Solved Isecurity.exe/Internet Security virus

[TechFee]

Hello,

I’m new to this site but since signing up I can tell there is a wealth of helpful information on here!.. I actually need help removing the Internet Security virus.. I found this site by actually searching for a solution to this reoccurring virus that I can’t get rid of. Ive tried MalwareBytes, SpyBot, Smitfraud, (all in Safe Mode) All of them seem to find a little of the virus but never completely removes the virus.

I read a string that suggested a lot of steps to remove this virus. The first two steps suggested by Broni were to run aswMBR and Bootkit remover and to post the logs. I did those two steps and I’m going to post the logs before proceeding to the next step if need be. Any help would be gratefully appreciated!

aswMBR version 0.9.9.1665 Copyright(c) 2011 AVAST Software
Run date: 2012-03-21 15:44:27
-----------------------------
15:44:27.807 OS Version: Windows 6.1.7601 Service Pack 1
15:44:27.807 Number of processors: 2 586 0x603
15:44:27.808 ComputerName: MELB-W10 UserName: kmanney
15:44:35.484 Initialize success
15:48:03.426 AVAST engine defs: 12032000
15:48:49.869 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\00000032
15:48:49.870 Disk 0 Vendor: WDC_WD25 03.0 Size: 238475MB BusType: 3
15:48:49.872 Device \Device\00000059 -> \??\SCSI#Disk&Ven_WDC_WD25&Prod_00AAJS-60Z0A#4&1b5084af&0&000000#{53f56307-b6bf-11d0-94f2-00a0c91efb8b} not found
15:48:49.874 Disk 0 MBR read error 0
15:48:49.882 Disk 0 MBR scan
15:48:49.889 Disk 0 unknown MBR code
15:48:49.900 MBR BIOS signature not found 0
15:48:49.902 Disk 0 scanning sectors +488394752
15:48:49.931 Disk 0 scanning C:\Windows\system32\drivers
15:49:01.384 Service scanning
15:49:26.993 Modules scanning
15:49:32.313 Disk 0 trace - called modules:
15:49:32.318 ntkrnlpa.exe CLASSPNP.SYS disk.sys ACPI.sys halmacpi.dll >>UNKNOWN [0x84c3149f]<<
15:49:32.322 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0x84a657c8]
15:49:32.336 3 CLASSPNP.SYS[877bc59e] -> nt!IofCallDriver -> [0x843c9c10]
15:49:32.354 5 ACPI.sys[871ad3d4] -> nt!IofCallDriver -> \00000059[0x8487f030]
15:49:32.365 \Driver\nvstor32[0x84c5a6e8] -> IRP_MJ_CREATE -> 0x84c3149f
15:49:42.066 AVAST engine scan C:\Windows
15:49:43.857 AVAST engine scan C:\Windows\system32
15:53:43.116 AVAST engine scan C:\Windows\system32\drivers
15:54:08.608 AVAST engine scan C:\Users\kmanney
15:55:33.202 AVAST engine scan C:\ProgramData
15:56:03.603 Scan finished successfully
16:02:29.799 Disk 0 MBR has been saved successfully to "C:\Users\kmanney\Desktop\Virus removers\MBR.dat"
16:02:29.808 The log file has been saved successfully to "C:\Users\kmanney\Desktop\Virus removers\aswMBR.txt"

______________________________________________________

Bootkit Remover
(c) 2009 Esage Lab
www.esagelab.com

Program version: 1.2.0.1
OS Version: Microsoft Windows 7 Service Pack 1 (build 7601), 32-bit

System volume is \\.\C:
\\.\C: -> \\.\PhysicalDrive0 at offset 0x00000000`06500000
ATA_Read(): DeviceIoControl() ERROR 1
Boot sector MD5 is: 44fc2f28117897060ed64bd414ccd31e

Size Device Name MBR Status
--------------------------------------------
232 GB \\.\PhysicalDrive0 Unknown boot code

Unknown boot code has been found on some of your physical disks.
To inspect the boot code manually, dump the master boot sector:
remover.exe dump <device_name> [output_file]
To disinfect the master boot sector, use the following command:
remover.exe fix <device_name>


Done;
Press any key to quit...

 

[Broni]

Welcome aboard

Please, complete all steps listed here: https://www.techspot.com/community/...lware-removal-preliminary-instructions.58138/
Make sure, you PASTE all logs. If some log exceeds 50,000 characters post limit, split it between couple of replies.
Attached logs won't be reviewed.

Please, observe following rules:

• Read all of my instructions very carefully. Your mistakes during cleaning process may have very serious consequences, like unbootable computer.
• If you're stuck, or you're not sure about certain step, always ask before doing anything else.
• Please refrain from running tools or applying updates other than those I suggest.
• Never run more than one scan at a time.
• Keep updating me regarding your computer behavior, good, or bad.
• The cleaning process, once started, has to be completed. Even if your computer appears to act better, it may still be infected. Once the computer is totally clean, I'll certainly let you know.
• If you leave the topic without explanation in the middle of a cleaning process, you may not be eligible to receive any more help in malware removal forum.
• I close my topics if you have not replied in 5 days. If you need more time, simply let me know. If I closed your topic and you need it to be reopened, simply PM me.

 

[TechFee]

Additional info on virus

Malwarebytes real time protection keeps blocking this outgoing attempt:

2012/03/21 00:00:13 -0400 MELB-W10 kmanney IP-BLOCK 206.161.121.4 (Type: outgoing, Port: 63266, Process: svchost.exe

Also,It found this durning a scan

Files Detected: 2
C:\Windows\Temp\A565.tmp (Rogue.InternetSecurity) -> Quarantined and deleted successfully.
C:\ProgramData\isecurity.exe (Backdoor.IRCBot) -> Quarantined and deleted successfully.
_____________________________________________________

The Avg antivirus (now un-installed) kept detecting:

Exploit Blackhole - from a website called www.omfggossip.com**

_________________________________________________________

Lastly another weird thing is that I can no longer get to google.com.. I checked for proxy's, checked the HOSTS file, Flushed DNS, rebuilt the IP Stack, ran Hi-jack this to no prevail.. All other sites can be reached

 

[Broni]

Did you read my reply?

 

[TechFee]

Yes!

Sorry I was in the process of writing a reply when your reply came through.. I will follow the 5 steps and post the logs!

 

[TechFee]

logs

Malwarebytes Anti-Malware (Trial) 1.60.1.1000
www.malwarebytes.org

Database version: v2012.03.21.07

Windows 7 Service Pack 1 x86 NTFS
Internet Explorer 9.0.8112.16421
kmanney :: MELB-W10 [administrator]

Protection: Enabled

3/21/2012 21:06:09
mbam-log-2012-03-21 (21-06-09).txt

Scan type: Quick scan
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
Scan options disabled: P2P
Objects scanned: 198101
Time elapsed: 4 minute(s), 45 second(s)

Memory Processes Detected: 0
(No malicious items detected)

Memory Modules Detected: 0
(No malicious items detected)

Registry Keys Detected: 1
HKCR\sp (TrojanProxy.Agent) -> Quarantined and deleted successfully.

Registry Values Detected: 1
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SvcHost|netsvc (TrojanProxy.Agent) -> Data: SPService^-^ -> Quarantined and deleted successfully.

Registry Data Items Detected: 0
(No malicious items detected)

Folders Detected: 0
(No malicious items detected)

Files Detected: 6
C:\Windows\Temp\0.22689564732202328.exe (Spyware.SpyEye) -> Quarantined and deleted successfully.
C:\Windows\Temp\0.4930402528602936.exe (Spyware.SpyEye) -> Quarantined and deleted successfully.
C:\Windows\Temp\C782.tmp (Trojan.FakeAlert) -> Quarantined and deleted successfully.
C:\Windows\Temp\CD6D.tmp (Trojan.FakeAlert) -> Quarantined and deleted successfully.
C:\Windows\Temp\F8EB.tmp (Rootkit.TDSS) -> Quarantined and deleted successfully.
C:\Windows\Temp\0.2144877487000455.exe (Exploit.Drop.2) -> Quarantined and deleted successfully.

(end)

__________________________________________

GMER 1.0.15.15641 - http://www.gmer.net
Rootkit quick scan 2012-03-21 22:24:44
Windows 6.1.7601 Service Pack 1 Harddisk0\DR0 -> \Device\00000032 WDC_WD25 rev.03.0
Running: gmer.exe; Driver: C:\Users\kmanney\AppData\Local\Temp\pwdiypog.sys


---- Disk sectors - GMER 1.0.15 ----

Disk \Device\Harddisk0\DR0 MBR read error
Disk \Device\Harddisk0\DR0 MBR BIOS signature not found 0

---- Devices - GMER 1.0.15 ----

Device \Device\0000005b -> \??\SCSI#Disk&Ven_WDC_WD25&Prod_00AAJS-60Z0A#4&1b5084af&0&000000#{53f56307-b6bf-11d0-94f2-00a0c91efb8b} device not found

---- EOF - GMER 1.0.15 ----


_____________________________________________________________


.
DDS (Ver_2011-08-26.01) - NTFSx86 NETWORK
Internet Explorer: 9.0.8112.16421
Run by kmanney at 23:06:16 on 2012-03-21
Microsoft Windows 7 Professional 6.1.7601.1.1252.1.1033.18.1791.1410 [GMT -4:00]
.
AV: Microsoft Security Essentials *Disabled/Updated* {108DAC43-C256-20B7-BB05-914135DA5160}
SP: Microsoft Security Essentials *Disabled/Updated* {ABEC4DA7-E46C-2F39-81B5-AA334E5D1BDD}
SP: Windows Defender *Disabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
============== Running Processes ===============
.
C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\svchost.exe -k RPCSS
c:\Program Files\Microsoft Security Client\Antimalware\MsMpEng.exe
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Program Files\Citrix\GoToAssist Express Customer\363\g2ax_service.exe
C:\Program Files\Citrix\GoToAssist Express Customer\363\g2ax_comm_customer.exe
C:\Program Files\Citrix\GoToAssist Express Customer\363\g2ax_system_customer.exe
C:\Program Files\Citrix\GoToAssist Express Customer\363\g2ax_host.exe
C:\Windows\system32\ctfmon.exe
C:\Program Files\Citrix\GoToAssist Express Customer\363\g2ax_user_customer.exe
C:\Windows\system32\ctfmon.exe
C:\Windows\Explorer.EXE
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Program Files\Citrix\GoToAssist Express Customer\363\g2ax_user_medium_customer.exe
C:\Windows\system32\conhost.exe
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\wbem\wmiprvse.exe
.
============== Pseudo HJT Report ===============
.
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll
BHO: Search Helper: {6ebf7485-159f-4bff-a14f-b9e3aac4465b} - c:\program files\microsoft\search enhancement pack\search helper\SEPsearchhelperie.dll
BHO: Windows Live ID Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - c:\program files\common files\microsoft shared\windows live\WindowsLiveLogin.dll
BHO: Office Document Cache Handler: {b4f3a835-0e21-4959-ba22-42b3008e02ff} - c:\progra~1\micros~2\office14\URLREDIR.DLL
BHO: Bing Bar BHO: {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - c:\program files\msn toolbar\platform\6.0.2282.0\npwinext.dll
BHO: Java(tm) Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
TB: @c:\program files\msn toolbar\platform\6.0.2282.0\npwinext.dll,-100: {8dcb7100-df86-4384-8842-8fa844297b3f} - c:\program files\msn toolbar\platform\6.0.2282.0\npwinext.dll
TB: {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - No File
TB: {2318C2B1-4965-11D4-9B18-009027A5CD4F} - No File
mRun: [hpsysdrv] c:\program files\hewlett-packard\hp odometer\hpsysdrv.exe
mRun: [PDF Complete] c:\program files\pdf complete\pdfsty.exe
mRun: [HP KEYBOARDx] "c:\program files\hewlett-packard\hp desktop keyboard\HPKEYBOARDx.EXE"
mRun: [HP Remote Solution] %ProgramFiles%\Hewlett-Packard\HP Remote Solution\HP_Remote_Solution.exe
mRun: [BATINDICATOR] c:\program files\hewlett-packard\hp mainstream keyboard\BATINDICATOR.exe
mRun: [LaunchHPOSIAPP] c:\program files\hewlett-packard\hp mainstream keyboard\LaunchApp.exe
mRun: [Microsoft Default Manager] "c:\program files\microsoft\search enhancement pack\default manager\DefMgr.exe" -resume
mRun: [Adobe ARM] "c:\program files\common files\adobe\arm\1.0\AdobeARM.exe"
mRun: [SunJavaUpdateSched] "c:\program files\common files\java\java update\jusched.exe"
mRun: [Malwarebytes' Anti-Malware] "c:\program files\malwarebytes' anti-malware\mbamgui.exe" /starttray
mRun: [MSC] "c:\program files\microsoft security client\msseces.exe" -hide -runkey
mPolicies-system: ConsentPromptBehaviorAdmin = 0 (0x0)
mPolicies-system: ConsentPromptBehaviorUser = 3 (0x3)
mPolicies-system: EnableUIADesktopToggle = 0 (0x0)
mPolicies-system: PromptOnSecureDesktop = 0 (0x0)
IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - c:\program files\microsoft office\office14\ONBttnIE.dll
IE: {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - {FFFDC614-B694-4AE6-AB38-5D6374584B52} - c:\program files\microsoft office\office14\ONBttnIELinkedNotes.dll
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab
DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
TCP: DhcpNameServer = 192.168.1.254
TCP: Interfaces\{50E7F8E2-F889-426E-B7F1-F582D346E46F} : DhcpNameServer = 192.168.1.254
Filter: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - c:\program files\common files\microsoft shared\office14\MSOXMLMF.DLL
Notify: GoToAssist Express Customer - c:\program files\citrix\gotoassist express customer\363\g2ax_winlogon.dll
Hosts: 87.229.126.54 www.google.com
Hosts: 87.229.126.55 www.bing.com
.
============= SERVICES / DRIVERS ===============
.
R2 GoToAssist Express Customer;GoToAssist Express Customer;c:\program files\citrix\gotoassist express customer\363\g2ax_service.exe [2011-12-18 609144]
S1 MpFilter;Microsoft Malware Protection Driver;c:\windows\system32\drivers\MpFilter.sys [2011-4-18 165648]
S2 AdobeARMservice;Adobe Acrobat Update Service;c:\program files\common files\adobe\arm\1.0\armsvc.exe [2012-1-3 63928]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\microsoft.net\framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
S2 HPClientSvc;HP Client Services;c:\program files\hewlett-packard\hp client services\HPClientServices.exe [2010-10-11 246840]
S2 HPDrvMntSvc.exe;HP Quick Synchronization Service;c:\program files\hewlett-packard\shared\HPDrvMntSvc.exe [2011-1-25 92216]
S2 MBAMService;MBAMService;c:\program files\malwarebytes' anti-malware\mbamservice.exe [2012-3-19 652360]
S2 pdfcDispatcher;PDF Document Manager;c:\program files\pdf complete\pdfsvc.exe [2011-5-19 1119768]
S2 XobniService;XobniService;c:\program files\xobni\XobniService.exe [2011-2-22 56040]
S3 b57nd60x;Broadcom NetXtreme Gigabit Ethernet - NDIS 6.0;c:\windows\system32\drivers\b57nd60x.sys [2009-7-13 229888]
S3 dmvsc;dmvsc;c:\windows\system32\drivers\dmvsc.sys [2010-11-20 62464]
S3 GamesAppService;GamesAppService;c:\program files\wildtangent games\app\GamesAppService.exe [2010-10-12 206072]
S3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [2012-3-19 20464]
S3 MpNWMon;Microsoft Malware Protection Network Driver;c:\windows\system32\drivers\MpNWMon.sys [2011-4-18 43392]
S3 NisDrv;Microsoft Network Inspection System;c:\windows\system32\drivers\NisDrvWFP.sys [2011-4-27 65024]
S3 NisSrv;Microsoft Network Inspection;c:\program files\microsoft security client\antimalware\NisSrv.exe [2011-4-27 208944]
S3 osppsvc;Office Software Protection Platform;c:\program files\common files\microsoft shared\officesoftwareprotectionplatform\OSPPSVC.EXE [2010-1-9 4640000]
S3 OxPPort;OxPPort;c:\windows\system32\drivers\OxPPort.sys [2011-5-19 82048]
S3 OxSer;OxSer;c:\windows\system32\drivers\OxSer.sys [2011-5-19 83888]
S3 StorSvc;Storage Service;c:\windows\system32\svchost.exe -k LocalSystemNetworkRestricted [2009-7-13 20992]
S3 TrojanKillerDriver;GridinSoft Trojan Killer Driver;c:\windows\system32\drivers\gtkdrv.sys [2012-1-4 16128]
S3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\TsUsbFlt.sys [2010-11-20 52224]
S3 TsUsbGD;Remote Desktop Generic USB Device;c:\windows\system32\drivers\TsUsbGD.sys [2010-11-20 27264]
.
=============== Created Last 30 ================
.
2012-03-22 00:56:37 713784 ----a-w- c:\programdata\microsoft\microsoft antimalware\definition updates\{53dada43-7aff-4798-8133-ed6d9c93144d}\gapaengine.dll
2012-03-22 00:56:26 6582328 ----a-w- c:\programdata\microsoft\microsoft antimalware\definition updates\{4a60553e-d289-4815-950a-7651685911a9}\mpengine.dll
2012-03-22 00:53:08 -------- d-----w- c:\program files\Microsoft Security Client
2012-03-21 20:48:58 98816 ----a-w- c:\windows\sed.exe
2012-03-21 20:48:58 518144 ----a-w- c:\windows\SWREG.exe
2012-03-21 20:48:58 256000 ----a-w- c:\windows\PEV.exe
2012-03-21 20:48:58 208896 ----a-w- c:\windows\MBR.exe
2012-03-21 20:48:46 -------- d-s---w- C:\ComboFix
2012-03-21 20:27:32 96256 ----a-w- c:\windows\system32\chgletup.dll
2012-03-21 17:08:43 -------- d-----w- C:\Symantec Endpoint Protection 11.0.3
2012-03-20 20:47:56 16409960 ----a-w- C:\spybotsd162.exe
2012-03-20 20:16:41 -------- d-----w- c:\program files\GridinSoft Trojan Killer
2012-03-20 20:16:19 24398592 ----a-w- C:\gtk2119-setup.exe
2012-03-20 17:45:58 691 ----a-w- c:\users\kmanney\appdata\roaming\GetValue.vbs
2012-03-20 17:45:58 35 ----a-w- c:\users\kmanney\appdata\roaming\SetValue.bat
2012-03-20 17:41:21 2978 ----a-w- c:\windows\system32\tmp.reg
2012-03-20 17:41:02 80384 ----a-w- c:\windows\system32\o4Patch.exe
2012-03-20 17:41:02 78336 ----a-w- c:\windows\system32\Agent.OMZ.Fix.exe
2012-03-20 17:25:20 82944 ----a-w- c:\windows\system32\IEDFix.exe
2012-03-20 17:25:20 81920 ----a-w- c:\windows\system32\IEDFix.C.exe
2012-03-20 17:25:20 53248 ----a-w- c:\windows\system32\Process.exe
2012-03-20 17:25:20 51200 ----a-w- c:\windows\system32\dumphive.exe
2012-03-20 17:25:20 289144 ----a-w- c:\windows\system32\VCCLSID.exe
2012-03-20 17:25:20 288417 ----a-w- c:\windows\system32\SrchSTS.exe
2012-03-20 17:25:20 25600 ----a-w- c:\windows\system32\WS2Fix.exe
2012-03-19 23:15:34 123904 ----a-w- c:\windows\system32\poqexec.exe
2012-03-19 23:14:45 -------- d-----w- c:\program files\MSXML 4.0
2012-03-19 23:04:11 3912560 ----a-w- c:\windows\system32\ntoskrnl.exe
2012-03-19 23:04:10 3967856 ----a-w- c:\windows\system32\ntkrnlpa.exe
2012-03-19 23:03:14 1290608 ----a-w- c:\windows\system32\drivers\tcpip.sys
2012-03-19 23:02:07 1288472 ----a-w- c:\windows\system32\ntdll.dll
2012-03-19 23:02:07 -------- d--h--w- C:\RBin
2012-03-19 21:30:38 28172738 ----a-w- C:\31912 530.reg
2012-03-19 16:18:41 186 ----a-w- C:\new.reg
2012-03-19 13:45:46 20464 ----a-w- c:\windows\system32\drivers\mbam.sys
2012-03-05 22:31:38 126394 ----a-w- C:\cc_20120305_173129.reg
2012-03-02 17:59:56 -------- d-----w- c:\program files\CCleaner
.
==================== Find3M ====================
.
2012-01-31 12:44:05 237072 ------w- c:\windows\system32\MpSigStub.exe
2012-01-04 14:28:36 16128 ----a-w- c:\windows\system32\drivers\gtkdrv.sys
.
=================== ROOTKIT ====================
.
Stealth MBR rootkit/Mebroot/Sinowal/TDL4 detector 0.4.2 by Gmer, http://www.gmer.net
Windows 6.1.7601 Disk: WDC_WD25 rev.03.0 -> Harddisk0\DR0 ->
.
device: opened successfully
user: MBR read successfully
.
Disk trace:
called modules: ntkrnlpa.exe CLASSPNP.SYS disk.sys ACPI.sys halmacpi.dll >>UNKNOWN [0x84BE349F]<<
_asm { PUSH EBP; MOV EBP, ESP; PUSH ECX; MOV EAX, [EBP+0x8]; CMP EAX, [0x84bea738]; MOV EAX, [0x84bea8ac]; PUSH EBX; PUSH ESI; MOV ESI, [EBP+0xc]; MOV EBX, [ESI+0x60]; PUSH EDI; JNZ 0x20; MOV [EBP+0x8], EAX; }
1 ntkrnlpa!IofCallDriver[0x81A7052A] -> \Device\Harddisk0\DR0[0x84A72460]
3 CLASSPNP[0x8778659E] -> ntkrnlpa!IofCallDriver[0x81A7052A] -> [0x83AD6E00]
5 ACPI[0x8723D3D4] -> ntkrnlpa!IofCallDriver[0x81A7052A] -> \0000005b[0x848889E0]
\Driver\nvstor32[0x84BC3D48] -> IRP_MJ_CREATE -> 0x84BE349F
kernel: MBR read successfully
_asm { XOR AX, AX; MOV SS, AX; MOV SP, 0x7c00; STI ; MOV ES, AX; MOV DS, AX; MOV SI, SP; MOV DI, 0x600; MOV CX, 0x200; CLD ; REP MOVSB ; JMP FAR 0x0:0x660; }
detected disk devices:
\Device\0000005b -> \??\SCSI#Disk&Ven_WDC_WD25&Prod_00AAJS-60Z0A#4&1b5084af&0&000000#{53f56307-b6bf-11d0-94f2-00a0c91efb8b} device not found
detected hooks:
user & kernel MBR OK
Warning: possible TDL3 rootkit infection !
.
============= FINISH: 23:08:06.55 ===============

_____________________________________________________________


.
UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
IF REQUESTED, ZIP IT UP & ATTACH IT
.
DDS (Ver_2011-08-26.01)
.
Microsoft Windows 7 Professional
Boot Device: \Device\HarddiskVolume1
Install Date: 7/6/2011 10:21:18
System Uptime: 3/21/2012 21:57:59 (2 hours ago)
.
Motherboard: PEGATRON CORPORATION | | 2A99
Processor: AMD Athlon(tm) II X2 220 Processor | CPU 1 | 2812/200mhz
.
==== Disk Partitions =========================
.
C: is FIXED (NTFS) - 224 GiB total, 195.748 GiB free.
D: is FIXED (NTFS) - 9 GiB total, 1.128 GiB free.
E: is CDROM ()
Z: is NetworkDisk (NTFS) - 224 GiB total, 194.236 GiB free.
.
==== Disabled Device Manager Items =============
.
Class GUID: {8ECC055D-047F-11D1-A537-0000F8753ED1}
Description: Security Processor Loader Driver
Device ID: ROOT\LEGACY_SPLDR\0000
Manufacturer:
Name: Security Processor Loader Driver
PNP Device ID: ROOT\LEGACY_SPLDR\0000
Service: spldr
.
==== System Restore Points ===================
.
No restore point in system.
.
==== Installed Programs ======================
.
32 Bit HP CIO Components Installer
ActiveCheck component for HP Active Support Library
Adobe AIR
Adobe Flash Player 11 ActiveX
Adobe Reader X (10.1.2)
Agatha Christie - Peril at End House
Bejeweled 2 Deluxe
Bejeweled 3
Bing Bar
Bing Bar Platform
Bing Rewards Client Installer
Blackhawk Striker 2
Blasterball 3
Blio
Bounce Symphony
Build-a-lot 2
Cake Mania
Chuzzle Deluxe
Closers' Choice
Definition update for Microsoft Office 2010 (KB982726)
Diner Dash 2 Restaurant Rescue
DirectX for Managed Code Update (Summer 2004)
Dora's World Adventure
Farm Frenzy
FATE - The Traitor Soul
Fort Dox
GoToManage Customer 1.6.0.363
GoToMeeting 4.5.0.457
HP Auto
HP Client Services
HP Connect Solutions
HP Customer Experience Enhancements
HP Desktop Keyboard
HP Games
HP MAINSTREAM KEYBOARD
HP Odometer
HP Remote Solution
HP Setup
HP Setup Manager
HP Support Assistant
HP Support Information
HP Vision Hardware Diagnostics
HPAsset component for HP Active Support Library
Java Auto Updater
Java(TM) 6 Update 26
Kobo
Mah Jong Medley
Malwarebytes Anti-Malware version 1.60.1.1000
Microsoft .NET Framework 4 Client Profile
Microsoft .NET Framework 4 Extended
Microsoft Antimalware
Microsoft Default Manager
Microsoft Office Access MUI (English) 2010
Microsoft Office Access Setup Metadata MUI (English) 2010
Microsoft Office Excel MUI (English) 2010
Microsoft Office Home and Business 2010
Microsoft Office OneNote MUI (English) 2010
Microsoft Office Outlook MUI (English) 2010
Microsoft Office PowerPoint MUI (English) 2010
Microsoft Office Proof (English) 2010
Microsoft Office Proof (French) 2010
Microsoft Office Proof (Spanish) 2010
Microsoft Office Proofing (English) 2010
Microsoft Office Publisher MUI (English) 2010
Microsoft Office Shared MUI (English) 2010
Microsoft Office Shared Setup Metadata MUI (English) 2010
Microsoft Office Single Image 2010
Microsoft Office Word MUI (English) 2010
Microsoft Outlook Social Connector (KB2289116) ªº§ó·s
Microsoft Search Enhancement Pack
Microsoft Security Client
Microsoft Security Essentials
Microsoft Silverlight
Microsoft Visual C++ 2005 Redistributable
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
Microsoft Visual C++ 2010 x86 Redistributable - 10.0.30319
Microsoft_VC90_CRT_x86
MSXML 4.0 SP2 (KB954430)
MSXML 4.0 SP2 (KB973688)
Mystery P.I. - Stolen in San Francisco
Namco All-Stars PAC-MAN
Norton Internet Security
NVIDIA Display Control Panel
NVIDIA Drivers
NVIDIA ForceWare Network Access Manager
PDF Complete Special Edition
Penguins!
Plants vs. Zombies - Game of the Year
PlayReady PC Runtime x86
Poker Superstars III
Polar Bowler
Polar Golfer
PressReader
Realtek High Definition Audio Driver
Recovery Manager
Security Update for Microsoft .NET Framework 4 Client Profile (KB2572078)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2633870)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2656351)
Security Update for Microsoft .NET Framework 4 Extended (KB2656351)
Security Update for Microsoft Office 2010 (KB2289078)
Security Update for Microsoft Office 2010 (KB2289161)
Security Update for Microsoft Publisher 2010 (KB2409055)
Security Update for Microsoft Word 2010 (KB2345000)
SHARP PCL6 T1 Printer Driver
Slingo Supreme
Trojan Killer
Update for Microsoft Office 2010 (KB2202188)
Update for Microsoft Office 2010 (KB2413186)
Update for Microsoft OneNote 2010 (KB2433299)
Update Installer for WildTangent Games App
Virtual Villagers 4 - The Tree of Life
Wheel of Fortune 2
WildTangent Games App (HP Games)
Windows Live ID Sign-in Assistant
Xobni
Zinio Reader 4
Zuma Deluxe
.
==== Event Viewer Messages From Past Week ========
.
3/21/2012 23:08:12, Error: Service Control Manager [7032] - The Service Control Manager tried to take a corrective action (Restart the service) after the unexpected termination of the Windows Management Instrumentation service, but this action failed with the following error: An instance of the service is already running.
3/21/2012 23:04:48, Error: Service Control Manager [7001] - The Computer Browser service depends on the Server service which failed to start because of the following error: The dependency service or group failed to start.
3/21/2012 23:03:12, Error: Service Control Manager [7031] - The Windows Management Instrumentation service terminated unexpectedly. It has done this 2 time(s). The following corrective action will be taken in 300000 milliseconds: Restart the service.
3/21/2012 23:03:12, Error: Service Control Manager [7031] - The User Profile Service service terminated unexpectedly. It has done this 2 time(s). The following corrective action will be taken in 300000 milliseconds: Restart the service.
3/21/2012 22:23:10, Error: Service Control Manager [7034] - The Application Information service terminated unexpectedly. It has done this 1 time(s).
3/21/2012 22:23:10, Error: Service Control Manager [7031] - The Windows Management Instrumentation service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 120000 milliseconds: Restart the service.
3/21/2012 22:23:10, Error: Service Control Manager [7031] - The User Profile Service service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 120000 milliseconds: Restart the service.
3/21/2012 22:11:42, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service WSearch with arguments "" in order to run the server: {9E175B6D-F52A-11D8-B9A5-505054503030}
3/21/2012 22:11:42, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service WSearch with arguments "" in order to run the server: {7D096C5F-AC08-4F1F-BEB7-5C22C517CE39}
3/21/2012 22:11:34, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service EventSystem with arguments "" in order to run the server: {1BE1F766-5536-11D1-B726-00C04FB926AF}
3/21/2012 22:11:24, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service ShellHWDetection with arguments "" in order to run the server: {DD522ACC-F821-461A-A407-50B198B896DC}
3/21/2012 21:58:49, Error: Service Control Manager [7026] - The following boot-start or system-start driver(s) failed to load: discache MpFilter spldr vpcvmm Wanarpv6
3/21/2012 21:51:27, Error: Service Control Manager [7000] - The Network List Service service failed to start due to the following error: The client of a component requested an operation which is not valid given the state of the component instance.
3/21/2012 21:51:27, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "776" attempting to start the service netprofm with arguments "" in order to run the server: {A47979D2-C419-11D9-A5B4-001185AD2B89}
3/21/2012 21:51:06, Error: Service Control Manager [7000] - The Secondary Logon service failed to start due to the following error: The client of a component requested an operation which is not valid given the state of the component instance.
3/21/2012 21:51:05, Error: Service Control Manager [7000] - The Workstation service failed to start due to the following error: The client of a component requested an operation which is not valid given the state of the component instance.
3/21/2012 21:51:02, Error: Microsoft-Windows-WER-SystemErrorReporting [1001] - The computer has rebooted from a bugcheck. The bugcheck was: 0x1000008e (0xc0000005, 0x833a0cb6, 0xaad4b338, 0x00000000). A dump was saved in: C:\Windows\Minidump\032112-32027-01.dmp. Report Id: 032112-32027-01.
3/21/2012 21:34:57, Error: Service Control Manager [7000] - The Group Policy Client service failed to start due to the following error: The client of a component requested an operation which is not valid given the state of the component instance.
3/21/2012 21:34:57, Error: Service Control Manager [7000] - The Desktop Window Manager Session Manager service failed to start due to the following error: The client of a component requested an operation which is not valid given the state of the component instance.
3/21/2012 21:34:47, Error: Microsoft-Windows-WER-SystemErrorReporting [1001] - The computer has rebooted from a bugcheck. The bugcheck was: 0x1000008e (0xc0000005, 0x8337fcb6, 0xaa5eb338, 0x00000000). A dump was saved in: C:\Windows\Minidump\032112-30997-01.dmp. Report Id: 032112-30997-01.
3/21/2012 21:03:07, Error: Microsoft Antimalware [3002] - Microsoft Antimalware Real-Time Protection feature has encountered an error and failed. Feature: Behavior Monitoring Error Code: 0x80004005 Error description: Unspecified error Reason: The filter driver requires an up-to-date engine in order to function. You must install the latest definition updates in order to enable real-time protection.
3/21/2012 18:31:18, Error: Service Control Manager [7026] - The following boot-start or system-start driver(s) failed to load: discache spldr vpcvmm Wanarpv6
3/21/2012 18:28:47, Error: Service Control Manager [7009] - A timeout was reached (30000 milliseconds) while waiting for the Windows Media Player Network Sharing Service service to connect.
3/21/2012 18:28:47, Error: Service Control Manager [7000] - The Windows Media Player Network Sharing Service service failed to start due to the following error: The service did not respond to the start or control request in a timely fashion.
3/21/2012 17:15:16, Error: Service Control Manager [7000] - The SSDP Discovery service failed to start due to the following error: The client of a component requested an operation which is not valid given the state of the component instance.
3/21/2012 17:14:58, Error: Service Control Manager [7000] - The Network Location Awareness service failed to start due to the following error: The client of a component requested an operation which is not valid given the state of the component instance.
3/21/2012 17:14:55, Error: Microsoft-Windows-WER-SystemErrorReporting [1001] - The computer has rebooted from a bugcheck. The bugcheck was: 0x1000007e (0xc0000005, 0x81ab6ca0, 0x88440b4c, 0x88440730). A dump was saved in: C:\Windows\Minidump\032112-57923-01.dmp. Report Id: 032112-57923-01.
3/21/2012 16:51:25, Error: Service Control Manager [7030] - The PEVSystemStart service is marked as an interactive service. However, the system is configured to not allow interactive services. This service may not function properly.
3/21/2012 16:49:03, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service VSS with arguments "" in order to run the server: {E579AB5F-1CC4-44B4-BED9-DE0991FF0623}
3/21/2012 15:31:36, Error: Service Control Manager [7023] - The Server service terminated with the following error: A specified authentication package is unknown.
3/21/2012 15:31:35, Error: Service Control Manager [7001] - The Computer Browser service depends on the Server service which failed to start because of the following error: A specified authentication package is unknown.
3/21/2012 15:31:29, Error: Service Control Manager [7031] - The Windows Update service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 60000 milliseconds: Restart the service.
3/21/2012 15:31:29, Error: Service Control Manager [7031] - The Themes service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 60000 milliseconds: Restart the service.
3/21/2012 15:31:29, Error: Service Control Manager [7031] - The Task Scheduler service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 60000 milliseconds: Restart the service.
3/21/2012 15:31:29, Error: Service Control Manager [7031] - The System Event Notification Service service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 120000 milliseconds: Restart the service.
3/21/2012 15:31:29, Error: Service Control Manager [7031] - The Shell Hardware Detection service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 60000 milliseconds: Restart the service.
3/21/2012 15:31:29, Error: Service Control Manager [7031] - The Server service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 60000 milliseconds: Restart the service.
3/21/2012 15:31:29, Error: Service Control Manager [7031] - The Secondary Logon service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 120000 milliseconds: Restart the service.
3/21/2012 15:31:29, Error: Service Control Manager [7031] - The IP Helper service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 120000 milliseconds: Restart the service.
3/21/2012 15:31:29, Error: Service Control Manager [7031] - The Computer Browser service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 120000 milliseconds: Restart the service.
3/21/2012 15:31:29, Error: Service Control Manager [7031] - The Background Intelligent Transfer Service service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 60000 milliseconds: Restart the service.
3/21/2012 15:31:23, Error: Service Control Manager [7043] - The Windows Update service did not shut down properly after receiving a preshutdown control.
3/21/2012 14:55:35, Error: Microsoft-Windows-WER-SystemErrorReporting [1001] - The computer has rebooted from a bugcheck. The bugcheck was: 0x1000007e (0xc0000005, 0x82ae5ca0, 0x9871fb4c, 0x9871f730). A dump was saved in: C:\Windows\Minidump\032112-73694-01.dmp. Report Id: 032112-73694-01.
3/21/2012 14:52:47, Error: Service Control Manager [7009] - A timeout was reached (30000 milliseconds) while waiting for the Windows Error Reporting Service service to connect.
3/21/2012 14:46:44, Error: Microsoft-Windows-WHEA-Logger [20] - A fatal hardware error has occurred. Component: AMD Northbridge Error Source: Machine Check Exception Error Type: Sync Error Processor ID: 0 The details view of this entry contains further information.
3/21/2012 12:57:10, Error: Service Control Manager [7000] - The Application Experience service failed to start due to the following error: A thread could not be created for the service.
3/21/2012 08:09:43, Error: Schannel [36888] - The following fatal alert was generated: 40. The internal error state is 107.
3/21/2012 08:09:43, Error: Schannel [36874] - An SSL 3.0 connection request was received from a remote client application, but none of the cipher suites supported by the client application are supported by the server. The SSL connection request has failed.
3/21/2012 03:26:00, Error: Service Control Manager [7032] - The Service Control Manager tried to take a corrective action (Restart the service) after the unexpected termination of the Computer Browser service, but this action failed with the following error: An instance of the service is already running.
3/21/2012 03:25:00, Error: Service Control Manager [7032] - The Service Control Manager tried to take a corrective action (Restart the service) after the unexpected termination of the Server service, but this action failed with the following error: An instance of the service is already running.
3/21/2012 03:24:00, Error: Service Control Manager [7031] - The Group Policy Client service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 120000 milliseconds: Restart the service.
3/21/2012 03:06:53, Error: Service Control Manager [7011] - A timeout (30000 milliseconds) was reached while waiting for a transaction response from the AeLookupSvc service.
3/21/2012 03:06:53, Error: Service Control Manager [7000] - The Application Experience service failed to start due to the following error: The service did not respond to the start or control request in a timely fashion.
3/20/2012 17:23:33, Error: Microsoft-Windows-WER-SystemErrorReporting [1001] - The computer has rebooted from a bugcheck. The bugcheck was: 0x1000007e (0xc0000005, 0x81aa4ca0, 0x88448b4c, 0x88448730). A dump was saved in: C:\Windows\Minidump\032012-41090-01.dmp. Report Id: 032012-41090-01.
3/20/2012 16:02:48, Error: Service Control Manager [7026] - The following boot-start or system-start driver(s) failed to load: Avgldx86 Avgmfx86 discache spldr vpcvmm Wanarpv6
3/20/2012 15:49:39, Error: Service Control Manager [7000] - The Windows Audio service failed to start due to the following error: The client of a component requested an operation which is not valid given the state of the component instance.
3/20/2012 15:49:39, Error: Microsoft-Windows-WER-SystemErrorReporting [1001] - The computer has rebooted from a bugcheck. The bugcheck was: 0x1000007f (0x00000008, 0x807c8750, 0x00000000, 0x00000000). A dump was saved in: C:\Windows\Minidump\032012-40763-01.dmp. Report Id: 032012-40763-01.
3/20/2012 11:36:21, Error: Schannel [36888] - The following fatal alert was generated: 10. The internal error state is 10.
3/20/2012 10:58:07, Error: Service Control Manager [7009] - A timeout was reached (30000 milliseconds) while waiting for the XobniService service to connect.
3/20/2012 10:58:07, Error: Service Control Manager [7000] - The XobniService service failed to start due to the following error: The service did not respond to the start or control request in a timely fashion.
3/20/2012 10:54:47, Error: Service Control Manager [7043] - The Group Policy Client service did not shut down properly after receiving a preshutdown control.
3/20/2012 10:53:01, Error: Service Control Manager [7011] - A timeout (30000 milliseconds) was reached while waiting for a transaction response from the Schedule service.
3/20/2012 10:52:31, Error: Service Control Manager [7011] - A timeout (30000 milliseconds) was reached while waiting for a transaction response from the MMCSS service.
3/20/2012 10:47:21, Error: Service Control Manager [7000] - The Multimedia Class Scheduler service failed to start due to the following error: The service did not respond to the start or control request in a timely fashion.
3/20/2012 10:11:45, Error: Service Control Manager [7011] - A timeout (30000 milliseconds) was reached while waiting for a transaction response from the wuauserv service.
3/20/2012 10:10:45, Error: Service Control Manager [7011] - A timeout (30000 milliseconds) was reached while waiting for a transaction response from the seclogon service.
3/20/2012 10:08:45, Error: Service Control Manager [7011] - A timeout (30000 milliseconds) was reached while waiting for a transaction response from the BITS service.
3/19/2012 18:25:10, Error: Service Control Manager [7034] - The PDF Document Manager service terminated unexpectedly. It has done this 1 time(s).
3/19/2012 17:53:44, Error: Microsoft-Windows-WER-SystemErrorReporting [1001] - The computer has rebooted from a bugcheck. The bugcheck was: 0x1000007e (0xc0000005, 0x82adccbd, 0x8a127b4c, 0x8a127730). A dump was saved in: C:\Windows\Minidump\031912-38501-01.dmp. Report Id: 031912-38501-01.
3/19/2012 17:43:49, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service MSIServer with arguments "" in order to run the server: {000C101C-0000-0000-C000-000000000046}
3/19/2012 13:33:16, Error: Microsoft-Windows-WER-SystemErrorReporting [1001] - The computer has rebooted from a bugcheck. The bugcheck was: 0x1000007e (0xc0000005, 0x81aaacbd, 0x88434b4c, 0x88434730). A dump was saved in: C:\Windows\Minidump\031912-42962-01.dmp. Report Id: 031912-42962-01.
3/19/2012 13:01:34, Error: Service Control Manager [7011] - A timeout (30000 milliseconds) was reached while waiting for a transaction response from the avgwd service.
3/19/2012 12:06:11, Error: Microsoft-Windows-WER-SystemErrorReporting [1001] - The computer has rebooted from a bugcheck. The bugcheck was: 0x1000007f (0x0000000d, 0x00000000, 0x00000000, 0x00000000). A dump was saved in: C:\Windows\Minidump\031912-37736-01.dmp. Report Id: 031912-37736-01.
3/19/2012 08:47:35, Error: Microsoft-Windows-WER-SystemErrorReporting [1001] - The computer has rebooted from a bugcheck. The bugcheck was: 0x1000007e (0xc0000005, 0x82ae4cbd, 0x9ca47b4c, 0x9ca47730). A dump was saved in: C:\Windows\Minidump\031912-26114-01.dmp. Report Id: 031912-26114-01.
3/19/2012 08:43:54, Error: Microsoft-Windows-WER-SystemErrorReporting [1001] - The computer has rebooted from a bugcheck. The bugcheck was: 0x1000007e (0xc0000005, 0x82ab5cbd, 0x9a147b4c, 0x9a147730). A dump was saved in: C:\Windows\Minidump\031912-26816-01.dmp. Report Id: 031912-26816-01.
3/19/2012 08:39:02, Error: Service Control Manager [7001] - The Network List Service service depends on the Network Location Awareness service which failed to start because of the following error: The dependency service or group failed to start.
3/19/2012 08:38:59, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1068" attempting to start the service netprofm with arguments "" in order to run the server: {A47979D2-C419-11D9-A5B4-001185AD2B89}
3/19/2012 08:38:59, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1068" attempting to start the service netman with arguments "" in order to run the server: {BA126AD1-2166-11D1-B1D0-00805FC1270E}
3/19/2012 08:37:36, Error: Service Control Manager [7026] - The following boot-start or system-start driver(s) failed to load: AFD Avgldx86 Avgmfx86 Avgtdix DfsC discache NetBIOS NetBT nsiproxy Psched rdbss spldr tdx vpcnfltr vpcvmm Wanarpv6 WfpLwf ws2ifsl
3/19/2012 08:37:36, Error: Service Control Manager [7001] - The SMB MiniRedirector Wrapper and Engine service depends on the Redirected Buffering Sub Sysytem service which failed to start because of the following error: A device attached to the system is not functioning.
3/19/2012 08:37:36, Error: Service Control Manager [7001] - The SMB 2.0 MiniRedirector service depends on the SMB MiniRedirector Wrapper and Engine service which failed to start because of the following error: The dependency service or group failed to start.
3/19/2012 08:37:36, Error: Service Control Manager [7001] - The SMB 1.x MiniRedirector service depends on the SMB MiniRedirector Wrapper and Engine service which failed to start because of the following error: The dependency service or group failed to start.
3/19/2012 08:37:36, Error: Service Control Manager [7001] - The Network Location Awareness service depends on the Network Store Interface Service service which failed to start because of the following error: The dependency service or group failed to start.
3/19/2012 08:37:36, Error: Service Control Manager [7001] - The IP Helper service depends on the Network Store Interface Service service which failed to start because of the following error: The dependency service or group failed to start.
3/19/2012 08:37:32, Error: Service Control Manager [7001] - The Workstation service depends on the Network Store Interface Service service which failed to start because of the following error: The dependency service or group failed to start.
3/19/2012 08:37:32, Error: Service Control Manager [7001] - The TCP/IP NetBIOS Helper service depends on the Ancillary Function Driver for Winsock service which failed to start because of the following error: A device attached to the system is not functioning.
3/19/2012 08:37:32, Error: Service Control Manager [7001] - The Network Store Interface Service service depends on the NSI proxy service driver. service which failed to start because of the following error: A device attached to the system is not functioning.
3/19/2012 08:37:32, Error: Service Control Manager [7001] - The DNS Client service depends on the NetIO Legacy TDI Support Driver service which failed to start because of the following error: A device attached to the system is not functioning.
3/19/2012 08:37:32, Error: Service Control Manager [7001] - The DHCP Client service depends on the Ancillary Function Driver for Winsock service which failed to start because of the following error: A device attached to the system is not functioning.
3/19/2012 08:37:30, Error: Microsoft-Windows-WER-SystemErrorReporting [1001] - The computer has rebooted from a bugcheck. The bugcheck was: 0x1000007e (0xc0000005, 0x82ae2cbd, 0x8a127b4c, 0x8a127730). A dump was saved in: C:\Windows\Minidump\031912-19156-01.dmp. Report Id: 031912-19156-01.
3/19/2012 08:33:18, Error: Microsoft-Windows-WER-SystemErrorReporting [1001] - The computer has rebooted from a bugcheck. The bugcheck was: 0x1000007e (0xc0000005, 0x82af3cbd, 0x8a127b4c, 0x8a127730). A dump was saved in: C:\Windows\Minidump\031912-26910-01.dmp. Report Id: 031912-26910-01.
3/19/2012 08:31:26, Error: Microsoft-Windows-WER-SystemErrorReporting [1001] - The computer has rebooted from a bugcheck. The bugcheck was: 0x1000007e (0xc0000005, 0x82adbcbd, 0x9c395b4c, 0x9c395730). A dump was saved in: C:\Windows\Minidump\031912-52229-01.dmp. Report Id: 031912-52229-01.
3/19/2012 08:28:52, Error: Microsoft-Windows-WER-SystemErrorReporting [1001] - The computer has rebooted from a bugcheck. The bugcheck was: 0x1000007e (0xc0000005, 0x82af0cbd, 0x8a123b4c, 0x8a123730). A dump was saved in: C:\Windows\Minidump\031912-33977-01.dmp. Report Id: 031912-33977-01.
3/19/2012 03:39:53, Error: Service Control Manager [7034] - The Windows Update service terminated unexpectedly. It has done this 2 time(s).
3/19/2012 03:39:53, Error: Service Control Manager [7031] - The Themes service terminated unexpectedly. It has done this 2 time(s). The following corrective action will be taken in 60000 milliseconds: Restart the service.
3/19/2012 03:39:53, Error: Service Control Manager [7031] - The Task Scheduler service terminated unexpectedly. It has done this 2 time(s). The following corrective action will be taken in 60000 milliseconds: Restart the service.
3/19/2012 03:39:53, Error: Service Control Manager [7031] - The System Event Notification Service service terminated unexpectedly. It has done this 2 time(s). The following corrective action will be taken in 300000 milliseconds: Restart the service.
3/19/2012 03:39:53, Error: Service Control Manager [7031] - The Secondary Logon service terminated unexpectedly. It has done this 2 time(s). The following corrective action will be taken in 300000 milliseconds: Restart the service.
3/19/2012 03:39:53, Error: Service Control Manager [7031] - The Multimedia Class Scheduler service terminated unexpectedly. It has done this 2 time(s). The following corrective action will be taken in 300000 milliseconds: Restart the service.
3/19/2012 03:39:52, Error: Service Control Manager [7031] - The Server service terminated unexpectedly. It has done this 2 time(s). The following corrective action will be taken in 120000 milliseconds: Restart the service.
3/19/2012 03:39:52, Error: Service Control Manager [7031] - The IP Helper service terminated unexpectedly. It has done this 2 time(s). The following corrective action will be taken in 300000 milliseconds: Restart the service.
3/19/2012 03:39:52, Error: Service Control Manager [7031] - The Group Policy Client service terminated unexpectedly. It has done this 2 time(s). The following corrective action will be taken in 300000 milliseconds: Restart the service.
3/19/2012 03:39:52, Error: Service Control Manager [7031] - The Background Intelligent Transfer Service service terminated unexpectedly. It has done this 2 time(s). The following corrective action will be taken in 120000 milliseconds: Restart the service.
3/18/2012 23:27:37, Error: Service Control Manager [7034] - The Adobe Acrobat Update Service service terminated unexpectedly. It has done this 1 time(s).
3/18/2012 23:27:36, Error: Service Control Manager [7034] - The HP Client Services service terminated unexpectedly. It has done this 1 time(s).
3/18/2012 23:27:36, Error: Service Control Manager [7031] - The GoToAssist Express Customer service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 1000 milliseconds: Restart the service.
3/18/2012 23:27:35, Error: Service Control Manager [7034] - The HP Quick Synchronization Service service terminated unexpectedly. It has done this 1 time(s).
3/18/2012 23:27:33, Error: Service Control Manager [7034] - The SeaPort service terminated unexpectedly. It has done this 1 time(s).
3/18/2012 23:27:33, Error: Service Control Manager [7031] - The Windows Live ID Sign-in Assistant service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 10000 milliseconds: Restart the service.
3/18/2012 23:27:33, Error: Service Control Manager [7031] - The HP Health Check Service service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 60000 milliseconds: Restart the service.
3/18/2012 23:27:32, Error: Service Control Manager [7034] - The ForceWare IP service service terminated unexpectedly. It has done this 1 time(s).
3/18/2012 23:27:32, Error: Service Control Manager [7034] - The ForceWare Intelligent Application Manager (IAM) service terminated unexpectedly. It has done this 1 time(s).
3/18/2012 23:27:28, Error: Service Control Manager [7034] - The NVIDIA Display Driver Service service terminated unexpectedly. It has done this 1 time(s).
3/18/2012 20:18:02, Error: Service Control Manager [7031] - The Multimedia Class Scheduler service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 120000 milliseconds: Restart the service.
3/18/2012 20:18:02, Error: Service Control Manager [7031] - The Application Experience service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 60000 milliseconds: Restart the service.
3/18/2012 15:48:02, Error: Service Control Manager [7032] - The Service Control Manager tried to take a corrective action (Restart the service) after the unexpected termination of the Multimedia Class Scheduler service, but this action failed with the following error: An instance of the service is already running.
3/18/2012 13:32:11, Error: Microsoft-Windows-WER-SystemErrorReporting [1001] - The computer has rebooted from a bugcheck. The bugcheck was: 0x1000007e (0xc0000005, 0x82aa7cbd, 0x8a123b4c, 0x8a123730). A dump was saved in: C:\Windows\Minidump\031812-42884-01.dmp. Report Id: 031812-42884-01.
3/18/2012 11:56:51, Error: Service Control Manager [7000] - The Multimedia Class Scheduler service failed to start due to the following error: Not enough storage is available to process this command.
3/18/2012 11:56:51, Error: Service Control Manager [7000] - The Multimedia Class Scheduler service failed to start due to the following error: A thread could not be created for the service.
3/18/2012 11:49:30, Error: Microsoft-Windows-GroupPolicy [1030] - The processing of Group Policy failed. Windows attempted to retrieve new Group Policy settings for this user or computer. Look in the details tab for error code and description. Windows will automatically retry this operation at the next refresh cycle. Computers joined to the domain must have proper name resolution and network connectivity to a domain controller for discovery of new Group Policy objects and settings. An event will be logged when Group Policy is successful.
.
==== End Of File ===========================

 

[TechFee]

DDS and Attach log

Those scans were done in Safe mode. Is that OK or should I reproduce? MalwareBytes and GMER were done in normal mode.

 

[Broni]

Download TDSSKiller and save it to your desktop.

• Extract (unzip) its contents to your desktop.
• Open the TDSSKiller folder and doubleclick on TDSSKiller.exe to run the application, then on Start Scan.
• If an infected file is detected, the default action will be Cure, click on Continue.
• If a suspicious file is detected, the default action will be Skip, click on Continue.
• It may ask you to reboot the computer to complete the process. Click on Reboot Now.
• If no reboot is require, click on Report. A log file should appear. Please copy and paste the contents of that file here.
• If a reboot is required, the report can also be found in your root directory (usually C:\ folder) in the form of TDSSKiller_xxxx_log.txt. Please copy and paste the contents of that file here.

 

[TechFee]

TDSS log part 1

23:41:33.0276 3716 TDSS rootkit removing tool 2.7.22.0 Mar 21 2012 17:40:00
23:41:34.0571 3716 ============================================================
23:41:34.0571 3716 Current date / time: 2012/03/21 23:41:34.0571
23:41:34.0571 3716 SystemInfo:
23:41:34.0571 3716
23:41:34.0571 3716 OS Version: 6.1.7601 ServicePack: 1.0
23:41:34.0571 3716 Product type: Workstation
23:41:34.0571 3716 ComputerName: MELB-W10
23:41:34.0571 3716 UserName: kmanney
23:41:34.0571 3716 Windows directory: C:\Windows
23:41:34.0571 3716 System windows directory: C:\Windows
23:41:34.0571 3716 Processor architecture: Intel x86
23:41:34.0571 3716 Number of processors: 2
23:41:34.0571 3716 Page size: 0x1000
23:41:34.0571 3716 Boot type: Safe boot with network
23:41:34.0571 3716 ============================================================
23:41:35.0821 3716 Drive \Device\Harddisk0\DR0 - Size: 0x3A38B2E000 (232.89 Gb), SectorSize: 0x200, Cylinders: 0x76C1, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000050
23:41:35.0830 3716 \Device\Harddisk0\DR0:
23:41:35.0830 3716 MBR used
23:41:35.0830 3716 \Device\Harddisk0\DR0\Partition0: MBR, Type 0x7, StartLBA 0x800, BlocksNum 0x32000
23:41:35.0830 3716 \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x32800, BlocksNum 0x1BF07000
23:41:35.0830 3716 \Device\Harddisk0\DR0\Partition2: MBR, Type 0x7, StartLBA 0x1BF39800, BlocksNum 0x128B800
23:41:35.0893 3716 Initialize success
23:41:35.0893 3716 ============================================================
23:41:39.0308 2864 ============================================================
23:41:39.0308 2864 Scan started
23:41:39.0308 2864 Mode: Manual;
23:41:39.0308 2864 ============================================================
23:41:44.0321 2864 1394ohci (1b133875b8aa8ac48969bd3458afe9f5) C:\Windows\system32\drivers\1394ohci.sys
23:41:44.0523 2864 1394ohci - ok
23:41:44.0588 2864 ACPI (cea80c80bed809aa0da6febc04733349) C:\Windows\system32\drivers\ACPI.sys
23:41:44.0591 2864 ACPI - ok
23:41:44.0630 2864 AcpiPmi (1efbc664abff416d1d07db115dcb264f) C:\Windows\system32\drivers\acpipmi.sys
23:41:44.0631 2864 AcpiPmi - ok
23:41:44.0759 2864 AdobeARMservice (62b7936f9036dd6ed36e6a7efa805dc0) C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe
23:41:44.0761 2864 AdobeARMservice - ok
23:41:44.0811 2864 adp94xx (21e785ebd7dc90a06391141aac7892fb) C:\Windows\system32\drivers\adp94xx.sys
23:41:44.0816 2864 adp94xx - ok
23:41:44.0847 2864 adpahci (0c676bc278d5b59ff5abd57bbe9123f2) C:\Windows\system32\drivers\adpahci.sys
23:41:44.0850 2864 adpahci - ok
23:41:44.0882 2864 adpu320 (7c7b5ee4b7b822ec85321fe23a27db33) C:\Windows\system32\drivers\adpu320.sys
23:41:44.0884 2864 adpu320 - ok
23:41:44.0914 2864 AeLookupSvc (8b5eefeec1e6d1a72a06c526628ad161) C:\Windows\System32\aelupsvc.dll
23:41:44.0915 2864 AeLookupSvc - ok
23:41:44.0971 2864 AFD (1151fd4fb0216cfed887bfde29ebd516) C:\Windows\system32\drivers\afd.sys
23:41:44.0974 2864 AFD - ok
23:41:44.0995 2864 agp440 (507812c3054c21cef746b6ee3d04dd6e) C:\Windows\system32\drivers\agp440.sys
23:41:44.0996 2864 agp440 - ok
23:41:45.0035 2864 aic78xx (8b30250d573a8f6b4bd23195160d8707) C:\Windows\system32\drivers\djsvs.sys
23:41:45.0037 2864 aic78xx - ok
23:41:45.0077 2864 ALG (18a54e132947cd98fea9accc57f98f13) C:\Windows\System32\alg.exe
23:41:45.0078 2864 ALG - ok
23:41:45.0110 2864 aliide (0d40bcf52ea90fc7df2aeab6503dea44) C:\Windows\system32\drivers\aliide.sys
23:41:45.0111 2864 aliide - ok
23:41:45.0151 2864 amdagp (3c6600a0696e90a463771c7422e23ab5) C:\Windows\system32\drivers\amdagp.sys
23:41:45.0152 2864 amdagp - ok
23:41:45.0177 2864 amdide (cd5914170297126b6266860198d1d4f0) C:\Windows\system32\drivers\amdide.sys
23:41:45.0178 2864 amdide - ok
23:41:45.0206 2864 AmdK8 (00dda200d71bac534bf56a9db5dfd666) C:\Windows\system32\drivers\amdk8.sys
23:41:45.0207 2864 AmdK8 - ok
23:41:45.0236 2864 AmdPPM (3cbf30f5370fda40dd3e87df38ea53b6) C:\Windows\system32\drivers\amdppm.sys
23:41:45.0238 2864 AmdPPM - ok
23:41:45.0270 2864 amdsata (e7f4d42d8076ec60e21715cd11743a0d) C:\Windows\system32\drivers\amdsata.sys
23:41:45.0271 2864 amdsata - ok
23:41:45.0289 2864 amdsbs (ea43af0c423ff267355f74e7a53bdaba) C:\Windows\system32\drivers\amdsbs.sys
23:41:45.0291 2864 amdsbs - ok
23:41:45.0308 2864 amdxata (146459d2b08bfdcbfa856d9947043c81) C:\Windows\system32\drivers\amdxata.sys
23:41:45.0309 2864 amdxata - ok
23:41:45.0351 2864 AppID (aea177f783e20150ace5383ee368da19) C:\Windows\system32\drivers\appid.sys
23:41:45.0352 2864 AppID - ok
23:41:45.0377 2864 AppIDSvc (62a9c86cb6085e20db4823e4e97826f5) C:\Windows\System32\appidsvc.dll
23:41:45.0378 2864 AppIDSvc - ok
23:41:45.0417 2864 Appinfo (fb1959012294d6ad43e5304df65e3c26) C:\Windows\System32\appinfo.dll
23:41:45.0418 2864 Appinfo - ok
23:41:45.0455 2864 AppMgmt (a45d184df6a8803da13a0b329517a64a) C:\Windows\System32\appmgmts.dll
23:41:45.0457 2864 AppMgmt - ok
23:41:45.0510 2864 arc (2932004f49677bd84dbc72edb754ffb3) C:\Windows\system32\drivers\arc.sys
23:41:45.0511 2864 arc - ok
23:41:45.0528 2864 arcsas (5d6f36c46fd283ae1b57bd2e9feb0bc7) C:\Windows\system32\drivers\arcsas.sys
23:41:45.0530 2864 arcsas - ok
23:41:45.0616 2864 aspnet_state (776acefa0ca9df0faa51a5fb2f435705) C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_state.exe
23:41:45.0617 2864 aspnet_state - ok
23:41:45.0650 2864 AsyncMac (add2ade1c2b285ab8378d2daaf991481) C:\Windows\system32\DRIVERS\asyncmac.sys
23:41:45.0650 2864 AsyncMac - ok
23:41:45.0683 2864 atapi (338c86357871c167a96ab976519bf59e) C:\Windows\system32\drivers\atapi.sys
23:41:45.0683 2864 atapi - ok
23:41:45.0729 2864 AudioEndpointBuilder (ce3b4e731638d2ef62fcb419be0d39f0) C:\Windows\System32\Audiosrv.dll
23:41:45.0744 2864 AudioEndpointBuilder - ok
23:41:45.0752 2864 Audiosrv (ce3b4e731638d2ef62fcb419be0d39f0) C:\Windows\System32\Audiosrv.dll
23:41:45.0756 2864 Audiosrv - ok
23:41:45.0789 2864 AxInstSV (6e30d02aac9cac84f421622e3a2f6178) C:\Windows\System32\AxInstSV.dll
23:41:45.0790 2864 AxInstSV - ok
23:41:45.0841 2864 b06bdrv (1a231abec60fd316ec54c66715543cec) C:\Windows\system32\drivers\bxvbdx.sys
23:41:45.0846 2864 b06bdrv - ok
23:41:45.0877 2864 b57nd60x (bd8869eb9cde6bbe4508d869929869ee) C:\Windows\system32\DRIVERS\b57nd60x.sys
23:41:45.0880 2864 b57nd60x - ok
23:41:45.0906 2864 BDESVC (ee1e9c3bb8228ae423dd38db69128e71) C:\Windows\System32\bdesvc.dll
23:41:45.0907 2864 BDESVC - ok
23:41:45.0924 2864 Beep (505506526a9d467307b3c393dedaf858) C:\Windows\system32\drivers\Beep.sys
23:41:45.0924 2864 Beep - ok
23:41:45.0960 2864 BFE (1e2bac209d184bb851e1a187d8a29136) C:\Windows\System32\bfe.dll
23:41:45.0965 2864 BFE - ok
23:41:45.0998 2864 BITS (e585445d5021971fae10393f0f1c3961) C:\Windows\System32\qmgr.dll
23:41:46.0015 2864 BITS - ok
23:41:46.0067 2864 blbdrive (2287078ed48fcfc477b05b20cf38f36f) C:\Windows\system32\drivers\blbdrive.sys
23:41:46.0068 2864 blbdrive - ok
23:41:46.0091 2864 bowser (fcafaef6798d7b51ff029f99a9898961) C:\Windows\system32\DRIVERS\bowser.sys
23:41:46.0092 2864 bowser - ok
23:41:46.0121 2864 BrFiltLo (9f9acc7f7ccde8a15c282d3f88b43309) C:\Windows\system32\drivers\BrFiltLo.sys
23:41:46.0138 2864 BrFiltLo - ok
23:41:46.0146 2864 BrFiltUp (56801ad62213a41f6497f96dee83755a) C:\Windows\system32\drivers\BrFiltUp.sys
23:41:46.0147 2864 BrFiltUp - ok
23:41:46.0193 2864 BridgeMP (77361d72a04f18809d0efb6cceb74d4b) C:\Windows\system32\DRIVERS\bridge.sys
23:41:46.0195 2864 BridgeMP - ok
23:41:46.0219 2864 Browser (6e11f33d14d020f58d5e02e4d67dfa19) C:\Windows\System32\browser.dll
23:41:46.0221 2864 Browser - ok
23:41:46.0259 2864 Brserid (845b8ce732e67f3b4133164868c666ea) C:\Windows\System32\Drivers\Brserid.sys
23:41:46.0263 2864 Brserid - ok
23:41:46.0283 2864 BrSerWdm (203f0b1e73adadbbb7b7b1fabd901f6b) C:\Windows\System32\Drivers\BrSerWdm.sys
23:41:46.0285 2864 BrSerWdm - ok
23:41:46.0304 2864 BrUsbMdm (bd456606156ba17e60a04e18016ae54b) C:\Windows\System32\Drivers\BrUsbMdm.sys
23:41:46.0305 2864 BrUsbMdm - ok
23:41:46.0320 2864 BrUsbSer (af72ed54503f717a43268b3cc5faec2e) C:\Windows\System32\Drivers\BrUsbSer.sys
23:41:46.0321 2864 BrUsbSer - ok
23:41:46.0504 2864 BTHMODEM (ed3df7c56ce0084eb2034432fc56565a) C:\Windows\system32\drivers\bthmodem.sys
23:41:46.0509 2864 BTHMODEM - ok
23:41:46.0558 2864 bthserv (1df19c96eef6c29d1c3e1a8678e07190) C:\Windows\system32\bthserv.dll
23:41:46.0560 2864 bthserv - ok
23:41:46.0646 2864 catchme - ok
23:41:46.0689 2864 cdfs (77ea11b065e0a8ab902d78145ca51e10) C:\Windows\system32\DRIVERS\cdfs.sys
23:41:46.0691 2864 cdfs - ok
23:41:46.0741 2864 cdrom (be167ed0fdb9c1fa1133953c18d5a6c9) C:\Windows\system32\drivers\cdrom.sys
23:41:46.0743 2864 cdrom - ok
23:41:46.0783 2864 CertPropSvc (319c6b309773d063541d01df8ac6f55f) C:\Windows\System32\certprop.dll
23:41:46.0784 2864 CertPropSvc - ok
23:41:46.0808 2864 circlass (3fe3fe94a34df6fb06e6418d0f6a0060) C:\Windows\system32\drivers\circlass.sys
23:41:46.0809 2864 circlass - ok
23:41:46.0827 2864 CLFS (635181e0e9bbf16871bf5380d71db02d) C:\Windows\system32\CLFS.sys
23:41:46.0830 2864 CLFS - ok
23:41:46.0913 2864 clr_optimization_v2.0.50727_32 (d88040f816fda31c3b466f0fa0918f29) C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
23:41:46.0914 2864 clr_optimization_v2.0.50727_32 - ok
23:41:46.0978 2864 clr_optimization_v4.0.30319_32 (c5a75eb48e2344abdc162bda79e16841) C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
23:41:46.0980 2864 clr_optimization_v4.0.30319_32 - ok
23:41:47.0034 2864 CmBatt (dea805815e587dad1dd2c502220b5616) C:\Windows\system32\drivers\CmBatt.sys
23:41:47.0035 2864 CmBatt - ok
23:41:47.0067 2864 cmdide (c537b1db64d495b9b4717b4d6d9edbf2) C:\Windows\system32\drivers\cmdide.sys
23:41:47.0068 2864 cmdide - ok
23:41:47.0097 2864 CNG (1b675691ed940766149c93e8f4488d68) C:\Windows\system32\Drivers\cng.sys
23:41:47.0101 2864 CNG - ok
23:41:47.0117 2864 Compbatt (a6023d3823c37043986713f118a89bee) C:\Windows\system32\drivers\compbatt.sys
23:41:47.0118 2864 Compbatt - ok
23:41:47.0175 2864 CompositeBus (cbe8c58a8579cfe5fccf809e6f114e89) C:\Windows\system32\drivers\CompositeBus.sys
23:41:47.0176 2864 CompositeBus - ok
23:41:47.0194 2864 COMSysApp - ok
23:41:47.0215 2864 crcdisk (2c4ebcfc84a9b44f209dff6c6e6c61d1) C:\Windows\system32\drivers\crcdisk.sys
23:41:47.0215 2864 crcdisk - ok
23:41:47.0249 2864 CryptSvc (a585bebf7d054bd9618eda0922d5484a) C:\Windows\system32\cryptsvc.dll
23:41:47.0251 2864 CryptSvc - ok
23:41:47.0283 2864 CSC (3c2177a897b4ca2788c6fb0c3fd81d4b) C:\Windows\system32\drivers\csc.sys
23:41:47.0288 2864 CSC - ok
23:41:47.0310 2864 CscService (15f93b37f6801943360d9eb42485d5d3) C:\Windows\System32\cscsvc.dll
23:41:47.0326 2864 CscService - ok
23:41:47.0354 2864 DcomLaunch (7660f01d3b38aca1747e397d21d790af) C:\Windows\system32\rpcss.dll
23:41:47.0360 2864 DcomLaunch - ok
23:41:47.0386 2864 defragsvc (8d6e10a2d9a5eed59562d9b82cf804e1) C:\Windows\System32\defragsvc.dll
23:41:47.0388 2864 defragsvc - ok
23:41:47.0444 2864 DfsC (f024449c97ec1e464aaffda18593db88) C:\Windows\system32\Drivers\dfsc.sys
23:41:47.0445 2864 DfsC - ok
23:41:47.0490 2864 Dhcp (e9e01eb683c132f7fa27cd607b8a2b63) C:\Windows\system32\dhcpcore.dll
23:41:47.0493 2864 Dhcp - ok
23:41:47.0512 2864 discache (1a050b0274bfb3890703d490f330c0da) C:\Windows\system32\drivers\discache.sys
23:41:47.0513 2864 discache - ok
23:41:47.0569 2864 Disk (565003f326f99802e68ca78f2a68e9ff) C:\Windows\system32\drivers\disk.sys
23:41:47.0570 2864 Disk - ok
23:41:47.0596 2864 dmvsc (2a958ef85db1b61ffca65044fa4bce9e) C:\Windows\system32\drivers\dmvsc.sys
23:41:47.0598 2864 dmvsc - ok
23:41:47.0618 2864 Dnscache (2fe30d71919c51131405797620e0a714) C:\Windows\System32\dnsrslvr.dll
23:41:47.0620 2864 Dnscache - ok
23:41:47.0638 2864 dot3svc (366ba8fb4b7bb7435e3b9eacb3843f67) C:\Windows\System32\dot3svc.dll
23:41:47.0641 2864 dot3svc - ok
23:41:47.0662 2864 DPS (8ec04ca86f1d68da9e11952eb85973d6) C:\Windows\system32\dps.dll
23:41:47.0664 2864 DPS - ok
23:41:47.0701 2864 drmkaud (b918e7c5f9bf77202f89e1a9539f2eb4) C:\Windows\system32\drivers\drmkaud.sys
23:41:47.0701 2864 drmkaud - ok
23:41:47.0731 2864 DXGKrnl (23f5d28378a160352ba8f817bd8c71cb) C:\Windows\System32\drivers\dxgkrnl.sys
23:41:47.0748 2864 DXGKrnl - ok
23:41:47.0769 2864 EapHost (8600142fa91c1b96367d3300ad0f3f3a) C:\Windows\System32\eapsvc.dll
23:41:47.0771 2864 EapHost - ok
23:41:47.0855 2864 ebdrv (024e1b5cac09731e4d868e64dbfb4ab0) C:\Windows\system32\drivers\evbdx.sys
23:41:47.0907 2864 ebdrv - ok
23:41:47.0935 2864 EFS (f42309c4191c506b71db5d1126d26318) C:\Windows\System32\lsass.exe
23:41:47.0936 2864 EFS - ok
23:41:47.0983 2864 ehRecvr (a8c362018efc87beb013ee28f29c0863) C:\Windows\ehome\ehRecvr.exe
23:41:47.0998 2864 ehRecvr - ok
23:41:48.0009 2864 ehSched (d389bff34f80caede417bf9d1507996a) C:\Windows\ehome\ehsched.exe
23:41:48.0010 2864 ehSched - ok
23:41:48.0063 2864 elxstor (0ed67910c8c326796faa00b2bf6d9d3c) C:\Windows\system32\drivers\elxstor.sys
23:41:48.0077 2864 elxstor - ok
23:41:48.0102 2864 ErrDev (8fc3208352dd3912c94367a206ab3f11) C:\Windows\system32\drivers\errdev.sys
23:41:48.0102 2864 ErrDev - ok
23:41:48.0146 2864 EventSystem (f6916efc29d9953d5d0df06882ae8e16) C:\Windows\system32\es.dll
23:41:48.0171 2864 EventSystem - ok
23:41:48.0194 2864 exfat (2dc9108d74081149cc8b651d3a26207f) C:\Windows\system32\drivers\exfat.sys
23:41:48.0196 2864 exfat - ok
23:41:48.0216 2864 fastfat (7e0ab74553476622fb6ae36f73d97d35) C:\Windows\system32\drivers\fastfat.sys
23:41:48.0218 2864 fastfat - ok
23:41:48.0253 2864 Fax (967ea5b213e9984cbe270205df37755b) C:\Windows\system32\fxssvc.exe
23:41:48.0268 2864 Fax - ok
23:41:48.0295 2864 fdc (e817a017f82df2a1f8cfdbda29388b29) C:\Windows\system32\drivers\fdc.sys
23:41:48.0296 2864 fdc - ok
23:41:48.0313 2864 fdPHost (f3222c893bd2f5821a0179e5c71e88fb) C:\Windows\system32\fdPHost.dll
23:41:48.0314 2864 fdPHost - ok
23:41:48.0336 2864 FDResPub (7dbe8cbfe79efbdeb98c9fb08d3a9a5b) C:\Windows\system32\fdrespub.dll
23:41:48.0368 2864 FDResPub - ok
23:41:48.0714 2864 FileInfo (6cf00369c97f3cf563be99be983d13d8) C:\Windows\system32\drivers\fileinfo.sys
23:41:48.0729 2864 FileInfo - ok
23:41:48.0778 2864 Filetrace (42c51dc94c91da21cb9196eb64c45db9) C:\Windows\system32\drivers\filetrace.sys
23:41:48.0779 2864 Filetrace - ok
23:41:48.0810 2864 flpydisk (87907aa70cb3c56600f1c2fb8841579b) C:\Windows\system32\drivers\flpydisk.sys
23:41:48.0811 2864 flpydisk - ok
23:41:48.0844 2864 FltMgr (7520ec808e0c35e0ee6f841294316653) C:\Windows\system32\drivers\fltmgr.sys
23:41:48.0847 2864 FltMgr - ok
23:41:48.0879 2864 FontCache (fa6c66e4364d7da57aade5dcc03bb999) C:\Windows\system32\FntCache.dll
23:41:48.0896 2864 FontCache - ok
23:41:48.0968 2864 FontCache3.0.0.0 (e56f39f6b7fda0ac77a79b0fd3de1a2f) C:\Windows\Microsoft.Net\Framework\v3.0\WPF\PresentationFontCache.exe
23:41:48.0969 2864 FontCache3.0.0.0 - ok
23:41:49.0033 2864 ForceWare Intelligent Application Manager (IAM) (b0424bd9c497b72c3f35a42e6e21d41b) C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin32\nSvcAppFlt.exe
23:41:49.0038 2864 ForceWare Intelligent Application Manager (IAM) - ok
23:41:49.0090 2864 FsDepends (1a16b57943853e598cff37fe2b8cbf1d) C:\Windows\system32\drivers\FsDepends.sys
23:41:49.0091 2864 FsDepends - ok
23:41:49.0118 2864 Fs_Rec (a574b4360e438977038aae4bf60d79a2) C:\Windows\system32\drivers\Fs_Rec.sys
23:41:49.0119 2864 Fs_Rec - ok
23:41:49.0154 2864 fvevol (8a73e79089b282100b9393b644cb853b) C:\Windows\system32\DRIVERS\fvevol.sys
23:41:49.0177 2864 fvevol - ok
23:41:49.0217 2864 gagp30kx (65ee0c7a58b65e74ae05637418153938) C:\Windows\system32\drivers\gagp30kx.sys
23:41:49.0220 2864 gagp30kx - ok
23:41:49.0275 2864 GamesAppService (c403c5db49a0f9aaf4f2128edc0106d8) C:\Program Files\WildTangent Games\App\GamesAppService.exe
23:41:49.0278 2864 GamesAppService - ok
23:41:49.0347 2864 GoToAssist Express Customer (6eb738ffc7dc8066eb5f4c6c5a5cdbe2) C:\Program Files\Citrix\GoToAssist Express Customer\363\g2ax_service.exe
23:41:49.0363 2864 GoToAssist Express Customer - ok
23:41:49.0447 2864 gpsvc (e897eaf5ed6ba41e081060c9b447a673) C:\Windows\System32\gpsvc.dll
23:41:49.0462 2864 gpsvc - ok
23:41:49.0504 2864 hcw85cir (c44e3c2bab6837db337ddee7544736db) C:\Windows\system32\drivers\hcw85cir.sys
23:41:49.0505 2864 hcw85cir - ok
23:41:49.0541 2864 HdAudAddService (a5ef29d5315111c80a5c1abad14c8972) C:\Windows\system32\drivers\HdAudio.sys
23:41:49.0544 2864 HdAudAddService - ok
23:41:49.0612 2864 HDAudBus (9036377b8a6c15dc2eec53e489d159b5) C:\Windows\system32\drivers\HDAudBus.sys
23:41:49.0614 2864 HDAudBus - ok
23:41:49.0636 2864 HidBatt (1d58a7f3e11a9731d0eaaaa8405acc36) C:\Windows\system32\drivers\HidBatt.sys
23:41:49.0637 2864 HidBatt - ok
23:41:49.0652 2864 HidBth (89448f40e6df260c206a193a4683ba78) C:\Windows\system32\drivers\hidbth.sys
23:41:49.0654 2864 HidBth - ok
23:41:49.0687 2864 HidIr (cf50b4cf4a4f229b9f3c08351f99ca5e) C:\Windows\system32\drivers\hidir.sys
23:41:49.0688 2864 HidIr - ok
23:41:49.0711 2864 hidserv (2bc6f6a1992b3a77f5f41432ca6b3b6b) C:\Windows\System32\hidserv.dll
23:41:49.0712 2864 hidserv - ok
23:41:49.0747 2864 HidUsb (10c19f8290891af023eaec0832e1eb4d) C:\Windows\system32\DRIVERS\hidusb.sys
23:41:49.0748 2864 HidUsb - ok
23:41:49.0779 2864 hkmsvc (196b4e3f4cccc24af836ce58facbb699) C:\Windows\system32\kmsvc.dll
23:41:49.0781 2864 hkmsvc - ok
23:41:49.0804 2864 HomeGroupListener (6658f4404de03d75fe3ba09f7aba6a30) C:\Windows\system32\ListSvc.dll
23:41:49.0807 2864 HomeGroupListener - ok
23:41:49.0832 2864 HomeGroupProvider (dbc02d918fff1cad628acbe0c0eaa8e8) C:\Windows\system32\provsvc.dll
23:41:49.0835 2864 HomeGroupProvider - ok
23:41:49.0923 2864 HP Health Check Service (45a12cacb97b4f15858fcfd59355a1e9) C:\Program Files\Hewlett-Packard\HP Health Check\hphc_service.exe
23:41:49.0925 2864 HP Health Check Service - ok
23:41:49.0956 2864 HPClientSvc (dfec85328a07e518b4dbdf43bbba5740) C:\Program Files\Hewlett-Packard\HP Client Services\HPClientServices.exe
23:41:49.0959 2864 HPClientSvc - ok
23:41:49.0969 2864 HPDrvMntSvc.exe (f55442690a70a0278a7eed4faaebf576) C:\Program Files\Hewlett-Packard\Shared\HPDrvMntSvc.exe
23:41:49.0971 2864 HPDrvMntSvc.exe - ok
23:41:50.0000 2864 hpqwmiex (640e51db253265c3eac075866b3d2b33) C:\Program Files\Hewlett-Packard\Shared\hpqWmiEx.exe
23:41:50.0018 2864 hpqwmiex - ok
23:41:50.0215 2864 HpSAMD (295fdc419039090eb8b49ffdbb374549) C:\Windows\system32\drivers\HpSAMD.sys
23:41:50.0216 2864 HpSAMD - ok
23:41:50.0255 2864 HTTP (871917b07a141bff43d76d8844d48106) C:\Windows\system32\drivers\HTTP.sys
23:41:50.0261 2864 HTTP - ok
23:41:50.0273 2864 hwpolicy (0c4e035c7f105f1299258c90886c64c5) C:\Windows\system32\drivers\hwpolicy.sys
23:41:50.0273 2864 hwpolicy - ok
23:41:50.0320 2864 i8042prt (f151f0bdc47f4a28b1b20a0818ea36d6) C:\Windows\system32\drivers\i8042prt.sys
23:41:50.0322 2864 i8042prt - ok
23:41:51.0191 2864 iaStorV (a3cae5d281db4cff7cff8233507ee5ad) C:\Windows\system32\drivers\iaStorV.sys
23:41:51.0219 2864 iaStorV - ok
23:41:51.0410 2864 idsvc (c521d7eb6497bb1af6afa89e322fb43c) C:\Windows\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe
23:41:51.0427 2864 idsvc - ok
23:41:51.0551 2864 igfx (ad626f6964f4d364d226c39e06872dd3) C:\Windows\system32\DRIVERS\igdkmd32.sys
23:41:51.0635 2864 igfx - ok
23:41:51.0674 2864 iirsp (4173ff5708f3236cf25195fecd742915) C:\Windows\system32\drivers\iirsp.sys
23:41:51.0675 2864 iirsp - ok
23:41:51.0703 2864 IKEEXT (f95622f161474511b8d80d6b093aa610) C:\Windows\System32\ikeext.dll
23:41:51.0720 2864 IKEEXT - ok
23:41:51.0920 2864 IntcAzAudAddService (5294f1c52a6d8c2a15ffd2945c552736) C:\Windows\system32\drivers\RTKVHDA.sys
23:41:51.0979 2864 IntcAzAudAddService - ok
23:41:52.0050 2864 intelide (a0f12f2c9ba6c72f3987ce780e77c130) C:\Windows\system32\drivers\intelide.sys
23:41:52.0051 2864 intelide - ok
23:41:52.0089 2864 intelppm (3b514d27bfc4accb4037bc6685f766e0) C:\Windows\system32\drivers\intelppm.sys
23:41:52.0091 2864 intelppm - ok
23:41:52.0117 2864 IPBusEnum (acb364b9075a45c0736e5c47be5cae19) C:\Windows\system32\ipbusenum.dll
23:41:52.0119 2864 IPBusEnum - ok
23:41:52.0141 2864 IpFilterDriver (709d1761d3b19a932ff0238ea6d50200) C:\Windows\system32\DRIVERS\ipfltdrv.sys
23:41:52.0142 2864 IpFilterDriver - ok
23:41:52.0173 2864 iphlpsvc (4d65a07b795d6674312f879d09aa7663) C:\Windows\System32\iphlpsvc.dll
23:41:52.0179 2864 iphlpsvc - ok
23:41:52.0197 2864 IPMIDRV (4bd7134618c1d2a27466a099062547bf) C:\Windows\system32\drivers\IPMIDrv.sys
23:41:52.0205 2864 IPMIDRV - ok
23:41:52.0228 2864 IPNAT (a5fa468d67abcdaa36264e463a7bb0cd) C:\Windows\system32\drivers\ipnat.sys
23:41:52.0229 2864 IPNAT - ok
23:41:52.0257 2864 IRENUM (42996cff20a3084a56017b7902307e9f) C:\Windows\system32\drivers\irenum.sys
23:41:52.0258 2864 IRENUM - ok
23:41:52.0280 2864 isapnp (1f32bb6b38f62f7df1a7ab7292638a35) C:\Windows\system32\drivers\isapnp.sys
23:41:52.0281 2864 isapnp - ok
23:41:52.0302 2864 iScsiPrt (cb7a9abb12b8415bce5d74994c7ba3ae) C:\Windows\system32\drivers\msiscsi.sys
23:41:52.0305 2864 iScsiPrt - ok
23:41:52.0409 2864 kbdclass (adef52ca1aeae82b50df86b56413107e) C:\Windows\system32\DRIVERS\kbdclass.sys
23:41:52.0410 2864 kbdclass - ok
23:41:52.0443 2864 kbdhid (9e3ced91863e6ee98c24794d05e27a71) C:\Windows\system32\DRIVERS\kbdhid.sys
23:41:52.0444 2864 kbdhid - ok
23:41:52.0468 2864 KeyIso (f42309c4191c506b71db5d1126d26318) C:\Windows\system32\lsass.exe
23:41:52.0469 2864 KeyIso - ok
23:41:52.0556 2864 KSecDD (412cea1aa78cc02a447f5c9e62b32ff1) C:\Windows\system32\Drivers\ksecdd.sys
23:41:52.0557 2864 KSecDD - ok
23:41:52.0574 2864 KSecPkg (26c046977e85b95036453d7b88ba1820) C:\Windows\system32\Drivers\ksecpkg.sys
23:41:52.0576 2864 KSecPkg - ok
23:41:52.0609 2864 KtmRm (89a7b9cc98d0d80c6f31b91c0a310fcd) C:\Windows\system32\msdtckrm.dll
23:41:52.0613 2864 KtmRm - ok
23:41:52.0682 2864 LanmanServer (d64af876d53eca3668bb97b51b4e70ab) C:\Windows\System32\srvsvc.dll
23:41:52.0686 2864 LanmanServer - ok
23:41:52.0787 2864 LanmanWorkstation (58405e4f68ba8e4057c6e914f326aba2) C:\Windows\System32\wkssvc.dll
23:41:52.0790 2864 LanmanWorkstation - ok
23:41:52.0849 2864 lltdio (f7611ec07349979da9b0ae1f18ccc7a6) C:\Windows\system32\DRIVERS\lltdio.sys
23:41:52.0850 2864 lltdio - ok
23:41:52.0879 2864 lltdsvc (5700673e13a2117fa3b9020c852c01e2) C:\Windows\System32\lltdsvc.dll
23:41:52.0882 2864 lltdsvc - ok
23:41:52.0897 2864 lmhosts (55ca01ba19d0006c8f2639b6c045e08b) C:\Windows\System32\lmhsvc.dll
23:41:52.0899 2864 lmhosts - ok
23:41:52.0939 2864 LSI_FC (eb119a53ccf2acc000ac71b065b78fef) C:\Windows\system32\drivers\lsi_fc.sys
23:41:52.0940 2864 LSI_FC - ok
23:41:52.0968 2864 LSI_SAS (8ade1c877256a22e49b75d1cc9161f9c) C:\Windows\system32\drivers\lsi_sas.sys
23:41:52.0970 2864 LSI_SAS - ok
23:41:52.0997 2864 LSI_SAS2 (dc9dc3d3daa0e276fd2ec262e38b11e9) C:\Windows\system32\drivers\lsi_sas2.sys
23:41:52.0998 2864 LSI_SAS2 - ok
23:41:53.0029 2864 LSI_SCSI (0a036c7d7cab643a7f07135ac47e0524) C:\Windows\system32\drivers\lsi_scsi.sys
23:41:53.0031 2864 LSI_SCSI - ok
23:41:53.0118 2864 luafv (6703e366cc18d3b6e534f5cf7df39cee) C:\Windows\system32\drivers\luafv.sys
23:41:53.0120 2864 luafv - ok
23:41:53.0190 2864 MBAMProtector (b7ca8cc3f978201856b6ab82f40953c3) C:\Windows\system32\drivers\mbam.sys
23:41:53.0191 2864 MBAMProtector - ok
23:41:53.0289 2864 MBAMService (056b19651bd7b7ce5f89a3ac46dbdc08) C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe
23:41:53.0305 2864 MBAMService - ok
23:41:53.0334 2864 Mcx2Svc (bfb9ee8ee977efe85d1a3105abef6dd1) C:\Windows\system32\Mcx2Svc.dll
23:41:53.0336 2864 Mcx2Svc - ok
23:41:53.0379 2864 megasas (0fff5b045293002ab38eb1fd1fc2fb74) C:\Windows\system32\drivers\megasas.sys
23:41:53.0380 2864 megasas - ok
23:41:53.0410 2864 MegaSR (dcbab2920c75f390caf1d29f675d03d6) C:\Windows\system32\drivers\MegaSR.sys
23:41:53.0413 2864 MegaSR - ok
23:41:53.0427 2864 MMCSS (146b6f43a673379a3c670e86d89be5ea) C:\Windows\system32\mmcss.dll
23:41:53.0429 2864 MMCSS - ok
23:41:53.0457 2864 Modem (f001861e5700ee84e2d4e52c712f4964) C:\Windows\system32\drivers\modem.sys
23:41:53.0458 2864 Modem - ok
23:41:53.0488 2864 monitor (79d10964de86b292320e9dfe02282a23) C:\Windows\system32\DRIVERS\monitor.sys
23:41:53.0489 2864 monitor - ok
23:41:53.0529 2864 mouclass (fb18cc1d4c2e716b6b903b0ac0cc0609) C:\Windows\system32\DRIVERS\mouclass.sys
23:41:53.0530 2864 mouclass - ok
23:41:53.0567 2864 mouhid (2c388d2cd01c9042596cf3c8f3c7b24d) C:\Windows\system32\DRIVERS\mouhid.sys
23:41:53.0568 2864 mouhid - ok
23:41:53.0581 2864 mountmgr (fc8771f45ecccfd89684e38842539b9b) C:\Windows\system32\drivers\mountmgr.sys
23:41:53.0582 2864 mountmgr - ok
23:41:53.0622 2864 MpFilter (fee0baded54222e9f1dae9541212aab1) C:\Windows\system32\DRIVERS\MpFilter.sys
23:41:53.0624 2864 MpFilter - ok
23:41:53.0652 2864 mpio (2d699fb6e89ce0d8da14ecc03b3edfe0) C:\Windows\system32\drivers\mpio.sys
23:41:53.0654 2864 mpio - ok
23:41:53.0674 2864 MpNWMon (2c3489660d4a8d514c123c3f0d67df46) C:\Windows\system32\DRIVERS\MpNWMon.sys
23:41:53.0675 2864 MpNWMon - ok
23:41:53.0694 2864 mpsdrv (ad2723a7b53dd1aacae6ad8c0bfbf4d0) C:\Windows\system32\drivers\mpsdrv.sys
23:41:53.0695 2864 mpsdrv - ok
23:41:53.0722 2864 MpsSvc (9835584e999d25004e1ee8e5f3e3b881) C:\Windows\system32\mpssvc.dll
23:41:53.0737 2864 MpsSvc - ok
23:41:53.0758 2864 MRxDAV (ceb46ab7c01c9f825f8cc6babc18166a) C:\Windows\system32\drivers\mrxdav.sys
23:41:53.0760 2864 MRxDAV - ok
23:41:53.0778 2864 mrxsmb (b272b4c3e085ea860c12f2e4faf2ffa2) C:\Windows\system32\DRIVERS\mrxsmb.sys
23:41:53.0780 2864 mrxsmb - ok
23:41:53.0798 2864 mrxsmb10 (9ac33ef26c8a3ad0f117d00eb7301d03) C:\Windows\system32\DRIVERS\mrxsmb10.sys
23:41:53.0801 2864 mrxsmb10 - ok
23:41:53.0818 2864 mrxsmb20 (e0abdb5ed7e199e242a7d028e76c1d3a) C:\Windows\system32\DRIVERS\mrxsmb20.sys
23:41:53.0819 2864 mrxsmb20 - ok
23:41:53.0850 2864 msahci (012c5f4e9349e711e11e0f19a8589f0a) C:\Windows\system32\drivers\msahci.sys
23:41:53.0851 2864 msahci - ok
23:41:53.0861 2864 msdsm (55055f8ad8be27a64c831322a780a228) C:\Windows\system32\drivers\msdsm.sys
23:41:53.0863 2864 msdsm - ok
23:41:53.0883 2864 MSDTC (e1bce74a3bd9902b72599c0192a07e27) C:\Windows\System32\msdtc.exe
23:41:53.0886 2864 MSDTC - ok
23:41:53.0905 2864 Msfs (daefb28e3af5a76abcc2c3078c07327f) C:\Windows\system32\drivers\Msfs.sys
23:41:53.0907 2864 Msfs - ok
23:41:53.0922 2864 mshidkmdf (3e1e5767043c5af9367f0056295e9f84) C:\Windows\System32\drivers\mshidkmdf.sys
23:41:53.0923 2864 mshidkmdf - ok
23:41:53.0945 2864 msisadrv (0a4e5757ae09fa9622e3158cc1aef114) C:\Windows\system32\drivers\msisadrv.sys
23:41:53.0946 2864 msisadrv - ok
23:41:53.0993 2864 MSiSCSI (90f7d9e6b6f27e1a707d4a297f077828) C:\Windows\system32\iscsiexe.dll
23:41:53.0995 2864 MSiSCSI - ok
23:41:54.0004 2864 msiserver - ok
23:41:54.0029 2864 MSKSSRV (8c0860d6366aaffb6c5bb9df9448e631) C:\Windows\system32\drivers\MSKSSRV.sys
23:41:54.0030 2864 MSKSSRV - ok
23:41:54.0121 2864 MsMpSvc (cfce43b70ca0cc4dcc8adb62b792b173) c:\Program Files\Microsoft Security Client\Antimalware\MsMpEng.exe
23:41:54.0122 2864 MsMpSvc - ok
23:41:54.0137 2864 MSPCLOCK (3ea8b949f963562cedbb549eac0c11ce) C:\Windows\system32\drivers\MSPCLOCK.sys
23:41:54.0137 2864 MSPCLOCK - ok
23:41:54.0147 2864 MSPQM (f456e973590d663b1073e9c463b40932) C:\Windows\system32\drivers\MSPQM.sys
23:41:54.0147 2864 MSPQM - ok
23:41:54.0167 2864 MsRPC (0e008fc4819d238c51d7c93e7b41e560) C:\Windows\system32\drivers\MsRPC.sys
23:41:54.0169 2864 MsRPC - ok
23:41:54.0197 2864 mssmbios (fc6b9ff600cc585ea38b12589bd4e246) C:\Windows\system32\drivers\mssmbios.sys
23:41:54.0197 2864 mssmbios - ok
23:41:54.0218 2864 MSTEE (b42c6b921f61a6e55159b8be6cd54a36) C:\Windows\system32\drivers\MSTEE.sys
23:41:54.0219 2864 MSTEE - ok
23:41:54.0246 2864 MTConfig (33599130f44e1f34631cea241de8ac84) C:\Windows\system32\drivers\MTConfig.sys
23:41:54.0247 2864 MTConfig - ok
23:41:54.0268 2864 Mup (159fad02f64e6381758c990f753bcc80) C:\Windows\system32\Drivers\mup.sys
23:41:54.0270 2864 Mup - ok
23:41:54.0299 2864 napagent (61d57a5d7c6d9afe10e77dae6e1b445e) C:\Windows\system32\qagentRT.dll
23:41:54.0304 2864 napagent - ok
23:41:54.0417 2864 NativeWifiP (26384429fcd85d83746f63e798ab1480) C:\Windows\system32\DRIVERS\nwifi.sys
23:41:54.0420 2864 NativeWifiP - ok
23:41:54.0454 2864 NDIS (e7c54812a2aaf43316eb6930c1ffa108) C:\Windows\system32\drivers\ndis.sys
23:41:54.0471 2864 NDIS - ok
23:41:54.0490 2864 NdisCap (0e1787aa6c9191d3d319e8bafe86f80c) C:\Windows\system32\DRIVERS\ndiscap.sys

 

[TechFee]

part 2

23:41:54.0491 2864 NdisCap - ok
23:41:54.0518 2864 NdisTapi (e4a8aec125a2e43a9e32afeea7c9c888) C:\Windows\system32\DRIVERS\ndistapi.sys
23:41:54.0519 2864 NdisTapi - ok
23:41:54.0542 2864 Ndisuio (d8a65dafb3eb41cbb622745676fcd072) C:\Windows\system32\DRIVERS\ndisuio.sys
23:41:54.0543 2864 Ndisuio - ok
23:41:54.0567 2864 NdisWan (38fbe267e7e6983311179230facb1017) C:\Windows\system32\DRIVERS\ndiswan.sys
23:41:54.0569 2864 NdisWan - ok
23:41:54.0587 2864 NDProxy (a4bdc541e69674fbff1a8ff00be913f2) C:\Windows\system32\drivers\NDProxy.sys
23:41:54.0588 2864 NDProxy - ok
23:41:54.0625 2864 Net Driver HPZ12 (a081cb6fb9a12668f233eb5414be3a0e) C:\Windows\system32\HPZinw12.dll
23:41:54.0627 2864 Net Driver HPZ12 - ok
23:41:54.0659 2864 NetBIOS (80b275b1ce3b0e79909db7b39af74d51) C:\Windows\system32\DRIVERS\netbios.sys
23:41:54.0660 2864 NetBIOS - ok
23:41:54.0682 2864 NetBT (280122ddcf04b378edd1ad54d71c1e54) C:\Windows\system32\DRIVERS\netbt.sys
23:41:54.0685 2864 NetBT - ok
23:41:54.0710 2864 Netlogon (f42309c4191c506b71db5d1126d26318) C:\Windows\system32\lsass.exe
23:41:54.0711 2864 Netlogon - ok
23:41:54.0752 2864 Netman (7cccfca7510684768da22092d1fa4db2) C:\Windows\System32\netman.dll
23:41:54.0757 2864 Netman - ok
23:41:54.0932 2864 NetMsmqActivator (d22cd77d4f0d63d1169bb35911bff12d) C:\Windows\Microsoft.NET\Framework\v4.0.30319\SMSvcHost.exe
23:41:54.0934 2864 NetMsmqActivator - ok
23:41:54.0940 2864 NetPipeActivator (d22cd77d4f0d63d1169bb35911bff12d) C:\Windows\Microsoft.NET\Framework\v4.0.30319\SMSvcHost.exe
23:41:54.0941 2864 NetPipeActivator - ok
23:41:54.0974 2864 netprofm (8c338238c16777a802d6a9211eb2ba50) C:\Windows\System32\netprofm.dll
23:41:54.0979 2864 netprofm - ok
23:41:54.0984 2864 NetTcpActivator (d22cd77d4f0d63d1169bb35911bff12d) C:\Windows\Microsoft.NET\Framework\v4.0.30319\SMSvcHost.exe
23:41:54.0985 2864 NetTcpActivator - ok
23:41:54.0990 2864 NetTcpPortSharing (d22cd77d4f0d63d1169bb35911bff12d) C:\Windows\Microsoft.NET\Framework\v4.0.30319\SMSvcHost.exe
23:41:54.0991 2864 NetTcpPortSharing - ok
23:41:55.0073 2864 nfrd960 (1d85c4b390b0ee09c7a46b91efb2c097) C:\Windows\system32\drivers\nfrd960.sys
23:41:55.0074 2864 nfrd960 - ok
23:41:55.0118 2864 NisDrv (7b01c6172cfd0b10116175e09200d4b4) C:\Windows\system32\DRIVERS\NisDrvWFP.sys
23:41:55.0120 2864 NisDrv - ok
23:41:55.0264 2864 NisSrv (a5cb074f34bbd89948e34a630d459c0c) c:\Program Files\Microsoft Security Client\Antimalware\NisSrv.exe
23:41:55.0267 2864 NisSrv - ok
23:41:55.0303 2864 NlaSvc (912084381d30d8b89ec4e293053f4710) C:\Windows\System32\nlasvc.dll
23:41:55.0307 2864 NlaSvc - ok
23:41:55.0336 2864 Npfs (1db262a9f8c087e8153d89bef3d2235f) C:\Windows\system32\drivers\Npfs.sys
23:41:55.0337 2864 Npfs - ok
23:41:55.0354 2864 nsi (ba387e955e890c8a88306d9b8d06bf17) C:\Windows\system32\nsisvc.dll
23:41:55.0355 2864 nsi - ok
23:41:55.0380 2864 nsiproxy (e9a0a4d07e53d8fea2bb8387a3293c58) C:\Windows\system32\drivers\nsiproxy.sys
23:41:55.0380 2864 nsiproxy - ok
23:41:55.0453 2864 nSvcIp (d7ba30ebf53546a0f8c2785c0063368d) C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin32\nSvcIp.exe
23:41:55.0456 2864 nSvcIp - ok
23:41:55.0507 2864 Ntfs (33c3093d09017cfe2e219f2472bff6eb) C:\Windows\system32\drivers\Ntfs.sys
23:41:55.0533 2864 Ntfs - ok
23:41:55.0548 2864 Null (f9756a98d69098dca8945d62858a812c) C:\Windows\system32\drivers\Null.sys
23:41:55.0549 2864 Null - ok
23:41:55.0779 2864 nvlddmkm (54f3b2c69c9311996ff7ff1fee910978) C:\Windows\system32\DRIVERS\nvlddmkm.sys
23:41:55.0966 2864 nvlddmkm - ok
23:41:56.0007 2864 NVNET (0219b05730635fcab3a9925d3374c464) C:\Windows\system32\DRIVERS\nvmf6232.sys
23:41:56.0011 2864 NVNET - ok
23:41:56.0034 2864 nvraid (af2eec9580c1d32fb7eaf105d9784061) C:\Windows\system32\drivers\nvraid.sys
23:41:56.0036 2864 nvraid - ok
23:41:56.0052 2864 nvstor (9283c58ebaa2618f93482eb5dabcec82) C:\Windows\system32\drivers\nvstor.sys
23:41:56.0054 2864 nvstor - ok
23:41:56.0075 2864 nvstor32 (3ff57a9a657c9690ecbc8b1e3b6e3979) C:\Windows\system32\drivers\nvstor32.sys
23:41:56.0077 2864 nvstor32 - ok
23:41:56.0124 2864 nvsvc (9d70397d171adb994b602a80b1b0f216) C:\Windows\system32\nvvsvc.exe
23:41:56.0127 2864 nvsvc - ok
23:41:56.0145 2864 nv_agp (5a0983915f02bae73267cc2a041f717d) C:\Windows\system32\drivers\nv_agp.sys
23:41:56.0147 2864 nv_agp - ok
23:41:56.0172 2864 ohci1394 (08a70a1f2cdde9bb49b885cb817a66eb) C:\Windows\system32\drivers\ohci1394.sys
23:41:56.0173 2864 ohci1394 - ok
23:41:56.0216 2864 ose (9d10f99a6712e28f8acd5641e3a7ea6b) C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE
23:41:56.0219 2864 ose - ok
23:41:56.0334 2864 osppsvc (358a9cca612c68eb2f07ddad4ce1d8d7) C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE
23:41:56.0452 2864 osppsvc - ok
23:41:56.0564 2864 OxPPort (05564282ea0fa0c7543452d7bc46a4fb) C:\Windows\system32\drivers\OxPPort.sys
23:41:56.0566 2864 OxPPort - ok
23:41:56.0600 2864 OxSer (a47925ceef0c0ae51409ddd551c5e3e5) C:\Windows\system32\drivers\OxSer.sys
23:41:56.0601 2864 OxSer - ok
23:41:56.0630 2864 p2pimsvc (82a8521ddc60710c3d3d3e7325209bec) C:\Windows\system32\pnrpsvc.dll
23:41:56.0634 2864 p2pimsvc - ok
23:41:56.0670 2864 p2psvc (59c3ddd501e39e006dac31bf55150d91) C:\Windows\system32\p2psvc.dll
23:41:56.0674 2864 p2psvc - ok
23:41:56.0702 2864 Parport (2ea877ed5dd9713c5ac74e8ea7348d14) C:\Windows\system32\drivers\parport.sys
23:41:56.0704 2864 Parport - ok
23:41:56.0732 2864 partmgr (bf8f6af06da75b336f07e23aef97d93b) C:\Windows\system32\drivers\partmgr.sys
23:41:56.0733 2864 partmgr - ok
23:41:56.0752 2864 Parvdm (eb0a59f29c19b86479d36b35983daadc) C:\Windows\system32\drivers\parvdm.sys
23:41:56.0753 2864 Parvdm - ok
23:41:56.0771 2864 PcaSvc (358ab7956d3160000726574083dfc8a6) C:\Windows\System32\pcasvc.dll
23:41:56.0774 2864 PcaSvc - ok
23:41:56.0808 2864 pci (673e55c3498eb970088e812ea820aa8f) C:\Windows\system32\drivers\pci.sys
23:41:56.0810 2864 pci - ok
23:41:56.0839 2864 pciide (afe86f419014db4e5593f69ffe26ce0a) C:\Windows\system32\drivers\pciide.sys
23:41:56.0840 2864 pciide - ok
23:41:56.0870 2864 pcmcia (f396431b31693e71e8a80687ef523506) C:\Windows\system32\drivers\pcmcia.sys
23:41:56.0873 2864 pcmcia - ok
23:41:56.0903 2864 pcw (250f6b43d2b613172035c6747aeeb19f) C:\Windows\system32\drivers\pcw.sys
23:41:56.0904 2864 pcw - ok
23:41:56.0952 2864 pdfcDispatcher - ok
23:41:56.0990 2864 PEAUTH (9e0104ba49f4e6973749a02bf41344ed) C:\Windows\system32\drivers\peauth.sys
23:41:57.0005 2864 PEAUTH - ok
23:41:57.0052 2864 PeerDistSvc (af4d64d2a57b9772cf3801950b8058a6) C:\Windows\system32\peerdistsvc.dll
23:41:57.0078 2864 PeerDistSvc - ok
23:41:57.0136 2864 pla (414bba67a3ded1d28437eb66aeb8a720) C:\Windows\system32\pla.dll
23:41:57.0162 2864 pla - ok
23:41:57.0201 2864 PlugPlay (92dc6e68d2c856c5c2f21ae9e22112b8) C:\Windows\system32\umpnpmgr.dll
23:41:57.0205 2864 PlugPlay - ok
23:41:57.0239 2864 Pml Driver HPZ12 (65bc271f337637731d3c71455ae1f476) C:\Windows\system32\HPZipm12.dll
23:41:57.0241 2864 Pml Driver HPZ12 - ok
23:41:57.0270 2864 PNRPAutoReg (63ff8572611249931eb16bb8eed6afc8) C:\Windows\system32\pnrpauto.dll
23:41:57.0272 2864 PNRPAutoReg - ok
23:41:57.0289 2864 PNRPsvc (82a8521ddc60710c3d3d3e7325209bec) C:\Windows\system32\pnrpsvc.dll
23:41:57.0291 2864 PNRPsvc - ok
23:41:57.0320 2864 PolicyAgent (53946b69ba0836bd95b03759530c81ec) C:\Windows\System32\ipsecsvc.dll
23:41:57.0325 2864 PolicyAgent - ok
23:41:57.0355 2864 Power (f87d30e72e03d579a5199ccb3831d6ea) C:\Windows\system32\umpo.dll
23:41:57.0358 2864 Power - ok
23:41:57.0406 2864 PptpMiniport (631e3e205ad6d86f2aed6a4a8e69f2db) C:\Windows\system32\DRIVERS\raspptp.sys
23:41:57.0408 2864 PptpMiniport - ok
23:41:57.0432 2864 Processor (85b1e3a0c7585bc4aae6899ec6fcf011) C:\Windows\system32\drivers\processr.sys
23:41:57.0433 2864 Processor - ok
23:41:57.0468 2864 ProfSvc (43ca4ccc22d52fb58e8988f0198851d0) C:\Windows\system32\profsvc.dll
23:41:57.0472 2864 ProfSvc - ok
23:41:57.0493 2864 ProtectedStorage (f42309c4191c506b71db5d1126d26318) C:\Windows\system32\lsass.exe
23:41:57.0494 2864 ProtectedStorage - ok
23:41:57.0528 2864 Psched (6270ccae2a86de6d146529fe55b3246a) C:\Windows\system32\DRIVERS\pacer.sys
23:41:57.0530 2864 Psched - ok
23:41:57.0588 2864 ql2300 (ab95ecf1f6659a60ddc166d8315b0751) C:\Windows\system32\drivers\ql2300.sys
23:41:57.0613 2864 ql2300 - ok
23:41:57.0640 2864 ql40xx (b4dd51dd25182244b86737dc51af2270) C:\Windows\system32\drivers\ql40xx.sys
23:41:57.0642 2864 ql40xx - ok
23:41:57.0667 2864 QWAVE (31ac809e7707eb580b2bdb760390765a) C:\Windows\system32\qwave.dll
23:41:57.0671 2864 QWAVE - ok
23:41:57.0698 2864 QWAVEdrv (584078ca1b95ca72df2a27c336f9719d) C:\Windows\system32\drivers\qwavedrv.sys
23:41:57.0699 2864 QWAVEdrv - ok
23:41:57.0716 2864 RasAcd (30a81b53c766d0133bb86d234e5556ab) C:\Windows\system32\DRIVERS\rasacd.sys
23:41:57.0717 2864 RasAcd - ok
23:41:57.0747 2864 RasAgileVpn (57ec4aef73660166074d8f7f31c0d4fd) C:\Windows\system32\DRIVERS\AgileVpn.sys
23:41:57.0748 2864 RasAgileVpn - ok
23:41:57.0762 2864 RasAuto (a60f1839849c0c00739787fd5ec03f13) C:\Windows\System32\rasauto.dll
23:41:57.0764 2864 RasAuto - ok
23:41:57.0784 2864 Rasl2tp (d9f91eafec2815365cbe6d167e4e332a) C:\Windows\system32\DRIVERS\rasl2tp.sys
23:41:57.0785 2864 Rasl2tp - ok
23:41:57.0826 2864 RasMan (cb9e04dc05eacf5b9a36ca276d475006) C:\Windows\System32\rasmans.dll
23:41:57.0830 2864 RasMan - ok
23:41:57.0907 2864 RasPppoe (0fe8b15916307a6ac12bfb6a63e45507) C:\Windows\system32\DRIVERS\raspppoe.sys
23:41:57.0909 2864 RasPppoe - ok
23:41:57.0941 2864 RasSstp (44101f495a83ea6401d886e7fd70096b) C:\Windows\system32\DRIVERS\rassstp.sys
23:41:57.0942 2864 RasSstp - ok
23:41:57.0971 2864 rdbss (d528bc58a489409ba40334ebf96a311b) C:\Windows\system32\DRIVERS\rdbss.sys
23:41:57.0974 2864 rdbss - ok
23:41:57.0996 2864 rdpbus (0d8f05481cb76e70e1da06ee9f0da9df) C:\Windows\system32\drivers\rdpbus.sys
23:41:57.0997 2864 rdpbus - ok
23:41:58.0018 2864 RDPCDD (23dae03f29d253ae74c44f99e515f9a1) C:\Windows\system32\DRIVERS\RDPCDD.sys
23:41:58.0018 2864 RDPCDD - ok
23:41:58.0043 2864 RDPDR (b973fcfc50dc1434e1970a146f7e3885) C:\Windows\system32\drivers\rdpdr.sys
23:41:58.0045 2864 RDPDR - ok
23:41:58.0069 2864 RDPENCDD (5a53ca1598dd4156d44196d200c94b8a) C:\Windows\system32\drivers\rdpencdd.sys
23:41:58.0069 2864 RDPENCDD - ok
23:41:58.0093 2864 RDPREFMP (44b0a53cd4f27d50ed461dae0c0b4e1f) C:\Windows\system32\drivers\rdprefmp.sys
23:41:58.0093 2864 RDPREFMP - ok
23:41:58.0111 2864 RDPWD (288b06960d78428ff89e811632684e20) C:\Windows\system32\drivers\RDPWD.sys
23:41:58.0113 2864 RDPWD - ok
23:41:58.0143 2864 rdyboost (518395321dc96fe2c9f0e96ac743b656) C:\Windows\system32\drivers\rdyboost.sys
23:41:58.0146 2864 rdyboost - ok
23:41:58.0173 2864 RemoteAccess (7b5e1419717fac363a31cc302895217a) C:\Windows\System32\mprdim.dll
23:41:58.0175 2864 RemoteAccess - ok
23:41:58.0207 2864 RemoteRegistry (cb9a8683f4ef2bf99e123d79950d7935) C:\Windows\system32\regsvc.dll
23:41:58.0209 2864 RemoteRegistry - ok
23:41:58.0237 2864 RpcEptMapper (78d072f35bc45d9e4e1b61895c152234) C:\Windows\System32\RpcEpMap.dll
23:41:58.0239 2864 RpcEptMapper - ok
23:41:58.0271 2864 RpcLocator (94d36c0e44677dd26981d2bfeef2a29d) C:\Windows\system32\locator.exe
23:41:58.0280 2864 RpcLocator - ok
23:41:58.0305 2864 RpcSs (7660f01d3b38aca1747e397d21d790af) C:\Windows\system32\rpcss.dll
23:41:58.0308 2864 RpcSs - ok
23:41:58.0577 2864 rspndr (032b0d36ad92b582d869879f5af5b928) C:\Windows\system32\DRIVERS\rspndr.sys
23:41:58.0579 2864 rspndr - ok
23:41:58.0613 2864 s3cap (7fa7f2e249a5dcbb7970630e15e1f482) C:\Windows\system32\drivers\vms3cap.sys
23:41:58.0614 2864 s3cap - ok
23:41:58.0635 2864 SamSs (f42309c4191c506b71db5d1126d26318) C:\Windows\system32\lsass.exe
23:41:58.0636 2864 SamSs - ok
23:41:58.0679 2864 sbp2port (05d860da1040f111503ac416ccef2bca) C:\Windows\system32\drivers\sbp2port.sys
23:41:58.0681 2864 sbp2port - ok
23:41:58.0717 2864 SCardSvr (8fc518ffe9519c2631d37515a68009c4) C:\Windows\System32\SCardSvr.dll
23:41:58.0720 2864 SCardSvr - ok
23:41:58.0742 2864 scfilter (0693b5ec673e34dc147e195779a4dcf6) C:\Windows\system32\DRIVERS\scfilter.sys
23:41:58.0743 2864 scfilter - ok
23:41:58.0776 2864 Schedule (a04bb13f8a72f8b6e8b4071723e4e336) C:\Windows\system32\schedsvc.dll
23:41:58.0793 2864 Schedule - ok
23:41:58.0825 2864 SCPolicySvc (319c6b309773d063541d01df8ac6f55f) C:\Windows\System32\certprop.dll
23:41:58.0825 2864 SCPolicySvc - ok
23:41:58.0897 2864 SDRSVC (08236c4bce5edd0a0318a438af28e0f7) C:\Windows\System32\SDRSVC.dll
23:41:58.0900 2864 SDRSVC - ok
23:41:58.0969 2864 SeaPort (331e7bde228914574fc9ae6cd520dafa) C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
23:41:58.0972 2864 SeaPort - ok
23:41:59.0026 2864 secdrv (90a3935d05b494a5a39d37e71f09a677) C:\Windows\system32\drivers\secdrv.sys
23:41:59.0027 2864 secdrv - ok
23:41:59.0045 2864 seclogon (a59b3a4442c52060cc7a85293aa3546f) C:\Windows\system32\seclogon.dll
23:41:59.0047 2864 seclogon - ok
23:41:59.0077 2864 SENS (dcb7fcdcc97f87360f75d77425b81737) C:\Windows\System32\sens.dll
23:41:59.0079 2864 SENS - ok
23:41:59.0100 2864 SensrSvc (50087fe1ee447009c9cc2997b90de53f) C:\Windows\system32\sensrsvc.dll
23:41:59.0102 2864 SensrSvc - ok
23:41:59.0127 2864 Serenum (9ad8b8b515e3df6acd4212ef465de2d1) C:\Windows\system32\drivers\serenum.sys
23:41:59.0128 2864 Serenum - ok
23:41:59.0143 2864 Serial (5fb7fcea0490d821f26f39cc5ea3d1e2) C:\Windows\system32\drivers\serial.sys
23:41:59.0145 2864 Serial - ok
23:41:59.0172 2864 sermouse (79bffb520327ff916a582dfea17aa813) C:\Windows\system32\drivers\sermouse.sys
23:41:59.0173 2864 sermouse - ok
23:41:59.0207 2864 SessionEnv (4ae380f39a0032eab7dd953030b26d28) C:\Windows\system32\sessenv.dll
23:41:59.0210 2864 SessionEnv - ok
23:41:59.0235 2864 sffdisk (9f976e1eb233df46fce808d9dea3eb9c) C:\Windows\system32\drivers\sffdisk.sys
23:41:59.0236 2864 sffdisk - ok
23:41:59.0255 2864 sffp_mmc (932a68ee27833cfd57c1639d375f2731) C:\Windows\system32\drivers\sffp_mmc.sys
23:41:59.0256 2864 sffp_mmc - ok
23:41:59.0278 2864 sffp_sd (6d4ccaedc018f1cf52866bbbaa235982) C:\Windows\system32\drivers\sffp_sd.sys
23:41:59.0288 2864 sffp_sd - ok
23:41:59.0309 2864 sfloppy (db96666cc8312ebc45032f30b007a547) C:\Windows\system32\drivers\sfloppy.sys
23:41:59.0310 2864 sfloppy - ok
23:41:59.0342 2864 SharedAccess (d1a079a0de2ea524513b6930c24527a2) C:\Windows\System32\ipnathlp.dll
23:41:59.0346 2864 SharedAccess - ok
23:41:59.0379 2864 ShellHWDetection (414da952a35bf5d50192e28263b40577) C:\Windows\System32\shsvcs.dll
23:41:59.0385 2864 ShellHWDetection - ok
23:41:59.0405 2864 sisagp (2565cac0dc9fe0371bdce60832582b2e) C:\Windows\system32\drivers\sisagp.sys
23:41:59.0406 2864 sisagp - ok
23:41:59.0443 2864 SiSRaid2 (a9f0486851becb6dda1d89d381e71055) C:\Windows\system32\drivers\SiSRaid2.sys
23:41:59.0444 2864 SiSRaid2 - ok
23:41:59.0463 2864 SiSRaid4 (3727097b55738e2f554972c3be5bc1aa) C:\Windows\system32\drivers\sisraid4.sys
23:41:59.0465 2864 SiSRaid4 - ok
23:41:59.0504 2864 Smb (3e21c083b8a01cb70ba1f09303010fce) C:\Windows\system32\DRIVERS\smb.sys
23:41:59.0506 2864 Smb - ok
23:41:59.0554 2864 SNMPTRAP (6a984831644eca1a33ffeae4126f4f37) C:\Windows\System32\snmptrap.exe
23:41:59.0556 2864 SNMPTRAP - ok
23:41:59.0580 2864 spldr (95cf1ae7527fb70f7816563cbc09d942) C:\Windows\system32\drivers\spldr.sys
23:41:59.0581 2864 spldr - ok
23:41:59.0605 2864 Spooler (866a43013535dc8587c258e43579c764) C:\Windows\System32\spoolsv.exe
23:41:59.0609 2864 Spooler - ok
23:41:59.0682 2864 sppsvc (cf87a1de791347e75b98885214ced2b8) C:\Windows\system32\sppsvc.exe
23:41:59.0741 2864 sppsvc - ok
23:41:59.0758 2864 sppuinotify (b0180b20b065d89232a78a40fe56eaa6) C:\Windows\system32\sppuinotify.dll
23:41:59.0760 2864 sppuinotify - ok
23:41:59.0781 2864 srv (112127c3b2e64d7680cc39cd0a39dd7e) C:\Windows\system32\DRIVERS\srv.sys
23:41:59.0785 2864 srv - ok
23:41:59.0809 2864 srv2 (e5dd784a4ee5ebc72a86c677c988fcdb) C:\Windows\system32\DRIVERS\srv2.sys
23:41:59.0813 2864 srv2 - ok
23:41:59.0830 2864 srvnet (cdbe627e16cc9e98f343d73f8e81d258) C:\Windows\system32\DRIVERS\srvnet.sys
23:41:59.0832 2864 srvnet - ok
23:41:59.0855 2864 SSDPSRV (d887c9fd02ac9fa880f6e5027a43e118) C:\Windows\System32\ssdpsrv.dll
23:41:59.0858 2864 SSDPSRV - ok
23:41:59.0878 2864 SstpSvc (d318f23be45d5e3a107469eb64815b50) C:\Windows\system32\sstpsvc.dll
23:41:59.0881 2864 SstpSvc - ok
23:41:59.0915 2864 stexstor (db32d325c192b801df274bfd12a7e72b) C:\Windows\system32\drivers\stexstor.sys
23:41:59.0917 2864 stexstor - ok
23:41:59.0955 2864 StiSvc (e1fb3706030fb4578a0d72c2fc3689e4) C:\Windows\System32\wiaservc.dll
23:41:59.0971 2864 StiSvc - ok
23:41:59.0993 2864 storflt (472af0311073dceceaa8fa18ba2bdf89) C:\Windows\system32\drivers\vmstorfl.sys
23:41:59.0994 2864 storflt - ok
23:42:00.0017 2864 StorSvc (0bf669f0a910beda4a32258d363af2a5) C:\Windows\system32\storsvc.dll
23:42:00.0019 2864 StorSvc - ok
23:42:00.0059 2864 storvsc (dcaffd62259e0bdb433dd67b5bb37619) C:\Windows\system32\drivers\storvsc.sys
23:42:00.0060 2864 storvsc - ok
23:42:00.0079 2864 swenum (e58c78a848add9610a4db6d214af5224) C:\Windows\system32\drivers\swenum.sys
23:42:00.0081 2864 swenum - ok
23:42:00.0109 2864 swprv (a28bd92df340e57b024ba433165d34d7) C:\Windows\System32\swprv.dll
23:42:00.0114 2864 swprv - ok
23:42:00.0150 2864 SysMain (36650d618ca34c9d357dfd3d89b2c56f) C:\Windows\system32\sysmain.dll
23:42:00.0176 2864 SysMain - ok
23:42:00.0194 2864 TabletInputService (763fecdc3d30c815fe72dd57936c6cd1) C:\Windows\System32\TabSvc.dll
23:42:00.0197 2864 TabletInputService - ok
23:42:00.0213 2864 TapiSrv (613bf4820361543956909043a265c6ac) C:\Windows\System32\tapisrv.dll
23:42:00.0217 2864 TapiSrv - ok
23:42:00.0230 2864 TBS (b799d9fdb26111737f58288d8dc172d9) C:\Windows\System32\tbssvc.dll
23:42:00.0232 2864 TBS - ok
23:42:00.0283 2864 Tcpip (65d10b191c59c5501a1263fc33f6894b) C:\Windows\system32\drivers\tcpip.sys
23:42:00.0309 2864 Tcpip - ok
23:42:00.0630 2864 TCPIP6 (65d10b191c59c5501a1263fc33f6894b) C:\Windows\system32\DRIVERS\tcpip.sys
23:42:00.0637 2864 TCPIP6 - ok
23:42:00.0670 2864 tcpipreg (cca24162e055c3714ce5a88b100c64ed) C:\Windows\system32\drivers\tcpipreg.sys
23:42:00.0671 2864 tcpipreg - ok
23:42:00.0695 2864 TDPIPE (1cb91b2bd8f6dd367dfc2ef26fd751b2) C:\Windows\system32\drivers\tdpipe.sys
23:42:00.0695 2864 TDPIPE - ok
23:42:00.0714 2864 TDTCP (2c10395baa4847f83042813c515cc289) C:\Windows\system32\drivers\tdtcp.sys
23:42:00.0715 2864 TDTCP - ok
23:42:00.0745 2864 tdx (b459575348c20e8121d6039da063c704) C:\Windows\system32\DRIVERS\tdx.sys
23:42:00.0747 2864 tdx - ok
23:42:00.0760 2864 TermDD (04dbf4b01ea4bf25a9a3e84affac9b20) C:\Windows\system32\drivers\termdd.sys
23:42:00.0761 2864 TermDD - ok
23:42:00.0799 2864 TermService (382c804c92811be57829d8e550a900e2) C:\Windows\System32\termsrv.dll
23:42:00.0816 2864 TermService - ok
23:42:00.0832 2864 Themes (42fb6afd6b79d9fe07381609172e7ca4) C:\Windows\system32\themeservice.dll
23:42:00.0834 2864 Themes - ok
23:42:00.0912 2864 THREADORDER (146b6f43a673379a3c670e86d89be5ea) C:\Windows\system32\mmcss.dll
23:42:00.0913 2864 THREADORDER - ok
23:42:00.0988 2864 TrkWks (4792c0378db99a9bc2ae2de6cfff0c3a) C:\Windows\System32\trkwks.dll
23:42:00.0991 2864 TrkWks - ok
23:42:01.0057 2864 TrojanKillerDriver (113384367c3999e084fe156b18c7625e) C:\Windows\system32\DRIVERS\gtkdrv.sys
23:42:01.0058 2864 TrojanKillerDriver - ok
23:42:01.0096 2864 TrustedInstaller (2c49b175aee1d4364b91b531417fe583) C:\Windows\servicing\TrustedInstaller.exe
23:42:01.0098 2864 TrustedInstaller - ok
23:42:01.0127 2864 tssecsrv (254bb140eee3c59d6114c1a86b636877) C:\Windows\system32\DRIVERS\tssecsrv.sys
23:42:01.0128 2864 tssecsrv - ok
23:42:01.0147 2864 TsUsbFlt (fd1d6c73e6333be727cbcc6054247654) C:\Windows\system32\drivers\tsusbflt.sys
23:42:01.0148 2864 TsUsbFlt - ok
23:42:01.0179 2864 TsUsbGD (01246f0baad7b68ec0f472aa41e33282) C:\Windows\system32\drivers\TsUsbGD.sys
23:42:01.0180 2864 TsUsbGD - ok
23:42:01.0201 2864 tunnel (b2fa25d9b17a68bb93d58b0556e8c90d) C:\Windows\system32\DRIVERS\tunnel.sys
23:42:01.0203 2864 tunnel - ok
23:42:01.0227 2864 uagp35 (750fbcb269f4d7dd2e420c56b795db6d) C:\Windows\system32\drivers\uagp35.sys
23:42:01.0229 2864 uagp35 - ok
23:42:01.0249 2864 udfs (ee43346c7e4b5e63e54f927babbb32ff) C:\Windows\system32\DRIVERS\udfs.sys
23:42:01.0253 2864 udfs - ok
23:42:01.0285 2864 UI0Detect (8344fd4fce927880aa1aa7681d4927e5) C:\Windows\system32\UI0Detect.exe
23:42:01.0287 2864 UI0Detect - ok
23:42:01.0336 2864 uliagpkx (44e8048ace47befbfdc2e9be4cbc8880) C:\Windows\system32\drivers\uliagpkx.sys
23:42:01.0337 2864 uliagpkx - ok
23:42:01.0378 2864 umbus (d295bed4b898f0fd999fcfa9b32b071b) C:\Windows\system32\DRIVERS\umbus.sys
23:42:01.0379 2864 umbus - ok
23:42:01.0403 2864 UmPass (7550ad0c6998ba1cb4843e920ee0feac) C:\Windows\system32\drivers\umpass.sys
23:42:01.0403 2864 UmPass - ok
23:42:01.0425 2864 UmRdpService (409994a8eaceee4e328749c0353527a0) C:\Windows\System32\umrdp.dll
23:42:01.0429 2864 UmRdpService - ok
23:42:01.0447 2864 upnphost (833fbb672460efce8011d262175fad33) C:\Windows\System32\upnphost.dll
23:42:01.0451 2864 upnphost - ok
23:42:01.0483 2864 usbccgp (7e72e7d7e0757d59481d530fd2b0bfae) C:\Windows\system32\DRIVERS\usbccgp.sys
23:42:01.0484 2864 usbccgp - ok
23:42:01.0514 2864 usbcir (04ec7cec62ec3b6d9354eee93327fc82) C:\Windows\system32\drivers\usbcir.sys
23:42:01.0515 2864 usbcir - ok
23:42:01.0525 2864 usbehci (cfbce999c057d78979a181c9c60f208e) C:\Windows\system32\drivers\usbehci.sys
23:42:01.0526 2864 usbehci - ok
23:42:01.0548 2864 usbhub (9d22aad9ac6a07c691a1113e5f860868) C:\Windows\system32\drivers\usbhub.sys
23:42:01.0552 2864 usbhub - ok
23:42:01.0578 2864 usbohci (a6fb7957ea7afb1165991e54ce934b74) C:\Windows\system32\drivers\usbohci.sys
23:42:01.0579 2864 usbohci - ok
23:42:01.0603 2864 usbprint (797d862fe0875e75c7cc4c1ad7b30252) C:\Windows\system32\drivers\usbprint.sys
23:42:01.0604 2864 usbprint - ok
23:42:01.0628 2864 USBSTOR (bf63ebfc6979fefb2bc03df7989a0c1a) C:\Windows\system32\DRIVERS\USBSTOR.SYS
23:42:01.0630 2864 USBSTOR - ok
23:42:01.0653 2864 usbuhci (78780c3ebce17405b1ccd07a3a8a7d72) C:\Windows\system32\drivers\usbuhci.sys
23:42:01.0654 2864 usbuhci - ok
23:42:01.0685 2864 UxSms (081e6e1c91aec36758902a9f727cd23c) C:\Windows\System32\uxsms.dll
23:42:01.0688 2864 UxSms - ok
23:42:01.0710 2864 VaultSvc (f42309c4191c506b71db5d1126d26318) C:\Windows\system32\lsass.exe
23:42:01.0711 2864 VaultSvc - ok
23:42:01.0751 2864 vdrvroot (a059c4c3edb09e07d21a8e5c0aabd3cb) C:\Windows\system32\drivers\vdrvroot.sys
23:42:01.0752 2864 vdrvroot - ok
23:42:01.0781 2864 vds (c3cd30495687c2a2f66a65ca6fd89be9) C:\Windows\System32\vds.exe
23:42:01.0798 2864 vds - ok
23:42:01.0821 2864 vga (17c408214ea61696cec9c66e388b14f3) C:\Windows\system32\DRIVERS\vgapnp.sys
23:42:01.0822 2864 vga - ok
23:42:01.0843 2864 VgaSave (8e38096ad5c8570a6f1570a61e251561) C:\Windows\System32\drivers\vga.sys
23:42:01.0844 2864 VgaSave - ok
23:42:01.0878 2864 vhdmp (5461686cca2fda57b024547733ab42e3) C:\Windows\system32\drivers\vhdmp.sys
23:42:01.0880 2864 vhdmp - ok
23:42:01.0920 2864 viaagp (c829317a37b4bea8f39735d4b076e923) C:\Windows\system32\drivers\viaagp.sys
23:42:01.0921 2864 viaagp - ok
23:42:01.0953 2864 ViaC7 (e02f079a6aa107f06b16549c6e5c7b74) C:\Windows\system32\drivers\viac7.sys
23:42:01.0954 2864 ViaC7 - ok
23:42:01.0982 2864 viaide (e43574f6a56a0ee11809b48c09e4fd3c) C:\Windows\system32\drivers\viaide.sys
23:42:01.0983 2864 viaide - ok
23:42:02.0017 2864 vmbus (c2f2911156fdc7817c52829c86da494e) C:\Windows\system32\drivers\vmbus.sys
23:42:02.0020 2864 vmbus - ok
23:42:02.0038 2864 VMBusHID (d4d77455211e204f370d08f4963063ce) C:\Windows\system32\drivers\VMBusHID.sys
23:42:02.0039 2864 VMBusHID - ok
23:42:02.0054 2864 volmgr (4c63e00f2f4b5f86ab48a58cd990f212) C:\Windows\system32\drivers\volmgr.sys
23:42:02.0056 2864 volmgr - ok
23:42:02.0090 2864 volmgrx (b5bb72067ddddbbfb04b2f89ff8c3c87) C:\Windows\system32\drivers\volmgrx.sys
23:42:02.0093 2864 volmgrx - ok
23:42:02.0115 2864 volsnap (f497f67932c6fa693d7de2780631cfe7) C:\Windows\system32\drivers\volsnap.sys
23:42:02.0118 2864 volsnap - ok
23:42:02.0148 2864 vpcbus (33e74df34753fcaab06f6f2bdc8cabf5) C:\Windows\system32\drivers\vpchbus.sys
23:42:02.0151 2864 vpcbus - ok
23:42:02.0199 2864 vpcnfltr (5f04362ceb5fb5901037e9d9eadd3760) C:\Windows\system32\DRIVERS\vpcnfltr.sys
23:42:02.0200 2864 vpcnfltr - ok
23:42:02.0228 2864 vpcusb (625088d6ee9ede977fd03cf18d1cd5c5) C:\Windows\system32\DRIVERS\vpcusb.sys
23:42:02.0229 2864 vpcusb - ok
23:42:02.0259 2864 vpcvmm (b21e23c100d6d5162b95cf6f05b4e035) C:\Windows\system32\drivers\vpcvmm.sys
23:42:02.0263 2864 vpcvmm - ok
23:42:02.0309 2864 vsmraid (9dfa0cc2f8855a04816729651175b631) C:\Windows\system32\drivers\vsmraid.sys
23:42:02.0312 2864 vsmraid - ok
23:42:02.0567 2864 VSS (209a3b1901b83aeb8527ed211cce9e4c) C:\Windows\system32\vssvc.exe
23:42:02.0584 2864 VSS - ok
23:42:02.0615 2864 vwifibus (90567b1e658001e79d7c8bbd3dde5aa6) C:\Windows\System32\drivers\vwifibus.sys
23:42:02.0616 2864 vwifibus - ok
23:42:02.0638 2864 W32Time (55187fd710e27d5095d10a472c8baf1c) C:\Windows\system32\w32time.dll
23:42:02.0643 2864 W32Time - ok
23:42:02.0668 2864 WacomPen (de3721e89c653aa281428c8a69745d90) C:\Windows\system32\drivers\wacompen.sys
23:42:02.0669 2864 WacomPen - ok
23:42:02.0692 2864 WANARP (3c3c78515f5ab448b022bdf5b8ffdd2e) C:\Windows\system32\DRIVERS\wanarp.sys
23:42:02.0693 2864 WANARP - ok
23:42:02.0697 2864 Wanarpv6 (3c3c78515f5ab448b022bdf5b8ffdd2e) C:\Windows\system32\DRIVERS\wanarp.sys
23:42:02.0698 2864 Wanarpv6 - ok
23:42:02.0744 2864 wbengine (691e3285e53dca558e1a84667f13e15a) C:\Windows\system32\wbengine.exe
23:42:02.0770 2864 wbengine - ok
23:42:02.0783 2864 WbioSrvc (9614b5d29dc76ac3c29f6d2d3aa70e67) C:\Windows\System32\wbiosrvc.dll
23:42:02.0786 2864 WbioSrvc - ok
23:42:02.0803 2864 wcncsvc (34eee0dfaadb4f691d6d5308a51315dc) C:\Windows\System32\wcncsvc.dll
23:42:02.0808 2864 wcncsvc - ok
23:42:02.0825 2864 WcsPlugInService (5d930b6357a6d2af4d7653bdabbf352f) C:\Windows\System32\WcsPlugInService.dll
23:42:02.0827 2864 WcsPlugInService - ok
23:42:02.0861 2864 Wd (1112a9badacb47b7c0bb0392e3158dff) C:\Windows\system32\drivers\wd.sys
23:42:02.0862 2864 Wd - ok
23:42:02.0894 2864 Wdf01000 (9950e3d0f08141c7e89e64456ae7dc73) C:\Windows\system32\drivers\Wdf01000.sys
23:42:02.0909 2864 Wdf01000 - ok
23:42:02.0925 2864 WdiServiceHost (46ef9dc96265fd0b423db72e7c38c2a5) C:\Windows\system32\wdi.dll
23:42:02.0928 2864 WdiServiceHost - ok
23:42:02.0946 2864 WdiSystemHost (46ef9dc96265fd0b423db72e7c38c2a5) C:\Windows\system32\wdi.dll
23:42:02.0948 2864 WdiSystemHost - ok
23:42:02.0967 2864 WebClient (a9d880f97530d5b8fee278923349929d) C:\Windows\System32\webclnt.dll
23:42:02.0971 2864 WebClient - ok
23:42:02.0989 2864 Wecsvc (760f0afe937a77cff27153206534f275) C:\Windows\system32\wecsvc.dll
23:42:02.0992 2864 Wecsvc - ok
23:42:03.0009 2864 wercplsupport (ac804569bb2364fb6017370258a4091b) C:\Windows\System32\wercplsupport.dll
23:42:03.0012 2864 wercplsupport - ok
23:42:03.0044 2864 WerSvc (08e420d873e4fd85241ee2421b02c4a4) C:\Windows\System32\WerSvc.dll
23:42:03.0047 2864 WerSvc - ok
23:42:03.0099 2864 WfpLwf (8b9a943f3b53861f2bfaf6c186168f79) C:\Windows\system32\DRIVERS\wfplwf.sys
23:42:03.0100 2864 WfpLwf - ok
23:42:03.0119 2864 WIMMount (5cf95b35e59e2a38023836fff31be64c) C:\Windows\system32\drivers\wimmount.sys
23:42:03.0121 2864 WIMMount - ok
23:42:03.0185 2864 WinDefend (3fae8f94296001c32eab62cd7d82e0fd) C:\Program Files\Windows Defender\mpsvc.dll
23:42:03.0202 2864 WinDefend - ok
23:42:03.0216 2864 WinHttpAutoProxySvc - ok
23:42:03.0256 2864 Winmgmt (f62e510b6ad4c21eb9fe8668ed251826) C:\Windows\system32\wbem\WMIsvc.dll
23:42:03.0259 2864 Winmgmt - ok
23:42:03.0303 2864 WinRM (1b91cd34ea3a90ab6a4ef0550174f4cc) C:\Windows\system32\WsmSvc.dll
23:42:03.0329 2864 WinRM - ok
23:42:03.0397 2864 Wlansvc (16935c98ff639d185086a3529b1f2067) C:\Windows\System32\wlansvc.dll
23:42:03.0412 2864 Wlansvc - ok
23:42:03.0497 2864 wlidsvc (5144ae67d60ec653f97ddf3feed29e77) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
23:42:03.0530 2864 wlidsvc - ok
23:42:03.0605 2864 WmiAcpi (0217679b8fca58714c3bf2726d2ca84e) C:\Windows\system32\drivers\wmiacpi.sys
23:42:03.0606 2864 WmiAcpi - ok
23:42:03.0658 2864 wmiApSrv (6eb6b66517b048d87dc1856ddf1f4c3f) C:\Windows\system32\wbem\WmiApSrv.exe
23:42:03.0660 2864 wmiApSrv - ok
23:42:03.0709 2864 WMPNetworkSvc (3b40d3a61aa8c21b88ae57c58ab3122e) C:\Program Files\Windows Media Player\wmpnetwk.exe
23:42:03.0734 2864 WMPNetworkSvc - ok
23:42:03.0758 2864 WPCSvc (a2f0ec770a92f2b3f9de6d518e11409c) C:\Windows\System32\wpcsvc.dll
23:42:03.0760 2864 WPCSvc - ok
23:42:03.0778 2864 WPDBusEnum (aa53356d60af47eacc85bc617a4f3f66) C:\Windows\system32\wpdbusenum.dll
23:42:03.0781 2864 WPDBusEnum - ok
23:42:03.0808 2864 ws2ifsl (6db3276587b853bf886b69528fdb048c) C:\Windows\system32\drivers\ws2ifsl.sys
23:42:03.0809 2864 ws2ifsl - ok
23:42:03.0822 2864 wscsvc (6f5d49efe0e7164e03ae773a3fe25340) C:\Windows\system32\wscsvc.dll
23:42:03.0825 2864 wscsvc - ok
23:42:03.0836 2864 WSearch - ok
23:42:03.0892 2864 wuauserv (3026418a50c5b4761befa632cedb7406) C:\Windows\system32\wuaueng.dll
23:42:03.0926 2864 wuauserv - ok
23:42:03.0949 2864 WudfPf (e714a1c0354636837e20ccbf00888ee7) C:\Windows\system32\drivers\WudfPf.sys
23:42:03.0951 2864 WudfPf - ok
23:42:03.0970 2864 wudfsvc (8d1e1e529a2c9e9b6a85b55a345f7629) C:\Windows\System32\WUDFSvc.dll
23:42:03.0972 2864 wudfsvc - ok
23:42:03.0988 2864 WwanSvc (ff2d745b560f7c71b31f30f4d49f73d2) C:\Windows\System32\wwansvc.dll
23:42:03.0992 2864 WwanSvc - ok
23:42:04.0051 2864 XobniService (2f1f1e823fd15be2be1c4e4e1ec07abe) C:\Program Files\Xobni\XobniService.exe
23:42:04.0052 2864 XobniService - ok
23:42:04.0080 2864 MBR (0x1B8) (6c6fdff834aa5d876c307bee53974486) \Device\Harddisk0\DR0
23:42:04.0110 2864 \Device\Harddisk0\DR0 ( Rootkit.Boot.Pihar.b ) - infected
23:42:04.0110 2864 \Device\Harddisk0\DR0 - detected Rootkit.Boot.Pihar.b (0)
23:42:04.0149 2864 Boot (0x1200) (a990ec4b9325c17c3ff83f9fd57b0034) \Device\Harddisk0\DR0\Partition0
23:42:04.0150 2864 \Device\Harddisk0\DR0\Partition0 - ok
23:42:04.0159 2864 Boot (0x1200) (0c2807eb53ab5d9cbee395267c64d37a) \Device\Harddisk0\DR0\Partition1
23:42:04.0160 2864 \Device\Harddisk0\DR0\Partition1 - ok
23:42:04.0191 2864 Boot (0x1200) (69ac03852419528dc1117aef8b2ed653) \Device\Harddisk0\DR0\Partition2
23:42:04.0192 2864 \Device\Harddisk0\DR0\Partition2 - ok
23:42:04.0192 2864 ============================================================
23:42:04.0192 2864 Scan finished
23:42:04.0192 2864 ============================================================
23:42:04.0206 3940 Detected object count: 1
23:42:04.0207 3940 Actual detected object count: 1
23:42:48.0891 3940 \Device\Harddisk0\DR0\# - copied to quarantine
23:42:48.0891 3940 \Device\Harddisk0\DR0 - copied to quarantine
23:42:48.0926 3940 \Device\Harddisk0\DR0\TDLFS\phm - copied to quarantine
23:42:48.0937 3940 \Device\Harddisk0\DR0\TDLFS\ph.dll - copied to quarantine
23:42:48.0948 3940 \Device\Harddisk0\DR0\TDLFS\phdata - copied to quarantine
23:42:48.0950 3940 \Device\Harddisk0\DR0\TDLFS\phx.dll - copied to quarantine
23:42:48.0953 3940 \Device\Harddisk0\DR0\TDLFS\xh.dll - copied to quarantine
23:42:48.0964 3940 \Device\Harddisk0\DR0\TDLFS\phd - copied to quarantine
23:42:48.0974 3940 \Device\Harddisk0\DR0\TDLFS\phdx - copied to quarantine
23:42:48.0975 3940 \Device\Harddisk0\DR0\TDLFS\phs - copied to quarantine
23:42:48.0976 3940 \Device\Harddisk0\DR0\TDLFS\phld - copied to quarantine
23:42:48.0979 3940 \Device\Harddisk0\DR0\TDLFS\phln - copied to quarantine
23:42:48.0983 3940 \Device\Harddisk0\DR0\TDLFS\phlx - copied to quarantine
23:42:49.0039 3940 \Device\Harddisk0\DR0 ( Rootkit.Boot.Pihar.b ) - will be cured on reboot
23:42:49.0040 3940 \Device\Harddisk0\DR0 - ok
23:42:50.0656 3940 \Device\Harddisk0\DR0 ( Rootkit.Boot.Pihar.b ) - User select action: Cure
23:43:00.0112 0712 Deinitialize success

 

[Broni]

Good

Re-run the tool one more time.

 

[TechFee]

2nd Run prt 1

00:06:08.0036 3296 TDSS rootkit removing tool 2.7.22.0 Mar 21 2012 17:40:00
00:06:08.0894 3296 ============================================================
00:06:08.0894 3296 Current date / time: 2012/03/22 00:06:08.0894
00:06:08.0894 3296 SystemInfo:
00:06:08.0894 3296
00:06:08.0894 3296 OS Version: 6.1.7601 ServicePack: 1.0
00:06:08.0894 3296 Product type: Workstation
00:06:08.0894 3296 ComputerName: MELB-W10
00:06:08.0894 3296 UserName: kmanney
00:06:08.0894 3296 Windows directory: C:\Windows
00:06:08.0894 3296 System windows directory: C:\Windows
00:06:08.0894 3296 Processor architecture: Intel x86
00:06:08.0894 3296 Number of processors: 2
00:06:08.0894 3296 Page size: 0x1000
00:06:08.0894 3296 Boot type: Normal boot
00:06:08.0894 3296 ============================================================
00:06:11.0640 3296 Drive \Device\Harddisk0\DR0 - Size: 0x3A38B2E000 (232.89 Gb), SectorSize: 0x200, Cylinders: 0x76C1, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000050
00:06:11.0702 3296 \Device\Harddisk0\DR0:
00:06:11.0718 3296 MBR used
00:06:11.0718 3296 \Device\Harddisk0\DR0\Partition0: MBR, Type 0x7, StartLBA 0x800, BlocksNum 0x32000
00:06:11.0718 3296 \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x32800, BlocksNum 0x1BF07000
00:06:11.0718 3296 \Device\Harddisk0\DR0\Partition2: MBR, Type 0x7, StartLBA 0x1BF39800, BlocksNum 0x128B800
00:06:11.0843 3296 Initialize success
00:06:11.0843 3296 ============================================================
00:06:15.0633 2948 ============================================================
00:06:15.0633 2948 Scan started
00:06:15.0633 2948 Mode: Manual;
00:06:15.0633 2948 ============================================================
00:06:16.0164 2948 1394ohci (1b133875b8aa8ac48969bd3458afe9f5) C:\Windows\system32\drivers\1394ohci.sys
00:06:16.0195 2948 1394ohci - ok
00:06:16.0242 2948 ACPI (cea80c80bed809aa0da6febc04733349) C:\Windows\system32\drivers\ACPI.sys
00:06:16.0242 2948 ACPI - ok
00:06:16.0289 2948 AcpiPmi (1efbc664abff416d1d07db115dcb264f) C:\Windows\system32\drivers\acpipmi.sys
00:06:16.0289 2948 AcpiPmi - ok
00:06:16.0382 2948 AdobeARMservice (62b7936f9036dd6ed36e6a7efa805dc0) C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe
00:06:16.0382 2948 AdobeARMservice - ok
00:06:16.0429 2948 adp94xx (21e785ebd7dc90a06391141aac7892fb) C:\Windows\system32\drivers\adp94xx.sys
00:06:16.0445 2948 adp94xx - ok
00:06:16.0491 2948 adpahci (0c676bc278d5b59ff5abd57bbe9123f2) C:\Windows\system32\drivers\adpahci.sys
00:06:16.0523 2948 adpahci - ok
00:06:16.0538 2948 adpu320 (7c7b5ee4b7b822ec85321fe23a27db33) C:\Windows\system32\drivers\adpu320.sys
00:06:16.0585 2948 adpu320 - ok
00:06:16.0616 2948 AeLookupSvc (8b5eefeec1e6d1a72a06c526628ad161) C:\Windows\System32\aelupsvc.dll
00:06:16.0632 2948 AeLookupSvc - ok
00:06:16.0679 2948 AFD (1151fd4fb0216cfed887bfde29ebd516) C:\Windows\system32\drivers\afd.sys
00:06:16.0710 2948 AFD - ok
00:06:16.0725 2948 agp440 (507812c3054c21cef746b6ee3d04dd6e) C:\Windows\system32\drivers\agp440.sys
00:06:16.0757 2948 agp440 - ok
00:06:16.0803 2948 aic78xx (8b30250d573a8f6b4bd23195160d8707) C:\Windows\system32\drivers\djsvs.sys
00:06:16.0819 2948 aic78xx - ok
00:06:16.0850 2948 ALG (18a54e132947cd98fea9accc57f98f13) C:\Windows\System32\alg.exe
00:06:16.0881 2948 ALG - ok
00:06:16.0928 2948 aliide (0d40bcf52ea90fc7df2aeab6503dea44) C:\Windows\system32\drivers\aliide.sys
00:06:16.0928 2948 aliide - ok
00:06:16.0959 2948 amdagp (3c6600a0696e90a463771c7422e23ab5) C:\Windows\system32\drivers\amdagp.sys
00:06:16.0991 2948 amdagp - ok
00:06:17.0022 2948 amdide (cd5914170297126b6266860198d1d4f0) C:\Windows\system32\drivers\amdide.sys
00:06:17.0037 2948 amdide - ok
00:06:17.0053 2948 AmdK8 (00dda200d71bac534bf56a9db5dfd666) C:\Windows\system32\drivers\amdk8.sys
00:06:17.0084 2948 AmdK8 - ok
00:06:17.0100 2948 AmdPPM (3cbf30f5370fda40dd3e87df38ea53b6) C:\Windows\system32\drivers\amdppm.sys
00:06:17.0131 2948 AmdPPM - ok
00:06:17.0162 2948 amdsata (e7f4d42d8076ec60e21715cd11743a0d) C:\Windows\system32\drivers\amdsata.sys
00:06:17.0178 2948 amdsata - ok
00:06:17.0193 2948 amdsbs (ea43af0c423ff267355f74e7a53bdaba) C:\Windows\system32\drivers\amdsbs.sys
00:06:17.0256 2948 amdsbs - ok
00:06:17.0271 2948 amdxata (146459d2b08bfdcbfa856d9947043c81) C:\Windows\system32\drivers\amdxata.sys
00:06:17.0271 2948 amdxata - ok
00:06:17.0318 2948 AppID (aea177f783e20150ace5383ee368da19) C:\Windows\system32\drivers\appid.sys
00:06:17.0334 2948 AppID - ok
00:06:17.0381 2948 AppIDSvc (62a9c86cb6085e20db4823e4e97826f5) C:\Windows\System32\appidsvc.dll
00:06:17.0396 2948 AppIDSvc - ok
00:06:17.0412 2948 Appinfo (fb1959012294d6ad43e5304df65e3c26) C:\Windows\System32\appinfo.dll
00:06:17.0427 2948 Appinfo - ok
00:06:17.0443 2948 AppMgmt (a45d184df6a8803da13a0b329517a64a) C:\Windows\System32\appmgmts.dll
00:06:17.0490 2948 AppMgmt - ok
00:06:17.0537 2948 arc (2932004f49677bd84dbc72edb754ffb3) C:\Windows\system32\drivers\arc.sys
00:06:17.0552 2948 arc - ok
00:06:17.0568 2948 arcsas (5d6f36c46fd283ae1b57bd2e9feb0bc7) C:\Windows\system32\drivers\arcsas.sys
00:06:17.0599 2948 arcsas - ok
00:06:17.0693 2948 aspnet_state (776acefa0ca9df0faa51a5fb2f435705) C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_state.exe
00:06:17.0739 2948 aspnet_state - ok
00:06:17.0771 2948 AsyncMac (add2ade1c2b285ab8378d2daaf991481) C:\Windows\system32\DRIVERS\asyncmac.sys
00:06:17.0786 2948 AsyncMac - ok
00:06:17.0942 2948 atapi (338c86357871c167a96ab976519bf59e) C:\Windows\system32\drivers\atapi.sys
00:06:17.0973 2948 atapi - ok
00:06:18.0207 2948 AudioEndpointBuilder (ce3b4e731638d2ef62fcb419be0d39f0) C:\Windows\System32\Audiosrv.dll
00:06:18.0254 2948 AudioEndpointBuilder - ok
00:06:18.0270 2948 Audiosrv (ce3b4e731638d2ef62fcb419be0d39f0) C:\Windows\System32\Audiosrv.dll
00:06:18.0270 2948 Audiosrv - ok
00:06:18.0301 2948 AxInstSV (6e30d02aac9cac84f421622e3a2f6178) C:\Windows\System32\AxInstSV.dll
00:06:18.0317 2948 AxInstSV - ok
00:06:18.0363 2948 b06bdrv (1a231abec60fd316ec54c66715543cec) C:\Windows\system32\drivers\bxvbdx.sys
00:06:18.0426 2948 b06bdrv - ok
00:06:18.0473 2948 b57nd60x (bd8869eb9cde6bbe4508d869929869ee) C:\Windows\system32\DRIVERS\b57nd60x.sys
00:06:18.0519 2948 b57nd60x - ok
00:06:18.0551 2948 BDESVC (ee1e9c3bb8228ae423dd38db69128e71) C:\Windows\System32\bdesvc.dll
00:06:18.0566 2948 BDESVC - ok
00:06:18.0582 2948 Beep (505506526a9d467307b3c393dedaf858) C:\Windows\system32\drivers\Beep.sys
00:06:18.0597 2948 Beep - ok
00:06:18.0629 2948 BFE (1e2bac209d184bb851e1a187d8a29136) C:\Windows\System32\bfe.dll
00:06:18.0675 2948 BFE - ok
00:06:18.0707 2948 BITS (e585445d5021971fae10393f0f1c3961) C:\Windows\System32\qmgr.dll
00:06:18.0738 2948 BITS - ok
00:06:18.0785 2948 blbdrive (2287078ed48fcfc477b05b20cf38f36f) C:\Windows\system32\drivers\blbdrive.sys
00:06:18.0800 2948 blbdrive - ok
00:06:18.0847 2948 bowser (fcafaef6798d7b51ff029f99a9898961) C:\Windows\system32\DRIVERS\bowser.sys
00:06:18.0878 2948 bowser - ok
00:06:18.0909 2948 BrFiltLo (9f9acc7f7ccde8a15c282d3f88b43309) C:\Windows\system32\drivers\BrFiltLo.sys
00:06:18.0925 2948 BrFiltLo - ok
00:06:18.0925 2948 BrFiltUp (56801ad62213a41f6497f96dee83755a) C:\Windows\system32\drivers\BrFiltUp.sys
00:06:18.0941 2948 BrFiltUp - ok
00:06:18.0987 2948 BridgeMP (77361d72a04f18809d0efb6cceb74d4b) C:\Windows\system32\DRIVERS\bridge.sys
00:06:19.0003 2948 BridgeMP - ok
00:06:19.0034 2948 Browser (6e11f33d14d020f58d5e02e4d67dfa19) C:\Windows\System32\browser.dll
00:06:19.0050 2948 Browser - ok
00:06:19.0081 2948 Brserid (845b8ce732e67f3b4133164868c666ea) C:\Windows\System32\Drivers\Brserid.sys
00:06:19.0128 2948 Brserid - ok
00:06:19.0159 2948 BrSerWdm (203f0b1e73adadbbb7b7b1fabd901f6b) C:\Windows\System32\Drivers\BrSerWdm.sys
00:06:19.0175 2948 BrSerWdm - ok
00:06:19.0206 2948 BrUsbMdm (bd456606156ba17e60a04e18016ae54b) C:\Windows\System32\Drivers\BrUsbMdm.sys
00:06:19.0206 2948 BrUsbMdm - ok
00:06:19.0237 2948 BrUsbSer (af72ed54503f717a43268b3cc5faec2e) C:\Windows\System32\Drivers\BrUsbSer.sys
00:06:19.0237 2948 BrUsbSer - ok
00:06:19.0253 2948 BTHMODEM (ed3df7c56ce0084eb2034432fc56565a) C:\Windows\system32\drivers\bthmodem.sys
00:06:19.0284 2948 BTHMODEM - ok
00:06:19.0331 2948 bthserv (1df19c96eef6c29d1c3e1a8678e07190) C:\Windows\system32\bthserv.dll
00:06:19.0346 2948 bthserv - ok
00:06:19.0424 2948 catchme - ok
00:06:19.0471 2948 cdfs (77ea11b065e0a8ab902d78145ca51e10) C:\Windows\system32\DRIVERS\cdfs.sys
00:06:19.0502 2948 cdfs - ok
00:06:19.0549 2948 cdrom (be167ed0fdb9c1fa1133953c18d5a6c9) C:\Windows\system32\drivers\cdrom.sys
00:06:19.0565 2948 cdrom - ok
00:06:19.0596 2948 CertPropSvc (319c6b309773d063541d01df8ac6f55f) C:\Windows\System32\certprop.dll
00:06:19.0627 2948 CertPropSvc - ok
00:06:19.0658 2948 circlass (3fe3fe94a34df6fb06e6418d0f6a0060) C:\Windows\system32\drivers\circlass.sys
00:06:19.0689 2948 circlass - ok
00:06:19.0705 2948 CLFS (635181e0e9bbf16871bf5380d71db02d) C:\Windows\system32\CLFS.sys
00:06:19.0736 2948 CLFS - ok
00:06:19.0814 2948 clr_optimization_v2.0.50727_32 (d88040f816fda31c3b466f0fa0918f29) C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
00:06:19.0861 2948 clr_optimization_v2.0.50727_32 - ok
00:06:19.0939 2948 clr_optimization_v4.0.30319_32 (c5a75eb48e2344abdc162bda79e16841) C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
00:06:19.0939 2948 clr_optimization_v4.0.30319_32 - ok
00:06:20.0033 2948 CmBatt (dea805815e587dad1dd2c502220b5616) C:\Windows\system32\drivers\CmBatt.sys
00:06:20.0079 2948 CmBatt - ok
00:06:20.0111 2948 cmdide (c537b1db64d495b9b4717b4d6d9edbf2) C:\Windows\system32\drivers\cmdide.sys
00:06:20.0126 2948 cmdide - ok
00:06:20.0157 2948 CNG (1b675691ed940766149c93e8f4488d68) C:\Windows\system32\Drivers\cng.sys
00:06:20.0157 2948 CNG - ok
00:06:20.0173 2948 Compbatt (a6023d3823c37043986713f118a89bee) C:\Windows\system32\drivers\compbatt.sys
00:06:20.0189 2948 Compbatt - ok
00:06:20.0235 2948 CompositeBus (cbe8c58a8579cfe5fccf809e6f114e89) C:\Windows\system32\drivers\CompositeBus.sys
00:06:20.0251 2948 CompositeBus - ok
00:06:20.0267 2948 COMSysApp - ok
00:06:20.0298 2948 crcdisk (2c4ebcfc84a9b44f209dff6c6e6c61d1) C:\Windows\system32\drivers\crcdisk.sys
00:06:20.0313 2948 crcdisk - ok
00:06:20.0329 2948 CryptSvc (a585bebf7d054bd9618eda0922d5484a) C:\Windows\system32\cryptsvc.dll
00:06:20.0360 2948 CryptSvc - ok
00:06:20.0391 2948 CSC (3c2177a897b4ca2788c6fb0c3fd81d4b) C:\Windows\system32\drivers\csc.sys
00:06:20.0423 2948 CSC - ok
00:06:20.0454 2948 CscService (15f93b37f6801943360d9eb42485d5d3) C:\Windows\System32\cscsvc.dll
00:06:20.0501 2948 CscService - ok
00:06:20.0532 2948 DcomLaunch (7660f01d3b38aca1747e397d21d790af) C:\Windows\system32\rpcss.dll
00:06:20.0532 2948 DcomLaunch - ok
00:06:20.0563 2948 defragsvc (8d6e10a2d9a5eed59562d9b82cf804e1) C:\Windows\System32\defragsvc.dll
00:06:20.0594 2948 defragsvc - ok
00:06:20.0641 2948 DfsC (f024449c97ec1e464aaffda18593db88) C:\Windows\system32\Drivers\dfsc.sys
00:06:20.0703 2948 DfsC - ok
00:06:20.0750 2948 Dhcp (e9e01eb683c132f7fa27cd607b8a2b63) C:\Windows\system32\dhcpcore.dll
00:06:20.0781 2948 Dhcp - ok
00:06:20.0813 2948 discache (1a050b0274bfb3890703d490f330c0da) C:\Windows\system32\drivers\discache.sys
00:06:20.0828 2948 discache - ok
00:06:20.0875 2948 Disk (565003f326f99802e68ca78f2a68e9ff) C:\Windows\system32\drivers\disk.sys
00:06:20.0875 2948 Disk - ok
00:06:20.0891 2948 dmvsc (2a958ef85db1b61ffca65044fa4bce9e) C:\Windows\system32\drivers\dmvsc.sys
00:06:20.0922 2948 dmvsc - ok
00:06:20.0937 2948 Dnscache (2fe30d71919c51131405797620e0a714) C:\Windows\System32\dnsrslvr.dll
00:06:20.0969 2948 Dnscache - ok
00:06:20.0984 2948 dot3svc (366ba8fb4b7bb7435e3b9eacb3843f67) C:\Windows\System32\dot3svc.dll
00:06:21.0015 2948 dot3svc - ok
00:06:21.0031 2948 DPS (8ec04ca86f1d68da9e11952eb85973d6) C:\Windows\system32\dps.dll
00:06:21.0047 2948 DPS - ok
00:06:21.0093 2948 drmkaud (b918e7c5f9bf77202f89e1a9539f2eb4) C:\Windows\system32\drivers\drmkaud.sys
00:06:21.0093 2948 drmkaud - ok
00:06:21.0125 2948 DXGKrnl (23f5d28378a160352ba8f817bd8c71cb) C:\Windows\System32\drivers\dxgkrnl.sys
00:06:21.0171 2948 DXGKrnl - ok
00:06:21.0187 2948 EapHost (8600142fa91c1b96367d3300ad0f3f3a) C:\Windows\System32\eapsvc.dll
00:06:21.0218 2948 EapHost - ok
00:06:21.0327 2948 ebdrv (024e1b5cac09731e4d868e64dbfb4ab0) C:\Windows\system32\drivers\evbdx.sys
00:06:21.0421 2948 ebdrv - ok
00:06:21.0468 2948 EFS (f42309c4191c506b71db5d1126d26318) C:\Windows\System32\lsass.exe
00:06:21.0483 2948 EFS - ok
00:06:21.0530 2948 ehRecvr (a8c362018efc87beb013ee28f29c0863) C:\Windows\ehome\ehRecvr.exe
00:06:21.0577 2948 ehRecvr - ok
00:06:21.0593 2948 ehSched (d389bff34f80caede417bf9d1507996a) C:\Windows\ehome\ehsched.exe
00:06:21.0624 2948 ehSched - ok
00:06:21.0671 2948 elxstor (0ed67910c8c326796faa00b2bf6d9d3c) C:\Windows\system32\drivers\elxstor.sys
00:06:21.0702 2948 elxstor - ok
00:06:21.0733 2948 ErrDev (8fc3208352dd3912c94367a206ab3f11) C:\Windows\system32\drivers\errdev.sys
00:06:21.0749 2948 ErrDev - ok
00:06:21.0780 2948 EventSystem (f6916efc29d9953d5d0df06882ae8e16) C:\Windows\system32\es.dll
00:06:21.0811 2948 EventSystem - ok
00:06:21.0827 2948 exfat (2dc9108d74081149cc8b651d3a26207f) C:\Windows\system32\drivers\exfat.sys
00:06:21.0858 2948 exfat - ok
00:06:21.0873 2948 fastfat (7e0ab74553476622fb6ae36f73d97d35) C:\Windows\system32\drivers\fastfat.sys
00:06:21.0905 2948 fastfat - ok
00:06:21.0936 2948 Fax (967ea5b213e9984cbe270205df37755b) C:\Windows\system32\fxssvc.exe
00:06:21.0983 2948 Fax - ok
00:06:22.0014 2948 fdc (e817a017f82df2a1f8cfdbda29388b29) C:\Windows\system32\drivers\fdc.sys
00:06:22.0029 2948 fdc - ok
00:06:22.0045 2948 fdPHost (f3222c893bd2f5821a0179e5c71e88fb) C:\Windows\system32\fdPHost.dll
00:06:22.0061 2948 fdPHost - ok
00:06:22.0076 2948 FDResPub (7dbe8cbfe79efbdeb98c9fb08d3a9a5b) C:\Windows\system32\fdrespub.dll
00:06:22.0092 2948 FDResPub - ok
00:06:22.0123 2948 FileInfo (6cf00369c97f3cf563be99be983d13d8) C:\Windows\system32\drivers\fileinfo.sys
00:06:22.0123 2948 FileInfo - ok
00:06:22.0139 2948 Filetrace (42c51dc94c91da21cb9196eb64c45db9) C:\Windows\system32\drivers\filetrace.sys
00:06:22.0154 2948 Filetrace - ok
00:06:22.0185 2948 flpydisk (87907aa70cb3c56600f1c2fb8841579b) C:\Windows\system32\drivers\flpydisk.sys
00:06:22.0201 2948 flpydisk - ok
00:06:22.0217 2948 FltMgr (7520ec808e0c35e0ee6f841294316653) C:\Windows\system32\drivers\fltmgr.sys
00:06:22.0217 2948 FltMgr - ok
00:06:22.0263 2948 FontCache (fa6c66e4364d7da57aade5dcc03bb999) C:\Windows\system32\FntCache.dll
00:06:22.0295 2948 FontCache - ok
00:06:22.0357 2948 FontCache3.0.0.0 (e56f39f6b7fda0ac77a79b0fd3de1a2f) C:\Windows\Microsoft.Net\Framework\v3.0\WPF\PresentationFontCache.exe
00:06:22.0388 2948 FontCache3.0.0.0 - ok
00:06:22.0466 2948 ForceWare Intelligent Application Manager (IAM) (b0424bd9c497b72c3f35a42e6e21d41b) C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin32\nSvcAppFlt.exe
00:06:22.0497 2948 ForceWare Intelligent Application Manager (IAM) - ok
00:06:22.0544 2948 FsDepends (1a16b57943853e598cff37fe2b8cbf1d) C:\Windows\system32\drivers\FsDepends.sys
00:06:22.0575 2948 FsDepends - ok
00:06:22.0591 2948 Fs_Rec (a574b4360e438977038aae4bf60d79a2) C:\Windows\system32\drivers\Fs_Rec.sys
00:06:22.0607 2948 Fs_Rec - ok
00:06:22.0638 2948 fvevol (8a73e79089b282100b9393b644cb853b) C:\Windows\system32\DRIVERS\fvevol.sys
00:06:22.0638 2948 fvevol - ok
00:06:22.0685 2948 gagp30kx (65ee0c7a58b65e74ae05637418153938) C:\Windows\system32\drivers\gagp30kx.sys
00:06:22.0716 2948 gagp30kx - ok
00:06:22.0763 2948 GamesAppService (c403c5db49a0f9aaf4f2128edc0106d8) C:\Program Files\WildTangent Games\App\GamesAppService.exe
00:06:22.0825 2948 GamesAppService - ok
00:06:22.0887 2948 GoToAssist Express Customer (6eb738ffc7dc8066eb5f4c6c5a5cdbe2) C:\Program Files\Citrix\GoToAssist Express Customer\363\g2ax_service.exe
00:06:22.0903 2948 GoToAssist Express Customer - ok
00:06:22.0997 2948 gpsvc (e897eaf5ed6ba41e081060c9b447a673) C:\Windows\System32\gpsvc.dll
00:06:23.0043 2948 gpsvc - ok
00:06:23.0106 2948 hcw85cir (c44e3c2bab6837db337ddee7544736db) C:\Windows\system32\drivers\hcw85cir.sys
00:06:23.0121 2948 hcw85cir - ok
00:06:23.0153 2948 HdAudAddService (a5ef29d5315111c80a5c1abad14c8972) C:\Windows\system32\drivers\HdAudio.sys
00:06:23.0184 2948 HdAudAddService - ok
00:06:23.0231 2948 HDAudBus (9036377b8a6c15dc2eec53e489d159b5) C:\Windows\system32\drivers\HDAudBus.sys
00:06:23.0231 2948 HDAudBus - ok
00:06:23.0262 2948 HidBatt (1d58a7f3e11a9731d0eaaaa8405acc36) C:\Windows\system32\drivers\HidBatt.sys
00:06:23.0293 2948 HidBatt - ok
00:06:23.0324 2948 HidBth (89448f40e6df260c206a193a4683ba78) C:\Windows\system32\drivers\hidbth.sys
00:06:23.0355 2948 HidBth - ok
00:06:23.0387 2948 HidIr (cf50b4cf4a4f229b9f3c08351f99ca5e) C:\Windows\system32\drivers\hidir.sys
00:06:23.0402 2948 HidIr - ok
00:06:23.0433 2948 hidserv (2bc6f6a1992b3a77f5f41432ca6b3b6b) C:\Windows\System32\hidserv.dll
00:06:23.0449 2948 hidserv - ok
00:06:23.0496 2948 HidUsb (10c19f8290891af023eaec0832e1eb4d) C:\Windows\system32\DRIVERS\hidusb.sys
00:06:23.0511 2948 HidUsb - ok
00:06:23.0543 2948 hkmsvc (196b4e3f4cccc24af836ce58facbb699) C:\Windows\system32\kmsvc.dll
00:06:23.0558 2948 hkmsvc - ok
00:06:23.0589 2948 HomeGroupListener (6658f4404de03d75fe3ba09f7aba6a30) C:\Windows\system32\ListSvc.dll
00:06:23.0621 2948 HomeGroupListener - ok
00:06:23.0652 2948 HomeGroupProvider (dbc02d918fff1cad628acbe0c0eaa8e8) C:\Windows\system32\provsvc.dll
00:06:23.0667 2948 HomeGroupProvider - ok
00:06:23.0745 2948 HP Health Check Service (45a12cacb97b4f15858fcfd59355a1e9) C:\Program Files\Hewlett-Packard\HP Health Check\hphc_service.exe
00:06:23.0761 2948 HP Health Check Service - ok
00:06:23.0792 2948 HPClientSvc (dfec85328a07e518b4dbdf43bbba5740) C:\Program Files\Hewlett-Packard\HP Client Services\HPClientServices.exe
00:06:23.0792 2948 HPClientSvc - ok
00:06:23.0808 2948 HPDrvMntSvc.exe (f55442690a70a0278a7eed4faaebf576) C:\Program Files\Hewlett-Packard\Shared\HPDrvMntSvc.exe
00:06:23.0808 2948 HPDrvMntSvc.exe - ok
00:06:23.0839 2948 hpqwmiex (640e51db253265c3eac075866b3d2b33) C:\Program Files\Hewlett-Packard\Shared\hpqWmiEx.exe
00:06:23.0964 2948 hpqwmiex - ok
00:06:24.0057 2948 HpSAMD (295fdc419039090eb8b49ffdbb374549) C:\Windows\system32\drivers\HpSAMD.sys
00:06:24.0104 2948 HpSAMD - ok
00:06:24.0135 2948 HTTP (871917b07a141bff43d76d8844d48106) C:\Windows\system32\drivers\HTTP.sys
00:06:24.0182 2948 HTTP - ok
00:06:24.0198 2948 hwpolicy (0c4e035c7f105f1299258c90886c64c5) C:\Windows\system32\drivers\hwpolicy.sys
00:06:24.0213 2948 hwpolicy - ok
00:06:24.0245 2948 i8042prt (f151f0bdc47f4a28b1b20a0818ea36d6) C:\Windows\system32\drivers\i8042prt.sys
00:06:24.0276 2948 i8042prt - ok
00:06:24.0323 2948 iaStorV (a3cae5d281db4cff7cff8233507ee5ad) C:\Windows\system32\drivers\iaStorV.sys
00:06:24.0354 2948 iaStorV - ok
00:06:24.0432 2948 idsvc (c521d7eb6497bb1af6afa89e322fb43c) C:\Windows\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe
00:06:24.0650 2948 idsvc - ok
00:06:24.0806 2948 igfx (ad626f6964f4d364d226c39e06872dd3) C:\Windows\system32\DRIVERS\igdkmd32.sys
00:06:24.0947 2948 igfx - ok
00:06:25.0040 2948 iirsp (4173ff5708f3236cf25195fecd742915) C:\Windows\system32\drivers\iirsp.sys
00:06:25.0056 2948 iirsp - ok
00:06:25.0118 2948 IKEEXT (f95622f161474511b8d80d6b093aa610) C:\Windows\System32\ikeext.dll
00:06:25.0149 2948 IKEEXT - ok
00:06:25.0243 2948 IntcAzAudAddService (5294f1c52a6d8c2a15ffd2945c552736) C:\Windows\system32\drivers\RTKVHDA.sys
00:06:25.0383 2948 IntcAzAudAddService - ok
00:06:25.0461 2948 intelide (a0f12f2c9ba6c72f3987ce780e77c130) C:\Windows\system32\drivers\intelide.sys
00:06:25.0477 2948 intelide - ok
00:06:25.0508 2948 intelppm (3b514d27bfc4accb4037bc6685f766e0) C:\Windows\system32\drivers\intelppm.sys
00:06:25.0524 2948 intelppm - ok
00:06:25.0555 2948 IPBusEnum (acb364b9075a45c0736e5c47be5cae19) C:\Windows\system32\ipbusenum.dll
00:06:25.0586 2948 IPBusEnum - ok
00:06:25.0602 2948 IpFilterDriver (709d1761d3b19a932ff0238ea6d50200) C:\Windows\system32\DRIVERS\ipfltdrv.sys
00:06:25.0633 2948 IpFilterDriver - ok
00:06:25.0664 2948 iphlpsvc (4d65a07b795d6674312f879d09aa7663) C:\Windows\System32\iphlpsvc.dll
00:06:25.0695 2948 iphlpsvc - ok
00:06:25.0742 2948 IPMIDRV (4bd7134618c1d2a27466a099062547bf) C:\Windows\system32\drivers\IPMIDrv.sys
00:06:25.0758 2948 IPMIDRV - ok
00:06:25.0789 2948 IPNAT (a5fa468d67abcdaa36264e463a7bb0cd) C:\Windows\system32\drivers\ipnat.sys
00:06:25.0805 2948 IPNAT - ok
00:06:25.0820 2948 IRENUM (42996cff20a3084a56017b7902307e9f) C:\Windows\system32\drivers\irenum.sys
00:06:25.0836 2948 IRENUM - ok
00:06:25.0851 2948 isapnp (1f32bb6b38f62f7df1a7ab7292638a35) C:\Windows\system32\drivers\isapnp.sys
00:06:25.0883 2948 isapnp - ok
00:06:25.0914 2948 iScsiPrt (cb7a9abb12b8415bce5d74994c7ba3ae) C:\Windows\system32\drivers\msiscsi.sys
00:06:25.0929 2948 iScsiPrt - ok
00:06:25.0961 2948 kbdclass (adef52ca1aeae82b50df86b56413107e) C:\Windows\system32\DRIVERS\kbdclass.sys
00:06:25.0992 2948 kbdclass - ok
00:06:26.0023 2948 kbdhid (9e3ced91863e6ee98c24794d05e27a71) C:\Windows\system32\DRIVERS\kbdhid.sys
00:06:26.0039 2948 kbdhid - ok
00:06:26.0070 2948 KeyIso (f42309c4191c506b71db5d1126d26318) C:\Windows\system32\lsass.exe
00:06:26.0070 2948 KeyIso - ok
00:06:26.0101 2948 KSecDD (412cea1aa78cc02a447f5c9e62b32ff1) C:\Windows\system32\Drivers\ksecdd.sys
00:06:26.0101 2948 KSecDD - ok
00:06:26.0117 2948 KSecPkg (26c046977e85b95036453d7b88ba1820) C:\Windows\system32\Drivers\ksecpkg.sys
00:06:26.0117 2948 KSecPkg - ok
00:06:26.0148 2948 KtmRm (89a7b9cc98d0d80c6f31b91c0a310fcd) C:\Windows\system32\msdtckrm.dll
00:06:26.0179 2948 KtmRm - ok
00:06:26.0226 2948 LanmanServer (d64af876d53eca3668bb97b51b4e70ab) C:\Windows\System32\srvsvc.dll
00:06:26.0241 2948 LanmanServer - ok
00:06:26.0288 2948 LanmanWorkstation (58405e4f68ba8e4057c6e914f326aba2) C:\Windows\System32\wkssvc.dll
00:06:26.0304 2948 LanmanWorkstation - ok
00:06:26.0351 2948 lltdio (f7611ec07349979da9b0ae1f18ccc7a6) C:\Windows\system32\DRIVERS\lltdio.sys
00:06:26.0382 2948 lltdio - ok
00:06:26.0413 2948 lltdsvc (5700673e13a2117fa3b9020c852c01e2) C:\Windows\System32\lltdsvc.dll
00:06:26.0429 2948 lltdsvc - ok
00:06:26.0444 2948 lmhosts (55ca01ba19d0006c8f2639b6c045e08b) C:\Windows\System32\lmhsvc.dll
00:06:26.0475 2948 lmhosts - ok
00:06:26.0522 2948 LSI_FC (eb119a53ccf2acc000ac71b065b78fef) C:\Windows\system32\drivers\lsi_fc.sys
00:06:26.0538 2948 LSI_FC - ok
00:06:26.0569 2948 LSI_SAS (8ade1c877256a22e49b75d1cc9161f9c) C:\Windows\system32\drivers\lsi_sas.sys
00:06:26.0600 2948 LSI_SAS - ok
00:06:26.0631 2948 LSI_SAS2 (dc9dc3d3daa0e276fd2ec262e38b11e9) C:\Windows\system32\drivers\lsi_sas2.sys
00:06:26.0647 2948 LSI_SAS2 - ok
00:06:26.0678 2948 LSI_SCSI (0a036c7d7cab643a7f07135ac47e0524) C:\Windows\system32\drivers\lsi_scsi.sys
00:06:26.0725 2948 LSI_SCSI - ok
00:06:26.0741 2948 luafv (6703e366cc18d3b6e534f5cf7df39cee) C:\Windows\system32\drivers\luafv.sys
00:06:26.0787 2948 luafv - ok
00:06:26.0865 2948 MBAMProtector (b7ca8cc3f978201856b6ab82f40953c3) C:\Windows\system32\drivers\mbam.sys
00:06:26.0865 2948 MBAMProtector - ok
00:06:26.0943 2948 MBAMService (056b19651bd7b7ce5f89a3ac46dbdc08) C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe
00:06:26.0959 2948 MBAMService - ok
00:06:26.0975 2948 Mcx2Svc (bfb9ee8ee977efe85d1a3105abef6dd1) C:\Windows\system32\Mcx2Svc.dll
00:06:27.0006 2948 Mcx2Svc - ok
00:06:27.0037 2948 megasas (0fff5b045293002ab38eb1fd1fc2fb74) C:\Windows\system32\drivers\megasas.sys
00:06:27.0053 2948 megasas - ok
00:06:27.0084 2948 MegaSR (dcbab2920c75f390caf1d29f675d03d6) C:\Windows\system32\drivers\MegaSR.sys
00:06:27.0099 2948 MegaSR - ok
00:06:27.0131 2948 MMCSS (146b6f43a673379a3c670e86d89be5ea) C:\Windows\system32\mmcss.dll
00:06:27.0146 2948 MMCSS - ok
00:06:27.0162 2948 Modem (f001861e5700ee84e2d4e52c712f4964) C:\Windows\system32\drivers\modem.sys
00:06:27.0193 2948 Modem - ok
00:06:27.0224 2948 monitor (79d10964de86b292320e9dfe02282a23) C:\Windows\system32\DRIVERS\monitor.sys
00:06:27.0240 2948 monitor - ok
00:06:27.0271 2948 mouclass (fb18cc1d4c2e716b6b903b0ac0cc0609) C:\Windows\system32\DRIVERS\mouclass.sys
00:06:27.0302 2948 mouclass - ok
00:06:27.0333 2948 mouhid (2c388d2cd01c9042596cf3c8f3c7b24d) C:\Windows\system32\DRIVERS\mouhid.sys
00:06:27.0349 2948 mouhid - ok
00:06:27.0380 2948 mountmgr (fc8771f45ecccfd89684e38842539b9b) C:\Windows\system32\drivers\mountmgr.sys
00:06:27.0380 2948 mountmgr - ok
00:06:27.0427 2948 MpFilter (fee0baded54222e9f1dae9541212aab1) C:\Windows\system32\DRIVERS\MpFilter.sys
00:06:27.0458 2948 MpFilter - ok
00:06:27.0489 2948 mpio (2d699fb6e89ce0d8da14ecc03b3edfe0) C:\Windows\system32\drivers\mpio.sys
00:06:27.0536 2948 mpio - ok
00:06:27.0645 2948 MpKsl9c8f64ff (a69630d039c38018689190234f866d77) c:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{A1FC69F1-9E37-4AD8-8124-F423771E0539}\MpKsl9c8f64ff.sys
00:06:27.0645 2948 MpKsl9c8f64ff - ok
00:06:27.0739 2948 MpNWMon (2c3489660d4a8d514c123c3f0d67df46) C:\Windows\system32\DRIVERS\MpNWMon.sys
00:06:27.0739 2948 MpNWMon - ok
00:06:27.0786 2948 mpsdrv (ad2723a7b53dd1aacae6ad8c0bfbf4d0) C:\Windows\system32\drivers\mpsdrv.sys
00:06:27.0817 2948 mpsdrv - ok
00:06:27.0848 2948 MpsSvc (9835584e999d25004e1ee8e5f3e3b881) C:\Windows\system32\mpssvc.dll
00:06:27.0879 2948 MpsSvc - ok
00:06:27.0911 2948 MRxDAV (ceb46ab7c01c9f825f8cc6babc18166a) C:\Windows\system32\drivers\mrxdav.sys
00:06:27.0926 2948 MRxDAV - ok
00:06:27.0942 2948 mrxsmb (b272b4c3e085ea860c12f2e4faf2ffa2) C:\Windows\system32\DRIVERS\mrxsmb.sys
00:06:27.0973 2948 mrxsmb - ok
00:06:27.0989 2948 mrxsmb10 (9ac33ef26c8a3ad0f117d00eb7301d03) C:\Windows\system32\DRIVERS\mrxsmb10.sys
00:06:28.0020 2948 mrxsmb10 - ok
00:06:28.0035 2948 mrxsmb20 (e0abdb5ed7e199e242a7d028e76c1d3a) C:\Windows\system32\DRIVERS\mrxsmb20.sys
00:06:28.0067 2948 mrxsmb20 - ok
00:06:28.0098 2948 msahci (012c5f4e9349e711e11e0f19a8589f0a) C:\Windows\system32\drivers\msahci.sys
00:06:28.0113 2948 msahci - ok
00:06:28.0129 2948 msdsm (55055f8ad8be27a64c831322a780a228) C:\Windows\system32\drivers\msdsm.sys
00:06:28.0145 2948 msdsm - ok
00:06:28.0160 2948 MSDTC (e1bce74a3bd9902b72599c0192a07e27) C:\Windows\System32\msdtc.exe
00:06:28.0191 2948 MSDTC - ok
00:06:28.0223 2948 Msfs (daefb28e3af5a76abcc2c3078c07327f) C:\Windows\system32\drivers\Msfs.sys
00:06:28.0238 2948 Msfs - ok
00:06:28.0254 2948 mshidkmdf (3e1e5767043c5af9367f0056295e9f84) C:\Windows\System32\drivers\mshidkmdf.sys
00:06:28.0254 2948 mshidkmdf - ok
00:06:28.0285 2948 msisadrv (0a4e5757ae09fa9622e3158cc1aef114) C:\Windows\system32\drivers\msisadrv.sys
00:06:28.0285 2948 msisadrv - ok
00:06:28.0332 2948 MSiSCSI (90f7d9e6b6f27e1a707d4a297f077828) C:\Windows\system32\iscsiexe.dll
00:06:28.0347 2948 MSiSCSI - ok
00:06:28.0363 2948 msiserver - ok
00:06:28.0394 2948 MSKSSRV (8c0860d6366aaffb6c5bb9df9448e631) C:\Windows\system32\drivers\MSKSSRV.sys
00:06:28.0410 2948 MSKSSRV - ok
00:06:28.0488 2948 MsMpSvc (cfce43b70ca0cc4dcc8adb62b792b173) c:\Program Files\Microsoft Security Client\Antimalware\MsMpEng.exe
00:06:28.0488 2948 MsMpSvc - ok
00:06:28.0519 2948 MSPCLOCK (3ea8b949f963562cedbb549eac0c11ce) C:\Windows\system32\drivers\MSPCLOCK.sys
00:06:28.0535 2948 MSPCLOCK - ok
00:06:28.0550 2948 MSPQM (f456e973590d663b1073e9c463b40932) C:\Windows\system32\drivers\MSPQM.sys
00:06:28.0550 2948 MSPQM - ok
00:06:28.0566 2948 MsRPC (0e008fc4819d238c51d7c93e7b41e560) C:\Windows\system32\drivers\MsRPC.sys
00:06:28.0566 2948 MsRPC - ok
00:06:28.0597 2948 mssmbios (fc6b9ff600cc585ea38b12589bd4e246) C:\Windows\system32\drivers\mssmbios.sys
00:06:28.0613 2948 mssmbios - ok
00:06:28.0644 2948 MSTEE (b42c6b921f61a6e55159b8be6cd54a36) C:\Windows\system32\drivers\MSTEE.sys
00:06:28.0644 2948 MSTEE - ok
00:06:28.0675 2948 MTConfig (33599130f44e1f34631cea241de8ac84) C:\Windows\system32\drivers\MTConfig.sys
00:06:28.0675 2948 MTConfig - ok
00:06:28.0691 2948 Mup (159fad02f64e6381758c990f753bcc80) C:\Windows\system32\Drivers\mup.sys
00:06:28.0706 2948 Mup - ok
00:06:28.0722 2948 napagent (61d57a5d7c6d9afe10e77dae6e1b445e) C:\Windows\system32\qagentRT.dll
00:06:28.0753 2948 napagent - ok
00:06:28.0784 2948 NativeWifiP (26384429fcd85d83746f63e798ab1480) C:\Windows\system32\DRIVERS\nwifi.sys
00:06:28.0800 2948 NativeWifiP - ok
00:06:28.0847 2948 NDIS (e7c54812a2aaf43316eb6930c1ffa108) C:\Windows\system32\drivers\ndis.sys
00:06:28.0862 2948 NDIS - ok
00:06:28.0878 2948 NdisCap (0e1787aa6c9191d3d319e8bafe86f80c) C:\Windows\system32\DRIVERS\ndiscap.sys
00:06:28.0893 2948 NdisCap - ok
00:06:28.0925 2948 NdisTapi (e4a8aec125a2e43a9e32afeea7c9c888) C:\Windows\system32\DRIVERS\ndistapi.sys
00:06:28.0940 2948 NdisTapi - ok
00:06:28.0956 2948 Ndisuio (d8a65dafb3eb41cbb622745676fcd072) C:\Windows\system32\DRIVERS\ndisuio.sys
00:06:28.0971 2948 Ndisuio - ok

 

[TechFee]

prt2

00:06:29.0003 2948 NdisWan (38fbe267e7e6983311179230facb1017) C:\Windows\system32\DRIVERS\ndiswan.sys
00:06:29.0018 2948 NdisWan - ok
00:06:29.0018 2948 NDProxy (a4bdc541e69674fbff1a8ff00be913f2) C:\Windows\system32\drivers\NDProxy.sys
00:06:29.0049 2948 NDProxy - ok
00:06:29.0127 2948 Net Driver HPZ12 (a081cb6fb9a12668f233eb5414be3a0e) C:\Windows\system32\HPZinw12.dll
00:06:29.0159 2948 Net Driver HPZ12 - ok
00:06:29.0190 2948 NetBIOS (80b275b1ce3b0e79909db7b39af74d51) C:\Windows\system32\DRIVERS\netbios.sys
00:06:29.0221 2948 NetBIOS - ok
00:06:29.0252 2948 NetBT (280122ddcf04b378edd1ad54d71c1e54) C:\Windows\system32\DRIVERS\netbt.sys
00:06:29.0283 2948 NetBT - ok
00:06:29.0299 2948 Netlogon (f42309c4191c506b71db5d1126d26318) C:\Windows\system32\lsass.exe
00:06:29.0315 2948 Netlogon - ok
00:06:29.0361 2948 Netman (7cccfca7510684768da22092d1fa4db2) C:\Windows\System32\netman.dll
00:06:29.0377 2948 Netman - ok
00:06:29.0455 2948 NetMsmqActivator (d22cd77d4f0d63d1169bb35911bff12d) C:\Windows\Microsoft.NET\Framework\v4.0.30319\SMSvcHost.exe
00:06:29.0502 2948 NetMsmqActivator - ok
00:06:29.0502 2948 NetPipeActivator (d22cd77d4f0d63d1169bb35911bff12d) C:\Windows\Microsoft.NET\Framework\v4.0.30319\SMSvcHost.exe
00:06:29.0517 2948 NetPipeActivator - ok
00:06:29.0549 2948 netprofm (8c338238c16777a802d6a9211eb2ba50) C:\Windows\System32\netprofm.dll
00:06:29.0580 2948 netprofm - ok
00:06:29.0580 2948 NetTcpActivator (d22cd77d4f0d63d1169bb35911bff12d) C:\Windows\Microsoft.NET\Framework\v4.0.30319\SMSvcHost.exe
00:06:29.0580 2948 NetTcpActivator - ok
00:06:29.0595 2948 NetTcpPortSharing (d22cd77d4f0d63d1169bb35911bff12d) C:\Windows\Microsoft.NET\Framework\v4.0.30319\SMSvcHost.exe
00:06:29.0595 2948 NetTcpPortSharing - ok
00:06:29.0642 2948 nfrd960 (1d85c4b390b0ee09c7a46b91efb2c097) C:\Windows\system32\drivers\nfrd960.sys
00:06:29.0658 2948 nfrd960 - ok
00:06:29.0705 2948 NisDrv (7b01c6172cfd0b10116175e09200d4b4) C:\Windows\system32\DRIVERS\NisDrvWFP.sys
00:06:29.0705 2948 NisDrv - ok
00:06:29.0814 2948 NisSrv (a5cb074f34bbd89948e34a630d459c0c) c:\Program Files\Microsoft Security Client\Antimalware\NisSrv.exe
00:06:29.0829 2948 NisSrv - ok
00:06:29.0861 2948 NlaSvc (912084381d30d8b89ec4e293053f4710) C:\Windows\System32\nlasvc.dll
00:06:29.0892 2948 NlaSvc - ok
00:06:29.0923 2948 Npfs (1db262a9f8c087e8153d89bef3d2235f) C:\Windows\system32\drivers\Npfs.sys
00:06:29.0939 2948 Npfs - ok
00:06:29.0954 2948 nsi (ba387e955e890c8a88306d9b8d06bf17) C:\Windows\system32\nsisvc.dll
00:06:29.0970 2948 nsi - ok
00:06:30.0001 2948 nsiproxy (e9a0a4d07e53d8fea2bb8387a3293c58) C:\Windows\system32\drivers\nsiproxy.sys
00:06:30.0017 2948 nsiproxy - ok
00:06:30.0079 2948 nSvcIp (d7ba30ebf53546a0f8c2785c0063368d) C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin32\nSvcIp.exe
00:06:30.0095 2948 nSvcIp - ok
00:06:30.0126 2948 Ntfs (33c3093d09017cfe2e219f2472bff6eb) C:\Windows\system32\drivers\Ntfs.sys
00:06:30.0157 2948 Ntfs - ok
00:06:30.0157 2948 Null (f9756a98d69098dca8945d62858a812c) C:\Windows\system32\drivers\Null.sys
00:06:30.0173 2948 Null - ok
00:06:30.0453 2948 nvlddmkm (54f3b2c69c9311996ff7ff1fee910978) C:\Windows\system32\DRIVERS\nvlddmkm.sys
00:06:30.0828 2948 nvlddmkm - ok
00:06:30.0906 2948 NVNET (0219b05730635fcab3a9925d3374c464) C:\Windows\system32\DRIVERS\nvmf6232.sys
00:06:30.0968 2948 NVNET - ok
00:06:31.0015 2948 nvraid (af2eec9580c1d32fb7eaf105d9784061) C:\Windows\system32\drivers\nvraid.sys
00:06:31.0046 2948 nvraid - ok
00:06:31.0077 2948 nvstor (9283c58ebaa2618f93482eb5dabcec82) C:\Windows\system32\drivers\nvstor.sys
00:06:31.0109 2948 nvstor - ok
00:06:31.0140 2948 nvstor32 (3ff57a9a657c9690ecbc8b1e3b6e3979) C:\Windows\system32\drivers\nvstor32.sys
00:06:31.0140 2948 nvstor32 - ok
00:06:31.0187 2948 nvsvc (9d70397d171adb994b602a80b1b0f216) C:\Windows\system32\nvvsvc.exe
00:06:31.0187 2948 nvsvc - ok
00:06:31.0202 2948 nv_agp (5a0983915f02bae73267cc2a041f717d) C:\Windows\system32\drivers\nv_agp.sys
00:06:31.0218 2948 nv_agp - ok
00:06:31.0249 2948 ohci1394 (08a70a1f2cdde9bb49b885cb817a66eb) C:\Windows\system32\drivers\ohci1394.sys
00:06:31.0280 2948 ohci1394 - ok
00:06:31.0327 2948 ose (9d10f99a6712e28f8acd5641e3a7ea6b) C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE
00:06:31.0405 2948 ose - ok
00:06:31.0514 2948 osppsvc (358a9cca612c68eb2f07ddad4ce1d8d7) C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE
00:06:31.0811 2948 osppsvc - ok
00:06:31.0889 2948 OxPPort (05564282ea0fa0c7543452d7bc46a4fb) C:\Windows\system32\drivers\OxPPort.sys
00:06:31.0935 2948 OxPPort - ok
00:06:31.0982 2948 OxSer (a47925ceef0c0ae51409ddd551c5e3e5) C:\Windows\system32\drivers\OxSer.sys
00:06:32.0013 2948 OxSer - ok
00:06:32.0029 2948 p2pimsvc (82a8521ddc60710c3d3d3e7325209bec) C:\Windows\system32\pnrpsvc.dll
00:06:32.0060 2948 p2pimsvc - ok
00:06:32.0107 2948 p2psvc (59c3ddd501e39e006dac31bf55150d91) C:\Windows\system32\p2psvc.dll
00:06:32.0138 2948 p2psvc - ok
00:06:32.0169 2948 Parport (2ea877ed5dd9713c5ac74e8ea7348d14) C:\Windows\system32\drivers\parport.sys
00:06:32.0201 2948 Parport - ok
00:06:32.0232 2948 partmgr (bf8f6af06da75b336f07e23aef97d93b) C:\Windows\system32\drivers\partmgr.sys
00:06:32.0232 2948 partmgr - ok
00:06:32.0247 2948 Parvdm (eb0a59f29c19b86479d36b35983daadc) C:\Windows\system32\drivers\parvdm.sys
00:06:32.0263 2948 Parvdm - ok
00:06:32.0279 2948 PcaSvc (358ab7956d3160000726574083dfc8a6) C:\Windows\System32\pcasvc.dll
00:06:32.0294 2948 PcaSvc - ok
00:06:32.0325 2948 pci (673e55c3498eb970088e812ea820aa8f) C:\Windows\system32\drivers\pci.sys
00:06:32.0325 2948 pci - ok
00:06:32.0357 2948 pciide (afe86f419014db4e5593f69ffe26ce0a) C:\Windows\system32\drivers\pciide.sys
00:06:32.0372 2948 pciide - ok
00:06:32.0403 2948 pcmcia (f396431b31693e71e8a80687ef523506) C:\Windows\system32\drivers\pcmcia.sys
00:06:32.0419 2948 pcmcia - ok
00:06:32.0450 2948 pcw (250f6b43d2b613172035c6747aeeb19f) C:\Windows\system32\drivers\pcw.sys
00:06:32.0450 2948 pcw - ok
00:06:32.0528 2948 pdfcDispatcher - ok
00:06:32.0559 2948 PEAUTH (9e0104ba49f4e6973749a02bf41344ed) C:\Windows\system32\drivers\peauth.sys
00:06:32.0591 2948 PEAUTH - ok
00:06:32.0637 2948 PeerDistSvc (af4d64d2a57b9772cf3801950b8058a6) C:\Windows\system32\peerdistsvc.dll
00:06:32.0731 2948 PeerDistSvc - ok
00:06:32.0840 2948 pla (414bba67a3ded1d28437eb66aeb8a720) C:\Windows\system32\pla.dll
00:06:32.0934 2948 pla - ok
00:06:32.0981 2948 PlugPlay (92dc6e68d2c856c5c2f21ae9e22112b8) C:\Windows\system32\umpnpmgr.dll
00:06:33.0027 2948 PlugPlay - ok
00:06:33.0059 2948 Pml Driver HPZ12 (65bc271f337637731d3c71455ae1f476) C:\Windows\system32\HPZipm12.dll
00:06:33.0074 2948 Pml Driver HPZ12 - ok
00:06:33.0105 2948 PNRPAutoReg (63ff8572611249931eb16bb8eed6afc8) C:\Windows\system32\pnrpauto.dll
00:06:33.0121 2948 PNRPAutoReg - ok
00:06:33.0137 2948 PNRPsvc (82a8521ddc60710c3d3d3e7325209bec) C:\Windows\system32\pnrpsvc.dll
00:06:33.0152 2948 PNRPsvc - ok
00:06:33.0168 2948 PolicyAgent (53946b69ba0836bd95b03759530c81ec) C:\Windows\System32\ipsecsvc.dll
00:06:33.0215 2948 PolicyAgent - ok
00:06:33.0230 2948 Power (f87d30e72e03d579a5199ccb3831d6ea) C:\Windows\system32\umpo.dll
00:06:33.0261 2948 Power - ok
00:06:33.0308 2948 PptpMiniport (631e3e205ad6d86f2aed6a4a8e69f2db) C:\Windows\system32\DRIVERS\raspptp.sys
00:06:33.0355 2948 PptpMiniport - ok
00:06:33.0386 2948 Processor (85b1e3a0c7585bc4aae6899ec6fcf011) C:\Windows\system32\drivers\processr.sys
00:06:33.0417 2948 Processor - ok
00:06:33.0433 2948 ProfSvc (43ca4ccc22d52fb58e8988f0198851d0) C:\Windows\system32\profsvc.dll
00:06:33.0464 2948 ProfSvc - ok
00:06:33.0495 2948 ProtectedStorage (f42309c4191c506b71db5d1126d26318) C:\Windows\system32\lsass.exe
00:06:33.0495 2948 ProtectedStorage - ok
00:06:33.0527 2948 Psched (6270ccae2a86de6d146529fe55b3246a) C:\Windows\system32\DRIVERS\pacer.sys
00:06:33.0558 2948 Psched - ok
00:06:33.0605 2948 ql2300 (ab95ecf1f6659a60ddc166d8315b0751) C:\Windows\system32\drivers\ql2300.sys
00:06:33.0651 2948 ql2300 - ok
00:06:33.0683 2948 ql40xx (b4dd51dd25182244b86737dc51af2270) C:\Windows\system32\drivers\ql40xx.sys
00:06:33.0729 2948 ql40xx - ok
00:06:33.0761 2948 QWAVE (31ac809e7707eb580b2bdb760390765a) C:\Windows\system32\qwave.dll
00:06:33.0792 2948 QWAVE - ok
00:06:33.0807 2948 QWAVEdrv (584078ca1b95ca72df2a27c336f9719d) C:\Windows\system32\drivers\qwavedrv.sys
00:06:33.0823 2948 QWAVEdrv - ok
00:06:33.0839 2948 RasAcd (30a81b53c766d0133bb86d234e5556ab) C:\Windows\system32\DRIVERS\rasacd.sys
00:06:33.0870 2948 RasAcd - ok
00:06:33.0885 2948 RasAgileVpn (57ec4aef73660166074d8f7f31c0d4fd) C:\Windows\system32\DRIVERS\AgileVpn.sys
00:06:33.0917 2948 RasAgileVpn - ok
00:06:33.0932 2948 RasAuto (a60f1839849c0c00739787fd5ec03f13) C:\Windows\System32\rasauto.dll
00:06:33.0948 2948 RasAuto - ok
00:06:33.0979 2948 Rasl2tp (d9f91eafec2815365cbe6d167e4e332a) C:\Windows\system32\DRIVERS\rasl2tp.sys
00:06:34.0010 2948 Rasl2tp - ok
00:06:34.0041 2948 RasMan (cb9e04dc05eacf5b9a36ca276d475006) C:\Windows\System32\rasmans.dll
00:06:34.0073 2948 RasMan - ok
00:06:34.0073 2948 RasPppoe (0fe8b15916307a6ac12bfb6a63e45507) C:\Windows\system32\DRIVERS\raspppoe.sys
00:06:34.0088 2948 RasPppoe - ok
00:06:34.0119 2948 RasSstp (44101f495a83ea6401d886e7fd70096b) C:\Windows\system32\DRIVERS\rassstp.sys
00:06:34.0151 2948 RasSstp - ok
00:06:34.0182 2948 rdbss (d528bc58a489409ba40334ebf96a311b) C:\Windows\system32\DRIVERS\rdbss.sys
00:06:34.0213 2948 rdbss - ok
00:06:34.0244 2948 rdpbus (0d8f05481cb76e70e1da06ee9f0da9df) C:\Windows\system32\drivers\rdpbus.sys
00:06:34.0260 2948 rdpbus - ok
00:06:34.0275 2948 RDPCDD (23dae03f29d253ae74c44f99e515f9a1) C:\Windows\system32\DRIVERS\RDPCDD.sys
00:06:34.0275 2948 RDPCDD - ok
00:06:34.0307 2948 RDPDR (b973fcfc50dc1434e1970a146f7e3885) C:\Windows\system32\drivers\rdpdr.sys
00:06:34.0338 2948 RDPDR - ok
00:06:34.0353 2948 RDPENCDD (5a53ca1598dd4156d44196d200c94b8a) C:\Windows\system32\drivers\rdpencdd.sys
00:06:34.0369 2948 RDPENCDD - ok
00:06:34.0385 2948 RDPREFMP (44b0a53cd4f27d50ed461dae0c0b4e1f) C:\Windows\system32\drivers\rdprefmp.sys
00:06:34.0400 2948 RDPREFMP - ok
00:06:34.0416 2948 RDPWD (288b06960d78428ff89e811632684e20) C:\Windows\system32\drivers\RDPWD.sys
00:06:34.0463 2948 RDPWD - ok
00:06:34.0525 2948 rdyboost (518395321dc96fe2c9f0e96ac743b656) C:\Windows\system32\drivers\rdyboost.sys
00:06:34.0525 2948 rdyboost - ok
00:06:34.0556 2948 RemoteAccess (7b5e1419717fac363a31cc302895217a) C:\Windows\System32\mprdim.dll
00:06:34.0572 2948 RemoteAccess - ok
00:06:34.0603 2948 RemoteRegistry (cb9a8683f4ef2bf99e123d79950d7935) C:\Windows\system32\regsvc.dll
00:06:34.0619 2948 RemoteRegistry - ok
00:06:34.0634 2948 RpcEptMapper (78d072f35bc45d9e4e1b61895c152234) C:\Windows\System32\RpcEpMap.dll
00:06:34.0665 2948 RpcEptMapper - ok
00:06:34.0681 2948 RpcLocator (94d36c0e44677dd26981d2bfeef2a29d) C:\Windows\system32\locator.exe
00:06:34.0712 2948 RpcLocator - ok
00:06:34.0728 2948 RpcSs (7660f01d3b38aca1747e397d21d790af) C:\Windows\system32\rpcss.dll
00:06:34.0743 2948 RpcSs - ok
00:06:34.0790 2948 rspndr (032b0d36ad92b582d869879f5af5b928) C:\Windows\system32\DRIVERS\rspndr.sys
00:06:34.0821 2948 rspndr - ok
00:06:34.0853 2948 s3cap (7fa7f2e249a5dcbb7970630e15e1f482) C:\Windows\system32\drivers\vms3cap.sys
00:06:34.0853 2948 s3cap - ok
00:06:34.0884 2948 SamSs (f42309c4191c506b71db5d1126d26318) C:\Windows\system32\lsass.exe
00:06:34.0884 2948 SamSs - ok
00:06:34.0915 2948 sbp2port (05d860da1040f111503ac416ccef2bca) C:\Windows\system32\drivers\sbp2port.sys
00:06:34.0946 2948 sbp2port - ok
00:06:34.0977 2948 SCardSvr (8fc518ffe9519c2631d37515a68009c4) C:\Windows\System32\SCardSvr.dll
00:06:35.0009 2948 SCardSvr - ok
00:06:35.0024 2948 scfilter (0693b5ec673e34dc147e195779a4dcf6) C:\Windows\system32\DRIVERS\scfilter.sys
00:06:35.0040 2948 scfilter - ok
00:06:35.0087 2948 Schedule (a04bb13f8a72f8b6e8b4071723e4e336) C:\Windows\system32\schedsvc.dll
00:06:35.0118 2948 Schedule - ok
00:06:35.0149 2948 SCPolicySvc (319c6b309773d063541d01df8ac6f55f) C:\Windows\System32\certprop.dll
00:06:35.0149 2948 SCPolicySvc - ok
00:06:35.0165 2948 SDRSVC (08236c4bce5edd0a0318a438af28e0f7) C:\Windows\System32\SDRSVC.dll
00:06:35.0180 2948 SDRSVC - ok
00:06:35.0243 2948 SeaPort (331e7bde228914574fc9ae6cd520dafa) C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
00:06:35.0258 2948 SeaPort - ok
00:06:35.0305 2948 secdrv (90a3935d05b494a5a39d37e71f09a677) C:\Windows\system32\drivers\secdrv.sys
00:06:35.0321 2948 secdrv - ok
00:06:35.0336 2948 seclogon (a59b3a4442c52060cc7a85293aa3546f) C:\Windows\system32\seclogon.dll
00:06:35.0367 2948 seclogon - ok
00:06:35.0383 2948 SENS (dcb7fcdcc97f87360f75d77425b81737) C:\Windows\System32\sens.dll
00:06:35.0414 2948 SENS - ok
00:06:35.0414 2948 SensrSvc (50087fe1ee447009c9cc2997b90de53f) C:\Windows\system32\sensrsvc.dll
00:06:35.0445 2948 SensrSvc - ok
00:06:35.0492 2948 Serenum (9ad8b8b515e3df6acd4212ef465de2d1) C:\Windows\system32\drivers\serenum.sys
00:06:35.0523 2948 Serenum - ok
00:06:35.0539 2948 Serial (5fb7fcea0490d821f26f39cc5ea3d1e2) C:\Windows\system32\drivers\serial.sys
00:06:35.0586 2948 Serial - ok
00:06:35.0617 2948 sermouse (79bffb520327ff916a582dfea17aa813) C:\Windows\system32\drivers\sermouse.sys
00:06:35.0633 2948 sermouse - ok
00:06:35.0648 2948 SessionEnv (4ae380f39a0032eab7dd953030b26d28) C:\Windows\system32\sessenv.dll
00:06:35.0679 2948 SessionEnv - ok
00:06:35.0711 2948 sffdisk (9f976e1eb233df46fce808d9dea3eb9c) C:\Windows\system32\drivers\sffdisk.sys
00:06:35.0711 2948 sffdisk - ok
00:06:35.0742 2948 sffp_mmc (932a68ee27833cfd57c1639d375f2731) C:\Windows\system32\drivers\sffp_mmc.sys
00:06:35.0742 2948 sffp_mmc - ok
00:06:35.0773 2948 sffp_sd (6d4ccaedc018f1cf52866bbbaa235982) C:\Windows\system32\drivers\sffp_sd.sys
00:06:35.0773 2948 sffp_sd - ok
00:06:35.0804 2948 sfloppy (db96666cc8312ebc45032f30b007a547) C:\Windows\system32\drivers\sfloppy.sys
00:06:35.0820 2948 sfloppy - ok
00:06:35.0851 2948 SharedAccess (d1a079a0de2ea524513b6930c24527a2) C:\Windows\System32\ipnathlp.dll
00:06:35.0898 2948 SharedAccess - ok
00:06:35.0929 2948 ShellHWDetection (414da952a35bf5d50192e28263b40577) C:\Windows\System32\shsvcs.dll
00:06:35.0945 2948 ShellHWDetection - ok
00:06:35.0960 2948 sisagp (2565cac0dc9fe0371bdce60832582b2e) C:\Windows\system32\drivers\sisagp.sys
00:06:35.0991 2948 sisagp - ok
00:06:36.0023 2948 SiSRaid2 (a9f0486851becb6dda1d89d381e71055) C:\Windows\system32\drivers\SiSRaid2.sys
00:06:36.0038 2948 SiSRaid2 - ok
00:06:36.0054 2948 SiSRaid4 (3727097b55738e2f554972c3be5bc1aa) C:\Windows\system32\drivers\sisraid4.sys
00:06:36.0085 2948 SiSRaid4 - ok
00:06:36.0116 2948 Smb (3e21c083b8a01cb70ba1f09303010fce) C:\Windows\system32\DRIVERS\smb.sys
00:06:36.0147 2948 Smb - ok
00:06:36.0194 2948 SNMPTRAP (6a984831644eca1a33ffeae4126f4f37) C:\Windows\System32\snmptrap.exe
00:06:36.0210 2948 SNMPTRAP - ok
00:06:36.0241 2948 spldr (95cf1ae7527fb70f7816563cbc09d942) C:\Windows\system32\drivers\spldr.sys
00:06:36.0241 2948 spldr - ok
00:06:36.0272 2948 Spooler (866a43013535dc8587c258e43579c764) C:\Windows\System32\spoolsv.exe
00:06:36.0303 2948 Spooler - ok
00:06:36.0366 2948 sppsvc (cf87a1de791347e75b98885214ced2b8) C:\Windows\system32\sppsvc.exe
00:06:36.0491 2948 sppsvc - ok
00:06:36.0522 2948 sppuinotify (b0180b20b065d89232a78a40fe56eaa6) C:\Windows\system32\sppuinotify.dll
00:06:36.0537 2948 sppuinotify - ok
00:06:36.0553 2948 srv (112127c3b2e64d7680cc39cd0a39dd7e) C:\Windows\system32\DRIVERS\srv.sys
00:06:36.0600 2948 srv - ok
00:06:36.0615 2948 srv2 (e5dd784a4ee5ebc72a86c677c988fcdb) C:\Windows\system32\DRIVERS\srv2.sys
00:06:36.0647 2948 srv2 - ok
00:06:36.0662 2948 srvnet (cdbe627e16cc9e98f343d73f8e81d258) C:\Windows\system32\DRIVERS\srvnet.sys
00:06:36.0678 2948 srvnet - ok
00:06:36.0693 2948 SSDPSRV (d887c9fd02ac9fa880f6e5027a43e118) C:\Windows\System32\ssdpsrv.dll
00:06:36.0725 2948 SSDPSRV - ok
00:06:36.0740 2948 SstpSvc (d318f23be45d5e3a107469eb64815b50) C:\Windows\system32\sstpsvc.dll
00:06:36.0756 2948 SstpSvc - ok
00:06:36.0787 2948 stexstor (db32d325c192b801df274bfd12a7e72b) C:\Windows\system32\drivers\stexstor.sys
00:06:36.0803 2948 stexstor - ok
00:06:36.0834 2948 StiSvc (e1fb3706030fb4578a0d72c2fc3689e4) C:\Windows\System32\wiaservc.dll
00:06:36.0881 2948 StiSvc - ok
00:06:36.0896 2948 storflt (472af0311073dceceaa8fa18ba2bdf89) C:\Windows\system32\drivers\vmstorfl.sys
00:06:36.0896 2948 storflt - ok
00:06:36.0927 2948 StorSvc (0bf669f0a910beda4a32258d363af2a5) C:\Windows\system32\storsvc.dll
00:06:36.0943 2948 StorSvc - ok
00:06:36.0974 2948 storvsc (dcaffd62259e0bdb433dd67b5bb37619) C:\Windows\system32\drivers\storvsc.sys
00:06:36.0990 2948 storvsc - ok
00:06:37.0021 2948 swenum (e58c78a848add9610a4db6d214af5224) C:\Windows\system32\drivers\swenum.sys
00:06:37.0021 2948 swenum - ok
00:06:37.0052 2948 swprv (a28bd92df340e57b024ba433165d34d7) C:\Windows\System32\swprv.dll
00:06:37.0083 2948 swprv - ok
00:06:37.0115 2948 SysMain (36650d618ca34c9d357dfd3d89b2c56f) C:\Windows\system32\sysmain.dll
00:06:37.0177 2948 SysMain - ok
00:06:37.0193 2948 TabletInputService (763fecdc3d30c815fe72dd57936c6cd1) C:\Windows\System32\TabSvc.dll
00:06:37.0208 2948 TabletInputService - ok
00:06:37.0239 2948 TapiSrv (613bf4820361543956909043a265c6ac) C:\Windows\System32\tapisrv.dll
00:06:37.0255 2948 TapiSrv - ok
00:06:37.0271 2948 TBS (b799d9fdb26111737f58288d8dc172d9) C:\Windows\System32\tbssvc.dll
00:06:37.0302 2948 TBS - ok
00:06:37.0427 2948 Tcpip (65d10b191c59c5501a1263fc33f6894b) C:\Windows\system32\drivers\tcpip.sys
00:06:37.0458 2948 Tcpip - ok
00:06:37.0489 2948 TCPIP6 (65d10b191c59c5501a1263fc33f6894b) C:\Windows\system32\DRIVERS\tcpip.sys
00:06:37.0505 2948 TCPIP6 - ok
00:06:37.0520 2948 tcpipreg (cca24162e055c3714ce5a88b100c64ed) C:\Windows\system32\drivers\tcpipreg.sys
00:06:37.0536 2948 tcpipreg - ok
00:06:37.0567 2948 TDPIPE (1cb91b2bd8f6dd367dfc2ef26fd751b2) C:\Windows\system32\drivers\tdpipe.sys
00:06:37.0583 2948 TDPIPE - ok
00:06:37.0598 2948 TDTCP (2c10395baa4847f83042813c515cc289) C:\Windows\system32\drivers\tdtcp.sys
00:06:37.0614 2948 TDTCP - ok
00:06:37.0645 2948 tdx (b459575348c20e8121d6039da063c704) C:\Windows\system32\DRIVERS\tdx.sys
00:06:37.0692 2948 tdx - ok
00:06:37.0707 2948 TermDD (04dbf4b01ea4bf25a9a3e84affac9b20) C:\Windows\system32\drivers\termdd.sys
00:06:37.0739 2948 TermDD - ok
00:06:37.0770 2948 TermService (382c804c92811be57829d8e550a900e2) C:\Windows\System32\termsrv.dll
00:06:37.0817 2948 TermService - ok
00:06:37.0832 2948 Themes (42fb6afd6b79d9fe07381609172e7ca4) C:\Windows\system32\themeservice.dll
00:06:37.0848 2948 Themes - ok
00:06:37.0879 2948 THREADORDER (146b6f43a673379a3c670e86d89be5ea) C:\Windows\system32\mmcss.dll
00:06:37.0879 2948 THREADORDER - ok
00:06:37.0910 2948 TrkWks (4792c0378db99a9bc2ae2de6cfff0c3a) C:\Windows\System32\trkwks.dll
00:06:37.0926 2948 TrkWks - ok
00:06:37.0988 2948 TrojanKillerDriver (113384367c3999e084fe156b18c7625e) C:\Windows\system32\DRIVERS\gtkdrv.sys
00:06:38.0019 2948 TrojanKillerDriver - ok
00:06:38.0035 2948 TrustedInstaller (2c49b175aee1d4364b91b531417fe583) C:\Windows\servicing\TrustedInstaller.exe
00:06:38.0082 2948 TrustedInstaller - ok
00:06:38.0113 2948 tssecsrv (254bb140eee3c59d6114c1a86b636877) C:\Windows\system32\DRIVERS\tssecsrv.sys
00:06:38.0129 2948 tssecsrv - ok
00:06:38.0144 2948 TsUsbFlt (fd1d6c73e6333be727cbcc6054247654) C:\Windows\system32\drivers\tsusbflt.sys
00:06:38.0175 2948 TsUsbFlt - ok
00:06:38.0207 2948 TsUsbGD (01246f0baad7b68ec0f472aa41e33282) C:\Windows\system32\drivers\TsUsbGD.sys
00:06:38.0222 2948 TsUsbGD - ok
00:06:38.0253 2948 tunnel (b2fa25d9b17a68bb93d58b0556e8c90d) C:\Windows\system32\DRIVERS\tunnel.sys
00:06:38.0269 2948 tunnel - ok
00:06:38.0300 2948 uagp35 (750fbcb269f4d7dd2e420c56b795db6d) C:\Windows\system32\drivers\uagp35.sys
00:06:38.0316 2948 uagp35 - ok
00:06:38.0363 2948 udfs (ee43346c7e4b5e63e54f927babbb32ff) C:\Windows\system32\DRIVERS\udfs.sys
00:06:38.0378 2948 udfs - ok
00:06:38.0409 2948 UI0Detect (8344fd4fce927880aa1aa7681d4927e5) C:\Windows\system32\UI0Detect.exe
00:06:38.0425 2948 UI0Detect - ok
00:06:38.0503 2948 uliagpkx (44e8048ace47befbfdc2e9be4cbc8880) C:\Windows\system32\drivers\uliagpkx.sys
00:06:38.0534 2948 uliagpkx - ok
00:06:38.0581 2948 umbus (d295bed4b898f0fd999fcfa9b32b071b) C:\Windows\system32\DRIVERS\umbus.sys
00:06:38.0612 2948 umbus - ok
00:06:38.0643 2948 UmPass (7550ad0c6998ba1cb4843e920ee0feac) C:\Windows\system32\drivers\umpass.sys
00:06:38.0659 2948 UmPass - ok
00:06:38.0675 2948 UmRdpService (409994a8eaceee4e328749c0353527a0) C:\Windows\System32\umrdp.dll
00:06:38.0706 2948 UmRdpService - ok
00:06:38.0721 2948 upnphost (833fbb672460efce8011d262175fad33) C:\Windows\System32\upnphost.dll
00:06:38.0768 2948 upnphost - ok
00:06:38.0799 2948 usbccgp (7e72e7d7e0757d59481d530fd2b0bfae) C:\Windows\system32\DRIVERS\usbccgp.sys
00:06:38.0831 2948 usbccgp - ok
00:06:38.0846 2948 usbcir (04ec7cec62ec3b6d9354eee93327fc82) C:\Windows\system32\drivers\usbcir.sys
00:06:38.0862 2948 usbcir - ok
00:06:38.0877 2948 usbehci (cfbce999c057d78979a181c9c60f208e) C:\Windows\system32\drivers\usbehci.sys
00:06:38.0893 2948 usbehci - ok
00:06:38.0924 2948 usbhub (9d22aad9ac6a07c691a1113e5f860868) C:\Windows\system32\drivers\usbhub.sys
00:06:38.0940 2948 usbhub - ok
00:06:38.0971 2948 usbohci (a6fb7957ea7afb1165991e54ce934b74) C:\Windows\system32\drivers\usbohci.sys
00:06:38.0987 2948 usbohci - ok
00:06:39.0002 2948 usbprint (797d862fe0875e75c7cc4c1ad7b30252) C:\Windows\system32\drivers\usbprint.sys
00:06:39.0018 2948 usbprint - ok
00:06:39.0049 2948 USBSTOR (bf63ebfc6979fefb2bc03df7989a0c1a) C:\Windows\system32\DRIVERS\USBSTOR.SYS
00:06:39.0080 2948 USBSTOR - ok
00:06:39.0096 2948 usbuhci (78780c3ebce17405b1ccd07a3a8a7d72) C:\Windows\system32\drivers\usbuhci.sys
00:06:39.0111 2948 usbuhci - ok
00:06:39.0143 2948 UxSms (081e6e1c91aec36758902a9f727cd23c) C:\Windows\System32\uxsms.dll
00:06:39.0158 2948 UxSms - ok
00:06:39.0189 2948 VaultSvc (f42309c4191c506b71db5d1126d26318) C:\Windows\system32\lsass.exe
00:06:39.0189 2948 VaultSvc - ok
00:06:39.0236 2948 vdrvroot (a059c4c3edb09e07d21a8e5c0aabd3cb) C:\Windows\system32\drivers\vdrvroot.sys
00:06:39.0236 2948 vdrvroot - ok
00:06:39.0267 2948 vds (c3cd30495687c2a2f66a65ca6fd89be9) C:\Windows\System32\vds.exe
00:06:39.0299 2948 vds - ok
00:06:39.0330 2948 vga (17c408214ea61696cec9c66e388b14f3) C:\Windows\system32\DRIVERS\vgapnp.sys
00:06:39.0345 2948 vga - ok
00:06:39.0361 2948 VgaSave (8e38096ad5c8570a6f1570a61e251561) C:\Windows\System32\drivers\vga.sys
00:06:39.0377 2948 VgaSave - ok
00:06:39.0392 2948 vhdmp (5461686cca2fda57b024547733ab42e3) C:\Windows\system32\drivers\vhdmp.sys
00:06:39.0423 2948 vhdmp - ok
00:06:39.0470 2948 viaagp (c829317a37b4bea8f39735d4b076e923) C:\Windows\system32\drivers\viaagp.sys
00:06:39.0486 2948 viaagp - ok
00:06:39.0517 2948 ViaC7 (e02f079a6aa107f06b16549c6e5c7b74) C:\Windows\system32\drivers\viac7.sys
00:06:39.0533 2948 ViaC7 - ok
00:06:39.0564 2948 viaide (e43574f6a56a0ee11809b48c09e4fd3c) C:\Windows\system32\drivers\viaide.sys
00:06:39.0595 2948 viaide - ok
00:06:39.0626 2948 vmbus (c2f2911156fdc7817c52829c86da494e) C:\Windows\system32\drivers\vmbus.sys
00:06:39.0657 2948 vmbus - ok
00:06:39.0673 2948 VMBusHID (d4d77455211e204f370d08f4963063ce) C:\Windows\system32\drivers\VMBusHID.sys
00:06:39.0689 2948 VMBusHID - ok
00:06:39.0704 2948 volmgr (4c63e00f2f4b5f86ab48a58cd990f212) C:\Windows\system32\drivers\volmgr.sys
00:06:39.0704 2948 volmgr - ok
00:06:39.0735 2948 volmgrx (b5bb72067ddddbbfb04b2f89ff8c3c87) C:\Windows\system32\drivers\volmgrx.sys
00:06:39.0735 2948 volmgrx - ok
00:06:39.0767 2948 volsnap (f497f67932c6fa693d7de2780631cfe7) C:\Windows\system32\drivers\volsnap.sys
00:06:39.0767 2948 volsnap - ok
00:06:39.0798 2948 vpcbus (33e74df34753fcaab06f6f2bdc8cabf5) C:\Windows\system32\drivers\vpchbus.sys
00:06:39.0813 2948 vpcbus - ok
00:06:39.0845 2948 vpcnfltr (5f04362ceb5fb5901037e9d9eadd3760) C:\Windows\system32\DRIVERS\vpcnfltr.sys
00:06:39.0860 2948 vpcnfltr - ok
00:06:39.0891 2948 vpcusb (625088d6ee9ede977fd03cf18d1cd5c5) C:\Windows\system32\DRIVERS\vpcusb.sys
00:06:39.0938 2948 vpcusb - ok
00:06:39.0969 2948 vpcvmm (b21e23c100d6d5162b95cf6f05b4e035) C:\Windows\system32\drivers\vpcvmm.sys
00:06:39.0985 2948 vpcvmm - ok
00:06:40.0032 2948 vsmraid (9dfa0cc2f8855a04816729651175b631) C:\Windows\system32\drivers\vsmraid.sys
00:06:40.0079 2948 vsmraid - ok
00:06:40.0141 2948 VSS (209a3b1901b83aeb8527ed211cce9e4c) C:\Windows\system32\vssvc.exe
00:06:40.0219 2948 VSS - ok
00:06:40.0250 2948 vwifibus (90567b1e658001e79d7c8bbd3dde5aa6) C:\Windows\System32\drivers\vwifibus.sys
00:06:40.0266 2948 vwifibus - ok
00:06:40.0297 2948 W32Time (55187fd710e27d5095d10a472c8baf1c) C:\Windows\system32\w32time.dll
00:06:40.0344 2948 W32Time - ok
00:06:40.0375 2948 WacomPen (de3721e89c653aa281428c8a69745d90) C:\Windows\system32\drivers\wacompen.sys
00:06:40.0391 2948 WacomPen - ok
00:06:40.0406 2948 WANARP (3c3c78515f5ab448b022bdf5b8ffdd2e) C:\Windows\system32\DRIVERS\wanarp.sys
00:06:40.0437 2948 WANARP - ok
00:06:40.0453 2948 Wanarpv6 (3c3c78515f5ab448b022bdf5b8ffdd2e) C:\Windows\system32\DRIVERS\wanarp.sys
00:06:40.0453 2948 Wanarpv6 - ok
00:06:40.0640 2948 wbengine (691e3285e53dca558e1a84667f13e15a) C:\Windows\system32\wbengine.exe
00:06:40.0734 2948 wbengine - ok
00:06:40.0749 2948 WbioSrvc (9614b5d29dc76ac3c29f6d2d3aa70e67) C:\Windows\System32\wbiosrvc.dll
00:06:40.0781 2948 WbioSrvc - ok
00:06:40.0812 2948 wcncsvc (34eee0dfaadb4f691d6d5308a51315dc) C:\Windows\System32\wcncsvc.dll
00:06:40.0843 2948 wcncsvc - ok
00:06:40.0859 2948 WcsPlugInService (5d930b6357a6d2af4d7653bdabbf352f) C:\Windows\System32\WcsPlugInService.dll
00:06:40.0874 2948 WcsPlugInService - ok
00:06:40.0905 2948 Wd (1112a9badacb47b7c0bb0392e3158dff) C:\Windows\system32\drivers\wd.sys
00:06:40.0921 2948 Wd - ok
00:06:40.0952 2948 Wdf01000 (9950e3d0f08141c7e89e64456ae7dc73) C:\Windows\system32\drivers\Wdf01000.sys
00:06:40.0968 2948 Wdf01000 - ok
00:06:40.0983 2948 WdiServiceHost (46ef9dc96265fd0b423db72e7c38c2a5) C:\Windows\system32\wdi.dll
00:06:40.0999 2948 WdiServiceHost - ok
00:06:40.0999 2948 WdiSystemHost (46ef9dc96265fd0b423db72e7c38c2a5) C:\Windows\system32\wdi.dll
00:06:40.0999 2948 WdiSystemHost - ok
00:06:41.0015 2948 WebClient (a9d880f97530d5b8fee278923349929d) C:\Windows\System32\webclnt.dll
00:06:41.0061 2948 WebClient - ok
00:06:41.0077 2948 Wecsvc (760f0afe937a77cff27153206534f275) C:\Windows\system32\wecsvc.dll
00:06:41.0108 2948 Wecsvc - ok
00:06:41.0124 2948 wercplsupport (ac804569bb2364fb6017370258a4091b) C:\Windows\System32\wercplsupport.dll
00:06:41.0139 2948 wercplsupport - ok
00:06:41.0171 2948 WerSvc (08e420d873e4fd85241ee2421b02c4a4) C:\Windows\System32\WerSvc.dll
00:06:41.0217 2948 WerSvc - ok
00:06:41.0264 2948 WfpLwf (8b9a943f3b53861f2bfaf6c186168f79) C:\Windows\system32\DRIVERS\wfplwf.sys
00:06:41.0280 2948 WfpLwf - ok
00:06:41.0311 2948 WIMMount (5cf95b35e59e2a38023836fff31be64c) C:\Windows\system32\drivers\wimmount.sys
00:06:41.0311 2948 WIMMount - ok
00:06:41.0389 2948 WinDefend (3fae8f94296001c32eab62cd7d82e0fd) C:\Program Files\Windows Defender\mpsvc.dll
00:06:41.0467 2948 WinDefend - ok
00:06:41.0483 2948 WinHttpAutoProxySvc - ok
00:06:41.0514 2948 Winmgmt (f62e510b6ad4c21eb9fe8668ed251826) C:\Windows\system32\wbem\WMIsvc.dll
00:06:41.0545 2948 Winmgmt - ok
00:06:41.0576 2948 WinRM (1b91cd34ea3a90ab6a4ef0550174f4cc) C:\Windows\system32\WsmSvc.dll
00:06:41.0654 2948 WinRM - ok
00:06:41.0701 2948 Wlansvc (16935c98ff639d185086a3529b1f2067) C:\Windows\System32\wlansvc.dll
00:06:41.0748 2948 Wlansvc - ok
00:06:41.0841 2948 wlidsvc (5144ae67d60ec653f97ddf3feed29e77) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
00:06:41.0873 2948 wlidsvc - ok
00:06:41.0951 2948 WmiAcpi (0217679b8fca58714c3bf2726d2ca84e) C:\Windows\system32\drivers\wmiacpi.sys
00:06:41.0982 2948 WmiAcpi - ok
00:06:42.0044 2948 wmiApSrv (6eb6b66517b048d87dc1856ddf1f4c3f) C:\Windows\system32\wbem\WmiApSrv.exe
00:06:42.0060 2948 wmiApSrv - ok
00:06:42.0122 2948 WMPNetworkSvc (3b40d3a61aa8c21b88ae57c58ab3122e) C:\Program Files\Windows Media Player\wmpnetwk.exe
00:06:42.0231 2948 WMPNetworkSvc - ok
00:06:42.0247 2948 WPCSvc (a2f0ec770a92f2b3f9de6d518e11409c) C:\Windows\System32\wpcsvc.dll
00:06:42.0278 2948 WPCSvc - ok
00:06:42.0294 2948 WPDBusEnum (aa53356d60af47eacc85bc617a4f3f66) C:\Windows\system32\wpdbusenum.dll
00:06:42.0325 2948 WPDBusEnum - ok
00:06:42.0356 2948 ws2ifsl (6db3276587b853bf886b69528fdb048c) C:\Windows\system32\drivers\ws2ifsl.sys
00:06:42.0372 2948 ws2ifsl - ok
00:06:42.0387 2948 wscsvc (6f5d49efe0e7164e03ae773a3fe25340) C:\Windows\system32\wscsvc.dll
00:06:42.0434 2948 wscsvc - ok
00:06:42.0450 2948 WSearch - ok
00:06:42.0575 2948 wuauserv (3026418a50c5b4761befa632cedb7406) C:\Windows\system32\wuaueng.dll
00:06:42.0668 2948 wuauserv - ok
00:06:42.0699 2948 WudfPf (e714a1c0354636837e20ccbf00888ee7) C:\Windows\system32\drivers\WudfPf.sys
00:06:42.0731 2948 WudfPf - ok
00:06:42.0762 2948 wudfsvc (8d1e1e529a2c9e9b6a85b55a345f7629) C:\Windows\System32\WUDFSvc.dll
00:06:42.0793 2948 wudfsvc - ok
00:06:42.0809 2948 WwanSvc (ff2d745b560f7c71b31f30f4d49f73d2) C:\Windows\System32\wwansvc.dll
00:06:42.0840 2948 WwanSvc - ok
00:06:42.0902 2948 XobniService (2f1f1e823fd15be2be1c4e4e1ec07abe) C:\Program Files\Xobni\XobniService.exe
00:06:42.0949 2948 XobniService - ok
00:06:42.0980 2948 MBR (0x1B8) (434fe36c05f8bb22e0c8592360c3d53c) \Device\Harddisk0\DR0
00:06:43.0245 2948 \Device\Harddisk0\DR0 - ok
00:06:43.0261 2948 Boot (0x1200) (a990ec4b9325c17c3ff83f9fd57b0034) \Device\Harddisk0\DR0\Partition0
00:06:43.0261 2948 \Device\Harddisk0\DR0\Partition0 - ok
00:06:43.0277 2948 Boot (0x1200) (0c2807eb53ab5d9cbee395267c64d37a) \Device\Harddisk0\DR0\Partition1
00:06:43.0277 2948 \Device\Harddisk0\DR0\Partition1 - ok
00:06:43.0308 2948 Boot (0x1200) (69ac03852419528dc1117aef8b2ed653) \Device\Harddisk0\DR0\Partition2
00:06:43.0339 2948 \Device\Harddisk0\DR0\Partition2 - ok
00:06:43.0339 2948 ============================================================
00:06:43.0339 2948 Scan finished
00:06:43.0339 2948 ============================================================
00:06:43.0339 2956 Detected object count: 0
00:06:43.0339 2956 Actual detected object count: 0

 

[Broni]

Very good.

Restart in normal mode and see how computer behaves.

See if you can update and run MBAM from there.
If so post fresh log.

Then....

Please download ComboFix from Here or Here to your Desktop.

**Note: In the event you already have Combofix, this is a new version that I need you to download. It is important that it is saved directly to your desktop**

• Never rename Combofix unless instructed.
• Close any open browsers.
• Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.
• Very Important! Temporarily disable your anti-virus, script blocking and any anti-malware real-time protection before performing a scan. They can interfere with ComboFix or remove some of its embedded files which may cause "unpredictable results".
• Click on this link to see a list of programs that should be disabled. The list is not all inclusive. If yours is not listed and you don't know how to disable it, please ask.
• Close any open browsers.
• WARNING: Combofix will disconnect your machine from the Internet as soon as it starts
• Please do not attempt to re-connect your machine back to the Internet until Combofix has completely finished.
• If there is no internet connection after running Combofix, then restart your computer to restore back your connection.
• Double click on combofix.exe & follow the prompts.

• 
  NOTE1. If Combofix asks you to install Recovery Console, please allow it.
  NOTE 2. If Combofix asks you to update the program, always do so.

• When finished, it will produce a report for you.
• Please post the "C:\ComboFix.txt"

**Note 1: Do not mouseclick combofix's window while it's running. That may cause it to stall
**Note 2 for AVG and CA Internet Security users: ComboFix will not run until AVG/CA Internet Security is uninstalled as a protective measure against the anti-virus. This is because AVG/CA Internet Security "falsely" detects ComboFix (or its embedded files) as a threat and may remove them resulting in the tool not working correctly which in turn can cause "unpredictable results". Since AVG/CA Internet Security cannot be effectively disabled before running ComboFix, the author recommends you to uninstall AVG/CA Internet Security first.
Use AppRemover to uninstall it: https://www.techspot.com/downloads/5514-appremover.html
We can reinstall it when we're done with CF.
**Note 3: If you receive an error "Illegal operation attempted on a registery key that has been marked for deletion", restart computer to fix the issue.
**Note 4: Some infections may take some significant time to be cured. As long as your computer clock is running Combofix is still working. Be patient.


Make sure, you re-enable your security programs, when you're done with Combofix.

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

NOTE.
If, for some reason, Combofix refuses to run, try one of the following:

1. Run Combofix from Safe Mode.

2. Delete Combofix file, download fresh one, but rename combofix.exe to your_name.exe BEFORE saving it to your desktop.
Do NOT run it yet.
Please download and run the below tool named Rkill (courtesy of BleepingComputer.com) which may help allow other programs to run.
There are 4 different versions. If one of them won't run then download and try to run the other one.
Vista and Win7 users need to right click Rkill and choose Run as Administrator
You only need to get one of these to run, not all of them. You may get warnings from your antivirus about this tool, ignore them or shutdown your antivirus.

* Rkill.com
* Rkill.scr
* Rkill.exe

• Double-click on the Rkill icon to run the tool.
• If using Vista or Windows 7 right-click on it and choose Run As Administrator.
• A black DOS box will briefly flash and then disappear. This is normal and indicates the tool ran successfully.
• If not, delete the file, then download and use the one provided in Link 2.
• If it does not work, repeat the process and attempt to use one of the remaining links until the tool runs.
• Do not reboot until instructed.
• If the tool does not run from any of the links provided, please let me know.

Once you've gotten one of them to run, immediately run your_name.exe by double clicking on it.

If normal mode still doesn't work, run BOTH tools from safe mode.

In case #2, please post BOTH logs, rKill and Combofix.

DO NOT make any other changes to your computer (like installing programs, using other cleaning tools, etc.), until it's officially declared clean!!!

 

[TechFee]

MBAM Combo Fix logs

Malwarebytes Anti-Malware (Trial) 1.60.1.1000
www.malwarebytes.org

Database version: v2012.03.22.04

Windows 7 Service Pack 1 x86 NTFS
Internet Explorer 9.0.8112.16421
kmanney :: MELB-W10 [administrator]

Protection: Enabled

3/22/2012 3:53:24 PM
mbam-log-2012-03-22 (15-53-24).txt

Scan type: Quick scan
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
Scan options disabled: P2P
Objects scanned: 198495
Time elapsed: 4 minute(s), 32 second(s)

Memory Processes Detected: 0
(No malicious items detected)

Memory Modules Detected: 0
(No malicious items detected)

Registry Keys Detected: 0
(No malicious items detected)

Registry Values Detected: 0
(No malicious items detected)

Registry Data Items Detected: 0
(No malicious items detected)

Folders Detected: 0
(No malicious items detected)

Files Detected: 1
C:\Windows\System32\chgletup.dll (Trojan.Agent) -> Quarantined and deleted successfully.

(end)


____________________________________________________

ComboFix 12-03-21.02 - kmanney 03/22/2012 16:44:27.2.2 - x86
Running from: c:\virus removers\ComboFix.exe
AV: Microsoft Security Essentials *Disabled/Updated* {108DAC43-C256-20B7-BB05-914135DA5160}
SP: Microsoft Security Essentials *Disabled/Updated* {ABEC4DA7-E46C-2F39-81B5-AA334E5D1BDD}
SP: Windows Defender *Disabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
* Created a new restore point
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\users\kmanney\g2ax_customer_downloadhelper_win32_x86.exe
c:\users\kmanney\g2mdlhlpx.exe
c:\windows\$NtUninstallKB22518$
c:\windows\system32\Agent.OMZ.Fix.exe
c:\windows\system32\dumphive.exe
c:\windows\system32\IEDFix.C.exe
c:\windows\system32\IEDFix.exe
c:\windows\system32\o4Patch.exe
c:\windows\system32\Process.exe
c:\windows\system32\SETAA3D.tmp
c:\windows\system32\SrchSTS.exe
c:\windows\system32\system
c:\windows\system32\tmp.reg
c:\windows\system32\VCCLSID.exe
c:\windows\system32\WS2Fix.exe
.
.
((((((((((((((((((((((((( Files Created from 2012-02-22 to 2012-03-22 )))))))))))))))))))))))))))))))
.
.
2012-03-22 20:57 . 2012-03-22 20:57 -------- d-----w- c:\users\Default\AppData\Local\temp
2012-03-22 20:57 . 2012-03-22 20:58 -------- d-----w- c:\users\kmanney\AppData\Local\temp
2012-03-22 19:52 . 2012-03-22 19:52 196984 ----a-w- c:\windows\system32\g2ax_credential_provider_383.dll
2012-03-22 06:00 . 2012-03-22 06:00 56200 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{A1FC69F1-9E37-4AD8-8124-F423771E0539}\offreg.dll
2012-03-22 04:04 . 2012-03-13 23:15 6582328 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{A1FC69F1-9E37-4AD8-8124-F423771E0539}\mpengine.dll
2012-03-22 03:42 . 2012-03-22 03:42 -------- d-----w- C:\TDSSKiller_Quarantine
2012-03-22 00:56 . 2012-03-22 00:56 713784 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{53DADA43-7AFF-4798-8133-ED6D9C93144D}\gapaengine.dll
2012-03-22 00:53 . 2012-03-22 00:53 -------- d-----w- c:\program files\Microsoft Security Client
2012-03-21 17:08 . 2012-03-21 18:10 -------- d-----w- C:\Symantec Endpoint Protection 11.0.3
2012-03-20 20:16 . 2012-03-20 20:35 -------- d-----w- c:\program files\GridinSoft Trojan Killer
2012-03-20 20:16 . 2012-03-20 20:16 24398592 ----a-w- C:\gtk2119-setup.exe
2012-03-20 17:45 . 2012-03-20 17:59 691 ----a-w- c:\users\kmanney\AppData\Roaming\GetValue.vbs
2012-03-20 17:45 . 2012-03-20 17:59 35 ----a-w- c:\users\kmanney\AppData\Roaming\SetValue.bat
2012-03-19 23:15 . 2011-04-09 05:56 123904 ----a-w- c:\windows\system32\poqexec.exe
2012-03-19 23:14 . 2012-03-19 23:14 -------- d-----w- c:\program files\MSXML 4.0
2012-03-19 23:04 . 2011-10-26 04:47 3912560 ----a-w- c:\windows\system32\ntoskrnl.exe
2012-03-19 23:04 . 2011-10-26 04:47 3967856 ----a-w- c:\windows\system32\ntkrnlpa.exe
2012-03-19 23:03 . 2011-09-29 16:03 1290608 ----a-w- c:\windows\system32\drivers\tcpip.sys
2012-03-19 23:02 . 2012-03-21 18:53 -------- d-----w- C:\RBin
2012-03-19 23:02 . 2011-11-17 05:38 1288472 ----a-w- c:\windows\system32\ntdll.dll
2012-03-19 21:30 . 2012-03-19 21:30 28172738 ----a-w- C:\31912 530.reg
2012-03-19 20:25 . 2012-03-19 20:26 -------- d-----w- c:\users\Security1st
2012-03-19 16:18 . 2012-03-19 16:18 186 ----a-w- C:\new.reg
2012-03-19 13:45 . 2011-12-10 19:24 20464 ----a-w- c:\windows\system32\drivers\mbam.sys
2012-03-05 23:28 . 2012-03-22 04:01 -------- d-----w- C:\Virus removers
2012-03-05 22:31 . 2012-03-05 22:31 126394 ----a-w- C:\cc_20120305_173129.reg
2012-03-02 17:59 . 2012-03-02 18:44 -------- d-----w- c:\program files\CCleaner
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-01-31 12:44 . 2011-02-10 19:41 237072 ------w- c:\windows\system32\MpSigStub.exe
2012-01-04 14:28 . 2012-01-04 14:28 16128 ----a-w- c:\windows\system32\drivers\gtkdrv.sys
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"hpsysdrv"="c:\program files\hewlett-packard\HP odometer\hpsysdrv.exe" [2008-11-20 62768]
"PDF Complete"="c:\program files\PDF Complete\pdfsty.exe" [2010-09-28 664600]
"HP KEYBOARDx"="c:\program files\Hewlett-Packard\HP Desktop Keyboard\HPKEYBOARDx.EXE" [2010-02-11 710656]
"HP Remote Solution"="c:\program files\Hewlett-Packard\HP Remote Solution\HP_Remote_Solution.exe" [2009-08-25 656896]
"BATINDICATOR"="c:\program files\Hewlett-Packard\HP MAINSTREAM KEYBOARD\BATINDICATOR.exe" [2009-05-08 2068992]
"LaunchHPOSIAPP"="c:\program files\Hewlett-Packard\HP MAINSTREAM KEYBOARD\LaunchApp.exe" [2009-04-04 385024]
"Microsoft Default Manager"="c:\program files\Microsoft\Search Enhancement Pack\Default Manager\DefMgr.exe" [2010-05-10 439568]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2012-01-03 843712]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2011-04-08 254696]
"Malwarebytes' Anti-Malware"="c:\program files\Malwarebytes' Anti-Malware\mbamgui.exe" [2012-01-13 460872]
"MSC"="c:\program files\Microsoft Security Client\msseces.exe" [2011-06-15 997920]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 0 (0x0)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
"PromptOnSecureDesktop"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\GoToAssist Express Customer]
2012-03-22 19:52 608632 ----a-w- c:\program files\Citrix\GoToAssist Express Customer\383\g2ax_winlogon.dll
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
Security Packages REG_MULTI_SZ kerberos msv1_0 schannel wdigest tspkg pku2u livessp
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MsMpSvc]
@="Service"
.
R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]
R2 XobniService;XobniService;c:\program files\Xobni\XobniService.exe [2011-02-23 56040]
R3 dmvsc;dmvsc;c:\windows\system32\drivers\dmvsc.sys [2010-11-20 62464]
R3 GamesAppService;GamesAppService;c:\program files\WildTangent Games\App\GamesAppService.exe [2010-10-12 206072]
R3 MpNWMon;Microsoft Malware Protection Network Driver;c:\windows\system32\DRIVERS\MpNWMon.sys [2011-04-18 43392]
R3 NisDrv;Microsoft Network Inspection System;c:\windows\system32\DRIVERS\NisDrvWFP.sys [2011-04-27 65024]
R3 NisSrv;Microsoft Network Inspection;c:\program files\Microsoft Security Client\Antimalware\NisSrv.exe [2011-04-27 208944]
R3 osppsvc;Office Software Protection Platform;c:\program files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE [2010-01-10 4640000]
R3 OxPPort;OxPPort;c:\windows\system32\drivers\OxPPort.sys [2008-07-31 82048]
R3 OxSer;OxSer;c:\windows\system32\drivers\OxSer.sys [2009-09-16 83888]
R3 TrojanKillerDriver;GridinSoft Trojan Killer Driver;c:\windows\system32\DRIVERS\gtkdrv.sys [2012-01-04 16128]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [2010-11-20 52224]
R3 TsUsbGD;Remote Desktop Generic USB Device;c:\windows\system32\drivers\TsUsbGD.sys [2010-11-20 27264]
S2 AdobeARMservice;Adobe Acrobat Update Service;c:\program files\Common Files\Adobe\ARM\1.0\armsvc.exe [2012-01-03 63928]
S2 GoToAssist Express Customer;GoToAssist Express Customer;c:\program files\Citrix\GoToAssist Express Customer\383\g2ax_service.exe Start=service [x]
S2 HPClientSvc;HP Client Services;c:\program files\Hewlett-Packard\HP Client Services\HPClientServices.exe [2010-10-11 246840]
S2 HPDrvMntSvc.exe;HP Quick Synchronization Service;c:\program files\Hewlett-Packard\Shared\HPDrvMntSvc.exe [2011-01-26 92216]
S2 MBAMService;MBAMService;c:\program files\Malwarebytes' Anti-Malware\mbamservice.exe [2012-01-13 652360]
S2 pdfcDispatcher;PDF Document Manager;c:\program files\PDF Complete\pdfsvc.exe [2010-09-28 1119768]
S3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [2011-12-10 20464]
.
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
HPZ12 REG_MULTI_SZ Pml Driver HPZ12 Net Driver HPZ12
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.google.com/
TCP: DhcpNameServer = 192.168.1.254
.
- - - - ORPHANS REMOVED - - - -
.
Toolbar-Locked - (no file)
AddRemove-{E92D47A1-D27D-430A-8368-0BAFD956507D} - c:\program files\InstallShield Installation Information\{E92D47A1-D27D-430A-8368-0BAFD956507D}\setup.exe
.
.
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\pdfcDispatcher]
"ImagePath"="c:\program files\PDF Complete\pdfsvc.exe /startedbyscm:66B66708-40E2BE4D-pdfcService"
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
Completion time: 2012-03-22 17:03:03
ComboFix-quarantined-files.txt 2012-03-22 21:03
.
Pre-Run: 210,196,496,384 bytes free
Post-Run: 210,310,373,376 bytes free
.
- - End Of File - - 81562353BBEC28199F3D87EF81DF435E

 

[TechFee]

MBAM again

scanned MBAM again and it found zero infections.

 

[Broni]

Good job

Uninstall (GridinSoft) Trojan Killer a software of a very questionable reputation.

Combofix log looks good.

How is computer doing?

Download OTL to your Desktop.

• Double click on the icon to run it. Make sure all other windows are closed and to let it run uninterrupted.
• Click the Scan All Users checkbox.
• Under the Custom Scan box paste this in:

netsvcs
drivers32
%SYSTEMDRIVE%\*.*
%systemroot%\Fonts\*.com
%systemroot%\Fonts\*.dll
%systemroot%\Fonts\*.ini
%systemroot%\Fonts\*.ini2
%systemroot%\Fonts\*.exe
%systemroot%\system32\spool\prtprocs\w32x86\*.*
%systemroot%\REPAIR\*.bak1
%systemroot%\REPAIR\*.ini
%systemroot%\system32\*.jpg
%systemroot%\*.jpg
%systemroot%\*.png
%systemroot%\*.scr
%systemroot%\*._sy
%APPDATA%\Adobe\Update\*.*
%ALLUSERSPROFILE%\Favorites\*.*
%APPDATA%\Microsoft\*.*
%PROGRAMFILES%\*.*
%APPDATA%\Update\*.*
%systemroot%\*. /mp /s
CREATERESTOREPOINT
%systemroot%\System32\config\*.sav
%PROGRAMFILES%\bak. /s
%systemroot%\system32\bak. /s
%ALLUSERSPROFILE%\Start Menu\*.lnk /x
%systemroot%\system32\config\systemprofile\*.dat /x
%systemroot%\*.config
%systemroot%\system32\*.db
%APPDATA%\Microsoft\Internet Explorer\Quick Launch\*.lnk /x
%USERPROFILE%\Desktop\*.exe
%PROGRAMFILES%\Common Files\*.*
%systemroot%\*.src
%systemroot%\install\*.*
%systemroot%\system32\DLL\*.*
%systemroot%\system32\HelpFiles\*.*
%systemroot%\tasks\*.*
%systemroot%\system32\rundll\*.*
%systemroot%\winn32\*.*
%systemroot%\Java\*.*
%systemroot%\system32\test\*.*
%systemroot%\system32\Rundll32\*.*
%systemroot%\AppPatch\Custom\*.*
%APPDATA%\Roaming\Microsoft\Windows\Recent\*.lnk /x
%PROGRAMFILES%\PC-Doctor\Downloads\*.*
%PROGRAMFILES%\Internet Explorer\*.tmp
%PROGRAMFILES%\Internet Explorer\*.dat
%USERPROFILE%\My Documents\*.exe
%USERPROFILE%\*.exe
%systemroot%\ADDINS\*.*
%systemroot%\assembly\*.bak2
%systemroot%\Config\*.*
%systemroot%\REPAIR\*.bak2
%systemroot%\SECURITY\Database\*.sdb /x
%systemroot%\SYSTEM\*.bak2
%systemroot%\Web\*.bak2
%systemroot%\Driver Cache\*.*
%PROGRAMFILES%\Mozilla Firefox\0*.exe
%ProgramFiles%\Microsoft Common\*.*
%ProgramFiles%\TinyProxy.
%USERPROFILE%\Favorites\*.url /x
%systemroot%\system32\*.bk
%systemroot%\*.te
%systemroot%\system32\system32\*.*
%ALLUSERSPROFILE%\*.dat /x
%systemroot%\system32\drivers\*.rmv
dir /b "%systemroot%\system32\*.exe" | find /i " " /c
dir /b "%systemroot%\*.exe" | find /i " " /c
%PROGRAMFILES%\Microsoft\*.*
%systemroot%\System32\Wbem\proquota.exe
%PROGRAMFILES%\Mozilla Firefox\*.dat
%USERPROFILE%\Cookies\*.txt /x
%SystemRoot%\system32\fonts\*.*
%systemroot%\system32\winlog\*.*
%systemroot%\system32\Language\*.*
%systemroot%\system32\Settings\*.*
%systemroot%\system32\*.quo
%SYSTEMROOT%\AppPatch\*.exe
%SYSTEMROOT%\inf\*.exe
%SYSTEMROOT%\Installer\*.exe
%systemroot%\system32\config\*.bak2
%systemroot%\system32\Computers\*.*
%SystemRoot%\system32\Sound\*.*
%SystemRoot%\system32\SpecialImg\*.*
%SystemRoot%\system32\code\*.*
%SystemRoot%\system32\draft\*.*
%SystemRoot%\system32\MSSSys\*.*
%ProgramFiles%\Javascript\*.*
%systemroot%\pchealth\helpctr\System\*.exe /s
%systemroot%\Web\*.exe
%systemroot%\system32\msn\*.*
%systemroot%\system32\*.tro
%AppData%\Microsoft\Installer\msupdates\*.*
%ProgramFiles%\Messenger\*.*
%systemroot%\system32\systhem32\*.*
%systemroot%\system\*.exe
HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate\AU
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\Auto Update\Results\Install|LastSuccessTime /rs
/md5start
/md5stop

• Click the Quick Scan button. Do not change any settings unless otherwise told to do so. The scan wont take long.
• When the scan completes, it will open two notepad windows: OTL.txt and Extras.txt. These are saved in the same location as OTL.
• Please copy (Edit->Select All, Edit->Copy) the contents of these files, one at a time, and post them back here.

 

[TechFee]

Extras & OTL

OTL Extras logfile created on: 3/26/2012 6:40:31 PM - Run 1
OTL by OldTimer - Version 3.2.39.2 Folder = C:\Users\kmanney\Desktop
Professional Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

1.75 Gb Total Physical Memory | 1.12 Gb Available Physical Memory | 64.29% Memory free
3.50 Gb Paging File | 2.78 Gb Available in Paging File | 79.35% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 223.51 Gb Total Space | 198.52 Gb Free Space | 88.82% Space Free | Partition Type: NTFS
Drive D: | 9.27 Gb Total Space | 1.13 Gb Free Space | 12.15% Space Free | Partition Type: NTFS
Drive Z: | 223.51 Gb Total Space | 193.83 Gb Free Space | 86.72% Space Free | Partition Type: NTFS

Computer Name: MELB-W10 | User Name: kmanney | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Extra Registry (SafeList) ==========


========== File Associations ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\System32\control.exe (Microsoft Corporation)
.hlp [@ = hlpfile] -- C:\Windows\winhlp32.exe (Microsoft Corporation)

========== Shell Spawning ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
hlpfile [open] -- %SystemRoot%\winhlp32.exe %1 (Microsoft Corporation)
htmlfile [edit] -- "C:\Program Files\Microsoft Office\Office14\msohtmed.exe" %1 (Microsoft Corporation)
htmlfile [print] -- "C:\Program Files\Microsoft Office\Office14\msohtmed.exe" /p %1 (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

========== Security Center Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1
"AntiVirusDisableNotify" = 0
"FirewallDisableNotify" = 0
"UpdatesDisableNotify" = 0

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"VistaSp1" = Reg Error: Unknown registry data type -- File not found
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]

========== System Restore Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]
"DisableSR" = 0

========== Firewall Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile]

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\StandardProfile]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0

========== Authorized Applications List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]


========== HKEY_LOCAL_MACHINE Uninstall List ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{03046EBB-CB7C-4B98-BEFB-690EB955DA22}" = HP Setup
"{05BFB060-4F22-4710-B0A2-2801A1B606C5}" = Microsoft Antimalware
"{07FA4960-B038-49EB-891B-9F95930AA544}" = HP Customer Experience Enhancements
"{08234a0d-cf39-4dca-99f0-0c5cb496da81}" = Bing Bar
"{0840B4D6-7DD1-4187-8523-E6FC0007EFB7}" = Windows Live ID Sign-in Assistant
"{0A0CADCF-78DA-33C4-A350-CD51849B9702}" = Microsoft .NET Framework 4 Extended
"{196BB40D-1578-3D01-B289-BEFC77A11A1E}" = Microsoft Visual C++ 2010 x86 Redistributable - 10.0.30319
"{1CAC7A41-583B-4483-9FA5-3E5465AFF8C2}" = Microsoft Default Manager
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{254C37AA-6B72-4300-84F6-98A82419187E}" = ActiveCheck component for HP Active Support Library
"{26A24AE4-039D-4CA4-87B4-2F83216031FF}" = Java(TM) 6 Update 31
"{2856A1C2-70C5-4EC3-AFF7-E5B51E5530A2}" = HP Client Services
"{2FA94A64-C84E-49d1-97DD-7BF06C7BBFB2}.WildTangent Games App" = Update Installer for WildTangent Games App
"{3C3901C5-3455-3E0A-A214-0B093A5070A6}" = Microsoft .NET Framework 4 Client Profile
"{3CEA34E7-41EE-4C68-95F8-10E183F1D3E5}" = Closers' Choice
"{44B2A0AB-412E-4F8C-B058-D1E8AECCDFF5}" = Recovery Manager
"{465210C4-595A-BD80-44E8-E0457D9D8432}" = Zinio Reader 4
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{54B6DC7D-8C5B-4DFB-BC15-C010A3326B2B}" = Microsoft Security Client
"{61EDBE71-5D3E-4AB7-AD95-E53FEAF68C17}" = Bing Rewards Client Installer
"{669D4A35-146B-4314-89F1-1AC3D7B88367}" = HPAsset component for HP Active Support Library
"{70B446D1-E03B-4ab0-9B3C-0832142C9AA8}.WildTangent Games App-hp" = WildTangent Games App (HP Games)
"{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable
"{77C4850C-3592-4A2F-B652-ACB77A1EF77C}" = Bing Bar Platform
"{7B15D70E-9449-4CFB-B9BC-798465B2BD5C}" = Norton Internet Security
"{7CFA46E3-CC2F-4355-82AE-6012DC3633FD}" = NVIDIA ForceWare Network Access Manager
"{7F2A11F4-EAE8-4325-83EC-E3E99F85169E}" = HP Support Information
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{90140000-0015-0409-0000-0000000FF1CE}" = Microsoft Office Access MUI (English) 2010
"{90140000-0016-0409-0000-0000000FF1CE}" = Microsoft Office Excel MUI (English) 2010
"{90140000-0018-0409-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (English) 2010
"{90140000-0019-0409-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (English) 2010
"{90140000-001A-0409-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (English) 2010
"{90140000-001B-0409-0000-0000000FF1CE}" = Microsoft Office Word MUI (English) 2010
"{90140000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2010
"{90140000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2010
"{90140000-001F-0C0A-0000-0000000FF1CE}" = Microsoft Office Proof (Spanish) 2010
"{90140000-002C-0409-0000-0000000FF1CE}" = Microsoft Office Proofing (English) 2010
"{90140000-003D-0000-0000-0000000FF1CE}" = Microsoft Office Single Image 2010
"{90140000-006E-0409-0000-0000000FF1CE}" = Microsoft Office Shared MUI (English) 2010
"{90140000-00A1-0409-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (English) 2010
"{90140000-0115-0409-0000-0000000FF1CE}" = Microsoft Office Shared Setup Metadata MUI (English) 2010
"{90140000-0117-0409-0000-0000000FF1CE}" = Microsoft Office Access Setup Metadata MUI (English) 2010
"{912CED74-88D3-4C5B-ACB0-132318649765}" = PressReader
"{928B06E4-DDAA-476A-926A-641620326327}" = Microsoft Search Enhancement Pack
"{9368DDD5-CE7F-4BD7-A83A-F00FABE338EC}" = Blio
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{AC76BA86-7AD7-1033-7B44-AA1000000001}" = Adobe Reader X (10.1.2)
"{AE856388-AFAD-4753-81DF-D96B19D0A17C}" = HP Setup Manager
"{B40D7926-AE5F-41EA-8AC6-56C0E2F00E9D}" = HP MAINSTREAM KEYBOARD
"{B8AC1A89-FFD1-4F97-8051-E505A160F562}" = HP Odometer
"{BE1C9464-DEBB-4DA6-B19A-8EC634F22D73}" = HP Connect Solutions
"{C611CF88-969D-43E6-A877-D6D6439DD081}" = HP Remote Solution
"{CC4D56B7-6F18-470B-8734-ABCD75BCF4F1}" = HP Auto
"{CCA5EAAD-92F4-4B7A-B5EE-14294C66AB61}" = PlayReady PC Runtime x86
"{D79A02E9-6713-4335-9668-AAC7474C0C0E}" = HP Vision Hardware Diagnostics
"{D7EC8A27-CDA2-46AE-8A26-4104A04FA5BE}" = 32 Bit HP CIO Components Installer
"{DF2035BE-5820-4965-BD97-7FAF8D4A7879}" = Microsoft_VC90_CRT_x86
"{E9E34215-82EF-4909-BE2F-F581F0DC9062}" = DirectX for Managed Code Update (Summer 2004)
"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
"{FDB3B167-F4FA-461D-976F-286304A57B2A}" = Adobe AIR
"Adobe AIR" = Adobe AIR
"Adobe Flash Player ActiveX" = Adobe Flash Player 11 ActiveX
"Fort Dox" = Fort Dox
"GoToAssist Express Customer" = GoToManage Customer 1.6.0.383
"HP Keyboard_is1" = HP Desktop Keyboard
"HP Remote Solution" = HP Remote Solution
"Kobo" = Kobo
"Malwarebytes' Anti-Malware_is1" = Malwarebytes Anti-Malware version 1.60.1.1000
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"Microsoft .NET Framework 4 Extended" = Microsoft .NET Framework 4 Extended
"Microsoft Security Client" = Microsoft Security Essentials
"Mozilla Firefox 8.0.1 (x86 en-US)" = Mozilla Firefox 8.0.1 (x86 en-US)
"NVIDIA Display Control Panel" = NVIDIA Display Control Panel
"NVIDIA Drivers" = NVIDIA Drivers
"Office14.SingleImage" = Microsoft Office Home and Business 2010
"PDF Complete" = PDF Complete Special Edition
"SHARP PCL6 T1 Printer Driver" = SHARP PCL6 T1 Printer Driver
"WildTangent hp Master Uninstall" = HP Games
"WT087328" = Blackhawk Striker 2
"WT087330" = Bounce Symphony
"WT087335" = Build-a-lot 2
"WT087343" = Dora's World Adventure
"WT087393" = Mah Jong Medley
"WT087394" = Penguins!
"WT087395" = Poker Superstars III
"WT087396" = Polar Bowler
"WT087397" = Polar Golfer
"WT087415" = Wheel of Fortune 2
"WT087536" = Diner Dash 2 Restaurant Rescue
"WT089307" = Virtual Villagers 4 - The Tree of Life
"WT089308" = Blasterball 3
"WT089328" = Farm Frenzy
"WT089359" = Cake Mania
"WT089362" = Agatha Christie - Peril at End House
"WT089453" = Bejeweled 2 Deluxe
"WT089454" = Chuzzle Deluxe
"WT089455" = Zuma Deluxe
"WT089457" = Slingo Supreme
"WT089458" = Plants vs. Zombies - Game of the Year
"WT089470" = FATE - The Traitor Soul
"WT089484" = Namco All-Stars PAC-MAN
"WT089496" = Mystery P.I. - Stolen in San Francisco
"WT089498" = Bejeweled 3
"XobniMain" = Xobni
"ZinioReader4.9310D8F796442B71068C511E15D70529A702D19D.1" = Zinio Reader 4

========== HKEY_USERS Uninstall List ==========

[HKEY_USERS\S-1-5-21-377038991-3734808654-2868031893-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"GoToMeeting" = GoToMeeting 4.5.0.457

========== Last 10 Event Log Errors ==========

[ Application Events ]
Error - 2/1/2012 1:30:45 AM | Computer Name = MELB-W10 | Source = SideBySide | ID = 16842785
Description = Activation context generation failed for "c:\program files\Kobo\drivers\dpinst64.exe".
Dependent
Assembly Microsoft.Windows.Common-Controls,language="*",processorArchitecture="amd64",publicKeyToken="6595b64144ccf1df",type="win32",version="6.0.0.0"
could not be found. Please use sxstrace.exe for detailed diagnosis.

Error - 2/1/2012 9:15:08 AM | Computer Name = MELB-W10 | Source = WinMgmt | ID = 10
Description =

Error - 2/2/2012 1:30:41 AM | Computer Name = MELB-W10 | Source = SideBySide | ID = 16842785
Description = Activation context generation failed for "c:\program files\Kobo\drivers\dpinst64.exe".
Dependent
Assembly Microsoft.Windows.Common-Controls,language="*",processorArchitecture="amd64",publicKeyToken="6595b64144ccf1df",type="win32",version="6.0.0.0"
could not be found. Please use sxstrace.exe for detailed diagnosis.

Error - 2/3/2012 1:30:37 AM | Computer Name = MELB-W10 | Source = SideBySide | ID = 16842785
Description = Activation context generation failed for "c:\program files\Kobo\drivers\dpinst64.exe".
Dependent
Assembly Microsoft.Windows.Common-Controls,language="*",processorArchitecture="amd64",publicKeyToken="6595b64144ccf1df",type="win32",version="6.0.0.0"
could not be found. Please use sxstrace.exe for detailed diagnosis.

Error - 2/3/2012 10:26:14 AM | Computer Name = MELB-W10 | Source = Application Hang | ID = 1002
Description = The program ClosersChoice.exe version 5.0.0.511 stopped interacting
with Windows and was closed. To see if more information about the problem is available,
check the problem history in the Action Center control panel. Process ID: db8 Start
Time: 01cce2774552188c Termination Time: 30 Application Path: C:\Program Files\Closers'
Choice\ClosersChoice.exe Report Id: f61270ed-4e72-11e1-a0cf-e0699532c7a6

Error - 2/4/2012 1:30:42 AM | Computer Name = MELB-W10 | Source = SideBySide | ID = 16842785
Description = Activation context generation failed for "c:\program files\Kobo\drivers\dpinst64.exe".
Dependent
Assembly Microsoft.Windows.Common-Controls,language="*",processorArchitecture="amd64",publicKeyToken="6595b64144ccf1df",type="win32",version="6.0.0.0"
could not be found. Please use sxstrace.exe for detailed diagnosis.

Error - 2/8/2012 5:31:37 PM | Computer Name = MELB-W10 | Source = Application Error | ID = 1000
Description = Faulting application name: iexplore.exe, version: 8.0.7601.17514,
time stamp: 0x4ce79912 Faulting module name: mshtml.dll, version: 8.0.7601.17514,
time stamp: 0x4ce7b8f3 Exception code: 0xc0000005 Fault offset: 0x000d68d2 Faulting
process id: 0x133c Faulting application start time: 0x01cce6a890c280b0 Faulting application
path: C:\Program Files\Internet Explorer\iexplore.exe Faulting module path: C:\Windows\System32\mshtml.dll
Report
Id: 473263b0-529c-11e1-a0cf-e0699532c7a6

Error - 2/10/2012 1:30:45 AM | Computer Name = MELB-W10 | Source = SideBySide | ID = 16842785
Description = Activation context generation failed for "c:\program files\Kobo\drivers\dpinst64.exe".
Dependent
Assembly Microsoft.Windows.Common-Controls,language="*",processorArchitecture="amd64",publicKeyToken="6595b64144ccf1df",type="win32",version="6.0.0.0"
could not be found. Please use sxstrace.exe for detailed diagnosis.

Error - 2/15/2012 1:30:52 AM | Computer Name = MELB-W10 | Source = SideBySide | ID = 16842785
Description = Activation context generation failed for "c:\program files\Kobo\drivers\dpinst64.exe".
Dependent
Assembly Microsoft.Windows.Common-Controls,language="*",processorArchitecture="amd64",publicKeyToken="6595b64144ccf1df",type="win32",version="6.0.0.0"
could not be found. Please use sxstrace.exe for detailed diagnosis.

Error - 2/16/2012 1:00:02 AM | Computer Name = MELB-W10 | Source = VSS | ID = 8193
Description =

[ Hewlett-Packard Events ]
Error - 7/21/2011 4:18:58 PM | Computer Name = MELB-W10 | Source = Hewlett-Packard | ID = 0
Description = AAProcessExited() C:\ProgramData\Hewlett-Packard\HP Support Framework\Telemetry\071121041853.xml
File not created by asset agent

Error - 12/1/2011 5:03:59 PM | Computer Name = MELB-W10 | Source = Hewlett-Packard | ID = 0
Description = AAProcessExited() C:\ProgramData\Hewlett-Packard\HP Support Framework\Telemetry\121101040355.xml
File not created by asset agent

Error - 12/8/2011 5:52:03 PM | Computer Name = MELB-W10 | Source = Hewlett-Packard | ID = 0
Description = AAProcessExited() C:\ProgramData\Hewlett-Packard\HP Support Framework\Telemetry\121108045159.xml
File not created by asset agent

Error - 1/5/2012 5:23:15 PM | Computer Name = MELB-W10 | Source = Hewlett-Packard | ID = 0
Description = AAProcessExited() C:\ProgramData\Hewlett-Packard\HP Support Framework\Telemetry\011205042312.xml
File not created by asset agent

Error - 1/26/2012 5:21:30 PM | Computer Name = MELB-W10 | Source = Hewlett-Packard | ID = 0
Description = AAProcessExited() C:\ProgramData\Hewlett-Packard\HP Support Framework\Telemetry\011226042127.xml
File not created by asset agent

[ System Events ]
Error - 3/21/2012 11:40:22 PM | Computer Name = MELB-W10 | Source = Service Control Manager | ID = 7001
Description = The Computer Browser service depends on the Server service which failed
to start because of the following error: %%1068

Error - 3/21/2012 11:40:22 PM | Computer Name = MELB-W10 | Source = Service Control Manager | ID = 7001
Description = The Computer Browser service depends on the Server service which failed
to start because of the following error: %%1068

Error - 3/21/2012 11:40:22 PM | Computer Name = MELB-W10 | Source = Service Control Manager | ID = 7001
Description = The Computer Browser service depends on the Server service which failed
to start because of the following error: %%1068

Error - 3/22/2012 4:00:52 PM | Computer Name = MELB-W10 | Source = Microsoft Antimalware | ID = 3002
Description = %%860 Real-Time Protection feature has encountered an error and failed.

Feature:
%%835 Error Code: 0x80004005 Error description: Unspecified error Reason: %%842

Error - 3/22/2012 4:06:41 PM | Computer Name = MELB-W10 | Source = Service Control Manager | ID = 7030
Description = The PEVSystemStart service is marked as an interactive service. However,
the system is configured to not allow interactive services. This service may not
function properly.

Error - 3/22/2012 4:44:24 PM | Computer Name = MELB-W10 | Source = Service Control Manager | ID = 7009
Description = A timeout was reached (30000 milliseconds) while waiting for the HP
Health Check Service service to connect.

Error - 3/22/2012 4:44:24 PM | Computer Name = MELB-W10 | Source = Service Control Manager | ID = 7000
Description = The HP Health Check Service service failed to start due to the following
error: %%1053

Error - 3/22/2012 4:44:24 PM | Computer Name = MELB-W10 | Source = Service Control Manager | ID = 7030
Description = The PEVSystemStart service is marked as an interactive service. However,
the system is configured to not allow interactive services. This service may not
function properly.

Error - 3/22/2012 4:50:06 PM | Computer Name = MELB-W10 | Source = Service Control Manager | ID = 7030
Description = The PEVSystemStart service is marked as an interactive service. However,
the system is configured to not allow interactive services. This service may not
function properly.

Error - 3/22/2012 4:58:06 PM | Computer Name = MELB-W10 | Source = Service Control Manager | ID = 7030
Description = The PEVSystemStart service is marked as an interactive service. However,
the system is configured to not allow interactive services. This service may not
function properly.


< End of report >

 

[TechFee]

OTL

OTL logfile created on: 3/26/2012 6:40:31 PM - Run 1
OTL by OldTimer - Version 3.2.39.2 Folder = C:\Users\kmanney\Desktop
Professional Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

1.75 Gb Total Physical Memory | 1.12 Gb Available Physical Memory | 64.29% Memory free
3.50 Gb Paging File | 2.78 Gb Available in Paging File | 79.35% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 223.51 Gb Total Space | 198.52 Gb Free Space | 88.82% Space Free | Partition Type: NTFS
Drive D: | 9.27 Gb Total Space | 1.13 Gb Free Space | 12.15% Space Free | Partition Type: NTFS
Drive Z: | 223.51 Gb Total Space | 193.83 Gb Free Space | 86.72% Space Free | Partition Type: NTFS

Computer Name: MELB-W10 | User Name: kmanney | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2012/03/26 18:37:38 | 000,593,920 | ---- | M] (OldTimer Tools) -- C:\Users\kmanney\Desktop\OTL.exe
PRC - [2012/03/22 15:52:14 | 000,609,144 | ---- | M] (Citrix Online, a division of Citrix Systems, Inc.) -- C:\Program Files\Citrix\GoToAssist Express Customer\383\g2ax_user_high_customer.exe
PRC - [2012/03/22 15:52:14 | 000,609,144 | ---- | M] (Citrix Online, a division of Citrix Systems, Inc.) -- C:\Program Files\Citrix\GoToAssist Express Customer\383\g2ax_user_customer.exe
PRC - [2012/03/22 15:52:14 | 000,609,144 | ---- | M] (Citrix Online, a division of Citrix Systems, Inc.) -- C:\Program Files\Citrix\GoToAssist Express Customer\383\g2ax_system_customer.exe
PRC - [2012/03/22 15:52:14 | 000,609,144 | ---- | M] (Citrix Online, a division of Citrix Systems, Inc.) -- C:\Program Files\Citrix\GoToAssist Express Customer\383\g2ax_service.exe
PRC - [2012/03/22 15:52:14 | 000,609,144 | ---- | M] (Citrix Online, a division of Citrix Systems, Inc.) -- C:\Program Files\Citrix\GoToAssist Express Customer\383\g2ax_host.exe
PRC - [2012/03/22 15:52:14 | 000,609,144 | ---- | M] (Citrix Online, a division of Citrix Systems, Inc.) -- C:\Program Files\Citrix\GoToAssist Express Customer\383\g2ax_comm_customer.exe
PRC - [2012/01/13 14:53:18 | 000,652,360 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe
PRC - [2012/01/03 09:10:42 | 000,063,928 | ---- | M] (Adobe Systems Incorporated) -- C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe
PRC - [2011/04/27 15:39:26 | 000,011,736 | ---- | M] (Microsoft Corporation) -- c:\Program Files\Microsoft Security Client\Antimalware\MsMpEng.exe
PRC - [2011/01/25 20:40:22 | 000,092,216 | ---- | M] (Hewlett-Packard Company) -- C:\Program Files\Hewlett-Packard\Shared\HPDrvMntSvc.exe
PRC - [2010/11/20 17:29:20 | 002,616,320 | ---- | M] (Microsoft Corporation) -- C:\Windows\explorer.exe
PRC - [2010/11/20 17:29:19 | 000,049,152 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\taskhost.exe
PRC - [2010/10/11 05:48:00 | 000,246,840 | ---- | M] (Hewlett-Packard Company) -- C:\Program Files\Hewlett-Packard\HP Client Services\HPClientServices.exe
PRC - [2010/09/28 11:09:28 | 001,119,768 | ---- | M] (PDF Complete Inc) -- C:\Program Files\PDF Complete\pdfsvc.exe
PRC - [2010/03/04 20:23:48 | 000,370,792 | ---- | M] () -- C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin32\nSvcAppFlt.exe
PRC - [2010/03/04 20:23:48 | 000,167,528 | ---- | M] () -- C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin32\nSvcIp.exe
PRC - [2009/02/27 22:13:04 | 000,053,248 | ---- | M] () -- C:\Program Files\Hewlett-Packard\HP MAINSTREAM KEYBOARD\ModLEDKey.exe


========== Modules (No Company Name) ==========

MOD - [2009/02/27 22:13:04 | 000,053,248 | ---- | M] () -- C:\Program Files\Hewlett-Packard\HP MAINSTREAM KEYBOARD\ModLEDKey.exe


========== Win32 Services (SafeList) ==========

SRV - [2012/03/22 15:52:14 | 000,609,144 | ---- | M] (Citrix Online, a division of Citrix Systems, Inc.) [Auto | Running] -- C:\Program Files\Citrix\GoToAssist Express Customer\383\g2ax_service.exe -- (GoToAssist Express Customer)
SRV - [2012/01/13 14:53:18 | 000,652,360 | ---- | M] (Malwarebytes Corporation) [Auto | Running] -- C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe -- (MBAMService)
SRV - [2012/01/03 09:10:42 | 000,063,928 | ---- | M] (Adobe Systems Incorporated) [Auto | Running] -- C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe -- (AdobeARMservice)
SRV - [2011/04/27 15:39:26 | 000,208,944 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- c:\Program Files\Microsoft Security Client\Antimalware\NisSrv.exe -- (NisSrv)
SRV - [2011/04/27 15:39:26 | 000,011,736 | ---- | M] (Microsoft Corporation) [Auto | Running] -- c:\Program Files\Microsoft Security Client\Antimalware\MsMpEng.exe -- (MsMpSvc)
SRV - [2011/02/22 21:57:02 | 000,056,040 | ---- | M] (Xobni Corporation) [Auto | Stopped] -- C:\Program Files\Xobni\XobniService.exe -- (XobniService)
SRV - [2011/01/25 20:40:22 | 000,092,216 | ---- | M] (Hewlett-Packard Company) [Auto | Running] -- C:\Program Files\Hewlett-Packard\Shared\HPDrvMntSvc.exe -- (HPDrvMntSvc.exe)
SRV - [2010/10/12 13:59:12 | 000,206,072 | ---- | M] (WildTangent, Inc.) [On_Demand | Stopped] -- C:\Program Files\WildTangent Games\App\GamesAppService.exe -- (GamesAppService)
SRV - [2010/10/11 05:48:00 | 000,246,840 | ---- | M] (Hewlett-Packard Company) [Auto | Running] -- C:\Program Files\Hewlett-Packard\HP Client Services\HPClientServices.exe -- (HPClientSvc)
SRV - [2010/09/28 11:09:28 | 001,119,768 | ---- | M] (PDF Complete Inc) [Auto | Running] -- C:\Program Files\PDF Complete\pdfsvc.exe -- (pdfcDispatcher)
SRV - [2010/03/04 20:23:48 | 000,370,792 | ---- | M] () [Auto | Running] -- C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin32\nSvcAppFlt.exe -- (ForceWare Intelligent Application Manager (IAM)) ForceWare Intelligent Application Manager (IAM)
SRV - [2010/03/04 20:23:48 | 000,167,528 | ---- | M] () [Auto | Running] -- C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin32\nSvcIp.exe -- (nSvcIp)
SRV - [2009/07/13 21:16:15 | 000,016,384 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\StorSvc.dll -- (StorSvc)
SRV - [2009/07/13 21:16:13 | 000,025,088 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\sensrsvc.dll -- (SensrSvc)
SRV - [2009/07/13 21:16:12 | 001,004,544 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\PeerDistSvc.dll -- (PeerDistSvc)
SRV - [2009/07/13 21:15:41 | 000,680,960 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)


========== Driver Services (SafeList) ==========

DRV - File not found [Kernel | On_Demand | Unknown] -- C:\Users\kmanney\AppData\Local\Temp\mbr.sys -- (mbr)
DRV - File not found [Kernel | On_Demand | Running] -- C:\Users\kmanney\AppData\Local\Temp\catchme.sys -- (catchme)
DRV - [2011/12/10 15:24:06 | 000,020,464 | ---- | M] (Malwarebytes Corporation) [File_System | On_Demand | Running] -- C:\Windows\System32\drivers\mbam.sys -- (MBAMProtector)
DRV - [2011/05/19 03:53:21 | 000,295,128 | ---- | M] (Microsoft Corporation) [Kernel | System | Running] -- C:\Windows\System32\drivers\vpcvmm.sys -- (vpcvmm)
DRV - [2011/05/19 03:52:38 | 000,165,376 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\vpchbus.sys -- (vpcbus)
DRV - [2011/05/19 03:52:38 | 000,078,336 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\vpcusb.sys -- (vpcusb)
DRV - [2011/05/19 03:52:38 | 000,055,040 | ---- | M] (Microsoft Corporation) [Kernel | System | Running] -- C:\Windows\System32\drivers\vpcnfltr.sys -- (vpcnfltr)
DRV - [2011/04/27 15:25:24 | 000,065,024 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\NisDrvWFP.sys -- (NisDrv)
DRV - [2011/04/18 13:18:50 | 000,043,392 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\MpNWMon.sys -- (MpNWMon)
DRV - [2010/11/20 17:29:24 | 000,052,224 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\TsUsbFlt.sys -- (TsUsbFlt)
DRV - [2010/11/20 17:29:03 | 000,175,360 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\vmbus.sys -- (vmbus)
DRV - [2010/11/20 17:29:03 | 000,062,464 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\dmvsc.sys -- (dmvsc)
DRV - [2010/11/20 17:29:03 | 000,040,704 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\System32\drivers\vmstorfl.sys -- (storflt)
DRV - [2010/11/20 17:29:03 | 000,028,032 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\storvsc.sys -- (storvsc)
DRV - [2010/11/20 17:29:03 | 000,027,264 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\TsUsbGD.sys -- (TsUsbGD)
DRV - [2010/11/20 17:29:03 | 000,017,920 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\VMBusHID.sys -- (VMBusHID)
DRV - [2010/11/20 17:29:03 | 000,005,632 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\vms3cap.sys -- (s3cap)
DRV - [2010/03/31 13:38:26 | 011,621,032 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\nvlddmkm.sys -- (nvlddmkm)
DRV - [2010/03/04 07:26:56 | 000,296,936 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\nvmf6232.sys -- (NVNET)
DRV - [2009/09/16 03:37:08 | 000,083,888 | ---- | M] (OEM) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\OxSer.sys -- (OxSer)
DRV - [2009/08/04 20:43:40 | 000,213,024 | ---- | M] (NVIDIA Corporation) [Kernel | Boot | Running] -- C:\Windows\System32\drivers\nvstor32.sys -- (nvstor32)
DRV - [2008/07/31 07:13:18 | 000,082,048 | ---- | M] (OEM) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\OxPPort.sys -- (OxPPort)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL = [Binary data over 100 bytes]
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Secondary Start Pages = [Binary data over 100 bytes]
IE - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&FORM=IE8SRC


IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0



IE - HKU\S-1-5-21-377038991-3734808654-2868031893-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.com/
IE - HKU\S-1-5-21-377038991-3734808654-2868031893-1000\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKU\S-1-5-21-377038991-3734808654-2868031893-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

========== FireFox ==========

FF - user.js - File not found

FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files\Java\jre6\bin\plugin2\npjp2.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\4.0.50401.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpWinExt,version=5.0: C:\Program Files\MSN Toolbar\Platform\6.0.2282.0\npwinext.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0: C:\PROGRA~1\MICROS~2\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/SharePoint,version=14.0: C:\PROGRA~1\MICROS~2\Office14\NPSPWRAP.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@WildTangent.com/GamesAppPresenceDetector,Version=1.0: C:\Program Files\WildTangent Games\App\BrowserIntegration\Registered\0\NP_wtapp.dll ()
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)

FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\msntoolbar@msn.com: C:\Program Files\MSN Toolbar\Platform\6.0.2282.0\Firefox [2011/05/19 04:24:15 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{27182e60-b5f3-411c-b545-b44205977502}: C:\Program Files\Microsoft\Search Enhancement Pack\Search Helper\firefoxextension\SearchHelperExtension\ [2011/05/19 04:24:18 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{3252b9ae-c69a-4eaf-9502-dc9c1f6c009e}: C:\Program Files\Microsoft\Search Enhancement Pack\Default Manager\DMExtension\ [2011/05/19 04:24:23 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 8.0.1\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2012/03/26 10:52:32 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 8.0.1\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins

[2012/03/26 10:52:44 | 000,000,000 | ---D | M] (No name found) -- C:\Users\kmanney\AppData\Roaming\Mozilla\Extensions
[2012/03/26 10:52:47 | 000,000,000 | ---D | M] (No name found) -- C:\Users\kmanney\AppData\Roaming\Mozilla\Firefox\Profiles\x9hb7ubf.default\extensions
[2012/03/26 10:52:47 | 000,000,000 | ---D | M] (Yahoo! Toolbar) -- C:\Users\kmanney\AppData\Roaming\Mozilla\Firefox\Profiles\x9hb7ubf.default\extensions\{635abd67-4fe9-1b23-4f01-e679fa7484c1}
[2012/03/26 10:52:30 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions
[2012/03/26 10:52:30 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\distribution\extensions
[2012/03/26 10:52:31 | 000,000,000 | ---D | M] (Yahoo! Toolbar) -- C:\Program Files\Mozilla Firefox\distribution\extensions\{635abd67-4fe9-1b23-4f01-e679fa7484c1}
[2011/11/21 00:04:51 | 000,134,104 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\browsercomps.dll
[2011/11/20 21:04:05 | 000,002,252 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\bing.xml
[2011/11/20 21:04:05 | 000,002,040 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\twitter.xml

O1 HOSTS File: ([2012/03/22 16:58:00 | 000,000,027 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O2 - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll (Sun Microsystems, Inc.)
O2 - BHO: (Office Document Cache Handler) - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation)
O3 - HKU\S-1-5-21-377038991-3734808654-2868031893-1000\..\Toolbar\WebBrowser: (no name) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - No CLSID value found.
O3 - HKU\S-1-5-21-377038991-3734808654-2868031893-1000\..\Toolbar\WebBrowser: (no name) - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - No CLSID value found.
O4 - HKLM..\Run: [BATINDICATOR] C:\Program Files\Hewlett-Packard\HP MAINSTREAM KEYBOARD\BATINDICATOR.exe (Hewlett-Packard)
O4 - HKLM..\Run: [HP KEYBOARDx] C:\Program Files\Hewlett-Packard\HP Desktop Keyboard\HPKEYBOARDx.EXE (Hewlett-Packard)
O4 - HKLM..\Run: [HP Remote Solution] C:\Program Files\Hewlett-Packard\HP Remote Solution\HP_Remote_Solution.exe (Hewlett-Packard)
O4 - HKLM..\Run: [hpsysdrv] c:\Program Files\Hewlett-Packard\HP Odometer\hpsysdrv.exe (Hewlett-Packard)
O4 - HKLM..\Run: [LaunchHPOSIAPP] C:\Program Files\Hewlett-Packard\HP MAINSTREAM KEYBOARD\LaunchApp.exe (Hewlett-Packard)
O4 - HKLM..\Run: [Malwarebytes' Anti-Malware] C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe (Malwarebytes Corporation)
O4 - HKLM..\Run: [MSC] c:\Program Files\Microsoft Security Client\msseces.exe (Microsoft Corporation)
O4 - HKLM..\Run: [PDF Complete] C:\Program Files\PDF Complete\pdfsty.exe (PDF Complete Inc)
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: PromptOnSecureDesktop = 0
O7 - HKU\.DEFAULT\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-18\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-19\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-20\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-21-377038991-3734808654-2868031893-1000\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-21-377038991-3734808654-2868031893-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O9 - Extra Button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office\Office14\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : Se&nd to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office\Office14\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra Button: OneNote Lin&ked Notes - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files\Microsoft Office\Office14\ONBttnIELinkedNotes.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : OneNote Lin&ked Notes - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files\Microsoft Office\Office14\ONBttnIELinkedNotes.dll (Microsoft Corporation)
O15 - HKU\S-1-5-21-377038991-3734808654-2868031893-1000\..Trusted Domains: condocerts.com ([www] https in Trusted sites)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab (Java Plug-in 1.6.0_31)
O16 - DPF: {CAFEEFAC-0016-0000-0031-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab (Java Plug-in 1.6.0_31)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab (Java Plug-in 1.6.0_31)
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab (Reg Error: Key error.)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.254
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{50E7F8E2-F889-426E-B7F1-F582D346E46F}: DhcpNameServer = 192.168.1.254
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\System32\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\System32\SystemPropertiesPerformance.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (/pagefile) - File not found
O20 - Winlogon\Notify\GoToAssist Express Customer: DllName - (C:\Program Files\Citrix\GoToAssist Express Customer\383\g2ax_winlogon.dll) - C:\Program Files\Citrix\GoToAssist Express Customer\383\g2ax_winlogon.dll (Citrix Online, a division of Citrix Systems, Inc.)
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2009/06/10 17:42:20 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = ComFile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

NetSvcs: FastUserSwitchingCompatibility - File not found
NetSvcs: Ias - C:\Windows\System32\ias.dll (Microsoft Corporation)
NetSvcs: Nla - File not found
NetSvcs: Ntmssvc - File not found
NetSvcs: NWCWorkstation - File not found
NetSvcs: Nwsapagent - File not found
NetSvcs: SRService - File not found
NetSvcs: WmdmPmSp - File not found
NetSvcs: LogonHours - File not found
NetSvcs: PCAudit - File not found
NetSvcs: helpsvc - File not found
NetSvcs: uploadmgr - File not found

Drivers32: msacm.l3acm - C:\Windows\System32\l3codeca.acm (Fraunhofer Institut Integrierte Schaltungen IIS)
Drivers32: vidc.cvid - C:\Windows\System32\iccvid.dll (Radius Inc.)

CREATERESTOREPOINT
Restore point Set: OTL Restore Point

========== Files/Folders - Created Within 30 Days ==========

[2012/03/26 18:39:01 | 000,593,920 | ---- | C] (OldTimer Tools) -- C:\Users\kmanney\Desktop\OTL.exe
[2012/03/26 10:52:38 | 000,000,000 | ---D | C] -- C:\Users\kmanney\AppData\Roaming\Mozilla
[2012/03/26 10:52:38 | 000,000,000 | ---D | C] -- C:\Users\kmanney\AppData\Local\Mozilla
[2012/03/26 10:52:28 | 000,000,000 | ---D | C] -- C:\Program Files\Mozilla Firefox
[2012/03/26 09:51:22 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Java
[2012/03/22 17:03:14 | 000,000,000 | -HSD | C] -- C:\$RECYCLE.BIN
[2012/03/22 17:03:11 | 000,000,000 | ---D | C] -- C:\Users\kmanney\AppData\Local\temp
[2012/03/22 16:05:32 | 000,000,000 | ---D | C] -- C:\ComboFix
[2012/03/22 15:52:27 | 000,000,000 | ---D | C] -- C:\Users\kmanney\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Citrix
[2012/03/21 23:42:48 | 000,000,000 | ---D | C] -- C:\TDSSKiller_Quarantine
[2012/03/21 20:53:08 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft Security Client
[2012/03/21 16:48:58 | 000,518,144 | ---- | C] (SteelWerX) -- C:\Windows\SWREG.exe
[2012/03/21 16:48:58 | 000,406,528 | ---- | C] (SteelWerX) -- C:\Windows\SWSC.exe
[2012/03/21 16:48:58 | 000,060,416 | ---- | C] (NirSoft) -- C:\Windows\NIRCMD.exe
[2012/03/21 13:08:43 | 000,000,000 | ---D | C] -- C:\Symantec Endpoint Protection 11.0.3
[2012/03/20 16:16:41 | 000,000,000 | ---D | C] -- C:\Program Files\GridinSoft Trojan Killer
[2012/03/20 16:16:19 | 024,398,592 | ---- | C] (GridinSoft LLC) -- C:\gtk2119-setup.exe
[2012/03/19 19:14:45 | 000,000,000 | ---D | C] -- C:\Program Files\MSXML 4.0
[2012/03/19 19:02:07 | 000,000,000 | ---D | C] -- C:\RBin
[2012/03/19 09:45:51 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware
[2012/03/19 09:45:46 | 000,020,464 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbam.sys
[2012/03/05 19:28:01 | 000,000,000 | ---D | C] -- C:\Virus removers
[2012/03/05 19:14:50 | 000,000,000 | ---D | C] -- C:\Windows\ERDNT
[2012/03/05 19:11:18 | 000,000,000 | ---D | C] -- C:\Qoobox
[2012/03/02 14:17:50 | 000,000,000 | ---D | C] -- C:\Windows\Minidump
[2012/03/02 13:59:57 | 000,000,000 | ---D | C] -- C:\Users\kmanney\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\CCleaner
[2012/03/02 13:59:56 | 000,000,000 | ---D | C] -- C:\Program Files\CCleaner
[1 C:\Windows\System32\*.tmp files -> C:\Windows\System32\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2012/03/26 18:37:38 | 000,593,920 | ---- | M] (OldTimer Tools) -- C:\Users\kmanney\Desktop\OTL.exe
[2012/03/26 10:52:33 | 000,001,098 | ---- | M] () -- C:\Users\Public\Desktop\Mozilla Firefox.lnk
[2012/03/23 11:06:16 | 000,027,344 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2012/03/23 11:06:16 | 000,027,344 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2012/03/22 16:58:00 | 000,000,027 | ---- | M] () -- C:\Windows\System32\drivers\etc\hosts
[2012/03/22 16:41:23 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2012/03/22 16:41:19 | 1408,737,280 | -HS- | M] () -- C:\hiberfil.sys
[2012/03/22 15:52:27 | 000,001,441 | ---- | M] () -- C:\Users\kmanney\Desktop\GoToManage Customer.lnk
[2012/03/21 20:54:04 | 000,001,945 | ---- | M] () -- C:\Windows\epplauncher.mif
[2012/03/21 20:53:20 | 000,666,176 | ---- | M] () -- C:\Windows\System32\perfh009.dat
[2012/03/21 20:53:20 | 000,122,934 | ---- | M] () -- C:\Windows\System32\perfc009.dat
[2012/03/20 22:06:19 | 000,284,272 | ---- | M] () -- C:\Users\kmanney\Desktop\error.jpg
[2012/03/20 16:16:35 | 024,398,592 | ---- | M] (GridinSoft LLC) -- C:\gtk2119-setup.exe
[2012/03/20 13:59:20 | 000,000,691 | ---- | M] () -- C:\Users\kmanney\AppData\Roaming\GetValue.vbs
[2012/03/20 13:59:20 | 000,000,035 | ---- | M] () -- C:\Users\kmanney\AppData\Roaming\SetValue.bat
[2012/03/19 17:30:47 | 028,172,738 | ---- | M] () -- C:\31912 530.reg
[2012/03/19 12:18:41 | 000,000,186 | ---- | M] () -- C:\new.reg
[2012/03/19 09:48:16 | 000,001,069 | ---- | M] () -- C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
[2012/03/16 13:56:20 | 000,000,067 | ---- | M] () -- C:\Windows\iltwain.ini
[2012/03/15 18:48:16 | 000,000,300 | ---- | M] () -- C:\Users\kmanney\Desktop\Community Management Professionals Selling & Refinancing.url
[2012/03/15 18:47:44 | 000,000,361 | ---- | M] () -- C:\Users\kmanney\Desktop\Office DEPOT.url
[2012/03/15 18:46:35 | 000,000,240 | ---- | M] () -- C:\Users\kmanney\Desktop\community docs HOA.url
[2012/03/15 18:46:26 | 000,000,264 | ---- | M] () -- C:\Users\kmanney\Desktop\KW Property Management & Consulting.url
[2012/03/15 18:46:07 | 000,000,231 | ---- | M] () -- C:\Users\kmanney\Desktop\AssociationDoc.com (2).url
[2012/03/15 18:45:57 | 000,000,287 | ---- | M] () -- C:\Users\kmanney\Desktop\Welcome to CondoCerts.url
[2012/03/15 18:45:45 | 000,000,537 | ---- | M] () -- C:\Users\kmanney\Desktop\WelcomeLink - The Continental Group, Inc - Welcome.url
[2012/03/15 18:42:21 | 000,000,220 | ---- | M] () -- C:\Users\kmanney\Desktop\www.sunbiz.org - Home.url
[2012/03/06 09:00:54 | 000,000,227 | ---- | M] () -- C:\Users\kmanney\Desktop\Wells Fargo - Personal & Business Banking - Student, Auto & Home Loans - Investing & Insurance.url
[2012/03/05 18:31:40 | 000,126,394 | ---- | M] () -- C:\cc_20120305_173129.reg
[2012/03/02 16:49:21 | 000,001,409 | ---- | M] () -- C:\Users\kmanney\Application Data\Microsoft\Internet Explorer\Quick Launch\Launch Internet Explorer Browser.lnk
[2012/03/02 15:17:12 | 000,072,822 | ---- | M] () -- C:\Windows\System32\ieuinit.inf
[1 C:\Windows\System32\*.tmp files -> C:\Windows\System32\*.tmp -> ]

========== Files Created - No Company Name ==========

[2012/03/26 10:52:33 | 000,001,098 | ---- | C] () -- C:\Users\Public\Desktop\Mozilla Firefox.lnk
[2012/03/21 20:54:04 | 000,001,945 | ---- | C] () -- C:\Windows\epplauncher.mif
[2012/03/21 20:53:11 | 000,001,899 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Security Essentials.lnk
[2012/03/21 16:48:58 | 000,256,000 | ---- | C] () -- C:\Windows\PEV.exe
[2012/03/21 16:48:58 | 000,208,896 | ---- | C] () -- C:\Windows\MBR.exe
[2012/03/21 16:48:58 | 000,098,816 | ---- | C] () -- C:\Windows\sed.exe
[2012/03/21 16:48:58 | 000,080,412 | ---- | C] () -- C:\Windows\grep.exe
[2012/03/21 16:48:58 | 000,068,096 | ---- | C] () -- C:\Windows\zip.exe
[2012/03/20 22:06:19 | 000,284,272 | ---- | C] () -- C:\Users\kmanney\Desktop\error.jpg
[2012/03/20 13:45:58 | 000,000,691 | ---- | C] () -- C:\Users\kmanney\AppData\Roaming\GetValue.vbs
[2012/03/20 13:45:58 | 000,000,035 | ---- | C] () -- C:\Users\kmanney\AppData\Roaming\SetValue.bat
[2012/03/20 13:24:34 | 001,477,498 | ---- | C] () -- C:\Users\kmanney\Documents\SmitfraudFix.exe
[2012/03/19 17:30:38 | 028,172,738 | ---- | C] () -- C:\31912 530.reg
[2012/03/19 12:18:41 | 000,000,186 | ---- | C] () -- C:\new.reg
[2012/03/19 09:48:16 | 000,001,069 | ---- | C] () -- C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
[2012/03/06 09:00:54 | 000,000,227 | ---- | C] () -- C:\Users\kmanney\Desktop\Wells Fargo - Personal & Business Banking - Student, Auto & Home Loans - Investing & Insurance.url
[2012/03/05 18:31:38 | 000,126,394 | ---- | C] () -- C:\cc_20120305_173129.reg
[2012/03/02 16:49:21 | 000,001,415 | ---- | C] () -- C:\Users\kmanney\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk
[2012/03/02 15:17:12 | 000,072,822 | ---- | C] () -- C:\Windows\System32\ieuinit.inf
[2012/01/02 12:48:51 | 000,001,158 | -HS- | C] () -- C:\Users\kmanney\AppData\Local\euo68tj57ue8gtxmypjh118035d3bpg012r43rwbab8
[2012/01/02 12:48:51 | 000,001,158 | -HS- | C] () -- C:\ProgramData\euo68tj57ue8gtxmypjh118035d3bpg012r43rwbab8
[2011/07/13 15:49:35 | 000,000,067 | ---- | C] () -- C:\Windows\iltwain.ini
[2011/07/06 12:59:04 | 000,172,128 | ---- | C] () -- C:\Windows\_isusr32.dll
[2011/07/06 12:59:04 | 000,045,056 | ---- | C] () -- C:\Windows\System32\_isusr2k.dll
[2011/07/06 12:46:36 | 000,000,000 | ---- | C] () -- C:\Windows\HPMProp.INI
[2011/07/06 12:20:17 | 000,000,530 | ---- | C] () -- C:\Windows\System32\tx13_ic.ini
[2011/07/06 12:19:36 | 000,057,344 | ---- | C] () -- C:\Windows\System32\zlib.dll
[2011/05/19 03:59:02 | 000,010,084 | ---- | C] () -- C:\Windows\System32\drivers\nvphy.bin
[2011/03/04 00:04:58 | 000,007,736 | ---- | C] () -- C:\Windows\hpDSTRES.DLL
[2010/11/20 17:29:26 | 000,066,048 | ---- | C] () -- C:\Windows\System32\PrintBrmUi.exe
[2010/04/16 18:12:06 | 000,035,384 | ---- | C] () -- C:\Windows\System32\drivers\cqcpu.sys
[2010/04/16 18:12:06 | 000,035,384 | ---- | C] () -- C:\Windows\System32\drivers\cpqdfw.sys

========== LOP Check ==========

[2012/03/21 15:31:27 | 000,025,382 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT

========== Purity Check ==========



========== Custom Scans ==========

< %SYSTEMDRIVE%\*.* >
[2012/03/19 17:30:47 | 028,172,738 | ---- | M] () -- C:\31912 530.reg
[2009/06/10 17:42:20 | 000,000,024 | ---- | M] () -- C:\autoexec.bat
[2011/02/10 17:16:45 | 000,008,192 | RHS- | M] () -- C:\BOOTSECT.BAK
[2012/03/05 18:31:40 | 000,126,394 | ---- | M] () -- C:\cc_20120305_173129.reg
[2012/03/22 17:03:05 | 000,009,395 | ---- | M] () -- C:\ComboFix.txt
[2009/06/10 17:42:20 | 000,000,010 | ---- | M] () -- C:\config.sys
[2012/03/20 16:16:35 | 024,398,592 | ---- | M] (GridinSoft LLC) -- C:\gtk2119-setup.exe
[2012/03/22 16:41:19 | 1408,737,280 | -HS- | M] () -- C:\hiberfil.sys
[2011/07/06 12:57:01 | 015,801,490 | ---- | M] () -- C:\MXMAR-PCL6-0902A-2KXPVISTA-WHQL_T1.zip
[2012/03/19 12:18:41 | 000,000,186 | ---- | M] () -- C:\new.reg
[2011/05/19 05:34:31 | 000,000,000 | RHS- | M] () -- C:\OS
[2012/03/22 16:41:21 | 1878,319,104 | -HS- | M] () -- C:\pagefile.sys
[2012/03/20 14:08:34 | 000,002,408 | ---- | M] () -- C:\rapport.txt
[2012/03/22 00:13:19 | 000,126,920 | ---- | M] () -- C:\TDSSKiller.2.7.22.0_22.03.2012_00.06.08_log.txt
[2011/07/06 12:29:54 | 015,547,960 | ---- | M] () -- C:\upd-PCL5-X32-5_2_6_9321.exe

< %systemroot%\Fonts\*.com >
[2009/07/14 00:52:25 | 000,026,040 | ---- | M] () -- C:\Windows\Fonts\GlobalMonospace.CompositeFont
[2009/07/14 00:52:25 | 000,026,489 | ---- | M] () -- C:\Windows\Fonts\GlobalSansSerif.CompositeFont
[2009/07/14 00:52:25 | 000,029,779 | ---- | M] () -- C:\Windows\Fonts\GlobalSerif.CompositeFont
[2009/07/14 00:52:25 | 000,043,318 | ---- | M] () -- C:\Windows\Fonts\GlobalUserInterface.CompositeFont

< %systemroot%\Fonts\*.dll >

< %systemroot%\Fonts\*.ini >
[2009/06/10 17:31:19 | 000,000,065 | ---- | M] () -- C:\Windows\Fonts\desktop.ini

< %systemroot%\Fonts\*.ini2 >

< %systemroot%\Fonts\*.exe >

< %systemroot%\system32\spool\prtprocs\w32x86\*.* >
[2011/02/09 12:24:32 | 000,314,880 | ---- | M] (Hewlett-Packard Corporation) -- C:\Windows\system32\spool\prtprocs\w32x86\hpcpp112.dll
[2005/06/22 13:15:38 | 000,066,048 | ---- | M] (Hewlett-Packard Corporation) -- C:\Windows\system32\spool\prtprocs\w32x86\hpzpp3zw.DLL
[2009/07/13 21:15:35 | 000,022,528 | ---- | M] (Microsoft Corporation) -- C:\Windows\system32\spool\prtprocs\w32x86\jnwppr.dll
[2010/11/20 17:29:21 | 000,030,208 | ---- | M] (Microsoft Corporation) -- C:\Windows\system32\spool\prtprocs\w32x86\winprint.dll

< %systemroot%\REPAIR\*.bak1 >

< %systemroot%\REPAIR\*.ini >

< %systemroot%\system32\*.jpg >

< %systemroot%\*.jpg >

< %systemroot%\*.png >

< %systemroot%\*.scr >

< %systemroot%\*._sy >

< %APPDATA%\Adobe\Update\*.* >

< %ALLUSERSPROFILE%\Favorites\*.* >

< %APPDATA%\Microsoft\*.* >

< %PROGRAMFILES%\*.* >
[2009/07/14 00:41:57 | 000,000,174 | -HS- | M] () -- C:\Program Files\desktop.ini

< %APPDATA%\Update\*.* >

< %systemroot%\*. /mp /s >

< %systemroot%\System32\config\*.sav >

< %PROGRAMFILES%\bak. /s >

< %systemroot%\system32\bak. /s >

< %ALLUSERSPROFILE%\Start Menu\*.lnk /x >

< %systemroot%\system32\config\systemprofile\*.dat /x >

< %systemroot%\*.config >

< %systemroot%\system32\*.db >

< %APPDATA%\Microsoft\Internet Explorer\Quick Launch\*.lnk /x >
[2012/03/02 16:49:21 | 000,000,221 | -HS- | M] () -- C:\Users\kmanney\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\desktop.ini

< %USERPROFILE%\Desktop\*.exe >
[2012/03/26 18:37:38 | 000,593,920 | ---- | M] (OldTimer Tools) -- C:\Users\kmanney\Desktop\OTL.exe

< %PROGRAMFILES%\Common Files\*.* >

< %systemroot%\*.src >

< %systemroot%\install\*.* >

< %systemroot%\system32\DLL\*.* >

< %systemroot%\system32\HelpFiles\*.* >

< %systemroot%\tasks\*.* >
[2012/03/22 16:41:26 | 000,000,006 | -H-- | M] () -- C:\Windows\tasks\SA.DAT
[2012/03/21 15:31:27 | 000,025,382 | ---- | M] () -- C:\Windows\tasks\SCHEDLGU.TXT

< %systemroot%\system32\rundll\*.* >

< %systemroot%\winn32\*.* >

< %systemroot%\Java\*.* >

< %systemroot%\system32\test\*.* >

< %systemroot%\system32\Rundll32\*.* >

< %systemroot%\AppPatch\Custom\*.* >

< %APPDATA%\Roaming\Microsoft\Windows\Recent\*.lnk /x >

< %PROGRAMFILES%\PC-Doctor\Downloads\*.* >

< %PROGRAMFILES%\Internet Explorer\*.tmp >

< %PROGRAMFILES%\Internet Explorer\*.dat >

< %USERPROFILE%\My Documents\*.exe >

< %USERPROFILE%\*.exe >

< %systemroot%\ADDINS\*.* >
[2009/06/10 17:20:04 | 000,000,802 | ---- | M] () -- C:\Windows\ADDINS\FXSEXT.ecf

< %systemroot%\assembly\*.bak2 >

< %systemroot%\Config\*.* >

< %systemroot%\REPAIR\*.bak2 >

< %systemroot%\SECURITY\Database\*.sdb /x >

< %systemroot%\SYSTEM\*.bak2 >

< %systemroot%\Web\*.bak2 >

< %systemroot%\Driver Cache\*.* >

< %PROGRAMFILES%\Mozilla Firefox\0*.exe >

< %ProgramFiles%\Microsoft Common\*.* >

< %ProgramFiles%\TinyProxy. >

< %USERPROFILE%\Favorites\*.url /x >
[2011/07/06 10:22:33 | 000,000,402 | -HS- | M] () -- C:\Users\kmanney\Favorites\desktop.ini
[2012/03/05 18:26:07 | 000,000,267 | ---- | M] () -- C:\Users\kmanney\Favorites\My Documents.lnk

< %systemroot%\system32\*.bk >

< %systemroot%\*.te >

< %systemroot%\system32\system32\*.* >

< %ALLUSERSPROFILE%\*.dat /x >
[2012/01/02 12:48:51 | 000,001,158 | -HS- | M] () -- C:\ProgramData\euo68tj57ue8gtxmypjh118035d3bpg012r43rwbab8

< %systemroot%\system32\drivers\*.rmv >

< dir /b "%systemroot%\system32\*.exe" | find /i " " /c >

< dir /b "%systemroot%\*.exe" | find /i " " /c >

< %PROGRAMFILES%\Microsoft\*.* >

< %systemroot%\System32\Wbem\proquota.exe >

< %PROGRAMFILES%\Mozilla Firefox\*.dat >

< %USERPROFILE%\Cookies\*.txt /x >

< %SystemRoot%\system32\fonts\*.* >

< %systemroot%\system32\winlog\*.* >

< %systemroot%\system32\Language\*.* >

< %systemroot%\system32\Settings\*.* >

< %systemroot%\system32\*.quo >

< %SYSTEMROOT%\AppPatch\*.exe >

< %SYSTEMROOT%\inf\*.exe >

< %SYSTEMROOT%\Installer\*.exe >

< %systemroot%\system32\config\*.bak2 >

< %systemroot%\system32\Computers\*.* >

< %SystemRoot%\system32\Sound\*.* >

< %SystemRoot%\system32\SpecialImg\*.* >

< %SystemRoot%\system32\code\*.* >

< %SystemRoot%\system32\draft\*.* >

< %SystemRoot%\system32\MSSSys\*.* >

< %ProgramFiles%\Javascript\*.* >

< %systemroot%\pchealth\helpctr\System\*.exe /s >

< %systemroot%\Web\*.exe >

< %systemroot%\system32\msn\*.* >

< %systemroot%\system32\*.tro >

< %AppData%\Microsoft\Installer\msupdates\*.* >

< %ProgramFiles%\Messenger\*.* >

< %systemroot%\system32\systhem32\*.* >

< %systemroot%\system\*.exe >

< HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate\AU >

< HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\ Auto Update\Results\Install|LastSuccessTime /rs >

< >

< End of report >

 

[Broni]

You didn't say:

How is computer doing?

=======================================================================

Run OTL

• Under the Custom Scans/Fixes box at the bottom, paste in the following
  
  

  :OTL
  O3 - HKU\S-1-5-21-377038991-3734808654-2868031893-1000\..\Toolbar\WebBrowser: (no name) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - No CLSID value found.
  O3 - HKU\S-1-5-21-377038991-3734808654-2868031893-1000\..\Toolbar\WebBrowser: (no name) - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - No CLSID value found.
  O15 - HKU\S-1-5-21-377038991-3734808654-2868031893-1000\..Trusted Domains: condocerts.com ([www] https in Trusted sites)
  O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab (Reg Error: Key error.)
  [2012/03/20 16:16:35 | 024,398,592 | ---- | M] (GridinSoft LLC) -- C:\gtk2119-setup.exe
  [2012/01/02 12:48:51 | 000,001,158 | -HS- | C] () -- C:\Users\kmanney\AppData\Local\euo68tj57ue8gtxmypjh118035d3bpg012r43rwbab8
  [2012/01/02 12:48:51 | 000,001,158 | -HS- | C] () -- C:\ProgramData\euo68tj57ue8gtxmypjh118035d3bpg012r43rwbab8
  
  :Commands
  [purity]
  [emptytemp]
  [emptyjava]
  [emptyflash]
  [Reboot]

• Then click the Run Fix button at the top
• Let the program run unhindered, reboot the PC when it is done
• You will get a log that shows the results of the fix. Please post it.

====================================================================

Last scans....

1. Download Security Check from HERE, and save it to your Desktop.

• Double-click SecurityCheck.exe
• Follow the onscreen instructions inside of the black box.
• A Notepad document should open automatically called checkup.txt; please post the contents of that document.
  
  NOTE SecurityCheck may produce some false warning(s), so leave the results reading to me.

2. Please download Farbar Service Scanner (FSS) and run it on the computer with the issue.

• Make sure the following options are checked:
  • Internet Services
  • Windows Firewall
  • System Restore
  • Security Center
  • Windows Update
  • Windows Defender
• Press "Scan".
• It will create a log (FSS.txt) in the same directory the tool is run.
• Please copy and paste the log to your reply.

3. Download Temp File Cleaner (TFC)

• Double click on TFC.exe to run the program.
• Click on Start button to begin cleaning process.
• TFC will close all running programs, and it may ask you to restart computer.

4. Please run a free online scan with the ESET Online Scanner

• Disable your antivirus program
• Tick the box next to YES, I accept the Terms of Use
• Click Start
• Accept any security warnings from your browser.
• Check Scan archives
• Click Start
• ESET will then download updates for itself, install itself, and begin scanning your computer. Please be patient as this can take some time.
• When the scan completes, click on List of found threats
• Click on Export to text file , and save the file to your desktop using a unique name, such as ESETScan. Include the contents of this report in your next reply.
• NOTE. If Eset won't find any threats, it won't produce any log.

 

[TechFee]

PC Is running fine

I will run those scans tonight.

 

[TechFee]

Final Scan logs

All processes killed
========== OTL ==========
Registry value HKEY_USERS\S-1-5-21-377038991-3734808654-2868031893-1000\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{2318C2B1-4965-11D4-9B18-009027A5CD4F} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{2318C2B1-4965-11D4-9B18-009027A5CD4F}\ not found.
Registry value HKEY_USERS\S-1-5-21-377038991-3734808654-2868031893-1000\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA}\ not found.
Registry key HKEY_USERS\S-1-5-21-377038991-3734808654-2868031893-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\condocerts.com\www\ deleted successfully.
Starting removal of ActiveX control {E2883E8F-472F-4FB0-9522-AC9BF37916A7}
C:\Windows\Downloaded Program Files\gp.inf not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{E2883E8F-472F-4FB0-9522-AC9BF37916A7}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{E2883E8F-472F-4FB0-9522-AC9BF37916A7}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{E2883E8F-472F-4FB0-9522-AC9BF37916A7}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{E2883E8F-472F-4FB0-9522-AC9BF37916A7}\ not found.
File C:\gtk2119-setup.exe not found.
C:\Users\kmanney\AppData\Local\euo68tj57ue8gtxmypjh118035d3bpg012r43rwbab8 moved successfully.
C:\ProgramData\euo68tj57ue8gtxmypjh118035d3bpg012r43rwbab8 moved successfully.
========== COMMANDS ==========

[EMPTYTEMP]

User: All Users

User: Default
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
->Flash cache emptied: 0 bytes

User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
->Flash cache emptied: 0 bytes

User: kmanney
->Temp folder emptied: 936839 bytes
->Temporary Internet Files folder emptied: 9409472 bytes
->Java cache emptied: 0 bytes
->FireFox cache emptied: 0 bytes
->Flash cache emptied: 456 bytes

User: Public
->Temp folder emptied: 0 bytes

User: Security1st
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
->Flash cache emptied: 0 bytes

%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 322253 bytes
RecycleBin emptied: 2314 bytes

Total Files Cleaned = 10.00 mb


[EMPTYJAVA]

User: All Users

User: Default

User: Default User

User: kmanney
->Java cache emptied: 0 bytes

User: Public

User: Security1st

Total Java Files Cleaned = 0.00 mb


OTL by OldTimer - Version 3.2.39.2 log created on 04032012_030007

Files\Folders moved on Reboot...
C:\Users\kmanney\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\AntiPhishing\ED8654D5-B9F0-4DD9-B3E8-F8F560086FDF.dat moved successfully.
C:\Users\kmanney\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\C4QK1XD6\7407185e[1].htm moved successfully.
C:\Users\kmanney\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\C4QK1XD6\dpsync[1].htm moved successfully.
C:\Users\kmanney\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\C4QK1XD6\follow_button[1].htm moved successfully.
C:\Users\kmanney\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\4AIWIXIA\3668935[1].htm moved successfully.
C:\Users\kmanney\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\4AIWIXIA\3668935[2].htm moved successfully.
C:\Users\kmanney\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\4AIWIXIA\up[1].htm moved successfully.
C:\Users\kmanney\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\2XEIXHY9\dpsync[1].htm moved successfully.
C:\Users\kmanney\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\2XEIXHY9\PugTracker[1].htm moved successfully.
C:\Users\kmanney\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\2XEIXHY9\topic178997[1].htm moved successfully.
C:\Users\kmanney\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\1GFZZC28\dpsync[1].htm moved successfully.
C:\Windows\temp\CitrixLogs\GoToAssist Express Customer\383\log7CDC.tmp\GoToAssist Express Customer_01.LOG moved successfully.
C:\Windows\temp\CitrixLogs\GoToAssist Express Customer\383\log7CDC.tmp\mgn_service-service_00.log moved successfully.

Registry entries deleted on Reboot...

 

[TechFee]

Security Check

Results of screen317's Security Check version 0.99.24
Windows 7 Service Pack 1 x86 (UAC is enabled)
Internet Explorer 9
``````````````````````````````
Antivirus/Firewall Check:
Windows Firewall Enabled!
Norton Internet Security
Microsoft Security Essentials
[size=1]WMI entry may not exist for antivirus; attempting automatic update.[/size]
```````````````````````````````
Anti-malware/Other Utilities Check:
Java(TM) 6 Update 31
Adobe Reader X (10.1.2)
Mozilla Firefox (x86 en-US..)
````````````````````````````````
Process Check:
objlist.exe by Laurent
Windows Defender MSMpEng.exe
Malwarebytes' Anti-Malware mbamservice.exe
Microsoft Security Client Antimalware MsMpEng.exe
``````````End of Log````````````

 

[TechFee]

Farbar

Farbar Service Scanner Version: 01-03-2012
Ran by kmanney (administrator) on 03-04-2012 at 02:30:58
Running from "C:\Users\kmanney\Desktop\New folder"
Microsoft Windows 7 Professional Service Pack 1 (X86)
Boot Mode: Normal
****************************************************************

Internet Services:
============

Connection Status:
==============
Localhost is accessible.
LAN connected.
Google IP is accessible.
Yahoo IP is accessible.


Windows Firewall:
=============

Firewall Disabled Policy:
==================


System Restore:
============

System Restore Disabled Policy:
========================


Action Center:
============

Windows Update:
============

Windows Defender:
==============
WinDefend Service is not running. Checking service configuration:
The start type of WinDefend service is OK.
The ImagePath of WinDefend service is OK.
The ServiceDll of WinDefend service is OK.


Windows Defender Disabled Policy:
==========================
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows Defender]
"DisableAntiSpyware"=DWORD:1


File Check:
========
C:\Windows\system32\nsisvc.dll => MD5 is legit
C:\Windows\system32\Drivers\nsiproxy.sys => MD5 is legit
C:\Windows\system32\dhcpcore.dll => MD5 is legit
C:\Windows\system32\Drivers\afd.sys => MD5 is legit
C:\Windows\system32\Drivers\tdx.sys => MD5 is legit
C:\Windows\system32\Drivers\tcpip.sys => MD5 is legit
C:\Windows\system32\dnsrslvr.dll
[2010-11-20 17:29] - [2010-11-20 17:29] - 0132608 ____A (Microsoft Corporation) 2FE30D71919C51131405797620E0A714

C:\Windows\system32\mpssvc.dll => MD5 is legit
C:\Windows\system32\bfe.dll => MD5 is legit
C:\Windows\system32\Drivers\mpsdrv.sys => MD5 is legit
C:\Windows\system32\SDRSVC.dll => MD5 is legit
C:\Windows\system32\vssvc.exe => MD5 is legit
C:\Windows\system32\wscsvc.dll => MD5 is legit
C:\Windows\system32\wbem\WMIsvc.dll => MD5 is legit
C:\Windows\system32\wuaueng.dll => MD5 is legit
C:\Windows\system32\qmgr.dll => MD5 is legit
C:\Windows\system32\es.dll => MD5 is legit
C:\Windows\system32\cryptsvc.dll => MD5 is legit
C:\Program Files\Windows Defender\MpSvc.dll => MD5 is legit
C:\Windows\system32\svchost.exe => MD5 is legit
C:\Windows\system32\rpcss.dll => MD5 is legit


**** End of log ****

 

[TechFee]

Web Scan

C:\gtk2119-setup.exe a variant of Win32/1AntiVirus application deleted - quarantined

#this was that Trojan Killer program setup exe file that you asked me to uninstall.
#I uninstalled the program when you requested but the setup file was still on my root.
# Thanks for all your help with this one. I thought it was a gonner!