0\TDLFS\main - copied to quarantine
    22:33:53.0875 3012 \Device\Harddisk0\DR0\TDLFS\mainfb.script - copied to quarantine
    22:33:53.0921 3012 \Device\Harddisk0\DR0\TDLFS\com32 - copied to quarantine
    22:33:53.0984 3012 \Device\Harddisk0\DR0\TDLFS\bbr232 - copied to quarantine
    22:33:54.0062 3012 \Device\Harddisk0\DR0\TDLFS\serf332 - copied to quarantine
    22:33:54.0187 3012 \Device\Harddisk0\DR0\TDLFS\serf_conf - copied to quarantine
    22:33:54.0406 3012 \Device\Harddisk0\DR0\TDLFS\bbr_conf - copied to quarantine
    22:33:54.0468 3012 \Device\Harddisk0\DR0 ( Rootkit.Boot.SST.b ) - will be cured on reboot
    22:33:54.0515 3012 \Device\Harddisk0\DR0 - ok
    22:33:54.0515 3012 \Device\Harddisk0\DR0 ( Rootkit.Boot.SST.b ) - User select action: Cure
    22:33:59.0796 2952 Deinitialize success
     
  10. Broni

    Broni Malware Annihilator Posts: 52,898   +344

    Very good :)

    See if aswMBR will run now.
     
  11. Deb Jones

    Deb Jones TS Rookie Topic Starter

    Yes, it ran. Here is the log:

    aswMBR version 0.9.9.1665 Copyright(c) 2011 AVAST Software
    Run date: 2012-08-25 09:30:30
    -----------------------------
    09:30:30.578 OS Version: Windows 5.1.2600 Service Pack 3
    09:30:30.578 Number of processors: 2 586 0x170A
    09:30:30.578 ComputerName: PAYSON1 UserName: user1
    09:30:31.515 Initialize success
    09:30:41.406 AVAST engine download error: 0
    09:30:53.500 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T0L0-4
    09:30:53.500 Disk 0 Vendor: Hitachi_HDP725050GLA360 GM4OA5BA Size: 476940MB BusType: 3
    09:30:53.515 Disk 0 MBR read successfully
    09:30:53.515 Disk 0 MBR scan
    09:30:53.515 Disk 0 unknown MBR code
    09:30:53.515 Disk 0 Partition 1 00 DE Dell Utility Dell 8.0 39 MB offset 63
    09:30:53.515 Disk 0 Partition 2 80 (A) 07 HPFS/NTFS NTFS 466899 MB offset 81920
    09:30:53.546 Disk 0 Partition 3 00 DB CP/M / CTOS Dell 8.0 9993 MB offset 956301255
    09:30:53.546 Disk 0 scanning sectors +976768065
    09:30:53.640 Disk 0 scanning C:\WINDOWS\system32\drivers
    09:30:56.750 Service scanning
    09:31:00.656 Service MpKsle681d74a c:\Documents and Settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{F9250F3A-1834-48A2-9FBB-13763BB957CF}\MpKsle681d74a.sys **LOCKED** 32
    09:31:05.046 Modules scanning
    09:31:09.140 Disk 0 trace - called modules:
    09:31:09.156 ntkrnlpa.exe CLASSPNP.SYS disk.sys ACPI.sys hal.dll atapi.sys pciide.sys PCIIDEX.SYS
    09:31:09.156 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0x8ad82ab8]
    09:31:09.171 3 CLASSPNP.SYS[ba0e8fd7] -> nt!IofCallDriver -> \Device\00000062[0x8ad342e0]
    09:31:09.171 5 ACPI.sys[b9f51620] -> nt!IofCallDriver -> \Device\Ide\IdeDeviceP0T0L0-4[0x8ad14d98]
    09:31:09.171 Scan finished successfully
    09:31:54.015 Disk 0 MBR has been saved successfully to "F:\Wade's Infection\MBR.dat"
    09:31:54.546 The log file has been saved successfully to "F:\Wade's Infection\aswMBR.txt"
     
  12. Broni

    Broni Malware Annihilator Posts: 52,898   +344

    Good :)

    Please download ComboFix from Here, Here or Here to your Desktop.

    **Note: In the event you already have Combofix, this is a new version that I need you to download. It is important that it is saved directly to your desktop**
    • Never rename Combofix unless instructed.
    • Close any open browsers.
    • Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.
    • Very Important! Temporarily disable your anti-virus, script blocking and any anti-malware real-time protection before performing a scan. They can interfere with ComboFix or remove some of its embedded files which may cause "unpredictable results".
    • Click on this link to see a list of programs that should be disabled. The list is not all inclusive. If yours is not listed and you don't know how to disable it, please ask.
    • Close any open browsers.
    • WARNING: Combofix will disconnect your machine from the Internet as soon as it starts
    • Please do not attempt to re-connect your machine back to the Internet until Combofix has completely finished.
    • If there is no internet connection after running Combofix, then restart your computer to restore back your connection.
    • Double click on combofix.exe & follow the prompts.

    • NOTE1. If Combofix asks you to install Recovery Console, please allow it.
      NOTE 2. If Combofix asks you to update the program, always do so.
    • When finished, it will produce a report for you.
    • Please post the "C:\ComboFix.txt"
    **Note 1: Do not mouseclick combofix's window while it's running. That may cause it to stall
    **Note 2 for AVG and CA Internet Security (Total Defense Internet Security) users: ComboFix will not run until AVG/CA Internet Security is uninstalled as a protective measure against the anti-virus. This is because AVG/CA Internet Security "falsely" detects ComboFix (or its embedded files) as a threat and may remove them resulting in the tool not working correctly which in turn can cause "unpredictable results". Since AVG/CA Internet Security cannot be effectively disabled before running ComboFix, the author recommends you to uninstall AVG/CA Internet Security first.
    Use AppRemover to uninstall it: http://www.appremover.com/
    We can reinstall it when we're done with CF.
    **Note 3: If you receive an error "Illegal operation attempted on a registery key that has been marked for deletion", restart computer to fix the issue.
    **Note 4: Some infections may take some significant time to be cured. As long as your computer clock is running Combofix is still working. Be patient.


    Make sure, you re-enable your security programs, when you're done with Combofix.

    ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
    ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

    NOTE.
    If, for some reason, Combofix refuses to run, try the following...

    Delete Combofix file, download fresh one, but rename combofix.exe to your_name.exe BEFORE saving it to your desktop.
    Do NOT run it yet.
    Download Rkill (courtesy of BleepingComputer.com) to your desktop.
    There are 2 different versions. If one of them won't run then download and try to run the other one.
    You only need to get one of these to run, not all of them. You may get warnings from your antivirus about this tool, ignore them or shutdown your antivirus.

    rKill.exe: http://www.bleepingcomputer.com/download/rkill/dl/10/
    iExplore.exe (renamed rKill.exe): http://www.bleepingcomputer.com/download/rkill/dl/11/

    Restart computer in safe mode

    • Double-click on the Rkill desktop icon to run the tool.
    • If using Vista or Windows 7 right-click on it and choose Run As Administrator.
    • A black DOS box will briefly flash and then disappear. This is normal and indicates the tool ran successfully.
    • If not, delete the file, then download and use the one provided in Link 2.
    • Do not reboot until instructed.
    • If the tool does not run from any of the links provided, please let me know.

    When the scan is done Notepad will open with rKill.txt log.
    NOTE. rKill.txt log will also be present on your desktop.

    Once you've gotten one of them to run, immediately run your_name.exe by double clicking on it.

    IF you had to run rKill post BOTH logs, rKill.txt and Combofix.txt.
     
  13. Deb Jones

    Deb Jones TS Rookie Topic Starter

    OK. So, I have Avira and MS Sec Essentials disabled, but it still warned me that Avira was running. I haven't been able to get it to run since infection, so thought that was odd. I even double-checked Task Mgr to make sure nothing was running (and Services too to make sure they were disabled). Anyway, then it warned me about Recovery Console. It tried to install a 'new' version, but then said it failed. Went about its scanning, but warned me that it needed more time to research something. Then produced the following log:

    ComboFix 12-08-25.04 - user1 08/25/2012 10:49:01.1.2 - x86
    Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.3037.2637 [GMT -7:00]
    Running from: F:\ComboFix.exe
    AV: Avira Desktop *Enabled/Updated* {AD166499-45F9-482A-A743-FDD3350758C7}
    AV: Microsoft Security Essentials *Disabled/Updated* {EDB4FA23-53B8-4AFA-8C5D-99752CCA7095}
    .
    WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!
    .
    .
    ((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
    .
    .
    c:\documents and settings\All Users\Application Data\xLLA5Z0mWJT9do
    c:\windows\assembly\GAC\Desktop.ini
    c:\windows\isRS-000.tmp
    c:\windows\system32\AegisI5Installer.exe
    c:\windows\system32\Config.ini
    c:\windows\system32\service
    c:\windows\system32\service\15122011_TIS17_SfFniAU.log
    c:\windows\system32\service\19112009_TIS17_SfFniAU.log
    c:\windows\system32\URTTemp
    c:\windows\system32\URTTemp\fusion.dll
    c:\windows\system32\URTTemp\mscoree.dll
    c:\windows\system32\URTTemp\mscoree.dll.local
    c:\windows\system32\URTTemp\mscorsn.dll
    c:\windows\system32\URTTemp\mscorwks.dll
    c:\windows\system32\URTTemp\msvcr71.dll
    c:\windows\system32\URTTemp\regtlib.exe
    .
    c:\windows\system32\drivers\i8042prt.sys . . . is missing!!
    .
    .
    ((((((((((((((((((((((((( Files Created from 2012-07-25 to 2012-08-25 )))))))))))))))))))))))))))))))
    .
    .
    2012-08-25 05:11 . 2012-08-25 05:11--------d-----w-C:\TDSSKiller_Quarantine
    2012-08-24 15:00 . 2012-08-24 15:39--------d---a-w-C:\Kaspersky Rescue Disk 10.0
    2012-08-23 03:47 . 2012-08-20 08:537023536----a-w-c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{F9250F3A-1834-48A2-9FBB-13763BB957CF}\mpengine.dll
    2012-08-23 03:47 . 2012-05-31 19:25237072------w-c:\windows\system32\MpSigStub.exe
    2012-08-23 03:43 . 2012-08-23 03:43--------d-----w-c:\program files\Microsoft Security Client
    2012-08-23 03:35 . 2012-08-23 03:35--------d-----w-c:\documents and settings\All Users\Application Data\Hewlett-Packard
    2012-08-23 03:35 . 2008-11-06 18:13273408----a-w-c:\windows\system32\Spool\prtprocs\w32x86\hpcpp6de.DLL
    2012-08-23 03:35 . 2008-11-06 18:12149504----a-w-c:\windows\system32\hpcpn6de.dll
    2012-08-23 03:32 . 2012-08-23 03:32--------d-----w-C:\HP CLJ3600 Driver
    2012-08-23 03:00 . 2012-08-23 03:00--------d-----w-c:\documents and settings\user1\temp
    2012-08-23 01:13 . 2012-08-23 01:1336000----a-w-c:\windows\system32\drivers\avkmgr.sys
    2012-08-23 01:13 . 2012-08-23 01:13137928----a-w-c:\windows\system32\drivers\avipbb.sys
    2012-08-22 22:17 . 2012-08-22 22:17--------d-----w-c:\documents and settings\Administrator\Application Data\Malwarebytes
    2012-08-22 22:13 . 2012-08-22 22:13--------d-sh--w-c:\documents and settings\Administrator\IETldCache
    2012-08-22 03:13 . 2012-08-22 03:1535144----a-w-c:\windows\system32\drivers\48230029.sys
    2012-08-22 03:05 . 2012-08-22 03:07--------d-----w-c:\documents and settings\user1\Application Data\U3
    2012-08-20 20:10 . 2012-08-20 20:1540776----a-w-c:\windows\system32\drivers\mbamswissarmy.sys
    2012-08-20 19:46 . 2012-08-20 19:46--------d-sh--w-c:\documents and settings\NetworkService\IETldCache
    2012-08-20 19:16 . 2012-08-20 20:1035144----a-w-c:\windows\system32\drivers\mbamchameleon.sys
    .
    .
    .
    (((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
    .
    2012-07-06 13:58 . 2008-04-25 16:1678336----a-w-c:\windows\system32\browser.dll
    2012-07-04 14:05 . 2008-04-25 21:26139784---ha-w-c:\windows\system32\drivers\rdpwd.sys
    2012-07-03 20:46 . 2012-03-11 04:1222344----a-w-c:\windows\system32\drivers\mbam.sys
    2012-07-03 13:40 . 2008-04-25 16:161875072---ha-w-c:\windows\system32\win32k.sys
    2012-07-02 17:49 . 2008-04-25 16:16916992----a-w-c:\windows\system32\wininet.dll
    2012-07-02 17:49 . 2008-04-25 16:1643520----a-w-c:\windows\system32\licmgr10.dll
    2012-07-02 17:49 . 2008-04-25 16:161469440------w-c:\windows\system32\inetcpl.cpl
    2012-07-02 12:05 . 2008-04-25 16:16385024----a-w-c:\windows\system32\html.iec
    2012-06-25 19:10 . 2012-06-25 19:10426184----a-w-c:\windows\system32\FlashPlayerApp.exe
    2012-06-25 19:10 . 2011-06-29 15:3970344----a-w-c:\windows\system32\FlashPlayerCPLApp.cpl
    2012-06-07 03:59 . 2012-06-07 03:591070152----a-w-c:\windows\system32\MSCOMCTL.OCX
    2012-06-05 15:50 . 2008-04-25 16:161372672----a-w-c:\windows\system32\msxml6.dll
    2012-06-05 15:50 . 2008-04-25 16:161172480----a-w-c:\windows\system32\msxml3.dll
    2012-06-05 00:35 . 2008-04-25 21:27210968----a-w-c:\windows\system32\wuweb.dll
    2012-06-04 04:32 . 2008-04-25 16:16152576----a-w-c:\windows\system32\schannel.dll
    2012-06-02 22:19 . 2008-10-16 19:0922040----a-w-c:\windows\system32\wucltui.dll.mui
    2012-06-02 22:19 . 2008-10-16 19:0715384----a-w-c:\windows\system32\wuaucpl.cpl.mui
    2012-06-02 22:19 . 2008-04-25 21:27329240----a-w-c:\windows\system32\wucltui.dll
    2012-06-02 22:19 . 2008-04-25 21:27219160----a-w-c:\windows\system32\wuaucpl.cpl
    2012-06-02 22:19 . 2008-10-16 19:0945080----a-w-c:\windows\system32\wups2.dll
    2012-06-02 22:19 . 2008-10-16 19:0715384----a-w-c:\windows\system32\wuapi.dll.mui
    2012-06-02 22:19 . 2008-04-25 21:2753784----a-w-c:\windows\system32\wuauclt.exe
    2012-06-02 22:19 . 2008-04-25 21:2735864----a-w-c:\windows\system32\wups.dll
    2012-06-02 22:19 . 2008-04-25 16:1697304----a-w-c:\windows\system32\cdm.dll
    2012-06-02 22:19 . 2008-10-16 19:0717944----a-w-c:\windows\system32\wuaueng.dll.mui
    2012-06-02 22:19 . 2008-04-25 21:27577048----a-w-c:\windows\system32\wuapi.dll
    2012-06-02 22:19 . 2008-04-25 21:271933848----a-w-c:\windows\system32\wuaueng.dll
    2012-06-02 22:18 . 2009-08-28 20:51275696----a-w-c:\windows\system32\mucltui.dll
    2012-06-02 22:18 . 2009-08-28 20:5117136----a-w-c:\windows\system32\mucltui.dll.mui
    2012-06-02 22:18 . 2008-10-16 21:07214256----a-w-c:\windows\system32\muweb.dll
    2012-05-31 13:22 . 2008-04-25 16:16599040----a-w-c:\windows\system32\crypt32.dll
    .
    .
    ((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
    .
    .
    *Note* empty entries & legit default entries are not shown
    REGEDIT4
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MsMpSvc]
    @="Service"
    .
    [HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^QuickBooks Update Agent.lnk]
    path=c:\documents and settings\All Users\Start Menu\Programs\Startup\QuickBooks Update Agent.lnk
    backup=c:\windows\pss\QuickBooks Update Agent.lnkCommon Startup
    .
    [HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Rosewill Wireless Utility.lnk]
    path=c:\documents and settings\All Users\Start Menu\Programs\Startup\Rosewill Wireless Utility.lnk
    backup=c:\windows\pss\Rosewill Wireless Utility.lnkCommon Startup
    .
    [HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Windows Search.lnk]
    path=c:\documents and settings\All Users\Start Menu\Programs\Startup\Windows Search.lnk
    backup=c:\windows\pss\Windows Search.lnkCommon Startup
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\KernelFaultCheck]
    c:\windows\system32\dumprep 0 -k [X]
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Acrobat Assistant 8.0]
    2012-01-03 15:23640440----a-w-c:\program files\Adobe\Acrobat 9.0\Acrobat\acrotray.exe
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Acrobat Speed Launcher]
    2012-01-04 05:5040376----a-w-c:\program files\Adobe\Acrobat 9.0\Acrobat\acrobat_sl.exe
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe ARM]
    2012-01-03 07:37843712----a-w-c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher]
    2009-02-28 00:1035696----a-w-c:\program files\Adobe\Reader 9.0\Reader\reader_sl.exe
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Alcmtr]
    2009-03-04 22:1457344----a-w-c:\windows\ALCMTR.EXE
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\avgnt]
    2012-08-08 19:30348664----a-w-c:\program files\Avira\AntiVir Desktop\avgnt.exe
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\CardMinder]
    2004-02-18 03:2336864----a-w-c:\program files\PFU\ScanSnap\CardMinder V2.0\CardLauncher.exe
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ctfmon.exe]
    2008-04-14 12:0015360----a-w-c:\windows\system32\ctfmon.exe
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HotKeysCmds]
    2009-02-13 18:27173592----a-w-c:\windows\system32\hkcmd.exe
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\IgfxTray]
    2009-02-13 18:27141336----a-w-c:\windows\system32\igfxtray.exe
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\msnmsgr]
    2008-12-03 03:413882312----a-w-c:\program files\Windows Live\Messenger\msnmsgr.exe
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Pdfquickview]
    2003-12-23 00:1432768----a-w-c:\program files\PFU\ScanSnap\PDF Thumbnail View\pdfquickview.exe
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PDVDDXSrv]
    2008-05-23 19:06128296----a-w-c:\program files\CyberLink\PowerDVD DX\PDVDDXSrv.exe
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Persistence]
    2009-02-13 18:27141848----a-w-c:\windows\system32\igfxpers.exe
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RTHDCPL]
    2009-03-04 22:1418084864----a-w-c:\windows\RTHDCPL.EXE
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]
    "BBUpdate"=3 (0x3)
    "BBSvc"=3 (0x3)
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\security center]
    "FirstRun"=dword:00000001
    .
    [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
    "%windir%\\system32\\sessmgr.exe"=
    "%windir%\\Network Diagnostic\\xpnetdiag.exe"=
    .
    R1 avkmgr;avkmgr;c:\windows\system32\drivers\avkmgr.sys [8/22/2012 6:13 PM 36000]
    R2 IntuitUpdateServiceV4;Intuit Update Service v4;c:\program files\Common Files\Intuit\Update Service v4\IntuitUpdateService.exe [8/25/2011 5:53 PM 13672]
    R2 TeamViewer7;TeamViewer 7;c:\program files\TeamViewer\Version7\TeamViewer_Service.exe [7/16/2012 7:31 AM 2673064]
    S0 94761388;94761388;c:\windows\system32\drivers\96204022.sys --> c:\windows\system32\drivers\96204022.sys [?]
    S0 c4166fec1e7746a1;syshost.exe;\SystemRoot\\SystemRoot\System32\Drivers\c4166fec1e7746a1.sys --> \SystemRoot\\SystemRoot\System32\Drivers\c4166fec1e7746a1.sys [?]
    S3 32735317;32735317; [x]
    S3 mbamchameleon;mbamchameleon;c:\windows\system32\drivers\mbamchameleon.sys [8/20/2012 12:16 PM 35144]
    S3 MBAMSwissArmy;MBAMSwissArmy;c:\windows\system32\drivers\mbamswissarmy.sys [8/20/2012 1:10 PM 40776]
    S4 AntiVirSchedulerService;Avira Scheduler;c:\program files\Avira\AntiVir Desktop\sched.exe [6/25/2012 12:29 PM 86224]
    .
    --- Other Services/Drivers In Memory ---
    .
    *NewlyCreated* - 15399092
    *NewlyCreated* - 90556663
    *NewlyCreated* - ASWMBR
    *Deregistered* - 15399092
    *Deregistered* - 90556663
    *Deregistered* - aswMBR
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
    HPZ12REG_MULTI_SZ Pml Driver HPZ12 Net Driver HPZ12
    .
    Contents of the 'Scheduled Tasks' folder
    .
    2012-08-24 c:\windows\Tasks\pstbkup.job
    - C:\pstbkup.bat [2009-12-12 04:36]
    .
    .
    ------- Supplementary Scan -------
    .
    uStart Page = hxxp://www.google.com/
    IE: Append Link Target to Existing PDF - c:\program files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
    IE: Append to Existing PDF - c:\program files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppend.html
    IE: Convert Link Target to Adobe PDF - c:\program files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
    IE: Convert to Adobe PDF - c:\program files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIECapture.html
    IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~3\Office12\EXCEL.EXE/3000
    Trusted Zone: intuit.com\ttlc
    TCP: DhcpNameServer = 68.105.28.12 68.105.29.12 68.105.28.11
    .
    - - - - ORPHANS REMOVED - - - -
    .
    SafeBoot-15399092.sys
    SafeBoot-94761388.sys
    MSConfigStartUp-4Y3Y0C3A3IVA3GXIP - c:\regbe.bin\071BAAF8FCD.exe
    MSConfigStartUp-xLLA5Z0mWJT9do - c:\documents and settings\All Users\Application Data\xLLA5Z0mWJT9do.exe
    .
    .
    .
    **************************************************************************
    .
    catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
    Rootkit scan 2012-08-25 10:53
    Windows 5.1.2600 Service Pack 3 NTFS
    .
    scanning hidden processes ...
    .
    scanning hidden autostart entries ...
    .
    scanning hidden files ...
    .
    scan completed successfully
    hidden files: 0
    .
    **************************************************************************
    .
    --------------------- DLLs Loaded Under Running Processes ---------------------
    .
    - - - - - - - > 'winlogon.exe'(704)
    c:\windows\system32\igfxdev.dll
    .
    Completion time: 2012-08-25 10:55:07
    ComboFix-quarantined-files.txt 2012-08-25 17:55
    .
    Pre-Run: 461,739,614,208 bytes free
    Post-Run: 463,173,115,904 bytes free
    .
    - - End Of File - - 3628D45ADD9CAB44C5FA04FC4B507075
     
  14. Broni

    Broni Malware Annihilator Posts: 52,898   +344

    We'll take care of Recovery Console in a moment. The issue is caused by dead Microsoft links.

    My instructions clearly ask for Combofix to be run from the Desktop.
    Please move the file to appropriate location.

    Then, you're running two AV programs, Avira and MSE.
    You must uninstall one of them.

    When done....

    1. Please open Notepad (Start>All Programs>Accessories>Notepad).

    2. Now copy/paste the entire content of the codebox below into the Notepad window:

    Code:
    File::
    c:\windows\system32\drivers\96204022.sys
    c:\windows\system32\drivers\c4166fec1e7746a1.sys
    
    Folder::
    
    Driver::
    94761388
    c4166fec1e7746a1
    32735317
    
    Registry::
    [-HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Alcmtr]
    
    ClearJavaCache::
    

    3. Save the above as CFScript.txt

    4. Close/disable all anti virus and anti malware programs again, so they do not interfere with the running of ComboFix.

    5. Then drag the CFScript.txt into ComboFix.exe as depicted in the animation below. This will start ComboFix again.

    [​IMG]


    6. After reboot, (in case it asks to reboot), please post the following reports/logs into your next reply:
    • Combofix.txt

    Next.....

    Please download SystemLook from one of the links below and save it to your Desktop.
    Download Mirror #1
    Download Mirror #2

    64-bit users go HERE
    • Double-click SystemLook.exe to run it.
    • Vista users:: Right click on SystemLook.exe, click Run As Administrator
    • Copy the content of the following box and paste it into the main textfield:
      Code:
      :filefind
      i8042prt.sys
      
    • Click the Look button to start the scan.
    • When finished, a notepad window will open with the results of the scan. Please post this log in your next reply.
    Note: The log can also be found on your Desktop entitled SystemLook.txt
     
  15. Deb Jones

    Deb Jones TS Rookie Topic Starter

    Removed Avira. Here's Combofix log and SystemLook follows:

    ComboFix 12-08-25.04 - user1 08/25/2012 11:56:25.2.2 - x86
    Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.3037.2525 [GMT -7:00]
    Running from: c:\documents and settings\user1\Desktop\ComboFix.exe
    Command switches used :: c:\documents and settings\user1\Desktop\CFScript.txt
    .
    WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!
    .
    FILE ::
    "c:\windows\system32\drivers\96204022.sys"
    "c:\windows\system32\drivers\c4166fec1e7746a1.sys"
    .
    .
    ((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
    .
    .
    c:\windows\system32\drivers\i8042prt.sys . . . is missing!!
    .
    .
    ((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
    .
    .
    -------\Legacy_32735317
    -------\Legacy_C4166FEC1E7746A1
    -------\Service_32735317
    -------\Service_94761388
    -------\Service_c4166fec1e7746a1
    .
    .
    ((((((((((((((((((((((((( Files Created from 2012-07-25 to 2012-08-25 )))))))))))))))))))))))))))))))
    .
    .
    2012-08-25 05:11 . 2012-08-25 05:11--------d-----w-C:\TDSSKiller_Quarantine
    2012-08-24 15:00 . 2012-08-24 15:39--------d---a-w-C:\Kaspersky Rescue Disk 10.0
    2012-08-23 03:47 . 2012-05-31 19:25237072------w-c:\windows\system32\MpSigStub.exe
    2012-08-23 03:35 . 2012-08-23 03:35--------d-----w-c:\documents and settings\All Users\Application Data\Hewlett-Packard
    2012-08-23 03:35 . 2008-11-06 18:13273408----a-w-c:\windows\system32\Spool\prtprocs\w32x86\hpcpp6de.DLL
    2012-08-23 03:35 . 2008-11-06 18:12149504----a-w-c:\windows\system32\hpcpn6de.dll
    2012-08-23 03:32 . 2012-08-23 03:32--------d-----w-C:\HP CLJ3600 Driver
    2012-08-23 03:00 . 2012-08-23 03:00--------d-----w-c:\documents and settings\user1\temp
    2012-08-22 22:17 . 2012-08-22 22:17--------d-----w-c:\documents and settings\Administrator\Application Data\Malwarebytes
    2012-08-22 22:13 . 2012-08-22 22:13--------d-sh--w-c:\documents and settings\Administrator\IETldCache
    2012-08-22 03:13 . 2012-08-22 03:1535144----a-w-c:\windows\system32\drivers\48230029.sys
    2012-08-22 03:05 . 2012-08-22 03:07--------d-----w-c:\documents and settings\user1\Application Data\U3
    2012-08-20 20:10 . 2012-08-20 20:1540776----a-w-c:\windows\system32\drivers\mbamswissarmy.sys
    2012-08-20 19:46 . 2012-08-20 19:46--------d-sh--w-c:\documents and settings\NetworkService\IETldCache
    2012-08-20 19:16 . 2012-08-20 20:1035144----a-w-c:\windows\system32\drivers\mbamchameleon.sys
    .
    .
    .
    (((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
    .
    2012-07-06 13:58 . 2008-04-25 16:1678336----a-w-c:\windows\system32\browser.dll
    2012-07-04 14:05 . 2008-04-25 21:26139784---ha-w-c:\windows\system32\drivers\rdpwd.sys
    2012-07-03 20:46 . 2012-03-11 04:1222344----a-w-c:\windows\system32\drivers\mbam.sys
    2012-07-03 13:40 . 2008-04-25 16:161875072---ha-w-c:\windows\system32\win32k.sys
    2012-07-02 17:49 . 2008-04-25 16:16916992----a-w-c:\windows\system32\wininet.dll
    2012-07-02 17:49 . 2008-04-25 16:1643520----a-w-c:\windows\system32\licmgr10.dll
    2012-07-02 17:49 . 2008-04-25 16:161469440------w-c:\windows\system32\inetcpl.cpl
    2012-07-02 12:05 . 2008-04-25 16:16385024----a-w-c:\windows\system32\html.iec
    2012-06-25 19:10 . 2012-06-25 19:10426184----a-w-c:\windows\system32\FlashPlayerApp.exe
    2012-06-25 19:10 . 2011-06-29 15:3970344----a-w-c:\windows\system32\FlashPlayerCPLApp.cpl
    2012-06-07 03:59 . 2012-06-07 03:591070152----a-w-c:\windows\system32\MSCOMCTL.OCX
    2012-06-05 15:50 . 2008-04-25 16:161372672----a-w-c:\windows\system32\msxml6.dll
    2012-06-05 15:50 . 2008-04-25 16:161172480----a-w-c:\windows\system32\msxml3.dll
    2012-06-05 00:35 . 2008-04-25 21:27210968----a-w-c:\windows\system32\wuweb.dll
    2012-06-04 04:32 . 2008-04-25 16:16152576----a-w-c:\windows\system32\schannel.dll
    2012-06-02 22:19 . 2008-10-16 19:0922040----a-w-c:\windows\system32\wucltui.dll.mui
    2012-06-02 22:19 . 2008-10-16 19:0715384----a-w-c:\windows\system32\wuaucpl.cpl.mui
    2012-06-02 22:19 . 2008-04-25 21:27329240----a-w-c:\windows\system32\wucltui.dll
    2012-06-02 22:19 . 2008-04-25 21:27219160----a-w-c:\windows\system32\wuaucpl.cpl
    2012-06-02 22:19 . 2008-10-16 19:0945080----a-w-c:\windows\system32\wups2.dll
    2012-06-02 22:19 . 2008-10-16 19:0715384----a-w-c:\windows\system32\wuapi.dll.mui
    2012-06-02 22:19 . 2008-04-25 21:2753784----a-w-c:\windows\system32\wuauclt.exe
    2012-06-02 22:19 . 2008-04-25 21:2735864----a-w-c:\windows\system32\wups.dll
    2012-06-02 22:19 . 2008-04-25 16:1697304----a-w-c:\windows\system32\cdm.dll
    2012-06-02 22:19 . 2008-10-16 19:0717944----a-w-c:\windows\system32\wuaueng.dll.mui
    2012-06-02 22:19 . 2008-04-25 21:27577048----a-w-c:\windows\system32\wuapi.dll
    2012-06-02 22:19 . 2008-04-25 21:271933848----a-w-c:\windows\system32\wuaueng.dll
    2012-06-02 22:18 . 2009-08-28 20:51275696----a-w-c:\windows\system32\mucltui.dll
    2012-06-02 22:18 . 2009-08-28 20:5117136----a-w-c:\windows\system32\mucltui.dll.mui
    2012-06-02 22:18 . 2008-10-16 21:07214256----a-w-c:\windows\system32\muweb.dll
    2012-05-31 13:22 . 2008-04-25 16:16599040----a-w-c:\windows\system32\crypt32.dll
    .
    .
    ((((((((((((((((((((((((((((( SnapShot@2012-08-25_17.53.58 )))))))))))))))))))))))))))))))))))))))))
    .
    + 2012-08-25 19:01 . 2012-08-25 19:0116384 c:\windows\Temp\Perflib_Perfdata_5fc.dat
    .
    ((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
    .
    .
    *Note* empty entries & legit default entries are not shown
    REGEDIT4
    .
    [HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^QuickBooks Update Agent.lnk]
    path=c:\documents and settings\All Users\Start Menu\Programs\Startup\QuickBooks Update Agent.lnk
    backup=c:\windows\pss\QuickBooks Update Agent.lnkCommon Startup
    .
    [HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Rosewill Wireless Utility.lnk]
    path=c:\documents and settings\All Users\Start Menu\Programs\Startup\Rosewill Wireless Utility.lnk
    backup=c:\windows\pss\Rosewill Wireless Utility.lnkCommon Startup
    .
    [HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Windows Search.lnk]
    path=c:\documents and settings\All Users\Start Menu\Programs\Startup\Windows Search.lnk
    backup=c:\windows\pss\Windows Search.lnkCommon Startup
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\KernelFaultCheck]
    c:\windows\system32\dumprep 0 -k [X]
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Acrobat Assistant 8.0]
    2012-01-03 15:23640440----a-w-c:\program files\Adobe\Acrobat 9.0\Acrobat\acrotray.exe
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Acrobat Speed Launcher]
    2012-01-04 05:5040376----a-w-c:\program files\Adobe\Acrobat 9.0\Acrobat\acrobat_sl.exe
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe ARM]
    2012-01-03 07:37843712----a-w-c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher]
    2009-02-28 00:1035696----a-w-c:\program files\Adobe\Reader 9.0\Reader\reader_sl.exe
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\CardMinder]
    2004-02-18 03:2336864----a-w-c:\program files\PFU\ScanSnap\CardMinder V2.0\CardLauncher.exe
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ctfmon.exe]
    2008-04-14 12:0015360----a-w-c:\windows\system32\ctfmon.exe
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HotKeysCmds]
    2009-02-13 18:27173592----a-w-c:\windows\system32\hkcmd.exe
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\IgfxTray]
    2009-02-13 18:27141336----a-w-c:\windows\system32\igfxtray.exe
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\msnmsgr]
    2008-12-03 03:413882312----a-w-c:\program files\Windows Live\Messenger\msnmsgr.exe
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Pdfquickview]
    2003-12-23 00:1432768----a-w-c:\program files\PFU\ScanSnap\PDF Thumbnail View\pdfquickview.exe
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PDVDDXSrv]
    2008-05-23 19:06128296----a-w-c:\program files\CyberLink\PowerDVD DX\PDVDDXSrv.exe
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Persistence]
    2009-02-13 18:27141848----a-w-c:\windows\system32\igfxpers.exe
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RTHDCPL]
    2009-03-04 22:1418084864----a-w-c:\windows\RTHDCPL.EXE
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]
    "BBUpdate"=3 (0x3)
    "BBSvc"=3 (0x3)
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\security center]
    "FirstRun"=dword:00000001
    .
    [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
    "%windir%\\system32\\sessmgr.exe"=
    "%windir%\\Network Diagnostic\\xpnetdiag.exe"=
    .
    R2 IntuitUpdateServiceV4;Intuit Update Service v4;c:\program files\Common Files\Intuit\Update Service v4\IntuitUpdateService.exe [8/25/2011 5:53 PM 13672]
    R2 TeamViewer7;TeamViewer 7;c:\program files\TeamViewer\Version7\TeamViewer_Service.exe [7/16/2012 7:31 AM 2673064]
    S3 mbamchameleon;mbamchameleon;c:\windows\system32\drivers\mbamchameleon.sys [8/20/2012 12:16 PM 35144]
    S3 MBAMSwissArmy;MBAMSwissArmy;c:\windows\system32\drivers\mbamswissarmy.sys [8/20/2012 1:10 PM 40776]
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
    HPZ12REG_MULTI_SZ Pml Driver HPZ12 Net Driver HPZ12
    .
    Contents of the 'Scheduled Tasks' folder
    .
    2012-08-24 c:\windows\Tasks\pstbkup.job
    - C:\pstbkup.bat [2009-12-12 04:36]
    .
    .
    ------- Supplementary Scan -------
    .
    uStart Page = hxxp://www.google.com/
    IE: Append Link Target to Existing PDF - c:\program files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
    IE: Append to Existing PDF - c:\program files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppend.html
    IE: Convert Link Target to Adobe PDF - c:\program files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
    IE: Convert to Adobe PDF - c:\program files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIECapture.html
    IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~3\Office12\EXCEL.EXE/3000
    Trusted Zone: intuit.com\ttlc
    .
    - - - - ORPHANS REMOVED - - - -
    .
    MSConfigStartUp-avgnt - c:\program files\Avira\AntiVir Desktop\avgnt.exe
    .
    .
    .
    **************************************************************************
    .
    catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
    Rootkit scan 2012-08-25 12:01
    Windows 5.1.2600 Service Pack 3 NTFS
    .
    scanning hidden processes ...
    .
    scanning hidden autostart entries ...
    .
    scanning hidden files ...
    .
    scan completed successfully
    hidden files: 0
    .
    **************************************************************************
    .
    --------------------- DLLs Loaded Under Running Processes ---------------------
    .
    - - - - - - - > 'explorer.exe'(3944)
    c:\windows\system32\WININET.dll
    c:\windows\system32\ieframe.dll
    c:\windows\system32\webcheck.dll
    .
    ------------------------ Other Running Processes ------------------------
    .
    c:\program files\Common Files\Intuit\Update Service\IntuitUpdateService.exe
    c:\program files\Java\jre6\bin\jqs.exe
    c:\program files\Common Files\Intuit\QuickBooks\QBCFMonitorService.exe
    c:\program files\TeamViewer\Version7\TeamViewer.exe
    c:\program files\TeamViewer\Version7\tv_w32.exe
    c:\windows\system32\wscntfy.exe
    .
    **************************************************************************
    .
    Completion time: 2012-08-25 12:04:08 - machine was rebooted
    ComboFix-quarantined-files.txt 2012-08-25 19:04
    ComboFix2.txt 2012-08-25 17:55
    .
    Pre-Run: 463,597,416,448 bytes free
    Post-Run: 463,486,197,760 bytes free
    .
    - - End Of File - - 563AA4B829769C5C47EA99CB6D686D06
    SystemLook 30.07.11 by jpshortstuff
    Log created at 12:08 on 25/08/2012 by user1
    Administrator - Elevation successful
    ========== filefind ==========
    Searching for "i8042prt.sys"
    No files found.
    -= EOF =-
     
  16. Broni

    Broni Malware Annihilator Posts: 52,898   +344

    Attached is missing i8042prt.sys file (zipped).
    Unzip it and paste i8042prt.sys file into c:\windows\system32\drivers folder.
    Disregard any Windows warnings.

    Next...

    Download following file...

    Windows XP Professional: http://download.cnet.com/Windows-XP...Floppy-Boot-Install/3000-2383_4-10727796.html

    Disable your AntiVirus and AntiSpyware applications, usually via a right click on the System Tray icon. They may otherwise interfere with our tools


    • Drag the downloaded file onto ComboFix.exe and drop it.

      [​IMG]
    • Follow the prompts to start ComboFix and when prompted, agree to the End-User License Agreement to install the Microsoft Recovery Console.

      [​IMG]
    • At the next prompt, click 'Yes' to run the full ComboFix scan.
    • When the tool is finished, it will produce a report for you.
    Please post the C:\ComboFix.txt.
     

    Attached Files:

  17. Deb Jones

    Deb Jones TS Rookie Topic Starter

    ComboFix 12-08-25.04 - user1 08/25/2012 16:20:46.3.2 - x86
    Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.3037.2501 [GMT -7:00]
    Running from: c:\documents and settings\user1\Desktop\ComboFix.exe
    Command switches used :: c:\documents and settings\user1\Desktop\WinXP_EN_PRO_BF.EXE
    .
    .
    ((((((((((((((((((((((((( Files Created from 2012-07-25 to 2012-08-25 )))))))))))))))))))))))))))))))
    .
    .
    2012-08-25 23:13 . 2012-08-25 23:13--------d-----w-c:\windows\LastGood
    2012-08-25 23:13 . 2008-03-21 03:1052480----a-w-c:\windows\system32\drivers\OLD4.tmp
    2012-08-25 23:13 . 2008-04-14 07:4852480-c--a-w-c:\windows\system32\dllcache\i8042prt.sys
    2012-08-25 23:13 . 2008-04-14 07:4852480----a-w-c:\windows\system32\drivers\i8042prt.sys
    2012-08-25 05:11 . 2012-08-25 05:11--------d-----w-C:\TDSSKiller_Quarantine
    2012-08-24 15:00 . 2012-08-24 15:39--------d---a-w-C:\Kaspersky Rescue Disk 10.0
    2012-08-23 03:47 . 2012-05-31 19:25237072------w-c:\windows\system32\MpSigStub.exe
    2012-08-23 03:35 . 2012-08-23 03:35--------d-----w-c:\documents and settings\All Users\Application Data\Hewlett-Packard
    2012-08-23 03:35 . 2008-11-06 18:13273408----a-w-c:\windows\system32\Spool\prtprocs\w32x86\hpcpp6de.DLL
    2012-08-23 03:35 . 2008-11-06 18:12149504----a-w-c:\windows\system32\hpcpn6de.dll
    2012-08-23 03:32 . 2012-08-23 03:32--------d-----w-C:\HP CLJ3600 Driver
    2012-08-23 03:00 . 2012-08-23 03:00--------d-----w-c:\documents and settings\user1\temp
    2012-08-22 22:17 . 2012-08-22 22:17--------d-----w-c:\documents and settings\Administrator\Application Data\Malwarebytes
    2012-08-22 22:13 . 2012-08-22 22:13--------d-sh--w-c:\documents and settings\Administrator\IETldCache
    2012-08-22 03:13 . 2012-08-22 03:1535144----a-w-c:\windows\system32\drivers\48230029.sys
    2012-08-22 03:05 . 2012-08-22 03:07--------d-----w-c:\documents and settings\user1\Application Data\U3
    2012-08-20 20:10 . 2012-08-20 20:1540776----a-w-c:\windows\system32\drivers\mbamswissarmy.sys
    2012-08-20 19:46 . 2012-08-20 19:46--------d-sh--w-c:\documents and settings\NetworkService\IETldCache
    2012-08-20 19:16 . 2012-08-20 20:1035144----a-w-c:\windows\system32\drivers\mbamchameleon.sys
    .
    .
    .
    (((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
    .
    2012-07-06 13:58 . 2008-04-25 16:1678336----a-w-c:\windows\system32\browser.dll
    2012-07-04 14:05 . 2008-04-25 21:26139784---ha-w-c:\windows\system32\drivers\rdpwd.sys
    2012-07-03 20:46 . 2012-03-11 04:1222344----a-w-c:\windows\system32\drivers\mbam.sys
    2012-07-03 13:40 . 2008-04-25 16:161875072---ha-w-c:\windows\system32\win32k.sys
    2012-07-02 17:49 . 2008-04-25 16:16916992----a-w-c:\windows\system32\wininet.dll
    2012-07-02 17:49 . 2008-04-25 16:1643520----a-w-c:\windows\system32\licmgr10.dll
    2012-07-02 17:49 . 2008-04-25 16:161469440------w-c:\windows\system32\inetcpl.cpl
    2012-07-02 12:05 . 2008-04-25 16:16385024----a-w-c:\windows\system32\html.iec
    2012-06-25 19:10 . 2012-06-25 19:10426184----a-w-c:\windows\system32\FlashPlayerApp.exe
    2012-06-25 19:10 . 2011-06-29 15:3970344----a-w-c:\windows\system32\FlashPlayerCPLApp.cpl
    2012-06-07 03:59 . 2012-06-07 03:591070152----a-w-c:\windows\system32\MSCOMCTL.OCX
    2012-06-05 15:50 . 2008-04-25 16:161372672----a-w-c:\windows\system32\msxml6.dll
    2012-06-05 15:50 . 2008-04-25 16:161172480----a-w-c:\windows\system32\msxml3.dll
    2012-06-05 00:35 . 2008-04-25 21:27210968----a-w-c:\windows\system32\wuweb.dll
    2012-06-04 04:32 . 2008-04-25 16:16152576----a-w-c:\windows\system32\schannel.dll
    2012-06-02 22:19 . 2008-10-16 19:0922040----a-w-c:\windows\system32\wucltui.dll.mui
    2012-06-02 22:19 . 2008-10-16 19:0715384----a-w-c:\windows\system32\wuaucpl.cpl.mui
    2012-06-02 22:19 . 2008-04-25 21:27329240----a-w-c:\windows\system32\wucltui.dll
    2012-06-02 22:19 . 2008-04-25 21:27219160----a-w-c:\windows\system32\wuaucpl.cpl
    2012-06-02 22:19 . 2008-10-16 19:0945080----a-w-c:\windows\system32\wups2.dll
    2012-06-02 22:19 . 2008-10-16 19:0715384----a-w-c:\windows\system32\wuapi.dll.mui
    2012-06-02 22:19 . 2008-04-25 21:2753784----a-w-c:\windows\system32\wuauclt.exe
    2012-06-02 22:19 . 2008-04-25 21:2735864----a-w-c:\windows\system32\wups.dll
    2012-06-02 22:19 . 2008-04-25 16:1697304----a-w-c:\windows\system32\cdm.dll
    2012-06-02 22:19 . 2008-10-16 19:0717944----a-w-c:\windows\system32\wuaueng.dll.mui
    2012-06-02 22:19 . 2008-04-25 21:27577048----a-w-c:\windows\system32\wuapi.dll
    2012-06-02 22:19 . 2008-04-25 21:271933848----a-w-c:\windows\system32\wuaueng.dll
    2012-06-02 22:18 . 2009-08-28 20:51275696----a-w-c:\windows\system32\mucltui.dll
    2012-06-02 22:18 . 2009-08-28 20:5117136----a-w-c:\windows\system32\mucltui.dll.mui
    2012-06-02 22:18 . 2008-10-16 21:07214256----a-w-c:\windows\system32\muweb.dll
    2012-05-31 13:22 . 2008-04-25 16:16599040----a-w-c:\windows\system32\crypt32.dll
    .
    .
    ((((((((((((((((((((((((((((( SnapShot@2012-08-25_17.53.58 )))))))))))))))))))))))))))))))))))))))))
    .
    + 2012-08-25 19:01 . 2012-08-25 19:0116384 c:\windows\Temp\Perflib_Perfdata_5fc.dat
    + 2012-08-25 23:13 . 2008-03-21 03:1052480 c:\windows\LastGood\system32\drivers\i8042prt.sys
    .
    ((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
    .
    .
    *Note* empty entries & legit default entries are not shown
    REGEDIT4
    .
    [HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^QuickBooks Update Agent.lnk]
    path=c:\documents and settings\All Users\Start Menu\Programs\Startup\QuickBooks Update Agent.lnk
    backup=c:\windows\pss\QuickBooks Update Agent.lnkCommon Startup
    .
    [HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Rosewill Wireless Utility.lnk]
    path=c:\documents and settings\All Users\Start Menu\Programs\Startup\Rosewill Wireless Utility.lnk
    backup=c:\windows\pss\Rosewill Wireless Utility.lnkCommon Startup
    .
    [HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Windows Search.lnk]
    path=c:\documents and settings\All Users\Start Menu\Programs\Startup\Windows Search.lnk
    backup=c:\windows\pss\Windows Search.lnkCommon Startup
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\KernelFaultCheck]
    c:\windows\system32\dumprep 0 -k [X]
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Acrobat Assistant 8.0]
    2012-01-03 15:23640440----a-w-c:\program files\Adobe\Acrobat 9.0\Acrobat\acrotray.exe
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Acrobat Speed Launcher]
    2012-01-04 05:5040376----a-w-c:\program files\Adobe\Acrobat 9.0\Acrobat\acrobat_sl.exe
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe ARM]
    2012-01-03 07:37843712----a-w-c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher]
    2009-02-28 00:1035696----a-w-c:\program files\Adobe\Reader 9.0\Reader\reader_sl.exe
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\CardMinder]
    2004-02-18 03:2336864----a-w-c:\program files\PFU\ScanSnap\CardMinder V2.0\CardLauncher.exe
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ctfmon.exe]
    2008-04-14 12:0015360----a-w-c:\windows\system32\ctfmon.exe
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HotKeysCmds]
    2009-02-13 18:27173592----a-w-c:\windows\system32\hkcmd.exe
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\IgfxTray]
    2009-02-13 18:27141336----a-w-c:\windows\system32\igfxtray.exe
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\msnmsgr]
    2008-12-03 03:413882312----a-w-c:\program files\Windows Live\Messenger\msnmsgr.exe
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Pdfquickview]
    2003-12-23 00:1432768----a-w-c:\program files\PFU\ScanSnap\PDF Thumbnail View\pdfquickview.exe
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PDVDDXSrv]
    2008-05-23 19:06128296----a-w-c:\program files\CyberLink\PowerDVD DX\PDVDDXSrv.exe
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Persistence]
    2009-02-13 18:27141848----a-w-c:\windows\system32\igfxpers.exe
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RTHDCPL]
    2009-03-04 22:1418084864----a-w-c:\windows\RTHDCPL.EXE
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]
    "BBUpdate"=3 (0x3)
    "BBSvc"=3 (0x3)
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\security center]
    "FirstRun"=dword:00000001
    .
    [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
    "%windir%\\system32\\sessmgr.exe"=
    "%windir%\\Network Diagnostic\\xpnetdiag.exe"=
    .
    R2 IntuitUpdateServiceV4;Intuit Update Service v4;c:\program files\Common Files\Intuit\Update Service v4\IntuitUpdateService.exe [8/25/2011 5:53 PM 13672]
    R2 TeamViewer7;TeamViewer 7;c:\program files\TeamViewer\Version7\TeamViewer_Service.exe [7/16/2012 7:31 AM 2673064]
    S3 mbamchameleon;mbamchameleon;c:\windows\system32\drivers\mbamchameleon.sys [8/20/2012 12:16 PM 35144]
    S3 MBAMSwissArmy;MBAMSwissArmy;c:\windows\system32\drivers\mbamswissarmy.sys [8/20/2012 1:10 PM 40776]
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
    HPZ12REG_MULTI_SZ Pml Driver HPZ12 Net Driver HPZ12
    .
    Contents of the 'Scheduled Tasks' folder
    .
    2012-08-24 c:\windows\Tasks\pstbkup.job
    - C:\pstbkup.bat [2009-12-12 04:36]
    .
    .
    ------- Supplementary Scan -------
    .
    uStart Page = hxxp://www.google.com/
    IE: Append Link Target to Existing PDF - c:\program files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
    IE: Append to Existing PDF - c:\program files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppend.html
    IE: Convert Link Target to Adobe PDF - c:\program files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
    IE: Convert to Adobe PDF - c:\program files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIECapture.html
    IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~3\Office12\EXCEL.EXE/3000
    Trusted Zone: intuit.com\ttlc
    .
    .
    **************************************************************************
    .
    catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
    Rootkit scan 2012-08-25 16:23
    Windows 5.1.2600 Service Pack 3 NTFS
    .
    scanning hidden processes ...
    .
    scanning hidden autostart entries ...
    .
    scanning hidden files ...
    .
    scan completed successfully
    hidden files: 0
    .
    **************************************************************************
    .
    --------------------- DLLs Loaded Under Running Processes ---------------------
    .
    - - - - - - - > 'winlogon.exe'(692)
    c:\windows\system32\igfxdev.dll
    .
    - - - - - - - > 'explorer.exe'(3260)
    c:\windows\system32\WININET.dll
    c:\windows\system32\ieframe.dll
    c:\windows\system32\webcheck.dll
    .
    Completion time: 2012-08-25 16:24:04
    ComboFix-quarantined-files.txt 2012-08-25 23:24
    ComboFix2.txt 2012-08-25 19:04
    ComboFix3.txt 2012-08-25 17:55
    .
    Pre-Run: 463,488,061,440 bytes free
    Post-Run: 463,472,963,584 bytes free
    .
    WinXP_EN_PRO_BF.EXE
    [boot loader]
    timeout=2
    default=multi(0)disk(0)rdisk(0)partition(2)\WINDOWS
    [operating systems]
    c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
    UnsupportedDebug="do not select this" /debug
    multi(0)disk(0)rdisk(0)partition(2)\WINDOWS="Microsoft Windows XP Professional" /fastdetect /NoExecute=OptIn
    .
    - - End Of File - - 7EF1352E177D92EC87E23CB771C272F2
     
  18. Broni

    Broni Malware Annihilator Posts: 52,898   +344

    Good job :)

    Any current issues?

    =======================================

    Download OTL to your Desktop.
    Alternate download: http://www.itxassociates.com/OT-Tools/OTL.exe

    • Double click on the icon to run it. Make sure all other windows are closed and to let it run uninterrupted.
    • Click the Scan All Users checkbox.
    • Click the Quick Scan button. Do not change any settings unless otherwise told to do so. The scan wont take long.
    • When the scan completes, it will open two notepad windows: OTL.txt and Extras.txt. These are saved in the same location as OTL.
    • Please copy (Edit->Select All, Edit->Copy) the contents of these files, one at a time, and post them back here.
     
  19. Deb Jones

    Deb Jones TS Rookie Topic Starter

    I haven't used the PC. Without virus scan installed, I don't want it online and it hasn't been restarted other than with ComboFix.

    Pasted is OTL log. Extra will be in following post:
    --------------------------
    OTL logfile created on: 8/25/2012 5:17:57 PM - Run 1
    OTL by OldTimer - Version 3.2.58.1 Folder = C:\Documents and Settings\user1\Desktop
    Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
    Internet Explorer (Version = 8.0.6001.18702)
    Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

    2.97 Gb Total Physical Memory | 2.47 Gb Available Physical Memory | 83.31% Memory free
    4.81 Gb Paging File | 4.54 Gb Available in Paging File | 94.50% Paging File free
    Paging file location(s): C:\pagefile.sys 2046 4092 [binary data]

    %SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
    Drive C: | 455.96 Gb Total Space | 431.67 Gb Free Space | 94.67% Space Free | Partition Type: NTFS
    Drive E: | 6.67 Mb Total Space | 0.00 Mb Free Space | 0.00% Space Free | Partition Type: CDFS
    Drive F: | 7.47 Gb Total Space | 6.49 Gb Free Space | 86.95% Space Free | Partition Type: FAT32

    Computer Name: PAYSON1 | User Name: user1 | Logged in as Administrator.
    Boot Mode: Normal | Scan Mode: All users | Quick Scan
    Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

    ========== Processes (SafeList) ==========

    PRC - [2012/08/19 14:14:24 | 000,596,480 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\user1\Desktop\OTL.exe
    PRC - [2012/07/16 07:31:32 | 007,445,416 | ---- | M] (TeamViewer GmbH) -- C:\Program Files\TeamViewer\Version7\TeamViewer.exe
    PRC - [2012/07/16 07:31:32 | 002,673,064 | ---- | M] (TeamViewer GmbH) -- C:\Program Files\TeamViewer\Version7\TeamViewer_Service.exe
    PRC - [2012/07/16 07:22:42 | 000,106,408 | ---- | M] (TeamViewer GmbH) -- C:\Program Files\TeamViewer\Version7\tv_w32.exe
    PRC - [2011/08/25 17:53:00 | 000,013,672 | ---- | M] (Intuit Inc.) -- C:\Program Files\Common Files\Intuit\Update Service v4\IntuitUpdateService.exe
    PRC - [2010/08/23 20:21:40 | 000,013,672 | ---- | M] (Intuit Inc.) -- C:\Program Files\Common Files\Intuit\Update Service\IntuitUpdateService.exe
    PRC - [2009/09/16 16:22:08 | 000,020,480 | ---- | M] (Intuit) -- C:\Program Files\Common Files\Intuit\QuickBooks\QBCFMonitorService.exe
    PRC - [2008/04/14 05:00:00 | 001,033,728 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe


    ========== Modules (No Company Name) ==========

    MOD - [2012/06/14 03:17:55 | 000,221,696 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v4.0.30319_32\System.ServiceProce#\2516a49d10f4418f72e1c25f691815a8\System.ServiceProcess.ni.dll
    MOD - [2012/06/14 03:14:16 | 000,212,992 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.ServiceProce#\8b84bb74d7724e147a642a1d5358feb7\System.ServiceProcess.ni.dll
    MOD - [2012/06/14 03:12:37 | 003,186,688 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\System\2.0.0.0__b77a5c561934e089\System.dll
    MOD - [2012/06/14 03:12:35 | 002,933,248 | ---- | M] () -- C:\WINDOWS\assembly\GAC_32\System.Data\2.0.0.0__b77a5c561934e089\System.Data.dll
    MOD - [2012/06/14 03:12:35 | 000,425,984 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\System.Configuration\2.0.0.0__b03f5f7f11d50a3a\System.Configuration.dll
    MOD - [2012/06/14 03:12:30 | 000,630,784 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\System.Drawing\2.0.0.0__b03f5f7f11d50a3a\System.Drawing.dll
    MOD - [2012/06/14 03:12:30 | 000,303,104 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\System.Runtime.Remoting\2.0.0.0__b77a5c561934e089\System.Runtime.Remoting.dll
    MOD - [2012/06/14 03:12:28 | 000,261,632 | ---- | M] () -- C:\WINDOWS\assembly\GAC_32\System.Transactions\2.0.0.0__b77a5c561934e089\System.Transactions.dll
    MOD - [2012/06/14 03:12:28 | 000,258,048 | ---- | M] () -- C:\WINDOWS\assembly\GAC_32\System.EnterpriseServices\2.0.0.0__b03f5f7f11d50a3a\System.EnterpriseServices.dll
    MOD - [2012/06/14 03:12:27 | 002,048,000 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\System.Xml\2.0.0.0__b77a5c561934e089\System.Xml.dll
    MOD - [2012/06/14 03:12:25 | 000,114,688 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\System.ServiceProcess\2.0.0.0__b03f5f7f11d50a3a\System.ServiceProcess.dll
    MOD - [2012/06/14 03:12:19 | 005,025,792 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\System.Windows.Forms\2.0.0.0__b77a5c561934e089\System.Windows.Forms.dll
    MOD - [2012/06/14 03:10:54 | 013,197,824 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v4.0.30319_32\System.Windows.Forms\54d61af44b1dedee6aea0d1bbc46b13a\System.Windows.Forms.ni.dll
    MOD - [2012/06/14 03:07:04 | 001,666,048 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v4.0.30319_32\System.Drawing\4a668799513e369a54fdab8b3f74de92\System.Drawing.ni.dll
    MOD - [2012/05/11 03:22:02 | 000,762,368 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v4.0.30319_32\System.Runtime.Remo#\0f9d7198d2c0a3953fb59b1aca0d35f7\System.Runtime.Remoting.ni.dll
    MOD - [2012/05/11 03:22:00 | 000,786,944 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v4.0.30319_32\System.EnterpriseSe#\26ee061618887d629a9f7072970ffb85\System.EnterpriseServices.ni.dll
    MOD - [2012/05/11 03:21:59 | 000,646,656 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v4.0.30319_32\System.Transactions\ce2aa3a5e89c326055ac8e2a309232f7\System.Transactions.ni.dll
    MOD - [2012/05/11 03:13:42 | 007,953,408 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System\e4b5afc4da43b1c576f9322f9f2e1bfe\System.ni.dll
    MOD - [2012/05/11 03:13:34 | 011,492,352 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\mscorlib\e337c89bc9f81b69d7237aa70e935900\mscorlib.ni.dll
    MOD - [2012/05/11 03:05:41 | 000,729,088 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v4.0.30319_32\System.Security\efe46aa882d9ac31f7fbbdc004fc99d5\System.Security.ni.dll
    MOD - [2012/05/11 03:05:37 | 005,618,176 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v4.0.30319_32\System.Xml\5ee8bf77e7b3e25cdbff6e1c299574fe\System.Xml.ni.dll
    MOD - [2012/05/11 03:05:34 | 000,980,480 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v4.0.30319_32\System.Configuration\0c8e950df17a0abec10888e8ad966cbe\System.Configuration.ni.dll
    MOD - [2012/05/11 03:05:28 | 006,798,336 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v4.0.30319_32\System.Data\9f5111b0b58258c3a4bbcfb8bf27374c\System.Data.ni.dll
    MOD - [2012/05/11 03:05:22 | 007,052,800 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v4.0.30319_32\System.Core\14ba6251d6ec84c9579ed3d3e10b30c1\System.Core.ni.dll
    MOD - [2012/05/11 03:05:08 | 009,090,560 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v4.0.30319_32\System\6f399163bb35597da7141ccdb7f39d16\System.ni.dll
    MOD - [2012/05/11 03:05:00 | 014,412,800 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v4.0.30319_32\mscorlib\3953b1d8b9b57e4957bff8f58145384e\mscorlib.ni.dll
    MOD - [2010/12/31 13:34:00 | 000,476,520 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\Intuit.Spc.Map.Reporter\5.0.136.0__7ce6deabcb36a8ea\Intuit.Spc.Map.Reporter.dll
    MOD - [2010/12/31 13:34:00 | 000,409,960 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\Intuit.Spc.Map.WindowsFirewallUtilities\5.0.136.0__7ce6deabcb36a8ea\Intuit.Spc.Map.WindowsFirewallUtilities.dll
    MOD - [2010/12/31 13:33:59 | 000,421,224 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\Intuit.Spc.Esd.WinClient.Api.Net\3.1.31.0__540d4816ead86321\Intuit.Spc.Esd.WinClient.Api.Net.dll
    MOD - [2010/12/31 13:33:59 | 000,269,672 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\Intuit.Spc.Esd.Core\3.1.26.0__540d4816ead86321\Intuit.Spc.Esd.Core.dll
    MOD - [2010/12/31 13:33:59 | 000,046,952 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\Intuit.Spc.Esd.WinClient.Application.UpdateServicePlugin\3.1.31.0__540d4816ead86321\Intuit.Spc.Esd.WinClient.Application.UpdateServicePlugin.dll
    MOD - [2010/12/31 13:33:59 | 000,023,912 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\Intuit.Spc.Esd.WinClient.Application.UpdateService\1.0.0.0__540d4816ead86321\Intuit.Spc.Esd.WinClient.Application.UpdateService.dll
    MOD - [2010/12/31 13:33:59 | 000,018,792 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\Intuit.Spc.Esd.WinClient.Ipc.Remoting.UpdateServiceWorker\3.1.31.0__540d4816ead86321\Intuit.Spc.Esd.WinClient.Ipc.Remoting.UpdateServiceWorker.dll
    MOD - [2010/12/31 13:33:59 | 000,012,136 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\Intuit.Spc.Esd.WinClient.Application.UpdateService.PluginContract\1.0.0.0__540d4816ead86321\Intuit.Spc.Esd.WinClient.Application.UpdateService.PluginContract.dll
    MOD - [2010/12/31 13:33:58 | 000,121,704 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\Intuit.Spc.Esd.Client.BusinessLogic\3.1.31.0__540d4816ead86321\Intuit.Spc.Esd.Client.BusinessLogic.dll
    MOD - [2010/12/31 13:33:58 | 000,120,168 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\Intuit.Spc.Esd.Client.DataAccess\3.1.31.0__540d4816ead86321\Intuit.Spc.Esd.Client.DataAccess.dll
    MOD - [2010/12/31 13:33:58 | 000,070,504 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\Intuit.Spc.Esd.Client.Common\3.1.31.0__540d4816ead86321\Intuit.Spc.Esd.Client.Common.dll
    MOD - [2010/02/08 13:09:09 | 000,854,016 | ---- | M] () -- C:\WINDOWS\assembly\GAC_32\System.Data.SQLite\1.0.61.0__db937bc2d44ff139\System.Data.SQLite.dll
    MOD - [2010/02/08 13:09:09 | 000,270,336 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\log4net\1.2.10.0__1b44e1d426115821\log4net.dll
    MOD - [2010/02/08 13:09:08 | 000,471,040 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\Intuit.Spc.Map.Reporter\5.0.104.0__7ce6deabcb36a8ea\Intuit.Spc.Map.Reporter.dll
    MOD - [2010/02/08 13:09:08 | 000,403,456 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\Intuit.Spc.Map.WindowsFirewallUtilities\5.0.104.0__7ce6deabcb36a8ea\Intuit.Spc.Map.WindowsFirewallUtilities.dll
    MOD - [2010/02/08 13:09:06 | 000,046,880 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\Intuit.Spc.Esd.WinClient.Application.UpdateServicePlugin\3.0.335.0__540d4816ead86321\Intuit.Spc.Esd.WinClient.Application.UpdateServicePlugin.dll
    MOD - [2010/02/08 13:09:05 | 000,419,616 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\Intuit.Spc.Esd.WinClient.Api.Net\3.0.335.0__540d4816ead86321\Intuit.Spc.Esd.WinClient.Api.Net.dll
    MOD - [2010/02/08 13:09:05 | 000,270,112 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\Intuit.Spc.Esd.Core\2.0.445.0__540d4816ead86321\Intuit.Spc.Esd.Core.dll
    MOD - [2010/02/08 13:09:05 | 000,121,632 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\Intuit.Spc.Esd.Client.BusinessLogic\3.0.335.0__540d4816ead86321\Intuit.Spc.Esd.Client.BusinessLogic.dll
    MOD - [2010/02/08 13:09:05 | 000,120,096 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\Intuit.Spc.Esd.Client.DataAccess\3.0.335.0__540d4816ead86321\Intuit.Spc.Esd.Client.DataAccess.dll
    MOD - [2010/02/08 13:09:05 | 000,070,432 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\Intuit.Spc.Esd.Client.Common\3.0.335.0__540d4816ead86321\Intuit.Spc.Esd.Client.Common.dll
    MOD - [2010/02/08 13:09:05 | 000,018,720 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\Intuit.Spc.Esd.WinClient.Ipc.Remoting.UpdateServiceWorker\3.0.335.0__540d4816ead86321\Intuit.Spc.Esd.WinClient.Ipc.Remoting.UpdateServiceWorker.dll
    MOD - [2008/04/14 05:00:00 | 000,059,904 | ---- | M] () -- C:\WINDOWS\system32\devenum.dll
    MOD - [2008/04/14 05:00:00 | 000,014,336 | ---- | M] () -- C:\WINDOWS\system32\msdmo.dll


    ========== Win32 Services (SafeList) ==========

    SRV - [2012/07/16 07:31:32 | 002,673,064 | ---- | M] (TeamViewer GmbH) [Auto | Running] -- C:\Program Files\TeamViewer\Version7\TeamViewer_Service.exe -- (TeamViewer7)
    SRV - [2011/08/25 17:53:00 | 000,013,672 | ---- | M] (Intuit Inc.) [Auto | Running] -- C:\Program Files\Common Files\Intuit\Update Service v4\IntuitUpdateService.exe -- (IntuitUpdateServiceV4)
    SRV - [2010/08/23 20:21:40 | 000,013,672 | ---- | M] (Intuit Inc.) [Auto | Running] -- C:\Program Files\Common Files\Intuit\Update Service\IntuitUpdateService.exe -- (IntuitUpdateService)
    SRV - [2009/09/16 16:22:08 | 000,020,480 | ---- | M] (Intuit) [Auto | Running] -- C:\Program Files\Common Files\Intuit\QuickBooks\QBCFMonitorService.exe -- (QBCFMonitorService)
    SRV - [2009/08/24 21:20:06 | 000,651,720 | ---- | M] (Macrovision Europe Ltd.) [On_Demand | Stopped] -- C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe -- (FLEXnet Licensing Service)
    SRV - [2007/05/24 07:08:44 | 000,061,440 | ---- | M] (Intuit Inc.) [On_Demand | Stopped] -- C:\Program Files\Common Files\Intuit\QuickBooks\FCS\Intuit.QuickBooks.FCS.exe -- (QBFCService)


    ========== Driver Services (SafeList) ==========

    DRV - File not found [Kernel | On_Demand | Stopped] -- -- (WDICA)
    DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\rt2870.sys -- (rt2870)
    DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDRFRAME)
    DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDRELI)
    DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDFRAME)
    DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDCOMP)
    DRV - File not found [Kernel | System | Stopped] -- -- (PCIDump)
    DRV - File not found [Kernel | On_Demand | Unknown] -- C:\ComboFix\mbr.sys -- (mbr)
    DRV - File not found [Kernel | System | Stopped] -- -- (lbrtfdc)
    DRV - File not found [Kernel | System | Stopped] -- -- (Changer)
    DRV - File not found [Kernel | On_Demand | Running] -- C:\ComboFix\catchme.sys -- (catchme)
    DRV - [2012/08/20 13:15:40 | 000,040,776 | ---- | M] (Malwarebytes Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\mbamswissarmy.sys -- (MBAMSwissArmy)
    DRV - [2012/08/20 13:10:55 | 000,035,144 | ---- | M] () [File_System | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\mbamchameleon.sys -- (mbamchameleon)
    DRV - [2009/07/28 08:55:00 | 000,143,360 | -H-- | M] (Realtek Semiconductor Corporation ) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\Rtenicxp.sys -- (RTLE8023xp)
    DRV - [2009/03/04 15:14:22 | 005,027,840 | -H-- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\RtkHDAud.sys -- (IntcAzAudAddService)


    ========== Standard Registry (SafeList) ==========


    ========== Internet Explorer ==========

    IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,Default_Page_URL = http://g.msn.com/USCON/1
    IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,Start Page = http://g.msn.com/USCON/1
    IE - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
    IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://search.live.com/results.aspx?q={searchTerms}&src={referrer:source?}


    IE - HKU\.DEFAULT\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://g.msn.com/USCON/1
    IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

    IE - HKU\S-1-5-18\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://g.msn.com/USCON/1
    IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0


    IE - HKU\S-1-5-20\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

    IE - HKU\S-1-5-21-47230063-2425660698-373674202-1005\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.com/
    IE - HKU\S-1-5-21-47230063-2425660698-373674202-1005\..\SearchScopes,DefaultScope = {4278B7FE-56FE-4B4D-98F0-6BB72A0D4A1E}
    IE - HKU\S-1-5-21-47230063-2425660698-373674202-1005\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE8SRC
    IE - HKU\S-1-5-21-47230063-2425660698-373674202-1005\..\SearchScopes\{4278B7FE-56FE-4B4D-98F0-6BB72A0D4A1E}: "URL" = http://www.google.com/search?q={sea...rce}&ie={inputEncoding?}&oe={outputEncoding?}
    IE - HKU\S-1-5-21-47230063-2425660698-373674202-1005\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0


    ========== FireFox ==========

    FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\4.1.10329.0\npctrl.dll ( Microsoft Corporation)
    FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=14.0.8051.1204: C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
    FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: c:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
    FF - HKLM\Software\MozillaPlugins\Adobe Acrobat: C:\Program Files\Adobe\Acrobat 9.0\Acrobat\Air\nppdf32.dll (Adobe Systems Inc.)



    O1 HOSTS File: ([2008/04/14 05:00:00 | 000,000,734 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\hosts
    O1 - Hosts: 127.0.0.1 localhost
    O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - No CLSID value found.
    O2 - BHO: (Adobe PDF Conversion Toolbar Helper) - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
    O2 - BHO: (SmartSelect Class) - {F4971EE7-DAA0-4053-9964-665D8EE6A077} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
    O3 - HKLM\..\Toolbar: (Adobe PDF) - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
    O3 - HKU\S-1-5-21-47230063-2425660698-373674202-1005\..\Toolbar\WebBrowser: (no name) - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - No CLSID value found.
    O3 - HKU\S-1-5-21-47230063-2425660698-373674202-1005\..\Toolbar\WebBrowser: (Adobe PDF) - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
    O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
    O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
    O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
    O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
    O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
    O7 - HKU\.DEFAULT\Software\Policies\Microsoft\Internet Explorer\Control Panel present
    O7 - HKU\.DEFAULT\Software\Policies\Microsoft\Internet Explorer\Recovery present
    O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
    O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
    O7 - HKU\S-1-5-18\Software\Policies\Microsoft\Internet Explorer\Control Panel present
    O7 - HKU\S-1-5-18\Software\Policies\Microsoft\Internet Explorer\Recovery present
    O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
    O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
    O7 - HKU\S-1-5-19\Software\Policies\Microsoft\Internet Explorer\Control Panel present
    O7 - HKU\S-1-5-19\Software\Policies\Microsoft\Internet Explorer\Recovery present
    O7 - HKU\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
    O7 - HKU\S-1-5-20\Software\Policies\Microsoft\Internet Explorer\Control Panel present
    O7 - HKU\S-1-5-20\Software\Policies\Microsoft\Internet Explorer\Recovery present
    O7 - HKU\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
    O7 - HKU\S-1-5-21-47230063-2425660698-373674202-1005\Software\Policies\Microsoft\Internet Explorer\Control Panel present
    O7 - HKU\S-1-5-21-47230063-2425660698-373674202-1005\Software\Policies\Microsoft\Internet Explorer\Recovery present
    O7 - HKU\S-1-5-21-47230063-2425660698-373674202-1005\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
    O7 - HKU\S-1-5-21-47230063-2425660698-373674202-1005\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
    O7 - HKU\S-1-5-21-47230063-2425660698-373674202-1005\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
    O8 - Extra context menu item: Append Link Target to Existing PDF - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
    O8 - Extra context menu item: Append to Existing PDF - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
    O8 - Extra context menu item: Convert Link Target to Adobe PDF - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
    O8 - Extra context menu item: Convert to Adobe PDF - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
    O15 - HKU\S-1-5-21-47230063-2425660698-373674202-1005\..Trusted Domains: intuit.com ([ttlc] https in Trusted sites)
    O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} http://www.update.microsoft.com/win...ls/en/x86/client/wuweb_site.cab?1345695779000 (WUWebControl Class)
    O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} http://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1251171744421 (MUWebControl Class)
    O16 - DPF: {73ECB3AA-4717-450C-A2AB-D00DAD9EE203} http://h20270.www2.hp.com/ediags/gmn2/install/HPProductDetection2.cab (GMNRev Class)
    O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_13-windows-i586.cab (Java Plug-in 1.6.0_13)
    O16 - DPF: {CAFEEFAC-0016-0000-0013-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_13-windows-i586.cab (Java Plug-in 1.6.0_13)
    O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_13-windows-i586.cab (Java Plug-in 1.6.0_13)
    O18 - Protocol\Handler\intu-help-qb1 {9B0F96C7-2E4B-433e-ABF3-043BA1B54AE3} - C:\Program Files\Intuit\QuickBooks 2008\HelpAsyncPluggableProtocol.dll (TODO: <Company name>)
    O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
    O20 - HKLM Winlogon: UserInit - (C:\WINDOWS\system32\userinit.exe) - C:\WINDOWS\system32\userinit.exe (Microsoft Corporation)
    O24 - Desktop WallPaper: C:\WINDOWS\Web\Wallpaper\Bliss.bmp
    O24 - Desktop BackupWallPaper: C:\WINDOWS\Web\Wallpaper\Bliss.bmp
    O32 - HKLM CDRom: AutoRun - 1
    O32 - AutoRun File - [2008/04/25 14:29:32 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
    O32 - AutoRun File - [2008/05/06 05:26:23 | 000,000,309 | R--- | M] () - E:\autorun.inf -- [ CDFS ]
    O34 - HKLM BootExecute: (autocheck autochk *)
    O35 - HKLM\..comfile [open] -- "%1" %*
    O35 - HKLM\..exefile [open] -- "%1" %*
    O37 - HKLM\...com [@ = ComFile] -- "%1" %*
    O37 - HKLM\...exe [@ = exefile] -- "%1" %*
    O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
    O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)

    ========== Files/Folders - Created Within 30 Days ==========

    [2012/08/25 17:17:42 | 000,000,000 | -HSD | C] -- C:\RECYCLER
    [2012/08/25 17:14:27 | 000,596,480 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\user1\Desktop\OTL.exe
    [2012/08/25 16:20:00 | 000,000,000 | RHSD | C] -- C:\cmdcons
    [2012/08/25 16:13:57 | 000,000,000 | ---D | C] -- C:\WINDOWS\LastGood
    [2012/08/25 11:45:15 | 004,738,846 | R--- | C] (Swearware) -- C:\Documents and Settings\user1\Desktop\ComboFix.exe
    [2012/08/25 10:44:57 | 000,518,144 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWREG.exe
    [2012/08/25 10:44:57 | 000,406,528 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWSC.exe
    [2012/08/25 10:44:57 | 000,212,480 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWXCACLS.exe
    [2012/08/25 10:44:57 | 000,060,416 | ---- | C] (NirSoft) -- C:\WINDOWS\NIRCMD.exe
    [2012/08/25 10:41:53 | 000,000,000 | ---D | C] -- C:\Qoobox
    [2012/08/25 10:41:42 | 000,000,000 | ---D | C] -- C:\WINDOWS\erdnt
    [2012/08/24 22:11:18 | 000,000,000 | ---D | C] -- C:\TDSSKiller_Quarantine
    [2012/08/24 08:00:26 | 000,000,000 | ---D | C] -- C:\Kaspersky Rescue Disk 10.0
    [2012/08/23 20:16:24 | 000,000,000 | ---D | C] -- C:\Documents and Settings\user1\Desktop\Removal Tools
    [2012/08/22 20:35:30 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Hewlett-Packard
    [2012/08/22 20:32:49 | 000,000,000 | ---D | C] -- C:\HP CLJ3600 Driver
    [2012/08/22 20:00:24 | 000,000,000 | ---D | C] -- C:\Documents and Settings\user1\temp
    [2012/08/22 19:01:47 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\Malwarebytes' Anti-Malware
    [2012/08/21 20:05:28 | 000,000,000 | ---D | C] -- C:\Documents and Settings\user1\Application Data\U3
    [2012/08/20 13:10:58 | 000,040,776 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbamswissarmy.sys
    [2012/08/20 12:44:29 | 000,000,000 | ---D | C] -- C:\Documents and Settings\NetworkService\Application Data\Macromedia
    [2012/08/20 12:44:22 | 000,000,000 | ---D | C] -- C:\Documents and Settings\NetworkService\Application Data\Adobe
    [2012/08/20 12:05:28 | 000,000,000 | ---D | C] -- C:\Documents and Settings\LocalService\Application Data\Macromedia
    [2012/08/20 12:05:24 | 000,000,000 | ---D | C] -- C:\Documents and Settings\LocalService\Application Data\Adobe
    [2012/08/20 11:48:35 | 000,000,000 | -HSD | C] -- C:\WINDOWS\CSC
    [2012/08/20 11:37:58 | 000,000,000 | R--D | C] -- C:\Documents and Settings\user1\Recent
    [2012/08/20 11:37:03 | 000,000,000 | ---D | C] -- C:\WINDOWS\Minidump
    [2011/03/29 08:51:37 | 001,062,984 | ---- | C] (Citrix Online, a division of Citrix Systems, Inc.) -- C:\Documents and Settings\user1\gotomypc_540.exe
    [2009/09/13 16:42:50 | 000,726,008 | ---- | C] (Citrix Online, a division of Citrix Systems, Inc.) -- C:\Documents and Settings\user1\gotomypc_438.exe
    [1 C:\WINDOWS\System32\drivers\*.tmp files -> C:\WINDOWS\System32\drivers\*.tmp -> ]
    [1 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]

    ========== Files - Modified Within 30 Days ==========

    [2012/08/25 16:20:05 | 000,000,331 | RHS- | M] () -- C:\boot.ini
    [2012/08/25 12:01:27 | 000,002,206 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
    [2012/08/25 12:01:02 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
    [2012/08/25 12:01:01 | 3184,578,560 | -HS- | M] () -- C:\hiberfil.sys
    [2012/08/25 11:44:33 | 000,001,945 | ---- | M] () -- C:\WINDOWS\epplauncher.mif
    [2012/08/25 10:44:05 | 000,000,215 | ---- | M] () -- C:\Boot.bak
    [2012/08/25 02:45:20 | 004,738,846 | R--- | M] (Swearware) -- C:\Documents and Settings\user1\Desktop\ComboFix.exe
    [2012/08/23 21:39:22 | 000,000,192 | ---- | M] () -- C:\WINDOWS\tasks\pstbkup.job
    [2012/08/22 15:59:24 | 000,001,324 | ---- | M] () -- C:\WINDOWS\System32\d3d9caps.dat
    [2012/08/21 21:07:36 | 000,000,690 | ---- | M] () -- C:\Documents and Settings\user1\Desktop\Malwarebytes.lnk
    [2012/08/21 20:15:39 | 000,035,144 | ---- | M] () -- C:\WINDOWS\System32\drivers\48230029.sys
    [2012/08/20 13:15:40 | 000,040,776 | ---- | M] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbamswissarmy.sys
    [2012/08/20 13:10:55 | 000,035,144 | ---- | M] () -- C:\WINDOWS\System32\drivers\mbamchameleon.sys
    [2012/08/19 15:44:59 | 000,000,152 | ---- | M] () -- C:\Documents and Settings\All Users\Application Data\-xLLA5Z0mWJT9dor
    [2012/08/19 15:44:59 | 000,000,152 | ---- | M] () -- C:\Documents and Settings\All Users\Application Data\-xLLA5Z0mWJT9do
    [2012/08/19 14:55:49 | 000,002,491 | ---- | M] () -- C:\Documents and Settings\user1\Application Data\Microsoft\Internet Explorer\Quick Launch\Microsoft Office Excel 2007.lnk
    [2012/08/19 14:14:24 | 000,596,480 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\user1\Desktop\OTL.exe
    [2012/08/16 09:59:24 | 000,002,533 | ---- | M] () -- C:\Documents and Settings\user1\Application Data\Microsoft\Internet Explorer\Quick Launch\Microsoft Office Word 2007.lnk
    [2012/08/16 03:21:08 | 000,204,120 | ---- | M] () -- C:\WINDOWS\System32\FNTCACHE.DAT
    [2012/08/16 03:04:37 | 000,001,374 | ---- | M] () -- C:\WINDOWS\imsins.BAK
    [2012/08/14 08:52:37 | 000,000,794 | ---- | M] () -- C:\Documents and Settings\user1\Application Data\Microsoft\Internet Explorer\Quick Launch\Microsoft Office Outlook.lnk
    [2012/08/09 16:57:26 | 000,000,036 | ---- | M] () -- C:\WINDOWS\System32\f9t.dat
    [1 C:\WINDOWS\System32\drivers\*.tmp files -> C:\WINDOWS\System32\drivers\*.tmp -> ]
    [1 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]

    ========== Files Created - No Company Name ==========

    [2012/08/25 16:20:05 | 000,000,215 | ---- | C] () -- C:\Boot.bak
    [2012/08/25 16:20:02 | 000,237,728 | RHS- | C] () -- C:\cmldr
    [2012/08/25 10:44:57 | 000,256,000 | ---- | C] () -- C:\WINDOWS\PEV.exe
    [2012/08/25 10:44:57 | 000,208,896 | ---- | C] () -- C:\WINDOWS\MBR.exe
    [2012/08/25 10:44:57 | 000,098,816 | ---- | C] () -- C:\WINDOWS\sed.exe
    [2012/08/25 10:44:57 | 000,080,412 | ---- | C] () -- C:\WINDOWS\grep.exe
    [2012/08/25 10:44:57 | 000,068,096 | ---- | C] () -- C:\WINDOWS\zip.exe
    [2012/08/24 22:30:59 | 3184,578,560 | -HS- | C] () -- C:\hiberfil.sys
    [2012/08/22 20:43:22 | 000,001,945 | ---- | C] () -- C:\WINDOWS\epplauncher.mif
    [2012/08/22 19:01:48 | 000,001,986 | ---- | C] () -- C:\Documents and Settings\All Users\Start Menu\Programs\MSN.LNK
    [2012/08/22 19:01:48 | 000,001,719 | ---- | C] () -- C:\Documents and Settings\All Users\Start Menu\Programs\PowerDVD DX.lnk
    [2012/08/22 19:01:48 | 000,000,786 | ---- | C] () -- C:\Documents and Settings\All Users\Start Menu\Programs\Windows Movie Maker.LNK
    [2012/08/22 19:01:48 | 000,000,609 | ---- | C] () -- C:\Documents and Settings\All Users\Start Menu\Programs\Windows Messenger.LNK
    [2012/08/22 19:01:47 | 000,002,413 | ---- | C] () -- C:\Documents and Settings\All Users\Start Menu\Programs\Adobe Acrobat 9 Standard.lnk
    [2012/08/22 19:01:47 | 000,002,371 | ---- | C] () -- C:\Documents and Settings\All Users\Start Menu\Programs\Acrobat Distiller 9.lnk
    [2012/08/22 19:01:47 | 000,002,347 | ---- | C] () -- C:\Documents and Settings\All Users\Start Menu\Programs\Adobe Reader 9.lnk
    [2012/08/22 19:01:47 | 000,000,742 | ---- | C] () -- C:\Documents and Settings\All Users\Start Menu\Programs\Acrobat.com.lnk
    [2012/08/21 21:07:36 | 000,000,690 | ---- | C] () -- C:\Documents and Settings\user1\Desktop\Malwarebytes.lnk
    [2012/08/21 20:13:34 | 000,035,144 | ---- | C] () -- C:\WINDOWS\System32\drivers\48230029.sys
    [2012/08/20 12:16:03 | 000,035,144 | ---- | C] () -- C:\WINDOWS\System32\drivers\mbamchameleon.sys
    [2012/08/20 12:00:15 | 000,000,804 | ---- | C] () -- C:\WINDOWS\Installer\{bdf6bac7-f87e-ad89-97e4-691403966828}\L\00000004.@
    [2012/08/19 15:44:59 | 000,000,152 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\-xLLA5Z0mWJT9dor
    [2012/08/19 15:44:58 | 000,000,152 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\-xLLA5Z0mWJT9do
    [2012/06/05 03:16:41 | 003,038,176 | ---- | C] () -- C:\Documents and Settings\LocalService\Local Settings\Application Data\FontCache3.0.0.0.dat
    [2012/05/27 11:21:33 | 000,000,332 | ---- | C] () -- C:\WINDOWS\System32\CNCMFP32.INI
    [2012/02/15 02:05:02 | 000,003,072 | ---- | C] () -- C:\WINDOWS\System32\iacenc.dll
    [2012/01/16 03:28:13 | 003,630,519 | ---- | C] () -- C:\Documents and Settings\LocalService\Local Settings\Application Data\WPFFontCache_v0400-S-1-5-21-47230063-2425660698-373674202-1005-0.dat
    [2012/01/16 03:28:12 | 000,204,122 | ---- | C] () -- C:\Documents and Settings\LocalService\Local Settings\Application Data\WPFFontCache_v0400-System.dat
    [2012/01/15 14:59:22 | 000,000,590 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\Microsoft.SqlServer.Compact.400.32.bc
    [2011/07/28 11:43:07 | 000,000,036 | ---- | C] () -- C:\WINDOWS\System32\f9t.dat
    [2011/07/11 10:52:22 | 000,037,879 | ---- | C] () -- C:\Documents and Settings\user1\Application Data\Comma Separated Values (DOS).ADR
    [2008/04/25 09:16:20 | 000,002,048 | -HS- | C] () -- C:\WINDOWS\Installer\{bdf6bac7-f87e-ad89-97e4-691403966828}\@
    [2008/04/25 09:16:20 | 000,002,048 | -HS- | C] () -- C:\Documents and Settings\user1\Local Settings\Application Data\{bdf6bac7-f87e-ad89-97e4-691403966828}\@

    ========== LOP Check ==========

    [2009/08/15 08:39:17 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\Windows Desktop Search
    [2010/02/25 12:15:41 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\COMMON FILES
    [2010/02/05 13:59:46 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\PC Drivers HeadQuarters
    [2009/08/15 08:43:41 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Uninstall
    [2011/07/28 11:43:24 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\{2C9DBDBB-2D80-410C-8699-A38A9E6168ED}
    [2011/07/28 11:43:57 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\{4E417984-0B3D-48F3-9FA4-E1ABB0DA51B7}
    [2011/07/28 11:43:47 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\{C243CCC8-5474-45FC-A546-7FBC284A692E}
    [2011/07/28 11:43:36 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\{F74FAF01-6ED9-4DAC-8BD2-E5F7C218B43C}
    [2009/08/15 08:39:17 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Default User\Application Data\Windows Desktop Search
    [2009/08/15 08:39:17 | 000,000,000 | ---D | M] -- C:\Documents and Settings\QBDataServiceUser18\Application Data\Windows Desktop Search
    [2012/05/27 11:22:52 | 000,000,000 | ---D | M] -- C:\Documents and Settings\user1\Application Data\Canon
    [2011/05/23 15:46:54 | 000,000,000 | ---D | M] -- C:\Documents and Settings\user1\Application Data\Fujitsu
    [2012/03/10 20:03:53 | 000,000,000 | ---D | M] -- C:\Documents and Settings\user1\Application Data\PFU
    [2011/07/28 11:45:14 | 000,000,000 | ---D | M] -- C:\Documents and Settings\user1\Application Data\Stamps.com Internet Postage
    [2012/03/10 09:58:35 | 000,000,000 | ---D | M] -- C:\Documents and Settings\user1\Application Data\TeamViewer
    [2010/02/19 11:34:29 | 000,000,000 | ---D | M] -- C:\Documents and Settings\user1\Application Data\Windows Search
    [2012/08/23 21:39:22 | 000,000,192 | ---- | M] () -- C:\WINDOWS\Tasks\pstbkup.job

    ========== Purity Check ==========



    < End of report >
     
  20. Deb Jones

    Deb Jones TS Rookie Topic Starter

    ===========================================================================================
    OTL Extras logfile created on: 8/25/2012 5:17:57 PM - Run 1
    OTL by OldTimer - Version 3.2.58.1 Folder = C:\Documents and Settings\user1\Desktop
    Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
    Internet Explorer (Version = 8.0.6001.18702)
    Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

    2.97 Gb Total Physical Memory | 2.47 Gb Available Physical Memory | 83.31% Memory free
    4.81 Gb Paging File | 4.54 Gb Available in Paging File | 94.50% Paging File free
    Paging file location(s): C:\pagefile.sys 2046 4092 [binary data]

    %SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
    Drive C: | 455.96 Gb Total Space | 431.67 Gb Free Space | 94.67% Space Free | Partition Type: NTFS
    Drive E: | 6.67 Mb Total Space | 0.00 Mb Free Space | 0.00% Space Free | Partition Type: CDFS
    Drive F: | 7.47 Gb Total Space | 6.49 Gb Free Space | 86.95% Space Free | Partition Type: FAT32

    Computer Name: PAYSON1 | User Name: user1 | Logged in as Administrator.
    Boot Mode: Normal | Scan Mode: All users | Quick Scan
    Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

    ========== Extra Registry (SafeList) ==========


    ========== File Associations ==========

    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
    .cpl [@ = cplfile] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*
    .url [@ = InternetShortcut] -- rundll32.exe ieframe.dll,OpenURL %l

    ========== Shell Spawning ==========

    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
    batfile [open] -- "%1" %*
    cmdfile [open] -- "%1" %*
    comfile [open] -- "%1" %*
    cplfile [cplopen] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*
    exefile [open] -- "%1" %*
    InternetShortcut [open] -- rundll32.exe ieframe.dll,OpenURL %l
    piffile [open] -- "%1" %*
    regfile [merge] -- Reg Error: Key error.
    scrfile [config] -- "%1"
    scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
    scrfile [open] -- "%1" /S
    txtfile [edit] -- Reg Error: Key error.
    Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
    Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
    Folder [open] -- %SystemRoot%\Explorer.exe /idlist,%I,%L (Microsoft Corporation)
    Folder [explore] -- %SystemRoot%\Explorer.exe /e,/idlist,%I,%L (Microsoft Corporation)
    Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

    ========== Security Center Settings ==========

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
    "FirstRun" = 1
    "AntiVirusDisableNotify" = 0
    "FirewallDisableNotify" = 0
    "UpdatesDisableNotify" = 0
    "AntiVirusOverride" = 0
    "FirewallOverride" = 0

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\AhnlabAntiVirus]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiVirus]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaAntiVirus]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaFirewall]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TinyFirewall]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendAntiVirus]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendFirewall]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall]

    ========== System Restore Settings ==========

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]
    "DisableSR" = 0

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Sr]
    "Start" = 0

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SrService]
    "Start" = 2

    ========== Firewall Settings ==========

    [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\StandardProfile]

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
    "EnableFirewall" = 1
    "DoNotAllowExceptions" = 0
    "DisableNotifications" = 0

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\GloballyOpenPorts\List]
    "139:TCP" = 139:TCP:*:Enabled:mad:xpsp2res.dll,-22004
    "445:TCP" = 445:TCP:*:Enabled:mad:xpsp2res.dll,-22005
    "137:UDP" = 137:UDP:*:Enabled:mad:xpsp2res.dll,-22001
    "138:UDP" = 138:UDP:*:Enabled:mad:xpsp2res.dll,-22002

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
    "EnableFirewall" = 1
    "DoNotAllowExceptions" = 0
    "DisableNotifications" = 0

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]
    "139:TCP" = 139:TCP:LocalSubNet:Enabled:mad:xpsp2res.dll,-22004
    "445:TCP" = 445:TCP:LocalSubNet:Enabled:mad:xpsp2res.dll,-22005
    "137:UDP" = 137:UDP:LocalSubNet:Enabled:mad:xpsp2res.dll,-22001
    "138:UDP" = 138:UDP:LocalSubNet:Enabled:mad:xpsp2res.dll,-22002

    ========== Authorized Applications List ==========

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]


    ========== HKEY_LOCAL_MACHINE Uninstall List ==========

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
    "{00203668-8170-44A0-BE44-B632FA4D780F}" = Adobe AIR
    "{020D8396-D6D9-4B53-A9A1-83C47E2E27AA}" = Windows Live Call
    "{04E54838-9F21-4615-8CF1-ACC7CF41008B}" = PDF Thumbnail View
    "{05BDC796-3451-4F81-B91D-E98F7ADA76C2}" = TurboTax 2010 WinPerTaxSupport
    "{08E81ABD-79F7-49C2-881F-FD6CB0975693}" = Roxio Creator Data
    "{09760D42-E223-42AD-8C3E-55B47D0DDAC3}" = Roxio Creator DE
    "{0AAA9C97-74D4-47CE-B089-0B147EF3553C}" = Windows Live Messenger
    "{0ABC556A-5A27-4708-9021-B72FB0F8B1F6}" = Canon MF4200 Series
    "{1F54DAFA-9261-4A62-B59D-6C9F26B48FE4}" = Roxio Creator Tools
    "{205C6BDD-7B73-42DE-8505-9A093F35A238}" = Windows Live Upload Tool
    "{22B775E7-6C42-4FC5-8E10-9A5E3257BD94}" = MSVCRT
    "{26A24AE4-039D-4CA4-87B4-2F83216013FF}" = Java(TM) 6 Update 13
    "{30465B6C-B53F-49A1-9EBA-A3F187AD502E}" = Roxio Update Manager
    "{350C97B0-3D7C-4EE8-BAA9-00BCB3D54227}" = WebFldrs XP
    "{35D5A740-EAA2-012B-AD08-000000000000}" = TurboTax 2009 waziper
    "{3782EC09-4000-475E-8A59-9CABD6F03B4C}" = TurboTax 2010 WinPerFedFormset
    "{3881DB80-EAA2-012B-ADAE-000000000000}" = TurboTax 2009 WinPerFedFormset
    "{38975F50-EAA2-012B-ADB4-000000000000}" = TurboTax 2009 WinPerReleaseEngine
    "{38A34630-EAA2-012B-ADB6-000000000000}" = TurboTax 2009 WinPerTaxSupport
    "{3C3901C5-3455-3E0A-A214-0B093A5070A6}" = Microsoft .NET Framework 4 Client Profile
    "{3C5A81D0-EAA2-012B-AE9F-000000000000}" = TurboTax 2009 wrapper
    "{3CF31850-EAA2-012B-AEC5-000000000000}" = TurboTax 2009 wutiper
    "{42D68A86-DB1C-4256-B8C9-5D0D92919AF5}" = Banctec Service Agreement
    "{47ECCB1F-2811-49C0-B6A7-26778639ABA0}" = 32 Bit HP CIO Components Installer
    "{4AB8B41B-3AF1-46BE-99B0-0ACD3B300C0A}" = Junk Mail filter update
    "{4F2FCCCF-29F3-44B9-886F-6D16F8417522}" = TurboTax 2010 wrapper
    "{520C1D80-935C-42B9-9340-E883849D804F}_is1" = DriverTuner 3.1.0.0
    "{5A3F6A80-7913-475E-8B96-477A952CFA43}" = SupportSoft Assisted Service
    "{63C1109E-D977-49ED-BCE3-D00D0BF187D6}" = Windows Live Mail
    "{6675CA7F-E51B-4F6A-99D4-F8F0124C6EAA}" = Roxio Express Labeler 3
    "{6767DFEE-8909-453A-B553-C7693912B2EB}" = Canon MF Toolbox 4.9.1.1.mf12
    "{6811CAA0-BF12-11D4-9EA1-0050BAE317E1}" = PowerDVD
    "{698AC01B-DF0C-4BCE-940C-EB29AD23A560}" = Stamps.com
    "{6A92E5C5-0578-443D-91F3-92ECE5F2CAE2}" = Windows Live Writer
    "{716E0306-8318-4364-8B8F-0CC4E9376BAC}" = MSXML 4.0 SP2 Parser and SDK
    "{73A4F29F-31AC-4EBD-AA1B-0CC5F18C8F83}" = Roxio Creator Audio
    "{74F7662C-B1DB-489E-A8AC-07A06B24978B}" = Dell System Restore
    "{77DCDCE3-2DED-62F3-8154-05E745472D07}" = Acrobat.com
    "{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
    "{8A5CC6AC-5807-4348-B963-87CE46DACA3F}" = TurboTax 2011 waziper
    "{8A74E887-8F0F-4017-AF53-CBA42211AAA5}" = Microsoft Sync Framework Runtime Native v1.0 (x86)
    "{8ECB8220-F422-4BEB-9596-97033C533702}" = QuickBooks Pro 2008
    "{8FFC5648-FAF8-43A3-BC8F-42BA1E275C4E}" = Choice Guard
    "{90120000-0010-0409-0000-0000000FF1CE}" = Microsoft Software Update for Web Folders (English) 12
    "{90120000-0016-0409-0000-0000000FF1CE}" = Microsoft Office Excel MUI (English) 2007
    "{90120000-0016-0409-0000-0000000FF1CE}_HOMESTUDENTR_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
    "{90120000-0018-0409-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (English) 2007
    "{90120000-0018-0409-0000-0000000FF1CE}_HOMESTUDENTR_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
    "{90120000-001A-0409-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (English) 2007
    "{90120000-001A-0409-0000-0000000FF1CE}_OUTLOOKR_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
    "{90120000-001B-0409-0000-0000000FF1CE}" = Microsoft Office Word MUI (English) 2007
    "{90120000-001B-0409-0000-0000000FF1CE}_HOMESTUDENTR_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
    "{90120000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2007
    "{90120000-001F-0409-0000-0000000FF1CE}_HOMESTUDENTR_{1FF96026-A04A-4C3E-B50A-BB7022654D0F}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
    "{90120000-001F-0409-0000-0000000FF1CE}_OUTLOOKR_{1FF96026-A04A-4C3E-B50A-BB7022654D0F}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
    "{90120000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2007
    "{90120000-001F-040C-0000-0000000FF1CE}_HOMESTUDENTR_{71F055E8-E2C6-4214-BB3D-BFE03561B89E}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
    "{90120000-001F-040C-0000-0000000FF1CE}_OUTLOOKR_{71F055E8-E2C6-4214-BB3D-BFE03561B89E}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
    "{90120000-001F-0C0A-0000-0000000FF1CE}" = Microsoft Office Proof (Spanish) 2007
    "{90120000-001F-0C0A-0000-0000000FF1CE}_HOMESTUDENTR_{2314F9A1-126F-45CC-8A5E-DFAF866F3FBC}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
    "{90120000-001F-0C0A-0000-0000000FF1CE}_OUTLOOKR_{2314F9A1-126F-45CC-8A5E-DFAF866F3FBC}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
    "{90120000-0020-0409-0000-0000000FF1CE}" = Compatibility Pack for the 2007 Office system
    "{90120000-002C-0409-0000-0000000FF1CE}" = Microsoft Office Proofing (English) 2007
    "{90120000-006E-0409-0000-0000000FF1CE}" = Microsoft Office Shared MUI (English) 2007
    "{90120000-006E-0409-0000-0000000FF1CE}_HOMESTUDENTR_{98333358-268C-4164-B6D4-C96DF5153727}" = Microsoft Office 2007 Service Pack 3 (SP3)
    "{90120000-006E-0409-0000-0000000FF1CE}_OUTLOOKR_{98333358-268C-4164-B6D4-C96DF5153727}" = Microsoft Office 2007 Service Pack 3 (SP3)
    "{90120000-00A1-0409-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (English) 2007
    "{90120000-00A1-0409-0000-0000000FF1CE}_HOMESTUDENTR_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
    "{90120000-0115-0409-0000-0000000FF1CE}" = Microsoft Office Shared Setup Metadata MUI (English) 2007
    "{90120000-0115-0409-0000-0000000FF1CE}_HOMESTUDENTR_{98333358-268C-4164-B6D4-C96DF5153727}" = Microsoft Office 2007 Service Pack 3 (SP3)
    "{90120000-0115-0409-0000-0000000FF1CE}_OUTLOOKR_{98333358-268C-4164-B6D4-C96DF5153727}" = Microsoft Office 2007 Service Pack 3 (SP3)
    "{90140000-2005-0000-0000-0000000FF1CE}" = Microsoft Office File Validation Add-In
    "{91120000-001A-0000-0000-0000000FF1CE}" = Microsoft Office Outlook 2007
    "{91120000-001A-0000-0000-0000000FF1CE}_OUTLOOKR_{6E107EB7-8B55-48BF-ACCB-199F86A2CD93}" = Microsoft Office 2007 Service Pack 3 (SP3)
    "{91120000-002F-0000-0000-0000000FF1CE}" = Microsoft Office Home and Student 2007
    "{91120000-002F-0000-0000-0000000FF1CE}_HOMESTUDENTR_{6E107EB7-8B55-48BF-ACCB-199F86A2CD93}" = Microsoft Office 2007 Service Pack 3 (SP3)
    "{9422C8EA-B0C6-4197-B8FC-DC797658CA00}" = Windows Live Sign-in Assistant
    "{95120000-00AF-0409-0000-0000000FF1CE}" = Microsoft Office PowerPoint Viewer 2007 (English)
    "{95120000-00B9-0409-0000-0000000FF1CE}" = Microsoft Application Error Reporting
    "{9E5A03E3-6246-4920-9630-0527D5DA9B07}" = iSEEK AnswerWorks English Runtime
    "{A1F66FC9-11EE-4F2F-98C9-16F8D1E69FB7}" = Segoe UI
    "{A3051CD0-2F64-3813-A88D-B8DCCDE8F8C7}" = Microsoft .NET Framework 3.0 Service Pack 2
    "{A525E00B-6609-442E-9DCD-64453C233E8D}" = TurboTax 2010 WinPerReleaseEngine
    "{AC76BA86-1033-0000-BA7E-000000000004}" = Adobe Acrobat 9 Standard
    "{AC76BA86-1033-0000-BA7E-000000000004}_950" = Adobe Acrobat 9.5.0 - CPSID_83708
    "{AC76BA86-1033-0000-BA7E-000000000004}{AC76BA86-1033-0000-BA7E-000000000004}" = Adobe Acrobat 9 Standard
    "{AC76BA86-7AD7-1033-7B44-A91000000001}" = Adobe Reader 9.1.3
    "{AC76BA86-7AD7-5464-3428-900000000004}" = Spelling Dictionaries Support For Adobe Reader 9
    "{B2544A03-10D0-4E5E-BA69-0362FFC20D18}" = OGA Notifier 2.0.0048.0
    "{B6A26DE5-F2B5-4D58-9570-4FC760E00FCD}" = Roxio Creator Copy
    "{BAF78226-3200-4DB4-BE33-4D922A799840}" = Windows Presentation Foundation
    "{BD64AF4A-8C80-4152-AD77-FCDDF05208AB}" = Microsoft Sync Framework Services Native v1.0 (x86)
    "{BFCA7375-81A2-44F8-BFC1-0DC5A3D23405}" = TurboTax 2010 wutiper
    "{C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F}" = Microsoft .NET Framework 2.0 Service Pack 2
    "{CAE7D1D9-3794-4169-B4DD-964ADBC534EE}" = HP Product Detection
    "{CAF5B770-082F-40C4-853D-3973BB81BDAA}" = TurboTax 2011 WinPerTaxSupport
    "{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}" = Microsoft .NET Framework 1.1
    "{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
    "{CE4C9170-F517-42EB-A5CB-F16DE610315A}" = Stamps.com Application Support for Microsoft Outlook 2000-2010
    "{D4F2AFD3-0167-4464-B92F-78AB6DA8A0AA}" = CardMinder V2.0
    "{D61C1058-EDC7-48D0-85B2-B322BE385059}" = Stamps.com Address Book Support for Microsoft Outlook 97-2010
    "{D9D754A1-EAC5-406C-A28B-C49B1E846711}" = Windows Live Essentials
    "{DAD4DE93-9438-4823-AE5E-93A1BE846FE0}" = Stamps.com Application Support for Microsoft Word 2000-2010
    "{E463E171-4082-4744-A466-F7CBE8502789}" = TurboTax 2011 WinPerReleaseEngine
    "{E90F8E55-A3EE-41AF-88E3-ED2EA0ECE46C}" = TurboTax 2010 waziper
    "{ED439A64-F018-4DD4-8BA5-328D85AB09AB}" = Roxio Creator DE
    "{EE556A3E-EB37-4392-9637-BAA8EC2F47FA}" = TurboTax 2011 wrapper
    "{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}" = Microsoft SQL Server 2005 Compact Edition [ENU]
    "{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}" = Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219
    "{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
    "{F69E83CF-B440-43F8-89E6-6EA80712109B}" = Windows Live Communications Platform
    "{F73A5B18-EB75-4B2C-B32D-9457576E2417}" = Windows Live Photo Gallery
    "{FAD3D68B-2F9C-459B-AA79-C04B9090FD72}" = TurboTax 2011 WinPerFedFormset
    "{FDD810CA-D5E3-40E9-AB7B-36440B0D41EF}" = Windows Live Sync
    "Adobe AIR" = Adobe AIR
    "Adobe Flash Player ActiveX" = Adobe Flash Player 11 ActiveX
    "com.adobe.mauby.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1" = Acrobat.com
    "HDMI" = Intel(R) Graphics Media Accelerator Driver
    "HOMESTUDENTR" = Microsoft Office Home and Student 2007
    "ie8" = Windows Internet Explorer 8
    "Malwarebytes' Anti-Malware_is1" = Malwarebytes Anti-Malware version 1.60.1.1000
    "Microsoft .NET Framework 1.1 (1033)" = Microsoft .NET Framework 1.1
    "Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
    "Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
    "OUTLOOKR" = Microsoft Office Outlook 2007
    "Stamps.com" = Stamps.com
    "Stamps.com support for Microsoft Outlook 2000-2010" = Stamps.com support for Microsoft Outlook 2000-2010
    "Stamps.com support for Microsoft Outlook 97-2010" = Stamps.com support for Microsoft Outlook 97-2010
    "Stamps.com support for Microsoft Word 2000-2010" = Stamps.com support for Microsoft Word 2000-2010
    "TeamViewer 7" = TeamViewer 7
    "TurboTax 2009" = TurboTax 2009
    "TurboTax 2010" = TurboTax 2010
    "TurboTax 2011" = TurboTax 2011
    "WinLiveSuite_Wave3" = Windows Live Essentials
    "XpsEPSC" = XML Paper Specification Shared Components Pack 1.0

    ========== Last 20 Event Log Errors ==========

    [ Application Events ]
    Error - 8/22/2012 10:24:41 PM | Computer Name = PAYSON1 | Source = Avira Antivirus | ID = 4122
    Description =

    Error - 8/22/2012 11:10:05 PM | Computer Name = PAYSON1 | Source = Avira Antivirus | ID = 4122
    Description =

    Error - 8/22/2012 11:33:08 PM | Computer Name = PAYSON1 | Source = Avira Antivirus | ID = 4122
    Description =

    Error - 8/22/2012 11:43:15 PM | Computer Name = PAYSON1 | Source = MPSampleSubmission | ID = 5000
    Description =

    Error - 8/22/2012 11:43:18 PM | Computer Name = PAYSON1 | Source = Microsoft Security Client | ID = 5000
    Description =

    Error - 8/22/2012 11:47:31 PM | Computer Name = PAYSON1 | Source = MPSampleSubmission | ID = 5000
    Description =

    Error - 8/23/2012 12:30:48 AM | Computer Name = PAYSON1 | Source = Avira Antivirus | ID = 4122
    Description =

    Error - 8/23/2012 12:42:07 AM | Computer Name = PAYSON1 | Source = Avira Antivirus | ID = 4122
    Description =

    Error - 8/23/2012 12:46:19 AM | Computer Name = PAYSON1 | Source = Avira Antivirus | ID = 4122
    Description =

    Error - 8/23/2012 1:02:48 AM | Computer Name = PAYSON1 | Source = Avira Antivirus | ID = 4122
    Description =

    [ System Events ]
    Error - 8/25/2012 1:27:43 AM | Computer Name = PAYSON1 | Source = Service Control Manager | ID = 7001
    Description = The DHCP Client service depends on the NetBios over Tcpip service
    which failed to start because of the following error: %%31

    Error - 8/25/2012 1:27:43 AM | Computer Name = PAYSON1 | Source = Service Control Manager | ID = 7001
    Description = The DNS Client service depends on the TCP/IP Protocol Driver service
    which failed to start because of the following error: %%31

    Error - 8/25/2012 1:27:43 AM | Computer Name = PAYSON1 | Source = Service Control Manager | ID = 7001
    Description = The TCP/IP NetBIOS Helper service depends on the AFD service which
    failed to start because of the following error: %%31

    Error - 8/25/2012 1:27:43 AM | Computer Name = PAYSON1 | Source = Service Control Manager | ID = 7001
    Description = The IPSEC Services service depends on the IPSEC driver service which
    failed to start because of the following error: %%31

    Error - 8/25/2012 1:27:43 AM | Computer Name = PAYSON1 | Source = Service Control Manager | ID = 7026
    Description = The following boot-start or system-start driver(s) failed to load:
    AFD avipbb avkmgr Fips intelppm IPSec MpFilter MRxSmb NetBIOS NetBT RasAcd Rdbss ssmdrv Tcpip

    Error - 8/25/2012 1:30:17 AM | Computer Name = PAYSON1 | Source = DCOM | ID = 10005
    Description = DCOM got error "%1084" attempting to start the service EventSystem
    with arguments "" in order to run the server: {1BE1F766-5536-11D1-B726-00C04FB926AF}

    Error - 8/25/2012 1:45:08 AM | Computer Name = PAYSON1 | Source = Microsoft Antimalware | ID = 2001
    Description =

    Error - 8/25/2012 2:55:10 PM | Computer Name = PAYSON1 | Source = Windows Update Agent | ID = 16
    Description = Unable to Connect: Windows is unable to connect to the automatic updates
    service and therefore cannot download and install updates according to the set
    schedule. Windows will continue to try to establish a connection.

    Error - 8/25/2012 2:59:58 PM | Computer Name = PAYSON1 | Source = PlugPlayManager | ID = 11
    Description = The device Root\LEGACY_32735317\0000 disappeared from the system without
    first being prepared for removal.

    Error - 8/25/2012 2:59:58 PM | Computer Name = PAYSON1 | Source = PlugPlayManager | ID = 11
    Description = The device Root\LEGACY_C4166FEC1E7746A1\0000 disappeared from the
    system without first being prepared for removal.


    < End of report >
     
  21. Broni

    Broni Malware Annihilator Posts: 52,898   +344

    Install ONE of these:
    - Avast! free antivirus: http://www.avast.com/eng/download-avast-home.html
    - free Microsoft Security Essentials: http://windows.microsoft.com/en-GB/windows/products/security-essentials
    - free Comodo Antivirus: http://www.comodo.com/home/internet-security/antivirus.php

    =============================

    Run OTL
    • Under the Custom Scans/Fixes box at the bottom, paste in the following

      Code:
      :OTL
      O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - No CLSID value found.
      O3 - HKU\S-1-5-21-47230063-2425660698-373674202-1005\..\Toolbar\WebBrowser: (no name) - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - No CLSID value found.
      O15 - HKU\S-1-5-21-47230063-2425660698-373674202-1005\..Trusted Domains: intuit.com ([ttlc] https in Trusted sites)
      [2012/08/21 20:13:34 | 000,035,144 | ---- | C] () -- C:\WINDOWS\System32\drivers\48230029.sys
      [2012/08/19 15:44:59 | 000,000,152 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\-xLLA5Z0mWJT9dor
      [2012/08/19 15:44:58 | 000,000,152 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\-xLLA5Z0mWJT9do
      [2011/07/28 11:43:24 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\{2C9DBDBB-2D80-410C-8699-A38A9E6168ED}
      [2011/07/28 11:43:57 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\{4E417984-0B3D-48F3-9FA4-E1ABB0DA51B7}
      [2011/07/28 11:43:47 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\{C243CCC8-5474-45FC-A546-7FBC284A692E}
      [2011/07/28 11:43:36 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\{F74FAF01-6ED9-4DAC-8BD2-E5F7C218B43C}
      
      
      :Services
      
      :Reg
      
      :Files
      C:\WINDOWS\Installer\{bdf6bac7-f87e-ad89-97e4-691403966828}
      C:\Documents and Settings\user1\Local Settings\Application Data\{bdf6bac7-f87e-ad89-97e4-691403966828}
      
      :Commands
      [purity]
      [emptytemp]
      [emptyjava]
      [emptyflash]
      [Reboot]
      
    • Then click the Run Fix button at the top
    • Let the program run unhindered, reboot the PC when it is done
    • You will get a log that shows the results of the fix. Please post it.

    NOTE. If for any reason OTL stalls (most likely at "killing processes..." step) run the fix from safe mode.

    ==================================

    Last scans...

    1. Download Security Check from HERE, and save it to your Desktop.
    • Double-click SecurityCheck.exe
    • Follow the onscreen instructions inside of the black box.
    • A Notepad document should open automatically called checkup.txt; please post the contents of that document.

      NOTE SecurityCheck may produce some false warning(s), so leave the results reading to me.

    2. Please download Farbar Service Scanner (FSS) and run it on the computer with the issue.
    • Make sure the following options are checked:
      • Internet Services
      • Windows Firewall
      • System Restore
      • Security Center
      • Windows Update
      • Windows Defender
    • Press "Scan".
    • It will create a log (FSS.txt) in the same directory the tool is run.
    • Please copy and paste the log to your reply.


    3. Download Temp File Cleaner (TFC)
    Alternate download: http://www.itxassociates.com/OT-Tools/TFC.exe
    • Double click on TFC.exe to run the program.
    • Click on Start button to begin cleaning process.
    • TFC will close all running programs, and it may ask you to restart computer.


    4. Please run a free online scan with the ESET Online Scanner

    • Disable your antivirus program
    • Tick the box next to YES, I accept the Terms of Use
    • Click Start
    • Accept any security warnings from your browser.
    • Check Scan archives
    • Click Start
    • ESET will then download updates for itself, install itself, and begin scanning your computer. Please be patient as this can take some time.
    • When the scan completes, click on List of found threats
    • Click on Export to text file , and save the file to your desktop using a unique name, such as ESETScan. Include the contents of this report in your next reply.
    • NOTE. If Eset won't find any threats, it won't produce any log.
     
  22. Deb Jones

    Deb Jones TS Rookie Topic Starter

    OTL Log:

    ��All processes killed
    ========== OTL ==========
    Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{5C255C8A-E604-49b4-9D64-90988571CECB}\ deleted successfully.
    Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{5C255C8A-E604-49b4-9D64-90988571CECB}\ not found.
    Registry value HKEY_USERS\S-1-5-21-47230063-2425660698-373674202-1005\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{21FA44EF-376D-4D53-9B0F-8A89D3229068} deleted successfully.
    Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{21FA44EF-376D-4D53-9B0F-8A89D3229068}\ not found.
    Registry key HKEY_USERS\S-1-5-21-47230063-2425660698-373674202-1005\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\intuit.com\ttlc\ deleted successfully.
    C:\WINDOWS\system32\drivers\48230029.sys moved successfully.
    C:\Documents and Settings\All Users\Application Data\-xLLA5Z0mWJT9dor moved successfully.
    C:\Documents and Settings\All Users\Application Data\-xLLA5Z0mWJT9do moved successfully.
    C:\Documents and Settings\All Users\Application Data\{2C9DBDBB-2D80-410C-8699-A38A9E6168ED} folder moved successfully.
    C:\Documents and Settings\All Users\Application Data\{4E417984-0B3D-48F3-9FA4-E1ABB0DA51B7} folder moved successfully.
    C:\Documents and Settings\All Users\Application Data\{C243CCC8-5474-45FC-A546-7FBC284A692E} folder moved successfully.
    C:\Documents and Settings\All Users\Application Data\{F74FAF01-6ED9-4DAC-8BD2-E5F7C218B43C} folder moved successfully.
    ========== SERVICES/DRIVERS ==========
    ========== REGISTRY ==========
    ========== FILES ==========
    C:\WINDOWS\Installer\{bdf6bac7-f87e-ad89-97e4-691403966828}\U folder moved successfully.
    C:\WINDOWS\Installer\{bdf6bac7-f87e-ad89-97e4-691403966828}\L folder moved successfully.
    C:\WINDOWS\Installer\{bdf6bac7-f87e-ad89-97e4-691403966828} folder moved successfully.
    C:\Documents and Settings\user1\Local Settings\Application Data\{bdf6bac7-f87e-ad89-97e4-691403966828}\U folder moved successfully.
    C:\Documents and Settings\user1\Local Settings\Application Data\{bdf6bac7-f87e-ad89-97e4-691403966828}\L folder moved successfully.
    C:\Documents and Settings\user1\Local Settings\Application Data\{bdf6bac7-f87e-ad89-97e4-691403966828} folder moved successfully.
    ========== COMMANDS ==========
    [EMPTYTEMP]
    User: Administrator
    ->Temp folder emptied: 0 bytes
    ->Temporary Internet Files folder emptied: 67 bytes
    ->Flash cache emptied: 789 bytes
    User: All Users
    User: Default User
    ->Temp folder emptied: 0 bytes
    ->Temporary Internet Files folder emptied: 33036 bytes
    ->Flash cache emptied: 321 bytes
    User: LocalService
    ->Temp folder emptied: 0 bytes
    ->Temporary Internet Files folder emptied: 3244099 bytes
    ->Flash cache emptied: 14597 bytes
    User: NetworkService
    ->Temp folder emptied: 0 bytes
    ->Temporary Internet Files folder emptied: 33170 bytes
    ->Flash cache emptied: 22842 bytes
    User: QBDataServiceUser18
    ->Temp folder emptied: 0 bytes
    ->Temporary Internet Files folder emptied: 67 bytes
    ->Flash cache emptied: 321 bytes
    User: user1
    ->Temp folder emptied: 32768 bytes
    ->Temporary Internet Files folder emptied: 1263596 bytes
    ->Java cache emptied: 0 bytes
    ->Flash cache emptied: 114976 bytes
    %systemdrive% .tmp files removed: 0 bytes
    %systemroot% .tmp files removed: 0 bytes
    %systemroot%\System32 .tmp files removed: 2577 bytes
    %systemroot%\System32\dllcache .tmp files removed: 0 bytes
    %systemroot%\System32\drivers .tmp files removed: 52480 bytes
    Windows Temp folder emptied: 439 bytes
    %systemroot%\system32\config\systemprofile\Local Settings\Temp folder emptied: 0 bytes
    %systemroot%\system32\config\systemprofile\Local Settings\Temporary Internet Files folder emptied: 33170 bytes
    RecycleBin emptied: 0 bytes
    Total Files Cleaned = 5.00 mb
    [EMPTYJAVA]
    User: Administrator
    User: All Users
    User: Default User
    User: LocalService
    User: NetworkService
    User: QBDataServiceUser18
    User: user1
    ->Java cache emptied: 0 bytes
    Total Java Files Cleaned = 0.00 mb
    [EMPTYFLASH]
    User: Administrator
    ->Flash cache emptied: 0 bytes
    User: All Users
    User: Default User
    ->Flash cache emptied: 0 bytes
    User: LocalService
    ->Flash cache emptied: 0 bytes
    User: NetworkService
    ->Flash cache emptied: 0 bytes
    User: QBDataServiceUser18
    ->Flash cache emptied: 0 bytes
    User: user1
    ->Flash cache emptied: 0 bytes
    Total Flash Files Cleaned = 0.00 mb
    OTL by OldTimer - Version 3.2.58.1 log created on 08252012_201204
    Files\Folders moved on Reboot...
    PendingFileRenameOperations files...
    Registry entries deleted on Reboot...
     
  23. Deb Jones

    Deb Jones TS Rookie Topic Starter

    Security Check:

    Results of screen317's Security Check version 0.99.46
    Windows XP Service Pack 3 x86
    Internet Explorer 8
    ``````````````Antivirus/Firewall Check:``````````````
    Windows Firewall Enabled!
    Please wait while WMIC is being installed.
    WMI entry may not exist for antivirus; attempting automatic update.
    `````````Anti-malware/Other Utilities Check:`````````
    Malwarebytes Anti-Malware version 1.60.1.1000
    Java(TM) 6 Update 13
    Java version out of Date!
    Adobe Reader 9 Adobe Reader out of Date!
    ````````Process Check: objlist.exe by Laurent````````
    `````````````````System Health check`````````````````
    Total Fragmentation on Drive C:: 15% Defragment your hard drive soon! (Do NOT defrag if SSD!)
    ````````````````````End of Log``````````````````````
    ----------------------------------------------------------------------------------
    FARBAR:
    Farbar Service Scanner Version: 06-08-2012
    Ran by user1 (administrator) on 25-08-2012 at 20:18:59
    Running from "C:\Documents and Settings\user1\Desktop"
    Microsoft Windows XP Professional Service Pack 3 (X86)
    Boot Mode: Normal
    ****************************************************************
    Internet Services:
    ============
    Connection Status:
    ==============
    Localhost is accessible.
    There is no connection to network.
    Attempt to access Google IP returned error: Google IP is unreachable
    Attempt to access Google.com returned error: Other errors
    Attempt to access Yahoo IP returned error: Yahoo IP is unreachable
    Attempt to access Yahoo.com returned error: Other errors
    Windows Firewall:
    =============
    Firewall Disabled Policy:
    ==================
    System Restore:
    ============
    System Restore Disabled Policy:
    ========================
    Security Center:
    ============
    Windows Update:
    ============
    BITS Service is not running. Checking service configuration:
    Checking Start type: ATTENTION!=====> Unable to retrieve start type of BITS. The value does not exist.
    The ImagePath of BITS service is OK.
    The ServiceDll of BITS service is OK.
    Windows Autoupdate Disabled Policy:
    ============================
    File Check:
    ========
    C:\WINDOWS\system32\dhcpcsvc.dll => MD5 is legit
    C:\WINDOWS\system32\Drivers\afd.sys => MD5 is legit
    C:\WINDOWS\system32\Drivers\netbt.sys => MD5 is legit
    C:\WINDOWS\system32\Drivers\tcpip.sys => MD5 is legit
    C:\WINDOWS\system32\Drivers\ipsec.sys => MD5 is legit
    C:\WINDOWS\system32\dnsrslvr.dll => MD5 is legit
    C:\WINDOWS\system32\ipnathlp.dll => MD5 is legit
    C:\WINDOWS\system32\netman.dll => MD5 is legit
    C:\WINDOWS\system32\wbem\WMIsvc.dll => MD5 is legit
    C:\WINDOWS\system32\srsvc.dll => MD5 is legit
    C:\WINDOWS\system32\Drivers\sr.sys => MD5 is legit
    C:\WINDOWS\system32\wscsvc.dll => MD5 is legit
    C:\WINDOWS\system32\wbem\WMIsvc.dll => MD5 is legit
    C:\WINDOWS\system32\wuauserv.dll => MD5 is legit
    C:\WINDOWS\system32\qmgr.dll => MD5 is legit
    C:\WINDOWS\system32\es.dll => MD5 is legit
    C:\WINDOWS\system32\cryptsvc.dll => MD5 is legit
    C:\WINDOWS\system32\svchost.exe => MD5 is legit
    C:\WINDOWS\system32\rpcss.dll => MD5 is legit
    C:\WINDOWS\system32\services.exe => MD5 is legit
    Extra List:
    =======
    Gpc(6) IPSec(4) NetBT(5) PSched(7) Tcpip(3)
    0x0C0000000C0000000400000001000000020000000300000008000000050000000600000007000000090000000A0000000B000000
    **** End of log ****
    --------------------------------------------------------------------------------
    ESETscan
    C:\TDSSKiller_Quarantine\24.08.2012_22.10.10\necurs0000\svc0000\tsk0000.dtaa variant of Win32/Rootkit.Kryptik.OC trojancleaned by deleting - quarantined
    C:\TDSSKiller_Quarantine\24.08.2012_22.32.27\mbr0000\tdlfs0000\tsk0005.dtaa variant of Win32/Olmasco.O trojancleaned by deleting - quarantined
    C:\TDSSKiller_Quarantine\24.08.2012_22.32.27\mbr0000\tdlfs0000\tsk0006.dtaWin64/Olmasco.Y trojancleaned by deleting - quarantined
    C:\TDSSKiller_Quarantine\24.08.2012_22.32.27\mbr0000\tdlfs0000\tsk0007.dtaWin32/Olmasco.O trojancleaned by deleting - quarantined
    C:\TDSSKiller_Quarantine\24.08.2012_22.32.27\mbr0000\tdlfs0000\tsk0008.dtaWin64/Olmasco.X trojancleaned by deleting - quarantined
    C:\TDSSKiller_Quarantine\24.08.2012_22.32.27\mbr0000\tdlfs0000\tsk0009.dtaa variant of Win32/Olmasco.O trojancleaned by deleting - quarantined
    C:\TDSSKiller_Quarantine\24.08.2012_22.32.27\mbr0000\tdlfs0000\tsk0010.dtaWin64/Olmasco.AA trojancleaned by deleting - quarantined
    C:\TDSSKiller_Quarantine\24.08.2012_22.32.27\mbr0000\tdlfs0000\tsk0011.dtaWin32/Olmasco.Q trojancleaned by deleting - quarantined
    C:\TDSSKiller_Quarantine\24.08.2012_22.32.27\mbr0000\tdlfs0000\tsk0012.dtaWin64/Olmasco.X trojancleaned by deleting - quarantined
    C:\TDSSKiller_Quarantine\24.08.2012_22.32.27\mbr0000\tdlfs0000\tsk0014.dtaWin32/Olmasco.AA trojancleaned by deleting - quarantined
    C:\TDSSKiller_Quarantine\24.08.2012_22.32.27\mbr0000\tdlfs0000\tsk0015.dtaWin64/Olmasco.Z trojancleaned by deleting - quarantined
     
  24. Broni

    Broni Malware Annihilator Posts: 52,898   +344

    You didn't install any AV program yet.
    Please follow all of my instructions.

    =================================

    Update Adobe Reader

    You can download it from http://www.adobe.com/products/acrobat/readstep2.html
    After installing the latest Adobe Reader, uninstall all previous versions (if present).
    Note. If you already have Adobe Photoshop® Album Starter Edition installed or do not wish to have it installed UNcheck the box which says Also Download Adobe Photoshop® Album Starter Edition.

    Alternatively, you can uninstall Adobe Reader (33.5 MB), download and install Foxit PDF Reader(3.5MB) from HERE.
    It's a much smaller file to download and uses a lot less resources than Adobe Reader.
    Note: When installing FoxitReader, make sure to UN-check any pre-checked toolbar, or any other garbage.

    ===================================

    1. Update your Java version here: http://www.java.com/en/download/installed.jsp

    Note 1: UNCHECK any pre-checked toolbar and/or software offered with the Java update. The pre-checked toolbars/software are not part of the Java update.

    Note 2: The Java Quick Starter (JQS.exe) adds a service to improve the initial startup time of Java applets and applications. If you don't want to run another extra service, go to Start > Control Panel > Java > Advanced > Miscellaneous and uncheck the box for Java Quick Starter. Click OK and restart your computer.

    2. Now, we need to remove old Java version and its remnants...

    Download JavaRa to your desktop and unzip it.
    • Run JavaRa.exe (Vista users! Right click on JavaRa.exe, click Run As Administrator), pick the language of your choice and click Select. Then click Remove Older Versions.
    • Accept any prompts.
    • Do NOT post JavaRa log.

    ======================================

    We have one corrupted registry key affecting Windows updates.

    Following steps involve registry editing. Please create new restore point before proceeding!!!
    How to:
    XP - http://support.microsoft.com/kb/948247
    Vista and Seven - http://www.howtogeek.com/howto/wind...tore-point-for-windows-vistas-system-restore/


    Download following registry file: http://download.bleepingcomputer.com/win-services/xp/BITS.reg
    Double click on downloaded file and confirm the prompt.
    Restart computer.
    Post new FSS log.
     
  25. Deb Jones

    Deb Jones TS Rookie Topic Starter

    from login to desktop now takes over 1.5 mins. Pasted is new FSS log:

    Farbar Service Scanner Version: 06-08-2012
    Ran by user1 (administrator) on 25-08-2012 at 22:07:11
    Running from "C:\Documents and Settings\user1\Desktop"
    Microsoft Windows XP Professional Service Pack 3 (X86)
    Boot Mode: Normal
    ****************************************************************

    Internet Services:
    ============

    Connection Status:
    ==============
    Localhost is accessible.
    LAN connected.
    Google IP is accessible.
    Google.com is accessible.
    Yahoo IP is accessible.
    Yahoo.com is accessible.


    Windows Firewall:
    =============

    Firewall Disabled Policy:
    ==================


    System Restore:
    ============

    System Restore Disabled Policy:
    ========================


    Security Center:
    ============

    Windows Update:
    ============

    Windows Autoupdate Disabled Policy:
    ============================


    File Check:
    ========
    C:\WINDOWS\system32\dhcpcsvc.dll => MD5 is legit
    C:\WINDOWS\system32\Drivers\afd.sys => MD5 is legit
    C:\WINDOWS\system32\Drivers\netbt.sys => MD5 is legit
    C:\WINDOWS\system32\Drivers\tcpip.sys => MD5 is legit
    C:\WINDOWS\system32\Drivers\ipsec.sys => MD5 is legit
    C:\WINDOWS\system32\dnsrslvr.dll => MD5 is legit
    C:\WINDOWS\system32\ipnathlp.dll => MD5 is legit
    C:\WINDOWS\system32\netman.dll => MD5 is legit
    C:\WINDOWS\system32\wbem\WMIsvc.dll => MD5 is legit
    C:\WINDOWS\system32\srsvc.dll => MD5 is legit
    C:\WINDOWS\system32\Drivers\sr.sys => MD5 is legit
    C:\WINDOWS\system32\wscsvc.dll => MD5 is legit
    C:\WINDOWS\system32\wbem\WMIsvc.dll => MD5 is legit
    C:\WINDOWS\system32\wuauserv.dll => MD5 is legit
    C:\WINDOWS\system32\qmgr.dll => MD5 is legit
    C:\WINDOWS\system32\es.dll => MD5 is legit
    C:\WINDOWS\system32\cryptsvc.dll => MD5 is legit
    C:\WINDOWS\system32\svchost.exe => MD5 is legit
    C:\WINDOWS\system32\rpcss.dll => MD5 is legit
    C:\WINDOWS\system32\services.exe => MD5 is legit

    Extra List:
    =======
    Gpc(6) IPSec(4) NetBT(5) PSched(7) Tcpip(3)
    0x0C0000000C0000000400000001000000020000000300000008000000050000000600000007000000090000000A0000000B000000


    **** End of log ****
     

Similar Topics

Add New Comment

You need to be a member to leave a comment. Join thousands of tech enthusiasts and participate.
TechSpot Account You may also...