Infected with a virus attacking svchost.exe

Solved
By JHirschmann
Sep 21, 2012
  1. I am not well versed in virus removal, so please bear with me. I have a trojan which seems to be attacked svchost.exe. I have run Malwarebytes multiple times and am told that the two (2) trojans will be deleted on reboot. However, an immediate scan upon Windows rebooting still shows the trojans present. I have already run all the programs listed in the preliminary removal instructions and the logs are below. Please note that running GMER did not provide a log. Also, if it makes a difference, this is my work computer and is on the network that my employer provides.

    Malwarebytes log

    Malwarebytes Anti-Malware 1.65.0.1400
    www.malwarebytes.org

    Database version: v2012.09.21.08

    Windows 7 Service Pack 1 x64 NTFS
    Internet Explorer 9.0.8112.16421
    jhirschmann :: 6000PRO-02 [administrator]

    9/21/2012 1:42:23 PM
    mbam-log-2012-09-21 (13-42-23).txt

    Scan type: Quick scan
    Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
    Scan options disabled: P2P
    Objects scanned: 249321
    Time elapsed: 5 minute(s), 11 second(s)

    Memory Processes Detected: 1
    C:\Windows\svchost.exe (Trojan.Agent) -> 2720 -> Delete on reboot.

    Memory Modules Detected: 0
    (No malicious items detected)

    Registry Keys Detected: 0
    (No malicious items detected)

    Registry Values Detected: 0
    (No malicious items detected)

    Registry Data Items Detected: 0
    (No malicious items detected)

    Folders Detected: 0
    (No malicious items detected)

    Files Detected: 1
    C:\Windows\svchost.exe (Trojan.Agent) -> Delete on reboot.

    (end)


    DDS Log

    .
    DDS (Ver_2011-08-26.01) - NTFSAMD64
    Internet Explorer: 9.0.8112.16421 BrowserJavaVersion: 1.6.0_31
    Run by jhirschmann at 14:25:13 on 2012-09-21
    Microsoft Windows 7 Professional 6.1.7601.1.1252.1.1033.18.3991.2849 [GMT -4:00]
    .
    AV: Norton AntiVirus *Disabled/Updated* {63DF5164-9100-186D-2187-8DC619EFD8BF}
    SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
    SP: Norton AntiVirus *Enabled/Updated* {D8BEB080-B73A-17E3-1B37-B6B462689202}
    .
    ============== Running Processes ===============
    .
    C:\Windows\system32\wininit.exe
    C:\Windows\system32\lsm.exe
    C:\Windows\system32\svchost.exe -k DcomLaunch
    C:\Windows\system32\svchost.exe -k RPCSS
    C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
    C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
    C:\Windows\system32\svchost.exe -k netsvcs
    C:\Windows\system32\svchost.exe -k LocalService
    C:\Windows\system32\svchost.exe -k NetworkService
    C:\Windows\System32\spoolsv.exe
    C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
    C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
    C:\Windows\SysWOW64\DWRCS.EXE
    C:\Program Files (x86)\Common Files\LightScribe\LSSrvc.exe
    C:\Program Files (x86)\Intel\AMT\LMS.exe
    C:\Program Files (x86)\Norton AntiVirus\Engine\19.8.0.14\ccSvcHst.exe
    C:\Windows\system32\svchost.exe -k imgsvc
    C:\Windows\SysWOW64\TSSchBkpService.exe
    C:\Program Files (x86)\Common Files\Intel\Privacy Icon\UNS\UNS.exe
    C:\Windows\System32\svchost.exe -k LocalServiceAndNoImpersonation
    C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
    C:\Windows\system32\taskhost.exe
    C:\Windows\SysWOW64\DWRCST.exe
    C:\Program Files (x86)\Norton AntiVirus\Engine\19.8.0.14\ccSvcHst.exe
    C:\Windows\system32\Dwm.exe
    C:\Windows\Explorer.EXE
    C:\Program Files (x86)\Common Files\Intel\Privacy Icon\PrivacyIconClient.exe
    C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
    C:\Windows\System32\igfxtray.exe
    C:\Windows\System32\hkcmd.exe
    C:\Windows\System32\igfxpers.exe
    C:\Program Files (x86)\Common Files\LightScribe\LightScribeControlPanel.exe
    C:\Program Files (x86)\Microsoft Office\Office14\ONENOTEM.EXE
    C:\Program Files (x86)\Roxio\Drag-to-Disc\DrgToDsc.exe
    C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
    C:\Windows\system32\SearchIndexer.exe
    -netsvcs
    C:\Windows\system32\conhost.exe
    C:\Windows\SysWOW64\cmd.exe
    C:\Windows\system32\conhost.exe
    C:\Windows\SysWOW64\cscript.exe
    C:\Windows\system32\DllHost.exe
    C:\Windows\system32\wbem\wmiprvse.exe
    .
    ============== Pseudo HJT Report ===============
    .
    uStart Page = hxxp://www.google.com/
    mWinlogon: Userinit=userinit.exe,
    BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
    BHO: Norton Vulnerability Protection: {6d53ec84-6aae-4787-aeee-f4628f01010c} - C:\Program Files (x86)\Norton AntiVirus\Engine\19.8.0.14\IPS\IPSBHO.DLL
    BHO: Java(tm) Plug-In SSV Helper: {761497bb-d6f0-462c-b6eb-d4daf1d92d43} - C:\Program Files (x86)\Java\jre6\bin\ssv.dll
    BHO: Office Document Cache Handler: {b4f3a835-0e21-4959-ba22-42b3008e02ff} - C:\PROGRA~2\MICROS~1\Office14\URLREDIR.DLL
    BHO: Java(tm) Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll
    uRun: [LightScribe Control Panel] C:\Program Files (x86)\Common Files\LightScribe\LightScribeControlPanel.exe -hidden
    mRun: [RoxioDragToDisc] "C:\Program Files (x86)\Roxio\Drag-to-Disc\DrgToDsc.exe"
    mRun: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
    mRun: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
    mRun: [DameWare MRC Agent] C:\Windows\SysWOW64\DWRCST.exe
    StartupFolder: C:\Users\hglymour\AppData\Roaming\MICROS~1\Windows\STARTM~1\Programs\Startup\ONENOT~1.LNK - C:\Program Files (x86)\Microsoft Office\Office14\ONENOTEM.EXE
    StartupFolder: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\TSTemp.bat
    mPolicies-explorer: NoActiveDesktop = 1 (0x1)
    mPolicies-explorer: NoActiveDesktopChanges = 1 (0x1)
    mPolicies-system: ConsentPromptBehaviorAdmin = 0 (0x0)
    mPolicies-system: ConsentPromptBehaviorUser = 3 (0x3)
    mPolicies-system: EnableLUA = 0 (0x0)
    mPolicies-system: EnableUIADesktopToggle = 0 (0x0)
    mPolicies-system: PromptOnSecureDesktop = 0 (0x0)
    IE: E&xport to Microsoft Excel - C:\PROGRA~2\MICROS~1\Office14\EXCEL.EXE/3000
    IE: Se&nd to OneNote - C:\PROGRA~2\MICROS~1\Office14\ONBttnIE.dll/105
    IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIE.dll
    IE: {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - {FFFDC614-B694-4AE6-AB38-5D6374584B52} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIELinkedNotes.dll
    DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab
    DPF: {CAFEEFAC-0016-0000-0031-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab
    DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab
    DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
    TCP: DhcpNameServer = 192.168.25.3 192.168.25.5
    TCP: Interfaces\{BC54F5DE-F31E-4C04-9C1B-C0D3C1E6CE22} : DhcpNameServer = 192.168.25.3 192.168.25.5
    Filter: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - C:\Program Files (x86)\Common Files\microsoft shared\OFFICE14\MSOXMLMF.DLL
    mASetup: {10880D85-AAD9-4558-ABDC-2AB1552D831F} - "C:\Program Files (x86)\Common Files\LightScribe\LSRunOnce.exe"
    BHO-X64: Adobe PDF Link Helper: {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
    BHO-X64: AcroIEHelperStub - No File
    BHO-X64: Norton Vulnerability Protection: {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - C:\Program Files (x86)\Norton AntiVirus\Engine\19.8.0.14\IPS\IPSBHO.DLL
    BHO-X64: Norton Vulnerability Protection - No File
    BHO-X64: Java(tm) Plug-In SSV Helper: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre6\bin\ssv.dll
    BHO-X64: Office Document Cache Handler: {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\PROGRA~2\MICROS~1\Office14\URLREDIR.DLL
    BHO-X64: URLRedirectionBHO - No File
    BHO-X64: Java(tm) Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll
    mRun-x64: [RoxioDragToDisc] "C:\Program Files (x86)\Roxio\Drag-to-Disc\DrgToDsc.exe"
    mRun-x64: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
    mRun-x64: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
    mRun-x64: [DameWare MRC Agent] C:\Windows\SysWOW64\DWRCST.exe
    .
    ================= FIREFOX ===================
    .
    FF - ProfilePath - C:\Users\hglymour\AppData\Roaming\Mozilla\Firefox\Profiles\q026kose.default\
    FF - prefs.js: browser.startup.homepage - hxxp://www.webcrawler.com/
    FF - prefs.js: network.proxy.type - 0
    FF - plugin: C:\PROGRA~2\MICROS~1\Office14\NPAUTHZ.DLL
    FF - plugin: C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL
    FF - plugin: C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll
    FF - plugin: C:\Program Files (x86)\Java\jre6\bin\plugin2\npdeployJava1.dll
    FF - plugin: C:\Program Files (x86)\Java\jre6\bin\plugin2\npjp2.dll
    FF - plugin: c:\Program Files (x86)\Microsoft Silverlight\4.1.10329.0\npctrlui.dll
    FF - plugin: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_3_300_271.dll
    FF - plugin: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_4_402_278.dll
    .
    ============= SERVICES / DRIVERS ===============
    .
    R0 DRVECDB;DRVECDB;C:\Windows\system32\Drivers\DRVECDB.SYS --> C:\Windows\system32\Drivers\DRVECDB.SYS [?]
    R0 PxHlpa64;PxHlpa64;C:\Windows\system32\Drivers\PxHlpa64.sys --> C:\Windows\system32\Drivers\PxHlpa64.sys [?]
    R0 SymDS;Symantec Data Store;C:\Windows\system32\drivers\NAVx64\1308000.00E\SYMDS64.SYS --> C:\Windows\system32\drivers\NAVx64\1308000.00E\SYMDS64.SYS [?]
    R0 SymEFA;Symantec Extended File Attributes;C:\Windows\system32\drivers\NAVx64\1308000.00E\SYMEFA64.SYS --> C:\Windows\system32\drivers\NAVx64\1308000.00E\SYMEFA64.SYS [?]
    R1 BHDrvx64;BHDrvx64;C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NAV_19.7.1.5\Definitions\BASHDefs\20120919.001\BHDrvx64.sys [2012-9-20 1385120]
    R1 ccSet_NAV;Norton AntiVirus Settings Manager;C:\Windows\system32\drivers\NAVx64\1308000.00E\ccSetx64.sys --> C:\Windows\system32\drivers\NAVx64\1308000.00E\ccSetx64.sys [?]
    R1 DLACDBHE;DLACDBHE;C:\Windows\system32\Drivers\DLACDBHE.SYS --> C:\Windows\system32\Drivers\DLACDBHE.SYS [?]
    R1 DLARTL_E;DLARTL_E;C:\Windows\system32\Drivers\DLARTL_E.SYS --> C:\Windows\system32\Drivers\DLARTL_E.SYS [?]
    R1 dwvkbd;DameWare Virtual Keyboard 64 bit Driver;C:\Windows\system32\DRIVERS\dwvkbd64.sys --> C:\Windows\system32\DRIVERS\dwvkbd64.sys [?]
    R1 IDSVia64;IDSVia64;C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NAV_19.7.1.5\Definitions\IPSDefs\20120920.002\IDSviA64.sys [2012-9-20 513184]
    R1 SymIRON;Symantec Iron Driver;C:\Windows\system32\drivers\NAVx64\1308000.00E\Ironx64.SYS --> C:\Windows\system32\drivers\NAVx64\1308000.00E\Ironx64.SYS [?]
    R1 SymNetS;Symantec Network Security WFP Driver;C:\Windows\system32\Drivers\NAVx64\1308000.00E\SYMNETS.SYS --> C:\Windows\system32\Drivers\NAVx64\1308000.00E\SYMNETS.SYS [?]
    R2 AdobeARMservice;Adobe Acrobat Update Service;C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe [2012-7-27 63960]
    R2 DLABMFSE;DLABMFSE;C:\Windows\system32\DLA\DLABMFSE.SYS --> C:\Windows\system32\DLA\DLABMFSE.SYS [?]
    R2 DLABOIOE;DLABOIOE;C:\Windows\system32\DLA\DLABOIOE.SYS --> C:\Windows\system32\DLA\DLABOIOE.SYS [?]
    R2 DLADResE;DLADResE;C:\Windows\system32\DLA\DLADResE.SYS --> C:\Windows\system32\DLA\DLADResE.SYS [?]
    R2 DLAIFS_E;DLAIFS_E;C:\Windows\system32\DLA\DLAIFS_E.SYS --> C:\Windows\system32\DLA\DLAIFS_E.SYS [?]
    R2 DLAOPIOE;DLAOPIOE;C:\Windows\system32\DLA\DLAOPIOE.SYS --> C:\Windows\system32\DLA\DLAOPIOE.SYS [?]
    R2 DLAPoolE;DLAPoolE;C:\Windows\system32\DLA\DLAPoolE.SYS --> C:\Windows\system32\DLA\DLAPoolE.SYS [?]
    R2 DLAUDF_E;DLAUDF_E;C:\Windows\system32\DLA\DLAUDF_E.SYS --> C:\Windows\system32\DLA\DLAUDF_E.SYS [?]
    R2 DLAUDFAE;DLAUDFAE;C:\Windows\system32\DLA\DLAUDFAE.SYS --> C:\Windows\system32\DLA\DLAUDFAE.SYS [?]
    R2 DRVEDDM;DRVEDDM;C:\Windows\system32\Drivers\DRVEDDM.SYS --> C:\Windows\system32\Drivers\DRVEDDM.SYS [?]
    R2 NAV;Norton AntiVirus;C:\Program Files (x86)\Norton AntiVirus\Engine\19.8.0.14\ccsvchst.exe [2012-8-29 138272]
    R2 TSScheduleBackup;TimeslipsBackup;C:\Windows\SysWOW64\TSSchBkpService.exe [2010-7-22 705024]
    R2 UNS;Intel(R) Management and Security Application User Notification Service;C:\Program Files (x86)\Common Files\Intel\Privacy Icon\UNS\UNS.exe [2010-7-16 2066968]
    R3 EraserUtilRebootDrv;EraserUtilRebootDrv;C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [2012-8-31 138912]
    R3 HECIx64;Intel(R) Management Engine Interface;C:\Windows\system32\DRIVERS\HECIx64.sys --> C:\Windows\system32\DRIVERS\HECIx64.sys [?]
    S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
    S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-3-18 138576]
    S3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service;C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-4-2 250288]
    S3 e1kexpress;Intel(R) PRO/1000 PCI Express Network Connection Driver K;C:\Windows\system32\DRIVERS\e1k62x64.sys --> C:\Windows\system32\DRIVERS\e1k62x64.sys [?]
    S3 MozillaMaintenance;Mozilla Maintenance Service;C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe [2012-5-7 113120]
    S3 osppsvc;Office Software Protection Platform;C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE [2010-1-9 4925184]
    S3 StorSvc;Storage Service;C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted [2009-7-13 20992]
    S3 TsUsbFlt;TsUsbFlt;C:\Windows\system32\drivers\tsusbflt.sys --> C:\Windows\system32\drivers\tsusbflt.sys [?]
    S3 WatAdminSvc;Windows Activation Technologies Service;C:\Windows\system32\Wat\WatAdminSvc.exe --> C:\Windows\system32\Wat\WatAdminSvc.exe [?]
    .
    =============== Created Last 30 ================
    .
    2012-09-21 17:50:09 20480 ----a-w- C:\Windows\svchost.exe
    2012-09-21 17:49:25 -------- d-----w- C:\tstemp
    2012-09-14 12:39:32 25928 ----a-w- C:\Windows\System32\drivers\mbam.sys
    2012-09-14 12:39:31 -------- d-----w- C:\Program Files (x86)\Malwarebytes' Anti-Malware
    2012-09-12 13:27:53 950128 ----a-w- C:\Windows\System32\drivers\ndis.sys
    2012-09-12 13:27:52 41472 ----a-w- C:\Windows\System32\drivers\RNDISMP.sys
    2012-09-12 13:27:51 574464 ----a-w- C:\Windows\System32\d3d10level9.dll
    2012-09-12 13:27:50 490496 ----a-w- C:\Windows\SysWow64\d3d10level9.dll
    2012-09-12 13:27:49 376688 ----a-w- C:\Windows\System32\drivers\netio.sys
    2012-09-12 13:27:49 288624 ----a-w- C:\Windows\System32\drivers\FWPKCLNT.SYS
    2012-09-12 13:27:49 1913200 ----a-w- C:\Windows\System32\drivers\tcpip.sys
    2012-09-09 14:08:26 -------- d-----w- C:\Program Files (x86)\Emsisoft Anti-Malware
    2012-08-29 17:31:44 737952 ----a-w- C:\Windows\System32\drivers\NAVx64\1308000.00E\srtsp64.sys
    2012-08-29 17:31:44 451192 ----a-r- C:\Windows\System32\drivers\NAVx64\1308000.00E\symds64.sys
    2012-08-29 17:31:44 405624 ----a-w- C:\Windows\System32\drivers\NAVx64\1308000.00E\symnets.sys
    2012-08-29 17:31:44 37536 ----a-w- C:\Windows\System32\drivers\NAVx64\1308000.00E\srtspx64.sys
    2012-08-29 17:31:44 190072 ----a-w- C:\Windows\System32\drivers\NAVx64\1308000.00E\ironx64.sys
    2012-08-29 17:31:44 167072 ----a-w- C:\Windows\System32\drivers\NAVx64\1308000.00E\ccsetx64.sys
    2012-08-29 17:31:44 1129120 ----a-w- C:\Windows\System32\drivers\NAVx64\1308000.00E\symefa64.sys
    2012-08-29 17:31:41 -------- d-----w- C:\Windows\System32\drivers\NAVx64\1308000.00E
    2012-08-29 17:25:12 175736 ----a-w- C:\Windows\System32\drivers\SYMEVENT64x86.SYS
    2012-08-29 17:25:12 -------- d-----w- C:\Program Files\Symantec
    2012-08-29 17:25:12 -------- d-----w- C:\Program Files\Common Files\Symantec Shared
    2012-08-29 17:24:42 -------- d-----w- C:\Windows\System32\drivers\NAVx64
    2012-08-29 17:24:41 -------- d-----w- C:\Program Files (x86)\Norton AntiVirus
    2012-08-29 15:56:46 503808 ----a-w- C:\Windows\System32\srcore.dll
    2012-08-29 15:56:46 43008 ----a-w- C:\Windows\SysWow64\srclient.dll
    2012-08-29 15:56:44 751104 ----a-w- C:\Windows\System32\win32spl.dll
    2012-08-29 15:56:43 67072 ----a-w- C:\Windows\splwow64.exe
    2012-08-29 15:56:43 559104 ----a-w- C:\Windows\System32\spoolsv.exe
    2012-08-29 15:56:43 492032 ----a-w- C:\Windows\SysWow64\win32spl.dll
    2012-08-29 15:56:42 956928 ----a-w- C:\Windows\System32\localspl.dll
    2012-08-29 15:56:42 59392 ----a-w- C:\Windows\System32\browcli.dll
    2012-08-29 15:56:42 41984 ----a-w- C:\Windows\SysWow64\browcli.dll
    2012-08-29 15:56:42 3148800 ----a-w- C:\Windows\System32\win32k.sys
    2012-08-29 15:56:42 136704 ----a-w- C:\Windows\System32\browser.dll
    2012-08-27 15:12:34 -------- d-----w- C:\Windows\Offline Address Books
    2012-08-23 19:00:10 -------- d-----w- C:\Users\hglymour\AppData\Roaming\Malwarebytes
    2012-08-23 19:00:00 -------- d-----w- C:\ProgramData\Malwarebytes
    2012-08-23 18:58:18 -------- d-----w- C:\Users\hglymour\AppData\Roaming\Ad-Aware Antivirus
    .
    ==================== Find3M ====================
    .
    2012-09-21 14:53:25 73136 ----a-w- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl
    2012-09-21 14:53:25 696240 ----a-w- C:\Windows\SysWow64\FlashPlayerApp.exe
    2012-06-29 03:56:34 2312704 ----a-w- C:\Windows\System32\jscript9.dll
    2012-06-29 03:49:11 1392128 ----a-w- C:\Windows\System32\wininet.dll
    2012-06-29 03:48:07 1494528 ----a-w- C:\Windows\System32\inetcpl.cpl
    2012-06-29 03:43:49 173056 ----a-w- C:\Windows\System32\ieUnatt.exe
    2012-06-29 03:39:48 2382848 ----a-w- C:\Windows\System32\mshtml.tlb
    2012-06-29 00:16:58 1800704 ----a-w- C:\Windows\SysWow64\jscript9.dll
    2012-06-29 00:09:01 1129472 ----a-w- C:\Windows\SysWow64\wininet.dll
    2012-06-29 00:08:59 1427968 ----a-w- C:\Windows\SysWow64\inetcpl.cpl
    2012-06-29 00:04:43 142848 ----a-w- C:\Windows\SysWow64\ieUnatt.exe
    2012-06-29 00:00:45 2382848 ----a-w- C:\Windows\SysWow64\mshtml.tlb
    .
    ============= FINISH: 14:25:58.45 ===============


    .
    UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
    IF REQUESTED, ZIP IT UP & ATTACH IT
    .
    DDS (Ver_2011-08-26.01)
    .
    Microsoft Windows 7 Professional
    Boot Device: \Device\HarddiskVolume1
    Install Date: 7/16/2010 1:48:17 PM
    System Uptime: 9/21/2012 1:48:41 PM (1 hours ago)
    .
    Motherboard: Hewlett-Packard | | 3048h
    Processor: Intel(R) Core(TM)2 Duo CPU E8500 @ 3.16GHz | XU1 PROCESSOR | 3166/1333mhz
    .
    ==== Disk Partitions =========================
    .
    C: is FIXED (NTFS) - 225 GiB total, 176.49 GiB free.
    D: is FIXED (NTFS) - 6 GiB total, 0.697 GiB free.
    E: is CDROM ()
    .
    ==== Disabled Device Manager Items =============
    .
    Class GUID: {4d36e96f-e325-11ce-bfc1-08002be10318}
    Description: PS/2 Compatible Mouse
    Device ID: ACPI\PNP0F13\4&60DD4BF&0
    Manufacturer: Microsoft
    Name: PS/2 Compatible Mouse
    PNP Device ID: ACPI\PNP0F13\4&60DD4BF&0
    Service: i8042prt
    .
    Class GUID: {4d36e972-e325-11ce-bfc1-08002be10318}
    Description: Intel(R) 82567LM-3 Gigabit Network Connection
    Device ID: PCI\VEN_8086&DEV_10DE&SUBSYS_3048103C&REV_02\3&21436425&0&C8
    Manufacturer: Intel
    Name: Intel(R) 82567LM-3 Gigabit Network Connection
    PNP Device ID: PCI\VEN_8086&DEV_10DE&SUBSYS_3048103C&REV_02\3&21436425&0&C8
    Service: e1kexpress
    .
    Class GUID: {4d36e96b-e325-11ce-bfc1-08002be10318}
    Description: Standard PS/2 Keyboard
    Device ID: ACPI\PNP0303\4&60DD4BF&0
    Manufacturer: (Standard keyboards)
    Name: Standard PS/2 Keyboard
    PNP Device ID: ACPI\PNP0303\4&60DD4BF&0
    Service: i8042prt
    .
    ==== System Restore Points ===================
    .
    RP137: 8/22/2012 11:26:34 AM - Scheduled Checkpoint
    RP138: 8/29/2012 10:02:36 AM - ComboFix created restore point
    RP139: 8/29/2012 11:35:08 AM - Restore Operation
    RP140: 8/29/2012 12:51:27 PM - Windows Update
    RP141: 9/6/2012 12:00:04 AM - Scheduled Checkpoint
    RP142: 9/13/2012 3:00:20 AM - Windows Update
    .
    ==== Installed Programs ======================
    .
    Adobe AIR
    Adobe Flash Player 11 ActiveX
    Adobe Flash Player 11 Plugin
    Adobe Reader X (10.1.4)
    Definition Update for Microsoft Office 2010 (KB982726) 32-Bit Edition
    HP Customer Experience Enhancements
    Intel(R) Graphics Media Accelerator Driver
    Java Auto Updater
    Java(TM) 6 Update 31
    LightScribe System Software
    Malwarebytes Anti-Malware version 1.65.0.1400
    Microsoft Office 2010 Service Pack 1 (SP1)
    Microsoft Office Access MUI (English) 2010
    Microsoft Office Access Setup Metadata MUI (English) 2010
    Microsoft Office Excel MUI (English) 2010
    Microsoft Office Home and Business 2010
    Microsoft Office OneNote MUI (English) 2010
    Microsoft Office Outlook MUI (English) 2010
    Microsoft Office PowerPoint MUI (English) 2010
    Microsoft Office Proof (English) 2010
    Microsoft Office Proof (French) 2010
    Microsoft Office Proof (Spanish) 2010
    Microsoft Office Proofing (English) 2010
    Microsoft Office Publisher MUI (English) 2010
    Microsoft Office Shared MUI (English) 2010
    Microsoft Office Shared Setup Metadata MUI (English) 2010
    Microsoft Office Single Image 2010
    Microsoft Office Word MUI (English) 2010
    Microsoft Silverlight
    Mozilla Firefox 13.0.1 (x86 en-US)
    Mozilla Maintenance Service
    MSXML 4.0 SP2 (KB954430)
    MSXML 4.0 SP2 (KB973688)
    Norton AntiVirus
    Realtek High Definition Audio Driver
    Roxio Creator Audio
    Roxio Creator Basic v9
    Roxio Creator Copy
    Roxio Creator Data
    Roxio Creator Tools
    Roxio Express Labeler 3
    Roxio MyDVD Basic v9
    Sage Timeslips 2011 Local Install
    Security Update for Microsoft .NET Framework 4 Client Profile (KB2160841)
    Security Update for Microsoft .NET Framework 4 Client Profile (KB2446708)
    Security Update for Microsoft .NET Framework 4 Client Profile (KB2478663)
    Security Update for Microsoft .NET Framework 4 Client Profile (KB2518870)
    Security Update for Microsoft .NET Framework 4 Client Profile (KB2539636)
    Security Update for Microsoft .NET Framework 4 Client Profile (KB2572078)
    Security Update for Microsoft .NET Framework 4 Client Profile (KB2604121)
    Security Update for Microsoft .NET Framework 4 Client Profile (KB2633870)
    Security Update for Microsoft .NET Framework 4 Client Profile (KB2656351)
    Security Update for Microsoft .NET Framework 4 Client Profile (KB2656368)
    Security Update for Microsoft .NET Framework 4 Client Profile (KB2656368v2)
    Security Update for Microsoft .NET Framework 4 Client Profile (KB2656405)
    Security Update for Microsoft .NET Framework 4 Client Profile (KB2686827)
    Security Update for Microsoft Excel 2010 (KB2597166) 32-Bit Edition
    Security Update for Microsoft InfoPath 2010 (KB2553322) 32-Bit Edition
    Security Update for Microsoft Office 2010 (KB2553091)
    Security Update for Microsoft Office 2010 (KB2553096)
    Security Update for Microsoft Office 2010 (KB2553260) 32-Bit Edition
    Security Update for Microsoft Office 2010 (KB2553371) 32-Bit Edition
    Security Update for Microsoft Office 2010 (KB2553447) 32-Bit Edition
    Security Update for Microsoft Office 2010 (KB2589320) 32-Bit Edition
    Security Update for Microsoft Office 2010 (KB2589322) 32-Bit Edition
    Security Update for Microsoft Office 2010 (KB2597986) 32-Bit Edition
    Security Update for Microsoft Office 2010 (KB2598243) 32-Bit Edition
    Security Update for Microsoft PowerPoint 2010 (KB2553185) 32-Bit Edition
    Security Update for Microsoft SharePoint Workspace 2010 (KB2566445)
    Security Update for Microsoft Visio Viewer 2010 (KB2598287) 32-Bit Edition
    Sonic Activation Module
    Timeslips by Sage 2009
    Update for Microsoft .NET Framework 4 Client Profile (KB2468871)
    Update for Microsoft .NET Framework 4 Client Profile (KB2533523)
    Update for Microsoft .NET Framework 4 Client Profile (KB2600217)
    Update for Microsoft Office 2010 (KB2494150)
    Update for Microsoft Office 2010 (KB2553065)
    Update for Microsoft Office 2010 (KB2553181) 32-Bit Edition
    Update for Microsoft Office 2010 (KB2553267) 32-Bit Edition
    Update for Microsoft Office 2010 (KB2553270) 32-Bit Edition
    Update for Microsoft Office 2010 (KB2553272) 32-Bit Edition
    Update for Microsoft Office 2010 (KB2553310) 32-Bit Edition
    Update for Microsoft Office 2010 (KB2566458)
    Update for Microsoft Office 2010 (KB2596964) 32-Bit Edition
    Update for Microsoft Office 2010 (KB2598289) 32-Bit Edition
    Update for Microsoft OneNote 2010 (KB2553290) 32-Bit Edition
    Update for Microsoft OneNote 2010 (KB2589345) 32-Bit Edition
    Update for Microsoft Outlook 2010 (KB2553323) 32-Bit Edition
    Update for Microsoft Outlook Social Connector 2010 (KB2553406) 32-Bit Edition
    .
    ==== Event Viewer Messages From Past Week ========
    .
    9/21/2012 1:51:17 PM, Error: Service Control Manager [7000] - The HP Health Check Service service failed to start due to the following error: The system cannot find the file specified.
    9/21/2012 1:46:57 PM, Error: Service Control Manager [7022] - The Windows Update service hung on starting.
    9/14/2012 9:03:55 AM, Error: NetBT [4321] - The name "WORKGROUP :1d" could not be registered on the interface with IP address 192.168.25.111. The computer with the IP address 192.168.25.112 did not allow the name to be claimed by this computer.
    .
    ==== End Of File ===========================

    Any help you can provide will be great appreciated.

    Thank you for your time.

    Joe
  2. Broni

    Broni Malware Annihilator Posts: 45,175   +242

    Welcome aboard [​IMG]

    Please, observe following rules:
    • Read all of my instructions very carefully. Your mistakes during cleaning process may have very serious consequences, like unbootable computer.
    • If you're stuck, or you're not sure about certain step, always ask before doing anything else.
    • Please refrain from running any tools, fixes or applying any changes to your computer other than those I suggest.
    • Never run more than one scan at a time.
    • Keep updating me regarding your computer behavior, good, or bad.
    • The cleaning process, once started, has to be completed. Even if your computer appears to act better, it may still be infected. Once the computer is totally clean, I'll certainly let you know.
    • If you leave the topic without explanation in the middle of a cleaning process, you may not be eligible to receive any more help in malware removal forum.
    • I close my topics if you have not replied in 5 days. If you need more time, simply let me know. If I closed your topic and you need it to be reopened, simply PM me.

    ====================================

    Download TDSSKiller and save it to your desktop.
    • Extract (unzip) its contents to your desktop.
    • Open the TDSSKiller folder and doubleclick on TDSSKiller.exe to run the application, then on Start Scan.
    • If an infected file is detected, the default action will be Cure, click on Continue.
    • If a suspicious file is detected, the default action will be Skip, click on Continue.
    • It may ask you to reboot the computer to complete the process. Click on Reboot Now.
    • If no reboot is require, click on Report. A log file should appear. Please copy and paste the contents of that file here.
    • If a reboot is required, the report can also be found in your root directory (usually C:\ folder) in the form of TDSSKiller_xxxx_log.txt. Please copy and paste the contents of that file here.
  3. JHirschmann

    JHirschmann Newcomer, in training Topic Starter

    Below is the first part of two (2) logs created by TDSSKiller:

    09:16:00.0949 1092 TDSS rootkit removing tool 2.8.10.0 Sep 17 2012 19:23:24
    09:16:01.0500 1092 ============================================================
    09:16:01.0500 1092 Current date / time: 2012/09/24 09:16:01.0500
    09:16:01.0500 1092 SystemInfo:
    09:16:01.0500 1092
    09:16:01.0500 1092 OS Version: 6.1.7601 ServicePack: 1.0
    09:16:01.0500 1092 Product type: Workstation
    09:16:01.0500 1092 ComputerName: 6000PRO-02
    09:16:01.0500 1092 UserName: jhirschmann
    09:16:01.0500 1092 Windows directory: C:\Windows
    09:16:01.0500 1092 System windows directory: C:\Windows
    09:16:01.0500 1092 Running under WOW64
    09:16:01.0500 1092 Processor architecture: Intel x64
    09:16:01.0500 1092 Number of processors: 2
    09:16:01.0500 1092 Page size: 0x1000
    09:16:01.0500 1092 Boot type: Normal boot
    09:16:01.0500 1092 ============================================================
    09:16:02.0374 1092 Drive \Device\Harddisk0\DR0 - Size: 0x3A38B2E000 (232.89 Gb), SectorSize: 0x200, Cylinders: 0x76C1, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000040
    09:16:02.0378 1092 ============================================================
    09:16:02.0378 1092 \Device\Harddisk0\DR0:
    09:16:02.0378 1092 MBR partitions:
    09:16:02.0378 1092 \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x800, BlocksNum 0x3FF800
    09:16:02.0378 1092 \Device\Harddisk0\DR0\Partition2: MBR, Type 0x7, StartLBA 0x400000, BlocksNum 0x1C19F000
    09:16:02.0378 1092 \Device\Harddisk0\DR0\Partition3: MBR, Type 0x7, StartLBA 0x1C59F000, BlocksNum 0xC21800
    09:16:02.0378 1092 ============================================================
    09:16:02.0419 1092 C: <-> \Device\Harddisk0\DR0\Partition2
    09:16:02.0469 1092 D: <-> \Device\Harddisk0\DR0\Partition3
    09:16:02.0469 1092 ============================================================
    09:16:02.0469 1092 Initialize success
    09:16:02.0469 1092 ============================================================
    09:16:15.0742 2828 ============================================================
    09:16:15.0743 2828 Scan started
    09:16:15.0743 2828 Mode: Manual;
    09:16:15.0743 2828 ============================================================
    09:16:17.0421 2828 ================ Scan system memory ========================
    09:16:17.0421 2828 System memory - ok
    09:16:17.0422 2828 ================ Scan services =============================
    09:16:17.0636 2828 [ A87D604AEA360176311474C87A63BB88 ] 1394ohci C:\Windows\system32\drivers\1394ohci.sys
    09:16:17.0642 2828 1394ohci - ok
    09:16:17.0710 2828 [ D81D9E70B8A6DD14D42D7B4EFA65D5F2 ] ACPI C:\Windows\system32\drivers\ACPI.sys
    09:16:17.0716 2828 ACPI - ok
    09:16:17.0771 2828 [ 99F8E788246D495CE3794D7E7821D2CA ] AcpiPmi C:\Windows\system32\drivers\acpipmi.sys
    09:16:17.0773 2828 AcpiPmi - ok
    09:16:17.0902 2828 [ D19C4EE2AC7C47B8F5F84FFF1A789D8A ] AdobeARMservice C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
    09:16:17.0903 2828 AdobeARMservice - ok
    09:16:18.0136 2828 [ E12CFCF1DDBFC50948A75E6E38793225 ] AdobeFlashPlayerUpdateSvc C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
    09:16:18.0139 2828 AdobeFlashPlayerUpdateSvc - ok
    09:16:18.0187 2828 [ 2F6B34B83843F0C5118B63AC634F5BF4 ] adp94xx C:\Windows\system32\DRIVERS\adp94xx.sys
    09:16:18.0207 2828 adp94xx - ok
    09:16:18.0244 2828 [ 597F78224EE9224EA1A13D6350CED962 ] adpahci C:\Windows\system32\DRIVERS\adpahci.sys
    09:16:18.0264 2828 adpahci - ok
    09:16:18.0306 2828 [ E109549C90F62FB570B9540C4B148E54 ] adpu320 C:\Windows\system32\DRIVERS\adpu320.sys
    09:16:18.0308 2828 adpu320 - ok
    09:16:18.0362 2828 [ 4B78B431F225FD8624C5655CB1DE7B61 ] AeLookupSvc C:\Windows\System32\aelupsvc.dll
    09:16:18.0363 2828 AeLookupSvc - ok
    09:16:18.0507 2828 [ 1C7857B62DE5994A75B054A9FD4C3825 ] AFD C:\Windows\system32\drivers\afd.sys
    09:16:18.0512 2828 AFD - ok
    09:16:18.0551 2828 [ 608C14DBA7299D8CB6ED035A68A15799 ] agp440 C:\Windows\system32\drivers\agp440.sys
    09:16:18.0560 2828 agp440 - ok
    09:16:18.0624 2828 [ 3290D6946B5E30E70414990574883DDB ] ALG C:\Windows\System32\alg.exe
    09:16:18.0625 2828 ALG - ok
    09:16:18.0712 2828 [ 5812713A477A3AD7363C7438CA2EE038 ] aliide C:\Windows\system32\drivers\aliide.sys
    09:16:18.0714 2828 aliide - ok
    09:16:18.0740 2828 [ 1FF8B4431C353CE385C875F194924C0C ] amdide C:\Windows\system32\drivers\amdide.sys
    09:16:18.0760 2828 amdide - ok
    09:16:18.0828 2828 [ 7024F087CFF1833A806193EF9D22CDA9 ] AmdK8 C:\Windows\system32\DRIVERS\amdk8.sys
    09:16:18.0829 2828 AmdK8 - ok
    09:16:18.0902 2828 [ 1E56388B3FE0D031C44144EB8C4D6217 ] AmdPPM C:\Windows\system32\DRIVERS\amdppm.sys
    09:16:18.0916 2828 AmdPPM - ok
    09:16:19.0011 2828 [ D4121AE6D0C0E7E13AA221AA57EF2D49 ] amdsata C:\Windows\system32\drivers\amdsata.sys
    09:16:19.0025 2828 amdsata - ok
    09:16:19.0085 2828 [ F67F933E79241ED32FF46A4F29B5120B ] amdsbs C:\Windows\system32\DRIVERS\amdsbs.sys
    09:16:19.0091 2828 amdsbs - ok
    09:16:19.0111 2828 [ 540DAF1CEA6094886D72126FD7C33048 ] amdxata C:\Windows\system32\drivers\amdxata.sys
    09:16:19.0112 2828 amdxata - ok
    09:16:19.0201 2828 [ 89A69C3F2F319B43379399547526D952 ] AppID C:\Windows\system32\drivers\appid.sys
    09:16:19.0267 2828 AppID - ok
    09:16:19.0299 2828 [ 0BC381A15355A3982216F7172F545DE1 ] AppIDSvc C:\Windows\System32\appidsvc.dll
    09:16:19.0391 2828 AppIDSvc - ok
    09:16:19.0483 2828 [ 3977D4A871CA0D4F2ED1E7DB46829731 ] Appinfo C:\Windows\System32\appinfo.dll
    09:16:19.0517 2828 Appinfo - ok
    09:16:19.0652 2828 [ 4ABA3E75A76195A3E38ED2766C962899 ] AppMgmt C:\Windows\System32\appmgmts.dll
    09:16:19.0685 2828 AppMgmt - ok
    09:16:19.0773 2828 [ C484F8CEB1717C540242531DB7845C4E ] arc C:\Windows\system32\DRIVERS\arc.sys
    09:16:19.0843 2828 arc - ok
    09:16:19.0874 2828 [ 019AF6924AEFE7839F61C830227FE79C ] arcsas C:\Windows\system32\DRIVERS\arcsas.sys
    09:16:19.0909 2828 arcsas - ok
    09:16:19.0966 2828 [ 769765CE2CC62867468CEA93969B2242 ] AsyncMac C:\Windows\system32\DRIVERS\asyncmac.sys
    09:16:19.0967 2828 AsyncMac - ok
    09:16:20.0005 2828 [ 02062C0B390B7729EDC9E69C680A6F3C ] atapi C:\Windows\system32\drivers\atapi.sys
    09:16:20.0006 2828 atapi - ok
    09:16:20.0051 2828 [ F23FEF6D569FCE88671949894A8BECF1 ] AudioEndpointBuilder C:\Windows\System32\Audiosrv.dll
    09:16:20.0058 2828 AudioEndpointBuilder - ok
    09:16:20.0066 2828 [ F23FEF6D569FCE88671949894A8BECF1 ] AudioSrv C:\Windows\System32\Audiosrv.dll
    09:16:20.0069 2828 AudioSrv - ok
    09:16:20.0165 2828 [ A6BF31A71B409DFA8CAC83159E1E2AFF ] AxInstSV C:\Windows\System32\AxInstSV.dll
    09:16:20.0167 2828 AxInstSV - ok
    09:16:20.0211 2828 [ 3E5B191307609F7514148C6832BB0842 ] b06bdrv C:\Windows\system32\DRIVERS\bxvbda.sys
    09:16:20.0226 2828 b06bdrv - ok
    09:16:20.0268 2828 [ B5ACE6968304A3900EEB1EBFD9622DF2 ] b57nd60a C:\Windows\system32\DRIVERS\b57nd60a.sys
    09:16:20.0284 2828 b57nd60a - ok
    09:16:20.0319 2828 [ FDE360167101B4E45A96F939F388AEB0 ] BDESVC C:\Windows\System32\bdesvc.dll
    09:16:20.0335 2828 BDESVC - ok
    09:16:20.0365 2828 [ 16A47CE2DECC9B099349A5F840654746 ] Beep C:\Windows\system32\drivers\Beep.sys
    09:16:20.0398 2828 Beep - ok
    09:16:20.0452 2828 [ 82974D6A2FD19445CC5171FC378668A4 ] BFE C:\Windows\System32\bfe.dll
    09:16:20.0458 2828 BFE - ok
    09:16:20.0652 2828 [ A45BE4E091636F6C86D6E4FC945D5A26 ] BHDrvx64 C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NAV_19.7.1.5\Definitions\BASHDefs\20120919.001\BHDrvx64.sys
    09:16:20.0658 2828 BHDrvx64 - ok
    09:16:20.0703 2828 [ 1EA7969E3271CBC59E1730697DC74682 ] BITS C:\Windows\System32\qmgr.dll
    09:16:20.0712 2828 BITS - ok
    09:16:20.0749 2828 [ 61583EE3C3A17003C4ACD0475646B4D3 ] blbdrive C:\Windows\system32\DRIVERS\blbdrive.sys
    09:16:20.0757 2828 blbdrive - ok
    09:16:20.0811 2828 [ 6C02A83164F5CC0A262F4199F0871CF5 ] bowser C:\Windows\system32\DRIVERS\bowser.sys
    09:16:20.0835 2828 bowser - ok
    09:16:20.0885 2828 [ F09EEE9EDC320B5E1501F749FDE686C8 ] BrFiltLo C:\Windows\system32\DRIVERS\BrFiltLo.sys
    09:16:20.0887 2828 BrFiltLo - ok
    09:16:20.0903 2828 [ B114D3098E9BDB8BEA8B053685831BE6 ] BrFiltUp C:\Windows\system32\DRIVERS\BrFiltUp.sys
    09:16:20.0921 2828 BrFiltUp - ok
    09:16:20.0949 2828 [ 05F5A0D14A2EE1D8255C2AA0E9E8E694 ] Browser C:\Windows\System32\browser.dll
    09:16:20.0950 2828 Browser - ok
    09:16:20.0976 2828 [ 43BEA8D483BF1870F018E2D02E06A5BD ] Brserid C:\Windows\System32\Drivers\Brserid.sys
    09:16:20.0991 2828 Brserid - ok
    09:16:21.0011 2828 [ A6ECA2151B08A09CACECA35C07F05B42 ] BrSerWdm C:\Windows\System32\Drivers\BrSerWdm.sys
    09:16:21.0012 2828 BrSerWdm - ok
    09:16:21.0050 2828 [ B79968002C277E869CF38BD22CD61524 ] BrUsbMdm C:\Windows\System32\Drivers\BrUsbMdm.sys
    09:16:21.0052 2828 BrUsbMdm - ok
    09:16:21.0066 2828 [ A87528880231C54E75EA7A44943B38BF ] BrUsbSer C:\Windows\System32\Drivers\BrUsbSer.sys
    09:16:21.0082 2828 BrUsbSer - ok
    09:16:21.0096 2828 [ 9DA669F11D1F894AB4EB69BF546A42E8 ] BTHMODEM C:\Windows\system32\DRIVERS\bthmodem.sys
    09:16:21.0097 2828 BTHMODEM - ok
    09:16:21.0133 2828 [ 95F9C2976059462CBBF227F7AAB10DE9 ] bthserv C:\Windows\system32\bthserv.dll
    09:16:21.0153 2828 bthserv - ok
    09:16:21.0241 2828 [ 2C6FFCCA37B002AAB3C7C31A6D780A76 ] ccSet_NAV C:\Windows\system32\drivers\NAVx64\1308000.00E\ccSetx64.sys
    09:16:21.0258 2828 ccSet_NAV - ok
    09:16:21.0297 2828 [ B8BD2BB284668C84865658C77574381A ] cdfs C:\Windows\system32\DRIVERS\cdfs.sys
    09:16:21.0309 2828 cdfs - ok
    09:16:21.0364 2828 [ F036CE71586E93D94DAB220D7BDF4416 ] cdrom C:\Windows\system32\drivers\cdrom.sys
    09:16:21.0366 2828 cdrom - ok
    09:16:21.0408 2828 [ F17D1D393BBC69C5322FBFAFACA28C7F ] CertPropSvc C:\Windows\System32\certprop.dll
    09:16:21.0415 2828 CertPropSvc - ok
    09:16:21.0447 2828 [ D7CD5C4E1B71FA62050515314CFB52CF ] circlass C:\Windows\system32\DRIVERS\circlass.sys
    09:16:21.0449 2828 circlass - ok
    09:16:21.0476 2828 [ FE1EC06F2253F691FE36217C592A0206 ] CLFS C:\Windows\system32\CLFS.sys
    09:16:21.0480 2828 CLFS - ok
    09:16:21.0544 2828 [ D88040F816FDA31C3B466F0FA0918F29 ] clr_optimization_v2.0.50727_32 C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
    09:16:21.0546 2828 clr_optimization_v2.0.50727_32 - ok
    09:16:21.0598 2828 [ D1CEEA2B47CB998321C579651CE3E4F8 ] clr_optimization_v2.0.50727_64 C:\Windows\Microsoft.NET\Framework64\v2.0.50727\mscorsvw.exe
    09:16:21.0600 2828 clr_optimization_v2.0.50727_64 - ok
    09:16:21.0645 2828 [ C5A75EB48E2344ABDC162BDA79E16841 ] clr_optimization_v4.0.30319_32 C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
    09:16:21.0657 2828 clr_optimization_v4.0.30319_32 - ok
    09:16:21.0691 2828 [ C6F9AF94DCD58122A4D7E89DB6BED29D ] clr_optimization_v4.0.30319_64 C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe
    09:16:21.0693 2828 clr_optimization_v4.0.30319_64 - ok
    09:16:21.0715 2828 [ 0840155D0BDDF1190F84A663C284BD33 ] CmBatt C:\Windows\system32\DRIVERS\CmBatt.sys
    09:16:21.0758 2828 CmBatt - ok
    09:16:21.0796 2828 [ E19D3F095812725D88F9001985B94EDD ] cmdide C:\Windows\system32\drivers\cmdide.sys
    09:16:21.0797 2828 cmdide - ok
    09:16:21.0896 2828 [ 9AC4F97C2D3E93367E2148EA940CD2CD ] CNG C:\Windows\system32\Drivers\cng.sys
    09:16:21.0929 2828 CNG - ok
    09:16:21.0956 2828 [ 102DE219C3F61415F964C88E9085AD14 ] Compbatt C:\Windows\system32\DRIVERS\compbatt.sys
    09:16:21.0969 2828 Compbatt - ok
    09:16:22.0010 2828 [ 03EDB043586CCEBA243D689BDDA370A8 ] CompositeBus C:\Windows\system32\drivers\CompositeBus.sys
    09:16:22.0011 2828 CompositeBus - ok
    09:16:22.0023 2828 COMSysApp - ok
    09:16:22.0044 2828 [ 1C827878A998C18847245FE1F34EE597 ] crcdisk C:\Windows\system32\DRIVERS\crcdisk.sys
    09:16:22.0061 2828 crcdisk - ok
    09:16:22.0119 2828 [ 4F5414602E2544A4554D95517948B705 ] CryptSvc C:\Windows\system32\cryptsvc.dll
    09:16:22.0121 2828 CryptSvc - ok
    09:16:22.0159 2828 [ 54DA3DFD29ED9F1619B6F53F3CE55E49 ] CSC C:\Windows\system32\drivers\csc.sys
    09:16:22.0164 2828 CSC - ok
    09:16:22.0180 2828 [ 3AB183AB4D2C79DCF459CD2C1266B043 ] CscService C:\Windows\System32\cscsvc.dll
    09:16:22.0187 2828 CscService - ok
    09:16:22.0227 2828 [ 5C627D1B1138676C0A7AB2C2C190D123 ] DcomLaunch C:\Windows\system32\rpcss.dll
    09:16:22.0232 2828 DcomLaunch - ok
    09:16:22.0265 2828 [ 3CEC7631A84943677AA8FA8EE5B6B43D ] defragsvc C:\Windows\System32\defragsvc.dll
    09:16:22.0286 2828 defragsvc - ok
    09:16:22.0330 2828 [ 9BB2EF44EAA163B29C4A4587887A0FE4 ] DfsC C:\Windows\system32\Drivers\dfsc.sys
    09:16:22.0332 2828 DfsC - ok
    09:16:22.0380 2828 [ 43D808F5D9E1A18E5EEB5EBC83969E4E ] Dhcp C:\Windows\system32\dhcpcore.dll
    09:16:22.0383 2828 Dhcp - ok
    09:16:22.0405 2828 [ 13096B05847EC78F0977F2C0F79E9AB3 ] discache C:\Windows\system32\drivers\discache.sys
    09:16:22.0406 2828 discache - ok
    09:16:22.0426 2828 [ 9819EEE8B5EA3784EC4AF3B137A5244C ] Disk C:\Windows\system32\DRIVERS\disk.sys
    09:16:22.0432 2828 Disk - ok
    09:16:22.0493 2828 [ F6EACE5E9875A5A6F8108E9239115B06 ] DLABMFSE C:\Windows\system32\DLA\DLABMFSE.SYS
    09:16:22.0512 2828 DLABMFSE - ok
    09:16:22.0535 2828 [ 154E8D1D989770CC8E5797B83138EFFB ] DLABOIOE C:\Windows\system32\DLA\DLABOIOE.SYS
    09:16:22.0536 2828 DLABOIOE - ok
    09:16:22.0545 2828 [ 8BFFDF668B5B3DB82B45FD98F6D5B047 ] DLACDBHE C:\Windows\system32\Drivers\DLACDBHE.SYS
    09:16:22.0545 2828 DLACDBHE - ok
    09:16:22.0569 2828 [ 52C830CE8D22D1EE0D017B08A73FA593 ] DLADResE C:\Windows\system32\DLA\DLADResE.SYS
    09:16:22.0591 2828 DLADResE - ok
    09:16:22.0637 2828 [ F34A13F4E3C391257EB376F0CBF6B58E ] DLAIFS_E C:\Windows\system32\DLA\DLAIFS_E.SYS
    09:16:22.0638 2828 DLAIFS_E - ok
    09:16:22.0654 2828 [ CD8F2E0591CB1DE2F20FBD8F96187694 ] DLAOPIOE C:\Windows\system32\DLA\DLAOPIOE.SYS
    09:16:22.0655 2828 DLAOPIOE - ok
    09:16:22.0668 2828 [ DE8C58FF9B941AADB0FC352528BA81ED ] DLAPoolE C:\Windows\system32\DLA\DLAPoolE.SYS
    09:16:22.0669 2828 DLAPoolE - ok
    09:16:22.0691 2828 [ C8129D9FCD1E8D24BEAA0A65A8E70C40 ] DLARTL_E C:\Windows\system32\Drivers\DLARTL_E.SYS
    09:16:22.0711 2828 DLARTL_E - ok
    09:16:22.0734 2828 [ 6EFB6166EFDD372E18E3717B5F89BAAC ] DLAUDFAE C:\Windows\system32\DLA\DLAUDFAE.SYS
    09:16:22.0735 2828 DLAUDFAE - ok
    09:16:22.0762 2828 [ 81404FFFB146AA190F683810C9FE1097 ] DLAUDF_E C:\Windows\system32\DLA\DLAUDF_E.SYS
    09:16:22.0763 2828 DLAUDF_E - ok
    09:16:22.0810 2828 [ 16835866AAA693C7D7FCEBA8FFF706E4 ] Dnscache C:\Windows\System32\dnsrslvr.dll
    09:16:22.0816 2828 Dnscache - ok
    09:16:22.0879 2828 [ B1FB3DDCA0FDF408750D5843591AFBC6 ] dot3svc C:\Windows\System32\dot3svc.dll
    09:16:22.0882 2828 dot3svc - ok
    09:16:22.0892 2828 [ B26F4F737E8F9DF4F31AF6CF31D05820 ] DPS C:\Windows\system32\dps.dll
    09:16:22.0894 2828 DPS - ok
    09:16:22.0987 2828 [ 9B19F34400D24DF84C858A421C205754 ] drmkaud C:\Windows\system32\drivers\drmkaud.sys
    09:16:23.0006 2828 drmkaud - ok
    09:16:23.0055 2828 [ BA1383DE7EABD669E1E0E28F1BEF0968 ] DRVECDB C:\Windows\system32\Drivers\DRVECDB.SYS
    09:16:23.0073 2828 DRVECDB - ok
    09:16:23.0087 2828 [ 20C296250F155E60B16A3B4601D28695 ] DRVEDDM C:\Windows\system32\Drivers\DRVEDDM.SYS
    09:16:23.0088 2828 DRVEDDM - ok
    09:16:23.0102 2828 DWMRCS - ok
    09:16:23.0137 2828 [ FAAE299FBF42029E55657F61F55533D3 ] dwvkbd C:\Windows\system32\DRIVERS\dwvkbd64.sys
    09:16:23.0138 2828 dwvkbd - ok
    09:16:23.0191 2828 [ F5BEE30450E18E6B83A5012C100616FD ] DXGKrnl C:\Windows\System32\drivers\dxgkrnl.sys
    09:16:23.0196 2828 DXGKrnl - ok
    09:16:23.0234 2828 [ 60C5B36E07BE8B3AF3911C3D10303CFE ] e1kexpress C:\Windows\system32\DRIVERS\e1k62x64.sys
    09:16:23.0249 2828 e1kexpress - ok
    09:16:23.0272 2828 [ E2DDA8726DA9CB5B2C4000C9018A9633 ] EapHost C:\Windows\System32\eapsvc.dll
    09:16:23.0274 2828 EapHost - ok
    09:16:23.0339 2828 [ DC5D737F51BE844D8C82C695EB17372F ] ebdrv C:\Windows\system32\DRIVERS\evbda.sys
    09:16:23.0402 2828 ebdrv - ok
    09:16:23.0494 2828 [ 4353FF94D47A0A9D52B89ECCF0CDB013 ] eeCtrl C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\eeCtrl64.sys
    09:16:23.0497 2828 eeCtrl - ok
    09:16:23.0525 2828 [ C118A82CD78818C29AB228366EBF81C3 ] EFS C:\Windows\System32\lsass.exe
    09:16:23.0526 2828 EFS - ok
    09:16:23.0584 2828 [ C4002B6B41975F057D98C439030CEA07 ] ehRecvr C:\Windows\ehome\ehRecvr.exe
    09:16:23.0591 2828 ehRecvr - ok
    09:16:23.0618 2828 [ 4705E8EF9934482C5BB488CE28AFC681 ] ehSched C:\Windows\ehome\ehsched.exe
    09:16:23.0638 2828 ehSched - ok
    09:16:23.0691 2828 [ 0E5DA5369A0FCAEA12456DD852545184 ] elxstor C:\Windows\system32\DRIVERS\elxstor.sys
    09:16:23.0696 2828 elxstor - ok
    09:16:23.0742 2828 [ C5BCCB378D0A896304A3E71BE7215983 ] EraserUtilRebootDrv C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys
    09:16:23.0743 2828 EraserUtilRebootDrv - ok
    09:16:23.0773 2828 [ 34A3C54752046E79A126E15C51DB409B ] ErrDev C:\Windows\system32\drivers\errdev.sys
    09:16:23.0774 2828 ErrDev - ok
    09:16:23.0816 2828 [ 4166F82BE4D24938977DD1746BE9B8A0 ] EventSystem C:\Windows\system32\es.dll
    09:16:23.0819 2828 EventSystem - ok
    09:16:23.0840 2828 [ A510C654EC00C1E9BDD91EEB3A59823B ] exfat C:\Windows\system32\drivers\exfat.sys
    09:16:23.0859 2828 exfat - ok
    09:16:23.0949 2828 [ 0ADC83218B66A6DB380C330836F3E36D ] fastfat C:\Windows\system32\drivers\fastfat.sys
    09:16:23.0956 2828 fastfat - ok
    09:16:24.0085 2828 [ DBEFD454F8318A0EF691FDD2EAAB44EB ] Fax C:\Windows\system32\fxssvc.exe
    09:16:24.0177 2828 Fax - ok
    09:16:24.0209 2828 [ D765D19CD8EF61F650C384F62FAC00AB ] fdc C:\Windows\system32\DRIVERS\fdc.sys
    09:16:24.0234 2828 fdc - ok
    09:16:24.0256 2828 [ 0438CAB2E03F4FB61455A7956026FE86 ] fdPHost C:\Windows\system32\fdPHost.dll
    09:16:24.0257 2828 fdPHost - ok
    09:16:24.0268 2828 [ 802496CB59A30349F9A6DD22D6947644 ] FDResPub C:\Windows\system32\fdrespub.dll
    09:16:24.0269 2828 FDResPub - ok
    09:16:24.0297 2828 [ 655661BE46B5F5F3FD454E2C3095B930 ] FileInfo C:\Windows\system32\drivers\fileinfo.sys
    09:16:24.0298 2828 FileInfo - ok
    09:16:24.0305 2828 [ 5F671AB5BC87EEA04EC38A6CD5962A47 ] Filetrace C:\Windows\system32\drivers\filetrace.sys
    09:16:24.0321 2828 Filetrace - ok
    09:16:24.0350 2828 [ C172A0F53008EAEB8EA33FE10E177AF5 ] flpydisk C:\Windows\system32\DRIVERS\flpydisk.sys
    09:16:24.0383 2828 flpydisk - ok
    09:16:24.0455 2828 [ DA6B67270FD9DB3697B20FCE94950741 ] FltMgr C:\Windows\system32\drivers\fltmgr.sys
    09:16:24.0538 2828 FltMgr - ok
    09:16:24.0590 2828 [ 5C4CB4086FB83115B153E47ADD961A0C ] FontCache C:\Windows\system32\FntCache.dll
    09:16:24.0601 2828 FontCache - ok
    09:16:24.0659 2828 [ A8B7F3818AB65695E3A0BB3279F6DCE6 ] FontCache3.0.0.0 C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe
    09:16:24.0661 2828 FontCache3.0.0.0 - ok
    09:16:24.0687 2828 [ D43703496149971890703B4B1B723EAC ] FsDepends C:\Windows\system32\drivers\FsDepends.sys
    09:16:24.0699 2828 FsDepends - ok
    09:16:24.0721 2828 [ 6BD9295CC032DD3077C671FCCF579A7B ] Fs_Rec C:\Windows\system32\drivers\Fs_Rec.sys
    09:16:24.0721 2828 Fs_Rec - ok
    09:16:24.0758 2828 [ 1F7B25B858FA27015169FE95E54108ED ] fvevol C:\Windows\system32\DRIVERS\fvevol.sys
    09:16:24.0760 2828 fvevol - ok
    09:16:24.0782 2828 [ 8C778D335C9D272CFD3298AB02ABE3B6 ] gagp30kx C:\Windows\system32\DRIVERS\gagp30kx.sys
    09:16:24.0794 2828 gagp30kx - ok
    09:16:24.0823 2828 [ 277BBC7E1AA1EE957F573A10ECA7EF3A ] gpsvc C:\Windows\System32\gpsvc.dll
    09:16:24.0830 2828 gpsvc - ok
    09:16:24.0862 2828 [ F2523EF6460FC42405B12248338AB2F0 ] hcw85cir C:\Windows\system32\drivers\hcw85cir.sys
    09:16:24.0873 2828 hcw85cir - ok
    09:16:24.0926 2828 [ 975761C778E33CD22498059B91E7373A ] HdAudAddService C:\Windows\system32\drivers\HdAudio.sys
    09:16:24.0977 2828 HdAudAddService - ok
    09:16:25.0035 2828 [ 97BFED39B6B79EB12CDDBFEED51F56BB ] HDAudBus C:\Windows\system32\drivers\HDAudBus.sys
    09:16:25.0037 2828 HDAudBus - ok
    09:16:25.0062 2828 [ E91AFF2610114CCAEBB90D4D991BB6B2 ] HECIx64 C:\Windows\system32\DRIVERS\HECIx64.sys
    09:16:25.0063 2828 HECIx64 - ok
    09:16:25.0134 2828 [ 78E86380454A7B10A5EB255DC44A355F ] HidBatt C:\Windows\system32\DRIVERS\HidBatt.sys
    09:16:25.0165 2828 HidBatt - ok
    09:16:25.0203 2828 [ 7FD2A313F7AFE5C4DAB14798C48DD104 ] HidBth C:\Windows\system32\DRIVERS\hidbth.sys
    09:16:25.0205 2828 HidBth - ok
    09:16:25.0220 2828 [ 0A77D29F311B88CFAE3B13F9C1A73825 ] HidIr C:\Windows\system32\DRIVERS\hidir.sys
    09:16:25.0247 2828 HidIr - ok
    09:16:25.0276 2828 [ BD9EB3958F213F96B97B1D897DEE006D ] hidserv C:\Windows\system32\hidserv.dll
    09:16:25.0308 2828 hidserv - ok
    09:16:25.0435 2828 [ 9592090A7E2B61CD582B612B6DF70536 ] HidUsb C:\Windows\system32\drivers\hidusb.sys
    09:16:25.0452 2828 HidUsb - ok
    09:16:25.0531 2828 [ 387E72E739E15E3D37907A86D9FF98E2 ] hkmsvc C:\Windows\system32\kmsvc.dll
    09:16:25.0537 2828 hkmsvc - ok
    09:16:25.0587 2828 [ EFDFB3DD38A4376F93E7985173813ABD ] HomeGroupListener C:\Windows\system32\ListSvc.dll
    09:16:25.0613 2828 HomeGroupListener - ok
    09:16:25.0637 2828 [ 908ACB1F594274965A53926B10C81E89 ] HomeGroupProvider C:\Windows\system32\provsvc.dll
    09:16:25.0639 2828 HomeGroupProvider - ok
    09:16:25.0666 2828 HP Health Check Service - ok
    09:16:25.0710 2828 [ 39D2ABCD392F3D8A6DCE7B60AE7B8EFC ] HpSAMD C:\Windows\system32\drivers\HpSAMD.sys
    09:16:25.0711 2828 HpSAMD - ok
    09:16:25.0758 2828 [ 0EA7DE1ACB728DD5A369FD742D6EEE28 ] HTTP C:\Windows\system32\drivers\HTTP.sys
    09:16:25.0765 2828 HTTP - ok
    09:16:25.0795 2828 [ A5462BD6884960C9DC85ED49D34FF392 ] hwpolicy C:\Windows\system32\drivers\hwpolicy.sys
    09:16:25.0796 2828 hwpolicy - ok
    09:16:25.0848 2828 [ FA55C73D4AFFA7EE23AC4BE53B4592D3 ] i8042prt C:\Windows\system32\drivers\i8042prt.sys
    09:16:25.0849 2828 i8042prt - ok
    09:16:25.0891 2828 [ 1D004CB1DA6323B1F55CAEF7F94B61D9 ] iaStor C:\Windows\system32\drivers\iastor.sys
    09:16:25.0893 2828 iaStor - ok
    09:16:25.0945 2828 [ AAAF44DB3BD0B9D1FB6969B23ECC8366 ] iaStorV C:\Windows\system32\drivers\iaStorV.sys
    09:16:25.0949 2828 iaStorV - ok
    09:16:26.0049 2828 [ 6F95324909B502E2651442C1548AB12F ] IDriverT C:\Program Files (x86)\Roxio\Roxio MyDVD Basic v9\InstallShield\Driver\1050\Intel 32\IDriverT.exe
    09:16:26.0083 2828 IDriverT - ok
    09:16:26.0150 2828 [ 5988FC40F8DB5B0739CD1E3A5D0D78BD ] idsvc C:\Windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\infocard.exe
    09:16:26.0250 2828 idsvc - ok
    09:16:26.0397 2828 [ A48928D4CCA6F8B731989DB08CF2C0AB ] IDSVia64 C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NAV_19.7.1.5\Definitions\IPSDefs\20120921.001\IDSvia64.sys
    09:16:26.0399 2828 IDSVia64 - ok
    09:16:26.0714 2828 [ 677AA5991026A65ADA128C4B59CF2BAD ] igfx C:\Windows\system32\DRIVERS\igdkmd64.sys
    09:16:26.0856 2828 igfx - ok
    09:16:26.0910 2828 [ 5C18831C61933628F5BB0EA2675B9D21 ] iirsp C:\Windows\system32\DRIVERS\iirsp.sys
    09:16:26.0911 2828 iirsp - ok
    09:16:26.0946 2828 [ FCD84C381E0140AF901E58D48882D26B ] IKEEXT C:\Windows\System32\ikeext.dll
    09:16:26.0954 2828 IKEEXT - ok
    09:16:27.0016 2828 [ 73008FCA06B7FCF7D76C3E9E1953E83F ] IntcAzAudAddService C:\Windows\system32\drivers\RTKVHD64.sys
    09:16:27.0026 2828 IntcAzAudAddService - ok
    09:16:27.0104 2828 [ F00F20E70C6EC3AA366910083A0518AA ] intelide C:\Windows\system32\drivers\intelide.sys
    09:16:27.0105 2828 intelide - ok
    09:16:27.0141 2828 [ ADA036632C664CAA754079041CF1F8C1 ] intelppm C:\Windows\system32\DRIVERS\intelppm.sys
    09:16:27.0142 2828 intelppm - ok
    09:16:27.0215 2828 [ 098A91C54546A3B878DAD6A7E90A455B ] IPBusEnum C:\Windows\system32\ipbusenum.dll
    09:16:27.0235 2828 IPBusEnum - ok
    09:16:27.0254 2828 [ C9F0E1BD74365A8771590E9008D22AB6 ] IpFilterDriver C:\Windows\system32\DRIVERS\ipfltdrv.sys
    09:16:27.0256 2828 IpFilterDriver - ok
    09:16:27.0294 2828 [ A34A587FFFD45FA649FBA6D03784D257 ] iphlpsvc C:\Windows\System32\iphlpsvc.dll
    09:16:27.0328 2828 iphlpsvc - ok
    09:16:27.0380 2828 [ 0FC1AEA580957AA8817B8F305D18CA3A ] IPMIDRV C:\Windows\system32\drivers\IPMIDrv.sys
    09:16:27.0382 2828 IPMIDRV - ok
    09:16:27.0403 2828 [ AF9B39A7E7B6CAA203B3862582E9F2D0 ] IPNAT C:\Windows\system32\drivers\ipnat.sys
    09:16:27.0405 2828 IPNAT - ok
    09:16:27.0429 2828 [ 3ABF5E7213EB28966D55D58B515D5CE9 ] IRENUM C:\Windows\system32\drivers\irenum.sys
    09:16:27.0440 2828 IRENUM - ok
    09:16:27.0466 2828 [ 2F7B28DC3E1183E5EB418DF55C204F38 ] isapnp C:\Windows\system32\drivers\isapnp.sys
    09:16:27.0467 2828 isapnp - ok
    09:16:27.0481 2828 [ D931D7309DEB2317035B07C9F9E6B0BD ] iScsiPrt C:\Windows\system32\drivers\msiscsi.sys
    09:16:27.0484 2828 iScsiPrt - ok
    09:16:27.0525 2828 [ BC02336F1CBA7DCC7D1213BB588A68A5 ] kbdclass C:\Windows\system32\drivers\kbdclass.sys
    09:16:27.0526 2828 kbdclass - ok
    09:16:27.0567 2828 [ 0705EFF5B42A9DB58548EEC3B26BB484 ] kbdhid C:\Windows\system32\drivers\kbdhid.sys
    09:16:27.0573 2828 kbdhid - ok
    09:16:27.0583 2828 [ C118A82CD78818C29AB228366EBF81C3 ] KeyIso C:\Windows\system32\lsass.exe
    09:16:27.0584 2828 KeyIso - ok
    09:16:27.0622 2828 [ 97A7070AEA4C058B6418519E869A63B4 ] KSecDD C:\Windows\system32\Drivers\ksecdd.sys
    09:16:27.0623 2828 KSecDD - ok
    09:16:27.0656 2828 [ 26C43A7C2862447EC59DEDA188D1DA07 ] KSecPkg C:\Windows\system32\Drivers\ksecpkg.sys
    09:16:27.0669 2828 KSecPkg - ok
    09:16:27.0757 2828 [ 6869281E78CB31A43E969F06B57347C4 ] ksthunk C:\Windows\system32\drivers\ksthunk.sys
    09:16:27.0841 2828 ksthunk - ok
    09:16:27.0872 2828 [ 6AB66E16AA859232F64DEB66887A8C9C ] KtmRm C:\Windows\system32\msdtckrm.dll
    09:16:27.0941 2828 KtmRm - ok
    09:16:28.0048 2828 [ D9F42719019740BAA6D1C6D536CBDAA6 ] LanmanServer C:\Windows\system32\srvsvc.dll
    09:16:28.0051 2828 LanmanServer - ok
    09:16:28.0187 2828 [ 851A1382EED3E3A7476DB004F4EE3E1A ] LanmanWorkstation C:\Windows\System32\wkssvc.dll
    09:16:28.0189 2828 LanmanWorkstation - ok
    09:16:28.0354 2828 [ 0EE66BDF485C6828AA65C0EF5D591133 ] LightScribeService C:\Program Files (x86)\Common Files\LightScribe\LSSrvc.exe
    09:16:28.0354 2828 LightScribeService - ok
    09:16:28.0475 2828 [ 1538831CF8AD2979A04C423779465827 ] lltdio C:\Windows\system32\DRIVERS\lltdio.sys
    09:16:28.0479 2828 lltdio - ok
    09:16:28.0568 2828 [ C1185803384AB3FEED115F79F109427F ] lltdsvc C:\Windows\System32\lltdsvc.dll
    09:16:28.0589 2828 lltdsvc - ok
    09:16:28.0633 2828 [ F993A32249B66C9D622EA5592A8B76B8 ] lmhosts C:\Windows\System32\lmhsvc.dll
    09:16:28.0634 2828 lmhosts - ok
    09:16:28.0689 2828 [ 2763A02188FFB04287F5034EC5B6B451 ] LMS C:\Program Files (x86)\Intel\AMT\LMS.exe
    09:16:28.0690 2828 LMS - ok
    09:16:28.0718 2828 [ 1A93E54EB0ECE102495A51266DCDB6A6 ] LSI_FC C:\Windows\system32\DRIVERS\lsi_fc.sys
    09:16:28.0730 2828 LSI_FC - ok
    09:16:28.0756 2828 [ 1047184A9FDC8BDBFF857175875EE810 ] LSI_SAS C:\Windows\system32\DRIVERS\lsi_sas.sys
    09:16:28.0758 2828 LSI_SAS - ok
    09:16:28.0785 2828 [ 30F5C0DE1EE8B5BC9306C1F0E4A75F93 ] LSI_SAS2 C:\Windows\system32\DRIVERS\lsi_sas2.sys
    09:16:28.0787 2828 LSI_SAS2 - ok
    09:16:28.0805 2828 [ 0504EACAFF0D3C8AED161C4B0D369D4A ] LSI_SCSI C:\Windows\system32\DRIVERS\lsi_scsi.sys
    09:16:28.0806 2828 LSI_SCSI - ok
    09:16:28.0889 2828 [ 43D0F98E1D56CCDDB0D5254CFF7B356E ] luafv C:\Windows\system32\drivers\luafv.sys
    09:16:28.0910 2828 luafv - ok
    09:16:28.0941 2828 [ 0BE09CD858ABF9DF6ED259D57A1A1663 ] Mcx2Svc C:\Windows\system32\Mcx2Svc.dll
    09:16:28.0962 2828 Mcx2Svc - ok
    09:16:28.0985 2828 [ A55805F747C6EDB6A9080D7C633BD0F4 ] megasas C:\Windows\system32\DRIVERS\megasas.sys
    09:16:28.0986 2828 megasas - ok
    09:16:29.0002 2828 [ BAF74CE0072480C3B6B7C13B2A94D6B3 ] MegaSR C:\Windows\system32\DRIVERS\MegaSR.sys
    09:16:29.0006 2828 MegaSR - ok
    09:16:29.0039 2828 [ E40E80D0304A73E8D269F7141D77250B ] MMCSS C:\Windows\system32\mmcss.dll
    09:16:29.0040 2828 MMCSS - ok
    09:16:29.0050 2828 [ 800BA92F7010378B09F9ED9270F07137 ] Modem C:\Windows\system32\drivers\modem.sys
    09:16:29.0052 2828 Modem - ok
    09:16:29.0077 2828 [ B03D591DC7DA45ECE20B3B467E6AADAA ] monitor C:\Windows\system32\DRIVERS\monitor.sys
    09:16:29.0077 2828 monitor - ok
    09:16:29.0085 2828 [ 7D27EA49F3C1F687D357E77A470AEA99 ] mouclass C:\Windows\system32\drivers\mouclass.sys
    09:16:29.0097 2828 mouclass - ok
    09:16:29.0101 2828 [ D3BF052C40B0C4166D9FD86A4288C1E6 ] mouhid C:\Windows\system32\DRIVERS\mouhid.sys
    09:16:29.0112 2828 mouhid - ok
    09:16:29.0137 2828 [ 32E7A3D591D671A6DF2DB515A5CBE0FA ] mountmgr C:\Windows\system32\drivers\mountmgr.sys
    09:16:29.0138 2828 mountmgr - ok
    09:16:29.0205 2828 [ 15D5398EED42C2504BB3D4FC875C15D1 ] MozillaMaintenance C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe
    09:16:29.0207 2828 MozillaMaintenance - ok
    09:16:29.0226 2828 [ A44B420D30BD56E145D6A2BC8768EC58 ] mpio C:\Windows\system32\drivers\mpio.sys
    09:16:29.0228 2828 mpio - ok
    09:16:29.0253 2828 [ 6C38C9E45AE0EA2FA5E551F2ED5E978F ] mpsdrv C:\Windows\system32\drivers\mpsdrv.sys
    09:16:29.0320 2828 mpsdrv - ok
    09:16:29.0357 2828 [ 54FFC9C8898113ACE189D4AA7199D2C1 ] MpsSvc C:\Windows\system32\mpssvc.dll
    09:16:29.0365 2828 MpsSvc - ok
    09:16:29.0398 2828 [ DC722758B8261E1ABAFD31A3C0A66380 ] MRxDAV C:\Windows\system32\drivers\mrxdav.sys
    09:16:29.0414 2828 MRxDAV - ok
    09:16:29.0434 2828 [ A5D9106A73DC88564C825D317CAC68AC ] mrxsmb C:\Windows\system32\DRIVERS\mrxsmb.sys
    09:16:29.0447 2828 mrxsmb - ok
    09:16:29.0471 2828 [ D711B3C1D5F42C0C2415687BE09FC163 ] mrxsmb10 C:\Windows\system32\DRIVERS\mrxsmb10.sys
    09:16:29.0489 2828 mrxsmb10 - ok
    09:16:29.0557 2828 [ 9423E9D355C8D303E76B8CFBD8A5C30C ] mrxsmb20 C:\Windows\system32\DRIVERS\mrxsmb20.sys
    09:16:29.0589 2828 mrxsmb20 - ok
    09:16:29.0655 2828 [ C25F0BAFA182CBCA2DD3C851C2E75796 ] msahci C:\Windows\system32\drivers\msahci.sys
    09:16:29.0664 2828 msahci - ok
    09:16:29.0745 2828 [ DB801A638D011B9633829EB6F663C900 ] msdsm C:\Windows\system32\drivers\msdsm.sys
    09:16:29.0748 2828 msdsm - ok
    09:16:29.0759 2828 [ DE0ECE52236CFA3ED2DBFC03F28253A8 ] MSDTC C:\Windows\System32\msdtc.exe
    09:16:29.0762 2828 MSDTC - ok
    09:16:29.0789 2828 [ AA3FB40E17CE1388FA1BEDAB50EA8F96 ] Msfs C:\Windows\system32\drivers\Msfs.sys
    09:16:29.0791 2828 Msfs - ok
    09:16:29.0801 2828 [ F9D215A46A8B9753F61767FA72A20326 ] mshidkmdf C:\Windows\System32\drivers\mshidkmdf.sys
    09:16:29.0802 2828 mshidkmdf - ok
    09:16:29.0833 2828 [ D916874BBD4F8B07BFB7FA9B3CCAE29D ] msisadrv C:\Windows\system32\drivers\msisadrv.sys
    09:16:29.0847 2828 msisadrv - ok
    09:16:29.0885 2828 [ 808E98FF49B155C522E6400953177B08 ] MSiSCSI C:\Windows\system32\iscsiexe.dll
    09:16:29.0903 2828 MSiSCSI - ok
    09:16:29.0906 2828 msiserver - ok
    09:16:29.0947 2828 [ 49CCF2C4FEA34FFAD8B1B59D49439366 ] MSKSSRV C:\Windows\system32\drivers\MSKSSRV.sys
    09:16:29.0980 2828 MSKSSRV - ok
  4. JHirschmann

    JHirschmann Newcomer, in training Topic Starter

    Part 2 of Log 1:

    09:16:30.0012 2828 [ BDD71ACE35A232104DDD349EE70E1AB3 ] MSPCLOCK C:\Windows\system32\drivers\MSPCLOCK.sys
    09:16:30.0014 2828 MSPCLOCK - ok
    09:16:30.0058 2828 [ 4ED981241DB27C3383D72092B618A1D0 ] MSPQM C:\Windows\system32\drivers\MSPQM.sys
    09:16:30.0073 2828 MSPQM - ok
    09:16:30.0101 2828 [ 759A9EEB0FA9ED79DA1FB7D4EF78866D ] MsRPC C:\Windows\system32\drivers\MsRPC.sys
    09:16:30.0105 2828 MsRPC - ok
    09:16:30.0144 2828 [ 0EED230E37515A0EAEE3C2E1BC97B288 ] mssmbios C:\Windows\system32\drivers\mssmbios.sys
    09:16:30.0145 2828 mssmbios - ok
    09:16:30.0172 2828 [ 2E66F9ECB30B4221A318C92AC2250779 ] MSTEE C:\Windows\system32\drivers\MSTEE.sys
    09:16:30.0173 2828 MSTEE - ok
    09:16:30.0188 2828 [ 7EA404308934E675BFFDE8EDF0757BCD ] MTConfig C:\Windows\system32\DRIVERS\MTConfig.sys
    09:16:30.0189 2828 MTConfig - ok
    09:16:30.0205 2828 [ F9A18612FD3526FE473C1BDA678D61C8 ] Mup C:\Windows\system32\Drivers\mup.sys
    09:16:30.0206 2828 Mup - ok
    09:16:30.0241 2828 [ 582AC6D9873E31DFA28A4547270862DD ] napagent C:\Windows\system32\qagentRT.dll
    09:16:30.0247 2828 napagent - ok
    09:16:30.0275 2828 [ 1EA3749C4114DB3E3161156FFFFA6B33 ] NativeWifiP C:\Windows\system32\DRIVERS\nwifi.sys
    09:16:30.0309 2828 NativeWifiP - ok
    09:16:30.0463 2828 [ F2840DBFE9322F35557219AE82CC4597 ] NAV C:\Program Files (x86)\Norton AntiVirus\Engine\19.8.0.14\ccSvcHst.exe
    09:16:30.0464 2828 NAV - ok
    09:16:30.0552 2828 [ C58D8A669D6551F616D90244BD2C2D4F ] NAVENG C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NAV_19.7.1.5\Definitions\VirusDefs\20120923.008\ENG64.SYS
    09:16:30.0553 2828 NAVENG - ok
    09:16:30.0646 2828 [ A3DBDB412ADFA5882DD6843B11FE0828 ] NAVEX15 C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NAV_19.7.1.5\Definitions\VirusDefs\20120923.008\EX64.SYS
    09:16:30.0656 2828 NAVEX15 - ok
    09:16:30.0808 2828 [ 760E38053BF56E501D562B70AD796B88 ] NDIS C:\Windows\system32\drivers\ndis.sys
    09:16:30.0817 2828 NDIS - ok
    09:16:30.0913 2828 [ 9F9A1F53AAD7DA4D6FEF5BB73AB811AC ] NdisCap C:\Windows\system32\DRIVERS\ndiscap.sys
    09:16:30.0966 2828 NdisCap - ok
    09:16:31.0014 2828 [ 30639C932D9FEF22B31268FE25A1B6E5 ] NdisTapi C:\Windows\system32\DRIVERS\ndistapi.sys
    09:16:31.0015 2828 NdisTapi - ok
    09:16:31.0101 2828 [ 136185F9FB2CC61E573E676AA5402356 ] Ndisuio C:\Windows\system32\DRIVERS\ndisuio.sys
    09:16:31.0102 2828 Ndisuio - ok
    09:16:31.0235 2828 [ 53F7305169863F0A2BDDC49E116C2E11 ] NdisWan C:\Windows\system32\DRIVERS\ndiswan.sys
    09:16:31.0237 2828 NdisWan - ok
    09:16:31.0274 2828 [ 015C0D8E0E0421B4CFD48CFFE2825879 ] NDProxy C:\Windows\system32\drivers\NDProxy.sys
    09:16:31.0335 2828 NDProxy - ok
    09:16:31.0375 2828 [ 86743D9F5D2B1048062B14B1D84501C4 ] NetBIOS C:\Windows\system32\DRIVERS\netbios.sys
    09:16:31.0408 2828 NetBIOS - ok
    09:16:31.0463 2828 [ 09594D1089C523423B32A4229263F068 ] NetBT C:\Windows\system32\DRIVERS\netbt.sys
    09:16:31.0466 2828 NetBT - ok
    09:16:31.0475 2828 [ C118A82CD78818C29AB228366EBF81C3 ] Netlogon C:\Windows\system32\lsass.exe
    09:16:31.0476 2828 Netlogon - ok
    09:16:31.0569 2828 [ 847D3AE376C0817161A14A82C8922A9E ] Netman C:\Windows\System32\netman.dll
    09:16:31.0602 2828 Netman - ok
    09:16:31.0656 2828 [ 5F28111C648F1E24F7DBC87CDEB091B8 ] netprofm C:\Windows\System32\netprofm.dll
    09:16:31.0660 2828 netprofm - ok
    09:16:31.0683 2828 [ 3E5A36127E201DDF663176B66828FAFE ] NetTcpPortSharing C:\Windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\SMSvcHost.exe
    09:16:31.0685 2828 NetTcpPortSharing - ok
    09:16:31.0707 2828 [ 77889813BE4D166CDAB78DDBA990DA92 ] nfrd960 C:\Windows\system32\DRIVERS\nfrd960.sys
    09:16:31.0740 2828 nfrd960 - ok
    09:16:31.0843 2828 [ 1EE99A89CC788ADA662441D1E9830529 ] NlaSvc C:\Windows\System32\nlasvc.dll
    09:16:31.0876 2828 NlaSvc - ok
    09:16:31.0909 2828 [ 1E4C4AB5C9B8DD13179BBDC75A2A01F7 ] Npfs C:\Windows\system32\drivers\Npfs.sys
    09:16:31.0910 2828 Npfs - ok
    09:16:31.0934 2828 [ D54BFDF3E0C953F823B3D0BFE4732528 ] nsi C:\Windows\system32\nsisvc.dll
    09:16:31.0935 2828 nsi - ok
    09:16:32.0007 2828 [ E7F5AE18AF4168178A642A9247C63001 ] nsiproxy C:\Windows\system32\drivers\nsiproxy.sys
    09:16:32.0007 2828 nsiproxy - ok
    09:16:32.0069 2828 [ A2F74975097F52A00745F9637451FDD8 ] Ntfs C:\Windows\system32\drivers\Ntfs.sys
    09:16:32.0085 2828 Ntfs - ok
    09:16:32.0107 2828 [ 9899284589F75FA8724FF3D16AED75C1 ] Null C:\Windows\system32\drivers\Null.sys
    09:16:32.0108 2828 Null - ok
    09:16:32.0152 2828 [ 0A92CB65770442ED0DC44834632F66AD ] nvraid C:\Windows\system32\drivers\nvraid.sys
    09:16:32.0155 2828 nvraid - ok
    09:16:32.0167 2828 [ DAB0E87525C10052BF65F06152F37E4A ] nvstor C:\Windows\system32\drivers\nvstor.sys
    09:16:32.0169 2828 nvstor - ok
    09:16:32.0184 2828 [ 270D7CD42D6E3979F6DD0146650F0E05 ] nv_agp C:\Windows\system32\drivers\nv_agp.sys
    09:16:32.0203 2828 nv_agp - ok
    09:16:32.0237 2828 [ 3589478E4B22CE21B41FA1BFC0B8B8A0 ] ohci1394 C:\Windows\system32\drivers\ohci1394.sys
    09:16:32.0239 2828 ohci1394 - ok
    09:16:32.0274 2828 [ 9D10F99A6712E28F8ACD5641E3A7EA6B ] ose C:\Program Files (x86)\Common Files\Microsoft Shared\Source Engine\OSE.EXE
    09:16:32.0295 2828 ose - ok
    09:16:32.0531 2828 [ 61BFFB5F57AD12F83AB64B7181829B34 ] osppsvc C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE
    09:16:32.0611 2828 osppsvc - ok
    09:16:32.0773 2828 [ 3EAC4455472CC2C97107B5291E0DCAFE ] p2pimsvc C:\Windows\system32\pnrpsvc.dll
    09:16:32.0806 2828 p2pimsvc - ok
    09:16:32.0885 2828 [ 927463ECB02179F88E4B9A17568C63C3 ] p2psvc C:\Windows\system32\p2psvc.dll
    09:16:32.0905 2828 p2psvc - ok
    09:16:32.0946 2828 [ 0086431C29C35BE1DBC43F52CC273887 ] Parport C:\Windows\system32\DRIVERS\parport.sys
    09:16:32.0948 2828 Parport - ok
    09:16:33.0035 2828 [ E9766131EEADE40A27DC27D2D68FBA9C ] partmgr C:\Windows\system32\drivers\partmgr.sys
    09:16:33.0053 2828 partmgr - ok
    09:16:33.0083 2828 [ 3AEAA8B561E63452C655DC0584922257 ] PcaSvc C:\Windows\System32\pcasvc.dll
    09:16:33.0085 2828 PcaSvc - ok
    09:16:33.0122 2828 [ 94575C0571D1462A0F70BDE6BD6EE6B3 ] pci C:\Windows\system32\drivers\pci.sys
    09:16:33.0124 2828 pci - ok
    09:16:33.0144 2828 [ B5B8B5EF2E5CB34DF8DCF8831E3534FA ] pciide C:\Windows\system32\drivers\pciide.sys
    09:16:33.0144 2828 pciide - ok
    09:16:33.0186 2828 [ B2E81D4E87CE48589F98CB8C05B01F2F ] pcmcia C:\Windows\system32\DRIVERS\pcmcia.sys
    09:16:33.0234 2828 pcmcia - ok
    09:16:33.0270 2828 [ D6B9C2E1A11A3A4B26A182FFEF18F603 ] pcw C:\Windows\system32\drivers\pcw.sys
    09:16:33.0271 2828 pcw - ok
    09:16:33.0289 2828 [ 68769C3356B3BE5D1C732C97B9A80D6E ] PEAUTH C:\Windows\system32\drivers\peauth.sys
    09:16:33.0373 2828 PEAUTH - ok
    09:16:33.0472 2828 [ B9B0A4299DD2D76A4243F75FD54DC680 ] PeerDistSvc C:\Windows\system32\peerdistsvc.dll
    09:16:33.0497 2828 PeerDistSvc - ok
    09:16:33.0576 2828 [ E495E408C93141E8FC72DC0C6046DDFA ] PerfHost C:\Windows\SysWow64\perfhost.exe
    09:16:33.0637 2828 PerfHost - ok
    09:16:33.0763 2828 [ C7CF6A6E137463219E1259E3F0F0DD6C ] pla C:\Windows\system32\pla.dll
    09:16:33.0788 2828 pla - ok
    09:16:33.0904 2828 [ 25FBDEF06C4D92815B353F6E792C8129 ] PlugPlay C:\Windows\system32\umpnpmgr.dll
    09:16:33.0942 2828 PlugPlay - ok
    09:16:33.0977 2828 [ 7195581CEC9BB7D12ABE54036ACC2E38 ] PNRPAutoReg C:\Windows\system32\pnrpauto.dll
    09:16:33.0979 2828 PNRPAutoReg - ok
    09:16:33.0989 2828 [ 3EAC4455472CC2C97107B5291E0DCAFE ] PNRPsvc C:\Windows\system32\pnrpsvc.dll
    09:16:33.0992 2828 PNRPsvc - ok
    09:16:34.0134 2828 [ 4F15D75ADF6156BF56ECED6D4A55C389 ] PolicyAgent C:\Windows\System32\ipsecsvc.dll
    09:16:34.0143 2828 PolicyAgent - ok
    09:16:34.0229 2828 [ 6BA9D927DDED70BD1A9CADED45F8B184 ] Power C:\Windows\system32\umpo.dll
    09:16:34.0231 2828 Power - ok
    09:16:34.0321 2828 [ F92A2C41117A11A00BE01CA01A7FCDE9 ] PptpMiniport C:\Windows\system32\DRIVERS\raspptp.sys
    09:16:34.0322 2828 PptpMiniport - ok
    09:16:34.0353 2828 [ 0D922E23C041EFB1C3FAC2A6F943C9BF ] Processor C:\Windows\system32\DRIVERS\processr.sys
    09:16:34.0413 2828 Processor - ok
    09:16:34.0509 2828 [ 53E83F1F6CF9D62F32801CF66D8352A8 ] ProfSvc C:\Windows\system32\profsvc.dll
    09:16:34.0511 2828 ProfSvc - ok
    09:16:34.0525 2828 [ C118A82CD78818C29AB228366EBF81C3 ] ProtectedStorage C:\Windows\system32\lsass.exe
    09:16:34.0526 2828 ProtectedStorage - ok
    09:16:34.0781 2828 [ 0557CF5A2556BD58E26384169D72438D ] Psched C:\Windows\system32\DRIVERS\pacer.sys
    09:16:34.0783 2828 Psched - ok
    09:16:34.0852 2828 [ 24DD667D22DBD29618947C804E23AA03 ] PxHlpa64 C:\Windows\system32\Drivers\PxHlpa64.sys
    09:16:34.0875 2828 PxHlpa64 - ok
    09:16:34.0937 2828 [ A53A15A11EBFD21077463EE2C7AFEEF0 ] ql2300 C:\Windows\system32\DRIVERS\ql2300.sys
    09:16:34.0990 2828 ql2300 - ok
    09:16:35.0084 2828 [ 4F6D12B51DE1AAEFF7DC58C4D75423C8 ] ql40xx C:\Windows\system32\DRIVERS\ql40xx.sys
    09:16:35.0086 2828 ql40xx - ok
    09:16:35.0124 2828 [ 906191634E99AEA92C4816150BDA3732 ] QWAVE C:\Windows\system32\qwave.dll
    09:16:35.0148 2828 QWAVE - ok
    09:16:35.0179 2828 [ 76707BB36430888D9CE9D705398ADB6C ] QWAVEdrv C:\Windows\system32\drivers\qwavedrv.sys
    09:16:35.0182 2828 QWAVEdrv - ok
    09:16:35.0221 2828 [ 5A0DA8AD5762FA2D91678A8A01311704 ] RasAcd C:\Windows\system32\DRIVERS\rasacd.sys
    09:16:35.0222 2828 RasAcd - ok
    09:16:35.0271 2828 [ 7ECFF9B22276B73F43A99A15A6094E90 ] RasAgileVpn C:\Windows\system32\DRIVERS\AgileVpn.sys
    09:16:35.0273 2828 RasAgileVpn - ok
    09:16:35.0307 2828 [ 8F26510C5383B8DBE976DE1CD00FC8C7 ] RasAuto C:\Windows\System32\rasauto.dll
    09:16:35.0309 2828 RasAuto - ok
    09:16:35.0352 2828 [ 471815800AE33E6F1C32FB1B97C490CA ] Rasl2tp C:\Windows\system32\DRIVERS\rasl2tp.sys
    09:16:35.0355 2828 Rasl2tp - ok
    09:16:35.0425 2828 [ EE867A0870FC9E4972BA9EAAD35651E2 ] RasMan C:\Windows\System32\rasmans.dll
    09:16:35.0501 2828 RasMan - ok
    09:16:35.0592 2828 [ 855C9B1CD4756C5E9A2AA58A15F58C25 ] RasPppoe C:\Windows\system32\DRIVERS\raspppoe.sys
    09:16:35.0593 2828 RasPppoe - ok
    09:16:35.0620 2828 [ E8B1E447B008D07FF47D016C2B0EEECB ] RasSstp C:\Windows\system32\DRIVERS\rassstp.sys
    09:16:35.0676 2828 RasSstp - ok
    09:16:35.0753 2828 [ 77F665941019A1594D887A74F301FA2F ] rdbss C:\Windows\system32\DRIVERS\rdbss.sys
    09:16:35.0757 2828 rdbss - ok
    09:16:35.0780 2828 [ 302DA2A0539F2CF54D7C6CC30C1F2D8D ] rdpbus C:\Windows\system32\DRIVERS\rdpbus.sys
    09:16:35.0781 2828 rdpbus - ok
    09:16:35.0788 2828 [ CEA6CC257FC9B7715F1C2B4849286D24 ] RDPCDD C:\Windows\system32\DRIVERS\RDPCDD.sys
    09:16:35.0789 2828 RDPCDD - ok
    09:16:35.0829 2828 [ 1B6163C503398B23FF8B939C67747683 ] RDPDR C:\Windows\system32\drivers\rdpdr.sys
    09:16:35.0847 2828 RDPDR - ok
    09:16:35.0886 2828 [ BB5971A4F00659529A5C44831AF22365 ] RDPENCDD C:\Windows\system32\drivers\rdpencdd.sys
    09:16:35.0887 2828 RDPENCDD - ok
    09:16:35.0916 2828 [ 216F3FA57533D98E1F74DED70113177A ] RDPREFMP C:\Windows\system32\drivers\rdprefmp.sys
    09:16:35.0917 2828 RDPREFMP - ok
    09:16:35.0952 2828 [ E61608AA35E98999AF9AAEEEA6114B0A ] RDPWD C:\Windows\system32\drivers\RDPWD.sys
    09:16:35.0984 2828 RDPWD - ok
    09:16:36.0066 2828 [ 34ED295FA0121C241BFEF24764FC4520 ] rdyboost C:\Windows\system32\drivers\rdyboost.sys
    09:16:36.0068 2828 rdyboost - ok
    09:16:36.0086 2828 [ 254FB7A22D74E5511C73A3F6D802F192 ] RemoteAccess C:\Windows\System32\mprdim.dll
    09:16:36.0116 2828 RemoteAccess - ok
    09:16:36.0227 2828 [ E4D94F24081440B5FC5AA556C7C62702 ] RemoteRegistry C:\Windows\system32\regsvc.dll
    09:16:36.0229 2828 RemoteRegistry - ok
    09:16:36.0450 2828 [ AD1411A7EA50F2F97A73A3F51153066E ] RoxMediaDB9 C:\Program Files (x86)\Common Files\Roxio Shared\9.0\SharedCOM\RoxMediaDB9.exe
    09:16:36.0462 2828 RoxMediaDB9 - ok
    09:16:36.0602 2828 [ E4DC58CF7B3EA515AE917FF0D402A7BB ] RpcEptMapper C:\Windows\System32\RpcEpMap.dll
    09:16:36.0603 2828 RpcEptMapper - ok
    09:16:36.0631 2828 [ D5BA242D4CF8E384DB90E6A8ED850B8C ] RpcLocator C:\Windows\system32\locator.exe
    09:16:36.0834 2828 RpcLocator - ok
    09:16:36.0959 2828 [ 5C627D1B1138676C0A7AB2C2C190D123 ] RpcSs C:\Windows\system32\rpcss.dll
    09:16:36.0962 2828 RpcSs - ok
    09:16:36.0984 2828 [ DDC86E4F8E7456261E637E3552E804FF ] rspndr C:\Windows\system32\DRIVERS\rspndr.sys
    09:16:37.0053 2828 rspndr - ok
    09:16:37.0082 2828 [ E60C0A09F997826C7627B244195AB581 ] s3cap C:\Windows\system32\drivers\vms3cap.sys
    09:16:37.0083 2828 s3cap - ok
    09:16:37.0099 2828 [ C118A82CD78818C29AB228366EBF81C3 ] SamSs C:\Windows\system32\lsass.exe
    09:16:37.0101 2828 SamSs - ok
    09:16:37.0113 2828 [ AC03AF3329579FFFB455AA2DAABBE22B ] sbp2port C:\Windows\system32\drivers\sbp2port.sys
    09:16:37.0130 2828 sbp2port - ok
    09:16:37.0158 2828 [ 9B7395789E3791A3B6D000FE6F8B131E ] SCardSvr C:\Windows\System32\SCardSvr.dll
    09:16:37.0161 2828 SCardSvr - ok
    09:16:37.0198 2828 [ 253F38D0D7074C02FF8DEB9836C97D2B ] scfilter C:\Windows\system32\DRIVERS\scfilter.sys
    09:16:37.0200 2828 scfilter - ok
    09:16:37.0246 2828 [ 262F6592C3299C005FD6BEC90FC4463A ] Schedule C:\Windows\system32\schedsvc.dll
    09:16:37.0257 2828 Schedule - ok
    09:16:37.0290 2828 [ F17D1D393BBC69C5322FBFAFACA28C7F ] SCPolicySvc C:\Windows\System32\certprop.dll
    09:16:37.0291 2828 SCPolicySvc - ok
    09:16:37.0304 2828 [ 6EA4234DC55346E0709560FE7C2C1972 ] SDRSVC C:\Windows\System32\SDRSVC.dll
    09:16:37.0308 2828 SDRSVC - ok
    09:16:37.0338 2828 [ 3EA8A16169C26AFBEB544E0E48421186 ] secdrv C:\Windows\system32\drivers\secdrv.sys
    09:16:37.0352 2828 secdrv - ok
    09:16:37.0377 2828 [ BC617A4E1B4FA8DF523A061739A0BD87 ] seclogon C:\Windows\system32\seclogon.dll
    09:16:37.0394 2828 seclogon - ok
    09:16:37.0419 2828 [ C32AB8FA018EF34C0F113BD501436D21 ] SENS C:\Windows\System32\sens.dll
    09:16:37.0421 2828 SENS - ok
    09:16:37.0433 2828 [ 0336CFFAFAAB87A11541F1CF1594B2B2 ] SensrSvc C:\Windows\system32\sensrsvc.dll
    09:16:37.0435 2828 SensrSvc - ok
    09:16:37.0452 2828 [ CB624C0035412AF0DEBEC78C41F5CA1B ] Serenum C:\Windows\system32\DRIVERS\serenum.sys
    09:16:37.0453 2828 Serenum - ok
    09:16:37.0480 2828 [ C1D8E28B2C2ADFAEC4BA89E9FDA69BD6 ] Serial C:\Windows\system32\DRIVERS\serial.sys
    09:16:37.0481 2828 Serial - ok
    09:16:37.0507 2828 [ 1C545A7D0691CC4A027396535691C3E3 ] sermouse C:\Windows\system32\DRIVERS\sermouse.sys
    09:16:37.0508 2828 sermouse - ok
    09:16:37.0601 2828 [ 0B6231BF38174A1628C4AC812CC75804 ] SessionEnv C:\Windows\system32\sessenv.dll
    09:16:37.0603 2828 SessionEnv - ok
    09:16:37.0636 2828 [ A554811BCD09279536440C964AE35BBF ] sffdisk C:\Windows\system32\drivers\sffdisk.sys
    09:16:37.0666 2828 sffdisk - ok
    09:16:37.0712 2828 [ FF414F0BAEFEBA59BC6C04B3DB0B87BF ] sffp_mmc C:\Windows\system32\drivers\sffp_mmc.sys
    09:16:37.0713 2828 sffp_mmc - ok
    09:16:37.0727 2828 [ DD85B78243A19B59F0637DCF284DA63C ] sffp_sd C:\Windows\system32\drivers\sffp_sd.sys
    09:16:37.0729 2828 sffp_sd - ok
    09:16:37.0811 2828 [ A9D601643A1647211A1EE2EC4E433FF4 ] sfloppy C:\Windows\system32\DRIVERS\sfloppy.sys
    09:16:37.0855 2828 sfloppy - ok
    09:16:37.0906 2828 [ B95F6501A2F8B2E78C697FEC401970CE ] SharedAccess C:\Windows\System32\ipnathlp.dll
    09:16:37.0989 2828 SharedAccess - ok
    09:16:38.0082 2828 [ AAF932B4011D14052955D4B212A4DA8D ] ShellHWDetection C:\Windows\System32\shsvcs.dll
    09:16:38.0086 2828 ShellHWDetection - ok
    09:16:38.0113 2828 [ 843CAF1E5FDE1FFD5FF768F23A51E2E1 ] SiSRaid2 C:\Windows\system32\DRIVERS\SiSRaid2.sys
    09:16:38.0149 2828 SiSRaid2 - ok
    09:16:38.0195 2828 [ 6A6C106D42E9FFFF8B9FCB4F754F6DA4 ] SiSRaid4 C:\Windows\system32\DRIVERS\sisraid4.sys
    09:16:38.0196 2828 SiSRaid4 - ok
    09:16:38.0213 2828 [ 548260A7B8654E024DC30BF8A7C5BAA4 ] Smb C:\Windows\system32\DRIVERS\smb.sys
    09:16:38.0229 2828 Smb - ok
    09:16:38.0265 2828 [ 6313F223E817CC09AA41811DAA7F541D ] SNMPTRAP C:\Windows\System32\snmptrap.exe
    09:16:38.0266 2828 SNMPTRAP - ok
    09:16:38.0276 2828 [ B9E31E5CACDFE584F34F730A677803F9 ] spldr C:\Windows\system32\drivers\spldr.sys
    09:16:38.0277 2828 spldr - ok
    09:16:38.0312 2828 [ 85DAA09A98C9286D4EA2BA8D0E644377 ] Spooler C:\Windows\System32\spoolsv.exe
    09:16:38.0317 2828 Spooler - ok
    09:16:38.0392 2828 [ E17E0188BB90FAE42D83E98707EFA59C ] sppsvc C:\Windows\system32\sppsvc.exe
    09:16:38.0443 2828 sppsvc - ok
    09:16:38.0468 2828 [ 93D7D61317F3D4BC4F4E9F8A96A7DE45 ] sppuinotify C:\Windows\system32\sppuinotify.dll
    09:16:38.0488 2828 sppuinotify - ok
    09:16:38.0624 2828 [ 891793E00432FA055CF040605C260E49 ] SRTSP C:\Windows\System32\Drivers\NAVx64\1308000.00E\SRTSP64.SYS
    09:16:38.0628 2828 SRTSP - ok
    09:16:38.0811 2828 [ 1CB7BB3B0561FB5ECFE37F7731E8BF3E ] SRTSPX C:\Windows\system32\drivers\NAVx64\1308000.00E\SRTSPX64.SYS
    09:16:38.0812 2828 SRTSPX - ok
    09:16:38.0851 2828 [ 441FBA48BFF01FDB9D5969EBC1838F0B ] srv C:\Windows\system32\DRIVERS\srv.sys
    09:16:38.0880 2828 srv - ok
    09:16:38.0911 2828 [ B4ADEBBF5E3677CCE9651E0F01F7CC28 ] srv2 C:\Windows\system32\DRIVERS\srv2.sys
    09:16:38.0942 2828 srv2 - ok
    09:16:38.0965 2828 [ 27E461F0BE5BFF5FC737328F749538C3 ] srvnet C:\Windows\system32\DRIVERS\srvnet.sys
    09:16:38.0967 2828 srvnet - ok
    09:16:38.0994 2828 [ 51B52FBD583CDE8AA9BA62B8B4298F33 ] SSDPSRV C:\Windows\System32\ssdpsrv.dll
    09:16:38.0996 2828 SSDPSRV - ok
    09:16:39.0015 2828 [ AB7AEBF58DAD8DAAB7A6C45E6A8885CB ] SstpSvc C:\Windows\system32\sstpsvc.dll
    09:16:39.0017 2828 SstpSvc - ok
    09:16:39.0040 2828 [ F3817967ED533D08327DC73BC4D5542A ] stexstor C:\Windows\system32\DRIVERS\stexstor.sys
    09:16:39.0052 2828 stexstor - ok
    09:16:39.0107 2828 [ 8DD52E8E6128F4B2DA92CE27402871C1 ] stisvc C:\Windows\System32\wiaservc.dll
    09:16:39.0113 2828 stisvc - ok
    09:16:39.0150 2828 [ B254B1434208F280EDF3785613DCC41B ] stllssvr C:\Program Files (x86)\Common Files\SureThing Shared\stllssvr.exe
    09:16:39.0163 2828 stllssvr - ok
    09:16:39.0212 2828 [ 7785DC213270D2FC066538DAF94087E7 ] storflt C:\Windows\system32\drivers\vmstorfl.sys
    09:16:39.0213 2828 storflt - ok
    09:16:39.0232 2828 [ C40841817EF57D491F22EB103DA587CC ] StorSvc C:\Windows\system32\storsvc.dll
    09:16:39.0234 2828 StorSvc - ok
    09:16:39.0248 2828 [ D34E4943D5AC096C8EDEEBFD80D76E23 ] storvsc C:\Windows\system32\drivers\storvsc.sys
    09:16:39.0250 2828 storvsc - ok
    09:16:39.0261 2828 [ D01EC09B6711A5F8E7E6564A4D0FBC90 ] swenum C:\Windows\system32\drivers\swenum.sys
    09:16:39.0262 2828 swenum - ok
    09:16:39.0283 2828 [ E08E46FDD841B7184194011CA1955A0B ] swprv C:\Windows\System32\swprv.dll
    09:16:39.0289 2828 swprv - ok
    09:16:39.0335 2828 [ 8B2430762099598DA40686F754632EFD ] SymDS C:\Windows\system32\drivers\NAVx64\1308000.00E\SYMDS64.SYS
    09:16:39.0356 2828 SymDS - ok
    09:16:39.0533 2828 [ 5CB7F2FD7E30A0F52F93574BFC3A8041 ] SymEFA C:\Windows\system32\drivers\NAVx64\1308000.00E\SYMEFA64.SYS
    09:16:39.0550 2828 SymEFA - ok
    09:16:39.0661 2828 [ 898BB48C797483420DF523B2BBC1ECDB ] SymEvent C:\Windows\system32\Drivers\SYMEVENT64x86.SYS
    09:16:39.0677 2828 SymEvent - ok
    09:16:39.0720 2828 [ 5013A76CAAA1D7CF1C55214B490B4E35 ] SymIRON C:\Windows\system32\drivers\NAVx64\1308000.00E\Ironx64.SYS
    09:16:39.0721 2828 SymIRON - ok
    09:16:39.0759 2828 [ 3911BD0E68C010E5438A87706ABBE9AB ] SymNetS C:\Windows\System32\Drivers\NAVx64\1308000.00E\SYMNETS.SYS
    09:16:39.0775 2828 SymNetS - ok
    09:16:39.0822 2828 [ BF9CCC0BF39B418C8D0AE8B05CF95B7D ] SysMain C:\Windows\system32\sysmain.dll
    09:16:39.0838 2828 SysMain - ok
    09:16:39.0874 2828 [ E3C61FD7B7C2557E1F1B0B4CEC713585 ] TabletInputService C:\Windows\System32\TabSvc.dll
    09:16:39.0907 2828 TabletInputService - ok
    09:16:39.0963 2828 [ 40F0849F65D13EE87B9A9AE3C1DD6823 ] TapiSrv C:\Windows\System32\tapisrv.dll
    09:16:39.0967 2828 TapiSrv - ok
    09:16:40.0039 2828 [ 1BE03AC720F4D302EA01D40F588162F6 ] TBS C:\Windows\System32\tbssvc.dll
    09:16:40.0040 2828 TBS - ok
    09:16:40.0101 2828 [ F782CAD3CEDBB3F9FFE3BF2775D92DDC ] Tcpip C:\Windows\system32\drivers\tcpip.sys
    09:16:40.0186 2828 Tcpip - ok
    09:16:40.0277 2828 [ F782CAD3CEDBB3F9FFE3BF2775D92DDC ] TCPIP6 C:\Windows\system32\DRIVERS\tcpip.sys
    09:16:40.0286 2828 TCPIP6 - ok
    09:16:40.0361 2828 [ DF687E3D8836BFB04FCC0615BF15A519 ] tcpipreg C:\Windows\system32\drivers\tcpipreg.sys
    09:16:40.0397 2828 tcpipreg - ok
    09:16:40.0449 2828 [ 3371D21011695B16333A3934340C4E7C ] TDPIPE C:\Windows\system32\drivers\tdpipe.sys
    09:16:40.0450 2828 TDPIPE - ok
    09:16:40.0531 2828 [ 51C5ECEB1CDEE2468A1748BE550CFBC8 ] TDTCP C:\Windows\system32\drivers\tdtcp.sys
    09:16:40.0549 2828 TDTCP - ok
    09:16:40.0707 2828 [ DDAD5A7AB24D8B65F8D724F5C20FD806 ] tdx C:\Windows\system32\DRIVERS\tdx.sys
    09:16:40.0710 2828 tdx - ok
    09:16:40.0784 2828 [ 561E7E1F06895D78DE991E01DD0FB6E5 ] TermDD C:\Windows\system32\drivers\termdd.sys
    09:16:40.0785 2828 TermDD - ok
    09:16:40.0821 2828 [ 2E648163254233755035B46DD7B89123 ] TermService C:\Windows\System32\termsrv.dll
    09:16:40.0829 2828 TermService - ok
    09:16:40.0862 2828 [ F0344071948D1A1FA732231785A0664C ] Themes C:\Windows\system32\themeservice.dll
    09:16:40.0863 2828 Themes - ok
    09:16:40.0888 2828 [ E40E80D0304A73E8D269F7141D77250B ] THREADORDER C:\Windows\system32\mmcss.dll
    09:16:40.0889 2828 THREADORDER - ok
    09:16:40.0933 2828 [ DBCC20C02E8A3E43B03C304A4E40A84F ] TPM C:\Windows\system32\drivers\tpm.sys
    09:16:40.0953 2828 TPM - ok
    09:16:40.0993 2828 [ 7E7AFD841694F6AC397E99D75CEAD49D ] TrkWks C:\Windows\System32\trkwks.dll
    09:16:40.0995 2828 TrkWks - ok
    09:16:41.0043 2828 [ 773212B2AAA24C1E31F10246B15B276C ] TrustedInstaller C:\Windows\servicing\TrustedInstaller.exe
    09:16:41.0045 2828 TrustedInstaller - ok
    09:16:41.0126 2828 [ 4FEDBC885A5DE3C6AD4D5A3535D420C1 ] TSScheduleBackup C:\Windows\SysWOW64\TSSchBkpService.exe
    09:16:41.0136 2828 TSScheduleBackup - ok
    09:16:41.0187 2828 [ CE18B2CDFC837C99E5FAE9CA6CBA5D30 ] tssecsrv C:\Windows\system32\DRIVERS\tssecsrv.sys
    09:16:41.0224 2828 tssecsrv - ok
    09:16:41.0344 2828 [ D11C783E3EF9A3C52C0EBE83CC5000E9 ] TsUsbFlt C:\Windows\system32\drivers\tsusbflt.sys
    09:16:41.0406 2828 TsUsbFlt - ok
    09:16:41.0516 2828 [ 3566A8DAAFA27AF944F5D705EAA64894 ] tunnel C:\Windows\system32\DRIVERS\tunnel.sys
    09:16:41.0521 2828 tunnel - ok
    09:16:41.0544 2828 [ B4DD609BD7E282BFC683CEC7EAAAAD67 ] uagp35 C:\Windows\system32\DRIVERS\uagp35.sys
    09:16:41.0582 2828 uagp35 - ok
    09:16:41.0684 2828 [ FF4232A1A64012BAA1FD97C7B67DF593 ] udfs C:\Windows\system32\DRIVERS\udfs.sys
    09:16:41.0753 2828 udfs - ok
    09:16:41.0788 2828 [ 3CBDEC8D06B9968ABA702EBA076364A1 ] UI0Detect C:\Windows\system32\UI0Detect.exe
    09:16:41.0823 2828 UI0Detect - ok
    09:16:41.0860 2828 [ 4BFE1BC28391222894CBF1E7D0E42320 ] uliagpkx C:\Windows\system32\drivers\uliagpkx.sys
    09:16:41.0862 2828 uliagpkx - ok
    09:16:41.0926 2828 [ DC54A574663A895C8763AF0FA1FF7561 ] umbus C:\Windows\system32\drivers\umbus.sys
    09:16:41.0963 2828 umbus - ok
    09:16:42.0016 2828 [ B2E8E8CB557B156DA5493BBDDCC1474D ] UmPass C:\Windows\system32\DRIVERS\umpass.sys
    09:16:42.0030 2828 UmPass - ok
    09:16:42.0111 2828 [ A293DCD756D04D8492A750D03B9A297C ] UmRdpService C:\Windows\System32\umrdp.dll
    09:16:42.0115 2828 UmRdpService - ok
    09:16:42.0181 2828 [ D47E82866A6FF02DAE9CEDF127C4BEE0 ] UNS C:\Program Files (x86)\Common Files\Intel\Privacy Icon\UNS\UNS.exe
    09:16:42.0200 2828 UNS - ok
    09:16:42.0238 2828 [ D47EC6A8E81633DD18D2436B19BAF6DE ] upnphost C:\Windows\System32\upnphost.dll
    09:16:42.0243 2828 upnphost - ok
    09:16:42.0320 2828 [ 6F1A3157A1C89435352CEB543CDB359C ] usbccgp C:\Windows\system32\drivers\usbccgp.sys
    09:16:42.0352 2828 usbccgp - ok
    09:16:42.0402 2828 [ AF0892A803FDDA7492F595368E3B68E7 ] usbcir C:\Windows\system32\drivers\usbcir.sys
    09:16:42.0404 2828 usbcir - ok
    09:16:42.0422 2828 [ C025055FE7B87701EB042095DF1A2D7B ] usbehci C:\Windows\system32\DRIVERS\usbehci.sys
    09:16:42.0423 2828 usbehci - ok
    09:16:42.0462 2828 [ 287C6C9410B111B68B52CA298F7B8C24 ] usbhub C:\Windows\system32\DRIVERS\usbhub.sys
    09:16:42.0484 2828 usbhub - ok
    09:16:42.0499 2828 [ 9840FC418B4CBD632D3D0A667A725C31 ] usbohci C:\Windows\system32\drivers\usbohci.sys
    09:16:42.0500 2828 usbohci - ok
    09:16:42.0518 2828 [ 73188F58FB384E75C4063D29413CEE3D ] usbprint C:\Windows\system32\DRIVERS\usbprint.sys
    09:16:42.0534 2828 usbprint - ok
    09:16:42.0583 2828 [ FED648B01349A3C8395A5169DB5FB7D6 ] USBSTOR C:\Windows\system32\drivers\USBSTOR.SYS
    09:16:42.0585 2828 USBSTOR - ok
    09:16:42.0829 2828 [ 62069A34518BCF9C1FD9E74B3F6DB7CD ] usbuhci C:\Windows\system32\DRIVERS\usbuhci.sys
    09:16:42.0848 2828 usbuhci - ok
    09:16:42.0932 2828 [ EDBB23CBCF2CDF727D64FF9B51A6070E ] UxSms C:\Windows\System32\uxsms.dll
    09:16:42.0934 2828 UxSms - ok
    09:16:42.0949 2828 [ C118A82CD78818C29AB228366EBF81C3 ] VaultSvc C:\Windows\system32\lsass.exe
    09:16:42.0950 2828 VaultSvc - ok
    09:16:43.0054 2828 [ C5C876CCFC083FF3B128F933823E87BD ] vdrvroot C:\Windows\system32\drivers\vdrvroot.sys
    09:16:43.0055 2828 vdrvroot - ok
    09:16:43.0157 2828 [ 8D6B481601D01A456E75C3210F1830BE ] vds C:\Windows\System32\vds.exe
    09:16:43.0226 2828 vds - ok
    09:16:43.0262 2828 [ DA4DA3F5E02943C2DC8C6ED875DE68DD ] vga C:\Windows\system32\DRIVERS\vgapnp.sys
    09:16:43.0276 2828 vga - ok
    09:16:43.0296 2828 [ 53E92A310193CB3C03BEA963DE7D9CFC ] VgaSave C:\Windows\System32\drivers\vga.sys
    09:16:43.0297 2828 VgaSave - ok
    09:16:43.0322 2828 [ 2CE2DF28C83AEAF30084E1B1EB253CBB ] vhdmp C:\Windows\system32\drivers\vhdmp.sys
    09:16:43.0359 2828 vhdmp - ok
    09:16:43.0416 2828 [ E5689D93FFE4E5D66C0178761240DD54 ] viaide C:\Windows\system32\drivers\viaide.sys
    09:16:43.0418 2828 viaide - ok
    09:16:43.0440 2828 [ 86EA3E79AE350FEA5331A1303054005F ] vmbus C:\Windows\system32\drivers\vmbus.sys
    09:16:43.0444 2828 vmbus - ok
    09:16:43.0461 2828 [ 7DE90B48F210D29649380545DB45A187 ] VMBusHID C:\Windows\system32\drivers\VMBusHID.sys
    09:16:43.0462 2828 VMBusHID - ok
    09:16:43.0474 2828 [ D2AAFD421940F640B407AEFAAEBD91B0 ] volmgr C:\Windows\system32\drivers\volmgr.sys
    09:16:43.0475 2828 volmgr - ok
    09:16:43.0504 2828 [ A255814907C89BE58B79EF2F189B843B ] volmgrx C:\Windows\system32\drivers\volmgrx.sys
    09:16:43.0508 2828 volmgrx - ok
    09:16:43.0530 2828 [ 0D08D2F3B3FF84E433346669B5E0F639 ] volsnap C:\Windows\system32\drivers\volsnap.sys
    09:16:43.0533 2828 volsnap - ok
    09:16:43.0562 2828 [ 5E2016EA6EBACA03C04FEAC5F330D997 ] vsmraid C:\Windows\system32\DRIVERS\vsmraid.sys
    09:16:43.0574 2828 vsmraid - ok
    09:16:43.0617 2828 [ B60BA0BC31B0CB414593E169F6F21CC2 ] VSS C:\Windows\system32\vssvc.exe
    09:16:43.0633 2828 VSS - ok
    09:16:43.0646 2828 [ 36D4720B72B5C5D9CB2B9C29E9DF67A1 ] vwifibus C:\Windows\System32\drivers\vwifibus.sys
    09:16:43.0690 2828 vwifibus - ok
    09:16:43.0736 2828 [ 1C9D80CC3849B3788048078C26486E1A ] W32Time C:\Windows\system32\w32time.dll
    09:16:43.0741 2828 W32Time - ok
    09:16:43.0826 2828 [ 4E9440F4F152A7B944CB1663D3935A3E ] WacomPen C:\Windows\system32\DRIVERS\wacompen.sys
    09:16:43.0839 2828 WacomPen - ok
    09:16:43.0879 2828 [ 356AFD78A6ED4457169241AC3965230C ] WANARP C:\Windows\system32\DRIVERS\wanarp.sys
    09:16:43.0896 2828 WANARP - ok
    09:16:43.0915 2828 [ 356AFD78A6ED4457169241AC3965230C ] Wanarpv6 C:\Windows\system32\DRIVERS\wanarp.sys
    09:16:43.0916 2828 Wanarpv6 - ok
    09:16:43.0961 2828 [ 3CEC96DE223E49EAAE3651FCF8FAEA6C ] WatAdminSvc C:\Windows\system32\Wat\WatAdminSvc.exe
    09:16:44.0003 2828 WatAdminSvc - ok
    09:16:44.0051 2828 [ 78F4E7F5C56CB9716238EB57DA4B6A75 ] wbengine C:\Windows\system32\wbengine.exe
    09:16:44.0067 2828 wbengine - ok
    09:16:44.0096 2828 [ 3AA101E8EDAB2DB4131333F4325C76A3 ] WbioSrvc C:\Windows\System32\wbiosrvc.dll
    09:16:44.0100 2828 WbioSrvc - ok
    09:16:44.0133 2828 [ 7368A2AFD46E5A4481D1DE9D14848EDD ] wcncsvc C:\Windows\System32\wcncsvc.dll
    09:16:44.0141 2828 wcncsvc - ok
    09:16:44.0174 2828 [ 20F7441334B18CEE52027661DF4A6129 ] WcsPlugInService C:\Windows\System32\WcsPlugInService.dll
    09:16:44.0195 2828 WcsPlugInService - ok
    09:16:44.0224 2828 [ 72889E16FF12BA0F235467D6091B17DC ] Wd C:\Windows\system32\DRIVERS\wd.sys
    09:16:44.0238 2828 Wd - ok
    09:16:44.0261 2828 [ 441BD2D7B4F98134C3A4F9FA570FD250 ] Wdf01000 C:\Windows\system32\drivers\Wdf01000.sys
    09:16:44.0268 2828 Wdf01000 - ok
    09:16:44.0280 2828 [ BF1FC3F79B863C914687A737C2F3D681 ] WdiServiceHost C:\Windows\system32\wdi.dll
    09:16:44.0281 2828 WdiServiceHost - ok
    09:16:44.0284 2828 [ BF1FC3F79B863C914687A737C2F3D681 ] WdiSystemHost C:\Windows\system32\wdi.dll
    09:16:44.0286 2828 WdiSystemHost - ok
    09:16:44.0320 2828 [ 3DB6D04E1C64272F8B14EB8BC4616280 ] WebClient C:\Windows\System32\webclnt.dll
    09:16:44.0324 2828 WebClient - ok
    09:16:44.0348 2828 [ C749025A679C5103E575E3B48E092C43 ] Wecsvc C:\Windows\system32\wecsvc.dll
    09:16:44.0351 2828 Wecsvc - ok
    09:16:44.0364 2828 [ 7E591867422DC788B9E5BD337A669A08 ] wercplsupport C:\Windows\System32\wercplsupport.dll
    09:16:44.0365 2828 wercplsupport - ok
    09:16:44.0387 2828 [ 6D137963730144698CBD10F202E9F251 ] WerSvc C:\Windows\System32\WerSvc.dll
    09:16:44.0389 2828 WerSvc - ok
    09:16:44.0418 2828 [ 611B23304BF067451A9FDEE01FBDD725 ] WfpLwf C:\Windows\system32\DRIVERS\wfplwf.sys
    09:16:44.0419 2828 WfpLwf - ok
    09:16:44.0430 2828 [ 05ECAEC3E4529A7153B3136CEB49F0EC ] WIMMount C:\Windows\system32\drivers\wimmount.sys
    09:16:44.0432 2828 WIMMount - ok
    09:16:44.0444 2828 WinDefend - ok
    09:16:44.0447 2828 WinHttpAutoProxySvc - ok
    09:16:44.0490 2828 [ 19B07E7E8915D701225DA41CB3877306 ] Winmgmt C:\Windows\system32\wbem\WMIsvc.dll
    09:16:44.0492 2828 Winmgmt - ok
    09:16:44.0548 2828 [ BCB1310604AA415C4508708975B3931E ] WinRM C:\Windows\system32\WsmSvc.dll
    09:16:44.0572 2828 WinRM - ok
    09:16:44.0951 2828 [ FE88B288356E7B47B74B13372ADD906D ] WinUsb C:\Windows\system32\DRIVERS\WinUsb.sys
    09:16:44.0982 2828 WinUsb - ok
    09:16:45.0043 2828 [ 4FADA86E62F18A1B2F42BA18AE24E6AA ] Wlansvc C:\Windows\System32\wlansvc.dll
    09:16:45.0053 2828 Wlansvc - ok
    09:16:45.0146 2828 [ F6FF8944478594D0E414D3F048F0D778 ] WmiAcpi C:\Windows\system32\drivers\wmiacpi.sys
    09:16:45.0147 2828 WmiAcpi - ok
    09:16:45.0250 2828 [ 38B84C94C5A8AF291ADFEA478AE54F93 ] wmiApSrv C:\Windows\system32\wbem\WmiApSrv.exe
    09:16:45.0253 2828 wmiApSrv - ok
    09:16:45.0268 2828 WMPNetworkSvc - ok
    09:16:45.0289 2828 [ 96C6E7100D724C69FCF9E7BF590D1DCA ] WPCSvc C:\Windows\System32\wpcsvc.dll
    09:16:45.0306 2828 WPCSvc - ok
    09:16:45.0332 2828 [ 93221146D4EBBF314C29B23CD6CC391D ] WPDBusEnum C:\Windows\system32\wpdbusenum.dll
    09:16:45.0334 2828 WPDBusEnum - ok
    09:16:45.0359 2828 [ 6BCC1D7D2FD2453957C5479A32364E52 ] ws2ifsl C:\Windows\system32\drivers\ws2ifsl.sys
    09:16:45.0362 2828 ws2ifsl - ok
    09:16:45.0378 2828 [ E8B1FE6669397D1772D8196DF0E57A9E ] wscsvc C:\Windows\System32\wscsvc.dll
    09:16:45.0381 2828 wscsvc - ok
    09:16:45.0385 2828 WSearch - ok
    09:16:45.0450 2828 [ D9EF901DCA379CFE914E9FA13B73B4C4 ] wuauserv C:\Windows\system32\wuaueng.dll
    09:16:45.0473 2828 wuauserv - ok
    09:16:45.0501 2828 [ D3381DC54C34D79B22CEE0D65BA91B7C ] WudfPf C:\Windows\system32\drivers\WudfPf.sys
    09:16:45.0503 2828 WudfPf - ok
    09:16:45.0521 2828 [ CF8D590BE3373029D57AF80914190682 ] WUDFRd C:\Windows\system32\DRIVERS\WUDFRd.sys
    09:16:45.0534 2828 WUDFRd - ok
    09:16:45.0568 2828 [ 7A95C95B6C4CF292D689106BCAE49543 ] wudfsvc C:\Windows\System32\WUDFSvc.dll
    09:16:45.0570 2828 wudfsvc - ok
    09:16:45.0593 2828 [ 9A3452B3C2A46C073166C5CF49FAD1AE ] WwanSvc C:\Windows\System32\wwansvc.dll
    09:16:45.0596 2828 WwanSvc - ok
    09:16:45.0608 2828 ================ Scan global ===============================
    09:16:45.0628 2828 [ BA0CD8C393E8C9F83354106093832C7B ] C:\Windows\system32\basesrv.dll
    09:16:45.0675 2828 [ EB6A48CC998E1090E44E8E7F1009A640 ] C:\Windows\system32\winsrv.dll
    09:16:45.0682 2828 [ EB6A48CC998E1090E44E8E7F1009A640 ] C:\Windows\system32\winsrv.dll
    09:16:45.0699 2828 [ D6160F9D869BA3AF0B787F971DB56368 ] C:\Windows\system32\sxssrv.dll
    09:16:45.0715 2828 [ 24ACB7E5BE595468E3B9AA488B9B4FCB ] C:\Windows\system32\services.exe
    09:16:45.0718 2828 [Global] - ok
    09:16:45.0719 2828 ================ Scan MBR ==================================
    09:16:45.0730 2828 [ A36C5E4F47E84449FF07ED3517B43A31 ] \Device\Harddisk0\DR0
    09:16:45.0730 2828 Suspicious mbr (Forged): \Device\Harddisk0\DR0
    09:16:45.0777 2828 \Device\Harddisk0\DR0 ( Rootkit.Boot.Pihar.c ) - infected
    09:16:45.0777 2828 \Device\Harddisk0\DR0 - detected Rootkit.Boot.Pihar.c (0)
    09:16:45.0778 2828 ================ Scan VBR ==================================
    09:16:45.0780 2828 [ 58C1155A8B01D91C2B5445DCC3C38218 ] \Device\Harddisk0\DR0\Partition1
    09:16:45.0781 2828 \Device\Harddisk0\DR0\Partition1 - ok
    09:16:45.0819 2828 [ 03C997F7A0A26CC391F99201EC6E4E0F ] \Device\Harddisk0\DR0\Partition2
    09:16:45.0821 2828 \Device\Harddisk0\DR0\Partition2 - ok
    09:16:45.0856 2828 [ 187E696A2F73281BAE5C971026145C5E ] \Device\Harddisk0\DR0\Partition3
    09:16:45.0857 2828 \Device\Harddisk0\DR0\Partition3 - ok
    09:16:45.0857 2828 ============================================================
    09:16:45.0857 2828 Scan finished
    09:16:45.0857 2828 ============================================================
    09:16:45.0864 1856 Detected object count: 1
    09:16:45.0864 1856 Actual detected object count: 1
    09:17:04.0022 1856 \Device\Harddisk0\DR0\# - copied to quarantine
    09:17:04.0024 1856 \Device\Harddisk0\DR0 - copied to quarantine
    09:17:04.0174 1856 \Device\Harddisk0\DR0\TDLFS\cmd.dll - copied to quarantine
    09:17:04.0209 1856 \Device\Harddisk0\DR0\TDLFS\cmd64.dll - copied to quarantine
    09:17:04.0221 1856 \Device\Harddisk0\DR0\TDLFS\sub.dll - copied to quarantine
    09:17:04.0231 1856 \Device\Harddisk0\DR0\TDLFS\subx.dll - copied to quarantine
    09:17:04.0389 1856 \Device\Harddisk0\DR0\TDLFS\drv32 - copied to quarantine
    09:17:04.0438 1856 \Device\Harddisk0\DR0\TDLFS\drv64 - copied to quarantine
    09:17:04.0471 1856 \Device\Harddisk0\DR0\TDLFS\servers.dat - copied to quarantine
    09:17:04.0502 1856 \Device\Harddisk0\DR0\TDLFS\config.ini - copied to quarantine
    09:17:04.0503 1856 \Device\Harddisk0\DR0\TDLFS\ldr16 - copied to quarantine
    09:17:04.0506 1856 \Device\Harddisk0\DR0\TDLFS\ldr32 - copied to quarantine
    09:17:04.0509 1856 \Device\Harddisk0\DR0\TDLFS\ldr64 - copied to quarantine
    09:17:04.0514 1856 \Device\Harddisk0\DR0\TDLFS\s - copied to quarantine
    09:17:04.0515 1856 \Device\Harddisk0\DR0\TDLFS\ldrm - copied to quarantine
    09:17:04.0517 1856 \Device\Harddisk0\DR0\TDLFS\u - copied to quarantine
    09:17:04.0599 1856 \Device\Harddisk0\DR0\TDLFS\ph.dll - copied to quarantine
    09:17:04.0922 1856 \Device\Harddisk0\DR0 ( Rootkit.Boot.Pihar.c ) - will be cured on reboot
    09:17:05.0352 1856 \Device\Harddisk0\DR0 - ok
    09:17:06.0243 1856 \Device\Harddisk0\DR0 ( Rootkit.Boot.Pihar.c ) - User select action: Cure
    09:17:11.0049 4480 Deinitialize success
  5. JHirschmann

    JHirschmann Newcomer, in training Topic Starter

    This is the entirety of Log 2:

    09:18:31.0628 2816 TDSS rootkit removing tool 2.8.10.0 Sep 17 2012 19:23:24
    09:18:31.0628 2816 ============================================================
    09:18:31.0628 2816 Current date / time: 2012/09/24 09:18:31.0628
    09:18:31.0628 2816 SystemInfo:
    09:18:31.0628 2816
    09:18:31.0628 2816 OS Version: 6.1.7601 ServicePack: 1.0
    09:18:31.0628 2816 Product type: Workstation
    09:18:31.0628 2816 ComputerName: 6000PRO-02
    09:18:31.0628 2816 UserName: jhirschmann
    09:18:31.0628 2816 Windows directory: C:\Windows
    09:18:31.0628 2816 System windows directory: C:\Windows
    09:18:31.0628 2816 Running under WOW64
    09:18:31.0628 2816 Processor architecture: Intel x64
    09:18:31.0628 2816 Number of processors: 2
    09:18:31.0628 2816 Page size: 0x1000
    09:18:31.0628 2816 Boot type: Normal boot
    09:18:31.0628 2816 ============================================================
    09:18:32.0143 2816 BG loaded
    09:18:33.0848 2816 Drive \Device\Harddisk0\DR0 - Size: 0x3A38B2E000 (232.89 Gb), SectorSize: 0x200, Cylinders: 0x76C1, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000040
    09:18:33.0848 2816 ============================================================
    09:18:33.0848 2816 \Device\Harddisk0\DR0:
    09:18:33.0864 2816 MBR partitions:
    09:18:33.0864 2816 \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x800, BlocksNum 0x3FF800
    09:18:33.0864 2816 \Device\Harddisk0\DR0\Partition2: MBR, Type 0x7, StartLBA 0x400000, BlocksNum 0x1C19F000
    09:18:33.0864 2816 \Device\Harddisk0\DR0\Partition3: MBR, Type 0x7, StartLBA 0x1C59F000, BlocksNum 0xC21800
    09:18:33.0864 2816 ============================================================
    09:18:34.0004 2816 C: <-> \Device\Harddisk0\DR0\Partition2
    09:18:34.0426 2816 D: <-> \Device\Harddisk0\DR0\Partition3
    09:18:34.0426 2816 ============================================================
    09:18:34.0426 2816 Initialize success
    09:18:34.0426 2816 ============================================================

    Thank you for your help. It is truly appreciated. If there are any further steps to take, please let me know at your convenience. You provide an absolutely wonderful service!
  6. Broni

    Broni Malware Annihilator Posts: 45,175   +242

    Very good :)

    Re-run MBAM and post new log.
  7. JHirschmann

    JHirschmann Newcomer, in training Topic Starter

    Below is the log from MBAM:

    Malwarebytes Anti-Malware 1.65.0.1400
    www.malwarebytes.org

    Database version: v2012.09.21.08

    Windows 7 Service Pack 1 x64 NTFS
    Internet Explorer 9.0.8112.16421
    jhirschmann :: 6000PRO-02 [administrator]

    9/24/2012 12:12:50 PM
    mbam-log-2012-09-24 (12-12-50).txt

    Scan type: Quick scan
    Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
    Scan options disabled: P2P
    Objects scanned: 250085
    Time elapsed: 2 minute(s), 54 second(s)

    Memory Processes Detected: 0
    (No malicious items detected)

    Memory Modules Detected: 0
    (No malicious items detected)

    Registry Keys Detected: 0
    (No malicious items detected)

    Registry Values Detected: 0
    (No malicious items detected)

    Registry Data Items Detected: 0
    (No malicious items detected)

    Folders Detected: 0
    (No malicious items detected)

    Files Detected: 0
    (No malicious items detected)

    (end)

    It appears (at least to my untrained eyes) that the virus has been eliminated.

    I cannot thank you enough for your time and efforts.
  8. Broni

    Broni Malware Annihilator Posts: 45,175   +242

    Good :)

    We need to finish our cleaning process though...

    • Download RogueKiller on the desktop
    • Close all the running programs
    • Windows Vista/7 users: right click on RogueKiller.exe, click Run as Administrator
    • Otherwise just double-click on RogueKiller.exe
    • Pre-scan will start. Let it finish.
    • Click on SCAN button.
    • Wait until the Status box shows Scan Finished
    • Click on Delete.
    • Wait until the Status box shows Deleting Finished.
    • Click on Report and copy/paste the content of the Notepad into your next reply.
    • RKreport.txt could also be found on your desktop.
    • If more than one log is produced post all logs.
    • If RogueKiller has been blocked, do not hesitate to try a few times more. If really won't run, rename it to winlogon.exe (or winlogon.com) and try again

    ==================================

    Download aswMBR to your desktop.
    Double click the aswMBR.exe to run it.
    If you see this question: Would you like to download latest Avast! virus definitions?" say "Yes".
    Click the "Scan" button to start scan.
    On completion of the scan click "Save log", save it to your desktop and post in your next reply.

    NOTE. aswMBR will create MBR.dat file on your desktop. This is a copy of your MBR. Do NOT delete it.
  9. JHirschmann

    JHirschmann Newcomer, in training Topic Starter

    RogueKiller Log

    RogueKiller V8.0.5 [09/23/2012] by Tigzy
    mail: tigzyRK<at>gmail<dot>com
    Feedback: http://www.geekstogo.com/forum/files/file/413-roguekiller/
    Blog: http://tigzyrk.blogspot.com

    Operating System: Windows 7 (6.1.7601 Service Pack 1) 64 bits version
    Started in : Normal mode
    User : jhirschmann [Admin rights]
    Mode : Remove -- Date : 09/24/2012 14:33:11

    ¤¤¤ Bad processes : 0 ¤¤¤

    ¤¤¤ Registry Entries : 12 ¤¤¤
    [RUN][BLACKLIST DLL] HKUS\S-1-5-19[...]\Run : Diagnostics (rundll32.exe "C:\Users\hglymour\AppData\Local\Macromedia\Diagnostics\xrfqtfyj.dll",CreateInstance) -> DELETED
    [RUN][BLACKLIST DLL] HKUS\S-1-5-20[...]\Run : Diagnostics (rundll32.exe "C:\Users\hglymour\AppData\Local\Macromedia\Diagnostics\xrfqtfyj.dll",CreateInstance) -> DELETED
    [RUN][SUSP PATH] HKLM\[...]\RunOnce : C:\ProgramData\LogMeIn Rescue ConnectOnLAN\LMIRescueApplet_6000PRO-02_110429_162244.bat.js (C:\ProgramData\LogMeIn Rescue ConnectOnLAN\LMIRescueApplet_6000PRO-02_110429_162244.bat.js) -> DELETED
    [RUN][SUSP PATH] HKLM\[...]\RunOnce : C:\ProgramData\LogMeIn Rescue ConnectOnLAN\LMIRescueApplet_6000PRO-02_110429_170001.bat.js (C:\ProgramData\LogMeIn Rescue ConnectOnLAN\LMIRescueApplet_6000PRO-02_110429_170001.bat.js) -> DELETED
    [HJ] HKLM\[...]\System : ConsentPromptBehaviorAdmin (0) -> REPLACED (2)
    [HJ] HKLM\[...]\System : EnableLUA (0) -> REPLACED (1)
    [HJ SMENU] HKCU\[...]\Advanced : Start_ShowMyGames (0) -> REPLACED (1)
    [HJ SMENU] HKCU\[...]\Advanced : Start_ShowSetProgramAccessAndDefaults (0) -> REPLACED (1)
    [HJ DESK] HKCU\[...]\ClassicStartMenu : {20D04FE0-3AEA-1069-A2D8-08002B30309D} (1) -> REPLACED (0)
    [HJ DESK] HKCU\[...]\NewStartPanel : {20D04FE0-3AEA-1069-A2D8-08002B30309D} (1) -> REPLACED (0)
    [HJ DESK] HKLM\[...]\NewStartPanel : {59031a47-3f72-44a7-89c5-5595fe6b30ee} (1) -> REPLACED (0)
    [HJ DESK] HKLM\[...]\NewStartPanel : {20D04FE0-3AEA-1069-A2D8-08002B30309D} (1) -> REPLACED (0)

    ¤¤¤ Particular Files / Folders: ¤¤¤

    ¤¤¤ Driver : [NOT LOADED] ¤¤¤

    ¤¤¤ Extern Hives: ¤¤¤

    ¤¤¤ Infection : ¤¤¤

    ¤¤¤ HOSTS File: ¤¤¤
    --> C:\Windows\system32\drivers\etc\hosts



    ¤¤¤ MBR Check: ¤¤¤

    +++++ PhysicalDrive0: Hitachi HDS721025CLA382 +++++
    --- User ---
    [MBR] 918bd15bf50faff65423d7cfb6e3be61
    [BSP] 2e8bea72005e04d82ef6d5bd415c8caf : Windows 7 MBR Code
    Partition table:
    0 - [ACTIVE] NTFS (0x07) [VISIBLE] Offset (sectors): 2048 | Size: 2047 Mo
    1 - [XXXXXX] NTFS (0x07) [VISIBLE] Offset (sectors): 4194304 | Size: 230206 Mo
    2 - [XXXXXX] NTFS (0x07) [VISIBLE] Offset (sectors): 475656192 | Size: 6211 Mo
    User = LL1 ... OK!
    User = LL2 ... OK!

    Finished : << RKreport[2].txt >>
    RKreport[1].txt ; RKreport[2].txt

    aswMBR Log

    aswMBR version 0.9.9.1665 Copyright(c) 2011 AVAST Software
    Run date: 2012-09-24 14:35:03
    -----------------------------
    14:35:03.449 OS Version: Windows x64 6.1.7601 Service Pack 1
    14:35:03.449 Number of processors: 2 586 0x170A
    14:35:03.449 ComputerName: 6000PRO-02 UserName:
    14:35:04.748 Initialize success
    14:37:36.499 AVAST engine defs: 12092400
    14:37:39.902 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IAAStorageDevice-1
    14:37:39.904 Disk 0 Vendor: Hitachi_ JP1O Size: 238475MB BusType: 3
    14:37:39.915 Disk 0 MBR read successfully
    14:37:39.917 Disk 0 MBR scan
    14:37:39.922 Disk 0 Windows 7 default MBR code
    14:37:39.925 Disk 0 Partition 1 80 (A) 07 HPFS/NTFS NTFS 2047 MB offset 2048
    14:37:39.938 Disk 0 Partition 2 00 07 HPFS/NTFS NTFS 230206 MB offset 4194304
    14:37:39.974 Disk 0 Partition 3 00 07 HPFS/NTFS NTFS 6211 MB offset 475656192
    14:37:40.032 Disk 0 scanning C:\Windows\system32\drivers
    14:37:50.076 Service scanning
    14:38:25.265 Modules scanning
    14:38:25.273 Disk 0 trace - called modules:
    14:38:25.321 ntoskrnl.exe CLASSPNP.SYS disk.sys ACPI.sys iastor.sys hal.dll
    14:38:25.327 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0xfffffa80050ea060]
    14:38:25.331 3 CLASSPNP.SYS[fffff8800169743f] -> nt!IofCallDriver -> [0xfffffa8003631340]
    14:38:25.336 5 ACPI.sys[fffff88000f8c7a1] -> nt!IofCallDriver -> \Device\Ide\IAAStorageDevice-1[0xfffffa8004060050]
    14:38:26.137 AVAST engine scan C:\Windows
    14:38:28.112 AVAST engine scan C:\Windows\system32
    14:41:07.324 AVAST engine scan C:\Windows\system32\drivers
    14:41:25.868 AVAST engine scan C:\Users\hglymour
    14:41:40.785 Disk 0 MBR has been saved successfully to "C:\Users\hglymour\Desktop\MBR.dat"
    14:41:40.788 The log file has been saved successfully to "C:\Users\hglymour\Desktop\aswMBR.txt"

    Again thank you for your quick responses and your assistance. If there is anything further I need to do please let me know.

    Also, once you have determined that the computer is clean, should I keep all of the programs and logs that have been created? Or should they be deleted? Or does it not really matter? Any insight would again be appreciated!
  10. Broni

    Broni Malware Annihilator Posts: 45,175   +242

    I'll let you know.

    Create new restore point before proceeding with the next step....
    How to:
    - Windows 7: http://www.howtogeek.com/howto/3195/create-a-system-restore-point-in-windows-7/
    - Vista: http://www.howtogeek.com/howto/wind...tore-point-for-windows-vistas-system-restore/
    - XP: http://support.microsoft.com/kb/948247

    =================================

    Please download ComboFix from Here, Here or Here to your Desktop.

    **Note: In the event you already have Combofix, this is a new version that I need you to download. It is important that it is saved directly to your desktop**
    • Never rename Combofix unless instructed.
    • Close any open browsers.
    • Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.
    • Very Important! Temporarily disable your anti-virus, script blocking and any anti-malware real-time protection before performing a scan. They can interfere with ComboFix or remove some of its embedded files which may cause "unpredictable results".
    • Click on this link to see a list of programs that should be disabled. The list is not all inclusive. If yours is not listed and you don't know how to disable it, please ask.
    • Close any open browsers.
    • WARNING: Combofix will disconnect your machine from the Internet as soon as it starts
    • Please do not attempt to re-connect your machine back to the Internet until Combofix has completely finished.
    • If there is no internet connection after running Combofix, then restart your computer to restore back your connection.
      If restarting doesn't help use restore point you created prior to running Combofix.
    • Double click on combofix.exe & follow the prompts.

    • NOTE1. If Combofix asks you to install Recovery Console, please allow it.
      NOTE 2. If Combofix asks you to update the program, always do so.
    • When finished, it will produce a report for you.
    • Please post the "C:\ComboFix.txt"
    **Note 1: Do not mouseclick combofix's window while it's running. That may cause it to stall
    **Note 2 for AVG and CA Internet Security (Total Defense Internet Security) users: ComboFix will not run until AVG/CA Internet Security is uninstalled as a protective measure against the anti-virus. This is because AVG/CA Internet Security "falsely" detects ComboFix (or its embedded files) as a threat and may remove them resulting in the tool not working correctly which in turn can cause "unpredictable results". Since AVG/CA Internet Security cannot be effectively disabled before running ComboFix, the author recommends you to uninstall AVG/CA Internet Security first.
    Use AppRemover to uninstall it: http://www.appremover.com/
    We can reinstall it when we're done with CF.
    **Note 3: If you receive an error "Illegal operation attempted on a registery key that has been marked for deletion", restart computer to fix the issue.
    **Note 4: Some infections may take some significant time to be cured. As long as your computer clock is running Combofix is still working. Be patient.


    Make sure, you re-enable your security programs, when you're done with Combofix.

    ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
    ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

    NOTE.
    If, for some reason, Combofix refuses to run, try the following...

    Delete Combofix file, download fresh one, but rename combofix.exe to your_name.exe BEFORE saving it to your desktop.
    Do NOT run it yet.
    Download Rkill (courtesy of BleepingComputer.com) to your desktop.
    There are 2 different versions. If one of them won't run then download and try to run the other one.
    You only need to get one of these to run, not all of them. You may get warnings from your antivirus about this tool, ignore them or shutdown your antivirus.

    rKill.exe: http://www.bleepingcomputer.com/download/rkill/dl/10/
    iExplore.exe (renamed rKill.exe): http://www.bleepingcomputer.com/download/rkill/dl/11/

    Restart computer in safe mode

    • Double-click on the Rkill desktop icon to run the tool.
    • If using Vista or Windows 7 right-click on it and choose Run As Administrator.
    • A black DOS box will briefly flash and then disappear. This is normal and indicates the tool ran successfully.
    • If not, delete the file, then download and use the one provided in Link 2.
    • Do not reboot until instructed.
    • If the tool does not run from any of the links provided, please let me know.

    When the scan is done Notepad will open with rKill.txt log.
    NOTE. rKill.txt log will also be present on your desktop.

    Once you've gotten one of them to run, immediately run your_name.exe by double clicking on it.

    IF you had to run rKill post BOTH logs, rKill.txt and Combofix.txt.
  11. JHirschmann

    JHirschmann Newcomer, in training Topic Starter

    Below is the ComboFix Log:

    ComboFix 12-09-24.02 - jhirschmann 09/24/2012 15:21:16.1.2 - x64
    Microsoft Windows 7 Professional 6.1.7601.1.1252.1.1033.18.3991.2760 [GMT -4:00]
    Running from: c:\users\hglymour\Desktop\ComboFix.exe
    AV: Norton AntiVirus *Disabled/Updated* {63DF5164-9100-186D-2187-8DC619EFD8BF}
    SP: Norton AntiVirus *Enabled/Updated* {D8BEB080-B73A-17E3-1B37-B6B462689202}
    SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
    .
    .
    ((((((((((((((((((((((((( Files Created from 2012-08-24 to 2012-09-24 )))))))))))))))))))))))))))))))
    .
    .
    2012-09-24 18:51 . 2012-09-24 19:18 -------- d-----w- C:\tstemp
    2012-09-24 18:50 . 2012-09-24 18:50 -------- d-----w- c:\users\hglymour\AppData\Local\VirtualStore
    2012-09-24 13:17 . 2012-09-24 13:17 -------- d-----w- C:\TDSSKiller_Quarantine
    2012-09-14 12:39 . 2012-09-07 21:04 25928 ----a-w- c:\windows\system32\drivers\mbam.sys
    2012-09-14 12:39 . 2012-09-14 12:39 -------- d-----w- c:\program files (x86)\Malwarebytes' Anti-Malware
    2012-09-12 13:27 . 2012-08-22 18:12 950128 ----a-w- c:\windows\system32\drivers\ndis.sys
    2012-09-12 13:27 . 2012-07-04 20:26 41472 ----a-w- c:\windows\system32\drivers\RNDISMP.sys
    2012-09-12 13:27 . 2012-08-02 17:58 574464 ----a-w- c:\windows\system32\d3d10level9.dll
    2012-09-12 13:27 . 2012-08-02 16:57 490496 ----a-w- c:\windows\SysWow64\d3d10level9.dll
    2012-09-12 13:27 . 2012-08-22 18:12 1913200 ----a-w- c:\windows\system32\drivers\tcpip.sys
    2012-09-12 13:27 . 2012-08-22 18:12 376688 ----a-w- c:\windows\system32\drivers\netio.sys
    2012-09-12 13:27 . 2012-08-22 18:12 288624 ----a-w- c:\windows\system32\drivers\FWPKCLNT.SYS
    2012-09-09 14:08 . 2012-09-21 17:41 -------- d-----w- c:\program files (x86)\Emsisoft Anti-Malware
    2012-08-29 17:25 . 2012-08-29 17:25 175736 ----a-w- c:\windows\system32\drivers\SYMEVENT64x86.SYS
    2012-08-29 17:25 . 2012-08-29 17:25 -------- d-----w- c:\program files\Symantec
    2012-08-29 17:25 . 2012-08-29 17:25 -------- d-----w- c:\program files\Common Files\Symantec Shared
    2012-08-29 17:24 . 2012-08-29 17:34 -------- d-----w- c:\windows\system32\drivers\NAVx64
    2012-08-29 17:24 . 2012-08-29 17:24 -------- d-----w- c:\program files (x86)\Norton AntiVirus
    2012-08-27 15:12 . 2012-08-27 15:12 -------- d-----w- c:\windows\Offline Address Books
    .
    .
    .
    (((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
    .
    2012-09-21 14:53 . 2012-04-02 12:59 696240 ----a-w- c:\windows\SysWow64\FlashPlayerApp.exe
    2012-09-21 14:53 . 2011-05-17 12:52 73136 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl
    2012-09-13 07:02 . 2010-07-16 18:37 64462936 ----a-w- c:\windows\system32\MRT.exe
    .
    .
    ((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
    .
    .
    *Note* empty entries & legit default entries are not shown
    REGEDIT4
    .
    [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "LightScribe Control Panel"="c:\program files (x86)\Common Files\LightScribe\LightScribeControlPanel.exe" [2009-10-16 2363392]
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
    "RoxioDragToDisc"="c:\program files (x86)\Roxio\Drag-to-Disc\DrgToDsc.exe" [2006-10-30 1116920]
    "Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2012-07-27 919008]
    "SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe" [2012-01-18 254696]
    "DameWare MRC Agent"="c:\windows\SysWOW64\DWRCST.exe" [2009-02-04 78848]
    .
    c:\users\hglymour\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
    OneNote 2010 Screen Clipper and Launcher.lnk - c:\program files (x86)\Microsoft Office\Office14\ONENOTEM.EXE [2011-9-2 227712]
    .
    c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
    TSTemp.bat [2010-7-22 34]
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
    "ConsentPromptBehaviorUser"= 3 (0x3)
    "EnableUIADesktopToggle"= 0 (0x0)
    "PromptOnSecureDesktop"= 0 (0x0)
    .
    R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]
    R3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service;c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-09-21 250288]
    R3 MozillaMaintenance;Mozilla Maintenance Service;c:\program files (x86)\Mozilla Maintenance Service\maintenanceservice.exe [2012-06-17 113120]
    R3 osppsvc;Office Software Protection Platform;c:\program files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE [2010-01-10 4925184]
    R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [2010-11-20 59392]
    R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe [2010-07-16 1255736]
    S0 DRVECDB;DRVECDB;c:\windows\System32\Drivers\DRVECDB.SYS [2006-07-21 122776]
    S0 PxHlpa64;PxHlpa64;c:\windows\System32\Drivers\PxHlpa64.sys [2006-07-24 52664]
    S0 SymDS;Symantec Data Store;c:\windows\system32\drivers\NAVx64\1308000.00E\SYMDS64.SYS [2012-03-29 451192]
    S0 SymEFA;Symantec Extended File Attributes;c:\windows\system32\drivers\NAVx64\1308000.00E\SYMEFA64.SYS [2012-05-22 1129120]
    S1 BHDrvx64;BHDrvx64;c:\programdata\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NAV_19.7.1.5\Definitions\BASHDefs\20120919.001\BHDrvx64.sys [2012-08-31 1385120]
    S1 ccSet_NAV;Norton AntiVirus Settings Manager;c:\windows\system32\drivers\NAVx64\1308000.00E\ccSetx64.sys [2012-06-07 167072]
    S1 DLACDBHE;DLACDBHE;c:\windows\system32\Drivers\DLACDBHE.SYS [2007-02-09 15864]
    S1 DLARTL_E;DLARTL_E;c:\windows\system32\Drivers\DLARTL_E.SYS [2007-02-09 39160]
    S1 dwvkbd;DameWare Virtual Keyboard 64 bit Driver;c:\windows\system32\DRIVERS\dwvkbd64.sys [2007-02-15 30720]
    S1 IDSVia64;IDSVia64;c:\programdata\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NAV_19.7.1.5\Definitions\IPSDefs\20120921.001\IDSvia64.sys [2012-09-06 513184]
    S1 SymIRON;Symantec Iron Driver;c:\windows\system32\drivers\NAVx64\1308000.00E\Ironx64.SYS [2012-04-18 190072]
    S1 SymNetS;Symantec Network Security WFP Driver;c:\windows\System32\Drivers\NAVx64\1308000.00E\SYMNETS.SYS [2012-04-18 405624]
    S2 AdobeARMservice;Adobe Acrobat Update Service;c:\program files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe [2012-07-27 63960]
    S2 DLABMFSE;DLABMFSE;c:\windows\system32\DLA\DLABMFSE.SYS [2008-02-22 43888]
    S2 DLABOIOE;DLABOIOE;c:\windows\system32\DLA\DLABOIOE.SYS [2008-02-22 41712]
    S2 DLADResE;DLADResE;c:\windows\system32\DLA\DLADResE.SYS [2008-02-22 10096]
    S2 DLAIFS_E;DLAIFS_E;c:\windows\system32\DLA\DLAIFS_E.SYS [2008-02-22 141296]
    S2 DLAOPIOE;DLAOPIOE;c:\windows\system32\DLA\DLAOPIOE.SYS [2008-02-22 33904]
    S2 DLAPoolE;DLAPoolE;c:\windows\system32\DLA\DLAPoolE.SYS [2008-02-22 17776]
    S2 DLAUDF_E;DLAUDF_E;c:\windows\system32\DLA\DLAUDF_E.SYS [2008-02-22 142832]
    S2 DLAUDFAE;DLAUDFAE;c:\windows\system32\DLA\DLAUDFAE.SYS [2008-02-22 136816]
    S2 DRVEDDM;DRVEDDM;c:\windows\system32\Drivers\DRVEDDM.SYS [2007-02-09 63608]
    S2 NAV;Norton AntiVirus;c:\program files (x86)\Norton AntiVirus\Engine\19.8.0.14\ccSvcHst.exe [2012-06-16 138272]
    S2 TSScheduleBackup;TimeslipsBackup;c:\windows\SysWOW64\TSSchBkpService.exe [2010-06-04 705024]
    S2 UNS;Intel(R) Management and Security Application User Notification Service;c:\program files (x86)\Common Files\Intel\Privacy Icon\UNS\UNS.exe [2009-07-24 2066968]
    S3 e1kexpress;Intel(R) PRO/1000 PCI Express Network Connection Driver K;c:\windows\system32\DRIVERS\e1k62x64.sys [2010-04-06 301232]
    S3 EraserUtilRebootDrv;EraserUtilRebootDrv;c:\program files (x86)\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [2012-08-31 138912]
    S3 HECIx64;Intel(R) Management Engine Interface;c:\windows\system32\DRIVERS\HECIx64.sys [2009-07-24 56344]
    .
    .
    --- Other Services/Drivers In Memory ---
    .
    *NewlyCreated* - WS2IFSL
    .
    [HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\active setup\installed components\{10880D85-AAD9-4558-ABDC-2AB1552D831F}]
    2009-10-16 16:49 451872 ----a-w- c:\program files (x86)\Common Files\LightScribe\LSRunOnce.exe
    .
    Contents of the 'Scheduled Tasks' folder
    .
    2012-09-24 c:\windows\Tasks\Adobe Flash Player Updater.job
    - c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-04-02 14:53]
    .
    .
    --------- X64 Entries -----------
    .
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "picon"="c:\program files (x86)\Common Files\Intel\Privacy Icon\PrivacyIconClient.exe" [2009-07-24 796696]
    "RtHDVCpl"="c:\program files\Realtek\Audio\HDA\RAVCpl64.exe" [2010-04-09 10144288]
    "IgfxTray"="c:\windows\system32\igfxtray.exe" [2010-08-26 161304]
    "HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2010-08-26 386584]
    "Persistence"="c:\windows\system32\igfxpers.exe" [2010-08-26 415256]
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
    "LoadAppInit_DLLs"=0x0
    .
    ------- Supplementary Scan -------
    .
    uStart Page = hxxp://www.google.com/
    uLocal Page = c:\windows\system32\blank.htm
    mLocal Page = c:\windows\SysWOW64\blank.htm
    IE: E&xport to Microsoft Excel - c:\progra~2\MICROS~1\Office14\EXCEL.EXE/3000
    IE: Se&nd to OneNote - c:\progra~2\MICROS~1\Office14\ONBttnIE.dll/105
    TCP: DhcpNameServer = 192.168.25.3 192.168.25.5
    FF - ProfilePath - c:\users\hglymour\AppData\Roaming\Mozilla\Firefox\Profiles\q026kose.default\
    FF - prefs.js: browser.startup.homepage - www.google.com
    FF - prefs.js: network.proxy.type - 0
    .
    - - - - ORPHANS REMOVED - - - -
    .
    SafeBoot-79531155.sys
    .
    .
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\NAV]
    "ImagePath"="\"c:\program files (x86)\Norton AntiVirus\Engine\19.8.0.14\ccSvcHst.exe\" /s \"NAV\" /m \"c:\program files (x86)\Norton AntiVirus\Engine\19.8.0.14\diMaster.dll\" /prefetch:1"
    .
    --------------------- LOCKED REGISTRY KEYS ---------------------
    .
    [HKEY_USERS\.Default\Software\Microsoft\Internet Explorer\Approved Extensions]
    @Denied: (2) (LocalSystem)
    "{18DF081C-E8AD-4283-A596-FA578C2EBDC3}"=hex:51,66,7a,6c,4c,1d,38,12,72,0b,cc,
    1c,9f,a6,ed,07,da,80,b9,17,89,70,f9,d7
    "{6D53EC84-6AAE-4787-AEEE-F4628F01010C}"=hex:51,66,7a,6c,4c,1d,38,12,ea,ef,40,
    69,9c,24,e9,02,d1,f8,b7,22,8a,5f,45,18
    "{761497BB-D6F0-462C-B6EB-D4DAF1D92D43}"=hex:51,66,7a,6c,4c,1d,38,12,d5,94,07,
    72,c2,98,42,03,c9,fd,97,9a,f4,87,69,57
    "{B4F3A835-0E21-4959-BA22-42B3008E02FF}"=hex:51,66,7a,6c,4c,1d,38,12,5b,ab,e0,
    b0,13,40,37,0c,c5,34,01,f3,05,d0,46,eb
    "{DBC80044-A445-435B-BC74-9C25C1C588A9}"=hex:51,66,7a,6c,4c,1d,38,12,2a,03,db,
    df,77,ea,35,06,c3,62,df,65,c4,9b,cc,bd
    .
    [HKEY_USERS\.Default\Software\Microsoft\Internet Explorer\ApprovedExtensionsMigration]
    @Denied: (2) (LocalSystem)
    "Timestamp"=hex:81,f3,c8,1b,32,87,cd,01
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
    @Denied: (A 2) (Everyone)
    @="FlashBroker"
    "LocalizedString"="@c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_11_4_402_278_ActiveX.exe,-101"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
    "Enabled"=dword:00000001
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
    @="c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_11_4_402_278_ActiveX.exe"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
    @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
    @Denied: (A 2) (Everyone)
    @="IFlashBroker5"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
    @="{00020424-0000-0000-C000-000000000046}"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
    @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
    "Version"="1.0"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
    @Denied: (A 2) (Everyone)
    @="FlashBroker"
    "LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_4_402_278_ActiveX.exe,-101"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
    "Enabled"=dword:00000001
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
    @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_4_402_278_ActiveX.exe"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
    @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
    @Denied: (A 2) (Everyone)
    @="Shockwave Flash Object"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
    @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_4_402_278.ocx"
    "ThreadingModel"="Apartment"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
    @="0"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
    @="ShockwaveFlash.ShockwaveFlash.11"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
    @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_4_402_278.ocx, 1"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
    @="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
    @="1.0"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
    @="ShockwaveFlash.ShockwaveFlash"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
    @Denied: (A 2) (Everyone)
    @="Macromedia Flash Factory Object"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
    @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_4_402_278.ocx"
    "ThreadingModel"="Apartment"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
    @="FlashFactory.FlashFactory.1"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
    @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_4_402_278.ocx, 1"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
    @="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
    @="1.0"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
    @="FlashFactory.FlashFactory"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
    @Denied: (A 2) (Everyone)
    @="IFlashBroker5"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
    @="{00020424-0000-0000-C000-000000000046}"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
    @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
    "Version"="1.0"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Office\Common\Smart Tag\Actions\{B7EFF951-E52F-45CC-9EF7-57124F2177CC}]
    @Denied: (A) (Everyone)
    "Solution"="{15727DE6-F92D-4E46-ACB4-0E2C58B31A18}"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Schema Library\ActionsPane3]
    @Denied: (A) (Everyone)
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Schema Library\ActionsPane3\0]
    "Key"="ActionsPane3"
    "Location"="c:\\Program Files (x86)\\Common Files\\Microsoft Shared\\VSTO\\ActionsPane3.xsd"
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
    @Denied: (Full) (Everyone)
    .
    ------------------------ Other Running Processes ------------------------
    .
    c:\windows\SysWOW64\DWRCS.EXE
    c:\program files (x86)\Common Files\LightScribe\LSSrvc.exe
    c:\program files (x86)\Intel\AMT\LMS.exe
    .
    **************************************************************************
    .
    Completion time: 2012-09-24 15:30:47 - machine was rebooted
    ComboFix-quarantined-files.txt 2012-09-24 19:30
    .
    Pre-Run: 191,801,995,264 bytes free
    Post-Run: 191,677,042,688 bytes free
    .
    - - End Of File - - D0FF1ABC78AA7F0CFBE985B11BACE122
  12. Broni

    Broni Malware Annihilator Posts: 45,175   +242

    Looks good :)

    Any current issues?

    ========================

    Download OTL to your Desktop.
    Alternate download: http://www.itxassociates.com/OT-Tools/OTL.exe

    • Double click on the icon to run it. Make sure all other windows are closed and to let it run uninterrupted.
    • Click the Scan All Users checkbox.
    • Click the Quick Scan button. Do not change any settings unless otherwise told to do so. The scan wont take long.
    • When the scan completes, it will open two notepad windows: OTL.txt and Extras.txt. These are saved in the same location as OTL.
    • Please copy (Edit->Select All, Edit->Copy) the contents of these files, one at a time, and post them back here.
  13. JHirschmann

    JHirschmann Newcomer, in training Topic Starter

    The computer seems to be working like normal! Below are the Logs:

    OTL Log

    OTL logfile created on: 9/24/2012 4:09:50 PM - Run 1
    OTL by OldTimer - Version 3.2.66.2 Folder = C:\Users\hglymour\Desktop
    64bit- Professional Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
    Internet Explorer (Version = 9.0.8112.16421)
    Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

    3.90 Gb Total Physical Memory | 2.83 Gb Available Physical Memory | 72.63% Memory free
    7.79 Gb Paging File | 6.71 Gb Available in Paging File | 86.12% Paging File free
    Paging file location(s): ?:\pagefile.sys [binary data]

    %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
    Drive C: | 224.81 Gb Total Space | 178.60 Gb Free Space | 79.45% Space Free | Partition Type: NTFS
    Drive D: | 6.07 Gb Total Space | 0.70 Gb Free Space | 11.50% Space Free | Partition Type: NTFS

    Computer Name: 6000PRO-02 | User Name: jhirschmann | Logged in as Administrator.
    Boot Mode: Normal | Scan Mode: Current user | Quick Scan | Include 64bit Scans
    Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

    ========== Processes (SafeList) ==========

    PRC - [2012/09/24 16:09:28 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\hglymour\Desktop\OTL.exe
    PRC - [2012/07/27 16:51:26 | 000,063,960 | ---- | M] (Adobe Systems Incorporated) -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
    PRC - [2012/06/15 22:24:19 | 000,138,272 | R--- | M] (Symantec Corporation) -- C:\Program Files (x86)\Norton AntiVirus\Engine\19.8.0.14\ccsvchst.exe
    PRC - [2012/01/18 14:02:04 | 000,508,136 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files (x86)\Common Files\Java\Java Update\jucheck.exe
    PRC - [2010/06/04 15:47:18 | 000,705,024 | ---- | M] () -- C:\Windows\SysWOW64\TSSchBkpService.exe
    PRC - [2009/07/24 07:29:52 | 002,066,968 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Common Files\Intel\Privacy Icon\UNS\UNS.exe
    PRC - [2009/07/24 07:29:38 | 000,174,616 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\AMT\LMS.exe
    PRC - [2009/02/04 16:35:00 | 000,078,848 | ---- | M] (DameWare Development) -- C:\Windows\SysWOW64\DWRCST.EXE
    PRC - [2009/02/04 16:34:46 | 000,234,496 | ---- | M] (DameWare Development LLC) -- C:\Windows\SysWOW64\DWRCS.EXE
    PRC - [2006/10/30 09:00:00 | 001,116,920 | ---- | M] (Roxio) -- C:\Program Files (x86)\Roxio\Drag-to-Disc\DrgToDsc.exe


    ========== Modules (No Company Name) ==========

    MOD - [2009/10/16 12:10:14 | 007,745,536 | ---- | M] () -- C:\Program Files (x86)\Common Files\LightScribe\QtGui4.dll
    MOD - [2009/10/16 12:10:14 | 002,121,728 | ---- | M] () -- C:\Program Files (x86)\Common Files\LightScribe\QtCore4.dll
    MOD - [2009/10/16 12:10:14 | 000,135,168 | ---- | M] () -- C:\Program Files (x86)\Common Files\LightScribe\plugins\imageformats\qjpeg4.dll
    MOD - [2008/02/22 10:22:32 | 000,055,792 | ---- | M] () -- C:\Windows\SysWOW64\DLAAPI_W.DLL


    ========== Services (SafeList) ==========

    SRV:64bit: - [2009/07/13 21:41:27 | 001,011,712 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
    SRV:64bit: - [2009/07/13 21:40:01 | 000,193,536 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\appmgmts.dll -- (AppMgmt)
    SRV - [2012/09/21 10:53:26 | 000,250,288 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc)
    SRV - [2012/07/27 16:51:26 | 000,063,960 | ---- | M] (Adobe Systems Incorporated) [Auto | Running] -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe -- (AdobeARMservice)
    SRV - [2012/06/17 10:11:24 | 000,113,120 | ---- | M] (Mozilla Foundation) [On_Demand | Stopped] -- C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe -- (MozillaMaintenance)
    SRV - [2012/06/15 22:24:19 | 000,138,272 | R--- | M] (Symantec Corporation) [Auto | Running] -- C:\Program Files (x86)\Norton AntiVirus\Engine\19.8.0.14\ccSvcHst.exe -- (NAV)
    SRV - [2010/06/04 15:47:18 | 000,705,024 | ---- | M] () [Auto | Running] -- C:\Windows\SysWOW64\TSSchBkpService.exe -- (TSScheduleBackup)
    SRV - [2010/03/18 13:16:28 | 000,130,384 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32)
    SRV - [2009/07/24 07:29:52 | 002,066,968 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files (x86)\Common Files\Intel\Privacy Icon\UNS\UNS.exe -- (UNS)
    SRV - [2009/07/24 07:29:38 | 000,174,616 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files (x86)\Intel\AMT\LMS.exe -- (LMS)
    SRV - [2009/06/10 17:23:09 | 000,066,384 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32)
    SRV - [2009/02/04 16:34:46 | 000,234,496 | ---- | M] (DameWare Development LLC) [Auto | Running] -- C:\Windows\SysWOW64\DWRCS.EXE -- (DWMRCS)
    SRV - [2004/10/22 03:24:18 | 000,073,728 | ---- | M] (Macrovision Corporation) [On_Demand | Stopped] -- C:\Program Files (x86)\Roxio\Roxio MyDVD Basic v9\InstallShield\Driver\1050\Intel 32\IDriverT.exe -- (IDriverT)


    ========== Driver Services (SafeList) ==========

    DRV:64bit: - [2012/08/29 13:25:12 | 000,175,736 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\SYMEVENT64x86.SYS -- (SymEvent)
    DRV:64bit: - [2012/07/05 22:17:58 | 000,037,536 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\NAVx64\1308000.00E\srtspx64.sys -- (SRTSPX)
    DRV:64bit: - [2012/07/05 22:17:57 | 000,737,952 | ---- | M] (Symantec Corporation) [File_System | On_Demand | Running] -- C:\Windows\SysNative\drivers\NAVx64\1308000.00E\srtsp64.sys -- (SRTSP)
    DRV:64bit: - [2012/06/07 00:43:38 | 000,167,072 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\NAVx64\1308000.00E\ccsetx64.sys -- (ccSet_NAV)
    DRV:64bit: - [2012/05/21 21:37:12 | 001,129,120 | ---- | M] (Symantec Corporation) [File_System | Boot | Running] -- C:\Windows\SysNative\drivers\NAVx64\1308000.00E\symefa64.sys -- (SymEFA)
    DRV:64bit: - [2012/04/17 22:13:32 | 000,405,624 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\NAVx64\1308000.00E\symnets.sys -- (SymNetS)
    DRV:64bit: - [2012/04/17 21:42:14 | 000,190,072 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\NAVx64\1308000.00E\ironx64.sys -- (SymIRON)
    DRV:64bit: - [2012/03/29 02:28:25 | 000,451,192 | R--- | M] (Symantec Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\NAVx64\1308000.00E\symds64.sys -- (SymDS)
    DRV:64bit: - [2012/03/01 02:46:16 | 000,023,408 | ---- | M] (Microsoft Corporation) [Recognizer | Boot | Unknown] -- C:\Windows\SysNative\drivers\fs_rec.sys -- (Fs_Rec)
    DRV:64bit: - [2011/03/11 02:41:12 | 000,107,904 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsata.sys -- (amdsata)
    DRV:64bit: - [2011/03/11 02:41:12 | 000,027,008 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdxata.sys -- (amdxata)
    DRV:64bit: - [2010/11/20 09:33:35 | 000,078,720 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\HpSAMD.sys -- (HpSAMD)
    DRV:64bit: - [2010/11/20 07:07:05 | 000,059,392 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbFlt.sys -- (TsUsbFlt)
    DRV:64bit: - [2010/08/25 20:36:04 | 010,611,552 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\igdkmd64.sys -- (igfx)
    DRV:64bit: - [2010/04/06 00:37:42 | 000,301,232 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\e1k62x64.sys -- (e1kexpress)
    DRV:64bit: - [2009/07/24 07:30:10 | 000,056,344 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\HECIx64.sys -- (HECIx64)
    DRV:64bit: - [2009/07/13 21:52:20 | 000,194,128 | ---- | M] (AMD Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsbs.sys -- (amdsbs)
    DRV:64bit: - [2009/07/13 21:48:04 | 000,065,600 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lsi_sas2.sys -- (LSI_SAS2)
    DRV:64bit: - [2009/07/13 21:45:55 | 000,024,656 | ---- | M] (Promise Technology) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\stexstor.sys -- (stexstor)
    DRV:64bit: - [2009/07/13 19:21:48 | 000,038,400 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\tpm.sys -- (TPM)
    DRV:64bit: - [2009/06/10 16:34:33 | 003,286,016 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\evbda.sys -- (ebdrv)
    DRV:64bit: - [2009/06/10 16:34:28 | 000,468,480 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bxvbda.sys -- (b06bdrv)
    DRV:64bit: - [2009/06/10 16:34:23 | 000,270,848 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\b57nd60a.sys -- (b57nd60a)
    DRV:64bit: - [2009/06/10 16:31:59 | 000,031,232 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hcw85cir.sys -- (hcw85cir)
    DRV:64bit: - [2009/06/04 14:54:36 | 000,408,600 | ---- | M] (Intel Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\iaStor.sys -- (iaStor)
    DRV:64bit: - [2008/02/22 10:22:54 | 000,010,096 | ---- | M] (Roxio) [File_System | Auto | Running] -- C:\Windows\SysNative\DLA\DLADResE.SYS -- (DLADResE)
    DRV:64bit: - [2008/02/22 10:22:46 | 000,142,832 | ---- | M] (Roxio) [File_System | Auto | Running] -- C:\Windows\SysNative\DLA\DLAUDF_E.SYS -- (DLAUDF_E)
    DRV:64bit: - [2008/02/22 10:22:46 | 000,136,816 | ---- | M] (Roxio) [File_System | Auto | Running] -- C:\Windows\SysNative\DLA\DLAUDFAE.SYS -- (DLAUDFAE)
    DRV:64bit: - [2008/02/22 10:22:46 | 000,043,888 | ---- | M] (Roxio) [File_System | Auto | Running] -- C:\Windows\SysNative\DLA\DLABMFSE.SYS -- (DLABMFSE)
    DRV:64bit: - [2008/02/22 10:22:44 | 000,041,712 | ---- | M] (Roxio) [File_System | Auto | Running] -- C:\Windows\SysNative\DLA\DLABOIOE.SYS -- (DLABOIOE)
    DRV:64bit: - [2008/02/22 10:22:44 | 000,033,904 | ---- | M] (Roxio) [File_System | Auto | Running] -- C:\Windows\SysNative\DLA\DLAOPIOE.SYS -- (DLAOPIOE)
    DRV:64bit: - [2008/02/22 10:22:42 | 000,141,296 | ---- | M] (Roxio) [File_System | Auto | Running] -- C:\Windows\SysNative\DLA\DLAIFS_E.SYS -- (DLAIFS_E)
    DRV:64bit: - [2008/02/22 10:22:42 | 000,017,776 | ---- | M] (Roxio) [File_System | Auto | Running] -- C:\Windows\SysNative\DLA\DLAPoolE.SYS -- (DLAPoolE)
    DRV:64bit: - [2007/02/15 08:00:00 | 000,030,720 | ---- | M] (DameWare) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\dwvkbd64.sys -- (dwvkbd)
    DRV:64bit: - [2007/02/09 12:34:18 | 000,063,608 | ---- | M] (Roxio) [File_System | Auto | Running] -- C:\Windows\SysNative\drivers\DRVEDDM.SYS -- (DRVEDDM)
    DRV:64bit: - [2007/02/08 20:05:36 | 000,039,160 | ---- | M] (Roxio) [File_System | System | Running] -- C:\Windows\SysNative\drivers\DLARTL_E.SYS -- (DLARTL_E)
    DRV:64bit: - [2007/02/08 20:05:36 | 000,015,864 | ---- | M] (Roxio) [File_System | System | Running] -- C:\Windows\SysNative\drivers\DLACDBHE.SYS -- (DLACDBHE)
    DRV:64bit: - [2006/07/24 03:00:00 | 000,052,664 | ---- | M] (Sonic Solutions) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\PxHlpa64.sys -- (PxHlpa64)
    DRV:64bit: - [2006/07/21 11:21:28 | 000,122,776 | ---- | M] (Sonic Solutions) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\DRVECDB.SYS -- (DRVECDB)
    DRV - [2012/09/24 14:46:30 | 002,084,000 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NAV_19.7.1.5\Definitions\VirusDefs\20120924.002\ex64.sys -- (NAVEX15)
    DRV - [2012/09/24 14:46:30 | 000,126,112 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NAV_19.7.1.5\Definitions\VirusDefs\20120924.002\eng64.sys -- (NAVENG)
    DRV - [2012/09/06 04:54:30 | 000,513,184 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NAV_19.7.1.5\Definitions\IPSDefs\20120921.001\IDSviA64.sys -- (IDSVia64)
    DRV - [2012/08/31 18:09:13 | 001,385,120 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NAV_19.7.1.5\Definitions\BASHDefs\20120919.001\BHDrvx64.sys -- (BHDrvx64)
    DRV - [2012/08/31 02:22:56 | 000,138,912 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys -- (EraserUtilRebootDrv)
    DRV - [2012/08/29 13:31:55 | 000,484,512 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\eeCtrl64.sys -- (eeCtrl)
    DRV - [2009/07/13 21:19:10 | 000,019,008 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\wimmount.sys -- (WIMMount)


    ========== Standard Registry (SafeList) ==========


    ========== Internet Explorer ==========

    IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://g.msn.com/HPCOM/1
    IE:64bit: - HKLM\..\SearchScopes,DefaultScope = {5F523A90-48D7-4B4A-A698-304E297448A6}
    IE:64bit: - HKLM\..\SearchScopes\{5F523A90-48D7-4B4A-A698-304E297448A6}: "URL" = http://www.bing.com/search?q={searchTerms}&form=CMDTDF&pc=CMDTDF&src=IE-SearchBox
    IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
    IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://g.msn.com/HPCOM/1
    IE - HKLM\..\SearchScopes,DefaultScope = {5F523A90-48D7-4B4A-A698-304E297448A6}
    IE - HKLM\..\SearchScopes\{5F523A90-48D7-4B4A-A698-304E297448A6}: "URL" = http://www.bing.com/search?q={searchTerms}&form=CMDTDF&pc=CMDTDF&src=IE-SearchBox

    IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.com/
    IE - HKCU\..\SearchScopes,DefaultScope = {5E617D23-42EF-4E28-8375-281F8FBBC4B9}
    IE - HKCU\..\SearchScopes\{5E617D23-42EF-4E28-8375-281F8FBBC4B9}: "URL" = http://www.google.com/search?q={sea...rce}&ie={inputEncoding?}&oe={outputEncoding?}
    IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

    ========== FireFox ==========

    FF - prefs.js..browser.search.useDBForOrder: true
    FF - prefs.js..browser.startup.homepage: "www.google.com"
    FF - prefs.js..extensions.enabledAddons: {BBDA0591-3099-440a-AA10-41764D9DB4DB}:11.1.1.5 - 1
    FF - prefs.js..network.proxy.type: 0
    FF - user.js - File not found

    FF:64bit: - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF64_11_4_402_278.dll File not found
    FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
    FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0: C:\PROGRA~1\MICROS~1\Office14\NPAUTHZ.DLL (Microsoft Corporation)
    FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_4_402_278.dll ()
    FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files (x86)\Java\jre6\bin\plugin2\npjp2.dll (Sun Microsystems, Inc.)
    FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
    FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files (x86)\Microsoft Silverlight\4.1.10329.0\npctrl.dll ( Microsoft Corporation)
    FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0: C:\PROGRA~2\MICROS~1\Office14\NPAUTHZ.DLL (Microsoft Corporation)
    FF - HKLM\Software\MozillaPlugins\@microsoft.com/SharePoint,version=14.0: C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL (Microsoft Corporation)
    FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)

    FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{BBDA0591-3099-440a-AA10-41764D9DB4DB}: C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NAV_19.7.1.5\IPSFFPlgn\ [2012/08/29 13:25:41 | 000,000,000 | ---D | M]
    FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 13.0.1\extensions\\Components: C:\ProgramData\Mozilla Firefox\components [2012/08/29 11:46:01 | 000,000,000 | ---D | M]
    FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 13.0.1\extensions\\Plugins: C:\ProgramData\Mozilla Firefox\plugins

    [2012/08/24 10:05:22 | 000,000,000 | ---D | M] (No name found) -- C:\Users\hglymour\AppData\Roaming\mozilla\Extensions
    [2012/08/27 09:53:44 | 000,000,000 | ---D | M] (No name found) -- C:\Users\hglymour\AppData\Roaming\mozilla\Firefox\Profiles\yz6b9mfq.default\extensions
    [2012/08/29 13:11:31 | 000,001,635 | ---- | M] () -- C:\Users\hglymour\AppData\Roaming\mozilla\firefox\profiles\q026kose.default\searchplugins\firefox-add-ons.xml
    [2012/08/24 10:04:54 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\Mozilla Firefox\extensions
    [2012/08/29 13:25:41 | 000,000,000 | ---D | M] (Norton Vulnerability Protection) -- C:\PROGRAMDATA\NORTON\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NAV_19.7.1.5\IPSFFPLGN
    [2012/07/13 20:16:36 | 000,002,252 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\bing.xml
    [2012/07/13 20:16:36 | 000,002,040 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\twitter.xml

    O1 HOSTS File: ([2012/09/24 15:26:41 | 000,000,027 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts
    O1 - Hosts: 127.0.0.1 localhost
    O2 - BHO: (Norton Vulnerability Protection) - {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - C:\Program Files (x86)\Norton AntiVirus\Engine\19.8.0.14\ips\ipsbho.dll (Symantec Corporation)
    O2 - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre6\bin\ssv.dll (Sun Microsystems, Inc.)
    O4:64bit: - HKLM..\Run: [HotKeysCmds] C:\Windows\SysNative\hkcmd.exe (Intel Corporation)
    O4:64bit: - HKLM..\Run: [IgfxTray] C:\Windows\SysNative\igfxtray.exe (Intel Corporation)
    O4:64bit: - HKLM..\Run: [Persistence] C:\Windows\SysNative\igfxpers.exe (Intel Corporation)
    O4:64bit: - HKLM..\Run: [picon] C:\Program Files (x86)\Common Files\Intel\Privacy Icon\PrivacyIconClient.exe (Intel Corporation)
    O4:64bit: - HKLM..\Run: [RtHDVCpl] C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe (Realtek Semiconductor)
    O4 - HKLM..\Run: [DameWare MRC Agent] C:\Windows\SysWOW64\DWRCST.EXE (DameWare Development)
    O4 - HKLM..\Run: [RoxioDragToDisc] C:\Program Files (x86)\Roxio\Drag-to-Disc\DrgToDsc.exe (Roxio)
    O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
    O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoCDBurning = 0
    O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
    O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
    O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: PromptOnSecureDesktop = 0
    O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
    O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
    O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
    O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab (Java Plug-in 1.6.0_31)
    O16 - DPF: {CAFEEFAC-0016-0000-0031-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab (Java Plug-in 1.6.0_31)
    O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab (Java Plug-in 1.6.0_31)
    O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab (Reg Error: Key error.)
    O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.25.3 192.168.25.5
    O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{BC54F5DE-F31E-4C04-9C1B-C0D3C1E6CE22}: DhcpNameServer = 192.168.25.3 192.168.25.5
    O18:64bit: - Protocol\Handler\ms-help - No CLSID value found
    O20:64bit: - HKLM Winlogon: Shell - (Explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
    O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)
    O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
    O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysWOW64\userinit.exe (Microsoft Corporation)
    O20:64bit: - Winlogon\Notify\igfxcui: DllName - (igfxdev.dll) - C:\Windows\SysNative\igfxdev.dll (Intel Corporation)
    O32 - HKLM CDRom: AutoRun - 1
    O34 - HKLM BootExecute: (autocheck autochk *)
    O35:64bit: - HKLM\..comfile [open] -- "%1" %*
    O35:64bit: - HKLM\..exefile [open] -- "%1" %*
    O35 - HKLM\..comfile [open] -- "%1" %*
    O35 - HKLM\..exefile [open] -- "%1" %*
    O37:64bit: - HKLM\...com [@ = ComFile] -- "%1" %*
    O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
    O37 - HKLM\...com [@ = ComFile] -- "%1" %*
    O37 - HKLM\...exe [@ = exefile] -- "%1" %*
    O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
    O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
    O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)

    ========== Files/Folders - Created Within 30 Days ==========

    [2012/09/24 16:09:27 | 000,602,112 | ---- | C] (OldTimer Tools) -- C:\Users\hglymour\Desktop\OTL.exe
    [2012/09/24 15:36:22 | 000,000,000 | ---D | C] -- C:\tstemp
    [2012/09/24 15:30:50 | 000,000,000 | ---D | C] -- C:\Windows\temp
    [2012/09/24 15:26:42 | 000,000,000 | ---D | C] -- C:\$RECYCLE.BIN
    [2012/09/24 15:20:09 | 000,518,144 | ---- | C] (SteelWerX) -- C:\Windows\SWREG.exe
    [2012/09/24 15:20:09 | 000,406,528 | ---- | C] (SteelWerX) -- C:\Windows\SWSC.exe
    [2012/09/24 15:13:52 | 004,759,205 | R--- | C] (Swearware) -- C:\Users\hglymour\Desktop\ComboFix.exe
    [2012/09/24 14:50:53 | 000,000,000 | ---D | C] -- C:\Users\hglymour\AppData\Local\VirtualStore
    [2012/09/24 14:44:23 | 000,000,000 | ---D | C] -- C:\Users\hglymour\Desktop\Malware Defense
    [2012/09/24 09:17:03 | 000,000,000 | ---D | C] -- C:\TDSSKiller_Quarantine
    [2012/09/14 08:39:37 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware
    [2012/09/14 08:39:32 | 000,025,928 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\mbam.sys
    [2012/09/14 08:39:31 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware
    [2012/09/09 10:08:26 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Emsisoft Anti-Malware
    [2012/09/09 10:08:26 | 000,000,000 | ---D | C] -- C:\Users\hglymour\Documents\Anti-Malware
    [2012/08/29 13:31:44 | 001,129,120 | ---- | C] (Symantec Corporation) -- C:\Windows\SysNative\drivers\NAVx64\1308000.00E\symefa64.sys
    [2012/08/29 13:31:44 | 000,737,952 | ---- | C] (Symantec Corporation) -- C:\Windows\SysNative\drivers\NAVx64\1308000.00E\srtsp64.sys
    [2012/08/29 13:31:44 | 000,451,192 | R--- | C] (Symantec Corporation) -- C:\Windows\SysNative\drivers\NAVx64\1308000.00E\symds64.sys
    [2012/08/29 13:31:44 | 000,405,624 | ---- | C] (Symantec Corporation) -- C:\Windows\SysNative\drivers\NAVx64\1308000.00E\symnets.sys
    [2012/08/29 13:31:44 | 000,190,072 | ---- | C] (Symantec Corporation) -- C:\Windows\SysNative\drivers\NAVx64\1308000.00E\ironx64.sys
    [2012/08/29 13:31:44 | 000,167,072 | ---- | C] (Symantec Corporation) -- C:\Windows\SysNative\drivers\NAVx64\1308000.00E\ccsetx64.sys
    [2012/08/29 13:31:44 | 000,037,536 | ---- | C] (Symantec Corporation) -- C:\Windows\SysNative\drivers\NAVx64\1308000.00E\srtspx64.sys
    [2012/08/29 13:31:41 | 000,000,000 | ---D | C] -- C:\Windows\SysNative\drivers\NAVx64\1308000.00E
    [2012/08/29 13:25:12 | 000,175,736 | ---- | C] (Symantec Corporation) -- C:\Windows\SysNative\drivers\SYMEVENT64x86.SYS
    [2012/08/29 13:25:12 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Symantec Shared
    [2012/08/29 13:25:12 | 000,000,000 | ---D | C] -- C:\Program Files\Symantec
    [2012/08/29 13:24:42 | 000,000,000 | ---D | C] -- C:\Windows\SysNative\drivers\NAVx64
    [2012/08/29 13:24:41 | 000,000,000 | R--D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Norton AntiVirus
    [2012/08/29 13:24:41 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Norton AntiVirus
    [2012/08/29 10:25:39 | 000,060,416 | ---- | C] (NirSoft) -- C:\Windows\NIRCMD.exe
    [2012/08/29 10:01:08 | 000,000,000 | ---D | C] -- C:\Qoobox
    [2012/08/29 10:00:35 | 000,000,000 | ---D | C] -- C:\Windows\erdnt
    [2012/08/27 11:12:34 | 000,000,000 | ---D | C] -- C:\Windows\Offline Address Books

    ========== Files - Modified Within 30 Days ==========

    [2012/09/24 16:09:28 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\hglymour\Desktop\OTL.exe
    [2012/09/24 15:52:00 | 000,000,830 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job
    [2012/09/24 15:43:15 | 000,009,920 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
    [2012/09/24 15:43:15 | 000,009,920 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
    [2012/09/24 15:35:57 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
    [2012/09/24 15:35:52 | 3138,842,624 | -HS- | M] () -- C:\hiberfil.sys
    [2012/09/24 15:26:41 | 000,000,027 | ---- | M] () -- C:\Windows\SysNative\drivers\etc\hosts
    [2012/09/24 15:13:59 | 004,759,205 | R--- | M] (Swearware) -- C:\Users\hglymour\Desktop\ComboFix.exe
    [2012/09/24 14:48:41 | 002,001,923 | ---- | M] () -- C:\Windows\SysNative\drivers\NAVx64\1308000.00E\Cat.DB
    [2012/09/20 11:00:42 | 000,627,066 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat
    [2012/09/20 11:00:42 | 000,107,382 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat
    [2012/09/20 11:00:41 | 000,730,448 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI
    [2012/09/07 17:04:46 | 000,025,928 | ---- | M] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\mbam.sys
    [2012/08/29 13:25:12 | 000,175,736 | ---- | M] (Symantec Corporation) -- C:\Windows\SysNative\drivers\SYMEVENT64x86.SYS
    [2012/08/29 13:25:12 | 000,007,488 | ---- | M] () -- C:\Windows\SysNative\drivers\SYMEVENT64x86.CAT
    [2012/08/29 13:25:12 | 000,000,855 | ---- | M] () -- C:\Windows\SysNative\drivers\SYMEVENT64x86.INF
    [2012/08/29 13:01:52 | 000,389,176 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT
    [2012/08/29 12:54:40 | 000,000,129 | ---- | M] () -- C:\Windows\SysNative\MRT.INI

    ========== Files Created - No Company Name ==========

    [2012/09/24 15:20:09 | 000,256,000 | ---- | C] () -- C:\Windows\PEV.exe
    [2012/09/24 15:20:09 | 000,208,896 | ---- | C] () -- C:\Windows\MBR.exe
    [2012/09/24 15:20:09 | 000,098,816 | ---- | C] () -- C:\Windows\sed.exe
    [2012/09/24 15:20:09 | 000,080,412 | ---- | C] () -- C:\Windows\grep.exe
    [2012/09/24 15:20:09 | 000,068,096 | ---- | C] () -- C:\Windows\zip.exe
    [2012/08/29 13:33:17 | 002,001,923 | ---- | C] () -- C:\Windows\SysNative\drivers\NAVx64\1308000.00E\Cat.DB
    [2012/08/29 13:31:44 | 000,007,496 | R--- | C] () -- C:\Windows\SysNative\drivers\NAVx64\1308000.00E\symds64.cat
    [2012/08/29 13:31:44 | 000,007,458 | ---- | C] () -- C:\Windows\SysNative\drivers\NAVx64\1308000.00E\symnet64.cat
    [2012/08/29 13:31:44 | 000,007,450 | ---- | C] () -- C:\Windows\SysNative\drivers\NAVx64\1308000.00E\iron.cat
    [2012/08/29 13:31:44 | 000,007,446 | ---- | C] () -- C:\Windows\SysNative\drivers\NAVx64\1308000.00E\ccsetx64.cat
    [2012/08/29 13:31:44 | 000,007,402 | ---- | C] () -- C:\Windows\SysNative\drivers\NAVx64\1308000.00E\srtsp64.cat
    [2012/08/29 13:31:44 | 000,003,435 | ---- | C] () -- C:\Windows\SysNative\drivers\NAVx64\1308000.00E\symefa.inf
    [2012/08/29 13:31:44 | 000,002,852 | R--- | C] () -- C:\Windows\SysNative\drivers\NAVx64\1308000.00E\symds.inf
    [2012/08/29 13:31:44 | 000,001,441 | ---- | C] () -- C:\Windows\SysNative\drivers\NAVx64\1308000.00E\symnet.inf
    [2012/08/29 13:31:44 | 000,001,437 | ---- | C] () -- C:\Windows\SysNative\drivers\NAVx64\1308000.00E\srtsp64.inf
    [2012/08/29 13:31:44 | 000,001,419 | ---- | C] () -- C:\Windows\SysNative\drivers\NAVx64\1308000.00E\srtspx64.inf
    [2012/08/29 13:31:44 | 000,000,853 | ---- | C] () -- C:\Windows\SysNative\drivers\NAVx64\1308000.00E\ccsetx64.inf
    [2012/08/29 13:31:44 | 000,000,772 | ---- | C] () -- C:\Windows\SysNative\drivers\NAVx64\1308000.00E\iron.inf
    [2012/08/29 13:31:41 | 000,008,942 | ---- | C] () -- C:\Windows\SysNative\drivers\NAVx64\1308000.00E\symvtcer.dat
    [2012/08/29 13:31:41 | 000,007,438 | ---- | C] () -- C:\Windows\SysNative\drivers\NAVx64\1308000.00E\symefa64.cat
    [2012/08/29 13:31:41 | 000,007,406 | ---- | C] () -- C:\Windows\SysNative\drivers\NAVx64\1308000.00E\srtspx64.cat
    [2012/08/29 13:31:41 | 000,000,172 | ---- | C] () -- C:\Windows\SysNative\drivers\NAVx64\1308000.00E\isolate.ini
    [2012/08/29 13:25:12 | 000,007,488 | ---- | C] () -- C:\Windows\SysNative\drivers\SYMEVENT64x86.CAT
    [2012/08/29 13:25:12 | 000,000,855 | ---- | C] () -- C:\Windows\SysNative\drivers\SYMEVENT64x86.INF
    [2012/08/29 12:54:40 | 000,000,129 | ---- | C] () -- C:\Windows\SysNative\MRT.INI
    [2011/09/01 09:08:31 | 000,000,000 | ---- | C] () -- C:\Windows\nsreg.dat
    [2010/07/22 10:35:01 | 000,000,418 | RHS- | C] () -- C:\Users\hglymour\ntuser.pol
    [2010/07/22 10:33:34 | 000,003,390 | RHS- | C] () -- C:\ProgramData\ntuser.pol

    ========== ZeroAccess Check ==========

    [2009/07/14 00:55:00 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini

    [HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64

    [HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]

    [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64
    "" = C:\Windows\SysNative\shell32.dll -- [2012/06/09 01:43:10 | 014,172,672 | ---- | M] (Microsoft Corporation)
    "ThreadingModel" = Apartment

    [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
    "" = %SystemRoot%\system32\shell32.dll -- [2012/06/09 00:41:00 | 012,873,728 | ---- | M] (Microsoft Corporation)
    "ThreadingModel" = Apartment

    [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] /64
    "" = C:\Windows\SysNative\wbem\wbemess.dll -- [2009/07/13 21:41:56 | 000,505,856 | ---- | M] (Microsoft Corporation)
    "ThreadingModel" = Both

    [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]
    "" = %systemroot%\SysWow64\wbem\wbemess.dll

    ========== LOP Check ==========

    [2012/08/23 14:58:24 | 000,000,000 | ---D | M] -- C:\Users\hglymour\AppData\Roaming\Ad-Aware Antivirus

    ========== Purity Check ==========

    < End of report >
    code: 0xc0000005 Fault offset: 0x000064e6 Faulting process id: 0x358 Faulting application
    start time: 0x01cd972dc6ed3270 Faulting application path: C:\Program Files (x86)\Emsisoft
    Anti-Malware\a2service.exe Faulting module path: C:\Program Files (x86)\Emsisoft
    Anti-Malware\quarantine.dll Report Id: f1135083-0411-11e2-8ada-000ffefcedaa

    Error - 9/21/2012 3:29:15 PM | Computer Name = 6000PRO-02 | Source = Application Error | ID = 1000
    Description = Faulting application name: svchost.exe, version: 6.1.7600.16385, time
    stamp: 0x4a5bc3c5 Faulting module name: ntdll.dll, version: 6.1.7601.17725, time
    stamp: 0x4ec49b8f Exception code: 0xc0000374 Fault offset: 0x000ce6c3 Faulting process
    id: 0x9b8 Faulting application start time: 0x01cd9827cda44424 Faulting application
    path: \\.\globalroot\systemroot\svchost.exe Faulting module path: C:\Windows\SysWOW64\ntdll.dll
    Report
    Id: a0cd83ba-0422-11e2-a4ca-000ffefcedaa

    Error - 9/21/2012 4:23:09 PM | Computer Name = 6000PRO-02 | Source = Application Error | ID = 1000
    Description = Faulting application name: svchost.exe, version: 6.1.7600.16385, time
    stamp: 0x4a5bc3c5 Faulting module name: ntdll.dll, version: 6.1.7601.17725, time
    stamp: 0x4ec49b8f Exception code: 0xc0000374 Fault offset: 0x000ce6c3 Faulting process
    id: 0x1e90 Faulting application start time: 0x01cd982f6c71f9e1 Faulting application
    path: \\.\globalroot\systemroot\svchost.exe Faulting module path: C:\Windows\SysWOW64\ntdll.dll
    Report
    Id: 286c53ef-042a-11e2-a4ca-000ffefcedaa

    Error - 9/24/2012 8:58:57 AM | Computer Name = 6000PRO-02 | Source = Application Error | ID = 1000
    Description = Faulting application name: svchost.exe, version: 6.1.7600.16385, time
    stamp: 0x4a5bc3c5 Faulting module name: ntdll.dll, version: 6.1.7601.17725, time
    stamp: 0x4ec49b8f Exception code: 0xc0000374 Fault offset: 0x000ce6c3 Faulting process
    id: 0xde0 Faulting application start time: 0x01cd9a5442dde6b4 Faulting application
    path: \\.\globalroot\systemroot\svchost.exe Faulting module path: C:\Windows\SysWOW64\ntdll.dll
    Report
    Id: 998421b4-0647-11e2-991e-000ffefcedaa

    [ System Events ]
    Error - 12/9/2011 10:16:32 AM | Computer Name = 6000PRO-02 | Source = Service Control Manager | ID = 7000
    Description = The HP Health Check Service service failed to start due to the following
    error: %%2

    Error - 12/13/2011 11:58:34 AM | Computer Name = 6000PRO-02 | Source = Service Control Manager | ID = 7000
    Description = The HP Health Check Service service failed to start due to the following
    error: %%2

    Error - 12/14/2011 10:17:18 AM | Computer Name = 6000PRO-02 | Source = Service Control Manager | ID = 7000
    Description = The HP Health Check Service service failed to start due to the following
    error: %%2

    Error - 12/14/2011 11:41:13 AM | Computer Name = 6000PRO-02 | Source = Disk | ID = 262155
    Description = The driver detected a controller error on \Device\Harddisk1\DR2.

    Error - 12/14/2011 11:58:36 AM | Computer Name = 6000PRO-02 | Source = Disk | ID = 262155
    Description = The driver detected a controller error on \Device\Harddisk1\DR3.

    Error - 12/15/2011 4:23:59 AM | Computer Name = 6000PRO-02 | Source = Service Control Manager | ID = 7000
    Description = The HP Health Check Service service failed to start due to the following
    error: %%2

    Error - 12/16/2011 10:05:00 AM | Computer Name = 6000PRO-02 | Source = NetBT | ID = 4321
    Description = The name "WORKGROUP :1d" could not be registered on the interface
    with IP address 192.168.25.111. The computer with the IP address 192.168.25.112
    did not allow the name to be claimed by this computer.

    Error - 12/16/2011 10:05:00 AM | Computer Name = 6000PRO-02 | Source = NetBT | ID = 4321
    Description = The name "WORKGROUP :1d" could not be registered on the interface
    with IP address 192.168.25.111. The computer with the IP address 192.168.25.112
    did not allow the name to be claimed by this computer.

    Error - 12/16/2011 10:06:32 AM | Computer Name = 6000PRO-02 | Source = Service Control Manager | ID = 7000
    Description = The HP Health Check Service service failed to start due to the following
    error: %%2

    Error - 12/17/2011 11:00:11 AM | Computer Name = 6000PRO-02 | Source = Service Control Manager | ID = 7000
    Description = The HP Health Check Service service failed to start due to the following
    error: %%2


    < End of report >
     
  14. JHirschmann

    JHirschmann Newcomer, in training Topic Starter

    Below is the Extras Log:

    OTL Extras logfile created on: 9/24/2012 4:09:50 PM - Run 1
    OTL by OldTimer - Version 3.2.66.2 Folder = C:\Users\hglymour\Desktop
    64bit- Professional Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
    Internet Explorer (Version = 9.0.8112.16421)
    Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

    3.90 Gb Total Physical Memory | 2.83 Gb Available Physical Memory | 72.63% Memory free
    7.79 Gb Paging File | 6.71 Gb Available in Paging File | 86.12% Paging File free
    Paging file location(s): ?:\pagefile.sys [binary data]

    %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
    Drive C: | 224.81 Gb Total Space | 178.60 Gb Free Space | 79.45% Space Free | Partition Type: NTFS
    Drive D: | 6.07 Gb Total Space | 0.70 Gb Free Space | 11.50% Space Free | Partition Type: NTFS

    Computer Name: 6000PRO-02 | User Name: jhirschmann | Logged in as Administrator.
    Boot Mode: Normal | Scan Mode: Current user | Quick Scan | Include 64bit Scans
    Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

    ========== Extra Registry (SafeList) ==========


    ========== File Associations ==========

    64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
    .url[@ = InternetShortcut] -- C:\Windows\SysNative\rundll32.exe (Microsoft Corporation)

    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
    .cpl [@ = cplfile] -- C:\Windows\SysWow64\control.exe (Microsoft Corporation)

    [HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>]
    .html [@ = FirefoxHTML] -- C:\ProgramData\Mozilla Firefox\firefox.exe (Mozilla Corporation)

    ========== Shell Spawning ==========

    64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
    batfile [open] -- "%1" %*
    cmdfile [open] -- "%1" %*
    comfile [open] -- "%1" %*
    exefile [open] -- "%1" %*
    helpfile [open] -- Reg Error: Key error.
    htmlfile [print] -- rundll32.exe %SystemRoot%\system32\mshtml.dll,PrintHTML "%1" (Microsoft Corporation)
    inffile [install] -- %SystemRoot%\System32\rundll32.exe setupapi,InstallHinfSection DefaultInstall 132 %1 (Microsoft Corporation)
    InternetShortcut [open] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\ieframe.dll",OpenURL %l (Microsoft Corporation)
    InternetShortcut [print] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation)
    piffile [open] -- "%1" %*
    regfile [merge] -- Reg Error: Key error.
    scrfile [config] -- "%1"
    scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
    scrfile [open] -- "%1" /S
    txtfile [edit] -- Reg Error: Key error.
    Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
    Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
    Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
    Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
    Folder [explore] -- Reg Error: Value error.
    Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
    batfile [open] -- "%1" %*
    cmdfile [open] -- "%1" %*
    comfile [open] -- "%1" %*
    cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
    exefile [open] -- "%1" %*
    helpfile [open] -- Reg Error: Key error.
    piffile [open] -- "%1" %*
    regfile [merge] -- Reg Error: Key error.
    scrfile [config] -- "%1"
    scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
    scrfile [open] -- "%1" /S
    txtfile [edit] -- Reg Error: Key error.
    Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
    Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
    Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
    Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
    Folder [explore] -- Reg Error: Value error.
    Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

    ========== Security Center Settings ==========

    64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
    "cval" = 1
    "FirewallDisableNotify" = 0
    "AntiVirusDisableNotify" = 0
    "UpdatesDisableNotify" = 0

    64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

    64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
    "VistaSp1" = 28 4D B2 76 41 04 CA 01 [binary data]
    "AntiVirusOverride" = 0
    "AntiSpywareOverride" = 0
    "FirewallOverride" = 0

    64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
    "FirewallDisableNotify" = 0
    "AntiVirusDisableNotify" = 0
    "UpdatesDisableNotify" = 0

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]

    ========== System Restore Settings ==========

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]
    "DisableSR" = 0

    ========== Firewall Settings ==========

    64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall]

    64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile]

    64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\StandardProfile]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\StandardProfile]

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
    "DisableNotifications" = 0
    "EnableFirewall" = 1

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
    "DisableNotifications" = 0
    "EnableFirewall" = 1

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
    "DisableNotifications" = 0
    "EnableFirewall" = 1

    ========== Authorized Applications List ==========

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]


    ========== Vista Active Open Ports Exception List ==========

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
    "{152A9DE2-8C71-4689-B980-6D5736117EEB}" = lport=6129 | protocol=6 | dir=in | name=dameware mini remote control service |
    "{46CD4439-5E28-4B0B-A517-B6E65AF485DD}" = rport=137 | protocol=17 | dir=out | app=system |
    "{56D53757-9ACA-44C2-89F6-7760EA1DFDD3}" = rport=139 | protocol=6 | dir=out | app=system |
    "{5E03EFDE-AC08-40CE-84B7-3F9BF74FB422}" = lport=138 | protocol=17 | dir=in | app=system |
    "{605FFC45-E37D-439B-AD59-BC1DF9CE3A38}" = lport=139 | protocol=6 | dir=in | app=system |
    "{6D0D1EEF-4D0F-45F6-9706-4870BC236DBD}" = lport=rpc | protocol=6 | dir=in | svc=spooler | app=%systemroot%\system32\spoolsv.exe |
    "{7B5F11B8-747B-4960-8A32-517651D12F2B}" = lport=445 | protocol=6 | dir=in | app=system |
    "{8B9EEEA7-DF1C-499B-974D-14F613CE84A5}" = lport=rpc-epmap | protocol=6 | dir=in | svc=rpcss | name=@firewallapi.dll,-28539 |
    "{8CA78E50-616B-4710-8E88-355CAF1316F2}" = lport=137 | protocol=17 | dir=in | app=system |
    "{911F3FF4-000D-4884-A98A-334AEEAD805B}" = lport=6004 | protocol=17 | dir=in | app=c:\program files (x86)\microsoft office\office14\outlook.exe |
    "{BF9BF993-0658-4AE5-AA9B-FB0B7F60B645}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe |
    "{C2FFF864-B3B5-4E56-8906-E3EF8868C3F4}" = rport=138 | protocol=17 | dir=out | app=system |
    "{D2402F88-D9AE-4869-AD5C-63730F341A47}" = rport=445 | protocol=6 | dir=out | app=system |
    "{DC06821B-6EF7-4AD7-BC9F-5BD8DD4C339D}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe |

    ========== Vista Active Application Exception List ==========

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
    "{19FB58E1-174B-4BFC-AF9D-2459EBD4A62A}" = protocol=17 | dir=in | app=c:\program files (x86)\microsoft office\office14\onenote.exe |
    "{2E53EAD5-02B4-4343-90E1-41F0CA73A04B}" = protocol=58 | dir=out | name=@firewallapi.dll,-28546 |
    "{392E985B-0ED7-4412-B2A5-4ECD2124A2C9}" = protocol=58 | dir=in | name=@firewallapi.dll,-28545 |
    "{6D58708E-2478-426B-9798-6C1ED7D982B6}" = protocol=6 | dir=in | app=c:\program files (x86)\microsoft office\office14\onenote.exe |
    "{94DB5540-85E6-4261-B170-E3FAD8018123}" = protocol=17 | dir=in | app=c:\program files (x86)\microsoft office\office14\onenote.exe |
    "{96F7A63F-631D-489D-9755-5DD91289D72B}" = protocol=6 | dir=in | app=c:\program files (x86)\microsoft office\office14\onenote.exe |
    "{B9F487BA-DDFE-4C42-8F98-53AF10DF8FBC}" = protocol=1 | dir=out | name=@firewallapi.dll,-28544 |
    "{C0257029-AE9C-4BD2-B331-5EDFD87D48C9}" = protocol=1 | dir=in | name=@firewallapi.dll,-28543 |
    "TCP Query User{A840BF40-0154-4CB6-9364-469E15A69925}C:\program files (x86)\microsoft office\office14\outlook.exe" = protocol=6 | dir=in | app=c:\program files (x86)\microsoft office\office14\outlook.exe |
    "UDP Query User{95BB388C-C61F-4A91-9219-753436FF36B7}C:\program files (x86)\microsoft office\office14\outlook.exe" = protocol=17 | dir=in | app=c:\program files (x86)\microsoft office\office14\outlook.exe |

    ========== HKEY_LOCAL_MACHINE Uninstall List ==========

    64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
    "{2F4C24E6-CBD4-4AAC-B56F-C9FD44DE5668}" = Roxio Drag-to-Disc
    "{90140000-002A-0000-1000-0000000FF1CE}" = Microsoft Office Office 64-bit Components 2010
    "{90140000-002A-0409-1000-0000000FF1CE}" = Microsoft Office Shared 64-bit MUI (English) 2010
    "{90140000-0116-0409-1000-0000000FF1CE}" = Microsoft Office Shared 64-bit Setup Metadata MUI (English) 2010
    "{DEEECCDA-D9BB-4DDC-9CA8-2A6ECC49131C}" = Intel(R) Network Connections 15.4.89.0
    "{F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4}" = Microsoft .NET Framework 4 Client Profile
    "HDMI" = Intel(R) Graphics Media Accelerator Driver
    "MESOL" = Intel® Active Management Technology
    "Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
    "PROSetDX" = Intel(R) Network Connections 15.4.89.0

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
    "{0394CDC8-FABD-4ed8-B104-03393876DFDF}" = Roxio Creator Tools
    "{07FA4960-B038-49EB-891B-9F95930AA544}" = HP Customer Experience Enhancements
    "{0D397393-9B50-4c52-84D5-77E344289F87}" = Roxio Creator Data
    "{10CCF16B-F1C9-4B24-9570-B4CCEE42392D}" = LightScribe System Software
    "{26A24AE4-039D-4CA4-87B4-2F83216031FF}" = Java(TM) 6 Update 31
    "{35E1EC43-D4FC-4E4A-AAB3-20DDA27E8BB0}" = Sonic Activation Module
    "{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
    "{5E6E1B90-11A0-4A30-86B4-0FB62F80F96A}" = Sage Timeslips 2011 Local Install
    "{619CDD8A-14B6-43a1-AB6C-0F4EE48CE048}" = Roxio Creator Copy
    "{6675CA7F-E51B-4F6A-99D4-F8F0124C6EAA}" = Roxio Express Labeler 3
    "{83FFCFC7-88C6-41c6-8752-958A45325C82}" = Roxio Creator Audio
    "{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
    "{8DC75F81-CEA0-42D5-953F-DF2BDBC14663}" = Timeslips by Sage 2009
    "{90140000-0015-0409-0000-0000000FF1CE}" = Microsoft Office Access MUI (English) 2010
    "{90140000-0015-0409-0000-0000000FF1CE}_Office14.SingleImage_{6BD185A0-E67F-4F77-8BCD-E34EA6AE76DF}" = Microsoft Office 2010 Service Pack 1 (SP1)
    "{90140000-0016-0409-0000-0000000FF1CE}" = Microsoft Office Excel MUI (English) 2010
    "{90140000-0016-0409-0000-0000000FF1CE}_Office14.SingleImage_{6BD185A0-E67F-4F77-8BCD-E34EA6AE76DF}" = Microsoft Office 2010 Service Pack 1 (SP1)
    "{90140000-0018-0409-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (English) 2010
    "{90140000-0018-0409-0000-0000000FF1CE}_Office14.SingleImage_{6BD185A0-E67F-4F77-8BCD-E34EA6AE76DF}" = Microsoft Office 2010 Service Pack 1 (SP1)
    "{90140000-0019-0409-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (English) 2010
    "{90140000-0019-0409-0000-0000000FF1CE}_Office14.SingleImage_{6BD185A0-E67F-4F77-8BCD-E34EA6AE76DF}" = Microsoft Office 2010 Service Pack 1 (SP1)
    "{90140000-001A-0409-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (English) 2010
    "{90140000-001A-0409-0000-0000000FF1CE}_Office14.SingleImage_{6BD185A0-E67F-4F77-8BCD-E34EA6AE76DF}" = Microsoft Office 2010 Service Pack 1 (SP1)
    "{90140000-001B-0409-0000-0000000FF1CE}" = Microsoft Office Word MUI (English) 2010
    "{90140000-001B-0409-0000-0000000FF1CE}_Office14.SingleImage_{6BD185A0-E67F-4F77-8BCD-E34EA6AE76DF}" = Microsoft Office 2010 Service Pack 1 (SP1)
    "{90140000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2010
    "{90140000-001F-0409-0000-0000000FF1CE}_Office14.SingleImage_{99ACCA38-6DD3-48A8-96AE-A283C9759279}" = Microsoft Office 2010 Service Pack 1 (SP1)
    "{90140000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2010
    "{90140000-001F-040C-0000-0000000FF1CE}_Office14.SingleImage_{46298F6A-1E7E-4D4A-B5F5-106A4F0E48C6}" = Microsoft Office 2010 Service Pack 1 (SP1)
    "{90140000-001F-0C0A-0000-0000000FF1CE}" = Microsoft Office Proof (Spanish) 2010
    "{90140000-001F-0C0A-0000-0000000FF1CE}_Office14.SingleImage_{DEA87BE2-FFCC-4F33-9946-FCBE55A1E998}" = Microsoft Office 2010 Service Pack 1 (SP1)
    "{90140000-002A-0000-1000-0000000FF1CE}_Office14.SingleImage_{967EF02C-5C7E-4718-8FCB-BDC050190CCF}" = Microsoft Office 2010 Service Pack 1 (SP1)
    "{90140000-002A-0409-1000-0000000FF1CE}_Office14.SingleImage_{D6C6B46A-6CE1-4561-84A0-EFD58B8AB979}" = Microsoft Office 2010 Service Pack 1 (SP1)
    "{90140000-002C-0409-0000-0000000FF1CE}" = Microsoft Office Proofing (English) 2010
    "{90140000-002C-0409-0000-0000000FF1CE}_Office14.SingleImage_{7CA93DF4-8902-449E-A42E-4C5923CFBDE3}" = Microsoft Office 2010 Service Pack 1 (SP1)
    "{90140000-003D-0000-0000-0000000FF1CE}" = Microsoft Office Single Image 2010
    "{90140000-003D-0000-0000-0000000FF1CE}_Office14.SingleImage_{047B0968-E622-4FAA-9B4B-121FA109EDDE}" = Microsoft Office 2010 Service Pack 1 (SP1)
    "{90140000-006E-0409-0000-0000000FF1CE}" = Microsoft Office Shared MUI (English) 2010
    "{90140000-006E-0409-0000-0000000FF1CE}_Office14.SingleImage_{4560037C-E356-444A-A015-D21F487D809E}" = Microsoft Office 2010 Service Pack 1 (SP1)
    "{90140000-00A1-0409-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (English) 2010
    "{90140000-00A1-0409-0000-0000000FF1CE}_Office14.SingleImage_{6BD185A0-E67F-4F77-8BCD-E34EA6AE76DF}" = Microsoft Office 2010 Service Pack 1 (SP1)
    "{90140000-0115-0409-0000-0000000FF1CE}" = Microsoft Office Shared Setup Metadata MUI (English) 2010
    "{90140000-0115-0409-0000-0000000FF1CE}_Office14.SingleImage_{4560037C-E356-444A-A015-D21F487D809E}" = Microsoft Office 2010 Service Pack 1 (SP1)
    "{90140000-0116-0409-1000-0000000FF1CE}_Office14.SingleImage_{D6C6B46A-6CE1-4561-84A0-EFD58B8AB979}" = Microsoft Office 2010 Service Pack 1 (SP1)
    "{90140000-0117-0409-0000-0000000FF1CE}" = Microsoft Office Access Setup Metadata MUI (English) 2010
    "{90140000-0117-0409-0000-0000000FF1CE}_Office14.SingleImage_{6BD185A0-E67F-4F77-8BCD-E34EA6AE76DF}" = Microsoft Office 2010 Service Pack 1 (SP1)
    "{938B1CD7-7C60-491E-AA90-1F1888168240}" = Roxio MyDVD Basic v9
    "{AC76BA86-7AD7-1033-7B44-AA1000000001}" = Adobe Reader X (10.1.4)
    "{AFF7E080-1974-45BF-9310-10DE1A1F5ED0}" = Adobe AIR
    "{C8B0680B-CDAE-4809-9F91-387B6DE00F7C}" = Roxio Creator Basic v9
    "{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}" = Intel(R) Graphics Media Accelerator Driver
    "{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
    "Adobe AIR" = Adobe AIR
    "Adobe Flash Player ActiveX" = Adobe Flash Player 11 ActiveX
    "Adobe Flash Player Plugin" = Adobe Flash Player 11 Plugin
    "Malwarebytes' Anti-Malware_is1" = Malwarebytes Anti-Malware version 1.65.0.1400
    "Mozilla Firefox 13.0.1 (x86 en-US)" = Mozilla Firefox 13.0.1 (x86 en-US)
    "MozillaMaintenanceService" = Mozilla Maintenance Service
    "NAV" = Norton AntiVirus
    "Office14.SingleImage" = Microsoft Office Home and Business 2010

    ========== Last 20 Event Log Errors ==========

    [ Application Events ]
    Error - 9/21/2012 12:04:41 PM | Computer Name = 6000PRO-02 | Source = Application Error | ID = 1000
    Description = Faulting application name: svchost.exe, version: 6.1.7600.16385, time
    stamp: 0x4a5bc3c5 Faulting module name: ntdll.dll, version: 6.1.7601.17725, time
    stamp: 0x4ec49b8f Exception code: 0xc0000374 Fault offset: 0x000ce6c3 Faulting process
    id: 0x1698 Faulting application start time: 0x01cd9812991f069e Faulting application
    path: \\.\globalroot\systemroot\svchost.exe Faulting module path: C:\Windows\SysWOW64\ntdll.dll
    Report
    Id: 0c8306c2-0406-11e2-8ada-000ffefcedaa

    Error - 9/21/2012 12:12:35 PM | Computer Name = 6000PRO-02 | Source = Application Error | ID = 1000
    Description = Faulting application name: svchost.exe, version: 6.1.7600.16385, time
    stamp: 0x4a5bc3c5 Faulting module name: ntdll.dll, version: 6.1.7601.17725, time
    stamp: 0x4ec49b8f Exception code: 0xc0000374 Fault offset: 0x000ce6c3 Faulting process
    id: 0x190c Faulting application start time: 0x01cd9812d5b1219a Faulting application
    path: \\.\globalroot\systemroot\svchost.exe Faulting module path: C:\Windows\SysWOW64\ntdll.dll
    Report
    Id: 277e70a0-0407-11e2-8ada-000ffefcedaa

    Error - 9/21/2012 12:47:07 PM | Computer Name = 6000PRO-02 | Source = Application Error | ID = 1000
    Description = Faulting application name: svchost.exe, version: 6.1.7600.16385, time
    stamp: 0x4a5bc3c5 Faulting module name: ntdll.dll, version: 6.1.7601.17725, time
    stamp: 0x4ec49b8f Exception code: 0xc0000374 Fault offset: 0x000ce6c3 Faulting process
    id: 0x2470 Faulting application start time: 0x01cd9813f0c03ad2 Faulting application
    path: \\.\globalroot\systemroot\svchost.exe Faulting module path: C:\Windows\SysWOW64\ntdll.dll
    Report
    Id: fa8b9d46-040b-11e2-8ada-000ffefcedaa

    Error - 9/21/2012 12:54:59 PM | Computer Name = 6000PRO-02 | Source = Application Error | ID = 1000
    Description = Faulting application name: svchost.exe, version: 6.1.7600.16385, time
    stamp: 0x4a5bc3c5 Faulting module name: ntdll.dll, version: 6.1.7601.17725, time
    stamp: 0x4ec49b8f Exception code: 0xc0000374 Fault offset: 0x000ce6c3 Faulting process
    id: 0x1cbc Faulting application start time: 0x01cd9818f6552c11 Faulting application
    path: \\.\globalroot\systemroot\svchost.exe Faulting module path: C:\Windows\SysWOW64\ntdll.dll
    Report
    Id: 13e7cfff-040d-11e2-8ada-000ffefcedaa

    Error - 9/21/2012 1:03:55 PM | Computer Name = 6000PRO-02 | Source = Application Error | ID = 1000
    Description = Faulting application name: svchost.exe, version: 6.1.7600.16385, time
    stamp: 0x4a5bc3c5 Faulting module name: ntdll.dll, version: 6.1.7601.17725, time
    stamp: 0x4ec49b8f Exception code: 0xc0000374 Fault offset: 0x000ce6c3 Faulting process
    id: 0x19c4 Faulting application start time: 0x01cd9819dd8e9f0c Faulting application
    path: \\.\globalroot\systemroot\svchost.exe Faulting module path: C:\Windows\SysWOW64\ntdll.dll
    Report
    Id: 5352157f-040e-11e2-8ada-000ffefcedaa

    Error - 9/21/2012 1:15:12 PM | Computer Name = 6000PRO-02 | Source = Application Error | ID = 1000
    Description = Faulting application name: svchost.exe, version: 6.1.7600.16385, time
    stamp: 0x4a5bc3c5 Faulting module name: ntdll.dll, version: 6.1.7601.17725, time
    stamp: 0x4ec49b8f Exception code: 0xc0000374 Fault offset: 0x000ce6c3 Faulting process
    id: 0x2168 Faulting application start time: 0x01cd981b1c792b5d Faulting application
    path: \\.\globalroot\systemroot\svchost.exe Faulting module path: C:\Windows\SysWOW64\ntdll.dll
    Report
    Id: e6ee0477-040f-11e2-8ada-000ffefcedaa

    Error - 9/21/2012 1:29:49 PM | Computer Name = 6000PRO-02 | Source = Application Error | ID = 1000
    Description = Faulting application name: a2service.exe, version: 6.6.0.6, time stamp:
    0x5005150a Faulting module name: quarantine.dll, version: 6.6.0.1, time stamp: 0x4fdb3190
    Exception
    code: 0xc0000005 Fault offset: 0x000064e6 Faulting process id: 0x358 Faulting application
    start time: 0x01cd972dc6ed3270 Faulting application path: C:\Program Files (x86)\Emsisoft
    Anti-Malware\a2service.exe Faulting module path: C:\Program Files (x86)\Emsisoft
    Anti-Malware\quarantine.dll Report Id: f1135083-0411-11e2-8ada-000ffefcedaa

    Error - 9/21/2012 3:29:15 PM | Computer Name = 6000PRO-02 | Source = Application Error | ID = 1000
    Description = Faulting application name: svchost.exe, version: 6.1.7600.16385, time
    stamp: 0x4a5bc3c5 Faulting module name: ntdll.dll, version: 6.1.7601.17725, time
    stamp: 0x4ec49b8f Exception code: 0xc0000374 Fault offset: 0x000ce6c3 Faulting process
    id: 0x9b8 Faulting application start time: 0x01cd9827cda44424 Faulting application
    path: \\.\globalroot\systemroot\svchost.exe Faulting module path: C:\Windows\SysWOW64\ntdll.dll
    Report
    Id: a0cd83ba-0422-11e2-a4ca-000ffefcedaa

    Error - 9/21/2012 4:23:09 PM | Computer Name = 6000PRO-02 | Source = Application Error | ID = 1000
    Description = Faulting application name: svchost.exe, version: 6.1.7600.16385, time
    stamp: 0x4a5bc3c5 Faulting module name: ntdll.dll, version: 6.1.7601.17725, time
    stamp: 0x4ec49b8f Exception code: 0xc0000374 Fault offset: 0x000ce6c3 Faulting process
    id: 0x1e90 Faulting application start time: 0x01cd982f6c71f9e1 Faulting application
    path: \\.\globalroot\systemroot\svchost.exe Faulting module path: C:\Windows\SysWOW64\ntdll.dll
    Report
    Id: 286c53ef-042a-11e2-a4ca-000ffefcedaa

    Error - 9/24/2012 8:58:57 AM | Computer Name = 6000PRO-02 | Source = Application Error | ID = 1000
    Description = Faulting application name: svchost.exe, version: 6.1.7600.16385, time
    stamp: 0x4a5bc3c5 Faulting module name: ntdll.dll, version: 6.1.7601.17725, time
    stamp: 0x4ec49b8f Exception code: 0xc0000374 Fault offset: 0x000ce6c3 Faulting process
    id: 0xde0 Faulting application start time: 0x01cd9a5442dde6b4 Faulting application
    path: \\.\globalroot\systemroot\svchost.exe Faulting module path: C:\Windows\SysWOW64\ntdll.dll
    Report
    Id: 998421b4-0647-11e2-991e-000ffefcedaa

    [ System Events ]
    Error - 12/9/2011 10:16:32 AM | Computer Name = 6000PRO-02 | Source = Service Control Manager | ID = 7000
    Description = The HP Health Check Service service failed to start due to the following
    error: %%2

    Error - 12/13/2011 11:58:34 AM | Computer Name = 6000PRO-02 | Source = Service Control Manager | ID = 7000
    Description = The HP Health Check Service service failed to start due to the following
    error: %%2

    Error - 12/14/2011 10:17:18 AM | Computer Name = 6000PRO-02 | Source = Service Control Manager | ID = 7000
    Description = The HP Health Check Service service failed to start due to the following
    error: %%2

    Error - 12/14/2011 11:41:13 AM | Computer Name = 6000PRO-02 | Source = Disk | ID = 262155
    Description = The driver detected a controller error on \Device\Harddisk1\DR2.

    Error - 12/14/2011 11:58:36 AM | Computer Name = 6000PRO-02 | Source = Disk | ID = 262155
    Description = The driver detected a controller error on \Device\Harddisk1\DR3.

    Error - 12/15/2011 4:23:59 AM | Computer Name = 6000PRO-02 | Source = Service Control Manager | ID = 7000
    Description = The HP Health Check Service service failed to start due to the following
    error: %%2

    Error - 12/16/2011 10:05:00 AM | Computer Name = 6000PRO-02 | Source = NetBT | ID = 4321
    Description = The name "WORKGROUP :1d" could not be registered on the interface
    with IP address 192.168.25.111. The computer with the IP address 192.168.25.112
    did not allow the name to be claimed by this computer.

    Error - 12/16/2011 10:05:00 AM | Computer Name = 6000PRO-02 | Source = NetBT | ID = 4321
    Description = The name "WORKGROUP :1d" could not be registered on the interface
    with IP address 192.168.25.111. The computer with the IP address 192.168.25.112
    did not allow the name to be claimed by this computer.

    Error - 12/16/2011 10:06:32 AM | Computer Name = 6000PRO-02 | Source = Service Control Manager | ID = 7000
    Description = The HP Health Check Service service failed to start due to the following
    error: %%2

    Error - 12/17/2011 11:00:11 AM | Computer Name = 6000PRO-02 | Source = Service Control Manager | ID = 7000
    Description = The HP Health Check Service service failed to start due to the following
    error: %%2


    < End of report >
  15. Broni

    Broni Malware Annihilator Posts: 45,175   +242

    Run OTL
    • Under the Custom Scans/Fixes box at the bottom, paste in the following

      Code:
      :OTL
      O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab (Reg Error: Key error.)
      [2009/07/14 00:55:00 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini
      
      [HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64
      
      [HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
      
      [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64
      "" = C:\Windows\SysNative\shell32.dll -- [2012/06/09 01:43:10 | 014,172,672 | ---- | M] (Microsoft Corporation)
      "ThreadingModel" = Apartment
      
      [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
      "" = %SystemRoot%\system32\shell32.dll -- [2012/06/09 00:41:00 | 012,873,728 | ---- | M] (Microsoft Corporation)
      "ThreadingModel" = Apartment
      
      [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] /64
      "" = C:\Windows\SysNative\wbem\wbemess.dll -- [2009/07/13 21:41:56 | 000,505,856 | ---- | M] (Microsoft Corporation)
      "ThreadingModel" = Both
      
      [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]
      "" = %systemroot%\SysWow64\wbem\wbemess.dll
      
      :Commands
      [purity]
      [emptytemp]
      [emptyjava]
      [emptyflash]
      [Reboot]
      
    • Then click the Run Fix button at the top
    • Let the program run unhindered, reboot the PC when it is done
    • You will get a log that shows the results of the fix. Please post it.

    NOTE. If for any reason OTL stalls (most likely at "killing processes..." step) run the fix from safe mode.

    ================================

    Last scans...

    1. Download Security Check from HERE, and save it to your Desktop.
    • Double-click SecurityCheck.exe
    • Follow the onscreen instructions inside of the black box.
    • A Notepad document should open automatically called checkup.txt; please post the contents of that document.

      NOTE SecurityCheck may produce some false warning(s), so leave the results reading to me.

    2. Please download Farbar Service Scanner (FSS) and run it on the computer with the issue.
    • Make sure the following options are checked:
      • Internet Services
      • Windows Firewall
      • System Restore
      • Security Center
      • Windows Update
      • Windows Defender
    • Press "Scan".
    • It will create a log (FSS.txt) in the same directory the tool is run.
    • Please copy and paste the log to your reply.

    3. Please download AdwCleaner by Xplode onto your desktop.
    • Close all open programs and internet browsers.
    • Double click on adwcleaner.exe to run the tool.
    • Click on Delete.
    • Confirm each time with Ok.
    • Your computer will be rebooted automatically. A text file will open after the restart.
    • Please post the contents of that logfile with your next reply.
    • You can find the logfile at C:\AdwCleaner[S1].txt as well.

    Next...

    • Double click on adwcleaner.exe to run the tool.
    • Click on Uninstall.
    • Confirm with yes.

    4. Download Temp File Cleaner (TFC)
    Alternate download: http://www.itxassociates.com/OT-Tools/TFC.exe
    • Double click on TFC.exe to run the program.
    • Click on Start button to begin cleaning process.
    • TFC will close all running programs, and it may ask you to restart computer.

    5. Please run a free online scan with the ESET Online Scanner

    • Disable your antivirus program
    • Tick the box next to YES, I accept the Terms of Use
    • Click Start
    • Accept any security warnings from your browser.
    • Check Scan archives
    • Click Start
    • ESET will then download updates for itself, install itself, and begin scanning your computer. Please be patient as this can take some time.
    • When the scan completes, click on List of found threats
    • Click on Export to text file , and save the file to your desktop using a unique name, such as ESETScan. Include the contents of this report in your next reply.
    • NOTE. If Eset won't find any threats, it won't produce any log.
  16. JHirschmann

    JHirschmann Newcomer, in training Topic Starter

    Below are the logs that were generated:

    OTL Log:


    Files\Folders moved on Reboot...
    C:\Users\hglymour\AppData\Local\Temp\FXSAPIDebugLogFile.txt moved successfully.

    PendingFileRenameOperations files...

    Registry entries deleted on Reboot...

    Security Check Log:

    Results of screen317's Security Check version 0.99.51
    Windows 7 Service Pack 1 x64 (UAC is enabled)
    Internet Explorer 9
    ``````````````Antivirus/Firewall Check:``````````````
    Windows Firewall Enabled!
    Norton AntiVirus
    WMI entry may not exist for antivirus; attempting automatic update.
    `````````Anti-malware/Other Utilities Check:`````````
    Malwarebytes Anti-Malware version 1.65.0.1400
    Java(TM) 6 Update 31
    Java version out of Date!
    Adobe Flash Player 11.4.402.278
    Adobe Reader X (10.1.4)
    Mozilla Firefox 13.0.1 Firefox out of Date!
    ````````Process Check: objlist.exe by Laurent````````
    Norton ccSvcHst.exe
    Norton AntiVirus Engine 19.8.0.14 ccSvcHst.exe
    `````````````````System Health check`````````````````
    Total Fragmentation on Drive C: 1%
    ````````````````````End of Log``````````````````````

    Farbar Service Scanner Log:

    Farbar Service Scanner Version: 19-09-2012
    Ran by jhirschmann (administrator) on 25-09-2012 at 08:49:35
    Running from "C:\Users\hglymour\Desktop"
    Microsoft Windows 7 Professional Service Pack 1 (X64)
    Boot Mode: Normal
    ****************************************************************

    Internet Services:
    ============

    Connection Status:
    ==============
    Localhost is accessible.
    LAN connected.
    Google IP is accessible.
    Google.com is accessible.
    Yahoo IP is accessible.
    Yahoo.com is accessible.


    Windows Firewall:
    =============

    Firewall Disabled Policy:
    ==================


    System Restore:
    ============

    System Restore Disabled Policy:
    ========================


    Action Center:
    ============

    Windows Update:
    ============

    Windows Autoupdate Disabled Policy:
    ============================


    Windows Defender:
    ==============
    WinDefend Service is not running. Checking service configuration:
    The start type of WinDefend service is set to Demand. The default start type is Auto.
    The ImagePath of WinDefend service is OK.
    The ServiceDll of WinDefend service is OK.


    Windows Defender Disabled Policy:
    ==========================
    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows Defender]
    "DisableAntiSpyware"=DWORD:1


    Other Services:
    ==============


    File Check:
    ========
    C:\Windows\System32\nsisvc.dll => MD5 is legit
    C:\Windows\System32\drivers\nsiproxy.sys => MD5 is legit
    C:\Windows\System32\dhcpcore.dll => MD5 is legit
    C:\Windows\System32\drivers\afd.sys => MD5 is legit
    C:\Windows\System32\drivers\tdx.sys => MD5 is legit
    C:\Windows\System32\Drivers\tcpip.sys => MD5 is legit
    C:\Windows\System32\dnsrslvr.dll => MD5 is legit
    C:\Windows\System32\mpssvc.dll => MD5 is legit
    C:\Windows\System32\bfe.dll => MD5 is legit
    C:\Windows\System32\drivers\mpsdrv.sys => MD5 is legit
    C:\Windows\System32\SDRSVC.dll => MD5 is legit
    C:\Windows\System32\vssvc.exe => MD5 is legit
    C:\Windows\System32\wscsvc.dll => MD5 is legit
    C:\Windows\System32\wbem\WMIsvc.dll => MD5 is legit
    C:\Windows\System32\wuaueng.dll => MD5 is legit
    C:\Windows\System32\qmgr.dll => MD5 is legit
    C:\Windows\System32\es.dll => MD5 is legit
    C:\Windows\System32\cryptsvc.dll => MD5 is legit
    C:\Program Files\Windows Defender\MpSvc.dll => MD5 is legit
    C:\Windows\System32\svchost.exe => MD5 is legit
    C:\Windows\System32\rpcss.dll => MD5 is legit

    **** End of log ****

    AdwCleaner Log:

    # AdwCleaner v2.003 - Logfile created 09/25/2012 at 08:51:46
    # Updated 23/09/2012 by Xplode
    # Operating system : Windows 7 Professional Service Pack 1 (64 bits)
    # User : jhirschmann - 6000PRO-02
    # Boot Mode : Normal
    # Running from : C:\Users\hglymour\Desktop\Malware Defense\adwcleaner.exe
    # Option [Delete]


    ***** [Services] *****


    ***** [Files / Folders] *****

    Folder Deleted : C:\Users\hglymour\AppData\Local\Conduit
    Folder Deleted : C:\Users\hglymour\AppData\LocalLow\Conduit

    ***** [Registry] *****


    ***** [Internet Browsers] *****

    -\\ Internet Explorer v9.0.8112.16421

    Restored : [HKCU\Software\Wow6432Node\Microsoft\Internet Explorer\SearchScopes - DefaultScope]
    Restored : [HKCU\Software\Microsoft\Internet Explorer\SearchScopes - DefaultScope]
    Restored : [HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\SearchScopes - DefaultScope]
    Restored : [HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes - DefaultScope]
    Restored : [HKU\S-1-5-18\Software\Microsoft\Internet Explorer\SearchScopes - DefaultScope]
    Restored : [HKU\S-1-5-19\Software\Microsoft\Internet Explorer\SearchScopes - DefaultScope]
    Restored : [HKU\S-1-5-20\Software\Microsoft\Internet Explorer\SearchScopes - DefaultScope]

    -\\ Mozilla Firefox v13.0.1 (en-US)

    Profile name : default
    File : C:\Users\hglymour\AppData\Roaming\Mozilla\Firefox\Profiles\q026kose.default\prefs.js

    [OK] File is clean.

    Profile name : default
    File : C:\Users\hglymour\AppData\Roaming\Mozilla\Firefox\Profiles\q026kose.default\prefs.js

    [OK] File is clean.

    Profile name : default
    File : C:\Users\hglymour\AppData\Roaming\Mozilla\Firefox\Profiles\q026kose.default\prefs.js

    [OK] File is clean.

    *************************

    AdwCleaner[S1].txt - [1744 octets] - [25/09/2012 08:51:46]

    ########## EOF - C:\AdwCleaner[S1].txt - [1804 octets] ##########

    ESET Online Scanner Log:

    C:\TDSSKiller_Quarantine\24.09.2012_09.16.01\mbr0000\tdlfs0000\tsk0003.dta Win64/Olmarik.AL trojan cleaned by deleting - quarantined
    C:\TDSSKiller_Quarantine\24.09.2012_09.16.01\mbr0000\tdlfs0000\tsk0009.dta Win32/Olmarik.AFK trojan cleaned by deleting - quarantined
    C:\TDSSKiller_Quarantine\24.09.2012_09.16.01\mbr0000\tdlfs0000\tsk0010.dta Win64/Olmarik.AK trojan cleaned by deleting - quarantined

    Please let me know if there are any further instructions! And a continuing thank you for all of your help.
  17. Broni

    Broni Malware Annihilator Posts: 45,175   +242

    1. Update your Java version here: http://www.java.com/en/download/installed.jsp

    Note 1: UNCHECK any pre-checked toolbar and/or software offered with the Java update. The pre-checked toolbars/software are not part of the Java update.

    Note 2: The Java Quick Starter (JQS.exe) adds a service to improve the initial startup time of Java applets and applications. If you don't want to run another extra service, go to Start > Control Panel > Java > Advanced > Miscellaneous and uncheck the box for Java Quick Starter. Click OK and restart your computer.

    2. Now, we need to remove old Java version and its remnants...

    Download JavaRa to your desktop and unzip it.
    • Run JavaRa.exe (Vista users! Right click on JavaRa.exe, click Run As Administrator), pick the language of your choice and click Select. Then click Remove Older Versions.
    • Accept any prompts.
    • Do NOT post JavaRa log.

    ================================

    Your computer is clean [​IMG]

    1. We need to reset system restore to prevent your computer from being accidentally reinfected by using some old restore point(s). We'll create fresh, clean restore point, using following OTL script:

    Run OTL

    • Under the Custom Scans/Fixes box at the bottom, paste in the following:

    Code:
    :OTL
    :Commands
    [purity]
    [emptytemp]
    [EMPTYFLASH]
    [emptyjava]
    [CLEARALLRESTOREPOINTS]
    [Reboot]
    • Then click the Run Fix button at the top
    • Let the program run unhindered, reboot the PC when it is done
    • Post resulting log.

    2. Now, we'll remove all tools, we used during our cleaning process

    Clean up with OTL:

    • Double-click OTL.exe to start the program.
    • Close all other programs apart from OTL as this step will require a reboot
    • On the OTL main screen, press the CLEANUP button
    • Say Yes to the prompt and then allow the program to reboot your computer.

    If you still have any tools or logs leftover on your computer you can go ahead and delete those off of your computer now.

    3. Make sure, Windows Updates are current.

    4. If any trojans, rootkits or bootkits were listed among your infection(s), make sure, you change all of your on-line important passwords (bank account(s), secured web sites, etc.) immediately!

    5. Download, and install WOT (Web OF Trust): http://www.mywot.com/. It'll warn you (in most cases) about dangerous web sites.

    6. Run Malwarebytes "Quick scan" once in a while to assure safety of your computer.

    7. Run Temporary File Cleaner (TFC) weekly.

    8. Download and install Secunia Personal Software Inspector (PSI): http://secunia.com/vulnerability_scanning/personal/. The Secunia PSI is a FREE security tool designed to detect vulnerable and out-dated programs and plug-ins which expose your PC to attacks. Run it weekly.

    9. (optional) If you want to keep all your programs up to date, download and install FileHippo Update Checker.
    The Update Checker will scan your computer for installed software, check the versions and then send this information to FileHippo.com to see if there are any newer releases.

    10. (Windows XP only) Run defrag at your convenience.

    11. When installing\updating ANY program, make sure you always select "Custom " installation, so you can UN-check any possible "drive-by-install" (foistware), like toolbars etc., which may try to install along with the legitimate program. Do NOT click "Next" button without looking at any given page.

    12. Read:
    How did I get infected?, With steps so it does not happen again!: http://www.bleepingcomputer.com/forums/topic2520.html
    Simple and easy ways to keep your computer safe and secure on the Internet: http://www.bleepingcomputer.com/tutorials/keep-your-computer-safe-online/

    13. Please, let me know, how your computer is doing.
  18. JHirschmann

    JHirschmann Newcomer, in training Topic Starter

    Here is the log from OTL:

    All processes killed
    ========== OTL ==========
    ========== COMMANDS ==========

    [EMPTYTEMP]

    User: Administrator
    ->Temp folder emptied: 0 bytes
    ->Temporary Internet Files folder emptied: 0 bytes
    ->Java cache emptied: 0 bytes
    ->Flash cache emptied: 0 bytes

    User: All Users

    User: Default
    ->Temp folder emptied: 0 bytes
    ->Temporary Internet Files folder emptied: 0 bytes
    ->Flash cache emptied: 0 bytes

    User: Default User
    ->Temp folder emptied: 0 bytes
    ->Temporary Internet Files folder emptied: 0 bytes
    ->Flash cache emptied: 0 bytes

    User: hglymour
    ->Temp folder emptied: 4901 bytes
    ->Temporary Internet Files folder emptied: 33170 bytes
    ->Java cache emptied: 0 bytes
    ->FireFox cache emptied: 27417659 bytes
    ->Flash cache emptied: 506 bytes

    User: Public
    ->Temp folder emptied: 0 bytes

    User: rmonks
    ->Temp folder emptied: 0 bytes
    ->Temporary Internet Files folder emptied: 0 bytes

    %systemdrive% .tmp files removed: 0 bytes
    %systemroot% .tmp files removed: 0 bytes
    %systemroot%\System32 .tmp files removed: 0 bytes
    %systemroot%\System32 (64bit) .tmp files removed: 0 bytes
    %systemroot%\System32\drivers .tmp files removed: 0 bytes
    Windows Temp folder emptied: 0 bytes
    %systemroot%\sysnative\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files folder emptied: 50333 bytes
    RecycleBin emptied: 11681456 bytes

    Total Files Cleaned = 37.00 mb


    [EMPTYFLASH]

    User: Administrator
    ->Flash cache emptied: 0 bytes

    User: All Users

    User: Default
    ->Flash cache emptied: 0 bytes

    User: Default User
    ->Flash cache emptied: 0 bytes

    User: hglymour
    ->Flash cache emptied: 0 bytes

    User: Public

    User: rmonks

    Total Flash Files Cleaned = 0.00 mb


    [EMPTYJAVA]

    User: Administrator
    ->Java cache emptied: 0 bytes

    User: All Users

    User: Default

    User: Default User

    User: hglymour
    ->Java cache emptied: 0 bytes

    User: Public

    User: rmonks

    Total Java Files Cleaned = 0.00 mb

    Restore point Set: OTL Restore Point

    OTL by OldTimer - Version 3.2.68.0 log created on 09252012_125127

    Files\Folders moved on Reboot...
    C:\Users\hglymour\AppData\Local\Temp\FXSAPIDebugLogFile.txt moved successfully.

    PendingFileRenameOperations files...

    Registry entries deleted on Reboot...

    I did the clean up with OTL prior to posting the Log the first time; so, I had to redownload OTL and rerun the fix you indicated. I hope that does not mean any issues will occur; or, that the Log is inaccurate.

    The computer is running wonderfully. I cannot thank you enough for all of your help!
  19. Broni

    Broni Malware Annihilator Posts: 45,175   +242

    Yes!! [​IMG]
    Good luck and stay safe :)


Add New Comment

TechSpot Members
Login or sign up for free,
it takes about 30 seconds.
You may also...


Get complete access to the TechSpot community. Join thousands of technology enthusiasts that contribute and share knowledge in our forum. Get a private inbox, upload your own photo gallery and more.