TechSpot

The virus revealed itself

By harveydf
Apr 1, 2012
  1. Sirs,
    I've been searching for this virus for some time now, The symptoms are scans terminate prematurely or without finding anything. My security gets turned off constantly. I get messages that i don't have permission to access files and there is a group privilege. I don"t belong to a group. I'm getting seeded from the internet. I know this because of a linux ubuntu log file. Please Help. Here are the logs.
    Malwarebytes Anti-Malware 1.60.1.1000
    www.malwarebytes.org

    Database version: v2012.04.01.03

    Windows Vista Service Pack 2 x86 NTFS (Safe Mode/Networking)
    Internet Explorer 9.0.8112.16421
    Harveydf :: HARVEYDF-PC [administrator]

    4/1/2012 5:48:14 PM
    mbam-log-2012-04-01 (17-48-14).txt

    Scan type: Quick scan
    Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
    Scan options disabled: P2P
    Objects scanned: 233353
    Time elapsed: 3 minute(s), 44 second(s)

    Memory Processes Detected: 0
    (No malicious items detected)

    Memory Modules Detected: 0
    (No malicious items detected)

    Registry Keys Detected: 0
    (No malicious items detected)

    Registry Values Detected: 1
    HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce|GrpConv (Trojan.Agent.Gen) -> Data: grpconv -o -> Quarantined and deleted successfully.

    Registry Data Items Detected: 0
    (No malicious items detected)

    Folders Detected: 0
    (No malicious items detected)

    Files Detected: 1
    C:\Windows\System32\grpconv.exe (Trojan.Agent.Gen) -> Quarantined and deleted successfully.

    (end)

    GMER 1.0.15.15641 - http://www.gmer.net
    Rootkit quick scan 2012-04-01 15:28:20
    Windows 6.0.6002 Service Pack 2 Harddisk0\DR0 -> \Device\00000062 rev.
    Running: koda.exe; Driver: C:\Users\Harveydf\AppData\Local\Temp\uxlcykob.sys


    ---- Disk sectors - GMER 1.0.15 ----

    Disk \Device\Harddisk0\DR0 sector 00: rootkit-like behavior

    ---- Devices - GMER 1.0.15 ----

    AttachedDevice \FileSystem\Ntfs \Ntfs TfFsMon.sys (ThreatFire Filesystem Monitor/PC Tools)
    AttachedDevice \Driver\tdx \Device\Ip pctgntdi.sys
    AttachedDevice \Driver\tdx \Device\Tcp pctgntdi.sys
    AttachedDevice \Driver\tdx \Device\Udp pctgntdi.sys
    AttachedDevice \Driver\tdx \Device\RawIp pctgntdi.sys

    ---- EOF - GMER 1.0.15 ----

    .
    DDS (Ver_2011-08-26.01) - NTFSx86 NETWORK
    Internet Explorer: 9.0.8112.16421 BrowserJavaVersion: 1.6.0_31
    Run by Harveydf at 13:55:55 on 2012-04-01
    Microsoft® Windows Vista™ Home Premium 6.0.6002.2.1252.1.1033.18.3326.2471 [GMT -7:00]
    .
    AV: Microsoft Security Essentials *Enabled/Updated* {108DAC43-C256-20B7-BB05-914135DA5160}
    SP: Microsoft Security Essentials *Enabled/Updated* {ABEC4DA7-E46C-2F39-81B5-AA334E5D1BDD}
    SP: Windows Defender *Disabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
    SP: PC Tools Spyware Doctor *Enabled/Updated* {94076BB2-F3DA-227F-9A1E-F060FF73600F}
    .
    ============== Running Processes ===============
    .
    C:\Windows\system32\wininit.exe
    C:\Windows\system32\lsm.exe
    C:\Windows\system32\svchost.exe -k DcomLaunch
    C:\Windows\system32\svchost.exe -k rpcss
    c:\Program Files\Microsoft Security Client\Antimalware\MsMpEng.exe
    C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
    C:\Windows\system32\svchost.exe -k netsvcs
    C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
    C:\Windows\system32\svchost.exe -k LocalService
    C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
    C:\Windows\system32\svchost.exe -k NetworkService
    C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
    C:\Program Files\PC Tools\PC Tools Security\pctsAuxs.exe
    C:\Program Files\PC Tools\PC Tools Security\pctsSvc.exe
    C:\Windows\Explorer.EXE
    C:\Program Files\PC Tools\PC Tools Security\pctsGui.exe
    C:\Program Files\Windows Media Player\wmpnscfg.exe
    C:\Program Files\Internet Explorer\iexplore.exe
    C:\Program Files\Internet Explorer\iexplore.exe
    C:\Program Files\Internet Explorer\iexplore.exe
    C:\Windows\system32\wbem\wmiprvse.exe
    .
    ============== Pseudo HJT Report ===============
    .
    uStart Page = hxxp://att.my.yahoo.com/?_bc=1
    uInternet Settings,ProxyOverride = *.local
    uSearchURL,(Default) = hxxp://www.google.com/keyword/%s
    BHO: Yahoo! Toolbar Helper: {02478d38-c3f9-4efb-9b51-7695eca05670} - c:\program files\yahoo!\companion\installs\cpn\yt.dll
    BHO: Adobe PDF Reader Link Helper: {06849e9f-c8d7-4d59-b87d-784b7d6be0b3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelper.dll
    BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll
    BHO: Java(tm) Plug-In SSV Helper: {761497bb-d6f0-462c-b6eb-d4daf1d92d43} - c:\program files\java\jre6\bin\ssv.dll
    BHO: Adobe PDF Conversion Toolbar Helper: {ae7cd045-e861-484f-8273-0445ee161910} - c:\program files\common files\adobe\acrobat\activex\AcroIEFavClient.dll
    BHO: Java(tm) Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
    BHO: SmartSelect Class: {f4971ee7-daa0-4053-9964-665d8ee6a077} - c:\program files\common files\adobe\acrobat\activex\AcroIEFavClient.dll
    TB: Adobe PDF: {47833539-d0c5-4125-9fa8-0819e2eaac93} - c:\program files\common files\adobe\acrobat\activex\AcroIEFavClient.dll
    TB: Google Toolbar: {2318c2b1-4965-11d4-9b18-009027a5cd4f} -
    TB: {C55BBCD6-41AD-48AD-9953-3609C48EACC7} - No File
    uRun: [AdobeBridge]
    uRun: [WMPNSCFG] c:\program files\windows media player\WMPNSCFG.exe
    mRun: [MSC] "c:\program files\microsoft security client\msseces.exe" -hide -runkey
    mRun: [ISTray] "c:\program files\pc tools\pc tools security\pctsGui.exe" /hideGUI
    uPolicies-explorer: NoInstrumentation = 1
    mPolicies-explorer: BindDirectlyToPropertySetStorage = 0 (0x0)
    mPolicies-explorer: MemCheckBoxInRunDlg = 1 (0x1)
    mPolicies-system: EnableUIADesktopToggle = 0 (0x0)
    IE: Append Link Target to Existing PDF - c:\program files\common files\adobe\acrobat\activex\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
    IE: Append to Existing PDF - c:\program files\common files\adobe\acrobat\activex\AcroIEFavClient.dll/AcroIEAppend.html
    IE: Convert Link Target to Adobe PDF - c:\program files\common files\adobe\acrobat\activex\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
    IE: Convert to Adobe PDF - c:\program files\common files\adobe\acrobat\activex\AcroIEFavClient.dll/AcroIECapture.html
    IE: E&xport to Microsoft Excel - c:\progra~1\micros~3\office12\EXCEL.EXE/3000
    IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~3\office12\REFIEBAR.DLL
    LSP: c:\program files\common files\pc tools\lsp\PCTLsp.dll
    Trusted Zone: intuit.com\ttlc
    Trusted Zone: turbotax.com
    DPF: {17492023-C23A-453E-A040-C7C580BBF700} - hxxp://download.microsoft.com/download/8/b/d/8bd77752-5704-4d68-a152-f7252adaa4f2/LegitCheckControl.cab
    DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab
    DPF: {CAFEEFAC-0016-0000-0031-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab
    DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab
    DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://download.macromedia.com/pub/shockwave/cabs/flash/swflash.cab
    TCP: DhcpNameServer = 192.168.1.254
    TCP: Interfaces\{193FD7B8-6ED3-43A3-9D42-499D673FB086} : DhcpNameServer = 192.168.1.254
    .
    ================= FIREFOX ===================
    .
    FF - ProfilePath - c:\users\harveydf\appdata\roaming\mozilla\firefox\profiles\lppj4d9t.default\
    FF - prefs.js: browser.search.selectedEngine - Startpage
    FF - prefs.js: browser.startup.homepage - hxxp://att.my.yahoo.com/
    FF - prefs.js: network.proxy.type - 0
    FF - plugin: c:\program files\adobe\acrobat 9.0\acrobat\air\nppdf32.dll
    FF - plugin: c:\program files\java\jre6\bin\new_plugin\npdeployJava1.dll
    FF - plugin: c:\program files\java\jre6\bin\plugin2\npdeployJava1.dll
    FF - plugin: c:\program files\java\jre6\bin\plugin2\npjp2.dll
    FF - plugin: c:\program files\microsoft silverlight\4.1.10111.0\npctrlui.dll
    FF - plugin: c:\program files\mozilla firefox\plugins\npdeployJava1.dll
    FF - plugin: c:\users\harveydf\appdata\local\google\google earth\plugin\npgeplugin.dll
    .
    ============= SERVICES / DRIVERS ===============
    .
    R0 PCTCore;PCTools KDS;c:\windows\system32\drivers\PCTCore.sys [2012-3-14 331880]
    R0 pctDS;PC Tools Data Store;c:\windows\system32\drivers\pctDS.sys [2012-3-14 342168]
    R1 pctgntdi;pctgntdi;c:\windows\system32\drivers\pctgntdi.sys [2012-3-14 253352]
    R2 sdAuxService;PC Tools Auxiliary Service;c:\program files\pc tools\pc tools security\pctsAuxs.exe [2012-3-14 402336]
    R2 sdCoreService;PC Tools Security Service;c:\program files\pc tools\pc tools security\pctsSvc.exe [2012-3-14 1117624]
    S0 TfFsMon;TfFsMon;c:\windows\system32\drivers\TfFsMon.sys [2012-3-15 54328]
    S0 TFSysMon;TfSysMon;c:\windows\system32\drivers\TfSysMon.sys [2012-3-15 574424]
    S1 6594252drv;6594252drv;c:\windows\system32\drivers\6594252drv.sys [2011-8-15 489048]
    S1 MpFilter;Microsoft Malware Protection Driver;c:\windows\system32\drivers\MpFilter.sys [2011-4-18 165648]
    S1 PCTSD;PC Tools Spyware Doctor Driver;c:\windows\system32\drivers\PCTSD.sys [2012-3-14 185560]
    S2 AMD External Events Utility;AMD External Events Utility;c:\windows\system32\atiesrxx.exe [2012-2-14 163328]
    S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\microsoft.net\framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
    S2 cpuz135;cpuz135;c:\windows\system32\drivers\cpuz135_x32.sys [2011-6-14 21992]
    S2 FontCache;Windows Font Cache Service;c:\windows\system32\svchost.exe -k LocalServiceAndNoImpersonation [2008-6-17 21504]
    S2 gupdate;Google Update Service (gupdate);c:\program files\google\update\GoogleUpdate.exe [2010-2-11 135664]
    S2 PCToolsSSDMonitorSvc;PC Tools Startup and Shutdown Monitor service;c:\program files\common files\pc tools\smonitor\StartManSvc.exe [2012-3-15 793048]
    S3 Adobe Version Cue CS4;Adobe Version Cue CS4;c:\program files\common files\adobe\adobe version cue cs4\server\bin\VersionCueCS4.exe [2008-8-15 288112]
    S3 amdkmdag;amdkmdag;c:\windows\system32\drivers\atikmdag.sys [2012-2-14 9182208]
    S3 amdkmdap;amdkmdap;c:\windows\system32\drivers\atikmpag.sys [2012-2-14 264704]
    S3 AtiHDAudioService;AMD Function Driver for HD Audio Service;c:\windows\system32\drivers\AtihdLH3.sys [2011-12-5 83472]
    S3 gupdatem;Google Update Service (gupdatem);c:\program files\google\update\GoogleUpdate.exe [2010-2-11 135664]
    S3 MpNWMon;Microsoft Malware Protection Network Driver;c:\windows\system32\drivers\MpNWMon.sys [2011-4-18 43392]
    S3 NETw2v32;Intel(R) PRO/Wireless 2200BG Network Connection Driver for Windows Vista;c:\windows\system32\drivers\NETw2v32.sys [2006-11-2 2589184]
    S3 NisDrv;Microsoft Network Inspection System;c:\windows\system32\drivers\NisDrvWFP.sys [2011-4-27 65024]
    S3 NisSrv;Microsoft Network Inspection;c:\program files\microsoft security client\antimalware\NisSrv.exe [2011-4-27 208944]
    S3 pctplsg;pctplsg;c:\windows\system32\drivers\pctplsg.sys [2012-3-14 70536]
    S3 RegGuard;RegGuard;c:\windows\system32\drivers\regguard.sys [2012-3-16 24416]
    S3 silabenm;Junsi USB to UART Bridge Serial Port Enumerator Driver;c:\windows\system32\drivers\silabenm.sys [2012-3-11 47176]
    S3 silabser;Junsi USB to UART Bridge Driver;c:\windows\system32\drivers\silabser.sys [2012-3-11 58496]
    S3 TfNetMon;TfNetMon;c:\windows\system32\drivers\TfNetMon.sys [2012-3-15 35264]
    S3 ThreatFire;ThreatFire;c:\program files\pc tools\pc tools security\tfengine\tfservice.exe service --> c:\program files\pc tools\pc tools security\tfengine\TFService.exe service [?]
    S3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;c:\windows\microsoft.net\framework\v4.0.30319\wpf\WPFFontCache_v0400.exe [2010-3-18 753504]
    S4 MJLVASR;MJLVASR;c:\users\harveydf\appdata\local\temp\mjlvasr.exe --> c:\users\harveydf\appdata\local\temp\MJLVASR.exe [?]
    S4 NBISZU;NBISZU;c:\users\harveydf\appdata\local\temp\nbiszu.exe --> c:\users\harveydf\appdata\local\temp\NBISZU.exe [?]
    S4 OJ;OJ;c:\users\harveydf\appdata\local\temp\oj.exe --> c:\users\harveydf\appdata\local\temp\OJ.exe [?]
    .
    =============== Created Last 30 ================
    .
    2012-04-02 01:50:56 6582328 ----a-w- c:\programdata\microsoft\microsoft antimalware\definition updates\{f1a70e0f-d4e1-4e3a-9aed-69f292cecdbd}\mpengine.dll
    2012-04-01 20:58:10 -------- d-----w- C:\TDSSKiller_Quarantine
    2012-03-26 18:37:30 -------- d-----w- c:\program files\ESET
    2012-03-26 11:53:19 -------- d-----w- c:\windows\ERDNT2
    2012-03-26 11:52:11 -------- d-----w- c:\program files\ERUNT2
    2012-03-24 15:43:42 -------- d-----w- C:\AMD
    2012-03-23 17:01:03 -------- d-----w- c:\programdata\Microsoft Symbols for Visual Studio and Process Explorer
    2012-03-23 16:58:59 -------- d-----w- c:\users\harveydf\Microsoft Symbols for Visual Studio and Process Explorer
    2012-03-23 10:54:56 -------- d-----w- c:\program files\BenchMark Tools
    2012-03-23 09:08:30 -------- d-----w- c:\program files\CrystalDiskInfo
    2012-03-22 17:55:02 22872 ----a-r- c:\windows\system32\AdobePDFUI.dll
    2012-03-22 17:52:47 103864 ----a-w- c:\program files\mozilla firefox\plugins\nppdf32.dll
    2012-03-21 15:32:51 -------- d-----w- c:\users\harveydf\appdata\roaming\GlarySoft
    2012-03-21 15:32:50 -------- d-----w- c:\program files\Glary Undelete
    2012-03-18 20:39:56 6582328 ----a-w- c:\programdata\microsoft\microsoft antimalware\definition updates\backup\mpengine.dll
    2012-03-17 17:42:42 713784 ------w- c:\programdata\microsoft\microsoft antimalware\definition updates\{5f54698d-55cd-4254-9766-493841d8d863}\gapaengine.dll
    2012-03-17 17:13:22 -------- d-----w- c:\program files\Microsoft Security Client
    2012-03-17 17:12:50 221568 ----a-w- c:\windows\system32\drivers\netio.sys
    2012-03-17 08:34:47 -------- d-----w- C:\.Trash-0
    2012-03-17 00:40:53 -------- d-----w- c:\users\harveydf\appdata\roaming\GetRightToGo
    2012-03-17 00:04:50 14664 ----a-w- c:\windows\stinger.sys
    2012-03-17 00:04:18 -------- d-----w- c:\program files\stinger
    2012-03-16 19:02:00 -------- d-----w- C:\BackSys
    2012-03-16 15:22:38 24416 ----a-w- c:\windows\system32\drivers\regguard.sys
    2012-03-16 15:11:06 39184 ----a-w- c:\windows\system32\Partizan.exe
    2012-03-16 15:11:06 35816 ----a-w- c:\windows\system32\drivers\Partizan.sys
    2012-03-16 15:10:59 2 --shatr- c:\windows\winstart.bat
    2012-03-16 15:10:55 12800 ----a-w- c:\windows\system32\drivers\UnHackMeDrv.sys
    2012-03-16 10:26:59 -------- d-----w- c:\users\harveydf\appdata\roaming\VSRevoGroup
    2012-03-16 09:06:55 592824 ----a-w- c:\program files\mozilla firefox\gkmedias.dll
    2012-03-16 09:06:55 44472 ----a-w- c:\program files\mozilla firefox\mozglue.dll
    2012-03-15 13:22:16 -------- d-----w- c:\users\harveydf\appdata\roaming\Registry Mechanic
    2012-03-15 12:54:22 880640 ----a-w- c:\windows\system32\UniBox10.ocx
    2012-03-15 12:54:22 512472 ----a-w- c:\windows\system32\msxml.dll
    2012-03-15 12:54:22 37336 ----a-w- c:\windows\system32\CleanMFT32.exe
    2012-03-15 12:54:22 212992 ----a-w- c:\windows\system32\UniBoxVB12.ocx
    2012-03-15 12:54:22 1101824 ----a-w- c:\windows\system32\UniBox210.ocx
    2012-03-15 12:50:58 -------- d-----w- c:\users\harveydf\appdata\roaming\Product_RM
    2012-03-15 11:59:07 -------- d-----w- c:\users\harveydf\appdata\roaming\PCTools
    2012-03-15 08:38:31 574424 --s-a-w- c:\windows\system32\drivers\TfSysMon.sys
    2012-03-15 08:38:30 54328 --s-a-w- c:\windows\system32\drivers\TfFsMon.sys
    2012-03-15 08:38:30 35264 --s-a-w- c:\windows\system32\drivers\TfNetMon.sys
    2012-03-15 01:59:41 253352 ----a-w- c:\windows\system32\drivers\pctgntdi.sys
    2012-03-15 01:59:41 107864 ----a-w- c:\windows\system32\drivers\pctwfpfilter.sys
    2012-03-15 01:59:39 17848 ----a-w- c:\windows\system32\drivers\pctBTFix.sys
    2012-03-15 01:59:37 70536 ----a-w- c:\windows\system32\drivers\pctplsg.sys
    2012-03-15 01:59:32 -------- d-----w- c:\program files\PC Tools
    2012-03-15 01:12:24 909728 ----a-w- c:\windows\system32\drivers\pctEFA.sys
    2012-03-15 01:12:24 342168 ----a-w- c:\windows\system32\drivers\pctDS.sys
    2012-03-15 01:12:24 331880 ----a-w- c:\windows\system32\drivers\PCTCore.sys
    2012-03-15 01:12:24 162584 ----a-w- c:\windows\system32\drivers\PCTAppEvent.sys
    2012-03-15 01:12:23 185560 ----a-w- c:\windows\system32\drivers\PCTSD.sys
    2012-03-15 01:12:23 -------- d-----w- c:\program files\common files\PC Tools
    2012-03-15 01:07:19 -------- d-----w- c:\users\harveydf\appdata\roaming\TestApp
    2012-03-15 01:07:19 -------- d-----w- c:\programdata\PC Tools
    2012-03-13 23:40:21 2044416 ----a-w- c:\windows\system32\win32k.sys
    2012-03-13 23:40:15 683008 ----a-w- c:\windows\system32\d2d1.dll
    2012-03-13 23:40:15 219648 ----a-w- c:\windows\system32\d3d10_1core.dll
    2012-03-13 23:40:15 160768 ----a-w- c:\windows\system32\d3d10_1.dll
    2012-03-13 23:40:15 1172480 ----a-w- c:\windows\system32\d3d10warp.dll
    2012-03-13 23:40:15 1068544 ----a-w- c:\windows\system32\DWrite.dll
    2012-03-13 23:40:13 2409784 ----a-w- c:\program files\windows mail\OESpamFilter.dat
    2012-03-13 21:39:24 20464 ----a-w- c:\windows\system32\drivers\mbam.sys
    2012-03-13 21:39:24 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
    2012-03-13 20:04:26 613376 ----a-w- c:\windows\system32\rdpencom.dll
    2012-03-13 20:04:26 180736 ----a-w- c:\windows\system32\drivers\rdpwd.sys
    2012-03-11 23:58:47 -------- d-----w- c:\users\harveydf\appdata\roaming\LogView
    2012-03-11 23:28:50 58496 ----a-w- c:\windows\system32\drivers\silabser.sys
    2012-03-11 20:32:23 -------- d-----w- c:\users\harveydf\appdata\local\ElevatedDiagnostics
    2012-03-11 18:57:10 445008 ----a-w- c:\windows\system32\drivers\Wdf01000.sys
    2012-03-11 18:57:10 38480 ----a-w- c:\windows\system32\drivers\WdfLdr.sys
    2012-03-11 18:53:26 -------- d-----w- c:\program files\Silabs
    2012-03-11 18:49:53 47176 ----a-w- c:\windows\system32\drivers\silabenm.sys
    2012-03-11 18:49:53 1461992 ----a-w- c:\windows\system32\WdfCoinstaller01009.dll
    2012-03-11 12:47:38 -------- d-----w- c:\users\harveydf\appdata\roaming\EurekaLog
    2012-03-11 12:47:09 -------- d-----w- c:\program files\LogView V2
    2012-03-11 12:26:27 1112288 ----a-w- c:\windows\system32\WdfCoinstaller01007.dll
    2012-03-11 12:26:25 -------- d-----w- c:\program files\Junsi
    2012-03-11 12:25:50 -------- d-----w- c:\windows\system32\Silabs
    .
    ==================== Find3M ====================
    .
    2012-03-16 09:14:07 414368 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
    2012-02-19 08:29:17 472808 ----a-w- c:\windows\system32\deployJava1.dll
    2012-02-15 03:47:12 9182208 ----a-w- c:\windows\system32\drivers\atikmdag.sys
    2012-02-15 03:18:56 159744 ----a-w- c:\windows\system32\atiapfxx.exe
    2012-02-15 03:18:40 791040 ----a-w- c:\windows\system32\aticfx32.dll
    2012-02-15 03:13:56 442368 ----a-w- c:\windows\system32\ATIDEMGX.dll
    2012-02-15 03:13:20 405504 ----a-w- c:\windows\system32\atieclxx.exe
    2012-02-15 03:12:48 163328 ----a-w- c:\windows\system32\atiesrxx.exe
    2012-02-15 03:11:34 159744 ----a-w- c:\windows\system32\atitmmxx.dll
    2012-02-15 03:10:58 20992 ----a-w- c:\windows\system32\atimuixx.dll
    2012-02-15 03:10:48 43520 ----a-w- c:\windows\system32\ati2edxx.dll
    2012-02-15 03:07:44 6200320 ----a-w- c:\windows\system32\atidxx32.dll
    2012-02-15 02:58:56 19392000 ----a-w- c:\windows\system32\atioglxx.dll
    2012-02-15 02:40:54 1828864 ----a-w- c:\windows\system32\atiumdmv.dll
    2012-02-15 02:34:54 46080 ----a-w- c:\windows\system32\aticalrt.dll
    2012-02-15 02:34:44 44032 ----a-w- c:\windows\system32\aticalcl.dll
    2012-02-15 02:34:36 5954048 ----a-w- c:\windows\system32\atiumdag.dll
    2012-02-15 02:29:52 5062656 ----a-w- c:\windows\system32\atiumdva.dll
    2012-02-15 02:29:50 11561984 ----a-w- c:\windows\system32\aticaldd.dll
    2012-02-15 02:16:34 51200 ----a-w- c:\windows\system32\coinst.dll
    2012-02-15 02:13:48 356352 ----a-w- c:\windows\system32\atiadlxx.dll
    2012-02-15 02:13:32 14336 ----a-w- c:\windows\system32\atiglpxx.dll
    2012-02-15 02:13:20 33280 ----a-w- c:\windows\system32\atigktxx.dll
    2012-02-15 02:12:48 264704 ----a-w- c:\windows\system32\drivers\atikmpag.sys
    2012-02-15 02:12:14 33280 ----a-w- c:\windows\system32\atiuxpag.dll
    2012-02-15 02:12:00 30208 ----a-w- c:\windows\system32\atiu9pag.dll
    2012-02-15 02:11:36 37376 ----a-w- c:\windows\system32\atitmpxx.dll
    2012-02-15 02:11:22 53248 ----a-w- c:\windows\system32\drivers\ati2erec.dll
    2012-02-15 02:11:10 53760 ----a-w- c:\windows\system32\atimpc32.dll
    2012-02-15 02:11:10 53760 ----a-w- c:\windows\system32\amdpcom32.dll
    2012-01-31 12:44:05 237072 ------w- c:\windows\system32\MpSigStub.exe
    .
    ============= FINISH: 13:56:44.07 ===============

    .
    UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
    IF REQUESTED, ZIP IT UP & ATTACH IT
    .
    DDS (Ver_2011-08-26.01)
    .
    Microsoft® Windows Vista™ Home Premium
    Boot Device: \Device\HarddiskVolume2
    Install Date: 11/23/2007 3:55:52 PM
    System Uptime: 4/1/2012 1:07:52 PM (0 hours ago)
    .
    Motherboard: ECS | | MCP61PM-GM
    Processor: AMD Phenom(tm) 9500 Quad-Core Processor | Socket AM2 | 2210/235mhz
    .
    ==== Disk Partitions =========================
    .
    C: is FIXED (NTFS) - 324 GiB total, 212.136 GiB free.
    D: is FIXED (NTFS) - 11 GiB total, 4.488 GiB free.
    E: is CDROM ()
    F: is Removable
    G: is Removable
    H: is Removable
    I: is Removable
    K: is FIXED (NTFS) - 24 GiB total, 24.324 GiB free.
    .
    ==== Disabled Device Manager Items =============
    .
    ==== System Restore Points ===================
    .
    No restore point in system.
    .
    ==== Installed Programs ======================
    Page 1
     
  2. harveydf

    harveydf TS Rookie Topic Starter Posts: 69

    Page 2
    .
    .
    Update for Microsoft Office 2007 (KB2508958)
    1500
    1500_Help
    1500Trb
    32 Bit HP CIO Components Installer
    7-Zip 9.20
    Acrobat.com
    Adobe Acrobat 9 Pro - English, Français, Deutsch
    Adobe Acrobat 9.5.0 - CPSID_83708
    Adobe AIR
    Adobe Anchor Service CS4
    Adobe Asset Services CS4
    Adobe Bridge CS4
    Adobe CMaps CS4
    Adobe Color - Photoshop Specific CS4
    Adobe Color EU Extra Settings CS4
    Adobe Color JA Extra Settings CS4
    Adobe Color NA Recommended Settings CS4
    Adobe Color Video Profiles CS CS4
    Adobe Creative Suite 4 Design Premium
    Adobe CSI CS4
    Adobe Default Language CS4
    Adobe Device Central CS4
    Adobe Dreamweaver CS4
    Adobe Drive CS4
    Adobe Dynamiclink Support
    Adobe ExtendScript Toolkit CS4
    Adobe Extension Manager CS4
    Adobe Fireworks CS4
    Adobe Flash CS4
    Adobe Flash CS4 Extension - Flash Lite STI en
    Adobe Flash CS4 STI-en
    Adobe Flash Player 10 ActiveX
    Adobe Flash Player 11 Plugin
    Adobe Fonts All
    Adobe Illustrator CS4
    Adobe InDesign CS4
    Adobe InDesign CS4 Application Feature Set Files (Roman)
    Adobe InDesign CS4 Common Base Files
    Adobe InDesign CS4 Icon Handler
    Adobe Linguistics CS4
    Adobe Media Encoder CS4
    Adobe Media Encoder CS4 Importer
    Adobe Media Player
    Adobe Output Module
    Adobe PDF Library Files CS4
    Adobe Photoshop CS4
    Adobe Photoshop CS4 Support
    Adobe Reader for Palm OS, 3.05
    Adobe Search for Help
    Adobe Service Manager Extension
    Adobe Setup
    Adobe SGM CS4
    Adobe Shockwave Player 11.6
    Adobe SING CS4
    Adobe Type Support CS4
    Adobe Update Manager CS4
    Adobe Version Cue CS4 Server
    Adobe WinSoft Linguistics Plugin
    Adobe XMP Panels CS4
    AdobeColorCommonSetCMYK
    AdobeColorCommonSetRGB
    AIO_CDB_ProductContext
    AIO_CDB_Software
    AIO_Scan
    AMD Catalyst Install Manager
    AnswerWorks 4.0 Runtime - English
    AnswerWorks 5.0 English Runtime
    Apple Mobile Device Support
    Apple Software Update
    Application Verifier
    Astrolog32 2.02
    AT&T Self Support Tool
    AT&T Yahoo! Applications
    Audacity 1.3.13 (Unicode)
    Aureas v8.7
    AutoHotkey 1.0.48.05
    Avery Wizard 3.1
    Bonjour
    BufferChm
    Catalyst Control Center Core Implementation
    Catalyst Control Center Graphics Full Existing
    Catalyst Control Center Graphics Full New
    Catalyst Control Center Graphics Light
    Catalyst Control Center Graphics Previews Vista
    Catalyst Control Center InstallProxy
    Catalyst Control Center Localization Chinese Standard
    Catalyst Control Center Localization Chinese Traditional
    Catalyst Control Center Localization Czech
    Catalyst Control Center Localization Danish
    Catalyst Control Center Localization Dutch
    Catalyst Control Center Localization Finnish
    Catalyst Control Center Localization French
    Catalyst Control Center Localization German
    Catalyst Control Center Localization Greek
    Catalyst Control Center Localization Hungarian
    Catalyst Control Center Localization Italian
    Catalyst Control Center Localization Japanese
    Catalyst Control Center Localization Korean
    Catalyst Control Center Localization Norwegian
    Catalyst Control Center Localization Polish
    Catalyst Control Center Localization Portuguese
    Catalyst Control Center Localization Russian
    Catalyst Control Center Localization Spanish
    Catalyst Control Center Localization Swedish
    Catalyst Control Center Localization Thai
    Catalyst Control Center Localization Turkish
    ccc-core-static
    ccc-utility
    CCC Help Chinese Traditional
    CCC Help Czech
    CCC Help Danish
    CCC Help Dutch
    CCC Help English
    CCC Help Finnish
    CCC Help French
    CCC Help German
    CCC Help Greek
    CCC Help Hungarian
    CCC Help Italian
    CCC Help Japanese
    CCC Help Korean
    CCC Help Norwegian
    CCC Help Polish
    CCC Help Portuguese
    CCC Help Russian
    CCC Help Spanish
    CCC Help Swedish
    CCC Help Thai
    CCC Help Turkish
    CCleaner
    Compatibility Pack for the 2007 Office system
    Connect
    Copy
    Core Temp version 0.99.8
    CPUID CPU-Z 1.57.1
    creepy 0.1.93
    Debugging Tools for Windows (x86)
    Destinations
    Dev-C++ 5 beta 9 release (4.9.9.2)
    DeviceManagementQFolder
    Digital Media Reader
    DocProc
    DocProcQFolder
    ERUNT 1.1j
    ESET Online Scanner v3
    eSupportQFolder
    EVEREST Home Edition v2.20
    Fax
    FFmpeg v0.6.2 for Audacity
    FormatFactory 2.20
    Free Window Registry Repair
    FreeMind
    Gateway Connect
    Gateway Games
    Gateway Recovery Center Installer
    Glary Undelete 1.8.0.468
    Google Earth
    Google Toolbar for Internet Explorer
    Google Update Helper
    GPSMaster 2.13.5
    HijackThis 2.0.2
    Hotfix for Microsoft .NET Framework 3.5 SP1 (KB953595)
    Hotfix for Microsoft .NET Framework 3.5 SP1 (KB958484)
    Hotfix for Microsoft Visual Basic 2010 Express - ENU (KB2635973)
    HP Imaging Device Functions 8.0
    HP OCR Software 8.0
    HP Photosmart Essential
    HP Photosmart, Officejet, PSC and Deskjet All-In-One Driver Software 8.0.B
    HP Solution Center 8.0
    HP Update
    HPProductAssistant
    ISO Recorder
    iTunes
    Java Auto Updater
    Java(TM) 6 Update 31
    Junior Jyotish 1.10v
    Junsi USB to UART Bridge(Windows XP/2003/Vista/7) (Driver Removal)
    kuler
    LabelPrint
    LADSPA_plugins-win-0.4.15
    LAME v3.98.3 for Audacity
    Malwarebytes Anti-Malware version 1.60.1.1000
    Maxtor MaxBlast
    Microsoft .NET Framework 3.5 SP1
    Microsoft .NET Framework 4 Client Profile
    Microsoft .NET Framework 4 Extended
    Microsoft .NET Framework 4 Multi-Targeting Pack
    Microsoft Antimalware
    Microsoft Application Error Reporting
    Microsoft Help Viewer 1.1
    Microsoft Office 2007 Service Pack 3 (SP3)
    Microsoft Office Access MUI (English) 2007
    Microsoft Office Access Setup Metadata MUI (English) 2007
    Microsoft Office Excel MUI (English) 2007
    Microsoft Office File Validation Add-In
    Microsoft Office Outlook MUI (English) 2007
    Microsoft Office PowerPoint MUI (English) 2007
    Microsoft Office PowerPoint Viewer 2007 (English)
    Microsoft Office Professional 2007
    Microsoft Office Proof (English) 2007
    Microsoft Office Proof (French) 2007
    Microsoft Office Proof (Spanish) 2007
    Microsoft Office Proofing (English) 2007
    Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
    Microsoft Office Publisher MUI (English) 2007
    Microsoft Office Shared MUI (English) 2007
    Microsoft Office Shared Setup Metadata MUI (English) 2007
    Microsoft Office Word MUI (English) 2007
    Microsoft Security Client
    Microsoft Security Essentials
    Microsoft Silverlight
    Microsoft SQL Server 2008 R2 Management Objects
    Microsoft SQL Server Compact 3.5 SP2 ENU
    Microsoft SQL Server System CLR Types
    Microsoft Sync Framework 2.0 Core Components (x86) ENU
    Microsoft Sync Framework 2.0 Provider Services (x86) ENU
    Microsoft Visual Basic 2010 Express - ENU
    Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
    Microsoft Visual C++ 2005 Redistributable
    Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022
    Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4974
    Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
    Microsoft Visual C++ 2010 x86 Redistributable - 10.0.30319
    Microsoft Visual C++ 2010 x86 Runtime - 10.0.40219
    Microsoft Visual Studio 2010 ADO.NET Entity Framework Tools
    Microsoft Visual Studio 2010 Service Pack 1
    Microsoft Visual Studio 2010 Tools for Office Runtime (x86)
    Microsoft Windows Performance Toolkit
    Microsoft Windows SDK .NET Framework Tools (30514)
    Microsoft Windows SDK for Visual Studio .NET 4.0 Framework Tools
    Microsoft Windows SDK for Windows 7 (7.1)
    Microsoft Windows SDK for Windows 7 Common Utilities (30514)
    Microsoft Windows SDK Intellisense and Reference Assemblies (30514)
    Microsoft Windows SDK MSHelp (30514)
    Microsoft Windows SDK Net Fx Interop Headers And Libraries (30514)
    Microsoft Works
    Microsoft WSE 2.0 SP3 Runtime
    Mobipocket Creator 4.2
    Mobipocket Reader 6.2
    Move Networks Media Player for Internet Explorer
    Mozilla Firefox 11.0 (x86 en-US)
    MSXML 4.0 SP2 (KB936181)
    MSXML 4.0 SP2 (KB941833)
    MSXML 4.0 SP2 (KB954430)
    MSXML 4.0 SP2 (KB973688)
    MyPhoneExplorer
    NirSoft VideoCacheView
    NVIDIA Drivers
    OGA Notifier 2.0.0048.0
    OpenSSL 1.0.0e (32-bit)
    Palm Desktop
    PC Tools Registry Mechanic 11.0
    PC Tools Spyware Doctor 9.0
    PDF Settings CS4
    Photoshop Camera Raw
    Pixel Bender Toolkit
    Power2Go 5.0
    PS2 Multimedia Keyboard Driver
    QuickTime
    Realtek High Definition Audio Driver
    Revo Uninstaller 1.93
    Scan
    Security Update for Microsoft .NET Framework 3.5 SP1 (KB2657424)
    Security Update for Microsoft .NET Framework 4 Client Profile (KB2446708)
    Security Update for Microsoft .NET Framework 4 Client Profile (KB2478663)
    Security Update for Microsoft .NET Framework 4 Client Profile (KB2518870)
    Security Update for Microsoft .NET Framework 4 Client Profile (KB2539636)
    Security Update for Microsoft .NET Framework 4 Client Profile (KB2572078)
    Security Update for Microsoft .NET Framework 4 Client Profile (KB2633870)
    Security Update for Microsoft .NET Framework 4 Client Profile (KB2656351)
    Security Update for Microsoft .NET Framework 4 Extended (KB2416472)
    Security Update for Microsoft .NET Framework 4 Extended (KB2487367)
    Security Update for Microsoft .NET Framework 4 Extended (KB2656351)
    Security Update for Microsoft Office 2007 suites (KB2596785) 32-Bit Edition
    Security Update for Microsoft Office PowerPoint 2007 (KB2596764) 32-Bit Edition
    Security Update for Microsoft Office PowerPoint 2007 (KB2596912) 32-Bit Edition
    Security Update for Microsoft Office Publisher 2007 (KB2596705) 32-Bit Edition
    Send To Toys v2.61
    Skins
    Soft Data Fax Modem with SmartCP
    SolutionCenter
    Status
    Suite Shared Configuration CS4
    swMSM
    SyncToy 2.1 (x86)
    The Proxomitron Ver. Naoko-4.5
    The Rosetta Stone
    TI Connect 1.6
    TI StudyCards Creator
    Toolbox
    TrayApp
    TurboTax 2008
    TurboTax 2008 wcaiper
    TurboTax 2008 WinPerFedFormset
    TurboTax 2008 WinPerProgramHelp
    TurboTax 2008 WinPerReleaseEngine
    TurboTax 2008 WinPerTaxSupport
    TurboTax 2008 WinPerUserEducation
    TurboTax 2008 wrapper
    TurboTax 2009
    TurboTax 2009 wcaiper
    TurboTax 2009 WinPerFedFormset
    TurboTax 2009 WinPerReleaseEngine
    TurboTax 2009 WinPerTaxSupport
    TurboTax 2009 wrapper
    TurboTax 2010
    TurboTax 2010 wcaiper
    TurboTax 2010 WinPerFedFormset
    TurboTax 2010 WinPerReleaseEngine
    TurboTax 2010 WinPerTaxSupport
    TurboTax 2010 wrapper
    TurboTax Deluxe 2007
    Tweaking.com - Simple Performance Boost
    UnloadSupport
    Update for 2007 Microsoft Office System (KB967642)
    Update for Microsoft .NET Framework 3.5 SP1 (KB963707)
    Update for Microsoft .NET Framework 4 Client Profile (KB2468871)
    Update for Microsoft .NET Framework 4 Client Profile (KB2533523)
    Update for Microsoft .NET Framework 4 Client Profile (KB2600217)
    Update for Microsoft .NET Framework 4 Extended (KB2468871)
    Update for Microsoft .NET Framework 4 Extended (KB2533523)
    Update for Microsoft .NET Framework 4 Extended (KB2600217)
    Update for Microsoft Office 2007 Help for Common Features (KB963673)
    Update for Microsoft Office 2007 suites (KB2596651) 32-Bit Edition
    Update for Microsoft Office 2007 suites (KB2596789) 32-Bit Edition
    Update for Microsoft Office 2007 suites (KB2597998) 32-Bit Edition
    Update for Microsoft Office Access 2007 Help (KB963663)
    Update for Microsoft Office Excel 2007 (KB2596596) 32-Bit Edition
    Update for Microsoft Office Excel 2007 Help (KB963678)
    Update for Microsoft Office Outlook 2007 Help (KB963677)
    Update for Microsoft Office Powerpoint 2007 Help (KB963669)
    Update for Microsoft Office Publisher 2007 Help (KB963667)
    Update for Microsoft Office Script Editor Help (KB963671)
    Update for Microsoft Office Word 2007 Help (KB963665)
    Visual Studio 2010 Tools for SQL Server Compact 3.5 SP2 ENU
    WebReg
    Windows Automated Installation Kit
    Windows Media Player Firefox Plugin
    Windows SDK IntellisenseNFX
    WinRAR archiver
    XMind
    .
    ==== Event Viewer Messages From Past Week ========
    .
    6594252drv i8042prt MpFilter PCTSD spldr TfFsMon TFSysMon Wanarpv6
    6594252drv i8042prt MpFilter PCTSD spldr TfFsMon TFSysMon Wanarpv6
    6594252drv i8042prt MpFilter PCTSD spldr TfFsMon TFSysMon Wanarpv6
    6594252drv i8042prt MpFilter PCTSD spldr TfFsMon TFSysMon Wanarpv6
    6594252drv i8042prt MpFilter PCTSD spldr TfFsMon TFSysMon Wanarpv6
    6594252drv i8042prt MpFilter PCTSD spldr TfFsMon TFSysMon Wanarpv6
    6594252drv i8042prt
    6594252drv i8042prt
    6594252drv i8042prt
    6594252drv i8042prt
    6594252drv i8042prt
    6594252drv i8042prt
    6594252drv i8042prt
    6594252drv i8042prt
    6594252drv i8042prt
    6594252drv i8042prt
    6594252drv i8042prt
    6594252drv i8042prt
    6594252drv i8042prt
    6594252drv i8042prt
    6594252drv i8042prt
    6594252drv AFD DfsC i8042prt MpFilter NetBIOS netbt nsiproxy pctgntdi PCTSD PSched RasAcd rdbss Smb spldr Tcpip tdx Wanarpv6 ws2ifsl
    6594252drv AFD DfsC i8042prt MpFilter NetBIOS netbt nsiproxy pctgntdi PCTSD PSched RasAcd rdbss Smb spldr Tcpip tdx Wanarpv6 ws2ifsl
    6594252drv AFD DfsC i8042prt MpFilter NetBIOS netbt nsiproxy pctgntdi PCTSD PSched RasAcd rdbss Smb spldr Tcpip tdx Wanarpv6 ws2ifsl
    4/1/2012 6:04:45 PM, Error: Microsoft Antimalware [2001] - Microsoft Antimalware has encountered an error trying to update signatures. New Signature Version: Previous Signature Version: 1.123.403.0 Update Source: Microsoft Update Server Update Stage: Search Source Path: Default URL Signature Type: AntiVirus Update Type: Full User: NT AUTHORITY\SYSTEM Current Engine Version: Previous Engine Version: 1.1.8202.0 Error code: 0x8007043c Error description: This service cannot be started in Safe Mode
    4/1/2012 6:04:45 PM, Error: Microsoft Antimalware [2001] - Microsoft Antimalware has encountered an error trying to update signatures. New Signature Version: Previous Signature Version: 1.123.403.0 Update Source: Microsoft Malware Protection Center Update Stage: Search Source Path: http://go.microsoft.com/fwlink/?Lin...3.0&prod=EDB4FA23-53B8-4AFA-8C5D-99752CCA7094 Signature Type: AntiVirus Update Type: Full User: NT AUTHORITY\NETWORK SERVICE Current Engine Version: Previous Engine Version: 1.1.8202.0 Error code: 0x80072ee7 Error description: The server name or address could not be resolved
    4/1/2012 6:04:45 PM, Error: Microsoft Antimalware [2001] - Microsoft Antimalware has encountered an error trying to update signatures. New Signature Version: Previous Signature Version: 1.123.403.0 Update Source: Microsoft Malware Protection Center Update Stage: Search Source Path: http://go.microsoft.com/fwlink/?Lin...3.0&prod=EDB4FA23-53B8-4AFA-8C5D-99752CCA7094 Signature Type: AntiVirus Update Type: Full User: NT AUTHORITY\NETWORK SERVICE Current Engine Version: Previous Engine Version: 1.1.8202.0 Error code: 0x80072ee7 Error description: The server name or address could not be resolved
    4/1/2012 6:04:45 PM, Error: Microsoft Antimalware [2001] - Microsoft Antimalware has encountered an error trying to update signatures. New Signature Version: Previous Signature Version: 1.123.403.0 Update Source: Microsoft Malware Protection Center Update Stage: Search Source Path: http://go.microsoft.com/fwlink/?Lin...3.0&prod=EDB4FA23-53B8-4AFA-8C5D-99752CCA7094 Signature Type: AntiSpyware Update Type: Full User: NT AUTHORITY\NETWORK SERVICE Current Engine Version: Previous Engine Version: 1.1.8202.0 Error code: 0x80072ee7 Error description: The server name or address could not be resolved
    4/1/2012 6:04:45 PM, Error: Microsoft Antimalware [2001] - Microsoft Antimalware has encountered an error trying to update signatures. New Signature Version: Previous Signature Version: 1.123.403.0 Update Source: Microsoft Malware Protection Center Update Stage: Search Source Path: http://go.microsoft.com/fwlink/?Lin...3.0&prod=EDB4FA23-53B8-4AFA-8C5D-99752CCA7094 Signature Type: AntiSpyware Update Type: Full User: NT AUTHORITY\NETWORK SERVICE Current Engine Version: Previous Engine Version: 1.1.8202.0 Error code: 0x80072ee7 Error description: The server name or address could not be resolved
    4/1/2012 5:13:50 PM, Error: Microsoft Antimalware [2001] - Microsoft Antimalware has encountered an error trying to update signatures. New Signature Version: Previous Signature Version: 1.123.403.0 Update Source: Microsoft Malware Protection Center Update Stage: Search Source Path: http://go.microsoft.com/fwlink/?Lin...3.0&prod=EDB4FA23-53B8-4AFA-8C5D-99752CCA7094 Signature Type: AntiVirus Update Type: Full User: NT AUTHORITY\NETWORK SERVICE Current Engine Version: Previous Engine Version: 1.1.8202.0 Error code: 0x80072ee7 Error description: The server name or address could not be resolved
    4/1/2012 5:13:50 PM, Error: Microsoft Antimalware [2001] - Microsoft Antimalware has encountered an error trying to update signatures. New Signature Version: Previous Signature Version: 1.123.403.0 Update Source: Microsoft Malware Protection Center Update Stage: Search Source Path: http://go.microsoft.com/fwlink/?Lin...3.0&prod=EDB4FA23-53B8-4AFA-8C5D-99752CCA7094 Signature Type: AntiVirus Update Type: Full User: NT AUTHORITY\NETWORK SERVICE Current Engine Version: Previous Engine Version: 1.1.8202.0 Error code: 0x80072ee7 Error description: The server name or address could not be resolved
    4/1/2012 5:13:50 PM, Error: Microsoft Antimalware [2001] - Microsoft Antimalware has encountered an error trying to update signatures. New Signature Version: Previous Signature Version: 1.123.403.0 Update Source: Microsoft Malware Protection Center Update Stage: Search Source Path: http://go.microsoft.com/fwlink/?Lin...3.0&prod=EDB4FA23-53B8-4AFA-8C5D-99752CCA7094 Signature Type: AntiSpyware Update Type: Full User: NT AUTHORITY\NETWORK SERVICE Current Engine Version: Previous Engine Version: 1.1.8202.0 Error code: 0x80072ee7 Error description: The server name or address could not be resolved
    4/1/2012 5:13:50 PM, Error: Microsoft Antimalware [2001] - Microsoft Antimalware has encountered an error trying to update signatures. New Signature Version: Previous Signature Version: 1.123.403.0 Update Source: Microsoft Malware Protection Center Update Stage: Search Source Path: http://go.microsoft.com/fwlink/?Lin...3.0&prod=EDB4FA23-53B8-4AFA-8C5D-99752CCA7094 Signature Type: AntiSpyware Update Type: Full User: NT AUTHORITY\NETWORK SERVICE Current Engine Version: Previous Engine Version: 1.1.8202.0 Error code: 0x80072ee7 Error description: The server name or address could not be resolved
    4/1/2012 5:13:49 PM, Error: Microsoft Antimalware [2001] - Microsoft Antimalware has encountered an error trying to update signatures. New Signature Version: Previous Signature Version: 1.123.403.0 Update Source: Microsoft Update Server Update Stage: Search Source Path: Default URL Signature Type: AntiVirus Update Type: Full User: NT AUTHORITY\SYSTEM Current Engine Version: Previous Engine Version: 1.1.8202.0 Error code: 0x8007043c Error description: This service cannot be started in Safe Mode
    4/1/2012 4:33:21 PM, Error: Microsoft Antimalware [2001] - Microsoft Antimalware has encountered an error trying to update signatures. New Signature Version: Previous Signature Version: 1.123.403.0 Update Source: Microsoft Update Server Update Stage: Search Source Path: http://www.microsoft.com Signature Type: AntiVirus Update Type: Full User: NT AUTHORITY\SYSTEM Current Engine Version: Previous Engine Version: 1.1.8202.0 Error code: 0x8024402c Error description: An unexpected problem occurred while checking for updates. For information on installing or troubleshooting updates, see Help and Support.
    4/1/2012 4:33:21 PM, Error: Microsoft Antimalware [2001] - Microsoft Antimalware has encountered an error trying to update signatures. New Signature Version: Previous Signature Version: 1.123.403.0 Update Source: Microsoft Malware Protection Center Update Stage: Search Source Path: http://go.microsoft.com/fwlink/?Lin...3.0&prod=EDB4FA23-53B8-4AFA-8C5D-99752CCA7094 Signature Type: AntiVirus Update Type: Full User: NT AUTHORITY\NETWORK SERVICE Current Engine Version: Previous Engine Version: 1.1.8202.0 Error code: 0x80072ee7 Error description: The server name or address could not be resolved
    4/1/2012 4:33:21 PM, Error: Microsoft Antimalware [2001] - Microsoft Antimalware has encountered an error trying to update signatures. New Signature Version: Previous Signature Version: 1.123.403.0 Update Source: Microsoft Malware Protection Center Update Stage: Search Source Path: http://go.microsoft.com/fwlink/?Lin...3.0&prod=EDB4FA23-53B8-4AFA-8C5D-99752CCA7094 Signature Type: AntiVirus Update Type: Full User: NT AUTHORITY\NETWORK SERVICE Current Engine Version: Previous Engine Version: 1.1.8202.0 Error code: 0x80072ee7 Error description: The server name or address could not be resolved
    4/1/2012 4:33:21 PM, Error: Microsoft Antimalware [2001] - Microsoft Antimalware has encountered an error trying to update signatures. New Signature Version: Previous Signature Version: 1.123.403.0 Update Source: Microsoft Malware Protection Center Update Stage: Search Source Path: http://go.microsoft.com/fwlink/?Lin...3.0&prod=EDB4FA23-53B8-4AFA-8C5D-99752CCA7094 Signature Type: AntiSpyware Update Type: Full User: NT AUTHORITY\NETWORK SERVICE Current Engine Version: Previous Engine Version: 1.1.8202.0 Error code: 0x80072ee7 Error description: The server name or address could not be resolved
    4/1/2012 4:33:21 PM, Error: Microsoft Antimalware [2001] - Microsoft Antimalware has encountered an error trying to update signatures. New Signature Version: Previous Signature Version: 1.123.403.0 Update Source: Microsoft Malware Protection Center Update Stage: Search Source Path: http://go.microsoft.com/fwlink/?Lin...3.0&prod=EDB4FA23-53B8-4AFA-8C5D-99752CCA7094 Signature Type: AntiSpyware Update Type: Full User: NT AUTHORITY\NETWORK SERVICE Current Engine Version: Previous Engine Version: 1.1.8202.0 Error code: 0x80072ee7 Error description: The server name or address could not be resolved
    4/1/2012 3:50:21 PM, Error: Microsoft Antimalware [2001] - Microsoft Antimalware has encountered an error trying to update signatures. New Signature Version: Previous Signature Version: 1.123.403.0 Update Source: Microsoft Malware Protection Center Update Stage: Search Source Path: http://go.microsoft.com/fwlink/?Lin...3.0&prod=EDB4FA23-53B8-4AFA-8C5D-99752CCA7094 Signature Type: AntiVirus Update Type: Full User: NT AUTHORITY\NETWORK SERVICE Current Engine Version: Previous Engine Version: 1.1.8202.0 Error code: 0x80072ee7 Error description: The server name or address could not be resolved
    4/1/2012 3:50:21 PM, Error: Microsoft Antimalware [2001] - Microsoft Antimalware has encountered an error trying to update signatures. New Signature Version: Previous Signature Version: 1.123.403.0 Update Source: Microsoft Malware Protection Center Update Stage: Search Source Path: http://go.microsoft.com/fwlink/?Lin...3.0&prod=EDB4FA23-53B8-4AFA-8C5D-99752CCA7094 Signature Type: AntiVirus Update Type: Full User: NT AUTHORITY\NETWORK SERVICE Current Engine Version: Previous Engine Version: 1.1.8202.0 Error code: 0x80072ee7 Error description: The server name or address could not be resolved
    4/1/2012 3:50:21 PM, Error: Microsoft Antimalware [2001] - Microsoft Antimalware has encountered an error trying to update signatures. New Signature Version: Previous Signature Version: 1.123.403.0 Update Source: Microsoft Malware Protection Center Update Stage: Search Source Path: http://go.microsoft.com/fwlink/?Lin...3.0&prod=EDB4FA23-53B8-4AFA-8C5D-99752CCA7094 Signature Type: AntiSpyware Update Type: Full User: NT AUTHORITY\NETWORK SERVICE Current Engine Version: Previous Engine Version: 1.1.8202.0 Error code: 0x80072ee7 Error description: The server name or address could not be resolved
    4/1/2012 3:50:21 PM, Error: Microsoft Antimalware [2001] - Microsoft Antimalware has encountered an error trying to update signatures. New Signature Version: Previous Signature Version: 1.123.403.0 Update Source: Microsoft Malware Protection Center Update Stage: Search Source Path: http://go.microsoft.com/fwlink/?Lin...3.0&prod=EDB4FA23-53B8-4AFA-8C5D-99752CCA7094 Signature Type: AntiSpyware Update Type: Full User: NT AUTHORITY\NETWORK SERVICE Current Engine Version: Previous Engine Version: 1.1.8202.0 Error code: 0x80072ee7 Error description: The server name or address could not be resolved
    4/1/2012 3:50:20 PM, Error: Microsoft Antimalware [2001] - Microsoft Antimalware has encountered an error trying to update signatures. New Signature Version: Previous Signature Version: 1.123.403.0 Update Source: Microsoft Update Server Update Stage: Search Source Path: http://www.microsoft.com Signature Type: AntiVirus Update Type: Full User: NT AUTHORITY\SYSTEM Current Engine Version: Previous Engine Version: 1.1.8202.0 Error code: 0x8024402c Error description: An unexpected problem occurred while checking for updates. For information on installing or troubleshooting updates, see Help and Support.
    4/1/2012 3:40:14 PM, Error: EventLog [6008] - The previous system shutdown at 3:38:56 PM on 4/1/2012 was unexpected.
    4/1/2012 2:09:10 PM, Error: Microsoft Antimalware [2001] - Microsoft Antimalware has encountered an error trying to update signatures. New Signature Version: Previous Signature Version: 1.123.403.0 Update Source: Microsoft Malware Protection Center Update Stage: Search Source Path: http://go.microsoft.com/fwlink/?Lin...3.0&prod=EDB4FA23-53B8-4AFA-8C5D-99752CCA7094 Signature Type: AntiVirus Update Type: Full User: NT AUTHORITY\NETWORK SERVICE Current Engine Version: Previous Engine Version: 1.1.8202.0 Error code: 0x80072ee7 Error description: The server name or address could not be resolved
    4/1/2012 2:09:10 PM, Error: Microsoft Antimalware [2001] - Microsoft Antimalware has encountered an error trying to update signatures. New Signature Version: Previous Signature Version: 1.123.403.0 Update Source: Microsoft Malware Protection Center Update Stage: Search Source Path: http://go.microsoft.com/fwlink/?Lin...3.0&prod=EDB4FA23-53B8-4AFA-8C5D-99752CCA7094 Signature Type: AntiVirus Update Type: Full User: NT AUTHORITY\NETWORK SERVICE Current Engine Version: Previous Engine Version: 1.1.8202.0 Error code: 0x80072ee7 Error description: The server name or address could not be resolved
    4/1/2012 2:09:10 PM, Error: Microsoft Antimalware [2001] - Microsoft Antimalware has encountered an error trying to update signatures. New Signature Version: Previous Signature Version: 1.123.403.0 Update Source: Microsoft Malware Protection Center Update Stage: Search Source Path: http://go.microsoft.com/fwlink/?Lin...3.0&prod=EDB4FA23-53B8-4AFA-8C5D-99752CCA7094 Signature Type: AntiSpyware Update Type: Full User: NT AUTHORITY\NETWORK SERVICE Current Engine Version: Previous Engine Version: 1.1.8202.0 Error code: 0x80072ee7 Error description: The server name or address could not be resolved
    4/1/2012 2:09:10 PM, Error: Microsoft Antimalware [2001] - Microsoft Antimalware has encountered an error trying to update signatures. New Signature Version: Previous Signature Version: 1.123.403.0 Update Source: Microsoft Malware Protection Center Update Stage: Search Source Path: http://go.microsoft.com/fwlink/?Lin...3.0&prod=EDB4FA23-53B8-4AFA-8C5D-99752CCA7094 Signature Type: AntiSpyware Update Type: Full User: NT AUTHORITY\NETWORK SERVICE Current Engine Version: Previous Engine Version: 1.1.8202.0 Error code: 0x80072ee7 Error description: The server name or address could not be resolved
    4/1/2012 2:09:09 PM, Error: Microsoft Antimalware [2001] - Microsoft Antimalware has encountered an error trying to update signatures. New Signature Version: Previous Signature Version: 1.123.403.0 Update Source: Microsoft Update Server Update Stage: Search Source Path: http://www.microsoft.com Signature Type: AntiVirus Update Type: Full User: NT AUTHORITY\SYSTEM Current Engine Version: Previous Engine Version: 1.1.8202.0 Error code: 0x8024402c Error description: An unexpected problem occurred while checking for updates. For information on installing or troubleshooting updates, see Help and Support.
    4/1/2012 12:56:52 PM, Error: Microsoft Antimalware [2001] - Microsoft Antimalware has encountered an error trying to update signatures. New Signature Version: Previous Signature Version: 1.123.403.0 Update Source: Microsoft Update Server Update Stage: Search Source Path: http://www.microsoft.com Signature Type: AntiVirus Update Type: Full User: NT AUTHORITY\SYSTEM Current Engine Version: Previous Engine Version: 1.1.8202.0 Error code: 0x8024402c Error description: An unexpected problem occurred while checking for updates. For information on installing or troubleshooting updates, see Help and Support.
    4/1/2012 12:56:52 PM, Error: Microsoft Antimalware [2001] - Microsoft Antimalware has encountered an error trying to update signatures. New Signature Version: Previous Signature Version: 1.123.403.0 Update Source: Microsoft Malware Protection Center Update Stage: Search Source Path: http://go.microsoft.com/fwlink/?Lin...3.0&prod=EDB4FA23-53B8-4AFA-8C5D-99752CCA7094 Signature Type: AntiVirus Update Type: Full User: Harveydf-PC\Harveydf Current Engine Version: Previous Engine Version: 1.1.8202.0 Error code: 0x80072ee7 Error description: The server name or address could not be resolved
    4/1/2012 12:56:52 PM, Error: Microsoft Antimalware [2001] - Microsoft Antimalware has encountered an error trying to update signatures. New Signature Version: Previous Signature Version: 1.123.403.0 Update Source: Microsoft Malware Protection Center Update Stage: Search Source Path: http://go.microsoft.com/fwlink/?Lin...3.0&prod=EDB4FA23-53B8-4AFA-8C5D-99752CCA7094 Signature Type: AntiVirus Update Type: Full User: Harveydf-PC\Harveydf Current Engine Version: Previous Engine Version: 1.1.8202.0 Error code: 0x80072ee7 Error description: The server name or address could not be resolved
    4/1/2012 12:56:52 PM, Error: Microsoft Antimalware [2001] - Microsoft Antimalware has encountered an error trying to update signatures. New Signature Version: Previous Signature Version: 1.123.403.0 Update Source: Microsoft Malware Protection Center Update Stage: Search Source Path: http://go.microsoft.com/fwlink/?Lin...3.0&prod=EDB4FA23-53B8-4AFA-8C5D-99752CCA7094 Signature Type: AntiSpyware Update Type: Full User: Harveydf-PC\Harveydf Current Engine Version: Previous Engine Version: 1.1.8202.0 Error code: 0x80072ee7 Error description: The server name or address could not be resolved
    4/1/2012 12:56:52 PM, Error: Microsoft Antimalware [2001] - Microsoft Antimalware has encountered an error trying to update signatures. New Signature Version: Previous Signature Version: 1.123.403.0 Update Source: Microsoft Malware Protection Center Update Stage: Search Source Path: http://go.microsoft.com/fwlink/?Lin...3.0&prod=EDB4FA23-53B8-4AFA-8C5D-99752CCA7094 Signature Type: AntiSpyware Update Type: Full User: Harveydf-PC\Harveydf Current Engine Version: Previous Engine Version: 1.1.8202.0 Error code: 0x80072ee7 Error description: The server name or address could not be resolved
    4/1/2012 11:59:47 AM, Error: Microsoft Antimalware [2001] - Microsoft Antimalware has encountered an error trying to update signatures. New Signature Version: Previous Signature Version: 1.123.403.0 Update Source: Microsoft Update Server Update Stage: Search Source Path: http://www.microsoft.com Signature Type: AntiVirus Update Type: Full User: NT AUTHORITY\SYSTEM Current Engine Version: Previous Engine Version: 1.1.8202.0 Error code: 0x8024402c Error description: An unexpected problem occurred while checking for updates. For information on installing or troubleshooting updates, see Help and Support.
    4/1/2012 11:59:47 AM, Error: Microsoft Antimalware [2001] - Microsoft Antimalware has encountered an error trying to update signatures. New Signature Version: Previous Signature Version: 1.123.403.0 Update Source: Microsoft Malware Protection Center Update Stage: Search Source Path: http://go.microsoft.com/fwlink/?Lin...0.0&prod=EDB4FA23-53B8-4AFA-8C5D-99752CCA7094 Signature Type: AntiVirus Update Type: Full User: NT AUTHORITY\NETWORK SERVICE Current Engine Version: Previous Engine Version: 1.1.8202.0 Error code: 0x80072ee7 Error description: The server name or address could not be resolved
    4/1/2012 11:59:47 AM, Error: Microsoft Antimalware [2001] - Microsoft Antimalware has encountered an error trying to update signatures. New Signature Version: Previous Signature Version: 1.123.403.0 Update Source: Microsoft Malware Protection Center Update Stage: Search Source Path: http://go.microsoft.com/fwlink/?Lin...0.0&prod=EDB4FA23-53B8-4AFA-8C5D-99752CCA7094 Signature Type: AntiVirus Update Type: Full User: NT AUTHORITY\NETWORK SERVICE Current Engine Version: Previous Engine Version: 1.1.8202.0 Error code: 0x80072ee7 Error description: The server name or address could not be resolved
    4/1/2012 11:59:47 AM, Error: Microsoft Antimalware [2001] - Microsoft Antimalware has encountered an error trying to update signatures. New Signature Version: Previous Signature Version: 1.123.403.0 Update Source: Microsoft Malware Protection Center Update Stage: Search Source Path: http://go.microsoft.com/fwlink/?Lin...0.0&prod=EDB4FA23-53B8-4AFA-8C5D-99752CCA7094 Signature Type: AntiSpyware Update Type: Full User: NT AUTHORITY\NETWORK SERVICE Current Engine Version: Previous Engine Version: 1.1.8202.0 Error code: 0x80072ee7 Error description: The server name or address could not be resolved
    4/1/2012 11:59:47 AM, Error: Microsoft Antimalware [2001] - Microsoft Antimalware has encountered an error trying to update signatures. New Signature Version: Previous Signature Version: 1.123.403.0 Update Source: Microsoft Malware Protection Center Update Stage: Search Source Path: http://go.microsoft.com/fwlink/?Lin...0.0&prod=EDB4FA23-53B8-4AFA-8C5D-99752CCA7094 Signature Type: AntiSpyware Update Type: Full User: NT AUTHORITY\NETWORK SERVICE Current Engine Version: Previous Engine Version: 1.1.8202.0 Error code: 0x80072ee7 Error description: The server name or address could not be resolved
    4/1/2012 11:59:47 AM, Error: Microsoft Antimalware [2001] - Microsoft Antimalware has encountered an error trying to update signatures. New Signature Version: Previous Signature Version: 1.123.403.0 Update Source: Microsoft Malware Protection Center Update Stage: Search Source Path: http://go.microsoft.com/fwlink/?Lin...3.0&prod=EDB4FA23-53B8-4AFA-8C5D-99752CCA7094 Signature Type: AntiVirus Update Type: Full User: NT AUTHORITY\NETWORK SERVICE Current Engine Version: Previous Engine Version: 1.1.8202.0 Error code: 0x80072ee7 Error description: The server name or address could not be resolved
    4/1/2012 11:59:47 AM, Error: Microsoft Antimalware [2001] - Microsoft Antimalware has encountered an error trying to update signatures. New Signature Version: Previous Signature Version: 1.123.403.0 Update Source: Microsoft Malware Protection Center Update Stage: Search Source Path: http://go.microsoft.com/fwlink/?Lin...3.0&prod=EDB4FA23-53B8-4AFA-8C5D-99752CCA7094 Signature Type: AntiVirus Update Type: Full User: NT AUTHORITY\NETWORK SERVICE Current Engine Version: Previous Engine Version: 1.1.8202.0 Error code: 0x80072ee7 Error description: The server name or address could not be resolved
    4/1/2012 11:59:47 AM, Error: Microsoft Antimalware [2001] - Microsoft Antimalware has encountered an error trying to update signatures. New Signature Version: Previous Signature Version: 1.123.403.0 Update Source: Microsoft Malware Protection Center Update Stage: Search Source Path: http://go.microsoft.com/fwlink/?Lin...3.0&prod=EDB4FA23-53B8-4AFA-8C5D-99752CCA7094 Signature Type: AntiSpyware Update Type: Full User: NT AUTHORITY\NETWORK SERVICE Current Engine Version: Previous Engine Version: 1.1.8202.0 Error code: 0x80072ee7 Error description: The server name or address could not be resolved
    4/1/2012 11:59:47 AM, Error: Microsoft Antimalware [2001] - Microsoft Antimalware has encountered an error trying to update signatures. New Signature Version: Previous Signature Version: 1.123.403.0 Update Source: Microsoft Malware Protection Center Update Stage: Search Source Path: http://go.microsoft.com/fwlink/?Lin...3.0&prod=EDB4FA23-53B8-4AFA-8C5D-99752CCA7094 Signature Type: AntiSpyware Update Type: Full User: NT AUTHORITY\NETWORK SERVICE Current Engine Version: Previous Engine Version: 1.1.8202.0 Error code: 0x80072ee7 Error description: The server name or address could not be resolved
    4/1/2012 11:51:55 AM, Error: Service Control Manager [7009] - A timeout was reached (30000 milliseconds) while waiting for the Google Update Service (gupdate) service to connect.
    4/1/2012 11:51:55 AM, Error: Service Control Manager [7000] - The Google Update Service (gupdate) service failed to start due to the following error: The service did not respond to the start or control request in a timely fashion.
    4/1/2012 1:59:25 PM, Error: Microsoft Antimalware [3002] - Microsoft Antimalware Real-Time Protection feature has encountered an error and failed. Feature: Behavior Monitoring Error Code: 0x80004005 Error description: Unspecified error Reason: The filter driver requires an up-to-date engine in order to function. You must install the latest definition updates in order to enable real-time protection.
    4/1/2012 1:57:06 PM, Error: Microsoft Antimalware [2001] - Microsoft Antimalware has encountered an error trying to update signatures. New Signature Version: Previous Signature Version: 1.123.403.0 Update Source: Microsoft Update Server Update Stage: Search Source Path: Default URL Signature Type: AntiVirus Update Type: Full User: NT AUTHORITY\SYSTEM Current Engine Version: Previous Engine Version: 1.1.8202.0 Error code: 0x8007043c Error description: This service cannot be started in Safe Mode
    4/1/2012 1:57:06 PM, Error: Microsoft Antimalware [2001] - Microsoft Antimalware has encountered an error trying to update signatures. New Signature Version: Previous Signature Version: 1.123.403.0 Update Source: Microsoft Malware Protection Center Update Stage: Search Source Path: http://go.microsoft.com/fwlink/?Lin...0.0&prod=EDB4FA23-53B8-4AFA-8C5D-99752CCA7094 Signature Type: AntiVirus Update Type: Full User: NT AUTHORITY\NETWORK SERVICE Current Engine Version: Previous Engine Version: 1.1.8202.0 Error code: 0x80072ee7 Error description: The server name or address could not be resolved
    4/1/2012 1:57:06 PM, Error: Microsoft Antimalware [2001] - Microsoft Antimalware has encountered an error trying to update signatures. New Signature Version: Previous Signature Version: 1.123.403.0 Update Source: Microsoft Malware Protection Center Update Stage: Search Source Path: http://go.microsoft.com/fwlink/?Lin...0.0&prod=EDB4FA23-53B8-4AFA-8C5D-99752CCA7094 Signature Type: AntiVirus Update Type: Full User: NT AUTHORITY\NETWORK SERVICE Current Engine Version: Previous Engine Version: 1.1.8202.0 Error code: 0x80072ee7 Error description: The server name or address could not be resolved
    4/1/2012 1:57:06 PM, Error: Microsoft Antimalware [2001] - Microsoft Antimalware has encountered an error trying to update signatures. New Signature Version: Previous Signature Version: 1.123.403.0 Update Source: Microsoft Malware Protection Center Update Stage: Search Source Path: http://go.microsoft.com/fwlink/?Lin...0.0&prod=EDB4FA23-53B8-4AFA-8C5D-99752CCA7094 Signature Type: AntiSpyware Update Type: Full User: NT AUTHORITY\NETWORK SERVICE Current Engine Version: Previous Engine Version: 1.1.8202.0 Error code: 0x80072ee7 Error description: The server name or address could not be resolved
     
  3. harveydf

    harveydf TS Rookie Topic Starter Posts: 69

    Page 3
    4/1/2012 1:57:06 PM, Error: Microsoft Antimalware [2001] - Microsoft Antimalware has encountered an error trying to update signatures. New Signature Version: Previous Signature Version: 1.123.403.0 Update Source: Microsoft Malware Protection Center Update Stage: Search Source Path: http://go.microsoft.com/fwlink/?Lin...0.0&prod=EDB4FA23-53B8-4AFA-8C5D-99752CCA7094 Signature Type: AntiVirus Update Type: Full User: NT AUTHORITY\NETWORK SERVICE Current Engine Version: Previous Engine Version: 1.1.8202.0 Error code: 0x80072ee7 Error description: The server name or address could not be resolved
    4/1/2012 1:57:06 PM, Error: Microsoft Antimalware [2001] - Microsoft Antimalware has encountered an error trying to update signatures. New Signature Version: Previous Signature Version: 1.123.403.0 Update Source: Microsoft Malware Protection Center Update Stage: Search Source Path: http://go.microsoft.com/fwlink/?Lin...0.0&prod=EDB4FA23-53B8-4AFA-8C5D-99752CCA7094 Signature Type: AntiVirus Update Type: Full User: NT AUTHORITY\NETWORK SERVICE Current Engine Version: Previous Engine Version: 1.1.8202.0 Error code: 0x80072ee7 Error description: The server name or address could not be resolved
    4/1/2012 1:57:06 PM, Error: Microsoft Antimalware [2001] - Microsoft Antimalware has encountered an error trying to update signatures. New Signature Version: Previous Signature Version: 1.123.403.0 Update Source: Microsoft Malware Protection Center Update Stage: Search Source Path: http://go.microsoft.com/fwlink/?Lin...0.0&prod=EDB4FA23-53B8-4AFA-8C5D-99752CCA7094 Signature Type: AntiSpyware Update Type: Full User: NT AUTHORITY\NETWORK SERVICE Current Engine Version: Previous Engine Version: 1.1.8202.0 Error code: 0x80072ee7 Error description: The server name or address could not be resolved
    4/1/2012 1:57:06 PM, Error: Microsoft Antimalware [2001] - Microsoft Antimalware has encountered an error trying to update signatures. New Signature Version: Previous Signature Version: 1.123.403.0 Update Source: Microsoft Malware Protection Center Update Stage: Search Source Path: http://go.microsoft.com/fwlink/?Lin...0.0&prod=EDB4FA23-53B8-4AFA-8C5D-99752CCA7094 Signature Type: AntiSpyware Update Type: Full User: NT AUTHORITY\NETWORK SERVICE Current Engine Version: Previous Engine Version: 1.1.8202.0 Error code: 0x80072ee7 Error description: The server name or address could not be resolved
    4/1/2012 1:57:06 PM, Error: Microsoft Antimalware [2001] - Microsoft Antimalware has encountered an error trying to update signatures. New Signature Version: Previous Signature Version: 1.123.403.0 Update Source: Microsoft Malware Protection Center Update Stage: Search Source Path: http://go.microsoft.com/fwlink/?Lin...3.0&prod=EDB4FA23-53B8-4AFA-8C5D-99752CCA7094 Signature Type: AntiVirus Update Type: Full User: NT AUTHORITY\NETWORK SERVICE Current Engine Version: Previous Engine Version: 1.1.8202.0 Error code: 0x80072ee7 Error description: The server name or address could not be resolved
    4/1/2012 1:57:06 PM, Error: Microsoft Antimalware [2001] - Microsoft Antimalware has encountered an error trying to update signatures. New Signature Version: Previous Signature Version: 1.123.403.0 Update Source: Microsoft Malware Protection Center Update Stage: Search Source Path: http://go.microsoft.com/fwlink/?Lin...3.0&prod=EDB4FA23-53B8-4AFA-8C5D-99752CCA7094 Signature Type: AntiVirus Update Type: Full User: NT AUTHORITY\NETWORK SERVICE Current Engine Version: Previous Engine Version: 1.1.8202.0 Error code: 0x80072ee7 Error description: The server name or address could not be resolved
    4/1/2012 1:57:06 PM, Error: Microsoft Antimalware [2001] - Microsoft Antimalware has encountered an error trying to update signatures. New Signature Version: Previous Signature Version: 1.123.403.0 Update Source: Microsoft Malware Protection Center Update Stage: Search Source Path: http://go.microsoft.com/fwlink/?Lin...3.0&prod=EDB4FA23-53B8-4AFA-8C5D-99752CCA7094 Signature Type: AntiSpyware Update Type: Full User: NT AUTHORITY\NETWORK SERVICE Current Engine Version: Previous Engine Version: 1.1.8202.0 Error code: 0x80072ee7 Error description: The server name or address could not be resolved
    4/1/2012 1:57:06 PM, Error: Microsoft Antimalware [2001] - Microsoft Antimalware has encountered an error trying to update signatures. New Signature Version: Previous Signature Version: 1.123.403.0 Update Source: Microsoft Malware Protection Center Update Stage: Search Source Path: http://go.microsoft.com/fwlink/?Lin...3.0&prod=EDB4FA23-53B8-4AFA-8C5D-99752CCA7094 Signature Type: AntiSpyware Update Type: Full User: NT AUTHORITY\NETWORK SERVICE Current Engine Version: Previous Engine Version: 1.1.8202.0 Error code: 0x80072ee7 Error description: The server name or address could not be resolved
    4/1/2012 1:54:05 PM, Error: Service Control Manager [7001] - The Network List Service service depends on the Network Location Awareness service which failed to start because of the following error: The dependency service or group failed to start.
    4/1/2012 1:51:51 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service WSearch with arguments "" in order to run the server: {7D096C5F-AC08-4F1F-BEB7-5C22C517CE39}
    4/1/2012 1:48:28 PM, Error: Service Control Manager [7001] - The Workstation service depends on the Network Store Interface Service service which failed to start because of the following error: The dependency service or group failed to start.
    4/1/2012 1:48:28 PM, Error: Service Control Manager [7001] - The WebDav Client Redirector Driver service depends on the Redirected Buffering Sub Sysytem service which failed to start because of the following error: A device attached to the system is not functioning.
    4/1/2012 1:48:28 PM, Error: Service Control Manager [7001] - The WebClient service depends on the WebDav Client Redirector Driver service which failed to start because of the following error: The dependency service or group failed to start.
    4/1/2012 1:48:28 PM, Error: Service Control Manager [7001] - The TCP/IP Registry Compatibility service depends on the TCP/IP Protocol Driver service which failed to start because of the following error: A device attached to the system is not functioning.
    4/1/2012 1:48:28 PM, Error: Service Control Manager [7001] - The TCP/IP NetBIOS Helper service depends on the Ancilliary Function Driver for Winsock service which failed to start because of the following error: A device attached to the system is not functioning.
    4/1/2012 1:48:28 PM, Error: Service Control Manager [7001] - The SMB MiniRedirector Wrapper and Engine service depends on the Redirected Buffering Sub Sysytem service which failed to start because of the following error: A device attached to the system is not functioning.
    4/1/2012 1:48:28 PM, Error: Service Control Manager [7001] - The SMB 2.0 MiniRedirector service depends on the SMB MiniRedirector Wrapper and Engine service which failed to start because of the following error: The dependency service or group failed to start.
    4/1/2012 1:48:28 PM, Error: Service Control Manager [7001] - The SMB 1.x MiniRedirector service depends on the SMB MiniRedirector Wrapper and Engine service which failed to start because of the following error: The dependency service or group failed to start.
    4/1/2012 1:48:28 PM, Error: Service Control Manager [7001] - The Network Store Interface Service service depends on the NSI proxy service service which failed to start because of the following error: A device attached to the system is not functioning.
    4/1/2012 1:48:28 PM, Error: Service Control Manager [7001] - The Network Location Awareness service depends on the TCP/IP Protocol Driver service which failed to start because of the following error: A device attached to the system is not functioning.
    4/1/2012 1:48:28 PM, Error: Service Control Manager [7001] - The Network Connections service depends on the Network Store Interface Service service which failed to start because of the following error: The dependency service or group failed to start.
    4/1/2012 1:48:28 PM, Error: Service Control Manager [7001] - The IP Helper service depends on the Network Store Interface Service service which failed to start because of the following error: The dependency service or group failed to start.
    4/1/2012 1:48:28 PM, Error: Service Control Manager [7001] - The DHCP Client service depends on the Ancilliary Function Driver for Winsock service which failed to start because of the following error: A device attached to the system is not functioning.
    4/1/2012 1:47:38 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1068" attempting to start the service netprofm with arguments "" in order to run the server: {A47979D2-C419-11D9-A5B4-001185AD2B89}
    4/1/2012 1:47:38 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1068" attempting to start the service netman with arguments "" in order to run the server: {BA126AD1-2166-11D1-B1D0-00805FC1270E}
    4/1/2012 1:46:53 PM, Error: EventLog [6008] - The previous system shutdown at 2:15:58 PM on 3/27/2012 was unexpected.
    4/1/2012 1:23:55 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1068" attempting to start the service fdPHost with arguments "" in order to run the server: {145B4335-FE2A-4927-A040-7C35AD3180EF}
    4/1/2012 1:18:25 PM, Error: Microsoft Antimalware [2001] - Microsoft Antimalware has encountered an error trying to update signatures. New Signature Version: Previous Signature Version: 1.123.403.0 Update Source: Microsoft Update Server Update Stage: Search Source Path: Default URL Signature Type: AntiVirus Update Type: Full User: NT AUTHORITY\SYSTEM Current Engine Version: Previous Engine Version: 1.1.8202.0 Error code: 0x8007043c Error description: This service cannot be started in Safe Mode
    4/1/2012 1:18:25 PM, Error: Microsoft Antimalware [2001] - Microsoft Antimalware has encountered an error trying to update signatures. New Signature Version: Previous Signature Version: 1.123.403.0 Update Source: Microsoft Malware Protection Center Update Stage: Search Source Path: http://go.microsoft.com/fwlink/?Lin...0.0&prod=EDB4FA23-53B8-4AFA-8C5D-99752CCA7094 Signature Type: AntiVirus Update Type: Full User: NT AUTHORITY\NETWORK SERVICE Current Engine Version: Previous Engine Version: 1.1.8202.0 Error code: 0x80072ee7 Error description: The server name or address could not be resolved
    4/1/2012 1:18:25 PM, Error: Microsoft Antimalware [2001] - Microsoft Antimalware has encountered an error trying to update signatures. New Signature Version: Previous Signature Version: 1.123.403.0 Update Source: Microsoft Malware Protection Center Update Stage: Search Source Path: http://go.microsoft.com/fwlink/?Lin...0.0&prod=EDB4FA23-53B8-4AFA-8C5D-99752CCA7094 Signature Type: AntiVirus Update Type: Full User: NT AUTHORITY\NETWORK SERVICE Current Engine Version: Previous Engine Version: 1.1.8202.0 Error code: 0x80072ee7 Error description: The server name or address could not be resolved
    4/1/2012 1:18:25 PM, Error: Microsoft Antimalware [2001] - Microsoft Antimalware has encountered an error trying to update signatures. New Signature Version: Previous Signature Version: 1.123.403.0 Update Source: Microsoft Malware Protection Center Update Stage: Search Source Path: http://go.microsoft.com/fwlink/?Lin...0.0&prod=EDB4FA23-53B8-4AFA-8C5D-99752CCA7094 Signature Type: AntiSpyware Update Type: Full User: NT AUTHORITY\NETWORK SERVICE Current Engine Version: Previous Engine Version: 1.1.8202.0 Error code: 0x80072ee7 Error description: The server name or address could not be resolved
    4/1/2012 1:18:25 PM, Error: Microsoft Antimalware [2001] - Microsoft Antimalware has encountered an error trying to update signatures. New Signature Version: Previous Signature Version: 1.123.403.0 Update Source: Microsoft Malware Protection Center Update Stage: Search Source Path: http://go.microsoft.com/fwlink/?Lin...0.0&prod=EDB4FA23-53B8-4AFA-8C5D-99752CCA7094 Signature Type: AntiSpyware Update Type: Full User: NT AUTHORITY\NETWORK SERVICE Current Engine Version: Previous Engine Version: 1.1.8202.0 Error code: 0x80072ee7 Error description: The server name or address could not be resolved
    4/1/2012 1:18:25 PM, Error: Microsoft Antimalware [2001] - Microsoft Antimalware has encountered an error trying to update signatures. New Signature Version: Previous Signature Version: 1.123.403.0 Update Source: Microsoft Malware Protection Center Update Stage: Search Source Path: http://go.microsoft.com/fwlink/?Lin...3.0&prod=EDB4FA23-53B8-4AFA-8C5D-99752CCA7094 Signature Type: AntiVirus Update Type: Full User: NT AUTHORITY\NETWORK SERVICE Current Engine Version: Previous Engine Version: 1.1.8202.0 Error code: 0x80072ee7 Error description: The server name or address could not be resolved
    4/1/2012 1:18:25 PM, Error: Microsoft Antimalware [2001] - Microsoft Antimalware has encountered an error trying to update signatures. New Signature Version: Previous Signature Version: 1.123.403.0 Update Source: Microsoft Malware Protection Center Update Stage: Search Source Path: http://go.microsoft.com/fwlink/?Lin...3.0&prod=EDB4FA23-53B8-4AFA-8C5D-99752CCA7094 Signature Type: AntiVirus Update Type: Full User: NT AUTHORITY\NETWORK SERVICE Current Engine Version: Previous Engine Version: 1.1.8202.0 Error code: 0x80072ee7 Error description: The server name or address could not be resolved
    4/1/2012 1:18:25 PM, Error: Microsoft Antimalware [2001] - Microsoft Antimalware has encountered an error trying to update signatures. New Signature Version: Previous Signature Version: 1.123.403.0 Update Source: Microsoft Malware Protection Center Update Stage: Search Source Path: http://go.microsoft.com/fwlink/?Lin...3.0&prod=EDB4FA23-53B8-4AFA-8C5D-99752CCA7094 Signature Type: AntiSpyware Update Type: Full User: NT AUTHORITY\NETWORK SERVICE Current Engine Version: Previous Engine Version: 1.1.8202.0 Error code: 0x80072ee7 Error description: The server name or address could not be resolved
    4/1/2012 1:18:25 PM, Error: Microsoft Antimalware [2001] - Microsoft Antimalware has encountered an error trying to update signatures. New Signature Version: Previous Signature Version: 1.123.403.0 Update Source: Microsoft Malware Protection Center Update Stage: Search Source Path: http://go.microsoft.com/fwlink/?Lin...3.0&prod=EDB4FA23-53B8-4AFA-8C5D-99752CCA7094 Signature Type: AntiSpyware Update Type: Full User: NT AUTHORITY\NETWORK SERVICE Current Engine Version: Previous Engine Version: 1.1.8202.0 Error code: 0x80072ee7 Error description: The server name or address could not be resolved
    4/1/2012 1:18:25 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service wuauserv with arguments "" in order to run the server: {E60687F7-01A1-40AA-86AC-DB1CBF673334}
    4/1/2012 1:09:51 PM, Error: Service Control Manager [7026] - The following boot-start or system-start driver(s) failed to load:
    4/1/2012 1:09:51 PM, Error: Service Control Manager [7001] - The Windows Image Acquisition (WIA) service depends on the Shell Hardware Detection service which failed to start because of the following error: The service cannot be started, either because it is disabled or because it has no enabled devices associated with it.
    4/1/2012 1:09:51 PM, Error: Service Control Manager [7001] - The Computer Browser service depends on the Server service which failed to start because of the following error: The dependency service or group failed to start.
    4/1/2012 1:08:55 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service WSearch with arguments "" in order to run the server: {9E175B6D-F52A-11D8-B9A5-505054503030}
    4/1/2012 1:08:52 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service EventSystem with arguments "" in order to run the server: {1BE1F766-5536-11D1-B726-00C04FB926AF}
    3/27/2012 12:59:59 PM, Error: Service Control Manager [7011] - A timeout (30000 milliseconds) was reached while waiting for a transaction response from the WinHttpAutoProxySvc service.
    3/27/2012 12:59:59 PM, Error: Service Control Manager [7000] - The WinHTTP Web Proxy Auto-Discovery Service service failed to start due to the following error: The service did not respond to the start or control request in a timely fashion.
    3/27/2012 12:40:07 PM, Error: EventLog [6008] - The previous system shutdown at 9:26:36 PM on 3/26/2012 was unexpected.
    3/26/2012 6:27:33 AM, Error: Microsoft-Windows-DistributedCOM [10016] - The application-specific permission settings do not grant Local Activation permission for the COM Server application with CLSID {A47979D2-C419-11D9-A5B4-001185AD2B89} to the user Harveydf-PC\Harveydf SID (S-1-5-21-3010283643-4083402107-944152190-1000) from address LocalHost (Using LRPC). This security permission can be modified using the Component Services administrative tool.
    3/26/2012 5:08:15 AM, Error: Microsoft Antimalware [3002] - Microsoft Antimalware Real-Time Protection feature has encountered an error and failed. Feature: Behavior Monitoring Error Code: 0x80004005 Error description: Unspecified error Reason: The filter driver requires an up-to-date engine in order to function. You must install the latest definition updates in order to enable real-time protection.
    3/26/2012 4:59:04 AM, Error: Microsoft Antimalware [3002] - Microsoft Antimalware Real-Time Protection feature has encountered an error and failed. Feature: Behavior Monitoring Error Code: 0x80004005 Error description: Unspecified error Reason: The filter driver requires an up-to-date engine in order to function. You must install the latest definition updates in order to enable real-time protection.
    3/26/2012 4:58:36 AM, Error: EventLog [6008] - The previous system shutdown at 4:56:39 AM on 3/26/2012 was unexpected.
    3/26/2012 3:08:55 AM, Error: Microsoft Antimalware [3002] - Microsoft Antimalware Real-Time Protection feature has encountered an error and failed. Feature: Behavior Monitoring Error Code: 0x80004005 Error description: Unspecified error Reason: The filter driver requires an up-to-date engine in order to function. You must install the latest definition updates in order to enable real-time protection.
    3/26/2012 2:26:49 AM, Error: EventLog [6008] - The previous system shutdown at 2:23:56 AM on 3/26/2012 was unexpected.
    3/26/2012 2:22:04 AM, Error: EventLog [6008] - The previous system shutdown at 2:19:47 AM on 3/26/2012 was unexpected.
    3/26/2012 12:48:57 PM, Error: Microsoft Antimalware [3002] - Microsoft Antimalware Real-Time Protection feature has encountered an error and failed. Feature: Behavior Monitoring Error Code: 0x80004005 Error description: Unspecified error Reason: The filter driver requires an up-to-date engine in order to function. You must install the latest definition updates in order to enable real-time protection.
    3/26/2012 12:14:07 PM, Error: Microsoft Antimalware [2001] - Microsoft Antimalware has encountered an error trying to update signatures. New Signature Version: Previous Signature Version: 1.123.340.0 Update Source: Microsoft Update Server Update Stage: Search Source Path: Default URL Signature Type: AntiVirus Update Type: Full User: NT AUTHORITY\SYSTEM Current Engine Version: Previous Engine Version: 1.1.8202.0 Error code: 0x8007043c Error description: This service cannot be started in Safe Mode
    3/26/2012 12:00:45 PM, Error: Microsoft Antimalware [2001] - Microsoft Antimalware has encountered an error trying to update signatures. New Signature Version: Previous Signature Version: 1.123.340.0 Update Source: Microsoft Update Server Update Stage: Download Source Path: http://www.microsoft.com Signature Type: AntiVirus Update Type: Full User: NT AUTHORITY\SYSTEM Current Engine Version: Previous Engine Version: 1.1.8202.0 Error code: 0x8024001e Error description: An unexpected problem occurred while checking for updates. For information on installing or troubleshooting updates, see Help and Support.
    3/26/2012 12:00:45 PM, Error: Microsoft Antimalware [2001] - Microsoft Antimalware has encountered an error trying to update signatures. New Signature Version: Previous Signature Version: 1.123.340.0 Update Source: Microsoft Update Server Update Stage: Download Source Path: http://www.microsoft.com Signature Type: AntiVirus Update Type: Full User: NT AUTHORITY\SYSTEM Current Engine Version: Previous Engine Version: 1.1.8202.0 Error code: 0x8024001e Error description: An unexpected problem occurred while checking for updates. For information on installing or troubleshooting updates, see Help and Support.
    3/26/2012 11:49:28 AM, Error: Microsoft Antimalware [3002] - Microsoft Antimalware Real-Time Protection feature has encountered an error and failed. Feature: Behavior Monitoring Error Code: 0x80004005 Error description: Unspecified error Reason: The filter driver requires an up-to-date engine in order to function. You must install the latest definition updates in order to enable real-time protection.
    3/26/2012 11:33:46 AM, Error: EventLog [6008] - The previous system shutdown at 11:22:41 AM on 3/26/2012 was unexpected.
    3/25/2012 9:37:09 PM, Error: Service Control Manager [7011] - A timeout (30000 milliseconds) was reached while waiting for a transaction response from the service.
    3/25/2012 9:07:51 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1068" attempting to start the service stisvc with arguments "" in order to run the server: {A1F4E726-8CF1-11D1-BF92-0060081ED811}
    3/25/2012 7:01:00 PM, Error: PCTCore [280] - The item store is corrupted: @5466.
    3/25/2012 1:11:16 AM, Error: PCTCore [280] - The item store is corrupted: @5512.
    .
    ==== End Of File ===========================
     
  4. Broni

    Broni Malware Annihilator Posts: 52,915   +344

    Please, observe following rules:
    • Read all of my instructions very carefully. Your mistakes during cleaning process may have very serious consequences, like unbootable computer.
    • If you're stuck, or you're not sure about certain step, always ask before doing anything else.
    • Please refrain from running tools or applying updates other than those I suggest.
    • Never run more than one scan at a time.
    • Keep updating me regarding your computer behavior, good, or bad.
    • The cleaning process, once started, has to be completed. Even if your computer appears to act better, it may still be infected. Once the computer is totally clean, I'll certainly let you know.
    • If you leave the topic without explanation in the middle of a cleaning process, you may not be eligible to receive any more help in malware removal forum.
    • I close my topics if you have not replied in 5 days. If you need more time, simply let me know. If I closed your topic and you need it to be reopened, simply PM me.

    =====================================================================

    Download TDSSKiller and save it to your desktop.
    • Extract (unzip) its contents to your desktop.
    • Open the TDSSKiller folder and doubleclick on TDSSKiller.exe to run the application, then on Start Scan.
    • If an infected file is detected, the default action will be Cure, click on Continue.
    • If a suspicious file is detected, the default action will be Skip, click on Continue.
    • It may ask you to reboot the computer to complete the process. Click on Reboot Now.
    • If no reboot is require, click on Report. A log file should appear. Please copy and paste the contents of that file here.
    • If a reboot is required, the report can also be found in your root directory (usually C:\ folder) in the form of TDSSKiller_xxxx_log.txt. Please copy and paste the contents of that file here.
     
  5. harveydf

    harveydf TS Rookie Topic Starter Posts: 69

    Page 1
    20:59:18.0761 1580 TDSS rootkit removing tool 2.7.23.0 Mar 26 2012 13:40:18
    20:59:18.0786 1580 ============================================================
    20:59:18.0786 1580 Current date / time: 2012/04/01 20:59:18.0786
    20:59:18.0786 1580 SystemInfo:
    20:59:18.0786 1580
    20:59:18.0786 1580 OS Version: 6.0.6002 ServicePack: 2.0
    20:59:18.0786 1580 Product type: Workstation
    20:59:18.0786 1580 ComputerName: HARVEYDF-PC
    20:59:18.0786 1580 UserName: Harveydf
    20:59:18.0786 1580 Windows directory: C:\Windows
    20:59:18.0786 1580 System windows directory: C:\Windows
    20:59:18.0786 1580 Processor architecture: Intel x86
    20:59:18.0786 1580 Number of processors: 4
    20:59:18.0786 1580 Page size: 0x1000
    20:59:18.0786 1580 Boot type: Normal boot
    20:59:18.0786 1580 ============================================================
    20:59:19.0314 1580 Drive \Device\Harddisk0\DR0 - Size: 0x7470C06000 (465.76 Gb), SectorSize: 0x200, Cylinders: 0xED81, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000050
    20:59:19.0332 1580 \Device\Harddisk0\DR0:
    20:59:19.0333 1580 MBR used
    20:59:19.0333 1580 \Device\Harddisk0\DR0\Partition0: MBR, Type 0x7, StartLBA 0x3F, BlocksNum 0x160FD61
    20:59:19.0333 1580 \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x160FDA0, BlocksNum 0x28884A88
    20:59:19.0333 1580 \Device\Harddisk0\DR0\Partition2: MBR, Type 0x7, StartLBA 0x29EC6386, BlocksNum 0x30D3CB3
    20:59:19.0449 1580 Initialize success
    20:59:19.0449 1580 ============================================================
    20:59:21.0089 3672 ============================================================
    20:59:21.0089 3672 Scan started
    20:59:21.0089 3672 Mode: Manual;
    20:59:21.0089 3672 ============================================================
    20:59:21.0553 3672 6594252drv (d45d320418ad6c36cefb59c34540257a) C:\Windows\system32\DRIVERS\6594252drv.sys
    20:59:21.0556 3672 6594252drv - ok
    20:59:21.0576 3672 ac97intc (4b56caafed0b0b996341d74ce0e76565) C:\Windows\system32\drivers\ac97intc.sys
    20:59:21.0610 3672 ac97intc - ok
    20:59:21.0640 3672 ACPI (82b296ae1892fe3dbee00c9cf92f8ac7) C:\Windows\system32\drivers\acpi.sys
    20:59:21.0642 3672 ACPI - ok
    20:59:21.0665 3672 adfs (73685e15ef8b0bd9c30f1af413f13d49) C:\Windows\system32\drivers\adfs.sys
    20:59:21.0665 3672 adfs - ok
    20:59:21.0772 3672 Adobe Version Cue CS4 (9444a3530c2e88b7ed96a566ff9ccc13) C:\Program Files\Common Files\Adobe\Adobe Version Cue CS4\Server\bin\VersionCueCS4.exe
    20:59:21.0777 3672 Adobe Version Cue CS4 - ok
    20:59:21.0801 3672 adp94xx (2edc5bbac6c651ece337bde8ed97c9fb) C:\Windows\system32\drivers\adp94xx.sys
    20:59:21.0804 3672 adp94xx - ok
    20:59:21.0824 3672 adpahci (b84088ca3cdca97da44a984c6ce1ccad) C:\Windows\system32\drivers\adpahci.sys
    20:59:21.0826 3672 adpahci - ok
    20:59:21.0844 3672 adpu160m (7880c67bccc27c86fd05aa2afb5ea469) C:\Windows\system32\drivers\adpu160m.sys
    20:59:21.0845 3672 adpu160m - ok
    20:59:21.0861 3672 adpu320 (9ae713f8e30efc2abccd84904333df4d) C:\Windows\system32\drivers\adpu320.sys
    20:59:21.0863 3672 adpu320 - ok
    20:59:21.0892 3672 AeLookupSvc (9d1fda9e086ba64e3c93c9de32461bcf) C:\Windows\System32\aelupsvc.dll
    20:59:21.0892 3672 AeLookupSvc - ok
    20:59:21.0916 3672 AFD (3911b972b55fea0478476b2e777b29fa) C:\Windows\system32\drivers\afd.sys
    20:59:21.0918 3672 AFD - ok
    20:59:21.0937 3672 agp440 (ef23439cdd587f64c2c1b8825cead7d8) C:\Windows\system32\drivers\agp440.sys
    20:59:21.0938 3672 agp440 - ok
    20:59:21.0956 3672 aic78xx (ae1fdf7bf7bb6c6a70f67699d880592a) C:\Windows\system32\drivers\djsvs.sys
    20:59:21.0957 3672 aic78xx - ok
    20:59:21.0988 3672 ALG (a1545b731579895d8cc44fc0481c1192) C:\Windows\System32\alg.exe
    20:59:21.0989 3672 ALG - ok
    20:59:22.0007 3672 aliide (90395b64600ebb4552e26e178c94b2e4) C:\Windows\system32\drivers\aliide.sys
    20:59:22.0007 3672 aliide - ok
    20:59:22.0057 3672 ALSysIO - ok
    20:59:22.0086 3672 AMD External Events Utility (cde41d99db840ff9454fc981ebd0ec50) C:\Windows\system32\atiesrxx.exe
    20:59:22.0088 3672 AMD External Events Utility - ok
    20:59:22.0097 3672 amdagp (2b13e304c9dfdfa5eb582f6a149fa2c7) C:\Windows\system32\drivers\amdagp.sys
    20:59:22.0098 3672 amdagp - ok
    20:59:22.0126 3672 amdide (0577df1d323fe75a739c787893d300ea) C:\Windows\system32\drivers\amdide.sys
    20:59:22.0127 3672 amdide - ok
    20:59:22.0140 3672 AmdK7 (dc487885bcef9f28eece6fac0e5ddfc5) C:\Windows\system32\drivers\amdk7.sys
    20:59:22.0161 3672 AmdK7 - ok
    20:59:22.0177 3672 AmdK8 (0ca0071da4315b00fc1328ca86b425da) C:\Windows\system32\drivers\amdk8.sys
    20:59:22.0201 3672 AmdK8 - ok
    20:59:22.0453 3672 amdkmdag (ffd082f1f1d4ff5c87f66df62486bcfa) C:\Windows\system32\DRIVERS\atikmdag.sys
    20:59:22.0514 3672 amdkmdag - ok
    20:59:22.0554 3672 amdkmdap (c541da5b72fa638469e8dc1e66079330) C:\Windows\system32\DRIVERS\atikmpag.sys
    20:59:22.0556 3672 amdkmdap - ok
    20:59:22.0586 3672 AOL ACS - ok
    20:59:22.0610 3672 Appinfo (c6d704c7f0434dc791aac37cac4b6e14) C:\Windows\System32\appinfo.dll
    20:59:22.0611 3672 Appinfo - ok
    20:59:22.0632 3672 arc (5f673180268bb1fdb69c99b6619fe379) C:\Windows\system32\drivers\arc.sys
    20:59:22.0633 3672 arc - ok
    20:59:22.0652 3672 arcsas (957f7540b5e7f602e44648c7de5a1c05) C:\Windows\system32\drivers\arcsas.sys
    20:59:22.0653 3672 arcsas - ok
    20:59:22.0702 3672 aspnet_state (776acefa0ca9df0faa51a5fb2f435705) C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_state.exe
    20:59:22.0702 3672 aspnet_state - ok
    20:59:22.0729 3672 AsyncMac (53b202abee6455406254444303e87be1) C:\Windows\system32\DRIVERS\asyncmac.sys
    20:59:22.0744 3672 AsyncMac - ok
    20:59:22.0772 3672 atapi (1f05b78ab91c9075565a9d8a4b880bc4) C:\Windows\system32\drivers\atapi.sys
    20:59:22.0773 3672 atapi - ok
    20:59:22.0810 3672 AtiHDAudioService (9f7ccf1d6faf646f71f029a30ded2dc7) C:\Windows\system32\drivers\AtihdLH3.sys
    20:59:22.0811 3672 AtiHDAudioService - ok
    20:59:23.0034 3672 atikmdag (ffd082f1f1d4ff5c87f66df62486bcfa) C:\Windows\system32\DRIVERS\atikmdag.sys
    20:59:23.0095 3672 atikmdag - ok
    20:59:23.0144 3672 AudioEndpointBuilder (68e2a1a0407a66cf50da0300852424ab) C:\Windows\System32\Audiosrv.dll
    20:59:23.0147 3672 AudioEndpointBuilder - ok
    20:59:23.0161 3672 Audiosrv (68e2a1a0407a66cf50da0300852424ab) C:\Windows\System32\Audiosrv.dll
    20:59:23.0163 3672 Audiosrv - ok
    20:59:23.0195 3672 bcm4sbxp (08015d34f6fdd0b355805bad978497c3) C:\Windows\system32\DRIVERS\bcm4sbxp.sys
    20:59:23.0215 3672 bcm4sbxp - ok
    20:59:23.0264 3672 Beep (67e506b75bd5326a3ec7b70bd014dfb6) C:\Windows\system32\drivers\Beep.sys
    20:59:23.0265 3672 Beep - ok
    20:59:23.0296 3672 BFE (c789af0f724fda5852fb9a7d3a432381) C:\Windows\System32\bfe.dll
    20:59:23.0299 3672 BFE - ok
    20:59:23.0350 3672 BITS (93952506c6d67330367f7e7934b6a02f) C:\Windows\system32\qmgr.dll
    20:59:23.0358 3672 BITS - ok
    20:59:23.0365 3672 blbdrive - ok
    20:59:23.0449 3672 Bonjour Service (f2060a34c8a75bc24a9222eb4f8c07bd) C:\Program Files\Bonjour\mDNSResponder.exe
    20:59:23.0452 3672 Bonjour Service - ok
    20:59:23.0481 3672 bowser (35f376253f687bde63976ccb3f2108ca) C:\Windows\system32\DRIVERS\bowser.sys
    20:59:23.0482 3672 bowser - ok
    20:59:23.0500 3672 BrFiltLo (9f9acc7f7ccde8a15c282d3f88b43309) C:\Windows\system32\drivers\brfiltlo.sys
    20:59:23.0512 3672 BrFiltLo - ok
    20:59:23.0542 3672 BrFiltUp (56801ad62213a41f6497f96dee83755a) C:\Windows\system32\drivers\brfiltup.sys
    20:59:23.0554 3672 BrFiltUp - ok
    20:59:23.0594 3672 Browser (a3629a0c4226f9e9c72faaeebc3ad33c) C:\Windows\System32\browser.dll
    20:59:23.0595 3672 Browser - ok
    20:59:23.0616 3672 Brserid (b304e75cff293029eddf094246747113) C:\Windows\system32\drivers\brserid.sys
    20:59:23.0643 3672 Brserid - ok
    20:59:23.0654 3672 BrSerWdm (203f0b1e73adadbbb7b7b1fabd901f6b) C:\Windows\system32\drivers\brserwdm.sys
    20:59:23.0679 3672 BrSerWdm - ok
    20:59:23.0695 3672 BrUsbMdm (bd456606156ba17e60a04e18016ae54b) C:\Windows\system32\drivers\brusbmdm.sys
    20:59:23.0707 3672 BrUsbMdm - ok
    20:59:23.0720 3672 BrUsbSer (af72ed54503f717a43268b3cc5faec2e) C:\Windows\system32\drivers\brusbser.sys
    20:59:23.0731 3672 BrUsbSer - ok
    20:59:23.0749 3672 BTHMODEM (ad07c1ec6665b8b35741ab91200c6b68) C:\Windows\system32\drivers\bthmodem.sys
    20:59:23.0769 3672 BTHMODEM - ok
    20:59:23.0829 3672 cdfs (7add03e75beb9e6dd102c3081d29840a) C:\Windows\system32\DRIVERS\cdfs.sys
    20:59:23.0830 3672 cdfs - ok
    20:59:23.0854 3672 cdrom (6b4bffb9becd728097024276430db314) C:\Windows\system32\DRIVERS\cdrom.sys
    20:59:23.0855 3672 cdrom - ok
    20:59:23.0881 3672 CertPropSvc (312ec3e37a0a1f2006534913e37b4423) C:\Windows\System32\certprop.dll
    20:59:23.0882 3672 CertPropSvc - ok
    20:59:23.0895 3672 circlass (da8e0afc7baa226c538ef53ac2f90897) C:\Windows\system32\drivers\circlass.sys
    20:59:23.0916 3672 circlass - ok
    20:59:23.0943 3672 CLFS (d7659d3b5b92c31e84e53c1431f35132) C:\Windows\system32\CLFS.sys
    20:59:23.0946 3672 CLFS - ok
    20:59:23.0998 3672 clr_optimization_v2.0.50727_32 (8ee772032e2fe80a924f3b8dd5082194) C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
    20:59:23.0999 3672 clr_optimization_v2.0.50727_32 - ok
    20:59:24.0039 3672 clr_optimization_v4.0.30319_32 (c5a75eb48e2344abdc162bda79e16841) C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
    20:59:24.0040 3672 clr_optimization_v4.0.30319_32 - ok
    20:59:24.0055 3672 CmBatt (0fed59edb4a83ff17f1778827b88ab1a) C:\Windows\system32\DRIVERS\CmBatt.sys
    20:59:24.0067 3672 CmBatt - ok
    20:59:24.0078 3672 cmdide (45201046c776ffdaf3fc8a0029c581c8) C:\Windows\system32\drivers\cmdide.sys
    20:59:24.0079 3672 cmdide - ok
    20:59:24.0105 3672 Compbatt (6afef0b60fa25de07c0968983ee4f60a) C:\Windows\system32\DRIVERS\compbatt.sys
    20:59:24.0105 3672 Compbatt - ok
    20:59:24.0112 3672 COMSysApp - ok
    20:59:24.0139 3672 cpuz135 (c2eb4539a4f6ab6edd01bdc191619975) C:\Windows\system32\drivers\cpuz135_x32.sys
    20:59:24.0139 3672 cpuz135 - ok
    20:59:24.0148 3672 crcdisk (2a213ae086bbec5e937553c7d9a2b22c) C:\Windows\system32\drivers\crcdisk.sys
    20:59:24.0149 3672 crcdisk - ok
    20:59:24.0161 3672 Crusoe (22a7f883508176489f559ee745b5bf5d) C:\Windows\system32\drivers\crusoe.sys
    20:59:24.0182 3672 Crusoe - ok
    20:59:24.0198 3672 CryptSvc (fb27772beaf8e1d28ccd825c09da939b) C:\Windows\system32\cryptsvc.dll
    20:59:24.0199 3672 CryptSvc - ok
    20:59:24.0233 3672 DcomLaunch (3b5b4d53fec14f7476ca29a20cc31ac9) C:\Windows\system32\rpcss.dll
    20:59:24.0238 3672 DcomLaunch - ok
    20:59:24.0262 3672 DfsC (622c41a07ca7e6dd91770f50d532cb6c) C:\Windows\system32\Drivers\dfsc.sys
    20:59:24.0263 3672 DfsC - ok
    20:59:24.0329 3672 DFSR (2cc3dcfb533a1035b13dcab6160ab38b) C:\Windows\system32\DFSR.exe
    20:59:24.0342 3672 DFSR - ok
    20:59:24.0368 3672 Dhcp (9028559c132146fb75eb7acf384b086a) C:\Windows\System32\dhcpcsvc.dll
    20:59:24.0370 3672 Dhcp - ok
    20:59:24.0398 3672 disk (5d4aefc3386920236a548271f8f1af6a) C:\Windows\system32\drivers\disk.sys
    20:59:24.0398 3672 disk - ok
    20:59:24.0434 3672 Dnscache (57d762f6f5974af0da2be88a3349baaa) C:\Windows\System32\dnsrslvr.dll
    20:59:24.0435 3672 Dnscache - ok
    20:59:24.0465 3672 dot3svc (324fd74686b1ef5e7c19a8af49e748f6) C:\Windows\System32\dot3svc.dll
    20:59:24.0467 3672 dot3svc - ok
    20:59:24.0495 3672 Dot4 (4f59c172c094e1a1d46463a8dc061cbd) C:\Windows\system32\DRIVERS\Dot4.sys
    20:59:24.0511 3672 Dot4 - ok
    20:59:24.0528 3672 Dot4Print (80bf3ba09f6f2523c8f6b7cc6dbf7bd5) C:\Windows\system32\DRIVERS\Dot4Prt.sys
    20:59:24.0542 3672 Dot4Print - ok
    20:59:24.0572 3672 dot4usb (c55004ca6b419b6695970dfe849b122f) C:\Windows\system32\DRIVERS\dot4usb.sys
    20:59:24.0591 3672 dot4usb - ok
    20:59:24.0607 3672 DPS (a622e888f8aa2f6b49e9bc466f0e5def) C:\Windows\system32\dps.dll
    20:59:24.0609 3672 DPS - ok
    20:59:24.0631 3672 drmkaud (97fef831ab90bee128c9af390e243f80) C:\Windows\system32\drivers\drmkaud.sys
    20:59:24.0632 3672 drmkaud - ok
    20:59:24.0667 3672 DXGKrnl (c68ac676b0ef30cfbb1080adce49eb1f) C:\Windows\System32\drivers\dxgkrnl.sys
    20:59:24.0671 3672 DXGKrnl - ok
    20:59:24.0691 3672 E1G60 (f88fb26547fd2ce6d0a5af2985892c48) C:\Windows\system32\DRIVERS\E1G60I32.sys
    20:59:24.0721 3672 E1G60 - ok
    20:59:24.0743 3672 EapHost (c0b95e40d85cd807d614e264248a45b9) C:\Windows\System32\eapsvc.dll
    20:59:24.0745 3672 EapHost - ok
    20:59:24.0820 3672 Ecache (7f64ea048dcfac7acf8b4d7b4e6fe371) C:\Windows\system32\drivers\ecache.sys
    20:59:24.0822 3672 Ecache - ok
    20:59:24.0855 3672 ehRecvr (9be3744d295a7701eb425332014f0797) C:\Windows\ehome\ehRecvr.exe
    20:59:24.0907 3672 ehRecvr - ok
    20:59:24.0923 3672 ehSched (ad1870c8e5d6dd340c829e6074bf3c3f) C:\Windows\ehome\ehsched.exe
    20:59:24.0955 3672 ehSched - ok
    20:59:24.0967 3672 ehstart (c27c4ee8926e74aa72efcab24c5242c3) C:\Windows\ehome\ehstart.dll
    20:59:24.0984 3672 ehstart - ok
    20:59:25.0002 3672 elxstor (e8f3f21a71720c84bcf423b80028359f) C:\Windows\system32\drivers\elxstor.sys
    20:59:25.0005 3672 elxstor - ok
    20:59:25.0041 3672 EMDMgmt (4e6b23dfc917ea39306b529b773950f4) C:\Windows\system32\emdmgmt.dll
    20:59:25.0046 3672 EMDMgmt - ok
    20:59:25.0075 3672 EventSystem (67058c46504bc12d821f38cf99b7b28f) C:\Windows\system32\es.dll
    20:59:25.0078 3672 EventSystem - ok
    20:59:25.0104 3672 exfat (22b408651f9123527bcee54b4f6c5cae) C:\Windows\system32\drivers\exfat.sys
    20:59:25.0128 3672 exfat - ok
    20:59:25.0156 3672 fastfat (1e9b9a70d332103c52995e957dc09ef8) C:\Windows\system32\drivers\fastfat.sys
    20:59:25.0181 3672 fastfat - ok
    20:59:25.0198 3672 fdc (63bdada84951b9c03e641800e176898a) C:\Windows\system32\DRIVERS\fdc.sys
    20:59:25.0217 3672 fdc - ok
    20:59:25.0241 3672 fdPHost (6629b5f0e98151f4afdd87567ea32ba3) C:\Windows\system32\fdPHost.dll
    20:59:25.0242 3672 fdPHost - ok
    20:59:25.0267 3672 FDResPub (89ed56dce8e47af40892778a5bd31fd2) C:\Windows\system32\fdrespub.dll
    20:59:25.0269 3672 FDResPub - ok
    20:59:25.0283 3672 FileInfo (a8c0139a884861e3aae9cfe73b208a9f) C:\Windows\system32\drivers\fileinfo.sys
    20:59:25.0284 3672 FileInfo - ok
    20:59:25.0325 3672 Filetrace (0ae429a696aecbc5970e3cf2c62635ae) C:\Windows\system32\drivers\filetrace.sys
    20:59:25.0343 3672 Filetrace - ok
    20:59:25.0401 3672 FLEXnet Licensing Service (1f63900e2eb00101b9aca2b7a870704e) C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
    20:59:25.0406 3672 FLEXnet Licensing Service - ok
    20:59:25.0419 3672 flpydisk (6603957eff5ec62d25075ea8ac27de68) C:\Windows\system32\DRIVERS\flpydisk.sys
    20:59:25.0434 3672 flpydisk - ok
    20:59:25.0464 3672 FltMgr (01334f9ea68e6877c4ef05d3ea8abb05) C:\Windows\system32\drivers\fltmgr.sys
    20:59:25.0466 3672 FltMgr - ok
    20:59:25.0507 3672 FontCache (8ce364388c8eca59b14b539179276d44) C:\Windows\system32\FntCache.dll
    20:59:25.0513 3672 FontCache - ok
    20:59:25.0545 3672 FontCache3.0.0.0 (c7fbdd1ed42f82bfa35167a5c9803ea3) C:\Windows\Microsoft.Net\Framework\v3.0\WPF\PresentationFontCache.exe
    20:59:25.0545 3672 FontCache3.0.0.0 - ok
    20:59:25.0561 3672 Fs_Rec (65ea8b77b5851854f0c55c43fa51a198) C:\Windows\system32\drivers\Fs_Rec.sys
    20:59:25.0562 3672 Fs_Rec - ok
    20:59:25.0577 3672 gagp30kx (4e1cd0a45c50a8882616cae5bf82f3c5) C:\Windows\system32\drivers\gagp30kx.sys
    20:59:25.0578 3672 gagp30kx - ok
    20:59:25.0634 3672 GameConsoleService (18d33bf4e02a6c243613357d1719d913) C:\Program Files\Gateway Games\Gateway Game Console\GameConsoleService.exe
    20:59:25.0765 3672 GameConsoleService - ok
    20:59:25.0794 3672 GEARAspiWDM (8182ff89c65e4d38b2de4bb0fb18564e) C:\Windows\system32\DRIVERS\GEARAspiWDM.sys
    20:59:25.0795 3672 GEARAspiWDM - ok
    20:59:25.0822 3672 gpsvc (cd5d0aeee35dfd4e986a5aa1500a6e66) C:\Windows\System32\gpsvc.dll
    20:59:25.0827 3672 gpsvc - ok
    20:59:25.0864 3672 gupdate - ok
    20:59:25.0868 3672 gupdatem - ok
    20:59:25.0897 3672 gusvc (cc839e8d766cc31a7710c9f38cf3e375) C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
    20:59:25.0899 3672 gusvc - ok
    20:59:25.0932 3672 HdAudAddService (3f90e001369a07243763bd5a523d8722) C:\Windows\system32\drivers\HdAudio.sys
    20:59:25.0946 3672 HdAudAddService - ok
    20:59:25.0978 3672 HDAudBus (062452b7ffd68c8c042a6261fe8dff4a) C:\Windows\system32\DRIVERS\HDAudBus.sys
    20:59:25.0982 3672 HDAudBus - ok
    20:59:25.0995 3672 HidBth (1338520e78d90154ed6be8f84de5fceb) C:\Windows\system32\drivers\hidbth.sys
    20:59:26.0012 3672 HidBth - ok
    20:59:26.0023 3672 HidIr (ff3160c3a2445128c5a6d9b076da519e) C:\Windows\system32\drivers\hidir.sys
    20:59:26.0038 3672 HidIr - ok
    20:59:26.0076 3672 hidserv (84067081f3318162797385e11a8f0582) C:\Windows\System32\hidserv.dll
    20:59:26.0077 3672 hidserv - ok
    20:59:26.0091 3672 HidUsb (cca4b519b17e23a00b826c55716809cc) C:\Windows\system32\DRIVERS\hidusb.sys
    20:59:26.0092 3672 HidUsb - ok
    20:59:26.0116 3672 hkmsvc (d8ad255b37da92434c26e4876db7d418) C:\Windows\system32\kmsvc.dll
    20:59:26.0118 3672 hkmsvc - ok
    20:59:26.0132 3672 HpCISSs (df353b401001246853763c4b7aaa6f50) C:\Windows\system32\drivers\hpcisss.sys
    20:59:26.0133 3672 HpCISSs - ok
    20:59:26.0176 3672 HSF_DPV (1882827f41dee51c70e24c567c35bfb5) C:\Windows\system32\DRIVERS\HSX_DPV.sys
    20:59:26.0201 3672 HSF_DPV - ok
    20:59:26.0228 3672 HSXHWBS2 (5f60f0ad32d43b9ab9ac9373117d8e54) C:\Windows\system32\DRIVERS\HSXHWBS2.sys
    20:59:26.0250 3672 HSXHWBS2 - ok
    20:59:26.0286 3672 HTTP (f870aa3e254628ebeafe754108d664de) C:\Windows\system32\drivers\HTTP.sys
    20:59:26.0289 3672 HTTP - ok
    20:59:26.0307 3672 i2omp (324c2152ff2c61abae92d09f3cca4d63) C:\Windows\system32\drivers\i2omp.sys
    20:59:26.0308 3672 i2omp - ok
    20:59:26.0336 3672 i8042prt (22d56c8184586b7a1f6fa60be5f5a2bd) C:\Windows\system32\DRIVERS\i8042prt.sys
    20:59:26.0360 3672 i8042prt - ok
    20:59:26.0401 3672 ialm (8318e04a6455ced1020bcc5039b62cfa) C:\Windows\system32\DRIVERS\ialmnt5.sys
    20:59:26.0427 3672 ialm - ok
    20:59:26.0443 3672 iaStorV (c957bf4b5d80b46c5017bf0101e6c906) C:\Windows\system32\drivers\iastorv.sys
    20:59:26.0445 3672 iaStorV - ok
    20:59:26.0496 3672 idsvc (98477b08e61945f974ed9fdc4cb6bdab) C:\Windows\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe
    20:59:26.0521 3672 idsvc - ok
    20:59:26.0537 3672 iirsp (2d077bf86e843f901d8db709c95b49a5) C:\Windows\system32\drivers\iirsp.sys
    20:59:26.0538 3672 iirsp - ok
    20:59:26.0574 3672 IKEEXT (9908d8a397b76cd8d31d0d383c5773c9) C:\Windows\System32\ikeext.dll
    20:59:26.0577 3672 IKEEXT - ok
    20:59:26.0695 3672 IntcAzAudAddService (d4394a481b845cc1df361a85751c071a) C:\Windows\system32\drivers\RTKVHDA.sys
    20:59:26.0720 3672 IntcAzAudAddService - ok
    20:59:26.0732 3672 intelide (97469037714070e45194ed318d636401) C:\Windows\system32\drivers\intelide.sys
    20:59:26.0732 3672 intelide - ok
    20:59:26.0756 3672 intelppm (ce44cc04262f28216dd4341e9e36a16f) C:\Windows\system32\DRIVERS\intelppm.sys
    20:59:26.0779 3672 intelppm - ok
    20:59:26.0875 3672 IntuitUpdateService (3dc635b66dd7412e1c9c3a77b8d78f25) C:\Program Files\Common Files\Intuit\Update Service\IntuitUpdateService.exe
    20:59:26.0875 3672 IntuitUpdateService - ok
    20:59:26.0900 3672 IPBusEnum (9ac218c6e6105477484c6fdbe7d409a4) C:\Windows\system32\ipbusenum.dll
    20:59:26.0902 3672 IPBusEnum - ok
    20:59:26.0938 3672 IpFilterDriver (62c265c38769b864cb25b4bcf62df6c3) C:\Windows\system32\DRIVERS\ipfltdrv.sys
    20:59:26.0964 3672 IpFilterDriver - ok
    20:59:26.0991 3672 iphlpsvc (1998bd97f950680bb55f55a7244679c2) C:\Windows\System32\iphlpsvc.dll
    20:59:26.0993 3672 iphlpsvc - ok
    20:59:27.0001 3672 IpInIp - ok
    20:59:27.0015 3672 IPMIDRV (40f34f8aba2a015d780e4b09138b6c17) C:\Windows\system32\drivers\ipmidrv.sys
    20:59:27.0049 3672 IPMIDRV - ok
    20:59:27.0079 3672 IPNAT (8793643a67b42cec66490b2a0cf92d68) C:\Windows\system32\DRIVERS\ipnat.sys
    20:59:27.0097 3672 IPNAT - ok
    20:59:27.0100 3672 iPod Service - ok
    20:59:27.0128 3672 IRENUM (109c0dfb82c3632fbd11949b73aeeac9) C:\Windows\system32\drivers\irenum.sys
    20:59:27.0143 3672 IRENUM - ok
    20:59:27.0160 3672 isapnp (350fca7e73cf65bcef43fae1e4e91293) C:\Windows\system32\drivers\isapnp.sys
    20:59:27.0162 3672 isapnp - ok
    20:59:27.0196 3672 iScsiPrt (232fa340531d940aac623b121a595034) C:\Windows\system32\DRIVERS\msiscsi.sys
    20:59:27.0197 3672 iScsiPrt - ok
    20:59:27.0216 3672 iteatapi (bced60d16156e428f8df8cf27b0df150) C:\Windows\system32\drivers\iteatapi.sys
    20:59:27.0217 3672 iteatapi - ok
    20:59:27.0236 3672 iteraid (06fa654504a498c30adca8bec4e87e7e) C:\Windows\system32\drivers\iteraid.sys
    20:59:27.0237 3672 iteraid - ok
    20:59:27.0260 3672 kbdclass (37605e0a8cf00cbba538e753e4344c6e) C:\Windows\system32\DRIVERS\kbdclass.sys
    20:59:27.0261 3672 kbdclass - ok
    20:59:27.0282 3672 kbdhid (ede59ec70e25c24581add1fbec7325f7) C:\Windows\system32\DRIVERS\kbdhid.sys
    20:59:27.0283 3672 kbdhid - ok
    20:59:27.0307 3672 KeyIso (a3e186b4b935905b829219502557314e) C:\Windows\system32\lsass.exe
    20:59:27.0308 3672 KeyIso - ok
    20:59:27.0339 3672 KSecDD (2b2f1638466e8cb091400c9019cc730e) C:\Windows\system32\Drivers\ksecdd.sys
    20:59:27.0343 3672 KSecDD - ok
    20:59:27.0367 3672 KtmRm (8078f8f8f7a79e2e6b494523a828c585) C:\Windows\system32\msdtckrm.dll
    20:59:27.0371 3672 KtmRm - ok
    20:59:27.0389 3672 LanmanServer (1bf5eebfd518dd7298434d8c862f825d) C:\Windows\System32\srvsvc.dll
    20:59:27.0392 3672 LanmanServer - ok
    20:59:27.0422 3672 LanmanWorkstation (1db69705b695b987082c8baec0c6b34f) C:\Windows\System32\wkssvc.dll
    20:59:27.0426 3672 LanmanWorkstation - ok
    20:59:27.0466 3672 lltdio (d1c5883087a0c3f1344d9d55a44901f6) C:\Windows\system32\DRIVERS\lltdio.sys
    20:59:27.0467 3672 lltdio - ok
    20:59:27.0495 3672 lltdsvc (2d5a428872f1442631d0959a34abff63) C:\Windows\System32\lltdsvc.dll
    20:59:27.0498 3672 lltdsvc - ok
    20:59:27.0522 3672 lmhosts (35d40113e4a5b961b6ce5c5857702518) C:\Windows\System32\lmhsvc.dll
    20:59:27.0524 3672 lmhosts - ok
    20:59:27.0539 3672 LSI_FC (a2262fb9f28935e862b4db46438c80d2) C:\Windows\system32\drivers\lsi_fc.sys
    20:59:27.0540 3672 LSI_FC - ok
    20:59:27.0557 3672 LSI_SAS (30d73327d390f72a62f32c103daf1d6d) C:\Windows\system32\drivers\lsi_sas.sys
    20:59:27.0558 3672 LSI_SAS - ok
    20:59:27.0577 3672 LSI_SCSI (e1e36fefd45849a95f1ab81de0159fe3) C:\Windows\system32\drivers\lsi_scsi.sys
    20:59:27.0578 3672 LSI_SCSI - ok
    20:59:27.0604 3672 luafv (8f5c7426567798e62a3b3614965d62cc) C:\Windows\system32\drivers\luafv.sys
    20:59:27.0605 3672 luafv - ok
    20:59:27.0638 3672 LUsbFilt (144011d14bd35f4e36136ae057b1aadd) C:\Windows\system32\Drivers\LUsbFilt.Sys
    20:59:27.0639 3672 LUsbFilt - ok
    20:59:27.0673 3672 Mcx2Svc (aef9babb8a506bc4ce0451a64aaded46) C:\Windows\system32\Mcx2Svc.dll
    20:59:27.0675 3672 Mcx2Svc - ok
    20:59:27.0733 3672 MDM (11f714f85530a2bd134074dc30e99fca) C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
    20:59:27.0735 3672 MDM - ok
    20:59:27.0806 3672 mdmxsdk (0cea2d0d3fa284b85ed5b68365114f76) C:\Windows\system32\DRIVERS\mdmxsdk.sys
    20:59:27.0807 3672 mdmxsdk - ok
    20:59:27.0823 3672 megasas (d153b14fc6598eae8422a2037553adce) C:\Windows\system32\drivers\megasas.sys
    20:59:27.0824 3672 megasas - ok
    20:59:27.0891 3672 MJLVASR - ok
    20:59:27.0932 3672 MMCSS (1076ffcffaae8385fd62dfcb25ac4708) C:\Windows\system32\mmcss.dll
    20:59:27.0933 3672 MMCSS - ok
    20:59:27.0948 3672 Modem (e13b5ea0f51ba5b1512ec671393d09ba) C:\Windows\system32\drivers\modem.sys
    20:59:27.0967 3672 Modem - ok
    20:59:27.0996 3672 monitor (0a9bb33b56e294f686abb7c1e4e2d8a8) C:\Windows\system32\DRIVERS\monitor.sys
    20:59:27.0997 3672 monitor - ok
    20:59:28.0011 3672 mouclass (5bf6a1326a335c5298477754a506d263) C:\Windows\system32\DRIVERS\mouclass.sys
    20:59:28.0012 3672 mouclass - ok
    20:59:28.0030 3672 mouhid (93b8d4869e12cfbe663915502900876f) C:\Windows\system32\DRIVERS\mouhid.sys
    20:59:28.0031 3672 mouhid - ok
    20:59:28.0057 3672 MountMgr (bdafc88aa6b92f7842416ea6a48e1600) C:\Windows\system32\drivers\mountmgr.sys
    20:59:28.0058 3672 MountMgr - ok
    20:59:28.0109 3672 MpFilter (fee0baded54222e9f1dae9541212aab1) C:\Windows\system32\DRIVERS\MpFilter.sys
    20:59:28.0111 3672 MpFilter - ok
    20:59:28.0127 3672 mpio (583a41f26278d9e0ea548163d6139397) C:\Windows\system32\drivers\mpio.sys
    20:59:28.0129 3672 mpio - ok
    20:59:28.0147 3672 MpNWMon (2c3489660d4a8d514c123c3f0d67df46) C:\Windows\system32\DRIVERS\MpNWMon.sys
    20:59:28.0148 3672 MpNWMon - ok
    20:59:28.0161 3672 mpsdrv (22241feba9b2defa669c8cb0a8dd7d2e) C:\Windows\system32\drivers\mpsdrv.sys
    20:59:28.0162 3672 mpsdrv - ok
    20:59:28.0191 3672 MpsSvc (5de62c6e9108f14f6794060a9bdecaec) C:\Windows\system32\mpssvc.dll
    20:59:28.0195 3672 MpsSvc - ok
    20:59:28.0211 3672 Mraid35x (4fbbb70d30fd20ec51f80061703b001e) C:\Windows\system32\drivers\mraid35x.sys
    20:59:28.0212 3672 Mraid35x - ok
    20:59:28.0250 3672 MREMP50a64 - ok
    20:59:28.0278 3672 MRxDAV (82cea0395524aacfeb58ba1448e8325c) C:\Windows\system32\drivers\mrxdav.sys
    20:59:28.0280 3672 MRxDAV - ok
    20:59:28.0304 3672 mrxsmb (1e94971c4b446ab2290deb71d01cf0c2) C:\Windows\system32\DRIVERS\mrxsmb.sys
    20:59:28.0305 3672 mrxsmb - ok
    20:59:28.0332 3672 mrxsmb10 (4fccb34d793b116423209c0f8b7a3b03) C:\Windows\system32\DRIVERS\mrxsmb10.sys
    20:59:28.0334 3672 mrxsmb10 - ok
    20:59:28.0342 3672 mrxsmb20 (c3cb1b40ad4a0124d617a1199b0b9d7c) C:\Windows\system32\DRIVERS\mrxsmb20.sys
    20:59:28.0343 3672 mrxsmb20 - ok
    20:59:28.0358 3672 msahci (742aed7939e734c36b7e8d6228ce26b7) C:\Windows\system32\drivers\msahci.sys
    20:59:28.0358 3672 msahci - ok
    20:59:28.0374 3672 msdsm (3fc82a2ae4cc149165a94699183d3028) C:\Windows\system32\drivers\msdsm.sys
    20:59:28.0376 3672 msdsm - ok
    20:59:28.0401 3672 MSDTC (fd7520cc3a80c5fc8c48852bb24c6ded) C:\Windows\System32\msdtc.exe
    20:59:28.0404 3672 MSDTC - ok
    20:59:28.0430 3672 Msfs (a9927f4a46b816c92f461acb90cf8515) C:\Windows\system32\drivers\Msfs.sys
    20:59:28.0431 3672 Msfs - ok
    20:59:28.0445 3672 msisadrv (0f400e306f385c56317357d6dea56f62) C:\Windows\system32\drivers\msisadrv.sys
    20:59:28.0446 3672 msisadrv - ok
    20:59:28.0477 3672 MSiSCSI (85466c0757a23d9a9aecdc0755203cb2) C:\Windows\system32\iscsiexe.dll
    20:59:28.0480 3672 MSiSCSI - ok
    20:59:28.0499 3672 msiserver - ok
    20:59:28.0522 3672 MSKSSRV (d8c63d34d9c9e56c059e24ec7185cc07) C:\Windows\system32\drivers\MSKSSRV.sys
    20:59:28.0545 3672 MSKSSRV - ok
    20:59:28.0580 3672 MsMpSvc (cfce43b70ca0cc4dcc8adb62b792b173) c:\Program Files\Microsoft Security Client\Antimalware\MsMpEng.exe
    20:59:28.0581 3672 MsMpSvc - ok
    20:59:28.0604 3672 MSPCLOCK (1d373c90d62ddb641d50e55b9e78d65e) C:\Windows\system32\drivers\MSPCLOCK.sys
    20:59:28.0612 3672 MSPCLOCK - ok
    20:59:28.0638 3672 MSPQM (b572da05bf4e098d4bba3a4734fb505b) C:\Windows\system32\drivers\MSPQM.sys
    20:59:28.0648 3672 MSPQM - ok
    20:59:28.0677 3672 MsRPC (b49456d70555de905c311bcda6ec6adb) C:\Windows\system32\drivers\MsRPC.sys
    20:59:28.0678 3672 MsRPC - ok
    20:59:28.0693 3672 mssmbios (e384487cb84be41d09711c30ca79646c) C:\Windows\system32\DRIVERS\mssmbios.sys
    20:59:28.0694 3672 mssmbios - ok
    20:59:28.0707 3672 MSTEE (7199c1eec1e4993caf96b8c0a26bd58a) C:\Windows\system32\drivers\MSTEE.sys
    20:59:28.0716 3672 MSTEE - ok
    20:59:28.0749 3672 Mup (6a57b5733d4cb702c8ea4542e836b96c) C:\Windows\system32\Drivers\mup.sys
    20:59:28.0750 3672 Mup - ok
    20:59:28.0829 3672 napagent (e4eaf0c5c1b41b5c83386cf212ca9584) C:\Windows\system32\qagentRT.dll
    20:59:28.0833 3672 napagent - ok
    20:59:28.0864 3672 NativeWifiP (85c44fdff9cf7e72a40dcb7ec06a4416) C:\Windows\system32\DRIVERS\nwifi.sys
    20:59:28.0865 3672 NativeWifiP - ok
    20:59:28.0920 3672 NBISZU - ok
    20:59:28.0956 3672 NDIS (1357274d1883f68300aeadd15d7bbb42) C:\Windows\system32\drivers\ndis.sys
    20:59:28.0959 3672 NDIS - ok
    20:59:28.0981 3672 NdisTapi (0e186e90404980569fb449ba7519ae61) C:\Windows\system32\DRIVERS\ndistapi.sys
    20:59:28.0981 3672 NdisTapi - ok
    20:59:29.0002 3672 Ndisuio (d6973aa34c4d5d76c0430b181c3cd389) C:\Windows\system32\DRIVERS\ndisuio.sys
    20:59:29.0003 3672 Ndisuio - ok
    20:59:29.0028 3672 NdisWan (818f648618ae34f729fdb47ec68345c3) C:\Windows\system32\DRIVERS\ndiswan.sys
    20:59:29.0029 3672 NdisWan - ok
    20:59:29.0055 3672 NDProxy (71dab552b41936358f3b541ae5997fb3) C:\Windows\system32\drivers\NDProxy.sys
    20:59:29.0056 3672 NDProxy - ok
    20:59:29.0088 3672 NetBIOS (bcd093a5a6777cf626434568dc7dba78) C:\Windows\system32\DRIVERS\netbios.sys
    20:59:29.0089 3672 NetBIOS - ok
    20:59:29.0116 3672 netbt (ecd64230a59cbd93c85f1cd1cab9f3f6) C:\Windows\system32\DRIVERS\netbt.sys
    20:59:29.0118 3672 netbt - ok
    20:59:29.0148 3672 Netlogon (a3e186b4b935905b829219502557314e) C:\Windows\system32\lsass.exe
    20:59:29.0149 3672 Netlogon - ok
    20:59:29.0176 3672 Netman (c8052711daecc48b982434c5116ca401) C:\Windows\System32\netman.dll
    20:59:29.0180 3672 Netman - ok
    20:59:29.0224 3672 NetMsmqActivator (d22cd77d4f0d63d1169bb35911bff12d) C:\Windows\Microsoft.NET\Framework\v4.0.30319\SMSvcHost.exe
    20:59:29.0226 3672 NetMsmqActivator - ok
    20:59:29.0230 3672 NetPipeActivator (d22cd77d4f0d63d1169bb35911bff12d) C:\Windows\Microsoft.NET\Framework\v4.0.30319\SMSvcHost.exe
    20:59:29.0231 3672 NetPipeActivator - ok
    20:59:29.0267 3672 netprofm (2ef3bbe22e5a5acd1428ee387a0d0172) C:\Windows\System32\netprofm.dll
    20:59:29.0270 3672 netprofm - ok
    20:59:29.0276 3672 NetTcpActivator (d22cd77d4f0d63d1169bb35911bff12d) C:\Windows\Microsoft.NET\Framework\v4.0.30319\SMSvcHost.exe
    20:59:29.0277 3672 NetTcpActivator - ok
    20:59:29.0281 3672 NetTcpPortSharing (d22cd77d4f0d63d1169bb35911bff12d) C:\Windows\Microsoft.NET\Framework\v4.0.30319\SMSvcHost.exe
    20:59:29.0283 3672 NetTcpPortSharing - ok
    20:59:29.0358 3672 NETw2v32 (6e9edc1020b319e7676387b8cdf2398c) C:\Windows\system32\DRIVERS\NETw2v32.sys
    20:59:29.0391 3672 NETw2v32 - ok
    20:59:29.0408 3672 nfrd960 (2e7fb731d4790a1bc6270accefacb36e) C:\Windows\system32\drivers\nfrd960.sys
    20:59:29.0410 3672 nfrd960 - ok
    20:59:29.0444 3672 NisDrv (7b01c6172cfd0b10116175e09200d4b4) C:\Windows\system32\DRIVERS\NisDrvWFP.sys
    20:59:29.0445 3672 NisDrv - ok
    20:59:29.0524 3672 NisSrv (a5cb074f34bbd89948e34a630d459c0c) c:\Program Files\Microsoft Security Client\Antimalware\NisSrv.exe
    20:59:29.0526 3672 NisSrv - ok
    20:59:29.0554 3672 NlaSvc (2997b15415f9bbe05b5a4c1c85e0c6a2) C:\Windows\System32\nlasvc.dll
    20:59:29.0557 3672 NlaSvc - ok
    20:59:29.0588 3672 Npfs (d36f239d7cce1931598e8fb90a0dbc26) C:\Windows\system32\drivers\Npfs.sys
    20:59:29.0589 3672 Npfs - ok
    20:59:29.0615 3672 nsi (8bb86f0c7eea2bded6fe095d0b4ca9bd) C:\Windows\system32\nsisvc.dll
    20:59:29.0617 3672 nsi - ok
    20:59:29.0635 3672 nsiproxy (609773e344a97410ce4ebf74a8914fcf) C:\Windows\system32\drivers\nsiproxy.sys
    20:59:29.0636 3672 nsiproxy - ok
    20:59:29.0679 3672 Ntfs (6a4a98cee84cf9e99564510dda4baa47) C:\Windows\system32\drivers\Ntfs.sys
    20:59:29.0687 3672 Ntfs - ok
    20:59:29.0701 3672 ntrigdigi (e875c093aec0c978a90f30c9e0dfbb72) C:\Windows\system32\drivers\ntrigdigi.sys
    20:59:29.0716 3672 ntrigdigi - ok
    20:59:29.0742 3672 Null (c5dbbcda07d780bda9b685df333bb41e) C:\Windows\system32\drivers\Null.sys
    20:59:29.0742 3672 Null - ok
    20:59:29.0820 3672 NVENETFD (1657f3fbd9061526c14ff37e79306f98) C:\Windows\system32\DRIVERS\nvm60x32.sys
    20:59:29.0876 3672 NVENETFD - ok
    20:59:29.0909 3672 NVNET (1efec38a852ab35883bfff3427b92b3f) C:\Windows\system32\DRIVERS\nvmfdx32.sys
    20:59:29.0911 3672 NVNET - ok
    20:59:29.0933 3672 nvraid (e69e946f80c1c31c53003bfbf50cbb7c) C:\Windows\system32\drivers\nvraid.sys
    20:59:29.0935 3672 nvraid - ok
    20:59:29.0953 3672 nvstor (9e0ba19a28c498a6d323d065db76dffc) C:\Windows\system32\drivers\nvstor.sys
    20:59:29.0954 3672 nvstor - ok
    20:59:29.0975 3672 nvstor32 (dc5f166422beebf195e3e4bb8ab4ee22) C:\Windows\system32\DRIVERS\nvstor32.sys
    20:59:29.0976 3672 nvstor32 - ok
    20:59:29.0991 3672 nv_agp (07c186427eb8fcc3d8d7927187f260f7) C:\Windows\system32\drivers\nv_agp.sys
    20:59:29.0992 3672 nv_agp - ok
    20:59:30.0000 3672 NwlnkFlt - ok
     
  6. harveydf

    harveydf TS Rookie Topic Starter Posts: 69

    Page 2
    20:59:30.0009 3672 NwlnkFwd - ok
    20:59:30.0072 3672 odserv (785f487a64950f3cb8e9f16253ba3b7b) C:\Program Files\Common Files\Microsoft Shared\OFFICE12\ODSERV.EXE
    20:59:30.0079 3672 odserv - ok
    20:59:30.0099 3672 ohci1394 (be32da025a0be1878f0ee8d6d9386cd5) C:\Windows\system32\DRIVERS\ohci1394.sys
    20:59:30.0123 3672 ohci1394 - ok
    20:59:30.0173 3672 OJ - ok
    20:59:30.0199 3672 ose (5a432a042dae460abe7199b758e8606c) C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE
    20:59:30.0201 3672 ose - ok
    20:59:30.0238 3672 p2pimsvc (0c8e8e61ad1eb0b250b846712c917506) C:\Windows\system32\p2psvc.dll
    20:59:30.0244 3672 p2pimsvc - ok
    20:59:30.0288 3672 p2psvc (0c8e8e61ad1eb0b250b846712c917506) C:\Windows\system32\p2psvc.dll
    20:59:30.0294 3672 p2psvc - ok
    20:59:30.0340 3672 PalmUSBD (803cf09c795290825607505d37819135) C:\Windows\system32\drivers\PalmUSBD.sys
    20:59:30.0353 3672 PalmUSBD - ok
    20:59:30.0385 3672 Parport (0fa9b5055484649d63c303fe404e5f4d) C:\Windows\system32\drivers\parport.sys
    20:59:30.0418 3672 Parport - ok
    20:59:30.0437 3672 Partizan (6ddcf3f801ec15fe698f6a215cf30a1f) C:\Windows\system32\drivers\Partizan.sys
    20:59:30.0460 3672 Partizan - ok
    20:59:30.0474 3672 partmgr (57389fa59a36d96b3eb09d0cb91e9cdc) C:\Windows\system32\drivers\partmgr.sys
    20:59:30.0474 3672 partmgr - ok
    20:59:30.0493 3672 Parvdm (4f9a6a8a31413180d0fcb279ad5d8112) C:\Windows\system32\drivers\parvdm.sys
    20:59:30.0504 3672 Parvdm - ok
    20:59:30.0526 3672 PcaSvc (c6276ad11f4bb49b58aa1ed88537f14a) C:\Windows\System32\pcasvc.dll
    20:59:30.0528 3672 PcaSvc - ok
    20:59:30.0559 3672 pci (941dc1d19e7e8620f40bbc206981efdb) C:\Windows\system32\drivers\pci.sys
    20:59:30.0560 3672 pci - ok
    20:59:30.0575 3672 pciide (1636d43f10416aeb483bc6001097b26c) C:\Windows\system32\drivers\pciide.sys
    20:59:30.0575 3672 pciide - ok
    20:59:30.0595 3672 pcmcia (e6f3fb1b86aa519e7698ad05e58b04e5) C:\Windows\system32\DRIVERS\pcmcia.sys
    20:59:30.0598 3672 pcmcia - ok
    20:59:30.0627 3672 PCTCore (0edb74bd0d52d6d94cf862322e48b94e) C:\Windows\system32\drivers\PCTCore.sys
    20:59:30.0630 3672 PCTCore - ok
    20:59:30.0658 3672 pctDS (8734f7346b39a710491e0ddb136da2a3) C:\Windows\system32\drivers\pctDS.sys
    20:59:30.0661 3672 pctDS - ok
    20:59:30.0691 3672 pctgntdi (cee55a1df92cb30f87280b6a04aadce8) C:\Windows\System32\drivers\pctgntdi.sys
    20:59:30.0693 3672 pctgntdi - ok
    20:59:30.0765 3672 PCToolsSSDMonitorSvc (a0937771070bf59468b4939dd0ae59fd) C:\Program Files\Common Files\PC Tools\sMonitor\StartManSvc.exe
    20:59:30.0770 3672 PCToolsSSDMonitorSvc - ok
    20:59:30.0811 3672 pctplsg (061b86fd64a61ad187efc788d6c408b0) C:\Windows\System32\drivers\pctplsg.sys
    20:59:30.0812 3672 pctplsg - ok
    20:59:30.0827 3672 PCTSD (eb98f7514dcf1b922b318e6182d836b1) C:\Windows\system32\Drivers\PCTSD.sys
    20:59:30.0828 3672 PCTSD - ok
    20:59:30.0869 3672 PEAUTH (6349f6ed9c623b44b52ea3c63c831a92) C:\Windows\system32\drivers\peauth.sys
    20:59:30.0875 3672 PEAUTH - ok
    20:59:30.0958 3672 pla (b1689df169143f57053f795390c99db3) C:\Windows\system32\pla.dll
    20:59:30.0972 3672 pla - ok
    20:59:31.0010 3672 PlugPlay (c5e7f8a996ec0a82d508fd9064a5569e) C:\Windows\system32\umpnpmgr.dll
    20:59:31.0014 3672 PlugPlay - ok
    20:59:31.0051 3672 PNRPAutoReg (0c8e8e61ad1eb0b250b846712c917506) C:\Windows\system32\p2psvc.dll
    20:59:31.0058 3672 PNRPAutoReg - ok
    20:59:31.0126 3672 PNRPsvc (0c8e8e61ad1eb0b250b846712c917506) C:\Windows\system32\p2psvc.dll
    20:59:31.0132 3672 PNRPsvc - ok
    20:59:31.0163 3672 PolicyAgent (d0494460421a03cd5225cca0059aa146) C:\Windows\System32\ipsecsvc.dll
    20:59:31.0167 3672 PolicyAgent - ok
    20:59:31.0188 3672 PptpMiniport (ecfffaec0c1ecd8dbc77f39070ea1db1) C:\Windows\system32\DRIVERS\raspptp.sys
    20:59:31.0189 3672 PptpMiniport - ok
    20:59:31.0216 3672 Processor (2027293619dd0f047c584cf2e7df4ffd) C:\Windows\system32\DRIVERS\processr.sys
    20:59:31.0217 3672 Processor - ok
    20:59:31.0241 3672 ProfSvc (0508faa222d28835310b7bfca7a77346) C:\Windows\system32\profsvc.dll
    20:59:31.0245 3672 ProfSvc - ok
    20:59:31.0273 3672 ProtectedStorage (a3e186b4b935905b829219502557314e) C:\Windows\system32\lsass.exe
    20:59:31.0275 3672 ProtectedStorage - ok
    20:59:31.0305 3672 PSched (99514faa8df93d34b5589187db3aa0ba) C:\Windows\system32\DRIVERS\pacer.sys
    20:59:31.0306 3672 PSched - ok
    20:59:31.0342 3672 ql2300 (ccdac889326317792480c0a67156a1ec) C:\Windows\system32\drivers\ql2300.sys
    20:59:31.0367 3672 ql2300 - ok
    20:59:31.0403 3672 ql40xx (81a7e5c076e59995d54bc1ed3a16e60b) C:\Windows\system32\drivers\ql40xx.sys
    20:59:31.0405 3672 ql40xx - ok
    20:59:31.0439 3672 QWAVE (e9ecae663f47e6cb43962d18ab18890f) C:\Windows\system32\qwave.dll
    20:59:31.0442 3672 QWAVE - ok
    20:59:31.0467 3672 QWAVEdrv (9f5e0e1926014d17486901c88eca2db7) C:\Windows\system32\drivers\qwavedrv.sys
    20:59:31.0488 3672 QWAVEdrv - ok
    20:59:31.0507 3672 RasAcd (147d7f9c556d259924351feb0de606c3) C:\Windows\system32\DRIVERS\rasacd.sys
    20:59:31.0507 3672 RasAcd - ok
    20:59:31.0534 3672 RasAuto (f6a452eb4ceadbb51c9e0ee6b3ecef0f) C:\Windows\System32\rasauto.dll
    20:59:31.0536 3672 RasAuto - ok
    20:59:31.0547 3672 Rasl2tp (a214adbaf4cb47dd2728859ef31f26b0) C:\Windows\system32\DRIVERS\rasl2tp.sys
    20:59:31.0548 3672 Rasl2tp - ok
    20:59:31.0576 3672 RasMan (75d47445d70ca6f9f894b032fbc64fcf) C:\Windows\System32\rasmans.dll
    20:59:31.0580 3672 RasMan - ok
    20:59:31.0602 3672 RasPppoe (509a98dd18af4375e1fc40bc175f1def) C:\Windows\system32\DRIVERS\raspppoe.sys
    20:59:31.0603 3672 RasPppoe - ok
    20:59:31.0636 3672 RasSstp (2005f4a1e05fa09389ac85840f0a9e4d) C:\Windows\system32\DRIVERS\rassstp.sys
    20:59:31.0637 3672 RasSstp - ok
    20:59:31.0660 3672 rdbss (b14c9d5b9add2f84f70570bbbfaa7935) C:\Windows\system32\DRIVERS\rdbss.sys
    20:59:31.0662 3672 rdbss - ok
    20:59:31.0687 3672 RDPCDD (89e59be9a564262a3fb6c4f4f1cd9899) C:\Windows\system32\DRIVERS\RDPCDD.sys
    20:59:31.0688 3672 RDPCDD - ok
    20:59:31.0711 3672 rdpdr (e8bd98d46f2ed77132ba927fccb47d8b) C:\Windows\system32\drivers\rdpdr.sys
    20:59:31.0716 3672 rdpdr - ok
    20:59:31.0724 3672 RDPENCDD (9d91fe5286f748862ecffa05f8a0710c) C:\Windows\system32\drivers\rdpencdd.sys
    20:59:31.0725 3672 RDPENCDD - ok
    20:59:31.0778 3672 RDPWD (79c6df8477250f5c54f7c5ae1d6b814e) C:\Windows\system32\drivers\RDPWD.sys
    20:59:31.0842 3672 RDPWD - ok
    20:59:31.0881 3672 RegGuard (37ecebdd930395a9c399fb18a3c236d3) C:\Windows\system32\Drivers\regguard.sys
    20:59:31.0897 3672 RegGuard - ok
    20:59:31.0921 3672 RemoteAccess (bcdd6b4804d06b1f7ebf29e53a57ece9) C:\Windows\System32\mprdim.dll
    20:59:31.0923 3672 RemoteAccess - ok
    20:59:31.0952 3672 RemoteRegistry (9e6894ea18daff37b63e1005f83ae4ab) C:\Windows\system32\regsvc.dll
    20:59:31.0955 3672 RemoteRegistry - ok
    20:59:31.0979 3672 RpcLocator (5123f83cbc4349d065534eeb6bbdc42b) C:\Windows\system32\locator.exe
    20:59:31.0981 3672 RpcLocator - ok
    20:59:32.0000 3672 RpcSs (3b5b4d53fec14f7476ca29a20cc31ac9) C:\Windows\system32\rpcss.dll
    20:59:32.0006 3672 RpcSs - ok
    20:59:32.0030 3672 rspndr (9c508f4074a39e8b4b31d27198146fad) C:\Windows\system32\DRIVERS\rspndr.sys
    20:59:32.0031 3672 rspndr - ok
    20:59:32.0052 3672 SamSs (a3e186b4b935905b829219502557314e) C:\Windows\system32\lsass.exe
    20:59:32.0054 3672 SamSs - ok
    20:59:32.0075 3672 sbp2port (3ce8f073a557e172b330109436984e30) C:\Windows\system32\drivers\sbp2port.sys
    20:59:32.0076 3672 sbp2port - ok
    20:59:32.0098 3672 SCardSvr (77b7a11a0c3d78d3386398fbbea1b632) C:\Windows\System32\SCardSvr.dll
    20:59:32.0101 3672 SCardSvr - ok
    20:59:32.0139 3672 Schedule (1a58069db21d05eb2ab58ee5753ebe8d) C:\Windows\system32\schedsvc.dll
    20:59:32.0145 3672 Schedule - ok
    20:59:32.0172 3672 SCPolicySvc (312ec3e37a0a1f2006534913e37b4423) C:\Windows\System32\certprop.dll
    20:59:32.0173 3672 SCPolicySvc - ok
    20:59:32.0234 3672 sdAuxService (17d6a03103586d7954ba74c2219ce1bb) C:\Program Files\PC Tools\PC Tools Security\pctsAuxs.exe
    20:59:32.0237 3672 sdAuxService - ok
    20:59:32.0256 3672 sdbus (4339a2585708c7d9b0c0ce5aad3dd6ff) C:\Windows\system32\DRIVERS\sdbus.sys
    20:59:32.0271 3672 sdbus - ok
    20:59:32.0315 3672 sdCoreService (d2b30a5a8f57c00b0fa84a8880e9ec5b) C:\Program Files\PC Tools\PC Tools Security\pctsSvc.exe
    20:59:32.0322 3672 sdCoreService - ok
    20:59:32.0362 3672 SDRSVC (716313d9f6b0529d03f726d5aaf6f191) C:\Windows\System32\SDRSVC.dll
    20:59:32.0365 3672 SDRSVC - ok
    20:59:32.0401 3672 secdrv (90a3935d05b494a5a39d37e71f09a677) C:\Windows\system32\drivers\secdrv.sys
    20:59:32.0402 3672 secdrv - ok
    20:59:32.0448 3672 seclogon (fd5199d4d8a521005e4b5ee7fe00fa9b) C:\Windows\system32\seclogon.dll
    20:59:32.0451 3672 seclogon - ok
    20:59:32.0489 3672 SENS (a9bbab5759771e523f55563d6cbe140f) C:\Windows\system32\sens.dll
    20:59:32.0491 3672 SENS - ok
    20:59:32.0530 3672 Serenum (68e44e331d46f0fb38f0863a84cd1a31) C:\Windows\system32\drivers\serenum.sys
    20:59:32.0542 3672 Serenum - ok
    20:59:32.0568 3672 Serial (c70d69a918b178d3c3b06339b40c2e1b) C:\Windows\system32\drivers\serial.sys
    20:59:32.0569 3672 Serial - ok
    20:59:32.0621 3672 sermouse (8af3d28a879bf75db53a0ee7a4289624) C:\Windows\system32\drivers\sermouse.sys
    20:59:32.0635 3672 sermouse - ok
    20:59:32.0677 3672 SessionEnv (d2193326f729b163125610dbf3e17d57) C:\Windows\system32\sessenv.dll
    20:59:32.0680 3672 SessionEnv - ok
    20:59:32.0719 3672 sffdisk (103b79418da647736ee95645f305f68a) C:\Windows\system32\drivers\sffdisk.sys
    20:59:32.0731 3672 sffdisk - ok
    20:59:32.0797 3672 sffp_mmc (8fd08a310645fe872eeec6e08c6bf3ee) C:\Windows\system32\drivers\sffp_mmc.sys
    20:59:32.0809 3672 sffp_mmc - ok
    20:59:32.0834 3672 sffp_sd (9cfa05fcfcb7124e69cfc812b72f9614) C:\Windows\system32\drivers\sffp_sd.sys
    20:59:32.0847 3672 sffp_sd - ok
    20:59:32.0855 3672 sfloppy (46ed8e91793b2e6f848015445a0ac188) C:\Windows\system32\drivers\sfloppy.sys
    20:59:32.0867 3672 sfloppy - ok
    20:59:32.0902 3672 SharedAccess (e1499bd0ff76b1b2fbbf1af339d91165) C:\Windows\System32\ipnathlp.dll
    20:59:32.0905 3672 SharedAccess - ok
    20:59:32.0933 3672 ShellHWDetection (c7230fbee14437716701c15be02c27b8) C:\Windows\System32\shsvcs.dll
    20:59:32.0937 3672 ShellHWDetection - ok
    20:59:32.0981 3672 silabenm (3ead8e1668ce42a0afe41d56e7157bcf) C:\Windows\system32\DRIVERS\silabenm.sys
    20:59:32.0982 3672 silabenm - ok
    20:59:33.0018 3672 silabser (177d3ebf3e236a272d769c14f73ecc3e) C:\Windows\system32\DRIVERS\silabser.sys
    20:59:33.0048 3672 silabser - ok
    20:59:33.0075 3672 sisagp (d2a595d6eebeeaf4334f8e50efbc9931) C:\Windows\system32\drivers\sisagp.sys
    20:59:33.0077 3672 sisagp - ok
    20:59:33.0087 3672 SiSRaid2 (cedd6f4e7d84e9f98b34b3fe988373aa) C:\Windows\system32\drivers\sisraid2.sys
    20:59:33.0088 3672 SiSRaid2 - ok
    20:59:33.0110 3672 SiSRaid4 (df843c528c4f69d12ce41ce462e973a7) C:\Windows\system32\drivers\sisraid4.sys
    20:59:33.0111 3672 SiSRaid4 - ok
    20:59:33.0234 3672 slsvc (862bb4cbc05d80c5b45be430e5ef872f) C:\Windows\system32\SLsvc.exe
    20:59:33.0257 3672 slsvc - ok
    20:59:33.0291 3672 SLUINotify (6edc422215cd78aa8a9cde6b30abbd35) C:\Windows\system32\SLUINotify.dll
    20:59:33.0293 3672 SLUINotify - ok
    20:59:33.0321 3672 Smb (7b75299a4d201d6a6533603d6914ab04) C:\Windows\system32\DRIVERS\smb.sys
    20:59:33.0322 3672 Smb - ok
    20:59:33.0382 3672 snapman (c3bf55189aa92b8f919108ef9e4accae) C:\Windows\system32\DRIVERS\snapman.sys
    20:59:33.0384 3672 snapman - ok
    20:59:33.0419 3672 SNMPTRAP (2a146a055b4401c16ee62d18b8e2a032) C:\Windows\System32\snmptrap.exe
    20:59:33.0421 3672 SNMPTRAP - ok
    20:59:33.0469 3672 spldr (7aebdeef071fe28b0eef2cdd69102bff) C:\Windows\system32\drivers\spldr.sys
    20:59:33.0469 3672 spldr - ok
    20:59:33.0513 3672 Spooler (8554097e5136c3bf9f69fe578a1b35f4) C:\Windows\System32\spoolsv.exe
    20:59:33.0516 3672 Spooler - ok
    20:59:33.0589 3672 srv (41987f9fc0e61adf54f581e15029ad91) C:\Windows\system32\DRIVERS\srv.sys
    20:59:33.0592 3672 srv - ok
    20:59:33.0632 3672 srv2 (ff33aff99564b1aa534f58868cbe41ef) C:\Windows\system32\DRIVERS\srv2.sys
    20:59:33.0633 3672 srv2 - ok
    20:59:33.0672 3672 srvnet (7605c0e1d01a08f3ecd743f38b834a44) C:\Windows\system32\DRIVERS\srvnet.sys
    20:59:33.0673 3672 srvnet - ok
    20:59:33.0712 3672 SSDPSRV (03d50b37234967433a5ea5ba72bc0b62) C:\Windows\System32\ssdpsrv.dll
    20:59:33.0716 3672 SSDPSRV - ok
    20:59:33.0746 3672 SstpSvc (6f1a32e7b7b30f004d9a20afadb14944) C:\Windows\system32\sstpsvc.dll
    20:59:33.0749 3672 SstpSvc - ok
    20:59:33.0782 3672 stisvc (5de7d67e49b88f5f07f3e53c4b92a352) C:\Windows\System32\wiaservc.dll
    20:59:33.0787 3672 stisvc - ok
    20:59:33.0816 3672 swenum (7ba58ecf0c0a9a69d44b3dca62becf56) C:\Windows\system32\DRIVERS\swenum.sys
    20:59:33.0817 3672 swenum - ok
    20:59:33.0845 3672 swprv (f21fd248040681cca1fb6c9a03aaa93d) C:\Windows\System32\swprv.dll
    20:59:33.0849 3672 swprv - ok
    20:59:33.0874 3672 Symc8xx (192aa3ac01df071b541094f251deed10) C:\Windows\system32\drivers\symc8xx.sys
    20:59:33.0883 3672 Symc8xx - ok
    20:59:33.0904 3672 Sym_hi (8c8eb8c76736ebaf3b13b633b2e64125) C:\Windows\system32\drivers\sym_hi.sys
    20:59:33.0905 3672 Sym_hi - ok
    20:59:33.0927 3672 Sym_u3 (8072af52b5fd103bbba387a1e49f62cb) C:\Windows\system32\drivers\sym_u3.sys
    20:59:33.0928 3672 Sym_u3 - ok
    20:59:33.0969 3672 SysMain (9a51b04e9886aa4ee90093586b0ba88d) C:\Windows\system32\sysmain.dll
    20:59:33.0975 3672 SysMain - ok
    20:59:34.0014 3672 TabletInputService (2dca225eae15f42c0933e998ee0231c3) C:\Windows\System32\TabSvc.dll
    20:59:34.0017 3672 TabletInputService - ok
    20:59:34.0088 3672 TapiSrv (d7673e4b38ce21ee54c59eeeb65e2483) C:\Windows\System32\tapisrv.dll
    20:59:34.0092 3672 TapiSrv - ok
    20:59:34.0134 3672 TBS (cb05822cd9cc6c688168e113c603dbe7) C:\Windows\System32\tbssvc.dll
    20:59:34.0137 3672 TBS - ok
    20:59:34.0283 3672 Tcpip (16731b631f28f63cd9f4cb60940e7ddd) C:\Windows\system32\drivers\tcpip.sys
    20:59:34.0290 3672 Tcpip - ok
    20:59:34.0408 3672 Tcpip6 (16731b631f28f63cd9f4cb60940e7ddd) C:\Windows\system32\DRIVERS\tcpip.sys
    20:59:34.0414 3672 Tcpip6 - ok
    20:59:34.0451 3672 tcpipreg (3fc13f09af9be487c7b4fac4070a036c) C:\Windows\system32\drivers\tcpipreg.sys
    20:59:34.0451 3672 tcpipreg - ok
    20:59:34.0495 3672 TDPIPE (5dcf5e267be67a1ae926f2df77fbcc56) C:\Windows\system32\drivers\tdpipe.sys
    20:59:34.0510 3672 TDPIPE - ok
    20:59:34.0573 3672 tdrpman (3b7b6779eb231f731bba8f9fe67aadfc) C:\Windows\system32\DRIVERS\tdrpman.sys
    20:59:34.0576 3672 tdrpman - ok
    20:59:34.0613 3672 TDTCP (389c63e32b3cefed425b61ed92d3f021) C:\Windows\system32\drivers\tdtcp.sys
    20:59:34.0631 3672 TDTCP - ok
    20:59:34.0692 3672 tdx (76b06eb8a01fc8624d699e7045303e54) C:\Windows\system32\DRIVERS\tdx.sys
    20:59:34.0693 3672 tdx - ok
    20:59:34.0737 3672 TermDD (3cad38910468eab9a6479e2f01db43c7) C:\Windows\system32\DRIVERS\termdd.sys
    20:59:34.0738 3672 TermDD - ok
    20:59:34.0781 3672 TermService (bb95da09bef6e7a131bff3ba5032090d) C:\Windows\System32\termsrv.dll
    20:59:34.0786 3672 TermService - ok
    20:59:34.0837 3672 TfFsMon (754f8fd78ea7fa2b9a0cb8a69e0f0822) C:\Windows\system32\drivers\TfFsMon.sys
    20:59:34.0838 3672 TfFsMon - ok
    20:59:34.0865 3672 TfNetMon (697f66899b4f0c2d8ae3e7473b4b6244) C:\Windows\system32\drivers\TfNetMon.sys
    20:59:34.0866 3672 TfNetMon - ok
    20:59:34.0901 3672 TFSysMon (e02f47b841be86bfdf4d7269ed0b95e4) C:\Windows\system32\drivers\TfSysMon.sys
    20:59:34.0905 3672 TFSysMon - ok
    20:59:34.0933 3672 Themes (c7230fbee14437716701c15be02c27b8) C:\Windows\system32\shsvcs.dll
    20:59:34.0937 3672 Themes - ok
    20:59:34.0961 3672 THREADORDER (1076ffcffaae8385fd62dfcb25ac4708) C:\Windows\system32\mmcss.dll
    20:59:34.0963 3672 THREADORDER - ok
    20:59:35.0132 3672 ThreatFire - ok
    20:59:35.0172 3672 tifsfilter (b0b3122bff3910e0ba97014045467778) C:\Windows\system32\DRIVERS\tifsfilt.sys
    20:59:35.0173 3672 tifsfilter - ok
    20:59:35.0223 3672 timounter (13bfe330880ac0ce8672d00aa5aff738) C:\Windows\system32\DRIVERS\timntr.sys
    20:59:35.0226 3672 timounter - ok
    20:59:35.0271 3672 TrkWks (ec74e77d0eb004bd3a809b5f8fb8c2ce) C:\Windows\System32\trkwks.dll
    20:59:35.0274 3672 TrkWks - ok
    20:59:35.0302 3672 TrustedInstaller (97d9d6a04e3ad9b6c626b9931db78dba) C:\Windows\servicing\TrustedInstaller.exe
    20:59:35.0334 3672 TrustedInstaller - ok
    20:59:35.0397 3672 tssecsrv (dcf0f056a2e4f52287264f5ab29cf206) C:\Windows\system32\DRIVERS\tssecsrv.sys
    20:59:35.0413 3672 tssecsrv - ok
    20:59:35.0448 3672 tunmp (caecc0120ac49e3d2f758b9169872d38) C:\Windows\system32\DRIVERS\tunmp.sys
    20:59:35.0449 3672 tunmp - ok
    20:59:35.0498 3672 tunnel (300db877ac094feab0be7688c3454a9c) C:\Windows\system32\DRIVERS\tunnel.sys
    20:59:35.0499 3672 tunnel - ok
    20:59:35.0533 3672 uagp35 (c3ade15414120033a36c0f293d4a4121) C:\Windows\system32\drivers\uagp35.sys
    20:59:35.0534 3672 uagp35 - ok
    20:59:35.0564 3672 udfs (d9728af68c4c7693cb100b8441cbdec6) C:\Windows\system32\DRIVERS\udfs.sys
    20:59:35.0614 3672 udfs - ok
    20:59:35.0662 3672 UI0Detect (ecef404f62863755951e09c802c94ad5) C:\Windows\system32\UI0Detect.exe
    20:59:35.0665 3672 UI0Detect - ok
    20:59:35.0678 3672 uliagpkx (75e6890ebfce0841d3291b02e7a8bdb0) C:\Windows\system32\drivers\uliagpkx.sys
    20:59:35.0680 3672 uliagpkx - ok
    20:59:35.0730 3672 uliahci (3cd4ea35a6221b85dcc25daa46313f8d) C:\Windows\system32\drivers\uliahci.sys
    20:59:35.0734 3672 uliahci - ok
    20:59:35.0796 3672 UlSata (8514d0e5cd0534467c5fc61be94a569f) C:\Windows\system32\drivers\ulsata.sys
    20:59:35.0809 3672 UlSata - ok
    20:59:35.0818 3672 ulsata2 (38c3c6e62b157a6bc46594fada45c62b) C:\Windows\system32\drivers\ulsata2.sys
    20:59:35.0821 3672 ulsata2 - ok
    20:59:35.0848 3672 umbus (32cff9f809ae9aed85464492bf3e32d2) C:\Windows\system32\DRIVERS\umbus.sys
    20:59:35.0849 3672 umbus - ok
    20:59:35.0881 3672 upnphost (68308183f4ae0be7bf8ecd07cb297999) C:\Windows\System32\upnphost.dll
    20:59:35.0885 3672 upnphost - ok
    20:59:35.0932 3672 usbccgp (caf811ae4c147ffcd5b51750c7f09142) C:\Windows\system32\DRIVERS\usbccgp.sys
    20:59:35.0963 3672 usbccgp - ok
    20:59:35.0997 3672 usbcir (e9476e6c486e76bc4898074768fb7131) C:\Windows\system32\drivers\usbcir.sys
    20:59:36.0035 3672 usbcir - ok
    20:59:36.0051 3672 usbehci (79e96c23a97ce7b8f14d310da2db0c9b) C:\Windows\system32\DRIVERS\usbehci.sys
    20:59:36.0052 3672 usbehci - ok
    20:59:36.0080 3672 usbhub (4673bbcb006af60e7abddbe7a130ba42) C:\Windows\system32\DRIVERS\usbhub.sys
    20:59:36.0082 3672 usbhub - ok
    20:59:36.0091 3672 usbohci (ce697fee0d479290d89bec80dfe793b7) C:\Windows\system32\DRIVERS\usbohci.sys
    20:59:36.0092 3672 usbohci - ok
    20:59:36.0126 3672 usbprint (e75c4b5269091d15a2e7dc0b6d35f2f5) C:\Windows\system32\DRIVERS\usbprint.sys
    20:59:36.0144 3672 usbprint - ok
    20:59:36.0171 3672 usbscan (a508c9bd8724980512136b039bba65e9) C:\Windows\system32\DRIVERS\usbscan.sys
    20:59:36.0192 3672 usbscan - ok
    20:59:36.0208 3672 USBSTOR (be3da31c191bc222d9ad503c5224f2ad) C:\Windows\system32\DRIVERS\USBSTOR.SYS
    20:59:36.0209 3672 USBSTOR - ok
    20:59:36.0227 3672 usbuhci (325dbbacb8a36af9988ccf40eac228cc) C:\Windows\system32\DRIVERS\usbuhci.sys
    20:59:36.0244 3672 usbuhci - ok
    20:59:36.0271 3672 UxSms (1509e705f3ac1d474c92454a5c2dd81f) C:\Windows\System32\uxsms.dll
    20:59:36.0273 3672 UxSms - ok
    20:59:36.0301 3672 vds (cd88d1b7776dc17a119049742ec07eb4) C:\Windows\System32\vds.exe
    20:59:36.0307 3672 vds - ok
    20:59:36.0318 3672 vga (7d92be0028ecdedec74617009084b5ef) C:\Windows\system32\DRIVERS\vgapnp.sys
    20:59:36.0335 3672 vga - ok
    20:59:36.0362 3672 VgaSave (2e93ac0a1d8c79d019db6c51f036636c) C:\Windows\System32\drivers\vga.sys
    20:59:36.0363 3672 VgaSave - ok
    20:59:36.0376 3672 viaagp (045d9961e591cf0674a920b6ba3ba5cb) C:\Windows\system32\drivers\viaagp.sys
    20:59:36.0377 3672 viaagp - ok
    20:59:36.0394 3672 ViaC7 (56a4de5f02f2e88182b0981119b4dd98) C:\Windows\system32\drivers\viac7.sys
    20:59:36.0415 3672 ViaC7 - ok
    20:59:36.0427 3672 viaide (fd2e3175fcada350c7ab4521dca187ec) C:\Windows\system32\drivers\viaide.sys
    20:59:36.0428 3672 viaide - ok
    20:59:36.0453 3672 volmgr (69503668ac66c77c6cd7af86fbdf8c43) C:\Windows\system32\drivers\volmgr.sys
    20:59:36.0454 3672 volmgr - ok
    20:59:36.0489 3672 volmgrx (23e41b834759917bfd6b9a0d625d0c28) C:\Windows\system32\drivers\volmgrx.sys
    20:59:36.0491 3672 volmgrx - ok
    20:59:36.0524 3672 volsnap (147281c01fcb1df9252de2a10d5e7093) C:\Windows\system32\drivers\volsnap.sys
    20:59:36.0526 3672 volsnap - ok
    20:59:36.0548 3672 vsmraid (d984439746d42b30fc65a4c3546c6829) C:\Windows\system32\drivers\vsmraid.sys
    20:59:36.0550 3672 vsmraid - ok
    20:59:36.0595 3672 VSS (db3d19f850c6eb32bdcb9bc0836acddb) C:\Windows\system32\vssvc.exe
    20:59:36.0605 3672 VSS - ok
    20:59:36.0636 3672 W32Time (96ea68b9eb310a69c25ebb0282b2b9de) C:\Windows\system32\w32time.dll
    20:59:36.0641 3672 W32Time - ok
    20:59:36.0660 3672 WacomPen (48dfee8f1af7c8235d4e626f0c4fe031) C:\Windows\system32\drivers\wacompen.sys
    20:59:36.0674 3672 WacomPen - ok
    20:59:36.0696 3672 Wanarp (55201897378cca7af8b5efd874374a26) C:\Windows\system32\DRIVERS\wanarp.sys
    20:59:36.0697 3672 Wanarp - ok
    20:59:36.0701 3672 Wanarpv6 (55201897378cca7af8b5efd874374a26) C:\Windows\system32\DRIVERS\wanarp.sys
    20:59:36.0702 3672 Wanarpv6 - ok
    20:59:36.0729 3672 wanatw (0a716c08cb13c3a8f4f51e882dbf7416) C:\Windows\system32\DRIVERS\wanatw4.sys
    20:59:36.0730 3672 wanatw - ok
    20:59:36.0789 3672 wcncsvc (a3cd60fd826381b49f03832590e069af) C:\Windows\System32\wcncsvc.dll
    20:59:36.0794 3672 wcncsvc - ok
    20:59:36.0815 3672 WcsPlugInService (11bcb7afcdd7aadacb5746f544d3a9c7) C:\Windows\System32\WcsPlugInService.dll
    20:59:36.0818 3672 WcsPlugInService - ok
    20:59:36.0831 3672 Wd (afc5ad65b991c1e205cf25cfdbf7a6f4) C:\Windows\system32\drivers\wd.sys
    20:59:36.0832 3672 Wd - ok
    20:59:36.0880 3672 Wdf01000 (9950e3d0f08141c7e89e64456ae7dc73) C:\Windows\system32\drivers\Wdf01000.sys
    20:59:36.0884 3672 Wdf01000 - ok
    20:59:36.0908 3672 WdiServiceHost (abfc76b48bb6c96e3338d8943c5d93b5) C:\Windows\system32\wdi.dll
    20:59:36.0912 3672 WdiServiceHost - ok
    20:59:36.0916 3672 WdiSystemHost (abfc76b48bb6c96e3338d8943c5d93b5) C:\Windows\system32\wdi.dll
    20:59:36.0919 3672 WdiSystemHost - ok
    20:59:36.0933 3672 WebClient (04c37d8107320312fbae09926103d5e2) C:\Windows\System32\webclnt.dll
    20:59:36.0936 3672 WebClient - ok
    20:59:36.0965 3672 Wecsvc (ae3736e7e8892241c23e4ebbb7453b60) C:\Windows\system32\wecsvc.dll
    20:59:36.0968 3672 Wecsvc - ok
    20:59:36.0993 3672 wercplsupport (670ff720071ed741206d69bd995ea453) C:\Windows\System32\wercplsupport.dll
    20:59:36.0996 3672 wercplsupport - ok
    20:59:37.0024 3672 WerSvc (32b88481d3b326da6deb07b1d03481e7) C:\Windows\System32\WerSvc.dll
    20:59:37.0027 3672 WerSvc - ok
    20:59:37.0055 3672 WimFltr (f9ad3a5e3fd7e0bdb18b8202b0fdd4e4) C:\Windows\system32\DRIVERS\wimfltr.sys
    20:59:37.0057 3672 WimFltr - ok
    20:59:37.0098 3672 winachsf (e096ffb754f1e45ae1bddac1275ae2c5) C:\Windows\system32\DRIVERS\HSX_CNXT.sys
    20:59:37.0121 3672 winachsf - ok
    20:59:37.0183 3672 WinDefend (4575aa12561c5648483403541d0d7f2b) C:\Program Files\Windows Defender\mpsvc.dll
    20:59:37.0185 3672 WinDefend - ok
    20:59:37.0192 3672 WinHttpAutoProxySvc - ok
    20:59:37.0226 3672 Winmgmt (6b2a1d0e80110e3d04e6863c6e62fd8a) C:\Windows\system32\wbem\WMIsvc.dll
    20:59:37.0228 3672 Winmgmt - ok
    20:59:37.0282 3672 WinRM (7cfe68bdc065e55aa5e8421607037511) C:\Windows\system32\WsmSvc.dll
    20:59:37.0293 3672 WinRM - ok
    20:59:37.0334 3672 Wlansvc (c008405e4feeb069e30da1d823910234) C:\Windows\System32\wlansvc.dll
    20:59:37.0340 3672 Wlansvc - ok
    20:59:37.0371 3672 WmiAcpi (701a9f884a294327e9141d73746ee279) C:\Windows\system32\drivers\wmiacpi.sys
    20:59:37.0381 3672 WmiAcpi - ok
    20:59:37.0408 3672 wmiApSrv (43be3875207dcb62a85c8c49970b66cc) C:\Windows\system32\wbem\WmiApSrv.exe
    20:59:37.0439 3672 wmiApSrv - ok
    20:59:37.0494 3672 WMPNetworkSvc (3978704576a121a9204f8cc49a301a9b) C:\Program Files\Windows Media Player\wmpnetwk.exe
    20:59:37.0501 3672 WMPNetworkSvc - ok
    20:59:37.0514 3672 WPCSvc (cfc5a04558f5070cee3e3a7809f3ff52) C:\Windows\System32\wpcsvc.dll
    20:59:37.0517 3672 WPCSvc - ok
    20:59:37.0544 3672 WPDBusEnum (801fbdb89d472b3c467eb112a0fc9246) C:\Windows\system32\wpdbusenum.dll
    20:59:37.0547 3672 WPDBusEnum - ok
    20:59:37.0586 3672 WpdUsb (de9d36f91a4df3d911626643debf11ea) C:\Windows\system32\DRIVERS\wpdusb.sys
    20:59:37.0608 3672 WpdUsb - ok
    20:59:37.0692 3672 WPFFontCache_v0400 (dcf3e3edf5109ee8bc02fe6e1f045795) C:\Windows\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe
    20:59:37.0697 3672 WPFFontCache_v0400 - ok
    20:59:37.0730 3672 ws2ifsl (e3a3cb253c0ec2494d4a61f5e43a389c) C:\Windows\system32\drivers\ws2ifsl.sys
    20:59:37.0730 3672 ws2ifsl - ok
    20:59:37.0769 3672 wscsvc (1ca6c40261ddc0425987980d0cd2aaab) C:\Windows\system32\wscsvc.dll
    20:59:37.0772 3672 wscsvc - ok
    20:59:37.0779 3672 WSearch - ok
    20:59:37.0874 3672 wuauserv (6298277b73c77fa99106b271a7525163) C:\Windows\system32\wuaueng.dll
    20:59:37.0889 3672 wuauserv - ok
    20:59:37.0915 3672 WUDFRd (ac13cb789d93412106b0fb6c7eb2bcb6) C:\Windows\system32\DRIVERS\WUDFRd.sys
    20:59:37.0916 3672 WUDFRd - ok
    20:59:37.0943 3672 wudfsvc (575a4190d989f64732119e4114045a4f) C:\Windows\System32\WUDFSvc.dll
    20:59:37.0946 3672 wudfsvc - ok
    20:59:37.0964 3672 XAudio (e3fcf2870b5d7979b3bf10e98a71c847) C:\Windows\system32\DRIVERS\xaudio.sys
    20:59:37.0965 3672 XAudio - ok
    20:59:37.0993 3672 XAudioService (96db5621857e1fddd1aa60733748bf17) C:\Windows\system32\DRIVERS\xaudio.exe
    20:59:37.0996 3672 XAudioService - ok
    20:59:38.0011 3672 MBR (0x1B8) (49f762a4b50ce0d32f1fdbab7ef9b96a) \Device\Harddisk0\DR0
    20:59:38.0049 3672 \Device\Harddisk0\DR0 - ok
    20:59:38.0052 3672 Boot (0x1200) (10ff9c14cd7c653f910b683224932980) \Device\Harddisk0\DR0\Partition0
    20:59:38.0053 3672 \Device\Harddisk0\DR0\Partition0 - ok
    20:59:38.0057 3672 Boot (0x1200) (c1dc6e02b93052c89b63df3fa485b757) \Device\Harddisk0\DR0\Partition1
    20:59:38.0058 3672 \Device\Harddisk0\DR0\Partition1 - ok
    20:59:38.0075 3672 Boot (0x1200) (be874b919c17bd6da2c09a168ca44d65) \Device\Harddisk0\DR0\Partition2
    20:59:38.0077 3672 \Device\Harddisk0\DR0\Partition2 - ok
    20:59:38.0077 3672 ============================================================
    20:59:38.0077 3672 Scan finished
    20:59:38.0077 3672 ============================================================
    20:59:38.0089 5984 Detected object count: 0
    20:59:38.0089 5984 Actual detected object count: 0
     
  7. Broni

    Broni Malware Annihilator Posts: 52,915   +344

    Download aswMBR to your desktop.
    Double click the aswMBR.exe to run it.
    If you see this question: Would you like to download latest Avast! virus definitions?" say "Yes".
    Click the "Scan" button to start scan.
    On completion of the scan click "Save log", save it to your desktop and post in your next reply.

    NOTE. aswMBR will create MBR.dat file on your desktop. This is a copy of your MBR. Do NOT delete it.

    =================================================================

    Download Bootkit Remover to your desktop.

    • Unzip downloaded file to your Desktop.
    • Double-click on boot_cleaner.exe to run the program (Vista/7 users,right click on boot_cleaner.exe and click Run As Administrator).
    • It will show a Black screen with some data on it.
    • Right click on the screen and click Select All.
    • Press CTRL+C
    • Open a Notepad and press CTRL+V
    • Post the output back here.
     
  8. harveydf

    harveydf TS Rookie Topic Starter Posts: 69

    Pc tools Smart Updates popped up to download updates, I didn't touch it.

    aswMBR version 0.9.9.1665 Copyright(c) 2011 AVAST Software
    Run date: 2012-04-01 21:34:13
    -----------------------------
    21:34:13.169 OS Version: Windows 6.0.6002 Service Pack 2
    21:34:13.170 Number of processors: 4 586 0x202
    21:34:13.170 ComputerName: HARVEYDF-PC UserName: Harveydf
    21:34:30.330 Initialize success
    21:46:00.255 AVAST engine defs: 12040101
    21:46:22.531 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\00000060
    21:46:22.533 Disk 0 Vendor: WDC_WD50 12.0 Size: 476940MB BusType: 6
    21:46:22.571 Disk 0 MBR read successfully
    21:46:22.574 Disk 0 MBR scan
    21:46:22.749 Disk 0 Windows VISTA default MBR code
    21:46:22.767 Disk 0 Partition 1 00 07 HPFS/NTFS NTFS 11295 MB offset 63
    21:46:22.813 Disk 0 Partition 2 80 (A) 07 HPFS/NTFS NTFS 332041 MB offset 23133600
    21:46:22.848 Disk 0 Partition 3 00 07 HPFS/NTFS NTFS 24999 MB offset 703357830
    21:46:22.862 Disk 0 Partition - 00 05 Extended 108502 MB offset 754558974
    21:46:22.891 Disk 0 Partition 4 00 83 Linux 104408 MB offset 754558976
    21:46:22.898 Disk 0 Partition - 00 05 Extended 4094 MB offset 968386560
    21:46:22.942 Disk 0 scanning sectors +976771072
    21:46:23.085 Disk 0 scanning C:\Windows\system32\drivers
    21:46:43.348 Service scanning
    21:46:55.873 Service MpNWMon C:\Windows\system32\DRIVERS\MpNWMon.sys **LOCKED** 32
    21:47:13.734 Modules scanning
    21:47:17.517 Disk 0 trace - called modules:
    21:47:17.529 ntkrnlpa.exe CLASSPNP.SYS disk.sys PCTCore.sys acpi.sys hal.dll storport.sys nvstor32.sys
    21:47:17.534 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0x8695e5b0]
    21:47:17.539 3 CLASSPNP.SYS[8afcb8b3] -> nt!IofCallDriver -> [0x8695edb0]
    21:47:17.544 5 PCTCore.sys[8ae76407] -> nt!IofCallDriver -> [0x84d50d98]
    21:47:17.549 7 acpi.sys[8ac096bc] -> nt!IofCallDriver -> \Device\00000060[0x857817e0]
    21:47:19.935 AVAST engine scan C:\Windows
    21:47:27.543 AVAST engine scan C:\Windows\system32
    21:52:15.591 AVAST engine scan C:\Windows\system32\drivers
    21:52:44.236 AVAST engine scan C:\Users\Harveydf
    21:53:02.339 Verifying
    21:53:12.368 Disk 0 Windows 600 MBR fixed successfully
    21:53:23.335 Disk 0 MBR has been saved successfully to "C:\Users\Harveydf\Desktop\MBR.dat"
    21:53:23.341 The log file has been saved successfully to "C:\Users\Harveydf\Desktop\aswMBR.txt"
    22:04:21.513 AVAST engine scan C:\ProgramData
    22:07:14.731 Scan finished successfully
    22:07:31.972 Disk 0 MBR has been saved successfully to "C:\Users\Harveydf\Desktop\MBR.dat"
    22:07:31.978 The log file has been saved successfully to "C:\Users\Harveydf\Desktop\aswMBR2.txt"


    I got excited when it said it saved my mbr to the desktop and hit save file. Then it kept going. It did seem to be bothered.

    Bootkit Remover
    (c) 2009 Esage Lab
    www.esagelab.com

    Program version: 1.2.0.1
    OS Version: Microsoft Windows Vista Home Premium Edition Service Pack 2 (build 6
    002), 32-bit

    System volume is \\.\C:
    \\.\C: -> \\.\PhysicalDrive0 at offset 0x00000002`c1fb4000
    ATA_Read(): DeviceIoControl() ERROR 1
    Boot sector MD5 is: d026fa10f7a4253b255e05f63e8ef364

    Size Device Name MBR Status
    --------------------------------------------
    465 GB \\.\PhysicalDrive0 Unknown boot code

    Unknown boot code has been found on some of your physical disks.
    To inspect the boot code manually, dump the master boot sector:
    remover.exe dump <device_name> [output_file]
    To disinfect the master boot sector, use the following command:
    remover.exe fix <device_name>


    Done;
    Press any key to quit...
     
  9. harveydf

    harveydf TS Rookie Topic Starter Posts: 69

    Broni,
    I'm sorry, there was a message that popped up during the boot kit remover. It was "ATA_PASS_Through Direct is not supported by this controller. SCSI_ PASS-Through not supported by disk I/O. The SCSI pass through part I am paraphrasing. I also had to click the message.
     
  10. Broni

    Broni Malware Annihilator Posts: 52,915   +344

    That's fine.

    Please download ComboFix from Here or Here to your Desktop.

    **Note: In the event you already have Combofix, this is a new version that I need you to download. It is important that it is saved directly to your desktop**
    • Never rename Combofix unless instructed.
    • Close any open browsers.
    • Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.
    • Very Important! Temporarily disable your anti-virus, script blocking and any anti-malware real-time protection before performing a scan. They can interfere with ComboFix or remove some of its embedded files which may cause "unpredictable results".
    • Click on this link to see a list of programs that should be disabled. The list is not all inclusive. If yours is not listed and you don't know how to disable it, please ask.
    • Close any open browsers.
    • WARNING: Combofix will disconnect your machine from the Internet as soon as it starts
    • Please do not attempt to re-connect your machine back to the Internet until Combofix has completely finished.
    • If there is no internet connection after running Combofix, then restart your computer to restore back your connection.
    • Double click on combofix.exe & follow the prompts.

    • NOTE1. If Combofix asks you to install Recovery Console, please allow it.
      NOTE 2. If Combofix asks you to update the program, always do so.
    • When finished, it will produce a report for you.
    • Please post the "C:\ComboFix.txt"
    **Note 1: Do not mouseclick combofix's window while it's running. That may cause it to stall
    **Note 2 for AVG and CA Internet Security users: ComboFix will not run until AVG/CA Internet Security is uninstalled as a protective measure against the anti-virus. This is because AVG/CA Internet Security "falsely" detects ComboFix (or its embedded files) as a threat and may remove them resulting in the tool not working correctly which in turn can cause "unpredictable results". Since AVG/CA Internet Security cannot be effectively disabled before running ComboFix, the author recommends you to uninstall AVG/CA Internet Security first.
    Use AppRemover to uninstall it: http://www.appremover.com/
    We can reinstall it when we're done with CF.
    **Note 3: If you receive an error "Illegal operation attempted on a registery key that has been marked for deletion", restart computer to fix the issue.
    **Note 4: Some infections may take some significant time to be cured. As long as your computer clock is running Combofix is still working. Be patient.


    Make sure, you re-enable your security programs, when you're done with Combofix.

    ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
    ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

    NOTE.
    If, for some reason, Combofix refuses to run, try one of the following:

    1. Run Combofix from Safe Mode.

    2. Delete Combofix file, download fresh one, but rename combofix.exe to your_name.exe BEFORE saving it to your desktop.
    Do NOT run it yet.
    Please download and run the below tool named Rkill (courtesy of BleepingComputer.com) which may help allow other programs to run.
    There are 4 different versions. If one of them won't run then download and try to run the other one.
    Vista and Win7 users need to right click Rkill and choose Run as Administrator
    You only need to get one of these to run, not all of them. You may get warnings from your antivirus about this tool, ignore them or shutdown your antivirus.

    * Rkill.com
    * Rkill.scr
    * Rkill.exe
    • Double-click on the Rkill icon to run the tool.
    • If using Vista or Windows 7 right-click on it and choose Run As Administrator.
    • A black DOS box will briefly flash and then disappear. This is normal and indicates the tool ran successfully.
    • If not, delete the file, then download and use the one provided in Link 2.
    • If it does not work, repeat the process and attempt to use one of the remaining links until the tool runs.
    • Do not reboot until instructed.
    • If the tool does not run from any of the links provided, please let me know.
    Once you've gotten one of them to run, immediately run your_name.exe by double clicking on it.

    If normal mode still doesn't work, run BOTH tools from safe mode.

    In case #2, please post BOTH logs, rKill and Combofix.

    DO NOT make any other changes to your computer (like installing programs, using other cleaning tools, etc.), until it's officially declared clean!!!
     
  11. harveydf

    harveydf TS Rookie Topic Starter Posts: 69

    Broni,



    All went well running Combo Fix. MSE kept giving me the message that “you have security issues that need addressed”

    but, I just left that alone and let Combo Fix do its thing. After the log was posted, I saved a copy to the desktop

    and started to turn my security on. MSE turned on but PC Tools is not in the tray.




    ComboFix 12-04-03.02 - Harveydf 04/03/2012 14:25:13.2.4 - x86
    Microsoft® Windows Vista™ Home Premium 6.0.6002.2.1252.1.1033.18.3326.2218 [GMT -7:00]
    Running from: c:\users\Harveydf\Desktop\H_D_F.exe
    AV: Microsoft Security Essentials *Disabled/Updated* {108DAC43-C256-20B7-BB05-914135DA5160}
    SP: Microsoft Security Essentials *Disabled/Updated* {ABEC4DA7-E46C-2F39-81B5-AA334E5D1BDD}
    SP: PC Tools Spyware Doctor *Disabled/Updated* {94076BB2-F3DA-227F-9A1E-F060FF73600F}
    SP: Windows Defender *Disabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
    .
    .
    ((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
    .
    .
    c:\windows\system32\grpconv.exe was missing
    Restored copy from - c:\windows\winsxs\x86_microsoft-windows-

    grpconv_31bf3856ad364e35_6.0.6000.16386_none_a05162e240c2c82b\grpconv.exe
    .
    .
    ((((((((((((((((((((((((( Files Created from 2012-03-03 to 2012-04-03 )))))))))))))))))))))))))))))))
    .
    .
    2012-04-03 21:35 . 2012-04-03 21:36 -------- d-----w- c:\users\Harveydf\AppData\Local\temp
    2012-04-03 21:35 . 2012-04-03 21:35 -------- d-----w- c:\users\Public\AppData\Local\temp
    2012-04-03 21:35 . 2012-04-03 21:35 -------- d-----w- c:\users\Default\AppData\Local\temp
    2012-04-03 21:35 . 2012-04-03 21:35 -------- d-----w- c:\users\AppData\AppData\Local\temp
    2012-04-03 21:35 . 2006-11-02 09:45 16896 ----a-w- c:\windows\system32\grpconv.exe
    2012-04-02 02:47 . 2012-03-14 02:15 6582328 ----a-w- c:\programdata\Microsoft\Microsoft

    Antimalware\Definition Updates\{31E55EC4-127B-4061-97A7-9C04D48E4EAF}\mpengine.dll
    2012-04-01 20:58 . 2012-04-01 20:58 -------- d-----w- C:\TDSSKiller_Quarantine
    2012-03-26 18:37 . 2012-03-26 18:37 -------- d-----w- c:\program files\ESET
    2012-03-26 11:53 . 2012-04-02 00:15 -------- d-----w- c:\windows\ERDNT2
    2012-03-26 11:52 . 2012-03-26 11:52 -------- d-----w- c:\program files\ERUNT2
    2012-03-24 21:58 . 2012-03-24 22:00 -------- d-----w- c:\windows\Symbols
    2012-03-24 15:43 . 2012-03-24 15:43 -------- d-----w- C:\AMD
    2012-03-24 07:10 . 2012-03-24 07:10 -------- d-----w- c:\users\Harveydf\AppData\Roaming\DAEMON

    Tools
    2012-03-23 17:01 . 2012-03-23 17:01 -------- d-----w- c:\programdata\Microsoft Symbols for Visual

    Studio and Process Explorer
    2012-03-23 16:58 . 2012-03-23 16:58 -------- d-----w- c:\users\Harveydf\Microsoft Symbols for

    Visual Studio and Process Explorer
    2012-03-23 10:54 . 2012-03-23 11:10 -------- d-----w- c:\program files\BenchMark Tools
    2012-03-23 09:08 . 2012-03-23 09:33 -------- d-----w- c:\program files\CrystalDiskInfo
    2012-03-22 17:55 . 2009-08-20 07:50 22872 ----a-r- c:\windows\system32\AdobePDFUI.dll
    2012-03-22 17:52 . 2012-01-03 16:22 103864 ----a-w- c:\program files\Mozilla Firefox\plugins\nppdf32.dll
    2012-03-22 13:13 . 2012-03-22 14:09 -------- d-----w- c:\program files\7-Zip
    2012-03-22 08:48 . 2012-03-24 13:52 -------- d-----w- c:\users\Harvey Standard
    2012-03-21 15:32 . 2012-03-21 15:32 -------- d-----w- c:\users\Harveydf\AppData\Roaming\GlarySoft
    2012-03-21 15:32 . 2012-03-21 15:32 -------- d-----w- c:\program files\Glary Undelete
    2012-03-18 20:39 . 2012-03-14 02:15 6582328 ----a-w- c:\programdata\Microsoft\Microsoft

    Antimalware\Definition Updates\Backup\mpengine.dll
    2012-03-17 17:42 . 2012-03-17 17:42 713784 ------w- c:\programdata\Microsoft\Microsoft

    Antimalware\Definition Updates\{5F54698D-55CD-4254-9766-493841D8D863}\gapaengine.dll
    2012-03-17 17:13 . 2012-03-17 17:13 -------- d-----w- c:\program files\Microsoft Security Client
    2012-03-17 17:12 . 2010-04-05 20:00 221568 ----a-w- c:\windows\system32\drivers\netio.sys
    2012-03-17 08:34 . 2012-03-29 01:08 -------- d-----w- C:\.Trash-0
    2012-03-17 00:40 . 2012-03-17 00:41 -------- d-----w-

    c:\users\Harveydf\AppData\Roaming\GetRightToGo
    2012-03-17 00:04 . 2012-03-17 00:04 14664 ----a-w- c:\windows\stinger.sys
    2012-03-17 00:04 . 2012-04-01 21:09 -------- d-----w- c:\program files\stinger
    2012-03-16 19:02 . 2012-03-24 13:02 -------- d-----w- C:\BackSys
    2012-03-16 15:22 . 2012-03-16 15:37 24416 ----a-w- c:\windows\system32\drivers\regguard.sys
    2012-03-16 15:11 . 2012-03-16 15:11 39184 ----a-w- c:\windows\system32\Partizan.exe
    2012-03-16 15:11 . 2012-03-16 15:11 35816 ----a-w- c:\windows\system32\drivers\Partizan.sys
    2012-03-16 15:10 . 2012-03-16 15:10 2 --shatr- c:\windows\winstart.bat
    2012-03-16 15:10 . 2012-01-24 00:01 12800 ----a-w- c:\windows\system32\drivers\UnHackMeDrv.sys
    2012-03-16 10:26 . 2012-03-16 10:26 -------- d-----w- c:\users\Harveydf\AppData\Roaming\VSRevoGroup
    2012-03-16 09:06 . 2012-03-16 09:06 592824 ----a-w- c:\program files\Mozilla Firefox\gkmedias.dll
    2012-03-16 09:06 . 2012-03-16 09:06 44472 ----a-w- c:\program files\Mozilla Firefox\mozglue.dll
    2012-03-15 13:22 . 2012-03-15 13:35 -------- d-----w- c:\users\Harveydf\AppData\Roaming\Registry

    Mechanic
    2012-03-15 12:54 . 2011-12-12 21:07 512472 ----a-w- c:\windows\system32\msxml.dll
    2012-03-15 12:54 . 2011-12-12 21:07 37336 ----a-w- c:\windows\system32\CleanMFT32.exe
    2012-03-15 01:12 . 2011-12-01 23:07 909728 ----a-w- c:\windows\system32\drivers\pctEFA.sys
    2012-03-15 01:12 . 2011-12-01 23:07 342168 ----a-w- c:\windows\system32\drivers\pctDS.sys
    2012-03-15 01:12 . 2011-11-14 22:12 331880 ----a-w- c:\windows\system32\drivers\PCTCore.sys
    2012-03-15 01:12 . 2011-11-14 22:12 162584 ----a-w- c:\windows\system32\drivers\PCTAppEvent.sys
    2012-03-15 01:12 . 2012-03-15 12:54 -------- d-----w- c:\program files\Common Files\PC Tools
    2012-03-15 01:12 . 2012-02-24 17:36 185560 ----a-w- c:\windows\system32\drivers\PCTSD.sys
    2012-03-15 01:07 . 2012-03-15 08:38 -------- d-----w- c:\programdata\PC Tools
    2012-03-15 01:07 . 2012-03-15 01:07 -------- d-----w- c:\users\Harveydf\AppData\Roaming\TestApp
    2012-03-13 23:40 . 2012-02-02 15:16 2044416 ----a-w- c:\windows\system32\win32k.sys
    2012-03-13 23:40 . 2012-02-14 15:45 219648 ----a-w- c:\windows\system32\d3d10_1core.dll
    2012-03-13 23:40 . 2012-02-14 15:45 160768 ----a-w- c:\windows\system32\d3d10_1.dll
    2012-03-13 23:40 . 2012-02-13 14:12 1172480 ----a-w- c:\windows\system32\d3d10warp.dll
    2012-03-13 23:40 . 2012-02-13 13:47 683008 ----a-w- c:\windows\system32\d2d1.dll
    2012-03-13 23:40 . 2012-02-13 13:44 1068544 ----a-w- c:\windows\system32\DWrite.dll
    2012-03-13 23:40 . 2012-01-31 10:59 2409784 ----a-w- c:\program files\Windows Mail\OESpamFilter.dat
    2012-03-13 21:39 . 2012-04-02 00:45 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
    2012-03-13 21:39 . 2011-12-10 22:24 20464 ----a-w- c:\windows\system32\drivers\mbam.sys
    2012-03-13 20:04 . 2012-01-09 15:54 613376 ----a-w- c:\windows\system32\rdpencom.dll
    2012-03-13 20:04 . 2012-01-09 13:58 180736 ----a-w- c:\windows\system32\drivers\rdpwd.sys
    2012-03-11 23:58 . 2012-03-12 00:02 -------- d-----w- c:\users\Harveydf\AppData\Roaming\LogView
    2012-03-11 23:28 . 2011-02-08 21:13 58496 ----a-w- c:\windows\system32\drivers\silabser.sys
    2012-03-11 20:32 . 2012-03-11 20:32 -------- d-----w-

    c:\users\Harveydf\AppData\Local\ElevatedDiagnostics
    2012-03-11 18:57 . 2009-07-14 17:45 445008 ----a-w- c:\windows\system32\drivers\Wdf01000.sys
    2012-03-11 18:57 . 2009-07-14 17:45 38480 ----a-w- c:\windows\system32\drivers\WdfLdr.sys
    2012-03-11 18:53 . 2012-03-11 18:53 -------- d-----w- c:\program files\Silabs
    2012-03-11 18:49 . 2011-10-14 23:13 47176 ----a-w- c:\windows\system32\drivers\silabenm.sys
    2012-03-11 18:49 . 2011-10-14 23:13 1461992 ----a-w- c:\windows\system32\WdfCoinstaller01009.dll
    2012-03-11 12:47 . 2012-03-11 12:52 -------- d-----w- c:\users\Harveydf\AppData\Roaming\EurekaLog
    2012-03-11 12:47 . 2012-03-14 03:08 -------- d-----w- c:\program files\LogView V2
    2012-03-11 12:26 . 2009-08-10 06:36 1112288 ----a-w- c:\windows\system32\WdfCoinstaller01007.dll
    2012-03-11 12:26 . 2012-03-11 12:26 -------- d-----w- c:\program files\Junsi
    2012-03-11 12:25 . 2012-03-11 12:26 -------- d-----w- c:\windows\system32\Silabs
    .
    .
    .
    (((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
    .
    2012-03-16 09:14 . 2011-06-01 07:45 414368 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
    2012-02-19 08:29 . 2010-07-30 05:46 472808 ----a-w- c:\windows\system32\deployJava1.dll
    2012-02-15 03:47 . 2012-02-15 03:47 9182208 ----a-w- c:\windows\system32\drivers\atikmdag.sys
    2012-02-15 03:18 . 2012-02-15 03:18 159744 ----a-w- c:\windows\system32\atiapfxx.exe
    2012-02-15 03:18 . 2011-01-27 06:00 791040 ----a-w- c:\windows\system32\aticfx32.dll
    2012-02-15 03:13 . 2012-02-15 03:13 442368 ----a-w- c:\windows\system32\ATIDEMGX.dll
    2012-02-15 03:13 . 2012-02-15 03:13 405504 ----a-w- c:\windows\system32\atieclxx.exe
    2012-02-15 03:12 . 2012-02-15 03:12 163328 ----a-w- c:\windows\system32\atiesrxx.exe
    2012-02-15 03:11 . 2012-02-15 03:11 159744 ----a-w- c:\windows\system32\atitmmxx.dll
    2012-02-15 03:10 . 2012-02-15 03:10 20992 ----a-w- c:\windows\system32\atimuixx.dll
    2012-02-15 03:10 . 2012-02-15 03:10 43520 ----a-w- c:\windows\system32\ati2edxx.dll
    2012-02-15 03:07 . 2011-11-10 11:06 6200320 ----a-w- c:\windows\system32\atidxx32.dll
    2012-02-15 02:58 . 2012-02-15 02:58 19392000 ----a-w- c:\windows\system32\atioglxx.dll
    2012-02-15 02:40 . 2012-02-15 02:40 1828864 ----a-w- c:\windows\system32\atiumdmv.dll
    2012-02-15 02:34 . 2012-02-15 02:34 46080 ----a-w- c:\windows\system32\aticalrt.dll
    2012-02-15 02:34 . 2012-02-15 02:34 44032 ----a-w- c:\windows\system32\aticalcl.dll
    2012-02-15 02:34 . 2007-11-24 00:38 5954048 ----a-w- c:\windows\system32\atiumdag.dll
    2012-02-15 02:29 . 2012-02-15 02:29 5062656 ----a-w- c:\windows\system32\atiumdva.dll
    2012-02-15 02:29 . 2012-02-15 02:29 11561984 ----a-w- c:\windows\system32\aticaldd.dll
    2012-02-15 02:16 . 2011-01-27 05:20 51200 ----a-w- c:\windows\system32\coinst.dll
    2012-02-15 02:13 . 2012-02-15 02:13 356352 ----a-w- c:\windows\system32\atiadlxx.dll
    2012-02-15 02:13 . 2012-02-15 02:13 14336 ----a-w- c:\windows\system32\atiglpxx.dll
    2012-02-15 02:13 . 2012-02-15 02:13 33280 ----a-w- c:\windows\system32\atigktxx.dll
    2012-02-15 02:12 . 2012-02-15 02:12 264704 ----a-w- c:\windows\system32\drivers\atikmpag.sys
    2012-02-15 02:12 . 2011-11-10 10:11 33280 ----a-w- c:\windows\system32\atiuxpag.dll
    2012-02-15 02:12 . 2011-01-27 05:12 30208 ----a-w- c:\windows\system32\atiu9pag.dll
    2012-02-15 02:11 . 2011-01-27 05:12 37376 ----a-w- c:\windows\system32\atitmpxx.dll
    2012-02-15 02:11 . 2012-02-15 02:11 53248 ----a-w- c:\windows\system32\drivers\ati2erec.dll
    2012-02-15 02:11 . 2012-02-15 02:11 53760 ----a-w- c:\windows\system32\atimpc32.dll
    2012-02-15 02:11 . 2012-02-15 02:11 53760 ----a-w- c:\windows\system32\amdpcom32.dll
    2012-01-31 12:44 . 2011-05-25 10:32 237072 ------w- c:\windows\system32\MpSigStub.exe
    2012-01-28 23:07 . 2010-08-17 05:37 205984 ----a-w- c:\programdata\Microsoft\VBExpress\10.0\1033

    \ResourceCache.dll
    2012-03-16 09:06 . 2011-11-12 02:03 97208 ----a-w- c:\program files\mozilla

    firefox\components\browsercomps.dll
    2007-08-24 11:52 . 2008-02-19 16:21 300400 ----a-w- c:\program files\mozilla

    firefox\components\coFFPlgn.dll
    2011-04-14 21:01 . 2011-08-16 07:36 24376 ----a-w- c:\program files\mozilla

    firefox\components\Scriptff.dll
    .
    .
    ((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
    .
    .
    *Note* empty entries & legit default entries are not shown
    REGEDIT4
    .
    [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "WMPNSCFG"="c:\program files\Windows Media Player\WMPNSCFG.exe" [2008-01-19 202240]
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "MSC"="c:\program files\Microsoft Security Client\msseces.exe" [2011-06-15 997920]
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
    "EnableUIADesktopToggle"= 0 (0x0)
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\explorer]
    "MemCheckBoxInRunDlg"= 1 (0x1)
    .
    [HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]
    BootExecute REG_MULTI_SZ autocheck autochk *\0Partizan
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MCODS]
    @=""
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MsMpSvc]
    @="Service"
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\sdAuxService]
    @="Service"
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\sdCoreService]
    @="Service"
    .
    [HKLM\~\startupfolder\C:^Users^Harveydf^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^ERUNT

    AutoBackup.lnk]
    backup=c:\windows\pss\ERUNT AutoBackup.lnk.Startup
    backupExtension=.Startup
    .
    [HKLM\~\startupfolder\C:^Users^Harveydf^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^HotSync

    Manager.lnk]
    backup=c:\windows\pss\HotSync Manager.lnk.Startup
    backupExtension=.Startup
    HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher
    HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Malwarebytes Anti-Malware (reboot)
    HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Malwarebytes' Anti-Malware
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Google Update]
    2010-09-03 17:36 136176 ----atw- c:\users\Harveydf\AppData\Local\Google\Update\GoogleUpdate.exe
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper]
    2011-06-08 00:51 421160 ----a-w- c:\program files\iTunes\iTunesHelper.exe
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Power2GoExpress]
    2010-09-03 17:36 136176 ----atw- c:\users\Harveydf\AppData\Local\Google\Update\GoogleUpdate.exe
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
    2010-11-30 00:38 421888 ----a-w- c:\program files\QuickTime\QTTask.exe
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring]
    "DisableMonitoring"=dword:00000001
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
    "DisableMonitoring"=dword:00000001
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
    "DisableMonitoring"=dword:00000001
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\security center\Svc\S-1-5-21-3010283643-4083402107-944152190-1000]
    "EnableNotificationsRef"=dword:00000001
    .
    R1 6594252drv;6594252drv;c:\windows\system32\DRIVERS\6594252drv.sys [2011-08-13 489048]
    R3 Adobe Version Cue CS4;Adobe Version Cue CS4;c:\program files\Common Files\Adobe\Adobe Version Cue CS4

    \Server\bin\VersionCueCS4.exe [2010-03-31 288112]
    .
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
    HPZ12 REG_MULTI_SZ Pml Driver HPZ12 Net Driver HPZ12
    hpdevmgmt REG_MULTI_SZ hpqcxs08 hpqddsvc
    LocalServiceAndNoImpersonation REG_MULTI_SZ FontCache
    .
    Contents of the 'Scheduled Tasks' folder
    .
    2011-08-11 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
    - c:\program files\Google\Update\GoogleUpdate.exe [2010-02-11 15:59]
    .
    2011-08-11 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
    - c:\program files\Google\Update\GoogleUpdate.exe [2010-02-11 15:59]
    .
    2011-08-10 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3010283643-4083402107-944152190-1000Core.job
    - c:\users\Harveydf\AppData\Local\Google\Update\GoogleUpdate.exe [2010-09-03 17:36]
    .
    2011-08-11 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3010283643-4083402107-944152190-1000UA.job
    - c:\users\Harveydf\AppData\Local\Google\Update\GoogleUpdate.exe [2010-09-03 17:36]
    .
    .
    ------- Supplementary Scan -------
    .
    uStart Page = hxxp://att.my.yahoo.com/?_bc=1
    uInternet Settings,ProxyOverride = *.local
    uSearchURL,(Default) = hxxp://www.google.com/keyword/%s
    IE: Append Link Target to Existing PDF - c:\program files\Common

    Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
    IE: Append to Existing PDF - c:\program files\Common

    Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppend.html
    IE: Convert Link Target to Adobe PDF - c:\program files\Common

    Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
    IE: Convert to Adobe PDF - c:\program files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIECapture.html
    IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~3\Office12\EXCEL.EXE/3000
    LSP: c:\program files\Common Files\PC Tools\Lsp\PCTLsp.dll
    Trusted Zone: intuit.com\ttlc
    Trusted Zone: turbotax.com
    TCP: DhcpNameServer = 192.168.1.254
    FF - ProfilePath - c:\users\Harveydf\AppData\Roaming\Mozilla\Firefox\Profiles\lppj4d9t.default\
    FF - prefs.js: browser.search.selectedEngine - Startpage
    FF - prefs.js: browser.startup.homepage - hxxp://att.my.yahoo.com/
    FF - prefs.js: network.proxy.type - 0
    .
    - - - - ORPHANS REMOVED - - - -
    .
    HKCU-Run-AdobeBridge - (no file)
    SafeBoot-18602556.sys
    AddRemove-NirSoft VideoCacheView - c:\program files\NirSoft\VideoCacheView\uninst.exe
    AddRemove-SLABCOMM&10C4&EA60 - c:\program files\Junsi\driver\usb\DriverUninstaller.exe VCP CP210x

    Cardinal\SLABCOMM&10C4&EA60
    AddRemove-Move Networks Player - IE - c:\users\Harveydf\AppData\Roaming\Move Networks\ie_bin\Uninst.exe
    .
    .
    .
    **************************************************************************
    scanning hidden processes ...
    .
    scanning hidden autostart entries ...
    .
    scanning hidden files ...
    .
    scan completed successfully
    hidden files:
    .
    **************************************************************************
    .
    --------------------- LOCKED REGISTRY KEYS ---------------------
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
    @Denied: (A) (Users)
    @Denied: (A) (Everyone)
    @Allowed: (B 1 2 3 4 5) (S-1-5-20)
    "BlindDial"=dword:00000000
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Enum\DISPLAY\Default_Monitor\5&7f237b6&0&UID268435456\Properties\{83da6326-

    97a6-4088-9453-a1923f573b29}]
    @DACL=(02 0000)
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Enum\DISPLAY\Default_Monitor\5&7f237b6&0&UID268435456\Properties\{a8b865dd-

    2e3d-4094-ad97-e593a70c75d6}]
    @DACL=(02 0000)
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Enum\DISPLAY\GWY077A\5&7f237b6&0&UID268435460\Properties\{83da6326-97a6-

    4088-9453-a1923f573b29}]
    @DACL=(02 0000)
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Enum\DISPLAY\GWY077A\5&7f237b6&0&UID268435460\Properties\{a8b865dd-2e3d-

    4094-ad97-e593a70c75d6}]
    @DACL=(02 0000)
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Enum\DISPLAY\GWY077B\5&7f237b6&0&UID268435456\Properties\{83da6326-97a6-

    4088-9453-a1923f573b29}]
    @DACL=(02 0000)
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Enum\DISPLAY\GWY077B\5&7f237b6&0&UID268435456\Properties\{a8b865dd-2e3d-

    4094-ad97-e593a70c75d6}]
    @DACL=(02 0000)
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Enum\DISPLAY\PHL0018\5&7f237b6&0&UID268435456\Properties\{83da6326-97a6-

    4088-9453-a1923f573b29}]
    @DACL=(02 0000)
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Enum\DISPLAY\PHL0018\5&7f237b6&0&UID268435456\Properties\{a8b865dd-2e3d-

    4094-ad97-e593a70c75d6}]
    @DACL=(02 0000)
    .
    --------------------- DLLs Loaded Under Running Processes ---------------------
    .
    - - - - - - - > 'Explorer.exe'(3268)
    c:\program files\Common Files\Adobe\Adobe Drive CS4\AdobeDriveCS4_NP.dll
    .
    ------------------------ Other Running Processes ------------------------
    .
    c:\program files\Microsoft Security Client\Antimalware\MsMpEng.exe
    c:\windows\system32\atiesrxx.exe
    c:\windows\system32\atieclxx.exe
    c:\program files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
    c:\program files\Common Files\PC Tools\sMonitor\StartManSvc.exe
    c:\windows\system32\DRIVERS\xaudio.exe
    c:\windows\system32\WUDFHost.exe
    c:\program files\Windows Media Player\wmpnetwk.exe
    c:\program files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
    c:\windows\servicing\TrustedInstaller.exe
    .
    **************************************************************************
    .
    Completion time: 2012-04-03 14:44:02 - machine was rebooted
    ComboFix-quarantined-files.txt 2012-04-03 21:43
    .
    Pre-Run: 221,744,037,888 bytes free
    Post-Run: 222,130,561,024 bytes free
    .
    - - End Of File - - FEE5E1338BE6A0D6E28B5AC5739BF472
     
  12. Broni

    Broni Malware Annihilator Posts: 52,915   +344

    Please disable "word wrap in Notepad as your logs are hard to read.

    Combofix log looks good.

    How is computer doing?

    Download OTL to your Desktop.

    • Double click on the icon to run it. Make sure all other windows are closed and to let it run uninterrupted.
    • Click the Scan All Users checkbox.
    • Under the Custom Scan box paste this in:


    netsvcs
    drivers32
    %SYSTEMDRIVE%\*.*
    %systemroot%\Fonts\*.com
    %systemroot%\Fonts\*.dll
    %systemroot%\Fonts\*.ini
    %systemroot%\Fonts\*.ini2
    %systemroot%\Fonts\*.exe
    %systemroot%\system32\spool\prtprocs\w32x86\*.*
    %systemroot%\REPAIR\*.bak1
    %systemroot%\REPAIR\*.ini
    %systemroot%\system32\*.jpg
    %systemroot%\*.jpg
    %systemroot%\*.png
    %systemroot%\*.scr
    %systemroot%\*._sy
    %APPDATA%\Adobe\Update\*.*
    %ALLUSERSPROFILE%\Favorites\*.*
    %APPDATA%\Microsoft\*.*
    %PROGRAMFILES%\*.*
    %APPDATA%\Update\*.*
    %systemroot%\*. /mp /s
    CREATERESTOREPOINT
    %systemroot%\System32\config\*.sav
    %PROGRAMFILES%\bak. /s
    %systemroot%\system32\bak. /s
    %ALLUSERSPROFILE%\Start Menu\*.lnk /x
    %systemroot%\system32\config\systemprofile\*.dat /x
    %systemroot%\*.config
    %systemroot%\system32\*.db
    %APPDATA%\Microsoft\Internet Explorer\Quick Launch\*.lnk /x
    %USERPROFILE%\Desktop\*.exe
    %PROGRAMFILES%\Common Files\*.*
    %systemroot%\*.src
    %systemroot%\install\*.*
    %systemroot%\system32\DLL\*.*
    %systemroot%\system32\HelpFiles\*.*
    %systemroot%\tasks\*.*
    %systemroot%\system32\rundll\*.*
    %systemroot%\winn32\*.*
    %systemroot%\Java\*.*
    %systemroot%\system32\test\*.*
    %systemroot%\system32\Rundll32\*.*
    %systemroot%\AppPatch\Custom\*.*
    %APPDATA%\Roaming\Microsoft\Windows\Recent\*.lnk /x
    %PROGRAMFILES%\PC-Doctor\Downloads\*.*
    %PROGRAMFILES%\Internet Explorer\*.tmp
    %PROGRAMFILES%\Internet Explorer\*.dat
    %USERPROFILE%\My Documents\*.exe
    %USERPROFILE%\*.exe
    %systemroot%\ADDINS\*.*
    %systemroot%\assembly\*.bak2
    %systemroot%\Config\*.*
    %systemroot%\REPAIR\*.bak2
    %systemroot%\SECURITY\Database\*.sdb /x
    %systemroot%\SYSTEM\*.bak2
    %systemroot%\Web\*.bak2
    %systemroot%\Driver Cache\*.*
    %PROGRAMFILES%\Mozilla Firefox\0*.exe
    %ProgramFiles%\Microsoft Common\*.*
    %ProgramFiles%\TinyProxy.
    %USERPROFILE%\Favorites\*.url /x
    %systemroot%\system32\*.bk
    %systemroot%\*.te
    %systemroot%\system32\system32\*.*
    %ALLUSERSPROFILE%\*.dat /x
    %systemroot%\system32\drivers\*.rmv
    dir /b "%systemroot%\system32\*.exe" | find /i " " /c
    dir /b "%systemroot%\*.exe" | find /i " " /c
    %PROGRAMFILES%\Microsoft\*.*
    %systemroot%\System32\Wbem\proquota.exe
    %PROGRAMFILES%\Mozilla Firefox\*.dat
    %USERPROFILE%\Cookies\*.txt /x
    %SystemRoot%\system32\fonts\*.*
    %systemroot%\system32\winlog\*.*
    %systemroot%\system32\Language\*.*
    %systemroot%\system32\Settings\*.*
    %systemroot%\system32\*.quo
    %SYSTEMROOT%\AppPatch\*.exe
    %SYSTEMROOT%\inf\*.exe
    %SYSTEMROOT%\Installer\*.exe
    %systemroot%\system32\config\*.bak2
    %systemroot%\system32\Computers\*.*
    %SystemRoot%\system32\Sound\*.*
    %SystemRoot%\system32\SpecialImg\*.*
    %SystemRoot%\system32\code\*.*
    %SystemRoot%\system32\draft\*.*
    %SystemRoot%\system32\MSSSys\*.*
    %ProgramFiles%\Javascript\*.*
    %systemroot%\pchealth\helpctr\System\*.exe /s
    %systemroot%\Web\*.exe
    %systemroot%\system32\msn\*.*
    %systemroot%\system32\*.tro
    %AppData%\Microsoft\Installer\msupdates\*.*
    %ProgramFiles%\Messenger\*.*
    %systemroot%\system32\systhem32\*.*
    %systemroot%\system\*.exe
    HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate\AU
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\Auto Update\Results\Install|LastSuccessTime /rs
    /md5start
    /md5stop


    • Click the Quick Scan button. Do not change any settings unless otherwise told to do so. The scan wont take long.
    • When the scan completes, it will open two notepad windows: OTL.txt and Extras.txt. These are saved in the same location as OTL.
    • Please copy (Edit->Select All, Edit->Copy) the contents of these files, one at a time, and post them back here.
     
  13. harveydf

    harveydf TS Rookie Topic Starter Posts: 69

    Broni,
    Good day! I hope the weather in Daly City is as ours in Santa Rosa and you get to enjoy a little bit of the sun’s rays. I appreciate the work you do. Thank you very much.
    I read and re-read your directions before disconnecting from the internet. I double clicked on the OTL icon twice, nothing happened. Therefore, I right clicked and open as administrator; I pasted the clipboard into special scans and created the first scan. No other programs were running and it ran uninterrupted. I was confused about the first scan not knowing whether to download a fresh copy of OTL or just open it and do another scan. I chose to just do another scan and name it OTL2.
    I re-read your instructions and thought about the question, “How is the computer running.” I have not been using it much, just to fire it up, and log on, and then send you the files, and log off as quickly as possible. I worked until late last night, but when I came home, I decided to use the computer and watch for clues. I watched some videos on Youtube and decided to try Procmon and Filemon, I already had Process Explorer running watching processes. I noticed some Cswitch deltas for crsss.exe that when I tried to look at it, access was denied and it did not have a company name associated with it. Another process called “system,” had no private bytes and it gave me the same message, and no company name. I am too new to these programs to know what this means particularly; however, I have watched most all of the videos out there. With Procmon and Filemon, I have no experience, but since I have the suite on my desktop I decide to have a look at each. The information was overwhelming. I did configure Procmon to log the boot and saved the file, again it too much information for me at my stage of understanding. I am telling you this because maybe there is something useful in what I am saying.
    This afternoon, I logged on and checked my security tools. I opened PC Tools and it said it was not configured to run, so I started it and ran a quick scan. It reported 21 detections of Trogen-Downloader.Murlo with 345 infections. One other Trogen.Generic and two suspicious clouds. I clicked disinfected and it asked for a re-boot. It re-booted and rescanned with nothing found. I started a complete scan and it is going now.
    Here are my logs. P.S. I’m curious about the alternate data streams at the end of the first scan and where OTL logfile 1 went. Also, I have never used Acronis.
    Update 1405 hrs 32% into full scan with PC Tools list 4 detections of HeurEngine.ZeroDayThreat.

    OTL logfile created on: 4/3/2012 5:54:30 PM - Run 2
    OTL by OldTimer - Version 3.2.39.2 Folder = C:\Users\Harveydf\Desktop
    Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation
    Internet Explorer (Version = 9.0.8112.16421)
    Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

    3.25 Gb Total Physical Memory | 2.16 Gb Available Physical Memory | 66.43% Memory free
    7.67 Gb Paging File | 6.74 Gb Available in Paging File | 87.90% Paging File free
    Paging file location(s): c:\pagefile.sys 4603 4603 [binary data]

    %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
    Drive C: | 324.26 Gb Total Space | 205.88 Gb Free Space | 63.49% Space Free | Partition Type: NTFS
    Drive D: | 11.03 Gb Total Space | 4.23 Gb Free Space | 38.38% Space Free | Partition Type: NTFS
    Drive K: | 24.41 Gb Total Space | 24.32 Gb Free Space | 99.63% Space Free | Partition Type: NTFS

    Computer Name: HARVEYDF-PC | User Name: Harveydf | Logged in as Administrator.
    Boot Mode: Normal | Scan Mode: All users | Quick Scan
    Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

    ========== Processes (SafeList) ==========

    PRC - [2012/04/03 17:47:02 | 000,593,920 | ---- | M] (OldTimer Tools) -- C:\Users\Harveydf\Desktop\OTL.exe
    PRC - [2012/02/14 20:13:20 | 000,405,504 | ---- | M] (AMD) -- C:\Windows\System32\atieclxx.exe
    PRC - [2012/02/14 20:12:48 | 000,163,328 | ---- | M] (AMD) -- C:\Windows\System32\atiesrxx.exe
    PRC - [2011/12/12 14:07:00 | 000,793,048 | ---- | M] (PC Tools) -- C:\Program Files\Common Files\PC Tools\sMonitor\StartManSvc.exe
    PRC - [2011/06/15 15:16:48 | 000,997,920 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Microsoft Security Client\msseces.exe
    PRC - [2011/04/27 15:39:26 | 000,208,944 | ---- | M] (Microsoft Corporation) -- c:\Program Files\Microsoft Security Client\Antimalware\NisSrv.exe
    PRC - [2011/04/27 15:39:26 | 000,011,736 | ---- | M] (Microsoft Corporation) -- c:\Program Files\Microsoft Security Client\Antimalware\MsMpEng.exe
    PRC - [2010/01/09 13:37:48 | 000,655,624 | ---- | M] (Acresso Software Inc.) -- C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
    PRC - [2009/04/10 23:27:36 | 002,926,592 | ---- | M] (Microsoft Corporation) -- C:\Windows\explorer.exe


    ========== Modules (No Company Name) ==========

    MOD - [2012/02/14 19:11:36 | 000,037,376 | ---- | M] () -- C:\Windows\System32\atitmpxx.dll
    MOD - [2007/05/22 10:59:22 | 000,128,512 | ---- | M] () -- C:\Program Files\WinRAR\RarExt.dll


    ========== Win32 Services (SafeList) ==========

    SRV - File not found [Disabled | Stopped] -- C:\Users\Harveydf\AppData\Local\Temp\OJ.exe -- (OJ)
    SRV - File not found [Disabled | Stopped] -- C:\Users\Harveydf\AppData\Local\Temp\NBISZU.exe -- (NBISZU)
    SRV - File not found [Disabled | Stopped] -- C:\Users\Harveydf\AppData\Local\Temp\MJLVASR.exe -- (MJLVASR)
    SRV - File not found [On_Demand | Stopped] -- C:\Program Files\iPod\bin\iPodService.exe -- (iPod Service)
    SRV - File not found [Disabled | Stopped] -- C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe -- (AOL ACS)
    SRV - [2012/02/24 10:36:06 | 001,117,624 | ---- | M] (PC Tools) [On_Demand | Stopped] -- C:\Program Files\PC Tools\PC Tools Security\pctsSvc.exe -- (sdCoreService)
    SRV - [2012/02/24 09:16:12 | 000,402,336 | ---- | M] (PC Tools) [On_Demand | Stopped] -- C:\Program Files\PC Tools\PC Tools Security\pctsAuxs.exe -- (sdAuxService)
    SRV - [2012/02/24 09:16:08 | 000,071,008 | ---- | M] (PC Tools) [On_Demand | Stopped] -- C:\Program Files\PC Tools\PC Tools Security\TFEngine\TFService.exe -- (ThreatFire)
    SRV - [2012/02/14 20:12:48 | 000,163,328 | ---- | M] (AMD) [Auto | Running] -- C:\Windows\System32\atiesrxx.exe -- (AMD External Events Utility)
    SRV - [2011/12/12 14:07:00 | 000,793,048 | ---- | M] (PC Tools) [Auto | Running] -- C:\Program Files\Common Files\PC Tools\sMonitor\StartManSvc.exe -- (PCToolsSSDMonitorSvc)
    SRV - [2011/04/27 15:39:26 | 000,208,944 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- c:\Program Files\Microsoft Security Client\Antimalware\NisSrv.exe -- (NisSrv)
    SRV - [2011/04/27 15:39:26 | 000,011,736 | ---- | M] (Microsoft Corporation) [Auto | Running] -- c:\Program Files\Microsoft Security Client\Antimalware\MsMpEng.exe -- (MsMpSvc)
    SRV - [2010/08/23 21:21:40 | 000,013,672 | ---- | M] (Intuit Inc.) [On_Demand | Stopped] -- C:\Program Files\Common Files\Intuit\Update Service\IntuitUpdateService.exe -- (IntuitUpdateService)
    SRV - [2010/03/30 21:47:31 | 000,288,112 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Program Files\Common Files\Adobe\Adobe Version Cue CS4\Server\bin\VersionCueCS4.exe -- (Adobe Version Cue CS4)
    SRV - [2010/01/09 13:37:48 | 000,655,624 | ---- | M] (Acresso Software Inc.) [Auto | Running] -- C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe -- (FLEXnet Licensing Service)
    SRV - [2008/01/19 00:38:24 | 000,272,952 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
    SRV - [2007/08/29 14:58:47 | 000,181,800 | ---- | M] (WildTangent, Inc.) [On_Demand | Stopped] -- C:\Program Files\Gateway Games\Gateway Game Console\GameConsoleService.exe -- (GameConsoleService)


    ========== Driver Services (SafeList) ==========

    DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\nwlnkfwd.sys -- (NwlnkFwd)
    DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\nwlnkflt.sys -- (NwlnkFlt)
    DRV - File not found [Kernel | On_Demand | Stopped] -- C:\PROGRA~1\COMMON~1\Motive\MREMP50a64.SYS -- (MREMP50a64)
    DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\ipinip.sys -- (IpInIp)
    DRV - File not found [Kernel | On_Demand | Stopped] -- C:\H_D_F\catchme.sys -- (catchme)
    DRV - File not found [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\blbdrive.sys -- (blbdrive)
    DRV - File not found [Kernel | On_Demand | Stopped] -- C:\Users\Harveydf\AppData\Local\Temp\ALSysIO.sys -- (ALSysIO)
    DRV - [2012/03/16 08:37:53 | 000,024,416 | ---- | M] (Greatis Software) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\regguard.sys -- (RegGuard)
    DRV - [2012/03/16 08:11:06 | 000,035,816 | ---- | M] (Greatis Software) [Kernel | On_Demand | Unknown] -- C:\Windows\System32\drivers\Partizan.sys -- (Partizan)
    DRV - [2012/02/24 10:37:08 | 000,070,536 | ---- | M] (PC Tools) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\pctplsg.sys -- (pctplsg)
    DRV - [2012/02/24 10:36:44 | 000,185,560 | ---- | M] (PC Tools) [Kernel | System | Running] -- C:\Windows\System32\drivers\PCTSD.sys -- (PCTSD)
    DRV - [2012/02/24 10:31:08 | 000,253,352 | ---- | M] (PC Tools) [Kernel | System | Running] -- C:\Windows\System32\drivers\pctgntdi.sys -- (pctgntdi)
    DRV - [2012/02/24 09:16:10 | 000,574,424 | --S- | M] (PC Tools) [Kernel | Boot | Running] -- C:\Windows\System32\drivers\TfSysMon.sys -- (TFSysMon)
    DRV - [2012/02/24 09:16:10 | 000,054,328 | --S- | M] (PC Tools) [Kernel | Boot | Running] -- C:\Windows\System32\drivers\TfFsMon.sys -- (TfFsMon)
    DRV - [2012/02/24 09:16:10 | 000,035,264 | --S- | M] (PC Tools) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\TfNetMon.sys -- (TfNetMon)
    DRV - [2012/02/14 20:47:12 | 009,182,208 | ---- | M] (Advanced Micro Devices, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\atikmdag.sys -- (atikmdag)
    DRV - [2012/02/14 20:47:12 | 009,182,208 | ---- | M] (Advanced Micro Devices, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\atikmdag.sys -- (amdkmdag)
    DRV - [2012/02/14 19:12:48 | 000,264,704 | ---- | M] (Advanced Micro Devices, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\atikmpag.sys -- (amdkmdap)
    DRV - [2011/12/05 12:46:56 | 000,083,472 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\AtihdLH3.sys -- (AtiHDAudioService)
    DRV - [2011/12/01 16:07:06 | 000,342,168 | ---- | M] (PC Tools) [Kernel | Boot | Running] -- C:\Windows\System32\drivers\pctDS.sys -- (pctDS)
    DRV - [2011/11/14 15:12:26 | 000,331,880 | ---- | M] (PC Tools) [Kernel | Boot | Running] -- C:\Windows\System32\drivers\PCTCore.sys -- (PCTCore)
    DRV - [2011/10/14 16:13:26 | 000,047,176 | ---- | M] (Silicon Laboratories) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\silabenm.sys -- (silabenm)
    DRV - [2011/08/13 03:10:05 | 000,489,048 | ---- | M] (Kaspersky Lab) [File_System | System | Stopped] -- C:\Windows\System32\drivers\6594252drv.sys -- (6594252drv)
    DRV - [2011/06/13 02:20:42 | 000,441,760 | ---- | M] (Acronis) [Kernel | Boot | Running] -- C:\Windows\System32\drivers\timntr.sys -- (timounter)
    DRV - [2011/06/13 02:20:42 | 000,044,384 | ---- | M] (Acronis) [File_System | Auto | Running] -- C:\Windows\System32\drivers\tifsfilt.sys -- (tifsfilter)
    DRV - [2011/06/13 02:20:29 | 000,132,224 | ---- | M] (Acronis) [Kernel | Boot | Running] -- C:\Windows\System32\drivers\snapman.sys -- (snapman)
    DRV - [2011/06/13 02:20:26 | 000,368,480 | ---- | M] (Acronis) [Kernel | Boot | Running] -- C:\Windows\System32\drivers\tdrpman.sys -- (tdrpman)
    DRV - [2011/04/27 15:25:24 | 000,065,024 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\NisDrvWFP.sys -- (NisDrv)
    DRV - [2011/04/18 13:18:50 | 000,043,392 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\MpNWMon.sys -- (MpNWMon)
    DRV - [2011/02/08 14:13:44 | 000,058,496 | ---- | M] (Silicon Laboratories) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\silabser.sys -- (silabser)
    DRV - [2010/11/09 15:35:30 | 000,021,992 | ---- | M] (CPUID) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\cpuz135_x32.sys -- (cpuz135)
    DRV - [2010/08/12 12:07:50 | 000,292,712 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\nvmfdx32.sys -- (NVNET)
    DRV - [2008/02/29 11:13:48 | 000,028,944 | ---- | M] (Logitech, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\LUsbFilt.sys -- (LUsbFilt)
    DRV - [2007/08/09 19:12:30 | 000,110,624 | ---- | M] (NVIDIA Corporation) [Kernel | Boot | Running] -- C:\Windows\System32\drivers\nvstor32.sys -- (nvstor32)
    DRV - [2007/06/29 10:11:02 | 000,008,704 | ---- | M] (Conexant Systems, Inc.) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\XAudio.sys -- (XAudio)
    DRV - [2007/06/20 04:28:38 | 000,267,264 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\HSXHWBS2.sys -- (HSXHWBS2)
    DRV - [2006/11/29 15:24:57 | 000,033,588 | ---- | M] (America Online, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\wanatw4.sys -- (wanatw) WAN Miniport (ATW)
    DRV - [2006/11/02 01:50:52 | 000,128,104 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\System32\drivers\WimFltr.sys -- (WimFltr)
    DRV - [2006/11/02 00:30:56 | 002,589,184 | ---- | M] (Intel® Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\NETw2v32.sys -- (NETw2v32) Intel(R)
    DRV - [2006/11/02 00:30:56 | 000,429,056 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\nvm60x32.sys -- (NVENETFD)
    DRV - [2006/11/02 00:30:53 | 000,045,056 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\bcm4sbxp.sys -- (bcm4sbxp)
    DRV - [2004/04/13 10:54:58 | 000,016,509 | ---- | M] (Palm, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\PalmUSBD.sys -- (PalmUSBD)


    ========== Standard Registry (SafeList) ==========


    ========== Internet Explorer ==========

    IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.msn.com/
    IE - HKLM\..\SearchScopes,DefaultScope = {6A1806CD-94D4-4689-BA73-E35EA1EA9990}
    IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
    IE - HKLM\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = http://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7


    IE - HKU\.DEFAULT\SOFTWARE\Microsoft\Internet Explorer\Main,Default_page_URL = http://www.gateway.com/g/startpage.html?Ch=Retail&SubCH=nofound&Br=GTW&Loc=ENG_US&Sys=DTP&M=GT5662
    IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
    IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local

    IE - HKU\S-1-5-18\SOFTWARE\Microsoft\Internet Explorer\Main,Default_page_URL = http://www.gateway.com/g/startpage.html?Ch=Retail&SubCH=nofound&Br=GTW&Loc=ENG_US&Sys=DTP&M=GT5662
    IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
    IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local

    IE - HKU\S-1-5-19\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0


    IE - HKU\S-1-5-21-3010283643-4083402107-944152190-1000\SOFTWARE\Microsoft\Internet Explorer\Main,SearchDefaultBranded = 1
    IE - HKU\S-1-5-21-3010283643-4083402107-944152190-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://att.my.yahoo.com/?_bc=1
    IE - HKU\S-1-5-21-3010283643-4083402107-944152190-1000\SOFTWARE\Microsoft\Internet Explorer\Main,StartPageCache = 1
    IE - HKU\S-1-5-21-3010283643-4083402107-944152190-1000\..\SearchScopes,DefaultScope = {DECA3892-BA8F-44b8-A993-A466AD694AE4}
    IE - HKU\S-1-5-21-3010283643-4083402107-944152190-1000\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE8SRC
    IE - HKU\S-1-5-21-3010283643-4083402107-944152190-1000\..\SearchScopes\{16644F65-8B6D-44E0-AAB4-B86D9B75BCA8}: "URL" = http://shopping.yahoo.com/search?p={searchTerms}&fr=yessv
    IE - HKU\S-1-5-21-3010283643-4083402107-944152190-1000\..\SearchScopes\{298775AD-1E95-4BAF-9E55-F4CA4DA34671}: "URL" = http://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7&rlz=1I7GWYE
    IE - HKU\S-1-5-21-3010283643-4083402107-944152190-1000\..\SearchScopes\{6232A361-7C85-4870-91F9-748683BC7F8D}: "URL" = http://news.search.yahoo.com/search/news?p={searchTerms}&fr=yessv
    IE - HKU\S-1-5-21-3010283643-4083402107-944152190-1000\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = http://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7&rlz=
    IE - HKU\S-1-5-21-3010283643-4083402107-944152190-1000\..\SearchScopes\{B3CC843C-E2AA-4AC1-A6BB-DF6390A21834}: "URL" = http://video.yahoo.com/video/search?p={searchTerms}&fr=yessv
    IE - HKU\S-1-5-21-3010283643-4083402107-944152190-1000\..\SearchScopes\{D1582633-84CD-4C4D-B9D6-258EC2E2FBD3}: "URL" = http://answers.yahoo.com/search/search_result?p={searchTerms}&fr=yessv
    IE - HKU\S-1-5-21-3010283643-4083402107-944152190-1000\..\SearchScopes\{D8979C30-B6E0-4EC9-9571-AD376265CBF0}: "URL" = http://images.search.yahoo.com/search/images?p={searchTerms}&fr=yessv
    IE - HKU\S-1-5-21-3010283643-4083402107-944152190-1000\..\SearchScopes\{D9973E72-3043-428F-AF0D-0AF1DAF37178}: "URL" = http://local.yahoo.com/results?stx={searchTerms}&fr=yessv
    IE - HKU\S-1-5-21-3010283643-4083402107-944152190-1000\..\SearchScopes\{DECA3892-BA8F-44b8-A993-A466AD694AE4}: "URL" = http://search.yahoo.com/search?p={searchTerms}&fr=yessv
    IE - HKU\S-1-5-21-3010283643-4083402107-944152190-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
    IE - HKU\S-1-5-21-3010283643-4083402107-944152190-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local

    ========== FireFox ==========

    FF - prefs.js..browser.search.selectedEngine: "Startpage"
    FF - prefs.js..browser.search.suggest.enabled: false
    FF - prefs.js..browser.search.update: false
    FF - prefs.js..browser.search.useDBForOrder: true
    FF - prefs.js..browser.startup.homepage: "http://att.my.yahoo.com/"
    FF - prefs.js..extensions.enabledItems: moveplayer@movenetworks.com:1.0.0.07076007
    FF - prefs.js..extensions.enabledItems: {37E4D8EA-8BDA-4831-8EA1-89053939A250}:3.0.0.2
    FF - prefs.js..extensions.enabledItems: zotero@chnm.gmu.edu:2.1.8
    FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}:6.0.21
    FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}:6.0.22
    FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA}:6.0.23
    FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA}:6.0.24
    FF - prefs.js..extensions.enabledItems: SkipScreen@SkipScreen:0.6.1.2
    FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA}:6.0.26
    FF - prefs.js..extensions.enabledItems: {1018e4d6-728f-4b20-ad56-37578a4de76b}:4.1.6
    FF - prefs.js..extensions.enabledItems: {cd617375-6743-4ee8-bac4-fbf10f35729e}:2.8.7
    FF - prefs.js..extensions.enabledItems: {987311C6-B504-4aa2-90BF-60CC49808D42}:2.2
    FF - prefs.js..network.proxy.type: 0
    FF - user.js - File not found

    FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF32.dll ()
    FF - HKLM\Software\MozillaPlugins\@adobe.com/ShockwavePlayer: C:\Windows\system32\Adobe\Director\np32dsw.dll (Adobe Systems, Inc.)
    FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found
    FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll ()
    FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files\Java\jre6\bin\plugin2\npjp2.dll (Sun Microsystems, Inc.)
    FF - HKLM\Software\MozillaPlugins\@messenger.yahoo.com/YahooMessengerStatePlugin;version=1.0.0.3: C:\Program Files\Yahoo!\Shared\npYState.dll (Yahoo! Inc.)
    FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\4.1.10111.0\npctrl.dll ( Microsoft Corporation)
    FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
    FF - HKLM\Software\MozillaPlugins\@movenetworks.com/Quantum Media Player: File not found
    FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: File not found
    FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: File not found
    FF - HKLM\Software\MozillaPlugins\Adobe Acrobat: C:\Program Files\Adobe\Acrobat 9.0\Acrobat\Air\nppdf32.dll (Adobe Systems Inc.)
    FF - HKLM\Software\MozillaPlugins\yaxmpb@yahoo.com/YahooActiveXPluginBridge;version=1.0.0.1: File not found
    FF - HKCU\Software\MozillaPlugins\@Google.com/GoogleEarthPlugin: C:\Users\Harveydf\AppData\Local\Google\Google Earth\plugin\npgeplugin.dll (Google)
    FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: File not found
    FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: File not found

    FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 11.0\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2012/03/16 02:06:56 | 000,000,000 | ---D | M]
    FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 11.0\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2012/03/22 10:52:48 | 000,000,000 | ---D | M]

    [2008/08/31 22:53:24 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Harveydf\AppData\Roaming\Mozilla\Extensions
    [2012/03/22 00:42:24 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Harveydf\AppData\Roaming\Mozilla\Firefox\Profiles\lppj4d9t.default\extensions
    [2012/03/15 22:31:48 | 000,000,000 | ---D | M] (Flagfox) -- C:\Users\Harveydf\AppData\Roaming\Mozilla\Firefox\Profiles\lppj4d9t.default\extensions\{1018e4d6-728f-4b20-ad56-37578a4de76b}
    [2010/06/25 13:16:45 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Users\Harveydf\AppData\Roaming\Mozilla\Firefox\Profiles\lppj4d9t.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}
    [2011/05/26 18:42:12 | 000,000,000 | ---D | M] (PDF Download) -- C:\Users\Harveydf\AppData\Roaming\Mozilla\Firefox\Profiles\lppj4d9t.default\extensions\{37E4D8EA-8BDA-4831-8EA1-89053939A250}
    [2011/09/09 01:36:16 | 000,000,000 | ---D | M] (BugMeNot) -- C:\Users\Harveydf\AppData\Roaming\Mozilla\Firefox\Profiles\lppj4d9t.default\extensions\{987311C6-B504-4aa2-90BF-60CC49808D42}
    [2011/12/24 20:33:46 | 000,000,000 | ---D | M] (DownloadHelper) -- C:\Users\Harveydf\AppData\Roaming\Mozilla\Firefox\Profiles\lppj4d9t.default\extensions\{b9db16a4-6edc-47ec-a1f4-b86292ed211d}
    [2012/04/03 17:52:25 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Harveydf\AppData\Roaming\Mozilla\Firefox\Profiles\lppj4d9t.default\extensions\staged
    [2012/03/22 03:19:22 | 000,000,000 | ---D | M] (Download Youtube Videos +) -- C:\Users\Harveydf\AppData\Roaming\Mozilla\Firefox\Profiles\lppj4d9t.default\extensions\video.downloader.plugin@ffpimp.com
    [2012/02/19 01:40:08 | 000,000,000 | ---D | M] (Zotero) -- C:\Users\Harveydf\AppData\Roaming\Mozilla\Firefox\Profiles\lppj4d9t.default\extensions\zotero@chnm.gmu.edu
    [2011/08/17 06:51:04 | 000,002,160 | ---- | M] () -- C:\Users\Harveydf\AppData\Roaming\Mozilla\Firefox\Profiles\lppj4d9t.default\searchplugins\startpage-https.xml
    [2011/08/15 20:08:34 | 000,005,457 | ---- | M] () -- C:\Users\Harveydf\AppData\Roaming\Mozilla\Firefox\Profiles\lppj4d9t.default\searchplugins\startpage.xml
    [2012/03/16 02:06:57 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions
    () (No name found) -- C:\USERS\HARVEYDF\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\LPPJ4D9T.DEFAULT\EXTENSIONS\{C0C9A2C7-2E5C-4447-BC53-97718BC91E1B}.XPI
    () (No name found) -- C:\USERS\HARVEYDF\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\LPPJ4D9T.DEFAULT\EXTENSIONS\{F8A55C97-3DB6-4961-A81D-0DE0080E53CB}.XPI
    () (No name found) -- C:\USERS\HARVEYDF\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\LPPJ4D9T.DEFAULT\EXTENSIONS\SMARTERWIKI@WIKIATIC.COM.XPI
    [2012/03/16 02:06:55 | 000,097,208 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\browsercomps.dll
    [2007/08/24 04:52:00 | 000,300,400 | ---- | M] (Symantec Corporation) -- C:\Program Files\mozilla firefox\components\coFFPlgn.dll
    [2011/04/14 14:01:38 | 000,024,376 | ---- | M] (McAfee, Inc.) -- C:\Program Files\mozilla firefox\components\Scriptff.dll
    [2012/02/19 01:29:21 | 000,476,904 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\mozilla firefox\plugins\npdeployJava1.dll
    [2012/03/16 02:06:52 | 000,002,252 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\bing.xml
    [2012/03/16 02:06:52 | 000,002,040 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\twitter.xml

    O1 HOSTS File: ([2012/04/03 14:36:31 | 000,000,027 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts
    O1 - Hosts: 127.0.0.1 localhost
    O2 - BHO: (Yahoo! Toolbar Helper) - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll (Yahoo! Inc.)
    O2 - BHO: (Adobe PDF Reader Link Helper) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated)
    O2 - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll (Sun Microsystems, Inc.)
    O2 - BHO: (Adobe PDF Conversion Toolbar Helper) - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
    O2 - BHO: (SmartSelect Class) - {F4971EE7-DAA0-4053-9964-665D8EE6A077} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
    O3 - HKLM\..\Toolbar: (Adobe PDF) - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
    O3 - HKU\S-1-5-21-3010283643-4083402107-944152190-1000\..\Toolbar\WebBrowser: (Google Toolbar) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - Reg Error: Value error. File not found
    O3 - HKU\S-1-5-21-3010283643-4083402107-944152190-1000\..\Toolbar\WebBrowser: (Adobe PDF) - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
    O4 - HKLM..\Run: [MSC] c:\Program Files\Microsoft Security Client\msseces.exe (Microsoft Corporation)
    O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
    O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: AllowLegacyWebView = 1
    O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: AllowUnhashedWebView = 1
    O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: MemCheckBoxInRunDlg = 1
    O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
    O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: verbosestatus = 1
    O7 - HKU\.DEFAULT\Software\Policies\Microsoft\Internet Explorer\Control Panel present
    O7 - HKU\S-1-5-18\Software\Policies\Microsoft\Internet Explorer\Control Panel present
    O7 - HKU\S-1-5-19\Software\Policies\Microsoft\Internet Explorer\Control Panel present
    O7 - HKU\S-1-5-20\Software\Policies\Microsoft\Internet Explorer\Control Panel present
    O7 - HKU\S-1-5-21-3010283643-4083402107-944152190-1000\Software\Policies\Microsoft\Internet Explorer\Control Panel present
    O7 - HKU\S-1-5-21-3010283643-4083402107-944152190-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoLowDiskSpaceChecks = 0
    O7 - HKU\S-1-5-21-3010283643-4083402107-944152190-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
    O8 - Extra context menu item: Append Link Target to Existing PDF - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
    O8 - Extra context menu item: Append to Existing PDF - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
    O8 - Extra context menu item: Convert Link Target to Adobe PDF - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
    O8 - Extra context menu item: Convert to Adobe PDF - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
    O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~3\Office12\EXCEL.EXE/3000 File not found
    O10 - NameSpace_Catalog5\Catalog_Entries\000000000005 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
    O10 - Protocol_Catalog9\Catalog_Entries\000000000001 - C:\Program Files\Common Files\PC Tools\Lsp\PCTLsp.dll (PC Tools Research Pty Ltd.)
    O10 - Protocol_Catalog9\Catalog_Entries\000000000002 - C:\Program Files\Common Files\PC Tools\Lsp\PCTLsp.dll (PC Tools Research Pty Ltd.)
    O10 - Protocol_Catalog9\Catalog_Entries\000000000003 - C:\Program Files\Common Files\PC Tools\Lsp\PCTLsp.dll (PC Tools Research Pty Ltd.)
    O10 - Protocol_Catalog9\Catalog_Entries\000000000004 - C:\Program Files\Common Files\PC Tools\Lsp\PCTLsp.dll (PC Tools Research Pty Ltd.)
    O10 - Protocol_Catalog9\Catalog_Entries\000000000005 - C:\Program Files\Common Files\PC Tools\Lsp\PCTLsp.dll (PC Tools Research Pty Ltd.)
    O10 - Protocol_Catalog9\Catalog_Entries\000000000006 - C:\Program Files\Common Files\PC Tools\Lsp\PCTLsp.dll (PC Tools Research Pty Ltd.)
    O10 - Protocol_Catalog9\Catalog_Entries\000000000025 - C:\Program Files\Common Files\PC Tools\Lsp\PCTLsp.dll (PC Tools Research Pty Ltd.)
    O15 - HKU\S-1-5-21-3010283643-4083402107-944152190-1000\..Trusted Domains: aol.com ([objects] * is out of zone range - 5)
    O15 - HKU\S-1-5-21-3010283643-4083402107-944152190-1000\..Trusted Domains: intuit.com ([ttlc] https in Trusted sites)
    O15 - HKU\S-1-5-21-3010283643-4083402107-944152190-1000\..Trusted Domains: turbotax.com ([]https in Trusted sites)
    O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} http://download.microsoft.com/downl...-4d68-a152-f7252adaa4f2/LegitCheckControl.cab (Windows Genuine Advantage Validation Tool)
    O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab (Java Plug-in 1.6.0_31)
    O16 - DPF: {CAFEEFAC-0016-0000-0031-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab (Java Plug-in 1.6.0_31)
    O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab (Java Plug-in 1.6.0_31)
    O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://download.macromedia.com/pub/shockwave/cabs/flash/swflash.cab (Shockwave Flash Object)
    O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.254
    O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{193FD7B8-6ED3-43A3-9D42-499D673FB086}: DhcpNameServer = 192.168.1.254
    O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
    O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\System32\userinit.exe (Microsoft Corporation)
    O24 - Desktop WallPaper: C:\Users\Harveydf\AppData\Roaming\Microsoft\Windows Photo Gallery\Windows Photo Gallery Wallpaper.jpg
    O24 - Desktop BackupWallPaper: C:\Users\Harveydf\AppData\Roaming\Microsoft\Windows Photo Gallery\Windows Photo Gallery Wallpaper.jpg
    O32 - HKLM CDRom: AutoRun - 1
    O32 - AutoRun File - [2006/09/18 14:43:36 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
    O34 - HKLM BootExecute: (autocheck autochk *)
    O34 - HKLM BootExecute: (Partizan)
    O35 - HKLM\..comfile [open] -- "%1" %*
    O35 - HKLM\..exefile [open] -- "%1" %*
    O37 - HKLM\...com [@ = ComFile] -- "%1" %*
    O37 - HKLM\...exe [@ = exefile] -- "%1" %*

    NetSvcs: FastUserSwitchingCompatibility - File not found
    NetSvcs: Ias - C:\Windows\System32\ias.dll (Microsoft Corporation)
    NetSvcs: Nla - File not found
    NetSvcs: Ntmssvc - File not found
    NetSvcs: NWCWorkstation - File not found
    NetSvcs: Nwsapagent - File not found
    NetSvcs: SRService - File not found
    NetSvcs: WmdmPmSp - File not found
    NetSvcs: LogonHours - File not found
    NetSvcs: PCAudit - File not found
    NetSvcs: helpsvc - File not found
    NetSvcs: uploadmgr - File not found

    Drivers32: msacm.l3acm - C:\Windows\System32\l3codeca.acm (Fraunhofer Institut Integrierte Schaltungen IIS)
    Drivers32: vidc.cvid - C:\Windows\System32\iccvid.dll (Radius Inc.)

    CREATERESTOREPOINT
    Restore point Set: OTL Restore Point

    ========== Files/Folders - Created Within 30 Days ==========
     
  14. harveydf

    harveydf TS Rookie Topic Starter Posts: 69

    Page 3

    ========== Custom Scans ==========

    < %SYSTEMDRIVE%\*.* >
    [2012/04/01 09:44:40 | 000,000,088 | ---- | M] () -- C:\.directory
    [2006/09/18 14:43:36 | 000,000,024 | ---- | M] () -- C:\autoexec.bat
    [2009/04/10 23:36:36 | 000,333,257 | RHS- | M] () -- C:\bootmgr
    [2006/06/11 17:36:06 | 000,008,192 | R-S- | M] () -- C:\BOOTSECT.BAK
    [2010/09/07 22:23:22 | 000,022,610 | ---- | M] () \Calculate MD5Sum Hash -- C:\Calculate MD5Sum Hash
    [2012/04/03 14:44:04 | 000,020,236 | ---- | M] () -- C:\ComboFix.txt
    [2011/05/13 17:00:10 | 000,000,010 | ---- | M] () -- C:\CONFIG.SYS
    [2006/12/07 12:24:36 | 000,241,664 | ---- | M] (Alcor Micro, Corp.) -- C:\EMicon.dll
    [2007/11/07 08:00:40 | 000,017,734 | ---- | M] () -- C:\eula.1028.txt
    [2007/11/07 08:00:40 | 000,017,734 | ---- | M] () -- C:\eula.1031.txt
    [2007/11/07 08:00:40 | 000,010,134 | ---- | M] () -- C:\eula.1033.txt
    [2007/11/07 08:00:40 | 000,017,734 | ---- | M] () -- C:\eula.1036.txt
    [2007/11/07 08:00:40 | 000,017,734 | ---- | M] () -- C:\eula.1040.txt
    [2007/11/07 08:00:40 | 000,000,118 | ---- | M] () -- C:\eula.1041.txt
    [2007/11/07 08:00:40 | 000,017,734 | ---- | M] () -- C:\eula.1042.txt
    [2007/11/07 08:00:40 | 000,017,734 | ---- | M] () -- C:\eula.2052.txt
    [2007/11/07 08:00:40 | 000,017,734 | ---- | M] () -- C:\eula.3082.txt
    [2007/11/07 08:00:40 | 000,001,110 | ---- | M] () -- C:\globdata.ini
    [2012/04/03 17:35:31 | 3488,079,872 | -HS- | M] () -- C:\hiberfil.sys
    [2007/11/07 08:00:40 | 000,000,843 | ---- | M] () -- C:\install.ini
    [2007/11/07 08:03:18 | 000,076,304 | ---- | M] (Microsoft Corporation) -- C:\install.res.1028.dll
    [2007/11/07 08:03:18 | 000,096,272 | ---- | M] (Microsoft Corporation) -- C:\install.res.1031.dll
    [2007/11/07 08:03:18 | 000,091,152 | ---- | M] (Microsoft Corporation) -- C:\install.res.1033.dll
    [2007/11/07 08:03:18 | 000,097,296 | ---- | M] (Microsoft Corporation) -- C:\install.res.1036.dll
    [2007/11/07 08:03:18 | 000,095,248 | ---- | M] (Microsoft Corporation) -- C:\install.res.1040.dll
    [2007/11/07 08:03:18 | 000,081,424 | ---- | M] (Microsoft Corporation) -- C:\install.res.1041.dll
    [2007/11/07 08:03:18 | 000,079,888 | ---- | M] (Microsoft Corporation) -- C:\install.res.1042.dll
    [2007/11/07 08:03:18 | 000,075,792 | ---- | M] (Microsoft Corporation) -- C:\install.res.2052.dll
    [2007/11/07 08:03:18 | 000,096,272 | ---- | M] (Microsoft Corporation) -- C:\install.res.3082.dll
    [2010/01/26 22:28:41 | 000,000,000 | RHS- | M] () -- C:\IO.SYS
    [2010/01/26 22:28:41 | 000,000,000 | RHS- | M] () -- C:\MSDOS.SYS
    [2012/04/03 17:35:29 | 531,628,031 | -HS- | M] () -- C:\pagefile.sys
    [2012/04/01 16:30:27 | 000,000,486 | ---- | M] () -- C:\rkill 040112.log
    [2012/04/01 17:08:36 | 000,000,370 | ---- | M] () -- C:\rkill.log
    [2012/04/01 13:48:37 | 000,058,316 | ---- | M] () -- C:\TDSSKiller.2.7.23.0_01.04.2012_13.48.25_log.txt
    [2012/04/01 13:49:59 | 000,147,380 | ---- | M] () -- C:\TDSSKiller.2.7.23.0_01.04.2012_13.49.20_log.txt
    [2012/04/01 13:58:14 | 000,255,576 | ---- | M] () -- C:\TDSSKiller.2.7.23.0_01.04.2012_13.56.13_log.txt
    [2012/04/01 14:07:07 | 000,121,990 | ---- | M] () -- C:\TDSSKiller.2.7.23.0_01.04.2012_14.06.17_log.txt
    [2012/04/01 16:32:02 | 000,121,990 | ---- | M] () -- C:\TDSSKiller.2.7.23.0_01.04.2012_16.31.13_log.txt
    [2012/04/01 21:01:21 | 000,121,956 | ---- | M] () -- C:\TDSSKiller.2.7.23.0_01.04.2012_20.59.18_log.txt
    [2012/03/26 04:44:07 | 000,250,366 | ---- | M] () -- C:\TDSSKiller.2.7.23.0_26.03.2012_04.40.13_log.txt
    [2012/03/26 04:46:15 | 000,129,134 | ---- | M] () -- C:\TDSSKiller.2.7.23.0_26.03.2012_04.44.28_log.txt
    [2012/03/26 11:36:50 | 000,250,366 | ---- | M] () -- C:\TDSSKiller.2.7.23.0_26.03.2012_11.34.30_log.txt
    [2012/03/26 14:19:19 | 000,376,334 | ---- | M] () -- C:\TDSSKiller.2.7.23.0_26.03.2012_12.50.50_log.txt
    [2007/11/07 08:00:40 | 000,005,686 | ---- | M] () -- C:\vcredist.bmp

    < %systemroot%\Fonts\*.com >
    [2006/11/02 05:37:12 | 000,026,040 | ---- | M] () -- C:\Windows\Fonts\GlobalMonospace.CompositeFont
    [2006/11/02 05:37:12 | 000,026,489 | ---- | M] () -- C:\Windows\Fonts\GlobalSansSerif.CompositeFont
    [2006/11/02 05:37:12 | 000,029,779 | ---- | M] () -- C:\Windows\Fonts\GlobalSerif.CompositeFont
    [2009/09/19 17:10:11 | 000,037,665 | ---- | M] () -- C:\Windows\Fonts\GlobalUserInterface.CompositeFont

    < %systemroot%\Fonts\*.dll >

    < %systemroot%\Fonts\*.ini >
    [2006/09/18 14:37:34 | 000,000,065 | ---- | M] () -- C:\Windows\Fonts\desktop.ini

    < %systemroot%\Fonts\*.ini2 >

    < %systemroot%\Fonts\*.exe >

    < %systemroot%\system32\spool\prtprocs\w32x86\*.* >
    [2008/01/19 00:34:28 | 000,089,600 | ---- | M] (Hewlett-Packard Corporation) -- C:\Windows\system32\spool\prtprocs\w32x86\HPZPPLHN.DLL
    [2006/11/02 05:35:48 | 000,022,528 | ---- | M] (Microsoft Corporation) -- C:\Windows\system32\spool\prtprocs\w32x86\jnwppr.dll
    [2007/04/09 14:23:54 | 000,028,552 | ---- | M] (Microsoft Corporation) -- C:\Windows\system32\spool\prtprocs\w32x86\mdippr.dll
    [2006/10/26 20:56:12 | 000,033,104 | ---- | M] (Microsoft Corporation) -- C:\Windows\system32\spool\prtprocs\w32x86\msonpppr.dll

    < %systemroot%\REPAIR\*.bak1 >

    < %systemroot%\REPAIR\*.ini >

    < %systemroot%\system32\*.jpg >

    < %systemroot%\*.jpg >

    < %systemroot%\*.png >

    < %systemroot%\*.scr >

    < %systemroot%\*._sy >

    < %APPDATA%\Adobe\Update\*.* >

    < %ALLUSERSPROFILE%\Favorites\*.* >

    < %APPDATA%\Microsoft\*.* >

    < %PROGRAMFILES%\*.* >
    [2008/06/17 22:55:11 | 000,000,174 | -HS- | M] () -- C:\Program Files\desktop.ini

    < %APPDATA%\Update\*.* >

    < %systemroot%\*. /mp /s >

    < %systemroot%\System32\config\*.sav >
    [2006/11/02 03:34:05 | 000,008,192 | ---- | M] () -- C:\Windows\System32\config\COMPONENTS.SAV
    [2006/11/02 03:34:05 | 000,020,480 | ---- | M] () -- C:\Windows\System32\config\DEFAULT.SAV
    [2006/11/02 03:34:05 | 000,008,192 | ---- | M] () -- C:\Windows\System32\config\SECURITY.SAV
    [2006/11/02 03:34:08 | 010,133,504 | ---- | M] () -- C:\Windows\System32\config\SOFTWARE.SAV
    [2006/11/02 03:34:08 | 001,826,816 | ---- | M] () -- C:\Windows\System32\config\SYSTEM.SAV

    < %PROGRAMFILES%\bak. /s >

    < %systemroot%\system32\bak. /s >

    < %ALLUSERSPROFILE%\Start Menu\*.lnk /x >

    < %systemroot%\system32\config\systemprofile\*.dat /x >

    < %systemroot%\*.config >

    < %systemroot%\system32\*.db >

    < %APPDATA%\Microsoft\Internet Explorer\Quick Launch\*.lnk /x >
    [2011/04/20 08:28:55 | 000,000,341 | -HS- | M] () -- C:\Users\Harveydf\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\desktop.ini

    < %USERPROFILE%\Desktop\*.exe >
    [2009/10/26 20:23:30 | 002,664,072 | ---- | M] () -- C:\Users\Harveydf\Desktop\6NOD32 Online Scanner.exe
    [2012/04/01 21:31:10 | 004,731,392 | ---- | M] (AVAST Software) -- C:\Users\Harveydf\Desktop\aswMBR.exe
    [2012/03/18 19:36:12 | 000,388,608 | ---- | M] (Trend Micro Inc.) -- C:\Users\Harveydf\Desktop\HijackThis.exe
    [2012/04/03 18:21:50 | 004,455,431 | R--- | M] (Swearware) -- C:\Users\Harveydf\Desktop\H_D_F.exe
    [2012/02/14 13:10:12 | 004,777,280 | ---- | M] (Sysinternals - www.sysinternals.com) -- C:\Users\Harveydf\Desktop\iexplorer.exe
    [2012/04/01 17:19:57 | 009,502,424 | ---- | M] (Malwarebytes Corporation ) -- C:\Users\Harveydf\Desktop\mbam-setup-1.60.1.1000.exe
    [2012/04/01 06:07:53 | 000,396,041 | ---- | M] () -- C:\Users\Harveydf\Desktop\MiniToolBox.exe
    [2012/04/01 17:21:29 | 000,302,592 | ---- | M] () -- C:\Users\Harveydf\Desktop\nnyfhfzx.exe
    [2012/04/03 17:47:02 | 000,593,920 | ---- | M] (OldTimer Tools) -- C:\Users\Harveydf\Desktop\OTL.exe
    [2012/03/26 13:41:12 | 002,068,016 | ---- | M] (Kaspersky Lab ZAO) -- C:\Users\Harveydf\Desktop\TDSSKiller.exe

    < %PROGRAMFILES%\Common Files\*.* >

    < %systemroot%\*.src >

    < %systemroot%\install\*.* >

    < %systemroot%\system32\DLL\*.* >

    < %systemroot%\system32\HelpFiles\*.* >

    < %systemroot%\tasks\*.* >
    [2011/08/10 23:46:39 | 000,000,882 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
    [2011/08/11 03:23:30 | 000,000,886 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
    [2011/08/10 04:01:00 | 000,000,868 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-3010283643-4083402107-944152190-1000Core.job
    [2011/08/11 00:11:18 | 000,000,920 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-3010283643-4083402107-944152190-1000UA.job
    [2012/04/03 17:35:38 | 000,000,006 | -H-- | M] () -- C:\Windows\tasks\SA.DAT
    [2012/04/03 15:56:37 | 000,032,642 | ---- | M] () -- C:\Windows\tasks\SCHEDLGU.TXT

    < %systemroot%\system32\rundll\*.* >

    < %systemroot%\winn32\*.* >

    < %systemroot%\Java\*.* >

    < %systemroot%\system32\test\*.* >

    < %systemroot%\system32\Rundll32\*.* >

    < %systemroot%\AppPatch\Custom\*.* >

    < %APPDATA%\Roaming\Microsoft\Windows\Recent\*.lnk /x >

    < %PROGRAMFILES%\PC-Doctor\Downloads\*.* >

    < %PROGRAMFILES%\Internet Explorer\*.tmp >

    < %PROGRAMFILES%\Internet Explorer\*.dat >

    < %USERPROFILE%\My Documents\*.exe >

    < %USERPROFILE%\*.exe >

    < %systemroot%\ADDINS\*.* >

    < %systemroot%\assembly\*.bak2 >

    < %systemroot%\Config\*.* >

    < %systemroot%\REPAIR\*.bak2 >

    < %systemroot%\SECURITY\Database\*.sdb /x >

    < %systemroot%\SYSTEM\*.bak2 >

    < %systemroot%\Web\*.bak2 >

    < %systemroot%\Driver Cache\*.* >

    < %PROGRAMFILES%\Mozilla Firefox\0*.exe >

    < %ProgramFiles%\Microsoft Common\*.* >

    < %ProgramFiles%\TinyProxy. >

    < %USERPROFILE%\Favorites\*.url /x >
    [2008/02/18 16:27:28 | 000,000,402 | -HS- | M] () -- C:\Users\Harveydf\Favorites\desktop.ini

    < %systemroot%\system32\*.bk >

    < %systemroot%\*.te >

    < %systemroot%\system32\system32\*.* >

    < %ALLUSERSPROFILE%\*.dat /x >
    [2011/06/08 22:16:21 | 000,000,576 | ---- | M] () -- C:\ProgramData\afl.log
    [2008/03/24 12:11:12 | 000,000,799 | ---- | M] () -- C:\ProgramData\hpzinstall.log
    [2009/03/28 13:05:57 | 000,008,212 | ---- | M] () -- C:\ProgramData\LUUnInstall.LiveUpdate
    [2011/08/11 20:54:20 | 000,000,258 | RHS- | M] () -- C:\ProgramData\ntuser.pol

    < %systemroot%\system32\drivers\*.rmv >

    < dir /b "%systemroot%\system32\*.exe" | find /i " " /c >

    < dir /b "%systemroot%\*.exe" | find /i " " /c >

    < %PROGRAMFILES%\Microsoft\*.* >

    < %systemroot%\System32\Wbem\proquota.exe >

    < %PROGRAMFILES%\Mozilla Firefox\*.dat >

    < %USERPROFILE%\Cookies\*.txt /x >

    < %SystemRoot%\system32\fonts\*.* >

    < %systemroot%\system32\winlog\*.* >

    < %systemroot%\system32\Language\*.* >

    < %systemroot%\system32\Settings\*.* >

    < %systemroot%\system32\*.quo >

    < %SYSTEMROOT%\AppPatch\*.exe >

    < %SYSTEMROOT%\inf\*.exe >

    < %SYSTEMROOT%\Installer\*.exe >

    < %systemroot%\system32\config\*.bak2 >

    < %systemroot%\system32\Computers\*.* >

    < %SystemRoot%\system32\Sound\*.* >

    < %SystemRoot%\system32\SpecialImg\*.* >

    < %SystemRoot%\system32\code\*.* >

    < %SystemRoot%\system32\draft\*.* >

    < %SystemRoot%\system32\MSSSys\*.* >

    < %ProgramFiles%\Javascript\*.* >

    < %systemroot%\pchealth\helpctr\System\*.exe /s >

    < %systemroot%\Web\*.exe >

    < %systemroot%\system32\msn\*.* >

    < %systemroot%\system32\*.tro >

    < %AppData%\Microsoft\Installer\msupdates\*.* >

    < %ProgramFiles%\Messenger\*.* >

    < %systemroot%\system32\systhem32\*.* >

    < %systemroot%\system\*.exe >

    < HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate\AU >

    < HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\ Auto Update\Results\Install|LastSuccessTime /rs >

    ========== Alternate Data Streams ==========

    @Alternate Data Stream - 231 bytes -> C:\ProgramData\TEMP:DFC5A2B2
    @Alternate Data Stream - 156 bytes -> C:\ProgramData\TEMP:D1B5B4F1
    @Alternate Data Stream - 127 bytes -> C:\ProgramData\TEMP:430C6D84

    < End of report >
     
  15. Broni

    Broni Malware Annihilator Posts: 52,915   +344

    You missed midsection of OTL.txt log starting at:
    Please repost.

    I still need Extras.txt.
     
  16. harveydf

    harveydf TS Rookie Topic Starter Posts: 69

    My apologies.

    ========== Files/Folders - Created Within 30 Days ==========

    [2012/04/03 17:46:33 | 000,593,920 | ---- | C] (OldTimer Tools) -- C:\Users\Harveydf\Desktop\OTL.exe
    [2012/04/03 14:44:09 | 000,000,000 | ---D | C] -- C:\Windows\temp
    [2012/04/03 14:44:09 | 000,000,000 | ---D | C] -- C:\Users\Harveydf\AppData\Local\temp
    [2012/04/03 14:41:49 | 000,000,000 | -HSD | C] -- C:\$RECYCLE.BIN
    [2012/04/03 14:20:28 | 004,455,431 | R--- | C] (Swearware) -- C:\Users\Harveydf\Desktop\H_D_F.exe
    [2012/04/01 22:08:29 | 000,000,000 | ---D | C] -- C:\Users\Harveydf\Desktop\bootkit_remover
    [2012/04/01 21:30:08 | 004,731,392 | ---- | C] (AVAST Software) -- C:\Users\Harveydf\Desktop\aswMBR.exe
    [2012/04/01 17:17:39 | 009,502,424 | ---- | C] (Malwarebytes Corporation ) -- C:\Users\Harveydf\Desktop\mbam-setup-1.60.1.1000.exe
    [2012/04/01 13:58:10 | 000,000,000 | ---D | C] -- C:\TDSSKiller_Quarantine
    [2012/04/01 06:09:50 | 002,068,016 | ---- | C] (Kaspersky Lab ZAO) -- C:\Users\Harveydf\Desktop\TDSSKiller.exe
    [2012/03/26 21:22:20 | 004,777,280 | ---- | C] (Sysinternals - www.sysinternals.com) -- C:\Users\Harveydf\Desktop\iexplorer.exe
    [2012/03/26 11:37:30 | 000,000,000 | ---D | C] -- C:\Program Files\ESET
    [2012/03/26 06:55:59 | 000,000,000 | ---D | C] -- C:\Users\Harveydf\Desktop\TakeOwnership
    [2012/03/26 04:53:19 | 000,000,000 | ---D | C] -- C:\Windows\ERDNT2
    [2012/03/26 04:52:11 | 000,000,000 | ---D | C] -- C:\Program Files\ERUNT2
    [2012/03/26 04:39:22 | 000,000,000 | ---D | C] -- C:\Users\Harveydf\Desktop\tdsskiller
    [2012/03/25 05:00:02 | 000,000,000 | ---D | C] -- C:\Users\Harveydf\Desktop\GodMode.{ED7BA470-8E54-465E-825C-99712043E01C}
    [2012/03/24 14:58:37 | 000,000,000 | ---D | C] -- C:\Windows\Symbols
    [2012/03/24 08:43:42 | 000,000,000 | ---D | C] -- C:\AMD
    [2012/03/24 05:47:36 | 000,000,000 | ---D | C] -- C:\Users\Harveydf\Desktop\backups
    [2012/03/24 00:10:26 | 000,000,000 | ---D | C] -- C:\Users\Harveydf\AppData\Roaming\DAEMON Tools
    [2012/03/23 10:01:03 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft Symbols for Visual Studio and Process Explorer
    [2012/03/23 09:58:59 | 000,000,000 | ---D | C] -- C:\Users\Harveydf\Microsoft Symbols for Visual Studio and Process Explorer
    [2012/03/23 09:51:01 | 000,000,000 | ---D | C] -- C:\Users\Harveydf\Documents\Visual Studio 2010
    [2012/03/23 03:54:56 | 000,000,000 | ---D | C] -- C:\Program Files\BenchMark Tools
    [2012/03/23 02:08:30 | 000,000,000 | ---D | C] -- C:\Program Files\CrystalDiskInfo
    [2012/03/22 07:09:06 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\7-Zip
    [2012/03/22 06:13:28 | 000,000,000 | ---D | C] -- C:\Program Files\7-Zip
    [2012/03/21 08:32:51 | 000,000,000 | ---D | C] -- C:\Users\Harveydf\AppData\Roaming\GlarySoft
    [2012/03/21 08:32:50 | 000,000,000 | ---D | C] -- C:\Program Files\Glary Undelete
    [2012/03/18 19:36:07 | 000,388,608 | ---- | C] (Trend Micro Inc.) -- C:\Users\Harveydf\Desktop\HijackThis.exe
    [2012/03/17 10:13:22 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft Security Client
    [2012/03/17 01:34:47 | 000,000,000 | ---D | C] -- C:\.Trash-0
    [2012/03/16 17:40:53 | 000,000,000 | ---D | C] -- C:\Users\Harveydf\AppData\Roaming\GetRightToGo
    [2012/03/16 17:04:50 | 000,014,664 | ---- | C] (McAfee, Inc.) -- C:\Windows\stinger.sys
    [2012/03/16 17:04:18 | 000,000,000 | ---D | C] -- C:\Program Files\stinger
    [2012/03/16 12:02:00 | 000,000,000 | ---D | C] -- C:\BackSys
    [2012/03/16 08:22:38 | 000,024,416 | ---- | C] (Greatis Software) -- C:\Windows\System32\drivers\regguard.sys
    [2012/03/16 08:11:06 | 000,039,184 | ---- | C] (Greatis Software) -- C:\Windows\System32\Partizan.exe
    [2012/03/16 08:11:06 | 000,035,816 | ---- | C] (Greatis Software) -- C:\Windows\System32\drivers\Partizan.sys
    [2012/03/16 08:10:57 | 000,000,000 | ---D | C] -- C:\Users\Harveydf\Documents\RegRun2
    [2012/03/16 08:10:56 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\UnHackMe
    [2012/03/16 08:10:55 | 000,012,800 | ---- | C] (Greatis Software, LLC.) -- C:\Windows\System32\drivers\UnHackMeDrv.sys
    [2012/03/16 04:32:25 | 000,000,000 | ---D | C] -- C:\Users\Harveydf\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\att.net
    [2012/03/16 04:32:25 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\att.net
    [2012/03/16 03:26:59 | 000,000,000 | ---D | C] -- C:\Users\Harveydf\AppData\Roaming\VSRevoGroup
    [2012/03/15 06:22:16 | 000,000,000 | ---D | C] -- C:\Users\Harveydf\AppData\Roaming\Registry Mechanic
    [2012/03/15 05:54:22 | 001,101,824 | ---- | C] (Woodbury Associates Limited) -- C:\Windows\System32\UniBox210.ocx
    [2012/03/15 05:54:22 | 000,880,640 | ---- | C] (Woodbury Associates Limited) -- C:\Windows\System32\UniBox10.ocx
    [2012/03/15 05:54:22 | 000,212,992 | ---- | C] (Woodbury Associates Limited) -- C:\Windows\System32\UniBoxVB12.ocx
    [2012/03/15 05:54:22 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\PC Tools Registry Mechanic
    [2012/03/15 05:50:58 | 000,000,000 | ---D | C] -- C:\Users\Harveydf\AppData\Roaming\Product_RM
    [2012/03/15 04:59:07 | 000,000,000 | ---D | C] -- C:\Users\Harveydf\AppData\Roaming\PCTools
    [2012/03/15 01:38:31 | 000,574,424 | --S- | C] (PC Tools) -- C:\Windows\System32\drivers\TfSysMon.sys
    [2012/03/15 01:38:30 | 000,054,328 | --S- | C] (PC Tools) -- C:\Windows\System32\drivers\TfFsMon.sys
    [2012/03/15 01:38:30 | 000,035,264 | --S- | C] (PC Tools) -- C:\Windows\System32\drivers\TfNetMon.sys
    [2012/03/14 18:59:41 | 000,253,352 | ---- | C] (PC Tools) -- C:\Windows\System32\drivers\pctgntdi.sys
    [2012/03/14 18:59:41 | 000,107,864 | ---- | C] (PC Tools) -- C:\Windows\System32\drivers\pctwfpfilter.sys
    [2012/03/14 18:59:39 | 000,017,848 | ---- | C] (PC Tools) -- C:\Windows\System32\drivers\pctBTFix.sys
    [2012/03/14 18:59:39 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\PC Tools Security
    [2012/03/14 18:59:37 | 000,070,536 | ---- | C] (PC Tools) -- C:\Windows\System32\drivers\pctplsg.sys
    [2012/03/14 18:59:32 | 000,000,000 | ---D | C] -- C:\Program Files\PC Tools
    [2012/03/14 18:12:24 | 000,909,728 | ---- | C] (PC Tools) -- C:\Windows\System32\drivers\pctEFA.sys
    [2012/03/14 18:12:24 | 000,342,168 | ---- | C] (PC Tools) -- C:\Windows\System32\drivers\pctDS.sys
    [2012/03/14 18:12:24 | 000,331,880 | ---- | C] (PC Tools) -- C:\Windows\System32\drivers\PCTCore.sys
    [2012/03/14 18:12:24 | 000,162,584 | ---- | C] (PC Tools) -- C:\Windows\System32\drivers\PCTAppEvent.sys
    [2012/03/14 18:12:23 | 000,185,560 | ---- | C] (PC Tools) -- C:\Windows\System32\drivers\PCTSD.sys
    [2012/03/14 18:12:23 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\PC Tools
    [2012/03/14 18:07:19 | 000,000,000 | ---D | C] -- C:\Users\Harveydf\AppData\Roaming\TestApp
    [2012/03/14 18:07:19 | 000,000,000 | ---D | C] -- C:\ProgramData\TEMP
    [2012/03/14 18:07:19 | 000,000,000 | ---D | C] -- C:\ProgramData\PC Tools
    [2012/03/13 17:43:33 | 000,000,000 | ---D | C] -- C:\Windows\Minidump
    [2012/03/13 14:39:34 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware
    [2012/03/13 14:39:24 | 000,020,464 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbam.sys
    [2012/03/13 14:39:24 | 000,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware
    [2012/03/11 16:58:47 | 000,000,000 | ---D | C] -- C:\Users\Harveydf\AppData\Roaming\LogView
    [2012/03/11 16:28:50 | 000,058,496 | ---- | C] (Silicon Laboratories) -- C:\Windows\System32\drivers\silabser.sys
    [2012/03/11 13:32:23 | 000,000,000 | ---D | C] -- C:\Users\Harveydf\AppData\Local\ElevatedDiagnostics
    [2012/03/11 11:53:26 | 000,000,000 | ---D | C] -- C:\Program Files\Silabs
    [2012/03/11 11:49:53 | 000,047,176 | ---- | C] (Silicon Laboratories) -- C:\Windows\System32\drivers\silabenm.sys
    [2012/03/11 05:47:38 | 000,000,000 | ---D | C] -- C:\Users\Harveydf\AppData\Roaming\EurekaLog
    [2012/03/11 05:47:09 | 000,000,000 | ---D | C] -- C:\Program Files\LogView V2
    [2012/03/11 05:26:25 | 000,000,000 | ---D | C] -- C:\Program Files\Junsi
    [2012/03/11 05:25:50 | 000,000,000 | ---D | C] -- C:\Windows\System32\Silabs

    ========== Files - Modified Within 30 Days ==========

    [2012/04/03 18:37:16 | 001,008,141 | ---- | M] () -- C:\Users\Harveydf\Desktop\rkill.scr
    [2012/04/03 18:21:50 | 004,455,431 | R--- | M] (Swearware) -- C:\Users\Harveydf\Desktop\H_D_F.exe
    [2012/04/03 17:47:02 | 000,593,920 | ---- | M] (OldTimer Tools) -- C:\Users\Harveydf\Desktop\OTL.exe
    [2012/04/03 17:40:05 | 000,710,644 | ---- | M] () -- C:\Windows\System32\perfh009.dat
    [2012/04/03 17:40:05 | 000,145,518 | ---- | M] () -- C:\Windows\System32\perfc009.dat
    [2012/04/03 17:36:02 | 000,000,025 | ---- | M] () -- C:\Windows\System32\TLB_Disable.ini
    [2012/04/03 17:35:39 | 000,003,296 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
    [2012/04/03 17:35:39 | 000,003,296 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
    [2012/04/03 17:35:31 | 3488,079,872 | -HS- | M] () -- C:\hiberfil.sys
    [2012/04/03 14:36:31 | 000,000,027 | ---- | M] () -- C:\Windows\System32\drivers\etc\hosts
    [2012/04/01 22:07:31 | 000,000,512 | ---- | M] () -- C:\Users\Harveydf\Desktop\MBR 040112 .dat
    [2012/04/01 21:31:33 | 000,044,607 | ---- | M] () -- C:\Users\Harveydf\Desktop\bootkit_remover.zip
    [2012/04/01 21:31:10 | 004,731,392 | ---- | M] (AVAST Software) -- C:\Users\Harveydf\Desktop\aswMBR.exe
    [2012/04/01 20:56:44 | 002,048,299 | ---- | M] () -- C:\Users\Harveydf\Desktop\tdsskiller.zip
    [2012/04/01 17:21:29 | 000,302,592 | ---- | M] () -- C:\Users\Harveydf\Desktop\nnyfhfzx.exe
    [2012/04/01 17:19:57 | 009,502,424 | ---- | M] (Malwarebytes Corporation ) -- C:\Users\Harveydf\Desktop\mbam-setup-1.60.1.1000.exe
    [2012/04/01 14:03:00 | 000,000,680 | ---- | M] () -- C:\Users\Harveydf\AppData\Local\d3d9caps.dat
    [2012/04/01 12:53:11 | 000,002,198 | ---- | M] () -- C:\Windows\epplauncher.mif
    [2012/04/01 09:56:27 | 000,000,088 | ---- | M] () -- C:\Users\Harveydf\.directory
    [2012/04/01 09:44:40 | 000,000,088 | ---- | M] () -- C:\.directory
    [2012/04/01 06:07:53 | 000,396,041 | ---- | M] () -- C:\Users\Harveydf\Desktop\MiniToolBox.exe
    [2012/03/26 13:41:12 | 002,068,016 | ---- | M] (Kaspersky Lab ZAO) -- C:\Users\Harveydf\Desktop\TDSSKiller.exe
    [2012/03/26 12:31:21 | 000,000,000 | ---- | M] () -- C:\Users\Harveydf\defogger_reenable
    [2012/03/26 12:22:02 | 000,359,574 | ---- | M] () -- C:\Users\Harveydf\AppData\Local\census.cache
    [2012/03/26 12:21:59 | 000,188,735 | ---- | M] () -- C:\Users\Harveydf\AppData\Local\ars.cache
    [2012/03/26 06:53:50 | 000,000,622 | ---- | M] () -- C:\Users\Harveydf\Desktop\TakeOwnership.zip
    [2012/03/26 04:52:12 | 000,000,740 | ---- | M] () -- C:\Users\Harveydf\Desktop\NTREGOPT.lnk
    [2012/03/26 04:52:12 | 000,000,721 | ---- | M] () -- C:\Users\Harveydf\Desktop\ERUNT.lnk
    [2012/03/26 04:16:53 | 002,893,192 | ---- | M] () -- C:\Users\Harveydf\Desktop\Tuluka_v1.0.394.77.zip
    [2012/03/25 11:30:45 | 000,000,082 | ---- | M] () -- C:\Users\Harveydf\Desktop\Mark's Blog Index.URL
    [2012/03/24 08:49:04 | 003,239,696 | ---- | M] () -- C:\Windows\System32\drivers\Cat.DB
    [2012/03/24 06:53:20 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat.bak
    [2012/03/24 00:46:05 | 000,000,689 | ---- | M] () -- C:\Users\Harveydf\Desktop\Temp Internet Files.lnk
    [2012/03/23 09:34:45 | 000,000,609 | ---- | M] () -- C:\Users\Harveydf\Desktop\SysinternalsSuite.lnk
    [2012/03/22 16:16:55 | 002,649,287 | ---- | M] () -- C:\Users\Harveydf\Documents\Windows 7 Tutorial on Drive Backup.pdf
    [2012/03/22 15:19:14 | 000,000,938 | ---- | M] () -- C:\Users\Harveydf\Application Data\Microsoft\Internet Explorer\Quick Launch\Microsoft Office Outlook.lnk
    [2012/03/22 04:26:07 | 002,722,438 | ---- | M] () -- C:\Users\Harveydf\Documents\032112 performance report.html
    [2012/03/21 23:53:00 | 446,722,708 | ---- | M] () -- C:\Users\Harveydf\Documents\Complete_BackUp_032112.reg
    [2012/03/21 23:21:05 | 000,002,042 | ---- | M] () -- C:\Users\Harveydf\Documents\Lnk_Fix_Vist.reg
    [2012/03/19 10:58:06 | 002,382,864 | ---- | M] () -- C:\Windows\System32\FNTCACHE.DAT
    [2012/03/19 10:31:49 | 000,011,886 | ---- | M] () -- C:\Users\Harveydf\Documents\cc_20120319_103122.reg
    [2012/03/18 19:36:12 | 000,388,608 | ---- | M] (Trend Micro Inc.) -- C:\Users\Harveydf\Desktop\HijackThis.exe
    [2012/03/16 17:04:50 | 000,014,664 | ---- | M] (McAfee, Inc.) -- C:\Windows\stinger.sys
    [2012/03/16 16:54:31 | 002,335,270 | ---- | M] () -- C:\Windows\System32\648B200.mht
    [2012/03/16 08:37:53 | 000,024,416 | ---- | M] (Greatis Software) -- C:\Windows\System32\drivers\regguard.sys
    [2012/03/16 08:11:06 | 000,039,184 | ---- | M] (Greatis Software) -- C:\Windows\System32\Partizan.exe
    [2012/03/16 08:11:06 | 000,035,816 | ---- | M] (Greatis Software) -- C:\Windows\System32\drivers\Partizan.sys
    [2012/03/16 08:10:59 | 000,002,577 | ---- | M] () -- C:\Windows\System32\config.nt
    [2012/03/16 08:10:59 | 000,001,688 | ---- | M] () -- C:\Windows\System32\autoexec.nt
    [2012/03/16 08:10:59 | 000,000,002 | RHS- | M] () -- C:\Windows\winstart.bat
    [2012/03/13 17:42:17 | 172,175,881 | ---- | M] () -- C:\Windows\MEMORY.DMP
    [2012/03/11 11:57:55 | 000,000,000 | -H-- | M] () -- C:\Windows\System32\drivers\Msft_Kernel_silabser_01009.Wdf
    [2012/03/11 11:57:54 | 000,000,000 | -H-- | M] () -- C:\Windows\System32\drivers\MsftWdf_Kernel_01009_Coinstaller_Critical.Wdf
    [2012/03/11 08:04:43 | 000,000,000 | -H-- | M] () -- C:\Windows\System32\drivers\Msft_Kernel_silabser_01007.Wdf

    ========== Files Created - No Company Name ==========

    [2012/04/03 14:22:39 | 000,256,000 | ---- | C] () -- C:\Windows\PEV.exe
    [2012/04/01 21:53:23 | 000,000,512 | ---- | C] () -- C:\Users\Harveydf\Desktop\MBR 040112 .dat
    [2012/04/01 21:31:33 | 000,044,607 | ---- | C] () -- C:\Users\Harveydf\Desktop\bootkit_remover.zip
    [2012/04/01 17:21:29 | 000,302,592 | ---- | C] () -- C:\Users\Harveydf\Desktop\nnyfhfzx.exe
    [2012/04/01 17:15:13 | 3488,079,872 | -HS- | C] () -- C:\hiberfil.sys
    [2012/04/01 09:56:27 | 000,000,088 | ---- | C] () -- C:\Users\Harveydf\.directory
    [2012/04/01 09:44:40 | 000,000,088 | ---- | C] () -- C:\.directory
    [2012/04/01 06:11:14 | 000,396,041 | ---- | C] () -- C:\Users\Harveydf\Desktop\MiniToolBox.exe
    [2012/04/01 06:09:24 | 001,008,141 | ---- | C] () -- C:\Users\Harveydf\Desktop\rkill.scr
    [2012/03/26 12:31:21 | 000,000,000 | ---- | C] () -- C:\Users\Harveydf\defogger_reenable
    [2012/03/26 06:53:46 | 000,000,622 | ---- | C] () -- C:\Users\Harveydf\Desktop\TakeOwnership.zip
    [2012/03/26 04:52:12 | 000,000,740 | ---- | C] () -- C:\Users\Harveydf\Desktop\NTREGOPT.lnk
    [2012/03/26 04:52:12 | 000,000,721 | ---- | C] () -- C:\Users\Harveydf\Desktop\ERUNT.lnk
    [2012/03/26 04:32:39 | 002,048,299 | ---- | C] () -- C:\Users\Harveydf\Desktop\tdsskiller.zip
    [2012/03/26 04:14:30 | 002,893,192 | ---- | C] () -- C:\Users\Harveydf\Desktop\Tuluka_v1.0.394.77.zip
    [2012/03/26 02:07:25 | 002,664,072 | ---- | C] () -- C:\Users\Harveydf\Desktop\6NOD32 Online Scanner.exe
    [2012/03/25 11:30:45 | 000,000,082 | ---- | C] () -- C:\Users\Harveydf\Desktop\Mark's Blog Index.URL
    [2012/03/24 02:59:52 | 000,000,025 | ---- | C] () -- C:\Windows\System32\TLB_Disable.ini
    [2012/03/23 09:32:21 | 000,000,609 | ---- | C] () -- C:\Users\Harveydf\Desktop\SysinternalsSuite.lnk
    [2012/03/22 16:16:55 | 002,649,287 | ---- | C] () -- C:\Users\Harveydf\Documents\Windows 7 Tutorial on Drive Backup.pdf
    [2012/03/22 07:01:56 | 002,722,438 | ---- | C] () -- C:\Users\Harveydf\Documents\032112 performance report.html
    [2012/03/21 23:52:24 | 446,722,708 | ---- | C] () -- C:\Users\Harveydf\Documents\Complete_BackUp_032112.reg
    [2012/03/21 23:21:05 | 000,002,042 | ---- | C] () -- C:\Users\Harveydf\Documents\Lnk_Fix_Vist.reg
    [2012/03/19 10:31:28 | 000,011,886 | ---- | C] () -- C:\Users\Harveydf\Documents\cc_20120319_103122.reg
    [2012/03/19 02:17:17 | 000,022,610 | ---- | C] () -- C:\Calculate MD5Sum Hash
    [2012/03/17 10:13:41 | 000,002,198 | ---- | C] () -- C:\Windows\epplauncher.mif
    [2012/03/17 10:13:26 | 000,001,824 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Security Essentials.lnk
    [2012/03/16 16:54:31 | 002,335,270 | ---- | C] () -- C:\Windows\System32\648B200.mht
    [2012/03/16 08:10:59 | 000,000,002 | RHS- | C] () -- C:\Windows\winstart.bat
    [2012/03/16 04:55:43 | 000,000,938 | ---- | C] () -- C:\Users\Harveydf\Application Data\Microsoft\Internet Explorer\Quick Launch\Microsoft Office Outlook.lnk
    [2012/03/15 05:54:22 | 000,037,336 | ---- | C] () -- C:\Windows\System32\CleanMFT32.exe
    [2012/03/15 01:39:49 | 003,239,696 | ---- | C] () -- C:\Windows\System32\drivers\Cat.DB
    [2012/03/14 19:39:30 | 000,000,680 | ---- | C] () -- C:\Users\Harveydf\AppData\Local\d3d9caps.dat
    [2012/03/13 17:42:17 | 172,175,881 | ---- | C] () -- C:\Windows\MEMORY.DMP
    [2012/03/11 11:57:55 | 000,000,000 | -H-- | C] () -- C:\Windows\System32\drivers\Msft_Kernel_silabser_01009.Wdf
    [2012/03/11 11:57:54 | 000,000,000 | -H-- | C] () -- C:\Windows\System32\drivers\MsftWdf_Kernel_01009_Coinstaller_Critical.Wdf
    [2012/03/11 11:57:15 | 000,000,003 | ---- | C] () -- C:\Windows\System32\drivers\MsftWdf_Kernel_01009_Inbox_Critical.Wdf
    [2012/03/11 08:04:43 | 000,000,000 | -H-- | C] () -- C:\Windows\System32\drivers\Msft_Kernel_silabser_01007.Wdf
    [2012/03/02 02:27:31 | 000,000,288 | ---- | C] () -- C:\Users\Harveydf\AppData\Roaming\.backup.dm
    [2012/01/10 14:10:08 | 000,601,728 | ---- | C] () -- C:\Windows\System32\atiicdxx.dat
    [2011/09/13 00:06:18 | 000,003,917 | ---- | C] () -- C:\Windows\System32\atipblag.dat
    [2011/08/15 23:07:05 | 000,000,002 | ---- | C] () -- C:\Windows\msoffice.ini
    [2011/08/11 20:54:20 | 000,000,258 | RHS- | C] () -- C:\ProgramData\ntuser.pol
    [2011/08/11 20:20:53 | 000,208,896 | ---- | C] () -- C:\Windows\MBR.exe
    [2011/08/11 20:20:53 | 000,098,816 | ---- | C] () -- C:\Windows\sed.exe
    [2011/08/11 20:20:53 | 000,080,412 | ---- | C] () -- C:\Windows\grep.exe
    [2011/08/11 20:20:53 | 000,068,096 | ---- | C] () -- C:\Windows\zip.exe
    [2011/08/11 13:03:55 | 000,359,574 | ---- | C] () -- C:\Users\Harveydf\AppData\Local\census.cache
    [2011/08/11 13:03:36 | 000,188,735 | ---- | C] () -- C:\Users\Harveydf\AppData\Local\ars.cache
    [2011/08/11 12:44:13 | 000,000,036 | ---- | C] () -- C:\Users\Harveydf\AppData\Local\housecall.guid.cache
    [2011/08/01 23:43:56 | 000,037,256 | ---- | C] () -- C:\Windows\System32\drivers\EUBKMON.sys
    [2011/06/11 17:55:18 | 000,000,022 | -HS- | C] () -- C:\Users\Harveydf\AppData\Roaming\Sys2662.Config.Repository.bin
    [2011/05/15 19:26:53 | 000,075,776 | ---- | C] () -- C:\Windows\SendToClip.exe
    [2011/04/02 23:25:43 | 000,000,035 | ---- | C] () -- C:\Windows\A5W.INI
    [2011/04/02 23:25:12 | 000,000,191 | ---- | C] () -- C:\Windows\PowerReg.dat
    [2011/03/23 20:50:21 | 000,011,164 | ---- | C] () -- C:\Windows\System32\drivers\nvphy.bin
    [2011/01/26 22:12:00 | 000,037,376 | ---- | C] () -- C:\Windows\System32\atitmpxx.dll
    [2010/08/15 14:20:55 | 001,055,498 | ---- | C] () -- C:\Windows\System32\libodbc++.dll

    ========== LOP Check ==========

    [2012/03/24 00:30:34 | 000,000,000 | ---D | M] -- C:\Users\Harveydf\AppData\Roaming\Audacity
    [2010/05/31 18:20:42 | 000,000,000 | ---D | M] -- C:\Users\Harveydf\AppData\Roaming\Aureas85
    [2009/04/26 21:25:15 | 000,000,000 | ---D | M] -- C:\Users\Harveydf\AppData\Roaming\Avery
    [2011/08/04 02:50:15 | 000,000,000 | ---D | M] -- C:\Users\Harveydf\AppData\Roaming\com.adobe.mauby.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1
    [2012/03/24 00:10:33 | 000,000,000 | ---D | M] -- C:\Users\Harveydf\AppData\Roaming\DAEMON Tools
    [2010/08/15 14:25:54 | 000,000,000 | ---D | M] -- C:\Users\Harveydf\AppData\Roaming\Dev-Cpp
    [2011/05/14 12:18:52 | 000,000,000 | ---D | M] -- C:\Users\Harveydf\AppData\Roaming\DisplayTune
    [2009/08/20 21:02:36 | 000,000,000 | ---D | M] -- C:\Users\Harveydf\AppData\Roaming\Elluminate
    [2012/03/11 05:52:08 | 000,000,000 | ---D | M] -- C:\Users\Harveydf\AppData\Roaming\EurekaLog
    [2012/03/16 17:41:28 | 000,000,000 | ---D | M] -- C:\Users\Harveydf\AppData\Roaming\GetRightToGo
    [2012/03/21 08:32:51 | 000,000,000 | ---D | M] -- C:\Users\Harveydf\AppData\Roaming\GlarySoft
    [2011/05/15 19:31:27 | 000,000,000 | ---D | M] -- C:\Users\Harveydf\AppData\Roaming\GPSMaster
    [2011/09/09 15:01:25 | 000,000,000 | ---D | M] -- C:\Users\Harveydf\AppData\Roaming\GrabPro
    [2008/08/09 19:41:59 | 000,000,000 | ---D | M] -- C:\Users\Harveydf\AppData\Roaming\HotSync
    [2011/08/01 20:53:46 | 000,000,000 | ---D | M] -- C:\Users\Harveydf\AppData\Roaming\Image Zone Express
    [2011/08/04 06:55:19 | 000,000,000 | ---D | M] -- C:\Users\Harveydf\AppData\Roaming\ImgBurn
    [2011/04/10 16:51:04 | 000,000,000 | ---D | M] -- C:\Users\Harveydf\AppData\Roaming\InfraRecorder
    [2008/08/09 20:02:28 | 000,000,000 | ---D | M] -- C:\Users\Harveydf\AppData\Roaming\Leadertech
    [2012/03/11 17:02:13 | 000,000,000 | ---D | M] -- C:\Users\Harveydf\AppData\Roaming\LogView
    [2011/02/07 22:50:00 | 000,000,000 | ---D | M] -- C:\Users\Harveydf\AppData\Roaming\Mobipocket
    [2011/12/21 20:52:45 | 000,000,000 | ---D | M] -- C:\Users\Harveydf\AppData\Roaming\MyPhoneExplorer
    [2012/03/15 04:59:07 | 000,000,000 | ---D | M] -- C:\Users\Harveydf\AppData\Roaming\PCTools
    [2008/03/24 12:27:11 | 000,000,000 | ---D | M] -- C:\Users\Harveydf\AppData\Roaming\Printer Info Cache
    [2012/03/15 05:50:58 | 000,000,000 | ---D | M] -- C:\Users\Harveydf\AppData\Roaming\Product_RM
    [2011/09/09 14:55:14 | 000,000,000 | ---D | M] -- C:\Users\Harveydf\AppData\Roaming\ProgSense
    [2012/03/15 06:35:25 | 000,000,000 | ---D | M] -- C:\Users\Harveydf\AppData\Roaming\Registry Mechanic
    [2008/02/18 21:20:57 | 000,000,000 | ---D | M] -- C:\Users\Harveydf\AppData\Roaming\SampleView
    [2012/03/14 01:24:59 | 000,000,000 | ---D | M] -- C:\Users\Harveydf\AppData\Roaming\SanDisk
    [2008/03/07 22:17:51 | 000,000,000 | ---D | M] -- C:\Users\Harveydf\AppData\Roaming\Spare Backup
    [2008/02/19 23:29:37 | 000,000,000 | ---D | M] -- C:\Users\Harveydf\AppData\Roaming\Template
    [2012/03/14 18:07:19 | 000,000,000 | ---D | M] -- C:\Users\Harveydf\AppData\Roaming\TestApp
    [2011/04/09 00:43:38 | 000,000,000 | ---D | M] -- C:\Users\Harveydf\AppData\Roaming\uTorrent
    [2012/03/16 03:26:59 | 000,000,000 | ---D | M] -- C:\Users\Harveydf\AppData\Roaming\VSRevoGroup
    [2010/11/07 17:08:07 | 000,000,000 | ---D | M] -- C:\Users\Harveydf\AppData\Roaming\XMind
    [2012/04/03 15:56:37 | 000,032,642 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT

    ========== Purity Check ==========
     
  17. harveydf

    harveydf TS Rookie Topic Starter Posts: 69

    duplicate....
     
  18. Broni

    Broni Malware Annihilator Posts: 52,915   +344

    Run OTL
    • Under the Custom Scans/Fixes box at the bottom, paste in the following

      Code:
      :OTL
      SRV - File not found [Disabled | Stopped] -- C:\Users\Harveydf\AppData\Local\Temp\OJ.exe -- (OJ)
      SRV - File not found [Disabled | Stopped] -- C:\Users\Harveydf\AppData\Local\Temp\NBISZU.exe -- (NBISZU)
      SRV - File not found [Disabled | Stopped] -- C:\Users\Harveydf\AppData\Local\Temp\MJLVASR.exe -- (MJLVASR)
      O3 - HKU\S-1-5-21-3010283643-4083402107-944152190-1000\..\Toolbar\WebBrowser: (Google Toolbar) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - Reg Error: Value error. File not found
      O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~3\Office12\EXCEL.EXE/3000 File not found
      O15 - HKU\S-1-5-21-3010283643-4083402107-944152190-1000\..Trusted Domains: aol.com ([objects] * is out of zone range - 5)
      O15 - HKU\S-1-5-21-3010283643-4083402107-944152190-1000\..Trusted Domains: intuit.com ([ttlc] https in Trusted sites)
      O15 - HKU\S-1-5-21-3010283643-4083402107-944152190-1000\..Trusted Domains: turbotax.com ([]https in Trusted sites)
      @Alternate Data Stream - 231 bytes -> C:\ProgramData\TEMP:DFC5A2B2
      @Alternate Data Stream - 156 bytes -> C:\ProgramData\TEMP:D1B5B4F1
      @Alternate Data Stream - 127 bytes -> C:\ProgramData\TEMP:430C6D84
      [2012/03/16 08:10:59 | 000,000,002 | RHS- | C] () -- C:\Windows\winstart.bat
      
      :Commands
      [purity]
      [emptytemp]
      [emptyjava]
      [emptyflash]
      [Reboot]
      
    • Then click the Run Fix button at the top
    • Let the program run unhindered, reboot the PC when it is done
    • You will get a log that shows the results of the fix. Please post it.

    ===============================================================

    Last scans...

    1. Download Security Check from HERE, and save it to your Desktop.
    • Double-click SecurityCheck.exe
    • Follow the onscreen instructions inside of the black box.
    • A Notepad document should open automatically called checkup.txt; please post the contents of that document.

      NOTE SecurityCheck may produce some false warning(s), so leave the results reading to me.

    2. Please download Farbar Service Scanner (FSS) and run it on the computer with the issue.
    • Make sure the following options are checked:
      • Internet Services
      • Windows Firewall
      • System Restore
      • Security Center
      • Windows Update
      • Windows Defender
    • Press "Scan".
    • It will create a log (FSS.txt) in the same directory the tool is run.
    • Please copy and paste the log to your reply.


    3. Download Temp File Cleaner (TFC)
    • Double click on TFC.exe to run the program.
    • Click on Start button to begin cleaning process.
    • TFC will close all running programs, and it may ask you to restart computer.


    4. Please run a free online scan with the ESET Online Scanner

    • Disable your antivirus program
    • Tick the box next to YES, I accept the Terms of Use
    • Click Start
    • Accept any security warnings from your browser.
    • Check Scan archives
    • Click Start
    • ESET will then download updates for itself, install itself, and begin scanning your computer. Please be patient as this can take some time.
    • When the scan completes, click on List of found threats
    • Click on Export to text file , and save the file to your desktop using a unique name, such as ESETScan. Include the contents of this report in your next reply.
    • NOTE. If Eset won't find any threats, it won't produce any log.
     
  19. harveydf

    harveydf TS Rookie Topic Starter Posts: 69

    Broni,
    I was waiting for PC Tools to finish its scan, it was up to 8 HuerEngine.ZeroDay threats. I left the house and came back and on the screen PC Tools said, "Congratulation no threats found," That was confusing. I was not connected to the internet, and I had OLT load with its instructions to run the Fix. So then I clicked RunFix, it locked up after maybe 20 seconds. Then the icons on desktop disappeared and Microsoft came up with the warning that it had stopped working and it was going to close the program. I logged off the computer and booted a cd to get your direction before I continued with Security Check and the other three programs or I can do it again?
     
  20. Broni

    Broni Malware Annihilator Posts: 52,915   +344

    Run OTL fix from safe mode.
     
  21. harveydf

    harveydf TS Rookie Topic Starter Posts: 69

    Broni,

    I replied twice but nothing posted. I booted into safe with networking and copied the code. disconnected from the internet and ran OTL as an administrator. When I copied the code into OTL and hit FixScan all the desktop icons disappeared, I waited but it looked like it was not working. I started Task Manager and said it was still running. So went back and minimized the screen and then maximized it. Then the bar on the bottom started jumping. It ran for quite some time, However, I think they gave us the slip. Here is the log. Do you want me to get you another OTL scan or procede with the plan?

    All processes killed

    ========== OTL ==========

    Error: No service named OJ was found to stop!

    Service\Driver key OJ not found.

    File C:\Users\Harveydf\AppData\Local\Temp\OJ.exe not found.

    Error: No service named NBISZU was found to stop!

    Service\Driver key NBISZU not found.

    File C:\Users\Harveydf\AppData\Local\Temp\NBISZU.exe not found.

    Error: No service named MJLVASR was found to stop!

    Service\Driver key MJLVASR not found.

    File C:\Users\Harveydf\AppData\Local\Temp\MJLVASR.exe not found.

    Registry value HKEY_USERS\S-1-5-21-3010283643-4083402107-944152190-1000\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{2318C2B1-4965-11D4-9B18-009027A5CD4F} not found.

    Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{2318C2B1-4965-11D4-9B18-009027A5CD4F}\ not found.

    Registry key HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\MenuExt\E&xport to Microsoft Excel\ not found.

    Registry key HKEY_USERS\S-1-5-21-3010283643-4083402107-944152190-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\aol.com\objects\ not found.

    Registry key HKEY_USERS\S-1-5-21-3010283643-4083402107-944152190-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\intuit.com\ttlc\ not found.

    Registry key HKEY_USERS\S-1-5-21-3010283643-4083402107-944152190-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\turbotax.com\ not found.

    ADS C:\ProgramData\TEMP:DFC5A2B2 deleted successfully.

    Unable to delete ADS C:\ProgramData\TEMP:D1B5B4F1 .

    Unable to delete ADS C:\ProgramData\TEMP:430C6D84 .

    File C:\Windows\winstart.bat not found.

    ========== COMMANDS ==========



    [EMPTYTEMP]



    User: All Users



    User: AppData

    ->Temp folder emptied: 0 bytes



    User: Default

    ->Temp folder emptied: 0 bytes

    ->Temporary Internet Files folder emptied: 0 bytes

    ->Flash cache emptied: 0 bytes



    User: Default User

    ->Temp folder emptied: 0 bytes

    ->Temporary Internet Files folder emptied: 0 bytes

    ->Flash cache emptied: 0 bytes



    User: Harvey Standard

    ->Temp folder emptied: 0 bytes

    ->Temporary Internet Files folder emptied: 0 bytes

    ->FireFox cache emptied: 420082245 bytes

    ->Flash cache emptied: 61353 bytes



    User: Harveydf

    ->Temp folder emptied: 42036120 bytes

    ->Temporary Internet Files folder emptied: 13602605 bytes

    ->Java cache emptied: 0 bytes

    ->FireFox cache emptied: 92893273 bytes

    ->Flash cache emptied: 57190 bytes



    User: Public

    ->Temp folder emptied: 0 bytes



    %systemdrive% .tmp files removed: 0 bytes

    %systemroot% .tmp files removed: 0 bytes

    %systemroot%\System32 .tmp files removed: 0 bytes

    %systemroot%\System32\drivers .tmp files removed: 0 bytes

    Windows Temp folder emptied: 36456 bytes

    %systemroot%\system32\config\systemprofile\Local Settings\Temporary Internet Files folder emptied: 0 bytes

    RecycleBin emptied: 0 bytes



    Total Files Cleaned = 542.00 mb





    [EMPTYJAVA]



    User: All Users



    User: AppData



    User: Default



    User: Default User



    User: Harvey Standard



    User: Harveydf

    ->Java cache emptied: 0 bytes



    User: Public



    Total Java Files Cleaned = 0.00 mb





    [EMPTYFLASH]



    User: All Users



    User: AppData



    User: Default

    ->Flash cache emptied: 0 bytes



    User: Default User

    ->Flash cache emptied: 0 bytes



    User: Harvey Standard

    ->Flash cache emptied: 0 bytes



    User: Harveydf

    ->Flash cache emptied: 0 bytes



    User: Public



    Total Flash Files Cleaned = 0.00 mb





    OTL by OldTimer - Version 3.2.39.2 log created on 04042012_203927



    Files\Folders moved on Reboot...



    Registry entries deleted on Reboot...
     
  22. Broni

    Broni Malware Annihilator Posts: 52,915   +344

    Go on.......
     
  23. harveydf

    harveydf TS Rookie Topic Starter Posts: 69

    unnecessary log...
     
  24. harveydf

    harveydf TS Rookie Topic Starter Posts: 69

    unnecessary log...
     
  25. Broni

    Broni Malware Annihilator Posts: 52,915   +344

    No. Go on with other steps from my reply #18.
     

Similar Topics

Add New Comment

You need to be a member to leave a comment. Join thousands of tech enthusiasts and participate.
TechSpot Account You may also...