TechSpot

Help! Search redirect, Win firewall disabled

By clawton8
Aug 30, 2011
  1. Hello,
    I caught a nasty trojan yesterday that Malwarebytes detected and removed. However, I'm still having issues apparently because searches in IE or Firefox are being re-directed to random sites. Also, Windows firewall is disabled and i'm not able to re-enabled. Just says "Windows Firewall can't change some of your settings. Error code 0x8007042." I assume the two are related.

    Malwarebytes does not catch anything as well as other program scans. Rkill can't run because it states installation failed and pev process times out.

    MBam log...

    Malwarebytes' Anti-Malware 1.51.1.1800
    www.malwarebytes.org

    Database version: 7610

    Windows 6.1.7600
    Internet Explorer 8.0.7600.16385

    8/30/2011 10:24:44 AM
    mbam-log-2011-08-30 (10-24-44).txt

    Scan type: Quick scan
    Objects scanned: 237983
    Time elapsed: 3 minute(s), 26 second(s)

    Memory Processes Infected: 0
    Memory Modules Infected: 0
    Registry Keys Infected: 0
    Registry Values Infected: 0
    Registry Data Items Infected: 0
    Folders Infected: 0
    Files Infected: 0

    Memory Processes Infected:
    (No malicious items detected)

    Memory Modules Infected:
    (No malicious items detected)

    Registry Keys Infected:
    (No malicious items detected)

    Registry Values Infected:
    (No malicious items detected)

    Registry Data Items Infected:
    (No malicious items detected)

    Folders Infected:
    (No malicious items detected)

    Files Infected:
    (No malicious items detected)
     
  2. clawton8

    clawton8 TS Rookie Topic Starter Posts: 16

    Hijackthis log file

    Logfile of Trend Micro HijackThis v2.0.4
    Scan saved at 11:30:53 AM, on 8/30/2011
    Platform: Windows 7 (WinNT 6.00.3504)
    MSIE: Internet Explorer v8.00 (8.00.7600.16839)
    Boot mode: Normal

    Running processes:
    C:\Program Files (x86)\Symantec\Symantec Endpoint Protection\ProtectionUtilSurrogate.exe
    C:\Program Files (x86)\Input Director\InputDirector.exe
    C:\Program Files (x86)\Microsoft Office\Office14\MSOSYNC.EXE
    C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe
    C:\Program Files (x86)\Adobe\Acrobat 9.0\Acrobat\acrotray.exe
    C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe
    C:\Program Files (x86)\CyberLink\PowerDVD DX\PDVDDXSrv.exe
    D:\Program Files (x86)\Dell\Reader 2.1\DellBtrEvent.exe
    C:\Program Files (x86)\Iron Mountain\Connected BackupPC\Agent.exe
    C:\Program Files (x86)\Common Files\Symantec Shared\ccApp.exe
    C:\Program Files (x86)\Microsoft Office Communicator\communicator.exe
    C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
    C:\Program Files (x86)\Elaborate Bytes\VirtualCloneDrive\VCDDaemon.exe
    C:\Program Files (x86)\HP\ToolboxFX\bin\HPTLBXFX.exe
    C:\Program Files (x86)\HP\HP Software Update\hpwuschd2.exe
    C:\Program Files (x86)\VMware\VMware Workstation\vmware-tray.exe
    C:\Program Files (x86)\Razer\Copperhead\razerhid.exe
    C:\Program Files (x86)\Razer\Copperhead\razerofa.exe
    C:\Program Files (x86)\MMTaskbar\MultiMon.exe
    C:\Program Files (x86)\Microsoft Office\Office14\OUTLOOK.EXE
    C:\Program Files (x86)\Mozilla Firefox\firefox.exe
    C:\Program Files (x86)\Mozilla Firefox\plugin-container.exe
    F:\HijackThis.exe

    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = Preserve
    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://g.msn.com/USREL/1
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
    R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
    R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
    R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
    R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
    F2 - REG:system.ini: UserInit=userinit.exe,
    O2 - BHO: HP Print Enhancer - {0347C33E-8762-4905-BF09-768834316C61} - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_printenhancer.dll
    O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
    O2 - BHO: Search Helper - {6EBF7485-159F-4bff-A14F-B9E3AAC4465B} - C:\Program Files (x86)\Microsoft\Search Enhancement Pack\Search Helper\SEPsearchhelperie.dll
    O2 - BHO: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
    O2 - BHO: Adobe PDF Conversion Toolbar Helper - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll
    O2 - BHO: URLRedirectionBHO - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\PROGRA~2\MIF5BA~1\Office14\URLREDIR.DLL
    O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll
    O2 - BHO: SmartSelect - {F4971EE7-DAA0-4053-9964-665D8EE6A077} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll
    O2 - BHO: HP Smart BHO Class - {FFFFFFFF-CF4E-4F2B-BDC2-0E72E116A856} - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll
    O3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll
    O4 - HKLM\..\Run: [IAStorIcon] C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe
    O4 - HKLM\..\Run: [IMSS] "C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IMSS\PIconStartup.exe"
    O4 - HKLM\..\Run: [Adobe Acrobat Speed Launcher] "C:\Program Files (x86)\Adobe\Acrobat 9.0\Acrobat\Acrobat_sl.exe"
    O4 - HKLM\..\Run: [Acrobat Assistant 8.0] "C:\Program Files (x86)\Adobe\Acrobat 9.0\Acrobat\Acrotray.exe"
    O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
    O4 - HKLM\..\Run: [PDVDDXSrv] "C:\Program Files (x86)\CyberLink\PowerDVD DX\PDVDDXSrv.exe"
    O4 - HKLM\..\Run: [DellBtrEvent] D:\Program Files (x86)\Dell\Reader 2.1\DellBtrEvent.exe
    O4 - HKLM\..\Run: [AgentUiRunKey] "C:\Program Files (x86)\Iron Mountain\Connected BackupPC\Agent.exe" -ni -sss -e http://localhost:16386/
    O4 - HKLM\..\Run: [ccApp] "C:\Program Files (x86)\Common Files\Symantec Shared\ccApp.exe"
    O4 - HKLM\..\Run: [Communicator] "C:\Program Files (x86)\Microsoft Office Communicator\communicator.exe" /fromrunkey
    O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
    O4 - HKLM\..\Run: [VirtualCloneDrive] "C:\Program Files (x86)\Elaborate Bytes\VirtualCloneDrive\VCDDaemon.exe" /s
    O4 - HKLM\..\Run: [ToolboxFX] "C:\Program Files (x86)\HP\ToolboxFX\bin\HPTLBXFX.exe" /enum:eek:n /alerts:eek:n /notifications:eek:n /fl:eek:n /fr:eek:n /appData:eek:n /tmcp:eek:n
    O4 - HKLM\..\Run: [HP Software Update] C:\Program Files (x86)\Hp\HP Software Update\HPWuSchd2.exe
    O4 - HKLM\..\Run: [vmware-tray] "C:\Program Files (x86)\VMware\VMware Workstation\vmware-tray.exe"
    O4 - HKLM\..\Run: [Copperhead] C:\Program Files (x86)\Razer\Copperhead\razerhid.exe
    O4 - HKCU\..\Run: [InputDirector] "C:\Program Files (x86)\Input Director\InputDirector.exe" /hide
    O4 - HKCU\..\Run: [OfficeSyncProcess] "C:\Program Files (x86)\Microsoft Office\Office14\MSOSYNC.EXE"
    O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'LOCAL SERVICE')
    O4 - HKUS\S-1-5-19\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'LOCAL SERVICE')
    O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'NETWORK SERVICE')
    O4 - HKUS\S-1-5-20\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'NETWORK SERVICE')
    O4 - HKUS\S-1-5-21-2461117910-443251094-762063991-1006\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'postgres')
    O4 - HKUS\S-1-5-21-2461117910-443251094-762063991-1006\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'postgres')
    O4 - Startup: Dropbox.lnk = C:\Users\charles.lawton\AppData\Roaming\Dropbox\bin\Dropbox.exe
    O4 - Global Startup: Bluetooth.lnk = ?
    O4 - Global Startup: Dell ControlPoint System Manager.lnk = C:\Program Files\Dell\Dell ControlPoint\System Manager\DCPSysMgr.exe
    O4 - Global Startup: TdmNotify.lnk = C:\Program Files\Wave Systems Corp\Trusted Drive Manager\TdmNotify.exe
    O4 - Global Startup: vpngui.exe.lnk = ?
    O9 - Extra button: @C:\Program Files (x86)\Windows Live\Writer\WindowsLiveWriterShortcuts.dll,-1004 - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll
    O9 - Extra 'Tools' menuitem: @C:\Program Files (x86)\Windows Live\Writer\WindowsLiveWriterShortcuts.dll,-1003 - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll
    O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIE.dll
    O9 - Extra 'Tools' menuitem: Se&nd to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIE.dll
    O9 - Extra button: OneNote Lin&ked Notes - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIELinkedNotes.dll
    O9 - Extra 'Tools' menuitem: OneNote Lin&ked Notes - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIELinkedNotes.dll
    O9 - Extra button: Send To Bluetooth - {CCA281CA-C863-46ef-9331-5C8D4460577F} - c:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm (file missing)
    O9 - Extra 'Tools' menuitem: Send to &Bluetooth Device... - {CCA281CA-C863-46ef-9331-5C8D4460577F} - c:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm (file missing)
    O9 - Extra button: Show or hide HP Smart Web Printing - {DDE87865-83C5-48c4-8357-2F5B1AA84522} - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll
    O10 - Unknown file in Winsock LSP: c:\program files (x86)\common files\microsoft shared\windows live\wlidnsp.dll
    O10 - Unknown file in Winsock LSP: c:\program files (x86)\common files\microsoft shared\windows live\wlidnsp.dll
    O10 - Unknown file in Winsock LSP: c:\program files (x86)\vmware\vmware workstation\vsocklib.dll
    O10 - Unknown file in Winsock LSP: c:\program files (x86)\vmware\vmware workstation\vsocklib.dll
    O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
    O17 - HKLM\System\CCS\Services\Tcpip\Parameters: Domain = glasshousetech.com
    O17 - HKLM\System\CS1\Services\Tcpip\Parameters: Domain = glasshousetech.com
    O17 - HKLM\System\CS2\Services\Tcpip\Parameters: Domain = glasshousetech.com
    O18 - Protocol: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files (x86)\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll
    O18 - Filter hijack: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE14\MSOXMLMF.DLL
    O23 - Service: Andrea ST Filters Service (AESTFilters) - Andrea Electronics Corporation - C:\Program Files\IDT\WDM\AESTSr64.exe
    O23 - Service: AgentService - Iron Mountain Incorporated - C:\Program Files (x86)\Iron Mountain\Connected BackupPC\AgentService.exe
    O23 - Service: @%SystemRoot%\system32\Alg.exe,-112 (ALG) - Unknown owner - C:\Windows\System32\alg.exe (file missing)
    O23 - Service: Dell ControlPoint Button Service (buttonsvc64) - Dell Inc. - c:\Program Files\Dell\Dell ControlPoint\DCPButtonSvc.exe
    O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files (x86)\Common Files\Symantec Shared\ccSvcHst.exe
    O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files (x86)\Common Files\Symantec Shared\ccSvcHst.exe
    O23 - Service: Credential Vault Host Control Service - Broadcom Corporation - C:\Program Files\Broadcom Corporation\Broadcom USH Host Components\CV\bin\HostControlService.exe
    O23 - Service: Credential Vault Host Storage - Broadcom Corporation - C:\Program Files\Broadcom Corporation\Broadcom USH Host Components\CV\bin\HostStorageService.exe
    O23 - Service: Cisco Systems, Inc. VPN Service (CVPND) - Cisco Systems, Inc. - C:\Program Files (x86)\Cisco Systems\VPN Client\cvpnd.exe
    O23 - Service: Dell ControlPoint System Manager (dcpsysmgrsvc) - Dell Inc. - c:\Program Files\Dell\Dell ControlPoint\System Manager\DCPSysMgrSvc.exe
    O23 - Service: DeviceVM Meta Data Export Service (DvmMDES) - DeviceVM, Inc. - D:\Program Files (x86)\Dell\Reader 2.1\DVMExportService.exe
    O23 - Service: @%SystemRoot%\system32\efssvc.dll,-100 (EFS) - Unknown owner - C:\Windows\System32\lsass.exe (file missing)
    O23 - Service: Intel(R) PROSet/Wireless Event Log (EvtEng) - Intel(R) Corporation - C:\Program Files\Intel\WiFi\bin\EvtEng.exe
    O23 - Service: @%systemroot%\system32\fxsresm.dll,-118 (Fax) - Unknown owner - C:\Windows\system32\fxssvc.exe (file missing)
    O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files (x86)\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
    O23 - Service: HP LaserJet Service - HP - C:\Program Files (x86)\HP\HPLaserJetService\HPLaserJetService.exe
    O23 - Service: Intel(R) Rapid Storage Technology (IAStorDataMgrSvc) - Intel Corporation - C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe
    O23 - Service: iClarityQoSService - Avaya Inc. - C:\Program Files (x86)\Avaya\Avaya one-X Communicator\QosServM.exe
    O23 - Service: Input Director Vista Service (IDVistaService) - Unknown owner - C:\Program Files (x86)\Input Director\IDVistaService.exe
    O23 - Service: Input Director Service (InputDirector) - Unknown owner - C:\Program Files (x86)\Input Director\IDWinService.exe
    O23 - Service: FF Install Filter Service (InstallFilterService) - Unknown owner - C:\Program Files (x86)\STMicroelectronics\AccelerometerP11\InstallFilterService.exe
    O23 - Service: @keyiso.dll,-100 (KeyIso) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
    O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~2\Symantec\LIVEUP~1\LUCOMS~1.EXE
    O23 - Service: Intel(R) Management and Security Application Local Management Service (LMS) - Intel Corporation - C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
    O23 - Service: @comres.dll,-2797 (MSDTC) - Unknown owner - C:\Windows\System32\msdtc.exe (file missing)
    O23 - Service: @%SystemRoot%\System32\netlogon.dll,-102 (Netlogon) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
    O23 - Service: PostgreSQL Database Server 8.2 (pgsql-8.2) - PostgreSQL Global Development Group - C:\Program Files (x86)\PostgreSQL\8.2\bin\pg_ctl.exe
    O23 - Service: @%systemroot%\system32\psbase.dll,-300 (ProtectedStorage) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
    O23 - Service: @%SystemRoot%\system32\qwave.dll,-1 (QWAVE) - Unknown owner - C:\Windows\
    O23 - Service: Intel(R) PROSet/Wireless Registry Service (RegSrvc) - Intel(R) Corporation - C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe
    O23 - Service: @%systemroot%\system32\Locator.exe,-2 (RpcLocator) - Unknown owner - C:\Windows\system32\locator.exe (file missing)
    O23 - Service: @%SystemRoot%\system32\samsrv.dll,-1 (SamSs) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
    O23 - Service: @%SystemRoot%\system32\seclogon.dll,-7001 (seclogon) - Unknown owner - C:\Windows\
    O23 - Service: SecureStorageService - Wave Systems Corp. - C:\Program Files\Wave Systems Corp\Secure Storage Manager\SecureStorageService.exe
    O23 - Service: Symantec Management Client (SmcService) - Symantec Corporation - C:\Program Files (x86)\Symantec\Symantec Endpoint Protection\Smc.exe
    O23 - Service: @%SystemRoot%\system32\snmptrap.exe,-3 (SNMPTRAP) - Unknown owner - C:\Windows\System32\snmptrap.exe (file missing)
    O23 - Service: @%systemroot%\system32\spoolsv.exe,-1 (Spooler) - Unknown owner - C:\Windows\System32\spoolsv.exe (file missing)
    O23 - Service: @%SystemRoot%\system32\sppsvc.exe,-101 (sppsvc) - Unknown owner - C:\Windows\system32\sppsvc.exe (file missing)
    O23 - Service: @%SystemRoot%\system32\stlang64.dll,-10101 (STacSV) - IDT, Inc. - C:\Program Files\IDT\WDM\STacSV64.exe
    O23 - Service: stllssvr - MicroVision Development, Inc. - C:\Program Files (x86)\Common Files\SureThing Shared\stllssvr.exe
    O23 - Service: Symantec Endpoint Protection (Symantec AntiVirus) - Symantec Corporation - C:\Program Files (x86)\Symantec\Symantec Endpoint Protection\Rtvscan.exe
    O23 - Service: NTRU TSS v1.2.1.29 TCS (tcsd_win32.exe) - Unknown owner - C:\Program Files (x86)\NTRU Cryptosystems\NTRU TCG Software Stack\bin\tcsd_win32.exe
    O23 - Service: TdmService - Wave Systems Corp. - C:\Program Files\Wave Systems Corp\Trusted Drive Manager\TdmService.exe
    O23 - Service: VMware Agent Service (ufad-ws60) - VMware, Inc. - C:\Program Files (x86)\VMware\VMware Workstation\vmware-ufad.exe
    O23 - Service: @%SystemRoot%\system32\ui0detect.exe,-101 (UI0Detect) - Unknown owner - C:\Windows\system32\UI0Detect.exe (file missing)
    O23 - Service: Intel(R) Management & Security Application User Notification Service (UNS) - Intel Corporation - C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe
    O23 - Service: @%SystemRoot%\system32\vaultsvc.dll,-1003 (VaultSvc) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
    O23 - Service: @%SystemRoot%\system32\vds.exe,-100 (vds) - Unknown owner - C:\Windows\System32\vds.exe (file missing)
    O23 - Service: VMware Authorization Service (VMAuthdService) - VMware, Inc. - C:\Program Files (x86)\VMware\VMware Workstation\vmware-authd.exe
    O23 - Service: VMware DHCP Service (VMnetDHCP) - VMware, Inc. - C:\Windows\system32\vmnetdhcp.exe
    O23 - Service: VMware USB Arbitration Service (VMUSBArbService) - VMware, Inc. - C:\Program Files (x86)\Common Files\VMware\USB\vmware-usbarbitrator.exe
    O23 - Service: VMware NAT Service - VMware, Inc. - C:\Windows\system32\vmnat.exe
    O23 - Service: @%systemroot%\system32\vssvc.exe,-102 (VSS) - Unknown owner - C:\Windows\system32\vssvc.exe (file missing)
    O23 - Service: @%SystemRoot%\system32\Wat\WatUX.exe,-601 (WatAdminSvc) - Unknown owner - C:\Windows\system32\Wat\WatAdminSvc.exe (file missing)
    O23 - Service: @%systemroot%\system32\wbengine.exe,-104 (wbengine) - Unknown owner - C:\Windows\system32\wbengine.exe (file missing)
    O23 - Service: @%Systemroot%\system32\wbem\wmiapsrv.exe,-110 (wmiApSrv) - Unknown owner - C:\Windows\system32\wbem\WmiApSrv.exe (file missing)
    O23 - Service: @%PROGRAMFILES%\Windows Media Player\wmpnetwk.exe,-101 (WMPNetworkSvc) - Unknown owner - C:\Program Files (x86)\Windows Media Player\wmpnetwk.exe (file missing)

    --
    End of file - 17579 bytes
     
  3. clawton8

    clawton8 TS Rookie Topic Starter Posts: 16

    QMER log

    GMER 1.0.15.15641 - http://www.gmer.net
    Rootkit scan 2011-08-30 12:01:40
    Windows 6.1.7600
    Running: ny6d6vme.exe


    ---- Registry - GMER 1.0.15 ----

    Reg HKLM\SYSTEM\CurrentControlSet\services\BTHPORT\Parameters\Keys\1c659d04126a
    Reg HKLM\SYSTEM\CurrentControlSet\services\BTHPORT\Parameters\Keys\1c659d04126a@00237f14416b 0xF5 0x32 0x1D 0x9D ...
    Reg HKLM\SYSTEM\CurrentControlSet\services\BTHPORT\Parameters\Keys\1c659d041580
    Reg HKLM\SYSTEM\CurrentControlSet\services\BTHPORT\Parameters\Keys\1c659d041580@00237f14416b 0x73 0x8E 0x4B 0xC9 ...
    Reg HKLM\SYSTEM\ControlSet002\services\BTHPORT\Parameters\Keys\1c659d04126a (not active ControlSet)
    Reg HKLM\SYSTEM\ControlSet002\services\BTHPORT\Parameters\Keys\1c659d04126a@00237f14416b 0xF5 0x32 0x1D 0x9D ...
    Reg HKLM\SYSTEM\ControlSet002\services\BTHPORT\Parameters\Keys\1c659d041580 (not active ControlSet)
    Reg HKLM\SYSTEM\ControlSet002\services\BTHPORT\Parameters\Keys\1c659d041580@00237f14416b 0x73 0x8E 0x4B 0xC9 ...

    ---- EOF - GMER 1.0.15 ----
     
  4. clawton8

    clawton8 TS Rookie Topic Starter Posts: 16

    DDS logs

    DDS.txt...

    .
    DDS (Ver_2011-08-26.01) - NTFSAMD64
    Internet Explorer: 8.0.7600.16385 BrowserJavaVersion: 1.6.0_21
    Run by charles.lawton at 12:02:28 on 2011-08-30
    Microsoft Windows 7 Professional 6.1.7600.0.1252.1.1033.18.5942.2979 [GMT -4:00]
    .
    AV: Symantec Endpoint Protection *Enabled/Updated* {88C95A36-8C3B-2F2C-1B8B-30FCCFDC4855}
    SP: Windows Defender *Enabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
    SP: Symantec Endpoint Protection *Enabled/Updated* {33A8BBD2-AA01-20A2-213B-0B8EB45B02E8}
    .
    ============== Running Processes ===============
    .
    C:\Windows\system32\wininit.exe
    C:\Windows\system32\lsm.exe
    C:\Windows\system32\svchost.exe -k DcomLaunch
    C:\Windows\system32\svchost.exe -k RPCSS
    C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
    C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
    C:\Windows\system32\svchost.exe -k netsvcs
    C:\Program Files\IDT\WDM\STacSV64.exe
    C:\Windows\system32\svchost.exe -k LocalService
    C:\Windows\system32\WUDFHost.exe
    C:\Program Files (x86)\Symantec\Symantec Endpoint Protection\Smc.exe
    C:\Windows\system32\svchost.exe -k NetworkService
    C:\Windows\system32\WLANExt.exe
    C:\Program Files (x86)\Common Files\Symantec Shared\ccSvcHst.exe
    C:\Windows\system32\conhost.exe
    C:\Windows\System32\spoolsv.exe
    C:\Program Files\Broadcom Corporation\Broadcom USH Host Components\CV\bin\HostControlService.exe
    C:\Program Files\Broadcom Corporation\Broadcom USH Host Components\CV\bin\HostStorageService.exe
    C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
    C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
    C:\Program Files\Wave Systems Corp\Trusted Drive Manager\TdmService.exe
    C:\Program Files\IDT\WDM\AESTSr64.exe
    C:\Program Files (x86)\Iron Mountain\Connected BackupPC\AgentService.exe
    C:\Program Files (x86)\Cisco Systems\VPN Client\cvpnd.exe
    D:\Program Files (x86)\Dell\Reader 2.1\DVMExportService.exe
    C:\Program Files (x86)\HP\HPLaserJetService\HPLaserJetService.exe
    C:\Program Files (x86)\Avaya\Avaya one-X Communicator\QosServM.exe
    C:\Program Files (x86)\Input Director\IDWinService.exe
    C:\Program Files (x86)\STMicroelectronics\AccelerometerP11\InstallFilterService.exe
    C:\Program Files (x86)\Input Director\InputDirectorSessionHelper.exe
    C:\Program Files (x86)\PostgreSQL\8.2\bin\pg_ctl.exe
    C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe
    C:\Windows\system32\svchost.exe -k regsvc
    C:\Program Files (x86)\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
    C:\Program Files (x86)\PostgreSQL\8.2\bin\postgres.exe
    C:\Windows\system32\conhost.exe
    C:\Program Files (x86)\PostgreSQL\8.2\bin\postgres.exe
    C:\Program Files (x86)\PostgreSQL\8.2\bin\postgres.exe
    C:\Program Files (x86)\PostgreSQL\8.2\bin\postgres.exe
    C:\Windows\system32\svchost.exe -k imgsvc
    C:\Program Files (x86)\Symantec\Symantec Endpoint Protection\Rtvscan.exe
    C:\Program Files (x86)\Common Files\VMware\USB\vmware-usbarbitrator.exe
    C:\Windows\SysWOW64\vmnat.exe
    C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
    c:\Program Files\Dell\Dell ControlPoint\DCPButtonSvc.exe
    C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
    c:\Program Files\Dell\Dell ControlPoint\System Manager\DCPSysMgrSvc.exe
    C:\Program Files\Intel\WiFi\bin\EvtEng.exe
    C:\Windows\system32\wbem\unsecapp.exe
    C:\Windows\system32\wbem\wmiprvse.exe
    C:\Program Files (x86)\VMware\VMware Workstation\vmware-authd.exe
    C:\Windows\system32\wbem\wmiprvse.exe
    C:\Windows\SysWOW64\vmnetdhcp.exe
    C:\Windows\system32\SearchIndexer.exe
    C:\Windows\system32\Dwm.exe
    C:\Program Files (x86)\Symantec\Symantec Endpoint Protection\SmcGui.exe
    C:\Program Files (x86)\Symantec\Symantec Endpoint Protection\ProtectionUtilSurrogate.exe
    C:\Program Files\DellTPad\Apoint.exe
    C:\Program Files\Dell\Dell ControlPoint\Dell.ControlPoint.exe
    C:\Program Files\Dell\Dell ControlPoint\Security Manager\BcmDeviceAndTaskStatusService.exe
    C:\Program Files\IDT\WDM\sttray64.exe
    C:\Program Files\DellTPad\ApMsgFwd.exe
    C:\Windows\System32\igfxtray.exe
    C:\Windows\System32\hkcmd.exe
    C:\Program Files\DellTPad\Apntex.exe
    C:\Windows\system32\conhost.exe
    C:\Program Files\DellTPad\HidFind.exe
    C:\Windows\System32\igfxpers.exe
    C:\Program Files (x86)\HP\Digital Imaging\Fax\Fax Driver 0.6 Base\hppfaxprintersrv.exe
    C:\Program Files (x86)\Input Director\InputDirector.exe
    C:\Program Files (x86)\Microsoft Office\Office14\MSOSYNC.EXE
    C:\Program Files (x86)\Input Director\IDVistaService.exe
    C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe
    C:\Program Files (x86)\Adobe\Acrobat 9.0\Acrobat\acrotray.exe
    C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe
    C:\Program Files (x86)\CyberLink\PowerDVD DX\PDVDDXSrv.exe
    C:\Program Files\Dell\Dell ControlPoint\System Manager\DCPSysMgr.exe
    D:\Program Files (x86)\Dell\Reader 2.1\DellBtrEvent.exe
    C:\Program Files (x86)\Iron Mountain\Connected BackupPC\Agent.exe
    C:\Program Files\Wave Systems Corp\Trusted Drive Manager\TdmNotify.exe
    C:\Program Files (x86)\Common Files\Symantec Shared\ccApp.exe
    C:\Windows\system32\wbem\unsecapp.exe
    C:\Program Files (x86)\Microsoft Office Communicator\communicator.exe
    C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
    C:\Program Files (x86)\Elaborate Bytes\VirtualCloneDrive\VCDDaemon.exe
    C:\Program Files (x86)\HP\ToolboxFX\bin\HPTLBXFX.exe
    C:\Program Files (x86)\HP\HP Software Update\hpwuschd2.exe
    C:\Program Files (x86)\VMware\VMware Workstation\vmware-tray.exe
    C:\Program Files\Windows Media Player\wmpnetwk.exe
    C:\Windows\system32\igfxext.exe
    C:\Windows\system32\igfxsrvc.exe
    C:\Program Files (x86)\Razer\Copperhead\razerhid.exe
    C:\Program Files (x86)\Razer\Copperhead\razerofa.exe
    C:\Windows\system32\taskeng.exe
    C:\Program Files\HP Toner Cartridge Authentication\hpcra112.exe
    C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IMSS\PrivacyIconClient.exe
    C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
    C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe
    C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe
    C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE
    C:\Windows\System32\svchost.exe -k secsvcs
    C:\Windows\system32\wuauclt.exe
    C:\Windows\System32\svchost.exe -k HPZ12
    C:\Windows\Explorer.EXE
    C:\Windows\system32\SearchFilterHost.exe
    C:\Windows\system32\SearchProtocolHost.exe
    C:\Program Files (x86)\Mozilla Firefox\firefox.exe
    C:\Program Files (x86)\Mozilla Firefox\plugin-container.exe
    C:\Windows\SysWOW64\cmd.exe
    C:\Windows\system32\conhost.exe
    C:\Windows\system32\DllHost.exe
    C:\Windows\SysWOW64\cscript.exe
    .
    ============== Pseudo HJT Report ===============
    .
    uSearch Bar = Preserve
    mWinlogon: Userinit=userinit.exe,
    BHO: HP Print Enhancer: {0347c33e-8762-4905-bf09-768834316c61} - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_printenhancer.dll
    BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
    BHO: Search Helper: {6ebf7485-159f-4bff-a14f-b9e3aac4465b} - C:\Program Files (x86)\Microsoft\Search Enhancement Pack\Search Helper\SEPsearchhelperie.dll
    BHO: Windows Live ID Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
    BHO: Adobe PDF Conversion Toolbar Helper: {ae7cd045-e861-484f-8273-0445ee161910} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll
    BHO: Office Document Cache Handler: {b4f3a835-0e21-4959-ba22-42b3008e02ff} - C:\PROGRA~2\MIF5BA~1\Office14\URLREDIR.DLL
    BHO: Java(tm) Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll
    BHO: SmartSelect Class: {f4971ee7-daa0-4053-9964-665d8ee6a077} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll
    BHO: HP Smart BHO Class: {ffffffff-cf4e-4f2b-bdc2-0e72e116a856} - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll
    TB: Adobe PDF: {47833539-d0c5-4125-9fa8-0819e2eaac93} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll
    TB: {21FA44EF-376D-4D53-9B0F-8A89D3229068} - No File
    EB: HP Smart Web Printing: {555d4d79-4bd2-4094-a395-cfc534424a05} - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_bho.dll
    uRun: [InputDirector] "C:\Program Files (x86)\Input Director\InputDirector.exe" /hide
    uRun: [OfficeSyncProcess] "C:\Program Files (x86)\Microsoft Office\Office14\MSOSYNC.EXE"
    mRun: [IAStorIcon] C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe
    mRun: [IMSS] "C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IMSS\PIconStartup.exe"
    mRun: [Adobe Acrobat Speed Launcher] "C:\Program Files (x86)\Adobe\Acrobat 9.0\Acrobat\Acrobat_sl.exe"
    mRun: [<NO NAME>]
    mRun: [Acrobat Assistant 8.0] "C:\Program Files (x86)\Adobe\Acrobat 9.0\Acrobat\Acrotray.exe"
    mRun: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
    mRun: [PDVDDXSrv] "C:\Program Files (x86)\CyberLink\PowerDVD DX\PDVDDXSrv.exe"
    mRun: [DellBtrEvent] D:\Program Files (x86)\Dell\Reader 2.1\DellBtrEvent.exe
    mRun: [AgentUiRunKey] "C:\Program Files (x86)\Iron Mountain\Connected BackupPC\Agent.exe" -ni -sss -e http://localhost:16386/
    mRun: [ccApp] "C:\Program Files (x86)\Common Files\Symantec Shared\ccApp.exe"
    mRun: [Communicator] "C:\Program Files (x86)\Microsoft Office Communicator\communicator.exe" /fromrunkey
    mRun: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
    mRun: [VirtualCloneDrive] "C:\Program Files (x86)\Elaborate Bytes\VirtualCloneDrive\VCDDaemon.exe" /s
    mRun: [ToolboxFX] "C:\Program Files (x86)\HP\ToolboxFX\bin\HPTLBXFX.exe" /enum:eek:n /alerts:eek:n /notifications:eek:n /fl:eek:n /fr:eek:n /appData:eek:n /tmcp:eek:n
    mRun: [HP Software Update] C:\Program Files (x86)\Hp\HP Software Update\HPWuSchd2.exe
    mRun: [vmware-tray] "C:\Program Files (x86)\VMware\VMware Workstation\vmware-tray.exe"
    mRun: [Copperhead] C:\Program Files (x86)\Razer\Copperhead\razerhid.exe
    StartupFolder: C:\Users\CHARLE~1.LAW\AppData\Roaming\MICROS~1\Windows\STARTM~1\Programs\Startup\Dropbox.lnk - C:\Users\charles.lawton\AppData\Roaming\Dropbox\bin\Dropbox.exe
    StartupFolder: C:\PROGRA~3\MICROS~1\Windows\STARTM~1\Programs\Startup\BLUETO~1.LNK - C:\Program Files (x86)\WIDCOMM\Bluetooth Software\BTTray.exe
    StartupFolder: C:\PROGRA~3\MICROS~1\Windows\STARTM~1\Programs\Startup\DELLCO~1.LNK - C:\Program Files (x86)\Dell\Dell ControlPoint\System Manager\DCPSysMgr.exe
    StartupFolder: C:\PROGRA~3\MICROS~1\Windows\STARTM~1\Programs\Startup\TDMNOT~1.LNK - C:\Program Files (x86)\Wave Systems Corp\Trusted Drive Manager\TdmNotify.exe
    StartupFolder: C:\PROGRA~3\MICROS~1\Windows\STARTM~1\Programs\Startup\VPNGUI~1.LNK - C:\Windows\Installer\{467D5E81-8349-4892-9E81-C3674ED8E451}\Icon09DB8A851.exe
    mPolicies-explorer: NoActiveDesktop = 1 (0x1)
    mPolicies-explorer: NoWelcomeScreen = 1 (0x1)
    mPolicies-system: ConsentPromptBehaviorAdmin = 0 (0x0)
    mPolicies-system: ConsentPromptBehaviorUser = 3 (0x3)
    mPolicies-system: EnableLUA = 0 (0x0)
    mPolicies-system: EnableUIADesktopToggle = 0 (0x0)
    mPolicies-system: PromptOnSecureDesktop = 0 (0x0)
    mPolicies-system: SoftwareSASGeneration = 3 (0x3)
    IE: {CCA281CA-C863-46ef-9331-5C8D4460577F} - c:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
    IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll
    IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIE.dll
    IE: {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - {FFFDC614-B694-4AE6-AB38-5D6374584B52} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIELinkedNotes.dll
    IE: {DDE87865-83C5-48c4-8357-2F5B1AA84522} - {DDE87865-83C5-48c4-8357-2F5B1AA84522} - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll
    LSP: mswsock.dll
    LSP: C:\Program Files (x86)\VMware\VMware Workstation\vsocklib.dll
    DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_21-windows-i586.cab
    DPF: {CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_21-windows-i586.cab
    DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_21-windows-i586.cab
    DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
    TCP: DhcpNameServer = 144.48.95.6 144.48.95.22
    TCP: Interfaces\{8168A02E-4910-4C2D-898B-134D9579B67A} : DhcpNameServer = 144.48.95.6 144.48.95.22
    TCP: Interfaces\{8168A02E-4910-4C2D-898B-134D9579B67A}\441627C65637 : DhcpNameServer = 209.18.47.61 209.18.47.62 192.168.1.1 209.18.47.61 209.18.47.62
    TCP: Interfaces\{8168A02E-4910-4C2D-898B-134D9579B67A}\5465F4475647865627 : DhcpNameServer = 192.168.2.254
    TCP: Interfaces\{C7964572-641B-452E-9582-9D739E8C5490} : DhcpNameServer = 144.48.95.6 144.48.95.22
    Filter: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - C:\Program Files (x86)\Common Files\microsoft shared\OFFICE14\MSOXMLMF.DLL
    Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files (x86)\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll
    LSA: Authentication Packages = msv1_0 wvauth
    SubSystems: Windows = basesrv,1 winsrv:UserServerDllInitialization,3 consrv:ConServerDllInitialization,2 sxssrv,4
    BHO-X64: HP Print Enhancer: {0347C33E-8762-4905-BF09-768834316C61} - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_printenhancer.dll
    BHO-X64: HP Print Enhancer - No File
    BHO-X64: Adobe PDF Link Helper: {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
    BHO-X64: AcroIEHelperStub - No File
    BHO-X64: Search Helper: {6EBF7485-159F-4bff-A14F-B9E3AAC4465B} - C:\Program Files (x86)\Microsoft\Search Enhancement Pack\Search Helper\SEPsearchhelperie.dll
    BHO-X64: Search Helper - No File
    BHO-X64: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
    BHO-X64: Adobe PDF Conversion Toolbar Helper: {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll
    BHO-X64: Office Document Cache Handler: {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\PROGRA~2\MIF5BA~1\Office14\URLREDIR.DLL
    BHO-X64: URLRedirectionBHO - No File
    BHO-X64: Java(tm) Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll
    BHO-X64: SmartSelect Class: {F4971EE7-DAA0-4053-9964-665D8EE6A077} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll
    BHO-X64: SmartSelect - No File
    BHO-X64: HP Smart BHO Class: {FFFFFFFF-CF4E-4F2B-BDC2-0E72E116A856} - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll
    BHO-X64: HP Smart BHO Class - No File
    TB-X64: Adobe PDF: {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll
    TB-X64: {21FA44EF-376D-4D53-9B0F-8A89D3229068} - No File
    EB-X64: {555D4D79-4BD2-4094-A395-CFC534424A05} - No File
    mRun-x64: [IAStorIcon] C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe
    mRun-x64: [IMSS] "C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IMSS\PIconStartup.exe"
    mRun-x64: [Adobe Acrobat Speed Launcher] "C:\Program Files (x86)\Adobe\Acrobat 9.0\Acrobat\Acrobat_sl.exe"
    mRun-x64: [(Default)]
    mRun-x64: [Acrobat Assistant 8.0] "C:\Program Files (x86)\Adobe\Acrobat 9.0\Acrobat\Acrotray.exe"
    mRun-x64: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
    mRun-x64: [PDVDDXSrv] "C:\Program Files (x86)\CyberLink\PowerDVD DX\PDVDDXSrv.exe"
    mRun-x64: [DellBtrEvent] D:\Program Files (x86)\Dell\Reader 2.1\DellBtrEvent.exe
    mRun-x64: [AgentUiRunKey] "C:\Program Files (x86)\Iron Mountain\Connected BackupPC\Agent.exe" -ni -sss -e http://localhost:16386/
    mRun-x64: [ccApp] "C:\Program Files (x86)\Common Files\Symantec Shared\ccApp.exe"
    mRun-x64: [Communicator] "C:\Program Files (x86)\Microsoft Office Communicator\communicator.exe" /fromrunkey
    mRun-x64: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
    mRun-x64: [VirtualCloneDrive] "C:\Program Files (x86)\Elaborate Bytes\VirtualCloneDrive\VCDDaemon.exe" /s
    mRun-x64: [ToolboxFX] "C:\Program Files (x86)\HP\ToolboxFX\bin\HPTLBXFX.exe" /enum:eek:n /alerts:eek:n /notifications:eek:n /fl:eek:n /fr:eek:n /appData:eek:n /tmcp:eek:n
    mRun-x64: [HP Software Update] C:\Program Files (x86)\Hp\HP Software Update\HPWuSchd2.exe
    mRun-x64: [vmware-tray] "C:\Program Files (x86)\VMware\VMware Workstation\vmware-tray.exe"
    mRun-x64: [Copperhead] C:\Program Files (x86)\Razer\Copperhead\razerhid.exe
    IE-X64: {CCA281CA-C863-46ef-9331-5C8D4460577F} - c:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
    .
    ================= FIREFOX ===================
    .
    FF - ProfilePath - C:\Users\charles.lawton\AppData\Roaming\Mozilla\Firefox\Profiles\ud55t7dg.default\
    FF - prefs.js: browser.startup.homepage - hxxp://otrs.css.glasshouse.com/csat/
    FF - component: C:\Program Files (x86)\Mozilla Firefox\extensions\{A0CBD44F-4031-4796-AFA8-6AD0FBE6BFED}\components\AvayaExtension.dll
    FF - component: C:\Users\charles.lawton\AppData\Roaming\Mozilla\Firefox\Profiles\ud55t7dg.default\extensions\{a7c6cf7f-112c-4500-a7ea-39801a327e5f}\platform\WINNT_x86-msvc\components\ipc_fireftp.dll
    FF - plugin: C:\PROGRA~2\MIF5BA~1\Office14\NPAUTHZ.DLL
    FF - plugin: C:\PROGRA~2\MIF5BA~1\Office14\NPSPWRAP.DLL
    FF - plugin: C:\Program Files (x86)\Java\jre6\bin\new_plugin\npdeployJava1.dll
    FF - plugin: c:\Program Files (x86)\Microsoft Silverlight\4.0.60531.0\npctrlui.dll
    FF - plugin: C:\Program Files (x86)\Mozilla Firefox\plugins\npdeployJava1.dll
    FF - plugin: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll
    FF - plugin: C:\Users\charles.lawton\AppData\Roaming\Mozilla\Firefox\Profiles\ud55t7dg.default\extensions\ietab@ip.cn\plugins\npCoralIETab.dll
    FF - plugin: C:\Users\charles.lawton\AppData\Roaming\Mozilla\plugins\npatgpc.dll
    FF - plugin: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32.dll
    .
    ============= SERVICES / DRIVERS ===============
    .
    R0 PxHlpa64;PxHlpa64;C:\Windows\system32\Drivers\PxHlpa64.sys --> C:\Windows\system32\Drivers\PxHlpa64.sys [?]
    R0 stdflt;Disk Filter Driver for Accelerometer;C:\Windows\system32\DRIVERS\stdfltn.sys --> C:\Windows\system32\DRIVERS\stdfltn.sys [?]
    R1 DVMIO;DVMIO;D:\Program Files (x86)\Dell\Reader 2.1\dvmio_x64.sys [2010-5-4 20624]
    R1 vwififlt;Virtual WiFi Filter Driver;C:\Windows\system32\DRIVERS\vwififlt.sys --> C:\Windows\system32\DRIVERS\vwififlt.sys [?]
    R2 AESTFilters;Andrea ST Filters Service;C:\Program Files\IDT\WDM\AESTSr64.exe [2011-2-9 89600]
    R2 AgentService;AgentService;C:\Program Files (x86)\Iron Mountain\Connected BackupPC\AgentService.exe [2011-5-3 7580576]
    R2 buttonsvc64;Dell ControlPoint Button Service;C:\Program Files\Dell\Dell ControlPoint\DCPButtonSvc.exe [2009-11-20 373024]
    R2 Credential Vault Host Control Service;Credential Vault Host Control Service;C:\Program Files\Broadcom Corporation\Broadcom USH Host Components\CV\bin\HostControlService.exe [2010-3-24 1039776]
    R2 Credential Vault Host Storage;Credential Vault Host Storage;C:\Program Files\Broadcom Corporation\Broadcom USH Host Components\CV\bin\HostStorageService.exe [2010-3-24 31136]
    R2 dcpsysmgrsvc;Dell ControlPoint System Manager;C:\Program Files\Dell\Dell ControlPoint\System Manager\DCPSysMgrSvc.exe [2010-2-8 515952]
    R2 DvmMDES;DeviceVM Meta Data Export Service;D:\Program Files (x86)\Dell\Reader 2.1\DVMExportService.exe [2010-5-4 327680]
    R2 HP LaserJet Service;HP LaserJet Service;C:\Program Files (x86)\HP\HPLaserJetService\HPLaserJetService.exe [2010-10-25 145920]
    R2 IAStorDataMgrSvc;Intel(R) Rapid Storage Technology;C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe [2010-10-19 13336]
    R2 InputDirector;Input Director Service;C:\Program Files (x86)\Input Director\IDWinService.exe [2010-2-1 36864]
    R2 InstallFilterService;FF Install Filter Service;C:\Program Files (x86)\STMicroelectronics\AccelerometerP11\InstallFilterService.exe [2010-10-19 60928]
    R2 pgsql-8.2;PostgreSQL Database Server 8.2;C:\Program Files (x86)\PostgreSQL\8.2\bin\pg_ctl.exe [2007-2-7 79324]
    R2 risdpcie;risdpcie;C:\Windows\system32\DRIVERS\risdpe64.sys --> C:\Windows\system32\DRIVERS\risdpe64.sys [?]
    R2 Symantec AntiVirus;Symantec Endpoint Protection;C:\Program Files (x86)\Symantec\Symantec Endpoint Protection\Rtvscan.exe [2010-4-1 2477304]
    R2 UNS;Intel(R) Management & Security Application User Notification Service;C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe [2010-10-19 2533400]
    R2 VMUSBArbService;VMware USB Arbitration Service;C:\Program Files (x86)\Common Files\VMware\USB\vmware-usbarbitrator.exe [2011-3-25 539248]
    R3 Acceler;Accelerometer Service;C:\Windows\system32\DRIVERS\Accelern.sys --> C:\Windows\system32\DRIVERS\Accelern.sys [?]
    R3 copperhd;Razer Copperhead Driver;C:\Windows\system32\drivers\copperhd.sys --> C:\Windows\system32\drivers\copperhd.sys [?]
    R3 cvusbdrv;Dell ControlVault;C:\Windows\system32\Drivers\cvusbdrv.sys --> C:\Windows\system32\Drivers\cvusbdrv.sys [?]
    R3 e1kexpress;Intel(R) PRO/1000 PCI Express Network Connection Driver K;C:\Windows\system32\DRIVERS\e1k62x64.sys --> C:\Windows\system32\DRIVERS\e1k62x64.sys [?]
    R3 EraserUtilRebootDrv;EraserUtilRebootDrv;C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [2011-7-28 136824]
    R3 HECIx64;Intel(R) Management Engine Interface;C:\Windows\system32\DRIVERS\HECIx64.sys --> C:\Windows\system32\DRIVERS\HECIx64.sys [?]
    R3 IDVistaService;Input Director Vista Service;C:\Program Files (x86)\Input Director\IDVistaService.exe [2009-2-7 13824]
    R3 Impcd;Impcd;C:\Windows\system32\DRIVERS\Impcd.sys --> C:\Windows\system32\DRIVERS\Impcd.sys [?]
    R3 IntcDAud;Intel(R) Display Audio;C:\Windows\system32\DRIVERS\IntcDAud.sys --> C:\Windows\system32\DRIVERS\IntcDAud.sys [?]
    R3 NETwNs64;___ Intel(R) Wireless WiFi Link 5000 Series Adapter Driver for Windows 7 - 64 Bit;C:\Windows\system32\DRIVERS\NETwNs64.sys --> C:\Windows\system32\DRIVERS\NETwNs64.sys [?]
    R3 osppsvc;Office Software Protection Platform;C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE [2010-1-9 4925184]
    S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
    S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-3-18 138576]
    S3 btwampfl;Bluetooth AMP USB Filter;C:\Windows\system32\drivers\btwampfl.sys --> C:\Windows\system32\drivers\btwampfl.sys [?]
    S3 DrvSnSht;DrvSnSht;C:\Program Files (x86)\R-Drive Image\DrvSnSht64.sys [2010-5-6 133584]
    S3 HTCAND64;HTC Device Driver;C:\Windows\system32\Drivers\ANDROIDUSB.sys --> C:\Windows\system32\Drivers\ANDROIDUSB.sys [?]
    S3 LV_Tracker;LV_Tracker;C:\Windows\system32\DRIVERS\LV_Tracker64.sys --> C:\Windows\system32\DRIVERS\LV_Tracker64.sys [?]
    S3 NETw5s64;Intel(R) Wireless WiFi Link 5000 Series Adapter Driver for Windows 7 - 64 Bit;C:\Windows\system32\DRIVERS\NETw5s64.sys --> C:\Windows\system32\DRIVERS\NETw5s64.sys [?]
    S3 R-ImageDisk;R-ImageDisk;C:\Program Files (x86)\R-Drive Image\R-ImageDisk64.sys [2010-3-3 186448]
    S3 rimspci;rimspci;C:\Windows\system32\DRIVERS\rimspe64.sys --> C:\Windows\system32\DRIVERS\rimspe64.sys [?]
    S3 rixdpcie;rixdpcie;C:\Windows\system32\DRIVERS\rixdpe64.sys --> C:\Windows\system32\DRIVERS\rixdpe64.sys [?]
    S3 StorSvc;Storage Service;C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted [2009-7-13 20992]
    S3 vwifimp;Microsoft Virtual WiFi Miniport Service;C:\Windows\system32\DRIVERS\vwifimp.sys --> C:\Windows\system32\DRIVERS\vwifimp.sys [?]
    S3 WatAdminSvc;Windows Activation Technologies Service;C:\Windows\system32\Wat\WatAdminSvc.exe --> C:\Windows\system32\Wat\WatAdminSvc.exe [?]
    S3 WSDPrintDevice;WSD Print Support via UMB;C:\Windows\system32\DRIVERS\WSDPrint.sys --> C:\Windows\system32\DRIVERS\WSDPrint.sys [?]
    .
    =============== Created Last 30 ================
    .
    2011-08-30 13:47:54 35712 ----a-w- C:\Windows\SysWow64\drivers\BlackBox.sys
    2011-08-30 12:25:50 -------- d-----w- C:\Program Files (x86)\ESET
    2011-08-29 19:50:27 -------- d-----w- C:\Users\charles.lawton\AppData\Roaming\Malwarebytes
    2011-08-29 19:50:23 41272 ----a-w- C:\Windows\SysWow64\drivers\mbamswissarmy.sys
    2011-08-29 19:50:23 -------- d-----w- C:\ProgramData\Malwarebytes
    2011-08-29 19:50:20 25912 ----a-w- C:\Windows\System32\drivers\mbam.sys
    2011-08-29 19:50:20 -------- d-----w- C:\Program Files (x86)\Malwarebytes' Anti-Malware
    2011-08-29 19:07:19 -------- d-----we C:\Windows\system64
    2011-08-26 20:47:05 -------- d-----w- C:\Program Files (x86)\R-Drive Image
    2011-08-26 19:42:12 -------- d-----w- C:\Program Files (x86)\ID
    2011-08-24 12:25:52 2048 ----a-w- C:\Windows\SysWow64\tzres.dll
    2011-08-24 12:25:52 2048 ----a-w- C:\Windows\System32\tzres.dll
    2011-08-11 12:24:59 6144 ---ha-w- C:\Windows\SysWow64\api-ms-win-security-base-l1-1-0.dll
    2011-08-10 13:32:37 -------- d-----w- C:\Program Files\HP Toner Cartridge Authentication
    .
    ==================== Find3M ====================
    .
    2011-08-12 12:12:36 404640 ----a-w- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl
    2011-07-22 05:35:08 1638912 ----a-w- C:\Windows\System32\mshtml.tlb
    2011-07-22 04:56:17 1638912 ----a-w- C:\Windows\SysWow64\mshtml.tlb
    2011-07-18 20:33:26 139320 ----a-w- C:\Windows\System32\hpswu112.dll
    2011-07-18 20:33:18 322104 ----a-w- C:\Windows\System32\hpfwu112.dll
    2011-07-18 20:33:08 2062392 ----a-w- C:\Windows\System32\hpdmr112.dll
    2011-07-18 20:33:00 286776 ----a-w- C:\Windows\System32\hpddy112.dll
    2011-07-18 20:32:52 138296 ----a-w- C:\Windows\System32\hpcsu112.dll
    2011-07-16 05:26:54 362496 ----a-w- C:\Windows\System32\wow64win.dll
    2011-07-16 05:26:53 243200 ----a-w- C:\Windows\System32\wow64.dll
    2011-07-16 05:26:53 13312 ----a-w- C:\Windows\System32\wow64cpu.dll
    2011-07-16 05:26:18 214528 ----a-w- C:\Windows\System32\winsrv.dll
    2011-07-16 05:24:09 16384 ----a-w- C:\Windows\System32\ntvdm64.dll
    2011-07-16 05:21:32 422400 ----a-w- C:\Windows\System32\KernelBase.dll
    2011-07-16 05:17:46 338432 ----a-w- C:\Windows\System32\conhost.exe
    2011-07-16 04:36:09 14336 ----a-w- C:\Windows\SysWow64\ntvdm64.dll
    2011-07-16 04:32:14 44032 ----a-w- C:\Windows\apppatch\acwow64.dll
    2011-07-16 04:31:50 25600 ----a-w- C:\Windows\SysWow64\setup16.exe
    2011-07-16 04:30:29 5120 ----a-w- C:\Windows\SysWow64\wow32.dll
    2011-07-16 04:30:27 272384 ----a-w- C:\Windows\SysWow64\KernelBase.dll
    2011-07-16 02:26:12 7680 ----a-w- C:\Windows\SysWow64\instnm.exe
    2011-07-16 02:26:11 2048 ----a-w- C:\Windows\SysWow64\user.exe
    2011-07-16 02:21:47 4608 ---ha-w- C:\Windows\SysWow64\api-ms-win-core-threadpool-l1-1-0.dll
    2011-07-16 02:21:47 3584 ---ha-w- C:\Windows\SysWow64\api-ms-win-core-xstate-l1-1-0.dll
    2011-07-16 02:21:47 3072 ---ha-w- C:\Windows\SysWow64\api-ms-win-core-util-l1-1-0.dll
    2011-07-09 02:44:55 287744 ----a-w- C:\Windows\System32\drivers\mrxsmb10.sys
    2011-07-05 20:13:44 249856 ------w- C:\Windows\Setup1.exe
    2011-07-05 20:13:43 73216 ----a-w- C:\Windows\ST6UNST.EXE
    2011-06-23 05:29:39 5507968 ----a-w- C:\Windows\System32\ntoskrnl.exe
    2011-06-23 04:38:05 3957120 ----a-w- C:\Windows\SysWow64\ntkrnlpa.exe
    2011-06-23 04:38:04 3902336 ----a-w- C:\Windows\SysWow64\ntoskrnl.exe
    2011-06-21 06:27:14 1896832 ----a-w- C:\Windows\System32\drivers\tcpip.sys
    2011-06-21 06:20:48 1197056 ----a-w- C:\Windows\System32\wininet.dll
    2011-06-21 06:20:06 57856 ----a-w- C:\Windows\System32\licmgr10.dll
    2011-06-21 05:36:36 981504 ----a-w- C:\Windows\SysWow64\wininet.dll
    2011-06-21 05:35:05 44544 ----a-w- C:\Windows\SysWow64\licmgr10.dll
    2011-06-21 05:05:13 482816 ----a-w- C:\Windows\System32\html.iec
    2011-06-21 04:26:02 386048 ----a-w- C:\Windows\SysWow64\html.iec
    2011-06-15 09:58:31 212992 ----a-w- C:\Windows\System32\odbctrac.dll
    2011-06-15 09:58:31 163840 ----a-w- C:\Windows\System32\odbccp32.dll
    2011-06-15 09:58:31 106496 ----a-w- C:\Windows\System32\odbccu32.dll
    2011-06-15 09:58:31 106496 ----a-w- C:\Windows\System32\odbccr32.dll
    2011-06-15 09:04:46 86016 ----a-w- C:\Windows\SysWow64\odbccu32.dll
    2011-06-15 09:04:46 81920 ----a-w- C:\Windows\SysWow64\odbccr32.dll
    2011-06-15 09:04:46 319488 ----a-w- C:\Windows\SysWow64\odbcjt32.dll
    2011-06-15 09:04:46 163840 ----a-w- C:\Windows\SysWow64\odbctrac.dll
    2011-06-15 09:04:46 122880 ----a-w- C:\Windows\SysWow64\odbccp32.dll
    2011-06-11 02:56:44 3134464 ----a-w- C:\Windows\System32\win32k.sys
    .
    ============= FINISH: 12:03:00.59 ===============
     
  5. clawton8

    clawton8 TS Rookie Topic Starter Posts: 16

    DDS logs - Attach

    Attach logs..

    .
    UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
    IF REQUESTED, ZIP IT UP & ATTACH IT
    .
    DDS (Ver_2011-08-26.01)
    .
    Microsoft Windows 7 Professional
    Boot Device: \Device\HarddiskVolume2
    Install Date: 11/5/2010 1:43:52 PM
    System Uptime: 8/29/2011 3:59:11 PM (21 hours ago)
    .
    Motherboard: Dell Inc. | | 0667CC
    Processor: Intel(R) Core(TM) i7 CPU M 640 @ 2.80GHz | CPU 1 | 2800/533mhz
    .
    ==== Disk Partitions =========================
    .
    C: is FIXED (NTFS) - 230 GiB total, 101.649 GiB free.
    D: is FIXED (FAT32) - 2 GiB total, 1.902 GiB free.
    E: is CDROM (CDFS)
    F: is Removable
    G: is CDROM ()
    .
    ==== Disabled Device Manager Items =============
    .
    Class GUID: {4d36e972-e325-11ce-bfc1-08002be10318}
    Description: Microsoft Virtual WiFi Miniport Adapter
    Device ID: {5D624F94-8850-40C3-A3FA-A4FD2080BAF3}\VWIFIMP\5&7A44AD&0&01
    Manufacturer: Microsoft
    Name: Microsoft Virtual WiFi Miniport Adapter
    PNP Device ID: {5D624F94-8850-40C3-A3FA-A4FD2080BAF3}\VWIFIMP\5&7A44AD&0&01
    Service: vwifimp
    .
    Class GUID: {8ECC055D-047F-11D1-A537-0000F8753ED1}
    Description: Windows Firewall Authorization Driver
    Device ID: ROOT\LEGACY_MPSDRV\0000
    Manufacturer:
    Name: Windows Firewall Authorization Driver
    PNP Device ID: ROOT\LEGACY_MPSDRV\0000
    Service: mpsdrv
    .
    Class GUID: {c7c038ad-1f2d-44d4-b2fe-d912be20e6d5}
    Description: Bluetooth L2CAP Interface
    Device ID: BTHENUM\{6E0C8F4C-D928-4852-B6B2-F0F0E0D126FA}_LOCALMFG&0000\8&3179B4E3&0&000000000000_00000000
    Manufacturer: Broadcom Corp.
    Name: Bluetooth L2CAP Interface
    PNP Device ID: BTHENUM\{6E0C8F4C-D928-4852-B6B2-F0F0E0D126FA}_LOCALMFG&0000\8&3179B4E3&0&000000000000_00000000
    Service: btwl2cap
    .
    Class GUID:
    Description: Bluetooth Peripheral Device
    Device ID: BTHENUM\{0000111E-0000-1000-8000-00805F9B34FB}_LOCALMFG&000F\8&3179B4E3&0&00237F14416B_C00000002
    Manufacturer:
    Name: Bluetooth Peripheral Device
    PNP Device ID: BTHENUM\{0000111E-0000-1000-8000-00805F9B34FB}_LOCALMFG&000F\8&3179B4E3&0&00237F14416B_C00000002
    Service:
    .
    Class GUID: {4d36e96c-e325-11ce-bfc1-08002be10318}
    Description: Bluetooth Hands-free Audio
    Device ID: BTHENUM\{24DF01A9-3E4F-4C9F-9F66-5AA8AB14F8F4}_LOCALMFG&0000\8&3179B4E3&0&000000000000_00000000
    Manufacturer: Broadcom
    Name: Bluetooth Hands-free Audio
    PNP Device ID: BTHENUM\{24DF01A9-3E4F-4C9F-9F66-5AA8AB14F8F4}_LOCALMFG&0000\8&3179B4E3&0&000000000000_00000000
    Service: btwaudio
    .
    Class GUID: {4d36e972-e325-11ce-bfc1-08002be10318}
    Description: Cisco Systems VPN Adapter for 64-bit Windows
    Device ID: ROOT\NET\0000
    Manufacturer: Cisco Systems
    Name: Cisco Systems VPN Adapter for 64-bit Windows
    PNP Device ID: ROOT\NET\0000
    Service: CVirtA
    .
    Class GUID: {745a17a0-74d3-11d0-b6fe-00a0c90f57da}
    Description: Bluetooth Remote Control
    Device ID: BTHENUM\{84A1E9B8-12BA-4A9C-8AB0-A43784E0D149}_LOCALMFG&0000\8&3179B4E3&0&000000000000_00000000
    Manufacturer: Broadcom
    Name: Bluetooth Remote Control
    PNP Device ID: BTHENUM\{84A1E9B8-12BA-4A9C-8AB0-A43784E0D149}_LOCALMFG&0000\8&3179B4E3&0&000000000000_00000000
    Service: btwrchid
    .
    ==== System Restore Points ===================
    .
    RP89: 8/21/2011 2:41:54 PM - Scheduled Checkpoint
    RP90: 8/25/2011 3:00:33 AM - Windows Update
    RP91: 8/26/2011 3:40:22 PM - Installed Enemy Territory - QUAKE Wars(TM)
    .
    ==== Installed Programs ======================
    .
    AccelerometerP11
    Adobe Acrobat 9 Standard - English, Français, Deutsch
    Adobe Acrobat 9.4.3 - CPSID_83708
    Adobe Flash Player 10 Plugin
    ALTools Update
    ALZip
    Avaya one-X® Communicator
    AZZ Cardfile
    Connected Backup/PC Agent
    D3DX10
    Definition update for Microsoft Office 2010 (KB982726)
    Dell ControlPoint Security Manager
    Dell Security Device Driver Pack
    Dropbox
    EMBASSY Security Center Lite
    EMBASSY Security Setup
    ESC Home Page Plugin
    ESET Online Scanner v3
    FileZilla Client 3.3.4.1
    GoToMeeting 4.5.0.457
    HP FWUpdateEDO3
    HP LaserJet Professional M1530 MFP Series
    HP LJ M1530 MFP Series HP Scan
    HP Toner Cartridge Authentication
    HP Update
    HPDiagnosticAlert
    HPLaserJetHelp_LearnCenter
    HPLJUT
    hppFaxDrvM1530
    hppFaxUtilityM1530
    hppLaserJetService
    hppM1530LaserJetService
    hppSendFaxM1530
    hppTLBXFXM1530
    hpzTLBXFX
    I.R.I.S. OCR
    IDT Audio
    Input Director v1.2.2
    Intel(R) Control Center
    Intel(R) Graphics Media Accelerator Driver
    Intel(R) Management Engine Components
    Intel(R) Rapid Storage Technology
    Java Auto Updater
    Java(TM) 6 Update 21
    Java(TM) SE Development Kit 6 Update 21
    Junk Mail filter update
    Just Great Software EditPad Pro 6 v.6.6.2
    LiveUpdate 3.3 (Symantec Corporation)
    Malwarebytes' Anti-Malware version 1.51.1.1800
    MFCLOC
    Microsoft Conferencing Add-in for Microsoft Office Outlook
    Microsoft Office Access MUI (English) 2010
    Microsoft Office Access Setup Metadata MUI (English) 2010
    Microsoft Office Communicator 2007 R2
    Microsoft Office Excel MUI (English) 2010
    Microsoft Office Live Meeting 2007
    Microsoft Office OneNote MUI (English) 2010
    Microsoft Office Outlook MUI (English) 2010
    Microsoft Office PowerPoint MUI (English) 2010
    Microsoft Office Professional 2010
    Microsoft Office Proof (English) 2010
    Microsoft Office Proof (French) 2010
    Microsoft Office Proof (Spanish) 2010
    Microsoft Office Proofing (English) 2010
    Microsoft Office Publisher MUI (English) 2010
    Microsoft Office Shared MUI (English) 2010
    Microsoft Office Shared Setup Metadata MUI (English) 2010
    Microsoft Office Single Image 2010
    Microsoft Office Word MUI (English) 2010
    Microsoft Search Enhancement Pack
    Microsoft Silverlight
    Microsoft SQL Server 2005 Compact Edition [ENU]
    Microsoft Visual C++ 2005 Redistributable
    Mozilla Firefox 5.0 (x86 en-US)
    MSVCRT
    MSVCRT_amd64
    MSXML 4.0 SP2 (KB954430)
    MSXML 4.0 SP2 (KB973688)
    MultiMon TaskBar 2.1
    Notepad++
    PostgreSQL 8.2
    PowerDVD DX
    R-Drive Image 4.7
    Razer Copperhead
    Reader 2.1
    Roxio Creator Audio
    Roxio Creator Copy
    Roxio Creator Data
    Roxio Creator DE 10.3
    Roxio Creator Tools
    Roxio Express Labeler 3
    Roxio Update Manager
    ScreenPrint32 v3.5
    Security Update for Microsoft .NET Framework 4 Client Profile (KB2160841)
    Security Update for Microsoft .NET Framework 4 Client Profile (KB2446708)
    Security Update for Microsoft .NET Framework 4 Client Profile (KB2478663)
    Security Update for Microsoft .NET Framework 4 Client Profile (KB2518870)
    Security Update for Microsoft .NET Framework 4 Client Profile (KB2539636)
    Security Update for Microsoft Excel 2010 (KB2523021)
    Security Update for Microsoft Office 2010 (KB2289078)
    Security Update for Microsoft Office 2010 (KB2289161)
    Security Update for Microsoft PowerPoint 2010 (KB2519975)
    Security Update for Microsoft Publisher 2010 (KB2409055)
    Security Update for Microsoft Word 2010 (KB2345000)
    SmartWebPrinting
    tools-freebsd
    tools-linux
    tools-netware
    tools-solaris
    tools-windows
    tools-winPre2k
    Update for Microsoft Office 2010 (KB2202188)
    Update for Microsoft Office 2010 (KB2413186)
    Update for Microsoft Office 2010 (KB2494150)
    Update for Microsoft Office 2010 (KB2523113)
    Update for Microsoft OneNote 2010 (KB2493983)
    Update for Microsoft Outlook Social Connector (KB2441641)
    VirtualCloneDrive
    VMware Workstation
    Wave Support Software
    WebEx
    Windows Live Communications Platform
    Windows Live Essentials
    Windows Live Installer
    Windows Live Mail
    Windows Live Messenger
    Windows Live Movie Maker
    Windows Live Photo Common
    Windows Live Photo Gallery
    Windows Live PIMT Platform
    Windows Live SOXE
    Windows Live SOXE Definitions
    Windows Live Sync
    Windows Live UX Platform
    Windows Live UX Platform Language Pack
    Windows Live Writer
    Windows Live Writer Resources
    WinSCP 4.2.9
    X-Chat 2.8.6-2
    .
    ==== Event Viewer Messages From Past Week ========
    .
    8/30/2011 8:08:18 AM, Error: NETLOGON [5719] - This computer was not able to set up a secure session with a domain controller in domain GLASSHOUSETECH due to the following: There are currently no logon servers available to service the logon request. This may lead to authentication problems. Make sure that this computer is connected to the network. If the problem persists, please contact your domain administrator. ADDITIONAL INFO If this computer is a domain controller for the specified domain, it sets up the secure session to the primary domain controller emulator in the specified domain. Otherwise, this computer sets up the secure session to any domain controller in the specified domain.
    8/30/2011 11:10:17 AM, Error: Service Control Manager [7023] - The Base Filtering Engine service terminated with the following error: The system cannot find the path specified.
    8/30/2011 11:10:17 AM, Error: Service Control Manager [7001] - The Windows Firewall service depends on the Base Filtering Engine service which failed to start because of the following error: The system cannot find the path specified.
    8/30/2011 11:10:17 AM, Error: Service Control Manager [7000] - The Windows Firewall Authorization Driver service failed to start due to the following error: Cannot create a file when that file already exists.
    8/29/2011 4:11:47 PM, Error: Service Control Manager [7022] - The Windows Update service hung on starting.
    8/29/2011 4:09:47 PM, Error: Service Control Manager [7022] - The Security Center service hung on starting.
    8/29/2011 4:09:19 PM, Error: Service Control Manager [7011] - A timeout (30000 milliseconds) was reached while waiting for a transaction response from the eventlog service.
    8/29/2011 4:07:11 PM, Error: Service Control Manager [7011] - A timeout (30000 milliseconds) was reached while waiting for a transaction response from the Wlansvc service.
    8/29/2011 4:05:58 PM, Error: Service Control Manager [7022] - The Windows Font Cache Service service hung on starting.
    8/29/2011 4:02:41 PM, Error: Microsoft-Windows-GroupPolicy [1129] - The processing of Group Policy failed because of lack of network connectivity to a domain controller. This may be a transient condition. A success message would be generated once the machine gets connected to the domain controller and Group Policy has succesfully processed. If you do not see a success message for several hours, then contact your administrator.
    8/29/2011 4:02:23 PM, Error: Microsoft-Windows-DistributedCOM [10016] - The application-specific permission settings do not grant Local Launch permission for the COM Server application with CLSID {C97FCC79-E628-407D-AE68-A06AD6D8B4D1} and APPID {344ED43D-D086-4961-86A6-1106F4ACAD9B} to the user NT AUTHORITY\SYSTEM SID (S-1-5-18) from address LocalHost (Using LRPC). This security permission can be modified using the Component Services administrative tool.
    8/29/2011 4:01:12 PM, Error: Service Control Manager [7001] - The IKE and AuthIP IPsec Keying Modules service depends on the Base Filtering Engine service which failed to start because of the following error: The system cannot find the path specified.
    8/29/2011 4:00:58 PM, Error: Service Control Manager [7001] - The NTRU TSS v1.2.1.29 TCS service depends on the TPM Base Services service which failed to start because of the following error: The operation completed successfully.
    8/29/2011 4:00:56 PM, Error: Microsoft-Windows-TaskScheduler [701] - Task Scheduler service failed to start Task Compatibility module. Tasks may not be able to register on previous Window versions. Additional Data: Error Value: 2147942526.
    8/29/2011 3:43:15 PM, Error: Service Control Manager [7001] - The PnP-X IP Bus Enumerator service depends on the Function Discovery Provider Host service which failed to start because of the following error: The dependency service or group failed to start.
    8/29/2011 3:42:24 PM, Error: Service Control Manager [7001] - The HomeGroup Provider service depends on the Function Discovery Provider Host service which failed to start because of the following error: The dependency service or group failed to start.
    8/29/2011 3:42:23 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service WSearch with arguments "" in order to run the server: {9E175B6D-F52A-11D8-B9A5-505054503030}
    8/29/2011 3:42:23 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service WSearch with arguments "" in order to run the server: {7D096C5F-AC08-4F1F-BEB7-5C22C517CE39}
    8/29/2011 3:42:21 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service EventSystem with arguments "" in order to run the server: {1BE1F766-5536-11D1-B726-00C04FB926AF}
    8/29/2011 3:42:15 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service ShellHWDetection with arguments "" in order to run the server: {DD522ACC-F821-461A-A407-50B198B896DC}
    8/29/2011 3:41:15 PM, Error: Service Control Manager [7026] - The following boot-start or system-start driver(s) failed to load: discache DVMIO eeCtrl ElbyCDIO spldr SRTSP SRTSPX Wanarpv6
    8/29/2011 3:29:12 PM, Error: Service Control Manager [7001] - The Network List Service service depends on the Network Location Awareness service which failed to start because of the following error: The dependency service or group failed to start.
    8/29/2011 3:29:10 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1068" attempting to start the service netprofm with arguments "" in order to run the server: {A47979D2-C419-11D9-A5B4-001185AD2B89}
    8/29/2011 3:29:10 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1068" attempting to start the service netman with arguments "" in order to run the server: {BA126AD1-2166-11D1-B1D0-00805FC1270E}
    8/29/2011 3:28:49 PM, Error: Service Control Manager [7026] - The following boot-start or system-start driver(s) failed to load: AFD CSC DfsC discache DVMIO eeCtrl ElbyCDIO NetBIOS NetBT nsiproxy Psched rdbss spldr SRTSP SRTSPX tdx vwififlt Wanarpv6 WfpLwf ws2ifsl
    8/29/2011 3:28:44 PM, Error: Service Control Manager [7001] - The Workstation service depends on the Network Store Interface Service service which failed to start because of the following error: The dependency service or group failed to start.
    8/29/2011 3:28:44 PM, Error: Service Control Manager [7001] - The SMB MiniRedirector Wrapper and Engine service depends on the Redirected Buffering Sub Sysytem service which failed to start because of the following error: A device attached to the system is not functioning.
    8/29/2011 3:28:44 PM, Error: Service Control Manager [7001] - The SMB 2.0 MiniRedirector service depends on the SMB MiniRedirector Wrapper and Engine service which failed to start because of the following error: The dependency service or group failed to start.
    8/29/2011 3:28:44 PM, Error: Service Control Manager [7001] - The SMB 1.x MiniRedirector service depends on the SMB MiniRedirector Wrapper and Engine service which failed to start because of the following error: The dependency service or group failed to start.
    8/29/2011 3:28:44 PM, Error: Service Control Manager [7001] - The Network Location Awareness service depends on the Network Store Interface Service service which failed to start because of the following error: The dependency service or group failed to start.
    8/29/2011 3:28:44 PM, Error: Service Control Manager [7001] - The Netlogon service depends on the Workstation service which failed to start because of the following error: The dependency service or group failed to start.
    8/29/2011 3:28:44 PM, Error: Service Control Manager [7001] - The IP Helper service depends on the Network Store Interface Service service which failed to start because of the following error: The dependency service or group failed to start.
    8/29/2011 3:28:42 PM, Error: Service Control Manager [7001] - The TCP/IP NetBIOS Helper service depends on the Ancillary Function Driver for Winsock service which failed to start because of the following error: A device attached to the system is not functioning.
    8/29/2011 3:28:42 PM, Error: Service Control Manager [7001] - The Network Store Interface Service service depends on the NSI proxy service driver. service which failed to start because of the following error: A device attached to the system is not functioning.
    8/29/2011 3:28:42 PM, Error: Service Control Manager [7001] - The DNS Client service depends on the NetIO Legacy TDI Support Driver service which failed to start because of the following error: A device attached to the system is not functioning.
    8/29/2011 3:28:42 PM, Error: Service Control Manager [7001] - The DHCP Client service depends on the Ancillary Function Driver for Winsock service which failed to start because of the following error: A device attached to the system is not functioning.
    8/29/2011 3:25:18 PM, Error: Service Control Manager [7001] - The Windows Firewall service depends on the Windows Firewall Authorization Driver service which failed to start because of the following error: Cannot create a file when that file already exists.
    8/29/2011 3:21:48 PM, Error: Service Control Manager [7032] - The Service Control Manager tried to take a corrective action (Restart the service) after the unexpected termination of the Intel(R) Management and Security Application Local Management Service service, but this action failed with the following error: An instance of the service is already running.
    8/29/2011 3:21:46 PM, Error: Microsoft-Windows-WLAN-AutoConfig [10003] -
    8/29/2011 3:21:39 PM, Error: Service Control Manager [7031] - The Symantec Settings Manager service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 100 milliseconds: Restart the service.
    8/29/2011 3:21:39 PM, Error: Service Control Manager [7031] - The Symantec Management Client service terminated unexpectedly. It has done this 117 time(s). The following corrective action will be taken in 1000 milliseconds: Restart the service.
    8/29/2011 3:21:39 PM, Error: Service Control Manager [7031] - The Symantec Event Manager service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 200 milliseconds: Restart the service.
    8/29/2011 3:21:38 PM, Error: Service Control Manager [7031] - The Intel(R) Management and Security Application Local Management Service service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 10000 milliseconds: Restart the service.
    8/29/2011 3:21:36 PM, Error: Service Control Manager [7031] - The VMware USB Arbitration Service service terminated unexpectedly. It has done this 25 time(s). The following corrective action will be taken in 10000 milliseconds: Restart the service.
    8/29/2011 3:21:36 PM, Error: Service Control Manager [7031] - The Symantec Management Client service terminated unexpectedly. It has done this 116 time(s). The following corrective action will be taken in 1000 milliseconds: Restart the service.
    8/29/2011 3:21:34 PM, Error: Service Control Manager [7031] - The Symantec Management Client service terminated unexpectedly. It has done this 115 time(s). The following corrective action will be taken in 1000 milliseconds: Restart the service.
    8/29/2011 3:21:32 PM, Error: Service Control Manager [7031] - The Symantec Management Client service terminated unexpectedly. It has done this 114 time(s). The following corrective action will be taken in 1000 milliseconds: Restart the service.
    8/29/2011 3:21:29 PM, Error: Service Control Manager [7031] - The Symantec Management Client service terminated unexpectedly. It has done this 113 time(s). The following corrective action will be taken in 1000 milliseconds: Restart the service.
    8/29/2011 3:21:27 PM, Error: Service Control Manager [7031] - The Symantec Management Client service terminated unexpectedly. It has done this 112 time(s). The following corrective action will be taken in 1000 milliseconds: Restart the service.
    8/29/2011 3:21:25 PM, Error: Service Control Manager [7031] - The VMware USB Arbitration Service service terminated unexpectedly. It has done this 24 time(s). The following corrective action will be taken in 10000 milliseconds: Restart the service.
    8/29/2011 3:21:25 PM, Error: Service Control Manager [7031] - The Symantec Management Client service terminated unexpectedly. It has done this 111 time(s). The following corrective action will be taken in 1000 milliseconds: Restart the service.
    8/29/2011 3:21:23 PM, Error: Service Control Manager [7031] - The Symantec Management Client service terminated unexpectedly. It has done this 110 time(s). The following corrective action will be taken in 1000 milliseconds: Restart the service.
    8/29/2011 3:21:20 PM, Error: Service Control Manager [7031] - The Symantec Management Client service terminated unexpectedly. It has done this 109 time(s). The following corrective action will be taken in 1000 milliseconds: Restart the service.
    8/29/2011 3:21:18 PM, Error: Service Control Manager [7031] - The Symantec Management Client service terminated unexpectedly. It has done this 108 time(s). The following corrective action will be taken in 1000 milliseconds: Restart the service.
    8/29/2011 3:21:16 PM, Error: Service Control Manager [7031] - The Symantec Management Client service terminated unexpectedly. It has done this 107 time(s). The following corrective action will be taken in 1000 milliseconds: Restart the service.
    8/29/2011 3:21:13 PM, Error: Service Control Manager [7031] - The VMware USB Arbitration Service service terminated unexpectedly. It has done this 23 time(s). The following corrective action will be taken in 10000 milliseconds: Restart the service.
    8/29/2011 3:21:13 PM, Error: Service Control Manager [7031] - The Symantec Management Client service terminated unexpectedly. It has done this 106 time(s). The following corrective action will be taken in 1000 milliseconds: Restart the service.
    8/29/2011 3:21:12 PM, Error: Service Control Manager [7031] - The AgentService service terminated unexpectedly. It has done this 5 time(s). The following corrective action will be taken in 60000 milliseconds: Restart the service.
    8/29/2011 3:21:11 PM, Error: Service Control Manager [7031] - The Symantec Management Client service terminated unexpectedly. It has done this 105 time(s). The following corrective action will be taken in 1000 milliseconds: Restart the service.
    8/29/2011 3:21:09 PM, Error: Service Control Manager [7031] - The Symantec Management Client service terminated unexpectedly. It has done this 104 time(s). The following corrective action will be taken in 1000 milliseconds: Restart the service.
    8/29/2011 3:21:07 PM, Error: Service Control Manager [7031] - The Symantec Management Client service terminated unexpectedly. It has done this 103 time(s). The following corrective action will be taken in 1000 milliseconds: Restart the service.
    8/29/2011 3:21:04 PM, Error: Service Control Manager [7031] - The Symantec Management Client service terminated unexpectedly. It has done this 102 time(s). The following corrective action will be taken in 1000 milliseconds: Restart the service.
    8/29/2011 3:21:02 PM, Error: Service Control Manager [7031] - The VMware USB Arbitration Service service terminated unexpectedly. It has done this 22 time(s). The following corrective action will be taken in 10000 milliseconds: Restart the service.
    8/29/2011 3:21:02 PM, Error: Service Control Manager [7031] - The Symantec Management Client service terminated unexpectedly. It has done this 101 time(s). The following corrective action will be taken in 1000 milliseconds: Restart the service.
    8/29/2011 3:21:00 PM, Error: Service Control Manager [7031] - The Symantec Management Client service terminated unexpectedly. It has done this 100 time(s). The following corrective action will be taken in 1000 milliseconds: Restart the service.
    8/29/2011 3:20:57 PM, Error: Service Control Manager [7031] - The Symantec Management Client service terminated unexpectedly. It has done this 99 time(s). The following corrective action will be taken in 1000 milliseconds: Restart the service.
    8/29/2011 3:20:55 PM, Error: Service Control Manager [7031] - The Symantec Management Client service terminated unexpectedly. It has done this 98 time(s). The following corrective action will be taken in 1000 milliseconds: Restart the service.
    8/29/2011 3:20:53 PM, Error: Service Control Manager [7031] - The Symantec Management Client service terminated unexpectedly. It has done this 97 time(s). The following corrective action will be taken in 1000 milliseconds: Restart the service.
    8/29/2011 3:20:51 PM, Error: Service Control Manager [7031] - The VMware USB Arbitration Service service terminated unexpectedly. It has done this 21 time(s). The following corrective action will be taken in 10000 milliseconds: Restart the service.
    8/29/2011 3:20:51 PM, Error: Service Control Manager [7031] - The Symantec Management Client service terminated unexpectedly. It has done this 96 time(s). The following corrective action will be taken in 1000 milliseconds: Restart the service.
    8/29/2011 3:20:48 PM, Error: Service Control Manager [7031] - The Symantec Management Client service terminated unexpectedly. It has done this 95 time(s). The following corrective action will be taken in 1000 milliseconds: Restart the service.
    8/29/2011 3:20:46 PM, Error: Service Control Manager [7031] - The Symantec Management Client service terminated unexpectedly. It has done this 94 time(s). The following corrective action will be taken in 1000 milliseconds: Restart the service.
    8/29/2011 3:20:44 PM, Error: Service Control Manager [7031] - The Symantec Management Client service terminated unexpectedly. It has done this 93 time(s). The following corrective action will be taken in 1000 milliseconds: Restart the service.
    8/29/2011 3:20:42 PM, Error: Service Control Manager [7031] - The Symantec Management Client service terminated unexpectedly. It has done this 92 time(s). The following corrective action will be taken in 1000 milliseconds: Restart the service.
    8/29/2011 3:20:40 PM, Error: Service Control Manager [7031] - The VMware USB Arbitration Service service terminated unexpectedly. It has done this 20 time(s). The following corrective action will be taken in 10000 milliseconds: Restart the service.
     
  6. clawton8

    clawton8 TS Rookie Topic Starter Posts: 16

    Attach cont...

    8/29/2011 3:20:40 PM, Error: Service Control Manager [7031] - The Symantec Management Client service terminated unexpectedly. It has done this 91 time(s). The following corrective action will be taken in 1000 milliseconds: Restart the service.
    8/29/2011 3:20:37 PM, Error: Service Control Manager [7031] - The Symantec Management Client service terminated unexpectedly. It has done this 90 time(s). The following corrective action will be taken in 1000 milliseconds: Restart the service.
    8/29/2011 3:20:35 PM, Error: Service Control Manager [7031] - The Symantec Management Client service terminated unexpectedly. It has done this 89 time(s). The following corrective action will be taken in 1000 milliseconds: Restart the service.
    8/29/2011 3:20:33 PM, Error: Service Control Manager [7031] - The Symantec Management Client service terminated unexpectedly. It has done this 88 time(s). The following corrective action will be taken in 1000 milliseconds: Restart the service.
    8/29/2011 3:20:31 PM, Error: Service Control Manager [7031] - The Symantec Management Client service terminated unexpectedly. It has done this 87 time(s). The following corrective action will be taken in 1000 milliseconds: Restart the service.
    8/29/2011 3:20:28 PM, Error: Service Control Manager [7031] - The VMware USB Arbitration Service service terminated unexpectedly. It has done this 19 time(s). The following corrective action will be taken in 10000 milliseconds: Restart the service.
    8/29/2011 3:20:28 PM, Error: Service Control Manager [7031] - The Symantec Management Client service terminated unexpectedly. It has done this 86 time(s). The following corrective action will be taken in 1000 milliseconds: Restart the service.
    8/29/2011 3:20:26 PM, Error: Service Control Manager [7031] - The Symantec Management Client service terminated unexpectedly. It has done this 85 time(s). The following corrective action will be taken in 1000 milliseconds: Restart the service.
    8/29/2011 3:20:24 PM, Error: Service Control Manager [7031] - The Symantec Management Client service terminated unexpectedly. It has done this 84 time(s). The following corrective action will be taken in 1000 milliseconds: Restart the service.
    8/29/2011 3:20:22 PM, Error: Service Control Manager [7031] - The Symantec Management Client service terminated unexpectedly. It has done this 83 time(s). The following corrective action will be taken in 1000 milliseconds: Restart the service.
    8/29/2011 3:20:19 PM, Error: Service Control Manager [7031] - The Symantec Management Client service terminated unexpectedly. It has done this 82 time(s). The following corrective action will be taken in 1000 milliseconds: Restart the service.
    8/29/2011 3:20:17 PM, Error: Service Control Manager [7031] - The VMware USB Arbitration Service service terminated unexpectedly. It has done this 18 time(s). The following corrective action will be taken in 10000 milliseconds: Restart the service.
    8/29/2011 3:20:17 PM, Error: Service Control Manager [7031] - The Symantec Management Client service terminated unexpectedly. It has done this 81 time(s). The following corrective action will be taken in 1000 milliseconds: Restart the service.
    8/29/2011 3:20:15 PM, Error: Service Control Manager [7031] - The Symantec Management Client service terminated unexpectedly. It has done this 80 time(s). The following corrective action will be taken in 1000 milliseconds: Restart the service.
    8/29/2011 3:20:12 PM, Error: Service Control Manager [7031] - The Symantec Management Client service terminated unexpectedly. It has done this 79 time(s). The following corrective action will be taken in 1000 milliseconds: Restart the service.
    8/29/2011 3:20:11 PM, Error: Service Control Manager [7031] - The AgentService service terminated unexpectedly. It has done this 4 time(s). The following corrective action will be taken in 60000 milliseconds: Restart the service.
    8/29/2011 3:20:10 PM, Error: Service Control Manager [7031] - The Symantec Management Client service terminated unexpectedly. It has done this 78 time(s). The following corrective action will be taken in 1000 milliseconds: Restart the service.
    8/29/2011 3:20:07 PM, Error: Service Control Manager [7031] - The Symantec Management Client service terminated unexpectedly. It has done this 77 time(s). The following corrective action will be taken in 1000 milliseconds: Restart the service.
    8/29/2011 3:20:06 PM, Error: Service Control Manager [7031] - The VMware USB Arbitration Service service terminated unexpectedly. It has done this 17 time(s). The following corrective action will be taken in 10000 milliseconds: Restart the service.
    8/29/2011 3:20:05 PM, Error: Service Control Manager [7031] - The Symantec Management Client service terminated unexpectedly. It has done this 76 time(s). The following corrective action will be taken in 1000 milliseconds: Restart the service.
    8/29/2011 3:20:02 PM, Error: Service Control Manager [7031] - The Symantec Management Client service terminated unexpectedly. It has done this 75 time(s). The following corrective action will be taken in 1000 milliseconds: Restart the service.
    8/29/2011 3:20:00 PM, Error: Service Control Manager [7031] - The Symantec Management Client service terminated unexpectedly. It has done this 74 time(s). The following corrective action will be taken in 1000 milliseconds: Restart the service.
    8/29/2011 3:19:57 PM, Error: Service Control Manager [7031] - The Symantec Management Client service terminated unexpectedly. It has done this 73 time(s). The following corrective action will be taken in 1000 milliseconds: Restart the service.
    8/29/2011 3:19:55 PM, Error: Service Control Manager [7031] - The Symantec Management Client service terminated unexpectedly. It has done this 72 time(s). The following corrective action will be taken in 1000 milliseconds: Restart the service.
    8/29/2011 3:19:54 PM, Error: Service Control Manager [7031] - The VMware USB Arbitration Service service terminated unexpectedly. It has done this 16 time(s). The following corrective action will be taken in 10000 milliseconds: Restart the service.
    8/29/2011 3:19:53 PM, Error: Service Control Manager [7031] - The Symantec Management Client service terminated unexpectedly. It has done this 71 time(s). The following corrective action will be taken in 1000 milliseconds: Restart the service.
    8/29/2011 3:19:50 PM, Error: Service Control Manager [7031] - The Symantec Management Client service terminated unexpectedly. It has done this 70 time(s). The following corrective action will be taken in 1000 milliseconds: Restart the service.
    8/29/2011 3:19:48 PM, Error: Service Control Manager [7031] - The Symantec Management Client service terminated unexpectedly. It has done this 69 time(s). The following corrective action will be taken in 1000 milliseconds: Restart the service.
    8/29/2011 3:19:45 PM, Error: Service Control Manager [7031] - The Symantec Management Client service terminated unexpectedly. It has done this 68 time(s). The following corrective action will be taken in 1000 milliseconds: Restart the service.
    8/29/2011 3:19:43 PM, Error: Service Control Manager [7031] - The VMware USB Arbitration Service service terminated unexpectedly. It has done this 15 time(s). The following corrective action will be taken in 10000 milliseconds: Restart the service.
    8/29/2011 3:19:43 PM, Error: Service Control Manager [7031] - The Symantec Management Client service terminated unexpectedly. It has done this 67 time(s). The following corrective action will be taken in 1000 milliseconds: Restart the service.
    8/29/2011 3:19:41 PM, Error: Service Control Manager [7031] - The Symantec Management Client service terminated unexpectedly. It has done this 66 time(s). The following corrective action will be taken in 1000 milliseconds: Restart the service.
    8/29/2011 3:19:38 PM, Error: Service Control Manager [7031] - The Symantec Management Client service terminated unexpectedly. It has done this 65 time(s). The following corrective action will be taken in 1000 milliseconds: Restart the service.
    8/29/2011 3:19:36 PM, Error: Service Control Manager [7031] - The Symantec Management Client service terminated unexpectedly. It has done this 64 time(s). The following corrective action will be taken in 1000 milliseconds: Restart the service.
    8/29/2011 3:19:33 PM, Error: Service Control Manager [7031] - The Symantec Management Client service terminated unexpectedly. It has done this 63 time(s). The following corrective action will be taken in 1000 milliseconds: Restart the service.
    8/29/2011 3:19:32 PM, Error: Service Control Manager [7031] - The VMware USB Arbitration Service service terminated unexpectedly. It has done this 14 time(s). The following corrective action will be taken in 10000 milliseconds: Restart the service.
    8/29/2011 3:19:31 PM, Error: Service Control Manager [7031] - The Symantec Management Client service terminated unexpectedly. It has done this 62 time(s). The following corrective action will be taken in 1000 milliseconds: Restart the service.
    8/29/2011 3:19:29 PM, Error: Service Control Manager [7031] - The Symantec Management Client service terminated unexpectedly. It has done this 61 time(s). The following corrective action will be taken in 1000 milliseconds: Restart the service.
    8/29/2011 3:19:26 PM, Error: Service Control Manager [7031] - The Symantec Management Client service terminated unexpectedly. It has done this 60 time(s). The following corrective action will be taken in 1000 milliseconds: Restart the service.
    8/29/2011 3:19:24 PM, Error: Service Control Manager [7031] - The Symantec Management Client service terminated unexpectedly. It has done this 59 time(s). The following corrective action will be taken in 1000 milliseconds: Restart the service.
    8/29/2011 3:19:21 PM, Error: Service Control Manager [7031] - The VMware USB Arbitration Service service terminated unexpectedly. It has done this 13 time(s). The following corrective action will be taken in 10000 milliseconds: Restart the service.
    8/29/2011 3:19:21 PM, Error: Service Control Manager [7031] - The Symantec Management Client service terminated unexpectedly. It has done this 58 time(s). The following corrective action will be taken in 1000 milliseconds: Restart the service.
    8/29/2011 3:19:19 PM, Error: Service Control Manager [7031] - The Symantec Management Client service terminated unexpectedly. It has done this 57 time(s). The following corrective action will be taken in 1000 milliseconds: Restart the service.
    8/29/2011 3:19:17 PM, Error: Service Control Manager [7031] - The Symantec Management Client service terminated unexpectedly. It has done this 56 time(s). The following corrective action will be taken in 1000 milliseconds: Restart the service.
    8/29/2011 3:19:14 PM, Error: Service Control Manager [7031] - The Symantec Management Client service terminated unexpectedly. It has done this 55 time(s). The following corrective action will be taken in 1000 milliseconds: Restart the service.
    8/29/2011 3:19:12 PM, Error: Service Control Manager [7031] - The Symantec Management Client service terminated unexpectedly. It has done this 54 time(s). The following corrective action will be taken in 1000 milliseconds: Restart the service.
    8/29/2011 3:19:09 PM, Error: Service Control Manager [7031] - The VMware USB Arbitration Service service terminated unexpectedly. It has done this 12 time(s). The following corrective action will be taken in 10000 milliseconds: Restart the service.
    8/29/2011 3:19:09 PM, Error: Service Control Manager [7031] - The Symantec Management Client service terminated unexpectedly. It has done this 53 time(s). The following corrective action will be taken in 1000 milliseconds: Restart the service.
    8/29/2011 3:19:09 PM, Error: Service Control Manager [7031] - The AgentService service terminated unexpectedly. It has done this 3 time(s). The following corrective action will be taken in 60000 milliseconds: Restart the service.
    8/29/2011 3:19:07 PM, Error: Service Control Manager [7031] - The Symantec Management Client service terminated unexpectedly. It has done this 52 time(s). The following corrective action will be taken in 1000 milliseconds: Restart the service.
    8/29/2011 3:19:05 PM, Error: Service Control Manager [7031] - The Symantec Management Client service terminated unexpectedly. It has done this 51 time(s). The following corrective action will be taken in 1000 milliseconds: Restart the service.
    8/29/2011 3:19:02 PM, Error: Service Control Manager [7031] - The Symantec Management Client service terminated unexpectedly. It has done this 50 time(s). The following corrective action will be taken in 1000 milliseconds: Restart the service.
    8/29/2011 3:19:00 PM, Error: Service Control Manager [7031] - The Symantec Management Client service terminated unexpectedly. It has done this 49 time(s). The following corrective action will be taken in 1000 milliseconds: Restart the service.
    8/29/2011 3:18:58 PM, Error: Service Control Manager [7031] - The VMware USB Arbitration Service service terminated unexpectedly. It has done this 11 time(s). The following corrective action will be taken in 10000 milliseconds: Restart the service.
    8/29/2011 3:18:57 PM, Error: Service Control Manager [7031] - The Symantec Management Client service terminated unexpectedly. It has done this 48 time(s). The following corrective action will be taken in 1000 milliseconds: Restart the service.
    8/29/2011 3:18:55 PM, Error: Service Control Manager [7031] - The Symantec Management Client service terminated unexpectedly. It has done this 47 time(s). The following corrective action will be taken in 1000 milliseconds: Restart the service.
    8/29/2011 3:18:53 PM, Error: Service Control Manager [7031] - The Symantec Management Client service terminated unexpectedly. It has done this 46 time(s). The following corrective action will be taken in 1000 milliseconds: Restart the service.
    8/29/2011 3:18:50 PM, Error: Service Control Manager [7031] - The Symantec Management Client service terminated unexpectedly. It has done this 45 time(s). The following corrective action will be taken in 1000 milliseconds: Restart the service.
    8/29/2011 3:18:48 PM, Error: Service Control Manager [7031] - The Symantec Management Client service terminated unexpectedly. It has done this 44 time(s). The following corrective action will be taken in 1000 milliseconds: Restart the service.
    8/29/2011 3:18:47 PM, Error: Service Control Manager [7031] - The VMware USB Arbitration Service service terminated unexpectedly. It has done this 10 time(s). The following corrective action will be taken in 10000 milliseconds: Restart the service.
    8/29/2011 3:18:46 PM, Error: Service Control Manager [7031] - The Symantec Management Client service terminated unexpectedly. It has done this 43 time(s). The following corrective action will be taken in 1000 milliseconds: Restart the service.
    8/29/2011 3:18:43 PM, Error: Service Control Manager [7031] - The Symantec Management Client service terminated unexpectedly. It has done this 42 time(s). The following corrective action will be taken in 1000 milliseconds: Restart the service.
    8/29/2011 3:18:41 PM, Error: Service Control Manager [7031] - The Symantec Management Client service terminated unexpectedly. It has done this 41 time(s). The following corrective action will be taken in 1000 milliseconds: Restart the service.
    8/29/2011 3:18:39 PM, Error: Service Control Manager [7031] - The Symantec Management Client service terminated unexpectedly. It has done this 40 time(s). The following corrective action will be taken in 1000 milliseconds: Restart the service.
    8/29/2011 3:18:36 PM, Error: Service Control Manager [7031] - The VMware USB Arbitration Service service terminated unexpectedly. It has done this 9 time(s). The following corrective action will be taken in 10000 milliseconds: Restart the service.
    8/29/2011 3:18:36 PM, Error: Service Control Manager [7031] - The Symantec Management Client service terminated unexpectedly. It has done this 39 time(s). The following corrective action will be taken in 1000 milliseconds: Restart the service.
    8/29/2011 3:18:34 PM, Error: Service Control Manager [7031] - The Symantec Management Client service terminated unexpectedly. It has done this 38 time(s). The following corrective action will be taken in 1000 milliseconds: Restart the service.
    8/29/2011 3:18:32 PM, Error: Service Control Manager [7031] - The Symantec Management Client service terminated unexpectedly. It has done this 37 time(s). The following corrective action will be taken in 1000 milliseconds: Restart the service.
    8/29/2011 3:18:29 PM, Error: Service Control Manager [7031] - The Symantec Management Client service terminated unexpectedly. It has done this 36 time(s). The following corrective action will be taken in 1000 milliseconds: Restart the service.
    8/29/2011 3:18:27 PM, Error: Service Control Manager [7031] - The Symantec Management Client service terminated unexpectedly. It has done this 35 time(s). The following corrective action will be taken in 1000 milliseconds: Restart the service.
    8/29/2011 3:18:25 PM, Error: Service Control Manager [7031] - The VMware USB Arbitration Service service terminated unexpectedly. It has done this 8 time(s). The following corrective action will be taken in 10000 milliseconds: Restart the service.
    8/29/2011 3:18:25 PM, Error: Service Control Manager [7031] - The Symantec Management Client service terminated unexpectedly. It has done this 34 time(s). The following corrective action will be taken in 1000 milliseconds: Restart the service.
    8/29/2011 3:18:22 PM, Error: Service Control Manager [7031] - The Symantec Management Client service terminated unexpectedly. It has done this 33 time(s). The following corrective action will be taken in 1000 milliseconds: Restart the service.
    8/29/2011 3:18:20 PM, Error: Service Control Manager [7031] - The Symantec Management Client service terminated unexpectedly. It has done this 32 time(s). The following corrective action will be taken in 1000 milliseconds: Restart the service.
    8/29/2011 3:18:17 PM, Error: Service Control Manager [7031] - The Symantec Management Client service terminated unexpectedly. It has done this 31 time(s). The following corrective action will be taken in 1000 milliseconds: Restart the service.
    8/29/2011 3:18:15 PM, Error: Service Control Manager [7031] - The Symantec Management Client service terminated unexpectedly. It has done this 30 time(s). The following corrective action will be taken in 1000 milliseconds: Restart the service.
    8/29/2011 3:18:14 PM, Error: Service Control Manager [7031] - The VMware USB Arbitration Service service terminated unexpectedly. It has done this 7 time(s). The following corrective action will be taken in 10000 milliseconds: Restart the service.
    8/29/2011 3:18:13 PM, Error: Service Control Manager [7031] - The Symantec Management Client service terminated unexpectedly. It has done this 29 time(s). The following corrective action will be taken in 1000 milliseconds: Restart the service.
    8/29/2011 3:18:10 PM, Error: Service Control Manager [7031] - The Symantec Management Client service terminated unexpectedly. It has done this 28 time(s). The following corrective action will be taken in 1000 milliseconds: Restart the service.
    8/29/2011 3:18:08 PM, Error: Service Control Manager [7031] - The Symantec Management Client service terminated unexpectedly. It has done this 27 time(s). The following corrective action will be taken in 1000 milliseconds: Restart the service.
    8/29/2011 3:18:08 PM, Error: Service Control Manager [7031] - The AgentService service terminated unexpectedly. It has done this 2 time(s). The following corrective action will be taken in 60000 milliseconds: Restart the service.
    8/29/2011 3:18:06 PM, Error: Service Control Manager [7031] - The Symantec Management Client service terminated unexpectedly. It has done this 26 time(s). The following corrective action will be taken in 1000 milliseconds: Restart the service.
    8/29/2011 3:18:03 PM, Error: Service Control Manager [7031] - The VMware USB Arbitration Service service terminated unexpectedly. It has done this 6 time(s). The following corrective action will be taken in 10000 milliseconds: Restart the service.
    8/29/2011 3:18:03 PM, Error: Service Control Manager [7031] - The Symantec Management Client service terminated unexpectedly. It has done this 25 time(s). The following corrective action will be taken in 1000 milliseconds: Restart the service.
    8/29/2011 3:18:01 PM, Error: Service Control Manager [7031] - The Symantec Management Client service terminated unexpectedly. It has done this 24 time(s). The following corrective action will be taken in 1000 milliseconds: Restart the service.
    8/29/2011 3:17:59 PM, Error: Service Control Manager [7031] - The Symantec Management Client service terminated unexpectedly. It has done this 23 time(s). The following corrective action will be taken in 1000 milliseconds: Restart the service.
    8/29/2011 3:17:57 PM, Error: Service Control Manager [7031] - The Symantec Management Client service terminated unexpectedly. It has done this 22 time(s). The following corrective action will be taken in 1000 milliseconds: Restart the service.
    8/29/2011 3:17:55 PM, Error: Service Control Manager [7031] - The Symantec Management Client service terminated unexpectedly. It has done this 21 time(s). The following corrective action will be taken in 1000 milliseconds: Restart the service.
    8/29/2011 3:17:52 PM, Error: Service Control Manager [7031] - The VMware USB Arbitration Service service terminated unexpectedly. It has done this 5 time(s). The following corrective action will be taken in 10000 milliseconds: Restart the service.
    8/29/2011 3:17:52 PM, Error: Service Control Manager [7031] - The Symantec Management Client service terminated unexpectedly. It has done this 20 time(s). The following corrective action will be taken in 1000 milliseconds: Restart the service.
    8/29/2011 3:17:50 PM, Error: Service Control Manager [7031] - The Symantec Management Client service terminated unexpectedly. It has done this 19 time(s). The following corrective action will be taken in 1000 milliseconds: Restart the service.
    8/29/2011 3:17:48 PM, Error: Service Control Manager [7031] - The Symantec Management Client service terminated unexpectedly. It has done this 18 time(s). The following corrective action will be taken in 1000 milliseconds: Restart the service.
    8/29/2011 3:17:45 PM, Error: Service Control Manager [7031] - The Symantec Management Client service terminated unexpectedly. It has done this 17 time(s). The following corrective action will be taken in 1000 milliseconds: Restart the service.
    8/29/2011 3:17:43 PM, Error: Service Control Manager [7031] - The Symantec Management Client service terminated unexpectedly. It has done this 16 time(s). The following corrective action will be taken in 1000 milliseconds: Restart the service.
    8/29/2011 3:17:41 PM, Error: Service Control Manager [7031] - The VMware USB Arbitration Service service terminated unexpectedly. It has done this 4 time(s). The following corrective action will be taken in 10000 milliseconds: Restart the service.
    8/29/2011 3:17:41 PM, Error: Service Control Manager [7031] - The Symantec Management Client service terminated unexpectedly. It has done this 15 time(s). The following corrective action will be taken in 1000 milliseconds: Restart the service.
    8/29/2011 3:17:38 PM, Error: Service Control Manager [7031] - The Symantec Management Client service terminated unexpectedly. It has done this 14 time(s). The following corrective action will be taken in 1000 milliseconds: Restart the service.
    8/29/2011 3:17:36 PM, Error: Service Control Manager [7031] - The Symantec Management Client service terminated unexpectedly. It has done this 13 time(s). The following corrective action will be taken in 1000 milliseconds: Restart the service.
    8/29/2011 3:17:34 PM, Error: Service Control Manager [7031] - The Symantec Management Client service terminated unexpectedly. It has done this 12 time(s). The following corrective action will be taken in 1000 milliseconds: Restart the service.
    8/29/2011 3:17:31 PM, Error: Service Control Manager [7031] - The Symantec Management Client service terminated unexpectedly. It has done this 11 time(s). The following corrective action will be taken in 1000 milliseconds: Restart the service.
    8/29/2011 3:17:30 PM, Error: Service Control Manager [7034] - The Windows Live ID Sign-in Assistant service terminated unexpectedly. It has done this 3 time(s).
    8/29/2011 3:17:30 PM, Error: Service Control Manager [7031] - The VMware USB Arbitration Service service terminated unexpectedly. It has done this 3 time(s). The following corrective action will be taken in 10000 milliseconds: Restart the service.
    8/29/2011 3:17:29 PM, Error: Service Control Manager [7031] - The Symantec Management Client service terminated unexpectedly. It has done this 10 time(s). The following corrective action will be taken in 1000 milliseconds: Restart the service.
    8/29/2011 3:17:27 PM, Error: Service Control Manager [7031] - The Symantec Management Client service terminated unexpectedly. It has done this 9 time(s). The following corrective action will be taken in 1000 milliseconds: Restart the service.
    8/29/2011 3:17:24 PM, Error: Service Control Manager [7031] - The Symantec Management Client service terminated unexpectedly. It has done this 8 time(s). The following corrective action will be taken in 1000 milliseconds: Restart the service.
    8/29/2011 3:17:22 PM, Error: Service Control Manager [7031] - The Symantec Management Client service terminated unexpectedly. It has done this 7 time(s). The following corrective action will be taken in 1000 milliseconds: Restart the service.
    8/29/2011 3:17:20 PM, Error: Service Control Manager [7031] - The Windows Live ID Sign-in Assistant service terminated unexpectedly. It has done this 2 time(s). The following corrective action will be taken in 10000 milliseconds: Restart the service.
    8/29/2011 3:17:20 PM, Error: Service Control Manager [7031] - The VMware USB Arbitration Service service terminated unexpectedly. It has done this 2 time(s). The following corrective action will be taken in 10000 milliseconds: Restart the service.
    8/29/2011 3:17:20 PM, Error: Service Control Manager [7031] - The Symantec Management Client service terminated unexpectedly. It has done this 6 time(s). The following corrective action will be taken in 1000 milliseconds: Restart the service.
    8/29/2011 3:17:19 PM, Error: Service Control Manager [7034] - The Intel(R) Management & Security Application User Notification Service service terminated unexpectedly. It has done this 1 time(s).
    8/29/2011 3:17:16 PM, Error: Service Control Manager [7031] - The Symantec Management Client service terminated unexpectedly. It has done this 5 time(s). The following corrective action will be taken in 1000 milliseconds: Restart the service.
    8/29/2011 3:17:13 PM, Error: Service Control Manager [7031] - The Symantec Management Client service terminated unexpectedly. It has done this 4 time(s). The following corrective action will be taken in 1000 milliseconds: Restart the service.
    8/29/2011 3:17:11 PM, Error: Service Control Manager [7034] - The Intel(R) Rapid Storage Technology service terminated unexpectedly. It has done this 1 time(s).
    8/29/2011 3:17:11 PM, Error: Service Control Manager [7031] - The Symantec Management Client service terminated unexpectedly. It has done this 3 time(s). The following corrective action will be taken in 1000 milliseconds: Restart the service.
    8/29/2011 3:17:09 PM, Error: Service Control Manager [7031] - The Symantec Management Client service terminated unexpectedly. It has done this 2 time(s). The following corrective action will be taken in 1000 milliseconds: Restart the service.
    8/29/2011 3:17:07 PM, Error: Service Control Manager [7034] - The VMware NAT Service service terminated unexpectedly. It has done this 1 time(s).
    8/29/2011 3:17:07 PM, Error: Service Control Manager [7034] - The VMware DHCP Service service terminated unexpectedly. It has done this 1 time(s).
    8/29/2011 3:17:07 PM, Error: Service Control Manager [7034] - The VMware Authorization Service service terminated unexpectedly. It has done this 1 time(s).
    8/29/2011 3:17:07 PM, Error: Service Control Manager [7034] - The TdmService service terminated unexpectedly. It has done this 1 time(s).
    8/29/2011 3:17:07 PM, Error: Service Control Manager [7034] - The Symantec Endpoint Protection service terminated unexpectedly. It has done this 1 time(s).
    8/29/2011 3:17:07 PM, Error: Service Control Manager [7034] - The SeaPort service terminated unexpectedly. It has done this 1 time(s).
    8/29/2011 3:17:07 PM, Error: Service Control Manager [7034] - The Intel(R) PROSet/Wireless Registry Service service terminated unexpectedly. It has done this 1 time(s).
    8/29/2011 3:17:07 PM, Error: Service Control Manager [7034] - The Intel(R) PROSet/Wireless Event Log service terminated unexpectedly. It has done this 1 time(s).
    8/29/2011 3:17:07 PM, Error: Service Control Manager [7034] - The Input Director Vista Service service terminated unexpectedly. It has done this 1 time(s).
    8/29/2011 3:17:07 PM, Error: Service Control Manager [7034] - The Input Director Service service terminated unexpectedly. It has done this 1 time(s).
    8/29/2011 3:17:07 PM, Error: Service Control Manager [7034] - The iClarityQoSService service terminated unexpectedly. It has done this 1 time(s).
    8/29/2011 3:17:07 PM, Error: Service Control Manager [7034] - The HP LaserJet Service service terminated unexpectedly. It has done this 1 time(s).
    8/29/2011 3:17:07 PM, Error: Service Control Manager [7034] - The FF Install Filter Service service terminated unexpectedly. It has done this 1 time(s).
    8/29/2011 3:17:07 PM, Error: Service Control Manager [7034] - The DeviceVM Meta Data Export Service service terminated unexpectedly. It has done this 1 time(s).
    8/29/2011 3:17:07 PM, Error: Service Control Manager [7034] - The Dell ControlPoint System Manager service terminated unexpectedly. It has done this 1 time(s).
    8/29/2011 3:17:07 PM, Error: Service Control Manager [7034] - The Dell ControlPoint Button Service service terminated unexpectedly. It has done this 1 time(s).
    8/29/2011 3:17:07 PM, Error: Service Control Manager [7034] - The Credential Vault Host Storage service terminated unexpectedly. It has done this 1 time(s).
    8/29/2011 3:17:07 PM, Error: Service Control Manager [7034] - The Credential Vault Host Control Service service terminated unexpectedly. It has done this 1 time(s).
    8/29/2011 3:17:07 PM, Error: Service Control Manager [7034] - The Cisco Systems, Inc. VPN Service service terminated unexpectedly. It has done this 1 time(s).
    8/29/2011 3:17:07 PM, Error: Service Control Manager [7034] - The Audio Service service terminated unexpectedly. It has done this 1 time(s).
    8/29/2011 3:17:07 PM, Error: Service Control Manager [7034] - The Andrea ST Filters Service service terminated unexpectedly. It has done this 1 time(s).
    8/29/2011 3:17:07 PM, Error: Service Control Manager [7031] - The Windows Live ID Sign-in Assistant service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 10000 milliseconds: Restart the service.
    8/29/2011 3:17:07 PM, Error: Service Control Manager [7031] - The VMware USB Arbitration Service service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 10000 milliseconds: Restart the service.
    8/29/2011 3:17:07 PM, Error: Service Control Manager [7031] - The Symantec Management Client service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 1000 milliseconds: Restart the service.
    8/29/2011 3:17:07 PM, Error: Service Control Manager [7031] - The AgentService service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 60000 milliseconds: Restart the service.
    8/29/2011 3:14:27 PM, Error: Microsoft-Windows-WER-SystemErrorReporting [1001] - The computer has rebooted from a bugcheck. The bugcheck was: 0x0000001e (0x0000000000000000, 0x0000000000000000, 0x0000000000000000, 0x0000000000000000). A dump was saved in: C:\Windows\MEMORY.DMP. Report Id: 082911-59061-01.
    8/29/2011 3:11:23 PM, Error: Service Control Manager [7031] - The AgentService service terminated unexpectedly. It has done this 6 time(s). The following corrective action will be taken in 60000 milliseconds: Restart the service.
    8/29/2011 3:11:20 PM, Error: Service Control Manager [7031] - The VMware USB Arbitration Service service terminated unexpectedly. It has done this 28 time(s). The following corrective action will be taken in 10000 milliseconds: Restart the service.
    8/29/2011 3:11:08 PM, Error: Service Control Manager [7031] - The VMware USB Arbitration Service service terminated unexpectedly. It has done this 27 time(s). The following corrective action will be taken in 10000 milliseconds: Restart the service.
    8/29/2011 3:10:58 PM, Error: Service Control Manager [7031] - The VMware USB Arbitration Service service terminated unexpectedly. It has done this 26 time(s). The following corrective action will be taken in 10000 milliseconds: Restart the service.
    8/29/2011 3:06:17 PM, Error: Service Control Manager [7009] - A timeout was reached (30000 milliseconds) while waiting for the Symantec Management Client service to connect.
    8/29/2011 3:06:17 PM, Error: Service Control Manager [7000] - The Symantec Management Client service failed to start due to the following error: The service did not respond to the start or control request in a timely fashion.
    8/29/2011 2:50:29 PM, Error: Microsoft-Windows-DistributedCOM [10009] - DCOM was unable to communicate with the computer UK-WEYDC01.glasshousetech.com using any of the configured protocols.
    .
    ==== End Of File ===========================
     
  7. clawton8

    clawton8 TS Rookie Topic Starter Posts: 16

    Bump

    Really need help.. this is killin me.
     
  8. Bobbye

    Bobbye Helper on the Fringe Posts: 16,335   +36

    You don't bum after 7 hours. Please re-post the logs you put in code boxes. Do NOT use the code box or quote for logs. It takes up too much space. I tried to edit the post and remove the code attributes, but apparently you have hidden attributes.

    When the logs have been re-posted, I will then hopefully be able to delete the logs in code box.
    ================================
    My Guidelines: please read and follow:
    • Be patient. Malware cleaning takes time and I am also working with other members while I am helping you.
    • Read my instructions carefully. If you don't understand or have a problem, ask me.
    • If you have questions, or if a program doesn't work, stop and tell me about it. Don't try to get around it yourself.
    • Follow the order of the tasks I give you. Order is crucial in cleaning process.
    • File sharing programs should be uninstalled or disabled during the cleaning process..
    • Observe these:
      [o] Don't use any other cleaning programs or scans while I'm helping you.
      [o] Don't use a Registry cleaner or make any changes in the Registry.
      [o] Don't download and install new programs- except those I give you.
    • Please let me know if there is any change in the system.

    If I don't get a reply from you in 5 days, the thread will be closed. If your problem persist, you can send a PM to reopen it.
    =====================================
    Please note: I am alsohelping others. Many posted long before you and they will be helped accordingly. If you find this won't work for you, let me know and I'll close the thread.
     
  9. clawton8

    clawton8 TS Rookie Topic Starter Posts: 16

    Sorry about that; but why when I pasted in the hijackthis log and the DDS text is it telling me that I have image to many image tags? That is why I had to do it in a code box. I looked through the logs and I can't seem to find any image tags??

    I took out the code box from two of the post. please advise regarding the img tags as i'm at a loss.

    ***EDIT: Fixed all of the code boxes. Had to click on the disable smiley option in advanced. Is that in the posting instructions?***
     
  10. Bobbye

    Bobbye Helper on the Fringe Posts: 16,335   +36

    No Smileys or other images in steps other than what is included in the instruction. I was surprised to get the image message when I went to edit the code box. I couldn't find the images either, but figured that was why you used the code box.

    This appears to be your work system. Take a look at the specific firewall settings that have to be done for this: http://www.inputdirector.com/faq.html
    uRun: [InputDirector] "C:\Program Files (x86)\Input Director\InputDirector.exe" /hide
    =======================================
    It does not appears that the network is not set up correctly, due to the multiple errors I see. And Symantec is definitely in distress!:
    ]8/29/2011 3:21:39 PM, Error: Service Control Manager [7031] - The Symantec Management Client service terminated unexpectedly. It has done this 117 time(s).

    There as also a problem accessing the GLASSHOUSETECH domain.

    There are multiple repeating problems with this:
    8/29/2011 3:18:36 PM, Error: Service Control Manager [7031] - The VMware USB Arbitration Service service terminated unexpectedly. It has done this 9 time(s). The following corrective[/b]
    =======================================
    It is my policy not to investigate/change/remove obvious work related programs. I can look for and hopefully remove the obvious malware. But in your case, your problems exceed those caused by malware. Please be aware of that.
    =======================================
    • Hold down Control and click on the following link to open ESET OnlineScan in a new window.
      ESETOnlineScan
    • For alternate browsers only: (Microsoft Internet Explorer users can skip these steps)
      [o] Click on Posted Image to download the ESET Smart Installer. Save it to your desktop.
      [o] Double click on the [​IMG]on your desktop.
    • Check 'Yes I accept terms of use.'
    • Click Start button
    • Accept any security warnings from your browser.
      [​IMG]
    • Uncheck 'Remove found threats'
    • Check 'Scan archives/
    • Leave remaining settings as is.
    • Press the Start button.
    • ESET will then download updates for itself, install itself, and begin scanning your computer. Please wait for the scan to finish.
    • When the scan completes, press List of found threats
    • Push Export of text file and save the file to your desktop using a unique name, such as ESETScan. Paste this log in your next reply.
    • Push the Back button
    • Push Finish

    NOTE: If no malware is found then no log will be produced. Let me know if this is the case.
    ======================================
    Please note: If you have previously run Combofix and it's still on the system, please uninstall it. Then download the current version and do the scan: Uninstall directions, if needed
    • Click START> then RUN
    • Now type Combofix /Uninstall in the runbox and click OK. Note the space between the X and the U, it needs to be there.
    --------------------------------------
    Download Combofix from HERE or HERE and save to the desktop
    • Double click combofix.exe & follow the prompts.
    • ComboFix will check to see if the Microsoft Windows Recovery Console is installed. It is recommended to have this pre-installed on your machine before doing any malware removal. It will allow you to boot up into a special recovery/repair mode if needed.
      **Please note: If the Microsoft Windows Recovery Console is already installed, ComboFix will continue it's malware removal procedures.
    • Follow the prompts to allow ComboFix to download and install the Microsoft Windows Recovery Console, and when prompted, agree to the End-User License Agreement to install the Microsoft Windows Recovery Console.
    • Once installed, you should see a blue screen prompt that says:
      The Recovery Console was successfully installed.
    • .Click on Yes, to continue scanning for malware
    • .If Combofix asks you to update the program, allow
    • .Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.
    • .Close any open browsers.
    • .Double click combofix.exe[​IMG] & follow the prompts to run.
    • When the scan completes , a report will be generated-it will open a text window. Please paste the C:\ComboFix.txt in next reply..
    Re-enable your Antivirus software.

    Note 1:Do not mouse-click Combofix's window while it is running. That may cause it to stall.
    Note 2: ComboFix may reset a number of Internet Explorer's settings, including making I-E the default browser.
    Note 3: Combofix prevents autorun of ALL CD, floppy and USB devices to assist with malware removal & increase security. If this is an issue or makes it difficult for you -- please tell your helper.
    Note 4: CF disconnects your machine from the internet. The connection is automatically restored before CF completes its run. If CF runs into difficulty and terminates prematurely, the connection can be manually restored by restarting your machine.
    Note 5: If you receive an error "Illegal operation attempted on a registry key that has been marked for deletion", restart computer to fix the issue.
    ===================================
    Java is way out of date. The current is v6u27. Please update now: Java Updates Uninstall any earlier versions in Add/Remove Programs as they are vulnerabilities for the system.
    Note: Uncheck 'Install Yahoo Toolbar' on the download screen before you do the update.
    ====================================
    Please keep in mind: we may find and remove malware. But with the system problem you're having, it most llikely won't solve the main problem. At that point, I will refer you to the IT for the office.
     
  11. clawton8

    clawton8 TS Rookie Topic Starter Posts: 16

    Thanks for the help. We are a small company; our IT department is iffy. The last time I brought them a problem, their solution was to reformat. I ended up fixing said problem myself and in turn, gave them a kbase solution on it. Ugh.

    I'll run the ESET and combofix scan. Input director is something I installed and was working flawlessly until I hit this bug. I can't access Windows Firewall settings at all.

    I agree, Symantec is having issues. That I will send to my IT since they installed it. I'll update Java as well. Thanks again.
     
  12. clawton8

    clawton8 TS Rookie Topic Starter Posts: 16

    Hello,

    I've uninstalled the previous Java updates and have installed the latest Java. I cannot check firewall settings for Input director as i cannot access Windows Firewall settings/make changes. This issue occurred at the same time that I've hit this bug.

    Log results from ESET scan...

    C:\Users\charles.lawton\AppData\Local\Temp\DWH14F6.tmp a variant of Win32/Kryptik.NNX trojan
    C:\Users\charles.lawton\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\54\45ea4876-495f2792 Java/TrojanDownloader.OpenStream.NCA trojan

    Log results from Combofix...

    ComboFix 11-08-31.04 - charles.lawton 08/31/2011 12:11:56.1.4 - x64
    Microsoft Windows 7 Professional 6.1.7600.0.1252.1.1033.18.5942.2794 [GMT -4:00]
    Running from: c:\users\charles.lawton\Desktop\ComboFix.exe
    AV: Symantec Endpoint Protection *Disabled/Updated* {88C95A36-8C3B-2F2C-1B8B-30FCCFDC4855}
    SP: Symantec Endpoint Protection *Disabled/Updated* {33A8BBD2-AA01-20A2-213B-0B8EB45B02E8}
    SP: Windows Defender *Enabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
    .
    .
    ((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
    .
    .
    c:\programdata\Roaming
    c:\users\charles.lawton\AppData\Roaming\Adobe\plugs
    c:\users\charles.lawton\AppData\Roaming\Adobe\shed
    c:\users\charles.lawton\g2mdlhlpx.exe
    c:\users\user\Desktop\Internet Explorer.lnk
    c:\windows\system32\config\systemprofile\CF7275.tmp
    c:\windows\system32\config\systemprofile\DMI424C.tmp
    c:\windows\system32\consrv.dll
    c:\windows\System64
    c:\windows\SysWow64\sqlite3.dll
    .
    .
    ((((((((((((((((((((((((( Files Created from 2011-07-28 to 2011-08-31 )))))))))))))))))))))))))))))))
    .
    .
    2011-08-31 16:22 . 2011-08-31 16:22 0 ----a-w- c:\windows\SysWow64\config\systemprofile\SEPC1A0.tmp
    2011-08-31 16:16 . 2011-08-31 16:16 -------- d-----w- c:\users\user\AppData\Local\temp
    2011-08-31 16:16 . 2011-08-31 16:16 -------- d-----w- c:\users\Default\AppData\Local\temp
    2011-08-31 12:37 . 2011-08-31 12:37 -------- d-----w- c:\windows\system32\SPReview
    2011-08-31 12:36 . 2011-08-31 12:36 -------- d-----w- c:\windows\system32\EventProviders
    2011-08-30 13:47 . 2011-08-30 13:48 35712 ----a-w- c:\windows\SysWow64\drivers\BlackBox.sys
    2011-08-30 12:25 . 2011-08-30 12:25 -------- d-----w- c:\program files (x86)\ESET
    2011-08-29 20:01 . 2011-08-31 16:20 -------- d-----w- c:\windows\SysWow64\config\systemprofile\vmware-SYSTEM
    2011-08-29 19:50 . 2011-08-29 19:50 -------- d-----w- c:\users\charles.lawton\AppData\Roaming\Malwarebytes
    2011-08-29 19:50 . 2011-08-29 19:50 -------- d-----w- c:\programdata\Malwarebytes
    2011-08-29 19:50 . 2011-07-06 23:52 41272 ----a-w- c:\windows\SysWow64\drivers\mbamswissarmy.sys
    2011-08-29 19:50 . 2011-08-29 19:50 -------- d-----w- c:\program files (x86)\Malwarebytes' Anti-Malware
    2011-08-29 19:50 . 2011-07-06 23:52 25912 ----a-w- c:\windows\system32\drivers\mbam.sys
    2011-08-26 20:47 . 2011-08-26 20:47 -------- d-----w- c:\program files (x86)\R-Drive Image
    2011-08-26 19:42 . 2011-08-26 19:42 -------- d-----w- c:\program files (x86)\ID
    2011-08-24 12:25 . 2011-07-09 05:14 2048 ----a-w- c:\windows\system32\tzres.dll
    2011-08-24 12:25 . 2011-07-09 04:30 2048 ----a-w- c:\windows\SysWow64\tzres.dll
    2011-08-11 12:24 . 2011-07-16 05:04 6144 ---ha-w- c:\windows\system32\api-ms-win-security-base-l1-1-0.dll
    2011-08-10 13:32 . 2011-08-10 13:33 -------- d-----w- c:\program files\HP Toner Cartridge Authentication
    .
    .
    .
    (((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
    .
    2011-08-31 13:19 . 2009-07-14 02:36 152064 ----a-w- c:\windows\SysWow64\msclmd.dll
    2011-08-31 13:19 . 2009-07-14 02:36 175104 ----a-w- c:\windows\system32\msclmd.dll
    2011-08-12 12:12 . 2011-05-24 12:35 404640 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl
    2011-07-18 20:33 . 2011-07-18 20:33 139320 ----a-w- c:\windows\system32\hpswu112.dll
    2011-07-18 20:33 . 2011-07-18 20:33 322104 ----a-w- c:\windows\system32\hpfwu112.dll
    2011-07-18 20:33 . 2011-07-18 20:33 2062392 ----a-w- c:\windows\system32\hpdmr112.dll
    2011-07-18 20:33 . 2011-07-18 20:33 286776 ----a-w- c:\windows\system32\hpddy112.dll
    2011-07-18 20:32 . 2011-07-18 20:32 138296 ----a-w- c:\windows\system32\hpcsu112.dll
    2011-07-16 04:32 . 2011-08-11 12:25 44032 ----a-w- c:\windows\apppatch\acwow64.dll
    2011-07-05 20:13 . 2010-11-23 21:16 249856 ------w- c:\windows\Setup1.exe
    2011-07-05 20:13 . 2010-11-23 21:16 73216 ----a-w- c:\windows\ST6UNST.EXE
    2011-06-11 02:56 . 2011-07-13 12:26 3134464 ----a-w- c:\windows\system32\win32k.sys
    .
    .
    ((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
    .
    .
    *Note* empty entries & legit default entries are not shown
    REGEDIT4
    .
    [HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt1]
    @="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}"
    [HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}]
    2011-02-18 05:12 94208 ----a-w- c:\users\charles.lawton\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll
    .
    [HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt2]
    @="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}"
    [HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}]
    2011-02-18 05:12 94208 ----a-w- c:\users\charles.lawton\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll
    .
    [HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt3]
    @="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}"
    [HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}]
    2011-02-18 05:12 94208 ----a-w- c:\users\charles.lawton\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll
    .
    [HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt4]
    @="{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}"
    [HKEY_CLASSES_ROOT\CLSID\{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}]
    2011-02-18 05:12 94208 ----a-w- c:\users\charles.lawton\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll
    .
    [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "InputDirector"="c:\program files (x86)\Input Director\InputDirector.exe" [2010-02-01 475136]
    "OfficeSyncProcess"="c:\program files (x86)\Microsoft Office\Office14\MSOSYNC.EXE" [2010-03-16 718208]
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
    "IAStorIcon"="c:\program files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe" [2010-03-04 284696]
    "IMSS"="c:\program files (x86)\Intel\Intel(R) Management Engine Components\IMSS\PIconStartup.exe" [2010-05-06 112152]
    "Adobe Acrobat Speed Launcher"="c:\program files (x86)\Adobe\Acrobat 9.0\Acrobat\Acrobat_sl.exe" [2011-01-31 38840]
    "Acrobat Assistant 8.0"="c:\program files (x86)\Adobe\Acrobat 9.0\Acrobat\Acrotray.exe" [2010-09-22 640440]
    "Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2010-09-21 932288]
    "PDVDDXSrv"="c:\program files (x86)\CyberLink\PowerDVD DX\PDVDDXSrv.exe" [2009-12-29 140520]
    "DellBtrEvent"="d:\program files (x86)\Dell\Reader 2.1\DellBtrEvent.exe" [2010-05-04 147456]
    "AgentUiRunKey"="c:\program files (x86)\Iron Mountain\Connected BackupPC\Agent.exe" [2011-05-03 239104]
    "ccApp"="c:\program files (x86)\Common Files\Symantec Shared\ccApp.exe" [2010-04-01 115560]
    "Communicator"="c:\program files (x86)\Microsoft Office Communicator\communicator.exe" [2011-06-03 5150560]
    "SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe" [2010-05-14 248552]
    "VirtualCloneDrive"="c:\program files (x86)\Elaborate Bytes\VirtualCloneDrive\VCDDaemon.exe" [2011-03-07 89456]
    "ToolboxFX"="c:\program files (x86)\HP\ToolboxFX\bin\HPTLBXFX.exe" [2010-10-25 58936]
    "HP Software Update"="c:\program files (x86)\Hp\HP Software Update\HPWuSchd2.exe" [2010-06-10 49208]
    "vmware-tray"="c:\program files (x86)\VMware\VMware Workstation\vmware-tray.exe" [2011-03-26 129648]
    "Copperhead"="c:\program files (x86)\Razer\Copperhead\razerhid.exe" [2005-11-25 155648]
    .
    c:\users\charles.lawton\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
    Dropbox.lnk - c:\users\charles.lawton\AppData\Roaming\Dropbox\bin\Dropbox.exe [2011-5-25 24176560]
    .
    c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
    Bluetooth.lnk - c:\program files\WIDCOMM\Bluetooth Software\BTTray.exe [N/A]
    Dell ControlPoint System Manager.lnk - c:\program files\Dell\Dell ControlPoint\System Manager\DCPSysMgr.exe [2010-2-8 1416560]
    TdmNotify.lnk - c:\program files\Wave Systems Corp\Trusted Drive Manager\TdmNotify.exe [2010-3-29 185192]
    vpngui.exe.lnk - c:\windows\Installer\{467D5E81-8349-4892-9E81-C3674ED8E451}\Icon09DB8A851.exe [2010-11-5 5120]
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
    "ConsentPromptBehaviorAdmin"= 0 (0x0)
    "ConsentPromptBehaviorUser"= 3 (0x3)
    "EnableLUA"= 0 (0x0)
    "EnableUIADesktopToggle"= 0 (0x0)
    "PromptOnSecureDesktop"= 0 (0x0)
    "SoftwareSASGeneration"= 3 (0x3)
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\explorer]
    "NoWelcomeScreen"= 1 (0x1)
    .
    [HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\drivers32]
    "aux"=wdmaud.drv
    .
    [HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
    Security Packages REG_MULTI_SZ kerberos msv1_0 schannel wdigest tspkg pku2u livessp
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\ccEvtMgr]
    @="Service"
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\ccSetMgr]
    @="Service"
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Symantec Antivirus]
    @="Service"
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]
    @="Driver"
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
    "DisableMonitoring"=dword:00000001
    .
    R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]
    R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]
    R3 BlackBox;BlackBox SR2; [x]
    R3 btwampfl;Bluetooth AMP USB Filter;c:\windows\system32\drivers\btwampfl.sys [x]
    R3 btwl2cap;Bluetooth L2CAP Service;c:\windows\system32\DRIVERS\btwl2cap.sys [x]
    R3 copperhd;Razer Copperhead Driver;c:\windows\system32\drivers\copperhd.sys [x]
    R3 DrvSnSht;DrvSnSht;c:\program files (x86)\R-Drive Image\DrvSnSht64.sys [2010-05-06 133584]
    R3 easytether;easytether;c:\windows\system32\DRIVERS\easytthr.sys [x]
    R3 HTCAND64;HTC Device Driver;c:\windows\system32\Drivers\ANDROIDUSB.sys [x]
    R3 LV_Tracker;LV_Tracker;c:\windows\system32\DRIVERS\LV_Tracker64.sys [x]
    R3 NETw5s64;Intel(R) Wireless WiFi Link 5000 Series Adapter Driver for Windows 7 - 64 Bit;c:\windows\system32\DRIVERS\NETw5s64.sys [x]
    R3 osppsvc;Office Software Protection Platform;c:\program files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE [2010-01-10 4925184]
    R3 R-ImageDisk;R-ImageDisk;c:\program files (x86)\R-Drive Image\R-ImageDisk64.sys [2010-03-03 186448]
    R3 rimspci;rimspci;c:\windows\system32\DRIVERS\rimspe64.sys [x]
    R3 rixdpcie;rixdpcie;c:\windows\system32\DRIVERS\rixdpe64.sys [x]
    R3 vwifimp;Microsoft Virtual WiFi Miniport Service;c:\windows\system32\DRIVERS\vwifimp.sys [x]
    R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe [x]
    S0 PxHlpa64;PxHlpa64;c:\windows\System32\Drivers\PxHlpa64.sys [x]
    S0 stdflt;Disk Filter Driver for Accelerometer;c:\windows\system32\DRIVERS\stdfltn.sys [x]
    S1 DVMIO;DVMIO;d:\program files (x86)\Dell\Reader 2.1\dvmio_x64.sys [2010-05-04 20624]
    S1 vwififlt;Virtual WiFi Filter Driver;c:\windows\system32\DRIVERS\vwififlt.sys [x]
    S2 AESTFilters;Andrea ST Filters Service;c:\program files\IDT\WDM\AESTSr64.exe [2009-03-03 89600]
    S2 AgentService;AgentService;c:\program files (x86)\Iron Mountain\Connected BackupPC\AgentService.exe [2011-05-03 7580576]
    S2 buttonsvc64;Dell ControlPoint Button Service;c:\program files\Dell\Dell ControlPoint\DCPButtonSvc.exe [2009-11-20 373024]
    S2 Credential Vault Host Control Service;Credential Vault Host Control Service;c:\program files\Broadcom Corporation\Broadcom USH Host Components\CV\bin\HostControlService.exe [2010-03-24 1039776]
    S2 Credential Vault Host Storage;Credential Vault Host Storage;c:\program files\Broadcom Corporation\Broadcom USH Host Components\CV\bin\HostStorageService.exe [2010-03-24 31136]
    S2 dcpsysmgrsvc;Dell ControlPoint System Manager;c:\program files\Dell\Dell ControlPoint\System Manager\DCPSysMgrSvc.exe [2010-02-08 515952]
    S2 DvmMDES;DeviceVM Meta Data Export Service;d:\program files (x86)\Dell\Reader 2.1\DVMExportService.exe [2010-05-04 327680]
    S2 HP LaserJet Service;HP LaserJet Service;c:\program files (x86)\HP\HPLaserJetService\HPLaserJetService.exe [2010-10-25 145920]
    S2 IAStorDataMgrSvc;Intel(R) Rapid Storage Technology;c:\program files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe [2010-03-04 13336]
    S2 InputDirector;Input Director Service;c:\program files (x86)\Input Director\IDWinService.exe [2010-02-01 36864]
    S2 InstallFilterService;FF Install Filter Service;c:\program files (x86)\STMicroelectronics\AccelerometerP11\InstallFilterService.exe [2010-01-10 60928]
    S2 pgsql-8.2;PostgreSQL Database Server 8.2;c:\program files (x86)\PostgreSQL\8.2\bin\pg_ctl.exe [2007-02-07 79324]
    S2 risdpcie;risdpcie;c:\windows\system32\DRIVERS\risdpe64.sys [x]
    S2 UNS;Intel(R) Management & Security Application User Notification Service;c:\program files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe [2010-05-06 2533400]
    S2 vmci;VMware vmci;c:\windows\system32\drivers\vmci.sys [x]
    S2 VMUSBArbService;VMware USB Arbitration Service;c:\program files (x86)\Common Files\VMware\USB\vmware-usbarbitrator.exe [2011-03-26 539248]
    S3 Acceler;Accelerometer Service;c:\windows\system32\DRIVERS\Accelern.sys [x]
    S3 cvusbdrv;Dell ControlVault;c:\windows\system32\Drivers\cvusbdrv.sys [x]
    S3 e1kexpress;Intel(R) PRO/1000 PCI Express Network Connection Driver K;c:\windows\system32\DRIVERS\e1k62x64.sys [x]
    S3 EraserUtilRebootDrv;EraserUtilRebootDrv;c:\program files (x86)\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [2011-07-28 136824]
    S3 HECIx64;Intel(R) Management Engine Interface;c:\windows\system32\DRIVERS\HECIx64.sys [x]
    S3 IDVistaService;Input Director Vista Service;c:\program files (x86)\Input Director\IDVistaService.exe [2009-02-08 13824]
    S3 Impcd;Impcd;c:\windows\system32\DRIVERS\Impcd.sys [x]
    S3 IntcDAud;Intel(R) Display Audio;c:\windows\system32\DRIVERS\IntcDAud.sys [x]
    S3 NETwNs64;___ Intel(R) Wireless WiFi Link 5000 Series Adapter Driver for Windows 7 - 64 Bit;c:\windows\system32\DRIVERS\NETwNs64.sys [x]
    S3 WSDPrintDevice;WSD Print Support via UMB;c:\windows\system32\DRIVERS\WSDPrint.sys [x]
    .
    .
    .
    --------- x86-64 -----------
    .
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt1]
    @="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}"
    [HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}]
    2011-02-18 05:12 97792 ----a-w- c:\users\charles.lawton\AppData\Roaming\Dropbox\bin\DropboxExt64.14.dll
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt2]
    @="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}"
    [HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}]
    2011-02-18 05:12 97792 ----a-w- c:\users\charles.lawton\AppData\Roaming\Dropbox\bin\DropboxExt64.14.dll
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt3]
    @="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}"
    [HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}]
    2011-02-18 05:12 97792 ----a-w- c:\users\charles.lawton\AppData\Roaming\Dropbox\bin\DropboxExt64.14.dll
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt4]
    @="{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}"
    [HKEY_CLASSES_ROOT\CLSID\{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}]
    2011-02-18 05:12 97792 ----a-w- c:\users\charles.lawton\AppData\Roaming\Dropbox\bin\DropboxExt64.14.dll
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\EnabledUnlockedFDEIconOverlay]
    @="{30D3C2AF-9709-4D05-9CF4-13335F3C1E4A}"
    [HKEY_CLASSES_ROOT\CLSID\{30D3C2AF-9709-4D05-9CF4-13335F3C1E4A}]
    2010-03-29 18:00 60784 ----a-w- c:\program files\Wave Systems Corp\Trusted Drive Manager\TdmIconOverlay.dll
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\UninitializedFdeIconOverlay]
    @="{CF08DA3E-C97D-4891-A66B-E39B28DD270F}"
    [HKEY_CLASSES_ROOT\CLSID\{CF08DA3E-C97D-4891-A66B-E39B28DD270F}]
    2010-03-29 18:00 60784 ----a-w- c:\program files\Wave Systems Corp\Trusted Drive Manager\TdmIconOverlay.dll
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "Apoint"="c:\program files\DellTPad\Apoint.exe" [2010-06-04 392048]
    "DellControlPoint"="c:\program files\Dell\Dell ControlPoint\Dell.ControlPoint.exe" [2009-11-02 657920]
    "USCService"="c:\program files\Dell\Dell ControlPoint\Security Manager\BcmDeviceAndTaskStatusService.exe" [2010-06-22 34232]
    "SysTrayApp"="c:\program files\IDT\WDM\sttray64.exe" [2010-07-22 487424]
    "IgfxTray"="c:\windows\system32\igfxtray.exe" [2010-07-28 161304]
    "HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2010-07-28 386584]
    "Persistence"="c:\windows\system32\igfxpers.exe" [2010-07-28 415256]
    "HP LaserJet Professional M1530 MFP Series Fax"="c:\program files (x86)\HP\Digital Imaging\Fax\Fax Driver 0.6 Base\hppfaxprintersrv.exe" [2010-08-24 3706424]
    "combofix"="c:\combofix\CF15352.3XE" [2009-07-14 344576]
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
    "LoadAppInit_DLLs"=0x0
    .
    ------- Supplementary Scan -------
    .
    uLocal Page = c:\windows\system32\blank.htm
    mLocal Page = c:\windows\system32\blank.htm
    LSP: c:\program files (x86)\VMware\VMware Workstation\vsocklib.dll
    TCP: DhcpNameServer = 144.48.95.6 144.48.95.22
    FF - ProfilePath - c:\users\charles.lawton\AppData\Roaming\Mozilla\Firefox\Profiles\ud55t7dg.default\
    FF - prefs.js: browser.startup.homepage - hxxp://otrs.css.glasshouse.com/csat/
    .
    - - - - ORPHANS REMOVED - - - -
    .
    Toolbar-Locked - (no file)
    SafeBoot-Symantec Antvirus
    Toolbar-Locked - (no file)
    .
    .
    .
    --------------------- LOCKED REGISTRY KEYS ---------------------
    .
    [HKEY_LOCAL_MACHINE\software\Wow6432Node\Microsoft\Office\Common\Smart Tag\Actions\{B7EFF951-E52F-45CC-9EF7-57124F2177CC}]
    @Denied: (A) (Everyone)
    "Solution"="{15727DE6-F92D-4E46-ACB4-0E2C58B31A18}"
    .
    [HKEY_LOCAL_MACHINE\software\Wow6432Node\Microsoft\Schema Library\ActionsPane3]
    @Denied: (A) (Everyone)
    .
    [HKEY_LOCAL_MACHINE\software\Wow6432Node\Microsoft\Schema Library\ActionsPane3\0]
    "Key"="ActionsPane3"
    "Location"="c:\\Program Files (x86)\\Common Files\\Microsoft Shared\\VSTO\\ActionsPane3.xsd"
    .
    [HKEY_LOCAL_MACHINE\system\ControlSet001\Control\PCW\Security]
    @Denied: (Full) (Everyone)
    .
    ------------------------ Other Running Processes ------------------------
    .
    c:\program files (x86)\Common Files\Symantec Shared\ccSvcHst.exe
    c:\program files (x86)\Cisco Systems\VPN Client\cvpnd.exe
    c:\program files (x86)\Avaya\Avaya one-X Communicator\QosServM.exe
    c:\program files (x86)\Input Director\InputDirectorSessionHelper.exe
    c:\program files (x86)\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
    c:\program files (x86)\PostgreSQL\8.2\bin\postgres.exe
    c:\program files (x86)\PostgreSQL\8.2\bin\postgres.exe
    c:\program files (x86)\PostgreSQL\8.2\bin\postgres.exe
    c:\program files (x86)\PostgreSQL\8.2\bin\postgres.exe
    c:\program files (x86)\Symantec\Symantec Endpoint Protection\Rtvscan.exe
    c:\windows\SysWOW64\vmnat.exe
    c:\program files (x86)\VMware\VMware Workstation\vmware-authd.exe
    c:\windows\SysWOW64\vmnetdhcp.exe
    c:\program files (x86)\Symantec\Symantec Endpoint Protection\ProtectionUtilSurrogate.exe
    c:\program files\Dell\Dell ControlPoint\System Manager\PanelHelper32.exe
    c:\program files (x86)\Razer\Copperhead\razerofa.exe
    c:\program files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
    .
    **************************************************************************
    .
    Completion time: 2011-08-31 12:26:53 - machine was rebooted
    ComboFix-quarantined-files.txt 2011-08-31 16:26
    .
    Pre-Run: 113,234,128,896 bytes free
    Post-Run: 113,610,264,576 bytes free
    .
    - - End Of File - - 86F809C77D1D5667CC2BF8FB4CC2C43B
     
  13. Bobbye

    Bobbye Helper on the Fringe Posts: 16,335   +36

    Do a search on the computer for the 3 files mentioned. See if they exists. You don't have to get into the firewall for this.
    ============================================
    Some of the malware is in the Java cache, so it needs to be emptied:
    1. . Click Start > Control Panel.
    2. . Double-click the Java icon [​IMG] in the Control Panel.
    3. . Click Settings under Temporary Internet Files.
      http://www.java.com/en/img/download/5000020303.jpg[/b]
      There are three options on this window to clear the cache.(Version dependent)
      [o]. Delete Files
      [o]. View Applications
      [o]. View Applets
      [*]. Click OK on Delete Temporary Files window.
      Note: This deletes all the Downloaded Applications and Applets from the cache.
      [*]. Click OK on Temporary Files Settings window. [/list]
      ==============================================
      Please download [url=http://oldtimer.geekstogo.com/OTM.exe][b][color=blue]OTMovit by Old Timer[/b][/color][/url] and save to your desktop.
      [list]
      [*] Double-click [b]OTMoveIt3.exe[/b] to run it. (Vista users, please right click on [b]OTMoveit3.exe[/b] and select "Run as an [b]Administrator[/b]")
      [*][b]Copy the file paths below to the clipboard[/b] by highlighting [b]ALL[/b] of them and [b]pressing CTRL + C[/b] (or, after highlighting, right-click and choose [b]Copy[/b]):
      [CODE]
      :Files
      C:\Users\charles.lawton\AppData\Local\Temp\DWH14F6.tmp

      :Commands
      [purity]
      [emptytemp]
      [start explorer]
      [Reboot][/CODE]
      [*] Return to OTMoveIt3, right click in the [b]"Paste Instructions for Items to be Moved"[/b] window and choose [b]Paste[/b].
      [*]Click the red [b]Moveit![/b] button.
      [*]A log of files and folders moved will be created in the [b]c:\_OTMoveIt\MovedFiles[/b] folder in the form of Date and Time ([b]mmddyyyy_hhmmss.log[/b]). Please open this log in Notepad and post its contents in your next reply.
      [*]Close [b]OTMoveIt3[/b]
      [/list]If a file or folder cannot be moved immediately you may be asked to reboot the machine to finish the move process. If you are asked to reboot the machine choose [b]Yes.[/b]
      ===========================================
      [b]Please run this Custom CFScript:
      [list]
      [1]. Close any open browsers.
      [2]. Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.
      [3]. Open notepad> click on Format> Uncheck 'Word Wrap'> and copy/paste the text in the code below into it:Be sure to scroll down to include ALL lines.[/b][/list]
      [code]
      File::
      DDS::
      DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_21-windows-i586.cab
      DPF: {CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_21-windows-i586.cab
      DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_21-windows-i586.cab
      Registry::
      [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
      "DisableMonitoring"=-
      [/code]
      Save this as CFScript.txt, in the same location as ComboFix.exe
      [img]http://img.photobucket.com/albums/v666/sUBs/CFScriptB-4.gif

      Referring to the picture above, drag CFScript into ComboFix.exe

      When finished, it will produce a log for you at C:\ComboFix.txt . Please paste in your next reply.
      ============================================
      Go to Start> Run> type in services.msc> enter> find Diagnostic Policy service (DPS) and doible click to open> Set Startu type to Automatic> Start the Service. Then Exit and reboot.
      ===========================================
      There is also the hidden images that we can't see but are giving a count when you try to get through our system. I don't know what they are, but would consider this:
      SubSystems: Windows = basesrv,1 winsrv:UserServerDllInitialization,3 consrv:ConServerDllInitialization,2 sxssrv,4
      Combofix removed c:\windows\system32\consrv.dll
     
  14. clawton8

    clawton8 TS Rookie Topic Starter Posts: 16

    Hello,
    Ok, I cleared out my java cache, ran OTMovit and CF script. The DSP service was already set to Automatic and it was already running.

    Don't quite know what you mean here..?

    OTM log...

    All processes killed
    ========== FILES ==========
    File/Folder C:\Users\charles.lawton\AppData\Local\Temp\DWH14F6.tmp not found.
    ========== COMMANDS ==========

    [EMPTYTEMP]

    User: Administrator
    ->Temp folder emptied: 0 bytes
    ->Temporary Internet Files folder emptied: 294871 bytes
    ->Java cache emptied: 0 bytes

    User: administrator.GLASSHOUSETECH
    ->Temp folder emptied: 0 bytes
    ->Temporary Internet Files folder emptied: 67 bytes

    User: All Users

    User: charles.lawton
    ->Temp folder emptied: 1392355 bytes
    ->Temporary Internet Files folder emptied: 114534172 bytes
    ->Java cache emptied: 1 bytes
    ->FireFox cache emptied: 98033666 bytes
    ->Flash cache emptied: 89928 bytes

    User: CHARLE~1~LAW
    ->Temp folder emptied: 0 bytes

    User: Default
    ->Temp folder emptied: 0 bytes
    ->Temporary Internet Files folder emptied: 67 bytes

    User: Default User
    ->Temp folder emptied: 0 bytes
    ->Temporary Internet Files folder emptied: 0 bytes

    User: postgres
    ->Temp folder emptied: 0 bytes
    ->Temporary Internet Files folder emptied: 67 bytes

    User: Public
    ->Temp folder emptied: 0 bytes

    User: user
    ->Temp folder emptied: 0 bytes
    ->Temporary Internet Files folder emptied: 14504707 bytes
    ->Java cache emptied: 0 bytes
    ->FireFox cache emptied: 3858188 bytes

    %systemdrive% .tmp files removed: 0 bytes
    %systemroot% .tmp files removed: 0 bytes
    %systemroot%\System32 .tmp files removed: 0 bytes
    %systemroot%\System32 (64bit) .tmp files removed: 0 bytes
    %systemroot%\System32\drivers .tmp files removed: 0 bytes
    Windows Temp folder emptied: 0 bytes
    %systemroot%\sysnative\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files folder emptied: 102931 bytes
    %systemroot%\sysnative\config\systemprofile\AppData\LocalLow\Sun\Java\Deployment folder emptied: 749 bytes
    RecycleBin emptied: 908576 bytes

    Total Files Cleaned = 223.00 mb


    OTM by OldTimer - Version 3.1.18.0 log created on 09012011_081449

    Files moved on Reboot...
    C:\Users\charles.lawton\AppData\Local\Temp\FXSAPIDebugLogFile.txt moved successfully.

    Registry entries deleted on Reboot...

    CF log...

    ComboFix 11-08-31.05 - charles.lawton 09/01/2011 8:27.2.4 - x64
    Microsoft Windows 7 Professional 6.1.7600.0.1252.1.1033.18.5942.3982 [GMT -4:00]
    Running from: c:\users\charles.lawton\Desktop\ComboFix.exe
    Command switches used :: c:\users\charles.lawton\Desktop\CFScript.txt
    AV: Symantec Endpoint Protection *Disabled/Updated* {88C95A36-8C3B-2F2C-1B8B-30FCCFDC4855}
    SP: Symantec Endpoint Protection *Disabled/Updated* {33A8BBD2-AA01-20A2-213B-0B8EB45B02E8}
    SP: Windows Defender *Disabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
    .
    .
    ((((((((((((((((((((((((( Files Created from 2011-08-01 to 2011-09-01 )))))))))))))))))))))))))))))))
    .
    .
    2011-09-01 12:32 . 2011-09-01 12:32 -------- d-----w- c:\users\user\AppData\Local\temp
    2011-09-01 12:32 . 2011-09-01 12:32 -------- d-----w- c:\users\postgres\AppData\Local\temp
    2011-09-01 12:32 . 2011-09-01 12:32 -------- d-----w- c:\users\Default\AppData\Local\temp
    2011-09-01 12:32 . 2011-09-01 12:32 -------- d-----w- c:\users\CHARLE~1~LAW\AppData\Local\temp
    2011-09-01 12:32 . 2011-09-01 12:32 -------- d-----w- c:\users\Administrator\AppData\Local\temp
    2011-09-01 12:32 . 2011-09-01 12:32 -------- d-----w- c:\users\administrator.GLASSHOUSETECH\AppData\Local\temp
    2011-09-01 12:14 . 2011-09-01 12:14 -------- d-----w- C:\_OTM
    2011-08-31 16:42 . 2011-08-31 16:42 -------- d-----w- c:\program files (x86)\Common Files\Java
    2011-08-31 16:42 . 2011-08-31 16:42 476904 ----a-w- c:\program files (x86)\Mozilla Firefox\plugins\npdeployJava1.dll
    2011-08-31 12:37 . 2011-08-31 12:37 -------- d-----w- c:\windows\system32\SPReview
    2011-08-31 12:36 . 2011-08-31 12:36 -------- d-----w- c:\windows\system32\EventProviders
    2011-08-30 13:47 . 2011-08-30 13:48 35712 ----a-w- c:\windows\SysWow64\drivers\BlackBox.sys
    2011-08-30 12:25 . 2011-08-30 12:25 -------- d-----w- c:\program files (x86)\ESET
    2011-08-29 20:01 . 2011-09-01 12:18 -------- d-----w- c:\windows\SysWow64\config\systemprofile\vmware-SYSTEM
    2011-08-29 19:50 . 2011-08-29 19:50 -------- d-----w- c:\users\charles.lawton\AppData\Roaming\Malwarebytes
    2011-08-29 19:50 . 2011-08-29 19:50 -------- d-----w- c:\programdata\Malwarebytes
    2011-08-29 19:50 . 2011-07-06 23:52 41272 ----a-w- c:\windows\SysWow64\drivers\mbamswissarmy.sys
    2011-08-29 19:50 . 2011-08-29 19:50 -------- d-----w- c:\program files (x86)\Malwarebytes' Anti-Malware
    2011-08-29 19:50 . 2011-07-06 23:52 25912 ----a-w- c:\windows\system32\drivers\mbam.sys
    2011-08-26 20:47 . 2011-08-26 20:47 -------- d-----w- c:\program files (x86)\R-Drive Image
    2011-08-26 19:42 . 2011-08-26 19:42 -------- d-----w- c:\program files (x86)\ID
    2011-08-24 12:25 . 2011-07-09 05:14 2048 ----a-w- c:\windows\system32\tzres.dll
    2011-08-24 12:25 . 2011-07-09 04:30 2048 ----a-w- c:\windows\SysWow64\tzres.dll
    2011-08-11 12:24 . 2011-07-16 05:04 6144 ---ha-w- c:\windows\system32\api-ms-win-security-base-l1-1-0.dll
    2011-08-10 13:32 . 2011-08-10 13:33 -------- d-----w- c:\program files\HP Toner Cartridge Authentication
    .
    .
    .
    (((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
    .
    2011-08-31 16:42 . 2010-10-19 10:26 472808 ----a-w- c:\windows\SysWow64\deployJava1.dll
    2011-08-31 13:19 . 2009-07-14 02:36 152064 ----a-w- c:\windows\SysWow64\msclmd.dll
    2011-08-31 13:19 . 2009-07-14 02:36 175104 ----a-w- c:\windows\system32\msclmd.dll
    2011-08-12 12:12 . 2011-05-24 12:35 404640 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl
    2011-07-18 20:33 . 2011-07-18 20:33 139320 ----a-w- c:\windows\system32\hpswu112.dll
    2011-07-18 20:33 . 2011-07-18 20:33 322104 ----a-w- c:\windows\system32\hpfwu112.dll
    2011-07-18 20:33 . 2011-07-18 20:33 2062392 ----a-w- c:\windows\system32\hpdmr112.dll
    2011-07-18 20:33 . 2011-07-18 20:33 286776 ----a-w- c:\windows\system32\hpddy112.dll
    2011-07-18 20:32 . 2011-07-18 20:32 138296 ----a-w- c:\windows\system32\hpcsu112.dll
    2011-07-16 04:32 . 2011-08-11 12:25 44032 ----a-w- c:\windows\apppatch\acwow64.dll
    2011-07-05 20:13 . 2010-11-23 21:16 249856 ------w- c:\windows\Setup1.exe
    2011-07-05 20:13 . 2010-11-23 21:16 73216 ----a-w- c:\windows\ST6UNST.EXE
    2011-06-11 02:56 . 2011-07-13 12:26 3134464 ----a-w- c:\windows\system32\win32k.sys
    .
    .
    ((((((((((((((((((((((((((((( SnapShot@2011-08-31_16.21.55 )))))))))))))))))))))))))))))))))))))))))
    .
    + 2010-10-19 10:30 . 2011-09-01 12:20 51938 c:\windows\system32\wdi\ShutdownPerformanceDiagnostics_SystemData.bin
    + 2009-07-14 05:10 . 2011-09-01 12:20 32308 c:\windows\system32\wdi\BootPerformanceDiagnostics_SystemData.bin
    - 2010-11-05 16:46 . 2011-08-31 16:19 16384 c:\windows\system32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
    + 2010-11-05 16:46 . 2011-09-01 12:17 16384 c:\windows\system32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
    - 2010-11-05 16:46 . 2011-08-31 16:19 32768 c:\windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
    + 2010-11-05 16:46 . 2011-09-01 12:17 32768 c:\windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
    + 2009-07-14 04:54 . 2011-09-01 12:17 16384 c:\windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
    - 2009-07-14 04:54 . 2011-08-31 16:19 16384 c:\windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
    + 2010-11-19 20:23 . 2011-09-01 12:20 9808 c:\windows\system32\wdi\{86432a0b-3c7d-4ddf-a89c-172faa90485d}\S-1-5-21-57989841-920026266-725345543-2766_UserData.bin
    + 2011-09-01 12:17 . 2011-09-01 12:17 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive1.dat
    - 2011-08-31 16:19 . 2011-08-31 16:19 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive1.dat
    + 2011-09-01 12:17 . 2011-09-01 12:17 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat
    - 2011-08-31 16:19 . 2011-08-31 16:19 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat
    + 2011-08-31 16:42 . 2011-08-31 16:42 157472 c:\windows\SysWOW64\javaws.exe
    + 2011-08-31 16:42 . 2011-08-31 16:42 145184 c:\windows\SysWOW64\javaw.exe
    - 2011-03-04 20:28 . 2011-03-04 20:28 145184 c:\windows\SysWOW64\javaw.exe
    - 2011-03-04 20:28 . 2011-03-04 20:28 145184 c:\windows\SysWOW64\java.exe
    + 2011-08-31 16:42 . 2011-08-31 16:42 145184 c:\windows\SysWOW64\java.exe
    + 2010-11-05 20:24 . 2011-09-01 09:02 449022 c:\windows\system32\wdi\SuspendPerformanceDiagnostics_SystemData_S3.bin
    + 2009-07-14 02:36 . 2011-09-01 12:24 629766 c:\windows\system32\perfh009.dat
    - 2009-07-14 02:36 . 2011-08-31 13:39 629766 c:\windows\system32\perfh009.dat
    + 2009-07-14 02:36 . 2011-09-01 12:24 108576 c:\windows\system32\perfc009.dat
    - 2009-07-14 02:36 . 2011-08-31 13:39 108576 c:\windows\system32\perfc009.dat
    - 2009-07-14 05:01 . 2011-08-31 16:17 392040 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-System.dat
    + 2009-07-14 05:01 . 2011-09-01 12:15 392040 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-System.dat
    + 2011-08-31 16:42 . 2011-08-31 16:42 207360 c:\windows\Installer\dffe1.msi
    - 2011-04-01 16:12 . 2011-08-31 16:17 1564480 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-S-1-5-21-57989841-920026266-725345543-2766-12288.dat
    + 2011-04-01 16:12 . 2011-09-01 12:15 1564480 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-S-1-5-21-57989841-920026266-725345543-2766-12288.dat
    + 2011-08-31 16:41 . 2011-08-31 16:41 12866048 c:\windows\Installer\dffdb.msi
    .
    ((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
    .
    .
    *Note* empty entries & legit default entries are not shown
    REGEDIT4
    .
    [HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt1]
    @="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}"
    [HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}]
    2011-02-18 05:12 94208 ----a-w- c:\users\charles.lawton\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll
    .
    [HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt2]
    @="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}"
    [HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}]
    2011-02-18 05:12 94208 ----a-w- c:\users\charles.lawton\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll
    .
    [HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt3]
    @="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}"
    [HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}]
    2011-02-18 05:12 94208 ----a-w- c:\users\charles.lawton\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll
    .
    [HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt4]
    @="{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}"
    [HKEY_CLASSES_ROOT\CLSID\{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}]
    2011-02-18 05:12 94208 ----a-w- c:\users\charles.lawton\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll
    .
    [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "InputDirector"="c:\program files (x86)\Input Director\InputDirector.exe" [2010-02-01 475136]
    "OfficeSyncProcess"="c:\program files (x86)\Microsoft Office\Office14\MSOSYNC.EXE" [2010-03-16 718208]
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
    "IAStorIcon"="c:\program files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe" [2010-03-04 284696]
    "IMSS"="c:\program files (x86)\Intel\Intel(R) Management Engine Components\IMSS\PIconStartup.exe" [2010-05-06 112152]
    "Adobe Acrobat Speed Launcher"="c:\program files (x86)\Adobe\Acrobat 9.0\Acrobat\Acrobat_sl.exe" [2011-01-31 38840]
    "Acrobat Assistant 8.0"="c:\program files (x86)\Adobe\Acrobat 9.0\Acrobat\Acrotray.exe" [2010-09-22 640440]
    "Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2010-09-21 932288]
    "PDVDDXSrv"="c:\program files (x86)\CyberLink\PowerDVD DX\PDVDDXSrv.exe" [2009-12-29 140520]
    "DellBtrEvent"="d:\program files (x86)\Dell\Reader 2.1\DellBtrEvent.exe" [2010-05-04 147456]
    "AgentUiRunKey"="c:\program files (x86)\Iron Mountain\Connected BackupPC\Agent.exe" [2011-05-03 239104]
    "ccApp"="c:\program files (x86)\Common Files\Symantec Shared\ccApp.exe" [2010-04-01 115560]
    "Communicator"="c:\program files (x86)\Microsoft Office Communicator\communicator.exe" [2011-06-03 5150560]
    "VirtualCloneDrive"="c:\program files (x86)\Elaborate Bytes\VirtualCloneDrive\VCDDaemon.exe" [2011-03-07 89456]
    "ToolboxFX"="c:\program files (x86)\HP\ToolboxFX\bin\HPTLBXFX.exe" [2010-10-25 58936]
    "HP Software Update"="c:\program files (x86)\Hp\HP Software Update\HPWuSchd2.exe" [2010-06-10 49208]
    "vmware-tray"="c:\program files (x86)\VMware\VMware Workstation\vmware-tray.exe" [2011-03-26 129648]
    "Copperhead"="c:\program files (x86)\Razer\Copperhead\razerhid.exe" [2005-11-25 155648]
    "SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe" [2011-06-09 254696]
    .
    c:\users\charles.lawton\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
    Dropbox.lnk - c:\users\charles.lawton\AppData\Roaming\Dropbox\bin\Dropbox.exe [2011-5-25 24176560]
    .
    c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
    Bluetooth.lnk - c:\program files\WIDCOMM\Bluetooth Software\BTTray.exe [N/A]
    Dell ControlPoint System Manager.lnk - c:\program files\Dell\Dell ControlPoint\System Manager\DCPSysMgr.exe [2010-2-8 1416560]
    TdmNotify.lnk - c:\program files\Wave Systems Corp\Trusted Drive Manager\TdmNotify.exe [2010-3-29 185192]
    vpngui.exe.lnk - c:\windows\Installer\{467D5E81-8349-4892-9E81-C3674ED8E451}\Icon09DB8A851.exe [2010-11-5 5120]
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
    "ConsentPromptBehaviorAdmin"= 0 (0x0)
    "ConsentPromptBehaviorUser"= 3 (0x3)
    "EnableLUA"= 0 (0x0)
    "EnableUIADesktopToggle"= 0 (0x0)
    "PromptOnSecureDesktop"= 0 (0x0)
    "SoftwareSASGeneration"= 3 (0x3)
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\explorer]
    "NoWelcomeScreen"= 1 (0x1)
    .
    [HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\drivers32]
    "aux"=wdmaud.drv
    .
    [HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
    Security Packages REG_MULTI_SZ kerberos msv1_0 schannel wdigest tspkg pku2u livessp
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\ccEvtMgr]
    @="Service"
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\ccSetMgr]
    @="Service"
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Symantec Antivirus]
    @="Service"
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]
    @="Driver"
    .
    R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]
    R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]
    R2 InputDirector;Input Director Service;c:\program files (x86)\Input Director\IDWinService.exe [2010-02-01 36864]
    R3 BlackBox;BlackBox SR2; [x]
    R3 btwampfl;Bluetooth AMP USB Filter;c:\windows\system32\drivers\btwampfl.sys [x]
    R3 btwl2cap;Bluetooth L2CAP Service;c:\windows\system32\DRIVERS\btwl2cap.sys [x]
    R3 copperhd;Razer Copperhead Driver;c:\windows\system32\drivers\copperhd.sys [x]
    R3 DrvSnSht;DrvSnSht;c:\program files (x86)\R-Drive Image\DrvSnSht64.sys [2010-05-06 133584]
    R3 easytether;easytether;c:\windows\system32\DRIVERS\easytthr.sys [x]
    R3 HTCAND64;HTC Device Driver;c:\windows\system32\Drivers\ANDROIDUSB.sys [x]
    R3 IDVistaService;Input Director Vista Service;c:\program files (x86)\Input Director\IDVistaService.exe [2009-02-08 13824]
    R3 LV_Tracker;LV_Tracker;c:\windows\system32\DRIVERS\LV_Tracker64.sys [x]
    R3 NETw5s64;Intel(R) Wireless WiFi Link 5000 Series Adapter Driver for Windows 7 - 64 Bit;c:\windows\system32\DRIVERS\NETw5s64.sys [x]
    R3 osppsvc;Office Software Protection Platform;c:\program files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE [2010-01-10 4925184]
    R3 R-ImageDisk;R-ImageDisk;c:\program files (x86)\R-Drive Image\R-ImageDisk64.sys [2010-03-03 186448]
    R3 rimspci;rimspci;c:\windows\system32\DRIVERS\rimspe64.sys [x]
    R3 rixdpcie;rixdpcie;c:\windows\system32\DRIVERS\rixdpe64.sys [x]
    R3 vwifimp;Microsoft Virtual WiFi Miniport Service;c:\windows\system32\DRIVERS\vwifimp.sys [x]
    R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe [x]
    S0 PxHlpa64;PxHlpa64;c:\windows\System32\Drivers\PxHlpa64.sys [x]
    S0 stdflt;Disk Filter Driver for Accelerometer;c:\windows\system32\DRIVERS\stdfltn.sys [x]
    S1 DVMIO;DVMIO;d:\program files (x86)\Dell\Reader 2.1\dvmio_x64.sys [2010-05-04 20624]
    S1 vwififlt;Virtual WiFi Filter Driver;c:\windows\system32\DRIVERS\vwififlt.sys [x]
    S2 AESTFilters;Andrea ST Filters Service;c:\program files\IDT\WDM\AESTSr64.exe [2009-03-03 89600]
    S2 AgentService;AgentService;c:\program files (x86)\Iron Mountain\Connected BackupPC\AgentService.exe [2011-05-03 7580576]
    S2 buttonsvc64;Dell ControlPoint Button Service;c:\program files\Dell\Dell ControlPoint\DCPButtonSvc.exe [2009-11-20 373024]
    S2 Credential Vault Host Control Service;Credential Vault Host Control Service;c:\program files\Broadcom Corporation\Broadcom USH Host Components\CV\bin\HostControlService.exe [2010-03-24 1039776]
    S2 Credential Vault Host Storage;Credential Vault Host Storage;c:\program files\Broadcom Corporation\Broadcom USH Host Components\CV\bin\HostStorageService.exe [2010-03-24 31136]
    S2 dcpsysmgrsvc;Dell ControlPoint System Manager;c:\program files\Dell\Dell ControlPoint\System Manager\DCPSysMgrSvc.exe [2010-02-08 515952]
    S2 DvmMDES;DeviceVM Meta Data Export Service;d:\program files (x86)\Dell\Reader 2.1\DVMExportService.exe [2010-05-04 327680]
    S2 HP LaserJet Service;HP LaserJet Service;c:\program files (x86)\HP\HPLaserJetService\HPLaserJetService.exe [2010-10-25 145920]
    S2 IAStorDataMgrSvc;Intel(R) Rapid Storage Technology;c:\program files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe [2010-03-04 13336]
    S2 InstallFilterService;FF Install Filter Service;c:\program files (x86)\STMicroelectronics\AccelerometerP11\InstallFilterService.exe [2010-01-10 60928]
    S2 pgsql-8.2;PostgreSQL Database Server 8.2;c:\program files (x86)\PostgreSQL\8.2\bin\pg_ctl.exe [2007-02-07 79324]
    S2 risdpcie;risdpcie;c:\windows\system32\DRIVERS\risdpe64.sys [x]
    S2 UNS;Intel(R) Management & Security Application User Notification Service;c:\program files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe [2010-05-06 2533400]
    S2 vmci;VMware vmci;c:\windows\system32\drivers\vmci.sys [x]
    S2 VMUSBArbService;VMware USB Arbitration Service;c:\program files (x86)\Common Files\VMware\USB\vmware-usbarbitrator.exe [2011-03-26 539248]
    S3 Acceler;Accelerometer Service;c:\windows\system32\DRIVERS\Accelern.sys [x]
    S3 cvusbdrv;Dell ControlVault;c:\windows\system32\Drivers\cvusbdrv.sys [x]
    S3 e1kexpress;Intel(R) PRO/1000 PCI Express Network Connection Driver K;c:\windows\system32\DRIVERS\e1k62x64.sys [x]
    S3 EraserUtilRebootDrv;EraserUtilRebootDrv;c:\program files (x86)\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [2011-07-28 136824]
    S3 HECIx64;Intel(R) Management Engine Interface;c:\windows\system32\DRIVERS\HECIx64.sys [x]
    S3 Impcd;Impcd;c:\windows\system32\DRIVERS\Impcd.sys [x]
    S3 IntcDAud;Intel(R) Display Audio;c:\windows\system32\DRIVERS\IntcDAud.sys [x]
    S3 NETwNs64;___ Intel(R) Wireless WiFi Link 5000 Series Adapter Driver for Windows 7 - 64 Bit;c:\windows\system32\DRIVERS\NETwNs64.sys [x]
    S3 WSDPrintDevice;WSD Print Support via UMB;c:\windows\system32\DRIVERS\WSDPrint.sys [x]
    .
    .
    .
    --------- x86-64 -----------
    .
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt1]
    @="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}"
    [HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}]
    2011-02-18 05:12 97792 ----a-w- c:\users\charles.lawton\AppData\Roaming\Dropbox\bin\DropboxExt64.14.dll
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt2]
    @="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}"
    [HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}]
    2011-02-18 05:12 97792 ----a-w- c:\users\charles.lawton\AppData\Roaming\Dropbox\bin\DropboxExt64.14.dll
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt3]
    @="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}"
    [HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}]
    2011-02-18 05:12 97792 ----a-w- c:\users\charles.lawton\AppData\Roaming\Dropbox\bin\DropboxExt64.14.dll
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt4]
    @="{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}"
    [HKEY_CLASSES_ROOT\CLSID\{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}]
    2011-02-18 05:12 97792 ----a-w- c:\users\charles.lawton\AppData\Roaming\Dropbox\bin\DropboxExt64.14.dll
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\EnabledUnlockedFDEIconOverlay]
    @="{30D3C2AF-9709-4D05-9CF4-13335F3C1E4A}"
    [HKEY_CLASSES_ROOT\CLSID\{30D3C2AF-9709-4D05-9CF4-13335F3C1E4A}]
    2010-03-29 18:00 60784 ----a-w- c:\program files\Wave Systems Corp\Trusted Drive Manager\TdmIconOverlay.dll
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\UninitializedFdeIconOverlay]
    @="{CF08DA3E-C97D-4891-A66B-E39B28DD270F}"
    [HKEY_CLASSES_ROOT\CLSID\{CF08DA3E-C97D-4891-A66B-E39B28DD270F}]
    2010-03-29 18:00 60784 ----a-w- c:\program files\Wave Systems Corp\Trusted Drive Manager\TdmIconOverlay.dll
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "Apoint"="c:\program files\DellTPad\Apoint.exe" [2010-06-04 392048]
    "DellControlPoint"="c:\program files\Dell\Dell ControlPoint\Dell.ControlPoint.exe" [2009-11-02 657920]
    "USCService"="c:\program files\Dell\Dell ControlPoint\Security Manager\BcmDeviceAndTaskStatusService.exe" [2010-06-22 34232]
    "SysTrayApp"="c:\program files\IDT\WDM\sttray64.exe" [2010-07-22 487424]
    "IgfxTray"="c:\windows\system32\igfxtray.exe" [2010-07-28 161304]
    "HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2010-07-28 386584]
    "Persistence"="c:\windows\system32\igfxpers.exe" [2010-07-28 415256]
    "HP LaserJet Professional M1530 MFP Series Fax"="c:\program files (x86)\HP\Digital Imaging\Fax\Fax Driver 0.6 Base\hppfaxprintersrv.exe" [2010-08-24 3706424]
    .
    ------- Supplementary Scan -------
    .
    uLocal Page = c:\windows\system32\blank.htm
    mLocal Page = c:\windows\system32\blank.htm
    LSP: c:\program files (x86)\VMware\VMware Workstation\vsocklib.dll
    TCP: DhcpNameServer = 144.48.95.6 144.48.95.22
    FF - ProfilePath - c:\users\charles.lawton\AppData\Roaming\Mozilla\Firefox\Profiles\ud55t7dg.default\
    FF - prefs.js: browser.startup.homepage - hxxp://otrs.css.glasshouse.com/csat/
    .
    - - - - ORPHANS REMOVED - - - -
    .
    Toolbar-Locked - (no file)
    .
    .
    .
    --------------------- LOCKED REGISTRY KEYS ---------------------
    .
    [HKEY_LOCAL_MACHINE\software\Wow6432Node\Microsoft\Office\Common\Smart Tag\Actions\{B7EFF951-E52F-45CC-9EF7-57124F2177CC}]
    @Denied: (A) (Everyone)
    "Solution"="{15727DE6-F92D-4E46-ACB4-0E2C58B31A18}"
    .
    [HKEY_LOCAL_MACHINE\software\Wow6432Node\Microsoft\Schema Library\ActionsPane3]
    @Denied: (A) (Everyone)
    .
    [HKEY_LOCAL_MACHINE\software\Wow6432Node\Microsoft\Schema Library\ActionsPane3\0]
    "Key"="ActionsPane3"
    "Location"="c:\\Program Files (x86)\\Common Files\\Microsoft Shared\\VSTO\\ActionsPane3.xsd"
    .
    [HKEY_LOCAL_MACHINE\system\ControlSet001\Control\PCW\Security]
    @Denied: (Full) (Everyone)
    .
    Completion time: 2011-09-01 08:35:49
    ComboFix-quarantined-files.txt 2011-09-01 12:35
    .
    Pre-Run: 112,079,433,728 bytes free
    Post-Run: 111,595,294,720 bytes free
    .
    - - End Of File - - 1BC509C30ED950E8C309895ED68991BC
     
  15. clawton8

    clawton8 TS Rookie Topic Starter Posts: 16

    FYI, I don't seem to be having the re-direct on search results problem any more. My windows firewall is still jacked up and my system volume control is screwed up still as well. (can't adjust volume/X over tray icon, but am getting sound).

    A couple days ago, a "Windows is not genuine" message is now on my desktop. Which, as you know, this is a company labtop and should be 100% genuine.

    Aftermath of what ever I had?
     
  16. Bobbye

    Bobbye Helper on the Fringe Posts: 16,335   +36

    To check firewall Service:

    Please download sUBs' SvcQuery.exe and save to your desktop.
    • Double click the file to Open
    • A window will open. When prompted to provide a service name, type in the following:
      mpssvc
    • Press Enter
    • The tool will create a log. Please leave that in your next reply.

    For Sound: Go to the Control Panel> Sound and Audio Devices?? You can check the setting for Volume there.

    As for no WGA, let's check that:
    Please run the MGA Diagnostics tool
    • You will be prompted to either “Run” or “Save” the tool. Choose to “Run” the tool and follow the on-screen prompts.
    • You will receive an Internet Explorer-Security Warning dialog box for the Windows Genuine Advantage Diagnostic Tool>
    • You must choose to Run this tool when prompted.
    • Once you are presented with the Diagnostics tool choose Continue to run the diagnostic report.
    • If the RESOLVE button is available after running the diagnostics, please click RESOLVE to allow the diagnostic tool to attempt a repair.
    • After running the MGA Diagnostic tool, click on the Windows tab and then click on Copy
    • Please return to this thread and Paste the results here for review.
    ------------------------------------------
    The following may not apply to you personally since your work supplied to computer:
    This tool will is to look on the computer itself, in the documentation you received with the computer or with your retail purchase of Windows to see if you have a Certificate of Authenticity (COA). If you have one, tell us about the COA. Tell us:

    1. What edition of Windows XP is it for, Home, Pro, or Media Center, or another version of Windows?
    2. Does it read "OEM Software" or "OEM Product" in black lettering?
    3. Or, does it have the computer manufacturer's name in black lettering?
    4. DO NOT post the Product Key.

    NOTE: The data collected with the Genuine Diagnostics Tool does NOT contain any information that can personally identify you and can be fully reviewed, by you, before being posted.
     
  17. clawton8

    clawton8 TS Rookie Topic Starter Posts: 16

    Hi,

    I ran the svcquery but mpssvc was not found and, I don't see where it created the log.

    I ran the MGADIAG.exe, resolve button was not active (greyed out). I hit the copy button (to, I assume, copy the information it got) and got the following error.

    Failed to create output files, hr = 0x80070002. Please contact support.

    However.... when I did a paste in here, it has the information....

    Diagnostic Report (1.9.0027.0):
    -----------------------------------------
    Windows Validation Data-->

    Validation Code: 0x8004FE21
    Cached Online Validation Code: 0x0
    Windows Product Key: *****-*****-M3DJT-4J3WC-733WD
    Windows Product Key Hash: xo+ajVSpae7/4VoZjS7m6JL0f3A=
    Windows Product ID: 00371-OEM-8992671-00524
    Windows Product ID Type: 2
    Windows License Type: OEM SLP
    Windows OS version: 6.1.7600.2.00010100.0.0.048
    ID: {C2260C9B-09C8-4084-A1D1-A7ABC4832010}(3)
    Is Admin: Yes
    TestCab: 0x0
    LegitcheckControl ActiveX: N/A, hr = 0x80070002
    Signed By: N/A, hr = 0x80070002
    Product Name: Windows 7 Professional
    Architecture: 0x00000009
    Build lab: 7600.win7_gdr.110622-1503
    TTS Error:
    Validation Diagnostic:
    Resolution Status: N/A

    Vista WgaER Data-->
    ThreatID(s): N/A, hr = 0x80070002
    Version: N/A, hr = 0x80070002

    Windows XP Notifications Data-->
    Cached Result: N/A, hr = 0x80070002
    File Exists: No
    Version: N/A, hr = 0x80070002
    WgaTray.exe Signed By: N/A, hr = 0x80070002
    WgaLogon.dll Signed By: N/A, hr = 0x80070002

    OGA Notifications Data-->
    Cached Result: N/A, hr = 0x80070002
    Version: N/A, hr = 0x80070002
    OGAExec.exe Signed By: N/A, hr = 0x80070002
    OGAAddin.dll Signed By: N/A, hr = 0x80070002

    OGA Data-->
    Office Status: 109 N/A
    OGA Version: N/A, 0x80070002
    Signed By: N/A, hr = 0x80070002
    Office Diagnostics: 025D1FF3-364-80041010_025D1FF3-229-80041010_025D1FF3-230-1_025D1FF3-517-80040154_025D1FF3-237-80040154_025D1FF3-238-2_025D1FF3-244-80070002_025D1FF3-258-3

    Browser Data-->
    Proxy settings: N/A
    User Agent: Mozilla/4.0 (compatible; MSIE 8.0; Win32)
    Default Browser: C:\Program Files (x86)\Internet Explorer\iexplore.exe
    Download signed ActiveX controls: Prompt
    Download unsigned ActiveX controls: Disabled
    Run ActiveX controls and plug-ins: Allowed
    Initialize and script ActiveX controls not marked as safe: Disabled
    Allow scripting of Internet Explorer Webbrowser control: Disabled
    Active scripting: Allowed
    Script ActiveX controls marked as safe for scripting: Allowed

    File Scan Data-->

    Other data-->
    Office Details: <GenuineResults><MachineData><UGUID>{C2260C9B-09C8-4084-A1D1-A7ABC4832010}</UGUID><Version>1.9.0027.0</Version><OS>6.1.7600.2.00010100.0.0.048</OS><Architecture>x64</Architecture><PKey>*****-*****-*****-*****-733WD</PKey><PID>00371-OEM-8992671-00524</PID><PIDType>2</PIDType><SID>S-1-5-21-2461117910-443251094-762063991</SID><SYSTEM><Manufacturer>Dell Inc.</Manufacturer><Model>Latitude E6410</Model></SYSTEM><BIOS><Manufacturer>Dell Inc.</Manufacturer><Version>A06</Version><SMBIOSVersion major="2" minor="6"/><Date>20101120000000.000000+000</Date></BIOS><HWID>AC443907018400FC</HWID><UserLCID>0409</UserLCID><SystemLCID>0409</SystemLCID><TimeZone>Eastern Standard Time(GMT-05:00)</TimeZone><iJoin>1</iJoin><SBID><stat>3</stat><msppid></msppid><name></name><model></model></SBID><OEM><OEMID>DELL </OEMID><OEMTableID>E2 </OEMTableID></OEM><GANotification/></MachineData><Software><Office><Result>109</Result><Products/><Applications/></Office></Software></GenuineResults>

    Spsys.log Content: 0x80070002

    Licensing Data-->
    On a computer running Microsoft Windows non-core edition, run 'slui.exe 0x2a 0xC004F012' to display the error text.
    Error: 0xC004F012

    Windows Activation Technologies-->
    HrOffline: 0x8004FE21
    HrOnline: N/A
    HealthStatus: 0x000300000003EFF6
    Event Time Stamp: 8:18:2011 16:09
    ActiveX: Not Registered - 0x80070003
    Admin Service: Registered, Version: 7.1.7600.16395
    HealthStatus Bitmask Output:
    Tampered File: %systemroot%\system32\wat\watweb.dll
    Tampered File: %systemroot%\system32\wat\npwatweb.dll
    Tampered File: %systemroot%\system32\sppobjs.dll
    Tampered File: %systemroot%\system32\sppc.dll|sppc.dll.mui
    Tampered File: %systemroot%\system32\sppcext.dll|sppcext.dll.mui
    Tampered File: %systemroot%\system32\sppwinob.dll
    Tampered File: %systemroot%\system32\slc.dll|slc.dll.mui
    Tampered File: %systemroot%\system32\slcext.dll|slcext.dll.mui
    Tampered File: %systemroot%\system32\sppuinotify.dll|sppuinotify.dll.mui
    Tampered File: %systemroot%\system32\slui.exe|slui.exe.mui|COM Registration
    Tampered File: %systemroot%\system32\sppcomapi.dll|sppcomapi.dll.mui
    Tampered File: %systemroot%\system32\sppcommdlg.dll|sppcommdlg.dll.mui
    Tampered File: %systemroot%\system32\sppsvc.exe|sppsvc.exe.mui
    Tampered File: %systemroot%\system32\drivers\spsys.sys
    Tampered File: %systemroot%\system32\drivers\spldr.sys
    Tampered Service: sppsvc
    Tampered Service: sppuinotify


    HWID Data-->
    HWID Hash Current: OAAAAAIAAQABAAEAAgABAAAABQABAAEAonZaxU40fcJ0JISA8N7eiIyrUPiV0v5MjlJyir5BXF0=

    OEM Activation 1.0 Data-->
    N/A

    OEM Activation 2.0 Data-->
    BIOS valid for OA 2.0: yes
    Windows marker version: 0x20001
    OEMID and OEMTableID Consistent: yes
    BIOS Information:
    ACPI Table Name OEMID Value OEMTableID Value
    APIC DELL E2
    FACP DELL E2
    HPET DELL E2
    BOOT DELL E2
    MCFG A M I GMCH945.
    TCPA
    SLIC DELL E2
    SSDT PmRef CpuPm
     
  18. Bobbye

    Bobbye Helper on the Fringe Posts: 16,335   +36

    The DX Tool shows the following:
    The fact that the files do not appear in the 'File Scan' section as mismatched< could mean the problem is in the registry> these files are responsible for:
    1. Tampered Service: sppsvc>> Software Protection. This Windows service enables the download, installation and enforcement of digital licenses for Windows and Windows applications. If the service is disabled, the operating system and licensed applications may run in a notification mode. It is strongly recommended that you not disable the Software Protection service.
    2.Tampered Service: sppuinotify>>>Related to SPP Notification Service
    This service is started upon system boot, but shortly after, it stops if not used. Note: Located in \%WINDIR%\%System%\ Note: This service on Vista or Windows 7 - 64 bit operating system is launched by svchost.exe, but the actual application is what is listed as the filename.
    3. Tampered File: %systemroot%\system32\ sppobjs.dll>>> Software Protection Platform Plugins
    4. Tampered File: %systemroot%\system32\drivers\spldr.sys>>> Related to spldr.sys loader for security processor from Microsoft Corporation.
    5. Tampered File: %systemroot%\system32\slc.dll|slc.dll.mui>>> software licensing client

    The additional tampered files all fall within the same category>

    I don't know the source of the Tampering- the who or when. You can run the System File Checker and see if will will replace these files:
    SFC -System File Checker - Instructions
    • Click on the Start button
    • Type CMD.EXEin the Search box
    • do right click on the file that comes up> Select run as administrator
    • The Elevated Command Prompt window should pop up
    • At the Command prompt, type SFC /SCANNOW> enter
    • Wait for the scan to finish - make a note of any error messages - and then reboot.

    Run another MGADiag report, and post the results.
     
  19. clawton8

    clawton8 TS Rookie Topic Starter Posts: 16

    Hi,
    I ran the system scan and it did not find any thing.

    I'm not able to run a lot of system utility as I once had before this infection took place. I cannot access services, notepad, computer management; pretty much most of the administration tools. The icons are blank and when I double click, nothing happens.

    Is there any other scan I can run that may repair these, I'm assuming, broken links? Like, notepad still works (can open saved txt files and open new window from within) and so does my system.

    Thanks!
     
  20. Bobbye

    Bobbye Helper on the Fringe Posts: 16,335   +36

    Okay, let's see if we can regroup and route it out once more:

    It appears that you may be infected with the RootKit.ZeroAccess!. It has inserted it into the tcp/ip stack. and so on. Start with the following:
    • Download the file TDSSKiller.zip and save to the desktop.
      (If you are unable to download the file for some reason, then TDSS may be blocking it. You would then need to download it first to a clean computer and then transfer it to the infected one using an external drive or USB flash drive.)
    • Right-click the tdsskiller.zip file> Select Extract All into a folder on the infected (or potentially infected) PC.
    • Double click on TDSSKiller.exe. to run the scan
    • When the scan is over, the utility outputs a list of detected objects with description.
      The utility automatically selects an action (Cure or Delete) for malicious objects.
      The utility prompts the user to select an action to apply to suspicious objects (Skip, by default).
    • Select the action Quarantine to quarantine detected objects.
      The default quarantine folder is in the system disk root folder, e.g.: C:\TDSSKiller_Quarantine\23.07.2010_15.31.43
    • After clicking Next, the utility applies selected actions and outputs the result.
    • A reboot is required after disinfection.
    ==============================================
    Follow with download Of maxhandle.exe by noahdfear to your desktop.
    • Double click maxhandle.exeand run the application
    • An active internet connection is required so that maxhandle.exe may download a tool from SysInternals
    • If Max++ is present the log will open automatically.
    • If Max++ is not found Nothing found! is echoed to the screen - no log is produced.
    • Log is saved to c:\maxhandle.txt

    Please post both of the logs in your next reply.

    .
     
  21. clawton8

    clawton8 TS Rookie Topic Starter Posts: 16

    Hi,
    TDSSKiller did not find anything in the search and Maxhandle did not find any thing either.

    TDSSKiller log...

    2011/09/08 13:21:04.0991 6196 TDSS rootkit removing tool 2.5.20.0 Sep 7 2011 16:44:34
    2011/09/08 13:21:05.0320 6196 ================================================================================
    2011/09/08 13:21:05.0320 6196 SystemInfo:
    2011/09/08 13:21:05.0320 6196
    2011/09/08 13:21:05.0320 6196 OS Version: 6.1.7600 ServicePack: 0.0
    2011/09/08 13:21:05.0320 6196 Product type: Workstation
    2011/09/08 13:21:05.0320 6196 ComputerName: USLAP0518
    2011/09/08 13:21:05.0320 6196 UserName: charles.lawton
    2011/09/08 13:21:05.0320 6196 Windows directory: C:\Windows
    2011/09/08 13:21:05.0320 6196 System windows directory: C:\Windows
    2011/09/08 13:21:05.0320 6196 Running under WOW64
    2011/09/08 13:21:05.0320 6196 Processor architecture: Intel x64
    2011/09/08 13:21:05.0320 6196 Number of processors: 4
    2011/09/08 13:21:05.0320 6196 Page size: 0x1000
    2011/09/08 13:21:05.0320 6196 Boot type: Normal boot
    2011/09/08 13:21:05.0320 6196 ================================================================================
    2011/09/08 13:21:06.0057 6196 Initialize success
    2011/09/08 13:21:09.0810 6512 ================================================================================
    2011/09/08 13:21:09.0810 6512 Scan started
    2011/09/08 13:21:09.0811 6512 Mode: Manual;
    2011/09/08 13:21:09.0811 6512 ================================================================================
    2011/09/08 13:21:11.0634 6512 1394ohci (969c91060cbb5d17cb8440b5f78b4c51) C:\Windows\system32\drivers\1394ohci.sys
    2011/09/08 13:21:11.0753 6512 a2acc (0b8ed3de81ec30ad50873f033b34b39e) C:\PROGRAM FILES (X86)\EMSISOFT ANTI-MALWARE\a2accx64.sys
    2011/09/08 13:21:11.0830 6512 a2injectiondriver (f75ddc4047aa1ac85164445cba7601ef) C:\Program Files (x86)\Emsisoft Anti-Malware\a2dix64.sys
    2011/09/08 13:21:11.0886 6512 a2util (e41d79682a209f72f4f578cfd4a53952) C:\Program Files (x86)\Emsisoft Anti-Malware\a2util64.sys
    2011/09/08 13:21:11.0990 6512 Acceler (627371b2d48f64cecc4d019114fb140d) C:\Windows\system32\DRIVERS\Accelern.sys
    2011/09/08 13:21:12.0092 6512 ACPI (6f11e88748cdefd2f76aa215f97ddfe5) C:\Windows\system32\drivers\ACPI.sys
    2011/09/08 13:21:12.0159 6512 AcpiPmi (63b05a0420ce4bf0e4af6dcc7cada254) C:\Windows\system32\drivers\acpipmi.sys
    2011/09/08 13:21:12.0249 6512 adp94xx (2f6b34b83843f0c5118b63ac634f5bf4) C:\Windows\system32\DRIVERS\adp94xx.sys
    2011/09/08 13:21:12.0329 6512 adpahci (597f78224ee9224ea1a13d6350ced962) C:\Windows\system32\DRIVERS\adpahci.sys
    2011/09/08 13:21:12.0403 6512 adpu320 (e109549c90f62fb570b9540c4b148e54) C:\Windows\system32\DRIVERS\adpu320.sys
    2011/09/08 13:21:13.0118 6512 AFD (6ef20ddf3172e97d69f596fb90602f29) C:\Windows\system32\drivers\afd.sys
    2011/09/08 13:21:13.0232 6512 agp440 (608c14dba7299d8cb6ed035a68a15799) C:\Windows\system32\drivers\agp440.sys
    2011/09/08 13:21:13.0301 6512 aliide (5812713a477a3ad7363c7438ca2ee038) C:\Windows\system32\drivers\aliide.sys
    2011/09/08 13:21:13.0355 6512 amdide (1ff8b4431c353ce385c875f194924c0c) C:\Windows\system32\drivers\amdide.sys
    2011/09/08 13:21:13.0421 6512 AmdK8 (7024f087cff1833a806193ef9d22cda9) C:\Windows\system32\DRIVERS\amdk8.sys
    2011/09/08 13:21:13.0457 6512 AmdPPM (1e56388b3fe0d031c44144eb8c4d6217) C:\Windows\system32\DRIVERS\amdppm.sys
    2011/09/08 13:21:13.0506 6512 amdsata (ec7ebab00a4d8448bab68d1e49b4beb9) C:\Windows\system32\drivers\amdsata.sys
    2011/09/08 13:21:13.0559 6512 amdsbs (f67f933e79241ed32ff46a4f29b5120b) C:\Windows\system32\DRIVERS\amdsbs.sys
    2011/09/08 13:21:13.0612 6512 amdxata (db27766102c7bf7e95140a2aa81d042e) C:\Windows\system32\drivers\amdxata.sys
    2011/09/08 13:21:13.0683 6512 ApfiltrService (8655a2983a86d6675135b1ff6892055d) C:\Windows\system32\DRIVERS\Apfiltr.sys
    2011/09/08 13:21:13.0767 6512 AppID (42fd751b27fa0e9c69bb39f39e409594) C:\Windows\system32\drivers\appid.sys
    2011/09/08 13:21:13.0849 6512 arc (c484f8ceb1717c540242531db7845c4e) C:\Windows\system32\DRIVERS\arc.sys
    2011/09/08 13:21:13.0906 6512 arcsas (019af6924aefe7839f61c830227fe79c) C:\Windows\system32\DRIVERS\arcsas.sys
    2011/09/08 13:21:13.0974 6512 AsyncMac (769765ce2cc62867468cea93969b2242) C:\Windows\system32\DRIVERS\asyncmac.sys
    2011/09/08 13:21:14.0039 6512 atapi (02062c0b390b7729edc9e69c680a6f3c) C:\Windows\system32\drivers\atapi.sys
    2011/09/08 13:21:14.0110 6512 b06bdrv (3e5b191307609f7514148c6832bb0842) C:\Windows\system32\DRIVERS\bxvbda.sys
    2011/09/08 13:21:14.0157 6512 b57nd60a (b5ace6968304a3900eeb1ebfd9622df2) C:\Windows\system32\DRIVERS\b57nd60a.sys
    2011/09/08 13:21:14.0209 6512 Beep (16a47ce2decc9b099349a5f840654746) C:\Windows\system32\drivers\Beep.sys
    2011/09/08 13:21:14.0317 6512 blbdrive (61583ee3c3a17003c4acd0475646b4d3) C:\Windows\system32\DRIVERS\blbdrive.sys
    2011/09/08 13:21:14.0384 6512 bowser (19d20159708e152267e53b66677a4995) C:\Windows\system32\DRIVERS\bowser.sys
    2011/09/08 13:21:14.0402 6512 BrFiltLo (f09eee9edc320b5e1501f749fde686c8) C:\Windows\system32\DRIVERS\BrFiltLo.sys
    2011/09/08 13:21:14.0447 6512 BrFiltUp (b114d3098e9bdb8bea8b053685831be6) C:\Windows\system32\DRIVERS\BrFiltUp.sys
    2011/09/08 13:21:14.0490 6512 Brserid (43bea8d483bf1870f018e2d02e06a5bd) C:\Windows\System32\Drivers\Brserid.sys
    2011/09/08 13:21:14.0537 6512 BrSerWdm (a6eca2151b08a09caceca35c07f05b42) C:\Windows\System32\Drivers\BrSerWdm.sys
    2011/09/08 13:21:14.0569 6512 BrUsbMdm (b79968002c277e869cf38bd22cd61524) C:\Windows\System32\Drivers\BrUsbMdm.sys
    2011/09/08 13:21:14.0594 6512 BrUsbSer (a87528880231c54e75ea7a44943b38bf) C:\Windows\System32\Drivers\BrUsbSer.sys
    2011/09/08 13:21:14.0665 6512 BthEnum (cf98190a94f62e405c8cb255018b2315) C:\Windows\system32\drivers\BthEnum.sys
    2011/09/08 13:21:14.0710 6512 BTHMODEM (9da669f11d1f894ab4eb69bf546a42e8) C:\Windows\system32\DRIVERS\bthmodem.sys
    2011/09/08 13:21:14.0751 6512 BthPan (02dd601b708dd0667e1331fa8518e9ff) C:\Windows\system32\DRIVERS\bthpan.sys
    2011/09/08 13:21:14.0799 6512 BTHPORT (21084ceb85280468c9aca3c805c0f8cf) C:\Windows\System32\Drivers\BTHport.sys
    2011/09/08 13:21:14.0870 6512 BTHUSB (8504842634dd144c075b6b0c982ccec4) C:\Windows\System32\Drivers\BTHUSB.sys
    2011/09/08 13:21:14.0936 6512 btwampfl (2d19c44a9d0e175bc93d23c562a0aa01) C:\Windows\system32\drivers\btwampfl.sys
    2011/09/08 13:21:15.0073 6512 cdfs (b8bd2bb284668c84865658c77574381a) C:\Windows\system32\DRIVERS\cdfs.sys
    2011/09/08 13:21:15.0163 6512 cdrom (83d2d75e1efb81b3450c18131443f7db) C:\Windows\system32\drivers\cdrom.sys
    2011/09/08 13:21:15.0237 6512 circlass (d7cd5c4e1b71fa62050515314cfb52cf) C:\Windows\system32\DRIVERS\circlass.sys
    2011/09/08 13:21:15.0298 6512 CLFS (fe1ec06f2253f691fe36217c592a0206) C:\Windows\system32\CLFS.sys
    2011/09/08 13:21:15.0356 6512 CmBatt (0840155d0bddf1190f84a663c284bd33) C:\Windows\system32\DRIVERS\CmBatt.sys
    2011/09/08 13:21:15.0442 6512 cmdide (e19d3f095812725d88f9001985b94edd) C:\Windows\system32\drivers\cmdide.sys
    2011/09/08 13:21:15.0599 6512 CNG (f95fd4cb7da00ba2a63ce9f6b5c053e1) C:\Windows\system32\Drivers\cng.sys
    2011/09/08 13:21:15.0628 6512 Compbatt (102de219c3f61415f964c88e9085ad14) C:\Windows\system32\DRIVERS\compbatt.sys
    2011/09/08 13:21:15.0684 6512 CompositeBus (f26b3a86f6fa87ca360b879581ab4123) C:\Windows\system32\drivers\CompositeBus.sys
    2011/09/08 13:21:15.0775 6512 copperhd (71879a4ab90d21bccf9e3cfcf0bb5f4a) C:\Windows\system32\drivers\copperhd.sys
    2011/09/08 13:21:15.0801 6512 crcdisk (1c827878a998c18847245fe1f34ee597) C:\Windows\system32\DRIVERS\crcdisk.sys
    2011/09/08 13:21:15.0876 6512 CSC (4a6173c2279b498cd8f57cae504564cb) C:\Windows\system32\drivers\csc.sys
    2011/09/08 13:21:15.0929 6512 CVirtA (44bddeb03c84a1c993c992ffb5700357) C:\Windows\system32\DRIVERS\CVirtA64.sys
    2011/09/08 13:21:15.0987 6512 CVPNDRVA (cc8e52daa9826064ba464dbe531f2bb5) C:\Windows\system32\Drivers\CVPNDRVA.sys
    2011/09/08 13:21:16.0083 6512 cvusbdrv (a84caae89b487931200b969d94018afa) C:\Windows\system32\Drivers\cvusbdrv.sys
    2011/09/08 13:21:16.0150 6512 DfsC (9c253ce7311ca60fc11c774692a13208) C:\Windows\system32\Drivers\dfsc.sys
    2011/09/08 13:21:16.0195 6512 discache (13096b05847ec78f0977f2c0f79e9ab3) C:\Windows\system32\drivers\discache.sys
    2011/09/08 13:21:16.0237 6512 Disk (9819eee8b5ea3784ec4af3b137a5244c) C:\Windows\system32\DRIVERS\disk.sys
    2011/09/08 13:21:16.0294 6512 DNE (05cb5910b3ca6019fc3cca815ee06ffb) C:\Windows\system32\DRIVERS\dne64x.sys
    2011/09/08 13:21:16.0342 6512 drmkaud (9b19f34400d24df84c858a421c205754) C:\Windows\system32\drivers\drmkaud.sys
    2011/09/08 13:21:16.0432 6512 DrvSnSht (44109e0e323b02caf7bbef6c3ec6ee89) C:\Program Files (x86)\R-Drive Image\DrvSnSht64.sys
    2011/09/08 13:21:16.0613 6512 DVMIO (ad00375d9aba8db72d0e38129af0277a) D:\Program Files (x86)\Dell\Reader 2.1\dvmio_x64.sys
    2011/09/08 13:21:16.0784 6512 DXGKrnl (1633b9abf52784a1331476397a48cbef) C:\Windows\System32\drivers\dxgkrnl.sys
    2011/09/08 13:21:16.0893 6512 e1kexpress (60c5b36e07be8b3af3911c3d10303cfe) C:\Windows\system32\DRIVERS\e1k62x64.sys
    2011/09/08 13:21:17.0032 6512 ebdrv (dc5d737f51be844d8c82c695eb17372f) C:\Windows\system32\DRIVERS\evbda.sys
    2011/09/08 13:21:17.0212 6512 eeCtrl (5e3a50930447f464c66032e05a4632f5) C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\eeCtrl64.sys
    2011/09/08 13:21:17.0339 6512 ElbyCDIO (a05fc7eca0966ebb70e4d17b855a853b) C:\Windows\system32\Drivers\ElbyCDIO.sys
    2011/09/08 13:21:17.0441 6512 elxstor (0e5da5369a0fcaea12456dd852545184) C:\Windows\system32\DRIVERS\elxstor.sys
    2011/09/08 13:21:17.0573 6512 EraserUtilRebootDrv (dcb76ecc6b50a266fdc16e1963ab98ce) C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys
    2011/09/08 13:21:17.0657 6512 ErrDev (34a3c54752046e79a126e15c51db409b) C:\Windows\system32\drivers\errdev.sys
    2011/09/08 13:21:17.0732 6512 exfat (a510c654ec00c1e9bdd91eeb3a59823b) C:\Windows\system32\drivers\exfat.sys
    2011/09/08 13:21:17.0796 6512 fastfat (0adc83218b66a6db380c330836f3e36d) C:\Windows\system32\drivers\fastfat.sys
    2011/09/08 13:21:17.0844 6512 fdc (d765d19cd8ef61f650c384f62fac00ab) C:\Windows\system32\DRIVERS\fdc.sys
    2011/09/08 13:21:17.0970 6512 FileInfo (655661be46b5f5f3fd454e2c3095b930) C:\Windows\system32\drivers\fileinfo.sys
    2011/09/08 13:21:18.0057 6512 Filetrace (5f671ab5bc87eea04ec38a6cd5962a47) C:\Windows\system32\drivers\filetrace.sys
    2011/09/08 13:21:18.0121 6512 flpydisk (c172a0f53008eaeb8ea33fe10e177af5) C:\Windows\system32\DRIVERS\flpydisk.sys
    2011/09/08 13:21:18.0172 6512 FltMgr (f7866af72abbaf84b1fa5aa195378c59) C:\Windows\system32\drivers\fltmgr.sys
    2011/09/08 13:21:18.0234 6512 FsDepends (d43703496149971890703b4b1b723eac) C:\Windows\system32\drivers\FsDepends.sys
    2011/09/08 13:21:18.0318 6512 Fs_Rec (e95ef8547de20cf0603557c0cf7a9462) C:\Windows\system32\drivers\Fs_Rec.sys
    2011/09/08 13:21:18.0420 6512 fvevol (ae87ba80d0ec3b57126ed2cdc15b24ed) C:\Windows\system32\DRIVERS\fvevol.sys
    2011/09/08 13:21:18.0456 6512 gagp30kx (8c778d335c9d272cfd3298ab02abe3b6) C:\Windows\system32\DRIVERS\gagp30kx.sys
    2011/09/08 13:21:18.0569 6512 hcmon (d5fa01185a7d5a65724fd87b34e53f5b) C:\Windows\system32\drivers\hcmon.sys
    2011/09/08 13:21:18.0649 6512 hcw85cir (f2523ef6460fc42405b12248338ab2f0) C:\Windows\system32\drivers\hcw85cir.sys
    2011/09/08 13:21:18.0778 6512 HDAudBus (0a49913402747a0b67de940fb42cbdbb) C:\Windows\system32\drivers\HDAudBus.sys
    2011/09/08 13:21:18.0846 6512 HECIx64 (b6ac71aaa2b10848f57fc49d55a651af) C:\Windows\system32\DRIVERS\HECIx64.sys
    2011/09/08 13:21:18.0894 6512 HidBatt (78e86380454a7b10a5eb255dc44a355f) C:\Windows\system32\DRIVERS\HidBatt.sys
    2011/09/08 13:21:18.0942 6512 HidBth (7fd2a313f7afe5c4dab14798c48dd104) C:\Windows\system32\DRIVERS\hidbth.sys
    2011/09/08 13:21:19.0010 6512 HidIr (0a77d29f311b88cfae3b13f9c1a73825) C:\Windows\system32\DRIVERS\hidir.sys
    2011/09/08 13:21:19.0077 6512 HidUsb (b3bf6b5b50006def50b66306d99fcf6f) C:\Windows\system32\drivers\hidusb.sys
    2011/09/08 13:21:19.0150 6512 HpSAMD (0886d440058f203eba0e1825e4355914) C:\Windows\system32\drivers\HpSAMD.sys
    2011/09/08 13:21:19.0220 6512 HTCAND64 (81fc369485c12837de3d708b7c8fda7d) C:\Windows\system32\Drivers\ANDROIDUSB.sys
    2011/09/08 13:21:19.0293 6512 HTTP (cee049cac4efa7f4e1e4ad014414a5d4) C:\Windows\system32\drivers\HTTP.sys
    2011/09/08 13:21:19.0361 6512 hwpolicy (f17766a19145f111856378df337a5d79) C:\Windows\system32\drivers\hwpolicy.sys
    2011/09/08 13:21:19.0400 6512 i8042prt (fa55c73d4affa7ee23ac4be53b4592d3) C:\Windows\system32\drivers\i8042prt.sys
    2011/09/08 13:21:19.0492 6512 iaStor (abbf174cb394f5c437410a788b7e404a) C:\Windows\system32\DRIVERS\iaStor.sys
    2011/09/08 13:21:19.0580 6512 iaStorV (b75e45c564e944a2657167d197ab29da) C:\Windows\system32\drivers\iaStorV.sys
    2011/09/08 13:21:19.0866 6512 igfx (31569a2e836c12014148bf7342716946) C:\Windows\system32\DRIVERS\igdkmd64.sys
    2011/09/08 13:21:20.0061 6512 iirsp (5c18831c61933628f5bb0ea2675b9d21) C:\Windows\system32\DRIVERS\iirsp.sys
    2011/09/08 13:21:20.0100 6512 Impcd (dd587a55390ed2295bce6d36ad567da9) C:\Windows\system32\DRIVERS\Impcd.sys
    2011/09/08 13:21:20.0167 6512 IntcDAud (03c74719d48056a1078f3a51ceb76baa) C:\Windows\system32\DRIVERS\IntcDAud.sys
    2011/09/08 13:21:20.0234 6512 intelide (f00f20e70c6ec3aa366910083a0518aa) C:\Windows\system32\drivers\intelide.sys
    2011/09/08 13:21:20.0270 6512 intelppm (ada036632c664caa754079041cf1f8c1) C:\Windows\system32\DRIVERS\intelppm.sys
    2011/09/08 13:21:20.0295 6512 IpFilterDriver (722dd294df62483cecaae6e094b4d695) C:\Windows\system32\DRIVERS\ipfltdrv.sys
    2011/09/08 13:21:20.0390 6512 IPMIDRV (e2b4a4494db7cb9b89b55ca268c337c5) C:\Windows\system32\drivers\IPMIDrv.sys
    2011/09/08 13:21:20.0458 6512 IPNAT (af9b39a7e7b6caa203b3862582e9f2d0) C:\Windows\system32\drivers\ipnat.sys
    2011/09/08 13:21:20.0522 6512 IRENUM (3abf5e7213eb28966d55d58b515d5ce9) C:\Windows\system32\drivers\irenum.sys
    2011/09/08 13:21:20.0587 6512 isapnp (2f7b28dc3e1183e5eb418df55c204f38) C:\Windows\system32\drivers\isapnp.sys
    2011/09/08 13:21:20.0640 6512 iScsiPrt (fa4d2557de56d45b0a346f93564be6e1) C:\Windows\system32\drivers\msiscsi.sys
    2011/09/08 13:21:20.0696 6512 kbdclass (bc02336f1cba7dcc7d1213bb588a68a5) C:\Windows\system32\drivers\kbdclass.sys
    2011/09/08 13:21:20.0762 6512 kbdhid (6def98f8541e1b5dceb2c822a11f7323) C:\Windows\system32\drivers\kbdhid.sys
    2011/09/08 13:21:20.0806 6512 KSecDD (e8b6fcc9c83535c67f835d407620bd27) C:\Windows\system32\Drivers\ksecdd.sys
    2011/09/08 13:21:20.0836 6512 KSecPkg (a8c63880ef6f4d3fec7b616b9c060215) C:\Windows\system32\Drivers\ksecpkg.sys
    2011/09/08 13:21:20.0856 6512 ksthunk (6869281e78cb31a43e969f06b57347c4) C:\Windows\system32\drivers\ksthunk.sys
    2011/09/08 13:21:20.0924 6512 lltdio (1538831cf8ad2979a04c423779465827) C:\Windows\system32\DRIVERS\lltdio.sys
    2011/09/08 13:21:20.0983 6512 LSI_FC (1a93e54eb0ece102495a51266dcdb6a6) C:\Windows\system32\DRIVERS\lsi_fc.sys
    2011/09/08 13:21:21.0017 6512 LSI_SAS (1047184a9fdc8bdbff857175875ee810) C:\Windows\system32\DRIVERS\lsi_sas.sys
    2011/09/08 13:21:21.0070 6512 LSI_SAS2 (30f5c0de1ee8b5bc9306c1f0e4a75f93) C:\Windows\system32\DRIVERS\lsi_sas2.sys
    2011/09/08 13:21:21.0096 6512 LSI_SCSI (0504eacaff0d3c8aed161c4b0d369d4a) C:\Windows\system32\DRIVERS\lsi_scsi.sys
    2011/09/08 13:21:21.0136 6512 luafv (43d0f98e1d56ccddb0d5254cff7b356e) C:\Windows\system32\drivers\luafv.sys
    2011/09/08 13:21:21.0189 6512 LV_Tracker (1d12d4d0abc5bb00a5e8feb9a9601731) C:\Windows\system32\DRIVERS\LV_Tracker64.sys
    2011/09/08 13:21:21.0235 6512 megasas (a55805f747c6edb6a9080d7c633bd0f4) C:\Windows\system32\DRIVERS\megasas.sys
    2011/09/08 13:21:21.0288 6512 MegaSR (baf74ce0072480c3b6b7c13b2a94d6b3) C:\Windows\system32\DRIVERS\MegaSR.sys
    2011/09/08 13:21:21.0333 6512 Modem (800ba92f7010378b09f9ed9270f07137) C:\Windows\system32\drivers\modem.sys
    2011/09/08 13:21:21.0424 6512 monitor (b03d591dc7da45ece20b3b467e6aadaa) C:\Windows\system32\DRIVERS\monitor.sys
    2011/09/08 13:21:21.0475 6512 mouclass (7d27ea49f3c1f687d357e77a470aea99) C:\Windows\system32\drivers\mouclass.sys
    2011/09/08 13:21:21.0523 6512 mouhid (d3bf052c40b0c4166d9fd86a4288c1e6) C:\Windows\system32\DRIVERS\mouhid.sys
    2011/09/08 13:21:21.0551 6512 mountmgr (791af66c4d0e7c90a3646066386fb571) C:\Windows\system32\drivers\mountmgr.sys
    2011/09/08 13:21:21.0597 6512 mpio (609d1d87649ecc19796f4d76d4c15cea) C:\Windows\system32\drivers\mpio.sys
    2011/09/08 13:21:21.0656 6512 mpsdrv (6c38c9e45ae0ea2fa5e551f2ed5e978f) C:\Windows\system32\drivers\mpsdrv.sys
    2011/09/08 13:21:21.0734 6512 MRxDAV (30524261bb51d96d6fcbac20c810183c) C:\Windows\system32\drivers\mrxdav.sys
    2011/09/08 13:21:21.0824 6512 mrxsmb (040d62a9d8ad28922632137acdd984f2) C:\Windows\system32\DRIVERS\mrxsmb.sys
    2011/09/08 13:21:21.0943 6512 mrxsmb10 (f0067552f8f9b33d7c59403ab808a3cb) C:\Windows\system32\DRIVERS\mrxsmb10.sys
    2011/09/08 13:21:22.0223 6512 mrxsmb20 (3c142d31de9f2f193218a53fe2632051) C:\Windows\system32\DRIVERS\mrxsmb20.sys
    2011/09/08 13:21:22.0284 6512 msahci (bccf16d5fb1109162380e3e28dc9e4e5) C:\Windows\system32\drivers\msahci.sys
    2011/09/08 13:21:22.0325 6512 msdsm (8d27b597229aed79430fb9db3bcbfbd0) C:\Windows\system32\drivers\msdsm.sys
    2011/09/08 13:21:22.0375 6512 Msfs (aa3fb40e17ce1388fa1bedab50ea8f96) C:\Windows\system32\drivers\Msfs.sys
    2011/09/08 13:21:22.0399 6512 mshidkmdf (f9d215a46a8b9753f61767fa72a20326) C:\Windows\System32\drivers\mshidkmdf.sys
    2011/09/08 13:21:22.0471 6512 msisadrv (d916874bbd4f8b07bfb7fa9b3ccae29d) C:\Windows\system32\drivers\msisadrv.sys
    2011/09/08 13:21:22.0519 6512 MSKSSRV (49ccf2c4fea34ffad8b1b59d49439366) C:\Windows\system32\drivers\MSKSSRV.sys
    2011/09/08 13:21:22.0618 6512 MSPCLOCK (bdd71ace35a232104ddd349ee70e1ab3) C:\Windows\system32\drivers\MSPCLOCK.sys
    2011/09/08 13:21:22.0685 6512 MSPQM (4ed981241db27c3383d72092b618a1d0) C:\Windows\system32\drivers\MSPQM.sys
    2011/09/08 13:21:22.0767 6512 MsRPC (89cb141aa8616d8c6a4610fa26c60964) C:\Windows\system32\drivers\MsRPC.sys
    2011/09/08 13:21:22.0795 6512 mssmbios (0eed230e37515a0eaee3c2e1bc97b288) C:\Windows\system32\drivers\mssmbios.sys
    2011/09/08 13:21:22.0812 6512 MSTEE (2e66f9ecb30b4221a318c92ac2250779) C:\Windows\system32\drivers\MSTEE.sys
    2011/09/08 13:21:22.0844 6512 MTConfig (7ea404308934e675bffde8edf0757bcd) C:\Windows\system32\DRIVERS\MTConfig.sys
    2011/09/08 13:21:22.0886 6512 Mup (f9a18612fd3526fe473c1bda678d61c8) C:\Windows\system32\Drivers\mup.sys
    2011/09/08 13:21:22.0922 6512 NativeWifiP (1ea3749c4114db3e3161156ffffa6b33) C:\Windows\system32\DRIVERS\nwifi.sys
    2011/09/08 13:21:23.0705 6512 NAVENG (2dbe90210de76be6e1653bb20ec70ec2) C:\PROGRA~3\Symantec\DEFINI~1\VIRUSD~1\20110907.024\ENG64.SYS
    2011/09/08 13:21:23.0810 6512 NAVEX15 (346da70e203b8e2c850277713de8f71b) C:\PROGRA~3\Symantec\DEFINI~1\VIRUSD~1\20110907.024\EX64.SYS
    2011/09/08 13:21:23.0952 6512 NDIS (cad515dbd07d082bb317d9928ce8962c) C:\Windows\system32\drivers\ndis.sys
    2011/09/08 13:21:24.0007 6512 NdisCap (9f9a1f53aad7da4d6fef5bb73ab811ac) C:\Windows\system32\DRIVERS\ndiscap.sys
    2011/09/08 13:21:24.0052 6512 NdisTapi (30639c932d9fef22b31268fe25a1b6e5) C:\Windows\system32\DRIVERS\ndistapi.sys
    2011/09/08 13:21:24.0108 6512 Ndisuio (f105ba1e22bf1f2ee8f005d4305e4bec) C:\Windows\system32\DRIVERS\ndisuio.sys
    2011/09/08 13:21:24.0155 6512 NdisWan (557dfab9ca1fcb036ac77564c010dad3) C:\Windows\system32\DRIVERS\ndiswan.sys
    2011/09/08 13:21:24.0200 6512 NDProxy (659b74fb74b86228d6338d643cd3e3cf) C:\Windows\system32\drivers\NDProxy.sys
    2011/09/08 13:21:24.0282 6512 NetBIOS (86743d9f5d2b1048062b14b1d84501c4) C:\Windows\system32\DRIVERS\netbios.sys
    2011/09/08 13:21:24.0305 6512 NetBT (9162b273a44ab9dce5b44362731d062a) C:\Windows\system32\DRIVERS\netbt.sys
    2011/09/08 13:21:24.0511 6512 NETw5s64 (4d85a450edef10c38882182753a49aae) C:\Windows\system32\DRIVERS\NETw5s64.sys
    2011/09/08 13:21:24.0819 6512 NETwNs64 (eb43840babf5589e33186d094de7381d) C:\Windows\system32\DRIVERS\NETwNs64.sys
    2011/09/08 13:21:24.0981 6512 nfrd960 (77889813be4d166cdab78ddba990da92) C:\Windows\system32\DRIVERS\nfrd960.sys
    2011/09/08 13:21:25.0022 6512 Npfs (1e4c4ab5c9b8dd13179bbdc75a2a01f7) C:\Windows\system32\drivers\Npfs.sys
    2011/09/08 13:21:25.0042 6512 nsiproxy (e7f5ae18af4168178a642a9247c63001) C:\Windows\system32\drivers\nsiproxy.sys
    2011/09/08 13:21:25.0167 6512 Ntfs (378e0e0dfea67d98ae6ea53adbbd76bc) C:\Windows\system32\drivers\Ntfs.sys
    2011/09/08 13:21:25.0232 6512 Null (9899284589f75fa8724ff3d16aed75c1) C:\Windows\system32\drivers\Null.sys
    2011/09/08 13:21:25.0300 6512 nvraid (a4d9c9a608a97f59307c2f2600edc6a4) C:\Windows\system32\drivers\nvraid.sys
    2011/09/08 13:21:25.0366 6512 nvstor (6c1d5f70e7a6a3fd1c90d840edc048b9) C:\Windows\system32\drivers\nvstor.sys
    2011/09/08 13:21:25.0447 6512 nv_agp (270d7cd42d6e3979f6dd0146650f0e05) C:\Windows\system32\drivers\nv_agp.sys
    2011/09/08 13:21:25.0524 6512 ohci1394 (3589478e4b22ce21b41fa1bfc0b8b8a0) C:\Windows\system32\drivers\ohci1394.sys
    2011/09/08 13:21:25.0622 6512 Parport (0086431c29c35be1dbc43f52cc273887) C:\Windows\system32\DRIVERS\parport.sys
    2011/09/08 13:21:25.0672 6512 partmgr (7daa117143316c4a1537e074a5a9eaf0) C:\Windows\system32\drivers\partmgr.sys
    2011/09/08 13:21:25.0709 6512 PBADRV (363b3f857abee85767e01e3044c539cd) C:\Windows\system32\DRIVERS\PBADRV.sys
    2011/09/08 13:21:25.0753 6512 pci (f36f6504009f2fb0dfd1b17a116ad74b) C:\Windows\system32\drivers\pci.sys
    2011/09/08 13:21:25.0776 6512 pciide (b5b8b5ef2e5cb34df8dcf8831e3534fa) C:\Windows\system32\drivers\pciide.sys
    2011/09/08 13:21:25.0820 6512 pcmcia (b2e81d4e87ce48589f98cb8c05b01f2f) C:\Windows\system32\DRIVERS\pcmcia.sys
    2011/09/08 13:21:25.0863 6512 pcw (d6b9c2e1a11a3a4b26a182ffef18f603) C:\Windows\system32\drivers\pcw.sys
    2011/09/08 13:21:25.0896 6512 PEAUTH (68769c3356b3be5d1c732c97b9a80d6e) C:\Windows\system32\drivers\peauth.sys
    2011/09/08 13:21:26.0030 6512 PptpMiniport (27cc19e81ba5e3403c48302127bda717) C:\Windows\system32\DRIVERS\raspptp.sys
    2011/09/08 13:21:26.0085 6512 Processor (0d922e23c041efb1c3fac2a6f943c9bf) C:\Windows\system32\DRIVERS\processr.sys
    2011/09/08 13:21:26.0152 6512 Psched (ee992183bd8eaefd9973f352e587a299) C:\Windows\system32\DRIVERS\pacer.sys
    2011/09/08 13:21:26.0206 6512 PxHlpa64 (4712cc14e720ecccc0aa16949d18aaf1) C:\Windows\system32\Drivers\PxHlpa64.sys
    2011/09/08 13:21:26.0269 6512 ql2300 (a53a15a11ebfd21077463ee2c7afeef0) C:\Windows\system32\DRIVERS\ql2300.sys
    2011/09/08 13:21:26.0336 6512 ql40xx (4f6d12b51de1aaeff7dc58c4d75423c8) C:\Windows\system32\DRIVERS\ql40xx.sys
    2011/09/08 13:21:26.0372 6512 QWAVEdrv (76707bb36430888d9ce9d705398adb6c) C:\Windows\system32\drivers\qwavedrv.sys
    2011/09/08 13:21:26.0482 6512 R-ImageDisk (057d4500b9cc974dd2bf2e9d28bd9adc) C:\Program Files (x86)\R-Drive Image\R-ImageDisk64.sys
    2011/09/08 13:21:26.0543 6512 RasAcd (5a0da8ad5762fa2d91678a8a01311704) C:\Windows\system32\DRIVERS\rasacd.sys
    2011/09/08 13:21:26.0606 6512 RasAgileVpn (7ecff9b22276b73f43a99a15a6094e90) C:\Windows\system32\DRIVERS\AgileVpn.sys
    2011/09/08 13:21:26.0652 6512 Rasl2tp (87a6e852a22991580d6d39adc4790463) C:\Windows\system32\DRIVERS\rasl2tp.sys
    2011/09/08 13:21:26.0694 6512 RasPppoe (855c9b1cd4756c5e9a2aa58a15f58c25) C:\Windows\system32\DRIVERS\raspppoe.sys
    2011/09/08 13:21:26.0757 6512 RasSstp (e8b1e447b008d07ff47d016c2b0eeecb) C:\Windows\system32\DRIVERS\rassstp.sys
    2011/09/08 13:21:26.0851 6512 rdbss (3bac8142102c15d59a87757c1d41dce5) C:\Windows\system32\DRIVERS\rdbss.sys
    2011/09/08 13:21:26.0875 6512 rdpbus (302da2a0539f2cf54d7c6cc30c1f2d8d) C:\Windows\system32\DRIVERS\rdpbus.sys
    2011/09/08 13:21:26.0915 6512 RDPCDD (cea6cc257fc9b7715f1c2b4849286d24) C:\Windows\system32\DRIVERS\RDPCDD.sys
    2011/09/08 13:21:26.0955 6512 RDPDR (9706b84dbabfc4b4ca46c5a82b14dfa3) C:\Windows\system32\drivers\rdpdr.sys
    2011/09/08 13:21:27.0018 6512 RDPENCDD (bb5971a4f00659529a5c44831af22365) C:\Windows\system32\drivers\rdpencdd.sys
    2011/09/08 13:21:27.0054 6512 RDPREFMP (216f3fa57533d98e1f74ded70113177a) C:\Windows\system32\drivers\rdprefmp.sys
    2011/09/08 13:21:27.0091 6512 RDPWD (8a3e6bea1c53ea6177fe2b6eba2c80d7) C:\Windows\system32\drivers\RDPWD.sys
    2011/09/08 13:21:27.0161 6512 rdyboost (634b9a2181d98f15941236886164ec8b) C:\Windows\system32\drivers\rdyboost.sys
    2011/09/08 13:21:27.0221 6512 RFCOMM (3dd798846e2c28102b922c56e71b7932) C:\Windows\system32\DRIVERS\rfcomm.sys
    2011/09/08 13:21:27.0298 6512 rimspci (3dca561aaf776aa2e356fb5b142aa5f8) C:\Windows\system32\DRIVERS\rimspe64.sys
    2011/09/08 13:21:27.0348 6512 risdpcie (91c2ae052652e7abd88155f11d667ed2) C:\Windows\system32\DRIVERS\risdpe64.sys
    2011/09/08 13:21:27.0379 6512 rixdpcie (a4579105a3c5b6290701ead0c153e07a) C:\Windows\system32\DRIVERS\rixdpe64.sys
    2011/09/08 13:21:27.0433 6512 rspndr (ddc86e4f8e7456261e637e3552e804ff) C:\Windows\system32\DRIVERS\rspndr.sys
    2011/09/08 13:21:27.0487 6512 s3cap (88af6e02ab19df7fd07ecdf9c91e9af6) C:\Windows\system32\drivers\vms3cap.sys
    2011/09/08 13:21:27.0530 6512 sbp2port (e3bbb89983daf5622c1d50cf49f28227) C:\Windows\system32\drivers\sbp2port.sys
    2011/09/08 13:21:27.0583 6512 scfilter (c94da20c7e3ba1dca269bc8460d98387) C:\Windows\system32\DRIVERS\scfilter.sys
    2011/09/08 13:21:27.0661 6512 secdrv (3ea8a16169c26afbeb544e0e48421186) C:\Windows\system32\drivers\secdrv.sys
    2011/09/08 13:21:27.0772 6512 Serenum (cb624c0035412af0debec78c41f5ca1b) C:\Windows\system32\DRIVERS\serenum.sys
    2011/09/08 13:21:27.0818 6512 Serial (c1d8e28b2c2adfaec4ba89e9fda69bd6) C:\Windows\system32\DRIVERS\serial.sys
    2011/09/08 13:21:27.0889 6512 sermouse (1c545a7d0691cc4a027396535691c3e3) C:\Windows\system32\DRIVERS\sermouse.sys
    2011/09/08 13:21:27.0971 6512 sffdisk (a554811bcd09279536440c964ae35bbf) C:\Windows\system32\drivers\sffdisk.sys
    2011/09/08 13:21:28.0016 6512 sffp_mmc (ff414f0baefeba59bc6c04b3db0b87bf) C:\Windows\system32\drivers\sffp_mmc.sys
    2011/09/08 13:21:28.0049 6512 sffp_sd (178298f767fe638c9fedcbdef58bb5e4) C:\Windows\system32\drivers\sffp_sd.sys
    2011/09/08 13:21:28.0077 6512 sfloppy (a9d601643a1647211a1ee2ec4e433ff4) C:\Windows\system32\DRIVERS\sfloppy.sys
    2011/09/08 13:21:28.0129 6512 SiSRaid2 (843caf1e5fde1ffd5ff768f23a51e2e1) C:\Windows\system32\DRIVERS\SiSRaid2.sys
    2011/09/08 13:21:28.0161 6512 SiSRaid4 (6a6c106d42e9ffff8b9fcb4f754f6da4) C:\Windows\system32\DRIVERS\sisraid4.sys
    2011/09/08 13:21:28.0211 6512 Smb (548260a7b8654e024dc30bf8a7c5baa4) C:\Windows\system32\DRIVERS\smb.sys
    2011/09/08 13:21:28.0279 6512 spldr (b9e31e5cacdfe584f34f730a677803f9) C:\Windows\system32\drivers\spldr.sys
    2011/09/08 13:21:28.0329 6512 SRTSP (32900ac9cfdc578531279886ca16a4df) C:\Windows\system32\Drivers\SRTSP64.SYS
    2011/09/08 13:21:28.0358 6512 SRTSPL (8929566d1f14685fd78eaf25bee3ecc7) C:\Windows\system32\Drivers\SRTSPL64.SYS
    2011/09/08 13:21:28.0404 6512 SRTSPX (cb2fdf47ee67f8cca5362ed9b94fe955) C:\Windows\system32\Drivers\SRTSPX64.SYS
    2011/09/08 13:21:28.0469 6512 srv (2408c0366d96bcdf63e8f1c78e4a29c5) C:\Windows\system32\DRIVERS\srv.sys
    2011/09/08 13:21:28.0508 6512 srv2 (76548f7b818881b47d8d1ae1be9c11f8) C:\Windows\system32\DRIVERS\srv2.sys
    2011/09/08 13:21:28.0564 6512 srvnet (0af6e19d39c70844c5caa8fb0183c36e) C:\Windows\system32\DRIVERS\srvnet.sys
    2011/09/08 13:21:28.0617 6512 stdflt (c568fdb21ce77a44fd166f28f104ac46) C:\Windows\system32\DRIVERS\stdfltn.sys
    2011/09/08 13:21:28.0645 6512 stexstor (f3817967ed533d08327dc73bc4d5542a) C:\Windows\system32\DRIVERS\stexstor.sys
    2011/09/08 13:21:28.0718 6512 STHDA (da40d9c9ccb9836d6abd1706935a2277) C:\Windows\system32\DRIVERS\stwrt64.sys
    2011/09/08 13:21:28.0803 6512 StillCam (decacb6921ded1a38642642685d77dac) C:\Windows\system32\DRIVERS\serscan.sys
    2011/09/08 13:21:28.0880 6512 storflt (ffd7a6f15b14234b5b0e5d49e7961895) C:\Windows\system32\drivers\vmstorfl.sys
    2011/09/08 13:21:28.0932 6512 storvsc (8fccbefc5c440b3c23454656e551b09a) C:\Windows\system32\drivers\storvsc.sys
    2011/09/08 13:21:29.0003 6512 swenum (d01ec09b6711a5f8e7e6564a4d0fbc90) C:\Windows\system32\drivers\swenum.sys
    2011/09/08 13:21:29.0103 6512 SymEvent (7e4d281982e19abd06728c7ee9ac40a8) C:\Windows\system32\Drivers\SYMEVENT64x86.SYS
    2011/09/08 13:21:29.0216 6512 Tcpip (b9d87c7707f058ac652a398cd28de14b) C:\Windows\system32\drivers\tcpip.sys
    2011/09/08 13:21:29.0316 6512 TCPIP6 (b9d87c7707f058ac652a398cd28de14b) C:\Windows\system32\DRIVERS\tcpip.sys
    2011/09/08 13:21:29.0365 6512 tcpipreg (76d078af6f587b162d50210f761eb9ed) C:\Windows\system32\drivers\tcpipreg.sys
    2011/09/08 13:21:29.0428 6512 TDPIPE (3371d21011695b16333a3934340c4e7c) C:\Windows\system32\drivers\tdpipe.sys
    2011/09/08 13:21:29.0464 6512 TDTCP (e4245bda3190a582d55ed09e137401a9) C:\Windows\system32\drivers\tdtcp.sys
    2011/09/08 13:21:29.0493 6512 tdx (079125c4b17b01fcaeebce0bcb290c0f) C:\Windows\system32\DRIVERS\tdx.sys
    2011/09/08 13:21:29.0619 6512 TermDD (c448651339196c0e869a355171875522) C:\Windows\system32\drivers\termdd.sys
    2011/09/08 13:21:29.0674 6512 tssecsrv (61b96c26131e37b24e93327a0bd1fb95) C:\Windows\system32\DRIVERS\tssecsrv.sys
    2011/09/08 13:21:29.0731 6512 tunnel (3836171a2cdf3af8ef10856db9835a70) C:\Windows\system32\DRIVERS\tunnel.sys
    2011/09/08 13:21:29.0765 6512 uagp35 (b4dd609bd7e282bfc683cec7eaaaad67) C:\Windows\system32\DRIVERS\uagp35.sys
    2011/09/08 13:21:29.0806 6512 udfs (31ba4a33afab6a69ea092b18017f737f) C:\Windows\system32\DRIVERS\udfs.sys
    2011/09/08 13:21:29.0892 6512 uliagpkx (4bfe1bc28391222894cbf1e7d0e42320) C:\Windows\system32\drivers\uliagpkx.sys
    2011/09/08 13:21:29.0958 6512 umbus (eab6c35e62b1b0db0d1b48b671d3a117) C:\Windows\system32\drivers\umbus.sys
    2011/09/08 13:21:29.0998 6512 UmPass (b2e8e8cb557b156da5493bbddcc1474d) C:\Windows\system32\DRIVERS\umpass.sys
    2011/09/08 13:21:30.0075 6512 usbccgp (537a4e03d7103c12d42dfd8ffdb5bdc9) C:\Windows\system32\DRIVERS\usbccgp.sys
    2011/09/08 13:21:30.0115 6512 usbcir (af0892a803fdda7492f595368e3b68e7) C:\Windows\system32\drivers\usbcir.sys
    2011/09/08 13:21:30.0193 6512 usbehci (fbb21ebe49f6d560db37ac25fbc68e66) C:\Windows\system32\drivers\usbehci.sys
    2011/09/08 13:21:30.0266 6512 usbhub (6b7a8a99c4a459e73c286a6763ea24cc) C:\Windows\system32\DRIVERS\usbhub.sys
    2011/09/08 13:21:30.0326 6512 usbohci (8c88aa7617b4cbc2e4bed61d26b33a27) C:\Windows\system32\drivers\usbohci.sys
    2011/09/08 13:21:30.0377 6512 usbprint (73188f58fb384e75c4063d29413cee3d) C:\Windows\system32\DRIVERS\usbprint.sys
    2011/09/08 13:21:30.0414 6512 USBSTOR (f39983647bc1f3e6100778ddfe9dce29) C:\Windows\system32\drivers\USBSTOR.SYS
    2011/09/08 13:21:30.0466 6512 usbuhci (0b5b3b2df3fd1709618acfa50b8392b0) C:\Windows\system32\drivers\usbuhci.sys
    2011/09/08 13:21:30.0527 6512 VClone (fd911873c0bb6945fa38c16e9a2b58f9) C:\Windows\system32\DRIVERS\VClone.sys
    2011/09/08 13:21:30.0588 6512 vdrvroot (c5c876ccfc083ff3b128f933823e87bd) C:\Windows\system32\drivers\vdrvroot.sys
    2011/09/08 13:21:30.0607 6512 vga (da4da3f5e02943c2dc8c6ed875de68dd) C:\Windows\system32\DRIVERS\vgapnp.sys
    2011/09/08 13:21:30.0678 6512 VgaSave (53e92a310193cb3c03bea963de7d9cfc) C:\Windows\System32\drivers\vga.sys
    2011/09/08 13:21:30.0751 6512 vhdmp (c82e748660f62a242b2dfac1442f22a4) C:\Windows\system32\drivers\vhdmp.sys
    2011/09/08 13:21:30.0828 6512 viaide (e5689d93ffe4e5d66c0178761240dd54) C:\Windows\system32\drivers\viaide.sys
    2011/09/08 13:21:30.0885 6512 vmbus (1501699d7eda984abc4155a7da5738d1) C:\Windows\system32\drivers\vmbus.sys
    2011/09/08 13:21:30.0924 6512 VMBusHID (ae10c35761889e65a6f7176937c5592c) C:\Windows\system32\drivers\VMBusHID.sys
    2011/09/08 13:21:30.0990 6512 vmci (574906d355726f78df88e232bc1884a4) C:\Windows\system32\drivers\vmci.sys
    2011/09/08 13:21:31.0038 6512 vmkbd (ffc30caeeb2fc5fee8568cff74edeaed) C:\Windows\system32\drivers\VMkbd.sys
    2011/09/08 13:21:31.0088 6512 VMnetAdapter (9d54f1339e78c95bf3d9939ebcb66378) C:\Windows\system32\DRIVERS\vmnetadapter.sys
    2011/09/08 13:21:31.0140 6512 VMnetBridge (fb54ef3aa613d2832fd3812e7cb2fc75) C:\Windows\system32\DRIVERS\vmnetbridge.sys
    2011/09/08 13:21:31.0188 6512 VMnetuserif (4767d40764aa5aae75d2b37aa5659302) C:\Windows\system32\drivers\vmnetuserif.sys
    2011/09/08 13:21:31.0237 6512 VMparport (451389ac5ce42c4dc7529ef94d2a725f) C:\Windows\system32\drivers\VMparport.sys
    2011/09/08 13:21:31.0310 6512 vmx86 (7a973b264fe52c264c275e3975562930) C:\Windows\system32\drivers\vmx86.sys
    2011/09/08 13:21:31.0373 6512 volmgr (2b1a3dae2b4e70dbba822b7a03fbd4a3) C:\Windows\system32\drivers\volmgr.sys
    2011/09/08 13:21:31.0407 6512 volmgrx (99b0cbb569ca79acaed8c91461d765fb) C:\Windows\system32\drivers\volmgrx.sys
    2011/09/08 13:21:31.0443 6512 volsnap (58f82eed8ca24b461441f9c3e4f0bf5c) C:\Windows\system32\drivers\volsnap.sys
    2011/09/08 13:21:31.0488 6512 vsmraid (5e2016ea6ebaca03c04feac5f330d997) C:\Windows\system32\DRIVERS\vsmraid.sys
    2011/09/08 13:21:31.0615 6512 vstor2-ws60 (e61c910e2ddf4797c1b1f9239636e894) C:\Program Files (x86)\VMware\VMware Workstation\vstor2-ws60.sys
    2011/09/08 13:21:31.0664 6512 vwifibus (36d4720b72b5c5d9cb2b9c29e9df67a1) C:\Windows\system32\DRIVERS\vwifibus.sys
    2011/09/08 13:21:31.0707 6512 vwififlt (6a3d66263414ff0d6fa754c646612f3f) C:\Windows\system32\DRIVERS\vwififlt.sys
    2011/09/08 13:21:31.0788 6512 vwifimp (6a638fc4bfddc4d9b186c28c91bd1a01) C:\Windows\system32\DRIVERS\vwifimp.sys
    2011/09/08 13:21:31.0873 6512 WacomPen (4e9440f4f152a7b944cb1663d3935a3e) C:\Windows\system32\DRIVERS\wacompen.sys
    2011/09/08 13:21:31.0938 6512 WANARP (47ca49400643effd3f1c9a27e1d69324) C:\Windows\system32\DRIVERS\wanarp.sys
    2011/09/08 13:21:31.0971 6512 Wanarpv6 (47ca49400643effd3f1c9a27e1d69324) C:\Windows\system32\DRIVERS\wanarp.sys
    2011/09/08 13:21:32.0000 6512 Wd (72889e16ff12ba0f235467d6091b17dc) C:\Windows\system32\DRIVERS\wd.sys
    2011/09/08 13:21:32.0053 6512 Wdf01000 (441bd2d7b4f98134c3a4f9fa570fd250) C:\Windows\system32\drivers\Wdf01000.sys
    2011/09/08 13:21:32.0106 6512 WfpLwf (611b23304bf067451a9fdee01fbdd725) C:\Windows\system32\DRIVERS\wfplwf.sys
    2011/09/08 13:21:32.0160 6512 WIMMount (05ecaec3e4529a7153b3136ceb49f0ec) C:\Windows\system32\drivers\wimmount.sys
    2011/09/08 13:21:32.0257 6512 WinUsb (4d52c872018af7e18d078978dcc3f6f2) C:\Windows\system32\drivers\WinUSB.sys
    2011/09/08 13:21:32.0331 6512 WmiAcpi (f6ff8944478594d0e414d3f048f0d778) C:\Windows\system32\drivers\wmiacpi.sys
    2011/09/08 13:21:32.0379 6512 ws2ifsl (6bcc1d7d2fd2453957c5479a32364e52) C:\Windows\system32\drivers\ws2ifsl.sys
    2011/09/08 13:21:32.0449 6512 WSDPrintDevice (8d918b1db190a4d9b1753a66fa8c96e8) C:\Windows\system32\DRIVERS\WSDPrint.sys
    2011/09/08 13:21:32.0525 6512 WudfPf (c63907207b837a5c05cf6d1606aa0008) C:\Windows\system32\drivers\WudfPf.sys
    2011/09/08 13:21:32.0592 6512 WUDFRd (d885a873d733020f8b9b9ff4b1666158) C:\Windows\system32\drivers\WUDFRd.sys
    2011/09/08 13:21:32.0692 6512 MBR (0x1B8) (a36c5e4f47e84449ff07ed3517b43a31) \Device\Harddisk0\DR0
    2011/09/08 13:21:32.0716 6512 Boot (0x1200) (002e1f6f3e57fb2c274ca230b969119d) \Device\Harddisk0\DR0\Partition0
    2011/09/08 13:21:32.0728 6512 Boot (0x1200) (35c5449894a6f4a1677d3b93d41c9d3b) \Device\Harddisk0\DR0\Partition1
    2011/09/08 13:21:32.0760 6512 Boot (0x1200) (67c19717eb4c894df3a606244b0e2f70) \Device\Harddisk0\DR0\Partition2
    2011/09/08 13:21:32.0762 6512 ====================================================
     
  22. clawton8

    clawton8 TS Rookie Topic Starter Posts: 16

    ============================
    2011/09/08 13:21:32.0762 6512 Scan finished
    2011/09/08 13:21:32.0762 6512 ================================================================================
    2011/09/08 13:21:32.0767 5268 Detected object count: 0
    2011/09/08 13:21:32.0767 5268 Actual detected object count: 0
    2011/09/08 13:23:45.0557 7880 ================================================================================
    2011/09/08 13:23:45.0557 7880 Scan started
    2011/09/08 13:23:45.0557 7880 Mode: Manual;
    2011/09/08 13:23:45.0557 7880 ================================================================================
    2011/09/08 13:23:45.0895 7880 1394ohci (969c91060cbb5d17cb8440b5f78b4c51) C:\Windows\system32\drivers\1394ohci.sys
    2011/09/08 13:23:45.0981 7880 a2acc (0b8ed3de81ec30ad50873f033b34b39e) C:\PROGRAM FILES (X86)\EMSISOFT ANTI-MALWARE\a2accx64.sys
    2011/09/08 13:23:46.0041 7880 a2injectiondriver (f75ddc4047aa1ac85164445cba7601ef) C:\Program Files (x86)\Emsisoft Anti-Malware\a2dix64.sys
    2011/09/08 13:23:46.0081 7880 a2util (e41d79682a209f72f4f578cfd4a53952) C:\Program Files (x86)\Emsisoft Anti-Malware\a2util64.sys
    2011/09/08 13:23:46.0111 7880 Acceler (627371b2d48f64cecc4d019114fb140d) C:\Windows\system32\DRIVERS\Accelern.sys
    2011/09/08 13:23:46.0171 7880 ACPI (6f11e88748cdefd2f76aa215f97ddfe5) C:\Windows\system32\drivers\ACPI.sys
    2011/09/08 13:23:46.0222 7880 AcpiPmi (63b05a0420ce4bf0e4af6dcc7cada254) C:\Windows\system32\drivers\acpipmi.sys
    2011/09/08 13:23:46.0278 7880 adp94xx (2f6b34b83843f0c5118b63ac634f5bf4) C:\Windows\system32\DRIVERS\adp94xx.sys
    2011/09/08 13:23:46.0307 7880 adpahci (597f78224ee9224ea1a13d6350ced962) C:\Windows\system32\DRIVERS\adpahci.sys
    2011/09/08 13:23:46.0350 7880 adpu320 (e109549c90f62fb570b9540c4b148e54) C:\Windows\system32\DRIVERS\adpu320.sys
    2011/09/08 13:23:46.0413 7880 AFD (6ef20ddf3172e97d69f596fb90602f29) C:\Windows\system32\drivers\afd.sys
    2011/09/08 13:23:46.0495 7880 agp440 (608c14dba7299d8cb6ed035a68a15799) C:\Windows\system32\drivers\agp440.sys
    2011/09/08 13:23:46.0540 7880 aliide (5812713a477a3ad7363c7438ca2ee038) C:\Windows\system32\drivers\aliide.sys
    2011/09/08 13:23:46.0586 7880 amdide (1ff8b4431c353ce385c875f194924c0c) C:\Windows\system32\drivers\amdide.sys
    2011/09/08 13:23:46.0643 7880 AmdK8 (7024f087cff1833a806193ef9d22cda9) C:\Windows\system32\DRIVERS\amdk8.sys
    2011/09/08 13:23:46.0696 7880 AmdPPM (1e56388b3fe0d031c44144eb8c4d6217) C:\Windows\system32\DRIVERS\amdppm.sys
    2011/09/08 13:23:46.0762 7880 amdsata (ec7ebab00a4d8448bab68d1e49b4beb9) C:\Windows\system32\drivers\amdsata.sys
    2011/09/08 13:23:46.0814 7880 amdsbs (f67f933e79241ed32ff46a4f29b5120b) C:\Windows\system32\DRIVERS\amdsbs.sys
    2011/09/08 13:23:46.0842 7880 amdxata (db27766102c7bf7e95140a2aa81d042e) C:\Windows\system32\drivers\amdxata.sys
    2011/09/08 13:23:46.0889 7880 ApfiltrService (8655a2983a86d6675135b1ff6892055d) C:\Windows\system32\DRIVERS\Apfiltr.sys
    2011/09/08 13:23:46.0931 7880 AppID (42fd751b27fa0e9c69bb39f39e409594) C:\Windows\system32\drivers\appid.sys
    2011/09/08 13:23:46.0989 7880 arc (c484f8ceb1717c540242531db7845c4e) C:\Windows\system32\DRIVERS\arc.sys
    2011/09/08 13:23:47.0046 7880 arcsas (019af6924aefe7839f61c830227fe79c) C:\Windows\system32\DRIVERS\arcsas.sys
    2011/09/08 13:23:47.0072 7880 AsyncMac (769765ce2cc62867468cea93969b2242) C:\Windows\system32\DRIVERS\asyncmac.sys
    2011/09/08 13:23:47.0121 7880 atapi (02062c0b390b7729edc9e69c680a6f3c) C:\Windows\system32\drivers\atapi.sys
    2011/09/08 13:23:47.0185 7880 b06bdrv (3e5b191307609f7514148c6832bb0842) C:\Windows\system32\DRIVERS\bxvbda.sys
    2011/09/08 13:23:47.0223 7880 b57nd60a (b5ace6968304a3900eeb1ebfd9622df2) C:\Windows\system32\DRIVERS\b57nd60a.sys
    2011/09/08 13:23:47.0250 7880 Beep (16a47ce2decc9b099349a5f840654746) C:\Windows\system32\drivers\Beep.sys
    2011/09/08 13:23:47.0605 7880 blbdrive (61583ee3c3a17003c4acd0475646b4d3) C:\Windows\system32\DRIVERS\blbdrive.sys
    2011/09/08 13:23:47.0647 7880 bowser (19d20159708e152267e53b66677a4995) C:\Windows\system32\DRIVERS\bowser.sys
    2011/09/08 13:23:47.0666 7880 BrFiltLo (f09eee9edc320b5e1501f749fde686c8) C:\Windows\system32\DRIVERS\BrFiltLo.sys
    2011/09/08 13:23:47.0686 7880 BrFiltUp (b114d3098e9bdb8bea8b053685831be6) C:\Windows\system32\DRIVERS\BrFiltUp.sys
    2011/09/08 13:23:47.0718 7880 Brserid (43bea8d483bf1870f018e2d02e06a5bd) C:\Windows\System32\Drivers\Brserid.sys
    2011/09/08 13:23:47.0743 7880 BrSerWdm (a6eca2151b08a09caceca35c07f05b42) C:\Windows\System32\Drivers\BrSerWdm.sys
    2011/09/08 13:23:47.0775 7880 BrUsbMdm (b79968002c277e869cf38bd22cd61524) C:\Windows\System32\Drivers\BrUsbMdm.sys
    2011/09/08 13:23:47.0792 7880 BrUsbSer (a87528880231c54e75ea7a44943b38bf) C:\Windows\System32\Drivers\BrUsbSer.sys
    2011/09/08 13:23:47.0896 7880 BthEnum (cf98190a94f62e405c8cb255018b2315) C:\Windows\system32\drivers\BthEnum.sys
    2011/09/08 13:23:47.0944 7880 BTHMODEM (9da669f11d1f894ab4eb69bf546a42e8) C:\Windows\system32\DRIVERS\bthmodem.sys
    2011/09/08 13:23:47.0982 7880 BthPan (02dd601b708dd0667e1331fa8518e9ff) C:\Windows\system32\DRIVERS\bthpan.sys
    2011/09/08 13:23:48.0047 7880 BTHPORT (21084ceb85280468c9aca3c805c0f8cf) C:\Windows\System32\Drivers\BTHport.sys
    2011/09/08 13:23:48.0092 7880 BTHUSB (8504842634dd144c075b6b0c982ccec4) C:\Windows\System32\Drivers\BTHUSB.sys
    2011/09/08 13:23:48.0134 7880 btwampfl (2d19c44a9d0e175bc93d23c562a0aa01) C:\Windows\system32\drivers\btwampfl.sys
    2011/09/08 13:23:48.0237 7880 cdfs (b8bd2bb284668c84865658c77574381a) C:\Windows\system32\DRIVERS\cdfs.sys
    2011/09/08 13:23:48.0261 7880 cdrom (83d2d75e1efb81b3450c18131443f7db) C:\Windows\system32\drivers\cdrom.sys
    2011/09/08 13:23:48.0294 7880 circlass (d7cd5c4e1b71fa62050515314cfb52cf) C:\Windows\system32\DRIVERS\circlass.sys
    2011/09/08 13:23:48.0329 7880 CLFS (fe1ec06f2253f691fe36217c592a0206) C:\Windows\system32\CLFS.sys
    2011/09/08 13:23:48.0364 7880 CmBatt (0840155d0bddf1190f84a663c284bd33) C:\Windows\system32\DRIVERS\CmBatt.sys
    2011/09/08 13:23:48.0409 7880 cmdide (e19d3f095812725d88f9001985b94edd) C:\Windows\system32\drivers\cmdide.sys
    2011/09/08 13:23:48.0441 7880 CNG (f95fd4cb7da00ba2a63ce9f6b5c053e1) C:\Windows\system32\Drivers\cng.sys
    2011/09/08 13:23:48.0462 7880 Compbatt (102de219c3f61415f964c88e9085ad14) C:\Windows\system32\DRIVERS\compbatt.sys
    2011/09/08 13:23:48.0502 7880 CompositeBus (f26b3a86f6fa87ca360b879581ab4123) C:\Windows\system32\drivers\CompositeBus.sys
    2011/09/08 13:23:48.0560 7880 copperhd (71879a4ab90d21bccf9e3cfcf0bb5f4a) C:\Windows\system32\drivers\copperhd.sys
    2011/09/08 13:23:48.0586 7880 crcdisk (1c827878a998c18847245fe1f34ee597) C:\Windows\system32\DRIVERS\crcdisk.sys
    2011/09/08 13:23:48.0636 7880 CSC (4a6173c2279b498cd8f57cae504564cb) C:\Windows\system32\drivers\csc.sys
    2011/09/08 13:23:48.0673 7880 CVirtA (44bddeb03c84a1c993c992ffb5700357) C:\Windows\system32\DRIVERS\CVirtA64.sys
    2011/09/08 13:23:48.0722 7880 CVPNDRVA (cc8e52daa9826064ba464dbe531f2bb5) C:\Windows\system32\Drivers\CVPNDRVA.sys
    2011/09/08 13:23:48.0761 7880 cvusbdrv (a84caae89b487931200b969d94018afa) C:\Windows\system32\Drivers\cvusbdrv.sys
    2011/09/08 13:23:48.0820 7880 DfsC (9c253ce7311ca60fc11c774692a13208) C:\Windows\system32\Drivers\dfsc.sys
    2011/09/08 13:23:48.0848 7880 discache (13096b05847ec78f0977f2c0f79e9ab3) C:\Windows\system32\drivers\discache.sys
    2011/09/08 13:23:48.0865 7880 Disk (9819eee8b5ea3784ec4af3b137a5244c) C:\Windows\system32\DRIVERS\disk.sys
    2011/09/08 13:23:48.0898 7880 DNE (05cb5910b3ca6019fc3cca815ee06ffb) C:\Windows\system32\DRIVERS\dne64x.sys
    2011/09/08 13:23:48.0945 7880 drmkaud (9b19f34400d24df84c858a421c205754) C:\Windows\system32\drivers\drmkaud.sys
    2011/09/08 13:23:49.0044 7880 DrvSnSht (44109e0e323b02caf7bbef6c3ec6ee89) C:\Program Files (x86)\R-Drive Image\DrvSnSht64.sys
    2011/09/08 13:23:49.0112 7880 DVMIO (ad00375d9aba8db72d0e38129af0277a) D:\Program Files (x86)\Dell\Reader 2.1\dvmio_x64.sys
    2011/09/08 13:23:49.0198 7880 DXGKrnl (1633b9abf52784a1331476397a48cbef) C:\Windows\System32\drivers\dxgkrnl.sys
    2011/09/08 13:23:49.0240 7880 e1kexpress (60c5b36e07be8b3af3911c3d10303cfe) C:\Windows\system32\DRIVERS\e1k62x64.sys
    2011/09/08 13:23:49.0344 7880 ebdrv (dc5d737f51be844d8c82c695eb17372f) C:\Windows\system32\DRIVERS\evbda.sys
    2011/09/08 13:23:49.0436 7880 eeCtrl (5e3a50930447f464c66032e05a4632f5) C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\eeCtrl64.sys
    2011/09/08 13:23:49.0505 7880 ElbyCDIO (a05fc7eca0966ebb70e4d17b855a853b) C:\Windows\system32\Drivers\ElbyCDIO.sys
    2011/09/08 13:23:49.0548 7880 elxstor (0e5da5369a0fcaea12456dd852545184) C:\Windows\system32\DRIVERS\elxstor.sys
    2011/09/08 13:23:49.0591 7880 EraserUtilRebootDrv (dcb76ecc6b50a266fdc16e1963ab98ce) C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys
    2011/09/08 13:23:49.0642 7880 ErrDev (34a3c54752046e79a126e15c51db409b) C:\Windows\system32\drivers\errdev.sys
    2011/09/08 13:23:49.0700 7880 exfat (a510c654ec00c1e9bdd91eeb3a59823b) C:\Windows\system32\drivers\exfat.sys
    2011/09/08 13:23:49.0731 7880 fastfat (0adc83218b66a6db380c330836f3e36d) C:\Windows\system32\drivers\fastfat.sys
    2011/09/08 13:23:49.0755 7880 fdc (d765d19cd8ef61f650c384f62fac00ab) C:\Windows\system32\DRIVERS\fdc.sys
    2011/09/08 13:23:49.0824 7880 FileInfo (655661be46b5f5f3fd454e2c3095b930) C:\Windows\system32\drivers\fileinfo.sys
    2011/09/08 13:23:49.0879 7880 Filetrace (5f671ab5bc87eea04ec38a6cd5962a47) C:\Windows\system32\drivers\filetrace.sys
    2011/09/08 13:23:49.0908 7880 flpydisk (c172a0f53008eaeb8ea33fe10e177af5) C:\Windows\system32\DRIVERS\flpydisk.sys
    2011/09/08 13:23:49.0927 7880 FltMgr (f7866af72abbaf84b1fa5aa195378c59) C:\Windows\system32\drivers\fltmgr.sys
    2011/09/08 13:23:49.0963 7880 FsDepends (d43703496149971890703b4b1b723eac) C:\Windows\system32\drivers\FsDepends.sys
    2011/09/08 13:23:49.0982 7880 Fs_Rec (e95ef8547de20cf0603557c0cf7a9462) C:\Windows\system32\drivers\Fs_Rec.sys
    2011/09/08 13:23:50.0033 7880 fvevol (ae87ba80d0ec3b57126ed2cdc15b24ed) C:\Windows\system32\DRIVERS\fvevol.sys
    2011/09/08 13:23:50.0061 7880 gagp30kx (8c778d335c9d272cfd3298ab02abe3b6) C:\Windows\system32\DRIVERS\gagp30kx.sys
    2011/09/08 13:23:50.0108 7880 hcmon (d5fa01185a7d5a65724fd87b34e53f5b) C:\Windows\system32\drivers\hcmon.sys
    2011/09/08 13:23:50.0130 7880 hcw85cir (f2523ef6460fc42405b12248338ab2f0) C:\Windows\system32\drivers\hcw85cir.sys
    2011/09/08 13:23:50.0177 7880 HDAudBus (0a49913402747a0b67de940fb42cbdbb) C:\Windows\system32\drivers\HDAudBus.sys
    2011/09/08 13:23:50.0221 7880 HECIx64 (b6ac71aaa2b10848f57fc49d55a651af) C:\Windows\system32\DRIVERS\HECIx64.sys
    2011/09/08 13:23:50.0244 7880 HidBatt (78e86380454a7b10a5eb255dc44a355f) C:\Windows\system32\DRIVERS\HidBatt.sys
    2011/09/08 13:23:50.0275 7880 HidBth (7fd2a313f7afe5c4dab14798c48dd104) C:\Windows\system32\DRIVERS\hidbth.sys
    2011/09/08 13:23:50.0302 7880 HidIr (0a77d29f311b88cfae3b13f9c1a73825) C:\Windows\system32\DRIVERS\hidir.sys
    2011/09/08 13:23:50.0353 7880 HidUsb (b3bf6b5b50006def50b66306d99fcf6f) C:\Windows\system32\drivers\hidusb.sys
    2011/09/08 13:23:50.0384 7880 HpSAMD (0886d440058f203eba0e1825e4355914) C:\Windows\system32\drivers\HpSAMD.sys
    2011/09/08 13:23:50.0430 7880 HTCAND64 (81fc369485c12837de3d708b7c8fda7d) C:\Windows\system32\Drivers\ANDROIDUSB.sys
    2011/09/08 13:23:50.0466 7880 HTTP (cee049cac4efa7f4e1e4ad014414a5d4) C:\Windows\system32\drivers\HTTP.sys
    2011/09/08 13:23:50.0504 7880 hwpolicy (f17766a19145f111856378df337a5d79) C:\Windows\system32\drivers\hwpolicy.sys
    2011/09/08 13:23:50.0551 7880 i8042prt (fa55c73d4affa7ee23ac4be53b4592d3) C:\Windows\system32\drivers\i8042prt.sys
    2011/09/08 13:23:50.0611 7880 iaStor (abbf174cb394f5c437410a788b7e404a) C:\Windows\system32\DRIVERS\iaStor.sys
    2011/09/08 13:23:50.0698 7880 iaStorV (b75e45c564e944a2657167d197ab29da) C:\Windows\system32\drivers\iaStorV.sys
    2011/09/08 13:23:50.0946 7880 igfx (31569a2e836c12014148bf7342716946) C:\Windows\system32\DRIVERS\igdkmd64.sys
    2011/09/08 13:23:51.0015 7880 iirsp (5c18831c61933628f5bb0ea2675b9d21) C:\Windows\system32\DRIVERS\iirsp.sys
    2011/09/08 13:23:51.0054 7880 Impcd (dd587a55390ed2295bce6d36ad567da9) C:\Windows\system32\DRIVERS\Impcd.sys
    2011/09/08 13:23:51.0095 7880 IntcDAud (03c74719d48056a1078f3a51ceb76baa) C:\Windows\system32\DRIVERS\IntcDAud.sys
    2011/09/08 13:23:51.0122 7880 intelide (f00f20e70c6ec3aa366910083a0518aa) C:\Windows\system32\drivers\intelide.sys
    2011/09/08 13:23:51.0150 7880 intelppm (ada036632c664caa754079041cf1f8c1) C:\Windows\system32\DRIVERS\intelppm.sys
    2011/09/08 13:23:51.0183 7880 IpFilterDriver (722dd294df62483cecaae6e094b4d695) C:\Windows\system32\DRIVERS\ipfltdrv.sys
    2011/09/08 13:23:51.0213 7880 IPMIDRV (e2b4a4494db7cb9b89b55ca268c337c5) C:\Windows\system32\drivers\IPMIDrv.sys
    2011/09/08 13:23:51.0238 7880 IPNAT (af9b39a7e7b6caa203b3862582e9f2d0) C:\Windows\system32\drivers\ipnat.sys
    2011/09/08 13:23:51.0262 7880 IRENUM (3abf5e7213eb28966d55d58b515d5ce9) C:\Windows\system32\drivers\irenum.sys
    2011/09/08 13:23:51.0285 7880 isapnp (2f7b28dc3e1183e5eb418df55c204f38) C:\Windows\system32\drivers\isapnp.sys
    2011/09/08 13:23:51.0312 7880 iScsiPrt (fa4d2557de56d45b0a346f93564be6e1) C:\Windows\system32\drivers\msiscsi.sys
    2011/09/08 13:23:51.0336 7880 kbdclass (bc02336f1cba7dcc7d1213bb588a68a5) C:\Windows\system32\drivers\kbdclass.sys
    2011/09/08 13:23:51.0386 7880 kbdhid (6def98f8541e1b5dceb2c822a11f7323) C:\Windows\system32\drivers\kbdhid.sys
    2011/09/08 13:23:51.0421 7880 KSecDD (e8b6fcc9c83535c67f835d407620bd27) C:\Windows\system32\Drivers\ksecdd.sys
    2011/09/08 13:23:51.0459 7880 KSecPkg (a8c63880ef6f4d3fec7b616b9c060215) C:\Windows\system32\Drivers\ksecpkg.sys
    2011/09/08 13:23:51.0480 7880 ksthunk (6869281e78cb31a43e969f06b57347c4) C:\Windows\system32\drivers\ksthunk.sys
    2011/09/08 13:23:51.0515 7880 lltdio (1538831cf8ad2979a04c423779465827) C:\Windows\system32\DRIVERS\lltdio.sys
    2011/09/08 13:23:51.0549 7880 LSI_FC (1a93e54eb0ece102495a51266dcdb6a6) C:\Windows\system32\DRIVERS\lsi_fc.sys
    2011/09/08 13:23:51.0575 7880 LSI_SAS (1047184a9fdc8bdbff857175875ee810) C:\Windows\system32\DRIVERS\lsi_sas.sys
    2011/09/08 13:23:51.0603 7880 LSI_SAS2 (30f5c0de1ee8b5bc9306c1f0e4a75f93) C:\Windows\system32\DRIVERS\lsi_sas2.sys
    2011/09/08 13:23:51.0621 7880 LSI_SCSI (0504eacaff0d3c8aed161c4b0d369d4a) C:\Windows\system32\DRIVERS\lsi_scsi.sys
    2011/09/08 13:23:51.0644 7880 luafv (43d0f98e1d56ccddb0d5254cff7b356e) C:\Windows\system32\drivers\luafv.sys
    2011/09/08 13:23:51.0689 7880 LV_Tracker (1d12d4d0abc5bb00a5e8feb9a9601731) C:\Windows\system32\DRIVERS\LV_Tracker64.sys
    2011/09/08 13:23:51.0710 7880 megasas (a55805f747c6edb6a9080d7c633bd0f4) C:\Windows\system32\DRIVERS\megasas.sys
    2011/09/08 13:23:51.0738 7880 MegaSR (baf74ce0072480c3b6b7c13b2a94d6b3) C:\Windows\system32\DRIVERS\MegaSR.sys
    2011/09/08 13:23:51.0767 7880 Modem (800ba92f7010378b09f9ed9270f07137) C:\Windows\system32\drivers\modem.sys
    2011/09/08 13:23:51.0817 7880 monitor (b03d591dc7da45ece20b3b467e6aadaa) C:\Windows\system32\DRIVERS\monitor.sys
    2011/09/08 13:23:51.0868 7880 mouclass (7d27ea49f3c1f687d357e77a470aea99) C:\Windows\system32\drivers\mouclass.sys
    2011/09/08 13:23:51.0891 7880 mouhid (d3bf052c40b0c4166d9fd86a4288c1e6) C:\Windows\system32\DRIVERS\mouhid.sys
    2011/09/08 13:23:51.0911 7880 mountmgr (791af66c4d0e7c90a3646066386fb571) C:\Windows\system32\drivers\mountmgr.sys
    2011/09/08 13:23:51.0957 7880 mpio (609d1d87649ecc19796f4d76d4c15cea) C:\Windows\system32\drivers\mpio.sys
    2011/09/08 13:23:51.0999 7880 mpsdrv (6c38c9e45ae0ea2fa5e551f2ed5e978f) C:\Windows\system32\drivers\mpsdrv.sys
    2011/09/08 13:23:52.0028 7880 MRxDAV (30524261bb51d96d6fcbac20c810183c) C:\Windows\system32\drivers\mrxdav.sys
    2011/09/08 13:23:52.0076 7880 mrxsmb (040d62a9d8ad28922632137acdd984f2) C:\Windows\system32\DRIVERS\mrxsmb.sys
    2011/09/08 13:23:52.0136 7880 mrxsmb10 (f0067552f8f9b33d7c59403ab808a3cb) C:\Windows\system32\DRIVERS\mrxsmb10.sys
    2011/09/08 13:23:52.0170 7880 mrxsmb20 (3c142d31de9f2f193218a53fe2632051) C:\Windows\system32\DRIVERS\mrxsmb20.sys
    2011/09/08 13:23:52.0215 7880 msahci (bccf16d5fb1109162380e3e28dc9e4e5) C:\Windows\system32\drivers\msahci.sys
    2011/09/08 13:23:52.0248 7880 msdsm (8d27b597229aed79430fb9db3bcbfbd0) C:\Windows\system32\drivers\msdsm.sys
    2011/09/08 13:23:52.0281 7880 Msfs (aa3fb40e17ce1388fa1bedab50ea8f96) C:\Windows\system32\drivers\Msfs.sys
    2011/09/08 13:23:52.0305 7880 mshidkmdf (f9d215a46a8b9753f61767fa72a20326) C:\Windows\System32\drivers\mshidkmdf.sys
    2011/09/08 13:23:52.0327 7880 msisadrv (d916874bbd4f8b07bfb7fa9b3ccae29d) C:\Windows\system32\drivers\msisadrv.sys
    2011/09/08 13:23:52.0368 7880 MSKSSRV (49ccf2c4fea34ffad8b1b59d49439366) C:\Windows\system32\drivers\MSKSSRV.sys
    2011/09/08 13:23:52.0383 7880 MSPCLOCK (bdd71ace35a232104ddd349ee70e1ab3) C:\Windows\system32\drivers\MSPCLOCK.sys
    2011/09/08 13:23:52.0459 7880 MSPQM (4ed981241db27c3383d72092b618a1d0) C:\Windows\system32\drivers\MSPQM.sys
    2011/09/08 13:23:52.0493 7880 MsRPC (89cb141aa8616d8c6a4610fa26c60964) C:\Windows\system32\drivers\MsRPC.sys
    2011/09/08 13:23:52.0519 7880 mssmbios (0eed230e37515a0eaee3c2e1bc97b288) C:\Windows\system32\drivers\mssmbios.sys
    2011/09/08 13:23:52.0544 7880 MSTEE (2e66f9ecb30b4221a318c92ac2250779) C:\Windows\system32\drivers\MSTEE.sys
    2011/09/08 13:23:52.0568 7880 MTConfig (7ea404308934e675bffde8edf0757bcd) C:\Windows\system32\DRIVERS\MTConfig.sys
    2011/09/08 13:23:52.0586 7880 Mup (f9a18612fd3526fe473c1bda678d61c8) C:\Windows\system32\Drivers\mup.sys
    2011/09/08 13:23:52.0613 7880 NativeWifiP (1ea3749c4114db3e3161156ffffa6b33) C:\Windows\system32\DRIVERS\nwifi.sys
    2011/09/08 13:23:52.0738 7880 NAVENG (2dbe90210de76be6e1653bb20ec70ec2) C:\PROGRA~3\Symantec\DEFINI~1\VIRUSD~1\20110907.024\ENG64.SYS
    2011/09/08 13:23:52.0816 7880 NAVEX15 (346da70e203b8e2c850277713de8f71b) C:\PROGRA~3\Symantec\DEFINI~1\VIRUSD~1\20110907.024\EX64.SYS
    2011/09/08 13:23:52.0881 7880 NDIS (cad515dbd07d082bb317d9928ce8962c) C:\Windows\system32\drivers\ndis.sys
    2011/09/08 13:23:52.0915 7880 NdisCap (9f9a1f53aad7da4d6fef5bb73ab811ac) C:\Windows\system32\DRIVERS\ndiscap.sys
    2011/09/08 13:23:52.0936 7880 NdisTapi (30639c932d9fef22b31268fe25a1b6e5) C:\Windows\system32\DRIVERS\ndistapi.sys
    2011/09/08 13:23:52.0959 7880 Ndisuio (f105ba1e22bf1f2ee8f005d4305e4bec) C:\Windows\system32\DRIVERS\ndisuio.sys
    2011/09/08 13:23:52.0980 7880 NdisWan (557dfab9ca1fcb036ac77564c010dad3) C:\Windows\system32\DRIVERS\ndiswan.sys
    2011/09/08 13:23:53.0001 7880 NDProxy (659b74fb74b86228d6338d643cd3e3cf) C:\Windows\system32\drivers\NDProxy.sys
    2011/09/08 13:23:53.0058 7880 NetBIOS (86743d9f5d2b1048062b14b1d84501c4) C:\Windows\system32\DRIVERS\netbios.sys
    2011/09/08 13:23:53.0090 7880 NetBT (9162b273a44ab9dce5b44362731d062a) C:\Windows\system32\DRIVERS\netbt.sys
    2011/09/08 13:23:53.0236 7880 NETw5s64 (4d85a450edef10c38882182753a49aae) C:\Windows\system32\DRIVERS\NETw5s64.sys
    2011/09/08 13:23:53.0463 7880 NETwNs64 (eb43840babf5589e33186d094de7381d) C:\Windows\system32\DRIVERS\NETwNs64.sys
    2011/09/08 13:23:53.0542 7880 nfrd960 (77889813be4d166cdab78ddba990da92) C:\Windows\system32\DRIVERS\nfrd960.sys
    2011/09/08 13:23:53.0608 7880 Npfs (1e4c4ab5c9b8dd13179bbdc75a2a01f7) C:\Windows\system32\drivers\Npfs.sys
    2011/09/08 13:23:53.0661 7880 nsiproxy (e7f5ae18af4168178a642a9247c63001) C:\Windows\system32\drivers\nsiproxy.sys
    2011/09/08 13:23:53.0729 7880 Ntfs (378e0e0dfea67d98ae6ea53adbbd76bc) C:\Windows\system32\drivers\Ntfs.sys
    2011/09/08 13:23:53.0801 7880 Null (9899284589f75fa8724ff3d16aed75c1) C:\Windows\system32\drivers\Null.sys
    2011/09/08 13:23:53.0869 7880 nvraid (a4d9c9a608a97f59307c2f2600edc6a4) C:\Windows\system32\drivers\nvraid.sys
    2011/09/08 13:23:53.0903 7880 nvstor (6c1d5f70e7a6a3fd1c90d840edc048b9) C:\Windows\system32\drivers\nvstor.sys
    2011/09/08 13:23:53.0950 7880 nv_agp (270d7cd42d6e3979f6dd0146650f0e05) C:\Windows\system32\drivers\nv_agp.sys
    2011/09/08 13:23:54.0011 7880 ohci1394 (3589478e4b22ce21b41fa1bfc0b8b8a0) C:\Windows\system32\drivers\ohci1394.sys
    2011/09/08 13:23:54.0109 7880 Parport (0086431c29c35be1dbc43f52cc273887) C:\Windows\system32\DRIVERS\parport.sys
    2011/09/08 13:23:54.0143 7880 partmgr (7daa117143316c4a1537e074a5a9eaf0) C:\Windows\system32\drivers\partmgr.sys
    2011/09/08 13:23:54.0171 7880 PBADRV (363b3f857abee85767e01e3044c539cd) C:\Windows\system32\DRIVERS\PBADRV.sys
    2011/09/08 13:23:54.0224 7880 pci (f36f6504009f2fb0dfd1b17a116ad74b) C:\Windows\system32\drivers\pci.sys
    2011/09/08 13:23:54.0254 7880 pciide (b5b8b5ef2e5cb34df8dcf8831e3534fa) C:\Windows\system32\drivers\pciide.sys
    2011/09/08 13:23:54.0288 7880 pcmcia (b2e81d4e87ce48589f98cb8c05b01f2f) C:\Windows\system32\DRIVERS\pcmcia.sys
    2011/09/08 13:23:54.0317 7880 pcw (d6b9c2e1a11a3a4b26a182ffef18f603) C:\Windows\system32\drivers\pcw.sys
    2011/09/08 13:23:54.0432 7880 PEAUTH (68769c3356b3be5d1c732c97b9a80d6e) C:\Windows\system32\drivers\peauth.sys
    2011/09/08 13:23:54.0525 7880 PptpMiniport (27cc19e81ba5e3403c48302127bda717) C:\Windows\system32\DRIVERS\raspptp.sys
    2011/09/08 13:23:54.0547 7880 Processor (0d922e23c041efb1c3fac2a6f943c9bf) C:\Windows\system32\DRIVERS\processr.sys
    2011/09/08 13:23:54.0573 7880 Psched (ee992183bd8eaefd9973f352e587a299) C:\Windows\system32\DRIVERS\pacer.sys
    2011/09/08 13:23:54.0618 7880 PxHlpa64 (4712cc14e720ecccc0aa16949d18aaf1) C:\Windows\system32\Drivers\PxHlpa64.sys
    2011/09/08 13:23:54.0660 7880 ql2300 (a53a15a11ebfd21077463ee2c7afeef0) C:\Windows\system32\DRIVERS\ql2300.sys
    2011/09/08 13:23:54.0700 7880 ql40xx (4f6d12b51de1aaeff7dc58c4d75423c8) C:\Windows\system32\DRIVERS\ql40xx.sys
    2011/09/08 13:23:54.0744 7880 QWAVEdrv (76707bb36430888d9ce9d705398adb6c) C:\Windows\system32\drivers\qwavedrv.sys
    2011/09/08 13:23:54.0829 7880 R-ImageDisk (057d4500b9cc974dd2bf2e9d28bd9adc) C:\Program Files (x86)\R-Drive Image\R-ImageDisk64.sys
    2011/09/08 13:23:54.0857 7880 RasAcd (5a0da8ad5762fa2d91678a8a01311704) C:\Windows\system32\DRIVERS\rasacd.sys
    2011/09/08 13:23:54.0912 7880 RasAgileVpn (7ecff9b22276b73f43a99a15a6094e90) C:\Windows\system32\DRIVERS\AgileVpn.sys
    2011/09/08 13:23:54.0940 7880 Rasl2tp (87a6e852a22991580d6d39adc4790463) C:\Windows\system32\DRIVERS\rasl2tp.sys
    2011/09/08 13:23:54.0965 7880 RasPppoe (855c9b1cd4756c5e9a2aa58a15f58c25) C:\Windows\system32\DRIVERS\raspppoe.sys
    2011/09/08 13:23:54.0987 7880 RasSstp (e8b1e447b008d07ff47d016c2b0eeecb) C:\Windows\system32\DRIVERS\rassstp.sys
    2011/09/08 13:23:55.0014 7880 rdbss (3bac8142102c15d59a87757c1d41dce5) C:\Windows\system32\DRIVERS\rdbss.sys
    2011/09/08 13:23:55.0040 7880 rdpbus (302da2a0539f2cf54d7c6cc30c1f2d8d) C:\Windows\system32\DRIVERS\rdpbus.sys
    2011/09/08 13:23:55.0062 7880 RDPCDD (cea6cc257fc9b7715f1c2b4849286d24) C:\Windows\system32\DRIVERS\RDPCDD.sys
    2011/09/08 13:23:55.0103 7880 RDPDR (9706b84dbabfc4b4ca46c5a82b14dfa3) C:\Windows\system32\drivers\rdpdr.sys
    2011/09/08 13:23:55.0125 7880 RDPENCDD (bb5971a4f00659529a5c44831af22365) C:\Windows\system32\drivers\rdpencdd.sys
    2011/09/08 13:23:55.0152 7880 RDPREFMP (216f3fa57533d98e1f74ded70113177a) C:\Windows\system32\drivers\rdprefmp.sys
    2011/09/08 13:23:55.0180 7880 RDPWD (8a3e6bea1c53ea6177fe2b6eba2c80d7) C:\Windows\system32\drivers\RDPWD.sys
    2011/09/08 13:23:55.0209 7880 rdyboost (634b9a2181d98f15941236886164ec8b) C:\Windows\system32\drivers\rdyboost.sys
    2011/09/08 13:23:55.0261 7880 RFCOMM (3dd798846e2c28102b922c56e71b7932) C:\Windows\system32\DRIVERS\rfcomm.sys
    2011/09/08 13:23:55.0289 7880 rimspci (3dca561aaf776aa2e356fb5b142aa5f8) C:\Windows\system32\DRIVERS\rimspe64.sys
    2011/09/08 13:23:55.0323 7880 risdpcie (91c2ae052652e7abd88155f11d667ed2) C:\Windows\system32\DRIVERS\risdpe64.sys
    2011/09/08 13:23:55.0345 7880 rixdpcie (a4579105a3c5b6290701ead0c153e07a) C:\Windows\system32\DRIVERS\rixdpe64.sys
    2011/09/08 13:23:55.0375 7880 rspndr (ddc86e4f8e7456261e637e3552e804ff) C:\Windows\system32\DRIVERS\rspndr.sys
    2011/09/08 13:23:55.0420 7880 s3cap (88af6e02ab19df7fd07ecdf9c91e9af6) C:\Windows\system32\drivers\vms3cap.sys
    2011/09/08 13:23:55.0463 7880 sbp2port (e3bbb89983daf5622c1d50cf49f28227) C:\Windows\system32\drivers\sbp2port.sys
    2011/09/08 13:23:55.0500 7880 scfilter (c94da20c7e3ba1dca269bc8460d98387) C:\Windows\system32\DRIVERS\scfilter.sys
    2011/09/08 13:23:55.0536 7880 secdrv (3ea8a16169c26afbeb544e0e48421186) C:\Windows\system32\drivers\secdrv.sys
    2011/09/08 13:23:55.0574 7880 Serenum (cb624c0035412af0debec78c41f5ca1b) C:\Windows\system32\DRIVERS\serenum.sys
    2011/09/08 13:23:55.0595 7880 Serial (c1d8e28b2c2adfaec4ba89e9fda69bd6) C:\Windows\system32\DRIVERS\serial.sys
    2011/09/08 13:23:55.0641 7880 sermouse (1c545a7d0691cc4a027396535691c3e3) C:\Windows\system32\DRIVERS\sermouse.sys
    2011/09/08 13:23:55.0698 7880 sffdisk (a554811bcd09279536440c964ae35bbf) C:\Windows\system32\drivers\sffdisk.sys
    2011/09/08 13:23:55.0719 7880 sffp_mmc (ff414f0baefeba59bc6c04b3db0b87bf) C:\Windows\system32\drivers\sffp_mmc.sys
    2011/09/08 13:23:55.0737 7880 sffp_sd (178298f767fe638c9fedcbdef58bb5e4) C:\Windows\system32\drivers\sffp_sd.sys
    2011/09/08 13:23:55.0754 7880 sfloppy (a9d601643a1647211a1ee2ec4e433ff4) C:\Windows\system32\DRIVERS\sfloppy.sys
    2011/09/08 13:23:55.0784 7880 SiSRaid2 (843caf1e5fde1ffd5ff768f23a51e2e1) C:\Windows\system32\DRIVERS\SiSRaid2.sys
    2011/09/08 13:23:55.0806 7880 SiSRaid4 (6a6c106d42e9ffff8b9fcb4f754f6da4) C:\Windows\system32\DRIVERS\sisraid4.sys
    2011/09/08 13:23:55.0831 7880 Smb (548260a7b8654e024dc30bf8a7c5baa4) C:\Windows\system32\DRIVERS\smb.sys
    2011/09/08 13:23:55.0883 7880 spldr (b9e31e5cacdfe584f34f730a677803f9) C:\Windows\system32\drivers\spldr.sys
    2011/09/08 13:23:55.0950 7880 SRTSP (32900ac9cfdc578531279886ca16a4df) C:\Windows\system32\Drivers\SRTSP64.SYS
    2011/09/08 13:23:55.0995 7880 SRTSPL (8929566d1f14685fd78eaf25bee3ecc7) C:\Windows\system32\Drivers\SRTSPL64.SYS
    2011/09/08 13:23:56.0024 7880 SRTSPX (cb2fdf47ee67f8cca5362ed9b94fe955) C:\Windows\system32\Drivers\SRTSPX64.SYS
    2011/09/08 13:23:56.0081 7880 srv (2408c0366d96bcdf63e8f1c78e4a29c5) C:\Windows\system32\DRIVERS\srv.sys
    2011/09/08 13:23:56.0120 7880 srv2 (76548f7b818881b47d8d1ae1be9c11f8) C:\Windows\system32\DRIVERS\srv2.sys
    2011/09/08 13:23:56.0175 7880 srvnet (0af6e19d39c70844c5caa8fb0183c36e) C:\Windows\system32\DRIVERS\srvnet.sys
    2011/09/08 13:23:56.0229 7880 stdflt (c568fdb21ce77a44fd166f28f104ac46) C:\Windows\system32\DRIVERS\stdfltn.sys
    2011/09/08 13:23:56.0257 7880 stexstor (f3817967ed533d08327dc73bc4d5542a) C:\Windows\system32\DRIVERS\stexstor.sys
    2011/09/08 13:23:56.0305 7880 STHDA (da40d9c9ccb9836d6abd1706935a2277) C:\Windows\system32\DRIVERS\stwrt64.sys
    2011/09/08 13:23:56.0357 7880 StillCam (decacb6921ded1a38642642685d77dac) C:\Windows\system32\DRIVERS\serscan.sys
    2011/09/08 13:23:56.0409 7880 storflt (ffd7a6f15b14234b5b0e5d49e7961895) C:\Windows\system32\drivers\vmstorfl.sys
    2011/09/08 13:23:56.0453 7880 storvsc (8fccbefc5c440b3c23454656e551b09a) C:\Windows\system32\drivers\storvsc.sys
    2011/09/08 13:23:56.0508 7880 swenum (d01ec09b6711a5f8e7e6564a4d0fbc90) C:\Windows\system32\drivers\swenum.sys
    2011/09/08 13:23:56.0573 7880 SymEvent (7e4d281982e19abd06728c7ee9ac40a8) C:\Windows\system32\Drivers\SYMEVENT64x86.SYS
    2011/09/08 13:23:56.0679 7880 Tcpip (b9d87c7707f058ac652a398cd28de14b) C:\Windows\system32\drivers\tcpip.sys
    2011/09/08 13:23:56.0745 7880 TCPIP6 (b9d87c7707f058ac652a398cd28de14b) C:\Windows\system32\DRIVERS\tcpip.sys
    2011/09/08 13:23:56.0787 7880 tcpipreg (76d078af6f587b162d50210f761eb9ed) C:\Windows\system32\drivers\tcpipreg.sys
    2011/09/08 13:23:56.0826 7880 TDPIPE (3371d21011695b16333a3934340c4e7c) C:\Windows\system32\drivers\tdpipe.sys
    2011/09/08 13:23:56.0849 7880 TDTCP (e4245bda3190a582d55ed09e137401a9) C:\Windows\system32\drivers\tdtcp.sys
    2011/09/08 13:23:56.0876 7880 tdx (079125c4b17b01fcaeebce0bcb290c0f) C:\Windows\system32\DRIVERS\tdx.sys
    2011/09/08 13:23:56.0900 7880 TermDD (c448651339196c0e869a355171875522) C:\Windows\system32\drivers\termdd.sys
    2011/09/08 13:23:56.0939 7880 tssecsrv (61b96c26131e37b24e93327a0bd1fb95) C:\Windows\system32\DRIVERS\tssecsrv.sys
    2011/09/08 13:23:56.0963 7880 tunnel (3836171a2cdf3af8ef10856db9835a70) C:\Windows\system32\DRIVERS\tunnel.sys
    2011/09/08 13:23:56.0997 7880 uagp35 (b4dd609bd7e282bfc683cec7eaaaad67) C:\Windows\system32\DRIVERS\uagp35.sys
    2011/09/08 13:23:57.0031 7880 udfs (31ba4a33afab6a69ea092b18017f737f) C:\Windows\system32\DRIVERS\udfs.sys
    2011/09/08 13:23:57.0082 7880 uliagpkx (4bfe1bc28391222894cbf1e7d0e42320) C:\Windows\system32\drivers\uliagpkx.sys
    2011/09/08 13:23:57.0124 7880 umbus (eab6c35e62b1b0db0d1b48b671d3a117) C:\Windows\system32\drivers\umbus.sys
    2011/09/08 13:23:57.0147 7880 UmPass (b2e8e8cb557b156da5493bbddcc1474d) C:\Windows\system32\DRIVERS\umpass.sys
    2011/09/08 13:23:57.0217 7880 usbccgp (537a4e03d7103c12d42dfd8ffdb5bdc9) C:\Windows\system32\DRIVERS\usbccgp.sys
    2011/09/08 13:23:57.0256 7880 usbcir (af0892a803fdda7492f595368e3b68e7) C:\Windows\system32\drivers\usbcir.sys
    2011/09/08 13:23:57.0310 7880 usbehci (fbb21ebe49f6d560db37ac25fbc68e66) C:\Windows\system32\drivers\usbehci.sys
    2011/09/08 13:23:57.0341 7880 usbhub (6b7a8a99c4a459e73c286a6763ea24cc) C:\Windows\system32\DRIVERS\usbhub.sys
    2011/09/08 13:23:57.0368 7880 usbohci (8c88aa7617b4cbc2e4bed61d26b33a27) C:\Windows\system32\drivers\usbohci.sys
    2011/09/08 13:23:57.0394 7880 usbprint (73188f58fb384e75c4063d29413cee3d) C:\Windows\system32\DRIVERS\usbprint.sys
    2011/09/08 13:23:57.0490 7880 USBSTOR (f39983647bc1f3e6100778ddfe9dce29) C:\Windows\system32\drivers\USBSTOR.SYS
    2011/09/08 13:23:57.0815 7880 usbuhci (0b5b3b2df3fd1709618acfa50b8392b0) C:\Windows\system32\drivers\usbuhci.sys
    2011/09/08 13:23:57.0883 7880 VClone (fd911873c0bb6945fa38c16e9a2b58f9) C:\Windows\system32\DRIVERS\VClone.sys
    2011/09/08 13:23:57.0935 7880 vdrvroot (c5c876ccfc083ff3b128f933823e87bd) C:\Windows\system32\drivers\vdrvroot.sys
    2011/09/08 13:23:57.0988 7880 vga (da4da3f5e02943c2dc8c6ed875de68dd) C:\Windows\system32\DRIVERS\vgapnp.sys
    2011/09/08 13:23:58.0034 7880 VgaSave (53e92a310193cb3c03bea963de7d9cfc) C:\Windows\System32\drivers\vga.sys
    2011/09/08 13:23:58.0101 7880 vhdmp (c82e748660f62a242b2dfac1442f22a4) C:\Windows\system32\drivers\vhdmp.sys
    2011/09/08 13:23:58.0159 7880 viaide (e5689d93ffe4e5d66c0178761240dd54) C:\Windows\system32\drivers\viaide.sys
    2011/09/08 13:23:58.0192 7880 vmbus (1501699d7eda984abc4155a7da5738d1) C:\Windows\system32\drivers\vmbus.sys
    2011/09/08 13:23:58.0214 7880 VMBusHID (ae10c35761889e65a6f7176937c5592c) C:\Windows\system32\drivers\VMBusHID.sys
    2011/09/08 13:23:58.0264 7880 vmci (574906d355726f78df88e232bc1884a4) C:\Windows\system32\drivers\vmci.sys
    2011/09/08 13:23:58.0312 7880 vmkbd (ffc30caeeb2fc5fee8568cff74edeaed) C:\Windows\system32\drivers\VMkbd.sys
    2011/09/08 13:23:58.0336 7880 VMnetAdapter (9d54f1339e78c95bf3d9939ebcb66378) C:\Windows\system32\DRIVERS\vmnetadapter.sys
    2011/09/08 13:23:58.0364 7880 VMnetBridge (fb54ef3aa613d2832fd3812e7cb2fc75) C:\Windows\system32\DRIVERS\vmnetbridge.sys
    2011/09/08 13:23:58.0387 7880 VMnetuserif (4767d40764aa5aae75d2b37aa5659302) C:\Windows\system32\drivers\vmnetuserif.sys
    2011/09/08 13:23:58.0428 7880 VMparport (451389ac5ce42c4dc7529ef94d2a725f) C:\Windows\system32\drivers\VMparport.sys
    2011/09/08 13:23:58.0476 7880 vmx86 (7a973b264fe52c264c275e3975562930) C:\Windows\system32\drivers\vmx86.sys
    2011/09/08 13:23:58.0522 7880 volmgr (2b1a3dae2b4e70dbba822b7a03fbd4a3) C:\Windows\system32\drivers\volmgr.sys
    2011/09/08 13:23:58.0555 7880 volmgrx (99b0cbb569ca79acaed8c91461d765fb) C:\Windows\system32\drivers\volmgrx.sys
    2011/09/08 13:23:58.0600 7880 volsnap (58f82eed8ca24b461441f9c3e4f0bf5c) C:\Windows\system32\drivers\volsnap.sys
    2011/09/08 13:23:58.0629 7880 vsmraid (5e2016ea6ebaca03c04feac5f330d997) C:\Windows\system32\DRIVERS\vsmraid.sys
    2011/09/08 13:23:58.0707 7880 vstor2-ws60 (e61c910e2ddf4797c1b1f9239636e894) C:\Program Files (x86)\VMware\VMware Workstation\vstor2-ws60.sys
    2011/09/08 13:23:58.0739 7880 vwifibus (36d4720b72b5c5d9cb2b9c29e9df67a1) C:\Windows\system32\DRIVERS\vwifibus.sys
    2011/09/08 13:23:58.0757 7880 vwififlt (6a3d66263414ff0d6fa754c646612f3f) C:\Windows\system32\DRIVERS\vwififlt.sys
    2011/09/08 13:23:58.0781 7880 vwifimp (6a638fc4bfddc4d9b186c28c91bd1a01) C:\Windows\system32\DRIVERS\vwifimp.sys
    2011/09/08 13:23:58.0809 7880 WacomPen (4e9440f4f152a7b944cb1663d3935a3e) C:\Windows\system32\DRIVERS\wacompen.sys
    2011/09/08 13:23:58.0840 7880 WANARP (47ca49400643effd3f1c9a27e1d69324) C:\Windows\system32\DRIVERS\wanarp.sys
    2011/09/08 13:23:58.0849 7880 Wanarpv6 (47ca49400643effd3f1c9a27e1d69324) C:\Windows\system32\DRIVERS\wanarp.sys
    2011/09/08 13:23:58.0885 7880 Wd (72889e16ff12ba0f235467d6091b17dc) C:\Windows\system32\DRIVERS\wd.sys
    2011/09/08 13:23:58.0922 7880 Wdf01000 (441bd2d7b4f98134c3a4f9fa570fd250) C:\Windows\system32\drivers\Wdf01000.sys
    2011/09/08 13:23:58.0958 7880 WfpLwf (611b23304bf067451a9fdee01fbdd725) C:\Windows\system32\DRIVERS\wfplwf.sys
    2011/09/08 13:23:58.0980 7880 WIMMount (05ecaec3e4529a7153b3136ceb49f0ec) C:\Windows\system32\drivers\wimmount.sys
    2011/09/08 13:23:59.0052 7880 WinUsb (4d52c872018af7e18d078978dcc3f6f2) C:\Windows\system32\drivers\WinUSB.sys
    2011/09/08 13:23:59.0117 7880 WmiAcpi (f6ff8944478594d0e414d3f048f0d778) C:\Windows\system32\drivers\wmiacpi.sys
    2011/09/08 13:23:59.0173 7880 ws2ifsl (6bcc1d7d2fd2453957c5479a32364e52) C:\Windows\system32\drivers\ws2ifsl.sys
    2011/09/08 13:23:59.0219 7880 WSDPrintDevice (8d918b1db190a4d9b1753a66fa8c96e8) C:\Windows\system32\DRIVERS\WSDPrint.sys
    2011/09/08 13:23:59.0279 7880 WudfPf (c63907207b837a5c05cf6d1606aa0008) C:\Windows\system32\drivers\WudfPf.sys
    2011/09/08 13:23:59.0304 7880 WUDFRd (d885a873d733020f8b9b9ff4b1666158) C:\Windows\system32\drivers\WUDFRd.sys
    2011/09/08 13:23:59.0388 7880 MBR (0x1B8) (a36c5e4f47e84449ff07ed3517b43a31) \Device\Harddisk0\DR0
    2011/09/08 13:23:59.0404 7880 Boot (0x1200) (002e1f6f3e57fb2c274ca230b969119d) \Device\Harddisk0\DR0\Partition0
    2011/09/08 13:23:59.0416 7880 Boot (0x1200) (35c5449894a6f4a1677d3b93d41c9d3b) \Device\Harddisk0\DR0\Partition1
    2011/09/08 13:23:59.0455 7880 Boot (0x1200) (67c19717eb4c894df3a606244b0e2f70) \Device\Harddisk0\DR0\Partition2
    2011/09/08 13:23:59.0464 7880 ================================================================================
    2011/09/08 13:23:59.0464 7880 Scan finished
    2011/09/08 13:23:59.0464 7880 ================================================================================
    2011/09/08 13:23:59.0483 0368 Detected object count: 0
    2011/09/08 13:23:59.0483 0368 Actual detected object count: 0
    2011/09/08 13:24:03.0784 4856 Deinitialize success
     
  23. Bobbye

    Bobbye Helper on the Fringe Posts: 16,335   +36

    We'll I was hoping the scans would find something!

    Diagnostic Report shows that Windows detected one or more of it's protected system file(s) have been modified
    (rewritten, replaced or become corrupt) and that when Windows tried to repair the files, it failed for unknown reasons. These files can no longer be trusted because they have been modified in some way. Or in other words, the files are Non-Genuine.

    By any chance, do you still have the logs from the run of Malwarebytes you first ran, found and removed entries?
    . If you do, please post it for me.

    We know that this file is missing from your machine -c:\windows\system32\drivers\mdsdrv.sys. This is the firewall authorization driver that is mentioned in the dependencies for the windows firewall.

    We know that the SFC won't replace it. But we don't know how, when or what caused the 'Tampered Files.

    The only other step I can recommend is trying to repair by using System Restore. This is something we usually don't recommend during cleaning, but if you can get back to right before you noticed the original problem, you may be spared reformat/reinstall.
    • Click Start> type System Restore in the Start Search field> enter.
    • Select "Choose Different Restore Point"
    • Put a check in the box that says "Show restore points older than 5 days"
    • Choose the restore point that corresponds to the date Before you first noticed the issue.
    • Click "Next"
    • Reboot and see if that resolves the issue.
     
Topic Status:
Not open for further replies.

Similar Topics

Add New Comment

You need to be a member to leave a comment. Join thousands of tech enthusiasts and participate.
TechSpot Account You may also...